diff --git a/.github/FUNDING.yml b/.github/FUNDING.yml new file mode 100644 index 00000000..3515148e --- /dev/null +++ b/.github/FUNDING.yml @@ -0,0 +1,3 @@ +# These are supported funding model platforms + +github: mas-bandwidth diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index abad3b21..e02c1c82 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -2,16 +2,13 @@ name: CI on: [push, pull_request] -env: - MBEDTLS_VERSION: 3.0.0 - jobs: build_and_test: name: Build & test strategy: matrix: - os: [ubuntu-latest, windows-latest, macos-latest] + os: [macos-latest, windows-latest] # [ubuntu-latest, , macos-latest] configuration: [release, debug] runs-on: ${{ matrix.os }} @@ -23,52 +20,17 @@ jobs: - name: Setup premake uses: abel0b/setup-premake@v1 - ## Linux-specific build setup - # Try to get our previously built mbedtls from the cache - - name: Cache mbedtls (Linux) - if: runner.os == 'Linux' - id: cache-mbedtls - uses: actions/cache@v2 - with: - key: ${{ runner.os }}-mbedtls-${{ env.MBEDTLS_VERSION }} - path: ~/mbedtls_install - - # If we can't get mbedtls from cache, download it and build it from source (and then it'll be cached - # when this build succeeds.) This is needed because Ubuntu 20.04 (latest GH hosted runner) only supports - # mbedtls 2 -- we can replace all this with a `sudo apt-get install libmbedtls-dev` or something similar - # once GH's runners are on a newer Ubuntu with mbedtls support. - - name: Build mbedtls when not cached (Linux) - if: runner.os == 'Linux' && steps.cache-mbedtls.outputs.cache-hit != 'true' - run: | - wget -nv https://github.com/ARMmbed/mbedtls/archive/refs/tags/v${MBEDTLS_VERSION}.tar.gz -O mbedtls.tgz - tar zxf mbedtls.tgz - cd mbedtls-${MBEDTLS_VERSION} - make install DESTDIR=$HOME/mbedtls_install - - # Install libsodium from apt and configure the compiler to look for our local mbedtls - - name: Setup (Linux) - if: runner.os == 'Linux' - run: | - sudo apt-get install libsodium-dev - echo CPATH=$HOME/mbedtls_install/include >> $GITHUB_ENV - echo LIBRARY_PATH=$HOME/mbedtls_install/lib >> $GITHUB_ENV - - ## MacOS-specific build setup - - name: Setup (MacOS) - if: runner.os == 'MacOS' - run: brew install libsodium mbedtls@3 - ## Linux & MacOS-specific build steps # Build with premake + make - - name: Build (gmake2) + - name: Build (gmake) if: runner.os != 'Windows' run: | - premake5 gmake2 + premake5 gmake make clean - make all config=${{ matrix.configuration }}_x64 + make all config=${{ matrix.configuration }} # Run the tests with sh syntax - - name: Test (gmake2) + - name: Test (gmake) if: runner.os != 'Windows' run: ./bin/test @@ -91,4 +53,5 @@ jobs: # Run the tests with Powershell syntax - name: Test (vs2019) if: runner.os == 'Windows' - run: "& ./bin/x64/${{ matrix.configuration }}/test.exe" \ No newline at end of file + run: "& ./bin/${{ matrix.configuration }}/test.exe" + \ No newline at end of file diff --git a/BUILDING.md b/BUILDING.md index 7400c521..7bc5a040 100644 --- a/BUILDING.md +++ b/BUILDING.md @@ -3,15 +3,15 @@ Building yojimbo ## Building on Windows -Download [premake 5](https://premake.github.io/download.html) and copy the **premake5** executable somewhere in your path. Please make sure you have at least premake5 alpha 13. +Download [premake 5](https://premake.github.io/download.html) and copy the **premake5** executable somewhere in your path. You need Visual Studio to build the source code. If you don't have Visual Studio 2019 you can [download the community edition for free](https://visualstudio.microsoft.com/thank-you-downloading-visual-studio/?sku=Community&rel=16). Once you have Visual Studio installed, go to the command line under the yojimbo directory and type: - premake5 solution + premake5 vs2019 -This creates Yojimbo.sln and opens it in Visual Studio for you. +Open the generated yojimbo.sln file. You can now build the library and run individual test programs as you would for any other Visual Studio solution. @@ -19,141 +19,19 @@ You can now build the library and run individual test programs as you would for First, download and install [premake 5](https://premake.github.io/download.html). -Next, install libsodium and mbedtls. - -On MacOS X, this can be done most easily with `brew install libsodium mbedtls`. If you don't have Brew, you can install it from . - -On Linux, depending on your particular distribution there may be prebuilt packages for libsodium and mbedtls, or you may have to build from source from here [libsodium](https://github.com/jedisct1/libsodium/releases) and here [mbedtls](https://github.com/ARMmbed/mbedtls). Make sure you install the 3.x version of mbedtls as the 2.x & 1.x version will not work with yojimbo. - Now go to the command line under the yojimbo directory and enter: - premake5 gmake2 + premake5 gmake This creates makefiles which you can use to build the source via: - make all - -Alternatively, you can use the following shortcuts to build and run test programs directly: - - premake5 test // build and run unit tests - - premake5 server // build run a yojimbo server on localhost on UDP port 40000 - - premake5 client // build and run a yojimbo client that connects to the server running on localhost - -## Run a yojimbo server inside Docker - -**yojimbo** supports Docker on Windows, Mac and Linux. - -First, install the latest version of Docker from - -Now go to the command line at the yojimbo directory and enter: - - premake5 docker - -This builds and runs a Docker container with a yojimbo server inside it (exactly the same as if you ran "premake5 server" on a Linux box). You can now connect to this server by running a client which connects to 127.0.0.0:40000. For example, "premake5 client" on Mac or Linux, or running the "client" project inside the Yojimbo.sln in Visual Studio. - -IMPORTANT: The premake docker action takes a long time initially, because it has a lot of work to do: - -1. Start a new docker image from an [ubuntu derived base image](https://github.com/phusion/baseimage-docker) - -2. `apt-get update, apt-get install wget, g++` - -3. Download, build and install premake5 - -4. Download, build and install libsodium - -5. Download, build and install mbedtls - -6. Build release version of yojimbo, run tests - -7. If all tests pass, clean everything and copy the yojimbo server to the /home dir - -8. When the Docker container is run, start the yojimbo server /home/server on UDP port 40000. - -For details see docker/Dockerfile and the premake5.lua file with commands that build and run the container instance. - -What's most impressive is that if no dependencies have changed, the numbered steps above are precached as intermediate Docker instances are not rebuilt unless necessary. For example, if you have already downloaded and installed wget, g++, libsodium, premake5, mbedtls and you run "premake5 docker" again, these steps are skipped. - -Try it yourself by running "premake5 docker" once (it should build everything), then run it again. It will go straight to the server running on port 40000. Similarly, if you change some yojimbo source it automatically rebuilds yojimbo server and runs tests before starting the server. Impressive! - -## Run a yojimbo matcher inside Docker - -In order to demonstrate authentication and a secure connection between client and server, yojimbo provides an example backend written in golang. - -You can run this backend in Docker via this command: - - premake5 matcher - -This builds and runs a linux docker instance with matcher.go running on port 8080. - -You can verify the matcher instance is working correctly as follows: - - curl https://localhost:8080/match/12345/1 --insecure - -Which should return a base64 encoded text response that represents a **connect token**. This is what a client passes to the server in order to establish a secure connection. - -## Running a secure server - -Up to this point we have been running insecure servers with "premake5 server". - -This mode is useful during development, but once you ship your game, but it gives clients access to the private key. - -This makes it possible for clients to connect to servers without authentication, which makes it possible to DDoS your servers. - -To fix this, yojimbo provides support for secure authenticated servers. These servers only allow clients to connect who have authenticated through the matcher service, which is a stand-in for your own web backend that matches clients to dedicated server instances when they want to play a game. - -You can run a secure server like this on MacOS and Linux: - - premake5 secure_server - -Or, if you are building under Visual Studio, run the "secure_server" project from the IDE. - -## Connect a secure client - -First run the matcher service via: - - premake5 matcher - -Next run the secure client: - - premake5 secure_client - -If everything is working correctly you should see something like: - - connecting client (secure) - client id is 12a485afe59b1c71 - requesting match from https://localhost:8080 - received connect token from matcher - client started on port 65067 - client connecting to server 127.0.0.1:40000 [1/1] - client connected to server - -What just happened? - -1. The secure client requested a **connect token** from the matcher over HTTPS. The connect token is a cryptographic token that grants the client a right to connect to a dedicated server for a short period of time (eg. 45 seconds). - -2. The secure client passed the connect token to the dedicated server as part of its connection handshake over UDP. - -3. The secure server validated the connect token, making sure it grants connection to that particular server, and has not expired, then accepted the client connection. - -4. The server and client exchange signed and encrypted packets over UDP. - -These steps ensure that clients can only connect to secure tokens if they go through the matcher first. This means that only clients authenticated with your web backend can connect to your dedicated servers, which is typically what you want! - -## Documentation and Support - -**yojimbo** now has reference documentation built from code comments with [doxygen](http://www.stack.nl/~dimitri/doxygen/). - -To build the documentation first install doxygen on your platform. - -Once you have doxygen installed and in your path, you can build and view the documentation with this command: + make -j - premake5 docs - -More documentation including getting started guide and usage documentation is coming shortly. +Then run the built executables: -Until then, if you have questions and you don't find the answer you need in the documentation, please create an issue at http://www.libyojimbo.com and I'll do my best to help you out. + ./bin/test // run unit tests + ./bin/server // run a server on localhost on UDP port 40000 + ./bin/client // run a client that connects to the local server cheers diff --git a/README.md b/README.md index 52cde138..52f3ee01 100644 --- a/README.md +++ b/README.md @@ -35,8 +35,6 @@ The author of this library is [Glenn Fiedler](https://www.linkedin.com/in/glennf Other open source libraries by the same author include: [netcode](http://netcode.io) and [reliable](https://github.com/networkprotocol/reliable) -Glenn is now the founder and CEO of Network Next. Network Next is a radically new way to link networks together, it's a new internet for games, one where networks compete on performance and price to carry your game's traffic. Check it out at https://networknext.com - ## Sponsors **yojimbo** was generously sponsored by: @@ -47,10 +45,10 @@ Glenn is now the founder and CEO of Network Next. Network Next is a radically ne * **Silver Sponsors** * [Moon Studios](http://www.oriblindforest.com/#!moon-3/) - * [The Network Protocol Company](http://www.thenetworkprotocolcompany.com) + * The Network Protocol Company * **Bronze Sponsors** - * [Kite & Lightning](http://kiteandlightning.la/) + * Kite & Lightning * [Data Realms](http://datarealms.com) And by individual supporters on Patreon. Thank you. You made this possible! diff --git a/android/ifaddrs/ifaddrs.c b/android/ifaddrs/ifaddrs.c deleted file mode 100755 index 338fff88..00000000 --- a/android/ifaddrs/ifaddrs.c +++ /dev/null @@ -1,600 +0,0 @@ -/* -Copyright (c) 2013, Kenneth MacKay -All rights reserved. - -Redistribution and use in source and binary forms, with or without modification, -are permitted provided that the following conditions are met: - * Redistributions of source code must retain the above copyright notice, this - list of conditions and the following disclaimer. - * Redistributions in binary form must reproduce the above copyright notice, - this list of conditions and the following disclaimer in the documentation - and/or other materials provided with the distribution. - -THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND -ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED -WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE -DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR -ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES -(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON -ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT -(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS -SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. -*/ - -#include "ifaddrs.h" - -#include -#include -#include -#include -#include -#include -#include -#include -#include - -typedef struct NetlinkList -{ - struct NetlinkList *m_next; - struct nlmsghdr *m_data; - unsigned int m_size; -} NetlinkList; - -static int netlink_socket(void) -{ - int l_socket = socket(PF_NETLINK, SOCK_RAW, NETLINK_ROUTE); - if(l_socket < 0) - { - return -1; - } - - struct sockaddr_nl l_addr; - memset(&l_addr, 0, sizeof(l_addr)); - l_addr.nl_family = AF_NETLINK; - if(bind(l_socket, (struct sockaddr *)&l_addr, sizeof(l_addr)) < 0) - { - close(l_socket); - return -1; - } - - return l_socket; -} - -static int netlink_send(int p_socket, int p_request) -{ - char l_buffer[NLMSG_ALIGN(sizeof(struct nlmsghdr)) + NLMSG_ALIGN(sizeof(struct rtgenmsg))]; - memset(l_buffer, 0, sizeof(l_buffer)); - struct nlmsghdr *l_hdr = (struct nlmsghdr *)l_buffer; - struct rtgenmsg *l_msg = (struct rtgenmsg *)NLMSG_DATA(l_hdr); - - l_hdr->nlmsg_len = NLMSG_LENGTH(sizeof(*l_msg)); - l_hdr->nlmsg_type = p_request; - l_hdr->nlmsg_flags = NLM_F_ROOT | NLM_F_MATCH | NLM_F_REQUEST; - l_hdr->nlmsg_pid = 0; - l_hdr->nlmsg_seq = p_socket; - l_msg->rtgen_family = AF_UNSPEC; - - struct sockaddr_nl l_addr; - memset(&l_addr, 0, sizeof(l_addr)); - l_addr.nl_family = AF_NETLINK; - return (sendto(p_socket, l_hdr, l_hdr->nlmsg_len, 0, (struct sockaddr *)&l_addr, sizeof(l_addr))); -} - -static int netlink_recv(int p_socket, void *p_buffer, size_t p_len) -{ - struct msghdr l_msg; - struct iovec l_iov = { p_buffer, p_len }; - struct sockaddr_nl l_addr; - int l_result; - - for(;;) - { - l_msg.msg_name = (void *)&l_addr; - l_msg.msg_namelen = sizeof(l_addr); - l_msg.msg_iov = &l_iov; - l_msg.msg_iovlen = 1; - l_msg.msg_control = NULL; - l_msg.msg_controllen = 0; - l_msg.msg_flags = 0; - int l_result = recvmsg(p_socket, &l_msg, 0); - - if(l_result < 0) - { - if(errno == EINTR) - { - continue; - } - return -2; - } - - if(l_msg.msg_flags & MSG_TRUNC) - { // buffer was too small - return -1; - } - return l_result; - } -} - -static struct nlmsghdr *getNetlinkResponse(int p_socket, int *p_size, int *p_done) -{ - size_t l_size = 4096; - void *l_buffer = NULL; - - for(;;) - { - free(l_buffer); - l_buffer = malloc(l_size); - - int l_read = netlink_recv(p_socket, l_buffer, l_size); - *p_size = l_read; - if(l_read == -2) - { - free(l_buffer); - return NULL; - } - if(l_read >= 0) - { - pid_t l_pid = getpid(); - struct nlmsghdr *l_hdr; - for(l_hdr = (struct nlmsghdr *)l_buffer; NLMSG_OK(l_hdr, (unsigned int)l_read); l_hdr = (struct nlmsghdr *)NLMSG_NEXT(l_hdr, l_read)) - { - if((pid_t)l_hdr->nlmsg_pid != l_pid || (int)l_hdr->nlmsg_seq != p_socket) - { - continue; - } - - if(l_hdr->nlmsg_type == NLMSG_DONE) - { - *p_done = 1; - break; - } - - if(l_hdr->nlmsg_type == NLMSG_ERROR) - { - free(l_buffer); - return NULL; - } - } - return l_buffer; - } - - l_size *= 2; - } -} - -static NetlinkList *newListItem(struct nlmsghdr *p_data, unsigned int p_size) -{ - NetlinkList *l_item = malloc(sizeof(NetlinkList)); - l_item->m_next = NULL; - l_item->m_data = p_data; - l_item->m_size = p_size; - return l_item; -} - -static void freeResultList(NetlinkList *p_list) -{ - NetlinkList *l_cur; - while(p_list) - { - l_cur = p_list; - p_list = p_list->m_next; - free(l_cur->m_data); - free(l_cur); - } -} - -static NetlinkList *getResultList(int p_socket, int p_request) -{ - if(netlink_send(p_socket, p_request) < 0) - { - return NULL; - } - - NetlinkList *l_list = NULL; - NetlinkList *l_end = NULL; - int l_size; - int l_done = 0; - while(!l_done) - { - struct nlmsghdr *l_hdr = getNetlinkResponse(p_socket, &l_size, &l_done); - if(!l_hdr) - { // error - freeResultList(l_list); - return NULL; - } - - NetlinkList *l_item = newListItem(l_hdr, l_size); - if(!l_list) - { - l_list = l_item; - } - else - { - l_end->m_next = l_item; - } - l_end = l_item; - } - return l_list; -} - -static size_t maxSize(size_t a, size_t b) -{ - return (a > b ? a : b); -} - -static size_t calcAddrLen(sa_family_t p_family, int p_dataSize) -{ - switch(p_family) - { - case AF_INET: - return sizeof(struct sockaddr_in); - case AF_INET6: - return sizeof(struct sockaddr_in6); - case AF_PACKET: - return maxSize(sizeof(struct sockaddr_ll), offsetof(struct sockaddr_ll, sll_addr) + p_dataSize); - default: - return maxSize(sizeof(struct sockaddr), offsetof(struct sockaddr, sa_data) + p_dataSize); - } -} - -static void makeSockaddr(sa_family_t p_family, struct sockaddr *p_dest, void *p_data, size_t p_size) -{ - switch(p_family) - { - case AF_INET: - memcpy(&((struct sockaddr_in*)p_dest)->sin_addr, p_data, p_size); - break; - case AF_INET6: - memcpy(&((struct sockaddr_in6*)p_dest)->sin6_addr, p_data, p_size); - break; - case AF_PACKET: - memcpy(((struct sockaddr_ll*)p_dest)->sll_addr, p_data, p_size); - ((struct sockaddr_ll*)p_dest)->sll_halen = p_size; - break; - default: - memcpy(p_dest->sa_data, p_data, p_size); - break; - } - p_dest->sa_family = p_family; -} - -static void addToEnd(struct ifaddrs **p_resultList, struct ifaddrs *p_entry) -{ - if(!*p_resultList) - { - *p_resultList = p_entry; - } - else - { - struct ifaddrs *l_cur = *p_resultList; - while(l_cur->ifa_next) - { - l_cur = l_cur->ifa_next; - } - l_cur->ifa_next = p_entry; - } -} - -static void interpretLink(struct nlmsghdr *p_hdr, struct ifaddrs **p_links, struct ifaddrs **p_resultList) -{ - struct ifinfomsg *l_info = (struct ifinfomsg *)NLMSG_DATA(p_hdr); - - size_t l_nameSize = 0; - size_t l_addrSize = 0; - size_t l_dataSize = 0; - - size_t l_rtaSize = NLMSG_PAYLOAD(p_hdr, sizeof(struct ifinfomsg)); - struct rtattr *l_rta; - for(l_rta = (struct rtattr *)(((char *)l_info) + NLMSG_ALIGN(sizeof(struct ifinfomsg))); RTA_OK(l_rta, l_rtaSize); l_rta = RTA_NEXT(l_rta, l_rtaSize)) - { - void *l_rtaData = RTA_DATA(l_rta); - size_t l_rtaDataSize = RTA_PAYLOAD(l_rta); - switch(l_rta->rta_type) - { - case IFLA_ADDRESS: - case IFLA_BROADCAST: - l_addrSize += NLMSG_ALIGN(calcAddrLen(AF_PACKET, l_rtaDataSize)); - break; - case IFLA_IFNAME: - l_nameSize += NLMSG_ALIGN(l_rtaSize + 1); - break; - case IFLA_STATS: - l_dataSize += NLMSG_ALIGN(l_rtaSize); - break; - default: - break; - } - } - - struct ifaddrs *l_entry = malloc(sizeof(struct ifaddrs) + l_nameSize + l_addrSize + l_dataSize); - memset(l_entry, 0, sizeof(struct ifaddrs)); - l_entry->ifa_name = ""; - - char *l_name = ((char *)l_entry) + sizeof(struct ifaddrs); - char *l_addr = l_name + l_nameSize; - char *l_data = l_addr + l_addrSize; - - l_entry->ifa_flags = l_info->ifi_flags; - - l_rtaSize = NLMSG_PAYLOAD(p_hdr, sizeof(struct ifinfomsg)); - for(l_rta = (struct rtattr *)(((char *)l_info) + NLMSG_ALIGN(sizeof(struct ifinfomsg))); RTA_OK(l_rta, l_rtaSize); l_rta = RTA_NEXT(l_rta, l_rtaSize)) - { - void *l_rtaData = RTA_DATA(l_rta); - size_t l_rtaDataSize = RTA_PAYLOAD(l_rta); - switch(l_rta->rta_type) - { - case IFLA_ADDRESS: - case IFLA_BROADCAST: - { - size_t l_addrLen = calcAddrLen(AF_PACKET, l_rtaDataSize); - makeSockaddr(AF_PACKET, (struct sockaddr *)l_addr, l_rtaData, l_rtaDataSize); - ((struct sockaddr_ll *)l_addr)->sll_ifindex = l_info->ifi_index; - ((struct sockaddr_ll *)l_addr)->sll_hatype = l_info->ifi_type; - if(l_rta->rta_type == IFLA_ADDRESS) - { - l_entry->ifa_addr = (struct sockaddr *)l_addr; - } - else - { - l_entry->ifa_broadaddr = (struct sockaddr *)l_addr; - } - l_addr += NLMSG_ALIGN(l_addrLen); - break; - } - case IFLA_IFNAME: - strncpy(l_name, l_rtaData, l_rtaDataSize); - l_name[l_rtaDataSize] = '\0'; - l_entry->ifa_name = l_name; - break; - case IFLA_STATS: - memcpy(l_data, l_rtaData, l_rtaDataSize); - l_entry->ifa_data = l_data; - break; - default: - break; - } - } - - addToEnd(p_resultList, l_entry); - p_links[l_info->ifi_index - 1] = l_entry; -} - -static void interpretAddr(struct nlmsghdr *p_hdr, struct ifaddrs **p_links, struct ifaddrs **p_resultList) -{ - struct ifaddrmsg *l_info = (struct ifaddrmsg *)NLMSG_DATA(p_hdr); - - size_t l_nameSize = 0; - size_t l_addrSize = 0; - - int l_addedNetmask = 0; - - size_t l_rtaSize = NLMSG_PAYLOAD(p_hdr, sizeof(struct ifaddrmsg)); - struct rtattr *l_rta; - for(l_rta = (struct rtattr *)(((char *)l_info) + NLMSG_ALIGN(sizeof(struct ifaddrmsg))); RTA_OK(l_rta, l_rtaSize); l_rta = RTA_NEXT(l_rta, l_rtaSize)) - { - void *l_rtaData = RTA_DATA(l_rta); - size_t l_rtaDataSize = RTA_PAYLOAD(l_rta); - if(l_info->ifa_family == AF_PACKET) - { - continue; - } - - switch(l_rta->rta_type) - { - case IFA_ADDRESS: - case IFA_LOCAL: - if((l_info->ifa_family == AF_INET || l_info->ifa_family == AF_INET6) && !l_addedNetmask) - { // make room for netmask - l_addrSize += NLMSG_ALIGN(calcAddrLen(l_info->ifa_family, l_rtaDataSize)); - l_addedNetmask = 1; - } - case IFA_BROADCAST: - l_addrSize += NLMSG_ALIGN(calcAddrLen(l_info->ifa_family, l_rtaDataSize)); - break; - case IFA_LABEL: - l_nameSize += NLMSG_ALIGN(l_rtaSize + 1); - break; - default: - break; - } - } - - struct ifaddrs *l_entry = malloc(sizeof(struct ifaddrs) + l_nameSize + l_addrSize); - memset(l_entry, 0, sizeof(struct ifaddrs)); - l_entry->ifa_name = p_links[l_info->ifa_index - 1]->ifa_name; - - char *l_name = ((char *)l_entry) + sizeof(struct ifaddrs); - char *l_addr = l_name + l_nameSize; - - l_entry->ifa_flags = l_info->ifa_flags | p_links[l_info->ifa_index - 1]->ifa_flags; - - l_rtaSize = NLMSG_PAYLOAD(p_hdr, sizeof(struct ifaddrmsg)); - for(l_rta = (struct rtattr *)(((char *)l_info) + NLMSG_ALIGN(sizeof(struct ifaddrmsg))); RTA_OK(l_rta, l_rtaSize); l_rta = RTA_NEXT(l_rta, l_rtaSize)) - { - void *l_rtaData = RTA_DATA(l_rta); - size_t l_rtaDataSize = RTA_PAYLOAD(l_rta); - switch(l_rta->rta_type) - { - case IFA_ADDRESS: - case IFA_BROADCAST: - case IFA_LOCAL: - { - size_t l_addrLen = calcAddrLen(l_info->ifa_family, l_rtaDataSize); - makeSockaddr(l_info->ifa_family, (struct sockaddr *)l_addr, l_rtaData, l_rtaDataSize); - if(l_info->ifa_family == AF_INET6) - { - if(IN6_IS_ADDR_LINKLOCAL((struct in6_addr *)l_rtaData) || IN6_IS_ADDR_MC_LINKLOCAL((struct in6_addr *)l_rtaData)) - { - ((struct sockaddr_in6 *)l_addr)->sin6_scope_id = l_info->ifa_index; - } - } - - if(l_rta->rta_type == IFA_ADDRESS) - { // apparently in a point-to-point network IFA_ADDRESS contains the dest address and IFA_LOCAL contains the local address - if(l_entry->ifa_addr) - { - l_entry->ifa_dstaddr = (struct sockaddr *)l_addr; - } - else - { - l_entry->ifa_addr = (struct sockaddr *)l_addr; - } - } - else if(l_rta->rta_type == IFA_LOCAL) - { - if(l_entry->ifa_addr) - { - l_entry->ifa_dstaddr = l_entry->ifa_addr; - } - l_entry->ifa_addr = (struct sockaddr *)l_addr; - } - else - { - l_entry->ifa_broadaddr = (struct sockaddr *)l_addr; - } - l_addr += NLMSG_ALIGN(l_addrLen); - break; - } - case IFA_LABEL: - strncpy(l_name, l_rtaData, l_rtaDataSize); - l_name[l_rtaDataSize] = '\0'; - l_entry->ifa_name = l_name; - break; - default: - break; - } - } - - if(l_entry->ifa_addr && (l_entry->ifa_addr->sa_family == AF_INET || l_entry->ifa_addr->sa_family == AF_INET6)) - { - unsigned l_maxPrefix = (l_entry->ifa_addr->sa_family == AF_INET ? 32 : 128); - unsigned l_prefix = (l_info->ifa_prefixlen > l_maxPrefix ? l_maxPrefix : l_info->ifa_prefixlen); - char l_mask[16] = {0}; - unsigned i; - for(i=0; i<(l_prefix/8); ++i) - { - l_mask[i] = 0xff; - } - l_mask[i] = 0xff << (8 - (l_prefix % 8)); - - makeSockaddr(l_entry->ifa_addr->sa_family, (struct sockaddr *)l_addr, l_mask, l_maxPrefix / 8); - l_entry->ifa_netmask = (struct sockaddr *)l_addr; - } - - addToEnd(p_resultList, l_entry); -} - -static void interpret(int p_socket, NetlinkList *p_netlinkList, struct ifaddrs **p_links, struct ifaddrs **p_resultList) -{ - pid_t l_pid = getpid(); - for(; p_netlinkList; p_netlinkList = p_netlinkList->m_next) - { - unsigned int l_nlsize = p_netlinkList->m_size; - struct nlmsghdr *l_hdr; - for(l_hdr = p_netlinkList->m_data; NLMSG_OK(l_hdr, l_nlsize); l_hdr = NLMSG_NEXT(l_hdr, l_nlsize)) - { - if((pid_t)l_hdr->nlmsg_pid != l_pid || (int)l_hdr->nlmsg_seq != p_socket) - { - continue; - } - - if(l_hdr->nlmsg_type == NLMSG_DONE) - { - break; - } - - if(l_hdr->nlmsg_type == RTM_NEWLINK) - { - interpretLink(l_hdr, p_links, p_resultList); - } - else if(l_hdr->nlmsg_type == RTM_NEWADDR) - { - interpretAddr(l_hdr, p_links, p_resultList); - } - } - } -} - -static unsigned countLinks(int p_socket, NetlinkList *p_netlinkList) -{ - unsigned l_links = 0; - pid_t l_pid = getpid(); - for(; p_netlinkList; p_netlinkList = p_netlinkList->m_next) - { - unsigned int l_nlsize = p_netlinkList->m_size; - struct nlmsghdr *l_hdr; - for(l_hdr = p_netlinkList->m_data; NLMSG_OK(l_hdr, l_nlsize); l_hdr = NLMSG_NEXT(l_hdr, l_nlsize)) - { - if((pid_t)l_hdr->nlmsg_pid != l_pid || (int)l_hdr->nlmsg_seq != p_socket) - { - continue; - } - - if(l_hdr->nlmsg_type == NLMSG_DONE) - { - break; - } - - if(l_hdr->nlmsg_type == RTM_NEWLINK) - { - ++l_links; - } - } - } - - return l_links; -} - -int getifaddrs(struct ifaddrs **ifap) -{ - if(!ifap) - { - return -1; - } - *ifap = NULL; - - int l_socket = netlink_socket(); - if(l_socket < 0) - { - return -1; - } - - NetlinkList *l_linkResults = getResultList(l_socket, RTM_GETLINK); - if(!l_linkResults) - { - close(l_socket); - return -1; - } - - NetlinkList *l_addrResults = getResultList(l_socket, RTM_GETADDR); - if(!l_addrResults) - { - close(l_socket); - freeResultList(l_linkResults); - return -1; - } - - unsigned l_numLinks = countLinks(l_socket, l_linkResults) + countLinks(l_socket, l_addrResults); - struct ifaddrs *l_links[l_numLinks]; - memset(l_links, 0, l_numLinks * sizeof(struct ifaddrs *)); - - interpret(l_socket, l_linkResults, l_links, ifap); - interpret(l_socket, l_addrResults, l_links, ifap); - - freeResultList(l_linkResults); - freeResultList(l_addrResults); - close(l_socket); - return 0; -} - -void freeifaddrs(struct ifaddrs *ifa) -{ - struct ifaddrs *l_cur; - while(ifa) - { - l_cur = ifa; - ifa = ifa->ifa_next; - free(l_cur); - } -} diff --git a/android/ifaddrs/ifaddrs.h b/android/ifaddrs/ifaddrs.h deleted file mode 100755 index 9cd19fec..00000000 --- a/android/ifaddrs/ifaddrs.h +++ /dev/null @@ -1,54 +0,0 @@ -/* - * Copyright (c) 1995, 1999 - * Berkeley Software Design, Inc. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * THIS SOFTWARE IS PROVIDED BY Berkeley Software Design, Inc. ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL Berkeley Software Design, Inc. BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * BSDI ifaddrs.h,v 2.5 2000/02/23 14:51:59 dab Exp - */ - -#ifndef _IFADDRS_H_ -#define _IFADDRS_H_ - -struct ifaddrs { - struct ifaddrs *ifa_next; - char *ifa_name; - unsigned int ifa_flags; - struct sockaddr *ifa_addr; - struct sockaddr *ifa_netmask; - struct sockaddr *ifa_dstaddr; - void *ifa_data; -}; - -/* - * This may have been defined in . Note that if is - * to be included it must be included before this header file. - */ -#ifndef ifa_broadaddr -#define ifa_broadaddr ifa_dstaddr /* broadcast address interface */ -#endif - -#include - -__BEGIN_DECLS -extern int getifaddrs(struct ifaddrs **ifap); -extern void freeifaddrs(struct ifaddrs *ifa); -__END_DECLS - -#endif diff --git a/certs.c b/certs.c deleted file mode 100644 index 87de0221..00000000 --- a/certs.c +++ /dev/null @@ -1,1742 +0,0 @@ -/* - * X.509 test certificates - * - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -#include - -#include "certs.h" - -/* - * Test CA Certificates - * - * We define test CA certificates for each choice of the following parameters: - * - PEM or DER encoding - * - SHA-1 or SHA-256 hash - * - RSA or EC key - * - * Things to add: - * - multiple EC curve types - * - */ - -/* This is taken from tests/data_files/test-ca2.crt */ -/* BEGIN FILE string macro TEST_CA_CRT_EC_PEM tests/data_files/test-ca2.crt */ -#define TEST_CA_CRT_EC_PEM \ - "-----BEGIN CERTIFICATE-----\r\n" \ - "MIICBDCCAYigAwIBAgIJAMFD4n5iQ8zoMAwGCCqGSM49BAMCBQAwPjELMAkGA1UE\r\n" \ - "BhMCTkwxETAPBgNVBAoMCFBvbGFyU1NMMRwwGgYDVQQDDBNQb2xhcnNzbCBUZXN0\r\n" \ - "IEVDIENBMB4XDTE5MDIxMDE0NDQwMFoXDTI5MDIxMDE0NDQwMFowPjELMAkGA1UE\r\n" \ - "BhMCTkwxETAPBgNVBAoMCFBvbGFyU1NMMRwwGgYDVQQDDBNQb2xhcnNzbCBUZXN0\r\n" \ - "IEVDIENBMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEw9orNEE3WC+HVv78ibopQ0tO\r\n" \ - "4G7DDldTMzlY1FK0kZU5CyPfXxckYkj8GpUpziwth8KIUoCv1mqrId240xxuWLjK\r\n" \ - "6LJpjvNBrSnDtF91p0dv1RkpVWmaUzsgtGYWYDMeo1AwTjAMBgNVHRMEBTADAQH/\r\n" \ - "MB0GA1UdDgQWBBSdbSAkSQE/K8t4tRm8fiTJ2/s2fDAfBgNVHSMEGDAWgBSdbSAk\r\n" \ - "SQE/K8t4tRm8fiTJ2/s2fDAMBggqhkjOPQQDAgUAA2gAMGUCMFHKrjAPpHB0BN1a\r\n" \ - "LH8TwcJ3vh0AxeKZj30mRdOKBmg/jLS3rU3g8VQBHpn8sOTTBwIxANxPO5AerimZ\r\n" \ - "hCjMe0d4CTHf1gFZMF70+IqEP+o5VHsIp2Cqvflb0VGWFC5l9a4cQg==\r\n" \ - "-----END CERTIFICATE-----\r\n" -/* END FILE */ - -/* This is generated from tests/data_files/test-ca2.crt.der using `xxd -i`. */ -/* BEGIN FILE binary macro TEST_CA_CRT_EC_DER tests/data_files/test-ca2.crt.der */ -#define TEST_CA_CRT_EC_DER { \ - 0x30, 0x82, 0x02, 0x04, 0x30, 0x82, 0x01, 0x88, 0xa0, 0x03, 0x02, 0x01, \ - 0x02, 0x02, 0x09, 0x00, 0xc1, 0x43, 0xe2, 0x7e, 0x62, 0x43, 0xcc, 0xe8, \ - 0x30, 0x0c, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x04, 0x03, 0x02, \ - 0x05, 0x00, 0x30, 0x3e, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, \ - 0x06, 0x13, 0x02, 0x4e, 0x4c, 0x31, 0x11, 0x30, 0x0f, 0x06, 0x03, 0x55, \ - 0x04, 0x0a, 0x0c, 0x08, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, 0x53, 0x4c, \ - 0x31, 0x1c, 0x30, 0x1a, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x13, 0x50, \ - 0x6f, 0x6c, 0x61, 0x72, 0x73, 0x73, 0x6c, 0x20, 0x54, 0x65, 0x73, 0x74, \ - 0x20, 0x45, 0x43, 0x20, 0x43, 0x41, 0x30, 0x1e, 0x17, 0x0d, 0x31, 0x39, \ - 0x30, 0x32, 0x31, 0x30, 0x31, 0x34, 0x34, 0x34, 0x30, 0x30, 0x5a, 0x17, \ - 0x0d, 0x32, 0x39, 0x30, 0x32, 0x31, 0x30, 0x31, 0x34, 0x34, 0x34, 0x30, \ - 0x30, 0x5a, 0x30, 0x3e, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, \ - 0x06, 0x13, 0x02, 0x4e, 0x4c, 0x31, 0x11, 0x30, 0x0f, 0x06, 0x03, 0x55, \ - 0x04, 0x0a, 0x0c, 0x08, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, 0x53, 0x4c, \ - 0x31, 0x1c, 0x30, 0x1a, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x13, 0x50, \ - 0x6f, 0x6c, 0x61, 0x72, 0x73, 0x73, 0x6c, 0x20, 0x54, 0x65, 0x73, 0x74, \ - 0x20, 0x45, 0x43, 0x20, 0x43, 0x41, 0x30, 0x76, 0x30, 0x10, 0x06, 0x07, \ - 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, \ - 0x00, 0x22, 0x03, 0x62, 0x00, 0x04, 0xc3, 0xda, 0x2b, 0x34, 0x41, 0x37, \ - 0x58, 0x2f, 0x87, 0x56, 0xfe, 0xfc, 0x89, 0xba, 0x29, 0x43, 0x4b, 0x4e, \ - 0xe0, 0x6e, 0xc3, 0x0e, 0x57, 0x53, 0x33, 0x39, 0x58, 0xd4, 0x52, 0xb4, \ - 0x91, 0x95, 0x39, 0x0b, 0x23, 0xdf, 0x5f, 0x17, 0x24, 0x62, 0x48, 0xfc, \ - 0x1a, 0x95, 0x29, 0xce, 0x2c, 0x2d, 0x87, 0xc2, 0x88, 0x52, 0x80, 0xaf, \ - 0xd6, 0x6a, 0xab, 0x21, 0xdd, 0xb8, 0xd3, 0x1c, 0x6e, 0x58, 0xb8, 0xca, \ - 0xe8, 0xb2, 0x69, 0x8e, 0xf3, 0x41, 0xad, 0x29, 0xc3, 0xb4, 0x5f, 0x75, \ - 0xa7, 0x47, 0x6f, 0xd5, 0x19, 0x29, 0x55, 0x69, 0x9a, 0x53, 0x3b, 0x20, \ - 0xb4, 0x66, 0x16, 0x60, 0x33, 0x1e, 0xa3, 0x50, 0x30, 0x4e, 0x30, 0x0c, \ - 0x06, 0x03, 0x55, 0x1d, 0x13, 0x04, 0x05, 0x30, 0x03, 0x01, 0x01, 0xff, \ - 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0x9d, \ - 0x6d, 0x20, 0x24, 0x49, 0x01, 0x3f, 0x2b, 0xcb, 0x78, 0xb5, 0x19, 0xbc, \ - 0x7e, 0x24, 0xc9, 0xdb, 0xfb, 0x36, 0x7c, 0x30, 0x1f, 0x06, 0x03, 0x55, \ - 0x1d, 0x23, 0x04, 0x18, 0x30, 0x16, 0x80, 0x14, 0x9d, 0x6d, 0x20, 0x24, \ - 0x49, 0x01, 0x3f, 0x2b, 0xcb, 0x78, 0xb5, 0x19, 0xbc, 0x7e, 0x24, 0xc9, \ - 0xdb, 0xfb, 0x36, 0x7c, 0x30, 0x0c, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, \ - 0x3d, 0x04, 0x03, 0x02, 0x05, 0x00, 0x03, 0x68, 0x00, 0x30, 0x65, 0x02, \ - 0x30, 0x51, 0xca, 0xae, 0x30, 0x0f, 0xa4, 0x70, 0x74, 0x04, 0xdd, 0x5a, \ - 0x2c, 0x7f, 0x13, 0xc1, 0xc2, 0x77, 0xbe, 0x1d, 0x00, 0xc5, 0xe2, 0x99, \ - 0x8f, 0x7d, 0x26, 0x45, 0xd3, 0x8a, 0x06, 0x68, 0x3f, 0x8c, 0xb4, 0xb7, \ - 0xad, 0x4d, 0xe0, 0xf1, 0x54, 0x01, 0x1e, 0x99, 0xfc, 0xb0, 0xe4, 0xd3, \ - 0x07, 0x02, 0x31, 0x00, 0xdc, 0x4f, 0x3b, 0x90, 0x1e, 0xae, 0x29, 0x99, \ - 0x84, 0x28, 0xcc, 0x7b, 0x47, 0x78, 0x09, 0x31, 0xdf, 0xd6, 0x01, 0x59, \ - 0x30, 0x5e, 0xf4, 0xf8, 0x8a, 0x84, 0x3f, 0xea, 0x39, 0x54, 0x7b, 0x08, \ - 0xa7, 0x60, 0xaa, 0xbd, 0xf9, 0x5b, 0xd1, 0x51, 0x96, 0x14, 0x2e, 0x65, \ - 0xf5, 0xae, 0x1c, 0x42 \ -} -/* END FILE */ - -/* This is taken from tests/data_files/test-ca2.key.enc */ -/* BEGIN FILE string macro TEST_CA_KEY_EC_PEM tests/data_files/test-ca2.key.enc */ -#define TEST_CA_KEY_EC_PEM \ - "-----BEGIN EC PRIVATE KEY-----\r\n" \ - "Proc-Type: 4,ENCRYPTED\r\n" \ - "DEK-Info: DES-EDE3-CBC,307EAB469933D64E\r\n" \ - "\r\n" \ - "IxbrRmKcAzctJqPdTQLA4SWyBYYGYJVkYEna+F7Pa5t5Yg/gKADrFKcm6B72e7DG\r\n" \ - "ihExtZI648s0zdYw6qSJ74vrPSuWDe5qm93BqsfVH9svtCzWHW0pm1p0KTBCFfUq\r\n" \ - "UsuWTITwJImcnlAs1gaRZ3sAWm7cOUidL0fo2G0fYUFNcYoCSLffCFTEHBuPnagb\r\n" \ - "a77x/sY1Bvii8S9/XhDTb6pTMx06wzrm\r\n" \ - "-----END EC PRIVATE KEY-----\r\n" -/* END FILE */ - -#define TEST_CA_PWD_EC_PEM "PolarSSLTest" - -/* This is generated from tests/data_files/test-ca2.key.der using `xxd -i`. */ -/* BEGIN FILE binary macro TEST_CA_KEY_EC_DER tests/data_files/test-ca2.key.der */ -#define TEST_CA_KEY_EC_DER { \ - 0x30, 0x81, 0xa4, 0x02, 0x01, 0x01, 0x04, 0x30, 0x83, 0xd9, 0x15, 0x0e, \ - 0xa0, 0x71, 0xf0, 0x57, 0x10, 0x33, 0xa3, 0x38, 0xb8, 0x86, 0xc1, 0xa6, \ - 0x11, 0x5d, 0x6d, 0xb4, 0x03, 0xe1, 0x29, 0x76, 0x45, 0xd7, 0x87, 0x6f, \ - 0x23, 0xab, 0x44, 0x20, 0xea, 0x64, 0x7b, 0x85, 0xb1, 0x76, 0xe7, 0x85, \ - 0x95, 0xaa, 0x74, 0xd6, 0xd1, 0xa4, 0x5e, 0xea, 0xa0, 0x07, 0x06, 0x05, \ - 0x2b, 0x81, 0x04, 0x00, 0x22, 0xa1, 0x64, 0x03, 0x62, 0x00, 0x04, 0xc3, \ - 0xda, 0x2b, 0x34, 0x41, 0x37, 0x58, 0x2f, 0x87, 0x56, 0xfe, 0xfc, 0x89, \ - 0xba, 0x29, 0x43, 0x4b, 0x4e, 0xe0, 0x6e, 0xc3, 0x0e, 0x57, 0x53, 0x33, \ - 0x39, 0x58, 0xd4, 0x52, 0xb4, 0x91, 0x95, 0x39, 0x0b, 0x23, 0xdf, 0x5f, \ - 0x17, 0x24, 0x62, 0x48, 0xfc, 0x1a, 0x95, 0x29, 0xce, 0x2c, 0x2d, 0x87, \ - 0xc2, 0x88, 0x52, 0x80, 0xaf, 0xd6, 0x6a, 0xab, 0x21, 0xdd, 0xb8, 0xd3, \ - 0x1c, 0x6e, 0x58, 0xb8, 0xca, 0xe8, 0xb2, 0x69, 0x8e, 0xf3, 0x41, 0xad, \ - 0x29, 0xc3, 0xb4, 0x5f, 0x75, 0xa7, 0x47, 0x6f, 0xd5, 0x19, 0x29, 0x55, \ - 0x69, 0x9a, 0x53, 0x3b, 0x20, 0xb4, 0x66, 0x16, 0x60, 0x33, 0x1e \ -} -/* END FILE */ - -/* This is taken from tests/data_files/test-ca-sha256.crt. */ -/* BEGIN FILE string macro TEST_CA_CRT_RSA_SHA256_PEM tests/data_files/test-ca-sha256.crt */ -#define TEST_CA_CRT_RSA_SHA256_PEM \ - "-----BEGIN CERTIFICATE-----\r\n" \ - "MIIDQTCCAimgAwIBAgIBAzANBgkqhkiG9w0BAQsFADA7MQswCQYDVQQGEwJOTDER\r\n" \ - "MA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcN\r\n" \ - "MTkwMjEwMTQ0NDAwWhcNMjkwMjEwMTQ0NDAwWjA7MQswCQYDVQQGEwJOTDERMA8G\r\n" \ - "A1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwggEiMA0G\r\n" \ - "CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDA3zf8F7vglp0/ht6WMn1EpRagzSHx\r\n" \ - "mdTs6st8GFgIlKXsm8WL3xoemTiZhx57wI053zhdcHgH057Zk+i5clHFzqMwUqny\r\n" \ - "50BwFMtEonILwuVA+T7lpg6z+exKY8C4KQB0nFc7qKUEkHHxvYPZP9al4jwqj+8n\r\n" \ - "YMPGn8u67GB9t+aEMr5P+1gmIgNb1LTV+/Xjli5wwOQuvfwu7uJBVcA0Ln0kcmnL\r\n" \ - "R7EUQIN9Z/SG9jGr8XmksrUuEvmEF/Bibyc+E1ixVA0hmnM3oTDPb5Lc9un8rNsu\r\n" \ - "KNF+AksjoBXyOGVkCeoMbo4bF6BxyLObyavpw/LPh5aPgAIynplYb6LVAgMBAAGj\r\n" \ - "UDBOMAwGA1UdEwQFMAMBAf8wHQYDVR0OBBYEFLRa5KWz3tJS9rnVppUP6z68x/3/\r\n" \ - "MB8GA1UdIwQYMBaAFLRa5KWz3tJS9rnVppUP6z68x/3/MA0GCSqGSIb3DQEBCwUA\r\n" \ - "A4IBAQA4qFSCth2q22uJIdE4KGHJsJjVEfw2/xn+MkTvCMfxVrvmRvqCtjE4tKDl\r\n" \ - "oK4MxFOek07oDZwvtAT9ijn1hHftTNS7RH9zd/fxNpfcHnMZXVC4w4DNA1fSANtW\r\n" \ - "5sY1JB5Je9jScrsLSS+mAjyv0Ow3Hb2Bix8wu7xNNrV5fIf7Ubm+wt6SqEBxu3Kb\r\n" \ - "+EfObAT4huf3czznhH3C17ed6NSbXwoXfby7stWUDeRJv08RaFOykf/Aae7bY5PL\r\n" \ - "yTVrkAnikMntJ9YI+hNNYt3inqq11A5cN0+rVTst8UKCxzQ4GpvroSwPKTFkbMw4\r\n" \ - "/anT1dVxr/BtwJfiESoK3/4CeXR1\r\n" \ - "-----END CERTIFICATE-----\r\n" -/* END FILE */ - -/* This is generated from tests/data_files/test-ca-sha256.crt.der - * using `xxd -i`. */ -/* BEGIN FILE binary macro TEST_CA_CRT_RSA_SHA256_DER tests/data_files/test-ca-sha256.crt.der */ -#define TEST_CA_CRT_RSA_SHA256_DER { \ - 0x30, 0x82, 0x03, 0x41, 0x30, 0x82, 0x02, 0x29, 0xa0, 0x03, 0x02, 0x01, \ - 0x02, 0x02, 0x01, 0x03, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, \ - 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x30, 0x3b, 0x31, 0x0b, 0x30, \ - 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x4e, 0x4c, 0x31, 0x11, \ - 0x30, 0x0f, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x08, 0x50, 0x6f, 0x6c, \ - 0x61, 0x72, 0x53, 0x53, 0x4c, 0x31, 0x19, 0x30, 0x17, 0x06, 0x03, 0x55, \ - 0x04, 0x03, 0x0c, 0x10, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, 0x53, 0x4c, \ - 0x20, 0x54, 0x65, 0x73, 0x74, 0x20, 0x43, 0x41, 0x30, 0x1e, 0x17, 0x0d, \ - 0x31, 0x39, 0x30, 0x32, 0x31, 0x30, 0x31, 0x34, 0x34, 0x34, 0x30, 0x30, \ - 0x5a, 0x17, 0x0d, 0x32, 0x39, 0x30, 0x32, 0x31, 0x30, 0x31, 0x34, 0x34, \ - 0x34, 0x30, 0x30, 0x5a, 0x30, 0x3b, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, \ - 0x55, 0x04, 0x06, 0x13, 0x02, 0x4e, 0x4c, 0x31, 0x11, 0x30, 0x0f, 0x06, \ - 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x08, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, \ - 0x53, 0x4c, 0x31, 0x19, 0x30, 0x17, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, \ - 0x10, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, 0x53, 0x4c, 0x20, 0x54, 0x65, \ - 0x73, 0x74, 0x20, 0x43, 0x41, 0x30, 0x82, 0x01, 0x22, 0x30, 0x0d, 0x06, \ - 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, \ - 0x03, 0x82, 0x01, 0x0f, 0x00, 0x30, 0x82, 0x01, 0x0a, 0x02, 0x82, 0x01, \ - 0x01, 0x00, 0xc0, 0xdf, 0x37, 0xfc, 0x17, 0xbb, 0xe0, 0x96, 0x9d, 0x3f, \ - 0x86, 0xde, 0x96, 0x32, 0x7d, 0x44, 0xa5, 0x16, 0xa0, 0xcd, 0x21, 0xf1, \ - 0x99, 0xd4, 0xec, 0xea, 0xcb, 0x7c, 0x18, 0x58, 0x08, 0x94, 0xa5, 0xec, \ - 0x9b, 0xc5, 0x8b, 0xdf, 0x1a, 0x1e, 0x99, 0x38, 0x99, 0x87, 0x1e, 0x7b, \ - 0xc0, 0x8d, 0x39, 0xdf, 0x38, 0x5d, 0x70, 0x78, 0x07, 0xd3, 0x9e, 0xd9, \ - 0x93, 0xe8, 0xb9, 0x72, 0x51, 0xc5, 0xce, 0xa3, 0x30, 0x52, 0xa9, 0xf2, \ - 0xe7, 0x40, 0x70, 0x14, 0xcb, 0x44, 0xa2, 0x72, 0x0b, 0xc2, 0xe5, 0x40, \ - 0xf9, 0x3e, 0xe5, 0xa6, 0x0e, 0xb3, 0xf9, 0xec, 0x4a, 0x63, 0xc0, 0xb8, \ - 0x29, 0x00, 0x74, 0x9c, 0x57, 0x3b, 0xa8, 0xa5, 0x04, 0x90, 0x71, 0xf1, \ - 0xbd, 0x83, 0xd9, 0x3f, 0xd6, 0xa5, 0xe2, 0x3c, 0x2a, 0x8f, 0xef, 0x27, \ - 0x60, 0xc3, 0xc6, 0x9f, 0xcb, 0xba, 0xec, 0x60, 0x7d, 0xb7, 0xe6, 0x84, \ - 0x32, 0xbe, 0x4f, 0xfb, 0x58, 0x26, 0x22, 0x03, 0x5b, 0xd4, 0xb4, 0xd5, \ - 0xfb, 0xf5, 0xe3, 0x96, 0x2e, 0x70, 0xc0, 0xe4, 0x2e, 0xbd, 0xfc, 0x2e, \ - 0xee, 0xe2, 0x41, 0x55, 0xc0, 0x34, 0x2e, 0x7d, 0x24, 0x72, 0x69, 0xcb, \ - 0x47, 0xb1, 0x14, 0x40, 0x83, 0x7d, 0x67, 0xf4, 0x86, 0xf6, 0x31, 0xab, \ - 0xf1, 0x79, 0xa4, 0xb2, 0xb5, 0x2e, 0x12, 0xf9, 0x84, 0x17, 0xf0, 0x62, \ - 0x6f, 0x27, 0x3e, 0x13, 0x58, 0xb1, 0x54, 0x0d, 0x21, 0x9a, 0x73, 0x37, \ - 0xa1, 0x30, 0xcf, 0x6f, 0x92, 0xdc, 0xf6, 0xe9, 0xfc, 0xac, 0xdb, 0x2e, \ - 0x28, 0xd1, 0x7e, 0x02, 0x4b, 0x23, 0xa0, 0x15, 0xf2, 0x38, 0x65, 0x64, \ - 0x09, 0xea, 0x0c, 0x6e, 0x8e, 0x1b, 0x17, 0xa0, 0x71, 0xc8, 0xb3, 0x9b, \ - 0xc9, 0xab, 0xe9, 0xc3, 0xf2, 0xcf, 0x87, 0x96, 0x8f, 0x80, 0x02, 0x32, \ - 0x9e, 0x99, 0x58, 0x6f, 0xa2, 0xd5, 0x02, 0x03, 0x01, 0x00, 0x01, 0xa3, \ - 0x50, 0x30, 0x4e, 0x30, 0x0c, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x04, 0x05, \ - 0x30, 0x03, 0x01, 0x01, 0xff, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, \ - 0x04, 0x16, 0x04, 0x14, 0xb4, 0x5a, 0xe4, 0xa5, 0xb3, 0xde, 0xd2, 0x52, \ - 0xf6, 0xb9, 0xd5, 0xa6, 0x95, 0x0f, 0xeb, 0x3e, 0xbc, 0xc7, 0xfd, 0xff, \ - 0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x18, 0x30, 0x16, 0x80, \ - 0x14, 0xb4, 0x5a, 0xe4, 0xa5, 0xb3, 0xde, 0xd2, 0x52, 0xf6, 0xb9, 0xd5, \ - 0xa6, 0x95, 0x0f, 0xeb, 0x3e, 0xbc, 0xc7, 0xfd, 0xff, 0x30, 0x0d, 0x06, \ - 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, \ - 0x03, 0x82, 0x01, 0x01, 0x00, 0x38, 0xa8, 0x54, 0x82, 0xb6, 0x1d, 0xaa, \ - 0xdb, 0x6b, 0x89, 0x21, 0xd1, 0x38, 0x28, 0x61, 0xc9, 0xb0, 0x98, 0xd5, \ - 0x11, 0xfc, 0x36, 0xff, 0x19, 0xfe, 0x32, 0x44, 0xef, 0x08, 0xc7, 0xf1, \ - 0x56, 0xbb, 0xe6, 0x46, 0xfa, 0x82, 0xb6, 0x31, 0x38, 0xb4, 0xa0, 0xe5, \ - 0xa0, 0xae, 0x0c, 0xc4, 0x53, 0x9e, 0x93, 0x4e, 0xe8, 0x0d, 0x9c, 0x2f, \ - 0xb4, 0x04, 0xfd, 0x8a, 0x39, 0xf5, 0x84, 0x77, 0xed, 0x4c, 0xd4, 0xbb, \ - 0x44, 0x7f, 0x73, 0x77, 0xf7, 0xf1, 0x36, 0x97, 0xdc, 0x1e, 0x73, 0x19, \ - 0x5d, 0x50, 0xb8, 0xc3, 0x80, 0xcd, 0x03, 0x57, 0xd2, 0x00, 0xdb, 0x56, \ - 0xe6, 0xc6, 0x35, 0x24, 0x1e, 0x49, 0x7b, 0xd8, 0xd2, 0x72, 0xbb, 0x0b, \ - 0x49, 0x2f, 0xa6, 0x02, 0x3c, 0xaf, 0xd0, 0xec, 0x37, 0x1d, 0xbd, 0x81, \ - 0x8b, 0x1f, 0x30, 0xbb, 0xbc, 0x4d, 0x36, 0xb5, 0x79, 0x7c, 0x87, 0xfb, \ - 0x51, 0xb9, 0xbe, 0xc2, 0xde, 0x92, 0xa8, 0x40, 0x71, 0xbb, 0x72, 0x9b, \ - 0xf8, 0x47, 0xce, 0x6c, 0x04, 0xf8, 0x86, 0xe7, 0xf7, 0x73, 0x3c, 0xe7, \ - 0x84, 0x7d, 0xc2, 0xd7, 0xb7, 0x9d, 0xe8, 0xd4, 0x9b, 0x5f, 0x0a, 0x17, \ - 0x7d, 0xbc, 0xbb, 0xb2, 0xd5, 0x94, 0x0d, 0xe4, 0x49, 0xbf, 0x4f, 0x11, \ - 0x68, 0x53, 0xb2, 0x91, 0xff, 0xc0, 0x69, 0xee, 0xdb, 0x63, 0x93, 0xcb, \ - 0xc9, 0x35, 0x6b, 0x90, 0x09, 0xe2, 0x90, 0xc9, 0xed, 0x27, 0xd6, 0x08, \ - 0xfa, 0x13, 0x4d, 0x62, 0xdd, 0xe2, 0x9e, 0xaa, 0xb5, 0xd4, 0x0e, 0x5c, \ - 0x37, 0x4f, 0xab, 0x55, 0x3b, 0x2d, 0xf1, 0x42, 0x82, 0xc7, 0x34, 0x38, \ - 0x1a, 0x9b, 0xeb, 0xa1, 0x2c, 0x0f, 0x29, 0x31, 0x64, 0x6c, 0xcc, 0x38, \ - 0xfd, 0xa9, 0xd3, 0xd5, 0xd5, 0x71, 0xaf, 0xf0, 0x6d, 0xc0, 0x97, 0xe2, \ - 0x11, 0x2a, 0x0a, 0xdf, 0xfe, 0x02, 0x79, 0x74, 0x75 \ -} -/* END FILE */ - -/* This is taken from tests/data_files/test-ca-sha1.crt. */ -/* BEGIN FILE string macro TEST_CA_CRT_RSA_SHA1_PEM tests/data_files/test-ca-sha1.crt */ -#define TEST_CA_CRT_RSA_SHA1_PEM \ - "-----BEGIN CERTIFICATE-----\r\n" \ - "MIIDQTCCAimgAwIBAgIBAzANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDER\r\n" \ - "MA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcN\r\n" \ - "MTEwMjEyMTQ0NDAwWhcNMjEwMjEyMTQ0NDAwWjA7MQswCQYDVQQGEwJOTDERMA8G\r\n" \ - "A1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwggEiMA0G\r\n" \ - "CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDA3zf8F7vglp0/ht6WMn1EpRagzSHx\r\n" \ - "mdTs6st8GFgIlKXsm8WL3xoemTiZhx57wI053zhdcHgH057Zk+i5clHFzqMwUqny\r\n" \ - "50BwFMtEonILwuVA+T7lpg6z+exKY8C4KQB0nFc7qKUEkHHxvYPZP9al4jwqj+8n\r\n" \ - "YMPGn8u67GB9t+aEMr5P+1gmIgNb1LTV+/Xjli5wwOQuvfwu7uJBVcA0Ln0kcmnL\r\n" \ - "R7EUQIN9Z/SG9jGr8XmksrUuEvmEF/Bibyc+E1ixVA0hmnM3oTDPb5Lc9un8rNsu\r\n" \ - "KNF+AksjoBXyOGVkCeoMbo4bF6BxyLObyavpw/LPh5aPgAIynplYb6LVAgMBAAGj\r\n" \ - "UDBOMAwGA1UdEwQFMAMBAf8wHQYDVR0OBBYEFLRa5KWz3tJS9rnVppUP6z68x/3/\r\n" \ - "MB8GA1UdIwQYMBaAFLRa5KWz3tJS9rnVppUP6z68x/3/MA0GCSqGSIb3DQEBBQUA\r\n" \ - "A4IBAQABE3OEPfEd/bcJW5ZdU3/VgPNS4tMzh8gnJP/V2FcvFtGylMpQq6YnEBYI\r\n" \ - "yBHAL4DRvlMY5rnXGBp3ODR8MpqHC6AquRTCLzjS57iYff//4QFQqW9n92zctspv\r\n" \ - "czkaPKgjqo1No3Uq0Xaz10rcxyTUPrf5wNVRZ2V0KvllvAAVSzbI4mpdUXztjhST\r\n" \ - "S5A2BeWQAAOr0zq1F7TSRVJpJs7jmB2ai/igkh1IAjcuwV6VwlP+sbw0gjQ0NpGM\r\n" \ - "iHpnlzRAi/tIbtOvMIGOBU2TIfax/5jq1agUx5aPmT5TWAiJPOOP6l5xXnDwxeYS\r\n" \ - "NWqiX9GyusBZjezaCaHabjDLU0qQ\r\n" \ - "-----END CERTIFICATE-----\r\n" -/* END FILE */ - -/* This is taken from tests/data_files/test-ca-sha1.crt.der. */ -/* BEGIN FILE binary macro TEST_CA_CRT_RSA_SHA1_DER tests/data_files/test-ca-sha1.crt.der */ -#define TEST_CA_CRT_RSA_SHA1_DER { \ - 0x30, 0x82, 0x03, 0x41, 0x30, 0x82, 0x02, 0x29, 0xa0, 0x03, 0x02, 0x01, \ - 0x02, 0x02, 0x01, 0x03, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, \ - 0xf7, 0x0d, 0x01, 0x01, 0x05, 0x05, 0x00, 0x30, 0x3b, 0x31, 0x0b, 0x30, \ - 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x4e, 0x4c, 0x31, 0x11, \ - 0x30, 0x0f, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x08, 0x50, 0x6f, 0x6c, \ - 0x61, 0x72, 0x53, 0x53, 0x4c, 0x31, 0x19, 0x30, 0x17, 0x06, 0x03, 0x55, \ - 0x04, 0x03, 0x0c, 0x10, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, 0x53, 0x4c, \ - 0x20, 0x54, 0x65, 0x73, 0x74, 0x20, 0x43, 0x41, 0x30, 0x1e, 0x17, 0x0d, \ - 0x31, 0x31, 0x30, 0x32, 0x31, 0x32, 0x31, 0x34, 0x34, 0x34, 0x30, 0x30, \ - 0x5a, 0x17, 0x0d, 0x32, 0x31, 0x30, 0x32, 0x31, 0x32, 0x31, 0x34, 0x34, \ - 0x34, 0x30, 0x30, 0x5a, 0x30, 0x3b, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, \ - 0x55, 0x04, 0x06, 0x13, 0x02, 0x4e, 0x4c, 0x31, 0x11, 0x30, 0x0f, 0x06, \ - 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x08, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, \ - 0x53, 0x4c, 0x31, 0x19, 0x30, 0x17, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, \ - 0x10, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, 0x53, 0x4c, 0x20, 0x54, 0x65, \ - 0x73, 0x74, 0x20, 0x43, 0x41, 0x30, 0x82, 0x01, 0x22, 0x30, 0x0d, 0x06, \ - 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, \ - 0x03, 0x82, 0x01, 0x0f, 0x00, 0x30, 0x82, 0x01, 0x0a, 0x02, 0x82, 0x01, \ - 0x01, 0x00, 0xc0, 0xdf, 0x37, 0xfc, 0x17, 0xbb, 0xe0, 0x96, 0x9d, 0x3f, \ - 0x86, 0xde, 0x96, 0x32, 0x7d, 0x44, 0xa5, 0x16, 0xa0, 0xcd, 0x21, 0xf1, \ - 0x99, 0xd4, 0xec, 0xea, 0xcb, 0x7c, 0x18, 0x58, 0x08, 0x94, 0xa5, 0xec, \ - 0x9b, 0xc5, 0x8b, 0xdf, 0x1a, 0x1e, 0x99, 0x38, 0x99, 0x87, 0x1e, 0x7b, \ - 0xc0, 0x8d, 0x39, 0xdf, 0x38, 0x5d, 0x70, 0x78, 0x07, 0xd3, 0x9e, 0xd9, \ - 0x93, 0xe8, 0xb9, 0x72, 0x51, 0xc5, 0xce, 0xa3, 0x30, 0x52, 0xa9, 0xf2, \ - 0xe7, 0x40, 0x70, 0x14, 0xcb, 0x44, 0xa2, 0x72, 0x0b, 0xc2, 0xe5, 0x40, \ - 0xf9, 0x3e, 0xe5, 0xa6, 0x0e, 0xb3, 0xf9, 0xec, 0x4a, 0x63, 0xc0, 0xb8, \ - 0x29, 0x00, 0x74, 0x9c, 0x57, 0x3b, 0xa8, 0xa5, 0x04, 0x90, 0x71, 0xf1, \ - 0xbd, 0x83, 0xd9, 0x3f, 0xd6, 0xa5, 0xe2, 0x3c, 0x2a, 0x8f, 0xef, 0x27, \ - 0x60, 0xc3, 0xc6, 0x9f, 0xcb, 0xba, 0xec, 0x60, 0x7d, 0xb7, 0xe6, 0x84, \ - 0x32, 0xbe, 0x4f, 0xfb, 0x58, 0x26, 0x22, 0x03, 0x5b, 0xd4, 0xb4, 0xd5, \ - 0xfb, 0xf5, 0xe3, 0x96, 0x2e, 0x70, 0xc0, 0xe4, 0x2e, 0xbd, 0xfc, 0x2e, \ - 0xee, 0xe2, 0x41, 0x55, 0xc0, 0x34, 0x2e, 0x7d, 0x24, 0x72, 0x69, 0xcb, \ - 0x47, 0xb1, 0x14, 0x40, 0x83, 0x7d, 0x67, 0xf4, 0x86, 0xf6, 0x31, 0xab, \ - 0xf1, 0x79, 0xa4, 0xb2, 0xb5, 0x2e, 0x12, 0xf9, 0x84, 0x17, 0xf0, 0x62, \ - 0x6f, 0x27, 0x3e, 0x13, 0x58, 0xb1, 0x54, 0x0d, 0x21, 0x9a, 0x73, 0x37, \ - 0xa1, 0x30, 0xcf, 0x6f, 0x92, 0xdc, 0xf6, 0xe9, 0xfc, 0xac, 0xdb, 0x2e, \ - 0x28, 0xd1, 0x7e, 0x02, 0x4b, 0x23, 0xa0, 0x15, 0xf2, 0x38, 0x65, 0x64, \ - 0x09, 0xea, 0x0c, 0x6e, 0x8e, 0x1b, 0x17, 0xa0, 0x71, 0xc8, 0xb3, 0x9b, \ - 0xc9, 0xab, 0xe9, 0xc3, 0xf2, 0xcf, 0x87, 0x96, 0x8f, 0x80, 0x02, 0x32, \ - 0x9e, 0x99, 0x58, 0x6f, 0xa2, 0xd5, 0x02, 0x03, 0x01, 0x00, 0x01, 0xa3, \ - 0x50, 0x30, 0x4e, 0x30, 0x0c, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x04, 0x05, \ - 0x30, 0x03, 0x01, 0x01, 0xff, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, \ - 0x04, 0x16, 0x04, 0x14, 0xb4, 0x5a, 0xe4, 0xa5, 0xb3, 0xde, 0xd2, 0x52, \ - 0xf6, 0xb9, 0xd5, 0xa6, 0x95, 0x0f, 0xeb, 0x3e, 0xbc, 0xc7, 0xfd, 0xff, \ - 0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x18, 0x30, 0x16, 0x80, \ - 0x14, 0xb4, 0x5a, 0xe4, 0xa5, 0xb3, 0xde, 0xd2, 0x52, 0xf6, 0xb9, 0xd5, \ - 0xa6, 0x95, 0x0f, 0xeb, 0x3e, 0xbc, 0xc7, 0xfd, 0xff, 0x30, 0x0d, 0x06, \ - 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x05, 0x05, 0x00, \ - 0x03, 0x82, 0x01, 0x01, 0x00, 0x01, 0x13, 0x73, 0x84, 0x3d, 0xf1, 0x1d, \ - 0xfd, 0xb7, 0x09, 0x5b, 0x96, 0x5d, 0x53, 0x7f, 0xd5, 0x80, 0xf3, 0x52, \ - 0xe2, 0xd3, 0x33, 0x87, 0xc8, 0x27, 0x24, 0xff, 0xd5, 0xd8, 0x57, 0x2f, \ - 0x16, 0xd1, 0xb2, 0x94, 0xca, 0x50, 0xab, 0xa6, 0x27, 0x10, 0x16, 0x08, \ - 0xc8, 0x11, 0xc0, 0x2f, 0x80, 0xd1, 0xbe, 0x53, 0x18, 0xe6, 0xb9, 0xd7, \ - 0x18, 0x1a, 0x77, 0x38, 0x34, 0x7c, 0x32, 0x9a, 0x87, 0x0b, 0xa0, 0x2a, \ - 0xb9, 0x14, 0xc2, 0x2f, 0x38, 0xd2, 0xe7, 0xb8, 0x98, 0x7d, 0xff, 0xff, \ - 0xe1, 0x01, 0x50, 0xa9, 0x6f, 0x67, 0xf7, 0x6c, 0xdc, 0xb6, 0xca, 0x6f, \ - 0x73, 0x39, 0x1a, 0x3c, 0xa8, 0x23, 0xaa, 0x8d, 0x4d, 0xa3, 0x75, 0x2a, \ - 0xd1, 0x76, 0xb3, 0xd7, 0x4a, 0xdc, 0xc7, 0x24, 0xd4, 0x3e, 0xb7, 0xf9, \ - 0xc0, 0xd5, 0x51, 0x67, 0x65, 0x74, 0x2a, 0xf9, 0x65, 0xbc, 0x00, 0x15, \ - 0x4b, 0x36, 0xc8, 0xe2, 0x6a, 0x5d, 0x51, 0x7c, 0xed, 0x8e, 0x14, 0x93, \ - 0x4b, 0x90, 0x36, 0x05, 0xe5, 0x90, 0x00, 0x03, 0xab, 0xd3, 0x3a, 0xb5, \ - 0x17, 0xb4, 0xd2, 0x45, 0x52, 0x69, 0x26, 0xce, 0xe3, 0x98, 0x1d, 0x9a, \ - 0x8b, 0xf8, 0xa0, 0x92, 0x1d, 0x48, 0x02, 0x37, 0x2e, 0xc1, 0x5e, 0x95, \ - 0xc2, 0x53, 0xfe, 0xb1, 0xbc, 0x34, 0x82, 0x34, 0x34, 0x36, 0x91, 0x8c, \ - 0x88, 0x7a, 0x67, 0x97, 0x34, 0x40, 0x8b, 0xfb, 0x48, 0x6e, 0xd3, 0xaf, \ - 0x30, 0x81, 0x8e, 0x05, 0x4d, 0x93, 0x21, 0xf6, 0xb1, 0xff, 0x98, 0xea, \ - 0xd5, 0xa8, 0x14, 0xc7, 0x96, 0x8f, 0x99, 0x3e, 0x53, 0x58, 0x08, 0x89, \ - 0x3c, 0xe3, 0x8f, 0xea, 0x5e, 0x71, 0x5e, 0x70, 0xf0, 0xc5, 0xe6, 0x12, \ - 0x35, 0x6a, 0xa2, 0x5f, 0xd1, 0xb2, 0xba, 0xc0, 0x59, 0x8d, 0xec, 0xda, \ - 0x09, 0xa1, 0xda, 0x6e, 0x30, 0xcb, 0x53, 0x4a, 0x90 \ -} -/* END FILE */ - -/* This is taken from tests/data_files/test-ca.key */ -/* BEGIN FILE string macro TEST_CA_KEY_RSA_PEM tests/data_files/test-ca.key */ -#define TEST_CA_KEY_RSA_PEM \ - "-----BEGIN RSA PRIVATE KEY-----\r\n" \ - "Proc-Type: 4,ENCRYPTED\r\n" \ - "DEK-Info: DES-EDE3-CBC,A8A95B05D5B7206B\r\n" \ - "\r\n" \ - "9Qd9GeArejl1GDVh2lLV1bHt0cPtfbh5h/5zVpAVaFpqtSPMrElp50Rntn9et+JA\r\n" \ - "7VOyboR+Iy2t/HU4WvA687k3Bppe9GwKHjHhtl//8xFKwZr3Xb5yO5JUP8AUctQq\r\n" \ - "Nb8CLlZyuUC+52REAAthdWgsX+7dJO4yabzUcQ22Tp9JSD0hiL43BlkWYUNK3dAo\r\n" \ - "PZlmiptjnzVTjg1MxsBSydZinWOLBV8/JQgxSPo2yD4uEfig28qbvQ2wNIn0pnAb\r\n" \ - "GxnSAOazkongEGfvcjIIs+LZN9gXFhxcOh6kc4Q/c99B7QWETwLLkYgZ+z1a9VY9\r\n" \ - "gEU7CwCxYCD+h9hY6FPmsK0/lC4O7aeRKpYq00rPPxs6i7phiexg6ax6yTMmArQq\r\n" \ - "QmK3TAsJm8V/J5AWpLEV6jAFgRGymGGHnof0DXzVWZidrcZJWTNuGEX90nB3ee2w\r\n" \ - "PXJEFWKoD3K3aFcSLdHYr3mLGxP7H9ThQai9VsycxZKS5kwvBKQ//YMrmFfwPk8x\r\n" \ - "vTeY4KZMaUrveEel5tWZC94RSMKgxR6cyE1nBXyTQnDOGbfpNNgBKxyKbINWoOJU\r\n" \ - "WJZAwlsQn+QzCDwpri7+sV1mS3gBE6UY7aQmnmiiaC2V3Hbphxct/en5QsfDOt1X\r\n" \ - "JczSfpRWLlbPznZg8OQh/VgCMA58N5DjOzTIK7sJJ5r+94ZBTCpgAMbF588f0NTR\r\n" \ - "KCe4yrxGJR7X02M4nvD4IwOlpsQ8xQxZtOSgXv4LkxvdU9XJJKWZ/XNKJeWztxSe\r\n" \ - "Z1vdTc2YfsDBA2SEv33vxHx2g1vqtw8SjDRT2RaQSS0QuSaMJimdOX6mTOCBKk1J\r\n" \ - "9Q5mXTrER+/LnK0jEmXsBXWA5bqqVZIyahXSx4VYZ7l7w/PHiUDtDgyRhMMKi4n2\r\n" \ - "iQvQcWSQTjrpnlJbca1/DkpRt3YwrvJwdqb8asZU2VrNETh5x0QVefDRLFiVpif/\r\n" \ - "tUaeAe/P1F8OkS7OIZDs1SUbv/sD2vMbhNkUoCms3/PvNtdnvgL4F0zhaDpKCmlT\r\n" \ - "P8vx49E7v5CyRNmED9zZg4o3wmMqrQO93PtTug3Eu9oVx1zPQM1NVMyBa2+f29DL\r\n" \ - "1nuTCeXdo9+ni45xx+jAI4DCwrRdhJ9uzZyC6962H37H6D+5naNvClFR1s6li1Gb\r\n" \ - "nqPoiy/OBsEx9CaDGcqQBp5Wme/3XW+6z1ISOx+igwNTVCT14mHdBMbya0eIKft5\r\n" \ - "X+GnwtgEMyCYyyWuUct8g4RzErcY9+yW9Om5Hzpx4zOuW4NPZgPDTgK+t2RSL/Yq\r\n" \ - "rE1njrgeGYcVeG3f+OftH4s6fPbq7t1A5ZgUscbLMBqr9tK+OqygR4EgKBPsH6Cz\r\n" \ - "L6zlv/2RV0qAHvVuDJcIDIgwY5rJtINEm32rhOeFNJwZS5MNIC1czXZx5//ugX7l\r\n" \ - "I4sy5nbVhwSjtAk8Xg5dZbdTZ6mIrb7xqH+fdakZor1khG7bC2uIwibD3cSl2XkR\r\n" \ - "wN48lslbHnqqagr6Xm1nNOSVl8C/6kbJEsMpLhAezfRtGwvOucoaE+WbeUNolGde\r\n" \ - "P/eQiddSf0brnpiLJRh7qZrl9XuqYdpUqnoEdMAfotDOID8OtV7gt8a48ad8VPW2\r\n" \ - "-----END RSA PRIVATE KEY-----\r\n" -/* END FILE */ - -#define TEST_CA_PWD_RSA_PEM "PolarSSLTest" - -/* This was generated from test-ca.key.der using `xxd -i`. */ -/* BEGIN FILE binary macro TEST_CA_KEY_RSA_DER tests/data_files/test-ca.key.der */ -#define TEST_CA_KEY_RSA_DER { \ - 0x30, 0x82, 0x04, 0xa4, 0x02, 0x01, 0x00, 0x02, 0x82, 0x01, 0x01, 0x00, \ - 0xc0, 0xdf, 0x37, 0xfc, 0x17, 0xbb, 0xe0, 0x96, 0x9d, 0x3f, 0x86, 0xde, \ - 0x96, 0x32, 0x7d, 0x44, 0xa5, 0x16, 0xa0, 0xcd, 0x21, 0xf1, 0x99, 0xd4, \ - 0xec, 0xea, 0xcb, 0x7c, 0x18, 0x58, 0x08, 0x94, 0xa5, 0xec, 0x9b, 0xc5, \ - 0x8b, 0xdf, 0x1a, 0x1e, 0x99, 0x38, 0x99, 0x87, 0x1e, 0x7b, 0xc0, 0x8d, \ - 0x39, 0xdf, 0x38, 0x5d, 0x70, 0x78, 0x07, 0xd3, 0x9e, 0xd9, 0x93, 0xe8, \ - 0xb9, 0x72, 0x51, 0xc5, 0xce, 0xa3, 0x30, 0x52, 0xa9, 0xf2, 0xe7, 0x40, \ - 0x70, 0x14, 0xcb, 0x44, 0xa2, 0x72, 0x0b, 0xc2, 0xe5, 0x40, 0xf9, 0x3e, \ - 0xe5, 0xa6, 0x0e, 0xb3, 0xf9, 0xec, 0x4a, 0x63, 0xc0, 0xb8, 0x29, 0x00, \ - 0x74, 0x9c, 0x57, 0x3b, 0xa8, 0xa5, 0x04, 0x90, 0x71, 0xf1, 0xbd, 0x83, \ - 0xd9, 0x3f, 0xd6, 0xa5, 0xe2, 0x3c, 0x2a, 0x8f, 0xef, 0x27, 0x60, 0xc3, \ - 0xc6, 0x9f, 0xcb, 0xba, 0xec, 0x60, 0x7d, 0xb7, 0xe6, 0x84, 0x32, 0xbe, \ - 0x4f, 0xfb, 0x58, 0x26, 0x22, 0x03, 0x5b, 0xd4, 0xb4, 0xd5, 0xfb, 0xf5, \ - 0xe3, 0x96, 0x2e, 0x70, 0xc0, 0xe4, 0x2e, 0xbd, 0xfc, 0x2e, 0xee, 0xe2, \ - 0x41, 0x55, 0xc0, 0x34, 0x2e, 0x7d, 0x24, 0x72, 0x69, 0xcb, 0x47, 0xb1, \ - 0x14, 0x40, 0x83, 0x7d, 0x67, 0xf4, 0x86, 0xf6, 0x31, 0xab, 0xf1, 0x79, \ - 0xa4, 0xb2, 0xb5, 0x2e, 0x12, 0xf9, 0x84, 0x17, 0xf0, 0x62, 0x6f, 0x27, \ - 0x3e, 0x13, 0x58, 0xb1, 0x54, 0x0d, 0x21, 0x9a, 0x73, 0x37, 0xa1, 0x30, \ - 0xcf, 0x6f, 0x92, 0xdc, 0xf6, 0xe9, 0xfc, 0xac, 0xdb, 0x2e, 0x28, 0xd1, \ - 0x7e, 0x02, 0x4b, 0x23, 0xa0, 0x15, 0xf2, 0x38, 0x65, 0x64, 0x09, 0xea, \ - 0x0c, 0x6e, 0x8e, 0x1b, 0x17, 0xa0, 0x71, 0xc8, 0xb3, 0x9b, 0xc9, 0xab, \ - 0xe9, 0xc3, 0xf2, 0xcf, 0x87, 0x96, 0x8f, 0x80, 0x02, 0x32, 0x9e, 0x99, \ - 0x58, 0x6f, 0xa2, 0xd5, 0x02, 0x03, 0x01, 0x00, 0x01, 0x02, 0x82, 0x01, \ - 0x00, 0x3f, 0xf7, 0x07, 0xd3, 0x34, 0x6f, 0xdb, 0xc9, 0x37, 0xb7, 0x84, \ - 0xdc, 0x37, 0x45, 0xe1, 0x63, 0xad, 0xb8, 0xb6, 0x75, 0xb1, 0xc7, 0x35, \ - 0xb4, 0x77, 0x2a, 0x5b, 0x77, 0xf9, 0x7e, 0xe0, 0xc1, 0xa3, 0xd1, 0xb7, \ - 0xcb, 0xa9, 0x5a, 0xc1, 0x87, 0xda, 0x5a, 0xfa, 0x17, 0xe4, 0xd5, 0x38, \ - 0x03, 0xde, 0x68, 0x98, 0x81, 0xec, 0xb5, 0xf2, 0x2a, 0x8d, 0xe9, 0x2c, \ - 0xf3, 0xa6, 0xe5, 0x32, 0x17, 0x7f, 0x33, 0x81, 0xe8, 0x38, 0x72, 0xd5, \ - 0x9c, 0xfa, 0x4e, 0xfb, 0x26, 0xf5, 0x15, 0x0b, 0xaf, 0x84, 0x66, 0xab, \ - 0x02, 0xe0, 0x18, 0xd5, 0x91, 0x7c, 0xd6, 0x8f, 0xc9, 0x4b, 0x76, 0x08, \ - 0x2b, 0x1d, 0x81, 0x68, 0x30, 0xe1, 0xfa, 0x70, 0x6c, 0x13, 0x4e, 0x10, \ - 0x03, 0x35, 0x3e, 0xc5, 0xca, 0x58, 0x20, 0x8a, 0x21, 0x18, 0x38, 0xa0, \ - 0x0f, 0xed, 0xc4, 0xbb, 0x45, 0x6f, 0xf5, 0x84, 0x5b, 0xb0, 0xcf, 0x4e, \ - 0x9d, 0x58, 0x13, 0x6b, 0x35, 0x35, 0x69, 0xa1, 0xd2, 0xc4, 0xf2, 0xc1, \ - 0x48, 0x04, 0x20, 0x51, 0xb9, 0x6b, 0xa4, 0x5d, 0xa5, 0x4b, 0x84, 0x88, \ - 0x43, 0x48, 0x99, 0x2c, 0xbb, 0xa4, 0x97, 0xd6, 0xd6, 0x18, 0xf6, 0xec, \ - 0x5c, 0xd1, 0x31, 0x49, 0xc9, 0xf2, 0x8f, 0x0b, 0x4d, 0xef, 0x09, 0x02, \ - 0xfe, 0x7d, 0xfd, 0xbb, 0xaf, 0x2b, 0x83, 0x94, 0x22, 0xc4, 0xa7, 0x3e, \ - 0x66, 0xf5, 0xe0, 0x57, 0xdc, 0xf2, 0xed, 0x2c, 0x3e, 0x81, 0x74, 0x76, \ - 0x1e, 0x96, 0x6f, 0x74, 0x1e, 0x32, 0x0e, 0x14, 0x31, 0xd0, 0x74, 0xf0, \ - 0xf4, 0x07, 0xbd, 0xc3, 0xd1, 0x22, 0xc2, 0xa8, 0x95, 0x92, 0x06, 0x7f, \ - 0x43, 0x02, 0x91, 0xbc, 0xdd, 0x23, 0x01, 0x89, 0x94, 0x20, 0x44, 0x64, \ - 0xf5, 0x1d, 0x67, 0xd2, 0x8f, 0xe8, 0x69, 0xa5, 0x29, 0x25, 0xe6, 0x50, \ - 0x9c, 0xe3, 0xe9, 0xcb, 0x75, 0x02, 0x81, 0x81, 0x00, 0xe2, 0x29, 0x3e, \ - 0xaa, 0x6b, 0xd5, 0x59, 0x1e, 0x9c, 0xe6, 0x47, 0xd5, 0xb6, 0xd7, 0xe3, \ - 0xf1, 0x8e, 0x9e, 0xe9, 0x83, 0x5f, 0x10, 0x9f, 0x63, 0xec, 0x04, 0x44, \ - 0xcc, 0x3f, 0xf8, 0xd9, 0x3a, 0x17, 0xe0, 0x4f, 0xfe, 0xd8, 0x4d, 0xcd, \ - 0x46, 0x54, 0x74, 0xbf, 0x0a, 0xc4, 0x67, 0x9c, 0xa7, 0xd8, 0x89, 0x65, \ - 0x4c, 0xfd, 0x58, 0x2a, 0x47, 0x0f, 0xf4, 0x37, 0xb6, 0x55, 0xb0, 0x1d, \ - 0xed, 0xa7, 0x39, 0xfc, 0x4f, 0xa3, 0xc4, 0x75, 0x3a, 0xa3, 0x98, 0xa7, \ - 0x45, 0xf5, 0x66, 0xcb, 0x7c, 0x65, 0xfb, 0x80, 0x23, 0xe6, 0xff, 0xfd, \ - 0x99, 0x1f, 0x8e, 0x6b, 0xff, 0x5e, 0x93, 0x66, 0xdf, 0x6c, 0x6f, 0xc3, \ - 0xf6, 0x38, 0x2e, 0xff, 0x69, 0xb5, 0xac, 0xae, 0xbb, 0xc6, 0x71, 0x16, \ - 0x6b, 0xd0, 0xf8, 0x22, 0xd9, 0xf8, 0xa2, 0x72, 0x20, 0xd2, 0xe2, 0x3a, \ - 0x70, 0x4b, 0xde, 0xab, 0x2f, 0x02, 0x81, 0x81, 0x00, 0xda, 0x51, 0x9b, \ - 0xb8, 0xb2, 0x2a, 0x14, 0x75, 0x58, 0x40, 0x8d, 0x27, 0x70, 0xfa, 0x31, \ - 0x48, 0xb0, 0x20, 0x21, 0x34, 0xfa, 0x4c, 0x57, 0xa8, 0x11, 0x88, 0xf3, \ - 0xa7, 0xae, 0x21, 0xe9, 0xb6, 0x2b, 0xd1, 0xcd, 0xa7, 0xf8, 0xd8, 0x0c, \ - 0x8a, 0x76, 0x22, 0x35, 0x44, 0xce, 0x3f, 0x25, 0x29, 0x83, 0x7d, 0x79, \ - 0xa7, 0x31, 0xd6, 0xec, 0xb2, 0xbf, 0xda, 0x34, 0xb6, 0xf6, 0xb2, 0x3b, \ - 0xf3, 0x78, 0x5a, 0x04, 0x83, 0x33, 0x3e, 0xa2, 0xe2, 0x81, 0x82, 0x13, \ - 0xd4, 0x35, 0x17, 0x63, 0x9b, 0x9e, 0xc4, 0x8d, 0x91, 0x4c, 0x03, 0x77, \ - 0xc7, 0x71, 0x5b, 0xee, 0x83, 0x6d, 0xd5, 0x78, 0x88, 0xf6, 0x2c, 0x79, \ - 0xc2, 0x4a, 0xb4, 0x79, 0x90, 0x70, 0xbf, 0xdf, 0x34, 0x56, 0x96, 0x71, \ - 0xe3, 0x0e, 0x68, 0x91, 0xbc, 0xea, 0xcb, 0x33, 0xc0, 0xbe, 0x45, 0xd7, \ - 0xfc, 0x30, 0xfd, 0x01, 0x3b, 0x02, 0x81, 0x81, 0x00, 0xd2, 0x9f, 0x2a, \ - 0xb7, 0x38, 0x19, 0xc7, 0x17, 0x95, 0x73, 0x78, 0xae, 0xf5, 0xcb, 0x75, \ - 0x83, 0x7f, 0x19, 0x4b, 0xcb, 0x86, 0xfb, 0x4a, 0x15, 0x9a, 0xb6, 0x17, \ - 0x04, 0x49, 0x07, 0x8d, 0xf6, 0x66, 0x4a, 0x06, 0xf6, 0x05, 0xa7, 0xdf, \ - 0x66, 0x82, 0x3c, 0xff, 0xb6, 0x1d, 0x57, 0x89, 0x33, 0x5f, 0x9c, 0x05, \ - 0x75, 0x7f, 0xf3, 0x5d, 0xdc, 0x34, 0x65, 0x72, 0x85, 0x22, 0xa4, 0x14, \ - 0x1b, 0x41, 0xc3, 0xe4, 0xd0, 0x9e, 0x69, 0xd5, 0xeb, 0x38, 0x74, 0x70, \ - 0x43, 0xdc, 0xd9, 0x50, 0xe4, 0x97, 0x6d, 0x73, 0xd6, 0xfb, 0xc8, 0xa7, \ - 0xfa, 0xb4, 0xc2, 0xc4, 0x9d, 0x5d, 0x0c, 0xd5, 0x9f, 0x79, 0xb3, 0x54, \ - 0xc2, 0xb7, 0x6c, 0x3d, 0x7d, 0xcb, 0x2d, 0xf8, 0xc4, 0xf3, 0x78, 0x5a, \ - 0x33, 0x2a, 0xb8, 0x0c, 0x6d, 0x06, 0xfa, 0xf2, 0x62, 0xd3, 0x42, 0xd0, \ - 0xbd, 0xc8, 0x4a, 0xa5, 0x0d, 0x02, 0x81, 0x81, 0x00, 0xd4, 0xa9, 0x90, \ - 0x15, 0xde, 0xbf, 0x2c, 0xc4, 0x8d, 0x9d, 0xfb, 0xa1, 0xc2, 0xe4, 0x83, \ - 0xe3, 0x79, 0x65, 0x22, 0xd3, 0xb7, 0x49, 0x6c, 0x4d, 0x94, 0x1f, 0x22, \ - 0xb1, 0x60, 0xe7, 0x3a, 0x00, 0xb1, 0x38, 0xa2, 0xab, 0x0f, 0xb4, 0x6c, \ - 0xaa, 0xe7, 0x9e, 0x34, 0xe3, 0x7c, 0x40, 0x78, 0x53, 0xb2, 0xf9, 0x23, \ - 0xea, 0xa0, 0x9a, 0xea, 0x60, 0xc8, 0x8f, 0xa6, 0xaf, 0xdf, 0x29, 0x09, \ - 0x4b, 0x06, 0x1e, 0x31, 0xad, 0x17, 0xda, 0xd8, 0xd1, 0xe9, 0x33, 0xab, \ - 0x5b, 0x18, 0x08, 0x5b, 0x87, 0xf8, 0xa5, 0x1f, 0xfd, 0xbb, 0xdc, 0xd8, \ - 0xed, 0x97, 0x57, 0xe4, 0xc3, 0x73, 0xd6, 0xf0, 0x9e, 0x01, 0xa6, 0x9b, \ - 0x48, 0x8e, 0x7a, 0xb4, 0xbb, 0xe5, 0x88, 0x91, 0xc5, 0x2a, 0xdf, 0x4b, \ - 0xba, 0xd0, 0x8b, 0x3e, 0x03, 0x97, 0x77, 0x2f, 0x47, 0x7e, 0x51, 0x0c, \ - 0xae, 0x65, 0x8d, 0xde, 0x87, 0x02, 0x81, 0x80, 0x20, 0x24, 0x0f, 0xd2, \ - 0xaf, 0xc2, 0x28, 0x3b, 0x97, 0x20, 0xb2, 0x92, 0x49, 0xeb, 0x09, 0x68, \ - 0x40, 0xb2, 0xbe, 0xd1, 0xc3, 0x83, 0x94, 0x34, 0x38, 0xd6, 0xc9, 0xec, \ - 0x34, 0x09, 0xf9, 0x41, 0x6d, 0x5c, 0x42, 0x94, 0xf7, 0x04, 0xfc, 0x32, \ - 0x39, 0x69, 0xbc, 0x1c, 0xfb, 0x3e, 0x61, 0x98, 0xc0, 0x80, 0xd8, 0x36, \ - 0x47, 0xc3, 0x6d, 0xc2, 0x2e, 0xe7, 0x81, 0x2a, 0x17, 0x34, 0x64, 0x30, \ - 0x4e, 0x96, 0xbb, 0x26, 0x16, 0xb9, 0x41, 0x36, 0xfe, 0x8a, 0xd6, 0x53, \ - 0x7c, 0xaa, 0xec, 0x39, 0x42, 0x50, 0xef, 0xe3, 0xb3, 0x01, 0x28, 0x32, \ - 0xca, 0x6d, 0xf5, 0x9a, 0x1e, 0x9f, 0x37, 0xbe, 0xfe, 0x38, 0x20, 0x22, \ - 0x91, 0x8c, 0xcd, 0x95, 0x02, 0xf2, 0x4d, 0x6f, 0x1a, 0xb4, 0x43, 0xf0, \ - 0x19, 0xdf, 0x65, 0xc0, 0x92, 0xe7, 0x9d, 0x2f, 0x09, 0xe7, 0xec, 0x69, \ - 0xa8, 0xc2, 0x8f, 0x0d \ -} -/* END FILE */ - -/* - * Test server Certificates - * - * Test server certificates are defined for each choice - * of the following parameters: - * - PEM or DER encoding - * - SHA-1 or SHA-256 hash - * - RSA or EC key - * - * Things to add: - * - multiple EC curve types - */ - -/* This is taken from tests/data_files/server5.crt. */ -/* BEGIN FILE string macro TEST_SRV_CRT_EC_PEM tests/data_files/server5.crt */ -#define TEST_SRV_CRT_EC_PEM \ - "-----BEGIN CERTIFICATE-----\r\n" \ - "MIICHzCCAaWgAwIBAgIBCTAKBggqhkjOPQQDAjA+MQswCQYDVQQGEwJOTDERMA8G\r\n" \ - "A1UEChMIUG9sYXJTU0wxHDAaBgNVBAMTE1BvbGFyc3NsIFRlc3QgRUMgQ0EwHhcN\r\n" \ - "MTMwOTI0MTU1MjA0WhcNMjMwOTIyMTU1MjA0WjA0MQswCQYDVQQGEwJOTDERMA8G\r\n" \ - "A1UEChMIUG9sYXJTU0wxEjAQBgNVBAMTCWxvY2FsaG9zdDBZMBMGByqGSM49AgEG\r\n" \ - "CCqGSM49AwEHA0IABDfMVtl2CR5acj7HWS3/IG7ufPkGkXTQrRS192giWWKSTuUA\r\n" \ - "2CMR/+ov0jRdXRa9iojCa3cNVc2KKg76Aci07f+jgZ0wgZowCQYDVR0TBAIwADAd\r\n" \ - "BgNVHQ4EFgQUUGGlj9QH2deCAQzlZX+MY0anE74wbgYDVR0jBGcwZYAUnW0gJEkB\r\n" \ - "PyvLeLUZvH4kydv7NnyhQqRAMD4xCzAJBgNVBAYTAk5MMREwDwYDVQQKEwhQb2xh\r\n" \ - "clNTTDEcMBoGA1UEAxMTUG9sYXJzc2wgVGVzdCBFQyBDQYIJAMFD4n5iQ8zoMAoG\r\n" \ - "CCqGSM49BAMCA2gAMGUCMQCaLFzXptui5WQN8LlO3ddh1hMxx6tzgLvT03MTVK2S\r\n" \ - "C12r0Lz3ri/moSEpNZWqPjkCMCE2f53GXcYLqyfyJR078c/xNSUU5+Xxl7VZ414V\r\n" \ - "fGa5kHvHARBPc8YAIVIqDvHH1Q==\r\n" \ - "-----END CERTIFICATE-----\r\n" -/* END FILE */ - -/* This is generated from tests/data_files/server5.crt.der using `xxd -i`. */ -/* BEGIN FILE binary macro TEST_SRV_CRT_EC_DER tests/data_files/server5.crt.der */ -#define TEST_SRV_CRT_EC_DER { \ - 0x30, 0x82, 0x02, 0x1f, 0x30, 0x82, 0x01, 0xa5, 0xa0, 0x03, 0x02, 0x01, \ - 0x02, 0x02, 0x01, 0x09, 0x30, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, \ - 0x3d, 0x04, 0x03, 0x02, 0x30, 0x3e, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, \ - 0x55, 0x04, 0x06, 0x13, 0x02, 0x4e, 0x4c, 0x31, 0x11, 0x30, 0x0f, 0x06, \ - 0x03, 0x55, 0x04, 0x0a, 0x13, 0x08, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, \ - 0x53, 0x4c, 0x31, 0x1c, 0x30, 0x1a, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, \ - 0x13, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x73, 0x73, 0x6c, 0x20, 0x54, 0x65, \ - 0x73, 0x74, 0x20, 0x45, 0x43, 0x20, 0x43, 0x41, 0x30, 0x1e, 0x17, 0x0d, \ - 0x31, 0x33, 0x30, 0x39, 0x32, 0x34, 0x31, 0x35, 0x35, 0x32, 0x30, 0x34, \ - 0x5a, 0x17, 0x0d, 0x32, 0x33, 0x30, 0x39, 0x32, 0x32, 0x31, 0x35, 0x35, \ - 0x32, 0x30, 0x34, 0x5a, 0x30, 0x34, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, \ - 0x55, 0x04, 0x06, 0x13, 0x02, 0x4e, 0x4c, 0x31, 0x11, 0x30, 0x0f, 0x06, \ - 0x03, 0x55, 0x04, 0x0a, 0x13, 0x08, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, \ - 0x53, 0x4c, 0x31, 0x12, 0x30, 0x10, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, \ - 0x09, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x68, 0x6f, 0x73, 0x74, 0x30, 0x59, \ - 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, 0x01, 0x06, \ - 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03, 0x42, 0x00, \ - 0x04, 0x37, 0xcc, 0x56, 0xd9, 0x76, 0x09, 0x1e, 0x5a, 0x72, 0x3e, 0xc7, \ - 0x59, 0x2d, 0xff, 0x20, 0x6e, 0xee, 0x7c, 0xf9, 0x06, 0x91, 0x74, 0xd0, \ - 0xad, 0x14, 0xb5, 0xf7, 0x68, 0x22, 0x59, 0x62, 0x92, 0x4e, 0xe5, 0x00, \ - 0xd8, 0x23, 0x11, 0xff, 0xea, 0x2f, 0xd2, 0x34, 0x5d, 0x5d, 0x16, 0xbd, \ - 0x8a, 0x88, 0xc2, 0x6b, 0x77, 0x0d, 0x55, 0xcd, 0x8a, 0x2a, 0x0e, 0xfa, \ - 0x01, 0xc8, 0xb4, 0xed, 0xff, 0xa3, 0x81, 0x9d, 0x30, 0x81, 0x9a, 0x30, \ - 0x09, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x04, 0x02, 0x30, 0x00, 0x30, 0x1d, \ - 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0x50, 0x61, 0xa5, \ - 0x8f, 0xd4, 0x07, 0xd9, 0xd7, 0x82, 0x01, 0x0c, 0xe5, 0x65, 0x7f, 0x8c, \ - 0x63, 0x46, 0xa7, 0x13, 0xbe, 0x30, 0x6e, 0x06, 0x03, 0x55, 0x1d, 0x23, \ - 0x04, 0x67, 0x30, 0x65, 0x80, 0x14, 0x9d, 0x6d, 0x20, 0x24, 0x49, 0x01, \ - 0x3f, 0x2b, 0xcb, 0x78, 0xb5, 0x19, 0xbc, 0x7e, 0x24, 0xc9, 0xdb, 0xfb, \ - 0x36, 0x7c, 0xa1, 0x42, 0xa4, 0x40, 0x30, 0x3e, 0x31, 0x0b, 0x30, 0x09, \ - 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x4e, 0x4c, 0x31, 0x11, 0x30, \ - 0x0f, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x08, 0x50, 0x6f, 0x6c, 0x61, \ - 0x72, 0x53, 0x53, 0x4c, 0x31, 0x1c, 0x30, 0x1a, 0x06, 0x03, 0x55, 0x04, \ - 0x03, 0x13, 0x13, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x73, 0x73, 0x6c, 0x20, \ - 0x54, 0x65, 0x73, 0x74, 0x20, 0x45, 0x43, 0x20, 0x43, 0x41, 0x82, 0x09, \ - 0x00, 0xc1, 0x43, 0xe2, 0x7e, 0x62, 0x43, 0xcc, 0xe8, 0x30, 0x0a, 0x06, \ - 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x04, 0x03, 0x02, 0x03, 0x68, 0x00, \ - 0x30, 0x65, 0x02, 0x31, 0x00, 0x9a, 0x2c, 0x5c, 0xd7, 0xa6, 0xdb, 0xa2, \ - 0xe5, 0x64, 0x0d, 0xf0, 0xb9, 0x4e, 0xdd, 0xd7, 0x61, 0xd6, 0x13, 0x31, \ - 0xc7, 0xab, 0x73, 0x80, 0xbb, 0xd3, 0xd3, 0x73, 0x13, 0x54, 0xad, 0x92, \ - 0x0b, 0x5d, 0xab, 0xd0, 0xbc, 0xf7, 0xae, 0x2f, 0xe6, 0xa1, 0x21, 0x29, \ - 0x35, 0x95, 0xaa, 0x3e, 0x39, 0x02, 0x30, 0x21, 0x36, 0x7f, 0x9d, 0xc6, \ - 0x5d, 0xc6, 0x0b, 0xab, 0x27, 0xf2, 0x25, 0x1d, 0x3b, 0xf1, 0xcf, 0xf1, \ - 0x35, 0x25, 0x14, 0xe7, 0xe5, 0xf1, 0x97, 0xb5, 0x59, 0xe3, 0x5e, 0x15, \ - 0x7c, 0x66, 0xb9, 0x90, 0x7b, 0xc7, 0x01, 0x10, 0x4f, 0x73, 0xc6, 0x00, \ - 0x21, 0x52, 0x2a, 0x0e, 0xf1, 0xc7, 0xd5 \ -} -/* END FILE */ - -/* This is taken from tests/data_files/server5.key. */ -/* BEGIN FILE string macro TEST_SRV_KEY_EC_PEM tests/data_files/server5.key */ -#define TEST_SRV_KEY_EC_PEM \ - "-----BEGIN EC PRIVATE KEY-----\r\n" \ - "MHcCAQEEIPEqEyB2AnCoPL/9U/YDHvdqXYbIogTywwyp6/UfDw6noAoGCCqGSM49\r\n" \ - "AwEHoUQDQgAEN8xW2XYJHlpyPsdZLf8gbu58+QaRdNCtFLX3aCJZYpJO5QDYIxH/\r\n" \ - "6i/SNF1dFr2KiMJrdw1VzYoqDvoByLTt/w==\r\n" \ - "-----END EC PRIVATE KEY-----\r\n" -/* END FILE */ - -/* This is generated from tests/data_files/server5.key.der using `xxd -i`. */ -/* BEGIN FILE binary macro TEST_SRV_KEY_EC_DER tests/data_files/server5.key.der */ -#define TEST_SRV_KEY_EC_DER { \ - 0x30, 0x77, 0x02, 0x01, 0x01, 0x04, 0x20, 0xf1, 0x2a, 0x13, 0x20, 0x76, \ - 0x02, 0x70, 0xa8, 0x3c, 0xbf, 0xfd, 0x53, 0xf6, 0x03, 0x1e, 0xf7, 0x6a, \ - 0x5d, 0x86, 0xc8, 0xa2, 0x04, 0xf2, 0xc3, 0x0c, 0xa9, 0xeb, 0xf5, 0x1f, \ - 0x0f, 0x0e, 0xa7, 0xa0, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, \ - 0x03, 0x01, 0x07, 0xa1, 0x44, 0x03, 0x42, 0x00, 0x04, 0x37, 0xcc, 0x56, \ - 0xd9, 0x76, 0x09, 0x1e, 0x5a, 0x72, 0x3e, 0xc7, 0x59, 0x2d, 0xff, 0x20, \ - 0x6e, 0xee, 0x7c, 0xf9, 0x06, 0x91, 0x74, 0xd0, 0xad, 0x14, 0xb5, 0xf7, \ - 0x68, 0x22, 0x59, 0x62, 0x92, 0x4e, 0xe5, 0x00, 0xd8, 0x23, 0x11, 0xff, \ - 0xea, 0x2f, 0xd2, 0x34, 0x5d, 0x5d, 0x16, 0xbd, 0x8a, 0x88, 0xc2, 0x6b, \ - 0x77, 0x0d, 0x55, 0xcd, 0x8a, 0x2a, 0x0e, 0xfa, 0x01, 0xc8, 0xb4, 0xed, \ - 0xff \ -} -/* END FILE */ - -/* This is taken from tests/data_files/server2-sha256.crt. */ -/* BEGIN FILE string macro TEST_SRV_CRT_RSA_SHA256_PEM tests/data_files/server2-sha256.crt */ -#define TEST_SRV_CRT_RSA_SHA256_PEM \ - "-----BEGIN CERTIFICATE-----\r\n" \ - "MIIDNzCCAh+gAwIBAgIBAjANBgkqhkiG9w0BAQsFADA7MQswCQYDVQQGEwJOTDER\r\n" \ - "MA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcN\r\n" \ - "MTkwMjEwMTQ0NDA2WhcNMjkwMjEwMTQ0NDA2WjA0MQswCQYDVQQGEwJOTDERMA8G\r\n" \ - "A1UECgwIUG9sYXJTU0wxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcN\r\n" \ - "AQEBBQADggEPADCCAQoCggEBAMFNo93nzR3RBNdJcriZrA545Do8Ss86ExbQWuTN\r\n" \ - "owCIp+4ea5anUrSQ7y1yej4kmvy2NKwk9XfgJmSMnLAofaHa6ozmyRyWvP7BBFKz\r\n" \ - "NtSj+uGxdtiQwWG0ZlI2oiZTqqt0Xgd9GYLbKtgfoNkNHC1JZvdbJXNG6AuKT2kM\r\n" \ - "tQCQ4dqCEGZ9rlQri2V5kaHiYcPNQEkI7mgM8YuG0ka/0LiqEQMef1aoGh5EGA8P\r\n" \ - "hYvai0Re4hjGYi/HZo36Xdh98yeJKQHFkA4/J/EwyEoO79bex8cna8cFPXrEAjya\r\n" \ - "HT4P6DSYW8tzS1KW2BGiLICIaTla0w+w3lkvEcf36hIBMJcCAwEAAaNNMEswCQYD\r\n" \ - "VR0TBAIwADAdBgNVHQ4EFgQUpQXoZLjc32APUBJNYKhkr02LQ5MwHwYDVR0jBBgw\r\n" \ - "FoAUtFrkpbPe0lL2udWmlQ/rPrzH/f8wDQYJKoZIhvcNAQELBQADggEBAC465FJh\r\n" \ - "Pqel7zJngHIHJrqj/wVAxGAFOTF396XKATGAp+HRCqJ81Ry60CNK1jDzk8dv6M6U\r\n" \ - "HoS7RIFiM/9rXQCbJfiPD5xMTejZp5n5UYHAmxsxDaazfA5FuBhkfokKK6jD4Eq9\r\n" \ - "1C94xGKb6X4/VkaPF7cqoBBw/bHxawXc0UEPjqayiBpCYU/rJoVZgLqFVP7Px3sv\r\n" \ - "a1nOrNx8rPPI1hJ+ZOg8maiPTxHZnBVLakSSLQy/sWeWyazO1RnrbxjrbgQtYKz0\r\n" \ - "e3nwGpu1w13vfckFmUSBhHXH7AAS/HpKC4IH7G2GAk3+n8iSSN71sZzpxonQwVbo\r\n" \ - "pMZqLmbBm/7WPLc=\r\n" \ - "-----END CERTIFICATE-----\r\n" -/* END FILE */ - -/* This is taken from tests/data_files/server2-sha256.crt.der. */ -/* BEGIN FILE binary macro TEST_SRV_CRT_RSA_SHA256_DER tests/data_files/server2-sha256.crt.der */ -#define TEST_SRV_CRT_RSA_SHA256_DER { \ - 0x30, 0x82, 0x03, 0x37, 0x30, 0x82, 0x02, 0x1f, 0xa0, 0x03, 0x02, 0x01, \ - 0x02, 0x02, 0x01, 0x02, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, \ - 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x30, 0x3b, 0x31, 0x0b, 0x30, \ - 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x4e, 0x4c, 0x31, 0x11, \ - 0x30, 0x0f, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x08, 0x50, 0x6f, 0x6c, \ - 0x61, 0x72, 0x53, 0x53, 0x4c, 0x31, 0x19, 0x30, 0x17, 0x06, 0x03, 0x55, \ - 0x04, 0x03, 0x0c, 0x10, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, 0x53, 0x4c, \ - 0x20, 0x54, 0x65, 0x73, 0x74, 0x20, 0x43, 0x41, 0x30, 0x1e, 0x17, 0x0d, \ - 0x31, 0x39, 0x30, 0x32, 0x31, 0x30, 0x31, 0x34, 0x34, 0x34, 0x30, 0x36, \ - 0x5a, 0x17, 0x0d, 0x32, 0x39, 0x30, 0x32, 0x31, 0x30, 0x31, 0x34, 0x34, \ - 0x34, 0x30, 0x36, 0x5a, 0x30, 0x34, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, \ - 0x55, 0x04, 0x06, 0x13, 0x02, 0x4e, 0x4c, 0x31, 0x11, 0x30, 0x0f, 0x06, \ - 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x08, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, \ - 0x53, 0x4c, 0x31, 0x12, 0x30, 0x10, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, \ - 0x09, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x68, 0x6f, 0x73, 0x74, 0x30, 0x82, \ - 0x01, 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, \ - 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00, 0x30, 0x82, \ - 0x01, 0x0a, 0x02, 0x82, 0x01, 0x01, 0x00, 0xc1, 0x4d, 0xa3, 0xdd, 0xe7, \ - 0xcd, 0x1d, 0xd1, 0x04, 0xd7, 0x49, 0x72, 0xb8, 0x99, 0xac, 0x0e, 0x78, \ - 0xe4, 0x3a, 0x3c, 0x4a, 0xcf, 0x3a, 0x13, 0x16, 0xd0, 0x5a, 0xe4, 0xcd, \ - 0xa3, 0x00, 0x88, 0xa7, 0xee, 0x1e, 0x6b, 0x96, 0xa7, 0x52, 0xb4, 0x90, \ - 0xef, 0x2d, 0x72, 0x7a, 0x3e, 0x24, 0x9a, 0xfc, 0xb6, 0x34, 0xac, 0x24, \ - 0xf5, 0x77, 0xe0, 0x26, 0x64, 0x8c, 0x9c, 0xb0, 0x28, 0x7d, 0xa1, 0xda, \ - 0xea, 0x8c, 0xe6, 0xc9, 0x1c, 0x96, 0xbc, 0xfe, 0xc1, 0x04, 0x52, 0xb3, \ - 0x36, 0xd4, 0xa3, 0xfa, 0xe1, 0xb1, 0x76, 0xd8, 0x90, 0xc1, 0x61, 0xb4, \ - 0x66, 0x52, 0x36, 0xa2, 0x26, 0x53, 0xaa, 0xab, 0x74, 0x5e, 0x07, 0x7d, \ - 0x19, 0x82, 0xdb, 0x2a, 0xd8, 0x1f, 0xa0, 0xd9, 0x0d, 0x1c, 0x2d, 0x49, \ - 0x66, 0xf7, 0x5b, 0x25, 0x73, 0x46, 0xe8, 0x0b, 0x8a, 0x4f, 0x69, 0x0c, \ - 0xb5, 0x00, 0x90, 0xe1, 0xda, 0x82, 0x10, 0x66, 0x7d, 0xae, 0x54, 0x2b, \ - 0x8b, 0x65, 0x79, 0x91, 0xa1, 0xe2, 0x61, 0xc3, 0xcd, 0x40, 0x49, 0x08, \ - 0xee, 0x68, 0x0c, 0xf1, 0x8b, 0x86, 0xd2, 0x46, 0xbf, 0xd0, 0xb8, 0xaa, \ - 0x11, 0x03, 0x1e, 0x7f, 0x56, 0xa8, 0x1a, 0x1e, 0x44, 0x18, 0x0f, 0x0f, \ - 0x85, 0x8b, 0xda, 0x8b, 0x44, 0x5e, 0xe2, 0x18, 0xc6, 0x62, 0x2f, 0xc7, \ - 0x66, 0x8d, 0xfa, 0x5d, 0xd8, 0x7d, 0xf3, 0x27, 0x89, 0x29, 0x01, 0xc5, \ - 0x90, 0x0e, 0x3f, 0x27, 0xf1, 0x30, 0xc8, 0x4a, 0x0e, 0xef, 0xd6, 0xde, \ - 0xc7, 0xc7, 0x27, 0x6b, 0xc7, 0x05, 0x3d, 0x7a, 0xc4, 0x02, 0x3c, 0x9a, \ - 0x1d, 0x3e, 0x0f, 0xe8, 0x34, 0x98, 0x5b, 0xcb, 0x73, 0x4b, 0x52, 0x96, \ - 0xd8, 0x11, 0xa2, 0x2c, 0x80, 0x88, 0x69, 0x39, 0x5a, 0xd3, 0x0f, 0xb0, \ - 0xde, 0x59, 0x2f, 0x11, 0xc7, 0xf7, 0xea, 0x12, 0x01, 0x30, 0x97, 0x02, \ - 0x03, 0x01, 0x00, 0x01, 0xa3, 0x4d, 0x30, 0x4b, 0x30, 0x09, 0x06, 0x03, \ - 0x55, 0x1d, 0x13, 0x04, 0x02, 0x30, 0x00, 0x30, 0x1d, 0x06, 0x03, 0x55, \ - 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0xa5, 0x05, 0xe8, 0x64, 0xb8, 0xdc, \ - 0xdf, 0x60, 0x0f, 0x50, 0x12, 0x4d, 0x60, 0xa8, 0x64, 0xaf, 0x4d, 0x8b, \ - 0x43, 0x93, 0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x18, 0x30, \ - 0x16, 0x80, 0x14, 0xb4, 0x5a, 0xe4, 0xa5, 0xb3, 0xde, 0xd2, 0x52, 0xf6, \ - 0xb9, 0xd5, 0xa6, 0x95, 0x0f, 0xeb, 0x3e, 0xbc, 0xc7, 0xfd, 0xff, 0x30, \ - 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, \ - 0x05, 0x00, 0x03, 0x82, 0x01, 0x01, 0x00, 0x2e, 0x3a, 0xe4, 0x52, 0x61, \ - 0x3e, 0xa7, 0xa5, 0xef, 0x32, 0x67, 0x80, 0x72, 0x07, 0x26, 0xba, 0xa3, \ - 0xff, 0x05, 0x40, 0xc4, 0x60, 0x05, 0x39, 0x31, 0x77, 0xf7, 0xa5, 0xca, \ - 0x01, 0x31, 0x80, 0xa7, 0xe1, 0xd1, 0x0a, 0xa2, 0x7c, 0xd5, 0x1c, 0xba, \ - 0xd0, 0x23, 0x4a, 0xd6, 0x30, 0xf3, 0x93, 0xc7, 0x6f, 0xe8, 0xce, 0x94, \ - 0x1e, 0x84, 0xbb, 0x44, 0x81, 0x62, 0x33, 0xff, 0x6b, 0x5d, 0x00, 0x9b, \ - 0x25, 0xf8, 0x8f, 0x0f, 0x9c, 0x4c, 0x4d, 0xe8, 0xd9, 0xa7, 0x99, 0xf9, \ - 0x51, 0x81, 0xc0, 0x9b, 0x1b, 0x31, 0x0d, 0xa6, 0xb3, 0x7c, 0x0e, 0x45, \ - 0xb8, 0x18, 0x64, 0x7e, 0x89, 0x0a, 0x2b, 0xa8, 0xc3, 0xe0, 0x4a, 0xbd, \ - 0xd4, 0x2f, 0x78, 0xc4, 0x62, 0x9b, 0xe9, 0x7e, 0x3f, 0x56, 0x46, 0x8f, \ - 0x17, 0xb7, 0x2a, 0xa0, 0x10, 0x70, 0xfd, 0xb1, 0xf1, 0x6b, 0x05, 0xdc, \ - 0xd1, 0x41, 0x0f, 0x8e, 0xa6, 0xb2, 0x88, 0x1a, 0x42, 0x61, 0x4f, 0xeb, \ - 0x26, 0x85, 0x59, 0x80, 0xba, 0x85, 0x54, 0xfe, 0xcf, 0xc7, 0x7b, 0x2f, \ - 0x6b, 0x59, 0xce, 0xac, 0xdc, 0x7c, 0xac, 0xf3, 0xc8, 0xd6, 0x12, 0x7e, \ - 0x64, 0xe8, 0x3c, 0x99, 0xa8, 0x8f, 0x4f, 0x11, 0xd9, 0x9c, 0x15, 0x4b, \ - 0x6a, 0x44, 0x92, 0x2d, 0x0c, 0xbf, 0xb1, 0x67, 0x96, 0xc9, 0xac, 0xce, \ - 0xd5, 0x19, 0xeb, 0x6f, 0x18, 0xeb, 0x6e, 0x04, 0x2d, 0x60, 0xac, 0xf4, \ - 0x7b, 0x79, 0xf0, 0x1a, 0x9b, 0xb5, 0xc3, 0x5d, 0xef, 0x7d, 0xc9, 0x05, \ - 0x99, 0x44, 0x81, 0x84, 0x75, 0xc7, 0xec, 0x00, 0x12, 0xfc, 0x7a, 0x4a, \ - 0x0b, 0x82, 0x07, 0xec, 0x6d, 0x86, 0x02, 0x4d, 0xfe, 0x9f, 0xc8, 0x92, \ - 0x48, 0xde, 0xf5, 0xb1, 0x9c, 0xe9, 0xc6, 0x89, 0xd0, 0xc1, 0x56, 0xe8, \ - 0xa4, 0xc6, 0x6a, 0x2e, 0x66, 0xc1, 0x9b, 0xfe, 0xd6, 0x3c, 0xb7 \ -} -/* END FILE */ - -/* This is taken from tests/data_files/server2.crt. */ -/* BEGIN FILE string macro TEST_SRV_CRT_RSA_SHA1_PEM tests/data_files/server2.crt */ -#define TEST_SRV_CRT_RSA_SHA1_PEM \ -"-----BEGIN CERTIFICATE-----\r\n" \ -"MIIDNzCCAh+gAwIBAgIBAjANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDER\r\n" \ -"MA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcN\r\n" \ -"MTkwMjEwMTQ0NDA2WhcNMjkwMjEwMTQ0NDA2WjA0MQswCQYDVQQGEwJOTDERMA8G\r\n" \ -"A1UECgwIUG9sYXJTU0wxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcN\r\n" \ -"AQEBBQADggEPADCCAQoCggEBAMFNo93nzR3RBNdJcriZrA545Do8Ss86ExbQWuTN\r\n" \ -"owCIp+4ea5anUrSQ7y1yej4kmvy2NKwk9XfgJmSMnLAofaHa6ozmyRyWvP7BBFKz\r\n" \ -"NtSj+uGxdtiQwWG0ZlI2oiZTqqt0Xgd9GYLbKtgfoNkNHC1JZvdbJXNG6AuKT2kM\r\n" \ -"tQCQ4dqCEGZ9rlQri2V5kaHiYcPNQEkI7mgM8YuG0ka/0LiqEQMef1aoGh5EGA8P\r\n" \ -"hYvai0Re4hjGYi/HZo36Xdh98yeJKQHFkA4/J/EwyEoO79bex8cna8cFPXrEAjya\r\n" \ -"HT4P6DSYW8tzS1KW2BGiLICIaTla0w+w3lkvEcf36hIBMJcCAwEAAaNNMEswCQYD\r\n" \ -"VR0TBAIwADAdBgNVHQ4EFgQUpQXoZLjc32APUBJNYKhkr02LQ5MwHwYDVR0jBBgw\r\n" \ -"FoAUtFrkpbPe0lL2udWmlQ/rPrzH/f8wDQYJKoZIhvcNAQEFBQADggEBAJklg3Q4\r\n" \ -"cB7v7BzsxM/vLyKccO6op0/gZzM4ghuLq2Y32kl0sM6kSNUUmduuq3u/+GmUZN2A\r\n" \ -"O/7c+Hw7hDFEIvZk98aBGjCLqn3DmgHIv8ToQ67nellQxx2Uj309PdgjNi/r9HOc\r\n" \ -"KNAYPbBcg6MJGWWj2TI6vNaceios/DhOYx5V0j5nfqSJ/pnU0g9Ign2LAhgYpGJE\r\n" \ -"iEM9wW7hEMkwmk0h/sqZsrJsGH5YsF/VThSq/JVO1e2mZH2vruyZKJVBq+8tDNYp\r\n" \ -"HkK6tSyVYQhzIt3StMJWKMl/o5k2AYz6tSC164+1oG+ML3LWg8XrGKa91H4UOKap\r\n" \ -"Awgk0+4m0T25cNs=\r\n" \ -"-----END CERTIFICATE-----\r\n" -/* END FILE */ - -/* This is taken from tests/data_files/server2.crt.der. */ -/* BEGIN FILE binary macro TEST_SRV_CRT_RSA_SHA1_DER tests/data_files/server2.crt.der */ -#define TEST_SRV_CRT_RSA_SHA1_DER { \ - 0x30, 0x82, 0x03, 0x37, 0x30, 0x82, 0x02, 0x1f, 0xa0, 0x03, 0x02, 0x01, \ - 0x02, 0x02, 0x01, 0x02, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, \ - 0xf7, 0x0d, 0x01, 0x01, 0x05, 0x05, 0x00, 0x30, 0x3b, 0x31, 0x0b, 0x30, \ - 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x4e, 0x4c, 0x31, 0x11, \ - 0x30, 0x0f, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x08, 0x50, 0x6f, 0x6c, \ - 0x61, 0x72, 0x53, 0x53, 0x4c, 0x31, 0x19, 0x30, 0x17, 0x06, 0x03, 0x55, \ - 0x04, 0x03, 0x0c, 0x10, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, 0x53, 0x4c, \ - 0x20, 0x54, 0x65, 0x73, 0x74, 0x20, 0x43, 0x41, 0x30, 0x1e, 0x17, 0x0d, \ - 0x31, 0x31, 0x30, 0x32, 0x31, 0x32, 0x31, 0x34, 0x34, 0x34, 0x30, 0x36, \ - 0x5a, 0x17, 0x0d, 0x32, 0x31, 0x30, 0x32, 0x31, 0x32, 0x31, 0x34, 0x34, \ - 0x34, 0x30, 0x36, 0x5a, 0x30, 0x34, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, \ - 0x55, 0x04, 0x06, 0x13, 0x02, 0x4e, 0x4c, 0x31, 0x11, 0x30, 0x0f, 0x06, \ - 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x08, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, \ - 0x53, 0x4c, 0x31, 0x12, 0x30, 0x10, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, \ - 0x09, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x68, 0x6f, 0x73, 0x74, 0x30, 0x82, \ - 0x01, 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, \ - 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00, 0x30, 0x82, \ - 0x01, 0x0a, 0x02, 0x82, 0x01, 0x01, 0x00, 0xc1, 0x4d, 0xa3, 0xdd, 0xe7, \ - 0xcd, 0x1d, 0xd1, 0x04, 0xd7, 0x49, 0x72, 0xb8, 0x99, 0xac, 0x0e, 0x78, \ - 0xe4, 0x3a, 0x3c, 0x4a, 0xcf, 0x3a, 0x13, 0x16, 0xd0, 0x5a, 0xe4, 0xcd, \ - 0xa3, 0x00, 0x88, 0xa7, 0xee, 0x1e, 0x6b, 0x96, 0xa7, 0x52, 0xb4, 0x90, \ - 0xef, 0x2d, 0x72, 0x7a, 0x3e, 0x24, 0x9a, 0xfc, 0xb6, 0x34, 0xac, 0x24, \ - 0xf5, 0x77, 0xe0, 0x26, 0x64, 0x8c, 0x9c, 0xb0, 0x28, 0x7d, 0xa1, 0xda, \ - 0xea, 0x8c, 0xe6, 0xc9, 0x1c, 0x96, 0xbc, 0xfe, 0xc1, 0x04, 0x52, 0xb3, \ - 0x36, 0xd4, 0xa3, 0xfa, 0xe1, 0xb1, 0x76, 0xd8, 0x90, 0xc1, 0x61, 0xb4, \ - 0x66, 0x52, 0x36, 0xa2, 0x26, 0x53, 0xaa, 0xab, 0x74, 0x5e, 0x07, 0x7d, \ - 0x19, 0x82, 0xdb, 0x2a, 0xd8, 0x1f, 0xa0, 0xd9, 0x0d, 0x1c, 0x2d, 0x49, \ - 0x66, 0xf7, 0x5b, 0x25, 0x73, 0x46, 0xe8, 0x0b, 0x8a, 0x4f, 0x69, 0x0c, \ - 0xb5, 0x00, 0x90, 0xe1, 0xda, 0x82, 0x10, 0x66, 0x7d, 0xae, 0x54, 0x2b, \ - 0x8b, 0x65, 0x79, 0x91, 0xa1, 0xe2, 0x61, 0xc3, 0xcd, 0x40, 0x49, 0x08, \ - 0xee, 0x68, 0x0c, 0xf1, 0x8b, 0x86, 0xd2, 0x46, 0xbf, 0xd0, 0xb8, 0xaa, \ - 0x11, 0x03, 0x1e, 0x7f, 0x56, 0xa8, 0x1a, 0x1e, 0x44, 0x18, 0x0f, 0x0f, \ - 0x85, 0x8b, 0xda, 0x8b, 0x44, 0x5e, 0xe2, 0x18, 0xc6, 0x62, 0x2f, 0xc7, \ - 0x66, 0x8d, 0xfa, 0x5d, 0xd8, 0x7d, 0xf3, 0x27, 0x89, 0x29, 0x01, 0xc5, \ - 0x90, 0x0e, 0x3f, 0x27, 0xf1, 0x30, 0xc8, 0x4a, 0x0e, 0xef, 0xd6, 0xde, \ - 0xc7, 0xc7, 0x27, 0x6b, 0xc7, 0x05, 0x3d, 0x7a, 0xc4, 0x02, 0x3c, 0x9a, \ - 0x1d, 0x3e, 0x0f, 0xe8, 0x34, 0x98, 0x5b, 0xcb, 0x73, 0x4b, 0x52, 0x96, \ - 0xd8, 0x11, 0xa2, 0x2c, 0x80, 0x88, 0x69, 0x39, 0x5a, 0xd3, 0x0f, 0xb0, \ - 0xde, 0x59, 0x2f, 0x11, 0xc7, 0xf7, 0xea, 0x12, 0x01, 0x30, 0x97, 0x02, \ - 0x03, 0x01, 0x00, 0x01, 0xa3, 0x4d, 0x30, 0x4b, 0x30, 0x09, 0x06, 0x03, \ - 0x55, 0x1d, 0x13, 0x04, 0x02, 0x30, 0x00, 0x30, 0x1d, 0x06, 0x03, 0x55, \ - 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0xa5, 0x05, 0xe8, 0x64, 0xb8, 0xdc, \ - 0xdf, 0x60, 0x0f, 0x50, 0x12, 0x4d, 0x60, 0xa8, 0x64, 0xaf, 0x4d, 0x8b, \ - 0x43, 0x93, 0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x18, 0x30, \ - 0x16, 0x80, 0x14, 0xb4, 0x5a, 0xe4, 0xa5, 0xb3, 0xde, 0xd2, 0x52, 0xf6, \ - 0xb9, 0xd5, 0xa6, 0x95, 0x0f, 0xeb, 0x3e, 0xbc, 0xc7, 0xfd, 0xff, 0x30, \ - 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x05, \ - 0x05, 0x00, 0x03, 0x82, 0x01, 0x01, 0x00, 0x01, 0x73, 0x0b, 0x4a, 0xc5, \ - 0xcb, 0xa0, 0xde, 0xf1, 0x63, 0x1c, 0x76, 0x04, 0x2b, 0x13, 0x0d, 0xc0, \ - 0x84, 0x11, 0xc5, 0x8f, 0x3a, 0xa7, 0xc5, 0x9c, 0x35, 0x7a, 0x77, 0xb8, \ - 0x20, 0x14, 0x82, 0xee, 0x54, 0xf0, 0xf2, 0xb0, 0x52, 0xcb, 0x78, 0xce, \ - 0x59, 0x07, 0x4f, 0x51, 0x69, 0xfe, 0xd3, 0x2f, 0xe9, 0x09, 0xe7, 0x85, \ - 0x92, 0xd8, 0xba, 0xb1, 0xeb, 0xc5, 0x76, 0x5d, 0x61, 0x2d, 0xe9, 0x86, \ - 0xb5, 0xde, 0x2a, 0xf9, 0x3f, 0x53, 0x28, 0x42, 0x86, 0x83, 0x73, 0x43, \ - 0xe0, 0x04, 0x5f, 0x07, 0x90, 0x14, 0x65, 0x9f, 0x6e, 0x10, 0x7a, 0xbc, \ - 0x58, 0x19, 0x22, 0xc2, 0xeb, 0x39, 0x72, 0x51, 0x92, 0xd7, 0xb4, 0x1d, \ - 0x75, 0x2f, 0xd3, 0x3a, 0x2b, 0x01, 0xe7, 0xdb, 0x50, 0xae, 0xe2, 0xf1, \ - 0xd4, 0x4d, 0x5b, 0x3c, 0xbb, 0x41, 0x2b, 0x2a, 0xa4, 0xe2, 0x4a, 0x02, \ - 0xe5, 0x60, 0x14, 0x2c, 0x9c, 0x1f, 0xa6, 0xcc, 0x06, 0x4b, 0x25, 0x89, \ - 0x4e, 0x96, 0x30, 0x22, 0x9c, 0x5c, 0x58, 0x4d, 0xc3, 0xda, 0xd0, 0x6e, \ - 0x50, 0x1e, 0x8c, 0x65, 0xf5, 0xd9, 0x17, 0x35, 0xa6, 0x58, 0x43, 0xb2, \ - 0x29, 0xb7, 0xa8, 0x5e, 0x35, 0xde, 0xf0, 0x60, 0x42, 0x1a, 0x01, 0xcb, \ - 0xcb, 0x0b, 0xd8, 0x0e, 0xc1, 0x90, 0xdf, 0xa1, 0xd2, 0x1a, 0xd1, 0x2c, \ - 0x02, 0xf4, 0x76, 0x41, 0xa4, 0xcb, 0x4b, 0x15, 0x98, 0x71, 0xf9, 0x35, \ - 0x7d, 0xb0, 0xe7, 0xe2, 0x34, 0x96, 0x91, 0xbe, 0x32, 0x67, 0x2d, 0x6b, \ - 0xd3, 0x55, 0x04, 0x8a, 0x01, 0x50, 0xb4, 0xe3, 0x62, 0x78, 0x6c, 0x11, \ - 0x15, 0xa5, 0x2a, 0x11, 0xc1, 0x49, 0x1c, 0x9b, 0xc4, 0x10, 0x65, 0x60, \ - 0x87, 0xd9, 0x1e, 0x69, 0x59, 0x4e, 0x8f, 0x6b, 0xeb, 0xc1, 0xfe, 0x6b, \ - 0xe2, 0x63, 0x78, 0x95, 0x6e, 0xe0, 0x2d, 0xd7, 0xa7, 0x37, 0xa8 \ -} -/* END FILE */ - -/* This is taken from tests/data_files/server2.key. */ -/* BEGIN FILE string macro TEST_SRV_KEY_RSA_PEM tests/data_files/server2.key */ -#define TEST_SRV_KEY_RSA_PEM \ - "-----BEGIN RSA PRIVATE KEY-----\r\n" \ - "MIIEpAIBAAKCAQEAwU2j3efNHdEE10lyuJmsDnjkOjxKzzoTFtBa5M2jAIin7h5r\r\n" \ - "lqdStJDvLXJ6PiSa/LY0rCT1d+AmZIycsCh9odrqjObJHJa8/sEEUrM21KP64bF2\r\n" \ - "2JDBYbRmUjaiJlOqq3ReB30Zgtsq2B+g2Q0cLUlm91slc0boC4pPaQy1AJDh2oIQ\r\n" \ - "Zn2uVCuLZXmRoeJhw81ASQjuaAzxi4bSRr/QuKoRAx5/VqgaHkQYDw+Fi9qLRF7i\r\n" \ - "GMZiL8dmjfpd2H3zJ4kpAcWQDj8n8TDISg7v1t7HxydrxwU9esQCPJodPg/oNJhb\r\n" \ - "y3NLUpbYEaIsgIhpOVrTD7DeWS8Rx/fqEgEwlwIDAQABAoIBAQCXR0S8EIHFGORZ\r\n" \ - "++AtOg6eENxD+xVs0f1IeGz57Tjo3QnXX7VBZNdj+p1ECvhCE/G7XnkgU5hLZX+G\r\n" \ - "Z0jkz/tqJOI0vRSdLBbipHnWouyBQ4e/A1yIJdlBtqXxJ1KE/ituHRbNc4j4kL8Z\r\n" \ - "/r6pvwnTI0PSx2Eqs048YdS92LT6qAv4flbNDxMn2uY7s4ycS4Q8w1JXnCeaAnYm\r\n" \ - "WYI5wxO+bvRELR2Mcz5DmVnL8jRyml6l6582bSv5oufReFIbyPZbQWlXgYnpu6He\r\n" \ - "GTc7E1zKYQGG/9+DQUl/1vQuCPqQwny0tQoX2w5tdYpdMdVm+zkLtbajzdTviJJa\r\n" \ - "TWzL6lt5AoGBAN86+SVeJDcmQJcv4Eq6UhtRr4QGMiQMz0Sod6ettYxYzMgxtw28\r\n" \ - "CIrgpozCc+UaZJLo7UxvC6an85r1b2nKPCLQFaggJ0H4Q0J/sZOhBIXaoBzWxveK\r\n" \ - "nupceKdVxGsFi8CDy86DBfiyFivfBj+47BbaQzPBj7C4rK7UlLjab2rDAoGBAN2u\r\n" \ - "AM2gchoFiu4v1HFL8D7lweEpi6ZnMJjnEu/dEgGQJFjwdpLnPbsj4c75odQ4Gz8g\r\n" \ - "sw9lao9VVzbusoRE/JGI4aTdO0pATXyG7eG1Qu+5Yc1YGXcCrliA2xM9xx+d7f+s\r\n" \ - "mPzN+WIEg5GJDYZDjAzHG5BNvi/FfM1C9dOtjv2dAoGAF0t5KmwbjWHBhcVqO4Ic\r\n" \ - "BVvN3BIlc1ue2YRXEDlxY5b0r8N4XceMgKmW18OHApZxfl8uPDauWZLXOgl4uepv\r\n" \ - "whZC3EuWrSyyICNhLY21Ah7hbIEBPF3L3ZsOwC+UErL+dXWLdB56Jgy3gZaBeW7b\r\n" \ - "vDrEnocJbqCm7IukhXHOBK8CgYEAwqdHB0hqyNSzIOGY7v9abzB6pUdA3BZiQvEs\r\n" \ - "3LjHVd4HPJ2x0N8CgrBIWOE0q8+0hSMmeE96WW/7jD3fPWwCR5zlXknxBQsfv0gP\r\n" \ - "3BC5PR0Qdypz+d+9zfMf625kyit4T/hzwhDveZUzHnk1Cf+IG7Q+TOEnLnWAWBED\r\n" \ - "ISOWmrUCgYAFEmRxgwAc/u+D6t0syCwAYh6POtscq9Y0i9GyWk89NzgC4NdwwbBH\r\n" \ - "4AgahOxIxXx2gxJnq3yfkJfIjwf0s2DyP0kY2y6Ua1OeomPeY9mrIS4tCuDQ6LrE\r\n" \ - "TB6l9VGoxJL4fyHnZb8L5gGvnB1bbD8cL6YPaDiOhcRseC9vBiEuVg==\r\n" \ - "-----END RSA PRIVATE KEY-----\r\n" -/* END FILE */ - -/* This was generated from tests/data_files/server2.key.der using `xxd -i`. */ -/* BEGIN FILE binary macro TEST_SRV_KEY_RSA_DER tests/data_files/server2.key.der */ -#define TEST_SRV_KEY_RSA_DER { \ - 0x30, 0x82, 0x04, 0xa4, 0x02, 0x01, 0x00, 0x02, 0x82, 0x01, 0x01, 0x00, \ - 0xc1, 0x4d, 0xa3, 0xdd, 0xe7, 0xcd, 0x1d, 0xd1, 0x04, 0xd7, 0x49, 0x72, \ - 0xb8, 0x99, 0xac, 0x0e, 0x78, 0xe4, 0x3a, 0x3c, 0x4a, 0xcf, 0x3a, 0x13, \ - 0x16, 0xd0, 0x5a, 0xe4, 0xcd, 0xa3, 0x00, 0x88, 0xa7, 0xee, 0x1e, 0x6b, \ - 0x96, 0xa7, 0x52, 0xb4, 0x90, 0xef, 0x2d, 0x72, 0x7a, 0x3e, 0x24, 0x9a, \ - 0xfc, 0xb6, 0x34, 0xac, 0x24, 0xf5, 0x77, 0xe0, 0x26, 0x64, 0x8c, 0x9c, \ - 0xb0, 0x28, 0x7d, 0xa1, 0xda, 0xea, 0x8c, 0xe6, 0xc9, 0x1c, 0x96, 0xbc, \ - 0xfe, 0xc1, 0x04, 0x52, 0xb3, 0x36, 0xd4, 0xa3, 0xfa, 0xe1, 0xb1, 0x76, \ - 0xd8, 0x90, 0xc1, 0x61, 0xb4, 0x66, 0x52, 0x36, 0xa2, 0x26, 0x53, 0xaa, \ - 0xab, 0x74, 0x5e, 0x07, 0x7d, 0x19, 0x82, 0xdb, 0x2a, 0xd8, 0x1f, 0xa0, \ - 0xd9, 0x0d, 0x1c, 0x2d, 0x49, 0x66, 0xf7, 0x5b, 0x25, 0x73, 0x46, 0xe8, \ - 0x0b, 0x8a, 0x4f, 0x69, 0x0c, 0xb5, 0x00, 0x90, 0xe1, 0xda, 0x82, 0x10, \ - 0x66, 0x7d, 0xae, 0x54, 0x2b, 0x8b, 0x65, 0x79, 0x91, 0xa1, 0xe2, 0x61, \ - 0xc3, 0xcd, 0x40, 0x49, 0x08, 0xee, 0x68, 0x0c, 0xf1, 0x8b, 0x86, 0xd2, \ - 0x46, 0xbf, 0xd0, 0xb8, 0xaa, 0x11, 0x03, 0x1e, 0x7f, 0x56, 0xa8, 0x1a, \ - 0x1e, 0x44, 0x18, 0x0f, 0x0f, 0x85, 0x8b, 0xda, 0x8b, 0x44, 0x5e, 0xe2, \ - 0x18, 0xc6, 0x62, 0x2f, 0xc7, 0x66, 0x8d, 0xfa, 0x5d, 0xd8, 0x7d, 0xf3, \ - 0x27, 0x89, 0x29, 0x01, 0xc5, 0x90, 0x0e, 0x3f, 0x27, 0xf1, 0x30, 0xc8, \ - 0x4a, 0x0e, 0xef, 0xd6, 0xde, 0xc7, 0xc7, 0x27, 0x6b, 0xc7, 0x05, 0x3d, \ - 0x7a, 0xc4, 0x02, 0x3c, 0x9a, 0x1d, 0x3e, 0x0f, 0xe8, 0x34, 0x98, 0x5b, \ - 0xcb, 0x73, 0x4b, 0x52, 0x96, 0xd8, 0x11, 0xa2, 0x2c, 0x80, 0x88, 0x69, \ - 0x39, 0x5a, 0xd3, 0x0f, 0xb0, 0xde, 0x59, 0x2f, 0x11, 0xc7, 0xf7, 0xea, \ - 0x12, 0x01, 0x30, 0x97, 0x02, 0x03, 0x01, 0x00, 0x01, 0x02, 0x82, 0x01, \ - 0x01, 0x00, 0x97, 0x47, 0x44, 0xbc, 0x10, 0x81, 0xc5, 0x18, 0xe4, 0x59, \ - 0xfb, 0xe0, 0x2d, 0x3a, 0x0e, 0x9e, 0x10, 0xdc, 0x43, 0xfb, 0x15, 0x6c, \ - 0xd1, 0xfd, 0x48, 0x78, 0x6c, 0xf9, 0xed, 0x38, 0xe8, 0xdd, 0x09, 0xd7, \ - 0x5f, 0xb5, 0x41, 0x64, 0xd7, 0x63, 0xfa, 0x9d, 0x44, 0x0a, 0xf8, 0x42, \ - 0x13, 0xf1, 0xbb, 0x5e, 0x79, 0x20, 0x53, 0x98, 0x4b, 0x65, 0x7f, 0x86, \ - 0x67, 0x48, 0xe4, 0xcf, 0xfb, 0x6a, 0x24, 0xe2, 0x34, 0xbd, 0x14, 0x9d, \ - 0x2c, 0x16, 0xe2, 0xa4, 0x79, 0xd6, 0xa2, 0xec, 0x81, 0x43, 0x87, 0xbf, \ - 0x03, 0x5c, 0x88, 0x25, 0xd9, 0x41, 0xb6, 0xa5, 0xf1, 0x27, 0x52, 0x84, \ - 0xfe, 0x2b, 0x6e, 0x1d, 0x16, 0xcd, 0x73, 0x88, 0xf8, 0x90, 0xbf, 0x19, \ - 0xfe, 0xbe, 0xa9, 0xbf, 0x09, 0xd3, 0x23, 0x43, 0xd2, 0xc7, 0x61, 0x2a, \ - 0xb3, 0x4e, 0x3c, 0x61, 0xd4, 0xbd, 0xd8, 0xb4, 0xfa, 0xa8, 0x0b, 0xf8, \ - 0x7e, 0x56, 0xcd, 0x0f, 0x13, 0x27, 0xda, 0xe6, 0x3b, 0xb3, 0x8c, 0x9c, \ - 0x4b, 0x84, 0x3c, 0xc3, 0x52, 0x57, 0x9c, 0x27, 0x9a, 0x02, 0x76, 0x26, \ - 0x59, 0x82, 0x39, 0xc3, 0x13, 0xbe, 0x6e, 0xf4, 0x44, 0x2d, 0x1d, 0x8c, \ - 0x73, 0x3e, 0x43, 0x99, 0x59, 0xcb, 0xf2, 0x34, 0x72, 0x9a, 0x5e, 0xa5, \ - 0xeb, 0x9f, 0x36, 0x6d, 0x2b, 0xf9, 0xa2, 0xe7, 0xd1, 0x78, 0x52, 0x1b, \ - 0xc8, 0xf6, 0x5b, 0x41, 0x69, 0x57, 0x81, 0x89, 0xe9, 0xbb, 0xa1, 0xde, \ - 0x19, 0x37, 0x3b, 0x13, 0x5c, 0xca, 0x61, 0x01, 0x86, 0xff, 0xdf, 0x83, \ - 0x41, 0x49, 0x7f, 0xd6, 0xf4, 0x2e, 0x08, 0xfa, 0x90, 0xc2, 0x7c, 0xb4, \ - 0xb5, 0x0a, 0x17, 0xdb, 0x0e, 0x6d, 0x75, 0x8a, 0x5d, 0x31, 0xd5, 0x66, \ - 0xfb, 0x39, 0x0b, 0xb5, 0xb6, 0xa3, 0xcd, 0xd4, 0xef, 0x88, 0x92, 0x5a, \ - 0x4d, 0x6c, 0xcb, 0xea, 0x5b, 0x79, 0x02, 0x81, 0x81, 0x00, 0xdf, 0x3a, \ - 0xf9, 0x25, 0x5e, 0x24, 0x37, 0x26, 0x40, 0x97, 0x2f, 0xe0, 0x4a, 0xba, \ - 0x52, 0x1b, 0x51, 0xaf, 0x84, 0x06, 0x32, 0x24, 0x0c, 0xcf, 0x44, 0xa8, \ - 0x77, 0xa7, 0xad, 0xb5, 0x8c, 0x58, 0xcc, 0xc8, 0x31, 0xb7, 0x0d, 0xbc, \ - 0x08, 0x8a, 0xe0, 0xa6, 0x8c, 0xc2, 0x73, 0xe5, 0x1a, 0x64, 0x92, 0xe8, \ - 0xed, 0x4c, 0x6f, 0x0b, 0xa6, 0xa7, 0xf3, 0x9a, 0xf5, 0x6f, 0x69, 0xca, \ - 0x3c, 0x22, 0xd0, 0x15, 0xa8, 0x20, 0x27, 0x41, 0xf8, 0x43, 0x42, 0x7f, \ - 0xb1, 0x93, 0xa1, 0x04, 0x85, 0xda, 0xa0, 0x1c, 0xd6, 0xc6, 0xf7, 0x8a, \ - 0x9e, 0xea, 0x5c, 0x78, 0xa7, 0x55, 0xc4, 0x6b, 0x05, 0x8b, 0xc0, 0x83, \ - 0xcb, 0xce, 0x83, 0x05, 0xf8, 0xb2, 0x16, 0x2b, 0xdf, 0x06, 0x3f, 0xb8, \ - 0xec, 0x16, 0xda, 0x43, 0x33, 0xc1, 0x8f, 0xb0, 0xb8, 0xac, 0xae, 0xd4, \ - 0x94, 0xb8, 0xda, 0x6f, 0x6a, 0xc3, 0x02, 0x81, 0x81, 0x00, 0xdd, 0xae, \ - 0x00, 0xcd, 0xa0, 0x72, 0x1a, 0x05, 0x8a, 0xee, 0x2f, 0xd4, 0x71, 0x4b, \ - 0xf0, 0x3e, 0xe5, 0xc1, 0xe1, 0x29, 0x8b, 0xa6, 0x67, 0x30, 0x98, 0xe7, \ - 0x12, 0xef, 0xdd, 0x12, 0x01, 0x90, 0x24, 0x58, 0xf0, 0x76, 0x92, 0xe7, \ - 0x3d, 0xbb, 0x23, 0xe1, 0xce, 0xf9, 0xa1, 0xd4, 0x38, 0x1b, 0x3f, 0x20, \ - 0xb3, 0x0f, 0x65, 0x6a, 0x8f, 0x55, 0x57, 0x36, 0xee, 0xb2, 0x84, 0x44, \ - 0xfc, 0x91, 0x88, 0xe1, 0xa4, 0xdd, 0x3b, 0x4a, 0x40, 0x4d, 0x7c, 0x86, \ - 0xed, 0xe1, 0xb5, 0x42, 0xef, 0xb9, 0x61, 0xcd, 0x58, 0x19, 0x77, 0x02, \ - 0xae, 0x58, 0x80, 0xdb, 0x13, 0x3d, 0xc7, 0x1f, 0x9d, 0xed, 0xff, 0xac, \ - 0x98, 0xfc, 0xcd, 0xf9, 0x62, 0x04, 0x83, 0x91, 0x89, 0x0d, 0x86, 0x43, \ - 0x8c, 0x0c, 0xc7, 0x1b, 0x90, 0x4d, 0xbe, 0x2f, 0xc5, 0x7c, 0xcd, 0x42, \ - 0xf5, 0xd3, 0xad, 0x8e, 0xfd, 0x9d, 0x02, 0x81, 0x80, 0x17, 0x4b, 0x79, \ - 0x2a, 0x6c, 0x1b, 0x8d, 0x61, 0xc1, 0x85, 0xc5, 0x6a, 0x3b, 0x82, 0x1c, \ - 0x05, 0x5b, 0xcd, 0xdc, 0x12, 0x25, 0x73, 0x5b, 0x9e, 0xd9, 0x84, 0x57, \ - 0x10, 0x39, 0x71, 0x63, 0x96, 0xf4, 0xaf, 0xc3, 0x78, 0x5d, 0xc7, 0x8c, \ - 0x80, 0xa9, 0x96, 0xd7, 0xc3, 0x87, 0x02, 0x96, 0x71, 0x7e, 0x5f, 0x2e, \ - 0x3c, 0x36, 0xae, 0x59, 0x92, 0xd7, 0x3a, 0x09, 0x78, 0xb9, 0xea, 0x6f, \ - 0xc2, 0x16, 0x42, 0xdc, 0x4b, 0x96, 0xad, 0x2c, 0xb2, 0x20, 0x23, 0x61, \ - 0x2d, 0x8d, 0xb5, 0x02, 0x1e, 0xe1, 0x6c, 0x81, 0x01, 0x3c, 0x5d, 0xcb, \ - 0xdd, 0x9b, 0x0e, 0xc0, 0x2f, 0x94, 0x12, 0xb2, 0xfe, 0x75, 0x75, 0x8b, \ - 0x74, 0x1e, 0x7a, 0x26, 0x0c, 0xb7, 0x81, 0x96, 0x81, 0x79, 0x6e, 0xdb, \ - 0xbc, 0x3a, 0xc4, 0x9e, 0x87, 0x09, 0x6e, 0xa0, 0xa6, 0xec, 0x8b, 0xa4, \ - 0x85, 0x71, 0xce, 0x04, 0xaf, 0x02, 0x81, 0x81, 0x00, 0xc2, 0xa7, 0x47, \ - 0x07, 0x48, 0x6a, 0xc8, 0xd4, 0xb3, 0x20, 0xe1, 0x98, 0xee, 0xff, 0x5a, \ - 0x6f, 0x30, 0x7a, 0xa5, 0x47, 0x40, 0xdc, 0x16, 0x62, 0x42, 0xf1, 0x2c, \ - 0xdc, 0xb8, 0xc7, 0x55, 0xde, 0x07, 0x3c, 0x9d, 0xb1, 0xd0, 0xdf, 0x02, \ - 0x82, 0xb0, 0x48, 0x58, 0xe1, 0x34, 0xab, 0xcf, 0xb4, 0x85, 0x23, 0x26, \ - 0x78, 0x4f, 0x7a, 0x59, 0x6f, 0xfb, 0x8c, 0x3d, 0xdf, 0x3d, 0x6c, 0x02, \ - 0x47, 0x9c, 0xe5, 0x5e, 0x49, 0xf1, 0x05, 0x0b, 0x1f, 0xbf, 0x48, 0x0f, \ - 0xdc, 0x10, 0xb9, 0x3d, 0x1d, 0x10, 0x77, 0x2a, 0x73, 0xf9, 0xdf, 0xbd, \ - 0xcd, 0xf3, 0x1f, 0xeb, 0x6e, 0x64, 0xca, 0x2b, 0x78, 0x4f, 0xf8, 0x73, \ - 0xc2, 0x10, 0xef, 0x79, 0x95, 0x33, 0x1e, 0x79, 0x35, 0x09, 0xff, 0x88, \ - 0x1b, 0xb4, 0x3e, 0x4c, 0xe1, 0x27, 0x2e, 0x75, 0x80, 0x58, 0x11, 0x03, \ - 0x21, 0x23, 0x96, 0x9a, 0xb5, 0x02, 0x81, 0x80, 0x05, 0x12, 0x64, 0x71, \ - 0x83, 0x00, 0x1c, 0xfe, 0xef, 0x83, 0xea, 0xdd, 0x2c, 0xc8, 0x2c, 0x00, \ - 0x62, 0x1e, 0x8f, 0x3a, 0xdb, 0x1c, 0xab, 0xd6, 0x34, 0x8b, 0xd1, 0xb2, \ - 0x5a, 0x4f, 0x3d, 0x37, 0x38, 0x02, 0xe0, 0xd7, 0x70, 0xc1, 0xb0, 0x47, \ - 0xe0, 0x08, 0x1a, 0x84, 0xec, 0x48, 0xc5, 0x7c, 0x76, 0x83, 0x12, 0x67, \ - 0xab, 0x7c, 0x9f, 0x90, 0x97, 0xc8, 0x8f, 0x07, 0xf4, 0xb3, 0x60, 0xf2, \ - 0x3f, 0x49, 0x18, 0xdb, 0x2e, 0x94, 0x6b, 0x53, 0x9e, 0xa2, 0x63, 0xde, \ - 0x63, 0xd9, 0xab, 0x21, 0x2e, 0x2d, 0x0a, 0xe0, 0xd0, 0xe8, 0xba, 0xc4, \ - 0x4c, 0x1e, 0xa5, 0xf5, 0x51, 0xa8, 0xc4, 0x92, 0xf8, 0x7f, 0x21, 0xe7, \ - 0x65, 0xbf, 0x0b, 0xe6, 0x01, 0xaf, 0x9c, 0x1d, 0x5b, 0x6c, 0x3f, 0x1c, \ - 0x2f, 0xa6, 0x0f, 0x68, 0x38, 0x8e, 0x85, 0xc4, 0x6c, 0x78, 0x2f, 0x6f, \ - 0x06, 0x21, 0x2e, 0x56 \ -} -/* END FILE */ - -/* - * Test client Certificates - * - * Test client certificates are defined for each choice - * of the following parameters: - * - PEM or DER encoding - * - RSA or EC key - * - * Things to add: - * - hash type - * - multiple EC curve types - */ - -/* This is taken from tests/data_files/cli2.crt. */ -/* BEGIN FILE string macro TEST_CLI_CRT_EC_PEM tests/data_files/cli2.crt */ -#define TEST_CLI_CRT_EC_PEM \ - "-----BEGIN CERTIFICATE-----\r\n" \ - "MIIB3zCCAWOgAwIBAgIBDTAMBggqhkjOPQQDAgUAMD4xCzAJBgNVBAYTAk5MMREw\r\n" \ - "DwYDVQQKDAhQb2xhclNTTDEcMBoGA1UEAwwTUG9sYXJTU0wgVGVzdCBFQyBDQTAe\r\n" \ - "Fw0xOTAyMTAxNDQ0MDBaFw0yOTAyMTAxNDQ0MDBaMEExCzAJBgNVBAYTAk5MMREw\r\n" \ - "DwYDVQQKDAhQb2xhclNTTDEfMB0GA1UEAwwWUG9sYXJTU0wgVGVzdCBDbGllbnQg\r\n" \ - "MjBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABFflrrFz39Osu5O4gf8Sru7mU6zO\r\n" \ - "VVP2NA7MLuNjJQvfmOLzXGA2lsDVGBRw5X+f1UtFGOWwbNVc+JaPh3Cj5MejTTBL\r\n" \ - "MAkGA1UdEwQCMAAwHQYDVR0OBBYEFHoAX4Zk/OBd5REQO7LmO8QmP8/iMB8GA1Ud\r\n" \ - "IwQYMBaAFJ1tICRJAT8ry3i1Gbx+JMnb+zZ8MAwGCCqGSM49BAMCBQADaAAwZQIx\r\n" \ - "AMqme4DKMldUlplDET9Q6Eptre7uUWKhsLOF+zPkKDlfzpIkJYEFgcloDHGYw80u\r\n" \ - "IgIwNftyPXsabTqMM7iEHgVpX/GRozKklY9yQI/5eoA6gGW7Y+imuGR/oao5ySOb\r\n" \ - "a9Vk\r\n" \ - "-----END CERTIFICATE-----\r\n" -/* END FILE */ - -/* This is generated from tests/data_files/cli2.crt.der using `xxd -i`. */ -/* BEGIN FILE binary macro TEST_CLI_CRT_EC_DER tests/data_files/cli2.crt.der */ -#define TEST_CLI_CRT_EC_DER { \ - 0x30, 0x82, 0x01, 0xdf, 0x30, 0x82, 0x01, 0x63, 0xa0, 0x03, 0x02, 0x01, \ - 0x02, 0x02, 0x01, 0x0d, 0x30, 0x0c, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, \ - 0x3d, 0x04, 0x03, 0x02, 0x05, 0x00, 0x30, 0x3e, 0x31, 0x0b, 0x30, 0x09, \ - 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x4e, 0x4c, 0x31, 0x11, 0x30, \ - 0x0f, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x08, 0x50, 0x6f, 0x6c, 0x61, \ - 0x72, 0x53, 0x53, 0x4c, 0x31, 0x1c, 0x30, 0x1a, 0x06, 0x03, 0x55, 0x04, \ - 0x03, 0x0c, 0x13, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, 0x53, 0x4c, 0x20, \ - 0x54, 0x65, 0x73, 0x74, 0x20, 0x45, 0x43, 0x20, 0x43, 0x41, 0x30, 0x1e, \ - 0x17, 0x0d, 0x31, 0x39, 0x30, 0x32, 0x31, 0x30, 0x31, 0x34, 0x34, 0x34, \ - 0x30, 0x30, 0x5a, 0x17, 0x0d, 0x32, 0x39, 0x30, 0x32, 0x31, 0x30, 0x31, \ - 0x34, 0x34, 0x34, 0x30, 0x30, 0x5a, 0x30, 0x41, 0x31, 0x0b, 0x30, 0x09, \ - 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x4e, 0x4c, 0x31, 0x11, 0x30, \ - 0x0f, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x08, 0x50, 0x6f, 0x6c, 0x61, \ - 0x72, 0x53, 0x53, 0x4c, 0x31, 0x1f, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x04, \ - 0x03, 0x0c, 0x16, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, 0x53, 0x4c, 0x20, \ - 0x54, 0x65, 0x73, 0x74, 0x20, 0x43, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x20, \ - 0x32, 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, \ - 0x02, 0x01, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, \ - 0x03, 0x42, 0x00, 0x04, 0x57, 0xe5, 0xae, 0xb1, 0x73, 0xdf, 0xd3, 0xac, \ - 0xbb, 0x93, 0xb8, 0x81, 0xff, 0x12, 0xae, 0xee, 0xe6, 0x53, 0xac, 0xce, \ - 0x55, 0x53, 0xf6, 0x34, 0x0e, 0xcc, 0x2e, 0xe3, 0x63, 0x25, 0x0b, 0xdf, \ - 0x98, 0xe2, 0xf3, 0x5c, 0x60, 0x36, 0x96, 0xc0, 0xd5, 0x18, 0x14, 0x70, \ - 0xe5, 0x7f, 0x9f, 0xd5, 0x4b, 0x45, 0x18, 0xe5, 0xb0, 0x6c, 0xd5, 0x5c, \ - 0xf8, 0x96, 0x8f, 0x87, 0x70, 0xa3, 0xe4, 0xc7, 0xa3, 0x4d, 0x30, 0x4b, \ - 0x30, 0x09, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x04, 0x02, 0x30, 0x00, 0x30, \ - 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0x7a, 0x00, \ - 0x5f, 0x86, 0x64, 0xfc, 0xe0, 0x5d, 0xe5, 0x11, 0x10, 0x3b, 0xb2, 0xe6, \ - 0x3b, 0xc4, 0x26, 0x3f, 0xcf, 0xe2, 0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d, \ - 0x23, 0x04, 0x18, 0x30, 0x16, 0x80, 0x14, 0x9d, 0x6d, 0x20, 0x24, 0x49, \ - 0x01, 0x3f, 0x2b, 0xcb, 0x78, 0xb5, 0x19, 0xbc, 0x7e, 0x24, 0xc9, 0xdb, \ - 0xfb, 0x36, 0x7c, 0x30, 0x0c, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, \ - 0x04, 0x03, 0x02, 0x05, 0x00, 0x03, 0x68, 0x00, 0x30, 0x65, 0x02, 0x31, \ - 0x00, 0xca, 0xa6, 0x7b, 0x80, 0xca, 0x32, 0x57, 0x54, 0x96, 0x99, 0x43, \ - 0x11, 0x3f, 0x50, 0xe8, 0x4a, 0x6d, 0xad, 0xee, 0xee, 0x51, 0x62, 0xa1, \ - 0xb0, 0xb3, 0x85, 0xfb, 0x33, 0xe4, 0x28, 0x39, 0x5f, 0xce, 0x92, 0x24, \ - 0x25, 0x81, 0x05, 0x81, 0xc9, 0x68, 0x0c, 0x71, 0x98, 0xc3, 0xcd, 0x2e, \ - 0x22, 0x02, 0x30, 0x35, 0xfb, 0x72, 0x3d, 0x7b, 0x1a, 0x6d, 0x3a, 0x8c, \ - 0x33, 0xb8, 0x84, 0x1e, 0x05, 0x69, 0x5f, 0xf1, 0x91, 0xa3, 0x32, 0xa4, \ - 0x95, 0x8f, 0x72, 0x40, 0x8f, 0xf9, 0x7a, 0x80, 0x3a, 0x80, 0x65, 0xbb, \ - 0x63, 0xe8, 0xa6, 0xb8, 0x64, 0x7f, 0xa1, 0xaa, 0x39, 0xc9, 0x23, 0x9b, \ - 0x6b, 0xd5, 0x64 \ -} -/* END FILE */ - -/* This is taken from tests/data_files/cli2.key. */ -/* BEGIN FILE string macro TEST_CLI_KEY_EC_PEM tests/data_files/cli2.key */ -#define TEST_CLI_KEY_EC_PEM \ - "-----BEGIN EC PRIVATE KEY-----\r\n" \ - "MHcCAQEEIPb3hmTxZ3/mZI3vyk7p3U3wBf+WIop6hDhkFzJhmLcqoAoGCCqGSM49\r\n" \ - "AwEHoUQDQgAEV+WusXPf06y7k7iB/xKu7uZTrM5VU/Y0Dswu42MlC9+Y4vNcYDaW\r\n" \ - "wNUYFHDlf5/VS0UY5bBs1Vz4lo+HcKPkxw==\r\n" \ - "-----END EC PRIVATE KEY-----\r\n" -/* END FILE */ - -/* This is generated from tests/data_files/cli2.key.der using `xxd -i`. */ -/* BEGIN FILE binary macro TEST_CLI_KEY_EC_DER tests/data_files/cli2.key.der */ -#define TEST_CLI_KEY_EC_DER { \ - 0x30, 0x77, 0x02, 0x01, 0x01, 0x04, 0x20, 0xf6, 0xf7, 0x86, 0x64, 0xf1, \ - 0x67, 0x7f, 0xe6, 0x64, 0x8d, 0xef, 0xca, 0x4e, 0xe9, 0xdd, 0x4d, 0xf0, \ - 0x05, 0xff, 0x96, 0x22, 0x8a, 0x7a, 0x84, 0x38, 0x64, 0x17, 0x32, 0x61, \ - 0x98, 0xb7, 0x2a, 0xa0, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, \ - 0x03, 0x01, 0x07, 0xa1, 0x44, 0x03, 0x42, 0x00, 0x04, 0x57, 0xe5, 0xae, \ - 0xb1, 0x73, 0xdf, 0xd3, 0xac, 0xbb, 0x93, 0xb8, 0x81, 0xff, 0x12, 0xae, \ - 0xee, 0xe6, 0x53, 0xac, 0xce, 0x55, 0x53, 0xf6, 0x34, 0x0e, 0xcc, 0x2e, \ - 0xe3, 0x63, 0x25, 0x0b, 0xdf, 0x98, 0xe2, 0xf3, 0x5c, 0x60, 0x36, 0x96, \ - 0xc0, 0xd5, 0x18, 0x14, 0x70, 0xe5, 0x7f, 0x9f, 0xd5, 0x4b, 0x45, 0x18, \ - 0xe5, 0xb0, 0x6c, 0xd5, 0x5c, 0xf8, 0x96, 0x8f, 0x87, 0x70, 0xa3, 0xe4, \ - 0xc7 \ -} -/* END FILE */ - -/* This is taken from tests/data_files/cli-rsa-sha256.crt. */ -/* BEGIN FILE string macro TEST_CLI_CRT_RSA_PEM tests/data_files/cli-rsa-sha256.crt */ -#define TEST_CLI_CRT_RSA_PEM \ - "-----BEGIN CERTIFICATE-----\r\n" \ - "MIIDPzCCAiegAwIBAgIBBDANBgkqhkiG9w0BAQsFADA7MQswCQYDVQQGEwJOTDER\r\n" \ - "MA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcN\r\n" \ - "MTkwMjEwMTQ0NDA2WhcNMjkwMjEwMTQ0NDA2WjA8MQswCQYDVQQGEwJOTDERMA8G\r\n" \ - "A1UECgwIUG9sYXJTU0wxGjAYBgNVBAMMEVBvbGFyU1NMIENsaWVudCAyMIIBIjAN\r\n" \ - "BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyHTEzLn5tXnpRdkUYLB9u5Pyax6f\r\n" \ - "M60Nj4o8VmXl3ETZzGaFB9X4J7BKNdBjngpuG7fa8H6r7gwQk4ZJGDTzqCrSV/Uu\r\n" \ - "1C93KYRhTYJQj6eVSHD1bk2y1RPD0hrt5kPqQhTrdOrA7R/UV06p86jt0uDBMHEw\r\n" \ - "MjDV0/YI0FZPRo7yX/k9Z5GIMC5Cst99++UMd//sMcB4j7/Cf8qtbCHWjdmLao5v\r\n" \ - "4Jv4EFbMs44TFeY0BGbH7vk2DmqV9gmaBmf0ZXH4yqSxJeD+PIs1BGe64E92hfx/\r\n" \ - "/DZrtenNLQNiTrM9AM+vdqBpVoNq0qjU51Bx5rU2BXcFbXvI5MT9TNUhXwIDAQAB\r\n" \ - "o00wSzAJBgNVHRMEAjAAMB0GA1UdDgQWBBRxoQBzckAvVHZeM/xSj7zx3WtGITAf\r\n" \ - "BgNVHSMEGDAWgBS0WuSls97SUva51aaVD+s+vMf9/zANBgkqhkiG9w0BAQsFAAOC\r\n" \ - "AQEAXidv1d4pLlBiKWED95rMycBdgDcgyNqJxakFkRfRyA2y1mlyTn7uBXRkNLY5\r\n" \ - "ZFzK82GCjk2Q2OD4RZSCPAJJqLpHHU34t71ciffvy2KK81YvrxczRhMAE64i+qna\r\n" \ - "yP3Td2XuWJR05PVPoSemsNELs9gWttdnYy3ce+EY2Y0n7Rsi7982EeLIAA7H6ca4\r\n" \ - "2Es/NUH//JZJT32OP0doMxeDRA+vplkKqTLLWf7dX26LIriBkBaRCgR5Yv9LBPFc\r\n" \ - "NOtpzu/LbrY7QFXKJMI+JXDudCsOn8KCmiA4d6Emisqfh3V3485l7HEQNcvLTxlD\r\n" \ - "6zDQyi0/ykYUYZkwQTK1N2Nvlw==\r\n" \ - "-----END CERTIFICATE-----\r\n" -/* END FILE */ - -/* This was generated from tests/data_files/cli-rsa-sha256.crt.der - using `xxd -i.` */ -/* BEGIN FILE binary macro TEST_CLI_CRT_RSA_DER tests/data_files/cli-rsa-sha256.crt.der */ -#define TEST_CLI_CRT_RSA_DER { \ - 0x30, 0x82, 0x03, 0x3f, 0x30, 0x82, 0x02, 0x27, 0xa0, 0x03, 0x02, 0x01, \ - 0x02, 0x02, 0x01, 0x04, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, \ - 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x30, 0x3b, 0x31, 0x0b, 0x30, \ - 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x4e, 0x4c, 0x31, 0x11, \ - 0x30, 0x0f, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x08, 0x50, 0x6f, 0x6c, \ - 0x61, 0x72, 0x53, 0x53, 0x4c, 0x31, 0x19, 0x30, 0x17, 0x06, 0x03, 0x55, \ - 0x04, 0x03, 0x0c, 0x10, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, 0x53, 0x4c, \ - 0x20, 0x54, 0x65, 0x73, 0x74, 0x20, 0x43, 0x41, 0x30, 0x1e, 0x17, 0x0d, \ - 0x31, 0x39, 0x30, 0x32, 0x31, 0x30, 0x31, 0x34, 0x34, 0x34, 0x30, 0x36, \ - 0x5a, 0x17, 0x0d, 0x32, 0x39, 0x30, 0x32, 0x31, 0x30, 0x31, 0x34, 0x34, \ - 0x34, 0x30, 0x36, 0x5a, 0x30, 0x3c, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, \ - 0x55, 0x04, 0x06, 0x13, 0x02, 0x4e, 0x4c, 0x31, 0x11, 0x30, 0x0f, 0x06, \ - 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x08, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, \ - 0x53, 0x4c, 0x31, 0x1a, 0x30, 0x18, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, \ - 0x11, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, 0x53, 0x4c, 0x20, 0x43, 0x6c, \ - 0x69, 0x65, 0x6e, 0x74, 0x20, 0x32, 0x30, 0x82, 0x01, 0x22, 0x30, 0x0d, \ - 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, \ - 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00, 0x30, 0x82, 0x01, 0x0a, 0x02, 0x82, \ - 0x01, 0x01, 0x00, 0xc8, 0x74, 0xc4, 0xcc, 0xb9, 0xf9, 0xb5, 0x79, 0xe9, \ - 0x45, 0xd9, 0x14, 0x60, 0xb0, 0x7d, 0xbb, 0x93, 0xf2, 0x6b, 0x1e, 0x9f, \ - 0x33, 0xad, 0x0d, 0x8f, 0x8a, 0x3c, 0x56, 0x65, 0xe5, 0xdc, 0x44, 0xd9, \ - 0xcc, 0x66, 0x85, 0x07, 0xd5, 0xf8, 0x27, 0xb0, 0x4a, 0x35, 0xd0, 0x63, \ - 0x9e, 0x0a, 0x6e, 0x1b, 0xb7, 0xda, 0xf0, 0x7e, 0xab, 0xee, 0x0c, 0x10, \ - 0x93, 0x86, 0x49, 0x18, 0x34, 0xf3, 0xa8, 0x2a, 0xd2, 0x57, 0xf5, 0x2e, \ - 0xd4, 0x2f, 0x77, 0x29, 0x84, 0x61, 0x4d, 0x82, 0x50, 0x8f, 0xa7, 0x95, \ - 0x48, 0x70, 0xf5, 0x6e, 0x4d, 0xb2, 0xd5, 0x13, 0xc3, 0xd2, 0x1a, 0xed, \ - 0xe6, 0x43, 0xea, 0x42, 0x14, 0xeb, 0x74, 0xea, 0xc0, 0xed, 0x1f, 0xd4, \ - 0x57, 0x4e, 0xa9, 0xf3, 0xa8, 0xed, 0xd2, 0xe0, 0xc1, 0x30, 0x71, 0x30, \ - 0x32, 0x30, 0xd5, 0xd3, 0xf6, 0x08, 0xd0, 0x56, 0x4f, 0x46, 0x8e, 0xf2, \ - 0x5f, 0xf9, 0x3d, 0x67, 0x91, 0x88, 0x30, 0x2e, 0x42, 0xb2, 0xdf, 0x7d, \ - 0xfb, 0xe5, 0x0c, 0x77, 0xff, 0xec, 0x31, 0xc0, 0x78, 0x8f, 0xbf, 0xc2, \ - 0x7f, 0xca, 0xad, 0x6c, 0x21, 0xd6, 0x8d, 0xd9, 0x8b, 0x6a, 0x8e, 0x6f, \ - 0xe0, 0x9b, 0xf8, 0x10, 0x56, 0xcc, 0xb3, 0x8e, 0x13, 0x15, 0xe6, 0x34, \ - 0x04, 0x66, 0xc7, 0xee, 0xf9, 0x36, 0x0e, 0x6a, 0x95, 0xf6, 0x09, 0x9a, \ - 0x06, 0x67, 0xf4, 0x65, 0x71, 0xf8, 0xca, 0xa4, 0xb1, 0x25, 0xe0, 0xfe, \ - 0x3c, 0x8b, 0x35, 0x04, 0x67, 0xba, 0xe0, 0x4f, 0x76, 0x85, 0xfc, 0x7f, \ - 0xfc, 0x36, 0x6b, 0xb5, 0xe9, 0xcd, 0x2d, 0x03, 0x62, 0x4e, 0xb3, 0x3d, \ - 0x00, 0xcf, 0xaf, 0x76, 0xa0, 0x69, 0x56, 0x83, 0x6a, 0xd2, 0xa8, 0xd4, \ - 0xe7, 0x50, 0x71, 0xe6, 0xb5, 0x36, 0x05, 0x77, 0x05, 0x6d, 0x7b, 0xc8, \ - 0xe4, 0xc4, 0xfd, 0x4c, 0xd5, 0x21, 0x5f, 0x02, 0x03, 0x01, 0x00, 0x01, \ - 0xa3, 0x4d, 0x30, 0x4b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x04, \ - 0x02, 0x30, 0x00, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, \ - 0x04, 0x14, 0x71, 0xa1, 0x00, 0x73, 0x72, 0x40, 0x2f, 0x54, 0x76, 0x5e, \ - 0x33, 0xfc, 0x52, 0x8f, 0xbc, 0xf1, 0xdd, 0x6b, 0x46, 0x21, 0x30, 0x1f, \ - 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x18, 0x30, 0x16, 0x80, 0x14, 0xb4, \ - 0x5a, 0xe4, 0xa5, 0xb3, 0xde, 0xd2, 0x52, 0xf6, 0xb9, 0xd5, 0xa6, 0x95, \ - 0x0f, 0xeb, 0x3e, 0xbc, 0xc7, 0xfd, 0xff, 0x30, 0x0d, 0x06, 0x09, 0x2a, \ - 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x03, 0x82, \ - 0x01, 0x01, 0x00, 0x5e, 0x27, 0x6f, 0xd5, 0xde, 0x29, 0x2e, 0x50, 0x62, \ - 0x29, 0x61, 0x03, 0xf7, 0x9a, 0xcc, 0xc9, 0xc0, 0x5d, 0x80, 0x37, 0x20, \ - 0xc8, 0xda, 0x89, 0xc5, 0xa9, 0x05, 0x91, 0x17, 0xd1, 0xc8, 0x0d, 0xb2, \ - 0xd6, 0x69, 0x72, 0x4e, 0x7e, 0xee, 0x05, 0x74, 0x64, 0x34, 0xb6, 0x39, \ - 0x64, 0x5c, 0xca, 0xf3, 0x61, 0x82, 0x8e, 0x4d, 0x90, 0xd8, 0xe0, 0xf8, \ - 0x45, 0x94, 0x82, 0x3c, 0x02, 0x49, 0xa8, 0xba, 0x47, 0x1d, 0x4d, 0xf8, \ - 0xb7, 0xbd, 0x5c, 0x89, 0xf7, 0xef, 0xcb, 0x62, 0x8a, 0xf3, 0x56, 0x2f, \ - 0xaf, 0x17, 0x33, 0x46, 0x13, 0x00, 0x13, 0xae, 0x22, 0xfa, 0xa9, 0xda, \ - 0xc8, 0xfd, 0xd3, 0x77, 0x65, 0xee, 0x58, 0x94, 0x74, 0xe4, 0xf5, 0x4f, \ - 0xa1, 0x27, 0xa6, 0xb0, 0xd1, 0x0b, 0xb3, 0xd8, 0x16, 0xb6, 0xd7, 0x67, \ - 0x63, 0x2d, 0xdc, 0x7b, 0xe1, 0x18, 0xd9, 0x8d, 0x27, 0xed, 0x1b, 0x22, \ - 0xef, 0xdf, 0x36, 0x11, 0xe2, 0xc8, 0x00, 0x0e, 0xc7, 0xe9, 0xc6, 0xb8, \ - 0xd8, 0x4b, 0x3f, 0x35, 0x41, 0xff, 0xfc, 0x96, 0x49, 0x4f, 0x7d, 0x8e, \ - 0x3f, 0x47, 0x68, 0x33, 0x17, 0x83, 0x44, 0x0f, 0xaf, 0xa6, 0x59, 0x0a, \ - 0xa9, 0x32, 0xcb, 0x59, 0xfe, 0xdd, 0x5f, 0x6e, 0x8b, 0x22, 0xb8, 0x81, \ - 0x90, 0x16, 0x91, 0x0a, 0x04, 0x79, 0x62, 0xff, 0x4b, 0x04, 0xf1, 0x5c, \ - 0x34, 0xeb, 0x69, 0xce, 0xef, 0xcb, 0x6e, 0xb6, 0x3b, 0x40, 0x55, 0xca, \ - 0x24, 0xc2, 0x3e, 0x25, 0x70, 0xee, 0x74, 0x2b, 0x0e, 0x9f, 0xc2, 0x82, \ - 0x9a, 0x20, 0x38, 0x77, 0xa1, 0x26, 0x8a, 0xca, 0x9f, 0x87, 0x75, 0x77, \ - 0xe3, 0xce, 0x65, 0xec, 0x71, 0x10, 0x35, 0xcb, 0xcb, 0x4f, 0x19, 0x43, \ - 0xeb, 0x30, 0xd0, 0xca, 0x2d, 0x3f, 0xca, 0x46, 0x14, 0x61, 0x99, 0x30, \ - 0x41, 0x32, 0xb5, 0x37, 0x63, 0x6f, 0x97 \ -} -/* END FILE */ - -/* This is taken from tests/data_files/cli-rsa.key. */ -/* BEGIN FILE string macro TEST_CLI_KEY_RSA_PEM tests/data_files/cli-rsa.key */ -#define TEST_CLI_KEY_RSA_PEM \ - "-----BEGIN RSA PRIVATE KEY-----\r\n" \ - "MIIEpAIBAAKCAQEAyHTEzLn5tXnpRdkUYLB9u5Pyax6fM60Nj4o8VmXl3ETZzGaF\r\n" \ - "B9X4J7BKNdBjngpuG7fa8H6r7gwQk4ZJGDTzqCrSV/Uu1C93KYRhTYJQj6eVSHD1\r\n" \ - "bk2y1RPD0hrt5kPqQhTrdOrA7R/UV06p86jt0uDBMHEwMjDV0/YI0FZPRo7yX/k9\r\n" \ - "Z5GIMC5Cst99++UMd//sMcB4j7/Cf8qtbCHWjdmLao5v4Jv4EFbMs44TFeY0BGbH\r\n" \ - "7vk2DmqV9gmaBmf0ZXH4yqSxJeD+PIs1BGe64E92hfx//DZrtenNLQNiTrM9AM+v\r\n" \ - "dqBpVoNq0qjU51Bx5rU2BXcFbXvI5MT9TNUhXwIDAQABAoIBAGdNtfYDiap6bzst\r\n" \ - "yhCiI8m9TtrhZw4MisaEaN/ll3XSjaOG2dvV6xMZCMV+5TeXDHOAZnY18Yi18vzz\r\n" \ - "4Ut2TnNFzizCECYNaA2fST3WgInnxUkV3YXAyP6CNxJaCmv2aA0yFr2kFVSeaKGt\r\n" \ - "ymvljNp2NVkvm7Th8fBQBO7I7AXhz43k0mR7XmPgewe8ApZOG3hstkOaMvbWAvWA\r\n" \ - "zCZupdDjZYjOJqlA4eEA4H8/w7F83r5CugeBE8LgEREjLPiyejrU5H1fubEY+h0d\r\n" \ - "l5HZBJ68ybTXfQ5U9o/QKA3dd0toBEhhdRUDGzWtjvwkEQfqF1reGWj/tod/gCpf\r\n" \ - "DFi6X0ECgYEA4wOv/pjSC3ty6TuOvKX2rOUiBrLXXv2JSxZnMoMiWI5ipLQt+RYT\r\n" \ - "VPafL/m7Dn6MbwjayOkcZhBwk5CNz5A6Q4lJ64Mq/lqHznRCQQ2Mc1G8eyDF/fYL\r\n" \ - "Ze2pLvwP9VD5jTc2miDfw+MnvJhywRRLcemDFP8k4hQVtm8PMp3ZmNECgYEA4gz7\r\n" \ - "wzObR4gn8ibe617uQPZjWzUj9dUHYd+in1gwBCIrtNnaRn9I9U/Q6tegRYpii4ys\r\n" \ - "c176NmU+umy6XmuSKV5qD9bSpZWG2nLFnslrN15Lm3fhZxoeMNhBaEDTnLT26yoi\r\n" \ - "33gp0mSSWy94ZEqipms+ULF6sY1ZtFW6tpGFoy8CgYAQHhnnvJflIs2ky4q10B60\r\n" \ - "ZcxFp3rtDpkp0JxhFLhiizFrujMtZSjYNm5U7KkgPVHhLELEUvCmOnKTt4ap/vZ0\r\n" \ - "BxJNe1GZH3pW6SAvGDQpl9sG7uu/vTFP+lCxukmzxB0DrrDcvorEkKMom7ZCCRvW\r\n" \ - "KZsZ6YeH2Z81BauRj218kQKBgQCUV/DgKP2985xDTT79N08jUo3hTP5MVYCCuj/+\r\n" \ - "UeEw1TvZcx3LJby7P6Xad6a1/BqveaGyFKIfEFIaBUBItk801sDDpDaYc4gL00Xc\r\n" \ - "7lFuBHOZkxJYlss5QrGpuOEl9ZwUt5IrFLBdYaKqNHzNVC1pCPfb/JyH6Dr2HUxq\r\n" \ - "gxUwAQKBgQCcU6G2L8AG9d9c0UpOyL1tMvFe5Ttw0KjlQVdsh1MP6yigYo9DYuwu\r\n" \ - "bHFVW2r0dBTqegP2/KTOxKzaHfC1qf0RGDsUoJCNJrd1cwoCLG8P2EF4w3OBrKqv\r\n" \ - "8u4ytY0F+Vlanj5lm3TaoHSVF1+NWPyOTiwevIECGKwSxvlki4fDAA==\r\n" \ - "-----END RSA PRIVATE KEY-----\r\n"/* END FILE */ - -/* This was generated from tests/data_files/cli-rsa.key.der using `xxd -i`. */ -/* BEGIN FILE binary macro TEST_CLI_KEY_RSA_DER tests/data_files/cli-rsa.key.der */ -#define TEST_CLI_KEY_RSA_DER { \ - 0x30, 0x82, 0x04, 0xa4, 0x02, 0x01, 0x00, 0x02, 0x82, 0x01, 0x01, 0x00, \ - 0xc8, 0x74, 0xc4, 0xcc, 0xb9, 0xf9, 0xb5, 0x79, 0xe9, 0x45, 0xd9, 0x14, \ - 0x60, 0xb0, 0x7d, 0xbb, 0x93, 0xf2, 0x6b, 0x1e, 0x9f, 0x33, 0xad, 0x0d, \ - 0x8f, 0x8a, 0x3c, 0x56, 0x65, 0xe5, 0xdc, 0x44, 0xd9, 0xcc, 0x66, 0x85, \ - 0x07, 0xd5, 0xf8, 0x27, 0xb0, 0x4a, 0x35, 0xd0, 0x63, 0x9e, 0x0a, 0x6e, \ - 0x1b, 0xb7, 0xda, 0xf0, 0x7e, 0xab, 0xee, 0x0c, 0x10, 0x93, 0x86, 0x49, \ - 0x18, 0x34, 0xf3, 0xa8, 0x2a, 0xd2, 0x57, 0xf5, 0x2e, 0xd4, 0x2f, 0x77, \ - 0x29, 0x84, 0x61, 0x4d, 0x82, 0x50, 0x8f, 0xa7, 0x95, 0x48, 0x70, 0xf5, \ - 0x6e, 0x4d, 0xb2, 0xd5, 0x13, 0xc3, 0xd2, 0x1a, 0xed, 0xe6, 0x43, 0xea, \ - 0x42, 0x14, 0xeb, 0x74, 0xea, 0xc0, 0xed, 0x1f, 0xd4, 0x57, 0x4e, 0xa9, \ - 0xf3, 0xa8, 0xed, 0xd2, 0xe0, 0xc1, 0x30, 0x71, 0x30, 0x32, 0x30, 0xd5, \ - 0xd3, 0xf6, 0x08, 0xd0, 0x56, 0x4f, 0x46, 0x8e, 0xf2, 0x5f, 0xf9, 0x3d, \ - 0x67, 0x91, 0x88, 0x30, 0x2e, 0x42, 0xb2, 0xdf, 0x7d, 0xfb, 0xe5, 0x0c, \ - 0x77, 0xff, 0xec, 0x31, 0xc0, 0x78, 0x8f, 0xbf, 0xc2, 0x7f, 0xca, 0xad, \ - 0x6c, 0x21, 0xd6, 0x8d, 0xd9, 0x8b, 0x6a, 0x8e, 0x6f, 0xe0, 0x9b, 0xf8, \ - 0x10, 0x56, 0xcc, 0xb3, 0x8e, 0x13, 0x15, 0xe6, 0x34, 0x04, 0x66, 0xc7, \ - 0xee, 0xf9, 0x36, 0x0e, 0x6a, 0x95, 0xf6, 0x09, 0x9a, 0x06, 0x67, 0xf4, \ - 0x65, 0x71, 0xf8, 0xca, 0xa4, 0xb1, 0x25, 0xe0, 0xfe, 0x3c, 0x8b, 0x35, \ - 0x04, 0x67, 0xba, 0xe0, 0x4f, 0x76, 0x85, 0xfc, 0x7f, 0xfc, 0x36, 0x6b, \ - 0xb5, 0xe9, 0xcd, 0x2d, 0x03, 0x62, 0x4e, 0xb3, 0x3d, 0x00, 0xcf, 0xaf, \ - 0x76, 0xa0, 0x69, 0x56, 0x83, 0x6a, 0xd2, 0xa8, 0xd4, 0xe7, 0x50, 0x71, \ - 0xe6, 0xb5, 0x36, 0x05, 0x77, 0x05, 0x6d, 0x7b, 0xc8, 0xe4, 0xc4, 0xfd, \ - 0x4c, 0xd5, 0x21, 0x5f, 0x02, 0x03, 0x01, 0x00, 0x01, 0x02, 0x82, 0x01, \ - 0x00, 0x67, 0x4d, 0xb5, 0xf6, 0x03, 0x89, 0xaa, 0x7a, 0x6f, 0x3b, 0x2d, \ - 0xca, 0x10, 0xa2, 0x23, 0xc9, 0xbd, 0x4e, 0xda, 0xe1, 0x67, 0x0e, 0x0c, \ - 0x8a, 0xc6, 0x84, 0x68, 0xdf, 0xe5, 0x97, 0x75, 0xd2, 0x8d, 0xa3, 0x86, \ - 0xd9, 0xdb, 0xd5, 0xeb, 0x13, 0x19, 0x08, 0xc5, 0x7e, 0xe5, 0x37, 0x97, \ - 0x0c, 0x73, 0x80, 0x66, 0x76, 0x35, 0xf1, 0x88, 0xb5, 0xf2, 0xfc, 0xf3, \ - 0xe1, 0x4b, 0x76, 0x4e, 0x73, 0x45, 0xce, 0x2c, 0xc2, 0x10, 0x26, 0x0d, \ - 0x68, 0x0d, 0x9f, 0x49, 0x3d, 0xd6, 0x80, 0x89, 0xe7, 0xc5, 0x49, 0x15, \ - 0xdd, 0x85, 0xc0, 0xc8, 0xfe, 0x82, 0x37, 0x12, 0x5a, 0x0a, 0x6b, 0xf6, \ - 0x68, 0x0d, 0x32, 0x16, 0xbd, 0xa4, 0x15, 0x54, 0x9e, 0x68, 0xa1, 0xad, \ - 0xca, 0x6b, 0xe5, 0x8c, 0xda, 0x76, 0x35, 0x59, 0x2f, 0x9b, 0xb4, 0xe1, \ - 0xf1, 0xf0, 0x50, 0x04, 0xee, 0xc8, 0xec, 0x05, 0xe1, 0xcf, 0x8d, 0xe4, \ - 0xd2, 0x64, 0x7b, 0x5e, 0x63, 0xe0, 0x7b, 0x07, 0xbc, 0x02, 0x96, 0x4e, \ - 0x1b, 0x78, 0x6c, 0xb6, 0x43, 0x9a, 0x32, 0xf6, 0xd6, 0x02, 0xf5, 0x80, \ - 0xcc, 0x26, 0x6e, 0xa5, 0xd0, 0xe3, 0x65, 0x88, 0xce, 0x26, 0xa9, 0x40, \ - 0xe1, 0xe1, 0x00, 0xe0, 0x7f, 0x3f, 0xc3, 0xb1, 0x7c, 0xde, 0xbe, 0x42, \ - 0xba, 0x07, 0x81, 0x13, 0xc2, 0xe0, 0x11, 0x11, 0x23, 0x2c, 0xf8, 0xb2, \ - 0x7a, 0x3a, 0xd4, 0xe4, 0x7d, 0x5f, 0xb9, 0xb1, 0x18, 0xfa, 0x1d, 0x1d, \ - 0x97, 0x91, 0xd9, 0x04, 0x9e, 0xbc, 0xc9, 0xb4, 0xd7, 0x7d, 0x0e, 0x54, \ - 0xf6, 0x8f, 0xd0, 0x28, 0x0d, 0xdd, 0x77, 0x4b, 0x68, 0x04, 0x48, 0x61, \ - 0x75, 0x15, 0x03, 0x1b, 0x35, 0xad, 0x8e, 0xfc, 0x24, 0x11, 0x07, 0xea, \ - 0x17, 0x5a, 0xde, 0x19, 0x68, 0xff, 0xb6, 0x87, 0x7f, 0x80, 0x2a, 0x5f, \ - 0x0c, 0x58, 0xba, 0x5f, 0x41, 0x02, 0x81, 0x81, 0x00, 0xe3, 0x03, 0xaf, \ - 0xfe, 0x98, 0xd2, 0x0b, 0x7b, 0x72, 0xe9, 0x3b, 0x8e, 0xbc, 0xa5, 0xf6, \ - 0xac, 0xe5, 0x22, 0x06, 0xb2, 0xd7, 0x5e, 0xfd, 0x89, 0x4b, 0x16, 0x67, \ - 0x32, 0x83, 0x22, 0x58, 0x8e, 0x62, 0xa4, 0xb4, 0x2d, 0xf9, 0x16, 0x13, \ - 0x54, 0xf6, 0x9f, 0x2f, 0xf9, 0xbb, 0x0e, 0x7e, 0x8c, 0x6f, 0x08, 0xda, \ - 0xc8, 0xe9, 0x1c, 0x66, 0x10, 0x70, 0x93, 0x90, 0x8d, 0xcf, 0x90, 0x3a, \ - 0x43, 0x89, 0x49, 0xeb, 0x83, 0x2a, 0xfe, 0x5a, 0x87, 0xce, 0x74, 0x42, \ - 0x41, 0x0d, 0x8c, 0x73, 0x51, 0xbc, 0x7b, 0x20, 0xc5, 0xfd, 0xf6, 0x0b, \ - 0x65, 0xed, 0xa9, 0x2e, 0xfc, 0x0f, 0xf5, 0x50, 0xf9, 0x8d, 0x37, 0x36, \ - 0x9a, 0x20, 0xdf, 0xc3, 0xe3, 0x27, 0xbc, 0x98, 0x72, 0xc1, 0x14, 0x4b, \ - 0x71, 0xe9, 0x83, 0x14, 0xff, 0x24, 0xe2, 0x14, 0x15, 0xb6, 0x6f, 0x0f, \ - 0x32, 0x9d, 0xd9, 0x98, 0xd1, 0x02, 0x81, 0x81, 0x00, 0xe2, 0x0c, 0xfb, \ - 0xc3, 0x33, 0x9b, 0x47, 0x88, 0x27, 0xf2, 0x26, 0xde, 0xeb, 0x5e, 0xee, \ - 0x40, 0xf6, 0x63, 0x5b, 0x35, 0x23, 0xf5, 0xd5, 0x07, 0x61, 0xdf, 0xa2, \ - 0x9f, 0x58, 0x30, 0x04, 0x22, 0x2b, 0xb4, 0xd9, 0xda, 0x46, 0x7f, 0x48, \ - 0xf5, 0x4f, 0xd0, 0xea, 0xd7, 0xa0, 0x45, 0x8a, 0x62, 0x8b, 0x8c, 0xac, \ - 0x73, 0x5e, 0xfa, 0x36, 0x65, 0x3e, 0xba, 0x6c, 0xba, 0x5e, 0x6b, 0x92, \ - 0x29, 0x5e, 0x6a, 0x0f, 0xd6, 0xd2, 0xa5, 0x95, 0x86, 0xda, 0x72, 0xc5, \ - 0x9e, 0xc9, 0x6b, 0x37, 0x5e, 0x4b, 0x9b, 0x77, 0xe1, 0x67, 0x1a, 0x1e, \ - 0x30, 0xd8, 0x41, 0x68, 0x40, 0xd3, 0x9c, 0xb4, 0xf6, 0xeb, 0x2a, 0x22, \ - 0xdf, 0x78, 0x29, 0xd2, 0x64, 0x92, 0x5b, 0x2f, 0x78, 0x64, 0x4a, 0xa2, \ - 0xa6, 0x6b, 0x3e, 0x50, 0xb1, 0x7a, 0xb1, 0x8d, 0x59, 0xb4, 0x55, 0xba, \ - 0xb6, 0x91, 0x85, 0xa3, 0x2f, 0x02, 0x81, 0x80, 0x10, 0x1e, 0x19, 0xe7, \ - 0xbc, 0x97, 0xe5, 0x22, 0xcd, 0xa4, 0xcb, 0x8a, 0xb5, 0xd0, 0x1e, 0xb4, \ - 0x65, 0xcc, 0x45, 0xa7, 0x7a, 0xed, 0x0e, 0x99, 0x29, 0xd0, 0x9c, 0x61, \ - 0x14, 0xb8, 0x62, 0x8b, 0x31, 0x6b, 0xba, 0x33, 0x2d, 0x65, 0x28, 0xd8, \ - 0x36, 0x6e, 0x54, 0xec, 0xa9, 0x20, 0x3d, 0x51, 0xe1, 0x2c, 0x42, 0xc4, \ - 0x52, 0xf0, 0xa6, 0x3a, 0x72, 0x93, 0xb7, 0x86, 0xa9, 0xfe, 0xf6, 0x74, \ - 0x07, 0x12, 0x4d, 0x7b, 0x51, 0x99, 0x1f, 0x7a, 0x56, 0xe9, 0x20, 0x2f, \ - 0x18, 0x34, 0x29, 0x97, 0xdb, 0x06, 0xee, 0xeb, 0xbf, 0xbd, 0x31, 0x4f, \ - 0xfa, 0x50, 0xb1, 0xba, 0x49, 0xb3, 0xc4, 0x1d, 0x03, 0xae, 0xb0, 0xdc, \ - 0xbe, 0x8a, 0xc4, 0x90, 0xa3, 0x28, 0x9b, 0xb6, 0x42, 0x09, 0x1b, 0xd6, \ - 0x29, 0x9b, 0x19, 0xe9, 0x87, 0x87, 0xd9, 0x9f, 0x35, 0x05, 0xab, 0x91, \ - 0x8f, 0x6d, 0x7c, 0x91, 0x02, 0x81, 0x81, 0x00, 0x94, 0x57, 0xf0, 0xe0, \ - 0x28, 0xfd, 0xbd, 0xf3, 0x9c, 0x43, 0x4d, 0x3e, 0xfd, 0x37, 0x4f, 0x23, \ - 0x52, 0x8d, 0xe1, 0x4c, 0xfe, 0x4c, 0x55, 0x80, 0x82, 0xba, 0x3f, 0xfe, \ - 0x51, 0xe1, 0x30, 0xd5, 0x3b, 0xd9, 0x73, 0x1d, 0xcb, 0x25, 0xbc, 0xbb, \ - 0x3f, 0xa5, 0xda, 0x77, 0xa6, 0xb5, 0xfc, 0x1a, 0xaf, 0x79, 0xa1, 0xb2, \ - 0x14, 0xa2, 0x1f, 0x10, 0x52, 0x1a, 0x05, 0x40, 0x48, 0xb6, 0x4f, 0x34, \ - 0xd6, 0xc0, 0xc3, 0xa4, 0x36, 0x98, 0x73, 0x88, 0x0b, 0xd3, 0x45, 0xdc, \ - 0xee, 0x51, 0x6e, 0x04, 0x73, 0x99, 0x93, 0x12, 0x58, 0x96, 0xcb, 0x39, \ - 0x42, 0xb1, 0xa9, 0xb8, 0xe1, 0x25, 0xf5, 0x9c, 0x14, 0xb7, 0x92, 0x2b, \ - 0x14, 0xb0, 0x5d, 0x61, 0xa2, 0xaa, 0x34, 0x7c, 0xcd, 0x54, 0x2d, 0x69, \ - 0x08, 0xf7, 0xdb, 0xfc, 0x9c, 0x87, 0xe8, 0x3a, 0xf6, 0x1d, 0x4c, 0x6a, \ - 0x83, 0x15, 0x30, 0x01, 0x02, 0x81, 0x81, 0x00, 0x9c, 0x53, 0xa1, 0xb6, \ - 0x2f, 0xc0, 0x06, 0xf5, 0xdf, 0x5c, 0xd1, 0x4a, 0x4e, 0xc8, 0xbd, 0x6d, \ - 0x32, 0xf1, 0x5e, 0xe5, 0x3b, 0x70, 0xd0, 0xa8, 0xe5, 0x41, 0x57, 0x6c, \ - 0x87, 0x53, 0x0f, 0xeb, 0x28, 0xa0, 0x62, 0x8f, 0x43, 0x62, 0xec, 0x2e, \ - 0x6c, 0x71, 0x55, 0x5b, 0x6a, 0xf4, 0x74, 0x14, 0xea, 0x7a, 0x03, 0xf6, \ - 0xfc, 0xa4, 0xce, 0xc4, 0xac, 0xda, 0x1d, 0xf0, 0xb5, 0xa9, 0xfd, 0x11, \ - 0x18, 0x3b, 0x14, 0xa0, 0x90, 0x8d, 0x26, 0xb7, 0x75, 0x73, 0x0a, 0x02, \ - 0x2c, 0x6f, 0x0f, 0xd8, 0x41, 0x78, 0xc3, 0x73, 0x81, 0xac, 0xaa, 0xaf, \ - 0xf2, 0xee, 0x32, 0xb5, 0x8d, 0x05, 0xf9, 0x59, 0x5a, 0x9e, 0x3e, 0x65, \ - 0x9b, 0x74, 0xda, 0xa0, 0x74, 0x95, 0x17, 0x5f, 0x8d, 0x58, 0xfc, 0x8e, \ - 0x4e, 0x2c, 0x1e, 0xbc, 0x81, 0x02, 0x18, 0xac, 0x12, 0xc6, 0xf9, 0x64, \ - 0x8b, 0x87, 0xc3, 0x00 \ -} -/* END FILE */ - -/* - * - * Test certificates and keys as C variables - * - */ - -/* - * CA - */ - -const char mbedtls_test_ca_crt_ec_pem[] = TEST_CA_CRT_EC_PEM; -const char mbedtls_test_ca_key_ec_pem[] = TEST_CA_KEY_EC_PEM; -const char mbedtls_test_ca_pwd_ec_pem[] = TEST_CA_PWD_EC_PEM; -const char mbedtls_test_ca_key_rsa_pem[] = TEST_CA_KEY_RSA_PEM; -const char mbedtls_test_ca_pwd_rsa_pem[] = TEST_CA_PWD_RSA_PEM; -const char mbedtls_test_ca_crt_rsa_sha1_pem[] = TEST_CA_CRT_RSA_SHA1_PEM; -const char mbedtls_test_ca_crt_rsa_sha256_pem[] = TEST_CA_CRT_RSA_SHA256_PEM; - -const unsigned char mbedtls_test_ca_crt_ec_der[] = TEST_CA_CRT_EC_DER; -const unsigned char mbedtls_test_ca_key_ec_der[] = TEST_CA_KEY_EC_DER; -const unsigned char mbedtls_test_ca_key_rsa_der[] = TEST_CA_KEY_RSA_DER; -const unsigned char mbedtls_test_ca_crt_rsa_sha1_der[] = - TEST_CA_CRT_RSA_SHA1_DER; -const unsigned char mbedtls_test_ca_crt_rsa_sha256_der[] = - TEST_CA_CRT_RSA_SHA256_DER; - -const size_t mbedtls_test_ca_crt_ec_pem_len = - sizeof( mbedtls_test_ca_crt_ec_pem ); -const size_t mbedtls_test_ca_key_ec_pem_len = - sizeof( mbedtls_test_ca_key_ec_pem ); -const size_t mbedtls_test_ca_pwd_ec_pem_len = - sizeof( mbedtls_test_ca_pwd_ec_pem ) - 1; -const size_t mbedtls_test_ca_key_rsa_pem_len = - sizeof( mbedtls_test_ca_key_rsa_pem ); -const size_t mbedtls_test_ca_pwd_rsa_pem_len = - sizeof( mbedtls_test_ca_pwd_rsa_pem ) - 1; -const size_t mbedtls_test_ca_crt_rsa_sha1_pem_len = - sizeof( mbedtls_test_ca_crt_rsa_sha1_pem ); -const size_t mbedtls_test_ca_crt_rsa_sha256_pem_len = - sizeof( mbedtls_test_ca_crt_rsa_sha256_pem ); - -const size_t mbedtls_test_ca_crt_ec_der_len = - sizeof( mbedtls_test_ca_crt_ec_der ); -const size_t mbedtls_test_ca_key_ec_der_len = - sizeof( mbedtls_test_ca_key_ec_der ); -const size_t mbedtls_test_ca_pwd_ec_der_len = 0; -const size_t mbedtls_test_ca_key_rsa_der_len = - sizeof( mbedtls_test_ca_key_rsa_der ); -const size_t mbedtls_test_ca_pwd_rsa_der_len = 0; -const size_t mbedtls_test_ca_crt_rsa_sha1_der_len = - sizeof( mbedtls_test_ca_crt_rsa_sha1_der ); -const size_t mbedtls_test_ca_crt_rsa_sha256_der_len = - sizeof( mbedtls_test_ca_crt_rsa_sha256_der ); - -/* - * Server - */ - -const char mbedtls_test_srv_crt_ec_pem[] = TEST_SRV_CRT_EC_PEM; -const char mbedtls_test_srv_key_ec_pem[] = TEST_SRV_KEY_EC_PEM; -const char mbedtls_test_srv_pwd_ec_pem[] = ""; -const char mbedtls_test_srv_key_rsa_pem[] = TEST_SRV_KEY_RSA_PEM; -const char mbedtls_test_srv_pwd_rsa_pem[] = ""; -const char mbedtls_test_srv_crt_rsa_sha1_pem[] = TEST_SRV_CRT_RSA_SHA1_PEM; -const char mbedtls_test_srv_crt_rsa_sha256_pem[] = TEST_SRV_CRT_RSA_SHA256_PEM; - -const unsigned char mbedtls_test_srv_crt_ec_der[] = TEST_SRV_CRT_EC_DER; -const unsigned char mbedtls_test_srv_key_ec_der[] = TEST_SRV_KEY_EC_DER; -const unsigned char mbedtls_test_srv_key_rsa_der[] = TEST_SRV_KEY_RSA_DER; -const unsigned char mbedtls_test_srv_crt_rsa_sha1_der[] = - TEST_SRV_CRT_RSA_SHA1_DER; -const unsigned char mbedtls_test_srv_crt_rsa_sha256_der[] = - TEST_SRV_CRT_RSA_SHA256_DER; - -const size_t mbedtls_test_srv_crt_ec_pem_len = - sizeof( mbedtls_test_srv_crt_ec_pem ); -const size_t mbedtls_test_srv_key_ec_pem_len = - sizeof( mbedtls_test_srv_key_ec_pem ); -const size_t mbedtls_test_srv_pwd_ec_pem_len = - sizeof( mbedtls_test_srv_pwd_ec_pem ) - 1; -const size_t mbedtls_test_srv_key_rsa_pem_len = - sizeof( mbedtls_test_srv_key_rsa_pem ); -const size_t mbedtls_test_srv_pwd_rsa_pem_len = - sizeof( mbedtls_test_srv_pwd_rsa_pem ) - 1; -const size_t mbedtls_test_srv_crt_rsa_sha1_pem_len = - sizeof( mbedtls_test_srv_crt_rsa_sha1_pem ); -const size_t mbedtls_test_srv_crt_rsa_sha256_pem_len = - sizeof( mbedtls_test_srv_crt_rsa_sha256_pem ); - -const size_t mbedtls_test_srv_crt_ec_der_len = - sizeof( mbedtls_test_srv_crt_ec_der ); -const size_t mbedtls_test_srv_key_ec_der_len = - sizeof( mbedtls_test_srv_key_ec_der ); -const size_t mbedtls_test_srv_pwd_ec_der_len = 0; -const size_t mbedtls_test_srv_key_rsa_der_len = - sizeof( mbedtls_test_srv_key_rsa_der ); -const size_t mbedtls_test_srv_pwd_rsa_der_len = 0; -const size_t mbedtls_test_srv_crt_rsa_sha1_der_len = - sizeof( mbedtls_test_srv_crt_rsa_sha1_der ); -const size_t mbedtls_test_srv_crt_rsa_sha256_der_len = - sizeof( mbedtls_test_srv_crt_rsa_sha256_der ); - -/* - * Client - */ - -const char mbedtls_test_cli_crt_ec_pem[] = TEST_CLI_CRT_EC_PEM; -const char mbedtls_test_cli_key_ec_pem[] = TEST_CLI_KEY_EC_PEM; -const char mbedtls_test_cli_pwd_ec_pem[] = ""; -const char mbedtls_test_cli_key_rsa_pem[] = TEST_CLI_KEY_RSA_PEM; -const char mbedtls_test_cli_pwd_rsa_pem[] = ""; -const char mbedtls_test_cli_crt_rsa_pem[] = TEST_CLI_CRT_RSA_PEM; - -const unsigned char mbedtls_test_cli_crt_ec_der[] = TEST_CLI_CRT_EC_DER; -const unsigned char mbedtls_test_cli_key_ec_der[] = TEST_CLI_KEY_EC_DER; -const unsigned char mbedtls_test_cli_key_rsa_der[] = TEST_CLI_KEY_RSA_DER; -const unsigned char mbedtls_test_cli_crt_rsa_der[] = TEST_CLI_CRT_RSA_DER; - -const size_t mbedtls_test_cli_crt_ec_pem_len = - sizeof( mbedtls_test_cli_crt_ec_pem ); -const size_t mbedtls_test_cli_key_ec_pem_len = - sizeof( mbedtls_test_cli_key_ec_pem ); -const size_t mbedtls_test_cli_pwd_ec_pem_len = - sizeof( mbedtls_test_cli_pwd_ec_pem ) - 1; -const size_t mbedtls_test_cli_key_rsa_pem_len = - sizeof( mbedtls_test_cli_key_rsa_pem ); -const size_t mbedtls_test_cli_pwd_rsa_pem_len = - sizeof( mbedtls_test_cli_pwd_rsa_pem ) - 1; -const size_t mbedtls_test_cli_crt_rsa_pem_len = - sizeof( mbedtls_test_cli_crt_rsa_pem ); - -const size_t mbedtls_test_cli_crt_ec_der_len = - sizeof( mbedtls_test_cli_crt_ec_der ); -const size_t mbedtls_test_cli_key_ec_der_len = - sizeof( mbedtls_test_cli_key_ec_der ); -const size_t mbedtls_test_cli_key_rsa_der_len = - sizeof( mbedtls_test_cli_key_rsa_der ); -const size_t mbedtls_test_cli_crt_rsa_der_len = - sizeof( mbedtls_test_cli_crt_rsa_der ); - -/* - * - * Definitions of test CRTs without specification of all parameters, choosing - * them automatically according to the config. For example, mbedtls_test_ca_crt - * is one of mbedtls_test_ca_crt_{rsa|ec}_{sha1|sha256}_{pem|der}. - * - */ - -/* - * Dispatch between PEM and DER according to config - */ - -#if defined(MBEDTLS_PEM_PARSE_C) - -/* PEM encoded test CA certificates and keys */ - -#define TEST_CA_KEY_RSA TEST_CA_KEY_RSA_PEM -#define TEST_CA_PWD_RSA TEST_CA_PWD_RSA_PEM -#define TEST_CA_CRT_RSA_SHA256 TEST_CA_CRT_RSA_SHA256_PEM -#define TEST_CA_CRT_RSA_SHA1 TEST_CA_CRT_RSA_SHA1_PEM -#define TEST_CA_KEY_EC TEST_CA_KEY_EC_PEM -#define TEST_CA_PWD_EC TEST_CA_PWD_EC_PEM -#define TEST_CA_CRT_EC TEST_CA_CRT_EC_PEM - -/* PEM encoded test server certificates and keys */ - -#define TEST_SRV_KEY_RSA TEST_SRV_KEY_RSA_PEM -#define TEST_SRV_PWD_RSA "" -#define TEST_SRV_CRT_RSA_SHA256 TEST_SRV_CRT_RSA_SHA256_PEM -#define TEST_SRV_CRT_RSA_SHA1 TEST_SRV_CRT_RSA_SHA1_PEM -#define TEST_SRV_KEY_EC TEST_SRV_KEY_EC_PEM -#define TEST_SRV_PWD_EC "" -#define TEST_SRV_CRT_EC TEST_SRV_CRT_EC_PEM - -/* PEM encoded test client certificates and keys */ - -#define TEST_CLI_KEY_RSA TEST_CLI_KEY_RSA_PEM -#define TEST_CLI_PWD_RSA "" -#define TEST_CLI_CRT_RSA TEST_CLI_CRT_RSA_PEM -#define TEST_CLI_KEY_EC TEST_CLI_KEY_EC_PEM -#define TEST_CLI_PWD_EC "" -#define TEST_CLI_CRT_EC TEST_CLI_CRT_EC_PEM - -#else /* MBEDTLS_PEM_PARSE_C */ - -/* DER encoded test CA certificates and keys */ - -#define TEST_CA_KEY_RSA TEST_CA_KEY_RSA_DER -#define TEST_CA_PWD_RSA "" -#define TEST_CA_CRT_RSA_SHA256 TEST_CA_CRT_RSA_SHA256_DER -#define TEST_CA_CRT_RSA_SHA1 TEST_CA_CRT_RSA_SHA1_DER -#define TEST_CA_KEY_EC TEST_CA_KEY_EC_DER -#define TEST_CA_PWD_EC "" -#define TEST_CA_CRT_EC TEST_CA_CRT_EC_DER - -/* DER encoded test server certificates and keys */ - -#define TEST_SRV_KEY_RSA TEST_SRV_KEY_RSA_DER -#define TEST_SRV_PWD_RSA "" -#define TEST_SRV_CRT_RSA_SHA256 TEST_SRV_CRT_RSA_SHA256_DER -#define TEST_SRV_CRT_RSA_SHA1 TEST_SRV_CRT_RSA_SHA1_DER -#define TEST_SRV_KEY_EC TEST_SRV_KEY_EC_DER -#define TEST_SRV_PWD_EC "" -#define TEST_SRV_CRT_EC TEST_SRV_CRT_EC_DER - -/* DER encoded test client certificates and keys */ - -#define TEST_CLI_KEY_RSA TEST_CLI_KEY_RSA_DER -#define TEST_CLI_PWD_RSA "" -#define TEST_CLI_CRT_RSA TEST_CLI_CRT_RSA_DER -#define TEST_CLI_KEY_EC TEST_CLI_KEY_EC_DER -#define TEST_CLI_PWD_EC "" -#define TEST_CLI_CRT_EC TEST_CLI_CRT_EC_DER - -#endif /* MBEDTLS_PEM_PARSE_C */ - -const char mbedtls_test_ca_key_rsa[] = TEST_CA_KEY_RSA; -const char mbedtls_test_ca_pwd_rsa[] = TEST_CA_PWD_RSA; -const char mbedtls_test_ca_crt_rsa_sha256[] = TEST_CA_CRT_RSA_SHA256; -const char mbedtls_test_ca_crt_rsa_sha1[] = TEST_CA_CRT_RSA_SHA1; -const char mbedtls_test_ca_key_ec[] = TEST_CA_KEY_EC; -const char mbedtls_test_ca_pwd_ec[] = TEST_CA_PWD_EC; -const char mbedtls_test_ca_crt_ec[] = TEST_CA_CRT_EC; - -const char mbedtls_test_srv_key_rsa[] = TEST_SRV_KEY_RSA; -const char mbedtls_test_srv_pwd_rsa[] = TEST_SRV_PWD_RSA; -const char mbedtls_test_srv_crt_rsa_sha256[] = TEST_SRV_CRT_RSA_SHA256; -const char mbedtls_test_srv_crt_rsa_sha1[] = TEST_SRV_CRT_RSA_SHA1; -const char mbedtls_test_srv_key_ec[] = TEST_SRV_KEY_EC; -const char mbedtls_test_srv_pwd_ec[] = TEST_SRV_PWD_EC; -const char mbedtls_test_srv_crt_ec[] = TEST_SRV_CRT_EC; - -const char mbedtls_test_cli_key_rsa[] = TEST_CLI_KEY_RSA; -const char mbedtls_test_cli_pwd_rsa[] = TEST_CLI_PWD_RSA; -const char mbedtls_test_cli_crt_rsa[] = TEST_CLI_CRT_RSA; -const char mbedtls_test_cli_key_ec[] = TEST_CLI_KEY_EC; -const char mbedtls_test_cli_pwd_ec[] = TEST_CLI_PWD_EC; -const char mbedtls_test_cli_crt_ec[] = TEST_CLI_CRT_EC; - -const size_t mbedtls_test_ca_key_rsa_len = - sizeof( mbedtls_test_ca_key_rsa ); -const size_t mbedtls_test_ca_pwd_rsa_len = - sizeof( mbedtls_test_ca_pwd_rsa ) - 1; -const size_t mbedtls_test_ca_crt_rsa_sha256_len = - sizeof( mbedtls_test_ca_crt_rsa_sha256 ); -const size_t mbedtls_test_ca_crt_rsa_sha1_len = - sizeof( mbedtls_test_ca_crt_rsa_sha1 ); -const size_t mbedtls_test_ca_key_ec_len = - sizeof( mbedtls_test_ca_key_ec ); -const size_t mbedtls_test_ca_pwd_ec_len = - sizeof( mbedtls_test_ca_pwd_ec ) - 1; -const size_t mbedtls_test_ca_crt_ec_len = - sizeof( mbedtls_test_ca_crt_ec ); - -const size_t mbedtls_test_srv_key_rsa_len = - sizeof( mbedtls_test_srv_key_rsa ); -const size_t mbedtls_test_srv_pwd_rsa_len = - sizeof( mbedtls_test_srv_pwd_rsa ) -1; -const size_t mbedtls_test_srv_crt_rsa_sha256_len = - sizeof( mbedtls_test_srv_crt_rsa_sha256 ); -const size_t mbedtls_test_srv_crt_rsa_sha1_len = - sizeof( mbedtls_test_srv_crt_rsa_sha1 ); -const size_t mbedtls_test_srv_key_ec_len = - sizeof( mbedtls_test_srv_key_ec ); -const size_t mbedtls_test_srv_pwd_ec_len = - sizeof( mbedtls_test_srv_pwd_ec ) - 1; -const size_t mbedtls_test_srv_crt_ec_len = - sizeof( mbedtls_test_srv_crt_ec ); - -const size_t mbedtls_test_cli_key_rsa_len = - sizeof( mbedtls_test_cli_key_rsa ); -const size_t mbedtls_test_cli_pwd_rsa_len = - sizeof( mbedtls_test_cli_pwd_rsa ) - 1; -const size_t mbedtls_test_cli_crt_rsa_len = - sizeof( mbedtls_test_cli_crt_rsa ); -const size_t mbedtls_test_cli_key_ec_len = - sizeof( mbedtls_test_cli_key_ec ); -const size_t mbedtls_test_cli_pwd_ec_len = - sizeof( mbedtls_test_cli_pwd_ec ) - 1; -const size_t mbedtls_test_cli_crt_ec_len = - sizeof( mbedtls_test_cli_crt_ec ); - -/* - * Dispatch between SHA-1 and SHA-256 - */ - -#if defined(MBEDTLS_SHA256_C) -#define TEST_CA_CRT_RSA TEST_CA_CRT_RSA_SHA256 -#define TEST_SRV_CRT_RSA TEST_SRV_CRT_RSA_SHA256 -#else -#define TEST_CA_CRT_RSA TEST_CA_CRT_RSA_SHA1 -#define TEST_SRV_CRT_RSA TEST_SRV_CRT_RSA_SHA1 -#endif /* MBEDTLS_SHA256_C */ - -const char mbedtls_test_ca_crt_rsa[] = TEST_CA_CRT_RSA; -const char mbedtls_test_srv_crt_rsa[] = TEST_SRV_CRT_RSA; - -const size_t mbedtls_test_ca_crt_rsa_len = - sizeof( mbedtls_test_ca_crt_rsa ); -const size_t mbedtls_test_srv_crt_rsa_len = - sizeof( mbedtls_test_srv_crt_rsa ); - -/* - * Dispatch between RSA and EC - */ - -#if defined(MBEDTLS_RSA_C) - -#define TEST_CA_KEY TEST_CA_KEY_RSA -#define TEST_CA_PWD TEST_CA_PWD_RSA -#define TEST_CA_CRT TEST_CA_CRT_RSA - -#define TEST_SRV_KEY TEST_SRV_KEY_RSA -#define TEST_SRV_PWD TEST_SRV_PWD_RSA -#define TEST_SRV_CRT TEST_SRV_CRT_RSA - -#define TEST_CLI_KEY TEST_CLI_KEY_RSA -#define TEST_CLI_PWD TEST_CLI_PWD_RSA -#define TEST_CLI_CRT TEST_CLI_CRT_RSA - -#else /* no RSA, so assume ECDSA */ - -#define TEST_CA_KEY TEST_CA_KEY_EC -#define TEST_CA_PWD TEST_CA_PWD_EC -#define TEST_CA_CRT TEST_CA_CRT_EC - -#define TEST_SRV_KEY TEST_SRV_KEY_EC -#define TEST_SRV_PWD TEST_SRV_PWD_EC -#define TEST_SRV_CRT TEST_SRV_CRT_EC - -#define TEST_CLI_KEY TEST_CLI_KEY_EC -#define TEST_CLI_PWD TEST_CLI_PWD_EC -#define TEST_CLI_CRT TEST_CLI_CRT_EC -#endif /* MBEDTLS_RSA_C */ - -/* API stability forces us to declare - * mbedtls_test_{ca|srv|cli}_{key|pwd|crt} - * as pointers. */ -static const char test_ca_key[] = TEST_CA_KEY; -static const char test_ca_pwd[] = TEST_CA_PWD; -static const char test_ca_crt[] = TEST_CA_CRT; - -static const char test_srv_key[] = TEST_SRV_KEY; -static const char test_srv_pwd[] = TEST_SRV_PWD; -static const char test_srv_crt[] = TEST_SRV_CRT; - -static const char test_cli_key[] = TEST_CLI_KEY; -static const char test_cli_pwd[] = TEST_CLI_PWD; -static const char test_cli_crt[] = TEST_CLI_CRT; - -const char *mbedtls_test_ca_key = test_ca_key; -const char *mbedtls_test_ca_pwd = test_ca_pwd; -const char *mbedtls_test_ca_crt = test_ca_crt; - -const char *mbedtls_test_srv_key = test_srv_key; -const char *mbedtls_test_srv_pwd = test_srv_pwd; -const char *mbedtls_test_srv_crt = test_srv_crt; - -const char *mbedtls_test_cli_key = test_cli_key; -const char *mbedtls_test_cli_pwd = test_cli_pwd; -const char *mbedtls_test_cli_crt = test_cli_crt; - -const size_t mbedtls_test_ca_key_len = - sizeof( test_ca_key ); -const size_t mbedtls_test_ca_pwd_len = - sizeof( test_ca_pwd ) - 1; -const size_t mbedtls_test_ca_crt_len = - sizeof( test_ca_crt ); - -const size_t mbedtls_test_srv_key_len = - sizeof( test_srv_key ); -const size_t mbedtls_test_srv_pwd_len = - sizeof( test_srv_pwd ) - 1; -const size_t mbedtls_test_srv_crt_len = - sizeof( test_srv_crt ); - -const size_t mbedtls_test_cli_key_len = - sizeof( test_cli_key ); -const size_t mbedtls_test_cli_pwd_len = - sizeof( test_cli_pwd ) - 1; -const size_t mbedtls_test_cli_crt_len = - sizeof( test_cli_crt ); - -/* - * - * Lists of certificates - * - */ - -/* List of CAs in PEM or DER, depending on config */ -const char * mbedtls_test_cas[] = { -#if defined(MBEDTLS_RSA_C) && defined(MBEDTLS_SHA1_C) - mbedtls_test_ca_crt_rsa_sha1, -#endif -#if defined(MBEDTLS_RSA_C) && defined(MBEDTLS_SHA256_C) - mbedtls_test_ca_crt_rsa_sha256, -#endif -#if defined(MBEDTLS_ECDSA_C) - mbedtls_test_ca_crt_ec, -#endif - NULL -}; -const size_t mbedtls_test_cas_len[] = { -#if defined(MBEDTLS_RSA_C) && defined(MBEDTLS_SHA1_C) - sizeof( mbedtls_test_ca_crt_rsa_sha1 ), -#endif -#if defined(MBEDTLS_RSA_C) && defined(MBEDTLS_SHA256_C) - sizeof( mbedtls_test_ca_crt_rsa_sha256 ), -#endif -#if defined(MBEDTLS_ECDSA_C) - sizeof( mbedtls_test_ca_crt_ec ), -#endif - 0 -}; - -/* List of all available CA certificates in DER format */ -const unsigned char * mbedtls_test_cas_der[] = { -#if defined(MBEDTLS_RSA_C) -#if defined(MBEDTLS_SHA256_C) - mbedtls_test_ca_crt_rsa_sha256_der, -#endif /* MBEDTLS_SHA256_C */ -#if defined(MBEDTLS_SHA1_C) - mbedtls_test_ca_crt_rsa_sha1_der, -#endif /* MBEDTLS_SHA1_C */ -#endif /* MBEDTLS_RSA_C */ -#if defined(MBEDTLS_ECDSA_C) - mbedtls_test_ca_crt_ec_der, -#endif /* MBEDTLS_ECDSA_C */ - NULL -}; - -const size_t mbedtls_test_cas_der_len[] = { -#if defined(MBEDTLS_RSA_C) -#if defined(MBEDTLS_SHA256_C) - sizeof( mbedtls_test_ca_crt_rsa_sha256_der ), -#endif /* MBEDTLS_SHA256_C */ -#if defined(MBEDTLS_SHA1_C) - sizeof( mbedtls_test_ca_crt_rsa_sha1_der ), -#endif /* MBEDTLS_SHA1_C */ -#endif /* MBEDTLS_RSA_C */ -#if defined(MBEDTLS_ECDSA_C) - sizeof( mbedtls_test_ca_crt_ec_der ), -#endif /* MBEDTLS_ECDSA_C */ - 0 -}; - -/* Concatenation of all available CA certificates in PEM format */ -#if defined(MBEDTLS_PEM_PARSE_C) -const char mbedtls_test_cas_pem[] = -#if defined(MBEDTLS_RSA_C) -#if defined(MBEDTLS_SHA256_C) - TEST_CA_CRT_RSA_SHA256_PEM -#endif /* MBEDTLS_SHA256_C */ -#if defined(MBEDTLS_SHA1_C) - TEST_CA_CRT_RSA_SHA1_PEM -#endif /* MBEDTLS_SHA1_C */ -#endif /* MBEDTLS_RSA_C */ -#if defined(MBEDTLS_ECDSA_C) - TEST_CA_CRT_EC_PEM -#endif /* MBEDTLS_ECDSA_C */ - ""; -const size_t mbedtls_test_cas_pem_len = sizeof( mbedtls_test_cas_pem ); -#endif /* MBEDTLS_PEM_PARSE_C */ diff --git a/certs.h b/certs.h deleted file mode 100644 index 281eaf13..00000000 --- a/certs.h +++ /dev/null @@ -1,246 +0,0 @@ -/** - * \file certs.h - * - * \brief Sample certificates and DHM parameters for testing - */ -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -#ifndef MBEDTLS_CERTS_H -#define MBEDTLS_CERTS_H - -#include - -#include - -#ifdef __cplusplus -extern "C" { -#endif - -/* List of all PEM-encoded CA certificates, terminated by NULL; - * PEM encoded if MBEDTLS_PEM_PARSE_C is enabled, DER encoded - * otherwise. */ -extern const char * mbedtls_test_cas[]; -extern const size_t mbedtls_test_cas_len[]; - -/* List of all DER-encoded CA certificates, terminated by NULL */ -extern const unsigned char * mbedtls_test_cas_der[]; -extern const size_t mbedtls_test_cas_der_len[]; - -#if defined(MBEDTLS_PEM_PARSE_C) -/* Concatenation of all CA certificates in PEM format if available */ -extern const char mbedtls_test_cas_pem[]; -extern const size_t mbedtls_test_cas_pem_len; -#endif /* MBEDTLS_PEM_PARSE_C */ - -/* - * CA test certificates - */ - -extern const char mbedtls_test_ca_crt_ec_pem[]; -extern const char mbedtls_test_ca_key_ec_pem[]; -extern const char mbedtls_test_ca_pwd_ec_pem[]; -extern const char mbedtls_test_ca_key_rsa_pem[]; -extern const char mbedtls_test_ca_pwd_rsa_pem[]; -extern const char mbedtls_test_ca_crt_rsa_sha1_pem[]; -extern const char mbedtls_test_ca_crt_rsa_sha256_pem[]; - -extern const unsigned char mbedtls_test_ca_crt_ec_der[]; -extern const unsigned char mbedtls_test_ca_key_ec_der[]; -extern const unsigned char mbedtls_test_ca_key_rsa_der[]; -extern const unsigned char mbedtls_test_ca_crt_rsa_sha1_der[]; -extern const unsigned char mbedtls_test_ca_crt_rsa_sha256_der[]; - -extern const size_t mbedtls_test_ca_crt_ec_pem_len; -extern const size_t mbedtls_test_ca_key_ec_pem_len; -extern const size_t mbedtls_test_ca_pwd_ec_pem_len; -extern const size_t mbedtls_test_ca_key_rsa_pem_len; -extern const size_t mbedtls_test_ca_pwd_rsa_pem_len; -extern const size_t mbedtls_test_ca_crt_rsa_sha1_pem_len; -extern const size_t mbedtls_test_ca_crt_rsa_sha256_pem_len; - -extern const size_t mbedtls_test_ca_crt_ec_der_len; -extern const size_t mbedtls_test_ca_key_ec_der_len; -extern const size_t mbedtls_test_ca_pwd_ec_der_len; -extern const size_t mbedtls_test_ca_key_rsa_der_len; -extern const size_t mbedtls_test_ca_pwd_rsa_der_len; -extern const size_t mbedtls_test_ca_crt_rsa_sha1_der_len; -extern const size_t mbedtls_test_ca_crt_rsa_sha256_der_len; - -/* Config-dependent dispatch between PEM and DER encoding - * (PEM if enabled, otherwise DER) */ - -extern const char mbedtls_test_ca_crt_ec[]; -extern const char mbedtls_test_ca_key_ec[]; -extern const char mbedtls_test_ca_pwd_ec[]; -extern const char mbedtls_test_ca_key_rsa[]; -extern const char mbedtls_test_ca_pwd_rsa[]; -extern const char mbedtls_test_ca_crt_rsa_sha1[]; -extern const char mbedtls_test_ca_crt_rsa_sha256[]; - -extern const size_t mbedtls_test_ca_crt_ec_len; -extern const size_t mbedtls_test_ca_key_ec_len; -extern const size_t mbedtls_test_ca_pwd_ec_len; -extern const size_t mbedtls_test_ca_key_rsa_len; -extern const size_t mbedtls_test_ca_pwd_rsa_len; -extern const size_t mbedtls_test_ca_crt_rsa_sha1_len; -extern const size_t mbedtls_test_ca_crt_rsa_sha256_len; - -/* Config-dependent dispatch between SHA-1 and SHA-256 - * (SHA-256 if enabled, otherwise SHA-1) */ - -extern const char mbedtls_test_ca_crt_rsa[]; -extern const size_t mbedtls_test_ca_crt_rsa_len; - -/* Config-dependent dispatch between EC and RSA - * (RSA if enabled, otherwise EC) */ - -extern const char * mbedtls_test_ca_crt; -extern const char * mbedtls_test_ca_key; -extern const char * mbedtls_test_ca_pwd; -extern const size_t mbedtls_test_ca_crt_len; -extern const size_t mbedtls_test_ca_key_len; -extern const size_t mbedtls_test_ca_pwd_len; - -/* - * Server test certificates - */ - -extern const char mbedtls_test_srv_crt_ec_pem[]; -extern const char mbedtls_test_srv_key_ec_pem[]; -extern const char mbedtls_test_srv_pwd_ec_pem[]; -extern const char mbedtls_test_srv_key_rsa_pem[]; -extern const char mbedtls_test_srv_pwd_rsa_pem[]; -extern const char mbedtls_test_srv_crt_rsa_sha1_pem[]; -extern const char mbedtls_test_srv_crt_rsa_sha256_pem[]; - -extern const unsigned char mbedtls_test_srv_crt_ec_der[]; -extern const unsigned char mbedtls_test_srv_key_ec_der[]; -extern const unsigned char mbedtls_test_srv_key_rsa_der[]; -extern const unsigned char mbedtls_test_srv_crt_rsa_sha1_der[]; -extern const unsigned char mbedtls_test_srv_crt_rsa_sha256_der[]; - -extern const size_t mbedtls_test_srv_crt_ec_pem_len; -extern const size_t mbedtls_test_srv_key_ec_pem_len; -extern const size_t mbedtls_test_srv_pwd_ec_pem_len; -extern const size_t mbedtls_test_srv_key_rsa_pem_len; -extern const size_t mbedtls_test_srv_pwd_rsa_pem_len; -extern const size_t mbedtls_test_srv_crt_rsa_sha1_pem_len; -extern const size_t mbedtls_test_srv_crt_rsa_sha256_pem_len; - -extern const size_t mbedtls_test_srv_crt_ec_der_len; -extern const size_t mbedtls_test_srv_key_ec_der_len; -extern const size_t mbedtls_test_srv_pwd_ec_der_len; -extern const size_t mbedtls_test_srv_key_rsa_der_len; -extern const size_t mbedtls_test_srv_pwd_rsa_der_len; -extern const size_t mbedtls_test_srv_crt_rsa_sha1_der_len; -extern const size_t mbedtls_test_srv_crt_rsa_sha256_der_len; - -/* Config-dependent dispatch between PEM and DER encoding - * (PEM if enabled, otherwise DER) */ - -extern const char mbedtls_test_srv_crt_ec[]; -extern const char mbedtls_test_srv_key_ec[]; -extern const char mbedtls_test_srv_pwd_ec[]; -extern const char mbedtls_test_srv_key_rsa[]; -extern const char mbedtls_test_srv_pwd_rsa[]; -extern const char mbedtls_test_srv_crt_rsa_sha1[]; -extern const char mbedtls_test_srv_crt_rsa_sha256[]; - -extern const size_t mbedtls_test_srv_crt_ec_len; -extern const size_t mbedtls_test_srv_key_ec_len; -extern const size_t mbedtls_test_srv_pwd_ec_len; -extern const size_t mbedtls_test_srv_key_rsa_len; -extern const size_t mbedtls_test_srv_pwd_rsa_len; -extern const size_t mbedtls_test_srv_crt_rsa_sha1_len; -extern const size_t mbedtls_test_srv_crt_rsa_sha256_len; - -/* Config-dependent dispatch between SHA-1 and SHA-256 - * (SHA-256 if enabled, otherwise SHA-1) */ - -extern const char mbedtls_test_srv_crt_rsa[]; -extern const size_t mbedtls_test_srv_crt_rsa_len; - -/* Config-dependent dispatch between EC and RSA - * (RSA if enabled, otherwise EC) */ - -extern const char * mbedtls_test_srv_crt; -extern const char * mbedtls_test_srv_key; -extern const char * mbedtls_test_srv_pwd; -extern const size_t mbedtls_test_srv_crt_len; -extern const size_t mbedtls_test_srv_key_len; -extern const size_t mbedtls_test_srv_pwd_len; - -/* - * Client test certificates - */ - -extern const char mbedtls_test_cli_crt_ec_pem[]; -extern const char mbedtls_test_cli_key_ec_pem[]; -extern const char mbedtls_test_cli_pwd_ec_pem[]; -extern const char mbedtls_test_cli_key_rsa_pem[]; -extern const char mbedtls_test_cli_pwd_rsa_pem[]; -extern const char mbedtls_test_cli_crt_rsa_pem[]; - -extern const unsigned char mbedtls_test_cli_crt_ec_der[]; -extern const unsigned char mbedtls_test_cli_key_ec_der[]; -extern const unsigned char mbedtls_test_cli_key_rsa_der[]; -extern const unsigned char mbedtls_test_cli_crt_rsa_der[]; - -extern const size_t mbedtls_test_cli_crt_ec_pem_len; -extern const size_t mbedtls_test_cli_key_ec_pem_len; -extern const size_t mbedtls_test_cli_pwd_ec_pem_len; -extern const size_t mbedtls_test_cli_key_rsa_pem_len; -extern const size_t mbedtls_test_cli_pwd_rsa_pem_len; -extern const size_t mbedtls_test_cli_crt_rsa_pem_len; - -extern const size_t mbedtls_test_cli_crt_ec_der_len; -extern const size_t mbedtls_test_cli_key_ec_der_len; -extern const size_t mbedtls_test_cli_key_rsa_der_len; -extern const size_t mbedtls_test_cli_crt_rsa_der_len; - -/* Config-dependent dispatch between PEM and DER encoding - * (PEM if enabled, otherwise DER) */ - -extern const char mbedtls_test_cli_crt_ec[]; -extern const char mbedtls_test_cli_key_ec[]; -extern const char mbedtls_test_cli_pwd_ec[]; -extern const char mbedtls_test_cli_key_rsa[]; -extern const char mbedtls_test_cli_pwd_rsa[]; -extern const char mbedtls_test_cli_crt_rsa[]; - -extern const size_t mbedtls_test_cli_crt_ec_len; -extern const size_t mbedtls_test_cli_key_ec_len; -extern const size_t mbedtls_test_cli_pwd_ec_len; -extern const size_t mbedtls_test_cli_key_rsa_len; -extern const size_t mbedtls_test_cli_pwd_rsa_len; -extern const size_t mbedtls_test_cli_crt_rsa_len; - -/* Config-dependent dispatch between EC and RSA - * (RSA if enabled, otherwise EC) */ - -extern const char * mbedtls_test_cli_crt; -extern const char * mbedtls_test_cli_key; -extern const char * mbedtls_test_cli_pwd; -extern const size_t mbedtls_test_cli_crt_len; -extern const size_t mbedtls_test_cli_key_len; -extern const size_t mbedtls_test_cli_pwd_len; - -#ifdef __cplusplus -} -#endif - -#endif /* certs.h */ diff --git a/docker/Dockerfile b/docker/Dockerfile deleted file mode 100644 index a8ef91ef..00000000 --- a/docker/Dockerfile +++ /dev/null @@ -1,37 +0,0 @@ -FROM phusion/baseimage:0.11 - -CMD ["/sbin/my_init"] - -WORKDIR /app - -RUN apt-get -y update && apt-get install -y wget make g++ dh-autoreconf pkg-config cmake - -RUN wget https://github.com/jedisct1/libsodium/releases/download/1.0.16/libsodium-1.0.16.tar.gz && \ - tar -zxvf libsodium-*.tar.gz && \ - cd libsodium-* && \ - ./configure && \ - make -j32 && make check && \ - make install && \ - cd .. && \ - rm -rf libsodium* && \ - ldconfig - -RUN wget https://github.com/premake/premake-core/releases/download/v5.0.0-alpha13/premake-5.0.0-alpha13-linux.tar.gz && \ - tar -zxvf premake-*.tar.gz && \ - rm premake-*.tar.gz && \ - mv premake5 /usr/local/bin - -RUN wget https://github.com/ARMmbed/mbedtls/archive/mbedtls-2.13.0.tar.gz && \ - tar -zxvf mbedtls-*.tar.gz && \ - cd mbedtls-mbedtls-* && \ - cmake . && \ - make -j32 && make install && \ - ldconfig - -ADD yojimbo /app/yojimbo - -RUN cd yojimbo && find . -exec touch {} \; && premake5 gmake && make -j32 test server config=release_x64 && ./bin/test && cp /app/yojimbo/bin/* /app && rm -rf yojimbo - -ENTRYPOINT ./test && ./server - -RUN apt-get clean && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* diff --git a/docker/buildServer.bat b/docker/buildServer.bat deleted file mode 100644 index ef5eb8d4..00000000 --- a/docker/buildServer.bat +++ /dev/null @@ -1,2 +0,0 @@ -@echo off -docker build -t "networkprotocol:yojimbo-server" . diff --git a/docker/copyFiles.bat b/docker/copyFiles.bat deleted file mode 100644 index 198bb194..00000000 --- a/docker/copyFiles.bat +++ /dev/null @@ -1,12 +0,0 @@ -@echo off -rmdir /s /q yojimbo -mkdir yojimbo -mkdir yojimbo\tests -copy ..\*.h yojimbo -copy ..\*.cpp yojimbo -copy ..\premake5.lua yojimbo -robocopy /MIR /DCOPY:T ..\tlsf yojimbo\tlsf -robocopy /MIR /DCOPY:T ..\netcode.io yojimbo\netcode.io -robocopy /MIR /DCOPY:T ..\reliable.io yojimbo\reliable.io -REM because robocopy sometimes sets non-zero error codes on successful operation. what the actual fuck windows -cmd /c "exit /b 0" diff --git a/docker/runServer.bat b/docker/runServer.bat deleted file mode 100644 index a4e00325..00000000 --- a/docker/runServer.bat +++ /dev/null @@ -1,2 +0,0 @@ -@echo off -docker run -ti -p 40000:40000/udp networkprotocol:yojimbo-server \ No newline at end of file diff --git a/netcode.io b/netcode.io deleted file mode 160000 index 8849a752..00000000 --- a/netcode.io +++ /dev/null @@ -1 +0,0 @@ -Subproject commit 8849a7523819f471e2c9fccb947b400e1593a034 diff --git a/netcode/netcode.c b/netcode/netcode.c new file mode 100755 index 00000000..230c599a --- /dev/null +++ b/netcode/netcode.c @@ -0,0 +1,8963 @@ +/* + netcode reference implementation + + Copyright © 2017 - 2024, Mas Bandwidth LLC + + Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer + in the documentation and/or other materials provided with the distribution. + + 3. Neither the name of the copyright holder nor the names of its contributors may be used to endorse or promote products derived + from this software without specific prior written permission. + + THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR + SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, + WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE + USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +*/ + +#include "netcode.h" +#include +#include +#include +#include +#include +#include +#include + +#ifdef _MSC_VER +#define SODIUM_STATIC +#pragma warning(disable:4996) +#endif // #ifdef _MSC_VER + +#include + +#define NETCODE_SOCKET_IPV6 1 +#define NETCODE_SOCKET_IPV4 2 + +#define NETCODE_CONNECT_TOKEN_NONCE_BYTES 24 +#define NETCODE_CONNECT_TOKEN_PRIVATE_BYTES 1024 +#define NETCODE_CHALLENGE_TOKEN_BYTES 300 +#define NETCODE_VERSION_INFO_BYTES 13 +#define NETCODE_MAX_PACKET_BYTES 1300 +#define NETCODE_MAX_PAYLOAD_BYTES 1200 +#define NETCODE_MAX_ADDRESS_STRING_LENGTH 256 +#define NETCODE_PACKET_QUEUE_SIZE 256 +#define NETCODE_REPLAY_PROTECTION_BUFFER_SIZE 256 +#define NETCODE_CLIENT_MAX_RECEIVE_PACKETS 64 +#define NETCODE_SERVER_MAX_RECEIVE_PACKETS ( 64 * NETCODE_MAX_CLIENTS ) +#define NETCODE_CLIENT_SOCKET_SNDBUF_SIZE ( 256 * 1024 ) +#define NETCODE_CLIENT_SOCKET_RCVBUF_SIZE ( 256 * 1024 ) +#define NETCODE_SERVER_SOCKET_SNDBUF_SIZE ( 4 * 1024 * 1024 ) +#define NETCODE_SERVER_SOCKET_RCVBUF_SIZE ( 4 * 1024 * 1024 ) + +#define NETCODE_VERSION_INFO ( (uint8_t*) "NETCODE 1.02" ) +#define NETCODE_PACKET_SEND_RATE 10.0 +#define NETCODE_NUM_DISCONNECT_PACKETS 10 + +#ifndef NETCODE_ENABLE_TESTS +#define NETCODE_ENABLE_TESTS 0 +#endif // #ifndef NETCODE_ENABLE_TESTS + +#ifndef NETCODE_ENABLE_LOGGING +#define NETCODE_ENABLE_LOGGING 1 +#endif // #ifndef NETCODE_ENABLE_LOGGING + +// ------------------------------------------------------------------ + +static void netcode_default_assert_handler( NETCODE_CONST char * condition, NETCODE_CONST char * function, NETCODE_CONST char * file, int line ) +{ + printf( "assert failed: ( %s ), function %s, file %s, line %d\n", condition, function, file, line ); + #if defined( __GNUC__ ) + __builtin_trap(); + #elif defined( _MSC_VER ) + __debugbreak(); + #endif + exit( 1 ); +} + +static int log_level; +static int (*printf_function)( NETCODE_CONST char *, ... ) = ( int (*)( NETCODE_CONST char *, ... ) ) printf; +void (*netcode_assert_function)( NETCODE_CONST char *, NETCODE_CONST char *, NETCODE_CONST char * file, int line ) = netcode_default_assert_handler; + +void netcode_log_level( int level ) +{ + log_level = level; +} + +void netcode_set_printf_function( int (*function)( NETCODE_CONST char *, ... ) ) +{ + netcode_assert( function ); + printf_function = function; +} + +void netcode_set_assert_function( void (*function)( NETCODE_CONST char *, NETCODE_CONST char *, NETCODE_CONST char * file, int line ) ) +{ + netcode_assert_function = function; +} + +#if NETCODE_ENABLE_LOGGING + +void netcode_printf( int level, NETCODE_CONST char * format, ... ) +{ + if ( level > log_level ) + return; + va_list args; + va_start( args, format ); + char buffer[4*1024]; + vsnprintf( buffer, sizeof(buffer), format, args ); + printf_function( "%s", buffer ); + va_end( args ); +} + +#else // #if NETCODE_ENABLE_LOGGING + +void netcode_printf( int level, NETCODE_CONST char * format, ... ) +{ + (void) level; + (void) format; +} + +#endif // #if NETCODE_ENABLE_LOGGING + +void * netcode_default_allocate_function( void * context, uint64_t bytes ) +{ + (void) context; + return malloc( bytes ); +} + +void netcode_default_free_function( void * context, void * pointer ) +{ + (void) context; + free( pointer ); +} + +// ------------------------------------------------------------------ + +#if NETCODE_PLATFORM == NETCODE_PLATFORM_WINDOWS + + #define NOMINMAX + #define _WINSOCK_DEPRECATED_NO_WARNINGS + #include + #include + #include + #include + #pragma comment( lib, "WS2_32.lib" ) + #pragma comment( lib, "IPHLPAPI.lib" ) + + #ifdef SetPort + #undef SetPort + #endif // #ifdef SetPort + + #include + #pragma comment( lib, "IPHLPAPI.lib" ) + +#elif NETCODE_PLATFORM == NETCODE_PLATFORM_MAC || NETCODE_PLATFORM == NETCODE_PLATFORM_UNIX + + #include + #include + #include + #include + #include + #include + #include + #include + #include + #include + #include + +#else + + #error netcode - unknown platform! + +#endif + +// ---------------------------------------------------------------- + +#ifdef __MINGW32__ + const char *inet_ntop(int af, const void *src, char *dst, socklen_t cnt) + { + if ( af == AF_INET ) + { + struct sockaddr_in in; + memset(&in, 0, sizeof(in)); + in.sin_family = AF_INET; + memcpy(&in.sin_addr, src, sizeof(struct in_addr)); + getnameinfo((struct sockaddr *)&in, sizeof(struct sockaddr_in), dst, cnt, NULL, 0, NI_NUMERICHOST); + return dst; + } + else if ( af == AF_INET6 ) + { + struct sockaddr_in6 in; + memset(&in, 0, sizeof(in)); + in.sin6_family = AF_INET6; + memcpy(&in.sin6_addr, src, sizeof(struct in_addr6)); + getnameinfo((struct sockaddr *)&in, sizeof(struct sockaddr_in6), dst, cnt, NULL, 0, NI_NUMERICHOST); + return dst; + } + + return NULL; + } + + #define NS_INADDRSZ 4 + #define NS_IN6ADDRSZ 16 + #define NS_INT16SZ 2 + + int inet_pton4(const char *src, char *dst) + { + uint8_t tmp[NS_INADDRSZ], *tp; + int saw_digit = 0; + int octets = 0; + *(tp = tmp) = 0; + int ch; + + while ((ch = *src++) != '\0') + { + if ( ch >= '0' && ch <= '9' ) + { + uint32_t n = *tp * 10 + (ch - '0'); + + if ( saw_digit && *tp == 0 ) + return 0; + if ( n > 255 ) + return 0; + *tp = n; + if ( !saw_digit ) + { + if ( ++octets > 4 ) + return 0; + saw_digit = 1; + } + } + else if ( ch == '.' && saw_digit ) + { + if ( octets == 4 ) + return 0; + *++tp = 0; + saw_digit = 0; + } + else + return 0; + } + if ( octets < 4 ) + return 0; + + memcpy(dst, tmp, NS_INADDRSZ); + + return 1; + } + + int inet_pton6(const char *src, char *dst) + { + static const char xdigits[] = "0123456789abcdef"; + uint8_t tmp[NS_IN6ADDRSZ]; + uint8_t *tp = (uint8_t*) memset(tmp, '\0', NS_IN6ADDRSZ); + uint8_t *endp = tp + NS_IN6ADDRSZ; + uint8_t *colonp = NULL; + + // Leading :: requires some special handling + if ( *src == ':' ) + { + if ( *++src != ':' ) + return 0; + } + + const char *curtok = src; + int saw_xdigit = 0; + uint32_t val = 0; + int ch; + + while ( (ch = tolower(*src++)) != '\0' ) + { + const char *pch = strchr(xdigits, ch); + if ( pch != NULL ) + { + val <<= 4; + val |= (pch - xdigits); + if ( val > 0xffff ) + return 0; + saw_xdigit = 1; + continue; + } + if ( ch == ':' ) + { + curtok = src; + if ( !saw_xdigit ) + { + if ( colonp ) + return 0; + colonp = tp; + continue; + } + else if ( *src == '\0' ) + { + return 0; + } + if ( tp + NS_INT16SZ > endp ) + return 0; + *tp++ = (uint8_t) (val >> 8) & 0xff; + *tp++ = (uint8_t) val & 0xff; + saw_xdigit = 0; + val = 0; + continue; + } + if ( ch == '.' && ((tp + NS_INADDRSZ) <= endp) && inet_pton4(curtok, (char*) tp) > 0 ) + { + tp += NS_INADDRSZ; + saw_xdigit = 0; + break; + } + return 0; + } + + if ( saw_xdigit ) + { + if ( tp + NS_INT16SZ > endp ) + return 0; + *tp++ = (uint8_t) (val >> 8) & 0xff; + *tp++ = (uint8_t) val & 0xff; + } + + if ( colonp != NULL ) + { + const int n = tp - colonp; + if ( tp == endp ) + return 0; + for (int i = 1; i <= n; i++) + { + endp[-i] = colonp[n - i]; + colonp[n - i] = 0; + } + tp = endp; + } + if ( tp != endp ) + return 0; + + memcpy(dst, tmp, NS_IN6ADDRSZ); + + return 1; + } + + int inet_pton(int af, const char *src, void *dst) + { + switch ( af ) + { + case AF_INET: + return inet_pton4(src, (char *) dst); + + case AF_INET6: + return inet_pton6(src, (char *) dst); + + default: + return -1; + } + } +#endif + +// ---------------------------------------------------------------- + +int netcode_parse_address( NETCODE_CONST char * address_string_in, struct netcode_address_t * address ) +{ + netcode_assert( address_string_in ); + netcode_assert( address ); + + memset( address, 0, sizeof( struct netcode_address_t ) ); + + // first try to parse the string as an IPv6 address: + // 1. if the first character is '[' then it's probably an ipv6 in form "[addr6]:portnum" + // 2. otherwise try to parse as a raw IPv6 address using inet_pton + + #define NETCODE_ADDRESS_BUFFER_SAFETY 32 + + char buffer[NETCODE_MAX_ADDRESS_STRING_LENGTH + NETCODE_ADDRESS_BUFFER_SAFETY*2]; + + char * address_string = buffer + NETCODE_ADDRESS_BUFFER_SAFETY; + strncpy( address_string, address_string_in, NETCODE_MAX_ADDRESS_STRING_LENGTH - 1 ); + address_string[NETCODE_MAX_ADDRESS_STRING_LENGTH-1] = '\0'; + + int address_string_length = (int) strlen( address_string ); + + if ( address_string[0] == '[' ) + { + int base_index = address_string_length - 1; + + int i; + for ( i = 0; i < 6; ++i ) // note: no need to search past 6 characters as ":65535" is longest possible port value + { + int index = base_index - i; + if ( index < 3 ) + return NETCODE_ERROR; + if ( address_string[index] == ':' ) + { + address->port = (uint16_t) ( atoi( &address_string[index + 1] ) ); + address_string[index-1] = '\0'; + } + } + address_string += 1; + } + + struct in6_addr sockaddr6; + if ( inet_pton( AF_INET6, address_string, &sockaddr6 ) == 1 ) + { + address->type = NETCODE_ADDRESS_IPV6; + int i; + for ( i = 0; i < 8; ++i ) + { + address->data.ipv6[i] = ntohs( ( (uint16_t*) &sockaddr6 ) [i] ); + } + return NETCODE_OK; + } + + // otherwise it's probably an IPv4 address: + // 1. look for ":portnum", if found save the portnum and strip it out + // 2. parse remaining ipv4 address via inet_pton + + address_string_length = (int) strlen( address_string ); + int base_index = address_string_length - 1; + int i; + for ( i = 0; i < 6; ++i ) + { + int index = base_index - i; + if ( index < 0 ) + break; + if ( address_string[index] == ':' ) + { + address->port = (uint16_t) atoi( &address_string[index+1] ); + address_string[index] = '\0'; + } + } + + struct sockaddr_in sockaddr4; + if ( inet_pton( AF_INET, address_string, &sockaddr4.sin_addr ) == 1 ) + { + address->type = NETCODE_ADDRESS_IPV4; + address->data.ipv4[3] = (uint8_t) ( ( sockaddr4.sin_addr.s_addr & 0xFF000000 ) >> 24 ); + address->data.ipv4[2] = (uint8_t) ( ( sockaddr4.sin_addr.s_addr & 0x00FF0000 ) >> 16 ); + address->data.ipv4[1] = (uint8_t) ( ( sockaddr4.sin_addr.s_addr & 0x0000FF00 ) >> 8 ); + address->data.ipv4[0] = (uint8_t) ( ( sockaddr4.sin_addr.s_addr & 0x000000FF ) ); + return NETCODE_OK; + } + + return NETCODE_ERROR; +} + +char * netcode_address_to_string( struct netcode_address_t * address, char * buffer ) +{ + netcode_assert( address ); + netcode_assert( buffer ); + + if ( address->type == NETCODE_ADDRESS_IPV6 ) + { + if ( address->port == 0 ) + { + uint16_t ipv6_network_order[8]; + int i; + for ( i = 0; i < 8; ++i ) + ipv6_network_order[i] = htons( address->data.ipv6[i] ); + inet_ntop( AF_INET6, (void*) ipv6_network_order, buffer, NETCODE_MAX_ADDRESS_STRING_LENGTH ); + return buffer; + } + else + { + char address_string[INET6_ADDRSTRLEN]; + uint16_t ipv6_network_order[8]; + int i; + for ( i = 0; i < 8; ++i ) + ipv6_network_order[i] = htons( address->data.ipv6[i] ); + inet_ntop( AF_INET6, (void*) ipv6_network_order, address_string, INET6_ADDRSTRLEN ); + snprintf( buffer, NETCODE_MAX_ADDRESS_STRING_LENGTH, "[%s]:%d", address_string, address->port ); + return buffer; + } + } + else if ( address->type == NETCODE_ADDRESS_IPV4 ) + { + if ( address->port != 0 ) + { + snprintf( buffer, NETCODE_MAX_ADDRESS_STRING_LENGTH, "%d.%d.%d.%d:%d", + address->data.ipv4[0], + address->data.ipv4[1], + address->data.ipv4[2], + address->data.ipv4[3], + address->port ); + } + else + { + snprintf( buffer, NETCODE_MAX_ADDRESS_STRING_LENGTH, "%d.%d.%d.%d", + address->data.ipv4[0], + address->data.ipv4[1], + address->data.ipv4[2], + address->data.ipv4[3] ); + } + return buffer; + } + else + { + snprintf( buffer, NETCODE_MAX_ADDRESS_STRING_LENGTH, "%s", "NONE" ); + return buffer; + } +} + +int netcode_address_equal( struct netcode_address_t * a, struct netcode_address_t * b ) +{ + netcode_assert( a ); + netcode_assert( b ); + + if ( a->type != b->type ) + return 0; + + if ( a->port != b->port ) + return 0; + + if ( a->type == NETCODE_ADDRESS_IPV4 ) + { + int i; + for ( i = 0; i < 4; ++i ) + { + if ( a->data.ipv4[i] != b->data.ipv4[i] ) + return 0; + } + } + else if ( a->type == NETCODE_ADDRESS_IPV6 ) + { + int i; + for ( i = 0; i < 8; ++i ) + { + if ( a->data.ipv6[i] != b->data.ipv6[i] ) + return 0; + } + } + else + { + return 0; + } + + return 1; +} + +// ---------------------------------------------------------------- + +struct netcode_t +{ + int initialized; +}; + +static struct netcode_t netcode; + +int netcode_init() +{ + netcode_assert( !netcode.initialized ); + +#if NETCODE_PLATFORM == NETCODE_PLATFORM_WINDOWS + WSADATA WsaData; + if ( WSAStartup( MAKEWORD(2,2), &WsaData ) != NO_ERROR ) + return NETCODE_ERROR; +#endif // #if NETCODE_PLATFORM == NETCODE_PLATFORM_WINDOWS + + if ( sodium_init() == -1 ) + return NETCODE_ERROR; + + netcode.initialized = 1; + + return NETCODE_OK; +} + +void netcode_term() +{ + netcode_assert( netcode.initialized ); + +#if NETCODE_PLATFORM == NETCODE_PLATFORM_WINDOWS + WSACleanup(); +#endif // #if NETCODE_PLATFORM == NETCODE_PLATFORM_WINDOWS + + netcode.initialized = 0; +} + +// ---------------------------------------------------------------- + +#if NETCODE_PLATFORM == NETCODE_PLATFORM_WINDOWS +typedef uint64_t netcode_socket_handle_t; +#else // #if NETCODE_PLATFORM == NETCODE_PLATFORM_WINDOWS +typedef int netcode_socket_handle_t; +#endif // #if NETCODE_PLATFORM == NETCODe_PLATFORM_WINDOWS + +struct netcode_socket_t +{ + struct netcode_address_t address; + netcode_socket_handle_t handle; +}; + + +struct netcode_socket_holder_t +{ + struct netcode_socket_t ipv4; + struct netcode_socket_t ipv6; +}; + +#define NETCODE_SOCKET_ERROR_NONE 0 +#define NETCODE_SOCKET_ERROR_CREATE_FAILED 1 +#define NETCODE_SOCKET_ERROR_SET_NON_BLOCKING_FAILED 2 +#define NETCODE_SOCKET_ERROR_SOCKOPT_IPV6_ONLY_FAILED 3 +#define NETCODE_SOCKET_ERROR_SOCKOPT_RCVBUF_FAILED 4 +#define NETCODE_SOCKET_ERROR_SOCKOPT_SNDBUF_FAILED 5 +#define NETCODE_SOCKET_ERROR_BIND_IPV4_FAILED 6 +#define NETCODE_SOCKET_ERROR_BIND_IPV6_FAILED 7 +#define NETCODE_SOCKET_ERROR_GET_SOCKNAME_IPV4_FAILED 8 +#define NETCODE_SOCKET_ERROR_GET_SOCKNAME_IPV6_FAILED 7 + +void netcode_socket_destroy( struct netcode_socket_t * socket ) +{ + netcode_assert( socket ); + netcode_assert( netcode.initialized ); + + if ( socket->handle != 0 ) + { + #if NETCODE_PLATFORM == NETCODE_PLATFORM_MAC || NETCODE_PLATFORM == NETCODE_PLATFORM_UNIX + close( socket->handle ); + #elif NETCODE_PLATFORM == NETCODE_PLATFORM_WINDOWS + closesocket( socket->handle ); + #else + #error unsupported platform + #endif + socket->handle = 0; + } +} + +int netcode_socket_create( struct netcode_socket_t * s, struct netcode_address_t * address, int send_buffer_size, int receive_buffer_size ) +{ + netcode_assert( s ); + netcode_assert( address ); + netcode_assert( netcode.initialized ); + + netcode_assert( address->type != NETCODE_ADDRESS_NONE ); + + s->address = *address; + + // create socket + + s->handle = socket( ( address->type == NETCODE_ADDRESS_IPV6 ) ? AF_INET6 : AF_INET, SOCK_DGRAM, IPPROTO_UDP ); + +#if NETCODE_PLATFORM == NETCODE_PLATFORM_WINDOWS + if ( s->handle == INVALID_SOCKET ) +#else // #if NETCODE_PLATFORM == NETCODE_PLATFORM_WINDOWS + if ( s->handle <= 0 ) +#endif // #if NETCODE_PLATFORM == NETCODE_PLATFORM_WINDOWS + { + netcode_printf( NETCODE_LOG_LEVEL_ERROR, "error: failed to create socket\n" ); + return NETCODE_SOCKET_ERROR_CREATE_FAILED; + } + + // IMPORTANT: tell windows we don't want to receive any connection reset messages + // for this socket, otherwise recvfrom errors out when client sockets disconnect hard + // in response to ICMP messages. +#if NETCODE_PLATFORM == NETCODE_PLATFORM_WINDOWS + #define SIO_UDP_CONNRESET _WSAIOW(IOC_VENDOR, 12) + BOOL bNewBehavior = FALSE; + DWORD dwBytesReturned = 0; + WSAIoctl( s->handle, SIO_UDP_CONNRESET, &bNewBehavior, sizeof(bNewBehavior), NULL, 0, &dwBytesReturned, NULL, NULL ); +#endif + + // force IPv6 only if necessary + + if ( address->type == NETCODE_ADDRESS_IPV6 ) + { + int yes = 1; + if ( setsockopt( s->handle, IPPROTO_IPV6, IPV6_V6ONLY, (char*)&yes, sizeof(yes) ) != 0 ) + { + netcode_printf( NETCODE_LOG_LEVEL_ERROR, "error: failed to set socket ipv6 only\n" ); + netcode_socket_destroy( s ); + return NETCODE_SOCKET_ERROR_SOCKOPT_IPV6_ONLY_FAILED; + } + } + + // increase socket send and receive buffer sizes + + if ( setsockopt( s->handle, SOL_SOCKET, SO_SNDBUF, (char*)&send_buffer_size, sizeof(int) ) != 0 ) + { + netcode_printf( NETCODE_LOG_LEVEL_ERROR, "error: failed to set socket send buffer size\n" ); + netcode_socket_destroy( s ); + return NETCODE_SOCKET_ERROR_SOCKOPT_SNDBUF_FAILED; + } + + if ( setsockopt( s->handle, SOL_SOCKET, SO_RCVBUF, (char*)&receive_buffer_size, sizeof(int) ) != 0 ) + { + netcode_printf( NETCODE_LOG_LEVEL_ERROR, "error: failed to set socket receive buffer size\n" ); + netcode_socket_destroy( s ); + return NETCODE_SOCKET_ERROR_SOCKOPT_RCVBUF_FAILED; + } + + // bind to port + + if ( address->type == NETCODE_ADDRESS_IPV6 ) + { + struct sockaddr_in6 socket_address; + memset( &socket_address, 0, sizeof( struct sockaddr_in6 ) ); + socket_address.sin6_family = AF_INET6; + int i; + for ( i = 0; i < 8; ++i ) + { + ( (uint16_t*) &socket_address.sin6_addr ) [i] = htons( address->data.ipv6[i] ); + } + socket_address.sin6_port = htons( address->port ); + + if ( bind( s->handle, (struct sockaddr*) &socket_address, sizeof( socket_address ) ) < 0 ) + { + netcode_printf( NETCODE_LOG_LEVEL_ERROR, "error: failed to bind socket (ipv6)\n" ); + netcode_socket_destroy( s ); + return NETCODE_SOCKET_ERROR_BIND_IPV6_FAILED; + } + } + else + { + struct sockaddr_in socket_address; + memset( &socket_address, 0, sizeof( socket_address ) ); + socket_address.sin_family = AF_INET; + socket_address.sin_addr.s_addr = ( ( (uint32_t) address->data.ipv4[0] ) ) | + ( ( (uint32_t) address->data.ipv4[1] ) << 8 ) | + ( ( (uint32_t) address->data.ipv4[2] ) << 16 ) | + ( ( (uint32_t) address->data.ipv4[3] ) << 24 ); + socket_address.sin_port = htons( address->port ); + + if ( bind( s->handle, (struct sockaddr*) &socket_address, sizeof( socket_address ) ) < 0 ) + { + netcode_printf( NETCODE_LOG_LEVEL_ERROR, "error: failed to bind socket (ipv4)\n" ); + netcode_socket_destroy( s ); + return NETCODE_SOCKET_ERROR_BIND_IPV4_FAILED; + } + } + + // if bound to port 0 find the actual port we got + + if ( address->port == 0 ) + { + if ( address->type == NETCODE_ADDRESS_IPV6 ) + { + struct sockaddr_in6 sin; + socklen_t len = sizeof( sin ); + if ( getsockname( s->handle, (struct sockaddr*)&sin, &len ) == -1 ) + { + netcode_printf( NETCODE_LOG_LEVEL_ERROR, "error: failed to get socket port (ipv6)\n" ); + netcode_socket_destroy( s ); + return NETCODE_SOCKET_ERROR_GET_SOCKNAME_IPV6_FAILED; + } + s->address.port = ntohs( sin.sin6_port ); + } + else + { + struct sockaddr_in sin; + socklen_t len = sizeof( sin ); + if ( getsockname( s->handle, (struct sockaddr*)&sin, &len ) == -1 ) + { + netcode_printf( NETCODE_LOG_LEVEL_ERROR, "error: failed to get socket port (ipv4)\n" ); + netcode_socket_destroy( s ); + return NETCODE_SOCKET_ERROR_GET_SOCKNAME_IPV4_FAILED; + } + s->address.port = ntohs( sin.sin_port ); + } + } + + // set non-blocking io + +#if NETCODE_PLATFORM == NETCODE_PLATFORM_MAC || NETCODE_PLATFORM == NETCODE_PLATFORM_UNIX + + int non_blocking = 1; + if ( fcntl( s->handle, F_SETFL, O_NONBLOCK, non_blocking ) == -1 ) + { + netcode_socket_destroy( s ); + return NETCODE_SOCKET_ERROR_SET_NON_BLOCKING_FAILED; + } + +#elif NETCODE_PLATFORM == NETCODE_PLATFORM_WINDOWS + + DWORD nonBlocking = 1; + if ( ioctlsocket( s->handle, FIONBIO, &nonBlocking ) != 0 ) + { + netcode_socket_destroy( s ); + return NETCODE_SOCKET_ERROR_SET_NON_BLOCKING_FAILED; + } + +#else + + #error unsupported platform + +#endif + + return NETCODE_SOCKET_ERROR_NONE; +} + +void netcode_socket_send_packet( struct netcode_socket_t * socket, struct netcode_address_t * to, void * packet_data, int packet_bytes ) +{ + netcode_assert( socket ); + netcode_assert( socket->handle != 0 ); + netcode_assert( to ); + netcode_assert( to->type == NETCODE_ADDRESS_IPV6 || to->type == NETCODE_ADDRESS_IPV4 ); + netcode_assert( packet_data ); + netcode_assert( packet_bytes > 0 ); + + if ( to->type == NETCODE_ADDRESS_IPV6 ) + { + struct sockaddr_in6 socket_address; + memset( &socket_address, 0, sizeof( socket_address ) ); + socket_address.sin6_family = AF_INET6; + int i; + for ( i = 0; i < 8; ++i ) + { + ( (uint16_t*) &socket_address.sin6_addr ) [i] = htons( to->data.ipv6[i] ); + } + socket_address.sin6_port = htons( to->port ); + int result = sendto( socket->handle, (char*) packet_data, packet_bytes, 0, (struct sockaddr*) &socket_address, sizeof( struct sockaddr_in6 ) ); + (void) result; + } + else if ( to->type == NETCODE_ADDRESS_IPV4 ) + { + struct sockaddr_in socket_address; + memset( &socket_address, 0, sizeof( socket_address ) ); + socket_address.sin_family = AF_INET; + socket_address.sin_addr.s_addr = ( ( (uint32_t) to->data.ipv4[0] ) ) | + ( ( (uint32_t) to->data.ipv4[1] ) << 8 ) | + ( ( (uint32_t) to->data.ipv4[2] ) << 16 ) | + ( ( (uint32_t) to->data.ipv4[3] ) << 24 ); + socket_address.sin_port = htons( to->port ); + int result = sendto( socket->handle, (NETCODE_CONST char*) packet_data, packet_bytes, 0, (struct sockaddr*) &socket_address, sizeof( struct sockaddr_in ) ); + (void) result; + } +} + +int netcode_socket_receive_packet( struct netcode_socket_t * socket, struct netcode_address_t * from, void * packet_data, int max_packet_size ) +{ + netcode_assert( socket ); + netcode_assert( socket->handle != 0 ); + netcode_assert( from ); + netcode_assert( packet_data ); + netcode_assert( max_packet_size > 0 ); + +#if NETCODE_PLATFORM == NETCODE_PLATFORM_WINDOWS + typedef int socklen_t; +#endif // #if NETCODE_PLATFORM == NETCODE_PLATFORM_WINDOWS + + struct sockaddr_storage sockaddr_from; + socklen_t from_length = sizeof( sockaddr_from ); + + int result = recvfrom( socket->handle, (char*) packet_data, max_packet_size, 0, (struct sockaddr*) &sockaddr_from, &from_length ); + +#if NETCODE_PLATFORM == NETCODE_PLATFORM_WINDOWS + if ( result == SOCKET_ERROR ) + { + int error = WSAGetLastError(); + + if ( error == WSAEWOULDBLOCK ) + return 0; + + netcode_printf( NETCODE_LOG_LEVEL_ERROR, "error: recvfrom failed with error %d\n", error ); + + return 0; + } +#else // #if NETCODE_PLATFORM == NETCODE_PLATFORM_WINDOWS + if ( result <= 0 ) + { + if ( errno == EAGAIN ) + return 0; + + netcode_printf( NETCODE_LOG_LEVEL_ERROR, "error: recvfrom failed with error %d\n", errno ); + + return 0; + } +#endif // #if NETCODE_PLATFORM == NETCODE_PLATFORM_WINDOWS + + if ( sockaddr_from.ss_family == AF_INET6 ) + { + struct sockaddr_in6 * addr_ipv6 = (struct sockaddr_in6*) &sockaddr_from; + from->type = NETCODE_ADDRESS_IPV6; + int i; + for ( i = 0; i < 8; ++i ) + { + from->data.ipv6[i] = ntohs( ( (uint16_t*) &addr_ipv6->sin6_addr ) [i] ); + } + from->port = ntohs( addr_ipv6->sin6_port ); + } + else if ( sockaddr_from.ss_family == AF_INET ) + { + struct sockaddr_in * addr_ipv4 = (struct sockaddr_in*) &sockaddr_from; + from->type = NETCODE_ADDRESS_IPV4; + from->data.ipv4[0] = (uint8_t) ( ( addr_ipv4->sin_addr.s_addr & 0x000000FF ) ); + from->data.ipv4[1] = (uint8_t) ( ( addr_ipv4->sin_addr.s_addr & 0x0000FF00 ) >> 8 ); + from->data.ipv4[2] = (uint8_t) ( ( addr_ipv4->sin_addr.s_addr & 0x00FF0000 ) >> 16 ); + from->data.ipv4[3] = (uint8_t) ( ( addr_ipv4->sin_addr.s_addr & 0xFF000000 ) >> 24 ); + from->port = ntohs( addr_ipv4->sin_port ); + } + else + { + netcode_assert( 0 ); + return 0; + } + + netcode_assert( result >= 0 ); + + int bytes_read = result; + + return bytes_read; +} + +// ---------------------------------------------------------------- + +void netcode_write_uint8( uint8_t ** p, uint8_t value ) +{ + **p = value; + ++(*p); +} + +void netcode_write_uint16( uint8_t ** p, uint16_t value ) +{ + (*p)[0] = value & 0xFF; + (*p)[1] = value >> 8; + *p += 2; +} + +void netcode_write_uint32( uint8_t ** p, uint32_t value ) +{ + (*p)[0] = value & 0xFF; + (*p)[1] = ( value >> 8 ) & 0xFF; + (*p)[2] = ( value >> 16 ) & 0xFF; + (*p)[3] = value >> 24; + *p += 4; +} + +void netcode_write_uint64( uint8_t ** p, uint64_t value ) +{ + (*p)[0] = value & 0xFF; + (*p)[1] = ( value >> 8 ) & 0xFF; + (*p)[2] = ( value >> 16 ) & 0xFF; + (*p)[3] = ( value >> 24 ) & 0xFF; + (*p)[4] = ( value >> 32 ) & 0xFF; + (*p)[5] = ( value >> 40 ) & 0xFF; + (*p)[6] = ( value >> 48 ) & 0xFF; + (*p)[7] = value >> 56; + *p += 8; +} + +void netcode_write_bytes( uint8_t ** p, uint8_t * byte_array, int num_bytes ) +{ + int i; + for ( i = 0; i < num_bytes; ++i ) + { + netcode_write_uint8( p, byte_array[i] ); + } +} + +uint8_t netcode_read_uint8( uint8_t ** p ) +{ + uint8_t value = **p; + ++(*p); + return value; +} + +uint16_t netcode_read_uint16( uint8_t ** p ) +{ + uint16_t value; + value = (*p)[0]; + value |= ( ( (uint16_t)( (*p)[1] ) ) << 8 ); + *p += 2; + return value; +} + +uint32_t netcode_read_uint32( uint8_t ** p ) +{ + uint32_t value; + value = (*p)[0]; + value |= ( ( (uint32_t)( (*p)[1] ) ) << 8 ); + value |= ( ( (uint32_t)( (*p)[2] ) ) << 16 ); + value |= ( ( (uint32_t)( (*p)[3] ) ) << 24 ); + *p += 4; + return value; +} + +uint64_t netcode_read_uint64( uint8_t ** p ) +{ + uint64_t value; + value = (*p)[0]; + value |= ( ( (uint64_t)( (*p)[1] ) ) << 8 ); + value |= ( ( (uint64_t)( (*p)[2] ) ) << 16 ); + value |= ( ( (uint64_t)( (*p)[3] ) ) << 24 ); + value |= ( ( (uint64_t)( (*p)[4] ) ) << 32 ); + value |= ( ( (uint64_t)( (*p)[5] ) ) << 40 ); + value |= ( ( (uint64_t)( (*p)[6] ) ) << 48 ); + value |= ( ( (uint64_t)( (*p)[7] ) ) << 56 ); + *p += 8; + return value; +} + +void netcode_read_bytes( uint8_t ** p, uint8_t * byte_array, int num_bytes ) +{ + int i; + for ( i = 0; i < num_bytes; ++i ) + { + byte_array[i] = netcode_read_uint8( p ); + } +} + +// ---------------------------------------------------------------- + +void netcode_generate_key( uint8_t * key ) +{ + netcode_assert( key ); + randombytes_buf( key, NETCODE_KEY_BYTES ); +} + +void netcode_generate_nonce( uint8_t * nonce ) +{ + netcode_assert( nonce ); + randombytes_buf( nonce, NETCODE_CONNECT_TOKEN_NONCE_BYTES ); +} + +void netcode_random_bytes( uint8_t * data, int bytes ) +{ + netcode_assert( data ); + netcode_assert( bytes > 0 ); + randombytes_buf( data, bytes ); +} + +int netcode_encrypt_aead_bignonce( uint8_t * message, uint64_t message_length, + uint8_t * additional, uint64_t additional_length, + NETCODE_CONST uint8_t * nonce, + NETCODE_CONST uint8_t * key ) +{ + unsigned long long encrypted_length; + + int result = crypto_aead_xchacha20poly1305_ietf_encrypt( message, &encrypted_length, + message, (unsigned long long) message_length, + additional, (unsigned long long) additional_length, + NULL, nonce, key ); + + if ( result != 0 ) + return NETCODE_ERROR; + + netcode_assert( encrypted_length == message_length + NETCODE_MAC_BYTES ); + + return NETCODE_OK; +} + +int netcode_decrypt_aead_bignonce( uint8_t * message, uint64_t message_length, + uint8_t * additional, uint64_t additional_length, + uint8_t * nonce, + uint8_t * key ) +{ + unsigned long long decrypted_length; + + int result = crypto_aead_xchacha20poly1305_ietf_decrypt( message, &decrypted_length, + NULL, + message, (unsigned long long) message_length, + additional, (unsigned long long) additional_length, + nonce, key ); + + if ( result != 0 ) + return NETCODE_ERROR; + + netcode_assert( decrypted_length == message_length - NETCODE_MAC_BYTES ); + + return NETCODE_OK; +} + +int netcode_encrypt_aead( uint8_t * message, uint64_t message_length, + uint8_t * additional, uint64_t additional_length, + NETCODE_CONST uint8_t * nonce, + NETCODE_CONST uint8_t * key ) +{ + unsigned long long encrypted_length; + + int result = crypto_aead_chacha20poly1305_ietf_encrypt( message, &encrypted_length, + message, (unsigned long long) message_length, + additional, (unsigned long long) additional_length, + NULL, nonce, key ); + + if ( result != 0 ) + return NETCODE_ERROR; + + netcode_assert( encrypted_length == message_length + NETCODE_MAC_BYTES ); + + return NETCODE_OK; +} + +int netcode_decrypt_aead( uint8_t * message, uint64_t message_length, + uint8_t * additional, uint64_t additional_length, + uint8_t * nonce, + uint8_t * key ) +{ + unsigned long long decrypted_length; + + int result = crypto_aead_chacha20poly1305_ietf_decrypt( message, &decrypted_length, + NULL, + message, (unsigned long long) message_length, + additional, (unsigned long long) additional_length, + nonce, key ); + + if ( result != 0 ) + return NETCODE_ERROR; + + netcode_assert( decrypted_length == message_length - NETCODE_MAC_BYTES ); + + return NETCODE_OK; +} + +// ---------------------------------------------------------------- + +struct netcode_connect_token_private_t +{ + uint64_t client_id; + int timeout_seconds; + int num_server_addresses; + struct netcode_address_t server_addresses[NETCODE_MAX_SERVERS_PER_CONNECT]; + uint8_t client_to_server_key[NETCODE_KEY_BYTES]; + uint8_t server_to_client_key[NETCODE_KEY_BYTES]; + uint8_t user_data[NETCODE_USER_DATA_BYTES]; +}; + +void netcode_generate_connect_token_private( struct netcode_connect_token_private_t * connect_token, + uint64_t client_id, + int timeout_seconds, + int num_server_addresses, + struct netcode_address_t * server_addresses, + uint8_t * user_data ) +{ + netcode_assert( connect_token ); + netcode_assert( num_server_addresses > 0 ); + netcode_assert( num_server_addresses <= NETCODE_MAX_SERVERS_PER_CONNECT ); + netcode_assert( server_addresses ); + netcode_assert( user_data ); + + connect_token->client_id = client_id; + connect_token->timeout_seconds = timeout_seconds; + connect_token->num_server_addresses = num_server_addresses; + + int i; + for ( i = 0; i < num_server_addresses; ++i ) + { + memcpy( &connect_token->server_addresses[i], &server_addresses[i], sizeof( struct netcode_address_t ) ); + } + + netcode_generate_key( connect_token->client_to_server_key ); + netcode_generate_key( connect_token->server_to_client_key ); + + if ( user_data != NULL ) + { + memcpy( connect_token->user_data, user_data, NETCODE_USER_DATA_BYTES ); + } + else + { + memset( connect_token->user_data, 0, NETCODE_USER_DATA_BYTES ); + } +} + +void netcode_write_connect_token_private( struct netcode_connect_token_private_t * connect_token, uint8_t * buffer, int buffer_length ) +{ + (void) buffer_length; + + netcode_assert( connect_token ); + netcode_assert( connect_token->num_server_addresses > 0 ); + netcode_assert( connect_token->num_server_addresses <= NETCODE_MAX_SERVERS_PER_CONNECT ); + netcode_assert( buffer ); + netcode_assert( buffer_length >= NETCODE_CONNECT_TOKEN_PRIVATE_BYTES ); + + uint8_t * start = buffer; + + (void) start; + + netcode_write_uint64( &buffer, connect_token->client_id ); + + netcode_write_uint32( &buffer, connect_token->timeout_seconds ); + + netcode_write_uint32( &buffer, connect_token->num_server_addresses ); + + int i,j; + + for ( i = 0; i < connect_token->num_server_addresses; ++i ) + { + if ( connect_token->server_addresses[i].type == NETCODE_ADDRESS_IPV4 ) + { + netcode_write_uint8( &buffer, NETCODE_ADDRESS_IPV4 ); + for ( j = 0; j < 4; ++j ) + { + netcode_write_uint8( &buffer, connect_token->server_addresses[i].data.ipv4[j] ); + } + netcode_write_uint16( &buffer, connect_token->server_addresses[i].port ); + } + else if ( connect_token->server_addresses[i].type == NETCODE_ADDRESS_IPV6 ) + { + netcode_write_uint8( &buffer, NETCODE_ADDRESS_IPV6 ); + for ( j = 0; j < 8; ++j ) + { + netcode_write_uint16( &buffer, connect_token->server_addresses[i].data.ipv6[j] ); + } + netcode_write_uint16( &buffer, connect_token->server_addresses[i].port ); + } + else + { + netcode_assert( 0 ); + } + } + + netcode_write_bytes( &buffer, connect_token->client_to_server_key, NETCODE_KEY_BYTES ); + + netcode_write_bytes( &buffer, connect_token->server_to_client_key, NETCODE_KEY_BYTES ); + + netcode_write_bytes( &buffer, connect_token->user_data, NETCODE_USER_DATA_BYTES ); + + netcode_assert( buffer - start <= NETCODE_CONNECT_TOKEN_PRIVATE_BYTES - NETCODE_MAC_BYTES ); + + memset( buffer, 0, NETCODE_CONNECT_TOKEN_PRIVATE_BYTES - ( buffer - start ) ); +} + +int netcode_encrypt_connect_token_private( uint8_t * buffer, + int buffer_length, + uint8_t * version_info, + uint64_t protocol_id, + uint64_t expire_timestamp, + NETCODE_CONST uint8_t * nonce, + NETCODE_CONST uint8_t * key ) +{ + netcode_assert( buffer ); + netcode_assert( buffer_length == NETCODE_CONNECT_TOKEN_PRIVATE_BYTES ); + netcode_assert( key ); + + (void) buffer_length; + + uint8_t additional_data[NETCODE_VERSION_INFO_BYTES+8+8]; + { + uint8_t * p = additional_data; + netcode_write_bytes( &p, version_info, NETCODE_VERSION_INFO_BYTES ); + netcode_write_uint64( &p, protocol_id ); + netcode_write_uint64( &p, expire_timestamp ); + } + + return netcode_encrypt_aead_bignonce( buffer, NETCODE_CONNECT_TOKEN_PRIVATE_BYTES - NETCODE_MAC_BYTES, additional_data, sizeof( additional_data ), nonce, key ); +} + +int netcode_decrypt_connect_token_private( uint8_t * buffer, + int buffer_length, + uint8_t * version_info, + uint64_t protocol_id, + uint64_t expire_timestamp, + uint8_t * nonce, + uint8_t * key ) +{ + netcode_assert( buffer ); + netcode_assert( buffer_length == NETCODE_CONNECT_TOKEN_PRIVATE_BYTES ); + netcode_assert( key ); + + (void) buffer_length; + + uint8_t additional_data[NETCODE_VERSION_INFO_BYTES+8+8]; + { + uint8_t * p = additional_data; + netcode_write_bytes( &p, version_info, NETCODE_VERSION_INFO_BYTES ); + netcode_write_uint64( &p, protocol_id ); + netcode_write_uint64( &p, expire_timestamp ); + } + return netcode_decrypt_aead_bignonce( buffer, NETCODE_CONNECT_TOKEN_PRIVATE_BYTES, additional_data, sizeof( additional_data ), nonce, key ); +} + +int netcode_read_connect_token_private( uint8_t * buffer, int buffer_length, struct netcode_connect_token_private_t * connect_token ) +{ + netcode_assert( buffer ); + netcode_assert( connect_token ); + + if ( buffer_length < NETCODE_CONNECT_TOKEN_PRIVATE_BYTES ) + return NETCODE_ERROR; + + connect_token->client_id = netcode_read_uint64( &buffer ); + + connect_token->timeout_seconds = (int) netcode_read_uint32( &buffer ); + + connect_token->num_server_addresses = netcode_read_uint32( &buffer ); + + if ( connect_token->num_server_addresses <= 0 ) + return NETCODE_ERROR; + + if ( connect_token->num_server_addresses > NETCODE_MAX_SERVERS_PER_CONNECT ) + return NETCODE_ERROR; + + int i,j; + + for ( i = 0; i < connect_token->num_server_addresses; ++i ) + { + connect_token->server_addresses[i].type = netcode_read_uint8( &buffer ); + + if ( connect_token->server_addresses[i].type == NETCODE_ADDRESS_IPV4 ) + { + for ( j = 0; j < 4; ++j ) + { + connect_token->server_addresses[i].data.ipv4[j] = netcode_read_uint8( &buffer ); + } + connect_token->server_addresses[i].port = netcode_read_uint16( &buffer ); + } + else if ( connect_token->server_addresses[i].type == NETCODE_ADDRESS_IPV6 ) + { + for ( j = 0; j < 8; ++j ) + { + connect_token->server_addresses[i].data.ipv6[j] = netcode_read_uint16( &buffer ); + } + connect_token->server_addresses[i].port = netcode_read_uint16( &buffer ); + } + else + { + return NETCODE_ERROR; + } + } + + netcode_read_bytes( &buffer, connect_token->client_to_server_key, NETCODE_KEY_BYTES ); + + netcode_read_bytes( &buffer, connect_token->server_to_client_key, NETCODE_KEY_BYTES ); + + netcode_read_bytes( &buffer, connect_token->user_data, NETCODE_USER_DATA_BYTES ); + + return NETCODE_OK; +} + +// ----------------------------------------------- + +struct netcode_challenge_token_t +{ + uint64_t client_id; + uint8_t user_data[NETCODE_USER_DATA_BYTES]; +}; + +void netcode_write_challenge_token( struct netcode_challenge_token_t * challenge_token, uint8_t * buffer, int buffer_length ) +{ + (void) buffer_length; + + netcode_assert( challenge_token ); + netcode_assert( buffer ); + netcode_assert( buffer_length >= NETCODE_CHALLENGE_TOKEN_BYTES ); + + memset( buffer, 0, NETCODE_CHALLENGE_TOKEN_BYTES ); + + uint8_t * start = buffer; + + (void) start; + + netcode_write_uint64( &buffer, challenge_token->client_id ); + + netcode_write_bytes( &buffer, challenge_token->user_data, NETCODE_USER_DATA_BYTES ); + + netcode_assert( buffer - start <= NETCODE_CHALLENGE_TOKEN_BYTES - NETCODE_MAC_BYTES ); +} + +int netcode_encrypt_challenge_token( uint8_t * buffer, int buffer_length, uint64_t sequence, uint8_t * key ) +{ + netcode_assert( buffer ); + netcode_assert( buffer_length >= NETCODE_CHALLENGE_TOKEN_BYTES ); + netcode_assert( key ); + + (void) buffer_length; + + uint8_t nonce[12]; + { + uint8_t * p = nonce; + netcode_write_uint32( &p, 0 ); + netcode_write_uint64( &p, sequence ); + } + + return netcode_encrypt_aead( buffer, NETCODE_CHALLENGE_TOKEN_BYTES - NETCODE_MAC_BYTES, NULL, 0, nonce, key ); +} + +int netcode_decrypt_challenge_token( uint8_t * buffer, int buffer_length, uint64_t sequence, uint8_t * key ) +{ + netcode_assert( buffer ); + netcode_assert( buffer_length >= NETCODE_CHALLENGE_TOKEN_BYTES ); + netcode_assert( key ); + + (void) buffer_length; + + uint8_t nonce[12]; + { + uint8_t * p = nonce; + netcode_write_uint32( &p, 0 ); + netcode_write_uint64( &p, sequence ); + } + + return netcode_decrypt_aead( buffer, NETCODE_CHALLENGE_TOKEN_BYTES, NULL, 0, nonce, key ); +} + +int netcode_read_challenge_token( uint8_t * buffer, int buffer_length, struct netcode_challenge_token_t * challenge_token ) +{ + netcode_assert( buffer ); + netcode_assert( challenge_token ); + + if ( buffer_length < NETCODE_CHALLENGE_TOKEN_BYTES ) + return NETCODE_ERROR; + + uint8_t * start = buffer; + + (void) start; + + challenge_token->client_id = netcode_read_uint64( &buffer ); + + netcode_read_bytes( &buffer, challenge_token->user_data, NETCODE_USER_DATA_BYTES ); + + netcode_assert( buffer - start == 8 + NETCODE_USER_DATA_BYTES ); + + return NETCODE_OK; +} + +// ---------------------------------------------------------------- + +#define NETCODE_CONNECTION_REQUEST_PACKET 0 +#define NETCODE_CONNECTION_DENIED_PACKET 1 +#define NETCODE_CONNECTION_CHALLENGE_PACKET 2 +#define NETCODE_CONNECTION_RESPONSE_PACKET 3 +#define NETCODE_CONNECTION_KEEP_ALIVE_PACKET 4 +#define NETCODE_CONNECTION_PAYLOAD_PACKET 5 +#define NETCODE_CONNECTION_DISCONNECT_PACKET 6 +#define NETCODE_CONNECTION_NUM_PACKETS 7 + +struct netcode_connection_request_packet_t +{ + uint8_t packet_type; + uint8_t version_info[NETCODE_VERSION_INFO_BYTES]; + uint64_t protocol_id; + uint64_t connect_token_expire_timestamp; + uint8_t connect_token_nonce[NETCODE_CONNECT_TOKEN_NONCE_BYTES]; + uint8_t connect_token_data[NETCODE_CONNECT_TOKEN_PRIVATE_BYTES]; +}; + +struct netcode_connection_denied_packet_t +{ + uint8_t packet_type; +}; + +struct netcode_connection_challenge_packet_t +{ + uint8_t packet_type; + uint64_t challenge_token_sequence; + uint8_t challenge_token_data[NETCODE_CHALLENGE_TOKEN_BYTES]; +}; + +struct netcode_connection_response_packet_t +{ + uint8_t packet_type; + uint64_t challenge_token_sequence; + uint8_t challenge_token_data[NETCODE_CHALLENGE_TOKEN_BYTES]; +}; + +struct netcode_connection_keep_alive_packet_t +{ + uint8_t packet_type; + int client_index; + int max_clients; +}; + +struct netcode_connection_payload_packet_t +{ + uint8_t packet_type; + uint32_t payload_bytes; + uint8_t payload_data[1]; +}; + +struct netcode_connection_disconnect_packet_t +{ + uint8_t packet_type; +}; + +struct netcode_connection_payload_packet_t * netcode_create_payload_packet( int payload_bytes, void * allocator_context, void* (*allocate_function)(void*,uint64_t) ) +{ + netcode_assert( payload_bytes >= 0 ); + netcode_assert( payload_bytes <= NETCODE_MAX_PAYLOAD_BYTES ); + + if ( allocate_function == NULL ) + { + allocate_function = netcode_default_allocate_function; + } + + struct netcode_connection_payload_packet_t * packet = (struct netcode_connection_payload_packet_t*) + allocate_function( allocator_context, sizeof( struct netcode_connection_payload_packet_t ) + payload_bytes ); + + if ( !packet ) + return NULL; + + packet->packet_type = NETCODE_CONNECTION_PAYLOAD_PACKET; + packet->payload_bytes = payload_bytes; + + return packet; +} + +struct netcode_context_t +{ + uint8_t write_packet_key[NETCODE_KEY_BYTES]; + uint8_t read_packet_key[NETCODE_KEY_BYTES]; +}; + +int netcode_sequence_number_bytes_required( uint64_t sequence ) +{ + int i; + uint64_t mask = 0xFF00000000000000UL; + for ( i = 0; i < 7; ++i ) + { + if ( sequence & mask ) + break; + mask >>= 8; + } + return 8 - i; +} + +int netcode_write_packet( void * packet, uint8_t * buffer, int buffer_length, uint64_t sequence, uint8_t * write_packet_key, uint64_t protocol_id ) +{ + netcode_assert( packet ); + netcode_assert( buffer ); + netcode_assert( write_packet_key ); + + (void) buffer_length; + + uint8_t packet_type = ((uint8_t*)packet)[0]; + + if ( packet_type == NETCODE_CONNECTION_REQUEST_PACKET ) + { + // connection request packet: first byte is zero + + netcode_assert( buffer_length >= 1 + 13 + 8 + 8 + NETCODE_CONNECT_TOKEN_NONCE_BYTES + NETCODE_CONNECT_TOKEN_PRIVATE_BYTES ); + + struct netcode_connection_request_packet_t * p = (struct netcode_connection_request_packet_t*) packet; + + uint8_t * start = buffer; + + netcode_write_uint8( &buffer, NETCODE_CONNECTION_REQUEST_PACKET ); + netcode_write_bytes( &buffer, p->version_info, NETCODE_VERSION_INFO_BYTES ); + netcode_write_uint64( &buffer, p->protocol_id ); + netcode_write_uint64( &buffer, p->connect_token_expire_timestamp ); + netcode_write_bytes( &buffer, p->connect_token_nonce, NETCODE_CONNECT_TOKEN_NONCE_BYTES ); + netcode_write_bytes( &buffer, p->connect_token_data, NETCODE_CONNECT_TOKEN_PRIVATE_BYTES ); + + netcode_assert( buffer - start == 1 + 13 + 8 + 8 + NETCODE_CONNECT_TOKEN_NONCE_BYTES + NETCODE_CONNECT_TOKEN_PRIVATE_BYTES ); + + return (int) ( buffer - start ); + } + else + { + // *** encrypted packets *** + + // write the prefix byte (this is a combination of the packet type and number of sequence bytes) + + uint8_t * start = buffer; + + uint8_t sequence_bytes = (uint8_t) netcode_sequence_number_bytes_required( sequence ); + + netcode_assert( sequence_bytes >= 1 ); + netcode_assert( sequence_bytes <= 8 ); + + netcode_assert( packet_type <= 0xF ); + + uint8_t prefix_byte = packet_type | ( sequence_bytes << 4 ); + + netcode_write_uint8( &buffer, prefix_byte ); + + // write the variable length sequence number [1,8] bytes. + + uint64_t sequence_temp = sequence; + + int i; + for ( i = 0; i < sequence_bytes; ++i ) + { + netcode_write_uint8( &buffer, (uint8_t) ( sequence_temp & 0xFF ) ); + sequence_temp >>= 8; + } + + // write packet data according to type. this data will be encrypted. + + uint8_t * encrypted_start = buffer; + + switch ( packet_type ) + { + case NETCODE_CONNECTION_DENIED_PACKET: + { + // ... + } + break; + + case NETCODE_CONNECTION_CHALLENGE_PACKET: + { + struct netcode_connection_challenge_packet_t * p = (struct netcode_connection_challenge_packet_t*) packet; + netcode_write_uint64( &buffer, p->challenge_token_sequence ); + netcode_write_bytes( &buffer, p->challenge_token_data, NETCODE_CHALLENGE_TOKEN_BYTES ); + } + break; + + case NETCODE_CONNECTION_RESPONSE_PACKET: + { + struct netcode_connection_response_packet_t * p = (struct netcode_connection_response_packet_t*) packet; + netcode_write_uint64( &buffer, p->challenge_token_sequence ); + netcode_write_bytes( &buffer, p->challenge_token_data, NETCODE_CHALLENGE_TOKEN_BYTES ); + } + break; + + case NETCODE_CONNECTION_KEEP_ALIVE_PACKET: + { + struct netcode_connection_keep_alive_packet_t * p = (struct netcode_connection_keep_alive_packet_t*) packet; + netcode_write_uint32( &buffer, p->client_index ); + netcode_write_uint32( &buffer, p->max_clients ); + } + break; + + case NETCODE_CONNECTION_PAYLOAD_PACKET: + { + struct netcode_connection_payload_packet_t * p = (struct netcode_connection_payload_packet_t*) packet; + + netcode_assert( p->payload_bytes <= NETCODE_MAX_PAYLOAD_BYTES ); + + netcode_write_bytes( &buffer, p->payload_data, p->payload_bytes ); + } + break; + + case NETCODE_CONNECTION_DISCONNECT_PACKET: + { + // ... + } + break; + + default: + netcode_assert( 0 ); + } + + netcode_assert( buffer - start <= buffer_length - NETCODE_MAC_BYTES ); + + uint8_t * encrypted_finish = buffer; + + // encrypt the per-packet packet written with the prefix byte, protocol id and version as the associated data. this must match to decrypt. + + uint8_t additional_data[NETCODE_VERSION_INFO_BYTES+8+1]; + { + uint8_t * p = additional_data; + netcode_write_bytes( &p, NETCODE_VERSION_INFO, NETCODE_VERSION_INFO_BYTES ); + netcode_write_uint64( &p, protocol_id ); + netcode_write_uint8( &p, prefix_byte ); + } + + uint8_t nonce[12]; + { + uint8_t * p = nonce; + netcode_write_uint32( &p, 0 ); + netcode_write_uint64( &p, sequence ); + } + + if ( netcode_encrypt_aead( encrypted_start, + encrypted_finish - encrypted_start, + additional_data, sizeof( additional_data ), + nonce, write_packet_key ) != NETCODE_OK ) + { + return NETCODE_ERROR; + } + + buffer += NETCODE_MAC_BYTES; + + netcode_assert( buffer - start <= buffer_length ); + + return (int) ( buffer - start ); + } +} + +struct netcode_replay_protection_t +{ + uint64_t most_recent_sequence; + uint64_t received_packet[NETCODE_REPLAY_PROTECTION_BUFFER_SIZE]; +}; + +void netcode_replay_protection_reset( struct netcode_replay_protection_t * replay_protection ) +{ + netcode_assert( replay_protection ); + replay_protection->most_recent_sequence = 0; + memset( replay_protection->received_packet, 0xFF, sizeof( replay_protection->received_packet ) ); +} + +int netcode_replay_protection_already_received( struct netcode_replay_protection_t * replay_protection, uint64_t sequence ) +{ + netcode_assert( replay_protection ); + + if ( sequence + NETCODE_REPLAY_PROTECTION_BUFFER_SIZE <= replay_protection->most_recent_sequence ) + return 1; + + int index = (int) ( sequence % NETCODE_REPLAY_PROTECTION_BUFFER_SIZE ); + + if ( replay_protection->received_packet[index] == UINT64_MAX ) + return 0; + + if ( replay_protection->received_packet[index] >= sequence ) + return 1; + + return 0; +} + +void netcode_replay_protection_advance_sequence( struct netcode_replay_protection_t * replay_protection, uint64_t sequence ) +{ + netcode_assert( replay_protection ); + + if ( sequence > replay_protection->most_recent_sequence ) + replay_protection->most_recent_sequence = sequence; + + int index = (int) ( sequence % NETCODE_REPLAY_PROTECTION_BUFFER_SIZE ); + + replay_protection->received_packet[index] = sequence; +} + +void * netcode_read_packet( uint8_t * buffer, + int buffer_length, + uint64_t * sequence, + uint8_t * read_packet_key, + uint64_t protocol_id, + uint64_t current_timestamp, + uint8_t * private_key, + uint8_t * allowed_packets, + struct netcode_replay_protection_t * replay_protection, + void * allocator_context, + void* (*allocate_function)(void*,uint64_t) ) +{ + netcode_assert( sequence ); + netcode_assert( allowed_packets ); + + *sequence = 0; + + if ( allocate_function == NULL ) + { + allocate_function = netcode_default_allocate_function; + } + + if ( buffer_length < 1 ) + { + netcode_printf( NETCODE_LOG_LEVEL_DEBUG, "ignored packet. buffer length is less than 1\n" ); + return NULL; + } + + uint8_t * start = buffer; + + uint8_t prefix_byte = netcode_read_uint8( &buffer ); + + if ( prefix_byte == NETCODE_CONNECTION_REQUEST_PACKET ) + { + // connection request packet: first byte is zero + + if ( !allowed_packets[NETCODE_CONNECTION_REQUEST_PACKET] ) + { + netcode_printf( NETCODE_LOG_LEVEL_DEBUG, "ignored connection request packet. packet type is not allowed\n" ); + return NULL; + } + + if ( buffer_length != 1 + NETCODE_VERSION_INFO_BYTES + 8 + 8 + NETCODE_CONNECT_TOKEN_NONCE_BYTES + NETCODE_CONNECT_TOKEN_PRIVATE_BYTES ) + { + netcode_printf( NETCODE_LOG_LEVEL_DEBUG, "ignored connection request packet. bad packet length (expected %d, got %d)\n", 1 + NETCODE_VERSION_INFO_BYTES + 8 + 8 + 8 + NETCODE_CONNECT_TOKEN_PRIVATE_BYTES, buffer_length ); + return NULL; + } + + if ( !private_key ) + { + netcode_printf( NETCODE_LOG_LEVEL_DEBUG, "ignored connection request packet. no private key\n" ); + return NULL; + } + + uint8_t version_info[NETCODE_VERSION_INFO_BYTES]; + netcode_read_bytes( &buffer, version_info, NETCODE_VERSION_INFO_BYTES ); + if ( version_info[0] != 'N' || + version_info[1] != 'E' || + version_info[2] != 'T' || + version_info[3] != 'C' || + version_info[4] != 'O' || + version_info[5] != 'D' || + version_info[6] != 'E' || + version_info[7] != ' ' || + version_info[8] != '1' || + version_info[9] != '.' || + version_info[10] != '0' || + version_info[11] != '2' || + version_info[12] != '\0' ) + { + netcode_printf( NETCODE_LOG_LEVEL_DEBUG, "ignored connection request packet. bad version info\n" ); + return NULL; + } + + uint64_t packet_protocol_id = netcode_read_uint64( &buffer ); + if ( packet_protocol_id != protocol_id ) + { + netcode_printf( NETCODE_LOG_LEVEL_DEBUG, "ignored connection request packet. wrong protocol id. expected %.16" PRIx64 ", got %.16" PRIx64 "\n", + protocol_id, packet_protocol_id ); + return NULL; + } + + uint64_t packet_connect_token_expire_timestamp = netcode_read_uint64( &buffer ); + if ( packet_connect_token_expire_timestamp <= current_timestamp ) + { + netcode_printf( NETCODE_LOG_LEVEL_DEBUG, "ignored connection request packet. connect token expired\n" ); + return NULL; + } + + uint8_t packet_connect_token_nonce[NETCODE_CONNECT_TOKEN_NONCE_BYTES]; + netcode_read_bytes(&buffer, packet_connect_token_nonce, sizeof(packet_connect_token_nonce)); + + netcode_assert( buffer - start == 1 + NETCODE_VERSION_INFO_BYTES + 8 + 8 + NETCODE_CONNECT_TOKEN_NONCE_BYTES ); + + if ( netcode_decrypt_connect_token_private( buffer, + NETCODE_CONNECT_TOKEN_PRIVATE_BYTES, + version_info, + protocol_id, + packet_connect_token_expire_timestamp, + packet_connect_token_nonce, + private_key ) != NETCODE_OK ) + { + netcode_printf( NETCODE_LOG_LEVEL_DEBUG, "ignored connection request packet. connect token failed to decrypt\n" ); + return NULL; + } + + struct netcode_connection_request_packet_t * packet = (struct netcode_connection_request_packet_t*) + allocate_function( allocator_context, sizeof( struct netcode_connection_request_packet_t ) ); + + if ( !packet ) + { + netcode_printf( NETCODE_LOG_LEVEL_DEBUG, "ignored connection request packet. failed to allocate packet\n" ); + return NULL; + } + + packet->packet_type = NETCODE_CONNECTION_REQUEST_PACKET; + memcpy( packet->version_info, version_info, NETCODE_VERSION_INFO_BYTES ); + packet->protocol_id = packet_protocol_id; + packet->connect_token_expire_timestamp = packet_connect_token_expire_timestamp; + memcpy( packet->connect_token_nonce, packet_connect_token_nonce, NETCODE_CONNECT_TOKEN_NONCE_BYTES ); + netcode_read_bytes( &buffer, packet->connect_token_data, NETCODE_CONNECT_TOKEN_PRIVATE_BYTES ); + + netcode_assert( buffer - start == 1 + NETCODE_VERSION_INFO_BYTES + 8 + 8 + NETCODE_CONNECT_TOKEN_NONCE_BYTES + NETCODE_CONNECT_TOKEN_PRIVATE_BYTES ); + + return packet; + } + else + { + // *** encrypted packets *** + + if ( !read_packet_key ) + { + netcode_printf( NETCODE_LOG_LEVEL_DEBUG, "ignored encrypted packet. no read packet key for this address\n" ); + return NULL; + } + + if ( buffer_length < 1 + 1 + NETCODE_MAC_BYTES ) + { + netcode_printf( NETCODE_LOG_LEVEL_DEBUG, "ignored encrypted packet. packet is too small to be valid (%d bytes)\n", buffer_length ); + return NULL; + } + + // extract the packet type and number of sequence bytes from the prefix byte + + int packet_type = prefix_byte & 0xF; + + if ( packet_type >= NETCODE_CONNECTION_NUM_PACKETS ) + { + netcode_printf( NETCODE_LOG_LEVEL_DEBUG, "ignored encrypted packet. packet type %d is invalid\n", packet_type ); + return NULL; + } + + if ( !allowed_packets[packet_type] ) + { + netcode_printf( NETCODE_LOG_LEVEL_DEBUG, "ignored encrypted packet. packet type %d is not allowed\n", packet_type ); + return NULL; + } + + int sequence_bytes = prefix_byte >> 4; + + if ( sequence_bytes < 1 || sequence_bytes > 8 ) + { + netcode_printf( NETCODE_LOG_LEVEL_DEBUG, "ignored encrypted packet. sequence bytes %d is out of range [1,8]\n", sequence_bytes ); + return NULL; + } + + if ( buffer_length < 1 + sequence_bytes + NETCODE_MAC_BYTES ) + { + netcode_printf( NETCODE_LOG_LEVEL_DEBUG, "ignored encrypted packet. buffer is too small for sequence bytes + encryption mac\n" ); + return NULL; + } + + // read variable length sequence number [1,8] + + int i; + for ( i = 0; i < sequence_bytes; ++i ) + { + uint8_t value = netcode_read_uint8( &buffer ); + (*sequence) |= ( uint64_t) ( value ) << ( 8 * i ); + } + + // ignore the packet if it has already been received + + if ( replay_protection && packet_type >= NETCODE_CONNECTION_KEEP_ALIVE_PACKET ) + { + if ( netcode_replay_protection_already_received( replay_protection, *sequence ) ) + { + netcode_printf( NETCODE_LOG_LEVEL_DEBUG, "ignored packet. sequence %.16" PRIx64 " already received (replay protection)\n", *sequence ); + return NULL; + } + } + + // decrypt the per-packet type data + + uint8_t additional_data[NETCODE_VERSION_INFO_BYTES+8+1]; + { + uint8_t * p = additional_data; + netcode_write_bytes( &p, NETCODE_VERSION_INFO, NETCODE_VERSION_INFO_BYTES ); + netcode_write_uint64( &p, protocol_id ); + netcode_write_uint8( &p, prefix_byte ); + } + + uint8_t nonce[12]; + { + uint8_t * p = nonce; + netcode_write_uint32( &p, 0 ); + netcode_write_uint64( &p, *sequence ); + } + + int encrypted_bytes = (int) ( buffer_length - ( buffer - start ) ); + + if ( encrypted_bytes < NETCODE_MAC_BYTES ) + { + netcode_printf( NETCODE_LOG_LEVEL_DEBUG, "ignored encrypted packet. encrypted payload is too small\n" ); + return NULL; + } + + if ( netcode_decrypt_aead( buffer, encrypted_bytes, additional_data, sizeof( additional_data ), nonce, read_packet_key ) != NETCODE_OK ) + { + netcode_printf( NETCODE_LOG_LEVEL_DEBUG, "ignored encrypted packet. failed to decrypt\n" ); + return NULL; + } + + int decrypted_bytes = encrypted_bytes - NETCODE_MAC_BYTES; + + // update the latest replay protection sequence # + + if ( replay_protection && packet_type >= NETCODE_CONNECTION_KEEP_ALIVE_PACKET ) + { + netcode_replay_protection_advance_sequence( replay_protection, *sequence ); + } + + // process the per-packet type data that was just decrypted + + switch ( packet_type ) + { + case NETCODE_CONNECTION_DENIED_PACKET: + { + if ( decrypted_bytes != 0 ) + { + netcode_printf( NETCODE_LOG_LEVEL_DEBUG, "ignored connection denied packet. decrypted packet data is wrong size\n" ); + return NULL; + } + + struct netcode_connection_denied_packet_t * packet = (struct netcode_connection_denied_packet_t*) + allocate_function( allocator_context, sizeof( struct netcode_connection_denied_packet_t ) ); + + if ( !packet ) + { + netcode_printf( NETCODE_LOG_LEVEL_DEBUG, "ignored connection denied packet. could not allocate packet struct\n" ); + return NULL; + } + + packet->packet_type = NETCODE_CONNECTION_DENIED_PACKET; + + return packet; + } + break; + + case NETCODE_CONNECTION_CHALLENGE_PACKET: + { + if ( decrypted_bytes != 8 + NETCODE_CHALLENGE_TOKEN_BYTES ) + { + netcode_printf( NETCODE_LOG_LEVEL_DEBUG, "ignored connection challenge packet. decrypted packet data is wrong size\n" ); + return NULL; + } + + struct netcode_connection_challenge_packet_t * packet = (struct netcode_connection_challenge_packet_t*) + allocate_function( allocator_context, sizeof( struct netcode_connection_challenge_packet_t ) ); + + if ( !packet ) + { + netcode_printf( NETCODE_LOG_LEVEL_DEBUG, "ignored connection challenge packet. could not allocate packet struct\n" ); + return NULL; + } + + packet->packet_type = NETCODE_CONNECTION_CHALLENGE_PACKET; + packet->challenge_token_sequence = netcode_read_uint64( &buffer ); + netcode_read_bytes( &buffer, packet->challenge_token_data, NETCODE_CHALLENGE_TOKEN_BYTES ); + + return packet; + } + break; + + case NETCODE_CONNECTION_RESPONSE_PACKET: + { + if ( decrypted_bytes != 8 + NETCODE_CHALLENGE_TOKEN_BYTES ) + { + netcode_printf( NETCODE_LOG_LEVEL_DEBUG, "ignored connection response packet. decrypted packet data is wrong size\n" ); + return NULL; + } + + struct netcode_connection_response_packet_t * packet = (struct netcode_connection_response_packet_t*) + allocate_function( allocator_context, sizeof( struct netcode_connection_response_packet_t ) ); + + if ( !packet ) + { + netcode_printf( NETCODE_LOG_LEVEL_DEBUG, "ignored connection response packet. could not allocate packet struct\n" ); + return NULL; + } + + packet->packet_type = NETCODE_CONNECTION_RESPONSE_PACKET; + packet->challenge_token_sequence = netcode_read_uint64( &buffer ); + netcode_read_bytes( &buffer, packet->challenge_token_data, NETCODE_CHALLENGE_TOKEN_BYTES ); + + return packet; + } + break; + + case NETCODE_CONNECTION_KEEP_ALIVE_PACKET: + { + if ( decrypted_bytes != 8 ) + { + netcode_printf( NETCODE_LOG_LEVEL_DEBUG, "ignored connection keep alive packet. decrypted packet data is wrong size\n" ); + return NULL; + } + + struct netcode_connection_keep_alive_packet_t * packet = (struct netcode_connection_keep_alive_packet_t*) + allocate_function( allocator_context, sizeof( struct netcode_connection_keep_alive_packet_t ) ); + + if ( !packet ) + { + netcode_printf( NETCODE_LOG_LEVEL_DEBUG, "ignored connection keep alive packet. could not allocate packet struct\n" ); + return NULL; + } + + packet->packet_type = NETCODE_CONNECTION_KEEP_ALIVE_PACKET; + packet->client_index = netcode_read_uint32( &buffer ); + packet->max_clients = netcode_read_uint32( &buffer ); + + return packet; + } + break; + + case NETCODE_CONNECTION_PAYLOAD_PACKET: + { + if ( decrypted_bytes < 1 ) + { + netcode_printf( NETCODE_LOG_LEVEL_DEBUG, "ignored connection payload packet. payload is too small\n" ); + return NULL; + } + + if ( decrypted_bytes > NETCODE_MAX_PAYLOAD_BYTES ) + { + netcode_printf( NETCODE_LOG_LEVEL_DEBUG, "ignored connection payload packet. payload is too large\n" ); + return NULL; + } + + struct netcode_connection_payload_packet_t * packet = netcode_create_payload_packet( decrypted_bytes, allocator_context, allocate_function ); + + if ( !packet ) + { + netcode_printf( NETCODE_LOG_LEVEL_DEBUG, "ignored connection payload packet. could not allocate packet struct\n" ); + return NULL; + } + + memcpy( packet->payload_data, buffer, decrypted_bytes ); + + return packet; + } + break; + + case NETCODE_CONNECTION_DISCONNECT_PACKET: + { + if ( decrypted_bytes != 0 ) + { + netcode_printf( NETCODE_LOG_LEVEL_DEBUG, "ignored connection disconnect packet. decrypted packet data is wrong size\n" ); + return NULL; + } + + struct netcode_connection_disconnect_packet_t * packet = (struct netcode_connection_disconnect_packet_t*) + allocate_function( allocator_context, sizeof( struct netcode_connection_disconnect_packet_t ) ); + + if ( !packet ) + { + netcode_printf( NETCODE_LOG_LEVEL_DEBUG, "ignored connection disconnect packet. could not allocate packet struct\n" ); + return NULL; + } + + packet->packet_type = NETCODE_CONNECTION_DISCONNECT_PACKET; + + return packet; + } + break; + + default: + return NULL; + } + } +} + +// ---------------------------------------------------------------- + +struct netcode_connect_token_t +{ + uint8_t version_info[NETCODE_VERSION_INFO_BYTES]; + uint64_t protocol_id; + uint64_t create_timestamp; + uint64_t expire_timestamp; + uint8_t nonce[NETCODE_CONNECT_TOKEN_NONCE_BYTES]; + uint8_t private_data[NETCODE_CONNECT_TOKEN_PRIVATE_BYTES]; + int timeout_seconds; + int num_server_addresses; + struct netcode_address_t server_addresses[NETCODE_MAX_SERVERS_PER_CONNECT]; + uint8_t client_to_server_key[NETCODE_KEY_BYTES]; + uint8_t server_to_client_key[NETCODE_KEY_BYTES]; +}; + +void netcode_write_connect_token( struct netcode_connect_token_t * connect_token, uint8_t * buffer, int buffer_length ) +{ + netcode_assert( connect_token ); + netcode_assert( buffer ); + netcode_assert( buffer_length >= NETCODE_CONNECT_TOKEN_BYTES ); + + uint8_t * start = buffer; + + (void) start; + (void) buffer_length; + + netcode_write_bytes( &buffer, connect_token->version_info, NETCODE_VERSION_INFO_BYTES ); + + netcode_write_uint64( &buffer, connect_token->protocol_id ); + + netcode_write_uint64( &buffer, connect_token->create_timestamp ); + + netcode_write_uint64( &buffer, connect_token->expire_timestamp ); + + netcode_write_bytes( &buffer, connect_token->nonce, NETCODE_CONNECT_TOKEN_NONCE_BYTES ); + + netcode_write_bytes( &buffer, connect_token->private_data, NETCODE_CONNECT_TOKEN_PRIVATE_BYTES ); + + int i,j; + + netcode_write_uint32( &buffer, connect_token->timeout_seconds ); + + netcode_write_uint32( &buffer, connect_token->num_server_addresses ); + + for ( i = 0; i < connect_token->num_server_addresses; ++i ) + { + if ( connect_token->server_addresses[i].type == NETCODE_ADDRESS_IPV4 ) + { + netcode_write_uint8( &buffer, NETCODE_ADDRESS_IPV4 ); + for ( j = 0; j < 4; ++j ) + { + netcode_write_uint8( &buffer, connect_token->server_addresses[i].data.ipv4[j] ); + } + netcode_write_uint16( &buffer, connect_token->server_addresses[i].port ); + } + else if ( connect_token->server_addresses[i].type == NETCODE_ADDRESS_IPV6 ) + { + netcode_write_uint8( &buffer, NETCODE_ADDRESS_IPV6 ); + for ( j = 0; j < 8; ++j ) + { + netcode_write_uint16( &buffer, connect_token->server_addresses[i].data.ipv6[j] ); + } + netcode_write_uint16( &buffer, connect_token->server_addresses[i].port ); + } + else + { + netcode_assert( 0 ); + } + } + + netcode_write_bytes( &buffer, connect_token->client_to_server_key, NETCODE_KEY_BYTES ); + + netcode_write_bytes( &buffer, connect_token->server_to_client_key, NETCODE_KEY_BYTES ); + + netcode_assert( buffer - start <= NETCODE_CONNECT_TOKEN_BYTES ); + + memset( buffer, 0, NETCODE_CONNECT_TOKEN_BYTES - ( buffer - start ) ); +} + +int netcode_read_connect_token( uint8_t * buffer, int buffer_length, struct netcode_connect_token_t * connect_token ) +{ + netcode_assert( buffer ); + netcode_assert( connect_token ); + + if ( buffer_length != NETCODE_CONNECT_TOKEN_BYTES ) + { + netcode_printf( NETCODE_LOG_LEVEL_ERROR, "error: read connect data has bad buffer length (%d)\n", buffer_length ); + return NETCODE_ERROR; + } + + netcode_read_bytes( &buffer, connect_token->version_info, NETCODE_VERSION_INFO_BYTES ); + if ( connect_token->version_info[0] != 'N' || + connect_token->version_info[1] != 'E' || + connect_token->version_info[2] != 'T' || + connect_token->version_info[3] != 'C' || + connect_token->version_info[4] != 'O' || + connect_token->version_info[5] != 'D' || + connect_token->version_info[6] != 'E' || + connect_token->version_info[7] != ' ' || + connect_token->version_info[8] != '1' || + connect_token->version_info[9] != '.' || + connect_token->version_info[10] != '0' || + connect_token->version_info[11] != '2' || + connect_token->version_info[12] != '\0' ) + { + connect_token->version_info[12] = '\0'; + netcode_printf( NETCODE_LOG_LEVEL_ERROR, "error: read connect data has bad version info (got %s, expected %s)\n", connect_token->version_info, NETCODE_VERSION_INFO ); + return NETCODE_ERROR; + } + + connect_token->protocol_id = netcode_read_uint64( &buffer ); + + connect_token->create_timestamp = netcode_read_uint64( &buffer ); + + connect_token->expire_timestamp = netcode_read_uint64( &buffer ); + + if ( connect_token->create_timestamp > connect_token->expire_timestamp ) + return NETCODE_ERROR; + + netcode_read_bytes( &buffer, connect_token->nonce, NETCODE_CONNECT_TOKEN_NONCE_BYTES ); + + netcode_read_bytes( &buffer, connect_token->private_data, NETCODE_CONNECT_TOKEN_PRIVATE_BYTES ); + + connect_token->timeout_seconds = (int) netcode_read_uint32( &buffer ); + + connect_token->num_server_addresses = netcode_read_uint32( &buffer ); + + if ( connect_token->num_server_addresses <= 0 || connect_token->num_server_addresses > NETCODE_MAX_SERVERS_PER_CONNECT ) + { + netcode_printf( NETCODE_LOG_LEVEL_ERROR, "error: read connect data has bad number of server addresses (%d)\n", connect_token->num_server_addresses ); + return NETCODE_ERROR; + } + + int i,j; + + for ( i = 0; i < connect_token->num_server_addresses; ++i ) + { + connect_token->server_addresses[i].type = netcode_read_uint8( &buffer ); + + if ( connect_token->server_addresses[i].type == NETCODE_ADDRESS_IPV4 ) + { + for ( j = 0; j < 4; ++j ) + { + connect_token->server_addresses[i].data.ipv4[j] = netcode_read_uint8( &buffer ); + } + connect_token->server_addresses[i].port = netcode_read_uint16( &buffer ); + } + else if ( connect_token->server_addresses[i].type == NETCODE_ADDRESS_IPV6 ) + { + for ( j = 0; j < 8; ++j ) + { + connect_token->server_addresses[i].data.ipv6[j] = netcode_read_uint16( &buffer ); + } + connect_token->server_addresses[i].port = netcode_read_uint16( &buffer ); + } + else + { + netcode_printf( NETCODE_LOG_LEVEL_ERROR, "error: read connect data has bad address type (%d)\n", connect_token->server_addresses[i].type ); + return NETCODE_ERROR; + } + } + + netcode_read_bytes( &buffer, connect_token->client_to_server_key, NETCODE_KEY_BYTES ); + + netcode_read_bytes( &buffer, connect_token->server_to_client_key, NETCODE_KEY_BYTES ); + + return NETCODE_OK; +} + +// ---------------------------------------------------------------- + +struct netcode_packet_queue_t +{ + void * allocator_context; + void * (*allocate_function)(void*,uint64_t); + void (*free_function)(void*,void*); + int num_packets; + int start_index; + void * packet_data[NETCODE_PACKET_QUEUE_SIZE]; + uint64_t packet_sequence[NETCODE_PACKET_QUEUE_SIZE]; +}; + +void netcode_packet_queue_init( struct netcode_packet_queue_t * queue, + void * allocator_context, + void * (*allocate_function)(void*,uint64_t), + void (*free_function)(void*,void*) ) +{ + if ( allocate_function == NULL ) + { + allocate_function = netcode_default_allocate_function; + } + + if ( free_function == NULL ) + { + free_function = netcode_default_free_function; + } + + netcode_assert( queue ); + + queue->allocator_context = allocator_context; + queue->allocate_function = allocate_function; + queue->free_function = free_function; + queue->num_packets = 0; + queue->start_index = 0; + memset( queue->packet_data, 0, sizeof( queue->packet_data ) ); + memset( queue->packet_sequence, 0, sizeof( queue->packet_sequence ) ); +} + +void netcode_packet_queue_clear( struct netcode_packet_queue_t * queue ) +{ + int i; + for ( i = 0; i < queue->num_packets; ++i ) + { + queue->free_function( queue->allocator_context, queue->packet_data[i] ); + } + queue->num_packets = 0; + queue->start_index = 0; + memset( queue->packet_data, 0, sizeof( queue->packet_data ) ); + memset( queue->packet_sequence, 0, sizeof( queue->packet_sequence ) ); +} + +int netcode_packet_queue_push( struct netcode_packet_queue_t * queue, void * packet_data, uint64_t packet_sequence ) +{ + netcode_assert( queue ); + netcode_assert( packet_data ); + if ( queue->num_packets == NETCODE_PACKET_QUEUE_SIZE ) + { + queue->free_function( queue->allocator_context, packet_data ); + return 0; + } + int index = ( queue->start_index + queue->num_packets ) % NETCODE_PACKET_QUEUE_SIZE; + queue->packet_data[index] = packet_data; + queue->packet_sequence[index] = packet_sequence; + queue->num_packets++; + return 1; +} + +void * netcode_packet_queue_pop( struct netcode_packet_queue_t * queue, uint64_t * packet_sequence ) +{ + if ( queue->num_packets == 0 ) + return NULL; + void * packet = queue->packet_data[queue->start_index]; + if ( packet_sequence ) + *packet_sequence = queue->packet_sequence[queue->start_index]; + queue->start_index = ( queue->start_index + 1 ) % NETCODE_PACKET_QUEUE_SIZE; + queue->num_packets--; + return packet; +} + +// ---------------------------------------------------------------- + +#define NETCODE_NETWORK_SIMULATOR_NUM_PACKET_ENTRIES ( NETCODE_MAX_CLIENTS * 256 ) +#define NETCODE_NETWORK_SIMULATOR_NUM_PENDING_RECEIVE_PACKETS ( NETCODE_MAX_CLIENTS * 64 ) + +struct netcode_network_simulator_packet_entry_t +{ + struct netcode_address_t from; + struct netcode_address_t to; + double delivery_time; + uint8_t * packet_data; + int packet_bytes; +}; + +struct netcode_network_simulator_t +{ + void * allocator_context; + void * (*allocate_function)(void*,uint64_t); + void (*free_function)(void*,void*); + float latency_milliseconds; + float jitter_milliseconds; + float packet_loss_percent; + float duplicate_packet_percent; + double time; + int current_index; + int num_pending_receive_packets; + struct netcode_network_simulator_packet_entry_t packet_entries[NETCODE_NETWORK_SIMULATOR_NUM_PACKET_ENTRIES]; + struct netcode_network_simulator_packet_entry_t pending_receive_packets[NETCODE_NETWORK_SIMULATOR_NUM_PENDING_RECEIVE_PACKETS]; +}; + +struct netcode_network_simulator_t * netcode_network_simulator_create( void * allocator_context, + void * (*allocate_function)(void*,uint64_t), + void (*free_function)(void*,void*) ) +{ + if ( allocate_function == NULL ) + { + allocate_function = netcode_default_allocate_function; + } + + if ( free_function == NULL ) + { + free_function = netcode_default_free_function; + } + + struct netcode_network_simulator_t * network_simulator = (struct netcode_network_simulator_t*) + allocate_function( allocator_context, sizeof( struct netcode_network_simulator_t ) ); + + netcode_assert( network_simulator ); + + memset( network_simulator, 0, sizeof( struct netcode_network_simulator_t ) ); + + network_simulator->allocator_context = allocator_context; + network_simulator->allocate_function = allocate_function; + network_simulator->free_function = free_function; + + return network_simulator; +} + +void netcode_network_simulator_reset( struct netcode_network_simulator_t * network_simulator ) +{ + netcode_assert( network_simulator ); + + netcode_printf( NETCODE_LOG_LEVEL_DEBUG, "network simulator reset\n" ); + + int i; + for ( i = 0; i < NETCODE_NETWORK_SIMULATOR_NUM_PACKET_ENTRIES; ++i ) + { + network_simulator->free_function( network_simulator->allocator_context, network_simulator->packet_entries[i].packet_data ); + memset( &network_simulator->packet_entries[i], 0, sizeof( struct netcode_network_simulator_packet_entry_t ) ); + } + + for ( i = 0; i < network_simulator->num_pending_receive_packets; ++i ) + { + network_simulator->free_function( network_simulator->allocator_context, network_simulator->pending_receive_packets[i].packet_data ); + memset( &network_simulator->pending_receive_packets[i], 0, sizeof( struct netcode_network_simulator_packet_entry_t ) ); + } + + network_simulator->current_index = 0; + network_simulator->num_pending_receive_packets = 0; +} + +void netcode_network_simulator_destroy( struct netcode_network_simulator_t * network_simulator ) +{ + netcode_assert( network_simulator ); + netcode_network_simulator_reset( network_simulator ); + network_simulator->free_function( network_simulator->allocator_context, network_simulator ); +} + +float netcode_random_float( float a, float b ) +{ + netcode_assert( a < b ); + float random = ( (float) rand() ) / (float) RAND_MAX; + float diff = b - a; + float r = random * diff; + return a + r; +} + +void netcode_network_simulator_queue_packet( struct netcode_network_simulator_t * network_simulator, + struct netcode_address_t * from, + struct netcode_address_t * to, + uint8_t * packet_data, + int packet_bytes, + float delay ) +{ + network_simulator->packet_entries[network_simulator->current_index].from = *from; + network_simulator->packet_entries[network_simulator->current_index].to = *to; + network_simulator->packet_entries[network_simulator->current_index].packet_data = + (uint8_t*) network_simulator->allocate_function( network_simulator->allocator_context, packet_bytes ); + memcpy( network_simulator->packet_entries[network_simulator->current_index].packet_data, packet_data, packet_bytes ); + network_simulator->packet_entries[network_simulator->current_index].packet_bytes = packet_bytes; + network_simulator->packet_entries[network_simulator->current_index].delivery_time = network_simulator->time + delay; + network_simulator->current_index++; + network_simulator->current_index %= NETCODE_NETWORK_SIMULATOR_NUM_PACKET_ENTRIES; +} + +void netcode_network_simulator_send_packet( struct netcode_network_simulator_t * network_simulator, + struct netcode_address_t * from, + struct netcode_address_t * to, + uint8_t * packet_data, + int packet_bytes ) +{ + netcode_assert( network_simulator ); + netcode_assert( from ); + netcode_assert( from->type != 0 ); + netcode_assert( to ); + netcode_assert( to->type != 0 ); + netcode_assert( packet_data ); + netcode_assert( packet_bytes > 0 ); + netcode_assert( packet_bytes <= NETCODE_MAX_PACKET_BYTES ); + + if ( netcode_random_float( 0.0f, 100.0f ) <= network_simulator->packet_loss_percent ) + return; + + if ( network_simulator->packet_entries[network_simulator->current_index].packet_data ) + { + network_simulator->free_function( network_simulator->allocator_context, network_simulator->packet_entries[network_simulator->current_index].packet_data ); + network_simulator->packet_entries[network_simulator->current_index].packet_data = NULL; + } + + float delay = network_simulator->latency_milliseconds / 1000.0f; + + if ( network_simulator->jitter_milliseconds > 0.0 ) + delay += netcode_random_float( -network_simulator->jitter_milliseconds, +network_simulator->jitter_milliseconds ) / 1000.0f; + + netcode_network_simulator_queue_packet( network_simulator, from, to, packet_data, packet_bytes, delay ); + + if ( netcode_random_float( 0.0f, 100.0f ) <= network_simulator->duplicate_packet_percent ) + { + netcode_network_simulator_queue_packet( network_simulator, from, to, packet_data, packet_bytes, delay + netcode_random_float( 0, 1.0 ) ); + } +} + +int netcode_network_simulator_receive_packets( struct netcode_network_simulator_t * network_simulator, + struct netcode_address_t * to, + int max_packets, + uint8_t ** packet_data, + int * packet_bytes, + struct netcode_address_t * from ) +{ + netcode_assert( network_simulator ); + netcode_assert( max_packets >= 0 ); + netcode_assert( packet_data ); + netcode_assert( packet_bytes ); + netcode_assert( from ); + netcode_assert( to ); + + int num_packets = 0; + + int i; + for ( i = 0; i < network_simulator->num_pending_receive_packets; ++i ) + { + if ( num_packets == max_packets ) + break; + + if ( !network_simulator->pending_receive_packets[i].packet_data ) + continue; + + if ( !netcode_address_equal( &network_simulator->pending_receive_packets[i].to, to ) ) + continue; + + packet_data[num_packets] = network_simulator->pending_receive_packets[i].packet_data; + packet_bytes[num_packets] = network_simulator->pending_receive_packets[i].packet_bytes; + from[num_packets] = network_simulator->pending_receive_packets[i].from; + + network_simulator->pending_receive_packets[i].packet_data = NULL; + + num_packets++; + } + + netcode_assert( num_packets <= max_packets ); + + return num_packets; +} + +void netcode_network_simulator_update( struct netcode_network_simulator_t * network_simulator, double time ) +{ + netcode_assert( network_simulator ); + + network_simulator->time = time; + + // discard any pending receive packets that are still in the buffer + + int i; + for ( i = 0; i < network_simulator->num_pending_receive_packets; ++i ) + { + if ( network_simulator->pending_receive_packets[i].packet_data ) + { + network_simulator->free_function( network_simulator->allocator_context, network_simulator->pending_receive_packets[i].packet_data ); + network_simulator->pending_receive_packets[i].packet_data = NULL; + } + } + + network_simulator->num_pending_receive_packets = 0; + + // walk across packet entries and move any that are ready to be received into the pending receive buffer + + for ( i = 0; i < NETCODE_NETWORK_SIMULATOR_NUM_PACKET_ENTRIES; ++i ) + { + if ( !network_simulator->packet_entries[i].packet_data ) + continue; + + if ( network_simulator->num_pending_receive_packets == NETCODE_NETWORK_SIMULATOR_NUM_PENDING_RECEIVE_PACKETS ) + break; + + if ( network_simulator->packet_entries[i].packet_data && network_simulator->packet_entries[i].delivery_time <= time ) + { + network_simulator->pending_receive_packets[network_simulator->num_pending_receive_packets] = network_simulator->packet_entries[i]; + network_simulator->num_pending_receive_packets++; + network_simulator->packet_entries[i].packet_data = NULL; + } + } +} + +// ---------------------------------------------------------------- + +NETCODE_CONST char * netcode_client_state_name( int client_state ) +{ + switch ( client_state ) + { + case NETCODE_CLIENT_STATE_CONNECT_TOKEN_EXPIRED: return "connect token expired"; + case NETCODE_CLIENT_STATE_INVALID_CONNECT_TOKEN: return "invalid connect token"; + case NETCODE_CLIENT_STATE_CONNECTION_TIMED_OUT: return "connection timed out"; + case NETCODE_CLIENT_STATE_CONNECTION_REQUEST_TIMED_OUT: return "connection request timed out"; + case NETCODE_CLIENT_STATE_CONNECTION_RESPONSE_TIMED_OUT: return "connection response timed out"; + case NETCODE_CLIENT_STATE_CONNECTION_DENIED: return "connection denied"; + case NETCODE_CLIENT_STATE_DISCONNECTED: return "disconnected"; + case NETCODE_CLIENT_STATE_SENDING_CONNECTION_REQUEST: return "sending connection request"; + case NETCODE_CLIENT_STATE_SENDING_CONNECTION_RESPONSE: return "sending connection response"; + case NETCODE_CLIENT_STATE_CONNECTED: return "connected"; + default: + netcode_assert( 0 ); + return "???"; + } +} + +void netcode_default_client_config( struct netcode_client_config_t * config ) +{ + netcode_assert( config ); + config->allocator_context = NULL; + config->allocate_function = netcode_default_allocate_function; + config->free_function = netcode_default_free_function; + config->network_simulator = NULL; + config->callback_context = NULL; + config->state_change_callback = NULL; + config->send_loopback_packet_callback = NULL; + config->override_send_and_receive = 0; + config->send_packet_override = NULL; + config->receive_packet_override = NULL; +}; + +struct netcode_client_t +{ + struct netcode_client_config_t config; + int state; + double time; + double connect_start_time; + double last_packet_send_time; + double last_packet_receive_time; + int should_disconnect; + int should_disconnect_state; + uint64_t sequence; + int client_index; + int max_clients; + int server_address_index; + struct netcode_address_t address; + struct netcode_address_t server_address; + struct netcode_connect_token_t connect_token; + struct netcode_socket_holder_t socket_holder; + struct netcode_context_t context; + struct netcode_replay_protection_t replay_protection; + struct netcode_packet_queue_t packet_receive_queue; + uint64_t challenge_token_sequence; + uint8_t challenge_token_data[NETCODE_CHALLENGE_TOKEN_BYTES]; + uint8_t * receive_packet_data[NETCODE_CLIENT_MAX_RECEIVE_PACKETS]; + int receive_packet_bytes[NETCODE_CLIENT_MAX_RECEIVE_PACKETS]; + struct netcode_address_t receive_from[NETCODE_CLIENT_MAX_RECEIVE_PACKETS]; + int loopback; +}; + +int netcode_client_socket_create( struct netcode_socket_t * socket, + struct netcode_address_t * address, + int send_buffer_size, + int receive_buffer_size, + NETCODE_CONST struct netcode_client_config_t * config ) +{ + netcode_assert( socket ); + netcode_assert( address ); + netcode_assert( config ); + + if ( !config->network_simulator ) + { + if ( !config->override_send_and_receive ) + { + if ( netcode_socket_create( socket, address, send_buffer_size, receive_buffer_size ) != NETCODE_SOCKET_ERROR_NONE ) + { + return 0; + } + } + } + else + { + if ( address->port == 0 ) + { + netcode_printf( NETCODE_LOG_LEVEL_ERROR, "error: must bind to a specific port when using network simulator\n" ); + return 0; + } + } + + return 1; +} + +struct netcode_client_t * netcode_client_create_overload( NETCODE_CONST char * address1_string, + NETCODE_CONST char * address2_string, + NETCODE_CONST struct netcode_client_config_t * config, + double time ) +{ + netcode_assert( config ); + netcode_assert( netcode.initialized ); + + struct netcode_address_t address1; + struct netcode_address_t address2; + + memset( &address1, 0, sizeof( address1 ) ); + memset( &address2, 0, sizeof( address2 ) ); + + if ( netcode_parse_address( address1_string, &address1 ) != NETCODE_OK ) + { + netcode_printf( NETCODE_LOG_LEVEL_ERROR, "error: failed to parse client address\n" ); + return NULL; + } + + if ( address2_string != NULL && netcode_parse_address( address2_string, &address2 ) != NETCODE_OK ) + { + netcode_printf( NETCODE_LOG_LEVEL_ERROR, "error: failed to parse client address2\n" ); + return NULL; + } + + + struct netcode_socket_t socket_ipv4; + struct netcode_socket_t socket_ipv6; + + memset( &socket_ipv4, 0, sizeof( socket_ipv4 ) ); + memset( &socket_ipv6, 0, sizeof( socket_ipv6 ) ); + + if ( address1.type == NETCODE_ADDRESS_IPV4 || address2.type == NETCODE_ADDRESS_IPV4 ) + { + if ( !netcode_client_socket_create( &socket_ipv4, address1.type == NETCODE_ADDRESS_IPV4 ? &address1 : &address2, NETCODE_CLIENT_SOCKET_SNDBUF_SIZE, NETCODE_CLIENT_SOCKET_RCVBUF_SIZE, config ) ) + { + return NULL; + } + } + + if ( address1.type == NETCODE_ADDRESS_IPV6 || address2.type == NETCODE_ADDRESS_IPV6 ) + { + if ( !netcode_client_socket_create( &socket_ipv6, address1.type == NETCODE_ADDRESS_IPV6 ? &address1 : &address2, NETCODE_CLIENT_SOCKET_SNDBUF_SIZE, NETCODE_CLIENT_SOCKET_RCVBUF_SIZE, config ) ) + { + return NULL; + } + } + + struct netcode_client_t * client = (struct netcode_client_t*) config->allocate_function( config->allocator_context, sizeof( struct netcode_client_t ) ); + + if ( !client ) + { + netcode_socket_destroy( &socket_ipv4 ); + netcode_socket_destroy( &socket_ipv6 ); + return NULL; + } + + struct netcode_address_t socket_address = address1.type == NETCODE_ADDRESS_IPV4 ? socket_ipv4.address : socket_ipv6.address; + + if ( !config->network_simulator ) + { + netcode_printf( NETCODE_LOG_LEVEL_INFO, "client started on port %d\n", socket_address.port ); + } + else + { + netcode_printf( NETCODE_LOG_LEVEL_INFO, "client started on port %d (network simulator)\n", socket_address.port ); + } + + client->config = *config; + client->socket_holder.ipv4 = socket_ipv4; + client->socket_holder.ipv6 = socket_ipv6; + client->address = config->network_simulator ? address1 : socket_address; + client->state = NETCODE_CLIENT_STATE_DISCONNECTED; + client->time = time; + client->connect_start_time = 0.0; + client->last_packet_send_time = -1000.0; + client->last_packet_receive_time = -1000.0; + client->should_disconnect = 0; + client->should_disconnect_state = NETCODE_CLIENT_STATE_DISCONNECTED; + client->sequence = 0; + client->client_index = 0; + client->max_clients = 0; + client->server_address_index = 0; + client->challenge_token_sequence = 0; + client->loopback = 0; + memset( &client->server_address, 0, sizeof( struct netcode_address_t ) ); + memset( &client->connect_token, 0, sizeof( struct netcode_connect_token_t ) ); + memset( &client->context, 0, sizeof( struct netcode_context_t ) ); + memset( client->challenge_token_data, 0, NETCODE_CHALLENGE_TOKEN_BYTES ); + + netcode_packet_queue_init( &client->packet_receive_queue, config->allocator_context, config->allocate_function, config->free_function ); + + netcode_replay_protection_reset( &client->replay_protection ); + + return client; +} + +struct netcode_client_t * netcode_client_create( NETCODE_CONST char * address, + NETCODE_CONST struct netcode_client_config_t * config, + double time ) +{ + return netcode_client_create_overload( address, NULL, config, time ); +} + +void netcode_client_destroy( struct netcode_client_t * client ) +{ + netcode_assert( client ); + if ( !client->loopback ) + netcode_client_disconnect( client ); + else + netcode_client_disconnect_loopback( client ); + netcode_socket_destroy( &client->socket_holder.ipv4 ); + netcode_socket_destroy( &client->socket_holder.ipv6 ); + netcode_packet_queue_clear( &client->packet_receive_queue ); + client->config.free_function( client->config.allocator_context, client ); +} + +void netcode_client_set_state( struct netcode_client_t * client, int client_state ) +{ + netcode_printf( NETCODE_LOG_LEVEL_DEBUG, "client changed state from '%s' to '%s'\n", + netcode_client_state_name( client->state ), netcode_client_state_name( client_state ) ); + + if ( client->config.state_change_callback ) + { + client->config.state_change_callback( client->config.callback_context, client->state, client_state ); + } + + client->state = client_state; +} + +void netcode_client_reset_before_next_connect( struct netcode_client_t * client ) +{ + client->connect_start_time = client->time; + client->last_packet_send_time = client->time - 1.0f; + client->last_packet_receive_time = client->time; + client->should_disconnect = 0; + client->should_disconnect_state = NETCODE_CLIENT_STATE_DISCONNECTED; + client->challenge_token_sequence = 0; + + memset( client->challenge_token_data, 0, NETCODE_CHALLENGE_TOKEN_BYTES ); + + netcode_replay_protection_reset( &client->replay_protection ); +} + +void netcode_client_reset_connection_data( struct netcode_client_t * client, int client_state ) +{ + netcode_assert( client ); + + client->sequence = 0; + client->loopback = 0; + client->client_index = 0; + client->max_clients = 0; + client->connect_start_time = 0.0; + client->server_address_index = 0; + memset( &client->server_address, 0, sizeof( struct netcode_address_t ) ); + memset( &client->connect_token, 0, sizeof( struct netcode_connect_token_t ) ); + memset( &client->context, 0, sizeof( struct netcode_context_t ) ); + + netcode_client_set_state( client, client_state ); + + netcode_client_reset_before_next_connect( client ); + + while ( 1 ) + { + void * packet = netcode_packet_queue_pop( &client->packet_receive_queue, NULL ); + if ( !packet ) + break; + client->config.free_function( client->config.allocator_context, packet ); + } + + netcode_packet_queue_clear( &client->packet_receive_queue ); +} + +void netcode_client_disconnect_internal( struct netcode_client_t * client, int destination_state, int send_disconnect_packets ); + +void netcode_client_connect( struct netcode_client_t * client, uint8_t * connect_token ) +{ + netcode_assert( client ); + netcode_assert( connect_token ); + + netcode_client_disconnect( client ); + + if ( netcode_read_connect_token( connect_token, NETCODE_CONNECT_TOKEN_BYTES, &client->connect_token ) != NETCODE_OK ) + { + netcode_client_set_state( client, NETCODE_CLIENT_STATE_INVALID_CONNECT_TOKEN ); + return; + } + + client->server_address_index = 0; + client->server_address = client->connect_token.server_addresses[0]; + + char server_address_string[NETCODE_MAX_ADDRESS_STRING_LENGTH]; + + netcode_printf( NETCODE_LOG_LEVEL_INFO, "client connecting to server %s [%d/%d]\n", + netcode_address_to_string( &client->server_address, server_address_string ), client->server_address_index + 1, client->connect_token.num_server_addresses ); + + memcpy( client->context.read_packet_key, client->connect_token.server_to_client_key, NETCODE_KEY_BYTES ); + memcpy( client->context.write_packet_key, client->connect_token.client_to_server_key, NETCODE_KEY_BYTES ); + + netcode_client_reset_before_next_connect( client ); + + netcode_client_set_state( client, NETCODE_CLIENT_STATE_SENDING_CONNECTION_REQUEST ); +} + +void netcode_client_process_packet_internal( struct netcode_client_t * client, struct netcode_address_t * from, uint8_t * packet, uint64_t sequence ) +{ + netcode_assert( client ); + netcode_assert( packet ); + + uint8_t packet_type = ( (uint8_t*) packet ) [0]; + + switch ( packet_type ) + { + case NETCODE_CONNECTION_DENIED_PACKET: + { + if ( ( client->state == NETCODE_CLIENT_STATE_SENDING_CONNECTION_REQUEST || + client->state == NETCODE_CLIENT_STATE_SENDING_CONNECTION_RESPONSE ) + && + netcode_address_equal( from, &client->server_address ) ) + { + client->should_disconnect = 1; + client->should_disconnect_state = NETCODE_CLIENT_STATE_CONNECTION_DENIED; + client->last_packet_receive_time = client->time; + } + } + break; + + case NETCODE_CONNECTION_CHALLENGE_PACKET: + { + if ( client->state == NETCODE_CLIENT_STATE_SENDING_CONNECTION_REQUEST && netcode_address_equal( from, &client->server_address ) ) + { + netcode_printf( NETCODE_LOG_LEVEL_DEBUG, "client received connection challenge packet from server\n" ); + + struct netcode_connection_challenge_packet_t * p = (struct netcode_connection_challenge_packet_t*) packet; + client->challenge_token_sequence = p->challenge_token_sequence; + memcpy( client->challenge_token_data, p->challenge_token_data, NETCODE_CHALLENGE_TOKEN_BYTES ); + client->last_packet_receive_time = client->time; + + netcode_client_set_state( client, NETCODE_CLIENT_STATE_SENDING_CONNECTION_RESPONSE ); + } + } + break; + + case NETCODE_CONNECTION_KEEP_ALIVE_PACKET: + { + if ( netcode_address_equal( from, &client->server_address ) ) + { + struct netcode_connection_keep_alive_packet_t * p = (struct netcode_connection_keep_alive_packet_t*) packet; + + if ( client->state == NETCODE_CLIENT_STATE_CONNECTED ) + { + netcode_printf( NETCODE_LOG_LEVEL_DEBUG, "client received connection keep alive packet from server\n" ); + + client->last_packet_receive_time = client->time; + } + else if ( client->state == NETCODE_CLIENT_STATE_SENDING_CONNECTION_RESPONSE ) + { + netcode_printf( NETCODE_LOG_LEVEL_DEBUG, "client received connection keep alive packet from server\n" ); + + client->last_packet_receive_time = client->time; + client->client_index = p->client_index; + client->max_clients = p->max_clients; + + netcode_client_set_state( client, NETCODE_CLIENT_STATE_CONNECTED ); + + netcode_printf( NETCODE_LOG_LEVEL_INFO, "client connected to server\n" ); + } + } + } + break; + + case NETCODE_CONNECTION_PAYLOAD_PACKET: + { + if ( client->state == NETCODE_CLIENT_STATE_CONNECTED && netcode_address_equal( from, &client->server_address ) ) + { + netcode_printf( NETCODE_LOG_LEVEL_DEBUG, "client received connection payload packet from server\n" ); + + netcode_packet_queue_push( &client->packet_receive_queue, packet, sequence ); + + client->last_packet_receive_time = client->time; + + return; + } + } + break; + + case NETCODE_CONNECTION_DISCONNECT_PACKET: + { + if ( client->state == NETCODE_CLIENT_STATE_CONNECTED && netcode_address_equal( from, &client->server_address ) ) + { + netcode_printf( NETCODE_LOG_LEVEL_DEBUG, "client received disconnect packet from server\n" ); + + client->should_disconnect = 1; + client->should_disconnect_state = NETCODE_CLIENT_STATE_DISCONNECTED; + client->last_packet_receive_time = client->time; + } + } + break; + + default: + break; + } + + client->config.free_function( client->config.allocator_context, packet ); +} + +void netcode_client_process_packet( struct netcode_client_t * client, struct netcode_address_t * from, uint8_t * packet_data, int packet_bytes ) +{ + (void) client; + (void) from; + (void) packet_data; + (void) packet_bytes; + + uint8_t allowed_packets[NETCODE_CONNECTION_NUM_PACKETS]; + memset( allowed_packets, 0, sizeof( allowed_packets ) ); + allowed_packets[NETCODE_CONNECTION_DENIED_PACKET] = 1; + allowed_packets[NETCODE_CONNECTION_CHALLENGE_PACKET] = 1; + allowed_packets[NETCODE_CONNECTION_KEEP_ALIVE_PACKET] = 1; + allowed_packets[NETCODE_CONNECTION_PAYLOAD_PACKET] = 1; + allowed_packets[NETCODE_CONNECTION_DISCONNECT_PACKET] = 1; + + uint64_t current_timestamp = (uint64_t) time( NULL ); + + uint64_t sequence; + + void * packet = netcode_read_packet( packet_data, + packet_bytes, + &sequence, + client->context.read_packet_key, + client->connect_token.protocol_id, + current_timestamp, + NULL, + allowed_packets, + &client->replay_protection, + client->config.allocator_context, + client->config.allocate_function ); + + if ( !packet ) + return; + + netcode_client_process_packet_internal( client, from, (uint8_t*)packet, sequence ); +} + +void netcode_client_receive_packets( struct netcode_client_t * client ) +{ + netcode_assert( client ); + netcode_assert( !client->loopback ); + + uint8_t allowed_packets[NETCODE_CONNECTION_NUM_PACKETS]; + memset( allowed_packets, 0, sizeof( allowed_packets ) ); + allowed_packets[NETCODE_CONNECTION_DENIED_PACKET] = 1; + allowed_packets[NETCODE_CONNECTION_CHALLENGE_PACKET] = 1; + allowed_packets[NETCODE_CONNECTION_KEEP_ALIVE_PACKET] = 1; + allowed_packets[NETCODE_CONNECTION_PAYLOAD_PACKET] = 1; + allowed_packets[NETCODE_CONNECTION_DISCONNECT_PACKET] = 1; + + uint64_t current_timestamp = (uint64_t) time( NULL ); + + if ( !client->config.network_simulator ) + { + // process packets received from socket + + while ( 1 ) + { + struct netcode_address_t from; + uint8_t packet_data[NETCODE_MAX_PACKET_BYTES]; + int packet_bytes = 0; + + if ( client->config.override_send_and_receive ) + { + packet_bytes = client->config.receive_packet_override( client->config.callback_context, &from, packet_data, NETCODE_MAX_PACKET_BYTES ); + } + else if ( client->server_address.type == NETCODE_ADDRESS_IPV4 ) + { + packet_bytes = netcode_socket_receive_packet( &client->socket_holder.ipv4, &from, packet_data, NETCODE_MAX_PACKET_BYTES ); + } + else if ( client->server_address.type == NETCODE_ADDRESS_IPV6 ) + { + packet_bytes = netcode_socket_receive_packet( &client->socket_holder.ipv6, &from, packet_data, NETCODE_MAX_PACKET_BYTES ); + } + + if ( packet_bytes == 0 ) + break; + + uint64_t sequence; + void * packet = netcode_read_packet( packet_data, + packet_bytes, + &sequence, + client->context.read_packet_key, + client->connect_token.protocol_id, + current_timestamp, + NULL, + allowed_packets, + &client->replay_protection, + client->config.allocator_context, + client->config.allocate_function ); + + if ( !packet ) + continue; + + netcode_client_process_packet_internal( client, &from, (uint8_t*)packet, sequence ); + } + } + else + { + // process packets received from network simulator + + int num_packets_received = netcode_network_simulator_receive_packets( client->config.network_simulator, + &client->address, + NETCODE_CLIENT_MAX_RECEIVE_PACKETS, + client->receive_packet_data, + client->receive_packet_bytes, + client->receive_from ); + + int i; + for ( i = 0; i < num_packets_received; ++i ) + { + uint64_t sequence; + + void * packet = netcode_read_packet( client->receive_packet_data[i], + client->receive_packet_bytes[i], + &sequence, + client->context.read_packet_key, + client->connect_token.protocol_id, + current_timestamp, + NULL, + allowed_packets, + &client->replay_protection, + client->config.allocator_context, + client->config.allocate_function ); + + client->config.free_function( client->config.allocator_context, client->receive_packet_data[i] ); + + if ( !packet ) + continue; + + netcode_client_process_packet_internal( client, &client->receive_from[i], (uint8_t*)packet, sequence ); + } + } +} + +void netcode_client_send_packet_to_server_internal( struct netcode_client_t * client, void * packet ) +{ + netcode_assert( client ); + netcode_assert( !client->loopback ); + + uint8_t packet_data[NETCODE_MAX_PACKET_BYTES]; + + int packet_bytes = netcode_write_packet( packet, + packet_data, + NETCODE_MAX_PACKET_BYTES, + client->sequence++, + client->context.write_packet_key, + client->connect_token.protocol_id ); + + netcode_assert( packet_bytes <= NETCODE_MAX_PACKET_BYTES ); + + if ( client->config.network_simulator ) + { + netcode_network_simulator_send_packet( client->config.network_simulator, &client->address, &client->server_address, packet_data, packet_bytes ); + } + else + { + if ( client->config.override_send_and_receive ) + { + client->config.send_packet_override( client->config.callback_context, &client->server_address, packet_data, packet_bytes ); + } + else if ( client->server_address.type == NETCODE_ADDRESS_IPV4 ) + { + netcode_socket_send_packet( &client->socket_holder.ipv4, &client->server_address, packet_data, packet_bytes ); + } + else if ( client->server_address.type == NETCODE_ADDRESS_IPV6 ) + { + netcode_socket_send_packet( &client->socket_holder.ipv6, &client->server_address, packet_data, packet_bytes ); + } + } + + client->last_packet_send_time = client->time; +} + +void netcode_client_send_packets( struct netcode_client_t * client ) +{ + netcode_assert( client ); + netcode_assert( !client->loopback ); + + switch ( client->state ) + { + case NETCODE_CLIENT_STATE_SENDING_CONNECTION_REQUEST: + { + if ( client->last_packet_send_time + ( 1.0 / NETCODE_PACKET_SEND_RATE ) >= client->time ) + return; + + netcode_printf( NETCODE_LOG_LEVEL_DEBUG, "client sent connection request packet to server\n" ); + + struct netcode_connection_request_packet_t packet; + packet.packet_type = NETCODE_CONNECTION_REQUEST_PACKET; + memcpy( packet.version_info, NETCODE_VERSION_INFO, NETCODE_VERSION_INFO_BYTES ); + packet.protocol_id = client->connect_token.protocol_id; + packet.connect_token_expire_timestamp = client->connect_token.expire_timestamp; + memcpy( packet.connect_token_nonce, client->connect_token.nonce, NETCODE_CONNECT_TOKEN_NONCE_BYTES ); + memcpy( packet.connect_token_data, client->connect_token.private_data, NETCODE_CONNECT_TOKEN_PRIVATE_BYTES ); + + netcode_client_send_packet_to_server_internal( client, &packet ); + } + break; + + case NETCODE_CLIENT_STATE_SENDING_CONNECTION_RESPONSE: + { + if ( client->last_packet_send_time + ( 1.0 / NETCODE_PACKET_SEND_RATE ) >= client->time ) + return; + + netcode_printf( NETCODE_LOG_LEVEL_DEBUG, "client sent connection response packet to server\n" ); + + struct netcode_connection_response_packet_t packet; + packet.packet_type = NETCODE_CONNECTION_RESPONSE_PACKET; + packet.challenge_token_sequence = client->challenge_token_sequence; + memcpy( packet.challenge_token_data, client->challenge_token_data, NETCODE_CHALLENGE_TOKEN_BYTES ); + + netcode_client_send_packet_to_server_internal( client, &packet ); + } + break; + + case NETCODE_CLIENT_STATE_CONNECTED: + { + if ( client->last_packet_send_time + ( 1.0 / NETCODE_PACKET_SEND_RATE ) >= client->time ) + return; + + netcode_printf( NETCODE_LOG_LEVEL_DEBUG, "client sent connection keep-alive packet to server\n" ); + + struct netcode_connection_keep_alive_packet_t packet; + packet.packet_type = NETCODE_CONNECTION_KEEP_ALIVE_PACKET; + packet.client_index = 0; + packet.max_clients = 0; + + netcode_client_send_packet_to_server_internal( client, &packet ); + } + break; + + default: + break; + } +} + +int netcode_client_connect_to_next_server( struct netcode_client_t * client ) +{ + netcode_assert( client ); + + if ( client->server_address_index + 1 >= client->connect_token.num_server_addresses ) + { + netcode_printf( NETCODE_LOG_LEVEL_DEBUG, "client has no more servers to connect to\n" ); + return 0; + } + + client->server_address_index++; + client->server_address = client->connect_token.server_addresses[client->server_address_index]; + + netcode_client_reset_before_next_connect( client ); + + char server_address_string[NETCODE_MAX_ADDRESS_STRING_LENGTH]; + + netcode_printf( NETCODE_LOG_LEVEL_INFO, "client connecting to next server %s [%d/%d]\n", + netcode_address_to_string( &client->server_address, server_address_string ), + client->server_address_index + 1, + client->connect_token.num_server_addresses ); + + netcode_client_set_state( client, NETCODE_CLIENT_STATE_SENDING_CONNECTION_REQUEST ); + + return 1; +} + +void netcode_client_update( struct netcode_client_t * client, double time ) +{ + netcode_assert( client ); + + client->time = time; + + if ( client->loopback ) + return; + + netcode_client_receive_packets( client ); + + netcode_client_send_packets( client ); + + if ( client->state > NETCODE_CLIENT_STATE_DISCONNECTED && client->state < NETCODE_CLIENT_STATE_CONNECTED ) + { + uint64_t connect_token_expire_seconds = ( client->connect_token.expire_timestamp - client->connect_token.create_timestamp ); + if ( client->time - client->connect_start_time >= connect_token_expire_seconds ) + { + netcode_printf( NETCODE_LOG_LEVEL_INFO, "client connect failed. connect token expired\n" ); + netcode_client_disconnect_internal( client, NETCODE_CLIENT_STATE_CONNECT_TOKEN_EXPIRED, 0 ); + return; + } + } + + if ( client->should_disconnect ) + { + netcode_printf( NETCODE_LOG_LEVEL_DEBUG, "client should disconnect -> %s\n", netcode_client_state_name( client->should_disconnect_state ) ); + if ( netcode_client_connect_to_next_server( client ) ) + return; + netcode_client_disconnect_internal( client, client->should_disconnect_state, 0 ); + return; + } + + switch ( client->state ) + { + case NETCODE_CLIENT_STATE_SENDING_CONNECTION_REQUEST: + { + if ( client->connect_token.timeout_seconds > 0 && client->last_packet_receive_time + client->connect_token.timeout_seconds < time ) + { + netcode_printf( NETCODE_LOG_LEVEL_INFO, "client connect failed. connection request timed out\n" ); + if ( netcode_client_connect_to_next_server( client ) ) + return; + netcode_client_disconnect_internal( client, NETCODE_CLIENT_STATE_CONNECTION_REQUEST_TIMED_OUT, 0 ); + return; + } + } + break; + + case NETCODE_CLIENT_STATE_SENDING_CONNECTION_RESPONSE: + { + if ( client->connect_token.timeout_seconds > 0 && client->last_packet_receive_time + client->connect_token.timeout_seconds < time ) + { + netcode_printf( NETCODE_LOG_LEVEL_INFO, "client connect failed. connection response timed out\n" ); + if ( netcode_client_connect_to_next_server( client ) ) + return; + netcode_client_disconnect_internal( client, NETCODE_CLIENT_STATE_CONNECTION_RESPONSE_TIMED_OUT, 0 ); + return; + } + } + break; + + case NETCODE_CLIENT_STATE_CONNECTED: + { + if ( client->connect_token.timeout_seconds > 0 && client->last_packet_receive_time + client->connect_token.timeout_seconds < time ) + { + netcode_printf( NETCODE_LOG_LEVEL_INFO, "client connection timed out\n" ); + netcode_client_disconnect_internal( client, NETCODE_CLIENT_STATE_CONNECTION_TIMED_OUT, 0 ); + return; + } + } + break; + + default: + break; + } +} + +uint64_t netcode_client_next_packet_sequence( struct netcode_client_t * client ) +{ + netcode_assert( client ); + return client->sequence; +} + +void netcode_client_send_packet( struct netcode_client_t * client, NETCODE_CONST uint8_t * packet_data, int packet_bytes ) +{ + netcode_assert( client ); + netcode_assert( packet_data ); + netcode_assert( packet_bytes >= 0 ); + netcode_assert( packet_bytes <= NETCODE_MAX_PACKET_SIZE ); + + if ( client->state != NETCODE_CLIENT_STATE_CONNECTED ) + return; + + if ( !client->loopback ) + { + uint8_t buffer[NETCODE_MAX_PAYLOAD_BYTES*2]; + + struct netcode_connection_payload_packet_t * packet = (struct netcode_connection_payload_packet_t*) buffer; + + packet->packet_type = NETCODE_CONNECTION_PAYLOAD_PACKET; + packet->payload_bytes = packet_bytes; + memcpy( packet->payload_data, packet_data, packet_bytes ); + + netcode_client_send_packet_to_server_internal( client, packet ); + } + else + { + client->config.send_loopback_packet_callback( client->config.callback_context, + client->client_index, + packet_data, + packet_bytes, + client->sequence++ ); + } +} + +uint8_t * netcode_client_receive_packet( struct netcode_client_t * client, int * packet_bytes, uint64_t * packet_sequence ) +{ + netcode_assert( client ); + netcode_assert( packet_bytes ); + + struct netcode_connection_payload_packet_t * packet = (struct netcode_connection_payload_packet_t*) + netcode_packet_queue_pop( &client->packet_receive_queue, packet_sequence ); + + if ( packet ) + { + netcode_assert( packet->packet_type == NETCODE_CONNECTION_PAYLOAD_PACKET ); + *packet_bytes = packet->payload_bytes; + netcode_assert( *packet_bytes >= 0 ); + netcode_assert( *packet_bytes <= NETCODE_MAX_PAYLOAD_BYTES ); + return (uint8_t*) &packet->payload_data; + } + else + { + return NULL; + } +} + +void netcode_client_free_packet( struct netcode_client_t * client, void * packet ) +{ + netcode_assert( client ); + netcode_assert( packet ); + uint8_t * packet_data = (uint8_t*) packet; + int offset = offsetof( struct netcode_connection_payload_packet_t, payload_data ); + client->config.free_function( client->config.allocator_context, packet_data - offset ); +} + +void netcode_client_disconnect( struct netcode_client_t * client ) +{ + netcode_assert( client ); + netcode_assert( !client->loopback ); + netcode_client_disconnect_internal( client, NETCODE_CLIENT_STATE_DISCONNECTED, 1 ); +} + +void netcode_client_disconnect_internal( struct netcode_client_t * client, int destination_state, int send_disconnect_packets ) +{ + netcode_assert( !client->loopback ); + netcode_assert( destination_state <= NETCODE_CLIENT_STATE_DISCONNECTED ); + + if ( client->state <= NETCODE_CLIENT_STATE_DISCONNECTED || client->state == destination_state ) + return; + + netcode_printf( NETCODE_LOG_LEVEL_INFO, "client disconnected\n" ); + + if ( !client->loopback && send_disconnect_packets && client->state > NETCODE_CLIENT_STATE_DISCONNECTED ) + { + netcode_printf( NETCODE_LOG_LEVEL_DEBUG, "client sent disconnect packets to server\n" ); + + int i; + for ( i = 0; i < NETCODE_NUM_DISCONNECT_PACKETS; ++i ) + { + netcode_printf( NETCODE_LOG_LEVEL_DEBUG, "client sent disconnect packet %d\n", i ); + + struct netcode_connection_disconnect_packet_t packet; + packet.packet_type = NETCODE_CONNECTION_DISCONNECT_PACKET; + + netcode_client_send_packet_to_server_internal( client, &packet ); + } + } + + netcode_client_reset_connection_data( client, destination_state ); +} + +int netcode_client_state( struct netcode_client_t * client ) +{ + netcode_assert( client ); + return client->state; +} + +int netcode_client_index( struct netcode_client_t * client ) +{ + netcode_assert( client ); + return client->client_index; +} + +int netcode_client_max_clients( struct netcode_client_t * client ) +{ + netcode_assert( client ); + return client->max_clients; +} + +void netcode_client_connect_loopback( struct netcode_client_t * client, int client_index, int max_clients ) +{ + netcode_assert( client ); + netcode_assert( client->state <= NETCODE_CLIENT_STATE_DISCONNECTED ); + netcode_printf( NETCODE_LOG_LEVEL_INFO, "client connected to server via loopback as client %d\n", client_index ); + client->state = NETCODE_CLIENT_STATE_CONNECTED; + client->client_index = client_index; + client->max_clients = max_clients; + client->loopback = 1; +} + +void netcode_client_disconnect_loopback( struct netcode_client_t * client ) +{ + netcode_assert( client ); + netcode_assert( client->loopback ); + netcode_client_reset_connection_data( client, NETCODE_CLIENT_STATE_DISCONNECTED ); +} + +int netcode_client_loopback( struct netcode_client_t * client ) +{ + netcode_assert( client ); + return client->loopback; +} + +void netcode_client_process_loopback_packet( struct netcode_client_t * client, NETCODE_CONST uint8_t * packet_data, int packet_bytes, uint64_t packet_sequence ) +{ + netcode_assert( client ); + netcode_assert( client->loopback ); + struct netcode_connection_payload_packet_t * packet = netcode_create_payload_packet( packet_bytes, client->config.allocator_context, client->config.allocate_function ); + if ( !packet ) + return; + memcpy( packet->payload_data, packet_data, packet_bytes ); + netcode_printf( NETCODE_LOG_LEVEL_DEBUG, "client processing loopback packet from server\n" ); + netcode_packet_queue_push( &client->packet_receive_queue, packet, packet_sequence ); +} + +uint16_t netcode_client_get_port( struct netcode_client_t * client ) +{ + netcode_assert( client ); + return client->address.type == NETCODE_ADDRESS_IPV4 ? client->socket_holder.ipv4.address.port : client->socket_holder.ipv6.address.port; +} + +struct netcode_address_t * netcode_client_server_address( struct netcode_client_t * client ) +{ + netcode_assert( client ); + return &client->server_address; +} + +// ---------------------------------------------------------------- + +#define NETCODE_MAX_ENCRYPTION_MAPPINGS ( NETCODE_MAX_CLIENTS * 4 ) + +struct netcode_encryption_manager_t +{ + int num_encryption_mappings; + int timeout[NETCODE_MAX_ENCRYPTION_MAPPINGS]; + double expire_time[NETCODE_MAX_ENCRYPTION_MAPPINGS]; + double last_access_time[NETCODE_MAX_ENCRYPTION_MAPPINGS]; + struct netcode_address_t address[NETCODE_MAX_ENCRYPTION_MAPPINGS]; + int client_index[NETCODE_MAX_ENCRYPTION_MAPPINGS]; + uint8_t send_key[NETCODE_KEY_BYTES*NETCODE_MAX_ENCRYPTION_MAPPINGS]; + uint8_t receive_key[NETCODE_KEY_BYTES*NETCODE_MAX_ENCRYPTION_MAPPINGS]; +}; + +void netcode_encryption_manager_reset( struct netcode_encryption_manager_t * encryption_manager ) +{ + netcode_printf( NETCODE_LOG_LEVEL_DEBUG, "reset encryption manager\n" ); + + netcode_assert( encryption_manager ); + + encryption_manager->num_encryption_mappings = 0; + + int i; + for ( i = 0; i < NETCODE_MAX_ENCRYPTION_MAPPINGS; ++i ) + { + encryption_manager->client_index[i] = -1; + encryption_manager->expire_time[i] = -1.0; + encryption_manager->last_access_time[i] = -1000.0; + memset( &encryption_manager->address[i], 0, sizeof( struct netcode_address_t ) ); + } + + memset( encryption_manager->timeout, 0, sizeof( encryption_manager->timeout ) ); + memset( encryption_manager->send_key, 0, sizeof( encryption_manager->send_key ) ); + memset( encryption_manager->receive_key, 0, sizeof( encryption_manager->receive_key ) ); +} + +int netcode_encryption_manager_entry_expired( struct netcode_encryption_manager_t * encryption_manager, int index, double time ) +{ + return ( encryption_manager->timeout[index] > 0 && ( encryption_manager->last_access_time[index] + encryption_manager->timeout[index] ) < time ) || + ( encryption_manager->expire_time[index] >= 0.0 && encryption_manager->expire_time[index] < time ); +} + +int netcode_encryption_manager_add_encryption_mapping( struct netcode_encryption_manager_t * encryption_manager, + struct netcode_address_t * address, + uint8_t * send_key, + uint8_t * receive_key, + double time, + double expire_time, + int timeout ) +{ + int i; + for ( i = 0; i < encryption_manager->num_encryption_mappings; ++i ) + { + if ( netcode_address_equal( &encryption_manager->address[i], address ) && !netcode_encryption_manager_entry_expired( encryption_manager, i, time ) ) + { + encryption_manager->timeout[i] = timeout; + encryption_manager->expire_time[i] = expire_time; + encryption_manager->last_access_time[i] = time; + memcpy( encryption_manager->send_key + i * NETCODE_KEY_BYTES, send_key, NETCODE_KEY_BYTES ); + memcpy( encryption_manager->receive_key + i * NETCODE_KEY_BYTES, receive_key, NETCODE_KEY_BYTES ); + return 1; + } + } + + for ( i = 0; i < NETCODE_MAX_ENCRYPTION_MAPPINGS; ++i ) + { + if ( encryption_manager->address[i].type == NETCODE_ADDRESS_NONE || + ( netcode_encryption_manager_entry_expired( encryption_manager, i, time ) && encryption_manager->client_index[i] == -1 ) ) + { + encryption_manager->timeout[i] = timeout; + encryption_manager->address[i] = *address; + encryption_manager->expire_time[i] = expire_time; + encryption_manager->last_access_time[i] = time; + memcpy( encryption_manager->send_key + i * NETCODE_KEY_BYTES, send_key, NETCODE_KEY_BYTES ); + memcpy( encryption_manager->receive_key + i * NETCODE_KEY_BYTES, receive_key, NETCODE_KEY_BYTES ); + if ( i + 1 > encryption_manager->num_encryption_mappings ) + encryption_manager->num_encryption_mappings = i + 1; + return 1; + } + } + + return 0; +} + +int netcode_encryption_manager_remove_encryption_mapping( struct netcode_encryption_manager_t * encryption_manager, struct netcode_address_t * address, double time ) +{ + netcode_assert( encryption_manager ); + netcode_assert( address ); + + int i; + for ( i = 0; i < encryption_manager->num_encryption_mappings; ++i ) + { + if ( netcode_address_equal( &encryption_manager->address[i], address ) ) + { + encryption_manager->expire_time[i] = -1.0; + encryption_manager->last_access_time[i] = -1000.0; + memset( &encryption_manager->address[i], 0, sizeof( struct netcode_address_t ) ); + memset( encryption_manager->send_key + i * NETCODE_KEY_BYTES, 0, NETCODE_KEY_BYTES ); + memset( encryption_manager->receive_key + i * NETCODE_KEY_BYTES, 0, NETCODE_KEY_BYTES ); + + if ( i + 1 == encryption_manager->num_encryption_mappings ) + { + int index = i - 1; + while ( index >= 0 ) + { + if ( !netcode_encryption_manager_entry_expired( encryption_manager, index, time ) || encryption_manager->client_index[index] != -1 ) + { + break; + } + encryption_manager->address[index].type = NETCODE_ADDRESS_NONE; + index--; + } + encryption_manager->num_encryption_mappings = index + 1; + } + + return 1; + } + } + + return 0; +} + +int netcode_encryption_manager_find_encryption_mapping( struct netcode_encryption_manager_t * encryption_manager, struct netcode_address_t * address, double time ) +{ + int i; + for ( i = 0; i < encryption_manager->num_encryption_mappings; ++i ) + { + if ( netcode_address_equal( &encryption_manager->address[i], address ) && !netcode_encryption_manager_entry_expired( encryption_manager, i, time ) ) + { + encryption_manager->last_access_time[i] = time; + return i; + } + } + return -1; +} + +int netcode_encryption_manager_touch( struct netcode_encryption_manager_t * encryption_manager, int index, struct netcode_address_t * address, double time ) +{ + netcode_assert( index >= 0 ); + netcode_assert( index < encryption_manager->num_encryption_mappings ); + if ( !netcode_address_equal( &encryption_manager->address[index], address ) ) + return 0; + encryption_manager->last_access_time[index] = time; + return 1; +} + +void netcode_encryption_manager_set_expire_time( struct netcode_encryption_manager_t * encryption_manager, int index, double expire_time ) +{ + netcode_assert( index >= 0 ); + netcode_assert( index < encryption_manager->num_encryption_mappings ); + encryption_manager->expire_time[index] = expire_time; +} + + +uint8_t * netcode_encryption_manager_get_send_key( struct netcode_encryption_manager_t * encryption_manager, int index ) +{ + netcode_assert( encryption_manager ); + if ( index == -1 ) + return NULL; + netcode_assert( index >= 0 ); + netcode_assert( index < encryption_manager->num_encryption_mappings ); + return encryption_manager->send_key + index * NETCODE_KEY_BYTES; +} + +uint8_t * netcode_encryption_manager_get_receive_key( struct netcode_encryption_manager_t * encryption_manager, int index ) +{ + netcode_assert( encryption_manager ); + if ( index == -1 ) + return NULL; + netcode_assert( index >= 0 ); + netcode_assert( index < encryption_manager->num_encryption_mappings ); + return encryption_manager->receive_key + index * NETCODE_KEY_BYTES; +} + +int netcode_encryption_manager_get_timeout( struct netcode_encryption_manager_t * encryption_manager, int index ) +{ + netcode_assert( encryption_manager ); + if ( index == -1 ) + return 0; + netcode_assert( index >= 0 ); + netcode_assert( index < encryption_manager->num_encryption_mappings ); + return encryption_manager->timeout[index]; +} + +// ---------------------------------------------------------------- + +#define NETCODE_MAX_CONNECT_TOKEN_ENTRIES ( NETCODE_MAX_CLIENTS * 8 ) + +struct netcode_connect_token_entry_t +{ + double time; + uint8_t mac[NETCODE_MAC_BYTES]; + struct netcode_address_t address; +}; + +void netcode_connect_token_entries_reset( struct netcode_connect_token_entry_t * connect_token_entries ) +{ + int i; + for ( i = 0; i < NETCODE_MAX_CONNECT_TOKEN_ENTRIES; ++i ) + { + connect_token_entries[i].time = -1000.0; + memset( connect_token_entries[i].mac, 0, NETCODE_MAC_BYTES ); + memset( &connect_token_entries[i].address, 0, sizeof( struct netcode_address_t ) ); + } +} + +int netcode_connect_token_entries_find_or_add( struct netcode_connect_token_entry_t * connect_token_entries, + struct netcode_address_t * address, + uint8_t * mac, + double time ) +{ + netcode_assert( connect_token_entries ); + netcode_assert( address ); + netcode_assert( mac ); + + // find the matching entry for the token mac and the oldest token entry. constant time worst case. This is intentional! + + int matching_token_index = -1; + int oldest_token_index = -1; + double oldest_token_time = 0.0; + + int i; + for ( i = 0; i < NETCODE_MAX_CONNECT_TOKEN_ENTRIES; ++i ) + { + if ( memcmp( mac, connect_token_entries[i].mac, NETCODE_MAC_BYTES ) == 0 ) + matching_token_index = i; + + if ( oldest_token_index == -1 || connect_token_entries[i].time < oldest_token_time ) + { + oldest_token_time = connect_token_entries[i].time; + oldest_token_index = i; + } + } + + // if no entry is found with the mac, this is a new connect token. replace the oldest token entry. + + netcode_assert( oldest_token_index != -1 ); + + if ( matching_token_index == -1 ) + { + connect_token_entries[oldest_token_index].time = time; + connect_token_entries[oldest_token_index].address = *address; + memcpy( connect_token_entries[oldest_token_index].mac, mac, NETCODE_MAC_BYTES ); + return 1; + } + + // allow connect tokens we have already seen from the same address + + netcode_assert( matching_token_index >= 0 ); + netcode_assert( matching_token_index < NETCODE_MAX_CONNECT_TOKEN_ENTRIES ); + if ( netcode_address_equal( &connect_token_entries[matching_token_index].address, address ) ) + return 1; + + return 0; +} + +// ---------------------------------------------------------------- + +#define NETCODE_SERVER_FLAG_IGNORE_CONNECTION_REQUEST_PACKETS 1 +#define NETCODE_SERVER_FLAG_IGNORE_CONNECTION_RESPONSE_PACKETS (1<<1) + +void netcode_default_server_config( struct netcode_server_config_t * config ) +{ + netcode_assert( config ); + config->allocator_context = NULL; + config->allocate_function = netcode_default_allocate_function; + config->free_function = netcode_default_free_function; + config->network_simulator = NULL; + config->callback_context = NULL; + config->connect_disconnect_callback = NULL; + config->send_loopback_packet_callback = NULL; + config->override_send_and_receive = 0; + config->send_packet_override = NULL; + config->receive_packet_override = NULL; +}; + +struct netcode_server_t +{ + struct netcode_server_config_t config; + struct netcode_socket_holder_t socket_holder; + struct netcode_address_t address; + uint32_t flags; + double time; + int running; + int max_clients; + int num_connected_clients; + uint64_t global_sequence; + uint64_t challenge_sequence; + uint8_t challenge_key[NETCODE_KEY_BYTES]; + int client_connected[NETCODE_MAX_CLIENTS]; + int client_timeout[NETCODE_MAX_CLIENTS]; + int client_loopback[NETCODE_MAX_CLIENTS]; + int client_confirmed[NETCODE_MAX_CLIENTS]; + int client_encryption_index[NETCODE_MAX_CLIENTS]; + uint64_t client_id[NETCODE_MAX_CLIENTS]; + uint64_t client_sequence[NETCODE_MAX_CLIENTS]; + double client_last_packet_send_time[NETCODE_MAX_CLIENTS]; + double client_last_packet_receive_time[NETCODE_MAX_CLIENTS]; + uint8_t client_user_data[NETCODE_MAX_CLIENTS][NETCODE_USER_DATA_BYTES]; + struct netcode_replay_protection_t client_replay_protection[NETCODE_MAX_CLIENTS]; + struct netcode_packet_queue_t client_packet_queue[NETCODE_MAX_CLIENTS]; + struct netcode_address_t client_address[NETCODE_MAX_CLIENTS]; + struct netcode_connect_token_entry_t connect_token_entries[NETCODE_MAX_CONNECT_TOKEN_ENTRIES]; + struct netcode_encryption_manager_t encryption_manager; + uint8_t * receive_packet_data[NETCODE_SERVER_MAX_RECEIVE_PACKETS]; + int receive_packet_bytes[NETCODE_SERVER_MAX_RECEIVE_PACKETS]; + struct netcode_address_t receive_from[NETCODE_SERVER_MAX_RECEIVE_PACKETS]; +}; + +int netcode_server_socket_create( struct netcode_socket_t * socket, + struct netcode_address_t * address, + int send_buffer_size, + int receive_buffer_size, + NETCODE_CONST struct netcode_server_config_t * config ) +{ + netcode_assert( socket ); + netcode_assert( address ); + netcode_assert( config ); + + if ( !config->network_simulator ) + { + if ( !config->override_send_and_receive ) + { + if ( netcode_socket_create( socket, address, send_buffer_size, receive_buffer_size ) != NETCODE_SOCKET_ERROR_NONE ) + { + return 0; + } + } + } + + return 1; +} + +struct netcode_server_t * netcode_server_create_overload( NETCODE_CONST char * server_address1_string, NETCODE_CONST char * server_address2_string, NETCODE_CONST struct netcode_server_config_t * config, double time ) +{ + netcode_assert( config ); + netcode_assert( netcode.initialized ); + + struct netcode_address_t server_address1; + struct netcode_address_t server_address2; + + memset( &server_address1, 0, sizeof( server_address1 ) ); + memset( &server_address2, 0, sizeof( server_address2 ) ); + + if ( netcode_parse_address( server_address1_string, &server_address1 ) != NETCODE_OK ) + { + netcode_printf( NETCODE_LOG_LEVEL_ERROR, "error: failed to parse server public address\n" ); + return NULL; + } + + if ( server_address2_string != NULL && netcode_parse_address( server_address2_string, &server_address2 ) != NETCODE_OK ) + { + netcode_printf( NETCODE_LOG_LEVEL_ERROR, "error: failed to parse server public address2\n" ); + return NULL; + } + + struct netcode_address_t bind_address_ipv4; + struct netcode_address_t bind_address_ipv6; + + memset( &bind_address_ipv4, 0, sizeof( bind_address_ipv4 ) ); + memset( &bind_address_ipv6, 0, sizeof( bind_address_ipv6 ) ); + + struct netcode_socket_t socket_ipv4; + struct netcode_socket_t socket_ipv6; + + memset( &socket_ipv4, 0, sizeof( socket_ipv4 ) ); + memset( &socket_ipv6, 0, sizeof( socket_ipv6 ) ); + + if ( server_address1.type == NETCODE_ADDRESS_IPV4 || server_address2.type == NETCODE_ADDRESS_IPV4 ) + { + bind_address_ipv4.type = NETCODE_ADDRESS_IPV4; + bind_address_ipv4.port = server_address1.type == NETCODE_ADDRESS_IPV4 ? server_address1.port : server_address2.port; + + if ( !netcode_server_socket_create( &socket_ipv4, &bind_address_ipv4, NETCODE_SERVER_SOCKET_SNDBUF_SIZE, NETCODE_SERVER_SOCKET_RCVBUF_SIZE, config ) ) + { + return NULL; + } + } + + if ( server_address1.type == NETCODE_ADDRESS_IPV6 || server_address2.type == NETCODE_ADDRESS_IPV6 ) + { + bind_address_ipv6.type = NETCODE_ADDRESS_IPV6; + bind_address_ipv6.port = server_address1.type == NETCODE_ADDRESS_IPV6 ? server_address1.port : server_address2.port; + + if ( !netcode_server_socket_create( &socket_ipv6, &bind_address_ipv6, NETCODE_SERVER_SOCKET_SNDBUF_SIZE, NETCODE_SERVER_SOCKET_RCVBUF_SIZE, config ) ) + { + return NULL; + } + } + + struct netcode_server_t * server = (struct netcode_server_t*) config->allocate_function( config->allocator_context, sizeof( struct netcode_server_t ) ); + if ( !server ) + { + netcode_socket_destroy( &socket_ipv4 ); + netcode_socket_destroy( &socket_ipv6 ); + return NULL; + } + + if ( !config->network_simulator ) + { + netcode_printf( NETCODE_LOG_LEVEL_INFO, "server listening on %s\n", server_address1_string ); + } + else + { + netcode_printf( NETCODE_LOG_LEVEL_INFO, "server listening on %s (network simulator)\n", server_address1_string ); + } + + server->config = *config; + server->socket_holder.ipv4 = socket_ipv4; + server->socket_holder.ipv6 = socket_ipv6; + server->address = server_address1; + server->flags = 0; + server->time = time; + server->running = 0; + server->max_clients = 0; + server->num_connected_clients = 0; + server->global_sequence = 1ULL << 63; + + memset( server->client_connected, 0, sizeof( server->client_connected ) ); + memset( server->client_loopback, 0, sizeof( server->client_loopback ) ); + memset( server->client_confirmed, 0, sizeof( server->client_confirmed ) ); + memset( server->client_id, 0, sizeof( server->client_id ) ); + memset( server->client_sequence, 0, sizeof( server->client_sequence ) ); + memset( server->client_last_packet_send_time, 0, sizeof( server->client_last_packet_send_time ) ); + memset( server->client_last_packet_receive_time, 0, sizeof( server->client_last_packet_receive_time ) ); + memset( server->client_address, 0, sizeof( server->client_address ) ); + memset( server->client_user_data, 0, sizeof( server->client_user_data ) ); + + int i; + for ( i = 0; i < NETCODE_MAX_CLIENTS; ++i ) + server->client_encryption_index[i] = -1; + + netcode_connect_token_entries_reset( server->connect_token_entries ); + + netcode_encryption_manager_reset( &server->encryption_manager ); + + for ( i = 0; i < NETCODE_MAX_CLIENTS; ++i ) + netcode_replay_protection_reset( &server->client_replay_protection[i] ); + + memset( &server->client_packet_queue, 0, sizeof( server->client_packet_queue ) ); + + return server; +} + +struct netcode_server_t * netcode_server_create( NETCODE_CONST char * server_address_string, NETCODE_CONST struct netcode_server_config_t * config, double time ) +{ + return netcode_server_create_overload( server_address_string, NULL, config, time ); +} + +void netcode_server_stop( struct netcode_server_t * server ); + +void netcode_server_destroy( struct netcode_server_t * server ) +{ + netcode_assert( server ); + + netcode_server_stop( server ); + + netcode_socket_destroy( &server->socket_holder.ipv4 ); + netcode_socket_destroy( &server->socket_holder.ipv6 ); + + server->config.free_function( server->config.allocator_context, server ); +} + +void netcode_server_start( struct netcode_server_t * server, int max_clients ) +{ + netcode_assert( server ); + netcode_assert( max_clients > 0 ); + netcode_assert( max_clients <= NETCODE_MAX_CLIENTS ); + + if ( server->running ) + netcode_server_stop( server ); + + netcode_printf( NETCODE_LOG_LEVEL_INFO, "server started with %d client slots\n", max_clients ); + + server->running = 1; + server->max_clients = max_clients; + server->num_connected_clients = 0; + server->challenge_sequence = 0; + netcode_generate_key( server->challenge_key ); + + int i; + for ( i = 0; i < server->max_clients; ++i ) + { + netcode_packet_queue_init( &server->client_packet_queue[i], server->config.allocator_context, server->config.allocate_function, server->config.free_function ); + } +} + +void netcode_server_send_global_packet( struct netcode_server_t * server, void * packet, struct netcode_address_t * to, uint8_t * packet_key ) +{ + netcode_assert( server ); + netcode_assert( packet ); + netcode_assert( to ); + netcode_assert( packet_key ); + + uint8_t packet_data[NETCODE_MAX_PACKET_BYTES]; + + int packet_bytes = netcode_write_packet( packet, packet_data, NETCODE_MAX_PACKET_BYTES, server->global_sequence, packet_key, server->config.protocol_id ); + + netcode_assert( packet_bytes <= NETCODE_MAX_PACKET_BYTES ); + + if ( server->config.network_simulator ) + { + netcode_network_simulator_send_packet( server->config.network_simulator, &server->address, to, packet_data, packet_bytes ); + } + else + { + if ( server->config.override_send_and_receive ) + { + server->config.send_packet_override( server->config.callback_context, to, packet_data, packet_bytes ); + } + else if ( to->type == NETCODE_ADDRESS_IPV4 ) + { + netcode_socket_send_packet( &server->socket_holder.ipv4, to, packet_data, packet_bytes ); + } + else if ( to->type == NETCODE_ADDRESS_IPV6 ) + { + netcode_socket_send_packet( &server->socket_holder.ipv6, to, packet_data, packet_bytes ); + } + } + + server->global_sequence++; +} + +void netcode_server_send_client_packet( struct netcode_server_t * server, void * packet, int client_index ) +{ + netcode_assert( server ); + netcode_assert( packet ); + netcode_assert( client_index >= 0 ); + netcode_assert( client_index < server->max_clients ); + netcode_assert( server->client_connected[client_index] ); + netcode_assert( !server->client_loopback[client_index] ); + + uint8_t packet_data[NETCODE_MAX_PACKET_BYTES]; + + if ( !netcode_encryption_manager_touch( &server->encryption_manager, + server->client_encryption_index[client_index], + &server->client_address[client_index], + server->time ) ) + { + netcode_printf( NETCODE_LOG_LEVEL_ERROR, "error: encryption mapping is out of date for client %d\n", client_index ); + return; + } + + uint8_t * packet_key = netcode_encryption_manager_get_send_key( &server->encryption_manager, server->client_encryption_index[client_index] ); + + int packet_bytes = netcode_write_packet( packet, packet_data, NETCODE_MAX_PACKET_BYTES, server->client_sequence[client_index], packet_key, server->config.protocol_id ); + + netcode_assert( packet_bytes <= NETCODE_MAX_PACKET_BYTES ); + + if ( server->config.network_simulator ) + { + netcode_network_simulator_send_packet( server->config.network_simulator, &server->address, &server->client_address[client_index], packet_data, packet_bytes ); + } + else + { + if ( server->config.override_send_and_receive ) + { + server->config.send_packet_override( server->config.callback_context, &server->client_address[client_index], packet_data, packet_bytes ); + } + else + { + if ( server->client_address[client_index].type == NETCODE_ADDRESS_IPV4 ) + { + netcode_socket_send_packet( &server->socket_holder.ipv4, &server->client_address[client_index], packet_data, packet_bytes ); + } + else if ( server->client_address[client_index].type == NETCODE_ADDRESS_IPV6 ) + { + netcode_socket_send_packet( &server->socket_holder.ipv6, &server->client_address[client_index], packet_data, packet_bytes ); + } + } + } + + server->client_sequence[client_index]++; + + server->client_last_packet_send_time[client_index] = server->time; +} + +void netcode_server_disconnect_client_internal( struct netcode_server_t * server, int client_index, int send_disconnect_packets ) +{ + netcode_assert( server ); + netcode_assert( server->running ); + netcode_assert( client_index >= 0 ); + netcode_assert( client_index < server->max_clients ); + netcode_assert( server->client_connected[client_index] ); + netcode_assert( !server->client_loopback[client_index] ); + netcode_assert( server->encryption_manager.client_index[server->client_encryption_index[client_index]] == client_index ); + + netcode_printf( NETCODE_LOG_LEVEL_INFO, "server disconnected client %d\n", client_index ); + + if ( server->config.connect_disconnect_callback ) + { + server->config.connect_disconnect_callback( server->config.callback_context, client_index, 0 ); + } + + if ( send_disconnect_packets ) + { + netcode_printf( NETCODE_LOG_LEVEL_DEBUG, "server sent disconnect packets to client %d\n", client_index ); + + int i; + for ( i = 0; i < NETCODE_NUM_DISCONNECT_PACKETS; ++i ) + { + netcode_printf( NETCODE_LOG_LEVEL_DEBUG, "server sent disconnect packet %d\n", i ); + + struct netcode_connection_disconnect_packet_t packet; + packet.packet_type = NETCODE_CONNECTION_DISCONNECT_PACKET; + + netcode_server_send_client_packet( server, &packet, client_index ); + } + } + + while ( 1 ) + { + void * packet = netcode_packet_queue_pop( &server->client_packet_queue[client_index], NULL ); + if ( !packet ) + break; + server->config.free_function( server->config.allocator_context, packet ); + } + + netcode_packet_queue_clear( &server->client_packet_queue[client_index] ); + + netcode_replay_protection_reset( &server->client_replay_protection[client_index] ); + + server->encryption_manager.client_index[server->client_encryption_index[client_index]] = -1; + + netcode_encryption_manager_remove_encryption_mapping( &server->encryption_manager, &server->client_address[client_index], server->time ); + + server->client_connected[client_index] = 0; + server->client_confirmed[client_index] = 0; + server->client_id[client_index] = 0; + server->client_sequence[client_index] = 0; + server->client_last_packet_send_time[client_index] = 0.0; + server->client_last_packet_receive_time[client_index] = 0.0; + memset( &server->client_address[client_index], 0, sizeof( struct netcode_address_t ) ); + server->client_encryption_index[client_index] = -1; + memset( server->client_user_data[client_index], 0, NETCODE_USER_DATA_BYTES ); + + server->num_connected_clients--; + + netcode_assert( server->num_connected_clients >= 0 ); +} + +void netcode_server_disconnect_client( struct netcode_server_t * server, int client_index ) +{ + netcode_assert( server ); + + if ( !server->running ) + return; + + netcode_assert( client_index >= 0 ); + netcode_assert( client_index < server->max_clients ); + netcode_assert( server->client_loopback[client_index] == 0 ); + + if ( !server->client_connected[client_index] ) + return; + + if ( server->client_loopback[client_index] ) + return; + + netcode_server_disconnect_client_internal( server, client_index, 1 ); +} + +void netcode_server_disconnect_all_clients( struct netcode_server_t * server ) +{ + netcode_assert( server ); + + if ( !server->running ) + return; + + int i; + for ( i = 0; i < server->max_clients; ++i ) + { + if ( server->client_connected[i] && !server->client_loopback[i] ) + { + netcode_server_disconnect_client_internal( server, i, 1 ); + } + } +} + +void netcode_server_stop( struct netcode_server_t * server ) +{ + netcode_assert( server ); + + if ( !server->running ) + return; + + netcode_server_disconnect_all_clients( server ); + + server->running = 0; + server->max_clients = 0; + server->num_connected_clients = 0; + + server->global_sequence = 0; + server->challenge_sequence = 0; + memset( server->challenge_key, 0, NETCODE_KEY_BYTES ); + + netcode_connect_token_entries_reset( server->connect_token_entries ); + + netcode_encryption_manager_reset( &server->encryption_manager ); + + netcode_printf( NETCODE_LOG_LEVEL_INFO, "server stopped\n" ); +} + +int netcode_server_find_client_index_by_id( struct netcode_server_t * server, uint64_t client_id ) +{ + netcode_assert( server ); + + int i; + for ( i = 0; i < server->max_clients; ++i ) + { + if ( server->client_connected[i] && server->client_id[i] == client_id ) + return i; + } + + return -1; +} + +int netcode_server_find_client_index_by_address( struct netcode_server_t * server, struct netcode_address_t * address ) +{ + netcode_assert( server ); + netcode_assert( address ); + + if ( address->type == 0 ) + return -1; + + int i; + for ( i = 0; i < server->max_clients; ++i ) + { + if ( server->client_connected[i] && netcode_address_equal( &server->client_address[i], address ) ) + return i; + } + + return -1; +} + +void netcode_server_process_connection_request_packet( struct netcode_server_t * server, + struct netcode_address_t * from, + struct netcode_connection_request_packet_t * packet ) +{ + netcode_assert( server ); + + (void) from; + + struct netcode_connect_token_private_t connect_token_private; + if ( netcode_read_connect_token_private( packet->connect_token_data, NETCODE_CONNECT_TOKEN_PRIVATE_BYTES, &connect_token_private ) != NETCODE_OK ) + { + netcode_printf( NETCODE_LOG_LEVEL_DEBUG, "server ignored connection request. failed to read connect token\n" ); + return; + } + + int found_server_address = 0; + int i; + for ( i = 0; i < connect_token_private.num_server_addresses; ++i ) + { + if ( netcode_address_equal( &server->address, &connect_token_private.server_addresses[i] ) ) + { + found_server_address = 1; + } + } + if ( !found_server_address ) + { + netcode_printf( NETCODE_LOG_LEVEL_DEBUG, "server ignored connection request. server address not in connect token whitelist\n" ); + return; + } + + if ( netcode_server_find_client_index_by_address( server, from ) != -1 ) + { + netcode_printf( NETCODE_LOG_LEVEL_DEBUG, "server ignored connection request. a client with this address is already connected\n" ); + return; + } + + if ( netcode_server_find_client_index_by_id( server, connect_token_private.client_id ) != -1 ) + { + netcode_printf( NETCODE_LOG_LEVEL_DEBUG, "server ignored connection request. a client with this id is already connected\n" ); + return; + } + + if ( !netcode_connect_token_entries_find_or_add( server->connect_token_entries, + from, + packet->connect_token_data + NETCODE_CONNECT_TOKEN_PRIVATE_BYTES - NETCODE_MAC_BYTES, + server->time ) ) + { + netcode_printf( NETCODE_LOG_LEVEL_DEBUG, "server ignored connection request. connect token has already been used\n" ); + return; + } + + if ( server->num_connected_clients == server->max_clients ) + { + netcode_printf( NETCODE_LOG_LEVEL_DEBUG, "server denied connection request. server is full\n" ); + + struct netcode_connection_denied_packet_t p; + p.packet_type = NETCODE_CONNECTION_DENIED_PACKET; + + netcode_server_send_global_packet( server, &p, from, connect_token_private.server_to_client_key ); + + return; + } + + double expire_time = ( connect_token_private.timeout_seconds >= 0 ) ? server->time + connect_token_private.timeout_seconds : -1.0; + + if ( !netcode_encryption_manager_add_encryption_mapping( &server->encryption_manager, + from, + connect_token_private.server_to_client_key, + connect_token_private.client_to_server_key, + server->time, + expire_time, + connect_token_private.timeout_seconds ) ) + { + netcode_printf( NETCODE_LOG_LEVEL_DEBUG, "server ignored connection request. failed to add encryption mapping\n" ); + return; + } + + struct netcode_challenge_token_t challenge_token; + challenge_token.client_id = connect_token_private.client_id; + memcpy( challenge_token.user_data, connect_token_private.user_data, NETCODE_USER_DATA_BYTES ); + + struct netcode_connection_challenge_packet_t challenge_packet; + challenge_packet.packet_type = NETCODE_CONNECTION_CHALLENGE_PACKET; + challenge_packet.challenge_token_sequence = server->challenge_sequence; + netcode_write_challenge_token( &challenge_token, challenge_packet.challenge_token_data, NETCODE_CHALLENGE_TOKEN_BYTES ); + if ( netcode_encrypt_challenge_token( challenge_packet.challenge_token_data, + NETCODE_CHALLENGE_TOKEN_BYTES, + server->challenge_sequence, + server->challenge_key ) != NETCODE_OK ) + { + netcode_printf( NETCODE_LOG_LEVEL_DEBUG, "server ignored connection request. failed to encrypt challenge token\n" ); + return; + } + + server->challenge_sequence++; + + netcode_printf( NETCODE_LOG_LEVEL_DEBUG, "server sent connection challenge packet\n" ); + + netcode_server_send_global_packet( server, &challenge_packet, from, connect_token_private.server_to_client_key ); +} + +int netcode_server_find_free_client_index( struct netcode_server_t * server ) +{ + netcode_assert( server ); + + int i; + for ( i = 0; i < server->max_clients; ++i ) + { + if ( !server->client_connected[i] ) + return i; + } + + return -1; +} + +void netcode_server_connect_client( struct netcode_server_t * server, + int client_index, + struct netcode_address_t * address, + uint64_t client_id, + int encryption_index, + int timeout_seconds, + void * user_data ) +{ + netcode_assert( server ); + netcode_assert( server->running ); + netcode_assert( client_index >= 0 ); + netcode_assert( client_index < server->max_clients ); + netcode_assert( address ); + netcode_assert( encryption_index != -1 ); + netcode_assert( user_data ); + netcode_assert( server->encryption_manager.client_index[encryption_index] == -1 ); + + server->num_connected_clients++; + + netcode_assert( server->num_connected_clients <= server->max_clients ); + + netcode_assert( server->client_connected[client_index] == 0 ); + + netcode_encryption_manager_set_expire_time( &server->encryption_manager, encryption_index, -1.0 ); + + server->encryption_manager.client_index[encryption_index] = client_index; + + server->client_connected[client_index] = 1; + server->client_timeout[client_index] = timeout_seconds; + server->client_encryption_index[client_index] = encryption_index; + server->client_id[client_index] = client_id; + server->client_sequence[client_index] = 0; + server->client_address[client_index] = *address; + server->client_last_packet_send_time[client_index] = server->time; + server->client_last_packet_receive_time[client_index] = server->time; + memcpy( server->client_user_data[client_index], user_data, NETCODE_USER_DATA_BYTES ); + + char address_string[NETCODE_MAX_ADDRESS_STRING_LENGTH]; + + netcode_printf( NETCODE_LOG_LEVEL_INFO, "server accepted client %s %.16" PRIx64 " in slot %d\n", + netcode_address_to_string( address, address_string ), client_id, client_index ); + + struct netcode_connection_keep_alive_packet_t packet; + packet.packet_type = NETCODE_CONNECTION_KEEP_ALIVE_PACKET; + packet.client_index = client_index; + packet.max_clients = server->max_clients; + + netcode_server_send_client_packet( server, &packet, client_index ); + + if ( server->config.connect_disconnect_callback ) + { + server->config.connect_disconnect_callback( server->config.callback_context, client_index, 1 ); + } +} + +void netcode_server_process_connection_response_packet( struct netcode_server_t * server, + struct netcode_address_t * from, + struct netcode_connection_response_packet_t * packet, + int encryption_index ) +{ + netcode_assert( server ); + + if ( netcode_decrypt_challenge_token( packet->challenge_token_data, + NETCODE_CHALLENGE_TOKEN_BYTES, + packet->challenge_token_sequence, + server->challenge_key ) != NETCODE_OK ) + { + netcode_printf( NETCODE_LOG_LEVEL_DEBUG, "server ignored connection response. failed to decrypt challenge token\n" ); + return; + } + + struct netcode_challenge_token_t challenge_token; + if ( netcode_read_challenge_token( packet->challenge_token_data, NETCODE_CHALLENGE_TOKEN_BYTES, &challenge_token ) != NETCODE_OK ) + { + netcode_printf( NETCODE_LOG_LEVEL_DEBUG, "server ignored connection response. failed to read challenge token\n" ); + return; + } + + uint8_t * packet_send_key = netcode_encryption_manager_get_send_key( &server->encryption_manager, encryption_index ); + + if ( !packet_send_key ) + { + netcode_printf( NETCODE_LOG_LEVEL_DEBUG, "server ignored connection response. no packet send key\n" ); + return; + } + + if ( netcode_server_find_client_index_by_address( server, from ) != -1 ) + { + netcode_printf( NETCODE_LOG_LEVEL_DEBUG, "server ignored connection response. a client with this address is already connected\n" ); + return; + } + + if ( netcode_server_find_client_index_by_id( server, challenge_token.client_id ) != -1 ) + { + netcode_printf( NETCODE_LOG_LEVEL_DEBUG, "server ignored connection response. a client with this id is already connected\n" ); + return; + } + + if ( server->num_connected_clients == server->max_clients ) + { + netcode_printf( NETCODE_LOG_LEVEL_DEBUG, "server denied connection response. server is full\n" ); + + struct netcode_connection_denied_packet_t p; + p.packet_type = NETCODE_CONNECTION_DENIED_PACKET; + + netcode_server_send_global_packet( server, &p, from, packet_send_key ); + + return; + } + + int client_index = netcode_server_find_free_client_index( server ); + + netcode_assert( client_index != -1 ); + + int timeout_seconds = netcode_encryption_manager_get_timeout( &server->encryption_manager, encryption_index ); + + netcode_server_connect_client( server, client_index, from, challenge_token.client_id, encryption_index, timeout_seconds, challenge_token.user_data ); +} + +void netcode_server_process_packet_internal( struct netcode_server_t * server, + struct netcode_address_t * from, + void * packet, + uint64_t sequence, + int encryption_index, + int client_index ) +{ + netcode_assert( server ); + netcode_assert( packet ); + + (void) from; + (void) sequence; + + uint8_t packet_type = ( (uint8_t*) packet ) [0]; + + switch ( packet_type ) + { + case NETCODE_CONNECTION_REQUEST_PACKET: + { + if ( ( server->flags & NETCODE_SERVER_FLAG_IGNORE_CONNECTION_REQUEST_PACKETS ) == 0 ) + { + char from_address_string[NETCODE_MAX_ADDRESS_STRING_LENGTH]; + netcode_printf( NETCODE_LOG_LEVEL_DEBUG, "server received connection request from %s\n", netcode_address_to_string( from, from_address_string ) ); + netcode_server_process_connection_request_packet( server, from, (struct netcode_connection_request_packet_t*) packet ); + } + } + break; + + case NETCODE_CONNECTION_RESPONSE_PACKET: + { + if ( ( server->flags & NETCODE_SERVER_FLAG_IGNORE_CONNECTION_RESPONSE_PACKETS ) == 0 ) + { + char from_address_string[NETCODE_MAX_ADDRESS_STRING_LENGTH]; + netcode_printf( NETCODE_LOG_LEVEL_DEBUG, "server received connection response from %s\n", netcode_address_to_string( from, from_address_string ) ); + netcode_server_process_connection_response_packet( server, from, (struct netcode_connection_response_packet_t*) packet, encryption_index ); + } + } + break; + + case NETCODE_CONNECTION_KEEP_ALIVE_PACKET: + { + if ( client_index != -1 ) + { + netcode_printf( NETCODE_LOG_LEVEL_DEBUG, "server received connection keep alive packet from client %d\n", client_index ); + server->client_last_packet_receive_time[client_index] = server->time; + if ( !server->client_confirmed[client_index] ) + { + netcode_printf( NETCODE_LOG_LEVEL_DEBUG, "server confirmed connection with client %d\n", client_index ); + server->client_confirmed[client_index] = 1; + } + } + } + break; + + case NETCODE_CONNECTION_PAYLOAD_PACKET: + { + if ( client_index != -1 ) + { + netcode_printf( NETCODE_LOG_LEVEL_DEBUG, "server received connection payload packet from client %d\n", client_index ); + server->client_last_packet_receive_time[client_index] = server->time; + if ( !server->client_confirmed[client_index] ) + { + netcode_printf( NETCODE_LOG_LEVEL_DEBUG, "server confirmed connection with client %d\n", client_index ); + server->client_confirmed[client_index] = 1; + } + netcode_packet_queue_push( &server->client_packet_queue[client_index], packet, sequence ); + return; + } + } + break; + + case NETCODE_CONNECTION_DISCONNECT_PACKET: + { + if ( client_index != -1 ) + { + netcode_printf( NETCODE_LOG_LEVEL_DEBUG, "server received disconnect packet from client %d\n", client_index ); + netcode_server_disconnect_client_internal( server, client_index, 0 ); + } + } + break; + + default: + break; + } + + server->config.free_function( server->config.allocator_context, packet ); +} + +void netcode_server_process_packet( struct netcode_server_t * server, struct netcode_address_t * from, uint8_t * packet_data, int packet_bytes ) +{ + uint8_t allowed_packets[NETCODE_CONNECTION_NUM_PACKETS]; + memset( allowed_packets, 0, sizeof( allowed_packets ) ); + allowed_packets[NETCODE_CONNECTION_REQUEST_PACKET] = 1; + allowed_packets[NETCODE_CONNECTION_RESPONSE_PACKET] = 1; + allowed_packets[NETCODE_CONNECTION_KEEP_ALIVE_PACKET] = 1; + allowed_packets[NETCODE_CONNECTION_PAYLOAD_PACKET] = 1; + allowed_packets[NETCODE_CONNECTION_DISCONNECT_PACKET] = 1; + + uint64_t current_timestamp = (uint64_t) time( NULL ); + + uint64_t sequence; + + int encryption_index = -1; + int client_index = netcode_server_find_client_index_by_address( server, from ); + if ( client_index != -1 ) + { + netcode_assert( client_index >= 0 ); + netcode_assert( client_index < server->max_clients ); + encryption_index = server->client_encryption_index[client_index]; + } + else + { + encryption_index = netcode_encryption_manager_find_encryption_mapping( &server->encryption_manager, from, server->time ); + } + + uint8_t * read_packet_key = netcode_encryption_manager_get_receive_key( &server->encryption_manager, encryption_index ); + + if ( !read_packet_key && packet_data[0] != 0 ) + { + char address_string[NETCODE_MAX_ADDRESS_STRING_LENGTH]; + netcode_printf( NETCODE_LOG_LEVEL_DEBUG, "server could not process packet because no encryption mapping exists for %s\n", netcode_address_to_string( from, address_string ) ); + return; + } + + void * packet = netcode_read_packet( packet_data, + packet_bytes, + &sequence, + read_packet_key, + server->config.protocol_id, + current_timestamp, + server->config.private_key, + allowed_packets, + ( client_index != -1 ) ? &server->client_replay_protection[client_index] : NULL, + server->config.allocator_context, + server->config.allocate_function ); + + if ( !packet ) + return; + + netcode_server_process_packet_internal( server, from, packet, sequence, encryption_index, client_index ); +} + +void netcode_server_read_and_process_packet( struct netcode_server_t * server, + struct netcode_address_t * from, + uint8_t * packet_data, + int packet_bytes, + uint64_t current_timestamp, + uint8_t * allowed_packets ) +{ + if ( !server->running ) + return; + + if ( packet_bytes <= 1 ) + return; + + uint64_t sequence; + + int encryption_index = -1; + int client_index = netcode_server_find_client_index_by_address( server, from ); + if ( client_index != -1 ) + { + netcode_assert( client_index >= 0 ); + netcode_assert( client_index < server->max_clients ); + encryption_index = server->client_encryption_index[client_index]; + } + else + { + encryption_index = netcode_encryption_manager_find_encryption_mapping( &server->encryption_manager, from, server->time ); + } + + uint8_t * read_packet_key = netcode_encryption_manager_get_receive_key( &server->encryption_manager, encryption_index ); + + if ( !read_packet_key && packet_data[0] != 0 ) + { + char address_string[NETCODE_MAX_ADDRESS_STRING_LENGTH]; + netcode_printf( NETCODE_LOG_LEVEL_DEBUG, "server could not process packet because no encryption mapping exists for %s\n", netcode_address_to_string( from, address_string ) ); + return; + } + + void * packet = netcode_read_packet( packet_data, + packet_bytes, + &sequence, + read_packet_key, + server->config.protocol_id, + current_timestamp, + server->config.private_key, + allowed_packets, + ( client_index != -1 ) ? &server->client_replay_protection[client_index] : NULL, + server->config.allocator_context, + server->config.allocate_function ); + + if ( !packet ) + return; + + netcode_server_process_packet_internal( server, from, packet, sequence, encryption_index, client_index ); +} + +void netcode_server_receive_packets( struct netcode_server_t * server ) +{ + netcode_assert( server ); + + uint8_t allowed_packets[NETCODE_CONNECTION_NUM_PACKETS]; + memset( allowed_packets, 0, sizeof( allowed_packets ) ); + allowed_packets[NETCODE_CONNECTION_REQUEST_PACKET] = 1; + allowed_packets[NETCODE_CONNECTION_RESPONSE_PACKET] = 1; + allowed_packets[NETCODE_CONNECTION_KEEP_ALIVE_PACKET] = 1; + allowed_packets[NETCODE_CONNECTION_PAYLOAD_PACKET] = 1; + allowed_packets[NETCODE_CONNECTION_DISCONNECT_PACKET] = 1; + + uint64_t current_timestamp = (uint64_t) time( NULL ); + + if ( !server->config.network_simulator ) + { + // process packets received from socket + + while ( 1 ) + { + struct netcode_address_t from; + + uint8_t packet_data[NETCODE_MAX_PACKET_BYTES]; + + int packet_bytes = 0; + + if ( server->config.override_send_and_receive ) + { + packet_bytes = server->config.receive_packet_override( server->config.callback_context, &from, packet_data, NETCODE_MAX_PACKET_BYTES ); + } + else + { + if (server->socket_holder.ipv4.handle != 0) + packet_bytes = netcode_socket_receive_packet( &server->socket_holder.ipv4, &from, packet_data, NETCODE_MAX_PACKET_BYTES ); + + if ( packet_bytes == 0 && server->socket_holder.ipv6.handle != 0) + packet_bytes = netcode_socket_receive_packet( &server->socket_holder.ipv6, &from, packet_data, NETCODE_MAX_PACKET_BYTES ); + } + + if ( packet_bytes == 0 ) + break; + + netcode_server_read_and_process_packet( server, &from, packet_data, packet_bytes, current_timestamp, allowed_packets ); + } + } + else + { + // process packets received from network simulator + + int num_packets_received = netcode_network_simulator_receive_packets( server->config.network_simulator, + &server->address, + NETCODE_SERVER_MAX_RECEIVE_PACKETS, + server->receive_packet_data, + server->receive_packet_bytes, + server->receive_from ); + + int i; + for ( i = 0; i < num_packets_received; ++i ) + { + netcode_server_read_and_process_packet( server, + &server->receive_from[i], + server->receive_packet_data[i], + server->receive_packet_bytes[i], + current_timestamp, + allowed_packets ); + + server->config.free_function( server->config.allocator_context, server->receive_packet_data[i] ); + } + } +} + +void netcode_server_send_packets( struct netcode_server_t * server ) +{ + netcode_assert( server ); + + if ( !server->running ) + return; + + int i; + for ( i = 0; i < server->max_clients; ++i ) + { + if ( server->client_connected[i] && !server->client_loopback[i] && + ( server->client_last_packet_send_time[i] + ( 1.0 / NETCODE_PACKET_SEND_RATE ) <= server->time ) ) + { + netcode_printf( NETCODE_LOG_LEVEL_DEBUG, "server sent connection keep alive packet to client %d\n", i ); + struct netcode_connection_keep_alive_packet_t packet; + packet.packet_type = NETCODE_CONNECTION_KEEP_ALIVE_PACKET; + packet.client_index = i; + packet.max_clients = server->max_clients; + netcode_server_send_client_packet( server, &packet, i ); + } + } +} + +void netcode_server_check_for_timeouts( struct netcode_server_t * server ) +{ + netcode_assert( server ); + + if ( !server->running ) + return; + + int i; + for ( i = 0; i < server->max_clients; ++i ) + { + if ( server->client_connected[i] && server->client_timeout[i] > 0 && !server->client_loopback[i] && + ( server->client_last_packet_receive_time[i] + server->client_timeout[i] <= server->time ) ) + { + netcode_printf( NETCODE_LOG_LEVEL_INFO, "server timed out client %d\n", i ); + netcode_server_disconnect_client_internal( server, i, 0 ); + } + } +} + +int netcode_server_client_connected( struct netcode_server_t * server, int client_index ) +{ + netcode_assert( server ); + + if ( !server->running ) + return 0; + + if ( client_index < 0 || client_index >= server->max_clients ) + return 0; + + return server->client_connected[client_index]; +} + +uint64_t netcode_server_client_id( struct netcode_server_t * server, int client_index ) +{ + netcode_assert( server ); + + if ( !server->running ) + return 0; + + if ( client_index < 0 || client_index >= server->max_clients ) + return 0; + + return server->client_id[client_index]; +} + +struct netcode_address_t * netcode_server_client_address( struct netcode_server_t * server, int client_index ) +{ + netcode_assert( server ); + + if (!server->running) + return NULL; + + if (client_index < 0 || client_index >= server->max_clients) + return NULL; + + return &server->client_address[client_index]; +} + +uint64_t netcode_server_next_packet_sequence( struct netcode_server_t * server, int client_index ) +{ + netcode_assert( client_index >= 0 ); + netcode_assert( client_index < server->max_clients ); + if ( !server->client_connected[client_index] ) + return 0; + return server->client_sequence[client_index]; +} + +void netcode_server_send_packet( struct netcode_server_t * server, int client_index, NETCODE_CONST uint8_t * packet_data, int packet_bytes ) +{ + netcode_assert( server ); + netcode_assert( packet_data ); + netcode_assert( packet_bytes >= 0 ); + netcode_assert( packet_bytes <= NETCODE_MAX_PACKET_SIZE ); + + if ( !server->running ) + return; + + netcode_assert( client_index >= 0 ); + netcode_assert( client_index < server->max_clients ); + if ( !server->client_connected[client_index] ) + return; + + if ( !server->client_loopback[client_index] ) + { + uint8_t buffer[NETCODE_MAX_PAYLOAD_BYTES*2]; + + struct netcode_connection_payload_packet_t * packet = (struct netcode_connection_payload_packet_t*) buffer; + + packet->packet_type = NETCODE_CONNECTION_PAYLOAD_PACKET; + packet->payload_bytes = packet_bytes; + memcpy( packet->payload_data, packet_data, packet_bytes ); + + if ( !server->client_confirmed[client_index] ) + { + struct netcode_connection_keep_alive_packet_t keep_alive_packet; + keep_alive_packet.packet_type = NETCODE_CONNECTION_KEEP_ALIVE_PACKET; + keep_alive_packet.client_index = client_index; + keep_alive_packet.max_clients = server->max_clients; + netcode_server_send_client_packet( server, &keep_alive_packet, client_index ); + } + + netcode_server_send_client_packet( server, packet, client_index ); + } + else + { + netcode_assert( server->config.send_loopback_packet_callback ); + + server->config.send_loopback_packet_callback( server->config.callback_context, + client_index, + packet_data, + packet_bytes, + server->client_sequence[client_index]++ ); + + server->client_last_packet_send_time[client_index] = server->time; + } +} + +uint8_t * netcode_server_receive_packet( struct netcode_server_t * server, int client_index, int * packet_bytes, uint64_t * packet_sequence ) +{ + netcode_assert( server ); + netcode_assert( packet_bytes ); + + if ( !server->running ) + return NULL; + + if ( !server->client_connected[client_index] ) + return NULL; + + netcode_assert( client_index >= 0 ); + netcode_assert( client_index < server->max_clients ); + + struct netcode_connection_payload_packet_t * packet = (struct netcode_connection_payload_packet_t*) + netcode_packet_queue_pop( &server->client_packet_queue[client_index], packet_sequence ); + + if ( packet ) + { + netcode_assert( packet->packet_type == NETCODE_CONNECTION_PAYLOAD_PACKET ); + *packet_bytes = packet->payload_bytes; + netcode_assert( *packet_bytes >= 0 ); + netcode_assert( *packet_bytes <= NETCODE_MAX_PAYLOAD_BYTES ); + return (uint8_t*) &packet->payload_data; + } + else + { + return NULL; + } +} + +void netcode_server_free_packet( struct netcode_server_t * server, void * packet ) +{ + netcode_assert( server ); + netcode_assert( packet ); + (void) server; + int offset = offsetof( struct netcode_connection_payload_packet_t, payload_data ); + server->config.free_function( server->config.allocator_context, ( (uint8_t*) packet ) - offset ); +} + +int netcode_server_num_connected_clients( struct netcode_server_t * server ) +{ + netcode_assert( server ); + return server->num_connected_clients; +} + +void * netcode_server_client_user_data( struct netcode_server_t * server, int client_index ) +{ + netcode_assert( server ); + netcode_assert( client_index >= 0 ); + netcode_assert( client_index < server->max_clients ); + return server->client_user_data[client_index]; +} + +int netcode_server_running( struct netcode_server_t * server ) +{ + netcode_assert( server ); + return server->running; +} + +int netcode_server_max_clients( struct netcode_server_t * server ) +{ + return server->max_clients; +} + +void netcode_server_update( struct netcode_server_t * server, double time ) +{ + netcode_assert( server ); + server->time = time; + netcode_server_receive_packets( server ); + netcode_server_send_packets( server ); + netcode_server_check_for_timeouts( server ); +} + +void netcode_server_connect_loopback_client( struct netcode_server_t * server, int client_index, uint64_t client_id, NETCODE_CONST uint8_t * user_data ) +{ + netcode_assert( server ); + netcode_assert( client_index >= 0 ); + netcode_assert( client_index < server->max_clients ); + netcode_assert( server->running ); + netcode_assert( !server->client_connected[client_index] ); + + server->num_connected_clients++; + + netcode_assert( server->num_connected_clients <= server->max_clients ); + + server->client_loopback[client_index] = 1; + server->client_connected[client_index] = 1; + server->client_confirmed[client_index] = 1; + server->client_encryption_index[client_index] = -1; + server->client_id[client_index] = client_id; + server->client_sequence[client_index] = 0; + memset( &server->client_address[client_index], 0, sizeof( struct netcode_address_t ) ); + server->client_last_packet_send_time[client_index] = server->time; + server->client_last_packet_receive_time[client_index] = server->time; + + if ( user_data ) + { + memcpy( server->client_user_data[client_index], user_data, NETCODE_USER_DATA_BYTES ); + } + else + { + memset( server->client_user_data[client_index], 0, NETCODE_USER_DATA_BYTES ); + } + + netcode_printf( NETCODE_LOG_LEVEL_INFO, "server connected loopback client %.16" PRIx64 " in slot %d\n", client_id, client_index ); + + if ( server->config.connect_disconnect_callback ) + { + server->config.connect_disconnect_callback( server->config.callback_context, client_index, 1 ); + } +} + +void netcode_server_disconnect_loopback_client( struct netcode_server_t * server, int client_index ) +{ + netcode_assert( server ); + netcode_assert( client_index >= 0 ); + netcode_assert( client_index < server->max_clients ); + netcode_assert( server->running ); + netcode_assert( server->client_connected[client_index] ); + netcode_assert( server->client_loopback[client_index] ); + + netcode_printf( NETCODE_LOG_LEVEL_INFO, "server disconnected loopback client %d\n", client_index ); + + if ( server->config.connect_disconnect_callback ) + { + server->config.connect_disconnect_callback( server->config.callback_context, client_index, 0 ); + } + + while ( 1 ) + { + void * packet = netcode_packet_queue_pop( &server->client_packet_queue[client_index], NULL ); + if ( !packet ) + break; + server->config.free_function( server->config.allocator_context, packet ); + } + + netcode_packet_queue_clear( &server->client_packet_queue[client_index] ); + + server->client_connected[client_index] = 0; + server->client_loopback[client_index] = 0; + server->client_confirmed[client_index] = 0; + server->client_id[client_index] = 0; + server->client_sequence[client_index] = 0; + server->client_last_packet_send_time[client_index] = 0.0; + server->client_last_packet_receive_time[client_index] = 0.0; + memset( &server->client_address[client_index], 0, sizeof( struct netcode_address_t ) ); + server->client_encryption_index[client_index] = -1; + memset( server->client_user_data[client_index], 0, NETCODE_USER_DATA_BYTES ); + + server->num_connected_clients--; + + netcode_assert( server->num_connected_clients >= 0 ); +} + +int netcode_server_client_loopback( struct netcode_server_t * server, int client_index ) +{ + netcode_assert( server ); + netcode_assert( server->running ); + netcode_assert( client_index >= 0 ); + netcode_assert( client_index < server->max_clients ); + return server->client_loopback[client_index]; +} + +void netcode_server_process_loopback_packet( struct netcode_server_t * server, int client_index, NETCODE_CONST uint8_t * packet_data, int packet_bytes, uint64_t packet_sequence ) +{ + netcode_assert( server ); + netcode_assert( client_index >= 0 ); + netcode_assert( client_index < server->max_clients ); + netcode_assert( packet_data ); + netcode_assert( packet_bytes >= 0 ); + netcode_assert( packet_bytes <= NETCODE_MAX_PACKET_SIZE ); + netcode_assert( server->client_connected[client_index] ); + netcode_assert( server->client_loopback[client_index] ); + netcode_assert( server->running ); + + struct netcode_connection_payload_packet_t * packet = netcode_create_payload_packet( packet_bytes, server->config.allocator_context, server->config.allocate_function ); + if ( !packet ) + return; + + memcpy( packet->payload_data, packet_data, packet_bytes ); + + netcode_printf( NETCODE_LOG_LEVEL_DEBUG, "server processing loopback packet from client %d\n", client_index ); + + server->client_last_packet_receive_time[client_index] = server->time; + + netcode_packet_queue_push( &server->client_packet_queue[client_index], packet, packet_sequence ); +} + +uint16_t netcode_server_get_port( struct netcode_server_t * server ) +{ + netcode_assert( server ); + return server->address.type == NETCODE_ADDRESS_IPV4 ? server->socket_holder.ipv4.address.port : server->socket_holder.ipv6.address.port; +} + +// ---------------------------------------------------------------- + +int netcode_generate_connect_token( int num_server_addresses, + NETCODE_CONST char ** public_server_addresses, + NETCODE_CONST char ** internal_server_addresses, + int expire_seconds, + int timeout_seconds, + uint64_t client_id, + uint64_t protocol_id, + NETCODE_CONST uint8_t * private_key, + uint8_t * user_data, + uint8_t * output_buffer ) +{ + netcode_assert( num_server_addresses > 0 ); + netcode_assert( num_server_addresses <= NETCODE_MAX_SERVERS_PER_CONNECT ); + netcode_assert( public_server_addresses ); + netcode_assert( internal_server_addresses ); + netcode_assert( private_key ); + netcode_assert( user_data ); + netcode_assert( output_buffer ); + + // parse public server addresses + + struct netcode_address_t parsed_public_server_addresses[NETCODE_MAX_SERVERS_PER_CONNECT]; + int i; + for ( i = 0; i < num_server_addresses; ++i ) + { + if ( netcode_parse_address( public_server_addresses[i], &parsed_public_server_addresses[i] ) != NETCODE_OK ) + { + return NETCODE_ERROR; + } + } + + // parse internal server addresses + + struct netcode_address_t parsed_internal_server_addresses[NETCODE_MAX_SERVERS_PER_CONNECT]; + for ( i = 0; i < num_server_addresses; ++i ) + { + if ( netcode_parse_address( internal_server_addresses[i], &parsed_internal_server_addresses[i] ) != NETCODE_OK ) + { + return NETCODE_ERROR; + } + } + + // generate a connect token + + uint8_t nonce[NETCODE_CONNECT_TOKEN_NONCE_BYTES]; + netcode_generate_nonce(nonce); + + struct netcode_connect_token_private_t connect_token_private; + netcode_generate_connect_token_private( &connect_token_private, client_id, timeout_seconds, num_server_addresses, parsed_internal_server_addresses, user_data ); + + // write it to a buffer + + uint8_t connect_token_data[NETCODE_CONNECT_TOKEN_PRIVATE_BYTES]; + netcode_write_connect_token_private( &connect_token_private, connect_token_data, NETCODE_CONNECT_TOKEN_PRIVATE_BYTES ); + + // encrypt the buffer + + uint64_t create_timestamp = time( NULL ); + uint64_t expire_timestamp = ( expire_seconds >= 0 ) ? ( create_timestamp + expire_seconds ) : 0xFFFFFFFFFFFFFFFFULL; + if ( netcode_encrypt_connect_token_private( connect_token_data, NETCODE_CONNECT_TOKEN_PRIVATE_BYTES, NETCODE_VERSION_INFO, protocol_id, expire_timestamp, nonce, private_key ) != NETCODE_OK ) + return NETCODE_ERROR; + + // wrap a connect token around the private connect token data + + struct netcode_connect_token_t connect_token; + memcpy( connect_token.version_info, NETCODE_VERSION_INFO, NETCODE_VERSION_INFO_BYTES ); + connect_token.protocol_id = protocol_id; + connect_token.create_timestamp = create_timestamp; + connect_token.expire_timestamp = expire_timestamp; + memcpy( connect_token.nonce, nonce, NETCODE_CONNECT_TOKEN_NONCE_BYTES ); + memcpy( connect_token.private_data, connect_token_data, NETCODE_CONNECT_TOKEN_PRIVATE_BYTES ); + connect_token.num_server_addresses = num_server_addresses; + for ( i = 0; i < num_server_addresses; ++i ) + connect_token.server_addresses[i] = parsed_public_server_addresses[i]; + memcpy( connect_token.client_to_server_key, connect_token_private.client_to_server_key, NETCODE_KEY_BYTES ); + memcpy( connect_token.server_to_client_key, connect_token_private.server_to_client_key, NETCODE_KEY_BYTES ); + connect_token.timeout_seconds = timeout_seconds; + + // write the connect token to the output buffer + + netcode_write_connect_token( &connect_token, output_buffer, NETCODE_CONNECT_TOKEN_BYTES ); + + return NETCODE_OK; +} + +// --------------------------------------------------------------- + +#if __APPLE__ + +// MacOS + +#include +#include +#include + +void netcode_sleep( double time ) +{ + struct timespec ts; + ts.tv_sec = (time_t) time; + ts.tv_nsec = (long) ((time - (double) ( ts.tv_sec )) * 1000000000.0); + nanosleep( &ts, NULL ); +} + +static uint64_t start = 0; +static mach_timebase_info_data_t timebase_info; + +double netcode_time() +{ + if ( start == 0 ) + { + mach_timebase_info( &timebase_info ); + start = mach_absolute_time(); + return 0.0; + } + uint64_t current = mach_absolute_time(); + return ( (double) ( current - start ) ) * ( (double) timebase_info.numer ) / ( (double) timebase_info.denom ) / 1000000000.0; +} + +#elif __linux + +// linux + +#include + +void netcode_sleep( double time ) +{ + struct timespec ts; + ts.tv_sec = (time_t) time; + ts.tv_nsec = (long) ((time - (double) ( ts.tv_sec )) * 1000000000.0); + nanosleep( &ts, NULL ); +} + +double netcode_time() +{ + static double start = -1; + if ( start == -1 ) + { + struct timespec ts; + clock_gettime( CLOCK_MONOTONIC_RAW, &ts ); + start = ts.tv_sec + ( (double) ( ts.tv_nsec ) ) / 1000000000.0; + return 0.0; + } + struct timespec ts; + clock_gettime( CLOCK_MONOTONIC_RAW, &ts ); + double current = ts.tv_sec + ( (double) ( ts.tv_nsec ) ) / 1000000000.0; + return current - start; +} + +#elif defined( _WIN32 ) + +// windows + +#define NOMINMAX +#include + +void netcode_sleep( double time ) +{ + int milliseconds = (int) ( time * 1000 ); + Sleep( milliseconds ); +} + +static int timer_initialized = 0; +static LARGE_INTEGER timer_frequency; +static LARGE_INTEGER timer_start; + +double netcode_time() +{ + if ( !timer_initialized ) + { + QueryPerformanceFrequency( &timer_frequency ); + QueryPerformanceCounter( &timer_start ); + timer_initialized = 1; + } + LARGE_INTEGER now; + QueryPerformanceCounter( &now ); + return ( (double) ( now.QuadPart - timer_start.QuadPart ) ) / ( (double) ( timer_frequency.QuadPart ) ); +} + +#else + +#error unsupported platform! + +#endif + +// --------------------------------------------------------------- + +#if NETCODE_ENABLE_TESTS + +#include +#include +#include +#include + +static void check_handler( NETCODE_CONST char * condition, + NETCODE_CONST char * function, + NETCODE_CONST char * file, + int line ) +{ + printf( "check failed: ( %s ), function %s, file %s, line %d\n", condition, function, file, line ); +#ifdef NETCODE_DEBUG + #if defined( __GNUC__ ) + __builtin_trap(); + #elif defined( _MSC_VER ) + __debugbreak(); + #endif +#endif + exit( 1 ); +} + +#define check( condition ) \ +do \ +{ \ + if ( !(condition) ) \ + { \ + check_handler( #condition, (NETCODE_CONST char*) __FUNCTION__, (char*) __FILE__, __LINE__ ); \ + } \ +} while(0) + +static void test_queue() +{ + struct netcode_packet_queue_t queue; + + netcode_packet_queue_init( &queue, NULL, NULL, NULL ); + + check( queue.num_packets == 0 ); + check( queue.start_index == 0 ); + + // attempting to pop a packet off an empty queue should return NULL + + check( netcode_packet_queue_pop( &queue, NULL ) == NULL ); + + // add some packets to the queue and make sure they pop off in the correct order + { + #define NUM_PACKETS 100 + + void * packets[NUM_PACKETS]; + + int i; + for ( i = 0; i < NUM_PACKETS; ++i ) + { + packets[i] = malloc( (i+1) * 256 ); + check( netcode_packet_queue_push( &queue, packets[i], (uint64_t) i ) == 1 ); + } + + check( queue.num_packets == NUM_PACKETS ); + + for ( i = 0; i < NUM_PACKETS; ++i ) + { + uint64_t sequence = 0; + void * packet = netcode_packet_queue_pop( &queue, &sequence ); + check( sequence == (uint64_t) i ) ; + check( packet == packets[i] ); + free( packet ); + } + } + + // after all entries are popped off, the queue is empty, so calls to pop should return NULL + + check( queue.num_packets == 0 ); + + check( netcode_packet_queue_pop( &queue, NULL ) == NULL ); + + // test that the packet queue can be filled to max capacity + + void * packets[NETCODE_PACKET_QUEUE_SIZE]; + + int i; + for ( i = 0; i < NETCODE_PACKET_QUEUE_SIZE; ++i ) + { + packets[i] = malloc( i * 256 ); + check( netcode_packet_queue_push( &queue, packets[i], (uint64_t) i ) == 1 ); + } + + check( queue.num_packets == NETCODE_PACKET_QUEUE_SIZE ); + + // when the queue is full, attempting to push a packet should fail and return 0 + + check( netcode_packet_queue_push( &queue, malloc( 100 ), 0 ) == 0 ); + + // make sure all packets pop off in the correct order + + for ( i = 0; i < NETCODE_PACKET_QUEUE_SIZE; ++i ) + { + uint64_t sequence = 0; + void * packet = netcode_packet_queue_pop( &queue, &sequence ); + check( sequence == (uint64_t) i ); + check( packet == packets[i] ); + free( packet ); + } + + // add some packets again + + for ( i = 0; i < NETCODE_PACKET_QUEUE_SIZE; ++i ) + { + packets[i] = malloc( i * 256 ); + check( netcode_packet_queue_push( &queue, packets[i], (uint64_t) i ) == 1 ); + } + + // clear the queue and make sure that all packets are freed + + netcode_packet_queue_clear( &queue ); + + check( queue.start_index == 0 ); + check( queue.num_packets == 0 ); + for ( i = 0; i < NETCODE_PACKET_QUEUE_SIZE; ++i ) + check( queue.packet_data[i] == NULL ); +} + +static void test_endian() +{ + uint32_t value = 0x11223344; + + char * bytes = (char*) &value; + +#if NETCODE_LITTLE_ENDIAN + + check( bytes[0] == 0x44 ); + check( bytes[1] == 0x33 ); + check( bytes[2] == 0x22 ); + check( bytes[3] == 0x11 ); + +#else // #if NETCODE_LITTLE_ENDIAN + + check( bytes[3] == 0x44 ); + check( bytes[2] == 0x33 ); + check( bytes[1] == 0x22 ); + check( bytes[0] == 0x11 ); + +#endif // #if NETCODE_LITTLE_ENDIAN +} + +static void test_sequence() +{ + check( netcode_sequence_number_bytes_required( 0 ) == 1 ); + check( netcode_sequence_number_bytes_required( 0x11 ) == 1 ); + check( netcode_sequence_number_bytes_required( 0x1122 ) == 2 ); + check( netcode_sequence_number_bytes_required( 0x112233 ) == 3 ); + check( netcode_sequence_number_bytes_required( 0x11223344 ) == 4 ); + check( netcode_sequence_number_bytes_required( 0x1122334455 ) == 5 ); + check( netcode_sequence_number_bytes_required( 0x112233445566 ) == 6 ); + check( netcode_sequence_number_bytes_required( 0x11223344556677 ) == 7 ); + check( netcode_sequence_number_bytes_required( 0x1122334455667788 ) == 8 ); +} + +static void test_address() +{ + { + struct netcode_address_t address; + check( netcode_parse_address( "", &address ) == NETCODE_ERROR ); + check( netcode_parse_address( "[", &address ) == NETCODE_ERROR ); + check( netcode_parse_address( "[]", &address ) == NETCODE_ERROR ); + check( netcode_parse_address( "[]:", &address ) == NETCODE_ERROR ); + check( netcode_parse_address( ":", &address ) == NETCODE_ERROR ); + check( netcode_parse_address( "1", &address ) == NETCODE_ERROR ); + check( netcode_parse_address( "12", &address ) == NETCODE_ERROR ); + check( netcode_parse_address( "123", &address ) == NETCODE_ERROR ); + check( netcode_parse_address( "1234", &address ) == NETCODE_ERROR ); + check( netcode_parse_address( "1234.0.12313.0000", &address ) == NETCODE_ERROR ); + check( netcode_parse_address( "1234.0.12313.0000.0.0.0.0.0", &address ) == NETCODE_ERROR ); + check( netcode_parse_address( "1312313:123131:1312313:123131:1312313:123131:1312313:123131:1312313:123131:1312313:123131", &address ) == NETCODE_ERROR ); + check( netcode_parse_address( ".", &address ) == NETCODE_ERROR ); + check( netcode_parse_address( "..", &address ) == NETCODE_ERROR ); + check( netcode_parse_address( "...", &address ) == NETCODE_ERROR ); + check( netcode_parse_address( "....", &address ) == NETCODE_ERROR ); + check( netcode_parse_address( ".....", &address ) == NETCODE_ERROR ); + } + + { + struct netcode_address_t address; + check( netcode_parse_address( "107.77.207.77", &address ) == NETCODE_OK ); + check( address.type == NETCODE_ADDRESS_IPV4 ); + check( address.port == 0 ); + check( address.data.ipv4[0] == 107 ); + check( address.data.ipv4[1] == 77 ); + check( address.data.ipv4[2] == 207 ); + check( address.data.ipv4[3] == 77 ); + } + + { + struct netcode_address_t address; + check( netcode_parse_address( "127.0.0.1", &address ) == NETCODE_OK ); + check( address.type == NETCODE_ADDRESS_IPV4 ); + check( address.port == 0 ); + check( address.data.ipv4[0] == 127 ); + check( address.data.ipv4[1] == 0 ); + check( address.data.ipv4[2] == 0 ); + check( address.data.ipv4[3] == 1 ); + } + + { + struct netcode_address_t address; + check( netcode_parse_address( "107.77.207.77:40000", &address ) == NETCODE_OK ); + check( address.type == NETCODE_ADDRESS_IPV4 ); + check( address.port == 40000 ); + check( address.data.ipv4[0] == 107 ); + check( address.data.ipv4[1] == 77 ); + check( address.data.ipv4[2] == 207 ); + check( address.data.ipv4[3] == 77 ); + } + + { + struct netcode_address_t address; + check( netcode_parse_address( "127.0.0.1:40000", &address ) == NETCODE_OK ); + check( address.type == NETCODE_ADDRESS_IPV4 ); + check( address.port == 40000 ); + check( address.data.ipv4[0] == 127 ); + check( address.data.ipv4[1] == 0 ); + check( address.data.ipv4[2] == 0 ); + check( address.data.ipv4[3] == 1 ); + } + + { + struct netcode_address_t address; + check( netcode_parse_address( "fe80::202:b3ff:fe1e:8329", &address ) == NETCODE_OK ); + check( address.type == NETCODE_ADDRESS_IPV6 ); + check( address.port == 0 ); + check( address.data.ipv6[0] == 0xfe80 ); + check( address.data.ipv6[1] == 0x0000 ); + check( address.data.ipv6[2] == 0x0000 ); + check( address.data.ipv6[3] == 0x0000 ); + check( address.data.ipv6[4] == 0x0202 ); + check( address.data.ipv6[5] == 0xb3ff ); + check( address.data.ipv6[6] == 0xfe1e ); + check( address.data.ipv6[7] == 0x8329 ); + } + + { + struct netcode_address_t address; + check( netcode_parse_address( "::", &address ) == NETCODE_OK ); + check( address.type == NETCODE_ADDRESS_IPV6 ); + check( address.port == 0 ); + check( address.data.ipv6[0] == 0x0000 ); + check( address.data.ipv6[1] == 0x0000 ); + check( address.data.ipv6[2] == 0x0000 ); + check( address.data.ipv6[3] == 0x0000 ); + check( address.data.ipv6[4] == 0x0000 ); + check( address.data.ipv6[5] == 0x0000 ); + check( address.data.ipv6[6] == 0x0000 ); + check( address.data.ipv6[7] == 0x0000 ); + } + + { + struct netcode_address_t address; + check( netcode_parse_address( "::1", &address ) == NETCODE_OK ); + check( address.type == NETCODE_ADDRESS_IPV6 ); + check( address.port == 0 ); + check( address.data.ipv6[0] == 0x0000 ); + check( address.data.ipv6[1] == 0x0000 ); + check( address.data.ipv6[2] == 0x0000 ); + check( address.data.ipv6[3] == 0x0000 ); + check( address.data.ipv6[4] == 0x0000 ); + check( address.data.ipv6[5] == 0x0000 ); + check( address.data.ipv6[6] == 0x0000 ); + check( address.data.ipv6[7] == 0x0001 ); + } + + { + struct netcode_address_t address; + check( netcode_parse_address( "[fe80::202:b3ff:fe1e:8329]:40000", &address ) == NETCODE_OK ); + check( address.type == NETCODE_ADDRESS_IPV6 ); + check( address.port == 40000 ); + check( address.data.ipv6[0] == 0xfe80 ); + check( address.data.ipv6[1] == 0x0000 ); + check( address.data.ipv6[2] == 0x0000 ); + check( address.data.ipv6[3] == 0x0000 ); + check( address.data.ipv6[4] == 0x0202 ); + check( address.data.ipv6[5] == 0xb3ff ); + check( address.data.ipv6[6] == 0xfe1e ); + check( address.data.ipv6[7] == 0x8329 ); + } + + { + struct netcode_address_t address; + check( netcode_parse_address( "[::]:40000", &address ) == NETCODE_OK ); + check( address.type == NETCODE_ADDRESS_IPV6 ); + check( address.port == 40000 ); + check( address.data.ipv6[0] == 0x0000 ); + check( address.data.ipv6[1] == 0x0000 ); + check( address.data.ipv6[2] == 0x0000 ); + check( address.data.ipv6[3] == 0x0000 ); + check( address.data.ipv6[4] == 0x0000 ); + check( address.data.ipv6[5] == 0x0000 ); + check( address.data.ipv6[6] == 0x0000 ); + check( address.data.ipv6[7] == 0x0000 ); + } + + { + struct netcode_address_t address; + check( netcode_parse_address( "[::1]:40000", &address ) == NETCODE_OK ); + check( address.type == NETCODE_ADDRESS_IPV6 ); + check( address.port == 40000 ); + check( address.data.ipv6[0] == 0x0000 ); + check( address.data.ipv6[1] == 0x0000 ); + check( address.data.ipv6[2] == 0x0000 ); + check( address.data.ipv6[3] == 0x0000 ); + check( address.data.ipv6[4] == 0x0000 ); + check( address.data.ipv6[5] == 0x0000 ); + check( address.data.ipv6[6] == 0x0000 ); + check( address.data.ipv6[7] == 0x0001 ); + } +} + +#define TEST_PROTOCOL_ID 0x1122334455667788ULL +#define TEST_CLIENT_ID 0x1ULL +#define TEST_SERVER_PORT 40000 +#define TEST_CONNECT_TOKEN_EXPIRY 30 +#define TEST_TIMEOUT_SECONDS 15 + +static void test_connect_token() +{ + // generate a connect token + + struct netcode_address_t server_address; + server_address.type = NETCODE_ADDRESS_IPV4; + server_address.data.ipv4[0] = 127; + server_address.data.ipv4[1] = 0; + server_address.data.ipv4[2] = 0; + server_address.data.ipv4[3] = 1; + server_address.port = TEST_SERVER_PORT; + + uint8_t user_data[NETCODE_USER_DATA_BYTES]; + netcode_random_bytes( user_data, NETCODE_USER_DATA_BYTES ); + + struct netcode_connect_token_private_t input_token; + + netcode_generate_connect_token_private( &input_token, TEST_CLIENT_ID, TEST_TIMEOUT_SECONDS, 1, &server_address, user_data ); + + check( input_token.client_id == TEST_CLIENT_ID ); + check( input_token.num_server_addresses == 1 ); + check( memcmp( input_token.user_data, user_data, NETCODE_USER_DATA_BYTES ) == 0 ); + check( netcode_address_equal( &input_token.server_addresses[0], &server_address ) ); + + // write it to a buffer + + uint8_t buffer[NETCODE_CONNECT_TOKEN_PRIVATE_BYTES]; + + netcode_write_connect_token_private( &input_token, buffer, NETCODE_CONNECT_TOKEN_PRIVATE_BYTES ); + + // encrypt the buffer + + uint64_t expire_timestamp = time( NULL ) + 30; + uint8_t nonce[NETCODE_CONNECT_TOKEN_NONCE_BYTES]; + netcode_generate_nonce(nonce); + uint8_t key[NETCODE_KEY_BYTES]; + netcode_generate_key( key ); + + check( netcode_encrypt_connect_token_private( buffer, + NETCODE_CONNECT_TOKEN_PRIVATE_BYTES, + NETCODE_VERSION_INFO, + TEST_PROTOCOL_ID, + expire_timestamp, + nonce, + key ) == NETCODE_OK ); + + // decrypt the buffer + + check( netcode_decrypt_connect_token_private( buffer, + NETCODE_CONNECT_TOKEN_PRIVATE_BYTES, + NETCODE_VERSION_INFO, + TEST_PROTOCOL_ID, + expire_timestamp, + nonce, + key ) == NETCODE_OK ); + + // read the connect token back in + + struct netcode_connect_token_private_t output_token; + + check( netcode_read_connect_token_private( buffer, NETCODE_CONNECT_TOKEN_PRIVATE_BYTES, &output_token ) == NETCODE_OK ); + + // make sure that everything matches the original connect token + + check( output_token.client_id == input_token.client_id ); + check( output_token.timeout_seconds == input_token.timeout_seconds ); + check( output_token.num_server_addresses == input_token.num_server_addresses ); + check( netcode_address_equal( &output_token.server_addresses[0], &input_token.server_addresses[0] ) ); + check( memcmp( output_token.client_to_server_key, input_token.client_to_server_key, NETCODE_KEY_BYTES ) == 0 ); + check( memcmp( output_token.server_to_client_key, input_token.server_to_client_key, NETCODE_KEY_BYTES ) == 0 ); + check( memcmp( output_token.user_data, input_token.user_data, NETCODE_USER_DATA_BYTES ) == 0 ); +} + +static void test_challenge_token() +{ + // generate a challenge token + + struct netcode_challenge_token_t input_token; + + input_token.client_id = TEST_CLIENT_ID; + netcode_random_bytes( input_token.user_data, NETCODE_USER_DATA_BYTES ); + + // write it to a buffer + + uint8_t buffer[NETCODE_CHALLENGE_TOKEN_BYTES]; + + netcode_write_challenge_token( &input_token, buffer, NETCODE_CHALLENGE_TOKEN_BYTES ); + + // encrypt the buffer + + uint64_t sequence = 1000; + uint8_t key[NETCODE_KEY_BYTES]; + netcode_generate_key( key ); + + check( netcode_encrypt_challenge_token( buffer, NETCODE_CHALLENGE_TOKEN_BYTES, sequence, key ) == NETCODE_OK ); + + // decrypt the buffer + + check( netcode_decrypt_challenge_token( buffer, NETCODE_CHALLENGE_TOKEN_BYTES, sequence, key ) == NETCODE_OK ); + + // read the challenge token back in + + struct netcode_challenge_token_t output_token; + + check( netcode_read_challenge_token( buffer, NETCODE_CHALLENGE_TOKEN_BYTES, &output_token ) == NETCODE_OK ); + + // make sure that everything matches the original challenge token + + check( output_token.client_id == input_token.client_id ); + check( memcmp( output_token.user_data, input_token.user_data, NETCODE_USER_DATA_BYTES ) == 0 ); +} + +static void test_connection_request_packet() +{ + // generate a connect token + + struct netcode_address_t server_address; + server_address.type = NETCODE_ADDRESS_IPV4; + server_address.data.ipv4[0] = 127; + server_address.data.ipv4[1] = 0; + server_address.data.ipv4[2] = 0; + server_address.data.ipv4[3] = 1; + server_address.port = TEST_SERVER_PORT; + + uint8_t user_data[NETCODE_USER_DATA_BYTES]; + netcode_random_bytes( user_data, NETCODE_USER_DATA_BYTES ); + + struct netcode_connect_token_private_t input_token; + + netcode_generate_connect_token_private( &input_token, TEST_CLIENT_ID, TEST_TIMEOUT_SECONDS, 1, &server_address, user_data ); + + check( input_token.client_id == TEST_CLIENT_ID ); + check( input_token.num_server_addresses == 1 ); + check( memcmp( input_token.user_data, user_data, NETCODE_USER_DATA_BYTES ) == 0 ); + check( netcode_address_equal( &input_token.server_addresses[0], &server_address ) ); + + // write the conect token to a buffer (non-encrypted) + + uint8_t connect_token_data[NETCODE_CONNECT_TOKEN_PRIVATE_BYTES]; + + netcode_write_connect_token_private( &input_token, connect_token_data, NETCODE_CONNECT_TOKEN_PRIVATE_BYTES ); + + // copy to a second buffer then encrypt it in place (we need the unencrypted token for verification later on) + + uint8_t encrypted_connect_token_data[NETCODE_CONNECT_TOKEN_PRIVATE_BYTES]; + + memcpy( encrypted_connect_token_data, connect_token_data, NETCODE_CONNECT_TOKEN_PRIVATE_BYTES ); + + uint64_t connect_token_expire_timestamp = time( NULL ) + 30; + uint8_t connect_token_nonce[NETCODE_CONNECT_TOKEN_NONCE_BYTES]; + netcode_generate_nonce(connect_token_nonce); + uint8_t connect_token_key[NETCODE_KEY_BYTES]; + netcode_generate_key( connect_token_key ); + + check( netcode_encrypt_connect_token_private( encrypted_connect_token_data, + NETCODE_CONNECT_TOKEN_PRIVATE_BYTES, + NETCODE_VERSION_INFO, + TEST_PROTOCOL_ID, + connect_token_expire_timestamp, + connect_token_nonce, + connect_token_key ) == NETCODE_OK ); + + // setup a connection request packet wrapping the encrypted connect token + + struct netcode_connection_request_packet_t input_packet; + + input_packet.packet_type = NETCODE_CONNECTION_REQUEST_PACKET; + memcpy( input_packet.version_info, NETCODE_VERSION_INFO, NETCODE_VERSION_INFO_BYTES ); + input_packet.protocol_id = TEST_PROTOCOL_ID; + input_packet.connect_token_expire_timestamp = connect_token_expire_timestamp; + memcpy( input_packet.connect_token_nonce, connect_token_nonce, NETCODE_CONNECT_TOKEN_NONCE_BYTES ); + memcpy( input_packet.connect_token_data, encrypted_connect_token_data, NETCODE_CONNECT_TOKEN_PRIVATE_BYTES ); + + // write the connection request packet to a buffer + + uint8_t buffer[2048]; + + uint8_t packet_key[NETCODE_KEY_BYTES]; + + netcode_generate_key( packet_key ); + + int bytes_written = netcode_write_packet( &input_packet, buffer, sizeof( buffer ), 1000, packet_key, TEST_PROTOCOL_ID ); + + check( bytes_written > 0 ); + + // read the connection request packet back in from the buffer (the connect token data is decrypted as part of the read packet validation) + + uint64_t sequence = 1000; + + uint8_t allowed_packets[NETCODE_CONNECTION_NUM_PACKETS]; + memset( allowed_packets, 1, sizeof( allowed_packets ) ); + + struct netcode_connection_request_packet_t * output_packet = (struct netcode_connection_request_packet_t*) + netcode_read_packet( buffer, bytes_written, &sequence, packet_key, TEST_PROTOCOL_ID, time( NULL ), connect_token_key, allowed_packets, NULL, NULL, NULL ); + + check( output_packet ); + + // make sure the read packet matches what was written + + check( output_packet->packet_type == NETCODE_CONNECTION_REQUEST_PACKET ); + check( memcmp( output_packet->version_info, input_packet.version_info, NETCODE_VERSION_INFO_BYTES ) == 0 ); + check( output_packet->protocol_id == input_packet.protocol_id ); + check( output_packet->connect_token_expire_timestamp == input_packet.connect_token_expire_timestamp ); + check( memcmp( output_packet->connect_token_nonce, input_packet.connect_token_nonce, NETCODE_CONNECT_TOKEN_NONCE_BYTES ) == 0 ); + check( memcmp( output_packet->connect_token_data, connect_token_data, NETCODE_CONNECT_TOKEN_PRIVATE_BYTES - NETCODE_MAC_BYTES ) == 0 ); + + free( output_packet ); +} + +void test_connection_denied_packet() +{ + // setup a connection denied packet + + struct netcode_connection_denied_packet_t input_packet; + + input_packet.packet_type = NETCODE_CONNECTION_DENIED_PACKET; + + // write the packet to a buffer + + uint8_t buffer[NETCODE_MAX_PACKET_BYTES]; + + uint8_t packet_key[NETCODE_KEY_BYTES]; + + netcode_generate_key( packet_key ); + + int bytes_written = netcode_write_packet( &input_packet, buffer, sizeof( buffer ), 1000, packet_key, TEST_PROTOCOL_ID ); + + check( bytes_written > 0 ); + + // read the packet back in from the buffer + + uint64_t sequence; + + uint8_t allowed_packet_types[NETCODE_CONNECTION_NUM_PACKETS]; + memset( allowed_packet_types, 1, sizeof( allowed_packet_types ) ); + + struct netcode_connection_denied_packet_t * output_packet = (struct netcode_connection_denied_packet_t*) + netcode_read_packet( buffer, bytes_written, &sequence, packet_key, TEST_PROTOCOL_ID, time( NULL ), NULL, allowed_packet_types, NULL, NULL, NULL ); + + check( output_packet ); + + // make sure the read packet matches what was written + + check( output_packet->packet_type == NETCODE_CONNECTION_DENIED_PACKET ); + + free( output_packet ); +} + +void test_connection_challenge_packet() +{ + // setup a connection challenge packet + + struct netcode_connection_challenge_packet_t input_packet; + + input_packet.packet_type = NETCODE_CONNECTION_CHALLENGE_PACKET; + input_packet.challenge_token_sequence = 0; + netcode_random_bytes( input_packet.challenge_token_data, NETCODE_CHALLENGE_TOKEN_BYTES ); + + // write the packet to a buffer + + uint8_t buffer[NETCODE_MAX_PACKET_BYTES]; + + uint8_t packet_key[NETCODE_KEY_BYTES]; + + netcode_generate_key( packet_key ); + + int bytes_written = netcode_write_packet( &input_packet, buffer, sizeof( buffer ), 1000, packet_key, TEST_PROTOCOL_ID ); + + check( bytes_written > 0 ); + + // read the packet back in from the buffer + + uint64_t sequence; + + uint8_t allowed_packet_types[NETCODE_CONNECTION_NUM_PACKETS]; + memset( allowed_packet_types, 1, sizeof( allowed_packet_types ) ); + + struct netcode_connection_challenge_packet_t * output_packet = (struct netcode_connection_challenge_packet_t*) + netcode_read_packet( buffer, bytes_written, &sequence, packet_key, TEST_PROTOCOL_ID, time( NULL ), NULL, allowed_packet_types, NULL, NULL, NULL ); + + check( output_packet ); + + // make sure the read packet packet matches what was written + + check( output_packet->packet_type == NETCODE_CONNECTION_CHALLENGE_PACKET ); + check( output_packet->challenge_token_sequence == input_packet.challenge_token_sequence ); + check( memcmp( output_packet->challenge_token_data, input_packet.challenge_token_data, NETCODE_CHALLENGE_TOKEN_BYTES ) == 0 ); + + free( output_packet ); +} + +void test_connection_response_packet() +{ + // setup a connection response packet + + struct netcode_connection_response_packet_t input_packet; + + input_packet.packet_type = NETCODE_CONNECTION_RESPONSE_PACKET; + input_packet.challenge_token_sequence = 0; + netcode_random_bytes( input_packet.challenge_token_data, NETCODE_CHALLENGE_TOKEN_BYTES ); + + // write the packet to a buffer + + uint8_t buffer[NETCODE_MAX_PACKET_BYTES]; + + uint8_t packet_key[NETCODE_KEY_BYTES]; + + netcode_generate_key( packet_key ); + + int bytes_written = netcode_write_packet( &input_packet, buffer, sizeof( buffer ), 1000, packet_key, TEST_PROTOCOL_ID ); + + check( bytes_written > 0 ); + + // read the packet back in from the buffer + + uint64_t sequence; + + uint8_t allowed_packet_types[NETCODE_CONNECTION_NUM_PACKETS]; + memset( allowed_packet_types, 1, sizeof( allowed_packet_types ) ); + + struct netcode_connection_response_packet_t * output_packet = (struct netcode_connection_response_packet_t*) + netcode_read_packet( buffer, bytes_written, &sequence, packet_key, TEST_PROTOCOL_ID, time( NULL ), NULL, allowed_packet_types, NULL, NULL, NULL ); + + check( output_packet ); + + // make sure the read packet matches what was written + + check( output_packet->packet_type == NETCODE_CONNECTION_RESPONSE_PACKET ); + check( output_packet->challenge_token_sequence == input_packet.challenge_token_sequence ); + check( memcmp( output_packet->challenge_token_data, input_packet.challenge_token_data, NETCODE_CHALLENGE_TOKEN_BYTES ) == 0 ); + + free( output_packet ); +} + +void test_connection_keep_alive_packet() +{ + // setup a connection keep alive packet + + struct netcode_connection_keep_alive_packet_t input_packet; + + input_packet.packet_type = NETCODE_CONNECTION_KEEP_ALIVE_PACKET; + input_packet.client_index = 10; + input_packet.max_clients = 16; + + // write the packet to a buffer + + uint8_t buffer[NETCODE_MAX_PACKET_BYTES]; + + uint8_t packet_key[NETCODE_KEY_BYTES]; + + netcode_generate_key( packet_key ); + + int bytes_written = netcode_write_packet( &input_packet, buffer, sizeof( buffer ), 1000, packet_key, TEST_PROTOCOL_ID ); + + check( bytes_written > 0 ); + + // read the packet back in from the buffer + + uint64_t sequence; + + uint8_t allowed_packet_types[NETCODE_CONNECTION_NUM_PACKETS]; + memset( allowed_packet_types, 1, sizeof( allowed_packet_types ) ); + + struct netcode_connection_keep_alive_packet_t * output_packet = (struct netcode_connection_keep_alive_packet_t*) + netcode_read_packet( buffer, bytes_written, &sequence, packet_key, TEST_PROTOCOL_ID, time( NULL ), NULL, allowed_packet_types, NULL, NULL, NULL ); + + check( output_packet ); + + // make sure the read packet matches what was written + + check( output_packet->packet_type == NETCODE_CONNECTION_KEEP_ALIVE_PACKET ); + check( output_packet->client_index == input_packet.client_index ); + check( output_packet->max_clients == input_packet.max_clients ); + + free( output_packet ); +} + +void test_connection_payload_packet() +{ + // setup a connection payload packet + + struct netcode_connection_payload_packet_t * input_packet = netcode_create_payload_packet( NETCODE_MAX_PAYLOAD_BYTES, NULL, NULL ); + + check( input_packet->packet_type == NETCODE_CONNECTION_PAYLOAD_PACKET ); + check( input_packet->payload_bytes == NETCODE_MAX_PAYLOAD_BYTES ); + + netcode_random_bytes( input_packet->payload_data, NETCODE_MAX_PAYLOAD_BYTES ); + + // write the packet to a buffer + + uint8_t buffer[NETCODE_MAX_PACKET_BYTES]; + + uint8_t packet_key[NETCODE_KEY_BYTES]; + + netcode_generate_key( packet_key ); + + int bytes_written = netcode_write_packet( input_packet, buffer, sizeof( buffer ), 1000, packet_key, TEST_PROTOCOL_ID ); + + check( bytes_written > 0 ); + + // read the packet back in from the buffer + + uint64_t sequence; + + uint8_t allowed_packet_types[NETCODE_CONNECTION_NUM_PACKETS]; + memset( allowed_packet_types, 1, sizeof( allowed_packet_types ) ); + + struct netcode_connection_payload_packet_t * output_packet = (struct netcode_connection_payload_packet_t*) + netcode_read_packet( buffer, bytes_written, &sequence, packet_key, TEST_PROTOCOL_ID, time( NULL ), NULL, allowed_packet_types, NULL, NULL, NULL ); + + check( output_packet ); + + // make sure the read packet matches what was written + + check( output_packet->packet_type == NETCODE_CONNECTION_PAYLOAD_PACKET ); + check( output_packet->payload_bytes == input_packet->payload_bytes ); + check( memcmp( output_packet->payload_data, input_packet->payload_data, NETCODE_MAX_PAYLOAD_BYTES ) == 0 ); + + free( input_packet ); + free( output_packet ); +} + +void test_connection_disconnect_packet() +{ + // setup a connection disconnect packet + + struct netcode_connection_disconnect_packet_t input_packet; + + input_packet.packet_type = NETCODE_CONNECTION_DISCONNECT_PACKET; + + // write the packet to a buffer + + uint8_t buffer[NETCODE_MAX_PACKET_BYTES]; + + uint8_t packet_key[NETCODE_KEY_BYTES]; + + netcode_generate_key( packet_key ); + + int bytes_written = netcode_write_packet( &input_packet, buffer, sizeof( buffer ), 1000, packet_key, TEST_PROTOCOL_ID ); + + check( bytes_written > 0 ); + + // read the packet back in from the buffer + + uint64_t sequence; + + uint8_t allowed_packet_types[NETCODE_CONNECTION_NUM_PACKETS]; + memset( allowed_packet_types, 1, sizeof( allowed_packet_types ) ); + + struct netcode_connection_disconnect_packet_t * output_packet = (struct netcode_connection_disconnect_packet_t*) + netcode_read_packet( buffer, bytes_written, &sequence, packet_key, TEST_PROTOCOL_ID, time( NULL ), NULL, allowed_packet_types, NULL, NULL, NULL ); + + check( output_packet ); + + // make sure the read packet matches what was written + + check( output_packet->packet_type == NETCODE_CONNECTION_DISCONNECT_PACKET ); + + free( output_packet ); +} + +void test_connect_token_public() +{ + // generate a private connect token + + struct netcode_address_t server_address; + server_address.type = NETCODE_ADDRESS_IPV4; + server_address.data.ipv4[0] = 127; + server_address.data.ipv4[1] = 0; + server_address.data.ipv4[2] = 0; + server_address.data.ipv4[3] = 1; + server_address.port = TEST_SERVER_PORT; + + uint8_t user_data[NETCODE_USER_DATA_BYTES]; + netcode_random_bytes( user_data, NETCODE_USER_DATA_BYTES ); + + struct netcode_connect_token_private_t connect_token_private; + + netcode_generate_connect_token_private( &connect_token_private, TEST_CLIENT_ID, TEST_TIMEOUT_SECONDS, 1, &server_address, user_data ); + + check( connect_token_private.client_id == TEST_CLIENT_ID ); + check( connect_token_private.num_server_addresses == 1 ); + check( memcmp( connect_token_private.user_data, user_data, NETCODE_USER_DATA_BYTES ) == 0 ); + check( netcode_address_equal( &connect_token_private.server_addresses[0], &server_address ) ); + + // write it to a buffer + + uint8_t connect_token_private_data[NETCODE_CONNECT_TOKEN_PRIVATE_BYTES]; + netcode_write_connect_token_private( &connect_token_private, connect_token_private_data, NETCODE_CONNECT_TOKEN_PRIVATE_BYTES ); + + // encrypt the buffer + + uint64_t create_timestamp = time( NULL ); + uint64_t expire_timestamp = create_timestamp + 30; + uint8_t connect_token_nonce[NETCODE_CONNECT_TOKEN_NONCE_BYTES]; + netcode_generate_nonce( connect_token_nonce ); + uint8_t key[NETCODE_KEY_BYTES]; + netcode_generate_key( key ); + check( netcode_encrypt_connect_token_private( connect_token_private_data, + NETCODE_CONNECT_TOKEN_PRIVATE_BYTES, + NETCODE_VERSION_INFO, + TEST_PROTOCOL_ID, + expire_timestamp, + connect_token_nonce, + key ) == 1 ); + + // wrap a public connect token around the private connect token data + + struct netcode_connect_token_t input_connect_token; + memset( &input_connect_token, 0, sizeof( struct netcode_connect_token_t ) ); + memcpy( input_connect_token.version_info, NETCODE_VERSION_INFO, NETCODE_VERSION_INFO_BYTES ); + input_connect_token.protocol_id = TEST_PROTOCOL_ID; + input_connect_token.create_timestamp = create_timestamp; + input_connect_token.expire_timestamp = expire_timestamp; + memcpy( input_connect_token.nonce, connect_token_nonce, NETCODE_CONNECT_TOKEN_NONCE_BYTES ); + memcpy( input_connect_token.private_data, connect_token_private_data, NETCODE_CONNECT_TOKEN_PRIVATE_BYTES ); + input_connect_token.num_server_addresses = 1; + input_connect_token.server_addresses[0] = server_address; + memcpy( input_connect_token.client_to_server_key, connect_token_private.client_to_server_key, NETCODE_KEY_BYTES ); + memcpy( input_connect_token.server_to_client_key, connect_token_private.server_to_client_key, NETCODE_KEY_BYTES ); + input_connect_token.timeout_seconds = (int) TEST_TIMEOUT_SECONDS; + + // write the connect token to a buffer + + uint8_t buffer[NETCODE_CONNECT_TOKEN_BYTES]; + netcode_write_connect_token( &input_connect_token, buffer, NETCODE_CONNECT_TOKEN_BYTES ); + + // read the buffer back in + + struct netcode_connect_token_t output_connect_token; + memset( &output_connect_token, 0, sizeof( struct netcode_connect_token_t ) ); + check( netcode_read_connect_token( buffer, NETCODE_CONNECT_TOKEN_BYTES, &output_connect_token ) == 1 ); + + // make sure the public connect token matches what was written + + check( memcmp( output_connect_token.version_info, input_connect_token.version_info, NETCODE_VERSION_INFO_BYTES ) == 0 ); + check( output_connect_token.protocol_id == input_connect_token.protocol_id ); + check( output_connect_token.create_timestamp == input_connect_token.create_timestamp ); + check( output_connect_token.expire_timestamp == input_connect_token.expire_timestamp ); + check( memcmp( output_connect_token.nonce, input_connect_token.nonce, NETCODE_CONNECT_TOKEN_NONCE_BYTES ) == 0 ); + check( memcmp( output_connect_token.private_data, input_connect_token.private_data, NETCODE_CONNECT_TOKEN_PRIVATE_BYTES ) == 0 ); + check( output_connect_token.num_server_addresses == input_connect_token.num_server_addresses ); + check( netcode_address_equal( &output_connect_token.server_addresses[0], &input_connect_token.server_addresses[0] ) ); + check( memcmp( output_connect_token.client_to_server_key, input_connect_token.client_to_server_key, NETCODE_KEY_BYTES ) == 0 ); + check( memcmp( output_connect_token.server_to_client_key, input_connect_token.server_to_client_key, NETCODE_KEY_BYTES ) == 0 ); + check( output_connect_token.timeout_seconds == input_connect_token.timeout_seconds ); +} + +void test_encryption_manager() +{ + struct netcode_encryption_manager_t encryption_manager; + + netcode_encryption_manager_reset( &encryption_manager ); + + double time = 100.0; + + // generate some test encryption mappings + + struct encryption_mapping_t + { + struct netcode_address_t address; + uint8_t send_key[NETCODE_KEY_BYTES]; + uint8_t receive_key[NETCODE_KEY_BYTES]; + }; + + #define NUM_ENCRYPTION_MAPPINGS 5 + + struct encryption_mapping_t encryption_mapping[NUM_ENCRYPTION_MAPPINGS]; + memset( encryption_mapping, 0, sizeof( encryption_mapping ) ); + int i; + for ( i = 0; i < NUM_ENCRYPTION_MAPPINGS; ++i ) + { + encryption_mapping[i].address.type = NETCODE_ADDRESS_IPV6; + encryption_mapping[i].address.data.ipv6[7] = 1; + encryption_mapping[i].address.port = ( uint16_t) ( 20000 + i ); + netcode_generate_key( encryption_mapping[i].send_key ); + netcode_generate_key( encryption_mapping[i].receive_key ); + } + + // add the encryption mappings to the manager and make sure they can be looked up by address + + for ( i = 0; i < NUM_ENCRYPTION_MAPPINGS; ++i ) + { + int encryption_index = netcode_encryption_manager_find_encryption_mapping( &encryption_manager, &encryption_mapping[i].address, time ); + + check( encryption_index == -1 ); + + check( netcode_encryption_manager_get_send_key( &encryption_manager, encryption_index ) == NULL ); + check( netcode_encryption_manager_get_receive_key( &encryption_manager, encryption_index ) == NULL ); + + check( netcode_encryption_manager_add_encryption_mapping( &encryption_manager, + &encryption_mapping[i].address, + encryption_mapping[i].send_key, + encryption_mapping[i].receive_key, + time, + -1.0, + TEST_TIMEOUT_SECONDS ) ); + + encryption_index = netcode_encryption_manager_find_encryption_mapping( &encryption_manager, &encryption_mapping[i].address, time ); + + uint8_t * send_key = netcode_encryption_manager_get_send_key( &encryption_manager, encryption_index ); + uint8_t * receive_key = netcode_encryption_manager_get_receive_key( &encryption_manager, encryption_index ); + + check( send_key ); + check( receive_key ); + + check( memcmp( send_key, encryption_mapping[i].send_key, NETCODE_KEY_BYTES ) == 0 ); + check( memcmp( receive_key, encryption_mapping[i].receive_key, NETCODE_KEY_BYTES ) == 0 ); + } + + // removing an encryption mapping that doesn't exist should return 0 + { + struct netcode_address_t address; + address.type = NETCODE_ADDRESS_IPV6; + address.data.ipv6[7] = 1; + address.port = 50000; + + check( netcode_encryption_manager_remove_encryption_mapping( &encryption_manager, &address, time ) == 0 ); + } + + // remove the first and last encryption mappings + + check( netcode_encryption_manager_remove_encryption_mapping( &encryption_manager, &encryption_mapping[0].address, time ) == 1 ); + + check( netcode_encryption_manager_remove_encryption_mapping( &encryption_manager, &encryption_mapping[NUM_ENCRYPTION_MAPPINGS-1].address, time ) == 1 ); + + // make sure the encryption mappings that were removed can no longer be looked up by address + + for ( i = 0; i < NUM_ENCRYPTION_MAPPINGS; ++i ) + { + int encryption_index = netcode_encryption_manager_find_encryption_mapping( &encryption_manager, &encryption_mapping[i].address, time ); + + uint8_t * send_key = netcode_encryption_manager_get_send_key( &encryption_manager, encryption_index ); + uint8_t * receive_key = netcode_encryption_manager_get_receive_key( &encryption_manager, encryption_index ); + + if ( i != 0 && i != NUM_ENCRYPTION_MAPPINGS - 1 ) + { + check( send_key ); + check( receive_key ); + + check( memcmp( send_key, encryption_mapping[i].send_key, NETCODE_KEY_BYTES ) == 0 ); + check( memcmp( receive_key, encryption_mapping[i].receive_key, NETCODE_KEY_BYTES ) == 0 ); + } + else + { + check( !send_key ); + check( !receive_key ); + } + } + + // add the encryption mappings back in + + check( netcode_encryption_manager_add_encryption_mapping( &encryption_manager, + &encryption_mapping[0].address, + encryption_mapping[0].send_key, + encryption_mapping[0].receive_key, + time, + -1.0, + TEST_TIMEOUT_SECONDS ) ); + + check( netcode_encryption_manager_add_encryption_mapping( &encryption_manager, + &encryption_mapping[NUM_ENCRYPTION_MAPPINGS-1].address, + encryption_mapping[NUM_ENCRYPTION_MAPPINGS-1].send_key, + encryption_mapping[NUM_ENCRYPTION_MAPPINGS-1].receive_key, + time, + -1.0, + TEST_TIMEOUT_SECONDS ) ); + + // all encryption mappings should be able to be looked up by address again + + for ( i = 0; i < NUM_ENCRYPTION_MAPPINGS; ++i ) + { + int encryption_index = netcode_encryption_manager_find_encryption_mapping( &encryption_manager, &encryption_mapping[i].address, time ); + + uint8_t * send_key = netcode_encryption_manager_get_send_key( &encryption_manager, encryption_index ); + uint8_t * receive_key = netcode_encryption_manager_get_receive_key( &encryption_manager, encryption_index ); + + check( send_key ); + check( receive_key ); + + check( memcmp( send_key, encryption_mapping[i].send_key, NETCODE_KEY_BYTES ) == 0 ); + check( memcmp( receive_key, encryption_mapping[i].receive_key, NETCODE_KEY_BYTES ) == 0 ); + } + + // check that encryption mappings time out properly + + time += TEST_TIMEOUT_SECONDS * 2; + + for ( i = 0; i < NUM_ENCRYPTION_MAPPINGS; ++i ) + { + int encryption_index = netcode_encryption_manager_find_encryption_mapping( &encryption_manager, &encryption_mapping[i].address, time ); + + uint8_t * send_key = netcode_encryption_manager_get_send_key( &encryption_manager, encryption_index ); + uint8_t * receive_key = netcode_encryption_manager_get_receive_key( &encryption_manager, encryption_index ); + + check( !send_key ); + check( !receive_key ); + } + + // add the same encryption mappings after timeout + + for ( i = 0; i < NUM_ENCRYPTION_MAPPINGS; ++i ) + { + int encryption_index = netcode_encryption_manager_find_encryption_mapping( &encryption_manager, &encryption_mapping[i].address, time ); + + check( encryption_index == -1 ); + + check( netcode_encryption_manager_get_send_key( &encryption_manager, encryption_index ) == NULL ); + check( netcode_encryption_manager_get_receive_key( &encryption_manager, encryption_index ) == NULL ); + + check( netcode_encryption_manager_add_encryption_mapping( &encryption_manager, + &encryption_mapping[i].address, + encryption_mapping[i].send_key, + encryption_mapping[i].receive_key, + time, + -1.0, + TEST_TIMEOUT_SECONDS ) ); + + encryption_index = netcode_encryption_manager_find_encryption_mapping( &encryption_manager, &encryption_mapping[i].address, time ); + + uint8_t * send_key = netcode_encryption_manager_get_send_key( &encryption_manager, encryption_index ); + uint8_t * receive_key = netcode_encryption_manager_get_receive_key( &encryption_manager, encryption_index ); + + check( send_key ); + check( receive_key ); + + check( memcmp( send_key, encryption_mapping[i].send_key, NETCODE_KEY_BYTES ) == 0 ); + check( memcmp( receive_key, encryption_mapping[i].receive_key, NETCODE_KEY_BYTES ) == 0 ); + } + + // reset the encryption mapping and verify that all encryption mappings have been removed + + netcode_encryption_manager_reset( &encryption_manager ); + + for ( i = 0; i < NUM_ENCRYPTION_MAPPINGS; ++i ) + { + int encryption_index = netcode_encryption_manager_find_encryption_mapping( &encryption_manager, &encryption_mapping[i].address, time ); + + uint8_t * send_key = netcode_encryption_manager_get_send_key( &encryption_manager, encryption_index ); + uint8_t * receive_key = netcode_encryption_manager_get_receive_key( &encryption_manager, encryption_index ); + + check( !send_key ); + check( !receive_key ); + } + + // test the expire time for encryption mapping works as expected + + check( netcode_encryption_manager_add_encryption_mapping( &encryption_manager, + &encryption_mapping[0].address, + encryption_mapping[0].send_key, + encryption_mapping[0].receive_key, + time, + time + 1.0, + TEST_TIMEOUT_SECONDS ) ); + + int encryption_index = netcode_encryption_manager_find_encryption_mapping( &encryption_manager, &encryption_mapping[0].address, time ); + + check( encryption_index != -1 ); + + check( netcode_encryption_manager_find_encryption_mapping( &encryption_manager, &encryption_mapping[0].address, time + 1.1f ) == -1 ); + + netcode_encryption_manager_set_expire_time( &encryption_manager, encryption_index, -1.0 ); + + check( netcode_encryption_manager_find_encryption_mapping( &encryption_manager, &encryption_mapping[0].address, time ) == encryption_index ); +} + +void test_replay_protection() +{ + struct netcode_replay_protection_t replay_protection; + + int i; + for ( i = 0; i < 2; ++i ) + { + netcode_replay_protection_reset( &replay_protection ); + + check( replay_protection.most_recent_sequence == 0 ); + + // the first time we receive packets, they should not be already received + + #define MAX_SEQUENCE ( NETCODE_REPLAY_PROTECTION_BUFFER_SIZE * 4 ) + + uint64_t sequence; + for ( sequence = 0; sequence < MAX_SEQUENCE; ++sequence ) + { + check( netcode_replay_protection_already_received( &replay_protection, sequence ) == 0 ); + netcode_replay_protection_advance_sequence( &replay_protection, sequence ); + } + + // old packets outside buffer should be considered already received + + check( netcode_replay_protection_already_received( &replay_protection, 0 ) == 1 ); + + // packets received a second time should be flagged already received + + for ( sequence = MAX_SEQUENCE - 10; sequence < MAX_SEQUENCE; ++sequence ) + { + check( netcode_replay_protection_already_received( &replay_protection, sequence ) == 1 ); + } + + // jumping ahead to a much higher sequence should be considered not already received + + check( netcode_replay_protection_already_received( &replay_protection, MAX_SEQUENCE + NETCODE_REPLAY_PROTECTION_BUFFER_SIZE ) == 0 ); + + // old packets should be considered already received + + for ( sequence = 0; sequence < MAX_SEQUENCE; ++sequence ) + { + check( netcode_replay_protection_already_received( &replay_protection, sequence ) == 1 ); + } + } +} + +void test_client_create() +{ + { + struct netcode_client_config_t client_config; + netcode_default_client_config( &client_config ); + + struct netcode_client_t * client = netcode_client_create( "127.0.0.1:40000", &client_config, 0.0 ); + + struct netcode_address_t test_address; + netcode_parse_address( "127.0.0.1:40000", &test_address ); + + check( client ); + check( client->socket_holder.ipv4.handle != 0 ); + check( client->socket_holder.ipv6.handle == 0 ); + check( netcode_address_equal( &client->address, &test_address ) ); + + netcode_client_destroy( client ); + } + + { + struct netcode_client_config_t client_config; + netcode_default_client_config( &client_config ); + + struct netcode_client_t * client = netcode_client_create( "[::]:50000", &client_config, 0.0 ); + + struct netcode_address_t test_address; + netcode_parse_address( "[::]:50000", &test_address ); + + check( client ); + check( client->socket_holder.ipv4.handle == 0 ); + check( client->socket_holder.ipv6.handle != 0 ); + check( netcode_address_equal( &client->address, &test_address ) ); + + netcode_client_destroy( client ); + } + + { + struct netcode_client_config_t client_config; + netcode_default_client_config( &client_config ); + + struct netcode_client_t * client = netcode_client_create_overload( "127.0.0.1:40000", "[::]:50000", &client_config, 0.0 ); + + struct netcode_address_t test_address; + netcode_parse_address( "127.0.0.1:40000", &test_address ); + + check( client ); + check( client->socket_holder.ipv4.handle != 0 ); + check( client->socket_holder.ipv6.handle != 0 ); + check( netcode_address_equal( &client->address, &test_address ) ); + + netcode_client_destroy( client ); + } + + { + struct netcode_client_config_t client_config; + netcode_default_client_config( &client_config ); + + struct netcode_client_t * client = netcode_client_create_overload( "[::]:50000", "127.0.0.1:40000", &client_config, 0.0 ); + + struct netcode_address_t test_address; + netcode_parse_address( "[::]:50000", &test_address ); + + check( client ); + check( client->socket_holder.ipv4.handle != 0 ); + check( client->socket_holder.ipv6.handle != 0 ); + check( netcode_address_equal( &client->address, &test_address ) ); + + netcode_client_destroy( client ); + } +} + +void test_server_create() +{ + { + struct netcode_server_config_t server_config; + netcode_default_server_config( &server_config ); + + struct netcode_server_t * server = netcode_server_create( "127.0.0.1:40000", &server_config, 0.0 ); + + struct netcode_address_t test_address; + netcode_parse_address( "127.0.0.1:40000", &test_address ); + + check( server ); + check( server->socket_holder.ipv4.handle != 0 ); + check( server->socket_holder.ipv6.handle == 0 ); + check( netcode_address_equal( &server->address, &test_address ) ); + + netcode_server_destroy( server ); + } + + { + struct netcode_server_config_t server_config; + netcode_default_server_config( &server_config ); + + struct netcode_server_t * server = netcode_server_create( "[::1]:50000", &server_config, 0.0 ); + + struct netcode_address_t test_address; + netcode_parse_address( "[::1]:50000", &test_address ); + + check( server ); + check( server->socket_holder.ipv4.handle == 0 ); + check( server->socket_holder.ipv6.handle != 0 ); + check( netcode_address_equal( &server->address, &test_address ) ); + + netcode_server_destroy( server ); + } + + { + struct netcode_server_config_t server_config; + netcode_default_server_config( &server_config ); + + struct netcode_server_t * server = netcode_server_create_overload( "127.0.0.1:40000", "[::1]:50000", &server_config, 0.0 ); + + struct netcode_address_t test_address; + netcode_parse_address( "127.0.0.1:40000", &test_address ); + + check( server ); + check( server->socket_holder.ipv4.handle != 0 ); + check( server->socket_holder.ipv6.handle != 0 ); + check( netcode_address_equal( &server->address, &test_address ) ); + + netcode_server_destroy( server ); + } + + { + struct netcode_server_config_t server_config; + netcode_default_server_config( &server_config ); + + struct netcode_server_t * server = netcode_server_create_overload( "[::1]:50000", "127.0.0.1:40000", &server_config, 0.0 ); + + struct netcode_address_t test_address; + netcode_parse_address( "[::1]:50000", &test_address ); + + check( server ); + check( server->socket_holder.ipv4.handle != 0 ); + check( server->socket_holder.ipv6.handle != 0 ); + check( netcode_address_equal( &server->address, &test_address ) ); + + netcode_server_destroy( server ); + } +} + +static uint8_t private_key[NETCODE_KEY_BYTES] = { 0x60, 0x6a, 0xbe, 0x6e, 0xc9, 0x19, 0x10, 0xea, + 0x9a, 0x65, 0x62, 0xf6, 0x6f, 0x2b, 0x30, 0xe4, + 0x43, 0x71, 0xd6, 0x2c, 0xd1, 0x99, 0x27, 0x26, + 0x6b, 0x3c, 0x60, 0xf4, 0xb7, 0x15, 0xab, 0xa1 }; + +void test_client_server_connect() +{ + struct netcode_network_simulator_t * network_simulator = netcode_network_simulator_create( NULL, NULL, NULL ); + + network_simulator->latency_milliseconds = 250; + network_simulator->jitter_milliseconds = 250; + network_simulator->packet_loss_percent = 5; + network_simulator->duplicate_packet_percent = 10; + + double time = 0.0; + double delta_time = 1.0 / 10.0; + + struct netcode_client_config_t client_config; + netcode_default_client_config( &client_config ); + client_config.network_simulator = network_simulator; + + struct netcode_client_t * client = netcode_client_create( "[::]:50000", &client_config, time ); + + check( client ); + + struct netcode_server_config_t server_config; + netcode_default_server_config( &server_config ); + server_config.protocol_id = TEST_PROTOCOL_ID; + server_config.network_simulator = network_simulator; + memcpy( &server_config.private_key, private_key, NETCODE_KEY_BYTES ); + + struct netcode_server_t * server = netcode_server_create( "[::1]:40000", &server_config, time ); + + check( server ); + + netcode_server_start( server, 1 ); + + NETCODE_CONST char * server_address = "[::1]:40000"; + + uint8_t connect_token[NETCODE_CONNECT_TOKEN_BYTES]; + + uint64_t client_id = 0; + netcode_random_bytes( (uint8_t*) &client_id, 8 ); + + uint8_t user_data[NETCODE_USER_DATA_BYTES]; + netcode_random_bytes(user_data, NETCODE_USER_DATA_BYTES); + + check( netcode_generate_connect_token( 1, &server_address, &server_address, TEST_CONNECT_TOKEN_EXPIRY, TEST_TIMEOUT_SECONDS, client_id, TEST_PROTOCOL_ID, private_key, user_data, connect_token ) ); + + netcode_client_connect( client, connect_token ); + + while ( 1 ) + { + netcode_network_simulator_update( network_simulator, time ); + + netcode_client_update( client, time ); + + netcode_server_update( server, time ); + + if ( netcode_client_state( client ) <= NETCODE_CLIENT_STATE_DISCONNECTED ) + break; + + if ( netcode_client_state( client ) == NETCODE_CLIENT_STATE_CONNECTED ) + break; + + time += delta_time; + } + + check( netcode_client_state( client ) == NETCODE_CLIENT_STATE_CONNECTED ); + check( netcode_client_index( client ) == 0 ); + check( netcode_server_client_connected( server, 0 ) == 1 ); + check( netcode_server_num_connected_clients( server ) == 1 ); + + int server_num_packets_received = 0; + int client_num_packets_received = 0; + + uint8_t packet_data[NETCODE_MAX_PACKET_SIZE]; + int i; + for ( i = 0; i < NETCODE_MAX_PACKET_SIZE; ++i ) + packet_data[i] = (uint8_t) i; + + while ( 1 ) + { + netcode_network_simulator_update( network_simulator, time ); + + netcode_client_update( client, time ); + + netcode_server_update( server, time ); + + netcode_client_send_packet( client, packet_data, NETCODE_MAX_PACKET_SIZE ); + + netcode_server_send_packet( server, 0, packet_data, NETCODE_MAX_PACKET_SIZE ); + + while ( 1 ) + { + int packet_bytes; + uint64_t packet_sequence; + uint8_t * packet = netcode_client_receive_packet( client, &packet_bytes, &packet_sequence ); + if ( !packet ) + break; + (void) packet_sequence; + netcode_assert( packet_bytes == NETCODE_MAX_PACKET_SIZE ); + netcode_assert( memcmp( packet, packet_data, NETCODE_MAX_PACKET_SIZE ) == 0 ); + client_num_packets_received++; + netcode_client_free_packet( client, packet ); + } + + while ( 1 ) + { + int packet_bytes; + uint64_t packet_sequence; + void * packet = netcode_server_receive_packet( server, 0, &packet_bytes, &packet_sequence ); + if ( !packet ) + break; + (void) packet_sequence; + netcode_assert( packet_bytes == NETCODE_MAX_PACKET_SIZE ); + netcode_assert( memcmp( packet, packet_data, NETCODE_MAX_PACKET_SIZE ) == 0 ); + server_num_packets_received++; + netcode_server_free_packet( server, packet ); + } + + if ( client_num_packets_received >= 10 && server_num_packets_received >= 10 ) + { + if ( netcode_server_client_connected( server, 0 ) ) + { + netcode_server_disconnect_client( server, 0 ); + } + } + + if ( netcode_client_state( client ) <= NETCODE_CLIENT_STATE_DISCONNECTED ) + break; + + time += delta_time; + } + + check( client_num_packets_received >= 10 && server_num_packets_received >= 10 ); + + netcode_server_destroy( server ); + + netcode_client_destroy( client ); + + netcode_network_simulator_destroy( network_simulator ); +} + +void test_client_server_ipv4_socket_connect() +{ + { + double time = 0.0; + double delta_time = 1.0 / 10.0; + + struct netcode_client_config_t client_config; + netcode_default_client_config( &client_config ); + + struct netcode_client_t * client = netcode_client_create( "0.0.0.0:50000", &client_config, time ); + + check( client ); + + struct netcode_server_config_t server_config; + netcode_default_server_config( &server_config ); + server_config.protocol_id = TEST_PROTOCOL_ID; + memcpy( &server_config.private_key, private_key, NETCODE_KEY_BYTES ); + + struct netcode_server_t * server = netcode_server_create( "127.0.0.1:40000", &server_config, time ); + + check( server ); + + netcode_server_start( server, 1 ); + + NETCODE_CONST char * server_address = "127.0.0.1:40000"; + + uint8_t connect_token[NETCODE_CONNECT_TOKEN_BYTES]; + + uint64_t client_id = 0; + netcode_random_bytes( (uint8_t*) &client_id, 8 ); + + uint8_t user_data[NETCODE_USER_DATA_BYTES]; + netcode_random_bytes(user_data, NETCODE_USER_DATA_BYTES); + + check( netcode_generate_connect_token( 1, &server_address, &server_address, TEST_CONNECT_TOKEN_EXPIRY, TEST_TIMEOUT_SECONDS, client_id, TEST_PROTOCOL_ID, private_key, user_data, connect_token ) ); + + netcode_client_connect( client, connect_token ); + + while ( 1 ) + { + netcode_client_update( client, time ); + + netcode_server_update( server, time ); + + if ( netcode_client_state( client ) <= NETCODE_CLIENT_STATE_DISCONNECTED ) + break; + + if ( netcode_client_state( client ) == NETCODE_CLIENT_STATE_CONNECTED ) + break; + + time += delta_time; + } + + netcode_server_destroy( server ); + + netcode_client_destroy( client ); + } + + { + double time = 0.0; + double delta_time = 1.0 / 10.0; + + struct netcode_client_config_t client_config; + netcode_default_client_config( &client_config ); + + struct netcode_client_t * client = netcode_client_create( "0.0.0.0:50000", &client_config, time ); + + check( client ); + + struct netcode_server_config_t server_config; + netcode_default_server_config( &server_config ); + server_config.protocol_id = TEST_PROTOCOL_ID; + memcpy( &server_config.private_key, private_key, NETCODE_KEY_BYTES ); + + struct netcode_server_t * server = netcode_server_create_overload( "127.0.0.1:40000", "[::1]:40000", &server_config, time ); + + check( server ); + + netcode_server_start( server, 1 ); + + NETCODE_CONST char * server_address = "127.0.0.1:40000"; + + uint8_t connect_token[NETCODE_CONNECT_TOKEN_BYTES]; + + uint64_t client_id = 0; + netcode_random_bytes( (uint8_t*) &client_id, 8 ); + + uint8_t user_data[NETCODE_USER_DATA_BYTES]; + netcode_random_bytes(user_data, NETCODE_USER_DATA_BYTES); + + check( netcode_generate_connect_token( 1, &server_address, &server_address, TEST_CONNECT_TOKEN_EXPIRY, TEST_TIMEOUT_SECONDS, client_id, TEST_PROTOCOL_ID, private_key, user_data, connect_token ) ); + + netcode_client_connect( client, connect_token ); + + while ( 1 ) + { + netcode_client_update( client, time ); + + netcode_server_update( server, time ); + + if ( netcode_client_state( client ) <= NETCODE_CLIENT_STATE_DISCONNECTED ) + break; + + if ( netcode_client_state( client ) == NETCODE_CLIENT_STATE_CONNECTED ) + break; + + time += delta_time; + } + + netcode_server_destroy( server ); + + netcode_client_destroy( client ); + } + + { + double time = 0.0; + double delta_time = 1.0 / 10.0; + + struct netcode_client_config_t client_config; + netcode_default_client_config( &client_config ); + + struct netcode_client_t * client = netcode_client_create_overload( "0.0.0.0:50000", "[::]:50000", &client_config, time ); + + check( client ); + + struct netcode_server_config_t server_config; + netcode_default_server_config( &server_config ); + server_config.protocol_id = TEST_PROTOCOL_ID; + memcpy( &server_config.private_key, private_key, NETCODE_KEY_BYTES ); + + struct netcode_server_t * server = netcode_server_create( "127.0.0.1:40000", &server_config, time ); + + check( server ); + + netcode_server_start( server, 1 ); + + NETCODE_CONST char * server_address = "127.0.0.1:40000"; + + uint8_t connect_token[NETCODE_CONNECT_TOKEN_BYTES]; + + uint64_t client_id = 0; + netcode_random_bytes( (uint8_t*) &client_id, 8 ); + + uint8_t user_data[NETCODE_USER_DATA_BYTES]; + netcode_random_bytes(user_data, NETCODE_USER_DATA_BYTES); + + check( netcode_generate_connect_token( 1, &server_address, &server_address, TEST_CONNECT_TOKEN_EXPIRY, TEST_TIMEOUT_SECONDS, client_id, TEST_PROTOCOL_ID, private_key, user_data, connect_token ) ); + + netcode_client_connect( client, connect_token ); + + while ( 1 ) + { + netcode_client_update( client, time ); + + netcode_server_update( server, time ); + + if ( netcode_client_state( client ) <= NETCODE_CLIENT_STATE_DISCONNECTED ) + break; + + if ( netcode_client_state( client ) == NETCODE_CLIENT_STATE_CONNECTED ) + break; + + time += delta_time; + } + + netcode_server_destroy( server ); + + netcode_client_destroy( client ); + } + + { + double time = 0.0; + double delta_time = 1.0 / 10.0; + + struct netcode_client_config_t client_config; + netcode_default_client_config( &client_config ); + + struct netcode_client_t * client = netcode_client_create_overload( "0.0.0.0:50000", "[::]:50000", &client_config, time ); + + check( client ); + + struct netcode_server_config_t server_config; + netcode_default_server_config( &server_config ); + server_config.protocol_id = TEST_PROTOCOL_ID; + memcpy( &server_config.private_key, private_key, NETCODE_KEY_BYTES ); + + struct netcode_server_t * server = netcode_server_create_overload( "127.0.0.1:40000", "[::1]:40000", &server_config, time ); + + check( server ); + + netcode_server_start( server, 1 ); + + NETCODE_CONST char * server_address = "127.0.0.1:40000"; + + uint8_t connect_token[NETCODE_CONNECT_TOKEN_BYTES]; + + uint64_t client_id = 0; + netcode_random_bytes( (uint8_t*) &client_id, 8 ); + + uint8_t user_data[NETCODE_USER_DATA_BYTES]; + netcode_random_bytes(user_data, NETCODE_USER_DATA_BYTES); + + check( netcode_generate_connect_token( 1, &server_address, &server_address, TEST_CONNECT_TOKEN_EXPIRY, TEST_TIMEOUT_SECONDS, client_id, TEST_PROTOCOL_ID, private_key, user_data, connect_token ) ); + + netcode_client_connect( client, connect_token ); + + while ( 1 ) + { + netcode_client_update( client, time ); + + netcode_server_update( server, time ); + + if ( netcode_client_state( client ) <= NETCODE_CLIENT_STATE_DISCONNECTED ) + break; + + if ( netcode_client_state( client ) == NETCODE_CLIENT_STATE_CONNECTED ) + break; + + time += delta_time; + } + + netcode_server_destroy( server ); + + netcode_client_destroy( client ); + } +} + +void test_client_server_ipv6_socket_connect() +{ + { + double time = 0.0; + double delta_time = 1.0 / 10.0; + + struct netcode_client_config_t client_config; + netcode_default_client_config( &client_config ); + + struct netcode_client_t * client = netcode_client_create( "[::]:50000", &client_config, time ); + + check( client ); + + struct netcode_server_config_t server_config; + netcode_default_server_config( &server_config ); + server_config.protocol_id = TEST_PROTOCOL_ID; + memcpy( &server_config.private_key, private_key, NETCODE_KEY_BYTES ); + + struct netcode_server_t * server = netcode_server_create( "[::1]:40000", &server_config, time ); + + check( server ); + + netcode_server_start( server, 1 ); + + NETCODE_CONST char * server_address = "[::1]:40000"; + + uint8_t connect_token[NETCODE_CONNECT_TOKEN_BYTES]; + + uint64_t client_id = 0; + netcode_random_bytes( (uint8_t*) &client_id, 8 ); + + uint8_t user_data[NETCODE_USER_DATA_BYTES]; + netcode_random_bytes(user_data, NETCODE_USER_DATA_BYTES); + + check( netcode_generate_connect_token( 1, &server_address, &server_address, TEST_CONNECT_TOKEN_EXPIRY, TEST_TIMEOUT_SECONDS, client_id, TEST_PROTOCOL_ID, private_key, user_data, connect_token ) ); + + netcode_client_connect( client, connect_token ); + + while ( 1 ) + { + netcode_client_update( client, time ); + + netcode_server_update( server, time ); + + if ( netcode_client_state( client ) <= NETCODE_CLIENT_STATE_DISCONNECTED ) + break; + + if ( netcode_client_state( client ) == NETCODE_CLIENT_STATE_CONNECTED ) + break; + + time += delta_time; + } + + netcode_server_destroy( server ); + + netcode_client_destroy( client ); + } + + { + double time = 0.0; + double delta_time = 1.0 / 10.0; + + struct netcode_client_config_t client_config; + netcode_default_client_config( &client_config ); + + struct netcode_client_t * client = netcode_client_create( "[::]:50000", &client_config, time ); + + check( client ); + + struct netcode_server_config_t server_config; + netcode_default_server_config( &server_config ); + server_config.protocol_id = TEST_PROTOCOL_ID; + memcpy( &server_config.private_key, private_key, NETCODE_KEY_BYTES ); + + struct netcode_server_t * server = netcode_server_create_overload( "127.0.0.1:40000", "[::1]:40000", &server_config, time ); + + check( server ); + + netcode_server_start( server, 1 ); + + NETCODE_CONST char * server_address = "[::1]:40000"; + + uint8_t connect_token[NETCODE_CONNECT_TOKEN_BYTES]; + + uint64_t client_id = 0; + netcode_random_bytes( (uint8_t*) &client_id, 8 ); + + uint8_t user_data[NETCODE_USER_DATA_BYTES]; + netcode_random_bytes(user_data, NETCODE_USER_DATA_BYTES); + + check( netcode_generate_connect_token( 1, &server_address, &server_address, TEST_CONNECT_TOKEN_EXPIRY, TEST_TIMEOUT_SECONDS, client_id, TEST_PROTOCOL_ID, private_key, user_data, connect_token ) ); + + netcode_client_connect( client, connect_token ); + + while ( 1 ) + { + netcode_client_update( client, time ); + + netcode_server_update( server, time ); + + if ( netcode_client_state( client ) <= NETCODE_CLIENT_STATE_DISCONNECTED ) + break; + + if ( netcode_client_state( client ) == NETCODE_CLIENT_STATE_CONNECTED ) + break; + + time += delta_time; + } + + netcode_server_destroy( server ); + + netcode_client_destroy( client ); + } + + { + double time = 0.0; + double delta_time = 1.0 / 10.0; + + struct netcode_client_config_t client_config; + netcode_default_client_config( &client_config ); + + struct netcode_client_t * client = netcode_client_create_overload( "0.0.0.0:50000", "[::]:50000", &client_config, time ); + + check( client ); + + struct netcode_server_config_t server_config; + netcode_default_server_config( &server_config ); + server_config.protocol_id = TEST_PROTOCOL_ID; + memcpy( &server_config.private_key, private_key, NETCODE_KEY_BYTES ); + + struct netcode_server_t * server = netcode_server_create( "[::1]:40000", &server_config, time ); + + check( server ); + + netcode_server_start( server, 1 ); + + NETCODE_CONST char * server_address = "[::1]:40000"; + + uint8_t connect_token[NETCODE_CONNECT_TOKEN_BYTES]; + + uint64_t client_id = 0; + netcode_random_bytes( (uint8_t*) &client_id, 8 ); + + uint8_t user_data[NETCODE_USER_DATA_BYTES]; + netcode_random_bytes(user_data, NETCODE_USER_DATA_BYTES); + + check( netcode_generate_connect_token( 1, &server_address, &server_address, TEST_CONNECT_TOKEN_EXPIRY, TEST_TIMEOUT_SECONDS, client_id, TEST_PROTOCOL_ID, private_key, user_data, connect_token ) ); + + netcode_client_connect( client, connect_token ); + + while ( 1 ) + { + netcode_client_update( client, time ); + + netcode_server_update( server, time ); + + if ( netcode_client_state( client ) <= NETCODE_CLIENT_STATE_DISCONNECTED ) + break; + + if ( netcode_client_state( client ) == NETCODE_CLIENT_STATE_CONNECTED ) + break; + + time += delta_time; + } + + netcode_server_destroy( server ); + + netcode_client_destroy( client ); + } + + { + double time = 0.0; + double delta_time = 1.0 / 10.0; + + struct netcode_client_config_t client_config; + netcode_default_client_config( &client_config ); + + struct netcode_client_t * client = netcode_client_create_overload( "0.0.0.0:50000", "[::]:50000", &client_config, time ); + + check( client ); + + struct netcode_server_config_t server_config; + netcode_default_server_config( &server_config ); + server_config.protocol_id = TEST_PROTOCOL_ID; + memcpy( &server_config.private_key, private_key, NETCODE_KEY_BYTES ); + + struct netcode_server_t * server = netcode_server_create_overload( "127.0.0.1:40000", "[::1]:40000", &server_config, time ); + + check( server ); + + netcode_server_start( server, 1 ); + + NETCODE_CONST char * server_address = "[::1]:40000"; + + uint8_t connect_token[NETCODE_CONNECT_TOKEN_BYTES]; + + uint64_t client_id = 0; + netcode_random_bytes( (uint8_t*) &client_id, 8 ); + + uint8_t user_data[NETCODE_USER_DATA_BYTES]; + netcode_random_bytes(user_data, NETCODE_USER_DATA_BYTES); + + check( netcode_generate_connect_token( 1, &server_address, &server_address, TEST_CONNECT_TOKEN_EXPIRY, TEST_TIMEOUT_SECONDS, client_id, TEST_PROTOCOL_ID, private_key, user_data, connect_token ) ); + + netcode_client_connect( client, connect_token ); + + while ( 1 ) + { + netcode_client_update( client, time ); + + netcode_server_update( server, time ); + + if ( netcode_client_state( client ) <= NETCODE_CLIENT_STATE_DISCONNECTED ) + break; + + if ( netcode_client_state( client ) == NETCODE_CLIENT_STATE_CONNECTED ) + break; + + time += delta_time; + } + + netcode_server_destroy( server ); + + netcode_client_destroy( client ); + } +} + +void test_client_server_keep_alive() +{ + struct netcode_network_simulator_t * network_simulator = netcode_network_simulator_create( NULL, NULL, NULL ); + + network_simulator->latency_milliseconds = 250; + network_simulator->jitter_milliseconds = 250; + network_simulator->packet_loss_percent = 5; + network_simulator->duplicate_packet_percent = 10; + + double time = 0.0; + double delta_time = 1.0 / 10.0; + + // connect client to server + + struct netcode_client_config_t client_config; + netcode_default_client_config( &client_config ); + client_config.network_simulator = network_simulator; + + struct netcode_client_t * client = netcode_client_create( "[::]:50000", &client_config, time ); + + check( client ); + + struct netcode_server_config_t server_config; + netcode_default_server_config( &server_config ); + server_config.protocol_id = TEST_PROTOCOL_ID; + server_config.network_simulator = network_simulator; + memcpy( &server_config.private_key, private_key, NETCODE_KEY_BYTES ); + + struct netcode_server_t * server = netcode_server_create( "[::1]:40000", &server_config, time ); + + check( server ); + + netcode_server_start( server, 1 ); + + NETCODE_CONST char * server_address = "[::1]:40000"; + + uint8_t connect_token[NETCODE_CONNECT_TOKEN_BYTES]; + + uint64_t client_id = 0; + netcode_random_bytes( (uint8_t*) &client_id, 8 ); + + uint8_t user_data[NETCODE_USER_DATA_BYTES]; + netcode_random_bytes(user_data, NETCODE_USER_DATA_BYTES); + + check( netcode_generate_connect_token( 1, &server_address, &server_address, TEST_CONNECT_TOKEN_EXPIRY, TEST_TIMEOUT_SECONDS, client_id, TEST_PROTOCOL_ID, private_key, user_data, connect_token ) ); + + netcode_client_connect( client, connect_token ); + + while ( 1 ) + { + netcode_network_simulator_update( network_simulator, time ); + + netcode_client_update( client, time ); + + netcode_server_update( server, time ); + + if ( netcode_client_state( client ) <= NETCODE_CLIENT_STATE_DISCONNECTED ) + break; + + if ( netcode_client_state( client ) == NETCODE_CLIENT_STATE_CONNECTED ) + break; + + time += delta_time; + } + + check( netcode_client_state( client ) == NETCODE_CLIENT_STATE_CONNECTED ); + check( netcode_client_index( client ) == 0 ); + check( netcode_server_client_connected( server, 0 ) == 1 ); + check( netcode_server_num_connected_clients( server ) == 1 ); + + // pump the client and server long enough that they would timeout without keep alive packets + + int num_iterations = (int) ( 1.25f * TEST_TIMEOUT_SECONDS / delta_time ) + 1; + + int i; + for ( i = 0; i < num_iterations; ++i ) + { + netcode_network_simulator_update( network_simulator, time ); + + netcode_client_update( client, time ); + + netcode_server_update( server, time ); + + if ( netcode_client_state( client ) <= NETCODE_CLIENT_STATE_DISCONNECTED ) + break; + + time += delta_time; + } + + check( netcode_client_state( client ) == NETCODE_CLIENT_STATE_CONNECTED ); + check( netcode_client_index( client ) == 0 ); + check( netcode_server_client_connected( server, 0 ) == 1 ); + check( netcode_server_num_connected_clients( server ) == 1 ); + + netcode_server_destroy( server ); + + netcode_client_destroy( client ); + + netcode_network_simulator_destroy( network_simulator ); +} + +void test_client_server_multiple_clients() +{ + #define NUM_START_STOP_ITERATIONS 3 + + int max_clients[NUM_START_STOP_ITERATIONS] = { 2, 32, 5 }; + + struct netcode_network_simulator_t * network_simulator = netcode_network_simulator_create( NULL, NULL, NULL ); + + network_simulator->latency_milliseconds = 250; + network_simulator->jitter_milliseconds = 250; + network_simulator->packet_loss_percent = 5; + network_simulator->duplicate_packet_percent = 10; + + double time = 0.0; + double delta_time = 1.0 / 10.0; + + struct netcode_server_config_t server_config; + netcode_default_server_config( &server_config ); + server_config.protocol_id = TEST_PROTOCOL_ID; + server_config.network_simulator = network_simulator; + memcpy( &server_config.private_key, private_key, NETCODE_KEY_BYTES ); + + struct netcode_server_t * server = netcode_server_create( "[::1]:40000", &server_config, time ); + + check( server ); + + int i; + for ( i = 0; i < NUM_START_STOP_ITERATIONS; ++i ) + { + // start the server with max # of clients for this iteration + + netcode_server_start( server, max_clients[i] ); + + // create # of client objects for this iteration and connect to server + + struct netcode_client_t ** client = (struct netcode_client_t **) malloc( sizeof( struct netcode_client_t* ) * max_clients[i] ); + + check( client ); + + int j; + for ( j = 0; j < max_clients[i]; ++j ) + { + char client_address[NETCODE_MAX_ADDRESS_STRING_LENGTH]; + snprintf( client_address, sizeof(client_address), "[::]:%d", 50000 + j ); + + struct netcode_client_config_t client_config; + netcode_default_client_config( &client_config ); + client_config.network_simulator = network_simulator; + + client[j] = netcode_client_create( client_address, &client_config, time ); + + check( client[j] ); + + uint64_t client_id = j; + netcode_random_bytes( (uint8_t*) &client_id, 8 ); + + NETCODE_CONST char * server_address = "[::1]:40000"; + + uint8_t connect_token[NETCODE_CONNECT_TOKEN_BYTES]; + + uint8_t user_data[NETCODE_USER_DATA_BYTES]; + netcode_random_bytes(user_data, NETCODE_USER_DATA_BYTES); + + check( netcode_generate_connect_token( 1, + &server_address, + &server_address, + TEST_CONNECT_TOKEN_EXPIRY, + TEST_TIMEOUT_SECONDS, + client_id, + TEST_PROTOCOL_ID, + private_key, + user_data, + connect_token ) ); + + netcode_client_connect( client[j], connect_token ); + } + + // make sure all clients can connect + + while ( 1 ) + { + netcode_network_simulator_update( network_simulator, time ); + + for ( j = 0; j < max_clients[i]; ++j ) + { + netcode_client_update( client[j], time ); + } + + netcode_server_update( server, time ); + + int num_connected_clients = 0; + + for ( j = 0; j < max_clients[i]; ++j ) + { + if ( netcode_client_state( client[j] ) <= NETCODE_CLIENT_STATE_DISCONNECTED ) + break; + + if ( netcode_client_state( client[j] ) == NETCODE_CLIENT_STATE_CONNECTED ) + num_connected_clients++; + } + + if ( num_connected_clients == max_clients[i] ) + break; + + time += delta_time; + } + + check( netcode_server_num_connected_clients( server ) == max_clients[i] ); + + for ( j = 0; j < max_clients[i]; ++j ) + { + check( netcode_client_state( client[j] ) == NETCODE_CLIENT_STATE_CONNECTED ); + check( netcode_server_client_connected( server, j ) == 1 ); + } + + // make sure all clients can exchange packets with the server + + int * server_num_packets_received = (int*) malloc( sizeof(int) * max_clients[i] ); + int * client_num_packets_received = (int*) malloc( sizeof(int) * max_clients[i] ); + + memset( server_num_packets_received, 0, sizeof(int) * max_clients[i] ); + memset( client_num_packets_received, 0, sizeof(int) * max_clients[i] ); + + uint8_t packet_data[NETCODE_MAX_PACKET_SIZE]; + for ( j = 0; j < NETCODE_MAX_PACKET_SIZE; ++j ) + packet_data[j] = (uint8_t) j; + + while ( 1 ) + { + netcode_network_simulator_update( network_simulator, time ); + + for ( j = 0; j < max_clients[i]; ++j ) + { + netcode_client_update( client[j], time ); + } + + netcode_server_update( server, time ); + + for ( j = 0; j < max_clients[i]; ++j ) + { + netcode_client_send_packet( client[j], packet_data, NETCODE_MAX_PACKET_SIZE ); + } + + for ( j = 0; j < max_clients[i]; ++j ) + { + netcode_server_send_packet( server, j, packet_data, NETCODE_MAX_PACKET_SIZE ); + } + + for ( j = 0; j < max_clients[i]; ++j ) + { + while ( 1 ) + { + int packet_bytes; + uint64_t packet_sequence; + uint8_t * packet = netcode_client_receive_packet( client[j], &packet_bytes, &packet_sequence ); + if ( !packet ) + break; + (void) packet_sequence; + netcode_assert( packet_bytes == NETCODE_MAX_PACKET_SIZE ); + netcode_assert( memcmp( packet, packet_data, NETCODE_MAX_PACKET_SIZE ) == 0 ); + client_num_packets_received[j]++; + netcode_client_free_packet( client[j], packet ); + } + } + + for ( j = 0; j < max_clients[i]; ++j ) + { + while ( 1 ) + { + int packet_bytes; + uint64_t packet_sequence; + void * packet = netcode_server_receive_packet( server, j, &packet_bytes, &packet_sequence ); + if ( !packet ) + break; + (void) packet_sequence; + netcode_assert( packet_bytes == NETCODE_MAX_PACKET_SIZE ); + netcode_assert( memcmp( packet, packet_data, NETCODE_MAX_PACKET_SIZE ) == 0 ); + server_num_packets_received[j]++; + netcode_server_free_packet( server, packet ); + } + } + + int num_clients_ready = 0; + + for ( j = 0; j < max_clients[i]; ++j ) + { + if ( client_num_packets_received[j] >= 1 && server_num_packets_received[j] >= 1 ) + { + num_clients_ready++; + } + } + + if ( num_clients_ready == max_clients[i] ) + break; + + for ( j = 0; j < max_clients[i]; ++j ) + { + if ( netcode_client_state( client[j] ) <= NETCODE_CLIENT_STATE_DISCONNECTED ) + break; + } + + time += delta_time; + } + + int num_clients_ready = 0; + + for ( j = 0; j < max_clients[i]; ++j ) + { + if ( client_num_packets_received[j] >= 1 && server_num_packets_received[j] >= 1 ) + { + num_clients_ready++; + } + } + + check( num_clients_ready == max_clients[i] ); + + free( server_num_packets_received ); + free( client_num_packets_received ); + + netcode_network_simulator_reset( network_simulator ); + + for ( j = 0; j < max_clients[i]; ++j ) + { + netcode_client_destroy( client[j] ); + } + + free( client ); + + netcode_server_stop( server ); + } + + netcode_server_destroy( server ); + + netcode_network_simulator_destroy( network_simulator ); +} + +void test_client_server_multiple_servers() +{ + struct netcode_network_simulator_t * network_simulator = netcode_network_simulator_create( NULL, NULL, NULL ); + + network_simulator->latency_milliseconds = 250; + network_simulator->jitter_milliseconds = 250; + network_simulator->packet_loss_percent = 5; + network_simulator->duplicate_packet_percent = 10; + + double time = 0.0; + double delta_time = 1.0 / 10.0; + + struct netcode_client_config_t client_config; + netcode_default_client_config( &client_config ); + client_config.network_simulator = network_simulator; + + struct netcode_client_t * client = netcode_client_create( "[::]:50000", &client_config, time ); + + check( client ); + + struct netcode_server_config_t server_config; + netcode_default_server_config( &server_config ); + server_config.protocol_id = TEST_PROTOCOL_ID; + server_config.network_simulator = network_simulator; + memcpy( &server_config.private_key, private_key, NETCODE_KEY_BYTES ); + + struct netcode_server_t * server = netcode_server_create( "[::1]:40000", &server_config, time ); + + check( server ); + + netcode_server_start( server, 1 ); + + NETCODE_CONST char * server_address[] = { "10.10.10.10:1000", "100.100.100.100:50000", "[::1]:40000" }; + + uint8_t connect_token[NETCODE_CONNECT_TOKEN_BYTES]; + + uint64_t client_id = 0; + netcode_random_bytes( (uint8_t*) &client_id, 8 ); + + uint8_t user_data[NETCODE_USER_DATA_BYTES]; + netcode_random_bytes(user_data, NETCODE_USER_DATA_BYTES); + + check( netcode_generate_connect_token( 3, server_address, server_address, TEST_CONNECT_TOKEN_EXPIRY, TEST_TIMEOUT_SECONDS, client_id, TEST_PROTOCOL_ID, private_key, user_data, connect_token ) ); + + netcode_client_connect( client, connect_token ); + + while ( 1 ) + { + netcode_network_simulator_update( network_simulator, time ); + + netcode_client_update( client, time ); + + netcode_server_update( server, time ); + + if ( netcode_client_state( client ) <= NETCODE_CLIENT_STATE_DISCONNECTED ) + break; + + if ( netcode_client_state( client ) == NETCODE_CLIENT_STATE_CONNECTED ) + break; + + time += delta_time; + } + + check( netcode_client_state( client ) == NETCODE_CLIENT_STATE_CONNECTED ); + check( netcode_client_index( client ) == 0 ); + check( netcode_server_client_connected( server, 0 ) == 1 ); + check( netcode_server_num_connected_clients( server ) == 1 ); + + int server_num_packets_received = 0; + int client_num_packets_received = 0; + + uint8_t packet_data[NETCODE_MAX_PACKET_SIZE]; + int i; + for ( i = 0; i < NETCODE_MAX_PACKET_SIZE; ++i ) + packet_data[i] = (uint8_t) i; + + while ( 1 ) + { + netcode_network_simulator_update( network_simulator, time ); + + netcode_client_update( client, time ); + + netcode_server_update( server, time ); + + netcode_client_send_packet( client, packet_data, NETCODE_MAX_PACKET_SIZE ); + + netcode_server_send_packet( server, 0, packet_data, NETCODE_MAX_PACKET_SIZE ); + + while ( 1 ) + { + int packet_bytes; + uint64_t packet_sequence; + uint8_t * packet = netcode_client_receive_packet( client, &packet_bytes, &packet_sequence ); + if ( !packet ) + break; + (void) packet_sequence; + netcode_assert( packet_bytes == NETCODE_MAX_PACKET_SIZE ); + netcode_assert( memcmp( packet, packet_data, NETCODE_MAX_PACKET_SIZE ) == 0 ); + client_num_packets_received++; + netcode_client_free_packet( client, packet ); + } + + while ( 1 ) + { + int packet_bytes; + uint64_t packet_sequence; + void * packet = netcode_server_receive_packet( server, 0, &packet_bytes, &packet_sequence ); + if ( !packet ) + break; + netcode_assert( packet_bytes == NETCODE_MAX_PACKET_SIZE ); + netcode_assert( memcmp( packet, packet_data, NETCODE_MAX_PACKET_SIZE ) == 0 ); + server_num_packets_received++; + netcode_server_free_packet( server, packet ); + } + + if ( client_num_packets_received >= 10 && server_num_packets_received >= 10 ) + { + if ( netcode_server_client_connected( server, 0 ) ) + { + netcode_server_disconnect_client( server, 0 ); + } + } + + if ( netcode_client_state( client ) <= NETCODE_CLIENT_STATE_DISCONNECTED ) + break; + + time += delta_time; + } + + check( client_num_packets_received >= 10 && server_num_packets_received >= 10 ); + + netcode_server_destroy( server ); + + netcode_client_destroy( client ); + + netcode_network_simulator_destroy( network_simulator ); +} + +void test_client_error_connect_token_expired() +{ + struct netcode_network_simulator_t * network_simulator = netcode_network_simulator_create( NULL, NULL, NULL ); + + network_simulator->latency_milliseconds = 250; + network_simulator->jitter_milliseconds = 250; + network_simulator->packet_loss_percent = 5; + network_simulator->duplicate_packet_percent = 10; + + double time = 0.0; + + struct netcode_client_config_t client_config; + netcode_default_client_config( &client_config ); + client_config.network_simulator = network_simulator; + + struct netcode_client_t * client = netcode_client_create( "[::]:50000", &client_config, time ); + + check( client ); + + NETCODE_CONST char * server_address = "[::1]:40000"; + + uint8_t connect_token[NETCODE_CONNECT_TOKEN_BYTES]; + + uint64_t client_id = 0; + netcode_random_bytes( (uint8_t*) &client_id, 8 ); + + uint8_t user_data[NETCODE_USER_DATA_BYTES]; + netcode_random_bytes(user_data, NETCODE_USER_DATA_BYTES); + + check( netcode_generate_connect_token( 1, &server_address, &server_address, 0, TEST_TIMEOUT_SECONDS, client_id, TEST_PROTOCOL_ID, private_key, user_data, connect_token ) ); + + netcode_client_connect( client, connect_token ); + + netcode_client_update( client, time ); + + check( netcode_client_state( client ) == NETCODE_CLIENT_STATE_CONNECT_TOKEN_EXPIRED ); + + netcode_client_destroy( client ); + + netcode_network_simulator_destroy( network_simulator ); +} + +void test_client_error_invalid_connect_token() +{ + struct netcode_network_simulator_t * network_simulator = netcode_network_simulator_create( NULL, NULL, NULL ); + + network_simulator->latency_milliseconds = 250; + network_simulator->jitter_milliseconds = 250; + network_simulator->packet_loss_percent = 5; + network_simulator->duplicate_packet_percent = 10; + + double time = 0.0; + + struct netcode_client_config_t client_config; + netcode_default_client_config( &client_config ); + client_config.network_simulator = network_simulator; + + struct netcode_client_t * client = netcode_client_create( "[::]:50000", &client_config, time ); + + check( client ); + + uint8_t connect_token[NETCODE_CONNECT_TOKEN_BYTES]; + netcode_random_bytes( connect_token, NETCODE_CONNECT_TOKEN_BYTES ); + + uint64_t client_id = 0; + netcode_random_bytes( (uint8_t*) &client_id, 8 ); + + netcode_client_connect( client, connect_token ); + + check( netcode_client_state( client ) == NETCODE_CLIENT_STATE_INVALID_CONNECT_TOKEN ); + + netcode_client_destroy( client ); + + netcode_network_simulator_destroy( network_simulator ); +} + +void test_client_error_connection_timed_out() +{ + struct netcode_network_simulator_t * network_simulator = netcode_network_simulator_create( NULL, NULL, NULL ); + + network_simulator->latency_milliseconds = 250; + network_simulator->jitter_milliseconds = 250; + network_simulator->packet_loss_percent = 5; + network_simulator->duplicate_packet_percent = 10; + + double time = 0.0; + double delta_time = 1.0 / 10.0; + + // connect a client to the server + + struct netcode_client_config_t client_config; + netcode_default_client_config( &client_config ); + client_config.network_simulator = network_simulator; + + struct netcode_client_t * client = netcode_client_create( "[::]:50000", &client_config, time ); + + check( client ); + + struct netcode_server_config_t server_config; + netcode_default_server_config( &server_config ); + server_config.protocol_id = TEST_PROTOCOL_ID; + server_config.network_simulator = network_simulator; + memcpy( &server_config.private_key, private_key, NETCODE_KEY_BYTES ); + + struct netcode_server_t * server = netcode_server_create( "[::1]:40000", &server_config, time ); + + check( server ); + + netcode_server_start( server, 1 ); + + NETCODE_CONST char * server_address = "[::1]:40000"; + + uint8_t connect_token[NETCODE_CONNECT_TOKEN_BYTES]; + + uint64_t client_id = 0; + netcode_random_bytes( (uint8_t*) &client_id, 8 ); + + uint8_t user_data[NETCODE_USER_DATA_BYTES]; + netcode_random_bytes(user_data, NETCODE_USER_DATA_BYTES); + + check( netcode_generate_connect_token( 1, &server_address, &server_address, TEST_CONNECT_TOKEN_EXPIRY, TEST_TIMEOUT_SECONDS, client_id, TEST_PROTOCOL_ID, private_key, user_data, connect_token ) ); + + netcode_client_connect( client, connect_token ); + + while ( 1 ) + { + netcode_network_simulator_update( network_simulator, time ); + + netcode_client_update( client, time ); + + netcode_server_update( server, time ); + + if ( netcode_client_state( client ) <= NETCODE_CLIENT_STATE_DISCONNECTED ) + break; + + if ( netcode_client_state( client ) == NETCODE_CLIENT_STATE_CONNECTED ) + break; + + time += delta_time; + } + + check( netcode_client_state( client ) == NETCODE_CLIENT_STATE_CONNECTED ); + check( netcode_client_index( client ) == 0 ); + check( netcode_server_client_connected( server, 0 ) == 1 ); + check( netcode_server_num_connected_clients( server ) == 1 ); + + // now disable updating the server and verify that the client times out + + while ( 1 ) + { + netcode_network_simulator_update( network_simulator, time ); + + netcode_client_update( client, time ); + + if ( netcode_client_state( client ) <= NETCODE_CLIENT_STATE_DISCONNECTED ) + break; + + time += delta_time; + } + + check( netcode_client_state( client ) == NETCODE_CLIENT_STATE_CONNECTION_TIMED_OUT ); + + netcode_server_destroy( server ); + + netcode_client_destroy( client ); + + netcode_network_simulator_destroy( network_simulator ); +} + +void test_client_error_connection_response_timeout() +{ + struct netcode_network_simulator_t * network_simulator = netcode_network_simulator_create( NULL, NULL, NULL ); + + network_simulator->latency_milliseconds = 250; + network_simulator->jitter_milliseconds = 250; + network_simulator->packet_loss_percent = 5; + network_simulator->duplicate_packet_percent = 10; + + double time = 0.0; + double delta_time = 1.0 / 10.0; + + struct netcode_client_config_t client_config; + netcode_default_client_config( &client_config ); + client_config.network_simulator = network_simulator; + + struct netcode_client_t * client = netcode_client_create( "[::]:50000", &client_config, time ); + + check( client ); + + struct netcode_server_config_t server_config; + netcode_default_server_config( &server_config ); + server_config.protocol_id = TEST_PROTOCOL_ID; + server_config.network_simulator = network_simulator; + memcpy( &server_config.private_key, private_key, NETCODE_KEY_BYTES ); + + struct netcode_server_t * server = netcode_server_create( "[::1]:40000", &server_config, time ); + + check( server ); + + server->flags = NETCODE_SERVER_FLAG_IGNORE_CONNECTION_RESPONSE_PACKETS; + + netcode_server_start( server, 1 ); + + NETCODE_CONST char * server_address = "[::1]:40000"; + + uint8_t connect_token[NETCODE_CONNECT_TOKEN_BYTES]; + + uint64_t client_id = 0; + netcode_random_bytes( (uint8_t*) &client_id, 8 ); + + uint8_t user_data[NETCODE_USER_DATA_BYTES]; + netcode_random_bytes(user_data, NETCODE_USER_DATA_BYTES); + + check( netcode_generate_connect_token( 1, &server_address, &server_address, TEST_CONNECT_TOKEN_EXPIRY, TEST_TIMEOUT_SECONDS, client_id, TEST_PROTOCOL_ID, private_key, user_data, connect_token ) ); + + netcode_client_connect( client, connect_token ); + + while ( 1 ) + { + netcode_network_simulator_update( network_simulator, time ); + + netcode_client_update( client, time ); + + netcode_server_update( server, time ); + + if ( netcode_client_state( client ) <= NETCODE_CLIENT_STATE_DISCONNECTED ) + break; + + if ( netcode_client_state( client ) == NETCODE_CLIENT_STATE_CONNECTED ) + break; + + time += delta_time; + } + + check( netcode_client_state( client ) == NETCODE_CLIENT_STATE_CONNECTION_RESPONSE_TIMED_OUT ); + + netcode_server_destroy( server ); + + netcode_client_destroy( client ); + + netcode_network_simulator_destroy( network_simulator ); +} + +void test_client_error_connection_request_timeout() +{ + struct netcode_network_simulator_t * network_simulator = netcode_network_simulator_create( NULL, NULL, NULL ); + + network_simulator->latency_milliseconds = 250; + network_simulator->jitter_milliseconds = 250; + network_simulator->packet_loss_percent = 5; + network_simulator->duplicate_packet_percent = 10; + + double time = 0.0; + double delta_time = 1.0 / 60.0; + + struct netcode_client_config_t client_config; + netcode_default_client_config( &client_config ); + client_config.network_simulator = network_simulator; + + struct netcode_client_t * client = netcode_client_create( "[::]:50000", &client_config, time ); + + check( client ); + + struct netcode_server_config_t server_config; + netcode_default_server_config( &server_config ); + server_config.protocol_id = TEST_PROTOCOL_ID; + server_config.network_simulator = network_simulator; + memcpy( &server_config.private_key, private_key, NETCODE_KEY_BYTES ); + + struct netcode_server_t * server = netcode_server_create( "[::1]:40000", &server_config, time ); + + check( server ); + + server->flags = NETCODE_SERVER_FLAG_IGNORE_CONNECTION_REQUEST_PACKETS; + + netcode_server_start( server, 1 ); + + NETCODE_CONST char * server_address = "[::1]:40000"; + + uint8_t connect_token[NETCODE_CONNECT_TOKEN_BYTES]; + + uint64_t client_id = 0; + netcode_random_bytes( (uint8_t*) &client_id, 8 ); + + uint8_t user_data[NETCODE_USER_DATA_BYTES]; + netcode_random_bytes(user_data, NETCODE_USER_DATA_BYTES); + + check( netcode_generate_connect_token( 1, &server_address, &server_address, TEST_CONNECT_TOKEN_EXPIRY, TEST_TIMEOUT_SECONDS, client_id, TEST_PROTOCOL_ID, private_key, user_data, connect_token ) ); + + netcode_client_connect( client, connect_token ); + + while ( 1 ) + { + netcode_network_simulator_update( network_simulator, time ); + + netcode_client_update( client, time ); + + netcode_server_update( server, time ); + + if ( netcode_client_state( client ) <= NETCODE_CLIENT_STATE_DISCONNECTED ) + break; + + if ( netcode_client_state( client ) == NETCODE_CLIENT_STATE_CONNECTED ) + break; + + time += delta_time; + } + + check( netcode_client_state( client ) == NETCODE_CLIENT_STATE_CONNECTION_REQUEST_TIMED_OUT ); + + netcode_server_destroy( server ); + + netcode_client_destroy( client ); + + netcode_network_simulator_destroy( network_simulator ); +} + +void test_client_error_connection_denied() +{ + struct netcode_network_simulator_t * network_simulator = netcode_network_simulator_create( NULL, NULL, NULL ); + + network_simulator->latency_milliseconds = 250; + network_simulator->jitter_milliseconds = 250; + network_simulator->packet_loss_percent = 5; + network_simulator->duplicate_packet_percent = 10; + + // start a server and connect one client + + double time = 0.0; + double delta_time = 1.0 / 10.0; + + struct netcode_client_config_t client_config; + netcode_default_client_config( &client_config ); + client_config.network_simulator = network_simulator; + + struct netcode_client_t * client = netcode_client_create( "[::]:50000", &client_config, time ); + + check( client ); + + struct netcode_server_config_t server_config; + netcode_default_server_config( &server_config ); + server_config.protocol_id = TEST_PROTOCOL_ID; + server_config.network_simulator = network_simulator; + memcpy( &server_config.private_key, private_key, NETCODE_KEY_BYTES ); + + struct netcode_server_t * server = netcode_server_create( "[::1]:40000", &server_config, time ); + + check( server ); + + netcode_server_start( server, 1 ); + + NETCODE_CONST char * server_address = "[::1]:40000"; + + uint8_t connect_token[NETCODE_CONNECT_TOKEN_BYTES]; + + uint64_t client_id = 0; + netcode_random_bytes( (uint8_t*) &client_id, 8 ); + + uint8_t user_data[NETCODE_USER_DATA_BYTES]; + netcode_random_bytes(user_data, NETCODE_USER_DATA_BYTES); + + check( netcode_generate_connect_token( 1, &server_address, &server_address, TEST_CONNECT_TOKEN_EXPIRY, TEST_TIMEOUT_SECONDS, client_id, TEST_PROTOCOL_ID, private_key, user_data, connect_token ) ); + + netcode_client_connect( client, connect_token ); + + while ( 1 ) + { + netcode_network_simulator_update( network_simulator, time ); + + netcode_client_update( client, time ); + + netcode_server_update( server, time ); + + if ( netcode_client_state( client ) <= NETCODE_CLIENT_STATE_DISCONNECTED ) + break; + + if ( netcode_client_state( client ) == NETCODE_CLIENT_STATE_CONNECTED ) + break; + + time += delta_time; + } + + check( netcode_client_state( client ) == NETCODE_CLIENT_STATE_CONNECTED ); + check( netcode_client_index( client ) == 0 ); + check( netcode_server_client_connected( server, 0 ) == 1 ); + check( netcode_server_num_connected_clients( server ) == 1 ); + + // now attempt to connect a second client. the connection should be denied. + + struct netcode_client_t * client2 = netcode_client_create( "[::]:50001", &client_config, time ); + + check( client2 ); + + uint8_t connect_token2[NETCODE_CONNECT_TOKEN_BYTES]; + + uint64_t client_id2 = 0; + netcode_random_bytes( (uint8_t*) &client_id2, 8 ); + + uint8_t user_data2[NETCODE_USER_DATA_BYTES]; + netcode_random_bytes(user_data2, NETCODE_USER_DATA_BYTES); + + check( netcode_generate_connect_token( 1, &server_address, &server_address, TEST_CONNECT_TOKEN_EXPIRY, TEST_TIMEOUT_SECONDS, client_id2, TEST_PROTOCOL_ID, private_key, user_data2, connect_token2 ) ); + + netcode_client_connect( client2, connect_token2 ); + + while ( 1 ) + { + netcode_network_simulator_update( network_simulator, time ); + + netcode_client_update( client, time ); + + netcode_client_update( client2, time ); + + netcode_server_update( server, time ); + + if ( netcode_client_state( client ) <= NETCODE_CLIENT_STATE_DISCONNECTED ) + break; + + if ( netcode_client_state( client2 ) <= NETCODE_CLIENT_STATE_DISCONNECTED ) + break; + + time += delta_time; + } + + check( netcode_client_state( client ) == NETCODE_CLIENT_STATE_CONNECTED ); + check( netcode_client_state( client2 ) == NETCODE_CLIENT_STATE_CONNECTION_DENIED ); + check( netcode_server_client_connected( server, 0 ) == 1 ); + check( netcode_server_num_connected_clients( server ) == 1 ); + + netcode_server_destroy( server ); + + netcode_client_destroy( client ); + + netcode_client_destroy( client2 ); + + netcode_network_simulator_destroy( network_simulator ); +} + +void test_client_side_disconnect() +{ + struct netcode_network_simulator_t * network_simulator = netcode_network_simulator_create( NULL, NULL, NULL ); + + // start a server and connect one client + + double time = 0.0; + double delta_time = 1.0 / 10.0; + + struct netcode_client_config_t client_config; + netcode_default_client_config( &client_config ); + client_config.network_simulator = network_simulator; + + struct netcode_client_t * client = netcode_client_create( "[::]:50000", &client_config, time ); + + check( client ); + + struct netcode_server_config_t server_config; + netcode_default_server_config( &server_config ); + server_config.protocol_id = TEST_PROTOCOL_ID; + server_config.network_simulator = network_simulator; + memcpy( &server_config.private_key, private_key, NETCODE_KEY_BYTES ); + + struct netcode_server_t * server = netcode_server_create( "[::1]:40000", &server_config, time ); + + check( server ); + + netcode_server_start( server, 1 ); + + NETCODE_CONST char * server_address = "[::1]:40000"; + + uint8_t connect_token[NETCODE_CONNECT_TOKEN_BYTES]; + + uint64_t client_id = 0; + netcode_random_bytes( (uint8_t*) &client_id, 8 ); + + uint8_t user_data[NETCODE_USER_DATA_BYTES]; + netcode_random_bytes(user_data, NETCODE_USER_DATA_BYTES); + + check( netcode_generate_connect_token( 1, &server_address, &server_address, TEST_CONNECT_TOKEN_EXPIRY, TEST_TIMEOUT_SECONDS, client_id, TEST_PROTOCOL_ID, private_key, user_data, connect_token ) ); + + netcode_client_connect( client, connect_token ); + + while ( 1 ) + { + netcode_network_simulator_update( network_simulator, time ); + + netcode_client_update( client, time ); + + netcode_server_update( server, time ); + + if ( netcode_client_state( client ) <= NETCODE_CLIENT_STATE_DISCONNECTED ) + break; + + if ( netcode_client_state( client ) == NETCODE_CLIENT_STATE_CONNECTED ) + break; + + time += delta_time; + } + + check( netcode_client_state( client ) == NETCODE_CLIENT_STATE_CONNECTED ); + check( netcode_client_index( client ) == 0 ); + check( netcode_server_client_connected( server, 0 ) == 1 ); + check( netcode_server_num_connected_clients( server ) == 1 ); + + // disconnect client side and verify that the server sees that client disconnect cleanly, rather than timing out. + + netcode_client_disconnect( client ); + + int i; + for ( i = 0; i < 10; ++i ) + { + netcode_network_simulator_update( network_simulator, time ); + + netcode_client_update( client, time ); + + netcode_server_update( server, time ); + + if ( netcode_server_client_connected( server, 0 ) == 0 ) + break; + + time += delta_time; + } + + check( netcode_server_client_connected( server, 0 ) == 0 ); + check( netcode_server_num_connected_clients( server ) == 0 ); + + netcode_server_destroy( server ); + + netcode_client_destroy( client ); + + netcode_network_simulator_destroy( network_simulator ); +} + +void test_server_side_disconnect() +{ + struct netcode_network_simulator_t * network_simulator = netcode_network_simulator_create( NULL, NULL, NULL ); + + // start a server and connect one client + + double time = 0.0; + double delta_time = 1.0 / 10.0; + + struct netcode_client_config_t client_config; + netcode_default_client_config( &client_config ); + client_config.network_simulator = network_simulator; + + struct netcode_client_t * client = netcode_client_create( "[::]:50000", &client_config, time ); + + check( client ); + + struct netcode_server_config_t server_config; + netcode_default_server_config( &server_config ); + server_config.protocol_id = TEST_PROTOCOL_ID; + server_config.network_simulator = network_simulator; + memcpy( &server_config.private_key, private_key, NETCODE_KEY_BYTES ); + + struct netcode_server_t * server = netcode_server_create( "[::1]:40000", &server_config, time ); + + check( server ); + + netcode_server_start( server, 1 ); + + NETCODE_CONST char * server_address = "[::1]:40000"; + + uint8_t connect_token[NETCODE_CONNECT_TOKEN_BYTES]; + + uint64_t client_id = 0; + netcode_random_bytes( (uint8_t*) &client_id, 8 ); + + uint8_t user_data[NETCODE_USER_DATA_BYTES]; + netcode_random_bytes(user_data, NETCODE_USER_DATA_BYTES); + + check( netcode_generate_connect_token( 1, &server_address, &server_address, TEST_CONNECT_TOKEN_EXPIRY, TEST_TIMEOUT_SECONDS, client_id, TEST_PROTOCOL_ID, private_key, user_data, connect_token ) ); + + netcode_client_connect( client, connect_token ); + + while ( 1 ) + { + netcode_network_simulator_update( network_simulator, time ); + + netcode_client_update( client, time ); + + netcode_server_update( server, time ); + + if ( netcode_client_state( client ) <= NETCODE_CLIENT_STATE_DISCONNECTED ) + break; + + if ( netcode_client_state( client ) == NETCODE_CLIENT_STATE_CONNECTED ) + break; + + time += delta_time; + } + + check( netcode_client_state( client ) == NETCODE_CLIENT_STATE_CONNECTED ); + check( netcode_client_index( client ) == 0 ); + check( netcode_server_client_connected( server, 0 ) == 1 ); + check( netcode_server_num_connected_clients( server ) == 1 ); + + // disconnect server side and verify that the client disconnects cleanly, rather than timing out. + + netcode_server_disconnect_client( server, 0 ); + + int i; + for ( i = 0; i < 10; ++i ) + { + netcode_network_simulator_update( network_simulator, time ); + + netcode_client_update( client, time ); + + netcode_server_update( server, time ); + + if ( netcode_client_state( client ) == NETCODE_CLIENT_STATE_DISCONNECTED ) + break; + + time += delta_time; + } + + check( netcode_client_state( client ) == NETCODE_CLIENT_STATE_DISCONNECTED ); + check( netcode_server_client_connected( server, 0 ) == 0 ); + check( netcode_server_num_connected_clients( server ) == 0 ); + + netcode_server_destroy( server ); + + netcode_client_destroy( client ); + + netcode_network_simulator_destroy( network_simulator ); +} + +void test_client_reconnect() +{ + struct netcode_network_simulator_t * network_simulator = netcode_network_simulator_create( NULL, NULL, NULL ); + + network_simulator->latency_milliseconds = 250; + network_simulator->jitter_milliseconds = 250; + network_simulator->packet_loss_percent = 5; + network_simulator->duplicate_packet_percent = 10; + + // start a server and connect one client + + double time = 0.0; + double delta_time = 1.0 / 10.0; + + struct netcode_client_config_t client_config; + netcode_default_client_config( &client_config ); + client_config.network_simulator = network_simulator; + + struct netcode_client_t * client = netcode_client_create( "[::]:50000", &client_config, time ); + + check( client ); + + struct netcode_server_config_t server_config; + netcode_default_server_config( &server_config ); + server_config.protocol_id = TEST_PROTOCOL_ID; + server_config.network_simulator = network_simulator; + memcpy( &server_config.private_key, private_key, NETCODE_KEY_BYTES ); + + struct netcode_server_t * server = netcode_server_create( "[::1]:40000", &server_config, time ); + + check( server ); + + netcode_server_start( server, 1 ); + + NETCODE_CONST char * server_address = "[::1]:40000"; + + uint8_t connect_token[NETCODE_CONNECT_TOKEN_BYTES]; + + uint64_t client_id = 0; + netcode_random_bytes( (uint8_t*) &client_id, 8 ); + + uint8_t user_data[NETCODE_USER_DATA_BYTES]; + netcode_random_bytes(user_data, NETCODE_USER_DATA_BYTES); + + check( netcode_generate_connect_token( 1, &server_address, &server_address, TEST_CONNECT_TOKEN_EXPIRY, TEST_TIMEOUT_SECONDS, client_id, TEST_PROTOCOL_ID, private_key, user_data, connect_token ) ); + + netcode_client_connect( client, connect_token ); + + while ( 1 ) + { + netcode_network_simulator_update( network_simulator, time ); + + netcode_client_update( client, time ); + + netcode_server_update( server, time ); + + if ( netcode_client_state( client ) <= NETCODE_CLIENT_STATE_DISCONNECTED ) + break; + + if ( netcode_client_state( client ) == NETCODE_CLIENT_STATE_CONNECTED ) + break; + + time += delta_time; + } + + check( netcode_client_state( client ) == NETCODE_CLIENT_STATE_CONNECTED ); + check( netcode_client_index( client ) == 0 ); + check( netcode_server_client_connected( server, 0 ) == 1 ); + check( netcode_server_num_connected_clients( server ) == 1 ); + + // disconnect client on the server-side and wait until client sees the disconnect + + netcode_network_simulator_reset( network_simulator ); + + netcode_server_disconnect_client( server, 0 ); + + while ( 1 ) + { + netcode_network_simulator_update( network_simulator, time ); + + netcode_client_update( client, time ); + + netcode_server_update( server, time ); + + if ( netcode_client_state( client ) <= NETCODE_CLIENT_STATE_DISCONNECTED ) + break; + + time += delta_time; + } + + check( netcode_client_state( client ) == NETCODE_CLIENT_STATE_DISCONNECTED ); + check( netcode_server_client_connected( server, 0 ) == 0 ); + check( netcode_server_num_connected_clients( server ) == 0 ); + + // now reconnect the client and verify they connect + + netcode_network_simulator_reset( network_simulator ); + + check( netcode_generate_connect_token( 1, &server_address, &server_address, TEST_CONNECT_TOKEN_EXPIRY, TEST_TIMEOUT_SECONDS, client_id, TEST_PROTOCOL_ID, private_key, user_data, connect_token ) ); + + netcode_client_connect( client, connect_token ); + + while ( 1 ) + { + netcode_network_simulator_update( network_simulator, time ); + + netcode_client_update( client, time ); + + netcode_server_update( server, time ); + + if ( netcode_client_state( client ) <= NETCODE_CLIENT_STATE_DISCONNECTED ) + break; + + if ( netcode_client_state( client ) == NETCODE_CLIENT_STATE_CONNECTED ) + break; + + time += delta_time; + } + + check( netcode_client_state( client ) == NETCODE_CLIENT_STATE_CONNECTED ); + check( netcode_client_index( client ) == 0 ); + check( netcode_server_client_connected( server, 0 ) == 1 ); + check( netcode_server_num_connected_clients( server ) == 1 ); + + netcode_server_destroy( server ); + + netcode_client_destroy( client ); + + netcode_network_simulator_destroy( network_simulator ); +} + +struct test_loopback_context_t +{ + struct netcode_client_t * client; + struct netcode_server_t * server; + int num_loopback_packets_sent_to_client; + int num_loopback_packets_sent_to_server; +}; + +void client_send_loopback_packet_callback( void * _context, int client_index, NETCODE_CONST uint8_t * packet_data, int packet_bytes, uint64_t packet_sequence ) +{ + (void) packet_sequence; + check( _context ); + check( client_index == 0 ); + check( packet_data ); + check( packet_bytes == NETCODE_MAX_PACKET_SIZE ); + int i; + for ( i = 0; i < packet_bytes; ++i ) + { + check( packet_data[i] == (uint8_t) i ); + } + struct test_loopback_context_t * context = (struct test_loopback_context_t*) _context; + context->num_loopback_packets_sent_to_server++; + netcode_server_process_loopback_packet( context->server, client_index, packet_data, packet_bytes, packet_sequence ); +} + +void server_send_loopback_packet_callback( void * _context, int client_index, NETCODE_CONST uint8_t * packet_data, int packet_bytes, uint64_t packet_sequence ) +{ + (void) packet_sequence; + check( _context ); + check( client_index == 0 ); + check( packet_data ); + check( packet_bytes == NETCODE_MAX_PACKET_SIZE ); + int i; + for ( i = 0; i < packet_bytes; ++i ) + { + check( packet_data[i] == (uint8_t) i ); + } + struct test_loopback_context_t * context = (struct test_loopback_context_t*) _context; + context->num_loopback_packets_sent_to_client++; + netcode_client_process_loopback_packet( context->client, packet_data, packet_bytes, packet_sequence ); +} + +void test_disable_timeout() +{ + struct netcode_network_simulator_t * network_simulator = netcode_network_simulator_create( NULL, NULL, NULL ); + + network_simulator->latency_milliseconds = 250; + network_simulator->jitter_milliseconds = 250; + network_simulator->packet_loss_percent = 5; + network_simulator->duplicate_packet_percent = 10; + + double time = 0.0; + double delta_time = 1.0 / 10.0; + + struct netcode_client_config_t client_config; + netcode_default_client_config( &client_config ); + client_config.network_simulator = network_simulator; + + struct netcode_client_t * client = netcode_client_create( "[::]:50000", &client_config, time ); + + check( client ); + + struct netcode_server_config_t server_config; + netcode_default_server_config( &server_config ); + server_config.protocol_id = TEST_PROTOCOL_ID; + server_config.network_simulator = network_simulator; + memcpy( &server_config.private_key, private_key, NETCODE_KEY_BYTES ); + + struct netcode_server_t * server = netcode_server_create( "[::1]:40000", &server_config, time ); + + check( server ); + + netcode_server_start( server, 1 ); + + NETCODE_CONST char * server_address = "[::1]:40000"; + + uint8_t connect_token[NETCODE_CONNECT_TOKEN_BYTES]; + + uint64_t client_id = 0; + netcode_random_bytes( (uint8_t*) &client_id, 8 ); + + uint8_t user_data[NETCODE_USER_DATA_BYTES]; + netcode_random_bytes(user_data, NETCODE_USER_DATA_BYTES); + + check( netcode_generate_connect_token( 1, &server_address, &server_address, TEST_CONNECT_TOKEN_EXPIRY, -1, client_id, TEST_PROTOCOL_ID, private_key, user_data, connect_token ) ); + + netcode_client_connect( client, connect_token ); + + while ( 1 ) + { + netcode_network_simulator_update( network_simulator, time ); + + netcode_client_update( client, time ); + + netcode_server_update( server, time ); + + if ( netcode_client_state( client ) <= NETCODE_CLIENT_STATE_DISCONNECTED ) + break; + + if ( netcode_client_state( client ) == NETCODE_CLIENT_STATE_CONNECTED ) + break; + + time += delta_time; + } + + check( netcode_client_state( client ) == NETCODE_CLIENT_STATE_CONNECTED ); + check( netcode_client_index( client ) == 0 ); + check( netcode_server_client_connected( server, 0 ) == 1 ); + check( netcode_server_num_connected_clients( server ) == 1 ); + + int server_num_packets_received = 0; + int client_num_packets_received = 0; + + uint8_t packet_data[NETCODE_MAX_PACKET_SIZE]; + int i; + for ( i = 0; i < NETCODE_MAX_PACKET_SIZE; ++i ) + packet_data[i] = (uint8_t) i; + + while ( 1 ) + { + netcode_network_simulator_update( network_simulator, time ); + + netcode_client_update( client, time ); + + netcode_server_update( server, time ); + + netcode_client_send_packet( client, packet_data, NETCODE_MAX_PACKET_SIZE ); + + netcode_server_send_packet( server, 0, packet_data, NETCODE_MAX_PACKET_SIZE ); + + while ( 1 ) + { + int packet_bytes; + uint64_t packet_sequence; + uint8_t * packet = netcode_client_receive_packet( client, &packet_bytes, &packet_sequence ); + if ( !packet ) + break; + (void) packet_sequence; + netcode_assert( packet_bytes == NETCODE_MAX_PACKET_SIZE ); + netcode_assert( memcmp( packet, packet_data, NETCODE_MAX_PACKET_SIZE ) == 0 ); + client_num_packets_received++; + netcode_client_free_packet( client, packet ); + } + + while ( 1 ) + { + int packet_bytes; + uint64_t packet_sequence; + void * packet = netcode_server_receive_packet( server, 0, &packet_bytes, &packet_sequence ); + if ( !packet ) + break; + (void) packet_sequence; + netcode_assert( packet_bytes == NETCODE_MAX_PACKET_SIZE ); + netcode_assert( memcmp( packet, packet_data, NETCODE_MAX_PACKET_SIZE ) == 0 ); + server_num_packets_received++; + netcode_server_free_packet( server, packet ); + } + + if ( client_num_packets_received >= 10 && server_num_packets_received >= 10 ) + { + if ( netcode_server_client_connected( server, 0 ) ) + { + netcode_server_disconnect_client( server, 0 ); + } + } + + if ( netcode_client_state( client ) <= NETCODE_CLIENT_STATE_DISCONNECTED ) + break; + + time += 1000.0f; // normally this would timeout the client + } + + check( client_num_packets_received >= 10 && server_num_packets_received >= 10 ); + + netcode_server_destroy( server ); + + netcode_client_destroy( client ); + + netcode_network_simulator_destroy( network_simulator ); +} + +void test_loopback() +{ + struct test_loopback_context_t context; + memset( &context, 0, sizeof( context ) ); + + struct netcode_network_simulator_t * network_simulator = netcode_network_simulator_create( NULL, NULL, NULL ); + + network_simulator->latency_milliseconds = 250; + network_simulator->jitter_milliseconds = 250; + network_simulator->packet_loss_percent = 5; + network_simulator->duplicate_packet_percent = 10; + + double time = 0.0; + double delta_time = 1.0 / 10.0; + + // start the server + + struct netcode_server_config_t server_config; + netcode_default_server_config( &server_config ); + server_config.protocol_id = TEST_PROTOCOL_ID; + server_config.network_simulator = network_simulator; + server_config.callback_context = &context; + server_config.send_loopback_packet_callback = server_send_loopback_packet_callback; + memcpy( &server_config.private_key, private_key, NETCODE_KEY_BYTES ); + + struct netcode_server_t * server = netcode_server_create( "[::1]:40000", &server_config, time ); + + check( server ); + + int max_clients = 2; + + netcode_server_start( server, max_clients ); + + context.server = server; + + // connect a loopback client in slot 0 + + struct netcode_client_config_t client_config; + netcode_default_client_config( &client_config ); + client_config.callback_context = &context; + client_config.send_loopback_packet_callback = client_send_loopback_packet_callback; + client_config.network_simulator = network_simulator; + + struct netcode_client_t * loopback_client = netcode_client_create( "[::]:50000", &client_config, time ); + check( loopback_client ); + netcode_client_connect_loopback( loopback_client, 0, max_clients ); + context.client = loopback_client; + + check( netcode_client_index( loopback_client ) == 0 ); + check( netcode_client_loopback( loopback_client ) == 1 ); + check( netcode_client_max_clients( loopback_client ) == max_clients ); + check( netcode_client_state( loopback_client ) == NETCODE_CLIENT_STATE_CONNECTED ); + + uint64_t client_id = 0; + netcode_random_bytes( (uint8_t*) &client_id, 8 ); + netcode_server_connect_loopback_client( server, 0, client_id, NULL ); + + check( netcode_server_client_loopback( server, 0 ) == 1 ); + check( netcode_server_client_connected( server, 0 ) == 1 ); + check( netcode_server_num_connected_clients( server ) == 1 ); + + // connect a regular client in the other slot + + struct netcode_client_t * regular_client = netcode_client_create( "[::]:50001", &client_config, time ); + + check( regular_client ); + + NETCODE_CONST char * server_address = "[::1]:40000"; + + uint8_t connect_token[NETCODE_CONNECT_TOKEN_BYTES]; + netcode_random_bytes( (uint8_t*) &client_id, 8 ); + + uint8_t user_data[NETCODE_USER_DATA_BYTES]; + netcode_random_bytes(user_data, NETCODE_USER_DATA_BYTES); + + check( netcode_generate_connect_token( 1, &server_address, &server_address, TEST_CONNECT_TOKEN_EXPIRY, TEST_TIMEOUT_SECONDS, client_id, TEST_PROTOCOL_ID, private_key, user_data, connect_token ) ); + + netcode_client_connect( regular_client, connect_token ); + + while ( 1 ) + { + netcode_network_simulator_update( network_simulator, time ); + + netcode_client_update( regular_client, time ); + + netcode_server_update( server, time ); + + if ( netcode_client_state( regular_client ) <= NETCODE_CLIENT_STATE_DISCONNECTED ) + break; + + if ( netcode_client_state( regular_client ) == NETCODE_CLIENT_STATE_CONNECTED ) + break; + + time += delta_time; + } + + check( netcode_client_state( regular_client ) == NETCODE_CLIENT_STATE_CONNECTED ); + check( netcode_client_index( regular_client ) == 1 ); + check( netcode_server_client_connected( server, 0 ) == 1 ); + check( netcode_server_client_connected( server, 1 ) == 1 ); + check( netcode_server_client_loopback( server, 0 ) == 1 ); + check( netcode_server_client_loopback( server, 1 ) == 0 ); + check( netcode_server_num_connected_clients( server ) == 2 ); + + // test that we can exchange packets for the regular client and the loopback client + + int loopback_client_num_packets_received = 0; + int loopback_server_num_packets_received = 0; + int regular_server_num_packets_received = 0; + int regular_client_num_packets_received = 0; + + uint8_t packet_data[NETCODE_MAX_PACKET_SIZE]; + int i; + for ( i = 0; i < NETCODE_MAX_PACKET_SIZE; ++i ) + packet_data[i] = (uint8_t) i; + + while ( 1 ) + { + netcode_network_simulator_update( network_simulator, time ); + + netcode_client_update( regular_client, time ); + + netcode_server_update( server, time ); + + netcode_client_send_packet( loopback_client, packet_data, NETCODE_MAX_PACKET_SIZE ); + + netcode_client_send_packet( regular_client, packet_data, NETCODE_MAX_PACKET_SIZE ); + + netcode_server_send_packet( server, 0, packet_data, NETCODE_MAX_PACKET_SIZE ); + + netcode_server_send_packet( server, 1, packet_data, NETCODE_MAX_PACKET_SIZE ); + + while ( 1 ) + { + int packet_bytes; + uint64_t packet_sequence; + uint8_t * packet = netcode_client_receive_packet( loopback_client, &packet_bytes, &packet_sequence ); + if ( !packet ) + break; + (void) packet_sequence; + netcode_assert( packet_bytes == NETCODE_MAX_PACKET_SIZE ); + netcode_assert( memcmp( packet, packet_data, NETCODE_MAX_PACKET_SIZE ) == 0 ); + loopback_client_num_packets_received++; + netcode_client_free_packet( loopback_client, packet ); + } + + while ( 1 ) + { + int packet_bytes; + uint64_t packet_sequence; + uint8_t * packet = netcode_client_receive_packet( regular_client, &packet_bytes, &packet_sequence ); + if ( !packet ) + break; + (void) packet_sequence; + netcode_assert( packet_bytes == NETCODE_MAX_PACKET_SIZE ); + netcode_assert( memcmp( packet, packet_data, NETCODE_MAX_PACKET_SIZE ) == 0 ); + regular_client_num_packets_received++; + netcode_client_free_packet( regular_client, packet ); + } + + while ( 1 ) + { + int packet_bytes; + uint64_t packet_sequence; + void * packet = netcode_server_receive_packet( server, 0, &packet_bytes, &packet_sequence ); + if ( !packet ) + break; + (void) packet_sequence; + netcode_assert( packet_bytes == NETCODE_MAX_PACKET_SIZE ); + netcode_assert( memcmp( packet, packet_data, NETCODE_MAX_PACKET_SIZE ) == 0 ); + loopback_server_num_packets_received++; + netcode_server_free_packet( server, packet ); + } + + while ( 1 ) + { + int packet_bytes; + uint64_t packet_sequence; + void * packet = netcode_server_receive_packet( server, 1, &packet_bytes, &packet_sequence ); + if ( !packet ) + break; + (void) packet_sequence; + netcode_assert( packet_bytes == NETCODE_MAX_PACKET_SIZE ); + netcode_assert( memcmp( packet, packet_data, NETCODE_MAX_PACKET_SIZE ) == 0 ); + regular_server_num_packets_received++; + netcode_server_free_packet( server, packet ); + } + + if ( loopback_client_num_packets_received >= 10 && loopback_server_num_packets_received >= 10 && + regular_client_num_packets_received >= 10 && regular_server_num_packets_received >= 10 ) + break; + + if ( netcode_client_state( regular_client ) <= NETCODE_CLIENT_STATE_DISCONNECTED ) + break; + + time += delta_time; + } + + check( loopback_client_num_packets_received >= 10 ); + check( loopback_server_num_packets_received >= 10 ); + check( regular_client_num_packets_received >= 10 ); + check( regular_server_num_packets_received >= 10 ); + check( context.num_loopback_packets_sent_to_client >= 10 ); + check( context.num_loopback_packets_sent_to_server >= 10 ); + + // verify that we can disconnect the loopback client + + check( netcode_server_client_loopback( server, 0 ) == 1 ); + check( netcode_server_client_connected( server, 0 ) == 1 ); + check( netcode_server_num_connected_clients( server ) == 2 ); + + netcode_server_disconnect_loopback_client( server, 0 ); + + check( netcode_server_client_loopback( server, 0 ) == 0 ); + check( netcode_server_client_connected( server, 0 ) == 0 ); + check( netcode_server_num_connected_clients( server ) == 1 ); + + netcode_client_disconnect_loopback( loopback_client ); + + check( netcode_client_state( loopback_client ) == NETCODE_CLIENT_STATE_DISCONNECTED ); + + // verify that we can reconnect the loopback client + + netcode_random_bytes( (uint8_t*) &client_id, 8 ); + netcode_server_connect_loopback_client( server, 0, client_id, NULL ); + + check( netcode_server_client_loopback( server, 0 ) == 1 ); + check( netcode_server_client_loopback( server, 1 ) == 0 ); + check( netcode_server_client_connected( server, 0 ) == 1 ); + check( netcode_server_client_connected( server, 1 ) == 1 ); + check( netcode_server_num_connected_clients( server ) == 2 ); + + netcode_client_connect_loopback( loopback_client, 0, max_clients ); + + check( netcode_client_index( loopback_client ) == 0 ); + check( netcode_client_loopback( loopback_client ) == 1 ); + check( netcode_client_max_clients( loopback_client ) == max_clients ); + check( netcode_client_state( loopback_client ) == NETCODE_CLIENT_STATE_CONNECTED ); + + // verify that we can exchange packets for both regular and loopback client post reconnect + + loopback_server_num_packets_received = 0; + loopback_client_num_packets_received = 0; + regular_server_num_packets_received = 0; + regular_client_num_packets_received = 0; + context.num_loopback_packets_sent_to_client = 0; + context.num_loopback_packets_sent_to_server = 0; + + while ( 1 ) + { + netcode_network_simulator_update( network_simulator, time ); + + netcode_client_update( regular_client, time ); + + netcode_server_update( server, time ); + + netcode_client_send_packet( loopback_client, packet_data, NETCODE_MAX_PACKET_SIZE ); + + netcode_client_send_packet( regular_client, packet_data, NETCODE_MAX_PACKET_SIZE ); + + netcode_server_send_packet( server, 0, packet_data, NETCODE_MAX_PACKET_SIZE ); + + netcode_server_send_packet( server, 1, packet_data, NETCODE_MAX_PACKET_SIZE ); + + while ( 1 ) + { + int packet_bytes; + uint64_t packet_sequence; + uint8_t * packet = netcode_client_receive_packet( loopback_client, &packet_bytes, &packet_sequence ); + if ( !packet ) + break; + (void) packet_sequence; + netcode_assert( packet_bytes == NETCODE_MAX_PACKET_SIZE ); + netcode_assert( memcmp( packet, packet_data, NETCODE_MAX_PACKET_SIZE ) == 0 ); + loopback_client_num_packets_received++; + netcode_client_free_packet( loopback_client, packet ); + } + + while ( 1 ) + { + int packet_bytes; + uint64_t packet_sequence; + uint8_t * packet = netcode_client_receive_packet( regular_client, &packet_bytes, &packet_sequence ); + if ( !packet ) + break; + (void) packet_sequence; + netcode_assert( packet_bytes == NETCODE_MAX_PACKET_SIZE ); + netcode_assert( memcmp( packet, packet_data, NETCODE_MAX_PACKET_SIZE ) == 0 ); + regular_client_num_packets_received++; + netcode_client_free_packet( regular_client, packet ); + } + + while ( 1 ) + { + int packet_bytes; + uint64_t packet_sequence; + void * packet = netcode_server_receive_packet( server, 0, &packet_bytes, &packet_sequence ); + if ( !packet ) + break; + (void) packet_sequence; + netcode_assert( packet_bytes == NETCODE_MAX_PACKET_SIZE ); + netcode_assert( memcmp( packet, packet_data, NETCODE_MAX_PACKET_SIZE ) == 0 ); + loopback_server_num_packets_received++; + netcode_server_free_packet( server, packet ); + } + + while ( 1 ) + { + int packet_bytes; + uint64_t packet_sequence; + void * packet = netcode_server_receive_packet( server, 1, &packet_bytes, &packet_sequence ); + if ( !packet ) + break; + (void) packet_sequence; + netcode_assert( packet_bytes == NETCODE_MAX_PACKET_SIZE ); + netcode_assert( memcmp( packet, packet_data, NETCODE_MAX_PACKET_SIZE ) == 0 ); + regular_server_num_packets_received++; + netcode_server_free_packet( server, packet ); + } + + if ( loopback_client_num_packets_received >= 10 && loopback_server_num_packets_received >= 10 && + regular_client_num_packets_received >= 10 && regular_server_num_packets_received >= 10 ) + break; + + if ( netcode_client_state( regular_client ) <= NETCODE_CLIENT_STATE_DISCONNECTED ) + break; + + time += delta_time; + } + + check( loopback_client_num_packets_received >= 10 ); + check( loopback_server_num_packets_received >= 10 ); + check( regular_client_num_packets_received >= 10 ); + check( regular_server_num_packets_received >= 10 ); + check( context.num_loopback_packets_sent_to_client >= 10 ); + check( context.num_loopback_packets_sent_to_server >= 10 ); + + // verify the regular client times out but loopback client doesn't + + time += 100000.0; + + netcode_server_update( server, time ); + + check( netcode_server_client_connected( server, 0 ) == 1 ); + check( netcode_server_client_connected( server, 1 ) == 0 ); + + netcode_client_update( loopback_client, time ); + + check( netcode_client_state( loopback_client ) == NETCODE_CLIENT_STATE_CONNECTED ); + + // verify that disconnect all clients leaves loopback clients alone + + netcode_server_disconnect_all_clients( server ); + + check( netcode_server_client_connected( server, 0 ) == 1 ); + check( netcode_server_client_connected( server, 1 ) == 0 ); + check( netcode_server_client_loopback( server, 0 ) == 1 ); + + // clean up + + netcode_client_destroy( regular_client ); + + netcode_client_destroy( loopback_client ); + + netcode_server_destroy( server ); + + netcode_network_simulator_destroy( network_simulator ); +} + +#define RUN_TEST( test_function ) \ + do \ + { \ + printf( #test_function "\n" ); \ + test_function(); \ + } \ + while (0) + +void netcode_test() +{ + //while ( 1 ) + { + RUN_TEST( test_queue ); + RUN_TEST( test_endian ); + RUN_TEST( test_address ); + RUN_TEST( test_sequence ); + RUN_TEST( test_connect_token ); + RUN_TEST( test_challenge_token ); + RUN_TEST( test_connection_request_packet ); + RUN_TEST( test_connection_denied_packet ); + RUN_TEST( test_connection_challenge_packet ); + RUN_TEST( test_connection_response_packet ); + RUN_TEST( test_connection_payload_packet ); + RUN_TEST( test_connection_disconnect_packet ); + RUN_TEST( test_connect_token_public ); + RUN_TEST( test_encryption_manager ); + RUN_TEST( test_replay_protection ); + RUN_TEST( test_client_create ); + RUN_TEST( test_server_create ); + RUN_TEST( test_client_server_connect ); + RUN_TEST( test_client_server_ipv4_socket_connect ); + RUN_TEST( test_client_server_ipv6_socket_connect ); + RUN_TEST( test_client_server_keep_alive ); + RUN_TEST( test_client_server_multiple_clients ); + RUN_TEST( test_client_server_multiple_servers ); + RUN_TEST( test_client_error_connect_token_expired ); + RUN_TEST( test_client_error_invalid_connect_token ); + RUN_TEST( test_client_error_connection_timed_out ); + RUN_TEST( test_client_error_connection_response_timeout ); + RUN_TEST( test_client_error_connection_request_timeout ); + RUN_TEST( test_client_error_connection_denied ); + RUN_TEST( test_client_side_disconnect ); + RUN_TEST( test_server_side_disconnect ); + RUN_TEST( test_client_reconnect ); + RUN_TEST( test_disable_timeout ); + RUN_TEST( test_loopback ); + } +} + +#endif // #if NETCODE_ENABLE_TESTS + diff --git a/netcode/netcode.h b/netcode/netcode.h new file mode 100755 index 00000000..d60f3f00 --- /dev/null +++ b/netcode/netcode.h @@ -0,0 +1,293 @@ +/* + netcode reference implementation + + Copyright © 2017 - 2024, Mas Bandwidth LLC + + Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer + in the documentation and/or other materials provided with the distribution. + + 3. Neither the name of the copyright holder nor the names of its contributors may be used to endorse or promote products derived + from this software without specific prior written permission. + + THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR + SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, + WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE + USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +*/ + +#ifndef NETCODE_H +#define NETCODE_H + +#include + +#if !defined(NETCODE_DEBUG) && !defined(NETCODE_RELEASE) +#if defined(NDEBUG) +#define NETCODE_RELEASE +#else +#define NETCODE_DEBUG +#endif +#elif defined(NETCODE_DEBUG) && defined(NETCODE_RELEASE) +#error Can only define one of debug & release +#endif + +#if defined(__386__) || defined(i386) || defined(__i386__) \ + || defined(__X86) || defined(_M_IX86) \ + || defined(_M_X64) || defined(__x86_64__) \ + || defined(alpha) || defined(__alpha) || defined(__alpha__) \ + || defined(_M_ALPHA) \ + || defined(ARM) || defined(_ARM) || defined(__arm__) \ + || defined(__aarch64__) \ + || defined(WIN32) || defined(_WIN32) || defined(__WIN32__) \ + || defined(_WIN32_WCE) || defined(__NT__) \ + || defined(__MIPSEL__) + #define NETCODE_LITTLE_ENDIAN 1 +#else + #define NETCODE_BIG_ENDIAN 1 +#endif + +#define NETCODE_PLATFORM_WINDOWS 1 +#define NETCODE_PLATFORM_MAC 2 +#define NETCODE_PLATFORM_UNIX 3 + +#if defined(_WIN32) +#define NETCODE_PLATFORM NETCODE_PLATFORM_WINDOWS +#elif defined(__APPLE__) +#define NETCODE_PLATFORM NETCODE_PLATFORM_MAC +#else +#define NETCODE_PLATFORM NETCODE_PLATFORM_UNIX +#endif + +#define NETCODE_CONNECT_TOKEN_BYTES 2048 +#define NETCODE_KEY_BYTES 32 +#define NETCODE_MAC_BYTES 16 +#define NETCODE_USER_DATA_BYTES 256 +#define NETCODE_MAX_SERVERS_PER_CONNECT 32 + +#define NETCODE_CLIENT_STATE_CONNECT_TOKEN_EXPIRED -6 +#define NETCODE_CLIENT_STATE_INVALID_CONNECT_TOKEN -5 +#define NETCODE_CLIENT_STATE_CONNECTION_TIMED_OUT -4 +#define NETCODE_CLIENT_STATE_CONNECTION_RESPONSE_TIMED_OUT -3 +#define NETCODE_CLIENT_STATE_CONNECTION_REQUEST_TIMED_OUT -2 +#define NETCODE_CLIENT_STATE_CONNECTION_DENIED -1 +#define NETCODE_CLIENT_STATE_DISCONNECTED 0 +#define NETCODE_CLIENT_STATE_SENDING_CONNECTION_REQUEST 1 +#define NETCODE_CLIENT_STATE_SENDING_CONNECTION_RESPONSE 2 +#define NETCODE_CLIENT_STATE_CONNECTED 3 + +#define NETCODE_MAX_CLIENTS 256 +#define NETCODE_MAX_PACKET_SIZE 1200 + +#define NETCODE_LOG_LEVEL_NONE 0 +#define NETCODE_LOG_LEVEL_ERROR 1 +#define NETCODE_LOG_LEVEL_INFO 2 +#define NETCODE_LOG_LEVEL_DEBUG 3 + +#define NETCODE_OK 1 +#define NETCODE_ERROR 0 + +#define NETCODE_ADDRESS_NONE 0 +#define NETCODE_ADDRESS_IPV4 1 +#define NETCODE_ADDRESS_IPV6 2 + +#ifdef __cplusplus +#define NETCODE_CONST const +extern "C" { +#else +#if defined(__STDC__) +#define NETCODE_CONST const +#else +#define NETCODE_CONST +#endif +#endif + +int netcode_init(); + +void netcode_term(); + +struct netcode_address_t +{ + union { uint8_t ipv4[4]; uint16_t ipv6[8]; } data; + uint16_t port; + uint8_t type; +}; + +int netcode_parse_address( NETCODE_CONST char * address_string_in, struct netcode_address_t * address ); + +char * netcode_address_to_string( struct netcode_address_t * address, char * buffer ); + +int netcode_address_equal( struct netcode_address_t * a, struct netcode_address_t * b ); + +struct netcode_client_config_t +{ + void * allocator_context; + void * (*allocate_function)(void*,uint64_t); + void (*free_function)(void*,void*); + struct netcode_network_simulator_t * network_simulator; + void * callback_context; + void (*state_change_callback)(void*,int,int); + void (*send_loopback_packet_callback)(void*,int,NETCODE_CONST uint8_t*,int,uint64_t); + int override_send_and_receive; + void (*send_packet_override)(void*,struct netcode_address_t*,NETCODE_CONST uint8_t*,int); + int (*receive_packet_override)(void*,struct netcode_address_t*,uint8_t*,int); +}; + +void netcode_default_client_config( struct netcode_client_config_t * config ); + +struct netcode_client_t * netcode_client_create( NETCODE_CONST char * address, NETCODE_CONST struct netcode_client_config_t * config, double time ); + +void netcode_client_destroy( struct netcode_client_t * client ); + +void netcode_client_connect( struct netcode_client_t * client, uint8_t * connect_token ); + +void netcode_client_update( struct netcode_client_t * client, double time ); + +uint64_t netcode_client_next_packet_sequence( struct netcode_client_t * client ); + +void netcode_client_send_packet( struct netcode_client_t * client, NETCODE_CONST uint8_t * packet_data, int packet_bytes ); + +uint8_t * netcode_client_receive_packet( struct netcode_client_t * client, int * packet_bytes, uint64_t * packet_sequence ); + +void netcode_client_free_packet( struct netcode_client_t * client, void * packet ); + +void netcode_client_disconnect( struct netcode_client_t * client ); + +int netcode_client_state( struct netcode_client_t * client ); + +int netcode_client_index( struct netcode_client_t * client ); + +int netcode_client_max_clients( struct netcode_client_t * client ); + +void netcode_client_connect_loopback( struct netcode_client_t * client, int client_index, int max_clients ); + +void netcode_client_disconnect_loopback( struct netcode_client_t * client ); + +void netcode_client_process_packet( struct netcode_client_t * client, struct netcode_address_t * from, uint8_t * packet_data, int packet_bytes ); + +int netcode_client_loopback( struct netcode_client_t * client ); + +void netcode_client_process_loopback_packet( struct netcode_client_t * client, NETCODE_CONST uint8_t * packet_data, int packet_bytes, uint64_t packet_sequence ); + +uint16_t netcode_client_get_port( struct netcode_client_t * client ); + +struct netcode_address_t * netcode_client_server_address( struct netcode_client_t * client ); + +int netcode_generate_connect_token( int num_server_addresses, + NETCODE_CONST char ** public_server_addresses, + NETCODE_CONST char ** internal_server_addresses, + int expire_seconds, + int timeout_seconds, + uint64_t client_id, + uint64_t protocol_id, + NETCODE_CONST uint8_t * private_key, + uint8_t * user_data, + uint8_t * connect_token ); + +struct netcode_server_config_t +{ + uint64_t protocol_id; + uint8_t private_key[NETCODE_KEY_BYTES]; + void * allocator_context; + void * (*allocate_function)(void*,uint64_t); + void (*free_function)(void*,void*); + struct netcode_network_simulator_t * network_simulator; + void * callback_context; + void (*connect_disconnect_callback)(void*,int,int); + void (*send_loopback_packet_callback)(void*,int,NETCODE_CONST uint8_t*,int,uint64_t); + int override_send_and_receive; + void (*send_packet_override)(void*,struct netcode_address_t*,NETCODE_CONST uint8_t*,int); + int (*receive_packet_override)(void*,struct netcode_address_t*,uint8_t*,int); +}; + +void netcode_default_server_config( struct netcode_server_config_t * config ); + +struct netcode_server_t * netcode_server_create( NETCODE_CONST char * server_address, NETCODE_CONST struct netcode_server_config_t * config, double time ); + +void netcode_server_destroy( struct netcode_server_t * server ); + +void netcode_server_start( struct netcode_server_t * server, int max_clients ); + +void netcode_server_stop( struct netcode_server_t * server ); + +int netcode_server_running( struct netcode_server_t * server ); + +int netcode_server_max_clients( struct netcode_server_t * server ); + +void netcode_server_update( struct netcode_server_t * server, double time ); + +int netcode_server_client_connected( struct netcode_server_t * server, int client_index ); + +uint64_t netcode_server_client_id( struct netcode_server_t * server, int client_index ); + +struct netcode_address_t * netcode_server_client_address( struct netcode_server_t * server, int client_index ); + +void netcode_server_disconnect_client( struct netcode_server_t * server, int client_index ); + +void netcode_server_disconnect_all_clients( struct netcode_server_t * server ); + +uint64_t netcode_server_next_packet_sequence( struct netcode_server_t * server, int client_index ); + +void netcode_server_send_packet( struct netcode_server_t * server, int client_index, NETCODE_CONST uint8_t * packet_data, int packet_bytes ); + +uint8_t * netcode_server_receive_packet( struct netcode_server_t * server, int client_index, int * packet_bytes, uint64_t * packet_sequence ); + +void netcode_server_free_packet( struct netcode_server_t * server, void * packet ); + +int netcode_server_num_connected_clients( struct netcode_server_t * server ); + +void * netcode_server_client_user_data( struct netcode_server_t * server, int client_index ); + +void netcode_server_process_packet( struct netcode_server_t * server, struct netcode_address_t * from, uint8_t * packet_data, int packet_bytes ); + +void netcode_server_connect_loopback_client( struct netcode_server_t * server, int client_index, uint64_t client_id, NETCODE_CONST uint8_t * user_data ); + +void netcode_server_disconnect_loopback_client( struct netcode_server_t * server, int client_index ); + +int netcode_server_client_loopback( struct netcode_server_t * server, int client_index ); + +void netcode_server_process_loopback_packet( struct netcode_server_t * server, int client_index, NETCODE_CONST uint8_t * packet_data, int packet_bytes, uint64_t packet_sequence ); + +uint16_t netcode_server_get_port( struct netcode_server_t * server ); + +void netcode_log_level( int level ); + +void netcode_set_printf_function( int (*function)( NETCODE_CONST char *, ... ) ); + +extern void (*netcode_assert_function)( NETCODE_CONST char *, NETCODE_CONST char *, NETCODE_CONST char * file, int line ); + +#ifndef NDEBUG +#define netcode_assert( condition ) \ +do \ +{ \ + if ( !(condition) ) \ + { \ + netcode_assert_function( #condition, __FUNCTION__, __FILE__, __LINE__ ); \ + exit(1); \ + } \ +} while(0) +#else +#define netcode_assert( ignore ) ((void)0) +#endif + +void netcode_set_assert_function( void (*function)( NETCODE_CONST char * /*condition*/, + NETCODE_CONST char * /*function*/, + NETCODE_CONST char * /*file*/, + int /*line*/ ) ); + +void netcode_random_bytes( uint8_t * data, int bytes ); + +void netcode_sleep( double seconds ); + +double netcode_time(); + +#ifdef __cplusplus +} +#endif + +#endif // #ifndef NETCODE_H diff --git a/premake5.lua b/premake5.lua index c4fe7530..34147048 100644 --- a/premake5.lua +++ b/premake5.lua @@ -1,375 +1,88 @@ yojimbo_version = "1.0" -libs = { "sodium", "mbedtls", "mbedx509", "mbedcrypto" } - solution "Yojimbo" kind "ConsoleApp" language "C++" - platforms { "x64" } configurations { "Debug", "Release" } - if os.istarget "windows" then - includedirs { ".", "./windows", "netcode.io", "reliable.io" } - libdirs { "./windows" } - else - includedirs { ".", "/usr/local/include", "netcode.io", "reliable.io" } + includedirs { ".", "sodium", "tlsf", "netcode", "reliable" } + if not os.istarget "windows" then targetdir "bin/" end rtti "Off" - links { libs } warnings "Extra" floatingpoint "Fast" - vectorextensions "SSE2" - configuration "Debug" + filter "configurations:Debug" symbols "On" defines { "YOJIMBO_DEBUG", "NETCODE_DEBUG", "RELIABLE_DEBUG" } - configuration "Release" + filter "configurations:Release" + symbols "Off" optimize "Speed" defines { "YOJIMBO_RELEASE", "NETCODE_RELEASE", "RELIABLE_RELEASE" } - -project "test" - files { "test.cpp" } - links { "yojimbo" } + +project "sodium" + kind "StaticLib" + language "C" + files { + "sodium/**.c", + "sodium/**.h", + } + filter { "system:not windows", "platforms:*x64 or *avx or *avx2" } + files { + "sodium/**.S" + } + filter { "action:gmake" } + buildoptions { "-Wno-unused-parameter", "-Wno-unused-function", "-Wno-unknown-pragmas", "-Wno-unused-variable", "-Wno-type-limits" } + +project "netcode" + kind "StaticLib" + language "C" + defines { "NETCODE_ENABLE_TESTS=1" } + files { "netcode/netcode.c", "netcode/netcode.h" } + +project "reliable" + kind "StaticLib" + language "C" + defines { "RELIABLE_ENABLE_TESTS=1" } + files { "reliable/reliable.c", "reliable/reliable.h" } + +project "tlsf" + kind "StaticLib" + language "C" + files { "tlsf/tlsf.c", "tlsf/tlsf.h" } project "yojimbo" kind "StaticLib" - defines { "NETCODE_ENABLE_TESTS=1", "RELIABLE_ENABLE_TESTS=1" } - files { "yojimbo.h", "yojimbo.cpp", "certs.h", "certs.c", "tlsf/tlsf.h", "tlsf/tlsf.c", "netcode.io/netcode.c", "netcode.io/netcode.h", "reliable.io/reliable.c", "reliable.io/reliable.h" } + links { "reliable", "netcode", "tlsf" } + files { "yojimbo.h", "yojimbo.cpp" } project "client" files { "client.cpp", "shared.h" } - links { "yojimbo" } + links { "yojimbo", "sodium", "tlsf", "netcode", "reliable" } project "server" files { "server.cpp", "shared.h" } - links { "yojimbo" } - -project "secure_client" - files { "secure_client.cpp", "shared.h" } - links { "yojimbo" } + links { "yojimbo", "sodium", "tlsf", "netcode", "reliable" } project "secure_server" files { "secure_server.cpp", "shared.h" } - links { "yojimbo" } + links { "yojimbo", "sodium", "tlsf", "netcode", "reliable" } project "client_server" files { "client_server.cpp", "shared.h" } - links { "yojimbo" } + links { "yojimbo", "sodium", "tlsf", "netcode", "reliable" } project "loopback" files { "loopback.cpp", "shared.h" } - links { "yojimbo" } + links { "yojimbo", "sodium", "tlsf", "netcode", "reliable" } project "soak" files { "soak.cpp", "shared.h" } - links { "yojimbo" } - -if not os.istarget "windows" then - - -- MacOSX and Linux. - - newaction - { - trigger = "test", - description = "Build and run all unit tests", - execute = function () - os.execute "test ! -e Makefile && premake5 gmake2" - if os.execute "make -j32 test" then - os.execute "./bin/test" - end - end - } - - newaction - { - trigger = "client_server", - description = "Build and run client/server test", - execute = function () - os.execute "test ! -e Makefile && premake5 gmake2" - if os.execute "make -j32 client_server" then - os.execute "./bin/client_server" - end - end - } - - newaction - { - trigger = "loopback", - description = "Build and run loopback test", - execute = function () - os.execute "test ! -e Makefile && premake5 gmake2" - if os.execute "make -j32 loopback" then - os.execute "./bin/loopback" - end - end - } - - newoption - { - trigger = "serverAddress", - value = "IP[:port]", - description = "Specify the server address that the client should connect to", - } - - newaction - { - trigger = "client", - description = "Build and run client", - valid_kinds = premake.action.get("gmake2").valid_kinds, - valid_languages = premake.action.get("gmake2").valid_languages, - valid_tools = premake.action.get("gmake2").valid_tools, - - execute = function () - os.execute "test ! -e Makefile && premake5 gmake2" - if os.execute "make -j32 client" then - if _OPTIONS["serverAddress"] then - os.execute( "./bin/client " .. _OPTIONS["serverAddress"] ) - else - os.execute "./bin/client" - end - end - end - } - - newaction - { - trigger = "server", - description = "Build and run server", - execute = function () - os.execute "test ! -e Makefile && premake5 gmake2" - if os.execute "make -j32 server" then - os.execute "./bin/server" - end - end - } - - newaction - { - trigger = "secure_server", - description = "Build and run secure server", - execute = function () - os.execute "test ! -e Makefile && premake5 gmake2" - if os.execute "make -j32 secure_server" then - os.execute "./bin/secure_server" - end - end - } - - newaction - { - trigger = "docker", - description = "Build and run a yojimbo server inside a docker container", - execute = function () - os.execute "docker run --rm --privileged alpine hwclock -s" -- workaround for clock getting out of sync on macos. see https://docs.docker.com/docker-for-mac/troubleshoot/#issues - os.execute "rm -rf docker/yojimbo && mkdir -p docker/yojimbo && mkdir -p docker/yojimbo/tests && cp *.h docker/yojimbo && cp *.cpp docker/yojimbo && cp premake5.lua docker/yojimbo && cp -R reliable.io docker/yojimbo && cp -R netcode.io docker/yojimbo && cp -R tlsf docker/yojimbo && cd docker && docker build -t \"networkprotocol:yojimbo-server\" . && rm -rf yojimbo && docker run -ti -p 40000:40000/udp networkprotocol:yojimbo-server" - end - } - - newaction - { - trigger = "valgrind", - description = "Run valgrind over tests inside docker", - execute = function () - os.execute "rm -rf valgrind/yojimbo && mkdir -p valgrind/yojimbo && mkdir -p valgrind/yojimbo/tests && cp *.h valgrind/yojimbo && cp *.cpp valgrind/yojimbo && cp premake5.lua valgrind/yojimbo && cp -R reliable.io valgrind/yojimbo && cp -R netcode.io valgrind/yojimbo && cp -R tlsf valgrind/yojimbo && cd valgrind && docker build -t \"networkprotocol:yojimbo-valgrind\" . && rm -rf netcode.io && docker run -ti networkprotocol:yojimbo-valgrind" - end - } - - newaction - { - trigger = "matcher", - description = "Build and run the matchmaker web service inside a docker container", - execute = function () - os.execute "docker run --rm --privileged alpine hwclock -s" -- workaround for clock getting out of sync on macos. see https://docs.docker.com/docker-for-mac/troubleshoot/#issues - os.execute "cd matcher && docker build -t networkprotocol:yojimbo-matcher . && docker run -ti -p 8080:8080 networkprotocol:yojimbo-matcher" - end - } - - newaction - { - trigger = "secure_client", - description = "Build and run secure client and connect to a server via the matcher", - execute = function () - os.execute "test ! -e Makefile && premake5 gmake2" - if os.execute "make -j32 secure_client" then - os.execute "./bin/secure_client" - end - end - } + links { "yojimbo", "sodium", "tlsf", "netcode", "reliable" } - newaction - { - trigger = "stress", - description = "Launch 64 secure client instances to stress the matcher and server", - execute = function () - os.execute "test ! -e Makefile && premake5 gmake2" - if os.execute "make -j32 secure_client" then - for i = 0, 63 do - os.execute "./bin/secure_client &" - end - end - end - } - - newaction - { - trigger = "soak", - description = "Build and run soak test", - execute = function () - os.execute "test ! -e Makefile && premake5 gmake2" - if os.execute "make -j32 soak" then - os.execute "./bin/soak" - end - end - } - - newaction - { - trigger = "cppcheck", - description = "Run cppcheck over the source code and write to cppcheck.txt", - execute = function () - os.execute "cppcheck *.h *.cpp --force --std=c++03 --language=c++ --quiet -U min -U max 2>&1 --config-exclude=tlsf --suppress=incorrectStringBooleanError --suppress=cstyleCast --suppress=unusedFunction --suppress=unusedStructMember --suppress=variableScope --suppress=memsetClassFloat --enable=warning --enable=performance --enable=style --platform=native -j 32 | tee -a cppcheck.txt" - end - } - - newaction - { - trigger = "scan-build", - description = "Run clang scan-build over the project", - execute = function () - os.execute "premake5 clean && premake5 gmake2 && scan-build make all -j32" - end - } - - newaction - { - trigger = "coverity", - description = "Integrate latest code into coverity_scan so it gets coverity scanned by travis job", - execute = function () - os.execute "git checkout coverity_scan && git merge master && git push && git checkout master" - end - } - - newaction - { - trigger = "loc", - description = "Count lines of code", - execute = function () - os.execute "wc -l *.h *.cpp netcode.io/*.c netcode.io/*.h reliable.io/*.c reliable.io/*.h" - end - } - - newaction - { - trigger = "release", - description = "Create a release of this project", - execute = function () - _ACTION = "clean" - premake.action.call( "clean" ) - files_to_zip = "README.md BUILDING.md CHANGES.md ROADMAP.md *.cpp *.h premake5.lua docker tests tlsf windows" - -- todo: need to update this so it works with netcode.io and reliable.io sub-projects - os.execute( "rm -rf *.zip *.tar.gz" ); - os.execute( "rm -rf docker/yojimbo" ); - os.execute( "zip -9r yojimbo-" .. yojimbo_version .. ".zip " .. files_to_zip ) - os.execute( "unzip yojimbo-" .. yojimbo_version .. ".zip -d yojimbo-" .. yojimbo_version ); - os.execute( "tar -zcvf yojimbo-" .. yojimbo_version .. ".tar.gz yojimbo-" .. yojimbo_version ); - os.execute( "rm -rf yojimbo-" .. yojimbo_version ); - os.execute( "mkdir -p release" ); - os.execute( "mv yojimbo-" .. yojimbo_version .. ".zip release" ); - os.execute( "mv yojimbo-" .. yojimbo_version .. ".tar.gz release" ); - os.execute( "echo" ); - os.execute( "echo \"*** SUCCESSFULLY CREATED RELEASE - yojimbo-" .. yojimbo_version .. " *** \"" ); - os.execute( "echo" ); - end - } - - newaction - { - trigger = "sublime", - description = "Create sublime project", - execute = function () - os.execute "cp .sublime yojimbo.sublime-project" - end - } - - newaction - { - trigger = "docs", - description = "Build documentation", - execute = function () - if os.host() == "macosx" then - os.execute "doxygen doxygen.config && open docs/html/index.html" - else - os.execute "doxygen doxygen.config" - end - end - } - - newaction - { - trigger = "update_submodules", - description = "Updates to latest code for netcode.io and reliable.io", - execute = function () - os.execute "git pull" - os.execute "git submodule update --remote --merge" - os.execute "git add *" - os.execute "git commit -am \"update submodules\"" - os.execute "git push" - end - } - -else - - -- Windows - - newaction - { - trigger = "solution", - description = "Open Yojimbo.sln", - execute = function () - os.execute "premake5 vs2019" - os.execute "start Yojimbo.sln" - end - } - - newaction - { - trigger = "docker", - description = "Build and run a yojimbo server inside a docker container", - execute = function () - os.execute "cd docker && copyFiles.bat && buildServer.bat && runServer.bat" - end - } - - newaction - { - trigger = "matcher", - description = "Build and run the matchmaker web service inside a docker container", - execute = function () - os.execute "cd matcher && docker build -t networkprotocol:yojimbo-matcher . && docker run -ti -p 8080:8080 networkprotocol:yojimbo-matcher" - end - } - - newaction - { - trigger = "stress", - description = "Launch 64 secure client instances to stress the matcher and server", - execute = function () - for i = 0, 63 do - os.execute "if exist bin\\x64\\Debug\\secure_client.exe ( start /B bin\\x64\\Debug\\secure_client ) else ( echo could not find bin\\x64\\Debug\\secure_client.exe )" - end - end - } - - newaction - { - trigger = "docs", - description = "Build documentation", - execute = function () - os.execute "doxygen doxygen.config && start docs\\html\\index.html" - end - } - -end +project "test" + files { "test.cpp" } + links { "yojimbo", "sodium", "tlsf", "netcode", "reliable" } newaction { diff --git a/reliable.io b/reliable.io deleted file mode 160000 index f5d12957..00000000 --- a/reliable.io +++ /dev/null @@ -1 +0,0 @@ -Subproject commit f5d12957c3b53ed5ba15b7dd873c95cf2c6e4de9 diff --git a/reliable/reliable.c b/reliable/reliable.c new file mode 100644 index 00000000..df817650 --- /dev/null +++ b/reliable/reliable.c @@ -0,0 +1,2418 @@ +/* + reliable + + Copyright © 2017 - 2024, Mas Bandwidth LLC + + Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer + in the documentation and/or other materials provided with the distribution. + + 3. Neither the name of the copyright holder nor the names of its contributors may be used to endorse or promote products derived + from this software without specific prior written permission. + + THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR + SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, + WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE + USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +*/ + +#include "reliable.h" +#include +#include +#include +#include +#include +#include +#include +#include + +#ifndef RELIABLE_ENABLE_TESTS +#define RELIABLE_ENABLE_TESTS 0 +#endif // #ifndef RELIABLE_ENABLE_TESTS + +#ifndef RELIABLE_ENABLE_LOGGING +#define RELIABLE_ENABLE_LOGGING 1 +#endif // #ifndef RELIABLE_ENABLE_LOGGING + +// ------------------------------------------------------------------ + +static void default_assert_handler( RELIABLE_CONST char * condition, RELIABLE_CONST char * function, RELIABLE_CONST char * file, int line ) +{ + printf( "assert failed: ( %s ), function %s, file %s, line %d\n", condition, function, file, line ); + #if defined( __GNUC__ ) + __builtin_trap(); + #elif defined( _MSC_VER ) + __debugbreak(); + #endif + exit( 1 ); +} + +static int log_level = 0; +static int (*printf_function)( RELIABLE_CONST char *, ... ) = ( int (*)( RELIABLE_CONST char *, ... ) ) printf; +void (*reliable_assert_function)( RELIABLE_CONST char *, RELIABLE_CONST char *, RELIABLE_CONST char * file, int line ) = default_assert_handler; + +void reliable_log_level( int level ) +{ + log_level = level; +} + +void reliable_set_printf_function( int (*function)( RELIABLE_CONST char *, ... ) ) +{ + reliable_assert( function ); + printf_function = function; +} + +void reliable_set_assert_function( void (*function)( RELIABLE_CONST char *, RELIABLE_CONST char *, RELIABLE_CONST char * file, int line ) ) +{ + reliable_assert_function = function; +} + +#if RELIABLE_ENABLE_LOGGING + +void reliable_printf( int level, RELIABLE_CONST char * format, ... ) +{ + if ( level > log_level ) + return; + va_list args; + va_start( args, format ); + char buffer[4*1024]; + vsnprintf( buffer, sizeof(buffer), format, args ); + printf_function( "%s", buffer ); + va_end( args ); +} + +#else // #if RELIABLE_ENABLE_LOGGING + +void reliable_printf( int level, RELIABLE_CONST char * format, ... ) +{ + (void) level; + (void) format; +} + +#endif // #if RELIABLE_ENABLE_LOGGING + +void * reliable_default_allocate_function( void * context, uint64_t bytes ) +{ + (void) context; + return malloc( bytes ); +} + +void reliable_default_free_function( void * context, void * pointer ) +{ + (void) context; + free( pointer ); +} + +// ------------------------------------------------------------------ + +int reliable_init(void) +{ + return RELIABLE_OK; +} + +void reliable_term(void) +{ +} + +// --------------------------------------------------------------- + +int reliable_sequence_greater_than( uint16_t s1, uint16_t s2 ) +{ + return ( ( s1 > s2 ) && ( s1 - s2 <= 32768 ) ) || + ( ( s1 < s2 ) && ( s2 - s1 > 32768 ) ); +} + +int reliable_sequence_less_than( uint16_t s1, uint16_t s2 ) +{ + return reliable_sequence_greater_than( s2, s1 ); +} + +// --------------------------------------------------------------- + +struct reliable_sequence_buffer_t +{ + void * allocator_context; + void * (*allocate_function)(void*,uint64_t); + void (*free_function)(void*,void*); + uint16_t sequence; + int num_entries; + int entry_stride; + uint32_t * entry_sequence; + uint8_t * entry_data; +}; + +struct reliable_sequence_buffer_t * reliable_sequence_buffer_create( int num_entries, + int entry_stride, + void * allocator_context, + void * (*allocate_function)(void*,uint64_t), + void (*free_function)(void*,void*) ) +{ + reliable_assert( num_entries > 0 ); + reliable_assert( entry_stride > 0 ); + + if ( allocate_function == NULL ) + { + allocate_function = reliable_default_allocate_function; + } + + if ( free_function == NULL ) + { + free_function = reliable_default_free_function; + } + + struct reliable_sequence_buffer_t * sequence_buffer = (struct reliable_sequence_buffer_t*) + allocate_function( allocator_context, sizeof( struct reliable_sequence_buffer_t ) ); + + sequence_buffer->allocator_context = allocator_context; + sequence_buffer->allocate_function = allocate_function; + sequence_buffer->free_function = free_function; + sequence_buffer->sequence = 0; + sequence_buffer->num_entries = num_entries; + sequence_buffer->entry_stride = entry_stride; + sequence_buffer->entry_sequence = (uint32_t*) allocate_function( allocator_context, num_entries * sizeof( uint32_t ) ); + sequence_buffer->entry_data = (uint8_t*) allocate_function( allocator_context, num_entries * entry_stride ); + reliable_assert( sequence_buffer->entry_sequence ); + reliable_assert( sequence_buffer->entry_data ); + memset( sequence_buffer->entry_sequence, 0xFF, sizeof( uint32_t) * sequence_buffer->num_entries ); + memset( sequence_buffer->entry_data, 0, num_entries * entry_stride ); + + return sequence_buffer; +} + +void reliable_sequence_buffer_destroy( struct reliable_sequence_buffer_t * sequence_buffer ) +{ + reliable_assert( sequence_buffer ); + sequence_buffer->free_function( sequence_buffer->allocator_context, sequence_buffer->entry_sequence ); + sequence_buffer->free_function( sequence_buffer->allocator_context, sequence_buffer->entry_data ); + sequence_buffer->free_function( sequence_buffer->allocator_context, sequence_buffer ); +} + +void reliable_sequence_buffer_reset( struct reliable_sequence_buffer_t * sequence_buffer ) +{ + reliable_assert( sequence_buffer ); + sequence_buffer->sequence = 0; + memset( sequence_buffer->entry_sequence, 0xFF, sizeof( uint32_t) * sequence_buffer->num_entries ); +} + +void reliable_sequence_buffer_remove_entries( struct reliable_sequence_buffer_t * sequence_buffer, + int start_sequence, + int finish_sequence, + void (*cleanup_function)(void*,void*,void(*free_function)(void*,void*)) ) +{ + reliable_assert( sequence_buffer ); + if ( finish_sequence < start_sequence ) + { + finish_sequence += 65536; + } + if ( finish_sequence - start_sequence < sequence_buffer->num_entries ) + { + int sequence; + for ( sequence = start_sequence; sequence <= finish_sequence; ++sequence ) + { + if ( cleanup_function ) + { + cleanup_function( sequence_buffer->entry_data + sequence_buffer->entry_stride * ( sequence % sequence_buffer->num_entries ), + sequence_buffer->allocator_context, + sequence_buffer->free_function ); + } + sequence_buffer->entry_sequence[ sequence % sequence_buffer->num_entries ] = 0xFFFFFFFF; + } + } + else + { + int i; + for ( i = 0; i < sequence_buffer->num_entries; ++i ) + { + if ( cleanup_function ) + { + cleanup_function( sequence_buffer->entry_data + sequence_buffer->entry_stride * i, + sequence_buffer->allocator_context, + sequence_buffer->free_function ); + } + sequence_buffer->entry_sequence[i] = 0xFFFFFFFF; + } + } +} + +int reliable_sequence_buffer_test_insert( struct reliable_sequence_buffer_t * sequence_buffer, uint16_t sequence ) +{ + return reliable_sequence_less_than( sequence, sequence_buffer->sequence - ((uint16_t)sequence_buffer->num_entries) ) ? ((uint16_t)0) : ((uint16_t)1); +} + +void * reliable_sequence_buffer_insert( struct reliable_sequence_buffer_t * sequence_buffer, uint16_t sequence ) +{ + reliable_assert( sequence_buffer ); + if ( reliable_sequence_less_than( sequence, sequence_buffer->sequence - ((uint16_t)sequence_buffer->num_entries) ) ) + { + return NULL; + } + if ( reliable_sequence_greater_than( sequence + 1, sequence_buffer->sequence ) ) + { + reliable_sequence_buffer_remove_entries( sequence_buffer, sequence_buffer->sequence, sequence, NULL ); + sequence_buffer->sequence = sequence + 1; + } + int index = sequence % sequence_buffer->num_entries; + sequence_buffer->entry_sequence[index] = sequence; + return sequence_buffer->entry_data + index * sequence_buffer->entry_stride; +} + +void reliable_sequence_buffer_advance( struct reliable_sequence_buffer_t * sequence_buffer, uint16_t sequence ) +{ + reliable_assert( sequence_buffer ); + if ( reliable_sequence_greater_than( sequence + 1, sequence_buffer->sequence ) ) + { + reliable_sequence_buffer_remove_entries( sequence_buffer, sequence_buffer->sequence, sequence, NULL ); + sequence_buffer->sequence = sequence + 1; + } +} + +void * reliable_sequence_buffer_insert_with_cleanup( struct reliable_sequence_buffer_t * sequence_buffer, + uint16_t sequence, + void (*cleanup_function)(void*,void*,void(*free_function)(void*,void*)) ) +{ + reliable_assert( sequence_buffer ); + if ( reliable_sequence_greater_than( sequence + 1, sequence_buffer->sequence ) ) + { + reliable_sequence_buffer_remove_entries( sequence_buffer, sequence_buffer->sequence, sequence, cleanup_function ); + sequence_buffer->sequence = sequence + 1; + } + else if ( reliable_sequence_less_than( sequence, sequence_buffer->sequence - ((uint16_t)sequence_buffer->num_entries) ) ) + { + return NULL; + } + int index = sequence % sequence_buffer->num_entries; + if ( sequence_buffer->entry_sequence[index] != 0xFFFFFFFF ) + { + cleanup_function( sequence_buffer->entry_data + sequence_buffer->entry_stride * ( sequence % sequence_buffer->num_entries ), + sequence_buffer->allocator_context, + sequence_buffer->free_function ); + } + sequence_buffer->entry_sequence[index] = sequence; + return sequence_buffer->entry_data + index * sequence_buffer->entry_stride; +} + +void reliable_sequence_buffer_advance_with_cleanup( struct reliable_sequence_buffer_t * sequence_buffer, + uint16_t sequence, + void (*cleanup_function)(void*,void*,void(*free_function)(void*,void*)) ) +{ + reliable_assert( sequence_buffer ); + if ( reliable_sequence_greater_than( sequence + 1, sequence_buffer->sequence ) ) + { + reliable_sequence_buffer_remove_entries( sequence_buffer, sequence_buffer->sequence, sequence, cleanup_function ); + sequence_buffer->sequence = sequence + 1; + } +} + +void reliable_sequence_buffer_remove( struct reliable_sequence_buffer_t * sequence_buffer, uint16_t sequence ) +{ + reliable_assert( sequence_buffer ); + sequence_buffer->entry_sequence[ sequence % sequence_buffer->num_entries ] = 0xFFFFFFFF; +} + +void reliable_sequence_buffer_remove_with_cleanup( struct reliable_sequence_buffer_t * sequence_buffer, + uint16_t sequence, + void (*cleanup_function)(void*,void*,void(*free_function)(void*,void*)) ) +{ + reliable_assert( sequence_buffer ); + int index = sequence % sequence_buffer->num_entries; + if ( sequence_buffer->entry_sequence[index] != 0xFFFFFFFF ) + { + sequence_buffer->entry_sequence[index] = 0xFFFFFFFF; + cleanup_function( sequence_buffer->entry_data + sequence_buffer->entry_stride * index, sequence_buffer->allocator_context, sequence_buffer->free_function ); + } +} + +int reliable_sequence_buffer_available( struct reliable_sequence_buffer_t * sequence_buffer, uint16_t sequence ) +{ + reliable_assert( sequence_buffer ); + return sequence_buffer->entry_sequence[ sequence % sequence_buffer->num_entries ] == 0xFFFFFFFF; +} + +int reliable_sequence_buffer_exists( struct reliable_sequence_buffer_t * sequence_buffer, uint16_t sequence ) +{ + reliable_assert( sequence_buffer ); + return sequence_buffer->entry_sequence[ sequence % sequence_buffer->num_entries ] == (uint32_t) sequence; +} + +void * reliable_sequence_buffer_find( struct reliable_sequence_buffer_t * sequence_buffer, uint16_t sequence ) +{ + reliable_assert( sequence_buffer ); + int index = sequence % sequence_buffer->num_entries; + return ( ( sequence_buffer->entry_sequence[index] == (uint32_t) sequence ) ) ? ( sequence_buffer->entry_data + index * sequence_buffer->entry_stride ) : NULL; + +} + +void * reliable_sequence_buffer_at_index( struct reliable_sequence_buffer_t * sequence_buffer, int index ) +{ + reliable_assert( sequence_buffer ); + reliable_assert( index >= 0 ); + reliable_assert( index < sequence_buffer->num_entries ); + return sequence_buffer->entry_sequence[index] != 0xFFFFFFFF ? ( sequence_buffer->entry_data + index * sequence_buffer->entry_stride ) : NULL; +} + +void reliable_sequence_buffer_generate_ack_bits( struct reliable_sequence_buffer_t * sequence_buffer, uint16_t * ack, uint32_t * ack_bits ) +{ + reliable_assert( sequence_buffer ); + reliable_assert( ack ); + reliable_assert( ack_bits ); + *ack = sequence_buffer->sequence - 1; + *ack_bits = 0; + uint32_t mask = 1; + int i; + for ( i = 0; i < 32; ++i ) + { + uint16_t sequence = *ack - ((uint16_t)i); + if ( reliable_sequence_buffer_exists( sequence_buffer, sequence ) ) + *ack_bits |= mask; + mask <<= 1; + } +} + +// --------------------------------------------------------------- + +void reliable_write_uint8( uint8_t ** p, uint8_t value ) +{ + **p = value; + ++(*p); +} + +void reliable_write_uint16( uint8_t ** p, uint16_t value ) +{ + (*p)[0] = value & 0xFF; + (*p)[1] = value >> 8; + *p += 2; +} + +void reliable_write_uint32( uint8_t ** p, uint32_t value ) +{ + (*p)[0] = value & 0xFF; + (*p)[1] = ( value >> 8 ) & 0xFF; + (*p)[2] = ( value >> 16 ) & 0xFF; + (*p)[3] = value >> 24; + *p += 4; +} + +void reliable_write_uint64( uint8_t ** p, uint64_t value ) +{ + (*p)[0] = value & 0xFF; + (*p)[1] = ( value >> 8 ) & 0xFF; + (*p)[2] = ( value >> 16 ) & 0xFF; + (*p)[3] = ( value >> 24 ) & 0xFF; + (*p)[4] = ( value >> 32 ) & 0xFF; + (*p)[5] = ( value >> 40 ) & 0xFF; + (*p)[6] = ( value >> 48 ) & 0xFF; + (*p)[7] = value >> 56; + *p += 8; +} + +void reliable_write_bytes( uint8_t ** p, uint8_t * byte_array, int num_bytes ) +{ + int i; + for ( i = 0; i < num_bytes; ++i ) + { + reliable_write_uint8( p, byte_array[i] ); + } +} + +uint8_t reliable_read_uint8( uint8_t ** p ) +{ + uint8_t value = **p; + ++(*p); + return value; +} + +uint16_t reliable_read_uint16( uint8_t ** p ) +{ + uint16_t value; + value = (*p)[0]; + value |= ( ( (uint16_t)( (*p)[1] ) ) << 8 ); + *p += 2; + return value; +} + +uint32_t reliable_read_uint32( uint8_t ** p ) +{ + uint32_t value; + value = (*p)[0]; + value |= ( ( (uint32_t)( (*p)[1] ) ) << 8 ); + value |= ( ( (uint32_t)( (*p)[2] ) ) << 16 ); + value |= ( ( (uint32_t)( (*p)[3] ) ) << 24 ); + *p += 4; + return value; +} + +uint64_t reliable_read_uint64( uint8_t ** p ) +{ + uint64_t value; + value = (*p)[0]; + value |= ( ( (uint64_t)( (*p)[1] ) ) << 8 ); + value |= ( ( (uint64_t)( (*p)[2] ) ) << 16 ); + value |= ( ( (uint64_t)( (*p)[3] ) ) << 24 ); + value |= ( ( (uint64_t)( (*p)[4] ) ) << 32 ); + value |= ( ( (uint64_t)( (*p)[5] ) ) << 40 ); + value |= ( ( (uint64_t)( (*p)[6] ) ) << 48 ); + value |= ( ( (uint64_t)( (*p)[7] ) ) << 56 ); + *p += 8; + return value; +} + +void reliable_read_bytes( uint8_t ** p, uint8_t * byte_array, int num_bytes ) +{ + int i; + for ( i = 0; i < num_bytes; ++i ) + { + byte_array[i] = reliable_read_uint8( p ); + } +} + +// --------------------------------------------------------------- + +struct reliable_fragment_reassembly_data_t +{ + uint16_t sequence; + uint16_t ack; + uint32_t ack_bits; + int num_fragments_received; + int num_fragments_total; + uint8_t * packet_data; + int packet_bytes; + int packet_header_bytes; + uint8_t fragment_received[256]; +}; + +void reliable_fragment_reassembly_data_cleanup( void * data, void * allocator_context, void (*free_function)(void*,void*) ) + +{ + reliable_assert( free_function ); + struct reliable_fragment_reassembly_data_t * reassembly_data = (struct reliable_fragment_reassembly_data_t*) data; + if ( reassembly_data->packet_data ) + { + free_function( allocator_context, reassembly_data->packet_data ); + reassembly_data->packet_data = NULL; + } +} + +// --------------------------------------------------------------- + +struct reliable_endpoint_t +{ + void * allocator_context; + void * (*allocate_function)(void*,uint64_t); + void (*free_function)(void*,void*); + struct reliable_config_t config; + double time; + float rtt; + float packet_loss; + float sent_bandwidth_kbps; + float received_bandwidth_kbps; + float acked_bandwidth_kbps; + int num_acks; + uint16_t * acks; + uint16_t sequence; + struct reliable_sequence_buffer_t * sent_packets; + struct reliable_sequence_buffer_t * received_packets; + struct reliable_sequence_buffer_t * fragment_reassembly; + uint64_t counters[RELIABLE_ENDPOINT_NUM_COUNTERS]; +}; + +struct reliable_sent_packet_data_t +{ + double time; + uint32_t acked : 1; + uint32_t packet_bytes : 31; +}; + +struct reliable_received_packet_data_t +{ + double time; + uint32_t packet_bytes; +}; + +void reliable_default_config( struct reliable_config_t * config ) +{ + reliable_assert( config ); + memset( config, 0, sizeof( struct reliable_config_t ) ); + config->name[0] = 'e'; + config->name[1] = 'n'; + config->name[2] = 'd'; + config->name[3] = 'p'; + config->name[4] = 'o'; + config->name[5] = 'i'; + config->name[6] = 'n'; + config->name[7] = 't'; + config->name[8] = '\0'; + config->max_packet_size = 16 * 1024; + config->fragment_above = 1024; + config->max_fragments = 16; + config->fragment_size = 1024; + config->ack_buffer_size = 256; + config->sent_packets_buffer_size = 256; + config->received_packets_buffer_size = 256; + config->fragment_reassembly_buffer_size = 64; + config->rtt_smoothing_factor = 0.0025f; + config->packet_loss_smoothing_factor = 0.1f; + config->bandwidth_smoothing_factor = 0.1f; + config->packet_header_size = 28; // note: UDP over IPv4 = 20 + 8 bytes, UDP over IPv6 = 40 + 8 bytes +} + +struct reliable_endpoint_t * reliable_endpoint_create( struct reliable_config_t * config, double time ) +{ + reliable_assert( config ); + reliable_assert( config->max_packet_size > 0 ); + reliable_assert( config->fragment_above > 0 ); + reliable_assert( config->max_fragments > 0 ); + reliable_assert( config->max_fragments <= 256 ); + reliable_assert( config->fragment_size > 0 ); + reliable_assert( config->ack_buffer_size > 0 ); + reliable_assert( config->sent_packets_buffer_size > 0 ); + reliable_assert( config->received_packets_buffer_size > 0 ); + reliable_assert( config->transmit_packet_function != NULL ); + reliable_assert( config->process_packet_function != NULL ); + + void * allocator_context = config->allocator_context; + void * (*allocate_function)(void*,uint64_t) = config->allocate_function; + void (*free_function)(void*,void*) = config->free_function; + + if ( allocate_function == NULL ) + { + allocate_function = reliable_default_allocate_function; + } + + if ( free_function == NULL ) + { + free_function = reliable_default_free_function; + } + + struct reliable_endpoint_t * endpoint = (struct reliable_endpoint_t*) allocate_function( allocator_context, sizeof( struct reliable_endpoint_t ) ); + + reliable_assert( endpoint ); + + memset( endpoint, 0, sizeof( struct reliable_endpoint_t ) ); + + endpoint->allocator_context = allocator_context; + endpoint->allocate_function = allocate_function; + endpoint->free_function = free_function; + endpoint->config = *config; + endpoint->time = time; + + endpoint->acks = (uint16_t*) allocate_function( allocator_context, config->ack_buffer_size * sizeof( uint16_t ) ); + + endpoint->sent_packets = reliable_sequence_buffer_create( config->sent_packets_buffer_size, + sizeof( struct reliable_sent_packet_data_t ), + allocator_context, + allocate_function, + free_function ); + + endpoint->received_packets = reliable_sequence_buffer_create( config->received_packets_buffer_size, + sizeof( struct reliable_received_packet_data_t ), + allocator_context, + allocate_function, + free_function ); + + endpoint->fragment_reassembly = reliable_sequence_buffer_create( config->fragment_reassembly_buffer_size, + sizeof( struct reliable_fragment_reassembly_data_t ), + allocator_context, + allocate_function, + free_function ); + + memset( endpoint->acks, 0, config->ack_buffer_size * sizeof( uint16_t ) ); + + return endpoint; +} + +void reliable_endpoint_destroy( struct reliable_endpoint_t * endpoint ) +{ + reliable_assert( endpoint ); + reliable_assert( endpoint->acks ); + reliable_assert( endpoint->sent_packets ); + reliable_assert( endpoint->received_packets ); + + int i; + for ( i = 0; i < endpoint->config.fragment_reassembly_buffer_size; ++i ) + { + struct reliable_fragment_reassembly_data_t * reassembly_data = (struct reliable_fragment_reassembly_data_t*) + reliable_sequence_buffer_at_index( endpoint->fragment_reassembly, i ); + + if ( reassembly_data && reassembly_data->packet_data ) + { + endpoint->free_function( endpoint->allocator_context, reassembly_data->packet_data ); + reassembly_data->packet_data = NULL; + } + } + + endpoint->free_function( endpoint->allocator_context, endpoint->acks ); + + reliable_sequence_buffer_destroy( endpoint->sent_packets ); + reliable_sequence_buffer_destroy( endpoint->received_packets ); + reliable_sequence_buffer_destroy( endpoint->fragment_reassembly ); + + endpoint->free_function( endpoint->allocator_context, endpoint ); +} + +uint16_t reliable_endpoint_next_packet_sequence( struct reliable_endpoint_t * endpoint ) +{ + reliable_assert( endpoint ); + return endpoint->sequence; +} + +int reliable_write_packet_header( uint8_t * packet_data, uint16_t sequence, uint16_t ack, uint32_t ack_bits ) +{ + uint8_t * p = packet_data; + + uint8_t prefix_byte = 0; + + if ( ( ack_bits & 0x000000FF ) != 0x000000FF ) + { + prefix_byte |= (1<<1); + } + + if ( ( ack_bits & 0x0000FF00 ) != 0x0000FF00 ) + { + prefix_byte |= (1<<2); + } + + if ( ( ack_bits & 0x00FF0000 ) != 0x00FF0000 ) + { + prefix_byte |= (1<<3); + } + + if ( ( ack_bits & 0xFF000000 ) != 0xFF000000 ) + { + prefix_byte |= (1<<4); + } + + int sequence_difference = sequence - ack; + if ( sequence_difference < 0 ) + sequence_difference += 65536; + if ( sequence_difference <= 255 ) + prefix_byte |= (1<<5); + + reliable_write_uint8( &p, prefix_byte ); + + reliable_write_uint16( &p, sequence ); + + if ( sequence_difference <= 255 ) + { + reliable_write_uint8( &p, (uint8_t) sequence_difference ); + } + else + { + reliable_write_uint16( &p, ack ); + } + + if ( ( ack_bits & 0x000000FF ) != 0x000000FF ) + { + reliable_write_uint8( &p, (uint8_t) ( ack_bits & 0x000000FF ) ); + } + + if ( ( ack_bits & 0x0000FF00 ) != 0x0000FF00 ) + { + reliable_write_uint8( &p, (uint8_t) ( ( ack_bits & 0x0000FF00 ) >> 8 ) ); + } + + if ( ( ack_bits & 0x00FF0000 ) != 0x00FF0000 ) + { + reliable_write_uint8( &p, (uint8_t) ( ( ack_bits & 0x00FF0000 ) >> 16 ) ); + } + + if ( ( ack_bits & 0xFF000000 ) != 0xFF000000 ) + { + reliable_write_uint8( &p, (uint8_t) ( ( ack_bits & 0xFF000000 ) >> 24 ) ); + } + + reliable_assert( p - packet_data <= RELIABLE_MAX_PACKET_HEADER_BYTES ); + + return (int) ( p - packet_data ); +} + +void reliable_endpoint_send_packet( struct reliable_endpoint_t * endpoint, uint8_t * packet_data, int packet_bytes ) +{ + reliable_assert( endpoint ); + reliable_assert( packet_data ); + reliable_assert( packet_bytes > 0 ); + + if ( packet_bytes > endpoint->config.max_packet_size ) + { + reliable_printf( RELIABLE_LOG_LEVEL_ERROR, "[%s] packet too large to send. packet is %d bytes, maximum is %d\n", + endpoint->config.name, packet_bytes, endpoint->config.max_packet_size ); + endpoint->counters[RELIABLE_ENDPOINT_COUNTER_NUM_PACKETS_TOO_LARGE_TO_SEND]++; + return; + } + + uint16_t sequence = endpoint->sequence++; + uint16_t ack; + uint32_t ack_bits; + + reliable_sequence_buffer_generate_ack_bits( endpoint->received_packets, &ack, &ack_bits ); + + reliable_printf( RELIABLE_LOG_LEVEL_DEBUG, "[%s] sending packet %d\n", endpoint->config.name, sequence ); + + struct reliable_sent_packet_data_t * sent_packet_data = (struct reliable_sent_packet_data_t*) reliable_sequence_buffer_insert( endpoint->sent_packets, sequence ); + + reliable_assert( sent_packet_data ); + + sent_packet_data->time = endpoint->time; + sent_packet_data->packet_bytes = endpoint->config.packet_header_size + packet_bytes; + sent_packet_data->acked = 0; + + if ( packet_bytes <= endpoint->config.fragment_above ) + { + // regular packet + + reliable_printf( RELIABLE_LOG_LEVEL_DEBUG, "[%s] sending packet %d without fragmentation\n", endpoint->config.name, sequence ); + + uint8_t * transmit_packet_data = (uint8_t*) endpoint->allocate_function( endpoint->allocator_context, packet_bytes + RELIABLE_MAX_PACKET_HEADER_BYTES ); + + int packet_header_bytes = reliable_write_packet_header( transmit_packet_data, sequence, ack, ack_bits ); + + memcpy( transmit_packet_data + packet_header_bytes, packet_data, packet_bytes ); + + endpoint->config.transmit_packet_function( endpoint->config.context, endpoint->config.index, sequence, transmit_packet_data, packet_header_bytes + packet_bytes ); + + endpoint->free_function( endpoint->allocator_context, transmit_packet_data ); + } + else + { + // fragmented packet + + uint8_t packet_header[RELIABLE_MAX_PACKET_HEADER_BYTES]; + + memset( packet_header, 0, RELIABLE_MAX_PACKET_HEADER_BYTES ); + + int packet_header_bytes = reliable_write_packet_header( packet_header, sequence, ack, ack_bits ); + + int num_fragments = ( packet_bytes / endpoint->config.fragment_size ) + ( ( packet_bytes % endpoint->config.fragment_size ) != 0 ? 1 : 0 ); + + reliable_printf( RELIABLE_LOG_LEVEL_DEBUG, "[%s] sending packet %d as %d fragments\n", endpoint->config.name, sequence, num_fragments ); + + reliable_assert( num_fragments >= 1 ); + reliable_assert( num_fragments <= endpoint->config.max_fragments ); + + int fragment_buffer_size = RELIABLE_FRAGMENT_HEADER_BYTES + RELIABLE_MAX_PACKET_HEADER_BYTES + endpoint->config.fragment_size; + + uint8_t * fragment_packet_data = (uint8_t*) endpoint->allocate_function( endpoint->allocator_context, fragment_buffer_size ); + + uint8_t * q = packet_data; + + uint8_t * end = q + packet_bytes; + + int fragment_id; + for ( fragment_id = 0; fragment_id < num_fragments; ++fragment_id ) + { + uint8_t * p = fragment_packet_data; + + reliable_write_uint8( &p, 1 ); + reliable_write_uint16( &p, sequence ); + reliable_write_uint8( &p, (uint8_t) fragment_id ); + reliable_write_uint8( &p, (uint8_t) ( num_fragments - 1 ) ); + + if ( fragment_id == 0 ) + { + memcpy( p, packet_header, packet_header_bytes ); + p += packet_header_bytes; + } + + int bytes_to_copy = endpoint->config.fragment_size; + if ( q + bytes_to_copy > end ) + { + bytes_to_copy = (int) ( end - q ); + } + + memcpy( p, q, bytes_to_copy ); + + p += bytes_to_copy; + q += bytes_to_copy; + + int fragment_packet_bytes = (int) ( p - fragment_packet_data ); + + endpoint->config.transmit_packet_function( endpoint->config.context, endpoint->config.index, sequence, fragment_packet_data, fragment_packet_bytes ); + + endpoint->counters[RELIABLE_ENDPOINT_COUNTER_NUM_FRAGMENTS_SENT]++; + } + + endpoint->free_function( endpoint->allocator_context, fragment_packet_data ); + } + + endpoint->counters[RELIABLE_ENDPOINT_COUNTER_NUM_PACKETS_SENT]++; +} + +int reliable_read_packet_header( RELIABLE_CONST char * name, uint8_t * packet_data, int packet_bytes, uint16_t * sequence, uint16_t * ack, uint32_t * ack_bits ) +{ + if ( packet_bytes < 3 ) + { + reliable_printf( RELIABLE_LOG_LEVEL_DEBUG, "[%s] packet too small for packet header (1)\n", name ); + return -1; + } + + uint8_t * p = packet_data; + + uint8_t prefix_byte = reliable_read_uint8( &p ); + + if ( ( prefix_byte & 1 ) != 0 ) + { + reliable_printf( RELIABLE_LOG_LEVEL_DEBUG, "[%s] prefix byte does not indicate a regular packet\n", name ); + return -1; + } + + *sequence = reliable_read_uint16( &p ); + + if ( prefix_byte & (1<<5) ) + { + if ( packet_bytes < 3 + 1 ) + { + reliable_printf( RELIABLE_LOG_LEVEL_DEBUG, "[%s] packet too small for packet header (2)\n", name ); + return -1; + } + uint8_t sequence_difference = reliable_read_uint8( &p ); + *ack = *sequence - sequence_difference; + } + else + { + if ( packet_bytes < 3 + 2 ) + { + reliable_printf( RELIABLE_LOG_LEVEL_DEBUG, "[%s] packet too small for packet header (3)\n", name ); + return -1; + } + *ack = reliable_read_uint16( &p ); + } + + int expected_bytes = 0; + int i; + for ( i = 1; i <= 4; ++i ) + { + if ( prefix_byte & (1< max_fragments ) + { + reliable_printf( RELIABLE_LOG_LEVEL_DEBUG, "[%s] num fragments %d outside of range of max fragments %d\n", name, *num_fragments, max_fragments ); + return -1; + } + + if ( *fragment_id >= *num_fragments ) + { + reliable_printf( RELIABLE_LOG_LEVEL_DEBUG, "[%s] fragment id %d outside of range of num fragments %d\n", name, *fragment_id, *num_fragments ); + return -1; + } + + *fragment_bytes = packet_bytes - RELIABLE_FRAGMENT_HEADER_BYTES; + + uint16_t packet_sequence = 0; + uint16_t packet_ack = 0; + uint32_t packet_ack_bits = 0; + + if ( *fragment_id == 0 ) + { + int packet_header_bytes = reliable_read_packet_header( name, + packet_data + RELIABLE_FRAGMENT_HEADER_BYTES, + packet_bytes, + &packet_sequence, + &packet_ack, + &packet_ack_bits ); + + if ( packet_header_bytes < 0 ) + { + reliable_printf( RELIABLE_LOG_LEVEL_DEBUG, "[%s] bad packet header in fragment\n", name ); + return -1; + } + + if ( packet_sequence != *sequence ) + { + reliable_printf( RELIABLE_LOG_LEVEL_DEBUG, "[%s] bad packet sequence in fragment. expected %d, got %d\n", name, *sequence, packet_sequence ); + return -1; + } + + *fragment_bytes = packet_bytes - packet_header_bytes - RELIABLE_FRAGMENT_HEADER_BYTES; + } + + *ack = packet_ack; + *ack_bits = packet_ack_bits; + + if ( *fragment_bytes > fragment_size ) + { + reliable_printf( RELIABLE_LOG_LEVEL_DEBUG, "[%s] fragment bytes %d > fragment size %d\n", name, *fragment_bytes, fragment_size ); + return - 1; + } + + if ( *fragment_id != *num_fragments - 1 && *fragment_bytes != fragment_size ) + { + reliable_printf( RELIABLE_LOG_LEVEL_DEBUG, "[%s] fragment %d is %d bytes, which is not the expected fragment size %d\n", + name, *fragment_id, *fragment_bytes, fragment_size ); + return -1; + } + + return (int) ( p - packet_data ); +} + +void reliable_store_fragment_data( struct reliable_fragment_reassembly_data_t * reassembly_data, + uint16_t sequence, + uint16_t ack, + uint32_t ack_bits, + int fragment_id, + int fragment_size, + uint8_t * fragment_data, + int fragment_bytes ) +{ + if ( fragment_id == 0 ) + { + uint8_t packet_header[RELIABLE_MAX_PACKET_HEADER_BYTES]; + + memset( packet_header, 0, RELIABLE_MAX_PACKET_HEADER_BYTES ); + + reassembly_data->packet_header_bytes = reliable_write_packet_header( packet_header, sequence, ack, ack_bits ); + + memcpy( reassembly_data->packet_data + RELIABLE_MAX_PACKET_HEADER_BYTES - reassembly_data->packet_header_bytes, + packet_header, + reassembly_data->packet_header_bytes ); + + fragment_data += reassembly_data->packet_header_bytes; + fragment_bytes -= reassembly_data->packet_header_bytes; + } + + if ( fragment_id == reassembly_data->num_fragments_total - 1 ) + { + reassembly_data->packet_bytes = ( reassembly_data->num_fragments_total - 1 ) * fragment_size + fragment_bytes; + } + + memcpy( reassembly_data->packet_data + RELIABLE_MAX_PACKET_HEADER_BYTES + fragment_id * fragment_size, fragment_data, fragment_bytes ); +} + +void reliable_endpoint_receive_packet( struct reliable_endpoint_t * endpoint, uint8_t * packet_data, int packet_bytes ) +{ + reliable_assert( endpoint ); + reliable_assert( packet_data ); + reliable_assert( packet_bytes > 0 ); + + if ( packet_bytes > endpoint->config.max_packet_size + RELIABLE_MAX_PACKET_HEADER_BYTES + RELIABLE_FRAGMENT_HEADER_BYTES ) + { + reliable_printf( RELIABLE_LOG_LEVEL_DEBUG, "[%s] packet too large to receive. packet is at least %d bytes, maximum is %d\n", + endpoint->config.name, packet_bytes - ( RELIABLE_MAX_PACKET_HEADER_BYTES + RELIABLE_FRAGMENT_HEADER_BYTES ), endpoint->config.max_packet_size ); + endpoint->counters[RELIABLE_ENDPOINT_COUNTER_NUM_PACKETS_TOO_LARGE_TO_RECEIVE]++; + return; + } + + uint8_t prefix_byte = packet_data[0]; + + if ( ( prefix_byte & 1 ) == 0 ) + { + // regular packet + + endpoint->counters[RELIABLE_ENDPOINT_COUNTER_NUM_PACKETS_RECEIVED]++; + + uint16_t sequence; + uint16_t ack; + uint32_t ack_bits; + + int packet_header_bytes = reliable_read_packet_header( endpoint->config.name, packet_data, packet_bytes, &sequence, &ack, &ack_bits ); + if ( packet_header_bytes < 0 ) + { + reliable_printf( RELIABLE_LOG_LEVEL_DEBUG, "[%s] ignoring invalid packet. could not read packet header\n", endpoint->config.name ); + endpoint->counters[RELIABLE_ENDPOINT_COUNTER_NUM_PACKETS_INVALID]++; + return; + } + + reliable_assert( packet_header_bytes <= packet_bytes ); + + int packet_payload_bytes = packet_bytes - packet_header_bytes; + + if ( packet_payload_bytes > endpoint->config.max_packet_size ) + { + reliable_printf( RELIABLE_LOG_LEVEL_ERROR, "[%s] packet too large to receive. packet is at %d bytes, maximum is %d\n", + endpoint->config.name, packet_payload_bytes, endpoint->config.max_packet_size ); + endpoint->counters[RELIABLE_ENDPOINT_COUNTER_NUM_PACKETS_TOO_LARGE_TO_RECEIVE]++; + return; + } + + if ( !reliable_sequence_buffer_test_insert( endpoint->received_packets, sequence ) ) + { + reliable_printf( RELIABLE_LOG_LEVEL_DEBUG, "[%s] ignoring stale packet %d\n", endpoint->config.name, sequence ); + endpoint->counters[RELIABLE_ENDPOINT_COUNTER_NUM_PACKETS_STALE]++; + return; + } + + reliable_printf( RELIABLE_LOG_LEVEL_DEBUG, "[%s] processing packet %d\n", endpoint->config.name, sequence ); + + if ( endpoint->config.process_packet_function( endpoint->config.context, + endpoint->config.index, + sequence, + packet_data + packet_header_bytes, + packet_bytes - packet_header_bytes ) ) + { + reliable_printf( RELIABLE_LOG_LEVEL_DEBUG, "[%s] process packet %d successful\n", endpoint->config.name, sequence ); + + struct reliable_received_packet_data_t * received_packet_data = (struct reliable_received_packet_data_t*) + reliable_sequence_buffer_insert( endpoint->received_packets, sequence ); + + reliable_sequence_buffer_advance_with_cleanup( endpoint->fragment_reassembly, sequence, reliable_fragment_reassembly_data_cleanup ); + + reliable_assert( received_packet_data ); + + received_packet_data->time = endpoint->time; + received_packet_data->packet_bytes = endpoint->config.packet_header_size + packet_bytes; + + int i; + for ( i = 0; i < 32; ++i ) + { + if ( ack_bits & 1 ) + { + uint16_t ack_sequence = ack - ((uint16_t)i); + + struct reliable_sent_packet_data_t * sent_packet_data = (struct reliable_sent_packet_data_t*) + reliable_sequence_buffer_find( endpoint->sent_packets, ack_sequence ); + + if ( sent_packet_data && !sent_packet_data->acked && endpoint->num_acks < endpoint->config.ack_buffer_size ) + { + reliable_printf( RELIABLE_LOG_LEVEL_DEBUG, "[%s] acked packet %d\n", endpoint->config.name, ack_sequence ); + endpoint->acks[endpoint->num_acks++] = ack_sequence; + endpoint->counters[RELIABLE_ENDPOINT_COUNTER_NUM_PACKETS_ACKED]++; + sent_packet_data->acked = 1; + + float rtt = (float) ( endpoint->time - sent_packet_data->time ) * 1000.0f; + reliable_assert( rtt >= 0.0 ); + if ( ( endpoint->rtt == 0.0f && rtt > 0.0f ) || fabs( endpoint->rtt - rtt ) < 0.00001 ) + { + endpoint->rtt = rtt; + } + else + { + endpoint->rtt += ( rtt - endpoint->rtt ) * endpoint->config.rtt_smoothing_factor; + } + } + } + ack_bits >>= 1; + } + } + else + { + reliable_printf( RELIABLE_LOG_LEVEL_ERROR, "[%s] process packet failed\n", endpoint->config.name ); + } + } + else + { + // fragment packet + + int fragment_id; + int num_fragments; + int fragment_bytes; + + uint16_t sequence; + uint16_t ack; + uint32_t ack_bits; + + int fragment_header_bytes = reliable_read_fragment_header( endpoint->config.name, + packet_data, + packet_bytes, + endpoint->config.max_fragments, + endpoint->config.fragment_size, + &fragment_id, + &num_fragments, + &fragment_bytes, + &sequence, + &ack, + &ack_bits ); + + if ( fragment_header_bytes < 0 ) + { + reliable_printf( RELIABLE_LOG_LEVEL_DEBUG, "[%s] ignoring invalid fragment. could not read fragment header\n", endpoint->config.name ); + endpoint->counters[RELIABLE_ENDPOINT_COUNTER_NUM_FRAGMENTS_INVALID]++; + return; + } + + struct reliable_fragment_reassembly_data_t * reassembly_data = (struct reliable_fragment_reassembly_data_t*) + reliable_sequence_buffer_find( endpoint->fragment_reassembly, sequence ); + + if ( !reassembly_data ) + { + reassembly_data = (struct reliable_fragment_reassembly_data_t*) + reliable_sequence_buffer_insert_with_cleanup( endpoint->fragment_reassembly, sequence, reliable_fragment_reassembly_data_cleanup ); + + if ( !reassembly_data ) + { + reliable_printf( RELIABLE_LOG_LEVEL_ERROR, "[%s] ignoring invalid fragment. could not insert in reassembly buffer (stale)\n", endpoint->config.name ); + endpoint->counters[RELIABLE_ENDPOINT_COUNTER_NUM_FRAGMENTS_INVALID]++; + return; + } + + reliable_sequence_buffer_advance( endpoint->received_packets, sequence ); + + int packet_buffer_size = RELIABLE_MAX_PACKET_HEADER_BYTES + num_fragments * endpoint->config.fragment_size; + + reassembly_data->sequence = sequence; + reassembly_data->ack = 0; + reassembly_data->ack_bits = 0; + reassembly_data->num_fragments_received = 0; + reassembly_data->num_fragments_total = num_fragments; + reassembly_data->packet_data = (uint8_t*) endpoint->allocate_function( endpoint->allocator_context, packet_buffer_size ); + reassembly_data->packet_bytes = 0; + memset( reassembly_data->fragment_received, 0, sizeof( reassembly_data->fragment_received ) ); + } + + if ( num_fragments != (int) reassembly_data->num_fragments_total ) + { + reliable_printf( RELIABLE_LOG_LEVEL_ERROR, "[%s] ignoring invalid fragment. fragment count mismatch. expected %d, got %d\n", + endpoint->config.name, (int) reassembly_data->num_fragments_total, num_fragments ); + endpoint->counters[RELIABLE_ENDPOINT_COUNTER_NUM_FRAGMENTS_INVALID]++; + return; + } + + if ( reassembly_data->fragment_received[fragment_id] ) + { + reliable_printf( RELIABLE_LOG_LEVEL_ERROR, "[%s] ignoring fragment %d of packet %d. fragment already received\n", + endpoint->config.name, fragment_id, sequence ); + return; + } + + reliable_printf( RELIABLE_LOG_LEVEL_DEBUG, "[%s] received fragment %d of packet %d (%d/%d)\n", + endpoint->config.name, fragment_id, sequence, reassembly_data->num_fragments_received+1, num_fragments ); + + reassembly_data->num_fragments_received++; + reassembly_data->fragment_received[fragment_id] = 1; + + reliable_store_fragment_data( reassembly_data, + sequence, + ack, + ack_bits, + fragment_id, + endpoint->config.fragment_size, + packet_data + fragment_header_bytes, + packet_bytes - fragment_header_bytes ); + + if ( reassembly_data->num_fragments_received == reassembly_data->num_fragments_total ) + { + reliable_printf( RELIABLE_LOG_LEVEL_DEBUG, "[%s] completed reassembly of packet %d\n", endpoint->config.name, sequence ); + + reliable_endpoint_receive_packet( endpoint, + reassembly_data->packet_data + RELIABLE_MAX_PACKET_HEADER_BYTES - reassembly_data->packet_header_bytes, + reassembly_data->packet_header_bytes + reassembly_data->packet_bytes ); + + reliable_sequence_buffer_remove_with_cleanup( endpoint->fragment_reassembly, sequence, reliable_fragment_reassembly_data_cleanup ); + } + + endpoint->counters[RELIABLE_ENDPOINT_COUNTER_NUM_FRAGMENTS_RECEIVED]++; + } +} + +void reliable_endpoint_free_packet( struct reliable_endpoint_t * endpoint, void * packet ) +{ + reliable_assert( endpoint ); + reliable_assert( packet ); + endpoint->free_function( endpoint->allocator_context, packet ); +} + +uint16_t * reliable_endpoint_get_acks( struct reliable_endpoint_t * endpoint, int * num_acks ) +{ + reliable_assert( endpoint ); + reliable_assert( num_acks ); + *num_acks = endpoint->num_acks; + return endpoint->acks; +} + +void reliable_endpoint_clear_acks( struct reliable_endpoint_t * endpoint ) +{ + reliable_assert( endpoint ); + endpoint->num_acks = 0; +} + +void reliable_endpoint_reset( struct reliable_endpoint_t * endpoint ) +{ + reliable_assert( endpoint ); + + endpoint->num_acks = 0; + endpoint->sequence = 0; + + memset( endpoint->acks, 0, endpoint->config.ack_buffer_size * sizeof( uint16_t ) ); + memset( endpoint->counters, 0, RELIABLE_ENDPOINT_NUM_COUNTERS * sizeof( uint64_t ) ); + + int i; + for ( i = 0; i < endpoint->config.fragment_reassembly_buffer_size; ++i ) + { + struct reliable_fragment_reassembly_data_t * reassembly_data = (struct reliable_fragment_reassembly_data_t*) + reliable_sequence_buffer_at_index( endpoint->fragment_reassembly, i ); + + if ( reassembly_data && reassembly_data->packet_data ) + { + endpoint->free_function( endpoint->allocator_context, reassembly_data->packet_data ); + reassembly_data->packet_data = NULL; + } + } + + reliable_sequence_buffer_reset( endpoint->sent_packets ); + reliable_sequence_buffer_reset( endpoint->received_packets ); + reliable_sequence_buffer_reset( endpoint->fragment_reassembly ); +} + +void reliable_endpoint_update( struct reliable_endpoint_t * endpoint, double time ) +{ + reliable_assert( endpoint ); + + endpoint->time = time; + + // calculate packet loss + { + uint32_t base_sequence = ( endpoint->sent_packets->sequence - endpoint->config.sent_packets_buffer_size + 1 ) + 0xFFFF; + int i; + int num_dropped = 0; + int num_samples = endpoint->config.sent_packets_buffer_size / 2; + for ( i = 0; i < num_samples; ++i ) + { + uint16_t sequence = (uint16_t) ( base_sequence + i ); + struct reliable_sent_packet_data_t * sent_packet_data = (struct reliable_sent_packet_data_t*) + reliable_sequence_buffer_find( endpoint->sent_packets, sequence ); + if ( sent_packet_data && !sent_packet_data->acked ) + { + num_dropped++; + } + } + float packet_loss = ( (float) num_dropped ) / ( (float) num_samples ) * 100.0f; + if ( fabs( endpoint->packet_loss - packet_loss ) > 0.00001 ) + { + endpoint->packet_loss += ( packet_loss - endpoint->packet_loss ) * endpoint->config.packet_loss_smoothing_factor; + } + else + { + endpoint->packet_loss = packet_loss; + } + } + + // calculate sent bandwidth + { + uint32_t base_sequence = ( endpoint->sent_packets->sequence - endpoint->config.sent_packets_buffer_size + 1 ) + 0xFFFF; + int i; + int bytes_sent = 0; + double start_time = FLT_MAX; + double finish_time = 0.0; + int num_samples = endpoint->config.sent_packets_buffer_size / 2; + for ( i = 0; i < num_samples; ++i ) + { + uint16_t sequence = (uint16_t) ( base_sequence + i ); + struct reliable_sent_packet_data_t * sent_packet_data = (struct reliable_sent_packet_data_t*) + reliable_sequence_buffer_find( endpoint->sent_packets, sequence ); + if ( !sent_packet_data ) + { + continue; + } + bytes_sent += sent_packet_data->packet_bytes; + if ( sent_packet_data->time < start_time ) + { + start_time = sent_packet_data->time; + } + if ( sent_packet_data->time > finish_time ) + { + finish_time = sent_packet_data->time; + } + } + if ( start_time != FLT_MAX && finish_time != 0.0 ) + { + float sent_bandwidth_kbps = (float) ( ( (double) bytes_sent ) / ( finish_time - start_time ) * 8.0f / 1000.0f ); + if ( fabs( endpoint->sent_bandwidth_kbps - sent_bandwidth_kbps ) > 0.00001 ) + { + endpoint->sent_bandwidth_kbps += ( sent_bandwidth_kbps - endpoint->sent_bandwidth_kbps ) * endpoint->config.bandwidth_smoothing_factor; + } + else + { + endpoint->sent_bandwidth_kbps = sent_bandwidth_kbps; + } + } + } + + // calculate received bandwidth + { + uint32_t base_sequence = ( endpoint->received_packets->sequence - endpoint->config.received_packets_buffer_size + 1 ) + 0xFFFF; + int i; + int bytes_sent = 0; + double start_time = FLT_MAX; + double finish_time = 0.0; + int num_samples = endpoint->config.received_packets_buffer_size / 2; + for ( i = 0; i < num_samples; ++i ) + { + uint16_t sequence = (uint16_t) ( base_sequence + i ); + struct reliable_received_packet_data_t * received_packet_data = (struct reliable_received_packet_data_t*) + reliable_sequence_buffer_find( endpoint->received_packets, sequence ); + if ( !received_packet_data ) + { + continue; + } + bytes_sent += received_packet_data->packet_bytes; + if ( received_packet_data->time < start_time ) + { + start_time = received_packet_data->time; + } + if ( received_packet_data->time > finish_time ) + { + finish_time = received_packet_data->time; + } + } + if ( start_time != FLT_MAX && finish_time != 0.0 ) + { + float received_bandwidth_kbps = (float) ( ( (double) bytes_sent ) / ( finish_time - start_time ) * 8.0f / 1000.0f ); + if ( fabs( endpoint->received_bandwidth_kbps - received_bandwidth_kbps ) > 0.00001 ) + { + endpoint->received_bandwidth_kbps += ( received_bandwidth_kbps - endpoint->received_bandwidth_kbps ) * endpoint->config.bandwidth_smoothing_factor; + } + else + { + endpoint->received_bandwidth_kbps = received_bandwidth_kbps; + } + } + } + + // calculate acked bandwidth + { + uint32_t base_sequence = ( endpoint->sent_packets->sequence - endpoint->config.sent_packets_buffer_size + 1 ) + 0xFFFF; + int i; + int bytes_sent = 0; + double start_time = FLT_MAX; + double finish_time = 0.0; + int num_samples = endpoint->config.sent_packets_buffer_size / 2; + for ( i = 0; i < num_samples; ++i ) + { + uint16_t sequence = (uint16_t) ( base_sequence + i ); + struct reliable_sent_packet_data_t * sent_packet_data = (struct reliable_sent_packet_data_t*) + reliable_sequence_buffer_find( endpoint->sent_packets, sequence ); + if ( !sent_packet_data || !sent_packet_data->acked ) + { + continue; + } + bytes_sent += sent_packet_data->packet_bytes; + if ( sent_packet_data->time < start_time ) + { + start_time = sent_packet_data->time; + } + if ( sent_packet_data->time > finish_time ) + { + finish_time = sent_packet_data->time; + } + } + if ( start_time != FLT_MAX && finish_time != 0.0 ) + { + float acked_bandwidth_kbps = (float) ( ( (double) bytes_sent ) / ( finish_time - start_time ) * 8.0f / 1000.0f ); + if ( fabs( endpoint->acked_bandwidth_kbps - acked_bandwidth_kbps ) > 0.00001 ) + { + endpoint->acked_bandwidth_kbps += ( acked_bandwidth_kbps - endpoint->acked_bandwidth_kbps ) * endpoint->config.bandwidth_smoothing_factor; + } + else + { + endpoint->acked_bandwidth_kbps = acked_bandwidth_kbps; + } + } + } +} + +float reliable_endpoint_rtt( struct reliable_endpoint_t * endpoint ) +{ + reliable_assert( endpoint ); + return endpoint->rtt; +} + +float reliable_endpoint_packet_loss( struct reliable_endpoint_t * endpoint ) +{ + reliable_assert( endpoint ); + return endpoint->packet_loss; +} + +void reliable_endpoint_bandwidth( struct reliable_endpoint_t * endpoint, float * sent_bandwidth_kbps, float * received_bandwidth_kbps, float * acked_bandwidth_kbps ) +{ + reliable_assert( endpoint ); + reliable_assert( sent_bandwidth_kbps ); + reliable_assert( acked_bandwidth_kbps ); + reliable_assert( received_bandwidth_kbps ); + *sent_bandwidth_kbps = endpoint->sent_bandwidth_kbps; + *received_bandwidth_kbps = endpoint->received_bandwidth_kbps; + *acked_bandwidth_kbps = endpoint->acked_bandwidth_kbps; +} + +RELIABLE_CONST uint64_t * reliable_endpoint_counters( struct reliable_endpoint_t * endpoint ) +{ + reliable_assert( endpoint ); + return endpoint->counters; +} + +// --------------------------------------------------------------- + +#if RELIABLE_ENABLE_TESTS + +#include +#include +#include + +static void check_handler( RELIABLE_CONST char * condition, + RELIABLE_CONST char * function, + RELIABLE_CONST char * file, + int line ) +{ + printf( "check failed: ( %s ), function %s, file %s, line %d\n", condition, function, file, line ); +#ifdef RELIABLE_DEBUG + #if defined( __GNUC__ ) + __builtin_trap(); + #elif defined( _MSC_VER ) + __debugbreak(); + #endif +#endif + exit( 1 ); +} + +#define check( condition ) \ +do \ +{ \ + if ( !(condition) ) \ + { \ + check_handler( #condition, (RELIABLE_CONST char*) __FUNCTION__, __FILE__, __LINE__ ); \ + } \ +} while(0) + +static void test_endian() +{ + uint32_t value = 0x11223344; + + char * bytes = (char*) &value; + +#if RELIABLE_LITTLE_ENDIAN + + check( bytes[0] == 0x44 ); + check( bytes[1] == 0x33 ); + check( bytes[2] == 0x22 ); + check( bytes[3] == 0x11 ); + +#else // #if RELIABLE_LITTLE_ENDIAN + + check( bytes[3] == 0x44 ); + check( bytes[2] == 0x33 ); + check( bytes[1] == 0x22 ); + check( bytes[0] == 0x11 ); + +#endif // #if RELIABLE_LITTLE_ENDIAN +} + +struct test_sequence_data_t +{ + uint16_t sequence; +}; + +#define TEST_SEQUENCE_BUFFER_SIZE 256 + +static void test_sequence_buffer() +{ + struct reliable_sequence_buffer_t * sequence_buffer = reliable_sequence_buffer_create( TEST_SEQUENCE_BUFFER_SIZE, + sizeof( struct test_sequence_data_t ), + NULL, + NULL, + NULL ); + + check( sequence_buffer ); + check( sequence_buffer->sequence == 0 ); + check( sequence_buffer->num_entries == TEST_SEQUENCE_BUFFER_SIZE ); + check( sequence_buffer->entry_stride == sizeof( struct test_sequence_data_t ) ); + + int i; + for ( i = 0; i < TEST_SEQUENCE_BUFFER_SIZE; ++i ) + { + check( reliable_sequence_buffer_find( sequence_buffer, ((uint16_t)i) ) == NULL ); + } + + for ( i = 0; i <= TEST_SEQUENCE_BUFFER_SIZE*4; ++i ) + { + struct test_sequence_data_t * entry = (struct test_sequence_data_t*) reliable_sequence_buffer_insert( sequence_buffer, ((uint16_t)i) ); + check( entry ); + entry->sequence = (uint16_t) i; + check( sequence_buffer->sequence == i + 1 ); + } + + for ( i = 0; i <= TEST_SEQUENCE_BUFFER_SIZE; ++i ) + { + struct test_sequence_data_t * entry = (struct test_sequence_data_t*) reliable_sequence_buffer_insert( sequence_buffer, ((uint16_t)i) ); + check( entry == NULL ); + } + + int index = TEST_SEQUENCE_BUFFER_SIZE * 4; + for ( i = 0; i < TEST_SEQUENCE_BUFFER_SIZE; ++i ) + { + struct test_sequence_data_t * entry = (struct test_sequence_data_t*) reliable_sequence_buffer_find( sequence_buffer, (uint16_t) index ); + check( entry ); + check( entry->sequence == (uint32_t) index ); + index--; + } + + reliable_sequence_buffer_reset( sequence_buffer ); + + check( sequence_buffer ); + check( sequence_buffer->sequence == 0 ); + check( sequence_buffer->num_entries == TEST_SEQUENCE_BUFFER_SIZE ); + check( sequence_buffer->entry_stride == sizeof( struct test_sequence_data_t ) ); + + for ( i = 0; i < TEST_SEQUENCE_BUFFER_SIZE; ++i ) + { + check( reliable_sequence_buffer_find( sequence_buffer, (uint16_t) i ) == NULL ); + } + + reliable_sequence_buffer_destroy( sequence_buffer ); +} + +static void test_generate_ack_bits() +{ + struct reliable_sequence_buffer_t * sequence_buffer = reliable_sequence_buffer_create( TEST_SEQUENCE_BUFFER_SIZE, + sizeof( struct test_sequence_data_t ), + NULL, + NULL, + NULL ); + + uint16_t ack = 0; + uint32_t ack_bits = 0xFFFFFFFF; + + reliable_sequence_buffer_generate_ack_bits( sequence_buffer, &ack, &ack_bits ); + check( ack == 0xFFFF ); + check( ack_bits == 0 ); + + int i; + for ( i = 0; i <= TEST_SEQUENCE_BUFFER_SIZE; ++i ) + { + reliable_sequence_buffer_insert( sequence_buffer, (uint16_t) i ); + } + + reliable_sequence_buffer_generate_ack_bits( sequence_buffer, &ack, &ack_bits ); + check( ack == TEST_SEQUENCE_BUFFER_SIZE ); + check( ack_bits == 0xFFFFFFFF ); + + reliable_sequence_buffer_reset( sequence_buffer ); + + uint16_t input_acks[] = { 1, 5, 9, 11 }; + int input_num_acks = sizeof( input_acks ) / sizeof( uint16_t ); + for ( i = 0; i < input_num_acks; ++i ) + { + reliable_sequence_buffer_insert( sequence_buffer, input_acks[i] ); + } + + reliable_sequence_buffer_generate_ack_bits( sequence_buffer, &ack, &ack_bits ); + + check( ack == 11 ); + check( ack_bits == ( 1 | (1<<(11-9)) | (1<<(11-5)) | (1<<(11-1)) ) ); + + reliable_sequence_buffer_destroy( sequence_buffer ); +} + +static void test_packet_header() +{ + uint16_t write_sequence; + uint16_t write_ack; + uint32_t write_ack_bits; + + uint16_t read_sequence; + uint16_t read_ack; + uint32_t read_ack_bits; + + uint8_t packet_data[RELIABLE_MAX_PACKET_HEADER_BYTES]; + + // worst case, sequence and ack are far apart, no packets acked. + + write_sequence = 10000; + write_ack = 100; + write_ack_bits = 0; + + int bytes_written = reliable_write_packet_header( packet_data, write_sequence, write_ack, write_ack_bits ); + + check( bytes_written == RELIABLE_MAX_PACKET_HEADER_BYTES ); + + int bytes_read = reliable_read_packet_header( "test_packet_header", packet_data, bytes_written, &read_sequence, &read_ack, &read_ack_bits ); + + check( bytes_read == bytes_written ); + + check( read_sequence == write_sequence ); + check( read_ack == write_ack ); + check( read_ack_bits == write_ack_bits ); + + // rare case. sequence and ack are far apart, significant # of acks are missing + + write_sequence = 10000; + write_ack = 100; + write_ack_bits = 0xFEFEFFFE; + + bytes_written = reliable_write_packet_header( packet_data, write_sequence, write_ack, write_ack_bits ); + + check( bytes_written == 1 + 2 + 2 + 3 ); + + bytes_read = reliable_read_packet_header( "test_packet_header", packet_data, bytes_written, &read_sequence, &read_ack, &read_ack_bits ); + + check( bytes_read == bytes_written ); + + check( read_sequence == write_sequence ); + check( read_ack == write_ack ); + check( read_ack_bits == write_ack_bits ); + + // common case under packet loss. sequence and ack are close together, some acks are missing + + write_sequence = 200; + write_ack = 100; + write_ack_bits = 0xFFFEFFFF; + + bytes_written = reliable_write_packet_header( packet_data, write_sequence, write_ack, write_ack_bits ); + + check( bytes_written == 1 + 2 + 1 + 1 ); + + bytes_read = reliable_read_packet_header( "test_packet_header", packet_data, bytes_written, &read_sequence, &read_ack, &read_ack_bits ); + + check( bytes_read == bytes_written ); + + check( read_sequence == write_sequence ); + check( read_ack == write_ack ); + check( read_ack_bits == write_ack_bits ); + + // ideal case. no packet loss. + + write_sequence = 200; + write_ack = 100; + write_ack_bits = 0xFFFFFFFF; + + bytes_written = reliable_write_packet_header( packet_data, write_sequence, write_ack, write_ack_bits ); + + check( bytes_written == 1 + 2 + 1 ); + + bytes_read = reliable_read_packet_header( "test_packet_header", packet_data, bytes_written, &read_sequence, &read_ack, &read_ack_bits ); + + check( bytes_read == bytes_written ); + + check( read_sequence == write_sequence ); + check( read_ack == write_ack ); + check( read_ack_bits == write_ack_bits ); +} + +struct test_context_t +{ + int drop; + int allow_packets; + struct reliable_endpoint_t * sender; + struct reliable_endpoint_t * receiver; +}; + +void test_default_context( struct test_context_t * context ) +{ + memset( context, 0, sizeof( *context ) ); + context->allow_packets = -1; +} + +static void test_transmit_packet_function( void * _context, int index, uint16_t sequence, uint8_t * packet_data, int packet_bytes ) +{ + (void) sequence; + + struct test_context_t * context = (struct test_context_t*) _context; + + if ( context->drop ) + { + return; + } + + if ( context->allow_packets >= 0 ) + { + if ( context->allow_packets == 0 ) + { + return; + } + + context->allow_packets--; + } + + if ( index == 0 ) + { + reliable_endpoint_receive_packet( context->receiver, packet_data, packet_bytes ); + } + else if ( index == 1 ) + { + reliable_endpoint_receive_packet( context->sender, packet_data, packet_bytes ); + } +} + +static int test_process_packet_function( void * _context, int index, uint16_t sequence, uint8_t * packet_data, int packet_bytes ) +{ + struct test_context_t * context = (struct test_context_t*) _context; + + (void) context; + (void) index; + (void) sequence; + (void) packet_data; + (void) packet_bytes; + + return 1; +} + +#define TEST_ACKS_NUM_ITERATIONS 256 + +static void test_acks() +{ + double time = 100.0; + + struct test_context_t context; + test_default_context( &context ); + + struct reliable_config_t sender_config; + struct reliable_config_t receiver_config; + + reliable_default_config( &sender_config ); + reliable_default_config( &receiver_config ); + + sender_config.context = &context; + sender_config.index = 0; + sender_config.transmit_packet_function = &test_transmit_packet_function; + sender_config.process_packet_function = &test_process_packet_function; + + receiver_config.context = &context; + receiver_config.index = 1; + receiver_config.transmit_packet_function = &test_transmit_packet_function; + receiver_config.process_packet_function = &test_process_packet_function; + + context.sender = reliable_endpoint_create( &sender_config, time ); + context.receiver = reliable_endpoint_create( &receiver_config, time ); + + double delta_time = 0.01; + + int i; + for ( i = 0; i < TEST_ACKS_NUM_ITERATIONS; ++i ) + { + uint8_t dummy_packet[8]; + memset( dummy_packet, 0, sizeof( dummy_packet ) ); + + reliable_endpoint_send_packet( context.sender, dummy_packet, sizeof( dummy_packet ) ); + reliable_endpoint_send_packet( context.receiver, dummy_packet, sizeof( dummy_packet ) ); + + reliable_endpoint_update( context.sender, time ); + reliable_endpoint_update( context.receiver, time ); + + time += delta_time; + } + + uint8_t sender_acked_packet[TEST_ACKS_NUM_ITERATIONS]; + memset( sender_acked_packet, 0, sizeof( sender_acked_packet ) ); + int sender_num_acks; + uint16_t * sender_acks = reliable_endpoint_get_acks( context.sender, &sender_num_acks ); + for ( i = 0; i < sender_num_acks; ++i ) + { + if ( sender_acks[i] < TEST_ACKS_NUM_ITERATIONS ) + { + sender_acked_packet[sender_acks[i]] = 1; + } + } + for ( i = 0; i < TEST_ACKS_NUM_ITERATIONS / 2; ++i ) + { + check( sender_acked_packet[i] == 1 ); + } + + uint8_t receiver_acked_packet[TEST_ACKS_NUM_ITERATIONS]; + memset( receiver_acked_packet, 0, sizeof( receiver_acked_packet ) ); + int receiver_num_acks; + uint16_t * receiver_acks = reliable_endpoint_get_acks( context.receiver, &receiver_num_acks ); + for ( i = 0; i < receiver_num_acks; ++i ) + { + if ( receiver_acks[i] < TEST_ACKS_NUM_ITERATIONS ) + receiver_acked_packet[receiver_acks[i]] = 1; + } + for ( i = 0; i < TEST_ACKS_NUM_ITERATIONS / 2; ++i ) + { + check( receiver_acked_packet[i] == 1 ); + } + + reliable_endpoint_destroy( context.sender ); + reliable_endpoint_destroy( context.receiver ); +} + +static void test_acks_packet_loss() +{ + double time = 100.0; + + struct test_context_t context; + test_default_context( &context ); + + struct reliable_config_t sender_config; + struct reliable_config_t receiver_config; + + reliable_default_config( &sender_config ); + reliable_default_config( &receiver_config ); + + sender_config.context = &context; + sender_config.index = 0; + sender_config.transmit_packet_function = &test_transmit_packet_function; + sender_config.process_packet_function = &test_process_packet_function; + + receiver_config.context = &context; + receiver_config.index = 1; + receiver_config.transmit_packet_function = &test_transmit_packet_function; + receiver_config.process_packet_function = &test_process_packet_function; + + context.sender = reliable_endpoint_create( &sender_config, time ); + context.receiver = reliable_endpoint_create( &receiver_config, time ); + + const double delta_time = 0.1f; + + int i; + for ( i = 0; i < TEST_ACKS_NUM_ITERATIONS; ++i ) + { + uint8_t dummy_packet[8]; + memset( dummy_packet, 0, sizeof( dummy_packet ) ); + + context.drop = ( i % 2 ); + + reliable_endpoint_send_packet( context.sender, dummy_packet, sizeof( dummy_packet ) ); + reliable_endpoint_send_packet( context.receiver, dummy_packet, sizeof( dummy_packet ) ); + + reliable_endpoint_update( context.sender, time ); + reliable_endpoint_update( context.receiver, time ); + + time += delta_time; + } + + uint8_t sender_acked_packet[TEST_ACKS_NUM_ITERATIONS]; + memset( sender_acked_packet, 0, sizeof( sender_acked_packet ) ); + int sender_num_acks; + uint16_t * sender_acks = reliable_endpoint_get_acks( context.sender, &sender_num_acks ); + for ( i = 0; i < sender_num_acks; ++i ) + { + if ( sender_acks[i] < TEST_ACKS_NUM_ITERATIONS ) + { + sender_acked_packet[sender_acks[i]] = 1; + } + } + for ( i = 0; i < TEST_ACKS_NUM_ITERATIONS / 2; ++i ) + { + check( sender_acked_packet[i] == (i+1) % 2 ); + } + + uint8_t receiver_acked_packet[TEST_ACKS_NUM_ITERATIONS]; + memset( receiver_acked_packet, 0, sizeof( receiver_acked_packet ) ); + int receiver_num_acks; + uint16_t * receiver_acks = reliable_endpoint_get_acks( context.sender, &receiver_num_acks ); + for ( i = 0; i < receiver_num_acks; ++i ) + { + if ( receiver_acks[i] < TEST_ACKS_NUM_ITERATIONS ) + { + receiver_acked_packet[receiver_acks[i]] = 1; + } + } + for ( i = 0; i < TEST_ACKS_NUM_ITERATIONS / 2; ++i ) + { + check( receiver_acked_packet[i] == (i+1) % 2 ); + } + + reliable_endpoint_destroy( context.sender ); + reliable_endpoint_destroy( context.receiver ); +} + +#define TEST_MAX_PACKET_BYTES (4*1024) + +static void generate_packet_data_with_size( uint16_t sequence, uint8_t * packet_data, int packet_bytes ) +{ + reliable_assert( packet_bytes >= 2 ); + reliable_assert( packet_bytes <= TEST_MAX_PACKET_BYTES ); + + packet_data[0] = (uint8_t) ( sequence & 0xFF ); + packet_data[1] = (uint8_t) ( (sequence>>8) & 0xFF ); + int i; + for ( i = 2; i < packet_bytes; ++i ) + { + packet_data[i] = (uint8_t) ( ( (int)i + sequence ) % 256 ); + } +} + +static int generate_packet_data( uint16_t sequence, uint8_t * packet_data ) +{ + int packet_bytes = ( ( (int)sequence * 1023 ) % ( TEST_MAX_PACKET_BYTES - 2 ) ) + 2; + generate_packet_data_with_size( sequence, packet_data, packet_bytes ); + return packet_bytes; +} + +static void validate_packet_data( uint8_t * packet_data, int packet_bytes ) +{ + reliable_assert( packet_bytes >= 2 ); + reliable_assert( packet_bytes <= TEST_MAX_PACKET_BYTES ); + uint16_t sequence = 0; + sequence |= (uint16_t) packet_data[0]; + sequence |= ( (uint16_t) packet_data[1] ) << 8; + check( packet_bytes == ( ( (int)sequence * 1023 ) % ( TEST_MAX_PACKET_BYTES - 2 ) ) + 2 ); + int i; + for ( i = 2; i < packet_bytes; ++i ) + { + check( packet_data[i] == (uint8_t) ( ( (int)i + sequence ) % 256 ) ); + } +} + +static int test_process_packet_function_validate( void * context, int index, uint16_t sequence, uint8_t * packet_data, int packet_bytes ) +{ + reliable_assert( packet_data ); + reliable_assert( packet_bytes > 0 ); + reliable_assert( packet_bytes <= TEST_MAX_PACKET_BYTES ); + + (void) context; + (void) index; + (void) sequence; + + validate_packet_data( packet_data, packet_bytes ); + + return 1; +} + +static int generate_packet_data_large( uint8_t* packet_data ) +{ + int data_bytes = TEST_MAX_PACKET_BYTES - 2; + reliable_assert( data_bytes >= 2) ; + reliable_assert( data_bytes <= (1 << 16) ); + + packet_data[0] = (uint8_t) (data_bytes & 0xFF); + packet_data[1] = (uint8_t) ( (data_bytes >> 8) & 0xFF ); + int i; + for ( i = 2; i < data_bytes; ++i ) + { + packet_data[i] = (uint8_t) ( i % 256 ); + } + return data_bytes + 2; +} + +static int test_process_packet_function_validate_large( void * context, int index, uint16_t sequence, uint8_t * packet_data, int packet_bytes ) +{ + reliable_assert( packet_data ); + reliable_assert( packet_bytes >= 2 ); + reliable_assert( packet_bytes <= TEST_MAX_PACKET_BYTES ); + + (void)context; + (void)index; + (void)sequence; + + uint16_t data_bytes = 0; + data_bytes |= (uint16_t) packet_data[0]; + data_bytes |= ( (uint16_t) packet_data[1] ) << 8; + check( packet_bytes == data_bytes + 2 ); + int i; + for ( i = 2; i < data_bytes; ++i ) + { + check( packet_data[i] == (uint8_t) ( i % 256 ) ); + } + + return 1; +} + +void test_packets() +{ + double time = 100.0; + + struct test_context_t context; + test_default_context( &context ); + + struct reliable_config_t sender_config; + struct reliable_config_t receiver_config; + + reliable_default_config( &sender_config ); + reliable_default_config( &receiver_config ); + + sender_config.fragment_above = 500; + receiver_config.fragment_above = 500; + +#if defined(_MSC_VER) + strcpy_s( sender_config.name, sizeof( sender_config.name ), "sender" ); +#else + strcpy( sender_config.name, "sender" ); +#endif + sender_config.context = &context; + sender_config.index = 0; + sender_config.transmit_packet_function = &test_transmit_packet_function; + sender_config.process_packet_function = &test_process_packet_function_validate; + +#if defined(_MSC_VER) + strcpy_s( receiver_config.name, sizeof( receiver_config.name ), "receiver" ); +#else + strcpy( receiver_config.name, "receiver" ); +#endif + receiver_config.context = &context; + receiver_config.index = 1; + receiver_config.transmit_packet_function = &test_transmit_packet_function; + receiver_config.process_packet_function = &test_process_packet_function_validate; + + context.sender = reliable_endpoint_create( &sender_config, time ); + context.receiver = reliable_endpoint_create( &receiver_config, time ); + + double delta_time = 0.1; + + int i; + for ( i = 0; i < 16; ++i ) + { + { + uint8_t packet_data[TEST_MAX_PACKET_BYTES]; + uint16_t sequence = reliable_endpoint_next_packet_sequence( context.sender ); + int packet_bytes = generate_packet_data( sequence, packet_data ); + reliable_endpoint_send_packet( context.sender, packet_data, packet_bytes ); + } + + { + uint8_t packet_data[TEST_MAX_PACKET_BYTES]; + uint16_t sequence = reliable_endpoint_next_packet_sequence( context.sender ); + int packet_bytes = generate_packet_data( sequence, packet_data ); + reliable_endpoint_send_packet( context.sender, packet_data, packet_bytes ); + } + + reliable_endpoint_update( context.sender, time ); + reliable_endpoint_update( context.receiver, time ); + + reliable_endpoint_clear_acks( context.sender ); + reliable_endpoint_clear_acks( context.receiver ); + + time += delta_time; + } + + reliable_endpoint_destroy( context.sender ); + reliable_endpoint_destroy( context.receiver ); +} + +void test_large_packets() +{ + double time = 100.0; + + struct test_context_t context; + test_default_context( &context ); + + struct reliable_config_t sender_config; + struct reliable_config_t receiver_config; + + reliable_default_config( &sender_config ); + reliable_default_config( &receiver_config ); + + sender_config.max_packet_size = TEST_MAX_PACKET_BYTES; + receiver_config.max_packet_size = TEST_MAX_PACKET_BYTES; + + sender_config.fragment_above = TEST_MAX_PACKET_BYTES; + receiver_config.fragment_above = TEST_MAX_PACKET_BYTES; + +#if defined(_MSC_VER) + strcpy_s( sender_config.name, sizeof( sender_config.name ), "sender" ); +#else + strcpy( sender_config.name, "sender" ); +#endif + sender_config.context = &context; + sender_config.index = 0; + sender_config.transmit_packet_function = &test_transmit_packet_function; + sender_config.process_packet_function = &test_process_packet_function_validate_large; + +#if defined(_MSC_VER) + strcpy_s( receiver_config.name, sizeof( receiver_config.name ), "receiver" ); +#else + strcpy( receiver_config.name, "receiver" ); +#endif + receiver_config.context = &context; + receiver_config.index = 1; + receiver_config.transmit_packet_function = &test_transmit_packet_function; + receiver_config.process_packet_function = &test_process_packet_function_validate_large; + + context.sender = reliable_endpoint_create( &sender_config, time ); + context.receiver = reliable_endpoint_create( &receiver_config, time ); + + { + uint8_t packet_data[TEST_MAX_PACKET_BYTES]; + int packet_bytes = generate_packet_data_large( packet_data ); + check( packet_bytes == TEST_MAX_PACKET_BYTES ); + reliable_endpoint_send_packet( context.sender, packet_data, packet_bytes ); + } + + reliable_endpoint_update( context.sender, time ); + reliable_endpoint_update( context.receiver, time ); + + reliable_endpoint_clear_acks( context.sender ); + reliable_endpoint_clear_acks( context.receiver ); + + RELIABLE_CONST uint64_t * receiver_counters = reliable_endpoint_counters( context.receiver ); + check( receiver_counters[RELIABLE_ENDPOINT_COUNTER_NUM_PACKETS_TOO_LARGE_TO_RECEIVE] == 0 ); + check( receiver_counters[RELIABLE_ENDPOINT_COUNTER_NUM_PACKETS_RECEIVED] == 1 ); + + reliable_endpoint_destroy( context.sender ); + reliable_endpoint_destroy( context.receiver ); +} + +void test_sequence_buffer_rollover() +{ + double time = 100.0; + + struct test_context_t context; + test_default_context( &context ); + + struct reliable_config_t sender_config; + struct reliable_config_t receiver_config; + + reliable_default_config( &sender_config ); + reliable_default_config( &receiver_config ); + + sender_config.fragment_above = 500; + receiver_config.fragment_above = 500; + +#if defined(_MSC_VER) + strcpy_s( sender_config.name, sizeof( sender_config.name ), "sender" ); +#else + strcpy( sender_config.name, "sender" ); +#endif + sender_config.context = &context; + sender_config.index = 0; + sender_config.transmit_packet_function = &test_transmit_packet_function; + sender_config.process_packet_function = &test_process_packet_function; + +#if defined(_MSC_VER) + strcpy_s( receiver_config.name, sizeof( receiver_config.name ), "receiver" ); +#else + strcpy( receiver_config.name, "receiver" ); +#endif + receiver_config.context = &context; + receiver_config.index = 1; + receiver_config.transmit_packet_function = &test_transmit_packet_function; + receiver_config.process_packet_function = &test_process_packet_function; + + context.sender = reliable_endpoint_create( &sender_config, time ); + context.receiver = reliable_endpoint_create( &receiver_config, time ); + + int num_packets_sent = 0; + int i; + for (i = 0; i <= 32767; ++i) + { + uint8_t packet_data[16]; + int packet_bytes = sizeof( packet_data ) / sizeof( uint8_t ); + reliable_endpoint_next_packet_sequence( context.sender ); + reliable_endpoint_send_packet( context.sender, packet_data, packet_bytes ); + + ++num_packets_sent; + } + + uint8_t packet_data[TEST_MAX_PACKET_BYTES]; + int packet_bytes = sizeof( packet_data ) / sizeof( uint8_t ); + reliable_endpoint_next_packet_sequence( context.sender ); + reliable_endpoint_send_packet( context.sender, packet_data, packet_bytes ); + ++num_packets_sent; + + RELIABLE_CONST uint64_t * receiver_counters = reliable_endpoint_counters( context.receiver ); + + check( receiver_counters[RELIABLE_ENDPOINT_COUNTER_NUM_PACKETS_RECEIVED] == (uint16_t) num_packets_sent ); + check( receiver_counters[RELIABLE_ENDPOINT_COUNTER_NUM_FRAGMENTS_INVALID] == 0 ); + + reliable_endpoint_destroy( context.sender ); + reliable_endpoint_destroy( context.receiver ); +} + +#define ARRAY_LENGTH(x) (sizeof(x) / sizeof((x)[0])) + +struct test_tracking_allocate_context_t +{ + void* active_allocations[1024]; +}; + +void * test_tracking_allocate_function( void * context, uint64_t bytes ) +{ + struct test_tracking_allocate_context_t* tracking_context = (struct test_tracking_allocate_context_t*)context; + void * allocation = malloc( bytes ); + int tracking_index; + for ( tracking_index = 0; tracking_index < (int) ARRAY_LENGTH(tracking_context->active_allocations); ++tracking_index ) + { + if ( tracking_context->active_allocations[tracking_index] == NULL ) + { + break; + } + } + + reliable_assert(tracking_index < (int) ARRAY_LENGTH(tracking_context->active_allocations)); + tracking_context->active_allocations[tracking_index] = allocation; + return allocation; +} + +void test_tracking_free_function( void * context, void * pointer ) +{ + struct test_tracking_allocate_context_t* tracking_context = (struct test_tracking_allocate_context_t*)context; + int tracking_index; + for ( tracking_index = 0; tracking_index < (int) ARRAY_LENGTH(tracking_context->active_allocations); ++tracking_index ) + { + if ( tracking_context->active_allocations[tracking_index] == pointer ) + { + break; + } + } + + reliable_assert( tracking_index < (int) ARRAY_LENGTH(tracking_context->active_allocations) ); + tracking_context->active_allocations[tracking_index] = NULL; + free( pointer ); +} + +void test_fragment_cleanup() +{ + double time = 100.0; + + struct test_context_t context; + test_default_context( &context ); + + struct test_tracking_allocate_context_t tracking_alloc_context; + memset( &tracking_alloc_context, 0, sizeof( tracking_alloc_context ) ); + + struct reliable_config_t sender_config; + struct reliable_config_t receiver_config; + + reliable_default_config( &sender_config ); + reliable_default_config( &receiver_config ); + + receiver_config.allocator_context = &tracking_alloc_context; + receiver_config.allocate_function = &test_tracking_allocate_function; + receiver_config.free_function = &test_tracking_free_function; + receiver_config.fragment_reassembly_buffer_size = 4; + +#if defined(_MSC_VER) + strcpy_s( sender_config.name, sizeof( sender_config.name ), "sender" ); +#else + strcpy( sender_config.name, "sender" ); +#endif + sender_config.context = &context; + sender_config.index = 0; + sender_config.transmit_packet_function = &test_transmit_packet_function; + sender_config.process_packet_function = &test_process_packet_function; + +#if defined(_MSC_VER) + strcpy_s( receiver_config.name, sizeof( receiver_config.name ), "receiver" ); +#else + strcpy( receiver_config.name, "receiver" ); +#endif + receiver_config.context = &context; + receiver_config.index = 1; + receiver_config.transmit_packet_function = &test_transmit_packet_function; + receiver_config.process_packet_function = &test_process_packet_function; + + context.sender = reliable_endpoint_create( &sender_config, time ); + context.receiver = reliable_endpoint_create( &receiver_config, time ); + + double delta_time = 0.1; + + int packet_sizes[] = { + sender_config.fragment_size + sender_config.fragment_size/2, + 10, + 10, + 10, + 10, + }; + + // Make sure we're sending more than receiver_config.fragment_reassembly_buffer_size packets, so the buffer wraps around. + reliable_assert( (int) ARRAY_LENGTH( packet_sizes ) > receiver_config.fragment_reassembly_buffer_size ); + + int i; + for ( i = 0; i < (int) ARRAY_LENGTH( packet_sizes ); ++i ) + { + // Only allow one packet per transmit, so that our fragmented packets are only partially + // delivered. + context.allow_packets = 1; + { + uint8_t packet_data[TEST_MAX_PACKET_BYTES]; + uint16_t sequence = reliable_endpoint_next_packet_sequence( context.sender ); + generate_packet_data_with_size( sequence, packet_data, packet_sizes[i] ); + reliable_endpoint_send_packet( context.sender, packet_data, packet_sizes[i]); + } + + reliable_endpoint_update( context.sender, time ); + reliable_endpoint_update( context.receiver, time ); + + reliable_endpoint_clear_acks( context.sender ); + reliable_endpoint_clear_acks( context.receiver ); + + time += delta_time; + } + + reliable_endpoint_destroy( context.sender ); + reliable_endpoint_destroy( context.receiver ); + + // Make sure that there is no memory that hasn't been freed. + int tracking_index; + for ( tracking_index = 0; tracking_index < (int) ARRAY_LENGTH(tracking_alloc_context.active_allocations); ++tracking_index ) + { + check( tracking_alloc_context.active_allocations[tracking_index] == NULL ); + } +} + +#define RUN_TEST( test_function ) \ + do \ + { \ + printf( #test_function "\n" ); \ + test_function(); \ + } \ + while (0) + +void reliable_test() +{ + //while ( 1 ) + { + RUN_TEST( test_endian ); + RUN_TEST( test_sequence_buffer ); + RUN_TEST( test_generate_ack_bits ); + RUN_TEST( test_packet_header ); + RUN_TEST( test_acks ); + RUN_TEST( test_acks_packet_loss ); + RUN_TEST( test_packets ); + RUN_TEST( test_large_packets ); + RUN_TEST( test_sequence_buffer_rollover ); + RUN_TEST( test_fragment_cleanup ); + } +} + +#endif // #if RELIABLE_ENABLE_TESTS diff --git a/reliable/reliable.h b/reliable/reliable.h new file mode 100644 index 00000000..031c1ffc --- /dev/null +++ b/reliable/reliable.h @@ -0,0 +1,176 @@ +/* + reliable + + Copyright © 2017 - 2024, Mas Bandwidth LLC + + Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer + in the documentation and/or other materials provided with the distribution. + + 3. Neither the name of the copyright holder nor the names of its contributors may be used to endorse or promote products derived + from this software without specific prior written permission. + + THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR + SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, + WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE + USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +*/ + +#ifndef RELIABLE_H +#define RELIABLE_H + +#include + +#if !defined(RELIABLE_DEBUG) && !defined(RELIABLE_RELEASE) +#if defined(NDEBUG) +#define RELIABLE_RELEASE +#else +#define RELIABLE_DEBUG +#endif +#elif defined(RELIABLE_DEBUG) && defined(RELIABLE_RELEASE) +#error Can only define one of debug & release +#endif + +#if defined(__386__) || defined(i386) || defined(__i386__) \ + || defined(__X86) || defined(_M_IX86) \ + || defined(_M_X64) || defined(__x86_64__) \ + || defined(alpha) || defined(__alpha) || defined(__alpha__) \ + || defined(_M_ALPHA) \ + || defined(ARM) || defined(_ARM) || defined(__arm__) \ + || defined(__aarch64__) \ + || defined(WIN32) || defined(_WIN32) || defined(__WIN32__) \ + || defined(_WIN32_WCE) || defined(__NT__) \ + || defined(__MIPSEL__) + #define RELIABLE_LITTLE_ENDIAN 1 +#else + #define RELIABLE_BIG_ENDIAN 1 +#endif + +#define RELIABLE_ENDPOINT_COUNTER_NUM_PACKETS_SENT 0 +#define RELIABLE_ENDPOINT_COUNTER_NUM_PACKETS_RECEIVED 1 +#define RELIABLE_ENDPOINT_COUNTER_NUM_PACKETS_ACKED 2 +#define RELIABLE_ENDPOINT_COUNTER_NUM_PACKETS_STALE 3 +#define RELIABLE_ENDPOINT_COUNTER_NUM_PACKETS_INVALID 4 +#define RELIABLE_ENDPOINT_COUNTER_NUM_PACKETS_TOO_LARGE_TO_SEND 5 +#define RELIABLE_ENDPOINT_COUNTER_NUM_PACKETS_TOO_LARGE_TO_RECEIVE 6 +#define RELIABLE_ENDPOINT_COUNTER_NUM_FRAGMENTS_SENT 7 +#define RELIABLE_ENDPOINT_COUNTER_NUM_FRAGMENTS_RECEIVED 8 +#define RELIABLE_ENDPOINT_COUNTER_NUM_FRAGMENTS_INVALID 9 +#define RELIABLE_ENDPOINT_NUM_COUNTERS 10 + +#define RELIABLE_MAX_PACKET_HEADER_BYTES 9 +#define RELIABLE_FRAGMENT_HEADER_BYTES 5 + +#define RELIABLE_LOG_LEVEL_NONE 0 +#define RELIABLE_LOG_LEVEL_ERROR 1 +#define RELIABLE_LOG_LEVEL_INFO 2 +#define RELIABLE_LOG_LEVEL_DEBUG 3 + +#define RELIABLE_OK 1 +#define RELIABLE_ERROR 0 + +#ifdef __cplusplus +#define RELIABLE_CONST const +extern "C" { +#else +#if defined(__STDC__) +#define RELIABLE_CONST const +#else +#define RELIABLE_CONST +#endif +#endif + +int reliable_init(void); + +void reliable_term(void); + +struct reliable_config_t +{ + char name[256]; + void * context; + int index; + int max_packet_size; + int fragment_above; + int max_fragments; + int fragment_size; + int ack_buffer_size; + int sent_packets_buffer_size; + int received_packets_buffer_size; + int fragment_reassembly_buffer_size; + float rtt_smoothing_factor; + float packet_loss_smoothing_factor; + float bandwidth_smoothing_factor; + int packet_header_size; + void (*transmit_packet_function)(void*,int,uint16_t,uint8_t*,int); + int (*process_packet_function)(void*,int,uint16_t,uint8_t*,int); + void * allocator_context; + void * (*allocate_function)(void*,uint64_t); + void (*free_function)(void*,void*); +}; + +void reliable_default_config( struct reliable_config_t * config ); + +struct reliable_endpoint_t * reliable_endpoint_create( struct reliable_config_t * config, double time ); + +uint16_t reliable_endpoint_next_packet_sequence( struct reliable_endpoint_t * endpoint ); + +void reliable_endpoint_send_packet( struct reliable_endpoint_t * endpoint, uint8_t * packet_data, int packet_bytes ); + +void reliable_endpoint_receive_packet( struct reliable_endpoint_t * endpoint, uint8_t * packet_data, int packet_bytes ); + +void reliable_endpoint_free_packet( struct reliable_endpoint_t * endpoint, void * packet ); + +uint16_t * reliable_endpoint_get_acks( struct reliable_endpoint_t * endpoint, int * num_acks ); + +void reliable_endpoint_clear_acks( struct reliable_endpoint_t * endpoint ); + +void reliable_endpoint_reset( struct reliable_endpoint_t * endpoint ); + +void reliable_endpoint_update( struct reliable_endpoint_t * endpoint, double time ); + +float reliable_endpoint_rtt( struct reliable_endpoint_t * endpoint ); + +float reliable_endpoint_packet_loss( struct reliable_endpoint_t * endpoint ); + +void reliable_endpoint_bandwidth( struct reliable_endpoint_t * endpoint, float * sent_bandwidth_kbps, float * received_bandwidth_kbps, float * acked_bandwidth_kpbs ); + +RELIABLE_CONST uint64_t * reliable_endpoint_counters( struct reliable_endpoint_t * endpoint ); + +void reliable_endpoint_destroy( struct reliable_endpoint_t * endpoint ); + +void reliable_log_level( int level ); + +void reliable_set_printf_function( int (*function)( RELIABLE_CONST char *, ... ) ); + +extern void (*reliable_assert_function)( RELIABLE_CONST char *, RELIABLE_CONST char *, RELIABLE_CONST char * file, int line ); + +#ifdef RELIABLE_DEBUG +#define reliable_assert( condition ) \ +do \ +{ \ + if ( !(condition) ) \ + { \ + reliable_assert_function( #condition, __FUNCTION__, __FILE__, __LINE__ ); \ + exit(1); \ + } \ +} while(0) +#else +#define reliable_assert( ignore ) ((void)0) +#endif + +void reliable_set_assert_function( void (*function)( RELIABLE_CONST char * /*condition*/, + RELIABLE_CONST char * /*function*/, + RELIABLE_CONST char * /*file*/, + int /*line*/ ) ); + +#ifdef __cplusplus +} +#endif + +#endif // #ifndef RELIABLE_H diff --git a/secure_client.cpp b/secure_client.cpp deleted file mode 100644 index 26e2c4c4..00000000 --- a/secure_client.cpp +++ /dev/null @@ -1,152 +0,0 @@ -/* - Yojimbo Secure Client Example. - - Copyright © 2016 - 2019, The Network Protocol Company, Inc. - - Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer - in the documentation and/or other materials provided with the distribution. - - 3. Neither the name of the copyright holder nor the names of its contributors may be used to endorse or promote products derived - from this software without specific prior written permission. - - THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR - SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, - WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE - USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. -*/ - -#include "yojimbo.h" -#include -#include -#include -#include -#include -#include -#include "shared.h" - -using namespace yojimbo; - -static volatile int quit = 0; - -void interrupt_handler( int /*dummy*/ ) -{ - quit = 1; -} - -int ClientMain( int argc, char * argv[] ) -{ - (void) argc; - (void) argv; - - printf( "\nconnecting client (secure)\n" ); - - uint64_t clientId = 0; - random_bytes( (uint8_t*) &clientId, 8 ); - printf( "client id is %.16" PRIx64 "\n", clientId ); - - Matcher matcher( GetDefaultAllocator() ); - - if ( !matcher.Initialize() ) - { - printf( "error: failed to initialize matcher\n" ); - return 1; - } - - printf( "requesting match from https://localhost:8080\n" ); - - matcher.RequestMatch( ProtocolId, clientId, false ); - - if ( matcher.GetMatchStatus() == MATCH_FAILED ) - { - printf( "\nRequest match failed. Is the matcher running? Please run \"premake5 matcher\" before you connect a secure client\n" ); - return 1; - } - - uint8_t connectToken[ConnectTokenBytes]; - matcher.GetConnectToken( connectToken ); - printf( "received connect token from matcher\n" ); - - double time = 100.0; - - ClientServerConfig config; - config.protocolId = ProtocolId; - - Client client( GetDefaultAllocator(), Address("0.0.0.0"), config, adapter, time ); - - Address serverAddress( "127.0.0.1", ServerPort ); - - if ( argc == 2 ) - { - Address commandLineAddress( argv[1] ); - if ( commandLineAddress.IsValid() ) - { - if ( commandLineAddress.GetPort() == 0 ) - commandLineAddress.SetPort( ServerPort ); - serverAddress = commandLineAddress; - } - } - - client.Connect( clientId, connectToken ); - - if ( client.IsDisconnected() ) - return 1; - - char addressString[256]; - client.GetAddress().ToString( addressString, sizeof( addressString ) ); - printf( "client address is %s\n", addressString ); - - const double deltaTime = 0.1; - - signal( SIGINT, interrupt_handler ); - - while ( !quit ) - { - client.SendPackets(); - - client.ReceivePackets(); - - if ( client.IsDisconnected() ) - break; - - time += deltaTime; - - client.AdvanceTime( time ); - - if ( client.ConnectionFailed() ) - break; - - yojimbo_sleep( deltaTime ); - } - - client.Disconnect(); - - return 0; -} - -int main( int argc, char * argv[] ) -{ - if ( !InitializeYojimbo() ) - { - printf( "error: failed to initialize Yojimbo!\n" ); - return 1; - } - - yojimbo_log_level( YOJIMBO_LOG_LEVEL_INFO ); - - srand( (unsigned int) time( NULL ) ); - - int result = ClientMain( argc, argv ); - - ShutdownYojimbo(); - - printf( "\n" ); - - return result; -} diff --git a/shared.h b/shared.h index a5496490..f57586ae 100644 --- a/shared.h +++ b/shared.h @@ -72,7 +72,7 @@ struct TestMessage : public Message return true; } - YOJIMBO_VIRTUAL_SERIALIZE_FUNCTIONS(); + YOJIMBO_VIRTUAL_SERIALIZE_FUNCTIONS() }; struct TestBlockMessage : public BlockMessage @@ -90,7 +90,7 @@ struct TestBlockMessage : public BlockMessage return true; } - YOJIMBO_VIRTUAL_SERIALIZE_FUNCTIONS(); + YOJIMBO_VIRTUAL_SERIALIZE_FUNCTIONS() }; struct TestSerializeFailOnReadMessage : public Message @@ -100,7 +100,7 @@ struct TestSerializeFailOnReadMessage : public Message return !Stream::IsReading; } - YOJIMBO_VIRTUAL_SERIALIZE_FUNCTIONS(); + YOJIMBO_VIRTUAL_SERIALIZE_FUNCTIONS() }; struct TestExhaustStreamAllocatorOnReadMessage : public Message @@ -129,7 +129,7 @@ struct TestExhaustStreamAllocatorOnReadMessage : public Message return true; } - YOJIMBO_VIRTUAL_SERIALIZE_FUNCTIONS(); + YOJIMBO_VIRTUAL_SERIALIZE_FUNCTIONS() }; enum TestMessageType diff --git a/sodium/sodium.h b/sodium/sodium.h new file mode 100644 index 00000000..af635f33 --- /dev/null +++ b/sodium/sodium.h @@ -0,0 +1,48 @@ + +#ifndef sodium_H +#define sodium_H + +#include "sodium_version.h" +#include "sodium_core.h" +#include "sodium_crypto_aead_chacha20poly1305.h" +#include "sodium_crypto_aead_xchacha20poly1305.h" +#include "sodium_crypto_auth.h" +#include "sodium_crypto_auth_hmacsha512.h" +#include "sodium_crypto_auth_hmacsha512256.h" +#include "sodium_crypto_box.h" +#include "sodium_crypto_box_curve25519xsalsa20poly1305.h" +#include "sodium_crypto_core_hsalsa20.h" +#include "sodium_crypto_core_hchacha20.h" +#include "sodium_crypto_core_salsa20.h" +#include "sodium_crypto_core_salsa2012.h" +#include "sodium_crypto_core_salsa208.h" +#include "sodium_crypto_generichash.h" +#include "sodium_crypto_generichash_blake2b.h" +#include "sodium_crypto_hash.h" +#include "sodium_crypto_hash_sha512.h" +#include "sodium_crypto_kx.h" +#include "sodium_crypto_onetimeauth.h" +#include "sodium_crypto_onetimeauth_poly1305.h" +#include "sodium_crypto_scalarmult.h" +#include "sodium_crypto_scalarmult_curve25519.h" +#include "sodium_crypto_secretbox.h" +#include "sodium_crypto_secretbox_xsalsa20poly1305.h" +#include "sodium_crypto_secretstream_xchacha20poly1305.h" +#include "sodium_crypto_shorthash.h" +#include "sodium_crypto_shorthash_siphash24.h" +#include "sodium_crypto_sign.h" +#include "sodium_crypto_sign_ed25519.h" +#include "sodium_crypto_stream.h" +#include "sodium_crypto_stream_chacha20.h" +#include "sodium_crypto_stream_salsa20.h" +#include "sodium_crypto_stream_xsalsa20.h" +#include "sodium_crypto_verify_16.h" +#include "sodium_crypto_verify_32.h" +#include "sodium_crypto_verify_64.h" +#include "sodium_randombytes.h" +#include "sodium_randombytes_salsa20_random.h" +#include "sodium_randombytes_sysrandom.h" +#include "sodium_runtime.h" +#include "sodium_utils.h" + +#endif diff --git a/sodium/sodium_aead_chacha20poly1305.c b/sodium/sodium_aead_chacha20poly1305.c new file mode 100644 index 00000000..5ef39973 --- /dev/null +++ b/sodium/sodium_aead_chacha20poly1305.c @@ -0,0 +1,400 @@ + +#include +#include +#include +#include + +#include "sodium_core.h" +#include "sodium_crypto_aead_chacha20poly1305.h" +#include "sodium_crypto_onetimeauth_poly1305.h" +#include "sodium_crypto_stream_chacha20.h" +#include "sodium_crypto_verify_16.h" +#include "sodium_randombytes.h" +#include "sodium_utils.h" + +#include "sodium_private_chacha20_ietf_ext.h" +#include "sodium_private_common.h" + +static const unsigned char _pad0[16] = { 0 }; + +int +crypto_aead_chacha20poly1305_encrypt_detached(unsigned char *c, + unsigned char *mac, + unsigned long long *maclen_p, + const unsigned char *m, + unsigned long long mlen, + const unsigned char *ad, + unsigned long long adlen, + const unsigned char *nsec, + const unsigned char *npub, + const unsigned char *k) +{ + crypto_onetimeauth_poly1305_state state; + unsigned char block0[64U]; + unsigned char slen[8U]; + + (void) nsec; + crypto_stream_chacha20(block0, sizeof block0, npub, k); + crypto_onetimeauth_poly1305_init(&state, block0); + sodium_memzero(block0, sizeof block0); + + crypto_onetimeauth_poly1305_update(&state, ad, adlen); + STORE64_LE(slen, (uint64_t) adlen); + crypto_onetimeauth_poly1305_update(&state, slen, sizeof slen); + + crypto_stream_chacha20_xor_ic(c, m, mlen, npub, 1U, k); + + crypto_onetimeauth_poly1305_update(&state, c, mlen); + STORE64_LE(slen, (uint64_t) mlen); + crypto_onetimeauth_poly1305_update(&state, slen, sizeof slen); + + crypto_onetimeauth_poly1305_final(&state, mac); + sodium_memzero(&state, sizeof state); + + if (maclen_p != NULL) { + *maclen_p = crypto_aead_chacha20poly1305_ABYTES; + } + return 0; +} + +int +crypto_aead_chacha20poly1305_encrypt(unsigned char *c, + unsigned long long *clen_p, + const unsigned char *m, + unsigned long long mlen, + const unsigned char *ad, + unsigned long long adlen, + const unsigned char *nsec, + const unsigned char *npub, + const unsigned char *k) +{ + unsigned long long clen = 0ULL; + int ret; + + if (mlen > crypto_aead_chacha20poly1305_MESSAGEBYTES_MAX) { + sodium_misuse(); + } + ret = crypto_aead_chacha20poly1305_encrypt_detached(c, + c + mlen, NULL, + m, mlen, + ad, adlen, + nsec, npub, k); + if (clen_p != NULL) { + if (ret == 0) { + clen = mlen + crypto_aead_chacha20poly1305_ABYTES; + } + *clen_p = clen; + } + return ret; +} + +int +crypto_aead_chacha20poly1305_ietf_encrypt_detached(unsigned char *c, + unsigned char *mac, + unsigned long long *maclen_p, + const unsigned char *m, + unsigned long long mlen, + const unsigned char *ad, + unsigned long long adlen, + const unsigned char *nsec, + const unsigned char *npub, + const unsigned char *k) +{ + crypto_onetimeauth_poly1305_state state; + unsigned char block0[64U]; + unsigned char slen[8U]; + + (void) nsec; + crypto_stream_chacha20_ietf(block0, sizeof block0, npub, k); + crypto_onetimeauth_poly1305_init(&state, block0); + sodium_memzero(block0, sizeof block0); + + crypto_onetimeauth_poly1305_update(&state, ad, adlen); + crypto_onetimeauth_poly1305_update(&state, _pad0, (0x10 - adlen) & 0xf); + + crypto_stream_chacha20_ietf_xor_ic(c, m, mlen, npub, 1U, k); + + crypto_onetimeauth_poly1305_update(&state, c, mlen); + crypto_onetimeauth_poly1305_update(&state, _pad0, (0x10 - mlen) & 0xf); + + STORE64_LE(slen, (uint64_t) adlen); + crypto_onetimeauth_poly1305_update(&state, slen, sizeof slen); + + STORE64_LE(slen, (uint64_t) mlen); + crypto_onetimeauth_poly1305_update(&state, slen, sizeof slen); + + crypto_onetimeauth_poly1305_final(&state, mac); + sodium_memzero(&state, sizeof state); + + if (maclen_p != NULL) { + *maclen_p = crypto_aead_chacha20poly1305_ietf_ABYTES; + } + return 0; +} + +int +crypto_aead_chacha20poly1305_ietf_encrypt(unsigned char *c, + unsigned long long *clen_p, + const unsigned char *m, + unsigned long long mlen, + const unsigned char *ad, + unsigned long long adlen, + const unsigned char *nsec, + const unsigned char *npub, + const unsigned char *k) +{ + unsigned long long clen = 0ULL; + int ret; + + if (mlen > crypto_aead_chacha20poly1305_ietf_MESSAGEBYTES_MAX) { + sodium_misuse(); + } + ret = crypto_aead_chacha20poly1305_ietf_encrypt_detached(c, + c + mlen, NULL, + m, mlen, + ad, adlen, + nsec, npub, k); + if (clen_p != NULL) { + if (ret == 0) { + clen = mlen + crypto_aead_chacha20poly1305_ietf_ABYTES; + } + *clen_p = clen; + } + return ret; +} + +int +crypto_aead_chacha20poly1305_decrypt_detached(unsigned char *m, + unsigned char *nsec, + const unsigned char *c, + unsigned long long clen, + const unsigned char *mac, + const unsigned char *ad, + unsigned long long adlen, + const unsigned char *npub, + const unsigned char *k) +{ + crypto_onetimeauth_poly1305_state state; + unsigned char block0[64U]; + unsigned char slen[8U]; + unsigned char computed_mac[crypto_aead_chacha20poly1305_ABYTES]; + unsigned long long mlen; + int ret; + + (void) nsec; + crypto_stream_chacha20(block0, sizeof block0, npub, k); + crypto_onetimeauth_poly1305_init(&state, block0); + sodium_memzero(block0, sizeof block0); + + crypto_onetimeauth_poly1305_update(&state, ad, adlen); + STORE64_LE(slen, (uint64_t) adlen); + crypto_onetimeauth_poly1305_update(&state, slen, sizeof slen); + + mlen = clen; + crypto_onetimeauth_poly1305_update(&state, c, mlen); + STORE64_LE(slen, (uint64_t) mlen); + crypto_onetimeauth_poly1305_update(&state, slen, sizeof slen); + + crypto_onetimeauth_poly1305_final(&state, computed_mac); + sodium_memzero(&state, sizeof state); + + COMPILER_ASSERT(sizeof computed_mac == 16U); + ret = crypto_verify_16(computed_mac, mac); + sodium_memzero(computed_mac, sizeof computed_mac); + if (m == NULL) { + return ret; + } + if (ret != 0) { + memset(m, 0, mlen); + return -1; + } + crypto_stream_chacha20_xor_ic(m, c, mlen, npub, 1U, k); + + return 0; +} + +int +crypto_aead_chacha20poly1305_decrypt(unsigned char *m, + unsigned long long *mlen_p, + unsigned char *nsec, + const unsigned char *c, + unsigned long long clen, + const unsigned char *ad, + unsigned long long adlen, + const unsigned char *npub, + const unsigned char *k) +{ + unsigned long long mlen = 0ULL; + int ret = -1; + + if (clen >= crypto_aead_chacha20poly1305_ABYTES) { + ret = crypto_aead_chacha20poly1305_decrypt_detached + (m, nsec, + c, clen - crypto_aead_chacha20poly1305_ABYTES, + c + clen - crypto_aead_chacha20poly1305_ABYTES, + ad, adlen, npub, k); + } + if (mlen_p != NULL) { + if (ret == 0) { + mlen = clen - crypto_aead_chacha20poly1305_ABYTES; + } + *mlen_p = mlen; + } + return ret; +} + +int +crypto_aead_chacha20poly1305_ietf_decrypt_detached(unsigned char *m, + unsigned char *nsec, + const unsigned char *c, + unsigned long long clen, + const unsigned char *mac, + const unsigned char *ad, + unsigned long long adlen, + const unsigned char *npub, + const unsigned char *k) +{ + crypto_onetimeauth_poly1305_state state; + unsigned char block0[64U]; + unsigned char slen[8U]; + unsigned char computed_mac[crypto_aead_chacha20poly1305_ietf_ABYTES]; + unsigned long long mlen; + int ret; + + (void) nsec; + crypto_stream_chacha20_ietf(block0, sizeof block0, npub, k); + crypto_onetimeauth_poly1305_init(&state, block0); + sodium_memzero(block0, sizeof block0); + + crypto_onetimeauth_poly1305_update(&state, ad, adlen); + crypto_onetimeauth_poly1305_update(&state, _pad0, (0x10 - adlen) & 0xf); + + mlen = clen; + crypto_onetimeauth_poly1305_update(&state, c, mlen); + crypto_onetimeauth_poly1305_update(&state, _pad0, (0x10 - mlen) & 0xf); + + STORE64_LE(slen, (uint64_t) adlen); + crypto_onetimeauth_poly1305_update(&state, slen, sizeof slen); + + STORE64_LE(slen, (uint64_t) mlen); + crypto_onetimeauth_poly1305_update(&state, slen, sizeof slen); + + crypto_onetimeauth_poly1305_final(&state, computed_mac); + sodium_memzero(&state, sizeof state); + + COMPILER_ASSERT(sizeof computed_mac == 16U); + ret = crypto_verify_16(computed_mac, mac); + sodium_memzero(computed_mac, sizeof computed_mac); + if (m == NULL) { + return ret; + } + if (ret != 0) { + memset(m, 0, mlen); + return -1; + } + crypto_stream_chacha20_ietf_xor_ic(m, c, mlen, npub, 1U, k); + + return 0; +} + +int +crypto_aead_chacha20poly1305_ietf_decrypt(unsigned char *m, + unsigned long long *mlen_p, + unsigned char *nsec, + const unsigned char *c, + unsigned long long clen, + const unsigned char *ad, + unsigned long long adlen, + const unsigned char *npub, + const unsigned char *k) +{ + unsigned long long mlen = 0ULL; + int ret = -1; + + if (clen >= crypto_aead_chacha20poly1305_ietf_ABYTES) { + ret = crypto_aead_chacha20poly1305_ietf_decrypt_detached + (m, nsec, + c, clen - crypto_aead_chacha20poly1305_ietf_ABYTES, + c + clen - crypto_aead_chacha20poly1305_ietf_ABYTES, + ad, adlen, npub, k); + } + if (mlen_p != NULL) { + if (ret == 0) { + mlen = clen - crypto_aead_chacha20poly1305_ietf_ABYTES; + } + *mlen_p = mlen; + } + return ret; +} + +size_t +crypto_aead_chacha20poly1305_ietf_keybytes(void) +{ + return crypto_aead_chacha20poly1305_ietf_KEYBYTES; +} + +size_t +crypto_aead_chacha20poly1305_ietf_npubbytes(void) +{ + return crypto_aead_chacha20poly1305_ietf_NPUBBYTES; +} + +size_t +crypto_aead_chacha20poly1305_ietf_nsecbytes(void) +{ + return crypto_aead_chacha20poly1305_ietf_NSECBYTES; +} + +size_t +crypto_aead_chacha20poly1305_ietf_abytes(void) +{ + return crypto_aead_chacha20poly1305_ietf_ABYTES; +} + +size_t +crypto_aead_chacha20poly1305_ietf_messagebytes_max(void) +{ + return crypto_aead_chacha20poly1305_ietf_MESSAGEBYTES_MAX; +} + +void +crypto_aead_chacha20poly1305_ietf_keygen(unsigned char k[crypto_aead_chacha20poly1305_ietf_KEYBYTES]) +{ + randombytes_buf(k, crypto_aead_chacha20poly1305_ietf_KEYBYTES); +} + +size_t +crypto_aead_chacha20poly1305_keybytes(void) +{ + return crypto_aead_chacha20poly1305_KEYBYTES; +} + +size_t +crypto_aead_chacha20poly1305_npubbytes(void) +{ + return crypto_aead_chacha20poly1305_NPUBBYTES; +} + +size_t +crypto_aead_chacha20poly1305_nsecbytes(void) +{ + return crypto_aead_chacha20poly1305_NSECBYTES; +} + +size_t +crypto_aead_chacha20poly1305_abytes(void) +{ + return crypto_aead_chacha20poly1305_ABYTES; +} + +size_t +crypto_aead_chacha20poly1305_messagebytes_max(void) +{ + return crypto_aead_chacha20poly1305_MESSAGEBYTES_MAX; +} + +void +crypto_aead_chacha20poly1305_keygen(unsigned char k[crypto_aead_chacha20poly1305_KEYBYTES]) +{ + randombytes_buf(k, crypto_aead_chacha20poly1305_KEYBYTES); +} diff --git a/sodium/sodium_aead_xchacha20poly1305.c b/sodium/sodium_aead_xchacha20poly1305.c new file mode 100644 index 00000000..74b3f083 --- /dev/null +++ b/sodium/sodium_aead_xchacha20poly1305.c @@ -0,0 +1,262 @@ + +#include +#include +#include +#include + +#include "sodium_core.h" +#include "sodium_crypto_aead_chacha20poly1305.h" +#include "sodium_crypto_aead_xchacha20poly1305.h" +#include "sodium_crypto_core_hchacha20.h" +#include "sodium_crypto_onetimeauth_poly1305.h" +#include "sodium_crypto_stream_chacha20.h" +#include "sodium_crypto_verify_16.h" +#include "sodium_randombytes.h" +#include "sodium_utils.h" + +#include "sodium_private_chacha20_ietf_ext.h" +#include "sodium_private_common.h" + +static const unsigned char _pad0[16] = { 0 }; + +static int +_encrypt_detached(unsigned char *c, + unsigned char *mac, + unsigned long long *maclen_p, + const unsigned char *m, + unsigned long long mlen, + const unsigned char *ad, + unsigned long long adlen, + const unsigned char *nsec, + const unsigned char *npub, + const unsigned char *k) +{ + crypto_onetimeauth_poly1305_state state; + unsigned char block0[64U]; + unsigned char slen[8U]; + + (void) nsec; + crypto_stream_chacha20_ietf_ext(block0, sizeof block0, npub, k); + crypto_onetimeauth_poly1305_init(&state, block0); + sodium_memzero(block0, sizeof block0); + + crypto_onetimeauth_poly1305_update(&state, ad, adlen); + crypto_onetimeauth_poly1305_update(&state, _pad0, (0x10 - adlen) & 0xf); + + crypto_stream_chacha20_ietf_ext_xor_ic(c, m, mlen, npub, 1U, k); + + crypto_onetimeauth_poly1305_update(&state, c, mlen); + crypto_onetimeauth_poly1305_update(&state, _pad0, (0x10 - mlen) & 0xf); + + STORE64_LE(slen, (uint64_t) adlen); + crypto_onetimeauth_poly1305_update(&state, slen, sizeof slen); + + STORE64_LE(slen, (uint64_t) mlen); + crypto_onetimeauth_poly1305_update(&state, slen, sizeof slen); + + crypto_onetimeauth_poly1305_final(&state, mac); + sodium_memzero(&state, sizeof state); + + if (maclen_p != NULL) { + *maclen_p = crypto_aead_chacha20poly1305_ietf_ABYTES; + } + return 0; +} + +static int +_decrypt_detached(unsigned char *m, + unsigned char *nsec, + const unsigned char *c, + unsigned long long clen, + const unsigned char *mac, + const unsigned char *ad, + unsigned long long adlen, + const unsigned char *npub, + const unsigned char *k) +{ + crypto_onetimeauth_poly1305_state state; + unsigned char block0[64U]; + unsigned char slen[8U]; + unsigned char computed_mac[crypto_aead_chacha20poly1305_ietf_ABYTES]; + unsigned long long mlen; + int ret; + + (void) nsec; + crypto_stream_chacha20_ietf_ext(block0, sizeof block0, npub, k); + crypto_onetimeauth_poly1305_init(&state, block0); + sodium_memzero(block0, sizeof block0); + + crypto_onetimeauth_poly1305_update(&state, ad, adlen); + crypto_onetimeauth_poly1305_update(&state, _pad0, (0x10 - adlen) & 0xf); + + mlen = clen; + crypto_onetimeauth_poly1305_update(&state, c, mlen); + crypto_onetimeauth_poly1305_update(&state, _pad0, (0x10 - mlen) & 0xf); + + STORE64_LE(slen, (uint64_t) adlen); + crypto_onetimeauth_poly1305_update(&state, slen, sizeof slen); + + STORE64_LE(slen, (uint64_t) mlen); + crypto_onetimeauth_poly1305_update(&state, slen, sizeof slen); + + crypto_onetimeauth_poly1305_final(&state, computed_mac); + sodium_memzero(&state, sizeof state); + + COMPILER_ASSERT(sizeof computed_mac == 16U); + ret = crypto_verify_16(computed_mac, mac); + sodium_memzero(computed_mac, sizeof computed_mac); + if (m == NULL) { + return ret; + } + if (ret != 0) { + memset(m, 0, mlen); + return -1; + } + crypto_stream_chacha20_ietf_ext_xor_ic(m, c, mlen, npub, 1U, k); + + return 0; +} + +int +crypto_aead_xchacha20poly1305_ietf_encrypt_detached(unsigned char *c, + unsigned char *mac, + unsigned long long *maclen_p, + const unsigned char *m, + unsigned long long mlen, + const unsigned char *ad, + unsigned long long adlen, + const unsigned char *nsec, + const unsigned char *npub, + const unsigned char *k) +{ + unsigned char k2[crypto_core_hchacha20_OUTPUTBYTES]; + unsigned char npub2[crypto_aead_chacha20poly1305_ietf_NPUBBYTES] = { 0 }; + int ret; + + crypto_core_hchacha20(k2, npub, k, NULL); + memcpy(npub2 + 4, npub + crypto_core_hchacha20_INPUTBYTES, + crypto_aead_chacha20poly1305_ietf_NPUBBYTES - 4); + ret = _encrypt_detached(c, mac, maclen_p, m, mlen, ad, adlen, + nsec, npub2, k2); + sodium_memzero(k2, crypto_core_hchacha20_OUTPUTBYTES); + + return ret; +} + +int +crypto_aead_xchacha20poly1305_ietf_encrypt(unsigned char *c, + unsigned long long *clen_p, + const unsigned char *m, + unsigned long long mlen, + const unsigned char *ad, + unsigned long long adlen, + const unsigned char *nsec, + const unsigned char *npub, + const unsigned char *k) +{ + unsigned long long clen = 0ULL; + int ret; + + if (mlen > crypto_aead_xchacha20poly1305_ietf_MESSAGEBYTES_MAX) { + sodium_misuse(); + } + ret = crypto_aead_xchacha20poly1305_ietf_encrypt_detached + (c, c + mlen, NULL, m, mlen, ad, adlen, nsec, npub, k); + if (clen_p != NULL) { + if (ret == 0) { + clen = mlen + crypto_aead_xchacha20poly1305_ietf_ABYTES; + } + *clen_p = clen; + } + return ret; +} + +int +crypto_aead_xchacha20poly1305_ietf_decrypt_detached(unsigned char *m, + unsigned char *nsec, + const unsigned char *c, + unsigned long long clen, + const unsigned char *mac, + const unsigned char *ad, + unsigned long long adlen, + const unsigned char *npub, + const unsigned char *k) +{ + unsigned char k2[crypto_core_hchacha20_OUTPUTBYTES]; + unsigned char npub2[crypto_aead_chacha20poly1305_ietf_NPUBBYTES] = { 0 }; + int ret; + + crypto_core_hchacha20(k2, npub, k, NULL); + memcpy(npub2 + 4, npub + crypto_core_hchacha20_INPUTBYTES, + crypto_aead_chacha20poly1305_ietf_NPUBBYTES - 4); + ret = _decrypt_detached(m, nsec, c, clen, mac, ad, adlen, npub2, k2); + sodium_memzero(k2, crypto_core_hchacha20_OUTPUTBYTES); + + return ret; +} + +int +crypto_aead_xchacha20poly1305_ietf_decrypt(unsigned char *m, + unsigned long long *mlen_p, + unsigned char *nsec, + const unsigned char *c, + unsigned long long clen, + const unsigned char *ad, + unsigned long long adlen, + const unsigned char *npub, + const unsigned char *k) +{ + unsigned long long mlen = 0ULL; + int ret = -1; + + if (clen >= crypto_aead_xchacha20poly1305_ietf_ABYTES) { + ret = crypto_aead_xchacha20poly1305_ietf_decrypt_detached + (m, nsec, + c, clen - crypto_aead_xchacha20poly1305_ietf_ABYTES, + c + clen - crypto_aead_xchacha20poly1305_ietf_ABYTES, + ad, adlen, npub, k); + } + if (mlen_p != NULL) { + if (ret == 0) { + mlen = clen - crypto_aead_xchacha20poly1305_ietf_ABYTES; + } + *mlen_p = mlen; + } + return ret; +} + +size_t +crypto_aead_xchacha20poly1305_ietf_keybytes(void) +{ + return crypto_aead_xchacha20poly1305_ietf_KEYBYTES; +} + +size_t +crypto_aead_xchacha20poly1305_ietf_npubbytes(void) +{ + return crypto_aead_xchacha20poly1305_ietf_NPUBBYTES; +} + +size_t +crypto_aead_xchacha20poly1305_ietf_nsecbytes(void) +{ + return crypto_aead_xchacha20poly1305_ietf_NSECBYTES; +} + +size_t +crypto_aead_xchacha20poly1305_ietf_abytes(void) +{ + return crypto_aead_xchacha20poly1305_ietf_ABYTES; +} + +size_t +crypto_aead_xchacha20poly1305_ietf_messagebytes_max(void) +{ + return crypto_aead_xchacha20poly1305_ietf_MESSAGEBYTES_MAX; +} + +void +crypto_aead_xchacha20poly1305_ietf_keygen(unsigned char k[crypto_aead_xchacha20poly1305_ietf_KEYBYTES]) +{ + randombytes_buf(k, crypto_aead_xchacha20poly1305_ietf_KEYBYTES); +} diff --git a/sodium/sodium_blake2.h b/sodium/sodium_blake2.h new file mode 100644 index 00000000..ad46d82b --- /dev/null +++ b/sodium/sodium_blake2.h @@ -0,0 +1,102 @@ +/* + BLAKE2 reference source code package - reference C implementations + + Written in 2012 by Samuel Neves + + To the extent possible under law, the author(s) have dedicated all copyright + and related and neighboring rights to this software to the public domain + worldwide. This software is distributed without any warranty. + + All code is triple-licensed under the + [CC0](http://creativecommons.org/publicdomain/zero/1.0), the + [OpenSSL Licence](https://www.openssl.org/source/license.html), or + the [Apache Public License 2.0](http://www.apache.org/licenses/LICENSE-2.0), + at your choosing. + */ + +#ifndef blake2_H +#define blake2_H + +#include +#include + +#include "sodium_crypto_generichash_blake2b.h" +#include "sodium_export.h" + +enum blake2b_constant { + BLAKE2B_BLOCKBYTES = 128, + BLAKE2B_OUTBYTES = 64, + BLAKE2B_KEYBYTES = 64, + BLAKE2B_SALTBYTES = 16, + BLAKE2B_PERSONALBYTES = 16 +}; + +#if defined(__IBMC__) || defined(__SUNPRO_C) || defined(__SUNPRO_CC) +#pragma pack(1) +#else +#pragma pack(push, 1) +#endif + +typedef struct blake2b_param_ { + uint8_t digest_length; /* 1 */ + uint8_t key_length; /* 2 */ + uint8_t fanout; /* 3 */ + uint8_t depth; /* 4 */ + uint8_t leaf_length[4]; /* 8 */ + uint8_t node_offset[8]; /* 16 */ + uint8_t node_depth; /* 17 */ + uint8_t inner_length; /* 18 */ + uint8_t reserved[14]; /* 32 */ + uint8_t salt[BLAKE2B_SALTBYTES]; /* 48 */ + uint8_t personal[BLAKE2B_PERSONALBYTES]; /* 64 */ +} blake2b_param; + +typedef struct blake2b_state { + uint64_t h[8]; + uint64_t t[2]; + uint64_t f[2]; + uint8_t buf[2 * 128]; + size_t buflen; + uint8_t last_node; +} blake2b_state; + +#if defined(__IBMC__) || defined(__SUNPRO_C) || defined(__SUNPRO_CC) +#pragma pack() +#else +#pragma pack(pop) +#endif + +/* Streaming API */ +int blake2b_init(blake2b_state *S, const uint8_t outlen); +int blake2b_init_salt_personal(blake2b_state *S, const uint8_t outlen, + const void *salt, const void *personal); +int blake2b_init_key(blake2b_state *S, const uint8_t outlen, const void *key, + const uint8_t keylen); +int blake2b_init_key_salt_personal(blake2b_state *S, const uint8_t outlen, + const void *key, const uint8_t keylen, + const void *salt, const void *personal); +int blake2b_init_param(blake2b_state *S, const blake2b_param *P); +int blake2b_update(blake2b_state *S, const uint8_t *in, uint64_t inlen); +int blake2b_final(blake2b_state *S, uint8_t *out, uint8_t outlen); + +/* Simple API */ +int blake2b(uint8_t *out, const void *in, const void *key, const uint8_t outlen, + const uint64_t inlen, uint8_t keylen); +int blake2b_salt_personal(uint8_t *out, const void *in, const void *key, + const uint8_t outlen, const uint64_t inlen, + uint8_t keylen, const void *salt, + const void *personal); + +typedef int (*blake2b_compress_fn)(blake2b_state *S, + const uint8_t block[BLAKE2B_BLOCKBYTES]); +int blake2b_pick_best_implementation(void); +int blake2b_compress_ref(blake2b_state *S, + const uint8_t block[BLAKE2B_BLOCKBYTES]); +int blake2b_compress_ssse3(blake2b_state *S, + const uint8_t block[BLAKE2B_BLOCKBYTES]); +int blake2b_compress_sse41(blake2b_state *S, + const uint8_t block[BLAKE2B_BLOCKBYTES]); +int blake2b_compress_avx2(blake2b_state *S, + const uint8_t block[BLAKE2B_BLOCKBYTES]); + +#endif diff --git a/sodium/sodium_blake2b-compress-avx2.c b/sodium/sodium_blake2b-compress-avx2.c new file mode 100644 index 00000000..f9fd77d2 --- /dev/null +++ b/sodium/sodium_blake2b-compress-avx2.c @@ -0,0 +1,51 @@ + +#define BLAKE2_USE_SSSE3 +#define BLAKE2_USE_SSE41 +#define BLAKE2_USE_AVX2 + +#include +#include + +#include "sodium_blake2.h" +#include "sodium_private_common.h" +#include "sodium_private_sse2_64_32.h" + +#if defined(HAVE_AVX2INTRIN_H) && defined(HAVE_EMMINTRIN_H) && \ + defined(HAVE_TMMINTRIN_H) && defined(HAVE_SMMINTRIN_H) + +# ifdef __GNUC__ +# pragma GCC target("sse2") +# pragma GCC target("ssse3") +# pragma GCC target("sse4.1") +# pragma GCC target("avx2") +# endif + +# include +# include +# include +# include + +# include "sodium_blake2b-compress-avx2.h" + +CRYPTO_ALIGN(64) +static const uint64_t blake2b_IV[8] = { + 0x6a09e667f3bcc908ULL, 0xbb67ae8584caa73bULL, 0x3c6ef372fe94f82bULL, + 0xa54ff53a5f1d36f1ULL, 0x510e527fade682d1ULL, 0x9b05688c2b3e6c1fULL, + 0x1f83d9abfb41bd6bULL, 0x5be0cd19137e2179ULL +}; + +int +blake2b_compress_avx2(blake2b_state *S, const uint8_t block[BLAKE2B_BLOCKBYTES]) +{ + __m256i a = LOADU(&S->h[0]); + __m256i b = LOADU(&S->h[4]); + BLAKE2B_COMPRESS_V1(a, b, block, S->t[0], S->t[1], S->f[0], S->f[1]); + STOREU(&S->h[0], a); + STOREU(&S->h[4], b); + + return 0; +} + +#endif + +int blake2b_compress_avx2_link_warning_dummy = 0; diff --git a/sodium/sodium_blake2b-compress-avx2.h b/sodium/sodium_blake2b-compress-avx2.h new file mode 100644 index 00000000..a95211da --- /dev/null +++ b/sodium/sodium_blake2b-compress-avx2.h @@ -0,0 +1,142 @@ + +#ifndef blake2b_compress_avx2_H +#define blake2b_compress_avx2_H + +#define LOADU128(p) _mm_loadu_si128((const __m128i *) (p)) +#define STOREU128(p, r) _mm_storeu_si128((__m128i *) (p), r) + +#define LOADU(p) _mm256_loadu_si256((const __m256i *) (p)) +#define STOREU(p, r) _mm256_storeu_si256((__m256i *) (p), r) + +#if defined(__INTEL_COMPILER) || defined(_MSC_VER) || defined(__GNUC__) +# define LOAD(p) _mm256_load_si256((const __m256i *) (p)) +# define STORE(p, r) _mm256_store_si256((__m256i *) (p), r) +#else +# define LOAD(p) LOADU(p) +# define STORE(p, r) STOREU(p, r) +#endif + +static inline uint64_t +LOADU64(const void *p) +{ + uint64_t v; + memcpy(&v, p, sizeof v); + return v; +} + +#define ROTATE16 \ + _mm256_setr_epi8(2, 3, 4, 5, 6, 7, 0, 1, 10, 11, 12, 13, 14, 15, 8, 9, 2, \ + 3, 4, 5, 6, 7, 0, 1, 10, 11, 12, 13, 14, 15, 8, 9) + +#define ROTATE24 \ + _mm256_setr_epi8(3, 4, 5, 6, 7, 0, 1, 2, 11, 12, 13, 14, 15, 8, 9, 10, 3, \ + 4, 5, 6, 7, 0, 1, 2, 11, 12, 13, 14, 15, 8, 9, 10) + +#define ADD(a, b) _mm256_add_epi64(a, b) +#define SUB(a, b) _mm256_sub_epi64(a, b) + +#define XOR(a, b) _mm256_xor_si256(a, b) +#define AND(a, b) _mm256_and_si256(a, b) +#define OR(a, b) _mm256_or_si256(a, b) + +#define ROT32(x) _mm256_shuffle_epi32((x), _MM_SHUFFLE(2, 3, 0, 1)) +#define ROT24(x) _mm256_shuffle_epi8((x), ROTATE24) +#define ROT16(x) _mm256_shuffle_epi8((x), ROTATE16) +#define ROT63(x) _mm256_or_si256(_mm256_srli_epi64((x), 63), ADD((x), (x))) + +#define BLAKE2B_G1_V1(a, b, c, d, m) \ + do { \ + a = ADD(a, m); \ + a = ADD(a, b); \ + d = XOR(d, a); \ + d = ROT32(d); \ + c = ADD(c, d); \ + b = XOR(b, c); \ + b = ROT24(b); \ + } while (0) + +#define BLAKE2B_G2_V1(a, b, c, d, m) \ + do { \ + a = ADD(a, m); \ + a = ADD(a, b); \ + d = XOR(d, a); \ + d = ROT16(d); \ + c = ADD(c, d); \ + b = XOR(b, c); \ + b = ROT63(b); \ + } while (0) + +#define BLAKE2B_DIAG_V1(a, b, c, d) \ + do { \ + d = _mm256_permute4x64_epi64(d, _MM_SHUFFLE(2, 1, 0, 3)); \ + c = _mm256_permute4x64_epi64(c, _MM_SHUFFLE(1, 0, 3, 2)); \ + b = _mm256_permute4x64_epi64(b, _MM_SHUFFLE(0, 3, 2, 1)); \ + } while (0) + +#define BLAKE2B_UNDIAG_V1(a, b, c, d) \ + do { \ + d = _mm256_permute4x64_epi64(d, _MM_SHUFFLE(0, 3, 2, 1)); \ + c = _mm256_permute4x64_epi64(c, _MM_SHUFFLE(1, 0, 3, 2)); \ + b = _mm256_permute4x64_epi64(b, _MM_SHUFFLE(2, 1, 0, 3)); \ + } while (0) + +#include "sodium_blake2b-load-avx2.h" + +#define BLAKE2B_ROUND_V1(a, b, c, d, r, m) \ + do { \ + __m256i b0; \ + BLAKE2B_LOAD_MSG_##r##_1(b0); \ + BLAKE2B_G1_V1(a, b, c, d, b0); \ + BLAKE2B_LOAD_MSG_##r##_2(b0); \ + BLAKE2B_G2_V1(a, b, c, d, b0); \ + BLAKE2B_DIAG_V1(a, b, c, d); \ + BLAKE2B_LOAD_MSG_##r##_3(b0); \ + BLAKE2B_G1_V1(a, b, c, d, b0); \ + BLAKE2B_LOAD_MSG_##r##_4(b0); \ + BLAKE2B_G2_V1(a, b, c, d, b0); \ + BLAKE2B_UNDIAG_V1(a, b, c, d); \ + } while (0) + +#define BLAKE2B_ROUNDS_V1(a, b, c, d, m) \ + do { \ + BLAKE2B_ROUND_V1(a, b, c, d, 0, (m)); \ + BLAKE2B_ROUND_V1(a, b, c, d, 1, (m)); \ + BLAKE2B_ROUND_V1(a, b, c, d, 2, (m)); \ + BLAKE2B_ROUND_V1(a, b, c, d, 3, (m)); \ + BLAKE2B_ROUND_V1(a, b, c, d, 4, (m)); \ + BLAKE2B_ROUND_V1(a, b, c, d, 5, (m)); \ + BLAKE2B_ROUND_V1(a, b, c, d, 6, (m)); \ + BLAKE2B_ROUND_V1(a, b, c, d, 7, (m)); \ + BLAKE2B_ROUND_V1(a, b, c, d, 8, (m)); \ + BLAKE2B_ROUND_V1(a, b, c, d, 9, (m)); \ + BLAKE2B_ROUND_V1(a, b, c, d, 10, (m)); \ + BLAKE2B_ROUND_V1(a, b, c, d, 11, (m)); \ + } while (0) + +#define DECLARE_MESSAGE_WORDS(m) \ + const __m256i m0 = _mm256_broadcastsi128_si256(LOADU128((m) + 0)); \ + const __m256i m1 = _mm256_broadcastsi128_si256(LOADU128((m) + 16)); \ + const __m256i m2 = _mm256_broadcastsi128_si256(LOADU128((m) + 32)); \ + const __m256i m3 = _mm256_broadcastsi128_si256(LOADU128((m) + 48)); \ + const __m256i m4 = _mm256_broadcastsi128_si256(LOADU128((m) + 64)); \ + const __m256i m5 = _mm256_broadcastsi128_si256(LOADU128((m) + 80)); \ + const __m256i m6 = _mm256_broadcastsi128_si256(LOADU128((m) + 96)); \ + const __m256i m7 = _mm256_broadcastsi128_si256(LOADU128((m) + 112)); \ + __m256i t0, t1; + +#define BLAKE2B_COMPRESS_V1(a, b, m, t0, t1, f0, f1) \ + do { \ + DECLARE_MESSAGE_WORDS(m) \ + const __m256i iv0 = a; \ + const __m256i iv1 = b; \ + __m256i c = LOAD(&blake2b_IV[0]); \ + __m256i d = \ + XOR(LOAD(&blake2b_IV[4]), _mm256_set_epi64x(f1, f0, t1, t0)); \ + BLAKE2B_ROUNDS_V1(a, b, c, d, m); \ + a = XOR(a, c); \ + b = XOR(b, d); \ + a = XOR(a, iv0); \ + b = XOR(b, iv1); \ + } while (0) + +#endif diff --git a/sodium/sodium_blake2b-compress-ref.c b/sodium/sodium_blake2b-compress-ref.c new file mode 100644 index 00000000..3f861511 --- /dev/null +++ b/sodium/sodium_blake2b-compress-ref.c @@ -0,0 +1,93 @@ + +#include +#include + +#include "sodium_blake2.h" +#include "sodium_private_common.h" + +CRYPTO_ALIGN(64) +static const uint64_t blake2b_IV[8] = { + 0x6a09e667f3bcc908ULL, 0xbb67ae8584caa73bULL, 0x3c6ef372fe94f82bULL, + 0xa54ff53a5f1d36f1ULL, 0x510e527fade682d1ULL, 0x9b05688c2b3e6c1fULL, + 0x1f83d9abfb41bd6bULL, 0x5be0cd19137e2179ULL +}; + +static const uint8_t blake2b_sigma[12][16] = { + { 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15 }, + { 14, 10, 4, 8, 9, 15, 13, 6, 1, 12, 0, 2, 11, 7, 5, 3 }, + { 11, 8, 12, 0, 5, 2, 15, 13, 10, 14, 3, 6, 7, 1, 9, 4 }, + { 7, 9, 3, 1, 13, 12, 11, 14, 2, 6, 5, 10, 4, 0, 15, 8 }, + { 9, 0, 5, 7, 2, 4, 10, 15, 14, 1, 11, 12, 6, 8, 3, 13 }, + { 2, 12, 6, 10, 0, 11, 8, 3, 4, 13, 7, 5, 15, 14, 1, 9 }, + { 12, 5, 1, 15, 14, 13, 4, 10, 0, 7, 6, 3, 9, 2, 8, 11 }, + { 13, 11, 7, 14, 12, 1, 3, 9, 5, 0, 15, 4, 8, 6, 2, 10 }, + { 6, 15, 14, 9, 11, 3, 0, 8, 12, 2, 13, 7, 1, 4, 10, 5 }, + { 10, 2, 8, 4, 7, 6, 1, 5, 15, 11, 9, 14, 3, 12, 13, 0 }, + { 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15 }, + { 14, 10, 4, 8, 9, 15, 13, 6, 1, 12, 0, 2, 11, 7, 5, 3 } +}; + +int +blake2b_compress_ref(blake2b_state *S, const uint8_t block[BLAKE2B_BLOCKBYTES]) +{ + uint64_t m[16]; + uint64_t v[16]; + int i; + + for (i = 0; i < 16; ++i) { + m[i] = LOAD64_LE(block + i * sizeof(m[i])); + } + for (i = 0; i < 8; ++i) { + v[i] = S->h[i]; + } + v[8] = blake2b_IV[0]; + v[9] = blake2b_IV[1]; + v[10] = blake2b_IV[2]; + v[11] = blake2b_IV[3]; + v[12] = S->t[0] ^ blake2b_IV[4]; + v[13] = S->t[1] ^ blake2b_IV[5]; + v[14] = S->f[0] ^ blake2b_IV[6]; + v[15] = S->f[1] ^ blake2b_IV[7]; +#define G(r, i, a, b, c, d) \ + do { \ + a = a + b + m[blake2b_sigma[r][2 * i + 0]]; \ + d = ROTR64(d ^ a, 32); \ + c = c + d; \ + b = ROTR64(b ^ c, 24); \ + a = a + b + m[blake2b_sigma[r][2 * i + 1]]; \ + d = ROTR64(d ^ a, 16); \ + c = c + d; \ + b = ROTR64(b ^ c, 63); \ + } while (0) +#define ROUND(r) \ + do { \ + G(r, 0, v[0], v[4], v[8], v[12]); \ + G(r, 1, v[1], v[5], v[9], v[13]); \ + G(r, 2, v[2], v[6], v[10], v[14]); \ + G(r, 3, v[3], v[7], v[11], v[15]); \ + G(r, 4, v[0], v[5], v[10], v[15]); \ + G(r, 5, v[1], v[6], v[11], v[12]); \ + G(r, 6, v[2], v[7], v[8], v[13]); \ + G(r, 7, v[3], v[4], v[9], v[14]); \ + } while (0) + ROUND(0); + ROUND(1); + ROUND(2); + ROUND(3); + ROUND(4); + ROUND(5); + ROUND(6); + ROUND(7); + ROUND(8); + ROUND(9); + ROUND(10); + ROUND(11); + + for (i = 0; i < 8; ++i) { + S->h[i] = S->h[i] ^ v[i] ^ v[i + 8]; + } + +#undef G +#undef ROUND + return 0; +} diff --git a/sodium/sodium_blake2b-compress-sse41.c b/sodium/sodium_blake2b-compress-sse41.c new file mode 100644 index 00000000..e3f9e36a --- /dev/null +++ b/sodium/sodium_blake2b-compress-sse41.c @@ -0,0 +1,89 @@ + +#define BLAKE2_USE_SSSE3 +#define BLAKE2_USE_SSE41 + +#include +#include + +#include "sodium_blake2.h" +#include "sodium_private_common.h" +#include "sodium_private_sse2_64_32.h" + +#if defined(HAVE_EMMINTRIN_H) && defined(HAVE_TMMINTRIN_H) && \ + defined(HAVE_SMMINTRIN_H) + +# ifdef __GNUC__ +# pragma GCC target("sse2") +# pragma GCC target("ssse3") +# pragma GCC target("sse4.1") +# endif + +# include +# include +# include + +# include "sodium_blake2b-compress-sse41.h" + +CRYPTO_ALIGN(64) +static const uint64_t blake2b_IV[8] = { + 0x6a09e667f3bcc908ULL, 0xbb67ae8584caa73bULL, 0x3c6ef372fe94f82bULL, + 0xa54ff53a5f1d36f1ULL, 0x510e527fade682d1ULL, 0x9b05688c2b3e6c1fULL, + 0x1f83d9abfb41bd6bULL, 0x5be0cd19137e2179ULL +}; + +int +blake2b_compress_sse41(blake2b_state *S, + const uint8_t block[BLAKE2B_BLOCKBYTES]) +{ + __m128i row1l, row1h; + __m128i row2l, row2h; + __m128i row3l, row3h; + __m128i row4l, row4h; + __m128i b0, b1; + __m128i t0, t1; + const __m128i r16 = + _mm_setr_epi8(2, 3, 4, 5, 6, 7, 0, 1, 10, 11, 12, 13, 14, 15, 8, 9); + const __m128i r24 = + _mm_setr_epi8(3, 4, 5, 6, 7, 0, 1, 2, 11, 12, 13, 14, 15, 8, 9, 10); + const __m128i m0 = LOADU(block + 00); + const __m128i m1 = LOADU(block + 16); + const __m128i m2 = LOADU(block + 32); + const __m128i m3 = LOADU(block + 48); + const __m128i m4 = LOADU(block + 64); + const __m128i m5 = LOADU(block + 80); + const __m128i m6 = LOADU(block + 96); + const __m128i m7 = LOADU(block + 112); + row1l = LOADU(&S->h[0]); + row1h = LOADU(&S->h[2]); + row2l = LOADU(&S->h[4]); + row2h = LOADU(&S->h[6]); + row3l = LOADU(&blake2b_IV[0]); + row3h = LOADU(&blake2b_IV[2]); + row4l = _mm_xor_si128(LOADU(&blake2b_IV[4]), LOADU(&S->t[0])); + row4h = _mm_xor_si128(LOADU(&blake2b_IV[6]), LOADU(&S->f[0])); + ROUND(0); + ROUND(1); + ROUND(2); + ROUND(3); + ROUND(4); + ROUND(5); + ROUND(6); + ROUND(7); + ROUND(8); + ROUND(9); + ROUND(10); + ROUND(11); + row1l = _mm_xor_si128(row3l, row1l); + row1h = _mm_xor_si128(row3h, row1h); + STOREU(&S->h[0], _mm_xor_si128(LOADU(&S->h[0]), row1l)); + STOREU(&S->h[2], _mm_xor_si128(LOADU(&S->h[2]), row1h)); + row2l = _mm_xor_si128(row4l, row2l); + row2h = _mm_xor_si128(row4h, row2h); + STOREU(&S->h[4], _mm_xor_si128(LOADU(&S->h[4]), row2l)); + STOREU(&S->h[6], _mm_xor_si128(LOADU(&S->h[6]), row2h)); + return 0; +} + +#endif + +int blake2b_compress_sse41_link_warning_dummy = 0; diff --git a/sodium/sodium_blake2b-compress-sse41.h b/sodium/sodium_blake2b-compress-sse41.h new file mode 100644 index 00000000..b73362cb --- /dev/null +++ b/sodium/sodium_blake2b-compress-sse41.h @@ -0,0 +1,103 @@ + +#ifndef blake2b_compress_sse41_H +#define blake2b_compress_sse41_H + +#define LOADU(p) _mm_loadu_si128((const __m128i *) (const void *) (p)) +#define STOREU(p, r) _mm_storeu_si128((__m128i *) (void *) (p), r) + +#define _mm_roti_epi64(x, c) \ + (-(c) == 32) \ + ? _mm_shuffle_epi32((x), _MM_SHUFFLE(2, 3, 0, 1)) \ + : (-(c) == 24) \ + ? _mm_shuffle_epi8((x), r24) \ + : (-(c) == 16) \ + ? _mm_shuffle_epi8((x), r16) \ + : (-(c) == 63) \ + ? _mm_xor_si128(_mm_srli_epi64((x), -(c)), \ + _mm_add_epi64((x), (x))) \ + : _mm_xor_si128(_mm_srli_epi64((x), -(c)), \ + _mm_slli_epi64((x), 64 - (-(c)))) + +#define G1(row1l, row2l, row3l, row4l, row1h, row2h, row3h, row4h, b0, b1) \ + row1l = _mm_add_epi64(_mm_add_epi64(row1l, b0), row2l); \ + row1h = _mm_add_epi64(_mm_add_epi64(row1h, b1), row2h); \ + \ + row4l = _mm_xor_si128(row4l, row1l); \ + row4h = _mm_xor_si128(row4h, row1h); \ + \ + row4l = _mm_roti_epi64(row4l, -32); \ + row4h = _mm_roti_epi64(row4h, -32); \ + \ + row3l = _mm_add_epi64(row3l, row4l); \ + row3h = _mm_add_epi64(row3h, row4h); \ + \ + row2l = _mm_xor_si128(row2l, row3l); \ + row2h = _mm_xor_si128(row2h, row3h); \ + \ + row2l = _mm_roti_epi64(row2l, -24); \ + row2h = _mm_roti_epi64(row2h, -24); + +#define G2(row1l, row2l, row3l, row4l, row1h, row2h, row3h, row4h, b0, b1) \ + row1l = _mm_add_epi64(_mm_add_epi64(row1l, b0), row2l); \ + row1h = _mm_add_epi64(_mm_add_epi64(row1h, b1), row2h); \ + \ + row4l = _mm_xor_si128(row4l, row1l); \ + row4h = _mm_xor_si128(row4h, row1h); \ + \ + row4l = _mm_roti_epi64(row4l, -16); \ + row4h = _mm_roti_epi64(row4h, -16); \ + \ + row3l = _mm_add_epi64(row3l, row4l); \ + row3h = _mm_add_epi64(row3h, row4h); \ + \ + row2l = _mm_xor_si128(row2l, row3l); \ + row2h = _mm_xor_si128(row2h, row3h); \ + \ + row2l = _mm_roti_epi64(row2l, -63); \ + row2h = _mm_roti_epi64(row2h, -63); + +#define DIAGONALIZE(row1l, row2l, row3l, row4l, row1h, row2h, row3h, row4h) \ + t0 = _mm_alignr_epi8(row2h, row2l, 8); \ + t1 = _mm_alignr_epi8(row2l, row2h, 8); \ + row2l = t0; \ + row2h = t1; \ + \ + t0 = row3l; \ + row3l = row3h; \ + row3h = t0; \ + \ + t0 = _mm_alignr_epi8(row4h, row4l, 8); \ + t1 = _mm_alignr_epi8(row4l, row4h, 8); \ + row4l = t1; \ + row4h = t0; + +#define UNDIAGONALIZE(row1l, row2l, row3l, row4l, row1h, row2h, row3h, row4h) \ + t0 = _mm_alignr_epi8(row2l, row2h, 8); \ + t1 = _mm_alignr_epi8(row2h, row2l, 8); \ + row2l = t0; \ + row2h = t1; \ + \ + t0 = row3l; \ + row3l = row3h; \ + row3h = t0; \ + \ + t0 = _mm_alignr_epi8(row4l, row4h, 8); \ + t1 = _mm_alignr_epi8(row4h, row4l, 8); \ + row4l = t1; \ + row4h = t0; + +#include "sodium_blake2b-load-sse41.h" + +#define ROUND(r) \ + LOAD_MSG_##r##_1(b0, b1); \ + G1(row1l, row2l, row3l, row4l, row1h, row2h, row3h, row4h, b0, b1); \ + LOAD_MSG_##r##_2(b0, b1); \ + G2(row1l, row2l, row3l, row4l, row1h, row2h, row3h, row4h, b0, b1); \ + DIAGONALIZE(row1l, row2l, row3l, row4l, row1h, row2h, row3h, row4h); \ + LOAD_MSG_##r##_3(b0, b1); \ + G1(row1l, row2l, row3l, row4l, row1h, row2h, row3h, row4h, b0, b1); \ + LOAD_MSG_##r##_4(b0, b1); \ + G2(row1l, row2l, row3l, row4l, row1h, row2h, row3h, row4h, b0, b1); \ + UNDIAGONALIZE(row1l, row2l, row3l, row4l, row1h, row2h, row3h, row4h); + +#endif diff --git a/sodium/sodium_blake2b-compress-ssse3.c b/sodium/sodium_blake2b-compress-ssse3.c new file mode 100644 index 00000000..c87a959c --- /dev/null +++ b/sodium/sodium_blake2b-compress-ssse3.c @@ -0,0 +1,92 @@ + +#include +#include + +#include "sodium_blake2.h" +#include "sodium_private_common.h" +#include "sodium_private_sse2_64_32.h" + +#if defined(HAVE_EMMINTRIN_H) && defined(HAVE_TMMINTRIN_H) + +# ifdef __GNUC__ +# pragma GCC target("sse2") +# pragma GCC target("ssse3") +# endif + +# include +# include + +# include "sodium_blake2b-compress-ssse3.h" + +CRYPTO_ALIGN(64) +static const uint64_t blake2b_IV[8] = { + 0x6a09e667f3bcc908ULL, 0xbb67ae8584caa73bULL, 0x3c6ef372fe94f82bULL, + 0xa54ff53a5f1d36f1ULL, 0x510e527fade682d1ULL, 0x9b05688c2b3e6c1fULL, + 0x1f83d9abfb41bd6bULL, 0x5be0cd19137e2179ULL +}; + +int +blake2b_compress_ssse3(blake2b_state *S, + const uint8_t block[BLAKE2B_BLOCKBYTES]) +{ + __m128i row1l, row1h; + __m128i row2l, row2h; + __m128i row3l, row3h; + __m128i row4l, row4h; + __m128i b0, b1; + __m128i t0, t1; + const __m128i r16 = + _mm_setr_epi8(2, 3, 4, 5, 6, 7, 0, 1, 10, 11, 12, 13, 14, 15, 8, 9); + const __m128i r24 = + _mm_setr_epi8(3, 4, 5, 6, 7, 0, 1, 2, 11, 12, 13, 14, 15, 8, 9, 10); + const uint64_t m0 = ((const uint64_t *) block)[0]; + const uint64_t m1 = ((const uint64_t *) block)[1]; + const uint64_t m2 = ((const uint64_t *) block)[2]; + const uint64_t m3 = ((const uint64_t *) block)[3]; + const uint64_t m4 = ((const uint64_t *) block)[4]; + const uint64_t m5 = ((const uint64_t *) block)[5]; + const uint64_t m6 = ((const uint64_t *) block)[6]; + const uint64_t m7 = ((const uint64_t *) block)[7]; + const uint64_t m8 = ((const uint64_t *) block)[8]; + const uint64_t m9 = ((const uint64_t *) block)[9]; + const uint64_t m10 = ((const uint64_t *) block)[10]; + const uint64_t m11 = ((const uint64_t *) block)[11]; + const uint64_t m12 = ((const uint64_t *) block)[12]; + const uint64_t m13 = ((const uint64_t *) block)[13]; + const uint64_t m14 = ((const uint64_t *) block)[14]; + const uint64_t m15 = ((const uint64_t *) block)[15]; + + row1l = LOADU(&S->h[0]); + row1h = LOADU(&S->h[2]); + row2l = LOADU(&S->h[4]); + row2h = LOADU(&S->h[6]); + row3l = LOADU(&blake2b_IV[0]); + row3h = LOADU(&blake2b_IV[2]); + row4l = _mm_xor_si128(LOADU(&blake2b_IV[4]), LOADU(&S->t[0])); + row4h = _mm_xor_si128(LOADU(&blake2b_IV[6]), LOADU(&S->f[0])); + ROUND(0); + ROUND(1); + ROUND(2); + ROUND(3); + ROUND(4); + ROUND(5); + ROUND(6); + ROUND(7); + ROUND(8); + ROUND(9); + ROUND(10); + ROUND(11); + row1l = _mm_xor_si128(row3l, row1l); + row1h = _mm_xor_si128(row3h, row1h); + STOREU(&S->h[0], _mm_xor_si128(LOADU(&S->h[0]), row1l)); + STOREU(&S->h[2], _mm_xor_si128(LOADU(&S->h[2]), row1h)); + row2l = _mm_xor_si128(row4l, row2l); + row2h = _mm_xor_si128(row4h, row2h); + STOREU(&S->h[4], _mm_xor_si128(LOADU(&S->h[4]), row2l)); + STOREU(&S->h[6], _mm_xor_si128(LOADU(&S->h[6]), row2h)); + return 0; +} + +#endif + +int blake2b_compress_sse3_link_warning_dummy = 0; diff --git a/sodium/sodium_blake2b-compress-ssse3.h b/sodium/sodium_blake2b-compress-ssse3.h new file mode 100644 index 00000000..751fef2e --- /dev/null +++ b/sodium/sodium_blake2b-compress-ssse3.h @@ -0,0 +1,103 @@ + +#ifndef blake2b_compress_ssse3_H +#define blake2b_compress_ssse3_H + +#define LOADU(p) _mm_loadu_si128((const __m128i *) (const void *) (p)) +#define STOREU(p, r) _mm_storeu_si128((__m128i *) (void *) (p), r) + +#define _mm_roti_epi64(x, c) \ + (-(c) == 32) \ + ? _mm_shuffle_epi32((x), _MM_SHUFFLE(2, 3, 0, 1)) \ + : (-(c) == 24) \ + ? _mm_shuffle_epi8((x), r24) \ + : (-(c) == 16) \ + ? _mm_shuffle_epi8((x), r16) \ + : (-(c) == 63) \ + ? _mm_xor_si128(_mm_srli_epi64((x), -(c)), \ + _mm_add_epi64((x), (x))) \ + : _mm_xor_si128(_mm_srli_epi64((x), -(c)), \ + _mm_slli_epi64((x), 64 - (-(c)))) + +#define G1(row1l, row2l, row3l, row4l, row1h, row2h, row3h, row4h, b0, b1) \ + row1l = _mm_add_epi64(_mm_add_epi64(row1l, b0), row2l); \ + row1h = _mm_add_epi64(_mm_add_epi64(row1h, b1), row2h); \ + \ + row4l = _mm_xor_si128(row4l, row1l); \ + row4h = _mm_xor_si128(row4h, row1h); \ + \ + row4l = _mm_roti_epi64(row4l, -32); \ + row4h = _mm_roti_epi64(row4h, -32); \ + \ + row3l = _mm_add_epi64(row3l, row4l); \ + row3h = _mm_add_epi64(row3h, row4h); \ + \ + row2l = _mm_xor_si128(row2l, row3l); \ + row2h = _mm_xor_si128(row2h, row3h); \ + \ + row2l = _mm_roti_epi64(row2l, -24); \ + row2h = _mm_roti_epi64(row2h, -24); + +#define G2(row1l, row2l, row3l, row4l, row1h, row2h, row3h, row4h, b0, b1) \ + row1l = _mm_add_epi64(_mm_add_epi64(row1l, b0), row2l); \ + row1h = _mm_add_epi64(_mm_add_epi64(row1h, b1), row2h); \ + \ + row4l = _mm_xor_si128(row4l, row1l); \ + row4h = _mm_xor_si128(row4h, row1h); \ + \ + row4l = _mm_roti_epi64(row4l, -16); \ + row4h = _mm_roti_epi64(row4h, -16); \ + \ + row3l = _mm_add_epi64(row3l, row4l); \ + row3h = _mm_add_epi64(row3h, row4h); \ + \ + row2l = _mm_xor_si128(row2l, row3l); \ + row2h = _mm_xor_si128(row2h, row3h); \ + \ + row2l = _mm_roti_epi64(row2l, -63); \ + row2h = _mm_roti_epi64(row2h, -63); + +#define DIAGONALIZE(row1l, row2l, row3l, row4l, row1h, row2h, row3h, row4h) \ + t0 = _mm_alignr_epi8(row2h, row2l, 8); \ + t1 = _mm_alignr_epi8(row2l, row2h, 8); \ + row2l = t0; \ + row2h = t1; \ + \ + t0 = row3l; \ + row3l = row3h; \ + row3h = t0; \ + \ + t0 = _mm_alignr_epi8(row4h, row4l, 8); \ + t1 = _mm_alignr_epi8(row4l, row4h, 8); \ + row4l = t1; \ + row4h = t0; + +#define UNDIAGONALIZE(row1l, row2l, row3l, row4l, row1h, row2h, row3h, row4h) \ + t0 = _mm_alignr_epi8(row2l, row2h, 8); \ + t1 = _mm_alignr_epi8(row2h, row2l, 8); \ + row2l = t0; \ + row2h = t1; \ + \ + t0 = row3l; \ + row3l = row3h; \ + row3h = t0; \ + \ + t0 = _mm_alignr_epi8(row4l, row4h, 8); \ + t1 = _mm_alignr_epi8(row4h, row4l, 8); \ + row4l = t1; \ + row4h = t0; + +#include "sodium_blake2b-load-sse2.h" + +#define ROUND(r) \ + LOAD_MSG_##r##_1(b0, b1); \ + G1(row1l, row2l, row3l, row4l, row1h, row2h, row3h, row4h, b0, b1); \ + LOAD_MSG_##r##_2(b0, b1); \ + G2(row1l, row2l, row3l, row4l, row1h, row2h, row3h, row4h, b0, b1); \ + DIAGONALIZE(row1l, row2l, row3l, row4l, row1h, row2h, row3h, row4h); \ + LOAD_MSG_##r##_3(b0, b1); \ + G1(row1l, row2l, row3l, row4l, row1h, row2h, row3h, row4h, b0, b1); \ + LOAD_MSG_##r##_4(b0, b1); \ + G2(row1l, row2l, row3l, row4l, row1h, row2h, row3h, row4h, b0, b1); \ + UNDIAGONALIZE(row1l, row2l, row3l, row4l, row1h, row2h, row3h, row4h); + +#endif diff --git a/sodium/sodium_blake2b-load-avx2.h b/sodium/sodium_blake2b-load-avx2.h new file mode 100644 index 00000000..8c15f177 --- /dev/null +++ b/sodium/sodium_blake2b-load-avx2.h @@ -0,0 +1,340 @@ +#ifndef blake2b_load_avx2_H +#define blake2b_load_avx2_H + +#define BLAKE2B_LOAD_MSG_0_1(b0) \ + do { \ + t0 = _mm256_unpacklo_epi64(m0, m1); \ + t1 = _mm256_unpacklo_epi64(m2, m3); \ + b0 = _mm256_blend_epi32(t0, t1, 0xF0); \ + } while (0) + +#define BLAKE2B_LOAD_MSG_0_2(b0) \ + do { \ + t0 = _mm256_unpackhi_epi64(m0, m1); \ + t1 = _mm256_unpackhi_epi64(m2, m3); \ + b0 = _mm256_blend_epi32(t0, t1, 0xF0); \ + } while (0) + +#define BLAKE2B_LOAD_MSG_0_3(b0) \ + do { \ + t0 = _mm256_unpacklo_epi64(m4, m5); \ + t1 = _mm256_unpacklo_epi64(m6, m7); \ + b0 = _mm256_blend_epi32(t0, t1, 0xF0); \ + } while (0) + +#define BLAKE2B_LOAD_MSG_0_4(b0) \ + do { \ + t0 = _mm256_unpackhi_epi64(m4, m5); \ + t1 = _mm256_unpackhi_epi64(m6, m7); \ + b0 = _mm256_blend_epi32(t0, t1, 0xF0); \ + } while (0) + +#define BLAKE2B_LOAD_MSG_1_1(b0) \ + do { \ + t0 = _mm256_unpacklo_epi64(m7, m2); \ + t1 = _mm256_unpackhi_epi64(m4, m6); \ + b0 = _mm256_blend_epi32(t0, t1, 0xF0); \ + } while (0) + +#define BLAKE2B_LOAD_MSG_1_2(b0) \ + do { \ + t0 = _mm256_unpacklo_epi64(m5, m4); \ + t1 = _mm256_alignr_epi8(m3, m7, 8); \ + b0 = _mm256_blend_epi32(t0, t1, 0xF0); \ + } while (0) + +#define BLAKE2B_LOAD_MSG_1_3(b0) \ + do { \ + t0 = _mm256_shuffle_epi32(m0, _MM_SHUFFLE(1, 0, 3, 2)); \ + t1 = _mm256_unpackhi_epi64(m5, m2); \ + b0 = _mm256_blend_epi32(t0, t1, 0xF0); \ + } while (0) + +#define BLAKE2B_LOAD_MSG_1_4(b0) \ + do { \ + t0 = _mm256_unpacklo_epi64(m6, m1); \ + t1 = _mm256_unpackhi_epi64(m3, m1); \ + b0 = _mm256_blend_epi32(t0, t1, 0xF0); \ + } while (0) + +#define BLAKE2B_LOAD_MSG_2_1(b0) \ + do { \ + t0 = _mm256_alignr_epi8(m6, m5, 8); \ + t1 = _mm256_unpackhi_epi64(m2, m7); \ + b0 = _mm256_blend_epi32(t0, t1, 0xF0); \ + } while (0) + +#define BLAKE2B_LOAD_MSG_2_2(b0) \ + do { \ + t0 = _mm256_unpacklo_epi64(m4, m0); \ + t1 = _mm256_blend_epi32(m6, m1, 0x33); \ + b0 = _mm256_blend_epi32(t0, t1, 0xF0); \ + } while (0) + +#define BLAKE2B_LOAD_MSG_2_3(b0) \ + do { \ + t0 = _mm256_blend_epi32(m1, m5, 0x33); \ + t1 = _mm256_unpackhi_epi64(m3, m4); \ + b0 = _mm256_blend_epi32(t0, t1, 0xF0); \ + } while (0) + +#define BLAKE2B_LOAD_MSG_2_4(b0) \ + do { \ + t0 = _mm256_unpacklo_epi64(m7, m3); \ + t1 = _mm256_alignr_epi8(m2, m0, 8); \ + b0 = _mm256_blend_epi32(t0, t1, 0xF0); \ + } while (0) + +#define BLAKE2B_LOAD_MSG_3_1(b0) \ + do { \ + t0 = _mm256_unpackhi_epi64(m3, m1); \ + t1 = _mm256_unpackhi_epi64(m6, m5); \ + b0 = _mm256_blend_epi32(t0, t1, 0xF0); \ + } while (0) + +#define BLAKE2B_LOAD_MSG_3_2(b0) \ + do { \ + t0 = _mm256_unpackhi_epi64(m4, m0); \ + t1 = _mm256_unpacklo_epi64(m6, m7); \ + b0 = _mm256_blend_epi32(t0, t1, 0xF0); \ + } while (0) + +#define BLAKE2B_LOAD_MSG_3_3(b0) \ + do { \ + t0 = _mm256_blend_epi32(m2, m1, 0x33); \ + t1 = _mm256_blend_epi32(m7, m2, 0x33); \ + b0 = _mm256_blend_epi32(t0, t1, 0xF0); \ + } while (0) + +#define BLAKE2B_LOAD_MSG_3_4(b0) \ + do { \ + t0 = _mm256_unpacklo_epi64(m3, m5); \ + t1 = _mm256_unpacklo_epi64(m0, m4); \ + b0 = _mm256_blend_epi32(t0, t1, 0xF0); \ + } while (0) + +#define BLAKE2B_LOAD_MSG_4_1(b0) \ + do { \ + t0 = _mm256_unpackhi_epi64(m4, m2); \ + t1 = _mm256_unpacklo_epi64(m1, m5); \ + b0 = _mm256_blend_epi32(t0, t1, 0xF0); \ + } while (0) + +#define BLAKE2B_LOAD_MSG_4_2(b0) \ + do { \ + t0 = _mm256_blend_epi32(m3, m0, 0x33); \ + t1 = _mm256_blend_epi32(m7, m2, 0x33); \ + b0 = _mm256_blend_epi32(t0, t1, 0xF0); \ + } while (0) + +#define BLAKE2B_LOAD_MSG_4_3(b0) \ + do { \ + t0 = _mm256_blend_epi32(m5, m7, 0x33); \ + t1 = _mm256_blend_epi32(m1, m3, 0x33); \ + b0 = _mm256_blend_epi32(t0, t1, 0xF0); \ + } while (0) + +#define BLAKE2B_LOAD_MSG_4_4(b0) \ + do { \ + t0 = _mm256_alignr_epi8(m6, m0, 8); \ + t1 = _mm256_blend_epi32(m6, m4, 0x33); \ + b0 = _mm256_blend_epi32(t0, t1, 0xF0); \ + } while (0) + +#define BLAKE2B_LOAD_MSG_5_1(b0) \ + do { \ + t0 = _mm256_unpacklo_epi64(m1, m3); \ + t1 = _mm256_unpacklo_epi64(m0, m4); \ + b0 = _mm256_blend_epi32(t0, t1, 0xF0); \ + } while (0) + +#define BLAKE2B_LOAD_MSG_5_2(b0) \ + do { \ + t0 = _mm256_unpacklo_epi64(m6, m5); \ + t1 = _mm256_unpackhi_epi64(m5, m1); \ + b0 = _mm256_blend_epi32(t0, t1, 0xF0); \ + } while (0) + +#define BLAKE2B_LOAD_MSG_5_3(b0) \ + do { \ + t0 = _mm256_blend_epi32(m3, m2, 0x33); \ + t1 = _mm256_unpackhi_epi64(m7, m0); \ + b0 = _mm256_blend_epi32(t0, t1, 0xF0); \ + } while (0) + +#define BLAKE2B_LOAD_MSG_5_4(b0) \ + do { \ + t0 = _mm256_unpackhi_epi64(m6, m2); \ + t1 = _mm256_blend_epi32(m4, m7, 0x33); \ + b0 = _mm256_blend_epi32(t0, t1, 0xF0); \ + } while (0) + +#define BLAKE2B_LOAD_MSG_6_1(b0) \ + do { \ + t0 = _mm256_blend_epi32(m0, m6, 0x33); \ + t1 = _mm256_unpacklo_epi64(m7, m2); \ + b0 = _mm256_blend_epi32(t0, t1, 0xF0); \ + } while (0) + +#define BLAKE2B_LOAD_MSG_6_2(b0) \ + do { \ + t0 = _mm256_unpackhi_epi64(m2, m7); \ + t1 = _mm256_alignr_epi8(m5, m6, 8); \ + b0 = _mm256_blend_epi32(t0, t1, 0xF0); \ + } while (0) + +#define BLAKE2B_LOAD_MSG_6_3(b0) \ + do { \ + t0 = _mm256_unpacklo_epi64(m0, m3); \ + t1 = _mm256_shuffle_epi32(m4, _MM_SHUFFLE(1, 0, 3, 2)); \ + b0 = _mm256_blend_epi32(t0, t1, 0xF0); \ + } while (0) + +#define BLAKE2B_LOAD_MSG_6_4(b0) \ + do { \ + t0 = _mm256_unpackhi_epi64(m3, m1); \ + t1 = _mm256_blend_epi32(m5, m1, 0x33); \ + b0 = _mm256_blend_epi32(t0, t1, 0xF0); \ + } while (0) + +#define BLAKE2B_LOAD_MSG_7_1(b0) \ + do { \ + t0 = _mm256_unpackhi_epi64(m6, m3); \ + t1 = _mm256_blend_epi32(m1, m6, 0x33); \ + b0 = _mm256_blend_epi32(t0, t1, 0xF0); \ + } while (0) + +#define BLAKE2B_LOAD_MSG_7_2(b0) \ + do { \ + t0 = _mm256_alignr_epi8(m7, m5, 8); \ + t1 = _mm256_unpackhi_epi64(m0, m4); \ + b0 = _mm256_blend_epi32(t0, t1, 0xF0); \ + } while (0) + +#define BLAKE2B_LOAD_MSG_7_3(b0) \ + do { \ + t0 = _mm256_unpackhi_epi64(m2, m7); \ + t1 = _mm256_unpacklo_epi64(m4, m1); \ + b0 = _mm256_blend_epi32(t0, t1, 0xF0); \ + } while (0) + +#define BLAKE2B_LOAD_MSG_7_4(b0) \ + do { \ + t0 = _mm256_unpacklo_epi64(m0, m2); \ + t1 = _mm256_unpacklo_epi64(m3, m5); \ + b0 = _mm256_blend_epi32(t0, t1, 0xF0); \ + } while (0) + +#define BLAKE2B_LOAD_MSG_8_1(b0) \ + do { \ + t0 = _mm256_unpacklo_epi64(m3, m7); \ + t1 = _mm256_alignr_epi8(m0, m5, 8); \ + b0 = _mm256_blend_epi32(t0, t1, 0xF0); \ + } while (0) + +#define BLAKE2B_LOAD_MSG_8_2(b0) \ + do { \ + t0 = _mm256_unpackhi_epi64(m7, m4); \ + t1 = _mm256_alignr_epi8(m4, m1, 8); \ + b0 = _mm256_blend_epi32(t0, t1, 0xF0); \ + } while (0) + +#define BLAKE2B_LOAD_MSG_8_3(b0) \ + do { \ + t0 = m6; \ + t1 = _mm256_alignr_epi8(m5, m0, 8); \ + b0 = _mm256_blend_epi32(t0, t1, 0xF0); \ + } while (0) + +#define BLAKE2B_LOAD_MSG_8_4(b0) \ + do { \ + t0 = _mm256_blend_epi32(m3, m1, 0x33); \ + t1 = m2; \ + b0 = _mm256_blend_epi32(t0, t1, 0xF0); \ + } while (0) + +#define BLAKE2B_LOAD_MSG_9_1(b0) \ + do { \ + t0 = _mm256_unpacklo_epi64(m5, m4); \ + t1 = _mm256_unpackhi_epi64(m3, m0); \ + b0 = _mm256_blend_epi32(t0, t1, 0xF0); \ + } while (0) + +#define BLAKE2B_LOAD_MSG_9_2(b0) \ + do { \ + t0 = _mm256_unpacklo_epi64(m1, m2); \ + t1 = _mm256_blend_epi32(m2, m3, 0x33); \ + b0 = _mm256_blend_epi32(t0, t1, 0xF0); \ + } while (0) + +#define BLAKE2B_LOAD_MSG_9_3(b0) \ + do { \ + t0 = _mm256_unpackhi_epi64(m7, m4); \ + t1 = _mm256_unpackhi_epi64(m1, m6); \ + b0 = _mm256_blend_epi32(t0, t1, 0xF0); \ + } while (0) + +#define BLAKE2B_LOAD_MSG_9_4(b0) \ + do { \ + t0 = _mm256_alignr_epi8(m7, m5, 8); \ + t1 = _mm256_unpacklo_epi64(m6, m0); \ + b0 = _mm256_blend_epi32(t0, t1, 0xF0); \ + } while (0) + +#define BLAKE2B_LOAD_MSG_10_1(b0) \ + do { \ + t0 = _mm256_unpacklo_epi64(m0, m1); \ + t1 = _mm256_unpacklo_epi64(m2, m3); \ + b0 = _mm256_blend_epi32(t0, t1, 0xF0); \ + } while (0) + +#define BLAKE2B_LOAD_MSG_10_2(b0) \ + do { \ + t0 = _mm256_unpackhi_epi64(m0, m1); \ + t1 = _mm256_unpackhi_epi64(m2, m3); \ + b0 = _mm256_blend_epi32(t0, t1, 0xF0); \ + } while (0) + +#define BLAKE2B_LOAD_MSG_10_3(b0) \ + do { \ + t0 = _mm256_unpacklo_epi64(m4, m5); \ + t1 = _mm256_unpacklo_epi64(m6, m7); \ + b0 = _mm256_blend_epi32(t0, t1, 0xF0); \ + } while (0) + +#define BLAKE2B_LOAD_MSG_10_4(b0) \ + do { \ + t0 = _mm256_unpackhi_epi64(m4, m5); \ + t1 = _mm256_unpackhi_epi64(m6, m7); \ + b0 = _mm256_blend_epi32(t0, t1, 0xF0); \ + } while (0) + +#define BLAKE2B_LOAD_MSG_11_1(b0) \ + do { \ + t0 = _mm256_unpacklo_epi64(m7, m2); \ + t1 = _mm256_unpackhi_epi64(m4, m6); \ + b0 = _mm256_blend_epi32(t0, t1, 0xF0); \ + } while (0) + +#define BLAKE2B_LOAD_MSG_11_2(b0) \ + do { \ + t0 = _mm256_unpacklo_epi64(m5, m4); \ + t1 = _mm256_alignr_epi8(m3, m7, 8); \ + b0 = _mm256_blend_epi32(t0, t1, 0xF0); \ + } while (0) + +#define BLAKE2B_LOAD_MSG_11_3(b0) \ + do { \ + t0 = _mm256_shuffle_epi32(m0, _MM_SHUFFLE(1, 0, 3, 2)); \ + t1 = _mm256_unpackhi_epi64(m5, m2); \ + b0 = _mm256_blend_epi32(t0, t1, 0xF0); \ + } while (0) + +#define BLAKE2B_LOAD_MSG_11_4(b0) \ + do { \ + t0 = _mm256_unpacklo_epi64(m6, m1); \ + t1 = _mm256_unpackhi_epi64(m3, m1); \ + b0 = _mm256_blend_epi32(t0, t1, 0xF0); \ + } while (0) + +#endif diff --git a/sodium/sodium_blake2b-load-sse2.h b/sodium/sodium_blake2b-load-sse2.h new file mode 100644 index 00000000..8e67421a --- /dev/null +++ b/sodium/sodium_blake2b-load-sse2.h @@ -0,0 +1,164 @@ +/* + BLAKE2 reference source code package - optimized C implementations + + Written in 2012 by Samuel Neves + + To the extent possible under law, the author(s) have dedicated all copyright + and related and neighboring rights to this software to the public domain + worldwide. This software is distributed without any warranty. + + You should have received a copy of the CC0 Public Domain Dedication along + with + this software. If not, see + . +*/ + +#ifndef blake2b_load_sse2_H +#define blake2b_load_sse2_H + +#define LOAD_MSG_0_1(b0, b1) \ + b0 = _mm_set_epi64x(m2, m0); \ + b1 = _mm_set_epi64x(m6, m4) +#define LOAD_MSG_0_2(b0, b1) \ + b0 = _mm_set_epi64x(m3, m1); \ + b1 = _mm_set_epi64x(m7, m5) +#define LOAD_MSG_0_3(b0, b1) \ + b0 = _mm_set_epi64x(m10, m8); \ + b1 = _mm_set_epi64x(m14, m12) +#define LOAD_MSG_0_4(b0, b1) \ + b0 = _mm_set_epi64x(m11, m9); \ + b1 = _mm_set_epi64x(m15, m13) +#define LOAD_MSG_1_1(b0, b1) \ + b0 = _mm_set_epi64x(m4, m14); \ + b1 = _mm_set_epi64x(m13, m9) +#define LOAD_MSG_1_2(b0, b1) \ + b0 = _mm_set_epi64x(m8, m10); \ + b1 = _mm_set_epi64x(m6, m15) +#define LOAD_MSG_1_3(b0, b1) \ + b0 = _mm_set_epi64x(m0, m1); \ + b1 = _mm_set_epi64x(m5, m11) +#define LOAD_MSG_1_4(b0, b1) \ + b0 = _mm_set_epi64x(m2, m12); \ + b1 = _mm_set_epi64x(m3, m7) +#define LOAD_MSG_2_1(b0, b1) \ + b0 = _mm_set_epi64x(m12, m11); \ + b1 = _mm_set_epi64x(m15, m5) +#define LOAD_MSG_2_2(b0, b1) \ + b0 = _mm_set_epi64x(m0, m8); \ + b1 = _mm_set_epi64x(m13, m2) +#define LOAD_MSG_2_3(b0, b1) \ + b0 = _mm_set_epi64x(m3, m10); \ + b1 = _mm_set_epi64x(m9, m7) +#define LOAD_MSG_2_4(b0, b1) \ + b0 = _mm_set_epi64x(m6, m14); \ + b1 = _mm_set_epi64x(m4, m1) +#define LOAD_MSG_3_1(b0, b1) \ + b0 = _mm_set_epi64x(m3, m7); \ + b1 = _mm_set_epi64x(m11, m13) +#define LOAD_MSG_3_2(b0, b1) \ + b0 = _mm_set_epi64x(m1, m9); \ + b1 = _mm_set_epi64x(m14, m12) +#define LOAD_MSG_3_3(b0, b1) \ + b0 = _mm_set_epi64x(m5, m2); \ + b1 = _mm_set_epi64x(m15, m4) +#define LOAD_MSG_3_4(b0, b1) \ + b0 = _mm_set_epi64x(m10, m6); \ + b1 = _mm_set_epi64x(m8, m0) +#define LOAD_MSG_4_1(b0, b1) \ + b0 = _mm_set_epi64x(m5, m9); \ + b1 = _mm_set_epi64x(m10, m2) +#define LOAD_MSG_4_2(b0, b1) \ + b0 = _mm_set_epi64x(m7, m0); \ + b1 = _mm_set_epi64x(m15, m4) +#define LOAD_MSG_4_3(b0, b1) \ + b0 = _mm_set_epi64x(m11, m14); \ + b1 = _mm_set_epi64x(m3, m6) +#define LOAD_MSG_4_4(b0, b1) \ + b0 = _mm_set_epi64x(m12, m1); \ + b1 = _mm_set_epi64x(m13, m8) +#define LOAD_MSG_5_1(b0, b1) \ + b0 = _mm_set_epi64x(m6, m2); \ + b1 = _mm_set_epi64x(m8, m0) +#define LOAD_MSG_5_2(b0, b1) \ + b0 = _mm_set_epi64x(m10, m12); \ + b1 = _mm_set_epi64x(m3, m11) +#define LOAD_MSG_5_3(b0, b1) \ + b0 = _mm_set_epi64x(m7, m4); \ + b1 = _mm_set_epi64x(m1, m15) +#define LOAD_MSG_5_4(b0, b1) \ + b0 = _mm_set_epi64x(m5, m13); \ + b1 = _mm_set_epi64x(m9, m14) +#define LOAD_MSG_6_1(b0, b1) \ + b0 = _mm_set_epi64x(m1, m12); \ + b1 = _mm_set_epi64x(m4, m14) +#define LOAD_MSG_6_2(b0, b1) \ + b0 = _mm_set_epi64x(m15, m5); \ + b1 = _mm_set_epi64x(m10, m13) +#define LOAD_MSG_6_3(b0, b1) \ + b0 = _mm_set_epi64x(m6, m0); \ + b1 = _mm_set_epi64x(m8, m9) +#define LOAD_MSG_6_4(b0, b1) \ + b0 = _mm_set_epi64x(m3, m7); \ + b1 = _mm_set_epi64x(m11, m2) +#define LOAD_MSG_7_1(b0, b1) \ + b0 = _mm_set_epi64x(m7, m13); \ + b1 = _mm_set_epi64x(m3, m12) +#define LOAD_MSG_7_2(b0, b1) \ + b0 = _mm_set_epi64x(m14, m11); \ + b1 = _mm_set_epi64x(m9, m1) +#define LOAD_MSG_7_3(b0, b1) \ + b0 = _mm_set_epi64x(m15, m5); \ + b1 = _mm_set_epi64x(m2, m8) +#define LOAD_MSG_7_4(b0, b1) \ + b0 = _mm_set_epi64x(m4, m0); \ + b1 = _mm_set_epi64x(m10, m6) +#define LOAD_MSG_8_1(b0, b1) \ + b0 = _mm_set_epi64x(m14, m6); \ + b1 = _mm_set_epi64x(m0, m11) +#define LOAD_MSG_8_2(b0, b1) \ + b0 = _mm_set_epi64x(m9, m15); \ + b1 = _mm_set_epi64x(m8, m3) +#define LOAD_MSG_8_3(b0, b1) \ + b0 = _mm_set_epi64x(m13, m12); \ + b1 = _mm_set_epi64x(m10, m1) +#define LOAD_MSG_8_4(b0, b1) \ + b0 = _mm_set_epi64x(m7, m2); \ + b1 = _mm_set_epi64x(m5, m4) +#define LOAD_MSG_9_1(b0, b1) \ + b0 = _mm_set_epi64x(m8, m10); \ + b1 = _mm_set_epi64x(m1, m7) +#define LOAD_MSG_9_2(b0, b1) \ + b0 = _mm_set_epi64x(m4, m2); \ + b1 = _mm_set_epi64x(m5, m6) +#define LOAD_MSG_9_3(b0, b1) \ + b0 = _mm_set_epi64x(m9, m15); \ + b1 = _mm_set_epi64x(m13, m3) +#define LOAD_MSG_9_4(b0, b1) \ + b0 = _mm_set_epi64x(m14, m11); \ + b1 = _mm_set_epi64x(m0, m12) +#define LOAD_MSG_10_1(b0, b1) \ + b0 = _mm_set_epi64x(m2, m0); \ + b1 = _mm_set_epi64x(m6, m4) +#define LOAD_MSG_10_2(b0, b1) \ + b0 = _mm_set_epi64x(m3, m1); \ + b1 = _mm_set_epi64x(m7, m5) +#define LOAD_MSG_10_3(b0, b1) \ + b0 = _mm_set_epi64x(m10, m8); \ + b1 = _mm_set_epi64x(m14, m12) +#define LOAD_MSG_10_4(b0, b1) \ + b0 = _mm_set_epi64x(m11, m9); \ + b1 = _mm_set_epi64x(m15, m13) +#define LOAD_MSG_11_1(b0, b1) \ + b0 = _mm_set_epi64x(m4, m14); \ + b1 = _mm_set_epi64x(m13, m9) +#define LOAD_MSG_11_2(b0, b1) \ + b0 = _mm_set_epi64x(m8, m10); \ + b1 = _mm_set_epi64x(m6, m15) +#define LOAD_MSG_11_3(b0, b1) \ + b0 = _mm_set_epi64x(m0, m1); \ + b1 = _mm_set_epi64x(m5, m11) +#define LOAD_MSG_11_4(b0, b1) \ + b0 = _mm_set_epi64x(m2, m12); \ + b1 = _mm_set_epi64x(m3, m7) + +#endif diff --git a/sodium/sodium_blake2b-load-sse41.h b/sodium/sodium_blake2b-load-sse41.h new file mode 100644 index 00000000..31745fc1 --- /dev/null +++ b/sodium/sodium_blake2b-load-sse41.h @@ -0,0 +1,307 @@ +/* + BLAKE2 reference source code package - optimized C implementations + + Written in 2012 by Samuel Neves + + To the extent possible under law, the author(s) have dedicated all copyright + and related and neighboring rights to this software to the public domain + worldwide. This software is distributed without any warranty. + + You should have received a copy of the CC0 Public Domain Dedication along + with + this software. If not, see + . +*/ + +#ifndef blake2b_load_sse41_H +#define blake2b_load_sse41_H + +#define LOAD_MSG_0_1(b0, b1) \ + do { \ + b0 = _mm_unpacklo_epi64(m0, m1); \ + b1 = _mm_unpacklo_epi64(m2, m3); \ + } while (0) + +#define LOAD_MSG_0_2(b0, b1) \ + do { \ + b0 = _mm_unpackhi_epi64(m0, m1); \ + b1 = _mm_unpackhi_epi64(m2, m3); \ + } while (0) + +#define LOAD_MSG_0_3(b0, b1) \ + do { \ + b0 = _mm_unpacklo_epi64(m4, m5); \ + b1 = _mm_unpacklo_epi64(m6, m7); \ + } while (0) + +#define LOAD_MSG_0_4(b0, b1) \ + do { \ + b0 = _mm_unpackhi_epi64(m4, m5); \ + b1 = _mm_unpackhi_epi64(m6, m7); \ + } while (0) + +#define LOAD_MSG_1_1(b0, b1) \ + do { \ + b0 = _mm_unpacklo_epi64(m7, m2); \ + b1 = _mm_unpackhi_epi64(m4, m6); \ + } while (0) + +#define LOAD_MSG_1_2(b0, b1) \ + do { \ + b0 = _mm_unpacklo_epi64(m5, m4); \ + b1 = _mm_alignr_epi8(m3, m7, 8); \ + } while (0) + +#define LOAD_MSG_1_3(b0, b1) \ + do { \ + b0 = _mm_shuffle_epi32(m0, _MM_SHUFFLE(1, 0, 3, 2)); \ + b1 = _mm_unpackhi_epi64(m5, m2); \ + } while (0) + +#define LOAD_MSG_1_4(b0, b1) \ + do { \ + b0 = _mm_unpacklo_epi64(m6, m1); \ + b1 = _mm_unpackhi_epi64(m3, m1); \ + } while (0) + +#define LOAD_MSG_2_1(b0, b1) \ + do { \ + b0 = _mm_alignr_epi8(m6, m5, 8); \ + b1 = _mm_unpackhi_epi64(m2, m7); \ + } while (0) + +#define LOAD_MSG_2_2(b0, b1) \ + do { \ + b0 = _mm_unpacklo_epi64(m4, m0); \ + b1 = _mm_blend_epi16(m1, m6, 0xF0); \ + } while (0) + +#define LOAD_MSG_2_3(b0, b1) \ + do { \ + b0 = _mm_blend_epi16(m5, m1, 0xF0); \ + b1 = _mm_unpackhi_epi64(m3, m4); \ + } while (0) + +#define LOAD_MSG_2_4(b0, b1) \ + do { \ + b0 = _mm_unpacklo_epi64(m7, m3); \ + b1 = _mm_alignr_epi8(m2, m0, 8); \ + } while (0) + +#define LOAD_MSG_3_1(b0, b1) \ + do { \ + b0 = _mm_unpackhi_epi64(m3, m1); \ + b1 = _mm_unpackhi_epi64(m6, m5); \ + } while (0) + +#define LOAD_MSG_3_2(b0, b1) \ + do { \ + b0 = _mm_unpackhi_epi64(m4, m0); \ + b1 = _mm_unpacklo_epi64(m6, m7); \ + } while (0) + +#define LOAD_MSG_3_3(b0, b1) \ + do { \ + b0 = _mm_blend_epi16(m1, m2, 0xF0); \ + b1 = _mm_blend_epi16(m2, m7, 0xF0); \ + } while (0) + +#define LOAD_MSG_3_4(b0, b1) \ + do { \ + b0 = _mm_unpacklo_epi64(m3, m5); \ + b1 = _mm_unpacklo_epi64(m0, m4); \ + } while (0) + +#define LOAD_MSG_4_1(b0, b1) \ + do { \ + b0 = _mm_unpackhi_epi64(m4, m2); \ + b1 = _mm_unpacklo_epi64(m1, m5); \ + } while (0) + +#define LOAD_MSG_4_2(b0, b1) \ + do { \ + b0 = _mm_blend_epi16(m0, m3, 0xF0); \ + b1 = _mm_blend_epi16(m2, m7, 0xF0); \ + } while (0) + +#define LOAD_MSG_4_3(b0, b1) \ + do { \ + b0 = _mm_blend_epi16(m7, m5, 0xF0); \ + b1 = _mm_blend_epi16(m3, m1, 0xF0); \ + } while (0) + +#define LOAD_MSG_4_4(b0, b1) \ + do { \ + b0 = _mm_alignr_epi8(m6, m0, 8); \ + b1 = _mm_blend_epi16(m4, m6, 0xF0); \ + } while (0) + +#define LOAD_MSG_5_1(b0, b1) \ + do { \ + b0 = _mm_unpacklo_epi64(m1, m3); \ + b1 = _mm_unpacklo_epi64(m0, m4); \ + } while (0) + +#define LOAD_MSG_5_2(b0, b1) \ + do { \ + b0 = _mm_unpacklo_epi64(m6, m5); \ + b1 = _mm_unpackhi_epi64(m5, m1); \ + } while (0) + +#define LOAD_MSG_5_3(b0, b1) \ + do { \ + b0 = _mm_blend_epi16(m2, m3, 0xF0); \ + b1 = _mm_unpackhi_epi64(m7, m0); \ + } while (0) + +#define LOAD_MSG_5_4(b0, b1) \ + do { \ + b0 = _mm_unpackhi_epi64(m6, m2); \ + b1 = _mm_blend_epi16(m7, m4, 0xF0); \ + } while (0) + +#define LOAD_MSG_6_1(b0, b1) \ + do { \ + b0 = _mm_blend_epi16(m6, m0, 0xF0); \ + b1 = _mm_unpacklo_epi64(m7, m2); \ + } while (0) + +#define LOAD_MSG_6_2(b0, b1) \ + do { \ + b0 = _mm_unpackhi_epi64(m2, m7); \ + b1 = _mm_alignr_epi8(m5, m6, 8); \ + } while (0) + +#define LOAD_MSG_6_3(b0, b1) \ + do { \ + b0 = _mm_unpacklo_epi64(m0, m3); \ + b1 = _mm_shuffle_epi32(m4, _MM_SHUFFLE(1, 0, 3, 2)); \ + } while (0) + +#define LOAD_MSG_6_4(b0, b1) \ + do { \ + b0 = _mm_unpackhi_epi64(m3, m1); \ + b1 = _mm_blend_epi16(m1, m5, 0xF0); \ + } while (0) + +#define LOAD_MSG_7_1(b0, b1) \ + do { \ + b0 = _mm_unpackhi_epi64(m6, m3); \ + b1 = _mm_blend_epi16(m6, m1, 0xF0); \ + } while (0) + +#define LOAD_MSG_7_2(b0, b1) \ + do { \ + b0 = _mm_alignr_epi8(m7, m5, 8); \ + b1 = _mm_unpackhi_epi64(m0, m4); \ + } while (0) + +#define LOAD_MSG_7_3(b0, b1) \ + do { \ + b0 = _mm_unpackhi_epi64(m2, m7); \ + b1 = _mm_unpacklo_epi64(m4, m1); \ + } while (0) + +#define LOAD_MSG_7_4(b0, b1) \ + do { \ + b0 = _mm_unpacklo_epi64(m0, m2); \ + b1 = _mm_unpacklo_epi64(m3, m5); \ + } while (0) + +#define LOAD_MSG_8_1(b0, b1) \ + do { \ + b0 = _mm_unpacklo_epi64(m3, m7); \ + b1 = _mm_alignr_epi8(m0, m5, 8); \ + } while (0) + +#define LOAD_MSG_8_2(b0, b1) \ + do { \ + b0 = _mm_unpackhi_epi64(m7, m4); \ + b1 = _mm_alignr_epi8(m4, m1, 8); \ + } while (0) + +#define LOAD_MSG_8_3(b0, b1) \ + do { \ + b0 = m6; \ + b1 = _mm_alignr_epi8(m5, m0, 8); \ + } while (0) + +#define LOAD_MSG_8_4(b0, b1) \ + do { \ + b0 = _mm_blend_epi16(m1, m3, 0xF0); \ + b1 = m2; \ + } while (0) + +#define LOAD_MSG_9_1(b0, b1) \ + do { \ + b0 = _mm_unpacklo_epi64(m5, m4); \ + b1 = _mm_unpackhi_epi64(m3, m0); \ + } while (0) + +#define LOAD_MSG_9_2(b0, b1) \ + do { \ + b0 = _mm_unpacklo_epi64(m1, m2); \ + b1 = _mm_blend_epi16(m3, m2, 0xF0); \ + } while (0) + +#define LOAD_MSG_9_3(b0, b1) \ + do { \ + b0 = _mm_unpackhi_epi64(m7, m4); \ + b1 = _mm_unpackhi_epi64(m1, m6); \ + } while (0) + +#define LOAD_MSG_9_4(b0, b1) \ + do { \ + b0 = _mm_alignr_epi8(m7, m5, 8); \ + b1 = _mm_unpacklo_epi64(m6, m0); \ + } while (0) + +#define LOAD_MSG_10_1(b0, b1) \ + do { \ + b0 = _mm_unpacklo_epi64(m0, m1); \ + b1 = _mm_unpacklo_epi64(m2, m3); \ + } while (0) + +#define LOAD_MSG_10_2(b0, b1) \ + do { \ + b0 = _mm_unpackhi_epi64(m0, m1); \ + b1 = _mm_unpackhi_epi64(m2, m3); \ + } while (0) + +#define LOAD_MSG_10_3(b0, b1) \ + do { \ + b0 = _mm_unpacklo_epi64(m4, m5); \ + b1 = _mm_unpacklo_epi64(m6, m7); \ + } while (0) + +#define LOAD_MSG_10_4(b0, b1) \ + do { \ + b0 = _mm_unpackhi_epi64(m4, m5); \ + b1 = _mm_unpackhi_epi64(m6, m7); \ + } while (0) + +#define LOAD_MSG_11_1(b0, b1) \ + do { \ + b0 = _mm_unpacklo_epi64(m7, m2); \ + b1 = _mm_unpackhi_epi64(m4, m6); \ + } while (0) + +#define LOAD_MSG_11_2(b0, b1) \ + do { \ + b0 = _mm_unpacklo_epi64(m5, m4); \ + b1 = _mm_alignr_epi8(m3, m7, 8); \ + } while (0) + +#define LOAD_MSG_11_3(b0, b1) \ + do { \ + b0 = _mm_shuffle_epi32(m0, _MM_SHUFFLE(1, 0, 3, 2)); \ + b1 = _mm_unpackhi_epi64(m5, m2); \ + } while (0) + +#define LOAD_MSG_11_4(b0, b1) \ + do { \ + b0 = _mm_unpacklo_epi64(m6, m1); \ + b1 = _mm_unpackhi_epi64(m3, m1); \ + } while (0) + +#endif diff --git a/sodium/sodium_blake2b-ref.c b/sodium/sodium_blake2b-ref.c new file mode 100644 index 00000000..518a415b --- /dev/null +++ b/sodium/sodium_blake2b-ref.c @@ -0,0 +1,453 @@ +/* + BLAKE2 reference source code package - C implementations + + Written in 2012 by Samuel Neves + + To the extent possible under law, the author(s) have dedicated all copyright + and related and neighboring rights to this software to the public domain + worldwide. This software is distributed without any warranty. + + You should have received a copy of the CC0 Public Domain Dedication along + with + this software. If not, see + . +*/ + +#include +#include +#include +#include +#include +#include + +#include "sodium_blake2.h" +#include "sodium_core.h" +#include "sodium_private_common.h" +#include "sodium_runtime.h" +#include "sodium_utils.h" + +static blake2b_compress_fn blake2b_compress = blake2b_compress_ref; + +static const uint64_t blake2b_IV[8] = { + 0x6a09e667f3bcc908ULL, 0xbb67ae8584caa73bULL, 0x3c6ef372fe94f82bULL, + 0xa54ff53a5f1d36f1ULL, 0x510e527fade682d1ULL, 0x9b05688c2b3e6c1fULL, + 0x1f83d9abfb41bd6bULL, 0x5be0cd19137e2179ULL +}; + +/* LCOV_EXCL_START */ +static inline int +blake2b_set_lastnode(blake2b_state *S) +{ + S->f[1] = (uint64_t) -1; + return 0; +} +/* LCOV_EXCL_STOP */ + +static inline int +blake2b_is_lastblock(const blake2b_state *S) +{ + return S->f[0] != 0; +} + +static inline int +blake2b_set_lastblock(blake2b_state *S) +{ + if (S->last_node) { + blake2b_set_lastnode(S); + } + S->f[0] = (uint64_t) -1; + return 0; +} + +static inline int +blake2b_increment_counter(blake2b_state *S, const uint64_t inc) +{ +#ifdef HAVE_TI_MODE + uint128_t t = ((uint128_t) S->t[1] << 64) | S->t[0]; + t += inc; + S->t[0] = (uint64_t)(t >> 0); + S->t[1] = (uint64_t)(t >> 64); +#else + S->t[0] += inc; + S->t[1] += (S->t[0] < inc); +#endif + return 0; +} + +/* Parameter-related functions */ +static inline int +blake2b_param_set_salt(blake2b_param *P, const uint8_t salt[BLAKE2B_SALTBYTES]) +{ + memcpy(P->salt, salt, BLAKE2B_SALTBYTES); + return 0; +} + +static inline int +blake2b_param_set_personal(blake2b_param *P, + const uint8_t personal[BLAKE2B_PERSONALBYTES]) +{ + memcpy(P->personal, personal, BLAKE2B_PERSONALBYTES); + return 0; +} + +static inline int +blake2b_init0(blake2b_state *S) +{ + int i; + + for (i = 0; i < 8; i++) { + S->h[i] = blake2b_IV[i]; + } + /* zero everything between .t and .last_node */ + memset((void *) &S->t, 0, + offsetof(blake2b_state, last_node) + sizeof(S->last_node) + - offsetof(blake2b_state, t)); + return 0; +} + +/* init xors IV with input parameter block */ +int +blake2b_init_param(blake2b_state *S, const blake2b_param *P) +{ + size_t i; + const uint8_t *p; + + COMPILER_ASSERT(sizeof *P == 64); + blake2b_init0(S); + p = (const uint8_t *) (P); + + /* IV XOR ParamBlock */ + for (i = 0; i < 8; i++) { + S->h[i] ^= LOAD64_LE(p + sizeof(S->h[i]) * i); + } + return 0; +} + +int +blake2b_init(blake2b_state *S, const uint8_t outlen) +{ + blake2b_param P[1]; + + if ((!outlen) || (outlen > BLAKE2B_OUTBYTES)) { + sodium_misuse(); + } + P->digest_length = outlen; + P->key_length = 0; + P->fanout = 1; + P->depth = 1; + STORE32_LE(P->leaf_length, 0); + STORE64_LE(P->node_offset, 0); + P->node_depth = 0; + P->inner_length = 0; + memset(P->reserved, 0, sizeof(P->reserved)); + memset(P->salt, 0, sizeof(P->salt)); + memset(P->personal, 0, sizeof(P->personal)); + return blake2b_init_param(S, P); +} + +int +blake2b_init_salt_personal(blake2b_state *S, const uint8_t outlen, + const void *salt, const void *personal) +{ + blake2b_param P[1]; + + if ((!outlen) || (outlen > BLAKE2B_OUTBYTES)) { + sodium_misuse(); + } + P->digest_length = outlen; + P->key_length = 0; + P->fanout = 1; + P->depth = 1; + STORE32_LE(P->leaf_length, 0); + STORE64_LE(P->node_offset, 0); + P->node_depth = 0; + P->inner_length = 0; + memset(P->reserved, 0, sizeof(P->reserved)); + if (salt != NULL) { + blake2b_param_set_salt(P, (const uint8_t *) salt); + } else { + memset(P->salt, 0, sizeof(P->salt)); + } + if (personal != NULL) { + blake2b_param_set_personal(P, (const uint8_t *) personal); + } else { + memset(P->personal, 0, sizeof(P->personal)); + } + return blake2b_init_param(S, P); +} + +int +blake2b_init_key(blake2b_state *S, const uint8_t outlen, const void *key, + const uint8_t keylen) +{ + blake2b_param P[1]; + + if ((!outlen) || (outlen > BLAKE2B_OUTBYTES)) { + sodium_misuse(); + } + if (!key || !keylen || keylen > BLAKE2B_KEYBYTES) { + sodium_misuse(); /* does not return */ + } + P->digest_length = outlen; + P->key_length = keylen; + P->fanout = 1; + P->depth = 1; + STORE32_LE(P->leaf_length, 0); + STORE64_LE(P->node_offset, 0); + P->node_depth = 0; + P->inner_length = 0; + memset(P->reserved, 0, sizeof(P->reserved)); + memset(P->salt, 0, sizeof(P->salt)); + memset(P->personal, 0, sizeof(P->personal)); + + if (blake2b_init_param(S, P) < 0) { + sodium_misuse(); + } + { + uint8_t block[BLAKE2B_BLOCKBYTES]; + memset(block, 0, BLAKE2B_BLOCKBYTES); + memcpy(block, key, keylen); /* key and keylen cannot be 0 */ + blake2b_update(S, block, BLAKE2B_BLOCKBYTES); + sodium_memzero(block, BLAKE2B_BLOCKBYTES); /* Burn the key from stack */ + } + return 0; +} + +int +blake2b_init_key_salt_personal(blake2b_state *S, const uint8_t outlen, + const void *key, const uint8_t keylen, + const void *salt, const void *personal) +{ + blake2b_param P[1]; + + if ((!outlen) || (outlen > BLAKE2B_OUTBYTES)) { + sodium_misuse(); + } + if (!key || !keylen || keylen > BLAKE2B_KEYBYTES) { + sodium_misuse(); /* does not return */ + } + P->digest_length = outlen; + P->key_length = keylen; + P->fanout = 1; + P->depth = 1; + STORE32_LE(P->leaf_length, 0); + STORE64_LE(P->node_offset, 0); + P->node_depth = 0; + P->inner_length = 0; + memset(P->reserved, 0, sizeof(P->reserved)); + if (salt != NULL) { + blake2b_param_set_salt(P, (const uint8_t *) salt); + } else { + memset(P->salt, 0, sizeof(P->salt)); + } + if (personal != NULL) { + blake2b_param_set_personal(P, (const uint8_t *) personal); + } else { + memset(P->personal, 0, sizeof(P->personal)); + } + + if (blake2b_init_param(S, P) < 0) { + sodium_misuse(); + } + { + uint8_t block[BLAKE2B_BLOCKBYTES]; + memset(block, 0, BLAKE2B_BLOCKBYTES); + memcpy(block, key, keylen); /* key and keylen cannot be 0 */ + blake2b_update(S, block, BLAKE2B_BLOCKBYTES); + sodium_memzero(block, BLAKE2B_BLOCKBYTES); /* Burn the key from stack */ + } + return 0; +} + +/* inlen now in bytes */ +int +blake2b_update(blake2b_state *S, const uint8_t *in, uint64_t inlen) +{ + while (inlen > 0) { + size_t left = S->buflen; + size_t fill = 2 * BLAKE2B_BLOCKBYTES - left; + + if (inlen > fill) { + memcpy(S->buf + left, in, fill); /* Fill buffer */ + S->buflen += fill; + blake2b_increment_counter(S, BLAKE2B_BLOCKBYTES); + blake2b_compress(S, S->buf); /* Compress */ + memcpy(S->buf, S->buf + BLAKE2B_BLOCKBYTES, + BLAKE2B_BLOCKBYTES); /* Shift buffer left */ + S->buflen -= BLAKE2B_BLOCKBYTES; + in += fill; + inlen -= fill; + } else /* inlen <= fill */ + { + memcpy(S->buf + left, in, inlen); + S->buflen += inlen; /* Be lazy, do not compress */ + in += inlen; + inlen -= inlen; + } + } + + return 0; +} + +int +blake2b_final(blake2b_state *S, uint8_t *out, uint8_t outlen) +{ + unsigned char buffer[BLAKE2B_OUTBYTES]; + + if (!outlen || outlen > BLAKE2B_OUTBYTES) { + sodium_misuse(); + } + if (blake2b_is_lastblock(S)) { + return -1; + } + if (S->buflen > BLAKE2B_BLOCKBYTES) { + blake2b_increment_counter(S, BLAKE2B_BLOCKBYTES); + blake2b_compress(S, S->buf); + S->buflen -= BLAKE2B_BLOCKBYTES; + assert(S->buflen <= BLAKE2B_BLOCKBYTES); + memcpy(S->buf, S->buf + BLAKE2B_BLOCKBYTES, S->buflen); + } + + blake2b_increment_counter(S, S->buflen); + blake2b_set_lastblock(S); + memset(S->buf + S->buflen, 0, + 2 * BLAKE2B_BLOCKBYTES - S->buflen); /* Padding */ + blake2b_compress(S, S->buf); + + COMPILER_ASSERT(sizeof buffer == 64U); + STORE64_LE(buffer + 8 * 0, S->h[0]); + STORE64_LE(buffer + 8 * 1, S->h[1]); + STORE64_LE(buffer + 8 * 2, S->h[2]); + STORE64_LE(buffer + 8 * 3, S->h[3]); + STORE64_LE(buffer + 8 * 4, S->h[4]); + STORE64_LE(buffer + 8 * 5, S->h[5]); + STORE64_LE(buffer + 8 * 6, S->h[6]); + STORE64_LE(buffer + 8 * 7, S->h[7]); + memcpy(out, buffer, outlen); /* outlen <= BLAKE2B_OUTBYTES (64) */ + + sodium_memzero(S->h, sizeof S->h); + sodium_memzero(S->buf, sizeof S->buf); + + return 0; +} + +/* inlen, at least, should be uint64_t. Others can be size_t. */ +int +blake2b(uint8_t *out, const void *in, const void *key, const uint8_t outlen, + const uint64_t inlen, uint8_t keylen) +{ + CRYPTO_ALIGN(64) blake2b_state S[1]; + + /* Verify parameters */ + if (NULL == in && inlen > 0) { + sodium_misuse(); + } + if (NULL == out) { + sodium_misuse(); + } + if (!outlen || outlen > BLAKE2B_OUTBYTES) { + sodium_misuse(); + } + if (NULL == key && keylen > 0) { + sodium_misuse(); + } + if (keylen > BLAKE2B_KEYBYTES) { + sodium_misuse(); + } + if (keylen > 0) { + if (blake2b_init_key(S, outlen, key, keylen) < 0) { + sodium_misuse(); + } + } else { + if (blake2b_init(S, outlen) < 0) { + sodium_misuse(); + } + } + + blake2b_update(S, (const uint8_t *) in, inlen); + blake2b_final(S, out, outlen); + return 0; +} + +int +blake2b_salt_personal(uint8_t *out, const void *in, const void *key, + const uint8_t outlen, const uint64_t inlen, + uint8_t keylen, const void *salt, const void *personal) +{ + CRYPTO_ALIGN(64) blake2b_state S[1]; + + /* Verify parameters */ + if (NULL == in && inlen > 0) { + sodium_misuse(); + } + if (NULL == out) { + sodium_misuse(); + } + if (!outlen || outlen > BLAKE2B_OUTBYTES) { + sodium_misuse(); + } + if (NULL == key && keylen > 0) { + sodium_misuse(); + } + if (keylen > BLAKE2B_KEYBYTES) { + sodium_misuse(); + } + if (keylen > 0) { + if (blake2b_init_key_salt_personal(S, outlen, key, keylen, salt, + personal) < 0) { + sodium_misuse(); + } + } else { + if (blake2b_init_salt_personal(S, outlen, salt, personal) < 0) { + sodium_misuse(); + } + } + + blake2b_update(S, (const uint8_t *) in, inlen); + blake2b_final(S, out, outlen); + return 0; +} + +int +blake2b_pick_best_implementation(void) +{ +/* LCOV_EXCL_START */ +#if defined(HAVE_AVX2INTRIN_H) && defined(HAVE_TMMINTRIN_H) && \ + defined(HAVE_SMMINTRIN_H) + if (sodium_runtime_has_avx2()) { + #if NETCODE_CRYPTO_LOGS + printf( "blake2b -> avx2\n" ); + #endif // #if NETCODE_CRYPTO_LOGS + blake2b_compress = blake2b_compress_avx2; + return 0; + } +#endif +#if defined(HAVE_EMMINTRIN_H) && defined(HAVE_TMMINTRIN_H) && \ + defined(HAVE_SMMINTRIN_H) + if (sodium_runtime_has_sse41()) { + #if NETCODE_CRYPTO_LOGS + printf( "blake2b -> sse41\n" ); + #endif // #if NETCODE_CRYPTO_LOGS + blake2b_compress = blake2b_compress_sse41; + return 0; + } +#endif +#if defined(HAVE_EMMINTRIN_H) && defined(HAVE_TMMINTRIN_H) + if (sodium_runtime_has_ssse3()) { + #if NETCODE_CRYPTO_LOGS + printf( "blake2b -> ssse3\n" ); + #endif // #if NETCODE_CRYPTO_LOGS + blake2b_compress = blake2b_compress_ssse3; + return 0; + } +#endif + + #if NETCODE_CRYPTO_LOGS + printf( "blake2b -> ref\n" ); + #endif // #if NETCODE_CRYPTO_LOGS + + blake2b_compress = blake2b_compress_ref; + + return 0; + /* LCOV_EXCL_STOP */ +} diff --git a/sodium/sodium_box_curve25519xchacha20poly1305.c b/sodium/sodium_box_curve25519xchacha20poly1305.c new file mode 100644 index 00000000..91d69120 --- /dev/null +++ b/sodium/sodium_box_curve25519xchacha20poly1305.c @@ -0,0 +1,204 @@ + +#include +#include +#include +#include + +#include "sodium_core.h" +#include "sodium_crypto_box_curve25519xchacha20poly1305.h" +#include "sodium_crypto_core_hchacha20.h" +#include "sodium_crypto_hash_sha512.h" +#include "sodium_crypto_scalarmult_curve25519.h" +#include "sodium_crypto_secretbox_xchacha20poly1305.h" +#include "sodium_private_common.h" +#include "sodium_randombytes.h" +#include "sodium_utils.h" + +int +crypto_box_curve25519xchacha20poly1305_seed_keypair(unsigned char *pk, + unsigned char *sk, + const unsigned char *seed) +{ + unsigned char hash[64]; + + crypto_hash_sha512(hash, seed, 32); + memcpy(sk, hash, 32); + sodium_memzero(hash, sizeof hash); + + return crypto_scalarmult_curve25519_base(pk, sk); +} + +int +crypto_box_curve25519xchacha20poly1305_keypair(unsigned char *pk, + unsigned char *sk) +{ + randombytes_buf(sk, 32); + + return crypto_scalarmult_curve25519_base(pk, sk); +} + +int +crypto_box_curve25519xchacha20poly1305_beforenm(unsigned char *k, + const unsigned char *pk, + const unsigned char *sk) +{ + static const unsigned char zero[16] = { 0 }; + unsigned char s[32]; + + if (crypto_scalarmult_curve25519(s, sk, pk) != 0) { + return -1; + } + return crypto_core_hchacha20(k, zero, s, NULL); +} + +int +crypto_box_curve25519xchacha20poly1305_detached_afternm( + unsigned char *c, unsigned char *mac, const unsigned char *m, + unsigned long long mlen, const unsigned char *n, const unsigned char *k) +{ + return crypto_secretbox_xchacha20poly1305_detached(c, mac, m, mlen, n, k); +} + +int +crypto_box_curve25519xchacha20poly1305_detached( + unsigned char *c, unsigned char *mac, const unsigned char *m, + unsigned long long mlen, const unsigned char *n, const unsigned char *pk, + const unsigned char *sk) +{ + unsigned char k[crypto_box_curve25519xchacha20poly1305_BEFORENMBYTES]; + int ret; + + COMPILER_ASSERT(crypto_box_curve25519xchacha20poly1305_BEFORENMBYTES >= + crypto_secretbox_xchacha20poly1305_KEYBYTES); + if (crypto_box_curve25519xchacha20poly1305_beforenm(k, pk, sk) != 0) { + return -1; + } + ret = crypto_box_curve25519xchacha20poly1305_detached_afternm(c, mac, m, + mlen, n, k); + sodium_memzero(k, sizeof k); + + return ret; +} + +int +crypto_box_curve25519xchacha20poly1305_easy_afternm(unsigned char *c, + const unsigned char *m, + unsigned long long mlen, + const unsigned char *n, + const unsigned char *k) +{ + if (mlen > crypto_box_curve25519xchacha20poly1305_MESSAGEBYTES_MAX) { + sodium_misuse(); + } + return crypto_box_curve25519xchacha20poly1305_detached_afternm( + c + crypto_box_curve25519xchacha20poly1305_MACBYTES, c, m, mlen, n, k); +} + +int +crypto_box_curve25519xchacha20poly1305_easy( + unsigned char *c, const unsigned char *m, unsigned long long mlen, + const unsigned char *n, const unsigned char *pk, const unsigned char *sk) +{ + if (mlen > crypto_box_curve25519xchacha20poly1305_MESSAGEBYTES_MAX) { + sodium_misuse(); + } + return crypto_box_curve25519xchacha20poly1305_detached( + c + crypto_box_curve25519xchacha20poly1305_MACBYTES, c, m, mlen, n, pk, + sk); +} + +int +crypto_box_curve25519xchacha20poly1305_open_detached_afternm( + unsigned char *m, const unsigned char *c, const unsigned char *mac, + unsigned long long clen, const unsigned char *n, const unsigned char *k) +{ + return crypto_secretbox_xchacha20poly1305_open_detached(m, c, mac, clen, n, + k); +} + +int +crypto_box_curve25519xchacha20poly1305_open_detached( + unsigned char *m, const unsigned char *c, const unsigned char *mac, + unsigned long long clen, const unsigned char *n, const unsigned char *pk, + const unsigned char *sk) +{ + unsigned char k[crypto_box_curve25519xchacha20poly1305_BEFORENMBYTES]; + int ret; + + if (crypto_box_curve25519xchacha20poly1305_beforenm(k, pk, sk) != 0) { + return -1; + } + ret = crypto_box_curve25519xchacha20poly1305_open_detached_afternm( + m, c, mac, clen, n, k); + sodium_memzero(k, sizeof k); + + return ret; +} + +int +crypto_box_curve25519xchacha20poly1305_open_easy_afternm( + unsigned char *m, const unsigned char *c, unsigned long long clen, + const unsigned char *n, const unsigned char *k) +{ + if (clen < crypto_box_curve25519xchacha20poly1305_MACBYTES) { + return -1; + } + return crypto_box_curve25519xchacha20poly1305_open_detached_afternm( + m, c + crypto_box_curve25519xchacha20poly1305_MACBYTES, c, + clen - crypto_box_curve25519xchacha20poly1305_MACBYTES, n, k); +} + +int +crypto_box_curve25519xchacha20poly1305_open_easy( + unsigned char *m, const unsigned char *c, unsigned long long clen, + const unsigned char *n, const unsigned char *pk, const unsigned char *sk) +{ + if (clen < crypto_box_curve25519xchacha20poly1305_MACBYTES) { + return -1; + } + return crypto_box_curve25519xchacha20poly1305_open_detached( + m, c + crypto_box_curve25519xchacha20poly1305_MACBYTES, c, + clen - crypto_box_curve25519xchacha20poly1305_MACBYTES, n, pk, sk); +} + +size_t +crypto_box_curve25519xchacha20poly1305_seedbytes(void) +{ + return crypto_box_curve25519xchacha20poly1305_SEEDBYTES; +} + +size_t +crypto_box_curve25519xchacha20poly1305_publickeybytes(void) +{ + return crypto_box_curve25519xchacha20poly1305_PUBLICKEYBYTES; +} + +size_t +crypto_box_curve25519xchacha20poly1305_secretkeybytes(void) +{ + return crypto_box_curve25519xchacha20poly1305_SECRETKEYBYTES; +} + +size_t +crypto_box_curve25519xchacha20poly1305_beforenmbytes(void) +{ + return crypto_box_curve25519xchacha20poly1305_BEFORENMBYTES; +} + +size_t +crypto_box_curve25519xchacha20poly1305_noncebytes(void) +{ + return crypto_box_curve25519xchacha20poly1305_NONCEBYTES; +} + +size_t +crypto_box_curve25519xchacha20poly1305_macbytes(void) +{ + return crypto_box_curve25519xchacha20poly1305_MACBYTES; +} + +size_t +crypto_box_curve25519xchacha20poly1305_messagebytes_max(void) +{ + return crypto_box_curve25519xchacha20poly1305_MESSAGEBYTES_MAX; +} diff --git a/sodium/sodium_box_curve25519xsalsa20poly1305.c b/sodium/sodium_box_curve25519xsalsa20poly1305.c new file mode 100644 index 00000000..12327a44 --- /dev/null +++ b/sodium/sodium_box_curve25519xsalsa20poly1305.c @@ -0,0 +1,156 @@ +#include + +#include "sodium_crypto_box_curve25519xsalsa20poly1305.h" +#include "sodium_crypto_core_hsalsa20.h" +#include "sodium_crypto_hash_sha512.h" +#include "sodium_crypto_scalarmult_curve25519.h" +#include "sodium_crypto_secretbox_xsalsa20poly1305.h" +#include "sodium_randombytes.h" +#include "sodium_utils.h" + +int +crypto_box_curve25519xsalsa20poly1305_seed_keypair(unsigned char *pk, + unsigned char *sk, + const unsigned char *seed) +{ + unsigned char hash[64]; + + crypto_hash_sha512(hash, seed, 32); + memcpy(sk, hash, 32); + sodium_memzero(hash, sizeof hash); + + return crypto_scalarmult_curve25519_base(pk, sk); +} + +int +crypto_box_curve25519xsalsa20poly1305_keypair(unsigned char *pk, + unsigned char *sk) +{ + randombytes_buf(sk, 32); + + return crypto_scalarmult_curve25519_base(pk, sk); +} + +int +crypto_box_curve25519xsalsa20poly1305_beforenm(unsigned char *k, + const unsigned char *pk, + const unsigned char *sk) +{ + static const unsigned char zero[16] = { 0 }; + unsigned char s[32]; + + if (crypto_scalarmult_curve25519(s, sk, pk) != 0) { + return -1; + } + return crypto_core_hsalsa20(k, zero, s, NULL); +} + +int +crypto_box_curve25519xsalsa20poly1305_afternm(unsigned char *c, + const unsigned char *m, + unsigned long long mlen, + const unsigned char *n, + const unsigned char *k) +{ + return crypto_secretbox_xsalsa20poly1305(c, m, mlen, n, k); +} + +int +crypto_box_curve25519xsalsa20poly1305_open_afternm(unsigned char *m, + const unsigned char *c, + unsigned long long clen, + const unsigned char *n, + const unsigned char *k) +{ + return crypto_secretbox_xsalsa20poly1305_open(m, c, clen, n, k); +} + +int +crypto_box_curve25519xsalsa20poly1305(unsigned char *c, const unsigned char *m, + unsigned long long mlen, + const unsigned char *n, + const unsigned char *pk, + const unsigned char *sk) +{ + unsigned char k[crypto_box_curve25519xsalsa20poly1305_BEFORENMBYTES]; + int ret; + + if (crypto_box_curve25519xsalsa20poly1305_beforenm(k, pk, sk) != 0) { + return -1; + } + ret = crypto_box_curve25519xsalsa20poly1305_afternm(c, m, mlen, n, k); + sodium_memzero(k, sizeof k); + + return ret; +} + +int +crypto_box_curve25519xsalsa20poly1305_open( + unsigned char *m, const unsigned char *c, unsigned long long clen, + const unsigned char *n, const unsigned char *pk, const unsigned char *sk) +{ + unsigned char k[crypto_box_curve25519xsalsa20poly1305_BEFORENMBYTES]; + int ret; + + if (crypto_box_curve25519xsalsa20poly1305_beforenm(k, pk, sk) != 0) { + return -1; + } + ret = crypto_box_curve25519xsalsa20poly1305_open_afternm(m, c, clen, n, k); + sodium_memzero(k, sizeof k); + + return ret; +} + +size_t +crypto_box_curve25519xsalsa20poly1305_seedbytes(void) +{ + return crypto_box_curve25519xsalsa20poly1305_SEEDBYTES; +} + +size_t +crypto_box_curve25519xsalsa20poly1305_publickeybytes(void) +{ + return crypto_box_curve25519xsalsa20poly1305_PUBLICKEYBYTES; +} + +size_t +crypto_box_curve25519xsalsa20poly1305_secretkeybytes(void) +{ + return crypto_box_curve25519xsalsa20poly1305_SECRETKEYBYTES; +} + +size_t +crypto_box_curve25519xsalsa20poly1305_beforenmbytes(void) +{ + return crypto_box_curve25519xsalsa20poly1305_BEFORENMBYTES; +} + +size_t +crypto_box_curve25519xsalsa20poly1305_noncebytes(void) +{ + return crypto_box_curve25519xsalsa20poly1305_NONCEBYTES; +} + +size_t +crypto_box_curve25519xsalsa20poly1305_zerobytes(void) +{ + return crypto_box_curve25519xsalsa20poly1305_ZEROBYTES; +} + +size_t +crypto_box_curve25519xsalsa20poly1305_boxzerobytes(void) +{ + return crypto_box_curve25519xsalsa20poly1305_BOXZEROBYTES; +} + +size_t +crypto_box_curve25519xsalsa20poly1305_macbytes(void) +{ + return crypto_box_curve25519xsalsa20poly1305_MACBYTES; +} + +size_t +crypto_box_curve25519xsalsa20poly1305_messagebytes_max(void) +{ + return crypto_box_curve25519xsalsa20poly1305_MESSAGEBYTES_MAX; +} diff --git a/sodium/sodium_box_seal_curve25519xchacha20poly1305.c b/sodium/sodium_box_seal_curve25519xchacha20poly1305.c new file mode 100644 index 00000000..6b1422b0 --- /dev/null +++ b/sodium/sodium_box_seal_curve25519xchacha20poly1305.c @@ -0,0 +1,79 @@ + +#include + +#include "sodium_crypto_box_curve25519xchacha20poly1305.h" +#include "sodium_crypto_generichash.h" +#include "sodium_private_common.h" +#include "sodium_utils.h" + +static int +_crypto_box_curve25519xchacha20poly1305_seal_nonce(unsigned char *nonce, + const unsigned char *pk1, + const unsigned char *pk2) +{ + crypto_generichash_state st; + + crypto_generichash_init(&st, NULL, 0U, + crypto_box_curve25519xchacha20poly1305_NONCEBYTES); + crypto_generichash_update(&st, pk1, + crypto_box_curve25519xchacha20poly1305_PUBLICKEYBYTES); + crypto_generichash_update(&st, pk2, + crypto_box_curve25519xchacha20poly1305_PUBLICKEYBYTES); + crypto_generichash_final(&st, nonce, + crypto_box_curve25519xchacha20poly1305_NONCEBYTES); + + return 0; +} + +int +crypto_box_curve25519xchacha20poly1305_seal(unsigned char *c, const unsigned char *m, + unsigned long long mlen, + const unsigned char *pk) +{ + unsigned char nonce[crypto_box_curve25519xchacha20poly1305_NONCEBYTES]; + unsigned char epk[crypto_box_curve25519xchacha20poly1305_PUBLICKEYBYTES]; + unsigned char esk[crypto_box_curve25519xchacha20poly1305_SECRETKEYBYTES]; + int ret; + + if (crypto_box_curve25519xchacha20poly1305_keypair(epk, esk) != 0) { + return -1; /* LCOV_EXCL_LINE */ + } + memcpy(c, epk, crypto_box_curve25519xchacha20poly1305_PUBLICKEYBYTES); + _crypto_box_curve25519xchacha20poly1305_seal_nonce(nonce, epk, pk); + ret = crypto_box_curve25519xchacha20poly1305_easy( + c + crypto_box_curve25519xchacha20poly1305_PUBLICKEYBYTES, m, mlen, + nonce, pk, esk); + sodium_memzero(esk, sizeof esk); + sodium_memzero(epk, sizeof epk); + sodium_memzero(nonce, sizeof nonce); + + return ret; +} + +int +crypto_box_curve25519xchacha20poly1305_seal_open(unsigned char *m, const unsigned char *c, + unsigned long long clen, + const unsigned char *pk, + const unsigned char *sk) +{ + unsigned char nonce[crypto_box_curve25519xchacha20poly1305_NONCEBYTES]; + + if (clen < crypto_box_curve25519xchacha20poly1305_SEALBYTES) { + return -1; + } + _crypto_box_curve25519xchacha20poly1305_seal_nonce(nonce, c, pk); + + COMPILER_ASSERT(crypto_box_curve25519xchacha20poly1305_PUBLICKEYBYTES < + crypto_box_curve25519xchacha20poly1305_SEALBYTES); + + return crypto_box_curve25519xchacha20poly1305_open_easy( + m, c + crypto_box_curve25519xchacha20poly1305_PUBLICKEYBYTES, + clen - crypto_box_curve25519xchacha20poly1305_PUBLICKEYBYTES, + nonce, c, sk); +} + +size_t +crypto_box_curve25519xchacha20poly1305_sealbytes(void) +{ + return crypto_box_curve25519xchacha20poly1305_SEALBYTES; +} diff --git a/sodium/sodium_chacha20-ref.c b/sodium/sodium_chacha20-ref.c new file mode 100644 index 00000000..164d6f32 --- /dev/null +++ b/sodium/sodium_chacha20-ref.c @@ -0,0 +1,312 @@ + +/* + chacha-merged.c version 20080118 + D. J. Bernstein + Public domain. + */ + +#include +#include +#include + +#include "sodium_core.h" +#include "sodium_crypto_stream_chacha20.h" +#include "sodium_private_common.h" +#include "sodium_utils.h" + +#include "sodium_stream_chacha20.h" +#include "sodium_chacha20-ref.h" + +struct chacha_ctx { + uint32_t input[16]; +}; + +typedef struct chacha_ctx chacha_ctx; + +#define U32C(v) (v##U) + +#define U32V(v) ((uint32_t)(v) &U32C(0xFFFFFFFF)) + +#define ROTATE(v, c) (ROTL32(v, c)) +#define XOR(v, w) ((v) ^ (w)) +#define PLUS(v, w) (U32V((v) + (w))) +#define PLUSONE(v) (PLUS((v), 1)) + +#define QUARTERROUND(a, b, c, d) \ + a = PLUS(a, b); \ + d = ROTATE(XOR(d, a), 16); \ + c = PLUS(c, d); \ + b = ROTATE(XOR(b, c), 12); \ + a = PLUS(a, b); \ + d = ROTATE(XOR(d, a), 8); \ + c = PLUS(c, d); \ + b = ROTATE(XOR(b, c), 7); + +static void +chacha_keysetup(chacha_ctx *ctx, const uint8_t *k) +{ + ctx->input[0] = U32C(0x61707865); + ctx->input[1] = U32C(0x3320646e); + ctx->input[2] = U32C(0x79622d32); + ctx->input[3] = U32C(0x6b206574); + ctx->input[4] = LOAD32_LE(k + 0); + ctx->input[5] = LOAD32_LE(k + 4); + ctx->input[6] = LOAD32_LE(k + 8); + ctx->input[7] = LOAD32_LE(k + 12); + ctx->input[8] = LOAD32_LE(k + 16); + ctx->input[9] = LOAD32_LE(k + 20); + ctx->input[10] = LOAD32_LE(k + 24); + ctx->input[11] = LOAD32_LE(k + 28); +} + +static void +chacha_ivsetup(chacha_ctx *ctx, const uint8_t *iv, const uint8_t *counter) +{ + ctx->input[12] = counter == NULL ? 0 : LOAD32_LE(counter + 0); + ctx->input[13] = counter == NULL ? 0 : LOAD32_LE(counter + 4); + ctx->input[14] = LOAD32_LE(iv + 0); + ctx->input[15] = LOAD32_LE(iv + 4); +} + +static void +chacha_ietf_ivsetup(chacha_ctx *ctx, const uint8_t *iv, const uint8_t *counter) +{ + ctx->input[12] = counter == NULL ? 0 : LOAD32_LE(counter); + ctx->input[13] = LOAD32_LE(iv + 0); + ctx->input[14] = LOAD32_LE(iv + 4); + ctx->input[15] = LOAD32_LE(iv + 8); +} + +static void +chacha20_encrypt_bytes(chacha_ctx *ctx, const uint8_t *m, uint8_t *c, + unsigned long long bytes) +{ + uint32_t x0, x1, x2, x3, x4, x5, x6, x7, x8, x9, x10, x11, x12, x13, x14, + x15; + uint32_t j0, j1, j2, j3, j4, j5, j6, j7, j8, j9, j10, j11, j12, j13, j14, + j15; + uint8_t *ctarget = NULL; + uint8_t tmp[64]; + unsigned int i; + + if (!bytes) { + return; /* LCOV_EXCL_LINE */ + } + j0 = ctx->input[0]; + j1 = ctx->input[1]; + j2 = ctx->input[2]; + j3 = ctx->input[3]; + j4 = ctx->input[4]; + j5 = ctx->input[5]; + j6 = ctx->input[6]; + j7 = ctx->input[7]; + j8 = ctx->input[8]; + j9 = ctx->input[9]; + j10 = ctx->input[10]; + j11 = ctx->input[11]; + j12 = ctx->input[12]; + j13 = ctx->input[13]; + j14 = ctx->input[14]; + j15 = ctx->input[15]; + + for (;;) { + if (bytes < 64) { + memset(tmp, 0, 64); + for (i = 0; i < bytes; ++i) { + tmp[i] = m[i]; + } + m = tmp; + ctarget = c; + c = tmp; + } + x0 = j0; + x1 = j1; + x2 = j2; + x3 = j3; + x4 = j4; + x5 = j5; + x6 = j6; + x7 = j7; + x8 = j8; + x9 = j9; + x10 = j10; + x11 = j11; + x12 = j12; + x13 = j13; + x14 = j14; + x15 = j15; + for (i = 20; i > 0; i -= 2) { + QUARTERROUND(x0, x4, x8, x12) + QUARTERROUND(x1, x5, x9, x13) + QUARTERROUND(x2, x6, x10, x14) + QUARTERROUND(x3, x7, x11, x15) + QUARTERROUND(x0, x5, x10, x15) + QUARTERROUND(x1, x6, x11, x12) + QUARTERROUND(x2, x7, x8, x13) + QUARTERROUND(x3, x4, x9, x14) + } + x0 = PLUS(x0, j0); + x1 = PLUS(x1, j1); + x2 = PLUS(x2, j2); + x3 = PLUS(x3, j3); + x4 = PLUS(x4, j4); + x5 = PLUS(x5, j5); + x6 = PLUS(x6, j6); + x7 = PLUS(x7, j7); + x8 = PLUS(x8, j8); + x9 = PLUS(x9, j9); + x10 = PLUS(x10, j10); + x11 = PLUS(x11, j11); + x12 = PLUS(x12, j12); + x13 = PLUS(x13, j13); + x14 = PLUS(x14, j14); + x15 = PLUS(x15, j15); + + x0 = XOR(x0, LOAD32_LE(m + 0)); + x1 = XOR(x1, LOAD32_LE(m + 4)); + x2 = XOR(x2, LOAD32_LE(m + 8)); + x3 = XOR(x3, LOAD32_LE(m + 12)); + x4 = XOR(x4, LOAD32_LE(m + 16)); + x5 = XOR(x5, LOAD32_LE(m + 20)); + x6 = XOR(x6, LOAD32_LE(m + 24)); + x7 = XOR(x7, LOAD32_LE(m + 28)); + x8 = XOR(x8, LOAD32_LE(m + 32)); + x9 = XOR(x9, LOAD32_LE(m + 36)); + x10 = XOR(x10, LOAD32_LE(m + 40)); + x11 = XOR(x11, LOAD32_LE(m + 44)); + x12 = XOR(x12, LOAD32_LE(m + 48)); + x13 = XOR(x13, LOAD32_LE(m + 52)); + x14 = XOR(x14, LOAD32_LE(m + 56)); + x15 = XOR(x15, LOAD32_LE(m + 60)); + + j12 = PLUSONE(j12); + /* LCOV_EXCL_START */ + if (!j12) { + j13 = PLUSONE(j13); + } + /* LCOV_EXCL_STOP */ + + STORE32_LE(c + 0, x0); + STORE32_LE(c + 4, x1); + STORE32_LE(c + 8, x2); + STORE32_LE(c + 12, x3); + STORE32_LE(c + 16, x4); + STORE32_LE(c + 20, x5); + STORE32_LE(c + 24, x6); + STORE32_LE(c + 28, x7); + STORE32_LE(c + 32, x8); + STORE32_LE(c + 36, x9); + STORE32_LE(c + 40, x10); + STORE32_LE(c + 44, x11); + STORE32_LE(c + 48, x12); + STORE32_LE(c + 52, x13); + STORE32_LE(c + 56, x14); + STORE32_LE(c + 60, x15); + + if (bytes <= 64) { + if (bytes < 64) { + for (i = 0; i < (unsigned int) bytes; ++i) { + ctarget[i] = c[i]; /* ctarget cannot be NULL */ + } + } + ctx->input[12] = j12; + ctx->input[13] = j13; + + return; + } + bytes -= 64; + c += 64; + m += 64; + } +} + +static int +stream_ref(unsigned char *c, unsigned long long clen, const unsigned char *n, + const unsigned char *k) +{ + struct chacha_ctx ctx; + + if (!clen) { + return 0; + } + COMPILER_ASSERT(crypto_stream_chacha20_KEYBYTES == 256 / 8); + chacha_keysetup(&ctx, k); + chacha_ivsetup(&ctx, n, NULL); + memset(c, 0, clen); + chacha20_encrypt_bytes(&ctx, c, c, clen); + sodium_memzero(&ctx, sizeof ctx); + + return 0; +} + +static int +stream_ietf_ext_ref(unsigned char *c, unsigned long long clen, + const unsigned char *n, const unsigned char *k) +{ + struct chacha_ctx ctx; + + if (!clen) { + return 0; + } + COMPILER_ASSERT(crypto_stream_chacha20_KEYBYTES == 256 / 8); + chacha_keysetup(&ctx, k); + chacha_ietf_ivsetup(&ctx, n, NULL); + memset(c, 0, clen); + chacha20_encrypt_bytes(&ctx, c, c, clen); + sodium_memzero(&ctx, sizeof ctx); + + return 0; +} + +static int +stream_ref_xor_ic(unsigned char *c, const unsigned char *m, + unsigned long long mlen, const unsigned char *n, uint64_t ic, + const unsigned char *k) +{ + struct chacha_ctx ctx; + uint8_t ic_bytes[8]; + uint32_t ic_high; + uint32_t ic_low; + + if (!mlen) { + return 0; + } + ic_high = U32V(ic >> 32); + ic_low = U32V(ic); + STORE32_LE(&ic_bytes[0], ic_low); + STORE32_LE(&ic_bytes[4], ic_high); + chacha_keysetup(&ctx, k); + chacha_ivsetup(&ctx, n, ic_bytes); + chacha20_encrypt_bytes(&ctx, m, c, mlen); + sodium_memzero(&ctx, sizeof ctx); + + return 0; +} + +static int +stream_ietf_ext_ref_xor_ic(unsigned char *c, const unsigned char *m, + unsigned long long mlen, const unsigned char *n, + uint32_t ic, const unsigned char *k) +{ + struct chacha_ctx ctx; + uint8_t ic_bytes[4]; + + if (!mlen) { + return 0; + } + STORE32_LE(ic_bytes, ic); + chacha_keysetup(&ctx, k); + chacha_ietf_ivsetup(&ctx, n, ic_bytes); + chacha20_encrypt_bytes(&ctx, m, c, mlen); + sodium_memzero(&ctx, sizeof ctx); + + return 0; +} + +struct crypto_stream_chacha20_implementation + crypto_stream_chacha20_ref_implementation = { + SODIUM_C99(.stream =) stream_ref, + SODIUM_C99(.stream_ietf_ext =) stream_ietf_ext_ref, + SODIUM_C99(.stream_xor_ic =) stream_ref_xor_ic, + SODIUM_C99(.stream_ietf_ext_xor_ic =) stream_ietf_ext_ref_xor_ic + }; diff --git a/sodium/sodium_chacha20-ref.h b/sodium/sodium_chacha20-ref.h new file mode 100644 index 00000000..4df4c0f0 --- /dev/null +++ b/sodium/sodium_chacha20-ref.h @@ -0,0 +1,8 @@ + +#include + +#include "sodium_stream_chacha20.h" +#include "sodium_crypto_stream_chacha20.h" + +extern struct crypto_stream_chacha20_implementation + crypto_stream_chacha20_ref_implementation; diff --git a/sodium/sodium_codecs.c b/sodium/sodium_codecs.c new file mode 100644 index 00000000..527c8ccf --- /dev/null +++ b/sodium/sodium_codecs.c @@ -0,0 +1,333 @@ +#include +#include +#include +#include +#include +#include +#include + +#include "sodium_core.h" +#include "sodium_utils.h" + +/* Derived from original code by CodesInChaos */ +char * +sodium_bin2hex(char *const hex, const size_t hex_maxlen, + const unsigned char *const bin, const size_t bin_len) +{ + size_t i = (size_t) 0U; + unsigned int x; + int b; + int c; + + if (bin_len >= SIZE_MAX / 2 || hex_maxlen <= bin_len * 2U) { + sodium_misuse(); /* LCOV_EXCL_LINE */ + } + while (i < bin_len) { + c = bin[i] & 0xf; + b = bin[i] >> 4; + x = (unsigned char) (87U + c + (((c - 10U) >> 8) & ~38U)) << 8 | + (unsigned char) (87U + b + (((b - 10U) >> 8) & ~38U)); + hex[i * 2U] = (char) x; + x >>= 8; + hex[i * 2U + 1U] = (char) x; + i++; + } + hex[i * 2U] = 0U; + + return hex; +} + +int +sodium_hex2bin(unsigned char *const bin, const size_t bin_maxlen, + const char *const hex, const size_t hex_len, + const char *const ignore, size_t *const bin_len, + const char **const hex_end) +{ + size_t bin_pos = (size_t) 0U; + size_t hex_pos = (size_t) 0U; + int ret = 0; + unsigned char c; + unsigned char c_acc = 0U; + unsigned char c_alpha0, c_alpha; + unsigned char c_num0, c_num; + unsigned char c_val; + unsigned char state = 0U; + + while (hex_pos < hex_len) { + c = (unsigned char) hex[hex_pos]; + c_num = c ^ 48U; + c_num0 = (c_num - 10U) >> 8; + c_alpha = (c & ~32U) - 55U; + c_alpha0 = ((c_alpha - 10U) ^ (c_alpha - 16U)) >> 8; + if ((c_num0 | c_alpha0) == 0U) { + if (ignore != NULL && state == 0U && strchr(ignore, c) != NULL) { + hex_pos++; + continue; + } + break; + } + c_val = (c_num0 & c_num) | (c_alpha0 & c_alpha); + if (bin_pos >= bin_maxlen) { + ret = -1; + errno = ERANGE; + break; + } + if (state == 0U) { + c_acc = c_val * 16U; + } else { + bin[bin_pos++] = c_acc | c_val; + } + state = ~state; + hex_pos++; + } + if (state != 0U) { + hex_pos--; + errno = EINVAL; + ret = -1; + } + if (ret != 0) { + bin_pos = (size_t) 0U; + } + if (hex_end != NULL) { + *hex_end = &hex[hex_pos]; + } else if (hex_pos != hex_len) { + errno = EINVAL; + ret = -1; + } + if (bin_len != NULL) { + *bin_len = bin_pos; + } + return ret; +} + +/* + * Some macros for constant-time comparisons. These work over values in + * the 0..255 range. Returned value is 0x00 on "false", 0xFF on "true". + * + * Original code by Thomas Pornin. + */ +#define EQ(x, y) \ + ((((0U - ((unsigned int) (x) ^ (unsigned int) (y))) >> 8) & 0xFF) ^ 0xFF) +#define GT(x, y) ((((unsigned int) (y) - (unsigned int) (x)) >> 8) & 0xFF) +#define GE(x, y) (GT(y, x) ^ 0xFF) +#define LT(x, y) GT(y, x) +#define LE(x, y) GE(y, x) + +static int +b64_byte_to_char(unsigned int x) +{ + return (LT(x, 26) & (x + 'A')) | + (GE(x, 26) & LT(x, 52) & (x + ('a' - 26))) | + (GE(x, 52) & LT(x, 62) & (x + ('0' - 52))) | (EQ(x, 62) & '+') | + (EQ(x, 63) & '/'); +} + +static unsigned int +b64_char_to_byte(int c) +{ + const unsigned int x = + (GE(c, 'A') & LE(c, 'Z') & (c - 'A')) | + (GE(c, 'a') & LE(c, 'z') & (c - ('a' - 26))) | + (GE(c, '0') & LE(c, '9') & (c - ('0' - 52))) | (EQ(c, '+') & 62) | + (EQ(c, '/') & 63); + + return x | (EQ(x, 0) & (EQ(c, 'A') ^ 0xFF)); +} + +static int +b64_byte_to_urlsafe_char(unsigned int x) +{ + return (LT(x, 26) & (x + 'A')) | + (GE(x, 26) & LT(x, 52) & (x + ('a' - 26))) | + (GE(x, 52) & LT(x, 62) & (x + ('0' - 52))) | (EQ(x, 62) & '-') | + (EQ(x, 63) & '_'); +} + +static unsigned int +b64_urlsafe_char_to_byte(int c) +{ + const unsigned x = + (GE(c, 'A') & LE(c, 'Z') & (c - 'A')) | + (GE(c, 'a') & LE(c, 'z') & (c - ('a' - 26))) | + (GE(c, '0') & LE(c, '9') & (c - ('0' - 52))) | (EQ(c, '-') & 62) | + (EQ(c, '_') & 63); + + return x | (EQ(x, 0) & (EQ(c, 'A') ^ 0xFF)); +} + + +#define VARIANT_NO_PADDING_MASK 0x2U +#define VARIANT_URLSAFE_MASK 0x4U + +static void +sodium_base64_check_variant(const int variant) +{ + if ((((unsigned int) variant) & ~ 0x6U) != 0x1U) { + sodium_misuse(); + } +} + +size_t +sodium_base64_encoded_len(const size_t bin_len, const int variant) +{ + sodium_base64_check_variant(variant); + + return sodium_base64_ENCODED_LEN(bin_len, variant); +} + +char * +sodium_bin2base64(char * const b64, const size_t b64_maxlen, + const unsigned char * const bin, const size_t bin_len, + const int variant) +{ + size_t acc_len = (size_t) 0; + size_t b64_len; + size_t b64_pos = (size_t) 0; + size_t bin_pos = (size_t) 0; + size_t nibbles; + size_t remainder; + unsigned int acc = 0U; + + sodium_base64_check_variant(variant); + nibbles = bin_len / 3; + remainder = bin_len - 3 * nibbles; + b64_len = nibbles * 4; + if (remainder != 0) { + if ((((unsigned int) variant) & VARIANT_NO_PADDING_MASK) == 0U) { + b64_len += 4; + } else { + b64_len += 2 + (remainder >> 1); + } + } + if (b64_maxlen <= b64_len) { + sodium_misuse(); + } + if ((((unsigned int) variant) & VARIANT_URLSAFE_MASK) != 0U) { + while (bin_pos < bin_len) { + acc = (acc << 8) + bin[bin_pos++]; + acc_len += 8; + while (acc_len >= 6) { + acc_len -= 6; + b64[b64_pos++] = (char) b64_byte_to_urlsafe_char((acc >> acc_len) & 0x3F); + } + } + if (acc_len > 0) { + b64[b64_pos++] = (char) b64_byte_to_urlsafe_char((acc << (6 - acc_len)) & 0x3F); + } + } else { + while (bin_pos < bin_len) { + acc = (acc << 8) + bin[bin_pos++]; + acc_len += 8; + while (acc_len >= 6) { + acc_len -= 6; + b64[b64_pos++] = (char) b64_byte_to_char((acc >> acc_len) & 0x3F); + } + } + if (acc_len > 0) { + b64[b64_pos++] = (char) b64_byte_to_char((acc << (6 - acc_len)) & 0x3F); + } + } + assert(b64_pos <= b64_len); + while (b64_pos < b64_len) { + b64[b64_pos++] = '='; + } + do { + b64[b64_pos++] = 0U; + } while (b64_pos < b64_maxlen); + + return b64; +} + +static int +_sodium_base642bin_skip_padding(const char * const b64, const size_t b64_len, + size_t * const b64_pos_p, + const char * const ignore, size_t padding_len) +{ + int c; + + while (padding_len > 0) { + if (*b64_pos_p >= b64_len) { + errno = ERANGE; + return -1; + } + c = b64[*b64_pos_p]; + if (c == '=') { + padding_len--; + } else if (ignore == NULL || strchr(ignore, c) == NULL) { + errno = EINVAL; + return -1; + } + (*b64_pos_p)++; + } + return 0; +} + +int +sodium_base642bin(unsigned char * const bin, const size_t bin_maxlen, + const char * const b64, const size_t b64_len, + const char * const ignore, size_t * const bin_len, + const char ** const b64_end, const int variant) +{ + size_t acc_len = (size_t) 0; + size_t b64_pos = (size_t) 0; + size_t bin_pos = (size_t) 0; + int is_urlsafe; + int ret = 0; + unsigned int acc = 0U; + unsigned int d; + char c; + + sodium_base64_check_variant(variant); + is_urlsafe = ((unsigned int) variant) & VARIANT_URLSAFE_MASK; + while (b64_pos < b64_len) { + c = b64[b64_pos]; + if (is_urlsafe) { + d = b64_urlsafe_char_to_byte(c); + } else { + d = b64_char_to_byte(c); + } + if (d == 0xFF) { + if (ignore != NULL && strchr(ignore, c) != NULL) { + b64_pos++; + continue; + } + break; + } + acc = (acc << 6) + d; + acc_len += 6; + if (acc_len >= 8) { + acc_len -= 8; + if (bin_pos >= bin_maxlen) { + errno = ERANGE; + ret = -1; + break; + } + bin[bin_pos++] = (acc >> acc_len) & 0xFF; + } + b64_pos++; + } + if (acc_len > 4U || (acc & ((1U << acc_len) - 1U)) != 0U) { + ret = -1; + } else if (ret == 0 && + (((unsigned int) variant) & VARIANT_NO_PADDING_MASK) == 0U) { + ret = _sodium_base642bin_skip_padding(b64, b64_len, &b64_pos, ignore, + acc_len / 2); + } + if (ret != 0) { + bin_pos = (size_t) 0U; + } else if (ignore != NULL) { + while (b64_pos < b64_len && strchr(ignore, b64[b64_pos]) != NULL) { + b64_pos++; + } + } + if (b64_end != NULL) { + *b64_end = &b64[b64_pos]; + } else if (b64_pos != b64_len) { + errno = EINVAL; + ret = -1; + } + if (bin_len != NULL) { + *bin_len = bin_pos; + } + return ret; +} diff --git a/sodium/sodium_core.c b/sodium/sodium_core.c new file mode 100644 index 00000000..8c432bf0 --- /dev/null +++ b/sodium/sodium_core.c @@ -0,0 +1,218 @@ + +#include +#include +#include +#include +#ifdef _WIN32 +# include +#elif defined(HAVE_PTHREAD) +# include +#endif + +#include "sodium_core.h" +#include "sodium_crypto_generichash.h" +#include "sodium_crypto_onetimeauth.h" +#include "sodium_crypto_scalarmult.h" +#include "sodium_crypto_stream_chacha20.h" +#include "sodium_crypto_stream_salsa20.h" +#include "sodium_randombytes.h" +#include "sodium_runtime.h" +#include "sodium_utils.h" +#include "sodium_private_implementations.h" +#include "sodium_private_mutex.h" + +static volatile int initialized; +#ifdef _WIN32 +static volatile int locked; +#endif // #ifdef _WIN32 + +int +sodium_init(void) +{ + if (sodium_crit_enter() != 0) { + return -1; /* LCOV_EXCL_LINE */ + } + if (initialized != 0) { + if (sodium_crit_leave() != 0) { + return -1; /* LCOV_EXCL_LINE */ + } + return 1; + } + _sodium_runtime_get_cpu_features(); + randombytes_stir(); + _sodium_alloc_init(); + _crypto_generichash_blake2b_pick_best_implementation(); + _crypto_onetimeauth_poly1305_pick_best_implementation(); + _crypto_scalarmult_curve25519_pick_best_implementation(); + _crypto_stream_chacha20_pick_best_implementation(); + _crypto_stream_salsa20_pick_best_implementation(); + initialized = 1; + if (sodium_crit_leave() != 0) { + return -1; /* LCOV_EXCL_LINE */ + } + #if NETCODE_CRYPTO_LOGS + printf( "\n" ); + #endif // #if NETCODE_CRYPTO_LOGS + return 0; +} + +#ifdef _WIN32 + +static CRITICAL_SECTION _sodium_lock; +static volatile LONG _sodium_lock_initialized; + +int +_sodium_crit_init(void) +{ + LONG status = 0L; + + while ((status = InterlockedCompareExchange(&_sodium_lock_initialized, + 1L, 0L)) == 1L) { + Sleep(0); + } + + switch (status) { + case 0L: + InitializeCriticalSection(&_sodium_lock); + return InterlockedExchange(&_sodium_lock_initialized, 2L) == 1L ? 0 : -1; + case 2L: + return 0; + default: /* should never be reached */ + return -1; + } +} + +int +sodium_crit_enter(void) +{ + if (_sodium_crit_init() != 0) { + return -1; /* LCOV_EXCL_LINE */ + } + EnterCriticalSection(&_sodium_lock); + assert(locked == 0); + locked = 1; + + return 0; +} + +int +sodium_crit_leave(void) +{ + if (locked == 0) { +# ifdef EPERM + errno = EPERM; +# endif + return -1; + } + locked = 0; + LeaveCriticalSection(&_sodium_lock); + + return 0; +} + +#elif defined(HAVE_PTHREAD) && !defined(__EMSCRIPTEN__) + +static pthread_mutex_t _sodium_lock = PTHREAD_MUTEX_INITIALIZER; + +int +sodium_crit_enter(void) +{ + int ret; + + if ((ret = pthread_mutex_lock(&_sodium_lock)) == 0) { + assert(locked == 0); + locked = 1; + } + return ret; +} + +int +sodium_crit_leave(void) +{ + if (locked == 0) { +# ifdef EPERM + errno = EPERM; +# endif + return -1; + } + locked = 0; + + return pthread_mutex_unlock(&_sodium_lock); +} + +#elif defined(HAVE_ATOMIC_OPS) && !defined(__EMSCRIPTEN__) && !defined(__native_client__) + +static volatile int _sodium_lock; + +int +sodium_crit_enter(void) +{ +# ifdef HAVE_NANOSLEEP + struct timespec q; + memset(&q, 0, sizeof q); +# endif + while (__sync_lock_test_and_set(&_sodium_lock, 1) != 0) { +# ifdef HAVE_NANOSLEEP + (void) nanosleep(&q, NULL); +# elif defined(__x86_64__) || defined(__i386__) + __asm__ __volatile__ ("pause"); +# endif + } + return 0; +} + +int +sodium_crit_leave(void) +{ + __sync_lock_release(&_sodium_lock); + + return 0; +} + +#else + +int +sodium_crit_enter(void) +{ + return 0; +} + +int +sodium_crit_leave(void) +{ + return 0; +} + +#endif + +static void (*_misuse_handler)(void); + +void +sodium_misuse(void) +{ + void (*handler)(void); + + (void) sodium_crit_leave(); + if (sodium_crit_enter() == 0) { + handler = _misuse_handler; + if (handler != NULL) { + handler(); + } + } +/* LCOV_EXCL_START */ + abort(); +} +/* LCOV_EXCL_STOP */ + +int +sodium_set_misuse_handler(void (*handler)(void)) +{ + if (sodium_crit_enter() != 0) { + return -1; /* LCOV_EXCL_LINE */ + } + _misuse_handler = handler; + if (sodium_crit_leave() != 0) { + return -1; /* LCOV_EXCL_LINE */ + } + return 0; +} diff --git a/windows/sodium/core.h b/sodium/sodium_core.h similarity index 55% rename from windows/sodium/core.h rename to sodium/sodium_core.h index 3ca44762..29481a0d 100644 --- a/windows/sodium/core.h +++ b/sodium/sodium_core.h @@ -2,16 +2,22 @@ #ifndef sodium_core_H #define sodium_core_H -#include "export.h" +#include "sodium_export.h" #ifdef __cplusplus extern "C" { #endif -SODIUM_EXPORT int sodium_init(void) __attribute__ ((warn_unused_result)); +/* ---- */ + +int sodium_set_misuse_handler(void (*handler)(void)); + +void sodium_misuse(void) + __attribute__ ((noreturn)); + #ifdef __cplusplus } #endif diff --git a/sodium/sodium_core_ed25519.c b/sodium/sodium_core_ed25519.c new file mode 100644 index 00000000..c8a0d037 --- /dev/null +++ b/sodium/sodium_core_ed25519.c @@ -0,0 +1,195 @@ + +#include + +#include "sodium_crypto_core_ed25519.h" +#include "sodium_private_common.h" +#include "sodium_private_ed25519_ref10.h" +#include "sodium_randombytes.h" +#include "sodium_utils.h" + +int +crypto_core_ed25519_is_valid_point(const unsigned char *p) +{ + ge25519_p3 p_p3; + + if (ge25519_is_canonical(p) == 0 || + ge25519_has_small_order(p) != 0 || + ge25519_frombytes(&p_p3, p) != 0 || + ge25519_is_on_curve(&p_p3) == 0 || + ge25519_is_on_main_subgroup(&p_p3) == 0) { + return 0; + } + return 1; +} + +int +crypto_core_ed25519_add(unsigned char *r, + const unsigned char *p, const unsigned char *q) +{ + ge25519_p3 p_p3, q_p3, r_p3; + ge25519_p1p1 r_p1p1; + ge25519_cached q_cached; + + if (ge25519_frombytes(&p_p3, p) != 0 || ge25519_is_on_curve(&p_p3) == 0 || + ge25519_frombytes(&q_p3, q) != 0 || ge25519_is_on_curve(&q_p3) == 0) { + return -1; + } + ge25519_p3_to_cached(&q_cached, &q_p3); + ge25519_add(&r_p1p1, &p_p3, &q_cached); + ge25519_p1p1_to_p3(&r_p3, &r_p1p1); + ge25519_p3_tobytes(r, &r_p3); + + return 0; +} + +int +crypto_core_ed25519_sub(unsigned char *r, + const unsigned char *p, const unsigned char *q) +{ + ge25519_p3 p_p3, q_p3, r_p3; + ge25519_p1p1 r_p1p1; + ge25519_cached q_cached; + + if (ge25519_frombytes(&p_p3, p) != 0 || ge25519_is_on_curve(&p_p3) == 0 || + ge25519_frombytes(&q_p3, q) != 0 || ge25519_is_on_curve(&q_p3) == 0) { + return -1; + } + ge25519_p3_to_cached(&q_cached, &q_p3); + ge25519_sub(&r_p1p1, &p_p3, &q_cached); + ge25519_p1p1_to_p3(&r_p3, &r_p1p1); + ge25519_p3_tobytes(r, &r_p3); + + return 0; +} + +int +crypto_core_ed25519_from_uniform(unsigned char *p, const unsigned char *r) +{ + ge25519_from_uniform(p, r); + + return - ge25519_has_small_order(p); +} + +void +crypto_core_ed25519_scalar_random(unsigned char *r) +{ + do { + randombytes_buf(r, crypto_core_ed25519_SCALARBYTES); + r[crypto_core_ed25519_SCALARBYTES - 1] &= 0x1f; + } while (sc25519_is_canonical(r) == 0 || + sodium_is_zero(r, crypto_core_ed25519_SCALARBYTES)); +} + +int +crypto_core_ed25519_scalar_invert(unsigned char *recip, const unsigned char *s) +{ + sc25519_invert(recip, s); + + return - sodium_is_zero(s, crypto_core_ed25519_SCALARBYTES); +} + +/* 2^252+27742317777372353535851937790883648493 */ +static const unsigned char L[] = { + 0xed, 0xd3, 0xf5, 0x5c, 0x1a, 0x63, 0x12, 0x58, 0xd6, 0x9c, 0xf7, + 0xa2, 0xde, 0xf9, 0xde, 0x14, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x10 +}; + +void +crypto_core_ed25519_scalar_negate(unsigned char *neg, const unsigned char *s) +{ + unsigned char t_[crypto_core_ed25519_NONREDUCEDSCALARBYTES]; + unsigned char s_[crypto_core_ed25519_NONREDUCEDSCALARBYTES]; + + COMPILER_ASSERT(crypto_core_ed25519_NONREDUCEDSCALARBYTES >= + 2 * crypto_core_ed25519_SCALARBYTES); + memset(t_, 0, sizeof t_); + memset(s_, 0, sizeof s_); + memcpy(t_ + crypto_core_ed25519_SCALARBYTES, L, + crypto_core_ed25519_SCALARBYTES); + memcpy(s_, s, crypto_core_ed25519_SCALARBYTES); + sodium_sub(t_, s_, sizeof t_); + sc25519_reduce(t_); + memcpy(neg, t_, crypto_core_ed25519_SCALARBYTES); +} + +void +crypto_core_ed25519_scalar_complement(unsigned char *comp, + const unsigned char *s) +{ + unsigned char t_[crypto_core_ed25519_NONREDUCEDSCALARBYTES]; + unsigned char s_[crypto_core_ed25519_NONREDUCEDSCALARBYTES]; + + COMPILER_ASSERT(crypto_core_ed25519_NONREDUCEDSCALARBYTES >= + 2 * crypto_core_ed25519_SCALARBYTES); + memset(t_, 0, sizeof t_); + memset(s_, 0, sizeof s_); + t_[0]++; + memcpy(t_ + crypto_core_ed25519_SCALARBYTES, L, + crypto_core_ed25519_SCALARBYTES); + memcpy(s_, s, crypto_core_ed25519_SCALARBYTES); + sodium_sub(t_, s_, sizeof t_); + sc25519_reduce(t_); + memcpy(comp, t_, crypto_core_ed25519_SCALARBYTES); +} + +void +crypto_core_ed25519_scalar_add(unsigned char *z, const unsigned char *x, + const unsigned char *y) +{ + unsigned char x_[crypto_core_ed25519_NONREDUCEDSCALARBYTES]; + unsigned char y_[crypto_core_ed25519_NONREDUCEDSCALARBYTES]; + + memset(x_, 0, sizeof x_); + memset(y_, 0, sizeof y_); + memcpy(x_, x, crypto_core_ed25519_SCALARBYTES); + memcpy(y_, y, crypto_core_ed25519_SCALARBYTES); + sodium_add(x_, y_, crypto_core_ed25519_SCALARBYTES); + crypto_core_ed25519_scalar_reduce(z, x_); +} + +void +crypto_core_ed25519_scalar_sub(unsigned char *z, const unsigned char *x, + const unsigned char *y) +{ + unsigned char yn[crypto_core_ed25519_SCALARBYTES]; + + crypto_core_ed25519_scalar_negate(yn, y); + crypto_core_ed25519_scalar_add(z, x, yn); +} + +void +crypto_core_ed25519_scalar_reduce(unsigned char *r, + const unsigned char *s) +{ + unsigned char t[crypto_core_ed25519_NONREDUCEDSCALARBYTES]; + + memcpy(t, s, sizeof t); + sc25519_reduce(t); + memcpy(r, t, crypto_core_ed25519_SCALARBYTES); + sodium_memzero(t, sizeof t); +} + +size_t +crypto_core_ed25519_bytes(void) +{ + return crypto_core_ed25519_BYTES; +} + +size_t +crypto_core_ed25519_nonreducedscalarbytes(void) +{ + return crypto_core_ed25519_NONREDUCEDSCALARBYTES; +} + +size_t +crypto_core_ed25519_uniformbytes(void) +{ + return crypto_core_ed25519_UNIFORMBYTES; +} + +size_t +crypto_core_ed25519_scalarbytes(void) +{ + return crypto_core_ed25519_SCALARBYTES; +} diff --git a/sodium/sodium_core_hchacha20.c b/sodium/sodium_core_hchacha20.c new file mode 100644 index 00000000..1c2437b2 --- /dev/null +++ b/sodium/sodium_core_hchacha20.c @@ -0,0 +1,93 @@ + +#include +#include + +#include "sodium_crypto_core_hchacha20.h" +#include "sodium_private_common.h" + +#define QUARTERROUND(A, B, C, D) \ + do { \ + A += B; D = ROTL32(D ^ A, 16); \ + C += D; B = ROTL32(B ^ C, 12); \ + A += B; D = ROTL32(D ^ A, 8); \ + C += D; B = ROTL32(B ^ C, 7); \ + } while(0) + +int +crypto_core_hchacha20(unsigned char *out, const unsigned char *in, + const unsigned char *k, const unsigned char *c) +{ + int i; + uint32_t x0, x1, x2, x3, x4, x5, x6, x7; + uint32_t x8, x9, x10, x11, x12, x13, x14, x15; + + if (c == NULL) { + x0 = 0x61707865; + x1 = 0x3320646e; + x2 = 0x79622d32; + x3 = 0x6b206574; + } else { + x0 = LOAD32_LE(c + 0); + x1 = LOAD32_LE(c + 4); + x2 = LOAD32_LE(c + 8); + x3 = LOAD32_LE(c + 12); + } + x4 = LOAD32_LE(k + 0); + x5 = LOAD32_LE(k + 4); + x6 = LOAD32_LE(k + 8); + x7 = LOAD32_LE(k + 12); + x8 = LOAD32_LE(k + 16); + x9 = LOAD32_LE(k + 20); + x10 = LOAD32_LE(k + 24); + x11 = LOAD32_LE(k + 28); + x12 = LOAD32_LE(in + 0); + x13 = LOAD32_LE(in + 4); + x14 = LOAD32_LE(in + 8); + x15 = LOAD32_LE(in + 12); + + for (i = 0; i < 10; i++) { + QUARTERROUND(x0, x4, x8, x12); + QUARTERROUND(x1, x5, x9, x13); + QUARTERROUND(x2, x6, x10, x14); + QUARTERROUND(x3, x7, x11, x15); + QUARTERROUND(x0, x5, x10, x15); + QUARTERROUND(x1, x6, x11, x12); + QUARTERROUND(x2, x7, x8, x13); + QUARTERROUND(x3, x4, x9, x14); + } + + STORE32_LE(out + 0, x0); + STORE32_LE(out + 4, x1); + STORE32_LE(out + 8, x2); + STORE32_LE(out + 12, x3); + STORE32_LE(out + 16, x12); + STORE32_LE(out + 20, x13); + STORE32_LE(out + 24, x14); + STORE32_LE(out + 28, x15); + + return 0; +} + +size_t +crypto_core_hchacha20_outputbytes(void) +{ + return crypto_core_hchacha20_OUTPUTBYTES; +} + +size_t +crypto_core_hchacha20_inputbytes(void) +{ + return crypto_core_hchacha20_INPUTBYTES; +} + +size_t +crypto_core_hchacha20_keybytes(void) +{ + return crypto_core_hchacha20_KEYBYTES; +} + +size_t +crypto_core_hchacha20_constbytes(void) +{ + return crypto_core_hchacha20_CONSTBYTES; +} diff --git a/sodium/sodium_core_hsalsa20.c b/sodium/sodium_core_hsalsa20.c new file mode 100644 index 00000000..3050ac1e --- /dev/null +++ b/sodium/sodium_core_hsalsa20.c @@ -0,0 +1,21 @@ +#include "sodium_crypto_core_hsalsa20.h" + +size_t +crypto_core_hsalsa20_outputbytes(void) { + return crypto_core_hsalsa20_OUTPUTBYTES; +} + +size_t +crypto_core_hsalsa20_inputbytes(void) { + return crypto_core_hsalsa20_INPUTBYTES; +} + +size_t +crypto_core_hsalsa20_keybytes(void) { + return crypto_core_hsalsa20_KEYBYTES; +} + +size_t +crypto_core_hsalsa20_constbytes(void) { + return crypto_core_hsalsa20_CONSTBYTES; +} diff --git a/sodium/sodium_core_hsalsa20_ref2.c b/sodium/sodium_core_hsalsa20_ref2.c new file mode 100644 index 00000000..52523ec9 --- /dev/null +++ b/sodium/sodium_core_hsalsa20_ref2.c @@ -0,0 +1,95 @@ +/* +version 20080912 +D. J. Bernstein +Public domain. +*/ + +#include +#include + +#include "sodium_crypto_core_hsalsa20.h" +#include "sodium_private_common.h" + +#define ROUNDS 20 +#define U32C(v) (v##U) + +int +crypto_core_hsalsa20(unsigned char *out, + const unsigned char *in, + const unsigned char *k, + const unsigned char *c) +{ + uint32_t x0, x1, x2, x3, x4, x5, x6, x7, x8, + x9, x10, x11, x12, x13, x14, x15; + int i; + + if (c == NULL) { + x0 = U32C(0x61707865); + x5 = U32C(0x3320646e); + x10 = U32C(0x79622d32); + x15 = U32C(0x6b206574); + } else { + x0 = LOAD32_LE(c + 0); + x5 = LOAD32_LE(c + 4); + x10 = LOAD32_LE(c + 8); + x15 = LOAD32_LE(c + 12); + } + x1 = LOAD32_LE(k + 0); + x2 = LOAD32_LE(k + 4); + x3 = LOAD32_LE(k + 8); + x4 = LOAD32_LE(k + 12); + x11 = LOAD32_LE(k + 16); + x12 = LOAD32_LE(k + 20); + x13 = LOAD32_LE(k + 24); + x14 = LOAD32_LE(k + 28); + x6 = LOAD32_LE(in + 0); + x7 = LOAD32_LE(in + 4); + x8 = LOAD32_LE(in + 8); + x9 = LOAD32_LE(in + 12); + + for (i = ROUNDS; i > 0; i -= 2) { + x4 ^= ROTL32(x0 + x12, 7); + x8 ^= ROTL32(x4 + x0, 9); + x12 ^= ROTL32(x8 + x4, 13); + x0 ^= ROTL32(x12 + x8, 18); + x9 ^= ROTL32(x5 + x1, 7); + x13 ^= ROTL32(x9 + x5, 9); + x1 ^= ROTL32(x13 + x9, 13); + x5 ^= ROTL32(x1 + x13, 18); + x14 ^= ROTL32(x10 + x6, 7); + x2 ^= ROTL32(x14 + x10, 9); + x6 ^= ROTL32(x2 + x14, 13); + x10 ^= ROTL32(x6 + x2, 18); + x3 ^= ROTL32(x15 + x11, 7); + x7 ^= ROTL32(x3 + x15, 9); + x11 ^= ROTL32(x7 + x3, 13); + x15 ^= ROTL32(x11 + x7, 18); + x1 ^= ROTL32(x0 + x3, 7); + x2 ^= ROTL32(x1 + x0, 9); + x3 ^= ROTL32(x2 + x1, 13); + x0 ^= ROTL32(x3 + x2, 18); + x6 ^= ROTL32(x5 + x4, 7); + x7 ^= ROTL32(x6 + x5, 9); + x4 ^= ROTL32(x7 + x6, 13); + x5 ^= ROTL32(x4 + x7, 18); + x11 ^= ROTL32(x10 + x9, 7); + x8 ^= ROTL32(x11 + x10, 9); + x9 ^= ROTL32(x8 + x11, 13); + x10 ^= ROTL32(x9 + x8, 18); + x12 ^= ROTL32(x15 + x14, 7); + x13 ^= ROTL32(x12 + x15, 9); + x14 ^= ROTL32(x13 + x12, 13); + x15 ^= ROTL32(x14 + x13, 18); + } + + STORE32_LE(out + 0, x0); + STORE32_LE(out + 4, x5); + STORE32_LE(out + 8, x10); + STORE32_LE(out + 12, x15); + STORE32_LE(out + 16, x6); + STORE32_LE(out + 20, x7); + STORE32_LE(out + 24, x8); + STORE32_LE(out + 28, x9); + + return 0; +} diff --git a/sodium/sodium_core_salsa_ref.c b/sodium/sodium_core_salsa_ref.c new file mode 100644 index 00000000..be0b4108 --- /dev/null +++ b/sodium/sodium_core_salsa_ref.c @@ -0,0 +1,195 @@ + +#include +#include + +#include "sodium_crypto_core_salsa20.h" +#include "sodium_crypto_core_salsa2012.h" +#include "sodium_crypto_core_salsa208.h" +#include "sodium_private_common.h" + +static void +crypto_core_salsa(unsigned char *out, const unsigned char *in, + const unsigned char *k, const unsigned char *c, + const int rounds) +{ + uint32_t x0, x1, x2, x3, x4, x5, x6, x7, x8, x9, x10, x11, x12, x13, x14, + x15; + uint32_t j0, j1, j2, j3, j4, j5, j6, j7, j8, j9, j10, j11, j12, j13, j14, + j15; + int i; + + j0 = x0 = 0x61707865; + j5 = x5 = 0x3320646e; + j10 = x10 = 0x79622d32; + j15 = x15 = 0x6b206574; + if (c != NULL) { + j0 = x0 = LOAD32_LE(c + 0); + j5 = x5 = LOAD32_LE(c + 4); + j10 = x10 = LOAD32_LE(c + 8); + j15 = x15 = LOAD32_LE(c + 12); + } + j1 = x1 = LOAD32_LE(k + 0); + j2 = x2 = LOAD32_LE(k + 4); + j3 = x3 = LOAD32_LE(k + 8); + j4 = x4 = LOAD32_LE(k + 12); + j11 = x11 = LOAD32_LE(k + 16); + j12 = x12 = LOAD32_LE(k + 20); + j13 = x13 = LOAD32_LE(k + 24); + j14 = x14 = LOAD32_LE(k + 28); + + j6 = x6 = LOAD32_LE(in + 0); + j7 = x7 = LOAD32_LE(in + 4); + j8 = x8 = LOAD32_LE(in + 8); + j9 = x9 = LOAD32_LE(in + 12); + + for (i = 0; i < rounds; i += 2) { + x4 ^= ROTL32(x0 + x12, 7); + x8 ^= ROTL32(x4 + x0, 9); + x12 ^= ROTL32(x8 + x4, 13); + x0 ^= ROTL32(x12 + x8, 18); + x9 ^= ROTL32(x5 + x1, 7); + x13 ^= ROTL32(x9 + x5, 9); + x1 ^= ROTL32(x13 + x9, 13); + x5 ^= ROTL32(x1 + x13, 18); + x14 ^= ROTL32(x10 + x6, 7); + x2 ^= ROTL32(x14 + x10, 9); + x6 ^= ROTL32(x2 + x14, 13); + x10 ^= ROTL32(x6 + x2, 18); + x3 ^= ROTL32(x15 + x11, 7); + x7 ^= ROTL32(x3 + x15, 9); + x11 ^= ROTL32(x7 + x3, 13); + x15 ^= ROTL32(x11 + x7, 18); + x1 ^= ROTL32(x0 + x3, 7); + x2 ^= ROTL32(x1 + x0, 9); + x3 ^= ROTL32(x2 + x1, 13); + x0 ^= ROTL32(x3 + x2, 18); + x6 ^= ROTL32(x5 + x4, 7); + x7 ^= ROTL32(x6 + x5, 9); + x4 ^= ROTL32(x7 + x6, 13); + x5 ^= ROTL32(x4 + x7, 18); + x11 ^= ROTL32(x10 + x9, 7); + x8 ^= ROTL32(x11 + x10, 9); + x9 ^= ROTL32(x8 + x11, 13); + x10 ^= ROTL32(x9 + x8, 18); + x12 ^= ROTL32(x15 + x14, 7); + x13 ^= ROTL32(x12 + x15, 9); + x14 ^= ROTL32(x13 + x12, 13); + x15 ^= ROTL32(x14 + x13, 18); + } + STORE32_LE(out + 0, x0 + j0); + STORE32_LE(out + 4, x1 + j1); + STORE32_LE(out + 8, x2 + j2); + STORE32_LE(out + 12, x3 + j3); + STORE32_LE(out + 16, x4 + j4); + STORE32_LE(out + 20, x5 + j5); + STORE32_LE(out + 24, x6 + j6); + STORE32_LE(out + 28, x7 + j7); + STORE32_LE(out + 32, x8 + j8); + STORE32_LE(out + 36, x9 + j9); + STORE32_LE(out + 40, x10 + j10); + STORE32_LE(out + 44, x11 + j11); + STORE32_LE(out + 48, x12 + j12); + STORE32_LE(out + 52, x13 + j13); + STORE32_LE(out + 56, x14 + j14); + STORE32_LE(out + 60, x15 + j15); +} + +int +crypto_core_salsa20(unsigned char *out, const unsigned char *in, + const unsigned char *k, const unsigned char *c) +{ + crypto_core_salsa(out, in, k, c, 20); + return 0; +} + +size_t +crypto_core_salsa20_outputbytes(void) +{ + return crypto_core_salsa20_OUTPUTBYTES; +} + +size_t +crypto_core_salsa20_inputbytes(void) +{ + return crypto_core_salsa20_INPUTBYTES; +} + +size_t +crypto_core_salsa20_keybytes(void) +{ + return crypto_core_salsa20_KEYBYTES; +} + +size_t +crypto_core_salsa20_constbytes(void) +{ + return crypto_core_salsa20_CONSTBYTES; +} + +#ifndef MINIMAL + +int +crypto_core_salsa2012(unsigned char *out, const unsigned char *in, + const unsigned char *k, const unsigned char *c) +{ + crypto_core_salsa(out, in, k, c, 12); + return 0; +} + +size_t +crypto_core_salsa2012_outputbytes(void) +{ + return crypto_core_salsa2012_OUTPUTBYTES; +} + +size_t +crypto_core_salsa2012_inputbytes(void) +{ + return crypto_core_salsa2012_INPUTBYTES; +} + +size_t +crypto_core_salsa2012_keybytes(void) +{ + return crypto_core_salsa2012_KEYBYTES; +} + +size_t +crypto_core_salsa2012_constbytes(void) +{ + return crypto_core_salsa2012_CONSTBYTES; +} + +int +crypto_core_salsa208(unsigned char *out, const unsigned char *in, + const unsigned char *k, const unsigned char *c) +{ + crypto_core_salsa(out, in, k, c, 8); + return 0; +} + +size_t +crypto_core_salsa208_outputbytes(void) +{ + return crypto_core_salsa208_OUTPUTBYTES; +} + +size_t +crypto_core_salsa208_inputbytes(void) +{ + return crypto_core_salsa208_INPUTBYTES; +} + +size_t +crypto_core_salsa208_keybytes(void) +{ + return crypto_core_salsa208_KEYBYTES; +} + +size_t +crypto_core_salsa208_constbytes(void) +{ + return crypto_core_salsa208_CONSTBYTES; +} + +#endif diff --git a/windows/sodium/crypto_aead_chacha20poly1305.h b/sodium/sodium_crypto_aead_chacha20poly1305.h similarity index 79% rename from windows/sodium/crypto_aead_chacha20poly1305.h rename to sodium/sodium_crypto_aead_chacha20poly1305.h index 0bbc6885..d037be8f 100644 --- a/windows/sodium/crypto_aead_chacha20poly1305.h +++ b/sodium/sodium_crypto_aead_chacha20poly1305.h @@ -2,7 +2,8 @@ #define crypto_aead_chacha20poly1305_H #include -#include "export.h" + +#include "sodium_export.h" #ifdef __cplusplus # ifdef __GNUC__ @@ -14,23 +15,23 @@ extern "C" { /* -- IETF ChaCha20-Poly1305 construction with a 96-bit nonce and a 32-bit internal counter -- */ #define crypto_aead_chacha20poly1305_ietf_KEYBYTES 32U -SODIUM_EXPORT size_t crypto_aead_chacha20poly1305_ietf_keybytes(void); #define crypto_aead_chacha20poly1305_ietf_NSECBYTES 0U -SODIUM_EXPORT size_t crypto_aead_chacha20poly1305_ietf_nsecbytes(void); #define crypto_aead_chacha20poly1305_ietf_NPUBBYTES 12U -SODIUM_EXPORT size_t crypto_aead_chacha20poly1305_ietf_npubbytes(void); #define crypto_aead_chacha20poly1305_ietf_ABYTES 16U -SODIUM_EXPORT size_t crypto_aead_chacha20poly1305_ietf_abytes(void); -SODIUM_EXPORT +#define crypto_aead_chacha20poly1305_ietf_MESSAGEBYTES_MAX \ + SODIUM_MIN(SODIUM_SIZE_MAX - crypto_aead_chacha20poly1305_ietf_ABYTES, \ + (64ULL * ((1ULL << 32) - 1ULL))) +size_t crypto_aead_chacha20poly1305_ietf_messagebytes_max(void); + int crypto_aead_chacha20poly1305_ietf_encrypt(unsigned char *c, unsigned long long *clen_p, const unsigned char *m, @@ -39,9 +40,9 @@ int crypto_aead_chacha20poly1305_ietf_encrypt(unsigned char *c, unsigned long long adlen, const unsigned char *nsec, const unsigned char *npub, - const unsigned char *k); + const unsigned char *k) + __attribute__ ((nonnull(1, 8, 9))); -SODIUM_EXPORT int crypto_aead_chacha20poly1305_ietf_decrypt(unsigned char *m, unsigned long long *mlen_p, unsigned char *nsec, @@ -51,9 +52,8 @@ int crypto_aead_chacha20poly1305_ietf_decrypt(unsigned char *m, unsigned long long adlen, const unsigned char *npub, const unsigned char *k) - __attribute__ ((warn_unused_result)); + __attribute__ ((warn_unused_result)) __attribute__ ((nonnull(4, 8, 9))); -SODIUM_EXPORT int crypto_aead_chacha20poly1305_ietf_encrypt_detached(unsigned char *c, unsigned char *mac, unsigned long long *maclen_p, @@ -63,9 +63,9 @@ int crypto_aead_chacha20poly1305_ietf_encrypt_detached(unsigned char *c, unsigned long long adlen, const unsigned char *nsec, const unsigned char *npub, - const unsigned char *k); + const unsigned char *k) + __attribute__ ((nonnull(1, 2, 9, 10))); -SODIUM_EXPORT int crypto_aead_chacha20poly1305_ietf_decrypt_detached(unsigned char *m, unsigned char *nsec, const unsigned char *c, @@ -75,30 +75,29 @@ int crypto_aead_chacha20poly1305_ietf_decrypt_detached(unsigned char *m, unsigned long long adlen, const unsigned char *npub, const unsigned char *k) - __attribute__ ((warn_unused_result)); + __attribute__ ((warn_unused_result)) __attribute__ ((nonnull(3, 5, 8, 9))); -SODIUM_EXPORT -void crypto_aead_chacha20poly1305_ietf_keygen(unsigned char k[crypto_aead_chacha20poly1305_ietf_KEYBYTES]); +void crypto_aead_chacha20poly1305_ietf_keygen(unsigned char k[crypto_aead_chacha20poly1305_ietf_KEYBYTES]) + __attribute__ ((nonnull)); /* -- Original ChaCha20-Poly1305 construction with a 64-bit nonce and a 64-bit internal counter -- */ #define crypto_aead_chacha20poly1305_KEYBYTES 32U -SODIUM_EXPORT size_t crypto_aead_chacha20poly1305_keybytes(void); #define crypto_aead_chacha20poly1305_NSECBYTES 0U -SODIUM_EXPORT size_t crypto_aead_chacha20poly1305_nsecbytes(void); #define crypto_aead_chacha20poly1305_NPUBBYTES 8U -SODIUM_EXPORT size_t crypto_aead_chacha20poly1305_npubbytes(void); #define crypto_aead_chacha20poly1305_ABYTES 16U -SODIUM_EXPORT size_t crypto_aead_chacha20poly1305_abytes(void); -SODIUM_EXPORT +#define crypto_aead_chacha20poly1305_MESSAGEBYTES_MAX \ + (SODIUM_SIZE_MAX - crypto_aead_chacha20poly1305_ABYTES) +size_t crypto_aead_chacha20poly1305_messagebytes_max(void); + int crypto_aead_chacha20poly1305_encrypt(unsigned char *c, unsigned long long *clen_p, const unsigned char *m, @@ -107,9 +106,9 @@ int crypto_aead_chacha20poly1305_encrypt(unsigned char *c, unsigned long long adlen, const unsigned char *nsec, const unsigned char *npub, - const unsigned char *k); + const unsigned char *k) + __attribute__ ((nonnull(1, 8, 9))); -SODIUM_EXPORT int crypto_aead_chacha20poly1305_decrypt(unsigned char *m, unsigned long long *mlen_p, unsigned char *nsec, @@ -119,9 +118,8 @@ int crypto_aead_chacha20poly1305_decrypt(unsigned char *m, unsigned long long adlen, const unsigned char *npub, const unsigned char *k) - __attribute__ ((warn_unused_result)); + __attribute__ ((warn_unused_result)) __attribute__ ((nonnull(4, 8, 9))); -SODIUM_EXPORT int crypto_aead_chacha20poly1305_encrypt_detached(unsigned char *c, unsigned char *mac, unsigned long long *maclen_p, @@ -131,9 +129,9 @@ int crypto_aead_chacha20poly1305_encrypt_detached(unsigned char *c, unsigned long long adlen, const unsigned char *nsec, const unsigned char *npub, - const unsigned char *k); + const unsigned char *k) + __attribute__ ((nonnull(1, 2, 9, 10))); -SODIUM_EXPORT int crypto_aead_chacha20poly1305_decrypt_detached(unsigned char *m, unsigned char *nsec, const unsigned char *c, @@ -143,17 +141,18 @@ int crypto_aead_chacha20poly1305_decrypt_detached(unsigned char *m, unsigned long long adlen, const unsigned char *npub, const unsigned char *k) - __attribute__ ((warn_unused_result)); + __attribute__ ((warn_unused_result)) __attribute__ ((nonnull(3, 5, 8, 9))); -SODIUM_EXPORT -void crypto_aead_chacha20poly1305_keygen(unsigned char k[crypto_aead_chacha20poly1305_KEYBYTES]); +void crypto_aead_chacha20poly1305_keygen(unsigned char k[crypto_aead_chacha20poly1305_KEYBYTES]) + __attribute__ ((nonnull)); /* Aliases */ -#define crypto_aead_chacha20poly1305_IETF_KEYBYTES crypto_aead_chacha20poly1305_ietf_KEYBYTES -#define crypto_aead_chacha20poly1305_IETF_NSECBYTES crypto_aead_chacha20poly1305_ietf_NSECBYTES -#define crypto_aead_chacha20poly1305_IETF_NPUBBYTES crypto_aead_chacha20poly1305_ietf_NPUBBYTES -#define crypto_aead_chacha20poly1305_IETF_ABYTES crypto_aead_chacha20poly1305_ietf_ABYTES +#define crypto_aead_chacha20poly1305_IETF_KEYBYTES crypto_aead_chacha20poly1305_ietf_KEYBYTES +#define crypto_aead_chacha20poly1305_IETF_NSECBYTES crypto_aead_chacha20poly1305_ietf_NSECBYTES +#define crypto_aead_chacha20poly1305_IETF_NPUBBYTES crypto_aead_chacha20poly1305_ietf_NPUBBYTES +#define crypto_aead_chacha20poly1305_IETF_ABYTES crypto_aead_chacha20poly1305_ietf_ABYTES +#define crypto_aead_chacha20poly1305_IETF_MESSAGEBYTES_MAX crypto_aead_chacha20poly1305_ietf_MESSAGEBYTES_MAX #ifdef __cplusplus } diff --git a/windows/sodium/crypto_aead_xchacha20poly1305.h b/sodium/sodium_crypto_aead_xchacha20poly1305.h similarity index 76% rename from windows/sodium/crypto_aead_xchacha20poly1305.h rename to sodium/sodium_crypto_aead_xchacha20poly1305.h index f863ce88..5a099a24 100644 --- a/windows/sodium/crypto_aead_xchacha20poly1305.h +++ b/sodium/sodium_crypto_aead_xchacha20poly1305.h @@ -2,7 +2,8 @@ #define crypto_aead_xchacha20poly1305_H #include -#include "export.h" + +#include "sodium_export.h" #ifdef __cplusplus # ifdef __GNUC__ @@ -12,22 +13,21 @@ extern "C" { #endif #define crypto_aead_xchacha20poly1305_ietf_KEYBYTES 32U -SODIUM_EXPORT size_t crypto_aead_xchacha20poly1305_ietf_keybytes(void); #define crypto_aead_xchacha20poly1305_ietf_NSECBYTES 0U -SODIUM_EXPORT size_t crypto_aead_xchacha20poly1305_ietf_nsecbytes(void); #define crypto_aead_xchacha20poly1305_ietf_NPUBBYTES 24U -SODIUM_EXPORT size_t crypto_aead_xchacha20poly1305_ietf_npubbytes(void); #define crypto_aead_xchacha20poly1305_ietf_ABYTES 16U -SODIUM_EXPORT size_t crypto_aead_xchacha20poly1305_ietf_abytes(void); -SODIUM_EXPORT +#define crypto_aead_xchacha20poly1305_ietf_MESSAGEBYTES_MAX \ + (SODIUM_SIZE_MAX - crypto_aead_xchacha20poly1305_ietf_ABYTES) +size_t crypto_aead_xchacha20poly1305_ietf_messagebytes_max(void); + int crypto_aead_xchacha20poly1305_ietf_encrypt(unsigned char *c, unsigned long long *clen_p, const unsigned char *m, @@ -36,9 +36,9 @@ int crypto_aead_xchacha20poly1305_ietf_encrypt(unsigned char *c, unsigned long long adlen, const unsigned char *nsec, const unsigned char *npub, - const unsigned char *k); + const unsigned char *k) + __attribute__ ((nonnull(1, 8, 9))); -SODIUM_EXPORT int crypto_aead_xchacha20poly1305_ietf_decrypt(unsigned char *m, unsigned long long *mlen_p, unsigned char *nsec, @@ -48,9 +48,8 @@ int crypto_aead_xchacha20poly1305_ietf_decrypt(unsigned char *m, unsigned long long adlen, const unsigned char *npub, const unsigned char *k) - __attribute__ ((warn_unused_result)); + __attribute__ ((warn_unused_result)) __attribute__ ((nonnull(4, 8, 9))); -SODIUM_EXPORT int crypto_aead_xchacha20poly1305_ietf_encrypt_detached(unsigned char *c, unsigned char *mac, unsigned long long *maclen_p, @@ -60,9 +59,9 @@ int crypto_aead_xchacha20poly1305_ietf_encrypt_detached(unsigned char *c, unsigned long long adlen, const unsigned char *nsec, const unsigned char *npub, - const unsigned char *k); + const unsigned char *k) + __attribute__ ((nonnull(1, 2, 9, 10))); -SODIUM_EXPORT int crypto_aead_xchacha20poly1305_ietf_decrypt_detached(unsigned char *m, unsigned char *nsec, const unsigned char *c, @@ -72,17 +71,18 @@ int crypto_aead_xchacha20poly1305_ietf_decrypt_detached(unsigned char *m, unsigned long long adlen, const unsigned char *npub, const unsigned char *k) - __attribute__ ((warn_unused_result)); + __attribute__ ((warn_unused_result)) __attribute__ ((nonnull(3, 5, 9, 9))); -SODIUM_EXPORT -void crypto_aead_xchacha20poly1305_ietf_keygen(unsigned char k[crypto_aead_xchacha20poly1305_ietf_KEYBYTES]); +void crypto_aead_xchacha20poly1305_ietf_keygen(unsigned char k[crypto_aead_xchacha20poly1305_ietf_KEYBYTES]) + __attribute__ ((nonnull)); /* Aliases */ -#define crypto_aead_xchacha20poly1305_IETF_KEYBYTES crypto_aead_xchacha20poly1305_ietf_KEYBYTES -#define crypto_aead_xchacha20poly1305_IETF_NSECBYTES crypto_aead_xchacha20poly1305_ietf_NSECBYTES -#define crypto_aead_xchacha20poly1305_IETF_NPUBBYTES crypto_aead_xchacha20poly1305_ietf_NPUBBYTES -#define crypto_aead_xchacha20poly1305_IETF_ABYTES crypto_aead_xchacha20poly1305_ietf_ABYTES +#define crypto_aead_xchacha20poly1305_IETF_KEYBYTES crypto_aead_xchacha20poly1305_ietf_KEYBYTES +#define crypto_aead_xchacha20poly1305_IETF_NSECBYTES crypto_aead_xchacha20poly1305_ietf_NSECBYTES +#define crypto_aead_xchacha20poly1305_IETF_NPUBBYTES crypto_aead_xchacha20poly1305_ietf_NPUBBYTES +#define crypto_aead_xchacha20poly1305_IETF_ABYTES crypto_aead_xchacha20poly1305_ietf_ABYTES +#define crypto_aead_xchacha20poly1305_IETF_MESSAGEBYTES_MAX crypto_aead_xchacha20poly1305_ietf_MESSAGEBYTES_MAX #ifdef __cplusplus } diff --git a/windows/sodium/crypto_auth.h b/sodium/sodium_crypto_auth.h similarity index 72% rename from windows/sodium/crypto_auth.h rename to sodium/sodium_crypto_auth.h index 7174e7bc..b434a4f5 100644 --- a/windows/sodium/crypto_auth.h +++ b/sodium/sodium_crypto_auth.h @@ -3,8 +3,8 @@ #include -#include "crypto_auth_hmacsha512256.h" -#include "export.h" +#include "sodium_crypto_auth_hmacsha512256.h" +#include "sodium_export.h" #ifdef __cplusplus # ifdef __GNUC__ @@ -14,28 +14,24 @@ extern "C" { #endif #define crypto_auth_BYTES crypto_auth_hmacsha512256_BYTES -SODIUM_EXPORT size_t crypto_auth_bytes(void); #define crypto_auth_KEYBYTES crypto_auth_hmacsha512256_KEYBYTES -SODIUM_EXPORT size_t crypto_auth_keybytes(void); #define crypto_auth_PRIMITIVE "hmacsha512256" -SODIUM_EXPORT const char *crypto_auth_primitive(void); -SODIUM_EXPORT int crypto_auth(unsigned char *out, const unsigned char *in, - unsigned long long inlen, const unsigned char *k); + unsigned long long inlen, const unsigned char *k) + __attribute__ ((nonnull)); -SODIUM_EXPORT int crypto_auth_verify(const unsigned char *h, const unsigned char *in, unsigned long long inlen, const unsigned char *k) - __attribute__ ((warn_unused_result)); + __attribute__ ((warn_unused_result)) __attribute__ ((nonnull)); -SODIUM_EXPORT -void crypto_auth_keygen(unsigned char k[crypto_auth_KEYBYTES]); +void crypto_auth_keygen(unsigned char k[crypto_auth_KEYBYTES]) + __attribute__ ((nonnull)); #ifdef __cplusplus } diff --git a/windows/sodium/crypto_auth_hmacsha512.h b/sodium/sodium_crypto_auth_hmacsha512.h similarity index 73% rename from windows/sodium/crypto_auth_hmacsha512.h rename to sodium/sodium_crypto_auth_hmacsha512.h index 77a55fbc..57f6d347 100644 --- a/windows/sodium/crypto_auth_hmacsha512.h +++ b/sodium/sodium_crypto_auth_hmacsha512.h @@ -2,8 +2,9 @@ #define crypto_auth_hmacsha512_H #include -#include "crypto_hash_sha512.h" -#include "export.h" + +#include "sodium_crypto_hash_sha512.h" +#include "sodium_export.h" #ifdef __cplusplus # ifdef __GNUC__ @@ -13,25 +14,21 @@ extern "C" { #endif #define crypto_auth_hmacsha512_BYTES 64U -SODIUM_EXPORT size_t crypto_auth_hmacsha512_bytes(void); #define crypto_auth_hmacsha512_KEYBYTES 32U -SODIUM_EXPORT size_t crypto_auth_hmacsha512_keybytes(void); -SODIUM_EXPORT int crypto_auth_hmacsha512(unsigned char *out, const unsigned char *in, unsigned long long inlen, - const unsigned char *k); + const unsigned char *k) __attribute__ ((nonnull)); -SODIUM_EXPORT int crypto_auth_hmacsha512_verify(const unsigned char *h, const unsigned char *in, unsigned long long inlen, const unsigned char *k) - __attribute__ ((warn_unused_result)); + __attribute__ ((warn_unused_result)) __attribute__ ((nonnull)); /* ------------------------------------------------------------------------- */ @@ -40,25 +37,21 @@ typedef struct crypto_auth_hmacsha512_state { crypto_hash_sha512_state octx; } crypto_auth_hmacsha512_state; -SODIUM_EXPORT size_t crypto_auth_hmacsha512_statebytes(void); -SODIUM_EXPORT int crypto_auth_hmacsha512_init(crypto_auth_hmacsha512_state *state, const unsigned char *key, - size_t keylen); + size_t keylen) __attribute__ ((nonnull)); -SODIUM_EXPORT int crypto_auth_hmacsha512_update(crypto_auth_hmacsha512_state *state, const unsigned char *in, - unsigned long long inlen); + unsigned long long inlen) __attribute__ ((nonnull)); -SODIUM_EXPORT int crypto_auth_hmacsha512_final(crypto_auth_hmacsha512_state *state, - unsigned char *out); + unsigned char *out) __attribute__ ((nonnull)); -SODIUM_EXPORT -void crypto_auth_hmacsha512_keygen(unsigned char k[crypto_auth_hmacsha512_KEYBYTES]); +void crypto_auth_hmacsha512_keygen(unsigned char k[crypto_auth_hmacsha512_KEYBYTES]) + __attribute__ ((nonnull)); #ifdef __cplusplus } diff --git a/windows/sodium/crypto_auth_hmacsha512256.h b/sodium/sodium_crypto_auth_hmacsha512256.h similarity index 75% rename from windows/sodium/crypto_auth_hmacsha512256.h rename to sodium/sodium_crypto_auth_hmacsha512256.h index 4842f3de..5c273c8b 100644 --- a/windows/sodium/crypto_auth_hmacsha512256.h +++ b/sodium/sodium_crypto_auth_hmacsha512256.h @@ -2,8 +2,9 @@ #define crypto_auth_hmacsha512256_H #include -#include "crypto_auth_hmacsha512.h" -#include "export.h" + +#include "sodium_crypto_auth_hmacsha512.h" +#include "sodium_export.h" #ifdef __cplusplus # ifdef __GNUC__ @@ -13,47 +14,39 @@ extern "C" { #endif #define crypto_auth_hmacsha512256_BYTES 32U -SODIUM_EXPORT size_t crypto_auth_hmacsha512256_bytes(void); #define crypto_auth_hmacsha512256_KEYBYTES 32U -SODIUM_EXPORT size_t crypto_auth_hmacsha512256_keybytes(void); -SODIUM_EXPORT int crypto_auth_hmacsha512256(unsigned char *out, const unsigned char *in, unsigned long long inlen,const unsigned char *k); -SODIUM_EXPORT int crypto_auth_hmacsha512256_verify(const unsigned char *h, const unsigned char *in, unsigned long long inlen, const unsigned char *k) - __attribute__ ((warn_unused_result)); + __attribute__ ((warn_unused_result)) __attribute__ ((nonnull)); /* ------------------------------------------------------------------------- */ typedef crypto_auth_hmacsha512_state crypto_auth_hmacsha512256_state; -SODIUM_EXPORT size_t crypto_auth_hmacsha512256_statebytes(void); -SODIUM_EXPORT int crypto_auth_hmacsha512256_init(crypto_auth_hmacsha512256_state *state, const unsigned char *key, - size_t keylen); + size_t keylen) __attribute__ ((nonnull)); -SODIUM_EXPORT int crypto_auth_hmacsha512256_update(crypto_auth_hmacsha512256_state *state, const unsigned char *in, - unsigned long long inlen); + unsigned long long inlen) __attribute__ ((nonnull)); -SODIUM_EXPORT int crypto_auth_hmacsha512256_final(crypto_auth_hmacsha512256_state *state, - unsigned char *out); + unsigned char *out) __attribute__ ((nonnull)); -SODIUM_EXPORT -void crypto_auth_hmacsha512256_keygen(unsigned char k[crypto_auth_hmacsha512256_KEYBYTES]); +void crypto_auth_hmacsha512256_keygen(unsigned char k[crypto_auth_hmacsha512256_KEYBYTES]) + __attribute__ ((nonnull)); #ifdef __cplusplus } diff --git a/sodium/sodium_crypto_box.c b/sodium/sodium_crypto_box.c new file mode 100644 index 00000000..2bdd3cc2 --- /dev/null +++ b/sodium/sodium_crypto_box.c @@ -0,0 +1,47 @@ + +#include "sodium_crypto_box.h" + +int +crypto_box_keypair(unsigned char *pk, unsigned char *sk) +{ + return crypto_box_curve25519xsalsa20poly1305_keypair(pk, sk); +} + +int +crypto_box_beforenm(unsigned char *k, const unsigned char *pk, + const unsigned char *sk) +{ + return crypto_box_curve25519xsalsa20poly1305_beforenm(k, pk, sk); +} + +int +crypto_box_afternm(unsigned char *c, const unsigned char *m, + unsigned long long mlen, const unsigned char *n, + const unsigned char *k) +{ + return crypto_box_curve25519xsalsa20poly1305_afternm(c, m, mlen, n, k); +} + +int +crypto_box_open_afternm(unsigned char *m, const unsigned char *c, + unsigned long long clen, const unsigned char *n, + const unsigned char *k) +{ + return crypto_box_curve25519xsalsa20poly1305_open_afternm(m, c, clen, n, k); +} + +int +crypto_box(unsigned char *c, const unsigned char *m, + unsigned long long mlen, const unsigned char *n, + const unsigned char *pk, const unsigned char *sk) +{ + return crypto_box_curve25519xsalsa20poly1305(c, m, mlen, n, pk, sk); +} + +int +crypto_box_open(unsigned char *m, const unsigned char *c, + unsigned long long clen, const unsigned char *n, + const unsigned char *pk, const unsigned char *sk) +{ + return crypto_box_curve25519xsalsa20poly1305_open(m, c, clen, n, pk, sk); +} diff --git a/windows/sodium/crypto_box.h b/sodium/sodium_crypto_box.h similarity index 75% rename from windows/sodium/crypto_box.h rename to sodium/sodium_crypto_box.h index 614cd1e0..8691dab7 100644 --- a/windows/sodium/crypto_box.h +++ b/sodium/sodium_crypto_box.h @@ -10,8 +10,8 @@ #include -#include "crypto_box_curve25519xsalsa20poly1305.h" -#include "export.h" +#include "sodium_crypto_box_curve25519xsalsa20poly1305.h" +#include "sodium_export.h" #ifdef __cplusplus # ifdef __GNUC__ @@ -21,146 +21,126 @@ extern "C" { #endif #define crypto_box_SEEDBYTES crypto_box_curve25519xsalsa20poly1305_SEEDBYTES -SODIUM_EXPORT size_t crypto_box_seedbytes(void); #define crypto_box_PUBLICKEYBYTES crypto_box_curve25519xsalsa20poly1305_PUBLICKEYBYTES -SODIUM_EXPORT size_t crypto_box_publickeybytes(void); #define crypto_box_SECRETKEYBYTES crypto_box_curve25519xsalsa20poly1305_SECRETKEYBYTES -SODIUM_EXPORT size_t crypto_box_secretkeybytes(void); #define crypto_box_NONCEBYTES crypto_box_curve25519xsalsa20poly1305_NONCEBYTES -SODIUM_EXPORT size_t crypto_box_noncebytes(void); #define crypto_box_MACBYTES crypto_box_curve25519xsalsa20poly1305_MACBYTES -SODIUM_EXPORT size_t crypto_box_macbytes(void); +#define crypto_box_MESSAGEBYTES_MAX crypto_box_curve25519xsalsa20poly1305_MESSAGEBYTES_MAX +size_t crypto_box_messagebytes_max(void); + #define crypto_box_PRIMITIVE "curve25519xsalsa20poly1305" -SODIUM_EXPORT const char *crypto_box_primitive(void); -SODIUM_EXPORT int crypto_box_seed_keypair(unsigned char *pk, unsigned char *sk, - const unsigned char *seed); + const unsigned char *seed) + __attribute__ ((nonnull)); -SODIUM_EXPORT -int crypto_box_keypair(unsigned char *pk, unsigned char *sk); +int crypto_box_keypair(unsigned char *pk, unsigned char *sk) + __attribute__ ((nonnull)); -SODIUM_EXPORT int crypto_box_easy(unsigned char *c, const unsigned char *m, unsigned long long mlen, const unsigned char *n, const unsigned char *pk, const unsigned char *sk) - __attribute__ ((warn_unused_result)); + __attribute__ ((warn_unused_result)) __attribute__ ((nonnull)); -SODIUM_EXPORT int crypto_box_open_easy(unsigned char *m, const unsigned char *c, unsigned long long clen, const unsigned char *n, const unsigned char *pk, const unsigned char *sk) - __attribute__ ((warn_unused_result)); + __attribute__ ((warn_unused_result)) __attribute__ ((nonnull(2, 4, 5, 6))); -SODIUM_EXPORT int crypto_box_detached(unsigned char *c, unsigned char *mac, const unsigned char *m, unsigned long long mlen, const unsigned char *n, const unsigned char *pk, const unsigned char *sk) - __attribute__ ((warn_unused_result)); + __attribute__ ((warn_unused_result)) __attribute__ ((nonnull)); -SODIUM_EXPORT int crypto_box_open_detached(unsigned char *m, const unsigned char *c, const unsigned char *mac, unsigned long long clen, const unsigned char *n, const unsigned char *pk, const unsigned char *sk) - __attribute__ ((warn_unused_result)); + __attribute__ ((warn_unused_result)) __attribute__ ((nonnull(2, 3, 5, 6, 7))); /* -- Precomputation interface -- */ #define crypto_box_BEFORENMBYTES crypto_box_curve25519xsalsa20poly1305_BEFORENMBYTES -SODIUM_EXPORT size_t crypto_box_beforenmbytes(void); -SODIUM_EXPORT int crypto_box_beforenm(unsigned char *k, const unsigned char *pk, const unsigned char *sk) - __attribute__ ((warn_unused_result)); + __attribute__ ((warn_unused_result)) __attribute__ ((nonnull)); -SODIUM_EXPORT int crypto_box_easy_afternm(unsigned char *c, const unsigned char *m, unsigned long long mlen, const unsigned char *n, - const unsigned char *k); + const unsigned char *k) __attribute__ ((nonnull)); -SODIUM_EXPORT int crypto_box_open_easy_afternm(unsigned char *m, const unsigned char *c, unsigned long long clen, const unsigned char *n, const unsigned char *k) - __attribute__ ((warn_unused_result)); + __attribute__ ((warn_unused_result)) __attribute__ ((nonnull(2, 4, 5))); -SODIUM_EXPORT int crypto_box_detached_afternm(unsigned char *c, unsigned char *mac, const unsigned char *m, unsigned long long mlen, - const unsigned char *n, const unsigned char *k); + const unsigned char *n, const unsigned char *k) + __attribute__ ((nonnull)); -SODIUM_EXPORT int crypto_box_open_detached_afternm(unsigned char *m, const unsigned char *c, const unsigned char *mac, unsigned long long clen, const unsigned char *n, const unsigned char *k) - __attribute__ ((warn_unused_result)); + __attribute__ ((warn_unused_result)) __attribute__ ((nonnull(2, 3, 5, 6))); /* -- Ephemeral SK interface -- */ #define crypto_box_SEALBYTES (crypto_box_PUBLICKEYBYTES + crypto_box_MACBYTES) -SODIUM_EXPORT size_t crypto_box_sealbytes(void); -SODIUM_EXPORT int crypto_box_seal(unsigned char *c, const unsigned char *m, - unsigned long long mlen, const unsigned char *pk); + unsigned long long mlen, const unsigned char *pk) + __attribute__ ((nonnull)); -SODIUM_EXPORT int crypto_box_seal_open(unsigned char *m, const unsigned char *c, unsigned long long clen, const unsigned char *pk, const unsigned char *sk) - __attribute__ ((warn_unused_result)); + __attribute__ ((warn_unused_result)) __attribute__ ((nonnull(2, 4, 5))); /* -- NaCl compatibility interface ; Requires padding -- */ #define crypto_box_ZEROBYTES crypto_box_curve25519xsalsa20poly1305_ZEROBYTES -SODIUM_EXPORT size_t crypto_box_zerobytes(void); #define crypto_box_BOXZEROBYTES crypto_box_curve25519xsalsa20poly1305_BOXZEROBYTES -SODIUM_EXPORT size_t crypto_box_boxzerobytes(void); -SODIUM_EXPORT int crypto_box(unsigned char *c, const unsigned char *m, unsigned long long mlen, const unsigned char *n, const unsigned char *pk, const unsigned char *sk) - __attribute__ ((warn_unused_result)); + __attribute__ ((warn_unused_result)) __attribute__ ((nonnull)); -SODIUM_EXPORT int crypto_box_open(unsigned char *m, const unsigned char *c, unsigned long long clen, const unsigned char *n, const unsigned char *pk, const unsigned char *sk) - __attribute__ ((warn_unused_result)); + __attribute__ ((warn_unused_result)) __attribute__ ((nonnull(2, 4, 5, 6))); -SODIUM_EXPORT int crypto_box_afternm(unsigned char *c, const unsigned char *m, unsigned long long mlen, const unsigned char *n, - const unsigned char *k); + const unsigned char *k) __attribute__ ((nonnull)); -SODIUM_EXPORT int crypto_box_open_afternm(unsigned char *m, const unsigned char *c, unsigned long long clen, const unsigned char *n, const unsigned char *k) - __attribute__ ((warn_unused_result)); + __attribute__ ((warn_unused_result)) __attribute__ ((nonnull(2, 4, 5))); #ifdef __cplusplus } diff --git a/windows/sodium/crypto_box_curve25519xchacha20poly1305.h b/sodium/sodium_crypto_box_curve25519xchacha20poly1305.h similarity index 83% rename from windows/sodium/crypto_box_curve25519xchacha20poly1305.h rename to sodium/sodium_crypto_box_curve25519xchacha20poly1305.h index b781cc6e..dfed3ce7 100644 --- a/windows/sodium/crypto_box_curve25519xchacha20poly1305.h +++ b/sodium/sodium_crypto_box_curve25519xchacha20poly1305.h @@ -3,7 +3,8 @@ #define crypto_box_curve25519xchacha20poly1305_H #include -#include "export.h" +#include "sodium_crypto_stream_xchacha20.h" +#include "sodium_export.h" #ifdef __cplusplus # ifdef __GNUC__ @@ -13,57 +14,52 @@ extern "C" { #endif #define crypto_box_curve25519xchacha20poly1305_SEEDBYTES 32U -SODIUM_EXPORT size_t crypto_box_curve25519xchacha20poly1305_seedbytes(void); #define crypto_box_curve25519xchacha20poly1305_PUBLICKEYBYTES 32U -SODIUM_EXPORT size_t crypto_box_curve25519xchacha20poly1305_publickeybytes(void); #define crypto_box_curve25519xchacha20poly1305_SECRETKEYBYTES 32U -SODIUM_EXPORT size_t crypto_box_curve25519xchacha20poly1305_secretkeybytes(void); #define crypto_box_curve25519xchacha20poly1305_BEFORENMBYTES 32U -SODIUM_EXPORT size_t crypto_box_curve25519xchacha20poly1305_beforenmbytes(void); #define crypto_box_curve25519xchacha20poly1305_NONCEBYTES 24U -SODIUM_EXPORT size_t crypto_box_curve25519xchacha20poly1305_noncebytes(void); #define crypto_box_curve25519xchacha20poly1305_MACBYTES 16U -SODIUM_EXPORT size_t crypto_box_curve25519xchacha20poly1305_macbytes(void); -SODIUM_EXPORT +#define crypto_box_curve25519xchacha20poly1305_MESSAGEBYTES_MAX \ + (crypto_stream_xchacha20_MESSAGEBYTES_MAX - crypto_box_curve25519xchacha20poly1305_MACBYTES) +size_t crypto_box_curve25519xchacha20poly1305_messagebytes_max(void); + int crypto_box_curve25519xchacha20poly1305_seed_keypair(unsigned char *pk, unsigned char *sk, - const unsigned char *seed); + const unsigned char *seed) + __attribute__ ((nonnull)); -SODIUM_EXPORT int crypto_box_curve25519xchacha20poly1305_keypair(unsigned char *pk, - unsigned char *sk); + unsigned char *sk) + __attribute__ ((nonnull)); -SODIUM_EXPORT int crypto_box_curve25519xchacha20poly1305_easy(unsigned char *c, const unsigned char *m, unsigned long long mlen, const unsigned char *n, const unsigned char *pk, const unsigned char *sk) - __attribute__ ((warn_unused_result)); + __attribute__ ((warn_unused_result)) __attribute__ ((nonnull)); -SODIUM_EXPORT int crypto_box_curve25519xchacha20poly1305_open_easy(unsigned char *m, const unsigned char *c, unsigned long long clen, const unsigned char *n, const unsigned char *pk, const unsigned char *sk) - __attribute__ ((warn_unused_result)); + __attribute__ ((warn_unused_result)) __attribute__ ((nonnull(2, 4, 5, 6))); -SODIUM_EXPORT int crypto_box_curve25519xchacha20poly1305_detached(unsigned char *c, unsigned char *mac, const unsigned char *m, @@ -71,9 +67,8 @@ int crypto_box_curve25519xchacha20poly1305_detached(unsigned char *c, const unsigned char *n, const unsigned char *pk, const unsigned char *sk) - __attribute__ ((warn_unused_result)); + __attribute__ ((warn_unused_result)) __attribute__ ((nonnull)); -SODIUM_EXPORT int crypto_box_curve25519xchacha20poly1305_open_detached(unsigned char *m, const unsigned char *c, const unsigned char *mac, @@ -81,47 +76,44 @@ int crypto_box_curve25519xchacha20poly1305_open_detached(unsigned char *m, const unsigned char *n, const unsigned char *pk, const unsigned char *sk) - __attribute__ ((warn_unused_result)); + __attribute__ ((warn_unused_result)) __attribute__ ((nonnull(2, 3, 5, 6, 7))); /* -- Precomputation interface -- */ -SODIUM_EXPORT int crypto_box_curve25519xchacha20poly1305_beforenm(unsigned char *k, const unsigned char *pk, const unsigned char *sk) - __attribute__ ((warn_unused_result)); + __attribute__ ((warn_unused_result)) __attribute__ ((nonnull)); -SODIUM_EXPORT int crypto_box_curve25519xchacha20poly1305_easy_afternm(unsigned char *c, const unsigned char *m, unsigned long long mlen, const unsigned char *n, - const unsigned char *k); + const unsigned char *k) + __attribute__ ((nonnull)); -SODIUM_EXPORT int crypto_box_curve25519xchacha20poly1305_open_easy_afternm(unsigned char *m, const unsigned char *c, unsigned long long clen, const unsigned char *n, const unsigned char *k) - __attribute__ ((warn_unused_result)); + __attribute__ ((warn_unused_result)) __attribute__ ((nonnull(2, 4, 5))); -SODIUM_EXPORT int crypto_box_curve25519xchacha20poly1305_detached_afternm(unsigned char *c, unsigned char *mac, const unsigned char *m, unsigned long long mlen, const unsigned char *n, - const unsigned char *k); + const unsigned char *k) + __attribute__ ((nonnull)); -SODIUM_EXPORT int crypto_box_curve25519xchacha20poly1305_open_detached_afternm(unsigned char *m, const unsigned char *c, const unsigned char *mac, unsigned long long clen, const unsigned char *n, const unsigned char *k) - __attribute__ ((warn_unused_result)); + __attribute__ ((warn_unused_result)) __attribute__ ((nonnull(2, 3, 5, 6))); /* -- Ephemeral SK interface -- */ @@ -129,22 +121,20 @@ int crypto_box_curve25519xchacha20poly1305_open_detached_afternm(unsigned char * (crypto_box_curve25519xchacha20poly1305_PUBLICKEYBYTES + \ crypto_box_curve25519xchacha20poly1305_MACBYTES) -SODIUM_EXPORT size_t crypto_box_curve25519xchacha20poly1305_sealbytes(void); -SODIUM_EXPORT int crypto_box_curve25519xchacha20poly1305_seal(unsigned char *c, const unsigned char *m, unsigned long long mlen, - const unsigned char *pk); + const unsigned char *pk) + __attribute__ ((nonnull)); -SODIUM_EXPORT int crypto_box_curve25519xchacha20poly1305_seal_open(unsigned char *m, const unsigned char *c, unsigned long long clen, const unsigned char *pk, const unsigned char *sk) - __attribute__ ((warn_unused_result)); + __attribute__ ((warn_unused_result)) __attribute__ ((nonnull(2, 4, 5))); #ifdef __cplusplus } diff --git a/windows/sodium/crypto_box_curve25519xsalsa20poly1305.h b/sodium/sodium_crypto_box_curve25519xsalsa20poly1305.h similarity index 79% rename from windows/sodium/crypto_box_curve25519xsalsa20poly1305.h rename to sodium/sodium_crypto_box_curve25519xsalsa20poly1305.h index 9b5a39c3..3d7c18bf 100644 --- a/windows/sodium/crypto_box_curve25519xsalsa20poly1305.h +++ b/sodium/sodium_crypto_box_curve25519xsalsa20poly1305.h @@ -2,7 +2,8 @@ #define crypto_box_curve25519xsalsa20poly1305_H #include -#include "export.h" +#include "sodium_crypto_stream_xsalsa20.h" +#include "sodium_export.h" #ifdef __cplusplus # ifdef __GNUC__ @@ -12,86 +13,81 @@ extern "C" { #endif #define crypto_box_curve25519xsalsa20poly1305_SEEDBYTES 32U -SODIUM_EXPORT size_t crypto_box_curve25519xsalsa20poly1305_seedbytes(void); #define crypto_box_curve25519xsalsa20poly1305_PUBLICKEYBYTES 32U -SODIUM_EXPORT size_t crypto_box_curve25519xsalsa20poly1305_publickeybytes(void); #define crypto_box_curve25519xsalsa20poly1305_SECRETKEYBYTES 32U -SODIUM_EXPORT size_t crypto_box_curve25519xsalsa20poly1305_secretkeybytes(void); #define crypto_box_curve25519xsalsa20poly1305_BEFORENMBYTES 32U -SODIUM_EXPORT size_t crypto_box_curve25519xsalsa20poly1305_beforenmbytes(void); #define crypto_box_curve25519xsalsa20poly1305_NONCEBYTES 24U -SODIUM_EXPORT size_t crypto_box_curve25519xsalsa20poly1305_noncebytes(void); #define crypto_box_curve25519xsalsa20poly1305_MACBYTES 16U -SODIUM_EXPORT size_t crypto_box_curve25519xsalsa20poly1305_macbytes(void); +/* Only for the libsodium API - The NaCl compatibility API would require BOXZEROBYTES extra bytes */ +#define crypto_box_curve25519xsalsa20poly1305_MESSAGEBYTES_MAX \ + (crypto_stream_xsalsa20_MESSAGEBYTES_MAX - crypto_box_curve25519xsalsa20poly1305_MACBYTES) +size_t crypto_box_curve25519xsalsa20poly1305_messagebytes_max(void); + +int crypto_box_curve25519xsalsa20poly1305_seed_keypair(unsigned char *pk, + unsigned char *sk, + const unsigned char *seed) + __attribute__ ((nonnull)); + +int crypto_box_curve25519xsalsa20poly1305_keypair(unsigned char *pk, + unsigned char *sk) + __attribute__ ((nonnull)); + +int crypto_box_curve25519xsalsa20poly1305_beforenm(unsigned char *k, + const unsigned char *pk, + const unsigned char *sk) + __attribute__ ((warn_unused_result)) __attribute__ ((nonnull)); + +/* -- NaCl compatibility interface ; Requires padding -- */ + #define crypto_box_curve25519xsalsa20poly1305_BOXZEROBYTES 16U -SODIUM_EXPORT size_t crypto_box_curve25519xsalsa20poly1305_boxzerobytes(void); #define crypto_box_curve25519xsalsa20poly1305_ZEROBYTES \ (crypto_box_curve25519xsalsa20poly1305_BOXZEROBYTES + \ crypto_box_curve25519xsalsa20poly1305_MACBYTES) -SODIUM_EXPORT size_t crypto_box_curve25519xsalsa20poly1305_zerobytes(void); -SODIUM_EXPORT int crypto_box_curve25519xsalsa20poly1305(unsigned char *c, const unsigned char *m, unsigned long long mlen, const unsigned char *n, const unsigned char *pk, const unsigned char *sk) - __attribute__ ((warn_unused_result)); + __attribute__ ((warn_unused_result)) __attribute__ ((nonnull)); -SODIUM_EXPORT int crypto_box_curve25519xsalsa20poly1305_open(unsigned char *m, const unsigned char *c, unsigned long long clen, const unsigned char *n, const unsigned char *pk, const unsigned char *sk) - __attribute__ ((warn_unused_result)); - -SODIUM_EXPORT -int crypto_box_curve25519xsalsa20poly1305_seed_keypair(unsigned char *pk, - unsigned char *sk, - const unsigned char *seed); - -SODIUM_EXPORT -int crypto_box_curve25519xsalsa20poly1305_keypair(unsigned char *pk, - unsigned char *sk); - -SODIUM_EXPORT -int crypto_box_curve25519xsalsa20poly1305_beforenm(unsigned char *k, - const unsigned char *pk, - const unsigned char *sk) - __attribute__ ((warn_unused_result)); + __attribute__ ((warn_unused_result)) __attribute__ ((nonnull(2, 4, 5, 6))); -SODIUM_EXPORT int crypto_box_curve25519xsalsa20poly1305_afternm(unsigned char *c, const unsigned char *m, unsigned long long mlen, const unsigned char *n, - const unsigned char *k); + const unsigned char *k) + __attribute__ ((nonnull)); -SODIUM_EXPORT int crypto_box_curve25519xsalsa20poly1305_open_afternm(unsigned char *m, const unsigned char *c, unsigned long long clen, const unsigned char *n, const unsigned char *k) - __attribute__ ((warn_unused_result)); + __attribute__ ((warn_unused_result)) __attribute__ ((nonnull(2, 4, 5))); #ifdef __cplusplus } diff --git a/sodium/sodium_crypto_box_easy.c b/sodium/sodium_crypto_box_easy.c new file mode 100644 index 00000000..0029bb7b --- /dev/null +++ b/sodium/sodium_crypto_box_easy.c @@ -0,0 +1,115 @@ + +#include +#include +#include + +#include "sodium_core.h" +#include "sodium_crypto_box.h" +#include "sodium_crypto_secretbox.h" +#include "sodium_private_common.h" +#include "sodium_utils.h" + +int +crypto_box_detached_afternm(unsigned char *c, unsigned char *mac, + const unsigned char *m, unsigned long long mlen, + const unsigned char *n, const unsigned char *k) +{ + return crypto_secretbox_detached(c, mac, m, mlen, n, k); +} + +int +crypto_box_detached(unsigned char *c, unsigned char *mac, + const unsigned char *m, unsigned long long mlen, + const unsigned char *n, const unsigned char *pk, + const unsigned char *sk) +{ + unsigned char k[crypto_box_BEFORENMBYTES]; + int ret; + + COMPILER_ASSERT(crypto_box_BEFORENMBYTES >= crypto_secretbox_KEYBYTES); + if (crypto_box_beforenm(k, pk, sk) != 0) { + return -1; + } + ret = crypto_box_detached_afternm(c, mac, m, mlen, n, k); + sodium_memzero(k, sizeof k); + + return ret; +} + +int +crypto_box_easy_afternm(unsigned char *c, const unsigned char *m, + unsigned long long mlen, const unsigned char *n, + const unsigned char *k) +{ + if (mlen > crypto_box_MESSAGEBYTES_MAX) { + sodium_misuse(); + } + return crypto_box_detached_afternm(c + crypto_box_MACBYTES, c, m, mlen, n, + k); +} + +int +crypto_box_easy(unsigned char *c, const unsigned char *m, + unsigned long long mlen, const unsigned char *n, + const unsigned char *pk, const unsigned char *sk) +{ + if (mlen > crypto_box_MESSAGEBYTES_MAX) { + sodium_misuse(); + } + return crypto_box_detached(c + crypto_box_MACBYTES, c, m, mlen, n, + pk, sk); +} + +int +crypto_box_open_detached_afternm(unsigned char *m, const unsigned char *c, + const unsigned char *mac, + unsigned long long clen, + const unsigned char *n, + const unsigned char *k) +{ + return crypto_secretbox_open_detached(m, c, mac, clen, n, k); +} + +int +crypto_box_open_detached(unsigned char *m, const unsigned char *c, + const unsigned char *mac, + unsigned long long clen, const unsigned char *n, + const unsigned char *pk, const unsigned char *sk) +{ + unsigned char k[crypto_box_BEFORENMBYTES]; + int ret; + + if (crypto_box_beforenm(k, pk, sk) != 0) { + return -1; + } + ret = crypto_box_open_detached_afternm(m, c, mac, clen, n, k); + sodium_memzero(k, sizeof k); + + return ret; +} + +int +crypto_box_open_easy_afternm(unsigned char *m, const unsigned char *c, + unsigned long long clen, const unsigned char *n, + const unsigned char *k) +{ + if (clen < crypto_box_MACBYTES) { + return -1; + } + return crypto_box_open_detached_afternm(m, c + crypto_box_MACBYTES, c, + clen - crypto_box_MACBYTES, + n, k); +} + +int +crypto_box_open_easy(unsigned char *m, const unsigned char *c, + unsigned long long clen, const unsigned char *n, + const unsigned char *pk, const unsigned char *sk) +{ + if (clen < crypto_box_MACBYTES) { + return -1; + } + return crypto_box_open_detached(m, c + crypto_box_MACBYTES, c, + clen - crypto_box_MACBYTES, + n, pk, sk); +} diff --git a/sodium/sodium_crypto_core_ed25519.h b/sodium/sodium_crypto_core_ed25519.h new file mode 100644 index 00000000..688500f0 --- /dev/null +++ b/sodium/sodium_crypto_core_ed25519.h @@ -0,0 +1,68 @@ +#ifndef crypto_core_ed25519_H +#define crypto_core_ed25519_H + +#include +#include "sodium_export.h" + +#ifdef __cplusplus +extern "C" { +#endif + +#define crypto_core_ed25519_BYTES 32 +size_t crypto_core_ed25519_bytes(void); + +#define crypto_core_ed25519_UNIFORMBYTES 32 +size_t crypto_core_ed25519_uniformbytes(void); + +#define crypto_core_ed25519_SCALARBYTES 32 +size_t crypto_core_ed25519_scalarbytes(void); + +#define crypto_core_ed25519_NONREDUCEDSCALARBYTES 64 +size_t crypto_core_ed25519_nonreducedscalarbytes(void); + +int crypto_core_ed25519_is_valid_point(const unsigned char *p) + __attribute__ ((nonnull)); + +int crypto_core_ed25519_add(unsigned char *r, + const unsigned char *p, const unsigned char *q) + __attribute__ ((nonnull)); + +int crypto_core_ed25519_sub(unsigned char *r, + const unsigned char *p, const unsigned char *q) + __attribute__ ((nonnull)); + +int crypto_core_ed25519_from_uniform(unsigned char *p, const unsigned char *r) + __attribute__ ((nonnull)); + +void crypto_core_ed25519_scalar_random(unsigned char *r) + __attribute__ ((nonnull)); + +int crypto_core_ed25519_scalar_invert(unsigned char *recip, const unsigned char *s) + __attribute__ ((nonnull)); + +void crypto_core_ed25519_scalar_negate(unsigned char *neg, const unsigned char *s) + __attribute__ ((nonnull)); + +void crypto_core_ed25519_scalar_complement(unsigned char *comp, const unsigned char *s) + __attribute__ ((nonnull)); + +void crypto_core_ed25519_scalar_add(unsigned char *z, const unsigned char *x, + const unsigned char *y) + __attribute__ ((nonnull)); + +void crypto_core_ed25519_scalar_sub(unsigned char *z, const unsigned char *x, + const unsigned char *y) + __attribute__ ((nonnull)); + +/* + * The interval `s` is sampled from should be at least 317 bits to ensure almost + * uniformity of `r` over `L`. + */ +void crypto_core_ed25519_scalar_reduce(unsigned char *r, const unsigned char *s) + __attribute__ ((nonnull)); + +#ifdef __cplusplus +} +#endif + +#endif diff --git a/windows/sodium/crypto_core_hchacha20.h b/sodium/sodium_crypto_core_hchacha20.h similarity index 86% rename from windows/sodium/crypto_core_hchacha20.h rename to sodium/sodium_crypto_core_hchacha20.h index 05e5670c..5e462338 100644 --- a/windows/sodium/crypto_core_hchacha20.h +++ b/sodium/sodium_crypto_core_hchacha20.h @@ -2,31 +2,27 @@ #define crypto_core_hchacha20_H #include -#include "export.h" +#include "sodium_export.h" #ifdef __cplusplus extern "C" { #endif #define crypto_core_hchacha20_OUTPUTBYTES 32U -SODIUM_EXPORT size_t crypto_core_hchacha20_outputbytes(void); #define crypto_core_hchacha20_INPUTBYTES 16U -SODIUM_EXPORT size_t crypto_core_hchacha20_inputbytes(void); #define crypto_core_hchacha20_KEYBYTES 32U -SODIUM_EXPORT size_t crypto_core_hchacha20_keybytes(void); #define crypto_core_hchacha20_CONSTBYTES 16U -SODIUM_EXPORT size_t crypto_core_hchacha20_constbytes(void); -SODIUM_EXPORT int crypto_core_hchacha20(unsigned char *out, const unsigned char *in, - const unsigned char *k, const unsigned char *c); + const unsigned char *k, const unsigned char *c) + __attribute__ ((nonnull(1, 2, 3))); #ifdef __cplusplus } diff --git a/windows/sodium/crypto_core_hsalsa20.h b/sodium/sodium_crypto_core_hsalsa20.h similarity index 86% rename from windows/sodium/crypto_core_hsalsa20.h rename to sodium/sodium_crypto_core_hsalsa20.h index 82e475b8..1ee628f8 100644 --- a/windows/sodium/crypto_core_hsalsa20.h +++ b/sodium/sodium_crypto_core_hsalsa20.h @@ -2,31 +2,27 @@ #define crypto_core_hsalsa20_H #include -#include "export.h" +#include "sodium_export.h" #ifdef __cplusplus extern "C" { #endif #define crypto_core_hsalsa20_OUTPUTBYTES 32U -SODIUM_EXPORT size_t crypto_core_hsalsa20_outputbytes(void); #define crypto_core_hsalsa20_INPUTBYTES 16U -SODIUM_EXPORT size_t crypto_core_hsalsa20_inputbytes(void); #define crypto_core_hsalsa20_KEYBYTES 32U -SODIUM_EXPORT size_t crypto_core_hsalsa20_keybytes(void); #define crypto_core_hsalsa20_CONSTBYTES 16U -SODIUM_EXPORT size_t crypto_core_hsalsa20_constbytes(void); -SODIUM_EXPORT int crypto_core_hsalsa20(unsigned char *out, const unsigned char *in, - const unsigned char *k, const unsigned char *c); + const unsigned char *k, const unsigned char *c) + __attribute__ ((nonnull(1, 2, 3))); #ifdef __cplusplus } diff --git a/windows/sodium/crypto_core_salsa20.h b/sodium/sodium_crypto_core_salsa20.h similarity index 86% rename from windows/sodium/crypto_core_salsa20.h rename to sodium/sodium_crypto_core_salsa20.h index 160cc56d..d77b3278 100644 --- a/windows/sodium/crypto_core_salsa20.h +++ b/sodium/sodium_crypto_core_salsa20.h @@ -2,31 +2,27 @@ #define crypto_core_salsa20_H #include -#include "export.h" +#include "sodium_export.h" #ifdef __cplusplus extern "C" { #endif #define crypto_core_salsa20_OUTPUTBYTES 64U -SODIUM_EXPORT size_t crypto_core_salsa20_outputbytes(void); #define crypto_core_salsa20_INPUTBYTES 16U -SODIUM_EXPORT size_t crypto_core_salsa20_inputbytes(void); #define crypto_core_salsa20_KEYBYTES 32U -SODIUM_EXPORT size_t crypto_core_salsa20_keybytes(void); #define crypto_core_salsa20_CONSTBYTES 16U -SODIUM_EXPORT size_t crypto_core_salsa20_constbytes(void); -SODIUM_EXPORT int crypto_core_salsa20(unsigned char *out, const unsigned char *in, - const unsigned char *k, const unsigned char *c); + const unsigned char *k, const unsigned char *c) + __attribute__ ((nonnull(1, 2, 3))); #ifdef __cplusplus } diff --git a/windows/sodium/crypto_core_salsa2012.h b/sodium/sodium_crypto_core_salsa2012.h similarity index 86% rename from windows/sodium/crypto_core_salsa2012.h rename to sodium/sodium_crypto_core_salsa2012.h index bdd5f9fd..3677d5dc 100644 --- a/windows/sodium/crypto_core_salsa2012.h +++ b/sodium/sodium_crypto_core_salsa2012.h @@ -2,31 +2,27 @@ #define crypto_core_salsa2012_H #include -#include "export.h" +#include "sodium_export.h" #ifdef __cplusplus extern "C" { #endif #define crypto_core_salsa2012_OUTPUTBYTES 64U -SODIUM_EXPORT size_t crypto_core_salsa2012_outputbytes(void); #define crypto_core_salsa2012_INPUTBYTES 16U -SODIUM_EXPORT size_t crypto_core_salsa2012_inputbytes(void); #define crypto_core_salsa2012_KEYBYTES 32U -SODIUM_EXPORT size_t crypto_core_salsa2012_keybytes(void); #define crypto_core_salsa2012_CONSTBYTES 16U -SODIUM_EXPORT size_t crypto_core_salsa2012_constbytes(void); -SODIUM_EXPORT int crypto_core_salsa2012(unsigned char *out, const unsigned char *in, - const unsigned char *k, const unsigned char *c); + const unsigned char *k, const unsigned char *c) + __attribute__ ((nonnull(1, 2, 3))); #ifdef __cplusplus } diff --git a/windows/sodium/crypto_core_salsa208.h b/sodium/sodium_crypto_core_salsa208.h similarity index 52% rename from windows/sodium/crypto_core_salsa208.h rename to sodium/sodium_crypto_core_salsa208.h index 3c13efa4..3d9640f5 100644 --- a/windows/sodium/crypto_core_salsa208.h +++ b/sodium/sodium_crypto_core_salsa208.h @@ -2,31 +2,31 @@ #define crypto_core_salsa208_H #include -#include "export.h" +#include "sodium_export.h" #ifdef __cplusplus extern "C" { #endif #define crypto_core_salsa208_OUTPUTBYTES 64U -SODIUM_EXPORT -size_t crypto_core_salsa208_outputbytes(void); +size_t crypto_core_salsa208_outputbytes(void) + __attribute__ ((deprecated)); #define crypto_core_salsa208_INPUTBYTES 16U -SODIUM_EXPORT -size_t crypto_core_salsa208_inputbytes(void); +size_t crypto_core_salsa208_inputbytes(void) + __attribute__ ((deprecated)); #define crypto_core_salsa208_KEYBYTES 32U -SODIUM_EXPORT -size_t crypto_core_salsa208_keybytes(void); +size_t crypto_core_salsa208_keybytes(void) + __attribute__ ((deprecated)); #define crypto_core_salsa208_CONSTBYTES 16U -SODIUM_EXPORT -size_t crypto_core_salsa208_constbytes(void); +size_t crypto_core_salsa208_constbytes(void) + __attribute__ ((deprecated)); -SODIUM_EXPORT int crypto_core_salsa208(unsigned char *out, const unsigned char *in, - const unsigned char *k, const unsigned char *c); + const unsigned char *k, const unsigned char *c) + __attribute__ ((nonnull(1, 2, 3))); #ifdef __cplusplus } diff --git a/sodium/sodium_crypto_generichash.c b/sodium/sodium_crypto_generichash.c new file mode 100644 index 00000000..afa151d1 --- /dev/null +++ b/sodium/sodium_crypto_generichash.c @@ -0,0 +1,91 @@ + +#include "sodium_crypto_generichash.h" +#include "sodium_randombytes.h" + +size_t +crypto_generichash_bytes_min(void) +{ + return crypto_generichash_BYTES_MIN; +} + +size_t +crypto_generichash_bytes_max(void) +{ + return crypto_generichash_BYTES_MAX; +} + +size_t +crypto_generichash_bytes(void) +{ + return crypto_generichash_BYTES; +} + +size_t +crypto_generichash_keybytes_min(void) +{ + return crypto_generichash_KEYBYTES_MIN; +} + +size_t +crypto_generichash_keybytes_max(void) +{ + return crypto_generichash_KEYBYTES_MAX; +} + +size_t +crypto_generichash_keybytes(void) +{ + return crypto_generichash_KEYBYTES; +} + +const char * +crypto_generichash_primitive(void) +{ + return crypto_generichash_PRIMITIVE; +} + +size_t +crypto_generichash_statebytes(void) +{ + return (sizeof(crypto_generichash_state) + (size_t) 63U) & ~(size_t) 63U; +} + +int +crypto_generichash(unsigned char *out, size_t outlen, const unsigned char *in, + unsigned long long inlen, const unsigned char *key, + size_t keylen) +{ + return crypto_generichash_blake2b(out, outlen, in, inlen, key, keylen); +} + +int +crypto_generichash_init(crypto_generichash_state *state, + const unsigned char *key, + const size_t keylen, const size_t outlen) +{ + return crypto_generichash_blake2b_init + ((crypto_generichash_blake2b_state *) state, key, keylen, outlen); +} + +int +crypto_generichash_update(crypto_generichash_state *state, + const unsigned char *in, + unsigned long long inlen) +{ + return crypto_generichash_blake2b_update + ((crypto_generichash_blake2b_state *) state, in, inlen); +} + +int +crypto_generichash_final(crypto_generichash_state *state, + unsigned char *out, const size_t outlen) +{ + return crypto_generichash_blake2b_final + ((crypto_generichash_blake2b_state *) state, out, outlen); +} + +void +crypto_generichash_keygen(unsigned char k[crypto_generichash_KEYBYTES]) +{ + randombytes_buf(k, crypto_generichash_KEYBYTES); +} diff --git a/windows/sodium/crypto_generichash.h b/sodium/sodium_crypto_generichash.h similarity index 76% rename from windows/sodium/crypto_generichash.h rename to sodium/sodium_crypto_generichash.h index 2398fb9d..3882c08a 100644 --- a/windows/sodium/crypto_generichash.h +++ b/sodium/sodium_crypto_generichash.h @@ -3,8 +3,8 @@ #include -#include "crypto_generichash_blake2b.h" -#include "export.h" +#include "sodium_crypto_generichash_blake2b.h" +#include "sodium_export.h" #ifdef __cplusplus # ifdef __GNUC__ @@ -14,59 +14,55 @@ extern "C" { #endif #define crypto_generichash_BYTES_MIN crypto_generichash_blake2b_BYTES_MIN -SODIUM_EXPORT size_t crypto_generichash_bytes_min(void); #define crypto_generichash_BYTES_MAX crypto_generichash_blake2b_BYTES_MAX -SODIUM_EXPORT size_t crypto_generichash_bytes_max(void); #define crypto_generichash_BYTES crypto_generichash_blake2b_BYTES -SODIUM_EXPORT size_t crypto_generichash_bytes(void); #define crypto_generichash_KEYBYTES_MIN crypto_generichash_blake2b_KEYBYTES_MIN -SODIUM_EXPORT size_t crypto_generichash_keybytes_min(void); #define crypto_generichash_KEYBYTES_MAX crypto_generichash_blake2b_KEYBYTES_MAX -SODIUM_EXPORT size_t crypto_generichash_keybytes_max(void); #define crypto_generichash_KEYBYTES crypto_generichash_blake2b_KEYBYTES -SODIUM_EXPORT size_t crypto_generichash_keybytes(void); #define crypto_generichash_PRIMITIVE "blake2b" -SODIUM_EXPORT const char *crypto_generichash_primitive(void); +/* + * Important when writing bindings for other programming languages: + * the state address should be 64-bytes aligned. + */ typedef crypto_generichash_blake2b_state crypto_generichash_state; -SODIUM_EXPORT size_t crypto_generichash_statebytes(void); -SODIUM_EXPORT int crypto_generichash(unsigned char *out, size_t outlen, const unsigned char *in, unsigned long long inlen, - const unsigned char *key, size_t keylen); + const unsigned char *key, size_t keylen) + __attribute__ ((nonnull(1))); -SODIUM_EXPORT int crypto_generichash_init(crypto_generichash_state *state, const unsigned char *key, - const size_t keylen, const size_t outlen); + const size_t keylen, const size_t outlen) + __attribute__ ((nonnull(1))); -SODIUM_EXPORT int crypto_generichash_update(crypto_generichash_state *state, const unsigned char *in, - unsigned long long inlen); + unsigned long long inlen) + __attribute__ ((nonnull)); -SODIUM_EXPORT int crypto_generichash_final(crypto_generichash_state *state, - unsigned char *out, const size_t outlen); + unsigned char *out, const size_t outlen) + __attribute__ ((nonnull)); -SODIUM_EXPORT -void crypto_generichash_keygen(unsigned char k[crypto_generichash_KEYBYTES]); +void crypto_generichash_keygen(unsigned char k[crypto_generichash_KEYBYTES]) + __attribute__ ((nonnull)); #ifdef __cplusplus } diff --git a/windows/sodium/crypto_generichash_blake2b.h b/sodium/sodium_crypto_generichash_blake2b.h similarity index 83% rename from windows/sodium/crypto_generichash_blake2b.h rename to sodium/sodium_crypto_generichash_blake2b.h index f275625f..942342aa 100644 --- a/windows/sodium/crypto_generichash_blake2b.h +++ b/sodium/sodium_crypto_generichash_blake2b.h @@ -5,7 +5,7 @@ #include #include -#include "export.h" +#include "sodium_export.h" #ifdef __cplusplus # ifdef __GNUC__ @@ -20,17 +20,8 @@ extern "C" { # pragma pack(push, 1) #endif -#if defined(_MSC_VER) -#pragma warning( disable : 4324 ) -#endif - typedef struct CRYPTO_ALIGN(64) crypto_generichash_blake2b_state { - uint64_t h[8]; - uint64_t t[2]; - uint64_t f[2]; - uint8_t buf[2 * 128]; - size_t buflen; - uint8_t last_node; + unsigned char opaque[384]; } crypto_generichash_blake2b_state; #if defined(__IBMC__) || defined(__SUNPRO_C) || defined(__SUNPRO_CC) @@ -40,79 +31,69 @@ typedef struct CRYPTO_ALIGN(64) crypto_generichash_blake2b_state { #endif #define crypto_generichash_blake2b_BYTES_MIN 16U -SODIUM_EXPORT size_t crypto_generichash_blake2b_bytes_min(void); #define crypto_generichash_blake2b_BYTES_MAX 64U -SODIUM_EXPORT size_t crypto_generichash_blake2b_bytes_max(void); #define crypto_generichash_blake2b_BYTES 32U -SODIUM_EXPORT size_t crypto_generichash_blake2b_bytes(void); #define crypto_generichash_blake2b_KEYBYTES_MIN 16U -SODIUM_EXPORT size_t crypto_generichash_blake2b_keybytes_min(void); #define crypto_generichash_blake2b_KEYBYTES_MAX 64U -SODIUM_EXPORT size_t crypto_generichash_blake2b_keybytes_max(void); #define crypto_generichash_blake2b_KEYBYTES 32U -SODIUM_EXPORT size_t crypto_generichash_blake2b_keybytes(void); #define crypto_generichash_blake2b_SALTBYTES 16U -SODIUM_EXPORT size_t crypto_generichash_blake2b_saltbytes(void); #define crypto_generichash_blake2b_PERSONALBYTES 16U -SODIUM_EXPORT size_t crypto_generichash_blake2b_personalbytes(void); -SODIUM_EXPORT size_t crypto_generichash_blake2b_statebytes(void); -SODIUM_EXPORT int crypto_generichash_blake2b(unsigned char *out, size_t outlen, const unsigned char *in, unsigned long long inlen, - const unsigned char *key, size_t keylen); + const unsigned char *key, size_t keylen) + __attribute__ ((nonnull(1))); -SODIUM_EXPORT int crypto_generichash_blake2b_salt_personal(unsigned char *out, size_t outlen, const unsigned char *in, unsigned long long inlen, const unsigned char *key, size_t keylen, const unsigned char *salt, - const unsigned char *personal); + const unsigned char *personal) + __attribute__ ((nonnull(1))); -SODIUM_EXPORT int crypto_generichash_blake2b_init(crypto_generichash_blake2b_state *state, const unsigned char *key, - const size_t keylen, const size_t outlen); + const size_t keylen, const size_t outlen) + __attribute__ ((nonnull(1))); -SODIUM_EXPORT int crypto_generichash_blake2b_init_salt_personal(crypto_generichash_blake2b_state *state, const unsigned char *key, const size_t keylen, const size_t outlen, const unsigned char *salt, - const unsigned char *personal); + const unsigned char *personal) + __attribute__ ((nonnull(1))); -SODIUM_EXPORT int crypto_generichash_blake2b_update(crypto_generichash_blake2b_state *state, const unsigned char *in, - unsigned long long inlen); + unsigned long long inlen) + __attribute__ ((nonnull)); -SODIUM_EXPORT int crypto_generichash_blake2b_final(crypto_generichash_blake2b_state *state, unsigned char *out, - const size_t outlen); + const size_t outlen) __attribute__ ((nonnull)); -SODIUM_EXPORT -void crypto_generichash_blake2b_keygen(unsigned char k[crypto_generichash_blake2b_KEYBYTES]); +void crypto_generichash_blake2b_keygen(unsigned char k[crypto_generichash_blake2b_KEYBYTES]) + __attribute__ ((nonnull)); #ifdef __cplusplus } diff --git a/windows/sodium/crypto_hash.h b/sodium/sodium_crypto_hash.h similarity index 84% rename from windows/sodium/crypto_hash.h rename to sodium/sodium_crypto_hash.h index 302ed5c5..4a9dbc1b 100644 --- a/windows/sodium/crypto_hash.h +++ b/sodium/sodium_crypto_hash.h @@ -10,8 +10,8 @@ #include -#include "crypto_hash_sha512.h" -#include "export.h" +#include "sodium_crypto_hash_sha512.h" +#include "sodium_export.h" #ifdef __cplusplus # ifdef __GNUC__ @@ -21,15 +21,12 @@ extern "C" { #endif #define crypto_hash_BYTES crypto_hash_sha512_BYTES -SODIUM_EXPORT size_t crypto_hash_bytes(void); -SODIUM_EXPORT int crypto_hash(unsigned char *out, const unsigned char *in, - unsigned long long inlen); + unsigned long long inlen) __attribute__ ((nonnull)); #define crypto_hash_PRIMITIVE "sha512" -SODIUM_EXPORT const char *crypto_hash_primitive(void) __attribute__ ((warn_unused_result)); diff --git a/windows/sodium/crypto_hash_sha512.h b/sodium/sodium_crypto_hash_sha512.h similarity index 72% rename from windows/sodium/crypto_hash_sha512.h rename to sodium/sodium_crypto_hash_sha512.h index 6b0330f1..90253187 100644 --- a/windows/sodium/crypto_hash_sha512.h +++ b/sodium/sodium_crypto_hash_sha512.h @@ -12,7 +12,7 @@ #include #include -#include "export.h" +#include "sodium_export.h" #ifdef __cplusplus # ifdef __GNUC__ @@ -27,28 +27,25 @@ typedef struct crypto_hash_sha512_state { uint8_t buf[128]; } crypto_hash_sha512_state; -SODIUM_EXPORT size_t crypto_hash_sha512_statebytes(void); #define crypto_hash_sha512_BYTES 64U -SODIUM_EXPORT size_t crypto_hash_sha512_bytes(void); -SODIUM_EXPORT int crypto_hash_sha512(unsigned char *out, const unsigned char *in, - unsigned long long inlen); + unsigned long long inlen) __attribute__ ((nonnull)); -SODIUM_EXPORT -int crypto_hash_sha512_init(crypto_hash_sha512_state *state); +int crypto_hash_sha512_init(crypto_hash_sha512_state *state) + __attribute__ ((nonnull)); -SODIUM_EXPORT int crypto_hash_sha512_update(crypto_hash_sha512_state *state, const unsigned char *in, - unsigned long long inlen); + unsigned long long inlen) + __attribute__ ((nonnull)); -SODIUM_EXPORT int crypto_hash_sha512_final(crypto_hash_sha512_state *state, - unsigned char *out); + unsigned char *out) + __attribute__ ((nonnull)); #ifdef __cplusplus } diff --git a/sodium/sodium_crypto_kx.c b/sodium/sodium_crypto_kx.c new file mode 100644 index 00000000..36da2ef2 --- /dev/null +++ b/sodium/sodium_crypto_kx.c @@ -0,0 +1,103 @@ + +#include + +#include "sodium_core.h" +#include "sodium_crypto_generichash.h" +#include "sodium_crypto_kx.h" +#include "sodium_crypto_scalarmult.h" +#include "sodium_private_common.h" +#include "sodium_randombytes.h" +#include "sodium_utils.h" + +int +crypto_kx_keypair(unsigned char pk[crypto_kx_PUBLICKEYBYTES], + unsigned char sk[crypto_kx_SECRETKEYBYTES]) +{ + COMPILER_ASSERT(crypto_kx_SECRETKEYBYTES == crypto_scalarmult_SCALARBYTES); + COMPILER_ASSERT(crypto_kx_PUBLICKEYBYTES == crypto_scalarmult_BYTES); + + randombytes_buf(sk, crypto_kx_SECRETKEYBYTES); + return crypto_scalarmult_base(pk, sk); +} + +int +crypto_kx_client_session_keys(unsigned char rx[crypto_kx_SESSIONKEYBYTES], + unsigned char tx[crypto_kx_SESSIONKEYBYTES], + const unsigned char client_pk[crypto_kx_PUBLICKEYBYTES], + const unsigned char client_sk[crypto_kx_SECRETKEYBYTES], + const unsigned char server_pk[crypto_kx_PUBLICKEYBYTES]) +{ + crypto_generichash_state h; + unsigned char q[crypto_scalarmult_BYTES]; + unsigned char keys[2 * crypto_kx_SESSIONKEYBYTES]; + int i; + + if (rx == NULL) { + rx = tx; + } + if (tx == NULL) { + tx = rx; + } + if (rx == NULL) { + sodium_misuse(); /* LCOV_EXCL_LINE */ + } + if (crypto_scalarmult(q, client_sk, server_pk) != 0) { + return -1; + } + COMPILER_ASSERT(sizeof keys <= crypto_generichash_BYTES_MAX); + crypto_generichash_init(&h, NULL, 0U, sizeof keys); + crypto_generichash_update(&h, q, crypto_scalarmult_BYTES); + sodium_memzero(q, sizeof q); + crypto_generichash_update(&h, client_pk, crypto_kx_PUBLICKEYBYTES); + crypto_generichash_update(&h, server_pk, crypto_kx_PUBLICKEYBYTES); + crypto_generichash_final(&h, keys, sizeof keys); + sodium_memzero(&h, sizeof h); + for (i = 0; i < crypto_kx_SESSIONKEYBYTES; i++) { + rx[i] = keys[i]; /* rx cannot be NULL */ + tx[i] = keys[i + crypto_kx_SESSIONKEYBYTES]; /* tx cannot be NULL */ + } + sodium_memzero(keys, sizeof keys); + + return 0; +} + +int +crypto_kx_server_session_keys(unsigned char rx[crypto_kx_SESSIONKEYBYTES], + unsigned char tx[crypto_kx_SESSIONKEYBYTES], + const unsigned char server_pk[crypto_kx_PUBLICKEYBYTES], + const unsigned char server_sk[crypto_kx_SECRETKEYBYTES], + const unsigned char client_pk[crypto_kx_PUBLICKEYBYTES]) +{ + crypto_generichash_state h; + unsigned char q[crypto_scalarmult_BYTES]; + unsigned char keys[2 * crypto_kx_SESSIONKEYBYTES]; + int i; + + if (rx == NULL) { + rx = tx; + } + if (tx == NULL) { + tx = rx; + } + if (rx == NULL) { + sodium_misuse(); /* LCOV_EXCL_LINE */ + } + if (crypto_scalarmult(q, server_sk, client_pk) != 0) { + return -1; + } + COMPILER_ASSERT(sizeof keys <= crypto_generichash_BYTES_MAX); + crypto_generichash_init(&h, NULL, 0U, sizeof keys); + crypto_generichash_update(&h, q, crypto_scalarmult_BYTES); + sodium_memzero(q, sizeof q); + crypto_generichash_update(&h, client_pk, crypto_kx_PUBLICKEYBYTES); + crypto_generichash_update(&h, server_pk, crypto_kx_PUBLICKEYBYTES); + crypto_generichash_final(&h, keys, sizeof keys); + sodium_memzero(&h, sizeof h); + for (i = 0; i < crypto_kx_SESSIONKEYBYTES; i++) { + tx[i] = keys[i]; + rx[i] = keys[i + crypto_kx_SESSIONKEYBYTES]; + } + sodium_memzero(keys, sizeof keys); + + return 0; +} diff --git a/windows/sodium/crypto_kx.h b/sodium/sodium_crypto_kx.h similarity index 86% rename from windows/sodium/crypto_kx.h rename to sodium/sodium_crypto_kx.h index d1fce90d..0f7a9925 100644 --- a/windows/sodium/crypto_kx.h +++ b/sodium/sodium_crypto_kx.h @@ -3,7 +3,7 @@ #include -#include "export.h" +#include "sodium_export.h" #ifdef __cplusplus # ifdef __GNUC__ @@ -13,49 +13,42 @@ extern "C" { #endif #define crypto_kx_PUBLICKEYBYTES 32 -SODIUM_EXPORT size_t crypto_kx_publickeybytes(void); #define crypto_kx_SECRETKEYBYTES 32 -SODIUM_EXPORT size_t crypto_kx_secretkeybytes(void); #define crypto_kx_SEEDBYTES 32 -SODIUM_EXPORT size_t crypto_kx_seedbytes(void); #define crypto_kx_SESSIONKEYBYTES 32 -SODIUM_EXPORT size_t crypto_kx_sessionkeybytes(void); #define crypto_kx_PRIMITIVE "x25519blake2b" -SODIUM_EXPORT const char *crypto_kx_primitive(void); -SODIUM_EXPORT int crypto_kx_seed_keypair(unsigned char pk[crypto_kx_PUBLICKEYBYTES], unsigned char sk[crypto_kx_SECRETKEYBYTES], - const unsigned char seed[crypto_kx_SEEDBYTES]); + const unsigned char seed[crypto_kx_SEEDBYTES]) + __attribute__ ((nonnull)); -SODIUM_EXPORT int crypto_kx_keypair(unsigned char pk[crypto_kx_PUBLICKEYBYTES], - unsigned char sk[crypto_kx_SECRETKEYBYTES]); + unsigned char sk[crypto_kx_SECRETKEYBYTES]) + __attribute__ ((nonnull)); -SODIUM_EXPORT int crypto_kx_client_session_keys(unsigned char rx[crypto_kx_SESSIONKEYBYTES], unsigned char tx[crypto_kx_SESSIONKEYBYTES], const unsigned char client_pk[crypto_kx_PUBLICKEYBYTES], const unsigned char client_sk[crypto_kx_SECRETKEYBYTES], const unsigned char server_pk[crypto_kx_PUBLICKEYBYTES]) - __attribute__ ((warn_unused_result)); + __attribute__ ((warn_unused_result)) __attribute__ ((nonnull(3, 4, 5))); -SODIUM_EXPORT int crypto_kx_server_session_keys(unsigned char rx[crypto_kx_SESSIONKEYBYTES], unsigned char tx[crypto_kx_SESSIONKEYBYTES], const unsigned char server_pk[crypto_kx_PUBLICKEYBYTES], const unsigned char server_sk[crypto_kx_SECRETKEYBYTES], const unsigned char client_pk[crypto_kx_PUBLICKEYBYTES]) - __attribute__ ((warn_unused_result)); + __attribute__ ((warn_unused_result)) __attribute__ ((nonnull(3, 4, 5))); #ifdef __cplusplus } diff --git a/windows/sodium/crypto_onetimeauth.h b/sodium/sodium_crypto_onetimeauth.h similarity index 71% rename from windows/sodium/crypto_onetimeauth.h rename to sodium/sodium_crypto_onetimeauth.h index 5951c5b8..21fd1ee8 100644 --- a/windows/sodium/crypto_onetimeauth.h +++ b/sodium/sodium_crypto_onetimeauth.h @@ -3,8 +3,8 @@ #include -#include "crypto_onetimeauth_poly1305.h" -#include "export.h" +#include "sodium_crypto_onetimeauth_poly1305.h" +#include "sodium_export.h" #ifdef __cplusplus # ifdef __GNUC__ @@ -15,45 +15,38 @@ extern "C" { typedef crypto_onetimeauth_poly1305_state crypto_onetimeauth_state; -SODIUM_EXPORT size_t crypto_onetimeauth_statebytes(void); #define crypto_onetimeauth_BYTES crypto_onetimeauth_poly1305_BYTES -SODIUM_EXPORT size_t crypto_onetimeauth_bytes(void); #define crypto_onetimeauth_KEYBYTES crypto_onetimeauth_poly1305_KEYBYTES -SODIUM_EXPORT size_t crypto_onetimeauth_keybytes(void); #define crypto_onetimeauth_PRIMITIVE "poly1305" -SODIUM_EXPORT const char *crypto_onetimeauth_primitive(void); -SODIUM_EXPORT int crypto_onetimeauth(unsigned char *out, const unsigned char *in, - unsigned long long inlen, const unsigned char *k); + unsigned long long inlen, const unsigned char *k) + __attribute__ ((nonnull)); -SODIUM_EXPORT int crypto_onetimeauth_verify(const unsigned char *h, const unsigned char *in, unsigned long long inlen, const unsigned char *k) - __attribute__ ((warn_unused_result)); + __attribute__ ((warn_unused_result)) __attribute__ ((nonnull)); -SODIUM_EXPORT int crypto_onetimeauth_init(crypto_onetimeauth_state *state, - const unsigned char *key); + const unsigned char *key) __attribute__ ((nonnull)); -SODIUM_EXPORT int crypto_onetimeauth_update(crypto_onetimeauth_state *state, const unsigned char *in, - unsigned long long inlen); + unsigned long long inlen) + __attribute__ ((nonnull)); -SODIUM_EXPORT int crypto_onetimeauth_final(crypto_onetimeauth_state *state, - unsigned char *out); + unsigned char *out) __attribute__ ((nonnull)); -SODIUM_EXPORT -void crypto_onetimeauth_keygen(unsigned char k[crypto_onetimeauth_KEYBYTES]); +void crypto_onetimeauth_keygen(unsigned char k[crypto_onetimeauth_KEYBYTES]) + __attribute__ ((nonnull)); #ifdef __cplusplus } diff --git a/windows/sodium/crypto_onetimeauth_poly1305.h b/sodium/sodium_crypto_onetimeauth_poly1305.h similarity index 75% rename from windows/sodium/crypto_onetimeauth_poly1305.h rename to sodium/sodium_crypto_onetimeauth_poly1305.h index 4b89c4f0..1a9e7b3b 100644 --- a/windows/sodium/crypto_onetimeauth_poly1305.h +++ b/sodium/sodium_crypto_onetimeauth_poly1305.h @@ -14,51 +14,47 @@ extern "C" { #include -#include "export.h" +#include "sodium_export.h" typedef struct CRYPTO_ALIGN(16) crypto_onetimeauth_poly1305_state { unsigned char opaque[256]; } crypto_onetimeauth_poly1305_state; -SODIUM_EXPORT size_t crypto_onetimeauth_poly1305_statebytes(void); #define crypto_onetimeauth_poly1305_BYTES 16U -SODIUM_EXPORT size_t crypto_onetimeauth_poly1305_bytes(void); #define crypto_onetimeauth_poly1305_KEYBYTES 32U -SODIUM_EXPORT size_t crypto_onetimeauth_poly1305_keybytes(void); -SODIUM_EXPORT int crypto_onetimeauth_poly1305(unsigned char *out, const unsigned char *in, unsigned long long inlen, - const unsigned char *k); + const unsigned char *k) + __attribute__ ((nonnull)); -SODIUM_EXPORT int crypto_onetimeauth_poly1305_verify(const unsigned char *h, const unsigned char *in, unsigned long long inlen, const unsigned char *k) - __attribute__ ((warn_unused_result)); + __attribute__ ((warn_unused_result)) __attribute__ ((nonnull)); -SODIUM_EXPORT int crypto_onetimeauth_poly1305_init(crypto_onetimeauth_poly1305_state *state, - const unsigned char *key); + const unsigned char *key) + __attribute__ ((nonnull)); -SODIUM_EXPORT int crypto_onetimeauth_poly1305_update(crypto_onetimeauth_poly1305_state *state, const unsigned char *in, - unsigned long long inlen); + unsigned long long inlen) + __attribute__ ((nonnull)); -SODIUM_EXPORT int crypto_onetimeauth_poly1305_final(crypto_onetimeauth_poly1305_state *state, - unsigned char *out); + unsigned char *out) + __attribute__ ((nonnull)); -SODIUM_EXPORT -void crypto_onetimeauth_poly1305_keygen(unsigned char k[crypto_onetimeauth_poly1305_KEYBYTES]); +void crypto_onetimeauth_poly1305_keygen(unsigned char k[crypto_onetimeauth_poly1305_KEYBYTES]) + __attribute__ ((nonnull)); #ifdef __cplusplus } diff --git a/sodium/sodium_crypto_scalarmult.c b/sodium/sodium_crypto_scalarmult.c new file mode 100644 index 00000000..d0ac6132 --- /dev/null +++ b/sodium/sodium_crypto_scalarmult.c @@ -0,0 +1,33 @@ + +#include "sodium_crypto_scalarmult.h" + +const char * +crypto_scalarmult_primitive(void) +{ + return crypto_scalarmult_PRIMITIVE; +} + +int +crypto_scalarmult_base(unsigned char *q, const unsigned char *n) +{ + return crypto_scalarmult_curve25519_base(q, n); +} + +int +crypto_scalarmult(unsigned char *q, const unsigned char *n, + const unsigned char *p) +{ + return crypto_scalarmult_curve25519(q, n, p); +} + +size_t +crypto_scalarmult_bytes(void) +{ + return crypto_scalarmult_BYTES; +} + +size_t +crypto_scalarmult_scalarbytes(void) +{ + return crypto_scalarmult_SCALARBYTES; +} diff --git a/windows/sodium/crypto_scalarmult.h b/sodium/sodium_crypto_scalarmult.h similarity index 59% rename from windows/sodium/crypto_scalarmult.h rename to sodium/sodium_crypto_scalarmult.h index 830c10f6..bab5045e 100644 --- a/windows/sodium/crypto_scalarmult.h +++ b/sodium/sodium_crypto_scalarmult.h @@ -3,32 +3,36 @@ #include -#include "crypto_scalarmult_curve25519.h" -#include "export.h" +#include "sodium_crypto_scalarmult_curve25519.h" +#include "sodium_export.h" #ifdef __cplusplus extern "C" { #endif #define crypto_scalarmult_BYTES crypto_scalarmult_curve25519_BYTES -SODIUM_EXPORT size_t crypto_scalarmult_bytes(void); #define crypto_scalarmult_SCALARBYTES crypto_scalarmult_curve25519_SCALARBYTES -SODIUM_EXPORT size_t crypto_scalarmult_scalarbytes(void); #define crypto_scalarmult_PRIMITIVE "curve25519" -SODIUM_EXPORT const char *crypto_scalarmult_primitive(void); -SODIUM_EXPORT -int crypto_scalarmult_base(unsigned char *q, const unsigned char *n); - -SODIUM_EXPORT +int crypto_scalarmult_base(unsigned char *q, const unsigned char *n) + __attribute__ ((nonnull)); + +/* + * NOTE: Do not use the result of this function directly. + * + * Hash the result with the public keys in order to compute a shared + * secret key: H(q || client_pk || server_pk) + * + * Or unless this is not an option, use the crypto_kx() API instead. + */ int crypto_scalarmult(unsigned char *q, const unsigned char *n, const unsigned char *p) - __attribute__ ((warn_unused_result)); + __attribute__ ((warn_unused_result)) __attribute__ ((nonnull)); #ifdef __cplusplus } diff --git a/windows/sodium/crypto_scalarmult_curve25519.h b/sodium/sodium_crypto_scalarmult_curve25519.h similarity index 50% rename from windows/sodium/crypto_scalarmult_curve25519.h rename to sodium/sodium_crypto_scalarmult_curve25519.h index d96840c7..24144b4c 100644 --- a/windows/sodium/crypto_scalarmult_curve25519.h +++ b/sodium/sodium_crypto_scalarmult_curve25519.h @@ -3,27 +3,33 @@ #include -#include "export.h" +#include "sodium_export.h" #ifdef __cplusplus extern "C" { #endif #define crypto_scalarmult_curve25519_BYTES 32U -SODIUM_EXPORT size_t crypto_scalarmult_curve25519_bytes(void); #define crypto_scalarmult_curve25519_SCALARBYTES 32U -SODIUM_EXPORT size_t crypto_scalarmult_curve25519_scalarbytes(void); -SODIUM_EXPORT +/* + * NOTE: Do not use the result of this function directly. + * + * Hash the result with the public keys in order to compute a shared + * secret key: H(q || client_pk || server_pk) + * + * Or unless this is not an option, use the crypto_kx() API instead. + */ int crypto_scalarmult_curve25519(unsigned char *q, const unsigned char *n, const unsigned char *p) - __attribute__ ((warn_unused_result)); + __attribute__ ((warn_unused_result)) __attribute__ ((nonnull)); -SODIUM_EXPORT -int crypto_scalarmult_curve25519_base(unsigned char *q, const unsigned char *n); +int crypto_scalarmult_curve25519_base(unsigned char *q, + const unsigned char *n) + __attribute__ ((nonnull)); #ifdef __cplusplus } diff --git a/sodium/sodium_crypto_scalarmult_ed25519.h b/sodium/sodium_crypto_scalarmult_ed25519.h new file mode 100644 index 00000000..4ae8f70d --- /dev/null +++ b/sodium/sodium_crypto_scalarmult_ed25519.h @@ -0,0 +1,45 @@ + +#ifndef crypto_scalarmult_ed25519_H +#define crypto_scalarmult_ed25519_H + +#include + +#include "sodium_export.h" + +#ifdef __cplusplus +extern "C" { +#endif + +#define crypto_scalarmult_ed25519_BYTES 32U +size_t crypto_scalarmult_ed25519_bytes(void); + +#define crypto_scalarmult_ed25519_SCALARBYTES 32U +size_t crypto_scalarmult_ed25519_scalarbytes(void); + +/* + * NOTE: Do not use the result of this function directly. + * + * Hash the result with the public keys in order to compute a shared + * secret key: H(q || client_pk || server_pk) + * + * Or unless this is not an option, use the crypto_kx() API instead. + */ +int crypto_scalarmult_ed25519(unsigned char *q, const unsigned char *n, + const unsigned char *p) + __attribute__ ((warn_unused_result)) __attribute__ ((nonnull)); + +int crypto_scalarmult_ed25519_noclamp(unsigned char *q, const unsigned char *n, + const unsigned char *p) + __attribute__ ((warn_unused_result)) __attribute__ ((nonnull)); + +int crypto_scalarmult_ed25519_base(unsigned char *q, const unsigned char *n) + __attribute__ ((nonnull)); + +int crypto_scalarmult_ed25519_base_noclamp(unsigned char *q, const unsigned char *n) + __attribute__ ((nonnull)); + +#ifdef __cplusplus +} +#endif + +#endif diff --git a/sodium/sodium_crypto_secretbox.c b/sodium/sodium_crypto_secretbox.c new file mode 100644 index 00000000..5cac0b7f --- /dev/null +++ b/sodium/sodium_crypto_secretbox.c @@ -0,0 +1,25 @@ + +#include "sodium_crypto_secretbox.h" +#include "sodium_randombytes.h" + +int +crypto_secretbox(unsigned char *c, const unsigned char *m, + unsigned long long mlen, const unsigned char *n, + const unsigned char *k) +{ + return crypto_secretbox_xsalsa20poly1305(c, m, mlen, n, k); +} + +int +crypto_secretbox_open(unsigned char *m, const unsigned char *c, + unsigned long long clen, const unsigned char *n, + const unsigned char *k) +{ + return crypto_secretbox_xsalsa20poly1305_open(m, c, clen, n, k); +} + +void +crypto_secretbox_keygen(unsigned char k[crypto_secretbox_KEYBYTES]) +{ + randombytes_buf(k, crypto_secretbox_KEYBYTES); +} diff --git a/windows/sodium/crypto_secretbox.h b/sodium/sodium_crypto_secretbox.h similarity index 75% rename from windows/sodium/crypto_secretbox.h rename to sodium/sodium_crypto_secretbox.h index 9b098200..fa9f793e 100644 --- a/windows/sodium/crypto_secretbox.h +++ b/sodium/sodium_crypto_secretbox.h @@ -3,8 +3,8 @@ #include -#include "crypto_secretbox_xsalsa20poly1305.h" -#include "export.h" +#include "sodium_crypto_secretbox_xsalsa20poly1305.h" +#include "sodium_export.h" #ifdef __cplusplus # ifdef __GNUC__ @@ -14,71 +14,63 @@ extern "C" { #endif #define crypto_secretbox_KEYBYTES crypto_secretbox_xsalsa20poly1305_KEYBYTES -SODIUM_EXPORT size_t crypto_secretbox_keybytes(void); #define crypto_secretbox_NONCEBYTES crypto_secretbox_xsalsa20poly1305_NONCEBYTES -SODIUM_EXPORT size_t crypto_secretbox_noncebytes(void); #define crypto_secretbox_MACBYTES crypto_secretbox_xsalsa20poly1305_MACBYTES -SODIUM_EXPORT size_t crypto_secretbox_macbytes(void); #define crypto_secretbox_PRIMITIVE "xsalsa20poly1305" -SODIUM_EXPORT const char *crypto_secretbox_primitive(void); -SODIUM_EXPORT +#define crypto_secretbox_MESSAGEBYTES_MAX crypto_secretbox_xsalsa20poly1305_MESSAGEBYTES_MAX +size_t crypto_secretbox_messagebytes_max(void); + int crypto_secretbox_easy(unsigned char *c, const unsigned char *m, unsigned long long mlen, const unsigned char *n, - const unsigned char *k); + const unsigned char *k) __attribute__ ((nonnull)); -SODIUM_EXPORT int crypto_secretbox_open_easy(unsigned char *m, const unsigned char *c, unsigned long long clen, const unsigned char *n, const unsigned char *k) - __attribute__ ((warn_unused_result)); + __attribute__ ((warn_unused_result)) __attribute__ ((nonnull(2, 4, 5))); -SODIUM_EXPORT int crypto_secretbox_detached(unsigned char *c, unsigned char *mac, const unsigned char *m, unsigned long long mlen, const unsigned char *n, - const unsigned char *k); + const unsigned char *k) + __attribute__ ((nonnull)); -SODIUM_EXPORT int crypto_secretbox_open_detached(unsigned char *m, const unsigned char *c, const unsigned char *mac, unsigned long long clen, const unsigned char *n, const unsigned char *k) - __attribute__ ((warn_unused_result)); + __attribute__ ((warn_unused_result)) __attribute__ ((nonnull(2, 3, 5, 6))); -SODIUM_EXPORT -void crypto_secretbox_keygen(unsigned char k[crypto_secretbox_KEYBYTES]); +void crypto_secretbox_keygen(unsigned char k[crypto_secretbox_KEYBYTES]) + __attribute__ ((nonnull)); /* -- NaCl compatibility interface ; Requires padding -- */ #define crypto_secretbox_ZEROBYTES crypto_secretbox_xsalsa20poly1305_ZEROBYTES -SODIUM_EXPORT size_t crypto_secretbox_zerobytes(void); #define crypto_secretbox_BOXZEROBYTES crypto_secretbox_xsalsa20poly1305_BOXZEROBYTES -SODIUM_EXPORT size_t crypto_secretbox_boxzerobytes(void); -SODIUM_EXPORT int crypto_secretbox(unsigned char *c, const unsigned char *m, unsigned long long mlen, const unsigned char *n, - const unsigned char *k); + const unsigned char *k) __attribute__ ((nonnull)); -SODIUM_EXPORT int crypto_secretbox_open(unsigned char *m, const unsigned char *c, unsigned long long clen, const unsigned char *n, const unsigned char *k) - __attribute__ ((warn_unused_result)); + __attribute__ ((warn_unused_result)) __attribute__ ((nonnull(2, 4, 5))); #ifdef __cplusplus } diff --git a/sodium/sodium_crypto_secretbox_easy.c b/sodium/sodium_crypto_secretbox_easy.c new file mode 100644 index 00000000..f972225e --- /dev/null +++ b/sodium/sodium_crypto_secretbox_easy.c @@ -0,0 +1,144 @@ + +#include +#include +#include +#include +#include + +#include "sodium_core.h" +#include "sodium_crypto_core_hsalsa20.h" +#include "sodium_crypto_onetimeauth_poly1305.h" +#include "sodium_crypto_secretbox.h" +#include "sodium_crypto_stream_salsa20.h" +#include "sodium_private_common.h" +#include "sodium_utils.h" + +int +crypto_secretbox_detached(unsigned char *c, unsigned char *mac, + const unsigned char *m, + unsigned long long mlen, const unsigned char *n, + const unsigned char *k) +{ + crypto_onetimeauth_poly1305_state state; + unsigned char block0[64U]; + unsigned char subkey[crypto_stream_salsa20_KEYBYTES]; + unsigned long long i; + unsigned long long mlen0; + + crypto_core_hsalsa20(subkey, n, k, NULL); + + if (((uintptr_t) c > (uintptr_t) m && + (uintptr_t) c - (uintptr_t) m < mlen) || + ((uintptr_t) m > (uintptr_t) c && + (uintptr_t) m - (uintptr_t) c < mlen)) { /* LCOV_EXCL_LINE */ + memmove(c, m, mlen); + m = c; + } + memset(block0, 0U, crypto_secretbox_ZEROBYTES); + COMPILER_ASSERT(64U >= crypto_secretbox_ZEROBYTES); + mlen0 = mlen; + if (mlen0 > 64U - crypto_secretbox_ZEROBYTES) { + mlen0 = 64U - crypto_secretbox_ZEROBYTES; + } + for (i = 0U; i < mlen0; i++) { + block0[i + crypto_secretbox_ZEROBYTES] = m[i]; + } + crypto_stream_salsa20_xor(block0, block0, + mlen0 + crypto_secretbox_ZEROBYTES, + n + 16, subkey); + COMPILER_ASSERT(crypto_secretbox_ZEROBYTES >= + crypto_onetimeauth_poly1305_KEYBYTES); + crypto_onetimeauth_poly1305_init(&state, block0); + + for (i = 0U; i < mlen0; i++) { + c[i] = block0[crypto_secretbox_ZEROBYTES + i]; + } + sodium_memzero(block0, sizeof block0); + if (mlen > mlen0) { + crypto_stream_salsa20_xor_ic(c + mlen0, m + mlen0, mlen - mlen0, + n + 16, 1U, subkey); + } + sodium_memzero(subkey, sizeof subkey); + + crypto_onetimeauth_poly1305_update(&state, c, mlen); + crypto_onetimeauth_poly1305_final(&state, mac); + sodium_memzero(&state, sizeof state); + + return 0; +} + +int +crypto_secretbox_easy(unsigned char *c, const unsigned char *m, + unsigned long long mlen, const unsigned char *n, + const unsigned char *k) +{ + if (mlen > crypto_secretbox_MESSAGEBYTES_MAX) { + sodium_misuse(); + } + return crypto_secretbox_detached(c + crypto_secretbox_MACBYTES, + c, m, mlen, n, k); +} + +int +crypto_secretbox_open_detached(unsigned char *m, const unsigned char *c, + const unsigned char *mac, + unsigned long long clen, + const unsigned char *n, + const unsigned char *k) +{ + unsigned char block0[64U]; + unsigned char subkey[crypto_stream_salsa20_KEYBYTES]; + unsigned long long i; + unsigned long long mlen0; + + crypto_core_hsalsa20(subkey, n, k, NULL); + crypto_stream_salsa20(block0, crypto_stream_salsa20_KEYBYTES, + n + 16, subkey); + if (crypto_onetimeauth_poly1305_verify(mac, c, clen, block0) != 0) { + sodium_memzero(subkey, sizeof subkey); + return -1; + } + if (m == NULL) { + return 0; + } + if (((uintptr_t) c >= (uintptr_t) m && + (uintptr_t) c - (uintptr_t) m < clen) || + ((uintptr_t) m >= (uintptr_t) c && + (uintptr_t) m - (uintptr_t) c < clen)) { /* LCOV_EXCL_LINE */ + memmove(m, c, clen); + c = m; + } + mlen0 = clen; + if (mlen0 > 64U - crypto_secretbox_ZEROBYTES) { + mlen0 = 64U - crypto_secretbox_ZEROBYTES; + } + for (i = 0U; i < mlen0; i++) { + block0[crypto_secretbox_ZEROBYTES + i] = c[i]; + } + crypto_stream_salsa20_xor(block0, block0, + crypto_secretbox_ZEROBYTES + mlen0, + n + 16, subkey); + for (i = 0U; i < mlen0; i++) { + m[i] = block0[i + crypto_secretbox_ZEROBYTES]; + } + if (clen > mlen0) { + crypto_stream_salsa20_xor_ic(m + mlen0, c + mlen0, clen - mlen0, + n + 16, 1U, subkey); + } + sodium_memzero(subkey, sizeof subkey); + + return 0; +} + +int +crypto_secretbox_open_easy(unsigned char *m, const unsigned char *c, + unsigned long long clen, const unsigned char *n, + const unsigned char *k) +{ + if (clen < crypto_secretbox_MACBYTES) { + return -1; + } + return crypto_secretbox_open_detached(m, c + crypto_secretbox_MACBYTES, c, + clen - crypto_secretbox_MACBYTES, + n, k); +} diff --git a/windows/sodium/crypto_secretbox_xchacha20poly1305.h b/sodium/sodium_crypto_secretbox_xchacha20poly1305.h similarity index 79% rename from windows/sodium/crypto_secretbox_xchacha20poly1305.h rename to sodium/sodium_crypto_secretbox_xchacha20poly1305.h index 7a61a091..84106690 100644 --- a/windows/sodium/crypto_secretbox_xchacha20poly1305.h +++ b/sodium/sodium_crypto_secretbox_xchacha20poly1305.h @@ -2,7 +2,8 @@ #define crypto_secretbox_xchacha20poly1305_H #include -#include "export.h" +#include "sodium_crypto_stream_xchacha20.h" +#include "sodium_export.h" #ifdef __cplusplus # ifdef __GNUC__ @@ -12,48 +13,47 @@ extern "C" { #endif #define crypto_secretbox_xchacha20poly1305_KEYBYTES 32U -SODIUM_EXPORT size_t crypto_secretbox_xchacha20poly1305_keybytes(void); #define crypto_secretbox_xchacha20poly1305_NONCEBYTES 24U -SODIUM_EXPORT size_t crypto_secretbox_xchacha20poly1305_noncebytes(void); #define crypto_secretbox_xchacha20poly1305_MACBYTES 16U -SODIUM_EXPORT size_t crypto_secretbox_xchacha20poly1305_macbytes(void); -SODIUM_EXPORT +#define crypto_secretbox_xchacha20poly1305_MESSAGEBYTES_MAX \ + (crypto_stream_xchacha20_MESSAGEBYTES_MAX - crypto_secretbox_xchacha20poly1305_MACBYTES) +size_t crypto_secretbox_xchacha20poly1305_messagebytes_max(void); + int crypto_secretbox_xchacha20poly1305_easy(unsigned char *c, const unsigned char *m, unsigned long long mlen, const unsigned char *n, - const unsigned char *k); + const unsigned char *k) + __attribute__ ((nonnull)); -SODIUM_EXPORT int crypto_secretbox_xchacha20poly1305_open_easy(unsigned char *m, const unsigned char *c, unsigned long long clen, const unsigned char *n, const unsigned char *k) - __attribute__ ((warn_unused_result)); + __attribute__ ((warn_unused_result)) __attribute__ ((nonnull(2, 4, 5))); -SODIUM_EXPORT int crypto_secretbox_xchacha20poly1305_detached(unsigned char *c, unsigned char *mac, const unsigned char *m, unsigned long long mlen, const unsigned char *n, - const unsigned char *k); + const unsigned char *k) + __attribute__ ((nonnull)); -SODIUM_EXPORT int crypto_secretbox_xchacha20poly1305_open_detached(unsigned char *m, const unsigned char *c, const unsigned char *mac, unsigned long long clen, const unsigned char *n, const unsigned char *k) - __attribute__ ((warn_unused_result)); + __attribute__ ((warn_unused_result)) __attribute__ ((nonnull(2, 3, 5, 6))); #ifdef __cplusplus } diff --git a/windows/sodium/crypto_secretbox_xsalsa20poly1305.h b/sodium/sodium_crypto_secretbox_xsalsa20poly1305.h similarity index 68% rename from windows/sodium/crypto_secretbox_xsalsa20poly1305.h rename to sodium/sodium_crypto_secretbox_xsalsa20poly1305.h index 5aa30805..01086c93 100644 --- a/windows/sodium/crypto_secretbox_xsalsa20poly1305.h +++ b/sodium/sodium_crypto_secretbox_xsalsa20poly1305.h @@ -2,7 +2,8 @@ #define crypto_secretbox_xsalsa20poly1305_H #include -#include "export.h" +#include "sodium_crypto_stream_xsalsa20.h" +#include "sodium_export.h" #ifdef __cplusplus # ifdef __GNUC__ @@ -12,44 +13,45 @@ extern "C" { #endif #define crypto_secretbox_xsalsa20poly1305_KEYBYTES 32U -SODIUM_EXPORT size_t crypto_secretbox_xsalsa20poly1305_keybytes(void); #define crypto_secretbox_xsalsa20poly1305_NONCEBYTES 24U -SODIUM_EXPORT size_t crypto_secretbox_xsalsa20poly1305_noncebytes(void); #define crypto_secretbox_xsalsa20poly1305_MACBYTES 16U -SODIUM_EXPORT size_t crypto_secretbox_xsalsa20poly1305_macbytes(void); -#define crypto_secretbox_xsalsa20poly1305_BOXZEROBYTES 16U -SODIUM_EXPORT -size_t crypto_secretbox_xsalsa20poly1305_boxzerobytes(void); - -#define crypto_secretbox_xsalsa20poly1305_ZEROBYTES \ - (crypto_secretbox_xsalsa20poly1305_BOXZEROBYTES + \ - crypto_secretbox_xsalsa20poly1305_MACBYTES) -SODIUM_EXPORT -size_t crypto_secretbox_xsalsa20poly1305_zerobytes(void); +/* Only for the libsodium API - The NaCl compatibility API would require BOXZEROBYTES extra bytes */ +#define crypto_secretbox_xsalsa20poly1305_MESSAGEBYTES_MAX \ + (crypto_stream_xsalsa20_MESSAGEBYTES_MAX - crypto_secretbox_xsalsa20poly1305_MACBYTES) +size_t crypto_secretbox_xsalsa20poly1305_messagebytes_max(void); -SODIUM_EXPORT int crypto_secretbox_xsalsa20poly1305(unsigned char *c, const unsigned char *m, unsigned long long mlen, const unsigned char *n, - const unsigned char *k); + const unsigned char *k) + __attribute__ ((nonnull)); -SODIUM_EXPORT int crypto_secretbox_xsalsa20poly1305_open(unsigned char *m, const unsigned char *c, unsigned long long clen, const unsigned char *n, const unsigned char *k) - __attribute__ ((warn_unused_result)); + __attribute__ ((warn_unused_result)) __attribute__ ((nonnull(2, 4, 5))); + +void crypto_secretbox_xsalsa20poly1305_keygen(unsigned char k[crypto_secretbox_xsalsa20poly1305_KEYBYTES]) + __attribute__ ((nonnull)); -SODIUM_EXPORT -void crypto_secretbox_xsalsa20poly1305_keygen(unsigned char k[crypto_secretbox_xsalsa20poly1305_KEYBYTES]); +/* -- NaCl compatibility interface ; Requires padding -- */ + +#define crypto_secretbox_xsalsa20poly1305_BOXZEROBYTES 16U +size_t crypto_secretbox_xsalsa20poly1305_boxzerobytes(void); + +#define crypto_secretbox_xsalsa20poly1305_ZEROBYTES \ + (crypto_secretbox_xsalsa20poly1305_BOXZEROBYTES + \ + crypto_secretbox_xsalsa20poly1305_MACBYTES) +size_t crypto_secretbox_xsalsa20poly1305_zerobytes(void); #ifdef __cplusplus } diff --git a/sodium/sodium_crypto_secretstream_xchacha20poly1305.h b/sodium/sodium_crypto_secretstream_xchacha20poly1305.h new file mode 100644 index 00000000..c8fb19f2 --- /dev/null +++ b/sodium/sodium_crypto_secretstream_xchacha20poly1305.h @@ -0,0 +1,93 @@ +#ifndef crypto_secretstream_xchacha20poly1305_H +#define crypto_secretstream_xchacha20poly1305_H + +#include + +#include "sodium_crypto_aead_xchacha20poly1305.h" +#include "sodium_crypto_stream_chacha20.h" +#include "sodium_export.h" + +#ifdef __cplusplus +# ifdef __GNUC__ +# pragma GCC diagnostic ignored "-Wlong-long" +# endif +extern "C" { +#endif + +#define crypto_secretstream_xchacha20poly1305_ABYTES \ + (1U + crypto_aead_xchacha20poly1305_ietf_ABYTES) +size_t crypto_secretstream_xchacha20poly1305_abytes(void); + +#define crypto_secretstream_xchacha20poly1305_HEADERBYTES \ + crypto_aead_xchacha20poly1305_ietf_NPUBBYTES +size_t crypto_secretstream_xchacha20poly1305_headerbytes(void); + +#define crypto_secretstream_xchacha20poly1305_KEYBYTES \ + crypto_aead_xchacha20poly1305_ietf_KEYBYTES +size_t crypto_secretstream_xchacha20poly1305_keybytes(void); + +#define crypto_secretstream_xchacha20poly1305_MESSAGEBYTES_MAX \ + SODIUM_MIN(SODIUM_SIZE_MAX - crypto_secretstream_xchacha20poly1305_ABYTES, \ + (64ULL * ((1ULL << 32) - 2ULL))) +size_t crypto_secretstream_xchacha20poly1305_messagebytes_max(void); + +#define crypto_secretstream_xchacha20poly1305_TAG_MESSAGE 0x00 +unsigned char crypto_secretstream_xchacha20poly1305_tag_message(void); + +#define crypto_secretstream_xchacha20poly1305_TAG_PUSH 0x01 +unsigned char crypto_secretstream_xchacha20poly1305_tag_push(void); + +#define crypto_secretstream_xchacha20poly1305_TAG_REKEY 0x02 +unsigned char crypto_secretstream_xchacha20poly1305_tag_rekey(void); + +#define crypto_secretstream_xchacha20poly1305_TAG_FINAL \ + (crypto_secretstream_xchacha20poly1305_TAG_PUSH | \ + crypto_secretstream_xchacha20poly1305_TAG_REKEY) +unsigned char crypto_secretstream_xchacha20poly1305_tag_final(void); + +typedef struct crypto_secretstream_xchacha20poly1305_state { + unsigned char k[crypto_stream_chacha20_ietf_KEYBYTES]; + unsigned char nonce[crypto_stream_chacha20_ietf_NONCEBYTES]; + unsigned char _pad[8]; +} crypto_secretstream_xchacha20poly1305_state; + +size_t crypto_secretstream_xchacha20poly1305_statebytes(void); + +void crypto_secretstream_xchacha20poly1305_keygen + (unsigned char k[crypto_secretstream_xchacha20poly1305_KEYBYTES]) + __attribute__ ((nonnull)); + +int crypto_secretstream_xchacha20poly1305_init_push + (crypto_secretstream_xchacha20poly1305_state *state, + unsigned char header[crypto_secretstream_xchacha20poly1305_HEADERBYTES], + const unsigned char k[crypto_secretstream_xchacha20poly1305_KEYBYTES]) + __attribute__ ((nonnull)); + +int crypto_secretstream_xchacha20poly1305_push + (crypto_secretstream_xchacha20poly1305_state *state, + unsigned char *c, unsigned long long *clen_p, + const unsigned char *m, unsigned long long mlen, + const unsigned char *ad, unsigned long long adlen, unsigned char tag) + __attribute__ ((nonnull(1))); + +int crypto_secretstream_xchacha20poly1305_init_pull + (crypto_secretstream_xchacha20poly1305_state *state, + const unsigned char header[crypto_secretstream_xchacha20poly1305_HEADERBYTES], + const unsigned char k[crypto_secretstream_xchacha20poly1305_KEYBYTES]) + __attribute__ ((nonnull)); + +int crypto_secretstream_xchacha20poly1305_pull + (crypto_secretstream_xchacha20poly1305_state *state, + unsigned char *m, unsigned long long *mlen_p, unsigned char *tag_p, + const unsigned char *c, unsigned long long clen, + const unsigned char *ad, unsigned long long adlen) + __attribute__ ((nonnull(1))); + +void crypto_secretstream_xchacha20poly1305_rekey + (crypto_secretstream_xchacha20poly1305_state *state); + +#ifdef __cplusplus +} +#endif + +#endif diff --git a/windows/sodium/crypto_shorthash.h b/sodium/sodium_crypto_shorthash.h similarity index 81% rename from windows/sodium/crypto_shorthash.h rename to sodium/sodium_crypto_shorthash.h index a4988082..539c9c35 100644 --- a/windows/sodium/crypto_shorthash.h +++ b/sodium/sodium_crypto_shorthash.h @@ -3,8 +3,8 @@ #include -#include "crypto_shorthash_siphash24.h" -#include "export.h" +#include "sodium_crypto_shorthash_siphash24.h" +#include "sodium_export.h" #ifdef __cplusplus # ifdef __GNUC__ @@ -14,23 +14,20 @@ extern "C" { #endif #define crypto_shorthash_BYTES crypto_shorthash_siphash24_BYTES -SODIUM_EXPORT size_t crypto_shorthash_bytes(void); #define crypto_shorthash_KEYBYTES crypto_shorthash_siphash24_KEYBYTES -SODIUM_EXPORT size_t crypto_shorthash_keybytes(void); #define crypto_shorthash_PRIMITIVE "siphash24" -SODIUM_EXPORT const char *crypto_shorthash_primitive(void); -SODIUM_EXPORT int crypto_shorthash(unsigned char *out, const unsigned char *in, - unsigned long long inlen, const unsigned char *k); + unsigned long long inlen, const unsigned char *k) + __attribute__ ((nonnull)); -SODIUM_EXPORT -void crypto_shorthash_keygen(unsigned char k[crypto_shorthash_KEYBYTES]); +void crypto_shorthash_keygen(unsigned char k[crypto_shorthash_KEYBYTES]) + __attribute__ ((nonnull)); #ifdef __cplusplus } diff --git a/windows/sodium/crypto_shorthash_siphash24.h b/sodium/sodium_crypto_shorthash_siphash24.h similarity index 87% rename from windows/sodium/crypto_shorthash_siphash24.h rename to sodium/sodium_crypto_shorthash_siphash24.h index 745ed48f..cf461a4d 100644 --- a/windows/sodium/crypto_shorthash_siphash24.h +++ b/sodium/sodium_crypto_shorthash_siphash24.h @@ -2,7 +2,7 @@ #define crypto_shorthash_siphash24_H #include -#include "export.h" +#include "sodium_export.h" #ifdef __cplusplus # ifdef __GNUC__ @@ -14,31 +14,27 @@ extern "C" { /* -- 64-bit output -- */ #define crypto_shorthash_siphash24_BYTES 8U -SODIUM_EXPORT size_t crypto_shorthash_siphash24_bytes(void); #define crypto_shorthash_siphash24_KEYBYTES 16U -SODIUM_EXPORT size_t crypto_shorthash_siphash24_keybytes(void); -SODIUM_EXPORT int crypto_shorthash_siphash24(unsigned char *out, const unsigned char *in, - unsigned long long inlen, const unsigned char *k); + unsigned long long inlen, const unsigned char *k) + __attribute__ ((nonnull)); #ifndef SODIUM_LIBRARY_MINIMAL /* -- 128-bit output -- */ #define crypto_shorthash_siphashx24_BYTES 16U -SODIUM_EXPORT size_t crypto_shorthash_siphashx24_bytes(void); #define crypto_shorthash_siphashx24_KEYBYTES 16U -SODIUM_EXPORT size_t crypto_shorthash_siphashx24_keybytes(void); -SODIUM_EXPORT int crypto_shorthash_siphashx24(unsigned char *out, const unsigned char *in, - unsigned long long inlen, const unsigned char *k); + unsigned long long inlen, const unsigned char *k) + __attribute__ ((nonnull)); #endif #ifdef __cplusplus diff --git a/sodium/sodium_crypto_sign.c b/sodium/sodium_crypto_sign.c new file mode 100644 index 00000000..8283a57a --- /dev/null +++ b/sodium/sodium_crypto_sign.c @@ -0,0 +1,51 @@ + +#include "sodium_crypto_sign.h" + +int +crypto_sign_keypair(unsigned char *pk, unsigned char *sk) +{ + return crypto_sign_ed25519_keypair(pk, sk); +} + +int +crypto_sign(unsigned char *sm, unsigned long long *smlen_p, + const unsigned char *m, unsigned long long mlen, + const unsigned char *sk) +{ + return crypto_sign_ed25519(sm, smlen_p, m, mlen, sk); +} + +int +crypto_sign_open(unsigned char *m, unsigned long long *mlen_p, + const unsigned char *sm, unsigned long long smlen, + const unsigned char *pk) +{ + return crypto_sign_ed25519_open(m, mlen_p, sm, smlen, pk); +} + +int +crypto_sign_init(crypto_sign_state *state) +{ + return crypto_sign_ed25519ph_init(state); +} + +int +crypto_sign_update(crypto_sign_state *state, const unsigned char *m, + unsigned long long mlen) +{ + return crypto_sign_ed25519ph_update(state, m, mlen); +} + +int +crypto_sign_final_create(crypto_sign_state *state, unsigned char *sig, + unsigned long long *siglen_p, const unsigned char *sk) +{ + return crypto_sign_ed25519ph_final_create(state, sig, siglen_p, sk); +} + +int +crypto_sign_final_verify(crypto_sign_state *state, const unsigned char *sig, + const unsigned char *pk) +{ + return crypto_sign_ed25519ph_final_verify(state, sig, pk); +} diff --git a/windows/sodium/crypto_sign.h b/sodium/sodium_crypto_sign.h similarity index 67% rename from windows/sodium/crypto_sign.h rename to sodium/sodium_crypto_sign.h index b0335bf2..406eba1c 100644 --- a/windows/sodium/crypto_sign.h +++ b/sodium/sodium_crypto_sign.h @@ -10,8 +10,8 @@ #include -#include "crypto_sign_ed25519.h" -#include "export.h" +#include "sodium_crypto_sign_ed25519.h" +#include "sodium_export.h" #ifdef __cplusplus # ifdef __GNUC__ @@ -22,75 +22,66 @@ extern "C" { typedef crypto_sign_ed25519ph_state crypto_sign_state; -SODIUM_EXPORT size_t crypto_sign_statebytes(void); #define crypto_sign_BYTES crypto_sign_ed25519_BYTES -SODIUM_EXPORT size_t crypto_sign_bytes(void); #define crypto_sign_SEEDBYTES crypto_sign_ed25519_SEEDBYTES -SODIUM_EXPORT size_t crypto_sign_seedbytes(void); #define crypto_sign_PUBLICKEYBYTES crypto_sign_ed25519_PUBLICKEYBYTES -SODIUM_EXPORT size_t crypto_sign_publickeybytes(void); #define crypto_sign_SECRETKEYBYTES crypto_sign_ed25519_SECRETKEYBYTES -SODIUM_EXPORT size_t crypto_sign_secretkeybytes(void); +#define crypto_sign_MESSAGEBYTES_MAX crypto_sign_ed25519_MESSAGEBYTES_MAX +size_t crypto_sign_messagebytes_max(void); + #define crypto_sign_PRIMITIVE "ed25519" -SODIUM_EXPORT const char *crypto_sign_primitive(void); -SODIUM_EXPORT int crypto_sign_seed_keypair(unsigned char *pk, unsigned char *sk, - const unsigned char *seed); + const unsigned char *seed) + __attribute__ ((nonnull)); -SODIUM_EXPORT -int crypto_sign_keypair(unsigned char *pk, unsigned char *sk); +int crypto_sign_keypair(unsigned char *pk, unsigned char *sk) + __attribute__ ((nonnull)); -SODIUM_EXPORT int crypto_sign(unsigned char *sm, unsigned long long *smlen_p, const unsigned char *m, unsigned long long mlen, - const unsigned char *sk); + const unsigned char *sk) __attribute__ ((nonnull(1, 3, 5))); -SODIUM_EXPORT int crypto_sign_open(unsigned char *m, unsigned long long *mlen_p, const unsigned char *sm, unsigned long long smlen, const unsigned char *pk) - __attribute__ ((warn_unused_result)); + __attribute__ ((warn_unused_result)) __attribute__ ((nonnull(3, 5))); -SODIUM_EXPORT int crypto_sign_detached(unsigned char *sig, unsigned long long *siglen_p, const unsigned char *m, unsigned long long mlen, - const unsigned char *sk); + const unsigned char *sk) __attribute__ ((nonnull(1, 3, 5))); -SODIUM_EXPORT int crypto_sign_verify_detached(const unsigned char *sig, const unsigned char *m, unsigned long long mlen, const unsigned char *pk) - __attribute__ ((warn_unused_result)); + __attribute__ ((warn_unused_result)) __attribute__ ((nonnull)); -SODIUM_EXPORT int crypto_sign_init(crypto_sign_state *state); -SODIUM_EXPORT int crypto_sign_update(crypto_sign_state *state, - const unsigned char *m, unsigned long long mlen); + const unsigned char *m, unsigned long long mlen) + __attribute__ ((nonnull)); -SODIUM_EXPORT int crypto_sign_final_create(crypto_sign_state *state, unsigned char *sig, unsigned long long *siglen_p, - const unsigned char *sk); + const unsigned char *sk) + __attribute__ ((nonnull(1, 2, 4))); -SODIUM_EXPORT -int crypto_sign_final_verify(crypto_sign_state *state, unsigned char *sig, +int crypto_sign_final_verify(crypto_sign_state *state, const unsigned char *sig, const unsigned char *pk) - __attribute__ ((warn_unused_result)); + __attribute__ ((warn_unused_result)) __attribute__ ((nonnull)); #ifdef __cplusplus } diff --git a/windows/sodium/crypto_sign_ed25519.h b/sodium/sodium_crypto_sign_ed25519.h similarity index 70% rename from windows/sodium/crypto_sign_ed25519.h rename to sodium/sodium_crypto_sign_ed25519.h index 17c150f2..2f36d701 100644 --- a/windows/sodium/crypto_sign_ed25519.h +++ b/sodium/sodium_crypto_sign_ed25519.h @@ -2,8 +2,8 @@ #define crypto_sign_ed25519_H #include -#include "crypto_hash_sha512.h" -#include "export.h" +#include "sodium_crypto_hash_sha512.h" +#include "sodium_export.h" #ifdef __cplusplus # ifdef __GNUC__ @@ -16,92 +16,84 @@ typedef struct crypto_sign_ed25519ph_state { crypto_hash_sha512_state hs; } crypto_sign_ed25519ph_state; -SODIUM_EXPORT size_t crypto_sign_ed25519ph_statebytes(void); #define crypto_sign_ed25519_BYTES 64U -SODIUM_EXPORT size_t crypto_sign_ed25519_bytes(void); #define crypto_sign_ed25519_SEEDBYTES 32U -SODIUM_EXPORT size_t crypto_sign_ed25519_seedbytes(void); #define crypto_sign_ed25519_PUBLICKEYBYTES 32U -SODIUM_EXPORT size_t crypto_sign_ed25519_publickeybytes(void); #define crypto_sign_ed25519_SECRETKEYBYTES (32U + 32U) -SODIUM_EXPORT size_t crypto_sign_ed25519_secretkeybytes(void); -SODIUM_EXPORT +#define crypto_sign_ed25519_MESSAGEBYTES_MAX (SODIUM_SIZE_MAX - crypto_sign_ed25519_BYTES) +size_t crypto_sign_ed25519_messagebytes_max(void); + int crypto_sign_ed25519(unsigned char *sm, unsigned long long *smlen_p, const unsigned char *m, unsigned long long mlen, - const unsigned char *sk); + const unsigned char *sk) + __attribute__ ((nonnull(1, 3, 5))); -SODIUM_EXPORT int crypto_sign_ed25519_open(unsigned char *m, unsigned long long *mlen_p, const unsigned char *sm, unsigned long long smlen, - const unsigned char *pk) - __attribute__ ((warn_unused_result)); + const unsigned char *pk); -SODIUM_EXPORT int crypto_sign_ed25519_detached(unsigned char *sig, unsigned long long *siglen_p, const unsigned char *m, unsigned long long mlen, - const unsigned char *sk); + const unsigned char *sk) + __attribute__ ((nonnull(1, 3))); -SODIUM_EXPORT int crypto_sign_ed25519_verify_detached(const unsigned char *sig, const unsigned char *m, unsigned long long mlen, const unsigned char *pk) __attribute__ ((warn_unused_result)); -SODIUM_EXPORT -int crypto_sign_ed25519_keypair(unsigned char *pk, unsigned char *sk); +int crypto_sign_ed25519_keypair(unsigned char *pk, unsigned char *sk) + __attribute__ ((nonnull)); -SODIUM_EXPORT int crypto_sign_ed25519_seed_keypair(unsigned char *pk, unsigned char *sk, - const unsigned char *seed); + const unsigned char *seed) + __attribute__ ((nonnull)); -SODIUM_EXPORT int crypto_sign_ed25519_pk_to_curve25519(unsigned char *curve25519_pk, const unsigned char *ed25519_pk) - __attribute__ ((warn_unused_result)); + __attribute__ ((warn_unused_result)) __attribute__ ((nonnull)); -SODIUM_EXPORT int crypto_sign_ed25519_sk_to_curve25519(unsigned char *curve25519_sk, - const unsigned char *ed25519_sk); + const unsigned char *ed25519_sk) + __attribute__ ((nonnull)); -SODIUM_EXPORT int crypto_sign_ed25519_sk_to_seed(unsigned char *seed, - const unsigned char *sk); + const unsigned char *sk) + __attribute__ ((nonnull)); -SODIUM_EXPORT -int crypto_sign_ed25519_sk_to_pk(unsigned char *pk, const unsigned char *sk); +int crypto_sign_ed25519_sk_to_pk(unsigned char *pk, const unsigned char *sk) + __attribute__ ((nonnull)); -SODIUM_EXPORT -int crypto_sign_ed25519ph_init(crypto_sign_ed25519ph_state *state); +int crypto_sign_ed25519ph_init(crypto_sign_ed25519ph_state *state) + __attribute__ ((nonnull)); -SODIUM_EXPORT int crypto_sign_ed25519ph_update(crypto_sign_ed25519ph_state *state, const unsigned char *m, - unsigned long long mlen); + unsigned long long mlen) + __attribute__ ((nonnull)); -SODIUM_EXPORT int crypto_sign_ed25519ph_final_create(crypto_sign_ed25519ph_state *state, unsigned char *sig, unsigned long long *siglen_p, const unsigned char *sk); -SODIUM_EXPORT int crypto_sign_ed25519ph_final_verify(crypto_sign_ed25519ph_state *state, - unsigned char *sig, + const unsigned char *sig, const unsigned char *pk) - __attribute__ ((warn_unused_result)); + __attribute__ ((warn_unused_result)) __attribute__ ((nonnull)); #ifdef __cplusplus } diff --git a/windows/sodium/crypto_sign_edwards25519sha512batch.h b/sodium/sodium_crypto_sign_edwards25519sha512batch.h similarity index 81% rename from windows/sodium/crypto_sign_edwards25519sha512batch.h rename to sodium/sodium_crypto_sign_edwards25519sha512batch.h index 2224a94e..e9c5bd54 100644 --- a/windows/sodium/crypto_sign_edwards25519sha512batch.h +++ b/sodium/sodium_crypto_sign_edwards25519sha512batch.h @@ -13,7 +13,7 @@ */ #include -#include "export.h" +#include "sodium_export.h" #ifdef __cplusplus # ifdef __GNUC__ @@ -25,27 +25,25 @@ extern "C" { #define crypto_sign_edwards25519sha512batch_BYTES 64U #define crypto_sign_edwards25519sha512batch_PUBLICKEYBYTES 32U #define crypto_sign_edwards25519sha512batch_SECRETKEYBYTES (32U + 32U) +#define crypto_sign_edwards25519sha512batch_MESSAGEBYTES_MAX (SODIUM_SIZE_MAX - crypto_sign_edwards25519sha512batch_BYTES) -SODIUM_EXPORT int crypto_sign_edwards25519sha512batch(unsigned char *sm, unsigned long long *smlen_p, const unsigned char *m, unsigned long long mlen, const unsigned char *sk) - __attribute__ ((deprecated)); + __attribute__ ((deprecated)) __attribute__ ((nonnull(1, 3, 5))); -SODIUM_EXPORT int crypto_sign_edwards25519sha512batch_open(unsigned char *m, unsigned long long *mlen_p, const unsigned char *sm, unsigned long long smlen, const unsigned char *pk) - __attribute__ ((deprecated)); + __attribute__ ((deprecated)) __attribute__ ((nonnull(3, 5))); -SODIUM_EXPORT int crypto_sign_edwards25519sha512batch_keypair(unsigned char *pk, unsigned char *sk) - __attribute__ ((deprecated)); + __attribute__ ((deprecated)) __attribute__ ((nonnull)); #ifdef __cplusplus } diff --git a/windows/sodium/crypto_stream.h b/sodium/sodium_crypto_stream.h similarity index 76% rename from windows/sodium/crypto_stream.h rename to sodium/sodium_crypto_stream.h index 22de6ff5..5a1c095f 100644 --- a/windows/sodium/crypto_stream.h +++ b/sodium/sodium_crypto_stream.h @@ -11,8 +11,8 @@ #include -#include "crypto_stream_xsalsa20.h" -#include "export.h" +#include "sodium_crypto_stream_xsalsa20.h" +#include "sodium_export.h" #ifdef __cplusplus # ifdef __GNUC__ @@ -22,28 +22,28 @@ extern "C" { #endif #define crypto_stream_KEYBYTES crypto_stream_xsalsa20_KEYBYTES -SODIUM_EXPORT size_t crypto_stream_keybytes(void); #define crypto_stream_NONCEBYTES crypto_stream_xsalsa20_NONCEBYTES -SODIUM_EXPORT size_t crypto_stream_noncebytes(void); +#define crypto_stream_MESSAGEBYTES_MAX crypto_stream_xsalsa20_MESSAGEBYTES_MAX +size_t crypto_stream_messagebytes_max(void); + #define crypto_stream_PRIMITIVE "xsalsa20" -SODIUM_EXPORT const char *crypto_stream_primitive(void); -SODIUM_EXPORT int crypto_stream(unsigned char *c, unsigned long long clen, - const unsigned char *n, const unsigned char *k); + const unsigned char *n, const unsigned char *k) + __attribute__ ((nonnull)); -SODIUM_EXPORT int crypto_stream_xor(unsigned char *c, const unsigned char *m, unsigned long long mlen, const unsigned char *n, - const unsigned char *k); + const unsigned char *k) + __attribute__ ((nonnull)); -SODIUM_EXPORT -void crypto_stream_keygen(unsigned char k[crypto_stream_KEYBYTES]); +void crypto_stream_keygen(unsigned char k[crypto_stream_KEYBYTES]) + __attribute__ ((nonnull)); #ifdef __cplusplus } diff --git a/windows/sodium/crypto_stream_chacha20.h b/sodium/sodium_crypto_stream_chacha20.h similarity index 70% rename from windows/sodium/crypto_stream_chacha20.h rename to sodium/sodium_crypto_stream_chacha20.h index 352b9290..ed20fbe8 100644 --- a/windows/sodium/crypto_stream_chacha20.h +++ b/sodium/sodium_crypto_stream_chacha20.h @@ -11,7 +11,7 @@ #include #include -#include "export.h" +#include "sodium_export.h" #ifdef __cplusplus # ifdef __GNUC__ @@ -21,65 +21,69 @@ extern "C" { #endif #define crypto_stream_chacha20_KEYBYTES 32U -SODIUM_EXPORT size_t crypto_stream_chacha20_keybytes(void); #define crypto_stream_chacha20_NONCEBYTES 8U -SODIUM_EXPORT size_t crypto_stream_chacha20_noncebytes(void); +#define crypto_stream_chacha20_MESSAGEBYTES_MAX SODIUM_SIZE_MAX +size_t crypto_stream_chacha20_messagebytes_max(void); + /* ChaCha20 with a 64-bit nonce and a 64-bit counter, as originally designed */ -SODIUM_EXPORT int crypto_stream_chacha20(unsigned char *c, unsigned long long clen, - const unsigned char *n, const unsigned char *k); + const unsigned char *n, const unsigned char *k) + __attribute__ ((nonnull)); -SODIUM_EXPORT int crypto_stream_chacha20_xor(unsigned char *c, const unsigned char *m, unsigned long long mlen, const unsigned char *n, - const unsigned char *k); + const unsigned char *k) + __attribute__ ((nonnull)); -SODIUM_EXPORT int crypto_stream_chacha20_xor_ic(unsigned char *c, const unsigned char *m, unsigned long long mlen, const unsigned char *n, uint64_t ic, - const unsigned char *k); + const unsigned char *k) + __attribute__ ((nonnull)); -SODIUM_EXPORT -void crypto_stream_chacha20_keygen(unsigned char k[crypto_stream_chacha20_KEYBYTES]); +void crypto_stream_chacha20_keygen(unsigned char k[crypto_stream_chacha20_KEYBYTES]) + __attribute__ ((nonnull)); /* ChaCha20 with a 96-bit nonce and a 32-bit counter (IETF) */ #define crypto_stream_chacha20_ietf_KEYBYTES 32U -SODIUM_EXPORT size_t crypto_stream_chacha20_ietf_keybytes(void); #define crypto_stream_chacha20_ietf_NONCEBYTES 12U -SODIUM_EXPORT size_t crypto_stream_chacha20_ietf_noncebytes(void); -SODIUM_EXPORT +#define crypto_stream_chacha20_ietf_MESSAGEBYTES_MAX \ + SODIUM_MIN(SODIUM_SIZE_MAX, 64ULL * (1ULL << 32)) +size_t crypto_stream_chacha20_ietf_messagebytes_max(void); + int crypto_stream_chacha20_ietf(unsigned char *c, unsigned long long clen, - const unsigned char *n, const unsigned char *k); + const unsigned char *n, const unsigned char *k) + __attribute__ ((nonnull)); -SODIUM_EXPORT int crypto_stream_chacha20_ietf_xor(unsigned char *c, const unsigned char *m, unsigned long long mlen, const unsigned char *n, - const unsigned char *k); + const unsigned char *k) + __attribute__ ((nonnull)); -SODIUM_EXPORT int crypto_stream_chacha20_ietf_xor_ic(unsigned char *c, const unsigned char *m, unsigned long long mlen, const unsigned char *n, uint32_t ic, - const unsigned char *k); + const unsigned char *k) + __attribute__ ((nonnull)); -SODIUM_EXPORT -void crypto_stream_chacha20_ietf_keygen(unsigned char k[crypto_stream_chacha20_ietf_KEYBYTES]); +void crypto_stream_chacha20_ietf_keygen(unsigned char k[crypto_stream_chacha20_ietf_KEYBYTES]) + __attribute__ ((nonnull)); /* Aliases */ #define crypto_stream_chacha20_IETF_KEYBYTES crypto_stream_chacha20_ietf_KEYBYTES #define crypto_stream_chacha20_IETF_NONCEBYTES crypto_stream_chacha20_ietf_NONCEBYTES +#define crypto_stream_chacha20_IETF_MESSAGEBYTES_MAX crypto_stream_chacha20_ietf_MESSAGEBYTES_MAX #ifdef __cplusplus } diff --git a/windows/sodium/crypto_stream_salsa20.h b/sodium/sodium_crypto_stream_salsa20.h similarity index 74% rename from windows/sodium/crypto_stream_salsa20.h rename to sodium/sodium_crypto_stream_salsa20.h index 961e5c1c..80aee376 100644 --- a/windows/sodium/crypto_stream_salsa20.h +++ b/sodium/sodium_crypto_stream_salsa20.h @@ -11,7 +11,7 @@ #include #include -#include "export.h" +#include "sodium_export.h" #ifdef __cplusplus # ifdef __GNUC__ @@ -21,30 +21,31 @@ extern "C" { #endif #define crypto_stream_salsa20_KEYBYTES 32U -SODIUM_EXPORT size_t crypto_stream_salsa20_keybytes(void); #define crypto_stream_salsa20_NONCEBYTES 8U -SODIUM_EXPORT size_t crypto_stream_salsa20_noncebytes(void); -SODIUM_EXPORT +#define crypto_stream_salsa20_MESSAGEBYTES_MAX SODIUM_SIZE_MAX +size_t crypto_stream_salsa20_messagebytes_max(void); + int crypto_stream_salsa20(unsigned char *c, unsigned long long clen, - const unsigned char *n, const unsigned char *k); + const unsigned char *n, const unsigned char *k) + __attribute__ ((nonnull)); -SODIUM_EXPORT int crypto_stream_salsa20_xor(unsigned char *c, const unsigned char *m, unsigned long long mlen, const unsigned char *n, - const unsigned char *k); + const unsigned char *k) + __attribute__ ((nonnull)); -SODIUM_EXPORT int crypto_stream_salsa20_xor_ic(unsigned char *c, const unsigned char *m, unsigned long long mlen, const unsigned char *n, uint64_t ic, - const unsigned char *k); + const unsigned char *k) + __attribute__ ((nonnull)); -SODIUM_EXPORT -void crypto_stream_salsa20_keygen(unsigned char k[crypto_stream_salsa20_KEYBYTES]); +void crypto_stream_salsa20_keygen(unsigned char k[crypto_stream_salsa20_KEYBYTES]) + __attribute__ ((nonnull)); #ifdef __cplusplus } diff --git a/windows/sodium/crypto_stream_salsa2012.h b/sodium/sodium_crypto_stream_salsa2012.h similarity index 75% rename from windows/sodium/crypto_stream_salsa2012.h rename to sodium/sodium_crypto_stream_salsa2012.h index d5c44282..b3fecdfd 100644 --- a/windows/sodium/crypto_stream_salsa2012.h +++ b/sodium/sodium_crypto_stream_salsa2012.h @@ -10,7 +10,7 @@ */ #include -#include "export.h" +#include "sodium_export.h" #ifdef __cplusplus # ifdef __GNUC__ @@ -20,24 +20,25 @@ extern "C" { #endif #define crypto_stream_salsa2012_KEYBYTES 32U -SODIUM_EXPORT size_t crypto_stream_salsa2012_keybytes(void); #define crypto_stream_salsa2012_NONCEBYTES 8U -SODIUM_EXPORT size_t crypto_stream_salsa2012_noncebytes(void); -SODIUM_EXPORT +#define crypto_stream_salsa2012_MESSAGEBYTES_MAX SODIUM_SIZE_MAX +size_t crypto_stream_salsa2012_messagebytes_max(void); + int crypto_stream_salsa2012(unsigned char *c, unsigned long long clen, - const unsigned char *n, const unsigned char *k); + const unsigned char *n, const unsigned char *k) + __attribute__ ((nonnull)); -SODIUM_EXPORT int crypto_stream_salsa2012_xor(unsigned char *c, const unsigned char *m, unsigned long long mlen, const unsigned char *n, - const unsigned char *k); + const unsigned char *k) + __attribute__ ((nonnull)); -SODIUM_EXPORT -void crypto_stream_salsa2012_keygen(unsigned char k[crypto_stream_salsa2012_KEYBYTES]); +void crypto_stream_salsa2012_keygen(unsigned char k[crypto_stream_salsa2012_KEYBYTES]) + __attribute__ ((nonnull)); #ifdef __cplusplus } diff --git a/windows/sodium/crypto_stream_salsa208.h b/sodium/sodium_crypto_stream_salsa208.h similarity index 60% rename from windows/sodium/crypto_stream_salsa208.h rename to sodium/sodium_crypto_stream_salsa208.h index 02b4166e..e5d2a7d0 100644 --- a/windows/sodium/crypto_stream_salsa208.h +++ b/sodium/sodium_crypto_stream_salsa208.h @@ -10,7 +10,7 @@ */ #include -#include "export.h" +#include "sodium_export.h" #ifdef __cplusplus # ifdef __GNUC__ @@ -20,24 +20,28 @@ extern "C" { #endif #define crypto_stream_salsa208_KEYBYTES 32U -SODIUM_EXPORT -size_t crypto_stream_salsa208_keybytes(void); +size_t crypto_stream_salsa208_keybytes(void) + __attribute__ ((deprecated)); #define crypto_stream_salsa208_NONCEBYTES 8U -SODIUM_EXPORT -size_t crypto_stream_salsa208_noncebytes(void); +size_t crypto_stream_salsa208_noncebytes(void) + __attribute__ ((deprecated)); + +#define crypto_stream_salsa208_MESSAGEBYTES_MAX SODIUM_SIZE_MAX +size_t crypto_stream_salsa208_messagebytes_max(void) + __attribute__ ((deprecated)); -SODIUM_EXPORT int crypto_stream_salsa208(unsigned char *c, unsigned long long clen, - const unsigned char *n, const unsigned char *k); + const unsigned char *n, const unsigned char *k) + __attribute__ ((deprecated)) __attribute__ ((nonnull)); -SODIUM_EXPORT int crypto_stream_salsa208_xor(unsigned char *c, const unsigned char *m, unsigned long long mlen, const unsigned char *n, - const unsigned char *k); + const unsigned char *k) + __attribute__ ((deprecated)) __attribute__ ((nonnull)); -SODIUM_EXPORT -void crypto_stream_salsa208_keygen(unsigned char k[crypto_stream_salsa208_KEYBYTES]); +void crypto_stream_salsa208_keygen(unsigned char k[crypto_stream_salsa208_KEYBYTES]) + __attribute__ ((deprecated)) __attribute__ ((nonnull)); #ifdef __cplusplus } diff --git a/windows/sodium/crypto_stream_xchacha20.h b/sodium/sodium_crypto_stream_xchacha20.h similarity index 74% rename from windows/sodium/crypto_stream_xchacha20.h rename to sodium/sodium_crypto_stream_xchacha20.h index f884798e..0a5e0aea 100644 --- a/windows/sodium/crypto_stream_xchacha20.h +++ b/sodium/sodium_crypto_stream_xchacha20.h @@ -11,7 +11,7 @@ #include #include -#include "export.h" +#include "sodium_export.h" #ifdef __cplusplus # ifdef __GNUC__ @@ -21,30 +21,31 @@ extern "C" { #endif #define crypto_stream_xchacha20_KEYBYTES 32U -SODIUM_EXPORT size_t crypto_stream_xchacha20_keybytes(void); #define crypto_stream_xchacha20_NONCEBYTES 24U -SODIUM_EXPORT size_t crypto_stream_xchacha20_noncebytes(void); -SODIUM_EXPORT +#define crypto_stream_xchacha20_MESSAGEBYTES_MAX SODIUM_SIZE_MAX +size_t crypto_stream_xchacha20_messagebytes_max(void); + int crypto_stream_xchacha20(unsigned char *c, unsigned long long clen, - const unsigned char *n, const unsigned char *k); + const unsigned char *n, const unsigned char *k) + __attribute__ ((nonnull)); -SODIUM_EXPORT int crypto_stream_xchacha20_xor(unsigned char *c, const unsigned char *m, unsigned long long mlen, const unsigned char *n, - const unsigned char *k); + const unsigned char *k) + __attribute__ ((nonnull)); -SODIUM_EXPORT int crypto_stream_xchacha20_xor_ic(unsigned char *c, const unsigned char *m, unsigned long long mlen, const unsigned char *n, uint64_t ic, - const unsigned char *k); + const unsigned char *k) + __attribute__ ((nonnull)); -SODIUM_EXPORT -void crypto_stream_xchacha20_keygen(unsigned char k[crypto_stream_xchacha20_KEYBYTES]); +void crypto_stream_xchacha20_keygen(unsigned char k[crypto_stream_xchacha20_KEYBYTES]) + __attribute__ ((nonnull)); #ifdef __cplusplus } diff --git a/windows/sodium/crypto_stream_xsalsa20.h b/sodium/sodium_crypto_stream_xsalsa20.h similarity index 74% rename from windows/sodium/crypto_stream_xsalsa20.h rename to sodium/sodium_crypto_stream_xsalsa20.h index ed5ae3c3..3c49449d 100644 --- a/windows/sodium/crypto_stream_xsalsa20.h +++ b/sodium/sodium_crypto_stream_xsalsa20.h @@ -11,7 +11,7 @@ #include #include -#include "export.h" +#include "sodium_export.h" #ifdef __cplusplus # ifdef __GNUC__ @@ -21,30 +21,31 @@ extern "C" { #endif #define crypto_stream_xsalsa20_KEYBYTES 32U -SODIUM_EXPORT size_t crypto_stream_xsalsa20_keybytes(void); #define crypto_stream_xsalsa20_NONCEBYTES 24U -SODIUM_EXPORT size_t crypto_stream_xsalsa20_noncebytes(void); -SODIUM_EXPORT +#define crypto_stream_xsalsa20_MESSAGEBYTES_MAX SODIUM_SIZE_MAX +size_t crypto_stream_xsalsa20_messagebytes_max(void); + int crypto_stream_xsalsa20(unsigned char *c, unsigned long long clen, - const unsigned char *n, const unsigned char *k); + const unsigned char *n, const unsigned char *k) + __attribute__ ((nonnull)); -SODIUM_EXPORT int crypto_stream_xsalsa20_xor(unsigned char *c, const unsigned char *m, unsigned long long mlen, const unsigned char *n, - const unsigned char *k); + const unsigned char *k) + __attribute__ ((nonnull)); -SODIUM_EXPORT int crypto_stream_xsalsa20_xor_ic(unsigned char *c, const unsigned char *m, unsigned long long mlen, const unsigned char *n, uint64_t ic, - const unsigned char *k); + const unsigned char *k) + __attribute__ ((nonnull)); -SODIUM_EXPORT -void crypto_stream_xsalsa20_keygen(unsigned char k[crypto_stream_xsalsa20_KEYBYTES]); +void crypto_stream_xsalsa20_keygen(unsigned char k[crypto_stream_xsalsa20_KEYBYTES]) + __attribute__ ((nonnull)); #ifdef __cplusplus } diff --git a/windows/sodium/crypto_verify_16.h b/sodium/sodium_crypto_verify_16.h similarity index 73% rename from windows/sodium/crypto_verify_16.h rename to sodium/sodium_crypto_verify_16.h index 5e9eeabe..94e04c4c 100644 --- a/windows/sodium/crypto_verify_16.h +++ b/sodium/sodium_crypto_verify_16.h @@ -2,19 +2,18 @@ #define crypto_verify_16_H #include -#include "export.h" + +#include "sodium_export.h" #ifdef __cplusplus extern "C" { #endif #define crypto_verify_16_BYTES 16U -SODIUM_EXPORT size_t crypto_verify_16_bytes(void); -SODIUM_EXPORT int crypto_verify_16(const unsigned char *x, const unsigned char *y) - __attribute__ ((warn_unused_result)); + __attribute__ ((warn_unused_result)) __attribute__ ((nonnull)); #ifdef __cplusplus } diff --git a/windows/sodium/crypto_verify_32.h b/sodium/sodium_crypto_verify_32.h similarity index 74% rename from windows/sodium/crypto_verify_32.h rename to sodium/sodium_crypto_verify_32.h index 281b5a1b..8f9b00b3 100644 --- a/windows/sodium/crypto_verify_32.h +++ b/sodium/sodium_crypto_verify_32.h @@ -2,19 +2,17 @@ #define crypto_verify_32_H #include -#include "export.h" +#include "sodium_export.h" #ifdef __cplusplus extern "C" { #endif #define crypto_verify_32_BYTES 32U -SODIUM_EXPORT size_t crypto_verify_32_bytes(void); -SODIUM_EXPORT int crypto_verify_32(const unsigned char *x, const unsigned char *y) - __attribute__ ((warn_unused_result)); + __attribute__ ((warn_unused_result)) __attribute__ ((nonnull)); #ifdef __cplusplus } diff --git a/windows/sodium/crypto_verify_64.h b/sodium/sodium_crypto_verify_64.h similarity index 74% rename from windows/sodium/crypto_verify_64.h rename to sodium/sodium_crypto_verify_64.h index 0dc7c304..e0b7bc94 100644 --- a/windows/sodium/crypto_verify_64.h +++ b/sodium/sodium_crypto_verify_64.h @@ -2,19 +2,17 @@ #define crypto_verify_64_H #include -#include "export.h" +#include "sodium_export.h" #ifdef __cplusplus extern "C" { #endif #define crypto_verify_64_BYTES 64U -SODIUM_EXPORT size_t crypto_verify_64_bytes(void); -SODIUM_EXPORT int crypto_verify_64(const unsigned char *x, const unsigned char *y) - __attribute__ ((warn_unused_result)); + __attribute__ ((warn_unused_result)) __attribute__ ((nonnull)); #ifdef __cplusplus } diff --git a/sodium/sodium_dolbeau_chacha20-avx2.c b/sodium/sodium_dolbeau_chacha20-avx2.c new file mode 100644 index 00000000..9eef398e --- /dev/null +++ b/sodium/sodium_dolbeau_chacha20-avx2.c @@ -0,0 +1,179 @@ + +#include +#include +#include + +#include "sodium_core.h" +#include "sodium_crypto_stream_chacha20.h" +#include "sodium_private_common.h" +#include "sodium_private_sse2_64_32.h" +#include "sodium_utils.h" + +#if defined(HAVE_AVX2INTRIN_H) && defined(HAVE_EMMINTRIN_H) && \ + defined(HAVE_TMMINTRIN_H) && defined(HAVE_SMMINTRIN_H) + +# ifdef __GNUC__ +# pragma GCC target("sse2") +# pragma GCC target("ssse3") +# pragma GCC target("sse4.1") +# pragma GCC target("avx2") +# endif + +# include +# include +# include +# include + +# include "sodium_stream_chacha20.h" +# include "sodium_dolbeau_chacha20-avx2.h" + +# define ROUNDS 20 + +typedef struct chacha_ctx { + uint32_t input[16]; +} chacha_ctx; + +static void +chacha_keysetup(chacha_ctx *ctx, const uint8_t *k) +{ + ctx->input[0] = 0x61707865; + ctx->input[1] = 0x3320646e; + ctx->input[2] = 0x79622d32; + ctx->input[3] = 0x6b206574; + ctx->input[4] = LOAD32_LE(k + 0); + ctx->input[5] = LOAD32_LE(k + 4); + ctx->input[6] = LOAD32_LE(k + 8); + ctx->input[7] = LOAD32_LE(k + 12); + ctx->input[8] = LOAD32_LE(k + 16); + ctx->input[9] = LOAD32_LE(k + 20); + ctx->input[10] = LOAD32_LE(k + 24); + ctx->input[11] = LOAD32_LE(k + 28); +} + +static void +chacha_ivsetup(chacha_ctx *ctx, const uint8_t *iv, const uint8_t *counter) +{ + ctx->input[12] = counter == NULL ? 0 : LOAD32_LE(counter + 0); + ctx->input[13] = counter == NULL ? 0 : LOAD32_LE(counter + 4); + ctx->input[14] = LOAD32_LE(iv + 0); + ctx->input[15] = LOAD32_LE(iv + 4); +} + +static void +chacha_ietf_ivsetup(chacha_ctx *ctx, const uint8_t *iv, const uint8_t *counter) +{ + ctx->input[12] = counter == NULL ? 0 : LOAD32_LE(counter); + ctx->input[13] = LOAD32_LE(iv + 0); + ctx->input[14] = LOAD32_LE(iv + 4); + ctx->input[15] = LOAD32_LE(iv + 8); +} + +static void +chacha20_encrypt_bytes(chacha_ctx *ctx, const uint8_t *m, uint8_t *c, + unsigned long long bytes) +{ + uint32_t * const x = &ctx->input[0]; + + if (!bytes) { + return; /* LCOV_EXCL_LINE */ + } +# include "sodium_dolbeau_u8.h" +# include "sodium_dolbeau_u4.h" +# include "sodium_dolbeau_u1.h" +# include "sodium_dolbeau_u0.h" +} + +static int +stream_ref(unsigned char *c, unsigned long long clen, const unsigned char *n, + const unsigned char *k) +{ + struct chacha_ctx ctx; + + if (!clen) { + return 0; + } + COMPILER_ASSERT(crypto_stream_chacha20_KEYBYTES == 256 / 8); + chacha_keysetup(&ctx, k); + chacha_ivsetup(&ctx, n, NULL); + memset(c, 0, clen); + chacha20_encrypt_bytes(&ctx, c, c, clen); + sodium_memzero(&ctx, sizeof ctx); + + return 0; +} + +static int +stream_ietf_ext_ref(unsigned char *c, unsigned long long clen, + const unsigned char *n, const unsigned char *k) +{ + struct chacha_ctx ctx; + + if (!clen) { + return 0; + } + COMPILER_ASSERT(crypto_stream_chacha20_KEYBYTES == 256 / 8); + chacha_keysetup(&ctx, k); + chacha_ietf_ivsetup(&ctx, n, NULL); + memset(c, 0, clen); + chacha20_encrypt_bytes(&ctx, c, c, clen); + sodium_memzero(&ctx, sizeof ctx); + + return 0; +} + +static int +stream_ref_xor_ic(unsigned char *c, const unsigned char *m, + unsigned long long mlen, const unsigned char *n, uint64_t ic, + const unsigned char *k) +{ + struct chacha_ctx ctx; + uint8_t ic_bytes[8]; + uint32_t ic_high; + uint32_t ic_low; + + if (!mlen) { + return 0; + } + ic_high = (uint32_t) (ic >> 32); + ic_low = (uint32_t) ic; + STORE32_LE(&ic_bytes[0], ic_low); + STORE32_LE(&ic_bytes[4], ic_high); + chacha_keysetup(&ctx, k); + chacha_ivsetup(&ctx, n, ic_bytes); + chacha20_encrypt_bytes(&ctx, m, c, mlen); + sodium_memzero(&ctx, sizeof ctx); + + return 0; +} + +static int +stream_ietf_ext_ref_xor_ic(unsigned char *c, const unsigned char *m, + unsigned long long mlen, const unsigned char *n, + uint32_t ic, const unsigned char *k) +{ + struct chacha_ctx ctx; + uint8_t ic_bytes[4]; + + if (!mlen) { + return 0; + } + STORE32_LE(ic_bytes, ic); + chacha_keysetup(&ctx, k); + chacha_ietf_ivsetup(&ctx, n, ic_bytes); + chacha20_encrypt_bytes(&ctx, m, c, mlen); + sodium_memzero(&ctx, sizeof ctx); + + return 0; +} + +struct crypto_stream_chacha20_implementation + crypto_stream_chacha20_dolbeau_avx2_implementation = { + SODIUM_C99(.stream =) stream_ref, + SODIUM_C99(.stream_ietf_ext =) stream_ietf_ext_ref, + SODIUM_C99(.stream_xor_ic =) stream_ref_xor_ic, + SODIUM_C99(.stream_ietf_ext_xor_ic =) stream_ietf_ext_ref_xor_ic + }; + +#endif + +int chacha20_dolbeau_link_warning_dummy = 0; diff --git a/sodium/sodium_dolbeau_chacha20-avx2.h b/sodium/sodium_dolbeau_chacha20-avx2.h new file mode 100644 index 00000000..2c47ab44 --- /dev/null +++ b/sodium/sodium_dolbeau_chacha20-avx2.h @@ -0,0 +1,8 @@ + +#include + +#include "sodium_stream_chacha20.h" +#include "sodium_crypto_stream_chacha20.h" + +extern struct crypto_stream_chacha20_implementation + crypto_stream_chacha20_dolbeau_avx2_implementation; diff --git a/sodium/sodium_dolbeau_chacha20-ssse3.c b/sodium/sodium_dolbeau_chacha20-ssse3.c new file mode 100644 index 00000000..ad9c3256 --- /dev/null +++ b/sodium/sodium_dolbeau_chacha20-ssse3.c @@ -0,0 +1,173 @@ + +#include +#include +#include + +#include "sodium_core.h" +#include "sodium_crypto_stream_chacha20.h" +#include "sodium_private_common.h" +#include "sodium_private_sse2_64_32.h" +#include "sodium_utils.h" + +#if defined(HAVE_EMMINTRIN_H) && defined(HAVE_TMMINTRIN_H) + +# ifdef __GNUC__ +# pragma GCC target("sse2") +# pragma GCC target("ssse3") +# endif + +# include +# include + +# include "sodium_stream_chacha20.h" +# include "sodium_dolbeau_chacha20-ssse3.h" + +# define ROUNDS 20 + +typedef struct chacha_ctx { + uint32_t input[16]; +} chacha_ctx; + +static void +chacha_keysetup(chacha_ctx *ctx, const uint8_t *k) +{ + ctx->input[0] = 0x61707865; + ctx->input[1] = 0x3320646e; + ctx->input[2] = 0x79622d32; + ctx->input[3] = 0x6b206574; + ctx->input[4] = LOAD32_LE(k + 0); + ctx->input[5] = LOAD32_LE(k + 4); + ctx->input[6] = LOAD32_LE(k + 8); + ctx->input[7] = LOAD32_LE(k + 12); + ctx->input[8] = LOAD32_LE(k + 16); + ctx->input[9] = LOAD32_LE(k + 20); + ctx->input[10] = LOAD32_LE(k + 24); + ctx->input[11] = LOAD32_LE(k + 28); +} + +static void +chacha_ivsetup(chacha_ctx *ctx, const uint8_t *iv, const uint8_t *counter) +{ + ctx->input[12] = counter == NULL ? 0 : LOAD32_LE(counter + 0); + ctx->input[13] = counter == NULL ? 0 : LOAD32_LE(counter + 4); + ctx->input[14] = LOAD32_LE(iv + 0); + ctx->input[15] = LOAD32_LE(iv + 4); +} + +static void +chacha_ietf_ivsetup(chacha_ctx *ctx, const uint8_t *iv, const uint8_t *counter) +{ + ctx->input[12] = counter == NULL ? 0 : LOAD32_LE(counter); + ctx->input[13] = LOAD32_LE(iv + 0); + ctx->input[14] = LOAD32_LE(iv + 4); + ctx->input[15] = LOAD32_LE(iv + 8); +} + +static void +chacha20_encrypt_bytes(chacha_ctx *ctx, const uint8_t *m, uint8_t *c, + unsigned long long bytes) +{ + uint32_t * const x = &ctx->input[0]; + + if (!bytes) { + return; /* LCOV_EXCL_LINE */ + } +# include "sodium_dolbeau_u4.h" +# include "sodium_dolbeau_u1.h" +# include "sodium_dolbeau_u0.h" +} + +static int +stream_ref(unsigned char *c, unsigned long long clen, const unsigned char *n, + const unsigned char *k) +{ + struct chacha_ctx ctx; + + if (!clen) { + return 0; + } + COMPILER_ASSERT(crypto_stream_chacha20_KEYBYTES == 256 / 8); + chacha_keysetup(&ctx, k); + chacha_ivsetup(&ctx, n, NULL); + memset(c, 0, clen); + chacha20_encrypt_bytes(&ctx, c, c, clen); + sodium_memzero(&ctx, sizeof ctx); + + return 0; +} + +static int +stream_ietf_ext_ref(unsigned char *c, unsigned long long clen, + const unsigned char *n, const unsigned char *k) +{ + struct chacha_ctx ctx; + + if (!clen) { + return 0; + } + COMPILER_ASSERT(crypto_stream_chacha20_KEYBYTES == 256 / 8); + chacha_keysetup(&ctx, k); + chacha_ietf_ivsetup(&ctx, n, NULL); + memset(c, 0, clen); + chacha20_encrypt_bytes(&ctx, c, c, clen); + sodium_memzero(&ctx, sizeof ctx); + + return 0; +} + +static int +stream_ref_xor_ic(unsigned char *c, const unsigned char *m, + unsigned long long mlen, const unsigned char *n, uint64_t ic, + const unsigned char *k) +{ + struct chacha_ctx ctx; + uint8_t ic_bytes[8]; + uint32_t ic_high; + uint32_t ic_low; + + if (!mlen) { + return 0; + } + ic_high = (uint32_t) (ic >> 32); + ic_low = (uint32_t) ic; + STORE32_LE(&ic_bytes[0], ic_low); + STORE32_LE(&ic_bytes[4], ic_high); + chacha_keysetup(&ctx, k); + chacha_ivsetup(&ctx, n, ic_bytes); + chacha20_encrypt_bytes(&ctx, m, c, mlen); + sodium_memzero(&ctx, sizeof ctx); + + return 0; +} + +static int +stream_ietf_ext_ref_xor_ic(unsigned char *c, const unsigned char *m, + unsigned long long mlen, const unsigned char *n, + uint32_t ic, const unsigned char *k) +{ + struct chacha_ctx ctx; + uint8_t ic_bytes[4]; + + if (!mlen) { + return 0; + } + STORE32_LE(ic_bytes, ic); + chacha_keysetup(&ctx, k); + chacha_ietf_ivsetup(&ctx, n, ic_bytes); + chacha20_encrypt_bytes(&ctx, m, c, mlen); + sodium_memzero(&ctx, sizeof ctx); + + return 0; +} + +struct crypto_stream_chacha20_implementation + crypto_stream_chacha20_dolbeau_ssse3_implementation = { + SODIUM_C99(.stream =) stream_ref, + SODIUM_C99(.stream_ietf_ext =) stream_ietf_ext_ref, + SODIUM_C99(.stream_xor_ic =) stream_ref_xor_ic, + SODIUM_C99(.stream_ietf_ext_xor_ic =) stream_ietf_ext_ref_xor_ic + }; + +#endif + +int chacha20_dolbeau_ssse3_link_warning_dummy = 0; diff --git a/sodium/sodium_dolbeau_chacha20-ssse3.h b/sodium/sodium_dolbeau_chacha20-ssse3.h new file mode 100644 index 00000000..0f33446c --- /dev/null +++ b/sodium/sodium_dolbeau_chacha20-ssse3.h @@ -0,0 +1,8 @@ + +#include + +#include "sodium_stream_chacha20.h" +#include "sodium_crypto_stream_chacha20.h" + +extern struct crypto_stream_chacha20_implementation + crypto_stream_chacha20_dolbeau_ssse3_implementation; diff --git a/sodium/sodium_dolbeau_u0.h b/sodium/sodium_dolbeau_u0.h new file mode 100644 index 00000000..c05dfd72 --- /dev/null +++ b/sodium/sodium_dolbeau_u0.h @@ -0,0 +1,86 @@ +if (bytes > 0) { + __m128i x_0, x_1, x_2, x_3; + __m128i t_1; + const __m128i rot16 = + _mm_set_epi8(13, 12, 15, 14, 9, 8, 11, 10, 5, 4, 7, 6, 1, 0, 3, 2); + const __m128i rot8 = + _mm_set_epi8(14, 13, 12, 15, 10, 9, 8, 11, 6, 5, 4, 7, 2, 1, 0, 3); + uint8_t partialblock[64]; + + unsigned int i; + + x_0 = _mm_loadu_si128((const __m128i*) (x + 0)); + x_1 = _mm_loadu_si128((const __m128i*) (x + 4)); + x_2 = _mm_loadu_si128((const __m128i*) (x + 8)); + x_3 = _mm_loadu_si128((const __m128i*) (x + 12)); + + for (i = 0; i < ROUNDS; i += 2) { + x_0 = _mm_add_epi32(x_0, x_1); + x_3 = _mm_xor_si128(x_3, x_0); + x_3 = _mm_shuffle_epi8(x_3, rot16); + + x_2 = _mm_add_epi32(x_2, x_3); + x_1 = _mm_xor_si128(x_1, x_2); + + t_1 = x_1; + x_1 = _mm_slli_epi32(x_1, 12); + t_1 = _mm_srli_epi32(t_1, 20); + x_1 = _mm_xor_si128(x_1, t_1); + + x_0 = _mm_add_epi32(x_0, x_1); + x_3 = _mm_xor_si128(x_3, x_0); + x_0 = _mm_shuffle_epi32(x_0, 0x93); + x_3 = _mm_shuffle_epi8(x_3, rot8); + + x_2 = _mm_add_epi32(x_2, x_3); + x_3 = _mm_shuffle_epi32(x_3, 0x4e); + x_1 = _mm_xor_si128(x_1, x_2); + x_2 = _mm_shuffle_epi32(x_2, 0x39); + + t_1 = x_1; + x_1 = _mm_slli_epi32(x_1, 7); + t_1 = _mm_srli_epi32(t_1, 25); + x_1 = _mm_xor_si128(x_1, t_1); + + x_0 = _mm_add_epi32(x_0, x_1); + x_3 = _mm_xor_si128(x_3, x_0); + x_3 = _mm_shuffle_epi8(x_3, rot16); + + x_2 = _mm_add_epi32(x_2, x_3); + x_1 = _mm_xor_si128(x_1, x_2); + + t_1 = x_1; + x_1 = _mm_slli_epi32(x_1, 12); + t_1 = _mm_srli_epi32(t_1, 20); + x_1 = _mm_xor_si128(x_1, t_1); + + x_0 = _mm_add_epi32(x_0, x_1); + x_3 = _mm_xor_si128(x_3, x_0); + x_0 = _mm_shuffle_epi32(x_0, 0x39); + x_3 = _mm_shuffle_epi8(x_3, rot8); + + x_2 = _mm_add_epi32(x_2, x_3); + x_3 = _mm_shuffle_epi32(x_3, 0x4e); + x_1 = _mm_xor_si128(x_1, x_2); + x_2 = _mm_shuffle_epi32(x_2, 0x93); + + t_1 = x_1; + x_1 = _mm_slli_epi32(x_1, 7); + t_1 = _mm_srli_epi32(t_1, 25); + x_1 = _mm_xor_si128(x_1, t_1); + } + x_0 = _mm_add_epi32(x_0, _mm_loadu_si128((const __m128i*) (x + 0))); + x_1 = _mm_add_epi32(x_1, _mm_loadu_si128((const __m128i*) (x + 4))); + x_2 = _mm_add_epi32(x_2, _mm_loadu_si128((const __m128i*) (x + 8))); + x_3 = _mm_add_epi32(x_3, _mm_loadu_si128((const __m128i*) (x + 12))); + _mm_storeu_si128((__m128i*) (partialblock + 0), x_0); + _mm_storeu_si128((__m128i*) (partialblock + 16), x_1); + _mm_storeu_si128((__m128i*) (partialblock + 32), x_2); + _mm_storeu_si128((__m128i*) (partialblock + 48), x_3); + + for (i = 0; i < bytes; i++) { + c[i] = m[i] ^ partialblock[i]; + } + + sodium_memzero(partialblock, sizeof partialblock); +} diff --git a/sodium/sodium_dolbeau_u1.h b/sodium/sodium_dolbeau_u1.h new file mode 100644 index 00000000..f93fffea --- /dev/null +++ b/sodium/sodium_dolbeau_u1.h @@ -0,0 +1,98 @@ +while (bytes >= 64) { + __m128i x_0, x_1, x_2, x_3; + __m128i t_1; + const __m128i rot16 = + _mm_set_epi8(13, 12, 15, 14, 9, 8, 11, 10, 5, 4, 7, 6, 1, 0, 3, 2); + const __m128i rot8 = + _mm_set_epi8(14, 13, 12, 15, 10, 9, 8, 11, 6, 5, 4, 7, 2, 1, 0, 3); + + uint32_t in12; + uint32_t in13; + int i; + + x_0 = _mm_loadu_si128((const __m128i*) (x + 0)); + x_1 = _mm_loadu_si128((const __m128i*) (x + 4)); + x_2 = _mm_loadu_si128((const __m128i*) (x + 8)); + x_3 = _mm_loadu_si128((const __m128i*) (x + 12)); + + for (i = 0; i < ROUNDS; i += 2) { + x_0 = _mm_add_epi32(x_0, x_1); + x_3 = _mm_xor_si128(x_3, x_0); + x_3 = _mm_shuffle_epi8(x_3, rot16); + + x_2 = _mm_add_epi32(x_2, x_3); + x_1 = _mm_xor_si128(x_1, x_2); + + t_1 = x_1; + x_1 = _mm_slli_epi32(x_1, 12); + t_1 = _mm_srli_epi32(t_1, 20); + x_1 = _mm_xor_si128(x_1, t_1); + + x_0 = _mm_add_epi32(x_0, x_1); + x_3 = _mm_xor_si128(x_3, x_0); + x_0 = _mm_shuffle_epi32(x_0, 0x93); + x_3 = _mm_shuffle_epi8(x_3, rot8); + + x_2 = _mm_add_epi32(x_2, x_3); + x_3 = _mm_shuffle_epi32(x_3, 0x4e); + x_1 = _mm_xor_si128(x_1, x_2); + x_2 = _mm_shuffle_epi32(x_2, 0x39); + + t_1 = x_1; + x_1 = _mm_slli_epi32(x_1, 7); + t_1 = _mm_srli_epi32(t_1, 25); + x_1 = _mm_xor_si128(x_1, t_1); + + x_0 = _mm_add_epi32(x_0, x_1); + x_3 = _mm_xor_si128(x_3, x_0); + x_3 = _mm_shuffle_epi8(x_3, rot16); + + x_2 = _mm_add_epi32(x_2, x_3); + x_1 = _mm_xor_si128(x_1, x_2); + + t_1 = x_1; + x_1 = _mm_slli_epi32(x_1, 12); + t_1 = _mm_srli_epi32(t_1, 20); + x_1 = _mm_xor_si128(x_1, t_1); + + x_0 = _mm_add_epi32(x_0, x_1); + x_3 = _mm_xor_si128(x_3, x_0); + x_0 = _mm_shuffle_epi32(x_0, 0x39); + x_3 = _mm_shuffle_epi8(x_3, rot8); + + x_2 = _mm_add_epi32(x_2, x_3); + x_3 = _mm_shuffle_epi32(x_3, 0x4e); + x_1 = _mm_xor_si128(x_1, x_2); + x_2 = _mm_shuffle_epi32(x_2, 0x93); + + t_1 = x_1; + x_1 = _mm_slli_epi32(x_1, 7); + t_1 = _mm_srli_epi32(t_1, 25); + x_1 = _mm_xor_si128(x_1, t_1); + } + x_0 = _mm_add_epi32(x_0, _mm_loadu_si128((const __m128i*) (x + 0))); + x_1 = _mm_add_epi32(x_1, _mm_loadu_si128((const __m128i*) (x + 4))); + x_2 = _mm_add_epi32(x_2, _mm_loadu_si128((const __m128i*) (x + 8))); + x_3 = _mm_add_epi32(x_3, _mm_loadu_si128((const __m128i*) (x + 12))); + x_0 = _mm_xor_si128(x_0, _mm_loadu_si128((const __m128i*) (m + 0))); + x_1 = _mm_xor_si128(x_1, _mm_loadu_si128((const __m128i*) (m + 16))); + x_2 = _mm_xor_si128(x_2, _mm_loadu_si128((const __m128i*) (m + 32))); + x_3 = _mm_xor_si128(x_3, _mm_loadu_si128((const __m128i*) (m + 48))); + _mm_storeu_si128((__m128i*) (c + 0), x_0); + _mm_storeu_si128((__m128i*) (c + 16), x_1); + _mm_storeu_si128((__m128i*) (c + 32), x_2); + _mm_storeu_si128((__m128i*) (c + 48), x_3); + + in12 = x[12]; + in13 = x[13]; + in12++; + if (in12 == 0) { + in13++; + } + x[12] = in12; + x[13] = in13; + + bytes -= 64; + c += 64; + m += 64; +} diff --git a/sodium/sodium_dolbeau_u4.h b/sodium/sodium_dolbeau_u4.h new file mode 100644 index 00000000..4ab295d7 --- /dev/null +++ b/sodium/sodium_dolbeau_u4.h @@ -0,0 +1,177 @@ + +#define VEC4_ROT(A, IMM) \ + _mm_or_si128(_mm_slli_epi32(A, IMM), _mm_srli_epi32(A, (32 - IMM))) + +/* same, but replace 2 of the shift/shift/or "rotation" by byte shuffles (8 & + * 16) (better) */ +#define VEC4_QUARTERROUND_SHUFFLE(A, B, C, D) \ + x_##A = _mm_add_epi32(x_##A, x_##B); \ + t_##A = _mm_xor_si128(x_##D, x_##A); \ + x_##D = _mm_shuffle_epi8(t_##A, rot16); \ + x_##C = _mm_add_epi32(x_##C, x_##D); \ + t_##C = _mm_xor_si128(x_##B, x_##C); \ + x_##B = VEC4_ROT(t_##C, 12); \ + x_##A = _mm_add_epi32(x_##A, x_##B); \ + t_##A = _mm_xor_si128(x_##D, x_##A); \ + x_##D = _mm_shuffle_epi8(t_##A, rot8); \ + x_##C = _mm_add_epi32(x_##C, x_##D); \ + t_##C = _mm_xor_si128(x_##B, x_##C); \ + x_##B = VEC4_ROT(t_##C, 7) + +#define VEC4_QUARTERROUND(A, B, C, D) VEC4_QUARTERROUND_SHUFFLE(A, B, C, D) + +if (bytes >= 256) { + /* constant for shuffling bytes (replacing multiple-of-8 rotates) */ + __m128i rot16 = + _mm_set_epi8(13, 12, 15, 14, 9, 8, 11, 10, 5, 4, 7, 6, 1, 0, 3, 2); + __m128i rot8 = + _mm_set_epi8(14, 13, 12, 15, 10, 9, 8, 11, 6, 5, 4, 7, 2, 1, 0, 3); + + __m128i x_0 = _mm_set1_epi32(x[0]); + __m128i x_1 = _mm_set1_epi32(x[1]); + __m128i x_2 = _mm_set1_epi32(x[2]); + __m128i x_3 = _mm_set1_epi32(x[3]); + __m128i x_4 = _mm_set1_epi32(x[4]); + __m128i x_5 = _mm_set1_epi32(x[5]); + __m128i x_6 = _mm_set1_epi32(x[6]); + __m128i x_7 = _mm_set1_epi32(x[7]); + __m128i x_8 = _mm_set1_epi32(x[8]); + __m128i x_9 = _mm_set1_epi32(x[9]); + __m128i x_10 = _mm_set1_epi32(x[10]); + __m128i x_11 = _mm_set1_epi32(x[11]); + __m128i x_12; + __m128i x_13; + __m128i x_14 = _mm_set1_epi32(x[14]); + __m128i x_15 = _mm_set1_epi32(x[15]); + __m128i orig0 = x_0; + __m128i orig1 = x_1; + __m128i orig2 = x_2; + __m128i orig3 = x_3; + __m128i orig4 = x_4; + __m128i orig5 = x_5; + __m128i orig6 = x_6; + __m128i orig7 = x_7; + __m128i orig8 = x_8; + __m128i orig9 = x_9; + __m128i orig10 = x_10; + __m128i orig11 = x_11; + __m128i orig12; + __m128i orig13; + __m128i orig14 = x_14; + __m128i orig15 = x_15; + __m128i t_0, t_1, t_2, t_3, t_4, t_5, t_6, t_7, t_8, t_9, t_10, t_11, t_12, + t_13, t_14, t_15; + + uint32_t in12, in13; + int i; + + while (bytes >= 256) { + const __m128i addv12 = _mm_set_epi64x(1, 0); + const __m128i addv13 = _mm_set_epi64x(3, 2); + __m128i t12, t13; + uint64_t in1213; + + x_0 = orig0; + x_1 = orig1; + x_2 = orig2; + x_3 = orig3; + x_4 = orig4; + x_5 = orig5; + x_6 = orig6; + x_7 = orig7; + x_8 = orig8; + x_9 = orig9; + x_10 = orig10; + x_11 = orig11; + x_14 = orig14; + x_15 = orig15; + + in12 = x[12]; + in13 = x[13]; + in1213 = ((uint64_t) in12) | (((uint64_t) in13) << 32); + t12 = _mm_set1_epi64x(in1213); + t13 = _mm_set1_epi64x(in1213); + + x_12 = _mm_add_epi64(addv12, t12); + x_13 = _mm_add_epi64(addv13, t13); + + t12 = _mm_unpacklo_epi32(x_12, x_13); + t13 = _mm_unpackhi_epi32(x_12, x_13); + + x_12 = _mm_unpacklo_epi32(t12, t13); + x_13 = _mm_unpackhi_epi32(t12, t13); + + orig12 = x_12; + orig13 = x_13; + + in1213 += 4; + + x[12] = in1213 & 0xFFFFFFFF; + x[13] = (in1213 >> 32) & 0xFFFFFFFF; + + for (i = 0; i < ROUNDS; i += 2) { + VEC4_QUARTERROUND(0, 4, 8, 12); + VEC4_QUARTERROUND(1, 5, 9, 13); + VEC4_QUARTERROUND(2, 6, 10, 14); + VEC4_QUARTERROUND(3, 7, 11, 15); + VEC4_QUARTERROUND(0, 5, 10, 15); + VEC4_QUARTERROUND(1, 6, 11, 12); + VEC4_QUARTERROUND(2, 7, 8, 13); + VEC4_QUARTERROUND(3, 4, 9, 14); + } + +#define ONEQUAD_TRANSPOSE(A, B, C, D) \ + { \ + __m128i t0, t1, t2, t3; \ + \ + x_##A = _mm_add_epi32(x_##A, orig##A); \ + x_##B = _mm_add_epi32(x_##B, orig##B); \ + x_##C = _mm_add_epi32(x_##C, orig##C); \ + x_##D = _mm_add_epi32(x_##D, orig##D); \ + t_##A = _mm_unpacklo_epi32(x_##A, x_##B); \ + t_##B = _mm_unpacklo_epi32(x_##C, x_##D); \ + t_##C = _mm_unpackhi_epi32(x_##A, x_##B); \ + t_##D = _mm_unpackhi_epi32(x_##C, x_##D); \ + x_##A = _mm_unpacklo_epi64(t_##A, t_##B); \ + x_##B = _mm_unpackhi_epi64(t_##A, t_##B); \ + x_##C = _mm_unpacklo_epi64(t_##C, t_##D); \ + x_##D = _mm_unpackhi_epi64(t_##C, t_##D); \ + \ + t0 = _mm_xor_si128(x_##A, _mm_loadu_si128((const __m128i*) (m + 0))); \ + _mm_storeu_si128((__m128i*) (c + 0), t0); \ + t1 = _mm_xor_si128(x_##B, _mm_loadu_si128((const __m128i*) (m + 64))); \ + _mm_storeu_si128((__m128i*) (c + 64), t1); \ + t2 = \ + _mm_xor_si128(x_##C, _mm_loadu_si128((const __m128i*) (m + 128))); \ + _mm_storeu_si128((__m128i*) (c + 128), t2); \ + t3 = \ + _mm_xor_si128(x_##D, _mm_loadu_si128((const __m128i*) (m + 192))); \ + _mm_storeu_si128((__m128i*) (c + 192), t3); \ + } + +#define ONEQUAD(A, B, C, D) ONEQUAD_TRANSPOSE(A, B, C, D) + + ONEQUAD(0, 1, 2, 3); + m += 16; + c += 16; + ONEQUAD(4, 5, 6, 7); + m += 16; + c += 16; + ONEQUAD(8, 9, 10, 11); + m += 16; + c += 16; + ONEQUAD(12, 13, 14, 15); + m -= 48; + c -= 48; + +#undef ONEQUAD +#undef ONEQUAD_TRANSPOSE + + bytes -= 256; + c += 256; + m += 256; + } +} +#undef VEC4_ROT +#undef VEC4_QUARTERROUND +#undef VEC4_QUARTERROUND_SHUFFLE diff --git a/sodium/sodium_dolbeau_u8.h b/sodium/sodium_dolbeau_u8.h new file mode 100644 index 00000000..2f6c5f1e --- /dev/null +++ b/sodium/sodium_dolbeau_u8.h @@ -0,0 +1,357 @@ + +#define VEC8_ROT(A, IMM) \ + _mm256_or_si256(_mm256_slli_epi32(A, IMM), _mm256_srli_epi32(A, (32 - IMM))) + +/* implements a vector quarter round by-the-book (naive!) */ +#define VEC8_QUARTERROUND_NAIVE(A, B, C, D) \ + x_##A = _mm256_add_epi32(x_##A, x_##B); \ + t_##A = _mm256_xor_si256(x_##D, x_##A); \ + x_##D = VEC8_ROT(t_##A, 16); \ + x_##C = _mm256_add_epi32(x_##C, x_##D); \ + t_##C = _mm256_xor_si256(x_##B, x_##C); \ + x_##B = VEC8_ROT(t_##C, 12); \ + x_##A = _mm256_add_epi32(x_##A, x_##B); \ + t_##A = _mm256_xor_si256(x_##D, x_##A); \ + x_##D = VEC8_ROT(t_##A, 8); \ + x_##C = _mm256_add_epi32(x_##C, x_##D); \ + t_##C = _mm256_xor_si256(x_##B, x_##C); \ + x_##B = VEC8_ROT(t_##C, 7) + +/* same, but replace 2 of the shift/shift/or "rotation" by byte shuffles (8 & + * 16) (better) */ +#define VEC8_QUARTERROUND_SHUFFLE(A, B, C, D) \ + x_##A = _mm256_add_epi32(x_##A, x_##B); \ + t_##A = _mm256_xor_si256(x_##D, x_##A); \ + x_##D = _mm256_shuffle_epi8(t_##A, rot16); \ + x_##C = _mm256_add_epi32(x_##C, x_##D); \ + t_##C = _mm256_xor_si256(x_##B, x_##C); \ + x_##B = VEC8_ROT(t_##C, 12); \ + x_##A = _mm256_add_epi32(x_##A, x_##B); \ + t_##A = _mm256_xor_si256(x_##D, x_##A); \ + x_##D = _mm256_shuffle_epi8(t_##A, rot8); \ + x_##C = _mm256_add_epi32(x_##C, x_##D); \ + t_##C = _mm256_xor_si256(x_##B, x_##C); \ + x_##B = VEC8_ROT(t_##C, 7) + +/* same, but replace 2 of the shift/shift/or "rotation" by byte & word shuffles + * (8 & 16) (not as good as previous) */ +#define VEC8_QUARTERROUND_SHUFFLE2(A, B, C, D) \ + x_##A = _mm256_add_epi32(x_##A, x_##B); \ + t_##A = _mm256_xor_si256(x_##D, x_##A); \ + x_##D = _mm256_shufflehi_epi16(_mm256_shufflelo_epi16(t_##A, 0xb1), 0xb1); \ + x_##C = _mm256_add_epi32(x_##C, x_##D); \ + t_##C = _mm256_xor_si256(x_##B, x_##C); \ + x_##B = VEC8_ROT(t_##C, 12); \ + x_##A = _mm256_add_epi32(x_##A, x_##B); \ + t_##A = _mm256_xor_si256(x_##D, x_##A); \ + x_##D = _mm256_shuffle_epi8(t_##A, rot8); \ + x_##C = _mm256_add_epi32(x_##C, x_##D); \ + t_##C = _mm256_xor_si256(x_##B, x_##C); \ + x_##B = VEC8_ROT(t_##C, 7) + +#define VEC8_QUARTERROUND(A, B, C, D) VEC8_QUARTERROUND_SHUFFLE(A, B, C, D) + +#define VEC8_LINE1(A, B, C, D) \ + x_##A = _mm256_add_epi32(x_##A, x_##B); \ + x_##D = _mm256_shuffle_epi8(_mm256_xor_si256(x_##D, x_##A), rot16) +#define VEC8_LINE2(A, B, C, D) \ + x_##C = _mm256_add_epi32(x_##C, x_##D); \ + x_##B = VEC8_ROT(_mm256_xor_si256(x_##B, x_##C), 12) +#define VEC8_LINE3(A, B, C, D) \ + x_##A = _mm256_add_epi32(x_##A, x_##B); \ + x_##D = _mm256_shuffle_epi8(_mm256_xor_si256(x_##D, x_##A), rot8) +#define VEC8_LINE4(A, B, C, D) \ + x_##C = _mm256_add_epi32(x_##C, x_##D); \ + x_##B = VEC8_ROT(_mm256_xor_si256(x_##B, x_##C), 7) + +#define VEC8_ROUND_SEQ(A1, B1, C1, D1, A2, B2, C2, D2, A3, B3, C3, D3, A4, B4, \ + C4, D4) \ + VEC8_LINE1(A1, B1, C1, D1); \ + VEC8_LINE1(A2, B2, C2, D2); \ + VEC8_LINE1(A3, B3, C3, D3); \ + VEC8_LINE1(A4, B4, C4, D4); \ + VEC8_LINE2(A1, B1, C1, D1); \ + VEC8_LINE2(A2, B2, C2, D2); \ + VEC8_LINE2(A3, B3, C3, D3); \ + VEC8_LINE2(A4, B4, C4, D4); \ + VEC8_LINE3(A1, B1, C1, D1); \ + VEC8_LINE3(A2, B2, C2, D2); \ + VEC8_LINE3(A3, B3, C3, D3); \ + VEC8_LINE3(A4, B4, C4, D4); \ + VEC8_LINE4(A1, B1, C1, D1); \ + VEC8_LINE4(A2, B2, C2, D2); \ + VEC8_LINE4(A3, B3, C3, D3); \ + VEC8_LINE4(A4, B4, C4, D4) + +#define VEC8_ROUND_HALF(A1, B1, C1, D1, A2, B2, C2, D2, A3, B3, C3, D3, A4, \ + B4, C4, D4) \ + VEC8_LINE1(A1, B1, C1, D1); \ + VEC8_LINE1(A2, B2, C2, D2); \ + VEC8_LINE2(A1, B1, C1, D1); \ + VEC8_LINE2(A2, B2, C2, D2); \ + VEC8_LINE3(A1, B1, C1, D1); \ + VEC8_LINE3(A2, B2, C2, D2); \ + VEC8_LINE4(A1, B1, C1, D1); \ + VEC8_LINE4(A2, B2, C2, D2); \ + VEC8_LINE1(A3, B3, C3, D3); \ + VEC8_LINE1(A4, B4, C4, D4); \ + VEC8_LINE2(A3, B3, C3, D3); \ + VEC8_LINE2(A4, B4, C4, D4); \ + VEC8_LINE3(A3, B3, C3, D3); \ + VEC8_LINE3(A4, B4, C4, D4); \ + VEC8_LINE4(A3, B3, C3, D3); \ + VEC8_LINE4(A4, B4, C4, D4) + +#define VEC8_ROUND_HALFANDHALF(A1, B1, C1, D1, A2, B2, C2, D2, A3, B3, C3, D3, \ + A4, B4, C4, D4) \ + VEC8_LINE1(A1, B1, C1, D1); \ + VEC8_LINE1(A2, B2, C2, D2); \ + VEC8_LINE2(A1, B1, C1, D1); \ + VEC8_LINE2(A2, B2, C2, D2); \ + VEC8_LINE1(A3, B3, C3, D3); \ + VEC8_LINE1(A4, B4, C4, D4); \ + VEC8_LINE2(A3, B3, C3, D3); \ + VEC8_LINE2(A4, B4, C4, D4); \ + VEC8_LINE3(A1, B1, C1, D1); \ + VEC8_LINE3(A2, B2, C2, D2); \ + VEC8_LINE4(A1, B1, C1, D1); \ + VEC8_LINE4(A2, B2, C2, D2); \ + VEC8_LINE3(A3, B3, C3, D3); \ + VEC8_LINE3(A4, B4, C4, D4); \ + VEC8_LINE4(A3, B3, C3, D3); \ + VEC8_LINE4(A4, B4, C4, D4) + +#define VEC8_ROUND(A1, B1, C1, D1, A2, B2, C2, D2, A3, B3, C3, D3, A4, B4, C4, \ + D4) \ + VEC8_ROUND_SEQ(A1, B1, C1, D1, A2, B2, C2, D2, A3, B3, C3, D3, A4, B4, C4, \ + D4) + +if (bytes >= 512) { + /* constant for shuffling bytes (replacing multiple-of-8 rotates) */ + __m256i rot16 = + _mm256_set_epi8(13, 12, 15, 14, 9, 8, 11, 10, 5, 4, 7, 6, 1, 0, 3, 2, + 13, 12, 15, 14, 9, 8, 11, 10, 5, 4, 7, 6, 1, 0, 3, 2); + __m256i rot8 = + _mm256_set_epi8(14, 13, 12, 15, 10, 9, 8, 11, 6, 5, 4, 7, 2, 1, 0, 3, + 14, 13, 12, 15, 10, 9, 8, 11, 6, 5, 4, 7, 2, 1, 0, 3); + uint32_t in12, in13; + + /* the naive way seems as fast (if not a bit faster) than the vector way */ + __m256i x_0 = _mm256_set1_epi32(x[0]); + __m256i x_1 = _mm256_set1_epi32(x[1]); + __m256i x_2 = _mm256_set1_epi32(x[2]); + __m256i x_3 = _mm256_set1_epi32(x[3]); + __m256i x_4 = _mm256_set1_epi32(x[4]); + __m256i x_5 = _mm256_set1_epi32(x[5]); + __m256i x_6 = _mm256_set1_epi32(x[6]); + __m256i x_7 = _mm256_set1_epi32(x[7]); + __m256i x_8 = _mm256_set1_epi32(x[8]); + __m256i x_9 = _mm256_set1_epi32(x[9]); + __m256i x_10 = _mm256_set1_epi32(x[10]); + __m256i x_11 = _mm256_set1_epi32(x[11]); + __m256i x_12; + __m256i x_13; + __m256i x_14 = _mm256_set1_epi32(x[14]); + __m256i x_15 = _mm256_set1_epi32(x[15]); + + __m256i orig0 = x_0; + __m256i orig1 = x_1; + __m256i orig2 = x_2; + __m256i orig3 = x_3; + __m256i orig4 = x_4; + __m256i orig5 = x_5; + __m256i orig6 = x_6; + __m256i orig7 = x_7; + __m256i orig8 = x_8; + __m256i orig9 = x_9; + __m256i orig10 = x_10; + __m256i orig11 = x_11; + __m256i orig12; + __m256i orig13; + __m256i orig14 = x_14; + __m256i orig15 = x_15; + __m256i t_0, t_1, t_2, t_3, t_4, t_5, t_6, t_7, t_8, t_9, t_10, t_11, t_12, + t_13, t_14, t_15; + + while (bytes >= 512) { + const __m256i addv12 = _mm256_set_epi64x(3, 2, 1, 0); + const __m256i addv13 = _mm256_set_epi64x(7, 6, 5, 4); + const __m256i permute = _mm256_set_epi32(7, 6, 3, 2, 5, 4, 1, 0); + __m256i t12, t13; + + uint64_t in1213; + int i; + + x_0 = orig0; + x_1 = orig1; + x_2 = orig2; + x_3 = orig3; + x_4 = orig4; + x_5 = orig5; + x_6 = orig6; + x_7 = orig7; + x_8 = orig8; + x_9 = orig9; + x_10 = orig10; + x_11 = orig11; + x_14 = orig14; + x_15 = orig15; + + in12 = x[12]; + in13 = x[13]; + in1213 = ((uint64_t) in12) | (((uint64_t) in13) << 32); + x_12 = x_13 = _mm256_broadcastq_epi64(_mm_cvtsi64_si128(in1213)); + + t12 = _mm256_add_epi64(addv12, x_12); + t13 = _mm256_add_epi64(addv13, x_13); + + x_12 = _mm256_unpacklo_epi32(t12, t13); + x_13 = _mm256_unpackhi_epi32(t12, t13); + + t12 = _mm256_unpacklo_epi32(x_12, x_13); + t13 = _mm256_unpackhi_epi32(x_12, x_13); + + /* required because unpack* are intra-lane */ + x_12 = _mm256_permutevar8x32_epi32(t12, permute); + x_13 = _mm256_permutevar8x32_epi32(t13, permute); + + orig12 = x_12; + orig13 = x_13; + + in1213 += 8; + + x[12] = in1213 & 0xFFFFFFFF; + x[13] = (in1213 >> 32) & 0xFFFFFFFF; + + for (i = 0; i < ROUNDS; i += 2) { + VEC8_ROUND(0, 4, 8, 12, 1, 5, 9, 13, 2, 6, 10, 14, 3, 7, 11, 15); + VEC8_ROUND(0, 5, 10, 15, 1, 6, 11, 12, 2, 7, 8, 13, 3, 4, 9, 14); + } + +#define ONEQUAD_TRANSPOSE(A, B, C, D) \ + { \ + __m128i t0, t1, t2, t3; \ + x_##A = _mm256_add_epi32(x_##A, orig##A); \ + x_##B = _mm256_add_epi32(x_##B, orig##B); \ + x_##C = _mm256_add_epi32(x_##C, orig##C); \ + x_##D = _mm256_add_epi32(x_##D, orig##D); \ + t_##A = _mm256_unpacklo_epi32(x_##A, x_##B); \ + t_##B = _mm256_unpacklo_epi32(x_##C, x_##D); \ + t_##C = _mm256_unpackhi_epi32(x_##A, x_##B); \ + t_##D = _mm256_unpackhi_epi32(x_##C, x_##D); \ + x_##A = _mm256_unpacklo_epi64(t_##A, t_##B); \ + x_##B = _mm256_unpackhi_epi64(t_##A, t_##B); \ + x_##C = _mm256_unpacklo_epi64(t_##C, t_##D); \ + x_##D = _mm256_unpackhi_epi64(t_##C, t_##D); \ + t0 = _mm_xor_si128(_mm256_extracti128_si256(x_##A, 0), \ + _mm_loadu_si128((const __m128i*) (m + 0))); \ + _mm_storeu_si128((__m128i*) (c + 0), t0); \ + t1 = _mm_xor_si128(_mm256_extracti128_si256(x_##B, 0), \ + _mm_loadu_si128((const __m128i*) (m + 64))); \ + _mm_storeu_si128((__m128i*) (c + 64), t1); \ + t2 = _mm_xor_si128(_mm256_extracti128_si256(x_##C, 0), \ + _mm_loadu_si128((const __m128i*) (m + 128))); \ + _mm_storeu_si128((__m128i*) (c + 128), t2); \ + t3 = _mm_xor_si128(_mm256_extracti128_si256(x_##D, 0), \ + _mm_loadu_si128((const __m128i*) (m + 192))); \ + _mm_storeu_si128((__m128i*) (c + 192), t3); \ + t0 = _mm_xor_si128(_mm256_extracti128_si256(x_##A, 1), \ + _mm_loadu_si128((const __m128i*) (m + 256))); \ + _mm_storeu_si128((__m128i*) (c + 256), t0); \ + t1 = _mm_xor_si128(_mm256_extracti128_si256(x_##B, 1), \ + _mm_loadu_si128((const __m128i*) (m + 320))); \ + _mm_storeu_si128((__m128i*) (c + 320), t1); \ + t2 = _mm_xor_si128(_mm256_extracti128_si256(x_##C, 1), \ + _mm_loadu_si128((const __m128i*) (m + 384))); \ + _mm_storeu_si128((__m128i*) (c + 384), t2); \ + t3 = _mm_xor_si128(_mm256_extracti128_si256(x_##D, 1), \ + _mm_loadu_si128((const __m128i*) (m + 448))); \ + _mm_storeu_si128((__m128i*) (c + 448), t3); \ + } + +#define ONEQUAD(A, B, C, D) ONEQUAD_TRANSPOSE(A, B, C, D) + +#define ONEQUAD_UNPCK(A, B, C, D) \ + { \ + x_##A = _mm256_add_epi32(x_##A, orig##A); \ + x_##B = _mm256_add_epi32(x_##B, orig##B); \ + x_##C = _mm256_add_epi32(x_##C, orig##C); \ + x_##D = _mm256_add_epi32(x_##D, orig##D); \ + t_##A = _mm256_unpacklo_epi32(x_##A, x_##B); \ + t_##B = _mm256_unpacklo_epi32(x_##C, x_##D); \ + t_##C = _mm256_unpackhi_epi32(x_##A, x_##B); \ + t_##D = _mm256_unpackhi_epi32(x_##C, x_##D); \ + x_##A = _mm256_unpacklo_epi64(t_##A, t_##B); \ + x_##B = _mm256_unpackhi_epi64(t_##A, t_##B); \ + x_##C = _mm256_unpacklo_epi64(t_##C, t_##D); \ + x_##D = _mm256_unpackhi_epi64(t_##C, t_##D); \ + } + +#define ONEOCTO(A, B, C, D, A2, B2, C2, D2) \ + { \ + ONEQUAD_UNPCK(A, B, C, D); \ + ONEQUAD_UNPCK(A2, B2, C2, D2); \ + t_##A = _mm256_permute2x128_si256(x_##A, x_##A2, 0x20); \ + t_##A2 = _mm256_permute2x128_si256(x_##A, x_##A2, 0x31); \ + t_##B = _mm256_permute2x128_si256(x_##B, x_##B2, 0x20); \ + t_##B2 = _mm256_permute2x128_si256(x_##B, x_##B2, 0x31); \ + t_##C = _mm256_permute2x128_si256(x_##C, x_##C2, 0x20); \ + t_##C2 = _mm256_permute2x128_si256(x_##C, x_##C2, 0x31); \ + t_##D = _mm256_permute2x128_si256(x_##D, x_##D2, 0x20); \ + t_##D2 = _mm256_permute2x128_si256(x_##D, x_##D2, 0x31); \ + t_##A = _mm256_xor_si256( \ + t_##A, _mm256_loadu_si256((const __m256i*) (m + 0))); \ + t_##B = _mm256_xor_si256( \ + t_##B, _mm256_loadu_si256((const __m256i*) (m + 64))); \ + t_##C = _mm256_xor_si256( \ + t_##C, _mm256_loadu_si256((const __m256i*) (m + 128))); \ + t_##D = _mm256_xor_si256( \ + t_##D, _mm256_loadu_si256((const __m256i*) (m + 192))); \ + t_##A2 = _mm256_xor_si256( \ + t_##A2, _mm256_loadu_si256((const __m256i*) (m + 256))); \ + t_##B2 = _mm256_xor_si256( \ + t_##B2, _mm256_loadu_si256((const __m256i*) (m + 320))); \ + t_##C2 = _mm256_xor_si256( \ + t_##C2, _mm256_loadu_si256((const __m256i*) (m + 384))); \ + t_##D2 = _mm256_xor_si256( \ + t_##D2, _mm256_loadu_si256((const __m256i*) (m + 448))); \ + _mm256_storeu_si256((__m256i*) (c + 0), t_##A); \ + _mm256_storeu_si256((__m256i*) (c + 64), t_##B); \ + _mm256_storeu_si256((__m256i*) (c + 128), t_##C); \ + _mm256_storeu_si256((__m256i*) (c + 192), t_##D); \ + _mm256_storeu_si256((__m256i*) (c + 256), t_##A2); \ + _mm256_storeu_si256((__m256i*) (c + 320), t_##B2); \ + _mm256_storeu_si256((__m256i*) (c + 384), t_##C2); \ + _mm256_storeu_si256((__m256i*) (c + 448), t_##D2); \ + } + + ONEOCTO(0, 1, 2, 3, 4, 5, 6, 7); + m += 32; + c += 32; + ONEOCTO(8, 9, 10, 11, 12, 13, 14, 15); + m -= 32; + c -= 32; + +#undef ONEQUAD +#undef ONEQUAD_TRANSPOSE +#undef ONEQUAD_UNPCK +#undef ONEOCTO + + bytes -= 512; + c += 512; + m += 512; + } +} +#undef VEC8_ROT +#undef VEC8_QUARTERROUND +#undef VEC8_QUARTERROUND_NAIVE +#undef VEC8_QUARTERROUND_SHUFFLE +#undef VEC8_QUARTERROUND_SHUFFLE2 +#undef VEC8_LINE1 +#undef VEC8_LINE2 +#undef VEC8_LINE3 +#undef VEC8_LINE4 +#undef VEC8_ROUND +#undef VEC8_ROUND_SEQ +#undef VEC8_ROUND_HALF +#undef VEC8_ROUND_HALFANDHALF diff --git a/sodium/sodium_export.h b/sodium/sodium_export.h new file mode 100644 index 00000000..9d123849 --- /dev/null +++ b/sodium/sodium_export.h @@ -0,0 +1,27 @@ + +#ifndef sodium_export_H +#define sodium_export_H + +#include +#include +#include + +#if !defined(__clang__) && !defined(__GNUC__) +# ifdef __attribute__ +# undef __attribute__ +# endif +# define __attribute__(a) +#endif + +#ifndef CRYPTO_ALIGN +# if defined(__INTEL_COMPILER) || defined(_MSC_VER) +# define CRYPTO_ALIGN(x) __declspec(align(x)) +# else +# define CRYPTO_ALIGN(x) __attribute__ ((aligned(x))) +# endif +#endif + +#define SODIUM_MIN(A, B) ((A) < (B) ? (A) : (B)) +#define SODIUM_SIZE_MAX SODIUM_MIN(UINT64_MAX, SIZE_MAX) + +#endif diff --git a/sodium/sodium_fe_25_5_base.h b/sodium/sodium_fe_25_5_base.h new file mode 100644 index 00000000..e18530bb --- /dev/null +++ b/sodium/sodium_fe_25_5_base.h @@ -0,0 +1,1344 @@ +{ /* 0/31 */ + { + { 25967493, -14356035, 29566456, 3660896, -12694345, 4014787, 27544626, -11754271, -6079156, 2047605 }, + { -12545711, 934262, -2722910, 3049990, -727428, 9406986, 12720692, 5043384, 19500929, -15469378 }, + { -8738181, 4489570, 9688441, -14785194, 10184609, -12363380, 29287919, 11864899, -24514362, -4438546 } + }, + { + { -12815894, -12976347, -21581243, 11784320, -25355658, -2750717, -11717903, -3814571, -358445, -10211303 }, + { -21703237, 6903825, 27185491, 6451973, -29577724, -9554005, -15616551, 11189268, -26829678, -5319081 }, + { 26966642, 11152617, 32442495, 15396054, 14353839, -12752335, -3128826, -9541118, -15472047, -4166697 } + }, + { + { 15636291, -9688557, 24204773, -7912398, 616977, -16685262, 27787600, -14772189, 28944400, -1550024 }, + { 16568933, 4717097, -11556148, -1102322, 15682896, -11807043, 16354577, -11775962, 7689662, 11199574 }, + { 30464156, -5976125, -11779434, -15670865, 23220365, 15915852, 7512774, 10017326, -17749093, -9920357 } + }, + { + { -17036878, 13921892, 10945806, -6033431, 27105052, -16084379, -28926210, 15006023, 3284568, -6276540 }, + { 23599295, -8306047, -11193664, -7687416, 13236774, 10506355, 7464579, 9656445, 13059162, 10374397 }, + { 7798556, 16710257, 3033922, 2874086, 28997861, 2835604, 32406664, -3839045, -641708, -101325 } + }, + { + { 10861363, 11473154, 27284546, 1981175, -30064349, 12577861, 32867885, 14515107, -15438304, 10819380 }, + { 4708026, 6336745, 20377586, 9066809, -11272109, 6594696, -25653668, 12483688, -12668491, 5581306 }, + { 19563160, 16186464, -29386857, 4097519, 10237984, -4348115, 28542350, 13850243, -23678021, -15815942 } + }, + { + { -15371964, -12862754, 32573250, 4720197, -26436522, 5875511, -19188627, -15224819, -9818940, -12085777 }, + { -8549212, 109983, 15149363, 2178705, 22900618, 4543417, 3044240, -15689887, 1762328, 14866737 }, + { -18199695, -15951423, -10473290, 1707278, -17185920, 3916101, -28236412, 3959421, 27914454, 4383652 } + }, + { + { 5153746, 9909285, 1723747, -2777874, 30523605, 5516873, 19480852, 5230134, -23952439, -15175766 }, + { -30269007, -3463509, 7665486, 10083793, 28475525, 1649722, 20654025, 16520125, 30598449, 7715701 }, + { 28881845, 14381568, 9657904, 3680757, -20181635, 7843316, -31400660, 1370708, 29794553, -1409300 } + }, + { + { 14499471, -2729599, -33191113, -4254652, 28494862, 14271267, 30290735, 10876454, -33154098, 2381726 }, + { -7195431, -2655363, -14730155, 462251, -27724326, 3941372, -6236617, 3696005, -32300832, 15351955 }, + { 27431194, 8222322, 16448760, -3907995, -18707002, 11938355, -32961401, -2970515, 29551813, 10109425 } + } +}, +{ /* 1/31 */ + { + { -13657040, -13155431, -31283750, 11777098, 21447386, 6519384, -2378284, -1627556, 10092783, -4764171 }, + { 27939166, 14210322, 4677035, 16277044, -22964462, -12398139, -32508754, 12005538, -17810127, 12803510 }, + { 17228999, -15661624, -1233527, 300140, -1224870, -11714777, 30364213, -9038194, 18016357, 4397660 } + }, + { + { -10958843, -7690207, 4776341, -14954238, 27850028, -15602212, -26619106, 14544525, -17477504, 982639 }, + { 29253598, 15796703, -2863982, -9908884, 10057023, 3163536, 7332899, -4120128, -21047696, 9934963 }, + { 5793303, 16271923, -24131614, -10116404, 29188560, 1206517, -14747930, 4559895, -30123922, -10897950 } + }, + { + { -27643952, -11493006, 16282657, -11036493, 28414021, -15012264, 24191034, 4541697, -13338309, 5500568 }, + { 12650548, -1497113, 9052871, 11355358, -17680037, -8400164, -17430592, 12264343, 10874051, 13524335 }, + { 25556948, -3045990, 714651, 2510400, 23394682, -10415330, 33119038, 5080568, -22528059, 5376628 } + }, + { + { -26088264, -4011052, -17013699, -3537628, -6726793, 1920897, -22321305, -9447443, 4535768, 1569007 }, + { -2255422, 14606630, -21692440, -8039818, 28430649, 8775819, -30494562, 3044290, 31848280, 12543772 }, + { -22028579, 2943893, -31857513, 6777306, 13784462, -4292203, -27377195, -2062731, 7718482, 14474653 } + }, + { + { 2385315, 2454213, -22631320, 46603, -4437935, -15680415, 656965, -7236665, 24316168, -5253567 }, + { 13741529, 10911568, -33233417, -8603737, -20177830, -1033297, 33040651, -13424532, -20729456, 8321686 }, + { 21060490, -2212744, 15712757, -4336099, 1639040, 10656336, 23845965, -11874838, -9984458, 608372 } + }, + { + { -13672732, -15087586, -10889693, -7557059, -6036909, 11305547, 1123968, -6780577, 27229399, 23887 }, + { -23244140, -294205, -11744728, 14712571, -29465699, -2029617, 12797024, -6440308, -1633405, 16678954 }, + { -29500620, 4770662, -16054387, 14001338, 7830047, 9564805, -1508144, -4795045, -17169265, 4904953 } + }, + { + { 24059557, 14617003, 19037157, -15039908, 19766093, -14906429, 5169211, 16191880, 2128236, -4326833 }, + { -16981152, 4124966, -8540610, -10653797, 30336522, -14105247, -29806336, 916033, -6882542, -2986532 }, + { -22630907, 12419372, -7134229, -7473371, -16478904, 16739175, 285431, 2763829, 15736322, 4143876 } + }, + { + { 2379352, 11839345, -4110402, -5988665, 11274298, 794957, 212801, -14594663, 23527084, -16458268 }, + { 33431127, -11130478, -17838966, -15626900, 8909499, 8376530, -32625340, 4087881, -15188911, -14416214 }, + { 1767683, 7197987, -13205226, -2022635, -13091350, 448826, 5799055, 4357868, -4774191, -16323038 } + } +}, +{ /* 2/31 */ + { + { 6721966, 13833823, -23523388, -1551314, 26354293, -11863321, 23365147, -3949732, 7390890, 2759800 }, + { 4409041, 2052381, 23373853, 10530217, 7676779, -12885954, 21302353, -4264057, 1244380, -12919645 }, + { -4421239, 7169619, 4982368, -2957590, 30256825, -2777540, 14086413, 9208236, 15886429, 16489664 } + }, + { + { 1996075, 10375649, 14346367, 13311202, -6874135, -16438411, -13693198, 398369, -30606455, -712933 }, + { -25307465, 9795880, -2777414, 14878809, -33531835, 14780363, 13348553, 12076947, -30836462, 5113182 }, + { -17770784, 11797796, 31950843, 13929123, -25888302, 12288344, -30341101, -7336386, 13847711, 5387222 } + }, + { + { -18582163, -3416217, 17824843, -2340966, 22744343, -10442611, 8763061, 3617786, -19600662, 10370991 }, + { 20246567, -14369378, 22358229, -543712, 18507283, -10413996, 14554437, -8746092, 32232924, 16763880 }, + { 9648505, 10094563, 26416693, 14745928, -30374318, -6472621, 11094161, 15689506, 3140038, -16510092 } + }, + { + { -16160072, 5472695, 31895588, 4744994, 8823515, 10365685, -27224800, 9448613, -28774454, 366295 }, + { 19153450, 11523972, -11096490, -6503142, -24647631, 5420647, 28344573, 8041113, 719605, 11671788 }, + { 8678025, 2694440, -6808014, 2517372, 4964326, 11152271, -15432916, -15266516, 27000813, -10195553 } + }, + { + { -15157904, 7134312, 8639287, -2814877, -7235688, 10421742, 564065, 5336097, 6750977, -14521026 }, + { 11836410, -3979488, 26297894, 16080799, 23455045, 15735944, 1695823, -8819122, 8169720, 16220347 }, + { -18115838, 8653647, 17578566, -6092619, -8025777, -16012763, -11144307, -2627664, -5990708, -14166033 } + }, + { + { -23308498, -10968312, 15213228, -10081214, -30853605, -11050004, 27884329, 2847284, 2655861, 1738395 }, + { -27537433, -14253021, -25336301, -8002780, -9370762, 8129821, 21651608, -3239336, -19087449, -11005278 }, + { 1533110, 3437855, 23735889, 459276, 29970501, 11335377, 26030092, 5821408, 10478196, 8544890 } + }, + { + { 32173121, -16129311, 24896207, 3921497, 22579056, -3410854, 19270449, 12217473, 17789017, -3395995 }, + { -30552961, -2228401, -15578829, -10147201, 13243889, 517024, 15479401, -3853233, 30460520, 1052596 }, + { -11614875, 13323618, 32618793, 8175907, -15230173, 12596687, 27491595, -4612359, 3179268, -9478891 } + }, + { + { 31947069, -14366651, -4640583, -15339921, -15125977, -6039709, -14756777, -16411740, 19072640, -9511060 }, + { 11685058, 11822410, 3158003, -13952594, 33402194, -4165066, 5977896, -5215017, 473099, 5040608 }, + { -20290863, 8198642, -27410132, 11602123, 1290375, -2799760, 28326862, 1721092, -19558642, -3131606 } + } +}, +{ /* 3/31 */ + { + { 7881532, 10687937, 7578723, 7738378, -18951012, -2553952, 21820786, 8076149, -27868496, 11538389 }, + { -19935666, 3899861, 18283497, -6801568, -15728660, -11249211, 8754525, 7446702, -5676054, 5797016 }, + { -11295600, -3793569, -15782110, -7964573, 12708869, -8456199, 2014099, -9050574, -2369172, -5877341 } + }, + { + { -22472376, -11568741, -27682020, 1146375, 18956691, 16640559, 1192730, -3714199, 15123619, 10811505 }, + { 14352098, -3419715, -18942044, 10822655, 32750596, 4699007, -70363, 15776356, -28886779, -11974553 }, + { -28241164, -8072475, -4978962, -5315317, 29416931, 1847569, -20654173, -16484855, 4714547, -9600655 } + }, + { + { 15200332, 8368572, 19679101, 15970074, -31872674, 1959451, 24611599, -4543832, -11745876, 12340220 }, + { 12876937, -10480056, 33134381, 6590940, -6307776, 14872440, 9613953, 8241152, 15370987, 9608631 }, + { -4143277, -12014408, 8446281, -391603, 4407738, 13629032, -7724868, 15866074, -28210621, -8814099 } + }, + { + { 26660628, -15677655, 8393734, 358047, -7401291, 992988, -23904233, 858697, 20571223, 8420556 }, + { 14620715, 13067227, -15447274, 8264467, 14106269, 15080814, 33531827, 12516406, -21574435, -12476749 }, + { 236881, 10476226, 57258, -14677024, 6472998, 2466984, 17258519, 7256740, 8791136, 15069930 } + }, + { + { 1276410, -9371918, 22949635, -16322807, -23493039, -5702186, 14711875, 4874229, -30663140, -2331391 }, + { 5855666, 4990204, -13711848, 7294284, -7804282, 1924647, -1423175, -7912378, -33069337, 9234253 }, + { 20590503, -9018988, 31529744, -7352666, -2706834, 10650548, 31559055, -11609587, 18979186, 13396066 } + }, + { + { 24474287, 4968103, 22267082, 4407354, 24063882, -8325180, -18816887, 13594782, 33514650, 7021958 }, + { -11566906, -6565505, -21365085, 15928892, -26158305, 4315421, -25948728, -3916677, -21480480, 12868082 }, + { -28635013, 13504661, 19988037, -2132761, 21078225, 6443208, -21446107, 2244500, -12455797, -8089383 } + }, + { + { -30595528, 13793479, -5852820, 319136, -25723172, -6263899, 33086546, 8957937, -15233648, 5540521 }, + { -11630176, -11503902, -8119500, -7643073, 2620056, 1022908, -23710744, -1568984, -16128528, -14962807 }, + { 23152971, 775386, 27395463, 14006635, -9701118, 4649512, 1689819, 892185, -11513277, -15205948 } + }, + { + { 9770129, 9586738, 26496094, 4324120, 1556511, -3550024, 27453819, 4763127, -19179614, 5867134 }, + { -32765025, 1927590, 31726409, -4753295, 23962434, -16019500, 27846559, 5931263, -29749703, -16108455 }, + { 27461885, -2977536, 22380810, 1815854, -23033753, -3031938, 7283490, -15148073, -19526700, 7734629 } + } +}, +{ /* 4/31 */ + { + { -8010264, -9590817, -11120403, 6196038, 29344158, -13430885, 7585295, -3176626, 18549497, 15302069 }, + { -32658337, -6171222, -7672793, -11051681, 6258878, 13504381, 10458790, -6418461, -8872242, 8424746 }, + { 24687205, 8613276, -30667046, -3233545, 1863892, -1830544, 19206234, 7134917, -11284482, -828919 } + }, + { + { 11334899, -9218022, 8025293, 12707519, 17523892, -10476071, 10243738, -14685461, -5066034, 16498837 }, + { 8911542, 6887158, -9584260, -6958590, 11145641, -9543680, 17303925, -14124238, 6536641, 10543906 }, + { -28946384, 15479763, -17466835, 568876, -1497683, 11223454, -2669190, -16625574, -27235709, 8876771 } + }, + { + { -25742899, -12566864, -15649966, -846607, -33026686, -796288, -33481822, 15824474, -604426, -9039817 }, + { 10330056, 70051, 7957388, -9002667, 9764902, 15609756, 27698697, -4890037, 1657394, 3084098 }, + { 10477963, -7470260, 12119566, -13250805, 29016247, -5365589, 31280319, 14396151, -30233575, 15272409 } + }, + { + { -12288309, 3169463, 28813183, 16658753, 25116432, -5630466, -25173957, -12636138, -25014757, 1950504 }, + { -26180358, 9489187, 11053416, -14746161, -31053720, 5825630, -8384306, -8767532, 15341279, 8373727 }, + { 28685821, 7759505, -14378516, -12002860, -31971820, 4079242, 298136, -10232602, -2878207, 15190420 } + }, + { + { -32932876, 13806336, -14337485, -15794431, -24004620, 10940928, 8669718, 2742393, -26033313, -6875003 }, + { -1580388, -11729417, -25979658, -11445023, -17411874, -10912854, 9291594, -16247779, -12154742, 6048605 }, + { -30305315, 14843444, 1539301, 11864366, 20201677, 1900163, 13934231, 5128323, 11213262, 9168384 } + }, + { + { -26280513, 11007847, 19408960, -940758, -18592965, -4328580, -5088060, -11105150, 20470157, -16398701 }, + { -23136053, 9282192, 14855179, -15390078, -7362815, -14408560, -22783952, 14461608, 14042978, 5230683 }, + { 29969567, -2741594, -16711867, -8552442, 9175486, -2468974, 21556951, 3506042, -5933891, -12449708 } + }, + { + { -3144746, 8744661, 19704003, 4581278, -20430686, 6830683, -21284170, 8971513, -28539189, 15326563 }, + { -19464629, 10110288, -17262528, -3503892, -23500387, 1355669, -15523050, 15300988, -20514118, 9168260 }, + { -5353335, 4488613, -23803248, 16314347, 7780487, -15638939, -28948358, 9601605, 33087103, -9011387 } + }, + { + { -19443170, -15512900, -20797467, -12445323, -29824447, 10229461, -27444329, -15000531, -5996870, 15664672 }, + { 23294591, -16632613, -22650781, -8470978, 27844204, 11461195, 13099750, -2460356, 18151676, 13417686 }, + { -24722913, -4176517, -31150679, 5988919, -26858785, 6685065, 1661597, -12551441, 15271676, -15452665 } + } +}, +{ /* 5/31 */ + { + { 11433042, -13228665, 8239631, -5279517, -1985436, -725718, -18698764, 2167544, -6921301, -13440182 }, + { -31436171, 15575146, 30436815, 12192228, -22463353, 9395379, -9917708, -8638997, 12215110, 12028277 }, + { 14098400, 6555944, 23007258, 5757252, -15427832, -12950502, 30123440, 4617780, -16900089, -655628 } + }, + { + { -4026201, -15240835, 11893168, 13718664, -14809462, 1847385, -15819999, 10154009, 23973261, -12684474 }, + { -26531820, -3695990, -1908898, 2534301, -31870557, -16550355, 18341390, -11419951, 32013174, -10103539 }, + { -25479301, 10876443, -11771086, -14625140, -12369567, 1838104, 21911214, 6354752, 4425632, -837822 } + }, + { + { -10433389, -14612966, 22229858, -3091047, -13191166, 776729, -17415375, -12020462, 4725005, 14044970 }, + { 19268650, -7304421, 1555349, 8692754, -21474059, -9910664, 6347390, -1411784, -19522291, -16109756 }, + { -24864089, 12986008, -10898878, -5558584, -11312371, -148526, 19541418, 8180106, 9282262, 10282508 } + }, + { + { -26205082, 4428547, -8661196, -13194263, 4098402, -14165257, 15522535, 8372215, 5542595, -10702683 }, + { -10562541, 14895633, 26814552, -16673850, -17480754, -2489360, -2781891, 6993761, -18093885, 10114655 }, + { -20107055, -929418, 31422704, 10427861, -7110749, 6150669, -29091755, -11529146, 25953725, -106158 } + }, + { + { -4234397, -8039292, -9119125, 3046000, 2101609, -12607294, 19390020, 6094296, -3315279, 12831125 }, + { -15998678, 7578152, 5310217, 14408357, -33548620, -224739, 31575954, 6326196, 7381791, -2421839 }, + { -20902779, 3296811, 24736065, -16328389, 18374254, 7318640, 6295303, 8082724, -15362489, 12339664 } + }, + { + { 27724736, 2291157, 6088201, -14184798, 1792727, 5857634, 13848414, 15768922, 25091167, 14856294 }, + { -18866652, 8331043, 24373479, 8541013, -701998, -9269457, 12927300, -12695493, -22182473, -9012899 }, + { -11423429, -5421590, 11632845, 3405020, 30536730, -11674039, -27260765, 13866390, 30146206, 9142070 } + }, + { + { 3924129, -15307516, -13817122, -10054960, 12291820, -668366, -27702774, 9326384, -8237858, 4171294 }, + { -15921940, 16037937, 6713787, 16606682, -21612135, 2790944, 26396185, 3731949, 345228, -5462949 }, + { -21327538, 13448259, 25284571, 1143661, 20614966, -8849387, 2031539, -12391231, -16253183, -13582083 } + }, + { + { 31016211, -16722429, 26371392, -14451233, -5027349, 14854137, 17477601, 3842657, 28012650, -16405420 }, + { -5075835, 9368966, -8562079, -4600902, -15249953, 6970560, -9189873, 16292057, -8867157, 3507940 }, + { 29439664, 3537914, 23333589, 6997794, -17555561, -11018068, -15209202, -15051267, -9164929, 6580396 } + } +}, +{ /* 6/31 */ + { + { -12185861, -7679788, 16438269, 10826160, -8696817, -6235611, 17860444, -9273846, -2095802, 9304567 }, + { 20714564, -4336911, 29088195, 7406487, 11426967, -5095705, 14792667, -14608617, 5289421, -477127 }, + { -16665533, -10650790, -6160345, -13305760, 9192020, -1802462, 17271490, 12349094, 26939669, -3752294 } + }, + { + { -12889898, 9373458, 31595848, 16374215, 21471720, 13221525, -27283495, -12348559, -3698806, 117887 }, + { 22263325, -6560050, 3984570, -11174646, -15114008, -566785, 28311253, 5358056, -23319780, 541964 }, + { 16259219, 3261970, 2309254, -15534474, -16885711, -4581916, 24134070, -16705829, -13337066, -13552195 } + }, + { + { 9378160, -13140186, -22845982, -12745264, 28198281, -7244098, -2399684, -717351, 690426, 14876244 }, + { 24977353, -314384, -8223969, -13465086, 28432343, -1176353, -13068804, -12297348, -22380984, 6618999 }, + { -1538174, 11685646, 12944378, 13682314, -24389511, -14413193, 8044829, -13817328, 32239829, -5652762 } + }, + { + { -18603066, 4762990, -926250, 8885304, -28412480, -3187315, 9781647, -10350059, 32779359, 5095274 }, + { -33008130, -5214506, -32264887, -3685216, 9460461, -9327423, -24601656, 14506724, 21639561, -2630236 }, + { -16400943, -13112215, 25239338, 15531969, 3987758, -4499318, -1289502, -6863535, 17874574, 558605 } + }, + { + { -13600129, 10240081, 9171883, 16131053, -20869254, 9599700, 33499487, 5080151, 2085892, 5119761 }, + { -22205145, -2519528, -16381601, 414691, -25019550, 2170430, 30634760, -8363614, -31999993, -5759884 }, + { -6845704, 15791202, 8550074, -1312654, 29928809, -12092256, 27534430, -7192145, -22351378, 12961482 } + }, + { + { -24492060, -9570771, 10368194, 11582341, -23397293, -2245287, 16533930, 8206996, -30194652, -5159638 }, + { -11121496, -3382234, 2307366, 6362031, -135455, 8868177, -16835630, 7031275, 7589640, 8945490 }, + { -32152748, 8917967, 6661220, -11677616, -1192060, -15793393, 7251489, -11182180, 24099109, -14456170 } + }, + { + { 5019558, -7907470, 4244127, -14714356, -26933272, 6453165, -19118182, -13289025, -6231896, -10280736 }, + { 10853594, 10721687, 26480089, 5861829, -22995819, 1972175, -1866647, -10557898, -3363451, -6441124 }, + { -17002408, 5906790, 221599, -6563147, 7828208, -13248918, 24362661, -2008168, -13866408, 7421392 } + }, + { + { 8139927, -6546497, 32257646, -5890546, 30375719, 1886181, -21175108, 15441252, 28826358, -4123029 }, + { 6267086, 9695052, 7709135, -16603597, -32869068, -1886135, 14795160, -7840124, 13746021, -1742048 }, + { 28584902, 7787108, -6732942, -15050729, 22846041, -7571236, -3181936, -363524, 4771362, -8419958 } + } +}, +{ /* 7/31 */ + { + { 24949256, 6376279, -27466481, -8174608, -18646154, -9930606, 33543569, -12141695, 3569627, 11342593 }, + { 26514989, 4740088, 27912651, 3697550, 19331575, -11472339, 6809886, 4608608, 7325975, -14801071 }, + { -11618399, -14554430, -24321212, 7655128, -1369274, 5214312, -27400540, 10258390, -17646694, -8186692 } + }, + { + { 11431204, 15823007, 26570245, 14329124, 18029990, 4796082, -31446179, 15580664, 9280358, -3973687 }, + { -160783, -10326257, -22855316, -4304997, -20861367, -13621002, -32810901, -11181622, -15545091, 4387441 }, + { -20799378, 12194512, 3937617, -5805892, -27154820, 9340370, -24513992, 8548137, 20617071, -7482001 } + }, + { + { -938825, -3930586, -8714311, 16124718, 24603125, -6225393, -13775352, -11875822, 24345683, 10325460 }, + { -19855277, -1568885, -22202708, 8714034, 14007766, 6928528, 16318175, -1010689, 4766743, 3552007 }, + { -21751364, -16730916, 1351763, -803421, -4009670, 3950935, 3217514, 14481909, 10988822, -3994762 } + }, + { + { 15564307, -14311570, 3101243, 5684148, 30446780, -8051356, 12677127, -6505343, -8295852, 13296005 }, + { -9442290, 6624296, -30298964, -11913677, -4670981, -2057379, 31521204, 9614054, -30000824, 12074674 }, + { 4771191, -135239, 14290749, -13089852, 27992298, 14998318, -1413936, -1556716, 29832613, -16391035 } + }, + { + { 7064884, -7541174, -19161962, -5067537, -18891269, -2912736, 25825242, 5293297, -27122660, 13101590 }, + { -2298563, 2439670, -7466610, 1719965, -27267541, -16328445, 32512469, -5317593, -30356070, -4190957 }, + { -30006540, 10162316, -33180176, 3981723, -16482138, -13070044, 14413974, 9515896, 19568978, 9628812 } + }, + { + { 33053803, 199357, 15894591, 1583059, 27380243, -4580435, -17838894, -6106839, -6291786, 3437740 }, + { -18978877, 3884493, 19469877, 12726490, 15913552, 13614290, -22961733, 70104, 7463304, 4176122 }, + { -27124001, 10659917, 11482427, -16070381, 12771467, -6635117, -32719404, -5322751, 24216882, 5944158 } + }, + { + { 8894125, 7450974, -2664149, -9765752, -28080517, -12389115, 19345746, 14680796, 11632993, 5847885 }, + { 26942781, -2315317, 9129564, -4906607, 26024105, 11769399, -11518837, 6367194, -9727230, 4782140 }, + { 19916461, -4828410, -22910704, -11414391, 25606324, -5972441, 33253853, 8220911, 6358847, -1873857 } + }, + { + { 801428, -2081702, 16569428, 11065167, 29875704, 96627, 7908388, -4480480, -13538503, 1387155 }, + { 19646058, 5720633, -11416706, 12814209, 11607948, 12749789, 14147075, 15156355, -21866831, 11835260 }, + { 19299512, 1155910, 28703737, 14890794, 2925026, 7269399, 26121523, 15467869, -26560550, 5052483 } + } +}, +{ /* 8/31 */ + { + { -3017432, 10058206, 1980837, 3964243, 22160966, 12322533, -6431123, -12618185, 12228557, -7003677 }, + { 32944382, 14922211, -22844894, 5188528, 21913450, -8719943, 4001465, 13238564, -6114803, 8653815 }, + { 22865569, -4652735, 27603668, -12545395, 14348958, 8234005, 24808405, 5719875, 28483275, 2841751 } + }, + { + { -16420968, -1113305, -327719, -12107856, 21886282, -15552774, -1887966, -315658, 19932058, -12739203 }, + { -11656086, 10087521, -8864888, -5536143, -19278573, -3055912, 3999228, 13239134, -4777469, -13910208 }, + { 1382174, -11694719, 17266790, 9194690, -13324356, 9720081, 20403944, 11284705, -14013818, 3093230 } + }, + { + { 16650921, -11037932, -1064178, 1570629, -8329746, 7352753, -302424, 16271225, -24049421, -6691850 }, + { -21911077, -5927941, -4611316, -5560156, -31744103, -10785293, 24123614, 15193618, -21652117, -16739389 }, + { -9935934, -4289447, -25279823, 4372842, 2087473, 10399484, 31870908, 14690798, 17361620, 11864968 } + }, + { + { -11307610, 6210372, 13206574, 5806320, -29017692, -13967200, -12331205, -7486601, -25578460, -16240689 }, + { 14668462, -12270235, 26039039, 15305210, 25515617, 4542480, 10453892, 6577524, 9145645, -6443880 }, + { 5974874, 3053895, -9433049, -10385191, -31865124, 3225009, -7972642, 3936128, -5652273, -3050304 } + }, + { + { 30625386, -4729400, -25555961, -12792866, -20484575, 7695099, 17097188, -16303496, -27999779, 1803632 }, + { -3553091, 9865099, -5228566, 4272701, -5673832, -16689700, 14911344, 12196514, -21405489, 7047412 }, + { 20093277, 9920966, -11138194, -5343857, 13161587, 12044805, -32856851, 4124601, -32343828, -10257566 } + }, + { + { -20788824, 14084654, -13531713, 7842147, 19119038, -13822605, 4752377, -8714640, -21679658, 2288038 }, + { -26819236, -3283715, 29965059, 3039786, -14473765, 2540457, 29457502, 14625692, -24819617, 12570232 }, + { -1063558, -11551823, 16920318, 12494842, 1278292, -5869109, -21159943, -3498680, -11974704, 4724943 } + }, + { + { 17960970, -11775534, -4140968, -9702530, -8876562, -1410617, -12907383, -8659932, -29576300, 1903856 }, + { 23134274, -14279132, -10681997, -1611936, 20684485, 15770816, -12989750, 3190296, 26955097, 14109738 }, + { 15308788, 5320727, -30113809, -14318877, 22902008, 7767164, 29425325, -11277562, 31960942, 11934971 } + }, + { + { -27395711, 8435796, 4109644, 12222639, -24627868, 14818669, 20638173, 4875028, 10491392, 1379718 }, + { -13159415, 9197841, 3875503, -8936108, -1383712, -5879801, 33518459, 16176658, 21432314, 12180697 }, + { -11787308, 11500838, 13787581, -13832590, -22430679, 10140205, 1465425, 12689540, -10301319, -13872883 } + } +}, +{ /* 9/31 */ + { + { 5414091, -15386041, -21007664, 9643570, 12834970, 1186149, -2622916, -1342231, 26128231, 6032912 }, + { -26337395, -13766162, 32496025, -13653919, 17847801, -12669156, 3604025, 8316894, -25875034, -10437358 }, + { 3296484, 6223048, 24680646, -12246460, -23052020, 5903205, -8862297, -4639164, 12376617, 3188849 } + }, + { + { 29190488, -14659046, 27549113, -1183516, 3520066, -10697301, 32049515, -7309113, -16109234, -9852307 }, + { -14744486, -9309156, 735818, -598978, -20407687, -5057904, 25246078, -15795669, 18640741, -960977 }, + { -6928835, -16430795, 10361374, 5642961, 4910474, 12345252, -31638386, -494430, 10530747, 1053335 } + }, + { + { -29265967, -14186805, -13538216, -12117373, -19457059, -10655384, -31462369, -2948985, 24018831, 15026644 }, + { -22592535, -3145277, -2289276, 5953843, -13440189, 9425631, 25310643, 13003497, -2314791, -15145616 }, + { -27419985, -603321, -8043984, -1669117, -26092265, 13987819, -27297622, 187899, -23166419, -2531735 } + }, + { + { -21744398, -13810475, 1844840, 5021428, -10434399, -15911473, 9716667, 16266922, -5070217, 726099 }, + { 29370922, -6053998, 7334071, -15342259, 9385287, 2247707, -13661962, -4839461, 30007388, -15823341 }, + { -936379, 16086691, 23751945, -543318, -1167538, -5189036, 9137109, 730663, 9835848, 4555336 } + }, + { + { -23376435, 1410446, -22253753, -12899614, 30867635, 15826977, 17693930, 544696, -11985298, 12422646 }, + { 31117226, -12215734, -13502838, 6561947, -9876867, -12757670, -5118685, -4096706, 29120153, 13924425 }, + { -17400879, -14233209, 19675799, -2734756, -11006962, -5858820, -9383939, -11317700, 7240931, -237388 } + }, + { + { -31361739, -11346780, -15007447, -5856218, -22453340, -12152771, 1222336, 4389483, 3293637, -15551743 }, + { -16684801, -14444245, 11038544, 11054958, -13801175, -3338533, -24319580, 7733547, 12796905, -6335822 }, + { -8759414, -10817836, -25418864, 10783769, -30615557, -9746811, -28253339, 3647836, 3222231, -11160462 } + }, + { + { 18606113, 1693100, -25448386, -15170272, 4112353, 10045021, 23603893, -2048234, -7550776, 2484985 }, + { 9255317, -3131197, -12156162, -1004256, 13098013, -9214866, 16377220, -2102812, -19802075, -3034702 }, + { -22729289, 7496160, -5742199, 11329249, 19991973, -3347502, -31718148, 9936966, -30097688, -10618797 } + }, + { + { 21878590, -5001297, 4338336, 13643897, -3036865, 13160960, 19708896, 5415497, -7360503, -4109293 }, + { 27736861, 10103576, 12500508, 8502413, -3413016, -9633558, 10436918, -1550276, -23659143, -8132100 }, + { 19492550, -12104365, -29681976, -852630, -3208171, 12403437, 30066266, 8367329, 13243957, 8709688 } + } +}, +{ /* 10/31 */ + { + { 12015105, 2801261, 28198131, 10151021, 24818120, -4743133, -11194191, -5645734, 5150968, 7274186 }, + { 2831366, -12492146, 1478975, 6122054, 23825128, -12733586, 31097299, 6083058, 31021603, -9793610 }, + { -2529932, -2229646, 445613, 10720828, -13849527, -11505937, -23507731, 16354465, 15067285, -14147707 } + }, + { + { 7840942, 14037873, -33364863, 15934016, -728213, -3642706, 21403988, 1057586, -19379462, -12403220 }, + { 915865, -16469274, 15608285, -8789130, -24357026, 6060030, -17371319, 8410997, -7220461, 16527025 }, + { 32922597, -556987, 20336074, -16184568, 10903705, -5384487, 16957574, 52992, 23834301, 6588044 } + }, + { + { 32752030, 11232950, 3381995, -8714866, 22652988, -10744103, 17159699, 16689107, -20314580, -1305992 }, + { -4689649, 9166776, -25710296, -10847306, 11576752, 12733943, 7924251, -2752281, 1976123, -7249027 }, + { 21251222, 16309901, -2983015, -6783122, 30810597, 12967303, 156041, -3371252, 12331345, -8237197 } + }, + { + { 8651614, -4477032, -16085636, -4996994, 13002507, 2950805, 29054427, -5106970, 10008136, -4667901 }, + { 31486080, 15114593, -14261250, 12951354, 14369431, -7387845, 16347321, -13662089, 8684155, -10532952 }, + { 19443825, 11385320, 24468943, -9659068, -23919258, 2187569, -26263207, -6086921, 31316348, 14219878 } + }, + { + { -28594490, 1193785, 32245219, 11392485, 31092169, 15722801, 27146014, 6992409, 29126555, 9207390 }, + { 32382935, 1110093, 18477781, 11028262, -27411763, -7548111, -4980517, 10843782, -7957600, -14435730 }, + { 2814918, 7836403, 27519878, -7868156, -20894015, -11553689, -21494559, 8550130, 28346258, 1994730 } + }, + { + { -19578299, 8085545, -14000519, -3948622, 2785838, -16231307, -19516951, 7174894, 22628102, 8115180 }, + { -30405132, 955511, -11133838, -15078069, -32447087, -13278079, -25651578, 3317160, -9943017, 930272 }, + { -15303681, -6833769, 28856490, 1357446, 23421993, 1057177, 24091212, -1388970, -22765376, -10650715 } + }, + { + { -22751231, -5303997, -12907607, -12768866, -15811511, -7797053, -14839018, -16554220, -1867018, 8398970 }, + { -31969310, 2106403, -4736360, 1362501, 12813763, 16200670, 22981545, -6291273, 18009408, -15772772 }, + { -17220923, -9545221, -27784654, 14166835, 29815394, 7444469, 29551787, -3727419, 19288549, 1325865 } + }, + { + { 15100157, -15835752, -23923978, -1005098, -26450192, 15509408, 12376730, -3479146, 33166107, -8042750 }, + { 20909231, 13023121, -9209752, 16251778, -5778415, -8094914, 12412151, 10018715, 2213263, -13878373 }, + { 32529814, -11074689, 30361439, -16689753, -9135940, 1513226, 22922121, 6382134, -5766928, 8371348 } + } +}, +{ /* 11/31 */ + { + { 9923462, 11271500, 12616794, 3544722, -29998368, -1721626, 12891687, -8193132, -26442943, 10486144 }, + { -22597207, -7012665, 8587003, -8257861, 4084309, -12970062, 361726, 2610596, -23921530, -11455195 }, + { 5408411, -1136691, -4969122, 10561668, 24145918, 14240566, 31319731, -4235541, 19985175, -3436086 } + }, + { + { -13994457, 16616821, 14549246, 3341099, 32155958, 13648976, -17577068, 8849297, 65030, 8370684 }, + { -8320926, -12049626, 31204563, 5839400, -20627288, -1057277, -19442942, 6922164, 12743482, -9800518 }, + { -2361371, 12678785, 28815050, 4759974, -23893047, 4884717, 23783145, 11038569, 18800704, 255233 } + }, + { + { -5269658, -1773886, 13957886, 7990715, 23132995, 728773, 13393847, 9066957, 19258688, -14753793 }, + { -2936654, -10827535, -10432089, 14516793, -3640786, 4372541, -31934921, 2209390, -1524053, 2055794 }, + { 580882, 16705327, 5468415, -2683018, -30926419, -14696000, -7203346, -8994389, -30021019, 7394435 } + }, + { + { 23838809, 1822728, -15738443, 15242727, 8318092, -3733104, -21672180, -3492205, -4821741, 14799921 }, + { 13345610, 9759151, 3371034, -16137791, 16353039, 8577942, 31129804, 13496856, -9056018, 7402518 }, + { 2286874, -4435931, -20042458, -2008336, -13696227, 5038122, 11006906, -15760352, 8205061, 1607563 } + }, + { + { 14414086, -8002132, 3331830, -3208217, 22249151, -5594188, 18364661, -2906958, 30019587, -9029278 }, + { -27688051, 1585953, -10775053, 931069, -29120221, -11002319, -14410829, 12029093, 9944378, 8024 }, + { 4368715, -3709630, 29874200, -15022983, -20230386, -11410704, -16114594, -999085, -8142388, 5640030 } + }, + { + { 10299610, 13746483, 11661824, 16234854, 7630238, 5998374, 9809887, -16694564, 15219798, -14327783 }, + { 27425505, -5719081, 3055006, 10660664, 23458024, 595578, -15398605, -1173195, -18342183, 9742717 }, + { 6744077, 2427284, 26042789, 2720740, -847906, 1118974, 32324614, 7406442, 12420155, 1994844 } + }, + { + { 14012521, -5024720, -18384453, -9578469, -26485342, -3936439, -13033478, -10909803, 24319929, -6446333 }, + { 16412690, -4507367, 10772641, 15929391, -17068788, -4658621, 10555945, -10484049, -30102368, -4739048 }, + { 22397382, -7767684, -9293161, -12792868, 17166287, -9755136, -27333065, 6199366, 21880021, -12250760 } + }, + { + { -4283307, 5368523, -31117018, 8163389, -30323063, 3209128, 16557151, 8890729, 8840445, 4957760 }, + { -15447727, 709327, -6919446, -10870178, -29777922, 6522332, -21720181, 12130072, -14796503, 5005757 }, + { -2114751, -14308128, 23019042, 15765735, -25269683, 6002752, 10183197, -13239326, -16395286, -2176112 } + } +}, +{ /* 12/31 */ + { + { -19025756, 1632005, 13466291, -7995100, -23640451, 16573537, -32013908, -3057104, 22208662, 2000468 }, + { 3065073, -1412761, -25598674, -361432, -17683065, -5703415, -8164212, 11248527, -3691214, -7414184 }, + { 10379208, -6045554, 8877319, 1473647, -29291284, -12507580, 16690915, 2553332, -3132688, 16400289 } + }, + { + { 15716668, 1254266, -18472690, 7446274, -8448918, 6344164, -22097271, -7285580, 26894937, 9132066 }, + { 24158887, 12938817, 11085297, -8177598, -28063478, -4457083, -30576463, 64452, -6817084, -2692882 }, + { 13488534, 7794716, 22236231, 5989356, 25426474, -12578208, 2350710, -3418511, -4688006, 2364226 } + }, + { + { 16335052, 9132434, 25640582, 6678888, 1725628, 8517937, -11807024, -11697457, 15445875, -7798101 }, + { 29004207, -7867081, 28661402, -640412, -12794003, -7943086, 31863255, -4135540, -278050, -15759279 }, + { -6122061, -14866665, -28614905, 14569919, -10857999, -3591829, 10343412, -6976290, -29828287, -10815811 } + }, + { + { 27081650, 3463984, 14099042, -4517604, 1616303, -6205604, 29542636, 15372179, 17293797, 960709 }, + { 20263915, 11434237, -5765435, 11236810, 13505955, -10857102, -16111345, 6493122, -19384511, 7639714 }, + { -2830798, -14839232, 25403038, -8215196, -8317012, -16173699, 18006287, -16043750, 29994677, -15808121 } + }, + { + { 9769828, 5202651, -24157398, -13631392, -28051003, -11561624, -24613141, -13860782, -31184575, 709464 }, + { 12286395, 13076066, -21775189, -1176622, -25003198, 4057652, -32018128, -8890874, 16102007, 13205847 }, + { 13733362, 5599946, 10557076, 3195751, -5557991, 8536970, -25540170, 8525972, 10151379, 10394400 } + }, + { + { 4024660, -16137551, 22436262, 12276534, -9099015, -2686099, 19698229, 11743039, -33302334, 8934414 }, + { -15879800, -4525240, -8580747, -2934061, 14634845, -698278, -9449077, 3137094, -11536886, 11721158 }, + { 17555939, -5013938, 8268606, 2331751, -22738815, 9761013, 9319229, 8835153, -9205489, -1280045 } + }, + { + { -461409, -7830014, 20614118, 16688288, -7514766, -4807119, 22300304, 505429, 6108462, -6183415 }, + { -5070281, 12367917, -30663534, 3234473, 32617080, -8422642, 29880583, -13483331, -26898490, -7867459 }, + { -31975283, 5726539, 26934134, 10237677, -3173717, -605053, 24199304, 3795095, 7592688, -14992079 } + }, + { + { 21594432, -14964228, 17466408, -4077222, 32537084, 2739898, 6407723, 12018833, -28256052, 4298412 }, + { -20650503, -11961496, -27236275, 570498, 3767144, -1717540, 13891942, -1569194, 13717174, 10805743 }, + { -14676630, -15644296, 15287174, 11927123, 24177847, -8175568, -796431, 14860609, -26938930, -5863836 } + } +}, +{ /* 13/31 */ + { + { 12962541, 5311799, -10060768, 11658280, 18855286, -7954201, 13286263, -12808704, -4381056, 9882022 }, + { 18512079, 11319350, -20123124, 15090309, 18818594, 5271736, -22727904, 3666879, -23967430, -3299429 }, + { -6789020, -3146043, 16192429, 13241070, 15898607, -14206114, -10084880, -6661110, -2403099, 5276065 } + }, + { + { 30169808, -5317648, 26306206, -11750859, 27814964, 7069267, 7152851, 3684982, 1449224, 13082861 }, + { 10342826, 3098505, 2119311, 193222, 25702612, 12233820, 23697382, 15056736, -21016438, -8202000 }, + { -33150110, 3261608, 22745853, 7948688, 19370557, -15177665, -26171976, 6482814, -10300080, -11060101 } + }, + { + { 32869458, -5408545, 25609743, 15678670, -10687769, -15471071, 26112421, 2521008, -22664288, 6904815 }, + { 29506923, 4457497, 3377935, -9796444, -30510046, 12935080, 1561737, 3841096, -29003639, -6657642 }, + { 10340844, -6630377, -18656632, -2278430, 12621151, -13339055, 30878497, -11824370, -25584551, 5181966 } + }, + { + { 25940115, -12658025, 17324188, -10307374, -8671468, 15029094, 24396252, -16450922, -2322852, -12388574 }, + { -21765684, 9916823, -1300409, 4079498, -1028346, 11909559, 1782390, 12641087, 20603771, -6561742 }, + { -18882287, -11673380, 24849422, 11501709, 13161720, -4768874, 1925523, 11914390, 4662781, 7820689 } + }, + { + { 12241050, -425982, 8132691, 9393934, 32846760, -1599620, 29749456, 12172924, 16136752, 15264020 }, + { -10349955, -14680563, -8211979, 2330220, -17662549, -14545780, 10658213, 6671822, 19012087, 3772772 }, + { 3753511, -3421066, 10617074, 2028709, 14841030, -6721664, 28718732, -15762884, 20527771, 12988982 } + }, + { + { -14822485, -5797269, -3707987, 12689773, -898983, -10914866, -24183046, -10564943, 3299665, -12424953 }, + { -16777703, -15253301, -9642417, 4978983, 3308785, 8755439, 6943197, 6461331, -25583147, 8991218 }, + { -17226263, 1816362, -1673288, -6086439, 31783888, -8175991, -32948145, 7417950, -30242287, 1507265 } + }, + { + { 29692663, 6829891, -10498800, 4334896, 20945975, -11906496, -28887608, 8209391, 14606362, -10647073 }, + { -3481570, 8707081, 32188102, 5672294, 22096700, 1711240, -33020695, 9761487, 4170404, -2085325 }, + { -11587470, 14855945, -4127778, -1531857, -26649089, 15084046, 22186522, 16002000, -14276837, -8400798 } + }, + { + { -4811456, 13761029, -31703877, -2483919, -3312471, 7869047, -7113572, -9620092, 13240845, 10965870 }, + { -7742563, -8256762, -14768334, -13656260, -23232383, 12387166, 4498947, 14147411, 29514390, 4302863 }, + { -13413405, -12407859, 20757302, -13801832, 14785143, 8976368, -5061276, -2144373, 17846988, -13971927 } + } +}, +{ /* 14/31 */ + { + { -2244452, -754728, -4597030, -1066309, -6247172, 1455299, -21647728, -9214789, -5222701, 12650267 }, + { -9906797, -16070310, 21134160, 12198166, -27064575, 708126, 387813, 13770293, -19134326, 10958663 }, + { 22470984, 12369526, 23446014, -5441109, -21520802, -9698723, -11772496, -11574455, -25083830, 4271862 } + }, + { + { -25169565, -10053642, -19909332, 15361595, -5984358, 2159192, 75375, -4278529, -32526221, 8469673 }, + { 15854970, 4148314, -8893890, 7259002, 11666551, 13824734, -30531198, 2697372, 24154791, -9460943 }, + { 15446137, -15806644, 29759747, 14019369, 30811221, -9610191, -31582008, 12840104, 24913809, 9815020 } + }, + { + { -4709286, -5614269, -31841498, -12288893, -14443537, 10799414, -9103676, 13438769, 18735128, 9466238 }, + { 11933045, 9281483, 5081055, -5183824, -2628162, -4905629, -7727821, -10896103, -22728655, 16199064 }, + { 14576810, 379472, -26786533, -8317236, -29426508, -10812974, -102766, 1876699, 30801119, 2164795 } + }, + { + { 15995086, 3199873, 13672555, 13712240, -19378835, -4647646, -13081610, -15496269, -13492807, 1268052 }, + { -10290614, -3659039, -3286592, 10948818, 23037027, 3794475, -3470338, -12600221, -17055369, 3565904 }, + { 29210088, -9419337, -5919792, -4952785, 10834811, -13327726, -16512102, -10820713, -27162222, -14030531 } + }, + { + { -13161890, 15508588, 16663704, -8156150, -28349942, 9019123, -29183421, -3769423, 2244111, -14001979 }, + { -5152875, -3800936, -9306475, -6071583, 16243069, 14684434, -25673088, -16180800, 13491506, 4641841 }, + { 10813417, 643330, -19188515, -728916, 30292062, -16600078, 27548447, -7721242, 14476989, -12767431 } + }, + { + { 10292079, 9984945, 6481436, 8279905, -7251514, 7032743, 27282937, -1644259, -27912810, 12651324 }, + { -31185513, -813383, 22271204, 11835308, 10201545, 15351028, 17099662, 3988035, 21721536, -3148940 }, + { 10202177, -6545839, -31373232, -9574638, -32150642, -8119683, -12906320, 3852694, 13216206, 14842320 } + }, + { + { -15815640, -10601066, -6538952, -7258995, -6984659, -6581778, -31500847, 13765824, -27434397, 9900184 }, + { 14465505, -13833331, -32133984, -14738873, -27443187, 12990492, 33046193, 15796406, -7051866, -8040114 }, + { 30924417, -8279620, 6359016, -12816335, 16508377, 9071735, -25488601, 15413635, 9524356, -7018878 } + }, + { + { 12274201, -13175547, 32627641, -1785326, 6736625, 13267305, 5237659, -5109483, 15663516, 4035784 }, + { -2951309, 8903985, 17349946, 601635, -16432815, -4612556, -13732739, -15889334, -22258478, 4659091 }, + { -16916263, -4952973, -30393711, -15158821, 20774812, 15897498, 5736189, 15026997, -2178256, -13455585 } + } +}, +{ /* 15/31 */ + { + { -8858980, -2219056, 28571666, -10155518, -474467, -10105698, -3801496, 278095, 23440562, -290208 }, + { 10226241, -5928702, 15139956, 120818, -14867693, 5218603, 32937275, 11551483, -16571960, -7442864 }, + { 17932739, -12437276, -24039557, 10749060, 11316803, 7535897, 22503767, 5561594, -3646624, 3898661 } + }, + { + { 7749907, -969567, -16339731, -16464, -25018111, 15122143, -1573531, 7152530, 21831162, 1245233 }, + { 26958459, -14658026, 4314586, 8346991, -5677764, 11960072, -32589295, -620035, -30402091, -16716212 }, + { -12165896, 9166947, 33491384, 13673479, 29787085, 13096535, 6280834, 14587357, -22338025, 13987525 } + }, + { + { -24349909, 7778775, 21116000, 15572597, -4833266, -5357778, -4300898, -5124639, -7469781, -2858068 }, + { 9681908, -6737123, -31951644, 13591838, -6883821, 386950, 31622781, 6439245, -14581012, 4091397 }, + { -8426427, 1470727, -28109679, -1596990, 3978627, -5123623, -19622683, 12092163, 29077877, -14741988 } + }, + { + { 5269168, -6859726, -13230211, -8020715, 25932563, 1763552, -5606110, -5505881, -20017847, 2357889 }, + { 32264008, -15407652, -5387735, -1160093, -2091322, -3946900, 23104804, -12869908, 5727338, 189038 }, + { 14609123, -8954470, -6000566, -16622781, -14577387, -7743898, -26745169, 10942115, -25888931, -14884697 } + }, + { + { 20513500, 5557931, -15604613, 7829531, 26413943, -2019404, -21378968, 7471781, 13913677, -5137875 }, + { -25574376, 11967826, 29233242, 12948236, -6754465, 4713227, -8940970, 14059180, 12878652, 8511905 }, + { -25656801, 3393631, -2955415, -7075526, -2250709, 9366908, -30223418, 6812974, 5568676, -3127656 } + }, + { + { 11630004, 12144454, 2116339, 13606037, 27378885, 15676917, -17408753, -13504373, -14395196, 8070818 }, + { 27117696, -10007378, -31282771, -5570088, 1127282, 12772488, -29845906, 10483306, -11552749, -1028714 }, + { 10637467, -5688064, 5674781, 1072708, -26343588, -6982302, -1683975, 9177853, -27493162, 15431203 } + }, + { + { 20525145, 10892566, -12742472, 12779443, -29493034, 16150075, -28240519, 14943142, -15056790, -7935931 }, + { -30024462, 5626926, -551567, -9981087, 753598, 11981191, 25244767, -3239766, -3356550, 9594024 }, + { -23752644, 2636870, -5163910, -10103818, 585134, 7877383, 11345683, -6492290, 13352335, -10977084 } + }, + { + { -1931799, -5407458, 3304649, -12884869, 17015806, -4877091, -29783850, -7752482, -13215537, -319204 }, + { 20239939, 6607058, 6203985, 3483793, -18386976, -779229, -20723742, 15077870, -22750759, 14523817 }, + { 27406042, -6041657, 27423596, -4497394, 4996214, 10002360, -28842031, -4545494, -30172742, -4805667 } + } +}, +{ /* 16/31 */ + { + { 11374242, 12660715, 17861383, -12540833, 10935568, 1099227, -13886076, -9091740, -27727044, 11358504 }, + { -12730809, 10311867, 1510375, 10778093, -2119455, -9145702, 32676003, 11149336, -26123651, 4985768 }, + { -19096303, 341147, -6197485, -239033, 15756973, -8796662, -983043, 13794114, -19414307, -15621255 } + }, + { + { 6490081, 11940286, 25495923, -7726360, 8668373, -8751316, 3367603, 6970005, -1691065, -9004790 }, + { 1656497, 13457317, 15370807, 6364910, 13605745, 8362338, -19174622, -5475723, -16796596, -5031438 }, + { -22273315, -13524424, -64685, -4334223, -18605636, -10921968, -20571065, -7007978, -99853, -10237333 } + }, + { + { 17747465, 10039260, 19368299, -4050591, -20630635, -16041286, 31992683, -15857976, -29260363, -5511971 }, + { 31932027, -4986141, -19612382, 16366580, 22023614, 88450, 11371999, -3744247, 4882242, -10626905 }, + { 29796507, 37186, 19818052, 10115756, -11829032, 3352736, 18551198, 3272828, -5190932, -4162409 } + }, + { + { 12501286, 4044383, -8612957, -13392385, -32430052, 5136599, -19230378, -3529697, 330070, -3659409 }, + { 6384877, 2899513, 17807477, 7663917, -2358888, 12363165, 25366522, -8573892, -271295, 12071499 }, + { -8365515, -4042521, 25133448, -4517355, -6211027, 2265927, -32769618, 1936675, -5159697, 3829363 } + }, + { + { 28425966, -5835433, -577090, -4697198, -14217555, 6870930, 7921550, -6567787, 26333140, 14267664 }, + { -11067219, 11871231, 27385719, -10559544, -4585914, -11189312, 10004786, -8709488, -21761224, 8930324 }, + { -21197785, -16396035, 25654216, -1725397, 12282012, 11008919, 1541940, 4757911, -26491501, -16408940 } + }, + { + { 13537262, -7759490, -20604840, 10961927, -5922820, -13218065, -13156584, 6217254, -15943699, 13814990 }, + { -17422573, 15157790, 18705543, 29619, 24409717, -260476, 27361681, 9257833, -1956526, -1776914 }, + { -25045300, -10191966, 15366585, 15166509, -13105086, 8423556, -29171540, 12361135, -18685978, 4578290 } + }, + { + { 24579768, 3711570, 1342322, -11180126, -27005135, 14124956, -22544529, 14074919, 21964432, 8235257 }, + { -6528613, -2411497, 9442966, -5925588, 12025640, -1487420, -2981514, -1669206, 13006806, 2355433 }, + { -16304899, -13605259, -6632427, -5142349, 16974359, -10911083, 27202044, 1719366, 1141648, -12796236 } + }, + { + { -12863944, -13219986, -8318266, -11018091, -6810145, -4843894, 13475066, -3133972, 32674895, 13715045 }, + { 11423335, -5468059, 32344216, 8962751, 24989809, 9241752, -13265253, 16086212, -28740881, -15642093 }, + { -1409668, 12530728, -6368726, 10847387, 19531186, -14132160, -11709148, 7791794, -27245943, 4383347 } + } +}, +{ /* 17/31 */ + { + { -28970898, 5271447, -1266009, -9736989, -12455236, 16732599, -4862407, -4906449, 27193557, 6245191 }, + { -15193956, 5362278, -1783893, 2695834, 4960227, 12840725, 23061898, 3260492, 22510453, 8577507 }, + { -12632451, 11257346, -32692994, 13548177, -721004, 10879011, 31168030, 13952092, -29571492, -3635906 } + }, + { + { 3877321, -9572739, 32416692, 5405324, -11004407, -13656635, 3759769, 11935320, 5611860, 8164018 }, + { -16275802, 14667797, 15906460, 12155291, -22111149, -9039718, 32003002, -8832289, 5773085, -8422109 }, + { -23788118, -8254300, 1950875, 8937633, 18686727, 16459170, -905725, 12376320, 31632953, 190926 } + }, + { + { -24593607, -16138885, -8423991, 13378746, 14162407, 6901328, -8288749, 4508564, -25341555, -3627528 }, + { 8884438, -5884009, 6023974, 10104341, -6881569, -4941533, 18722941, -14786005, -1672488, 827625 }, + { -32720583, -16289296, -32503547, 7101210, 13354605, 2659080, -1800575, -14108036, -24878478, 1541286 } + }, + { + { 2901347, -1117687, 3880376, -10059388, -17620940, -3612781, -21802117, -3567481, 20456845, -1885033 }, + { 27019610, 12299467, -13658288, -1603234, -12861660, -4861471, -19540150, -5016058, 29439641, 15138866 }, + { 21536104, -6626420, -32447818, -10690208, -22408077, 5175814, -5420040, -16361163, 7779328, 109896 } + }, + { + { 30279744, 14648750, -8044871, 6425558, 13639621, -743509, 28698390, 12180118, 23177719, -554075 }, + { 26572847, 3405927, -31701700, 12890905, -19265668, 5335866, -6493768, 2378492, 4439158, -13279347 }, + { -22716706, 3489070, -9225266, -332753, 18875722, -1140095, 14819434, -12731527, -17717757, -5461437 } + }, + { + { -5056483, 16566551, 15953661, 3767752, -10436499, 15627060, -820954, 2177225, 8550082, -15114165 }, + { -18473302, 16596775, -381660, 15663611, 22860960, 15585581, -27844109, -3582739, -23260460, -8428588 }, + { -32480551, 15707275, -8205912, -5652081, 29464558, 2713815, -22725137, 15860482, -21902570, 1494193 } + }, + { + { -19562091, -14087393, -25583872, -9299552, 13127842, 759709, 21923482, 16529112, 8742704, 12967017 }, + { -28464899, 1553205, 32536856, -10473729, -24691605, -406174, -8914625, -2933896, -29903758, 15553883 }, + { 21877909, 3230008, 9881174, 10539357, -4797115, 2841332, 11543572, 14513274, 19375923, -12647961 } + }, + { + { 8832269, -14495485, 13253511, 5137575, 5037871, 4078777, 24880818, -6222716, 2862653, 9455043 }, + { 29306751, 5123106, 20245049, -14149889, 9592566, 8447059, -2077124, -2990080, 15511449, 4789663 }, + { -20679756, 7004547, 8824831, -9434977, -4045704, -3750736, -5754762, 108893, 23513200, 16652362 } + } +}, +{ /* 18/31 */ + { + { -33256173, 4144782, -4476029, -6579123, 10770039, -7155542, -6650416, -12936300, -18319198, 10212860 }, + { 2756081, 8598110, 7383731, -6859892, 22312759, -1105012, 21179801, 2600940, -9988298, -12506466 }, + { -24645692, 13317462, -30449259, -15653928, 21365574, -10869657, 11344424, 864440, -2499677, -16710063 } + }, + { + { -26432803, 6148329, -17184412, -14474154, 18782929, -275997, -22561534, 211300, 2719757, 4940997 }, + { -1323882, 3911313, -6948744, 14759765, -30027150, 7851207, 21690126, 8518463, 26699843, 5276295 }, + { -13149873, -6429067, 9396249, 365013, 24703301, -10488939, 1321586, 149635, -15452774, 7159369 } + }, + { + { 9987780, -3404759, 17507962, 9505530, 9731535, -2165514, 22356009, 8312176, 22477218, -8403385 }, + { 18155857, -16504990, 19744716, 9006923, 15154154, -10538976, 24256460, -4864995, -22548173, 9334109 }, + { 2986088, -4911893, 10776628, -3473844, 10620590, -7083203, -21413845, 14253545, -22587149, 536906 } + }, + { + { 4377756, 8115836, 24567078, 15495314, 11625074, 13064599, 7390551, 10589625, 10838060, -15420424 }, + { -19342404, 867880, 9277171, -3218459, -14431572, -1986443, 19295826, -15796950, 6378260, 699185 }, + { 7895026, 4057113, -7081772, -13077756, -17886831, -323126, -716039, 15693155, -5045064, -13373962 } + }, + { + { -7737563, -5869402, -14566319, -7406919, 11385654, 13201616, 31730678, -10962840, -3918636, -9669325 }, + { 10188286, -15770834, -7336361, 13427543, 22223443, 14896287, 30743455, 7116568, -21786507, 5427593 }, + { 696102, 13206899, 27047647, -10632082, 15285305, -9853179, 10798490, -4578720, 19236243, 12477404 } + }, + { + { -11229439, 11243796, -17054270, -8040865, -788228, -8167967, -3897669, 11180504, -23169516, 7733644 }, + { 17800790, -14036179, -27000429, -11766671, 23887827, 3149671, 23466177, -10538171, 10322027, 15313801 }, + { 26246234, 11968874, 32263343, -5468728, 6830755, -13323031, -15794704, -101982, -24449242, 10890804 } + }, + { + { -31365647, 10271363, -12660625, -6267268, 16690207, -13062544, -14982212, 16484931, 25180797, -5334884 }, + { -586574, 10376444, -32586414, -11286356, 19801893, 10997610, 2276632, 9482883, 316878, 13820577 }, + { -9882808, -4510367, -2115506, 16457136, -11100081, 11674996, 30756178, -7515054, 30696930, -3712849 } + }, + { + { 32988917, -9603412, 12499366, 7910787, -10617257, -11931514, -7342816, -9985397, -32349517, 7392473 }, + { -8855661, 15927861, 9866406, -3649411, -2396914, -16655781, -30409476, -9134995, 25112947, -2926644 }, + { -2504044, -436966, 25621774, -5678772, 15085042, -5479877, -24884878, -13526194, 5537438, -13914319 } + } +}, +{ /* 19/31 */ + { + { -11225584, 2320285, -9584280, 10149187, -33444663, 5808648, -14876251, -1729667, 31234590, 6090599 }, + { -9633316, 116426, 26083934, 2897444, -6364437, -2688086, 609721, 15878753, -6970405, -9034768 }, + { -27757857, 247744, -15194774, -9002551, 23288161, -10011936, -23869595, 6503646, 20650474, 1804084 } + }, + { + { -27589786, 15456424, 8972517, 8469608, 15640622, 4439847, 3121995, -10329713, 27842616, -202328 }, + { -15306973, 2839644, 22530074, 10026331, 4602058, 5048462, 28248656, 5031932, -11375082, 12714369 }, + { 20807691, -7270825, 29286141, 11421711, -27876523, -13868230, -21227475, 1035546, -19733229, 12796920 } + }, + { + { 12076899, -14301286, -8785001, -11848922, -25012791, 16400684, -17591495, -12899438, 3480665, -15182815 }, + { -32361549, 5457597, 28548107, 7833186, 7303070, -11953545, -24363064, -15921875, -33374054, 2771025 }, + { -21389266, 421932, 26597266, 6860826, 22486084, -6737172, -17137485, -4210226, -24552282, 15673397 } + }, + { + { -20184622, 2338216, 19788685, -9620956, -4001265, -8740893, -20271184, 4733254, 3727144, -12934448 }, + { 6120119, 814863, -11794402, -622716, 6812205, -15747771, 2019594, 7975683, 31123697, -10958981 }, + { 30069250, -11435332, 30434654, 2958439, 18399564, -976289, 12296869, 9204260, -16432438, 9648165 } + }, + { + { 32705432, -1550977, 30705658, 7451065, -11805606, 9631813, 3305266, 5248604, -26008332, -11377501 }, + { 17219865, 2375039, -31570947, -5575615, -19459679, 9219903, 294711, 15298639, 2662509, -16297073 }, + { -1172927, -7558695, -4366770, -4287744, -21346413, -8434326, 32087529, -1222777, 32247248, -14389861 } + }, + { + { 14312628, 1221556, 17395390, -8700143, -4945741, -8684635, -28197744, -9637817, -16027623, -13378845 }, + { -1428825, -9678990, -9235681, 6549687, -7383069, -468664, 23046502, 9803137, 17597934, 2346211 }, + { 18510800, 15337574, 26171504, 981392, -22241552, 7827556, -23491134, -11323352, 3059833, -11782870 } + }, + { + { 10141598, 6082907, 17829293, -1947643, 9830092, 13613136, -25556636, -5544586, -33502212, 3592096 }, + { 33114168, -15889352, -26525686, -13343397, 33076705, 8716171, 1151462, 1521897, -982665, -6837803 }, + { -32939165, -4255815, 23947181, -324178, -33072974, -12305637, -16637686, 3891704, 26353178, 693168 } + }, + { + { 30374239, 1595580, -16884039, 13186931, 4600344, 406904, 9585294, -400668, 31375464, 14369965 }, + { -14370654, -7772529, 1510301, 6434173, -18784789, -6262728, 32732230, -13108839, 17901441, 16011505 }, + { 18171223, -11934626, -12500402, 15197122, -11038147, -15230035, -19172240, -16046376, 8764035, 12309598 } + } +}, +{ /* 20/31 */ + { + { 5975908, -5243188, -19459362, -9681747, -11541277, 14015782, -23665757, 1228319, 17544096, -10593782 }, + { 5811932, -1715293, 3442887, -2269310, -18367348, -8359541, -18044043, -15410127, -5565381, 12348900 }, + { -31399660, 11407555, 25755363, 6891399, -3256938, 14872274, -24849353, 8141295, -10632534, -585479 } + }, + { + { -12675304, 694026, -5076145, 13300344, 14015258, -14451394, -9698672, -11329050, 30944593, 1130208 }, + { 8247766, -6710942, -26562381, -7709309, -14401939, -14648910, 4652152, 2488540, 23550156, -271232 }, + { 17294316, -3788438, 7026748, 15626851, 22990044, 113481, 2267737, -5908146, -408818, -137719 } + }, + { + { 16091085, -16253926, 18599252, 7340678, 2137637, -1221657, -3364161, 14550936, 3260525, -7166271 }, + { -4910104, -13332887, 18550887, 10864893, -16459325, -7291596, -23028869, -13204905, -12748722, 2701326 }, + { -8574695, 16099415, 4629974, -16340524, -20786213, -6005432, -10018363, 9276971, 11329923, 1862132 } + }, + { + { 14763076, -15903608, -30918270, 3689867, 3511892, 10313526, -21951088, 12219231, -9037963, -940300 }, + { 8894987, -3446094, 6150753, 3013931, 301220, 15693451, -31981216, -2909717, -15438168, 11595570 }, + { 15214962, 3537601, -26238722, -14058872, 4418657, -15230761, 13947276, 10730794, -13489462, -4363670 } + }, + { + { -2538306, 7682793, 32759013, 263109, -29984731, -7955452, -22332124, -10188635, 977108, 699994 }, + { -12466472, 4195084, -9211532, 550904, -15565337, 12917920, 19118110, -439841, -30534533, -14337913 }, + { 31788461, -14507657, 4799989, 7372237, 8808585, -14747943, 9408237, -10051775, 12493932, -5409317 } + }, + { + { -25680606, 5260744, -19235809, -6284470, -3695942, 16566087, 27218280, 2607121, 29375955, 6024730 }, + { 842132, -2794693, -4763381, -8722815, 26332018, -12405641, 11831880, 6985184, -9940361, 2854096 }, + { -4847262, -7969331, 2516242, -5847713, 9695691, -7221186, 16512645, 960770, 12121869, 16648078 } + }, + { + { -15218652, 14667096, -13336229, 2013717, 30598287, -464137, -31504922, -7882064, 20237806, 2838411 }, + { -19288047, 4453152, 15298546, -16178388, 22115043, -15972604, 12544294, -13470457, 1068881, -12499905 }, + { -9558883, -16518835, 33238498, 13506958, 30505848, -1114596, -8486907, -2630053, 12521378, 4845654 } + }, + { + { -28198521, 10744108, -2958380, 10199664, 7759311, -13088600, 3409348, -873400, -6482306, -12885870 }, + { -23561822, 6230156, -20382013, 10655314, -24040585, -11621172, 10477734, -1240216, -3113227, 13974498 }, + { 12966261, 15550616, -32038948, -1615346, 21025980, -629444, 5642325, 7188737, 18895762, 12629579 } + } +}, +{ /* 21/31 */ + { + { 14741879, -14946887, 22177208, -11721237, 1279741, 8058600, 11758140, 789443, 32195181, 3895677 }, + { 10758205, 15755439, -4509950, 9243698, -4879422, 6879879, -2204575, -3566119, -8982069, 4429647 }, + { -2453894, 15725973, -20436342, -10410672, -5803908, -11040220, -7135870, -11642895, 18047436, -15281743 } + }, + { + { -25173001, -11307165, 29759956, 11776784, -22262383, -15820455, 10993114, -12850837, -17620701, -9408468 }, + { 21987233, 700364, -24505048, 14972008, -7774265, -5718395, 32155026, 2581431, -29958985, 8773375 }, + { -25568350, 454463, -13211935, 16126715, 25240068, 8594567, 20656846, 12017935, -7874389, -13920155 } + }, + { + { 6028182, 6263078, -31011806, -11301710, -818919, 2461772, -31841174, -5468042, -1721788, -2776725 }, + { -12278994, 16624277, 987579, -5922598, 32908203, 1248608, 7719845, -4166698, 28408820, 6816612 }, + { -10358094, -8237829, 19549651, -12169222, 22082623, 16147817, 20613181, 13982702, -10339570, 5067943 } + }, + { + { -30505967, -3821767, 12074681, 13582412, -19877972, 2443951, -19719286, 12746132, 5331210, -10105944 }, + { 30528811, 3601899, -1957090, 4619785, -27361822, -15436388, 24180793, -12570394, 27679908, -1648928 }, + { 9402404, -13957065, 32834043, 10838634, -26580150, -13237195, 26653274, -8685565, 22611444, -12715406 } + }, + { + { 22190590, 1118029, 22736441, 15130463, -30460692, -5991321, 19189625, -4648942, 4854859, 6622139 }, + { -8310738, -2953450, -8262579, -3388049, -10401731, -271929, 13424426, -3567227, 26404409, 13001963 }, + { -31241838, -15415700, -2994250, 8939346, 11562230, -12840670, -26064365, -11621720, -15405155, 11020693 } + }, + { + { 1866042, -7949489, -7898649, -10301010, 12483315, 13477547, 3175636, -12424163, 28761762, 1406734 }, + { -448555, -1777666, 13018551, 3194501, -9580420, -11161737, 24760585, -4347088, 25577411, -13378680 }, + { -24290378, 4759345, -690653, -1852816, 2066747, 10693769, -29595790, 9884936, -9368926, 4745410 } + }, + { + { -9141284, 6049714, -19531061, -4341411, -31260798, 9944276, -15462008, -11311852, 10931924, -11931931 }, + { -16561513, 14112680, -8012645, 4817318, -8040464, -11414606, -22853429, 10856641, -20470770, 13434654 }, + { 22759489, -10073434, -16766264, -1871422, 13637442, -10168091, 1765144, -12654326, 28445307, -5364710 } + }, + { + { 29875063, 12493613, 2795536, -3786330, 1710620, 15181182, -10195717, -8788675, 9074234, 1167180 }, + { -26205683, 11014233, -9842651, -2635485, -26908120, 7532294, -18716888, -9535498, 3843903, 9367684 }, + { -10969595, -6403711, 9591134, 9582310, 11349256, 108879, 16235123, 8601684, -139197, 4242895 } + } +}, +{ /* 22/31 */ + { + { 22092954, -13191123, -2042793, -11968512, 32186753, -11517388, -6574341, 2470660, -27417366, 16625501 }, + { -11057722, 3042016, 13770083, -9257922, 584236, -544855, -7770857, 2602725, -27351616, 14247413 }, + { 6314175, -10264892, -32772502, 15957557, -10157730, 168750, -8618807, 14290061, 27108877, -1180880 } + }, + { + { -8586597, -7170966, 13241782, 10960156, -32991015, -13794596, 33547976, -11058889, -27148451, 981874 }, + { 22833440, 9293594, -32649448, -13618667, -9136966, 14756819, -22928859, -13970780, -10479804, -16197962 }, + { -7768587, 3326786, -28111797, 10783824, 19178761, 14905060, 22680049, 13906969, -15933690, 3797899 } + }, + { + { 21721356, -4212746, -12206123, 9310182, -3882239, -13653110, 23740224, -2709232, 20491983, -8042152 }, + { 9209270, -15135055, -13256557, -6167798, -731016, 15289673, 25947805, 15286587, 30997318, -6703063 }, + { 7392032, 16618386, 23946583, -8039892, -13265164, -1533858, -14197445, -2321576, 17649998, -250080 } + }, + { + { -9301088, -14193827, 30609526, -3049543, -25175069, -1283752, -15241566, -9525724, -2233253, 7662146 }, + { -17558673, 1763594, -33114336, 15908610, -30040870, -12174295, 7335080, -8472199, -3174674, 3440183 }, + { -19889700, -5977008, -24111293, -9688870, 10799743, -16571957, 40450, -4431835, 4862400, 1133 } + }, + { + { -32856209, -7873957, -5422389, 14860950, -16319031, 7956142, 7258061, 311861, -30594991, -7379421 }, + { -3773428, -1565936, 28985340, 7499440, 24445838, 9325937, 29727763, 16527196, 18278453, 15405622 }, + { -4381906, 8508652, -19898366, -3674424, -5984453, 15149970, -13313598, 843523, -21875062, 13626197 } + }, + { + { 2281448, -13487055, -10915418, -2609910, 1879358, 16164207, -10783882, 3953792, 13340839, 15928663 }, + { 31727126, -7179855, -18437503, -8283652, 2875793, -16390330, -25269894, -7014826, -23452306, 5964753 }, + { 4100420, -5959452, -17179337, 6017714, -18705837, 12227141, -26684835, 11344144, 2538215, -7570755 } + }, + { + { -9433605, 6123113, 11159803, -2156608, 30016280, 14966241, -20474983, 1485421, -629256, -15958862 }, + { -26804558, 4260919, 11851389, 9658551, -32017107, 16367492, -20205425, -13191288, 11659922, -11115118 }, + { 26180396, 10015009, -30844224, -8581293, 5418197, 9480663, 2231568, -10170080, 33100372, -1306171 } + }, + { + { 15121113, -5201871, -10389905, 15427821, -27509937, -15992507, 21670947, 4486675, -5931810, -14466380 }, + { 16166486, -9483733, -11104130, 6023908, -31926798, -1364923, 2340060, -16254968, -10735770, -10039824 }, + { 28042865, -3557089, -12126526, 12259706, -3717498, -6945899, 6766453, -8689599, 18036436, 5803270 } + } +}, +{ /* 23/31 */ + { + { -817581, 6763912, 11803561, 1585585, 10958447, -2671165, 23855391, 4598332, -6159431, -14117438 }, + { -31031306, -14256194, 17332029, -2383520, 31312682, -5967183, 696309, 50292, -20095739, 11763584 }, + { -594563, -2514283, -32234153, 12643980, 12650761, 14811489, 665117, -12613632, -19773211, -10713562 } + }, + { + { 30464590, -11262872, -4127476, -12734478, 19835327, -7105613, -24396175, 2075773, -17020157, 992471 }, + { 18357185, -6994433, 7766382, 16342475, -29324918, 411174, 14578841, 8080033, -11574335, -10601610 }, + { 19598397, 10334610, 12555054, 2555664, 18821899, -10339780, 21873263, 16014234, 26224780, 16452269 } + }, + { + { -30223925, 5145196, 5944548, 16385966, 3976735, 2009897, -11377804, -7618186, -20533829, 3698650 }, + { 14187449, 3448569, -10636236, -10810935, -22663880, -3433596, 7268410, -10890444, 27394301, 12015369 }, + { 19695761, 16087646, 28032085, 12999827, 6817792, 11427614, 20244189, -1312777, -13259127, -3402461 } + }, + { + { 30860103, 12735208, -1888245, -4699734, -16974906, 2256940, -8166013, 12298312, -8550524, -10393462 }, + { -5719826, -11245325, -1910649, 15569035, 26642876, -7587760, -5789354, -15118654, -4976164, 12651793 }, + { -2848395, 9953421, 11531313, -5282879, 26895123, -12697089, -13118820, -16517902, 9768698, -2533218 } + }, + { + { -24719459, 1894651, -287698, -4704085, 15348719, -8156530, 32767513, 12765450, 4940095, 10678226 }, + { 18860224, 15980149, -18987240, -1562570, -26233012, -11071856, -7843882, 13944024, -24372348, 16582019 }, + { -15504260, 4970268, -29893044, 4175593, -20993212, -2199756, -11704054, 15444560, -11003761, 7989037 } + }, + { + { 31490452, 5568061, -2412803, 2182383, -32336847, 4531686, -32078269, 6200206, -19686113, -14800171 }, + { -17308668, -15879940, -31522777, -2831, -32887382, 16375549, 8680158, -16371713, 28550068, -6857132 }, + { -28126887, -5688091, 16837845, -1820458, -6850681, 12700016, -30039981, 4364038, 1155602, 5988841 } + }, + { + { 21890435, -13272907, -12624011, 12154349, -7831873, 15300496, 23148983, -4470481, 24618407, 8283181 }, + { -33136107, -10512751, 9975416, 6841041, -31559793, 16356536, 3070187, -7025928, 1466169, 10740210 }, + { -1509399, -15488185, -13503385, -10655916, 32799044, 909394, -13938903, -5779719, -32164649, -15327040 } + }, + { + { 3960823, -14267803, -28026090, -15918051, -19404858, 13146868, 15567327, 951507, -3260321, -573935 }, + { 24740841, 5052253, -30094131, 8961361, 25877428, 6165135, -24368180, 14397372, -7380369, -6144105 }, + { -28888365, 3510803, -28103278, -1158478, -11238128, -10631454, -15441463, -14453128, -1625486, -6494814 } + } +}, +{ /* 24/31 */ + { + { 793299, -9230478, 8836302, -6235707, -27360908, -2369593, 33152843, -4885251, -9906200, -621852 }, + { 5666233, 525582, 20782575, -8038419, -24538499, 14657740, 16099374, 1468826, -6171428, -15186581 }, + { -4859255, -3779343, -2917758, -6748019, 7778750, 11688288, -30404353, -9871238, -1558923, -9863646 } + }, + { + { 10896332, -7719704, 824275, 472601, -19460308, 3009587, 25248958, 14783338, -30581476, -15757844 }, + { 10566929, 12612572, -31944212, 11118703, -12633376, 12362879, 21752402, 8822496, 24003793, 14264025 }, + { 27713862, -7355973, -11008240, 9227530, 27050101, 2504721, 23886875, -13117525, 13958495, -5732453 } + }, + { + { -23481610, 4867226, -27247128, 3900521, 29838369, -8212291, -31889399, -10041781, 7340521, -15410068 }, + { 4646514, -8011124, -22766023, -11532654, 23184553, 8566613, 31366726, -1381061, -15066784, -10375192 }, + { -17270517, 12723032, -16993061, 14878794, 21619651, -6197576, 27584817, 3093888, -8843694, 3849921 } + }, + { + { -9064912, 2103172, 25561640, -15125738, -5239824, 9582958, 32477045, -9017955, 5002294, -15550259 }, + { -12057553, -11177906, 21115585, -13365155, 8808712, -12030708, 16489530, 13378448, -25845716, 12741426 }, + { -5946367, 10645103, -30911586, 15390284, -3286982, -7118677, 24306472, 15852464, 28834118, -7646072 } + }, + { + { -17335748, -9107057, -24531279, 9434953, -8472084, -583362, -13090771, 455841, 20461858, 5491305 }, + { 13669248, -16095482, -12481974, -10203039, -14569770, -11893198, -24995986, 11293807, -28588204, -9421832 }, + { 28497928, 6272777, -33022994, 14470570, 8906179, -1225630, 18504674, -14165166, 29867745, -8795943 } + }, + { + { -16207023, 13517196, -27799630, -13697798, 24009064, -6373891, -6367600, -13175392, 22853429, -4012011 }, + { 24191378, 16712145, -13931797, 15217831, 14542237, 1646131, 18603514, -11037887, 12876623, -2112447 }, + { 17902668, 4518229, -411702, -2829247, 26878217, 5258055, -12860753, 608397, 16031844, 3723494 } + }, + { + { -28632773, 12763728, -20446446, 7577504, 33001348, -13017745, 17558842, -7872890, 23896954, -4314245 }, + { -20005381, -12011952, 31520464, 605201, 2543521, 5991821, -2945064, 7229064, -9919646, -8826859 }, + { 28816045, 298879, -28165016, -15920938, 19000928, -1665890, -12680833, -2949325, -18051778, -2082915 } + }, + { + { 16000882, -344896, 3493092, -11447198, -29504595, -13159789, 12577740, 16041268, -19715240, 7847707 }, + { 10151868, 10572098, 27312476, 7922682, 14825339, 4723128, -32855931, -6519018, -10020567, 3852848 }, + { -11430470, 15697596, -21121557, -4420647, 5386314, 15063598, 16514493, -15932110, 29330899, -15076224 } + } +}, +{ /* 25/31 */ + { + { -25499735, -4378794, -15222908, -6901211, 16615731, 2051784, 3303702, 15490, -27548796, 12314391 }, + { 15683520, -6003043, 18109120, -9980648, 15337968, -5997823, -16717435, 15921866, 16103996, -3731215 }, + { -23169824, -10781249, 13588192, -1628807, -3798557, -1074929, -19273607, 5402699, -29815713, -9841101 } + }, + { + { 23190676, 2384583, -32714340, 3462154, -29903655, -1529132, -11266856, 8911517, -25205859, 2739713 }, + { 21374101, -3554250, -33524649, 9874411, 15377179, 11831242, -33529904, 6134907, 4931255, 11987849 }, + { -7732, -2978858, -16223486, 7277597, 105524, -322051, -31480539, 13861388, -30076310, 10117930 } + }, + { + { -29501170, -10744872, -26163768, 13051539, -25625564, 5089643, -6325503, 6704079, 12890019, 15728940 }, + { -21972360, -11771379, -951059, -4418840, 14704840, 2695116, 903376, -10428139, 12885167, 8311031 }, + { -17516482, 5352194, 10384213, -13811658, 7506451, 13453191, 26423267, 4384730, 1888765, -5435404 } + }, + { + { -25817338, -3107312, -13494599, -3182506, 30896459, -13921729, -32251644, -12707869, -19464434, -3340243 }, + { -23607977, -2665774, -526091, 4651136, 5765089, 4618330, 6092245, 14845197, 17151279, -9854116 }, + { -24830458, -12733720, -15165978, 10367250, -29530908, -265356, 22825805, -7087279, -16866484, 16176525 } + }, + { + { -23583256, 6564961, 20063689, 3798228, -4740178, 7359225, 2006182, -10363426, -28746253, -10197509 }, + { -10626600, -4486402, -13320562, -5125317, 3432136, -6393229, 23632037, -1940610, 32808310, 1099883 }, + { 15030977, 5768825, -27451236, -2887299, -6427378, -15361371, -15277896, -6809350, 2051441, -15225865 } + }, + { + { -3362323, -7239372, 7517890, 9824992, 23555850, 295369, 5148398, -14154188, -22686354, 16633660 }, + { 4577086, -16752288, 13249841, -15304328, 19958763, -14537274, 18559670, -10759549, 8402478, -9864273 }, + { -28406330, -1051581, -26790155, -907698, -17212414, -11030789, 9453451, -14980072, 17983010, 9967138 } + }, + { + { -25762494, 6524722, 26585488, 9969270, 24709298, 1220360, -1677990, 7806337, 17507396, 3651560 }, + { -10420457, -4118111, 14584639, 15971087, -15768321, 8861010, 26556809, -5574557, -18553322, -11357135 }, + { 2839101, 14284142, 4029895, 3472686, 14402957, 12689363, -26642121, 8459447, -5605463, -7621941 } + }, + { + { -4839289, -3535444, 9744961, 2871048, 25113978, 3187018, -25110813, -849066, 17258084, -7977739 }, + { 18164541, -10595176, -17154882, -1542417, 19237078, -9745295, 23357533, -15217008, 26908270, 12150756 }, + { -30264870, -7647865, 5112249, -7036672, -1499807, -6974257, 43168, -5537701, -32302074, 16215819 } + } +}, +{ /* 26/31 */ + { + { -6898905, 9824394, -12304779, -4401089, -31397141, -6276835, 32574489, 12532905, -7503072, -8675347 }, + { -27343522, -16515468, -27151524, -10722951, 946346, 16291093, 254968, 7168080, 21676107, -1943028 }, + { 21260961, -8424752, -16831886, -11920822, -23677961, 3968121, -3651949, -6215466, -3556191, -7913075 } + }, + { + { 16544754, 13250366, -16804428, 15546242, -4583003, 12757258, -2462308, -8680336, -18907032, -9662799 }, + { -2415239, -15577728, 18312303, 4964443, -15272530, -12653564, 26820651, 16690659, 25459437, -4564609 }, + { -25144690, 11425020, 28423002, -11020557, -6144921, -15826224, 9142795, -2391602, -6432418, -1644817 } + }, + { + { -23104652, 6253476, 16964147, -3768872, -25113972, -12296437, -27457225, -16344658, 6335692, 7249989 }, + { -30333227, 13979675, 7503222, -12368314, -11956721, -4621693, -30272269, 2682242, 25993170, -12478523 }, + { 4364628, 5930691, 32304656, -10044554, -8054781, 15091131, 22857016, -10598955, 31820368, 15075278 } + }, + { + { 31879134, -8918693, 17258761, 90626, -8041836, -4917709, 24162788, -9650886, -17970238, 12833045 }, + { 19073683, 14851414, -24403169, -11860168, 7625278, 11091125, -19619190, 2074449, -9413939, 14905377 }, + { 24483667, -11935567, -2518866, -11547418, -1553130, 15355506, -25282080, 9253129, 27628530, -7555480 } + }, + { + { 17597607, 8340603, 19355617, 552187, 26198470, -3176583, 4593324, -9157582, -14110875, 15297016 }, + { 510886, 14337390, -31785257, 16638632, 6328095, 2713355, -20217417, -11864220, 8683221, 2921426 }, + { 18606791, 11874196, 27155355, -5281482, -24031742, 6265446, -25178240, -1278924, 4674690, 13890525 } + }, + { + { 13609624, 13069022, -27372361, -13055908, 24360586, 9592974, 14977157, 9835105, 4389687, 288396 }, + { 9922506, -519394, 13613107, 5883594, -18758345, -434263, -12304062, 8317628, 23388070, 16052080 }, + { 12720016, 11937594, -31970060, -5028689, 26900120, 8561328, -20155687, -11632979, -14754271, -10812892 } + }, + { + { 15961858, 14150409, 26716931, -665832, -22794328, 13603569, 11829573, 7467844, -28822128, 929275 }, + { 11038231, -11582396, -27310482, -7316562, -10498527, -16307831, -23479533, -9371869, -21393143, 2465074 }, + { 20017163, -4323226, 27915242, 1529148, 12396362, 15675764, 13817261, -9658066, 2463391, -4622140 } + }, + { + { -16358878, -12663911, -12065183, 4996454, -1256422, 1073572, 9583558, 12851107, 4003896, 12673717 }, + { -1731589, -15155870, -3262930, 16143082, 19294135, 13385325, 14741514, -9103726, 7903886, 2348101 }, + { 24536016, -16515207, 12715592, -3862155, 1511293, 10047386, -3842346, -7129159, -28377538, 10048127 } + } +}, +{ /* 27/31 */ + { + { -12622226, -6204820, 30718825, 2591312, -10617028, 12192840, 18873298, -7297090, -32297756, 15221632 }, + { -26478122, -11103864, 11546244, -1852483, 9180880, 7656409, -21343950, 2095755, 29769758, 6593415 }, + { -31994208, -2907461, 4176912, 3264766, 12538965, -868111, 26312345, -6118678, 30958054, 8292160 } + }, + { + { 31429822, -13959116, 29173532, 15632448, 12174511, -2760094, 32808831, 3977186, 26143136, -3148876 }, + { 22648901, 1402143, -22799984, 13746059, 7936347, 365344, -8668633, -1674433, -3758243, -2304625 }, + { -15491917, 8012313, -2514730, -12702462, -23965846, -10254029, -1612713, -1535569, -16664475, 8194478 } + }, + { + { 27338066, -7507420, -7414224, 10140405, -19026427, -6589889, 27277191, 8855376, 28572286, 3005164 }, + { 26287124, 4821776, 25476601, -4145903, -3764513, -15788984, -18008582, 1182479, -26094821, -13079595 }, + { -7171154, 3178080, 23970071, 6201893, -17195577, -4489192, -21876275, -13982627, 32208683, -1198248 } + }, + { + { -16657702, 2817643, -10286362, 14811298, 6024667, 13349505, -27315504, -10497842, -27672585, -11539858 }, + { 15941029, -9405932, -21367050, 8062055, 31876073, -238629, -15278393, -1444429, 15397331, -4130193 }, + { 8934485, -13485467, -23286397, -13423241, -32446090, 14047986, 31170398, -1441021, -27505566, 15087184 } + }, + { + { -18357243, -2156491, 24524913, -16677868, 15520427, -6360776, -15502406, 11461896, 16788528, -5868942 }, + { -1947386, 16013773, 21750665, 3714552, -17401782, -16055433, -3770287, -10323320, 31322514, -11615635 }, + { 21426655, -5650218, -13648287, -5347537, -28812189, -4920970, -18275391, -14621414, 13040862, -12112948 } + }, + { + { 11293895, 12478086, -27136401, 15083750, -29307421, 14748872, 14555558, -13417103, 1613711, 4896935 }, + { -25894883, 15323294, -8489791, -8057900, 25967126, -13425460, 2825960, -4897045, -23971776, -11267415 }, + { -15924766, -5229880, -17443532, 6410664, 3622847, 10243618, 20615400, 12405433, -23753030, -8436416 } + }, + { + { -7091295, 12556208, -20191352, 9025187, -17072479, 4333801, 4378436, 2432030, 23097949, -566018 }, + { 4565804, -16025654, 20084412, -7842817, 1724999, 189254, 24767264, 10103221, -18512313, 2424778 }, + { 366633, -11976806, 8173090, -6890119, 30788634, 5745705, -7168678, 1344109, -3642553, 12412659 } + }, + { + { -24001791, 7690286, 14929416, -168257, -32210835, -13412986, 24162697, -15326504, -3141501, 11179385 }, + { 18289522, -14724954, 8056945, 16430056, -21729724, 7842514, -6001441, -1486897, -18684645, -11443503 }, + { 476239, 6601091, -6152790, -9723375, 17503545, -4863900, 27672959, 13403813, 11052904, 5219329 } + } +}, +{ /* 28/31 */ + { + { 20678546, -8375738, -32671898, 8849123, -5009758, 14574752, 31186971, -3973730, 9014762, -8579056 }, + { -13644050, -10350239, -15962508, 5075808, -1514661, -11534600, -33102500, 9160280, 8473550, -3256838 }, + { 24900749, 14435722, 17209120, -15292541, -22592275, 9878983, -7689309, -16335821, -24568481, 11788948 } + }, + { + { -3118155, -11395194, -13802089, 14797441, 9652448, -6845904, -20037437, 10410733, -24568470, -1458691 }, + { -15659161, 16736706, -22467150, 10215878, -9097177, 7563911, 11871841, -12505194, -18513325, 8464118 }, + { -23400612, 8348507, -14585951, -861714, -3950205, -6373419, 14325289, 8628612, 33313881, -8370517 } + }, + { + { -20186973, -4967935, 22367356, 5271547, -1097117, -4788838, -24805667, -10236854, -8940735, -5818269 }, + { -6948785, -1795212, -32625683, -16021179, 32635414, -7374245, 15989197, -12838188, 28358192, -4253904 }, + { -23561781, -2799059, -32351682, -1661963, -9147719, 10429267, -16637684, 4072016, -5351664, 5596589 } + }, + { + { -28236598, -3390048, 12312896, 6213178, 3117142, 16078565, 29266239, 2557221, 1768301, 15373193 }, + { -7243358, -3246960, -4593467, -7553353, -127927, -912245, -1090902, -4504991, -24660491, 3442910 }, + { -30210571, 5124043, 14181784, 8197961, 18964734, -11939093, 22597931, 7176455, -18585478, 13365930 } + }, + { + { -7877390, -1499958, 8324673, 4690079, 6261860, 890446, 24538107, -8570186, -9689599, -3031667 }, + { 25008904, -10771599, -4305031, -9638010, 16265036, 15721635, 683793, -11823784, 15723479, -15163481 }, + { -9660625, 12374379, -27006999, -7026148, -7724114, -12314514, 11879682, 5400171, 519526, -1235876 } + }, + { + { 22258397, -16332233, -7869817, 14613016, -22520255, -2950923, -20353881, 7315967, 16648397, 7605640 }, + { -8081308, -8464597, -8223311, 9719710, 19259459, -15348212, 23994942, -5281555, -9468848, 4763278 }, + { -21699244, 9220969, -15730624, 1084137, -25476107, -2852390, 31088447, -7764523, -11356529, 728112 } + }, + { + { 26047220, -11751471, -6900323, -16521798, 24092068, 9158119, -4273545, -12555558, -29365436, -5498272 }, + { 17510331, -322857, 5854289, 8403524, 17133918, -3112612, -28111007, 12327945, 10750447, 10014012 }, + { -10312768, 3936952, 9156313, -8897683, 16498692, -994647, -27481051, -666732, 3424691, 7540221 } + }, + { + { 30322361, -6964110, 11361005, -4143317, 7433304, 4989748, -7071422, -16317219, -9244265, 15258046 }, + { 13054562, -2779497, 19155474, 469045, -12482797, 4566042, 5631406, 2711395, 1062915, -5136345 }, + { -19240248, -11254599, -29509029, -7499965, -5835763, 13005411, -6066489, 12194497, 32960380, 1459310 } + } +}, +{ /* 29/31 */ + { + { 19852034, 7027924, 23669353, 10020366, 8586503, -6657907, 394197, -6101885, 18638003, -11174937 }, + { 31395534, 15098109, 26581030, 8030562, -16527914, -5007134, 9012486, -7584354, -6643087, -5442636 }, + { -9192165, -2347377, -1997099, 4529534, 25766844, 607986, -13222, 9677543, -32294889, -6456008 } + }, + { + { -2444496, -149937, 29348902, 8186665, 1873760, 12489863, -30934579, -7839692, -7852844, -8138429 }, + { -15236356, -15433509, 7766470, 746860, 26346930, -10221762, -27333451, 10754588, -9431476, 5203576 }, + { 31834314, 14135496, -770007, 5159118, 20917671, -16768096, -7467973, -7337524, 31809243, 7347066 } + }, + { + { -9606723, -11874240, 20414459, 13033986, 13716524, -11691881, 19797970, -12211255, 15192876, -2087490 }, + { -12663563, -2181719, 1168162, -3804809, 26747877, -14138091, 10609330, 12694420, 33473243, -13382104 }, + { 33184999, 11180355, 15832085, -11385430, -1633671, 225884, 15089336, -11023903, -6135662, 14480053 } + }, + { + { 31308717, -5619998, 31030840, -1897099, 15674547, -6582883, 5496208, 13685227, 27595050, 8737275 }, + { -20318852, -15150239, 10933843, -16178022, 8335352, -7546022, -31008351, -12610604, 26498114, 66511 }, + { 22644454, -8761729, -16671776, 4884562, -3105614, -13559366, 30540766, -4286747, -13327787, -7515095 } + }, + { + { -28017847, 9834845, 18617207, -2681312, -3401956, -13307506, 8205540, 13585437, -17127465, 15115439 }, + { 23711543, -672915, 31206561, -8362711, 6164647, -9709987, -33535882, -1426096, 8236921, 16492939 }, + { -23910559, -13515526, -26299483, -4503841, 25005590, -7687270, 19574902, 10071562, 6708380, -6222424 } + }, + { + { 2101391, -4930054, 19702731, 2367575, -15427167, 1047675, 5301017, 9328700, 29955601, -11678310 }, + { 3096359, 9271816, -21620864, -15521844, -14847996, -7592937, -25892142, -12635595, -9917575, 6216608 }, + { -32615849, 338663, -25195611, 2510422, -29213566, -13820213, 24822830, -6146567, -26767480, 7525079 } + }, + { + { -23066649, -13985623, 16133487, -7896178, -3389565, 778788, -910336, -2782495, -19386633, 11994101 }, + { 21691500, -13624626, -641331, -14367021, 3285881, -3483596, -25064666, 9718258, -7477437, 13381418 }, + { 18445390, -4202236, 14979846, 11622458, -1727110, -3582980, 23111648, -6375247, 28535282, 15779576 } + }, + { + { 30098053, 3089662, -9234387, 16662135, -21306940, 11308411, -14068454, 12021730, 9955285, -16303356 }, + { 9734894, -14576830, -7473633, -9138735, 2060392, 11313496, -18426029, 9924399, 20194861, 13380996 }, + { -26378102, -7965207, -22167821, 15789297, -18055342, -6168792, -1984914, 15707771, 26342023, 10146099 } + } +}, +{ /* 30/31 */ + { + { -26016874, -219943, 21339191, -41388, 19745256, -2878700, -29637280, 2227040, 21612326, -545728 }, + { -13077387, 1184228, 23562814, -5970442, -20351244, -6348714, 25764461, 12243797, -20856566, 11649658 }, + { -10031494, 11262626, 27384172, 2271902, 26947504, -15997771, 39944, 6114064, 33514190, 2333242 } + }, + { + { -21433588, -12421821, 8119782, 7219913, -21830522, -9016134, -6679750, -12670638, 24350578, -13450001 }, + { -4116307, -11271533, -23886186, 4843615, -30088339, 690623, -31536088, -10406836, 8317860, 12352766 }, + { 18200138, -14475911, -33087759, -2696619, -23702521, -9102511, -23552096, -2287550, 20712163, 6719373 } + }, + { + { 26656208, 6075253, -7858556, 1886072, -28344043, 4262326, 11117530, -3763210, 26224235, -3297458 }, + { -17168938, -14854097, -3395676, -16369877, -19954045, 14050420, 21728352, 9493610, 18620611, -16428628 }, + { -13323321, 13325349, 11432106, 5964811, 18609221, 6062965, -5269471, -9725556, -30701573, -16479657 } + }, + { + { -23860538, -11233159, 26961357, 1640861, -32413112, -16737940, 12248509, -5240639, 13735342, 1934062 }, + { 25089769, 6742589, 17081145, -13406266, 21909293, -16067981, -15136294, -3765346, -21277997, 5473616 }, + { 31883677, -7961101, 1083432, -11572403, 22828471, 13290673, -7125085, 12469656, 29111212, -5451014 } + }, + { + { 24244947, -15050407, -26262976, 2791540, -14997599, 16666678, 24367466, 6388839, -10295587, 452383 }, + { -25640782, -3417841, 5217916, 16224624, 19987036, -4082269, -24236251, -5915248, 15766062, 8407814 }, + { -20406999, 13990231, 15495425, 16395525, 5377168, 15166495, -8917023, -4388953, -8067909, 2276718 } + }, + { + { 30157918, 12924066, -17712050, 9245753, 19895028, 3368142, -23827587, 5096219, 22740376, -7303417 }, + { 2041139, -14256350, 7783687, 13876377, -25946985, -13352459, 24051124, 13742383, -15637599, 13295222 }, + { 33338237, -8505733, 12532113, 7977527, 9106186, -1715251, -17720195, -4612972, -4451357, -14669444 } + }, + { + { -20045281, 5454097, -14346548, 6447146, 28862071, 1883651, -2469266, -4141880, 7770569, 9620597 }, + { 23208068, 7979712, 33071466, 8149229, 1758231, -10834995, 30945528, -1694323, -33502340, -14767970 }, + { 1439958, -16270480, -1079989, -793782, 4625402, 10647766, -5043801, 1220118, 30494170, -11440799 } + }, + { + { -5037580, -13028295, -2970559, -3061767, 15640974, -6701666, -26739026, 926050, -1684339, -13333647 }, + { 13908495, -3549272, 30919928, -6273825, -21521863, 7989039, 9021034, 9078865, 3353509, 4033511 }, + { -29663431, -15113610, 32259991, -344482, 24295849, -12912123, 23161163, 8839127, 27485041, 7356032 } + } +}, +{ /* 31/31 */ + { + { 9661027, 705443, 11980065, -5370154, -1628543, 14661173, -6346142, 2625015, 28431036, -16771834 }, + { -23839233, -8311415, -25945511, 7480958, -17681669, -8354183, -22545972, 14150565, 15970762, 4099461 }, + { 29262576, 16756590, 26350592, -8793563, 8529671, -11208050, 13617293, -9937143, 11465739, 8317062 } + }, + { + { -25493081, -6962928, 32500200, -9419051, -23038724, -2302222, 14898637, 3848455, 20969334, -5157516 }, + { -20384450, -14347713, -18336405, 13884722, -33039454, 2842114, -21610826, -3649888, 11177095, 14989547 }, + { -24496721, -11716016, 16959896, 2278463, 12066309, 10137771, 13515641, 2581286, -28487508, 9930240 } + }, + { + { -17751622, -2097826, 16544300, -13009300, -15914807, -14949081, 18345767, -13403753, 16291481, -5314038 }, + { -33229194, 2553288, 32678213, 9875984, 8534129, 6889387, -9676774, 6957617, 4368891, 9788741 }, + { 16660756, 7281060, -10830758, 12911820, 20108584, -8101676, -21722536, -8613148, 16250552, -11111103 } + }, + { + { -19765507, 2390526, -16551031, 14161980, 1905286, 6414907, 4689584, 10604807, -30190403, 4782747 }, + { -1354539, 14736941, -7367442, -13292886, 7710542, -14155590, -9981571, 4383045, 22546403, 437323 }, + { 31665577, -12180464, -16186830, 1491339, -18368625, 3294682, 27343084, 2786261, -30633590, -14097016 } + }, + { + { -14467279, -683715, -33374107, 7448552, 19294360, 14334329, -19690631, 2355319, -19284671, -6114373 }, + { 15121312, -15796162, 6377020, -6031361, -10798111, -12957845, 18952177, 15496498, -29380133, 11754228 }, + { -2637277, -13483075, 8488727, -14303896, 12728761, -1622493, 7141596, 11724556, 22761615, -10134141 } + }, + { + { 16918416, 11729663, -18083579, 3022987, -31015732, -13339659, -28741185, -12227393, 32851222, 11717399 }, + { 11166634, 7338049, -6722523, 4531520, -29468672, -7302055, 31474879, 3483633, -1193175, -4030831 }, + { -185635, 9921305, 31456609, -13536438, -12013818, 13348923, 33142652, 6546660, -19985279, -3948376 } + }, + { + { -32460596, 11266712, -11197107, -7899103, 31703694, 3855903, -8537131, -12833048, -30772034, -15486313 }, + { -18006477, 12709068, 3991746, -6479188, -21491523, -10550425, -31135347, -16049879, 10928917, 3011958 }, + { -6957757, -15594337, 31696059, 334240, 29576716, 14796075, -30831056, -12805180, 18008031, 10258577 } + }, + { + { -22448644, 15655569, 7018479, -4410003, -30314266, -1201591, -1853465, 1367120, 25127874, 6671743 }, + { 29701166, -14373934, -10878120, 9279288, -17568, 13127210, 21382910, 11042292, 25838796, 4642684 }, + { -20430234, 14955537, -24126347, 8124619, -5369288, -5990470, 30468147, -13900640, 18423289, 4177476 } + } +} diff --git a/sodium/sodium_fe_25_5_base2.h b/sodium/sodium_fe_25_5_base2.h new file mode 100644 index 00000000..90a1457e --- /dev/null +++ b/sodium/sodium_fe_25_5_base2.h @@ -0,0 +1,40 @@ +{ + { 25967493, -14356035, 29566456, 3660896, -12694345, 4014787, 27544626, -11754271, -6079156, 2047605 }, + { -12545711, 934262, -2722910, 3049990, -727428, 9406986, 12720692, 5043384, 19500929, -15469378 }, + { -8738181, 4489570, 9688441, -14785194, 10184609, -12363380, 29287919, 11864899, -24514362, -4438546 } +}, +{ + { 15636291, -9688557, 24204773, -7912398, 616977, -16685262, 27787600, -14772189, 28944400, -1550024 }, + { 16568933, 4717097, -11556148, -1102322, 15682896, -11807043, 16354577, -11775962, 7689662, 11199574 }, + { 30464156, -5976125, -11779434, -15670865, 23220365, 15915852, 7512774, 10017326, -17749093, -9920357 } +}, +{ + { 10861363, 11473154, 27284546, 1981175, -30064349, 12577861, 32867885, 14515107, -15438304, 10819380 }, + { 4708026, 6336745, 20377586, 9066809, -11272109, 6594696, -25653668, 12483688, -12668491, 5581306 }, + { 19563160, 16186464, -29386857, 4097519, 10237984, -4348115, 28542350, 13850243, -23678021, -15815942 } +}, +{ + { 5153746, 9909285, 1723747, -2777874, 30523605, 5516873, 19480852, 5230134, -23952439, -15175766 }, + { -30269007, -3463509, 7665486, 10083793, 28475525, 1649722, 20654025, 16520125, 30598449, 7715701 }, + { 28881845, 14381568, 9657904, 3680757, -20181635, 7843316, -31400660, 1370708, 29794553, -1409300 } +}, +{ + { -22518993, -6692182, 14201702, -8745502, -23510406, 8844726, 18474211, -1361450, -13062696, 13821877 }, + { -6455177, -7839871, 3374702, -4740862, -27098617, -10571707, 31655028, -7212327, 18853322, -14220951 }, + { 4566830, -12963868, -28974889, -12240689, -7602672, -2830569, -8514358, -10431137, 2207753, -3209784 } +}, +{ + { -25154831, -4185821, 29681144, 7868801, -6854661, -9423865, -12437364, -663000, -31111463, -16132436 }, + { 25576264, -2703214, 7349804, -11814844, 16472782, 9300885, 3844789, 15725684, 171356, 6466918 }, + { 23103977, 13316479, 9739013, -16149481, 817875, -15038942, 8965339, -14088058, -30714912, 16193877 } +}, +{ + { -33521811, 3180713, -2394130, 14003687, -16903474, -16270840, 17238398, 4729455, -18074513, 9256800 }, + { -25182317, -4174131, 32336398, 5036987, -21236817, 11360617, 22616405, 9761698, -19827198, 630305 }, + { -13720693, 2639453, -24237460, -7406481, 9494427, -5774029, -6554551, -15960994, -2449256, -14291300 } +}, +{ + { -3151181, -5046075, 9282714, 6866145, -31907062, -863023, -18940575, 15033784, 25105118, -7894876 }, + { -24326370, 15950226, -31801215, -14592823, -11662737, -5090925, 1573892, -2625887, 2198790, -15804619 }, + { -3099351, 10324967, -2241613, 7453183, -5446979, -2735503, -13812022, -16236442, -32461234, -12290683 } +} diff --git a/sodium/sodium_fe_25_5_constants.h b/sodium/sodium_fe_25_5_constants.h new file mode 100644 index 00000000..3dc9156a --- /dev/null +++ b/sodium/sodium_fe_25_5_constants.h @@ -0,0 +1,20 @@ +/* 37095705934669439343138083508754565189542113879843219016388785533085940283555 */ +static const fe25519 d = { + -10913610, 13857413, -15372611, 6949391, 114729, -8787816, -6275908, -3247719, -18696448, -12055116 +}; + +/* 2 * d = + * 16295367250680780974490674513165176452449235426866156013048779062215315747161 + */ +static const fe25519 d2 = { + -21827239, -5839606, -30745221, 13898782, 229458, 15978800, -12551817, -6495438, 29715968, 9444199 }; + +/* sqrt(-1) */ +static const fe25519 sqrtm1 = { + -32595792, -7943725, 9377950, 3500415, 12389472, -272473, -25146209, -2005654, 326686, 11406482 +}; + +/* A = 486662 */ +static const fe25519 curve25519_A = { + 486662, 0, 0, 0, 0, 0, 0, 0, 0, 0 +}; diff --git a/sodium/sodium_fe_25_5_fe.h b/sodium/sodium_fe_25_5_fe.h new file mode 100644 index 00000000..f216669e --- /dev/null +++ b/sodium/sodium_fe_25_5_fe.h @@ -0,0 +1,220 @@ +/* + Ignores top bit of h. + */ + +void +fe25519_frombytes(fe25519 h, const unsigned char *s) +{ + int64_t h0 = load_4(s); + int64_t h1 = load_3(s + 4) << 6; + int64_t h2 = load_3(s + 7) << 5; + int64_t h3 = load_3(s + 10) << 3; + int64_t h4 = load_3(s + 13) << 2; + int64_t h5 = load_4(s + 16); + int64_t h6 = load_3(s + 20) << 7; + int64_t h7 = load_3(s + 23) << 5; + int64_t h8 = load_3(s + 26) << 4; + int64_t h9 = (load_3(s + 29) & 8388607) << 2; + + int64_t carry0; + int64_t carry1; + int64_t carry2; + int64_t carry3; + int64_t carry4; + int64_t carry5; + int64_t carry6; + int64_t carry7; + int64_t carry8; + int64_t carry9; + + carry9 = (h9 + (int64_t)(1L << 24)) >> 25; + h0 += carry9 * 19; + h9 -= carry9 * ((uint64_t) 1L << 25); + carry1 = (h1 + (int64_t)(1L << 24)) >> 25; + h2 += carry1; + h1 -= carry1 * ((uint64_t) 1L << 25); + carry3 = (h3 + (int64_t)(1L << 24)) >> 25; + h4 += carry3; + h3 -= carry3 * ((uint64_t) 1L << 25); + carry5 = (h5 + (int64_t)(1L << 24)) >> 25; + h6 += carry5; + h5 -= carry5 * ((uint64_t) 1L << 25); + carry7 = (h7 + (int64_t)(1L << 24)) >> 25; + h8 += carry7; + h7 -= carry7 * ((uint64_t) 1L << 25); + + carry0 = (h0 + (int64_t)(1L << 25)) >> 26; + h1 += carry0; + h0 -= carry0 * ((uint64_t) 1L << 26); + carry2 = (h2 + (int64_t)(1L << 25)) >> 26; + h3 += carry2; + h2 -= carry2 * ((uint64_t) 1L << 26); + carry4 = (h4 + (int64_t)(1L << 25)) >> 26; + h5 += carry4; + h4 -= carry4 * ((uint64_t) 1L << 26); + carry6 = (h6 + (int64_t)(1L << 25)) >> 26; + h7 += carry6; + h6 -= carry6 * ((uint64_t) 1L << 26); + carry8 = (h8 + (int64_t)(1L << 25)) >> 26; + h9 += carry8; + h8 -= carry8 * ((uint64_t) 1L << 26); + + h[0] = (int32_t) h0; + h[1] = (int32_t) h1; + h[2] = (int32_t) h2; + h[3] = (int32_t) h3; + h[4] = (int32_t) h4; + h[5] = (int32_t) h5; + h[6] = (int32_t) h6; + h[7] = (int32_t) h7; + h[8] = (int32_t) h8; + h[9] = (int32_t) h9; +} + +/* + Preconditions: + |h| bounded by 1.1*2^26,1.1*2^25,1.1*2^26,1.1*2^25,etc. + + Write p=2^255-19; q=floor(h/p). + Basic claim: q = floor(2^(-255)(h + 19 2^(-25)h9 + 2^(-1))). + + Proof: + Have |h|<=p so |q|<=1 so |19^2 2^(-255) q|<1/4. + Also have |h-2^230 h9|<2^231 so |19 2^(-255)(h-2^230 h9)|<1/4. + + Write y=2^(-1)-19^2 2^(-255)q-19 2^(-255)(h-2^230 h9). + Then 0> 25; + q = (h0 + q) >> 26; + q = (h1 + q) >> 25; + q = (h2 + q) >> 26; + q = (h3 + q) >> 25; + q = (h4 + q) >> 26; + q = (h5 + q) >> 25; + q = (h6 + q) >> 26; + q = (h7 + q) >> 25; + q = (h8 + q) >> 26; + q = (h9 + q) >> 25; + + /* Goal: Output h-(2^255-19)q, which is between 0 and 2^255-20. */ + h0 += 19 * q; + /* Goal: Output h-2^255 q, which is between 0 and 2^255-20. */ + + carry0 = h0 >> 26; + h1 += carry0; + h0 -= carry0 * ((uint32_t) 1L << 26); + carry1 = h1 >> 25; + h2 += carry1; + h1 -= carry1 * ((uint32_t) 1L << 25); + carry2 = h2 >> 26; + h3 += carry2; + h2 -= carry2 * ((uint32_t) 1L << 26); + carry3 = h3 >> 25; + h4 += carry3; + h3 -= carry3 * ((uint32_t) 1L << 25); + carry4 = h4 >> 26; + h5 += carry4; + h4 -= carry4 * ((uint32_t) 1L << 26); + carry5 = h5 >> 25; + h6 += carry5; + h5 -= carry5 * ((uint32_t) 1L << 25); + carry6 = h6 >> 26; + h7 += carry6; + h6 -= carry6 * ((uint32_t) 1L << 26); + carry7 = h7 >> 25; + h8 += carry7; + h7 -= carry7 * ((uint32_t) 1L << 25); + carry8 = h8 >> 26; + h9 += carry8; + h8 -= carry8 * ((uint32_t) 1L << 26); + carry9 = h9 >> 25; + h9 -= carry9 * ((uint32_t) 1L << 25); + + h[0] = h0; + h[1] = h1; + h[2] = h2; + h[3] = h3; + h[4] = h4; + h[5] = h5; + h[6] = h6; + h[7] = h7; + h[8] = h8; + h[9] = h9; +} + +/* + Goal: Output h0+...+2^255 h10-2^255 q, which is between 0 and 2^255-20. + Have h0+...+2^230 h9 between 0 and 2^255-1; + evidently 2^255 h10-2^255 q = 0. + + Goal: Output h0+...+2^230 h9. + */ + +void +fe25519_tobytes(unsigned char *s, const fe25519 h) +{ + fe25519 t; + + fe25519_reduce(t, h); + s[0] = t[0] >> 0; + s[1] = t[0] >> 8; + s[2] = t[0] >> 16; + s[3] = (t[0] >> 24) | (t[1] * ((uint32_t) 1 << 2)); + s[4] = t[1] >> 6; + s[5] = t[1] >> 14; + s[6] = (t[1] >> 22) | (t[2] * ((uint32_t) 1 << 3)); + s[7] = t[2] >> 5; + s[8] = t[2] >> 13; + s[9] = (t[2] >> 21) | (t[3] * ((uint32_t) 1 << 5)); + s[10] = t[3] >> 3; + s[11] = t[3] >> 11; + s[12] = (t[3] >> 19) | (t[4] * ((uint32_t) 1 << 6)); + s[13] = t[4] >> 2; + s[14] = t[4] >> 10; + s[15] = t[4] >> 18; + s[16] = t[5] >> 0; + s[17] = t[5] >> 8; + s[18] = t[5] >> 16; + s[19] = (t[5] >> 24) | (t[6] * ((uint32_t) 1 << 1)); + s[20] = t[6] >> 7; + s[21] = t[6] >> 15; + s[22] = (t[6] >> 23) | (t[7] * ((uint32_t) 1 << 3)); + s[23] = t[7] >> 5; + s[24] = t[7] >> 13; + s[25] = (t[7] >> 21) | (t[8] * ((uint32_t) 1 << 4)); + s[26] = t[8] >> 4; + s[27] = t[8] >> 12; + s[28] = (t[8] >> 20) | (t[9] * ((uint32_t) 1 << 6)); + s[29] = t[9] >> 2; + s[30] = t[9] >> 10; + s[31] = t[9] >> 18; +} diff --git a/sodium/sodium_fe_51_base.h b/sodium/sodium_fe_51_base.h new file mode 100644 index 00000000..6b3b833e --- /dev/null +++ b/sodium/sodium_fe_51_base.h @@ -0,0 +1,1344 @@ +{ /* 0/31 */ + { + { 1288382639258501, 245678601348599, 269427782077623, 1462984067271730, 137412439391563 }, + { 62697248952638, 204681361388450, 631292143396476, 338455783676468, 1213667448819585 }, + { 301289933810280, 1259582250014073, 1422107436869536, 796239922652654, 1953934009299142 } + }, + { + { 1380971894829527, 790832306631236, 2067202295274102, 1995808275510000, 1566530869037010 }, + { 463307831301544, 432984605774163, 1610641361907204, 750899048855000, 1894842303421586 }, + { 748439484463711, 1033211726465151, 1396005112841647, 1611506220286469, 1972177495910992 } + }, + { + { 1601611775252272, 1720807796594148, 1132070835939856, 1260455018889551, 2147779492816911 }, + { 316559037616741, 2177824224946892, 1459442586438991, 1461528397712656, 751590696113597 }, + { 1850748884277385, 1200145853858453, 1068094770532492, 672251375690438, 1586055907191707 } + }, + { + { 934282339813791, 1846903124198670, 1172395437954843, 1007037127761661, 1830588347719256 }, + { 1694390458783935, 1735906047636159, 705069562067493, 648033061693059, 696214010414170 }, + { 1121406372216585, 192876649532226, 190294192191717, 1994165897297032, 2245000007398739 } + }, + { + { 769950342298419, 132954430919746, 844085933195555, 974092374476333, 726076285546016 }, + { 425251763115706, 608463272472562, 442562545713235, 837766094556764, 374555092627893 }, + { 1086255230780037, 274979815921559, 1960002765731872, 929474102396301, 1190409889297339 } + }, + { + { 1388594989461809, 316767091099457, 394298842192982, 1230079486801005, 1440737038838979 }, + { 7380825640100, 146210432690483, 304903576448906, 1198869323871120, 997689833219095 }, + { 1181317918772081, 114573476638901, 262805072233344, 265712217171332, 294181933805782 } + }, + { + { 665000864555967, 2065379846933859, 370231110385876, 350988370788628, 1233371373142985 }, + { 2019367628972465, 676711900706637, 110710997811333, 1108646842542025, 517791959672113 }, + { 965130719900578, 247011430587952, 526356006571389, 91986625355052, 2157223321444601 } + }, + { + { 2068619540119183, 1966274918058806, 957728544705549, 729906502578991, 159834893065166 }, + { 2073601412052185, 31021124762708, 264500969797082, 248034690651703, 1030252227928288 }, + { 551790716293402, 1989538725166328, 801169423371717, 2052451893578887, 678432056995012 } + } +}, +{ /* 1/31 */ + { + { 1368953770187805, 790347636712921, 437508475667162, 2142576377050580, 1932081720066286 }, + { 953638594433374, 1092333936795051, 1419774766716690, 805677984380077, 859228993502513 }, + { 1200766035879111, 20142053207432, 1465634435977050, 1645256912097844, 295121984874596 } + }, + { + { 1735718747031557, 1248237894295956, 1204753118328107, 976066523550493, 65943769534592 }, + { 1060098822528990, 1586825862073490, 212301317240126, 1975302711403555, 666724059764335 }, + { 1091990273418756, 1572899409348578, 80968014455247, 306009358661350, 1520450739132526 } + }, + { + { 1480517209436112, 1511153322193952, 1244343858991172, 304788150493241, 369136856496443 }, + { 2151330273626164, 762045184746182, 1688074332551515, 823046109005759, 907602769079491 }, + { 2047386910586836, 168470092900250, 1552838872594810, 340951180073789, 360819374702533 } + }, + { + { 1982622644432056, 2014393600336956, 128909208804214, 1617792623929191, 105294281913815 }, + { 980234343912898, 1712256739246056, 588935272190264, 204298813091998, 841798321043288 }, + { 197561292938973, 454817274782871, 1963754960082318, 2113372252160468, 971377527342673 } + }, + { + { 164699448829328, 3127451757672, 1199504971548753, 1766155447043652, 1899238924683527 }, + { 732262946680281, 1674412764227063, 2182456405662809, 1350894754474250, 558458873295247 }, + { 2103305098582922, 1960809151316468, 715134605001343, 1454892949167181, 40827143824949 } + }, + { + { 1239289043050212, 1744654158124578, 758702410031698, 1796762995074688, 1603056663766 }, + { 2232056027107988, 987343914584615, 2115594492994461, 1819598072792159, 1119305654014850 }, + { 320153677847348, 939613871605645, 641883205761567, 1930009789398224, 329165806634126 } + }, + { + { 980930490474130, 1242488692177893, 1251446316964684, 1086618677993530, 1961430968465772 }, + { 276821765317453, 1536835591188030, 1305212741412361, 61473904210175, 2051377036983058 }, + { 833449923882501, 1750270368490475, 1123347002068295, 185477424765687, 278090826653186 } + }, + { + { 794524995833413, 1849907304548286, 53348672473145, 1272368559505217, 1147304168324779 }, + { 1504846112759364, 1203096289004681, 562139421471418, 274333017451844, 1284344053775441 }, + { 483048732424432, 2116063063343382, 30120189902313, 292451576741007, 1156379271702225 } + } +}, +{ /* 2/31 */ + { + { 928372153029038, 2147692869914564, 1455665844462196, 1986737809425946, 185207050258089 }, + { 137732961814206, 706670923917341, 1387038086865771, 1965643813686352, 1384777115696347 }, + { 481144981981577, 2053319313589856, 2065402289827512, 617954271490316, 1106602634668125 } + }, + { + { 696298019648792, 893299659040895, 1148636718636009, 26734077349617, 2203955659340681 }, + { 657390353372855, 998499966885562, 991893336905797, 810470207106761, 343139804608786 }, + { 791736669492960, 934767652997115, 824656780392914, 1759463253018643, 361530362383518 } + }, + { + { 2022541353055597, 2094700262587466, 1551008075025686, 242785517418164, 695985404963562 }, + { 1287487199965223, 2215311941380308, 1552928390931986, 1664859529680196, 1125004975265243 }, + { 677434665154918, 989582503122485, 1817429540898386, 1052904935475344, 1143826298169798 } + }, + { + { 367266328308408, 318431188922404, 695629353755355, 634085657580832, 24581612564426 }, + { 773360688841258, 1815381330538070, 363773437667376, 539629987070205, 783280434248437 }, + { 180820816194166, 168937968377394, 748416242794470, 1227281252254508, 1567587861004268 } + }, + { + { 478775558583645, 2062896624554807, 699391259285399, 358099408427873, 1277310261461761 }, + { 1984740906540026, 1079164179400229, 1056021349262661, 1659958556483663, 1088529069025527 }, + { 580736401511151, 1842931091388998, 1177201471228238, 2075460256527244, 1301133425678027 } + }, + { + { 1515728832059182, 1575261009617579, 1510246567196186, 191078022609704, 116661716289141 }, + { 1295295738269652, 1714742313707026, 545583042462581, 2034411676262552, 1513248090013606 }, + { 230710545179830, 30821514358353, 760704303452229, 390668103790604, 573437871383156 } + }, + { + { 1169380107545646, 263167233745614, 2022901299054448, 819900753251120, 2023898464874585 }, + { 2102254323485823, 1570832666216754, 34696906544624, 1993213739807337, 70638552271463 }, + { 894132856735058, 548675863558441, 845349339503395, 1942269668326667, 1615682209874691 } + }, + { + { 1287670217537834, 1222355136884920, 1846481788678694, 1150426571265110, 1613523400722047 }, + { 793388516527298, 1315457083650035, 1972286999342417, 1901825953052455, 338269477222410 }, + { 550201530671806, 778605267108140, 2063911101902983, 115500557286349, 2041641272971022 } + } +}, +{ /* 3/31 */ + { + { 717255318455100, 519313764361315, 2080406977303708, 541981206705521, 774328150311600 }, + { 261715221532238, 1795354330069993, 1496878026850283, 499739720521052, 389031152673770 }, + { 1997217696294013, 1717306351628065, 1684313917746180, 1644426076011410, 1857378133465451 } + }, + { + { 1475434724792648, 76931896285979, 1116729029771667, 2002544139318042, 725547833803938 }, + { 2022306639183567, 726296063571875, 315345054448644, 1058733329149221, 1448201136060677 }, + { 1710065158525665, 1895094923036397, 123988286168546, 1145519900776355, 1607510767693874 } + }, + { + { 561605375422540, 1071733543815037, 131496498800990, 1946868434569999, 828138133964203 }, + { 1548495173745801, 442310529226540, 998072547000384, 553054358385281, 644824326376171 }, + { 1445526537029440, 2225519789662536, 914628859347385, 1064754194555068, 1660295614401091 } + }, + { + { 1199690223111956, 24028135822341, 66638289244341, 57626156285975, 565093967979607 }, + { 876926774220824, 554618976488214, 1012056309841565, 839961821554611, 1414499340307677 }, + { 703047626104145, 1266841406201770, 165556500219173, 486991595001879, 1011325891650656 } + }, + { + { 1622861044480487, 1156394801573634, 1869132565415504, 327103985777730, 2095342781472284 }, + { 334886927423922, 489511099221528, 129160865966726, 1720809113143481, 619700195649254 }, + { 1646545795166119, 1758370782583567, 714746174550637, 1472693650165135, 898994790308209 } + }, + { + { 333403773039279, 295772542452938, 1693106465353610, 912330357530760, 471235657950362 }, + { 1811196219982022, 1068969825533602, 289602974833439, 1988956043611592, 863562343398367 }, + { 906282429780072, 2108672665779781, 432396390473936, 150625823801893, 1708930497638539 } + }, + { + { 925664675702328, 21416848568684, 1831436641861340, 601157008940113, 371818055044496 }, + { 1479786007267725, 1738881859066675, 68646196476567, 2146507056100328, 1247662817535471 }, + { 52035296774456, 939969390708103, 312023458773250, 59873523517659, 1231345905848899 } + }, + { + { 643355106415761, 290186807495774, 2013561737429023, 319648069511546, 393736678496162 }, + { 129358342392716, 1932811617704777, 1176749390799681, 398040349861790, 1170779668090425 }, + { 2051980782668029, 121859921510665, 2048329875753063, 1235229850149665, 519062146124755 } + } +}, +{ /* 4/31 */ + { + { 1608170971973096, 415809060360428, 1350468408164766, 2038620059057678, 1026904485989112 }, + { 1837656083115103, 1510134048812070, 906263674192061, 1821064197805734, 565375124676301 }, + { 578027192365650, 2034800251375322, 2128954087207123, 478816193810521, 2196171989962750 } + }, + { + { 1633188840273139, 852787172373708, 1548762607215796, 1266275218902681, 1107218203325133 }, + { 462189358480054, 1784816734159228, 1611334301651368, 1303938263943540, 707589560319424 }, + { 1038829280972848, 38176604650029, 753193246598573, 1136076426528122, 595709990562434 } + }, + { + { 1408451820859834, 2194984964010833, 2198361797561729, 1061962440055713, 1645147963442934 }, + { 4701053362120, 1647641066302348, 1047553002242085, 1923635013395977, 206970314902065 }, + { 1750479161778571, 1362553355169293, 1891721260220598, 966109370862782, 1024913988299801 } + }, + { + { 212699049131723, 1117950018299775, 1873945661751056, 1403802921984058, 130896082652698 }, + { 636808533673210, 1262201711667560, 390951380330599, 1663420692697294, 561951321757406 }, + { 520731594438141, 1446301499955692, 273753264629267, 1565101517999256, 1019411827004672 } + }, + { + { 926527492029409, 1191853477411379, 734233225181171, 184038887541270, 1790426146325343 }, + { 1464651961852572, 1483737295721717, 1519450561335517, 1161429831763785, 405914998179977 }, + { 996126634382301, 796204125879525, 127517800546509, 344155944689303, 615279846169038 } + }, + { + { 738724080975276, 2188666632415296, 1961313708559162, 1506545807547587, 1151301638969740 }, + { 622917337413835, 1218989177089035, 1284857712846592, 970502061709359, 351025208117090 }, + { 2067814584765580, 1677855129927492, 2086109782475197, 235286517313238, 1416314046739645 } + }, + { + { 586844262630358, 307444381952195, 458399356043426, 602068024507062, 1028548203415243 }, + { 678489922928203, 2016657584724032, 90977383049628, 1026831907234582, 615271492942522 }, + { 301225714012278, 1094837270268560, 1202288391010439, 644352775178361, 1647055902137983 } + }, + { + { 1210746697896478, 1416608304244708, 686487477217856, 1245131191434135, 1051238336855737 }, + { 1135604073198207, 1683322080485474, 769147804376683, 2086688130589414, 900445683120379 }, + { 1971518477615628, 401909519527336, 448627091057375, 1409486868273821, 1214789035034363 } + } +}, +{ /* 5/31 */ + { + { 1364039144731711, 1897497433586190, 2203097701135459, 145461396811251, 1349844460790699 }, + { 1045230323257973, 818206601145807, 630513189076103, 1672046528998132, 807204017562437 }, + { 439961968385997, 386362664488986, 1382706320807688, 309894000125359, 2207801346498567 } + }, + { + { 1229004686397588, 920643968530863, 123975893911178, 681423993215777, 1400559197080973 }, + { 2003766096898049, 170074059235165, 1141124258967971, 1485419893480973, 1573762821028725 }, + { 729905708611432, 1270323270673202, 123353058984288, 426460209632942, 2195574535456672 } + }, + { + { 1271140255321235, 2044363183174497, 52125387634689, 1445120246694705, 942541986339084 }, + { 1761608437466135, 583360847526804, 1586706389685493, 2157056599579261, 1170692369685772 }, + { 871476219910823, 1878769545097794, 2241832391238412, 548957640601001, 690047440233174 } + }, + { + { 297194732135507, 1366347803776820, 1301185512245601, 561849853336294, 1533554921345731 }, + { 999628998628371, 1132836708493400, 2084741674517453, 469343353015612, 678782988708035 }, + { 2189427607417022, 699801937082607, 412764402319267, 1478091893643349, 2244675696854460 } + }, + { + { 1712292055966563, 204413590624874, 1405738637332841, 408981300829763, 861082219276721 }, + { 508561155940631, 966928475686665, 2236717801150132, 424543858577297, 2089272956986143 }, + { 221245220129925, 1156020201681217, 491145634799213, 542422431960839, 828100817819207 } + }, + { + { 153756971240384, 1299874139923977, 393099165260502, 1058234455773022, 996989038681183 }, + { 559086812798481, 573177704212711, 1629737083816402, 1399819713462595, 1646954378266038 }, + { 1887963056288059, 228507035730124, 1468368348640282, 930557653420194, 613513962454686 } + }, + { + { 1224529808187553, 1577022856702685, 2206946542980843, 625883007765001, 279930793512158 }, + { 1076287717051609, 1114455570543035, 187297059715481, 250446884292121, 1885187512550540 }, + { 902497362940219, 76749815795675, 1657927525633846, 1420238379745202, 1340321636548352 } + }, + { + { 1129576631190784, 1281994010027327, 996844254743018, 257876363489249, 1150850742055018 }, + { 628740660038789, 1943038498527841, 467786347793886, 1093341428303375, 235413859513003 }, + { 237425418909360, 469614029179605, 1512389769174935, 1241726368345357, 441602891065214 } + } +}, +{ /* 6/31 */ + { + { 1736417953058555, 726531315520508, 1833335034432527, 1629442561574747, 624418919286085 }, + { 1960754663920689, 497040957888962, 1909832851283095, 1271432136996826, 2219780368020940 }, + { 1537037379417136, 1358865369268262, 2130838645654099, 828733687040705, 1999987652890901 } + }, + { + { 629042105241814, 1098854999137608, 887281544569320, 1423102019874777, 7911258951561 }, + { 1811562332665373, 1501882019007673, 2213763501088999, 359573079719636, 36370565049116 }, + { 218907117361280, 1209298913016966, 1944312619096112, 1130690631451061, 1342327389191701 } + }, + { + { 1369976867854704, 1396479602419169, 1765656654398856, 2203659200586299, 998327836117241 }, + { 2230701885562825, 1348173180338974, 2172856128624598, 1426538746123771, 444193481326151 }, + { 784210426627951, 918204562375674, 1284546780452985, 1324534636134684, 1872449409642708 } + }, + { + { 319638829540294, 596282656808406, 2037902696412608, 1557219121643918, 341938082688094 }, + { 1901860206695915, 2004489122065736, 1625847061568236, 973529743399879, 2075287685312905 }, + { 1371853944110545, 1042332820512553, 1949855697918254, 1791195775521505, 37487364849293 } + }, + { + { 687200189577855, 1082536651125675, 644224940871546, 340923196057951, 343581346747396 }, + { 2082717129583892, 27829425539422, 145655066671970, 1690527209845512, 1865260509673478 }, + { 1059729620568824, 2163709103470266, 1440302280256872, 1769143160546397, 869830310425069 } + }, + { + { 1609516219779025, 777277757338817, 2101121130363987, 550762194946473, 1905542338659364 }, + { 2024821921041576, 426948675450149, 595133284085473, 471860860885970, 600321679413000 }, + { 598474602406721, 1468128276358244, 1191923149557635, 1501376424093216, 1281662691293476 } + }, + { + { 1721138489890707, 1264336102277790, 433064545421287, 1359988423149466, 1561871293409447 }, + { 719520245587143, 393380711632345, 132350400863381, 1543271270810729, 1819543295798660 }, + { 396397949784152, 1811354474471839, 1362679985304303, 2117033964846756, 498041172552279 } + }, + { + { 1812471844975748, 1856491995543149, 126579494584102, 1036244859282620, 1975108050082550 }, + { 650623932407995, 1137551288410575, 2125223403615539, 1725658013221271, 2134892965117796 }, + { 522584000310195, 1241762481390450, 1743702789495384, 2227404127826575, 1686746002148897 } + } +}, +{ /* 7/31 */ + { + { 427904865186312, 1703211129693455, 1585368107547509, 1436984488744336, 761188534613978 }, + { 318101947455002, 248138407995851, 1481904195303927, 309278454311197, 1258516760217879 }, + { 1275068538599310, 513726919533379, 349926553492294, 688428871968420, 1702400196000666 } + }, + { + { 1061864036265233, 961611260325381, 321859632700838, 1045600629959517, 1985130202504038 }, + { 1558816436882417, 1962896332636523, 1337709822062152, 1501413830776938, 294436165831932 }, + { 818359826554971, 1862173000996177, 626821592884859, 573655738872376, 1749691246745455 } + }, + { + { 1988022651432119, 1082111498586040, 1834020786104821, 1454826876423687, 692929915223122 }, + { 2146513703733331, 584788900394667, 464965657279958, 2183973639356127, 238371159456790 }, + { 1129007025494441, 2197883144413266, 265142755578169, 971864464758890, 1983715884903702 } + }, + { + { 1291366624493075, 381456718189114, 1711482489312444, 1815233647702022, 892279782992467 }, + { 444548969917454, 1452286453853356, 2113731441506810, 645188273895859, 810317625309512 }, + { 2242724082797924, 1373354730327868, 1006520110883049, 2147330369940688, 1151816104883620 } + }, + { + { 1745720200383796, 1911723143175317, 2056329390702074, 355227174309849, 879232794371100 }, + { 163723479936298, 115424889803150, 1156016391581227, 1894942220753364, 1970549419986329 }, + { 681981452362484, 267208874112496, 1374683991933094, 638600984916117, 646178654558546 } + }, + { + { 13378654854251, 106237307029567, 1944412051589651, 1841976767925457, 230702819835573 }, + { 260683893467075, 854060306077237, 913639551980112, 4704576840123, 280254810808712 }, + { 715374893080287, 1173334812210491, 1806524662079626, 1894596008000979, 398905715033393 } + }, + { + { 500026409727661, 1596431288195371, 1420380351989370, 985211561521489, 392444930785633 }, + { 2096421546958141, 1922523000950363, 789831022876840, 427295144688779, 320923973161730 }, + { 1927770723575450, 1485792977512719, 1850996108474547, 551696031508956, 2126047405475647 } + }, + { + { 2112099158080148, 742570803909715, 6484558077432, 1951119898618916, 93090382703416 }, + { 383905201636970, 859946997631870, 855623867637644, 1017125780577795, 794250831877809 }, + { 77571826285752, 999304298101753, 487841111777762, 1038031143212339, 339066367948762 } + } +}, +{ /* 8/31 */ + { + { 674994775520533, 266035846330789, 826951213393478, 1405007746162285, 1781791018620876 }, + { 1001412661522686, 348196197067298, 1666614366723946, 888424995032760, 580747687801357 }, + { 1939560076207777, 1409892634407635, 552574736069277, 383854338280405, 190706709864139 } + }, + { + { 2177087163428741, 1439255351721944, 1208070840382793, 2230616362004769, 1396886392021913 }, + { 676962063230039, 1880275537148808, 2046721011602706, 888463247083003, 1318301552024067 }, + { 1466980508178206, 617045217998949, 652303580573628, 757303753529064, 207583137376902 } + }, + { + { 1511056752906902, 105403126891277, 493434892772846, 1091943425335976, 1802717338077427 }, + { 1853982405405128, 1878664056251147, 1528011020803992, 1019626468153565, 1128438412189035 }, + { 1963939888391106, 293456433791664, 697897559513649, 985882796904380, 796244541237972 } + }, + { + { 416770998629779, 389655552427054, 1314476859406756, 1749382513022778, 1161905598739491 }, + { 1428358296490651, 1027115282420478, 304840698058337, 441410174026628, 1819358356278573 }, + { 204943430200135, 1554861433819175, 216426658514651, 264149070665950, 2047097371738319 } + }, + { + { 1934415182909034, 1393285083565062, 516409331772960, 1157690734993892, 121039666594268 }, + { 662035583584445, 286736105093098, 1131773000510616, 818494214211439, 472943792054479 }, + { 665784778135882, 1893179629898606, 808313193813106, 276797254706413, 1563426179676396 } + }, + { + { 945205108984232, 526277562959295, 1324180513733566, 1666970227868664, 153547609289173 }, + { 2031433403516252, 203996615228162, 170487168837083, 981513604791390, 843573964916831 }, + { 1476570093962618, 838514669399805, 1857930577281364, 2017007352225784, 317085545220047 } + }, + { + { 1461557121912842, 1600674043318359, 2157134900399597, 1670641601940616, 127765583803283 }, + { 1293543509393474, 2143624609202546, 1058361566797508, 214097127393994, 946888515472729 }, + { 357067959932916, 1290876214345711, 521245575443703, 1494975468601005, 800942377643885 } + }, + { + { 566116659100033, 820247422481740, 994464017954148, 327157611686365, 92591318111744 }, + { 617256647603209, 1652107761099439, 1857213046645471, 1085597175214970, 817432759830522 }, + { 771808161440705, 1323510426395069, 680497615846440, 851580615547985, 1320806384849017 } + } +}, +{ /* 9/31 */ + { + { 1219260086131915, 647169006596815, 79601124759706, 2161724213426748, 404861897060198 }, + { 1327968293887866, 1335500852943256, 1401587164534264, 558137311952440, 1551360549268902 }, + { 417621685193956, 1429953819744454, 396157358457099, 1940470778873255, 214000046234152 } + }, + { + { 1268047918491973, 2172375426948536, 1533916099229249, 1761293575457130, 1590622667026765 }, + { 1627072914981959, 2211603081280073, 1912369601616504, 1191770436221309, 2187309757525860 }, + { 1149147819689533, 378692712667677, 828475842424202, 2218619146419342, 70688125792186 } + }, + { + { 1299739417079761, 1438616663452759, 1536729078504412, 2053896748919838, 1008421032591246 }, + { 2040723824657366, 399555637875075, 632543375452995, 872649937008051, 1235394727030233 }, + { 2211311599327900, 2139787259888175, 938706616835350, 12609661139114, 2081897930719789 } + }, + { + { 1324994503390450, 336982330582631, 1183998925654177, 1091654665913274, 48727673971319 }, + { 1845522914617879, 1222198248335542, 150841072760134, 1927029069940982, 1189913404498011 }, + { 1079559557592645, 2215338383666441, 1903569501302605, 49033973033940, 305703433934152 } + }, + { + { 94653405416909, 1386121349852999, 1062130477891762, 36553947479274, 833669648948846 }, + { 1432015813136298, 440364795295369, 1395647062821501, 1976874522764578, 934452372723352 }, + { 1296625309219774, 2068273464883862, 1858621048097805, 1492281814208508, 2235868981918946 } + }, + { + { 1490330266465570, 1858795661361448, 1436241134969763, 294573218899647, 1208140011028933 }, + { 1282462923712748, 741885683986255, 2027754642827561, 518989529541027, 1826610009555945 }, + { 1525827120027511, 723686461809551, 1597702369236987, 244802101764964, 1502833890372311 } + }, + { + { 113622036244513, 1233740067745854, 674109952278496, 2114345180342965, 166764512856263 }, + { 2041668749310338, 2184405322203901, 1633400637611036, 2110682505536899, 2048144390084644 }, + { 503058759232932, 760293024620937, 2027152777219493, 666858468148475, 1539184379870952 } + }, + { + { 1916168475367211, 915626432541343, 883217071712575, 363427871374304, 1976029821251593 }, + { 678039535434506, 570587290189340, 1605302676614120, 2147762562875701, 1706063797091704 }, + { 1439489648586438, 2194580753290951, 832380563557396, 561521973970522, 584497280718389 } + } +}, +{ /* 10/31 */ + { + { 187989455492609, 681223515948275, 1933493571072456, 1872921007304880, 488162364135671 }, + { 1413466089534451, 410844090765630, 1397263346404072, 408227143123410, 1594561803147811 }, + { 2102170800973153, 719462588665004, 1479649438510153, 1097529543970028, 1302363283777685 } + }, + { + { 942065717847195, 1069313679352961, 2007341951411051, 70973416446291, 1419433790163706 }, + { 1146565545556377, 1661971299445212, 406681704748893, 564452436406089, 1109109865829139 }, + { 2214421081775077, 1165671861210569, 1890453018796184, 3556249878661, 442116172656317 } + }, + { + { 753830546620811, 1666955059895019, 1530775289309243, 1119987029104146, 2164156153857580 }, + { 615171919212796, 1523849404854568, 854560460547503, 2067097370290715, 1765325848586042 }, + { 1094538949313667, 1796592198908825, 870221004284388, 2025558921863561, 1699010892802384 } + }, + { + { 1951351290725195, 1916457206844795, 198025184438026, 1909076887557595, 1938542290318919 }, + { 1014323197538413, 869150639940606, 1756009942696599, 1334952557375672, 1544945379082874 }, + { 764055910920305, 1603590757375439, 146805246592357, 1843313433854297, 954279890114939 } + }, + { + { 80113526615750, 764536758732259, 1055139345100233, 469252651759390, 617897512431515 }, + { 74497112547268, 740094153192149, 1745254631717581, 727713886503130, 1283034364416928 }, + { 525892105991110, 1723776830270342, 1476444848991936, 573789489857760, 133864092632978 } + }, + { + { 542611720192581, 1986812262899321, 1162535242465837, 481498966143464, 544600533583622 }, + { 64123227344372, 1239927720647794, 1360722983445904, 222610813654661, 62429487187991 }, + { 1793193323953132, 91096687857833, 70945970938921, 2158587638946380, 1537042406482111 } + }, + { + { 1895854577604609, 1394895708949416, 1728548428495944, 1140864900240149, 563645333603061 }, + { 141358280486863, 91435889572504, 1087208572552643, 1829599652522921, 1193307020643647 }, + { 1611230858525381, 950720175540785, 499589887488610, 2001656988495019, 88977313255908 } + }, + { + { 1189080501479658, 2184348804772597, 1040818725742319, 2018318290311834, 1712060030915354 }, + { 873966876953756, 1090638350350440, 1708559325189137, 672344594801910, 1320437969700239 }, + { 1508590048271766, 1131769479776094, 101550868699323, 428297785557897, 561791648661744 } + } +}, +{ /* 11/31 */ + { + { 756417570499462, 237882279232602, 2136263418594016, 1701968045454886, 703713185137472 }, + { 1781187809325462, 1697624151492346, 1381393690939988, 175194132284669, 1483054666415238 }, + { 2175517777364616, 708781536456029, 955668231122942, 1967557500069555, 2021208005604118 } + }, + { + { 1115135966606887, 224217372950782, 915967306279222, 593866251291540, 561747094208006 }, + { 1443163092879439, 391875531646162, 2180847134654632, 464538543018753, 1594098196837178 }, + { 850858855888869, 319436476624586, 327807784938441, 740785849558761, 17128415486016 } + }, + { + { 2132756334090067, 536247820155645, 48907151276867, 608473197600695, 1261689545022784 }, + { 1525176236978354, 974205476721062, 293436255662638, 148269621098039, 137961998433963 }, + { 1121075518299410, 2071745529082111, 1265567917414828, 1648196578317805, 496232102750820 } + }, + { + { 122321229299801, 1022922077493685, 2001275453369484, 2017441881607947, 993205880778002 }, + { 654925550560074, 1168810995576858, 575655959430926, 905758704861388, 496774564663534 }, + { 1954109525779738, 2117022646152485, 338102630417180, 1194140505732026, 107881734943492 } + }, + { + { 1714785840001267, 2036500018681589, 1876380234251966, 2056717182974196, 1645855254384642 }, + { 106431476499341, 62482972120563, 1513446655109411, 807258751769522, 538491469114 }, + { 2002850762893643, 1243624520538135, 1486040410574605, 2184752338181213, 378495998083531 } + }, + { + { 922510868424903, 1089502620807680, 402544072617374, 1131446598479839, 1290278588136533 }, + { 1867998812076769, 715425053580701, 39968586461416, 2173068014586163, 653822651801304 }, + { 162892278589453, 182585796682149, 75093073137630, 497037941226502, 133871727117371 } + }, + { + { 1914596576579670, 1608999621851578, 1987629837704609, 1519655314857977, 1819193753409464 }, + { 1949315551096831, 1069003344994464, 1939165033499916, 1548227205730856, 1933767655861407 }, + { 1730519386931635, 1393284965610134, 1597143735726030, 416032382447158, 1429665248828629 } + }, + { + { 360275475604565, 547835731063078, 215360904187529, 596646739879007, 332709650425085 }, + { 47602113726801, 1522314509708010, 437706261372925, 814035330438027, 335930650933545 }, + { 1291597595523886, 1058020588994081, 402837842324045, 1363323695882781, 2105763393033193 } + } +}, +{ /* 12/31 */ + { + { 109521982566564, 1715257748585139, 1112231216891516, 2046641005101484, 134249157157013 }, + { 2156991030936798, 2227544497153325, 1869050094431622, 754875860479115, 1754242344267058 }, + { 1846089562873800, 98894784984326, 1412430299204844, 171351226625762, 1100604760929008 } + }, + { + { 84172382130492, 499710970700046, 425749630620778, 1762872794206857, 612842602127960 }, + { 868309334532756, 1703010512741873, 1952690008738057, 4325269926064, 2071083554962116 }, + { 523094549451158, 401938899487815, 1407690589076010, 2022387426254453, 158660516411257 } + }, + { + { 612867287630009, 448212612103814, 571629077419196, 1466796750919376, 1728478129663858 }, + { 1723848973783452, 2208822520534681, 1718748322776940, 1974268454121942, 1194212502258141 }, + { 1254114807944608, 977770684047110, 2010756238954993, 1783628927194099, 1525962994408256 } + }, + { + { 232464058235826, 1948628555342434, 1835348780427694, 1031609499437291, 64472106918373 }, + { 767338676040683, 754089548318405, 1523192045639075, 435746025122062, 512692508440385 }, + { 1255955808701983, 1700487367990941, 1166401238800299, 1175121994891534, 1190934801395380 } + }, + { + { 349144008168292, 1337012557669162, 1475912332999108, 1321618454900458, 47611291904320 }, + { 877519947135419, 2172838026132651, 272304391224129, 1655143327559984, 886229406429814 }, + { 375806028254706, 214463229793940, 572906353144089, 572168269875638, 697556386112979 } + }, + { + { 1168827102357844, 823864273033637, 2071538752104697, 788062026895924, 599578340743362 }, + { 1948116082078088, 2054898304487796, 2204939184983900, 210526805152138, 786593586607626 }, + { 1915320147894736, 156481169009469, 655050471180417, 592917090415421, 2165897438660879 } + }, + { + { 1726336468579724, 1119932070398949, 1929199510967666, 33918788322959, 1836837863503150 }, + { 829996854845988, 217061778005138, 1686565909803640, 1346948817219846, 1723823550730181 }, + { 384301494966394, 687038900403062, 2211195391021739, 254684538421383, 1245698430589680 } + }, + { + { 1247567493562688, 1978182094455847, 183871474792955, 806570235643435, 288461518067916 }, + { 1449077384734201, 38285445457996, 2136537659177832, 2146493000841573, 725161151123125 }, + { 1201928866368855, 800415690605445, 1703146756828343, 997278587541744, 1858284414104014 } + } +}, +{ /* 13/31 */ + { + { 356468809648877, 782373916933152, 1718002439402870, 1392222252219254, 663171266061951 }, + { 759628738230460, 1012693474275852, 353780233086498, 246080061387552, 2030378857679162 }, + { 2040672435071076, 888593182036908, 1298443657189359, 1804780278521327, 354070726137060 } + }, + { + { 1894938527423184, 1463213041477277, 474410505497651, 247294963033299, 877975941029128 }, + { 207937160991127, 12966911039119, 820997788283092, 1010440472205286, 1701372890140810 }, + { 218882774543183, 533427444716285, 1233243976733245, 435054256891319, 1509568989549904 } + }, + { + { 1888838535711826, 1052177758340622, 1213553803324135, 169182009127332, 463374268115872 }, + { 299137589460312, 1594371588983567, 868058494039073, 257771590636681, 1805012993142921 }, + { 1806842755664364, 2098896946025095, 1356630998422878, 1458279806348064, 347755825962072 } + }, + { + { 1402334161391744, 1560083671046299, 1008585416617747, 1147797150908892, 1420416683642459 }, + { 665506704253369, 273770475169863, 799236974202630, 848328990077558, 1811448782807931 }, + { 1468412523962641, 771866649897997, 1931766110147832, 799561180078482, 524837559150077 } + }, + { + { 2223212657821850, 630416247363666, 2144451165500328, 816911130947791, 1024351058410032 }, + { 1266603897524861, 156378408858100, 1275649024228779, 447738405888420, 253186462063095 }, + { 2022215964509735, 136144366993649, 1800716593296582, 1193970603800203, 871675847064218 } + }, + { + { 1862751661970328, 851596246739884, 1519315554814041, 1542798466547449, 1417975335901520 }, + { 1228168094547481, 334133883362894, 587567568420081, 433612590281181, 603390400373205 }, + { 121893973206505, 1843345804916664, 1703118377384911, 497810164760654, 101150811654673 } + }, + { + { 458346255946468, 290909935619344, 1452768413850679, 550922875254215, 1537286854336538 }, + { 584322311184395, 380661238802118, 114839394528060, 655082270500073, 2111856026034852 }, + { 996965581008991, 2148998626477022, 1012273164934654, 1073876063914522, 1688031788934939 } + }, + { + { 923487018849600, 2085106799623355, 528082801620136, 1606206360876188, 735907091712524 }, + { 1697697887804317, 1335343703828273, 831288615207040, 949416685250051, 288760277392022 }, + { 1419122478109648, 1325574567803701, 602393874111094, 2107893372601700, 1314159682671307 } + } +}, +{ /* 14/31 */ + { + { 2201150872731804, 2180241023425241, 97663456423163, 1633405770247824, 848945042443986 }, + { 1173339555550611, 818605084277583, 47521504364289, 924108720564965, 735423405754506 }, + { 830104860549448, 1886653193241086, 1600929509383773, 1475051275443631, 286679780900937 } + }, + { + { 1577111294832995, 1030899169768747, 144900916293530, 1964672592979567, 568390100955250 }, + { 278388655910247, 487143369099838, 927762205508727, 181017540174210, 1616886700741287 }, + { 1191033906638969, 940823957346562, 1606870843663445, 861684761499847, 658674867251089 } + }, + { + { 1875032594195546, 1427106132796197, 724736390962158, 901860512044740, 635268497268760 }, + { 622869792298357, 1903919278950367, 1922588621661629, 1520574711600434, 1087100760174640 }, + { 25465949416618, 1693639527318811, 1526153382657203, 125943137857169, 145276964043999 } + }, + { + { 214739857969358, 920212862967915, 1939901550972269, 1211862791775221, 85097515720120 }, + { 2006245852772938, 734762734836159, 254642929763427, 1406213292755966, 239303749517686 }, + { 1619678837192149, 1919424032779215, 1357391272956794, 1525634040073113, 1310226789796241 } + }, + { + { 1040763709762123, 1704449869235352, 605263070456329, 1998838089036355, 1312142911487502 }, + { 1996723311435669, 1844342766567060, 985455700466044, 1165924681400960, 311508689870129 }, + { 43173156290518, 2202883069785309, 1137787467085917, 1733636061944606, 1394992037553852 } + }, + { + { 670078326344559, 555655025059356, 471959386282438, 2141455487356409, 849015953823125 }, + { 2197214573372804, 794254097241315, 1030190060513737, 267632515541902, 2040478049202624 }, + { 1812516004670529, 1609256702920783, 1706897079364493, 258549904773295, 996051247540686 } + }, + { + { 1540374301420584, 1764656898914615, 1810104162020396, 923808779163088, 664390074196579 }, + { 1323460699404750, 1262690757880991, 871777133477900, 1060078894988977, 1712236889662886 }, + { 1696163952057966, 1391710137550823, 608793846867416, 1034391509472039, 1780770894075012 } + }, + { + { 1367603834210841, 2131988646583224, 890353773628144, 1908908219165595, 270836895252891 }, + { 597536315471731, 40375058742586, 1942256403956049, 1185484645495932, 312666282024145 }, + { 1919411405316294, 1234508526402192, 1066863051997083, 1008444703737597, 1348810787701552 } + } +}, +{ /* 15/31 */ + { + { 2102881477513865, 1570274565945361, 1573617900503708, 18662635732583, 2232324307922098 }, + { 1853931367696942, 8107973870707, 350214504129299, 775206934582587, 1752317649166792 }, + { 1417148368003523, 721357181628282, 505725498207811, 373232277872983, 261634707184480 } + }, + { + { 2186733281493267, 2250694917008620, 1014829812957440, 479998161452389, 83566193876474 }, + { 1268116367301224, 560157088142809, 802626839600444, 2210189936605713, 1129993785579988 }, + { 615183387352312, 917611676109240, 878893615973325, 978940963313282, 938686890583575 } + }, + { + { 522024729211672, 1045059315315808, 1892245413707790, 1907891107684253, 2059998109500714 }, + { 1799679152208884, 912132775900387, 25967768040979, 432130448590461, 274568990261996 }, + { 98698809797682, 2144627600856209, 1907959298569602, 811491302610148, 1262481774981493 } + }, + { + { 1791451399743152, 1713538728337276, 118349997257490, 1882306388849954, 158235232210248 }, + { 1217809823321928, 2173947284933160, 1986927836272325, 1388114931125539, 12686131160169 }, + { 1650875518872272, 1136263858253897, 1732115601395988, 734312880662190, 1252904681142109 } + }, + { + { 372986456113865, 525430915458171, 2116279931702135, 501422713587815, 1907002872974925 }, + { 803147181835288, 868941437997146, 316299302989663, 943495589630550, 571224287904572 }, + { 227742695588364, 1776969298667369, 628602552821802, 457210915378118, 2041906378111140 } + }, + { + { 815000523470260, 913085688728307, 1052060118271173, 1345536665214223, 541623413135555 }, + { 1580216071604333, 1877997504342444, 857147161260913, 703522726778478, 2182763974211603 }, + { 1870080310923419, 71988220958492, 1783225432016732, 615915287105016, 1035570475990230 } + }, + { + { 730987750830150, 857613889540280, 1083813157271766, 1002817255970169, 1719228484436074 }, + { 377616581647602, 1581980403078513, 804044118130621, 2034382823044191, 643844048472185 }, + { 176957326463017, 1573744060478586, 528642225008045, 1816109618372371, 1515140189765006 } + }, + { + { 1888911448245718, 1387110895611080, 1924503794066429, 1731539523700949, 2230378382645454 }, + { 443392177002051, 233793396845137, 2199506622312416, 1011858706515937, 974676837063129 }, + { 1846351103143623, 1949984838808427, 671247021915253, 1946756846184401, 1929296930380217 } + } +}, +{ /* 16/31 */ + { + { 849646212452002, 1410198775302919, 73767886183695, 1641663456615812, 762256272452411 }, + { 692017667358279, 723305578826727, 1638042139863265, 748219305990306, 334589200523901 }, + { 22893968530686, 2235758574399251, 1661465835630252, 925707319443452, 1203475116966621 } + }, + { + { 801299035785166, 1733292596726131, 1664508947088596, 467749120991922, 1647498584535623 }, + { 903105258014366, 427141894933047, 561187017169777, 1884330244401954, 1914145708422219 }, + { 1344191060517578, 1960935031767890, 1518838929955259, 1781502350597190, 1564784025565682 } + }, + { + { 673723351748086, 1979969272514923, 1175287312495508, 1187589090978666, 1881897672213940 }, + { 1917185587363432, 1098342571752737, 5935801044414, 2000527662351839, 1538640296181569 }, + { 2495540013192, 678856913479236, 224998292422872, 219635787698590, 1972465269000940 } + }, + { + { 271413961212179, 1353052061471651, 344711291283483, 2014925838520662, 2006221033113941 }, + { 194583029968109, 514316781467765, 829677956235672, 1676415686873082, 810104584395840 }, + { 1980510813313589, 1948645276483975, 152063780665900, 129968026417582, 256984195613935 } + }, + { + { 1860190562533102, 1936576191345085, 461100292705964, 1811043097042830, 957486749306835 }, + { 796664815624365, 1543160838872951, 1500897791837765, 1667315977988401, 599303877030711 }, + { 1151480509533204, 2136010406720455, 738796060240027, 319298003765044, 1150614464349587 } + }, + { + { 1731069268103150, 735642447616087, 1364750481334268, 417232839982871, 927108269127661 }, + { 1017222050227968, 1987716148359, 2234319589635701, 621282683093392, 2132553131763026 }, + { 1567828528453324, 1017807205202360, 565295260895298, 829541698429100, 307243822276582 } + }, + { + { 249079270936248, 1501514259790706, 947909724204848, 944551802437487, 552658763982480 }, + { 2089966982947227, 1854140343916181, 2151980759220007, 2139781292261749, 158070445864917 }, + { 1338766321464554, 1906702607371284, 1519569445519894, 115384726262267, 1393058953390992 } + }, + { + { 1364621558265400, 1512388234908357, 1926731583198686, 2041482526432505, 920401122333774 }, + { 1884844597333588, 601480070269079, 620203503079537, 1079527400117915, 1202076693132015 }, + { 840922919763324, 727955812569642, 1303406629750194, 522898432152867, 294161410441865 } + } +}, +{ /* 17/31 */ + { + { 353760790835310, 1598361541848743, 1122905698202299, 1922533590158905, 419107700666580 }, + { 359856369838236, 180914355488683, 861726472646627, 218807937262986, 575626773232501 }, + { 755467689082474, 909202735047934, 730078068932500, 936309075711518, 2007798262842972 } + }, + { + { 1609384177904073, 362745185608627, 1335318541768201, 800965770436248, 547877979267412 }, + { 984339177776787, 815727786505884, 1645154585713747, 1659074964378553, 1686601651984156 }, + { 1697863093781930, 599794399429786, 1104556219769607, 830560774794755, 12812858601017 } + }, + { + { 1168737550514982, 897832437380552, 463140296333799, 302564600022547, 2008360505135501 }, + { 1856930662813910, 678090852002597, 1920179140755167, 1259527833759868, 55540971895511 }, + { 1158643631044921, 476554103621892, 178447851439725, 1305025542653569, 103433927680625 } + }, + { + { 2176793111709008, 1576725716350391, 2009350167273523, 2012390194631546, 2125297410909580 }, + { 825403285195098, 2144208587560784, 1925552004644643, 1915177840006985, 1015952128947864 }, + { 1807108316634472, 1534392066433717, 347342975407218, 1153820745616376, 7375003497471 } + }, + { + { 983061001799725, 431211889901241, 2201903782961093, 817393911064341, 2214616493042167 }, + { 228567918409756, 865093958780220, 358083886450556, 159617889659320, 1360637926292598 }, + { 234147501399755, 2229469128637390, 2175289352258889, 1397401514549353, 1885288963089922 } + }, + { + { 1111762412951562, 252849572507389, 1048714233823341, 146111095601446, 1237505378776770 }, + { 1113790697840279, 1051167139966244, 1045930658550944, 2011366241542643, 1686166824620755 }, + { 1054097349305049, 1872495070333352, 182121071220717, 1064378906787311, 100273572924182 } + }, + { + { 1306410853171605, 1627717417672447, 50983221088417, 1109249951172250, 870201789081392 }, + { 104233794644221, 1548919791188248, 2224541913267306, 2054909377116478, 1043803389015153 }, + { 216762189468802, 707284285441622, 190678557969733, 973969342604308, 1403009538434867 } + }, + { + { 1279024291038477, 344776835218310, 273722096017199, 1834200436811442, 634517197663804 }, + { 343805853118335, 1302216857414201, 566872543223541, 2051138939539004, 321428858384280 }, + { 470067171324852, 1618629234173951, 2000092177515639, 7307679772789, 1117521120249968 } + } +}, +{ /* 18/31 */ + { + { 278151578291475, 1810282338562947, 1771599529530998, 1383659409671631, 685373414471841 }, + { 577009397403102, 1791440261786291, 2177643735971638, 174546149911960, 1412505077782326 }, + { 893719721537457, 1201282458018197, 1522349501711173, 58011597740583, 1130406465887139 } + }, + { + { 412607348255453, 1280455764199780, 2233277987330768, 14180080401665, 331584698417165 }, + { 262483770854550, 990511055108216, 526885552771698, 571664396646158, 354086190278723 }, + { 1820352417585487, 24495617171480, 1547899057533253, 10041836186225, 480457105094042 } + }, + { + { 2023310314989233, 637905337525881, 2106474638900687, 557820711084072, 1687858215057826 }, + { 1144168702609745, 604444390410187, 1544541121756138, 1925315550126027, 626401428894002 }, + { 1922168257351784, 2018674099908659, 1776454117494445, 956539191509034, 36031129147635 } + }, + { + { 544644538748041, 1039872944430374, 876750409130610, 710657711326551, 1216952687484972 }, + { 58242421545916, 2035812695641843, 2118491866122923, 1191684463816273, 46921517454099 }, + { 272268252444639, 1374166457774292, 2230115177009552, 1053149803909880, 1354288411641016 } + }, + { + { 1857910905368338, 1754729879288912, 885945464109877, 1516096106802166, 1602902393369811 }, + { 1193437069800958, 901107149704790, 999672920611411, 477584824802207, 364239578697845 }, + { 886299989548838, 1538292895758047, 1590564179491896, 1944527126709657, 837344427345298 } + }, + { + { 754558365378305, 1712186480903618, 1703656826337531, 750310918489786, 518996040250900 }, + { 1309847803895382, 1462151862813074, 211370866671570, 1544595152703681, 1027691798954090 }, + { 803217563745370, 1884799722343599, 1357706345069218, 2244955901722095, 730869460037413 } + }, + { + { 689299471295966, 1831210565161071, 1375187341585438, 1106284977546171, 1893781834054269 }, + { 696351368613042, 1494385251239250, 738037133616932, 636385507851544, 927483222611406 }, + { 1949114198209333, 1104419699537997, 783495707664463, 1747473107602770, 2002634765788641 } + }, + { + { 1607325776830197, 530883941415333, 1451089452727895, 1581691157083423, 496100432831154 }, + { 1068900648804224, 2006891997072550, 1134049269345549, 1638760646180091, 2055396084625778 }, + { 2222475519314561, 1870703901472013, 1884051508440561, 1344072275216753, 1318025677799069 } + } +}, +{ /* 19/31 */ + { + { 155711679280656, 681100400509288, 389811735211209, 2135723811340709, 408733211204125 }, + { 7813206966729, 194444201427550, 2071405409526507, 1065605076176312, 1645486789731291 }, + { 16625790644959, 1647648827778410, 1579910185572704, 436452271048548, 121070048451050 } + }, + { + { 1037263028552531, 568385780377829, 297953104144430, 1558584511931211, 2238221839292471 }, + { 190565267697443, 672855706028058, 338796554369226, 337687268493904, 853246848691734 }, + { 1763863028400139, 766498079432444, 1321118624818005, 69494294452268, 858786744165651 } + }, + { + { 1292056768563024, 1456632109855638, 1100631247050184, 1386133165675321, 1232898350193752 }, + { 366253102478259, 525676242508811, 1449610995265438, 1183300845322183, 185960306491545 }, + { 28315355815982, 460422265558930, 1799675876678724, 1969256312504498, 1051823843138725 } + }, + { + { 156914999361983, 1606148405719949, 1665208410108430, 317643278692271, 1383783705665320 }, + { 54684536365732, 2210010038536222, 1194984798155308, 535239027773705, 1516355079301361 }, + { 1484387703771650, 198537510937949, 2186282186359116, 617687444857508, 647477376402122 } + }, + { + { 2147715541830533, 500032538445817, 646380016884826, 352227855331122, 1488268620408052 }, + { 159386186465542, 1877626593362941, 618737197060512, 1026674284330807, 1158121760792685 }, + { 1744544377739822, 1964054180355661, 1685781755873170, 2169740670377448, 1286112621104591 } + }, + { + { 81977249784993, 1667943117713086, 1668983819634866, 1605016835177615, 1353960708075544 }, + { 1602253788689063, 439542044889886, 2220348297664483, 657877410752869, 157451572512238 }, + { 1029287186166717, 65860128430192, 525298368814832, 1491902500801986, 1461064796385400 } + }, + { + { 408216988729246, 2121095722306989, 913562102267595, 1879708920318308, 241061448436731 }, + { 1185483484383269, 1356339572588553, 584932367316448, 102132779946470, 1792922621116791 }, + { 1966196870701923, 2230044620318636, 1425982460745905, 261167817826569, 46517743394330 } + }, + { + { 107077591595359, 884959942172345, 27306869797400, 2224911448949390, 964352058245223 }, + { 1730194207717538, 431790042319772, 1831515233279467, 1372080552768581, 1074513929381760 }, + { 1450880638731607, 1019861580989005, 1229729455116861, 1174945729836143, 826083146840706 } + } +}, +{ /* 20/31 */ + { + { 1899935429242705, 1602068751520477, 940583196550370, 82431069053859, 1540863155745696 }, + { 2136688454840028, 2099509000964294, 1690800495246475, 1217643678575476, 828720645084218 }, + { 765548025667841, 462473984016099, 998061409979798, 546353034089527, 2212508972466858 } + }, + { + { 46575283771160, 892570971573071, 1281983193144090, 1491520128287375, 75847005908304 }, + { 1801436127943107, 1734436817907890, 1268728090345068, 167003097070711, 2233597765834956 }, + { 1997562060465113, 1048700225534011, 7615603985628, 1855310849546841, 2242557647635213 } + }, + { + { 1161017320376250, 492624580169043, 2169815802355237, 976496781732542, 1770879511019629 }, + { 1357044908364776, 729130645262438, 1762469072918979, 1365633616878458, 181282906404941 }, + { 1080413443139865, 1155205815510486, 1848782073549786, 622566975152580, 124965574467971 } + }, + { + { 1184526762066993, 247622751762817, 692129017206356, 820018689412496, 2188697339828085 }, + { 2020536369003019, 202261491735136, 1053169669150884, 2056531979272544, 778165514694311 }, + { 237404399610207, 1308324858405118, 1229680749538400, 720131409105291, 1958958863624906 } + }, + { + { 515583508038846, 17656978857189, 1717918437373989, 1568052070792483, 46975803123923 }, + { 281527309158085, 36970532401524, 866906920877543, 2222282602952734, 1289598729589882 }, + { 1278207464902042, 494742455008756, 1262082121427081, 1577236621659884, 1888786707293291 } + }, + { + { 353042527954210, 1830056151907359, 1111731275799225, 174960955838824, 404312815582675 }, + { 2064251142068628, 1666421603389706, 1419271365315441, 468767774902855, 191535130366583 }, + { 1716987058588002, 1859366439773457, 1767194234188234, 64476199777924, 1117233614485261 } + }, + { + { 984292135520292, 135138246951259, 2220652137473167, 1722843421165029, 190482558012909 }, + { 298845952651262, 1166086588952562, 1179896526238434, 1347812759398693, 1412945390096208 }, + { 1143239552672925, 906436640714209, 2177000572812152, 2075299936108548, 325186347798433 } + }, + { + { 721024854374772, 684487861263316, 1373438744094159, 2193186935276995, 1387043709851261 }, + { 418098668140962, 715065997721283, 1471916138376055, 2168570337288357, 937812682637044 }, + { 1043584187226485, 2143395746619356, 2209558562919611, 482427979307092, 847556718384018 } + } +}, +{ /* 21/31 */ + { + { 1248731221520759, 1465200936117687, 540803492710140, 52978634680892, 261434490176109 }, + { 1057329623869501, 620334067429122, 461700859268034, 2012481616501857, 297268569108938 }, + { 1055352180870759, 1553151421852298, 1510903185371259, 1470458349428097, 1226259419062731 } + }, + { + { 1492988790301668, 790326625573331, 1190107028409745, 1389394752159193, 1620408196604194 }, + { 47000654413729, 1004754424173864, 1868044813557703, 173236934059409, 588771199737015 }, + { 30498470091663, 1082245510489825, 576771653181956, 806509986132686, 1317634017056939 } + }, + { + { 420308055751555, 1493354863316002, 165206721528088, 1884845694919786, 2065456951573059 }, + { 1115636332012334, 1854340990964155, 83792697369514, 1972177451994021, 457455116057587 }, + { 1698968457310898, 1435137169051090, 1083661677032510, 938363267483709, 340103887207182 } + }, + { + { 1995325341336574, 911500251774648, 164010755403692, 855378419194762, 1573601397528842 }, + { 241719380661528, 310028521317150, 1215881323380194, 1408214976493624, 2141142156467363 }, + { 1315157046163473, 727368447885818, 1363466668108618, 1668921439990361, 1398483384337907 } + }, + { + { 75029678299646, 1015388206460473, 1849729037055212, 1939814616452984, 444404230394954 }, + { 2053597130993710, 2024431685856332, 2233550957004860, 2012407275509545, 872546993104440 }, + { 1217269667678610, 599909351968693, 1390077048548598, 1471879360694802, 739586172317596 } + }, + { + { 1718318639380794, 1560510726633958, 904462881159922, 1418028351780052, 94404349451937 }, + { 2132502667405250, 214379346175414, 1502748313768060, 1960071701057800, 1353971822643138 }, + { 319394212043702, 2127459436033571, 717646691535162, 663366796076914, 318459064945314 } + }, + { + { 405989424923593, 1960452633787083, 667349034401665, 1492674260767112, 1451061489880787 }, + { 947085906234007, 323284730494107, 1485778563977200, 728576821512394, 901584347702286 }, + { 1575783124125742, 2126210792434375, 1569430791264065, 1402582372904727, 1891780248341114 } + }, + { + { 838432205560695, 1997703511451664, 1018791879907867, 1662001808174331, 78328132957753 }, + { 739152638255629, 2074935399403557, 505483666745895, 1611883356514088, 628654635394878 }, + { 1822054032121349, 643057948186973, 7306757352712, 577249257962099, 284735863382083 } + } +}, +{ /* 22/31 */ + { + { 1366558556363930, 1448606567552086, 1478881020944768, 165803179355898, 1115718458123498 }, + { 204146226972102, 1630511199034723, 2215235214174763, 174665910283542, 956127674017216 }, + { 1562934578796716, 1070893489712745, 11324610642270, 958989751581897, 2172552325473805 } + }, + { + { 1770564423056027, 735523631664565, 1326060113795289, 1509650369341127, 65892421582684 }, + { 623682558650637, 1337866509471512, 990313350206649, 1314236615762469, 1164772974270275 }, + { 223256821462517, 723690150104139, 1000261663630601, 933280913953265, 254872671543046 } + }, + { + { 1969087237026041, 624795725447124, 1335555107635969, 2069986355593023, 1712100149341902 }, + { 1236103475266979, 1837885883267218, 1026072585230455, 1025865513954973, 1801964901432134 }, + { 1115241013365517, 1712251818829143, 2148864332502771, 2096001471438138, 2235017246626125 } + }, + { + { 1299268198601632, 2047148477845621, 2165648650132450, 1612539282026145, 514197911628890 }, + { 118352772338543, 1067608711804704, 1434796676193498, 1683240170548391, 230866769907437 }, + { 1850689576796636, 1601590730430274, 1139674615958142, 1954384401440257, 76039205311 } + }, + { + { 1723387471374172, 997301467038410, 533927635123657, 20928644693965, 1756575222802513 }, + { 2146711623855116, 503278928021499, 625853062251406, 1109121378393107, 1033853809911861 }, + { 571005965509422, 2005213373292546, 1016697270349626, 56607856974274, 914438579435146 } + }, + { + { 1346698876211176, 2076651707527589, 1084761571110205, 265334478828406, 1068954492309671 }, + { 1769967932677654, 1695893319756416, 1151863389675920, 1781042784397689, 400287774418285 }, + { 1851867764003121, 403841933237558, 820549523771987, 761292590207581, 1743735048551143 } + }, + { + { 410915148140008, 2107072311871739, 1004367461876503, 99684895396761, 1180818713503224 }, + { 285945406881439, 648174397347453, 1098403762631981, 1366547441102991, 1505876883139217 }, + { 672095903120153, 1675918957959872, 636236529315028, 1569297300327696, 2164144194785875 } + }, + { + { 1902708175321798, 1035343530915438, 1178560808893263, 301095684058146, 1280977479761118 }, + { 1615357281742403, 404257611616381, 2160201349780978, 1160947379188955, 1578038619549541 }, + { 2013087639791217, 822734930507457, 1785668418619014, 1668650702946164, 389450875221715 } + } +}, +{ /* 23/31 */ + { + { 453918449698368, 106406819929001, 2072540975937135, 308588860670238, 1304394580755385 }, + { 1295082798350326, 2091844511495996, 1851348972587817, 3375039684596, 789440738712837 }, + { 2083069137186154, 848523102004566, 993982213589257, 1405313299916317, 1532824818698468 } + }, + { + { 1495961298852430, 1397203457344779, 1774950217066942, 139302743555696, 66603584342787 }, + { 1782411379088302, 1096724939964781, 27593390721418, 542241850291353, 1540337798439873 }, + { 693543956581437, 171507720360750, 1557908942697227, 1074697073443438, 1104093109037196 } + }, + { + { 345288228393419, 1099643569747172, 134881908403743, 1740551994106740, 248212179299770 }, + { 231429562203065, 1526290236421172, 2021375064026423, 1520954495658041, 806337791525116 }, + { 1079623667189886, 872403650198613, 766894200588288, 2163700860774109, 2023464507911816 } + }, + { + { 854645372543796, 1936406001954827, 151460662541253, 825325739271555, 1554306377287556 }, + { 1497138821904622, 1044820250515590, 1742593886423484, 1237204112746837, 849047450816987 }, + { 667962773375330, 1897271816877105, 1399712621683474, 1143302161683099, 2081798441209593 } + }, + { + { 127147851567005, 1936114012888110, 1704424366552046, 856674880716312, 716603621335359 }, + { 1072409664800960, 2146937497077528, 1508780108920651, 935767602384853, 1112800433544068 }, + { 333549023751292, 280219272863308, 2104176666454852, 1036466864875785, 536135186520207 } + }, + { + { 373666279883137, 146457241530109, 304116267127857, 416088749147715, 1258577131183391 }, + { 1186115062588401, 2251609796968486, 1098944457878953, 1153112761201374, 1791625503417267 }, + { 1870078460219737, 2129630962183380, 852283639691142, 292865602592851, 401904317342226 } + }, + { + { 1361070124828035, 815664541425524, 1026798897364671, 1951790935390647, 555874891834790 }, + { 1546301003424277, 459094500062839, 1097668518375311, 1780297770129643, 720763293687608 }, + { 1212405311403990, 1536693382542438, 61028431067459, 1863929423417129, 1223219538638038 } + }, + { + { 1294303766540260, 1183557465955093, 882271357233093, 63854569425375, 2213283684565087 }, + { 339050984211414, 601386726509773, 413735232134068, 966191255137228, 1839475899458159 }, + { 235605972169408, 2174055643032978, 1538335001838863, 1281866796917192, 1815940222628465 } + } +}, +{ /* 24/31 */ + { + { 1632352921721536, 1833328609514701, 2092779091951987, 1923956201873226, 2210068022482919 }, + { 35271216625062, 1712350667021807, 983664255668860, 98571260373038, 1232645608559836 }, + { 1998172393429622, 1798947921427073, 784387737563581, 1589352214827263, 1589861734168180 } + }, + { + { 1733739258725305, 31715717059538, 201969945218860, 992093044556990, 1194308773174556 }, + { 846415389605137, 746163495539180, 829658752826080, 592067705956946, 957242537821393 }, + { 1758148849754419, 619249044817679, 168089007997045, 1371497636330523, 1867101418880350 } + }, + { + { 326633984209635, 261759506071016, 1700682323676193, 1577907266349064, 1217647663383016 }, + { 1714182387328607, 1477856482074168, 574895689942184, 2159118410227270, 1555532449716575 }, + { 853828206885131, 998498946036955, 1835887550391235, 207627336608048, 258363815956050 } + }, + { + { 141141474651677, 1236728744905256, 643101419899887, 1646615130509173, 1208239602291765 }, + { 1501663228068911, 1354879465566912, 1444432675498247, 897812463852601, 855062598754348 }, + { 714380763546606, 1032824444965790, 1774073483745338, 1063840874947367, 1738680636537158 } + }, + { + { 1640635546696252, 633168953192112, 2212651044092396, 30590958583852, 368515260889378 }, + { 1171650314802029, 1567085444565577, 1453660792008405, 757914533009261, 1619511342778196 }, + { 420958967093237, 971103481109486, 2169549185607107, 1301191633558497, 1661514101014240 } + }, + { + { 907123651818302, 1332556122804146, 1824055253424487, 1367614217442959, 1982558335973172 }, + { 1121533090144639, 1021251337022187, 110469995947421, 1511059774758394, 2110035908131662 }, + { 303213233384524, 2061932261128138, 352862124777736, 40828818670255, 249879468482660 } + }, + { + { 856559257852200, 508517664949010, 1378193767894916, 1723459126947129, 1962275756614521 }, + { 1445691340537320, 40614383122127, 402104303144865, 485134269878232, 1659439323587426 }, + { 20057458979482, 1183363722525800, 2140003847237215, 2053873950687614, 2112017736174909 } + }, + { + { 2228654250927986, 1483591363415267, 1368661293910956, 1076511285177291, 526650682059608 }, + { 709481497028540, 531682216165724, 316963769431931, 1814315888453765, 258560242424104 }, + { 1053447823660455, 1955135194248683, 1010900954918985, 1182614026976701, 1240051576966610 } + } +}, +{ /* 25/31 */ + { + { 1957943897155497, 1788667368028035, 137692910029106, 1039519607062, 826404763313028 }, + { 1848942433095597, 1582009882530495, 1849292741020143, 1068498323302788, 2001402229799484 }, + { 1528282417624269, 2142492439828191, 2179662545816034, 362568973150328, 1591374675250271 } + }, + { + { 160026679434388, 232341189218716, 2149181472355545, 598041771119831, 183859001910173 }, + { 2013278155187349, 662660471354454, 793981225706267, 411706605985744, 804490933124791 }, + { 2051892037280204, 488391251096321, 2230187337030708, 930221970662692, 679002758255210 } + }, + { + { 1530723630438670, 875873929577927, 341560134269988, 449903119530753, 1055551308214179 }, + { 1461835919309432, 1955256480136428, 180866187813063, 1551979252664528, 557743861963950 }, + { 359179641731115, 1324915145732949, 902828372691474, 294254275669987, 1887036027752957 } + }, + { + { 2043271609454323, 2038225437857464, 1317528426475850, 1398989128982787, 2027639881006861 }, + { 2072902725256516, 312132452743412, 309930885642209, 996244312618453, 1590501300352303 }, + { 1397254305160710, 695734355138021, 2233992044438756, 1776180593969996, 1085588199351115 } + }, + { + { 440567051331029, 254894786356681, 493869224930222, 1556322069683366, 1567456540319218 }, + { 1950722461391320, 1907845598854797, 1822757481635527, 2121567704750244, 73811931471221 }, + { 387139307395758, 2058036430315676, 1220915649965325, 1794832055328951, 1230009312169328 } + }, + { + { 1765973779329517, 659344059446977, 19821901606666, 1301928341311214, 1116266004075885 }, + { 1127572801181483, 1224743760571696, 1276219889847274, 1529738721702581, 1589819666871853 }, + { 2181229378964934, 2190885205260020, 1511536077659137, 1246504208580490, 668883326494241 } + }, + { + { 437866655573314, 669026411194768, 81896997980338, 523874406393178, 245052060935236 }, + { 1975438052228868, 1071801519999806, 594652299224319, 1877697652668809, 1489635366987285 }, + { 958592545673770, 233048016518599, 851568750216589, 567703851596087, 1740300006094761 } + }, + { + { 2014540178270324, 192672779514432, 213877182641530, 2194819933853411, 1716422829364835 }, + { 1540769606609725, 2148289943846077, 1597804156127445, 1230603716683868, 815423458809453 }, + { 1738560251245018, 1779576754536888, 1783765347671392, 1880170990446751, 1088225159617541 } + } +}, +{ /* 26/31 */ + { + { 659303913929492, 1956447718227573, 1830568515922666, 841069049744408, 1669607124206368 }, + { 1143465490433355, 1532194726196059, 1093276745494697, 481041706116088, 2121405433561163 }, + { 1686424298744462, 1451806974487153, 266296068846582, 1834686947542675, 1720762336132256 } + }, + { + { 889217026388959, 1043290623284660, 856125087551909, 1669272323124636, 1603340330827879 }, + { 1206396181488998, 333158148435054, 1402633492821422, 1120091191722026, 1945474114550509 }, + { 766720088232571, 1512222781191002, 1189719893490790, 2091302129467914, 2141418006894941 } + }, + { + { 419663647306612, 1998875112167987, 1426599870253707, 1154928355379510, 486538532138187 }, + { 938160078005954, 1421776319053174, 1941643234741774, 180002183320818, 1414380336750546 }, + { 398001940109652, 1577721237663248, 1012748649830402, 1540516006905144, 1011684812884559 } + }, + { + { 1653276489969630, 6081825167624, 1921777941170836, 1604139841794531, 861211053640641 }, + { 996661541407379, 1455877387952927, 744312806857277, 139213896196746, 1000282908547789 }, + { 1450817495603008, 1476865707053229, 1030490562252053, 620966950353376, 1744760161539058 } + }, + { + { 559728410002599, 37056661641185, 2038622963352006, 1637244893271723, 1026565352238948 }, + { 962165956135846, 1116599660248791, 182090178006815, 1455605467021751, 196053588803284 }, + { 796863823080135, 1897365583584155, 420466939481601, 2165972651724672, 932177357788289 } + }, + { + { 877047233620632, 1375632631944375, 643773611882121, 660022738847877, 19353932331831 }, + { 2216943882299338, 394841323190322, 2222656898319671, 558186553950529, 1077236877025190 }, + { 801118384953213, 1914330175515892, 574541023311511, 1471123787903705, 1526158900256288 } + }, + { + { 949617889087234, 2207116611267331, 912920039141287, 501158539198789, 62362560771472 }, + { 1474518386765335, 1760793622169197, 1157399790472736, 1622864308058898, 165428294422792 }, + { 1961673048027128, 102619413083113, 1051982726768458, 1603657989805485, 1941613251499678 } + }, + { + { 1401939116319266, 335306339903072, 72046196085786, 862423201496006, 850518754531384 }, + { 1234706593321979, 1083343891215917, 898273974314935, 1640859118399498, 157578398571149 }, + { 1143483057726416, 1992614991758919, 674268662140796, 1773370048077526, 674318359920189 } + } +}, +{ /* 27/31 */ + { + { 1835401379538542, 173900035308392, 818247630716732, 1762100412152786, 1021506399448291 }, + { 1506632088156630, 2127481795522179, 513812919490255, 140643715928370, 442476620300318 }, + { 2056683376856736, 219094741662735, 2193541883188309, 1841182310235800, 556477468664293 } + }, + { + { 1315019427910827, 1049075855992603, 2066573052986543, 266904467185534, 2040482348591520 }, + { 94096246544434, 922482381166992, 24517828745563, 2139430508542503, 2097139044231004 }, + { 537697207950515, 1399352016347350, 1563663552106345, 2148749520888918, 549922092988516 } + }, + { + { 1747985413252434, 680511052635695, 1809559829982725, 594274250930054, 201673170745982 }, + { 323583936109569, 1973572998577657, 1192219029966558, 79354804385273, 1374043025560347 }, + { 213277331329947, 416202017849623, 1950535221091783, 1313441578103244, 2171386783823658 } + }, + { + { 189088804229831, 993969372859110, 895870121536987, 1547301535298256, 1477373024911350 }, + { 1620578418245010, 541035331188469, 2235785724453865, 2154865809088198, 1974627268751826 }, + { 1346805451740245, 1350981335690626, 942744349501813, 2155094562545502, 1012483751693409 } + }, + { + { 2107080134091762, 1132567062788208, 1824935377687210, 769194804343737, 1857941799971888 }, + { 1074666112436467, 249279386739593, 1174337926625354, 1559013532006480, 1472287775519121 }, + { 1872620123779532, 1892932666768992, 1921559078394978, 1270573311796160, 1438913646755037 } + }, + { + { 837390187648199, 1012253300223599, 989780015893987, 1351393287739814, 328627746545550 }, + { 1028328827183114, 1711043289969857, 1350832470374933, 1923164689604327, 1495656368846911 }, + { 1900828492104143, 430212361082163, 687437570852799, 832514536673512, 1685641495940794 } + }, + { + { 842632847936398, 605670026766216, 290836444839585, 163210774892356, 2213815011799645 }, + { 1176336383453996, 1725477294339771, 12700622672454, 678015708818208, 162724078519879 }, + { 1448049969043497, 1789411762943521, 385587766217753, 90201620913498, 832999441066823 } + }, + { + { 516086333293313, 2240508292484616, 1351669528166508, 1223255565316488, 750235824427138 }, + { 1263624896582495, 1102602401673328, 526302183714372, 2152015839128799, 1483839308490010 }, + { 442991718646863, 1599275157036458, 1925389027579192, 899514691371390, 350263251085160 } + } +}, +{ /* 28/31 */ + { + { 1689713572022143, 593854559254373, 978095044791970, 1985127338729499, 1676069120347625 }, + { 1557207018622683, 340631692799603, 1477725909476187, 614735951619419, 2033237123746766 }, + { 968764929340557, 1225534776710944, 662967304013036, 1155521416178595, 791142883466590 } + }, + { + { 1487081286167458, 993039441814934, 1792378982844640, 698652444999874, 2153908693179754 }, + { 1123181311102823, 685575944875442, 507605465509927, 1412590462117473, 568017325228626 }, + { 560258797465417, 2193971151466401, 1824086900849026, 579056363542056, 1690063960036441 } + }, + { + { 1918407319222416, 353767553059963, 1930426334528099, 1564816146005724, 1861342381708096 }, + { 2131325168777276, 1176636658428908, 1756922641512981, 1390243617176012, 1966325177038383 }, + { 2063958120364491, 2140267332393533, 699896251574968, 273268351312140, 375580724713232 } + }, + { + { 2024297515263178, 416959329722687, 1079014235017302, 171612225573183, 1031677520051053 }, + { 2033900009388450, 1744902869870788, 2190580087917640, 1949474984254121, 231049754293748 }, + { 343868674606581, 550155864008088, 1450580864229630, 481603765195050, 896972360018042 } + }, + { + { 2151139328380127, 314745882084928, 59756825775204, 1676664391494651, 2048348075599360 }, + { 1528930066340597, 1605003907059576, 1055061081337675, 1458319101947665, 1234195845213142 }, + { 830430507734812, 1780282976102377, 1425386760709037, 362399353095425, 2168861579799910 } + }, + { + { 1155762232730333, 980662895504006, 2053766700883521, 490966214077606, 510405877041357 }, + { 1683750316716132, 652278688286128, 1221798761193539, 1897360681476669, 319658166027343 }, + { 618808732869972, 72755186759744, 2060379135624181, 1730731526741822, 48862757828238 } + }, + { + { 1463171970593505, 1143040711767452, 614590986558883, 1409210575145591, 1882816996436803 }, + { 2230133264691131, 563950955091024, 2042915975426398, 827314356293472, 672028980152815 }, + { 264204366029760, 1654686424479449, 2185050199932931, 2207056159091748, 506015669043634 } + }, + { + { 1784446333136569, 1973746527984364, 334856327359575, 1156769775884610, 1023950124675478 }, + { 2065270940578383, 31477096270353, 306421879113491, 181958643936686, 1907105536686083 }, + { 1496516440779464, 1748485652986458, 872778352227340, 818358834654919, 97932669284220 } + } +}, +{ /* 29/31 */ + { + { 471636015770351, 672455402793577, 1804995246884103, 1842309243470804, 1501862504981682 }, + { 1013216974933691, 538921919682598, 1915776722521558, 1742822441583877, 1886550687916656 }, + { 2094270000643336, 303971879192276, 40801275554748, 649448917027930, 1818544418535447 } + }, + { + { 2241737709499165, 549397817447461, 838180519319392, 1725686958520781, 1705639080897747 }, + { 1216074541925116, 50120933933509, 1565829004133810, 721728156134580, 349206064666188 }, + { 948617110470858, 346222547451945, 1126511960599975, 1759386906004538, 493053284802266 } + }, + { + { 1454933046815146, 874696014266362, 1467170975468588, 1432316382418897, 2111710746366763 }, + { 2105387117364450, 1996463405126433, 1303008614294500, 851908115948209, 1353742049788635 }, + { 750300956351719, 1487736556065813, 15158817002104, 1511998221598392, 971739901354129 } + }, + { + { 1874648163531693, 2124487685930551, 1810030029384882, 918400043048335, 586348627300650 }, + { 1235084464747900, 1166111146432082, 1745394857881591, 1405516473883040, 4463504151617 }, + { 1663810156463827, 327797390285791, 1341846161759410, 1964121122800605, 1747470312055380 } + }, + { + { 660005247548233, 2071860029952887, 1358748199950107, 911703252219107, 1014379923023831 }, + { 2206641276178231, 1690587809721504, 1600173622825126, 2156096097634421, 1106822408548216 }, + { 1344788193552206, 1949552134239140, 1735915881729557, 675891104100469, 1834220014427292 } + }, + { + { 1920949492387964, 158885288387530, 70308263664033, 626038464897817, 1468081726101009 }, + { 622221042073383, 1210146474039168, 1742246422343683, 1403839361379025, 417189490895736 }, + { 22727256592983, 168471543384997, 1324340989803650, 1839310709638189, 504999476432775 } + }, + { + { 1313240518756327, 1721896294296942, 52263574587266, 2065069734239232, 804910473424630 }, + { 1337466662091884, 1287645354669772, 2018019646776184, 652181229374245, 898011753211715 }, + { 1969792547910734, 779969968247557, 2011350094423418, 1823964252907487, 1058949448296945 } + }, + { + { 207343737062002, 1118176942430253, 758894594548164, 806764629546266, 1157700123092949 }, + { 1273565321399022, 1638509681964574, 759235866488935, 666015124346707, 897983460943405 }, + { 1717263794012298, 1059601762860786, 1837819172257618, 1054130665797229, 680893204263559 } + } +}, +{ /* 30/31 */ + { + { 2237039662793603, 2249022333361206, 2058613546633703, 149454094845279, 2215176649164582 }, + { 79472182719605, 1851130257050174, 1825744808933107, 821667333481068, 781795293511946 }, + { 755822026485370, 152464789723500, 1178207602290608, 410307889503239, 156581253571278 } + }, + { + { 1418185496130297, 484520167728613, 1646737281442950, 1401487684670265, 1349185550126961 }, + { 1495380034400429, 325049476417173, 46346894893933, 1553408840354856, 828980101835683 }, + { 1280337889310282, 2070832742866672, 1640940617225222, 2098284908289951, 450929509534434 } + }, + { + { 407703353998781, 126572141483652, 286039827513621, 1999255076709338, 2030511179441770 }, + { 1254958221100483, 1153235960999843, 942907704968834, 637105404087392, 1149293270147267 }, + { 894249020470196, 400291701616810, 406878712230981, 1599128793487393, 1145868722604026 } + }, + { + { 1497955250203334, 110116344653260, 1128535642171976, 1900106496009660, 129792717460909 }, + { 452487513298665, 1352120549024569, 1173495883910956, 1999111705922009, 367328130454226 }, + { 1717539401269642, 1475188995688487, 891921989653942, 836824441505699, 1885988485608364 } + }, + { + { 1241784121422547, 187337051947583, 1118481812236193, 428747751936362, 30358898927325 }, + { 2022432361201842, 1088816090685051, 1977843398539868, 1854834215890724, 564238862029357 }, + { 938868489100585, 1100285072929025, 1017806255688848, 1957262154788833, 152787950560442 } + }, + { + { 867319417678923, 620471962942542, 226032203305716, 342001443957629, 1761675818237336 }, + { 1295072362439987, 931227904689414, 1355731432641687, 922235735834035, 892227229410209 }, + { 1680989767906154, 535362787031440, 2136691276706570, 1942228485381244, 1267350086882274 } + }, + { + { 366018233770527, 432660629755596, 126409707644535, 1973842949591662, 645627343442376 }, + { 535509430575217, 546885533737322, 1524675609547799, 2138095752851703, 1260738089896827 }, + { 1159906385590467, 2198530004321610, 714559485023225, 81880727882151, 1484020820037082 } + }, + { + { 1377485731340769, 2046328105512000, 1802058637158797, 62146136768173, 1356993908853901 }, + { 2013612215646735, 1830770575920375, 536135310219832, 609272325580394, 270684344495013 }, + { 1237542585982777, 2228682050256790, 1385281931622824, 593183794882890, 493654978552689 } + } +}, +{ /* 31/31 */ + { + { 47341488007760, 1891414891220257, 983894663308928, 176161768286818, 1126261115179708 }, + { 1694030170963455, 502038567066200, 1691160065225467, 949628319562187, 275110186693066 }, + { 1124515748676336, 1661673816593408, 1499640319059718, 1584929449166988, 558148594103306 } + }, + { + { 1784525599998356, 1619698033617383, 2097300287550715, 258265458103756, 1905684794832758 }, + { 1288941072872766, 931787902039402, 190731008859042, 2006859954667190, 1005931482221702 }, + { 1465551264822703, 152905080555927, 680334307368453, 173227184634745, 666407097159852 } + }, + { + { 2111017076203943, 1378760485794347, 1248583954016456, 1352289194864422, 1895180776543896 }, + { 171348223915638, 662766099800389, 462338943760497, 466917763340314, 656911292869115 }, + { 488623681976577, 866497561541722, 1708105560937768, 1673781214218839, 1506146329818807 } + }, + { + { 160425464456957, 950394373239689, 430497123340934, 711676555398832, 320964687779005 }, + { 988979367990485, 1359729327576302, 1301834257246029, 294141160829308, 29348272277475 }, + { 1434382743317910, 100082049942065, 221102347892623, 186982837860588, 1305765053501834 } + }, + { + { 2205916462268190, 499863829790820, 961960554686616, 158062762756985, 1841471168298305 }, + { 1191737341426592, 1847042034978363, 1382213545049056, 1039952395710448, 788812858896859 }, + { 1346965964571152, 1291881610839830, 2142916164336056, 786821641205979, 1571709146321039 } + }, + { + { 787164375951248, 202869205373189, 1356590421032140, 1431233331032510, 786341368775957 }, + { 492448143532951, 304105152670757, 1761767168301056, 233782684697790, 1981295323106089 }, + { 665807507761866, 1343384868355425, 895831046139653, 439338948736892, 1986828765695105 } + }, + { + { 756096210874553, 1721699973539149, 258765301727885, 1390588532210645, 1212530909934781 }, + { 852891097972275, 1816988871354562, 1543772755726524, 1174710635522444, 202129090724628 }, + { 1205281565824323, 22430498399418, 992947814485516, 1392458699738672, 688441466734558 } + }, + { + { 1050627428414972, 1955849529137135, 2171162376368357, 91745868298214, 447733118757826 }, + { 1287181461435438, 622722465530711, 880952150571872, 741035693459198, 311565274989772 }, + { 1003649078149734, 545233927396469, 1849786171789880, 1318943684880434, 280345687170552 } + } +} diff --git a/sodium/sodium_fe_51_base2.h b/sodium/sodium_fe_51_base2.h new file mode 100644 index 00000000..d0882416 --- /dev/null +++ b/sodium/sodium_fe_51_base2.h @@ -0,0 +1,40 @@ +{ + { 1288382639258501, 245678601348599, 269427782077623, 1462984067271730, 137412439391563 }, + { 62697248952638, 204681361388450, 631292143396476, 338455783676468, 1213667448819585 }, + { 301289933810280, 1259582250014073, 1422107436869536, 796239922652654, 1953934009299142 } +}, +{ + { 1601611775252272, 1720807796594148, 1132070835939856, 1260455018889551, 2147779492816911 }, + { 316559037616741, 2177824224946892, 1459442586438991, 1461528397712656, 751590696113597 }, + { 1850748884277385, 1200145853858453, 1068094770532492, 672251375690438, 1586055907191707 } +}, +{ + { 769950342298419, 132954430919746, 844085933195555, 974092374476333, 726076285546016 }, + { 425251763115706, 608463272472562, 442562545713235, 837766094556764, 374555092627893 }, + { 1086255230780037, 274979815921559, 1960002765731872, 929474102396301, 1190409889297339 } +}, +{ + { 665000864555967, 2065379846933859, 370231110385876, 350988370788628, 1233371373142985 }, + { 2019367628972465, 676711900706637, 110710997811333, 1108646842542025, 517791959672113 }, + { 965130719900578, 247011430587952, 526356006571389, 91986625355052, 2157223321444601 } +}, +{ + { 1802695059465007, 1664899123557221, 593559490740857, 2160434469266659, 927570450755031 }, + { 1725674970513508, 1933645953859181, 1542344539275782, 1767788773573747, 1297447965928905 }, + { 1381809363726107, 1430341051343062, 2061843536018959, 1551778050872521, 2036394857967624 } +}, +{ + { 1970894096313054, 528066325833207, 1619374932191227, 2207306624415883, 1169170329061080 }, + { 2070390218572616, 1458919061857835, 624171843017421, 1055332792707765, 433987520732508 }, + { 893653801273833, 1168026499324677, 1242553501121234, 1306366254304474, 1086752658510815 } +}, +{ + { 213454002618221, 939771523987438, 1159882208056014, 317388369627517, 621213314200687 }, + { 1971678598905747, 338026507889165, 762398079972271, 655096486107477, 42299032696322 }, + { 177130678690680, 1754759263300204, 1864311296286618, 1180675631479880, 1292726903152791 } +}, +{ + { 1913163449625248, 460779200291993, 2193883288642314, 1008900146920800, 1721983679009502 }, + { 1070401523076875, 1272492007800961, 1910153608563310, 2075579521696771, 1191169788841221 }, + { 692896803108118, 500174642072499, 2068223309439677, 1162190621851337, 1426986007309901 } +} diff --git a/sodium/sodium_fe_51_constants.h b/sodium/sodium_fe_51_constants.h new file mode 100644 index 00000000..53b75c6b --- /dev/null +++ b/sodium/sodium_fe_51_constants.h @@ -0,0 +1,21 @@ +/* 37095705934669439343138083508754565189542113879843219016388785533085940283555 */ +static const fe25519 d = { + 929955233495203, 466365720129213, 1662059464998953, 2033849074728123, 1442794654840575 +}; + +/* 2 * d = + * 16295367250680780974490674513165176452449235426866156013048779062215315747161 + */ +static const fe25519 d2 = { + 1859910466990425, 932731440258426, 1072319116312658, 1815898335770999, 633789495995903 +}; + +/* sqrt(-1) */ +static const fe25519 sqrtm1 = { + 1718705420411056, 234908883556509, 2233514472574048, 2117202627021982, 765476049583133 +}; + +/* A = 486662 */ +static const fe25519 curve25519_A = { + 486662, 0, 0, 0, 0 +}; diff --git a/sodium/sodium_fe_51_fe.h b/sodium/sodium_fe_51_fe.h new file mode 100644 index 00000000..de876264 --- /dev/null +++ b/sodium/sodium_fe_51_fe.h @@ -0,0 +1,116 @@ +/* + Ignores top bit of h. + */ + +void +fe25519_frombytes(fe25519 h, const unsigned char *s) +{ + const uint64_t mask = 0x7ffffffffffffULL; + uint64_t h0, h1, h2, h3, h4; + + h0 = (LOAD64_LE(s ) ) & mask; + h1 = (LOAD64_LE(s + 6) >> 3) & mask; + h2 = (LOAD64_LE(s + 12) >> 6) & mask; + h3 = (LOAD64_LE(s + 19) >> 1) & mask; + h4 = (LOAD64_LE(s + 24) >> 12) & mask; + + h[0] = h0; + h[1] = h1; + h[2] = h2; + h[3] = h3; + h[4] = h4; +} + +static void +fe25519_reduce(fe25519 h, const fe25519 f) +{ + const uint64_t mask = 0x7ffffffffffffULL; + uint128_t t[5]; + + t[0] = f[0]; + t[1] = f[1]; + t[2] = f[2]; + t[3] = f[3]; + t[4] = f[4]; + + t[1] += t[0] >> 51; + t[0] &= mask; + t[2] += t[1] >> 51; + t[1] &= mask; + t[3] += t[2] >> 51; + t[2] &= mask; + t[4] += t[3] >> 51; + t[3] &= mask; + t[0] += 19 * (t[4] >> 51); + t[4] &= mask; + + t[1] += t[0] >> 51; + t[0] &= mask; + t[2] += t[1] >> 51; + t[1] &= mask; + t[3] += t[2] >> 51; + t[2] &= mask; + t[4] += t[3] >> 51; + t[3] &= mask; + t[0] += 19 * (t[4] >> 51); + t[4] &= mask; + + /* now t is between 0 and 2^255-1, properly carried. */ + /* case 1: between 0 and 2^255-20. case 2: between 2^255-19 and 2^255-1. */ + + t[0] += 19ULL; + + t[1] += t[0] >> 51; + t[0] &= mask; + t[2] += t[1] >> 51; + t[1] &= mask; + t[3] += t[2] >> 51; + t[2] &= mask; + t[4] += t[3] >> 51; + t[3] &= mask; + t[0] += 19ULL * (t[4] >> 51); + t[4] &= mask; + + /* now between 19 and 2^255-1 in both cases, and offset by 19. */ + + t[0] += 0x8000000000000 - 19ULL; + t[1] += 0x8000000000000 - 1ULL; + t[2] += 0x8000000000000 - 1ULL; + t[3] += 0x8000000000000 - 1ULL; + t[4] += 0x8000000000000 - 1ULL; + + /* now between 2^255 and 2^256-20, and offset by 2^255. */ + + t[1] += t[0] >> 51; + t[0] &= mask; + t[2] += t[1] >> 51; + t[1] &= mask; + t[3] += t[2] >> 51; + t[2] &= mask; + t[4] += t[3] >> 51; + t[3] &= mask; + t[4] &= mask; + + h[0] = t[0]; + h[1] = t[1]; + h[2] = t[2]; + h[3] = t[3]; + h[4] = t[4]; +} + +void +fe25519_tobytes(unsigned char *s, const fe25519 h) +{ + fe25519 t; + uint64_t t0, t1, t2, t3; + + fe25519_reduce(t, h); + t0 = t[0] | (t[1] << 51); + t1 = (t[1] >> 13) | (t[2] << 38); + t2 = (t[2] >> 26) | (t[3] << 25); + t3 = (t[3] >> 39) | (t[4] << 12); + STORE64_LE(s + 0, t0); + STORE64_LE(s + 8, t1); + STORE64_LE(s + 16, t2); + STORE64_LE(s + 24, t3); +} diff --git a/sodium/sodium_generichash_blake2.c b/sodium/sodium_generichash_blake2.c new file mode 100644 index 00000000..a59592ec --- /dev/null +++ b/sodium/sodium_generichash_blake2.c @@ -0,0 +1,55 @@ +#include "sodium_crypto_generichash_blake2b.h" +#include "sodium_randombytes.h" + +size_t +crypto_generichash_blake2b_bytes_min(void) { + return crypto_generichash_blake2b_BYTES_MIN; +} + +size_t +crypto_generichash_blake2b_bytes_max(void) { + return crypto_generichash_blake2b_BYTES_MAX; +} + +size_t +crypto_generichash_blake2b_bytes(void) { + return crypto_generichash_blake2b_BYTES; +} + +size_t +crypto_generichash_blake2b_keybytes_min(void) { + return crypto_generichash_blake2b_KEYBYTES_MIN; +} + +size_t +crypto_generichash_blake2b_keybytes_max(void) { + return crypto_generichash_blake2b_KEYBYTES_MAX; +} + +size_t +crypto_generichash_blake2b_keybytes(void) { + return crypto_generichash_blake2b_KEYBYTES; +} + +size_t +crypto_generichash_blake2b_saltbytes(void) { + return crypto_generichash_blake2b_SALTBYTES; +} + +size_t +crypto_generichash_blake2b_personalbytes(void) { + return crypto_generichash_blake2b_PERSONALBYTES; +} + +size_t +crypto_generichash_blake2b_statebytes(void) +{ + return (sizeof(crypto_generichash_blake2b_state) + (size_t) 63U) + & ~(size_t) 63U; +} + +void +crypto_generichash_blake2b_keygen(unsigned char k[crypto_generichash_blake2b_KEYBYTES]) +{ + randombytes_buf(k, crypto_generichash_blake2b_KEYBYTES); +} diff --git a/sodium/sodium_generichash_blake2b.c b/sodium/sodium_generichash_blake2b.c new file mode 100644 index 00000000..a0949974 --- /dev/null +++ b/sodium/sodium_generichash_blake2b.c @@ -0,0 +1,117 @@ + +#include +#include +#include + +#include "sodium_blake2.h" +#include "sodium_crypto_generichash_blake2b.h" +#include "sodium_private_common.h" +#include "sodium_private_implementations.h" +#include + +int +crypto_generichash_blake2b(unsigned char *out, size_t outlen, + const unsigned char *in, unsigned long long inlen, + const unsigned char *key, size_t keylen) +{ + if (outlen <= 0U || outlen > BLAKE2B_OUTBYTES || + keylen > BLAKE2B_KEYBYTES || inlen > UINT64_MAX) { + return -1; + } + assert(outlen <= UINT8_MAX); + assert(keylen <= UINT8_MAX); + + return blake2b((uint8_t *) out, in, key, (uint8_t) outlen, (uint64_t) inlen, + (uint8_t) keylen); +} + +int +crypto_generichash_blake2b_salt_personal( + unsigned char *out, size_t outlen, const unsigned char *in, + unsigned long long inlen, const unsigned char *key, size_t keylen, + const unsigned char *salt, const unsigned char *personal) +{ + if (outlen <= 0U || outlen > BLAKE2B_OUTBYTES || + keylen > BLAKE2B_KEYBYTES || inlen > UINT64_MAX) { + return -1; + } + assert(outlen <= UINT8_MAX); + assert(keylen <= UINT8_MAX); + + return blake2b_salt_personal((uint8_t *) out, in, key, (uint8_t) outlen, + (uint64_t) inlen, (uint8_t) keylen, salt, + personal); +} + +int +crypto_generichash_blake2b_init(crypto_generichash_blake2b_state *state, + const unsigned char *key, const size_t keylen, + const size_t outlen) +{ + if (outlen <= 0U || outlen > BLAKE2B_OUTBYTES || + keylen > BLAKE2B_KEYBYTES) { + return -1; + } + assert(outlen <= UINT8_MAX); + assert(keylen <= UINT8_MAX); + COMPILER_ASSERT(sizeof(blake2b_state) <= sizeof *state); + if (key == NULL || keylen <= 0U) { + if (blake2b_init((blake2b_state *) (void *) state, (uint8_t) outlen) != 0) { + return -1; /* LCOV_EXCL_LINE */ + } + } else if (blake2b_init_key((blake2b_state *) (void *) state, (uint8_t) outlen, key, + (uint8_t) keylen) != 0) { + return -1; /* LCOV_EXCL_LINE */ + } + return 0; +} + +int +crypto_generichash_blake2b_init_salt_personal( + crypto_generichash_blake2b_state *state, const unsigned char *key, + const size_t keylen, const size_t outlen, const unsigned char *salt, + const unsigned char *personal) +{ + if (outlen <= 0U || outlen > BLAKE2B_OUTBYTES || + keylen > BLAKE2B_KEYBYTES) { + return -1; + } + assert(outlen <= UINT8_MAX); + assert(keylen <= UINT8_MAX); + if (key == NULL || keylen <= 0U) { + if (blake2b_init_salt_personal((blake2b_state *) (void *) state, + (uint8_t) outlen, salt, personal) != 0) { + return -1; /* LCOV_EXCL_LINE */ + } + } else if (blake2b_init_key_salt_personal((blake2b_state *) (void *) state, + (uint8_t) outlen, key, + (uint8_t) keylen, salt, + personal) != 0) { + return -1; /* LCOV_EXCL_LINE */ + } + return 0; +} + +int +crypto_generichash_blake2b_update(crypto_generichash_blake2b_state *state, + const unsigned char *in, + unsigned long long inlen) +{ + return blake2b_update((blake2b_state *) (void *) state, + (const uint8_t *) in, (uint64_t) inlen); +} + +int +crypto_generichash_blake2b_final(crypto_generichash_blake2b_state *state, + unsigned char *out, const size_t outlen) +{ + assert(outlen <= UINT8_MAX); + return blake2b_final((blake2b_state *) (void *) state, + (uint8_t *) out, (uint8_t) outlen); +} + +int +_crypto_generichash_blake2b_pick_best_implementation(void) +{ + return blake2b_pick_best_implementation(); +} diff --git a/sodium/sodium_hash_sha512.c b/sodium/sodium_hash_sha512.c new file mode 100644 index 00000000..7fb9a06c --- /dev/null +++ b/sodium/sodium_hash_sha512.c @@ -0,0 +1,13 @@ +#include "sodium_crypto_hash_sha512.h" + +size_t +crypto_hash_sha512_bytes(void) +{ + return crypto_hash_sha512_BYTES; +} + +size_t +crypto_hash_sha512_statebytes(void) +{ + return sizeof(crypto_hash_sha512_state); +} diff --git a/sodium/sodium_hash_sha512_cp.c b/sodium/sodium_hash_sha512_cp.c new file mode 100644 index 00000000..3ae32812 --- /dev/null +++ b/sodium/sodium_hash_sha512_cp.c @@ -0,0 +1,282 @@ + +/*- + * Copyright 2005,2007,2009 Colin Percival + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + */ + +#include +#include +#include +#include + +#include + +#include "sodium_crypto_hash_sha512.h" +#include "sodium_private_common.h" +#include "sodium_utils.h" + +static void +be64enc_vect(unsigned char *dst, const uint64_t *src, size_t len) +{ + size_t i; + + for (i = 0; i < len / 8; i++) { + STORE64_BE(dst + i * 8, src[i]); + } +} + +static void +be64dec_vect(uint64_t *dst, const unsigned char *src, size_t len) +{ + size_t i; + + for (i = 0; i < len / 8; i++) { + dst[i] = LOAD64_BE(src + i * 8); + } +} + +static const uint64_t Krnd[80] = { + 0x428a2f98d728ae22ULL, 0x7137449123ef65cdULL, 0xb5c0fbcfec4d3b2fULL, + 0xe9b5dba58189dbbcULL, 0x3956c25bf348b538ULL, 0x59f111f1b605d019ULL, + 0x923f82a4af194f9bULL, 0xab1c5ed5da6d8118ULL, 0xd807aa98a3030242ULL, + 0x12835b0145706fbeULL, 0x243185be4ee4b28cULL, 0x550c7dc3d5ffb4e2ULL, + 0x72be5d74f27b896fULL, 0x80deb1fe3b1696b1ULL, 0x9bdc06a725c71235ULL, + 0xc19bf174cf692694ULL, 0xe49b69c19ef14ad2ULL, 0xefbe4786384f25e3ULL, + 0x0fc19dc68b8cd5b5ULL, 0x240ca1cc77ac9c65ULL, 0x2de92c6f592b0275ULL, + 0x4a7484aa6ea6e483ULL, 0x5cb0a9dcbd41fbd4ULL, 0x76f988da831153b5ULL, + 0x983e5152ee66dfabULL, 0xa831c66d2db43210ULL, 0xb00327c898fb213fULL, + 0xbf597fc7beef0ee4ULL, 0xc6e00bf33da88fc2ULL, 0xd5a79147930aa725ULL, + 0x06ca6351e003826fULL, 0x142929670a0e6e70ULL, 0x27b70a8546d22ffcULL, + 0x2e1b21385c26c926ULL, 0x4d2c6dfc5ac42aedULL, 0x53380d139d95b3dfULL, + 0x650a73548baf63deULL, 0x766a0abb3c77b2a8ULL, 0x81c2c92e47edaee6ULL, + 0x92722c851482353bULL, 0xa2bfe8a14cf10364ULL, 0xa81a664bbc423001ULL, + 0xc24b8b70d0f89791ULL, 0xc76c51a30654be30ULL, 0xd192e819d6ef5218ULL, + 0xd69906245565a910ULL, 0xf40e35855771202aULL, 0x106aa07032bbd1b8ULL, + 0x19a4c116b8d2d0c8ULL, 0x1e376c085141ab53ULL, 0x2748774cdf8eeb99ULL, + 0x34b0bcb5e19b48a8ULL, 0x391c0cb3c5c95a63ULL, 0x4ed8aa4ae3418acbULL, + 0x5b9cca4f7763e373ULL, 0x682e6ff3d6b2b8a3ULL, 0x748f82ee5defb2fcULL, + 0x78a5636f43172f60ULL, 0x84c87814a1f0ab72ULL, 0x8cc702081a6439ecULL, + 0x90befffa23631e28ULL, 0xa4506cebde82bde9ULL, 0xbef9a3f7b2c67915ULL, + 0xc67178f2e372532bULL, 0xca273eceea26619cULL, 0xd186b8c721c0c207ULL, + 0xeada7dd6cde0eb1eULL, 0xf57d4f7fee6ed178ULL, 0x06f067aa72176fbaULL, + 0x0a637dc5a2c898a6ULL, 0x113f9804bef90daeULL, 0x1b710b35131c471bULL, + 0x28db77f523047d84ULL, 0x32caab7b40c72493ULL, 0x3c9ebe0a15c9bebcULL, + 0x431d67c49c100d4cULL, 0x4cc5d4becb3e42b6ULL, 0x597f299cfc657e2aULL, + 0x5fcb6fab3ad6faecULL, 0x6c44198c4a475817ULL +}; + +#define Ch(x, y, z) ((x & (y ^ z)) ^ z) +#define Maj(x, y, z) ((x & (y | z)) | (y & z)) +#define SHR(x, n) (x >> n) +#define ROTR(x, n) ROTR64(x, n) +#define S0(x) (ROTR(x, 28) ^ ROTR(x, 34) ^ ROTR(x, 39)) +#define S1(x) (ROTR(x, 14) ^ ROTR(x, 18) ^ ROTR(x, 41)) +#define s0(x) (ROTR(x, 1) ^ ROTR(x, 8) ^ SHR(x, 7)) +#define s1(x) (ROTR(x, 19) ^ ROTR(x, 61) ^ SHR(x, 6)) + +#define RND(a, b, c, d, e, f, g, h, k) \ + h += S1(e) + Ch(e, f, g) + k; \ + d += h; \ + h += S0(a) + Maj(a, b, c); + +#define RNDr(S, W, i, ii) \ + RND(S[(80 - i) % 8], S[(81 - i) % 8], S[(82 - i) % 8], S[(83 - i) % 8], \ + S[(84 - i) % 8], S[(85 - i) % 8], S[(86 - i) % 8], S[(87 - i) % 8], \ + W[i + ii] + Krnd[i + ii]) + +#define MSCH(W, ii, i) \ + W[i + ii + 16] = \ + s1(W[i + ii + 14]) + W[i + ii + 9] + s0(W[i + ii + 1]) + W[i + ii] + +static void +SHA512_Transform(uint64_t *state, const uint8_t block[128], uint64_t W[80], + uint64_t S[8]) +{ + int i; + + be64dec_vect(W, block, 128); + memcpy(S, state, 64); + for (i = 0; i < 80; i += 16) { + RNDr(S, W, 0, i); + RNDr(S, W, 1, i); + RNDr(S, W, 2, i); + RNDr(S, W, 3, i); + RNDr(S, W, 4, i); + RNDr(S, W, 5, i); + RNDr(S, W, 6, i); + RNDr(S, W, 7, i); + RNDr(S, W, 8, i); + RNDr(S, W, 9, i); + RNDr(S, W, 10, i); + RNDr(S, W, 11, i); + RNDr(S, W, 12, i); + RNDr(S, W, 13, i); + RNDr(S, W, 14, i); + RNDr(S, W, 15, i); + if (i == 64) { + break; + } + MSCH(W, 0, i); + MSCH(W, 1, i); + MSCH(W, 2, i); + MSCH(W, 3, i); + MSCH(W, 4, i); + MSCH(W, 5, i); + MSCH(W, 6, i); + MSCH(W, 7, i); + MSCH(W, 8, i); + MSCH(W, 9, i); + MSCH(W, 10, i); + MSCH(W, 11, i); + MSCH(W, 12, i); + MSCH(W, 13, i); + MSCH(W, 14, i); + MSCH(W, 15, i); + } + for (i = 0; i < 8; i++) { + state[i] += S[i]; + } +} + +static const uint8_t PAD[128] = { + 0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 +}; + +static void +SHA512_Pad(crypto_hash_sha512_state *state, uint64_t tmp64[80 + 8]) +{ + unsigned int r; + unsigned int i; + + r = (unsigned int) ((state->count[1] >> 3) & 0x7f); + if (r < 112) { + for (i = 0; i < 112 - r; i++) { + state->buf[r + i] = PAD[i]; + } + } else { + for (i = 0; i < 128 - r; i++) { + state->buf[r + i] = PAD[i]; + } + SHA512_Transform(state->state, state->buf, &tmp64[0], &tmp64[80]); + memset(&state->buf[0], 0, 112); + } + be64enc_vect(&state->buf[112], state->count, 16); + SHA512_Transform(state->state, state->buf, &tmp64[0], &tmp64[80]); +} + +int +crypto_hash_sha512_init(crypto_hash_sha512_state *state) +{ + static const uint64_t sha512_initial_state[8] = { + 0x6a09e667f3bcc908ULL, 0xbb67ae8584caa73bULL, 0x3c6ef372fe94f82bULL, + 0xa54ff53a5f1d36f1ULL, 0x510e527fade682d1ULL, 0x9b05688c2b3e6c1fULL, + 0x1f83d9abfb41bd6bULL, 0x5be0cd19137e2179ULL + }; + + state->count[0] = state->count[1] = (uint64_t) 0U; + memcpy(state->state, sha512_initial_state, sizeof sha512_initial_state); + + return 0; +} + +int +crypto_hash_sha512_update(crypto_hash_sha512_state *state, + const unsigned char *in, unsigned long long inlen) +{ + uint64_t tmp64[80 + 8]; + uint64_t bitlen[2]; + unsigned long long i; + unsigned long long r; + + if (inlen <= 0U) { + return 0; + } + r = (unsigned long long) ((state->count[1] >> 3) & 0x7f); + + bitlen[1] = ((uint64_t) inlen) << 3; + bitlen[0] = ((uint64_t) inlen) >> 61; + /* LCOV_EXCL_START */ + if ((state->count[1] += bitlen[1]) < bitlen[1]) { + state->count[0]++; + } + /* LCOV_EXCL_STOP */ + state->count[0] += bitlen[0]; + if (inlen < 128 - r) { + for (i = 0; i < inlen; i++) { + state->buf[r + i] = in[i]; + } + return 0; + } + for (i = 0; i < 128 - r; i++) { + state->buf[r + i] = in[i]; + } + SHA512_Transform(state->state, state->buf, &tmp64[0], &tmp64[80]); + in += 128 - r; + inlen -= 128 - r; + + while (inlen >= 128) { + SHA512_Transform(state->state, in, &tmp64[0], &tmp64[80]); + in += 128; + inlen -= 128; + } + inlen &= 127; + for (i = 0; i < inlen; i++) { + state->buf[i] = in[i]; + } + sodium_memzero((void *) tmp64, sizeof tmp64); + + return 0; +} + +int +crypto_hash_sha512_final(crypto_hash_sha512_state *state, unsigned char *out) +{ + uint64_t tmp64[80 + 8]; + + SHA512_Pad(state, tmp64); + be64enc_vect(out, state->state, 64); + sodium_memzero((void *) tmp64, sizeof tmp64); + sodium_memzero((void *) state, sizeof *state); + + return 0; +} + +int +crypto_hash_sha512(unsigned char *out, const unsigned char *in, + unsigned long long inlen) +{ + crypto_hash_sha512_state state; + + crypto_hash_sha512_init(&state); + crypto_hash_sha512_update(&state, in, inlen); + crypto_hash_sha512_final(&state, out); + + return 0; +} diff --git a/sodium/sodium_onetimeauth_poly1305.c b/sodium/sodium_onetimeauth_poly1305.c new file mode 100644 index 00000000..18bfc0f6 --- /dev/null +++ b/sodium/sodium_onetimeauth_poly1305.c @@ -0,0 +1,97 @@ + +#include "sodium_onetimeauth_poly1305.h" +#include "sodium_crypto_onetimeauth_poly1305.h" +#include "sodium_private_common.h" +#include "sodium_private_implementations.h" +#include "sodium_randombytes.h" +#include "sodium_runtime.h" + +#include "sodium_poly1305_donna.h" +#if defined(HAVE_TI_MODE) && defined(HAVE_EMMINTRIN_H) +# include "sodium_poly1305-sse2.h" +#endif + +static const crypto_onetimeauth_poly1305_implementation *implementation = + &crypto_onetimeauth_poly1305_donna_implementation; + +int +crypto_onetimeauth_poly1305(unsigned char *out, const unsigned char *in, + unsigned long long inlen, const unsigned char *k) +{ + return implementation->onetimeauth(out, in, inlen, k); +} + +int +crypto_onetimeauth_poly1305_verify(const unsigned char *h, + const unsigned char *in, + unsigned long long inlen, + const unsigned char *k) +{ + return implementation->onetimeauth_verify(h, in, inlen, k); +} + +int +crypto_onetimeauth_poly1305_init(crypto_onetimeauth_poly1305_state *state, + const unsigned char *key) +{ + return implementation->onetimeauth_init(state, key); +} + +int +crypto_onetimeauth_poly1305_update(crypto_onetimeauth_poly1305_state *state, + const unsigned char *in, + unsigned long long inlen) +{ + return implementation->onetimeauth_update(state, in, inlen); +} + +int +crypto_onetimeauth_poly1305_final(crypto_onetimeauth_poly1305_state *state, + unsigned char *out) +{ + return implementation->onetimeauth_final(state, out); +} + +size_t +crypto_onetimeauth_poly1305_bytes(void) +{ + return crypto_onetimeauth_poly1305_BYTES; +} + +size_t +crypto_onetimeauth_poly1305_keybytes(void) +{ + return crypto_onetimeauth_poly1305_KEYBYTES; +} + +size_t +crypto_onetimeauth_poly1305_statebytes(void) +{ + return sizeof(crypto_onetimeauth_poly1305_state); +} + +void +crypto_onetimeauth_poly1305_keygen( + unsigned char k[crypto_onetimeauth_poly1305_KEYBYTES]) +{ + randombytes_buf(k, crypto_onetimeauth_poly1305_KEYBYTES); +} + +int +_crypto_onetimeauth_poly1305_pick_best_implementation(void) +{ + implementation = &crypto_onetimeauth_poly1305_donna_implementation; +#if defined(HAVE_TI_MODE) && defined(HAVE_EMMINTRIN_H) + if (sodium_runtime_has_sse2()) { + #if NETCODE_CRYPTO_LOGS + printf( "poly1305 -> sse3\n" ); + #endif // #if NETCODE_CRYPTO_LOGS + implementation = &crypto_onetimeauth_poly1305_sse2_implementation; + return 0; + } +#endif + #if NETCODE_CRYPTO_LOGS + printf( "poly1305 -> ref\n" ); + #endif // #if NETCODE_CRYPTO_LOGS + return 0; +} diff --git a/sodium/sodium_onetimeauth_poly1305.h b/sodium/sodium_onetimeauth_poly1305.h new file mode 100644 index 00000000..f914bad1 --- /dev/null +++ b/sodium/sodium_onetimeauth_poly1305.h @@ -0,0 +1,21 @@ + +#ifndef onetimeauth_poly1305_H +#define onetimeauth_poly1305_H + +#include "sodium_crypto_onetimeauth_poly1305.h" + +typedef struct crypto_onetimeauth_poly1305_implementation { + int (*onetimeauth)(unsigned char *out, const unsigned char *in, + unsigned long long inlen, const unsigned char *k); + int (*onetimeauth_verify)(const unsigned char *h, const unsigned char *in, + unsigned long long inlen, const unsigned char *k); + int (*onetimeauth_init)(crypto_onetimeauth_poly1305_state *state, + const unsigned char * key); + int (*onetimeauth_update)(crypto_onetimeauth_poly1305_state *state, + const unsigned char * in, + unsigned long long inlen); + int (*onetimeauth_final)(crypto_onetimeauth_poly1305_state *state, + unsigned char * out); +} crypto_onetimeauth_poly1305_implementation; + +#endif diff --git a/sodium/sodium_poly1305-sse2.c b/sodium/sodium_poly1305-sse2.c new file mode 100644 index 00000000..fe6efc05 --- /dev/null +++ b/sodium/sodium_poly1305-sse2.c @@ -0,0 +1,951 @@ + +#include +#include + +#include "sodium_onetimeauth_poly1305.h" +#include "sodium_crypto_verify_16.h" +#include "sodium_poly1305-sse2.h" +#include "sodium_private_common.h" +#include "sodium_private_sse2_64_32.h" +#include "sodium_utils.h" + +#if defined(HAVE_TI_MODE) && defined(HAVE_EMMINTRIN_H) + +# ifdef __GNUC__ +# pragma GCC target("sse2") +# endif + +# include + +typedef __m128i xmmi; + +# if defined(_MSC_VER) +# define POLY1305_NOINLINE __declspec(noinline) +# elif defined(__clang__) || defined(__GNUC__) +# define POLY1305_NOINLINE __attribute__((noinline)) +# else +# define POLY1305_NOINLINE +# endif + +# define poly1305_block_size 32 + +enum poly1305_state_flags_t { + poly1305_started = 1, + poly1305_final_shift8 = 4, + poly1305_final_shift16 = 8, + poly1305_final_r2_r = 16, /* use [r^2,r] for the final block */ + poly1305_final_r_1 = 32 /* use [r,1] for the final block */ +}; + +typedef struct poly1305_state_internal_t { + union { + uint64_t h[3]; + uint32_t hh[10]; + } H; /* 40 bytes */ + uint32_t R[5]; /* 20 bytes */ + uint32_t R2[5]; /* 20 bytes */ + uint32_t R4[5]; /* 20 bytes */ + uint64_t pad[2]; /* 16 bytes */ + uint64_t flags; /* 8 bytes */ + unsigned long long leftover; /* 8 bytes */ + unsigned char buffer[poly1305_block_size]; /* 32 bytes */ +} poly1305_state_internal_t; /* 164 bytes total */ + +/* + * _mm_loadl_epi64() is turned into a simple MOVQ. So, unaligned accesses are + * totally fine, even though this intrinsic requires a __m128i* input. + * This confuses dynamic analysis, so force alignment, only in debug mode. + */ +# ifdef DEBUG +static xmmi +_fakealign_mm_loadl_epi64(const void *m) +{ + xmmi tmp; + memcpy(&tmp, m, 8); + + return _mm_loadl_epi64(&tmp); +} +# define _mm_loadl_epi64(X) _fakealign_mm_loadl_epi64(X) +#endif + +/* copy 0-31 bytes */ +static inline void +poly1305_block_copy31(unsigned char *dst, const unsigned char *src, + unsigned long long bytes) +{ + if (bytes & 16) { + _mm_store_si128((xmmi *) (void *) dst, + _mm_loadu_si128((const xmmi *) (const void *) src)); + src += 16; + dst += 16; + } + if (bytes & 8) { + memcpy(dst, src, 8); + src += 8; + dst += 8; + } + if (bytes & 4) { + memcpy(dst, src, 4); + src += 4; + dst += 4; + } + if (bytes & 2) { + memcpy(dst, src, 2); + src += 2; + dst += 2; + } + if (bytes & 1) { + *dst = *src; + } +} + +static POLY1305_NOINLINE void +poly1305_init_ext(poly1305_state_internal_t *st, const unsigned char key[32], + unsigned long long bytes) +{ + uint32_t *R; + uint128_t d[3]; + uint64_t r0, r1, r2; + uint64_t rt0, rt1, rt2, st2, c; + uint64_t t0, t1; + unsigned long long i; + + if (!bytes) { + bytes = ~(unsigned long long) 0; + } + /* H = 0 */ + _mm_storeu_si128((xmmi *) (void *) &st->H.hh[0], _mm_setzero_si128()); + _mm_storeu_si128((xmmi *) (void *) &st->H.hh[4], _mm_setzero_si128()); + _mm_storeu_si128((xmmi *) (void *) &st->H.hh[8], _mm_setzero_si128()); + + /* clamp key */ + memcpy(&t0, key, 8); + memcpy(&t1, key + 8, 8); + r0 = t0 & 0xffc0fffffff; + t0 >>= 44; + t0 |= t1 << 20; + r1 = t0 & 0xfffffc0ffff; + t1 >>= 24; + r2 = t1 & 0x00ffffffc0f; + + /* r^1 */ + R = st->R; + R[0] = (uint32_t)(r0) &0x3ffffff; + R[1] = (uint32_t)((r0 >> 26) | (r1 << 18)) & 0x3ffffff; + R[2] = (uint32_t)((r1 >> 8)) & 0x3ffffff; + R[3] = (uint32_t)((r1 >> 34) | (r2 << 10)) & 0x3ffffff; + R[4] = (uint32_t)((r2 >> 16)); + + /* save pad */ + memcpy(&st->pad[0], key + 16, 8); + memcpy(&st->pad[1], key + 24, 8); + + rt0 = r0; + rt1 = r1; + rt2 = r2; + + /* r^2, r^4 */ + for (i = 0; i < 2; i++) { + if (i == 0) { + R = st->R2; + if (bytes <= 16) { + break; + } + } else if (i == 1) { + R = st->R4; + if (bytes < 96) { + break; + } + } + st2 = rt2 * (5 << 2); + + d[0] = ((uint128_t) rt0 * rt0) + ((uint128_t)(rt1 * 2) * st2); + d[1] = ((uint128_t) rt2 * st2) + ((uint128_t)(rt0 * 2) * rt1); + d[2] = ((uint128_t) rt1 * rt1) + ((uint128_t)(rt2 * 2) * rt0); + + rt0 = (uint64_t) d[0] & 0xfffffffffff; + c = (uint64_t)(d[0] >> 44); + d[1] += c; + + rt1 = (uint64_t) d[1] & 0xfffffffffff; + c = (uint64_t)(d[1] >> 44); + d[2] += c; + + rt2 = (uint64_t) d[2] & 0x3ffffffffff; + c = (uint64_t)(d[2] >> 42); + rt0 += c * 5; + c = (rt0 >> 44); + rt0 = rt0 & 0xfffffffffff; + rt1 += c; + c = (rt1 >> 44); + rt1 = rt1 & 0xfffffffffff; + rt2 += c; /* even if rt2 overflows, it will still fit in rp4 safely, and + is safe to multiply with */ + + R[0] = (uint32_t)(rt0) &0x3ffffff; + R[1] = (uint32_t)((rt0 >> 26) | (rt1 << 18)) & 0x3ffffff; + R[2] = (uint32_t)((rt1 >> 8)) & 0x3ffffff; + R[3] = (uint32_t)((rt1 >> 34) | (rt2 << 10)) & 0x3ffffff; + R[4] = (uint32_t)((rt2 >> 16)); + } + st->flags = 0; + st->leftover = 0U; +} + +static POLY1305_NOINLINE void +poly1305_blocks(poly1305_state_internal_t *st, const unsigned char *m, + unsigned long long bytes) +{ + CRYPTO_ALIGN(64) + xmmi HIBIT = + _mm_shuffle_epi32(_mm_cvtsi32_si128(1 << 24), _MM_SHUFFLE(1, 0, 1, 0)); + const xmmi MMASK = _mm_shuffle_epi32(_mm_cvtsi32_si128((1 << 26) - 1), + _MM_SHUFFLE(1, 0, 1, 0)); + const xmmi FIVE = + _mm_shuffle_epi32(_mm_cvtsi32_si128(5), _MM_SHUFFLE(1, 0, 1, 0)); + xmmi H0, H1, H2, H3, H4; + xmmi T0, T1, T2, T3, T4, T5, T6, T7, T8; + xmmi M0, M1, M2, M3, M4; + xmmi M5, M6, M7, M8; + xmmi C1, C2; + xmmi R20, R21, R22, R23, R24, S21, S22, S23, S24; + xmmi R40, R41, R42, R43, R44, S41, S42, S43, S44; + + if (st->flags & poly1305_final_shift8) { + HIBIT = _mm_srli_si128(HIBIT, 8); + } + if (st->flags & poly1305_final_shift16) { + HIBIT = _mm_setzero_si128(); + } + if (!(st->flags & poly1305_started)) { + /* H = [Mx,My] */ + T5 = _mm_unpacklo_epi64( + _mm_loadl_epi64((const xmmi *) (const void *) (m + 0)), + _mm_loadl_epi64((const xmmi *) (const void *) (m + 16))); + T6 = _mm_unpacklo_epi64( + _mm_loadl_epi64((const xmmi *) (const void *) (m + 8)), + _mm_loadl_epi64((const xmmi *) (const void *) (m + 24))); + H0 = _mm_and_si128(MMASK, T5); + H1 = _mm_and_si128(MMASK, _mm_srli_epi64(T5, 26)); + T5 = _mm_or_si128(_mm_srli_epi64(T5, 52), _mm_slli_epi64(T6, 12)); + H2 = _mm_and_si128(MMASK, T5); + H3 = _mm_and_si128(MMASK, _mm_srli_epi64(T5, 26)); + H4 = _mm_srli_epi64(T6, 40); + H4 = _mm_or_si128(H4, HIBIT); + m += 32; + bytes -= 32; + st->flags |= poly1305_started; + } else { + T0 = _mm_loadu_si128((const xmmi *) (const void *) &st->H.hh[0]); + T1 = _mm_loadu_si128((const xmmi *) (const void *) &st->H.hh[4]); + T2 = _mm_loadu_si128((const xmmi *) (const void *) &st->H.hh[8]); + H0 = _mm_shuffle_epi32(T0, _MM_SHUFFLE(1, 1, 0, 0)); + H1 = _mm_shuffle_epi32(T0, _MM_SHUFFLE(3, 3, 2, 2)); + H2 = _mm_shuffle_epi32(T1, _MM_SHUFFLE(1, 1, 0, 0)); + H3 = _mm_shuffle_epi32(T1, _MM_SHUFFLE(3, 3, 2, 2)); + H4 = _mm_shuffle_epi32(T2, _MM_SHUFFLE(1, 1, 0, 0)); + } + if (st->flags & (poly1305_final_r2_r | poly1305_final_r_1)) { + if (st->flags & poly1305_final_r2_r) { + /* use [r^2, r] */ + T2 = _mm_loadu_si128((const xmmi *) (const void *) &st->R[0]); + T3 = _mm_cvtsi32_si128(st->R[4]); + T0 = _mm_loadu_si128((const xmmi *) (const void *) &st->R2[0]); + T1 = _mm_cvtsi32_si128(st->R2[4]); + T4 = _mm_unpacklo_epi32(T0, T2); + T5 = _mm_unpackhi_epi32(T0, T2); + R24 = _mm_unpacklo_epi64(T1, T3); + } else { + /* use [r^1, 1] */ + T0 = _mm_loadu_si128((const xmmi *) (const void *) &st->R[0]); + T1 = _mm_cvtsi32_si128(st->R[4]); + T2 = _mm_cvtsi32_si128(1); + T4 = _mm_unpacklo_epi32(T0, T2); + T5 = _mm_unpackhi_epi32(T0, T2); + R24 = T1; + } + R20 = _mm_shuffle_epi32(T4, _MM_SHUFFLE(1, 1, 0, 0)); + R21 = _mm_shuffle_epi32(T4, _MM_SHUFFLE(3, 3, 2, 2)); + R22 = _mm_shuffle_epi32(T5, _MM_SHUFFLE(1, 1, 0, 0)); + R23 = _mm_shuffle_epi32(T5, _MM_SHUFFLE(3, 3, 2, 2)); + } else { + /* use [r^2, r^2] */ + T0 = _mm_loadu_si128((const xmmi *) (const void *) &st->R2[0]); + T1 = _mm_cvtsi32_si128(st->R2[4]); + R20 = _mm_shuffle_epi32(T0, _MM_SHUFFLE(0, 0, 0, 0)); + R21 = _mm_shuffle_epi32(T0, _MM_SHUFFLE(1, 1, 1, 1)); + R22 = _mm_shuffle_epi32(T0, _MM_SHUFFLE(2, 2, 2, 2)); + R23 = _mm_shuffle_epi32(T0, _MM_SHUFFLE(3, 3, 3, 3)); + R24 = _mm_shuffle_epi32(T1, _MM_SHUFFLE(0, 0, 0, 0)); + } + S21 = _mm_mul_epu32(R21, FIVE); + S22 = _mm_mul_epu32(R22, FIVE); + S23 = _mm_mul_epu32(R23, FIVE); + S24 = _mm_mul_epu32(R24, FIVE); + + if (bytes >= 64) { + T0 = _mm_loadu_si128((const xmmi *) (const void *) &st->R4[0]); + T1 = _mm_cvtsi32_si128(st->R4[4]); + R40 = _mm_shuffle_epi32(T0, _MM_SHUFFLE(0, 0, 0, 0)); + R41 = _mm_shuffle_epi32(T0, _MM_SHUFFLE(1, 1, 1, 1)); + R42 = _mm_shuffle_epi32(T0, _MM_SHUFFLE(2, 2, 2, 2)); + R43 = _mm_shuffle_epi32(T0, _MM_SHUFFLE(3, 3, 3, 3)); + R44 = _mm_shuffle_epi32(T1, _MM_SHUFFLE(0, 0, 0, 0)); + S41 = _mm_mul_epu32(R41, FIVE); + S42 = _mm_mul_epu32(R42, FIVE); + S43 = _mm_mul_epu32(R43, FIVE); + S44 = _mm_mul_epu32(R44, FIVE); + + while (bytes >= 64) { + xmmi v00, v01, v02, v03, v04; + xmmi v10, v11, v12, v13, v14; + xmmi v20, v21, v22, v23, v24; + xmmi v30, v31, v32, v33, v34; + xmmi v40, v41, v42, v43, v44; + xmmi T14, T15; + + /* H *= [r^4,r^4], preload [Mx,My] */ + T15 = S42; + T0 = H4; + T0 = _mm_mul_epu32(T0, S41); + v01 = H3; + v01 = _mm_mul_epu32(v01, T15); + T14 = S43; + T1 = H4; + T1 = _mm_mul_epu32(T1, T15); + v11 = H3; + v11 = _mm_mul_epu32(v11, T14); + T2 = H4; + T2 = _mm_mul_epu32(T2, T14); + T0 = _mm_add_epi64(T0, v01); + T15 = S44; + v02 = H2; + v02 = _mm_mul_epu32(v02, T14); + T3 = H4; + T3 = _mm_mul_epu32(T3, T15); + T1 = _mm_add_epi64(T1, v11); + v03 = H1; + v03 = _mm_mul_epu32(v03, T15); + v12 = H2; + v12 = _mm_mul_epu32(v12, T15); + T0 = _mm_add_epi64(T0, v02); + T14 = R40; + v21 = H3; + v21 = _mm_mul_epu32(v21, T15); + v31 = H3; + v31 = _mm_mul_epu32(v31, T14); + T0 = _mm_add_epi64(T0, v03); + T4 = H4; + T4 = _mm_mul_epu32(T4, T14); + T1 = _mm_add_epi64(T1, v12); + v04 = H0; + v04 = _mm_mul_epu32(v04, T14); + T2 = _mm_add_epi64(T2, v21); + v13 = H1; + v13 = _mm_mul_epu32(v13, T14); + T3 = _mm_add_epi64(T3, v31); + T15 = R41; + v22 = H2; + v22 = _mm_mul_epu32(v22, T14); + v32 = H2; + v32 = _mm_mul_epu32(v32, T15); + T0 = _mm_add_epi64(T0, v04); + v41 = H3; + v41 = _mm_mul_epu32(v41, T15); + T1 = _mm_add_epi64(T1, v13); + v14 = H0; + v14 = _mm_mul_epu32(v14, T15); + T2 = _mm_add_epi64(T2, v22); + T14 = R42; + T5 = _mm_unpacklo_epi64( + _mm_loadl_epi64((const xmmi *) (const void *) (m + 0)), + _mm_loadl_epi64((const xmmi *) (const void *) (m + 16))); + v23 = H1; + v23 = _mm_mul_epu32(v23, T15); + T3 = _mm_add_epi64(T3, v32); + v33 = H1; + v33 = _mm_mul_epu32(v33, T14); + T4 = _mm_add_epi64(T4, v41); + v42 = H2; + v42 = _mm_mul_epu32(v42, T14); + T1 = _mm_add_epi64(T1, v14); + T15 = R43; + T6 = _mm_unpacklo_epi64( + _mm_loadl_epi64((const xmmi *) (const void *) (m + 8)), + _mm_loadl_epi64((const xmmi *) (const void *) (m + 24))); + v24 = H0; + v24 = _mm_mul_epu32(v24, T14); + T2 = _mm_add_epi64(T2, v23); + v34 = H0; + v34 = _mm_mul_epu32(v34, T15); + T3 = _mm_add_epi64(T3, v33); + M0 = _mm_and_si128(MMASK, T5); + v43 = H1; + v43 = _mm_mul_epu32(v43, T15); + T4 = _mm_add_epi64(T4, v42); + M1 = _mm_and_si128(MMASK, _mm_srli_epi64(T5, 26)); + v44 = H0; + v44 = _mm_mul_epu32(v44, R44); + T2 = _mm_add_epi64(T2, v24); + T5 = _mm_or_si128(_mm_srli_epi64(T5, 52), _mm_slli_epi64(T6, 12)); + T3 = _mm_add_epi64(T3, v34); + M3 = _mm_and_si128(MMASK, _mm_srli_epi64(T6, 14)); + T4 = _mm_add_epi64(T4, v43); + M2 = _mm_and_si128(MMASK, T5); + T4 = _mm_add_epi64(T4, v44); + M4 = _mm_or_si128(_mm_srli_epi64(T6, 40), HIBIT); + + /* H += [Mx',My'] */ + T5 = _mm_loadu_si128((const xmmi *) (const void *) (m + 32)); + T6 = _mm_loadu_si128((const xmmi *) (const void *) (m + 48)); + T7 = _mm_unpacklo_epi32(T5, T6); + T8 = _mm_unpackhi_epi32(T5, T6); + M5 = _mm_unpacklo_epi32(T7, _mm_setzero_si128()); + M6 = _mm_unpackhi_epi32(T7, _mm_setzero_si128()); + M7 = _mm_unpacklo_epi32(T8, _mm_setzero_si128()); + M8 = _mm_unpackhi_epi32(T8, _mm_setzero_si128()); + M6 = _mm_slli_epi64(M6, 6); + M7 = _mm_slli_epi64(M7, 12); + M8 = _mm_slli_epi64(M8, 18); + T0 = _mm_add_epi64(T0, M5); + T1 = _mm_add_epi64(T1, M6); + T2 = _mm_add_epi64(T2, M7); + T3 = _mm_add_epi64(T3, M8); + T4 = _mm_add_epi64(T4, HIBIT); + + /* H += [Mx,My]*[r^2,r^2] */ + T15 = S22; + v00 = M4; + v00 = _mm_mul_epu32(v00, S21); + v01 = M3; + v01 = _mm_mul_epu32(v01, T15); + T14 = S23; + v10 = M4; + v10 = _mm_mul_epu32(v10, T15); + v11 = M3; + v11 = _mm_mul_epu32(v11, T14); + T0 = _mm_add_epi64(T0, v00); + v20 = M4; + v20 = _mm_mul_epu32(v20, T14); + T0 = _mm_add_epi64(T0, v01); + T15 = S24; + v02 = M2; + v02 = _mm_mul_epu32(v02, T14); + T1 = _mm_add_epi64(T1, v10); + v30 = M4; + v30 = _mm_mul_epu32(v30, T15); + T1 = _mm_add_epi64(T1, v11); + v03 = M1; + v03 = _mm_mul_epu32(v03, T15); + T2 = _mm_add_epi64(T2, v20); + v12 = M2; + v12 = _mm_mul_epu32(v12, T15); + T0 = _mm_add_epi64(T0, v02); + T14 = R20; + v21 = M3; + v21 = _mm_mul_epu32(v21, T15); + T3 = _mm_add_epi64(T3, v30); + v31 = M3; + v31 = _mm_mul_epu32(v31, T14); + T0 = _mm_add_epi64(T0, v03); + v40 = M4; + v40 = _mm_mul_epu32(v40, T14); + T1 = _mm_add_epi64(T1, v12); + v04 = M0; + v04 = _mm_mul_epu32(v04, T14); + T2 = _mm_add_epi64(T2, v21); + v13 = M1; + v13 = _mm_mul_epu32(v13, T14); + T3 = _mm_add_epi64(T3, v31); + T15 = R21; + v22 = M2; + v22 = _mm_mul_epu32(v22, T14); + T4 = _mm_add_epi64(T4, v40); + v32 = M2; + v32 = _mm_mul_epu32(v32, T15); + T0 = _mm_add_epi64(T0, v04); + v41 = M3; + v41 = _mm_mul_epu32(v41, T15); + T1 = _mm_add_epi64(T1, v13); + v14 = M0; + v14 = _mm_mul_epu32(v14, T15); + T2 = _mm_add_epi64(T2, v22); + T14 = R22; + v23 = M1; + v23 = _mm_mul_epu32(v23, T15); + T3 = _mm_add_epi64(T3, v32); + v33 = M1; + v33 = _mm_mul_epu32(v33, T14); + T4 = _mm_add_epi64(T4, v41); + v42 = M2; + v42 = _mm_mul_epu32(v42, T14); + T1 = _mm_add_epi64(T1, v14); + T15 = R23; + v24 = M0; + v24 = _mm_mul_epu32(v24, T14); + T2 = _mm_add_epi64(T2, v23); + v34 = M0; + v34 = _mm_mul_epu32(v34, T15); + T3 = _mm_add_epi64(T3, v33); + v43 = M1; + v43 = _mm_mul_epu32(v43, T15); + T4 = _mm_add_epi64(T4, v42); + v44 = M0; + v44 = _mm_mul_epu32(v44, R24); + T2 = _mm_add_epi64(T2, v24); + T3 = _mm_add_epi64(T3, v34); + T4 = _mm_add_epi64(T4, v43); + T4 = _mm_add_epi64(T4, v44); + + /* reduce */ + C1 = _mm_srli_epi64(T0, 26); + C2 = _mm_srli_epi64(T3, 26); + T0 = _mm_and_si128(T0, MMASK); + T3 = _mm_and_si128(T3, MMASK); + T1 = _mm_add_epi64(T1, C1); + T4 = _mm_add_epi64(T4, C2); + C1 = _mm_srli_epi64(T1, 26); + C2 = _mm_srli_epi64(T4, 26); + T1 = _mm_and_si128(T1, MMASK); + T4 = _mm_and_si128(T4, MMASK); + T2 = _mm_add_epi64(T2, C1); + T0 = _mm_add_epi64(T0, _mm_mul_epu32(C2, FIVE)); + C1 = _mm_srli_epi64(T2, 26); + C2 = _mm_srli_epi64(T0, 26); + T2 = _mm_and_si128(T2, MMASK); + T0 = _mm_and_si128(T0, MMASK); + T3 = _mm_add_epi64(T3, C1); + T1 = _mm_add_epi64(T1, C2); + C1 = _mm_srli_epi64(T3, 26); + T3 = _mm_and_si128(T3, MMASK); + T4 = _mm_add_epi64(T4, C1); + + /* Final: H = (H*[r^4,r^4] + [Mx,My]*[r^2,r^2] + [Mx',My']) */ + H0 = T0; + H1 = T1; + H2 = T2; + H3 = T3; + H4 = T4; + + m += 64; + bytes -= 64; + } + } + + if (bytes >= 32) { + xmmi v01, v02, v03, v04; + xmmi v11, v12, v13, v14; + xmmi v21, v22, v23, v24; + xmmi v31, v32, v33, v34; + xmmi v41, v42, v43, v44; + xmmi T14, T15; + + /* H *= [r^2,r^2] */ + T15 = S22; + T0 = H4; + T0 = _mm_mul_epu32(T0, S21); + v01 = H3; + v01 = _mm_mul_epu32(v01, T15); + T14 = S23; + T1 = H4; + T1 = _mm_mul_epu32(T1, T15); + v11 = H3; + v11 = _mm_mul_epu32(v11, T14); + T2 = H4; + T2 = _mm_mul_epu32(T2, T14); + T0 = _mm_add_epi64(T0, v01); + T15 = S24; + v02 = H2; + v02 = _mm_mul_epu32(v02, T14); + T3 = H4; + T3 = _mm_mul_epu32(T3, T15); + T1 = _mm_add_epi64(T1, v11); + v03 = H1; + v03 = _mm_mul_epu32(v03, T15); + v12 = H2; + v12 = _mm_mul_epu32(v12, T15); + T0 = _mm_add_epi64(T0, v02); + T14 = R20; + v21 = H3; + v21 = _mm_mul_epu32(v21, T15); + v31 = H3; + v31 = _mm_mul_epu32(v31, T14); + T0 = _mm_add_epi64(T0, v03); + T4 = H4; + T4 = _mm_mul_epu32(T4, T14); + T1 = _mm_add_epi64(T1, v12); + v04 = H0; + v04 = _mm_mul_epu32(v04, T14); + T2 = _mm_add_epi64(T2, v21); + v13 = H1; + v13 = _mm_mul_epu32(v13, T14); + T3 = _mm_add_epi64(T3, v31); + T15 = R21; + v22 = H2; + v22 = _mm_mul_epu32(v22, T14); + v32 = H2; + v32 = _mm_mul_epu32(v32, T15); + T0 = _mm_add_epi64(T0, v04); + v41 = H3; + v41 = _mm_mul_epu32(v41, T15); + T1 = _mm_add_epi64(T1, v13); + v14 = H0; + v14 = _mm_mul_epu32(v14, T15); + T2 = _mm_add_epi64(T2, v22); + T14 = R22; + v23 = H1; + v23 = _mm_mul_epu32(v23, T15); + T3 = _mm_add_epi64(T3, v32); + v33 = H1; + v33 = _mm_mul_epu32(v33, T14); + T4 = _mm_add_epi64(T4, v41); + v42 = H2; + v42 = _mm_mul_epu32(v42, T14); + T1 = _mm_add_epi64(T1, v14); + T15 = R23; + v24 = H0; + v24 = _mm_mul_epu32(v24, T14); + T2 = _mm_add_epi64(T2, v23); + v34 = H0; + v34 = _mm_mul_epu32(v34, T15); + T3 = _mm_add_epi64(T3, v33); + v43 = H1; + v43 = _mm_mul_epu32(v43, T15); + T4 = _mm_add_epi64(T4, v42); + v44 = H0; + v44 = _mm_mul_epu32(v44, R24); + T2 = _mm_add_epi64(T2, v24); + T3 = _mm_add_epi64(T3, v34); + T4 = _mm_add_epi64(T4, v43); + T4 = _mm_add_epi64(T4, v44); + + /* H += [Mx,My] */ + if (m) { + T5 = _mm_loadu_si128((const xmmi *) (const void *) (m + 0)); + T6 = _mm_loadu_si128((const xmmi *) (const void *) (m + 16)); + T7 = _mm_unpacklo_epi32(T5, T6); + T8 = _mm_unpackhi_epi32(T5, T6); + M0 = _mm_unpacklo_epi32(T7, _mm_setzero_si128()); + M1 = _mm_unpackhi_epi32(T7, _mm_setzero_si128()); + M2 = _mm_unpacklo_epi32(T8, _mm_setzero_si128()); + M3 = _mm_unpackhi_epi32(T8, _mm_setzero_si128()); + M1 = _mm_slli_epi64(M1, 6); + M2 = _mm_slli_epi64(M2, 12); + M3 = _mm_slli_epi64(M3, 18); + T0 = _mm_add_epi64(T0, M0); + T1 = _mm_add_epi64(T1, M1); + T2 = _mm_add_epi64(T2, M2); + T3 = _mm_add_epi64(T3, M3); + T4 = _mm_add_epi64(T4, HIBIT); + } + + /* reduce */ + C1 = _mm_srli_epi64(T0, 26); + C2 = _mm_srli_epi64(T3, 26); + T0 = _mm_and_si128(T0, MMASK); + T3 = _mm_and_si128(T3, MMASK); + T1 = _mm_add_epi64(T1, C1); + T4 = _mm_add_epi64(T4, C2); + C1 = _mm_srli_epi64(T1, 26); + C2 = _mm_srli_epi64(T4, 26); + T1 = _mm_and_si128(T1, MMASK); + T4 = _mm_and_si128(T4, MMASK); + T2 = _mm_add_epi64(T2, C1); + T0 = _mm_add_epi64(T0, _mm_mul_epu32(C2, FIVE)); + C1 = _mm_srli_epi64(T2, 26); + C2 = _mm_srli_epi64(T0, 26); + T2 = _mm_and_si128(T2, MMASK); + T0 = _mm_and_si128(T0, MMASK); + T3 = _mm_add_epi64(T3, C1); + T1 = _mm_add_epi64(T1, C2); + C1 = _mm_srli_epi64(T3, 26); + T3 = _mm_and_si128(T3, MMASK); + T4 = _mm_add_epi64(T4, C1); + + /* H = (H*[r^2,r^2] + [Mx,My]) */ + H0 = T0; + H1 = T1; + H2 = T2; + H3 = T3; + H4 = T4; + } + + if (m) { + T0 = _mm_shuffle_epi32(H0, _MM_SHUFFLE(0, 0, 2, 0)); + T1 = _mm_shuffle_epi32(H1, _MM_SHUFFLE(0, 0, 2, 0)); + T2 = _mm_shuffle_epi32(H2, _MM_SHUFFLE(0, 0, 2, 0)); + T3 = _mm_shuffle_epi32(H3, _MM_SHUFFLE(0, 0, 2, 0)); + T4 = _mm_shuffle_epi32(H4, _MM_SHUFFLE(0, 0, 2, 0)); + T0 = _mm_unpacklo_epi64(T0, T1); + T1 = _mm_unpacklo_epi64(T2, T3); + _mm_storeu_si128((xmmi *) (void *) &st->H.hh[0], T0); + _mm_storeu_si128((xmmi *) (void *) &st->H.hh[4], T1); + _mm_storel_epi64((xmmi *) (void *) &st->H.hh[8], T4); + } else { + uint32_t t0, t1, t2, t3, t4, b; + uint64_t h0, h1, h2, g0, g1, g2, c, nc; + + /* H = H[0]+H[1] */ + T0 = H0; + T1 = H1; + T2 = H2; + T3 = H3; + T4 = H4; + + T0 = _mm_add_epi64(T0, _mm_srli_si128(T0, 8)); + T1 = _mm_add_epi64(T1, _mm_srli_si128(T1, 8)); + T2 = _mm_add_epi64(T2, _mm_srli_si128(T2, 8)); + T3 = _mm_add_epi64(T3, _mm_srli_si128(T3, 8)); + T4 = _mm_add_epi64(T4, _mm_srli_si128(T4, 8)); + + t0 = _mm_cvtsi128_si32(T0); + b = (t0 >> 26); + t0 &= 0x3ffffff; + t1 = _mm_cvtsi128_si32(T1) + b; + b = (t1 >> 26); + t1 &= 0x3ffffff; + t2 = _mm_cvtsi128_si32(T2) + b; + b = (t2 >> 26); + t2 &= 0x3ffffff; + t3 = _mm_cvtsi128_si32(T3) + b; + b = (t3 >> 26); + t3 &= 0x3ffffff; + t4 = _mm_cvtsi128_si32(T4) + b; + + /* everything except t4 is in range, so this is all safe */ + h0 = (((uint64_t) t0) | ((uint64_t) t1 << 26)) & 0xfffffffffffull; + h1 = (((uint64_t) t1 >> 18) | ((uint64_t) t2 << 8) | + ((uint64_t) t3 << 34)) & + 0xfffffffffffull; + h2 = (((uint64_t) t3 >> 10) | ((uint64_t) t4 << 16)); + + c = (h2 >> 42); + h2 &= 0x3ffffffffff; + h0 += c * 5; + c = (h0 >> 44); + h0 &= 0xfffffffffff; + h1 += c; + c = (h1 >> 44); + h1 &= 0xfffffffffff; + h2 += c; + c = (h2 >> 42); + h2 &= 0x3ffffffffff; + h0 += c * 5; + c = (h0 >> 44); + h0 &= 0xfffffffffff; + h1 += c; + + g0 = h0 + 5; + c = (g0 >> 44); + g0 &= 0xfffffffffff; + g1 = h1 + c; + c = (g1 >> 44); + g1 &= 0xfffffffffff; + g2 = h2 + c - ((uint64_t) 1 << 42); + + c = (g2 >> 63) - 1; + nc = ~c; + h0 = (h0 & nc) | (g0 & c); + h1 = (h1 & nc) | (g1 & c); + h2 = (h2 & nc) | (g2 & c); + + st->H.h[0] = h0; + st->H.h[1] = h1; + st->H.h[2] = h2; + } +} + +static void +poly1305_update(poly1305_state_internal_t *st, const unsigned char *m, + unsigned long long bytes) +{ + unsigned long long i; + + /* handle leftover */ + if (st->leftover) { + unsigned long long want = (poly1305_block_size - st->leftover); + + if (want > bytes) { + want = bytes; + } + for (i = 0; i < want; i++) { + st->buffer[st->leftover + i] = m[i]; + } + bytes -= want; + m += want; + st->leftover += want; + if (st->leftover < poly1305_block_size) { + return; + } + poly1305_blocks(st, st->buffer, poly1305_block_size); + st->leftover = 0; + } + + /* process full blocks */ + if (bytes >= poly1305_block_size) { + unsigned long long want = (bytes & ~(poly1305_block_size - 1)); + + poly1305_blocks(st, m, want); + m += want; + bytes -= want; + } + + /* store leftover */ + if (bytes) { + for (i = 0; i < bytes; i++) { + st->buffer[st->leftover + i] = m[i]; + } + st->leftover += bytes; + } +} + +static POLY1305_NOINLINE void +poly1305_finish_ext(poly1305_state_internal_t *st, const unsigned char *m, + unsigned long long leftover, unsigned char mac[16]) +{ + uint64_t h0, h1, h2; + + if (leftover) { + CRYPTO_ALIGN(16) unsigned char final[32] = { 0 }; + + poly1305_block_copy31(final, m, leftover); + if (leftover != 16) { + final[leftover] = 1; + } + st->flags |= + (leftover >= 16) ? poly1305_final_shift8 : poly1305_final_shift16; + poly1305_blocks(st, final, 32); + } + + if (st->flags & poly1305_started) { + /* finalize, H *= [r^2,r], or H *= [r,1] */ + if (!leftover || (leftover > 16)) { + st->flags |= poly1305_final_r2_r; + } else { + st->flags |= poly1305_final_r_1; + } + poly1305_blocks(st, NULL, 32); + } + + h0 = st->H.h[0]; + h1 = st->H.h[1]; + h2 = st->H.h[2]; + + /* pad */ + h0 = ((h0) | (h1 << 44)); + h1 = ((h1 >> 20) | (h2 << 24)); +#ifdef HAVE_AMD64_ASM + __asm__ __volatile__( + "addq %2, %0 ;\n" + "adcq %3, %1 ;\n" + : "+r"(h0), "+r"(h1) + : "r"(st->pad[0]), "r"(st->pad[1]) + : "flags", "cc"); +#else + { + uint128_t h; + + memcpy(&h, &st->pad[0], 16); + h += ((uint128_t) h1 << 64) | h0; + h0 = (uint64_t) h; + h1 = (uint64_t)(h >> 64); + } +#endif + _mm_storeu_si128((xmmi *) (void *) st + 0, _mm_setzero_si128()); + _mm_storeu_si128((xmmi *) (void *) st + 1, _mm_setzero_si128()); + _mm_storeu_si128((xmmi *) (void *) st + 2, _mm_setzero_si128()); + _mm_storeu_si128((xmmi *) (void *) st + 3, _mm_setzero_si128()); + _mm_storeu_si128((xmmi *) (void *) st + 4, _mm_setzero_si128()); + _mm_storeu_si128((xmmi *) (void *) st + 5, _mm_setzero_si128()); + _mm_storeu_si128((xmmi *) (void *) st + 6, _mm_setzero_si128()); + _mm_storeu_si128((xmmi *) (void *) st + 7, _mm_setzero_si128()); + + memcpy(&mac[0], &h0, 8); + memcpy(&mac[8], &h1, 8); + + sodium_memzero((void *) st, sizeof *st); +} + +static void +poly1305_finish(poly1305_state_internal_t *st, unsigned char mac[16]) +{ + poly1305_finish_ext(st, st->buffer, st->leftover, mac); +} + +static int +crypto_onetimeauth_poly1305_sse2_init(crypto_onetimeauth_poly1305_state *state, + const unsigned char *key) +{ + COMPILER_ASSERT(sizeof(crypto_onetimeauth_poly1305_state) >= + sizeof(poly1305_state_internal_t)); + poly1305_init_ext((poly1305_state_internal_t *) (void *) state, key, 0U); + + return 0; +} + +static int +crypto_onetimeauth_poly1305_sse2_update( + crypto_onetimeauth_poly1305_state *state, const unsigned char *in, + unsigned long long inlen) +{ + poly1305_update((poly1305_state_internal_t *) (void *) state, in, inlen); + + return 0; +} + +static int +crypto_onetimeauth_poly1305_sse2_final(crypto_onetimeauth_poly1305_state *state, + unsigned char *out) +{ + poly1305_finish((poly1305_state_internal_t *) (void *) state, out); + + return 0; +} + +static int +crypto_onetimeauth_poly1305_sse2(unsigned char *out, const unsigned char *m, + unsigned long long inlen, + const unsigned char *key) +{ + CRYPTO_ALIGN(64) poly1305_state_internal_t st; + unsigned long long blocks; + + poly1305_init_ext(&st, key, inlen); + blocks = inlen & ~31; + if (blocks > 0) { + poly1305_blocks(&st, m, blocks); + m += blocks; + inlen -= blocks; + } + poly1305_finish_ext(&st, m, inlen, out); + + return 0; +} + +static int +crypto_onetimeauth_poly1305_sse2_verify(const unsigned char *h, + const unsigned char *in, + unsigned long long inlen, + const unsigned char *k) +{ + unsigned char correct[16]; + + crypto_onetimeauth_poly1305_sse2(correct, in, inlen, k); + + return crypto_verify_16(h, correct); +} + +struct crypto_onetimeauth_poly1305_implementation + crypto_onetimeauth_poly1305_sse2_implementation = { + SODIUM_C99(.onetimeauth =) crypto_onetimeauth_poly1305_sse2, + SODIUM_C99(.onetimeauth_verify =) + crypto_onetimeauth_poly1305_sse2_verify, + SODIUM_C99(.onetimeauth_init =) crypto_onetimeauth_poly1305_sse2_init, + SODIUM_C99(.onetimeauth_update =) + crypto_onetimeauth_poly1305_sse2_update, + SODIUM_C99(.onetimeauth_final =) crypto_onetimeauth_poly1305_sse2_final + }; + +#endif + +int poly1305_sse2_link_warning_dummy = 0; diff --git a/sodium/sodium_poly1305-sse2.h b/sodium/sodium_poly1305-sse2.h new file mode 100644 index 00000000..0bea92c6 --- /dev/null +++ b/sodium/sodium_poly1305-sse2.h @@ -0,0 +1,12 @@ +#ifndef poly1305_sse2_H +#define poly1305_sse2_H + +#include + +#include "sodium_onetimeauth_poly1305.h" +#include "sodium_crypto_onetimeauth_poly1305.h" + +extern struct crypto_onetimeauth_poly1305_implementation + crypto_onetimeauth_poly1305_sse2_implementation; + +#endif /* poly1305_sse2_H */ diff --git a/sodium/sodium_poly1305_donna.c b/sodium/sodium_poly1305_donna.c new file mode 100644 index 00000000..4891be43 --- /dev/null +++ b/sodium/sodium_poly1305_donna.c @@ -0,0 +1,124 @@ + +#include "sodium_poly1305_donna.h" +#include "sodium_crypto_verify_16.h" +#include "sodium_private_common.h" +#include "sodium_utils.h" + +#ifdef HAVE_TI_MODE +#include "sodium_poly1305_donna64.h" +#else +#include "sodium_poly1305_donna32.h" +#endif +#include "sodium_onetimeauth_poly1305.h" + +static void +poly1305_update(poly1305_state_internal_t *st, const unsigned char *m, + unsigned long long bytes) +{ + unsigned long long i; + + /* handle leftover */ + if (st->leftover) { + unsigned long long want = (poly1305_block_size - st->leftover); + + if (want > bytes) { + want = bytes; + } + for (i = 0; i < want; i++) { + st->buffer[st->leftover + i] = m[i]; + } + bytes -= want; + m += want; + st->leftover += want; + if (st->leftover < poly1305_block_size) { + return; + } + poly1305_blocks(st, st->buffer, poly1305_block_size); + st->leftover = 0; + } + + /* process full blocks */ + if (bytes >= poly1305_block_size) { + unsigned long long want = (bytes & ~(poly1305_block_size - 1)); + + poly1305_blocks(st, m, want); + m += want; + bytes -= want; + } + + /* store leftover */ + if (bytes) { + for (i = 0; i < bytes; i++) { + st->buffer[st->leftover + i] = m[i]; + } + st->leftover += bytes; + } +} + +static int +crypto_onetimeauth_poly1305_donna(unsigned char *out, const unsigned char *m, + unsigned long long inlen, + const unsigned char *key) +{ + CRYPTO_ALIGN(64) poly1305_state_internal_t state; + + poly1305_init(&state, key); + poly1305_update(&state, m, inlen); + poly1305_finish(&state, out); + + return 0; +} + +static int +crypto_onetimeauth_poly1305_donna_init(crypto_onetimeauth_poly1305_state *state, + const unsigned char *key) +{ + COMPILER_ASSERT(sizeof(crypto_onetimeauth_poly1305_state) >= + sizeof(poly1305_state_internal_t)); + poly1305_init((poly1305_state_internal_t *) (void *) state, key); + + return 0; +} + +static int +crypto_onetimeauth_poly1305_donna_update( + crypto_onetimeauth_poly1305_state *state, const unsigned char *in, + unsigned long long inlen) +{ + poly1305_update((poly1305_state_internal_t *) (void *) state, in, inlen); + + return 0; +} + +static int +crypto_onetimeauth_poly1305_donna_final( + crypto_onetimeauth_poly1305_state *state, unsigned char *out) +{ + poly1305_finish((poly1305_state_internal_t *) (void *) state, out); + + return 0; +} + +static int +crypto_onetimeauth_poly1305_donna_verify(const unsigned char *h, + const unsigned char *in, + unsigned long long inlen, + const unsigned char *k) +{ + unsigned char correct[16]; + + crypto_onetimeauth_poly1305_donna(correct, in, inlen, k); + + return crypto_verify_16(h, correct); +} + +struct crypto_onetimeauth_poly1305_implementation + crypto_onetimeauth_poly1305_donna_implementation = { + SODIUM_C99(.onetimeauth =) crypto_onetimeauth_poly1305_donna, + SODIUM_C99(.onetimeauth_verify =) + crypto_onetimeauth_poly1305_donna_verify, + SODIUM_C99(.onetimeauth_init =) crypto_onetimeauth_poly1305_donna_init, + SODIUM_C99(.onetimeauth_update =) + crypto_onetimeauth_poly1305_donna_update, + SODIUM_C99(.onetimeauth_final =) crypto_onetimeauth_poly1305_donna_final + }; diff --git a/sodium/sodium_poly1305_donna.h b/sodium/sodium_poly1305_donna.h new file mode 100644 index 00000000..9be44b89 --- /dev/null +++ b/sodium/sodium_poly1305_donna.h @@ -0,0 +1,12 @@ +#ifndef poly1305_donna_H +#define poly1305_donna_H + +#include + +#include "sodium_onetimeauth_poly1305.h" +#include "sodium_crypto_onetimeauth_poly1305.h" + +extern struct crypto_onetimeauth_poly1305_implementation + crypto_onetimeauth_poly1305_donna_implementation; + +#endif /* poly1305_donna_H */ diff --git a/sodium/sodium_poly1305_donna32.h b/sodium/sodium_poly1305_donna32.h new file mode 100644 index 00000000..fa723b73 --- /dev/null +++ b/sodium/sodium_poly1305_donna32.h @@ -0,0 +1,235 @@ +/* + poly1305 implementation using 32 bit * 32 bit = 64 bit multiplication + and 64 bit addition +*/ + +#if defined(_MSC_VER) +# define POLY1305_NOINLINE __declspec(noinline) +#elif defined(__clang__) || defined(__GNUC__) +# define POLY1305_NOINLINE __attribute__((noinline)) +#else +# define POLY1305_NOINLINE +#endif + +#include "sodium_private_common.h" + +#define poly1305_block_size 16 + +/* 17 + sizeof(unsigned long long) + 14*sizeof(unsigned long) */ +typedef struct poly1305_state_internal_t { + unsigned long r[5]; + unsigned long h[5]; + unsigned long pad[4]; + unsigned long long leftover; + unsigned char buffer[poly1305_block_size]; + unsigned char final; +} poly1305_state_internal_t; + +static void +poly1305_init(poly1305_state_internal_t *st, const unsigned char key[32]) +{ + /* r &= 0xffffffc0ffffffc0ffffffc0fffffff - wiped after finalization */ + st->r[0] = (LOAD32_LE(&key[0])) & 0x3ffffff; + st->r[1] = (LOAD32_LE(&key[3]) >> 2) & 0x3ffff03; + st->r[2] = (LOAD32_LE(&key[6]) >> 4) & 0x3ffc0ff; + st->r[3] = (LOAD32_LE(&key[9]) >> 6) & 0x3f03fff; + st->r[4] = (LOAD32_LE(&key[12]) >> 8) & 0x00fffff; + + /* h = 0 */ + st->h[0] = 0; + st->h[1] = 0; + st->h[2] = 0; + st->h[3] = 0; + st->h[4] = 0; + + /* save pad for later */ + st->pad[0] = LOAD32_LE(&key[16]); + st->pad[1] = LOAD32_LE(&key[20]); + st->pad[2] = LOAD32_LE(&key[24]); + st->pad[3] = LOAD32_LE(&key[28]); + + st->leftover = 0; + st->final = 0; +} + +static void +poly1305_blocks(poly1305_state_internal_t *st, const unsigned char *m, + unsigned long long bytes) +{ + const unsigned long hibit = (st->final) ? 0UL : (1UL << 24); /* 1 << 128 */ + unsigned long r0, r1, r2, r3, r4; + unsigned long s1, s2, s3, s4; + unsigned long h0, h1, h2, h3, h4; + unsigned long long d0, d1, d2, d3, d4; + unsigned long c; + + r0 = st->r[0]; + r1 = st->r[1]; + r2 = st->r[2]; + r3 = st->r[3]; + r4 = st->r[4]; + + s1 = r1 * 5; + s2 = r2 * 5; + s3 = r3 * 5; + s4 = r4 * 5; + + h0 = st->h[0]; + h1 = st->h[1]; + h2 = st->h[2]; + h3 = st->h[3]; + h4 = st->h[4]; + + while (bytes >= poly1305_block_size) { + /* h += m[i] */ + h0 += (LOAD32_LE(m + 0)) & 0x3ffffff; + h1 += (LOAD32_LE(m + 3) >> 2) & 0x3ffffff; + h2 += (LOAD32_LE(m + 6) >> 4) & 0x3ffffff; + h3 += (LOAD32_LE(m + 9) >> 6) & 0x3ffffff; + h4 += (LOAD32_LE(m + 12) >> 8) | hibit; + + /* h *= r */ + d0 = ((unsigned long long) h0 * r0) + ((unsigned long long) h1 * s4) + + ((unsigned long long) h2 * s3) + ((unsigned long long) h3 * s2) + + ((unsigned long long) h4 * s1); + d1 = ((unsigned long long) h0 * r1) + ((unsigned long long) h1 * r0) + + ((unsigned long long) h2 * s4) + ((unsigned long long) h3 * s3) + + ((unsigned long long) h4 * s2); + d2 = ((unsigned long long) h0 * r2) + ((unsigned long long) h1 * r1) + + ((unsigned long long) h2 * r0) + ((unsigned long long) h3 * s4) + + ((unsigned long long) h4 * s3); + d3 = ((unsigned long long) h0 * r3) + ((unsigned long long) h1 * r2) + + ((unsigned long long) h2 * r1) + ((unsigned long long) h3 * r0) + + ((unsigned long long) h4 * s4); + d4 = ((unsigned long long) h0 * r4) + ((unsigned long long) h1 * r3) + + ((unsigned long long) h2 * r2) + ((unsigned long long) h3 * r1) + + ((unsigned long long) h4 * r0); + + /* (partial) h %= p */ + c = (unsigned long) (d0 >> 26); + h0 = (unsigned long) d0 & 0x3ffffff; + d1 += c; + c = (unsigned long) (d1 >> 26); + h1 = (unsigned long) d1 & 0x3ffffff; + d2 += c; + c = (unsigned long) (d2 >> 26); + h2 = (unsigned long) d2 & 0x3ffffff; + d3 += c; + c = (unsigned long) (d3 >> 26); + h3 = (unsigned long) d3 & 0x3ffffff; + d4 += c; + c = (unsigned long) (d4 >> 26); + h4 = (unsigned long) d4 & 0x3ffffff; + h0 += c * 5; + c = (h0 >> 26); + h0 = h0 & 0x3ffffff; + h1 += c; + + m += poly1305_block_size; + bytes -= poly1305_block_size; + } + + st->h[0] = h0; + st->h[1] = h1; + st->h[2] = h2; + st->h[3] = h3; + st->h[4] = h4; +} + +static POLY1305_NOINLINE void +poly1305_finish(poly1305_state_internal_t *st, unsigned char mac[16]) +{ + unsigned long h0, h1, h2, h3, h4, c; + unsigned long g0, g1, g2, g3, g4; + unsigned long long f; + unsigned long mask; + + /* process the remaining block */ + if (st->leftover) { + unsigned long long i = st->leftover; + + st->buffer[i++] = 1; + for (; i < poly1305_block_size; i++) { + st->buffer[i] = 0; + } + st->final = 1; + poly1305_blocks(st, st->buffer, poly1305_block_size); + } + + /* fully carry h */ + h0 = st->h[0]; + h1 = st->h[1]; + h2 = st->h[2]; + h3 = st->h[3]; + h4 = st->h[4]; + + c = h1 >> 26; + h1 = h1 & 0x3ffffff; + h2 += c; + c = h2 >> 26; + h2 = h2 & 0x3ffffff; + h3 += c; + c = h3 >> 26; + h3 = h3 & 0x3ffffff; + h4 += c; + c = h4 >> 26; + h4 = h4 & 0x3ffffff; + h0 += c * 5; + c = h0 >> 26; + h0 = h0 & 0x3ffffff; + h1 += c; + + /* compute h + -p */ + g0 = h0 + 5; + c = g0 >> 26; + g0 &= 0x3ffffff; + g1 = h1 + c; + c = g1 >> 26; + g1 &= 0x3ffffff; + g2 = h2 + c; + c = g2 >> 26; + g2 &= 0x3ffffff; + g3 = h3 + c; + c = g3 >> 26; + g3 &= 0x3ffffff; + g4 = h4 + c - (1UL << 26); + + /* select h if h < p, or h + -p if h >= p */ + mask = (g4 >> ((sizeof(unsigned long) * 8) - 1)) - 1; + g0 &= mask; + g1 &= mask; + g2 &= mask; + g3 &= mask; + g4 &= mask; + mask = ~mask; + + h0 = (h0 & mask) | g0; + h1 = (h1 & mask) | g1; + h2 = (h2 & mask) | g2; + h3 = (h3 & mask) | g3; + h4 = (h4 & mask) | g4; + + /* h = h % (2^128) */ + h0 = ((h0) | (h1 << 26)) & 0xffffffff; + h1 = ((h1 >> 6) | (h2 << 20)) & 0xffffffff; + h2 = ((h2 >> 12) | (h3 << 14)) & 0xffffffff; + h3 = ((h3 >> 18) | (h4 << 8)) & 0xffffffff; + + /* mac = (h + pad) % (2^128) */ + f = (unsigned long long) h0 + st->pad[0]; + h0 = (unsigned long) f; + f = (unsigned long long) h1 + st->pad[1] + (f >> 32); + h1 = (unsigned long) f; + f = (unsigned long long) h2 + st->pad[2] + (f >> 32); + h2 = (unsigned long) f; + f = (unsigned long long) h3 + st->pad[3] + (f >> 32); + h3 = (unsigned long) f; + + STORE32_LE(mac + 0, (uint32_t) h0); + STORE32_LE(mac + 4, (uint32_t) h1); + STORE32_LE(mac + 8, (uint32_t) h2); + STORE32_LE(mac + 12, (uint32_t) h3); + + /* zero out the state */ + sodium_memzero((void *) st, sizeof *st); +} diff --git a/sodium/sodium_poly1305_donna64.h b/sodium/sodium_poly1305_donna64.h new file mode 100644 index 00000000..d2cdbf89 --- /dev/null +++ b/sodium/sodium_poly1305_donna64.h @@ -0,0 +1,220 @@ +/* + poly1305 implementation using 64 bit * 64 bit = 128 bit multiplication + and 128 bit addition +*/ + +#include "sodium_private_common.h" + +#define MUL(out, x, y) out = ((uint128_t) x * y) +#define ADD(out, in) out += in +#define ADDLO(out, in) out += in +#define SHR(in, shift) (unsigned long long) (in >> (shift)) +#define LO(in) (unsigned long long) (in) + +#if defined(_MSC_VER) +# define POLY1305_NOINLINE __declspec(noinline) +#elif defined(__clang__) || defined(__GNUC__) +# define POLY1305_NOINLINE __attribute__((noinline)) +#else +# define POLY1305_NOINLINE +#endif + +#define poly1305_block_size 16 + +/* 17 + sizeof(unsigned long long) + 8*sizeof(unsigned long long) */ +typedef struct poly1305_state_internal_t { + unsigned long long r[3]; + unsigned long long h[3]; + unsigned long long pad[2]; + unsigned long long leftover; + unsigned char buffer[poly1305_block_size]; + unsigned char final; +} poly1305_state_internal_t; + +static void +poly1305_init(poly1305_state_internal_t *st, const unsigned char key[32]) +{ + unsigned long long t0, t1; + + /* r &= 0xffffffc0ffffffc0ffffffc0fffffff */ + t0 = LOAD64_LE(&key[0]); + t1 = LOAD64_LE(&key[8]); + + /* wiped after finalization */ + st->r[0] = (t0) &0xffc0fffffff; + st->r[1] = ((t0 >> 44) | (t1 << 20)) & 0xfffffc0ffff; + st->r[2] = ((t1 >> 24)) & 0x00ffffffc0f; + + /* h = 0 */ + st->h[0] = 0; + st->h[1] = 0; + st->h[2] = 0; + + /* save pad for later */ + st->pad[0] = LOAD64_LE(&key[16]); + st->pad[1] = LOAD64_LE(&key[24]); + + st->leftover = 0; + st->final = 0; +} + +static void +poly1305_blocks(poly1305_state_internal_t *st, const unsigned char *m, + unsigned long long bytes) +{ + const unsigned long long hibit = + (st->final) ? 0ULL : (1ULL << 40); /* 1 << 128 */ + unsigned long long r0, r1, r2; + unsigned long long s1, s2; + unsigned long long h0, h1, h2; + unsigned long long c; + uint128_t d0, d1, d2, d; + + r0 = st->r[0]; + r1 = st->r[1]; + r2 = st->r[2]; + + h0 = st->h[0]; + h1 = st->h[1]; + h2 = st->h[2]; + + s1 = r1 * (5 << 2); + s2 = r2 * (5 << 2); + + while (bytes >= poly1305_block_size) { + unsigned long long t0, t1; + + /* h += m[i] */ + t0 = LOAD64_LE(&m[0]); + t1 = LOAD64_LE(&m[8]); + + h0 += ((t0) &0xfffffffffff); + h1 += (((t0 >> 44) | (t1 << 20)) & 0xfffffffffff); + h2 += (((t1 >> 24)) & 0x3ffffffffff) | hibit; + + /* h *= r */ + MUL(d0, h0, r0); + MUL(d, h1, s2); + ADD(d0, d); + MUL(d, h2, s1); + ADD(d0, d); + MUL(d1, h0, r1); + MUL(d, h1, r0); + ADD(d1, d); + MUL(d, h2, s2); + ADD(d1, d); + MUL(d2, h0, r2); + MUL(d, h1, r1); + ADD(d2, d); + MUL(d, h2, r0); + ADD(d2, d); + + /* (partial) h %= p */ + c = SHR(d0, 44); + h0 = LO(d0) & 0xfffffffffff; + ADDLO(d1, c); + c = SHR(d1, 44); + h1 = LO(d1) & 0xfffffffffff; + ADDLO(d2, c); + c = SHR(d2, 42); + h2 = LO(d2) & 0x3ffffffffff; + h0 += c * 5; + c = (h0 >> 44); + h0 = h0 & 0xfffffffffff; + h1 += c; + + m += poly1305_block_size; + bytes -= poly1305_block_size; + } + + st->h[0] = h0; + st->h[1] = h1; + st->h[2] = h2; +} + +static POLY1305_NOINLINE void +poly1305_finish(poly1305_state_internal_t *st, unsigned char mac[16]) +{ + unsigned long long h0, h1, h2, c; + unsigned long long g0, g1, g2; + unsigned long long t0, t1; + + /* process the remaining block */ + if (st->leftover) { + unsigned long long i = st->leftover; + + st->buffer[i] = 1; + + for (i = i + 1; i < poly1305_block_size; i++) { + st->buffer[i] = 0; + } + st->final = 1; + poly1305_blocks(st, st->buffer, poly1305_block_size); + } + + /* fully carry h */ + h0 = st->h[0]; + h1 = st->h[1]; + h2 = st->h[2]; + + c = (h1 >> 44); + h1 &= 0xfffffffffff; + h2 += c; + c = (h2 >> 42); + h2 &= 0x3ffffffffff; + h0 += c * 5; + c = (h0 >> 44); + h0 &= 0xfffffffffff; + h1 += c; + c = (h1 >> 44); + h1 &= 0xfffffffffff; + h2 += c; + c = (h2 >> 42); + h2 &= 0x3ffffffffff; + h0 += c * 5; + c = (h0 >> 44); + h0 &= 0xfffffffffff; + h1 += c; + + /* compute h + -p */ + g0 = h0 + 5; + c = (g0 >> 44); + g0 &= 0xfffffffffff; + g1 = h1 + c; + c = (g1 >> 44); + g1 &= 0xfffffffffff; + g2 = h2 + c - (1ULL << 42); + + /* select h if h < p, or h + -p if h >= p */ + c = (g2 >> ((sizeof(unsigned long long) * 8) - 1)) - 1; + g0 &= c; + g1 &= c; + g2 &= c; + c = ~c; + h0 = (h0 & c) | g0; + h1 = (h1 & c) | g1; + h2 = (h2 & c) | g2; + + /* h = (h + pad) */ + t0 = st->pad[0]; + t1 = st->pad[1]; + + h0 += ((t0) &0xfffffffffff); + c = (h0 >> 44); + h0 &= 0xfffffffffff; + h1 += (((t0 >> 44) | (t1 << 20)) & 0xfffffffffff) + c; + c = (h1 >> 44); + h1 &= 0xfffffffffff; + h2 += (((t1 >> 24)) & 0x3ffffffffff) + c; + h2 &= 0x3ffffffffff; + + /* mac = h % (2^128) */ + h0 = ((h0) | (h1 << 44)); + h1 = ((h1 >> 20) | (h2 << 24)); + + STORE64_LE(&mac[0], h0); + STORE64_LE(&mac[8], h1); + + /* zero out the state */ + sodium_memzero((void *) st, sizeof *st); +} diff --git a/sodium/sodium_private_chacha20_ietf_ext.h b/sodium/sodium_private_chacha20_ietf_ext.h new file mode 100644 index 00000000..2c80b96a --- /dev/null +++ b/sodium/sodium_private_chacha20_ietf_ext.h @@ -0,0 +1,16 @@ +#ifndef chacha20_ietf_ext_H +#define chacha20_ietf_ext_H + +#include + +/* The ietf_ext variant allows the internal counter to overflow into the IV */ + +int crypto_stream_chacha20_ietf_ext(unsigned char *c, unsigned long long clen, + const unsigned char *n, const unsigned char *k); + +int crypto_stream_chacha20_ietf_ext_xor_ic(unsigned char *c, const unsigned char *m, + unsigned long long mlen, + const unsigned char *n, uint32_t ic, + const unsigned char *k); +#endif + diff --git a/sodium/sodium_private_common.h b/sodium/sodium_private_common.h new file mode 100644 index 00000000..6d569854 --- /dev/null +++ b/sodium/sodium_private_common.h @@ -0,0 +1,317 @@ +#ifndef common_H +#define common_H 1 + +#include +#include +#include + +#if defined( _MSC_VER ) +#pragma warning(disable:4127) +#pragma warning(disable:4244) +#pragma warning(disable:4668) +#pragma warning(disable:4456) +#endif + +#define COMPILER_ASSERT(X) (void) sizeof(char[(X) ? 1 : -1]) + +#ifdef HAVE_TI_MODE +# if defined(__SIZEOF_INT128__) +typedef unsigned __int128 uint128_t; +# else +typedef unsigned uint128_t __attribute__((mode(TI))); +# endif +#endif + +#define ROTL32(X, B) rotl32((X), (B)) +static inline uint32_t +rotl32(const uint32_t x, const int b) +{ + return (x << b) | (x >> (32 - b)); +} + +#define ROTL64(X, B) rotl64((X), (B)) +static inline uint64_t +rotl64(const uint64_t x, const int b) +{ + return (x << b) | (x >> (64 - b)); +} + +#define ROTR32(X, B) rotr32((X), (B)) +static inline uint32_t +rotr32(const uint32_t x, const int b) +{ + return (x >> b) | (x << (32 - b)); +} + +#define ROTR64(X, B) rotr64((X), (B)) +static inline uint64_t +rotr64(const uint64_t x, const int b) +{ + return (x >> b) | (x << (64 - b)); +} + +#define LOAD64_LE(SRC) load64_le(SRC) +static inline uint64_t +load64_le(const uint8_t src[8]) +{ +#ifdef NATIVE_LITTLE_ENDIAN + uint64_t w; + memcpy(&w, src, sizeof w); + return w; +#else + uint64_t w = (uint64_t) src[0]; + w |= (uint64_t) src[1] << 8; + w |= (uint64_t) src[2] << 16; + w |= (uint64_t) src[3] << 24; + w |= (uint64_t) src[4] << 32; + w |= (uint64_t) src[5] << 40; + w |= (uint64_t) src[6] << 48; + w |= (uint64_t) src[7] << 56; + return w; +#endif +} + +#define STORE64_LE(DST, W) store64_le((DST), (W)) +static inline void +store64_le(uint8_t dst[8], uint64_t w) +{ +#ifdef NATIVE_LITTLE_ENDIAN + memcpy(dst, &w, sizeof w); +#else + dst[0] = (uint8_t) w; w >>= 8; + dst[1] = (uint8_t) w; w >>= 8; + dst[2] = (uint8_t) w; w >>= 8; + dst[3] = (uint8_t) w; w >>= 8; + dst[4] = (uint8_t) w; w >>= 8; + dst[5] = (uint8_t) w; w >>= 8; + dst[6] = (uint8_t) w; w >>= 8; + dst[7] = (uint8_t) w; +#endif +} + +#define LOAD32_LE(SRC) load32_le(SRC) +static inline uint32_t +load32_le(const uint8_t src[4]) +{ +#ifdef NATIVE_LITTLE_ENDIAN + uint32_t w; + memcpy(&w, src, sizeof w); + return w; +#else + uint32_t w = (uint32_t) src[0]; + w |= (uint32_t) src[1] << 8; + w |= (uint32_t) src[2] << 16; + w |= (uint32_t) src[3] << 24; + return w; +#endif +} + +#define STORE32_LE(DST, W) store32_le((DST), (W)) +static inline void +store32_le(uint8_t dst[4], uint32_t w) +{ +#ifdef NATIVE_LITTLE_ENDIAN + memcpy(dst, &w, sizeof w); +#else + dst[0] = (uint8_t) w; w >>= 8; + dst[1] = (uint8_t) w; w >>= 8; + dst[2] = (uint8_t) w; w >>= 8; + dst[3] = (uint8_t) w; +#endif +} + +/* ----- */ + +#define LOAD64_BE(SRC) load64_be(SRC) +static inline uint64_t +load64_be(const uint8_t src[8]) +{ +#ifdef NATIVE_BIG_ENDIAN + uint64_t w; + memcpy(&w, src, sizeof w); + return w; +#else + uint64_t w = (uint64_t) src[7]; + w |= (uint64_t) src[6] << 8; + w |= (uint64_t) src[5] << 16; + w |= (uint64_t) src[4] << 24; + w |= (uint64_t) src[3] << 32; + w |= (uint64_t) src[2] << 40; + w |= (uint64_t) src[1] << 48; + w |= (uint64_t) src[0] << 56; + return w; +#endif +} + +#define STORE64_BE(DST, W) store64_be((DST), (W)) +static inline void +store64_be(uint8_t dst[8], uint64_t w) +{ +#ifdef NATIVE_BIG_ENDIAN + memcpy(dst, &w, sizeof w); +#else + dst[7] = (uint8_t) w; w >>= 8; + dst[6] = (uint8_t) w; w >>= 8; + dst[5] = (uint8_t) w; w >>= 8; + dst[4] = (uint8_t) w; w >>= 8; + dst[3] = (uint8_t) w; w >>= 8; + dst[2] = (uint8_t) w; w >>= 8; + dst[1] = (uint8_t) w; w >>= 8; + dst[0] = (uint8_t) w; +#endif +} + +#define LOAD32_BE(SRC) load32_be(SRC) +static inline uint32_t +load32_be(const uint8_t src[4]) +{ +#ifdef NATIVE_BIG_ENDIAN + uint32_t w; + memcpy(&w, src, sizeof w); + return w; +#else + uint32_t w = (uint32_t) src[3]; + w |= (uint32_t) src[2] << 8; + w |= (uint32_t) src[1] << 16; + w |= (uint32_t) src[0] << 24; + return w; +#endif +} + +#define STORE32_BE(DST, W) store32_be((DST), (W)) +static inline void +store32_be(uint8_t dst[4], uint32_t w) +{ +#ifdef NATIVE_BIG_ENDIAN + memcpy(dst, &w, sizeof w); +#else + dst[3] = (uint8_t) w; w >>= 8; + dst[2] = (uint8_t) w; w >>= 8; + dst[1] = (uint8_t) w; w >>= 8; + dst[0] = (uint8_t) w; +#endif +} + +#define XOR_BUF(OUT, IN, N) xor_buf((OUT), (IN), (N)) +static inline void +xor_buf(unsigned char *out, const unsigned char *in, size_t n) +{ + size_t i; + + for (i = 0; i < n; i++) { + out[i] ^= in[i]; + } +} + + +#if !defined(__clang__) && !defined(__GNUC__) +# ifdef __attribute__ +# undef __attribute__ +# endif +# define __attribute__(a) +#endif + +#ifndef CRYPTO_ALIGN +# if defined(__INTEL_COMPILER) || defined(_MSC_VER) +# define CRYPTO_ALIGN(x) __declspec(align(x)) +# else +# define CRYPTO_ALIGN(x) __attribute__ ((aligned(x))) +# endif +#endif + +#if defined(__clang__) || defined(__GNUC__) + + #if NETCODE_AVX2 + + # define HAVE_MMINTRIN_H 1 + # define HAVE_EMMINTRIN_H 1 + # define HAVE_PMMINTRIN_H 1 + # define HAVE_TMMINTRIN_H 1 + # define HAVE_SMMINTRIN_H 1 + # define HAVE_AVXINTRIN_H 1 + # define HAVE_WMMINTRIN_H 1 + # define HAVE_AVX2INTRIN_H 1 + # define HAVE_AVX_ASM 1 + # define HAVE_AMD64_ASM 1 + # define HAVE_CPUID 1 + + #elif NETCODE_AVX + + # define HAVE_MMINTRIN_H 1 + # define HAVE_EMMINTRIN_H 1 + # define HAVE_PMMINTRIN_H 1 + # define HAVE_TMMINTRIN_H 1 + # define HAVE_SMMINTRIN_H 1 + # define HAVE_AVXINTRIN_H 1 + # define HAVE_WMMINTRIN_H 1 + # define HAVE_AVX_ASM 1 + # define HAVE_AMD64_ASM 1 + # define HAVE_CPUID 1 + + #elif NETCODE_X64 + + # define HAVE_MMINTRIN_H 1 + # define HAVE_EMMINTRIN_H 1 + # define HAVE_PMMINTRIN_H 1 + # define HAVE_TMMINTRIN_H 1 + # define HAVE_SMMINTRIN_H 1 + # define HAVE_WMMINTRIN_H 1 + # define HAVE_AMD64_ASM 1 + # define HAVE_CPUID 1 + + #elif NETCODE_X64 + + # define HAVE_MMINTRIN_H 1 + # define HAVE_EMMINTRIN_H 1 + # define HAVE_PMMINTRIN_H 1 + # define HAVE_TMMINTRIN_H 1 + # define HAVE_SMMINTRIN_H 1 + # define HAVE_WMMINTRIN_H 1 + # define HAVE_CPUID 1 + + #endif + +#endif + +#if defined(_MSC_VER) && (defined(_M_X64) || defined(_M_AMD64) || defined(_M_IX86)) + +# include + +# define HAVE_INTRIN_H 1 +# define HAVE_MMINTRIN_H 1 +# define HAVE_EMMINTRIN_H 1 +# define HAVE_PMMINTRIN_H 1 +# define HAVE_TMMINTRIN_H 1 +# define HAVE_SMMINTRIN_H 1 + +#if NETCODE_AVX +# define HAVE_AVXINTRIN_H 1 +#endif + +# if _MSC_VER >= 1600 +# define HAVE_WMMINTRIN_H 1 +# endif + +#if NETCODE_AVX2 +# if _MSC_VER >= 1700 && defined(_M_X64) +# define HAVE_AVX2INTRIN_H 1 +# endif +#endif + +#elif defined(HAVE_INTRIN_H) + +# include + +#endif + +#ifdef HAVE_LIBCTGRIND +extern void ct_poison (const void *, size_t); +extern void ct_unpoison(const void *, size_t); +# define POISON(X, L) ct_poison((X), (L)) +# define UNPOISON(X, L) ct_unpoison((X), (L)) +#else +# define POISON(X, L) (void) 0 +# define UNPOISON(X, L) (void) 0 +#endif + +#endif diff --git a/sodium/sodium_private_ed25519_ref10.h b/sodium/sodium_private_ed25519_ref10.h new file mode 100644 index 00000000..b351ae3c --- /dev/null +++ b/sodium/sodium_private_ed25519_ref10.h @@ -0,0 +1,127 @@ +#ifndef ed25519_ref10_H +#define ed25519_ref10_H + +#include +#include + +/* + fe means field element. + Here the field is \Z/(2^255-19). + */ + +#ifdef HAVE_TI_MODE +typedef uint64_t fe25519[5]; +#else +typedef int32_t fe25519[10]; +#endif + +void fe25519_invert(fe25519 out, const fe25519 z); +void fe25519_frombytes(fe25519 h, const unsigned char *s); +void fe25519_tobytes(unsigned char *s, const fe25519 h); + +#ifdef HAVE_TI_MODE +# include "sodium_private_ed25519_ref10_fe_51.h" +#else +# include "sodium_private_ed25519_ref10_fe_25_5.h" +#endif + + +/* + ge means group element. + + Here the group is the set of pairs (x,y) of field elements + satisfying -x^2 + y^2 = 1 + d x^2y^2 + where d = -121665/121666. + + Representations: + ge25519_p2 (projective): (X:Y:Z) satisfying x=X/Z, y=Y/Z + ge25519_p3 (extended): (X:Y:Z:T) satisfying x=X/Z, y=Y/Z, XY=ZT + ge25519_p1p1 (completed): ((X:Z),(Y:T)) satisfying x=X/Z, y=Y/T + ge25519_precomp (Duif): (y+x,y-x,2dxy) + */ + +typedef struct { + fe25519 X; + fe25519 Y; + fe25519 Z; +} ge25519_p2; + +typedef struct { + fe25519 X; + fe25519 Y; + fe25519 Z; + fe25519 T; +} ge25519_p3; + +typedef struct { + fe25519 X; + fe25519 Y; + fe25519 Z; + fe25519 T; +} ge25519_p1p1; + +typedef struct { + fe25519 yplusx; + fe25519 yminusx; + fe25519 xy2d; +} ge25519_precomp; + +typedef struct { + fe25519 YplusX; + fe25519 YminusX; + fe25519 Z; + fe25519 T2d; +} ge25519_cached; + +void ge25519_tobytes(unsigned char *s, const ge25519_p2 *h); + +void ge25519_p3_tobytes(unsigned char *s, const ge25519_p3 *h); + +int ge25519_frombytes(ge25519_p3 *h, const unsigned char *s); + +int ge25519_frombytes_negate_vartime(ge25519_p3 *h, const unsigned char *s); + +void ge25519_p3_to_cached(ge25519_cached *r, const ge25519_p3 *p); + +void ge25519_p1p1_to_p2(ge25519_p2 *r, const ge25519_p1p1 *p); + +void ge25519_p1p1_to_p3(ge25519_p3 *r, const ge25519_p1p1 *p); + +void ge25519_add(ge25519_p1p1 *r, const ge25519_p3 *p, const ge25519_cached *q); + +void ge25519_sub(ge25519_p1p1 *r, const ge25519_p3 *p, const ge25519_cached *q); + +void ge25519_scalarmult_base(ge25519_p3 *h, const unsigned char *a); + +void ge25519_double_scalarmult_vartime(ge25519_p2 *r, const unsigned char *a, + const ge25519_p3 *A, + const unsigned char *b); + +void ge25519_scalarmult(ge25519_p3 *h, const unsigned char *a, + const ge25519_p3 *p); + +int ge25519_is_canonical(const unsigned char *s); + +int ge25519_is_on_curve(const ge25519_p3 *p); + +int ge25519_is_on_main_subgroup(const ge25519_p3 *p); + +int ge25519_has_small_order(const unsigned char s[32]); + +void ge25519_from_uniform(unsigned char s[32], const unsigned char r[32]); + +/* + The set of scalars is \Z/l + where l = 2^252 + 27742317777372353535851937790883648493. + */ + +void sc25519_invert(unsigned char recip[32], const unsigned char s[32]); + +void sc25519_reduce(unsigned char s[64]); + +void sc25519_muladd(unsigned char s[32], const unsigned char a[32], + const unsigned char b[32], const unsigned char c[32]); + +int sc25519_is_canonical(const unsigned char s[32]); + +#endif diff --git a/sodium/sodium_private_ed25519_ref10_fe_25_5.h b/sodium/sodium_private_ed25519_ref10_fe_25_5.h new file mode 100644 index 00000000..94443055 --- /dev/null +++ b/sodium/sodium_private_ed25519_ref10_fe_25_5.h @@ -0,0 +1,1060 @@ +#include + +#include "sodium_private_common.h" +#include "sodium_utils.h" + +/* + h = 0 + */ + +static inline void +fe25519_0(fe25519 h) +{ + memset(&h[0], 0, 10 * sizeof h[0]); +} + +/* + h = 1 + */ + +static inline void +fe25519_1(fe25519 h) +{ + h[0] = 1; + h[1] = 0; + memset(&h[2], 0, 8 * sizeof h[0]); +} + +/* + h = f + g + Can overlap h with f or g. + * + Preconditions: + |f| bounded by 1.1*2^25,1.1*2^24,1.1*2^25,1.1*2^24,etc. + |g| bounded by 1.1*2^25,1.1*2^24,1.1*2^25,1.1*2^24,etc. + * + Postconditions: + |h| bounded by 1.1*2^26,1.1*2^25,1.1*2^26,1.1*2^25,etc. + */ + +static inline void +fe25519_add(fe25519 h, const fe25519 f, const fe25519 g) +{ + int32_t h0 = f[0] + g[0]; + int32_t h1 = f[1] + g[1]; + int32_t h2 = f[2] + g[2]; + int32_t h3 = f[3] + g[3]; + int32_t h4 = f[4] + g[4]; + int32_t h5 = f[5] + g[5]; + int32_t h6 = f[6] + g[6]; + int32_t h7 = f[7] + g[7]; + int32_t h8 = f[8] + g[8]; + int32_t h9 = f[9] + g[9]; + + h[0] = h0; + h[1] = h1; + h[2] = h2; + h[3] = h3; + h[4] = h4; + h[5] = h5; + h[6] = h6; + h[7] = h7; + h[8] = h8; + h[9] = h9; +} + +#if defined(__ORBIS__) || defined(__PROSPERO__) || defined(NN_NINTENDO_SDK) +#pragma clang diagnostic push +#pragma clang diagnostic ignored "-Wunused-function" +#endif // #if defined(__ORBIS__) || defined(__PROSPERO__) || defined(NN_NINTENDO_SDK) + +/* + h = f - g + Can overlap h with f or g. + * + Preconditions: + |f| bounded by 1.1*2^25,1.1*2^24,1.1*2^25,1.1*2^24,etc. + |g| bounded by 1.1*2^25,1.1*2^24,1.1*2^25,1.1*2^24,etc. + * + Postconditions: + |h| bounded by 1.1*2^26,1.1*2^25,1.1*2^26,1.1*2^25,etc. + */ + +static void +fe25519_sub(fe25519 h, const fe25519 f, const fe25519 g) +{ + int32_t h0 = f[0] - g[0]; + int32_t h1 = f[1] - g[1]; + int32_t h2 = f[2] - g[2]; + int32_t h3 = f[3] - g[3]; + int32_t h4 = f[4] - g[4]; + int32_t h5 = f[5] - g[5]; + int32_t h6 = f[6] - g[6]; + int32_t h7 = f[7] - g[7]; + int32_t h8 = f[8] - g[8]; + int32_t h9 = f[9] - g[9]; + + h[0] = h0; + h[1] = h1; + h[2] = h2; + h[3] = h3; + h[4] = h4; + h[5] = h5; + h[6] = h6; + h[7] = h7; + h[8] = h8; + h[9] = h9; +} + +/* + h = -f + * + Preconditions: + |f| bounded by 1.1*2^25,1.1*2^24,1.1*2^25,1.1*2^24,etc. + * + Postconditions: + |h| bounded by 1.1*2^25,1.1*2^24,1.1*2^25,1.1*2^24,etc. + */ + +static inline void +fe25519_neg(fe25519 h, const fe25519 f) +{ + int32_t h0 = -f[0]; + int32_t h1 = -f[1]; + int32_t h2 = -f[2]; + int32_t h3 = -f[3]; + int32_t h4 = -f[4]; + int32_t h5 = -f[5]; + int32_t h6 = -f[6]; + int32_t h7 = -f[7]; + int32_t h8 = -f[8]; + int32_t h9 = -f[9]; + + h[0] = h0; + h[1] = h1; + h[2] = h2; + h[3] = h3; + h[4] = h4; + h[5] = h5; + h[6] = h6; + h[7] = h7; + h[8] = h8; + h[9] = h9; +} + +/* + Replace (f,g) with (g,g) if b == 1; + replace (f,g) with (f,g) if b == 0. + * + Preconditions: b in {0,1}. + */ + +static void +fe25519_cmov(fe25519 f, const fe25519 g, unsigned int b) +{ + const uint32_t mask = (uint32_t) (-(int32_t) b); + + int32_t f0 = f[0]; + int32_t f1 = f[1]; + int32_t f2 = f[2]; + int32_t f3 = f[3]; + int32_t f4 = f[4]; + int32_t f5 = f[5]; + int32_t f6 = f[6]; + int32_t f7 = f[7]; + int32_t f8 = f[8]; + int32_t f9 = f[9]; + + int32_t x0 = f0 ^ g[0]; + int32_t x1 = f1 ^ g[1]; + int32_t x2 = f2 ^ g[2]; + int32_t x3 = f3 ^ g[3]; + int32_t x4 = f4 ^ g[4]; + int32_t x5 = f5 ^ g[5]; + int32_t x6 = f6 ^ g[6]; + int32_t x7 = f7 ^ g[7]; + int32_t x8 = f8 ^ g[8]; + int32_t x9 = f9 ^ g[9]; + + x0 &= mask; + x1 &= mask; + x2 &= mask; + x3 &= mask; + x4 &= mask; + x5 &= mask; + x6 &= mask; + x7 &= mask; + x8 &= mask; + x9 &= mask; + + f[0] = f0 ^ x0; + f[1] = f1 ^ x1; + f[2] = f2 ^ x2; + f[3] = f3 ^ x3; + f[4] = f4 ^ x4; + f[5] = f5 ^ x5; + f[6] = f6 ^ x6; + f[7] = f7 ^ x7; + f[8] = f8 ^ x8; + f[9] = f9 ^ x9; +} + +static void +fe25519_cswap(fe25519 f, fe25519 g, unsigned int b) +{ + const uint32_t mask = (uint32_t) (-(int64_t) b); + + int32_t f0 = f[0]; + int32_t f1 = f[1]; + int32_t f2 = f[2]; + int32_t f3 = f[3]; + int32_t f4 = f[4]; + int32_t f5 = f[5]; + int32_t f6 = f[6]; + int32_t f7 = f[7]; + int32_t f8 = f[8]; + int32_t f9 = f[9]; + + int32_t g0 = g[0]; + int32_t g1 = g[1]; + int32_t g2 = g[2]; + int32_t g3 = g[3]; + int32_t g4 = g[4]; + int32_t g5 = g[5]; + int32_t g6 = g[6]; + int32_t g7 = g[7]; + int32_t g8 = g[8]; + int32_t g9 = g[9]; + + int32_t x0 = f0 ^ g0; + int32_t x1 = f1 ^ g1; + int32_t x2 = f2 ^ g2; + int32_t x3 = f3 ^ g3; + int32_t x4 = f4 ^ g4; + int32_t x5 = f5 ^ g5; + int32_t x6 = f6 ^ g6; + int32_t x7 = f7 ^ g7; + int32_t x8 = f8 ^ g8; + int32_t x9 = f9 ^ g9; + + x0 &= mask; + x1 &= mask; + x2 &= mask; + x3 &= mask; + x4 &= mask; + x5 &= mask; + x6 &= mask; + x7 &= mask; + x8 &= mask; + x9 &= mask; + + f[0] = f0 ^ x0; + f[1] = f1 ^ x1; + f[2] = f2 ^ x2; + f[3] = f3 ^ x3; + f[4] = f4 ^ x4; + f[5] = f5 ^ x5; + f[6] = f6 ^ x6; + f[7] = f7 ^ x7; + f[8] = f8 ^ x8; + f[9] = f9 ^ x9; + + g[0] = g0 ^ x0; + g[1] = g1 ^ x1; + g[2] = g2 ^ x2; + g[3] = g3 ^ x3; + g[4] = g4 ^ x4; + g[5] = g5 ^ x5; + g[6] = g6 ^ x6; + g[7] = g7 ^ x7; + g[8] = g8 ^ x8; + g[9] = g9 ^ x9; +} + +/* + h = f + */ + +static inline void +fe25519_copy(fe25519 h, const fe25519 f) +{ + int32_t f0 = f[0]; + int32_t f1 = f[1]; + int32_t f2 = f[2]; + int32_t f3 = f[3]; + int32_t f4 = f[4]; + int32_t f5 = f[5]; + int32_t f6 = f[6]; + int32_t f7 = f[7]; + int32_t f8 = f[8]; + int32_t f9 = f[9]; + + h[0] = f0; + h[1] = f1; + h[2] = f2; + h[3] = f3; + h[4] = f4; + h[5] = f5; + h[6] = f6; + h[7] = f7; + h[8] = f8; + h[9] = f9; +} + +/* + return 1 if f is in {1,3,5,...,q-2} + return 0 if f is in {0,2,4,...,q-1} + + Preconditions: + |f| bounded by 1.1*2^26,1.1*2^25,1.1*2^26,1.1*2^25,etc. + */ + +static inline int +fe25519_isnegative(const fe25519 f) +{ + unsigned char s[32]; + + fe25519_tobytes(s, f); + + return s[0] & 1; +} + +/* + return 1 if f == 0 + return 0 if f != 0 + + Preconditions: + |f| bounded by 1.1*2^26,1.1*2^25,1.1*2^26,1.1*2^25,etc. + */ + +static inline int +fe25519_iszero(const fe25519 f) +{ + unsigned char s[32]; + + fe25519_tobytes(s, f); + + return sodium_is_zero(s, 32); +} + +/* + h = f * g + Can overlap h with f or g. + * + Preconditions: + |f| bounded by 1.65*2^26,1.65*2^25,1.65*2^26,1.65*2^25,etc. + |g| bounded by 1.65*2^26,1.65*2^25,1.65*2^26,1.65*2^25,etc. + * + Postconditions: + |h| bounded by 1.01*2^25,1.01*2^24,1.01*2^25,1.01*2^24,etc. + */ + +/* + Notes on implementation strategy: + * + Using schoolbook multiplication. + Karatsuba would save a little in some cost models. + * + Most multiplications by 2 and 19 are 32-bit precomputations; + cheaper than 64-bit postcomputations. + * + There is one remaining multiplication by 19 in the carry chain; + one *19 precomputation can be merged into this, + but the resulting data flow is considerably less clean. + * + There are 12 carries below. + 10 of them are 2-way parallelizable and vectorizable. + Can get away with 11 carries, but then data flow is much deeper. + * + With tighter constraints on inputs can squeeze carries into int32. + */ + +static void +fe25519_mul(fe25519 h, const fe25519 f, const fe25519 g) +{ + int32_t f0 = f[0]; + int32_t f1 = f[1]; + int32_t f2 = f[2]; + int32_t f3 = f[3]; + int32_t f4 = f[4]; + int32_t f5 = f[5]; + int32_t f6 = f[6]; + int32_t f7 = f[7]; + int32_t f8 = f[8]; + int32_t f9 = f[9]; + + int32_t g0 = g[0]; + int32_t g1 = g[1]; + int32_t g2 = g[2]; + int32_t g3 = g[3]; + int32_t g4 = g[4]; + int32_t g5 = g[5]; + int32_t g6 = g[6]; + int32_t g7 = g[7]; + int32_t g8 = g[8]; + int32_t g9 = g[9]; + + int32_t g1_19 = 19 * g1; /* 1.959375*2^29 */ + int32_t g2_19 = 19 * g2; /* 1.959375*2^30; still ok */ + int32_t g3_19 = 19 * g3; + int32_t g4_19 = 19 * g4; + int32_t g5_19 = 19 * g5; + int32_t g6_19 = 19 * g6; + int32_t g7_19 = 19 * g7; + int32_t g8_19 = 19 * g8; + int32_t g9_19 = 19 * g9; + int32_t f1_2 = 2 * f1; + int32_t f3_2 = 2 * f3; + int32_t f5_2 = 2 * f5; + int32_t f7_2 = 2 * f7; + int32_t f9_2 = 2 * f9; + + int64_t f0g0 = f0 * (int64_t) g0; + int64_t f0g1 = f0 * (int64_t) g1; + int64_t f0g2 = f0 * (int64_t) g2; + int64_t f0g3 = f0 * (int64_t) g3; + int64_t f0g4 = f0 * (int64_t) g4; + int64_t f0g5 = f0 * (int64_t) g5; + int64_t f0g6 = f0 * (int64_t) g6; + int64_t f0g7 = f0 * (int64_t) g7; + int64_t f0g8 = f0 * (int64_t) g8; + int64_t f0g9 = f0 * (int64_t) g9; + int64_t f1g0 = f1 * (int64_t) g0; + int64_t f1g1_2 = f1_2 * (int64_t) g1; + int64_t f1g2 = f1 * (int64_t) g2; + int64_t f1g3_2 = f1_2 * (int64_t) g3; + int64_t f1g4 = f1 * (int64_t) g4; + int64_t f1g5_2 = f1_2 * (int64_t) g5; + int64_t f1g6 = f1 * (int64_t) g6; + int64_t f1g7_2 = f1_2 * (int64_t) g7; + int64_t f1g8 = f1 * (int64_t) g8; + int64_t f1g9_38 = f1_2 * (int64_t) g9_19; + int64_t f2g0 = f2 * (int64_t) g0; + int64_t f2g1 = f2 * (int64_t) g1; + int64_t f2g2 = f2 * (int64_t) g2; + int64_t f2g3 = f2 * (int64_t) g3; + int64_t f2g4 = f2 * (int64_t) g4; + int64_t f2g5 = f2 * (int64_t) g5; + int64_t f2g6 = f2 * (int64_t) g6; + int64_t f2g7 = f2 * (int64_t) g7; + int64_t f2g8_19 = f2 * (int64_t) g8_19; + int64_t f2g9_19 = f2 * (int64_t) g9_19; + int64_t f3g0 = f3 * (int64_t) g0; + int64_t f3g1_2 = f3_2 * (int64_t) g1; + int64_t f3g2 = f3 * (int64_t) g2; + int64_t f3g3_2 = f3_2 * (int64_t) g3; + int64_t f3g4 = f3 * (int64_t) g4; + int64_t f3g5_2 = f3_2 * (int64_t) g5; + int64_t f3g6 = f3 * (int64_t) g6; + int64_t f3g7_38 = f3_2 * (int64_t) g7_19; + int64_t f3g8_19 = f3 * (int64_t) g8_19; + int64_t f3g9_38 = f3_2 * (int64_t) g9_19; + int64_t f4g0 = f4 * (int64_t) g0; + int64_t f4g1 = f4 * (int64_t) g1; + int64_t f4g2 = f4 * (int64_t) g2; + int64_t f4g3 = f4 * (int64_t) g3; + int64_t f4g4 = f4 * (int64_t) g4; + int64_t f4g5 = f4 * (int64_t) g5; + int64_t f4g6_19 = f4 * (int64_t) g6_19; + int64_t f4g7_19 = f4 * (int64_t) g7_19; + int64_t f4g8_19 = f4 * (int64_t) g8_19; + int64_t f4g9_19 = f4 * (int64_t) g9_19; + int64_t f5g0 = f5 * (int64_t) g0; + int64_t f5g1_2 = f5_2 * (int64_t) g1; + int64_t f5g2 = f5 * (int64_t) g2; + int64_t f5g3_2 = f5_2 * (int64_t) g3; + int64_t f5g4 = f5 * (int64_t) g4; + int64_t f5g5_38 = f5_2 * (int64_t) g5_19; + int64_t f5g6_19 = f5 * (int64_t) g6_19; + int64_t f5g7_38 = f5_2 * (int64_t) g7_19; + int64_t f5g8_19 = f5 * (int64_t) g8_19; + int64_t f5g9_38 = f5_2 * (int64_t) g9_19; + int64_t f6g0 = f6 * (int64_t) g0; + int64_t f6g1 = f6 * (int64_t) g1; + int64_t f6g2 = f6 * (int64_t) g2; + int64_t f6g3 = f6 * (int64_t) g3; + int64_t f6g4_19 = f6 * (int64_t) g4_19; + int64_t f6g5_19 = f6 * (int64_t) g5_19; + int64_t f6g6_19 = f6 * (int64_t) g6_19; + int64_t f6g7_19 = f6 * (int64_t) g7_19; + int64_t f6g8_19 = f6 * (int64_t) g8_19; + int64_t f6g9_19 = f6 * (int64_t) g9_19; + int64_t f7g0 = f7 * (int64_t) g0; + int64_t f7g1_2 = f7_2 * (int64_t) g1; + int64_t f7g2 = f7 * (int64_t) g2; + int64_t f7g3_38 = f7_2 * (int64_t) g3_19; + int64_t f7g4_19 = f7 * (int64_t) g4_19; + int64_t f7g5_38 = f7_2 * (int64_t) g5_19; + int64_t f7g6_19 = f7 * (int64_t) g6_19; + int64_t f7g7_38 = f7_2 * (int64_t) g7_19; + int64_t f7g8_19 = f7 * (int64_t) g8_19; + int64_t f7g9_38 = f7_2 * (int64_t) g9_19; + int64_t f8g0 = f8 * (int64_t) g0; + int64_t f8g1 = f8 * (int64_t) g1; + int64_t f8g2_19 = f8 * (int64_t) g2_19; + int64_t f8g3_19 = f8 * (int64_t) g3_19; + int64_t f8g4_19 = f8 * (int64_t) g4_19; + int64_t f8g5_19 = f8 * (int64_t) g5_19; + int64_t f8g6_19 = f8 * (int64_t) g6_19; + int64_t f8g7_19 = f8 * (int64_t) g7_19; + int64_t f8g8_19 = f8 * (int64_t) g8_19; + int64_t f8g9_19 = f8 * (int64_t) g9_19; + int64_t f9g0 = f9 * (int64_t) g0; + int64_t f9g1_38 = f9_2 * (int64_t) g1_19; + int64_t f9g2_19 = f9 * (int64_t) g2_19; + int64_t f9g3_38 = f9_2 * (int64_t) g3_19; + int64_t f9g4_19 = f9 * (int64_t) g4_19; + int64_t f9g5_38 = f9_2 * (int64_t) g5_19; + int64_t f9g6_19 = f9 * (int64_t) g6_19; + int64_t f9g7_38 = f9_2 * (int64_t) g7_19; + int64_t f9g8_19 = f9 * (int64_t) g8_19; + int64_t f9g9_38 = f9_2 * (int64_t) g9_19; + + int64_t h0 = f0g0 + f1g9_38 + f2g8_19 + f3g7_38 + f4g6_19 + f5g5_38 + + f6g4_19 + f7g3_38 + f8g2_19 + f9g1_38; + int64_t h1 = f0g1 + f1g0 + f2g9_19 + f3g8_19 + f4g7_19 + f5g6_19 + f6g5_19 + + f7g4_19 + f8g3_19 + f9g2_19; + int64_t h2 = f0g2 + f1g1_2 + f2g0 + f3g9_38 + f4g8_19 + f5g7_38 + f6g6_19 + + f7g5_38 + f8g4_19 + f9g3_38; + int64_t h3 = f0g3 + f1g2 + f2g1 + f3g0 + f4g9_19 + f5g8_19 + f6g7_19 + + f7g6_19 + f8g5_19 + f9g4_19; + int64_t h4 = f0g4 + f1g3_2 + f2g2 + f3g1_2 + f4g0 + f5g9_38 + f6g8_19 + + f7g7_38 + f8g6_19 + f9g5_38; + int64_t h5 = f0g5 + f1g4 + f2g3 + f3g2 + f4g1 + f5g0 + f6g9_19 + f7g8_19 + + f8g7_19 + f9g6_19; + int64_t h6 = f0g6 + f1g5_2 + f2g4 + f3g3_2 + f4g2 + f5g1_2 + f6g0 + + f7g9_38 + f8g8_19 + f9g7_38; + int64_t h7 = f0g7 + f1g6 + f2g5 + f3g4 + f4g3 + f5g2 + f6g1 + f7g0 + + f8g9_19 + f9g8_19; + int64_t h8 = f0g8 + f1g7_2 + f2g6 + f3g5_2 + f4g4 + f5g3_2 + f6g2 + f7g1_2 + + f8g0 + f9g9_38; + int64_t h9 = + f0g9 + f1g8 + f2g7 + f3g6 + f4g5 + f5g4 + f6g3 + f7g2 + f8g1 + f9g0; + + int64_t carry0; + int64_t carry1; + int64_t carry2; + int64_t carry3; + int64_t carry4; + int64_t carry5; + int64_t carry6; + int64_t carry7; + int64_t carry8; + int64_t carry9; + + /* + |h0| <= (1.65*1.65*2^52*(1+19+19+19+19)+1.65*1.65*2^50*(38+38+38+38+38)) + i.e. |h0| <= 1.4*2^60; narrower ranges for h2, h4, h6, h8 + |h1| <= (1.65*1.65*2^51*(1+1+19+19+19+19+19+19+19+19)) + i.e. |h1| <= 1.7*2^59; narrower ranges for h3, h5, h7, h9 + */ + + carry0 = (h0 + (int64_t)(1L << 25)) >> 26; + h1 += carry0; + h0 -= carry0 * ((uint64_t) 1L << 26); + carry4 = (h4 + (int64_t)(1L << 25)) >> 26; + h5 += carry4; + h4 -= carry4 * ((uint64_t) 1L << 26); + /* |h0| <= 2^25 */ + /* |h4| <= 2^25 */ + /* |h1| <= 1.71*2^59 */ + /* |h5| <= 1.71*2^59 */ + + carry1 = (h1 + (int64_t)(1L << 24)) >> 25; + h2 += carry1; + h1 -= carry1 * ((uint64_t) 1L << 25); + carry5 = (h5 + (int64_t)(1L << 24)) >> 25; + h6 += carry5; + h5 -= carry5 * ((uint64_t) 1L << 25); + /* |h1| <= 2^24; from now on fits into int32 */ + /* |h5| <= 2^24; from now on fits into int32 */ + /* |h2| <= 1.41*2^60 */ + /* |h6| <= 1.41*2^60 */ + + carry2 = (h2 + (int64_t)(1L << 25)) >> 26; + h3 += carry2; + h2 -= carry2 * ((uint64_t) 1L << 26); + carry6 = (h6 + (int64_t)(1L << 25)) >> 26; + h7 += carry6; + h6 -= carry6 * ((uint64_t) 1L << 26); + /* |h2| <= 2^25; from now on fits into int32 unchanged */ + /* |h6| <= 2^25; from now on fits into int32 unchanged */ + /* |h3| <= 1.71*2^59 */ + /* |h7| <= 1.71*2^59 */ + + carry3 = (h3 + (int64_t)(1L << 24)) >> 25; + h4 += carry3; + h3 -= carry3 * ((uint64_t) 1L << 25); + carry7 = (h7 + (int64_t)(1L << 24)) >> 25; + h8 += carry7; + h7 -= carry7 * ((uint64_t) 1L << 25); + /* |h3| <= 2^24; from now on fits into int32 unchanged */ + /* |h7| <= 2^24; from now on fits into int32 unchanged */ + /* |h4| <= 1.72*2^34 */ + /* |h8| <= 1.41*2^60 */ + + carry4 = (h4 + (int64_t)(1L << 25)) >> 26; + h5 += carry4; + h4 -= carry4 * ((uint64_t) 1L << 26); + carry8 = (h8 + (int64_t)(1L << 25)) >> 26; + h9 += carry8; + h8 -= carry8 * ((uint64_t) 1L << 26); + /* |h4| <= 2^25; from now on fits into int32 unchanged */ + /* |h8| <= 2^25; from now on fits into int32 unchanged */ + /* |h5| <= 1.01*2^24 */ + /* |h9| <= 1.71*2^59 */ + + carry9 = (h9 + (int64_t)(1L << 24)) >> 25; + h0 += carry9 * 19; + h9 -= carry9 * ((uint64_t) 1L << 25); + /* |h9| <= 2^24; from now on fits into int32 unchanged */ + /* |h0| <= 1.1*2^39 */ + + carry0 = (h0 + (int64_t)(1L << 25)) >> 26; + h1 += carry0; + h0 -= carry0 * ((uint64_t) 1L << 26); + /* |h0| <= 2^25; from now on fits into int32 unchanged */ + /* |h1| <= 1.01*2^24 */ + + h[0] = (int32_t) h0; + h[1] = (int32_t) h1; + h[2] = (int32_t) h2; + h[3] = (int32_t) h3; + h[4] = (int32_t) h4; + h[5] = (int32_t) h5; + h[6] = (int32_t) h6; + h[7] = (int32_t) h7; + h[8] = (int32_t) h8; + h[9] = (int32_t) h9; +} + +/* + h = f * f + Can overlap h with f. + * + Preconditions: + |f| bounded by 1.65*2^26,1.65*2^25,1.65*2^26,1.65*2^25,etc. + * + Postconditions: + |h| bounded by 1.01*2^25,1.01*2^24,1.01*2^25,1.01*2^24,etc. + */ + +static void +fe25519_sq(fe25519 h, const fe25519 f) +{ + int32_t f0 = f[0]; + int32_t f1 = f[1]; + int32_t f2 = f[2]; + int32_t f3 = f[3]; + int32_t f4 = f[4]; + int32_t f5 = f[5]; + int32_t f6 = f[6]; + int32_t f7 = f[7]; + int32_t f8 = f[8]; + int32_t f9 = f[9]; + + int32_t f0_2 = 2 * f0; + int32_t f1_2 = 2 * f1; + int32_t f2_2 = 2 * f2; + int32_t f3_2 = 2 * f3; + int32_t f4_2 = 2 * f4; + int32_t f5_2 = 2 * f5; + int32_t f6_2 = 2 * f6; + int32_t f7_2 = 2 * f7; + int32_t f5_38 = 38 * f5; /* 1.959375*2^30 */ + int32_t f6_19 = 19 * f6; /* 1.959375*2^30 */ + int32_t f7_38 = 38 * f7; /* 1.959375*2^30 */ + int32_t f8_19 = 19 * f8; /* 1.959375*2^30 */ + int32_t f9_38 = 38 * f9; /* 1.959375*2^30 */ + + int64_t f0f0 = f0 * (int64_t) f0; + int64_t f0f1_2 = f0_2 * (int64_t) f1; + int64_t f0f2_2 = f0_2 * (int64_t) f2; + int64_t f0f3_2 = f0_2 * (int64_t) f3; + int64_t f0f4_2 = f0_2 * (int64_t) f4; + int64_t f0f5_2 = f0_2 * (int64_t) f5; + int64_t f0f6_2 = f0_2 * (int64_t) f6; + int64_t f0f7_2 = f0_2 * (int64_t) f7; + int64_t f0f8_2 = f0_2 * (int64_t) f8; + int64_t f0f9_2 = f0_2 * (int64_t) f9; + int64_t f1f1_2 = f1_2 * (int64_t) f1; + int64_t f1f2_2 = f1_2 * (int64_t) f2; + int64_t f1f3_4 = f1_2 * (int64_t) f3_2; + int64_t f1f4_2 = f1_2 * (int64_t) f4; + int64_t f1f5_4 = f1_2 * (int64_t) f5_2; + int64_t f1f6_2 = f1_2 * (int64_t) f6; + int64_t f1f7_4 = f1_2 * (int64_t) f7_2; + int64_t f1f8_2 = f1_2 * (int64_t) f8; + int64_t f1f9_76 = f1_2 * (int64_t) f9_38; + int64_t f2f2 = f2 * (int64_t) f2; + int64_t f2f3_2 = f2_2 * (int64_t) f3; + int64_t f2f4_2 = f2_2 * (int64_t) f4; + int64_t f2f5_2 = f2_2 * (int64_t) f5; + int64_t f2f6_2 = f2_2 * (int64_t) f6; + int64_t f2f7_2 = f2_2 * (int64_t) f7; + int64_t f2f8_38 = f2_2 * (int64_t) f8_19; + int64_t f2f9_38 = f2 * (int64_t) f9_38; + int64_t f3f3_2 = f3_2 * (int64_t) f3; + int64_t f3f4_2 = f3_2 * (int64_t) f4; + int64_t f3f5_4 = f3_2 * (int64_t) f5_2; + int64_t f3f6_2 = f3_2 * (int64_t) f6; + int64_t f3f7_76 = f3_2 * (int64_t) f7_38; + int64_t f3f8_38 = f3_2 * (int64_t) f8_19; + int64_t f3f9_76 = f3_2 * (int64_t) f9_38; + int64_t f4f4 = f4 * (int64_t) f4; + int64_t f4f5_2 = f4_2 * (int64_t) f5; + int64_t f4f6_38 = f4_2 * (int64_t) f6_19; + int64_t f4f7_38 = f4 * (int64_t) f7_38; + int64_t f4f8_38 = f4_2 * (int64_t) f8_19; + int64_t f4f9_38 = f4 * (int64_t) f9_38; + int64_t f5f5_38 = f5 * (int64_t) f5_38; + int64_t f5f6_38 = f5_2 * (int64_t) f6_19; + int64_t f5f7_76 = f5_2 * (int64_t) f7_38; + int64_t f5f8_38 = f5_2 * (int64_t) f8_19; + int64_t f5f9_76 = f5_2 * (int64_t) f9_38; + int64_t f6f6_19 = f6 * (int64_t) f6_19; + int64_t f6f7_38 = f6 * (int64_t) f7_38; + int64_t f6f8_38 = f6_2 * (int64_t) f8_19; + int64_t f6f9_38 = f6 * (int64_t) f9_38; + int64_t f7f7_38 = f7 * (int64_t) f7_38; + int64_t f7f8_38 = f7_2 * (int64_t) f8_19; + int64_t f7f9_76 = f7_2 * (int64_t) f9_38; + int64_t f8f8_19 = f8 * (int64_t) f8_19; + int64_t f8f9_38 = f8 * (int64_t) f9_38; + int64_t f9f9_38 = f9 * (int64_t) f9_38; + + int64_t h0 = f0f0 + f1f9_76 + f2f8_38 + f3f7_76 + f4f6_38 + f5f5_38; + int64_t h1 = f0f1_2 + f2f9_38 + f3f8_38 + f4f7_38 + f5f6_38; + int64_t h2 = f0f2_2 + f1f1_2 + f3f9_76 + f4f8_38 + f5f7_76 + f6f6_19; + int64_t h3 = f0f3_2 + f1f2_2 + f4f9_38 + f5f8_38 + f6f7_38; + int64_t h4 = f0f4_2 + f1f3_4 + f2f2 + f5f9_76 + f6f8_38 + f7f7_38; + int64_t h5 = f0f5_2 + f1f4_2 + f2f3_2 + f6f9_38 + f7f8_38; + int64_t h6 = f0f6_2 + f1f5_4 + f2f4_2 + f3f3_2 + f7f9_76 + f8f8_19; + int64_t h7 = f0f7_2 + f1f6_2 + f2f5_2 + f3f4_2 + f8f9_38; + int64_t h8 = f0f8_2 + f1f7_4 + f2f6_2 + f3f5_4 + f4f4 + f9f9_38; + int64_t h9 = f0f9_2 + f1f8_2 + f2f7_2 + f3f6_2 + f4f5_2; + + int64_t carry0; + int64_t carry1; + int64_t carry2; + int64_t carry3; + int64_t carry4; + int64_t carry5; + int64_t carry6; + int64_t carry7; + int64_t carry8; + int64_t carry9; + + carry0 = (h0 + (int64_t)(1L << 25)) >> 26; + h1 += carry0; + h0 -= carry0 * ((uint64_t) 1L << 26); + carry4 = (h4 + (int64_t)(1L << 25)) >> 26; + h5 += carry4; + h4 -= carry4 * ((uint64_t) 1L << 26); + + carry1 = (h1 + (int64_t)(1L << 24)) >> 25; + h2 += carry1; + h1 -= carry1 * ((uint64_t) 1L << 25); + carry5 = (h5 + (int64_t)(1L << 24)) >> 25; + h6 += carry5; + h5 -= carry5 * ((uint64_t) 1L << 25); + + carry2 = (h2 + (int64_t)(1L << 25)) >> 26; + h3 += carry2; + h2 -= carry2 * ((uint64_t) 1L << 26); + carry6 = (h6 + (int64_t)(1L << 25)) >> 26; + h7 += carry6; + h6 -= carry6 * ((uint64_t) 1L << 26); + + carry3 = (h3 + (int64_t)(1L << 24)) >> 25; + h4 += carry3; + h3 -= carry3 * ((uint64_t) 1L << 25); + carry7 = (h7 + (int64_t)(1L << 24)) >> 25; + h8 += carry7; + h7 -= carry7 * ((uint64_t) 1L << 25); + + carry4 = (h4 + (int64_t)(1L << 25)) >> 26; + h5 += carry4; + h4 -= carry4 * ((uint64_t) 1L << 26); + carry8 = (h8 + (int64_t)(1L << 25)) >> 26; + h9 += carry8; + h8 -= carry8 * ((uint64_t) 1L << 26); + + carry9 = (h9 + (int64_t)(1L << 24)) >> 25; + h0 += carry9 * 19; + h9 -= carry9 * ((uint64_t) 1L << 25); + + carry0 = (h0 + (int64_t)(1L << 25)) >> 26; + h1 += carry0; + h0 -= carry0 * ((uint64_t) 1L << 26); + + h[0] = (int32_t) h0; + h[1] = (int32_t) h1; + h[2] = (int32_t) h2; + h[3] = (int32_t) h3; + h[4] = (int32_t) h4; + h[5] = (int32_t) h5; + h[6] = (int32_t) h6; + h[7] = (int32_t) h7; + h[8] = (int32_t) h8; + h[9] = (int32_t) h9; +} + +/* + h = 2 * f * f + Can overlap h with f. + * + Preconditions: + |f| bounded by 1.65*2^26,1.65*2^25,1.65*2^26,1.65*2^25,etc. + * + Postconditions: + |h| bounded by 1.01*2^25,1.01*2^24,1.01*2^25,1.01*2^24,etc. + */ + +static void +fe25519_sq2(fe25519 h, const fe25519 f) +{ + int32_t f0 = f[0]; + int32_t f1 = f[1]; + int32_t f2 = f[2]; + int32_t f3 = f[3]; + int32_t f4 = f[4]; + int32_t f5 = f[5]; + int32_t f6 = f[6]; + int32_t f7 = f[7]; + int32_t f8 = f[8]; + int32_t f9 = f[9]; + + int32_t f0_2 = 2 * f0; + int32_t f1_2 = 2 * f1; + int32_t f2_2 = 2 * f2; + int32_t f3_2 = 2 * f3; + int32_t f4_2 = 2 * f4; + int32_t f5_2 = 2 * f5; + int32_t f6_2 = 2 * f6; + int32_t f7_2 = 2 * f7; + int32_t f5_38 = 38 * f5; /* 1.959375*2^30 */ + int32_t f6_19 = 19 * f6; /* 1.959375*2^30 */ + int32_t f7_38 = 38 * f7; /* 1.959375*2^30 */ + int32_t f8_19 = 19 * f8; /* 1.959375*2^30 */ + int32_t f9_38 = 38 * f9; /* 1.959375*2^30 */ + + int64_t f0f0 = f0 * (int64_t) f0; + int64_t f0f1_2 = f0_2 * (int64_t) f1; + int64_t f0f2_2 = f0_2 * (int64_t) f2; + int64_t f0f3_2 = f0_2 * (int64_t) f3; + int64_t f0f4_2 = f0_2 * (int64_t) f4; + int64_t f0f5_2 = f0_2 * (int64_t) f5; + int64_t f0f6_2 = f0_2 * (int64_t) f6; + int64_t f0f7_2 = f0_2 * (int64_t) f7; + int64_t f0f8_2 = f0_2 * (int64_t) f8; + int64_t f0f9_2 = f0_2 * (int64_t) f9; + int64_t f1f1_2 = f1_2 * (int64_t) f1; + int64_t f1f2_2 = f1_2 * (int64_t) f2; + int64_t f1f3_4 = f1_2 * (int64_t) f3_2; + int64_t f1f4_2 = f1_2 * (int64_t) f4; + int64_t f1f5_4 = f1_2 * (int64_t) f5_2; + int64_t f1f6_2 = f1_2 * (int64_t) f6; + int64_t f1f7_4 = f1_2 * (int64_t) f7_2; + int64_t f1f8_2 = f1_2 * (int64_t) f8; + int64_t f1f9_76 = f1_2 * (int64_t) f9_38; + int64_t f2f2 = f2 * (int64_t) f2; + int64_t f2f3_2 = f2_2 * (int64_t) f3; + int64_t f2f4_2 = f2_2 * (int64_t) f4; + int64_t f2f5_2 = f2_2 * (int64_t) f5; + int64_t f2f6_2 = f2_2 * (int64_t) f6; + int64_t f2f7_2 = f2_2 * (int64_t) f7; + int64_t f2f8_38 = f2_2 * (int64_t) f8_19; + int64_t f2f9_38 = f2 * (int64_t) f9_38; + int64_t f3f3_2 = f3_2 * (int64_t) f3; + int64_t f3f4_2 = f3_2 * (int64_t) f4; + int64_t f3f5_4 = f3_2 * (int64_t) f5_2; + int64_t f3f6_2 = f3_2 * (int64_t) f6; + int64_t f3f7_76 = f3_2 * (int64_t) f7_38; + int64_t f3f8_38 = f3_2 * (int64_t) f8_19; + int64_t f3f9_76 = f3_2 * (int64_t) f9_38; + int64_t f4f4 = f4 * (int64_t) f4; + int64_t f4f5_2 = f4_2 * (int64_t) f5; + int64_t f4f6_38 = f4_2 * (int64_t) f6_19; + int64_t f4f7_38 = f4 * (int64_t) f7_38; + int64_t f4f8_38 = f4_2 * (int64_t) f8_19; + int64_t f4f9_38 = f4 * (int64_t) f9_38; + int64_t f5f5_38 = f5 * (int64_t) f5_38; + int64_t f5f6_38 = f5_2 * (int64_t) f6_19; + int64_t f5f7_76 = f5_2 * (int64_t) f7_38; + int64_t f5f8_38 = f5_2 * (int64_t) f8_19; + int64_t f5f9_76 = f5_2 * (int64_t) f9_38; + int64_t f6f6_19 = f6 * (int64_t) f6_19; + int64_t f6f7_38 = f6 * (int64_t) f7_38; + int64_t f6f8_38 = f6_2 * (int64_t) f8_19; + int64_t f6f9_38 = f6 * (int64_t) f9_38; + int64_t f7f7_38 = f7 * (int64_t) f7_38; + int64_t f7f8_38 = f7_2 * (int64_t) f8_19; + int64_t f7f9_76 = f7_2 * (int64_t) f9_38; + int64_t f8f8_19 = f8 * (int64_t) f8_19; + int64_t f8f9_38 = f8 * (int64_t) f9_38; + int64_t f9f9_38 = f9 * (int64_t) f9_38; + + int64_t h0 = f0f0 + f1f9_76 + f2f8_38 + f3f7_76 + f4f6_38 + f5f5_38; + int64_t h1 = f0f1_2 + f2f9_38 + f3f8_38 + f4f7_38 + f5f6_38; + int64_t h2 = f0f2_2 + f1f1_2 + f3f9_76 + f4f8_38 + f5f7_76 + f6f6_19; + int64_t h3 = f0f3_2 + f1f2_2 + f4f9_38 + f5f8_38 + f6f7_38; + int64_t h4 = f0f4_2 + f1f3_4 + f2f2 + f5f9_76 + f6f8_38 + f7f7_38; + int64_t h5 = f0f5_2 + f1f4_2 + f2f3_2 + f6f9_38 + f7f8_38; + int64_t h6 = f0f6_2 + f1f5_4 + f2f4_2 + f3f3_2 + f7f9_76 + f8f8_19; + int64_t h7 = f0f7_2 + f1f6_2 + f2f5_2 + f3f4_2 + f8f9_38; + int64_t h8 = f0f8_2 + f1f7_4 + f2f6_2 + f3f5_4 + f4f4 + f9f9_38; + int64_t h9 = f0f9_2 + f1f8_2 + f2f7_2 + f3f6_2 + f4f5_2; + + int64_t carry0; + int64_t carry1; + int64_t carry2; + int64_t carry3; + int64_t carry4; + int64_t carry5; + int64_t carry6; + int64_t carry7; + int64_t carry8; + int64_t carry9; + + h0 += h0; + h1 += h1; + h2 += h2; + h3 += h3; + h4 += h4; + h5 += h5; + h6 += h6; + h7 += h7; + h8 += h8; + h9 += h9; + + carry0 = (h0 + (int64_t)(1L << 25)) >> 26; + h1 += carry0; + h0 -= carry0 * ((uint64_t) 1L << 26); + carry4 = (h4 + (int64_t)(1L << 25)) >> 26; + h5 += carry4; + h4 -= carry4 * ((uint64_t) 1L << 26); + + carry1 = (h1 + (int64_t)(1L << 24)) >> 25; + h2 += carry1; + h1 -= carry1 * ((uint64_t) 1L << 25); + carry5 = (h5 + (int64_t)(1L << 24)) >> 25; + h6 += carry5; + h5 -= carry5 * ((uint64_t) 1L << 25); + + carry2 = (h2 + (int64_t)(1L << 25)) >> 26; + h3 += carry2; + h2 -= carry2 * ((uint64_t) 1L << 26); + carry6 = (h6 + (int64_t)(1L << 25)) >> 26; + h7 += carry6; + h6 -= carry6 * ((uint64_t) 1L << 26); + + carry3 = (h3 + (int64_t)(1L << 24)) >> 25; + h4 += carry3; + h3 -= carry3 * ((uint64_t) 1L << 25); + carry7 = (h7 + (int64_t)(1L << 24)) >> 25; + h8 += carry7; + h7 -= carry7 * ((uint64_t) 1L << 25); + + carry4 = (h4 + (int64_t)(1L << 25)) >> 26; + h5 += carry4; + h4 -= carry4 * ((uint64_t) 1L << 26); + carry8 = (h8 + (int64_t)(1L << 25)) >> 26; + h9 += carry8; + h8 -= carry8 * ((uint64_t) 1L << 26); + + carry9 = (h9 + (int64_t)(1L << 24)) >> 25; + h0 += carry9 * 19; + h9 -= carry9 * ((uint64_t) 1L << 25); + + carry0 = (h0 + (int64_t)(1L << 25)) >> 26; + h1 += carry0; + h0 -= carry0 * ((uint64_t) 1L << 26); + + h[0] = (int32_t) h0; + h[1] = (int32_t) h1; + h[2] = (int32_t) h2; + h[3] = (int32_t) h3; + h[4] = (int32_t) h4; + h[5] = (int32_t) h5; + h[6] = (int32_t) h6; + h[7] = (int32_t) h7; + h[8] = (int32_t) h8; + h[9] = (int32_t) h9; +} + +static void +fe25519_scalar_product(fe25519 h, const fe25519 f, uint32_t n) +{ + int64_t sn = (int64_t) n; + int32_t f0 = f[0]; + int32_t f1 = f[1]; + int32_t f2 = f[2]; + int32_t f3 = f[3]; + int32_t f4 = f[4]; + int32_t f5 = f[5]; + int32_t f6 = f[6]; + int32_t f7 = f[7]; + int32_t f8 = f[8]; + int32_t f9 = f[9]; + int64_t h0 = f0 * sn; + int64_t h1 = f1 * sn; + int64_t h2 = f2 * sn; + int64_t h3 = f3 * sn; + int64_t h4 = f4 * sn; + int64_t h5 = f5 * sn; + int64_t h6 = f6 * sn; + int64_t h7 = f7 * sn; + int64_t h8 = f8 * sn; + int64_t h9 = f9 * sn; + int64_t carry0, carry1, carry2, carry3, carry4, carry5, carry6, carry7, + carry8, carry9; + + carry9 = (h9 + ((int64_t) 1 << 24)) >> 25; + h0 += carry9 * 19; + h9 -= carry9 * ((int64_t) 1 << 25); + carry1 = (h1 + ((int64_t) 1 << 24)) >> 25; + h2 += carry1; + h1 -= carry1 * ((int64_t) 1 << 25); + carry3 = (h3 + ((int64_t) 1 << 24)) >> 25; + h4 += carry3; + h3 -= carry3 * ((int64_t) 1 << 25); + carry5 = (h5 + ((int64_t) 1 << 24)) >> 25; + h6 += carry5; + h5 -= carry5 * ((int64_t) 1 << 25); + carry7 = (h7 + ((int64_t) 1 << 24)) >> 25; + h8 += carry7; + h7 -= carry7 * ((int64_t) 1 << 25); + + carry0 = (h0 + ((int64_t) 1 << 25)) >> 26; + h1 += carry0; + h0 -= carry0 * ((int64_t) 1 << 26); + carry2 = (h2 + ((int64_t) 1 << 25)) >> 26; + h3 += carry2; + h2 -= carry2 * ((int64_t) 1 << 26); + carry4 = (h4 + ((int64_t) 1 << 25)) >> 26; + h5 += carry4; + h4 -= carry4 * ((int64_t) 1 << 26); + carry6 = (h6 + ((int64_t) 1 << 25)) >> 26; + h7 += carry6; + h6 -= carry6 * ((int64_t) 1 << 26); + carry8 = (h8 + ((int64_t) 1 << 25)) >> 26; + h9 += carry8; + h8 -= carry8 * ((int64_t) 1 << 26); + + h[0] = (int32_t) h0; + h[1] = (int32_t) h1; + h[2] = (int32_t) h2; + h[3] = (int32_t) h3; + h[4] = (int32_t) h4; + h[5] = (int32_t) h5; + h[6] = (int32_t) h6; + h[7] = (int32_t) h7; + h[8] = (int32_t) h8; + h[9] = (int32_t) h9; +} + +#if defined(__ORBIS__) || defined(__PROSPERO__) +#pragma clang diagnostic pop +#endif // #if defined(__ORBIS__) || defined(__PROSPERO__) + diff --git a/sodium/sodium_private_ed25519_ref10_fe_51.h b/sodium/sodium_private_ed25519_ref10_fe_51.h new file mode 100644 index 00000000..cf85d368 --- /dev/null +++ b/sodium/sodium_private_ed25519_ref10_fe_51.h @@ -0,0 +1,518 @@ +#include + +#include "sodium_private_common.h" +#include "sodium_utils.h" + +/* + h = 0 + */ + +static inline void +fe25519_0(fe25519 h) +{ + memset(&h[0], 0, 5 * sizeof h[0]); +} + +/* + h = 1 + */ + +static inline void +fe25519_1(fe25519 h) +{ + h[0] = 1; + memset(&h[1], 0, 4 * sizeof h[0]); +} + +/* + h = f + g + Can overlap h with f or g. + */ + +static inline void +fe25519_add(fe25519 h, const fe25519 f, const fe25519 g) +{ + uint64_t h0 = f[0] + g[0]; + uint64_t h1 = f[1] + g[1]; + uint64_t h2 = f[2] + g[2]; + uint64_t h3 = f[3] + g[3]; + uint64_t h4 = f[4] + g[4]; + + h[0] = h0; + h[1] = h1; + h[2] = h2; + h[3] = h3; + h[4] = h4; +} + +/* + h = f - g + */ + +static void +fe25519_sub(fe25519 h, const fe25519 f, const fe25519 g) +{ + const uint64_t mask = 0x7ffffffffffffULL; + uint64_t h0, h1, h2, h3, h4; + + h0 = g[0]; + h1 = g[1]; + h2 = g[2]; + h3 = g[3]; + h4 = g[4]; + + h1 += h0 >> 51; + h0 &= mask; + h2 += h1 >> 51; + h1 &= mask; + h3 += h2 >> 51; + h2 &= mask; + h4 += h3 >> 51; + h3 &= mask; + h0 += 19ULL * (h4 >> 51); + h4 &= mask; + + h0 = (f[0] + 0xfffffffffffdaULL) - h0; + h1 = (f[1] + 0xffffffffffffeULL) - h1; + h2 = (f[2] + 0xffffffffffffeULL) - h2; + h3 = (f[3] + 0xffffffffffffeULL) - h3; + h4 = (f[4] + 0xffffffffffffeULL) - h4; + + h[0] = h0; + h[1] = h1; + h[2] = h2; + h[3] = h3; + h[4] = h4; +} + +/* + h = -f + */ + +static inline void +fe25519_neg(fe25519 h, const fe25519 f) +{ + fe25519 zero; + + fe25519_0(zero); + fe25519_sub(h, zero, f); +} + +/* + Replace (f,g) with (g,g) if b == 1; + replace (f,g) with (f,g) if b == 0. + * + Preconditions: b in {0,1}. + */ + +static void +fe25519_cmov(fe25519 f, const fe25519 g, unsigned int b) +{ + const uint64_t mask = (uint64_t) (-(int64_t) b); + + uint64_t f0 = f[0]; + uint64_t f1 = f[1]; + uint64_t f2 = f[2]; + uint64_t f3 = f[3]; + uint64_t f4 = f[4]; + + uint64_t x0 = f0 ^ g[0]; + uint64_t x1 = f1 ^ g[1]; + uint64_t x2 = f2 ^ g[2]; + uint64_t x3 = f3 ^ g[3]; + uint64_t x4 = f4 ^ g[4]; + + x0 &= mask; + x1 &= mask; + x2 &= mask; + x3 &= mask; + x4 &= mask; + + f[0] = f0 ^ x0; + f[1] = f1 ^ x1; + f[2] = f2 ^ x2; + f[3] = f3 ^ x3; + f[4] = f4 ^ x4; +} + +/* +Replace (f,g) with (g,f) if b == 1; +replace (f,g) with (f,g) if b == 0. + +Preconditions: b in {0,1}. +*/ + +static void +fe25519_cswap(fe25519 f, fe25519 g, unsigned int b) +{ + const uint64_t mask = (uint64_t) (-(int64_t) b); + + uint64_t f0 = f[0]; + uint64_t f1 = f[1]; + uint64_t f2 = f[2]; + uint64_t f3 = f[3]; + uint64_t f4 = f[4]; + + uint64_t g0 = g[0]; + uint64_t g1 = g[1]; + uint64_t g2 = g[2]; + uint64_t g3 = g[3]; + uint64_t g4 = g[4]; + + uint64_t x0 = f0 ^ g0; + uint64_t x1 = f1 ^ g1; + uint64_t x2 = f2 ^ g2; + uint64_t x3 = f3 ^ g3; + uint64_t x4 = f4 ^ g4; + + x0 &= mask; + x1 &= mask; + x2 &= mask; + x3 &= mask; + x4 &= mask; + + f[0] = f0 ^ x0; + f[1] = f1 ^ x1; + f[2] = f2 ^ x2; + f[3] = f3 ^ x3; + f[4] = f4 ^ x4; + + g[0] = g0 ^ x0; + g[1] = g1 ^ x1; + g[2] = g2 ^ x2; + g[3] = g3 ^ x3; + g[4] = g4 ^ x4; +} + +/* + h = f + */ + +static inline void +fe25519_copy(fe25519 h, const fe25519 f) +{ + uint64_t f0 = f[0]; + uint64_t f1 = f[1]; + uint64_t f2 = f[2]; + uint64_t f3 = f[3]; + uint64_t f4 = f[4]; + + h[0] = f0; + h[1] = f1; + h[2] = f2; + h[3] = f3; + h[4] = f4; +} + +/* + return 1 if f is in {1,3,5,...,q-2} + return 0 if f is in {0,2,4,...,q-1} + */ + +static inline int +fe25519_isnegative(const fe25519 f) +{ + unsigned char s[32]; + + fe25519_tobytes(s, f); + + return s[0] & 1; +} + +/* + return 1 if f == 0 + return 0 if f != 0 + */ + +static inline int +fe25519_iszero(const fe25519 f) +{ + unsigned char s[32]; + + fe25519_tobytes(s, f); + + return sodium_is_zero(s, 32); +} + +/* + h = f * g + Can overlap h with f or g. + */ + +static void +fe25519_mul(fe25519 h, const fe25519 f, const fe25519 g) +{ + const uint64_t mask = 0x7ffffffffffffULL; + uint128_t r0, r1, r2, r3, r4, carry; + uint64_t f0, f1, f2, f3, f4; + uint64_t f1_19, f2_19, f3_19, f4_19; + uint64_t g0, g1, g2, g3, g4; + uint64_t r00, r01, r02, r03, r04; + + f0 = f[0]; + f1 = f[1]; + f2 = f[2]; + f3 = f[3]; + f4 = f[4]; + + g0 = g[0]; + g1 = g[1]; + g2 = g[2]; + g3 = g[3]; + g4 = g[4]; + + f1_19 = 19ULL * f1; + f2_19 = 19ULL * f2; + f3_19 = 19ULL * f3; + f4_19 = 19ULL * f4; + + r0 = ((uint128_t) f0 ) * ((uint128_t) g0); + r0 += ((uint128_t) f1_19) * ((uint128_t) g4); + r0 += ((uint128_t) f2_19) * ((uint128_t) g3); + r0 += ((uint128_t) f3_19) * ((uint128_t) g2); + r0 += ((uint128_t) f4_19) * ((uint128_t) g1); + + r1 = ((uint128_t) f0 ) * ((uint128_t) g1); + r1 += ((uint128_t) f1 ) * ((uint128_t) g0); + r1 += ((uint128_t) f2_19) * ((uint128_t) g4); + r1 += ((uint128_t) f3_19) * ((uint128_t) g3); + r1 += ((uint128_t) f4_19) * ((uint128_t) g2); + + r2 = ((uint128_t) f0 ) * ((uint128_t) g2); + r2 += ((uint128_t) f1 ) * ((uint128_t) g1); + r2 += ((uint128_t) f2 ) * ((uint128_t) g0); + r2 += ((uint128_t) f3_19) * ((uint128_t) g4); + r2 += ((uint128_t) f4_19) * ((uint128_t) g3); + + r3 = ((uint128_t) f0 ) * ((uint128_t) g3); + r3 += ((uint128_t) f1 ) * ((uint128_t) g2); + r3 += ((uint128_t) f2 ) * ((uint128_t) g1); + r3 += ((uint128_t) f3 ) * ((uint128_t) g0); + r3 += ((uint128_t) f4_19) * ((uint128_t) g4); + + r4 = ((uint128_t) f0 ) * ((uint128_t) g4); + r4 += ((uint128_t) f1 ) * ((uint128_t) g3); + r4 += ((uint128_t) f2 ) * ((uint128_t) g2); + r4 += ((uint128_t) f3 ) * ((uint128_t) g1); + r4 += ((uint128_t) f4 ) * ((uint128_t) g0); + + r00 = ((uint64_t) r0) & mask; + carry = r0 >> 51; + r1 += carry; + r01 = ((uint64_t) r1) & mask; + carry = r1 >> 51; + r2 += carry; + r02 = ((uint64_t) r2) & mask; + carry = r2 >> 51; + r3 += carry; + r03 = ((uint64_t) r3) & mask; + carry = r3 >> 51; + r4 += carry; + r04 = ((uint64_t) r4) & mask; + carry = r4 >> 51; + r00 += 19ULL * (uint64_t) carry; + carry = r00 >> 51; + r00 &= mask; + r01 += (uint64_t) carry; + carry = r01 >> 51; + r01 &= mask; + r02 += (uint64_t) carry; + + h[0] = r00; + h[1] = r01; + h[2] = r02; + h[3] = r03; + h[4] = r04; +} + +/* + h = f * f + Can overlap h with f. + */ + +static void +fe25519_sq(fe25519 h, const fe25519 f) +{ + const uint64_t mask = 0x7ffffffffffffULL; + uint128_t r0, r1, r2, r3, r4, carry; + uint64_t f0, f1, f2, f3, f4; + uint64_t f0_2, f1_2, f1_38, f2_38, f3_38, f3_19, f4_19; + uint64_t r00, r01, r02, r03, r04; + + f0 = f[0]; + f1 = f[1]; + f2 = f[2]; + f3 = f[3]; + f4 = f[4]; + + f0_2 = f0 << 1; + f1_2 = f1 << 1; + + f1_38 = 38ULL * f1; + f2_38 = 38ULL * f2; + f3_38 = 38ULL * f3; + + f3_19 = 19ULL * f3; + f4_19 = 19ULL * f4; + + r0 = ((uint128_t) f0 ) * ((uint128_t) f0); + r0 += ((uint128_t) f1_38) * ((uint128_t) f4); + r0 += ((uint128_t) f2_38) * ((uint128_t) f3); + + r1 = ((uint128_t) f0_2 ) * ((uint128_t) f1); + r1 += ((uint128_t) f2_38) * ((uint128_t) f4); + r1 += ((uint128_t) f3_19) * ((uint128_t) f3); + + r2 = ((uint128_t) f0_2 ) * ((uint128_t) f2); + r2 += ((uint128_t) f1 ) * ((uint128_t) f1); + r2 += ((uint128_t) f3_38) * ((uint128_t) f4); + + r3 = ((uint128_t) f0_2 ) * ((uint128_t) f3); + r3 += ((uint128_t) f1_2 ) * ((uint128_t) f2); + r3 += ((uint128_t) f4_19) * ((uint128_t) f4); + + r4 = ((uint128_t) f0_2 ) * ((uint128_t) f4); + r4 += ((uint128_t) f1_2 ) * ((uint128_t) f3); + r4 += ((uint128_t) f2 ) * ((uint128_t) f2); + + r00 = ((uint64_t) r0) & mask; + carry = r0 >> 51; + r1 += carry; + r01 = ((uint64_t) r1) & mask; + carry = r1 >> 51; + r2 += carry; + r02 = ((uint64_t) r2) & mask; + carry = r2 >> 51; + r3 += carry; + r03 = ((uint64_t) r3) & mask; + carry = r3 >> 51; + r4 += carry; + r04 = ((uint64_t) r4) & mask; + carry = r4 >> 51; + r00 += 19ULL * (uint64_t) carry; + carry = r00 >> 51; + r00 &= mask; + r01 += (uint64_t) carry; + carry = r01 >> 51; + r01 &= mask; + r02 += (uint64_t) carry; + + h[0] = r00; + h[1] = r01; + h[2] = r02; + h[3] = r03; + h[4] = r04; +} + +/* + h = 2 * f * f + Can overlap h with f. +*/ + +static void +fe25519_sq2(fe25519 h, const fe25519 f) +{ + const uint64_t mask = 0x7ffffffffffffULL; + uint128_t r0, r1, r2, r3, r4, carry; + uint64_t f0, f1, f2, f3, f4; + uint64_t f0_2, f1_2, f1_38, f2_38, f3_38, f3_19, f4_19; + uint64_t r00, r01, r02, r03, r04; + + f0 = f[0]; + f1 = f[1]; + f2 = f[2]; + f3 = f[3]; + f4 = f[4]; + + f0_2 = f0 << 1; + f1_2 = f1 << 1; + + f1_38 = 38ULL * f1; + f2_38 = 38ULL * f2; + f3_38 = 38ULL * f3; + + f3_19 = 19ULL * f3; + f4_19 = 19ULL * f4; + + r0 = ((uint128_t) f0 ) * ((uint128_t) f0); + r0 += ((uint128_t) f1_38) * ((uint128_t) f4); + r0 += ((uint128_t) f2_38) * ((uint128_t) f3); + + r1 = ((uint128_t) f0_2 ) * ((uint128_t) f1); + r1 += ((uint128_t) f2_38) * ((uint128_t) f4); + r1 += ((uint128_t) f3_19) * ((uint128_t) f3); + + r2 = ((uint128_t) f0_2 ) * ((uint128_t) f2); + r2 += ((uint128_t) f1 ) * ((uint128_t) f1); + r2 += ((uint128_t) f3_38) * ((uint128_t) f4); + + r3 = ((uint128_t) f0_2 ) * ((uint128_t) f3); + r3 += ((uint128_t) f1_2 ) * ((uint128_t) f2); + r3 += ((uint128_t) f4_19) * ((uint128_t) f4); + + r4 = ((uint128_t) f0_2 ) * ((uint128_t) f4); + r4 += ((uint128_t) f1_2 ) * ((uint128_t) f3); + r4 += ((uint128_t) f2 ) * ((uint128_t) f2); + + r0 <<= 1; + r1 <<= 1; + r2 <<= 1; + r3 <<= 1; + r4 <<= 1; + + r00 = ((uint64_t) r0) & mask; + carry = r0 >> 51; + r1 += carry; + r01 = ((uint64_t) r1) & mask; + carry = r1 >> 51; + r2 += carry; + r02 = ((uint64_t) r2) & mask; + carry = r2 >> 51; + r3 += carry; + r03 = ((uint64_t) r3) & mask; + carry = r3 >> 51; + r4 += carry; + r04 = ((uint64_t) r4) & mask; + carry = r4 >> 51; + r00 += 19ULL * (uint64_t) carry; + carry = r00 >> 51; + r00 &= mask; + r01 += (uint64_t) carry; + carry = r01 >> 51; + r01 &= mask; + r02 += (uint64_t) carry; + + h[0] = r00; + h[1] = r01; + h[2] = r02; + h[3] = r03; + h[4] = r04; +} + +static void +fe25519_scalar_product(fe25519 h, const fe25519 f, uint32_t n) +{ + const uint64_t mask = 0x7ffffffffffffULL; + uint128_t a; + uint128_t sn = (uint128_t) n; + uint64_t h0, h1, h2, h3, h4; + + a = f[0] * sn; + h0 = ((uint64_t) a) & mask; + a = f[1] * sn + ((uint64_t) (a >> 51)); + h1 = ((uint64_t) a) & mask; + a = f[2] * sn + ((uint64_t) (a >> 51)); + h2 = ((uint64_t) a) & mask; + a = f[3] * sn + ((uint64_t) (a >> 51)); + h3 = ((uint64_t) a) & mask; + a = f[4] * sn + ((uint64_t) (a >> 51)); + h4 = ((uint64_t) a) & mask; + + h0 += (a >> 51) * 19ULL; + + h[0] = h0; + h[1] = h1; + h[2] = h2; + h[3] = h3; + h[4] = h4; +} diff --git a/sodium/sodium_private_implementations.h b/sodium/sodium_private_implementations.h new file mode 100644 index 00000000..91c8be57 --- /dev/null +++ b/sodium/sodium_private_implementations.h @@ -0,0 +1,10 @@ +#ifndef implementations_H +#define implementations_H + +int _crypto_generichash_blake2b_pick_best_implementation(void); +int _crypto_onetimeauth_poly1305_pick_best_implementation(void); +int _crypto_scalarmult_curve25519_pick_best_implementation(void); +int _crypto_stream_chacha20_pick_best_implementation(void); +int _crypto_stream_salsa20_pick_best_implementation(void); + +#endif diff --git a/sodium/sodium_private_mutex.h b/sodium/sodium_private_mutex.h new file mode 100644 index 00000000..322b6742 --- /dev/null +++ b/sodium/sodium_private_mutex.h @@ -0,0 +1,7 @@ +#ifndef mutex_H +#define mutex_H 1 + +extern int sodium_crit_enter(void); +extern int sodium_crit_leave(void); + +#endif diff --git a/sodium/sodium_private_sse2_64_32.h b/sodium/sodium_private_sse2_64_32.h new file mode 100644 index 00000000..73a63d2d --- /dev/null +++ b/sodium/sodium_private_sse2_64_32.h @@ -0,0 +1,50 @@ +#ifndef sse2_64_32_H +#define sse2_64_32_H 1 + +#include "sodium_private_common.h" + +#ifdef HAVE_INTRIN_H +# include +#endif + +#if defined(HAVE_EMMINTRIN_H) && \ + !(defined(__amd64) || defined(__amd64__) || defined(__x86_64__) || \ + defined(_M_X64) || defined(_M_AMD64)) + +# include +# include + +# ifndef _mm_set_epi64x +# define _mm_set_epi64x(Q0, Q1) sodium__mm_set_epi64x((Q0), (Q1)) +static inline __m128i +sodium__mm_set_epi64x(int64_t q1, int64_t q0) +{ + union { int64_t as64; int32_t as32[2]; } x0, x1; + x0.as64 = q0; x1.as64 = q1; + return _mm_set_epi32(x1.as32[1], x1.as32[0], x0.as32[1], x0.as32[0]); +} +# endif + +# ifndef _mm_set1_epi64x +# define _mm_set1_epi64x(Q) sodium__mm_set1_epi64x(Q) +static inline __m128i +sodium__mm_set1_epi64x(int64_t q) +{ + return _mm_set_epi64x(q, q); +} +# endif + +# ifndef _mm_cvtsi64_si128 +# define _mm_cvtsi64_si128(Q) sodium__mm_cvtsi64_si128(Q) +static inline __m128i +sodium__mm_cvtsi64_si128(int64_t q) +{ + union { int64_t as64; int32_t as32[2]; } x; + x.as64 = q; + return _mm_setr_epi32(x.as32[0], x.as32[1], 0, 0); +} +# endif + +#endif + +#endif diff --git a/sodium/sodium_randombytes.c b/sodium/sodium_randombytes.c new file mode 100644 index 00000000..f6d3b222 --- /dev/null +++ b/sodium/sodium_randombytes.c @@ -0,0 +1,207 @@ + +#include +#include +#include +#include + +#include + +#ifdef __EMSCRIPTEN__ +# include +#endif + +#include "sodium_core.h" +#include "sodium_crypto_stream_chacha20.h" +#include "sodium_randombytes.h" +#ifdef RANDOMBYTES_DEFAULT_IMPLEMENTATION +# include "sodium_randombytes_default.h" +#else +# ifdef __native_client__ +# include "sodium_randombytes_nativeclient.h" +# else +# include "sodium_randombytes_sysrandom.h" +# endif +#endif +#include "sodium_private_common.h" +#include + +/* C++Builder defines a "random" macro */ +#undef random + +static const randombytes_implementation *implementation; + +#ifndef RANDOMBYTES_DEFAULT_IMPLEMENTATION +# ifdef __EMSCRIPTEN__ +# define RANDOMBYTES_DEFAULT_IMPLEMENTATION NULL +# else +# ifdef __native_client__ +# define RANDOMBYTES_DEFAULT_IMPLEMENTATION &randombytes_nativeclient_implementation; +# else +# define RANDOMBYTES_DEFAULT_IMPLEMENTATION &randombytes_sysrandom_implementation; +# endif +# endif +#endif + +static void +randombytes_init_if_needed(void) +{ + if (implementation == NULL) { + implementation = RANDOMBYTES_DEFAULT_IMPLEMENTATION; + randombytes_stir(); + } +} + +int +randombytes_set_implementation(randombytes_implementation *impl) +{ + implementation = impl; + + return 0; +} + +const char * +randombytes_implementation_name(void) +{ +#ifndef __EMSCRIPTEN__ + randombytes_init_if_needed(); + return implementation->implementation_name(); +#else + return "js"; +#endif +} + +uint32_t +randombytes_random(void) +{ +#ifndef __EMSCRIPTEN__ + randombytes_init_if_needed(); + return implementation->random(); +#else + return EM_ASM_INT_V({ + return Module.getRandomValue(); + }); +#endif +} + +void +randombytes_stir(void) +{ +#ifndef __EMSCRIPTEN__ + randombytes_init_if_needed(); + if (implementation->stir != NULL) { + implementation->stir(); + } +#else + EM_ASM({ + if (Module.getRandomValue === undefined) { + try { + var window_ = 'object' === typeof window ? window : self; + var crypto_ = typeof window_.crypto !== 'undefined' ? window_.crypto : window_.msCrypto; + var randomValuesStandard = function() { + var buf = new Uint32Array(1); + crypto_.getRandomValues(buf); + return buf[0] >>> 0; + }; + randomValuesStandard(); + Module.getRandomValue = randomValuesStandard; + } catch (e) { + try { + var crypto = require('crypto'); + var randomValueNodeJS = function() { + var buf = crypto['randomBytes'](4); + return (buf[0] << 24 | buf[1] << 16 | buf[2] << 8 | buf[3]) >>> 0; + }; + randomValueNodeJS(); + Module.getRandomValue = randomValueNodeJS; + } catch (e) { + throw 'No secure random number generator found'; + } + } + } + }); +#endif +} + +uint32_t +randombytes_uniform(const uint32_t upper_bound) +{ + uint32_t min; + uint32_t r; + +#ifndef __EMSCRIPTEN__ + randombytes_init_if_needed(); + if (implementation->uniform != NULL) { + return implementation->uniform(upper_bound); + } +#endif + if (upper_bound < 2) { + return 0; + } + min = (1U + ~upper_bound) % upper_bound; /* = 2**32 mod upper_bound */ + do { + r = randombytes_random(); + } while (r < min); + /* r is now clamped to a set whose size mod upper_bound == 0 + * the worst case (2**31+1) requires ~ 2 attempts */ + + return r % upper_bound; +} + +void +randombytes_buf(void * const buf, const size_t size) +{ +#ifndef __EMSCRIPTEN__ + randombytes_init_if_needed(); + if (size > (size_t) 0U) { + implementation->buf(buf, size); + } +#else + unsigned char *p = (unsigned char *) buf; + size_t i; + + for (i = (size_t) 0U; i < size; i++) { + p[i] = (unsigned char) randombytes_random(); + } +#endif +} + +void +randombytes_buf_deterministic(void * const buf, const size_t size, + const unsigned char seed[randombytes_SEEDBYTES]) +{ + static const unsigned char nonce[crypto_stream_chacha20_ietf_NONCEBYTES] = { + 'L', 'i', 'b', 's', 'o', 'd', 'i', 'u', 'm', 'D', 'R', 'G' + }; + + COMPILER_ASSERT(randombytes_SEEDBYTES == crypto_stream_chacha20_ietf_KEYBYTES); +#if SIZE_MAX > 0x4000000000ULL + COMPILER_ASSERT(randombytes_BYTES_MAX <= 0x4000000000ULL); + if (size > 0x4000000000ULL) { + sodium_misuse(); + } +#endif + crypto_stream_chacha20_ietf((unsigned char *) buf, (unsigned long long) size, + nonce, seed); +} + +size_t +randombytes_seedbytes(void) +{ + return randombytes_SEEDBYTES; +} + +int +randombytes_close(void) +{ + if (implementation != NULL && implementation->close != NULL) { + return implementation->close(); + } + return 0; +} + +void +randombytes(unsigned char * const buf, const unsigned long long buf_len) +{ + assert(buf_len <= SIZE_MAX); + randombytes_buf(buf, (size_t) buf_len); +} diff --git a/windows/sodium/randombytes.h b/sodium/sodium_randombytes.h similarity index 79% rename from windows/sodium/randombytes.h rename to sodium/sodium_randombytes.h index d112fb29..45ef9ae6 100644 --- a/windows/sodium/randombytes.h +++ b/sodium/sodium_randombytes.h @@ -7,7 +7,7 @@ #include -#include "export.h" +#include "sodium_export.h" #ifdef __cplusplus # ifdef __GNUC__ @@ -25,39 +25,35 @@ typedef struct randombytes_implementation { int (*close)(void); /* optional */ } randombytes_implementation; +#define randombytes_BYTES_MAX SODIUM_MIN(SODIUM_SIZE_MAX, 0xffffffffUL) + #define randombytes_SEEDBYTES 32U -SODIUM_EXPORT size_t randombytes_seedbytes(void); -SODIUM_EXPORT -void randombytes_buf(void * const buf, const size_t size); +void randombytes_buf(void * const buf, const size_t size) + __attribute__ ((nonnull)); -SODIUM_EXPORT void randombytes_buf_deterministic(void * const buf, const size_t size, - const unsigned char seed[randombytes_SEEDBYTES]); + const unsigned char seed[randombytes_SEEDBYTES]) + __attribute__ ((nonnull)); -SODIUM_EXPORT uint32_t randombytes_random(void); -SODIUM_EXPORT uint32_t randombytes_uniform(const uint32_t upper_bound); -SODIUM_EXPORT void randombytes_stir(void); -SODIUM_EXPORT int randombytes_close(void); -SODIUM_EXPORT -int randombytes_set_implementation(randombytes_implementation *impl); +int randombytes_set_implementation(randombytes_implementation *impl) + __attribute__ ((nonnull)); -SODIUM_EXPORT const char *randombytes_implementation_name(void); /* -- NaCl compatibility interface -- */ -SODIUM_EXPORT -void randombytes(unsigned char * const buf, const unsigned long long buf_len); +void randombytes(unsigned char * const buf, const unsigned long long buf_len) + __attribute__ ((nonnull)); #ifdef __cplusplus } diff --git a/sodium/sodium_randombytes_nativeclient.h b/sodium/sodium_randombytes_nativeclient.h new file mode 100644 index 00000000..70457ff5 --- /dev/null +++ b/sodium/sodium_randombytes_nativeclient.h @@ -0,0 +1,22 @@ + +#ifndef randombytes_nativeclient_H +#define randombytes_nativeclient_H + +#ifdef __native_client__ + +# include "sodium_export.h" +# include "sodium_randombytes.h" + +# ifdef __cplusplus +extern "C" { +# endif + +extern struct randombytes_implementation randombytes_nativeclient_implementation; + +# ifdef __cplusplus +} +# endif + +#endif + +#endif diff --git a/sodium/sodium_randombytes_salsa20_random.c b/sodium/sodium_randombytes_salsa20_random.c new file mode 100644 index 00000000..2cf65f5d --- /dev/null +++ b/sodium/sodium_randombytes_salsa20_random.c @@ -0,0 +1,568 @@ + +#include +#include +#include +#include +#include +#include +#include +#include +#if !defined(_MSC_VER) && !defined(__BORLANDC__) +# include +#endif + +#include +#ifndef _WIN32 +# include +# include +#endif +#ifdef __linux__ +# ifdef __dietlibc__ +# define _LINUX_SOURCE +# include +# define HAVE_LINUX_COMPATIBLE_GETRANDOM +# else /* __dietlibc__ */ +# include +# if defined(SYS_getrandom) && defined(__NR_getrandom) +# define getrandom(B, S, F) syscall(SYS_getrandom, (B), (int) (S), (F)) +# define HAVE_LINUX_COMPATIBLE_GETRANDOM +# endif +# endif /* __dietlibc__ */ +#elif defined(__FreeBSD__) +# include +# if defined(__FreeBSD_version) && __FreeBSD_version >= 1200000 +# include +# define HAVE_LINUX_COMPATIBLE_GETRANDOM +# endif +#endif +#if !defined(NO_BLOCKING_RANDOM_POLL) && defined(__linux__) +# define BLOCK_ON_DEV_RANDOM +#endif +#ifdef BLOCK_ON_DEV_RANDOM +# include +#endif +#ifdef HAVE_RDRAND +# pragma GCC target("rdrnd") +# include +#endif + +#include "sodium_core.h" +#include "sodium_crypto_core_salsa20.h" +#include "sodium_crypto_stream_salsa20.h" +#include "sodium_private_common.h" +#include "sodium_randombytes.h" +#include "sodium_randombytes_salsa20_random.h" +#include "sodium_runtime.h" +#include "sodium_utils.h" + +#ifdef _WIN32 +# include +# include +# define RtlGenRandom SystemFunction036 +# if defined(__cplusplus) +extern "C" +# endif +#if !defined(_XBOX_ONE) && !defined(_GAMING_XBOX) +BOOLEAN NTAPI RtlGenRandom(PVOID RandomBuffer, ULONG RandomBufferLength); +# pragma comment(lib, "advapi32.lib") +#endif +# ifdef __BORLANDC__ +# define _ftime ftime +# define _timeb timeb +# endif +#endif + +#define SALSA20_RANDOM_BLOCK_SIZE crypto_core_salsa20_OUTPUTBYTES + +#if defined(__OpenBSD__) || defined(__CloudABI__) +# define HAVE_SAFE_ARC4RANDOM 1 +#endif + +#ifndef SSIZE_MAX +# define SSIZE_MAX (SIZE_MAX / 2 - 1) +#endif +#ifndef S_ISNAM +# ifdef __COMPCERT__ +# define S_ISNAM(X) 1 +# else +# define S_ISNAM(X) 0 +# endif +#endif + +#ifndef TLS +# ifdef _WIN32 +# define TLS __declspec(thread) +# else +# define TLS +# endif +#endif + +typedef struct Salsa20RandomGlobal_ { + int initialized; + int random_data_source_fd; + int getrandom_available; + int rdrand_available; +#ifdef HAVE_GETPID + pid_t pid; +#endif +} Salsa20RandomGlobal; + +typedef struct Salsa20Random_ { + int initialized; + size_t rnd32_outleft; + unsigned char key[crypto_stream_salsa20_KEYBYTES]; + unsigned char rnd32[16U * SALSA20_RANDOM_BLOCK_SIZE]; + uint64_t nonce; +} Salsa20Random; + +static Salsa20RandomGlobal global; + +static TLS Salsa20Random stream; + +/* + * Get a high-resolution timestamp, as a uint64_t value + */ + +#ifdef _WIN32 +static uint64_t +sodium_hrtime(void) +{ + struct _timeb tb; +# pragma warning(push) +# pragma warning(disable: 4996) + _ftime(&tb); +# pragma warning(pop) + return ((uint64_t) tb.time) * 1000000U + ((uint64_t) tb.millitm) * 1000U; +} + +#else /* _WIN32 */ + +static uint64_t +sodium_hrtime(void) +{ + struct timeval tv; + + if (gettimeofday(&tv, NULL) != 0) { + sodium_misuse(); /* LCOV_EXCL_LINE */ + } + return ((uint64_t) tv.tv_sec) * 1000000U + (uint64_t) tv.tv_usec; +} +#endif + +/* + * Initialize the entropy source + */ + +#ifdef _WIN32 + +static void +randombytes_salsa20_random_init(void) +{ + global.rdrand_available = sodium_runtime_has_rdrand(); +} + +#else /* _WIN32 */ + +static ssize_t +safe_read(const int fd, void * const buf_, size_t size) +{ + unsigned char *buf = (unsigned char *) buf_; + ssize_t readnb; + + assert(size > (size_t) 0U); + assert(size <= SSIZE_MAX); + do { + while ((readnb = read(fd, buf, size)) < (ssize_t) 0 && + (errno == EINTR || errno == EAGAIN)); /* LCOV_EXCL_LINE */ + if (readnb < (ssize_t) 0) { + return readnb; /* LCOV_EXCL_LINE */ + } + if (readnb == (ssize_t) 0) { + break; /* LCOV_EXCL_LINE */ + } + size -= (size_t) readnb; + buf += readnb; + } while (size > (ssize_t) 0); + + return (ssize_t) (buf - (unsigned char *) buf_); +} + +# ifdef BLOCK_ON_DEV_RANDOM +static int +randombytes_block_on_dev_random(void) +{ + struct pollfd pfd; + int fd; + int pret; + + fd = open("/dev/random", O_RDONLY); + if (fd == -1) { + return 0; + } + pfd.fd = fd; + pfd.events = POLLIN; + pfd.revents = 0; + do { + pret = poll(&pfd, 1, -1); + } while (pret < 0 && (errno == EINTR || errno == EAGAIN)); + if (pret != 1) { + (void) close(fd); + errno = EIO; + return -1; + } + return close(fd); +} +# endif + +# ifndef HAVE_SAFE_ARC4RANDOM +static int +randombytes_salsa20_random_random_dev_open(void) +{ +/* LCOV_EXCL_START */ + struct stat st; + static const char *devices[] = { +# ifndef USE_BLOCKING_RANDOM + "/dev/urandom", +# endif + "/dev/random", NULL + }; + const char **device = devices; + int fd; + +# ifdef BLOCK_ON_DEV_RANDOM + if (randombytes_block_on_dev_random() != 0) { + return -1; + } +# endif + do { + fd = open(*device, O_RDONLY); + if (fd != -1) { + if (fstat(fd, &st) == 0 && (S_ISNAM(st.st_mode) || S_ISCHR(st.st_mode))) { +# if defined(F_SETFD) && defined(FD_CLOEXEC) && !defined(NN_NINTENDO_SDK) + (void) fcntl(fd, F_SETFD, fcntl(fd, F_GETFD) | FD_CLOEXEC); +# endif + return fd; + } + (void) close(fd); + } else if (errno == EINTR) { + continue; + } + device++; + } while (*device != NULL); + + errno = EIO; + return -1; +/* LCOV_EXCL_STOP */ +} +# endif + +# ifdef HAVE_LINUX_COMPATIBLE_GETRANDOM +static int +_randombytes_linux_getrandom(void * const buf, const size_t size) +{ + int readnb; + + assert(size <= 256U); + do { + readnb = getrandom(buf, size, 0); + } while (readnb < 0 && (errno == EINTR || errno == EAGAIN)); + + return (readnb == (int) size) - 1; +} + +static int +randombytes_linux_getrandom(void * const buf_, size_t size) +{ + unsigned char *buf = (unsigned char *) buf_; + size_t chunk_size = 256U; + + do { + if (size < chunk_size) { + chunk_size = size; + assert(chunk_size > (size_t) 0U); + } + if (_randombytes_linux_getrandom(buf, chunk_size) != 0) { + return -1; + } + size -= chunk_size; + buf += chunk_size; + } while (size > (size_t) 0U); + + return 0; +} +# endif + +static void +randombytes_salsa20_random_init(void) +{ + const int errno_save = errno; + + global.rdrand_available = sodium_runtime_has_rdrand(); + +# ifdef HAVE_SAFE_ARC4RANDOM + errno = errno_save; +# else + +# ifdef HAVE_LINUX_COMPATIBLE_GETRANDOM + { + unsigned char fodder[16]; + + if (randombytes_linux_getrandom(fodder, sizeof fodder) == 0) { + global.getrandom_available = 1; + errno = errno_save; + return; + } + global.getrandom_available = 0; + } +# endif /* HAVE_LINUX_COMPATIBLE_GETRANDOM */ + + if ((global.random_data_source_fd = + randombytes_salsa20_random_random_dev_open()) == -1) { + sodium_misuse(); /* LCOV_EXCL_LINE */ + } + errno = errno_save; +# endif /* HAVE_SAFE_ARC4RANDOM */ +} + +#endif /* _WIN32 */ + +/* + * (Re)seed the generator using the entropy source + */ + +static void +randombytes_salsa20_random_stir(void) +{ + stream.nonce = sodium_hrtime(); + assert(stream.nonce != (uint64_t) 0U); + memset(stream.rnd32, 0, sizeof stream.rnd32); + stream.rnd32_outleft = (size_t) 0U; + if (global.initialized == 0) { + randombytes_salsa20_random_init(); + global.initialized = 1; + } +#ifdef HAVE_GETPID + global.pid = getpid(); +#endif + +#ifndef _WIN32 + +# ifdef HAVE_SAFE_ARC4RANDOM + arc4random_buf(stream.key, sizeof stream.key); +# elif defined(HAVE_LINUX_COMPATIBLE_GETRANDOM) + if (global.getrandom_available != 0) { + if (randombytes_linux_getrandom(stream.key, sizeof stream.key) != 0) { + sodium_misuse(); /* LCOV_EXCL_LINE */ + } + } else if (global.random_data_source_fd == -1 || + safe_read(global.random_data_source_fd, stream.key, + sizeof stream.key) != (ssize_t) sizeof stream.key) { + sodium_misuse(); /* LCOV_EXCL_LINE */ + } +# else + if (global.random_data_source_fd == -1 || + safe_read(global.random_data_source_fd, stream.key, + sizeof stream.key) != (ssize_t) sizeof stream.key) { + sodium_misuse(); /* LCOV_EXCL_LINE */ + } +# endif + +#else /* _WIN32 */ +#if !defined(_XBOX_ONE) && !defined(_GAMING_XBOX) + if (! RtlGenRandom((PVOID) stream.key, (ULONG) sizeof stream.key)) { + sodium_misuse(); /* LCOV_EXCL_LINE */ + } +#endif +#endif + + stream.initialized = 1; +} + +/* + * Reseed the generator if it hasn't been initialized yet + */ + +static void +randombytes_salsa20_random_stir_if_needed(void) +{ +#ifdef HAVE_GETPID + if (stream.initialized == 0) { + randombytes_salsa20_random_stir(); + } else if (global.pid != getpid()) { + sodium_misuse(); /* LCOV_EXCL_LINE */ + } +#else + if (stream.initialized == 0) { + randombytes_salsa20_random_stir(); + } +#endif +} + +/* + * Close the stream, free global resources + */ + +#ifdef _WIN32 +static int +randombytes_salsa20_random_close(void) +{ + int ret = -1; + + if (global.initialized != 0) { + global.initialized = 0; + ret = 0; + } + sodium_memzero(&stream, sizeof stream); + + return ret; +} +#else +static int +randombytes_salsa20_random_close(void) +{ + int ret = -1; + + if (global.random_data_source_fd != -1 && + close(global.random_data_source_fd) == 0) { + global.random_data_source_fd = -1; + global.initialized = 0; +# ifdef HAVE_GETPID + global.pid = (pid_t) 0; +# endif + ret = 0; + } + +# ifdef HAVE_SAFE_ARC4RANDOM + ret = 0; +# endif + +# ifdef HAVE_LINUX_COMPATIBLE_GETRANDOM + if (global.getrandom_available != 0) { + ret = 0; + } +# endif + + sodium_memzero(&stream, sizeof stream); + + return ret; +} +#endif + +/* + * RDRAND is only used to mitigate prediction if a key is compromised + */ + +static void +randombytes_salsa20_random_xorhwrand(void) +{ +/* LCOV_EXCL_START */ +#ifdef HAVE_RDRAND + unsigned int r; + + if (global.rdrand_available == 0) { + return; + } + (void) _rdrand32_step(&r); + * (uint32_t *) (void *) + &stream.key[crypto_stream_salsa20_KEYBYTES - 4] ^= (uint32_t) r; +#endif +/* LCOV_EXCL_STOP */ +} + +/* + * XOR the key with another same-length secret + */ + +static inline void +randombytes_salsa20_random_xorkey(const unsigned char * const mix) +{ + unsigned char *key = stream.key; + size_t i; + + for (i = (size_t) 0U; i < sizeof stream.key; i++) { + key[i] ^= mix[i]; + } +} + +/* + * Put `size` random bytes into `buf` and overwrite the key + */ + +static void +randombytes_salsa20_random_buf(void * const buf, const size_t size) +{ + size_t i; + int ret; + (void) ret; + + randombytes_salsa20_random_stir_if_needed(); + COMPILER_ASSERT(sizeof stream.nonce == crypto_stream_salsa20_NONCEBYTES); +#if defined(ULLONG_MAX) && defined(SIZE_MAX) +# if SIZE_MAX > ULLONG_MAX + /* coverity[result_independent_of_operands] */ + assert(size <= ULLONG_MAX); +# endif +#endif + ret = crypto_stream_salsa20((unsigned char *) buf, (unsigned long long) size, + (unsigned char *) &stream.nonce, stream.key); + assert(ret == 0); + for (i = 0U; i < sizeof size; i++) { + stream.key[i] ^= ((const unsigned char *) (const void *) &size)[i]; + } + randombytes_salsa20_random_xorhwrand(); + stream.nonce++; + crypto_stream_salsa20_xor(stream.key, stream.key, sizeof stream.key, + (unsigned char *) &stream.nonce, stream.key); +} + +/* + * Pop a 32-bit value from the random pool + * + * Overwrite the key after the pool gets refilled. + */ + +static uint32_t +randombytes_salsa20_random(void) +{ + uint32_t val; + int ret; + (void) ret; + + COMPILER_ASSERT(sizeof stream.rnd32 >= (sizeof stream.key) + (sizeof val)); + COMPILER_ASSERT(((sizeof stream.rnd32) - (sizeof stream.key)) + % sizeof val == (size_t) 0U); + if (stream.rnd32_outleft <= (size_t) 0U) { + randombytes_salsa20_random_stir_if_needed(); + COMPILER_ASSERT(sizeof stream.nonce == crypto_stream_salsa20_NONCEBYTES); + ret = crypto_stream_salsa20((unsigned char *) stream.rnd32, + (unsigned long long) sizeof stream.rnd32, + (unsigned char *) &stream.nonce, + stream.key); + assert(ret == 0); + stream.rnd32_outleft = (sizeof stream.rnd32) - (sizeof stream.key); + randombytes_salsa20_random_xorhwrand(); + randombytes_salsa20_random_xorkey(&stream.rnd32[stream.rnd32_outleft]); + memset(&stream.rnd32[stream.rnd32_outleft], 0, sizeof stream.key); + stream.nonce++; + } + stream.rnd32_outleft -= sizeof val; + memcpy(&val, &stream.rnd32[stream.rnd32_outleft], sizeof val); + memset(&stream.rnd32[stream.rnd32_outleft], 0, sizeof val); + + return val; +} + +static const char * +randombytes_salsa20_implementation_name(void) +{ + return "salsa20"; +} + +struct randombytes_implementation randombytes_salsa20_implementation = { + SODIUM_C99(.implementation_name =) randombytes_salsa20_implementation_name, + SODIUM_C99(.random =) randombytes_salsa20_random, + SODIUM_C99(.stir =) randombytes_salsa20_random_stir, + SODIUM_C99(.uniform =) NULL, + SODIUM_C99(.buf =) randombytes_salsa20_random_buf, + SODIUM_C99(.close =) randombytes_salsa20_random_close +}; diff --git a/windows/sodium/randombytes_salsa20_random.h b/sodium/sodium_randombytes_salsa20_random.h similarity index 79% rename from windows/sodium/randombytes_salsa20_random.h rename to sodium/sodium_randombytes_salsa20_random.h index 4deae15b..f636f160 100644 --- a/windows/sodium/randombytes_salsa20_random.h +++ b/sodium/sodium_randombytes_salsa20_random.h @@ -2,14 +2,13 @@ #ifndef randombytes_salsa20_random_H #define randombytes_salsa20_random_H -#include "export.h" -#include "randombytes.h" +#include "sodium_export.h" +#include "sodium_randombytes.h" #ifdef __cplusplus extern "C" { #endif -SODIUM_EXPORT extern struct randombytes_implementation randombytes_salsa20_implementation; #ifdef __cplusplus diff --git a/sodium/sodium_randombytes_sysrandom.c b/sodium/sodium_randombytes_sysrandom.c new file mode 100644 index 00000000..0b5c3a11 --- /dev/null +++ b/sodium/sodium_randombytes_sysrandom.c @@ -0,0 +1,422 @@ + +#include +#include +#include +#include +#include +#include +#ifndef _WIN32 +# include +#endif + +#include +#include +#ifndef _WIN32 +# include +# include +#endif +#ifdef __linux__ +# ifdef __dietlibc__ +# define _LINUX_SOURCE +# include +# define HAVE_LINUX_COMPATIBLE_GETRANDOM +# else /* __dietlibc__ */ +# include +# if defined(SYS_getrandom) && defined(__NR_getrandom) +# define getrandom(B, S, F) syscall(SYS_getrandom, (B), (int) (S), (F)) +# define HAVE_LINUX_COMPATIBLE_GETRANDOM +# endif +# endif /* __dietlibc */ +#elif defined(__FreeBSD__) +# include +# if defined(__FreeBSD_version) && __FreeBSD_version >= 1200000 +# include +# define HAVE_LINUX_COMPATIBLE_GETRANDOM +# endif +#endif +#if !defined(NO_BLOCKING_RANDOM_POLL) && defined(__linux__) +# define BLOCK_ON_DEV_RANDOM +#endif +#ifdef BLOCK_ON_DEV_RANDOM +# include +#endif + +#include "sodium_core.h" +#include "sodium_private_common.h" +#include "sodium_randombytes.h" +#include "sodium_randombytes_sysrandom.h" +#include "sodium_utils.h" + +#ifdef _WIN32 +/* `RtlGenRandom` is used over `CryptGenRandom` on Microsoft Windows based systems: + * - `CryptGenRandom` requires pulling in `CryptoAPI` which causes unnecessary + * memory overhead if this API is not being used for other purposes + * - `RtlGenRandom` is thus called directly instead. A detailed explanation + * can be found here: https://blogs.msdn.microsoft.com/michael_howard/2005/01/14/cryptographically-secure-random-number-on-windows-without-using-cryptoapi/ + * + * In spite of the disclaimer on the `RtlGenRandom` documentation page that was + * written back in the Windows XP days, this function is here to stay. The CRT + * function `rand_s()` directly depends on it, so touching it would break many + * applications released since Windows XP. + * + * Also note that Rust, Firefox and BoringSSL (thus, Google Chrome and everything + * based on Chromium) also depend on it, and that libsodium allows the RNG to be + * replaced without patching nor recompiling the library. + */ +# include +# define RtlGenRandom SystemFunction036 +# if defined(__cplusplus) +extern "C" +# endif +# if !defined(_XBOX_ONE) && !defined(_GAMING_XBOX) +BOOLEAN NTAPI RtlGenRandom(PVOID RandomBuffer, ULONG RandomBufferLength); +# pragma comment(lib, "advapi32.lib") +# endif +#endif + +#if defined(__OpenBSD__) || defined(__CloudABI__) +# define HAVE_SAFE_ARC4RANDOM 1 +#endif + +#ifndef SSIZE_MAX +# define SSIZE_MAX (SIZE_MAX / 2 - 1) +#endif + +#ifdef HAVE_SAFE_ARC4RANDOM + +static uint32_t +randombytes_sysrandom(void) +{ + return arc4random(); +} + +static void +randombytes_sysrandom_stir(void) +{ +} + +static void +randombytes_sysrandom_buf(void * const buf, const size_t size) +{ + arc4random_buf(buf, size); +} + +static int +randombytes_sysrandom_close(void) +{ + return 0; +} + +#elif defined(__ORBIS__) || defined(__PROSPERO__) + +static uint32_t +randombytes_sysrandom(void) +{ + return 0; +} + +static void +randombytes_sysrandom_stir(void) +{ +} + +static void +randombytes_sysrandom_buf(void * const buf, const size_t size) +{ +} + +static int +randombytes_sysrandom_close(void) +{ + return 0; +} + +#else /* __OpenBSD__ */ + +typedef struct SysRandom_ { + int random_data_source_fd; + int initialized; + int getrandom_available; +} SysRandom; + +static SysRandom stream = { + SODIUM_C99(.random_data_source_fd =) -1, + SODIUM_C99(.initialized =) 0, + SODIUM_C99(.getrandom_available =) 0 +}; + +# ifndef _WIN32 +static ssize_t +safe_read(const int fd, void * const buf_, size_t size) +{ + unsigned char *buf = (unsigned char *) buf_; + ssize_t readnb; + + assert(size > (size_t) 0U); + assert(size <= SSIZE_MAX); + do { + while ((readnb = read(fd, buf, size)) < (ssize_t) 0 && + (errno == EINTR || errno == EAGAIN)); /* LCOV_EXCL_LINE */ + if (readnb < (ssize_t) 0) { + return readnb; /* LCOV_EXCL_LINE */ + } + if (readnb == (ssize_t) 0) { + break; /* LCOV_EXCL_LINE */ + } + size -= (size_t) readnb; + buf += readnb; + } while (size > (ssize_t) 0); + + return (ssize_t) (buf - (unsigned char *) buf_); +} + +# ifdef BLOCK_ON_DEV_RANDOM +static int +randombytes_block_on_dev_random(void) +{ + struct pollfd pfd; + int fd; + int pret; + + fd = open("/dev/random", O_RDONLY); + if (fd == -1) { + return 0; + } + pfd.fd = fd; + pfd.events = POLLIN; + pfd.revents = 0; + do { + pret = poll(&pfd, 1, -1); + } while (pret < 0 && (errno == EINTR || errno == EAGAIN)); + if (pret != 1) { + (void) close(fd); + errno = EIO; + return -1; + } + return close(fd); +} +# endif /* BLOCK_ON_DEV_RANDOM */ + +static int +randombytes_sysrandom_random_dev_open(void) +{ +/* LCOV_EXCL_START */ + struct stat st; + static const char *devices[] = { +# ifndef USE_BLOCKING_RANDOM + "/dev/urandom", +# endif + "/dev/random", NULL + }; + const char **device = devices; + int fd; + +# ifdef BLOCK_ON_DEV_RANDOM + if (randombytes_block_on_dev_random() != 0) { + return -1; + } +# endif + do { + fd = open(*device, O_RDONLY); + if (fd != -1) { + if (fstat(fd, &st) == 0 && +# ifdef __COMPCERT__ + 1 +# elif defined(S_ISNAM) + (S_ISNAM(st.st_mode) || S_ISCHR(st.st_mode)) +# else + S_ISCHR(st.st_mode) +# endif + ) { +# if defined(F_SETFD) && defined(FD_CLOEXEC) && !defined(NN_NINTENDO_SDK) + (void) fcntl(fd, F_SETFD, fcntl(fd, F_GETFD) | FD_CLOEXEC); +# endif + return fd; + } + (void) close(fd); + } else if (errno == EINTR) { + continue; + } + device++; + } while (*device != NULL); + + errno = EIO; + return -1; +/* LCOV_EXCL_STOP */ +} + +# ifdef HAVE_LINUX_COMPATIBLE_GETRANDOM +static int +_randombytes_linux_getrandom(void * const buf, const size_t size) +{ + int readnb; + + assert(size <= 256U); + do { + readnb = getrandom(buf, size, 0); + } while (readnb < 0 && (errno == EINTR || errno == EAGAIN)); + + return (readnb == (int) size) - 1; +} + +static int +randombytes_linux_getrandom(void * const buf_, size_t size) +{ + unsigned char *buf = (unsigned char *) buf_; + size_t chunk_size = 256U; + + do { + if (size < chunk_size) { + chunk_size = size; + assert(chunk_size > (size_t) 0U); + } + if (_randombytes_linux_getrandom(buf, chunk_size) != 0) { + return -1; + } + size -= chunk_size; + buf += chunk_size; + } while (size > (size_t) 0U); + + return 0; +} +# endif /* HAVE_LINUX_COMPATIBLE_GETRANDOM */ + +static void +randombytes_sysrandom_init(void) +{ + const int errno_save = errno; + +# ifdef HAVE_LINUX_COMPATIBLE_GETRANDOM + { + unsigned char fodder[16]; + + if (randombytes_linux_getrandom(fodder, sizeof fodder) == 0) { + stream.getrandom_available = 1; + errno = errno_save; + return; + } + stream.getrandom_available = 0; + } +# endif + + if ((stream.random_data_source_fd = + randombytes_sysrandom_random_dev_open()) == -1) { + sodium_misuse(); /* LCOV_EXCL_LINE */ + } + errno = errno_save; +} + +# else /* _WIN32 */ + +static void +randombytes_sysrandom_init(void) +{ +} +# endif /* _WIN32 */ + +static void +randombytes_sysrandom_stir(void) +{ + if (stream.initialized == 0) { + randombytes_sysrandom_init(); + stream.initialized = 1; + } +} + +static void +randombytes_sysrandom_stir_if_needed(void) +{ + if (stream.initialized == 0) { + randombytes_sysrandom_stir(); + } +} + +static int +randombytes_sysrandom_close(void) +{ + int ret = -1; + +# ifndef _WIN32 + if (stream.random_data_source_fd != -1 && + close(stream.random_data_source_fd) == 0) { + stream.random_data_source_fd = -1; + stream.initialized = 0; + ret = 0; + } +# ifdef HAVE_LINUX_COMPATIBLE_GETRANDOM + if (stream.getrandom_available != 0) { + ret = 0; + } +# endif +# else /* _WIN32 */ + if (stream.initialized != 0) { + stream.initialized = 0; + ret = 0; + } +# endif /* _WIN32 */ + return ret; +} + +static void +randombytes_sysrandom_buf(void * const buf, const size_t size) +{ + (void) buf; + randombytes_sysrandom_stir_if_needed(); +# if defined(ULLONG_MAX) && defined(SIZE_MAX) +# if SIZE_MAX > ULLONG_MAX + /* coverity[result_independent_of_operands] */ + assert(size <= ULLONG_MAX); +# endif +# endif +# ifndef _WIN32 +# ifdef HAVE_LINUX_COMPATIBLE_GETRANDOM + if (stream.getrandom_available != 0) { + if (randombytes_linux_getrandom(buf, size) != 0) { + sodium_misuse(); /* LCOV_EXCL_LINE */ + } + return; + } +# endif + if (stream.random_data_source_fd == -1 || + safe_read(stream.random_data_source_fd, buf, size) != (ssize_t) size) { + sodium_misuse(); /* LCOV_EXCL_LINE */ + } +# else /* _WIN32 */ + COMPILER_ASSERT(randombytes_BYTES_MAX <= 0xffffffffUL); + if (size > (size_t) 0xffffffffUL) { + sodium_misuse(); /* LCOV_EXCL_LINE */ + } +# if !defined(_XBOX_ONE) && !defined(_GAMING_XBOX) + if (! RtlGenRandom((PVOID) buf, (ULONG) size)) { + sodium_misuse(); /* LCOV_EXCL_LINE */ + } +# endif +# endif /* _WIN32 */ +} + +static uint32_t +randombytes_sysrandom(void) +{ + uint32_t r; + + randombytes_sysrandom_buf(&r, sizeof r); + + return r; +} + +#endif /* __OpenBSD__ */ + +static const char * +randombytes_sysrandom_implementation_name(void) +{ + return "sysrandom"; +} + +struct randombytes_implementation randombytes_sysrandom_implementation = { + SODIUM_C99(.implementation_name =) randombytes_sysrandom_implementation_name, + SODIUM_C99(.random =) randombytes_sysrandom, + SODIUM_C99(.stir =) randombytes_sysrandom_stir, + SODIUM_C99(.uniform =) NULL, + SODIUM_C99(.buf =) randombytes_sysrandom_buf, + SODIUM_C99(.close =) randombytes_sysrandom_close +}; diff --git a/windows/sodium/randombytes_sysrandom.h b/sodium/sodium_randombytes_sysrandom.h similarity index 79% rename from windows/sodium/randombytes_sysrandom.h rename to sodium/sodium_randombytes_sysrandom.h index 9e27b674..c3d124f7 100644 --- a/windows/sodium/randombytes_sysrandom.h +++ b/sodium/sodium_randombytes_sysrandom.h @@ -2,14 +2,13 @@ #ifndef randombytes_sysrandom_H #define randombytes_sysrandom_H -#include "export.h" -#include "randombytes.h" +#include "sodium_export.h" +#include "sodium_randombytes.h" #ifdef __cplusplus extern "C" { #endif -SODIUM_EXPORT extern struct randombytes_implementation randombytes_sysrandom_implementation; #ifdef __cplusplus diff --git a/sodium/sodium_ref10_ed25519.c b/sodium/sodium_ref10_ed25519.c new file mode 100644 index 00000000..c9f73649 --- /dev/null +++ b/sodium/sodium_ref10_ed25519.c @@ -0,0 +1,2601 @@ +#include +#include +#include +#include + +#include "sodium_crypto_verify_32.h" +#include "sodium_private_common.h" +#include "sodium_private_ed25519_ref10.h" +#include "sodium_utils.h" + +#if defined( _MSC_VER ) +#pragma warning(disable:4127) +#pragma warning(disable:4244) +#pragma warning(disable:4668) +#pragma warning(disable:4456) +#endif + +static inline uint64_t +load_3(const unsigned char *in) +{ + uint64_t result; + + result = (uint64_t) in[0]; + result |= ((uint64_t) in[1]) << 8; + result |= ((uint64_t) in[2]) << 16; + + return result; +} + +static inline uint64_t +load_4(const unsigned char *in) +{ + uint64_t result; + + result = (uint64_t) in[0]; + result |= ((uint64_t) in[1]) << 8; + result |= ((uint64_t) in[2]) << 16; + result |= ((uint64_t) in[3]) << 24; + + return result; +} + +/* + * Field arithmetic: + * Use 5*51 bit limbs on 64-bit systems with support for 128 bit arithmetic, + * and 10*25.5 bit limbs elsewhere. + * + * Functions used elsewhere that are candidates for inlining are defined + * via "private/curve25519_ref10.h". + */ + +#ifdef HAVE_TI_MODE +# include "sodium_fe_51_constants.h" +# include "sodium_fe_51_fe.h" +#else +# include "sodium_fe_25_5_constants.h" +# include "sodium_fe_25_5_fe.h" +#endif + +void +fe25519_invert(fe25519 out, const fe25519 z) +{ + fe25519 t0; + fe25519 t1; + fe25519 t2; + fe25519 t3; + int i; + + fe25519_sq(t0, z); + fe25519_sq(t1, t0); + fe25519_sq(t1, t1); + fe25519_mul(t1, z, t1); + fe25519_mul(t0, t0, t1); + fe25519_sq(t2, t0); + fe25519_mul(t1, t1, t2); + fe25519_sq(t2, t1); + for (i = 1; i < 5; ++i) { + fe25519_sq(t2, t2); + } + fe25519_mul(t1, t2, t1); + fe25519_sq(t2, t1); + for (i = 1; i < 10; ++i) { + fe25519_sq(t2, t2); + } + fe25519_mul(t2, t2, t1); + fe25519_sq(t3, t2); + for (i = 1; i < 20; ++i) { + fe25519_sq(t3, t3); + } + fe25519_mul(t2, t3, t2); + fe25519_sq(t2, t2); + for (i = 1; i < 10; ++i) { + fe25519_sq(t2, t2); + } + fe25519_mul(t1, t2, t1); + fe25519_sq(t2, t1); + for (i = 1; i < 50; ++i) { + fe25519_sq(t2, t2); + } + fe25519_mul(t2, t2, t1); + fe25519_sq(t3, t2); + for (i = 1; i < 100; ++i) { + fe25519_sq(t3, t3); + } + fe25519_mul(t2, t3, t2); + fe25519_sq(t2, t2); + for (i = 1; i < 50; ++i) { + fe25519_sq(t2, t2); + } + fe25519_mul(t1, t2, t1); + fe25519_sq(t1, t1); + for (i = 1; i < 5; ++i) { + fe25519_sq(t1, t1); + } + fe25519_mul(out, t1, t0); +} + +static void +fe25519_pow22523(fe25519 out, const fe25519 z) +{ + fe25519 t0; + fe25519 t1; + fe25519 t2; + int i; + + fe25519_sq(t0, z); + fe25519_sq(t1, t0); + fe25519_sq(t1, t1); + fe25519_mul(t1, z, t1); + fe25519_mul(t0, t0, t1); + fe25519_sq(t0, t0); + fe25519_mul(t0, t1, t0); + fe25519_sq(t1, t0); + for (i = 1; i < 5; ++i) { + fe25519_sq(t1, t1); + } + fe25519_mul(t0, t1, t0); + fe25519_sq(t1, t0); + for (i = 1; i < 10; ++i) { + fe25519_sq(t1, t1); + } + fe25519_mul(t1, t1, t0); + fe25519_sq(t2, t1); + for (i = 1; i < 20; ++i) { + fe25519_sq(t2, t2); + } + fe25519_mul(t1, t2, t1); + fe25519_sq(t1, t1); + for (i = 1; i < 10; ++i) { + fe25519_sq(t1, t1); + } + fe25519_mul(t0, t1, t0); + fe25519_sq(t1, t0); + for (i = 1; i < 50; ++i) { + fe25519_sq(t1, t1); + } + fe25519_mul(t1, t1, t0); + fe25519_sq(t2, t1); + for (i = 1; i < 100; ++i) { + fe25519_sq(t2, t2); + } + fe25519_mul(t1, t2, t1); + fe25519_sq(t1, t1); + for (i = 1; i < 50; ++i) { + fe25519_sq(t1, t1); + } + fe25519_mul(t0, t1, t0); + fe25519_sq(t0, t0); + fe25519_sq(t0, t0); + fe25519_mul(out, t0, z); +} + +/* + r = p + q + */ + +void +ge25519_add(ge25519_p1p1 *r, const ge25519_p3 *p, const ge25519_cached *q) +{ + fe25519 t0; + + fe25519_add(r->X, p->Y, p->X); + fe25519_sub(r->Y, p->Y, p->X); + fe25519_mul(r->Z, r->X, q->YplusX); + fe25519_mul(r->Y, r->Y, q->YminusX); + fe25519_mul(r->T, q->T2d, p->T); + fe25519_mul(r->X, p->Z, q->Z); + fe25519_add(t0, r->X, r->X); + fe25519_sub(r->X, r->Z, r->Y); + fe25519_add(r->Y, r->Z, r->Y); + fe25519_add(r->Z, t0, r->T); + fe25519_sub(r->T, t0, r->T); +} + +static void +slide_vartime(signed char *r, const unsigned char *a) +{ + int i; + int b; + int k; + int ribs; + int cmp; + + for (i = 0; i < 256; ++i) { + r[i] = 1 & (a[i >> 3] >> (i & 7)); + } + for (i = 0; i < 256; ++i) { + if (! r[i]) { + continue; + } + for (b = 1; b <= 6 && i + b < 256; ++b) { + if (! r[i + b]) { + continue; + } + ribs = r[i + b] << b; + cmp = r[i] + ribs; + if (cmp <= 15) { + r[i] = cmp; + r[i + b] = 0; + } else { + cmp = r[i] - ribs; + if (cmp < -15) { + break; + } + r[i] = cmp; + for (k = i + b; k < 256; ++k) { + if (! r[k]) { + r[k] = 1; + break; + } + r[k] = 0; + } + } + } + } +} + +int +ge25519_frombytes(ge25519_p3 *h, const unsigned char *s) +{ + fe25519 u; + fe25519 v; + fe25519 v3; + fe25519 vxx; + fe25519 m_root_check, p_root_check; + fe25519 negx; + fe25519 x_sqrtm1; + int has_m_root, has_p_root; + + fe25519_frombytes(h->Y, s); + fe25519_1(h->Z); + fe25519_sq(u, h->Y); + fe25519_mul(v, u, d); + fe25519_sub(u, u, h->Z); /* u = y^2-1 */ + fe25519_add(v, v, h->Z); /* v = dy^2+1 */ + + fe25519_sq(v3, v); + fe25519_mul(v3, v3, v); /* v3 = v^3 */ + fe25519_sq(h->X, v3); + fe25519_mul(h->X, h->X, v); + fe25519_mul(h->X, h->X, u); /* x = uv^7 */ + + fe25519_pow22523(h->X, h->X); /* x = (uv^7)^((q-5)/8) */ + fe25519_mul(h->X, h->X, v3); + fe25519_mul(h->X, h->X, u); /* x = uv^3(uv^7)^((q-5)/8) */ + + fe25519_sq(vxx, h->X); + fe25519_mul(vxx, vxx, v); + fe25519_sub(m_root_check, vxx, u); /* vx^2-u */ + fe25519_add(p_root_check, vxx, u); /* vx^2+u */ + has_m_root = fe25519_iszero(m_root_check); + has_p_root = fe25519_iszero(p_root_check); + fe25519_mul(x_sqrtm1, h->X, sqrtm1); /* x*sqrt(-1) */ + fe25519_cmov(h->X, x_sqrtm1, 1 - has_m_root); + + fe25519_neg(negx, h->X); + fe25519_cmov(h->X, negx, fe25519_isnegative(h->X) ^ (s[31] >> 7)); + fe25519_mul(h->T, h->X, h->Y); + + return (has_m_root | has_p_root) - 1; +} + +int +ge25519_frombytes_negate_vartime(ge25519_p3 *h, const unsigned char *s) +{ + fe25519 u; + fe25519 v; + fe25519 v3; + fe25519 vxx; + fe25519 m_root_check, p_root_check; + + fe25519_frombytes(h->Y, s); + fe25519_1(h->Z); + fe25519_sq(u, h->Y); + fe25519_mul(v, u, d); + fe25519_sub(u, u, h->Z); /* u = y^2-1 */ + fe25519_add(v, v, h->Z); /* v = dy^2+1 */ + + fe25519_sq(v3, v); + fe25519_mul(v3, v3, v); /* v3 = v^3 */ + fe25519_sq(h->X, v3); + fe25519_mul(h->X, h->X, v); + fe25519_mul(h->X, h->X, u); /* x = uv^7 */ + + fe25519_pow22523(h->X, h->X); /* x = (uv^7)^((q-5)/8) */ + fe25519_mul(h->X, h->X, v3); + fe25519_mul(h->X, h->X, u); /* x = uv^3(uv^7)^((q-5)/8) */ + + fe25519_sq(vxx, h->X); + fe25519_mul(vxx, vxx, v); + fe25519_sub(m_root_check, vxx, u); /* vx^2-u */ + if (fe25519_iszero(m_root_check) == 0) { + fe25519_add(p_root_check, vxx, u); /* vx^2+u */ + if (fe25519_iszero(p_root_check) == 0) { + return -1; + } + fe25519_mul(h->X, h->X, sqrtm1); + } + + if (fe25519_isnegative(h->X) == (s[31] >> 7)) { + fe25519_neg(h->X, h->X); + } + fe25519_mul(h->T, h->X, h->Y); + + return 0; +} + +/* + r = p + q + */ + +static void +ge25519_madd(ge25519_p1p1 *r, const ge25519_p3 *p, const ge25519_precomp *q) +{ + fe25519 t0; + + fe25519_add(r->X, p->Y, p->X); + fe25519_sub(r->Y, p->Y, p->X); + fe25519_mul(r->Z, r->X, q->yplusx); + fe25519_mul(r->Y, r->Y, q->yminusx); + fe25519_mul(r->T, q->xy2d, p->T); + fe25519_add(t0, p->Z, p->Z); + fe25519_sub(r->X, r->Z, r->Y); + fe25519_add(r->Y, r->Z, r->Y); + fe25519_add(r->Z, t0, r->T); + fe25519_sub(r->T, t0, r->T); +} + +/* + r = p - q + */ + +static void +ge25519_msub(ge25519_p1p1 *r, const ge25519_p3 *p, const ge25519_precomp *q) +{ + fe25519 t0; + + fe25519_add(r->X, p->Y, p->X); + fe25519_sub(r->Y, p->Y, p->X); + fe25519_mul(r->Z, r->X, q->yminusx); + fe25519_mul(r->Y, r->Y, q->yplusx); + fe25519_mul(r->T, q->xy2d, p->T); + fe25519_add(t0, p->Z, p->Z); + fe25519_sub(r->X, r->Z, r->Y); + fe25519_add(r->Y, r->Z, r->Y); + fe25519_sub(r->Z, t0, r->T); + fe25519_add(r->T, t0, r->T); +} + +/* + r = p + */ + +void +ge25519_p1p1_to_p2(ge25519_p2 *r, const ge25519_p1p1 *p) +{ + fe25519_mul(r->X, p->X, p->T); + fe25519_mul(r->Y, p->Y, p->Z); + fe25519_mul(r->Z, p->Z, p->T); +} + +/* + r = p + */ + +void +ge25519_p1p1_to_p3(ge25519_p3 *r, const ge25519_p1p1 *p) +{ + fe25519_mul(r->X, p->X, p->T); + fe25519_mul(r->Y, p->Y, p->Z); + fe25519_mul(r->Z, p->Z, p->T); + fe25519_mul(r->T, p->X, p->Y); +} + +static void +ge25519_p2_0(ge25519_p2 *h) +{ + fe25519_0(h->X); + fe25519_1(h->Y); + fe25519_1(h->Z); +} + +/* + r = 2 * p + */ + +static void +ge25519_p2_dbl(ge25519_p1p1 *r, const ge25519_p2 *p) +{ + fe25519 t0; + + fe25519_sq(r->X, p->X); + fe25519_sq(r->Z, p->Y); + fe25519_sq2(r->T, p->Z); + fe25519_add(r->Y, p->X, p->Y); + fe25519_sq(t0, r->Y); + fe25519_add(r->Y, r->Z, r->X); + fe25519_sub(r->Z, r->Z, r->X); + fe25519_sub(r->X, t0, r->Y); + fe25519_sub(r->T, r->T, r->Z); +} + +static void +ge25519_p3_0(ge25519_p3 *h) +{ + fe25519_0(h->X); + fe25519_1(h->Y); + fe25519_1(h->Z); + fe25519_0(h->T); +} + +static void +ge25519_cached_0(ge25519_cached *h) +{ + fe25519_1(h->YplusX); + fe25519_1(h->YminusX); + fe25519_1(h->Z); + fe25519_0(h->T2d); +} + +/* + r = p + */ + +void +ge25519_p3_to_cached(ge25519_cached *r, const ge25519_p3 *p) +{ + fe25519_add(r->YplusX, p->Y, p->X); + fe25519_sub(r->YminusX, p->Y, p->X); + fe25519_copy(r->Z, p->Z); + fe25519_mul(r->T2d, p->T, d2); +} + +#if defined(__ORBIS__) || defined(__PROSPERO__) || defined(__APPLE__) || defined(__ANDROID__) +#pragma clang diagnostic push +#pragma clang diagnostic ignored "-Wunused-function" +#endif // #if defined(__ORBIS__) || defined(__PROSPERO__) || defined(__APPLE__) || defined(__ANDROID__) + +static void +ge25519_p3_to_precomp(ge25519_precomp *pi, const ge25519_p3 *p) +{ + fe25519 recip; + fe25519 x; + fe25519 y; + fe25519 xy; + + fe25519_invert(recip, p->Z); + fe25519_mul(x, p->X, recip); + fe25519_mul(y, p->Y, recip); + fe25519_add(pi->yplusx, y, x); + fe25519_sub(pi->yminusx, y, x); + fe25519_mul(xy, x, y); + fe25519_mul(pi->xy2d, xy, d2); +} + +#if defined(__ORBIS__) || defined(__PROSPERO__) || defined(__APPLE__) || defined(__ANDROID__) +#pragma clang diagnostic pop +#endif // #if defined(__ORBIS__) || defined(__PROSPERO__) || defined(__APPLE__) || defined(__ANDROID__) + +/* + r = p + */ + +static void +ge25519_p3_to_p2(ge25519_p2 *r, const ge25519_p3 *p) +{ + fe25519_copy(r->X, p->X); + fe25519_copy(r->Y, p->Y); + fe25519_copy(r->Z, p->Z); +} + +void +ge25519_p3_tobytes(unsigned char *s, const ge25519_p3 *h) +{ + fe25519 recip; + fe25519 x; + fe25519 y; + + fe25519_invert(recip, h->Z); + fe25519_mul(x, h->X, recip); + fe25519_mul(y, h->Y, recip); + fe25519_tobytes(s, y); + s[31] ^= fe25519_isnegative(x) << 7; +} + +/* + r = 2 * p + */ + +static void +ge25519_p3_dbl(ge25519_p1p1 *r, const ge25519_p3 *p) +{ + ge25519_p2 q; + ge25519_p3_to_p2(&q, p); + ge25519_p2_dbl(r, &q); +} + +static void +ge25519_precomp_0(ge25519_precomp *h) +{ + fe25519_1(h->yplusx); + fe25519_1(h->yminusx); + fe25519_0(h->xy2d); +} + +static unsigned char +equal(signed char b, signed char c) +{ + unsigned char ub = b; + unsigned char uc = c; + unsigned char x = ub ^ uc; /* 0: yes; 1..255: no */ + uint32_t y = x; /* 0: yes; 1..255: no */ + + y -= 1; /* 4294967295: yes; 0..254: no */ + y >>= 31; /* 1: yes; 0: no */ + + return y; +} + +static unsigned char +negative(signed char b) +{ + /* 18446744073709551361..18446744073709551615: yes; 0..255: no */ + uint64_t x = b; + + x >>= 63; /* 1: yes; 0: no */ + + return x; +} + +static void +ge25519_cmov(ge25519_precomp *t, const ge25519_precomp *u, unsigned char b) +{ + fe25519_cmov(t->yplusx, u->yplusx, b); + fe25519_cmov(t->yminusx, u->yminusx, b); + fe25519_cmov(t->xy2d, u->xy2d, b); +} + +static void +ge25519_cmov_cached(ge25519_cached *t, const ge25519_cached *u, unsigned char b) +{ + fe25519_cmov(t->YplusX, u->YplusX, b); + fe25519_cmov(t->YminusX, u->YminusX, b); + fe25519_cmov(t->Z, u->Z, b); + fe25519_cmov(t->T2d, u->T2d, b); +} + +static void +ge25519_select(ge25519_precomp *t, const ge25519_precomp precomp[8], const signed char b) +{ + ge25519_precomp minust; + const unsigned char bnegative = negative(b); + const unsigned char babs = b - (((-bnegative) & b) * ((signed char) 1 << 1)); + + ge25519_precomp_0(t); + ge25519_cmov(t, &precomp[0], equal(babs, 1)); + ge25519_cmov(t, &precomp[1], equal(babs, 2)); + ge25519_cmov(t, &precomp[2], equal(babs, 3)); + ge25519_cmov(t, &precomp[3], equal(babs, 4)); + ge25519_cmov(t, &precomp[4], equal(babs, 5)); + ge25519_cmov(t, &precomp[5], equal(babs, 6)); + ge25519_cmov(t, &precomp[6], equal(babs, 7)); + ge25519_cmov(t, &precomp[7], equal(babs, 8)); + fe25519_copy(minust.yplusx, t->yminusx); + fe25519_copy(minust.yminusx, t->yplusx); + fe25519_neg(minust.xy2d, t->xy2d); + ge25519_cmov(t, &minust, bnegative); +} + +static void +ge25519_select_base(ge25519_precomp *t, const int pos, const signed char b) +{ + static const ge25519_precomp base[32][8] = { /* base[i][j] = (j+1)*256^i*B */ +#ifdef HAVE_TI_MODE +# include "sodium_fe_51_base.h" +#else +# include "sodium_fe_25_5_base.h" +#endif + }; + ge25519_select(t, base[pos], b); +} + +static void +ge25519_select_cached(ge25519_cached *t, const ge25519_cached cached[8], const signed char b) +{ + ge25519_cached minust; + const unsigned char bnegative = negative(b); + const unsigned char babs = b - (((-bnegative) & b) * ((signed char) 1 << 1)); + + ge25519_cached_0(t); + ge25519_cmov_cached(t, &cached[0], equal(babs, 1)); + ge25519_cmov_cached(t, &cached[1], equal(babs, 2)); + ge25519_cmov_cached(t, &cached[2], equal(babs, 3)); + ge25519_cmov_cached(t, &cached[3], equal(babs, 4)); + ge25519_cmov_cached(t, &cached[4], equal(babs, 5)); + ge25519_cmov_cached(t, &cached[5], equal(babs, 6)); + ge25519_cmov_cached(t, &cached[6], equal(babs, 7)); + ge25519_cmov_cached(t, &cached[7], equal(babs, 8)); + fe25519_copy(minust.YplusX, t->YminusX); + fe25519_copy(minust.YminusX, t->YplusX); + fe25519_copy(minust.Z, t->Z); + fe25519_neg(minust.T2d, t->T2d); + ge25519_cmov_cached(t, &minust, bnegative); +} + +/* + r = p - q + */ + +void +ge25519_sub(ge25519_p1p1 *r, const ge25519_p3 *p, const ge25519_cached *q) +{ + fe25519 t0; + + fe25519_add(r->X, p->Y, p->X); + fe25519_sub(r->Y, p->Y, p->X); + fe25519_mul(r->Z, r->X, q->YminusX); + fe25519_mul(r->Y, r->Y, q->YplusX); + fe25519_mul(r->T, q->T2d, p->T); + fe25519_mul(r->X, p->Z, q->Z); + fe25519_add(t0, r->X, r->X); + fe25519_sub(r->X, r->Z, r->Y); + fe25519_add(r->Y, r->Z, r->Y); + fe25519_sub(r->Z, t0, r->T); + fe25519_add(r->T, t0, r->T); +} + +void +ge25519_tobytes(unsigned char *s, const ge25519_p2 *h) +{ + fe25519 recip; + fe25519 x; + fe25519 y; + + fe25519_invert(recip, h->Z); + fe25519_mul(x, h->X, recip); + fe25519_mul(y, h->Y, recip); + fe25519_tobytes(s, y); + s[31] ^= fe25519_isnegative(x) << 7; +} + +/* + r = a * A + b * B + where a = a[0]+256*a[1]+...+256^31 a[31]. + and b = b[0]+256*b[1]+...+256^31 b[31]. + B is the Ed25519 base point (x,4/5) with x positive. + + Only used for signatures verification. + */ + +void +ge25519_double_scalarmult_vartime(ge25519_p2 *r, const unsigned char *a, + const ge25519_p3 *A, const unsigned char *b) +{ + static const ge25519_precomp Bi[8] = { +#ifdef HAVE_TI_MODE +# include "sodium_fe_51_base2.h" +#else +# include "sodium_fe_25_5_base2.h" +#endif + }; + signed char aslide[256]; + signed char bslide[256]; + ge25519_cached Ai[8]; /* A,3A,5A,7A,9A,11A,13A,15A */ + ge25519_p1p1 t; + ge25519_p3 u; + ge25519_p3 A2; + int i; + + slide_vartime(aslide, a); + slide_vartime(bslide, b); + + ge25519_p3_to_cached(&Ai[0], A); + + ge25519_p3_dbl(&t, A); + ge25519_p1p1_to_p3(&A2, &t); + + ge25519_add(&t, &A2, &Ai[0]); + ge25519_p1p1_to_p3(&u, &t); + ge25519_p3_to_cached(&Ai[1], &u); + + ge25519_add(&t, &A2, &Ai[1]); + ge25519_p1p1_to_p3(&u, &t); + ge25519_p3_to_cached(&Ai[2], &u); + + ge25519_add(&t, &A2, &Ai[2]); + ge25519_p1p1_to_p3(&u, &t); + ge25519_p3_to_cached(&Ai[3], &u); + + ge25519_add(&t, &A2, &Ai[3]); + ge25519_p1p1_to_p3(&u, &t); + ge25519_p3_to_cached(&Ai[4], &u); + + ge25519_add(&t, &A2, &Ai[4]); + ge25519_p1p1_to_p3(&u, &t); + ge25519_p3_to_cached(&Ai[5], &u); + + ge25519_add(&t, &A2, &Ai[5]); + ge25519_p1p1_to_p3(&u, &t); + ge25519_p3_to_cached(&Ai[6], &u); + + ge25519_add(&t, &A2, &Ai[6]); + ge25519_p1p1_to_p3(&u, &t); + ge25519_p3_to_cached(&Ai[7], &u); + + ge25519_p2_0(r); + + for (i = 255; i >= 0; --i) { + if (aslide[i] || bslide[i]) { + break; + } + } + + for (; i >= 0; --i) { + ge25519_p2_dbl(&t, r); + + if (aslide[i] > 0) { + ge25519_p1p1_to_p3(&u, &t); + ge25519_add(&t, &u, &Ai[aslide[i] / 2]); + } else if (aslide[i] < 0) { + ge25519_p1p1_to_p3(&u, &t); + ge25519_sub(&t, &u, &Ai[(-aslide[i]) / 2]); + } + + if (bslide[i] > 0) { + ge25519_p1p1_to_p3(&u, &t); + ge25519_madd(&t, &u, &Bi[bslide[i] / 2]); + } else if (bslide[i] < 0) { + ge25519_p1p1_to_p3(&u, &t); + ge25519_msub(&t, &u, &Bi[(-bslide[i]) / 2]); + } + + ge25519_p1p1_to_p2(r, &t); + } +} + +/* + h = a * p + where a = a[0]+256*a[1]+...+256^31 a[31] + + Preconditions: + a[31] <= 127 + + p is public + */ + +void +ge25519_scalarmult(ge25519_p3 *h, const unsigned char *a, const ge25519_p3 *p) +{ + signed char e[64]; + signed char carry; + ge25519_p1p1 r; + ge25519_p2 s; + ge25519_p1p1 t2, t3, t4, t5, t6, t7, t8; + ge25519_p3 p2, p3, p4, p5, p6, p7, p8; + ge25519_cached pi[8]; + ge25519_cached t; + int i; + + ge25519_p3_to_cached(&pi[1 - 1], p); /* p */ + + ge25519_p3_dbl(&t2, p); + ge25519_p1p1_to_p3(&p2, &t2); + ge25519_p3_to_cached(&pi[2 - 1], &p2); /* 2p = 2*p */ + + ge25519_add(&t3, p, &pi[2 - 1]); + ge25519_p1p1_to_p3(&p3, &t3); + ge25519_p3_to_cached(&pi[3 - 1], &p3); /* 3p = 2p+p */ + + ge25519_p3_dbl(&t4, &p2); + ge25519_p1p1_to_p3(&p4, &t4); + ge25519_p3_to_cached(&pi[4 - 1], &p4); /* 4p = 2*2p */ + + ge25519_add(&t5, p, &pi[4 - 1]); + ge25519_p1p1_to_p3(&p5, &t5); + ge25519_p3_to_cached(&pi[5 - 1], &p5); /* 5p = 4p+p */ + + ge25519_p3_dbl(&t6, &p3); + ge25519_p1p1_to_p3(&p6, &t6); + ge25519_p3_to_cached(&pi[6 - 1], &p6); /* 6p = 2*3p */ + + ge25519_add(&t7, p, &pi[6 - 1]); + ge25519_p1p1_to_p3(&p7, &t7); + ge25519_p3_to_cached(&pi[7 - 1], &p7); /* 7p = 6p+p */ + + ge25519_p3_dbl(&t8, &p4); + ge25519_p1p1_to_p3(&p8, &t8); + ge25519_p3_to_cached(&pi[8 - 1], &p8); /* 8p = 2*4p */ + + for (i = 0; i < 32; ++i) { + e[2 * i + 0] = (a[i] >> 0) & 15; + e[2 * i + 1] = (a[i] >> 4) & 15; + } + /* each e[i] is between 0 and 15 */ + /* e[63] is between 0 and 7 */ + + carry = 0; + for (i = 0; i < 63; ++i) { + e[i] += carry; + carry = e[i] + 8; + carry >>= 4; + e[i] -= carry * ((signed char) 1 << 4); + } + e[63] += carry; + /* each e[i] is between -8 and 8 */ + + ge25519_p3_0(h); + + for (i = 63; i != 0; i--) { + ge25519_select_cached(&t, pi, e[i]); + ge25519_add(&r, h, &t); + + ge25519_p1p1_to_p2(&s, &r); + ge25519_p2_dbl(&r, &s); + ge25519_p1p1_to_p2(&s, &r); + ge25519_p2_dbl(&r, &s); + ge25519_p1p1_to_p2(&s, &r); + ge25519_p2_dbl(&r, &s); + ge25519_p1p1_to_p2(&s, &r); + ge25519_p2_dbl(&r, &s); + + ge25519_p1p1_to_p3(h, &r); /* *16 */ + } + ge25519_select_cached(&t, pi, e[i]); + ge25519_add(&r, h, &t); + + ge25519_p1p1_to_p3(h, &r); +} + +/* + h = a * B (with precomputation) + where a = a[0]+256*a[1]+...+256^31 a[31] + B is the Ed25519 base point (x,4/5) with x positive + (as bytes: 0x5866666666666666666666666666666666666666666666666666666666666666) + + Preconditions: + a[31] <= 127 + */ + +void +ge25519_scalarmult_base(ge25519_p3 *h, const unsigned char *a) +{ + signed char e[64]; + signed char carry; + ge25519_p1p1 r; + ge25519_p2 s; + ge25519_precomp t; + int i; + + for (i = 0; i < 32; ++i) { + e[2 * i + 0] = (a[i] >> 0) & 15; + e[2 * i + 1] = (a[i] >> 4) & 15; + } + /* each e[i] is between 0 and 15 */ + /* e[63] is between 0 and 7 */ + + carry = 0; + for (i = 0; i < 63; ++i) { + e[i] += carry; + carry = e[i] + 8; + carry >>= 4; + e[i] -= carry * ((signed char) 1 << 4); + } + e[63] += carry; + /* each e[i] is between -8 and 8 */ + + ge25519_p3_0(h); + + for (i = 1; i < 64; i += 2) { + ge25519_select_base(&t, i / 2, e[i]); + ge25519_madd(&r, h, &t); + ge25519_p1p1_to_p3(h, &r); + } + + ge25519_p3_dbl(&r, h); + ge25519_p1p1_to_p2(&s, &r); + ge25519_p2_dbl(&r, &s); + ge25519_p1p1_to_p2(&s, &r); + ge25519_p2_dbl(&r, &s); + ge25519_p1p1_to_p2(&s, &r); + ge25519_p2_dbl(&r, &s); + ge25519_p1p1_to_p3(h, &r); + + for (i = 0; i < 64; i += 2) { + ge25519_select_base(&t, i / 2, e[i]); + ge25519_madd(&r, h, &t); + ge25519_p1p1_to_p3(h, &r); + } +} + +/* multiply by the order of the main subgroup l = 2^252+27742317777372353535851937790883648493 */ +static void +ge25519_mul_l(ge25519_p3 *r, const ge25519_p3 *A) +{ + static const signed char aslide[253] = { + 13, 0, 0, 0, 0, -1, 0, 0, 0, 0, -11, 0, 0, 0, 0, 0, 0, -5, 0, 0, 0, 0, 0, 0, -3, 0, 0, 0, 0, -13, 0, 0, 0, 0, 7, 0, 0, 0, 0, 0, 3, 0, 0, 0, 0, -13, 0, 0, 0, 0, 5, 0, 0, 0, 0, 0, 0, 0, 0, 11, 0, 0, 0, 0, 0, 11, 0, 0, 0, 0, -13, 0, 0, 0, 0, 0, 0, -3, 0, 0, 0, 0, 0, -1, 0, 0, 0, 0, 3, 0, 0, 0, 0, -11, 0, 0, 0, 0, 0, 0, 0, 15, 0, 0, 0, 0, 0, -1, 0, 0, 0, 0, -1, 0, 0, 0, 0, 7, 0, 0, 0, 0, 5, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1 + }; + ge25519_cached Ai[8]; + ge25519_p1p1 t; + ge25519_p3 u; + ge25519_p3 A2; + int i; + + ge25519_p3_to_cached(&Ai[0], A); + ge25519_p3_dbl(&t, A); + ge25519_p1p1_to_p3(&A2, &t); + ge25519_add(&t, &A2, &Ai[0]); + ge25519_p1p1_to_p3(&u, &t); + ge25519_p3_to_cached(&Ai[1], &u); + ge25519_add(&t, &A2, &Ai[1]); + ge25519_p1p1_to_p3(&u, &t); + ge25519_p3_to_cached(&Ai[2], &u); + ge25519_add(&t, &A2, &Ai[2]); + ge25519_p1p1_to_p3(&u, &t); + ge25519_p3_to_cached(&Ai[3], &u); + ge25519_add(&t, &A2, &Ai[3]); + ge25519_p1p1_to_p3(&u, &t); + ge25519_p3_to_cached(&Ai[4], &u); + ge25519_add(&t, &A2, &Ai[4]); + ge25519_p1p1_to_p3(&u, &t); + ge25519_p3_to_cached(&Ai[5], &u); + ge25519_add(&t, &A2, &Ai[5]); + ge25519_p1p1_to_p3(&u, &t); + ge25519_p3_to_cached(&Ai[6], &u); + ge25519_add(&t, &A2, &Ai[6]); + ge25519_p1p1_to_p3(&u, &t); + ge25519_p3_to_cached(&Ai[7], &u); + + ge25519_p3_0(r); + + for (i = 252; i >= 0; --i) { + ge25519_p3_dbl(&t, r); + + if (aslide[i] > 0) { + ge25519_p1p1_to_p3(&u, &t); + ge25519_add(&t, &u, &Ai[aslide[i] / 2]); + } else if (aslide[i] < 0) { + ge25519_p1p1_to_p3(&u, &t); + ge25519_sub(&t, &u, &Ai[(-aslide[i]) / 2]); + } + + ge25519_p1p1_to_p3(r, &t); + } +} + +int +ge25519_is_on_curve(const ge25519_p3 *p) +{ + fe25519 x2; + fe25519 y2; + fe25519 z2; + fe25519 z4; + fe25519 t0; + fe25519 t1; + + fe25519_sq(x2, p->X); + fe25519_sq(y2, p->Y); + fe25519_sq(z2, p->Z); + fe25519_sub(t0, y2, x2); + fe25519_mul(t0, t0, z2); + + fe25519_mul(t1, x2, y2); + fe25519_mul(t1, t1, d); + fe25519_sq(z4, z2); + fe25519_add(t1, t1, z4); + fe25519_sub(t0, t0, t1); + + return fe25519_iszero(t0); +} + +int +ge25519_is_on_main_subgroup(const ge25519_p3 *p) +{ + ge25519_p3 pl; + + ge25519_mul_l(&pl, p); + + return fe25519_iszero(pl.X); +} + +int +ge25519_is_canonical(const unsigned char *s) +{ + unsigned char c; + unsigned char local_d; + unsigned int i; + + c = (s[31] & 0x7f) ^ 0x7f; + for (i = 30; i > 0; i--) { + c |= s[i] ^ 0xff; + } + c = (((unsigned int) c) - 1U) >> 8; + local_d = (0xed - 1U - (unsigned int) s[0]) >> 8; + + return 1 - (c & local_d & 1); +} + +int +ge25519_has_small_order(const unsigned char s[32]) +{ + CRYPTO_ALIGN(16) + static const unsigned char blacklist[][32] = { + /* 0 (order 4) */ + { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, + /* 1 (order 1) */ + { 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, + /* 2707385501144840649318225287225658788936804267575313519463743609750303402022 + (order 8) */ + { 0x26, 0xe8, 0x95, 0x8f, 0xc2, 0xb2, 0x27, 0xb0, 0x45, 0xc3, 0xf4, + 0x89, 0xf2, 0xef, 0x98, 0xf0, 0xd5, 0xdf, 0xac, 0x05, 0xd3, 0xc6, + 0x33, 0x39, 0xb1, 0x38, 0x02, 0x88, 0x6d, 0x53, 0xfc, 0x05 }, + /* 55188659117513257062467267217118295137698188065244968500265048394206261417927 + (order 8) */ + { 0xc7, 0x17, 0x6a, 0x70, 0x3d, 0x4d, 0xd8, 0x4f, 0xba, 0x3c, 0x0b, + 0x76, 0x0d, 0x10, 0x67, 0x0f, 0x2a, 0x20, 0x53, 0xfa, 0x2c, 0x39, + 0xcc, 0xc6, 0x4e, 0xc7, 0xfd, 0x77, 0x92, 0xac, 0x03, 0x7a }, + /* p-1 (order 2) */ + { 0xec, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x7f }, + /* p (=0, order 4) */ + { 0xed, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x7f }, + /* p+1 (=1, order 1) */ + { 0xee, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x7f } + }; + unsigned char c[7] = { 0 }; + unsigned int k; + size_t i, j; + + COMPILER_ASSERT(7 == sizeof blacklist / sizeof blacklist[0]); + for (j = 0; j < 31; j++) { + for (i = 0; i < sizeof blacklist / sizeof blacklist[0]; i++) { + c[i] |= s[j] ^ blacklist[i][j]; + } + } + for (i = 0; i < sizeof blacklist / sizeof blacklist[0]; i++) { + c[i] |= (s[j] & 0x7f) ^ blacklist[i][j]; + } + k = 0; + for (i = 0; i < sizeof blacklist / sizeof blacklist[0]; i++) { + k |= (c[i] - 1); + } + return (int) ((k >> 8) & 1); +} + +/* + Input: + a[0]+256*a[1]+...+256^31*a[31] = a + b[0]+256*b[1]+...+256^31*b[31] = b + * + Output: + s[0]+256*s[1]+...+256^31*s[31] = (ab) mod l + where l = 2^252 + 27742317777372353535851937790883648493. + */ + +static void +sc25519_mul(unsigned char s[32], const unsigned char a[32], const unsigned char b[32]) +{ + int64_t a0 = 2097151 & load_3(a); + int64_t a1 = 2097151 & (load_4(a + 2) >> 5); + int64_t a2 = 2097151 & (load_3(a + 5) >> 2); + int64_t a3 = 2097151 & (load_4(a + 7) >> 7); + int64_t a4 = 2097151 & (load_4(a + 10) >> 4); + int64_t a5 = 2097151 & (load_3(a + 13) >> 1); + int64_t a6 = 2097151 & (load_4(a + 15) >> 6); + int64_t a7 = 2097151 & (load_3(a + 18) >> 3); + int64_t a8 = 2097151 & load_3(a + 21); + int64_t a9 = 2097151 & (load_4(a + 23) >> 5); + int64_t a10 = 2097151 & (load_3(a + 26) >> 2); + int64_t a11 = (load_4(a + 28) >> 7); + + int64_t b0 = 2097151 & load_3(b); + int64_t b1 = 2097151 & (load_4(b + 2) >> 5); + int64_t b2 = 2097151 & (load_3(b + 5) >> 2); + int64_t b3 = 2097151 & (load_4(b + 7) >> 7); + int64_t b4 = 2097151 & (load_4(b + 10) >> 4); + int64_t b5 = 2097151 & (load_3(b + 13) >> 1); + int64_t b6 = 2097151 & (load_4(b + 15) >> 6); + int64_t b7 = 2097151 & (load_3(b + 18) >> 3); + int64_t b8 = 2097151 & load_3(b + 21); + int64_t b9 = 2097151 & (load_4(b + 23) >> 5); + int64_t b10 = 2097151 & (load_3(b + 26) >> 2); + int64_t b11 = (load_4(b + 28) >> 7); + + int64_t s0; + int64_t s1; + int64_t s2; + int64_t s3; + int64_t s4; + int64_t s5; + int64_t s6; + int64_t s7; + int64_t s8; + int64_t s9; + int64_t s10; + int64_t s11; + int64_t s12; + int64_t s13; + int64_t s14; + int64_t s15; + int64_t s16; + int64_t s17; + int64_t s18; + int64_t s19; + int64_t s20; + int64_t s21; + int64_t s22; + int64_t s23; + + int64_t carry0; + int64_t carry1; + int64_t carry2; + int64_t carry3; + int64_t carry4; + int64_t carry5; + int64_t carry6; + int64_t carry7; + int64_t carry8; + int64_t carry9; + int64_t carry10; + int64_t carry11; + int64_t carry12; + int64_t carry13; + int64_t carry14; + int64_t carry15; + int64_t carry16; + int64_t carry17; + int64_t carry18; + int64_t carry19; + int64_t carry20; + int64_t carry21; + int64_t carry22; + + s0 = a0 * b0; + s1 = a0 * b1 + a1 * b0; + s2 = a0 * b2 + a1 * b1 + a2 * b0; + s3 = a0 * b3 + a1 * b2 + a2 * b1 + a3 * b0; + s4 = a0 * b4 + a1 * b3 + a2 * b2 + a3 * b1 + a4 * b0; + s5 = a0 * b5 + a1 * b4 + a2 * b3 + a3 * b2 + a4 * b1 + a5 * b0; + s6 = a0 * b6 + a1 * b5 + a2 * b4 + a3 * b3 + a4 * b2 + a5 * b1 + a6 * b0; + s7 = a0 * b7 + a1 * b6 + a2 * b5 + a3 * b4 + a4 * b3 + a5 * b2 + + a6 * b1 + a7 * b0; + s8 = a0 * b8 + a1 * b7 + a2 * b6 + a3 * b5 + a4 * b4 + a5 * b3 + + a6 * b2 + a7 * b1 + a8 * b0; + s9 = a0 * b9 + a1 * b8 + a2 * b7 + a3 * b6 + a4 * b5 + a5 * b4 + + a6 * b3 + a7 * b2 + a8 * b1 + a9 * b0; + s10 = a0 * b10 + a1 * b9 + a2 * b8 + a3 * b7 + a4 * b6 + a5 * b5 + + a6 * b4 + a7 * b3 + a8 * b2 + a9 * b1 + a10 * b0; + s11 = a0 * b11 + a1 * b10 + a2 * b9 + a3 * b8 + a4 * b7 + a5 * b6 + + a6 * b5 + a7 * b4 + a8 * b3 + a9 * b2 + a10 * b1 + a11 * b0; + s12 = a1 * b11 + a2 * b10 + a3 * b9 + a4 * b8 + a5 * b7 + a6 * b6 + + a7 * b5 + a8 * b4 + a9 * b3 + a10 * b2 + a11 * b1; + s13 = a2 * b11 + a3 * b10 + a4 * b9 + a5 * b8 + a6 * b7 + a7 * b6 + + a8 * b5 + a9 * b4 + a10 * b3 + a11 * b2; + s14 = a3 * b11 + a4 * b10 + a5 * b9 + a6 * b8 + a7 * b7 + a8 * b6 + + a9 * b5 + a10 * b4 + a11 * b3; + s15 = a4 * b11 + a5 * b10 + a6 * b9 + a7 * b8 + a8 * b7 + a9 * b6 + + a10 * b5 + a11 * b4; + s16 = + a5 * b11 + a6 * b10 + a7 * b9 + a8 * b8 + a9 * b7 + a10 * b6 + a11 * b5; + s17 = a6 * b11 + a7 * b10 + a8 * b9 + a9 * b8 + a10 * b7 + a11 * b6; + s18 = a7 * b11 + a8 * b10 + a9 * b9 + a10 * b8 + a11 * b7; + s19 = a8 * b11 + a9 * b10 + a10 * b9 + a11 * b8; + s20 = a9 * b11 + a10 * b10 + a11 * b9; + s21 = a10 * b11 + a11 * b10; + s22 = a11 * b11; + s23 = 0; + + carry0 = (s0 + (int64_t) (1L << 20)) >> 21; + s1 += carry0; + s0 -= carry0 * ((uint64_t) 1L << 21); + carry2 = (s2 + (int64_t) (1L << 20)) >> 21; + s3 += carry2; + s2 -= carry2 * ((uint64_t) 1L << 21); + carry4 = (s4 + (int64_t) (1L << 20)) >> 21; + s5 += carry4; + s4 -= carry4 * ((uint64_t) 1L << 21); + carry6 = (s6 + (int64_t) (1L << 20)) >> 21; + s7 += carry6; + s6 -= carry6 * ((uint64_t) 1L << 21); + carry8 = (s8 + (int64_t) (1L << 20)) >> 21; + s9 += carry8; + s8 -= carry8 * ((uint64_t) 1L << 21); + carry10 = (s10 + (int64_t) (1L << 20)) >> 21; + s11 += carry10; + s10 -= carry10 * ((uint64_t) 1L << 21); + carry12 = (s12 + (int64_t) (1L << 20)) >> 21; + s13 += carry12; + s12 -= carry12 * ((uint64_t) 1L << 21); + carry14 = (s14 + (int64_t) (1L << 20)) >> 21; + s15 += carry14; + s14 -= carry14 * ((uint64_t) 1L << 21); + carry16 = (s16 + (int64_t) (1L << 20)) >> 21; + s17 += carry16; + s16 -= carry16 * ((uint64_t) 1L << 21); + carry18 = (s18 + (int64_t) (1L << 20)) >> 21; + s19 += carry18; + s18 -= carry18 * ((uint64_t) 1L << 21); + carry20 = (s20 + (int64_t) (1L << 20)) >> 21; + s21 += carry20; + s20 -= carry20 * ((uint64_t) 1L << 21); + carry22 = (s22 + (int64_t) (1L << 20)) >> 21; + s23 += carry22; + s22 -= carry22 * ((uint64_t) 1L << 21); + + carry1 = (s1 + (int64_t) (1L << 20)) >> 21; + s2 += carry1; + s1 -= carry1 * ((uint64_t) 1L << 21); + carry3 = (s3 + (int64_t) (1L << 20)) >> 21; + s4 += carry3; + s3 -= carry3 * ((uint64_t) 1L << 21); + carry5 = (s5 + (int64_t) (1L << 20)) >> 21; + s6 += carry5; + s5 -= carry5 * ((uint64_t) 1L << 21); + carry7 = (s7 + (int64_t) (1L << 20)) >> 21; + s8 += carry7; + s7 -= carry7 * ((uint64_t) 1L << 21); + carry9 = (s9 + (int64_t) (1L << 20)) >> 21; + s10 += carry9; + s9 -= carry9 * ((uint64_t) 1L << 21); + carry11 = (s11 + (int64_t) (1L << 20)) >> 21; + s12 += carry11; + s11 -= carry11 * ((uint64_t) 1L << 21); + carry13 = (s13 + (int64_t) (1L << 20)) >> 21; + s14 += carry13; + s13 -= carry13 * ((uint64_t) 1L << 21); + carry15 = (s15 + (int64_t) (1L << 20)) >> 21; + s16 += carry15; + s15 -= carry15 * ((uint64_t) 1L << 21); + carry17 = (s17 + (int64_t) (1L << 20)) >> 21; + s18 += carry17; + s17 -= carry17 * ((uint64_t) 1L << 21); + carry19 = (s19 + (int64_t) (1L << 20)) >> 21; + s20 += carry19; + s19 -= carry19 * ((uint64_t) 1L << 21); + carry21 = (s21 + (int64_t) (1L << 20)) >> 21; + s22 += carry21; + s21 -= carry21 * ((uint64_t) 1L << 21); + + s11 += s23 * 666643; + s12 += s23 * 470296; + s13 += s23 * 654183; + s14 -= s23 * 997805; + s15 += s23 * 136657; + s16 -= s23 * 683901; + + s10 += s22 * 666643; + s11 += s22 * 470296; + s12 += s22 * 654183; + s13 -= s22 * 997805; + s14 += s22 * 136657; + s15 -= s22 * 683901; + + s9 += s21 * 666643; + s10 += s21 * 470296; + s11 += s21 * 654183; + s12 -= s21 * 997805; + s13 += s21 * 136657; + s14 -= s21 * 683901; + + s8 += s20 * 666643; + s9 += s20 * 470296; + s10 += s20 * 654183; + s11 -= s20 * 997805; + s12 += s20 * 136657; + s13 -= s20 * 683901; + + s7 += s19 * 666643; + s8 += s19 * 470296; + s9 += s19 * 654183; + s10 -= s19 * 997805; + s11 += s19 * 136657; + s12 -= s19 * 683901; + + s6 += s18 * 666643; + s7 += s18 * 470296; + s8 += s18 * 654183; + s9 -= s18 * 997805; + s10 += s18 * 136657; + s11 -= s18 * 683901; + + carry6 = (s6 + (int64_t) (1L << 20)) >> 21; + s7 += carry6; + s6 -= carry6 * ((uint64_t) 1L << 21); + carry8 = (s8 + (int64_t) (1L << 20)) >> 21; + s9 += carry8; + s8 -= carry8 * ((uint64_t) 1L << 21); + carry10 = (s10 + (int64_t) (1L << 20)) >> 21; + s11 += carry10; + s10 -= carry10 * ((uint64_t) 1L << 21); + carry12 = (s12 + (int64_t) (1L << 20)) >> 21; + s13 += carry12; + s12 -= carry12 * ((uint64_t) 1L << 21); + carry14 = (s14 + (int64_t) (1L << 20)) >> 21; + s15 += carry14; + s14 -= carry14 * ((uint64_t) 1L << 21); + carry16 = (s16 + (int64_t) (1L << 20)) >> 21; + s17 += carry16; + s16 -= carry16 * ((uint64_t) 1L << 21); + + carry7 = (s7 + (int64_t) (1L << 20)) >> 21; + s8 += carry7; + s7 -= carry7 * ((uint64_t) 1L << 21); + carry9 = (s9 + (int64_t) (1L << 20)) >> 21; + s10 += carry9; + s9 -= carry9 * ((uint64_t) 1L << 21); + carry11 = (s11 + (int64_t) (1L << 20)) >> 21; + s12 += carry11; + s11 -= carry11 * ((uint64_t) 1L << 21); + carry13 = (s13 + (int64_t) (1L << 20)) >> 21; + s14 += carry13; + s13 -= carry13 * ((uint64_t) 1L << 21); + carry15 = (s15 + (int64_t) (1L << 20)) >> 21; + s16 += carry15; + s15 -= carry15 * ((uint64_t) 1L << 21); + + s5 += s17 * 666643; + s6 += s17 * 470296; + s7 += s17 * 654183; + s8 -= s17 * 997805; + s9 += s17 * 136657; + s10 -= s17 * 683901; + + s4 += s16 * 666643; + s5 += s16 * 470296; + s6 += s16 * 654183; + s7 -= s16 * 997805; + s8 += s16 * 136657; + s9 -= s16 * 683901; + + s3 += s15 * 666643; + s4 += s15 * 470296; + s5 += s15 * 654183; + s6 -= s15 * 997805; + s7 += s15 * 136657; + s8 -= s15 * 683901; + + s2 += s14 * 666643; + s3 += s14 * 470296; + s4 += s14 * 654183; + s5 -= s14 * 997805; + s6 += s14 * 136657; + s7 -= s14 * 683901; + + s1 += s13 * 666643; + s2 += s13 * 470296; + s3 += s13 * 654183; + s4 -= s13 * 997805; + s5 += s13 * 136657; + s6 -= s13 * 683901; + + s0 += s12 * 666643; + s1 += s12 * 470296; + s2 += s12 * 654183; + s3 -= s12 * 997805; + s4 += s12 * 136657; + s5 -= s12 * 683901; + s12 = 0; + + carry0 = (s0 + (int64_t) (1L << 20)) >> 21; + s1 += carry0; + s0 -= carry0 * ((uint64_t) 1L << 21); + carry2 = (s2 + (int64_t) (1L << 20)) >> 21; + s3 += carry2; + s2 -= carry2 * ((uint64_t) 1L << 21); + carry4 = (s4 + (int64_t) (1L << 20)) >> 21; + s5 += carry4; + s4 -= carry4 * ((uint64_t) 1L << 21); + carry6 = (s6 + (int64_t) (1L << 20)) >> 21; + s7 += carry6; + s6 -= carry6 * ((uint64_t) 1L << 21); + carry8 = (s8 + (int64_t) (1L << 20)) >> 21; + s9 += carry8; + s8 -= carry8 * ((uint64_t) 1L << 21); + carry10 = (s10 + (int64_t) (1L << 20)) >> 21; + s11 += carry10; + s10 -= carry10 * ((uint64_t) 1L << 21); + + carry1 = (s1 + (int64_t) (1L << 20)) >> 21; + s2 += carry1; + s1 -= carry1 * ((uint64_t) 1L << 21); + carry3 = (s3 + (int64_t) (1L << 20)) >> 21; + s4 += carry3; + s3 -= carry3 * ((uint64_t) 1L << 21); + carry5 = (s5 + (int64_t) (1L << 20)) >> 21; + s6 += carry5; + s5 -= carry5 * ((uint64_t) 1L << 21); + carry7 = (s7 + (int64_t) (1L << 20)) >> 21; + s8 += carry7; + s7 -= carry7 * ((uint64_t) 1L << 21); + carry9 = (s9 + (int64_t) (1L << 20)) >> 21; + s10 += carry9; + s9 -= carry9 * ((uint64_t) 1L << 21); + carry11 = (s11 + (int64_t) (1L << 20)) >> 21; + s12 += carry11; + s11 -= carry11 * ((uint64_t) 1L << 21); + + s0 += s12 * 666643; + s1 += s12 * 470296; + s2 += s12 * 654183; + s3 -= s12 * 997805; + s4 += s12 * 136657; + s5 -= s12 * 683901; + s12 = 0; + + carry0 = s0 >> 21; + s1 += carry0; + s0 -= carry0 * ((uint64_t) 1L << 21); + carry1 = s1 >> 21; + s2 += carry1; + s1 -= carry1 * ((uint64_t) 1L << 21); + carry2 = s2 >> 21; + s3 += carry2; + s2 -= carry2 * ((uint64_t) 1L << 21); + carry3 = s3 >> 21; + s4 += carry3; + s3 -= carry3 * ((uint64_t) 1L << 21); + carry4 = s4 >> 21; + s5 += carry4; + s4 -= carry4 * ((uint64_t) 1L << 21); + carry5 = s5 >> 21; + s6 += carry5; + s5 -= carry5 * ((uint64_t) 1L << 21); + carry6 = s6 >> 21; + s7 += carry6; + s6 -= carry6 * ((uint64_t) 1L << 21); + carry7 = s7 >> 21; + s8 += carry7; + s7 -= carry7 * ((uint64_t) 1L << 21); + carry8 = s8 >> 21; + s9 += carry8; + s8 -= carry8 * ((uint64_t) 1L << 21); + carry9 = s9 >> 21; + s10 += carry9; + s9 -= carry9 * ((uint64_t) 1L << 21); + carry10 = s10 >> 21; + s11 += carry10; + s10 -= carry10 * ((uint64_t) 1L << 21); + carry11 = s11 >> 21; + s12 += carry11; + s11 -= carry11 * ((uint64_t) 1L << 21); + + s0 += s12 * 666643; + s1 += s12 * 470296; + s2 += s12 * 654183; + s3 -= s12 * 997805; + s4 += s12 * 136657; + s5 -= s12 * 683901; + + carry0 = s0 >> 21; + s1 += carry0; + s0 -= carry0 * ((uint64_t) 1L << 21); + carry1 = s1 >> 21; + s2 += carry1; + s1 -= carry1 * ((uint64_t) 1L << 21); + carry2 = s2 >> 21; + s3 += carry2; + s2 -= carry2 * ((uint64_t) 1L << 21); + carry3 = s3 >> 21; + s4 += carry3; + s3 -= carry3 * ((uint64_t) 1L << 21); + carry4 = s4 >> 21; + s5 += carry4; + s4 -= carry4 * ((uint64_t) 1L << 21); + carry5 = s5 >> 21; + s6 += carry5; + s5 -= carry5 * ((uint64_t) 1L << 21); + carry6 = s6 >> 21; + s7 += carry6; + s6 -= carry6 * ((uint64_t) 1L << 21); + carry7 = s7 >> 21; + s8 += carry7; + s7 -= carry7 * ((uint64_t) 1L << 21); + carry8 = s8 >> 21; + s9 += carry8; + s8 -= carry8 * ((uint64_t) 1L << 21); + carry9 = s9 >> 21; + s10 += carry9; + s9 -= carry9 * ((uint64_t) 1L << 21); + carry10 = s10 >> 21; + s11 += carry10; + s10 -= carry10 * ((uint64_t) 1L << 21); + + s[0] = s0 >> 0; + s[1] = s0 >> 8; + s[2] = (s0 >> 16) | (s1 * ((uint64_t) 1 << 5)); + s[3] = s1 >> 3; + s[4] = s1 >> 11; + s[5] = (s1 >> 19) | (s2 * ((uint64_t) 1 << 2)); + s[6] = s2 >> 6; + s[7] = (s2 >> 14) | (s3 * ((uint64_t) 1 << 7)); + s[8] = s3 >> 1; + s[9] = s3 >> 9; + s[10] = (s3 >> 17) | (s4 * ((uint64_t) 1 << 4)); + s[11] = s4 >> 4; + s[12] = s4 >> 12; + s[13] = (s4 >> 20) | (s5 * ((uint64_t) 1 << 1)); + s[14] = s5 >> 7; + s[15] = (s5 >> 15) | (s6 * ((uint64_t) 1 << 6)); + s[16] = s6 >> 2; + s[17] = s6 >> 10; + s[18] = (s6 >> 18) | (s7 * ((uint64_t) 1 << 3)); + s[19] = s7 >> 5; + s[20] = s7 >> 13; + s[21] = s8 >> 0; + s[22] = s8 >> 8; + s[23] = (s8 >> 16) | (s9 * ((uint64_t) 1 << 5)); + s[24] = s9 >> 3; + s[25] = s9 >> 11; + s[26] = (s9 >> 19) | (s10 * ((uint64_t) 1 << 2)); + s[27] = s10 >> 6; + s[28] = (s10 >> 14) | (s11 * ((uint64_t) 1 << 7)); + s[29] = s11 >> 1; + s[30] = s11 >> 9; + s[31] = s11 >> 17; +} + +/* + Input: + a[0]+256*a[1]+...+256^31*a[31] = a + b[0]+256*b[1]+...+256^31*b[31] = b + c[0]+256*c[1]+...+256^31*c[31] = c + * + Output: + s[0]+256*s[1]+...+256^31*s[31] = (ab+c) mod l + where l = 2^252 + 27742317777372353535851937790883648493. + */ + +void +sc25519_muladd(unsigned char s[32], const unsigned char a[32], + const unsigned char b[32], const unsigned char c[32]) +{ + int64_t a0 = 2097151 & load_3(a); + int64_t a1 = 2097151 & (load_4(a + 2) >> 5); + int64_t a2 = 2097151 & (load_3(a + 5) >> 2); + int64_t a3 = 2097151 & (load_4(a + 7) >> 7); + int64_t a4 = 2097151 & (load_4(a + 10) >> 4); + int64_t a5 = 2097151 & (load_3(a + 13) >> 1); + int64_t a6 = 2097151 & (load_4(a + 15) >> 6); + int64_t a7 = 2097151 & (load_3(a + 18) >> 3); + int64_t a8 = 2097151 & load_3(a + 21); + int64_t a9 = 2097151 & (load_4(a + 23) >> 5); + int64_t a10 = 2097151 & (load_3(a + 26) >> 2); + int64_t a11 = (load_4(a + 28) >> 7); + + int64_t b0 = 2097151 & load_3(b); + int64_t b1 = 2097151 & (load_4(b + 2) >> 5); + int64_t b2 = 2097151 & (load_3(b + 5) >> 2); + int64_t b3 = 2097151 & (load_4(b + 7) >> 7); + int64_t b4 = 2097151 & (load_4(b + 10) >> 4); + int64_t b5 = 2097151 & (load_3(b + 13) >> 1); + int64_t b6 = 2097151 & (load_4(b + 15) >> 6); + int64_t b7 = 2097151 & (load_3(b + 18) >> 3); + int64_t b8 = 2097151 & load_3(b + 21); + int64_t b9 = 2097151 & (load_4(b + 23) >> 5); + int64_t b10 = 2097151 & (load_3(b + 26) >> 2); + int64_t b11 = (load_4(b + 28) >> 7); + + int64_t c0 = 2097151 & load_3(c); + int64_t c1 = 2097151 & (load_4(c + 2) >> 5); + int64_t c2 = 2097151 & (load_3(c + 5) >> 2); + int64_t c3 = 2097151 & (load_4(c + 7) >> 7); + int64_t c4 = 2097151 & (load_4(c + 10) >> 4); + int64_t c5 = 2097151 & (load_3(c + 13) >> 1); + int64_t c6 = 2097151 & (load_4(c + 15) >> 6); + int64_t c7 = 2097151 & (load_3(c + 18) >> 3); + int64_t c8 = 2097151 & load_3(c + 21); + int64_t c9 = 2097151 & (load_4(c + 23) >> 5); + int64_t c10 = 2097151 & (load_3(c + 26) >> 2); + int64_t c11 = (load_4(c + 28) >> 7); + + int64_t s0; + int64_t s1; + int64_t s2; + int64_t s3; + int64_t s4; + int64_t s5; + int64_t s6; + int64_t s7; + int64_t s8; + int64_t s9; + int64_t s10; + int64_t s11; + int64_t s12; + int64_t s13; + int64_t s14; + int64_t s15; + int64_t s16; + int64_t s17; + int64_t s18; + int64_t s19; + int64_t s20; + int64_t s21; + int64_t s22; + int64_t s23; + + int64_t carry0; + int64_t carry1; + int64_t carry2; + int64_t carry3; + int64_t carry4; + int64_t carry5; + int64_t carry6; + int64_t carry7; + int64_t carry8; + int64_t carry9; + int64_t carry10; + int64_t carry11; + int64_t carry12; + int64_t carry13; + int64_t carry14; + int64_t carry15; + int64_t carry16; + int64_t carry17; + int64_t carry18; + int64_t carry19; + int64_t carry20; + int64_t carry21; + int64_t carry22; + + s0 = c0 + a0 * b0; + s1 = c1 + a0 * b1 + a1 * b0; + s2 = c2 + a0 * b2 + a1 * b1 + a2 * b0; + s3 = c3 + a0 * b3 + a1 * b2 + a2 * b1 + a3 * b0; + s4 = c4 + a0 * b4 + a1 * b3 + a2 * b2 + a3 * b1 + a4 * b0; + s5 = c5 + a0 * b5 + a1 * b4 + a2 * b3 + a3 * b2 + a4 * b1 + a5 * b0; + s6 = c6 + a0 * b6 + a1 * b5 + a2 * b4 + a3 * b3 + a4 * b2 + a5 * b1 + + a6 * b0; + s7 = c7 + a0 * b7 + a1 * b6 + a2 * b5 + a3 * b4 + a4 * b3 + a5 * b2 + + a6 * b1 + a7 * b0; + s8 = c8 + a0 * b8 + a1 * b7 + a2 * b6 + a3 * b5 + a4 * b4 + a5 * b3 + + a6 * b2 + a7 * b1 + a8 * b0; + s9 = c9 + a0 * b9 + a1 * b8 + a2 * b7 + a3 * b6 + a4 * b5 + a5 * b4 + + a6 * b3 + a7 * b2 + a8 * b1 + a9 * b0; + s10 = c10 + a0 * b10 + a1 * b9 + a2 * b8 + a3 * b7 + a4 * b6 + a5 * b5 + + a6 * b4 + a7 * b3 + a8 * b2 + a9 * b1 + a10 * b0; + s11 = c11 + a0 * b11 + a1 * b10 + a2 * b9 + a3 * b8 + a4 * b7 + a5 * b6 + + a6 * b5 + a7 * b4 + a8 * b3 + a9 * b2 + a10 * b1 + a11 * b0; + s12 = a1 * b11 + a2 * b10 + a3 * b9 + a4 * b8 + a5 * b7 + a6 * b6 + + a7 * b5 + a8 * b4 + a9 * b3 + a10 * b2 + a11 * b1; + s13 = a2 * b11 + a3 * b10 + a4 * b9 + a5 * b8 + a6 * b7 + a7 * b6 + + a8 * b5 + a9 * b4 + a10 * b3 + a11 * b2; + s14 = a3 * b11 + a4 * b10 + a5 * b9 + a6 * b8 + a7 * b7 + a8 * b6 + + a9 * b5 + a10 * b4 + a11 * b3; + s15 = a4 * b11 + a5 * b10 + a6 * b9 + a7 * b8 + a8 * b7 + a9 * b6 + + a10 * b5 + a11 * b4; + s16 = + a5 * b11 + a6 * b10 + a7 * b9 + a8 * b8 + a9 * b7 + a10 * b6 + a11 * b5; + s17 = a6 * b11 + a7 * b10 + a8 * b9 + a9 * b8 + a10 * b7 + a11 * b6; + s18 = a7 * b11 + a8 * b10 + a9 * b9 + a10 * b8 + a11 * b7; + s19 = a8 * b11 + a9 * b10 + a10 * b9 + a11 * b8; + s20 = a9 * b11 + a10 * b10 + a11 * b9; + s21 = a10 * b11 + a11 * b10; + s22 = a11 * b11; + s23 = 0; + + carry0 = (s0 + (int64_t) (1L << 20)) >> 21; + s1 += carry0; + s0 -= carry0 * ((uint64_t) 1L << 21); + carry2 = (s2 + (int64_t) (1L << 20)) >> 21; + s3 += carry2; + s2 -= carry2 * ((uint64_t) 1L << 21); + carry4 = (s4 + (int64_t) (1L << 20)) >> 21; + s5 += carry4; + s4 -= carry4 * ((uint64_t) 1L << 21); + carry6 = (s6 + (int64_t) (1L << 20)) >> 21; + s7 += carry6; + s6 -= carry6 * ((uint64_t) 1L << 21); + carry8 = (s8 + (int64_t) (1L << 20)) >> 21; + s9 += carry8; + s8 -= carry8 * ((uint64_t) 1L << 21); + carry10 = (s10 + (int64_t) (1L << 20)) >> 21; + s11 += carry10; + s10 -= carry10 * ((uint64_t) 1L << 21); + carry12 = (s12 + (int64_t) (1L << 20)) >> 21; + s13 += carry12; + s12 -= carry12 * ((uint64_t) 1L << 21); + carry14 = (s14 + (int64_t) (1L << 20)) >> 21; + s15 += carry14; + s14 -= carry14 * ((uint64_t) 1L << 21); + carry16 = (s16 + (int64_t) (1L << 20)) >> 21; + s17 += carry16; + s16 -= carry16 * ((uint64_t) 1L << 21); + carry18 = (s18 + (int64_t) (1L << 20)) >> 21; + s19 += carry18; + s18 -= carry18 * ((uint64_t) 1L << 21); + carry20 = (s20 + (int64_t) (1L << 20)) >> 21; + s21 += carry20; + s20 -= carry20 * ((uint64_t) 1L << 21); + carry22 = (s22 + (int64_t) (1L << 20)) >> 21; + s23 += carry22; + s22 -= carry22 * ((uint64_t) 1L << 21); + + carry1 = (s1 + (int64_t) (1L << 20)) >> 21; + s2 += carry1; + s1 -= carry1 * ((uint64_t) 1L << 21); + carry3 = (s3 + (int64_t) (1L << 20)) >> 21; + s4 += carry3; + s3 -= carry3 * ((uint64_t) 1L << 21); + carry5 = (s5 + (int64_t) (1L << 20)) >> 21; + s6 += carry5; + s5 -= carry5 * ((uint64_t) 1L << 21); + carry7 = (s7 + (int64_t) (1L << 20)) >> 21; + s8 += carry7; + s7 -= carry7 * ((uint64_t) 1L << 21); + carry9 = (s9 + (int64_t) (1L << 20)) >> 21; + s10 += carry9; + s9 -= carry9 * ((uint64_t) 1L << 21); + carry11 = (s11 + (int64_t) (1L << 20)) >> 21; + s12 += carry11; + s11 -= carry11 * ((uint64_t) 1L << 21); + carry13 = (s13 + (int64_t) (1L << 20)) >> 21; + s14 += carry13; + s13 -= carry13 * ((uint64_t) 1L << 21); + carry15 = (s15 + (int64_t) (1L << 20)) >> 21; + s16 += carry15; + s15 -= carry15 * ((uint64_t) 1L << 21); + carry17 = (s17 + (int64_t) (1L << 20)) >> 21; + s18 += carry17; + s17 -= carry17 * ((uint64_t) 1L << 21); + carry19 = (s19 + (int64_t) (1L << 20)) >> 21; + s20 += carry19; + s19 -= carry19 * ((uint64_t) 1L << 21); + carry21 = (s21 + (int64_t) (1L << 20)) >> 21; + s22 += carry21; + s21 -= carry21 * ((uint64_t) 1L << 21); + + s11 += s23 * 666643; + s12 += s23 * 470296; + s13 += s23 * 654183; + s14 -= s23 * 997805; + s15 += s23 * 136657; + s16 -= s23 * 683901; + + s10 += s22 * 666643; + s11 += s22 * 470296; + s12 += s22 * 654183; + s13 -= s22 * 997805; + s14 += s22 * 136657; + s15 -= s22 * 683901; + + s9 += s21 * 666643; + s10 += s21 * 470296; + s11 += s21 * 654183; + s12 -= s21 * 997805; + s13 += s21 * 136657; + s14 -= s21 * 683901; + + s8 += s20 * 666643; + s9 += s20 * 470296; + s10 += s20 * 654183; + s11 -= s20 * 997805; + s12 += s20 * 136657; + s13 -= s20 * 683901; + + s7 += s19 * 666643; + s8 += s19 * 470296; + s9 += s19 * 654183; + s10 -= s19 * 997805; + s11 += s19 * 136657; + s12 -= s19 * 683901; + + s6 += s18 * 666643; + s7 += s18 * 470296; + s8 += s18 * 654183; + s9 -= s18 * 997805; + s10 += s18 * 136657; + s11 -= s18 * 683901; + + carry6 = (s6 + (int64_t) (1L << 20)) >> 21; + s7 += carry6; + s6 -= carry6 * ((uint64_t) 1L << 21); + carry8 = (s8 + (int64_t) (1L << 20)) >> 21; + s9 += carry8; + s8 -= carry8 * ((uint64_t) 1L << 21); + carry10 = (s10 + (int64_t) (1L << 20)) >> 21; + s11 += carry10; + s10 -= carry10 * ((uint64_t) 1L << 21); + carry12 = (s12 + (int64_t) (1L << 20)) >> 21; + s13 += carry12; + s12 -= carry12 * ((uint64_t) 1L << 21); + carry14 = (s14 + (int64_t) (1L << 20)) >> 21; + s15 += carry14; + s14 -= carry14 * ((uint64_t) 1L << 21); + carry16 = (s16 + (int64_t) (1L << 20)) >> 21; + s17 += carry16; + s16 -= carry16 * ((uint64_t) 1L << 21); + + carry7 = (s7 + (int64_t) (1L << 20)) >> 21; + s8 += carry7; + s7 -= carry7 * ((uint64_t) 1L << 21); + carry9 = (s9 + (int64_t) (1L << 20)) >> 21; + s10 += carry9; + s9 -= carry9 * ((uint64_t) 1L << 21); + carry11 = (s11 + (int64_t) (1L << 20)) >> 21; + s12 += carry11; + s11 -= carry11 * ((uint64_t) 1L << 21); + carry13 = (s13 + (int64_t) (1L << 20)) >> 21; + s14 += carry13; + s13 -= carry13 * ((uint64_t) 1L << 21); + carry15 = (s15 + (int64_t) (1L << 20)) >> 21; + s16 += carry15; + s15 -= carry15 * ((uint64_t) 1L << 21); + + s5 += s17 * 666643; + s6 += s17 * 470296; + s7 += s17 * 654183; + s8 -= s17 * 997805; + s9 += s17 * 136657; + s10 -= s17 * 683901; + + s4 += s16 * 666643; + s5 += s16 * 470296; + s6 += s16 * 654183; + s7 -= s16 * 997805; + s8 += s16 * 136657; + s9 -= s16 * 683901; + + s3 += s15 * 666643; + s4 += s15 * 470296; + s5 += s15 * 654183; + s6 -= s15 * 997805; + s7 += s15 * 136657; + s8 -= s15 * 683901; + + s2 += s14 * 666643; + s3 += s14 * 470296; + s4 += s14 * 654183; + s5 -= s14 * 997805; + s6 += s14 * 136657; + s7 -= s14 * 683901; + + s1 += s13 * 666643; + s2 += s13 * 470296; + s3 += s13 * 654183; + s4 -= s13 * 997805; + s5 += s13 * 136657; + s6 -= s13 * 683901; + + s0 += s12 * 666643; + s1 += s12 * 470296; + s2 += s12 * 654183; + s3 -= s12 * 997805; + s4 += s12 * 136657; + s5 -= s12 * 683901; + s12 = 0; + + carry0 = (s0 + (int64_t) (1L << 20)) >> 21; + s1 += carry0; + s0 -= carry0 * ((uint64_t) 1L << 21); + carry2 = (s2 + (int64_t) (1L << 20)) >> 21; + s3 += carry2; + s2 -= carry2 * ((uint64_t) 1L << 21); + carry4 = (s4 + (int64_t) (1L << 20)) >> 21; + s5 += carry4; + s4 -= carry4 * ((uint64_t) 1L << 21); + carry6 = (s6 + (int64_t) (1L << 20)) >> 21; + s7 += carry6; + s6 -= carry6 * ((uint64_t) 1L << 21); + carry8 = (s8 + (int64_t) (1L << 20)) >> 21; + s9 += carry8; + s8 -= carry8 * ((uint64_t) 1L << 21); + carry10 = (s10 + (int64_t) (1L << 20)) >> 21; + s11 += carry10; + s10 -= carry10 * ((uint64_t) 1L << 21); + + carry1 = (s1 + (int64_t) (1L << 20)) >> 21; + s2 += carry1; + s1 -= carry1 * ((uint64_t) 1L << 21); + carry3 = (s3 + (int64_t) (1L << 20)) >> 21; + s4 += carry3; + s3 -= carry3 * ((uint64_t) 1L << 21); + carry5 = (s5 + (int64_t) (1L << 20)) >> 21; + s6 += carry5; + s5 -= carry5 * ((uint64_t) 1L << 21); + carry7 = (s7 + (int64_t) (1L << 20)) >> 21; + s8 += carry7; + s7 -= carry7 * ((uint64_t) 1L << 21); + carry9 = (s9 + (int64_t) (1L << 20)) >> 21; + s10 += carry9; + s9 -= carry9 * ((uint64_t) 1L << 21); + carry11 = (s11 + (int64_t) (1L << 20)) >> 21; + s12 += carry11; + s11 -= carry11 * ((uint64_t) 1L << 21); + + s0 += s12 * 666643; + s1 += s12 * 470296; + s2 += s12 * 654183; + s3 -= s12 * 997805; + s4 += s12 * 136657; + s5 -= s12 * 683901; + s12 = 0; + + carry0 = s0 >> 21; + s1 += carry0; + s0 -= carry0 * ((uint64_t) 1L << 21); + carry1 = s1 >> 21; + s2 += carry1; + s1 -= carry1 * ((uint64_t) 1L << 21); + carry2 = s2 >> 21; + s3 += carry2; + s2 -= carry2 * ((uint64_t) 1L << 21); + carry3 = s3 >> 21; + s4 += carry3; + s3 -= carry3 * ((uint64_t) 1L << 21); + carry4 = s4 >> 21; + s5 += carry4; + s4 -= carry4 * ((uint64_t) 1L << 21); + carry5 = s5 >> 21; + s6 += carry5; + s5 -= carry5 * ((uint64_t) 1L << 21); + carry6 = s6 >> 21; + s7 += carry6; + s6 -= carry6 * ((uint64_t) 1L << 21); + carry7 = s7 >> 21; + s8 += carry7; + s7 -= carry7 * ((uint64_t) 1L << 21); + carry8 = s8 >> 21; + s9 += carry8; + s8 -= carry8 * ((uint64_t) 1L << 21); + carry9 = s9 >> 21; + s10 += carry9; + s9 -= carry9 * ((uint64_t) 1L << 21); + carry10 = s10 >> 21; + s11 += carry10; + s10 -= carry10 * ((uint64_t) 1L << 21); + carry11 = s11 >> 21; + s12 += carry11; + s11 -= carry11 * ((uint64_t) 1L << 21); + + s0 += s12 * 666643; + s1 += s12 * 470296; + s2 += s12 * 654183; + s3 -= s12 * 997805; + s4 += s12 * 136657; + s5 -= s12 * 683901; + + carry0 = s0 >> 21; + s1 += carry0; + s0 -= carry0 * ((uint64_t) 1L << 21); + carry1 = s1 >> 21; + s2 += carry1; + s1 -= carry1 * ((uint64_t) 1L << 21); + carry2 = s2 >> 21; + s3 += carry2; + s2 -= carry2 * ((uint64_t) 1L << 21); + carry3 = s3 >> 21; + s4 += carry3; + s3 -= carry3 * ((uint64_t) 1L << 21); + carry4 = s4 >> 21; + s5 += carry4; + s4 -= carry4 * ((uint64_t) 1L << 21); + carry5 = s5 >> 21; + s6 += carry5; + s5 -= carry5 * ((uint64_t) 1L << 21); + carry6 = s6 >> 21; + s7 += carry6; + s6 -= carry6 * ((uint64_t) 1L << 21); + carry7 = s7 >> 21; + s8 += carry7; + s7 -= carry7 * ((uint64_t) 1L << 21); + carry8 = s8 >> 21; + s9 += carry8; + s8 -= carry8 * ((uint64_t) 1L << 21); + carry9 = s9 >> 21; + s10 += carry9; + s9 -= carry9 * ((uint64_t) 1L << 21); + carry10 = s10 >> 21; + s11 += carry10; + s10 -= carry10 * ((uint64_t) 1L << 21); + + s[0] = s0 >> 0; + s[1] = s0 >> 8; + s[2] = (s0 >> 16) | (s1 * ((uint64_t) 1 << 5)); + s[3] = s1 >> 3; + s[4] = s1 >> 11; + s[5] = (s1 >> 19) | (s2 * ((uint64_t) 1 << 2)); + s[6] = s2 >> 6; + s[7] = (s2 >> 14) | (s3 * ((uint64_t) 1 << 7)); + s[8] = s3 >> 1; + s[9] = s3 >> 9; + s[10] = (s3 >> 17) | (s4 * ((uint64_t) 1 << 4)); + s[11] = s4 >> 4; + s[12] = s4 >> 12; + s[13] = (s4 >> 20) | (s5 * ((uint64_t) 1 << 1)); + s[14] = s5 >> 7; + s[15] = (s5 >> 15) | (s6 * ((uint64_t) 1 << 6)); + s[16] = s6 >> 2; + s[17] = s6 >> 10; + s[18] = (s6 >> 18) | (s7 * ((uint64_t) 1 << 3)); + s[19] = s7 >> 5; + s[20] = s7 >> 13; + s[21] = s8 >> 0; + s[22] = s8 >> 8; + s[23] = (s8 >> 16) | (s9 * ((uint64_t) 1 << 5)); + s[24] = s9 >> 3; + s[25] = s9 >> 11; + s[26] = (s9 >> 19) | (s10 * ((uint64_t) 1 << 2)); + s[27] = s10 >> 6; + s[28] = (s10 >> 14) | (s11 * ((uint64_t) 1 << 7)); + s[29] = s11 >> 1; + s[30] = s11 >> 9; + s[31] = s11 >> 17; +} + +/* + Input: + a[0]+256*a[1]+...+256^31*a[31] = a + * + Output: + s[0]+256*s[1]+...+256^31*s[31] = a^2 mod l + where l = 2^252 + 27742317777372353535851937790883648493. + */ + +static inline void +sc25519_sq(unsigned char *s, const unsigned char *a) +{ + sc25519_mul(s, a, a); +} + +/* + Input: + s[0]+256*a[1]+...+256^31*a[31] = a + n + * + Output: + s[0]+256*s[1]+...+256^31*s[31] = x * s^(s^n) mod l + where l = 2^252 + 27742317777372353535851937790883648493. + Overwrites s in place. + */ + +static inline void +sc25519_sqmul(unsigned char s[32], const int n, const unsigned char a[32]) +{ + int i; + + for (i = 0; i < n; i++) { + sc25519_sq(s, s); + } + sc25519_mul(s, s, a); +} + +void +sc25519_invert(unsigned char recip[32], const unsigned char s[32]) +{ + unsigned char _10[32], _100[32], _11[32], _101[32], _111[32], + _1001[32], _1011[32], _1111[32]; + + sc25519_sq(_10, s); + sc25519_sq(_100, _10); + sc25519_mul(_11, _10, s); + sc25519_mul(_101, _10, _11); + sc25519_mul(_111, _10, _101); + sc25519_mul(_1001, _10, _111); + sc25519_mul(_1011, _10, _1001); + sc25519_mul(_1111, _100, _1011); + sc25519_mul(recip, _1111, s); + + sc25519_sqmul(recip, 123 + 3, _101); + sc25519_sqmul(recip, 2 + 2, _11); + sc25519_sqmul(recip, 1 + 4, _1111); + sc25519_sqmul(recip, 1 + 4, _1111); + sc25519_sqmul(recip, 4, _1001); + sc25519_sqmul(recip, 2, _11); + sc25519_sqmul(recip, 1 + 4, _1111); + sc25519_sqmul(recip, 1 + 3, _101); + sc25519_sqmul(recip, 3 + 3, _101); + sc25519_sqmul(recip, 3, _111); + sc25519_sqmul(recip, 1 + 4, _1111); + sc25519_sqmul(recip, 2 + 3, _111); + sc25519_sqmul(recip, 2 + 2, _11); + sc25519_sqmul(recip, 1 + 4, _1011); + sc25519_sqmul(recip, 2 + 4, _1011); + sc25519_sqmul(recip, 6 + 4, _1001); + sc25519_sqmul(recip, 2 + 2, _11); + sc25519_sqmul(recip, 3 + 2, _11); + sc25519_sqmul(recip, 3 + 2, _11); + sc25519_sqmul(recip, 1 + 4, _1001); + sc25519_sqmul(recip, 1 + 3, _111); + sc25519_sqmul(recip, 2 + 4, _1111); + sc25519_sqmul(recip, 1 + 4, _1011); + sc25519_sqmul(recip, 3, _101); + sc25519_sqmul(recip, 2 + 4, _1111); + sc25519_sqmul(recip, 3, _101); + sc25519_sqmul(recip, 1 + 2, _11); +} + +/* + Input: + s[0]+256*s[1]+...+256^63*s[63] = s + * + Output: + s[0]+256*s[1]+...+256^31*s[31] = s mod l + where l = 2^252 + 27742317777372353535851937790883648493. + Overwrites s in place. + */ + +void +sc25519_reduce(unsigned char s[64]) +{ + int64_t s0 = 2097151 & load_3(s); + int64_t s1 = 2097151 & (load_4(s + 2) >> 5); + int64_t s2 = 2097151 & (load_3(s + 5) >> 2); + int64_t s3 = 2097151 & (load_4(s + 7) >> 7); + int64_t s4 = 2097151 & (load_4(s + 10) >> 4); + int64_t s5 = 2097151 & (load_3(s + 13) >> 1); + int64_t s6 = 2097151 & (load_4(s + 15) >> 6); + int64_t s7 = 2097151 & (load_3(s + 18) >> 3); + int64_t s8 = 2097151 & load_3(s + 21); + int64_t s9 = 2097151 & (load_4(s + 23) >> 5); + int64_t s10 = 2097151 & (load_3(s + 26) >> 2); + int64_t s11 = 2097151 & (load_4(s + 28) >> 7); + int64_t s12 = 2097151 & (load_4(s + 31) >> 4); + int64_t s13 = 2097151 & (load_3(s + 34) >> 1); + int64_t s14 = 2097151 & (load_4(s + 36) >> 6); + int64_t s15 = 2097151 & (load_3(s + 39) >> 3); + int64_t s16 = 2097151 & load_3(s + 42); + int64_t s17 = 2097151 & (load_4(s + 44) >> 5); + int64_t s18 = 2097151 & (load_3(s + 47) >> 2); + int64_t s19 = 2097151 & (load_4(s + 49) >> 7); + int64_t s20 = 2097151 & (load_4(s + 52) >> 4); + int64_t s21 = 2097151 & (load_3(s + 55) >> 1); + int64_t s22 = 2097151 & (load_4(s + 57) >> 6); + int64_t s23 = (load_4(s + 60) >> 3); + + int64_t carry0; + int64_t carry1; + int64_t carry2; + int64_t carry3; + int64_t carry4; + int64_t carry5; + int64_t carry6; + int64_t carry7; + int64_t carry8; + int64_t carry9; + int64_t carry10; + int64_t carry11; + int64_t carry12; + int64_t carry13; + int64_t carry14; + int64_t carry15; + int64_t carry16; + + s11 += s23 * 666643; + s12 += s23 * 470296; + s13 += s23 * 654183; + s14 -= s23 * 997805; + s15 += s23 * 136657; + s16 -= s23 * 683901; + + s10 += s22 * 666643; + s11 += s22 * 470296; + s12 += s22 * 654183; + s13 -= s22 * 997805; + s14 += s22 * 136657; + s15 -= s22 * 683901; + + s9 += s21 * 666643; + s10 += s21 * 470296; + s11 += s21 * 654183; + s12 -= s21 * 997805; + s13 += s21 * 136657; + s14 -= s21 * 683901; + + s8 += s20 * 666643; + s9 += s20 * 470296; + s10 += s20 * 654183; + s11 -= s20 * 997805; + s12 += s20 * 136657; + s13 -= s20 * 683901; + + s7 += s19 * 666643; + s8 += s19 * 470296; + s9 += s19 * 654183; + s10 -= s19 * 997805; + s11 += s19 * 136657; + s12 -= s19 * 683901; + + s6 += s18 * 666643; + s7 += s18 * 470296; + s8 += s18 * 654183; + s9 -= s18 * 997805; + s10 += s18 * 136657; + s11 -= s18 * 683901; + + carry6 = (s6 + (int64_t) (1L << 20)) >> 21; + s7 += carry6; + s6 -= carry6 * ((uint64_t) 1L << 21); + carry8 = (s8 + (int64_t) (1L << 20)) >> 21; + s9 += carry8; + s8 -= carry8 * ((uint64_t) 1L << 21); + carry10 = (s10 + (int64_t) (1L << 20)) >> 21; + s11 += carry10; + s10 -= carry10 * ((uint64_t) 1L << 21); + carry12 = (s12 + (int64_t) (1L << 20)) >> 21; + s13 += carry12; + s12 -= carry12 * ((uint64_t) 1L << 21); + carry14 = (s14 + (int64_t) (1L << 20)) >> 21; + s15 += carry14; + s14 -= carry14 * ((uint64_t) 1L << 21); + carry16 = (s16 + (int64_t) (1L << 20)) >> 21; + s17 += carry16; + s16 -= carry16 * ((uint64_t) 1L << 21); + + carry7 = (s7 + (int64_t) (1L << 20)) >> 21; + s8 += carry7; + s7 -= carry7 * ((uint64_t) 1L << 21); + carry9 = (s9 + (int64_t) (1L << 20)) >> 21; + s10 += carry9; + s9 -= carry9 * ((uint64_t) 1L << 21); + carry11 = (s11 + (int64_t) (1L << 20)) >> 21; + s12 += carry11; + s11 -= carry11 * ((uint64_t) 1L << 21); + carry13 = (s13 + (int64_t) (1L << 20)) >> 21; + s14 += carry13; + s13 -= carry13 * ((uint64_t) 1L << 21); + carry15 = (s15 + (int64_t) (1L << 20)) >> 21; + s16 += carry15; + s15 -= carry15 * ((uint64_t) 1L << 21); + + s5 += s17 * 666643; + s6 += s17 * 470296; + s7 += s17 * 654183; + s8 -= s17 * 997805; + s9 += s17 * 136657; + s10 -= s17 * 683901; + + s4 += s16 * 666643; + s5 += s16 * 470296; + s6 += s16 * 654183; + s7 -= s16 * 997805; + s8 += s16 * 136657; + s9 -= s16 * 683901; + + s3 += s15 * 666643; + s4 += s15 * 470296; + s5 += s15 * 654183; + s6 -= s15 * 997805; + s7 += s15 * 136657; + s8 -= s15 * 683901; + + s2 += s14 * 666643; + s3 += s14 * 470296; + s4 += s14 * 654183; + s5 -= s14 * 997805; + s6 += s14 * 136657; + s7 -= s14 * 683901; + + s1 += s13 * 666643; + s2 += s13 * 470296; + s3 += s13 * 654183; + s4 -= s13 * 997805; + s5 += s13 * 136657; + s6 -= s13 * 683901; + + s0 += s12 * 666643; + s1 += s12 * 470296; + s2 += s12 * 654183; + s3 -= s12 * 997805; + s4 += s12 * 136657; + s5 -= s12 * 683901; + s12 = 0; + + carry0 = (s0 + (int64_t) (1L << 20)) >> 21; + s1 += carry0; + s0 -= carry0 * ((uint64_t) 1L << 21); + carry2 = (s2 + (int64_t) (1L << 20)) >> 21; + s3 += carry2; + s2 -= carry2 * ((uint64_t) 1L << 21); + carry4 = (s4 + (int64_t) (1L << 20)) >> 21; + s5 += carry4; + s4 -= carry4 * ((uint64_t) 1L << 21); + carry6 = (s6 + (int64_t) (1L << 20)) >> 21; + s7 += carry6; + s6 -= carry6 * ((uint64_t) 1L << 21); + carry8 = (s8 + (int64_t) (1L << 20)) >> 21; + s9 += carry8; + s8 -= carry8 * ((uint64_t) 1L << 21); + carry10 = (s10 + (int64_t) (1L << 20)) >> 21; + s11 += carry10; + s10 -= carry10 * ((uint64_t) 1L << 21); + + carry1 = (s1 + (int64_t) (1L << 20)) >> 21; + s2 += carry1; + s1 -= carry1 * ((uint64_t) 1L << 21); + carry3 = (s3 + (int64_t) (1L << 20)) >> 21; + s4 += carry3; + s3 -= carry3 * ((uint64_t) 1L << 21); + carry5 = (s5 + (int64_t) (1L << 20)) >> 21; + s6 += carry5; + s5 -= carry5 * ((uint64_t) 1L << 21); + carry7 = (s7 + (int64_t) (1L << 20)) >> 21; + s8 += carry7; + s7 -= carry7 * ((uint64_t) 1L << 21); + carry9 = (s9 + (int64_t) (1L << 20)) >> 21; + s10 += carry9; + s9 -= carry9 * ((uint64_t) 1L << 21); + carry11 = (s11 + (int64_t) (1L << 20)) >> 21; + s12 += carry11; + s11 -= carry11 * ((uint64_t) 1L << 21); + + s0 += s12 * 666643; + s1 += s12 * 470296; + s2 += s12 * 654183; + s3 -= s12 * 997805; + s4 += s12 * 136657; + s5 -= s12 * 683901; + s12 = 0; + + carry0 = s0 >> 21; + s1 += carry0; + s0 -= carry0 * ((uint64_t) 1L << 21); + carry1 = s1 >> 21; + s2 += carry1; + s1 -= carry1 * ((uint64_t) 1L << 21); + carry2 = s2 >> 21; + s3 += carry2; + s2 -= carry2 * ((uint64_t) 1L << 21); + carry3 = s3 >> 21; + s4 += carry3; + s3 -= carry3 * ((uint64_t) 1L << 21); + carry4 = s4 >> 21; + s5 += carry4; + s4 -= carry4 * ((uint64_t) 1L << 21); + carry5 = s5 >> 21; + s6 += carry5; + s5 -= carry5 * ((uint64_t) 1L << 21); + carry6 = s6 >> 21; + s7 += carry6; + s6 -= carry6 * ((uint64_t) 1L << 21); + carry7 = s7 >> 21; + s8 += carry7; + s7 -= carry7 * ((uint64_t) 1L << 21); + carry8 = s8 >> 21; + s9 += carry8; + s8 -= carry8 * ((uint64_t) 1L << 21); + carry9 = s9 >> 21; + s10 += carry9; + s9 -= carry9 * ((uint64_t) 1L << 21); + carry10 = s10 >> 21; + s11 += carry10; + s10 -= carry10 * ((uint64_t) 1L << 21); + carry11 = s11 >> 21; + s12 += carry11; + s11 -= carry11 * ((uint64_t) 1L << 21); + + s0 += s12 * 666643; + s1 += s12 * 470296; + s2 += s12 * 654183; + s3 -= s12 * 997805; + s4 += s12 * 136657; + s5 -= s12 * 683901; + + carry0 = s0 >> 21; + s1 += carry0; + s0 -= carry0 * ((uint64_t) 1L << 21); + carry1 = s1 >> 21; + s2 += carry1; + s1 -= carry1 * ((uint64_t) 1L << 21); + carry2 = s2 >> 21; + s3 += carry2; + s2 -= carry2 * ((uint64_t) 1L << 21); + carry3 = s3 >> 21; + s4 += carry3; + s3 -= carry3 * ((uint64_t) 1L << 21); + carry4 = s4 >> 21; + s5 += carry4; + s4 -= carry4 * ((uint64_t) 1L << 21); + carry5 = s5 >> 21; + s6 += carry5; + s5 -= carry5 * ((uint64_t) 1L << 21); + carry6 = s6 >> 21; + s7 += carry6; + s6 -= carry6 * ((uint64_t) 1L << 21); + carry7 = s7 >> 21; + s8 += carry7; + s7 -= carry7 * ((uint64_t) 1L << 21); + carry8 = s8 >> 21; + s9 += carry8; + s8 -= carry8 * ((uint64_t) 1L << 21); + carry9 = s9 >> 21; + s10 += carry9; + s9 -= carry9 * ((uint64_t) 1L << 21); + carry10 = s10 >> 21; + s11 += carry10; + s10 -= carry10 * ((uint64_t) 1L << 21); + + s[0] = s0 >> 0; + s[1] = s0 >> 8; + s[2] = (s0 >> 16) | (s1 * ((uint64_t) 1 << 5)); + s[3] = s1 >> 3; + s[4] = s1 >> 11; + s[5] = (s1 >> 19) | (s2 * ((uint64_t) 1 << 2)); + s[6] = s2 >> 6; + s[7] = (s2 >> 14) | (s3 * ((uint64_t) 1 << 7)); + s[8] = s3 >> 1; + s[9] = s3 >> 9; + s[10] = (s3 >> 17) | (s4 * ((uint64_t) 1 << 4)); + s[11] = s4 >> 4; + s[12] = s4 >> 12; + s[13] = (s4 >> 20) | (s5 * ((uint64_t) 1 << 1)); + s[14] = s5 >> 7; + s[15] = (s5 >> 15) | (s6 * ((uint64_t) 1 << 6)); + s[16] = s6 >> 2; + s[17] = s6 >> 10; + s[18] = (s6 >> 18) | (s7 * ((uint64_t) 1 << 3)); + s[19] = s7 >> 5; + s[20] = s7 >> 13; + s[21] = s8 >> 0; + s[22] = s8 >> 8; + s[23] = (s8 >> 16) | (s9 * ((uint64_t) 1 << 5)); + s[24] = s9 >> 3; + s[25] = s9 >> 11; + s[26] = (s9 >> 19) | (s10 * ((uint64_t) 1 << 2)); + s[27] = s10 >> 6; + s[28] = (s10 >> 14) | (s11 * ((uint64_t) 1 << 7)); + s[29] = s11 >> 1; + s[30] = s11 >> 9; + s[31] = s11 >> 17; +} + +int +sc25519_is_canonical(const unsigned char s[32]) +{ + /* 2^252+27742317777372353535851937790883648493 */ + static const unsigned char L[32] = { + 0xed, 0xd3, 0xf5, 0x5c, 0x1a, 0x63, 0x12, 0x58, 0xd6, 0x9c, 0xf7, + 0xa2, 0xde, 0xf9, 0xde, 0x14, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x10 + }; + unsigned char c = 0; + unsigned char n = 1; + unsigned int i = 32; + + do { + i--; + c |= ((s[i] - L[i]) >> 8) & n; + n &= ((s[i] ^ L[i]) - 1) >> 8; + } while (i != 0); + + return (c != 0); +} + +static void +chi25519(fe25519 out, const fe25519 z) +{ + fe25519 t0, t1, t2, t3; + int i; + + fe25519_sq(t0, z); + fe25519_mul(t1, t0, z); + fe25519_sq(t0, t1); + fe25519_sq(t2, t0); + fe25519_sq(t2, t2); + fe25519_mul(t2, t2, t0); + fe25519_mul(t1, t2, z); + fe25519_sq(t2, t1); + + for (i = 1; i < 5; i++) { + fe25519_sq(t2, t2); + } + fe25519_mul(t1, t2, t1); + fe25519_sq(t2, t1); + for (i = 1; i < 10; i++) { + fe25519_sq(t2, t2); + } + fe25519_mul(t2, t2, t1); + fe25519_sq(t3, t2); + for (i = 1; i < 20; i++) { + fe25519_sq(t3, t3); + } + fe25519_mul(t2, t3, t2); + fe25519_sq(t2, t2); + for (i = 1; i < 10; i++) { + fe25519_sq(t2, t2); + } + fe25519_mul(t1, t2, t1); + fe25519_sq(t2, t1); + for (i = 1; i < 50; i++) { + fe25519_sq(t2, t2); + } + fe25519_mul(t2, t2, t1); + fe25519_sq(t3, t2); + for (i = 1; i < 100; i++) { + fe25519_sq(t3, t3); + } + fe25519_mul(t2, t3, t2); + fe25519_sq(t2, t2); + for (i = 1; i < 50; i++) { + fe25519_sq(t2, t2); + } + fe25519_mul(t1, t2, t1); + fe25519_sq(t1, t1); + for (i = 1; i < 4; i++) { + fe25519_sq(t1, t1); + } + fe25519_mul(out, t1, t0); +} + +void +ge25519_from_uniform(unsigned char s[32], const unsigned char r[32]) +{ + fe25519 e; + fe25519 negx; + fe25519 rr2; + fe25519 x, x2, x3; + ge25519_p3 p3; + ge25519_p1p1 p1; + ge25519_p2 p2; + unsigned int e_is_minus_1; + unsigned char x_sign; + + memcpy(s, r, 32); + x_sign = s[31] & 0x80; + s[31] &= 0x7f; + + fe25519_frombytes(rr2, s); + + /* elligator */ + fe25519_sq2(rr2, rr2); + rr2[0]++; + fe25519_invert(rr2, rr2); + fe25519_mul(x, curve25519_A, rr2); + fe25519_neg(x, x); + + fe25519_sq(x2, x); + fe25519_mul(x3, x, x2); + fe25519_add(e, x3, x); + fe25519_mul(x2, x2, curve25519_A); + fe25519_add(e, x2, e); + + chi25519(e, e); + + fe25519_tobytes(s, e); + e_is_minus_1 = s[1] & 1; + fe25519_neg(negx, x); + fe25519_cmov(x, negx, e_is_minus_1); + fe25519_0(x2); + fe25519_cmov(x2, curve25519_A, e_is_minus_1); + fe25519_sub(x, x, x2); + + /* yed = (x-1)/(x+1) */ + { + fe25519 one; + fe25519 x_plus_one; + fe25519 x_plus_one_inv; + fe25519 x_minus_one; + fe25519 yed; + + fe25519_1(one); + fe25519_add(x_plus_one, x, one); + fe25519_sub(x_minus_one, x, one); + fe25519_invert(x_plus_one_inv, x_plus_one); + fe25519_mul(yed, x_minus_one, x_plus_one_inv); + fe25519_tobytes(s, yed); + } + + /* recover x */ + s[31] |= x_sign; + if (ge25519_frombytes(&p3, s) != 0) { + abort(); /* LCOV_EXCL_LINE */ + } + + /* multiply by the cofactor */ + ge25519_p3_dbl(&p1, &p3); + ge25519_p1p1_to_p2(&p2, &p1); + ge25519_p2_dbl(&p1, &p2); + ge25519_p1p1_to_p2(&p2, &p1); + ge25519_p2_dbl(&p1, &p2); + ge25519_p1p1_to_p3(&p3, &p1); + + ge25519_p3_tobytes(s, &p3); +} diff --git a/sodium/sodium_ref10_keypair.c b/sodium/sodium_ref10_keypair.c new file mode 100644 index 00000000..65225291 --- /dev/null +++ b/sodium/sodium_ref10_keypair.c @@ -0,0 +1,83 @@ + +#include + +#include "sodium_crypto_hash_sha512.h" +#include "sodium_crypto_scalarmult_curve25519.h" +#include "sodium_crypto_sign_ed25519.h" +#include "sodium_ref10_sign_ed25519.h" +#include "sodium_private_ed25519_ref10.h" +#include "sodium_randombytes.h" +#include "sodium_utils.h" + +int +crypto_sign_ed25519_seed_keypair(unsigned char *pk, unsigned char *sk, + const unsigned char *seed) +{ + ge25519_p3 A; + + crypto_hash_sha512(sk, seed, 32); + sk[0] &= 248; + sk[31] &= 127; + sk[31] |= 64; + + ge25519_scalarmult_base(&A, sk); + ge25519_p3_tobytes(pk, &A); + + memmove(sk, seed, 32); + memmove(sk + 32, pk, 32); + + return 0; +} + +int +crypto_sign_ed25519_keypair(unsigned char *pk, unsigned char *sk) +{ + unsigned char seed[32]; + int ret; + + randombytes_buf(seed, sizeof seed); + ret = crypto_sign_ed25519_seed_keypair(pk, sk, seed); + sodium_memzero(seed, sizeof seed); + + return ret; +} + +int +crypto_sign_ed25519_pk_to_curve25519(unsigned char *curve25519_pk, + const unsigned char *ed25519_pk) +{ + ge25519_p3 A; + fe25519 x; + fe25519 one_minus_y; + + if (ge25519_has_small_order(ed25519_pk) != 0 || + ge25519_frombytes_negate_vartime(&A, ed25519_pk) != 0 || + ge25519_is_on_main_subgroup(&A) == 0) { + return -1; + } + fe25519_1(one_minus_y); + fe25519_sub(one_minus_y, one_minus_y, A.Y); + fe25519_1(x); + fe25519_add(x, x, A.Y); + fe25519_invert(one_minus_y, one_minus_y); + fe25519_mul(x, x, one_minus_y); + fe25519_tobytes(curve25519_pk, x); + + return 0; +} + +int +crypto_sign_ed25519_sk_to_curve25519(unsigned char *curve25519_sk, + const unsigned char *ed25519_sk) +{ + unsigned char h[crypto_hash_sha512_BYTES]; + + crypto_hash_sha512(h, ed25519_sk, 32); + h[0] &= 248; + h[31] &= 127; + h[31] |= 64; + memcpy(curve25519_sk, h, crypto_scalarmult_curve25519_BYTES); + sodium_memzero(h, sizeof h); + + return 0; +} diff --git a/sodium/sodium_ref10_open.c b/sodium/sodium_ref10_open.c new file mode 100644 index 00000000..f8397c2a --- /dev/null +++ b/sodium/sodium_ref10_open.c @@ -0,0 +1,96 @@ + +#include +#include +#include + +#include "sodium_crypto_hash_sha512.h" +#include "sodium_crypto_sign_ed25519.h" +#include "sodium_crypto_verify_32.h" +#include "sodium_ref10_sign_ed25519.h" +#include "sodium_private_ed25519_ref10.h" +#include "sodium_utils.h" + +int +_crypto_sign_ed25519_verify_detached(const unsigned char *sig, + const unsigned char *m, + unsigned long long mlen, + const unsigned char *pk, + int prehashed) +{ + crypto_hash_sha512_state hs; + unsigned char h[64]; + unsigned char rcheck[32]; + ge25519_p3 A; + ge25519_p2 R; + +#ifdef ED25519_COMPAT + if (sig[63] & 224) { + return -1; + } +#else + if (sc25519_is_canonical(sig + 32) == 0 || + ge25519_has_small_order(sig) != 0) { + return -1; + } + if (ge25519_is_canonical(pk) == 0 || + ge25519_has_small_order(pk) != 0) { + return -1; + } +#endif + if (ge25519_frombytes_negate_vartime(&A, pk) != 0) { + return -1; + } + _crypto_sign_ed25519_ref10_hinit(&hs, prehashed); + crypto_hash_sha512_update(&hs, sig, 32); + crypto_hash_sha512_update(&hs, pk, 32); + crypto_hash_sha512_update(&hs, m, mlen); + crypto_hash_sha512_final(&hs, h); + sc25519_reduce(h); + + ge25519_double_scalarmult_vartime(&R, h, &A, sig + 32); + ge25519_tobytes(rcheck, &R); + + return crypto_verify_32(rcheck, sig) | (-(rcheck == sig)) | + sodium_memcmp(sig, rcheck, 32); +} + +int +crypto_sign_ed25519_verify_detached(const unsigned char *sig, + const unsigned char *m, + unsigned long long mlen, + const unsigned char *pk) +{ + return _crypto_sign_ed25519_verify_detached(sig, m, mlen, pk, 0); +} + +int +crypto_sign_ed25519_open(unsigned char *m, unsigned long long *mlen_p, + const unsigned char *sm, unsigned long long smlen, + const unsigned char *pk) +{ + unsigned long long mlen; + + if (smlen < 64 || smlen - 64 > crypto_sign_ed25519_MESSAGEBYTES_MAX) { + goto badsig; + } + mlen = smlen - 64; + if (crypto_sign_ed25519_verify_detached(sm, sm + 64, mlen, pk) != 0) { + if (m != NULL) { + memset(m, 0, mlen); + } + goto badsig; + } + if (mlen_p != NULL) { + *mlen_p = mlen; + } + if (m != NULL) { + memmove(m, sm + 64, mlen); + } + return 0; + +badsig: + if (mlen_p != NULL) { + *mlen_p = 0; + } + return -1; +} diff --git a/sodium/sodium_ref10_scalarmult_ed25519_ref10.c b/sodium/sodium_ref10_scalarmult_ed25519_ref10.c new file mode 100644 index 00000000..de21ccf5 --- /dev/null +++ b/sodium/sodium_ref10_scalarmult_ed25519_ref10.c @@ -0,0 +1,118 @@ + +#include + +#include "sodium_crypto_scalarmult_ed25519.h" +#include "sodium_private_ed25519_ref10.h" +#include "sodium_utils.h" + +static int +_crypto_scalarmult_ed25519_is_inf(const unsigned char s[32]) +{ + unsigned char c; + unsigned int i; + + c = s[0] ^ 0x01; + for (i = 1; i < 31; i++) { + c |= s[i]; + } + c |= s[31] & 0x7f; + + return ((((unsigned int) c) - 1U) >> 8) & 1; +} + +static inline void +_crypto_scalarmult_ed25519_clamp(unsigned char k[32]) +{ + k[0] &= 248; + k[31] &= 127; + k[31] |= 64; +} + +static int +_crypto_scalarmult_ed25519(unsigned char *q, const unsigned char *n, + const unsigned char *p, const int clamp) +{ + unsigned char *t = q; + ge25519_p3 Q; + ge25519_p3 P; + unsigned int i; + + if (ge25519_is_canonical(p) == 0 || ge25519_has_small_order(p) != 0 || + ge25519_frombytes(&P, p) != 0 || ge25519_is_on_main_subgroup(&P) == 0) { + return -1; + } + for (i = 0; i < 32; ++i) { + t[i] = n[i]; + } + if (clamp != 0) { + _crypto_scalarmult_ed25519_clamp(t); + } + ge25519_scalarmult(&Q, t, &P); + ge25519_p3_tobytes(q, &Q); + if (_crypto_scalarmult_ed25519_is_inf(q) != 0 || sodium_is_zero(n, 32)) { + return -1; + } + return 0; +} + +int +crypto_scalarmult_ed25519(unsigned char *q, const unsigned char *n, + const unsigned char *p) +{ + return _crypto_scalarmult_ed25519(q, n, p, 1); +} + +int +crypto_scalarmult_ed25519_noclamp(unsigned char *q, const unsigned char *n, + const unsigned char *p) +{ + return _crypto_scalarmult_ed25519(q, n, p, 0); +} + +static int +_crypto_scalarmult_ed25519_base(unsigned char *q, + const unsigned char *n, const int clamp) +{ + unsigned char *t = q; + ge25519_p3 Q; + unsigned int i; + + for (i = 0; i < 32; ++i) { + t[i] = n[i]; + } + if (clamp != 0) { + _crypto_scalarmult_ed25519_clamp(t); + } + ge25519_scalarmult_base(&Q, t); + ge25519_p3_tobytes(q, &Q); + if (_crypto_scalarmult_ed25519_is_inf(q) != 0 || sodium_is_zero(n, 32)) { + return -1; + } + return 0; +} + +int +crypto_scalarmult_ed25519_base(unsigned char *q, + const unsigned char *n) +{ + return _crypto_scalarmult_ed25519_base(q, n, 1); +} + +int +crypto_scalarmult_ed25519_base_noclamp(unsigned char *q, + const unsigned char *n) +{ + return _crypto_scalarmult_ed25519_base(q, n, 0); +} + +size_t +crypto_scalarmult_ed25519_bytes(void) +{ + return crypto_scalarmult_ed25519_BYTES; +} + +size_t +crypto_scalarmult_ed25519_scalarbytes(void) +{ + return crypto_scalarmult_ed25519_SCALARBYTES; +} diff --git a/sodium/sodium_ref10_sign.c b/sodium/sodium_ref10_sign.c new file mode 100644 index 00000000..6ac2b49f --- /dev/null +++ b/sodium/sodium_ref10_sign.c @@ -0,0 +1,143 @@ + +#include + +#include "sodium_crypto_hash_sha512.h" +#include "sodium_crypto_sign_ed25519.h" +#include "sodium_ref10_sign_ed25519.h" +#include "sodium_private_ed25519_ref10.h" +#include "sodium_randombytes.h" +#include "sodium_utils.h" + +void +_crypto_sign_ed25519_ref10_hinit(crypto_hash_sha512_state *hs, int prehashed) +{ + static const unsigned char DOM2PREFIX[32 + 2] = { + 'S', 'i', 'g', 'E', 'd', '2', '5', '5', '1', '9', ' ', + 'n', 'o', ' ', + 'E', 'd', '2', '5', '5', '1', '9', ' ', + 'c', 'o', 'l', 'l', 'i', 's', 'i', 'o', 'n', 's', 1, 0 + }; + + crypto_hash_sha512_init(hs); + if (prehashed) { + crypto_hash_sha512_update(hs, DOM2PREFIX, sizeof DOM2PREFIX); + } +} + +static inline void +_crypto_sign_ed25519_clamp(unsigned char k[32]) +{ + k[0] &= 248; + k[31] &= 127; + k[31] |= 64; +} + +#ifdef ED25519_NONDETERMINISTIC +/* r = hash(B || empty_labelset || Z || pad1 || k || pad2 || empty_labelset || K || extra || M) (mod q) */ +static void +_crypto_sign_ed25519_synthetic_r_hv(crypto_hash_sha512_state *hs, + unsigned char Z[32], + const unsigned char sk[64]) +{ + static const unsigned char B[32] = { + 0x58, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, + 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, + 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, + 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, + }; + static const unsigned char zeros[128] = { 0x00 }; + static const unsigned char empty_labelset[3] = { 0x02, 0x00, 0x00 }; + + crypto_hash_sha512_update(hs, B, 32); + crypto_hash_sha512_update(hs, empty_labelset, 3); + randombytes_buf(Z, 32); + crypto_hash_sha512_update(hs, Z, 32); + crypto_hash_sha512_update(hs, zeros, 128 - (32 + 3 + 32) % 128); + crypto_hash_sha512_update(hs, sk, 32); + crypto_hash_sha512_update(hs, zeros, 128 - 32 % 128); + crypto_hash_sha512_update(hs, empty_labelset, 3); + crypto_hash_sha512_update(hs, sk + 32, 32); + /* empty extra */ +} +#endif + +int +_crypto_sign_ed25519_detached(unsigned char *sig, unsigned long long *siglen_p, + const unsigned char *m, unsigned long long mlen, + const unsigned char *sk, int prehashed) +{ + crypto_hash_sha512_state hs; + unsigned char az[64]; + unsigned char nonce[64]; + unsigned char hram[64]; + ge25519_p3 R; + + _crypto_sign_ed25519_ref10_hinit(&hs, prehashed); + + crypto_hash_sha512(az, sk, 32); +#ifdef ED25519_NONDETERMINISTIC + _crypto_sign_ed25519_synthetic_r_hv(&hs, nonce, az); +#else + crypto_hash_sha512_update(&hs, az + 32, 32); +#endif + + crypto_hash_sha512_update(&hs, m, mlen); + crypto_hash_sha512_final(&hs, nonce); + + memmove(sig + 32, sk + 32, 32); + + sc25519_reduce(nonce); + ge25519_scalarmult_base(&R, nonce); + ge25519_p3_tobytes(sig, &R); + + _crypto_sign_ed25519_ref10_hinit(&hs, prehashed); + crypto_hash_sha512_update(&hs, sig, 64); + crypto_hash_sha512_update(&hs, m, mlen); + crypto_hash_sha512_final(&hs, hram); + + sc25519_reduce(hram); + _crypto_sign_ed25519_clamp(az); + sc25519_muladd(sig + 32, hram, az, nonce); + + sodium_memzero(az, sizeof az); + sodium_memzero(nonce, sizeof nonce); + + if (siglen_p != NULL) { + *siglen_p = 64U; + } + return 0; +} + +int +crypto_sign_ed25519_detached(unsigned char *sig, unsigned long long *siglen_p, + const unsigned char *m, unsigned long long mlen, + const unsigned char *sk) +{ + return _crypto_sign_ed25519_detached(sig, siglen_p, m, mlen, sk, 0); +} + +int +crypto_sign_ed25519(unsigned char *sm, unsigned long long *smlen_p, + const unsigned char *m, unsigned long long mlen, + const unsigned char *sk) +{ + unsigned long long siglen; + + memmove(sm + crypto_sign_ed25519_BYTES, m, mlen); + /* LCOV_EXCL_START */ + if (crypto_sign_ed25519_detached( + sm, &siglen, sm + crypto_sign_ed25519_BYTES, mlen, sk) != 0 || + siglen != crypto_sign_ed25519_BYTES) { + if (smlen_p != NULL) { + *smlen_p = 0; + } + memset(sm, 0, mlen + crypto_sign_ed25519_BYTES); + return -1; + } + /* LCOV_EXCL_STOP */ + + if (smlen_p != NULL) { + *smlen_p = mlen + siglen; + } + return 0; +} diff --git a/sodium/sodium_ref10_sign_ed25519.h b/sodium/sodium_ref10_sign_ed25519.h new file mode 100644 index 00000000..29f45a85 --- /dev/null +++ b/sodium/sodium_ref10_sign_ed25519.h @@ -0,0 +1,18 @@ +#ifndef sign_ed25519_ref10_H +#define sign_ed25519_ref10_H + +void _crypto_sign_ed25519_ref10_hinit(crypto_hash_sha512_state *hs, + int prehashed); + +int _crypto_sign_ed25519_detached(unsigned char *sig, + unsigned long long *siglen_p, + const unsigned char *m, + unsigned long long mlen, + const unsigned char *sk, int prehashed); + +int _crypto_sign_ed25519_verify_detached(const unsigned char *sig, + const unsigned char *m, + unsigned long long mlen, + const unsigned char *pk, + int prehashed); +#endif diff --git a/sodium/sodium_ref10_x25519.c b/sodium/sodium_ref10_x25519.c new file mode 100644 index 00000000..3eb7e193 --- /dev/null +++ b/sodium/sodium_ref10_x25519.c @@ -0,0 +1,180 @@ + +#include +#include + +#include "sodium_scalarmult_curve25519.h" +#include "sodium_export.h" +#include "sodium_private_ed25519_ref10.h" +#include "sodium_utils.h" +#include "sodium_ref10_x25519.h" + +/* + * Reject small order points early to mitigate the implications of + * unexpected optimizations that would affect the ref10 code. + * See https://eprint.iacr.org/2017/806.pdf for reference. + */ +static int +has_small_order(const unsigned char s[32]) +{ + CRYPTO_ALIGN(16) + static const unsigned char blacklist[][32] = { + /* 0 (order 4) */ + { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, + /* 1 (order 1) */ + { 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, + /* 325606250916557431795983626356110631294008115727848805560023387167927233504 + (order 8) */ + { 0xe0, 0xeb, 0x7a, 0x7c, 0x3b, 0x41, 0xb8, 0xae, 0x16, 0x56, 0xe3, + 0xfa, 0xf1, 0x9f, 0xc4, 0x6a, 0xda, 0x09, 0x8d, 0xeb, 0x9c, 0x32, + 0xb1, 0xfd, 0x86, 0x62, 0x05, 0x16, 0x5f, 0x49, 0xb8, 0x00 }, + /* 39382357235489614581723060781553021112529911719440698176882885853963445705823 + (order 8) */ + { 0x5f, 0x9c, 0x95, 0xbc, 0xa3, 0x50, 0x8c, 0x24, 0xb1, 0xd0, 0xb1, + 0x55, 0x9c, 0x83, 0xef, 0x5b, 0x04, 0x44, 0x5c, 0xc4, 0x58, 0x1c, + 0x8e, 0x86, 0xd8, 0x22, 0x4e, 0xdd, 0xd0, 0x9f, 0x11, 0x57 }, + /* p-1 (order 2) */ + { 0xec, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x7f }, + /* p (=0, order 4) */ + { 0xed, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x7f }, + /* p+1 (=1, order 1) */ + { 0xee, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x7f } + }; + unsigned char c[7] = { 0 }; + unsigned int k; + size_t i, j; + + COMPILER_ASSERT(7 == sizeof blacklist / sizeof blacklist[0]); + for (j = 0; j < 31; j++) { + for (i = 0; i < sizeof blacklist / sizeof blacklist[0]; i++) { + c[i] |= s[j] ^ blacklist[i][j]; + } + } + for (i = 0; i < sizeof blacklist / sizeof blacklist[0]; i++) { + c[i] |= (s[j] & 0x7f) ^ blacklist[i][j]; + } + k = 0; + for (i = 0; i < sizeof blacklist / sizeof blacklist[0]; i++) { + k |= (c[i] - 1); + } + return (int) ((k >> 8) & 1); +} + +static int +crypto_scalarmult_curve25519_ref10(unsigned char *q, + const unsigned char *n, + const unsigned char *p) +{ + unsigned char *t = q; + unsigned int i; + fe25519 x1; + fe25519 x2; + fe25519 z2; + fe25519 x3; + fe25519 z3; + fe25519 tmp0; + fe25519 tmp1; + int pos; + unsigned int swap; + unsigned int b; + + if (has_small_order(p)) { + return -1; + } + for (i = 0; i < 32; i++) { + t[i] = n[i]; + } + t[0] &= 248; + t[31] &= 127; + t[31] |= 64; + fe25519_frombytes(x1, p); + fe25519_1(x2); + fe25519_0(z2); + fe25519_copy(x3, x1); + fe25519_1(z3); + + swap = 0; + for (pos = 254; pos >= 0; --pos) { + b = t[pos / 8] >> (pos & 7); + b &= 1; + swap ^= b; + fe25519_cswap(x2, x3, swap); + fe25519_cswap(z2, z3, swap); + swap = b; + fe25519_sub(tmp0, x3, z3); + fe25519_sub(tmp1, x2, z2); + fe25519_add(x2, x2, z2); + fe25519_add(z2, x3, z3); + fe25519_mul(z3, tmp0, x2); + fe25519_mul(z2, z2, tmp1); + fe25519_sq(tmp0, tmp1); + fe25519_sq(tmp1, x2); + fe25519_add(x3, z3, z2); + fe25519_sub(z2, z3, z2); + fe25519_mul(x2, tmp1, tmp0); + fe25519_sub(tmp1, tmp1, tmp0); + fe25519_sq(z2, z2); + fe25519_scalar_product(z3, tmp1, 121666); + fe25519_sq(x3, x3); + fe25519_add(tmp0, tmp0, z3); + fe25519_mul(z3, x1, z2); + fe25519_mul(z2, tmp1, tmp0); + } + fe25519_cswap(x2, x3, swap); + fe25519_cswap(z2, z3, swap); + + fe25519_invert(z2, z2); + fe25519_mul(x2, x2, z2); + fe25519_tobytes(q, x2); + + return 0; +} + +static void +edwards_to_montgomery(fe25519 montgomeryX, const fe25519 edwardsY, const fe25519 edwardsZ) +{ + fe25519 tempX; + fe25519 tempZ; + + fe25519_add(tempX, edwardsZ, edwardsY); + fe25519_sub(tempZ, edwardsZ, edwardsY); + fe25519_invert(tempZ, tempZ); + fe25519_mul(montgomeryX, tempX, tempZ); +} + +static int +crypto_scalarmult_curve25519_ref10_base(unsigned char *q, + const unsigned char *n) +{ + unsigned char *t = q; + ge25519_p3 A; + fe25519 pk; + unsigned int i; + + for (i = 0; i < 32; i++) { + t[i] = n[i]; + } + t[0] &= 248; + t[31] &= 127; + t[31] |= 64; + ge25519_scalarmult_base(&A, t); + edwards_to_montgomery(pk, A.Y, A.Z); + fe25519_tobytes(q, pk); + + return 0; +} + +struct crypto_scalarmult_curve25519_implementation + crypto_scalarmult_curve25519_ref10_implementation = { + SODIUM_C99(.mult =) crypto_scalarmult_curve25519_ref10, + SODIUM_C99(.mult_base =) crypto_scalarmult_curve25519_ref10_base + }; diff --git a/sodium/sodium_ref10_x25519.h b/sodium/sodium_ref10_x25519.h new file mode 100644 index 00000000..b2d55dcf --- /dev/null +++ b/sodium/sodium_ref10_x25519.h @@ -0,0 +1,10 @@ +#ifndef x25519_ref10_H +#define x25519_ref10_H + +#include "sodium_crypto_scalarmult_curve25519.h" +#include "sodium_scalarmult_curve25519.h" + +extern struct crypto_scalarmult_curve25519_implementation + crypto_scalarmult_curve25519_ref10_implementation; + +#endif diff --git a/sodium/sodium_runtime.c b/sodium/sodium_runtime.c new file mode 100644 index 00000000..7d57e9a2 --- /dev/null +++ b/sodium/sodium_runtime.c @@ -0,0 +1,319 @@ +#include +#include +#ifdef HAVE_ANDROID_GETCPUFEATURES +# include +#endif + +#include "sodium_private_common.h" +#include "sodium_runtime.h" +#include + +typedef struct CPUFeatures_ { + int initialized; + int has_neon; + int has_sse2; + int has_sse3; + int has_ssse3; + int has_sse41; + int has_avx; + int has_avx2; + int has_avx512f; + int has_pclmul; + int has_aesni; + int has_rdrand; +} CPUFeatures; + +static CPUFeatures _cpu_features; + +#define CPUID_EBX_AVX2 0x00000020 +#define CPUID_EBX_AVX512F 0x00010000 + +#define CPUID_ECX_SSE3 0x00000001 +#define CPUID_ECX_PCLMUL 0x00000002 +#define CPUID_ECX_SSSE3 0x00000200 +#define CPUID_ECX_SSE41 0x00080000 +#define CPUID_ECX_AESNI 0x02000000 +#define CPUID_ECX_XSAVE 0x04000000 +#define CPUID_ECX_OSXSAVE 0x08000000 +#define CPUID_ECX_AVX 0x10000000 +#define CPUID_ECX_RDRAND 0x40000000 + +#define CPUID_EDX_SSE2 0x04000000 + +#define XCR0_SSE 0x00000002 +#define XCR0_AVX 0x00000004 +#define XCR0_OPMASK 0x00000020 +#define XCR0_ZMM_HI256 0x00000040 +#define XCR0_HI16_ZMM 0x00000080 + +static int +_sodium_runtime_arm_cpu_features(CPUFeatures * const cpu_features) +{ +#ifndef __arm__ + cpu_features->has_neon = 0; + return -1; +#else +# ifdef __APPLE__ +# ifdef __ARM_NEON__ + cpu_features->has_neon = 1; +# else + cpu_features->has_neon = 0; +# endif +# elif defined(HAVE_ANDROID_GETCPUFEATURES) && \ + defined(ANDROID_CPU_ARM_FEATURE_NEON) + cpu_features->has_neon = + (android_getCpuFeatures() & ANDROID_CPU_ARM_FEATURE_NEON) != 0x0; +# else + cpu_features->has_neon = 0; +# endif + return 0; +#endif +} + +static void +_cpuid(unsigned int cpu_info[4U], const unsigned int cpu_info_type) +{ +#if defined(_MSC_VER) && \ + (defined(_M_X64) || defined(_M_AMD64) || defined(_M_IX86)) + __cpuid((int *) cpu_info, cpu_info_type); +#elif defined(HAVE_CPUID) + cpu_info[0] = cpu_info[1] = cpu_info[2] = cpu_info[3] = 0; +# ifdef __i386__ + __asm__ __volatile__( + "pushfl; pushfl; " + "popl %0; " + "movl %0, %1; xorl %2, %0; " + "pushl %0; " + "popfl; pushfl; popl %0; popfl" + : "=&r"(cpu_info[0]), "=&r"(cpu_info[1]) + : "i"(0x200000)); + if (((cpu_info[0] ^ cpu_info[1]) & 0x200000) == 0x0) { + return; /* LCOV_EXCL_LINE */ + } +# endif +# ifdef __i386__ + __asm__ __volatile__("xchgl %%ebx, %k1; cpuid; xchgl %%ebx, %k1" + : "=a"(cpu_info[0]), "=&r"(cpu_info[1]), + "=c"(cpu_info[2]), "=d"(cpu_info[3]) + : "0"(cpu_info_type), "2"(0U)); +# elif defined(__x86_64__) + __asm__ __volatile__("xchgq %%rbx, %q1; cpuid; xchgq %%rbx, %q1" + : "=a"(cpu_info[0]), "=&r"(cpu_info[1]), + "=c"(cpu_info[2]), "=d"(cpu_info[3]) + : "0"(cpu_info_type), "2"(0U)); +# else + __asm__ __volatile__("cpuid" + : "=a"(cpu_info[0]), "=b"(cpu_info[1]), + "=c"(cpu_info[2]), "=d"(cpu_info[3]) + : "0"(cpu_info_type), "2"(0U)); +# endif +#else + (void) cpu_info_type; + cpu_info[0] = cpu_info[1] = cpu_info[2] = cpu_info[3] = 0; +#endif +} + +static int +_sodium_runtime_intel_cpu_features(CPUFeatures * const cpu_features) +{ + unsigned int cpu_info[4]; + unsigned int id; + uint32_t xcr0 = 0U; + + _cpuid(cpu_info, 0x0); + if ((id = cpu_info[0]) == 0U) { + return -1; /* LCOV_EXCL_LINE */ + } + _cpuid(cpu_info, 0x00000001); +#ifdef HAVE_EMMINTRIN_H + cpu_features->has_sse2 = ((cpu_info[3] & CPUID_EDX_SSE2) != 0x0); +#else + cpu_features->has_sse2 = 0; +#endif + +#ifdef HAVE_PMMINTRIN_H + cpu_features->has_sse3 = ((cpu_info[2] & CPUID_ECX_SSE3) != 0x0); +#else + cpu_features->has_sse3 = 0; +#endif + +#ifdef HAVE_TMMINTRIN_H + cpu_features->has_ssse3 = ((cpu_info[2] & CPUID_ECX_SSSE3) != 0x0); +#else + cpu_features->has_ssse3 = 0; +#endif + +#ifdef HAVE_SMMINTRIN_H + cpu_features->has_sse41 = ((cpu_info[2] & CPUID_ECX_SSE41) != 0x0); +#else + cpu_features->has_sse41 = 0; +#endif + + cpu_features->has_avx = 0; + + (void) xcr0; +#ifdef HAVE_AVXINTRIN_H + if ((cpu_info[2] & (CPUID_ECX_AVX | CPUID_ECX_XSAVE | CPUID_ECX_OSXSAVE)) == + (CPUID_ECX_AVX | CPUID_ECX_XSAVE | CPUID_ECX_OSXSAVE)) { + xcr0 = 0U; +# if defined(HAVE__XGETBV) || \ + (defined(_MSC_VER) && defined(_XCR_XFEATURE_ENABLED_MASK) && _MSC_FULL_VER >= 160040219) + xcr0 = (uint32_t) _xgetbv(0); +# elif defined(_MSC_VER) && defined(_M_IX86) + /* + * Visual Studio documentation states that eax/ecx/edx don't need to + * be preserved in inline assembly code. But that doesn't seem to + * always hold true on Visual Studio 2010. + */ + __asm { + push eax + push ecx + push edx + xor ecx, ecx + _asm _emit 0x0f _asm _emit 0x01 _asm _emit 0xd0 + mov xcr0, eax + pop edx + pop ecx + pop eax + } +# elif defined(HAVE_AVX_ASM) + __asm__ __volatile__(".byte 0x0f, 0x01, 0xd0" /* XGETBV */ + : "=a"(xcr0) + : "c"((uint32_t) 0U) + : "%edx"); +# endif + if ((xcr0 & (XCR0_SSE | XCR0_AVX)) == (XCR0_SSE | XCR0_AVX)) { + cpu_features->has_avx = 1; + } + } +#endif + + cpu_features->has_avx2 = 0; +#ifdef HAVE_AVX2INTRIN_H + if (cpu_features->has_avx) { + unsigned int cpu_info7[4]; + + _cpuid(cpu_info7, 0x00000007); + cpu_features->has_avx2 = ((cpu_info7[1] & CPUID_EBX_AVX2) != 0x0); + } +#endif + + cpu_features->has_avx512f = 0; +#ifdef HAVE_AVX512FINTRIN_H + if (cpu_features->has_avx2) { + unsigned int cpu_info7[4]; + + _cpuid(cpu_info7, 0x00000007); + if ((cpu_info7[1] & CPUID_EBX_AVX512F) == CPUID_EBX_AVX512F && + (xcr0 & (XCR0_OPMASK | XCR0_ZMM_HI256 | XCR0_HI16_ZMM)) + == (XCR0_OPMASK | XCR0_ZMM_HI256 | XCR0_HI16_ZMM)) { + cpu_features->has_avx512f = 1; + } + } +#endif + +#ifdef HAVE_WMMINTRIN_H + cpu_features->has_pclmul = ((cpu_info[2] & CPUID_ECX_PCLMUL) != 0x0); + cpu_features->has_aesni = ((cpu_info[2] & CPUID_ECX_AESNI) != 0x0); +#else + cpu_features->has_pclmul = 0; + cpu_features->has_aesni = 0; +#endif + +#ifdef HAVE_RDRAND + cpu_features->has_rdrand = ((cpu_info[2] & CPUID_ECX_RDRAND) != 0x0); +#else + cpu_features->has_rdrand = 0; +#endif + + return 0; +} + +int +_sodium_runtime_get_cpu_features(void) +{ + int ret = -1; + + ret &= _sodium_runtime_arm_cpu_features(&_cpu_features); + ret &= _sodium_runtime_intel_cpu_features(&_cpu_features); + _cpu_features.initialized = 1; + + #if NETCODE_CRYPTO_LOGS + printf( "\nCPU features: " ); + if ( _cpu_features.has_sse2 ) printf( "sse2 " ); + if ( _cpu_features.has_ssse3 ) printf( "ssse3 " ); + if ( _cpu_features.has_sse41 ) printf( "sse41 " ); + if ( _cpu_features.has_avx ) printf( "avx " ); + if ( _cpu_features.has_avx2 ) printf( "avx2 " ); + if ( _cpu_features.has_avx512f ) printf( "avx512f " ); + printf( "\n\n" ); + #endif // #if NETCODE_CRYPTO_LOGS + + return ret; +} + +int +sodium_runtime_has_neon(void) +{ + return _cpu_features.has_neon; +} + +int +sodium_runtime_has_sse2(void) +{ + return _cpu_features.has_sse2; +} + +int +sodium_runtime_has_sse3(void) +{ + return _cpu_features.has_sse3; +} + +int +sodium_runtime_has_ssse3(void) +{ + return _cpu_features.has_ssse3; +} + +int +sodium_runtime_has_sse41(void) +{ + return _cpu_features.has_sse41; +} + +int +sodium_runtime_has_avx(void) +{ + return _cpu_features.has_avx; +} + +int +sodium_runtime_has_avx2(void) +{ + return _cpu_features.has_avx2; +} + +int +sodium_runtime_has_avx512f(void) +{ + return _cpu_features.has_avx512f; +} + +int +sodium_runtime_has_pclmul(void) +{ + return _cpu_features.has_pclmul; +} + +int +sodium_runtime_has_aesni(void) +{ + return _cpu_features.has_aesni; +} + +int +sodium_runtime_has_rdrand(void) +{ + return _cpu_features.has_rdrand; +} diff --git a/windows/sodium/runtime.h b/sodium/sodium_runtime.h similarity index 79% rename from windows/sodium/runtime.h rename to sodium/sodium_runtime.h index 76859ea0..c1a30572 100644 --- a/windows/sodium/runtime.h +++ b/sodium/sodium_runtime.h @@ -2,39 +2,34 @@ #ifndef sodium_runtime_H #define sodium_runtime_H -#include "export.h" +#include "sodium_export.h" #ifdef __cplusplus extern "C" { #endif -SODIUM_EXPORT int sodium_runtime_has_neon(void); -SODIUM_EXPORT int sodium_runtime_has_sse2(void); -SODIUM_EXPORT int sodium_runtime_has_sse3(void); -SODIUM_EXPORT int sodium_runtime_has_ssse3(void); -SODIUM_EXPORT int sodium_runtime_has_sse41(void); -SODIUM_EXPORT int sodium_runtime_has_avx(void); -SODIUM_EXPORT int sodium_runtime_has_avx2(void); -SODIUM_EXPORT +int sodium_runtime_has_avx512f(void); + int sodium_runtime_has_pclmul(void); -SODIUM_EXPORT int sodium_runtime_has_aesni(void); +int sodium_runtime_has_rdrand(void); + /* ------------------------------------------------------------------------- */ int _sodium_runtime_get_cpu_features(void); diff --git a/sodium/sodium_salsa20-ref.c b/sodium/sodium_salsa20-ref.c new file mode 100644 index 00000000..1da26723 --- /dev/null +++ b/sodium/sodium_salsa20-ref.c @@ -0,0 +1,124 @@ +/* +version 20140420 +D. J. Bernstein +Public domain. +*/ + +#include + +#include "sodium_crypto_core_salsa20.h" +#include "sodium_crypto_stream_salsa20.h" +#include "sodium_utils.h" + +#include "sodium_stream_salsa20.h" +#include "sodium_salsa20-ref.h" + +#ifndef HAVE_AMD64_ASM + +static int +stream_ref(unsigned char *c, unsigned long long clen, const unsigned char *n, + const unsigned char *k) +{ + unsigned char in[16]; + unsigned char block[64]; + unsigned char kcopy[32]; + unsigned int i; + unsigned int u; + + if (!clen) { + return 0; + } + for (i = 0; i < 32; i++) { + kcopy[i] = k[i]; + } + for (i = 0; i < 8; i++) { + in[i] = n[i]; + } + for (i = 8; i < 16; i++) { + in[i] = 0; + } + while (clen >= 64) { + crypto_core_salsa20(c, in, kcopy, NULL); + u = 1; + for (i = 8; i < 16; i++) { + u += (unsigned int) in[i]; + in[i] = (unsigned char) u; + u >>= 8; + } + clen -= 64; + c += 64; + } + if (clen) { + crypto_core_salsa20(block, in, kcopy, NULL); + for (i = 0; i < (unsigned int) clen; i++) { + c[i] = block[i]; + } + } + sodium_memzero(block, sizeof block); + sodium_memzero(kcopy, sizeof kcopy); + + return 0; +} + +static int +stream_ref_xor_ic(unsigned char *c, const unsigned char *m, + unsigned long long mlen, const unsigned char *n, uint64_t ic, + const unsigned char *k) +{ + unsigned char in[16]; + unsigned char block[64]; + unsigned char kcopy[32]; + unsigned int i; + unsigned int u; + + if (!mlen) { + return 0; + } + for (i = 0; i < 32; i++) { + kcopy[i] = k[i]; + } + for (i = 0; i < 8; i++) { + in[i] = n[i]; + } + for (i = 8; i < 16; i++) { + in[i] = (unsigned char) (ic & 0xff); + ic >>= 8; + } + while (mlen >= 64) { + crypto_core_salsa20(block, in, kcopy, NULL); + for (i = 0; i < 64; i++) { + c[i] = m[i] ^ block[i]; + } + u = 1; + for (i = 8; i < 16; i++) { + u += (unsigned int) in[i]; + in[i] = (unsigned char) u; + u >>= 8; + } + mlen -= 64; + c += 64; + m += 64; + } + if (mlen) { + crypto_core_salsa20(block, in, kcopy, NULL); + for (i = 0; i < (unsigned int) mlen; i++) { + c[i] = m[i] ^ block[i]; + } + } + sodium_memzero(block, sizeof block); + sodium_memzero(kcopy, sizeof kcopy); + + return 0; +} + +struct crypto_stream_salsa20_implementation + crypto_stream_salsa20_ref_implementation = { + SODIUM_C99(.stream =) stream_ref, + SODIUM_C99(.stream_xor_ic =) stream_ref_xor_ic, + }; + +#else + +int salsa20_ref_dummy = 0; + +#endif diff --git a/sodium/sodium_salsa20-ref.h b/sodium/sodium_salsa20-ref.h new file mode 100644 index 00000000..8035ed1f --- /dev/null +++ b/sodium/sodium_salsa20-ref.h @@ -0,0 +1,8 @@ + +#include + +#include "sodium_stream_salsa20.h" +#include "sodium_crypto_stream_salsa20.h" + +extern struct crypto_stream_salsa20_implementation + crypto_stream_salsa20_ref_implementation; diff --git a/sodium/sodium_salsa20-xmm6.c b/sodium/sodium_salsa20-xmm6.c new file mode 100644 index 00000000..c52686f2 --- /dev/null +++ b/sodium/sodium_salsa20-xmm6.c @@ -0,0 +1,33 @@ + +#include + +#include "sodium_utils.h" +#include "sodium_stream_salsa20.h" +#include "sodium_salsa20-xmm6.h" +#include "sodium_private_common.h" + +#ifdef HAVE_AMD64_ASM + +#ifdef __cplusplus +extern "C" { +#endif +extern int stream_salsa20_xmm6(unsigned char *c, unsigned long long clen, + const unsigned char *n, const unsigned char *k); + +extern int stream_salsa20_xmm6_xor_ic(unsigned char *c, const unsigned char *m, + unsigned long long mlen, + const unsigned char *n, + uint64_t ic, const unsigned char *k); +#ifdef __cplusplus +} +#endif + +struct crypto_stream_salsa20_implementation + crypto_stream_salsa20_xmm6_implementation = { + SODIUM_C99(.stream =) stream_salsa20_xmm6, + SODIUM_C99(.stream_xor_ic =) stream_salsa20_xmm6_xor_ic, + }; + +#endif + +int salsa20_xmm6_link_warning_dummy = 0; diff --git a/sodium/sodium_salsa20-xmm6.h b/sodium/sodium_salsa20-xmm6.h new file mode 100644 index 00000000..19d6b1bf --- /dev/null +++ b/sodium/sodium_salsa20-xmm6.h @@ -0,0 +1,8 @@ + +#include + +#include "sodium_stream_salsa20.h" +#include "sodium_crypto_stream_salsa20.h" + +extern struct crypto_stream_salsa20_implementation + crypto_stream_salsa20_xmm6_implementation; diff --git a/sodium/sodium_salsa20-xmm6_asm.S b/sodium/sodium_salsa20-xmm6_asm.S new file mode 100644 index 00000000..0444928b --- /dev/null +++ b/sodium/sodium_salsa20-xmm6_asm.S @@ -0,0 +1,962 @@ +#ifdef NETCODE_X64 + +.text +.p2align 5 + +#ifdef ASM_HIDE_SYMBOL +ASM_HIDE_SYMBOL stream_salsa20_xmm6 +ASM_HIDE_SYMBOL _stream_salsa20_xmm6 +#endif +.globl stream_salsa20_xmm6 +.globl _stream_salsa20_xmm6 +#ifdef __ELF__ +.type stream_salsa20_xmm6, @function +.type _stream_salsa20_xmm6, @function +#endif +stream_salsa20_xmm6: +_stream_salsa20_xmm6: +mov %rsp,%r11 +and $31,%r11 +add $512,%r11 +sub %r11,%rsp +movq %r11,416(%rsp) +movq %r12,424(%rsp) +movq %r13,432(%rsp) +movq %r14,440(%rsp) +movq %r15,448(%rsp) +movq %rbx,456(%rsp) +movq %rbp,464(%rsp) +mov %rsi,%r9 +mov %rdi,%rdi +mov %rdi,%rsi +mov %rdx,%rdx +mov %rcx,%r10 +cmp $0,%r9 +jbe ._done +mov $0,%rax +mov %r9,%rcx +rep stosb +sub %r9,%rdi +movq $0,472(%rsp) +jmp ._start + +.text +.p2align 5 + +#ifdef ASM_HIDE_SYMBOL +ASM_HIDE_SYMBOL stream_salsa20_xmm6_xor_ic +ASM_HIDE_SYMBOL _stream_salsa20_xmm6_xor_ic +#endif +.globl stream_salsa20_xmm6_xor_ic +.globl _stream_salsa20_xmm6_xor_ic +#ifdef __ELF__ +.type stream_salsa20_xmm6_xor_ic, @function +.type _stream_salsa20_xmm6_xor_ic, @function +#endif +stream_salsa20_xmm6_xor_ic: +_stream_salsa20_xmm6_xor_ic: + +mov %rsp,%r11 +and $31,%r11 +add $512,%r11 +sub %r11,%rsp +movq %r11,416(%rsp) +movq %r12,424(%rsp) +movq %r13,432(%rsp) +movq %r14,440(%rsp) +movq %r15,448(%rsp) +movq %rbx,456(%rsp) +movq %rbp,464(%rsp) +mov %rdi,%rdi +mov %rsi,%rsi +mov %r9,%r10 +movq %r8,472(%rsp) +mov %rdx,%r9 +mov %rcx,%rdx +cmp $0,%r9 +jbe ._done + +._start: +movl 20(%r10),%ecx +movl 0(%r10),%r8d +movl 0(%rdx),%eax +movl 16(%r10),%r11d +movl %ecx,64(%rsp) +movl %r8d,4+64(%rsp) +movl %eax,8+64(%rsp) +movl %r11d,12+64(%rsp) +movl 24(%r10),%r8d +movl 4(%r10),%eax +movl 4(%rdx),%edx +movq 472(%rsp),%rcx +movl %ecx,80(%rsp) +movl %r8d,4+80(%rsp) +movl %eax,8+80(%rsp) +movl %edx,12+80(%rsp) +movl 12(%r10),%edx +shr $32,%rcx +movl 28(%r10),%r8d +movl 8(%r10),%eax +movl %edx,96(%rsp) +movl %ecx,4+96(%rsp) +movl %r8d,8+96(%rsp) +movl %eax,12+96(%rsp) +mov $1634760805,%rdx +mov $857760878,%rcx +mov $2036477234,%r8 +mov $1797285236,%rax +movl %edx,112(%rsp) +movl %ecx,4+112(%rsp) +movl %r8d,8+112(%rsp) +movl %eax,12+112(%rsp) +cmp $256,%r9 +jb ._bytesbetween1and255 +movdqa 112(%rsp),%xmm0 +pshufd $0x55,%xmm0,%xmm1 +pshufd $0xaa,%xmm0,%xmm2 +pshufd $0xff,%xmm0,%xmm3 +pshufd $0x00,%xmm0,%xmm0 +movdqa %xmm1,128(%rsp) +movdqa %xmm2,144(%rsp) +movdqa %xmm3,160(%rsp) +movdqa %xmm0,176(%rsp) +movdqa 64(%rsp),%xmm0 +pshufd $0xaa,%xmm0,%xmm1 +pshufd $0xff,%xmm0,%xmm2 +pshufd $0x00,%xmm0,%xmm3 +pshufd $0x55,%xmm0,%xmm0 +movdqa %xmm1,192(%rsp) +movdqa %xmm2,208(%rsp) +movdqa %xmm3,224(%rsp) +movdqa %xmm0,240(%rsp) +movdqa 80(%rsp),%xmm0 +pshufd $0xff,%xmm0,%xmm1 +pshufd $0x55,%xmm0,%xmm2 +pshufd $0xaa,%xmm0,%xmm0 +movdqa %xmm1,256(%rsp) +movdqa %xmm2,272(%rsp) +movdqa %xmm0,288(%rsp) +movdqa 96(%rsp),%xmm0 +pshufd $0x00,%xmm0,%xmm1 +pshufd $0xaa,%xmm0,%xmm2 +pshufd $0xff,%xmm0,%xmm0 +movdqa %xmm1,304(%rsp) +movdqa %xmm2,320(%rsp) +movdqa %xmm0,336(%rsp) + +.p2align 4 +._bytesatleast256: +movq 472(%rsp),%rdx +mov %rdx,%rcx +shr $32,%rcx +movl %edx,352(%rsp) +movl %ecx,368(%rsp) +add $1,%rdx +mov %rdx,%rcx +shr $32,%rcx +movl %edx,4+352(%rsp) +movl %ecx,4+368(%rsp) +add $1,%rdx +mov %rdx,%rcx +shr $32,%rcx +movl %edx,8+352(%rsp) +movl %ecx,8+368(%rsp) +add $1,%rdx +mov %rdx,%rcx +shr $32,%rcx +movl %edx,12+352(%rsp) +movl %ecx,12+368(%rsp) +add $1,%rdx +mov %rdx,%rcx +shr $32,%rcx +movl %edx,80(%rsp) +movl %ecx,4+96(%rsp) +movq %rdx,472(%rsp) +movq %r9,480(%rsp) +mov $20,%rdx +movdqa 128(%rsp),%xmm0 +movdqa 144(%rsp),%xmm1 +movdqa 160(%rsp),%xmm2 +movdqa 320(%rsp),%xmm3 +movdqa 336(%rsp),%xmm4 +movdqa 192(%rsp),%xmm5 +movdqa 208(%rsp),%xmm6 +movdqa 240(%rsp),%xmm7 +movdqa 256(%rsp),%xmm8 +movdqa 272(%rsp),%xmm9 +movdqa 288(%rsp),%xmm10 +movdqa 368(%rsp),%xmm11 +movdqa 176(%rsp),%xmm12 +movdqa 224(%rsp),%xmm13 +movdqa 304(%rsp),%xmm14 +movdqa 352(%rsp),%xmm15 + +.p2align 4 +._mainloop1: +movdqa %xmm1,384(%rsp) +movdqa %xmm2,400(%rsp) +movdqa %xmm13,%xmm1 +paddd %xmm12,%xmm1 +movdqa %xmm1,%xmm2 +pslld $7,%xmm1 +pxor %xmm1,%xmm14 +psrld $25,%xmm2 +pxor %xmm2,%xmm14 +movdqa %xmm7,%xmm1 +paddd %xmm0,%xmm1 +movdqa %xmm1,%xmm2 +pslld $7,%xmm1 +pxor %xmm1,%xmm11 +psrld $25,%xmm2 +pxor %xmm2,%xmm11 +movdqa %xmm12,%xmm1 +paddd %xmm14,%xmm1 +movdqa %xmm1,%xmm2 +pslld $9,%xmm1 +pxor %xmm1,%xmm15 +psrld $23,%xmm2 +pxor %xmm2,%xmm15 +movdqa %xmm0,%xmm1 +paddd %xmm11,%xmm1 +movdqa %xmm1,%xmm2 +pslld $9,%xmm1 +pxor %xmm1,%xmm9 +psrld $23,%xmm2 +pxor %xmm2,%xmm9 +movdqa %xmm14,%xmm1 +paddd %xmm15,%xmm1 +movdqa %xmm1,%xmm2 +pslld $13,%xmm1 +pxor %xmm1,%xmm13 +psrld $19,%xmm2 +pxor %xmm2,%xmm13 +movdqa %xmm11,%xmm1 +paddd %xmm9,%xmm1 +movdqa %xmm1,%xmm2 +pslld $13,%xmm1 +pxor %xmm1,%xmm7 +psrld $19,%xmm2 +pxor %xmm2,%xmm7 +movdqa %xmm15,%xmm1 +paddd %xmm13,%xmm1 +movdqa %xmm1,%xmm2 +pslld $18,%xmm1 +pxor %xmm1,%xmm12 +psrld $14,%xmm2 +pxor %xmm2,%xmm12 +movdqa 384(%rsp),%xmm1 +movdqa %xmm12,384(%rsp) +movdqa %xmm9,%xmm2 +paddd %xmm7,%xmm2 +movdqa %xmm2,%xmm12 +pslld $18,%xmm2 +pxor %xmm2,%xmm0 +psrld $14,%xmm12 +pxor %xmm12,%xmm0 +movdqa %xmm5,%xmm2 +paddd %xmm1,%xmm2 +movdqa %xmm2,%xmm12 +pslld $7,%xmm2 +pxor %xmm2,%xmm3 +psrld $25,%xmm12 +pxor %xmm12,%xmm3 +movdqa 400(%rsp),%xmm2 +movdqa %xmm0,400(%rsp) +movdqa %xmm6,%xmm0 +paddd %xmm2,%xmm0 +movdqa %xmm0,%xmm12 +pslld $7,%xmm0 +pxor %xmm0,%xmm4 +psrld $25,%xmm12 +pxor %xmm12,%xmm4 +movdqa %xmm1,%xmm0 +paddd %xmm3,%xmm0 +movdqa %xmm0,%xmm12 +pslld $9,%xmm0 +pxor %xmm0,%xmm10 +psrld $23,%xmm12 +pxor %xmm12,%xmm10 +movdqa %xmm2,%xmm0 +paddd %xmm4,%xmm0 +movdqa %xmm0,%xmm12 +pslld $9,%xmm0 +pxor %xmm0,%xmm8 +psrld $23,%xmm12 +pxor %xmm12,%xmm8 +movdqa %xmm3,%xmm0 +paddd %xmm10,%xmm0 +movdqa %xmm0,%xmm12 +pslld $13,%xmm0 +pxor %xmm0,%xmm5 +psrld $19,%xmm12 +pxor %xmm12,%xmm5 +movdqa %xmm4,%xmm0 +paddd %xmm8,%xmm0 +movdqa %xmm0,%xmm12 +pslld $13,%xmm0 +pxor %xmm0,%xmm6 +psrld $19,%xmm12 +pxor %xmm12,%xmm6 +movdqa %xmm10,%xmm0 +paddd %xmm5,%xmm0 +movdqa %xmm0,%xmm12 +pslld $18,%xmm0 +pxor %xmm0,%xmm1 +psrld $14,%xmm12 +pxor %xmm12,%xmm1 +movdqa 384(%rsp),%xmm0 +movdqa %xmm1,384(%rsp) +movdqa %xmm4,%xmm1 +paddd %xmm0,%xmm1 +movdqa %xmm1,%xmm12 +pslld $7,%xmm1 +pxor %xmm1,%xmm7 +psrld $25,%xmm12 +pxor %xmm12,%xmm7 +movdqa %xmm8,%xmm1 +paddd %xmm6,%xmm1 +movdqa %xmm1,%xmm12 +pslld $18,%xmm1 +pxor %xmm1,%xmm2 +psrld $14,%xmm12 +pxor %xmm12,%xmm2 +movdqa 400(%rsp),%xmm12 +movdqa %xmm2,400(%rsp) +movdqa %xmm14,%xmm1 +paddd %xmm12,%xmm1 +movdqa %xmm1,%xmm2 +pslld $7,%xmm1 +pxor %xmm1,%xmm5 +psrld $25,%xmm2 +pxor %xmm2,%xmm5 +movdqa %xmm0,%xmm1 +paddd %xmm7,%xmm1 +movdqa %xmm1,%xmm2 +pslld $9,%xmm1 +pxor %xmm1,%xmm10 +psrld $23,%xmm2 +pxor %xmm2,%xmm10 +movdqa %xmm12,%xmm1 +paddd %xmm5,%xmm1 +movdqa %xmm1,%xmm2 +pslld $9,%xmm1 +pxor %xmm1,%xmm8 +psrld $23,%xmm2 +pxor %xmm2,%xmm8 +movdqa %xmm7,%xmm1 +paddd %xmm10,%xmm1 +movdqa %xmm1,%xmm2 +pslld $13,%xmm1 +pxor %xmm1,%xmm4 +psrld $19,%xmm2 +pxor %xmm2,%xmm4 +movdqa %xmm5,%xmm1 +paddd %xmm8,%xmm1 +movdqa %xmm1,%xmm2 +pslld $13,%xmm1 +pxor %xmm1,%xmm14 +psrld $19,%xmm2 +pxor %xmm2,%xmm14 +movdqa %xmm10,%xmm1 +paddd %xmm4,%xmm1 +movdqa %xmm1,%xmm2 +pslld $18,%xmm1 +pxor %xmm1,%xmm0 +psrld $14,%xmm2 +pxor %xmm2,%xmm0 +movdqa 384(%rsp),%xmm1 +movdqa %xmm0,384(%rsp) +movdqa %xmm8,%xmm0 +paddd %xmm14,%xmm0 +movdqa %xmm0,%xmm2 +pslld $18,%xmm0 +pxor %xmm0,%xmm12 +psrld $14,%xmm2 +pxor %xmm2,%xmm12 +movdqa %xmm11,%xmm0 +paddd %xmm1,%xmm0 +movdqa %xmm0,%xmm2 +pslld $7,%xmm0 +pxor %xmm0,%xmm6 +psrld $25,%xmm2 +pxor %xmm2,%xmm6 +movdqa 400(%rsp),%xmm2 +movdqa %xmm12,400(%rsp) +movdqa %xmm3,%xmm0 +paddd %xmm2,%xmm0 +movdqa %xmm0,%xmm12 +pslld $7,%xmm0 +pxor %xmm0,%xmm13 +psrld $25,%xmm12 +pxor %xmm12,%xmm13 +movdqa %xmm1,%xmm0 +paddd %xmm6,%xmm0 +movdqa %xmm0,%xmm12 +pslld $9,%xmm0 +pxor %xmm0,%xmm15 +psrld $23,%xmm12 +pxor %xmm12,%xmm15 +movdqa %xmm2,%xmm0 +paddd %xmm13,%xmm0 +movdqa %xmm0,%xmm12 +pslld $9,%xmm0 +pxor %xmm0,%xmm9 +psrld $23,%xmm12 +pxor %xmm12,%xmm9 +movdqa %xmm6,%xmm0 +paddd %xmm15,%xmm0 +movdqa %xmm0,%xmm12 +pslld $13,%xmm0 +pxor %xmm0,%xmm11 +psrld $19,%xmm12 +pxor %xmm12,%xmm11 +movdqa %xmm13,%xmm0 +paddd %xmm9,%xmm0 +movdqa %xmm0,%xmm12 +pslld $13,%xmm0 +pxor %xmm0,%xmm3 +psrld $19,%xmm12 +pxor %xmm12,%xmm3 +movdqa %xmm15,%xmm0 +paddd %xmm11,%xmm0 +movdqa %xmm0,%xmm12 +pslld $18,%xmm0 +pxor %xmm0,%xmm1 +psrld $14,%xmm12 +pxor %xmm12,%xmm1 +movdqa %xmm9,%xmm0 +paddd %xmm3,%xmm0 +movdqa %xmm0,%xmm12 +pslld $18,%xmm0 +pxor %xmm0,%xmm2 +psrld $14,%xmm12 +pxor %xmm12,%xmm2 +movdqa 384(%rsp),%xmm12 +movdqa 400(%rsp),%xmm0 +sub $2,%rdx +ja ._mainloop1 + +paddd 176(%rsp),%xmm12 +paddd 240(%rsp),%xmm7 +paddd 288(%rsp),%xmm10 +paddd 336(%rsp),%xmm4 +movd %xmm12,%rdx +movd %xmm7,%rcx +movd %xmm10,%r8 +movd %xmm4,%r9 +pshufd $0x39,%xmm12,%xmm12 +pshufd $0x39,%xmm7,%xmm7 +pshufd $0x39,%xmm10,%xmm10 +pshufd $0x39,%xmm4,%xmm4 +xorl 0(%rsi),%edx +xorl 4(%rsi),%ecx +xorl 8(%rsi),%r8d +xorl 12(%rsi),%r9d +movl %edx,0(%rdi) +movl %ecx,4(%rdi) +movl %r8d,8(%rdi) +movl %r9d,12(%rdi) +movd %xmm12,%rdx +movd %xmm7,%rcx +movd %xmm10,%r8 +movd %xmm4,%r9 +pshufd $0x39,%xmm12,%xmm12 +pshufd $0x39,%xmm7,%xmm7 +pshufd $0x39,%xmm10,%xmm10 +pshufd $0x39,%xmm4,%xmm4 +xorl 64(%rsi),%edx +xorl 68(%rsi),%ecx +xorl 72(%rsi),%r8d +xorl 76(%rsi),%r9d +movl %edx,64(%rdi) +movl %ecx,68(%rdi) +movl %r8d,72(%rdi) +movl %r9d,76(%rdi) +movd %xmm12,%rdx +movd %xmm7,%rcx +movd %xmm10,%r8 +movd %xmm4,%r9 +pshufd $0x39,%xmm12,%xmm12 +pshufd $0x39,%xmm7,%xmm7 +pshufd $0x39,%xmm10,%xmm10 +pshufd $0x39,%xmm4,%xmm4 +xorl 128(%rsi),%edx +xorl 132(%rsi),%ecx +xorl 136(%rsi),%r8d +xorl 140(%rsi),%r9d +movl %edx,128(%rdi) +movl %ecx,132(%rdi) +movl %r8d,136(%rdi) +movl %r9d,140(%rdi) +movd %xmm12,%rdx +movd %xmm7,%rcx +movd %xmm10,%r8 +movd %xmm4,%r9 +xorl 192(%rsi),%edx +xorl 196(%rsi),%ecx +xorl 200(%rsi),%r8d +xorl 204(%rsi),%r9d +movl %edx,192(%rdi) +movl %ecx,196(%rdi) +movl %r8d,200(%rdi) +movl %r9d,204(%rdi) +paddd 304(%rsp),%xmm14 +paddd 128(%rsp),%xmm0 +paddd 192(%rsp),%xmm5 +paddd 256(%rsp),%xmm8 +movd %xmm14,%rdx +movd %xmm0,%rcx +movd %xmm5,%r8 +movd %xmm8,%r9 +pshufd $0x39,%xmm14,%xmm14 +pshufd $0x39,%xmm0,%xmm0 +pshufd $0x39,%xmm5,%xmm5 +pshufd $0x39,%xmm8,%xmm8 +xorl 16(%rsi),%edx +xorl 20(%rsi),%ecx +xorl 24(%rsi),%r8d +xorl 28(%rsi),%r9d +movl %edx,16(%rdi) +movl %ecx,20(%rdi) +movl %r8d,24(%rdi) +movl %r9d,28(%rdi) +movd %xmm14,%rdx +movd %xmm0,%rcx +movd %xmm5,%r8 +movd %xmm8,%r9 +pshufd $0x39,%xmm14,%xmm14 +pshufd $0x39,%xmm0,%xmm0 +pshufd $0x39,%xmm5,%xmm5 +pshufd $0x39,%xmm8,%xmm8 +xorl 80(%rsi),%edx +xorl 84(%rsi),%ecx +xorl 88(%rsi),%r8d +xorl 92(%rsi),%r9d +movl %edx,80(%rdi) +movl %ecx,84(%rdi) +movl %r8d,88(%rdi) +movl %r9d,92(%rdi) +movd %xmm14,%rdx +movd %xmm0,%rcx +movd %xmm5,%r8 +movd %xmm8,%r9 +pshufd $0x39,%xmm14,%xmm14 +pshufd $0x39,%xmm0,%xmm0 +pshufd $0x39,%xmm5,%xmm5 +pshufd $0x39,%xmm8,%xmm8 +xorl 144(%rsi),%edx +xorl 148(%rsi),%ecx +xorl 152(%rsi),%r8d +xorl 156(%rsi),%r9d +movl %edx,144(%rdi) +movl %ecx,148(%rdi) +movl %r8d,152(%rdi) +movl %r9d,156(%rdi) +movd %xmm14,%rdx +movd %xmm0,%rcx +movd %xmm5,%r8 +movd %xmm8,%r9 +xorl 208(%rsi),%edx +xorl 212(%rsi),%ecx +xorl 216(%rsi),%r8d +xorl 220(%rsi),%r9d +movl %edx,208(%rdi) +movl %ecx,212(%rdi) +movl %r8d,216(%rdi) +movl %r9d,220(%rdi) +paddd 352(%rsp),%xmm15 +paddd 368(%rsp),%xmm11 +paddd 144(%rsp),%xmm1 +paddd 208(%rsp),%xmm6 +movd %xmm15,%rdx +movd %xmm11,%rcx +movd %xmm1,%r8 +movd %xmm6,%r9 +pshufd $0x39,%xmm15,%xmm15 +pshufd $0x39,%xmm11,%xmm11 +pshufd $0x39,%xmm1,%xmm1 +pshufd $0x39,%xmm6,%xmm6 +xorl 32(%rsi),%edx +xorl 36(%rsi),%ecx +xorl 40(%rsi),%r8d +xorl 44(%rsi),%r9d +movl %edx,32(%rdi) +movl %ecx,36(%rdi) +movl %r8d,40(%rdi) +movl %r9d,44(%rdi) +movd %xmm15,%rdx +movd %xmm11,%rcx +movd %xmm1,%r8 +movd %xmm6,%r9 +pshufd $0x39,%xmm15,%xmm15 +pshufd $0x39,%xmm11,%xmm11 +pshufd $0x39,%xmm1,%xmm1 +pshufd $0x39,%xmm6,%xmm6 +xorl 96(%rsi),%edx +xorl 100(%rsi),%ecx +xorl 104(%rsi),%r8d +xorl 108(%rsi),%r9d +movl %edx,96(%rdi) +movl %ecx,100(%rdi) +movl %r8d,104(%rdi) +movl %r9d,108(%rdi) +movd %xmm15,%rdx +movd %xmm11,%rcx +movd %xmm1,%r8 +movd %xmm6,%r9 +pshufd $0x39,%xmm15,%xmm15 +pshufd $0x39,%xmm11,%xmm11 +pshufd $0x39,%xmm1,%xmm1 +pshufd $0x39,%xmm6,%xmm6 +xorl 160(%rsi),%edx +xorl 164(%rsi),%ecx +xorl 168(%rsi),%r8d +xorl 172(%rsi),%r9d +movl %edx,160(%rdi) +movl %ecx,164(%rdi) +movl %r8d,168(%rdi) +movl %r9d,172(%rdi) +movd %xmm15,%rdx +movd %xmm11,%rcx +movd %xmm1,%r8 +movd %xmm6,%r9 +xorl 224(%rsi),%edx +xorl 228(%rsi),%ecx +xorl 232(%rsi),%r8d +xorl 236(%rsi),%r9d +movl %edx,224(%rdi) +movl %ecx,228(%rdi) +movl %r8d,232(%rdi) +movl %r9d,236(%rdi) +paddd 224(%rsp),%xmm13 +paddd 272(%rsp),%xmm9 +paddd 320(%rsp),%xmm3 +paddd 160(%rsp),%xmm2 +movd %xmm13,%rdx +movd %xmm9,%rcx +movd %xmm3,%r8 +movd %xmm2,%r9 +pshufd $0x39,%xmm13,%xmm13 +pshufd $0x39,%xmm9,%xmm9 +pshufd $0x39,%xmm3,%xmm3 +pshufd $0x39,%xmm2,%xmm2 +xorl 48(%rsi),%edx +xorl 52(%rsi),%ecx +xorl 56(%rsi),%r8d +xorl 60(%rsi),%r9d +movl %edx,48(%rdi) +movl %ecx,52(%rdi) +movl %r8d,56(%rdi) +movl %r9d,60(%rdi) +movd %xmm13,%rdx +movd %xmm9,%rcx +movd %xmm3,%r8 +movd %xmm2,%r9 +pshufd $0x39,%xmm13,%xmm13 +pshufd $0x39,%xmm9,%xmm9 +pshufd $0x39,%xmm3,%xmm3 +pshufd $0x39,%xmm2,%xmm2 +xorl 112(%rsi),%edx +xorl 116(%rsi),%ecx +xorl 120(%rsi),%r8d +xorl 124(%rsi),%r9d +movl %edx,112(%rdi) +movl %ecx,116(%rdi) +movl %r8d,120(%rdi) +movl %r9d,124(%rdi) +movd %xmm13,%rdx +movd %xmm9,%rcx +movd %xmm3,%r8 +movd %xmm2,%r9 +pshufd $0x39,%xmm13,%xmm13 +pshufd $0x39,%xmm9,%xmm9 +pshufd $0x39,%xmm3,%xmm3 +pshufd $0x39,%xmm2,%xmm2 +xorl 176(%rsi),%edx +xorl 180(%rsi),%ecx +xorl 184(%rsi),%r8d +xorl 188(%rsi),%r9d +movl %edx,176(%rdi) +movl %ecx,180(%rdi) +movl %r8d,184(%rdi) +movl %r9d,188(%rdi) +movd %xmm13,%rdx +movd %xmm9,%rcx +movd %xmm3,%r8 +movd %xmm2,%r9 +xorl 240(%rsi),%edx +xorl 244(%rsi),%ecx +xorl 248(%rsi),%r8d +xorl 252(%rsi),%r9d +movl %edx,240(%rdi) +movl %ecx,244(%rdi) +movl %r8d,248(%rdi) +movl %r9d,252(%rdi) +movq 480(%rsp),%r9 +sub $256,%r9 +add $256,%rsi +add $256,%rdi +cmp $256,%r9 +jae ._bytesatleast256 + +cmp $0,%r9 +jbe ._done + +._bytesbetween1and255: +cmp $64,%r9 +jae ._nocopy + +mov %rdi,%rdx +leaq 0(%rsp),%rdi +mov %r9,%rcx +rep movsb +leaq 0(%rsp),%rdi +leaq 0(%rsp),%rsi + +._nocopy: +movq %r9,480(%rsp) +movdqa 112(%rsp),%xmm0 +movdqa 64(%rsp),%xmm1 +movdqa 80(%rsp),%xmm2 +movdqa 96(%rsp),%xmm3 +movdqa %xmm1,%xmm4 +mov $20,%rcx + +.p2align 4 +._mainloop2: +paddd %xmm0,%xmm4 +movdqa %xmm0,%xmm5 +movdqa %xmm4,%xmm6 +pslld $7,%xmm4 +psrld $25,%xmm6 +pxor %xmm4,%xmm3 +pxor %xmm6,%xmm3 +paddd %xmm3,%xmm5 +movdqa %xmm3,%xmm4 +movdqa %xmm5,%xmm6 +pslld $9,%xmm5 +psrld $23,%xmm6 +pxor %xmm5,%xmm2 +pshufd $0x93,%xmm3,%xmm3 +pxor %xmm6,%xmm2 +paddd %xmm2,%xmm4 +movdqa %xmm2,%xmm5 +movdqa %xmm4,%xmm6 +pslld $13,%xmm4 +psrld $19,%xmm6 +pxor %xmm4,%xmm1 +pshufd $0x4e,%xmm2,%xmm2 +pxor %xmm6,%xmm1 +paddd %xmm1,%xmm5 +movdqa %xmm3,%xmm4 +movdqa %xmm5,%xmm6 +pslld $18,%xmm5 +psrld $14,%xmm6 +pxor %xmm5,%xmm0 +pshufd $0x39,%xmm1,%xmm1 +pxor %xmm6,%xmm0 +paddd %xmm0,%xmm4 +movdqa %xmm0,%xmm5 +movdqa %xmm4,%xmm6 +pslld $7,%xmm4 +psrld $25,%xmm6 +pxor %xmm4,%xmm1 +pxor %xmm6,%xmm1 +paddd %xmm1,%xmm5 +movdqa %xmm1,%xmm4 +movdqa %xmm5,%xmm6 +pslld $9,%xmm5 +psrld $23,%xmm6 +pxor %xmm5,%xmm2 +pshufd $0x93,%xmm1,%xmm1 +pxor %xmm6,%xmm2 +paddd %xmm2,%xmm4 +movdqa %xmm2,%xmm5 +movdqa %xmm4,%xmm6 +pslld $13,%xmm4 +psrld $19,%xmm6 +pxor %xmm4,%xmm3 +pshufd $0x4e,%xmm2,%xmm2 +pxor %xmm6,%xmm3 +paddd %xmm3,%xmm5 +movdqa %xmm1,%xmm4 +movdqa %xmm5,%xmm6 +pslld $18,%xmm5 +psrld $14,%xmm6 +pxor %xmm5,%xmm0 +pshufd $0x39,%xmm3,%xmm3 +pxor %xmm6,%xmm0 +paddd %xmm0,%xmm4 +movdqa %xmm0,%xmm5 +movdqa %xmm4,%xmm6 +pslld $7,%xmm4 +psrld $25,%xmm6 +pxor %xmm4,%xmm3 +pxor %xmm6,%xmm3 +paddd %xmm3,%xmm5 +movdqa %xmm3,%xmm4 +movdqa %xmm5,%xmm6 +pslld $9,%xmm5 +psrld $23,%xmm6 +pxor %xmm5,%xmm2 +pshufd $0x93,%xmm3,%xmm3 +pxor %xmm6,%xmm2 +paddd %xmm2,%xmm4 +movdqa %xmm2,%xmm5 +movdqa %xmm4,%xmm6 +pslld $13,%xmm4 +psrld $19,%xmm6 +pxor %xmm4,%xmm1 +pshufd $0x4e,%xmm2,%xmm2 +pxor %xmm6,%xmm1 +paddd %xmm1,%xmm5 +movdqa %xmm3,%xmm4 +movdqa %xmm5,%xmm6 +pslld $18,%xmm5 +psrld $14,%xmm6 +pxor %xmm5,%xmm0 +pshufd $0x39,%xmm1,%xmm1 +pxor %xmm6,%xmm0 +paddd %xmm0,%xmm4 +movdqa %xmm0,%xmm5 +movdqa %xmm4,%xmm6 +pslld $7,%xmm4 +psrld $25,%xmm6 +pxor %xmm4,%xmm1 +pxor %xmm6,%xmm1 +paddd %xmm1,%xmm5 +movdqa %xmm1,%xmm4 +movdqa %xmm5,%xmm6 +pslld $9,%xmm5 +psrld $23,%xmm6 +pxor %xmm5,%xmm2 +pshufd $0x93,%xmm1,%xmm1 +pxor %xmm6,%xmm2 +paddd %xmm2,%xmm4 +movdqa %xmm2,%xmm5 +movdqa %xmm4,%xmm6 +pslld $13,%xmm4 +psrld $19,%xmm6 +pxor %xmm4,%xmm3 +pshufd $0x4e,%xmm2,%xmm2 +pxor %xmm6,%xmm3 +sub $4,%rcx +paddd %xmm3,%xmm5 +movdqa %xmm1,%xmm4 +movdqa %xmm5,%xmm6 +pslld $18,%xmm5 +pxor %xmm7,%xmm7 +psrld $14,%xmm6 +pxor %xmm5,%xmm0 +pshufd $0x39,%xmm3,%xmm3 +pxor %xmm6,%xmm0 +ja ._mainloop2 + +paddd 112(%rsp),%xmm0 +paddd 64(%rsp),%xmm1 +paddd 80(%rsp),%xmm2 +paddd 96(%rsp),%xmm3 +movd %xmm0,%rcx +movd %xmm1,%r8 +movd %xmm2,%r9 +movd %xmm3,%rax +pshufd $0x39,%xmm0,%xmm0 +pshufd $0x39,%xmm1,%xmm1 +pshufd $0x39,%xmm2,%xmm2 +pshufd $0x39,%xmm3,%xmm3 +xorl 0(%rsi),%ecx +xorl 48(%rsi),%r8d +xorl 32(%rsi),%r9d +xorl 16(%rsi),%eax +movl %ecx,0(%rdi) +movl %r8d,48(%rdi) +movl %r9d,32(%rdi) +movl %eax,16(%rdi) +movd %xmm0,%rcx +movd %xmm1,%r8 +movd %xmm2,%r9 +movd %xmm3,%rax +pshufd $0x39,%xmm0,%xmm0 +pshufd $0x39,%xmm1,%xmm1 +pshufd $0x39,%xmm2,%xmm2 +pshufd $0x39,%xmm3,%xmm3 +xorl 20(%rsi),%ecx +xorl 4(%rsi),%r8d +xorl 52(%rsi),%r9d +xorl 36(%rsi),%eax +movl %ecx,20(%rdi) +movl %r8d,4(%rdi) +movl %r9d,52(%rdi) +movl %eax,36(%rdi) +movd %xmm0,%rcx +movd %xmm1,%r8 +movd %xmm2,%r9 +movd %xmm3,%rax +pshufd $0x39,%xmm0,%xmm0 +pshufd $0x39,%xmm1,%xmm1 +pshufd $0x39,%xmm2,%xmm2 +pshufd $0x39,%xmm3,%xmm3 +xorl 40(%rsi),%ecx +xorl 24(%rsi),%r8d +xorl 8(%rsi),%r9d +xorl 56(%rsi),%eax +movl %ecx,40(%rdi) +movl %r8d,24(%rdi) +movl %r9d,8(%rdi) +movl %eax,56(%rdi) +movd %xmm0,%rcx +movd %xmm1,%r8 +movd %xmm2,%r9 +movd %xmm3,%rax +xorl 60(%rsi),%ecx +xorl 44(%rsi),%r8d +xorl 28(%rsi),%r9d +xorl 12(%rsi),%eax +movl %ecx,60(%rdi) +movl %r8d,44(%rdi) +movl %r9d,28(%rdi) +movl %eax,12(%rdi) +movq 480(%rsp),%r9 +movq 472(%rsp),%rcx +add $1,%rcx +mov %rcx,%r8 +shr $32,%r8 +movl %ecx,80(%rsp) +movl %r8d,4+96(%rsp) +movq %rcx,472(%rsp) +cmp $64,%r9 +ja ._bytesatleast65 +jae ._bytesatleast64 + +mov %rdi,%rsi +mov %rdx,%rdi +mov %r9,%rcx +rep movsb + +._bytesatleast64: +._done: +movq 416(%rsp),%r11 +movq 424(%rsp),%r12 +movq 432(%rsp),%r13 +movq 440(%rsp),%r14 +movq 448(%rsp),%r15 +movq 456(%rsp),%rbx +movq 464(%rsp),%rbp +add %r11,%rsp +xor %rax,%rax +mov %rsi,%rdx +ret + +._bytesatleast65: +sub $64,%r9 +add $64,%rdi +add $64,%rsi +jmp ._bytesbetween1and255 + +#endif + +#if defined(__linux__) && defined(__ELF__) +.section .note.GNU-stack,"",%progbits +#endif + +.globl consts_S_dummy diff --git a/sodium/sodium_sandy2x.S b/sodium/sodium_sandy2x.S new file mode 100644 index 00000000..49031f08 --- /dev/null +++ b/sodium/sodium_sandy2x.S @@ -0,0 +1,19 @@ + +#ifdef NETCODE_AVX + +#define IN_SANDY2X + +#include "sodium_sandy2x_consts.S" +#include "sodium_sandy2x_fe51_mul.S" +#include "sodium_sandy2x_fe51_nsquare.S" +#include "sodium_sandy2x_fe51_pack.S" +#include "sodium_sandy2x_ladder.S" +#include "sodium_sandy2x_ladder_base.S" + +#if defined(__linux__) && defined(__ELF__) +.section .note.GNU-stack,"",%progbits +#endif + +#endif + +.globl consts_S_dummy diff --git a/sodium/sodium_sandy2x_consts.S b/sodium/sodium_sandy2x_consts.S new file mode 100644 index 00000000..7cd6c3b7 --- /dev/null +++ b/sodium/sodium_sandy2x_consts.S @@ -0,0 +1,27 @@ +#ifdef IN_SANDY2X + +/* + REDMASK51 is from amd64-51/consts.s. +*/ + +#include "sodium_sandy2x_consts_namespace.h" +.data +.p2align 4 +v0_0: .quad 0, 0 +v1_0: .quad 1, 0 +v2_1: .quad 2, 1 +v9_0: .quad 9, 0 +v9_9: .quad 9, 9 +v19_19: .quad 19, 19 +v38_1: .quad 38, 1 +v38_38: .quad 38, 38 +v121666_121666: .quad 121666, 121666 +m25: .quad 33554431, 33554431 +m26: .quad 67108863, 67108863 +subc0: .quad 0x07FFFFDA, 0x03FFFFFE +subc2: .quad 0x07FFFFFE, 0x03FFFFFE +REDMASK51: .quad 0x0007FFFFFFFFFFFF + +#endif + +.globl consts_S_dummy diff --git a/sodium/sodium_sandy2x_consts_namespace.h b/sodium/sodium_sandy2x_consts_namespace.h new file mode 100644 index 00000000..9f81fa61 --- /dev/null +++ b/sodium/sodium_sandy2x_consts_namespace.h @@ -0,0 +1,20 @@ +#ifndef consts_namespace_H +#define consts_namespace_H + +#define v0_0 crypto_scalarmult_curve25519_sandy2x_v0_0 +#define v1_0 crypto_scalarmult_curve25519_sandy2x_v1_0 +#define v2_1 crypto_scalarmult_curve25519_sandy2x_v2_1 +#define v9_0 crypto_scalarmult_curve25519_sandy2x_v9_0 +#define v9_9 crypto_scalarmult_curve25519_sandy2x_v9_9 +#define v19_19 crypto_scalarmult_curve25519_sandy2x_v19_19 +#define v38_1 crypto_scalarmult_curve25519_sandy2x_v38_1 +#define v38_38 crypto_scalarmult_curve25519_sandy2x_v38_38 +#define v121666_121666 crypto_scalarmult_curve25519_sandy2x_v121666_121666 +#define m25 crypto_scalarmult_curve25519_sandy2x_m25 +#define m26 crypto_scalarmult_curve25519_sandy2x_m26 +#define subc0 crypto_scalarmult_curve25519_sandy2x_subc0 +#define subc2 crypto_scalarmult_curve25519_sandy2x_subc2 +#define REDMASK51 crypto_scalarmult_curve25519_sandy2x_REDMASK51 + +#endif /* ifndef consts_namespace_H */ + diff --git a/sodium/sodium_sandy2x_curve25519.c b/sodium/sodium_sandy2x_curve25519.c new file mode 100644 index 00000000..9f83b5ca --- /dev/null +++ b/sodium/sodium_sandy2x_curve25519.c @@ -0,0 +1,118 @@ +/* + This file is adapted from ref10/scalarmult.c: + The code for Mongomery ladder is replace by the ladder assembly function; + Inversion is done in the same way as amd64-51/. + (fe is first converted into fe51 after Mongomery ladder) +*/ + +#include + +#include "sodium_private_common.h" + +#ifdef HAVE_AVX_ASM + +#include "sodium_utils.h" +#include "sodium_sandy2x_curve25519.h" +#include "sodium_scalarmult_curve25519.h" +#include "sodium_sandy2x_fe.h" +#include "sodium_sandy2x_fe51.h" +#include "sodium_sandy2x_ladder.h" +#include "sodium_sandy2x_ladder_base.h" + +#define x1 var[0] +#define x2 var[1] +#define z2 var[2] + +static int +crypto_scalarmult_curve25519_sandy2x(unsigned char *q, const unsigned char *n, + const unsigned char *p) +{ + unsigned char *t = q; + fe var[3]; + fe51 x_51; + fe51 z_51; + unsigned int i; + + for (i = 0; i < 32; i++) { + t[i] = n[i]; + } + t[0] &= 248; + t[31] &= 127; + t[31] |= 64; + + fe_frombytes(x1, p); + + ladder(var, t); + + z_51.v[0] = (z2[1] << 26) + z2[0]; + z_51.v[1] = (z2[3] << 26) + z2[2]; + z_51.v[2] = (z2[5] << 26) + z2[4]; + z_51.v[3] = (z2[7] << 26) + z2[6]; + z_51.v[4] = (z2[9] << 26) + z2[8]; + + x_51.v[0] = (x2[1] << 26) + x2[0]; + x_51.v[1] = (x2[3] << 26) + x2[2]; + x_51.v[2] = (x2[5] << 26) + x2[4]; + x_51.v[3] = (x2[7] << 26) + x2[6]; + x_51.v[4] = (x2[9] << 26) + x2[8]; + + fe51_invert(&z_51, &z_51); + fe51_mul(&x_51, &x_51, &z_51); + fe51_pack(q, &x_51); + + return 0; +} + +#undef x2 +#undef z2 + +#define x2 var[0] +#define z2 var[1] + +static int +crypto_scalarmult_curve25519_sandy2x_base(unsigned char *q, + const unsigned char *n) +{ + unsigned char *t = q; + fe var[3]; + fe51 x_51; + fe51 z_51; + unsigned int i; + + for (i = 0;i < 32; i++) { + t[i] = n[i]; + } + t[0] &= 248; + t[31] &= 127; + t[31] |= 64; + + ladder_base(var, t); + + z_51.v[0] = (z2[1] << 26) + z2[0]; + z_51.v[1] = (z2[3] << 26) + z2[2]; + z_51.v[2] = (z2[5] << 26) + z2[4]; + z_51.v[3] = (z2[7] << 26) + z2[6]; + z_51.v[4] = (z2[9] << 26) + z2[8]; + + x_51.v[0] = (x2[1] << 26) + x2[0]; + x_51.v[1] = (x2[3] << 26) + x2[2]; + x_51.v[2] = (x2[5] << 26) + x2[4]; + x_51.v[3] = (x2[7] << 26) + x2[6]; + x_51.v[4] = (x2[9] << 26) + x2[8]; + + fe51_invert(&z_51, &z_51); + fe51_mul(&x_51, &x_51, &z_51); + fe51_pack(q, &x_51); + + return 0; +} + +struct crypto_scalarmult_curve25519_implementation +crypto_scalarmult_curve25519_sandy2x_implementation = { + SODIUM_C99(.mult = ) crypto_scalarmult_curve25519_sandy2x, + SODIUM_C99(.mult_base = ) crypto_scalarmult_curve25519_sandy2x_base +}; + +#endif + +int curve_25519_sandy2x_link_warning_dummy = 0; diff --git a/sodium/sodium_sandy2x_curve25519.h b/sodium/sodium_sandy2x_curve25519.h new file mode 100644 index 00000000..df7e8a51 --- /dev/null +++ b/sodium/sodium_sandy2x_curve25519.h @@ -0,0 +1,9 @@ +#ifndef curve25519_sandy2x_H +#define curve25519_sandy2x_H + +#include "sodium_crypto_scalarmult_curve25519.h" + +extern struct crypto_scalarmult_curve25519_implementation + crypto_scalarmult_curve25519_sandy2x_implementation; + +#endif diff --git a/sodium/sodium_sandy2x_fe.h b/sodium/sodium_sandy2x_fe.h new file mode 100644 index 00000000..b1115f86 --- /dev/null +++ b/sodium/sodium_sandy2x_fe.h @@ -0,0 +1,26 @@ +/* + This file is adapted from ref10/fe.h: + All the redundant functions are removed. +*/ + +#ifndef fe_H +#define fe_H + +#include +#include + +typedef uint64_t fe[10]; + +/* +fe means field element. +Here the field is \Z/(2^255-19). +An element t, entries t[0]...t[9], represents the integer +t[0]+2^26 t[1]+2^51 t[2]+2^77 t[3]+2^102 t[4]+...+2^230 t[9]. +Bounds on each t[i] vary depending on context. +*/ + +#define fe_frombytes crypto_scalarmult_curve25519_sandy2x_fe_frombytes + +extern void fe_frombytes(fe, const unsigned char *); + +#endif diff --git a/sodium/sodium_sandy2x_fe51.h b/sodium/sodium_sandy2x_fe51.h new file mode 100644 index 00000000..cfb3109e --- /dev/null +++ b/sodium/sodium_sandy2x_fe51.h @@ -0,0 +1,35 @@ +/* + This file is adapted from amd64-51/fe25519.h: + 'fe25519' is renamed as 'fe51'; + All the redundant functions are removed; + New function fe51_nsquare is introduced. +*/ + +#ifndef fe51_H +#define fe51_H + +#ifdef __cplusplus +extern "C" { +#endif + +#include +#include + +#include "sodium_sandy2x_fe51_namespace.h" + +typedef struct +{ + uint64_t v[5]; +} +fe51; + +extern void fe51_pack(unsigned char *, const fe51 *); +extern void fe51_mul(fe51 *, const fe51 *, const fe51 *); +extern void fe51_nsquare(fe51 *, const fe51 *, int); +extern void fe51_invert(fe51 *, const fe51 *); + +#ifdef __cplusplus +} +#endif + +#endif diff --git a/sodium/sodium_sandy2x_fe51_invert.c b/sodium/sodium_sandy2x_fe51_invert.c new file mode 100644 index 00000000..52784d52 --- /dev/null +++ b/sodium/sodium_sandy2x_fe51_invert.c @@ -0,0 +1,61 @@ +/* + This file is adapted from amd64-51/fe25519_invert.c: + Loops of squares are replaced by nsquares for better performance. +*/ + +#include "sodium_sandy2x_fe51.h" +#include "sodium_private_common.h" + +#ifdef HAVE_AVX_ASM + +#define fe51_square(x, y) fe51_nsquare(x, y, 1) + +void +fe51_invert(fe51 *r, const fe51 *x) +{ + fe51 z2; + fe51 z9; + fe51 z11; + fe51 z2_5_0; + fe51 z2_10_0; + fe51 z2_20_0; + fe51 z2_50_0; + fe51 z2_100_0; + fe51 t; + + /* 2 */ fe51_square(&z2,x); + /* 4 */ fe51_square(&t,&z2); + /* 8 */ fe51_square(&t,&t); + /* 9 */ fe51_mul(&z9,&t,x); + /* 11 */ fe51_mul(&z11,&z9,&z2); + /* 22 */ fe51_square(&t,&z11); + /* 2^5 - 2^0 = 31 */ fe51_mul(&z2_5_0,&t,&z9); + + /* 2^10 - 2^5 */ fe51_nsquare(&t,&z2_5_0, 5); + /* 2^10 - 2^0 */ fe51_mul(&z2_10_0,&t,&z2_5_0); + + /* 2^20 - 2^10 */ fe51_nsquare(&t,&z2_10_0, 10); + /* 2^20 - 2^0 */ fe51_mul(&z2_20_0,&t,&z2_10_0); + + /* 2^40 - 2^20 */ fe51_nsquare(&t,&z2_20_0, 20); + /* 2^40 - 2^0 */ fe51_mul(&t,&t,&z2_20_0); + + /* 2^50 - 2^10 */ fe51_nsquare(&t,&t,10); + /* 2^50 - 2^0 */ fe51_mul(&z2_50_0,&t,&z2_10_0); + + /* 2^100 - 2^50 */ fe51_nsquare(&t,&z2_50_0, 50); + /* 2^100 - 2^0 */ fe51_mul(&z2_100_0,&t,&z2_50_0); + + /* 2^200 - 2^100 */ fe51_nsquare(&t,&z2_100_0, 100); + /* 2^200 - 2^0 */ fe51_mul(&t,&t,&z2_100_0); + + /* 2^250 - 2^50 */ fe51_nsquare(&t,&t, 50); + /* 2^250 - 2^0 */ fe51_mul(&t,&t,&z2_50_0); + + /* 2^255 - 2^5 */ fe51_nsquare(&t,&t,5); + /* 2^255 - 21 */ fe51_mul(r,&t,&z11); +} + +#endif + +int fe51_invert_link_warning_dummy = 0; diff --git a/sodium/sodium_sandy2x_fe51_mul.S b/sodium/sodium_sandy2x_fe51_mul.S new file mode 100644 index 00000000..c2a5739e --- /dev/null +++ b/sodium/sodium_sandy2x_fe51_mul.S @@ -0,0 +1,199 @@ +#ifdef IN_SANDY2X + +/* + This file is basically amd64-51/fe25519_mul.s. +*/ +#include "sodium_sandy2x_fe51_namespace.h" +#include "sodium_sandy2x_consts_namespace.h" +.text +.p2align 5 +#ifdef ASM_HIDE_SYMBOL +ASM_HIDE_SYMBOL fe51_mul +ASM_HIDE_SYMBOL _fe51_mul +#endif +.globl fe51_mul +.globl _fe51_mul +#ifdef __ELF__ +.type fe51_mul, @function +.type _fe51_mul, @function +#endif +fe51_mul: +_fe51_mul: +mov %rsp,%r11 +and $31,%r11 +add $96,%r11 +sub %r11,%rsp +movq %r11,0(%rsp) +movq %r12,8(%rsp) +movq %r13,16(%rsp) +movq %r14,24(%rsp) +movq %r15,32(%rsp) +movq %rbx,40(%rsp) +movq %rbp,48(%rsp) +movq %rdi,56(%rsp) +mov %rdx,%rcx +movq 24(%rsi),%rdx +imulq $19,%rdx,%rax +movq %rax,64(%rsp) +mulq 16(%rcx) +mov %rax,%r8 +mov %rdx,%r9 +movq 32(%rsi),%rdx +imulq $19,%rdx,%rax +movq %rax,72(%rsp) +mulq 8(%rcx) +add %rax,%r8 +adc %rdx,%r9 +movq 0(%rsi),%rax +mulq 0(%rcx) +add %rax,%r8 +adc %rdx,%r9 +movq 0(%rsi),%rax +mulq 8(%rcx) +mov %rax,%r10 +mov %rdx,%r11 +movq 0(%rsi),%rax +mulq 16(%rcx) +mov %rax,%r12 +mov %rdx,%r13 +movq 0(%rsi),%rax +mulq 24(%rcx) +mov %rax,%r14 +mov %rdx,%r15 +movq 0(%rsi),%rax +mulq 32(%rcx) +mov %rax,%rbx +mov %rdx,%rbp +movq 8(%rsi),%rax +mulq 0(%rcx) +add %rax,%r10 +adc %rdx,%r11 +movq 8(%rsi),%rax +mulq 8(%rcx) +add %rax,%r12 +adc %rdx,%r13 +movq 8(%rsi),%rax +mulq 16(%rcx) +add %rax,%r14 +adc %rdx,%r15 +movq 8(%rsi),%rax +mulq 24(%rcx) +add %rax,%rbx +adc %rdx,%rbp +movq 8(%rsi),%rdx +imulq $19,%rdx,%rax +mulq 32(%rcx) +add %rax,%r8 +adc %rdx,%r9 +movq 16(%rsi),%rax +mulq 0(%rcx) +add %rax,%r12 +adc %rdx,%r13 +movq 16(%rsi),%rax +mulq 8(%rcx) +add %rax,%r14 +adc %rdx,%r15 +movq 16(%rsi),%rax +mulq 16(%rcx) +add %rax,%rbx +adc %rdx,%rbp +movq 16(%rsi),%rdx +imulq $19,%rdx,%rax +mulq 24(%rcx) +add %rax,%r8 +adc %rdx,%r9 +movq 16(%rsi),%rdx +imulq $19,%rdx,%rax +mulq 32(%rcx) +add %rax,%r10 +adc %rdx,%r11 +movq 24(%rsi),%rax +mulq 0(%rcx) +add %rax,%r14 +adc %rdx,%r15 +movq 24(%rsi),%rax +mulq 8(%rcx) +add %rax,%rbx +adc %rdx,%rbp +movq 64(%rsp),%rax +mulq 24(%rcx) +add %rax,%r10 +adc %rdx,%r11 +movq 64(%rsp),%rax +mulq 32(%rcx) +add %rax,%r12 +adc %rdx,%r13 +movq 32(%rsi),%rax +mulq 0(%rcx) +add %rax,%rbx +adc %rdx,%rbp +movq 72(%rsp),%rax +mulq 16(%rcx) +add %rax,%r10 +adc %rdx,%r11 +movq 72(%rsp),%rax +mulq 24(%rcx) +add %rax,%r12 +adc %rdx,%r13 +movq 72(%rsp),%rax +mulq 32(%rcx) +add %rax,%r14 +adc %rdx,%r15 +movq REDMASK51(%rip),%rsi +shld $13,%r8,%r9 +and %rsi,%r8 +shld $13,%r10,%r11 +and %rsi,%r10 +add %r9,%r10 +shld $13,%r12,%r13 +and %rsi,%r12 +add %r11,%r12 +shld $13,%r14,%r15 +and %rsi,%r14 +add %r13,%r14 +shld $13,%rbx,%rbp +and %rsi,%rbx +add %r15,%rbx +imulq $19,%rbp,%rdx +add %rdx,%r8 +mov %r8,%rdx +shr $51,%rdx +add %r10,%rdx +mov %rdx,%rcx +shr $51,%rdx +and %rsi,%r8 +add %r12,%rdx +mov %rdx,%r9 +shr $51,%rdx +and %rsi,%rcx +add %r14,%rdx +mov %rdx,%rax +shr $51,%rdx +and %rsi,%r9 +add %rbx,%rdx +mov %rdx,%r10 +shr $51,%rdx +and %rsi,%rax +imulq $19,%rdx,%rdx +add %rdx,%r8 +and %rsi,%r10 +movq %r8,0(%rdi) +movq %rcx,8(%rdi) +movq %r9,16(%rdi) +movq %rax,24(%rdi) +movq %r10,32(%rdi) +movq 0(%rsp),%r11 +movq 8(%rsp),%r12 +movq 16(%rsp),%r13 +movq 24(%rsp),%r14 +movq 32(%rsp),%r15 +movq 40(%rsp),%rbx +movq 48(%rsp),%rbp +add %r11,%rsp +mov %rdi,%rax +mov %rsi,%rdx +ret + +#endif + +.globl fe51_mul_S_dummy diff --git a/sodium/sodium_sandy2x_fe51_namespace.h b/sodium/sodium_sandy2x_fe51_namespace.h new file mode 100644 index 00000000..057f242c --- /dev/null +++ b/sodium/sodium_sandy2x_fe51_namespace.h @@ -0,0 +1,16 @@ +#ifndef fe51_namespace_H +#define fe51_namespace_H + +#define fe51 crypto_scalarmult_curve25519_sandy2x_fe51 +#define _fe51 _crypto_scalarmult_curve25519_sandy2x_fe51 +#define fe51_pack crypto_scalarmult_curve25519_sandy2x_fe51_pack +#define _fe51_pack _crypto_scalarmult_curve25519_sandy2x_fe51_pack +#define fe51_mul crypto_scalarmult_curve25519_sandy2x_fe51_mul +#define _fe51_mul _crypto_scalarmult_curve25519_sandy2x_fe51_mul +#define fe51_nsquare crypto_scalarmult_curve25519_sandy2x_fe51_nsquare +#define _fe51_nsquare _crypto_scalarmult_curve25519_sandy2x_fe51_nsquare + +#define fe51_invert crypto_scalarmult_curve25519_sandy2x_fe51_invert + +#endif /* ifndef fe51_namespace_H */ + diff --git a/sodium/sodium_sandy2x_fe51_nsquare.S b/sodium/sodium_sandy2x_fe51_nsquare.S new file mode 100644 index 00000000..7751a75c --- /dev/null +++ b/sodium/sodium_sandy2x_fe51_nsquare.S @@ -0,0 +1,174 @@ +#ifdef IN_SANDY2X + +/* + This file is adapted from amd64-51/fe25519_square.s: + Adding loop to perform n squares. +*/ +#include "sodium_sandy2x_fe51_namespace.h" +#include "sodium_sandy2x_consts_namespace.h" +.p2align 5 + +#ifdef ASM_HIDE_SYMBOL +ASM_HIDE_SYMBOL fe51_nsquare +ASM_HIDE_SYMBOL _fe51_nsquare +#endif +.globl fe51_nsquare +.globl _fe51_nsquare +#ifdef __ELF__ +.type fe51_nsquare, @function +.type _fe51_nsquare, @function +#endif +fe51_nsquare: +_fe51_nsquare: + +mov %rsp,%r11 +and $31,%r11 +add $64,%r11 +sub %r11,%rsp +movq %r11,0(%rsp) +movq %r12,8(%rsp) +movq %r13,16(%rsp) +movq %r14,24(%rsp) +movq %r15,32(%rsp) +movq %rbx,40(%rsp) +movq %rbp,48(%rsp) +movq 0(%rsi),%rcx +movq 8(%rsi),%r8 +movq 16(%rsi),%r9 +movq 24(%rsi),%rax +movq 32(%rsi),%rsi +movq %r9,16(%rdi) +movq %rax,24(%rdi) +movq %rsi,32(%rdi) +mov %rdx,%rsi + +.p2align 4 +._loop: +sub $1,%rsi +mov %rcx,%rax +mul %rcx +add %rcx,%rcx +mov %rax,%r9 +mov %rdx,%r10 +mov %rcx,%rax +mul %r8 +mov %rax,%r11 +mov %rdx,%r12 +mov %rcx,%rax +mulq 16(%rdi) +mov %rax,%r13 +mov %rdx,%r14 +mov %rcx,%rax +mulq 24(%rdi) +mov %rax,%r15 +mov %rdx,%rbx +mov %rcx,%rax +mulq 32(%rdi) +mov %rax,%rcx +mov %rdx,%rbp +mov %r8,%rax +mul %r8 +add %r8,%r8 +add %rax,%r13 +adc %rdx,%r14 +mov %r8,%rax +mulq 16(%rdi) +add %rax,%r15 +adc %rdx,%rbx +mov %r8,%rax +imulq $19, %r8,%r8 +mulq 24(%rdi) +add %rax,%rcx +adc %rdx,%rbp +mov %r8,%rax +mulq 32(%rdi) +add %rax,%r9 +adc %rdx,%r10 +movq 16(%rdi),%rax +mulq 16(%rdi) +add %rax,%rcx +adc %rdx,%rbp +shld $13,%rcx,%rbp +movq 16(%rdi),%rax +imulq $38, %rax,%rax +mulq 24(%rdi) +add %rax,%r9 +adc %rdx,%r10 +shld $13,%r9,%r10 +movq 16(%rdi),%rax +imulq $38, %rax,%rax +mulq 32(%rdi) +add %rax,%r11 +adc %rdx,%r12 +movq 24(%rdi),%rax +imulq $19, %rax,%rax +mulq 24(%rdi) +add %rax,%r11 +adc %rdx,%r12 +shld $13,%r11,%r12 +movq 24(%rdi),%rax +imulq $38, %rax,%rax +mulq 32(%rdi) +add %rax,%r13 +adc %rdx,%r14 +shld $13,%r13,%r14 +movq 32(%rdi),%rax +imulq $19, %rax,%rax +mulq 32(%rdi) +add %rax,%r15 +adc %rdx,%rbx +shld $13,%r15,%rbx +movq REDMASK51(%rip),%rdx +and %rdx,%rcx +add %rbx,%rcx +and %rdx,%r9 +and %rdx,%r11 +add %r10,%r11 +and %rdx,%r13 +add %r12,%r13 +and %rdx,%r15 +add %r14,%r15 +imulq $19, %rbp,%rbp +lea (%r9,%rbp),%r9 +mov %r9,%rax +shr $51,%r9 +add %r11,%r9 +and %rdx,%rax +mov %r9,%r8 +shr $51,%r9 +add %r13,%r9 +and %rdx,%r8 +mov %r9,%r10 +shr $51,%r9 +add %r15,%r9 +and %rdx,%r10 +movq %r10,16(%rdi) +mov %r9,%r10 +shr $51,%r9 +add %rcx,%r9 +and %rdx,%r10 +movq %r10,24(%rdi) +mov %r9,%r10 +shr $51,%r9 +imulq $19, %r9,%r9 +lea (%rax,%r9),%rcx +and %rdx,%r10 +movq %r10,32(%rdi) +cmp $0,%rsi +jne ._loop + +movq %rcx,0(%rdi) +movq %r8,8(%rdi) +movq 0(%rsp),%r11 +movq 8(%rsp),%r12 +movq 16(%rsp),%r13 +movq 24(%rsp),%r14 +movq 32(%rsp),%r15 +movq 40(%rsp),%rbx +movq 48(%rsp),%rbp +add %r11,%rsp +ret + +#endif + +.globl fe51_nsquare_S_dummy diff --git a/sodium/sodium_sandy2x_fe51_pack.S b/sodium/sodium_sandy2x_fe51_pack.S new file mode 100644 index 00000000..89cff563 --- /dev/null +++ b/sodium/sodium_sandy2x_fe51_pack.S @@ -0,0 +1,228 @@ +#ifdef IN_SANDY2X + +/* + This file is the result of merging + amd64-51/fe25519_pack.c and amd64-51/fe25519_freeze.s. +*/ +#include "sodium_sandy2x_fe51_namespace.h" +#include "sodium_sandy2x_consts_namespace.h" +.p2align 5 + +#ifdef ASM_HIDE_SYMBOL +ASM_HIDE_SYMBOL fe51_pack +ASM_HIDE_SYMBOL _fe51_pack +#endif +.globl fe51_pack +.globl _fe51_pack +#ifdef __ELF__ +.type fe51_pack, @function +.type _fe51_pack, @function +#endif +fe51_pack: +_fe51_pack: + +mov %rsp,%r11 +and $31,%r11 +add $32,%r11 +sub %r11,%rsp +movq %r11,0(%rsp) +movq %r12,8(%rsp) +movq 0(%rsi),%rdx +movq 8(%rsi),%rcx +movq 16(%rsi),%r8 +movq 24(%rsi),%r9 +movq 32(%rsi),%rsi +movq REDMASK51(%rip),%rax +lea -18(%rax),%r10 +mov $3,%r11 + +.p2align 4 +._reduceloop: +mov %rdx,%r12 +shr $51,%r12 +and %rax,%rdx +add %r12,%rcx +mov %rcx,%r12 +shr $51,%r12 +and %rax,%rcx +add %r12,%r8 +mov %r8,%r12 +shr $51,%r12 +and %rax,%r8 +add %r12,%r9 +mov %r9,%r12 +shr $51,%r12 +and %rax,%r9 +add %r12,%rsi +mov %rsi,%r12 +shr $51,%r12 +and %rax,%rsi +imulq $19, %r12,%r12 +add %r12,%rdx +sub $1,%r11 +ja ._reduceloop + +mov $1,%r12 +cmp %r10,%rdx +cmovl %r11,%r12 +cmp %rax,%rcx +cmovne %r11,%r12 +cmp %rax,%r8 +cmovne %r11,%r12 +cmp %rax,%r9 +cmovne %r11,%r12 +cmp %rax,%rsi +cmovne %r11,%r12 +neg %r12 +and %r12,%rax +and %r12,%r10 +sub %r10,%rdx +sub %rax,%rcx +sub %rax,%r8 +sub %rax,%r9 +sub %rax,%rsi +mov %rdx,%rax +and $0xFF,%eax +movb %al,0(%rdi) +mov %rdx,%rax +shr $8,%rax +and $0xFF,%eax +movb %al,1(%rdi) +mov %rdx,%rax +shr $16,%rax +and $0xFF,%eax +movb %al,2(%rdi) +mov %rdx,%rax +shr $24,%rax +and $0xFF,%eax +movb %al,3(%rdi) +mov %rdx,%rax +shr $32,%rax +and $0xFF,%eax +movb %al,4(%rdi) +mov %rdx,%rax +shr $40,%rax +and $0xFF,%eax +movb %al,5(%rdi) +mov %rdx,%rdx +shr $48,%rdx +mov %rcx,%rax +shl $3,%rax +and $0xF8,%eax +xor %rdx,%rax +movb %al,6(%rdi) +mov %rcx,%rdx +shr $5,%rdx +and $0xFF,%edx +movb %dl,7(%rdi) +mov %rcx,%rdx +shr $13,%rdx +and $0xFF,%edx +movb %dl,8(%rdi) +mov %rcx,%rdx +shr $21,%rdx +and $0xFF,%edx +movb %dl,9(%rdi) +mov %rcx,%rdx +shr $29,%rdx +and $0xFF,%edx +movb %dl,10(%rdi) +mov %rcx,%rdx +shr $37,%rdx +and $0xFF,%edx +movb %dl,11(%rdi) +mov %rcx,%rdx +shr $45,%rdx +mov %r8,%rcx +shl $6,%rcx +and $0xC0,%ecx +xor %rdx,%rcx +movb %cl,12(%rdi) +mov %r8,%rdx +shr $2,%rdx +and $0xFF,%edx +movb %dl,13(%rdi) +mov %r8,%rdx +shr $10,%rdx +and $0xFF,%edx +movb %dl,14(%rdi) +mov %r8,%rdx +shr $18,%rdx +and $0xFF,%edx +movb %dl,15(%rdi) +mov %r8,%rdx +shr $26,%rdx +and $0xFF,%edx +movb %dl,16(%rdi) +mov %r8,%rdx +shr $34,%rdx +and $0xFF,%edx +movb %dl,17(%rdi) +mov %r8,%rdx +shr $42,%rdx +movb %dl,18(%rdi) +mov %r8,%rdx +shr $50,%rdx +mov %r9,%rcx +shl $1,%rcx +and $0xFE,%ecx +xor %rdx,%rcx +movb %cl,19(%rdi) +mov %r9,%rdx +shr $7,%rdx +and $0xFF,%edx +movb %dl,20(%rdi) +mov %r9,%rdx +shr $15,%rdx +and $0xFF,%edx +movb %dl,21(%rdi) +mov %r9,%rdx +shr $23,%rdx +and $0xFF,%edx +movb %dl,22(%rdi) +mov %r9,%rdx +shr $31,%rdx +and $0xFF,%edx +movb %dl,23(%rdi) +mov %r9,%rdx +shr $39,%rdx +and $0xFF,%edx +movb %dl,24(%rdi) +mov %r9,%rdx +shr $47,%rdx +mov %rsi,%rcx +shl $4,%rcx +and $0xF0,%ecx +xor %rdx,%rcx +movb %cl,25(%rdi) +mov %rsi,%rdx +shr $4,%rdx +and $0xFF,%edx +movb %dl,26(%rdi) +mov %rsi,%rdx +shr $12,%rdx +and $0xFF,%edx +movb %dl,27(%rdi) +mov %rsi,%rdx +shr $20,%rdx +and $0xFF,%edx +movb %dl,28(%rdi) +mov %rsi,%rdx +shr $28,%rdx +and $0xFF,%edx +movb %dl,29(%rdi) +mov %rsi,%rdx +shr $36,%rdx +and $0xFF,%edx +movb %dl,30(%rdi) +mov %rsi,%rsi +shr $44,%rsi +movb %sil,31(%rdi) +movq 0(%rsp),%r11 +movq 8(%rsp),%r12 +add %r11,%rsp +ret + +#endif + +.globl fe51_pack_S_dummy diff --git a/sodium/sodium_sandy2x_fe_frombytes.c b/sodium/sodium_sandy2x_fe_frombytes.c new file mode 100644 index 00000000..7973b8a9 --- /dev/null +++ b/sodium/sodium_sandy2x_fe_frombytes.c @@ -0,0 +1,81 @@ +/* + This file is basically ref10/fe_frombytes.h. +*/ + +#include "sodium_sandy2x_fe.h" +#include "sodium_private_common.h" + +#ifdef HAVE_AVX_ASM + +static uint64_t +load_3(const unsigned char *in) +{ + uint64_t result; + result = (uint64_t) in[0]; + result |= ((uint64_t) in[1]) << 8; + result |= ((uint64_t) in[2]) << 16; + return result; +} + +static uint64_t +load_4(const unsigned char *in) +{ + uint64_t result; + result = (uint64_t) in[0]; + result |= ((uint64_t) in[1]) << 8; + result |= ((uint64_t) in[2]) << 16; + result |= ((uint64_t) in[3]) << 24; + return result; +} + +void +fe_frombytes(fe h, const unsigned char *s) +{ + uint64_t h0 = load_4(s); + uint64_t h1 = load_3(s + 4) << 6; + uint64_t h2 = load_3(s + 7) << 5; + uint64_t h3 = load_3(s + 10) << 3; + uint64_t h4 = load_3(s + 13) << 2; + uint64_t h5 = load_4(s + 16); + uint64_t h6 = load_3(s + 20) << 7; + uint64_t h7 = load_3(s + 23) << 5; + uint64_t h8 = load_3(s + 26) << 4; + uint64_t h9 = (load_3(s + 29) & 8388607) << 2; + uint64_t carry0; + uint64_t carry1; + uint64_t carry2; + uint64_t carry3; + uint64_t carry4; + uint64_t carry5; + uint64_t carry6; + uint64_t carry7; + uint64_t carry8; + uint64_t carry9; + + carry9 = h9 >> 25; h0 += carry9 * 19; h9 &= 0x1FFFFFF; + carry1 = h1 >> 25; h2 += carry1; h1 &= 0x1FFFFFF; + carry3 = h3 >> 25; h4 += carry3; h3 &= 0x1FFFFFF; + carry5 = h5 >> 25; h6 += carry5; h5 &= 0x1FFFFFF; + carry7 = h7 >> 25; h8 += carry7; h7 &= 0x1FFFFFF; + + carry0 = h0 >> 26; h1 += carry0; h0 &= 0x3FFFFFF; + carry2 = h2 >> 26; h3 += carry2; h2 &= 0x3FFFFFF; + carry4 = h4 >> 26; h5 += carry4; h4 &= 0x3FFFFFF; + carry6 = h6 >> 26; h7 += carry6; h6 &= 0x3FFFFFF; + carry8 = h8 >> 26; h9 += carry8; h8 &= 0x3FFFFFF; + + h[0] = h0; + h[1] = h1; + h[2] = h2; + h[3] = h3; + h[4] = h4; + h[5] = h5; + h[6] = h6; + h[7] = h7; + h[8] = h8; + h[9] = h9; +} + +#endif + +int fe_frombytes_sandy2x_link_warning_dummy = 0; diff --git a/sodium/sodium_sandy2x_ladder.S b/sodium/sodium_sandy2x_ladder.S new file mode 100644 index 00000000..c93a85f8 --- /dev/null +++ b/sodium/sodium_sandy2x_ladder.S @@ -0,0 +1,1442 @@ +#ifdef IN_SANDY2X + +#include "sodium_sandy2x_ladder_namespace.h" +#include "sodium_sandy2x_consts_namespace.h" +.p2align 5 + +#ifdef ASM_HIDE_SYMBOL +ASM_HIDE_SYMBOL ladder +ASM_HIDE_SYMBOL _ladder +#endif +.globl ladder +.globl _ladder +#ifdef __ELF__ +.type ladder, @function +.type _ladder, @function +#endif +ladder: +_ladder: + +mov %rsp,%r11 +and $31,%r11 +add $1856,%r11 +sub %r11,%rsp +movq %r11,1824(%rsp) +movq %r12,1832(%rsp) +movq %r13,1840(%rsp) +movq %r14,1848(%rsp) +vmovdqa v0_0(%rip),%xmm0 +vmovdqa v1_0(%rip),%xmm1 +vmovdqu 0(%rdi),%xmm2 +vmovdqa %xmm2,0(%rsp) +vmovdqu 16(%rdi),%xmm2 +vmovdqa %xmm2,16(%rsp) +vmovdqu 32(%rdi),%xmm2 +vmovdqa %xmm2,32(%rsp) +vmovdqu 48(%rdi),%xmm2 +vmovdqa %xmm2,48(%rsp) +vmovdqu 64(%rdi),%xmm2 +vmovdqa %xmm2,64(%rsp) +vmovdqa %xmm1,80(%rsp) +vmovdqa %xmm0,96(%rsp) +vmovdqa %xmm0,112(%rsp) +vmovdqa %xmm0,128(%rsp) +vmovdqa %xmm0,144(%rsp) +vmovdqa %xmm1,%xmm0 +vpxor %xmm1,%xmm1,%xmm1 +vpxor %xmm2,%xmm2,%xmm2 +vpxor %xmm3,%xmm3,%xmm3 +vpxor %xmm4,%xmm4,%xmm4 +vpxor %xmm5,%xmm5,%xmm5 +vpxor %xmm6,%xmm6,%xmm6 +vpxor %xmm7,%xmm7,%xmm7 +vpxor %xmm8,%xmm8,%xmm8 +vpxor %xmm9,%xmm9,%xmm9 +vmovdqu 0(%rdi),%xmm10 +vmovdqa %xmm10,160(%rsp) +vmovdqu 16(%rdi),%xmm10 +vmovdqa %xmm10,176(%rsp) +vpmuludq v19_19(%rip),%xmm10,%xmm10 +vmovdqa %xmm10,192(%rsp) +vmovdqu 32(%rdi),%xmm10 +vmovdqa %xmm10,208(%rsp) +vpmuludq v19_19(%rip),%xmm10,%xmm10 +vmovdqa %xmm10,224(%rsp) +vmovdqu 48(%rdi),%xmm10 +vmovdqa %xmm10,240(%rsp) +vpmuludq v19_19(%rip),%xmm10,%xmm10 +vmovdqa %xmm10,256(%rsp) +vmovdqu 64(%rdi),%xmm10 +vmovdqa %xmm10,272(%rsp) +vpmuludq v19_19(%rip),%xmm10,%xmm10 +vmovdqa %xmm10,288(%rsp) +vmovdqu 8(%rdi),%xmm10 +vpmuludq v2_1(%rip),%xmm10,%xmm10 +vmovdqa %xmm10,304(%rsp) +vpmuludq v19_19(%rip),%xmm10,%xmm10 +vmovdqa %xmm10,320(%rsp) +vmovdqu 24(%rdi),%xmm10 +vpmuludq v2_1(%rip),%xmm10,%xmm10 +vmovdqa %xmm10,336(%rsp) +vpmuludq v19_19(%rip),%xmm10,%xmm10 +vmovdqa %xmm10,352(%rsp) +vmovdqu 40(%rdi),%xmm10 +vpmuludq v2_1(%rip),%xmm10,%xmm10 +vmovdqa %xmm10,368(%rsp) +vpmuludq v19_19(%rip),%xmm10,%xmm10 +vmovdqa %xmm10,384(%rsp) +vmovdqu 56(%rdi),%xmm10 +vpmuludq v2_1(%rip),%xmm10,%xmm10 +vmovdqa %xmm10,400(%rsp) +vpmuludq v19_19(%rip),%xmm10,%xmm10 +vmovdqa %xmm10,416(%rsp) +vmovdqu 0(%rdi),%xmm10 +vmovdqu 64(%rdi),%xmm11 +vblendps $12, %xmm11, %xmm10, %xmm10 +vpshufd $2,%xmm10,%xmm10 +vpmuludq v38_1(%rip),%xmm10,%xmm10 +vmovdqa %xmm10,432(%rsp) +movq 0(%rsi),%rdx +movq 8(%rsi),%rcx +movq 16(%rsi),%r8 +movq 24(%rsi),%r9 +shrd $1,%rcx,%rdx +shrd $1,%r8,%rcx +shrd $1,%r9,%r8 +shr $1,%r9 +xorq 0(%rsi),%rdx +xorq 8(%rsi),%rcx +xorq 16(%rsi),%r8 +xorq 24(%rsi),%r9 +leaq 800(%rsp),%rsi +mov $64,%rax + +.p2align 4 +._ladder_small_loop: +mov %rdx,%r10 +mov %rcx,%r11 +mov %r8,%r12 +mov %r9,%r13 +shr $1,%rdx +shr $1,%rcx +shr $1,%r8 +shr $1,%r9 +and $1,%r10d +and $1,%r11d +and $1,%r12d +and $1,%r13d +neg %r10 +neg %r11 +neg %r12 +neg %r13 +movl %r10d,0(%rsi) +movl %r11d,256(%rsi) +movl %r12d,512(%rsi) +movl %r13d,768(%rsi) +add $4,%rsi +sub $1,%rax +jne ._ladder_small_loop +mov $255,%rdx +add $760,%rsi + +.p2align 4 +._ladder_loop: +sub $1,%rdx +vbroadcastss 0(%rsi),%xmm10 +sub $4,%rsi +vmovdqa 0(%rsp),%xmm11 +vmovdqa 80(%rsp),%xmm12 +vpxor %xmm11,%xmm0,%xmm13 +vpand %xmm10,%xmm13,%xmm13 +vpxor %xmm13,%xmm0,%xmm0 +vpxor %xmm13,%xmm11,%xmm11 +vpxor %xmm12,%xmm1,%xmm13 +vpand %xmm10,%xmm13,%xmm13 +vpxor %xmm13,%xmm1,%xmm1 +vpxor %xmm13,%xmm12,%xmm12 +vmovdqa 16(%rsp),%xmm13 +vmovdqa 96(%rsp),%xmm14 +vpxor %xmm13,%xmm2,%xmm15 +vpand %xmm10,%xmm15,%xmm15 +vpxor %xmm15,%xmm2,%xmm2 +vpxor %xmm15,%xmm13,%xmm13 +vpxor %xmm14,%xmm3,%xmm15 +vpand %xmm10,%xmm15,%xmm15 +vpxor %xmm15,%xmm3,%xmm3 +vpxor %xmm15,%xmm14,%xmm14 +vmovdqa %xmm13,0(%rsp) +vmovdqa %xmm14,16(%rsp) +vmovdqa 32(%rsp),%xmm13 +vmovdqa 112(%rsp),%xmm14 +vpxor %xmm13,%xmm4,%xmm15 +vpand %xmm10,%xmm15,%xmm15 +vpxor %xmm15,%xmm4,%xmm4 +vpxor %xmm15,%xmm13,%xmm13 +vpxor %xmm14,%xmm5,%xmm15 +vpand %xmm10,%xmm15,%xmm15 +vpxor %xmm15,%xmm5,%xmm5 +vpxor %xmm15,%xmm14,%xmm14 +vmovdqa %xmm13,32(%rsp) +vmovdqa %xmm14,80(%rsp) +vmovdqa 48(%rsp),%xmm13 +vmovdqa 128(%rsp),%xmm14 +vpxor %xmm13,%xmm6,%xmm15 +vpand %xmm10,%xmm15,%xmm15 +vpxor %xmm15,%xmm6,%xmm6 +vpxor %xmm15,%xmm13,%xmm13 +vpxor %xmm14,%xmm7,%xmm15 +vpand %xmm10,%xmm15,%xmm15 +vpxor %xmm15,%xmm7,%xmm7 +vpxor %xmm15,%xmm14,%xmm14 +vmovdqa %xmm13,48(%rsp) +vmovdqa %xmm14,96(%rsp) +vmovdqa 64(%rsp),%xmm13 +vmovdqa 144(%rsp),%xmm14 +vpxor %xmm13,%xmm8,%xmm15 +vpand %xmm10,%xmm15,%xmm15 +vpxor %xmm15,%xmm8,%xmm8 +vpxor %xmm15,%xmm13,%xmm13 +vpxor %xmm14,%xmm9,%xmm15 +vpand %xmm10,%xmm15,%xmm15 +vpxor %xmm15,%xmm9,%xmm9 +vpxor %xmm15,%xmm14,%xmm14 +vmovdqa %xmm13,64(%rsp) +vmovdqa %xmm14,112(%rsp) +vpaddq subc0(%rip),%xmm11,%xmm10 +vpsubq %xmm12,%xmm10,%xmm10 +vpaddq %xmm12,%xmm11,%xmm11 +vpunpckhqdq %xmm10,%xmm11,%xmm12 +vpunpcklqdq %xmm10,%xmm11,%xmm10 +vpaddq %xmm1,%xmm0,%xmm11 +vpaddq subc0(%rip),%xmm0,%xmm0 +vpsubq %xmm1,%xmm0,%xmm0 +vpunpckhqdq %xmm11,%xmm0,%xmm1 +vpunpcklqdq %xmm11,%xmm0,%xmm0 +vpmuludq %xmm0,%xmm10,%xmm11 +vpmuludq %xmm1,%xmm10,%xmm13 +vmovdqa %xmm1,128(%rsp) +vpaddq %xmm1,%xmm1,%xmm1 +vpmuludq %xmm0,%xmm12,%xmm14 +vmovdqa %xmm0,144(%rsp) +vpaddq %xmm14,%xmm13,%xmm13 +vpmuludq %xmm1,%xmm12,%xmm0 +vmovdqa %xmm1,448(%rsp) +vpaddq %xmm3,%xmm2,%xmm1 +vpaddq subc2(%rip),%xmm2,%xmm2 +vpsubq %xmm3,%xmm2,%xmm2 +vpunpckhqdq %xmm1,%xmm2,%xmm3 +vpunpcklqdq %xmm1,%xmm2,%xmm1 +vpmuludq %xmm1,%xmm10,%xmm2 +vpaddq %xmm2,%xmm0,%xmm0 +vpmuludq %xmm3,%xmm10,%xmm2 +vmovdqa %xmm3,464(%rsp) +vpaddq %xmm3,%xmm3,%xmm3 +vpmuludq %xmm1,%xmm12,%xmm14 +vmovdqa %xmm1,480(%rsp) +vpaddq %xmm14,%xmm2,%xmm2 +vpmuludq %xmm3,%xmm12,%xmm1 +vmovdqa %xmm3,496(%rsp) +vpaddq %xmm5,%xmm4,%xmm3 +vpaddq subc2(%rip),%xmm4,%xmm4 +vpsubq %xmm5,%xmm4,%xmm4 +vpunpckhqdq %xmm3,%xmm4,%xmm5 +vpunpcklqdq %xmm3,%xmm4,%xmm3 +vpmuludq %xmm3,%xmm10,%xmm4 +vpaddq %xmm4,%xmm1,%xmm1 +vpmuludq %xmm5,%xmm10,%xmm4 +vmovdqa %xmm5,512(%rsp) +vpaddq %xmm5,%xmm5,%xmm5 +vpmuludq %xmm3,%xmm12,%xmm14 +vmovdqa %xmm3,528(%rsp) +vpaddq %xmm14,%xmm4,%xmm4 +vpaddq %xmm7,%xmm6,%xmm3 +vpaddq subc2(%rip),%xmm6,%xmm6 +vpsubq %xmm7,%xmm6,%xmm6 +vpunpckhqdq %xmm3,%xmm6,%xmm7 +vpunpcklqdq %xmm3,%xmm6,%xmm3 +vpmuludq %xmm3,%xmm10,%xmm6 +vpmuludq %xmm5,%xmm12,%xmm14 +vmovdqa %xmm5,544(%rsp) +vpmuludq v19_19(%rip),%xmm5,%xmm5 +vmovdqa %xmm5,560(%rsp) +vpaddq %xmm14,%xmm6,%xmm6 +vpmuludq %xmm7,%xmm10,%xmm5 +vmovdqa %xmm7,576(%rsp) +vpaddq %xmm7,%xmm7,%xmm7 +vpmuludq %xmm3,%xmm12,%xmm14 +vmovdqa %xmm3,592(%rsp) +vpaddq %xmm14,%xmm5,%xmm5 +vpmuludq v19_19(%rip),%xmm3,%xmm3 +vmovdqa %xmm3,608(%rsp) +vpaddq %xmm9,%xmm8,%xmm3 +vpaddq subc2(%rip),%xmm8,%xmm8 +vpsubq %xmm9,%xmm8,%xmm8 +vpunpckhqdq %xmm3,%xmm8,%xmm9 +vpunpcklqdq %xmm3,%xmm8,%xmm3 +vmovdqa %xmm3,624(%rsp) +vpmuludq %xmm7,%xmm12,%xmm8 +vmovdqa %xmm7,640(%rsp) +vpmuludq v19_19(%rip),%xmm7,%xmm7 +vmovdqa %xmm7,656(%rsp) +vpmuludq %xmm3,%xmm10,%xmm7 +vpaddq %xmm7,%xmm8,%xmm8 +vpmuludq %xmm9,%xmm10,%xmm7 +vmovdqa %xmm9,672(%rsp) +vpaddq %xmm9,%xmm9,%xmm9 +vpmuludq %xmm3,%xmm12,%xmm10 +vpaddq %xmm10,%xmm7,%xmm7 +vpmuludq v19_19(%rip),%xmm3,%xmm3 +vmovdqa %xmm3,688(%rsp) +vpmuludq v19_19(%rip),%xmm12,%xmm12 +vpmuludq %xmm9,%xmm12,%xmm3 +vmovdqa %xmm9,704(%rsp) +vpaddq %xmm3,%xmm11,%xmm11 +vmovdqa 0(%rsp),%xmm3 +vmovdqa 16(%rsp),%xmm9 +vpaddq subc2(%rip),%xmm3,%xmm10 +vpsubq %xmm9,%xmm10,%xmm10 +vpaddq %xmm9,%xmm3,%xmm3 +vpunpckhqdq %xmm10,%xmm3,%xmm9 +vpunpcklqdq %xmm10,%xmm3,%xmm3 +vpmuludq 144(%rsp),%xmm3,%xmm10 +vpaddq %xmm10,%xmm0,%xmm0 +vpmuludq 128(%rsp),%xmm3,%xmm10 +vpaddq %xmm10,%xmm2,%xmm2 +vpmuludq 480(%rsp),%xmm3,%xmm10 +vpaddq %xmm10,%xmm1,%xmm1 +vpmuludq 464(%rsp),%xmm3,%xmm10 +vpaddq %xmm10,%xmm4,%xmm4 +vpmuludq 528(%rsp),%xmm3,%xmm10 +vpaddq %xmm10,%xmm6,%xmm6 +vpmuludq 512(%rsp),%xmm3,%xmm10 +vpaddq %xmm10,%xmm5,%xmm5 +vpmuludq 592(%rsp),%xmm3,%xmm10 +vpaddq %xmm10,%xmm8,%xmm8 +vpmuludq 576(%rsp),%xmm3,%xmm10 +vpaddq %xmm10,%xmm7,%xmm7 +vpmuludq v19_19(%rip),%xmm3,%xmm3 +vpmuludq 624(%rsp),%xmm3,%xmm10 +vpaddq %xmm10,%xmm11,%xmm11 +vpmuludq 672(%rsp),%xmm3,%xmm3 +vpaddq %xmm3,%xmm13,%xmm13 +vpmuludq 144(%rsp),%xmm9,%xmm3 +vpaddq %xmm3,%xmm2,%xmm2 +vpmuludq 448(%rsp),%xmm9,%xmm3 +vpaddq %xmm3,%xmm1,%xmm1 +vpmuludq 480(%rsp),%xmm9,%xmm3 +vpaddq %xmm3,%xmm4,%xmm4 +vpmuludq 496(%rsp),%xmm9,%xmm3 +vpaddq %xmm3,%xmm6,%xmm6 +vpmuludq 528(%rsp),%xmm9,%xmm3 +vpaddq %xmm3,%xmm5,%xmm5 +vpmuludq 544(%rsp),%xmm9,%xmm3 +vpaddq %xmm3,%xmm8,%xmm8 +vpmuludq 592(%rsp),%xmm9,%xmm3 +vpaddq %xmm3,%xmm7,%xmm7 +vpmuludq v19_19(%rip),%xmm9,%xmm9 +vpmuludq 640(%rsp),%xmm9,%xmm3 +vpaddq %xmm3,%xmm11,%xmm11 +vpmuludq 624(%rsp),%xmm9,%xmm3 +vpaddq %xmm3,%xmm13,%xmm13 +vpmuludq 704(%rsp),%xmm9,%xmm9 +vpaddq %xmm9,%xmm0,%xmm0 +vmovdqa 32(%rsp),%xmm3 +vmovdqa 80(%rsp),%xmm9 +vpaddq subc2(%rip),%xmm3,%xmm10 +vpsubq %xmm9,%xmm10,%xmm10 +vpaddq %xmm9,%xmm3,%xmm3 +vpunpckhqdq %xmm10,%xmm3,%xmm9 +vpunpcklqdq %xmm10,%xmm3,%xmm3 +vpmuludq 144(%rsp),%xmm3,%xmm10 +vpaddq %xmm10,%xmm1,%xmm1 +vpmuludq 128(%rsp),%xmm3,%xmm10 +vpaddq %xmm10,%xmm4,%xmm4 +vpmuludq 480(%rsp),%xmm3,%xmm10 +vpaddq %xmm10,%xmm6,%xmm6 +vpmuludq 464(%rsp),%xmm3,%xmm10 +vpaddq %xmm10,%xmm5,%xmm5 +vpmuludq 528(%rsp),%xmm3,%xmm10 +vpaddq %xmm10,%xmm8,%xmm8 +vpmuludq 512(%rsp),%xmm3,%xmm10 +vpaddq %xmm10,%xmm7,%xmm7 +vpmuludq v19_19(%rip),%xmm3,%xmm3 +vpmuludq 592(%rsp),%xmm3,%xmm10 +vpaddq %xmm10,%xmm11,%xmm11 +vpmuludq 576(%rsp),%xmm3,%xmm10 +vpaddq %xmm10,%xmm13,%xmm13 +vpmuludq 624(%rsp),%xmm3,%xmm10 +vpaddq %xmm10,%xmm0,%xmm0 +vpmuludq 672(%rsp),%xmm3,%xmm3 +vpaddq %xmm3,%xmm2,%xmm2 +vpmuludq 144(%rsp),%xmm9,%xmm3 +vpaddq %xmm3,%xmm4,%xmm4 +vpmuludq 448(%rsp),%xmm9,%xmm3 +vpaddq %xmm3,%xmm6,%xmm6 +vpmuludq 480(%rsp),%xmm9,%xmm3 +vpaddq %xmm3,%xmm5,%xmm5 +vpmuludq 496(%rsp),%xmm9,%xmm3 +vpaddq %xmm3,%xmm8,%xmm8 +vpmuludq 528(%rsp),%xmm9,%xmm3 +vpaddq %xmm3,%xmm7,%xmm7 +vpmuludq v19_19(%rip),%xmm9,%xmm9 +vpmuludq 544(%rsp),%xmm9,%xmm3 +vpaddq %xmm3,%xmm11,%xmm11 +vpmuludq 592(%rsp),%xmm9,%xmm3 +vpaddq %xmm3,%xmm13,%xmm13 +vpmuludq 640(%rsp),%xmm9,%xmm3 +vpaddq %xmm3,%xmm0,%xmm0 +vpmuludq 624(%rsp),%xmm9,%xmm3 +vpaddq %xmm3,%xmm2,%xmm2 +vpmuludq 704(%rsp),%xmm9,%xmm9 +vpaddq %xmm9,%xmm1,%xmm1 +vmovdqa 48(%rsp),%xmm3 +vmovdqa 96(%rsp),%xmm9 +vpaddq subc2(%rip),%xmm3,%xmm10 +vpsubq %xmm9,%xmm10,%xmm10 +vpaddq %xmm9,%xmm3,%xmm3 +vpunpckhqdq %xmm10,%xmm3,%xmm9 +vpunpcklqdq %xmm10,%xmm3,%xmm3 +vpmuludq 144(%rsp),%xmm3,%xmm10 +vpaddq %xmm10,%xmm6,%xmm6 +vpmuludq 128(%rsp),%xmm3,%xmm10 +vpaddq %xmm10,%xmm5,%xmm5 +vpmuludq 480(%rsp),%xmm3,%xmm10 +vpaddq %xmm10,%xmm8,%xmm8 +vpmuludq 464(%rsp),%xmm3,%xmm10 +vpaddq %xmm10,%xmm7,%xmm7 +vpmuludq v19_19(%rip),%xmm3,%xmm3 +vpmuludq 528(%rsp),%xmm3,%xmm10 +vpaddq %xmm10,%xmm11,%xmm11 +vpmuludq 512(%rsp),%xmm3,%xmm10 +vpaddq %xmm10,%xmm13,%xmm13 +vpmuludq 592(%rsp),%xmm3,%xmm10 +vpaddq %xmm10,%xmm0,%xmm0 +vpmuludq 576(%rsp),%xmm3,%xmm10 +vpaddq %xmm10,%xmm2,%xmm2 +vpmuludq 624(%rsp),%xmm3,%xmm10 +vpaddq %xmm10,%xmm1,%xmm1 +vpmuludq 672(%rsp),%xmm3,%xmm3 +vpaddq %xmm3,%xmm4,%xmm4 +vpmuludq 144(%rsp),%xmm9,%xmm3 +vpaddq %xmm3,%xmm5,%xmm5 +vpmuludq 448(%rsp),%xmm9,%xmm3 +vpaddq %xmm3,%xmm8,%xmm8 +vpmuludq 480(%rsp),%xmm9,%xmm3 +vpaddq %xmm3,%xmm7,%xmm7 +vpmuludq v19_19(%rip),%xmm9,%xmm9 +vpmuludq 496(%rsp),%xmm9,%xmm3 +vpaddq %xmm3,%xmm11,%xmm11 +vpmuludq 528(%rsp),%xmm9,%xmm3 +vpaddq %xmm3,%xmm13,%xmm13 +vpmuludq 544(%rsp),%xmm9,%xmm3 +vpaddq %xmm3,%xmm0,%xmm0 +vpmuludq 592(%rsp),%xmm9,%xmm3 +vpaddq %xmm3,%xmm2,%xmm2 +vpmuludq 640(%rsp),%xmm9,%xmm3 +vpaddq %xmm3,%xmm1,%xmm1 +vpmuludq 624(%rsp),%xmm9,%xmm3 +vpaddq %xmm3,%xmm4,%xmm4 +vpmuludq 704(%rsp),%xmm9,%xmm9 +vpaddq %xmm9,%xmm6,%xmm6 +vmovdqa 64(%rsp),%xmm3 +vmovdqa 112(%rsp),%xmm9 +vpaddq subc2(%rip),%xmm3,%xmm10 +vpsubq %xmm9,%xmm10,%xmm10 +vpaddq %xmm9,%xmm3,%xmm3 +vpunpckhqdq %xmm10,%xmm3,%xmm9 +vpunpcklqdq %xmm10,%xmm3,%xmm3 +vpmuludq 144(%rsp),%xmm3,%xmm10 +vpaddq %xmm10,%xmm8,%xmm8 +vpmuludq 128(%rsp),%xmm3,%xmm10 +vpaddq %xmm10,%xmm7,%xmm7 +vpmuludq v19_19(%rip),%xmm3,%xmm3 +vpmuludq 480(%rsp),%xmm3,%xmm10 +vpaddq %xmm10,%xmm11,%xmm11 +vpmuludq 464(%rsp),%xmm3,%xmm10 +vpaddq %xmm10,%xmm13,%xmm13 +vpmuludq 528(%rsp),%xmm3,%xmm10 +vpaddq %xmm10,%xmm0,%xmm0 +vpmuludq 512(%rsp),%xmm3,%xmm10 +vpaddq %xmm10,%xmm2,%xmm2 +vpmuludq 592(%rsp),%xmm3,%xmm10 +vpaddq %xmm10,%xmm1,%xmm1 +vpmuludq 576(%rsp),%xmm3,%xmm10 +vpaddq %xmm10,%xmm4,%xmm4 +vpmuludq 624(%rsp),%xmm3,%xmm10 +vpaddq %xmm10,%xmm6,%xmm6 +vpmuludq 672(%rsp),%xmm3,%xmm3 +vpaddq %xmm3,%xmm5,%xmm5 +vpmuludq 144(%rsp),%xmm9,%xmm3 +vpaddq %xmm3,%xmm7,%xmm7 +vpmuludq v19_19(%rip),%xmm9,%xmm9 +vpmuludq 448(%rsp),%xmm9,%xmm3 +vpaddq %xmm3,%xmm11,%xmm11 +vpmuludq 480(%rsp),%xmm9,%xmm3 +vpaddq %xmm3,%xmm13,%xmm13 +vpmuludq 496(%rsp),%xmm9,%xmm3 +vpaddq %xmm3,%xmm0,%xmm0 +vpmuludq 528(%rsp),%xmm9,%xmm3 +vpaddq %xmm3,%xmm2,%xmm2 +vpmuludq 544(%rsp),%xmm9,%xmm3 +vpaddq %xmm3,%xmm1,%xmm1 +vpmuludq 592(%rsp),%xmm9,%xmm3 +vpaddq %xmm3,%xmm4,%xmm4 +vpmuludq 640(%rsp),%xmm9,%xmm3 +vpaddq %xmm3,%xmm6,%xmm6 +vpmuludq 624(%rsp),%xmm9,%xmm3 +vpaddq %xmm3,%xmm5,%xmm5 +vpmuludq 704(%rsp),%xmm9,%xmm9 +vpaddq %xmm9,%xmm8,%xmm8 +vpsrlq $25,%xmm4,%xmm3 +vpaddq %xmm3,%xmm6,%xmm6 +vpand m25(%rip),%xmm4,%xmm4 +vpsrlq $26,%xmm11,%xmm3 +vpaddq %xmm3,%xmm13,%xmm13 +vpand m26(%rip),%xmm11,%xmm11 +vpsrlq $26,%xmm6,%xmm3 +vpaddq %xmm3,%xmm5,%xmm5 +vpand m26(%rip),%xmm6,%xmm6 +vpsrlq $25,%xmm13,%xmm3 +vpaddq %xmm3,%xmm0,%xmm0 +vpand m25(%rip),%xmm13,%xmm13 +vpsrlq $25,%xmm5,%xmm3 +vpaddq %xmm3,%xmm8,%xmm8 +vpand m25(%rip),%xmm5,%xmm5 +vpsrlq $26,%xmm0,%xmm3 +vpaddq %xmm3,%xmm2,%xmm2 +vpand m26(%rip),%xmm0,%xmm0 +vpsrlq $26,%xmm8,%xmm3 +vpaddq %xmm3,%xmm7,%xmm7 +vpand m26(%rip),%xmm8,%xmm8 +vpsrlq $25,%xmm2,%xmm3 +vpaddq %xmm3,%xmm1,%xmm1 +vpand m25(%rip),%xmm2,%xmm2 +vpsrlq $25,%xmm7,%xmm3 +vpsllq $4,%xmm3,%xmm9 +vpaddq %xmm3,%xmm11,%xmm11 +vpsllq $1,%xmm3,%xmm3 +vpaddq %xmm3,%xmm9,%xmm9 +vpaddq %xmm9,%xmm11,%xmm11 +vpand m25(%rip),%xmm7,%xmm7 +vpsrlq $26,%xmm1,%xmm3 +vpaddq %xmm3,%xmm4,%xmm4 +vpand m26(%rip),%xmm1,%xmm1 +vpsrlq $26,%xmm11,%xmm3 +vpaddq %xmm3,%xmm13,%xmm13 +vpand m26(%rip),%xmm11,%xmm11 +vpsrlq $25,%xmm4,%xmm3 +vpaddq %xmm3,%xmm6,%xmm6 +vpand m25(%rip),%xmm4,%xmm4 +vpunpcklqdq %xmm13,%xmm11,%xmm3 +vpunpckhqdq %xmm13,%xmm11,%xmm9 +vpaddq subc0(%rip),%xmm9,%xmm10 +vpsubq %xmm3,%xmm10,%xmm10 +vpaddq %xmm9,%xmm3,%xmm3 +vpunpckhqdq %xmm3,%xmm10,%xmm9 +vpunpcklqdq %xmm3,%xmm10,%xmm10 +vpmuludq %xmm10,%xmm10,%xmm3 +vpaddq %xmm10,%xmm10,%xmm10 +vpmuludq %xmm9,%xmm10,%xmm11 +vpunpcklqdq %xmm2,%xmm0,%xmm12 +vpunpckhqdq %xmm2,%xmm0,%xmm0 +vpaddq subc2(%rip),%xmm0,%xmm2 +vpsubq %xmm12,%xmm2,%xmm2 +vpaddq %xmm0,%xmm12,%xmm12 +vpunpckhqdq %xmm12,%xmm2,%xmm0 +vpunpcklqdq %xmm12,%xmm2,%xmm2 +vpmuludq %xmm2,%xmm10,%xmm12 +vpaddq %xmm9,%xmm9,%xmm13 +vpmuludq %xmm13,%xmm9,%xmm9 +vpaddq %xmm9,%xmm12,%xmm12 +vpmuludq %xmm0,%xmm10,%xmm9 +vpmuludq %xmm2,%xmm13,%xmm14 +vpaddq %xmm14,%xmm9,%xmm9 +vpunpcklqdq %xmm4,%xmm1,%xmm14 +vpunpckhqdq %xmm4,%xmm1,%xmm1 +vpaddq subc2(%rip),%xmm1,%xmm4 +vpsubq %xmm14,%xmm4,%xmm4 +vpaddq %xmm1,%xmm14,%xmm14 +vpunpckhqdq %xmm14,%xmm4,%xmm1 +vpunpcklqdq %xmm14,%xmm4,%xmm4 +vmovdqa %xmm1,0(%rsp) +vpaddq %xmm1,%xmm1,%xmm1 +vmovdqa %xmm1,16(%rsp) +vpmuludq v19_19(%rip),%xmm1,%xmm1 +vmovdqa %xmm1,32(%rsp) +vpmuludq %xmm4,%xmm10,%xmm1 +vpmuludq %xmm2,%xmm2,%xmm14 +vpaddq %xmm14,%xmm1,%xmm1 +vpmuludq 0(%rsp),%xmm10,%xmm14 +vpmuludq %xmm4,%xmm13,%xmm15 +vpaddq %xmm15,%xmm14,%xmm14 +vpunpcklqdq %xmm5,%xmm6,%xmm15 +vpunpckhqdq %xmm5,%xmm6,%xmm5 +vpaddq subc2(%rip),%xmm5,%xmm6 +vpsubq %xmm15,%xmm6,%xmm6 +vpaddq %xmm5,%xmm15,%xmm15 +vpunpckhqdq %xmm15,%xmm6,%xmm5 +vpunpcklqdq %xmm15,%xmm6,%xmm6 +vmovdqa %xmm6,48(%rsp) +vpmuludq v19_19(%rip),%xmm6,%xmm6 +vmovdqa %xmm6,64(%rsp) +vmovdqa %xmm5,80(%rsp) +vpmuludq v38_38(%rip),%xmm5,%xmm5 +vmovdqa %xmm5,96(%rsp) +vpmuludq 48(%rsp),%xmm10,%xmm5 +vpaddq %xmm0,%xmm0,%xmm6 +vpmuludq %xmm6,%xmm0,%xmm0 +vpaddq %xmm0,%xmm5,%xmm5 +vpmuludq 80(%rsp),%xmm10,%xmm0 +vpmuludq %xmm4,%xmm6,%xmm15 +vpaddq %xmm15,%xmm0,%xmm0 +vpmuludq %xmm6,%xmm13,%xmm15 +vpaddq %xmm15,%xmm1,%xmm1 +vpmuludq %xmm6,%xmm2,%xmm15 +vpaddq %xmm15,%xmm14,%xmm14 +vpunpcklqdq %xmm7,%xmm8,%xmm15 +vpunpckhqdq %xmm7,%xmm8,%xmm7 +vpaddq subc2(%rip),%xmm7,%xmm8 +vpsubq %xmm15,%xmm8,%xmm8 +vpaddq %xmm7,%xmm15,%xmm15 +vpunpckhqdq %xmm15,%xmm8,%xmm7 +vpunpcklqdq %xmm15,%xmm8,%xmm8 +vmovdqa %xmm8,112(%rsp) +vpmuludq v19_19(%rip),%xmm8,%xmm8 +vmovdqa %xmm8,448(%rsp) +vpmuludq 112(%rsp),%xmm10,%xmm8 +vpmuludq %xmm7,%xmm10,%xmm10 +vpmuludq v38_38(%rip),%xmm7,%xmm15 +vpmuludq %xmm15,%xmm7,%xmm7 +vpaddq %xmm7,%xmm8,%xmm8 +vpmuludq %xmm15,%xmm13,%xmm7 +vpaddq %xmm7,%xmm3,%xmm3 +vpmuludq %xmm15,%xmm2,%xmm7 +vpaddq %xmm7,%xmm11,%xmm11 +vpmuludq 80(%rsp),%xmm13,%xmm7 +vpaddq %xmm7,%xmm7,%xmm7 +vpaddq %xmm7,%xmm8,%xmm8 +vpmuludq 16(%rsp),%xmm13,%xmm7 +vpaddq %xmm7,%xmm5,%xmm5 +vpmuludq 48(%rsp),%xmm13,%xmm7 +vpaddq %xmm7,%xmm0,%xmm0 +vpmuludq 112(%rsp),%xmm13,%xmm7 +vpaddq %xmm7,%xmm10,%xmm10 +vpmuludq %xmm15,%xmm6,%xmm7 +vpaddq %xmm7,%xmm12,%xmm12 +vpmuludq %xmm15,%xmm4,%xmm7 +vpaddq %xmm7,%xmm9,%xmm9 +vpaddq %xmm2,%xmm2,%xmm2 +vpmuludq %xmm4,%xmm2,%xmm7 +vpaddq %xmm7,%xmm5,%xmm5 +vpmuludq 448(%rsp),%xmm2,%xmm7 +vpaddq %xmm7,%xmm3,%xmm3 +vpmuludq 448(%rsp),%xmm6,%xmm7 +vpaddq %xmm7,%xmm11,%xmm11 +vpmuludq 0(%rsp),%xmm2,%xmm7 +vpaddq %xmm7,%xmm0,%xmm0 +vpmuludq 48(%rsp),%xmm2,%xmm7 +vpaddq %xmm7,%xmm8,%xmm8 +vpmuludq 80(%rsp),%xmm2,%xmm2 +vpaddq %xmm2,%xmm10,%xmm10 +vpmuludq 96(%rsp),%xmm4,%xmm2 +vpaddq %xmm2,%xmm11,%xmm11 +vpmuludq %xmm4,%xmm4,%xmm2 +vpaddq %xmm2,%xmm8,%xmm8 +vpaddq %xmm4,%xmm4,%xmm2 +vpmuludq 448(%rsp),%xmm2,%xmm4 +vpaddq %xmm4,%xmm12,%xmm12 +vpmuludq 16(%rsp),%xmm15,%xmm4 +vpaddq %xmm4,%xmm1,%xmm1 +vpmuludq 48(%rsp),%xmm15,%xmm4 +vpaddq %xmm4,%xmm14,%xmm14 +vpmuludq 96(%rsp),%xmm6,%xmm4 +vpaddq %xmm4,%xmm3,%xmm3 +vmovdqa 16(%rsp),%xmm4 +vpmuludq 448(%rsp),%xmm4,%xmm4 +vpaddq %xmm4,%xmm9,%xmm9 +vpmuludq 16(%rsp),%xmm6,%xmm4 +vpaddq %xmm4,%xmm8,%xmm8 +vpmuludq 48(%rsp),%xmm6,%xmm4 +vpaddq %xmm4,%xmm10,%xmm10 +vpmuludq 80(%rsp),%xmm15,%xmm4 +vpaddq %xmm4,%xmm4,%xmm4 +vpaddq %xmm4,%xmm5,%xmm5 +vpmuludq 112(%rsp),%xmm15,%xmm4 +vpaddq %xmm4,%xmm0,%xmm0 +vmovdqa 48(%rsp),%xmm4 +vpaddq %xmm4,%xmm4,%xmm4 +vpmuludq 448(%rsp),%xmm4,%xmm4 +vpaddq %xmm4,%xmm1,%xmm1 +vmovdqa 80(%rsp),%xmm4 +vpaddq %xmm4,%xmm4,%xmm4 +vpmuludq 448(%rsp),%xmm4,%xmm4 +vpaddq %xmm4,%xmm14,%xmm14 +vpmuludq 64(%rsp),%xmm2,%xmm4 +vpaddq %xmm4,%xmm3,%xmm3 +vmovdqa 16(%rsp),%xmm4 +vpmuludq 64(%rsp),%xmm4,%xmm4 +vpaddq %xmm4,%xmm11,%xmm11 +vmovdqa 16(%rsp),%xmm4 +vpmuludq 96(%rsp),%xmm4,%xmm4 +vpaddq %xmm4,%xmm12,%xmm12 +vmovdqa 48(%rsp),%xmm4 +vpmuludq 96(%rsp),%xmm4,%xmm4 +vpaddq %xmm4,%xmm9,%xmm9 +vpmuludq 0(%rsp),%xmm2,%xmm2 +vpaddq %xmm2,%xmm10,%xmm10 +vmovdqa 32(%rsp),%xmm2 +vpmuludq 0(%rsp),%xmm2,%xmm2 +vpaddq %xmm2,%xmm3,%xmm3 +vmovdqa 64(%rsp),%xmm2 +vpmuludq 48(%rsp),%xmm2,%xmm2 +vpaddq %xmm2,%xmm12,%xmm12 +vmovdqa 96(%rsp),%xmm2 +vpmuludq 80(%rsp),%xmm2,%xmm2 +vpaddq %xmm2,%xmm1,%xmm1 +vmovdqa 448(%rsp),%xmm2 +vpmuludq 112(%rsp),%xmm2,%xmm2 +vpaddq %xmm2,%xmm5,%xmm5 +vpsrlq $26,%xmm3,%xmm2 +vpaddq %xmm2,%xmm11,%xmm11 +vpand m26(%rip),%xmm3,%xmm3 +vpsrlq $25,%xmm14,%xmm2 +vpaddq %xmm2,%xmm5,%xmm5 +vpand m25(%rip),%xmm14,%xmm14 +vpsrlq $25,%xmm11,%xmm2 +vpaddq %xmm2,%xmm12,%xmm12 +vpand m25(%rip),%xmm11,%xmm11 +vpsrlq $26,%xmm5,%xmm2 +vpaddq %xmm2,%xmm0,%xmm0 +vpand m26(%rip),%xmm5,%xmm5 +vpsrlq $26,%xmm12,%xmm2 +vpaddq %xmm2,%xmm9,%xmm9 +vpand m26(%rip),%xmm12,%xmm12 +vpsrlq $25,%xmm0,%xmm2 +vpaddq %xmm2,%xmm8,%xmm8 +vpand m25(%rip),%xmm0,%xmm0 +vpsrlq $25,%xmm9,%xmm2 +vpaddq %xmm2,%xmm1,%xmm1 +vpand m25(%rip),%xmm9,%xmm9 +vpsrlq $26,%xmm8,%xmm2 +vpaddq %xmm2,%xmm10,%xmm10 +vpand m26(%rip),%xmm8,%xmm8 +vpsrlq $26,%xmm1,%xmm2 +vpaddq %xmm2,%xmm14,%xmm14 +vpand m26(%rip),%xmm1,%xmm1 +vpsrlq $25,%xmm10,%xmm2 +vpsllq $4,%xmm2,%xmm4 +vpaddq %xmm2,%xmm3,%xmm3 +vpsllq $1,%xmm2,%xmm2 +vpaddq %xmm2,%xmm4,%xmm4 +vpaddq %xmm4,%xmm3,%xmm3 +vpand m25(%rip),%xmm10,%xmm10 +vpsrlq $25,%xmm14,%xmm2 +vpaddq %xmm2,%xmm5,%xmm5 +vpand m25(%rip),%xmm14,%xmm14 +vpsrlq $26,%xmm3,%xmm2 +vpaddq %xmm2,%xmm11,%xmm11 +vpand m26(%rip),%xmm3,%xmm3 +vpunpckhqdq %xmm11,%xmm3,%xmm2 +vmovdqa %xmm2,0(%rsp) +vpshufd $0,%xmm3,%xmm2 +vpshufd $0,%xmm11,%xmm3 +vpmuludq 160(%rsp),%xmm2,%xmm4 +vpmuludq 432(%rsp),%xmm3,%xmm6 +vpaddq %xmm6,%xmm4,%xmm4 +vpmuludq 176(%rsp),%xmm2,%xmm6 +vpmuludq 304(%rsp),%xmm3,%xmm7 +vpaddq %xmm7,%xmm6,%xmm6 +vpmuludq 208(%rsp),%xmm2,%xmm7 +vpmuludq 336(%rsp),%xmm3,%xmm11 +vpaddq %xmm11,%xmm7,%xmm7 +vpmuludq 240(%rsp),%xmm2,%xmm11 +vpmuludq 368(%rsp),%xmm3,%xmm13 +vpaddq %xmm13,%xmm11,%xmm11 +vpmuludq 272(%rsp),%xmm2,%xmm2 +vpmuludq 400(%rsp),%xmm3,%xmm3 +vpaddq %xmm3,%xmm2,%xmm2 +vpunpckhqdq %xmm9,%xmm12,%xmm3 +vmovdqa %xmm3,16(%rsp) +vpshufd $0,%xmm12,%xmm3 +vpshufd $0,%xmm9,%xmm9 +vpmuludq 288(%rsp),%xmm3,%xmm12 +vpaddq %xmm12,%xmm4,%xmm4 +vpmuludq 416(%rsp),%xmm9,%xmm12 +vpaddq %xmm12,%xmm4,%xmm4 +vpmuludq 160(%rsp),%xmm3,%xmm12 +vpaddq %xmm12,%xmm6,%xmm6 +vpmuludq 432(%rsp),%xmm9,%xmm12 +vpaddq %xmm12,%xmm6,%xmm6 +vpmuludq 176(%rsp),%xmm3,%xmm12 +vpaddq %xmm12,%xmm7,%xmm7 +vpmuludq 304(%rsp),%xmm9,%xmm12 +vpaddq %xmm12,%xmm7,%xmm7 +vpmuludq 208(%rsp),%xmm3,%xmm12 +vpaddq %xmm12,%xmm11,%xmm11 +vpmuludq 336(%rsp),%xmm9,%xmm12 +vpaddq %xmm12,%xmm11,%xmm11 +vpmuludq 240(%rsp),%xmm3,%xmm3 +vpaddq %xmm3,%xmm2,%xmm2 +vpmuludq 368(%rsp),%xmm9,%xmm3 +vpaddq %xmm3,%xmm2,%xmm2 +vpunpckhqdq %xmm14,%xmm1,%xmm3 +vmovdqa %xmm3,32(%rsp) +vpshufd $0,%xmm1,%xmm1 +vpshufd $0,%xmm14,%xmm3 +vpmuludq 256(%rsp),%xmm1,%xmm9 +vpaddq %xmm9,%xmm4,%xmm4 +vpmuludq 384(%rsp),%xmm3,%xmm9 +vpaddq %xmm9,%xmm4,%xmm4 +vpmuludq 288(%rsp),%xmm1,%xmm9 +vpaddq %xmm9,%xmm6,%xmm6 +vpmuludq 416(%rsp),%xmm3,%xmm9 +vpaddq %xmm9,%xmm6,%xmm6 +vpmuludq 160(%rsp),%xmm1,%xmm9 +vpaddq %xmm9,%xmm7,%xmm7 +vpmuludq 432(%rsp),%xmm3,%xmm9 +vpaddq %xmm9,%xmm7,%xmm7 +vpmuludq 176(%rsp),%xmm1,%xmm9 +vpaddq %xmm9,%xmm11,%xmm11 +vpmuludq 304(%rsp),%xmm3,%xmm9 +vpaddq %xmm9,%xmm11,%xmm11 +vpmuludq 208(%rsp),%xmm1,%xmm1 +vpaddq %xmm1,%xmm2,%xmm2 +vpmuludq 336(%rsp),%xmm3,%xmm1 +vpaddq %xmm1,%xmm2,%xmm2 +vpunpckhqdq %xmm0,%xmm5,%xmm1 +vmovdqa %xmm1,48(%rsp) +vpshufd $0,%xmm5,%xmm1 +vpshufd $0,%xmm0,%xmm0 +vpmuludq 224(%rsp),%xmm1,%xmm3 +vpaddq %xmm3,%xmm4,%xmm4 +vpmuludq 352(%rsp),%xmm0,%xmm3 +vpaddq %xmm3,%xmm4,%xmm4 +vpmuludq 256(%rsp),%xmm1,%xmm3 +vpaddq %xmm3,%xmm6,%xmm6 +vpmuludq 384(%rsp),%xmm0,%xmm3 +vpaddq %xmm3,%xmm6,%xmm6 +vpmuludq 288(%rsp),%xmm1,%xmm3 +vpaddq %xmm3,%xmm7,%xmm7 +vpmuludq 416(%rsp),%xmm0,%xmm3 +vpaddq %xmm3,%xmm7,%xmm7 +vpmuludq 160(%rsp),%xmm1,%xmm3 +vpaddq %xmm3,%xmm11,%xmm11 +vpmuludq 432(%rsp),%xmm0,%xmm3 +vpaddq %xmm3,%xmm11,%xmm11 +vpmuludq 176(%rsp),%xmm1,%xmm1 +vpaddq %xmm1,%xmm2,%xmm2 +vpmuludq 304(%rsp),%xmm0,%xmm0 +vpaddq %xmm0,%xmm2,%xmm2 +vpunpckhqdq %xmm10,%xmm8,%xmm0 +vmovdqa %xmm0,64(%rsp) +vpshufd $0,%xmm8,%xmm0 +vpshufd $0,%xmm10,%xmm1 +vpmuludq 192(%rsp),%xmm0,%xmm3 +vpaddq %xmm3,%xmm4,%xmm4 +vpmuludq 320(%rsp),%xmm1,%xmm3 +vpaddq %xmm3,%xmm4,%xmm4 +vpmuludq 224(%rsp),%xmm0,%xmm3 +vpaddq %xmm3,%xmm6,%xmm6 +vpmuludq 352(%rsp),%xmm1,%xmm3 +vpaddq %xmm3,%xmm6,%xmm6 +vpmuludq 256(%rsp),%xmm0,%xmm3 +vpaddq %xmm3,%xmm7,%xmm7 +vpmuludq 384(%rsp),%xmm1,%xmm3 +vpaddq %xmm3,%xmm7,%xmm7 +vpmuludq 288(%rsp),%xmm0,%xmm3 +vpaddq %xmm3,%xmm11,%xmm11 +vpmuludq 416(%rsp),%xmm1,%xmm3 +vpaddq %xmm3,%xmm11,%xmm11 +vpmuludq 160(%rsp),%xmm0,%xmm0 +vpaddq %xmm0,%xmm2,%xmm2 +vpmuludq 432(%rsp),%xmm1,%xmm0 +vpaddq %xmm0,%xmm2,%xmm2 +vmovdqa %xmm4,80(%rsp) +vmovdqa %xmm6,96(%rsp) +vmovdqa %xmm7,112(%rsp) +vmovdqa %xmm11,448(%rsp) +vmovdqa %xmm2,496(%rsp) +vmovdqa 144(%rsp),%xmm0 +vpmuludq %xmm0,%xmm0,%xmm1 +vpaddq %xmm0,%xmm0,%xmm0 +vmovdqa 128(%rsp),%xmm2 +vpmuludq %xmm2,%xmm0,%xmm3 +vmovdqa 480(%rsp),%xmm4 +vpmuludq %xmm4,%xmm0,%xmm5 +vmovdqa 464(%rsp),%xmm6 +vpmuludq %xmm6,%xmm0,%xmm7 +vmovdqa 528(%rsp),%xmm8 +vpmuludq %xmm8,%xmm0,%xmm9 +vpmuludq 512(%rsp),%xmm0,%xmm10 +vpmuludq 592(%rsp),%xmm0,%xmm11 +vpmuludq 576(%rsp),%xmm0,%xmm12 +vpmuludq 624(%rsp),%xmm0,%xmm13 +vmovdqa 672(%rsp),%xmm14 +vpmuludq %xmm14,%xmm0,%xmm0 +vpmuludq v38_38(%rip),%xmm14,%xmm15 +vpmuludq %xmm15,%xmm14,%xmm14 +vpaddq %xmm14,%xmm13,%xmm13 +vpaddq %xmm6,%xmm6,%xmm14 +vpmuludq %xmm14,%xmm6,%xmm6 +vpaddq %xmm6,%xmm11,%xmm11 +vpaddq %xmm2,%xmm2,%xmm6 +vpmuludq %xmm6,%xmm2,%xmm2 +vpaddq %xmm2,%xmm5,%xmm5 +vpmuludq %xmm15,%xmm6,%xmm2 +vpaddq %xmm2,%xmm1,%xmm1 +vpmuludq %xmm15,%xmm4,%xmm2 +vpaddq %xmm2,%xmm3,%xmm3 +vpmuludq 544(%rsp),%xmm6,%xmm2 +vpaddq %xmm2,%xmm11,%xmm11 +vpmuludq 592(%rsp),%xmm6,%xmm2 +vpaddq %xmm2,%xmm12,%xmm12 +vpmuludq 640(%rsp),%xmm6,%xmm2 +vpaddq %xmm2,%xmm13,%xmm13 +vpmuludq 624(%rsp),%xmm6,%xmm2 +vpaddq %xmm2,%xmm0,%xmm0 +vpmuludq %xmm4,%xmm6,%xmm2 +vpaddq %xmm2,%xmm7,%xmm7 +vpmuludq %xmm14,%xmm6,%xmm2 +vpaddq %xmm2,%xmm9,%xmm9 +vpmuludq %xmm8,%xmm6,%xmm2 +vpaddq %xmm2,%xmm10,%xmm10 +vpmuludq %xmm15,%xmm14,%xmm2 +vpaddq %xmm2,%xmm5,%xmm5 +vpmuludq %xmm15,%xmm8,%xmm2 +vpaddq %xmm2,%xmm7,%xmm7 +vpmuludq %xmm4,%xmm4,%xmm2 +vpaddq %xmm2,%xmm9,%xmm9 +vpmuludq %xmm14,%xmm4,%xmm2 +vpaddq %xmm2,%xmm10,%xmm10 +vpaddq %xmm4,%xmm4,%xmm2 +vpmuludq %xmm8,%xmm2,%xmm4 +vpaddq %xmm4,%xmm11,%xmm11 +vpmuludq 688(%rsp),%xmm2,%xmm4 +vpaddq %xmm4,%xmm1,%xmm1 +vpmuludq 688(%rsp),%xmm14,%xmm4 +vpaddq %xmm4,%xmm3,%xmm3 +vpmuludq 512(%rsp),%xmm2,%xmm4 +vpaddq %xmm4,%xmm12,%xmm12 +vpmuludq 592(%rsp),%xmm2,%xmm4 +vpaddq %xmm4,%xmm13,%xmm13 +vpmuludq 576(%rsp),%xmm2,%xmm2 +vpaddq %xmm2,%xmm0,%xmm0 +vpmuludq 656(%rsp),%xmm8,%xmm2 +vpaddq %xmm2,%xmm3,%xmm3 +vpmuludq %xmm8,%xmm14,%xmm2 +vpaddq %xmm2,%xmm12,%xmm12 +vpmuludq %xmm8,%xmm8,%xmm2 +vpaddq %xmm2,%xmm13,%xmm13 +vpaddq %xmm8,%xmm8,%xmm2 +vpmuludq 688(%rsp),%xmm2,%xmm4 +vpaddq %xmm4,%xmm5,%xmm5 +vpmuludq 544(%rsp),%xmm15,%xmm4 +vpaddq %xmm4,%xmm9,%xmm9 +vpmuludq 592(%rsp),%xmm15,%xmm4 +vpaddq %xmm4,%xmm10,%xmm10 +vpmuludq 656(%rsp),%xmm14,%xmm4 +vpaddq %xmm4,%xmm1,%xmm1 +vmovdqa 544(%rsp),%xmm4 +vpmuludq 688(%rsp),%xmm4,%xmm4 +vpaddq %xmm4,%xmm7,%xmm7 +vpmuludq 544(%rsp),%xmm14,%xmm4 +vpaddq %xmm4,%xmm13,%xmm13 +vpmuludq 592(%rsp),%xmm14,%xmm4 +vpaddq %xmm4,%xmm0,%xmm0 +vpmuludq 640(%rsp),%xmm15,%xmm4 +vpaddq %xmm4,%xmm11,%xmm11 +vpmuludq 624(%rsp),%xmm15,%xmm4 +vpaddq %xmm4,%xmm12,%xmm12 +vmovdqa 592(%rsp),%xmm4 +vpaddq %xmm4,%xmm4,%xmm4 +vpmuludq 688(%rsp),%xmm4,%xmm4 +vpaddq %xmm4,%xmm9,%xmm9 +vpmuludq 608(%rsp),%xmm2,%xmm4 +vpaddq %xmm4,%xmm1,%xmm1 +vmovdqa 544(%rsp),%xmm4 +vpmuludq 608(%rsp),%xmm4,%xmm4 +vpaddq %xmm4,%xmm3,%xmm3 +vmovdqa 544(%rsp),%xmm4 +vpmuludq 656(%rsp),%xmm4,%xmm4 +vpaddq %xmm4,%xmm5,%xmm5 +vmovdqa 592(%rsp),%xmm4 +vpmuludq 656(%rsp),%xmm4,%xmm4 +vpaddq %xmm4,%xmm7,%xmm7 +vmovdqa 640(%rsp),%xmm4 +vpmuludq 688(%rsp),%xmm4,%xmm4 +vpaddq %xmm4,%xmm10,%xmm10 +vpmuludq 512(%rsp),%xmm2,%xmm2 +vpaddq %xmm2,%xmm0,%xmm0 +vmovdqa 560(%rsp),%xmm2 +vpmuludq 512(%rsp),%xmm2,%xmm2 +vpaddq %xmm2,%xmm1,%xmm1 +vmovdqa 608(%rsp),%xmm2 +vpmuludq 592(%rsp),%xmm2,%xmm2 +vpaddq %xmm2,%xmm5,%xmm5 +vmovdqa 656(%rsp),%xmm2 +vpmuludq 576(%rsp),%xmm2,%xmm2 +vpaddq %xmm2,%xmm9,%xmm9 +vmovdqa 688(%rsp),%xmm2 +vpmuludq 624(%rsp),%xmm2,%xmm2 +vpaddq %xmm2,%xmm11,%xmm11 +vpsrlq $26,%xmm1,%xmm2 +vpaddq %xmm2,%xmm3,%xmm3 +vpand m26(%rip),%xmm1,%xmm1 +vpsrlq $25,%xmm10,%xmm2 +vpaddq %xmm2,%xmm11,%xmm11 +vpand m25(%rip),%xmm10,%xmm10 +vpsrlq $25,%xmm3,%xmm2 +vpaddq %xmm2,%xmm5,%xmm5 +vpand m25(%rip),%xmm3,%xmm3 +vpsrlq $26,%xmm11,%xmm2 +vpaddq %xmm2,%xmm12,%xmm12 +vpand m26(%rip),%xmm11,%xmm11 +vpsrlq $26,%xmm5,%xmm2 +vpaddq %xmm2,%xmm7,%xmm7 +vpand m26(%rip),%xmm5,%xmm5 +vpsrlq $25,%xmm12,%xmm2 +vpaddq %xmm2,%xmm13,%xmm13 +vpand m25(%rip),%xmm12,%xmm12 +vpsrlq $25,%xmm7,%xmm2 +vpaddq %xmm2,%xmm9,%xmm9 +vpand m25(%rip),%xmm7,%xmm7 +vpsrlq $26,%xmm13,%xmm2 +vpaddq %xmm2,%xmm0,%xmm0 +vpand m26(%rip),%xmm13,%xmm13 +vpsrlq $26,%xmm9,%xmm2 +vpaddq %xmm2,%xmm10,%xmm10 +vpand m26(%rip),%xmm9,%xmm9 +vpsrlq $25,%xmm0,%xmm2 +vpsllq $4,%xmm2,%xmm4 +vpaddq %xmm2,%xmm1,%xmm1 +vpsllq $1,%xmm2,%xmm2 +vpaddq %xmm2,%xmm4,%xmm4 +vpaddq %xmm4,%xmm1,%xmm1 +vpand m25(%rip),%xmm0,%xmm0 +vpsrlq $25,%xmm10,%xmm2 +vpaddq %xmm2,%xmm11,%xmm11 +vpand m25(%rip),%xmm10,%xmm10 +vpsrlq $26,%xmm1,%xmm2 +vpaddq %xmm2,%xmm3,%xmm3 +vpand m26(%rip),%xmm1,%xmm1 +vpunpckhqdq %xmm3,%xmm1,%xmm2 +vpunpcklqdq %xmm3,%xmm1,%xmm1 +vmovdqa %xmm1,464(%rsp) +vpaddq subc0(%rip),%xmm2,%xmm3 +vpsubq %xmm1,%xmm3,%xmm3 +vpunpckhqdq %xmm3,%xmm2,%xmm1 +vpunpcklqdq %xmm3,%xmm2,%xmm2 +vmovdqa %xmm2,480(%rsp) +vmovdqa %xmm1,512(%rsp) +vpsllq $1,%xmm1,%xmm1 +vmovdqa %xmm1,528(%rsp) +vpmuludq v121666_121666(%rip),%xmm3,%xmm3 +vmovdqa 80(%rsp),%xmm1 +vpunpcklqdq %xmm1,%xmm3,%xmm2 +vpunpckhqdq %xmm1,%xmm3,%xmm1 +vpunpckhqdq %xmm7,%xmm5,%xmm3 +vpunpcklqdq %xmm7,%xmm5,%xmm4 +vmovdqa %xmm4,544(%rsp) +vpaddq subc2(%rip),%xmm3,%xmm5 +vpsubq %xmm4,%xmm5,%xmm5 +vpunpckhqdq %xmm5,%xmm3,%xmm4 +vpunpcklqdq %xmm5,%xmm3,%xmm3 +vmovdqa %xmm3,560(%rsp) +vmovdqa %xmm4,576(%rsp) +vpsllq $1,%xmm4,%xmm4 +vmovdqa %xmm4,592(%rsp) +vpmuludq v121666_121666(%rip),%xmm5,%xmm5 +vmovdqa 96(%rsp),%xmm3 +vpunpcklqdq %xmm3,%xmm5,%xmm4 +vpunpckhqdq %xmm3,%xmm5,%xmm3 +vpunpckhqdq %xmm10,%xmm9,%xmm5 +vpunpcklqdq %xmm10,%xmm9,%xmm6 +vmovdqa %xmm6,608(%rsp) +vpaddq subc2(%rip),%xmm5,%xmm7 +vpsubq %xmm6,%xmm7,%xmm7 +vpunpckhqdq %xmm7,%xmm5,%xmm6 +vpunpcklqdq %xmm7,%xmm5,%xmm5 +vmovdqa %xmm5,624(%rsp) +vmovdqa %xmm6,640(%rsp) +vpsllq $1,%xmm6,%xmm6 +vmovdqa %xmm6,656(%rsp) +vpmuludq v121666_121666(%rip),%xmm7,%xmm7 +vmovdqa 112(%rsp),%xmm5 +vpunpcklqdq %xmm5,%xmm7,%xmm6 +vpunpckhqdq %xmm5,%xmm7,%xmm5 +vpunpckhqdq %xmm12,%xmm11,%xmm7 +vpunpcklqdq %xmm12,%xmm11,%xmm8 +vmovdqa %xmm8,672(%rsp) +vpaddq subc2(%rip),%xmm7,%xmm9 +vpsubq %xmm8,%xmm9,%xmm9 +vpunpckhqdq %xmm9,%xmm7,%xmm8 +vpunpcklqdq %xmm9,%xmm7,%xmm7 +vmovdqa %xmm7,688(%rsp) +vmovdqa %xmm8,704(%rsp) +vpsllq $1,%xmm8,%xmm8 +vmovdqa %xmm8,720(%rsp) +vpmuludq v121666_121666(%rip),%xmm9,%xmm9 +vmovdqa 448(%rsp),%xmm7 +vpunpcklqdq %xmm7,%xmm9,%xmm8 +vpunpckhqdq %xmm7,%xmm9,%xmm7 +vpunpckhqdq %xmm0,%xmm13,%xmm9 +vpunpcklqdq %xmm0,%xmm13,%xmm0 +vmovdqa %xmm0,448(%rsp) +vpaddq subc2(%rip),%xmm9,%xmm10 +vpsubq %xmm0,%xmm10,%xmm10 +vpunpckhqdq %xmm10,%xmm9,%xmm0 +vpunpcklqdq %xmm10,%xmm9,%xmm9 +vmovdqa %xmm9,736(%rsp) +vmovdqa %xmm0,752(%rsp) +vpsllq $1,%xmm0,%xmm0 +vmovdqa %xmm0,768(%rsp) +vpmuludq v121666_121666(%rip),%xmm10,%xmm10 +vmovdqa 496(%rsp),%xmm0 +vpunpcklqdq %xmm0,%xmm10,%xmm9 +vpunpckhqdq %xmm0,%xmm10,%xmm0 +vpsrlq $26,%xmm2,%xmm10 +vpaddq %xmm10,%xmm1,%xmm1 +vpand m26(%rip),%xmm2,%xmm2 +vpsrlq $25,%xmm5,%xmm10 +vpaddq %xmm10,%xmm8,%xmm8 +vpand m25(%rip),%xmm5,%xmm5 +vpsrlq $25,%xmm1,%xmm10 +vpaddq %xmm10,%xmm4,%xmm4 +vpand m25(%rip),%xmm1,%xmm1 +vpsrlq $26,%xmm8,%xmm10 +vpaddq %xmm10,%xmm7,%xmm7 +vpand m26(%rip),%xmm8,%xmm8 +vpsrlq $26,%xmm4,%xmm10 +vpaddq %xmm10,%xmm3,%xmm3 +vpand m26(%rip),%xmm4,%xmm4 +vpsrlq $25,%xmm7,%xmm10 +vpaddq %xmm10,%xmm9,%xmm9 +vpand m25(%rip),%xmm7,%xmm7 +vpsrlq $25,%xmm3,%xmm10 +vpaddq %xmm10,%xmm6,%xmm6 +vpand m25(%rip),%xmm3,%xmm3 +vpsrlq $26,%xmm9,%xmm10 +vpaddq %xmm10,%xmm0,%xmm0 +vpand m26(%rip),%xmm9,%xmm9 +vpsrlq $26,%xmm6,%xmm10 +vpaddq %xmm10,%xmm5,%xmm5 +vpand m26(%rip),%xmm6,%xmm6 +vpsrlq $25,%xmm0,%xmm10 +vpsllq $4,%xmm10,%xmm11 +vpaddq %xmm10,%xmm2,%xmm2 +vpsllq $1,%xmm10,%xmm10 +vpaddq %xmm10,%xmm11,%xmm11 +vpaddq %xmm11,%xmm2,%xmm2 +vpand m25(%rip),%xmm0,%xmm0 +vpsrlq $25,%xmm5,%xmm10 +vpaddq %xmm10,%xmm8,%xmm8 +vpand m25(%rip),%xmm5,%xmm5 +vpsrlq $26,%xmm2,%xmm10 +vpaddq %xmm10,%xmm1,%xmm1 +vpand m26(%rip),%xmm2,%xmm2 +vpunpckhqdq %xmm1,%xmm2,%xmm10 +vmovdqa %xmm10,80(%rsp) +vpunpcklqdq %xmm1,%xmm2,%xmm1 +vpunpckhqdq %xmm3,%xmm4,%xmm2 +vmovdqa %xmm2,96(%rsp) +vpunpcklqdq %xmm3,%xmm4,%xmm2 +vpunpckhqdq %xmm5,%xmm6,%xmm3 +vmovdqa %xmm3,112(%rsp) +vpunpcklqdq %xmm5,%xmm6,%xmm3 +vpunpckhqdq %xmm7,%xmm8,%xmm4 +vmovdqa %xmm4,128(%rsp) +vpunpcklqdq %xmm7,%xmm8,%xmm4 +vpunpckhqdq %xmm0,%xmm9,%xmm5 +vmovdqa %xmm5,144(%rsp) +vpunpcklqdq %xmm0,%xmm9,%xmm0 +vmovdqa 464(%rsp),%xmm5 +vpaddq %xmm5,%xmm1,%xmm1 +vpunpcklqdq %xmm1,%xmm5,%xmm6 +vpunpckhqdq %xmm1,%xmm5,%xmm1 +vpmuludq 512(%rsp),%xmm6,%xmm5 +vpmuludq 480(%rsp),%xmm1,%xmm7 +vpaddq %xmm7,%xmm5,%xmm5 +vpmuludq 560(%rsp),%xmm6,%xmm7 +vpmuludq 528(%rsp),%xmm1,%xmm8 +vpaddq %xmm8,%xmm7,%xmm7 +vpmuludq 576(%rsp),%xmm6,%xmm8 +vpmuludq 560(%rsp),%xmm1,%xmm9 +vpaddq %xmm9,%xmm8,%xmm8 +vpmuludq 624(%rsp),%xmm6,%xmm9 +vpmuludq 592(%rsp),%xmm1,%xmm10 +vpaddq %xmm10,%xmm9,%xmm9 +vpmuludq 640(%rsp),%xmm6,%xmm10 +vpmuludq 624(%rsp),%xmm1,%xmm11 +vpaddq %xmm11,%xmm10,%xmm10 +vpmuludq 688(%rsp),%xmm6,%xmm11 +vpmuludq 656(%rsp),%xmm1,%xmm12 +vpaddq %xmm12,%xmm11,%xmm11 +vpmuludq 704(%rsp),%xmm6,%xmm12 +vpmuludq 688(%rsp),%xmm1,%xmm13 +vpaddq %xmm13,%xmm12,%xmm12 +vpmuludq 736(%rsp),%xmm6,%xmm13 +vpmuludq 720(%rsp),%xmm1,%xmm14 +vpaddq %xmm14,%xmm13,%xmm13 +vpmuludq 752(%rsp),%xmm6,%xmm14 +vpmuludq 736(%rsp),%xmm1,%xmm15 +vpaddq %xmm15,%xmm14,%xmm14 +vpmuludq 480(%rsp),%xmm6,%xmm6 +vpmuludq v19_19(%rip),%xmm1,%xmm1 +vpmuludq 768(%rsp),%xmm1,%xmm1 +vpaddq %xmm1,%xmm6,%xmm6 +vmovdqa 544(%rsp),%xmm1 +vpaddq %xmm1,%xmm2,%xmm2 +vpunpcklqdq %xmm2,%xmm1,%xmm15 +vpunpckhqdq %xmm2,%xmm1,%xmm1 +vpmuludq 480(%rsp),%xmm15,%xmm2 +vpaddq %xmm2,%xmm7,%xmm7 +vpmuludq 512(%rsp),%xmm15,%xmm2 +vpaddq %xmm2,%xmm8,%xmm8 +vpmuludq 560(%rsp),%xmm15,%xmm2 +vpaddq %xmm2,%xmm9,%xmm9 +vpmuludq 576(%rsp),%xmm15,%xmm2 +vpaddq %xmm2,%xmm10,%xmm10 +vpmuludq 624(%rsp),%xmm15,%xmm2 +vpaddq %xmm2,%xmm11,%xmm11 +vpmuludq 640(%rsp),%xmm15,%xmm2 +vpaddq %xmm2,%xmm12,%xmm12 +vpmuludq 688(%rsp),%xmm15,%xmm2 +vpaddq %xmm2,%xmm13,%xmm13 +vpmuludq 704(%rsp),%xmm15,%xmm2 +vpaddq %xmm2,%xmm14,%xmm14 +vpmuludq v19_19(%rip),%xmm15,%xmm15 +vpmuludq 736(%rsp),%xmm15,%xmm2 +vpaddq %xmm2,%xmm6,%xmm6 +vpmuludq 752(%rsp),%xmm15,%xmm15 +vpaddq %xmm15,%xmm5,%xmm5 +vpmuludq 480(%rsp),%xmm1,%xmm2 +vpaddq %xmm2,%xmm8,%xmm8 +vpmuludq 528(%rsp),%xmm1,%xmm2 +vpaddq %xmm2,%xmm9,%xmm9 +vpmuludq 560(%rsp),%xmm1,%xmm2 +vpaddq %xmm2,%xmm10,%xmm10 +vpmuludq 592(%rsp),%xmm1,%xmm2 +vpaddq %xmm2,%xmm11,%xmm11 +vpmuludq 624(%rsp),%xmm1,%xmm2 +vpaddq %xmm2,%xmm12,%xmm12 +vpmuludq 656(%rsp),%xmm1,%xmm2 +vpaddq %xmm2,%xmm13,%xmm13 +vpmuludq 688(%rsp),%xmm1,%xmm2 +vpaddq %xmm2,%xmm14,%xmm14 +vpmuludq v19_19(%rip),%xmm1,%xmm1 +vpmuludq 720(%rsp),%xmm1,%xmm2 +vpaddq %xmm2,%xmm6,%xmm6 +vpmuludq 736(%rsp),%xmm1,%xmm2 +vpaddq %xmm2,%xmm5,%xmm5 +vpmuludq 768(%rsp),%xmm1,%xmm1 +vpaddq %xmm1,%xmm7,%xmm7 +vmovdqa 608(%rsp),%xmm1 +vpaddq %xmm1,%xmm3,%xmm3 +vpunpcklqdq %xmm3,%xmm1,%xmm2 +vpunpckhqdq %xmm3,%xmm1,%xmm1 +vpmuludq 480(%rsp),%xmm2,%xmm3 +vpaddq %xmm3,%xmm9,%xmm9 +vpmuludq 512(%rsp),%xmm2,%xmm3 +vpaddq %xmm3,%xmm10,%xmm10 +vpmuludq 560(%rsp),%xmm2,%xmm3 +vpaddq %xmm3,%xmm11,%xmm11 +vpmuludq 576(%rsp),%xmm2,%xmm3 +vpaddq %xmm3,%xmm12,%xmm12 +vpmuludq 624(%rsp),%xmm2,%xmm3 +vpaddq %xmm3,%xmm13,%xmm13 +vpmuludq 640(%rsp),%xmm2,%xmm3 +vpaddq %xmm3,%xmm14,%xmm14 +vpmuludq v19_19(%rip),%xmm2,%xmm2 +vpmuludq 688(%rsp),%xmm2,%xmm3 +vpaddq %xmm3,%xmm6,%xmm6 +vpmuludq 704(%rsp),%xmm2,%xmm3 +vpaddq %xmm3,%xmm5,%xmm5 +vpmuludq 736(%rsp),%xmm2,%xmm3 +vpaddq %xmm3,%xmm7,%xmm7 +vpmuludq 752(%rsp),%xmm2,%xmm2 +vpaddq %xmm2,%xmm8,%xmm8 +vpmuludq 480(%rsp),%xmm1,%xmm2 +vpaddq %xmm2,%xmm10,%xmm10 +vpmuludq 528(%rsp),%xmm1,%xmm2 +vpaddq %xmm2,%xmm11,%xmm11 +vpmuludq 560(%rsp),%xmm1,%xmm2 +vpaddq %xmm2,%xmm12,%xmm12 +vpmuludq 592(%rsp),%xmm1,%xmm2 +vpaddq %xmm2,%xmm13,%xmm13 +vpmuludq 624(%rsp),%xmm1,%xmm2 +vpaddq %xmm2,%xmm14,%xmm14 +vpmuludq v19_19(%rip),%xmm1,%xmm1 +vpmuludq 656(%rsp),%xmm1,%xmm2 +vpaddq %xmm2,%xmm6,%xmm6 +vpmuludq 688(%rsp),%xmm1,%xmm2 +vpaddq %xmm2,%xmm5,%xmm5 +vpmuludq 720(%rsp),%xmm1,%xmm2 +vpaddq %xmm2,%xmm7,%xmm7 +vpmuludq 736(%rsp),%xmm1,%xmm2 +vpaddq %xmm2,%xmm8,%xmm8 +vpmuludq 768(%rsp),%xmm1,%xmm1 +vpaddq %xmm1,%xmm9,%xmm9 +vmovdqa 672(%rsp),%xmm1 +vpaddq %xmm1,%xmm4,%xmm4 +vpunpcklqdq %xmm4,%xmm1,%xmm2 +vpunpckhqdq %xmm4,%xmm1,%xmm1 +vpmuludq 480(%rsp),%xmm2,%xmm3 +vpaddq %xmm3,%xmm11,%xmm11 +vpmuludq 512(%rsp),%xmm2,%xmm3 +vpaddq %xmm3,%xmm12,%xmm12 +vpmuludq 560(%rsp),%xmm2,%xmm3 +vpaddq %xmm3,%xmm13,%xmm13 +vpmuludq 576(%rsp),%xmm2,%xmm3 +vpaddq %xmm3,%xmm14,%xmm14 +vpmuludq v19_19(%rip),%xmm2,%xmm2 +vpmuludq 624(%rsp),%xmm2,%xmm3 +vpaddq %xmm3,%xmm6,%xmm6 +vpmuludq 640(%rsp),%xmm2,%xmm3 +vpaddq %xmm3,%xmm5,%xmm5 +vpmuludq 688(%rsp),%xmm2,%xmm3 +vpaddq %xmm3,%xmm7,%xmm7 +vpmuludq 704(%rsp),%xmm2,%xmm3 +vpaddq %xmm3,%xmm8,%xmm8 +vpmuludq 736(%rsp),%xmm2,%xmm3 +vpaddq %xmm3,%xmm9,%xmm9 +vpmuludq 752(%rsp),%xmm2,%xmm2 +vpaddq %xmm2,%xmm10,%xmm10 +vpmuludq 480(%rsp),%xmm1,%xmm2 +vpaddq %xmm2,%xmm12,%xmm12 +vpmuludq 528(%rsp),%xmm1,%xmm2 +vpaddq %xmm2,%xmm13,%xmm13 +vpmuludq 560(%rsp),%xmm1,%xmm2 +vpaddq %xmm2,%xmm14,%xmm14 +vpmuludq v19_19(%rip),%xmm1,%xmm1 +vpmuludq 592(%rsp),%xmm1,%xmm2 +vpaddq %xmm2,%xmm6,%xmm6 +vpmuludq 624(%rsp),%xmm1,%xmm2 +vpaddq %xmm2,%xmm5,%xmm5 +vpmuludq 656(%rsp),%xmm1,%xmm2 +vpaddq %xmm2,%xmm7,%xmm7 +vpmuludq 688(%rsp),%xmm1,%xmm2 +vpaddq %xmm2,%xmm8,%xmm8 +vpmuludq 720(%rsp),%xmm1,%xmm2 +vpaddq %xmm2,%xmm9,%xmm9 +vpmuludq 736(%rsp),%xmm1,%xmm2 +vpaddq %xmm2,%xmm10,%xmm10 +vpmuludq 768(%rsp),%xmm1,%xmm1 +vpaddq %xmm1,%xmm11,%xmm11 +vmovdqa 448(%rsp),%xmm1 +vpaddq %xmm1,%xmm0,%xmm0 +vpunpcklqdq %xmm0,%xmm1,%xmm2 +vpunpckhqdq %xmm0,%xmm1,%xmm0 +vpmuludq 480(%rsp),%xmm2,%xmm1 +vpaddq %xmm1,%xmm13,%xmm13 +vpmuludq 512(%rsp),%xmm2,%xmm1 +vpaddq %xmm1,%xmm14,%xmm14 +vpmuludq v19_19(%rip),%xmm2,%xmm2 +vpmuludq 560(%rsp),%xmm2,%xmm1 +vpaddq %xmm1,%xmm6,%xmm6 +vpmuludq 576(%rsp),%xmm2,%xmm1 +vpaddq %xmm1,%xmm5,%xmm5 +vpmuludq 624(%rsp),%xmm2,%xmm1 +vpaddq %xmm1,%xmm7,%xmm7 +vpmuludq 640(%rsp),%xmm2,%xmm1 +vpaddq %xmm1,%xmm8,%xmm8 +vpmuludq 688(%rsp),%xmm2,%xmm1 +vpaddq %xmm1,%xmm9,%xmm9 +vpmuludq 704(%rsp),%xmm2,%xmm1 +vpaddq %xmm1,%xmm10,%xmm10 +vpmuludq 736(%rsp),%xmm2,%xmm1 +vpaddq %xmm1,%xmm11,%xmm11 +vpmuludq 752(%rsp),%xmm2,%xmm2 +vpaddq %xmm2,%xmm12,%xmm12 +vpmuludq 480(%rsp),%xmm0,%xmm1 +vpaddq %xmm1,%xmm14,%xmm14 +vpmuludq v19_19(%rip),%xmm0,%xmm0 +vpmuludq 528(%rsp),%xmm0,%xmm1 +vpaddq %xmm1,%xmm6,%xmm6 +vpmuludq 560(%rsp),%xmm0,%xmm1 +vpaddq %xmm1,%xmm5,%xmm5 +vpmuludq 592(%rsp),%xmm0,%xmm1 +vpaddq %xmm1,%xmm7,%xmm7 +vpmuludq 624(%rsp),%xmm0,%xmm1 +vpaddq %xmm1,%xmm8,%xmm8 +vpmuludq 656(%rsp),%xmm0,%xmm1 +vpaddq %xmm1,%xmm9,%xmm9 +vpmuludq 688(%rsp),%xmm0,%xmm1 +vpaddq %xmm1,%xmm10,%xmm10 +vpmuludq 720(%rsp),%xmm0,%xmm1 +vpaddq %xmm1,%xmm11,%xmm11 +vpmuludq 736(%rsp),%xmm0,%xmm1 +vpaddq %xmm1,%xmm12,%xmm12 +vpmuludq 768(%rsp),%xmm0,%xmm0 +vpaddq %xmm0,%xmm13,%xmm13 +vpsrlq $26,%xmm6,%xmm0 +vpaddq %xmm0,%xmm5,%xmm5 +vpand m26(%rip),%xmm6,%xmm6 +vpsrlq $25,%xmm10,%xmm0 +vpaddq %xmm0,%xmm11,%xmm11 +vpand m25(%rip),%xmm10,%xmm10 +vpsrlq $25,%xmm5,%xmm0 +vpaddq %xmm0,%xmm7,%xmm7 +vpand m25(%rip),%xmm5,%xmm5 +vpsrlq $26,%xmm11,%xmm0 +vpaddq %xmm0,%xmm12,%xmm12 +vpand m26(%rip),%xmm11,%xmm11 +vpsrlq $26,%xmm7,%xmm0 +vpaddq %xmm0,%xmm8,%xmm8 +vpand m26(%rip),%xmm7,%xmm7 +vpsrlq $25,%xmm12,%xmm0 +vpaddq %xmm0,%xmm13,%xmm13 +vpand m25(%rip),%xmm12,%xmm12 +vpsrlq $25,%xmm8,%xmm0 +vpaddq %xmm0,%xmm9,%xmm9 +vpand m25(%rip),%xmm8,%xmm8 +vpsrlq $26,%xmm13,%xmm0 +vpaddq %xmm0,%xmm14,%xmm14 +vpand m26(%rip),%xmm13,%xmm13 +vpsrlq $26,%xmm9,%xmm0 +vpaddq %xmm0,%xmm10,%xmm10 +vpand m26(%rip),%xmm9,%xmm9 +vpsrlq $25,%xmm14,%xmm0 +vpsllq $4,%xmm0,%xmm1 +vpaddq %xmm0,%xmm6,%xmm6 +vpsllq $1,%xmm0,%xmm0 +vpaddq %xmm0,%xmm1,%xmm1 +vpaddq %xmm1,%xmm6,%xmm6 +vpand m25(%rip),%xmm14,%xmm14 +vpsrlq $25,%xmm10,%xmm0 +vpaddq %xmm0,%xmm11,%xmm11 +vpand m25(%rip),%xmm10,%xmm10 +vpsrlq $26,%xmm6,%xmm0 +vpaddq %xmm0,%xmm5,%xmm5 +vpand m26(%rip),%xmm6,%xmm6 +vpunpckhqdq %xmm5,%xmm6,%xmm1 +vpunpcklqdq %xmm5,%xmm6,%xmm0 +vpunpckhqdq %xmm8,%xmm7,%xmm3 +vpunpcklqdq %xmm8,%xmm7,%xmm2 +vpunpckhqdq %xmm10,%xmm9,%xmm5 +vpunpcklqdq %xmm10,%xmm9,%xmm4 +vpunpckhqdq %xmm12,%xmm11,%xmm7 +vpunpcklqdq %xmm12,%xmm11,%xmm6 +vpunpckhqdq %xmm14,%xmm13,%xmm9 +vpunpcklqdq %xmm14,%xmm13,%xmm8 +cmp $0,%rdx +jne ._ladder_loop +vmovdqu %xmm1,160(%rdi) +vmovdqu %xmm0,80(%rdi) +vmovdqu %xmm3,176(%rdi) +vmovdqu %xmm2,96(%rdi) +vmovdqu %xmm5,192(%rdi) +vmovdqu %xmm4,112(%rdi) +vmovdqu %xmm7,208(%rdi) +vmovdqu %xmm6,128(%rdi) +vmovdqu %xmm9,224(%rdi) +vmovdqu %xmm8,144(%rdi) +movq 1824(%rsp),%r11 +movq 1832(%rsp),%r12 +movq 1840(%rsp),%r13 +movq 1848(%rsp),%r14 +add %r11,%rsp +ret + +#endif + +.globl ladder_S_dummy diff --git a/sodium/sodium_sandy2x_ladder.h b/sodium/sodium_sandy2x_ladder.h new file mode 100644 index 00000000..bda7e7e5 --- /dev/null +++ b/sodium/sodium_sandy2x_ladder.h @@ -0,0 +1,18 @@ +#ifndef ladder_H +#define ladder_H + +#ifdef __cplusplus +extern "C" { +#endif + +#include "sodium_sandy2x_fe.h" +#include "sodium_sandy2x_ladder_namespace.h" + +extern void ladder(fe *, const unsigned char *); + +#ifdef __cplusplus +} +#endif + +#endif /* ifndef ladder_H */ + diff --git a/sodium/sodium_sandy2x_ladder_base.S b/sodium/sodium_sandy2x_ladder_base.S new file mode 100644 index 00000000..46c5ed38 --- /dev/null +++ b/sodium/sodium_sandy2x_ladder_base.S @@ -0,0 +1,1297 @@ +#ifdef IN_SANDY2X + +#include "sodium_sandy2x_ladder_base_namespace.h" +#include "sodium_sandy2x_consts_namespace.h" +.p2align 5 + +#ifdef ASM_HIDE_SYMBOL +ASM_HIDE_SYMBOL ladder_base +ASM_HIDE_SYMBOL _ladder_base +#endif +.globl ladder_base +.globl _ladder_base +#ifdef __ELF__ +.type ladder_base, @function +.type _ladder_base, @function +#endif +ladder_base: +_ladder_base: + +mov %rsp,%r11 +and $31,%r11 +add $1568,%r11 +sub %r11,%rsp +movq %r11,1536(%rsp) +movq %r12,1544(%rsp) +movq %r13,1552(%rsp) +vmovdqa v0_0(%rip),%xmm0 +vmovdqa v1_0(%rip),%xmm1 +vmovdqa v9_0(%rip),%xmm2 +vmovdqa %xmm2,0(%rsp) +vmovdqa %xmm0,16(%rsp) +vmovdqa %xmm0,32(%rsp) +vmovdqa %xmm0,48(%rsp) +vmovdqa %xmm0,64(%rsp) +vmovdqa %xmm1,80(%rsp) +vmovdqa %xmm0,96(%rsp) +vmovdqa %xmm0,112(%rsp) +vmovdqa %xmm0,128(%rsp) +vmovdqa %xmm0,144(%rsp) +vmovdqa %xmm1,%xmm0 +vpxor %xmm1,%xmm1,%xmm1 +vpxor %xmm2,%xmm2,%xmm2 +vpxor %xmm3,%xmm3,%xmm3 +vpxor %xmm4,%xmm4,%xmm4 +vpxor %xmm5,%xmm5,%xmm5 +vpxor %xmm6,%xmm6,%xmm6 +vpxor %xmm7,%xmm7,%xmm7 +vpxor %xmm8,%xmm8,%xmm8 +vpxor %xmm9,%xmm9,%xmm9 +movq 0(%rsi),%rdx +movq 8(%rsi),%rcx +movq 16(%rsi),%r8 +movq 24(%rsi),%r9 +shrd $1,%rcx,%rdx +shrd $1,%r8,%rcx +shrd $1,%r9,%r8 +shr $1,%r9 +xorq 0(%rsi),%rdx +xorq 8(%rsi),%rcx +xorq 16(%rsi),%r8 +xorq 24(%rsi),%r9 +leaq 512(%rsp),%rsi +mov $64,%rax + +.p2align 4 +._ladder_base_small_loop: +mov %rdx,%r10 +mov %rcx,%r11 +mov %r8,%r12 +mov %r9,%r13 +shr $1,%rdx +shr $1,%rcx +shr $1,%r8 +shr $1,%r9 +and $1,%r10d +and $1,%r11d +and $1,%r12d +and $1,%r13d +neg %r10 +neg %r11 +neg %r12 +neg %r13 +movl %r10d,0(%rsi) +movl %r11d,256(%rsi) +movl %r12d,512(%rsi) +movl %r13d,768(%rsi) +add $4,%rsi +sub $1,%rax +jne ._ladder_base_small_loop +mov $255,%rdx +add $760,%rsi + +.p2align 4 +._ladder_base_loop: +sub $1,%rdx +vbroadcastss 0(%rsi),%xmm10 +sub $4,%rsi +vmovdqa 0(%rsp),%xmm11 +vmovdqa 80(%rsp),%xmm12 +vpxor %xmm11,%xmm0,%xmm13 +vpand %xmm10,%xmm13,%xmm13 +vpxor %xmm13,%xmm0,%xmm0 +vpxor %xmm13,%xmm11,%xmm11 +vpxor %xmm12,%xmm1,%xmm13 +vpand %xmm10,%xmm13,%xmm13 +vpxor %xmm13,%xmm1,%xmm1 +vpxor %xmm13,%xmm12,%xmm12 +vmovdqa 16(%rsp),%xmm13 +vmovdqa 96(%rsp),%xmm14 +vpxor %xmm13,%xmm2,%xmm15 +vpand %xmm10,%xmm15,%xmm15 +vpxor %xmm15,%xmm2,%xmm2 +vpxor %xmm15,%xmm13,%xmm13 +vpxor %xmm14,%xmm3,%xmm15 +vpand %xmm10,%xmm15,%xmm15 +vpxor %xmm15,%xmm3,%xmm3 +vpxor %xmm15,%xmm14,%xmm14 +vmovdqa %xmm13,0(%rsp) +vmovdqa %xmm14,16(%rsp) +vmovdqa 32(%rsp),%xmm13 +vmovdqa 112(%rsp),%xmm14 +vpxor %xmm13,%xmm4,%xmm15 +vpand %xmm10,%xmm15,%xmm15 +vpxor %xmm15,%xmm4,%xmm4 +vpxor %xmm15,%xmm13,%xmm13 +vpxor %xmm14,%xmm5,%xmm15 +vpand %xmm10,%xmm15,%xmm15 +vpxor %xmm15,%xmm5,%xmm5 +vpxor %xmm15,%xmm14,%xmm14 +vmovdqa %xmm13,32(%rsp) +vmovdqa %xmm14,80(%rsp) +vmovdqa 48(%rsp),%xmm13 +vmovdqa 128(%rsp),%xmm14 +vpxor %xmm13,%xmm6,%xmm15 +vpand %xmm10,%xmm15,%xmm15 +vpxor %xmm15,%xmm6,%xmm6 +vpxor %xmm15,%xmm13,%xmm13 +vpxor %xmm14,%xmm7,%xmm15 +vpand %xmm10,%xmm15,%xmm15 +vpxor %xmm15,%xmm7,%xmm7 +vpxor %xmm15,%xmm14,%xmm14 +vmovdqa %xmm13,48(%rsp) +vmovdqa %xmm14,96(%rsp) +vmovdqa 64(%rsp),%xmm13 +vmovdqa 144(%rsp),%xmm14 +vpxor %xmm13,%xmm8,%xmm15 +vpand %xmm10,%xmm15,%xmm15 +vpxor %xmm15,%xmm8,%xmm8 +vpxor %xmm15,%xmm13,%xmm13 +vpxor %xmm14,%xmm9,%xmm15 +vpand %xmm10,%xmm15,%xmm15 +vpxor %xmm15,%xmm9,%xmm9 +vpxor %xmm15,%xmm14,%xmm14 +vmovdqa %xmm13,64(%rsp) +vmovdqa %xmm14,112(%rsp) +vpaddq subc0(%rip),%xmm11,%xmm10 +vpsubq %xmm12,%xmm10,%xmm10 +vpaddq %xmm12,%xmm11,%xmm11 +vpunpckhqdq %xmm10,%xmm11,%xmm12 +vpunpcklqdq %xmm10,%xmm11,%xmm10 +vpaddq %xmm1,%xmm0,%xmm11 +vpaddq subc0(%rip),%xmm0,%xmm0 +vpsubq %xmm1,%xmm0,%xmm0 +vpunpckhqdq %xmm11,%xmm0,%xmm1 +vpunpcklqdq %xmm11,%xmm0,%xmm0 +vpmuludq %xmm0,%xmm10,%xmm11 +vpmuludq %xmm1,%xmm10,%xmm13 +vmovdqa %xmm1,128(%rsp) +vpaddq %xmm1,%xmm1,%xmm1 +vpmuludq %xmm0,%xmm12,%xmm14 +vmovdqa %xmm0,144(%rsp) +vpaddq %xmm14,%xmm13,%xmm13 +vpmuludq %xmm1,%xmm12,%xmm0 +vmovdqa %xmm1,160(%rsp) +vpaddq %xmm3,%xmm2,%xmm1 +vpaddq subc2(%rip),%xmm2,%xmm2 +vpsubq %xmm3,%xmm2,%xmm2 +vpunpckhqdq %xmm1,%xmm2,%xmm3 +vpunpcklqdq %xmm1,%xmm2,%xmm1 +vpmuludq %xmm1,%xmm10,%xmm2 +vpaddq %xmm2,%xmm0,%xmm0 +vpmuludq %xmm3,%xmm10,%xmm2 +vmovdqa %xmm3,176(%rsp) +vpaddq %xmm3,%xmm3,%xmm3 +vpmuludq %xmm1,%xmm12,%xmm14 +vmovdqa %xmm1,192(%rsp) +vpaddq %xmm14,%xmm2,%xmm2 +vpmuludq %xmm3,%xmm12,%xmm1 +vmovdqa %xmm3,208(%rsp) +vpaddq %xmm5,%xmm4,%xmm3 +vpaddq subc2(%rip),%xmm4,%xmm4 +vpsubq %xmm5,%xmm4,%xmm4 +vpunpckhqdq %xmm3,%xmm4,%xmm5 +vpunpcklqdq %xmm3,%xmm4,%xmm3 +vpmuludq %xmm3,%xmm10,%xmm4 +vpaddq %xmm4,%xmm1,%xmm1 +vpmuludq %xmm5,%xmm10,%xmm4 +vmovdqa %xmm5,224(%rsp) +vpaddq %xmm5,%xmm5,%xmm5 +vpmuludq %xmm3,%xmm12,%xmm14 +vmovdqa %xmm3,240(%rsp) +vpaddq %xmm14,%xmm4,%xmm4 +vpaddq %xmm7,%xmm6,%xmm3 +vpaddq subc2(%rip),%xmm6,%xmm6 +vpsubq %xmm7,%xmm6,%xmm6 +vpunpckhqdq %xmm3,%xmm6,%xmm7 +vpunpcklqdq %xmm3,%xmm6,%xmm3 +vpmuludq %xmm3,%xmm10,%xmm6 +vpmuludq %xmm5,%xmm12,%xmm14 +vmovdqa %xmm5,256(%rsp) +vpmuludq v19_19(%rip),%xmm5,%xmm5 +vmovdqa %xmm5,272(%rsp) +vpaddq %xmm14,%xmm6,%xmm6 +vpmuludq %xmm7,%xmm10,%xmm5 +vmovdqa %xmm7,288(%rsp) +vpaddq %xmm7,%xmm7,%xmm7 +vpmuludq %xmm3,%xmm12,%xmm14 +vmovdqa %xmm3,304(%rsp) +vpaddq %xmm14,%xmm5,%xmm5 +vpmuludq v19_19(%rip),%xmm3,%xmm3 +vmovdqa %xmm3,320(%rsp) +vpaddq %xmm9,%xmm8,%xmm3 +vpaddq subc2(%rip),%xmm8,%xmm8 +vpsubq %xmm9,%xmm8,%xmm8 +vpunpckhqdq %xmm3,%xmm8,%xmm9 +vpunpcklqdq %xmm3,%xmm8,%xmm3 +vmovdqa %xmm3,336(%rsp) +vpmuludq %xmm7,%xmm12,%xmm8 +vmovdqa %xmm7,352(%rsp) +vpmuludq v19_19(%rip),%xmm7,%xmm7 +vmovdqa %xmm7,368(%rsp) +vpmuludq %xmm3,%xmm10,%xmm7 +vpaddq %xmm7,%xmm8,%xmm8 +vpmuludq %xmm9,%xmm10,%xmm7 +vmovdqa %xmm9,384(%rsp) +vpaddq %xmm9,%xmm9,%xmm9 +vpmuludq %xmm3,%xmm12,%xmm10 +vpaddq %xmm10,%xmm7,%xmm7 +vpmuludq v19_19(%rip),%xmm3,%xmm3 +vmovdqa %xmm3,400(%rsp) +vpmuludq v19_19(%rip),%xmm12,%xmm12 +vpmuludq %xmm9,%xmm12,%xmm3 +vmovdqa %xmm9,416(%rsp) +vpaddq %xmm3,%xmm11,%xmm11 +vmovdqa 0(%rsp),%xmm3 +vmovdqa 16(%rsp),%xmm9 +vpaddq subc2(%rip),%xmm3,%xmm10 +vpsubq %xmm9,%xmm10,%xmm10 +vpaddq %xmm9,%xmm3,%xmm3 +vpunpckhqdq %xmm10,%xmm3,%xmm9 +vpunpcklqdq %xmm10,%xmm3,%xmm3 +vpmuludq 144(%rsp),%xmm3,%xmm10 +vpaddq %xmm10,%xmm0,%xmm0 +vpmuludq 128(%rsp),%xmm3,%xmm10 +vpaddq %xmm10,%xmm2,%xmm2 +vpmuludq 192(%rsp),%xmm3,%xmm10 +vpaddq %xmm10,%xmm1,%xmm1 +vpmuludq 176(%rsp),%xmm3,%xmm10 +vpaddq %xmm10,%xmm4,%xmm4 +vpmuludq 240(%rsp),%xmm3,%xmm10 +vpaddq %xmm10,%xmm6,%xmm6 +vpmuludq 224(%rsp),%xmm3,%xmm10 +vpaddq %xmm10,%xmm5,%xmm5 +vpmuludq 304(%rsp),%xmm3,%xmm10 +vpaddq %xmm10,%xmm8,%xmm8 +vpmuludq 288(%rsp),%xmm3,%xmm10 +vpaddq %xmm10,%xmm7,%xmm7 +vpmuludq v19_19(%rip),%xmm3,%xmm3 +vpmuludq 336(%rsp),%xmm3,%xmm10 +vpaddq %xmm10,%xmm11,%xmm11 +vpmuludq 384(%rsp),%xmm3,%xmm3 +vpaddq %xmm3,%xmm13,%xmm13 +vpmuludq 144(%rsp),%xmm9,%xmm3 +vpaddq %xmm3,%xmm2,%xmm2 +vpmuludq 160(%rsp),%xmm9,%xmm3 +vpaddq %xmm3,%xmm1,%xmm1 +vpmuludq 192(%rsp),%xmm9,%xmm3 +vpaddq %xmm3,%xmm4,%xmm4 +vpmuludq 208(%rsp),%xmm9,%xmm3 +vpaddq %xmm3,%xmm6,%xmm6 +vpmuludq 240(%rsp),%xmm9,%xmm3 +vpaddq %xmm3,%xmm5,%xmm5 +vpmuludq 256(%rsp),%xmm9,%xmm3 +vpaddq %xmm3,%xmm8,%xmm8 +vpmuludq 304(%rsp),%xmm9,%xmm3 +vpaddq %xmm3,%xmm7,%xmm7 +vpmuludq v19_19(%rip),%xmm9,%xmm9 +vpmuludq 352(%rsp),%xmm9,%xmm3 +vpaddq %xmm3,%xmm11,%xmm11 +vpmuludq 336(%rsp),%xmm9,%xmm3 +vpaddq %xmm3,%xmm13,%xmm13 +vpmuludq 416(%rsp),%xmm9,%xmm9 +vpaddq %xmm9,%xmm0,%xmm0 +vmovdqa 32(%rsp),%xmm3 +vmovdqa 80(%rsp),%xmm9 +vpaddq subc2(%rip),%xmm3,%xmm10 +vpsubq %xmm9,%xmm10,%xmm10 +vpaddq %xmm9,%xmm3,%xmm3 +vpunpckhqdq %xmm10,%xmm3,%xmm9 +vpunpcklqdq %xmm10,%xmm3,%xmm3 +vpmuludq 144(%rsp),%xmm3,%xmm10 +vpaddq %xmm10,%xmm1,%xmm1 +vpmuludq 128(%rsp),%xmm3,%xmm10 +vpaddq %xmm10,%xmm4,%xmm4 +vpmuludq 192(%rsp),%xmm3,%xmm10 +vpaddq %xmm10,%xmm6,%xmm6 +vpmuludq 176(%rsp),%xmm3,%xmm10 +vpaddq %xmm10,%xmm5,%xmm5 +vpmuludq 240(%rsp),%xmm3,%xmm10 +vpaddq %xmm10,%xmm8,%xmm8 +vpmuludq 224(%rsp),%xmm3,%xmm10 +vpaddq %xmm10,%xmm7,%xmm7 +vpmuludq v19_19(%rip),%xmm3,%xmm3 +vpmuludq 304(%rsp),%xmm3,%xmm10 +vpaddq %xmm10,%xmm11,%xmm11 +vpmuludq 288(%rsp),%xmm3,%xmm10 +vpaddq %xmm10,%xmm13,%xmm13 +vpmuludq 336(%rsp),%xmm3,%xmm10 +vpaddq %xmm10,%xmm0,%xmm0 +vpmuludq 384(%rsp),%xmm3,%xmm3 +vpaddq %xmm3,%xmm2,%xmm2 +vpmuludq 144(%rsp),%xmm9,%xmm3 +vpaddq %xmm3,%xmm4,%xmm4 +vpmuludq 160(%rsp),%xmm9,%xmm3 +vpaddq %xmm3,%xmm6,%xmm6 +vpmuludq 192(%rsp),%xmm9,%xmm3 +vpaddq %xmm3,%xmm5,%xmm5 +vpmuludq 208(%rsp),%xmm9,%xmm3 +vpaddq %xmm3,%xmm8,%xmm8 +vpmuludq 240(%rsp),%xmm9,%xmm3 +vpaddq %xmm3,%xmm7,%xmm7 +vpmuludq v19_19(%rip),%xmm9,%xmm9 +vpmuludq 256(%rsp),%xmm9,%xmm3 +vpaddq %xmm3,%xmm11,%xmm11 +vpmuludq 304(%rsp),%xmm9,%xmm3 +vpaddq %xmm3,%xmm13,%xmm13 +vpmuludq 352(%rsp),%xmm9,%xmm3 +vpaddq %xmm3,%xmm0,%xmm0 +vpmuludq 336(%rsp),%xmm9,%xmm3 +vpaddq %xmm3,%xmm2,%xmm2 +vpmuludq 416(%rsp),%xmm9,%xmm9 +vpaddq %xmm9,%xmm1,%xmm1 +vmovdqa 48(%rsp),%xmm3 +vmovdqa 96(%rsp),%xmm9 +vpaddq subc2(%rip),%xmm3,%xmm10 +vpsubq %xmm9,%xmm10,%xmm10 +vpaddq %xmm9,%xmm3,%xmm3 +vpunpckhqdq %xmm10,%xmm3,%xmm9 +vpunpcklqdq %xmm10,%xmm3,%xmm3 +vpmuludq 144(%rsp),%xmm3,%xmm10 +vpaddq %xmm10,%xmm6,%xmm6 +vpmuludq 128(%rsp),%xmm3,%xmm10 +vpaddq %xmm10,%xmm5,%xmm5 +vpmuludq 192(%rsp),%xmm3,%xmm10 +vpaddq %xmm10,%xmm8,%xmm8 +vpmuludq 176(%rsp),%xmm3,%xmm10 +vpaddq %xmm10,%xmm7,%xmm7 +vpmuludq v19_19(%rip),%xmm3,%xmm3 +vpmuludq 240(%rsp),%xmm3,%xmm10 +vpaddq %xmm10,%xmm11,%xmm11 +vpmuludq 224(%rsp),%xmm3,%xmm10 +vpaddq %xmm10,%xmm13,%xmm13 +vpmuludq 304(%rsp),%xmm3,%xmm10 +vpaddq %xmm10,%xmm0,%xmm0 +vpmuludq 288(%rsp),%xmm3,%xmm10 +vpaddq %xmm10,%xmm2,%xmm2 +vpmuludq 336(%rsp),%xmm3,%xmm10 +vpaddq %xmm10,%xmm1,%xmm1 +vpmuludq 384(%rsp),%xmm3,%xmm3 +vpaddq %xmm3,%xmm4,%xmm4 +vpmuludq 144(%rsp),%xmm9,%xmm3 +vpaddq %xmm3,%xmm5,%xmm5 +vpmuludq 160(%rsp),%xmm9,%xmm3 +vpaddq %xmm3,%xmm8,%xmm8 +vpmuludq 192(%rsp),%xmm9,%xmm3 +vpaddq %xmm3,%xmm7,%xmm7 +vpmuludq v19_19(%rip),%xmm9,%xmm9 +vpmuludq 208(%rsp),%xmm9,%xmm3 +vpaddq %xmm3,%xmm11,%xmm11 +vpmuludq 240(%rsp),%xmm9,%xmm3 +vpaddq %xmm3,%xmm13,%xmm13 +vpmuludq 256(%rsp),%xmm9,%xmm3 +vpaddq %xmm3,%xmm0,%xmm0 +vpmuludq 304(%rsp),%xmm9,%xmm3 +vpaddq %xmm3,%xmm2,%xmm2 +vpmuludq 352(%rsp),%xmm9,%xmm3 +vpaddq %xmm3,%xmm1,%xmm1 +vpmuludq 336(%rsp),%xmm9,%xmm3 +vpaddq %xmm3,%xmm4,%xmm4 +vpmuludq 416(%rsp),%xmm9,%xmm9 +vpaddq %xmm9,%xmm6,%xmm6 +vmovdqa 64(%rsp),%xmm3 +vmovdqa 112(%rsp),%xmm9 +vpaddq subc2(%rip),%xmm3,%xmm10 +vpsubq %xmm9,%xmm10,%xmm10 +vpaddq %xmm9,%xmm3,%xmm3 +vpunpckhqdq %xmm10,%xmm3,%xmm9 +vpunpcklqdq %xmm10,%xmm3,%xmm3 +vpmuludq 144(%rsp),%xmm3,%xmm10 +vpaddq %xmm10,%xmm8,%xmm8 +vpmuludq 128(%rsp),%xmm3,%xmm10 +vpaddq %xmm10,%xmm7,%xmm7 +vpmuludq v19_19(%rip),%xmm3,%xmm3 +vpmuludq 192(%rsp),%xmm3,%xmm10 +vpaddq %xmm10,%xmm11,%xmm11 +vpmuludq 176(%rsp),%xmm3,%xmm10 +vpaddq %xmm10,%xmm13,%xmm13 +vpmuludq 240(%rsp),%xmm3,%xmm10 +vpaddq %xmm10,%xmm0,%xmm0 +vpmuludq 224(%rsp),%xmm3,%xmm10 +vpaddq %xmm10,%xmm2,%xmm2 +vpmuludq 304(%rsp),%xmm3,%xmm10 +vpaddq %xmm10,%xmm1,%xmm1 +vpmuludq 288(%rsp),%xmm3,%xmm10 +vpaddq %xmm10,%xmm4,%xmm4 +vpmuludq 336(%rsp),%xmm3,%xmm10 +vpaddq %xmm10,%xmm6,%xmm6 +vpmuludq 384(%rsp),%xmm3,%xmm3 +vpaddq %xmm3,%xmm5,%xmm5 +vpmuludq 144(%rsp),%xmm9,%xmm3 +vpaddq %xmm3,%xmm7,%xmm7 +vpmuludq v19_19(%rip),%xmm9,%xmm9 +vpmuludq 160(%rsp),%xmm9,%xmm3 +vpaddq %xmm3,%xmm11,%xmm11 +vpmuludq 192(%rsp),%xmm9,%xmm3 +vpaddq %xmm3,%xmm13,%xmm13 +vpmuludq 208(%rsp),%xmm9,%xmm3 +vpaddq %xmm3,%xmm0,%xmm0 +vpmuludq 240(%rsp),%xmm9,%xmm3 +vpaddq %xmm3,%xmm2,%xmm2 +vpmuludq 256(%rsp),%xmm9,%xmm3 +vpaddq %xmm3,%xmm1,%xmm1 +vpmuludq 304(%rsp),%xmm9,%xmm3 +vpaddq %xmm3,%xmm4,%xmm4 +vpmuludq 352(%rsp),%xmm9,%xmm3 +vpaddq %xmm3,%xmm6,%xmm6 +vpmuludq 336(%rsp),%xmm9,%xmm3 +vpaddq %xmm3,%xmm5,%xmm5 +vpmuludq 416(%rsp),%xmm9,%xmm9 +vpaddq %xmm9,%xmm8,%xmm8 +vpsrlq $25,%xmm4,%xmm3 +vpaddq %xmm3,%xmm6,%xmm6 +vpand m25(%rip),%xmm4,%xmm4 +vpsrlq $26,%xmm11,%xmm3 +vpaddq %xmm3,%xmm13,%xmm13 +vpand m26(%rip),%xmm11,%xmm11 +vpsrlq $26,%xmm6,%xmm3 +vpaddq %xmm3,%xmm5,%xmm5 +vpand m26(%rip),%xmm6,%xmm6 +vpsrlq $25,%xmm13,%xmm3 +vpaddq %xmm3,%xmm0,%xmm0 +vpand m25(%rip),%xmm13,%xmm13 +vpsrlq $25,%xmm5,%xmm3 +vpaddq %xmm3,%xmm8,%xmm8 +vpand m25(%rip),%xmm5,%xmm5 +vpsrlq $26,%xmm0,%xmm3 +vpaddq %xmm3,%xmm2,%xmm2 +vpand m26(%rip),%xmm0,%xmm0 +vpsrlq $26,%xmm8,%xmm3 +vpaddq %xmm3,%xmm7,%xmm7 +vpand m26(%rip),%xmm8,%xmm8 +vpsrlq $25,%xmm2,%xmm3 +vpaddq %xmm3,%xmm1,%xmm1 +vpand m25(%rip),%xmm2,%xmm2 +vpsrlq $25,%xmm7,%xmm3 +vpsllq $4,%xmm3,%xmm9 +vpaddq %xmm3,%xmm11,%xmm11 +vpsllq $1,%xmm3,%xmm3 +vpaddq %xmm3,%xmm9,%xmm9 +vpaddq %xmm9,%xmm11,%xmm11 +vpand m25(%rip),%xmm7,%xmm7 +vpsrlq $26,%xmm1,%xmm3 +vpaddq %xmm3,%xmm4,%xmm4 +vpand m26(%rip),%xmm1,%xmm1 +vpsrlq $26,%xmm11,%xmm3 +vpaddq %xmm3,%xmm13,%xmm13 +vpand m26(%rip),%xmm11,%xmm11 +vpsrlq $25,%xmm4,%xmm3 +vpaddq %xmm3,%xmm6,%xmm6 +vpand m25(%rip),%xmm4,%xmm4 +vpunpcklqdq %xmm13,%xmm11,%xmm3 +vpunpckhqdq %xmm13,%xmm11,%xmm9 +vpaddq subc0(%rip),%xmm9,%xmm10 +vpsubq %xmm3,%xmm10,%xmm10 +vpaddq %xmm9,%xmm3,%xmm3 +vpunpckhqdq %xmm3,%xmm10,%xmm9 +vpunpcklqdq %xmm3,%xmm10,%xmm10 +vpmuludq %xmm10,%xmm10,%xmm3 +vpaddq %xmm10,%xmm10,%xmm10 +vpmuludq %xmm9,%xmm10,%xmm11 +vpunpcklqdq %xmm2,%xmm0,%xmm12 +vpunpckhqdq %xmm2,%xmm0,%xmm0 +vpaddq subc2(%rip),%xmm0,%xmm2 +vpsubq %xmm12,%xmm2,%xmm2 +vpaddq %xmm0,%xmm12,%xmm12 +vpunpckhqdq %xmm12,%xmm2,%xmm0 +vpunpcklqdq %xmm12,%xmm2,%xmm2 +vpmuludq %xmm2,%xmm10,%xmm12 +vpaddq %xmm9,%xmm9,%xmm13 +vpmuludq %xmm13,%xmm9,%xmm9 +vpaddq %xmm9,%xmm12,%xmm12 +vpmuludq %xmm0,%xmm10,%xmm9 +vpmuludq %xmm2,%xmm13,%xmm14 +vpaddq %xmm14,%xmm9,%xmm9 +vpunpcklqdq %xmm4,%xmm1,%xmm14 +vpunpckhqdq %xmm4,%xmm1,%xmm1 +vpaddq subc2(%rip),%xmm1,%xmm4 +vpsubq %xmm14,%xmm4,%xmm4 +vpaddq %xmm1,%xmm14,%xmm14 +vpunpckhqdq %xmm14,%xmm4,%xmm1 +vpunpcklqdq %xmm14,%xmm4,%xmm4 +vmovdqa %xmm1,0(%rsp) +vpaddq %xmm1,%xmm1,%xmm1 +vmovdqa %xmm1,16(%rsp) +vpmuludq v19_19(%rip),%xmm1,%xmm1 +vmovdqa %xmm1,32(%rsp) +vpmuludq %xmm4,%xmm10,%xmm1 +vpmuludq %xmm2,%xmm2,%xmm14 +vpaddq %xmm14,%xmm1,%xmm1 +vpmuludq 0(%rsp),%xmm10,%xmm14 +vpmuludq %xmm4,%xmm13,%xmm15 +vpaddq %xmm15,%xmm14,%xmm14 +vpunpcklqdq %xmm5,%xmm6,%xmm15 +vpunpckhqdq %xmm5,%xmm6,%xmm5 +vpaddq subc2(%rip),%xmm5,%xmm6 +vpsubq %xmm15,%xmm6,%xmm6 +vpaddq %xmm5,%xmm15,%xmm15 +vpunpckhqdq %xmm15,%xmm6,%xmm5 +vpunpcklqdq %xmm15,%xmm6,%xmm6 +vmovdqa %xmm6,48(%rsp) +vpmuludq v19_19(%rip),%xmm6,%xmm6 +vmovdqa %xmm6,64(%rsp) +vmovdqa %xmm5,80(%rsp) +vpmuludq v38_38(%rip),%xmm5,%xmm5 +vmovdqa %xmm5,96(%rsp) +vpmuludq 48(%rsp),%xmm10,%xmm5 +vpaddq %xmm0,%xmm0,%xmm6 +vpmuludq %xmm6,%xmm0,%xmm0 +vpaddq %xmm0,%xmm5,%xmm5 +vpmuludq 80(%rsp),%xmm10,%xmm0 +vpmuludq %xmm4,%xmm6,%xmm15 +vpaddq %xmm15,%xmm0,%xmm0 +vpmuludq %xmm6,%xmm13,%xmm15 +vpaddq %xmm15,%xmm1,%xmm1 +vpmuludq %xmm6,%xmm2,%xmm15 +vpaddq %xmm15,%xmm14,%xmm14 +vpunpcklqdq %xmm7,%xmm8,%xmm15 +vpunpckhqdq %xmm7,%xmm8,%xmm7 +vpaddq subc2(%rip),%xmm7,%xmm8 +vpsubq %xmm15,%xmm8,%xmm8 +vpaddq %xmm7,%xmm15,%xmm15 +vpunpckhqdq %xmm15,%xmm8,%xmm7 +vpunpcklqdq %xmm15,%xmm8,%xmm8 +vmovdqa %xmm8,112(%rsp) +vpmuludq v19_19(%rip),%xmm8,%xmm8 +vmovdqa %xmm8,160(%rsp) +vpmuludq 112(%rsp),%xmm10,%xmm8 +vpmuludq %xmm7,%xmm10,%xmm10 +vpmuludq v38_38(%rip),%xmm7,%xmm15 +vpmuludq %xmm15,%xmm7,%xmm7 +vpaddq %xmm7,%xmm8,%xmm8 +vpmuludq %xmm15,%xmm13,%xmm7 +vpaddq %xmm7,%xmm3,%xmm3 +vpmuludq %xmm15,%xmm2,%xmm7 +vpaddq %xmm7,%xmm11,%xmm11 +vpmuludq 80(%rsp),%xmm13,%xmm7 +vpaddq %xmm7,%xmm7,%xmm7 +vpaddq %xmm7,%xmm8,%xmm8 +vpmuludq 16(%rsp),%xmm13,%xmm7 +vpaddq %xmm7,%xmm5,%xmm5 +vpmuludq 48(%rsp),%xmm13,%xmm7 +vpaddq %xmm7,%xmm0,%xmm0 +vpmuludq 112(%rsp),%xmm13,%xmm7 +vpaddq %xmm7,%xmm10,%xmm10 +vpmuludq %xmm15,%xmm6,%xmm7 +vpaddq %xmm7,%xmm12,%xmm12 +vpmuludq %xmm15,%xmm4,%xmm7 +vpaddq %xmm7,%xmm9,%xmm9 +vpaddq %xmm2,%xmm2,%xmm2 +vpmuludq %xmm4,%xmm2,%xmm7 +vpaddq %xmm7,%xmm5,%xmm5 +vpmuludq 160(%rsp),%xmm2,%xmm7 +vpaddq %xmm7,%xmm3,%xmm3 +vpmuludq 160(%rsp),%xmm6,%xmm7 +vpaddq %xmm7,%xmm11,%xmm11 +vpmuludq 0(%rsp),%xmm2,%xmm7 +vpaddq %xmm7,%xmm0,%xmm0 +vpmuludq 48(%rsp),%xmm2,%xmm7 +vpaddq %xmm7,%xmm8,%xmm8 +vpmuludq 80(%rsp),%xmm2,%xmm2 +vpaddq %xmm2,%xmm10,%xmm10 +vpmuludq 96(%rsp),%xmm4,%xmm2 +vpaddq %xmm2,%xmm11,%xmm11 +vpmuludq %xmm4,%xmm4,%xmm2 +vpaddq %xmm2,%xmm8,%xmm8 +vpaddq %xmm4,%xmm4,%xmm2 +vpmuludq 160(%rsp),%xmm2,%xmm4 +vpaddq %xmm4,%xmm12,%xmm12 +vpmuludq 16(%rsp),%xmm15,%xmm4 +vpaddq %xmm4,%xmm1,%xmm1 +vpmuludq 48(%rsp),%xmm15,%xmm4 +vpaddq %xmm4,%xmm14,%xmm14 +vpmuludq 96(%rsp),%xmm6,%xmm4 +vpaddq %xmm4,%xmm3,%xmm3 +vmovdqa 16(%rsp),%xmm4 +vpmuludq 160(%rsp),%xmm4,%xmm4 +vpaddq %xmm4,%xmm9,%xmm9 +vpmuludq 16(%rsp),%xmm6,%xmm4 +vpaddq %xmm4,%xmm8,%xmm8 +vpmuludq 48(%rsp),%xmm6,%xmm4 +vpaddq %xmm4,%xmm10,%xmm10 +vpmuludq 80(%rsp),%xmm15,%xmm4 +vpaddq %xmm4,%xmm4,%xmm4 +vpaddq %xmm4,%xmm5,%xmm5 +vpmuludq 112(%rsp),%xmm15,%xmm4 +vpaddq %xmm4,%xmm0,%xmm0 +vmovdqa 48(%rsp),%xmm4 +vpaddq %xmm4,%xmm4,%xmm4 +vpmuludq 160(%rsp),%xmm4,%xmm4 +vpaddq %xmm4,%xmm1,%xmm1 +vmovdqa 80(%rsp),%xmm4 +vpaddq %xmm4,%xmm4,%xmm4 +vpmuludq 160(%rsp),%xmm4,%xmm4 +vpaddq %xmm4,%xmm14,%xmm14 +vpmuludq 64(%rsp),%xmm2,%xmm4 +vpaddq %xmm4,%xmm3,%xmm3 +vmovdqa 16(%rsp),%xmm4 +vpmuludq 64(%rsp),%xmm4,%xmm4 +vpaddq %xmm4,%xmm11,%xmm11 +vmovdqa 16(%rsp),%xmm4 +vpmuludq 96(%rsp),%xmm4,%xmm4 +vpaddq %xmm4,%xmm12,%xmm12 +vmovdqa 48(%rsp),%xmm4 +vpmuludq 96(%rsp),%xmm4,%xmm4 +vpaddq %xmm4,%xmm9,%xmm9 +vpmuludq 0(%rsp),%xmm2,%xmm2 +vpaddq %xmm2,%xmm10,%xmm10 +vmovdqa 32(%rsp),%xmm2 +vpmuludq 0(%rsp),%xmm2,%xmm2 +vpaddq %xmm2,%xmm3,%xmm3 +vmovdqa 64(%rsp),%xmm2 +vpmuludq 48(%rsp),%xmm2,%xmm2 +vpaddq %xmm2,%xmm12,%xmm12 +vmovdqa 96(%rsp),%xmm2 +vpmuludq 80(%rsp),%xmm2,%xmm2 +vpaddq %xmm2,%xmm1,%xmm1 +vmovdqa 160(%rsp),%xmm2 +vpmuludq 112(%rsp),%xmm2,%xmm2 +vpaddq %xmm2,%xmm5,%xmm5 +vpsrlq $26,%xmm3,%xmm2 +vpaddq %xmm2,%xmm11,%xmm11 +vpand m26(%rip),%xmm3,%xmm3 +vpsrlq $25,%xmm14,%xmm2 +vpaddq %xmm2,%xmm5,%xmm5 +vpand m25(%rip),%xmm14,%xmm14 +vpsrlq $25,%xmm11,%xmm2 +vpaddq %xmm2,%xmm12,%xmm12 +vpand m25(%rip),%xmm11,%xmm11 +vpsrlq $26,%xmm5,%xmm2 +vpaddq %xmm2,%xmm0,%xmm0 +vpand m26(%rip),%xmm5,%xmm5 +vpsrlq $26,%xmm12,%xmm2 +vpaddq %xmm2,%xmm9,%xmm9 +vpand m26(%rip),%xmm12,%xmm12 +vpsrlq $25,%xmm0,%xmm2 +vpaddq %xmm2,%xmm8,%xmm8 +vpand m25(%rip),%xmm0,%xmm0 +vpsrlq $25,%xmm9,%xmm2 +vpaddq %xmm2,%xmm1,%xmm1 +vpand m25(%rip),%xmm9,%xmm9 +vpsrlq $26,%xmm8,%xmm2 +vpaddq %xmm2,%xmm10,%xmm10 +vpand m26(%rip),%xmm8,%xmm8 +vpsrlq $26,%xmm1,%xmm2 +vpaddq %xmm2,%xmm14,%xmm14 +vpand m26(%rip),%xmm1,%xmm1 +vpsrlq $25,%xmm10,%xmm2 +vpsllq $4,%xmm2,%xmm4 +vpaddq %xmm2,%xmm3,%xmm3 +vpsllq $1,%xmm2,%xmm2 +vpaddq %xmm2,%xmm4,%xmm4 +vpaddq %xmm4,%xmm3,%xmm3 +vpand m25(%rip),%xmm10,%xmm10 +vpsrlq $25,%xmm14,%xmm2 +vpaddq %xmm2,%xmm5,%xmm5 +vpand m25(%rip),%xmm14,%xmm14 +vpsrlq $26,%xmm3,%xmm2 +vpaddq %xmm2,%xmm11,%xmm11 +vpand m26(%rip),%xmm3,%xmm3 +vpunpckhqdq %xmm11,%xmm3,%xmm2 +vmovdqa %xmm2,0(%rsp) +vpunpcklqdq %xmm11,%xmm3,%xmm2 +vpmuludq v9_9(%rip),%xmm2,%xmm2 +vmovdqa %xmm2,80(%rsp) +vpunpckhqdq %xmm9,%xmm12,%xmm2 +vmovdqa %xmm2,16(%rsp) +vpunpcklqdq %xmm9,%xmm12,%xmm2 +vpmuludq v9_9(%rip),%xmm2,%xmm2 +vmovdqa %xmm2,96(%rsp) +vpunpckhqdq %xmm14,%xmm1,%xmm2 +vmovdqa %xmm2,32(%rsp) +vpunpcklqdq %xmm14,%xmm1,%xmm1 +vpmuludq v9_9(%rip),%xmm1,%xmm1 +vmovdqa %xmm1,112(%rsp) +vpunpckhqdq %xmm0,%xmm5,%xmm1 +vmovdqa %xmm1,48(%rsp) +vpunpcklqdq %xmm0,%xmm5,%xmm0 +vpmuludq v9_9(%rip),%xmm0,%xmm0 +vmovdqa %xmm0,160(%rsp) +vpunpckhqdq %xmm10,%xmm8,%xmm0 +vmovdqa %xmm0,64(%rsp) +vpunpcklqdq %xmm10,%xmm8,%xmm0 +vpmuludq v9_9(%rip),%xmm0,%xmm0 +vmovdqa %xmm0,208(%rsp) +vmovdqa 144(%rsp),%xmm0 +vpmuludq %xmm0,%xmm0,%xmm1 +vpaddq %xmm0,%xmm0,%xmm0 +vmovdqa 128(%rsp),%xmm2 +vpmuludq %xmm2,%xmm0,%xmm3 +vmovdqa 192(%rsp),%xmm4 +vpmuludq %xmm4,%xmm0,%xmm5 +vmovdqa 176(%rsp),%xmm6 +vpmuludq %xmm6,%xmm0,%xmm7 +vmovdqa 240(%rsp),%xmm8 +vpmuludq %xmm8,%xmm0,%xmm9 +vpmuludq 224(%rsp),%xmm0,%xmm10 +vpmuludq 304(%rsp),%xmm0,%xmm11 +vpmuludq 288(%rsp),%xmm0,%xmm12 +vpmuludq 336(%rsp),%xmm0,%xmm13 +vmovdqa 384(%rsp),%xmm14 +vpmuludq %xmm14,%xmm0,%xmm0 +vpmuludq v38_38(%rip),%xmm14,%xmm15 +vpmuludq %xmm15,%xmm14,%xmm14 +vpaddq %xmm14,%xmm13,%xmm13 +vpaddq %xmm6,%xmm6,%xmm14 +vpmuludq %xmm14,%xmm6,%xmm6 +vpaddq %xmm6,%xmm11,%xmm11 +vpaddq %xmm2,%xmm2,%xmm6 +vpmuludq %xmm6,%xmm2,%xmm2 +vpaddq %xmm2,%xmm5,%xmm5 +vpmuludq %xmm15,%xmm6,%xmm2 +vpaddq %xmm2,%xmm1,%xmm1 +vpmuludq %xmm15,%xmm4,%xmm2 +vpaddq %xmm2,%xmm3,%xmm3 +vpmuludq 256(%rsp),%xmm6,%xmm2 +vpaddq %xmm2,%xmm11,%xmm11 +vpmuludq 304(%rsp),%xmm6,%xmm2 +vpaddq %xmm2,%xmm12,%xmm12 +vpmuludq 352(%rsp),%xmm6,%xmm2 +vpaddq %xmm2,%xmm13,%xmm13 +vpmuludq 336(%rsp),%xmm6,%xmm2 +vpaddq %xmm2,%xmm0,%xmm0 +vpmuludq %xmm4,%xmm6,%xmm2 +vpaddq %xmm2,%xmm7,%xmm7 +vpmuludq %xmm14,%xmm6,%xmm2 +vpaddq %xmm2,%xmm9,%xmm9 +vpmuludq %xmm8,%xmm6,%xmm2 +vpaddq %xmm2,%xmm10,%xmm10 +vpmuludq %xmm15,%xmm14,%xmm2 +vpaddq %xmm2,%xmm5,%xmm5 +vpmuludq %xmm15,%xmm8,%xmm2 +vpaddq %xmm2,%xmm7,%xmm7 +vpmuludq %xmm4,%xmm4,%xmm2 +vpaddq %xmm2,%xmm9,%xmm9 +vpmuludq %xmm14,%xmm4,%xmm2 +vpaddq %xmm2,%xmm10,%xmm10 +vpaddq %xmm4,%xmm4,%xmm2 +vpmuludq %xmm8,%xmm2,%xmm4 +vpaddq %xmm4,%xmm11,%xmm11 +vpmuludq 400(%rsp),%xmm2,%xmm4 +vpaddq %xmm4,%xmm1,%xmm1 +vpmuludq 400(%rsp),%xmm14,%xmm4 +vpaddq %xmm4,%xmm3,%xmm3 +vpmuludq 224(%rsp),%xmm2,%xmm4 +vpaddq %xmm4,%xmm12,%xmm12 +vpmuludq 304(%rsp),%xmm2,%xmm4 +vpaddq %xmm4,%xmm13,%xmm13 +vpmuludq 288(%rsp),%xmm2,%xmm2 +vpaddq %xmm2,%xmm0,%xmm0 +vpmuludq 368(%rsp),%xmm8,%xmm2 +vpaddq %xmm2,%xmm3,%xmm3 +vpmuludq %xmm8,%xmm14,%xmm2 +vpaddq %xmm2,%xmm12,%xmm12 +vpmuludq %xmm8,%xmm8,%xmm2 +vpaddq %xmm2,%xmm13,%xmm13 +vpaddq %xmm8,%xmm8,%xmm2 +vpmuludq 400(%rsp),%xmm2,%xmm4 +vpaddq %xmm4,%xmm5,%xmm5 +vpmuludq 256(%rsp),%xmm15,%xmm4 +vpaddq %xmm4,%xmm9,%xmm9 +vpmuludq 304(%rsp),%xmm15,%xmm4 +vpaddq %xmm4,%xmm10,%xmm10 +vpmuludq 368(%rsp),%xmm14,%xmm4 +vpaddq %xmm4,%xmm1,%xmm1 +vmovdqa 256(%rsp),%xmm4 +vpmuludq 400(%rsp),%xmm4,%xmm4 +vpaddq %xmm4,%xmm7,%xmm7 +vpmuludq 256(%rsp),%xmm14,%xmm4 +vpaddq %xmm4,%xmm13,%xmm13 +vpmuludq 304(%rsp),%xmm14,%xmm4 +vpaddq %xmm4,%xmm0,%xmm0 +vpmuludq 352(%rsp),%xmm15,%xmm4 +vpaddq %xmm4,%xmm11,%xmm11 +vpmuludq 336(%rsp),%xmm15,%xmm4 +vpaddq %xmm4,%xmm12,%xmm12 +vmovdqa 304(%rsp),%xmm4 +vpaddq %xmm4,%xmm4,%xmm4 +vpmuludq 400(%rsp),%xmm4,%xmm4 +vpaddq %xmm4,%xmm9,%xmm9 +vpmuludq 320(%rsp),%xmm2,%xmm4 +vpaddq %xmm4,%xmm1,%xmm1 +vmovdqa 256(%rsp),%xmm4 +vpmuludq 320(%rsp),%xmm4,%xmm4 +vpaddq %xmm4,%xmm3,%xmm3 +vmovdqa 256(%rsp),%xmm4 +vpmuludq 368(%rsp),%xmm4,%xmm4 +vpaddq %xmm4,%xmm5,%xmm5 +vmovdqa 304(%rsp),%xmm4 +vpmuludq 368(%rsp),%xmm4,%xmm4 +vpaddq %xmm4,%xmm7,%xmm7 +vmovdqa 352(%rsp),%xmm4 +vpmuludq 400(%rsp),%xmm4,%xmm4 +vpaddq %xmm4,%xmm10,%xmm10 +vpmuludq 224(%rsp),%xmm2,%xmm2 +vpaddq %xmm2,%xmm0,%xmm0 +vmovdqa 272(%rsp),%xmm2 +vpmuludq 224(%rsp),%xmm2,%xmm2 +vpaddq %xmm2,%xmm1,%xmm1 +vmovdqa 320(%rsp),%xmm2 +vpmuludq 304(%rsp),%xmm2,%xmm2 +vpaddq %xmm2,%xmm5,%xmm5 +vmovdqa 368(%rsp),%xmm2 +vpmuludq 288(%rsp),%xmm2,%xmm2 +vpaddq %xmm2,%xmm9,%xmm9 +vmovdqa 400(%rsp),%xmm2 +vpmuludq 336(%rsp),%xmm2,%xmm2 +vpaddq %xmm2,%xmm11,%xmm11 +vpsrlq $26,%xmm1,%xmm2 +vpaddq %xmm2,%xmm3,%xmm3 +vpand m26(%rip),%xmm1,%xmm1 +vpsrlq $25,%xmm10,%xmm2 +vpaddq %xmm2,%xmm11,%xmm11 +vpand m25(%rip),%xmm10,%xmm10 +vpsrlq $25,%xmm3,%xmm2 +vpaddq %xmm2,%xmm5,%xmm5 +vpand m25(%rip),%xmm3,%xmm3 +vpsrlq $26,%xmm11,%xmm2 +vpaddq %xmm2,%xmm12,%xmm12 +vpand m26(%rip),%xmm11,%xmm11 +vpsrlq $26,%xmm5,%xmm2 +vpaddq %xmm2,%xmm7,%xmm7 +vpand m26(%rip),%xmm5,%xmm5 +vpsrlq $25,%xmm12,%xmm2 +vpaddq %xmm2,%xmm13,%xmm13 +vpand m25(%rip),%xmm12,%xmm12 +vpsrlq $25,%xmm7,%xmm2 +vpaddq %xmm2,%xmm9,%xmm9 +vpand m25(%rip),%xmm7,%xmm7 +vpsrlq $26,%xmm13,%xmm2 +vpaddq %xmm2,%xmm0,%xmm0 +vpand m26(%rip),%xmm13,%xmm13 +vpsrlq $26,%xmm9,%xmm2 +vpaddq %xmm2,%xmm10,%xmm10 +vpand m26(%rip),%xmm9,%xmm9 +vpsrlq $25,%xmm0,%xmm2 +vpsllq $4,%xmm2,%xmm4 +vpaddq %xmm2,%xmm1,%xmm1 +vpsllq $1,%xmm2,%xmm2 +vpaddq %xmm2,%xmm4,%xmm4 +vpaddq %xmm4,%xmm1,%xmm1 +vpand m25(%rip),%xmm0,%xmm0 +vpsrlq $25,%xmm10,%xmm2 +vpaddq %xmm2,%xmm11,%xmm11 +vpand m25(%rip),%xmm10,%xmm10 +vpsrlq $26,%xmm1,%xmm2 +vpaddq %xmm2,%xmm3,%xmm3 +vpand m26(%rip),%xmm1,%xmm1 +vpunpckhqdq %xmm3,%xmm1,%xmm2 +vpunpcklqdq %xmm3,%xmm1,%xmm1 +vmovdqa %xmm1,176(%rsp) +vpaddq subc0(%rip),%xmm2,%xmm3 +vpsubq %xmm1,%xmm3,%xmm3 +vpunpckhqdq %xmm3,%xmm2,%xmm1 +vpunpcklqdq %xmm3,%xmm2,%xmm2 +vmovdqa %xmm2,192(%rsp) +vmovdqa %xmm1,224(%rsp) +vpsllq $1,%xmm1,%xmm1 +vmovdqa %xmm1,240(%rsp) +vpmuludq v121666_121666(%rip),%xmm3,%xmm3 +vmovdqa 80(%rsp),%xmm1 +vpunpcklqdq %xmm1,%xmm3,%xmm2 +vpunpckhqdq %xmm1,%xmm3,%xmm1 +vpunpckhqdq %xmm7,%xmm5,%xmm3 +vpunpcklqdq %xmm7,%xmm5,%xmm4 +vmovdqa %xmm4,256(%rsp) +vpaddq subc2(%rip),%xmm3,%xmm5 +vpsubq %xmm4,%xmm5,%xmm5 +vpunpckhqdq %xmm5,%xmm3,%xmm4 +vpunpcklqdq %xmm5,%xmm3,%xmm3 +vmovdqa %xmm3,272(%rsp) +vmovdqa %xmm4,288(%rsp) +vpsllq $1,%xmm4,%xmm4 +vmovdqa %xmm4,304(%rsp) +vpmuludq v121666_121666(%rip),%xmm5,%xmm5 +vmovdqa 96(%rsp),%xmm3 +vpunpcklqdq %xmm3,%xmm5,%xmm4 +vpunpckhqdq %xmm3,%xmm5,%xmm3 +vpunpckhqdq %xmm10,%xmm9,%xmm5 +vpunpcklqdq %xmm10,%xmm9,%xmm6 +vmovdqa %xmm6,320(%rsp) +vpaddq subc2(%rip),%xmm5,%xmm7 +vpsubq %xmm6,%xmm7,%xmm7 +vpunpckhqdq %xmm7,%xmm5,%xmm6 +vpunpcklqdq %xmm7,%xmm5,%xmm5 +vmovdqa %xmm5,336(%rsp) +vmovdqa %xmm6,352(%rsp) +vpsllq $1,%xmm6,%xmm6 +vmovdqa %xmm6,368(%rsp) +vpmuludq v121666_121666(%rip),%xmm7,%xmm7 +vmovdqa 112(%rsp),%xmm5 +vpunpcklqdq %xmm5,%xmm7,%xmm6 +vpunpckhqdq %xmm5,%xmm7,%xmm5 +vpunpckhqdq %xmm12,%xmm11,%xmm7 +vpunpcklqdq %xmm12,%xmm11,%xmm8 +vmovdqa %xmm8,384(%rsp) +vpaddq subc2(%rip),%xmm7,%xmm9 +vpsubq %xmm8,%xmm9,%xmm9 +vpunpckhqdq %xmm9,%xmm7,%xmm8 +vpunpcklqdq %xmm9,%xmm7,%xmm7 +vmovdqa %xmm7,400(%rsp) +vmovdqa %xmm8,416(%rsp) +vpsllq $1,%xmm8,%xmm8 +vmovdqa %xmm8,432(%rsp) +vpmuludq v121666_121666(%rip),%xmm9,%xmm9 +vmovdqa 160(%rsp),%xmm7 +vpunpcklqdq %xmm7,%xmm9,%xmm8 +vpunpckhqdq %xmm7,%xmm9,%xmm7 +vpunpckhqdq %xmm0,%xmm13,%xmm9 +vpunpcklqdq %xmm0,%xmm13,%xmm0 +vmovdqa %xmm0,160(%rsp) +vpaddq subc2(%rip),%xmm9,%xmm10 +vpsubq %xmm0,%xmm10,%xmm10 +vpunpckhqdq %xmm10,%xmm9,%xmm0 +vpunpcklqdq %xmm10,%xmm9,%xmm9 +vmovdqa %xmm9,448(%rsp) +vmovdqa %xmm0,464(%rsp) +vpsllq $1,%xmm0,%xmm0 +vmovdqa %xmm0,480(%rsp) +vpmuludq v121666_121666(%rip),%xmm10,%xmm10 +vmovdqa 208(%rsp),%xmm0 +vpunpcklqdq %xmm0,%xmm10,%xmm9 +vpunpckhqdq %xmm0,%xmm10,%xmm0 +vpsrlq $26,%xmm2,%xmm10 +vpaddq %xmm10,%xmm1,%xmm1 +vpand m26(%rip),%xmm2,%xmm2 +vpsrlq $25,%xmm5,%xmm10 +vpaddq %xmm10,%xmm8,%xmm8 +vpand m25(%rip),%xmm5,%xmm5 +vpsrlq $25,%xmm1,%xmm10 +vpaddq %xmm10,%xmm4,%xmm4 +vpand m25(%rip),%xmm1,%xmm1 +vpsrlq $26,%xmm8,%xmm10 +vpaddq %xmm10,%xmm7,%xmm7 +vpand m26(%rip),%xmm8,%xmm8 +vpsrlq $26,%xmm4,%xmm10 +vpaddq %xmm10,%xmm3,%xmm3 +vpand m26(%rip),%xmm4,%xmm4 +vpsrlq $25,%xmm7,%xmm10 +vpaddq %xmm10,%xmm9,%xmm9 +vpand m25(%rip),%xmm7,%xmm7 +vpsrlq $25,%xmm3,%xmm10 +vpaddq %xmm10,%xmm6,%xmm6 +vpand m25(%rip),%xmm3,%xmm3 +vpsrlq $26,%xmm9,%xmm10 +vpaddq %xmm10,%xmm0,%xmm0 +vpand m26(%rip),%xmm9,%xmm9 +vpsrlq $26,%xmm6,%xmm10 +vpaddq %xmm10,%xmm5,%xmm5 +vpand m26(%rip),%xmm6,%xmm6 +vpsrlq $25,%xmm0,%xmm10 +vpsllq $4,%xmm10,%xmm11 +vpaddq %xmm10,%xmm2,%xmm2 +vpsllq $1,%xmm10,%xmm10 +vpaddq %xmm10,%xmm11,%xmm11 +vpaddq %xmm11,%xmm2,%xmm2 +vpand m25(%rip),%xmm0,%xmm0 +vpsrlq $25,%xmm5,%xmm10 +vpaddq %xmm10,%xmm8,%xmm8 +vpand m25(%rip),%xmm5,%xmm5 +vpsrlq $26,%xmm2,%xmm10 +vpaddq %xmm10,%xmm1,%xmm1 +vpand m26(%rip),%xmm2,%xmm2 +vpunpckhqdq %xmm1,%xmm2,%xmm10 +vmovdqa %xmm10,80(%rsp) +vpunpcklqdq %xmm1,%xmm2,%xmm1 +vpunpckhqdq %xmm3,%xmm4,%xmm2 +vmovdqa %xmm2,96(%rsp) +vpunpcklqdq %xmm3,%xmm4,%xmm2 +vpunpckhqdq %xmm5,%xmm6,%xmm3 +vmovdqa %xmm3,112(%rsp) +vpunpcklqdq %xmm5,%xmm6,%xmm3 +vpunpckhqdq %xmm7,%xmm8,%xmm4 +vmovdqa %xmm4,128(%rsp) +vpunpcklqdq %xmm7,%xmm8,%xmm4 +vpunpckhqdq %xmm0,%xmm9,%xmm5 +vmovdqa %xmm5,144(%rsp) +vpunpcklqdq %xmm0,%xmm9,%xmm0 +vmovdqa 176(%rsp),%xmm5 +vpaddq %xmm5,%xmm1,%xmm1 +vpunpcklqdq %xmm1,%xmm5,%xmm6 +vpunpckhqdq %xmm1,%xmm5,%xmm1 +vpmuludq 224(%rsp),%xmm6,%xmm5 +vpmuludq 192(%rsp),%xmm1,%xmm7 +vpaddq %xmm7,%xmm5,%xmm5 +vpmuludq 272(%rsp),%xmm6,%xmm7 +vpmuludq 240(%rsp),%xmm1,%xmm8 +vpaddq %xmm8,%xmm7,%xmm7 +vpmuludq 288(%rsp),%xmm6,%xmm8 +vpmuludq 272(%rsp),%xmm1,%xmm9 +vpaddq %xmm9,%xmm8,%xmm8 +vpmuludq 336(%rsp),%xmm6,%xmm9 +vpmuludq 304(%rsp),%xmm1,%xmm10 +vpaddq %xmm10,%xmm9,%xmm9 +vpmuludq 352(%rsp),%xmm6,%xmm10 +vpmuludq 336(%rsp),%xmm1,%xmm11 +vpaddq %xmm11,%xmm10,%xmm10 +vpmuludq 400(%rsp),%xmm6,%xmm11 +vpmuludq 368(%rsp),%xmm1,%xmm12 +vpaddq %xmm12,%xmm11,%xmm11 +vpmuludq 416(%rsp),%xmm6,%xmm12 +vpmuludq 400(%rsp),%xmm1,%xmm13 +vpaddq %xmm13,%xmm12,%xmm12 +vpmuludq 448(%rsp),%xmm6,%xmm13 +vpmuludq 432(%rsp),%xmm1,%xmm14 +vpaddq %xmm14,%xmm13,%xmm13 +vpmuludq 464(%rsp),%xmm6,%xmm14 +vpmuludq 448(%rsp),%xmm1,%xmm15 +vpaddq %xmm15,%xmm14,%xmm14 +vpmuludq 192(%rsp),%xmm6,%xmm6 +vpmuludq v19_19(%rip),%xmm1,%xmm1 +vpmuludq 480(%rsp),%xmm1,%xmm1 +vpaddq %xmm1,%xmm6,%xmm6 +vmovdqa 256(%rsp),%xmm1 +vpaddq %xmm1,%xmm2,%xmm2 +vpunpcklqdq %xmm2,%xmm1,%xmm15 +vpunpckhqdq %xmm2,%xmm1,%xmm1 +vpmuludq 192(%rsp),%xmm15,%xmm2 +vpaddq %xmm2,%xmm7,%xmm7 +vpmuludq 224(%rsp),%xmm15,%xmm2 +vpaddq %xmm2,%xmm8,%xmm8 +vpmuludq 272(%rsp),%xmm15,%xmm2 +vpaddq %xmm2,%xmm9,%xmm9 +vpmuludq 288(%rsp),%xmm15,%xmm2 +vpaddq %xmm2,%xmm10,%xmm10 +vpmuludq 336(%rsp),%xmm15,%xmm2 +vpaddq %xmm2,%xmm11,%xmm11 +vpmuludq 352(%rsp),%xmm15,%xmm2 +vpaddq %xmm2,%xmm12,%xmm12 +vpmuludq 400(%rsp),%xmm15,%xmm2 +vpaddq %xmm2,%xmm13,%xmm13 +vpmuludq 416(%rsp),%xmm15,%xmm2 +vpaddq %xmm2,%xmm14,%xmm14 +vpmuludq v19_19(%rip),%xmm15,%xmm15 +vpmuludq 448(%rsp),%xmm15,%xmm2 +vpaddq %xmm2,%xmm6,%xmm6 +vpmuludq 464(%rsp),%xmm15,%xmm15 +vpaddq %xmm15,%xmm5,%xmm5 +vpmuludq 192(%rsp),%xmm1,%xmm2 +vpaddq %xmm2,%xmm8,%xmm8 +vpmuludq 240(%rsp),%xmm1,%xmm2 +vpaddq %xmm2,%xmm9,%xmm9 +vpmuludq 272(%rsp),%xmm1,%xmm2 +vpaddq %xmm2,%xmm10,%xmm10 +vpmuludq 304(%rsp),%xmm1,%xmm2 +vpaddq %xmm2,%xmm11,%xmm11 +vpmuludq 336(%rsp),%xmm1,%xmm2 +vpaddq %xmm2,%xmm12,%xmm12 +vpmuludq 368(%rsp),%xmm1,%xmm2 +vpaddq %xmm2,%xmm13,%xmm13 +vpmuludq 400(%rsp),%xmm1,%xmm2 +vpaddq %xmm2,%xmm14,%xmm14 +vpmuludq v19_19(%rip),%xmm1,%xmm1 +vpmuludq 432(%rsp),%xmm1,%xmm2 +vpaddq %xmm2,%xmm6,%xmm6 +vpmuludq 448(%rsp),%xmm1,%xmm2 +vpaddq %xmm2,%xmm5,%xmm5 +vpmuludq 480(%rsp),%xmm1,%xmm1 +vpaddq %xmm1,%xmm7,%xmm7 +vmovdqa 320(%rsp),%xmm1 +vpaddq %xmm1,%xmm3,%xmm3 +vpunpcklqdq %xmm3,%xmm1,%xmm2 +vpunpckhqdq %xmm3,%xmm1,%xmm1 +vpmuludq 192(%rsp),%xmm2,%xmm3 +vpaddq %xmm3,%xmm9,%xmm9 +vpmuludq 224(%rsp),%xmm2,%xmm3 +vpaddq %xmm3,%xmm10,%xmm10 +vpmuludq 272(%rsp),%xmm2,%xmm3 +vpaddq %xmm3,%xmm11,%xmm11 +vpmuludq 288(%rsp),%xmm2,%xmm3 +vpaddq %xmm3,%xmm12,%xmm12 +vpmuludq 336(%rsp),%xmm2,%xmm3 +vpaddq %xmm3,%xmm13,%xmm13 +vpmuludq 352(%rsp),%xmm2,%xmm3 +vpaddq %xmm3,%xmm14,%xmm14 +vpmuludq v19_19(%rip),%xmm2,%xmm2 +vpmuludq 400(%rsp),%xmm2,%xmm3 +vpaddq %xmm3,%xmm6,%xmm6 +vpmuludq 416(%rsp),%xmm2,%xmm3 +vpaddq %xmm3,%xmm5,%xmm5 +vpmuludq 448(%rsp),%xmm2,%xmm3 +vpaddq %xmm3,%xmm7,%xmm7 +vpmuludq 464(%rsp),%xmm2,%xmm2 +vpaddq %xmm2,%xmm8,%xmm8 +vpmuludq 192(%rsp),%xmm1,%xmm2 +vpaddq %xmm2,%xmm10,%xmm10 +vpmuludq 240(%rsp),%xmm1,%xmm2 +vpaddq %xmm2,%xmm11,%xmm11 +vpmuludq 272(%rsp),%xmm1,%xmm2 +vpaddq %xmm2,%xmm12,%xmm12 +vpmuludq 304(%rsp),%xmm1,%xmm2 +vpaddq %xmm2,%xmm13,%xmm13 +vpmuludq 336(%rsp),%xmm1,%xmm2 +vpaddq %xmm2,%xmm14,%xmm14 +vpmuludq v19_19(%rip),%xmm1,%xmm1 +vpmuludq 368(%rsp),%xmm1,%xmm2 +vpaddq %xmm2,%xmm6,%xmm6 +vpmuludq 400(%rsp),%xmm1,%xmm2 +vpaddq %xmm2,%xmm5,%xmm5 +vpmuludq 432(%rsp),%xmm1,%xmm2 +vpaddq %xmm2,%xmm7,%xmm7 +vpmuludq 448(%rsp),%xmm1,%xmm2 +vpaddq %xmm2,%xmm8,%xmm8 +vpmuludq 480(%rsp),%xmm1,%xmm1 +vpaddq %xmm1,%xmm9,%xmm9 +vmovdqa 384(%rsp),%xmm1 +vpaddq %xmm1,%xmm4,%xmm4 +vpunpcklqdq %xmm4,%xmm1,%xmm2 +vpunpckhqdq %xmm4,%xmm1,%xmm1 +vpmuludq 192(%rsp),%xmm2,%xmm3 +vpaddq %xmm3,%xmm11,%xmm11 +vpmuludq 224(%rsp),%xmm2,%xmm3 +vpaddq %xmm3,%xmm12,%xmm12 +vpmuludq 272(%rsp),%xmm2,%xmm3 +vpaddq %xmm3,%xmm13,%xmm13 +vpmuludq 288(%rsp),%xmm2,%xmm3 +vpaddq %xmm3,%xmm14,%xmm14 +vpmuludq v19_19(%rip),%xmm2,%xmm2 +vpmuludq 336(%rsp),%xmm2,%xmm3 +vpaddq %xmm3,%xmm6,%xmm6 +vpmuludq 352(%rsp),%xmm2,%xmm3 +vpaddq %xmm3,%xmm5,%xmm5 +vpmuludq 400(%rsp),%xmm2,%xmm3 +vpaddq %xmm3,%xmm7,%xmm7 +vpmuludq 416(%rsp),%xmm2,%xmm3 +vpaddq %xmm3,%xmm8,%xmm8 +vpmuludq 448(%rsp),%xmm2,%xmm3 +vpaddq %xmm3,%xmm9,%xmm9 +vpmuludq 464(%rsp),%xmm2,%xmm2 +vpaddq %xmm2,%xmm10,%xmm10 +vpmuludq 192(%rsp),%xmm1,%xmm2 +vpaddq %xmm2,%xmm12,%xmm12 +vpmuludq 240(%rsp),%xmm1,%xmm2 +vpaddq %xmm2,%xmm13,%xmm13 +vpmuludq 272(%rsp),%xmm1,%xmm2 +vpaddq %xmm2,%xmm14,%xmm14 +vpmuludq v19_19(%rip),%xmm1,%xmm1 +vpmuludq 304(%rsp),%xmm1,%xmm2 +vpaddq %xmm2,%xmm6,%xmm6 +vpmuludq 336(%rsp),%xmm1,%xmm2 +vpaddq %xmm2,%xmm5,%xmm5 +vpmuludq 368(%rsp),%xmm1,%xmm2 +vpaddq %xmm2,%xmm7,%xmm7 +vpmuludq 400(%rsp),%xmm1,%xmm2 +vpaddq %xmm2,%xmm8,%xmm8 +vpmuludq 432(%rsp),%xmm1,%xmm2 +vpaddq %xmm2,%xmm9,%xmm9 +vpmuludq 448(%rsp),%xmm1,%xmm2 +vpaddq %xmm2,%xmm10,%xmm10 +vpmuludq 480(%rsp),%xmm1,%xmm1 +vpaddq %xmm1,%xmm11,%xmm11 +vmovdqa 160(%rsp),%xmm1 +vpaddq %xmm1,%xmm0,%xmm0 +vpunpcklqdq %xmm0,%xmm1,%xmm2 +vpunpckhqdq %xmm0,%xmm1,%xmm0 +vpmuludq 192(%rsp),%xmm2,%xmm1 +vpaddq %xmm1,%xmm13,%xmm13 +vpmuludq 224(%rsp),%xmm2,%xmm1 +vpaddq %xmm1,%xmm14,%xmm14 +vpmuludq v19_19(%rip),%xmm2,%xmm2 +vpmuludq 272(%rsp),%xmm2,%xmm1 +vpaddq %xmm1,%xmm6,%xmm6 +vpmuludq 288(%rsp),%xmm2,%xmm1 +vpaddq %xmm1,%xmm5,%xmm5 +vpmuludq 336(%rsp),%xmm2,%xmm1 +vpaddq %xmm1,%xmm7,%xmm7 +vpmuludq 352(%rsp),%xmm2,%xmm1 +vpaddq %xmm1,%xmm8,%xmm8 +vpmuludq 400(%rsp),%xmm2,%xmm1 +vpaddq %xmm1,%xmm9,%xmm9 +vpmuludq 416(%rsp),%xmm2,%xmm1 +vpaddq %xmm1,%xmm10,%xmm10 +vpmuludq 448(%rsp),%xmm2,%xmm1 +vpaddq %xmm1,%xmm11,%xmm11 +vpmuludq 464(%rsp),%xmm2,%xmm2 +vpaddq %xmm2,%xmm12,%xmm12 +vpmuludq 192(%rsp),%xmm0,%xmm1 +vpaddq %xmm1,%xmm14,%xmm14 +vpmuludq v19_19(%rip),%xmm0,%xmm0 +vpmuludq 240(%rsp),%xmm0,%xmm1 +vpaddq %xmm1,%xmm6,%xmm6 +vpmuludq 272(%rsp),%xmm0,%xmm1 +vpaddq %xmm1,%xmm5,%xmm5 +vpmuludq 304(%rsp),%xmm0,%xmm1 +vpaddq %xmm1,%xmm7,%xmm7 +vpmuludq 336(%rsp),%xmm0,%xmm1 +vpaddq %xmm1,%xmm8,%xmm8 +vpmuludq 368(%rsp),%xmm0,%xmm1 +vpaddq %xmm1,%xmm9,%xmm9 +vpmuludq 400(%rsp),%xmm0,%xmm1 +vpaddq %xmm1,%xmm10,%xmm10 +vpmuludq 432(%rsp),%xmm0,%xmm1 +vpaddq %xmm1,%xmm11,%xmm11 +vpmuludq 448(%rsp),%xmm0,%xmm1 +vpaddq %xmm1,%xmm12,%xmm12 +vpmuludq 480(%rsp),%xmm0,%xmm0 +vpaddq %xmm0,%xmm13,%xmm13 +vpsrlq $26,%xmm6,%xmm0 +vpaddq %xmm0,%xmm5,%xmm5 +vpand m26(%rip),%xmm6,%xmm6 +vpsrlq $25,%xmm10,%xmm0 +vpaddq %xmm0,%xmm11,%xmm11 +vpand m25(%rip),%xmm10,%xmm10 +vpsrlq $25,%xmm5,%xmm0 +vpaddq %xmm0,%xmm7,%xmm7 +vpand m25(%rip),%xmm5,%xmm5 +vpsrlq $26,%xmm11,%xmm0 +vpaddq %xmm0,%xmm12,%xmm12 +vpand m26(%rip),%xmm11,%xmm11 +vpsrlq $26,%xmm7,%xmm0 +vpaddq %xmm0,%xmm8,%xmm8 +vpand m26(%rip),%xmm7,%xmm7 +vpsrlq $25,%xmm12,%xmm0 +vpaddq %xmm0,%xmm13,%xmm13 +vpand m25(%rip),%xmm12,%xmm12 +vpsrlq $25,%xmm8,%xmm0 +vpaddq %xmm0,%xmm9,%xmm9 +vpand m25(%rip),%xmm8,%xmm8 +vpsrlq $26,%xmm13,%xmm0 +vpaddq %xmm0,%xmm14,%xmm14 +vpand m26(%rip),%xmm13,%xmm13 +vpsrlq $26,%xmm9,%xmm0 +vpaddq %xmm0,%xmm10,%xmm10 +vpand m26(%rip),%xmm9,%xmm9 +vpsrlq $25,%xmm14,%xmm0 +vpsllq $4,%xmm0,%xmm1 +vpaddq %xmm0,%xmm6,%xmm6 +vpsllq $1,%xmm0,%xmm0 +vpaddq %xmm0,%xmm1,%xmm1 +vpaddq %xmm1,%xmm6,%xmm6 +vpand m25(%rip),%xmm14,%xmm14 +vpsrlq $25,%xmm10,%xmm0 +vpaddq %xmm0,%xmm11,%xmm11 +vpand m25(%rip),%xmm10,%xmm10 +vpsrlq $26,%xmm6,%xmm0 +vpaddq %xmm0,%xmm5,%xmm5 +vpand m26(%rip),%xmm6,%xmm6 +vpunpckhqdq %xmm5,%xmm6,%xmm1 +vpunpcklqdq %xmm5,%xmm6,%xmm0 +vpunpckhqdq %xmm8,%xmm7,%xmm3 +vpunpcklqdq %xmm8,%xmm7,%xmm2 +vpunpckhqdq %xmm10,%xmm9,%xmm5 +vpunpcklqdq %xmm10,%xmm9,%xmm4 +vpunpckhqdq %xmm12,%xmm11,%xmm7 +vpunpcklqdq %xmm12,%xmm11,%xmm6 +vpunpckhqdq %xmm14,%xmm13,%xmm9 +vpunpcklqdq %xmm14,%xmm13,%xmm8 +cmp $0,%rdx +jne ._ladder_base_loop +vmovdqu %xmm1,80(%rdi) +vmovdqu %xmm0,0(%rdi) +vmovdqu %xmm3,96(%rdi) +vmovdqu %xmm2,16(%rdi) +vmovdqu %xmm5,112(%rdi) +vmovdqu %xmm4,32(%rdi) +vmovdqu %xmm7,128(%rdi) +vmovdqu %xmm6,48(%rdi) +vmovdqu %xmm9,144(%rdi) +vmovdqu %xmm8,64(%rdi) +movq 1536(%rsp),%r11 +movq 1544(%rsp),%r12 +movq 1552(%rsp),%r13 +add %r11,%rsp +ret + +#endif + +.globl ladder_base_S_dummy diff --git a/sodium/sodium_sandy2x_ladder_base.h b/sodium/sodium_sandy2x_ladder_base.h new file mode 100644 index 00000000..3b881c85 --- /dev/null +++ b/sodium/sodium_sandy2x_ladder_base.h @@ -0,0 +1,18 @@ +#ifndef ladder_base_H +#define ladder_base_H + +#ifdef __cplusplus +extern "C" { +#endif + +#include "sodium_sandy2x_fe.h" +#include "sodium_sandy2x_ladder_base_namespace.h" + +extern void ladder_base(fe *, const unsigned char *); + +#ifdef __cplusplus +} +#endif + +#endif /* ifndef ladder_base_H */ + diff --git a/sodium/sodium_sandy2x_ladder_base_namespace.h b/sodium/sodium_sandy2x_ladder_base_namespace.h new file mode 100644 index 00000000..304546a1 --- /dev/null +++ b/sodium/sodium_sandy2x_ladder_base_namespace.h @@ -0,0 +1,8 @@ +#ifndef ladder_base_namespace_H +#define ladder_base_namespace_H + +#define ladder_base crypto_scalarmult_curve25519_sandy2x_ladder_base +#define _ladder_base _crypto_scalarmult_curve25519_sandy2x_ladder_base + +#endif /* ifndef ladder_base_namespace_H */ + diff --git a/sodium/sodium_sandy2x_ladder_namespace.h b/sodium/sodium_sandy2x_ladder_namespace.h new file mode 100644 index 00000000..6637074b --- /dev/null +++ b/sodium/sodium_sandy2x_ladder_namespace.h @@ -0,0 +1,8 @@ +#ifndef ladder_namespace_H +#define ladder_namespace_H + +#define ladder crypto_scalarmult_curve25519_sandy2x_ladder +#define _ladder _crypto_scalarmult_curve25519_sandy2x_ladder + +#endif /* ifndef ladder_namespace_H */ + diff --git a/sodium/sodium_scalarmult_curve25519.c b/sodium/sodium_scalarmult_curve25519.c new file mode 100644 index 00000000..fa158860 --- /dev/null +++ b/sodium/sodium_scalarmult_curve25519.c @@ -0,0 +1,68 @@ + +#include "sodium_crypto_scalarmult_curve25519.h" +#include "sodium_private_implementations.h" +#include "sodium_private_common.h" +#include "sodium_scalarmult_curve25519.h" +#include "sodium_runtime.h" +#include + +#ifdef HAVE_AVX_ASM +# include "sodium_sandy2x_curve25519.h" +#endif +#include "sodium_ref10_x25519.h" +static const crypto_scalarmult_curve25519_implementation *implementation = + &crypto_scalarmult_curve25519_ref10_implementation; + +int +crypto_scalarmult_curve25519(unsigned char *q, const unsigned char *n, + const unsigned char *p) +{ + size_t i; + volatile unsigned char d = 0; + + if (implementation->mult(q, n, p) != 0) { + return -1; /* LCOV_EXCL_LINE */ + } + for (i = 0; i < crypto_scalarmult_curve25519_BYTES; i++) { + d |= q[i]; + } + return -(1 & ((d - 1) >> 8)); +} + +int +crypto_scalarmult_curve25519_base(unsigned char *q, const unsigned char *n) +{ + return implementation->mult_base(q, n); +} + +size_t +crypto_scalarmult_curve25519_bytes(void) +{ + return crypto_scalarmult_curve25519_BYTES; +} + +size_t +crypto_scalarmult_curve25519_scalarbytes(void) +{ + return crypto_scalarmult_curve25519_SCALARBYTES; +} + +int +_crypto_scalarmult_curve25519_pick_best_implementation(void) +{ + implementation = &crypto_scalarmult_curve25519_ref10_implementation; + +#ifdef HAVE_AVX_ASM + if (sodium_runtime_has_avx()) { + #if NETCODE_CRYPTO_LOGS + printf( "curve25519 -> avx\n" ); + #endif // #if NETCODE_CRYPTO_LOGS + implementation = &crypto_scalarmult_curve25519_sandy2x_implementation; + return 0; + } +#endif + #if NETCODE_CRYPTO_LOGS + printf( "curve25519 -> ref\n" ); + #endif // #if NETCODE_CRYPTO_LOGS + return 0; +} diff --git a/sodium/sodium_scalarmult_curve25519.h b/sodium/sodium_scalarmult_curve25519.h new file mode 100644 index 00000000..66edbf6a --- /dev/null +++ b/sodium/sodium_scalarmult_curve25519.h @@ -0,0 +1,11 @@ + +#ifndef scalarmult_poly1305_H +#define scalarmult_poly1305_H + +typedef struct crypto_scalarmult_curve25519_implementation { + int (*mult)(unsigned char *q, const unsigned char *n, + const unsigned char *p); + int (*mult_base)(unsigned char *q, const unsigned char *n); +} crypto_scalarmult_curve25519_implementation; + +#endif diff --git a/sodium/sodium_secretbox_xchacha20poly1305.c b/sodium/sodium_secretbox_xchacha20poly1305.c new file mode 100644 index 00000000..35fd125b --- /dev/null +++ b/sodium/sodium_secretbox_xchacha20poly1305.c @@ -0,0 +1,177 @@ + +#include +#include +#include +#include +#include + +#include "sodium_core.h" +#include "sodium_crypto_core_hchacha20.h" +#include "sodium_crypto_onetimeauth_poly1305.h" +#include "sodium_crypto_secretbox_xchacha20poly1305.h" +#include "sodium_crypto_stream_chacha20.h" +#include "sodium_private_common.h" +#include "sodium_utils.h" + +#define crypto_secretbox_xchacha20poly1305_ZEROBYTES 32U + +int +crypto_secretbox_xchacha20poly1305_detached(unsigned char *c, + unsigned char *mac, + const unsigned char *m, + unsigned long long mlen, + const unsigned char *n, + const unsigned char *k) +{ + crypto_onetimeauth_poly1305_state state; + unsigned char block0[64U]; + unsigned char subkey[crypto_stream_chacha20_KEYBYTES]; + unsigned long long i; + unsigned long long mlen0; + + crypto_core_hchacha20(subkey, n, k, NULL); + + if (((uintptr_t) c > (uintptr_t) m && + (uintptr_t) c - (uintptr_t) m < mlen) || + ((uintptr_t) m > (uintptr_t) c && + (uintptr_t) m - (uintptr_t) c < mlen)) { /* LCOV_EXCL_LINE */ + memmove(c, m, mlen); + m = c; + } + memset(block0, 0U, crypto_secretbox_xchacha20poly1305_ZEROBYTES); + COMPILER_ASSERT(64U >= crypto_secretbox_xchacha20poly1305_ZEROBYTES); + mlen0 = mlen; + if (mlen0 > 64U - crypto_secretbox_xchacha20poly1305_ZEROBYTES) { + mlen0 = 64U - crypto_secretbox_xchacha20poly1305_ZEROBYTES; + } + for (i = 0U; i < mlen0; i++) { + block0[i + crypto_secretbox_xchacha20poly1305_ZEROBYTES] = m[i]; + } + crypto_stream_chacha20_xor(block0, block0, + mlen0 + crypto_secretbox_xchacha20poly1305_ZEROBYTES, + n + 16, subkey); + COMPILER_ASSERT(crypto_secretbox_xchacha20poly1305_ZEROBYTES >= + crypto_onetimeauth_poly1305_KEYBYTES); + crypto_onetimeauth_poly1305_init(&state, block0); + + for (i = 0U; i < mlen0; i++) { + c[i] = block0[crypto_secretbox_xchacha20poly1305_ZEROBYTES + i]; + } + sodium_memzero(block0, sizeof block0); + if (mlen > mlen0) { + crypto_stream_chacha20_xor_ic(c + mlen0, m + mlen0, mlen - mlen0, + n + 16, 1U, subkey); + } + sodium_memzero(subkey, sizeof subkey); + + crypto_onetimeauth_poly1305_update(&state, c, mlen); + crypto_onetimeauth_poly1305_final(&state, mac); + sodium_memzero(&state, sizeof state); + + return 0; +} + +int +crypto_secretbox_xchacha20poly1305_easy(unsigned char *c, + const unsigned char *m, + unsigned long long mlen, + const unsigned char *n, + const unsigned char *k) +{ + if (mlen > crypto_secretbox_xchacha20poly1305_MESSAGEBYTES_MAX) { + sodium_misuse(); + } + return crypto_secretbox_xchacha20poly1305_detached + (c + crypto_secretbox_xchacha20poly1305_MACBYTES, c, m, mlen, n, k); +} + +int +crypto_secretbox_xchacha20poly1305_open_detached(unsigned char *m, + const unsigned char *c, + const unsigned char *mac, + unsigned long long clen, + const unsigned char *n, + const unsigned char *k) +{ + unsigned char block0[64U]; + unsigned char subkey[crypto_stream_chacha20_KEYBYTES]; + unsigned long long i; + unsigned long long mlen0; + + crypto_core_hchacha20(subkey, n, k, NULL); + crypto_stream_chacha20(block0, crypto_stream_chacha20_KEYBYTES, + n + 16, subkey); + if (crypto_onetimeauth_poly1305_verify(mac, c, clen, block0) != 0) { + sodium_memzero(subkey, sizeof subkey); + return -1; + } + if (m == NULL) { + return 0; + } + if (((uintptr_t) c >= (uintptr_t) m && + (uintptr_t) c - (uintptr_t) m < clen) || + ((uintptr_t) m >= (uintptr_t) c && + (uintptr_t) m - (uintptr_t) c < clen)) { /* LCOV_EXCL_LINE */ + memmove(m, c, clen); + c = m; + } + mlen0 = clen; + if (mlen0 > 64U - crypto_secretbox_xchacha20poly1305_ZEROBYTES) { + mlen0 = 64U - crypto_secretbox_xchacha20poly1305_ZEROBYTES; + } + for (i = 0U; i < mlen0; i++) { + block0[crypto_secretbox_xchacha20poly1305_ZEROBYTES + i] = c[i]; + } + crypto_stream_chacha20_xor(block0, block0, + crypto_secretbox_xchacha20poly1305_ZEROBYTES + mlen0, + n + 16, subkey); + for (i = 0U; i < mlen0; i++) { + m[i] = block0[i + crypto_secretbox_xchacha20poly1305_ZEROBYTES]; + } + if (clen > mlen0) { + crypto_stream_chacha20_xor_ic(m + mlen0, c + mlen0, clen - mlen0, + n + 16, 1U, subkey); + } + sodium_memzero(subkey, sizeof subkey); + + return 0; +} + +int +crypto_secretbox_xchacha20poly1305_open_easy(unsigned char *m, + const unsigned char *c, + unsigned long long clen, + const unsigned char *n, + const unsigned char *k) +{ + if (clen < crypto_secretbox_xchacha20poly1305_MACBYTES) { + return -1; + } + return crypto_secretbox_xchacha20poly1305_open_detached + (m, c + crypto_secretbox_xchacha20poly1305_MACBYTES, c, + clen - crypto_secretbox_xchacha20poly1305_MACBYTES, n, k); +} + +size_t +crypto_secretbox_xchacha20poly1305_keybytes(void) +{ + return crypto_secretbox_xchacha20poly1305_KEYBYTES; +} + +size_t +crypto_secretbox_xchacha20poly1305_noncebytes(void) +{ + return crypto_secretbox_xchacha20poly1305_NONCEBYTES; +} + +size_t +crypto_secretbox_xchacha20poly1305_macbytes(void) +{ + return crypto_secretbox_xchacha20poly1305_MACBYTES; +} + +size_t +crypto_secretbox_xchacha20poly1305_messagebytes_max(void) +{ + return crypto_secretbox_xchacha20poly1305_MESSAGEBYTES_MAX; +} diff --git a/sodium/sodium_secretbox_xsalsa20poly1305.c b/sodium/sodium_secretbox_xsalsa20poly1305.c new file mode 100644 index 00000000..825dc5b1 --- /dev/null +++ b/sodium/sodium_secretbox_xsalsa20poly1305.c @@ -0,0 +1,89 @@ +#include "sodium_crypto_onetimeauth_poly1305.h" +#include "sodium_crypto_secretbox_xsalsa20poly1305.h" +#include "sodium_crypto_stream_xsalsa20.h" +#include "sodium_randombytes.h" + +int +crypto_secretbox_xsalsa20poly1305(unsigned char *c, const unsigned char *m, + unsigned long long mlen, + const unsigned char *n, + const unsigned char *k) +{ + int i; + + if (mlen < 32) { + return -1; + } + crypto_stream_xsalsa20_xor(c, m, mlen, n, k); + crypto_onetimeauth_poly1305(c + 16, c + 32, mlen - 32, c); + for (i = 0; i < 16; ++i) { + c[i] = 0; + } + return 0; +} + +int +crypto_secretbox_xsalsa20poly1305_open(unsigned char *m, const unsigned char *c, + unsigned long long clen, + const unsigned char *n, + const unsigned char *k) +{ + unsigned char subkey[32]; + int i; + + if (clen < 32) { + return -1; + } + crypto_stream_xsalsa20(subkey, 32, n, k); + if (crypto_onetimeauth_poly1305_verify(c + 16, c + 32, + clen - 32, subkey) != 0) { + return -1; + } + crypto_stream_xsalsa20_xor(m, c, clen, n, k); + for (i = 0; i < 32; ++i) { + m[i] = 0; + } + return 0; +} + +size_t +crypto_secretbox_xsalsa20poly1305_keybytes(void) +{ + return crypto_secretbox_xsalsa20poly1305_KEYBYTES; +} + +size_t +crypto_secretbox_xsalsa20poly1305_noncebytes(void) +{ + return crypto_secretbox_xsalsa20poly1305_NONCEBYTES; +} + +size_t +crypto_secretbox_xsalsa20poly1305_zerobytes(void) +{ + return crypto_secretbox_xsalsa20poly1305_ZEROBYTES; +} + +size_t +crypto_secretbox_xsalsa20poly1305_boxzerobytes(void) +{ + return crypto_secretbox_xsalsa20poly1305_BOXZEROBYTES; +} + +size_t +crypto_secretbox_xsalsa20poly1305_macbytes(void) +{ + return crypto_secretbox_xsalsa20poly1305_MACBYTES; +} + +size_t +crypto_secretbox_xsalsa20poly1305_messagebytes_max(void) +{ + return crypto_secretbox_xsalsa20poly1305_MESSAGEBYTES_MAX; +} + +void +crypto_secretbox_xsalsa20poly1305_keygen(unsigned char k[crypto_secretbox_xsalsa20poly1305_KEYBYTES]) +{ + randombytes_buf(k, crypto_secretbox_xsalsa20poly1305_KEYBYTES); +} diff --git a/sodium/sodium_sign_ed25519.c b/sodium/sodium_sign_ed25519.c new file mode 100644 index 00000000..54f93374 --- /dev/null +++ b/sodium/sodium_sign_ed25519.c @@ -0,0 +1,97 @@ + +#include + +#include "sodium_crypto_hash_sha512.h" +#include "sodium_crypto_sign_ed25519.h" +#include "sodium_ref10_sign_ed25519.h" + +size_t +crypto_sign_ed25519ph_statebytes(void) +{ + return sizeof(crypto_sign_ed25519ph_state); +} + +size_t +crypto_sign_ed25519_bytes(void) +{ + return crypto_sign_ed25519_BYTES; +} + +size_t +crypto_sign_ed25519_seedbytes(void) +{ + return crypto_sign_ed25519_SEEDBYTES; +} + +size_t +crypto_sign_ed25519_publickeybytes(void) +{ + return crypto_sign_ed25519_PUBLICKEYBYTES; +} + +size_t +crypto_sign_ed25519_secretkeybytes(void) +{ + return crypto_sign_ed25519_SECRETKEYBYTES; +} + +size_t +crypto_sign_ed25519_messagebytes_max(void) +{ + return crypto_sign_ed25519_MESSAGEBYTES_MAX; +} + +int +crypto_sign_ed25519_sk_to_seed(unsigned char *seed, const unsigned char *sk) +{ + memmove(seed, sk, crypto_sign_ed25519_SEEDBYTES); + + return 0; +} + +int +crypto_sign_ed25519_sk_to_pk(unsigned char *pk, const unsigned char *sk) +{ + memmove(pk, sk + crypto_sign_ed25519_SEEDBYTES, + crypto_sign_ed25519_PUBLICKEYBYTES); + return 0; +} + +int +crypto_sign_ed25519ph_init(crypto_sign_ed25519ph_state *state) +{ + crypto_hash_sha512_init(&state->hs); + return 0; +} + +int +crypto_sign_ed25519ph_update(crypto_sign_ed25519ph_state *state, + const unsigned char *m, unsigned long long mlen) +{ + return crypto_hash_sha512_update(&state->hs, m, mlen); +} + +int +crypto_sign_ed25519ph_final_create(crypto_sign_ed25519ph_state *state, + unsigned char *sig, + unsigned long long *siglen_p, + const unsigned char *sk) +{ + unsigned char ph[crypto_hash_sha512_BYTES]; + + crypto_hash_sha512_final(&state->hs, ph); + + return _crypto_sign_ed25519_detached(sig, siglen_p, ph, sizeof ph, sk, 1); +} + +int +crypto_sign_ed25519ph_final_verify(crypto_sign_ed25519ph_state *state, + const unsigned char *sig, + const unsigned char *pk) +{ + unsigned char ph[crypto_hash_sha512_BYTES]; + + crypto_hash_sha512_final(&state->hs, ph); + + return _crypto_sign_ed25519_verify_detached(sig, ph, sizeof ph, pk, 1); +} diff --git a/sodium/sodium_stream_chacha20.c b/sodium/sodium_stream_chacha20.c new file mode 100644 index 00000000..1214071e --- /dev/null +++ b/sodium/sodium_stream_chacha20.c @@ -0,0 +1,194 @@ +#include "sodium_crypto_stream_chacha20.h" +#include "sodium_core.h" +#include "sodium_private_chacha20_ietf_ext.h" +#include "sodium_private_common.h" +#include "sodium_private_implementations.h" +#include "sodium_randombytes.h" +#include "sodium_runtime.h" +#include "sodium_stream_chacha20.h" +#include + +#include "sodium_chacha20-ref.h" +#if defined(HAVE_AVX2INTRIN_H) && defined(HAVE_EMMINTRIN_H) && \ + defined(HAVE_TMMINTRIN_H) && defined(HAVE_SMMINTRIN_H) +# include "sodium_dolbeau_chacha20-avx2.h" +#endif +#if defined(HAVE_EMMINTRIN_H) && defined(HAVE_TMMINTRIN_H) +# include "sodium_dolbeau_chacha20-ssse3.h" +#endif + +static const crypto_stream_chacha20_implementation *implementation = + &crypto_stream_chacha20_ref_implementation; + +size_t +crypto_stream_chacha20_keybytes(void) { + return crypto_stream_chacha20_KEYBYTES; +} + +size_t +crypto_stream_chacha20_noncebytes(void) { + return crypto_stream_chacha20_NONCEBYTES; +} + +size_t +crypto_stream_chacha20_messagebytes_max(void) +{ + return crypto_stream_chacha20_MESSAGEBYTES_MAX; +} + +size_t +crypto_stream_chacha20_ietf_keybytes(void) { + return crypto_stream_chacha20_ietf_KEYBYTES; +} + +size_t +crypto_stream_chacha20_ietf_noncebytes(void) { + return crypto_stream_chacha20_ietf_NONCEBYTES; +} + +size_t +crypto_stream_chacha20_ietf_messagebytes_max(void) +{ + return crypto_stream_chacha20_ietf_MESSAGEBYTES_MAX; +} + +int +crypto_stream_chacha20(unsigned char *c, unsigned long long clen, + const unsigned char *n, const unsigned char *k) +{ + if (clen > crypto_stream_chacha20_MESSAGEBYTES_MAX) { + sodium_misuse(); + } + return implementation->stream(c, clen, n, k); +} + +int +crypto_stream_chacha20_xor_ic(unsigned char *c, const unsigned char *m, + unsigned long long mlen, + const unsigned char *n, uint64_t ic, + const unsigned char *k) +{ + if (mlen > crypto_stream_chacha20_MESSAGEBYTES_MAX) { + sodium_misuse(); + } + return implementation->stream_xor_ic(c, m, mlen, n, ic, k); +} + +int +crypto_stream_chacha20_xor(unsigned char *c, const unsigned char *m, + unsigned long long mlen, const unsigned char *n, + const unsigned char *k) +{ + if (mlen > crypto_stream_chacha20_MESSAGEBYTES_MAX) { + sodium_misuse(); + } + return implementation->stream_xor_ic(c, m, mlen, n, 0U, k); +} + +int +crypto_stream_chacha20_ietf_ext(unsigned char *c, unsigned long long clen, + const unsigned char *n, const unsigned char *k) +{ + if (clen > crypto_stream_chacha20_MESSAGEBYTES_MAX) { + sodium_misuse(); + } + return implementation->stream_ietf_ext(c, clen, n, k); +} + +int +crypto_stream_chacha20_ietf_ext_xor_ic(unsigned char *c, const unsigned char *m, + unsigned long long mlen, + const unsigned char *n, uint32_t ic, + const unsigned char *k) +{ + if (mlen > crypto_stream_chacha20_MESSAGEBYTES_MAX) { + sodium_misuse(); + } + return implementation->stream_ietf_ext_xor_ic(c, m, mlen, n, ic, k); +} + +static int +crypto_stream_chacha20_ietf_ext_xor(unsigned char *c, const unsigned char *m, + unsigned long long mlen, const unsigned char *n, + const unsigned char *k) +{ + if (mlen > crypto_stream_chacha20_MESSAGEBYTES_MAX) { + sodium_misuse(); + } + return implementation->stream_ietf_ext_xor_ic(c, m, mlen, n, 0U, k); +} + +int +crypto_stream_chacha20_ietf(unsigned char *c, unsigned long long clen, + const unsigned char *n, const unsigned char *k) +{ + if (clen > crypto_stream_chacha20_ietf_MESSAGEBYTES_MAX) { + sodium_misuse(); + } + return crypto_stream_chacha20_ietf_ext(c, clen, n, k); +} + +int +crypto_stream_chacha20_ietf_xor_ic(unsigned char *c, const unsigned char *m, + unsigned long long mlen, + const unsigned char *n, uint32_t ic, + const unsigned char *k) +{ + if ((unsigned long long) ic > + (64ULL * (1ULL << 32)) / 64ULL - (mlen + 63ULL) / 64ULL) { + sodium_misuse(); + } + return crypto_stream_chacha20_ietf_ext_xor_ic(c, m, mlen, n, ic, k); +} + +int +crypto_stream_chacha20_ietf_xor(unsigned char *c, const unsigned char *m, + unsigned long long mlen, const unsigned char *n, + const unsigned char *k) +{ + if (mlen > crypto_stream_chacha20_ietf_MESSAGEBYTES_MAX) { + sodium_misuse(); + } + return crypto_stream_chacha20_ietf_ext_xor(c, m, mlen, n, k); +} + +void +crypto_stream_chacha20_ietf_keygen(unsigned char k[crypto_stream_chacha20_ietf_KEYBYTES]) +{ + randombytes_buf(k, crypto_stream_chacha20_ietf_KEYBYTES); +} + +void +crypto_stream_chacha20_keygen(unsigned char k[crypto_stream_chacha20_KEYBYTES]) +{ + randombytes_buf(k, crypto_stream_chacha20_KEYBYTES); +} + +int +_crypto_stream_chacha20_pick_best_implementation(void) +{ + implementation = &crypto_stream_chacha20_ref_implementation; +#if defined(HAVE_AVX2INTRIN_H) && defined(HAVE_EMMINTRIN_H) && \ + defined(HAVE_TMMINTRIN_H) && defined(HAVE_SMMINTRIN_H) + if (sodium_runtime_has_avx2()) { + #if NETCODE_CRYPTO_LOGS + printf( "chacha20 -> avx2\n" ); + #endif // #if NETCODE_CRYPTO_LOGS + implementation = &crypto_stream_chacha20_dolbeau_avx2_implementation; + return 0; + } +#endif +#if defined(HAVE_EMMINTRIN_H) && defined(HAVE_TMMINTRIN_H) + if (sodium_runtime_has_ssse3()) { + #if NETCODE_CRYPTO_LOGS + printf( "chacha20 -> ssse3\n" ); + #endif // #if NETCODE_CRYPTO_LOGS + implementation = &crypto_stream_chacha20_dolbeau_ssse3_implementation; + return 0; + } +#endif + #if NETCODE_CRYPTO_LOGS + printf( "chacha20 -> ref\n" ); + #endif // #if NETCODE_CRYPTO_LOGS + return 0; +} diff --git a/sodium/sodium_stream_chacha20.h b/sodium/sodium_stream_chacha20.h new file mode 100644 index 00000000..40f782f4 --- /dev/null +++ b/sodium/sodium_stream_chacha20.h @@ -0,0 +1,22 @@ + +#ifndef stream_chacha20_H +#define stream_chacha20_H + +#include + +typedef struct crypto_stream_chacha20_implementation { + int (*stream)(unsigned char *c, unsigned long long clen, + const unsigned char *n, const unsigned char *k); + int (*stream_ietf_ext)(unsigned char *c, unsigned long long clen, + const unsigned char *n, const unsigned char *k); + int (*stream_xor_ic)(unsigned char *c, const unsigned char *m, + unsigned long long mlen, + const unsigned char *n, uint64_t ic, + const unsigned char *k); + int (*stream_ietf_ext_xor_ic)(unsigned char *c, const unsigned char *m, + unsigned long long mlen, + const unsigned char *n, uint32_t ic, + const unsigned char *k); +} crypto_stream_chacha20_implementation; + +#endif diff --git a/sodium/sodium_stream_salsa20.c b/sodium/sodium_stream_salsa20.c new file mode 100644 index 00000000..03c8a455 --- /dev/null +++ b/sodium/sodium_stream_salsa20.c @@ -0,0 +1,114 @@ +#include "sodium_crypto_stream_salsa20.h" +#include "sodium_private_common.h" +#include "sodium_private_implementations.h" +#include "sodium_randombytes.h" +#include "sodium_runtime.h" +#include "sodium_stream_salsa20.h" +#include + +#ifdef HAVE_AMD64_ASM +# include "sodium_salsa20-xmm6.h" +#else +# include "sodium_salsa20-ref.h" +#endif +#if !defined(HAVE_AMD64_ASM) && defined(HAVE_EMMINTRIN_H) +# include "sodium_xmm6int_salsa20-sse2.h" +#endif +#if defined(HAVE_AVX2INTRIN_H) && defined(HAVE_EMMINTRIN_H) && \ + defined(HAVE_TMMINTRIN_H) && defined(HAVE_SMMINTRIN_H) +# include "sodium_xmm6int_salsa20-avx2.h" +#endif + +#if HAVE_AMD64_ASM +static const crypto_stream_salsa20_implementation *implementation = + &crypto_stream_salsa20_xmm6_implementation; +#else +static const crypto_stream_salsa20_implementation *implementation = + &crypto_stream_salsa20_ref_implementation; +#endif + +size_t +crypto_stream_salsa20_keybytes(void) +{ + return crypto_stream_salsa20_KEYBYTES; +} + +size_t +crypto_stream_salsa20_noncebytes(void) +{ + return crypto_stream_salsa20_NONCEBYTES; +} + +size_t +crypto_stream_salsa20_messagebytes_max(void) +{ + return crypto_stream_salsa20_MESSAGEBYTES_MAX; +} + +int +crypto_stream_salsa20(unsigned char *c, unsigned long long clen, + const unsigned char *n, const unsigned char *k) +{ + return implementation->stream(c, clen, n, k); +} + +int +crypto_stream_salsa20_xor_ic(unsigned char *c, const unsigned char *m, + unsigned long long mlen, + const unsigned char *n, uint64_t ic, + const unsigned char *k) +{ + return implementation->stream_xor_ic(c, m, mlen, n, ic, k); +} + +int +crypto_stream_salsa20_xor(unsigned char *c, const unsigned char *m, + unsigned long long mlen, const unsigned char *n, + const unsigned char *k) +{ + return implementation->stream_xor_ic(c, m, mlen, n, 0U, k); +} + +void +crypto_stream_salsa20_keygen(unsigned char k[crypto_stream_salsa20_KEYBYTES]) +{ + randombytes_buf(k, crypto_stream_salsa20_KEYBYTES); +} + +int +_crypto_stream_salsa20_pick_best_implementation(void) +{ +#if defined(HAVE_AVX2INTRIN_H) && defined(HAVE_EMMINTRIN_H) && \ + defined(HAVE_TMMINTRIN_H) && defined(HAVE_SMMINTRIN_H) + if (sodium_runtime_has_avx2()) { + #if NETCODE_CRYPTO_LOGS + printf( "salsa20 -> avx2\n" ); + #endif // #if NETCODE_CRYPTO_LOGS + implementation = &crypto_stream_salsa20_xmm6int_avx2_implementation; + return 0; + } +#endif +#if !defined(HAVE_AMD64_ASM) && defined(HAVE_EMMINTRIN_H) + if (sodium_runtime_has_sse2()) { + #if NETCODE_CRYPTO_LOGS + printf( "salsa20 -> sse2\n" ); + #endif // #if NETCODE_CRYPTO_LOGS + implementation = &crypto_stream_salsa20_xmm6int_sse2_implementation; + return 0; + } +#endif + +#ifdef HAVE_AMD64_ASM + #if NETCODE_CRYPTO_LOGS + printf( "salsa20 -> xmm6\n" ); + #endif // #if NETCODE_CRYPTO_LOGS + implementation = &crypto_stream_salsa20_xmm6_implementation; +#else + #if NETCODE_CRYPTO_LOGS + printf( "salsa20 -> ref\n" ); + #endif // #if NETCODE_CRYPTO_LOGS + implementation = &crypto_stream_salsa20_ref_implementation; +#endif + + return 0; /* LCOV_EXCL_LINE */ +} diff --git a/sodium/sodium_stream_salsa20.h b/sodium/sodium_stream_salsa20.h new file mode 100644 index 00000000..1949d381 --- /dev/null +++ b/sodium/sodium_stream_salsa20.h @@ -0,0 +1,16 @@ + +#ifndef stream_salsa20_H +#define stream_salsa20_H + +#include + +typedef struct crypto_stream_salsa20_implementation { + int (*stream)(unsigned char *c, unsigned long long clen, + const unsigned char *n, const unsigned char *k); + int (*stream_xor_ic)(unsigned char *c, const unsigned char *m, + unsigned long long mlen, + const unsigned char *n, uint64_t ic, + const unsigned char *k); +} crypto_stream_salsa20_implementation; + +#endif diff --git a/sodium/sodium_stream_xchacha20.c b/sodium/sodium_stream_xchacha20.c new file mode 100644 index 00000000..a1de213a --- /dev/null +++ b/sodium/sodium_stream_xchacha20.c @@ -0,0 +1,69 @@ + +#include + +#include "sodium_crypto_core_hchacha20.h" +#include "sodium_crypto_stream_chacha20.h" +#include "sodium_crypto_stream_xchacha20.h" +#include "sodium_private_common.h" +#include "sodium_randombytes.h" + +size_t +crypto_stream_xchacha20_keybytes(void) +{ + return crypto_stream_xchacha20_KEYBYTES; +} + +size_t +crypto_stream_xchacha20_noncebytes(void) +{ + return crypto_stream_xchacha20_NONCEBYTES; +} + +size_t +crypto_stream_xchacha20_messagebytes_max(void) +{ + return crypto_stream_xchacha20_MESSAGEBYTES_MAX; +} + +int +crypto_stream_xchacha20(unsigned char *c, unsigned long long clen, + const unsigned char *n, const unsigned char *k) +{ + unsigned char k2[crypto_core_hchacha20_OUTPUTBYTES]; + + crypto_core_hchacha20(k2, n, k, NULL); + COMPILER_ASSERT(crypto_stream_chacha20_KEYBYTES <= sizeof k2); + COMPILER_ASSERT(crypto_stream_chacha20_NONCEBYTES == + crypto_stream_xchacha20_NONCEBYTES - + crypto_core_hchacha20_INPUTBYTES); + + return crypto_stream_chacha20(c, clen, n + crypto_core_hchacha20_INPUTBYTES, + k2); +} + +int +crypto_stream_xchacha20_xor_ic(unsigned char *c, const unsigned char *m, + unsigned long long mlen, const unsigned char *n, + uint64_t ic, const unsigned char *k) +{ + unsigned char k2[crypto_core_hchacha20_OUTPUTBYTES]; + + crypto_core_hchacha20(k2, n, k, NULL); + return crypto_stream_chacha20_xor_ic( + c, m, mlen, n + crypto_core_hchacha20_INPUTBYTES, ic, k2); +} + +int +crypto_stream_xchacha20_xor(unsigned char *c, const unsigned char *m, + unsigned long long mlen, const unsigned char *n, + const unsigned char *k) +{ + return crypto_stream_xchacha20_xor_ic(c, m, mlen, n, 0U, k); +} + +void +crypto_stream_xchacha20_keygen( + unsigned char k[crypto_stream_xchacha20_KEYBYTES]) +{ + randombytes_buf(k, crypto_stream_xchacha20_KEYBYTES); +} diff --git a/sodium/sodium_stream_xsalsa20.c b/sodium/sodium_stream_xsalsa20.c new file mode 100644 index 00000000..4cc109ff --- /dev/null +++ b/sodium/sodium_stream_xsalsa20.c @@ -0,0 +1,66 @@ +#include "sodium_crypto_core_hsalsa20.h" +#include "sodium_crypto_stream_salsa20.h" +#include "sodium_crypto_stream_xsalsa20.h" +#include "sodium_randombytes.h" +#include "sodium_utils.h" + +int +crypto_stream_xsalsa20(unsigned char *c, unsigned long long clen, + const unsigned char *n, const unsigned char *k) +{ + unsigned char subkey[32]; + int ret; + + crypto_core_hsalsa20(subkey, n, k, NULL); + ret = crypto_stream_salsa20(c, clen, n + 16, subkey); + sodium_memzero(subkey, sizeof subkey); + + return ret; +} + +int +crypto_stream_xsalsa20_xor_ic(unsigned char *c, const unsigned char *m, + unsigned long long mlen, const unsigned char *n, + uint64_t ic, const unsigned char *k) +{ + unsigned char subkey[32]; + int ret; + + crypto_core_hsalsa20(subkey, n, k, NULL); + ret = crypto_stream_salsa20_xor_ic(c, m, mlen, n + 16, ic, subkey); + sodium_memzero(subkey, sizeof subkey); + + return ret; +} + +int +crypto_stream_xsalsa20_xor(unsigned char *c, const unsigned char *m, + unsigned long long mlen, const unsigned char *n, + const unsigned char *k) +{ + return crypto_stream_xsalsa20_xor_ic(c, m, mlen, n, 0ULL, k); +} + +size_t +crypto_stream_xsalsa20_keybytes(void) +{ + return crypto_stream_xsalsa20_KEYBYTES; +} + +size_t +crypto_stream_xsalsa20_noncebytes(void) +{ + return crypto_stream_xsalsa20_NONCEBYTES; +} + +size_t +crypto_stream_xsalsa20_messagebytes_max(void) +{ + return crypto_stream_xsalsa20_MESSAGEBYTES_MAX; +} + +void +crypto_stream_xsalsa20_keygen(unsigned char k[crypto_stream_xsalsa20_KEYBYTES]) +{ + randombytes_buf(k, crypto_stream_xsalsa20_KEYBYTES); +} diff --git a/sodium/sodium_utils.c b/sodium/sodium_utils.c new file mode 100644 index 00000000..2d1fe5a9 --- /dev/null +++ b/sodium/sodium_utils.c @@ -0,0 +1,795 @@ +#ifndef __STDC_WANT_LIB_EXT1__ +# define __STDC_WANT_LIB_EXT1__ 1 +#endif +#include +#include +#include +#if !defined(__ORBIS__) && !defined(__PROSPERO__) +#include +#endif +#include +#include +#include +#include + +#ifdef HAVE_SYS_MMAN_H +# include +#endif + +#ifdef _WIN32 +# include +# if !defined(_XBOX_ONE) && !defined(_GAMING_XBOX) +# include +# endif +#else +# include +#endif + +#ifndef HAVE_C_VARARRAYS +# ifdef HAVE_ALLOCA_H +# include +# elif !defined(alloca) +# if defined(__clang__) || defined(__GNUC__) +# define alloca __builtin_alloca +# elif defined _AIX +# define alloca __alloca +# elif defined _MSC_VER +# include +# define alloca _alloca +# else +# include +# ifdef __cplusplus +extern "C" +# endif +void *alloca (size_t); +# endif +# endif +#endif + +#include "sodium_core.h" +#include "sodium_randombytes.h" +#include "sodium_utils.h" +#include "sodium_private_common.h" + +#ifndef ENOSYS +# define ENOSYS ENXIO +#endif + +#if defined(_WIN32) && \ + (!defined(WINAPI_FAMILY) || WINAPI_FAMILY == WINAPI_FAMILY_DESKTOP_APP) +# define WINAPI_DESKTOP +#endif + +#define CANARY_SIZE 16U +#define GARBAGE_VALUE 0xdb + +#ifndef MAP_NOCORE +# define MAP_NOCORE 0 +#endif +#if !defined(MAP_ANON) && defined(MAP_ANONYMOUS) +# define MAP_ANON MAP_ANONYMOUS +#endif +#if defined(WINAPI_DESKTOP) || (defined(MAP_ANON) && defined(HAVE_MMAP)) || \ + defined(HAVE_POSIX_MEMALIGN) +# define HAVE_ALIGNED_MALLOC +#endif +#if defined(HAVE_MPROTECT) && \ + !(defined(PROT_NONE) && defined(PROT_READ) && defined(PROT_WRITE)) +# undef HAVE_MPROTECT +#endif +#if defined(HAVE_ALIGNED_MALLOC) && \ + (defined(WINAPI_DESKTOP) || defined(HAVE_MPROTECT)) +# define HAVE_PAGE_PROTECTION +#endif +#if !defined(MADV_DODUMP) && defined(MADV_CORE) +# define MADV_DODUMP MADV_CORE +# define MADV_DONTDUMP MADV_NOCORE +#endif + +#ifdef HAVE_ALIGNED_MALLOC +static size_t page_size; +#endif // #if HAVE_ALIGNED_MALLOC +static unsigned char canary[CANARY_SIZE]; + +/* LCOV_EXCL_START */ +#ifdef HAVE_WEAK_SYMBOLS +__attribute__((weak)) void +_sodium_dummy_symbol_to_prevent_memzero_lto(void *const pnt, + const size_t len); +__attribute__((weak)) void +_sodium_dummy_symbol_to_prevent_memzero_lto(void *const pnt, + const size_t len) +{ + (void) pnt; /* LCOV_EXCL_LINE */ + (void) len; /* LCOV_EXCL_LINE */ +} +#endif +/* LCOV_EXCL_STOP */ + +void +sodium_memzero(void *const pnt, const size_t len) +{ +#ifdef _WIN32 + SecureZeroMemory(pnt, len); +#elif defined(HAVE_MEMSET_S) + if (len > 0U && memset_s(pnt, (rsize_t) len, 0, (rsize_t) len) != 0) { + sodium_misuse(); /* LCOV_EXCL_LINE */ + } +#elif defined(HAVE_EXPLICIT_BZERO) + explicit_bzero(pnt, len); +#elif defined(HAVE_EXPLICIT_MEMSET) + explicit_memset(pnt, 0, len); +#elif HAVE_WEAK_SYMBOLS + memset(pnt, 0, len); + _sodium_dummy_symbol_to_prevent_memzero_lto(pnt, len); +# ifdef HAVE_INLINE_ASM + __asm__ __volatile__ ("" : : "r"(pnt) : "memory"); +# endif +#else + volatile unsigned char *volatile pnt_ = + (volatile unsigned char *volatile) pnt; + size_t i = (size_t) 0U; + + while (i < len) { + pnt_[i++] = 0U; + } +#endif +} + +void +sodium_stackzero(const size_t len) +{ + (void) len; +#ifdef HAVE_C_VARARRAYS + unsigned char fodder[len]; + sodium_memzero(fodder, len); +#elif HAVE_ALLOCA + sodium_memzero(alloca(len), len); +#endif +} + +#ifdef HAVE_WEAK_SYMBOLS +__attribute__((weak)) void +_sodium_dummy_symbol_to_prevent_memcmp_lto(const unsigned char *b1, + const unsigned char *b2, + const size_t len); +__attribute__((weak)) void +_sodium_dummy_symbol_to_prevent_memcmp_lto(const unsigned char *b1, + const unsigned char *b2, + const size_t len) +{ + (void) b1; + (void) b2; + (void) len; +} +#endif + +int +sodium_memcmp(const void *const b1_, const void *const b2_, size_t len) +{ +#ifdef HAVE_WEAK_SYMBOLS + const unsigned char *b1 = (const unsigned char *) b1_; + const unsigned char *b2 = (const unsigned char *) b2_; +#else + const volatile unsigned char * b1 = + (const volatile unsigned char *) b1_; + const volatile unsigned char *volatile b2 = + (const volatile unsigned char *) b2_; +#endif + size_t i; + volatile unsigned char d = 0U; + +#if HAVE_WEAK_SYMBOLS + _sodium_dummy_symbol_to_prevent_memcmp_lto(b1, b2, len); +#endif + for (i = 0U; i < len; i++) { + d |= b1[i] ^ b2[i]; + } + return (1 & ((d - 1) >> 8)) - 1; +} + +#ifdef HAVE_WEAK_SYMBOLS +__attribute__((weak)) void +_sodium_dummy_symbol_to_prevent_compare_lto(const unsigned char *b1, + const unsigned char *b2, + const size_t len); +__attribute__((weak)) void +_sodium_dummy_symbol_to_prevent_compare_lto(const unsigned char *b1, + const unsigned char *b2, + const size_t len) +{ + (void) b1; + (void) b2; + (void) len; +} +#endif + +int +sodium_compare(const unsigned char *b1_, const unsigned char *b2_, size_t len) +{ +#ifdef HAVE_WEAK_SYMBOLS + const unsigned char *b1 = b1_; + const unsigned char *b2 = b2_; +#else + const volatile unsigned char * b1 = + (const volatile unsigned char *) b1_; + const volatile unsigned char * b2 = + (const volatile unsigned char *) b2_; +#endif + size_t i; + volatile unsigned char gt = 0U; + volatile unsigned char eq = 1U; + uint16_t x1, x2; + +#if HAVE_WEAK_SYMBOLS + _sodium_dummy_symbol_to_prevent_compare_lto(b1, b2, len); +#endif + i = len; + while (i != 0U) { + i--; + x1 = b1[i]; + x2 = b2[i]; + gt |= ((x2 - x1) >> 8) & eq; + eq &= ((x2 ^ x1) - 1) >> 8; + } + return (int) (gt + gt + eq) - 1; +} + +int +sodium_is_zero(const unsigned char *n, const size_t nlen) +{ + size_t i; + volatile unsigned char d = 0U; + + for (i = 0U; i < nlen; i++) { + d |= n[i]; + } + return 1 & ((d - 1) >> 8); +} + +void +sodium_increment(unsigned char *n, const size_t nlen) +{ + size_t i = 0U; + uint_fast16_t c = 1U; + +#ifdef HAVE_AMD64_ASM + uint64_t t64, t64_2; + uint32_t t32; + + if (nlen == 12U) { + __asm__ __volatile__( + "xorq %[t64], %[t64] \n" + "xorl %[t32], %[t32] \n" + "stc \n" + "adcq %[t64], (%[out]) \n" + "adcl %[t32], 8(%[out]) \n" + : [t64] "=&r"(t64), [t32] "=&r"(t32) + : [out] "D"(n) + : "memory", "flags", "cc"); + return; + } else if (nlen == 24U) { + __asm__ __volatile__( + "movq $1, %[t64] \n" + "xorq %[t64_2], %[t64_2] \n" + "addq %[t64], (%[out]) \n" + "adcq %[t64_2], 8(%[out]) \n" + "adcq %[t64_2], 16(%[out]) \n" + : [t64] "=&r"(t64), [t64_2] "=&r"(t64_2) + : [out] "D"(n) + : "memory", "flags", "cc"); + return; + } else if (nlen == 8U) { + __asm__ __volatile__("incq (%[out]) \n" + : + : [out] "D"(n) + : "memory", "flags", "cc"); + return; + } +#endif + for (; i < nlen; i++) { + c += (uint_fast16_t) n[i]; + n[i] = (unsigned char) c; + c >>= 8; + } +} + +void +sodium_add(unsigned char *a, const unsigned char *b, const size_t len) +{ + size_t i; + uint_fast16_t c = 0U; + +#ifdef HAVE_AMD64_ASM + uint64_t t64, t64_2, t64_3; + uint32_t t32; + + if (len == 12U) { + __asm__ __volatile__( + "movq (%[in]), %[t64] \n" + "movl 8(%[in]), %[t32] \n" + "addq %[t64], (%[out]) \n" + "adcl %[t32], 8(%[out]) \n" + : [t64] "=&r"(t64), [t32] "=&r"(t32) + : [in] "S"(b), [out] "D"(a) + : "memory", "flags", "cc"); + return; + } else if (len == 24U) { + __asm__ __volatile__( + "movq (%[in]), %[t64] \n" + "movq 8(%[in]), %[t64_2] \n" + "movq 16(%[in]), %[t64_3] \n" + "addq %[t64], (%[out]) \n" + "adcq %[t64_2], 8(%[out]) \n" + "adcq %[t64_3], 16(%[out]) \n" + : [t64] "=&r"(t64), [t64_2] "=&r"(t64_2), [t64_3] "=&r"(t64_3) + : [in] "S"(b), [out] "D"(a) + : "memory", "flags", "cc"); + return; + } else if (len == 8U) { + __asm__ __volatile__( + "movq (%[in]), %[t64] \n" + "addq %[t64], (%[out]) \n" + : [t64] "=&r"(t64) + : [in] "S"(b), [out] "D"(a) + : "memory", "flags", "cc"); + return; + } +#endif + for (i = 0U; i < len; i++) { + c += (uint_fast16_t) a[i] + (uint_fast16_t) b[i]; + a[i] = (unsigned char) c; + c >>= 8; + } +} + +void +sodium_sub(unsigned char *a, const unsigned char *b, const size_t len) +{ + uint_fast16_t c = 0U; + size_t i; + +#ifdef HAVE_AMD64_ASM + uint64_t t64_1, t64_2, t64_3, t64_4; + uint64_t t64_5, t64_6, t64_7, t64_8; + uint32_t t32; + + if (len == 64U) { + __asm__ __volatile__( + "movq (%[in]), %[t64_1] \n" + "movq 8(%[in]), %[t64_2] \n" + "movq 16(%[in]), %[t64_3] \n" + "movq 24(%[in]), %[t64_4] \n" + "movq 32(%[in]), %[t64_5] \n" + "movq 40(%[in]), %[t64_6] \n" + "movq 48(%[in]), %[t64_7] \n" + "movq 56(%[in]), %[t64_8] \n" + "subq %[t64_1], (%[out]) \n" + "sbbq %[t64_2], 8(%[out]) \n" + "sbbq %[t64_3], 16(%[out]) \n" + "sbbq %[t64_4], 24(%[out]) \n" + "sbbq %[t64_5], 32(%[out]) \n" + "sbbq %[t64_6], 40(%[out]) \n" + "sbbq %[t64_7], 48(%[out]) \n" + "sbbq %[t64_8], 56(%[out]) \n" + : [t64_1] "=&r"(t64_1), [t64_2] "=&r"(t64_2), [t64_3] "=&r"(t64_3), [t64_4] "=&r"(t64_4), + [t64_5] "=&r"(t64_5), [t64_6] "=&r"(t64_6), [t64_7] "=&r"(t64_7), [t64_8] "=&r"(t64_8) + : [in] "S"(b), [out] "D"(a) + : "memory", "flags", "cc"); + return; + } +#endif + for (i = 0U; i < len; i++) { + c = (uint_fast16_t) a[i] - (uint_fast16_t) b[i] - c; + a[i] = (unsigned char) c; + c = (c >> 8) & 1U; + } +} + +int +_sodium_alloc_init(void) +{ +#ifdef HAVE_ALIGNED_MALLOC +# if defined(_SC_PAGESIZE) + long page_size_ = sysconf(_SC_PAGESIZE); + if (page_size_ > 0L) { + page_size = (size_t) page_size_; + } +# elif defined(WINAPI_DESKTOP) + SYSTEM_INFO si; + GetSystemInfo(&si); + page_size = (size_t) si.dwPageSize; +# endif + if (page_size < CANARY_SIZE || page_size < sizeof(size_t)) { + sodium_misuse(); /* LCOV_EXCL_LINE */ + } +#endif + randombytes_buf(canary, sizeof canary); + + return 0; +} + +int +sodium_mlock(void *const addr, const size_t len) +{ + (void) len; + (void) addr; +#if defined(MADV_DONTDUMP) && defined(HAVE_MADVISE) + (void) madvise(addr, len, MADV_DONTDUMP); +#endif +#ifdef HAVE_MLOCK + return mlock(addr, len); +#elif defined(WINAPI_DESKTOP) + return -(VirtualLock(addr, len) == 0); +#else + errno = ENOSYS; + return -1; +#endif +} + +int +sodium_munlock(void *const addr, const size_t len) +{ + sodium_memzero(addr, len); +#if defined(MADV_DODUMP) && defined(HAVE_MADVISE) + (void) madvise(addr, len, MADV_DODUMP); +#endif +#ifdef HAVE_MLOCK + return munlock(addr, len); +#elif defined(WINAPI_DESKTOP) + return -(VirtualUnlock(addr, len) == 0); +#else + errno = ENOSYS; + return -1; +#endif +} + +static int +_mprotect_noaccess(void *ptr, size_t size) +{ + (void) ptr; + (void) size; +#ifdef HAVE_MPROTECT + return mprotect(ptr, size, PROT_NONE); +#elif defined(WINAPI_DESKTOP) + DWORD old; + return -(VirtualProtect(ptr, size, PAGE_NOACCESS, &old) == 0); +#else + errno = ENOSYS; + return -1; +#endif +} + +static int +_mprotect_readonly(void *ptr, size_t size) +{ + (void) ptr; + (void) size; +#ifdef HAVE_MPROTECT + return mprotect(ptr, size, PROT_READ); +#elif defined(WINAPI_DESKTOP) + DWORD old; + return -(VirtualProtect(ptr, size, PAGE_READONLY, &old) == 0); +#else + errno = ENOSYS; + return -1; +#endif +} + +static int +_mprotect_readwrite(void *ptr, size_t size) +{ + (void) ptr; + (void) size; +#ifdef HAVE_MPROTECT + return mprotect(ptr, size, PROT_READ | PROT_WRITE); +#elif defined(WINAPI_DESKTOP) + DWORD old; + return -(VirtualProtect(ptr, size, PAGE_READWRITE, &old) == 0); +#else + errno = ENOSYS; + return -1; +#endif +} + +#ifdef HAVE_ALIGNED_MALLOC + +__attribute__((noreturn)) static void +_out_of_bounds(void) +{ +# ifdef SIGSEGV + raise(SIGSEGV); +# elif defined(SIGKILL) + raise(SIGKILL); +# endif + abort(); /* not something we want any higher-level API to catch */ +} /* LCOV_EXCL_LINE */ + +static inline size_t +_page_round(const size_t size) +{ + const size_t page_mask = page_size - 1U; + + return (size + page_mask) & ~page_mask; +} + +static __attribute__((malloc)) unsigned char * +_alloc_aligned(const size_t size) +{ + void *ptr; + +# if defined(MAP_ANON) && defined(HAVE_MMAP) + if ((ptr = mmap(NULL, size, PROT_READ | PROT_WRITE, + MAP_ANON | MAP_PRIVATE | MAP_NOCORE, -1, 0)) == + MAP_FAILED) { + ptr = NULL; /* LCOV_EXCL_LINE */ + } /* LCOV_EXCL_LINE */ +# elif defined(HAVE_POSIX_MEMALIGN) + if (posix_memalign(&ptr, page_size, size) != 0) { + ptr = NULL; /* LCOV_EXCL_LINE */ + } /* LCOV_EXCL_LINE */ +# elif defined(WINAPI_DESKTOP) + ptr = VirtualAlloc(NULL, size, MEM_COMMIT | MEM_RESERVE, PAGE_READWRITE); +# else +# error Bug +# endif + return (unsigned char *) ptr; +} + +static void +_free_aligned(unsigned char *const ptr, const size_t size) +{ +# if defined(MAP_ANON) && defined(HAVE_MMAP) + (void) munmap(ptr, size); +# elif defined(HAVE_POSIX_MEMALIGN) + free(ptr); +# elif defined(WINAPI_DESKTOP) + VirtualFree(ptr, 0U, MEM_RELEASE); +# else +# error Bug +#endif +} + +static unsigned char * +_unprotected_ptr_from_user_ptr(void *const ptr) +{ + uintptr_t unprotected_ptr_u; + unsigned char *canary_ptr; + size_t page_mask; + + canary_ptr = ((unsigned char *) ptr) - sizeof canary; + page_mask = page_size - 1U; + unprotected_ptr_u = ((uintptr_t) canary_ptr & (uintptr_t) ~page_mask); + if (unprotected_ptr_u <= page_size * 2U) { + sodium_misuse(); /* LCOV_EXCL_LINE */ + } + return (unsigned char *) unprotected_ptr_u; +} + +#endif /* HAVE_ALIGNED_MALLOC */ + +#ifndef HAVE_ALIGNED_MALLOC +static __attribute__((malloc)) void * +_sodium_malloc(const size_t size) +{ + return malloc(size > (size_t) 0U ? size : (size_t) 1U); +} +#else +static __attribute__((malloc)) void * +_sodium_malloc(const size_t size) +{ + void *user_ptr; + unsigned char *base_ptr; + unsigned char *canary_ptr; + unsigned char *unprotected_ptr; + size_t size_with_canary; + size_t total_size; + size_t unprotected_size; + + if (size >= (size_t) SIZE_MAX - page_size * 4U) { + errno = ENOMEM; + return NULL; + } + if (page_size <= sizeof canary || page_size < sizeof unprotected_size) { + sodium_misuse(); /* LCOV_EXCL_LINE */ + } + size_with_canary = (sizeof canary) + size; + unprotected_size = _page_round(size_with_canary); + total_size = page_size + page_size + unprotected_size + page_size; + if ((base_ptr = _alloc_aligned(total_size)) == NULL) { + return NULL; /* LCOV_EXCL_LINE */ + } + unprotected_ptr = base_ptr + page_size * 2U; + _mprotect_noaccess(base_ptr + page_size, page_size); +# ifndef HAVE_PAGE_PROTECTION + memcpy(unprotected_ptr + unprotected_size, canary, sizeof canary); +# endif + _mprotect_noaccess(unprotected_ptr + unprotected_size, page_size); + sodium_mlock(unprotected_ptr, unprotected_size); + canary_ptr = + unprotected_ptr + _page_round(size_with_canary) - size_with_canary; + user_ptr = canary_ptr + sizeof canary; + memcpy(canary_ptr, canary, sizeof canary); + memcpy(base_ptr, &unprotected_size, sizeof unprotected_size); + _mprotect_readonly(base_ptr, page_size); + assert(_unprotected_ptr_from_user_ptr(user_ptr) == unprotected_ptr); + + return user_ptr; +} +#endif /* !HAVE_ALIGNED_MALLOC */ + +__attribute__((malloc)) void * +sodium_malloc(const size_t size) +{ + void *ptr; + + if ((ptr = _sodium_malloc(size)) == NULL) { + return NULL; + } + memset(ptr, (int) GARBAGE_VALUE, size); + + return ptr; +} + +__attribute__((malloc)) void * +sodium_allocarray(size_t count, size_t size) +{ + if (count > (size_t) 0U && size >= (size_t) SIZE_MAX / count) { + errno = ENOMEM; + return NULL; + } + return sodium_malloc(count * size); +} + +#ifndef HAVE_ALIGNED_MALLOC +void +sodium_free(void *ptr) +{ + free(ptr); +} +#else +void +sodium_free(void *ptr) +{ + unsigned char *base_ptr; + unsigned char *canary_ptr; + unsigned char *unprotected_ptr; + size_t total_size; + size_t unprotected_size; + + if (ptr == NULL) { + return; + } + canary_ptr = ((unsigned char *) ptr) - sizeof canary; + unprotected_ptr = _unprotected_ptr_from_user_ptr(ptr); + base_ptr = unprotected_ptr - page_size * 2U; + memcpy(&unprotected_size, base_ptr, sizeof unprotected_size); + total_size = page_size + page_size + unprotected_size + page_size; + _mprotect_readwrite(base_ptr, total_size); + if (sodium_memcmp(canary_ptr, canary, sizeof canary) != 0) { + _out_of_bounds(); + } +# ifndef HAVE_PAGE_PROTECTION + if (sodium_memcmp(unprotected_ptr + unprotected_size, canary, + sizeof canary) != 0) { + _out_of_bounds(); + } +# endif + sodium_munlock(unprotected_ptr, unprotected_size); + _free_aligned(base_ptr, total_size); +} +#endif /* HAVE_ALIGNED_MALLOC */ + +#ifndef HAVE_PAGE_PROTECTION +static int +_sodium_mprotect(void *ptr, int (*cb)(void *ptr, size_t size)) +{ + (void) ptr; + (void) cb; + errno = ENOSYS; + return -1; +} +#else +static int +_sodium_mprotect(void *ptr, int (*cb)(void *ptr, size_t size)) +{ + unsigned char *base_ptr; + unsigned char *unprotected_ptr; + size_t unprotected_size; + + unprotected_ptr = _unprotected_ptr_from_user_ptr(ptr); + base_ptr = unprotected_ptr - page_size * 2U; + memcpy(&unprotected_size, base_ptr, sizeof unprotected_size); + + return cb(unprotected_ptr, unprotected_size); +} +#endif + +int +sodium_mprotect_noaccess(void *ptr) +{ + return _sodium_mprotect(ptr, _mprotect_noaccess); +} + +int +sodium_mprotect_readonly(void *ptr) +{ + return _sodium_mprotect(ptr, _mprotect_readonly); +} + +int +sodium_mprotect_readwrite(void *ptr) +{ + return _sodium_mprotect(ptr, _mprotect_readwrite); +} + +int +sodium_pad(size_t *padded_buflen_p, unsigned char *buf, + size_t unpadded_buflen, size_t blocksize, size_t max_buflen) +{ + unsigned char *tail; + size_t i; + size_t xpadlen; + size_t xpadded_len; + volatile unsigned char mask; + unsigned char barrier_mask; + + if (blocksize <= 0U) { + return -1; + } + xpadlen = blocksize - 1U; + if ((blocksize & (blocksize - 1U)) == 0U) { + xpadlen -= unpadded_buflen & (blocksize - 1U); + } else { + xpadlen -= unpadded_buflen % blocksize; + } + if ((size_t) SIZE_MAX - unpadded_buflen <= xpadlen) { + sodium_misuse(); + } + xpadded_len = unpadded_buflen + xpadlen; + if (xpadded_len >= max_buflen) { + return -1; + } + tail = &buf[xpadded_len]; + if (padded_buflen_p != NULL) { + *padded_buflen_p = xpadded_len + 1U; + } + mask = 0U; + for (i = 0; i < blocksize; i++) { + barrier_mask = (unsigned char) (((i ^ xpadlen) - 1U) + >> ((sizeof(size_t) - 1) * CHAR_BIT)); + *(tail - i) = ((*(tail - i)) & mask) | (0x80 & barrier_mask); + mask |= barrier_mask; + } + return 0; +} + +int +sodium_unpad(size_t *unpadded_buflen_p, const unsigned char *buf, + size_t padded_buflen, size_t blocksize) +{ + const unsigned char *tail; + unsigned char acc = 0U; + unsigned char c; + unsigned char valid = 0U; + volatile size_t pad_len = 0U; + size_t i; + size_t is_barrier; + + if (padded_buflen < blocksize || blocksize <= 0U) { + return -1; + } + tail = &buf[padded_buflen - 1U]; + + for (i = 0U; i < blocksize; i++) { + c = *(tail - i); + is_barrier = + (( (acc - 1U) & (pad_len - 1U) & ((c ^ 0x80) - 1U) ) >> 8) & 1U; + acc |= c; + pad_len |= i & (1U + ~is_barrier); + valid |= (unsigned char) is_barrier; + } + *unpadded_buflen_p = padded_buflen - 1U - pad_len; + + return (int) (valid - 1U); +} diff --git a/windows/sodium/utils.h b/sodium/sodium_utils.h similarity index 56% rename from windows/sodium/utils.h rename to sodium/sodium_utils.h index 0a7aadb4..d9191c0f 100644 --- a/windows/sodium/utils.h +++ b/sodium/sodium_utils.h @@ -4,7 +4,7 @@ #include -#include "export.h" +#include "sodium_export.h" #ifdef __cplusplus extern "C" { @@ -18,8 +18,9 @@ extern "C" { # endif #endif -SODIUM_EXPORT -void sodium_memzero(void * const pnt, const size_t len); +void sodium_memzero(void * const pnt, const size_t len) __attribute__ ((nonnull)); + +void sodium_stackzero(const size_t len); /* * WARNING: sodium_memcmp() must be used to verify if two secret keys @@ -27,9 +28,8 @@ void sodium_memzero(void * const pnt, const size_t len); * It returns 0 if the keys are equal, and -1 if they differ. * This function is not designed for lexicographical comparisons. */ -SODIUM_EXPORT int sodium_memcmp(const void * const b1_, const void * const b2_, size_t len) - __attribute__ ((warn_unused_result)); + __attribute__ ((warn_unused_result)) __attribute__ ((nonnull)); /* * sodium_compare() returns -1 if b1_ < b2_, 1 if b1_ > b2_ and 0 if b1_ == b2_ @@ -37,35 +37,61 @@ int sodium_memcmp(const void * const b1_, const void * const b2_, size_t len) * and counters stored in little-endian format. * However, it is slower than sodium_memcmp(). */ -SODIUM_EXPORT int sodium_compare(const unsigned char *b1_, const unsigned char *b2_, size_t len) - __attribute__ ((warn_unused_result)); + __attribute__ ((warn_unused_result)) __attribute__ ((nonnull)); -SODIUM_EXPORT int sodium_is_zero(const unsigned char *n, const size_t nlen); -SODIUM_EXPORT void sodium_increment(unsigned char *n, const size_t nlen); -SODIUM_EXPORT -void sodium_add(unsigned char *a, const unsigned char *b, const size_t len); +void sodium_add(unsigned char *a, const unsigned char *b, const size_t len) + __attribute__ ((nonnull)); + +void sodium_sub(unsigned char *a, const unsigned char *b, const size_t len) + __attribute__ ((nonnull)); -SODIUM_EXPORT char *sodium_bin2hex(char * const hex, const size_t hex_maxlen, - const unsigned char * const bin, const size_t bin_len); + const unsigned char * const bin, const size_t bin_len) + __attribute__ ((nonnull)); -SODIUM_EXPORT int sodium_hex2bin(unsigned char * const bin, const size_t bin_maxlen, const char * const hex, const size_t hex_len, const char * const ignore, size_t * const bin_len, - const char ** const hex_end); + const char ** const hex_end) + __attribute__ ((nonnull(1, 3))); + +#define sodium_base64_VARIANT_ORIGINAL 1 +#define sodium_base64_VARIANT_ORIGINAL_NO_PADDING 3 +#define sodium_base64_VARIANT_URLSAFE 5 +#define sodium_base64_VARIANT_URLSAFE_NO_PADDING 7 + +/* + * Computes the required length to encode BIN_LEN bytes as a base64 string + * using the given variant. The computed length includes a trailing \0. + */ +#define sodium_base64_ENCODED_LEN(BIN_LEN, VARIANT) \ + (((BIN_LEN) / 3U) * 4U + \ + ((((BIN_LEN) - ((BIN_LEN) / 3U) * 3U) | (((BIN_LEN) - ((BIN_LEN) / 3U) * 3U) >> 1)) & 1U) * \ + (4U - (~((((VARIANT) & 2U) >> 1) - 1U) & (3U - ((BIN_LEN) - ((BIN_LEN) / 3U) * 3U)))) + 1U) -SODIUM_EXPORT -int sodium_mlock(void * const addr, const size_t len); +size_t sodium_base64_encoded_len(const size_t bin_len, const int variant); -SODIUM_EXPORT -int sodium_munlock(void * const addr, const size_t len); +char *sodium_bin2base64(char * const b64, const size_t b64_maxlen, + const unsigned char * const bin, const size_t bin_len, + const int variant) __attribute__ ((nonnull)); + +int sodium_base642bin(unsigned char * const bin, const size_t bin_maxlen, + const char * const b64, const size_t b64_len, + const char * const ignore, size_t * const bin_len, + const char ** const b64_end, const int variant) + __attribute__ ((nonnull(1, 3))); + +int sodium_mlock(void * const addr, const size_t len) + __attribute__ ((nonnull)); + +int sodium_munlock(void * const addr, const size_t len) + __attribute__ ((nonnull)); /* WARNING: sodium_malloc() and sodium_allocarray() are not general-purpose * allocation functions. @@ -100,25 +126,27 @@ int sodium_munlock(void * const addr, const size_t len); * state = sodium_malloc(crypto_generichash_statebytes()); */ -SODIUM_EXPORT void *sodium_malloc(const size_t size) __attribute__ ((malloc)); -SODIUM_EXPORT void *sodium_allocarray(size_t count, size_t size) __attribute__ ((malloc)); -SODIUM_EXPORT void sodium_free(void *ptr); -SODIUM_EXPORT -int sodium_mprotect_noaccess(void *ptr); +int sodium_mprotect_noaccess(void *ptr) __attribute__ ((nonnull)); + +int sodium_mprotect_readonly(void *ptr) __attribute__ ((nonnull)); + +int sodium_mprotect_readwrite(void *ptr) __attribute__ ((nonnull)); -SODIUM_EXPORT -int sodium_mprotect_readonly(void *ptr); +int sodium_pad(size_t *padded_buflen_p, unsigned char *buf, + size_t unpadded_buflen, size_t blocksize, size_t max_buflen) + __attribute__ ((nonnull(2))); -SODIUM_EXPORT -int sodium_mprotect_readwrite(void *ptr); +int sodium_unpad(size_t *unpadded_buflen_p, const unsigned char *buf, + size_t padded_buflen, size_t blocksize) + __attribute__ ((nonnull(2))); /* -------- */ diff --git a/sodium/sodium_verify.c b/sodium/sodium_verify.c new file mode 100644 index 00000000..f7a2d8f0 --- /dev/null +++ b/sodium/sodium_verify.c @@ -0,0 +1,98 @@ + +#include +#include + +#include "sodium_crypto_verify_16.h" +#include "sodium_crypto_verify_32.h" +#include "sodium_crypto_verify_64.h" + +size_t +crypto_verify_16_bytes(void) +{ + return crypto_verify_16_BYTES; +} + +size_t +crypto_verify_32_bytes(void) +{ + return crypto_verify_32_BYTES; +} + +size_t +crypto_verify_64_bytes(void) +{ + return crypto_verify_64_BYTES; +} + +#if defined(HAVE_EMMINTRIN_H) && defined(__SSE2__) + +# ifdef __GNUC__ +# pragma GCC target("sse2") +# endif +# include + +static inline int +crypto_verify_n(const unsigned char *x_, const unsigned char *y_, + const int n) +{ + const __m128i zero = _mm_setzero_si128(); + volatile __m128i v1, v2, z; + volatile int m; + int i; + + const volatile __m128i *volatile x = + (const volatile __m128i *volatile) (const void *) x_; + const volatile __m128i *volatile y = + (const volatile __m128i *volatile) (const void *) y_; + v1 = _mm_loadu_si128((const __m128i *) &x[0]); + v2 = _mm_loadu_si128((const __m128i *) &y[0]); + z = _mm_xor_si128(v1, v2); + for (i = 1; i < n / 16; i++) { + v1 = _mm_loadu_si128((const __m128i *) &x[i]); + v2 = _mm_loadu_si128((const __m128i *) &y[i]); + z = _mm_or_si128(z, _mm_xor_si128(v1, v2)); + } + m = _mm_movemask_epi8(_mm_cmpeq_epi32(z, zero)); + v1 = zero; v2 = zero; z = zero; + + return (int) (((uint32_t) m + 1U) >> 16) - 1; +} + +#else + +static inline int +crypto_verify_n(const unsigned char *x_, const unsigned char *y_, + const int n) +{ + const volatile unsigned char * x = + (const volatile unsigned char *) x_; + const volatile unsigned char * y = + (const volatile unsigned char *) y_; + volatile uint_fast16_t d = 0U; + int i; + + for (i = 0; i < n; i++) { + d |= x[i] ^ y[i]; + } + return (1 & ((d - 1) >> 8)) - 1; +} + +#endif + +int +crypto_verify_16(const unsigned char *x, const unsigned char *y) +{ + return crypto_verify_n(x, y, crypto_verify_16_BYTES); +} + +int +crypto_verify_32(const unsigned char *x, const unsigned char *y) +{ + return crypto_verify_n(x, y, crypto_verify_32_BYTES); +} + +int +crypto_verify_64(const unsigned char *x, const unsigned char *y) +{ + return crypto_verify_n(x, y, crypto_verify_64_BYTES); +} diff --git a/sodium/sodium_version.c b/sodium/sodium_version.c new file mode 100644 index 00000000..a6b0c0ef --- /dev/null +++ b/sodium/sodium_version.c @@ -0,0 +1,30 @@ + +#include "sodium_version.h" + +const char * +sodium_version_string(void) +{ + return SODIUM_VERSION_STRING; +} + +int +sodium_library_version_major(void) +{ + return SODIUM_LIBRARY_VERSION_MAJOR; +} + +int +sodium_library_version_minor(void) +{ + return SODIUM_LIBRARY_VERSION_MINOR; +} + +int +sodium_library_minimal(void) +{ +#ifdef SODIUM_LIBRARY_MINIMAL + return 1; +#else + return 0; +#endif +} diff --git a/windows/sodium/version.h b/sodium/sodium_version.h similarity index 61% rename from windows/sodium/version.h rename to sodium/sodium_version.h index ab8839f7..b7ff3c11 100644 --- a/windows/sodium/version.h +++ b/sodium/sodium_version.h @@ -1,29 +1,23 @@ - #ifndef sodium_version_H #define sodium_version_H -#include "export.h" - -#define SODIUM_VERSION_STRING "1.0.13" +#include "sodium_export.h" -#define SODIUM_LIBRARY_VERSION_MAJOR 9 -#define SODIUM_LIBRARY_VERSION_MINOR 5 +#define SODIUM_VERSION_STRING "1.0.17" +#define SODIUM_LIBRARY_VERSION_MAJOR 10 +#define SODIUM_LIBRARY_VERSION_MINOR 2 #ifdef __cplusplus extern "C" { #endif -SODIUM_EXPORT const char *sodium_version_string(void); -SODIUM_EXPORT int sodium_library_version_major(void); -SODIUM_EXPORT int sodium_library_version_minor(void); -SODIUM_EXPORT int sodium_library_minimal(void); #ifdef __cplusplus diff --git a/sodium/sodium_xmm6int_salsa20-avx2.c b/sodium/sodium_xmm6int_salsa20-avx2.c new file mode 100644 index 00000000..4ab9b93b --- /dev/null +++ b/sodium/sodium_xmm6int_salsa20-avx2.c @@ -0,0 +1,133 @@ + +#include +#include +#include + +#include "sodium_crypto_stream_salsa20.h" +#include "sodium_private_common.h" +#include "sodium_private_sse2_64_32.h" +#include "sodium_utils.h" + +#if defined(HAVE_AVX2INTRIN_H) && defined(HAVE_EMMINTRIN_H) && \ + defined(HAVE_TMMINTRIN_H) && defined(HAVE_SMMINTRIN_H) + +# ifdef __GNUC__ +# pragma GCC target("sse2") +# pragma GCC target("ssse3") +# pragma GCC target("sse4.1") +# pragma GCC target("avx2") +# endif + +#include +#include +#include +#include + +# include "sodium_stream_salsa20.h" +# include "sodium_xmm6int_salsa20-avx2.h" + +# define ROUNDS 20 + +typedef struct salsa_ctx { + uint32_t input[16]; +} salsa_ctx; + +static const int TR[16] = { + 0, 5, 10, 15, 12, 1, 6, 11, 8, 13, 2, 7, 4, 9, 14, 3 +}; + +static void +salsa_keysetup(salsa_ctx *ctx, const uint8_t *k) +{ + ctx->input[TR[1]] = LOAD32_LE(k + 0); + ctx->input[TR[2]] = LOAD32_LE(k + 4); + ctx->input[TR[3]] = LOAD32_LE(k + 8); + ctx->input[TR[4]] = LOAD32_LE(k + 12); + ctx->input[TR[11]] = LOAD32_LE(k + 16); + ctx->input[TR[12]] = LOAD32_LE(k + 20); + ctx->input[TR[13]] = LOAD32_LE(k + 24); + ctx->input[TR[14]] = LOAD32_LE(k + 28); + ctx->input[TR[0]] = 0x61707865; + ctx->input[TR[5]] = 0x3320646e; + ctx->input[TR[10]] = 0x79622d32; + ctx->input[TR[15]] = 0x6b206574; +} + +static void +salsa_ivsetup(salsa_ctx *ctx, const uint8_t *iv, const uint8_t *counter) +{ + ctx->input[TR[6]] = LOAD32_LE(iv + 0); + ctx->input[TR[7]] = LOAD32_LE(iv + 4); + ctx->input[TR[8]] = counter == NULL ? 0 : LOAD32_LE(counter + 0); + ctx->input[TR[9]] = counter == NULL ? 0 : LOAD32_LE(counter + 4); +} + +static void +salsa20_encrypt_bytes(salsa_ctx *ctx, const uint8_t *m, uint8_t *c, + unsigned long long bytes) +{ + uint32_t * const x = &ctx->input[0]; + + if (!bytes) { + return; /* LCOV_EXCL_LINE */ + } + +#include "sodium_xmm6int_u8.h" +#include "sodium_xmm6int_u4.h" +#include "sodium_xmm6int_u1.h" +#include "sodium_xmm6int_u0.h" +} + +static int +stream_avx2(unsigned char *c, unsigned long long clen, const unsigned char *n, + const unsigned char *k) +{ + struct salsa_ctx ctx; + + if (!clen) { + return 0; + } + COMPILER_ASSERT(crypto_stream_salsa20_KEYBYTES == 256 / 8); + salsa_keysetup(&ctx, k); + salsa_ivsetup(&ctx, n, NULL); + memset(c, 0, clen); + salsa20_encrypt_bytes(&ctx, c, c, clen); + sodium_memzero(&ctx, sizeof ctx); + + return 0; +} + +static int +stream_avx2_xor_ic(unsigned char *c, const unsigned char *m, + unsigned long long mlen, const unsigned char *n, uint64_t ic, + const unsigned char *k) +{ + struct salsa_ctx ctx; + uint8_t ic_bytes[8]; + uint32_t ic_high; + uint32_t ic_low; + + if (!mlen) { + return 0; + } + ic_high = (uint32_t) (ic >> 32); + ic_low = (uint32_t) ic; + STORE32_LE(&ic_bytes[0], ic_low); + STORE32_LE(&ic_bytes[4], ic_high); + salsa_keysetup(&ctx, k); + salsa_ivsetup(&ctx, n, ic_bytes); + salsa20_encrypt_bytes(&ctx, m, c, mlen); + sodium_memzero(&ctx, sizeof ctx); + + return 0; +} + +struct crypto_stream_salsa20_implementation + crypto_stream_salsa20_xmm6int_avx2_implementation = { + SODIUM_C99(.stream =) stream_avx2, + SODIUM_C99(.stream_xor_ic =) stream_avx2_xor_ic + }; + +#endif + +int salsa2_xmm6int_link_warning_dummy = 0; diff --git a/sodium/sodium_xmm6int_salsa20-avx2.h b/sodium/sodium_xmm6int_salsa20-avx2.h new file mode 100644 index 00000000..1d769304 --- /dev/null +++ b/sodium/sodium_xmm6int_salsa20-avx2.h @@ -0,0 +1,8 @@ + +#include + +#include "sodium_stream_salsa20.h" +#include "sodium_crypto_stream_salsa20.h" + +extern struct crypto_stream_salsa20_implementation + crypto_stream_salsa20_xmm6int_avx2_implementation; diff --git a/sodium/sodium_xmm6int_salsa20-sse2.c b/sodium/sodium_xmm6int_salsa20-sse2.c new file mode 100644 index 00000000..aa56d5a4 --- /dev/null +++ b/sodium/sodium_xmm6int_salsa20-sse2.c @@ -0,0 +1,124 @@ + +#include +#include +#include + +#include "sodium_crypto_stream_salsa20.h" +#include "sodium_private_common.h" +#include "sodium_private_sse2_64_32.h" +#include "sodium_utils.h" + +#ifdef HAVE_EMMINTRIN_H + +# ifdef __GNUC__ +# pragma GCC target("sse2") +# endif +# include + +# include "sodium_stream_salsa20.h" +# include "sodium_xmm6int_salsa20-sse2.h" + +# define ROUNDS 20 + +typedef struct salsa_ctx { + uint32_t input[16]; +} salsa_ctx; + +static const int TR[16] = { + 0, 5, 10, 15, 12, 1, 6, 11, 8, 13, 2, 7, 4, 9, 14, 3 +}; + +static void +salsa_keysetup(salsa_ctx *ctx, const uint8_t *k) +{ + ctx->input[TR[1]] = LOAD32_LE(k + 0); + ctx->input[TR[2]] = LOAD32_LE(k + 4); + ctx->input[TR[3]] = LOAD32_LE(k + 8); + ctx->input[TR[4]] = LOAD32_LE(k + 12); + ctx->input[TR[11]] = LOAD32_LE(k + 16); + ctx->input[TR[12]] = LOAD32_LE(k + 20); + ctx->input[TR[13]] = LOAD32_LE(k + 24); + ctx->input[TR[14]] = LOAD32_LE(k + 28); + ctx->input[TR[0]] = 0x61707865; + ctx->input[TR[5]] = 0x3320646e; + ctx->input[TR[10]] = 0x79622d32; + ctx->input[TR[15]] = 0x6b206574; +} + +static void +salsa_ivsetup(salsa_ctx *ctx, const uint8_t *iv, const uint8_t *counter) +{ + ctx->input[TR[6]] = LOAD32_LE(iv + 0); + ctx->input[TR[7]] = LOAD32_LE(iv + 4); + ctx->input[TR[8]] = counter == NULL ? 0 : LOAD32_LE(counter + 0); + ctx->input[TR[9]] = counter == NULL ? 0 : LOAD32_LE(counter + 4); +} + +static void +salsa20_encrypt_bytes(salsa_ctx *ctx, const uint8_t *m, uint8_t *c, + unsigned long long bytes) +{ + uint32_t * const x = &ctx->input[0]; + + if (!bytes) { + return; /* LCOV_EXCL_LINE */ + } + +#include "sodium_xmm6int_u4.h" +#include "sodium_xmm6int_u1.h" +#include "sodium_xmm6int_u0.h" +} + +static int +stream_sse2(unsigned char *c, unsigned long long clen, const unsigned char *n, + const unsigned char *k) +{ + struct salsa_ctx ctx; + + if (!clen) { + return 0; + } + COMPILER_ASSERT(crypto_stream_salsa20_KEYBYTES == 256 / 8); + salsa_keysetup(&ctx, k); + salsa_ivsetup(&ctx, n, NULL); + memset(c, 0, clen); + salsa20_encrypt_bytes(&ctx, c, c, clen); + sodium_memzero(&ctx, sizeof ctx); + + return 0; +} + +static int +stream_sse2_xor_ic(unsigned char *c, const unsigned char *m, + unsigned long long mlen, const unsigned char *n, uint64_t ic, + const unsigned char *k) +{ + struct salsa_ctx ctx; + uint8_t ic_bytes[8]; + uint32_t ic_high; + uint32_t ic_low; + + if (!mlen) { + return 0; + } + ic_high = (uint32_t) (ic >> 32); + ic_low = (uint32_t) (ic); + STORE32_LE(&ic_bytes[0], ic_low); + STORE32_LE(&ic_bytes[4], ic_high); + salsa_keysetup(&ctx, k); + salsa_ivsetup(&ctx, n, ic_bytes); + salsa20_encrypt_bytes(&ctx, m, c, mlen); + sodium_memzero(&ctx, sizeof ctx); + + return 0; +} + +struct crypto_stream_salsa20_implementation + crypto_stream_salsa20_xmm6int_sse2_implementation = { + SODIUM_C99(.stream =) stream_sse2, + SODIUM_C99(.stream_xor_ic =) stream_sse2_xor_ic + }; + +#endif + +int salsa20_xmm6int_sse2_link_warning_dummy = 0; diff --git a/sodium/sodium_xmm6int_salsa20-sse2.h b/sodium/sodium_xmm6int_salsa20-sse2.h new file mode 100644 index 00000000..7c2dce4e --- /dev/null +++ b/sodium/sodium_xmm6int_salsa20-sse2.h @@ -0,0 +1,8 @@ + +#include + +#include "sodium_stream_salsa20.h" +#include "sodium_crypto_stream_salsa20.h" + +extern struct crypto_stream_salsa20_implementation + crypto_stream_salsa20_xmm6int_sse2_implementation; diff --git a/sodium/sodium_xmm6int_u0.h b/sodium/sodium_xmm6int_u0.h new file mode 100644 index 00000000..4262f992 --- /dev/null +++ b/sodium/sodium_xmm6int_u0.h @@ -0,0 +1,195 @@ +if (bytes > 0) { + __m128i diag0 = _mm_loadu_si128((const __m128i *) (x + 0)); + __m128i diag1 = _mm_loadu_si128((const __m128i *) (x + 4)); + __m128i diag2 = _mm_loadu_si128((const __m128i *) (x + 8)); + __m128i diag3 = _mm_loadu_si128((const __m128i *) (x + 12)); + __m128i a0, a1, a2, a3, a4, a5, a6, a7; + __m128i b0, b1, b2, b3, b4, b5, b6, b7; + uint8_t partialblock[64]; + + unsigned int i; + + a0 = diag1; + for (i = 0; i < ROUNDS; i += 4) { + a0 = _mm_add_epi32(a0, diag0); + a1 = diag0; + b0 = a0; + a0 = _mm_slli_epi32(a0, 7); + b0 = _mm_srli_epi32(b0, 25); + diag3 = _mm_xor_si128(diag3, a0); + + diag3 = _mm_xor_si128(diag3, b0); + + a1 = _mm_add_epi32(a1, diag3); + a2 = diag3; + b1 = a1; + a1 = _mm_slli_epi32(a1, 9); + b1 = _mm_srli_epi32(b1, 23); + diag2 = _mm_xor_si128(diag2, a1); + diag3 = _mm_shuffle_epi32(diag3, 0x93); + diag2 = _mm_xor_si128(diag2, b1); + + a2 = _mm_add_epi32(a2, diag2); + a3 = diag2; + b2 = a2; + a2 = _mm_slli_epi32(a2, 13); + b2 = _mm_srli_epi32(b2, 19); + diag1 = _mm_xor_si128(diag1, a2); + diag2 = _mm_shuffle_epi32(diag2, 0x4e); + diag1 = _mm_xor_si128(diag1, b2); + + a3 = _mm_add_epi32(a3, diag1); + a4 = diag3; + b3 = a3; + a3 = _mm_slli_epi32(a3, 18); + b3 = _mm_srli_epi32(b3, 14); + diag0 = _mm_xor_si128(diag0, a3); + diag1 = _mm_shuffle_epi32(diag1, 0x39); + diag0 = _mm_xor_si128(diag0, b3); + + a4 = _mm_add_epi32(a4, diag0); + a5 = diag0; + b4 = a4; + a4 = _mm_slli_epi32(a4, 7); + b4 = _mm_srli_epi32(b4, 25); + diag1 = _mm_xor_si128(diag1, a4); + + diag1 = _mm_xor_si128(diag1, b4); + + a5 = _mm_add_epi32(a5, diag1); + a6 = diag1; + b5 = a5; + a5 = _mm_slli_epi32(a5, 9); + b5 = _mm_srli_epi32(b5, 23); + diag2 = _mm_xor_si128(diag2, a5); + diag1 = _mm_shuffle_epi32(diag1, 0x93); + diag2 = _mm_xor_si128(diag2, b5); + + a6 = _mm_add_epi32(a6, diag2); + a7 = diag2; + b6 = a6; + a6 = _mm_slli_epi32(a6, 13); + b6 = _mm_srli_epi32(b6, 19); + diag3 = _mm_xor_si128(diag3, a6); + diag2 = _mm_shuffle_epi32(diag2, 0x4e); + diag3 = _mm_xor_si128(diag3, b6); + + a7 = _mm_add_epi32(a7, diag3); + a0 = diag1; + b7 = a7; + a7 = _mm_slli_epi32(a7, 18); + b7 = _mm_srli_epi32(b7, 14); + diag0 = _mm_xor_si128(diag0, a7); + diag3 = _mm_shuffle_epi32(diag3, 0x39); + diag0 = _mm_xor_si128(diag0, b7); + + a0 = _mm_add_epi32(a0, diag0); + a1 = diag0; + b0 = a0; + a0 = _mm_slli_epi32(a0, 7); + b0 = _mm_srli_epi32(b0, 25); + diag3 = _mm_xor_si128(diag3, a0); + + diag3 = _mm_xor_si128(diag3, b0); + + a1 = _mm_add_epi32(a1, diag3); + a2 = diag3; + b1 = a1; + a1 = _mm_slli_epi32(a1, 9); + b1 = _mm_srli_epi32(b1, 23); + diag2 = _mm_xor_si128(diag2, a1); + diag3 = _mm_shuffle_epi32(diag3, 0x93); + diag2 = _mm_xor_si128(diag2, b1); + + a2 = _mm_add_epi32(a2, diag2); + a3 = diag2; + b2 = a2; + a2 = _mm_slli_epi32(a2, 13); + b2 = _mm_srli_epi32(b2, 19); + diag1 = _mm_xor_si128(diag1, a2); + diag2 = _mm_shuffle_epi32(diag2, 0x4e); + diag1 = _mm_xor_si128(diag1, b2); + + a3 = _mm_add_epi32(a3, diag1); + a4 = diag3; + b3 = a3; + a3 = _mm_slli_epi32(a3, 18); + b3 = _mm_srli_epi32(b3, 14); + diag0 = _mm_xor_si128(diag0, a3); + diag1 = _mm_shuffle_epi32(diag1, 0x39); + diag0 = _mm_xor_si128(diag0, b3); + + a4 = _mm_add_epi32(a4, diag0); + a5 = diag0; + b4 = a4; + a4 = _mm_slli_epi32(a4, 7); + b4 = _mm_srli_epi32(b4, 25); + diag1 = _mm_xor_si128(diag1, a4); + + diag1 = _mm_xor_si128(diag1, b4); + + a5 = _mm_add_epi32(a5, diag1); + a6 = diag1; + b5 = a5; + a5 = _mm_slli_epi32(a5, 9); + b5 = _mm_srli_epi32(b5, 23); + diag2 = _mm_xor_si128(diag2, a5); + diag1 = _mm_shuffle_epi32(diag1, 0x93); + diag2 = _mm_xor_si128(diag2, b5); + + a6 = _mm_add_epi32(a6, diag2); + a7 = diag2; + b6 = a6; + a6 = _mm_slli_epi32(a6, 13); + b6 = _mm_srli_epi32(b6, 19); + diag3 = _mm_xor_si128(diag3, a6); + diag2 = _mm_shuffle_epi32(diag2, 0x4e); + diag3 = _mm_xor_si128(diag3, b6); + + a7 = _mm_add_epi32(a7, diag3); + a0 = diag1; + b7 = a7; + a7 = _mm_slli_epi32(a7, 18); + b7 = _mm_srli_epi32(b7, 14); + diag0 = _mm_xor_si128(diag0, a7); + diag3 = _mm_shuffle_epi32(diag3, 0x39); + diag0 = _mm_xor_si128(diag0, b7); + } + + diag0 = _mm_add_epi32(diag0, _mm_loadu_si128((const __m128i *) (x + 0))); + diag1 = _mm_add_epi32(diag1, _mm_loadu_si128((const __m128i *) (x + 4))); + diag2 = _mm_add_epi32(diag2, _mm_loadu_si128((const __m128i *) (x + 8))); + diag3 = _mm_add_epi32(diag3, _mm_loadu_si128((const __m128i *) (x + 12))); + +#define ONEQUAD_SHUFFLE(A, B, C, D) \ + do { \ + uint32_t in##A = _mm_cvtsi128_si32(diag0); \ + uint32_t in##B = _mm_cvtsi128_si32(diag1); \ + uint32_t in##C = _mm_cvtsi128_si32(diag2); \ + uint32_t in##D = _mm_cvtsi128_si32(diag3); \ + diag0 = _mm_shuffle_epi32(diag0, 0x39); \ + diag1 = _mm_shuffle_epi32(diag1, 0x39); \ + diag2 = _mm_shuffle_epi32(diag2, 0x39); \ + diag3 = _mm_shuffle_epi32(diag3, 0x39); \ + memcpy( partialblock + (A*4), &in##A, 4 ); \ + memcpy( partialblock + (B*4), &in##B, 4 ); \ + memcpy( partialblock + (C*4), &in##C, 4 ); \ + memcpy( partialblock + (D*4), &in##D, 4 ); \ + } while (0) + +#define ONEQUAD(A, B, C, D) ONEQUAD_SHUFFLE(A, B, C, D) + + ONEQUAD(0, 12, 8, 4); + ONEQUAD(5, 1, 13, 9); + ONEQUAD(10, 6, 2, 14); + ONEQUAD(15, 11, 7, 3); + +#undef ONEQUAD +#undef ONEQUAD_SHUFFLE + + for (i = 0; i < bytes; i++) { + c[i] = m[i] ^ partialblock[i]; + } + + sodium_memzero(partialblock, sizeof partialblock); +} diff --git a/sodium/sodium_xmm6int_u1.h b/sodium/sodium_xmm6int_u1.h new file mode 100644 index 00000000..e82521cd --- /dev/null +++ b/sodium/sodium_xmm6int_u1.h @@ -0,0 +1,207 @@ +while (bytes >= 64) { + __m128i diag0 = _mm_loadu_si128((const __m128i *) (x + 0)); + __m128i diag1 = _mm_loadu_si128((const __m128i *) (x + 4)); + __m128i diag2 = _mm_loadu_si128((const __m128i *) (x + 8)); + __m128i diag3 = _mm_loadu_si128((const __m128i *) (x + 12)); + __m128i a0, a1, a2, a3, a4, a5, a6, a7; + __m128i b0, b1, b2, b3, b4, b5, b6, b7; + + uint32_t in8; + uint32_t in9; + int i; + + a0 = diag1; + for (i = 0; i < ROUNDS; i += 4) { + a0 = _mm_add_epi32(a0, diag0); + a1 = diag0; + b0 = a0; + a0 = _mm_slli_epi32(a0, 7); + b0 = _mm_srli_epi32(b0, 25); + diag3 = _mm_xor_si128(diag3, a0); + + diag3 = _mm_xor_si128(diag3, b0); + + a1 = _mm_add_epi32(a1, diag3); + a2 = diag3; + b1 = a1; + a1 = _mm_slli_epi32(a1, 9); + b1 = _mm_srli_epi32(b1, 23); + diag2 = _mm_xor_si128(diag2, a1); + diag3 = _mm_shuffle_epi32(diag3, 0x93); + diag2 = _mm_xor_si128(diag2, b1); + + a2 = _mm_add_epi32(a2, diag2); + a3 = diag2; + b2 = a2; + a2 = _mm_slli_epi32(a2, 13); + b2 = _mm_srli_epi32(b2, 19); + diag1 = _mm_xor_si128(diag1, a2); + diag2 = _mm_shuffle_epi32(diag2, 0x4e); + diag1 = _mm_xor_si128(diag1, b2); + + a3 = _mm_add_epi32(a3, diag1); + a4 = diag3; + b3 = a3; + a3 = _mm_slli_epi32(a3, 18); + b3 = _mm_srli_epi32(b3, 14); + diag0 = _mm_xor_si128(diag0, a3); + diag1 = _mm_shuffle_epi32(diag1, 0x39); + diag0 = _mm_xor_si128(diag0, b3); + + a4 = _mm_add_epi32(a4, diag0); + a5 = diag0; + b4 = a4; + a4 = _mm_slli_epi32(a4, 7); + b4 = _mm_srli_epi32(b4, 25); + diag1 = _mm_xor_si128(diag1, a4); + + diag1 = _mm_xor_si128(diag1, b4); + + a5 = _mm_add_epi32(a5, diag1); + a6 = diag1; + b5 = a5; + a5 = _mm_slli_epi32(a5, 9); + b5 = _mm_srli_epi32(b5, 23); + diag2 = _mm_xor_si128(diag2, a5); + diag1 = _mm_shuffle_epi32(diag1, 0x93); + diag2 = _mm_xor_si128(diag2, b5); + + a6 = _mm_add_epi32(a6, diag2); + a7 = diag2; + b6 = a6; + a6 = _mm_slli_epi32(a6, 13); + b6 = _mm_srli_epi32(b6, 19); + diag3 = _mm_xor_si128(diag3, a6); + diag2 = _mm_shuffle_epi32(diag2, 0x4e); + diag3 = _mm_xor_si128(diag3, b6); + + a7 = _mm_add_epi32(a7, diag3); + a0 = diag1; + b7 = a7; + a7 = _mm_slli_epi32(a7, 18); + b7 = _mm_srli_epi32(b7, 14); + diag0 = _mm_xor_si128(diag0, a7); + diag3 = _mm_shuffle_epi32(diag3, 0x39); + diag0 = _mm_xor_si128(diag0, b7); + + a0 = _mm_add_epi32(a0, diag0); + a1 = diag0; + b0 = a0; + a0 = _mm_slli_epi32(a0, 7); + b0 = _mm_srli_epi32(b0, 25); + diag3 = _mm_xor_si128(diag3, a0); + + diag3 = _mm_xor_si128(diag3, b0); + + a1 = _mm_add_epi32(a1, diag3); + a2 = diag3; + b1 = a1; + a1 = _mm_slli_epi32(a1, 9); + b1 = _mm_srli_epi32(b1, 23); + diag2 = _mm_xor_si128(diag2, a1); + diag3 = _mm_shuffle_epi32(diag3, 0x93); + diag2 = _mm_xor_si128(diag2, b1); + + a2 = _mm_add_epi32(a2, diag2); + a3 = diag2; + b2 = a2; + a2 = _mm_slli_epi32(a2, 13); + b2 = _mm_srli_epi32(b2, 19); + diag1 = _mm_xor_si128(diag1, a2); + diag2 = _mm_shuffle_epi32(diag2, 0x4e); + diag1 = _mm_xor_si128(diag1, b2); + + a3 = _mm_add_epi32(a3, diag1); + a4 = diag3; + b3 = a3; + a3 = _mm_slli_epi32(a3, 18); + b3 = _mm_srli_epi32(b3, 14); + diag0 = _mm_xor_si128(diag0, a3); + diag1 = _mm_shuffle_epi32(diag1, 0x39); + diag0 = _mm_xor_si128(diag0, b3); + + a4 = _mm_add_epi32(a4, diag0); + a5 = diag0; + b4 = a4; + a4 = _mm_slli_epi32(a4, 7); + b4 = _mm_srli_epi32(b4, 25); + diag1 = _mm_xor_si128(diag1, a4); + + diag1 = _mm_xor_si128(diag1, b4); + + a5 = _mm_add_epi32(a5, diag1); + a6 = diag1; + b5 = a5; + a5 = _mm_slli_epi32(a5, 9); + b5 = _mm_srli_epi32(b5, 23); + diag2 = _mm_xor_si128(diag2, a5); + diag1 = _mm_shuffle_epi32(diag1, 0x93); + diag2 = _mm_xor_si128(diag2, b5); + + a6 = _mm_add_epi32(a6, diag2); + a7 = diag2; + b6 = a6; + a6 = _mm_slli_epi32(a6, 13); + b6 = _mm_srli_epi32(b6, 19); + diag3 = _mm_xor_si128(diag3, a6); + diag2 = _mm_shuffle_epi32(diag2, 0x4e); + diag3 = _mm_xor_si128(diag3, b6); + + a7 = _mm_add_epi32(a7, diag3); + a0 = diag1; + b7 = a7; + a7 = _mm_slli_epi32(a7, 18); + b7 = _mm_srli_epi32(b7, 14); + diag0 = _mm_xor_si128(diag0, a7); + diag3 = _mm_shuffle_epi32(diag3, 0x39); + diag0 = _mm_xor_si128(diag0, b7); + } + + diag0 = _mm_add_epi32(diag0, _mm_loadu_si128((const __m128i *) (x + 0))); + diag1 = _mm_add_epi32(diag1, _mm_loadu_si128((const __m128i *) (x + 4))); + diag2 = _mm_add_epi32(diag2, _mm_loadu_si128((const __m128i *) (x + 8))); + diag3 = _mm_add_epi32(diag3, _mm_loadu_si128((const __m128i *) (x + 12))); + +#define ONEQUAD_SHUFFLE(A, B, C, D) \ + do { \ + uint32_t in##A = _mm_cvtsi128_si32(diag0); \ + uint32_t in##B = _mm_cvtsi128_si32(diag1); \ + uint32_t in##C = _mm_cvtsi128_si32(diag2); \ + uint32_t in##D = _mm_cvtsi128_si32(diag3); \ + diag0 = _mm_shuffle_epi32(diag0, 0x39); \ + diag1 = _mm_shuffle_epi32(diag1, 0x39); \ + diag2 = _mm_shuffle_epi32(diag2, 0x39); \ + diag3 = _mm_shuffle_epi32(diag3, 0x39); \ + in##A ^= *(const uint32_t *) (m + (A * 4)); \ + in##B ^= *(const uint32_t *) (m + (B * 4)); \ + in##C ^= *(const uint32_t *) (m + (C * 4)); \ + in##D ^= *(const uint32_t *) (m + (D * 4)); \ + *(uint32_t *) (c + (A * 4)) = in##A; \ + *(uint32_t *) (c + (B * 4)) = in##B; \ + *(uint32_t *) (c + (C * 4)) = in##C; \ + *(uint32_t *) (c + (D * 4)) = in##D; \ + } while (0) + +#define ONEQUAD(A, B, C, D) ONEQUAD_SHUFFLE(A, B, C, D) + + ONEQUAD(0, 12, 8, 4); + ONEQUAD(5, 1, 13, 9); + ONEQUAD(10, 6, 2, 14); + ONEQUAD(15, 11, 7, 3); + +#undef ONEQUAD +#undef ONEQUAD_SHUFFLE + + in8 = x[8]; + in9 = x[13]; + in8++; + if (in8 == 0) { + in9++; + } + x[8] = in8; + x[13] = in9; + + c += 64; + m += 64; + bytes -= 64; +} diff --git a/sodium/sodium_xmm6int_u4.h b/sodium/sodium_xmm6int_u4.h new file mode 100644 index 00000000..474f4860 --- /dev/null +++ b/sodium/sodium_xmm6int_u4.h @@ -0,0 +1,547 @@ +if (bytes >= 256) { + __m128i y0, y1, y2, y3, y4, y5, y6, y7, y8, y9, y10, y11, y12, y13, y14, + y15; + __m128i z0, z1, z2, z3, z4, z5, z6, z7, z8, z9, z10, z11, z12, z13, z14, + z15; + __m128i orig0, orig1, orig2, orig3, orig4, orig5, orig6, orig7, orig8, + orig9, orig10, orig11, orig12, orig13, orig14, orig15; + + uint32_t in8; + uint32_t in9; + int i; + + /* element broadcast immediate for _mm_shuffle_epi32 are in order: + 0x00, 0x55, 0xaa, 0xff */ + z0 = _mm_loadu_si128((const __m128i *) (x + 0)); + z5 = _mm_shuffle_epi32(z0, 0x55); + z10 = _mm_shuffle_epi32(z0, 0xaa); + z15 = _mm_shuffle_epi32(z0, 0xff); + z0 = _mm_shuffle_epi32(z0, 0x00); + z1 = _mm_loadu_si128((const __m128i *) (x + 4)); + z6 = _mm_shuffle_epi32(z1, 0xaa); + z11 = _mm_shuffle_epi32(z1, 0xff); + z12 = _mm_shuffle_epi32(z1, 0x00); + z1 = _mm_shuffle_epi32(z1, 0x55); + z2 = _mm_loadu_si128((const __m128i *) (x + 8)); + z7 = _mm_shuffle_epi32(z2, 0xff); + z13 = _mm_shuffle_epi32(z2, 0x55); + z2 = _mm_shuffle_epi32(z2, 0xaa); + /* no z8 -> first half of the nonce, will fill later */ + z3 = _mm_loadu_si128((const __m128i *) (x + 12)); + z4 = _mm_shuffle_epi32(z3, 0x00); + z14 = _mm_shuffle_epi32(z3, 0xaa); + z3 = _mm_shuffle_epi32(z3, 0xff); + /* no z9 -> second half of the nonce, will fill later */ + orig0 = z0; + orig1 = z1; + orig2 = z2; + orig3 = z3; + orig4 = z4; + orig5 = z5; + orig6 = z6; + orig7 = z7; + orig10 = z10; + orig11 = z11; + orig12 = z12; + orig13 = z13; + orig14 = z14; + orig15 = z15; + + while (bytes >= 256) { + /* vector implementation for z8 and z9 */ + /* not sure if it helps for only 4 blocks */ + const __m128i addv8 = _mm_set_epi64x(1, 0); + const __m128i addv9 = _mm_set_epi64x(3, 2); + __m128i t8, t9; + uint64_t in89; + + in8 = x[8]; + in9 = x[13]; + in89 = ((uint64_t) in8) | (((uint64_t) in9) << 32); + t8 = _mm_set1_epi64x(in89); + t9 = _mm_set1_epi64x(in89); + + z8 = _mm_add_epi64(addv8, t8); + z9 = _mm_add_epi64(addv9, t9); + + t8 = _mm_unpacklo_epi32(z8, z9); + t9 = _mm_unpackhi_epi32(z8, z9); + + z8 = _mm_unpacklo_epi32(t8, t9); + z9 = _mm_unpackhi_epi32(t8, t9); + + orig8 = z8; + orig9 = z9; + + in89 += 4; + + x[8] = in89 & 0xFFFFFFFF; + x[13] = (in89 >> 32) & 0xFFFFFFFF; + + z5 = orig5; + z10 = orig10; + z15 = orig15; + z14 = orig14; + z3 = orig3; + z6 = orig6; + z11 = orig11; + z1 = orig1; + + z7 = orig7; + z13 = orig13; + z2 = orig2; + z9 = orig9; + z0 = orig0; + z12 = orig12; + z4 = orig4; + z8 = orig8; + + for (i = 0; i < ROUNDS; i += 2) { + /* the inner loop is a direct translation (regexp search/replace) + * from the amd64-xmm6 ASM */ + __m128i r0, r1, r2, r3, r4, r5, r6, r7, r8, r9, r10, r11, r12, r13, + r14, r15; + + y4 = z12; + y4 = _mm_add_epi32(y4, z0); + r4 = y4; + y4 = _mm_slli_epi32(y4, 7); + z4 = _mm_xor_si128(z4, y4); + r4 = _mm_srli_epi32(r4, 25); + z4 = _mm_xor_si128(z4, r4); + + y9 = z1; + y9 = _mm_add_epi32(y9, z5); + r9 = y9; + y9 = _mm_slli_epi32(y9, 7); + z9 = _mm_xor_si128(z9, y9); + r9 = _mm_srli_epi32(r9, 25); + z9 = _mm_xor_si128(z9, r9); + + y8 = z0; + y8 = _mm_add_epi32(y8, z4); + r8 = y8; + y8 = _mm_slli_epi32(y8, 9); + z8 = _mm_xor_si128(z8, y8); + r8 = _mm_srli_epi32(r8, 23); + z8 = _mm_xor_si128(z8, r8); + + y13 = z5; + y13 = _mm_add_epi32(y13, z9); + r13 = y13; + y13 = _mm_slli_epi32(y13, 9); + z13 = _mm_xor_si128(z13, y13); + r13 = _mm_srli_epi32(r13, 23); + z13 = _mm_xor_si128(z13, r13); + + y12 = z4; + y12 = _mm_add_epi32(y12, z8); + r12 = y12; + y12 = _mm_slli_epi32(y12, 13); + z12 = _mm_xor_si128(z12, y12); + r12 = _mm_srli_epi32(r12, 19); + z12 = _mm_xor_si128(z12, r12); + + y1 = z9; + y1 = _mm_add_epi32(y1, z13); + r1 = y1; + y1 = _mm_slli_epi32(y1, 13); + z1 = _mm_xor_si128(z1, y1); + r1 = _mm_srli_epi32(r1, 19); + z1 = _mm_xor_si128(z1, r1); + + y0 = z8; + y0 = _mm_add_epi32(y0, z12); + r0 = y0; + y0 = _mm_slli_epi32(y0, 18); + z0 = _mm_xor_si128(z0, y0); + r0 = _mm_srli_epi32(r0, 14); + z0 = _mm_xor_si128(z0, r0); + + y5 = z13; + y5 = _mm_add_epi32(y5, z1); + r5 = y5; + y5 = _mm_slli_epi32(y5, 18); + z5 = _mm_xor_si128(z5, y5); + r5 = _mm_srli_epi32(r5, 14); + z5 = _mm_xor_si128(z5, r5); + + y14 = z6; + y14 = _mm_add_epi32(y14, z10); + r14 = y14; + y14 = _mm_slli_epi32(y14, 7); + z14 = _mm_xor_si128(z14, y14); + r14 = _mm_srli_epi32(r14, 25); + z14 = _mm_xor_si128(z14, r14); + + y3 = z11; + y3 = _mm_add_epi32(y3, z15); + r3 = y3; + y3 = _mm_slli_epi32(y3, 7); + z3 = _mm_xor_si128(z3, y3); + r3 = _mm_srli_epi32(r3, 25); + z3 = _mm_xor_si128(z3, r3); + + y2 = z10; + y2 = _mm_add_epi32(y2, z14); + r2 = y2; + y2 = _mm_slli_epi32(y2, 9); + z2 = _mm_xor_si128(z2, y2); + r2 = _mm_srli_epi32(r2, 23); + z2 = _mm_xor_si128(z2, r2); + + y7 = z15; + y7 = _mm_add_epi32(y7, z3); + r7 = y7; + y7 = _mm_slli_epi32(y7, 9); + z7 = _mm_xor_si128(z7, y7); + r7 = _mm_srli_epi32(r7, 23); + z7 = _mm_xor_si128(z7, r7); + + y6 = z14; + y6 = _mm_add_epi32(y6, z2); + r6 = y6; + y6 = _mm_slli_epi32(y6, 13); + z6 = _mm_xor_si128(z6, y6); + r6 = _mm_srli_epi32(r6, 19); + z6 = _mm_xor_si128(z6, r6); + + y11 = z3; + y11 = _mm_add_epi32(y11, z7); + r11 = y11; + y11 = _mm_slli_epi32(y11, 13); + z11 = _mm_xor_si128(z11, y11); + r11 = _mm_srli_epi32(r11, 19); + z11 = _mm_xor_si128(z11, r11); + + y10 = z2; + y10 = _mm_add_epi32(y10, z6); + r10 = y10; + y10 = _mm_slli_epi32(y10, 18); + z10 = _mm_xor_si128(z10, y10); + r10 = _mm_srli_epi32(r10, 14); + z10 = _mm_xor_si128(z10, r10); + + y1 = z3; + y1 = _mm_add_epi32(y1, z0); + r1 = y1; + y1 = _mm_slli_epi32(y1, 7); + z1 = _mm_xor_si128(z1, y1); + r1 = _mm_srli_epi32(r1, 25); + z1 = _mm_xor_si128(z1, r1); + + y15 = z7; + y15 = _mm_add_epi32(y15, z11); + r15 = y15; + y15 = _mm_slli_epi32(y15, 18); + z15 = _mm_xor_si128(z15, y15); + r15 = _mm_srli_epi32(r15, 14); + z15 = _mm_xor_si128(z15, r15); + + y6 = z4; + y6 = _mm_add_epi32(y6, z5); + r6 = y6; + y6 = _mm_slli_epi32(y6, 7); + z6 = _mm_xor_si128(z6, y6); + r6 = _mm_srli_epi32(r6, 25); + z6 = _mm_xor_si128(z6, r6); + + y2 = z0; + y2 = _mm_add_epi32(y2, z1); + r2 = y2; + y2 = _mm_slli_epi32(y2, 9); + z2 = _mm_xor_si128(z2, y2); + r2 = _mm_srli_epi32(r2, 23); + z2 = _mm_xor_si128(z2, r2); + + y7 = z5; + y7 = _mm_add_epi32(y7, z6); + r7 = y7; + y7 = _mm_slli_epi32(y7, 9); + z7 = _mm_xor_si128(z7, y7); + r7 = _mm_srli_epi32(r7, 23); + z7 = _mm_xor_si128(z7, r7); + + y3 = z1; + y3 = _mm_add_epi32(y3, z2); + r3 = y3; + y3 = _mm_slli_epi32(y3, 13); + z3 = _mm_xor_si128(z3, y3); + r3 = _mm_srli_epi32(r3, 19); + z3 = _mm_xor_si128(z3, r3); + + y4 = z6; + y4 = _mm_add_epi32(y4, z7); + r4 = y4; + y4 = _mm_slli_epi32(y4, 13); + z4 = _mm_xor_si128(z4, y4); + r4 = _mm_srli_epi32(r4, 19); + z4 = _mm_xor_si128(z4, r4); + + y0 = z2; + y0 = _mm_add_epi32(y0, z3); + r0 = y0; + y0 = _mm_slli_epi32(y0, 18); + z0 = _mm_xor_si128(z0, y0); + r0 = _mm_srli_epi32(r0, 14); + z0 = _mm_xor_si128(z0, r0); + + y5 = z7; + y5 = _mm_add_epi32(y5, z4); + r5 = y5; + y5 = _mm_slli_epi32(y5, 18); + z5 = _mm_xor_si128(z5, y5); + r5 = _mm_srli_epi32(r5, 14); + z5 = _mm_xor_si128(z5, r5); + + y11 = z9; + y11 = _mm_add_epi32(y11, z10); + r11 = y11; + y11 = _mm_slli_epi32(y11, 7); + z11 = _mm_xor_si128(z11, y11); + r11 = _mm_srli_epi32(r11, 25); + z11 = _mm_xor_si128(z11, r11); + + y12 = z14; + y12 = _mm_add_epi32(y12, z15); + r12 = y12; + y12 = _mm_slli_epi32(y12, 7); + z12 = _mm_xor_si128(z12, y12); + r12 = _mm_srli_epi32(r12, 25); + z12 = _mm_xor_si128(z12, r12); + + y8 = z10; + y8 = _mm_add_epi32(y8, z11); + r8 = y8; + y8 = _mm_slli_epi32(y8, 9); + z8 = _mm_xor_si128(z8, y8); + r8 = _mm_srli_epi32(r8, 23); + z8 = _mm_xor_si128(z8, r8); + + y13 = z15; + y13 = _mm_add_epi32(y13, z12); + r13 = y13; + y13 = _mm_slli_epi32(y13, 9); + z13 = _mm_xor_si128(z13, y13); + r13 = _mm_srli_epi32(r13, 23); + z13 = _mm_xor_si128(z13, r13); + + y9 = z11; + y9 = _mm_add_epi32(y9, z8); + r9 = y9; + y9 = _mm_slli_epi32(y9, 13); + z9 = _mm_xor_si128(z9, y9); + r9 = _mm_srli_epi32(r9, 19); + z9 = _mm_xor_si128(z9, r9); + + y14 = z12; + y14 = _mm_add_epi32(y14, z13); + r14 = y14; + y14 = _mm_slli_epi32(y14, 13); + z14 = _mm_xor_si128(z14, y14); + r14 = _mm_srli_epi32(r14, 19); + z14 = _mm_xor_si128(z14, r14); + + y10 = z8; + y10 = _mm_add_epi32(y10, z9); + r10 = y10; + y10 = _mm_slli_epi32(y10, 18); + z10 = _mm_xor_si128(z10, y10); + r10 = _mm_srli_epi32(r10, 14); + z10 = _mm_xor_si128(z10, r10); + + y15 = z13; + y15 = _mm_add_epi32(y15, z14); + r15 = y15; + y15 = _mm_slli_epi32(y15, 18); + z15 = _mm_xor_si128(z15, y15); + r15 = _mm_srli_epi32(r15, 14); + z15 = _mm_xor_si128(z15, r15); + } + +/* store data ; this macro replicates the original amd64-xmm6 code */ +#define ONEQUAD_SHUFFLE(A, B, C, D) \ + z##A = _mm_add_epi32(z##A, orig##A); \ + z##B = _mm_add_epi32(z##B, orig##B); \ + z##C = _mm_add_epi32(z##C, orig##C); \ + z##D = _mm_add_epi32(z##D, orig##D); \ + in##A = _mm_cvtsi128_si32(z##A); \ + in##B = _mm_cvtsi128_si32(z##B); \ + in##C = _mm_cvtsi128_si32(z##C); \ + in##D = _mm_cvtsi128_si32(z##D); \ + z##A = _mm_shuffle_epi32(z##A, 0x39); \ + z##B = _mm_shuffle_epi32(z##B, 0x39); \ + z##C = _mm_shuffle_epi32(z##C, 0x39); \ + z##D = _mm_shuffle_epi32(z##D, 0x39); \ + \ + in##A ^= *(uint32_t *) (m + 0); \ + in##B ^= *(uint32_t *) (m + 4); \ + in##C ^= *(uint32_t *) (m + 8); \ + in##D ^= *(uint32_t *) (m + 12); \ + \ + *(uint32_t *) (c + 0) = in##A; \ + *(uint32_t *) (c + 4) = in##B; \ + *(uint32_t *) (c + 8) = in##C; \ + *(uint32_t *) (c + 12) = in##D; \ + \ + in##A = _mm_cvtsi128_si32(z##A); \ + in##B = _mm_cvtsi128_si32(z##B); \ + in##C = _mm_cvtsi128_si32(z##C); \ + in##D = _mm_cvtsi128_si32(z##D); \ + z##A = _mm_shuffle_epi32(z##A, 0x39); \ + z##B = _mm_shuffle_epi32(z##B, 0x39); \ + z##C = _mm_shuffle_epi32(z##C, 0x39); \ + z##D = _mm_shuffle_epi32(z##D, 0x39); \ + \ + in##A ^= *(uint32_t *) (m + 64); \ + in##B ^= *(uint32_t *) (m + 68); \ + in##C ^= *(uint32_t *) (m + 72); \ + in##D ^= *(uint32_t *) (m + 76); \ + *(uint32_t *) (c + 64) = in##A; \ + *(uint32_t *) (c + 68) = in##B; \ + *(uint32_t *) (c + 72) = in##C; \ + *(uint32_t *) (c + 76) = in##D; \ + \ + in##A = _mm_cvtsi128_si32(z##A); \ + in##B = _mm_cvtsi128_si32(z##B); \ + in##C = _mm_cvtsi128_si32(z##C); \ + in##D = _mm_cvtsi128_si32(z##D); \ + z##A = _mm_shuffle_epi32(z##A, 0x39); \ + z##B = _mm_shuffle_epi32(z##B, 0x39); \ + z##C = _mm_shuffle_epi32(z##C, 0x39); \ + z##D = _mm_shuffle_epi32(z##D, 0x39); \ + \ + in##A ^= *(uint32_t *) (m + 128); \ + in##B ^= *(uint32_t *) (m + 132); \ + in##C ^= *(uint32_t *) (m + 136); \ + in##D ^= *(uint32_t *) (m + 140); \ + *(uint32_t *) (c + 128) = in##A; \ + *(uint32_t *) (c + 132) = in##B; \ + *(uint32_t *) (c + 136) = in##C; \ + *(uint32_t *) (c + 140) = in##D; \ + \ + in##A = _mm_cvtsi128_si32(z##A); \ + in##B = _mm_cvtsi128_si32(z##B); \ + in##C = _mm_cvtsi128_si32(z##C); \ + in##D = _mm_cvtsi128_si32(z##D); \ + \ + in##A ^= *(uint32_t *) (m + 192); \ + in##B ^= *(uint32_t *) (m + 196); \ + in##C ^= *(uint32_t *) (m + 200); \ + in##D ^= *(uint32_t *) (m + 204); \ + *(uint32_t *) (c + 192) = in##A; \ + *(uint32_t *) (c + 196) = in##B; \ + *(uint32_t *) (c + 200) = in##C; \ + *(uint32_t *) (c + 204) = in##D + +/* store data ; this macro replaces shuffle+mov by a direct extract; not much + * difference */ +#define ONEQUAD_EXTRACT(A, B, C, D) \ + z##A = _mm_add_epi32(z##A, orig##A); \ + z##B = _mm_add_epi32(z##B, orig##B); \ + z##C = _mm_add_epi32(z##C, orig##C); \ + z##D = _mm_add_epi32(z##D, orig##D); \ + in##A = _mm_cvtsi128_si32(z##A); \ + in##B = _mm_cvtsi128_si32(z##B); \ + in##C = _mm_cvtsi128_si32(z##C); \ + in##D = _mm_cvtsi128_si32(z##D); \ + in##A ^= *(uint32_t *) (m + 0); \ + in##B ^= *(uint32_t *) (m + 4); \ + in##C ^= *(uint32_t *) (m + 8); \ + in##D ^= *(uint32_t *) (m + 12); \ + *(uint32_t *) (c + 0) = in##A; \ + *(uint32_t *) (c + 4) = in##B; \ + *(uint32_t *) (c + 8) = in##C; \ + *(uint32_t *) (c + 12) = in##D; \ + \ + in##A = _mm_extract_epi32(z##A, 1); \ + in##B = _mm_extract_epi32(z##B, 1); \ + in##C = _mm_extract_epi32(z##C, 1); \ + in##D = _mm_extract_epi32(z##D, 1); \ + \ + in##A ^= *(uint32_t *) (m + 64); \ + in##B ^= *(uint32_t *) (m + 68); \ + in##C ^= *(uint32_t *) (m + 72); \ + in##D ^= *(uint32_t *) (m + 76); \ + *(uint32_t *) (c + 64) = in##A; \ + *(uint32_t *) (c + 68) = in##B; \ + *(uint32_t *) (c + 72) = in##C; \ + *(uint32_t *) (c + 76) = in##D; \ + \ + in##A = _mm_extract_epi32(z##A, 2); \ + in##B = _mm_extract_epi32(z##B, 2); \ + in##C = _mm_extract_epi32(z##C, 2); \ + in##D = _mm_extract_epi32(z##D, 2); \ + \ + in##A ^= *(uint32_t *) (m + 128); \ + in##B ^= *(uint32_t *) (m + 132); \ + in##C ^= *(uint32_t *) (m + 136); \ + in##D ^= *(uint32_t *) (m + 140); \ + *(uint32_t *) (c + 128) = in##A; \ + *(uint32_t *) (c + 132) = in##B; \ + *(uint32_t *) (c + 136) = in##C; \ + *(uint32_t *) (c + 140) = in##D; \ + \ + in##A = _mm_extract_epi32(z##A, 3); \ + in##B = _mm_extract_epi32(z##B, 3); \ + in##C = _mm_extract_epi32(z##C, 3); \ + in##D = _mm_extract_epi32(z##D, 3); \ + \ + in##A ^= *(uint32_t *) (m + 192); \ + in##B ^= *(uint32_t *) (m + 196); \ + in##C ^= *(uint32_t *) (m + 200); \ + in##D ^= *(uint32_t *) (m + 204); \ + *(uint32_t *) (c + 192) = in##A; \ + *(uint32_t *) (c + 196) = in##B; \ + *(uint32_t *) (c + 200) = in##C; \ + *(uint32_t *) (c + 204) = in##D + +/* store data ; this macro first transpose data in-registers, and then store + * them in memory. much faster with icc. */ +#define ONEQUAD_TRANSPOSE(A, B, C, D) \ + z##A = _mm_add_epi32(z##A, orig##A); \ + z##B = _mm_add_epi32(z##B, orig##B); \ + z##C = _mm_add_epi32(z##C, orig##C); \ + z##D = _mm_add_epi32(z##D, orig##D); \ + y##A = _mm_unpacklo_epi32(z##A, z##B); \ + y##B = _mm_unpacklo_epi32(z##C, z##D); \ + y##C = _mm_unpackhi_epi32(z##A, z##B); \ + y##D = _mm_unpackhi_epi32(z##C, z##D); \ + z##A = _mm_unpacklo_epi64(y##A, y##B); \ + z##B = _mm_unpackhi_epi64(y##A, y##B); \ + z##C = _mm_unpacklo_epi64(y##C, y##D); \ + z##D = _mm_unpackhi_epi64(y##C, y##D); \ + y##A = _mm_xor_si128(z##A, _mm_loadu_si128((const __m128i *) (m + 0))); \ + _mm_storeu_si128((__m128i *) (c + 0), y##A); \ + y##B = _mm_xor_si128(z##B, _mm_loadu_si128((const __m128i *) (m + 64))); \ + _mm_storeu_si128((__m128i *) (c + 64), y##B); \ + y##C = _mm_xor_si128(z##C, _mm_loadu_si128((const __m128i *) (m + 128))); \ + _mm_storeu_si128((__m128i *) (c + 128), y##C); \ + y##D = _mm_xor_si128(z##D, _mm_loadu_si128((const __m128i *) (m + 192))); \ + _mm_storeu_si128((__m128i *) (c + 192), y##D) + +#define ONEQUAD(A, B, C, D) ONEQUAD_TRANSPOSE(A, B, C, D) + + ONEQUAD(0, 1, 2, 3); + m += 16; + c += 16; + ONEQUAD(4, 5, 6, 7); + m += 16; + c += 16; + ONEQUAD(8, 9, 10, 11); + m += 16; + c += 16; + ONEQUAD(12, 13, 14, 15); + m -= 48; + c -= 48; + +#undef ONEQUAD +#undef ONEQUAD_TRANSPOSE +#undef ONEQUAD_EXTRACT +#undef ONEQUAD_SHUFFLE + + bytes -= 256; + c += 256; + m += 256; + } +} diff --git a/sodium/sodium_xmm6int_u8.h b/sodium/sodium_xmm6int_u8.h new file mode 100644 index 00000000..581b22c2 --- /dev/null +++ b/sodium/sodium_xmm6int_u8.h @@ -0,0 +1,477 @@ +if (bytes >= 512) { + __m256i y0, y1, y2, y3, y4, y5, y6, y7, y8, y9, y10, y11, y12, y13, y14, + y15; + + /* the naive way seems as fast (if not a bit faster) than the vector way */ + __m256i z0 = _mm256_set1_epi32(x[0]); + __m256i z5 = _mm256_set1_epi32(x[1]); + __m256i z10 = _mm256_set1_epi32(x[2]); + __m256i z15 = _mm256_set1_epi32(x[3]); + __m256i z12 = _mm256_set1_epi32(x[4]); + __m256i z1 = _mm256_set1_epi32(x[5]); + __m256i z6 = _mm256_set1_epi32(x[6]); + __m256i z11 = _mm256_set1_epi32(x[7]); + __m256i z8; /* useless */ + __m256i z13 = _mm256_set1_epi32(x[9]); + __m256i z2 = _mm256_set1_epi32(x[10]); + __m256i z7 = _mm256_set1_epi32(x[11]); + __m256i z4 = _mm256_set1_epi32(x[12]); + __m256i z9; /* useless */ + __m256i z14 = _mm256_set1_epi32(x[14]); + __m256i z3 = _mm256_set1_epi32(x[15]); + + __m256i orig0 = z0; + __m256i orig1 = z1; + __m256i orig2 = z2; + __m256i orig3 = z3; + __m256i orig4 = z4; + __m256i orig5 = z5; + __m256i orig6 = z6; + __m256i orig7 = z7; + __m256i orig8; + __m256i orig9; + __m256i orig10 = z10; + __m256i orig11 = z11; + __m256i orig12 = z12; + __m256i orig13 = z13; + __m256i orig14 = z14; + __m256i orig15 = z15; + + uint32_t in8; + uint32_t in9; + int i; + + while (bytes >= 512) { + /* vector implementation for z8 and z9 */ + /* faster than the naive version for 8 blocks */ + const __m256i addv8 = _mm256_set_epi64x(3, 2, 1, 0); + const __m256i addv9 = _mm256_set_epi64x(7, 6, 5, 4); + const __m256i permute = _mm256_set_epi32(7, 6, 3, 2, 5, 4, 1, 0); + + __m256i t8, t9; + uint64_t in89; + + in8 = x[8]; + in9 = x[13]; /* see arrays above for the address translation */ + in89 = ((uint64_t) in8) | (((uint64_t) in9) << 32); + + z8 = z9 = _mm256_broadcastq_epi64(_mm_cvtsi64_si128(in89)); + + t8 = _mm256_add_epi64(addv8, z8); + t9 = _mm256_add_epi64(addv9, z9); + + z8 = _mm256_unpacklo_epi32(t8, t9); + z9 = _mm256_unpackhi_epi32(t8, t9); + + t8 = _mm256_unpacklo_epi32(z8, z9); + t9 = _mm256_unpackhi_epi32(z8, z9); + + /* required because unpack* are intra-lane */ + z8 = _mm256_permutevar8x32_epi32(t8, permute); + z9 = _mm256_permutevar8x32_epi32(t9, permute); + + orig8 = z8; + orig9 = z9; + + in89 += 8; + + x[8] = in89 & 0xFFFFFFFF; + x[13] = (in89 >> 32) & 0xFFFFFFFF; + + z5 = orig5; + z10 = orig10; + z15 = orig15; + z14 = orig14; + z3 = orig3; + z6 = orig6; + z11 = orig11; + z1 = orig1; + + z7 = orig7; + z13 = orig13; + z2 = orig2; + z9 = orig9; + z0 = orig0; + z12 = orig12; + z4 = orig4; + z8 = orig8; + + for (i = 0; i < ROUNDS; i += 2) { + /* the inner loop is a direct translation (regexp search/replace) + * from the amd64-xmm6 ASM */ + __m256i r0, r1, r2, r3, r4, r5, r6, r7, r8, r9, r10, r11, r12, r13, + r14, r15; + + y4 = z12; + y4 = _mm256_add_epi32(y4, z0); + r4 = y4; + y4 = _mm256_slli_epi32(y4, 7); + z4 = _mm256_xor_si256(z4, y4); + r4 = _mm256_srli_epi32(r4, 25); + z4 = _mm256_xor_si256(z4, r4); + + y9 = z1; + y9 = _mm256_add_epi32(y9, z5); + r9 = y9; + y9 = _mm256_slli_epi32(y9, 7); + z9 = _mm256_xor_si256(z9, y9); + r9 = _mm256_srli_epi32(r9, 25); + z9 = _mm256_xor_si256(z9, r9); + + y8 = z0; + y8 = _mm256_add_epi32(y8, z4); + r8 = y8; + y8 = _mm256_slli_epi32(y8, 9); + z8 = _mm256_xor_si256(z8, y8); + r8 = _mm256_srli_epi32(r8, 23); + z8 = _mm256_xor_si256(z8, r8); + + y13 = z5; + y13 = _mm256_add_epi32(y13, z9); + r13 = y13; + y13 = _mm256_slli_epi32(y13, 9); + z13 = _mm256_xor_si256(z13, y13); + r13 = _mm256_srli_epi32(r13, 23); + z13 = _mm256_xor_si256(z13, r13); + + y12 = z4; + y12 = _mm256_add_epi32(y12, z8); + r12 = y12; + y12 = _mm256_slli_epi32(y12, 13); + z12 = _mm256_xor_si256(z12, y12); + r12 = _mm256_srli_epi32(r12, 19); + z12 = _mm256_xor_si256(z12, r12); + + y1 = z9; + y1 = _mm256_add_epi32(y1, z13); + r1 = y1; + y1 = _mm256_slli_epi32(y1, 13); + z1 = _mm256_xor_si256(z1, y1); + r1 = _mm256_srli_epi32(r1, 19); + z1 = _mm256_xor_si256(z1, r1); + + y0 = z8; + y0 = _mm256_add_epi32(y0, z12); + r0 = y0; + y0 = _mm256_slli_epi32(y0, 18); + z0 = _mm256_xor_si256(z0, y0); + r0 = _mm256_srli_epi32(r0, 14); + z0 = _mm256_xor_si256(z0, r0); + + y5 = z13; + y5 = _mm256_add_epi32(y5, z1); + r5 = y5; + y5 = _mm256_slli_epi32(y5, 18); + z5 = _mm256_xor_si256(z5, y5); + r5 = _mm256_srli_epi32(r5, 14); + z5 = _mm256_xor_si256(z5, r5); + + y14 = z6; + y14 = _mm256_add_epi32(y14, z10); + r14 = y14; + y14 = _mm256_slli_epi32(y14, 7); + z14 = _mm256_xor_si256(z14, y14); + r14 = _mm256_srli_epi32(r14, 25); + z14 = _mm256_xor_si256(z14, r14); + + y3 = z11; + y3 = _mm256_add_epi32(y3, z15); + r3 = y3; + y3 = _mm256_slli_epi32(y3, 7); + z3 = _mm256_xor_si256(z3, y3); + r3 = _mm256_srli_epi32(r3, 25); + z3 = _mm256_xor_si256(z3, r3); + + y2 = z10; + y2 = _mm256_add_epi32(y2, z14); + r2 = y2; + y2 = _mm256_slli_epi32(y2, 9); + z2 = _mm256_xor_si256(z2, y2); + r2 = _mm256_srli_epi32(r2, 23); + z2 = _mm256_xor_si256(z2, r2); + + y7 = z15; + y7 = _mm256_add_epi32(y7, z3); + r7 = y7; + y7 = _mm256_slli_epi32(y7, 9); + z7 = _mm256_xor_si256(z7, y7); + r7 = _mm256_srli_epi32(r7, 23); + z7 = _mm256_xor_si256(z7, r7); + + y6 = z14; + y6 = _mm256_add_epi32(y6, z2); + r6 = y6; + y6 = _mm256_slli_epi32(y6, 13); + z6 = _mm256_xor_si256(z6, y6); + r6 = _mm256_srli_epi32(r6, 19); + z6 = _mm256_xor_si256(z6, r6); + + y11 = z3; + y11 = _mm256_add_epi32(y11, z7); + r11 = y11; + y11 = _mm256_slli_epi32(y11, 13); + z11 = _mm256_xor_si256(z11, y11); + r11 = _mm256_srli_epi32(r11, 19); + z11 = _mm256_xor_si256(z11, r11); + + y10 = z2; + y10 = _mm256_add_epi32(y10, z6); + r10 = y10; + y10 = _mm256_slli_epi32(y10, 18); + z10 = _mm256_xor_si256(z10, y10); + r10 = _mm256_srli_epi32(r10, 14); + z10 = _mm256_xor_si256(z10, r10); + + y1 = z3; + y1 = _mm256_add_epi32(y1, z0); + r1 = y1; + y1 = _mm256_slli_epi32(y1, 7); + z1 = _mm256_xor_si256(z1, y1); + r1 = _mm256_srli_epi32(r1, 25); + z1 = _mm256_xor_si256(z1, r1); + + y15 = z7; + y15 = _mm256_add_epi32(y15, z11); + r15 = y15; + y15 = _mm256_slli_epi32(y15, 18); + z15 = _mm256_xor_si256(z15, y15); + r15 = _mm256_srli_epi32(r15, 14); + z15 = _mm256_xor_si256(z15, r15); + + y6 = z4; + y6 = _mm256_add_epi32(y6, z5); + r6 = y6; + y6 = _mm256_slli_epi32(y6, 7); + z6 = _mm256_xor_si256(z6, y6); + r6 = _mm256_srli_epi32(r6, 25); + z6 = _mm256_xor_si256(z6, r6); + + y2 = z0; + y2 = _mm256_add_epi32(y2, z1); + r2 = y2; + y2 = _mm256_slli_epi32(y2, 9); + z2 = _mm256_xor_si256(z2, y2); + r2 = _mm256_srli_epi32(r2, 23); + z2 = _mm256_xor_si256(z2, r2); + + y7 = z5; + y7 = _mm256_add_epi32(y7, z6); + r7 = y7; + y7 = _mm256_slli_epi32(y7, 9); + z7 = _mm256_xor_si256(z7, y7); + r7 = _mm256_srli_epi32(r7, 23); + z7 = _mm256_xor_si256(z7, r7); + + y3 = z1; + y3 = _mm256_add_epi32(y3, z2); + r3 = y3; + y3 = _mm256_slli_epi32(y3, 13); + z3 = _mm256_xor_si256(z3, y3); + r3 = _mm256_srli_epi32(r3, 19); + z3 = _mm256_xor_si256(z3, r3); + + y4 = z6; + y4 = _mm256_add_epi32(y4, z7); + r4 = y4; + y4 = _mm256_slli_epi32(y4, 13); + z4 = _mm256_xor_si256(z4, y4); + r4 = _mm256_srli_epi32(r4, 19); + z4 = _mm256_xor_si256(z4, r4); + + y0 = z2; + y0 = _mm256_add_epi32(y0, z3); + r0 = y0; + y0 = _mm256_slli_epi32(y0, 18); + z0 = _mm256_xor_si256(z0, y0); + r0 = _mm256_srli_epi32(r0, 14); + z0 = _mm256_xor_si256(z0, r0); + + y5 = z7; + y5 = _mm256_add_epi32(y5, z4); + r5 = y5; + y5 = _mm256_slli_epi32(y5, 18); + z5 = _mm256_xor_si256(z5, y5); + r5 = _mm256_srli_epi32(r5, 14); + z5 = _mm256_xor_si256(z5, r5); + + y11 = z9; + y11 = _mm256_add_epi32(y11, z10); + r11 = y11; + y11 = _mm256_slli_epi32(y11, 7); + z11 = _mm256_xor_si256(z11, y11); + r11 = _mm256_srli_epi32(r11, 25); + z11 = _mm256_xor_si256(z11, r11); + + y12 = z14; + y12 = _mm256_add_epi32(y12, z15); + r12 = y12; + y12 = _mm256_slli_epi32(y12, 7); + z12 = _mm256_xor_si256(z12, y12); + r12 = _mm256_srli_epi32(r12, 25); + z12 = _mm256_xor_si256(z12, r12); + + y8 = z10; + y8 = _mm256_add_epi32(y8, z11); + r8 = y8; + y8 = _mm256_slli_epi32(y8, 9); + z8 = _mm256_xor_si256(z8, y8); + r8 = _mm256_srli_epi32(r8, 23); + z8 = _mm256_xor_si256(z8, r8); + + y13 = z15; + y13 = _mm256_add_epi32(y13, z12); + r13 = y13; + y13 = _mm256_slli_epi32(y13, 9); + z13 = _mm256_xor_si256(z13, y13); + r13 = _mm256_srli_epi32(r13, 23); + z13 = _mm256_xor_si256(z13, r13); + + y9 = z11; + y9 = _mm256_add_epi32(y9, z8); + r9 = y9; + y9 = _mm256_slli_epi32(y9, 13); + z9 = _mm256_xor_si256(z9, y9); + r9 = _mm256_srli_epi32(r9, 19); + z9 = _mm256_xor_si256(z9, r9); + + y14 = z12; + y14 = _mm256_add_epi32(y14, z13); + r14 = y14; + y14 = _mm256_slli_epi32(y14, 13); + z14 = _mm256_xor_si256(z14, y14); + r14 = _mm256_srli_epi32(r14, 19); + z14 = _mm256_xor_si256(z14, r14); + + y10 = z8; + y10 = _mm256_add_epi32(y10, z9); + r10 = y10; + y10 = _mm256_slli_epi32(y10, 18); + z10 = _mm256_xor_si256(z10, y10); + r10 = _mm256_srli_epi32(r10, 14); + z10 = _mm256_xor_si256(z10, r10); + + y15 = z13; + y15 = _mm256_add_epi32(y15, z14); + r15 = y15; + y15 = _mm256_slli_epi32(y15, 18); + z15 = _mm256_xor_si256(z15, y15); + r15 = _mm256_srli_epi32(r15, 14); + z15 = _mm256_xor_si256(z15, r15); + } + +/* store data ; this macro first transpose data in-registers, and then store + * them in memory. much faster with icc. */ +#define ONEQUAD_TRANSPOSE(A, B, C, D) \ + { \ + __m128i t0, t1, t2, t3; \ + z##A = _mm256_add_epi32(z##A, orig##A); \ + z##B = _mm256_add_epi32(z##B, orig##B); \ + z##C = _mm256_add_epi32(z##C, orig##C); \ + z##D = _mm256_add_epi32(z##D, orig##D); \ + y##A = _mm256_unpacklo_epi32(z##A, z##B); \ + y##B = _mm256_unpacklo_epi32(z##C, z##D); \ + y##C = _mm256_unpackhi_epi32(z##A, z##B); \ + y##D = _mm256_unpackhi_epi32(z##C, z##D); \ + z##A = _mm256_unpacklo_epi64(y##A, y##B); \ + z##B = _mm256_unpackhi_epi64(y##A, y##B); \ + z##C = _mm256_unpacklo_epi64(y##C, y##D); \ + z##D = _mm256_unpackhi_epi64(y##C, y##D); \ + t0 = _mm_xor_si128(_mm256_extracti128_si256(z##A, 0), \ + _mm_loadu_si128((const __m128i*) (m + 0))); \ + _mm_storeu_si128((__m128i*) (c + 0), t0); \ + t1 = _mm_xor_si128(_mm256_extracti128_si256(z##B, 0), \ + _mm_loadu_si128((const __m128i*) (m + 64))); \ + _mm_storeu_si128((__m128i*) (c + 64), t1); \ + t2 = _mm_xor_si128(_mm256_extracti128_si256(z##C, 0), \ + _mm_loadu_si128((const __m128i*) (m + 128))); \ + _mm_storeu_si128((__m128i*) (c + 128), t2); \ + t3 = _mm_xor_si128(_mm256_extracti128_si256(z##D, 0), \ + _mm_loadu_si128((const __m128i*) (m + 192))); \ + _mm_storeu_si128((__m128i*) (c + 192), t3); \ + t0 = _mm_xor_si128(_mm256_extracti128_si256(z##A, 1), \ + _mm_loadu_si128((const __m128i*) (m + 256))); \ + _mm_storeu_si128((__m128i*) (c + 256), t0); \ + t1 = _mm_xor_si128(_mm256_extracti128_si256(z##B, 1), \ + _mm_loadu_si128((const __m128i*) (m + 320))); \ + _mm_storeu_si128((__m128i*) (c + 320), t1); \ + t2 = _mm_xor_si128(_mm256_extracti128_si256(z##C, 1), \ + _mm_loadu_si128((const __m128i*) (m + 384))); \ + _mm_storeu_si128((__m128i*) (c + 384), t2); \ + t3 = _mm_xor_si128(_mm256_extracti128_si256(z##D, 1), \ + _mm_loadu_si128((const __m128i*) (m + 448))); \ + _mm_storeu_si128((__m128i*) (c + 448), t3); \ + } + +#define ONEQUAD(A, B, C, D) ONEQUAD_TRANSPOSE(A, B, C, D) + +#define ONEQUAD_UNPCK(A, B, C, D) \ + { \ + z##A = _mm256_add_epi32(z##A, orig##A); \ + z##B = _mm256_add_epi32(z##B, orig##B); \ + z##C = _mm256_add_epi32(z##C, orig##C); \ + z##D = _mm256_add_epi32(z##D, orig##D); \ + y##A = _mm256_unpacklo_epi32(z##A, z##B); \ + y##B = _mm256_unpacklo_epi32(z##C, z##D); \ + y##C = _mm256_unpackhi_epi32(z##A, z##B); \ + y##D = _mm256_unpackhi_epi32(z##C, z##D); \ + z##A = _mm256_unpacklo_epi64(y##A, y##B); \ + z##B = _mm256_unpackhi_epi64(y##A, y##B); \ + z##C = _mm256_unpacklo_epi64(y##C, y##D); \ + z##D = _mm256_unpackhi_epi64(y##C, y##D); \ + } + +#define ONEOCTO(A, B, C, D, A2, B2, C2, D2) \ + { \ + ONEQUAD_UNPCK(A, B, C, D); \ + ONEQUAD_UNPCK(A2, B2, C2, D2); \ + y##A = _mm256_permute2x128_si256(z##A, z##A2, 0x20); \ + y##A2 = _mm256_permute2x128_si256(z##A, z##A2, 0x31); \ + y##B = _mm256_permute2x128_si256(z##B, z##B2, 0x20); \ + y##B2 = _mm256_permute2x128_si256(z##B, z##B2, 0x31); \ + y##C = _mm256_permute2x128_si256(z##C, z##C2, 0x20); \ + y##C2 = _mm256_permute2x128_si256(z##C, z##C2, 0x31); \ + y##D = _mm256_permute2x128_si256(z##D, z##D2, 0x20); \ + y##D2 = _mm256_permute2x128_si256(z##D, z##D2, 0x31); \ + y##A = _mm256_xor_si256(y##A, \ + _mm256_loadu_si256((const __m256i*) (m + 0))); \ + y##B = _mm256_xor_si256( \ + y##B, _mm256_loadu_si256((const __m256i*) (m + 64))); \ + y##C = _mm256_xor_si256( \ + y##C, _mm256_loadu_si256((const __m256i*) (m + 128))); \ + y##D = _mm256_xor_si256( \ + y##D, _mm256_loadu_si256((const __m256i*) (m + 192))); \ + y##A2 = _mm256_xor_si256( \ + y##A2, _mm256_loadu_si256((const __m256i*) (m + 256))); \ + y##B2 = _mm256_xor_si256( \ + y##B2, _mm256_loadu_si256((const __m256i*) (m + 320))); \ + y##C2 = _mm256_xor_si256( \ + y##C2, _mm256_loadu_si256((const __m256i*) (m + 384))); \ + y##D2 = _mm256_xor_si256( \ + y##D2, _mm256_loadu_si256((const __m256i*) (m + 448))); \ + _mm256_storeu_si256((__m256i*) (c + 0), y##A); \ + _mm256_storeu_si256((__m256i*) (c + 64), y##B); \ + _mm256_storeu_si256((__m256i*) (c + 128), y##C); \ + _mm256_storeu_si256((__m256i*) (c + 192), y##D); \ + _mm256_storeu_si256((__m256i*) (c + 256), y##A2); \ + _mm256_storeu_si256((__m256i*) (c + 320), y##B2); \ + _mm256_storeu_si256((__m256i*) (c + 384), y##C2); \ + _mm256_storeu_si256((__m256i*) (c + 448), y##D2); \ + } + + ONEOCTO(0, 1, 2, 3, 4, 5, 6, 7); + m += 32; + c += 32; + ONEOCTO(8, 9, 10, 11, 12, 13, 14, 15); + m -= 32; + c -= 32; + +#undef ONEQUAD +#undef ONEQUAD_TRANSPOSE +#undef ONEQUAD_UNPCK +#undef ONEOCTO + + bytes -= 512; + c += 512; + m += 512; + } +} diff --git a/test.cpp b/test.cpp index 1703d9db..7ebd9af8 100644 --- a/test.cpp +++ b/test.cpp @@ -7,17 +7,17 @@ 1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. - 2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer + 2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. - 3. Neither the name of the copyright holder nor the names of its contributors may be used to endorse or promote products derived + 3. Neither the name of the copyright holder nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission. - THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR - SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, + THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR + SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ @@ -33,7 +33,7 @@ using namespace yojimbo; -static void CheckHandler( const char * condition, +static void CheckHandler( const char * condition, const char * function, const char * file, int line ) @@ -129,46 +129,6 @@ void test_queue() check( queue.GetSize() == QueueSize ); } -#if YOJIMBO_WITH_MBEDTLS - -void test_base64() -{ - const int BufferSize = 256; - - char input[BufferSize]; - char encoded[BufferSize*2]; - char decoded[BufferSize]; - - strcpy( input, "[2001:4860:4860::8888]:50000" ); - - const int encoded_bytes = base64_encode_string( input, encoded, sizeof( encoded ) ); - - check( encoded_bytes == (int) strlen( encoded ) + 1 ); - - char encoded_expected[] = "WzIwMDE6NDg2MDo0ODYwOjo4ODg4XTo1MDAwMAA="; - - check( strcmp( encoded, encoded_expected ) == 0 ); - - const int decoded_bytes = base64_decode_string( encoded, decoded, sizeof( decoded ) ); - - check( decoded_bytes == (int) strlen( decoded ) + 1 ); - - check( strcmp( input, decoded ) == 0 ); - - uint8_t key[KeyBytes]; - random_bytes( key, KeyBytes ); - - char base64_key[KeyBytes*2]; - base64_encode_data( key, KeyBytes, base64_key, (int) sizeof( base64_key ) ); - - uint8_t decoded_key[KeyBytes]; - base64_decode_data( base64_key, decoded_key, KeyBytes ); - - check( memcmp( key, decoded_key, KeyBytes ) == 0 ); -} - -#endif // #if YOJIMBO_WITH_MBEDTLS - void test_bitpacker() { const int BufferSize = 256; @@ -263,6 +223,7 @@ struct TestData int numItems; int items[MaxItems]; float float_value; + float compressed_float_value; double double_value; uint64_t uint64_value; uint8_t bytes[17]; @@ -293,10 +254,11 @@ struct TestObject : public Serializable data.numItems = MaxItems / 2; for ( int i = 0; i < data.numItems; ++i ) - data.items[i] = i + 10; + data.items[i] = i + 10; + data.compressed_float_value = 2.13f; data.float_value = 3.1415926f; - data.double_value = 1 / 3.0; + data.double_value = 1 / 3.0; data.uint64_value = 0x1234567898765432L; for ( int i = 0; i < (int) sizeof( data.bytes ); ++i ) @@ -333,6 +295,8 @@ struct TestObject : public Serializable serialize_float( stream, data.float_value ); + serialize_compressed_float(stream, data.compressed_float_value, 0, 10, 0.01); + serialize_double( stream, data.double_value ); serialize_uint64( stream, data.uint64_value ); @@ -791,7 +755,7 @@ void test_sequence_buffer() { TestSequenceData * entry = sequence_buffer.Insert( i ); check( !entry ); - } + } int index = Size * 4; for ( int i = 0; i < Size; ++i ) @@ -802,6 +766,14 @@ void test_sequence_buffer() index--; } + for ( int i = 0; i <= Size; ++i ) + { + TestSequenceData * entry = sequence_buffer.Insert( i, true ); + check( entry ); + entry->sequence = i; + check( sequence_buffer.GetSequence() == i + 1 ); + } + sequence_buffer.Reset(); check( sequence_buffer.GetSequence() == 0 ); @@ -828,7 +800,7 @@ void test_allocator_tlsf() for ( int i = 0; i < NumBlocks; ++i ) { blockData[i] = (uint8_t*) YOJIMBO_ALLOCATE( allocator, BlockSize ); - + if ( !blockData[i] ) { check( allocator.GetErrorLevel() == ALLOCATOR_ERROR_OUT_OF_MEMORY ); @@ -837,10 +809,10 @@ void test_allocator_tlsf() stopIndex = i; break; } - + check( blockData[i] ); check( allocator.GetErrorLevel() == ALLOCATOR_ERROR_NONE ); - + memset( blockData[i], i + 10, BlockSize ); } @@ -899,7 +871,7 @@ void test_connection_reliable_ordered_messages() double time = 100.0; ConnectionConfig connectionConfig; - + Connection sender( GetDefaultAllocator(), messageFactory, connectionConfig, time ); Connection receiver( GetDefaultAllocator(), messageFactory, connectionConfig, time ); @@ -962,7 +934,7 @@ void test_connection_reliable_ordered_blocks() double time = 100.0; ConnectionConfig connectionConfig; - + Connection sender( GetDefaultAllocator(), messageFactory, connectionConfig, time ); Connection receiver( GetDefaultAllocator(), messageFactory, connectionConfig, time ); @@ -1042,9 +1014,9 @@ void test_connection_reliable_ordered_messages_and_blocks() TestMessageFactory messageFactory( GetDefaultAllocator() ); double time = 100.0; - + ConnectionConfig connectionConfig; - + Connection sender( GetDefaultAllocator(), messageFactory, connectionConfig, time ); Connection receiver( GetDefaultAllocator(), messageFactory, connectionConfig, time ); @@ -1120,7 +1092,7 @@ void test_connection_reliable_ordered_messages_and_blocks() const int blockSize = blockMessage->GetBlockSize(); check( blockSize == 1 + ( ( numMessagesReceived * 901 ) % 3333 ) ); - + const uint8_t * blockData = blockMessage->GetBlockData(); check( blockData ); @@ -1150,7 +1122,7 @@ void test_connection_reliable_ordered_messages_and_blocks_multiple_channels() const int NumChannels = 2; double time = 100.0; - + TestMessageFactory messageFactory( GetDefaultAllocator() ); ConnectionConfig connectionConfig; @@ -1241,7 +1213,7 @@ void test_connection_reliable_ordered_messages_and_blocks_multiple_channels() const int blockSize = blockMessage->GetBlockSize(); check( blockSize == 1 + ( ( numMessagesReceived[channelIndex] * 901 ) % 3333 ) ); - + const uint8_t * blockData = blockMessage->GetBlockData(); check( blockData ); @@ -1350,7 +1322,7 @@ void test_connection_unreliable_unordered_blocks() TestMessageFactory messageFactory( GetDefaultAllocator() ); double time = 100.0; - + ConnectionConfig connectionConfig; connectionConfig.numChannels = 1; connectionConfig.channel[0].type = CHANNEL_TYPE_UNRELIABLE_UNORDERED; @@ -1523,7 +1495,7 @@ void ProcessServerToClientMessages( Client & client, int & numMessagesReceivedFr break; check( message->GetId() == (int) numMessagesReceivedFromServer ); - + switch ( message->GetType() ) { case TEST_MESSAGE: @@ -1609,7 +1581,7 @@ void test_client_server_messages() Address serverAddress( "127.0.0.1", ServerPort ); double time = 100.0; - + ClientServerConfig config; config.channel[0].messageSendQueueSize = 32; config.channel[0].maxMessagesPerPacket = 8; @@ -1645,7 +1617,7 @@ void test_client_server_messages() { Client * clients[] = { &client }; Server * servers[] = { &server }; - + PumpClientServerUpdate( time, clients, 1, servers, 1 ); if ( client.ConnectionFailed() ) @@ -1753,7 +1725,7 @@ bool AllClientsConnected( int numClients, Server & server, Client ** clients ) return false; } - return true; + return true; } bool AnyClientDisconnected( int numClients, Client ** clients ) @@ -1773,7 +1745,7 @@ void test_client_server_start_stop_restart() Address serverAddress( "127.0.0.1", ServerPort ); double time = 100.0; - + ClientServerConfig config; config.channel[0].messageSendQueueSize = 32; config.channel[0].maxMessagesPerPacket = 8; @@ -1884,7 +1856,7 @@ void test_client_server_message_failed_to_serialize_reliable_ordered() Address serverAddress( "127.0.0.1", ServerPort ); double time = 100.0; - + ClientServerConfig config; config.maxPacketSize = 1100; config.numChannels = 1; @@ -1909,7 +1881,7 @@ void test_client_server_message_failed_to_serialize_reliable_ordered() { Client * clients[] = { &client }; Server * servers[] = { &server }; - + PumpClientServerUpdate( time, clients, 1, servers, 1 ); if ( client.ConnectionFailed() ) @@ -1935,7 +1907,7 @@ void test_client_server_message_failed_to_serialize_reliable_ordered() { Client * clients[] = { &client }; Server * servers[] = { &server }; - + PumpClientServerUpdate( time, clients, 1, servers, 1 ); if ( !client.IsConnected() && server.GetNumConnectedClients() == 0 ) @@ -1957,7 +1929,7 @@ void test_client_server_message_failed_to_serialize_unreliable_unordered() Address serverAddress( "127.0.0.1", ServerPort ); double time = 100.0; - + ClientServerConfig config; config.maxPacketSize = 1100; config.numChannels = 1; @@ -1982,7 +1954,7 @@ void test_client_server_message_failed_to_serialize_unreliable_unordered() { Client * clients[] = { &client }; Server * servers[] = { &server }; - + PumpClientServerUpdate( time, clients, 1, servers, 1 ); if ( client.ConnectionFailed() ) @@ -2004,7 +1976,7 @@ void test_client_server_message_failed_to_serialize_unreliable_unordered() { Client * clients[] = { &client }; Server * servers[] = { &server }; - + Message * message = client.CreateMessage( TEST_SERIALIZE_FAIL_ON_READ_MESSAGE ); check( message ); client.SendMessage( 0, message ); @@ -2031,7 +2003,7 @@ void test_client_server_message_exhaust_stream_allocator() Address serverAddress( "127.0.0.1", ServerPort ); double time = 100.0; - + ClientServerConfig config; config.maxPacketSize = 1100; config.numChannels = 1; @@ -2056,7 +2028,7 @@ void test_client_server_message_exhaust_stream_allocator() { Client * clients[] = { &client }; Server * servers[] = { &server }; - + PumpClientServerUpdate( time, clients, 1, servers, 1 ); if ( client.ConnectionFailed() ) @@ -2082,7 +2054,7 @@ void test_client_server_message_exhaust_stream_allocator() { Client * clients[] = { &client }; Server * servers[] = { &server }; - + PumpClientServerUpdate( time, clients, 1, servers, 1 ); if ( !client.IsConnected() && server.GetNumConnectedClients() == 0 ) @@ -2104,7 +2076,7 @@ void test_client_server_message_receive_queue_overflow() Address serverAddress( "127.0.0.1", ServerPort ); double time = 100.0; - + ClientServerConfig config; config.maxPacketSize = 1100; config.numChannels = 1; @@ -2113,7 +2085,7 @@ void test_client_server_message_receive_queue_overflow() config.channel[0].blockFragmentSize = 200; config.channel[0].messageSendQueueSize = 1024; config.channel[0].messageReceiveQueueSize = 256; - + uint8_t privateKey[KeyBytes]; memset( privateKey, 0, KeyBytes ); @@ -2129,7 +2101,7 @@ void test_client_server_message_receive_queue_overflow() { Client * clients[] = { &client }; Server * servers[] = { &server }; - + PumpClientServerUpdate( time, clients, 1, servers, 1 ); if ( client.ConnectionFailed() ) @@ -2155,7 +2127,7 @@ void test_client_server_message_receive_queue_overflow() for ( int i = 0; i < NumMessagesSent * 4; ++i ) { Client * clients[] = { &client }; - Server * servers[] = { &server }; + Server * servers[] = { &server }; PumpClientServerUpdate( time, clients, 1, servers, 1 ); } @@ -2171,87 +2143,217 @@ void test_client_server_message_receive_queue_overflow() void test_reliable_fragment_overflow_bug() { double time = 100.0; - + ClientServerConfig config; config.numChannels = 2; config.channel[0].type = CHANNEL_TYPE_UNRELIABLE_UNORDERED; config.channel[0].packetBudget = 8000; config.channel[1].type = CHANNEL_TYPE_RELIABLE_ORDERED; config.channel[1].packetBudget = -1; - + uint8_t privateKey[KeyBytes]; memset(privateKey, 0, KeyBytes); Server server(GetDefaultAllocator(), privateKey, Address("127.0.0.1", ServerPort), config, adapter, time); - + server.Start(MaxClients); check(server.IsRunning()); - + uint64_t clientId = 0; random_bytes((uint8_t*)&clientId, 8); - + Client client(GetDefaultAllocator(), Address("0.0.0.0"), config, adapter, time); - + Address serverAddress("127.0.0.1", ServerPort); - + client.InsecureConnect(privateKey, clientId, serverAddress); - + Client * clients[] = { &client }; Server * servers[] = { &server }; - + while (true) { PumpClientServerUpdate(time, clients, 1, servers, 1); - + if (client.ConnectionFailed()) break; - + if (!client.IsConnecting() && client.IsConnected() && server.GetNumConnectedClients() == 1) break; } - + check(!client.IsConnecting()); check(client.IsConnected()); check(server.GetNumConnectedClients() == 1); check(client.GetClientIndex() == 0); check(server.IsClientConnected(0)); - + PumpClientServerUpdate(time, clients, 1, servers, 1); check(!client.IsDisconnected()); - + TestBlockMessage *testBlockMessage = (TestBlockMessage *)client.CreateMessage(TEST_BLOCK_MESSAGE); uint8_t * blockData = client.AllocateBlock(7169); memset( blockData, 0, 7169 ); client.AttachBlockToMessage(testBlockMessage, blockData, 7169); client.SendMessage(0, testBlockMessage); - + testBlockMessage = (TestBlockMessage *)client.CreateMessage(TEST_BLOCK_MESSAGE); blockData = client.AllocateBlock(1024); memset( blockData, 0, 1024 ); client.AttachBlockToMessage(testBlockMessage, blockData, 1024); client.SendMessage(1, testBlockMessage); - + PumpClientServerUpdate(time, clients, 1, servers, 1); - + PumpClientServerUpdate(time, clients, 1, servers, 1); - + PumpClientServerUpdate(time, clients, 1, servers, 1); check(!client.IsDisconnected()); - + Message *message = server.ReceiveMessage(0, 0); check(message); check(message->GetType() == TEST_BLOCK_MESSAGE); server.ReleaseMessage(0, message); - + message = server.ReceiveMessage(0, 1); check(message); check(message->GetType() == TEST_BLOCK_MESSAGE); server.ReleaseMessage(0, message); - + client.Disconnect(); server.Stop(); } +void test_reliable_outbound_sequence_outdated() +{ + const uint64_t clientId = 1; + + Address clientAddress( "0.0.0.0", ClientPort ); + Address serverAddress( "127.0.0.1", ServerPort ); + + double time = 100.0; + double deltaTime = 1.0 / 60.0; + + ClientServerConfig config; + config.numChannels = 2; + config.timeout = -1; + + const int BlockSize = config.channel[0].blockFragmentSize * 2; + + Client client( GetDefaultAllocator(), clientAddress, config, adapter, time ); + + uint8_t privateKey[KeyBytes]; + memset( privateKey, 0, KeyBytes ); + + Server server( GetDefaultAllocator(), privateKey, serverAddress, config, adapter, time ); + + server.Start( MaxClients ); + + client.InsecureConnect( privateKey, clientId, serverAddress ); + + Client * clients[] = { &client }; + Server * servers[] = { &server }; + + const int NumIterations = 50000; + + for ( int i = 0; i < NumIterations; ++i ) + { + PumpClientServerUpdate( time, clients, 1, servers, 1 ); + + if ( client.ConnectionFailed() ) + break; + + if ( !client.IsConnecting() && client.IsConnected() && server.GetNumConnectedClients() == 1 ) + break; + } + + check( !client.IsConnecting() ); + check( client.IsConnected() ); + check( server.GetNumConnectedClients() == 1 ); + check( client.GetClientIndex() == 0 ); + check( server.IsClientConnected(0) ); + + int numMessagesSent = 0; + + TestMessage * clientMessage = (TestMessage*) client.CreateMessage( TEST_MESSAGE ); + check( clientMessage ); + client.SendMessage( 0, clientMessage ); + ++numMessagesSent; + + TestBlockMessage * clientBlockMessage = (TestBlockMessage*) client.CreateMessage( TEST_BLOCK_MESSAGE ); + check( clientBlockMessage ); + uint8_t * clientBlockData = client.AllocateBlock( BlockSize ); + memset( clientBlockData, 0, BlockSize ); + client.AttachBlockToMessage( clientBlockMessage, clientBlockData, BlockSize ); + client.SendMessage( 1, clientBlockMessage ); + ++numMessagesSent; + + // Simulate packet sequence being incremented by unreliable messages until it appears outdated. + for ( int i = 0; i < 32000; ++i ) // Test takes much longer when sending 32768 at once. + { + client.SendPackets(); + } + PumpClientServerUpdate( time, clients, 1, servers, 1, deltaTime ); + for ( int j = 0; j < 768; ++j ) + { + client.SendPackets(); + } + + TestMessage * clientMessage2 = (TestMessage*) client.CreateMessage( TEST_MESSAGE ); + check( clientMessage2 ); + client.SendMessage( 0, clientMessage2 ); + ++numMessagesSent; + + TestBlockMessage * clientBlockMessage2 = (TestBlockMessage*) client.CreateMessage( TEST_BLOCK_MESSAGE ); + check( clientBlockMessage2 ); + uint8_t * clientBlockData2 = client.AllocateBlock( BlockSize ); + memset( clientBlockData2, 0, BlockSize ); + client.AttachBlockToMessage( clientBlockMessage2, clientBlockData2, BlockSize ); + client.SendMessage( 1, clientBlockMessage2 ); + ++numMessagesSent; + + int numMessagesReceived = 0; + + for ( int i = 0; i < NumIterations; ++i ) + { + if ( !client.IsConnected() ) + break; + + PumpClientServerUpdate( time, clients, 1, servers, 1, deltaTime ); + + for ( int channelIndex = 0; channelIndex < config.numChannels; ++channelIndex ) + { + Message * messageFromClient = server.ReceiveMessage( 0, channelIndex ); + if ( messageFromClient ) + { + server.ReleaseMessage( 0, messageFromClient ); + ++numMessagesReceived; + } + } + + if ( numMessagesReceived == numMessagesSent ) + break; + } + + check( client.IsConnected() ); + check( server.IsClientConnected( client.GetClientIndex() ) ); + check( numMessagesReceived == numMessagesSent ); + + client.Disconnect(); + + for ( int i = 0; i < NumIterations; ++i ) + { + PumpClientServerUpdate( time, clients, 1, servers, 1 ); + + if ( !client.IsConnected() && server.GetNumConnectedClients() == 0 ) + break; + } + + check( !client.IsConnected() && server.GetNumConnectedClients() == 0 ); + + server.Stop(); +} + void test_single_message_type_reliable() { SingleTestMessageFactory messageFactory( GetDefaultAllocator() ); @@ -2259,7 +2361,7 @@ void test_single_message_type_reliable() double time = 100.0; ConnectionConfig connectionConfig; - + Connection sender( GetDefaultAllocator(), messageFactory, connectionConfig, time ); Connection receiver( GetDefaultAllocator(), messageFactory, connectionConfig, time ); @@ -2322,7 +2424,7 @@ void test_single_message_type_reliable_blocks() double time = 100.0; ConnectionConfig connectionConfig; - + Connection sender( GetDefaultAllocator(), messageFactory, connectionConfig, time ); Connection receiver( GetDefaultAllocator(), messageFactory, connectionConfig, time ); @@ -2473,7 +2575,7 @@ void test_single_message_type_unreliable() test_function(); \ ShutdownYojimbo(); \ } \ - while (0) + while (0) extern "C" void netcode_test(); extern "C" void reliable_test(); @@ -2498,7 +2600,7 @@ int main() printf( "\n" ); #if SOAK - signal( SIGINT, interrupt_handler ); + signal( SIGINT, interrupt_handler ); int iter = 0; while ( true ) #endif // #if SOAK @@ -2507,7 +2609,7 @@ int main() printf( "[netcode.io]\n\n" ); check( InitializeYojimbo() ); - + netcode_test(); ShutdownYojimbo(); @@ -2517,7 +2619,7 @@ int main() printf( "\n[reliable.io]\n\n" ); check( InitializeYojimbo() ); - + reliable_test(); ShutdownYojimbo(); @@ -2527,9 +2629,6 @@ int main() RUN_TEST( test_endian ); RUN_TEST( test_queue ); -#if YOJIMBO_WITH_MBEDTLS - RUN_TEST( test_base64 ); -#endif // #if YOJIMBO_WITH_MBEDTLS RUN_TEST( test_bitpacker ); RUN_TEST( test_bits_required ); RUN_TEST( test_stream ); @@ -2552,22 +2651,23 @@ int main() RUN_TEST( test_client_server_message_exhaust_stream_allocator ); RUN_TEST( test_client_server_message_receive_queue_overflow ); RUN_TEST( test_reliable_fragment_overflow_bug ); + RUN_TEST( test_reliable_outbound_sequence_outdated ); RUN_TEST( test_single_message_type_reliable ); RUN_TEST( test_single_message_type_reliable_blocks ); RUN_TEST( test_single_message_type_unreliable ); - + #if SOAK if ( quit ) break; iter++; for ( int j = 0; j < iter % 10; ++j ) printf( "." ); - printf( "\n" ); + printf( "\n" ); #endif // #if SOAK } #if SOAK - if ( quit ) + if ( quit ) printf( "\n" ); else #else // #if SOAK diff --git a/valgrind/Dockerfile b/valgrind/Dockerfile deleted file mode 100644 index c9c2663a..00000000 --- a/valgrind/Dockerfile +++ /dev/null @@ -1,37 +0,0 @@ -FROM phusion/baseimage:0.11 - -CMD ["/sbin/my_init"] - -WORKDIR /app - -RUN apt-get -y update && apt-get install -y wget make g++ dh-autoreconf pkg-config valgrind cmake - -RUN wget https://github.com/jedisct1/libsodium/releases/download/1.0.16/libsodium-1.0.16.tar.gz && \ - tar -zxvf libsodium-*.tar.gz && \ - cd libsodium-* && \ - ./configure && \ - make -j32 && make check && \ - make install && \ - cd .. && \ - rm -rf libsodium* && \ - ldconfig - -RUN wget https://github.com/premake/premake-core/releases/download/v5.0.0-alpha13/premake-5.0.0-alpha13-linux.tar.gz && \ - tar -zxvf premake-*.tar.gz && \ - rm premake-*.tar.gz && \ - mv premake5 /usr/local/bin - -RUN wget https://github.com/ARMmbed/mbedtls/archive/mbedtls-2.13.0.tar.gz && \ - tar -zxvf mbedtls-*.tar.gz && \ - cd mbedtls-mbedtls-* && \ - cmake . && \ - make -j32 && make install && \ - ldconfig - -ADD yojimbo /app/yojimbo - -RUN cd yojimbo && find . -exec touch {} \; && premake5 gmake && make -j32 test && make -j32 soak && cp ./bin/* /app - -CMD [ "valgrind", "--tool=memcheck", "--leak-check=yes", "--show-reachable=yes", "--num-callers=20", "--track-fds=yes", "--track-origins=yes", "./test" ] - -RUN apt-get clean && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* diff --git a/vcpkg/ports/yojimbo/CMakeLists.txt b/vcpkg/ports/yojimbo/CMakeLists.txt deleted file mode 100644 index 210e1544..00000000 --- a/vcpkg/ports/yojimbo/CMakeLists.txt +++ /dev/null @@ -1,188 +0,0 @@ -cmake_minimum_required(VERSION 3.16) - - -MESSAGE("*********************************************************************") -MESSAGE("****** Yojimbo -- START --") - -list(APPEND CMAKE_MODULE_PATH "${CURRENT_PORT_DIR}/cmake/") -include("${CURRENT_PORT_DIR}/cmake/yojimbo_lib.cmake") - -find_package(libsodium REQUIRED) -find_package(mbedtls REQUIRED) - -############################################################# -## Project Definition -############################################################# -project(Yojimbo C CXX) - -############################################################ -## Yojimbo Static Library -############################################################ -## - add_library(yojimbo STATIC - ${SOURCE_PATH}/yojimbo.cpp - ${SOURCE_PATH}/tlsf/tlsf.c - ${SOURCE_PATH}/netcode.io/netcode.c - ${SOURCE_PATH}/reliable.io/reliable.c ) - - target_link_libraries( yojimbo PRIVATE sodium mbedtls mbedx509 mbedcrypto ) - - target_compile_definitions( yojimbo PUBLIC NETCODE_ENABLE_TESTS=0 RELIABLE_ENABLE_TESTS=0 ) - - target_include_directories( yojimbo - PRIVATE - ${SOURCE_PATH} - ${SOURCE_PATH}/netcode.io - ${SOURCE_PATH}/reliable.io - ) - - ############################################################ - ## Yojimbo Static TEST Library and Test App - ############################################################ - ## - ##if(${YOJIMBO_TESTS}) - ## library - add_library(yojimbo_test STATIC - ${SOURCE_PATH}/yojimbo.cpp - ${SOURCE_PATH}/tlsf/tlsf.c - ${SOURCE_PATH}/netcode.io/netcode.c - ${SOURCE_PATH}/reliable.io/reliable.c - ) - target_link_libraries( yojimbo_test sodium mbedtls mbedx509 mbedcrypto ) - target_compile_definitions( yojimbo_test PUBLIC NETCODE_ENABLE_TESTS=1 RELIABLE_ENABLE_TESTS=1 ) - target_include_directories( yojimbo_test - INTERFACE - $ - $ - PRIVATE - "${SOURCE_PATH}/netcode.io" - "${SOURCE_PATH}/reliable.io" - ) - - target_include_directories( yojimbo PRIVATE "${VCPKG_LIBSODIUM_BASE}/include" ) - target_include_directories( yojimbo PRIVATE "${VCPKG_MBEDTLS_BASE}/include" ) - - ## executable - add_executable(testapp ${SOURCE_PATH}/test.cpp ) - target_link_libraries(testapp yojimbo_test) - ## - ##endif() - - ############################################################ - ## Client App Target - ############################################################ - ## - add_executable(client ${SOURCE_PATH}/client.cpp ) - target_link_libraries( client yojimbo ) - - ############################################################ - ## Server App Target - ############################################################ - ## - add_executable(server ${SOURCE_PATH}/server.cpp ) - target_link_libraries( server yojimbo ) - - ############################################################ - ## Secure Client App Target - ############################################################ - ## - add_executable(secure_client ${SOURCE_PATH}/secure_client.cpp ) - target_link_libraries( secure_client yojimbo ) - - ############################################################ - ## Secure Server App Target - ############################################################ - ## - add_executable(secure_server ${SOURCE_PATH}/secure_server.cpp ) - target_link_libraries( secure_server yojimbo ) - - ############################################################ - ## Client Server App Target - ############################################################ - ## - add_executable(client_server ${SOURCE_PATH}/client_server.cpp ) - target_link_libraries( client_server yojimbo ) - - ############################################################ - ## Loopback App Target - ############################################################ - ## - add_executable(loopback ${SOURCE_PATH}/loopback.cpp ) - target_link_libraries( loopback yojimbo ) - - ############################################################ - ## Soak App Target - ############################################################ - ## - add_executable(soak ${SOURCE_PATH}/soak.cpp ) - target_link_libraries( soak yojimbo ) - -############################################################ -## Install -############################################################ -## - # the ugly hack - file(INSTALL ${CURRENT_PORT_DIR}/cmake/libsodiumConfig.cmake DESTINATION ${CMAKE_INSTALL_PREFIX}/share/yojimbo) - file(INSTALL ${CURRENT_PORT_DIR}/cmake/mbedtlsConfig.cmake DESTINATION ${CMAKE_INSTALL_PREFIX}/share/yojimbo) - - #if(YOJIMBO_TESTS) - SET(TEST_INSTALL testapp) - #endif() - - ## yojimbo + EXPORT - install( - TARGETS - yojimbo - EXPORT yojimbo_target - #RUNTIME DESTINATION ${CMAKE_INSTALL_PREFIX}/bin - LIBRARY DESTINATION ${CMAKE_INSTALL_PREFIX}/lib - ARCHIVE DESTINATION ${CMAKE_INSTALL_PREFIX}/lib - INCLUDES DESTINATION ${CMAKE_INSTALL_PREFIX}/include ) - - ## install cmake files for find_package - install(EXPORT yojimbo_target - DESTINATION ${CMAKE_INSTALL_PREFIX}/share/yojimbo - NAMESPACE yojimbo:: - FILE yojimboConfig.cmake - EXPORT_LINK_INTERFACE_LIBRARIES - ) - - if( ${CMAKE_BUILD_TYPE}_ STREQUAL "Debug_" ) - vprint(CMAKE_BUILD_TYPE) - message("Skipping header installation.") - else() - vprint(CMAKE_BUILD_TYPE) - message("Installing headers") - install( FILES ${SOURCE_PATH}/yojimbo.h - ${SOURCE_PATH}/shared.h - DESTINATION - ${CMAKE_INSTALL_PREFIX}/include/yojimbo - ) - endif() - - ## The rest - install( - TARGETS - ${TEST_INSTALL} - client - server - secure_client - secure_server - client_server - loopback - soak - RUNTIME DESTINATION ${CMAKE_INSTALL_PREFIX}/examples/yojimbo - LIBRARY DESTINATION ${CMAKE_INSTALL_PREFIX}/lib - ARCHIVE DESTINATION ${CMAKE_INSTALL_PREFIX}/lib - INCLUDES DESTINATION ${CMAKE_INSTALL_PREFIX}/include ) - - - - - -#### DONE #### - - - -MESSAGE(STATUS "****** Yojimbo -- DONE --") -MESSAGE("*********************************************************************") \ No newline at end of file diff --git a/vcpkg/ports/yojimbo/cmake/libsodiumConfig.cmake b/vcpkg/ports/yojimbo/cmake/libsodiumConfig.cmake deleted file mode 100644 index 50973713..00000000 --- a/vcpkg/ports/yojimbo/cmake/libsodiumConfig.cmake +++ /dev/null @@ -1,37 +0,0 @@ -if(NOT DEFINED VCPKG_ROOT_DIR) - message(FATAL_ERROR "VCPKG_ROOT_DIR is not defined. Please set it to the root folder of your vcpkg installation.") -endif() - - -############################################################ -## External imports: libsodium -############################################################ - # External library paths - if(WIN32) - SET(VCPKG_LIBSODIUM_BASE "${VCPKG_ROOT_DIR}/packages/libsodium_x64-windows-static" ) - elseif(UNIX) - SET(VCPKG_LIBSODIUM_BASE "${VCPKG_ROOT_DIR}/installed/x64-linux") - else() - MESSAGE(FATAL "Unrecognized Operating System. I understand either WIN32 or UNIX to be set to true.") - endif() - - ## External libraries and headers - add_library( sodium STATIC IMPORTED) - target_include_directories( sodium INTERFACE "${VCPKG_LIBSODIUM_BASE}/include" ) - - ## External library binaries - if(WIN32) - if(${CMAKE_BUILD_TYPE}_ STREQUAL "Debug_") - set_target_properties(sodium PROPERTIES IMPORTED_LOCATION ${VCPKG_LIBSODIUM_BASE}/debug/lib/libsodium.lib ) - else() - set_target_properties(sodium PROPERTIES IMPORTED_LOCATION ${VCPKG_LIBSODIUM_BASE}/lib/libsodium.lib ) - endif() - ELSEIF(UNIX) - if(${CMAKE_BUILD_TYPE}_ STREQUAL "Debug_") - set_target_properties(sodium PROPERTIES IMPORTED_LOCATION ${VCPKG_LIBSODIUM_BASE}/debug/lib/libsodium.a ) - else() - set_target_properties(sodium PROPERTIES IMPORTED_LOCATION ${VCPKG_LIBSODIUM_BASE}/lib/libsodium.a ) - endif() - ENDIF() - - diff --git a/vcpkg/ports/yojimbo/cmake/mbedtlsConfig.cmake b/vcpkg/ports/yojimbo/cmake/mbedtlsConfig.cmake deleted file mode 100644 index 32c3680d..00000000 --- a/vcpkg/ports/yojimbo/cmake/mbedtlsConfig.cmake +++ /dev/null @@ -1,56 +0,0 @@ -if(NOT DEFINED VCPKG_ROOT_DIR) - message(FATAL_ERROR "VCPKG_ROOT_DIR is not defined. Please set it to the root folder of your vcpkg installation.") -endif() - -############################################################ -## External imports: mbedtls -############################################################ -## - ## TODO: - ## -> 32 bit ??? - ## -> Dynamic linking setup ??? - - # External library paths - if(WIN32) - SET(VCPKG_MBEDTLS_BASE "${VCPKG_ROOT_DIR}/packages/mbedtls_x64-windows-static" ) - elseif(UNIX) - SET(VCPKG_MBEDTLS_BASE "${VCPKG_ROOT_DIR}/installed/x64-linux") - else() - MESSAGE(FATAL "Unrecognized Operating System. I understand either WIN32 or UNIX to be set to true.") - endif() - - ## External libraries and headers - - add_library( mbedtls STATIC IMPORTED ) - target_include_directories( mbedtls INTERFACE "${VCPKG_MBEDTLS_BASE}/include" ) - - add_library( mbedx509 STATIC IMPORTED ) - target_include_directories( mbedx509 INTERFACE "${VCPKG_MBEDTLS_BASE}/include" ) - - add_library( mbedcrypto STATIC IMPORTED ) - target_include_directories( mbedcrypto INTERFACE "${VCPKG_MBEDTLS_BASE}/include" ) - - ## External library binaries - if(WIN32) - if(${CMAKE_BUILD_TYPE}_ STREQUAL "Debug_") - set_target_properties(mbedtls PROPERTIES IMPORTED_LOCATION ${VCPKG_MBEDTLS_BASE}/debug/lib/mbedtls.lib ) - set_target_properties(mbedx509 PROPERTIES IMPORTED_LOCATION ${VCPKG_MBEDTLS_BASE}/debug/lib/mbedx509.lib ) - set_target_properties(mbedcrypto PROPERTIES IMPORTED_LOCATION ${VCPKG_MBEDTLS_BASE}/debug/lib/mbedcrypto.lib ) - else() - set_target_properties(mbedtls PROPERTIES IMPORTED_LOCATION ${VCPKG_MBEDTLS_BASE}/lib/mbedtls.lib ) - set_target_properties(mbedx509 PROPERTIES IMPORTED_LOCATION ${VCPKG_MBEDTLS_BASE}/lib/mbedx509.lib ) - set_target_properties(mbedcrypto PROPERTIES IMPORTED_LOCATION ${VCPKG_MBEDTLS_BASE}/lib/mbedcrypto.lib ) - endif() - ELSEIF(UNIX) - if(${CMAKE_BUILD_TYPE}_ STREQUAL "Debug_") - set_target_properties(mbedtls PROPERTIES IMPORTED_LOCATION ${VCPKG_MBEDTLS_BASE}/debug/lib/libmbedtls.a ) - set_target_properties(mbedx509 PROPERTIES IMPORTED_LOCATION ${VCPKG_MBEDTLS_BASE}/debug/lib/libmbedx509.a ) - set_target_properties(mbedcrypto PROPERTIES IMPORTED_LOCATION ${VCPKG_MBEDTLS_BASE}/debug/lib/libmbedcrypto.a ) - else() - set_target_properties(mbedtls PROPERTIES IMPORTED_LOCATION ${VCPKG_MBEDTLS_BASE}/lib/libmbedtls.a ) - set_target_properties(mbedx509 PROPERTIES IMPORTED_LOCATION ${VCPKG_MBEDTLS_BASE}/lib/libmbedx509.a ) - set_target_properties(mbedcrypto PROPERTIES IMPORTED_LOCATION ${VCPKG_MBEDTLS_BASE}/lib/libmbedcrypto.a ) - endif() - ENDIF() - - diff --git a/vcpkg/ports/yojimbo/cmake/yojimbo_lib.cmake b/vcpkg/ports/yojimbo/cmake/yojimbo_lib.cmake deleted file mode 100644 index f61bef5d..00000000 --- a/vcpkg/ports/yojimbo/cmake/yojimbo_lib.cmake +++ /dev/null @@ -1,36 +0,0 @@ -# compares a and b and puts the result into the variable name referenced in result -function(max a b result) - if ( ${a} GREATER ${b} ) - SET(${result} ${a} PARENT_SCOPE) - else() - SET(${result} ${b} PARENT_SCOPE) - endif() -endfunction() - -# formatted variable output -function(vprint varname) - if(NOT DEFINED vprint_width) - SET (vprint_width 30) # formatting width - endif() - - SET(varcontent ${${varname}} ) - - string(LENGTH "${varname}" vname_length ) - math(EXPR padding_length ${vprint_width}-${vname_length}) - max( ${padding_length} 0 padding_length) - string(REPEAT " " ${padding_length} vname_padding) - MESSAGE( "${varname}${vname_padding} = ${varcontent}") -endfunction() - -macro(print_all_vars) - message("=================================================================") - message("Defined CMake Variables: ") - message("=================================================================") - get_cmake_property(_variableNames VARIABLES) - list (SORT _variableNames) - foreach (_variableName ${_variableNames}) - vprint(${_variableName}) - endforeach() - message("=================================================================") -endmacro(print_all_vars) - diff --git a/vcpkg/ports/yojimbo/portfile.cmake b/vcpkg/ports/yojimbo/portfile.cmake deleted file mode 100644 index 4ecdff35..00000000 --- a/vcpkg/ports/yojimbo/portfile.cmake +++ /dev/null @@ -1,94 +0,0 @@ -vcpkg_check_linkage(ONLY_STATIC_LIBRARY) - -# make some functions available, mainly for logging / printing variables -# but also the mbedtls and libsodium config files which their ports are lacking. -# libsodium has some "unofficial" config - I decided to roll my own here. ~Yorlik - -list(APPEND CMAKE_MODULE_PATH "${CURRENT_PORT_DIR}/cmake/") -message("CMAKE_MODULE_PATH: ${CMAKE_MODULE_PATH}") -include(yojimbo_lib) # load functions - -## Download stuff - vcpkg_from_github( - OUT_SOURCE_PATH SOURCE_PATH - REPO networkprotocol/yojimbo - REF v1.2.1 - SHA512 1c16331b5fa743c953e776c097e8a9e30c29c76c35632cff87f70294db7d7e04b0ce66ea5d1b7930ce746bd7f2d7203a5abf1c9918571f81fcb7453126b09080 - ) - - vcpkg_from_github( - OUT_SOURCE_PATH NETCODE_SOURCE_PATH - REPO networkprotocol/netcode - REF v1.2.1 - SHA512 ac03f83ccf548c0ebfc1dfae69248f301d52351d306cf34ef25e07c88d15e544b55cb4dc09c23db84f90e2aee83688d40591f3ce0ef92dc5dc95b53dab301539 - ) - - vcpkg_from_github( - OUT_SOURCE_PATH RELIABLE_SOURCE_PATH - REPO networkprotocol/reliable - REF v1.2 - SHA512 45c7d2734de565f1700942a178d062081c70cdb9d4dc2509e5db616ab23f1e4f7d3f5e214d42267f019e5c1867a304bb537b6023eb78574f7a6ebf1ff43174bb - ) - -## move netcode dependencies -## todo: make vcpkg ports for these and just declare them as dependencies like mbedtls and libsodium - - if(WIN32) - - STRING(REPLACE "/" "\\" NETCODE_SOURCE_PATH ${NETCODE_SOURCE_PATH} ) - STRING(REPLACE "/" "\\" RELIABLE_SOURCE_PATH ${RELIABLE_SOURCE_PATH} ) - STRING(REPLACE "/" "\\" THESOURCE ${SOURCE_PATH} ) - execute_process( - COMMAND cmd /C "xcopy ${NETCODE_SOURCE_PATH} ${THESOURCE}\\netcode.io /E /I /F /H /R /-Y /Q" - COMMAND cmd /C "xcopy ${RELIABLE_SOURCE_PATH} ${THESOURCE}\\reliable.io /E /I /F /H /R /-Y /Q" - ) - - elseif(UNIX) - message("Unix like OS. Copying files ...") - vprint(NETCODE_SOURCE_PATH) - vprint(RELIABLE_SOURCE_PATH) - SET( THESOURCE ${SOURCE_PATH} ) - execute_process( - COMMAND cp -v -r ${NETCODE_SOURCE_PATH}/. -t ${THESOURCE}/netcode.io/ - COMMAND cp -v -r ${RELIABLE_SOURCE_PATH}/. -t ${THESOURCE}/reliable.io/ - ) - message("Unix like OS. Copying files ... DONE!") - - else() - message(FATAL_ERROR "Unrecognized OS.") - endif() - -## Install main CMakeLists.txt into yojimbo source tree - file(INSTALL ${CMAKE_CURRENT_LIST_DIR}/CMakeLists.txt DESTINATION ${SOURCE_PATH}) - -## vcpkg feature Check - set(BUILD_YOJIMBO_TESTS 0) - if("tests" IN_LIST FEATURES) - set(BUILD_YOJIMBO_TESTS 1) - endif() - -## Configure cmake for build phase - vcpkg_configure_cmake( - SOURCE_PATH ${SOURCE_PATH} - GENERATOR "Ninja" - OPTIONS - -DSOURCE_PATH=${SOURCE_PATH} - -DVCPKG_ROOT_DIR=${VCPKG_ROOT_DIR} - -Dlibsodium_DIR=${CURRENT_PORT_DIR}/cmake - -Dmbedtls_DIR=${CURRENT_PORT_DIR}/cmake - -DCURRENT_PORT_DIR=${CURRENT_PORT_DIR} - -DCMAKE_TOOLCHAIN_FILE=${VCPKG_ROOT_DIR}/scripts/buildsystems/vcpkg.cmake - ) - -## On windows install debug info - vcpkg_copy_pdbs() - -## Install artifacts - vcpkg_install_cmake() - -## Install usage and copyright - file(INSTALL ${CMAKE_CURRENT_LIST_DIR}/usage DESTINATION ${CURRENT_PACKAGES_DIR}/share/${PORT}) - file(INSTALL ${SOURCE_PATH}/LICENCE DESTINATION ${CURRENT_PACKAGES_DIR}/share/${PORT} RENAME copyright) - -## Finalize - vcpkg_fixup_cmake_targets() diff --git a/vcpkg/ports/yojimbo/readme.md b/vcpkg/ports/yojimbo/readme.md deleted file mode 100644 index 084fad11..00000000 --- a/vcpkg/ports/yojimbo/readme.md +++ /dev/null @@ -1,21 +0,0 @@ -This directory contains a port of yojimbo to the vcpkg package manager. -vcpkg Git Repository: https://github.com/microsoft/vcpkg -vcpkg Documentation: https://vcpkg.readthedocs.io - -Usage: - - 1. git clone https://github.com/microsoft/vcpkg.git - 2. cd vcpkg - 3. Bootstrap: - - bootstrap-vcpkg.bat (windows) - - bootstrap-vcpkg.sh (Linux) - 4. Install - - vcpkg install yojimbo:x64-windows --overlay-ports=this/directory (64 bit windows) - - vcpkg install yojimbo:x64-linux --overlay-ports=this/directory(64 bit linux) - -Tested on Windows 10 and Windows WSL2 Linux - -ToDo: ----------- -- Add features -- vcpkgify netcode and reliable modules and use standard vcpkg semantics. \ No newline at end of file diff --git a/vcpkg/ports/yojimbo/usage b/vcpkg/ports/yojimbo/usage deleted file mode 100644 index fa253d7f..00000000 --- a/vcpkg/ports/yojimbo/usage +++ /dev/null @@ -1,10 +0,0 @@ -Use this package in your CMakeLists.txt: - - - SET(VCPKG_ROOT_DIR=/path/to/vcpkg_root) - - find_package( yojimbo REQUIRED) - find_package( libsodium REQUIRED) - find_package( mbedtls REQUIRED) - .. add your "main" target - target_link_libraries(main PRIVATE yojimbo::yojimbo) diff --git a/vcpkg/ports/yojimbo/vcpkg.json b/vcpkg/ports/yojimbo/vcpkg.json deleted file mode 100644 index 8d879a14..00000000 --- a/vcpkg/ports/yojimbo/vcpkg.json +++ /dev/null @@ -1,8 +0,0 @@ -{ - "name": "yojimbo", - "version-semver": "1.2.0", - "dependencies": [ - "libsodium", - "mbedtls" - ] -} diff --git a/vcpkg/readme_vcpkg.md b/vcpkg/readme_vcpkg.md deleted file mode 100644 index ec51a707..00000000 --- a/vcpkg/readme_vcpkg.md +++ /dev/null @@ -1,33 +0,0 @@ -The directory /vcpkg contains files to build and install yojimbo and its dependencies with the vcpkg package manager. -Documentation: https://vcpkg.io - -Files ---------------- - -``yojimbo/vcpkg/ports/yojimbo/..`` This directory contains the files you need to build Yojimbo with vcpkg. - -A. Building Yojimbo: ---------------------- -Install and bootstrap vcpkg, change to its root directory and open a shell there. - -On windows: - -``$: vcpkg.exe install yojimbo:x64-windows-static --overlay-ports C:\develop\yojimbo\vcpkg\ports`` - -where "C:\Develop\yojimbo\vcpkg\ports" must be the correct path to the overlay directory in the yojimbo git tree "/yojimbo/vcpkg/ports" - -On linux: - -``$: ./vcpkg install yojimbo:x64-linux --overlay-ports /home/joeuser/develop/yojimbo/vcpkg/ports`` - -just the equivalent (tested on WSL only). - - -B. Integrate the port into your vcpkg installation (advanced) ----------------------------------------------------------------------------- -1. Fork vcpkg and check out your fork. - -2. Add the yojimbo port from this repo to the ports of your checked out port. - -3. In your vcpkg fork with the yojimbo port added run: vcpkg x-add-version --all - diff --git a/windows/mbedcrypto.lib b/windows/mbedcrypto.lib deleted file mode 100644 index 6c842fa8..00000000 Binary files a/windows/mbedcrypto.lib and /dev/null differ diff --git a/windows/mbedcrypto.pdb b/windows/mbedcrypto.pdb deleted file mode 100644 index 3e7d701c..00000000 Binary files a/windows/mbedcrypto.pdb and /dev/null differ diff --git a/windows/mbedtls.lib b/windows/mbedtls.lib deleted file mode 100644 index 936d4ca3..00000000 Binary files a/windows/mbedtls.lib and /dev/null differ diff --git a/windows/mbedtls.pdb b/windows/mbedtls.pdb deleted file mode 100644 index ca7d0648..00000000 Binary files a/windows/mbedtls.pdb and /dev/null differ diff --git a/windows/mbedtls/aes.h b/windows/mbedtls/aes.h deleted file mode 100644 index 00509808..00000000 --- a/windows/mbedtls/aes.h +++ /dev/null @@ -1,626 +0,0 @@ -/** - * \file aes.h - * - * \brief This file contains AES definitions and functions. - * - * The Advanced Encryption Standard (AES) specifies a FIPS-approved - * cryptographic algorithm that can be used to protect electronic - * data. - * - * The AES algorithm is a symmetric block cipher that can - * encrypt and decrypt information. For more information, see - * FIPS Publication 197: Advanced Encryption Standard and - * ISO/IEC 18033-2:2006: Information technology -- Security - * techniques -- Encryption algorithms -- Part 2: Asymmetric - * ciphers. - * - * The AES-XTS block mode is standardized by NIST SP 800-38E - * - * and described in detail by IEEE P1619 - * . - */ - -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -#ifndef MBEDTLS_AES_H -#define MBEDTLS_AES_H -#include "mbedtls/private_access.h" - -#include "mbedtls/build_info.h" - -#include -#include - -/* padlock.c and aesni.c rely on these values! */ -#define MBEDTLS_AES_ENCRYPT 1 /**< AES encryption. */ -#define MBEDTLS_AES_DECRYPT 0 /**< AES decryption. */ - -/* Error codes in range 0x0020-0x0022 */ -#define MBEDTLS_ERR_AES_INVALID_KEY_LENGTH -0x0020 /**< Invalid key length. */ -#define MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH -0x0022 /**< Invalid data input length. */ - -/* Error codes in range 0x0021-0x0025 */ -#define MBEDTLS_ERR_AES_BAD_INPUT_DATA -0x0021 /**< Invalid input data. */ - -#if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && \ - !defined(inline) && !defined(__cplusplus) -#define inline __inline -#endif - -#ifdef __cplusplus -extern "C" { -#endif - -#if !defined(MBEDTLS_AES_ALT) -// Regular implementation -// - -/** - * \brief The AES context-type definition. - */ -typedef struct mbedtls_aes_context -{ - int MBEDTLS_PRIVATE(nr); /*!< The number of rounds. */ - uint32_t *MBEDTLS_PRIVATE(rk); /*!< AES round keys. */ - uint32_t MBEDTLS_PRIVATE(buf)[68]; /*!< Unaligned data buffer. This buffer can - hold 32 extra Bytes, which can be used for - one of the following purposes: -
  • Alignment if VIA padlock is - used.
    • -
  • Simplifying key expansion in the 256-bit - case by generating an extra round key. -
*/ -} -mbedtls_aes_context; - -#if defined(MBEDTLS_CIPHER_MODE_XTS) -/** - * \brief The AES XTS context-type definition. - */ -typedef struct mbedtls_aes_xts_context -{ - mbedtls_aes_context MBEDTLS_PRIVATE(crypt); /*!< The AES context to use for AES block - encryption or decryption. */ - mbedtls_aes_context MBEDTLS_PRIVATE(tweak); /*!< The AES context used for tweak - computation. */ -} mbedtls_aes_xts_context; -#endif /* MBEDTLS_CIPHER_MODE_XTS */ - -#else /* MBEDTLS_AES_ALT */ -#include "aes_alt.h" -#endif /* MBEDTLS_AES_ALT */ - -/** - * \brief This function initializes the specified AES context. - * - * It must be the first API called before using - * the context. - * - * \param ctx The AES context to initialize. This must not be \c NULL. - */ -void mbedtls_aes_init( mbedtls_aes_context *ctx ); - -/** - * \brief This function releases and clears the specified AES context. - * - * \param ctx The AES context to clear. - * If this is \c NULL, this function does nothing. - * Otherwise, the context must have been at least initialized. - */ -void mbedtls_aes_free( mbedtls_aes_context *ctx ); - -#if defined(MBEDTLS_CIPHER_MODE_XTS) -/** - * \brief This function initializes the specified AES XTS context. - * - * It must be the first API called before using - * the context. - * - * \param ctx The AES XTS context to initialize. This must not be \c NULL. - */ -void mbedtls_aes_xts_init( mbedtls_aes_xts_context *ctx ); - -/** - * \brief This function releases and clears the specified AES XTS context. - * - * \param ctx The AES XTS context to clear. - * If this is \c NULL, this function does nothing. - * Otherwise, the context must have been at least initialized. - */ -void mbedtls_aes_xts_free( mbedtls_aes_xts_context *ctx ); -#endif /* MBEDTLS_CIPHER_MODE_XTS */ - -/** - * \brief This function sets the encryption key. - * - * \param ctx The AES context to which the key should be bound. - * It must be initialized. - * \param key The encryption key. - * This must be a readable buffer of size \p keybits bits. - * \param keybits The size of data passed in bits. Valid options are: - *
  • 128 bits
    • - *
  • 192 bits
    • - *
  • 256 bits
- * - * \return \c 0 on success. - * \return #MBEDTLS_ERR_AES_INVALID_KEY_LENGTH on failure. - */ -int mbedtls_aes_setkey_enc( mbedtls_aes_context *ctx, const unsigned char *key, - unsigned int keybits ); - -/** - * \brief This function sets the decryption key. - * - * \param ctx The AES context to which the key should be bound. - * It must be initialized. - * \param key The decryption key. - * This must be a readable buffer of size \p keybits bits. - * \param keybits The size of data passed. Valid options are: - *
  • 128 bits
    • - *
  • 192 bits
    • - *
  • 256 bits
- * - * \return \c 0 on success. - * \return #MBEDTLS_ERR_AES_INVALID_KEY_LENGTH on failure. - */ -int mbedtls_aes_setkey_dec( mbedtls_aes_context *ctx, const unsigned char *key, - unsigned int keybits ); - -#if defined(MBEDTLS_CIPHER_MODE_XTS) -/** - * \brief This function prepares an XTS context for encryption and - * sets the encryption key. - * - * \param ctx The AES XTS context to which the key should be bound. - * It must be initialized. - * \param key The encryption key. This is comprised of the XTS key1 - * concatenated with the XTS key2. - * This must be a readable buffer of size \p keybits bits. - * \param keybits The size of \p key passed in bits. Valid options are: - *
  • 256 bits (each of key1 and key2 is a 128-bit key)
    • - *
  • 512 bits (each of key1 and key2 is a 256-bit key)
- * - * \return \c 0 on success. - * \return #MBEDTLS_ERR_AES_INVALID_KEY_LENGTH on failure. - */ -int mbedtls_aes_xts_setkey_enc( mbedtls_aes_xts_context *ctx, - const unsigned char *key, - unsigned int keybits ); - -/** - * \brief This function prepares an XTS context for decryption and - * sets the decryption key. - * - * \param ctx The AES XTS context to which the key should be bound. - * It must be initialized. - * \param key The decryption key. This is comprised of the XTS key1 - * concatenated with the XTS key2. - * This must be a readable buffer of size \p keybits bits. - * \param keybits The size of \p key passed in bits. Valid options are: - *
  • 256 bits (each of key1 and key2 is a 128-bit key)
    • - *
  • 512 bits (each of key1 and key2 is a 256-bit key)
- * - * \return \c 0 on success. - * \return #MBEDTLS_ERR_AES_INVALID_KEY_LENGTH on failure. - */ -int mbedtls_aes_xts_setkey_dec( mbedtls_aes_xts_context *ctx, - const unsigned char *key, - unsigned int keybits ); -#endif /* MBEDTLS_CIPHER_MODE_XTS */ - -/** - * \brief This function performs an AES single-block encryption or - * decryption operation. - * - * It performs the operation defined in the \p mode parameter - * (encrypt or decrypt), on the input data buffer defined in - * the \p input parameter. - * - * mbedtls_aes_init(), and either mbedtls_aes_setkey_enc() or - * mbedtls_aes_setkey_dec() must be called before the first - * call to this API with the same context. - * - * \param ctx The AES context to use for encryption or decryption. - * It must be initialized and bound to a key. - * \param mode The AES operation: #MBEDTLS_AES_ENCRYPT or - * #MBEDTLS_AES_DECRYPT. - * \param input The buffer holding the input data. - * It must be readable and at least \c 16 Bytes long. - * \param output The buffer where the output data will be written. - * It must be writeable and at least \c 16 Bytes long. - - * \return \c 0 on success. - */ -int mbedtls_aes_crypt_ecb( mbedtls_aes_context *ctx, - int mode, - const unsigned char input[16], - unsigned char output[16] ); - -#if defined(MBEDTLS_CIPHER_MODE_CBC) -/** - * \brief This function performs an AES-CBC encryption or decryption operation - * on full blocks. - * - * It performs the operation defined in the \p mode - * parameter (encrypt/decrypt), on the input data buffer defined in - * the \p input parameter. - * - * It can be called as many times as needed, until all the input - * data is processed. mbedtls_aes_init(), and either - * mbedtls_aes_setkey_enc() or mbedtls_aes_setkey_dec() must be called - * before the first call to this API with the same context. - * - * \note This function operates on full blocks, that is, the input size - * must be a multiple of the AES block size of \c 16 Bytes. - * - * \note Upon exit, the content of the IV is updated so that you can - * call the same function again on the next - * block(s) of data and get the same result as if it was - * encrypted in one call. This allows a "streaming" usage. - * If you need to retain the contents of the IV, you should - * either save it manually or use the cipher module instead. - * - * - * \param ctx The AES context to use for encryption or decryption. - * It must be initialized and bound to a key. - * \param mode The AES operation: #MBEDTLS_AES_ENCRYPT or - * #MBEDTLS_AES_DECRYPT. - * \param length The length of the input data in Bytes. This must be a - * multiple of the block size (\c 16 Bytes). - * \param iv Initialization vector (updated after use). - * It must be a readable and writeable buffer of \c 16 Bytes. - * \param input The buffer holding the input data. - * It must be readable and of size \p length Bytes. - * \param output The buffer holding the output data. - * It must be writeable and of size \p length Bytes. - * - * \return \c 0 on success. - * \return #MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH - * on failure. - */ -int mbedtls_aes_crypt_cbc( mbedtls_aes_context *ctx, - int mode, - size_t length, - unsigned char iv[16], - const unsigned char *input, - unsigned char *output ); -#endif /* MBEDTLS_CIPHER_MODE_CBC */ - -#if defined(MBEDTLS_CIPHER_MODE_XTS) -/** - * \brief This function performs an AES-XTS encryption or decryption - * operation for an entire XTS data unit. - * - * AES-XTS encrypts or decrypts blocks based on their location as - * defined by a data unit number. The data unit number must be - * provided by \p data_unit. - * - * NIST SP 800-38E limits the maximum size of a data unit to 2^20 - * AES blocks. If the data unit is larger than this, this function - * returns #MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH. - * - * \param ctx The AES XTS context to use for AES XTS operations. - * It must be initialized and bound to a key. - * \param mode The AES operation: #MBEDTLS_AES_ENCRYPT or - * #MBEDTLS_AES_DECRYPT. - * \param length The length of a data unit in Bytes. This can be any - * length between 16 bytes and 2^24 bytes inclusive - * (between 1 and 2^20 block cipher blocks). - * \param data_unit The address of the data unit encoded as an array of 16 - * bytes in little-endian format. For disk encryption, this - * is typically the index of the block device sector that - * contains the data. - * \param input The buffer holding the input data (which is an entire - * data unit). This function reads \p length Bytes from \p - * input. - * \param output The buffer holding the output data (which is an entire - * data unit). This function writes \p length Bytes to \p - * output. - * - * \return \c 0 on success. - * \return #MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH if \p length is - * smaller than an AES block in size (16 Bytes) or if \p - * length is larger than 2^20 blocks (16 MiB). - */ -int mbedtls_aes_crypt_xts( mbedtls_aes_xts_context *ctx, - int mode, - size_t length, - const unsigned char data_unit[16], - const unsigned char *input, - unsigned char *output ); -#endif /* MBEDTLS_CIPHER_MODE_XTS */ - -#if defined(MBEDTLS_CIPHER_MODE_CFB) -/** - * \brief This function performs an AES-CFB128 encryption or decryption - * operation. - * - * It performs the operation defined in the \p mode - * parameter (encrypt or decrypt), on the input data buffer - * defined in the \p input parameter. - * - * For CFB, you must set up the context with mbedtls_aes_setkey_enc(), - * regardless of whether you are performing an encryption or decryption - * operation, that is, regardless of the \p mode parameter. This is - * because CFB mode uses the same key schedule for encryption and - * decryption. - * - * \note Upon exit, the content of the IV is updated so that you can - * call the same function again on the next - * block(s) of data and get the same result as if it was - * encrypted in one call. This allows a "streaming" usage. - * If you need to retain the contents of the - * IV, you must either save it manually or use the cipher - * module instead. - * - * - * \param ctx The AES context to use for encryption or decryption. - * It must be initialized and bound to a key. - * \param mode The AES operation: #MBEDTLS_AES_ENCRYPT or - * #MBEDTLS_AES_DECRYPT. - * \param length The length of the input data in Bytes. - * \param iv_off The offset in IV (updated after use). - * It must point to a valid \c size_t. - * \param iv The initialization vector (updated after use). - * It must be a readable and writeable buffer of \c 16 Bytes. - * \param input The buffer holding the input data. - * It must be readable and of size \p length Bytes. - * \param output The buffer holding the output data. - * It must be writeable and of size \p length Bytes. - * - * \return \c 0 on success. - */ -int mbedtls_aes_crypt_cfb128( mbedtls_aes_context *ctx, - int mode, - size_t length, - size_t *iv_off, - unsigned char iv[16], - const unsigned char *input, - unsigned char *output ); - -/** - * \brief This function performs an AES-CFB8 encryption or decryption - * operation. - * - * It performs the operation defined in the \p mode - * parameter (encrypt/decrypt), on the input data buffer defined - * in the \p input parameter. - * - * Due to the nature of CFB, you must use the same key schedule for - * both encryption and decryption operations. Therefore, you must - * use the context initialized with mbedtls_aes_setkey_enc() for - * both #MBEDTLS_AES_ENCRYPT and #MBEDTLS_AES_DECRYPT. - * - * \note Upon exit, the content of the IV is updated so that you can - * call the same function again on the next - * block(s) of data and get the same result as if it was - * encrypted in one call. This allows a "streaming" usage. - * If you need to retain the contents of the - * IV, you should either save it manually or use the cipher - * module instead. - * - * - * \param ctx The AES context to use for encryption or decryption. - * It must be initialized and bound to a key. - * \param mode The AES operation: #MBEDTLS_AES_ENCRYPT or - * #MBEDTLS_AES_DECRYPT - * \param length The length of the input data. - * \param iv The initialization vector (updated after use). - * It must be a readable and writeable buffer of \c 16 Bytes. - * \param input The buffer holding the input data. - * It must be readable and of size \p length Bytes. - * \param output The buffer holding the output data. - * It must be writeable and of size \p length Bytes. - * - * \return \c 0 on success. - */ -int mbedtls_aes_crypt_cfb8( mbedtls_aes_context *ctx, - int mode, - size_t length, - unsigned char iv[16], - const unsigned char *input, - unsigned char *output ); -#endif /*MBEDTLS_CIPHER_MODE_CFB */ - -#if defined(MBEDTLS_CIPHER_MODE_OFB) -/** - * \brief This function performs an AES-OFB (Output Feedback Mode) - * encryption or decryption operation. - * - * For OFB, you must set up the context with - * mbedtls_aes_setkey_enc(), regardless of whether you are - * performing an encryption or decryption operation. This is - * because OFB mode uses the same key schedule for encryption and - * decryption. - * - * The OFB operation is identical for encryption or decryption, - * therefore no operation mode needs to be specified. - * - * \note Upon exit, the content of iv, the Initialisation Vector, is - * updated so that you can call the same function again on the next - * block(s) of data and get the same result as if it was encrypted - * in one call. This allows a "streaming" usage, by initialising - * iv_off to 0 before the first call, and preserving its value - * between calls. - * - * For non-streaming use, the iv should be initialised on each call - * to a unique value, and iv_off set to 0 on each call. - * - * If you need to retain the contents of the initialisation vector, - * you must either save it manually or use the cipher module - * instead. - * - * \warning For the OFB mode, the initialisation vector must be unique - * every encryption operation. Reuse of an initialisation vector - * will compromise security. - * - * \param ctx The AES context to use for encryption or decryption. - * It must be initialized and bound to a key. - * \param length The length of the input data. - * \param iv_off The offset in IV (updated after use). - * It must point to a valid \c size_t. - * \param iv The initialization vector (updated after use). - * It must be a readable and writeable buffer of \c 16 Bytes. - * \param input The buffer holding the input data. - * It must be readable and of size \p length Bytes. - * \param output The buffer holding the output data. - * It must be writeable and of size \p length Bytes. - * - * \return \c 0 on success. - */ -int mbedtls_aes_crypt_ofb( mbedtls_aes_context *ctx, - size_t length, - size_t *iv_off, - unsigned char iv[16], - const unsigned char *input, - unsigned char *output ); - -#endif /* MBEDTLS_CIPHER_MODE_OFB */ - -#if defined(MBEDTLS_CIPHER_MODE_CTR) -/** - * \brief This function performs an AES-CTR encryption or decryption - * operation. - * - * This function performs the operation defined in the \p mode - * parameter (encrypt/decrypt), on the input data buffer - * defined in the \p input parameter. - * - * Due to the nature of CTR, you must use the same key schedule - * for both encryption and decryption operations. Therefore, you - * must use the context initialized with mbedtls_aes_setkey_enc() - * for both #MBEDTLS_AES_ENCRYPT and #MBEDTLS_AES_DECRYPT. - * - * \warning You must never reuse a nonce value with the same key. Doing so - * would void the encryption for the two messages encrypted with - * the same nonce and key. - * - * There are two common strategies for managing nonces with CTR: - * - * 1. You can handle everything as a single message processed over - * successive calls to this function. In that case, you want to - * set \p nonce_counter and \p nc_off to 0 for the first call, and - * then preserve the values of \p nonce_counter, \p nc_off and \p - * stream_block across calls to this function as they will be - * updated by this function. - * - * With this strategy, you must not encrypt more than 2**128 - * blocks of data with the same key. - * - * 2. You can encrypt separate messages by dividing the \p - * nonce_counter buffer in two areas: the first one used for a - * per-message nonce, handled by yourself, and the second one - * updated by this function internally. - * - * For example, you might reserve the first 12 bytes for the - * per-message nonce, and the last 4 bytes for internal use. In that - * case, before calling this function on a new message you need to - * set the first 12 bytes of \p nonce_counter to your chosen nonce - * value, the last 4 to 0, and \p nc_off to 0 (which will cause \p - * stream_block to be ignored). That way, you can encrypt at most - * 2**96 messages of up to 2**32 blocks each with the same key. - * - * The per-message nonce (or information sufficient to reconstruct - * it) needs to be communicated with the ciphertext and must be unique. - * The recommended way to ensure uniqueness is to use a message - * counter. An alternative is to generate random nonces, but this - * limits the number of messages that can be securely encrypted: - * for example, with 96-bit random nonces, you should not encrypt - * more than 2**32 messages with the same key. - * - * Note that for both stategies, sizes are measured in blocks and - * that an AES block is 16 bytes. - * - * \warning Upon return, \p stream_block contains sensitive data. Its - * content must not be written to insecure storage and should be - * securely discarded as soon as it's no longer needed. - * - * \param ctx The AES context to use for encryption or decryption. - * It must be initialized and bound to a key. - * \param length The length of the input data. - * \param nc_off The offset in the current \p stream_block, for - * resuming within the current cipher stream. The - * offset pointer should be 0 at the start of a stream. - * It must point to a valid \c size_t. - * \param nonce_counter The 128-bit nonce and counter. - * It must be a readable-writeable buffer of \c 16 Bytes. - * \param stream_block The saved stream block for resuming. This is - * overwritten by the function. - * It must be a readable-writeable buffer of \c 16 Bytes. - * \param input The buffer holding the input data. - * It must be readable and of size \p length Bytes. - * \param output The buffer holding the output data. - * It must be writeable and of size \p length Bytes. - * - * \return \c 0 on success. - */ -int mbedtls_aes_crypt_ctr( mbedtls_aes_context *ctx, - size_t length, - size_t *nc_off, - unsigned char nonce_counter[16], - unsigned char stream_block[16], - const unsigned char *input, - unsigned char *output ); -#endif /* MBEDTLS_CIPHER_MODE_CTR */ - -/** - * \brief Internal AES block encryption function. This is only - * exposed to allow overriding it using - * \c MBEDTLS_AES_ENCRYPT_ALT. - * - * \param ctx The AES context to use for encryption. - * \param input The plaintext block. - * \param output The output (ciphertext) block. - * - * \return \c 0 on success. - */ -int mbedtls_internal_aes_encrypt( mbedtls_aes_context *ctx, - const unsigned char input[16], - unsigned char output[16] ); - -/** - * \brief Internal AES block decryption function. This is only - * exposed to allow overriding it using see - * \c MBEDTLS_AES_DECRYPT_ALT. - * - * \param ctx The AES context to use for decryption. - * \param input The ciphertext block. - * \param output The output (plaintext) block. - * - * \return \c 0 on success. - */ -int mbedtls_internal_aes_decrypt( mbedtls_aes_context *ctx, - const unsigned char input[16], - unsigned char output[16] ); - -#if defined(MBEDTLS_SELF_TEST) -/** - * \brief Checkup routine. - * - * \return \c 0 on success. - * \return \c 1 on failure. - */ -int mbedtls_aes_self_test( int verbose ); - -#endif /* MBEDTLS_SELF_TEST */ - -#ifdef __cplusplus -} -#endif - -#endif /* aes.h */ diff --git a/windows/mbedtls/aria.h b/windows/mbedtls/aria.h deleted file mode 100644 index 08547068..00000000 --- a/windows/mbedtls/aria.h +++ /dev/null @@ -1,356 +0,0 @@ -/** - * \file aria.h - * - * \brief ARIA block cipher - * - * The ARIA algorithm is a symmetric block cipher that can encrypt and - * decrypt information. It is defined by the Korean Agency for - * Technology and Standards (KATS) in KS X 1213:2004 (in - * Korean, but see http://210.104.33.10/ARIA/index-e.html in English) - * and also described by the IETF in RFC 5794. - */ -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -#ifndef MBEDTLS_ARIA_H -#define MBEDTLS_ARIA_H -#include "mbedtls/private_access.h" - -#include "mbedtls/build_info.h" - -#include -#include - -#include "mbedtls/platform_util.h" - -#define MBEDTLS_ARIA_ENCRYPT 1 /**< ARIA encryption. */ -#define MBEDTLS_ARIA_DECRYPT 0 /**< ARIA decryption. */ - -#define MBEDTLS_ARIA_BLOCKSIZE 16 /**< ARIA block size in bytes. */ -#define MBEDTLS_ARIA_MAX_ROUNDS 16 /**< Maxiumum number of rounds in ARIA. */ -#define MBEDTLS_ARIA_MAX_KEYSIZE 32 /**< Maximum size of an ARIA key in bytes. */ - -#define MBEDTLS_ERR_ARIA_BAD_INPUT_DATA -0x005C /**< Bad input data. */ - -#define MBEDTLS_ERR_ARIA_INVALID_INPUT_LENGTH -0x005E /**< Invalid data input length. */ - -#ifdef __cplusplus -extern "C" { -#endif - -#if !defined(MBEDTLS_ARIA_ALT) -// Regular implementation -// - -/** - * \brief The ARIA context-type definition. - */ -typedef struct mbedtls_aria_context -{ - unsigned char MBEDTLS_PRIVATE(nr); /*!< The number of rounds (12, 14 or 16) */ - /*! The ARIA round keys. */ - uint32_t MBEDTLS_PRIVATE(rk)[MBEDTLS_ARIA_MAX_ROUNDS + 1][MBEDTLS_ARIA_BLOCKSIZE / 4]; -} -mbedtls_aria_context; - -#else /* MBEDTLS_ARIA_ALT */ -#include "aria_alt.h" -#endif /* MBEDTLS_ARIA_ALT */ - -/** - * \brief This function initializes the specified ARIA context. - * - * It must be the first API called before using - * the context. - * - * \param ctx The ARIA context to initialize. This must not be \c NULL. - */ -void mbedtls_aria_init( mbedtls_aria_context *ctx ); - -/** - * \brief This function releases and clears the specified ARIA context. - * - * \param ctx The ARIA context to clear. This may be \c NULL, in which - * case this function returns immediately. If it is not \c NULL, - * it must point to an initialized ARIA context. - */ -void mbedtls_aria_free( mbedtls_aria_context *ctx ); - -/** - * \brief This function sets the encryption key. - * - * \param ctx The ARIA context to which the key should be bound. - * This must be initialized. - * \param key The encryption key. This must be a readable buffer - * of size \p keybits Bits. - * \param keybits The size of \p key in Bits. Valid options are: - *
  • 128 bits
    • - *
  • 192 bits
    • - *
  • 256 bits
- * - * \return \c 0 on success. - * \return A negative error code on failure. - */ -int mbedtls_aria_setkey_enc( mbedtls_aria_context *ctx, - const unsigned char *key, - unsigned int keybits ); - -/** - * \brief This function sets the decryption key. - * - * \param ctx The ARIA context to which the key should be bound. - * This must be initialized. - * \param key The decryption key. This must be a readable buffer - * of size \p keybits Bits. - * \param keybits The size of data passed. Valid options are: - *
  • 128 bits
    • - *
  • 192 bits
    • - *
  • 256 bits
- * - * \return \c 0 on success. - * \return A negative error code on failure. - */ -int mbedtls_aria_setkey_dec( mbedtls_aria_context *ctx, - const unsigned char *key, - unsigned int keybits ); - -/** - * \brief This function performs an ARIA single-block encryption or - * decryption operation. - * - * It performs encryption or decryption (depending on whether - * the key was set for encryption on decryption) on the input - * data buffer defined in the \p input parameter. - * - * mbedtls_aria_init(), and either mbedtls_aria_setkey_enc() or - * mbedtls_aria_setkey_dec() must be called before the first - * call to this API with the same context. - * - * \param ctx The ARIA context to use for encryption or decryption. - * This must be initialized and bound to a key. - * \param input The 16-Byte buffer holding the input data. - * \param output The 16-Byte buffer holding the output data. - - * \return \c 0 on success. - * \return A negative error code on failure. - */ -int mbedtls_aria_crypt_ecb( mbedtls_aria_context *ctx, - const unsigned char input[MBEDTLS_ARIA_BLOCKSIZE], - unsigned char output[MBEDTLS_ARIA_BLOCKSIZE] ); - -#if defined(MBEDTLS_CIPHER_MODE_CBC) -/** - * \brief This function performs an ARIA-CBC encryption or decryption operation - * on full blocks. - * - * It performs the operation defined in the \p mode - * parameter (encrypt/decrypt), on the input data buffer defined in - * the \p input parameter. - * - * It can be called as many times as needed, until all the input - * data is processed. mbedtls_aria_init(), and either - * mbedtls_aria_setkey_enc() or mbedtls_aria_setkey_dec() must be called - * before the first call to this API with the same context. - * - * \note This function operates on aligned blocks, that is, the input size - * must be a multiple of the ARIA block size of 16 Bytes. - * - * \note Upon exit, the content of the IV is updated so that you can - * call the same function again on the next - * block(s) of data and get the same result as if it was - * encrypted in one call. This allows a "streaming" usage. - * If you need to retain the contents of the IV, you should - * either save it manually or use the cipher module instead. - * - * - * \param ctx The ARIA context to use for encryption or decryption. - * This must be initialized and bound to a key. - * \param mode The mode of operation. This must be either - * #MBEDTLS_ARIA_ENCRYPT for encryption, or - * #MBEDTLS_ARIA_DECRYPT for decryption. - * \param length The length of the input data in Bytes. This must be a - * multiple of the block size (16 Bytes). - * \param iv Initialization vector (updated after use). - * This must be a readable buffer of size 16 Bytes. - * \param input The buffer holding the input data. This must - * be a readable buffer of length \p length Bytes. - * \param output The buffer holding the output data. This must - * be a writable buffer of length \p length Bytes. - * - * \return \c 0 on success. - * \return A negative error code on failure. - */ -int mbedtls_aria_crypt_cbc( mbedtls_aria_context *ctx, - int mode, - size_t length, - unsigned char iv[MBEDTLS_ARIA_BLOCKSIZE], - const unsigned char *input, - unsigned char *output ); -#endif /* MBEDTLS_CIPHER_MODE_CBC */ - -#if defined(MBEDTLS_CIPHER_MODE_CFB) -/** - * \brief This function performs an ARIA-CFB128 encryption or decryption - * operation. - * - * It performs the operation defined in the \p mode - * parameter (encrypt or decrypt), on the input data buffer - * defined in the \p input parameter. - * - * For CFB, you must set up the context with mbedtls_aria_setkey_enc(), - * regardless of whether you are performing an encryption or decryption - * operation, that is, regardless of the \p mode parameter. This is - * because CFB mode uses the same key schedule for encryption and - * decryption. - * - * \note Upon exit, the content of the IV is updated so that you can - * call the same function again on the next - * block(s) of data and get the same result as if it was - * encrypted in one call. This allows a "streaming" usage. - * If you need to retain the contents of the - * IV, you must either save it manually or use the cipher - * module instead. - * - * - * \param ctx The ARIA context to use for encryption or decryption. - * This must be initialized and bound to a key. - * \param mode The mode of operation. This must be either - * #MBEDTLS_ARIA_ENCRYPT for encryption, or - * #MBEDTLS_ARIA_DECRYPT for decryption. - * \param length The length of the input data \p input in Bytes. - * \param iv_off The offset in IV (updated after use). - * This must not be larger than 15. - * \param iv The initialization vector (updated after use). - * This must be a readable buffer of size 16 Bytes. - * \param input The buffer holding the input data. This must - * be a readable buffer of length \p length Bytes. - * \param output The buffer holding the output data. This must - * be a writable buffer of length \p length Bytes. - * - * \return \c 0 on success. - * \return A negative error code on failure. - */ -int mbedtls_aria_crypt_cfb128( mbedtls_aria_context *ctx, - int mode, - size_t length, - size_t *iv_off, - unsigned char iv[MBEDTLS_ARIA_BLOCKSIZE], - const unsigned char *input, - unsigned char *output ); -#endif /* MBEDTLS_CIPHER_MODE_CFB */ - -#if defined(MBEDTLS_CIPHER_MODE_CTR) -/** - * \brief This function performs an ARIA-CTR encryption or decryption - * operation. - * - * This function performs the operation defined in the \p mode - * parameter (encrypt/decrypt), on the input data buffer - * defined in the \p input parameter. - * - * Due to the nature of CTR, you must use the same key schedule - * for both encryption and decryption operations. Therefore, you - * must use the context initialized with mbedtls_aria_setkey_enc() - * for both #MBEDTLS_ARIA_ENCRYPT and #MBEDTLS_ARIA_DECRYPT. - * - * \warning You must never reuse a nonce value with the same key. Doing so - * would void the encryption for the two messages encrypted with - * the same nonce and key. - * - * There are two common strategies for managing nonces with CTR: - * - * 1. You can handle everything as a single message processed over - * successive calls to this function. In that case, you want to - * set \p nonce_counter and \p nc_off to 0 for the first call, and - * then preserve the values of \p nonce_counter, \p nc_off and \p - * stream_block across calls to this function as they will be - * updated by this function. - * - * With this strategy, you must not encrypt more than 2**128 - * blocks of data with the same key. - * - * 2. You can encrypt separate messages by dividing the \p - * nonce_counter buffer in two areas: the first one used for a - * per-message nonce, handled by yourself, and the second one - * updated by this function internally. - * - * For example, you might reserve the first 12 bytes for the - * per-message nonce, and the last 4 bytes for internal use. In that - * case, before calling this function on a new message you need to - * set the first 12 bytes of \p nonce_counter to your chosen nonce - * value, the last 4 to 0, and \p nc_off to 0 (which will cause \p - * stream_block to be ignored). That way, you can encrypt at most - * 2**96 messages of up to 2**32 blocks each with the same key. - * - * The per-message nonce (or information sufficient to reconstruct - * it) needs to be communicated with the ciphertext and must be unique. - * The recommended way to ensure uniqueness is to use a message - * counter. An alternative is to generate random nonces, but this - * limits the number of messages that can be securely encrypted: - * for example, with 96-bit random nonces, you should not encrypt - * more than 2**32 messages with the same key. - * - * Note that for both stategies, sizes are measured in blocks and - * that an ARIA block is 16 bytes. - * - * \warning Upon return, \p stream_block contains sensitive data. Its - * content must not be written to insecure storage and should be - * securely discarded as soon as it's no longer needed. - * - * \param ctx The ARIA context to use for encryption or decryption. - * This must be initialized and bound to a key. - * \param length The length of the input data \p input in Bytes. - * \param nc_off The offset in Bytes in the current \p stream_block, - * for resuming within the current cipher stream. The - * offset pointer should be \c 0 at the start of a - * stream. This must not be larger than \c 15 Bytes. - * \param nonce_counter The 128-bit nonce and counter. This must point to - * a read/write buffer of length \c 16 bytes. - * \param stream_block The saved stream block for resuming. This must - * point to a read/write buffer of length \c 16 bytes. - * This is overwritten by the function. - * \param input The buffer holding the input data. This must - * be a readable buffer of length \p length Bytes. - * \param output The buffer holding the output data. This must - * be a writable buffer of length \p length Bytes. - * - * \return \c 0 on success. - * \return A negative error code on failure. - */ -int mbedtls_aria_crypt_ctr( mbedtls_aria_context *ctx, - size_t length, - size_t *nc_off, - unsigned char nonce_counter[MBEDTLS_ARIA_BLOCKSIZE], - unsigned char stream_block[MBEDTLS_ARIA_BLOCKSIZE], - const unsigned char *input, - unsigned char *output ); -#endif /* MBEDTLS_CIPHER_MODE_CTR */ - -#if defined(MBEDTLS_SELF_TEST) -/** - * \brief Checkup routine. - * - * \return \c 0 on success, or \c 1 on failure. - */ -int mbedtls_aria_self_test( int verbose ); -#endif /* MBEDTLS_SELF_TEST */ - -#ifdef __cplusplus -} -#endif - -#endif /* aria.h */ diff --git a/windows/mbedtls/asn1.h b/windows/mbedtls/asn1.h deleted file mode 100644 index 46685810..00000000 --- a/windows/mbedtls/asn1.h +++ /dev/null @@ -1,604 +0,0 @@ -/** - * \file asn1.h - * - * \brief Generic ASN.1 parsing - */ -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -#ifndef MBEDTLS_ASN1_H -#define MBEDTLS_ASN1_H -#include "mbedtls/private_access.h" - -#include "mbedtls/build_info.h" - -#include - -#if defined(MBEDTLS_BIGNUM_C) -#include "mbedtls/bignum.h" -#endif - -/** - * \addtogroup asn1_module - * \{ - */ - -/** - * \name ASN1 Error codes - * These error codes are OR'ed to X509 error codes for - * higher error granularity. - * ASN1 is a standard to specify data structures. - * \{ - */ -#define MBEDTLS_ERR_ASN1_OUT_OF_DATA -0x0060 /**< Out of data when parsing an ASN1 data structure. */ -#define MBEDTLS_ERR_ASN1_UNEXPECTED_TAG -0x0062 /**< ASN1 tag was of an unexpected value. */ -#define MBEDTLS_ERR_ASN1_INVALID_LENGTH -0x0064 /**< Error when trying to determine the length or invalid length. */ -#define MBEDTLS_ERR_ASN1_LENGTH_MISMATCH -0x0066 /**< Actual length differs from expected length. */ -#define MBEDTLS_ERR_ASN1_INVALID_DATA -0x0068 /**< Data is invalid. */ -#define MBEDTLS_ERR_ASN1_ALLOC_FAILED -0x006A /**< Memory allocation failed */ -#define MBEDTLS_ERR_ASN1_BUF_TOO_SMALL -0x006C /**< Buffer too small when writing ASN.1 data structure. */ - -/* \} name */ - -/** - * \name DER constants - * These constants comply with the DER encoded ASN.1 type tags. - * DER encoding uses hexadecimal representation. - * An example DER sequence is:\n - * - 0x02 -- tag indicating INTEGER - * - 0x01 -- length in octets - * - 0x05 -- value - * Such sequences are typically read into \c ::mbedtls_x509_buf. - * \{ - */ -#define MBEDTLS_ASN1_BOOLEAN 0x01 -#define MBEDTLS_ASN1_INTEGER 0x02 -#define MBEDTLS_ASN1_BIT_STRING 0x03 -#define MBEDTLS_ASN1_OCTET_STRING 0x04 -#define MBEDTLS_ASN1_NULL 0x05 -#define MBEDTLS_ASN1_OID 0x06 -#define MBEDTLS_ASN1_ENUMERATED 0x0A -#define MBEDTLS_ASN1_UTF8_STRING 0x0C -#define MBEDTLS_ASN1_SEQUENCE 0x10 -#define MBEDTLS_ASN1_SET 0x11 -#define MBEDTLS_ASN1_PRINTABLE_STRING 0x13 -#define MBEDTLS_ASN1_T61_STRING 0x14 -#define MBEDTLS_ASN1_IA5_STRING 0x16 -#define MBEDTLS_ASN1_UTC_TIME 0x17 -#define MBEDTLS_ASN1_GENERALIZED_TIME 0x18 -#define MBEDTLS_ASN1_UNIVERSAL_STRING 0x1C -#define MBEDTLS_ASN1_BMP_STRING 0x1E -#define MBEDTLS_ASN1_PRIMITIVE 0x00 -#define MBEDTLS_ASN1_CONSTRUCTED 0x20 -#define MBEDTLS_ASN1_CONTEXT_SPECIFIC 0x80 - -/* Slightly smaller way to check if tag is a string tag - * compared to canonical implementation. */ -#define MBEDTLS_ASN1_IS_STRING_TAG( tag ) \ - ( ( tag ) < 32u && ( \ - ( ( 1u << ( tag ) ) & ( ( 1u << MBEDTLS_ASN1_BMP_STRING ) | \ - ( 1u << MBEDTLS_ASN1_UTF8_STRING ) | \ - ( 1u << MBEDTLS_ASN1_T61_STRING ) | \ - ( 1u << MBEDTLS_ASN1_IA5_STRING ) | \ - ( 1u << MBEDTLS_ASN1_UNIVERSAL_STRING ) | \ - ( 1u << MBEDTLS_ASN1_PRINTABLE_STRING ) | \ - ( 1u << MBEDTLS_ASN1_BIT_STRING ) ) ) != 0 ) ) - -/* - * Bit masks for each of the components of an ASN.1 tag as specified in - * ITU X.690 (08/2015), section 8.1 "General rules for encoding", - * paragraph 8.1.2.2: - * - * Bit 8 7 6 5 1 - * +-------+-----+------------+ - * | Class | P/C | Tag number | - * +-------+-----+------------+ - */ -#define MBEDTLS_ASN1_TAG_CLASS_MASK 0xC0 -#define MBEDTLS_ASN1_TAG_PC_MASK 0x20 -#define MBEDTLS_ASN1_TAG_VALUE_MASK 0x1F - -/* \} name */ -/* \} addtogroup asn1_module */ - -/** Returns the size of the binary string, without the trailing \\0 */ -#define MBEDTLS_OID_SIZE(x) (sizeof(x) - 1) - -/** - * Compares an mbedtls_asn1_buf structure to a reference OID. - * - * Only works for 'defined' oid_str values (MBEDTLS_OID_HMAC_SHA1), you cannot use a - * 'unsigned char *oid' here! - */ -#define MBEDTLS_OID_CMP(oid_str, oid_buf) \ - ( ( MBEDTLS_OID_SIZE(oid_str) != (oid_buf)->len ) || \ - memcmp( (oid_str), (oid_buf)->p, (oid_buf)->len) != 0 ) - -#define MBEDTLS_OID_CMP_RAW(oid_str, oid_buf, oid_buf_len) \ - ( ( MBEDTLS_OID_SIZE(oid_str) != (oid_buf_len) ) || \ - memcmp( (oid_str), (oid_buf), (oid_buf_len) ) != 0 ) - -#ifdef __cplusplus -extern "C" { -#endif - -/** - * \name Functions to parse ASN.1 data structures - * \{ - */ - -/** - * Type-length-value structure that allows for ASN1 using DER. - */ -typedef struct mbedtls_asn1_buf -{ - int MBEDTLS_PRIVATE(tag); /**< ASN1 type, e.g. MBEDTLS_ASN1_UTF8_STRING. */ - size_t MBEDTLS_PRIVATE(len); /**< ASN1 length, in octets. */ - unsigned char *MBEDTLS_PRIVATE(p); /**< ASN1 data, e.g. in ASCII. */ -} -mbedtls_asn1_buf; - -/** - * Container for ASN1 bit strings. - */ -typedef struct mbedtls_asn1_bitstring -{ - size_t MBEDTLS_PRIVATE(len); /**< ASN1 length, in octets. */ - unsigned char MBEDTLS_PRIVATE(unused_bits); /**< Number of unused bits at the end of the string */ - unsigned char *MBEDTLS_PRIVATE(p); /**< Raw ASN1 data for the bit string */ -} -mbedtls_asn1_bitstring; - -/** - * Container for a sequence of ASN.1 items - */ -typedef struct mbedtls_asn1_sequence -{ - mbedtls_asn1_buf MBEDTLS_PRIVATE(buf); /**< Buffer containing the given ASN.1 item. */ - struct mbedtls_asn1_sequence *MBEDTLS_PRIVATE(next); /**< The next entry in the sequence. */ -} -mbedtls_asn1_sequence; - -/** - * Container for a sequence or list of 'named' ASN.1 data items - */ -typedef struct mbedtls_asn1_named_data -{ - mbedtls_asn1_buf MBEDTLS_PRIVATE(oid); /**< The object identifier. */ - mbedtls_asn1_buf MBEDTLS_PRIVATE(val); /**< The named value. */ - struct mbedtls_asn1_named_data *MBEDTLS_PRIVATE(next); /**< The next entry in the sequence. */ - unsigned char MBEDTLS_PRIVATE(next_merged); /**< Merge next item into the current one? */ -} -mbedtls_asn1_named_data; - -/** - * \brief Get the length of an ASN.1 element. - * Updates the pointer to immediately behind the length. - * - * \param p On entry, \c *p points to the first byte of the length, - * i.e. immediately after the tag. - * On successful completion, \c *p points to the first byte - * after the length, i.e. the first byte of the content. - * On error, the value of \c *p is undefined. - * \param end End of data. - * \param len On successful completion, \c *len contains the length - * read from the ASN.1 input. - * - * \return 0 if successful. - * \return #MBEDTLS_ERR_ASN1_OUT_OF_DATA if the ASN.1 element - * would end beyond \p end. - * \return #MBEDTLS_ERR_ASN1_INVALID_LENGTH if the length is unparseable. - */ -int mbedtls_asn1_get_len( unsigned char **p, - const unsigned char *end, - size_t *len ); - -/** - * \brief Get the tag and length of the element. - * Check for the requested tag. - * Updates the pointer to immediately behind the tag and length. - * - * \param p On entry, \c *p points to the start of the ASN.1 element. - * On successful completion, \c *p points to the first byte - * after the length, i.e. the first byte of the content. - * On error, the value of \c *p is undefined. - * \param end End of data. - * \param len On successful completion, \c *len contains the length - * read from the ASN.1 input. - * \param tag The expected tag. - * - * \return 0 if successful. - * \return #MBEDTLS_ERR_ASN1_UNEXPECTED_TAG if the data does not start - * with the requested tag. - * \return #MBEDTLS_ERR_ASN1_OUT_OF_DATA if the ASN.1 element - * would end beyond \p end. - * \return #MBEDTLS_ERR_ASN1_INVALID_LENGTH if the length is unparseable. - */ -int mbedtls_asn1_get_tag( unsigned char **p, - const unsigned char *end, - size_t *len, int tag ); - -/** - * \brief Retrieve a boolean ASN.1 tag and its value. - * Updates the pointer to immediately behind the full tag. - * - * \param p On entry, \c *p points to the start of the ASN.1 element. - * On successful completion, \c *p points to the first byte - * beyond the ASN.1 element. - * On error, the value of \c *p is undefined. - * \param end End of data. - * \param val On success, the parsed value (\c 0 or \c 1). - * - * \return 0 if successful. - * \return An ASN.1 error code if the input does not start with - * a valid ASN.1 BOOLEAN. - */ -int mbedtls_asn1_get_bool( unsigned char **p, - const unsigned char *end, - int *val ); - -/** - * \brief Retrieve an integer ASN.1 tag and its value. - * Updates the pointer to immediately behind the full tag. - * - * \param p On entry, \c *p points to the start of the ASN.1 element. - * On successful completion, \c *p points to the first byte - * beyond the ASN.1 element. - * On error, the value of \c *p is undefined. - * \param end End of data. - * \param val On success, the parsed value. - * - * \return 0 if successful. - * \return An ASN.1 error code if the input does not start with - * a valid ASN.1 INTEGER. - * \return #MBEDTLS_ERR_ASN1_INVALID_LENGTH if the parsed value does - * not fit in an \c int. - */ -int mbedtls_asn1_get_int( unsigned char **p, - const unsigned char *end, - int *val ); - -/** - * \brief Retrieve an enumerated ASN.1 tag and its value. - * Updates the pointer to immediately behind the full tag. - * - * \param p On entry, \c *p points to the start of the ASN.1 element. - * On successful completion, \c *p points to the first byte - * beyond the ASN.1 element. - * On error, the value of \c *p is undefined. - * \param end End of data. - * \param val On success, the parsed value. - * - * \return 0 if successful. - * \return An ASN.1 error code if the input does not start with - * a valid ASN.1 ENUMERATED. - * \return #MBEDTLS_ERR_ASN1_INVALID_LENGTH if the parsed value does - * not fit in an \c int. - */ -int mbedtls_asn1_get_enum( unsigned char **p, - const unsigned char *end, - int *val ); - -/** - * \brief Retrieve a bitstring ASN.1 tag and its value. - * Updates the pointer to immediately behind the full tag. - * - * \param p On entry, \c *p points to the start of the ASN.1 element. - * On successful completion, \c *p is equal to \p end. - * On error, the value of \c *p is undefined. - * \param end End of data. - * \param bs On success, ::mbedtls_asn1_bitstring information about - * the parsed value. - * - * \return 0 if successful. - * \return #MBEDTLS_ERR_ASN1_LENGTH_MISMATCH if the input contains - * extra data after a valid BIT STRING. - * \return An ASN.1 error code if the input does not start with - * a valid ASN.1 BIT STRING. - */ -int mbedtls_asn1_get_bitstring( unsigned char **p, const unsigned char *end, - mbedtls_asn1_bitstring *bs ); - -/** - * \brief Retrieve a bitstring ASN.1 tag without unused bits and its - * value. - * Updates the pointer to the beginning of the bit/octet string. - * - * \param p On entry, \c *p points to the start of the ASN.1 element. - * On successful completion, \c *p points to the first byte - * of the content of the BIT STRING. - * On error, the value of \c *p is undefined. - * \param end End of data. - * \param len On success, \c *len is the length of the content in bytes. - * - * \return 0 if successful. - * \return #MBEDTLS_ERR_ASN1_INVALID_DATA if the input starts with - * a valid BIT STRING with a nonzero number of unused bits. - * \return An ASN.1 error code if the input does not start with - * a valid ASN.1 BIT STRING. - */ -int mbedtls_asn1_get_bitstring_null( unsigned char **p, - const unsigned char *end, - size_t *len ); - -/** - * \brief Parses and splits an ASN.1 "SEQUENCE OF ". - * Updates the pointer to immediately behind the full sequence tag. - * - * This function allocates memory for the sequence elements. You can free - * the allocated memory with mbedtls_asn1_sequence_free(). - * - * \note On error, this function may return a partial list in \p cur. - * You must set `cur->next = NULL` before calling this function! - * Otherwise it is impossible to distinguish a previously non-null - * pointer from a pointer to an object allocated by this function. - * - * \note If the sequence is empty, this function does not modify - * \c *cur. If the sequence is valid and non-empty, this - * function sets `cur->buf.tag` to \p tag. This allows - * callers to distinguish between an empty sequence and - * a one-element sequence. - * - * \param p On entry, \c *p points to the start of the ASN.1 element. - * On successful completion, \c *p is equal to \p end. - * On error, the value of \c *p is undefined. - * \param end End of data. - * \param cur A ::mbedtls_asn1_sequence which this function fills. - * When this function returns, \c *cur is the head of a linked - * list. Each node in this list is allocated with - * mbedtls_calloc() apart from \p cur itself, and should - * therefore be freed with mbedtls_free(). - * The list describes the content of the sequence. - * The head of the list (i.e. \c *cur itself) describes the - * first element, `*cur->next` describes the second element, etc. - * For each element, `buf.tag == tag`, `buf.len` is the length - * of the content of the content of the element, and `buf.p` - * points to the first byte of the content (i.e. immediately - * past the length of the element). - * Note that list elements may be allocated even on error. - * \param tag Each element of the sequence must have this tag. - * - * \return 0 if successful. - * \return #MBEDTLS_ERR_ASN1_LENGTH_MISMATCH if the input contains - * extra data after a valid SEQUENCE OF \p tag. - * \return #MBEDTLS_ERR_ASN1_UNEXPECTED_TAG if the input starts with - * an ASN.1 SEQUENCE in which an element has a tag that - * is different from \p tag. - * \return #MBEDTLS_ERR_ASN1_ALLOC_FAILED if a memory allocation failed. - * \return An ASN.1 error code if the input does not start with - * a valid ASN.1 SEQUENCE. - */ -int mbedtls_asn1_get_sequence_of( unsigned char **p, - const unsigned char *end, - mbedtls_asn1_sequence *cur, - int tag ); -/** - * \brief Free a heap-allocated linked list presentation of - * an ASN.1 sequence, including the first element. - * - * There are two common ways to manage the memory used for the representation - * of a parsed ASN.1 sequence: - * - Allocate a head node `mbedtls_asn1_sequence *head` with mbedtls_calloc(). - * Pass this node as the `cur` argument to mbedtls_asn1_get_sequence_of(). - * When you have finished processing the sequence, - * call mbedtls_asn1_sequence_free() on `head`. - * - Allocate a head node `mbedtls_asn1_sequence *head` in any manner, - * for example on the stack. Make sure that `head->next == NULL`. - * Pass `head` as the `cur` argument to mbedtls_asn1_get_sequence_of(). - * When you have finished processing the sequence, - * call mbedtls_asn1_sequence_free() on `head->cur`, - * then free `head` itself in the appropriate manner. - * - * \param seq The address of the first sequence component. This may - * be \c NULL, in which case this functions returns - * immediately. - */ -void mbedtls_asn1_sequence_free( mbedtls_asn1_sequence *seq ); - -/** - * \brief Traverse an ASN.1 SEQUENCE container and - * call a callback for each entry. - * - * This function checks that the input is a SEQUENCE of elements that - * each have a "must" tag, and calls a callback function on the elements - * that have a "may" tag. - * - * For example, to validate that the input is a SEQUENCE of `tag1` and call - * `cb` on each element, use - * ``` - * mbedtls_asn1_traverse_sequence_of(&p, end, 0xff, tag1, 0, 0, cb, ctx); - * ``` - * - * To validate that the input is a SEQUENCE of ANY and call `cb` on - * each element, use - * ``` - * mbedtls_asn1_traverse_sequence_of(&p, end, 0, 0, 0, 0, cb, ctx); - * ``` - * - * To validate that the input is a SEQUENCE of CHOICE {NULL, OCTET STRING} - * and call `cb` on each element that is an OCTET STRING, use - * ``` - * mbedtls_asn1_traverse_sequence_of(&p, end, 0xfe, 0x04, 0xff, 0x04, cb, ctx); - * ``` - * - * The callback is called on the elements with a "may" tag from left to - * right. If the input is not a valid SEQUENCE of elements with a "must" tag, - * the callback is called on the elements up to the leftmost point where - * the input is invalid. - * - * \warning This function is still experimental and may change - * at any time. - * - * \param p The address of the pointer to the beginning of - * the ASN.1 SEQUENCE header. This is updated to - * point to the end of the ASN.1 SEQUENCE container - * on a successful invocation. - * \param end The end of the ASN.1 SEQUENCE container. - * \param tag_must_mask A mask to be applied to the ASN.1 tags found within - * the SEQUENCE before comparing to \p tag_must_value. - * \param tag_must_val The required value of each ASN.1 tag found in the - * SEQUENCE, after masking with \p tag_must_mask. - * Mismatching tags lead to an error. - * For example, a value of \c 0 for both \p tag_must_mask - * and \p tag_must_val means that every tag is allowed, - * while a value of \c 0xFF for \p tag_must_mask means - * that \p tag_must_val is the only allowed tag. - * \param tag_may_mask A mask to be applied to the ASN.1 tags found within - * the SEQUENCE before comparing to \p tag_may_value. - * \param tag_may_val The desired value of each ASN.1 tag found in the - * SEQUENCE, after masking with \p tag_may_mask. - * Mismatching tags will be silently ignored. - * For example, a value of \c 0 for \p tag_may_mask and - * \p tag_may_val means that any tag will be considered, - * while a value of \c 0xFF for \p tag_may_mask means - * that all tags with value different from \p tag_may_val - * will be ignored. - * \param cb The callback to trigger for each component - * in the ASN.1 SEQUENCE that matches \p tag_may_val. - * The callback function is called with the following - * parameters: - * - \p ctx. - * - The tag of the current element. - * - A pointer to the start of the current element's - * content inside the input. - * - The length of the content of the current element. - * If the callback returns a non-zero value, - * the function stops immediately, - * forwarding the callback's return value. - * \param ctx The context to be passed to the callback \p cb. - * - * \return \c 0 if successful the entire ASN.1 SEQUENCE - * was traversed without parsing or callback errors. - * \return #MBEDTLS_ERR_ASN1_LENGTH_MISMATCH if the input - * contains extra data after a valid SEQUENCE - * of elements with an accepted tag. - * \return #MBEDTLS_ERR_ASN1_UNEXPECTED_TAG if the input starts - * with an ASN.1 SEQUENCE in which an element has a tag - * that is not accepted. - * \return An ASN.1 error code if the input does not start with - * a valid ASN.1 SEQUENCE. - * \return A non-zero error code forwarded from the callback - * \p cb in case the latter returns a non-zero value. - */ -int mbedtls_asn1_traverse_sequence_of( - unsigned char **p, - const unsigned char *end, - unsigned char tag_must_mask, unsigned char tag_must_val, - unsigned char tag_may_mask, unsigned char tag_may_val, - int (*cb)( void *ctx, int tag, - unsigned char* start, size_t len ), - void *ctx ); - -#if defined(MBEDTLS_BIGNUM_C) -/** - * \brief Retrieve an integer ASN.1 tag and its value. - * Updates the pointer to immediately behind the full tag. - * - * \param p On entry, \c *p points to the start of the ASN.1 element. - * On successful completion, \c *p points to the first byte - * beyond the ASN.1 element. - * On error, the value of \c *p is undefined. - * \param end End of data. - * \param X On success, the parsed value. - * - * \return 0 if successful. - * \return An ASN.1 error code if the input does not start with - * a valid ASN.1 INTEGER. - * \return #MBEDTLS_ERR_ASN1_INVALID_LENGTH if the parsed value does - * not fit in an \c int. - * \return An MPI error code if the parsed value is too large. - */ -int mbedtls_asn1_get_mpi( unsigned char **p, - const unsigned char *end, - mbedtls_mpi *X ); -#endif /* MBEDTLS_BIGNUM_C */ - -/** - * \brief Retrieve an AlgorithmIdentifier ASN.1 sequence. - * Updates the pointer to immediately behind the full - * AlgorithmIdentifier. - * - * \param p On entry, \c *p points to the start of the ASN.1 element. - * On successful completion, \c *p points to the first byte - * beyond the AlgorithmIdentifier element. - * On error, the value of \c *p is undefined. - * \param end End of data. - * \param alg The buffer to receive the OID. - * \param params The buffer to receive the parameters. - * This is zeroized if there are no parameters. - * - * \return 0 if successful or a specific ASN.1 or MPI error code. - */ -int mbedtls_asn1_get_alg( unsigned char **p, - const unsigned char *end, - mbedtls_asn1_buf *alg, mbedtls_asn1_buf *params ); - -/** - * \brief Retrieve an AlgorithmIdentifier ASN.1 sequence with NULL or no - * params. - * Updates the pointer to immediately behind the full - * AlgorithmIdentifier. - * - * \param p On entry, \c *p points to the start of the ASN.1 element. - * On successful completion, \c *p points to the first byte - * beyond the AlgorithmIdentifier element. - * On error, the value of \c *p is undefined. - * \param end End of data. - * \param alg The buffer to receive the OID. - * - * \return 0 if successful or a specific ASN.1 or MPI error code. - */ -int mbedtls_asn1_get_alg_null( unsigned char **p, - const unsigned char *end, - mbedtls_asn1_buf *alg ); - -/** - * \brief Find a specific named_data entry in a sequence or list based on - * the OID. - * - * \param list The list to seek through - * \param oid The OID to look for - * \param len Size of the OID - * - * \return NULL if not found, or a pointer to the existing entry. - */ -const mbedtls_asn1_named_data *mbedtls_asn1_find_named_data( const mbedtls_asn1_named_data *list, - const char *oid, size_t len ); - -/** - * \brief Free a mbedtls_asn1_named_data entry - * - * \param entry The named data entry to free. - * This function calls mbedtls_free() on - * `entry->oid.p` and `entry->val.p`. - */ -void mbedtls_asn1_free_named_data( mbedtls_asn1_named_data *entry ); - -/** - * \brief Free all entries in a mbedtls_asn1_named_data list. - * - * \param head Pointer to the head of the list of named data entries to free. - * This function calls mbedtls_asn1_free_named_data() and - * mbedtls_free() on each list element and - * sets \c *head to \c NULL. - */ -void mbedtls_asn1_free_named_data_list( mbedtls_asn1_named_data **head ); - -#ifdef __cplusplus -} -#endif - -#endif /* asn1.h */ diff --git a/windows/mbedtls/asn1write.h b/windows/mbedtls/asn1write.h deleted file mode 100644 index d60ca0da..00000000 --- a/windows/mbedtls/asn1write.h +++ /dev/null @@ -1,366 +0,0 @@ -/** - * \file asn1write.h - * - * \brief ASN.1 buffer writing functionality - */ -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -#ifndef MBEDTLS_ASN1_WRITE_H -#define MBEDTLS_ASN1_WRITE_H - -#include "mbedtls/build_info.h" - -#include "mbedtls/asn1.h" - -#define MBEDTLS_ASN1_CHK_ADD(g, f) \ - do \ - { \ - if( ( ret = (f) ) < 0 ) \ - return( ret ); \ - else \ - (g) += ret; \ - } while( 0 ) - -#ifdef __cplusplus -extern "C" { -#endif - -/** - * \brief Write a length field in ASN.1 format. - * - * \note This function works backwards in data buffer. - * - * \param p The reference to the current position pointer. - * \param start The start of the buffer, for bounds-checking. - * \param len The length value to write. - * - * \return The number of bytes written to \p p on success. - * \return A negative \c MBEDTLS_ERR_ASN1_XXX error code on failure. - */ -int mbedtls_asn1_write_len( unsigned char **p, const unsigned char *start, - size_t len ); -/** - * \brief Write an ASN.1 tag in ASN.1 format. - * - * \note This function works backwards in data buffer. - * - * \param p The reference to the current position pointer. - * \param start The start of the buffer, for bounds-checking. - * \param tag The tag to write. - * - * \return The number of bytes written to \p p on success. - * \return A negative \c MBEDTLS_ERR_ASN1_XXX error code on failure. - */ -int mbedtls_asn1_write_tag( unsigned char **p, const unsigned char *start, - unsigned char tag ); - -/** - * \brief Write raw buffer data. - * - * \note This function works backwards in data buffer. - * - * \param p The reference to the current position pointer. - * \param start The start of the buffer, for bounds-checking. - * \param buf The data buffer to write. - * \param size The length of the data buffer. - * - * \return The number of bytes written to \p p on success. - * \return A negative \c MBEDTLS_ERR_ASN1_XXX error code on failure. - */ -int mbedtls_asn1_write_raw_buffer( unsigned char **p, const unsigned char *start, - const unsigned char *buf, size_t size ); - -#if defined(MBEDTLS_BIGNUM_C) -/** - * \brief Write a arbitrary-precision number (#MBEDTLS_ASN1_INTEGER) - * in ASN.1 format. - * - * \note This function works backwards in data buffer. - * - * \param p The reference to the current position pointer. - * \param start The start of the buffer, for bounds-checking. - * \param X The MPI to write. - * It must be non-negative. - * - * \return The number of bytes written to \p p on success. - * \return A negative \c MBEDTLS_ERR_ASN1_XXX error code on failure. - */ -int mbedtls_asn1_write_mpi( unsigned char **p, const unsigned char *start, - const mbedtls_mpi *X ); -#endif /* MBEDTLS_BIGNUM_C */ - -/** - * \brief Write a NULL tag (#MBEDTLS_ASN1_NULL) with zero data - * in ASN.1 format. - * - * \note This function works backwards in data buffer. - * - * \param p The reference to the current position pointer. - * \param start The start of the buffer, for bounds-checking. - * - * \return The number of bytes written to \p p on success. - * \return A negative \c MBEDTLS_ERR_ASN1_XXX error code on failure. - */ -int mbedtls_asn1_write_null( unsigned char **p, const unsigned char *start ); - -/** - * \brief Write an OID tag (#MBEDTLS_ASN1_OID) and data - * in ASN.1 format. - * - * \note This function works backwards in data buffer. - * - * \param p The reference to the current position pointer. - * \param start The start of the buffer, for bounds-checking. - * \param oid The OID to write. - * \param oid_len The length of the OID. - * - * \return The number of bytes written to \p p on success. - * \return A negative \c MBEDTLS_ERR_ASN1_XXX error code on failure. - */ -int mbedtls_asn1_write_oid( unsigned char **p, const unsigned char *start, - const char *oid, size_t oid_len ); - -/** - * \brief Write an AlgorithmIdentifier sequence in ASN.1 format. - * - * \note This function works backwards in data buffer. - * - * \param p The reference to the current position pointer. - * \param start The start of the buffer, for bounds-checking. - * \param oid The OID of the algorithm to write. - * \param oid_len The length of the algorithm's OID. - * \param par_len The length of the parameters, which must be already written. - * If 0, NULL parameters are added - * - * \return The number of bytes written to \p p on success. - * \return A negative \c MBEDTLS_ERR_ASN1_XXX error code on failure. - */ -int mbedtls_asn1_write_algorithm_identifier( unsigned char **p, - const unsigned char *start, - const char *oid, size_t oid_len, - size_t par_len ); - -/** - * \brief Write a boolean tag (#MBEDTLS_ASN1_BOOLEAN) and value - * in ASN.1 format. - * - * \note This function works backwards in data buffer. - * - * \param p The reference to the current position pointer. - * \param start The start of the buffer, for bounds-checking. - * \param boolean The boolean value to write, either \c 0 or \c 1. - * - * \return The number of bytes written to \p p on success. - * \return A negative \c MBEDTLS_ERR_ASN1_XXX error code on failure. - */ -int mbedtls_asn1_write_bool( unsigned char **p, const unsigned char *start, - int boolean ); - -/** - * \brief Write an int tag (#MBEDTLS_ASN1_INTEGER) and value - * in ASN.1 format. - * - * \note This function works backwards in data buffer. - * - * \param p The reference to the current position pointer. - * \param start The start of the buffer, for bounds-checking. - * \param val The integer value to write. - * It must be non-negative. - * - * \return The number of bytes written to \p p on success. - * \return A negative \c MBEDTLS_ERR_ASN1_XXX error code on failure. - */ -int mbedtls_asn1_write_int( unsigned char **p, const unsigned char *start, int val ); - -/** - * \brief Write an enum tag (#MBEDTLS_ASN1_ENUMERATED) and value - * in ASN.1 format. - * - * \note This function works backwards in data buffer. - * - * \param p The reference to the current position pointer. - * \param start The start of the buffer, for bounds-checking. - * \param val The integer value to write. - * - * \return The number of bytes written to \p p on success. - * \return A negative \c MBEDTLS_ERR_ASN1_XXX error code on failure. - */ -int mbedtls_asn1_write_enum( unsigned char **p, const unsigned char *start, int val ); - -/** - * \brief Write a string in ASN.1 format using a specific - * string encoding tag. - - * \note This function works backwards in data buffer. - * - * \param p The reference to the current position pointer. - * \param start The start of the buffer, for bounds-checking. - * \param tag The string encoding tag to write, e.g. - * #MBEDTLS_ASN1_UTF8_STRING. - * \param text The string to write. - * \param text_len The length of \p text in bytes (which might - * be strictly larger than the number of characters). - * - * \return The number of bytes written to \p p on success. - * \return A negative error code on failure. - */ -int mbedtls_asn1_write_tagged_string( unsigned char **p, const unsigned char *start, - int tag, const char *text, - size_t text_len ); - -/** - * \brief Write a string in ASN.1 format using the PrintableString - * string encoding tag (#MBEDTLS_ASN1_PRINTABLE_STRING). - * - * \note This function works backwards in data buffer. - * - * \param p The reference to the current position pointer. - * \param start The start of the buffer, for bounds-checking. - * \param text The string to write. - * \param text_len The length of \p text in bytes (which might - * be strictly larger than the number of characters). - * - * \return The number of bytes written to \p p on success. - * \return A negative error code on failure. - */ -int mbedtls_asn1_write_printable_string( unsigned char **p, - const unsigned char *start, - const char *text, size_t text_len ); - -/** - * \brief Write a UTF8 string in ASN.1 format using the UTF8String - * string encoding tag (#MBEDTLS_ASN1_UTF8_STRING). - * - * \note This function works backwards in data buffer. - * - * \param p The reference to the current position pointer. - * \param start The start of the buffer, for bounds-checking. - * \param text The string to write. - * \param text_len The length of \p text in bytes (which might - * be strictly larger than the number of characters). - * - * \return The number of bytes written to \p p on success. - * \return A negative error code on failure. - */ -int mbedtls_asn1_write_utf8_string( unsigned char **p, const unsigned char *start, - const char *text, size_t text_len ); - -/** - * \brief Write a string in ASN.1 format using the IA5String - * string encoding tag (#MBEDTLS_ASN1_IA5_STRING). - * - * \note This function works backwards in data buffer. - * - * \param p The reference to the current position pointer. - * \param start The start of the buffer, for bounds-checking. - * \param text The string to write. - * \param text_len The length of \p text in bytes (which might - * be strictly larger than the number of characters). - * - * \return The number of bytes written to \p p on success. - * \return A negative error code on failure. - */ -int mbedtls_asn1_write_ia5_string( unsigned char **p, const unsigned char *start, - const char *text, size_t text_len ); - -/** - * \brief Write a bitstring tag (#MBEDTLS_ASN1_BIT_STRING) and - * value in ASN.1 format. - * - * \note This function works backwards in data buffer. - * - * \param p The reference to the current position pointer. - * \param start The start of the buffer, for bounds-checking. - * \param buf The bitstring to write. - * \param bits The total number of bits in the bitstring. - * - * \return The number of bytes written to \p p on success. - * \return A negative error code on failure. - */ -int mbedtls_asn1_write_bitstring( unsigned char **p, const unsigned char *start, - const unsigned char *buf, size_t bits ); - -/** - * \brief This function writes a named bitstring tag - * (#MBEDTLS_ASN1_BIT_STRING) and value in ASN.1 format. - * - * As stated in RFC 5280 Appendix B, trailing zeroes are - * omitted when encoding named bitstrings in DER. - * - * \note This function works backwards within the data buffer. - * - * \param p The reference to the current position pointer. - * \param start The start of the buffer which is used for bounds-checking. - * \param buf The bitstring to write. - * \param bits The total number of bits in the bitstring. - * - * \return The number of bytes written to \p p on success. - * \return A negative error code on failure. - */ -int mbedtls_asn1_write_named_bitstring( unsigned char **p, - const unsigned char *start, - const unsigned char *buf, - size_t bits ); - -/** - * \brief Write an octet string tag (#MBEDTLS_ASN1_OCTET_STRING) - * and value in ASN.1 format. - * - * \note This function works backwards in data buffer. - * - * \param p The reference to the current position pointer. - * \param start The start of the buffer, for bounds-checking. - * \param buf The buffer holding the data to write. - * \param size The length of the data buffer \p buf. - * - * \return The number of bytes written to \p p on success. - * \return A negative error code on failure. - */ -int mbedtls_asn1_write_octet_string( unsigned char **p, const unsigned char *start, - const unsigned char *buf, size_t size ); - -/** - * \brief Create or find a specific named_data entry for writing in a - * sequence or list based on the OID. If not already in there, - * a new entry is added to the head of the list. - * Warning: Destructive behaviour for the val data! - * - * \param list The pointer to the location of the head of the list to seek - * through (will be updated in case of a new entry). - * \param oid The OID to look for. - * \param oid_len The size of the OID. - * \param val The associated data to store. If this is \c NULL, - * no data is copied to the new or existing buffer. - * \param val_len The minimum length of the data buffer needed. - * If this is 0, do not allocate a buffer for the associated - * data. - * If the OID was already present, enlarge, shrink or free - * the existing buffer to fit \p val_len. - * - * \return A pointer to the new / existing entry on success. - * \return \c NULL if if there was a memory allocation error. - */ -mbedtls_asn1_named_data *mbedtls_asn1_store_named_data( mbedtls_asn1_named_data **list, - const char *oid, size_t oid_len, - const unsigned char *val, - size_t val_len ); - -#ifdef __cplusplus -} -#endif - -#endif /* MBEDTLS_ASN1_WRITE_H */ diff --git a/windows/mbedtls/base64.h b/windows/mbedtls/base64.h deleted file mode 100644 index e3938b40..00000000 --- a/windows/mbedtls/base64.h +++ /dev/null @@ -1,92 +0,0 @@ -/** - * \file base64.h - * - * \brief RFC 1521 base64 encoding/decoding - */ -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -#ifndef MBEDTLS_BASE64_H -#define MBEDTLS_BASE64_H - -#include "mbedtls/build_info.h" - -#include - -#define MBEDTLS_ERR_BASE64_BUFFER_TOO_SMALL -0x002A /**< Output buffer too small. */ -#define MBEDTLS_ERR_BASE64_INVALID_CHARACTER -0x002C /**< Invalid character in input. */ - -#ifdef __cplusplus -extern "C" { -#endif - -/** - * \brief Encode a buffer into base64 format - * - * \param dst destination buffer - * \param dlen size of the destination buffer - * \param olen number of bytes written - * \param src source buffer - * \param slen amount of data to be encoded - * - * \return 0 if successful, or MBEDTLS_ERR_BASE64_BUFFER_TOO_SMALL. - * *olen is always updated to reflect the amount - * of data that has (or would have) been written. - * If that length cannot be represented, then no data is - * written to the buffer and *olen is set to the maximum - * length representable as a size_t. - * - * \note Call this function with dlen = 0 to obtain the - * required buffer size in *olen - */ -int mbedtls_base64_encode( unsigned char *dst, size_t dlen, size_t *olen, - const unsigned char *src, size_t slen ); - -/** - * \brief Decode a base64-formatted buffer - * - * \param dst destination buffer (can be NULL for checking size) - * \param dlen size of the destination buffer - * \param olen number of bytes written - * \param src source buffer - * \param slen amount of data to be decoded - * - * \return 0 if successful, MBEDTLS_ERR_BASE64_BUFFER_TOO_SMALL, or - * MBEDTLS_ERR_BASE64_INVALID_CHARACTER if the input data is - * not correct. *olen is always updated to reflect the amount - * of data that has (or would have) been written. - * - * \note Call this function with *dst = NULL or dlen = 0 to obtain - * the required buffer size in *olen - */ -int mbedtls_base64_decode( unsigned char *dst, size_t dlen, size_t *olen, - const unsigned char *src, size_t slen ); - -#if defined(MBEDTLS_SELF_TEST) -/** - * \brief Checkup routine - * - * \return 0 if successful, or 1 if the test failed - */ -int mbedtls_base64_self_test( int verbose ); - -#endif /* MBEDTLS_SELF_TEST */ - -#ifdef __cplusplus -} -#endif - -#endif /* base64.h */ diff --git a/windows/mbedtls/bignum.h b/windows/mbedtls/bignum.h deleted file mode 100644 index 5187d866..00000000 --- a/windows/mbedtls/bignum.h +++ /dev/null @@ -1,1021 +0,0 @@ -/** - * \file bignum.h - * - * \brief Multi-precision integer library - */ -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -#ifndef MBEDTLS_BIGNUM_H -#define MBEDTLS_BIGNUM_H -#include "mbedtls/private_access.h" - -#include "mbedtls/build_info.h" - -#include -#include - -#if defined(MBEDTLS_FS_IO) -#include -#endif - -#define MBEDTLS_ERR_MPI_FILE_IO_ERROR -0x0002 /**< An error occurred while reading from or writing to a file. */ -#define MBEDTLS_ERR_MPI_BAD_INPUT_DATA -0x0004 /**< Bad input parameters to function. */ -#define MBEDTLS_ERR_MPI_INVALID_CHARACTER -0x0006 /**< There is an invalid character in the digit string. */ -#define MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL -0x0008 /**< The buffer is too small to write to. */ -#define MBEDTLS_ERR_MPI_NEGATIVE_VALUE -0x000A /**< The input arguments are negative or result in illegal output. */ -#define MBEDTLS_ERR_MPI_DIVISION_BY_ZERO -0x000C /**< The input argument for division is zero, which is not allowed. */ -#define MBEDTLS_ERR_MPI_NOT_ACCEPTABLE -0x000E /**< The input arguments are not acceptable. */ -#define MBEDTLS_ERR_MPI_ALLOC_FAILED -0x0010 /**< Memory allocation failed. */ - -#define MBEDTLS_MPI_CHK(f) \ - do \ - { \ - if( ( ret = (f) ) != 0 ) \ - goto cleanup; \ - } while( 0 ) - -/* - * Maximum size MPIs are allowed to grow to in number of limbs. - */ -#define MBEDTLS_MPI_MAX_LIMBS 10000 - -#if !defined(MBEDTLS_MPI_WINDOW_SIZE) -/* - * Maximum window size used for modular exponentiation. Default: 6 - * Minimum value: 1. Maximum value: 6. - * - * Result is an array of ( 2 ** MBEDTLS_MPI_WINDOW_SIZE ) MPIs used - * for the sliding window calculation. (So 64 by default) - * - * Reduction in size, reduces speed. - */ -#define MBEDTLS_MPI_WINDOW_SIZE 6 /**< Maximum window size used. */ -#endif /* !MBEDTLS_MPI_WINDOW_SIZE */ - -#if !defined(MBEDTLS_MPI_MAX_SIZE) -/* - * Maximum size of MPIs allowed in bits and bytes for user-MPIs. - * ( Default: 512 bytes => 4096 bits, Maximum tested: 2048 bytes => 16384 bits ) - * - * Note: Calculations can temporarily result in larger MPIs. So the number - * of limbs required (MBEDTLS_MPI_MAX_LIMBS) is higher. - */ -#define MBEDTLS_MPI_MAX_SIZE 1024 /**< Maximum number of bytes for usable MPIs. */ -#endif /* !MBEDTLS_MPI_MAX_SIZE */ - -#define MBEDTLS_MPI_MAX_BITS ( 8 * MBEDTLS_MPI_MAX_SIZE ) /**< Maximum number of bits for usable MPIs. */ - -/* - * When reading from files with mbedtls_mpi_read_file() and writing to files with - * mbedtls_mpi_write_file() the buffer should have space - * for a (short) label, the MPI (in the provided radix), the newline - * characters and the '\0'. - * - * By default we assume at least a 10 char label, a minimum radix of 10 - * (decimal) and a maximum of 4096 bit numbers (1234 decimal chars). - * Autosized at compile time for at least a 10 char label, a minimum radix - * of 10 (decimal) for a number of MBEDTLS_MPI_MAX_BITS size. - * - * This used to be statically sized to 1250 for a maximum of 4096 bit - * numbers (1234 decimal chars). - * - * Calculate using the formula: - * MBEDTLS_MPI_RW_BUFFER_SIZE = ceil(MBEDTLS_MPI_MAX_BITS / ln(10) * ln(2)) + - * LabelSize + 6 - */ -#define MBEDTLS_MPI_MAX_BITS_SCALE100 ( 100 * MBEDTLS_MPI_MAX_BITS ) -#define MBEDTLS_LN_2_DIV_LN_10_SCALE100 332 -#define MBEDTLS_MPI_RW_BUFFER_SIZE ( ((MBEDTLS_MPI_MAX_BITS_SCALE100 + MBEDTLS_LN_2_DIV_LN_10_SCALE100 - 1) / MBEDTLS_LN_2_DIV_LN_10_SCALE100) + 10 + 6 ) - -/* - * Define the base integer type, architecture-wise. - * - * 32 or 64-bit integer types can be forced regardless of the underlying - * architecture by defining MBEDTLS_HAVE_INT32 or MBEDTLS_HAVE_INT64 - * respectively and undefining MBEDTLS_HAVE_ASM. - * - * Double-width integers (e.g. 128-bit in 64-bit architectures) can be - * disabled by defining MBEDTLS_NO_UDBL_DIVISION. - */ -#if !defined(MBEDTLS_HAVE_INT32) - #if defined(_MSC_VER) && defined(_M_AMD64) - /* Always choose 64-bit when using MSC */ - #if !defined(MBEDTLS_HAVE_INT64) - #define MBEDTLS_HAVE_INT64 - #endif /* !MBEDTLS_HAVE_INT64 */ - typedef int64_t mbedtls_mpi_sint; - typedef uint64_t mbedtls_mpi_uint; - #elif defined(__GNUC__) && ( \ - defined(__amd64__) || defined(__x86_64__) || \ - defined(__ppc64__) || defined(__powerpc64__) || \ - defined(__ia64__) || defined(__alpha__) || \ - ( defined(__sparc__) && defined(__arch64__) ) || \ - defined(__s390x__) || defined(__mips64) || \ - defined(__aarch64__) ) - #if !defined(MBEDTLS_HAVE_INT64) - #define MBEDTLS_HAVE_INT64 - #endif /* MBEDTLS_HAVE_INT64 */ - typedef int64_t mbedtls_mpi_sint; - typedef uint64_t mbedtls_mpi_uint; - #if !defined(MBEDTLS_NO_UDBL_DIVISION) - /* mbedtls_t_udbl defined as 128-bit unsigned int */ - typedef unsigned int mbedtls_t_udbl __attribute__((mode(TI))); - #define MBEDTLS_HAVE_UDBL - #endif /* !MBEDTLS_NO_UDBL_DIVISION */ - #elif defined(__ARMCC_VERSION) && defined(__aarch64__) - /* - * __ARMCC_VERSION is defined for both armcc and armclang and - * __aarch64__ is only defined by armclang when compiling 64-bit code - */ - #if !defined(MBEDTLS_HAVE_INT64) - #define MBEDTLS_HAVE_INT64 - #endif /* !MBEDTLS_HAVE_INT64 */ - typedef int64_t mbedtls_mpi_sint; - typedef uint64_t mbedtls_mpi_uint; - #if !defined(MBEDTLS_NO_UDBL_DIVISION) - /* mbedtls_t_udbl defined as 128-bit unsigned int */ - typedef __uint128_t mbedtls_t_udbl; - #define MBEDTLS_HAVE_UDBL - #endif /* !MBEDTLS_NO_UDBL_DIVISION */ - #elif defined(MBEDTLS_HAVE_INT64) - /* Force 64-bit integers with unknown compiler */ - typedef int64_t mbedtls_mpi_sint; - typedef uint64_t mbedtls_mpi_uint; - #endif -#endif /* !MBEDTLS_HAVE_INT32 */ - -#if !defined(MBEDTLS_HAVE_INT64) - /* Default to 32-bit compilation */ - #if !defined(MBEDTLS_HAVE_INT32) - #define MBEDTLS_HAVE_INT32 - #endif /* !MBEDTLS_HAVE_INT32 */ - typedef int32_t mbedtls_mpi_sint; - typedef uint32_t mbedtls_mpi_uint; - #if !defined(MBEDTLS_NO_UDBL_DIVISION) - typedef uint64_t mbedtls_t_udbl; - #define MBEDTLS_HAVE_UDBL - #endif /* !MBEDTLS_NO_UDBL_DIVISION */ -#endif /* !MBEDTLS_HAVE_INT64 */ - -#ifdef __cplusplus -extern "C" { -#endif - -/** - * \brief MPI structure - */ -typedef struct mbedtls_mpi -{ - int MBEDTLS_PRIVATE(s); /*!< Sign: -1 if the mpi is negative, 1 otherwise */ - size_t MBEDTLS_PRIVATE(n); /*!< total # of limbs */ - mbedtls_mpi_uint *MBEDTLS_PRIVATE(p); /*!< pointer to limbs */ -} -mbedtls_mpi; - -/** - * \brief Initialize an MPI context. - * - * This makes the MPI ready to be set or freed, - * but does not define a value for the MPI. - * - * \param X The MPI context to initialize. This must not be \c NULL. - */ -void mbedtls_mpi_init( mbedtls_mpi *X ); - -/** - * \brief This function frees the components of an MPI context. - * - * \param X The MPI context to be cleared. This may be \c NULL, - * in which case this function is a no-op. If it is - * not \c NULL, it must point to an initialized MPI. - */ -void mbedtls_mpi_free( mbedtls_mpi *X ); - -/** - * \brief Enlarge an MPI to the specified number of limbs. - * - * \note This function does nothing if the MPI is - * already large enough. - * - * \param X The MPI to grow. It must be initialized. - * \param nblimbs The target number of limbs. - * - * \return \c 0 if successful. - * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed. - * \return Another negative error code on other kinds of failure. - */ -int mbedtls_mpi_grow( mbedtls_mpi *X, size_t nblimbs ); - -/** - * \brief This function resizes an MPI downwards, keeping at least the - * specified number of limbs. - * - * If \c X is smaller than \c nblimbs, it is resized up - * instead. - * - * \param X The MPI to shrink. This must point to an initialized MPI. - * \param nblimbs The minimum number of limbs to keep. - * - * \return \c 0 if successful. - * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed - * (this can only happen when resizing up). - * \return Another negative error code on other kinds of failure. - */ -int mbedtls_mpi_shrink( mbedtls_mpi *X, size_t nblimbs ); - -/** - * \brief Make a copy of an MPI. - * - * \param X The destination MPI. This must point to an initialized MPI. - * \param Y The source MPI. This must point to an initialized MPI. - * - * \note The limb-buffer in the destination MPI is enlarged - * if necessary to hold the value in the source MPI. - * - * \return \c 0 if successful. - * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed. - * \return Another negative error code on other kinds of failure. - */ -int mbedtls_mpi_copy( mbedtls_mpi *X, const mbedtls_mpi *Y ); - -/** - * \brief Swap the contents of two MPIs. - * - * \param X The first MPI. It must be initialized. - * \param Y The second MPI. It must be initialized. - */ -void mbedtls_mpi_swap( mbedtls_mpi *X, mbedtls_mpi *Y ); - -/** - * \brief Perform a safe conditional copy of MPI which doesn't - * reveal whether the condition was true or not. - * - * \param X The MPI to conditionally assign to. This must point - * to an initialized MPI. - * \param Y The MPI to be assigned from. This must point to an - * initialized MPI. - * \param assign The condition deciding whether to perform the - * assignment or not. Possible values: - * * \c 1: Perform the assignment `X = Y`. - * * \c 0: Keep the original value of \p X. - * - * \note This function is equivalent to - * `if( assign ) mbedtls_mpi_copy( X, Y );` - * except that it avoids leaking any information about whether - * the assignment was done or not (the above code may leak - * information through branch prediction and/or memory access - * patterns analysis). - * - * \return \c 0 if successful. - * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed. - * \return Another negative error code on other kinds of failure. - */ -int mbedtls_mpi_safe_cond_assign( mbedtls_mpi *X, const mbedtls_mpi *Y, unsigned char assign ); - -/** - * \brief Perform a safe conditional swap which doesn't - * reveal whether the condition was true or not. - * - * \param X The first MPI. This must be initialized. - * \param Y The second MPI. This must be initialized. - * \param assign The condition deciding whether to perform - * the swap or not. Possible values: - * * \c 1: Swap the values of \p X and \p Y. - * * \c 0: Keep the original values of \p X and \p Y. - * - * \note This function is equivalent to - * if( assign ) mbedtls_mpi_swap( X, Y ); - * except that it avoids leaking any information about whether - * the assignment was done or not (the above code may leak - * information through branch prediction and/or memory access - * patterns analysis). - * - * \return \c 0 if successful. - * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed. - * \return Another negative error code on other kinds of failure. - * - */ -int mbedtls_mpi_safe_cond_swap( mbedtls_mpi *X, mbedtls_mpi *Y, unsigned char assign ); - -/** - * \brief Store integer value in MPI. - * - * \param X The MPI to set. This must be initialized. - * \param z The value to use. - * - * \return \c 0 if successful. - * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed. - * \return Another negative error code on other kinds of failure. - */ -int mbedtls_mpi_lset( mbedtls_mpi *X, mbedtls_mpi_sint z ); - -/** - * \brief Get a specific bit from an MPI. - * - * \param X The MPI to query. This must be initialized. - * \param pos Zero-based index of the bit to query. - * - * \return \c 0 or \c 1 on success, depending on whether bit \c pos - * of \c X is unset or set. - * \return A negative error code on failure. - */ -int mbedtls_mpi_get_bit( const mbedtls_mpi *X, size_t pos ); - -/** - * \brief Modify a specific bit in an MPI. - * - * \note This function will grow the target MPI if necessary to set a - * bit to \c 1 in a not yet existing limb. It will not grow if - * the bit should be set to \c 0. - * - * \param X The MPI to modify. This must be initialized. - * \param pos Zero-based index of the bit to modify. - * \param val The desired value of bit \c pos: \c 0 or \c 1. - * - * \return \c 0 if successful. - * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed. - * \return Another negative error code on other kinds of failure. - */ -int mbedtls_mpi_set_bit( mbedtls_mpi *X, size_t pos, unsigned char val ); - -/** - * \brief Return the number of bits of value \c 0 before the - * least significant bit of value \c 1. - * - * \note This is the same as the zero-based index of - * the least significant bit of value \c 1. - * - * \param X The MPI to query. - * - * \return The number of bits of value \c 0 before the least significant - * bit of value \c 1 in \p X. - */ -size_t mbedtls_mpi_lsb( const mbedtls_mpi *X ); - -/** - * \brief Return the number of bits up to and including the most - * significant bit of value \c 1. - * - * * \note This is same as the one-based index of the most - * significant bit of value \c 1. - * - * \param X The MPI to query. This must point to an initialized MPI. - * - * \return The number of bits up to and including the most - * significant bit of value \c 1. - */ -size_t mbedtls_mpi_bitlen( const mbedtls_mpi *X ); - -/** - * \brief Return the total size of an MPI value in bytes. - * - * \param X The MPI to use. This must point to an initialized MPI. - * - * \note The value returned by this function may be less than - * the number of bytes used to store \p X internally. - * This happens if and only if there are trailing bytes - * of value zero. - * - * \return The least number of bytes capable of storing - * the absolute value of \p X. - */ -size_t mbedtls_mpi_size( const mbedtls_mpi *X ); - -/** - * \brief Import an MPI from an ASCII string. - * - * \param X The destination MPI. This must point to an initialized MPI. - * \param radix The numeric base of the input string. - * \param s Null-terminated string buffer. - * - * \return \c 0 if successful. - * \return A negative error code on failure. - */ -int mbedtls_mpi_read_string( mbedtls_mpi *X, int radix, const char *s ); - -/** - * \brief Export an MPI to an ASCII string. - * - * \param X The source MPI. This must point to an initialized MPI. - * \param radix The numeric base of the output string. - * \param buf The buffer to write the string to. This must be writable - * buffer of length \p buflen Bytes. - * \param buflen The available size in Bytes of \p buf. - * \param olen The address at which to store the length of the string - * written, including the final \c NULL byte. This must - * not be \c NULL. - * - * \note You can call this function with `buflen == 0` to obtain the - * minimum required buffer size in `*olen`. - * - * \return \c 0 if successful. - * \return #MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL if the target buffer \p buf - * is too small to hold the value of \p X in the desired base. - * In this case, `*olen` is nonetheless updated to contain the - * size of \p buf required for a successful call. - * \return Another negative error code on different kinds of failure. - */ -int mbedtls_mpi_write_string( const mbedtls_mpi *X, int radix, - char *buf, size_t buflen, size_t *olen ); - -#if defined(MBEDTLS_FS_IO) -/** - * \brief Read an MPI from a line in an opened file. - * - * \param X The destination MPI. This must point to an initialized MPI. - * \param radix The numeric base of the string representation used - * in the source line. - * \param fin The input file handle to use. This must not be \c NULL. - * - * \note On success, this function advances the file stream - * to the end of the current line or to EOF. - * - * The function returns \c 0 on an empty line. - * - * Leading whitespaces are ignored, as is a - * '0x' prefix for radix \c 16. - * - * \return \c 0 if successful. - * \return #MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL if the file read buffer - * is too small. - * \return Another negative error code on failure. - */ -int mbedtls_mpi_read_file( mbedtls_mpi *X, int radix, FILE *fin ); - -/** - * \brief Export an MPI into an opened file. - * - * \param p A string prefix to emit prior to the MPI data. - * For example, this might be a label, or "0x" when - * printing in base \c 16. This may be \c NULL if no prefix - * is needed. - * \param X The source MPI. This must point to an initialized MPI. - * \param radix The numeric base to be used in the emitted string. - * \param fout The output file handle. This may be \c NULL, in which case - * the output is written to \c stdout. - * - * \return \c 0 if successful. - * \return A negative error code on failure. - */ -int mbedtls_mpi_write_file( const char *p, const mbedtls_mpi *X, - int radix, FILE *fout ); -#endif /* MBEDTLS_FS_IO */ - -/** - * \brief Import an MPI from unsigned big endian binary data. - * - * \param X The destination MPI. This must point to an initialized MPI. - * \param buf The input buffer. This must be a readable buffer of length - * \p buflen Bytes. - * \param buflen The length of the input buffer \p p in Bytes. - * - * \return \c 0 if successful. - * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed. - * \return Another negative error code on different kinds of failure. - */ -int mbedtls_mpi_read_binary( mbedtls_mpi *X, const unsigned char *buf, - size_t buflen ); - -/** - * \brief Import X from unsigned binary data, little endian - * - * \param X The destination MPI. This must point to an initialized MPI. - * \param buf The input buffer. This must be a readable buffer of length - * \p buflen Bytes. - * \param buflen The length of the input buffer \p p in Bytes. - * - * \return \c 0 if successful. - * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed. - * \return Another negative error code on different kinds of failure. - */ -int mbedtls_mpi_read_binary_le( mbedtls_mpi *X, - const unsigned char *buf, size_t buflen ); - -/** - * \brief Export X into unsigned binary data, big endian. - * Always fills the whole buffer, which will start with zeros - * if the number is smaller. - * - * \param X The source MPI. This must point to an initialized MPI. - * \param buf The output buffer. This must be a writable buffer of length - * \p buflen Bytes. - * \param buflen The size of the output buffer \p buf in Bytes. - * - * \return \c 0 if successful. - * \return #MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL if \p buf isn't - * large enough to hold the value of \p X. - * \return Another negative error code on different kinds of failure. - */ -int mbedtls_mpi_write_binary( const mbedtls_mpi *X, unsigned char *buf, - size_t buflen ); - -/** - * \brief Export X into unsigned binary data, little endian. - * Always fills the whole buffer, which will end with zeros - * if the number is smaller. - * - * \param X The source MPI. This must point to an initialized MPI. - * \param buf The output buffer. This must be a writable buffer of length - * \p buflen Bytes. - * \param buflen The size of the output buffer \p buf in Bytes. - * - * \return \c 0 if successful. - * \return #MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL if \p buf isn't - * large enough to hold the value of \p X. - * \return Another negative error code on different kinds of failure. - */ -int mbedtls_mpi_write_binary_le( const mbedtls_mpi *X, - unsigned char *buf, size_t buflen ); - -/** - * \brief Perform a left-shift on an MPI: X <<= count - * - * \param X The MPI to shift. This must point to an initialized MPI. - * \param count The number of bits to shift by. - * - * \return \c 0 if successful. - * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed. - * \return Another negative error code on different kinds of failure. - */ -int mbedtls_mpi_shift_l( mbedtls_mpi *X, size_t count ); - -/** - * \brief Perform a right-shift on an MPI: X >>= count - * - * \param X The MPI to shift. This must point to an initialized MPI. - * \param count The number of bits to shift by. - * - * \return \c 0 if successful. - * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed. - * \return Another negative error code on different kinds of failure. - */ -int mbedtls_mpi_shift_r( mbedtls_mpi *X, size_t count ); - -/** - * \brief Compare the absolute values of two MPIs. - * - * \param X The left-hand MPI. This must point to an initialized MPI. - * \param Y The right-hand MPI. This must point to an initialized MPI. - * - * \return \c 1 if `|X|` is greater than `|Y|`. - * \return \c -1 if `|X|` is lesser than `|Y|`. - * \return \c 0 if `|X|` is equal to `|Y|`. - */ -int mbedtls_mpi_cmp_abs( const mbedtls_mpi *X, const mbedtls_mpi *Y ); - -/** - * \brief Compare two MPIs. - * - * \param X The left-hand MPI. This must point to an initialized MPI. - * \param Y The right-hand MPI. This must point to an initialized MPI. - * - * \return \c 1 if \p X is greater than \p Y. - * \return \c -1 if \p X is lesser than \p Y. - * \return \c 0 if \p X is equal to \p Y. - */ -int mbedtls_mpi_cmp_mpi( const mbedtls_mpi *X, const mbedtls_mpi *Y ); - -/** - * \brief Check if an MPI is less than the other in constant time. - * - * \param X The left-hand MPI. This must point to an initialized MPI - * with the same allocated length as Y. - * \param Y The right-hand MPI. This must point to an initialized MPI - * with the same allocated length as X. - * \param ret The result of the comparison: - * \c 1 if \p X is less than \p Y. - * \c 0 if \p X is greater than or equal to \p Y. - * - * \return 0 on success. - * \return MBEDTLS_ERR_MPI_BAD_INPUT_DATA if the allocated length of - * the two input MPIs is not the same. - */ -int mbedtls_mpi_lt_mpi_ct( const mbedtls_mpi *X, const mbedtls_mpi *Y, - unsigned *ret ); - -/** - * \brief Compare an MPI with an integer. - * - * \param X The left-hand MPI. This must point to an initialized MPI. - * \param z The integer value to compare \p X to. - * - * \return \c 1 if \p X is greater than \p z. - * \return \c -1 if \p X is lesser than \p z. - * \return \c 0 if \p X is equal to \p z. - */ -int mbedtls_mpi_cmp_int( const mbedtls_mpi *X, mbedtls_mpi_sint z ); - -/** - * \brief Perform an unsigned addition of MPIs: X = |A| + |B| - * - * \param X The destination MPI. This must point to an initialized MPI. - * \param A The first summand. This must point to an initialized MPI. - * \param B The second summand. This must point to an initialized MPI. - * - * \return \c 0 if successful. - * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed. - * \return Another negative error code on different kinds of failure. - */ -int mbedtls_mpi_add_abs( mbedtls_mpi *X, const mbedtls_mpi *A, - const mbedtls_mpi *B ); - -/** - * \brief Perform an unsigned subtraction of MPIs: X = |A| - |B| - * - * \param X The destination MPI. This must point to an initialized MPI. - * \param A The minuend. This must point to an initialized MPI. - * \param B The subtrahend. This must point to an initialized MPI. - * - * \return \c 0 if successful. - * \return #MBEDTLS_ERR_MPI_NEGATIVE_VALUE if \p B is greater than \p A. - * \return Another negative error code on different kinds of failure. - * - */ -int mbedtls_mpi_sub_abs( mbedtls_mpi *X, const mbedtls_mpi *A, - const mbedtls_mpi *B ); - -/** - * \brief Perform a signed addition of MPIs: X = A + B - * - * \param X The destination MPI. This must point to an initialized MPI. - * \param A The first summand. This must point to an initialized MPI. - * \param B The second summand. This must point to an initialized MPI. - * - * \return \c 0 if successful. - * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed. - * \return Another negative error code on different kinds of failure. - */ -int mbedtls_mpi_add_mpi( mbedtls_mpi *X, const mbedtls_mpi *A, - const mbedtls_mpi *B ); - -/** - * \brief Perform a signed subtraction of MPIs: X = A - B - * - * \param X The destination MPI. This must point to an initialized MPI. - * \param A The minuend. This must point to an initialized MPI. - * \param B The subtrahend. This must point to an initialized MPI. - * - * \return \c 0 if successful. - * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed. - * \return Another negative error code on different kinds of failure. - */ -int mbedtls_mpi_sub_mpi( mbedtls_mpi *X, const mbedtls_mpi *A, - const mbedtls_mpi *B ); - -/** - * \brief Perform a signed addition of an MPI and an integer: X = A + b - * - * \param X The destination MPI. This must point to an initialized MPI. - * \param A The first summand. This must point to an initialized MPI. - * \param b The second summand. - * - * \return \c 0 if successful. - * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed. - * \return Another negative error code on different kinds of failure. - */ -int mbedtls_mpi_add_int( mbedtls_mpi *X, const mbedtls_mpi *A, - mbedtls_mpi_sint b ); - -/** - * \brief Perform a signed subtraction of an MPI and an integer: - * X = A - b - * - * \param X The destination MPI. This must point to an initialized MPI. - * \param A The minuend. This must point to an initialized MPI. - * \param b The subtrahend. - * - * \return \c 0 if successful. - * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed. - * \return Another negative error code on different kinds of failure. - */ -int mbedtls_mpi_sub_int( mbedtls_mpi *X, const mbedtls_mpi *A, - mbedtls_mpi_sint b ); - -/** - * \brief Perform a multiplication of two MPIs: X = A * B - * - * \param X The destination MPI. This must point to an initialized MPI. - * \param A The first factor. This must point to an initialized MPI. - * \param B The second factor. This must point to an initialized MPI. - * - * \return \c 0 if successful. - * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed. - * \return Another negative error code on different kinds of failure. - * - */ -int mbedtls_mpi_mul_mpi( mbedtls_mpi *X, const mbedtls_mpi *A, - const mbedtls_mpi *B ); - -/** - * \brief Perform a multiplication of an MPI with an unsigned integer: - * X = A * b - * - * \param X The destination MPI. This must point to an initialized MPI. - * \param A The first factor. This must point to an initialized MPI. - * \param b The second factor. - * - * \return \c 0 if successful. - * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed. - * \return Another negative error code on different kinds of failure. - * - */ -int mbedtls_mpi_mul_int( mbedtls_mpi *X, const mbedtls_mpi *A, - mbedtls_mpi_uint b ); - -/** - * \brief Perform a division with remainder of two MPIs: - * A = Q * B + R - * - * \param Q The destination MPI for the quotient. - * This may be \c NULL if the value of the - * quotient is not needed. - * \param R The destination MPI for the remainder value. - * This may be \c NULL if the value of the - * remainder is not needed. - * \param A The dividend. This must point to an initialized MPi. - * \param B The divisor. This must point to an initialized MPI. - * - * \return \c 0 if successful. - * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed. - * \return #MBEDTLS_ERR_MPI_DIVISION_BY_ZERO if \p B equals zero. - * \return Another negative error code on different kinds of failure. - */ -int mbedtls_mpi_div_mpi( mbedtls_mpi *Q, mbedtls_mpi *R, const mbedtls_mpi *A, - const mbedtls_mpi *B ); - -/** - * \brief Perform a division with remainder of an MPI by an integer: - * A = Q * b + R - * - * \param Q The destination MPI for the quotient. - * This may be \c NULL if the value of the - * quotient is not needed. - * \param R The destination MPI for the remainder value. - * This may be \c NULL if the value of the - * remainder is not needed. - * \param A The dividend. This must point to an initialized MPi. - * \param b The divisor. - * - * \return \c 0 if successful. - * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed. - * \return #MBEDTLS_ERR_MPI_DIVISION_BY_ZERO if \p b equals zero. - * \return Another negative error code on different kinds of failure. - */ -int mbedtls_mpi_div_int( mbedtls_mpi *Q, mbedtls_mpi *R, const mbedtls_mpi *A, - mbedtls_mpi_sint b ); - -/** - * \brief Perform a modular reduction. R = A mod B - * - * \param R The destination MPI for the residue value. - * This must point to an initialized MPI. - * \param A The MPI to compute the residue of. - * This must point to an initialized MPI. - * \param B The base of the modular reduction. - * This must point to an initialized MPI. - * - * \return \c 0 if successful. - * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed. - * \return #MBEDTLS_ERR_MPI_DIVISION_BY_ZERO if \p B equals zero. - * \return #MBEDTLS_ERR_MPI_NEGATIVE_VALUE if \p B is negative. - * \return Another negative error code on different kinds of failure. - * - */ -int mbedtls_mpi_mod_mpi( mbedtls_mpi *R, const mbedtls_mpi *A, - const mbedtls_mpi *B ); - -/** - * \brief Perform a modular reduction with respect to an integer. - * r = A mod b - * - * \param r The address at which to store the residue. - * This must not be \c NULL. - * \param A The MPI to compute the residue of. - * This must point to an initialized MPi. - * \param b The integer base of the modular reduction. - * - * \return \c 0 if successful. - * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed. - * \return #MBEDTLS_ERR_MPI_DIVISION_BY_ZERO if \p b equals zero. - * \return #MBEDTLS_ERR_MPI_NEGATIVE_VALUE if \p b is negative. - * \return Another negative error code on different kinds of failure. - */ -int mbedtls_mpi_mod_int( mbedtls_mpi_uint *r, const mbedtls_mpi *A, - mbedtls_mpi_sint b ); - -/** - * \brief Perform a sliding-window exponentiation: X = A^E mod N - * - * \param X The destination MPI. This must point to an initialized MPI. - * \param A The base of the exponentiation. - * This must point to an initialized MPI. - * \param E The exponent MPI. This must point to an initialized MPI. - * \param N The base for the modular reduction. This must point to an - * initialized MPI. - * \param _RR A helper MPI depending solely on \p N which can be used to - * speed-up multiple modular exponentiations for the same value - * of \p N. This may be \c NULL. If it is not \c NULL, it must - * point to an initialized MPI. If it hasn't been used after - * the call to mbedtls_mpi_init(), this function will compute - * the helper value and store it in \p _RR for reuse on - * subsequent calls to this function. Otherwise, the function - * will assume that \p _RR holds the helper value set by a - * previous call to mbedtls_mpi_exp_mod(), and reuse it. - * - * \return \c 0 if successful. - * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed. - * \return #MBEDTLS_ERR_MPI_BAD_INPUT_DATA if \c N is negative or - * even, or if \c E is negative. - * \return Another negative error code on different kinds of failures. - * - */ -int mbedtls_mpi_exp_mod( mbedtls_mpi *X, const mbedtls_mpi *A, - const mbedtls_mpi *E, const mbedtls_mpi *N, - mbedtls_mpi *_RR ); - -/** - * \brief Fill an MPI with a number of random bytes. - * - * \param X The destination MPI. This must point to an initialized MPI. - * \param size The number of random bytes to generate. - * \param f_rng The RNG function to use. This must not be \c NULL. - * \param p_rng The RNG parameter to be passed to \p f_rng. This may be - * \c NULL if \p f_rng doesn't need a context argument. - * - * \return \c 0 if successful. - * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed. - * \return Another negative error code on failure. - * - * \note The bytes obtained from the RNG are interpreted - * as a big-endian representation of an MPI; this can - * be relevant in applications like deterministic ECDSA. - */ -int mbedtls_mpi_fill_random( mbedtls_mpi *X, size_t size, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng ); - -/** Generate a random number uniformly in a range. - * - * This function generates a random number between \p min inclusive and - * \p N exclusive. - * - * The procedure complies with RFC 6979 §3.3 (deterministic ECDSA) - * when the RNG is a suitably parametrized instance of HMAC_DRBG - * and \p min is \c 1. - * - * \note There are `N - min` possible outputs. The lower bound - * \p min can be reached, but the upper bound \p N cannot. - * - * \param X The destination MPI. This must point to an initialized MPI. - * \param min The minimum value to return. - * It must be nonnegative. - * \param N The upper bound of the range, exclusive. - * In other words, this is one plus the maximum value to return. - * \p N must be strictly larger than \p min. - * \param f_rng The RNG function to use. This must not be \c NULL. - * \param p_rng The RNG parameter to be passed to \p f_rng. - * - * \return \c 0 if successful. - * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed. - * \return #MBEDTLS_ERR_MPI_BAD_INPUT_DATA if \p min or \p N is invalid - * or if they are incompatible. - * \return #MBEDTLS_ERR_MPI_NOT_ACCEPTABLE if the implementation was - * unable to find a suitable value within a limited number - * of attempts. This has a negligible probability if \p N - * is significantly larger than \p min, which is the case - * for all usual cryptographic applications. - * \return Another negative error code on failure. - */ -int mbedtls_mpi_random( mbedtls_mpi *X, - mbedtls_mpi_sint min, - const mbedtls_mpi *N, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng ); - -/** - * \brief Compute the greatest common divisor: G = gcd(A, B) - * - * \param G The destination MPI. This must point to an initialized MPI. - * \param A The first operand. This must point to an initialized MPI. - * \param B The second operand. This must point to an initialized MPI. - * - * \return \c 0 if successful. - * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed. - * \return Another negative error code on different kinds of failure. - */ -int mbedtls_mpi_gcd( mbedtls_mpi *G, const mbedtls_mpi *A, - const mbedtls_mpi *B ); - -/** - * \brief Compute the modular inverse: X = A^-1 mod N - * - * \param X The destination MPI. This must point to an initialized MPI. - * \param A The MPI to calculate the modular inverse of. This must point - * to an initialized MPI. - * \param N The base of the modular inversion. This must point to an - * initialized MPI. - * - * \return \c 0 if successful. - * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed. - * \return #MBEDTLS_ERR_MPI_BAD_INPUT_DATA if \p N is less than - * or equal to one. - * \return #MBEDTLS_ERR_MPI_NOT_ACCEPTABLE if \p has no modular inverse - * with respect to \p N. - */ -int mbedtls_mpi_inv_mod( mbedtls_mpi *X, const mbedtls_mpi *A, - const mbedtls_mpi *N ); - -/** - * \brief Miller-Rabin primality test. - * - * \warning If \p X is potentially generated by an adversary, for example - * when validating cryptographic parameters that you didn't - * generate yourself and that are supposed to be prime, then - * \p rounds should be at least the half of the security - * strength of the cryptographic algorithm. On the other hand, - * if \p X is chosen uniformly or non-adversially (as is the - * case when mbedtls_mpi_gen_prime calls this function), then - * \p rounds can be much lower. - * - * \param X The MPI to check for primality. - * This must point to an initialized MPI. - * \param rounds The number of bases to perform the Miller-Rabin primality - * test for. The probability of returning 0 on a composite is - * at most 2-2*\p rounds. - * \param f_rng The RNG function to use. This must not be \c NULL. - * \param p_rng The RNG parameter to be passed to \p f_rng. - * This may be \c NULL if \p f_rng doesn't use - * a context parameter. - * - * \return \c 0 if successful, i.e. \p X is probably prime. - * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed. - * \return #MBEDTLS_ERR_MPI_NOT_ACCEPTABLE if \p X is not prime. - * \return Another negative error code on other kinds of failure. - */ -int mbedtls_mpi_is_prime_ext( const mbedtls_mpi *X, int rounds, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng ); -/** - * \brief Flags for mbedtls_mpi_gen_prime() - * - * Each of these flags is a constraint on the result X returned by - * mbedtls_mpi_gen_prime(). - */ -typedef enum { - MBEDTLS_MPI_GEN_PRIME_FLAG_DH = 0x0001, /**< (X-1)/2 is prime too */ - MBEDTLS_MPI_GEN_PRIME_FLAG_LOW_ERR = 0x0002, /**< lower error rate from 2-80 to 2-128 */ -} mbedtls_mpi_gen_prime_flag_t; - -/** - * \brief Generate a prime number. - * - * \param X The destination MPI to store the generated prime in. - * This must point to an initialized MPi. - * \param nbits The required size of the destination MPI in bits. - * This must be between \c 3 and #MBEDTLS_MPI_MAX_BITS. - * \param flags A mask of flags of type #mbedtls_mpi_gen_prime_flag_t. - * \param f_rng The RNG function to use. This must not be \c NULL. - * \param p_rng The RNG parameter to be passed to \p f_rng. - * This may be \c NULL if \p f_rng doesn't use - * a context parameter. - * - * \return \c 0 if successful, in which case \p X holds a - * probably prime number. - * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed. - * \return #MBEDTLS_ERR_MPI_BAD_INPUT_DATA if `nbits` is not between - * \c 3 and #MBEDTLS_MPI_MAX_BITS. - */ -int mbedtls_mpi_gen_prime( mbedtls_mpi *X, size_t nbits, int flags, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng ); - -#if defined(MBEDTLS_SELF_TEST) - -/** - * \brief Checkup routine - * - * \return 0 if successful, or 1 if the test failed - */ -int mbedtls_mpi_self_test( int verbose ); - -#endif /* MBEDTLS_SELF_TEST */ - -#ifdef __cplusplus -} -#endif - -#endif /* bignum.h */ diff --git a/windows/mbedtls/build_info.h b/windows/mbedtls/build_info.h deleted file mode 100644 index 23f85ba0..00000000 --- a/windows/mbedtls/build_info.h +++ /dev/null @@ -1,83 +0,0 @@ -/** - * \file build_info.h - * - * \brief Build-time configuration info - * - * Include this file if you need to depend on the - * configuration options defined in mbedtls_config.h or MBEDTLS_CONFIG_FILE - */ - /* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -#ifndef MBEDTLS_BUILD_INFO_H -#define MBEDTLS_BUILD_INFO_H - -/* - * This set of compile-time defines can be used to determine the version number - * of the Mbed TLS library used. Run-time variables for the same can be found in - * version.h - */ - -/** - * The version number x.y.z is split into three parts. - * Major, Minor, Patchlevel - */ -#define MBEDTLS_VERSION_MAJOR 3 -#define MBEDTLS_VERSION_MINOR 0 -#define MBEDTLS_VERSION_PATCH 0 - -/** - * The single version number has the following structure: - * MMNNPP00 - * Major version | Minor version | Patch version - */ -#define MBEDTLS_VERSION_NUMBER 0x03000000 -#define MBEDTLS_VERSION_STRING "3.0.0" -#define MBEDTLS_VERSION_STRING_FULL "mbed TLS 3.0.0" - -#if defined(_MSC_VER) && !defined(_CRT_SECURE_NO_DEPRECATE) -#define _CRT_SECURE_NO_DEPRECATE 1 -#endif - -#if !defined(MBEDTLS_CONFIG_FILE) -#include "mbedtls/mbedtls_config.h" -#else -#include MBEDTLS_CONFIG_FILE -#endif - -#if defined(MBEDTLS_CONFIG_VERSION) && ( \ - MBEDTLS_CONFIG_VERSION < 0x03000000 || \ - MBEDTLS_CONFIG_VERSION > MBEDTLS_VERSION_NUMBER ) -#error "Invalid config version, defined value of MBEDTLS_CONFIG_VERSION is unsupported" -#endif - -/* Target and application specific configurations - * - * Allow user to override any previous default. - * - */ -#if defined(MBEDTLS_USER_CONFIG_FILE) -#include MBEDTLS_USER_CONFIG_FILE -#endif - -#if defined(MBEDTLS_PSA_CRYPTO_CONFIG) -#include "mbedtls/config_psa.h" -#endif - -#include "mbedtls/check_config.h" - -#endif /* MBEDTLS_BUILD_INFO_H */ diff --git a/windows/mbedtls/camellia.h b/windows/mbedtls/camellia.h deleted file mode 100644 index 6a09da88..00000000 --- a/windows/mbedtls/camellia.h +++ /dev/null @@ -1,314 +0,0 @@ -/** - * \file camellia.h - * - * \brief Camellia block cipher - */ -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -#ifndef MBEDTLS_CAMELLIA_H -#define MBEDTLS_CAMELLIA_H -#include "mbedtls/private_access.h" - -#include "mbedtls/build_info.h" - -#include -#include - -#include "mbedtls/platform_util.h" - -#define MBEDTLS_CAMELLIA_ENCRYPT 1 -#define MBEDTLS_CAMELLIA_DECRYPT 0 - -#define MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA -0x0024 /**< Bad input data. */ - -#define MBEDTLS_ERR_CAMELLIA_INVALID_INPUT_LENGTH -0x0026 /**< Invalid data input length. */ - -#ifdef __cplusplus -extern "C" { -#endif - -#if !defined(MBEDTLS_CAMELLIA_ALT) -// Regular implementation -// - -/** - * \brief CAMELLIA context structure - */ -typedef struct mbedtls_camellia_context -{ - int MBEDTLS_PRIVATE(nr); /*!< number of rounds */ - uint32_t MBEDTLS_PRIVATE(rk)[68]; /*!< CAMELLIA round keys */ -} -mbedtls_camellia_context; - -#else /* MBEDTLS_CAMELLIA_ALT */ -#include "camellia_alt.h" -#endif /* MBEDTLS_CAMELLIA_ALT */ - -/** - * \brief Initialize a CAMELLIA context. - * - * \param ctx The CAMELLIA context to be initialized. - * This must not be \c NULL. - */ -void mbedtls_camellia_init( mbedtls_camellia_context *ctx ); - -/** - * \brief Clear a CAMELLIA context. - * - * \param ctx The CAMELLIA context to be cleared. This may be \c NULL, - * in which case this function returns immediately. If it is not - * \c NULL, it must be initialized. - */ -void mbedtls_camellia_free( mbedtls_camellia_context *ctx ); - -/** - * \brief Perform a CAMELLIA key schedule operation for encryption. - * - * \param ctx The CAMELLIA context to use. This must be initialized. - * \param key The encryption key to use. This must be a readable buffer - * of size \p keybits Bits. - * \param keybits The length of \p key in Bits. This must be either \c 128, - * \c 192 or \c 256. - * - * \return \c 0 if successful. - * \return A negative error code on failure. - */ -int mbedtls_camellia_setkey_enc( mbedtls_camellia_context *ctx, - const unsigned char *key, - unsigned int keybits ); - -/** - * \brief Perform a CAMELLIA key schedule operation for decryption. - * - * \param ctx The CAMELLIA context to use. This must be initialized. - * \param key The decryption key. This must be a readable buffer - * of size \p keybits Bits. - * \param keybits The length of \p key in Bits. This must be either \c 128, - * \c 192 or \c 256. - * - * \return \c 0 if successful. - * \return A negative error code on failure. - */ -int mbedtls_camellia_setkey_dec( mbedtls_camellia_context *ctx, - const unsigned char *key, - unsigned int keybits ); - -/** - * \brief Perform a CAMELLIA-ECB block encryption/decryption operation. - * - * \param ctx The CAMELLIA context to use. This must be initialized - * and bound to a key. - * \param mode The mode of operation. This must be either - * #MBEDTLS_CAMELLIA_ENCRYPT or #MBEDTLS_CAMELLIA_DECRYPT. - * \param input The input block. This must be a readable buffer - * of size \c 16 Bytes. - * \param output The output block. This must be a writable buffer - * of size \c 16 Bytes. - * - * \return \c 0 if successful. - * \return A negative error code on failure. - */ -int mbedtls_camellia_crypt_ecb( mbedtls_camellia_context *ctx, - int mode, - const unsigned char input[16], - unsigned char output[16] ); - -#if defined(MBEDTLS_CIPHER_MODE_CBC) -/** - * \brief Perform a CAMELLIA-CBC buffer encryption/decryption operation. - * - * \note Upon exit, the content of the IV is updated so that you can - * call the function same function again on the following - * block(s) of data and get the same result as if it was - * encrypted in one call. This allows a "streaming" usage. - * If on the other hand you need to retain the contents of the - * IV, you should either save it manually or use the cipher - * module instead. - * - * \param ctx The CAMELLIA context to use. This must be initialized - * and bound to a key. - * \param mode The mode of operation. This must be either - * #MBEDTLS_CAMELLIA_ENCRYPT or #MBEDTLS_CAMELLIA_DECRYPT. - * \param length The length in Bytes of the input data \p input. - * This must be a multiple of \c 16 Bytes. - * \param iv The initialization vector. This must be a read/write buffer - * of length \c 16 Bytes. It is updated to allow streaming - * use as explained above. - * \param input The buffer holding the input data. This must point to a - * readable buffer of length \p length Bytes. - * \param output The buffer holding the output data. This must point to a - * writable buffer of length \p length Bytes. - * - * \return \c 0 if successful. - * \return A negative error code on failure. - */ -int mbedtls_camellia_crypt_cbc( mbedtls_camellia_context *ctx, - int mode, - size_t length, - unsigned char iv[16], - const unsigned char *input, - unsigned char *output ); -#endif /* MBEDTLS_CIPHER_MODE_CBC */ - -#if defined(MBEDTLS_CIPHER_MODE_CFB) -/** - * \brief Perform a CAMELLIA-CFB128 buffer encryption/decryption - * operation. - * - * \note Due to the nature of CFB mode, you should use the same - * key for both encryption and decryption. In particular, calls - * to this function should be preceded by a key-schedule via - * mbedtls_camellia_setkey_enc() regardless of whether \p mode - * is #MBEDTLS_CAMELLIA_ENCRYPT or #MBEDTLS_CAMELLIA_DECRYPT. - * - * \note Upon exit, the content of the IV is updated so that you can - * call the function same function again on the following - * block(s) of data and get the same result as if it was - * encrypted in one call. This allows a "streaming" usage. - * If on the other hand you need to retain the contents of the - * IV, you should either save it manually or use the cipher - * module instead. - * - * \param ctx The CAMELLIA context to use. This must be initialized - * and bound to a key. - * \param mode The mode of operation. This must be either - * #MBEDTLS_CAMELLIA_ENCRYPT or #MBEDTLS_CAMELLIA_DECRYPT. - * \param length The length of the input data \p input. Any value is allowed. - * \param iv_off The current offset in the IV. This must be smaller - * than \c 16 Bytes. It is updated after this call to allow - * the aforementioned streaming usage. - * \param iv The initialization vector. This must be a read/write buffer - * of length \c 16 Bytes. It is updated after this call to - * allow the aforementioned streaming usage. - * \param input The buffer holding the input data. This must be a readable - * buffer of size \p length Bytes. - * \param output The buffer to hold the output data. This must be a writable - * buffer of length \p length Bytes. - * - * \return \c 0 if successful. - * \return A negative error code on failure. - */ -int mbedtls_camellia_crypt_cfb128( mbedtls_camellia_context *ctx, - int mode, - size_t length, - size_t *iv_off, - unsigned char iv[16], - const unsigned char *input, - unsigned char *output ); -#endif /* MBEDTLS_CIPHER_MODE_CFB */ - -#if defined(MBEDTLS_CIPHER_MODE_CTR) -/** - * \brief Perform a CAMELLIA-CTR buffer encryption/decryption operation. - * - * *note Due to the nature of CTR mode, you should use the same - * key for both encryption and decryption. In particular, calls - * to this function should be preceded by a key-schedule via - * mbedtls_camellia_setkey_enc() regardless of whether \p mode - * is #MBEDTLS_CAMELLIA_ENCRYPT or #MBEDTLS_CAMELLIA_DECRYPT. - * - * \warning You must never reuse a nonce value with the same key. Doing so - * would void the encryption for the two messages encrypted with - * the same nonce and key. - * - * There are two common strategies for managing nonces with CTR: - * - * 1. You can handle everything as a single message processed over - * successive calls to this function. In that case, you want to - * set \p nonce_counter and \p nc_off to 0 for the first call, and - * then preserve the values of \p nonce_counter, \p nc_off and \p - * stream_block across calls to this function as they will be - * updated by this function. - * - * With this strategy, you must not encrypt more than 2**128 - * blocks of data with the same key. - * - * 2. You can encrypt separate messages by dividing the \p - * nonce_counter buffer in two areas: the first one used for a - * per-message nonce, handled by yourself, and the second one - * updated by this function internally. - * - * For example, you might reserve the first \c 12 Bytes for the - * per-message nonce, and the last \c 4 Bytes for internal use. - * In that case, before calling this function on a new message you - * need to set the first \c 12 Bytes of \p nonce_counter to your - * chosen nonce value, the last four to \c 0, and \p nc_off to \c 0 - * (which will cause \p stream_block to be ignored). That way, you - * can encrypt at most \c 2**96 messages of up to \c 2**32 blocks - * each with the same key. - * - * The per-message nonce (or information sufficient to reconstruct - * it) needs to be communicated with the ciphertext and must be - * unique. The recommended way to ensure uniqueness is to use a - * message counter. An alternative is to generate random nonces, - * but this limits the number of messages that can be securely - * encrypted: for example, with 96-bit random nonces, you should - * not encrypt more than 2**32 messages with the same key. - * - * Note that for both stategies, sizes are measured in blocks and - * that a CAMELLIA block is \c 16 Bytes. - * - * \warning Upon return, \p stream_block contains sensitive data. Its - * content must not be written to insecure storage and should be - * securely discarded as soon as it's no longer needed. - * - * \param ctx The CAMELLIA context to use. This must be initialized - * and bound to a key. - * \param length The length of the input data \p input in Bytes. - * Any value is allowed. - * \param nc_off The offset in the current \p stream_block (for resuming - * within current cipher stream). The offset pointer to - * should be \c 0 at the start of a stream. It is updated - * at the end of this call. - * \param nonce_counter The 128-bit nonce and counter. This must be a read/write - * buffer of length \c 16 Bytes. - * \param stream_block The saved stream-block for resuming. This must be a - * read/write buffer of length \c 16 Bytes. - * \param input The input data stream. This must be a readable buffer of - * size \p length Bytes. - * \param output The output data stream. This must be a writable buffer - * of size \p length Bytes. - * - * \return \c 0 if successful. - * \return A negative error code on failure. - */ -int mbedtls_camellia_crypt_ctr( mbedtls_camellia_context *ctx, - size_t length, - size_t *nc_off, - unsigned char nonce_counter[16], - unsigned char stream_block[16], - const unsigned char *input, - unsigned char *output ); -#endif /* MBEDTLS_CIPHER_MODE_CTR */ - -#if defined(MBEDTLS_SELF_TEST) - -/** - * \brief Checkup routine - * - * \return 0 if successful, or 1 if the test failed - */ -int mbedtls_camellia_self_test( int verbose ); - -#endif /* MBEDTLS_SELF_TEST */ - -#ifdef __cplusplus -} -#endif - -#endif /* camellia.h */ diff --git a/windows/mbedtls/ccm.h b/windows/mbedtls/ccm.h deleted file mode 100644 index 6613cee7..00000000 --- a/windows/mbedtls/ccm.h +++ /dev/null @@ -1,508 +0,0 @@ -/** - * \file ccm.h - * - * \brief This file provides an API for the CCM authenticated encryption - * mode for block ciphers. - * - * CCM combines Counter mode encryption with CBC-MAC authentication - * for 128-bit block ciphers. - * - * Input to CCM includes the following elements: - *
  • Payload - data that is both authenticated and encrypted.
    • - *
  • Associated data (Adata) - data that is authenticated but not - * encrypted, For example, a header.
    • - *
  • Nonce - A unique value that is assigned to the payload and the - * associated data.
- * - * Definition of CCM: - * http://csrc.nist.gov/publications/nistpubs/800-38C/SP800-38C_updated-July20_2007.pdf - * RFC 3610 "Counter with CBC-MAC (CCM)" - * - * Related: - * RFC 5116 "An Interface and Algorithms for Authenticated Encryption" - * - * Definition of CCM*: - * IEEE 802.15.4 - IEEE Standard for Local and metropolitan area networks - * Integer representation is fixed most-significant-octet-first order and - * the representation of octets is most-significant-bit-first order. This is - * consistent with RFC 3610. - */ -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -#ifndef MBEDTLS_CCM_H -#define MBEDTLS_CCM_H -#include "mbedtls/private_access.h" - -#include "mbedtls/build_info.h" - -#include "mbedtls/cipher.h" - -#define MBEDTLS_CCM_DECRYPT 0 -#define MBEDTLS_CCM_ENCRYPT 1 -#define MBEDTLS_CCM_STAR_DECRYPT 2 -#define MBEDTLS_CCM_STAR_ENCRYPT 3 - -#define MBEDTLS_ERR_CCM_BAD_INPUT -0x000D /**< Bad input parameters to the function. */ -#define MBEDTLS_ERR_CCM_AUTH_FAILED -0x000F /**< Authenticated decryption failed. */ - -#ifdef __cplusplus -extern "C" { -#endif - -#if !defined(MBEDTLS_CCM_ALT) -// Regular implementation -// - -/** - * \brief The CCM context-type definition. The CCM context is passed - * to the APIs called. - */ -typedef struct mbedtls_ccm_context -{ - mbedtls_cipher_context_t MBEDTLS_PRIVATE(cipher_ctx); /*!< The cipher context used. */ -} -mbedtls_ccm_context; - -#else /* MBEDTLS_CCM_ALT */ -#include "ccm_alt.h" -#endif /* MBEDTLS_CCM_ALT */ - -/** - * \brief This function initializes the specified CCM context, - * to make references valid, and prepare the context - * for mbedtls_ccm_setkey() or mbedtls_ccm_free(). - * - * \param ctx The CCM context to initialize. This must not be \c NULL. - */ -void mbedtls_ccm_init( mbedtls_ccm_context *ctx ); - -/** - * \brief This function initializes the CCM context set in the - * \p ctx parameter and sets the encryption key. - * - * \param ctx The CCM context to initialize. This must be an initialized - * context. - * \param cipher The 128-bit block cipher to use. - * \param key The encryption key. This must not be \c NULL. - * \param keybits The key size in bits. This must be acceptable by the cipher. - * - * \return \c 0 on success. - * \return A CCM or cipher-specific error code on failure. - */ -int mbedtls_ccm_setkey( mbedtls_ccm_context *ctx, - mbedtls_cipher_id_t cipher, - const unsigned char *key, - unsigned int keybits ); - -/** - * \brief This function releases and clears the specified CCM context - * and underlying cipher sub-context. - * - * \param ctx The CCM context to clear. If this is \c NULL, the function - * has no effect. Otherwise, this must be initialized. - */ -void mbedtls_ccm_free( mbedtls_ccm_context *ctx ); - -/** - * \brief This function encrypts a buffer using CCM. - * - * \note The tag is written to a separate buffer. To concatenate - * the \p tag with the \p output, as done in RFC-3610: - * Counter with CBC-MAC (CCM), use - * \p tag = \p output + \p length, and make sure that the - * output buffer is at least \p length + \p tag_len wide. - * - * \param ctx The CCM context to use for encryption. This must be - * initialized and bound to a key. - * \param length The length of the input data in Bytes. - * \param iv The initialization vector (nonce). This must be a readable - * buffer of at least \p iv_len Bytes. - * \param iv_len The length of the nonce in Bytes: 7, 8, 9, 10, 11, 12, - * or 13. The length L of the message length field is - * 15 - \p iv_len. - * \param ad The additional data field. If \p ad_len is greater than - * zero, \p ad must be a readable buffer of at least that - * length. - * \param ad_len The length of additional data in Bytes. - * This must be less than `2^16 - 2^8`. - * \param input The buffer holding the input data. If \p length is greater - * than zero, \p input must be a readable buffer of at least - * that length. - * \param output The buffer holding the output data. If \p length is greater - * than zero, \p output must be a writable buffer of at least - * that length. - * \param tag The buffer holding the authentication field. This must be a - * writable buffer of at least \p tag_len Bytes. - * \param tag_len The length of the authentication field to generate in Bytes: - * 4, 6, 8, 10, 12, 14 or 16. - * - * \return \c 0 on success. - * \return A CCM or cipher-specific error code on failure. - */ -int mbedtls_ccm_encrypt_and_tag( mbedtls_ccm_context *ctx, size_t length, - const unsigned char *iv, size_t iv_len, - const unsigned char *ad, size_t ad_len, - const unsigned char *input, unsigned char *output, - unsigned char *tag, size_t tag_len ); - -/** - * \brief This function encrypts a buffer using CCM*. - * - * \note The tag is written to a separate buffer. To concatenate - * the \p tag with the \p output, as done in RFC-3610: - * Counter with CBC-MAC (CCM), use - * \p tag = \p output + \p length, and make sure that the - * output buffer is at least \p length + \p tag_len wide. - * - * \note When using this function in a variable tag length context, - * the tag length has to be encoded into the \p iv passed to - * this function. - * - * \param ctx The CCM context to use for encryption. This must be - * initialized and bound to a key. - * \param length The length of the input data in Bytes. - * \param iv The initialization vector (nonce). This must be a readable - * buffer of at least \p iv_len Bytes. - * \param iv_len The length of the nonce in Bytes: 7, 8, 9, 10, 11, 12, - * or 13. The length L of the message length field is - * 15 - \p iv_len. - * \param ad The additional data field. This must be a readable buffer of - * at least \p ad_len Bytes. - * \param ad_len The length of additional data in Bytes. - * This must be less than 2^16 - 2^8. - * \param input The buffer holding the input data. If \p length is greater - * than zero, \p input must be a readable buffer of at least - * that length. - * \param output The buffer holding the output data. If \p length is greater - * than zero, \p output must be a writable buffer of at least - * that length. - * \param tag The buffer holding the authentication field. This must be a - * writable buffer of at least \p tag_len Bytes. - * \param tag_len The length of the authentication field to generate in Bytes: - * 0, 4, 6, 8, 10, 12, 14 or 16. - * - * \warning Passing \c 0 as \p tag_len means that the message is no - * longer authenticated. - * - * \return \c 0 on success. - * \return A CCM or cipher-specific error code on failure. - */ -int mbedtls_ccm_star_encrypt_and_tag( mbedtls_ccm_context *ctx, size_t length, - const unsigned char *iv, size_t iv_len, - const unsigned char *ad, size_t ad_len, - const unsigned char *input, unsigned char *output, - unsigned char *tag, size_t tag_len ); - -/** - * \brief This function performs a CCM authenticated decryption of a - * buffer. - * - * \param ctx The CCM context to use for decryption. This must be - * initialized and bound to a key. - * \param length The length of the input data in Bytes. - * \param iv The initialization vector (nonce). This must be a readable - * buffer of at least \p iv_len Bytes. - * \param iv_len The length of the nonce in Bytes: 7, 8, 9, 10, 11, 12, - * or 13. The length L of the message length field is - * 15 - \p iv_len. - * \param ad The additional data field. This must be a readable buffer - * of at least that \p ad_len Bytes.. - * \param ad_len The length of additional data in Bytes. - * This must be less than 2^16 - 2^8. - * \param input The buffer holding the input data. If \p length is greater - * than zero, \p input must be a readable buffer of at least - * that length. - * \param output The buffer holding the output data. If \p length is greater - * than zero, \p output must be a writable buffer of at least - * that length. - * \param tag The buffer holding the authentication field. This must be a - * readable buffer of at least \p tag_len Bytes. - * \param tag_len The length of the authentication field to generate in Bytes: - * 4, 6, 8, 10, 12, 14 or 16. - * - * \return \c 0 on success. This indicates that the message is authentic. - * \return #MBEDTLS_ERR_CCM_AUTH_FAILED if the tag does not match. - * \return A cipher-specific error code on calculation failure. - */ -int mbedtls_ccm_auth_decrypt( mbedtls_ccm_context *ctx, size_t length, - const unsigned char *iv, size_t iv_len, - const unsigned char *ad, size_t ad_len, - const unsigned char *input, unsigned char *output, - const unsigned char *tag, size_t tag_len ); - -/** - * \brief This function performs a CCM* authenticated decryption of a - * buffer. - * - * \note When using this function in a variable tag length context, - * the tag length has to be decoded from \p iv and passed to - * this function as \p tag_len. (\p tag needs to be adjusted - * accordingly.) - * - * \param ctx The CCM context to use for decryption. This must be - * initialized and bound to a key. - * \param length The length of the input data in Bytes. - * \param iv The initialization vector (nonce). This must be a readable - * buffer of at least \p iv_len Bytes. - * \param iv_len The length of the nonce in Bytes: 7, 8, 9, 10, 11, 12, - * or 13. The length L of the message length field is - * 15 - \p iv_len. - * \param ad The additional data field. This must be a readable buffer of - * at least that \p ad_len Bytes. - * \param ad_len The length of additional data in Bytes. - * This must be less than 2^16 - 2^8. - * \param input The buffer holding the input data. If \p length is greater - * than zero, \p input must be a readable buffer of at least - * that length. - * \param output The buffer holding the output data. If \p length is greater - * than zero, \p output must be a writable buffer of at least - * that length. - * \param tag The buffer holding the authentication field. This must be a - * readable buffer of at least \p tag_len Bytes. - * \param tag_len The length of the authentication field in Bytes. - * 0, 4, 6, 8, 10, 12, 14 or 16. - * - * \warning Passing \c 0 as \p tag_len means that the message is nos - * longer authenticated. - * - * \return \c 0 on success. - * \return #MBEDTLS_ERR_CCM_AUTH_FAILED if the tag does not match. - * \return A cipher-specific error code on calculation failure. - */ -int mbedtls_ccm_star_auth_decrypt( mbedtls_ccm_context *ctx, size_t length, - const unsigned char *iv, size_t iv_len, - const unsigned char *ad, size_t ad_len, - const unsigned char *input, unsigned char *output, - const unsigned char *tag, size_t tag_len ); - -/** - * \brief This function starts a CCM encryption or decryption - * operation. - * - * This function and mbedtls_ccm_set_lengths() must be called - * before calling mbedtls_ccm_update_ad() or - * mbedtls_ccm_update(). This function can be called before - * or after mbedtls_ccm_set_lengths(). - * - * \note This function is not implemented in Mbed TLS yet. - * - * \param ctx The CCM context. This must be initialized. - * \param mode The operation to perform: #MBEDTLS_CCM_ENCRYPT or - * #MBEDTLS_CCM_DECRYPT or #MBEDTLS_CCM_STAR_ENCRYPT or - * #MBEDTLS_CCM_STAR_DECRYPT. - * \param iv The initialization vector. This must be a readable buffer - * of at least \p iv_len Bytes. - * \param iv_len The length of the nonce in Bytes: 7, 8, 9, 10, 11, 12, - * or 13. The length L of the message length field is - * 15 - \p iv_len. - * - * \return \c 0 on success. - * \return #MBEDTLS_ERR_CCM_BAD_INPUT on failure: - * \p ctx is in an invalid state, - * \p mode is invalid, - * \p iv_len is invalid (lower than \c 7 or greater than - * \c 13). - */ -int mbedtls_ccm_starts( mbedtls_ccm_context *ctx, - int mode, - const unsigned char *iv, - size_t iv_len ); - -/** - * \brief This function declares the lengths of the message - * and additional data for a CCM encryption or decryption - * operation. - * - * This function and mbedtls_ccm_starts() must be called - * before calling mbedtls_ccm_update_ad() or - * mbedtls_ccm_update(). This function can be called before - * or after mbedtls_ccm_starts(). - * - * \note This function is not implemented in Mbed TLS yet. - * - * \param ctx The CCM context. This must be initialized. - * \param total_ad_len The total length of additional data in bytes. - * This must be less than `2^16 - 2^8`. - * \param plaintext_len The length in bytes of the plaintext to encrypt or - * result of the decryption (thus not encompassing the - * additional data that are not encrypted). - * \param tag_len The length of the tag to generate in Bytes: - * 4, 6, 8, 10, 12, 14 or 16. - * For CCM*, zero is also valid. - * - * \return \c 0 on success. - * \return #MBEDTLS_ERR_CCM_BAD_INPUT on failure: - * \p ctx is in an invalid state, - * \p total_ad_len is greater than \c 0xFF00. - */ -int mbedtls_ccm_set_lengths( mbedtls_ccm_context *ctx, - size_t total_ad_len, - size_t plaintext_len, - size_t tag_len ); - -/** - * \brief This function feeds an input buffer as associated data - * (authenticated but not encrypted data) in a CCM - * encryption or decryption operation. - * - * You may call this function zero, one or more times - * to pass successive parts of the additional data. The - * lengths \p ad_len of the data parts should eventually add - * up exactly to the total length of additional data - * \c total_ad_len passed to mbedtls_ccm_set_lengths(). You - * may not call this function after calling - * mbedtls_ccm_update(). - * - * \note This function is not implemented in Mbed TLS yet. - * - * \param ctx The CCM context. This must have been started with - * mbedtls_ccm_starts(), the lengths of the message and - * additional data must have been declared with - * mbedtls_ccm_set_lengths() and this must not have yet - * received any input with mbedtls_ccm_update(). - * \param ad The buffer holding the additional data, or \c NULL - * if \p ad_len is \c 0. - * \param ad_len The length of the additional data. If \c 0, - * \p ad may be \c NULL. - * - * \return \c 0 on success. - * \return #MBEDTLS_ERR_CCM_BAD_INPUT on failure: - * \p ctx is in an invalid state, - * total input length too long. - */ -int mbedtls_ccm_update_ad( mbedtls_ccm_context *ctx, - const unsigned char *ad, - size_t ad_len ); - -/** - * \brief This function feeds an input buffer into an ongoing CCM - * encryption or decryption operation. - * - * You may call this function zero, one or more times - * to pass successive parts of the input: the plaintext to - * encrypt, or the ciphertext (not including the tag) to - * decrypt. After the last part of the input, call - * mbedtls_ccm_finish(). The lengths \p input_len of the - * data parts should eventually add up exactly to the - * plaintext length \c plaintext_len passed to - * mbedtls_ccm_set_lengths(). - * - * This function may produce output in one of the following - * ways: - * - Immediate output: the output length is always equal - * to the input length. - * - Buffered output: except for the last part of input data, - * the output consists of a whole number of 16-byte blocks. - * If the total input length so far (not including - * associated data) is 16 \* *B* + *A* with *A* < 16 then - * the total output length is 16 \* *B*. - * For the last part of input data, the output length is - * equal to the input length plus the number of bytes (*A*) - * buffered in the previous call to the function (if any). - * The function uses the plaintext length - * \c plaintext_len passed to mbedtls_ccm_set_lengths() - * to detect the last part of input data. - * - * In particular: - * - It is always correct to call this function with - * \p output_size >= \p input_len + 15. - * - If \p input_len is a multiple of 16 for all the calls - * to this function during an operation (not necessary for - * the last one) then it is correct to use \p output_size - * =\p input_len. - * - * \note This function is not implemented in Mbed TLS yet. - * - * \param ctx The CCM context. This must have been started with - * mbedtls_ccm_starts() and the lengths of the message and - * additional data must have been declared with - * mbedtls_ccm_set_lengths(). - * \param input The buffer holding the input data. If \p input_len - * is greater than zero, this must be a readable buffer - * of at least \p input_len bytes. - * \param input_len The length of the input data in bytes. - * \param output The buffer for the output data. If \p output_size - * is greater than zero, this must be a writable buffer of - * at least \p output_size bytes. - * \param output_size The size of the output buffer in bytes. - * See the function description regarding the output size. - * \param output_len On success, \p *output_len contains the actual - * length of the output written in \p output. - * On failure, the content of \p *output_len is - * unspecified. - * - * \return \c 0 on success. - * \return #MBEDTLS_ERR_CCM_BAD_INPUT on failure: - * \p ctx is in an invalid state, - * total input length too long, - * or \p output_size too small. - */ -int mbedtls_ccm_update( mbedtls_ccm_context *ctx, - const unsigned char *input, size_t input_len, - unsigned char *output, size_t output_size, - size_t *output_len ); - -/** - * \brief This function finishes the CCM operation and generates - * the authentication tag. - * - * It wraps up the CCM stream, and generates the - * tag. The tag can have a maximum length of 16 Bytes. - * - * \note This function is not implemented in Mbed TLS yet. - * - * \param ctx The CCM context. This must have been started with - * mbedtls_ccm_starts() and the lengths of the message and - * additional data must have been declared with - * mbedtls_ccm_set_lengths(). - * \param tag The buffer for holding the tag. If \p tag_len is greater - * than zero, this must be a writable buffer of at least \p - * tag_len Bytes. - * \param tag_len The length of the tag. Must match the tag length passed to - * mbedtls_ccm_set_lengths() function. - * - * \return \c 0 on success. - * \return #MBEDTLS_ERR_CCM_BAD_INPUT on failure: - * \p ctx is in an invalid state, - * invalid value of \p tag_len, - * the total amount of additional data passed to - * mbedtls_ccm_update_ad() was lower than the total length of - * additional data \c total_ad_len passed to - * mbedtls_ccm_set_lengths(), - * the total amount of input data passed to - * mbedtls_ccm_update() was lower than the plaintext length - * \c plaintext_len passed to mbedtls_ccm_set_lengths(). - */ -int mbedtls_ccm_finish( mbedtls_ccm_context *ctx, - unsigned char *tag, size_t tag_len ); - -#if defined(MBEDTLS_SELF_TEST) && defined(MBEDTLS_AES_C) -/** - * \brief The CCM checkup routine. - * - * \return \c 0 on success. - * \return \c 1 on failure. - */ -int mbedtls_ccm_self_test( int verbose ); -#endif /* MBEDTLS_SELF_TEST && MBEDTLS_AES_C */ - -#ifdef __cplusplus -} -#endif - -#endif /* MBEDTLS_CCM_H */ diff --git a/windows/mbedtls/chacha20.h b/windows/mbedtls/chacha20.h deleted file mode 100644 index 25e1a263..00000000 --- a/windows/mbedtls/chacha20.h +++ /dev/null @@ -1,214 +0,0 @@ -/** - * \file chacha20.h - * - * \brief This file contains ChaCha20 definitions and functions. - * - * ChaCha20 is a stream cipher that can encrypt and decrypt - * information. ChaCha was created by Daniel Bernstein as a variant of - * its Salsa cipher https://cr.yp.to/chacha/chacha-20080128.pdf - * ChaCha20 is the variant with 20 rounds, that was also standardized - * in RFC 7539. - * - * \author Daniel King - */ - -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -#ifndef MBEDTLS_CHACHA20_H -#define MBEDTLS_CHACHA20_H -#include "mbedtls/private_access.h" - -#include "mbedtls/build_info.h" - -#include -#include - -#define MBEDTLS_ERR_CHACHA20_BAD_INPUT_DATA -0x0051 /**< Invalid input parameter(s). */ - -#ifdef __cplusplus -extern "C" { -#endif - -#if !defined(MBEDTLS_CHACHA20_ALT) - -typedef struct mbedtls_chacha20_context -{ - uint32_t MBEDTLS_PRIVATE(state)[16]; /*! The state (before round operations). */ - uint8_t MBEDTLS_PRIVATE(keystream8)[64]; /*! Leftover keystream bytes. */ - size_t MBEDTLS_PRIVATE(keystream_bytes_used); /*! Number of keystream bytes already used. */ -} -mbedtls_chacha20_context; - -#else /* MBEDTLS_CHACHA20_ALT */ -#include "chacha20_alt.h" -#endif /* MBEDTLS_CHACHA20_ALT */ - -/** - * \brief This function initializes the specified ChaCha20 context. - * - * It must be the first API called before using - * the context. - * - * It is usually followed by calls to - * \c mbedtls_chacha20_setkey() and - * \c mbedtls_chacha20_starts(), then one or more calls to - * to \c mbedtls_chacha20_update(), and finally to - * \c mbedtls_chacha20_free(). - * - * \param ctx The ChaCha20 context to initialize. - * This must not be \c NULL. - */ -void mbedtls_chacha20_init( mbedtls_chacha20_context *ctx ); - -/** - * \brief This function releases and clears the specified - * ChaCha20 context. - * - * \param ctx The ChaCha20 context to clear. This may be \c NULL, - * in which case this function is a no-op. If it is not - * \c NULL, it must point to an initialized context. - * - */ -void mbedtls_chacha20_free( mbedtls_chacha20_context *ctx ); - -/** - * \brief This function sets the encryption/decryption key. - * - * \note After using this function, you must also call - * \c mbedtls_chacha20_starts() to set a nonce before you - * start encrypting/decrypting data with - * \c mbedtls_chacha_update(). - * - * \param ctx The ChaCha20 context to which the key should be bound. - * It must be initialized. - * \param key The encryption/decryption key. This must be \c 32 Bytes - * in length. - * - * \return \c 0 on success. - * \return #MBEDTLS_ERR_CHACHA20_BAD_INPUT_DATA if ctx or key is NULL. - */ -int mbedtls_chacha20_setkey( mbedtls_chacha20_context *ctx, - const unsigned char key[32] ); - -/** - * \brief This function sets the nonce and initial counter value. - * - * \note A ChaCha20 context can be re-used with the same key by - * calling this function to change the nonce. - * - * \warning You must never use the same nonce twice with the same key. - * This would void any confidentiality guarantees for the - * messages encrypted with the same nonce and key. - * - * \param ctx The ChaCha20 context to which the nonce should be bound. - * It must be initialized and bound to a key. - * \param nonce The nonce. This must be \c 12 Bytes in size. - * \param counter The initial counter value. This is usually \c 0. - * - * \return \c 0 on success. - * \return #MBEDTLS_ERR_CHACHA20_BAD_INPUT_DATA if ctx or nonce is - * NULL. - */ -int mbedtls_chacha20_starts( mbedtls_chacha20_context* ctx, - const unsigned char nonce[12], - uint32_t counter ); - -/** - * \brief This function encrypts or decrypts data. - * - * Since ChaCha20 is a stream cipher, the same operation is - * used for encrypting and decrypting data. - * - * \note The \p input and \p output pointers must either be equal or - * point to non-overlapping buffers. - * - * \note \c mbedtls_chacha20_setkey() and - * \c mbedtls_chacha20_starts() must be called at least once - * to setup the context before this function can be called. - * - * \note This function can be called multiple times in a row in - * order to encrypt of decrypt data piecewise with the same - * key and nonce. - * - * \param ctx The ChaCha20 context to use for encryption or decryption. - * It must be initialized and bound to a key and nonce. - * \param size The length of the input data in Bytes. - * \param input The buffer holding the input data. - * This pointer can be \c NULL if `size == 0`. - * \param output The buffer holding the output data. - * This must be able to hold \p size Bytes. - * This pointer can be \c NULL if `size == 0`. - * - * \return \c 0 on success. - * \return A negative error code on failure. - */ -int mbedtls_chacha20_update( mbedtls_chacha20_context *ctx, - size_t size, - const unsigned char *input, - unsigned char *output ); - -/** - * \brief This function encrypts or decrypts data with ChaCha20 and - * the given key and nonce. - * - * Since ChaCha20 is a stream cipher, the same operation is - * used for encrypting and decrypting data. - * - * \warning You must never use the same (key, nonce) pair more than - * once. This would void any confidentiality guarantees for - * the messages encrypted with the same nonce and key. - * - * \note The \p input and \p output pointers must either be equal or - * point to non-overlapping buffers. - * - * \param key The encryption/decryption key. - * This must be \c 32 Bytes in length. - * \param nonce The nonce. This must be \c 12 Bytes in size. - * \param counter The initial counter value. This is usually \c 0. - * \param size The length of the input data in Bytes. - * \param input The buffer holding the input data. - * This pointer can be \c NULL if `size == 0`. - * \param output The buffer holding the output data. - * This must be able to hold \p size Bytes. - * This pointer can be \c NULL if `size == 0`. - * - * \return \c 0 on success. - * \return A negative error code on failure. - */ -int mbedtls_chacha20_crypt( const unsigned char key[32], - const unsigned char nonce[12], - uint32_t counter, - size_t size, - const unsigned char* input, - unsigned char* output ); - -#if defined(MBEDTLS_SELF_TEST) -/** - * \brief The ChaCha20 checkup routine. - * - * \return \c 0 on success. - * \return \c 1 on failure. - */ -int mbedtls_chacha20_self_test( int verbose ); -#endif /* MBEDTLS_SELF_TEST */ - -#ifdef __cplusplus -} -#endif - -#endif /* MBEDTLS_CHACHA20_H */ diff --git a/windows/mbedtls/chachapoly.h b/windows/mbedtls/chachapoly.h deleted file mode 100644 index 3f6e4a33..00000000 --- a/windows/mbedtls/chachapoly.h +++ /dev/null @@ -1,354 +0,0 @@ -/** - * \file chachapoly.h - * - * \brief This file contains the AEAD-ChaCha20-Poly1305 definitions and - * functions. - * - * ChaCha20-Poly1305 is an algorithm for Authenticated Encryption - * with Associated Data (AEAD) that can be used to encrypt and - * authenticate data. It is based on ChaCha20 and Poly1305 by Daniel - * Bernstein and was standardized in RFC 7539. - * - * \author Daniel King - */ - -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -#ifndef MBEDTLS_CHACHAPOLY_H -#define MBEDTLS_CHACHAPOLY_H -#include "mbedtls/private_access.h" - -#include "mbedtls/build_info.h" - -/* for shared error codes */ -#include "mbedtls/poly1305.h" - -#define MBEDTLS_ERR_CHACHAPOLY_BAD_STATE -0x0054 /**< The requested operation is not permitted in the current state. */ -#define MBEDTLS_ERR_CHACHAPOLY_AUTH_FAILED -0x0056 /**< Authenticated decryption failed: data was not authentic. */ - -#ifdef __cplusplus -extern "C" { -#endif - -typedef enum -{ - MBEDTLS_CHACHAPOLY_ENCRYPT, /**< The mode value for performing encryption. */ - MBEDTLS_CHACHAPOLY_DECRYPT /**< The mode value for performing decryption. */ -} -mbedtls_chachapoly_mode_t; - -#if !defined(MBEDTLS_CHACHAPOLY_ALT) - -#include "mbedtls/chacha20.h" - -typedef struct mbedtls_chachapoly_context -{ - mbedtls_chacha20_context MBEDTLS_PRIVATE(chacha20_ctx); /**< The ChaCha20 context. */ - mbedtls_poly1305_context MBEDTLS_PRIVATE(poly1305_ctx); /**< The Poly1305 context. */ - uint64_t MBEDTLS_PRIVATE(aad_len); /**< The length (bytes) of the Additional Authenticated Data. */ - uint64_t MBEDTLS_PRIVATE(ciphertext_len); /**< The length (bytes) of the ciphertext. */ - int MBEDTLS_PRIVATE(state); /**< The current state of the context. */ - mbedtls_chachapoly_mode_t MBEDTLS_PRIVATE(mode); /**< Cipher mode (encrypt or decrypt). */ -} -mbedtls_chachapoly_context; - -#else /* !MBEDTLS_CHACHAPOLY_ALT */ -#include "chachapoly_alt.h" -#endif /* !MBEDTLS_CHACHAPOLY_ALT */ - -/** - * \brief This function initializes the specified ChaCha20-Poly1305 context. - * - * It must be the first API called before using - * the context. It must be followed by a call to - * \c mbedtls_chachapoly_setkey() before any operation can be - * done, and to \c mbedtls_chachapoly_free() once all - * operations with that context have been finished. - * - * In order to encrypt or decrypt full messages at once, for - * each message you should make a single call to - * \c mbedtls_chachapoly_crypt_and_tag() or - * \c mbedtls_chachapoly_auth_decrypt(). - * - * In order to encrypt messages piecewise, for each - * message you should make a call to - * \c mbedtls_chachapoly_starts(), then 0 or more calls to - * \c mbedtls_chachapoly_update_aad(), then 0 or more calls to - * \c mbedtls_chachapoly_update(), then one call to - * \c mbedtls_chachapoly_finish(). - * - * \warning Decryption with the piecewise API is discouraged! Always - * use \c mbedtls_chachapoly_auth_decrypt() when possible! - * - * If however this is not possible because the data is too - * large to fit in memory, you need to: - * - * - call \c mbedtls_chachapoly_starts() and (if needed) - * \c mbedtls_chachapoly_update_aad() as above, - * - call \c mbedtls_chachapoly_update() multiple times and - * ensure its output (the plaintext) is NOT used in any other - * way than placing it in temporary storage at this point, - * - call \c mbedtls_chachapoly_finish() to compute the - * authentication tag and compared it in constant time to the - * tag received with the ciphertext. - * - * If the tags are not equal, you must immediately discard - * all previous outputs of \c mbedtls_chachapoly_update(), - * otherwise you can now safely use the plaintext. - * - * \param ctx The ChachaPoly context to initialize. Must not be \c NULL. - */ -void mbedtls_chachapoly_init( mbedtls_chachapoly_context *ctx ); - -/** - * \brief This function releases and clears the specified - * ChaCha20-Poly1305 context. - * - * \param ctx The ChachaPoly context to clear. This may be \c NULL, in which - * case this function is a no-op. - */ -void mbedtls_chachapoly_free( mbedtls_chachapoly_context *ctx ); - -/** - * \brief This function sets the ChaCha20-Poly1305 - * symmetric encryption key. - * - * \param ctx The ChaCha20-Poly1305 context to which the key should be - * bound. This must be initialized. - * \param key The \c 256 Bit (\c 32 Bytes) key. - * - * \return \c 0 on success. - * \return A negative error code on failure. - */ -int mbedtls_chachapoly_setkey( mbedtls_chachapoly_context *ctx, - const unsigned char key[32] ); - -/** - * \brief This function starts a ChaCha20-Poly1305 encryption or - * decryption operation. - * - * \warning You must never use the same nonce twice with the same key. - * This would void any confidentiality and authenticity - * guarantees for the messages encrypted with the same nonce - * and key. - * - * \note If the context is being used for AAD only (no data to - * encrypt or decrypt) then \p mode can be set to any value. - * - * \warning Decryption with the piecewise API is discouraged, see the - * warning on \c mbedtls_chachapoly_init(). - * - * \param ctx The ChaCha20-Poly1305 context. This must be initialized - * and bound to a key. - * \param nonce The nonce/IV to use for the message. - * This must be a redable buffer of length \c 12 Bytes. - * \param mode The operation to perform: #MBEDTLS_CHACHAPOLY_ENCRYPT or - * #MBEDTLS_CHACHAPOLY_DECRYPT (discouraged, see warning). - * - * \return \c 0 on success. - * \return A negative error code on failure. - */ -int mbedtls_chachapoly_starts( mbedtls_chachapoly_context *ctx, - const unsigned char nonce[12], - mbedtls_chachapoly_mode_t mode ); - -/** - * \brief This function feeds additional data to be authenticated - * into an ongoing ChaCha20-Poly1305 operation. - * - * The Additional Authenticated Data (AAD), also called - * Associated Data (AD) is only authenticated but not - * encrypted nor included in the encrypted output. It is - * usually transmitted separately from the ciphertext or - * computed locally by each party. - * - * \note This function is called before data is encrypted/decrypted. - * I.e. call this function to process the AAD before calling - * \c mbedtls_chachapoly_update(). - * - * You may call this function multiple times to process - * an arbitrary amount of AAD. It is permitted to call - * this function 0 times, if no AAD is used. - * - * This function cannot be called any more if data has - * been processed by \c mbedtls_chachapoly_update(), - * or if the context has been finished. - * - * \warning Decryption with the piecewise API is discouraged, see the - * warning on \c mbedtls_chachapoly_init(). - * - * \param ctx The ChaCha20-Poly1305 context. This must be initialized - * and bound to a key. - * \param aad_len The length in Bytes of the AAD. The length has no - * restrictions. - * \param aad Buffer containing the AAD. - * This pointer can be \c NULL if `aad_len == 0`. - * - * \return \c 0 on success. - * \return #MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA - * if \p ctx or \p aad are NULL. - * \return #MBEDTLS_ERR_CHACHAPOLY_BAD_STATE - * if the operations has not been started or has been - * finished, or if the AAD has been finished. - */ -int mbedtls_chachapoly_update_aad( mbedtls_chachapoly_context *ctx, - const unsigned char *aad, - size_t aad_len ); - -/** - * \brief Thus function feeds data to be encrypted or decrypted - * into an on-going ChaCha20-Poly1305 - * operation. - * - * The direction (encryption or decryption) depends on the - * mode that was given when calling - * \c mbedtls_chachapoly_starts(). - * - * You may call this function multiple times to process - * an arbitrary amount of data. It is permitted to call - * this function 0 times, if no data is to be encrypted - * or decrypted. - * - * \warning Decryption with the piecewise API is discouraged, see the - * warning on \c mbedtls_chachapoly_init(). - * - * \param ctx The ChaCha20-Poly1305 context to use. This must be initialized. - * \param len The length (in bytes) of the data to encrypt or decrypt. - * \param input The buffer containing the data to encrypt or decrypt. - * This pointer can be \c NULL if `len == 0`. - * \param output The buffer to where the encrypted or decrypted data is - * written. This must be able to hold \p len bytes. - * This pointer can be \c NULL if `len == 0`. - * - * \return \c 0 on success. - * \return #MBEDTLS_ERR_CHACHAPOLY_BAD_STATE - * if the operation has not been started or has been - * finished. - * \return Another negative error code on other kinds of failure. - */ -int mbedtls_chachapoly_update( mbedtls_chachapoly_context *ctx, - size_t len, - const unsigned char *input, - unsigned char *output ); - -/** - * \brief This function finished the ChaCha20-Poly1305 operation and - * generates the MAC (authentication tag). - * - * \param ctx The ChaCha20-Poly1305 context to use. This must be initialized. - * \param mac The buffer to where the 128-bit (16 bytes) MAC is written. - * - * \warning Decryption with the piecewise API is discouraged, see the - * warning on \c mbedtls_chachapoly_init(). - * - * \return \c 0 on success. - * \return #MBEDTLS_ERR_CHACHAPOLY_BAD_STATE - * if the operation has not been started or has been - * finished. - * \return Another negative error code on other kinds of failure. - */ -int mbedtls_chachapoly_finish( mbedtls_chachapoly_context *ctx, - unsigned char mac[16] ); - -/** - * \brief This function performs a complete ChaCha20-Poly1305 - * authenticated encryption with the previously-set key. - * - * \note Before using this function, you must set the key with - * \c mbedtls_chachapoly_setkey(). - * - * \warning You must never use the same nonce twice with the same key. - * This would void any confidentiality and authenticity - * guarantees for the messages encrypted with the same nonce - * and key. - * - * \param ctx The ChaCha20-Poly1305 context to use (holds the key). - * This must be initialized. - * \param length The length (in bytes) of the data to encrypt or decrypt. - * \param nonce The 96-bit (12 bytes) nonce/IV to use. - * \param aad The buffer containing the additional authenticated - * data (AAD). This pointer can be \c NULL if `aad_len == 0`. - * \param aad_len The length (in bytes) of the AAD data to process. - * \param input The buffer containing the data to encrypt or decrypt. - * This pointer can be \c NULL if `ilen == 0`. - * \param output The buffer to where the encrypted or decrypted data - * is written. This pointer can be \c NULL if `ilen == 0`. - * \param tag The buffer to where the computed 128-bit (16 bytes) MAC - * is written. This must not be \c NULL. - * - * \return \c 0 on success. - * \return A negative error code on failure. - */ -int mbedtls_chachapoly_encrypt_and_tag( mbedtls_chachapoly_context *ctx, - size_t length, - const unsigned char nonce[12], - const unsigned char *aad, - size_t aad_len, - const unsigned char *input, - unsigned char *output, - unsigned char tag[16] ); - -/** - * \brief This function performs a complete ChaCha20-Poly1305 - * authenticated decryption with the previously-set key. - * - * \note Before using this function, you must set the key with - * \c mbedtls_chachapoly_setkey(). - * - * \param ctx The ChaCha20-Poly1305 context to use (holds the key). - * \param length The length (in Bytes) of the data to decrypt. - * \param nonce The \c 96 Bit (\c 12 bytes) nonce/IV to use. - * \param aad The buffer containing the additional authenticated data (AAD). - * This pointer can be \c NULL if `aad_len == 0`. - * \param aad_len The length (in bytes) of the AAD data to process. - * \param tag The buffer holding the authentication tag. - * This must be a readable buffer of length \c 16 Bytes. - * \param input The buffer containing the data to decrypt. - * This pointer can be \c NULL if `ilen == 0`. - * \param output The buffer to where the decrypted data is written. - * This pointer can be \c NULL if `ilen == 0`. - * - * \return \c 0 on success. - * \return #MBEDTLS_ERR_CHACHAPOLY_AUTH_FAILED - * if the data was not authentic. - * \return Another negative error code on other kinds of failure. - */ -int mbedtls_chachapoly_auth_decrypt( mbedtls_chachapoly_context *ctx, - size_t length, - const unsigned char nonce[12], - const unsigned char *aad, - size_t aad_len, - const unsigned char tag[16], - const unsigned char *input, - unsigned char *output ); - -#if defined(MBEDTLS_SELF_TEST) -/** - * \brief The ChaCha20-Poly1305 checkup routine. - * - * \return \c 0 on success. - * \return \c 1 on failure. - */ -int mbedtls_chachapoly_self_test( int verbose ); -#endif /* MBEDTLS_SELF_TEST */ - -#ifdef __cplusplus -} -#endif - -#endif /* MBEDTLS_CHACHAPOLY_H */ diff --git a/windows/mbedtls/check_config.h b/windows/mbedtls/check_config.h deleted file mode 100644 index e38892d8..00000000 --- a/windows/mbedtls/check_config.h +++ /dev/null @@ -1,838 +0,0 @@ -/** - * \file check_config.h - * - * \brief Consistency checks for configuration options - */ -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -#ifndef MBEDTLS_CHECK_CONFIG_H -#define MBEDTLS_CHECK_CONFIG_H - -/* - * We assume CHAR_BIT is 8 in many places. In practice, this is true on our - * target platforms, so not an issue, but let's just be extra sure. - */ -#include -#if CHAR_BIT != 8 -#error "mbed TLS requires a platform with 8-bit chars" -#endif - -#if defined(_WIN32) -#if !defined(MBEDTLS_PLATFORM_C) -#error "MBEDTLS_PLATFORM_C is required on Windows" -#endif - -/* Fix the config here. Not convenient to put an #ifdef _WIN32 in mbedtls_config.h as - * it would confuse config.py. */ -#if !defined(MBEDTLS_PLATFORM_SNPRINTF_ALT) && \ - !defined(MBEDTLS_PLATFORM_SNPRINTF_MACRO) -#define MBEDTLS_PLATFORM_SNPRINTF_ALT -#endif - -#if !defined(MBEDTLS_PLATFORM_VSNPRINTF_ALT) && \ - !defined(MBEDTLS_PLATFORM_VSNPRINTF_MACRO) -#define MBEDTLS_PLATFORM_VSNPRINTF_ALT -#endif -#endif /* _WIN32 */ - -#if defined(TARGET_LIKE_MBED) && defined(MBEDTLS_NET_C) -#error "The NET module is not available for mbed OS - please use the network functions provided by Mbed OS" -#endif - -#if defined(MBEDTLS_DEPRECATED_WARNING) && \ - !defined(__GNUC__) && !defined(__clang__) -#error "MBEDTLS_DEPRECATED_WARNING only works with GCC and Clang" -#endif - -#if defined(MBEDTLS_HAVE_TIME_DATE) && !defined(MBEDTLS_HAVE_TIME) -#error "MBEDTLS_HAVE_TIME_DATE without MBEDTLS_HAVE_TIME does not make sense" -#endif - -#if defined(MBEDTLS_AESNI_C) && !defined(MBEDTLS_HAVE_ASM) -#error "MBEDTLS_AESNI_C defined, but not all prerequisites" -#endif - -#if defined(MBEDTLS_CTR_DRBG_C) && !defined(MBEDTLS_AES_C) -#error "MBEDTLS_CTR_DRBG_C defined, but not all prerequisites" -#endif - -#if defined(MBEDTLS_DHM_C) && !defined(MBEDTLS_BIGNUM_C) -#error "MBEDTLS_DHM_C defined, but not all prerequisites" -#endif - -#if defined(MBEDTLS_CMAC_C) && \ - !defined(MBEDTLS_AES_C) && !defined(MBEDTLS_DES_C) -#error "MBEDTLS_CMAC_C defined, but not all prerequisites" -#endif - -#if defined(MBEDTLS_NIST_KW_C) && \ - ( !defined(MBEDTLS_AES_C) || !defined(MBEDTLS_CIPHER_C) ) -#error "MBEDTLS_NIST_KW_C defined, but not all prerequisites" -#endif - -#if defined(MBEDTLS_ECDH_C) && !defined(MBEDTLS_ECP_C) -#error "MBEDTLS_ECDH_C defined, but not all prerequisites" -#endif - -#if defined(MBEDTLS_ECDSA_C) && \ - ( !defined(MBEDTLS_ECP_C) || \ - !( defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED) || \ - defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED) || \ - defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED) || \ - defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED) || \ - defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED) || \ - defined(MBEDTLS_ECP_DP_SECP192K1_ENABLED) || \ - defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED) || \ - defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED) || \ - defined(MBEDTLS_ECP_DP_BP256R1_ENABLED) || \ - defined(MBEDTLS_ECP_DP_BP384R1_ENABLED) || \ - defined(MBEDTLS_ECP_DP_BP512R1_ENABLED) ) || \ - !defined(MBEDTLS_ASN1_PARSE_C) || \ - !defined(MBEDTLS_ASN1_WRITE_C) ) -#error "MBEDTLS_ECDSA_C defined, but not all prerequisites" -#endif - -#if defined(MBEDTLS_ECJPAKE_C) && \ - ( !defined(MBEDTLS_ECP_C) || !defined(MBEDTLS_MD_C) ) -#error "MBEDTLS_ECJPAKE_C defined, but not all prerequisites" -#endif - -#if defined(MBEDTLS_ECP_RESTARTABLE) && \ - ( defined(MBEDTLS_USE_PSA_CRYPTO) || \ - defined(MBEDTLS_ECDH_COMPUTE_SHARED_ALT) || \ - defined(MBEDTLS_ECDH_GEN_PUBLIC_ALT) || \ - defined(MBEDTLS_ECDSA_SIGN_ALT) || \ - defined(MBEDTLS_ECDSA_VERIFY_ALT) || \ - defined(MBEDTLS_ECDSA_GENKEY_ALT) || \ - defined(MBEDTLS_ECP_INTERNAL_ALT) || \ - defined(MBEDTLS_ECP_ALT) ) -#error "MBEDTLS_ECP_RESTARTABLE defined, but it cannot coexist with an alternative or PSA-based ECP implementation" -#endif - -#if defined(MBEDTLS_ECDSA_DETERMINISTIC) && !defined(MBEDTLS_HMAC_DRBG_C) -#error "MBEDTLS_ECDSA_DETERMINISTIC defined, but not all prerequisites" -#endif - -#if defined(MBEDTLS_ECP_C) && ( !defined(MBEDTLS_BIGNUM_C) || ( \ - !defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED) && \ - !defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED) && \ - !defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED) && \ - !defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED) && \ - !defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED) && \ - !defined(MBEDTLS_ECP_DP_BP256R1_ENABLED) && \ - !defined(MBEDTLS_ECP_DP_BP384R1_ENABLED) && \ - !defined(MBEDTLS_ECP_DP_BP512R1_ENABLED) && \ - !defined(MBEDTLS_ECP_DP_SECP192K1_ENABLED) && \ - !defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED) && \ - !defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED) && \ - !defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED) && \ - !defined(MBEDTLS_ECP_DP_CURVE448_ENABLED) ) ) -#error "MBEDTLS_ECP_C defined, but not all prerequisites" -#endif - -#if defined(MBEDTLS_PK_PARSE_C) && !defined(MBEDTLS_ASN1_PARSE_C) -#error "MBEDTLS_PK_PARSE_C defined, but not all prerequesites" -#endif - -#if defined(MBEDTLS_ENTROPY_C) && (!defined(MBEDTLS_SHA512_C) && \ - !defined(MBEDTLS_SHA256_C)) -#error "MBEDTLS_ENTROPY_C defined, but not all prerequisites" -#endif -#if defined(MBEDTLS_ENTROPY_C) && defined(MBEDTLS_SHA512_C) && \ - defined(MBEDTLS_CTR_DRBG_ENTROPY_LEN) && (MBEDTLS_CTR_DRBG_ENTROPY_LEN > 64) -#error "MBEDTLS_CTR_DRBG_ENTROPY_LEN value too high" -#endif -#if defined(MBEDTLS_ENTROPY_C) && \ - ( !defined(MBEDTLS_SHA512_C) || defined(MBEDTLS_ENTROPY_FORCE_SHA256) ) \ - && defined(MBEDTLS_CTR_DRBG_ENTROPY_LEN) && (MBEDTLS_CTR_DRBG_ENTROPY_LEN > 32) -#error "MBEDTLS_CTR_DRBG_ENTROPY_LEN value too high" -#endif -#if defined(MBEDTLS_ENTROPY_C) && \ - defined(MBEDTLS_ENTROPY_FORCE_SHA256) && !defined(MBEDTLS_SHA256_C) -#error "MBEDTLS_ENTROPY_FORCE_SHA256 defined, but not all prerequisites" -#endif - -#if defined(__has_feature) -#if __has_feature(memory_sanitizer) -#define MBEDTLS_HAS_MEMSAN -#endif -#endif -#if defined(MBEDTLS_TEST_CONSTANT_FLOW_MEMSAN) && !defined(MBEDTLS_HAS_MEMSAN) -#error "MBEDTLS_TEST_CONSTANT_FLOW_MEMSAN requires building with MemorySanitizer" -#endif -#undef MBEDTLS_HAS_MEMSAN - -#if defined(MBEDTLS_GCM_C) && ( \ - !defined(MBEDTLS_AES_C) && !defined(MBEDTLS_CAMELLIA_C) && !defined(MBEDTLS_ARIA_C) ) -#error "MBEDTLS_GCM_C defined, but not all prerequisites" -#endif - -#if defined(MBEDTLS_ECP_RANDOMIZE_JAC_ALT) && !defined(MBEDTLS_ECP_INTERNAL_ALT) -#error "MBEDTLS_ECP_RANDOMIZE_JAC_ALT defined, but not all prerequisites" -#endif - -#if defined(MBEDTLS_ECP_ADD_MIXED_ALT) && !defined(MBEDTLS_ECP_INTERNAL_ALT) -#error "MBEDTLS_ECP_ADD_MIXED_ALT defined, but not all prerequisites" -#endif - -#if defined(MBEDTLS_ECP_DOUBLE_JAC_ALT) && !defined(MBEDTLS_ECP_INTERNAL_ALT) -#error "MBEDTLS_ECP_DOUBLE_JAC_ALT defined, but not all prerequisites" -#endif - -#if defined(MBEDTLS_ECP_NORMALIZE_JAC_MANY_ALT) && !defined(MBEDTLS_ECP_INTERNAL_ALT) -#error "MBEDTLS_ECP_NORMALIZE_JAC_MANY_ALT defined, but not all prerequisites" -#endif - -#if defined(MBEDTLS_ECP_NORMALIZE_JAC_ALT) && !defined(MBEDTLS_ECP_INTERNAL_ALT) -#error "MBEDTLS_ECP_NORMALIZE_JAC_ALT defined, but not all prerequisites" -#endif - -#if defined(MBEDTLS_ECP_DOUBLE_ADD_MXZ_ALT) && !defined(MBEDTLS_ECP_INTERNAL_ALT) -#error "MBEDTLS_ECP_DOUBLE_ADD_MXZ_ALT defined, but not all prerequisites" -#endif - -#if defined(MBEDTLS_ECP_RANDOMIZE_MXZ_ALT) && !defined(MBEDTLS_ECP_INTERNAL_ALT) -#error "MBEDTLS_ECP_RANDOMIZE_MXZ_ALT defined, but not all prerequisites" -#endif - -#if defined(MBEDTLS_ECP_NORMALIZE_MXZ_ALT) && !defined(MBEDTLS_ECP_INTERNAL_ALT) -#error "MBEDTLS_ECP_NORMALIZE_MXZ_ALT defined, but not all prerequisites" -#endif - -#if defined(MBEDTLS_ECP_NO_FALLBACK) && !defined(MBEDTLS_ECP_INTERNAL_ALT) -#error "MBEDTLS_ECP_NO_FALLBACK defined, but no alternative implementation enabled" -#endif - -#if defined(MBEDTLS_HKDF_C) && !defined(MBEDTLS_MD_C) -#error "MBEDTLS_HKDF_C defined, but not all prerequisites" -#endif - -#if defined(MBEDTLS_HMAC_DRBG_C) && !defined(MBEDTLS_MD_C) -#error "MBEDTLS_HMAC_DRBG_C defined, but not all prerequisites" -#endif - -#if defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED) && \ - ( !defined(MBEDTLS_ECDH_C) || !defined(MBEDTLS_ECDSA_C) || \ - !defined(MBEDTLS_X509_CRT_PARSE_C) ) -#error "MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED defined, but not all prerequisites" -#endif - -#if defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) && \ - ( !defined(MBEDTLS_ECDH_C) || !defined(MBEDTLS_RSA_C) || \ - !defined(MBEDTLS_X509_CRT_PARSE_C) ) -#error "MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED defined, but not all prerequisites" -#endif - -#if defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED) && !defined(MBEDTLS_DHM_C) -#error "MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED defined, but not all prerequisites" -#endif - -#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED) && \ - !defined(MBEDTLS_ECDH_C) -#error "MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED defined, but not all prerequisites" -#endif - -#if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) && \ - ( !defined(MBEDTLS_DHM_C) || !defined(MBEDTLS_RSA_C) || \ - !defined(MBEDTLS_X509_CRT_PARSE_C) || !defined(MBEDTLS_PKCS1_V15) ) -#error "MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED defined, but not all prerequisites" -#endif - -#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) && \ - ( !defined(MBEDTLS_ECDH_C) || !defined(MBEDTLS_RSA_C) || \ - !defined(MBEDTLS_X509_CRT_PARSE_C) || !defined(MBEDTLS_PKCS1_V15) ) -#error "MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED defined, but not all prerequisites" -#endif - -#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) && \ - ( !defined(MBEDTLS_ECDH_C) || !defined(MBEDTLS_ECDSA_C) || \ - !defined(MBEDTLS_X509_CRT_PARSE_C) ) -#error "MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED defined, but not all prerequisites" -#endif - -#if defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED) && \ - ( !defined(MBEDTLS_RSA_C) || !defined(MBEDTLS_X509_CRT_PARSE_C) || \ - !defined(MBEDTLS_PKCS1_V15) ) -#error "MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED defined, but not all prerequisites" -#endif - -#if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED) && \ - ( !defined(MBEDTLS_RSA_C) || !defined(MBEDTLS_X509_CRT_PARSE_C) || \ - !defined(MBEDTLS_PKCS1_V15) ) -#error "MBEDTLS_KEY_EXCHANGE_RSA_ENABLED defined, but not all prerequisites" -#endif - -#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) && \ - ( !defined(MBEDTLS_ECJPAKE_C) || !defined(MBEDTLS_SHA256_C) || \ - !defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED) ) -#error "MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED defined, but not all prerequisites" -#endif - -#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) && \ - !defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE) && \ - ( !defined(MBEDTLS_SHA256_C) && \ - !defined(MBEDTLS_SHA512_C) && \ - !defined(MBEDTLS_SHA1_C) ) -#error "!MBEDTLS_SSL_KEEP_PEER_CERTIFICATE requires MBEDTLS_SHA512_C, MBEDTLS_SHA256_C or MBEDTLS_SHA1_C" -#endif - -#if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C) && \ - ( !defined(MBEDTLS_PLATFORM_C) || !defined(MBEDTLS_PLATFORM_MEMORY) ) -#error "MBEDTLS_MEMORY_BUFFER_ALLOC_C defined, but not all prerequisites" -#endif - -#if defined(MBEDTLS_MEMORY_BACKTRACE) && !defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C) -#error "MBEDTLS_MEMORY_BACKTRACE defined, but not all prerequesites" -#endif - -#if defined(MBEDTLS_MEMORY_DEBUG) && !defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C) -#error "MBEDTLS_MEMORY_DEBUG defined, but not all prerequesites" -#endif - -#if defined(MBEDTLS_PADLOCK_C) && !defined(MBEDTLS_HAVE_ASM) -#error "MBEDTLS_PADLOCK_C defined, but not all prerequisites" -#endif - -#if defined(MBEDTLS_PEM_PARSE_C) && !defined(MBEDTLS_BASE64_C) -#error "MBEDTLS_PEM_PARSE_C defined, but not all prerequisites" -#endif - -#if defined(MBEDTLS_PEM_WRITE_C) && !defined(MBEDTLS_BASE64_C) -#error "MBEDTLS_PEM_WRITE_C defined, but not all prerequisites" -#endif - -#if defined(MBEDTLS_PK_C) && \ - ( !defined(MBEDTLS_RSA_C) && !defined(MBEDTLS_ECP_C) ) -#error "MBEDTLS_PK_C defined, but not all prerequisites" -#endif - -#if defined(MBEDTLS_PK_PARSE_C) && !defined(MBEDTLS_PK_C) -#error "MBEDTLS_PK_PARSE_C defined, but not all prerequisites" -#endif - -#if defined(MBEDTLS_PK_WRITE_C) && !defined(MBEDTLS_PK_C) -#error "MBEDTLS_PK_WRITE_C defined, but not all prerequisites" -#endif - -#if defined(MBEDTLS_PLATFORM_EXIT_ALT) && !defined(MBEDTLS_PLATFORM_C) -#error "MBEDTLS_PLATFORM_EXIT_ALT defined, but not all prerequisites" -#endif - -#if defined(MBEDTLS_PLATFORM_EXIT_MACRO) && !defined(MBEDTLS_PLATFORM_C) -#error "MBEDTLS_PLATFORM_EXIT_MACRO defined, but not all prerequisites" -#endif - -#if defined(MBEDTLS_PLATFORM_EXIT_MACRO) &&\ - ( defined(MBEDTLS_PLATFORM_STD_EXIT) ||\ - defined(MBEDTLS_PLATFORM_EXIT_ALT) ) -#error "MBEDTLS_PLATFORM_EXIT_MACRO and MBEDTLS_PLATFORM_STD_EXIT/MBEDTLS_PLATFORM_EXIT_ALT cannot be defined simultaneously" -#endif - -#if defined(MBEDTLS_PLATFORM_TIME_ALT) &&\ - ( !defined(MBEDTLS_PLATFORM_C) ||\ - !defined(MBEDTLS_HAVE_TIME) ) -#error "MBEDTLS_PLATFORM_TIME_ALT defined, but not all prerequisites" -#endif - -#if defined(MBEDTLS_PLATFORM_TIME_MACRO) &&\ - ( !defined(MBEDTLS_PLATFORM_C) ||\ - !defined(MBEDTLS_HAVE_TIME) ) -#error "MBEDTLS_PLATFORM_TIME_MACRO defined, but not all prerequisites" -#endif - -#if defined(MBEDTLS_PLATFORM_TIME_TYPE_MACRO) &&\ - ( !defined(MBEDTLS_PLATFORM_C) ||\ - !defined(MBEDTLS_HAVE_TIME) ) -#error "MBEDTLS_PLATFORM_TIME_TYPE_MACRO defined, but not all prerequisites" -#endif - -#if defined(MBEDTLS_PLATFORM_TIME_MACRO) &&\ - ( defined(MBEDTLS_PLATFORM_STD_TIME) ||\ - defined(MBEDTLS_PLATFORM_TIME_ALT) ) -#error "MBEDTLS_PLATFORM_TIME_MACRO and MBEDTLS_PLATFORM_STD_TIME/MBEDTLS_PLATFORM_TIME_ALT cannot be defined simultaneously" -#endif - -#if defined(MBEDTLS_PLATFORM_TIME_TYPE_MACRO) &&\ - ( defined(MBEDTLS_PLATFORM_STD_TIME) ||\ - defined(MBEDTLS_PLATFORM_TIME_ALT) ) -#error "MBEDTLS_PLATFORM_TIME_TYPE_MACRO and MBEDTLS_PLATFORM_STD_TIME/MBEDTLS_PLATFORM_TIME_ALT cannot be defined simultaneously" -#endif - -#if defined(MBEDTLS_PLATFORM_FPRINTF_ALT) && !defined(MBEDTLS_PLATFORM_C) -#error "MBEDTLS_PLATFORM_FPRINTF_ALT defined, but not all prerequisites" -#endif - -#if defined(MBEDTLS_PLATFORM_FPRINTF_MACRO) && !defined(MBEDTLS_PLATFORM_C) -#error "MBEDTLS_PLATFORM_FPRINTF_MACRO defined, but not all prerequisites" -#endif - -#if defined(MBEDTLS_PLATFORM_FPRINTF_MACRO) &&\ - ( defined(MBEDTLS_PLATFORM_STD_FPRINTF) ||\ - defined(MBEDTLS_PLATFORM_FPRINTF_ALT) ) -#error "MBEDTLS_PLATFORM_FPRINTF_MACRO and MBEDTLS_PLATFORM_STD_FPRINTF/MBEDTLS_PLATFORM_FPRINTF_ALT cannot be defined simultaneously" -#endif - -#if defined(MBEDTLS_PLATFORM_FREE_MACRO) &&\ - ( !defined(MBEDTLS_PLATFORM_C) || !defined(MBEDTLS_PLATFORM_MEMORY) ) -#error "MBEDTLS_PLATFORM_FREE_MACRO defined, but not all prerequisites" -#endif - -#if defined(MBEDTLS_PLATFORM_FREE_MACRO) &&\ - defined(MBEDTLS_PLATFORM_STD_FREE) -#error "MBEDTLS_PLATFORM_FREE_MACRO and MBEDTLS_PLATFORM_STD_FREE cannot be defined simultaneously" -#endif - -#if defined(MBEDTLS_PLATFORM_FREE_MACRO) && !defined(MBEDTLS_PLATFORM_CALLOC_MACRO) -#error "MBEDTLS_PLATFORM_CALLOC_MACRO must be defined if MBEDTLS_PLATFORM_FREE_MACRO is" -#endif - -#if defined(MBEDTLS_PLATFORM_CALLOC_MACRO) &&\ - ( !defined(MBEDTLS_PLATFORM_C) || !defined(MBEDTLS_PLATFORM_MEMORY) ) -#error "MBEDTLS_PLATFORM_CALLOC_MACRO defined, but not all prerequisites" -#endif - -#if defined(MBEDTLS_PLATFORM_CALLOC_MACRO) &&\ - defined(MBEDTLS_PLATFORM_STD_CALLOC) -#error "MBEDTLS_PLATFORM_CALLOC_MACRO and MBEDTLS_PLATFORM_STD_CALLOC cannot be defined simultaneously" -#endif - -#if defined(MBEDTLS_PLATFORM_CALLOC_MACRO) && !defined(MBEDTLS_PLATFORM_FREE_MACRO) -#error "MBEDTLS_PLATFORM_FREE_MACRO must be defined if MBEDTLS_PLATFORM_CALLOC_MACRO is" -#endif - -#if defined(MBEDTLS_PLATFORM_MEMORY) && !defined(MBEDTLS_PLATFORM_C) -#error "MBEDTLS_PLATFORM_MEMORY defined, but not all prerequisites" -#endif - -#if defined(MBEDTLS_PLATFORM_PRINTF_ALT) && !defined(MBEDTLS_PLATFORM_C) -#error "MBEDTLS_PLATFORM_PRINTF_ALT defined, but not all prerequisites" -#endif - -#if defined(MBEDTLS_PLATFORM_PRINTF_MACRO) && !defined(MBEDTLS_PLATFORM_C) -#error "MBEDTLS_PLATFORM_PRINTF_MACRO defined, but not all prerequisites" -#endif - -#if defined(MBEDTLS_PLATFORM_PRINTF_MACRO) &&\ - ( defined(MBEDTLS_PLATFORM_STD_PRINTF) ||\ - defined(MBEDTLS_PLATFORM_PRINTF_ALT) ) -#error "MBEDTLS_PLATFORM_PRINTF_MACRO and MBEDTLS_PLATFORM_STD_PRINTF/MBEDTLS_PLATFORM_PRINTF_ALT cannot be defined simultaneously" -#endif - -#if defined(MBEDTLS_PLATFORM_SNPRINTF_ALT) && !defined(MBEDTLS_PLATFORM_C) -#error "MBEDTLS_PLATFORM_SNPRINTF_ALT defined, but not all prerequisites" -#endif - -#if defined(MBEDTLS_PLATFORM_SNPRINTF_MACRO) && !defined(MBEDTLS_PLATFORM_C) -#error "MBEDTLS_PLATFORM_SNPRINTF_MACRO defined, but not all prerequisites" -#endif - -#if defined(MBEDTLS_PLATFORM_SNPRINTF_MACRO) &&\ - ( defined(MBEDTLS_PLATFORM_STD_SNPRINTF) ||\ - defined(MBEDTLS_PLATFORM_SNPRINTF_ALT) ) -#error "MBEDTLS_PLATFORM_SNPRINTF_MACRO and MBEDTLS_PLATFORM_STD_SNPRINTF/MBEDTLS_PLATFORM_SNPRINTF_ALT cannot be defined simultaneously" -#endif - -#if defined(MBEDTLS_PLATFORM_STD_MEM_HDR) &&\ - !defined(MBEDTLS_PLATFORM_NO_STD_FUNCTIONS) -#error "MBEDTLS_PLATFORM_STD_MEM_HDR defined, but not all prerequisites" -#endif - -#if defined(MBEDTLS_PLATFORM_STD_CALLOC) && !defined(MBEDTLS_PLATFORM_MEMORY) -#error "MBEDTLS_PLATFORM_STD_CALLOC defined, but not all prerequisites" -#endif - -#if defined(MBEDTLS_PLATFORM_STD_CALLOC) && !defined(MBEDTLS_PLATFORM_MEMORY) -#error "MBEDTLS_PLATFORM_STD_CALLOC defined, but not all prerequisites" -#endif - -#if defined(MBEDTLS_PLATFORM_STD_FREE) && !defined(MBEDTLS_PLATFORM_MEMORY) -#error "MBEDTLS_PLATFORM_STD_FREE defined, but not all prerequisites" -#endif - -#if defined(MBEDTLS_PLATFORM_STD_EXIT) &&\ - !defined(MBEDTLS_PLATFORM_EXIT_ALT) -#error "MBEDTLS_PLATFORM_STD_EXIT defined, but not all prerequisites" -#endif - -#if defined(MBEDTLS_PLATFORM_STD_TIME) &&\ - ( !defined(MBEDTLS_PLATFORM_TIME_ALT) ||\ - !defined(MBEDTLS_HAVE_TIME) ) -#error "MBEDTLS_PLATFORM_STD_TIME defined, but not all prerequisites" -#endif - -#if defined(MBEDTLS_PLATFORM_STD_FPRINTF) &&\ - !defined(MBEDTLS_PLATFORM_FPRINTF_ALT) -#error "MBEDTLS_PLATFORM_STD_FPRINTF defined, but not all prerequisites" -#endif - -#if defined(MBEDTLS_PLATFORM_STD_PRINTF) &&\ - !defined(MBEDTLS_PLATFORM_PRINTF_ALT) -#error "MBEDTLS_PLATFORM_STD_PRINTF defined, but not all prerequisites" -#endif - -#if defined(MBEDTLS_PLATFORM_STD_SNPRINTF) &&\ - !defined(MBEDTLS_PLATFORM_SNPRINTF_ALT) -#error "MBEDTLS_PLATFORM_STD_SNPRINTF defined, but not all prerequisites" -#endif - -#if defined(MBEDTLS_ENTROPY_NV_SEED) &&\ - ( !defined(MBEDTLS_PLATFORM_C) || !defined(MBEDTLS_ENTROPY_C) ) -#error "MBEDTLS_ENTROPY_NV_SEED defined, but not all prerequisites" -#endif - -#if defined(MBEDTLS_PLATFORM_NV_SEED_ALT) &&\ - !defined(MBEDTLS_ENTROPY_NV_SEED) -#error "MBEDTLS_PLATFORM_NV_SEED_ALT defined, but not all prerequisites" -#endif - -#if defined(MBEDTLS_PLATFORM_STD_NV_SEED_READ) &&\ - !defined(MBEDTLS_PLATFORM_NV_SEED_ALT) -#error "MBEDTLS_PLATFORM_STD_NV_SEED_READ defined, but not all prerequisites" -#endif - -#if defined(MBEDTLS_PLATFORM_STD_NV_SEED_WRITE) &&\ - !defined(MBEDTLS_PLATFORM_NV_SEED_ALT) -#error "MBEDTLS_PLATFORM_STD_NV_SEED_WRITE defined, but not all prerequisites" -#endif - -#if defined(MBEDTLS_PLATFORM_NV_SEED_READ_MACRO) &&\ - ( defined(MBEDTLS_PLATFORM_STD_NV_SEED_READ) ||\ - defined(MBEDTLS_PLATFORM_NV_SEED_ALT) ) -#error "MBEDTLS_PLATFORM_NV_SEED_READ_MACRO and MBEDTLS_PLATFORM_STD_NV_SEED_READ cannot be defined simultaneously" -#endif - -#if defined(MBEDTLS_PLATFORM_NV_SEED_WRITE_MACRO) &&\ - ( defined(MBEDTLS_PLATFORM_STD_NV_SEED_WRITE) ||\ - defined(MBEDTLS_PLATFORM_NV_SEED_ALT) ) -#error "MBEDTLS_PLATFORM_NV_SEED_WRITE_MACRO and MBEDTLS_PLATFORM_STD_NV_SEED_WRITE cannot be defined simultaneously" -#endif - -#if defined(MBEDTLS_PSA_CRYPTO_C) && \ - !( ( ( defined(MBEDTLS_CTR_DRBG_C) || defined(MBEDTLS_HMAC_DRBG_C) ) && \ - defined(MBEDTLS_ENTROPY_C) ) || \ - defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG) ) -#error "MBEDTLS_PSA_CRYPTO_C defined, but not all prerequisites (missing RNG)" -#endif - -#if defined(MBEDTLS_PSA_CRYPTO_SPM) && !defined(MBEDTLS_PSA_CRYPTO_C) -#error "MBEDTLS_PSA_CRYPTO_SPM defined, but not all prerequisites" -#endif - -#if defined(MBEDTLS_PSA_CRYPTO_SE_C) && \ - ! ( defined(MBEDTLS_PSA_CRYPTO_C) && \ - defined(MBEDTLS_PSA_CRYPTO_STORAGE_C) ) -#error "MBEDTLS_PSA_CRYPTO_SE_C defined, but not all prerequisites" -#endif - -#if defined(MBEDTLS_PSA_CRYPTO_STORAGE_C) && \ - ! defined(MBEDTLS_PSA_CRYPTO_C) -#error "MBEDTLS_PSA_CRYPTO_STORAGE_C defined, but not all prerequisites" -#endif - -#if defined(MBEDTLS_PSA_INJECT_ENTROPY) && \ - !( defined(MBEDTLS_PSA_CRYPTO_STORAGE_C) && \ - defined(MBEDTLS_ENTROPY_NV_SEED) ) -#error "MBEDTLS_PSA_INJECT_ENTROPY defined, but not all prerequisites" -#endif - -#if defined(MBEDTLS_PSA_INJECT_ENTROPY) && \ - !defined(MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES) -#error "MBEDTLS_PSA_INJECT_ENTROPY is not compatible with actual entropy sources" -#endif - -#if defined(MBEDTLS_PSA_INJECT_ENTROPY) && \ - defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG) -#error "MBEDTLS_PSA_INJECT_ENTROPY is not compatible with MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG" -#endif - -#if defined(MBEDTLS_PSA_ITS_FILE_C) && \ - !defined(MBEDTLS_FS_IO) -#error "MBEDTLS_PSA_ITS_FILE_C defined, but not all prerequisites" -#endif - -#if defined(MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER) && \ - defined(MBEDTLS_USE_PSA_CRYPTO) -#error "MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER defined, but it cannot coexist with MBEDTLS_USE_PSA_CRYPTO." -#endif - -#if defined(MBEDTLS_RSA_C) && ( !defined(MBEDTLS_BIGNUM_C) || \ - !defined(MBEDTLS_OID_C) ) -#error "MBEDTLS_RSA_C defined, but not all prerequisites" -#endif - -#if defined(MBEDTLS_RSA_C) && ( !defined(MBEDTLS_PKCS1_V21) && \ - !defined(MBEDTLS_PKCS1_V15) ) -#error "MBEDTLS_RSA_C defined, but none of the PKCS1 versions enabled" -#endif - -#if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT) && \ - ( !defined(MBEDTLS_RSA_C) || !defined(MBEDTLS_PKCS1_V21) ) -#error "MBEDTLS_X509_RSASSA_PSS_SUPPORT defined, but not all prerequisites" -#endif - -#if defined(MBEDTLS_SHA384_C) && !defined(MBEDTLS_SHA512_C) -#error "MBEDTLS_SHA384_C defined without MBEDTLS_SHA512_C" -#endif - -#if defined(MBEDTLS_SHA224_C) && !defined(MBEDTLS_SHA256_C) -#error "MBEDTLS_SHA224_C defined without MBEDTLS_SHA256_C" -#endif - -#if defined(MBEDTLS_SHA256_C) && !defined(MBEDTLS_SHA224_C) -#error "MBEDTLS_SHA256_C defined without MBEDTLS_SHA224_C" -#endif - -#if defined(MBEDTLS_SSL_PROTO_TLS1_2) && ( !defined(MBEDTLS_SHA1_C) && \ - !defined(MBEDTLS_SHA256_C) && !defined(MBEDTLS_SHA512_C) ) -#error "MBEDTLS_SSL_PROTO_TLS1_2 defined, but not all prerequisites" -#endif - -#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL) && ( !defined(MBEDTLS_HKDF_C) && \ - !defined(MBEDTLS_SHA256_C) && !defined(MBEDTLS_SHA512_C) ) -#error "MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL defined, but not all prerequisites" -#endif - -#if defined(MBEDTLS_SSL_PROTO_TLS1_2) && \ - !(defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED) || \ - defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) || \ - defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \ - defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) || \ - defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) || \ - defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED) || \ - defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED) || \ - defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED) || \ - defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED) || \ - defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED) || \ - defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) ) -#error "One or more versions of the TLS protocol are enabled " \ - "but no key exchange methods defined with MBEDTLS_KEY_EXCHANGE_xxxx" -#endif - -#if defined(MBEDTLS_SSL_PROTO_DTLS) && \ - !defined(MBEDTLS_SSL_PROTO_TLS1_2) -#error "MBEDTLS_SSL_PROTO_DTLS defined, but not all prerequisites" -#endif - -#if defined(MBEDTLS_SSL_CLI_C) && !defined(MBEDTLS_SSL_TLS_C) -#error "MBEDTLS_SSL_CLI_C defined, but not all prerequisites" -#endif - -#if defined(MBEDTLS_SSL_TLS_C) && ( !defined(MBEDTLS_CIPHER_C) || \ - !defined(MBEDTLS_MD_C) ) -#error "MBEDTLS_SSL_TLS_C defined, but not all prerequisites" -#endif - -#if defined(MBEDTLS_SSL_SRV_C) && !defined(MBEDTLS_SSL_TLS_C) -#error "MBEDTLS_SSL_SRV_C defined, but not all prerequisites" -#endif - -#if defined(MBEDTLS_SSL_TLS_C) && !defined(MBEDTLS_SSL_PROTO_TLS1_2) -#error "MBEDTLS_SSL_TLS_C defined, but no protocols are active" -#endif - -#if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY) && !defined(MBEDTLS_SSL_PROTO_DTLS) -#error "MBEDTLS_SSL_DTLS_HELLO_VERIFY defined, but not all prerequisites" -#endif - -#if defined(MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE) && \ - !defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY) -#error "MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE defined, but not all prerequisites" -#endif - -#if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY) && \ - ( !defined(MBEDTLS_SSL_TLS_C) || !defined(MBEDTLS_SSL_PROTO_DTLS) ) -#error "MBEDTLS_SSL_DTLS_ANTI_REPLAY defined, but not all prerequisites" -#endif - -#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) && \ - ( !defined(MBEDTLS_SSL_TLS_C) || !defined(MBEDTLS_SSL_PROTO_DTLS) ) -#error "MBEDTLS_SSL_DTLS_CONNECTION_ID defined, but not all prerequisites" -#endif - -#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) && \ - defined(MBEDTLS_SSL_CID_IN_LEN_MAX) && \ - MBEDTLS_SSL_CID_IN_LEN_MAX > 255 -#error "MBEDTLS_SSL_CID_IN_LEN_MAX too large (max 255)" -#endif - -#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) && \ - defined(MBEDTLS_SSL_CID_OUT_LEN_MAX) && \ - MBEDTLS_SSL_CID_OUT_LEN_MAX > 255 -#error "MBEDTLS_SSL_CID_OUT_LEN_MAX too large (max 255)" -#endif - -#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) && \ - !defined(MBEDTLS_SSL_PROTO_TLS1_2) -#error "MBEDTLS_SSL_ENCRYPT_THEN_MAC defined, but not all prerequsites" -#endif - -#if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET) && \ - !defined(MBEDTLS_SSL_PROTO_TLS1_2) -#error "MBEDTLS_SSL_EXTENDED_MASTER_SECRET defined, but not all prerequsites" -#endif - -#if defined(MBEDTLS_SSL_TICKET_C) && !defined(MBEDTLS_CIPHER_C) -#error "MBEDTLS_SSL_TICKET_C defined, but not all prerequisites" -#endif - -#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION) && \ - !defined(MBEDTLS_X509_CRT_PARSE_C) -#error "MBEDTLS_SSL_SERVER_NAME_INDICATION defined, but not all prerequisites" -#endif - -#if defined(MBEDTLS_THREADING_PTHREAD) -#if !defined(MBEDTLS_THREADING_C) || defined(MBEDTLS_THREADING_IMPL) -#error "MBEDTLS_THREADING_PTHREAD defined, but not all prerequisites" -#endif -#define MBEDTLS_THREADING_IMPL -#endif - -#if defined(MBEDTLS_THREADING_ALT) -#if !defined(MBEDTLS_THREADING_C) || defined(MBEDTLS_THREADING_IMPL) -#error "MBEDTLS_THREADING_ALT defined, but not all prerequisites" -#endif -#define MBEDTLS_THREADING_IMPL -#endif - -#if defined(MBEDTLS_THREADING_C) && !defined(MBEDTLS_THREADING_IMPL) -#error "MBEDTLS_THREADING_C defined, single threading implementation required" -#endif -#undef MBEDTLS_THREADING_IMPL - -#if defined(MBEDTLS_USE_PSA_CRYPTO) && !defined(MBEDTLS_PSA_CRYPTO_C) -#error "MBEDTLS_USE_PSA_CRYPTO defined, but not all prerequisites" -#endif - -#if defined(MBEDTLS_VERSION_FEATURES) && !defined(MBEDTLS_VERSION_C) -#error "MBEDTLS_VERSION_FEATURES defined, but not all prerequisites" -#endif - -#if defined(MBEDTLS_X509_USE_C) && ( !defined(MBEDTLS_BIGNUM_C) || \ - !defined(MBEDTLS_OID_C) || !defined(MBEDTLS_ASN1_PARSE_C) || \ - !defined(MBEDTLS_PK_PARSE_C) ) -#error "MBEDTLS_X509_USE_C defined, but not all prerequisites" -#endif - -#if defined(MBEDTLS_X509_CREATE_C) && ( !defined(MBEDTLS_BIGNUM_C) || \ - !defined(MBEDTLS_OID_C) || !defined(MBEDTLS_ASN1_WRITE_C) || \ - !defined(MBEDTLS_PK_WRITE_C) ) -#error "MBEDTLS_X509_CREATE_C defined, but not all prerequisites" -#endif - -#if defined(MBEDTLS_X509_CRT_PARSE_C) && ( !defined(MBEDTLS_X509_USE_C) ) -#error "MBEDTLS_X509_CRT_PARSE_C defined, but not all prerequisites" -#endif - -#if defined(MBEDTLS_X509_CRL_PARSE_C) && ( !defined(MBEDTLS_X509_USE_C) ) -#error "MBEDTLS_X509_CRL_PARSE_C defined, but not all prerequisites" -#endif - -#if defined(MBEDTLS_X509_CSR_PARSE_C) && ( !defined(MBEDTLS_X509_USE_C) ) -#error "MBEDTLS_X509_CSR_PARSE_C defined, but not all prerequisites" -#endif - -#if defined(MBEDTLS_X509_CRT_WRITE_C) && ( !defined(MBEDTLS_X509_CREATE_C) ) -#error "MBEDTLS_X509_CRT_WRITE_C defined, but not all prerequisites" -#endif - -#if defined(MBEDTLS_X509_CSR_WRITE_C) && ( !defined(MBEDTLS_X509_CREATE_C) ) -#error "MBEDTLS_X509_CSR_WRITE_C defined, but not all prerequisites" -#endif - -#if defined(MBEDTLS_HAVE_INT32) && defined(MBEDTLS_HAVE_INT64) -#error "MBEDTLS_HAVE_INT32 and MBEDTLS_HAVE_INT64 cannot be defined simultaneously" -#endif /* MBEDTLS_HAVE_INT32 && MBEDTLS_HAVE_INT64 */ - -#if ( defined(MBEDTLS_HAVE_INT32) || defined(MBEDTLS_HAVE_INT64) ) && \ - defined(MBEDTLS_HAVE_ASM) -#error "MBEDTLS_HAVE_INT32/MBEDTLS_HAVE_INT64 and MBEDTLS_HAVE_ASM cannot be defined simultaneously" -#endif /* (MBEDTLS_HAVE_INT32 || MBEDTLS_HAVE_INT64) && MBEDTLS_HAVE_ASM */ - -#if defined(MBEDTLS_SSL_DTLS_SRTP) && ( !defined(MBEDTLS_SSL_PROTO_DTLS) ) -#error "MBEDTLS_SSL_DTLS_SRTP defined, but not all prerequisites" -#endif - -#if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH) && ( !defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH) ) -#error "MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH defined, but not all prerequisites" -#endif - - - -/* Reject attempts to enable options that have been removed and that could - * cause a build to succeed but with features removed. */ - -#if defined(MBEDTLS_HAVEGE_C) //no-check-names -#error "MBEDTLS_HAVEGE_C was removed in Mbed TLS 3.0. See https://github.com/ARMmbed/mbedtls/issues/2599" -#endif - -#if defined(MBEDTLS_SSL_HW_RECORD_ACCEL) //no-check-names -#error "MBEDTLS_SSL_HW_RECORD_ACCEL was removed in Mbed TLS 3.0. See https://github.com/ARMmbed/mbedtls/issues/4031" -#endif - -#if defined(MBEDTLS_SSL_PROTO_SSL3) //no-check-names -#error "MBEDTLS_SSL_PROTO_SSL3 (SSL v3.0 support) was removed in Mbed TLS 3.0. See https://github.com/ARMmbed/mbedtls/issues/4031" -#endif - -#if defined(MBEDTLS_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO) //no-check-names -#error "MBEDTLS_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO (SSL v2 ClientHello support) was removed in Mbed TLS 3.0. See https://github.com/ARMmbed/mbedtls/issues/4031" -#endif - -#if defined(MBEDTLS_SSL_TRUNCATED_HMAC_COMPAT) //no-check-names -#error "MBEDTLS_SSL_TRUNCATED_HMAC_COMPAT (compatibility with the buggy implementation of truncated HMAC in Mbed TLS up to 2.7) was removed in Mbed TLS 3.0. See https://github.com/ARMmbed/mbedtls/issues/4031" -#endif - -#if defined(MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_CERTIFICATES) //no-check-names -#error "MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_CERTIFICATES was removed in Mbed TLS 3.0. See the ChangeLog entry if you really need SHA-1-signed certificates." -#endif - -#if defined(MBEDTLS_ZLIB_SUPPORT) //no-check-names -#error "MBEDTLS_ZLIB_SUPPORT was removed in Mbed TLS 3.0. See https://github.com/ARMmbed/mbedtls/issues/4031" -#endif - -#if defined(MBEDTLS_SSL_PROTO_TLS1) //no-check-names -#error "MBEDTLS_SSL_PROTO_TLS1 (TLS v1.0 support) was removed in Mbed TLS 3.0. See https://github.com/ARMmbed/mbedtls/issues/4286" -#endif - -#if defined(MBEDTLS_SSL_PROTO_TLS1_1) //no-check-names -#error "MBEDTLS_SSL_PROTO_TLS1_1 (TLS v1.1 support) was removed in Mbed TLS 3.0. See https://github.com/ARMmbed/mbedtls/issues/4286" -#endif - -#if defined(MBEDTLS_CHECK_PARAMS) //no-check-names -#error "MBEDTLS_CHECK_PARAMS was removed in Mbed TLS 3.0. See https://github.com/ARMmbed/mbedtls/issues/4313" -#endif - -#if defined(MBEDTLS_SSL_CID_PADDING_GRANULARITY) //no-check-names -#error "MBEDTLS_SSL_CID_PADDING_GRANULARITY was removed in Mbed TLS 3.0. See https://github.com/ARMmbed/mbedtls/issues/4335" -#endif - -#if defined(MBEDTLS_SSL_TLS1_3_PADDING_GRANULARITY) //no-check-names -#error "MBEDTLS_SSL_TLS1_3_PADDING_GRANULARITY was removed in Mbed TLS 3.0. See https://github.com/ARMmbed/mbedtls/issues/4335" -#endif - -#if defined(MBEDTLS_SSL_TRUNCATED_HMAC) //no-check-names -#error "MBEDTLS_SSL_TRUNCATED_HMAC was removed in Mbed TLS 3.0. See https://github.com/ARMmbed/mbedtls/issues/4341" -#endif - -/* - * Avoid warning from -pedantic. This is a convenient place for this - * workaround since this is included by every single file before the - * #if defined(MBEDTLS_xxx_C) that results in empty translation units. - */ -typedef int mbedtls_iso_c_forbids_empty_translation_units; - -#endif /* MBEDTLS_CHECK_CONFIG_H */ diff --git a/windows/mbedtls/cipher.h b/windows/mbedtls/cipher.h deleted file mode 100644 index 7afdc6ac..00000000 --- a/windows/mbedtls/cipher.h +++ /dev/null @@ -1,983 +0,0 @@ -/** - * \file cipher.h - * - * \brief This file contains an abstraction interface for use with the cipher - * primitives provided by the library. It provides a common interface to all of - * the available cipher operations. - * - * \author Adriaan de Jong - */ -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -#ifndef MBEDTLS_CIPHER_H -#define MBEDTLS_CIPHER_H -#include "mbedtls/private_access.h" - -#include "mbedtls/build_info.h" - -#include -#include "mbedtls/platform_util.h" - -#if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CCM_C) || defined(MBEDTLS_CHACHAPOLY_C) -#define MBEDTLS_CIPHER_MODE_AEAD -#endif - -#if defined(MBEDTLS_CIPHER_MODE_CBC) -#define MBEDTLS_CIPHER_MODE_WITH_PADDING -#endif - -#if defined(MBEDTLS_CIPHER_NULL_CIPHER) || \ - defined(MBEDTLS_CHACHA20_C) -#define MBEDTLS_CIPHER_MODE_STREAM -#endif - -#if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && \ - !defined(inline) && !defined(__cplusplus) -#define inline __inline -#endif - -#define MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE -0x6080 /**< The selected feature is not available. */ -#define MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA -0x6100 /**< Bad input parameters. */ -#define MBEDTLS_ERR_CIPHER_ALLOC_FAILED -0x6180 /**< Failed to allocate memory. */ -#define MBEDTLS_ERR_CIPHER_INVALID_PADDING -0x6200 /**< Input data contains invalid padding and is rejected. */ -#define MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED -0x6280 /**< Decryption of block requires a full block. */ -#define MBEDTLS_ERR_CIPHER_AUTH_FAILED -0x6300 /**< Authentication failed (for AEAD modes). */ -#define MBEDTLS_ERR_CIPHER_INVALID_CONTEXT -0x6380 /**< The context is invalid. For example, because it was freed. */ - -#define MBEDTLS_CIPHER_VARIABLE_IV_LEN 0x01 /**< Cipher accepts IVs of variable length. */ -#define MBEDTLS_CIPHER_VARIABLE_KEY_LEN 0x02 /**< Cipher accepts keys of variable length. */ - -#ifdef __cplusplus -extern "C" { -#endif - -/** - * \brief Supported cipher types. - * - * \warning DES is considered weak cipher and its use - * constitutes a security risk. Arm recommends considering stronger - * ciphers instead. - */ -typedef enum { - MBEDTLS_CIPHER_ID_NONE = 0, /**< Placeholder to mark the end of cipher ID lists. */ - MBEDTLS_CIPHER_ID_NULL, /**< The identity cipher, treated as a stream cipher. */ - MBEDTLS_CIPHER_ID_AES, /**< The AES cipher. */ - MBEDTLS_CIPHER_ID_DES, /**< The DES cipher. */ - MBEDTLS_CIPHER_ID_3DES, /**< The Triple DES cipher. */ - MBEDTLS_CIPHER_ID_CAMELLIA, /**< The Camellia cipher. */ - MBEDTLS_CIPHER_ID_ARIA, /**< The Aria cipher. */ - MBEDTLS_CIPHER_ID_CHACHA20, /**< The ChaCha20 cipher. */ -} mbedtls_cipher_id_t; - -/** - * \brief Supported {cipher type, cipher mode} pairs. - * - * \warning DES is considered weak cipher and its use - * constitutes a security risk. Arm recommends considering stronger - * ciphers instead. - */ -typedef enum { - MBEDTLS_CIPHER_NONE = 0, /**< Placeholder to mark the end of cipher-pair lists. */ - MBEDTLS_CIPHER_NULL, /**< The identity stream cipher. */ - MBEDTLS_CIPHER_AES_128_ECB, /**< AES cipher with 128-bit ECB mode. */ - MBEDTLS_CIPHER_AES_192_ECB, /**< AES cipher with 192-bit ECB mode. */ - MBEDTLS_CIPHER_AES_256_ECB, /**< AES cipher with 256-bit ECB mode. */ - MBEDTLS_CIPHER_AES_128_CBC, /**< AES cipher with 128-bit CBC mode. */ - MBEDTLS_CIPHER_AES_192_CBC, /**< AES cipher with 192-bit CBC mode. */ - MBEDTLS_CIPHER_AES_256_CBC, /**< AES cipher with 256-bit CBC mode. */ - MBEDTLS_CIPHER_AES_128_CFB128, /**< AES cipher with 128-bit CFB128 mode. */ - MBEDTLS_CIPHER_AES_192_CFB128, /**< AES cipher with 192-bit CFB128 mode. */ - MBEDTLS_CIPHER_AES_256_CFB128, /**< AES cipher with 256-bit CFB128 mode. */ - MBEDTLS_CIPHER_AES_128_CTR, /**< AES cipher with 128-bit CTR mode. */ - MBEDTLS_CIPHER_AES_192_CTR, /**< AES cipher with 192-bit CTR mode. */ - MBEDTLS_CIPHER_AES_256_CTR, /**< AES cipher with 256-bit CTR mode. */ - MBEDTLS_CIPHER_AES_128_GCM, /**< AES cipher with 128-bit GCM mode. */ - MBEDTLS_CIPHER_AES_192_GCM, /**< AES cipher with 192-bit GCM mode. */ - MBEDTLS_CIPHER_AES_256_GCM, /**< AES cipher with 256-bit GCM mode. */ - MBEDTLS_CIPHER_CAMELLIA_128_ECB, /**< Camellia cipher with 128-bit ECB mode. */ - MBEDTLS_CIPHER_CAMELLIA_192_ECB, /**< Camellia cipher with 192-bit ECB mode. */ - MBEDTLS_CIPHER_CAMELLIA_256_ECB, /**< Camellia cipher with 256-bit ECB mode. */ - MBEDTLS_CIPHER_CAMELLIA_128_CBC, /**< Camellia cipher with 128-bit CBC mode. */ - MBEDTLS_CIPHER_CAMELLIA_192_CBC, /**< Camellia cipher with 192-bit CBC mode. */ - MBEDTLS_CIPHER_CAMELLIA_256_CBC, /**< Camellia cipher with 256-bit CBC mode. */ - MBEDTLS_CIPHER_CAMELLIA_128_CFB128, /**< Camellia cipher with 128-bit CFB128 mode. */ - MBEDTLS_CIPHER_CAMELLIA_192_CFB128, /**< Camellia cipher with 192-bit CFB128 mode. */ - MBEDTLS_CIPHER_CAMELLIA_256_CFB128, /**< Camellia cipher with 256-bit CFB128 mode. */ - MBEDTLS_CIPHER_CAMELLIA_128_CTR, /**< Camellia cipher with 128-bit CTR mode. */ - MBEDTLS_CIPHER_CAMELLIA_192_CTR, /**< Camellia cipher with 192-bit CTR mode. */ - MBEDTLS_CIPHER_CAMELLIA_256_CTR, /**< Camellia cipher with 256-bit CTR mode. */ - MBEDTLS_CIPHER_CAMELLIA_128_GCM, /**< Camellia cipher with 128-bit GCM mode. */ - MBEDTLS_CIPHER_CAMELLIA_192_GCM, /**< Camellia cipher with 192-bit GCM mode. */ - MBEDTLS_CIPHER_CAMELLIA_256_GCM, /**< Camellia cipher with 256-bit GCM mode. */ - MBEDTLS_CIPHER_DES_ECB, /**< DES cipher with ECB mode. */ - MBEDTLS_CIPHER_DES_CBC, /**< DES cipher with CBC mode. */ - MBEDTLS_CIPHER_DES_EDE_ECB, /**< DES cipher with EDE ECB mode. */ - MBEDTLS_CIPHER_DES_EDE_CBC, /**< DES cipher with EDE CBC mode. */ - MBEDTLS_CIPHER_DES_EDE3_ECB, /**< DES cipher with EDE3 ECB mode. */ - MBEDTLS_CIPHER_DES_EDE3_CBC, /**< DES cipher with EDE3 CBC mode. */ - MBEDTLS_CIPHER_AES_128_CCM, /**< AES cipher with 128-bit CCM mode. */ - MBEDTLS_CIPHER_AES_192_CCM, /**< AES cipher with 192-bit CCM mode. */ - MBEDTLS_CIPHER_AES_256_CCM, /**< AES cipher with 256-bit CCM mode. */ - MBEDTLS_CIPHER_CAMELLIA_128_CCM, /**< Camellia cipher with 128-bit CCM mode. */ - MBEDTLS_CIPHER_CAMELLIA_192_CCM, /**< Camellia cipher with 192-bit CCM mode. */ - MBEDTLS_CIPHER_CAMELLIA_256_CCM, /**< Camellia cipher with 256-bit CCM mode. */ - MBEDTLS_CIPHER_ARIA_128_ECB, /**< Aria cipher with 128-bit key and ECB mode. */ - MBEDTLS_CIPHER_ARIA_192_ECB, /**< Aria cipher with 192-bit key and ECB mode. */ - MBEDTLS_CIPHER_ARIA_256_ECB, /**< Aria cipher with 256-bit key and ECB mode. */ - MBEDTLS_CIPHER_ARIA_128_CBC, /**< Aria cipher with 128-bit key and CBC mode. */ - MBEDTLS_CIPHER_ARIA_192_CBC, /**< Aria cipher with 192-bit key and CBC mode. */ - MBEDTLS_CIPHER_ARIA_256_CBC, /**< Aria cipher with 256-bit key and CBC mode. */ - MBEDTLS_CIPHER_ARIA_128_CFB128, /**< Aria cipher with 128-bit key and CFB-128 mode. */ - MBEDTLS_CIPHER_ARIA_192_CFB128, /**< Aria cipher with 192-bit key and CFB-128 mode. */ - MBEDTLS_CIPHER_ARIA_256_CFB128, /**< Aria cipher with 256-bit key and CFB-128 mode. */ - MBEDTLS_CIPHER_ARIA_128_CTR, /**< Aria cipher with 128-bit key and CTR mode. */ - MBEDTLS_CIPHER_ARIA_192_CTR, /**< Aria cipher with 192-bit key and CTR mode. */ - MBEDTLS_CIPHER_ARIA_256_CTR, /**< Aria cipher with 256-bit key and CTR mode. */ - MBEDTLS_CIPHER_ARIA_128_GCM, /**< Aria cipher with 128-bit key and GCM mode. */ - MBEDTLS_CIPHER_ARIA_192_GCM, /**< Aria cipher with 192-bit key and GCM mode. */ - MBEDTLS_CIPHER_ARIA_256_GCM, /**< Aria cipher with 256-bit key and GCM mode. */ - MBEDTLS_CIPHER_ARIA_128_CCM, /**< Aria cipher with 128-bit key and CCM mode. */ - MBEDTLS_CIPHER_ARIA_192_CCM, /**< Aria cipher with 192-bit key and CCM mode. */ - MBEDTLS_CIPHER_ARIA_256_CCM, /**< Aria cipher with 256-bit key and CCM mode. */ - MBEDTLS_CIPHER_AES_128_OFB, /**< AES 128-bit cipher in OFB mode. */ - MBEDTLS_CIPHER_AES_192_OFB, /**< AES 192-bit cipher in OFB mode. */ - MBEDTLS_CIPHER_AES_256_OFB, /**< AES 256-bit cipher in OFB mode. */ - MBEDTLS_CIPHER_AES_128_XTS, /**< AES 128-bit cipher in XTS block mode. */ - MBEDTLS_CIPHER_AES_256_XTS, /**< AES 256-bit cipher in XTS block mode. */ - MBEDTLS_CIPHER_CHACHA20, /**< ChaCha20 stream cipher. */ - MBEDTLS_CIPHER_CHACHA20_POLY1305, /**< ChaCha20-Poly1305 AEAD cipher. */ - MBEDTLS_CIPHER_AES_128_KW, /**< AES cipher with 128-bit NIST KW mode. */ - MBEDTLS_CIPHER_AES_192_KW, /**< AES cipher with 192-bit NIST KW mode. */ - MBEDTLS_CIPHER_AES_256_KW, /**< AES cipher with 256-bit NIST KW mode. */ - MBEDTLS_CIPHER_AES_128_KWP, /**< AES cipher with 128-bit NIST KWP mode. */ - MBEDTLS_CIPHER_AES_192_KWP, /**< AES cipher with 192-bit NIST KWP mode. */ - MBEDTLS_CIPHER_AES_256_KWP, /**< AES cipher with 256-bit NIST KWP mode. */ -} mbedtls_cipher_type_t; - -/** Supported cipher modes. */ -typedef enum { - MBEDTLS_MODE_NONE = 0, /**< None. */ - MBEDTLS_MODE_ECB, /**< The ECB cipher mode. */ - MBEDTLS_MODE_CBC, /**< The CBC cipher mode. */ - MBEDTLS_MODE_CFB, /**< The CFB cipher mode. */ - MBEDTLS_MODE_OFB, /**< The OFB cipher mode. */ - MBEDTLS_MODE_CTR, /**< The CTR cipher mode. */ - MBEDTLS_MODE_GCM, /**< The GCM cipher mode. */ - MBEDTLS_MODE_STREAM, /**< The stream cipher mode. */ - MBEDTLS_MODE_CCM, /**< The CCM cipher mode. */ - MBEDTLS_MODE_XTS, /**< The XTS cipher mode. */ - MBEDTLS_MODE_CHACHAPOLY, /**< The ChaCha-Poly cipher mode. */ - MBEDTLS_MODE_KW, /**< The SP800-38F KW mode */ - MBEDTLS_MODE_KWP, /**< The SP800-38F KWP mode */ -} mbedtls_cipher_mode_t; - -/** Supported cipher padding types. */ -typedef enum { - MBEDTLS_PADDING_PKCS7 = 0, /**< PKCS7 padding (default). */ - MBEDTLS_PADDING_ONE_AND_ZEROS, /**< ISO/IEC 7816-4 padding. */ - MBEDTLS_PADDING_ZEROS_AND_LEN, /**< ANSI X.923 padding. */ - MBEDTLS_PADDING_ZEROS, /**< Zero padding (not reversible). */ - MBEDTLS_PADDING_NONE, /**< Never pad (full blocks only). */ -} mbedtls_cipher_padding_t; - -/** Type of operation. */ -typedef enum { - MBEDTLS_OPERATION_NONE = -1, - MBEDTLS_DECRYPT = 0, - MBEDTLS_ENCRYPT, -} mbedtls_operation_t; - -enum { - /** Undefined key length. */ - MBEDTLS_KEY_LENGTH_NONE = 0, - /** Key length, in bits (including parity), for DES keys. */ - MBEDTLS_KEY_LENGTH_DES = 64, - /** Key length in bits, including parity, for DES in two-key EDE. */ - MBEDTLS_KEY_LENGTH_DES_EDE = 128, - /** Key length in bits, including parity, for DES in three-key EDE. */ - MBEDTLS_KEY_LENGTH_DES_EDE3 = 192, -}; - -/** Maximum length of any IV, in Bytes. */ -/* This should ideally be derived automatically from list of ciphers. - * This should be kept in sync with MBEDTLS_SSL_MAX_IV_LENGTH defined - * in library/ssl_misc.h. */ -#define MBEDTLS_MAX_IV_LENGTH 16 - -/** Maximum block size of any cipher, in Bytes. */ -/* This should ideally be derived automatically from list of ciphers. - * This should be kept in sync with MBEDTLS_SSL_MAX_BLOCK_LENGTH defined - * in library/ssl_misc.h. */ -#define MBEDTLS_MAX_BLOCK_LENGTH 16 - -/** Maximum key length, in Bytes. */ -/* This should ideally be derived automatically from list of ciphers. - * For now, only check whether XTS is enabled which uses 64 Byte keys, - * and use 32 Bytes as an upper bound for the maximum key length otherwise. - * This should be kept in sync with MBEDTLS_SSL_MAX_BLOCK_LENGTH defined - * in library/ssl_misc.h, which however deliberately ignores the case of XTS - * since the latter isn't used in SSL/TLS. */ -#if defined(MBEDTLS_CIPHER_MODE_XTS) -#define MBEDTLS_MAX_KEY_LENGTH 64 -#else -#define MBEDTLS_MAX_KEY_LENGTH 32 -#endif /* MBEDTLS_CIPHER_MODE_XTS */ - -/** - * Base cipher information (opaque struct). - */ -typedef struct mbedtls_cipher_base_t mbedtls_cipher_base_t; - -/** - * CMAC context (opaque struct). - */ -typedef struct mbedtls_cmac_context_t mbedtls_cmac_context_t; - -/** - * Cipher information. Allows calling cipher functions - * in a generic way. - */ -typedef struct mbedtls_cipher_info_t -{ - /** Full cipher identifier. For example, - * MBEDTLS_CIPHER_AES_256_CBC. - */ - mbedtls_cipher_type_t MBEDTLS_PRIVATE(type); - - /** The cipher mode. For example, MBEDTLS_MODE_CBC. */ - mbedtls_cipher_mode_t MBEDTLS_PRIVATE(mode); - - /** The cipher key length, in bits. This is the - * default length for variable sized ciphers. - * Includes parity bits for ciphers like DES. - */ - unsigned int MBEDTLS_PRIVATE(key_bitlen); - - /** Name of the cipher. */ - const char * MBEDTLS_PRIVATE(name); - - /** IV or nonce size, in Bytes. - * For ciphers that accept variable IV sizes, - * this is the recommended size. - */ - unsigned int MBEDTLS_PRIVATE(iv_size); - - /** Bitflag comprised of MBEDTLS_CIPHER_VARIABLE_IV_LEN and - * MBEDTLS_CIPHER_VARIABLE_KEY_LEN indicating whether the - * cipher supports variable IV or variable key sizes, respectively. - */ - int MBEDTLS_PRIVATE(flags); - - /** The block size, in Bytes. */ - unsigned int MBEDTLS_PRIVATE(block_size); - - /** Struct for base cipher information and functions. */ - const mbedtls_cipher_base_t *MBEDTLS_PRIVATE(base); - -} mbedtls_cipher_info_t; - -/** - * Generic cipher context. - */ -typedef struct mbedtls_cipher_context_t -{ - /** Information about the associated cipher. */ - const mbedtls_cipher_info_t *MBEDTLS_PRIVATE(cipher_info); - - /** Key length to use. */ - int MBEDTLS_PRIVATE(key_bitlen); - - /** Operation that the key of the context has been - * initialized for. - */ - mbedtls_operation_t MBEDTLS_PRIVATE(operation); - -#if defined(MBEDTLS_CIPHER_MODE_WITH_PADDING) - /** Padding functions to use, if relevant for - * the specific cipher mode. - */ - void (*MBEDTLS_PRIVATE(add_padding))( unsigned char *output, size_t olen, size_t data_len ); - int (*MBEDTLS_PRIVATE(get_padding))( unsigned char *input, size_t ilen, size_t *data_len ); -#endif - - /** Buffer for input that has not been processed yet. */ - unsigned char MBEDTLS_PRIVATE(unprocessed_data)[MBEDTLS_MAX_BLOCK_LENGTH]; - - /** Number of Bytes that have not been processed yet. */ - size_t MBEDTLS_PRIVATE(unprocessed_len); - - /** Current IV or NONCE_COUNTER for CTR-mode, data unit (or sector) number - * for XTS-mode. */ - unsigned char MBEDTLS_PRIVATE(iv)[MBEDTLS_MAX_IV_LENGTH]; - - /** IV size in Bytes, for ciphers with variable-length IVs. */ - size_t MBEDTLS_PRIVATE(iv_size); - - /** The cipher-specific context. */ - void *MBEDTLS_PRIVATE(cipher_ctx); - -#if defined(MBEDTLS_CMAC_C) - /** CMAC-specific context. */ - mbedtls_cmac_context_t *MBEDTLS_PRIVATE(cmac_ctx); -#endif - -#if defined(MBEDTLS_USE_PSA_CRYPTO) - /** Indicates whether the cipher operations should be performed - * by Mbed TLS' own crypto library or an external implementation - * of the PSA Crypto API. - * This is unset if the cipher context was established through - * mbedtls_cipher_setup(), and set if it was established through - * mbedtls_cipher_setup_psa(). - */ - unsigned char MBEDTLS_PRIVATE(psa_enabled); -#endif /* MBEDTLS_USE_PSA_CRYPTO */ - -} mbedtls_cipher_context_t; - -/** - * \brief This function retrieves the list of ciphers supported - * by the generic cipher module. - * - * For any cipher identifier in the returned list, you can - * obtain the corresponding generic cipher information structure - * via mbedtls_cipher_info_from_type(), which can then be used - * to prepare a cipher context via mbedtls_cipher_setup(). - * - * - * \return A statically-allocated array of cipher identifiers - * of type cipher_type_t. The last entry is zero. - */ -const int *mbedtls_cipher_list( void ); - -/** - * \brief This function retrieves the cipher-information - * structure associated with the given cipher name. - * - * \param cipher_name Name of the cipher to search for. This must not be - * \c NULL. - * - * \return The cipher information structure associated with the - * given \p cipher_name. - * \return \c NULL if the associated cipher information is not found. - */ -const mbedtls_cipher_info_t *mbedtls_cipher_info_from_string( const char *cipher_name ); - -/** - * \brief This function retrieves the cipher-information - * structure associated with the given cipher type. - * - * \param cipher_type Type of the cipher to search for. - * - * \return The cipher information structure associated with the - * given \p cipher_type. - * \return \c NULL if the associated cipher information is not found. - */ -const mbedtls_cipher_info_t *mbedtls_cipher_info_from_type( const mbedtls_cipher_type_t cipher_type ); - -/** - * \brief This function retrieves the cipher-information - * structure associated with the given cipher ID, - * key size and mode. - * - * \param cipher_id The ID of the cipher to search for. For example, - * #MBEDTLS_CIPHER_ID_AES. - * \param key_bitlen The length of the key in bits. - * \param mode The cipher mode. For example, #MBEDTLS_MODE_CBC. - * - * \return The cipher information structure associated with the - * given \p cipher_id. - * \return \c NULL if the associated cipher information is not found. - */ -const mbedtls_cipher_info_t *mbedtls_cipher_info_from_values( const mbedtls_cipher_id_t cipher_id, - int key_bitlen, - const mbedtls_cipher_mode_t mode ); - -/** - * \brief This function initializes a \p cipher_context as NONE. - * - * \param ctx The context to be initialized. This must not be \c NULL. - */ -void mbedtls_cipher_init( mbedtls_cipher_context_t *ctx ); - -/** - * \brief This function frees and clears the cipher-specific - * context of \p ctx. Freeing \p ctx itself remains the - * responsibility of the caller. - * - * \param ctx The context to be freed. If this is \c NULL, the - * function has no effect, otherwise this must point to an - * initialized context. - */ -void mbedtls_cipher_free( mbedtls_cipher_context_t *ctx ); - - -/** - * \brief This function prepares a cipher context for - * use with the given cipher primitive. - * - * \note After calling this function, you should call - * mbedtls_cipher_setkey() and, if the mode uses padding, - * mbedtls_cipher_set_padding_mode(), then for each - * message to encrypt or decrypt with this key, either: - * - mbedtls_cipher_crypt() for one-shot processing with - * non-AEAD modes; - * - mbedtls_cipher_auth_encrypt_ext() or - * mbedtls_cipher_auth_decrypt_ext() for one-shot - * processing with AEAD modes or NIST_KW; - * - for multi-part processing, see the documentation of - * mbedtls_cipher_reset(). - * - * \param ctx The context to prepare. This must be initialized by - * a call to mbedtls_cipher_init() first. - * \param cipher_info The cipher to use. - * - * \return \c 0 on success. - * \return #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA on - * parameter-verification failure. - * \return #MBEDTLS_ERR_CIPHER_ALLOC_FAILED if allocation of the - * cipher-specific context fails. - */ -int mbedtls_cipher_setup( mbedtls_cipher_context_t *ctx, - const mbedtls_cipher_info_t *cipher_info ); - -#if defined(MBEDTLS_USE_PSA_CRYPTO) -/** - * \brief This function initializes a cipher context for - * PSA-based use with the given cipher primitive. - * - * \note See #MBEDTLS_USE_PSA_CRYPTO for information on PSA. - * - * \param ctx The context to initialize. May not be \c NULL. - * \param cipher_info The cipher to use. - * \param taglen For AEAD ciphers, the length in bytes of the - * authentication tag to use. Subsequent uses of - * mbedtls_cipher_auth_encrypt_ext() or - * mbedtls_cipher_auth_decrypt_ext() must provide - * the same tag length. - * For non-AEAD ciphers, the value must be \c 0. - * - * \return \c 0 on success. - * \return #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA on - * parameter-verification failure. - * \return #MBEDTLS_ERR_CIPHER_ALLOC_FAILED if allocation of the - * cipher-specific context fails. - */ -int mbedtls_cipher_setup_psa( mbedtls_cipher_context_t *ctx, - const mbedtls_cipher_info_t *cipher_info, - size_t taglen ); -#endif /* MBEDTLS_USE_PSA_CRYPTO */ - -/** - * \brief This function returns the block size of the given cipher. - * - * \param ctx The context of the cipher. This must be initialized. - * - * \return The block size of the underlying cipher. - * \return \c 0 if \p ctx has not been initialized. - */ -static inline unsigned int mbedtls_cipher_get_block_size( - const mbedtls_cipher_context_t *ctx ) -{ - MBEDTLS_INTERNAL_VALIDATE_RET( ctx != NULL, 0 ); - if( ctx->MBEDTLS_PRIVATE(cipher_info) == NULL ) - return 0; - - return ctx->MBEDTLS_PRIVATE(cipher_info)->MBEDTLS_PRIVATE(block_size); -} - -/** - * \brief This function returns the mode of operation for - * the cipher. For example, MBEDTLS_MODE_CBC. - * - * \param ctx The context of the cipher. This must be initialized. - * - * \return The mode of operation. - * \return #MBEDTLS_MODE_NONE if \p ctx has not been initialized. - */ -static inline mbedtls_cipher_mode_t mbedtls_cipher_get_cipher_mode( - const mbedtls_cipher_context_t *ctx ) -{ - MBEDTLS_INTERNAL_VALIDATE_RET( ctx != NULL, MBEDTLS_MODE_NONE ); - if( ctx->MBEDTLS_PRIVATE(cipher_info) == NULL ) - return MBEDTLS_MODE_NONE; - - return ctx->MBEDTLS_PRIVATE(cipher_info)->MBEDTLS_PRIVATE(mode); -} - -/** - * \brief This function returns the size of the IV or nonce - * of the cipher, in Bytes. - * - * \param ctx The context of the cipher. This must be initialized. - * - * \return The recommended IV size if no IV has been set. - * \return \c 0 for ciphers not using an IV or a nonce. - * \return The actual size if an IV has been set. - */ -static inline int mbedtls_cipher_get_iv_size( - const mbedtls_cipher_context_t *ctx ) -{ - MBEDTLS_INTERNAL_VALIDATE_RET( ctx != NULL, 0 ); - if( ctx->MBEDTLS_PRIVATE(cipher_info) == NULL ) - return 0; - - if( ctx->MBEDTLS_PRIVATE(iv_size) != 0 ) - return (int) ctx->MBEDTLS_PRIVATE(iv_size); - - return (int) ctx->MBEDTLS_PRIVATE(cipher_info)->MBEDTLS_PRIVATE(iv_size); -} - -/** - * \brief This function returns the type of the given cipher. - * - * \param ctx The context of the cipher. This must be initialized. - * - * \return The type of the cipher. - * \return #MBEDTLS_CIPHER_NONE if \p ctx has not been initialized. - */ -static inline mbedtls_cipher_type_t mbedtls_cipher_get_type( - const mbedtls_cipher_context_t *ctx ) -{ - MBEDTLS_INTERNAL_VALIDATE_RET( - ctx != NULL, MBEDTLS_CIPHER_NONE ); - if( ctx->MBEDTLS_PRIVATE(cipher_info) == NULL ) - return MBEDTLS_CIPHER_NONE; - - return ctx->MBEDTLS_PRIVATE(cipher_info)->MBEDTLS_PRIVATE(type); -} - -/** - * \brief This function returns the name of the given cipher - * as a string. - * - * \param ctx The context of the cipher. This must be initialized. - * - * \return The name of the cipher. - * \return NULL if \p ctx has not been not initialized. - */ -static inline const char *mbedtls_cipher_get_name( - const mbedtls_cipher_context_t *ctx ) -{ - MBEDTLS_INTERNAL_VALIDATE_RET( ctx != NULL, 0 ); - if( ctx->MBEDTLS_PRIVATE(cipher_info) == NULL ) - return 0; - - return ctx->MBEDTLS_PRIVATE(cipher_info)->MBEDTLS_PRIVATE(name); -} - -/** - * \brief This function returns the key length of the cipher. - * - * \param ctx The context of the cipher. This must be initialized. - * - * \return The key length of the cipher in bits. - * \return #MBEDTLS_KEY_LENGTH_NONE if ctx \p has not been - * initialized. - */ -static inline int mbedtls_cipher_get_key_bitlen( - const mbedtls_cipher_context_t *ctx ) -{ - MBEDTLS_INTERNAL_VALIDATE_RET( - ctx != NULL, MBEDTLS_KEY_LENGTH_NONE ); - if( ctx->MBEDTLS_PRIVATE(cipher_info) == NULL ) - return MBEDTLS_KEY_LENGTH_NONE; - - return (int) ctx->MBEDTLS_PRIVATE(cipher_info)->MBEDTLS_PRIVATE(key_bitlen); -} - -/** - * \brief This function returns the operation of the given cipher. - * - * \param ctx The context of the cipher. This must be initialized. - * - * \return The type of operation: #MBEDTLS_ENCRYPT or #MBEDTLS_DECRYPT. - * \return #MBEDTLS_OPERATION_NONE if \p ctx has not been initialized. - */ -static inline mbedtls_operation_t mbedtls_cipher_get_operation( - const mbedtls_cipher_context_t *ctx ) -{ - MBEDTLS_INTERNAL_VALIDATE_RET( - ctx != NULL, MBEDTLS_OPERATION_NONE ); - if( ctx->MBEDTLS_PRIVATE(cipher_info) == NULL ) - return MBEDTLS_OPERATION_NONE; - - return ctx->MBEDTLS_PRIVATE(operation); -} - -/** - * \brief This function sets the key to use with the given context. - * - * \param ctx The generic cipher context. This must be initialized and - * bound to a cipher information structure. - * \param key The key to use. This must be a readable buffer of at - * least \p key_bitlen Bits. - * \param key_bitlen The key length to use, in Bits. - * \param operation The operation that the key will be used for: - * #MBEDTLS_ENCRYPT or #MBEDTLS_DECRYPT. - * - * \return \c 0 on success. - * \return #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA on - * parameter-verification failure. - * \return A cipher-specific error code on failure. - */ -int mbedtls_cipher_setkey( mbedtls_cipher_context_t *ctx, - const unsigned char *key, - int key_bitlen, - const mbedtls_operation_t operation ); - -#if defined(MBEDTLS_CIPHER_MODE_WITH_PADDING) -/** - * \brief This function sets the padding mode, for cipher modes - * that use padding. - * - * The default passing mode is PKCS7 padding. - * - * \param ctx The generic cipher context. This must be initialized and - * bound to a cipher information structure. - * \param mode The padding mode. - * - * \return \c 0 on success. - * \return #MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE - * if the selected padding mode is not supported. - * \return #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA if the cipher mode - * does not support padding. - */ -int mbedtls_cipher_set_padding_mode( mbedtls_cipher_context_t *ctx, - mbedtls_cipher_padding_t mode ); -#endif /* MBEDTLS_CIPHER_MODE_WITH_PADDING */ - -/** - * \brief This function sets the initialization vector (IV) - * or nonce. - * - * \note Some ciphers do not use IVs nor nonce. For these - * ciphers, this function has no effect. - * - * \param ctx The generic cipher context. This must be initialized and - * bound to a cipher information structure. - * \param iv The IV to use, or NONCE_COUNTER for CTR-mode ciphers. This - * must be a readable buffer of at least \p iv_len Bytes. - * \param iv_len The IV length for ciphers with variable-size IV. - * This parameter is discarded by ciphers with fixed-size IV. - * - * \return \c 0 on success. - * \return #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA on - * parameter-verification failure. - */ -int mbedtls_cipher_set_iv( mbedtls_cipher_context_t *ctx, - const unsigned char *iv, - size_t iv_len ); - -/** - * \brief This function resets the cipher state. - * - * \note With non-AEAD ciphers, the order of calls for each message - * is as follows: - * 1. mbedtls_cipher_set_iv() if the mode uses an IV/nonce. - * 2. mbedtls_cipher_reset() - * 3. mbedtls_cipher_update() one or more times - * 4. mbedtls_cipher_finish() - * . - * This sequence can be repeated to encrypt or decrypt multiple - * messages with the same key. - * - * \note With AEAD ciphers, the order of calls for each message - * is as follows: - * 1. mbedtls_cipher_set_iv() if the mode uses an IV/nonce. - * 2. mbedtls_cipher_reset() - * 3. mbedtls_cipher_update_ad() - * 4. mbedtls_cipher_update() one or more times - * 5. mbedtls_cipher_finish() - * 6. mbedtls_cipher_check_tag() (for decryption) or - * mbedtls_cipher_write_tag() (for encryption). - * . - * This sequence can be repeated to encrypt or decrypt multiple - * messages with the same key. - * - * \param ctx The generic cipher context. This must be bound to a key. - * - * \return \c 0 on success. - * \return #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA on - * parameter-verification failure. - */ -int mbedtls_cipher_reset( mbedtls_cipher_context_t *ctx ); - -#if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CHACHAPOLY_C) -/** - * \brief This function adds additional data for AEAD ciphers. - * Currently supported with GCM and ChaCha20+Poly1305. - * - * \param ctx The generic cipher context. This must be initialized. - * \param ad The additional data to use. This must be a readable - * buffer of at least \p ad_len Bytes. - * \param ad_len The length of \p ad in Bytes. - * - * \return \c 0 on success. - * \return A specific error code on failure. - */ -int mbedtls_cipher_update_ad( mbedtls_cipher_context_t *ctx, - const unsigned char *ad, size_t ad_len ); -#endif /* MBEDTLS_GCM_C || MBEDTLS_CHACHAPOLY_C */ - -/** - * \brief The generic cipher update function. It encrypts or - * decrypts using the given cipher context. Writes as - * many block-sized blocks of data as possible to output. - * Any data that cannot be written immediately is either - * added to the next block, or flushed when - * mbedtls_cipher_finish() is called. - * Exception: For MBEDTLS_MODE_ECB, expects a single block - * in size. For example, 16 Bytes for AES. - * - * \param ctx The generic cipher context. This must be initialized and - * bound to a key. - * \param input The buffer holding the input data. This must be a - * readable buffer of at least \p ilen Bytes. - * \param ilen The length of the input data. - * \param output The buffer for the output data. This must be able to - * hold at least `ilen + block_size`. This must not be the - * same buffer as \p input. - * \param olen The length of the output data, to be updated with the - * actual number of Bytes written. This must not be - * \c NULL. - * - * \return \c 0 on success. - * \return #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA on - * parameter-verification failure. - * \return #MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE on an - * unsupported mode for a cipher. - * \return A cipher-specific error code on failure. - */ -int mbedtls_cipher_update( mbedtls_cipher_context_t *ctx, - const unsigned char *input, - size_t ilen, unsigned char *output, - size_t *olen ); - -/** - * \brief The generic cipher finalization function. If data still - * needs to be flushed from an incomplete block, the data - * contained in it is padded to the size of - * the last block, and written to the \p output buffer. - * - * \param ctx The generic cipher context. This must be initialized and - * bound to a key. - * \param output The buffer to write data to. This needs to be a writable - * buffer of at least \p block_size Bytes. - * \param olen The length of the data written to the \p output buffer. - * This may not be \c NULL. - * - * \return \c 0 on success. - * \return #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA on - * parameter-verification failure. - * \return #MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED on decryption - * expecting a full block but not receiving one. - * \return #MBEDTLS_ERR_CIPHER_INVALID_PADDING on invalid padding - * while decrypting. - * \return A cipher-specific error code on failure. - */ -int mbedtls_cipher_finish( mbedtls_cipher_context_t *ctx, - unsigned char *output, size_t *olen ); - -#if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CHACHAPOLY_C) -/** - * \brief This function writes a tag for AEAD ciphers. - * Currently supported with GCM and ChaCha20+Poly1305. - * This must be called after mbedtls_cipher_finish(). - * - * \param ctx The generic cipher context. This must be initialized, - * bound to a key, and have just completed a cipher - * operation through mbedtls_cipher_finish() the tag for - * which should be written. - * \param tag The buffer to write the tag to. This must be a writable - * buffer of at least \p tag_len Bytes. - * \param tag_len The length of the tag to write. - * - * \return \c 0 on success. - * \return A specific error code on failure. - */ -int mbedtls_cipher_write_tag( mbedtls_cipher_context_t *ctx, - unsigned char *tag, size_t tag_len ); - -/** - * \brief This function checks the tag for AEAD ciphers. - * Currently supported with GCM and ChaCha20+Poly1305. - * This must be called after mbedtls_cipher_finish(). - * - * \param ctx The generic cipher context. This must be initialized. - * \param tag The buffer holding the tag. This must be a readable - * buffer of at least \p tag_len Bytes. - * \param tag_len The length of the tag to check. - * - * \return \c 0 on success. - * \return A specific error code on failure. - */ -int mbedtls_cipher_check_tag( mbedtls_cipher_context_t *ctx, - const unsigned char *tag, size_t tag_len ); -#endif /* MBEDTLS_GCM_C || MBEDTLS_CHACHAPOLY_C */ - -/** - * \brief The generic all-in-one encryption/decryption function, - * for all ciphers except AEAD constructs. - * - * \param ctx The generic cipher context. This must be initialized. - * \param iv The IV to use, or NONCE_COUNTER for CTR-mode ciphers. - * This must be a readable buffer of at least \p iv_len - * Bytes. - * \param iv_len The IV length for ciphers with variable-size IV. - * This parameter is discarded by ciphers with fixed-size - * IV. - * \param input The buffer holding the input data. This must be a - * readable buffer of at least \p ilen Bytes. - * \param ilen The length of the input data in Bytes. - * \param output The buffer for the output data. This must be able to - * hold at least `ilen + block_size`. This must not be the - * same buffer as \p input. - * \param olen The length of the output data, to be updated with the - * actual number of Bytes written. This must not be - * \c NULL. - * - * \note Some ciphers do not use IVs nor nonce. For these - * ciphers, use \p iv = NULL and \p iv_len = 0. - * - * \return \c 0 on success. - * \return #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA on - * parameter-verification failure. - * \return #MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED on decryption - * expecting a full block but not receiving one. - * \return #MBEDTLS_ERR_CIPHER_INVALID_PADDING on invalid padding - * while decrypting. - * \return A cipher-specific error code on failure. - */ -int mbedtls_cipher_crypt( mbedtls_cipher_context_t *ctx, - const unsigned char *iv, size_t iv_len, - const unsigned char *input, size_t ilen, - unsigned char *output, size_t *olen ); - -#if defined(MBEDTLS_CIPHER_MODE_AEAD) || defined(MBEDTLS_NIST_KW_C) -/** - * \brief The authenticated encryption (AEAD/NIST_KW) function. - * - * \note For AEAD modes, the tag will be appended to the - * ciphertext, as recommended by RFC 5116. - * (NIST_KW doesn't have a separate tag.) - * - * \param ctx The generic cipher context. This must be initialized and - * bound to a key, with an AEAD algorithm or NIST_KW. - * \param iv The nonce to use. This must be a readable buffer of - * at least \p iv_len Bytes and may be \c NULL if \p - * iv_len is \c 0. - * \param iv_len The length of the nonce. For AEAD ciphers, this must - * satisfy the constraints imposed by the cipher used. - * For NIST_KW, this must be \c 0. - * \param ad The additional data to authenticate. This must be a - * readable buffer of at least \p ad_len Bytes, and may - * be \c NULL is \p ad_len is \c 0. - * \param ad_len The length of \p ad. For NIST_KW, this must be \c 0. - * \param input The buffer holding the input data. This must be a - * readable buffer of at least \p ilen Bytes, and may be - * \c NULL if \p ilen is \c 0. - * \param ilen The length of the input data. - * \param output The buffer for the output data. This must be a - * writable buffer of at least \p output_len Bytes, and - * must not be \c NULL. - * \param output_len The length of the \p output buffer in Bytes. For AEAD - * ciphers, this must be at least \p ilen + \p tag_len. - * For NIST_KW, this must be at least \p ilen + 8 - * (rounded up to a multiple of 8 if KWP is used); - * \p ilen + 15 is always a safe value. - * \param olen This will be filled with the actual number of Bytes - * written to the \p output buffer. This must point to a - * writable object of type \c size_t. - * \param tag_len The desired length of the authentication tag. For AEAD - * ciphers, this must match the constraints imposed by - * the cipher used, and in particular must not be \c 0. - * For NIST_KW, this must be \c 0. - * - * \return \c 0 on success. - * \return #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA on - * parameter-verification failure. - * \return A cipher-specific error code on failure. - */ -int mbedtls_cipher_auth_encrypt_ext( mbedtls_cipher_context_t *ctx, - const unsigned char *iv, size_t iv_len, - const unsigned char *ad, size_t ad_len, - const unsigned char *input, size_t ilen, - unsigned char *output, size_t output_len, - size_t *olen, size_t tag_len ); - -/** - * \brief The authenticated encryption (AEAD/NIST_KW) function. - * - * \note If the data is not authentic, then the output buffer - * is zeroed out to prevent the unauthentic plaintext being - * used, making this interface safer. - * - * \note For AEAD modes, the tag must be appended to the - * ciphertext, as recommended by RFC 5116. - * (NIST_KW doesn't have a separate tag.) - * - * \param ctx The generic cipher context. This must be initialized and - * bound to a key, with an AEAD algorithm or NIST_KW. - * \param iv The nonce to use. This must be a readable buffer of - * at least \p iv_len Bytes and may be \c NULL if \p - * iv_len is \c 0. - * \param iv_len The length of the nonce. For AEAD ciphers, this must - * satisfy the constraints imposed by the cipher used. - * For NIST_KW, this must be \c 0. - * \param ad The additional data to authenticate. This must be a - * readable buffer of at least \p ad_len Bytes, and may - * be \c NULL is \p ad_len is \c 0. - * \param ad_len The length of \p ad. For NIST_KW, this must be \c 0. - * \param input The buffer holding the input data. This must be a - * readable buffer of at least \p ilen Bytes, and may be - * \c NULL if \p ilen is \c 0. - * \param ilen The length of the input data. For AEAD ciphers this - * must be at least \p tag_len. For NIST_KW this must be - * at least \c 8. - * \param output The buffer for the output data. This must be a - * writable buffer of at least \p output_len Bytes, and - * may be \c NULL if \p output_len is \c 0. - * \param output_len The length of the \p output buffer in Bytes. For AEAD - * ciphers, this must be at least \p ilen - \p tag_len. - * For NIST_KW, this must be at least \p ilen - 8. - * \param olen This will be filled with the actual number of Bytes - * written to the \p output buffer. This must point to a - * writable object of type \c size_t. - * \param tag_len The actual length of the authentication tag. For AEAD - * ciphers, this must match the constraints imposed by - * the cipher used, and in particular must not be \c 0. - * For NIST_KW, this must be \c 0. - * - * \return \c 0 on success. - * \return #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA on - * parameter-verification failure. - * \return #MBEDTLS_ERR_CIPHER_AUTH_FAILED if data is not authentic. - * \return A cipher-specific error code on failure. - */ -int mbedtls_cipher_auth_decrypt_ext( mbedtls_cipher_context_t *ctx, - const unsigned char *iv, size_t iv_len, - const unsigned char *ad, size_t ad_len, - const unsigned char *input, size_t ilen, - unsigned char *output, size_t output_len, - size_t *olen, size_t tag_len ); -#endif /* MBEDTLS_CIPHER_MODE_AEAD || MBEDTLS_NIST_KW_C */ -#ifdef __cplusplus -} -#endif - -#endif /* MBEDTLS_CIPHER_H */ diff --git a/windows/mbedtls/cmac.h b/windows/mbedtls/cmac.h deleted file mode 100644 index 3e599b9d..00000000 --- a/windows/mbedtls/cmac.h +++ /dev/null @@ -1,223 +0,0 @@ -/** - * \file cmac.h - * - * \brief This file contains CMAC definitions and functions. - * - * The Cipher-based Message Authentication Code (CMAC) Mode for - * Authentication is defined in RFC-4493: The AES-CMAC Algorithm. - */ -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -#ifndef MBEDTLS_CMAC_H -#define MBEDTLS_CMAC_H -#include "mbedtls/private_access.h" - -#include "mbedtls/build_info.h" - -#include "mbedtls/cipher.h" - -#ifdef __cplusplus -extern "C" { -#endif - -#define MBEDTLS_AES_BLOCK_SIZE 16 -#define MBEDTLS_DES3_BLOCK_SIZE 8 - -#if defined(MBEDTLS_AES_C) -#define MBEDTLS_CIPHER_BLKSIZE_MAX 16 /**< The longest block used by CMAC is that of AES. */ -#else -#define MBEDTLS_CIPHER_BLKSIZE_MAX 8 /**< The longest block used by CMAC is that of 3DES. */ -#endif - -#if !defined(MBEDTLS_CMAC_ALT) - -/** - * The CMAC context structure. - */ -struct mbedtls_cmac_context_t -{ - /** The internal state of the CMAC algorithm. */ - unsigned char MBEDTLS_PRIVATE(state)[MBEDTLS_CIPHER_BLKSIZE_MAX]; - - /** Unprocessed data - either data that was not block aligned and is still - * pending processing, or the final block. */ - unsigned char MBEDTLS_PRIVATE(unprocessed_block)[MBEDTLS_CIPHER_BLKSIZE_MAX]; - - /** The length of data pending processing. */ - size_t MBEDTLS_PRIVATE(unprocessed_len); -}; - -#else /* !MBEDTLS_CMAC_ALT */ -#include "cmac_alt.h" -#endif /* !MBEDTLS_CMAC_ALT */ - -/** - * \brief This function sets the CMAC key, and prepares to authenticate - * the input data. - * Must be called with an initialized cipher context. - * - * \note When the CMAC implementation is supplied by an alternate - * implementation (through #MBEDTLS_CMAC_ALT), some ciphers - * may not be supported by that implementation, and thus - * return an error. Alternate implementations must support - * AES-128 and AES-256, and may support AES-192 and 3DES. - * - * \param ctx The cipher context used for the CMAC operation, initialized - * as one of the following types: MBEDTLS_CIPHER_AES_128_ECB, - * MBEDTLS_CIPHER_AES_192_ECB, MBEDTLS_CIPHER_AES_256_ECB, - * or MBEDTLS_CIPHER_DES_EDE3_ECB. - * \param key The CMAC key. - * \param keybits The length of the CMAC key in bits. - * Must be supported by the cipher. - * - * \return \c 0 on success. - * \return A cipher-specific error code on failure. - */ -int mbedtls_cipher_cmac_starts( mbedtls_cipher_context_t *ctx, - const unsigned char *key, size_t keybits ); - -/** - * \brief This function feeds an input buffer into an ongoing CMAC - * computation. - * - * It is called between mbedtls_cipher_cmac_starts() or - * mbedtls_cipher_cmac_reset(), and mbedtls_cipher_cmac_finish(). - * Can be called repeatedly. - * - * \param ctx The cipher context used for the CMAC operation. - * \param input The buffer holding the input data. - * \param ilen The length of the input data. - * - * \return \c 0 on success. - * \return #MBEDTLS_ERR_MD_BAD_INPUT_DATA - * if parameter verification fails. - */ -int mbedtls_cipher_cmac_update( mbedtls_cipher_context_t *ctx, - const unsigned char *input, size_t ilen ); - -/** - * \brief This function finishes the CMAC operation, and writes - * the result to the output buffer. - * - * It is called after mbedtls_cipher_cmac_update(). - * It can be followed by mbedtls_cipher_cmac_reset() and - * mbedtls_cipher_cmac_update(), or mbedtls_cipher_free(). - * - * \param ctx The cipher context used for the CMAC operation. - * \param output The output buffer for the CMAC checksum result. - * - * \return \c 0 on success. - * \return #MBEDTLS_ERR_MD_BAD_INPUT_DATA - * if parameter verification fails. - */ -int mbedtls_cipher_cmac_finish( mbedtls_cipher_context_t *ctx, - unsigned char *output ); - -/** - * \brief This function prepares the authentication of another - * message with the same key as the previous CMAC - * operation. - * - * It is called after mbedtls_cipher_cmac_finish() - * and before mbedtls_cipher_cmac_update(). - * - * \param ctx The cipher context used for the CMAC operation. - * - * \return \c 0 on success. - * \return #MBEDTLS_ERR_MD_BAD_INPUT_DATA - * if parameter verification fails. - */ -int mbedtls_cipher_cmac_reset( mbedtls_cipher_context_t *ctx ); - -/** - * \brief This function calculates the full generic CMAC - * on the input buffer with the provided key. - * - * The function allocates the context, performs the - * calculation, and frees the context. - * - * The CMAC result is calculated as - * output = generic CMAC(cmac key, input buffer). - * - * \note When the CMAC implementation is supplied by an alternate - * implementation (through #MBEDTLS_CMAC_ALT), some ciphers - * may not be supported by that implementation, and thus - * return an error. Alternate implementations must support - * AES-128 and AES-256, and may support AES-192 and 3DES. - * - * \param cipher_info The cipher information. - * \param key The CMAC key. - * \param keylen The length of the CMAC key in bits. - * \param input The buffer holding the input data. - * \param ilen The length of the input data. - * \param output The buffer for the generic CMAC result. - * - * \return \c 0 on success. - * \return #MBEDTLS_ERR_MD_BAD_INPUT_DATA - * if parameter verification fails. - */ -int mbedtls_cipher_cmac( const mbedtls_cipher_info_t *cipher_info, - const unsigned char *key, size_t keylen, - const unsigned char *input, size_t ilen, - unsigned char *output ); - -#if defined(MBEDTLS_AES_C) -/** - * \brief This function implements the AES-CMAC-PRF-128 pseudorandom - * function, as defined in - * RFC-4615: The Advanced Encryption Standard-Cipher-based - * Message Authentication Code-Pseudo-Random Function-128 - * (AES-CMAC-PRF-128) Algorithm for the Internet Key - * Exchange Protocol (IKE). - * - * \param key The key to use. - * \param key_len The key length in Bytes. - * \param input The buffer holding the input data. - * \param in_len The length of the input data in Bytes. - * \param output The buffer holding the generated 16 Bytes of - * pseudorandom output. - * - * \return \c 0 on success. - */ -int mbedtls_aes_cmac_prf_128( const unsigned char *key, size_t key_len, - const unsigned char *input, size_t in_len, - unsigned char output[16] ); -#endif /* MBEDTLS_AES_C */ - -#if defined(MBEDTLS_SELF_TEST) && ( defined(MBEDTLS_AES_C) || defined(MBEDTLS_DES_C) ) -/** - * \brief The CMAC checkup routine. - * - * \note In case the CMAC routines are provided by an alternative - * implementation (i.e. #MBEDTLS_CMAC_ALT is defined), the - * checkup routine will succeed even if the implementation does - * not support the less widely used AES-192 or 3DES primitives. - * The self-test requires at least AES-128 and AES-256 to be - * supported by the underlying implementation. - * - * \return \c 0 on success. - * \return \c 1 on failure. - */ -int mbedtls_cmac_self_test( int verbose ); -#endif /* MBEDTLS_SELF_TEST && ( MBEDTLS_AES_C || MBEDTLS_DES_C ) */ - -#ifdef __cplusplus -} -#endif - -#endif /* MBEDTLS_CMAC_H */ diff --git a/windows/mbedtls/compat-2.x.h b/windows/mbedtls/compat-2.x.h deleted file mode 100644 index cdf81dcb..00000000 --- a/windows/mbedtls/compat-2.x.h +++ /dev/null @@ -1,58 +0,0 @@ -/** - * \file compat-2.x.h - * - * \brief Compatibility definitions - * - * \deprecated Use the new names directly instead - */ -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -#if defined(MBEDTLS_DEPRECATED_WARNING) -#warning "Including compat-2.x.h is deprecated" -#endif - -#ifndef MBEDTLS_COMPAT2X_H -#define MBEDTLS_COMPAT2X_H - -/* - * Macros for renamed functions - */ -#define mbedtls_ctr_drbg_update_ret mbedtls_ctr_drbg_update -#define mbedtls_hmac_drbg_update_ret mbedtls_hmac_drbg_update -#define mbedtls_md5_starts_ret mbedtls_md5_starts -#define mbedtls_md5_update_ret mbedtls_md5_update -#define mbedtls_md5_finish_ret mbedtls_md5_finish -#define mbedtls_md5_ret mbedtls_md5 -#define mbedtls_ripemd160_starts_ret mbedtls_ripemd160_starts -#define mbedtls_ripemd160_update_ret mbedtls_ripemd160_update -#define mbedtls_ripemd160_finish_ret mbedtls_ripemd160_finish -#define mbedtls_ripemd160_ret mbedtls_ripemd160 -#define mbedtls_sha1_starts_ret mbedtls_sha1_starts -#define mbedtls_sha1_update_ret mbedtls_sha1_update -#define mbedtls_sha1_finish_ret mbedtls_sha1_finish -#define mbedtls_sha1_ret mbedtls_sha1 -#define mbedtls_sha256_starts_ret mbedtls_sha256_starts -#define mbedtls_sha256_update_ret mbedtls_sha256_update -#define mbedtls_sha256_finish_ret mbedtls_sha256_finish -#define mbedtls_sha256_ret mbedtls_sha256 -#define mbedtls_sha512_starts_ret mbedtls_sha512_starts -#define mbedtls_sha512_update_ret mbedtls_sha512_update -#define mbedtls_sha512_finish_ret mbedtls_sha512_finish -#define mbedtls_sha512_ret mbedtls_sha512 - -#endif /* MBEDTLS_COMPAT2X_H */ diff --git a/windows/mbedtls/config_psa.h b/windows/mbedtls/config_psa.h deleted file mode 100644 index f182c527..00000000 --- a/windows/mbedtls/config_psa.h +++ /dev/null @@ -1,770 +0,0 @@ -/** - * \file mbedtls/config_psa.h - * \brief PSA crypto configuration options (set of defines) - * - * This set of compile-time options takes settings defined in - * include/mbedtls/mbedtls_config.h and include/psa/crypto_config.h and uses - * those definitions to define symbols used in the library code. - * - * Users and integrators should not edit this file, please edit - * include/mbedtls/mbedtls_config.h for MBETLS_XXX settings or - * include/psa/crypto_config.h for PSA_WANT_XXX settings. - */ -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -#ifndef MBEDTLS_CONFIG_PSA_H -#define MBEDTLS_CONFIG_PSA_H - -#if defined(MBEDTLS_PSA_CRYPTO_CONFIG) -#include "psa/crypto_config.h" -#endif /* defined(MBEDTLS_PSA_CRYPTO_CONFIG) */ - -#ifdef __cplusplus -extern "C" { -#endif - - - -/****************************************************************/ -/* De facto synonyms */ -/****************************************************************/ - -#if defined(PSA_WANT_ALG_ECDSA_ANY) && !defined(PSA_WANT_ALG_ECDSA) -#define PSA_WANT_ALG_ECDSA PSA_WANT_ALG_ECDSA_ANY -#elif !defined(PSA_WANT_ALG_ECDSA_ANY) && defined(PSA_WANT_ALG_ECDSA) -#define PSA_WANT_ALG_ECDSA_ANY PSA_WANT_ALG_ECDSA -#endif - -#if defined(PSA_WANT_ALG_RSA_PKCS1V15_SIGN_RAW) && !defined(PSA_WANT_ALG_RSA_PKCS1V15_SIGN) -#define PSA_WANT_ALG_RSA_PKCS1V15_SIGN PSA_WANT_ALG_RSA_PKCS1V15_SIGN_RAW -#elif !defined(PSA_WANT_ALG_RSA_PKCS1V15_SIGN_RAW) && defined(PSA_WANT_ALG_RSA_PKCS1V15_SIGN) -#define PSA_WANT_ALG_RSA_PKCS1V15_SIGN_RAW PSA_WANT_ALG_RSA_PKCS1V15_SIGN -#endif - - - -/****************************************************************/ -/* Require built-in implementations based on PSA requirements */ -/****************************************************************/ - -#if defined(MBEDTLS_PSA_CRYPTO_CONFIG) - -#if defined(PSA_WANT_ALG_DETERMINISTIC_ECDSA) -#if !defined(MBEDTLS_PSA_ACCEL_ALG_DETERMINISTIC_ECDSA) -#define MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA 1 -#define MBEDTLS_ECDSA_DETERMINISTIC -#define MBEDTLS_ECDSA_C -#define MBEDTLS_HMAC_DRBG_C -#define MBEDTLS_MD_C -#endif /* !MBEDTLS_PSA_ACCEL_ALG_DETERMINISTIC_ECDSA */ -#endif /* PSA_WANT_ALG_DETERMINISTIC_ECDSA */ - -#if defined(PSA_WANT_ALG_ECDH) -#if !defined(MBEDTLS_PSA_ACCEL_ALG_ECDH) -#define MBEDTLS_PSA_BUILTIN_ALG_ECDH 1 -#define MBEDTLS_ECDH_C -#define MBEDTLS_ECP_C -#define MBEDTLS_BIGNUM_C -#endif /* !MBEDTLS_PSA_ACCEL_ALG_ECDH */ -#endif /* PSA_WANT_ALG_ECDH */ - -#if defined(PSA_WANT_ALG_ECDSA) -#if !defined(MBEDTLS_PSA_ACCEL_ALG_ECDSA) -#define MBEDTLS_PSA_BUILTIN_ALG_ECDSA 1 -#define MBEDTLS_ECDSA_C -#endif /* !MBEDTLS_PSA_ACCEL_ALG_ECDSA */ -#endif /* PSA_WANT_ALG_ECDSA */ - -#if defined(PSA_WANT_ALG_HKDF) -#if !defined(MBEDTLS_PSA_ACCEL_ALG_HKDF) -#define MBEDTLS_PSA_BUILTIN_ALG_HMAC 1 -#define MBEDTLS_PSA_BUILTIN_ALG_HKDF 1 -#endif /* !MBEDTLS_PSA_ACCEL_ALG_HKDF */ -#endif /* PSA_WANT_ALG_HKDF */ - -#if defined(PSA_WANT_ALG_HMAC) -#if !defined(MBEDTLS_PSA_ACCEL_ALG_HMAC) -#define MBEDTLS_PSA_BUILTIN_ALG_HMAC 1 -#endif /* !MBEDTLS_PSA_ACCEL_ALG_HMAC */ -#endif /* PSA_WANT_ALG_HMAC */ - -#if defined(PSA_WANT_ALG_MD5) && !defined(MBEDTLS_PSA_ACCEL_ALG_MD5) -#define MBEDTLS_PSA_BUILTIN_ALG_MD5 1 -#define MBEDTLS_MD5_C -#endif - -#if defined(PSA_WANT_ALG_RIPEMD160) && !defined(MBEDTLS_PSA_ACCEL_ALG_RIPEMD160) -#define MBEDTLS_PSA_BUILTIN_ALG_RIPEMD160 1 -#define MBEDTLS_RIPEMD160_C -#endif - -#if defined(PSA_WANT_ALG_RSA_OAEP) -#if !defined(MBEDTLS_PSA_ACCEL_ALG_RSA_OAEP) -#define MBEDTLS_PSA_BUILTIN_ALG_RSA_OAEP 1 -#define MBEDTLS_RSA_C -#define MBEDTLS_BIGNUM_C -#define MBEDTLS_OID_C -#define MBEDTLS_PKCS1_V21 -#define MBEDTLS_MD_C -#endif /* !MBEDTLS_PSA_ACCEL_ALG_RSA_OAEP */ -#endif /* PSA_WANT_ALG_RSA_OAEP */ - -#if defined(PSA_WANT_ALG_RSA_PKCS1V15_CRYPT) -#if !defined(MBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_CRYPT) -#define MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT 1 -#define MBEDTLS_RSA_C -#define MBEDTLS_BIGNUM_C -#define MBEDTLS_OID_C -#define MBEDTLS_PKCS1_V15 -#endif /* !MBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_CRYPT */ -#endif /* PSA_WANT_ALG_RSA_PKCS1V15_CRYPT */ - -#if defined(PSA_WANT_ALG_RSA_PKCS1V15_SIGN) -#if !defined(MBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_SIGN) -#define MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN 1 -#define MBEDTLS_RSA_C -#define MBEDTLS_BIGNUM_C -#define MBEDTLS_OID_C -#define MBEDTLS_PKCS1_V15 -#define MBEDTLS_MD_C -#endif /* !MBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_SIGN */ -#endif /* PSA_WANT_ALG_RSA_PKCS1V15_SIGN */ - -#if defined(PSA_WANT_ALG_RSA_PSS) -#if !defined(MBEDTLS_PSA_ACCEL_ALG_RSA_PSS) -#define MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS 1 -#define MBEDTLS_RSA_C -#define MBEDTLS_BIGNUM_C -#define MBEDTLS_OID_C -#define MBEDTLS_PKCS1_V21 -#define MBEDTLS_MD_C -#endif /* !MBEDTLS_PSA_ACCEL_ALG_RSA_PSS */ -#endif /* PSA_WANT_ALG_RSA_PSS */ - -#if defined(PSA_WANT_ALG_SHA_1) && !defined(MBEDTLS_PSA_ACCEL_ALG_SHA_1) -#define MBEDTLS_PSA_BUILTIN_ALG_SHA_1 1 -#define MBEDTLS_SHA1_C -#endif - -#if defined(PSA_WANT_ALG_SHA_224) && !defined(MBEDTLS_PSA_ACCEL_ALG_SHA_224) -#define MBEDTLS_PSA_BUILTIN_ALG_SHA_224 1 -#define MBEDTLS_SHA224_C -#endif - -#if defined(PSA_WANT_ALG_SHA_256) && !defined(MBEDTLS_PSA_ACCEL_ALG_SHA_256) -#define MBEDTLS_PSA_BUILTIN_ALG_SHA_256 1 -#define MBEDTLS_SHA256_C -#endif - -#if defined(PSA_WANT_ALG_SHA_384) && !defined(MBEDTLS_PSA_ACCEL_ALG_SHA_384) -#define MBEDTLS_PSA_BUILTIN_ALG_SHA_384 1 -#define MBEDTLS_SHA384_C -#endif - -#if defined(PSA_WANT_ALG_SHA_512) && !defined(MBEDTLS_PSA_ACCEL_ALG_SHA_512) -#define MBEDTLS_PSA_BUILTIN_ALG_SHA_512 1 -#define MBEDTLS_SHA512_C -#endif - -#if defined(PSA_WANT_ALG_TLS12_PRF) -#if !defined(MBEDTLS_PSA_ACCEL_ALG_TLS12_PRF) -#define MBEDTLS_PSA_BUILTIN_ALG_TLS12_PRF 1 -#endif /* !MBEDTLS_PSA_ACCEL_ALG_TLS12_PRF */ -#endif /* PSA_WANT_ALG_TLS12_PRF */ - -#if defined(PSA_WANT_ALG_TLS12_PSK_TO_MS) -#if !defined(MBEDTLS_PSA_ACCEL_ALG_TLS12_PSK_TO_MS) -#define MBEDTLS_PSA_BUILTIN_ALG_TLS12_PSK_TO_MS 1 -#endif /* !MBEDTLS_PSA_ACCEL_ALG_TLS12_PSK_TO_MS */ -#endif /* PSA_WANT_ALG_TLS12_PSK_TO_MS */ - -#if defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR) -#if !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR) -#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR 1 -#define MBEDTLS_ECP_C -#define MBEDTLS_BIGNUM_C -#endif /* !MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR */ -#endif /* PSA_WANT_KEY_TYPE_ECC_KEY_PAIR */ - -#if defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY) -#if !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY) -#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY 1 -#define MBEDTLS_ECP_C -#define MBEDTLS_BIGNUM_C -#endif /* !MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY */ -#endif /* PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY */ - -#if defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR) -#if !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR) -#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR 1 -#define MBEDTLS_RSA_C -#define MBEDTLS_BIGNUM_C -#define MBEDTLS_OID_C -#define MBEDTLS_GENPRIME -#define MBEDTLS_PK_PARSE_C -#define MBEDTLS_PK_WRITE_C -#define MBEDTLS_PK_C -#endif /* !MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR */ -#endif /* PSA_WANT_KEY_TYPE_RSA_KEY_PAIR */ - -#if defined(PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY) -#if !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_PUBLIC_KEY) -#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY 1 -#define MBEDTLS_RSA_C -#define MBEDTLS_BIGNUM_C -#define MBEDTLS_OID_C -#define MBEDTLS_PK_PARSE_C -#define MBEDTLS_PK_WRITE_C -#define MBEDTLS_PK_C -#endif /* !MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_PUBLIC_KEY */ -#endif /* PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY */ - -/* If any of the block modes are requested that don't have an - * associated HW assist, define PSA_HAVE_SOFT_BLOCK_MODE for checking - * in the block cipher key types. */ -#if (defined(PSA_WANT_ALG_CTR) && !defined(MBEDTLS_PSA_ACCEL_ALG_CTR)) || \ - (defined(PSA_WANT_ALG_CFB) && !defined(MBEDTLS_PSA_ACCEL_ALG_CFB)) || \ - (defined(PSA_WANT_ALG_OFB) && !defined(MBEDTLS_PSA_ACCEL_ALG_OFB)) || \ - (defined(PSA_WANT_ALG_XTS) && !defined(MBEDTLS_PSA_ACCEL_ALG_XTS)) || \ - defined(PSA_WANT_ALG_ECB_NO_PADDING) || \ - (defined(PSA_WANT_ALG_CBC_NO_PADDING) && \ - !defined(MBEDTLS_PSA_ACCEL_ALG_CBC_NO_PADDING)) || \ - (defined(PSA_WANT_ALG_CBC_PKCS7) && \ - !defined(MBEDTLS_PSA_ACCEL_ALG_CBC_PKCS7)) || \ - (defined(PSA_WANT_ALG_CMAC) && !defined(MBEDTLS_PSA_ACCEL_ALG_CMAC)) -#define PSA_HAVE_SOFT_BLOCK_MODE 1 -#endif - -#if (defined(PSA_WANT_ALG_GCM) && !defined(MBEDTLS_PSA_ACCEL_ALG_GCM)) || \ - (defined(PSA_WANT_ALG_CCM) && !defined(MBEDTLS_PSA_ACCEL_ALG_CCM)) -#define PSA_HAVE_SOFT_BLOCK_AEAD 1 -#endif - -#if defined(PSA_WANT_KEY_TYPE_AES) -#if !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_AES) -#define PSA_HAVE_SOFT_KEY_TYPE_AES 1 -#endif /* !MBEDTLS_PSA_ACCEL_KEY_TYPE_AES */ -#if defined(PSA_HAVE_SOFT_KEY_TYPE_AES) || \ - defined(PSA_HAVE_SOFT_BLOCK_MODE) || \ - defined(PSA_HAVE_SOFT_BLOCK_AEAD) -#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_AES 1 -#define MBEDTLS_AES_C -#endif /* PSA_HAVE_SOFT_KEY_TYPE_AES || PSA_HAVE_SOFT_BLOCK_MODE */ -#endif /* PSA_WANT_KEY_TYPE_AES */ - -#if defined(PSA_WANT_KEY_TYPE_CAMELLIA) -#if !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_CAMELLIA) -#define PSA_HAVE_SOFT_KEY_TYPE_CAMELLIA 1 -#endif /* !MBEDTLS_PSA_ACCEL_KEY_TYPE_CAMELLIA */ -#if defined(PSA_HAVE_SOFT_KEY_TYPE_CAMELLIA) || \ - defined(PSA_HAVE_SOFT_BLOCK_MODE) || \ - defined(PSA_HAVE_SOFT_BLOCK_AEAD) -#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_CAMELLIA 1 -#define MBEDTLS_CAMELLIA_C -#endif /* PSA_HAVE_SOFT_KEY_TYPE_CAMELLIA || PSA_HAVE_SOFT_BLOCK_MODE */ -#endif /* PSA_WANT_KEY_TYPE_CAMELLIA */ - -#if defined(PSA_WANT_KEY_TYPE_DES) -#if !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_DES) -#define PSA_HAVE_SOFT_KEY_TYPE_DES 1 -#endif /* !MBEDTLS_PSA_ACCEL_KEY_TYPE_DES */ -#if defined(PSA_HAVE_SOFT_KEY_TYPE_DES) || \ - defined(PSA_HAVE_SOFT_BLOCK_MODE) -#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_DES 1 -#define MBEDTLS_DES_C -#endif /*PSA_HAVE_SOFT_KEY_TYPE_DES || PSA_HAVE_SOFT_BLOCK_MODE */ -#endif /* PSA_WANT_KEY_TYPE_DES */ - -#if defined(PSA_WANT_KEY_TYPE_CHACHA20) -#if !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_CHACHA20) -#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_CHACHA20 1 -#define MBEDTLS_CHACHA20_C -#endif /*!MBEDTLS_PSA_ACCEL_KEY_TYPE_CHACHA20 */ -#endif /* PSA_WANT_KEY_TYPE_CHACHA20 */ - -/* If any of the software block ciphers are selected, define - * PSA_HAVE_SOFT_BLOCK_CIPHER, which can be used in any of these - * situations. */ -#if defined(PSA_HAVE_SOFT_KEY_TYPE_AES) || \ - defined(PSA_HAVE_SOFT_KEY_TYPE_DES) || \ - defined(PSA_HAVE_SOFT_KEY_TYPE_CAMELLIA) -#define PSA_HAVE_SOFT_BLOCK_CIPHER 1 -#endif - -#if defined(PSA_WANT_ALG_STREAM_CIPHER) -#define MBEDTLS_PSA_BUILTIN_ALG_STREAM_CIPHER 1 -#endif /* PSA_WANT_ALG_STREAM_CIPHER */ - -#if defined(PSA_WANT_ALG_CBC_MAC) -#if !defined(MBEDTLS_PSA_ACCEL_ALG_CBC_MAC) -#error "CBC-MAC is not yet supported via the PSA API in Mbed TLS." -#define MBEDTLS_PSA_BUILTIN_ALG_CBC_MAC 1 -#endif /* !MBEDTLS_PSA_ACCEL_ALG_CBC_MAC */ -#endif /* PSA_WANT_ALG_CBC_MAC */ - -#if defined(PSA_WANT_ALG_CMAC) -#if !defined(MBEDTLS_PSA_ACCEL_ALG_CMAC) || \ - defined(PSA_HAVE_SOFT_BLOCK_CIPHER) -#define MBEDTLS_PSA_BUILTIN_ALG_CMAC 1 -#define MBEDTLS_CMAC_C -#endif /* !MBEDTLS_PSA_ACCEL_ALG_CMAC */ -#endif /* PSA_WANT_ALG_CMAC */ - -#if defined(PSA_WANT_ALG_CTR) -#if !defined(MBEDTLS_PSA_ACCEL_ALG_CTR) || \ - defined(PSA_HAVE_SOFT_BLOCK_CIPHER) -#define MBEDTLS_PSA_BUILTIN_ALG_CTR 1 -#define MBEDTLS_CIPHER_MODE_CTR -#endif -#endif /* PSA_WANT_ALG_CTR */ - -#if defined(PSA_WANT_ALG_CFB) -#if !defined(MBEDTLS_PSA_ACCEL_ALG_CFB) || \ - defined(PSA_HAVE_SOFT_BLOCK_CIPHER) -#define MBEDTLS_PSA_BUILTIN_ALG_CFB 1 -#define MBEDTLS_CIPHER_MODE_CFB -#endif -#endif /* PSA_WANT_ALG_CFB */ - -#if defined(PSA_WANT_ALG_OFB) -#if !defined(MBEDTLS_PSA_ACCEL_ALG_OFB) || \ - defined(PSA_HAVE_SOFT_BLOCK_CIPHER) -#define MBEDTLS_PSA_BUILTIN_ALG_OFB 1 -#define MBEDTLS_CIPHER_MODE_OFB -#endif -#endif /* PSA_WANT_ALG_OFB */ - -#if defined(PSA_WANT_ALG_XTS) -#if !defined(MBEDTLS_PSA_ACCEL_ALG_XTS) || \ - defined(PSA_HAVE_SOFT_BLOCK_CIPHER) -#define MBEDTLS_PSA_BUILTIN_ALG_XTS 1 -#define MBEDTLS_CIPHER_MODE_XTS -#endif -#endif /* PSA_WANT_ALG_XTS */ - -#if defined(PSA_WANT_ALG_ECB_NO_PADDING) -#define MBEDTLS_PSA_BUILTIN_ALG_ECB_NO_PADDING 1 -#endif - -#if defined(PSA_WANT_ALG_CBC_NO_PADDING) -#if !defined(MBEDTLS_PSA_ACCEL_ALG_CBC_NO_PADDING) || \ - defined(PSA_HAVE_SOFT_BLOCK_CIPHER) -#define MBEDTLS_CIPHER_MODE_CBC -#define MBEDTLS_PSA_BUILTIN_ALG_CBC_NO_PADDING 1 -#endif -#endif /* PSA_WANT_ALG_CBC_NO_PADDING */ - -#if defined(PSA_WANT_ALG_CBC_PKCS7) -#if !defined(MBEDTLS_PSA_ACCEL_ALG_CBC_PKCS7) || \ - defined(PSA_HAVE_SOFT_BLOCK_CIPHER) -#define MBEDTLS_CIPHER_MODE_CBC -#define MBEDTLS_PSA_BUILTIN_ALG_CBC_PKCS7 1 -#define MBEDTLS_CIPHER_PADDING_PKCS7 -#endif -#endif /* PSA_WANT_ALG_CBC_PKCS7 */ - -#if defined(PSA_WANT_ALG_CCM) -#if !defined(MBEDTLS_PSA_ACCEL_ALG_CCM) || \ - defined(PSA_HAVE_SOFT_KEY_TYPE_AES) || \ - defined(PSA_HAVE_SOFT_KEY_TYPE_CAMELLIA) -#define MBEDTLS_PSA_BUILTIN_ALG_CCM 1 -#define MBEDTLS_CCM_C -#endif -#endif /* PSA_WANT_ALG_CCM */ - -#if defined(PSA_WANT_ALG_GCM) -#if !defined(MBEDTLS_PSA_ACCEL_ALG_GCM) || \ - defined(PSA_HAVE_SOFT_KEY_TYPE_AES) || \ - defined(PSA_HAVE_SOFT_KEY_TYPE_CAMELLIA) -#define MBEDTLS_PSA_BUILTIN_ALG_GCM 1 -#define MBEDTLS_GCM_C -#endif -#endif /* PSA_WANT_ALG_GCM */ - -#if defined(PSA_WANT_ALG_CHACHA20_POLY1305) -#if defined(PSA_WANT_KEY_TYPE_CHACHA20) -#define MBEDTLS_CHACHAPOLY_C -#define MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305 1 -#endif /* PSA_WANT_KEY_TYPE_CHACHA20 */ -#endif /* PSA_WANT_ALG_CHACHA20_POLY1305 */ - -#if defined(PSA_WANT_ECC_BRAINPOOL_P_R1_256) -#if !defined(MBEDTLS_PSA_ACCEL_ECC_BRAINPOOL_P_R1_256) -#define MBEDTLS_ECP_DP_BP256R1_ENABLED -#define MBEDTLS_PSA_BUILTIN_ECC_BRAINPOOL_P_R1_256 1 -#endif /* !MBEDTLS_PSA_ACCEL_ECC_BRAINPOOL_P_R1_256 */ -#endif /* PSA_WANT_ECC_BRAINPOOL_P_R1_256 */ - -#if defined(PSA_WANT_ECC_BRAINPOOL_P_R1_384) -#if !defined(MBEDTLS_PSA_ACCEL_ECC_BRAINPOOL_P_R1_384) -#define MBEDTLS_ECP_DP_BP384R1_ENABLED -#define MBEDTLS_PSA_BUILTIN_ECC_BRAINPOOL_P_R1_384 1 -#endif /* !MBEDTLS_PSA_ACCEL_ECC_BRAINPOOL_P_R1_384 */ -#endif /* PSA_WANT_ECC_BRAINPOOL_P_R1_384 */ - -#if defined(PSA_WANT_ECC_BRAINPOOL_P_R1_512) -#if !defined(MBEDTLS_PSA_ACCEL_ECC_BRAINPOOL_P_R1_512) -#define MBEDTLS_ECP_DP_BP512R1_ENABLED -#define MBEDTLS_PSA_BUILTIN_ECC_BRAINPOOL_P_R1_512 1 -#endif /* !MBEDTLS_PSA_ACCEL_ECC_BRAINPOOL_P_R1_512 */ -#endif /* PSA_WANT_ECC_BRAINPOOL_P_R1_512 */ - -#if defined(PSA_WANT_ECC_MONTGOMERY_255) -#if !defined(MBEDTLS_PSA_ACCEL_ECC_MONTGOMERY_255) -#define MBEDTLS_ECP_DP_CURVE25519_ENABLED -#define MBEDTLS_PSA_BUILTIN_ECC_MONTGOMERY_255 1 -#endif /* !MBEDTLS_PSA_ACCEL_ECC_MONTGOMERY_255 */ -#endif /* PSA_WANT_ECC_MONTGOMERY_255 */ - -#if defined(PSA_WANT_ECC_MONTGOMERY_448) -#if !defined(MBEDTLS_PSA_ACCEL_ECC_MONTGOMERY_448) -/* - * Curve448 is not yet supported via the PSA API in Mbed TLS - * (https://github.com/ARMmbed/mbedtls/issues/4249). - */ -#error "Curve448 is not yet supported via the PSA API in Mbed TLS." -#define MBEDTLS_ECP_DP_CURVE448_ENABLED -#define MBEDTLS_PSA_BUILTIN_ECC_MONTGOMERY_448 1 -#endif /* !MBEDTLS_PSA_ACCEL_ECC_MONTGOMERY_448 */ -#endif /* PSA_WANT_ECC_MONTGOMERY_448 */ - -#if defined(PSA_WANT_ECC_SECP_R1_192) -#if !defined(MBEDTLS_PSA_ACCEL_ECC_SECP_R1_192) -#define MBEDTLS_ECP_DP_SECP192R1_ENABLED -#define MBEDTLS_PSA_BUILTIN_ECC_SECP_R1_192 1 -#endif /* !MBEDTLS_PSA_ACCEL_ECC_SECP_R1_192 */ -#endif /* PSA_WANT_ECC_SECP_R1_192 */ - -#if defined(PSA_WANT_ECC_SECP_R1_224) -#if !defined(MBEDTLS_PSA_ACCEL_ECC_SECP_R1_224) -#define MBEDTLS_ECP_DP_SECP224R1_ENABLED -#define MBEDTLS_PSA_BUILTIN_ECC_SECP_R1_224 1 -#endif /* !MBEDTLS_PSA_ACCEL_ECC_SECP_R1_224 */ -#endif /* PSA_WANT_ECC_SECP_R1_224 */ - -#if defined(PSA_WANT_ECC_SECP_R1_256) -#if !defined(MBEDTLS_PSA_ACCEL_ECC_SECP_R1_256) -#define MBEDTLS_ECP_DP_SECP256R1_ENABLED -#define MBEDTLS_PSA_BUILTIN_ECC_SECP_R1_256 1 -#endif /* !MBEDTLS_PSA_ACCEL_ECC_SECP_R1_256 */ -#endif /* PSA_WANT_ECC_SECP_R1_256 */ - -#if defined(PSA_WANT_ECC_SECP_R1_384) -#if !defined(MBEDTLS_PSA_ACCEL_ECC_SECP_R1_384) -#define MBEDTLS_ECP_DP_SECP384R1_ENABLED -#define MBEDTLS_PSA_BUILTIN_ECC_SECP_R1_384 1 -#endif /* !MBEDTLS_PSA_ACCEL_ECC_SECP_R1_384 */ -#endif /* PSA_WANT_ECC_SECP_R1_384 */ - -#if defined(PSA_WANT_ECC_SECP_R1_521) -#if !defined(MBEDTLS_PSA_ACCEL_ECC_SECP_R1_521) -#define MBEDTLS_ECP_DP_SECP521R1_ENABLED -#define MBEDTLS_PSA_BUILTIN_ECC_SECP_R1_521 1 -#endif /* !MBEDTLS_PSA_ACCEL_ECC_SECP_R1_521 */ -#endif /* PSA_WANT_ECC_SECP_R1_521 */ - -#if defined(PSA_WANT_ECC_SECP_K1_192) -#if !defined(MBEDTLS_PSA_ACCEL_ECC_SECP_K1_192) -#define MBEDTLS_ECP_DP_SECP192K1_ENABLED -#define MBEDTLS_PSA_BUILTIN_ECC_SECP_K1_192 1 -#endif /* !MBEDTLS_PSA_ACCEL_ECC_SECP_K1_192 */ -#endif /* PSA_WANT_ECC_SECP_K1_192 */ - -#if defined(PSA_WANT_ECC_SECP_K1_224) -#if !defined(MBEDTLS_PSA_ACCEL_ECC_SECP_K1_224) -/* - * SECP224K1 is buggy via the PSA API in Mbed TLS - * (https://github.com/ARMmbed/mbedtls/issues/3541). - */ -#error "SECP224K1 is buggy via the PSA API in Mbed TLS." -#define MBEDTLS_ECP_DP_SECP224K1_ENABLED -#define MBEDTLS_PSA_BUILTIN_ECC_SECP_K1_224 1 -#endif /* !MBEDTLS_PSA_ACCEL_ECC_SECP_K1_224 */ -#endif /* PSA_WANT_ECC_SECP_K1_224 */ - -#if defined(PSA_WANT_ECC_SECP_K1_256) -#if !defined(MBEDTLS_PSA_ACCEL_ECC_SECP_K1_256) -#define MBEDTLS_ECP_DP_SECP256K1_ENABLED -#define MBEDTLS_PSA_BUILTIN_ECC_SECP_K1_256 1 -#endif /* !MBEDTLS_PSA_ACCEL_ECC_SECP_K1_256 */ -#endif /* PSA_WANT_ECC_SECP_K1_256 */ - - - -/****************************************************************/ -/* Infer PSA requirements from Mbed TLS capabilities */ -/****************************************************************/ - -#else /* MBEDTLS_PSA_CRYPTO_CONFIG */ - -/* - * Ensure PSA_WANT_* defines are setup properly if MBEDTLS_PSA_CRYPTO_CONFIG - * is not defined - */ - -#if defined(MBEDTLS_CCM_C) -#define MBEDTLS_PSA_BUILTIN_ALG_CCM 1 -#define PSA_WANT_ALG_CCM 1 -#endif /* MBEDTLS_CCM_C */ - -#if defined(MBEDTLS_CMAC_C) -#define MBEDTLS_PSA_BUILTIN_ALG_CMAC 1 -#define PSA_WANT_ALG_CMAC 1 -#endif /* MBEDTLS_CMAC_C */ - -#if defined(MBEDTLS_ECDH_C) -#define MBEDTLS_PSA_BUILTIN_ALG_ECDH 1 -#define PSA_WANT_ALG_ECDH 1 -#endif /* MBEDTLS_ECDH_C */ - -#if defined(MBEDTLS_ECDSA_C) -#define MBEDTLS_PSA_BUILTIN_ALG_ECDSA 1 -#define PSA_WANT_ALG_ECDSA 1 -#define PSA_WANT_ALG_ECDSA_ANY 1 - -// Only add in DETERMINISTIC support if ECDSA is also enabled -#if defined(MBEDTLS_ECDSA_DETERMINISTIC) -#define MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA 1 -#define PSA_WANT_ALG_DETERMINISTIC_ECDSA 1 -#endif /* MBEDTLS_ECDSA_DETERMINISTIC */ - -#endif /* MBEDTLS_ECDSA_C */ - -#if defined(MBEDTLS_ECP_C) -#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR 1 -#define PSA_WANT_KEY_TYPE_ECC_KEY_PAIR 1 -#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY 1 -#define PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY 1 -#endif /* MBEDTLS_ECP_C */ - -#if defined(MBEDTLS_GCM_C) -#define MBEDTLS_PSA_BUILTIN_ALG_GCM 1 -#define PSA_WANT_ALG_GCM 1 -#endif /* MBEDTLS_GCM_C */ - -#if defined(MBEDTLS_HKDF_C) -#define MBEDTLS_PSA_BUILTIN_ALG_HMAC 1 -#define PSA_WANT_ALG_HMAC 1 -#define MBEDTLS_PSA_BUILTIN_ALG_HKDF 1 -#define PSA_WANT_ALG_HKDF 1 -#endif /* MBEDTLS_HKDF_C */ - -#if defined(MBEDTLS_MD_C) -#define MBEDTLS_PSA_BUILTIN_ALG_HMAC 1 -#define PSA_WANT_ALG_HMAC 1 -#define PSA_WANT_KEY_TYPE_HMAC -#define MBEDTLS_PSA_BUILTIN_ALG_TLS12_PRF 1 -#define PSA_WANT_ALG_TLS12_PRF 1 -#define MBEDTLS_PSA_BUILTIN_ALG_TLS12_PSK_TO_MS 1 -#define PSA_WANT_ALG_TLS12_PSK_TO_MS 1 -#endif /* MBEDTLS_MD_C */ - -#if defined(MBEDTLS_MD5_C) -#define MBEDTLS_PSA_BUILTIN_ALG_MD5 1 -#define PSA_WANT_ALG_MD5 1 -#endif - -#if defined(MBEDTLS_RIPEMD160_C) -#define MBEDTLS_PSA_BUILTIN_ALG_RIPEMD160 1 -#define PSA_WANT_ALG_RIPEMD160 1 -#endif - -#if defined(MBEDTLS_RSA_C) -#if defined(MBEDTLS_PKCS1_V15) -#define MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT 1 -#define PSA_WANT_ALG_RSA_PKCS1V15_CRYPT 1 -#define MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN 1 -#define PSA_WANT_ALG_RSA_PKCS1V15_SIGN 1 -#define PSA_WANT_ALG_RSA_PKCS1V15_SIGN_RAW 1 -#endif /* MBEDTLSS_PKCS1_V15 */ -#if defined(MBEDTLS_PKCS1_V21) -#define MBEDTLS_PSA_BUILTIN_ALG_RSA_OAEP 1 -#define PSA_WANT_ALG_RSA_OAEP 1 -#define MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS 1 -#define PSA_WANT_ALG_RSA_PSS 1 -#endif /* MBEDTLS_PKCS1_V21 */ -#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR 1 -#define PSA_WANT_KEY_TYPE_RSA_KEY_PAIR 1 -#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY 1 -#define PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY 1 -#endif /* MBEDTLS_RSA_C */ - -#if defined(MBEDTLS_SHA1_C) -#define MBEDTLS_PSA_BUILTIN_ALG_SHA_1 1 -#define PSA_WANT_ALG_SHA_1 1 -#endif - -#if defined(MBEDTLS_SHA224_C) -#define MBEDTLS_PSA_BUILTIN_ALG_SHA_224 1 -#define PSA_WANT_ALG_SHA_224 1 -#endif - -#if defined(MBEDTLS_SHA256_C) -#define MBEDTLS_PSA_BUILTIN_ALG_SHA_256 1 -#define PSA_WANT_ALG_SHA_256 1 -#endif - -#if defined(MBEDTLS_SHA384_C) -#define MBEDTLS_PSA_BUILTIN_ALG_SHA_384 1 -#define PSA_WANT_ALG_SHA_384 1 -#endif - -#if defined(MBEDTLS_SHA512_C) -#define MBEDTLS_PSA_BUILTIN_ALG_SHA_512 1 -#define PSA_WANT_ALG_SHA_512 1 -#endif - -#if defined(MBEDTLS_AES_C) -#define PSA_WANT_KEY_TYPE_AES 1 -#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_AES 1 -#endif - -#if defined(MBEDTLS_CAMELLIA_C) -#define PSA_WANT_KEY_TYPE_CAMELLIA 1 -#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_CAMELLIA 1 -#endif - -#if defined(MBEDTLS_DES_C) -#define PSA_WANT_KEY_TYPE_DES 1 -#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_DES 1 -#endif - -#if defined(MBEDTLS_CHACHA20_C) -#define PSA_WANT_KEY_TYPE_CHACHA20 1 -#define PSA_WANT_ALG_STREAM_CIPHER 1 -#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_CHACHA20 1 -#define MBEDTLS_PSA_BUILTIN_ALG_STREAM_CIPHER 1 -#if defined(MBEDTLS_CHACHAPOLY_C) -#define PSA_WANT_ALG_CHACHA20_POLY1305 1 -#define MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305 1 -#endif -#endif - -#if defined(MBEDTLS_CIPHER_MODE_CBC) -#define MBEDTLS_PSA_BUILTIN_ALG_CBC_NO_PADDING 1 -#define PSA_WANT_ALG_CBC_NO_PADDING 1 -#if defined(MBEDTLS_CIPHER_PADDING_PKCS7) -#define MBEDTLS_PSA_BUILTIN_ALG_CBC_PKCS7 1 -#define PSA_WANT_ALG_CBC_PKCS7 1 -#endif -#endif - -#if defined(MBEDTLS_AES_C) || defined(MBEDTLS_DES_C) || \ - defined(MBEDTLS_CAMELLIA_C) -#define MBEDTLS_PSA_BUILTIN_ALG_ECB_NO_PADDING 1 -#define PSA_WANT_ALG_ECB_NO_PADDING 1 -#endif - -#if defined(MBEDTLS_CIPHER_MODE_CFB) -#define MBEDTLS_PSA_BUILTIN_ALG_CFB 1 -#define PSA_WANT_ALG_CFB 1 -#endif - -#if defined(MBEDTLS_CIPHER_MODE_CTR) -#define MBEDTLS_PSA_BUILTIN_ALG_CTR 1 -#define PSA_WANT_ALG_CTR 1 -#endif - -#if defined(MBEDTLS_CIPHER_MODE_OFB) -#define MBEDTLS_PSA_BUILTIN_ALG_OFB 1 -#define PSA_WANT_ALG_OFB 1 -#endif - -#if defined(MBEDTLS_CIPHER_MODE_XTS) -#define MBEDTLS_PSA_BUILTIN_ALG_XTS 1 -#define PSA_WANT_ALG_XTS 1 -#endif - -#if defined(MBEDTLS_ECP_DP_BP256R1_ENABLED) -#define MBEDTLS_PSA_BUILTIN_ECC_BRAINPOOL_P_R1_256 1 -#define PSA_WANT_ECC_BRAINPOOL_P_R1_256 -#endif - -#if defined(MBEDTLS_ECP_DP_BP384R1_ENABLED) -#define MBEDTLS_PSA_BUILTIN_ECC_BRAINPOOL_P_R1_384 1 -#define PSA_WANT_ECC_BRAINPOOL_P_R1_384 -#endif - -#if defined(MBEDTLS_ECP_DP_BP512R1_ENABLED) -#define MBEDTLS_PSA_BUILTIN_ECC_BRAINPOOL_P_R1_512 1 -#define PSA_WANT_ECC_BRAINPOOL_P_R1_512 -#endif - -#if defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED) -#define MBEDTLS_PSA_BUILTIN_ECC_MONTGOMERY_255 1 -#define PSA_WANT_ECC_MONTGOMERY_255 -#endif - -/* Curve448 is not yet supported via the PSA API (https://github.com/ARMmbed/mbedtls/issues/4249) */ -#if 0 && defined(MBEDTLS_ECP_DP_CURVE448_ENABLED) -#define MBEDTLS_PSA_BUILTIN_ECC_MONTGOMERY_448 1 -#define PSA_WANT_ECC_MONTGOMERY_448 -#endif - -#if defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED) -#define MBEDTLS_PSA_BUILTIN_ECC_SECP_R1_192 1 -#define PSA_WANT_ECC_SECP_R1_192 -#endif - -#if defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED) -#define MBEDTLS_PSA_BUILTIN_ECC_SECP_R1_224 1 -#define PSA_WANT_ECC_SECP_R1_224 -#endif - -#if defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED) -#define MBEDTLS_PSA_BUILTIN_ECC_SECP_R1_256 1 -#define PSA_WANT_ECC_SECP_R1_256 -#endif - -#if defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED) -#define MBEDTLS_PSA_BUILTIN_ECC_SECP_R1_384 1 -#define PSA_WANT_ECC_SECP_R1_384 -#endif - -#if defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED) -#define MBEDTLS_PSA_BUILTIN_ECC_SECP_R1_521 1 -#define PSA_WANT_ECC_SECP_R1_521 -#endif - -#if defined(MBEDTLS_ECP_DP_SECP192K1_ENABLED) -#define MBEDTLS_PSA_BUILTIN_ECC_SECP_K1_192 1 -#define PSA_WANT_ECC_SECP_K1_192 -#endif - -/* SECP224K1 is buggy via the PSA API (https://github.com/ARMmbed/mbedtls/issues/3541) */ -#if 0 && defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED) -#define MBEDTLS_PSA_BUILTIN_ECC_SECP_K1_224 1 -#define PSA_WANT_ECC_SECP_K1_224 -#endif - -#if defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED) -#define MBEDTLS_PSA_BUILTIN_ECC_SECP_K1_256 1 -#define PSA_WANT_ECC_SECP_K1_256 -#endif - -#endif /* MBEDTLS_PSA_CRYPTO_CONFIG */ - -/* These features are always enabled. */ -#define PSA_WANT_KEY_TYPE_DERIVE 1 -#define PSA_WANT_KEY_TYPE_RAW_DATA 1 - -#ifdef __cplusplus -} -#endif - -#endif /* MBEDTLS_CONFIG_PSA_H */ diff --git a/windows/mbedtls/ctr_drbg.h b/windows/mbedtls/ctr_drbg.h deleted file mode 100644 index c188b08a..00000000 --- a/windows/mbedtls/ctr_drbg.h +++ /dev/null @@ -1,575 +0,0 @@ -/** - * \file ctr_drbg.h - * - * \brief This file contains definitions and functions for the - * CTR_DRBG pseudorandom generator. - * - * CTR_DRBG is a standardized way of building a PRNG from a block-cipher - * in counter mode operation, as defined in NIST SP 800-90A: - * Recommendation for Random Number Generation Using Deterministic Random - * Bit Generators. - * - * The Mbed TLS implementation of CTR_DRBG uses AES-256 (default) or AES-128 - * (if \c MBEDTLS_CTR_DRBG_USE_128_BIT_KEY is enabled at compile time) - * as the underlying block cipher, with a derivation function. - * - * The security strength as defined in NIST SP 800-90A is - * 128 bits when AES-128 is used (\c MBEDTLS_CTR_DRBG_USE_128_BIT_KEY enabled) - * and 256 bits otherwise, provided that #MBEDTLS_CTR_DRBG_ENTROPY_LEN is - * kept at its default value (and not overridden in mbedtls_config.h) and that the - * DRBG instance is set up with default parameters. - * See the documentation of mbedtls_ctr_drbg_seed() for more - * information. - */ -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -#ifndef MBEDTLS_CTR_DRBG_H -#define MBEDTLS_CTR_DRBG_H -#include "mbedtls/private_access.h" - -#include "mbedtls/build_info.h" - -#include "mbedtls/aes.h" - -#if defined(MBEDTLS_THREADING_C) -#include "mbedtls/threading.h" -#endif - -#define MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED -0x0034 /**< The entropy source failed. */ -#define MBEDTLS_ERR_CTR_DRBG_REQUEST_TOO_BIG -0x0036 /**< The requested random buffer length is too big. */ -#define MBEDTLS_ERR_CTR_DRBG_INPUT_TOO_BIG -0x0038 /**< The input (entropy + additional data) is too large. */ -#define MBEDTLS_ERR_CTR_DRBG_FILE_IO_ERROR -0x003A /**< Read or write error in file. */ - -#define MBEDTLS_CTR_DRBG_BLOCKSIZE 16 /**< The block size used by the cipher. */ - -#if defined(MBEDTLS_CTR_DRBG_USE_128_BIT_KEY) -#define MBEDTLS_CTR_DRBG_KEYSIZE 16 -/**< The key size in bytes used by the cipher. - * - * Compile-time choice: 16 bytes (128 bits) - * because #MBEDTLS_CTR_DRBG_USE_128_BIT_KEY is enabled. - */ -#else -#define MBEDTLS_CTR_DRBG_KEYSIZE 32 -/**< The key size in bytes used by the cipher. - * - * Compile-time choice: 32 bytes (256 bits) - * because \c MBEDTLS_CTR_DRBG_USE_128_BIT_KEY is disabled. - */ -#endif - -#define MBEDTLS_CTR_DRBG_KEYBITS ( MBEDTLS_CTR_DRBG_KEYSIZE * 8 ) /**< The key size for the DRBG operation, in bits. */ -#define MBEDTLS_CTR_DRBG_SEEDLEN ( MBEDTLS_CTR_DRBG_KEYSIZE + MBEDTLS_CTR_DRBG_BLOCKSIZE ) /**< The seed length, calculated as (counter + AES key). */ - -/** - * \name SECTION: Module settings - * - * The configuration options you can set for this module are in this section. - * Either change them in mbedtls_config.h or define them using the compiler command - * line. - * \{ - */ - -/** \def MBEDTLS_CTR_DRBG_ENTROPY_LEN - * - * \brief The amount of entropy used per seed by default, in bytes. - */ -#if !defined(MBEDTLS_CTR_DRBG_ENTROPY_LEN) -#if defined(MBEDTLS_SHA512_C) && !defined(MBEDTLS_ENTROPY_FORCE_SHA256) -/** This is 48 bytes because the entropy module uses SHA-512 - * (\c MBEDTLS_ENTROPY_FORCE_SHA256 is disabled). - */ -#define MBEDTLS_CTR_DRBG_ENTROPY_LEN 48 - -#else /* defined(MBEDTLS_SHA512_C) && !defined(MBEDTLS_ENTROPY_FORCE_SHA256) */ - -/** This is 32 bytes because the entropy module uses SHA-256 - * (the SHA512 module is disabled or - * \c MBEDTLS_ENTROPY_FORCE_SHA256 is enabled). - */ -#if !defined(MBEDTLS_CTR_DRBG_USE_128_BIT_KEY) -/** \warning To achieve a 256-bit security strength, you must pass a nonce - * to mbedtls_ctr_drbg_seed(). - */ -#endif /* !defined(MBEDTLS_CTR_DRBG_USE_128_BIT_KEY) */ -#define MBEDTLS_CTR_DRBG_ENTROPY_LEN 32 -#endif /* defined(MBEDTLS_SHA512_C) && !defined(MBEDTLS_ENTROPY_FORCE_SHA256) */ -#endif /* !defined(MBEDTLS_CTR_DRBG_ENTROPY_LEN) */ - -#if !defined(MBEDTLS_CTR_DRBG_RESEED_INTERVAL) -#define MBEDTLS_CTR_DRBG_RESEED_INTERVAL 10000 -/**< The interval before reseed is performed by default. */ -#endif - -#if !defined(MBEDTLS_CTR_DRBG_MAX_INPUT) -#define MBEDTLS_CTR_DRBG_MAX_INPUT 256 -/**< The maximum number of additional input Bytes. */ -#endif - -#if !defined(MBEDTLS_CTR_DRBG_MAX_REQUEST) -#define MBEDTLS_CTR_DRBG_MAX_REQUEST 1024 -/**< The maximum number of requested Bytes per call. */ -#endif - -#if !defined(MBEDTLS_CTR_DRBG_MAX_SEED_INPUT) -#define MBEDTLS_CTR_DRBG_MAX_SEED_INPUT 384 -/**< The maximum size of seed or reseed buffer in bytes. */ -#endif - -/* \} name SECTION: Module settings */ - -#define MBEDTLS_CTR_DRBG_PR_OFF 0 -/**< Prediction resistance is disabled. */ -#define MBEDTLS_CTR_DRBG_PR_ON 1 -/**< Prediction resistance is enabled. */ - -#ifdef __cplusplus -extern "C" { -#endif - -#if MBEDTLS_CTR_DRBG_ENTROPY_LEN >= MBEDTLS_CTR_DRBG_KEYSIZE * 3 / 2 -/** The default length of the nonce read from the entropy source. - * - * This is \c 0 because a single read from the entropy source is sufficient - * to include a nonce. - * See the documentation of mbedtls_ctr_drbg_seed() for more information. - */ -#define MBEDTLS_CTR_DRBG_ENTROPY_NONCE_LEN 0 -#else -/** The default length of the nonce read from the entropy source. - * - * This is half of the default entropy length because a single read from - * the entropy source does not provide enough material to form a nonce. - * See the documentation of mbedtls_ctr_drbg_seed() for more information. - */ -#define MBEDTLS_CTR_DRBG_ENTROPY_NONCE_LEN ( MBEDTLS_CTR_DRBG_ENTROPY_LEN + 1 ) / 2 -#endif - -/** - * \brief The CTR_DRBG context structure. - */ -typedef struct mbedtls_ctr_drbg_context -{ - unsigned char MBEDTLS_PRIVATE(counter)[16]; /*!< The counter (V). */ - int MBEDTLS_PRIVATE(reseed_counter); /*!< The reseed counter. - * This is the number of requests that have - * been made since the last (re)seeding, - * minus one. - * Before the initial seeding, this field - * contains the amount of entropy in bytes - * to use as a nonce for the initial seeding, - * or -1 if no nonce length has been explicitly - * set (see mbedtls_ctr_drbg_set_nonce_len()). - */ - int MBEDTLS_PRIVATE(prediction_resistance); /*!< This determines whether prediction - resistance is enabled, that is - whether to systematically reseed before - each random generation. */ - size_t MBEDTLS_PRIVATE(entropy_len); /*!< The amount of entropy grabbed on each - seed or reseed operation, in bytes. */ - int MBEDTLS_PRIVATE(reseed_interval); /*!< The reseed interval. - * This is the maximum number of requests - * that can be made between reseedings. */ - - mbedtls_aes_context MBEDTLS_PRIVATE(aes_ctx); /*!< The AES context. */ - - /* - * Callbacks (Entropy) - */ - int (*MBEDTLS_PRIVATE(f_entropy))(void *, unsigned char *, size_t); - /*!< The entropy callback function. */ - - void *MBEDTLS_PRIVATE(p_entropy); /*!< The context for the entropy function. */ - -#if defined(MBEDTLS_THREADING_C) - /* Invariant: the mutex is initialized if and only if f_entropy != NULL. - * This means that the mutex is initialized during the initial seeding - * in mbedtls_ctr_drbg_seed() and freed in mbedtls_ctr_drbg_free(). - * - * Note that this invariant may change without notice. Do not rely on it - * and do not access the mutex directly in application code. - */ - mbedtls_threading_mutex_t MBEDTLS_PRIVATE(mutex); -#endif -} -mbedtls_ctr_drbg_context; - -/** - * \brief This function initializes the CTR_DRBG context, - * and prepares it for mbedtls_ctr_drbg_seed() - * or mbedtls_ctr_drbg_free(). - * - * \note The reseed interval is - * #MBEDTLS_CTR_DRBG_RESEED_INTERVAL by default. - * You can override it by calling - * mbedtls_ctr_drbg_set_reseed_interval(). - * - * \param ctx The CTR_DRBG context to initialize. - */ -void mbedtls_ctr_drbg_init( mbedtls_ctr_drbg_context *ctx ); - -/** - * \brief This function seeds and sets up the CTR_DRBG - * entropy source for future reseeds. - * - * A typical choice for the \p f_entropy and \p p_entropy parameters is - * to use the entropy module: - * - \p f_entropy is mbedtls_entropy_func(); - * - \p p_entropy is an instance of ::mbedtls_entropy_context initialized - * with mbedtls_entropy_init() (which registers the platform's default - * entropy sources). - * - * The entropy length is #MBEDTLS_CTR_DRBG_ENTROPY_LEN by default. - * You can override it by calling mbedtls_ctr_drbg_set_entropy_len(). - * - * The entropy nonce length is: - * - \c 0 if the entropy length is at least 3/2 times the entropy length, - * which guarantees that the security strength is the maximum permitted - * by the key size and entropy length according to NIST SP 800-90A §10.2.1; - * - Half the entropy length otherwise. - * You can override it by calling mbedtls_ctr_drbg_set_nonce_len(). - * With the default entropy length, the entropy nonce length is - * #MBEDTLS_CTR_DRBG_ENTROPY_NONCE_LEN. - * - * You can provide a nonce and personalization string in addition to the - * entropy source, to make this instantiation as unique as possible. - * See SP 800-90A §8.6.7 for more details about nonces. - * - * The _seed_material_ value passed to the derivation function in - * the CTR_DRBG Instantiate Process described in NIST SP 800-90A §10.2.1.3.2 - * is the concatenation of the following strings: - * - A string obtained by calling \p f_entropy function for the entropy - * length. - */ -#if MBEDTLS_CTR_DRBG_ENTROPY_NONCE_LEN == 0 -/** - * - If mbedtls_ctr_drbg_set_nonce_len() has been called, a string - * obtained by calling \p f_entropy function for the specified length. - */ -#else -/** - * - A string obtained by calling \p f_entropy function for the entropy nonce - * length. If the entropy nonce length is \c 0, this function does not - * make a second call to \p f_entropy. - */ -#endif -#if defined(MBEDTLS_THREADING_C) -/** - * \note When Mbed TLS is built with threading support, - * after this function returns successfully, - * it is safe to call mbedtls_ctr_drbg_random() - * from multiple threads. Other operations, including - * reseeding, are not thread-safe. - */ -#endif /* MBEDTLS_THREADING_C */ -/** - * - The \p custom string. - * - * \note To achieve the nominal security strength permitted - * by CTR_DRBG, the entropy length must be: - * - at least 16 bytes for a 128-bit strength - * (maximum achievable strength when using AES-128); - * - at least 32 bytes for a 256-bit strength - * (maximum achievable strength when using AES-256). - * - * In addition, if you do not pass a nonce in \p custom, - * the sum of the entropy length - * and the entropy nonce length must be: - * - at least 24 bytes for a 128-bit strength - * (maximum achievable strength when using AES-128); - * - at least 48 bytes for a 256-bit strength - * (maximum achievable strength when using AES-256). - * - * \param ctx The CTR_DRBG context to seed. - * It must have been initialized with - * mbedtls_ctr_drbg_init(). - * After a successful call to mbedtls_ctr_drbg_seed(), - * you may not call mbedtls_ctr_drbg_seed() again on - * the same context unless you call - * mbedtls_ctr_drbg_free() and mbedtls_ctr_drbg_init() - * again first. - * After a failed call to mbedtls_ctr_drbg_seed(), - * you must call mbedtls_ctr_drbg_free(). - * \param f_entropy The entropy callback, taking as arguments the - * \p p_entropy context, the buffer to fill, and the - * length of the buffer. - * \p f_entropy is always called with a buffer size - * less than or equal to the entropy length. - * \param p_entropy The entropy context to pass to \p f_entropy. - * \param custom The personalization string. - * This can be \c NULL, in which case the personalization - * string is empty regardless of the value of \p len. - * \param len The length of the personalization string. - * This must be at most - * #MBEDTLS_CTR_DRBG_MAX_SEED_INPUT - * - #MBEDTLS_CTR_DRBG_ENTROPY_LEN. - * - * \return \c 0 on success. - * \return #MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED on failure. - */ -int mbedtls_ctr_drbg_seed( mbedtls_ctr_drbg_context *ctx, - int (*f_entropy)(void *, unsigned char *, size_t), - void *p_entropy, - const unsigned char *custom, - size_t len ); - -/** - * \brief This function resets CTR_DRBG context to the state immediately - * after initial call of mbedtls_ctr_drbg_init(). - * - * \param ctx The CTR_DRBG context to clear. - */ -void mbedtls_ctr_drbg_free( mbedtls_ctr_drbg_context *ctx ); - -/** - * \brief This function turns prediction resistance on or off. - * The default value is off. - * - * \note If enabled, entropy is gathered at the beginning of - * every call to mbedtls_ctr_drbg_random_with_add() - * or mbedtls_ctr_drbg_random(). - * Only use this if your entropy source has sufficient - * throughput. - * - * \param ctx The CTR_DRBG context. - * \param resistance #MBEDTLS_CTR_DRBG_PR_ON or #MBEDTLS_CTR_DRBG_PR_OFF. - */ -void mbedtls_ctr_drbg_set_prediction_resistance( mbedtls_ctr_drbg_context *ctx, - int resistance ); - -/** - * \brief This function sets the amount of entropy grabbed on each - * seed or reseed. - * - * The default value is #MBEDTLS_CTR_DRBG_ENTROPY_LEN. - * - * \note The security strength of CTR_DRBG is bounded by the - * entropy length. Thus: - * - When using AES-256 - * (\c MBEDTLS_CTR_DRBG_USE_128_BIT_KEY is disabled, - * which is the default), - * \p len must be at least 32 (in bytes) - * to achieve a 256-bit strength. - * - When using AES-128 - * (\c MBEDTLS_CTR_DRBG_USE_128_BIT_KEY is enabled) - * \p len must be at least 16 (in bytes) - * to achieve a 128-bit strength. - * - * \param ctx The CTR_DRBG context. - * \param len The amount of entropy to grab, in bytes. - * This must be at most #MBEDTLS_CTR_DRBG_MAX_SEED_INPUT - * and at most the maximum length accepted by the - * entropy function that is set in the context. - */ -void mbedtls_ctr_drbg_set_entropy_len( mbedtls_ctr_drbg_context *ctx, - size_t len ); - -/** - * \brief This function sets the amount of entropy grabbed - * as a nonce for the initial seeding. - * - * Call this function before calling mbedtls_ctr_drbg_seed() to read - * a nonce from the entropy source during the initial seeding. - * - * \param ctx The CTR_DRBG context. - * \param len The amount of entropy to grab for the nonce, in bytes. - * This must be at most #MBEDTLS_CTR_DRBG_MAX_SEED_INPUT - * and at most the maximum length accepted by the - * entropy function that is set in the context. - * - * \return \c 0 on success. - * \return #MBEDTLS_ERR_CTR_DRBG_INPUT_TOO_BIG if \p len is - * more than #MBEDTLS_CTR_DRBG_MAX_SEED_INPUT. - * \return #MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED - * if the initial seeding has already taken place. - */ -int mbedtls_ctr_drbg_set_nonce_len( mbedtls_ctr_drbg_context *ctx, - size_t len ); - -/** - * \brief This function sets the reseed interval. - * - * The reseed interval is the number of calls to mbedtls_ctr_drbg_random() - * or mbedtls_ctr_drbg_random_with_add() after which the entropy function - * is called again. - * - * The default value is #MBEDTLS_CTR_DRBG_RESEED_INTERVAL. - * - * \param ctx The CTR_DRBG context. - * \param interval The reseed interval. - */ -void mbedtls_ctr_drbg_set_reseed_interval( mbedtls_ctr_drbg_context *ctx, - int interval ); - -/** - * \brief This function reseeds the CTR_DRBG context, that is - * extracts data from the entropy source. - * - * \note This function is not thread-safe. It is not safe - * to call this function if another thread might be - * concurrently obtaining random numbers from the same - * context or updating or reseeding the same context. - * - * \param ctx The CTR_DRBG context. - * \param additional Additional data to add to the state. Can be \c NULL. - * \param len The length of the additional data. - * This must be less than - * #MBEDTLS_CTR_DRBG_MAX_SEED_INPUT - \c entropy_len - * where \c entropy_len is the entropy length - * configured for the context. - * - * \return \c 0 on success. - * \return #MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED on failure. - */ -int mbedtls_ctr_drbg_reseed( mbedtls_ctr_drbg_context *ctx, - const unsigned char *additional, size_t len ); - -/** - * \brief This function updates the state of the CTR_DRBG context. - * - * \note This function is not thread-safe. It is not safe - * to call this function if another thread might be - * concurrently obtaining random numbers from the same - * context or updating or reseeding the same context. - * - * \param ctx The CTR_DRBG context. - * \param additional The data to update the state with. This must not be - * \c NULL unless \p add_len is \c 0. - * \param add_len Length of \p additional in bytes. This must be at - * most #MBEDTLS_CTR_DRBG_MAX_SEED_INPUT. - * - * \return \c 0 on success. - * \return #MBEDTLS_ERR_CTR_DRBG_INPUT_TOO_BIG if - * \p add_len is more than - * #MBEDTLS_CTR_DRBG_MAX_SEED_INPUT. - * \return An error from the underlying AES cipher on failure. - */ -int mbedtls_ctr_drbg_update( mbedtls_ctr_drbg_context *ctx, - const unsigned char *additional, - size_t add_len ); - -/** - * \brief This function updates a CTR_DRBG instance with additional - * data and uses it to generate random data. - * - * This function automatically reseeds if the reseed counter is exceeded - * or prediction resistance is enabled. - * - * \note This function is not thread-safe. It is not safe - * to call this function if another thread might be - * concurrently obtaining random numbers from the same - * context or updating or reseeding the same context. - * - * \param p_rng The CTR_DRBG context. This must be a pointer to a - * #mbedtls_ctr_drbg_context structure. - * \param output The buffer to fill. - * \param output_len The length of the buffer in bytes. - * \param additional Additional data to update. Can be \c NULL, in which - * case the additional data is empty regardless of - * the value of \p add_len. - * \param add_len The length of the additional data - * if \p additional is not \c NULL. - * This must be less than #MBEDTLS_CTR_DRBG_MAX_INPUT - * and less than - * #MBEDTLS_CTR_DRBG_MAX_SEED_INPUT - \c entropy_len - * where \c entropy_len is the entropy length - * configured for the context. - * - * \return \c 0 on success. - * \return #MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED or - * #MBEDTLS_ERR_CTR_DRBG_REQUEST_TOO_BIG on failure. - */ -int mbedtls_ctr_drbg_random_with_add( void *p_rng, - unsigned char *output, size_t output_len, - const unsigned char *additional, size_t add_len ); - -/** - * \brief This function uses CTR_DRBG to generate random data. - * - * This function automatically reseeds if the reseed counter is exceeded - * or prediction resistance is enabled. - */ -#if defined(MBEDTLS_THREADING_C) -/** - * \note When Mbed TLS is built with threading support, - * it is safe to call mbedtls_ctr_drbg_random() - * from multiple threads. Other operations, including - * reseeding, are not thread-safe. - */ -#endif /* MBEDTLS_THREADING_C */ -/** - * \param p_rng The CTR_DRBG context. This must be a pointer to a - * #mbedtls_ctr_drbg_context structure. - * \param output The buffer to fill. - * \param output_len The length of the buffer in bytes. - * - * \return \c 0 on success. - * \return #MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED or - * #MBEDTLS_ERR_CTR_DRBG_REQUEST_TOO_BIG on failure. - */ -int mbedtls_ctr_drbg_random( void *p_rng, - unsigned char *output, size_t output_len ); - -#if defined(MBEDTLS_FS_IO) -/** - * \brief This function writes a seed file. - * - * \param ctx The CTR_DRBG context. - * \param path The name of the file. - * - * \return \c 0 on success. - * \return #MBEDTLS_ERR_CTR_DRBG_FILE_IO_ERROR on file error. - * \return #MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED on reseed - * failure. - */ -int mbedtls_ctr_drbg_write_seed_file( mbedtls_ctr_drbg_context *ctx, const char *path ); - -/** - * \brief This function reads and updates a seed file. The seed - * is added to this instance. - * - * \param ctx The CTR_DRBG context. - * \param path The name of the file. - * - * \return \c 0 on success. - * \return #MBEDTLS_ERR_CTR_DRBG_FILE_IO_ERROR on file error. - * \return #MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED on - * reseed failure. - * \return #MBEDTLS_ERR_CTR_DRBG_INPUT_TOO_BIG if the existing - * seed file is too large. - */ -int mbedtls_ctr_drbg_update_seed_file( mbedtls_ctr_drbg_context *ctx, const char *path ); -#endif /* MBEDTLS_FS_IO */ - -#if defined(MBEDTLS_SELF_TEST) - -/** - * \brief The CTR_DRBG checkup routine. - * - * \return \c 0 on success. - * \return \c 1 on failure. - */ -int mbedtls_ctr_drbg_self_test( int verbose ); - -#endif /* MBEDTLS_SELF_TEST */ - -#ifdef __cplusplus -} -#endif - -#endif /* ctr_drbg.h */ diff --git a/windows/mbedtls/debug.h b/windows/mbedtls/debug.h deleted file mode 100644 index 0aed5961..00000000 --- a/windows/mbedtls/debug.h +++ /dev/null @@ -1,311 +0,0 @@ -/** - * \file debug.h - * - * \brief Functions for controlling and providing debug output from the library. - */ -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -#ifndef MBEDTLS_DEBUG_H -#define MBEDTLS_DEBUG_H - -#include "mbedtls/build_info.h" - -#include "mbedtls/ssl.h" - -#if defined(MBEDTLS_ECP_C) -#include "mbedtls/ecp.h" -#endif - -#if defined(MBEDTLS_DEBUG_C) - -#define MBEDTLS_DEBUG_STRIP_PARENS( ... ) __VA_ARGS__ - -#define MBEDTLS_SSL_DEBUG_MSG( level, args ) \ - mbedtls_debug_print_msg( ssl, level, __FILE__, __LINE__, \ - MBEDTLS_DEBUG_STRIP_PARENS args ) - -#define MBEDTLS_SSL_DEBUG_RET( level, text, ret ) \ - mbedtls_debug_print_ret( ssl, level, __FILE__, __LINE__, text, ret ) - -#define MBEDTLS_SSL_DEBUG_BUF( level, text, buf, len ) \ - mbedtls_debug_print_buf( ssl, level, __FILE__, __LINE__, text, buf, len ) - -#if defined(MBEDTLS_BIGNUM_C) -#define MBEDTLS_SSL_DEBUG_MPI( level, text, X ) \ - mbedtls_debug_print_mpi( ssl, level, __FILE__, __LINE__, text, X ) -#endif - -#if defined(MBEDTLS_ECP_C) -#define MBEDTLS_SSL_DEBUG_ECP( level, text, X ) \ - mbedtls_debug_print_ecp( ssl, level, __FILE__, __LINE__, text, X ) -#endif - -#if defined(MBEDTLS_X509_CRT_PARSE_C) -#if !defined(MBEDTLS_X509_REMOVE_INFO) -#define MBEDTLS_SSL_DEBUG_CRT( level, text, crt ) \ - mbedtls_debug_print_crt( ssl, level, __FILE__, __LINE__, text, crt ) -#else -#define MBEDTLS_SSL_DEBUG_CRT( level, text, crt ) do { } while( 0 ) -#endif /* MBEDTLS_X509_REMOVE_INFO */ -#endif /* MBEDTLS_X509_CRT_PARSE_C */ - -#if defined(MBEDTLS_ECDH_C) -#define MBEDTLS_SSL_DEBUG_ECDH( level, ecdh, attr ) \ - mbedtls_debug_printf_ecdh( ssl, level, __FILE__, __LINE__, ecdh, attr ) -#endif - -#else /* MBEDTLS_DEBUG_C */ - -#define MBEDTLS_SSL_DEBUG_MSG( level, args ) do { } while( 0 ) -#define MBEDTLS_SSL_DEBUG_RET( level, text, ret ) do { } while( 0 ) -#define MBEDTLS_SSL_DEBUG_BUF( level, text, buf, len ) do { } while( 0 ) -#define MBEDTLS_SSL_DEBUG_MPI( level, text, X ) do { } while( 0 ) -#define MBEDTLS_SSL_DEBUG_ECP( level, text, X ) do { } while( 0 ) -#define MBEDTLS_SSL_DEBUG_CRT( level, text, crt ) do { } while( 0 ) -#define MBEDTLS_SSL_DEBUG_ECDH( level, ecdh, attr ) do { } while( 0 ) - -#endif /* MBEDTLS_DEBUG_C */ - -/** - * \def MBEDTLS_PRINTF_ATTRIBUTE - * - * Mark a function as having printf attributes, and thus enable checking - * via -wFormat and other flags. This does nothing on builds with compilers - * that do not support the format attribute - * - * Module: library/debug.c - * Caller: - * - * This module provides debugging functions. - */ -#if defined(__has_attribute) -#if __has_attribute(format) -#if defined(__MINGW32__) && __USE_MINGW_ANSI_STDIO == 1 -#define MBEDTLS_PRINTF_ATTRIBUTE(string_index, first_to_check) \ - __attribute__((__format__ (gnu_printf, string_index, first_to_check))) -#else /* defined(__MINGW32__) && __USE_MINGW_ANSI_STDIO == 1 */ -#define MBEDTLS_PRINTF_ATTRIBUTE(string_index, first_to_check) \ - __attribute__((format(printf, string_index, first_to_check))) -#endif -#else /* __has_attribute(format) */ -#define MBEDTLS_PRINTF_ATTRIBUTE(string_index, first_to_check) -#endif /* __has_attribute(format) */ -#else /* defined(__has_attribute) */ -#define MBEDTLS_PRINTF_ATTRIBUTE(string_index, first_to_check) -#endif - -/** - * \def MBEDTLS_PRINTF_SIZET - * - * MBEDTLS_PRINTF_xxx: Due to issues with older window compilers - * and MinGW we need to define the printf specifier for size_t - * and long long per platform. - * - * Module: library/debug.c - * Caller: - * - * This module provides debugging functions. - */ -#if (defined(__MINGW32__) && __USE_MINGW_ANSI_STDIO == 0) || (defined(_MSC_VER) && _MSC_VER < 1800) - #include - #define MBEDTLS_PRINTF_SIZET PRIuPTR - #define MBEDTLS_PRINTF_LONGLONG "I64d" -#else /* (defined(__MINGW32__) && __USE_MINGW_ANSI_STDIO == 0) || (defined(_MSC_VER) && _MSC_VER < 1800) */ - #define MBEDTLS_PRINTF_SIZET "zu" - #define MBEDTLS_PRINTF_LONGLONG "lld" -#endif /* (defined(__MINGW32__) && __USE_MINGW_ANSI_STDIO == 0) || (defined(_MSC_VER) && _MSC_VER < 1800) */ - -#ifdef __cplusplus -extern "C" { -#endif - -/** - * \brief Set the threshold error level to handle globally all debug output. - * Debug messages that have a level over the threshold value are - * discarded. - * (Default value: 0 = No debug ) - * - * \param threshold theshold level of messages to filter on. Messages at a - * higher level will be discarded. - * - Debug levels - * - 0 No debug - * - 1 Error - * - 2 State change - * - 3 Informational - * - 4 Verbose - */ -void mbedtls_debug_set_threshold( int threshold ); - -/** - * \brief Print a message to the debug output. This function is always used - * through the MBEDTLS_SSL_DEBUG_MSG() macro, which supplies the ssl - * context, file and line number parameters. - * - * \param ssl SSL context - * \param level error level of the debug message - * \param file file the message has occurred in - * \param line line number the message has occurred at - * \param format format specifier, in printf format - * \param ... variables used by the format specifier - * - * \attention This function is intended for INTERNAL usage within the - * library only. - */ -void mbedtls_debug_print_msg( const mbedtls_ssl_context *ssl, int level, - const char *file, int line, - const char *format, ... ) MBEDTLS_PRINTF_ATTRIBUTE(5, 6); - -/** - * \brief Print the return value of a function to the debug output. This - * function is always used through the MBEDTLS_SSL_DEBUG_RET() macro, - * which supplies the ssl context, file and line number parameters. - * - * \param ssl SSL context - * \param level error level of the debug message - * \param file file the error has occurred in - * \param line line number the error has occurred in - * \param text the name of the function that returned the error - * \param ret the return code value - * - * \attention This function is intended for INTERNAL usage within the - * library only. - */ -void mbedtls_debug_print_ret( const mbedtls_ssl_context *ssl, int level, - const char *file, int line, - const char *text, int ret ); - -/** - * \brief Output a buffer of size len bytes to the debug output. This function - * is always used through the MBEDTLS_SSL_DEBUG_BUF() macro, - * which supplies the ssl context, file and line number parameters. - * - * \param ssl SSL context - * \param level error level of the debug message - * \param file file the error has occurred in - * \param line line number the error has occurred in - * \param text a name or label for the buffer being dumped. Normally the - * variable or buffer name - * \param buf the buffer to be outputted - * \param len length of the buffer - * - * \attention This function is intended for INTERNAL usage within the - * library only. - */ -void mbedtls_debug_print_buf( const mbedtls_ssl_context *ssl, int level, - const char *file, int line, const char *text, - const unsigned char *buf, size_t len ); - -#if defined(MBEDTLS_BIGNUM_C) -/** - * \brief Print a MPI variable to the debug output. This function is always - * used through the MBEDTLS_SSL_DEBUG_MPI() macro, which supplies the - * ssl context, file and line number parameters. - * - * \param ssl SSL context - * \param level error level of the debug message - * \param file file the error has occurred in - * \param line line number the error has occurred in - * \param text a name or label for the MPI being output. Normally the - * variable name - * \param X the MPI variable - * - * \attention This function is intended for INTERNAL usage within the - * library only. - */ -void mbedtls_debug_print_mpi( const mbedtls_ssl_context *ssl, int level, - const char *file, int line, - const char *text, const mbedtls_mpi *X ); -#endif - -#if defined(MBEDTLS_ECP_C) -/** - * \brief Print an ECP point to the debug output. This function is always - * used through the MBEDTLS_SSL_DEBUG_ECP() macro, which supplies the - * ssl context, file and line number parameters. - * - * \param ssl SSL context - * \param level error level of the debug message - * \param file file the error has occurred in - * \param line line number the error has occurred in - * \param text a name or label for the ECP point being output. Normally the - * variable name - * \param X the ECP point - * - * \attention This function is intended for INTERNAL usage within the - * library only. - */ -void mbedtls_debug_print_ecp( const mbedtls_ssl_context *ssl, int level, - const char *file, int line, - const char *text, const mbedtls_ecp_point *X ); -#endif - -#if defined(MBEDTLS_X509_CRT_PARSE_C) && !defined(MBEDTLS_X509_REMOVE_INFO) -/** - * \brief Print a X.509 certificate structure to the debug output. This - * function is always used through the MBEDTLS_SSL_DEBUG_CRT() macro, - * which supplies the ssl context, file and line number parameters. - * - * \param ssl SSL context - * \param level error level of the debug message - * \param file file the error has occurred in - * \param line line number the error has occurred in - * \param text a name or label for the certificate being output - * \param crt X.509 certificate structure - * - * \attention This function is intended for INTERNAL usage within the - * library only. - */ -void mbedtls_debug_print_crt( const mbedtls_ssl_context *ssl, int level, - const char *file, int line, - const char *text, const mbedtls_x509_crt *crt ); -#endif - -#if defined(MBEDTLS_ECDH_C) -typedef enum -{ - MBEDTLS_DEBUG_ECDH_Q, - MBEDTLS_DEBUG_ECDH_QP, - MBEDTLS_DEBUG_ECDH_Z, -} mbedtls_debug_ecdh_attr; - -/** - * \brief Print a field of the ECDH structure in the SSL context to the debug - * output. This function is always used through the - * MBEDTLS_SSL_DEBUG_ECDH() macro, which supplies the ssl context, file - * and line number parameters. - * - * \param ssl SSL context - * \param level error level of the debug message - * \param file file the error has occurred in - * \param line line number the error has occurred in - * \param ecdh the ECDH context - * \param attr the identifier of the attribute being output - * - * \attention This function is intended for INTERNAL usage within the - * library only. - */ -void mbedtls_debug_printf_ecdh( const mbedtls_ssl_context *ssl, int level, - const char *file, int line, - const mbedtls_ecdh_context *ecdh, - mbedtls_debug_ecdh_attr attr ); -#endif - -#ifdef __cplusplus -} -#endif - -#endif /* debug.h */ diff --git a/windows/mbedtls/des.h b/windows/mbedtls/des.h deleted file mode 100644 index 9e2f6839..00000000 --- a/windows/mbedtls/des.h +++ /dev/null @@ -1,348 +0,0 @@ -/** - * \file des.h - * - * \brief DES block cipher - * - * \warning DES is considered a weak cipher and its use constitutes a - * security risk. We recommend considering stronger ciphers - * instead. - */ -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - */ -#ifndef MBEDTLS_DES_H -#define MBEDTLS_DES_H -#include "mbedtls/private_access.h" - -#include "mbedtls/build_info.h" - -#include -#include - -#define MBEDTLS_DES_ENCRYPT 1 -#define MBEDTLS_DES_DECRYPT 0 - -#define MBEDTLS_ERR_DES_INVALID_INPUT_LENGTH -0x0032 /**< The data input has an invalid length. */ - -#define MBEDTLS_DES_KEY_SIZE 8 - -#ifdef __cplusplus -extern "C" { -#endif - -#if !defined(MBEDTLS_DES_ALT) -// Regular implementation -// - -/** - * \brief DES context structure - * - * \warning DES is considered a weak cipher and its use constitutes a - * security risk. We recommend considering stronger ciphers - * instead. - */ -typedef struct mbedtls_des_context -{ - uint32_t MBEDTLS_PRIVATE(sk)[32]; /*!< DES subkeys */ -} -mbedtls_des_context; - -/** - * \brief Triple-DES context structure - */ -typedef struct mbedtls_des3_context -{ - uint32_t MBEDTLS_PRIVATE(sk)[96]; /*!< 3DES subkeys */ -} -mbedtls_des3_context; - -#else /* MBEDTLS_DES_ALT */ -#include "des_alt.h" -#endif /* MBEDTLS_DES_ALT */ - -/** - * \brief Initialize DES context - * - * \param ctx DES context to be initialized - * - * \warning DES is considered a weak cipher and its use constitutes a - * security risk. We recommend considering stronger ciphers - * instead. - */ -void mbedtls_des_init( mbedtls_des_context *ctx ); - -/** - * \brief Clear DES context - * - * \param ctx DES context to be cleared - * - * \warning DES is considered a weak cipher and its use constitutes a - * security risk. We recommend considering stronger ciphers - * instead. - */ -void mbedtls_des_free( mbedtls_des_context *ctx ); - -/** - * \brief Initialize Triple-DES context - * - * \param ctx DES3 context to be initialized - */ -void mbedtls_des3_init( mbedtls_des3_context *ctx ); - -/** - * \brief Clear Triple-DES context - * - * \param ctx DES3 context to be cleared - */ -void mbedtls_des3_free( mbedtls_des3_context *ctx ); - -/** - * \brief Set key parity on the given key to odd. - * - * DES keys are 56 bits long, but each byte is padded with - * a parity bit to allow verification. - * - * \param key 8-byte secret key - * - * \warning DES is considered a weak cipher and its use constitutes a - * security risk. We recommend considering stronger ciphers - * instead. - */ -void mbedtls_des_key_set_parity( unsigned char key[MBEDTLS_DES_KEY_SIZE] ); - -/** - * \brief Check that key parity on the given key is odd. - * - * DES keys are 56 bits long, but each byte is padded with - * a parity bit to allow verification. - * - * \param key 8-byte secret key - * - * \return 0 is parity was ok, 1 if parity was not correct. - * - * \warning DES is considered a weak cipher and its use constitutes a - * security risk. We recommend considering stronger ciphers - * instead. - */ -int mbedtls_des_key_check_key_parity( const unsigned char key[MBEDTLS_DES_KEY_SIZE] ); - -/** - * \brief Check that key is not a weak or semi-weak DES key - * - * \param key 8-byte secret key - * - * \return 0 if no weak key was found, 1 if a weak key was identified. - * - * \warning DES is considered a weak cipher and its use constitutes a - * security risk. We recommend considering stronger ciphers - * instead. - */ -int mbedtls_des_key_check_weak( const unsigned char key[MBEDTLS_DES_KEY_SIZE] ); - -/** - * \brief DES key schedule (56-bit, encryption) - * - * \param ctx DES context to be initialized - * \param key 8-byte secret key - * - * \return 0 - * - * \warning DES is considered a weak cipher and its use constitutes a - * security risk. We recommend considering stronger ciphers - * instead. - */ -int mbedtls_des_setkey_enc( mbedtls_des_context *ctx, const unsigned char key[MBEDTLS_DES_KEY_SIZE] ); - -/** - * \brief DES key schedule (56-bit, decryption) - * - * \param ctx DES context to be initialized - * \param key 8-byte secret key - * - * \return 0 - * - * \warning DES is considered a weak cipher and its use constitutes a - * security risk. We recommend considering stronger ciphers - * instead. - */ -int mbedtls_des_setkey_dec( mbedtls_des_context *ctx, const unsigned char key[MBEDTLS_DES_KEY_SIZE] ); - -/** - * \brief Triple-DES key schedule (112-bit, encryption) - * - * \param ctx 3DES context to be initialized - * \param key 16-byte secret key - * - * \return 0 - */ -int mbedtls_des3_set2key_enc( mbedtls_des3_context *ctx, - const unsigned char key[MBEDTLS_DES_KEY_SIZE * 2] ); - -/** - * \brief Triple-DES key schedule (112-bit, decryption) - * - * \param ctx 3DES context to be initialized - * \param key 16-byte secret key - * - * \return 0 - */ -int mbedtls_des3_set2key_dec( mbedtls_des3_context *ctx, - const unsigned char key[MBEDTLS_DES_KEY_SIZE * 2] ); - -/** - * \brief Triple-DES key schedule (168-bit, encryption) - * - * \param ctx 3DES context to be initialized - * \param key 24-byte secret key - * - * \return 0 - */ -int mbedtls_des3_set3key_enc( mbedtls_des3_context *ctx, - const unsigned char key[MBEDTLS_DES_KEY_SIZE * 3] ); - -/** - * \brief Triple-DES key schedule (168-bit, decryption) - * - * \param ctx 3DES context to be initialized - * \param key 24-byte secret key - * - * \return 0 - */ -int mbedtls_des3_set3key_dec( mbedtls_des3_context *ctx, - const unsigned char key[MBEDTLS_DES_KEY_SIZE * 3] ); - -/** - * \brief DES-ECB block encryption/decryption - * - * \param ctx DES context - * \param input 64-bit input block - * \param output 64-bit output block - * - * \return 0 if successful - * - * \warning DES is considered a weak cipher and its use constitutes a - * security risk. We recommend considering stronger ciphers - * instead. - */ -int mbedtls_des_crypt_ecb( mbedtls_des_context *ctx, - const unsigned char input[8], - unsigned char output[8] ); - -#if defined(MBEDTLS_CIPHER_MODE_CBC) -/** - * \brief DES-CBC buffer encryption/decryption - * - * \note Upon exit, the content of the IV is updated so that you can - * call the function same function again on the following - * block(s) of data and get the same result as if it was - * encrypted in one call. This allows a "streaming" usage. - * If on the other hand you need to retain the contents of the - * IV, you should either save it manually or use the cipher - * module instead. - * - * \param ctx DES context - * \param mode MBEDTLS_DES_ENCRYPT or MBEDTLS_DES_DECRYPT - * \param length length of the input data - * \param iv initialization vector (updated after use) - * \param input buffer holding the input data - * \param output buffer holding the output data - * - * \warning DES is considered a weak cipher and its use constitutes a - * security risk. We recommend considering stronger ciphers - * instead. - */ -int mbedtls_des_crypt_cbc( mbedtls_des_context *ctx, - int mode, - size_t length, - unsigned char iv[8], - const unsigned char *input, - unsigned char *output ); -#endif /* MBEDTLS_CIPHER_MODE_CBC */ - -/** - * \brief 3DES-ECB block encryption/decryption - * - * \param ctx 3DES context - * \param input 64-bit input block - * \param output 64-bit output block - * - * \return 0 if successful - */ -int mbedtls_des3_crypt_ecb( mbedtls_des3_context *ctx, - const unsigned char input[8], - unsigned char output[8] ); - -#if defined(MBEDTLS_CIPHER_MODE_CBC) -/** - * \brief 3DES-CBC buffer encryption/decryption - * - * \note Upon exit, the content of the IV is updated so that you can - * call the function same function again on the following - * block(s) of data and get the same result as if it was - * encrypted in one call. This allows a "streaming" usage. - * If on the other hand you need to retain the contents of the - * IV, you should either save it manually or use the cipher - * module instead. - * - * \param ctx 3DES context - * \param mode MBEDTLS_DES_ENCRYPT or MBEDTLS_DES_DECRYPT - * \param length length of the input data - * \param iv initialization vector (updated after use) - * \param input buffer holding the input data - * \param output buffer holding the output data - * - * \return 0 if successful, or MBEDTLS_ERR_DES_INVALID_INPUT_LENGTH - */ -int mbedtls_des3_crypt_cbc( mbedtls_des3_context *ctx, - int mode, - size_t length, - unsigned char iv[8], - const unsigned char *input, - unsigned char *output ); -#endif /* MBEDTLS_CIPHER_MODE_CBC */ - -/** - * \brief Internal function for key expansion. - * (Only exposed to allow overriding it, - * see MBEDTLS_DES_SETKEY_ALT) - * - * \param SK Round keys - * \param key Base key - * - * \warning DES is considered a weak cipher and its use constitutes a - * security risk. We recommend considering stronger ciphers - * instead. - */ -void mbedtls_des_setkey( uint32_t SK[32], - const unsigned char key[MBEDTLS_DES_KEY_SIZE] ); - -#if defined(MBEDTLS_SELF_TEST) - -/** - * \brief Checkup routine - * - * \return 0 if successful, or 1 if the test failed - */ -int mbedtls_des_self_test( int verbose ); - -#endif /* MBEDTLS_SELF_TEST */ - -#ifdef __cplusplus -} -#endif - -#endif /* des.h */ diff --git a/windows/mbedtls/dhm.h b/windows/mbedtls/dhm.h deleted file mode 100644 index 75baed95..00000000 --- a/windows/mbedtls/dhm.h +++ /dev/null @@ -1,976 +0,0 @@ -/** - * \file dhm.h - * - * \brief This file contains Diffie-Hellman-Merkle (DHM) key exchange - * definitions and functions. - * - * Diffie-Hellman-Merkle (DHM) key exchange is defined in - * RFC-2631: Diffie-Hellman Key Agreement Method and - * Public-Key Cryptography Standards (PKCS) #3: Diffie - * Hellman Key Agreement Standard. - * - * RFC-3526: More Modular Exponential (MODP) Diffie-Hellman groups for - * Internet Key Exchange (IKE) defines a number of standardized - * Diffie-Hellman groups for IKE. - * - * RFC-5114: Additional Diffie-Hellman Groups for Use with IETF - * Standards defines a number of standardized Diffie-Hellman - * groups that can be used. - * - * \warning The security of the DHM key exchange relies on the proper choice - * of prime modulus - optimally, it should be a safe prime. The usage - * of non-safe primes both decreases the difficulty of the underlying - * discrete logarithm problem and can lead to small subgroup attacks - * leaking private exponent bits when invalid public keys are used - * and not detected. This is especially relevant if the same DHM - * parameters are reused for multiple key exchanges as in static DHM, - * while the criticality of small-subgroup attacks is lower for - * ephemeral DHM. - * - * \warning For performance reasons, the code does neither perform primality - * nor safe primality tests, nor the expensive checks for invalid - * subgroups. Moreover, even if these were performed, non-standardized - * primes cannot be trusted because of the possibility of backdoors - * that can't be effectively checked for. - * - * \warning Diffie-Hellman-Merkle is therefore a security risk when not using - * standardized primes generated using a trustworthy ("nothing up - * my sleeve") method, such as the RFC 3526 / 7919 primes. In the TLS - * protocol, DH parameters need to be negotiated, so using the default - * primes systematically is not always an option. If possible, use - * Elliptic Curve Diffie-Hellman (ECDH), which has better performance, - * and for which the TLS protocol mandates the use of standard - * parameters. - * - */ -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -#ifndef MBEDTLS_DHM_H -#define MBEDTLS_DHM_H -#include "mbedtls/private_access.h" - -#include "mbedtls/build_info.h" -#include "mbedtls/bignum.h" - -/* - * DHM Error codes - */ -#define MBEDTLS_ERR_DHM_BAD_INPUT_DATA -0x3080 /**< Bad input parameters. */ -#define MBEDTLS_ERR_DHM_READ_PARAMS_FAILED -0x3100 /**< Reading of the DHM parameters failed. */ -#define MBEDTLS_ERR_DHM_MAKE_PARAMS_FAILED -0x3180 /**< Making of the DHM parameters failed. */ -#define MBEDTLS_ERR_DHM_READ_PUBLIC_FAILED -0x3200 /**< Reading of the public values failed. */ -#define MBEDTLS_ERR_DHM_MAKE_PUBLIC_FAILED -0x3280 /**< Making of the public value failed. */ -#define MBEDTLS_ERR_DHM_CALC_SECRET_FAILED -0x3300 /**< Calculation of the DHM secret failed. */ -#define MBEDTLS_ERR_DHM_INVALID_FORMAT -0x3380 /**< The ASN.1 data is not formatted correctly. */ -#define MBEDTLS_ERR_DHM_ALLOC_FAILED -0x3400 /**< Allocation of memory failed. */ -#define MBEDTLS_ERR_DHM_FILE_IO_ERROR -0x3480 /**< Read or write of file failed. */ -#define MBEDTLS_ERR_DHM_SET_GROUP_FAILED -0x3580 /**< Setting the modulus and generator failed. */ - -/** Which parameter to access in mbedtls_dhm_get_value(). */ -typedef enum -{ - MBEDTLS_DHM_PARAM_P, /*!< The prime modulus. */ - MBEDTLS_DHM_PARAM_G, /*!< The generator. */ - MBEDTLS_DHM_PARAM_X, /*!< Our secret value. */ - MBEDTLS_DHM_PARAM_GX, /*!< Our public key = \c G^X mod \c P. */ - MBEDTLS_DHM_PARAM_GY, /*!< The public key of the peer = \c G^Y mod \c P. */ - MBEDTLS_DHM_PARAM_K, /*!< The shared secret = \c G^(XY) mod \c P. */ -} mbedtls_dhm_parameter; - -#ifdef __cplusplus -extern "C" { -#endif - -#if !defined(MBEDTLS_DHM_ALT) - -/** - * \brief The DHM context structure. - */ -typedef struct mbedtls_dhm_context -{ - mbedtls_mpi MBEDTLS_PRIVATE(P); /*!< The prime modulus. */ - mbedtls_mpi MBEDTLS_PRIVATE(G); /*!< The generator. */ - mbedtls_mpi MBEDTLS_PRIVATE(X); /*!< Our secret value. */ - mbedtls_mpi MBEDTLS_PRIVATE(GX); /*!< Our public key = \c G^X mod \c P. */ - mbedtls_mpi MBEDTLS_PRIVATE(GY); /*!< The public key of the peer = \c G^Y mod \c P. */ - mbedtls_mpi MBEDTLS_PRIVATE(K); /*!< The shared secret = \c G^(XY) mod \c P. */ - mbedtls_mpi MBEDTLS_PRIVATE(RP); /*!< The cached value = \c R^2 mod \c P. */ - mbedtls_mpi MBEDTLS_PRIVATE(Vi); /*!< The blinding value. */ - mbedtls_mpi MBEDTLS_PRIVATE(Vf); /*!< The unblinding value. */ - mbedtls_mpi MBEDTLS_PRIVATE(pX); /*!< The previous \c X. */ -} -mbedtls_dhm_context; - -#else /* MBEDTLS_DHM_ALT */ -#include "dhm_alt.h" -#endif /* MBEDTLS_DHM_ALT */ - -/** - * \brief This function initializes the DHM context. - * - * \param ctx The DHM context to initialize. - */ -void mbedtls_dhm_init( mbedtls_dhm_context *ctx ); - -/** - * \brief This function parses the DHM parameters in a - * TLS ServerKeyExchange handshake message - * (DHM modulus, generator, and public key). - * - * \note In a TLS handshake, this is the how the client - * sets up its DHM context from the server's public - * DHM key material. - * - * \param ctx The DHM context to use. This must be initialized. - * \param p On input, *p must be the start of the input buffer. - * On output, *p is updated to point to the end of the data - * that has been read. On success, this is the first byte - * past the end of the ServerKeyExchange parameters. - * On error, this is the point at which an error has been - * detected, which is usually not useful except to debug - * failures. - * \param end The end of the input buffer. - * - * \return \c 0 on success. - * \return An \c MBEDTLS_ERR_DHM_XXX error code on failure. - */ -int mbedtls_dhm_read_params( mbedtls_dhm_context *ctx, - unsigned char **p, - const unsigned char *end ); - -/** - * \brief This function generates a DHM key pair and exports its - * public part together with the DHM parameters in the format - * used in a TLS ServerKeyExchange handshake message. - * - * \note This function assumes that the DHM parameters \c ctx->P - * and \c ctx->G have already been properly set. For that, use - * mbedtls_dhm_set_group() below in conjunction with - * mbedtls_mpi_read_binary() and mbedtls_mpi_read_string(). - * - * \note In a TLS handshake, this is the how the server generates - * and exports its DHM key material. - * - * \param ctx The DHM context to use. This must be initialized - * and have the DHM parameters set. It may or may not - * already have imported the peer's public key. - * \param x_size The private key size in Bytes. - * \param olen The address at which to store the number of Bytes - * written on success. This must not be \c NULL. - * \param output The destination buffer. This must be a writable buffer of - * sufficient size to hold the reduced binary presentation of - * the modulus, the generator and the public key, each wrapped - * with a 2-byte length field. It is the responsibility of the - * caller to ensure that enough space is available. Refer to - * mbedtls_mpi_size() to computing the byte-size of an MPI. - * \param f_rng The RNG function. Must not be \c NULL. - * \param p_rng The RNG context to be passed to \p f_rng. This may be - * \c NULL if \p f_rng doesn't need a context parameter. - * - * \return \c 0 on success. - * \return An \c MBEDTLS_ERR_DHM_XXX error code on failure. - */ -int mbedtls_dhm_make_params( mbedtls_dhm_context *ctx, int x_size, - unsigned char *output, size_t *olen, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng ); - -/** - * \brief This function sets the prime modulus and generator. - * - * \note This function can be used to set \c ctx->P, \c ctx->G - * in preparation for mbedtls_dhm_make_params(). - * - * \param ctx The DHM context to configure. This must be initialized. - * \param P The MPI holding the DHM prime modulus. This must be - * an initialized MPI. - * \param G The MPI holding the DHM generator. This must be an - * initialized MPI. - * - * \return \c 0 if successful. - * \return An \c MBEDTLS_ERR_DHM_XXX error code on failure. - */ -int mbedtls_dhm_set_group( mbedtls_dhm_context *ctx, - const mbedtls_mpi *P, - const mbedtls_mpi *G ); - -/** - * \brief This function imports the raw public value of the peer. - * - * \note In a TLS handshake, this is the how the server imports - * the Client's public DHM key. - * - * \param ctx The DHM context to use. This must be initialized and have - * its DHM parameters set, e.g. via mbedtls_dhm_set_group(). - * It may or may not already have generated its own private key. - * \param input The input buffer containing the \c G^Y value of the peer. - * This must be a readable buffer of size \p ilen Bytes. - * \param ilen The size of the input buffer \p input in Bytes. - * - * \return \c 0 on success. - * \return An \c MBEDTLS_ERR_DHM_XXX error code on failure. - */ -int mbedtls_dhm_read_public( mbedtls_dhm_context *ctx, - const unsigned char *input, size_t ilen ); - -/** - * \brief This function creates a DHM key pair and exports - * the raw public key in big-endian format. - * - * \note The destination buffer is always fully written - * so as to contain a big-endian representation of G^X mod P. - * If it is larger than \c ctx->len, it is padded accordingly - * with zero-bytes at the beginning. - * - * \param ctx The DHM context to use. This must be initialized and - * have the DHM parameters set. It may or may not already - * have imported the peer's public key. - * \param x_size The private key size in Bytes. - * \param output The destination buffer. This must be a writable buffer of - * size \p olen Bytes. - * \param olen The length of the destination buffer. This must be at least - * equal to `ctx->len` (the size of \c P). - * \param f_rng The RNG function. This must not be \c NULL. - * \param p_rng The RNG context to be passed to \p f_rng. This may be \c NULL - * if \p f_rng doesn't need a context argument. - * - * \return \c 0 on success. - * \return An \c MBEDTLS_ERR_DHM_XXX error code on failure. - */ -int mbedtls_dhm_make_public( mbedtls_dhm_context *ctx, int x_size, - unsigned char *output, size_t olen, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng ); - -/** - * \brief This function derives and exports the shared secret - * \c (G^Y)^X mod \c P. - * - * \note If \p f_rng is not \c NULL, it is used to blind the input as - * a countermeasure against timing attacks. Blinding is used - * only if our private key \c X is re-used, and not used - * otherwise. We recommend always passing a non-NULL - * \p f_rng argument. - * - * \param ctx The DHM context to use. This must be initialized - * and have its own private key generated and the peer's - * public key imported. - * \param output The buffer to write the generated shared key to. This - * must be a writable buffer of size \p output_size Bytes. - * \param output_size The size of the destination buffer. This must be at - * least the size of \c ctx->len (the size of \c P). - * \param olen On exit, holds the actual number of Bytes written. - * \param f_rng The RNG function. Must not be \c NULL. Used for - * blinding. - * \param p_rng The RNG context to be passed to \p f_rng. This may be - * \c NULL if \p f_rng doesn't need a context parameter. - * - * \return \c 0 on success. - * \return An \c MBEDTLS_ERR_DHM_XXX error code on failure. - */ -int mbedtls_dhm_calc_secret( mbedtls_dhm_context *ctx, - unsigned char *output, size_t output_size, size_t *olen, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng ); - -/** - * \brief This function returns the size of the prime modulus in bits. - * - * \param ctx The DHM context to query. - * - * \return The size of the prime modulus in bits, - * i.e. the number n such that 2^(n-1) <= P < 2^n. - */ -size_t mbedtls_dhm_get_bitlen( const mbedtls_dhm_context *ctx ); - -/** - * \brief This function returns the size of the prime modulus in bytes. - * - * \param ctx The DHM context to query. - * - * \return The size of the prime modulus in bytes, - * i.e. the number n such that 2^(8*(n-1)) <= P < 2^(8*n). - */ -size_t mbedtls_dhm_get_len( const mbedtls_dhm_context *ctx ); - -/** - * \brief This function copies a parameter of a DHM key. - * - * \param ctx The DHM context to query. - * \param param The parameter to copy. - * \param dest The MPI object to copy the value into. It must be - * initialized. - * - * \return \c 0 on success. - * \return #MBEDTLS_ERR_DHM_BAD_INPUT_DATA if \p field is invalid. - * \return An \c MBEDTLS_ERR_MPI_XXX error code if the copy fails. - */ -int mbedtls_dhm_get_value( const mbedtls_dhm_context *ctx, - mbedtls_dhm_parameter param, - mbedtls_mpi *dest ); - -/** - * \brief This function frees and clears the components - * of a DHM context. - * - * \param ctx The DHM context to free and clear. This may be \c NULL, - * in which case this function is a no-op. If it is not \c NULL, - * it must point to an initialized DHM context. - */ -void mbedtls_dhm_free( mbedtls_dhm_context *ctx ); - -#if defined(MBEDTLS_ASN1_PARSE_C) -/** - * \brief This function parses DHM parameters in PEM or DER format. - * - * \param dhm The DHM context to import the DHM parameters into. - * This must be initialized. - * \param dhmin The input buffer. This must be a readable buffer of - * length \p dhminlen Bytes. - * \param dhminlen The size of the input buffer \p dhmin, including the - * terminating \c NULL Byte for PEM data. - * - * \return \c 0 on success. - * \return An \c MBEDTLS_ERR_DHM_XXX or \c MBEDTLS_ERR_PEM_XXX error - * code on failure. - */ -int mbedtls_dhm_parse_dhm( mbedtls_dhm_context *dhm, const unsigned char *dhmin, - size_t dhminlen ); - -#if defined(MBEDTLS_FS_IO) -/** - * \brief This function loads and parses DHM parameters from a file. - * - * \param dhm The DHM context to load the parameters to. - * This must be initialized. - * \param path The filename to read the DHM parameters from. - * This must not be \c NULL. - * - * \return \c 0 on success. - * \return An \c MBEDTLS_ERR_DHM_XXX or \c MBEDTLS_ERR_PEM_XXX - * error code on failure. - */ -int mbedtls_dhm_parse_dhmfile( mbedtls_dhm_context *dhm, const char *path ); -#endif /* MBEDTLS_FS_IO */ -#endif /* MBEDTLS_ASN1_PARSE_C */ - -#if defined(MBEDTLS_SELF_TEST) - -/** - * \brief The DMH checkup routine. - * - * \return \c 0 on success. - * \return \c 1 on failure. - */ -int mbedtls_dhm_self_test( int verbose ); - -#endif /* MBEDTLS_SELF_TEST */ -#ifdef __cplusplus -} -#endif - -/** - * RFC 3526, RFC 5114 and RFC 7919 standardize a number of - * Diffie-Hellman groups, some of which are included here - * for use within the SSL/TLS module and the user's convenience - * when configuring the Diffie-Hellman parameters by hand - * through \c mbedtls_ssl_conf_dh_param. - * - * The following lists the source of the above groups in the standards: - * - RFC 5114 section 2.2: 2048-bit MODP Group with 224-bit Prime Order Subgroup - * - RFC 3526 section 3: 2048-bit MODP Group - * - RFC 3526 section 4: 3072-bit MODP Group - * - RFC 3526 section 5: 4096-bit MODP Group - * - RFC 7919 section A.1: ffdhe2048 - * - RFC 7919 section A.2: ffdhe3072 - * - RFC 7919 section A.3: ffdhe4096 - * - RFC 7919 section A.4: ffdhe6144 - * - RFC 7919 section A.5: ffdhe8192 - * - * The constants with suffix "_p" denote the chosen prime moduli, while - * the constants with suffix "_g" denote the chosen generator - * of the associated prime field. - * - * The constants further suffixed with "_bin" are provided in binary format, - * while all other constants represent null-terminated strings holding the - * hexadecimal presentation of the respective numbers. - * - * The primes from RFC 3526 and RFC 7919 have been generating by the following - * trust-worthy procedure: - * - Fix N in { 2048, 3072, 4096, 6144, 8192 } and consider the N-bit number - * the first and last 64 bits are all 1, and the remaining N - 128 bits of - * which are 0x7ff...ff. - * - Add the smallest multiple of the first N - 129 bits of the binary expansion - * of pi (for RFC 5236) or e (for RFC 7919) to this intermediate bit-string - * such that the resulting integer is a safe-prime. - * - The result is the respective RFC 3526 / 7919 prime, and the corresponding - * generator is always chosen to be 2 (which is a square for these prime, - * hence the corresponding subgroup has order (p-1)/2 and avoids leaking a - * bit in the private exponent). - * - */ - -/* - * Trustworthy DHM parameters in binary form - */ - -#define MBEDTLS_DHM_RFC3526_MODP_2048_P_BIN { \ - 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \ - 0xC9, 0x0F, 0xDA, 0xA2, 0x21, 0x68, 0xC2, 0x34, \ - 0xC4, 0xC6, 0x62, 0x8B, 0x80, 0xDC, 0x1C, 0xD1, \ - 0x29, 0x02, 0x4E, 0x08, 0x8A, 0x67, 0xCC, 0x74, \ - 0x02, 0x0B, 0xBE, 0xA6, 0x3B, 0x13, 0x9B, 0x22, \ - 0x51, 0x4A, 0x08, 0x79, 0x8E, 0x34, 0x04, 0xDD, \ - 0xEF, 0x95, 0x19, 0xB3, 0xCD, 0x3A, 0x43, 0x1B, \ - 0x30, 0x2B, 0x0A, 0x6D, 0xF2, 0x5F, 0x14, 0x37, \ - 0x4F, 0xE1, 0x35, 0x6D, 0x6D, 0x51, 0xC2, 0x45, \ - 0xE4, 0x85, 0xB5, 0x76, 0x62, 0x5E, 0x7E, 0xC6, \ - 0xF4, 0x4C, 0x42, 0xE9, 0xA6, 0x37, 0xED, 0x6B, \ - 0x0B, 0xFF, 0x5C, 0xB6, 0xF4, 0x06, 0xB7, 0xED, \ - 0xEE, 0x38, 0x6B, 0xFB, 0x5A, 0x89, 0x9F, 0xA5, \ - 0xAE, 0x9F, 0x24, 0x11, 0x7C, 0x4B, 0x1F, 0xE6, \ - 0x49, 0x28, 0x66, 0x51, 0xEC, 0xE4, 0x5B, 0x3D, \ - 0xC2, 0x00, 0x7C, 0xB8, 0xA1, 0x63, 0xBF, 0x05, \ - 0x98, 0xDA, 0x48, 0x36, 0x1C, 0x55, 0xD3, 0x9A, \ - 0x69, 0x16, 0x3F, 0xA8, 0xFD, 0x24, 0xCF, 0x5F, \ - 0x83, 0x65, 0x5D, 0x23, 0xDC, 0xA3, 0xAD, 0x96, \ - 0x1C, 0x62, 0xF3, 0x56, 0x20, 0x85, 0x52, 0xBB, \ - 0x9E, 0xD5, 0x29, 0x07, 0x70, 0x96, 0x96, 0x6D, \ - 0x67, 0x0C, 0x35, 0x4E, 0x4A, 0xBC, 0x98, 0x04, \ - 0xF1, 0x74, 0x6C, 0x08, 0xCA, 0x18, 0x21, 0x7C, \ - 0x32, 0x90, 0x5E, 0x46, 0x2E, 0x36, 0xCE, 0x3B, \ - 0xE3, 0x9E, 0x77, 0x2C, 0x18, 0x0E, 0x86, 0x03, \ - 0x9B, 0x27, 0x83, 0xA2, 0xEC, 0x07, 0xA2, 0x8F, \ - 0xB5, 0xC5, 0x5D, 0xF0, 0x6F, 0x4C, 0x52, 0xC9, \ - 0xDE, 0x2B, 0xCB, 0xF6, 0x95, 0x58, 0x17, 0x18, \ - 0x39, 0x95, 0x49, 0x7C, 0xEA, 0x95, 0x6A, 0xE5, \ - 0x15, 0xD2, 0x26, 0x18, 0x98, 0xFA, 0x05, 0x10, \ - 0x15, 0x72, 0x8E, 0x5A, 0x8A, 0xAC, 0xAA, 0x68, \ - 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF } - -#define MBEDTLS_DHM_RFC3526_MODP_2048_G_BIN { 0x02 } - -#define MBEDTLS_DHM_RFC3526_MODP_3072_P_BIN { \ - 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \ - 0xC9, 0x0F, 0xDA, 0xA2, 0x21, 0x68, 0xC2, 0x34, \ - 0xC4, 0xC6, 0x62, 0x8B, 0x80, 0xDC, 0x1C, 0xD1, \ - 0x29, 0x02, 0x4E, 0x08, 0x8A, 0x67, 0xCC, 0x74, \ - 0x02, 0x0B, 0xBE, 0xA6, 0x3B, 0x13, 0x9B, 0x22, \ - 0x51, 0x4A, 0x08, 0x79, 0x8E, 0x34, 0x04, 0xDD, \ - 0xEF, 0x95, 0x19, 0xB3, 0xCD, 0x3A, 0x43, 0x1B, \ - 0x30, 0x2B, 0x0A, 0x6D, 0xF2, 0x5F, 0x14, 0x37, \ - 0x4F, 0xE1, 0x35, 0x6D, 0x6D, 0x51, 0xC2, 0x45, \ - 0xE4, 0x85, 0xB5, 0x76, 0x62, 0x5E, 0x7E, 0xC6, \ - 0xF4, 0x4C, 0x42, 0xE9, 0xA6, 0x37, 0xED, 0x6B, \ - 0x0B, 0xFF, 0x5C, 0xB6, 0xF4, 0x06, 0xB7, 0xED, \ - 0xEE, 0x38, 0x6B, 0xFB, 0x5A, 0x89, 0x9F, 0xA5, \ - 0xAE, 0x9F, 0x24, 0x11, 0x7C, 0x4B, 0x1F, 0xE6, \ - 0x49, 0x28, 0x66, 0x51, 0xEC, 0xE4, 0x5B, 0x3D, \ - 0xC2, 0x00, 0x7C, 0xB8, 0xA1, 0x63, 0xBF, 0x05, \ - 0x98, 0xDA, 0x48, 0x36, 0x1C, 0x55, 0xD3, 0x9A, \ - 0x69, 0x16, 0x3F, 0xA8, 0xFD, 0x24, 0xCF, 0x5F, \ - 0x83, 0x65, 0x5D, 0x23, 0xDC, 0xA3, 0xAD, 0x96, \ - 0x1C, 0x62, 0xF3, 0x56, 0x20, 0x85, 0x52, 0xBB, \ - 0x9E, 0xD5, 0x29, 0x07, 0x70, 0x96, 0x96, 0x6D, \ - 0x67, 0x0C, 0x35, 0x4E, 0x4A, 0xBC, 0x98, 0x04, \ - 0xF1, 0x74, 0x6C, 0x08, 0xCA, 0x18, 0x21, 0x7C, \ - 0x32, 0x90, 0x5E, 0x46, 0x2E, 0x36, 0xCE, 0x3B, \ - 0xE3, 0x9E, 0x77, 0x2C, 0x18, 0x0E, 0x86, 0x03, \ - 0x9B, 0x27, 0x83, 0xA2, 0xEC, 0x07, 0xA2, 0x8F, \ - 0xB5, 0xC5, 0x5D, 0xF0, 0x6F, 0x4C, 0x52, 0xC9, \ - 0xDE, 0x2B, 0xCB, 0xF6, 0x95, 0x58, 0x17, 0x18, \ - 0x39, 0x95, 0x49, 0x7C, 0xEA, 0x95, 0x6A, 0xE5, \ - 0x15, 0xD2, 0x26, 0x18, 0x98, 0xFA, 0x05, 0x10, \ - 0x15, 0x72, 0x8E, 0x5A, 0x8A, 0xAA, 0xC4, 0x2D, \ - 0xAD, 0x33, 0x17, 0x0D, 0x04, 0x50, 0x7A, 0x33, \ - 0xA8, 0x55, 0x21, 0xAB, 0xDF, 0x1C, 0xBA, 0x64, \ - 0xEC, 0xFB, 0x85, 0x04, 0x58, 0xDB, 0xEF, 0x0A, \ - 0x8A, 0xEA, 0x71, 0x57, 0x5D, 0x06, 0x0C, 0x7D, \ - 0xB3, 0x97, 0x0F, 0x85, 0xA6, 0xE1, 0xE4, 0xC7, \ - 0xAB, 0xF5, 0xAE, 0x8C, 0xDB, 0x09, 0x33, 0xD7, \ - 0x1E, 0x8C, 0x94, 0xE0, 0x4A, 0x25, 0x61, 0x9D, \ - 0xCE, 0xE3, 0xD2, 0x26, 0x1A, 0xD2, 0xEE, 0x6B, \ - 0xF1, 0x2F, 0xFA, 0x06, 0xD9, 0x8A, 0x08, 0x64, \ - 0xD8, 0x76, 0x02, 0x73, 0x3E, 0xC8, 0x6A, 0x64, \ - 0x52, 0x1F, 0x2B, 0x18, 0x17, 0x7B, 0x20, 0x0C, \ - 0xBB, 0xE1, 0x17, 0x57, 0x7A, 0x61, 0x5D, 0x6C, \ - 0x77, 0x09, 0x88, 0xC0, 0xBA, 0xD9, 0x46, 0xE2, \ - 0x08, 0xE2, 0x4F, 0xA0, 0x74, 0xE5, 0xAB, 0x31, \ - 0x43, 0xDB, 0x5B, 0xFC, 0xE0, 0xFD, 0x10, 0x8E, \ - 0x4B, 0x82, 0xD1, 0x20, 0xA9, 0x3A, 0xD2, 0xCA, \ - 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF } - -#define MBEDTLS_DHM_RFC3526_MODP_3072_G_BIN { 0x02 } - -#define MBEDTLS_DHM_RFC3526_MODP_4096_P_BIN { \ - 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \ - 0xC9, 0x0F, 0xDA, 0xA2, 0x21, 0x68, 0xC2, 0x34, \ - 0xC4, 0xC6, 0x62, 0x8B, 0x80, 0xDC, 0x1C, 0xD1, \ - 0x29, 0x02, 0x4E, 0x08, 0x8A, 0x67, 0xCC, 0x74, \ - 0x02, 0x0B, 0xBE, 0xA6, 0x3B, 0x13, 0x9B, 0x22, \ - 0x51, 0x4A, 0x08, 0x79, 0x8E, 0x34, 0x04, 0xDD, \ - 0xEF, 0x95, 0x19, 0xB3, 0xCD, 0x3A, 0x43, 0x1B, \ - 0x30, 0x2B, 0x0A, 0x6D, 0xF2, 0x5F, 0x14, 0x37, \ - 0x4F, 0xE1, 0x35, 0x6D, 0x6D, 0x51, 0xC2, 0x45, \ - 0xE4, 0x85, 0xB5, 0x76, 0x62, 0x5E, 0x7E, 0xC6, \ - 0xF4, 0x4C, 0x42, 0xE9, 0xA6, 0x37, 0xED, 0x6B, \ - 0x0B, 0xFF, 0x5C, 0xB6, 0xF4, 0x06, 0xB7, 0xED, \ - 0xEE, 0x38, 0x6B, 0xFB, 0x5A, 0x89, 0x9F, 0xA5, \ - 0xAE, 0x9F, 0x24, 0x11, 0x7C, 0x4B, 0x1F, 0xE6, \ - 0x49, 0x28, 0x66, 0x51, 0xEC, 0xE4, 0x5B, 0x3D, \ - 0xC2, 0x00, 0x7C, 0xB8, 0xA1, 0x63, 0xBF, 0x05, \ - 0x98, 0xDA, 0x48, 0x36, 0x1C, 0x55, 0xD3, 0x9A, \ - 0x69, 0x16, 0x3F, 0xA8, 0xFD, 0x24, 0xCF, 0x5F, \ - 0x83, 0x65, 0x5D, 0x23, 0xDC, 0xA3, 0xAD, 0x96, \ - 0x1C, 0x62, 0xF3, 0x56, 0x20, 0x85, 0x52, 0xBB, \ - 0x9E, 0xD5, 0x29, 0x07, 0x70, 0x96, 0x96, 0x6D, \ - 0x67, 0x0C, 0x35, 0x4E, 0x4A, 0xBC, 0x98, 0x04, \ - 0xF1, 0x74, 0x6C, 0x08, 0xCA, 0x18, 0x21, 0x7C, \ - 0x32, 0x90, 0x5E, 0x46, 0x2E, 0x36, 0xCE, 0x3B, \ - 0xE3, 0x9E, 0x77, 0x2C, 0x18, 0x0E, 0x86, 0x03, \ - 0x9B, 0x27, 0x83, 0xA2, 0xEC, 0x07, 0xA2, 0x8F, \ - 0xB5, 0xC5, 0x5D, 0xF0, 0x6F, 0x4C, 0x52, 0xC9, \ - 0xDE, 0x2B, 0xCB, 0xF6, 0x95, 0x58, 0x17, 0x18, \ - 0x39, 0x95, 0x49, 0x7C, 0xEA, 0x95, 0x6A, 0xE5, \ - 0x15, 0xD2, 0x26, 0x18, 0x98, 0xFA, 0x05, 0x10, \ - 0x15, 0x72, 0x8E, 0x5A, 0x8A, 0xAA, 0xC4, 0x2D, \ - 0xAD, 0x33, 0x17, 0x0D, 0x04, 0x50, 0x7A, 0x33, \ - 0xA8, 0x55, 0x21, 0xAB, 0xDF, 0x1C, 0xBA, 0x64, \ - 0xEC, 0xFB, 0x85, 0x04, 0x58, 0xDB, 0xEF, 0x0A, \ - 0x8A, 0xEA, 0x71, 0x57, 0x5D, 0x06, 0x0C, 0x7D, \ - 0xB3, 0x97, 0x0F, 0x85, 0xA6, 0xE1, 0xE4, 0xC7, \ - 0xAB, 0xF5, 0xAE, 0x8C, 0xDB, 0x09, 0x33, 0xD7, \ - 0x1E, 0x8C, 0x94, 0xE0, 0x4A, 0x25, 0x61, 0x9D, \ - 0xCE, 0xE3, 0xD2, 0x26, 0x1A, 0xD2, 0xEE, 0x6B, \ - 0xF1, 0x2F, 0xFA, 0x06, 0xD9, 0x8A, 0x08, 0x64, \ - 0xD8, 0x76, 0x02, 0x73, 0x3E, 0xC8, 0x6A, 0x64, \ - 0x52, 0x1F, 0x2B, 0x18, 0x17, 0x7B, 0x20, 0x0C, \ - 0xBB, 0xE1, 0x17, 0x57, 0x7A, 0x61, 0x5D, 0x6C, \ - 0x77, 0x09, 0x88, 0xC0, 0xBA, 0xD9, 0x46, 0xE2, \ - 0x08, 0xE2, 0x4F, 0xA0, 0x74, 0xE5, 0xAB, 0x31, \ - 0x43, 0xDB, 0x5B, 0xFC, 0xE0, 0xFD, 0x10, 0x8E, \ - 0x4B, 0x82, 0xD1, 0x20, 0xA9, 0x21, 0x08, 0x01, \ - 0x1A, 0x72, 0x3C, 0x12, 0xA7, 0x87, 0xE6, 0xD7, \ - 0x88, 0x71, 0x9A, 0x10, 0xBD, 0xBA, 0x5B, 0x26, \ - 0x99, 0xC3, 0x27, 0x18, 0x6A, 0xF4, 0xE2, 0x3C, \ - 0x1A, 0x94, 0x68, 0x34, 0xB6, 0x15, 0x0B, 0xDA, \ - 0x25, 0x83, 0xE9, 0xCA, 0x2A, 0xD4, 0x4C, 0xE8, \ - 0xDB, 0xBB, 0xC2, 0xDB, 0x04, 0xDE, 0x8E, 0xF9, \ - 0x2E, 0x8E, 0xFC, 0x14, 0x1F, 0xBE, 0xCA, 0xA6, \ - 0x28, 0x7C, 0x59, 0x47, 0x4E, 0x6B, 0xC0, 0x5D, \ - 0x99, 0xB2, 0x96, 0x4F, 0xA0, 0x90, 0xC3, 0xA2, \ - 0x23, 0x3B, 0xA1, 0x86, 0x51, 0x5B, 0xE7, 0xED, \ - 0x1F, 0x61, 0x29, 0x70, 0xCE, 0xE2, 0xD7, 0xAF, \ - 0xB8, 0x1B, 0xDD, 0x76, 0x21, 0x70, 0x48, 0x1C, \ - 0xD0, 0x06, 0x91, 0x27, 0xD5, 0xB0, 0x5A, 0xA9, \ - 0x93, 0xB4, 0xEA, 0x98, 0x8D, 0x8F, 0xDD, 0xC1, \ - 0x86, 0xFF, 0xB7, 0xDC, 0x90, 0xA6, 0xC0, 0x8F, \ - 0x4D, 0xF4, 0x35, 0xC9, 0x34, 0x06, 0x31, 0x99, \ - 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF } - -#define MBEDTLS_DHM_RFC3526_MODP_4096_G_BIN { 0x02 } - -#define MBEDTLS_DHM_RFC7919_FFDHE2048_P_BIN { \ - 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \ - 0xAD, 0xF8, 0x54, 0x58, 0xA2, 0xBB, 0x4A, 0x9A, \ - 0xAF, 0xDC, 0x56, 0x20, 0x27, 0x3D, 0x3C, 0xF1, \ - 0xD8, 0xB9, 0xC5, 0x83, 0xCE, 0x2D, 0x36, 0x95, \ - 0xA9, 0xE1, 0x36, 0x41, 0x14, 0x64, 0x33, 0xFB, \ - 0xCC, 0x93, 0x9D, 0xCE, 0x24, 0x9B, 0x3E, 0xF9, \ - 0x7D, 0x2F, 0xE3, 0x63, 0x63, 0x0C, 0x75, 0xD8, \ - 0xF6, 0x81, 0xB2, 0x02, 0xAE, 0xC4, 0x61, 0x7A, \ - 0xD3, 0xDF, 0x1E, 0xD5, 0xD5, 0xFD, 0x65, 0x61, \ - 0x24, 0x33, 0xF5, 0x1F, 0x5F, 0x06, 0x6E, 0xD0, \ - 0x85, 0x63, 0x65, 0x55, 0x3D, 0xED, 0x1A, 0xF3, \ - 0xB5, 0x57, 0x13, 0x5E, 0x7F, 0x57, 0xC9, 0x35, \ - 0x98, 0x4F, 0x0C, 0x70, 0xE0, 0xE6, 0x8B, 0x77, \ - 0xE2, 0xA6, 0x89, 0xDA, 0xF3, 0xEF, 0xE8, 0x72, \ - 0x1D, 0xF1, 0x58, 0xA1, 0x36, 0xAD, 0xE7, 0x35, \ - 0x30, 0xAC, 0xCA, 0x4F, 0x48, 0x3A, 0x79, 0x7A, \ - 0xBC, 0x0A, 0xB1, 0x82, 0xB3, 0x24, 0xFB, 0x61, \ - 0xD1, 0x08, 0xA9, 0x4B, 0xB2, 0xC8, 0xE3, 0xFB, \ - 0xB9, 0x6A, 0xDA, 0xB7, 0x60, 0xD7, 0xF4, 0x68, \ - 0x1D, 0x4F, 0x42, 0xA3, 0xDE, 0x39, 0x4D, 0xF4, \ - 0xAE, 0x56, 0xED, 0xE7, 0x63, 0x72, 0xBB, 0x19, \ - 0x0B, 0x07, 0xA7, 0xC8, 0xEE, 0x0A, 0x6D, 0x70, \ - 0x9E, 0x02, 0xFC, 0xE1, 0xCD, 0xF7, 0xE2, 0xEC, \ - 0xC0, 0x34, 0x04, 0xCD, 0x28, 0x34, 0x2F, 0x61, \ - 0x91, 0x72, 0xFE, 0x9C, 0xE9, 0x85, 0x83, 0xFF, \ - 0x8E, 0x4F, 0x12, 0x32, 0xEE, 0xF2, 0x81, 0x83, \ - 0xC3, 0xFE, 0x3B, 0x1B, 0x4C, 0x6F, 0xAD, 0x73, \ - 0x3B, 0xB5, 0xFC, 0xBC, 0x2E, 0xC2, 0x20, 0x05, \ - 0xC5, 0x8E, 0xF1, 0x83, 0x7D, 0x16, 0x83, 0xB2, \ - 0xC6, 0xF3, 0x4A, 0x26, 0xC1, 0xB2, 0xEF, 0xFA, \ - 0x88, 0x6B, 0x42, 0x38, 0x61, 0x28, 0x5C, 0x97, \ - 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, } - -#define MBEDTLS_DHM_RFC7919_FFDHE2048_G_BIN { 0x02 } - -#define MBEDTLS_DHM_RFC7919_FFDHE3072_P_BIN { \ - 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \ - 0xAD, 0xF8, 0x54, 0x58, 0xA2, 0xBB, 0x4A, 0x9A, \ - 0xAF, 0xDC, 0x56, 0x20, 0x27, 0x3D, 0x3C, 0xF1, \ - 0xD8, 0xB9, 0xC5, 0x83, 0xCE, 0x2D, 0x36, 0x95, \ - 0xA9, 0xE1, 0x36, 0x41, 0x14, 0x64, 0x33, 0xFB, \ - 0xCC, 0x93, 0x9D, 0xCE, 0x24, 0x9B, 0x3E, 0xF9, \ - 0x7D, 0x2F, 0xE3, 0x63, 0x63, 0x0C, 0x75, 0xD8, \ - 0xF6, 0x81, 0xB2, 0x02, 0xAE, 0xC4, 0x61, 0x7A, \ - 0xD3, 0xDF, 0x1E, 0xD5, 0xD5, 0xFD, 0x65, 0x61, \ - 0x24, 0x33, 0xF5, 0x1F, 0x5F, 0x06, 0x6E, 0xD0, \ - 0x85, 0x63, 0x65, 0x55, 0x3D, 0xED, 0x1A, 0xF3, \ - 0xB5, 0x57, 0x13, 0x5E, 0x7F, 0x57, 0xC9, 0x35, \ - 0x98, 0x4F, 0x0C, 0x70, 0xE0, 0xE6, 0x8B, 0x77, \ - 0xE2, 0xA6, 0x89, 0xDA, 0xF3, 0xEF, 0xE8, 0x72, \ - 0x1D, 0xF1, 0x58, 0xA1, 0x36, 0xAD, 0xE7, 0x35, \ - 0x30, 0xAC, 0xCA, 0x4F, 0x48, 0x3A, 0x79, 0x7A, \ - 0xBC, 0x0A, 0xB1, 0x82, 0xB3, 0x24, 0xFB, 0x61, \ - 0xD1, 0x08, 0xA9, 0x4B, 0xB2, 0xC8, 0xE3, 0xFB, \ - 0xB9, 0x6A, 0xDA, 0xB7, 0x60, 0xD7, 0xF4, 0x68, \ - 0x1D, 0x4F, 0x42, 0xA3, 0xDE, 0x39, 0x4D, 0xF4, \ - 0xAE, 0x56, 0xED, 0xE7, 0x63, 0x72, 0xBB, 0x19, \ - 0x0B, 0x07, 0xA7, 0xC8, 0xEE, 0x0A, 0x6D, 0x70, \ - 0x9E, 0x02, 0xFC, 0xE1, 0xCD, 0xF7, 0xE2, 0xEC, \ - 0xC0, 0x34, 0x04, 0xCD, 0x28, 0x34, 0x2F, 0x61, \ - 0x91, 0x72, 0xFE, 0x9C, 0xE9, 0x85, 0x83, 0xFF, \ - 0x8E, 0x4F, 0x12, 0x32, 0xEE, 0xF2, 0x81, 0x83, \ - 0xC3, 0xFE, 0x3B, 0x1B, 0x4C, 0x6F, 0xAD, 0x73, \ - 0x3B, 0xB5, 0xFC, 0xBC, 0x2E, 0xC2, 0x20, 0x05, \ - 0xC5, 0x8E, 0xF1, 0x83, 0x7D, 0x16, 0x83, 0xB2, \ - 0xC6, 0xF3, 0x4A, 0x26, 0xC1, 0xB2, 0xEF, 0xFA, \ - 0x88, 0x6B, 0x42, 0x38, 0x61, 0x1F, 0xCF, 0xDC, \ - 0xDE, 0x35, 0x5B, 0x3B, 0x65, 0x19, 0x03, 0x5B, \ - 0xBC, 0x34, 0xF4, 0xDE, 0xF9, 0x9C, 0x02, 0x38, \ - 0x61, 0xB4, 0x6F, 0xC9, 0xD6, 0xE6, 0xC9, 0x07, \ - 0x7A, 0xD9, 0x1D, 0x26, 0x91, 0xF7, 0xF7, 0xEE, \ - 0x59, 0x8C, 0xB0, 0xFA, 0xC1, 0x86, 0xD9, 0x1C, \ - 0xAE, 0xFE, 0x13, 0x09, 0x85, 0x13, 0x92, 0x70, \ - 0xB4, 0x13, 0x0C, 0x93, 0xBC, 0x43, 0x79, 0x44, \ - 0xF4, 0xFD, 0x44, 0x52, 0xE2, 0xD7, 0x4D, 0xD3, \ - 0x64, 0xF2, 0xE2, 0x1E, 0x71, 0xF5, 0x4B, 0xFF, \ - 0x5C, 0xAE, 0x82, 0xAB, 0x9C, 0x9D, 0xF6, 0x9E, \ - 0xE8, 0x6D, 0x2B, 0xC5, 0x22, 0x36, 0x3A, 0x0D, \ - 0xAB, 0xC5, 0x21, 0x97, 0x9B, 0x0D, 0xEA, 0xDA, \ - 0x1D, 0xBF, 0x9A, 0x42, 0xD5, 0xC4, 0x48, 0x4E, \ - 0x0A, 0xBC, 0xD0, 0x6B, 0xFA, 0x53, 0xDD, 0xEF, \ - 0x3C, 0x1B, 0x20, 0xEE, 0x3F, 0xD5, 0x9D, 0x7C, \ - 0x25, 0xE4, 0x1D, 0x2B, 0x66, 0xC6, 0x2E, 0x37, \ - 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF } - -#define MBEDTLS_DHM_RFC7919_FFDHE3072_G_BIN { 0x02 } - -#define MBEDTLS_DHM_RFC7919_FFDHE4096_P_BIN { \ - 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \ - 0xAD, 0xF8, 0x54, 0x58, 0xA2, 0xBB, 0x4A, 0x9A, \ - 0xAF, 0xDC, 0x56, 0x20, 0x27, 0x3D, 0x3C, 0xF1, \ - 0xD8, 0xB9, 0xC5, 0x83, 0xCE, 0x2D, 0x36, 0x95, \ - 0xA9, 0xE1, 0x36, 0x41, 0x14, 0x64, 0x33, 0xFB, \ - 0xCC, 0x93, 0x9D, 0xCE, 0x24, 0x9B, 0x3E, 0xF9, \ - 0x7D, 0x2F, 0xE3, 0x63, 0x63, 0x0C, 0x75, 0xD8, \ - 0xF6, 0x81, 0xB2, 0x02, 0xAE, 0xC4, 0x61, 0x7A, \ - 0xD3, 0xDF, 0x1E, 0xD5, 0xD5, 0xFD, 0x65, 0x61, \ - 0x24, 0x33, 0xF5, 0x1F, 0x5F, 0x06, 0x6E, 0xD0, \ - 0x85, 0x63, 0x65, 0x55, 0x3D, 0xED, 0x1A, 0xF3, \ - 0xB5, 0x57, 0x13, 0x5E, 0x7F, 0x57, 0xC9, 0x35, \ - 0x98, 0x4F, 0x0C, 0x70, 0xE0, 0xE6, 0x8B, 0x77, \ - 0xE2, 0xA6, 0x89, 0xDA, 0xF3, 0xEF, 0xE8, 0x72, \ - 0x1D, 0xF1, 0x58, 0xA1, 0x36, 0xAD, 0xE7, 0x35, \ - 0x30, 0xAC, 0xCA, 0x4F, 0x48, 0x3A, 0x79, 0x7A, \ - 0xBC, 0x0A, 0xB1, 0x82, 0xB3, 0x24, 0xFB, 0x61, \ - 0xD1, 0x08, 0xA9, 0x4B, 0xB2, 0xC8, 0xE3, 0xFB, \ - 0xB9, 0x6A, 0xDA, 0xB7, 0x60, 0xD7, 0xF4, 0x68, \ - 0x1D, 0x4F, 0x42, 0xA3, 0xDE, 0x39, 0x4D, 0xF4, \ - 0xAE, 0x56, 0xED, 0xE7, 0x63, 0x72, 0xBB, 0x19, \ - 0x0B, 0x07, 0xA7, 0xC8, 0xEE, 0x0A, 0x6D, 0x70, \ - 0x9E, 0x02, 0xFC, 0xE1, 0xCD, 0xF7, 0xE2, 0xEC, \ - 0xC0, 0x34, 0x04, 0xCD, 0x28, 0x34, 0x2F, 0x61, \ - 0x91, 0x72, 0xFE, 0x9C, 0xE9, 0x85, 0x83, 0xFF, \ - 0x8E, 0x4F, 0x12, 0x32, 0xEE, 0xF2, 0x81, 0x83, \ - 0xC3, 0xFE, 0x3B, 0x1B, 0x4C, 0x6F, 0xAD, 0x73, \ - 0x3B, 0xB5, 0xFC, 0xBC, 0x2E, 0xC2, 0x20, 0x05, \ - 0xC5, 0x8E, 0xF1, 0x83, 0x7D, 0x16, 0x83, 0xB2, \ - 0xC6, 0xF3, 0x4A, 0x26, 0xC1, 0xB2, 0xEF, 0xFA, \ - 0x88, 0x6B, 0x42, 0x38, 0x61, 0x1F, 0xCF, 0xDC, \ - 0xDE, 0x35, 0x5B, 0x3B, 0x65, 0x19, 0x03, 0x5B, \ - 0xBC, 0x34, 0xF4, 0xDE, 0xF9, 0x9C, 0x02, 0x38, \ - 0x61, 0xB4, 0x6F, 0xC9, 0xD6, 0xE6, 0xC9, 0x07, \ - 0x7A, 0xD9, 0x1D, 0x26, 0x91, 0xF7, 0xF7, 0xEE, \ - 0x59, 0x8C, 0xB0, 0xFA, 0xC1, 0x86, 0xD9, 0x1C, \ - 0xAE, 0xFE, 0x13, 0x09, 0x85, 0x13, 0x92, 0x70, \ - 0xB4, 0x13, 0x0C, 0x93, 0xBC, 0x43, 0x79, 0x44, \ - 0xF4, 0xFD, 0x44, 0x52, 0xE2, 0xD7, 0x4D, 0xD3, \ - 0x64, 0xF2, 0xE2, 0x1E, 0x71, 0xF5, 0x4B, 0xFF, \ - 0x5C, 0xAE, 0x82, 0xAB, 0x9C, 0x9D, 0xF6, 0x9E, \ - 0xE8, 0x6D, 0x2B, 0xC5, 0x22, 0x36, 0x3A, 0x0D, \ - 0xAB, 0xC5, 0x21, 0x97, 0x9B, 0x0D, 0xEA, 0xDA, \ - 0x1D, 0xBF, 0x9A, 0x42, 0xD5, 0xC4, 0x48, 0x4E, \ - 0x0A, 0xBC, 0xD0, 0x6B, 0xFA, 0x53, 0xDD, 0xEF, \ - 0x3C, 0x1B, 0x20, 0xEE, 0x3F, 0xD5, 0x9D, 0x7C, \ - 0x25, 0xE4, 0x1D, 0x2B, 0x66, 0x9E, 0x1E, 0xF1, \ - 0x6E, 0x6F, 0x52, 0xC3, 0x16, 0x4D, 0xF4, 0xFB, \ - 0x79, 0x30, 0xE9, 0xE4, 0xE5, 0x88, 0x57, 0xB6, \ - 0xAC, 0x7D, 0x5F, 0x42, 0xD6, 0x9F, 0x6D, 0x18, \ - 0x77, 0x63, 0xCF, 0x1D, 0x55, 0x03, 0x40, 0x04, \ - 0x87, 0xF5, 0x5B, 0xA5, 0x7E, 0x31, 0xCC, 0x7A, \ - 0x71, 0x35, 0xC8, 0x86, 0xEF, 0xB4, 0x31, 0x8A, \ - 0xED, 0x6A, 0x1E, 0x01, 0x2D, 0x9E, 0x68, 0x32, \ - 0xA9, 0x07, 0x60, 0x0A, 0x91, 0x81, 0x30, 0xC4, \ - 0x6D, 0xC7, 0x78, 0xF9, 0x71, 0xAD, 0x00, 0x38, \ - 0x09, 0x29, 0x99, 0xA3, 0x33, 0xCB, 0x8B, 0x7A, \ - 0x1A, 0x1D, 0xB9, 0x3D, 0x71, 0x40, 0x00, 0x3C, \ - 0x2A, 0x4E, 0xCE, 0xA9, 0xF9, 0x8D, 0x0A, 0xCC, \ - 0x0A, 0x82, 0x91, 0xCD, 0xCE, 0xC9, 0x7D, 0xCF, \ - 0x8E, 0xC9, 0xB5, 0x5A, 0x7F, 0x88, 0xA4, 0x6B, \ - 0x4D, 0xB5, 0xA8, 0x51, 0xF4, 0x41, 0x82, 0xE1, \ - 0xC6, 0x8A, 0x00, 0x7E, 0x5E, 0x65, 0x5F, 0x6A, \ - 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF } - -#define MBEDTLS_DHM_RFC7919_FFDHE4096_G_BIN { 0x02 } - -#define MBEDTLS_DHM_RFC7919_FFDHE6144_P_BIN { \ - 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \ - 0xAD, 0xF8, 0x54, 0x58, 0xA2, 0xBB, 0x4A, 0x9A, \ - 0xAF, 0xDC, 0x56, 0x20, 0x27, 0x3D, 0x3C, 0xF1, \ - 0xD8, 0xB9, 0xC5, 0x83, 0xCE, 0x2D, 0x36, 0x95, \ - 0xA9, 0xE1, 0x36, 0x41, 0x14, 0x64, 0x33, 0xFB, \ - 0xCC, 0x93, 0x9D, 0xCE, 0x24, 0x9B, 0x3E, 0xF9, \ - 0x7D, 0x2F, 0xE3, 0x63, 0x63, 0x0C, 0x75, 0xD8, \ - 0xF6, 0x81, 0xB2, 0x02, 0xAE, 0xC4, 0x61, 0x7A, \ - 0xD3, 0xDF, 0x1E, 0xD5, 0xD5, 0xFD, 0x65, 0x61, \ - 0x24, 0x33, 0xF5, 0x1F, 0x5F, 0x06, 0x6E, 0xD0, \ - 0x85, 0x63, 0x65, 0x55, 0x3D, 0xED, 0x1A, 0xF3, \ - 0xB5, 0x57, 0x13, 0x5E, 0x7F, 0x57, 0xC9, 0x35, \ - 0x98, 0x4F, 0x0C, 0x70, 0xE0, 0xE6, 0x8B, 0x77, \ - 0xE2, 0xA6, 0x89, 0xDA, 0xF3, 0xEF, 0xE8, 0x72, \ - 0x1D, 0xF1, 0x58, 0xA1, 0x36, 0xAD, 0xE7, 0x35, \ - 0x30, 0xAC, 0xCA, 0x4F, 0x48, 0x3A, 0x79, 0x7A, \ - 0xBC, 0x0A, 0xB1, 0x82, 0xB3, 0x24, 0xFB, 0x61, \ - 0xD1, 0x08, 0xA9, 0x4B, 0xB2, 0xC8, 0xE3, 0xFB, \ - 0xB9, 0x6A, 0xDA, 0xB7, 0x60, 0xD7, 0xF4, 0x68, \ - 0x1D, 0x4F, 0x42, 0xA3, 0xDE, 0x39, 0x4D, 0xF4, \ - 0xAE, 0x56, 0xED, 0xE7, 0x63, 0x72, 0xBB, 0x19, \ - 0x0B, 0x07, 0xA7, 0xC8, 0xEE, 0x0A, 0x6D, 0x70, \ - 0x9E, 0x02, 0xFC, 0xE1, 0xCD, 0xF7, 0xE2, 0xEC, \ - 0xC0, 0x34, 0x04, 0xCD, 0x28, 0x34, 0x2F, 0x61, \ - 0x91, 0x72, 0xFE, 0x9C, 0xE9, 0x85, 0x83, 0xFF, \ - 0x8E, 0x4F, 0x12, 0x32, 0xEE, 0xF2, 0x81, 0x83, \ - 0xC3, 0xFE, 0x3B, 0x1B, 0x4C, 0x6F, 0xAD, 0x73, \ - 0x3B, 0xB5, 0xFC, 0xBC, 0x2E, 0xC2, 0x20, 0x05, \ - 0xC5, 0x8E, 0xF1, 0x83, 0x7D, 0x16, 0x83, 0xB2, \ - 0xC6, 0xF3, 0x4A, 0x26, 0xC1, 0xB2, 0xEF, 0xFA, \ - 0x88, 0x6B, 0x42, 0x38, 0x61, 0x1F, 0xCF, 0xDC, \ - 0xDE, 0x35, 0x5B, 0x3B, 0x65, 0x19, 0x03, 0x5B, \ - 0xBC, 0x34, 0xF4, 0xDE, 0xF9, 0x9C, 0x02, 0x38, \ - 0x61, 0xB4, 0x6F, 0xC9, 0xD6, 0xE6, 0xC9, 0x07, \ - 0x7A, 0xD9, 0x1D, 0x26, 0x91, 0xF7, 0xF7, 0xEE, \ - 0x59, 0x8C, 0xB0, 0xFA, 0xC1, 0x86, 0xD9, 0x1C, \ - 0xAE, 0xFE, 0x13, 0x09, 0x85, 0x13, 0x92, 0x70, \ - 0xB4, 0x13, 0x0C, 0x93, 0xBC, 0x43, 0x79, 0x44, \ - 0xF4, 0xFD, 0x44, 0x52, 0xE2, 0xD7, 0x4D, 0xD3, \ - 0x64, 0xF2, 0xE2, 0x1E, 0x71, 0xF5, 0x4B, 0xFF, \ - 0x5C, 0xAE, 0x82, 0xAB, 0x9C, 0x9D, 0xF6, 0x9E, \ - 0xE8, 0x6D, 0x2B, 0xC5, 0x22, 0x36, 0x3A, 0x0D, \ - 0xAB, 0xC5, 0x21, 0x97, 0x9B, 0x0D, 0xEA, 0xDA, \ - 0x1D, 0xBF, 0x9A, 0x42, 0xD5, 0xC4, 0x48, 0x4E, \ - 0x0A, 0xBC, 0xD0, 0x6B, 0xFA, 0x53, 0xDD, 0xEF, \ - 0x3C, 0x1B, 0x20, 0xEE, 0x3F, 0xD5, 0x9D, 0x7C, \ - 0x25, 0xE4, 0x1D, 0x2B, 0x66, 0x9E, 0x1E, 0xF1, \ - 0x6E, 0x6F, 0x52, 0xC3, 0x16, 0x4D, 0xF4, 0xFB, \ - 0x79, 0x30, 0xE9, 0xE4, 0xE5, 0x88, 0x57, 0xB6, \ - 0xAC, 0x7D, 0x5F, 0x42, 0xD6, 0x9F, 0x6D, 0x18, \ - 0x77, 0x63, 0xCF, 0x1D, 0x55, 0x03, 0x40, 0x04, \ - 0x87, 0xF5, 0x5B, 0xA5, 0x7E, 0x31, 0xCC, 0x7A, \ - 0x71, 0x35, 0xC8, 0x86, 0xEF, 0xB4, 0x31, 0x8A, \ - 0xED, 0x6A, 0x1E, 0x01, 0x2D, 0x9E, 0x68, 0x32, \ - 0xA9, 0x07, 0x60, 0x0A, 0x91, 0x81, 0x30, 0xC4, \ - 0x6D, 0xC7, 0x78, 0xF9, 0x71, 0xAD, 0x00, 0x38, \ - 0x09, 0x29, 0x99, 0xA3, 0x33, 0xCB, 0x8B, 0x7A, \ - 0x1A, 0x1D, 0xB9, 0x3D, 0x71, 0x40, 0x00, 0x3C, \ - 0x2A, 0x4E, 0xCE, 0xA9, 0xF9, 0x8D, 0x0A, 0xCC, \ - 0x0A, 0x82, 0x91, 0xCD, 0xCE, 0xC9, 0x7D, 0xCF, \ - 0x8E, 0xC9, 0xB5, 0x5A, 0x7F, 0x88, 0xA4, 0x6B, \ - 0x4D, 0xB5, 0xA8, 0x51, 0xF4, 0x41, 0x82, 0xE1, \ - 0xC6, 0x8A, 0x00, 0x7E, 0x5E, 0x0D, 0xD9, 0x02, \ - 0x0B, 0xFD, 0x64, 0xB6, 0x45, 0x03, 0x6C, 0x7A, \ - 0x4E, 0x67, 0x7D, 0x2C, 0x38, 0x53, 0x2A, 0x3A, \ - 0x23, 0xBA, 0x44, 0x42, 0xCA, 0xF5, 0x3E, 0xA6, \ - 0x3B, 0xB4, 0x54, 0x32, 0x9B, 0x76, 0x24, 0xC8, \ - 0x91, 0x7B, 0xDD, 0x64, 0xB1, 0xC0, 0xFD, 0x4C, \ - 0xB3, 0x8E, 0x8C, 0x33, 0x4C, 0x70, 0x1C, 0x3A, \ - 0xCD, 0xAD, 0x06, 0x57, 0xFC, 0xCF, 0xEC, 0x71, \ - 0x9B, 0x1F, 0x5C, 0x3E, 0x4E, 0x46, 0x04, 0x1F, \ - 0x38, 0x81, 0x47, 0xFB, 0x4C, 0xFD, 0xB4, 0x77, \ - 0xA5, 0x24, 0x71, 0xF7, 0xA9, 0xA9, 0x69, 0x10, \ - 0xB8, 0x55, 0x32, 0x2E, 0xDB, 0x63, 0x40, 0xD8, \ - 0xA0, 0x0E, 0xF0, 0x92, 0x35, 0x05, 0x11, 0xE3, \ - 0x0A, 0xBE, 0xC1, 0xFF, 0xF9, 0xE3, 0xA2, 0x6E, \ - 0x7F, 0xB2, 0x9F, 0x8C, 0x18, 0x30, 0x23, 0xC3, \ - 0x58, 0x7E, 0x38, 0xDA, 0x00, 0x77, 0xD9, 0xB4, \ - 0x76, 0x3E, 0x4E, 0x4B, 0x94, 0xB2, 0xBB, 0xC1, \ - 0x94, 0xC6, 0x65, 0x1E, 0x77, 0xCA, 0xF9, 0x92, \ - 0xEE, 0xAA, 0xC0, 0x23, 0x2A, 0x28, 0x1B, 0xF6, \ - 0xB3, 0xA7, 0x39, 0xC1, 0x22, 0x61, 0x16, 0x82, \ - 0x0A, 0xE8, 0xDB, 0x58, 0x47, 0xA6, 0x7C, 0xBE, \ - 0xF9, 0xC9, 0x09, 0x1B, 0x46, 0x2D, 0x53, 0x8C, \ - 0xD7, 0x2B, 0x03, 0x74, 0x6A, 0xE7, 0x7F, 0x5E, \ - 0x62, 0x29, 0x2C, 0x31, 0x15, 0x62, 0xA8, 0x46, \ - 0x50, 0x5D, 0xC8, 0x2D, 0xB8, 0x54, 0x33, 0x8A, \ - 0xE4, 0x9F, 0x52, 0x35, 0xC9, 0x5B, 0x91, 0x17, \ - 0x8C, 0xCF, 0x2D, 0xD5, 0xCA, 0xCE, 0xF4, 0x03, \ - 0xEC, 0x9D, 0x18, 0x10, 0xC6, 0x27, 0x2B, 0x04, \ - 0x5B, 0x3B, 0x71, 0xF9, 0xDC, 0x6B, 0x80, 0xD6, \ - 0x3F, 0xDD, 0x4A, 0x8E, 0x9A, 0xDB, 0x1E, 0x69, \ - 0x62, 0xA6, 0x95, 0x26, 0xD4, 0x31, 0x61, 0xC1, \ - 0xA4, 0x1D, 0x57, 0x0D, 0x79, 0x38, 0xDA, 0xD4, \ - 0xA4, 0x0E, 0x32, 0x9C, 0xD0, 0xE4, 0x0E, 0x65, \ - 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF } - -#define MBEDTLS_DHM_RFC7919_FFDHE6144_G_BIN { 0x02 } - -#define MBEDTLS_DHM_RFC7919_FFDHE8192_P_BIN { \ - 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \ - 0xAD, 0xF8, 0x54, 0x58, 0xA2, 0xBB, 0x4A, 0x9A, \ - 0xAF, 0xDC, 0x56, 0x20, 0x27, 0x3D, 0x3C, 0xF1, \ - 0xD8, 0xB9, 0xC5, 0x83, 0xCE, 0x2D, 0x36, 0x95, \ - 0xA9, 0xE1, 0x36, 0x41, 0x14, 0x64, 0x33, 0xFB, \ - 0xCC, 0x93, 0x9D, 0xCE, 0x24, 0x9B, 0x3E, 0xF9, \ - 0x7D, 0x2F, 0xE3, 0x63, 0x63, 0x0C, 0x75, 0xD8, \ - 0xF6, 0x81, 0xB2, 0x02, 0xAE, 0xC4, 0x61, 0x7A, \ - 0xD3, 0xDF, 0x1E, 0xD5, 0xD5, 0xFD, 0x65, 0x61, \ - 0x24, 0x33, 0xF5, 0x1F, 0x5F, 0x06, 0x6E, 0xD0, \ - 0x85, 0x63, 0x65, 0x55, 0x3D, 0xED, 0x1A, 0xF3, \ - 0xB5, 0x57, 0x13, 0x5E, 0x7F, 0x57, 0xC9, 0x35, \ - 0x98, 0x4F, 0x0C, 0x70, 0xE0, 0xE6, 0x8B, 0x77, \ - 0xE2, 0xA6, 0x89, 0xDA, 0xF3, 0xEF, 0xE8, 0x72, \ - 0x1D, 0xF1, 0x58, 0xA1, 0x36, 0xAD, 0xE7, 0x35, \ - 0x30, 0xAC, 0xCA, 0x4F, 0x48, 0x3A, 0x79, 0x7A, \ - 0xBC, 0x0A, 0xB1, 0x82, 0xB3, 0x24, 0xFB, 0x61, \ - 0xD1, 0x08, 0xA9, 0x4B, 0xB2, 0xC8, 0xE3, 0xFB, \ - 0xB9, 0x6A, 0xDA, 0xB7, 0x60, 0xD7, 0xF4, 0x68, \ - 0x1D, 0x4F, 0x42, 0xA3, 0xDE, 0x39, 0x4D, 0xF4, \ - 0xAE, 0x56, 0xED, 0xE7, 0x63, 0x72, 0xBB, 0x19, \ - 0x0B, 0x07, 0xA7, 0xC8, 0xEE, 0x0A, 0x6D, 0x70, \ - 0x9E, 0x02, 0xFC, 0xE1, 0xCD, 0xF7, 0xE2, 0xEC, \ - 0xC0, 0x34, 0x04, 0xCD, 0x28, 0x34, 0x2F, 0x61, \ - 0x91, 0x72, 0xFE, 0x9C, 0xE9, 0x85, 0x83, 0xFF, \ - 0x8E, 0x4F, 0x12, 0x32, 0xEE, 0xF2, 0x81, 0x83, \ - 0xC3, 0xFE, 0x3B, 0x1B, 0x4C, 0x6F, 0xAD, 0x73, \ - 0x3B, 0xB5, 0xFC, 0xBC, 0x2E, 0xC2, 0x20, 0x05, \ - 0xC5, 0x8E, 0xF1, 0x83, 0x7D, 0x16, 0x83, 0xB2, \ - 0xC6, 0xF3, 0x4A, 0x26, 0xC1, 0xB2, 0xEF, 0xFA, \ - 0x88, 0x6B, 0x42, 0x38, 0x61, 0x1F, 0xCF, 0xDC, \ - 0xDE, 0x35, 0x5B, 0x3B, 0x65, 0x19, 0x03, 0x5B, \ - 0xBC, 0x34, 0xF4, 0xDE, 0xF9, 0x9C, 0x02, 0x38, \ - 0x61, 0xB4, 0x6F, 0xC9, 0xD6, 0xE6, 0xC9, 0x07, \ - 0x7A, 0xD9, 0x1D, 0x26, 0x91, 0xF7, 0xF7, 0xEE, \ - 0x59, 0x8C, 0xB0, 0xFA, 0xC1, 0x86, 0xD9, 0x1C, \ - 0xAE, 0xFE, 0x13, 0x09, 0x85, 0x13, 0x92, 0x70, \ - 0xB4, 0x13, 0x0C, 0x93, 0xBC, 0x43, 0x79, 0x44, \ - 0xF4, 0xFD, 0x44, 0x52, 0xE2, 0xD7, 0x4D, 0xD3, \ - 0x64, 0xF2, 0xE2, 0x1E, 0x71, 0xF5, 0x4B, 0xFF, \ - 0x5C, 0xAE, 0x82, 0xAB, 0x9C, 0x9D, 0xF6, 0x9E, \ - 0xE8, 0x6D, 0x2B, 0xC5, 0x22, 0x36, 0x3A, 0x0D, \ - 0xAB, 0xC5, 0x21, 0x97, 0x9B, 0x0D, 0xEA, 0xDA, \ - 0x1D, 0xBF, 0x9A, 0x42, 0xD5, 0xC4, 0x48, 0x4E, \ - 0x0A, 0xBC, 0xD0, 0x6B, 0xFA, 0x53, 0xDD, 0xEF, \ - 0x3C, 0x1B, 0x20, 0xEE, 0x3F, 0xD5, 0x9D, 0x7C, \ - 0x25, 0xE4, 0x1D, 0x2B, 0x66, 0x9E, 0x1E, 0xF1, \ - 0x6E, 0x6F, 0x52, 0xC3, 0x16, 0x4D, 0xF4, 0xFB, \ - 0x79, 0x30, 0xE9, 0xE4, 0xE5, 0x88, 0x57, 0xB6, \ - 0xAC, 0x7D, 0x5F, 0x42, 0xD6, 0x9F, 0x6D, 0x18, \ - 0x77, 0x63, 0xCF, 0x1D, 0x55, 0x03, 0x40, 0x04, \ - 0x87, 0xF5, 0x5B, 0xA5, 0x7E, 0x31, 0xCC, 0x7A, \ - 0x71, 0x35, 0xC8, 0x86, 0xEF, 0xB4, 0x31, 0x8A, \ - 0xED, 0x6A, 0x1E, 0x01, 0x2D, 0x9E, 0x68, 0x32, \ - 0xA9, 0x07, 0x60, 0x0A, 0x91, 0x81, 0x30, 0xC4, \ - 0x6D, 0xC7, 0x78, 0xF9, 0x71, 0xAD, 0x00, 0x38, \ - 0x09, 0x29, 0x99, 0xA3, 0x33, 0xCB, 0x8B, 0x7A, \ - 0x1A, 0x1D, 0xB9, 0x3D, 0x71, 0x40, 0x00, 0x3C, \ - 0x2A, 0x4E, 0xCE, 0xA9, 0xF9, 0x8D, 0x0A, 0xCC, \ - 0x0A, 0x82, 0x91, 0xCD, 0xCE, 0xC9, 0x7D, 0xCF, \ - 0x8E, 0xC9, 0xB5, 0x5A, 0x7F, 0x88, 0xA4, 0x6B, \ - 0x4D, 0xB5, 0xA8, 0x51, 0xF4, 0x41, 0x82, 0xE1, \ - 0xC6, 0x8A, 0x00, 0x7E, 0x5E, 0x0D, 0xD9, 0x02, \ - 0x0B, 0xFD, 0x64, 0xB6, 0x45, 0x03, 0x6C, 0x7A, \ - 0x4E, 0x67, 0x7D, 0x2C, 0x38, 0x53, 0x2A, 0x3A, \ - 0x23, 0xBA, 0x44, 0x42, 0xCA, 0xF5, 0x3E, 0xA6, \ - 0x3B, 0xB4, 0x54, 0x32, 0x9B, 0x76, 0x24, 0xC8, \ - 0x91, 0x7B, 0xDD, 0x64, 0xB1, 0xC0, 0xFD, 0x4C, \ - 0xB3, 0x8E, 0x8C, 0x33, 0x4C, 0x70, 0x1C, 0x3A, \ - 0xCD, 0xAD, 0x06, 0x57, 0xFC, 0xCF, 0xEC, 0x71, \ - 0x9B, 0x1F, 0x5C, 0x3E, 0x4E, 0x46, 0x04, 0x1F, \ - 0x38, 0x81, 0x47, 0xFB, 0x4C, 0xFD, 0xB4, 0x77, \ - 0xA5, 0x24, 0x71, 0xF7, 0xA9, 0xA9, 0x69, 0x10, \ - 0xB8, 0x55, 0x32, 0x2E, 0xDB, 0x63, 0x40, 0xD8, \ - 0xA0, 0x0E, 0xF0, 0x92, 0x35, 0x05, 0x11, 0xE3, \ - 0x0A, 0xBE, 0xC1, 0xFF, 0xF9, 0xE3, 0xA2, 0x6E, \ - 0x7F, 0xB2, 0x9F, 0x8C, 0x18, 0x30, 0x23, 0xC3, \ - 0x58, 0x7E, 0x38, 0xDA, 0x00, 0x77, 0xD9, 0xB4, \ - 0x76, 0x3E, 0x4E, 0x4B, 0x94, 0xB2, 0xBB, 0xC1, \ - 0x94, 0xC6, 0x65, 0x1E, 0x77, 0xCA, 0xF9, 0x92, \ - 0xEE, 0xAA, 0xC0, 0x23, 0x2A, 0x28, 0x1B, 0xF6, \ - 0xB3, 0xA7, 0x39, 0xC1, 0x22, 0x61, 0x16, 0x82, \ - 0x0A, 0xE8, 0xDB, 0x58, 0x47, 0xA6, 0x7C, 0xBE, \ - 0xF9, 0xC9, 0x09, 0x1B, 0x46, 0x2D, 0x53, 0x8C, \ - 0xD7, 0x2B, 0x03, 0x74, 0x6A, 0xE7, 0x7F, 0x5E, \ - 0x62, 0x29, 0x2C, 0x31, 0x15, 0x62, 0xA8, 0x46, \ - 0x50, 0x5D, 0xC8, 0x2D, 0xB8, 0x54, 0x33, 0x8A, \ - 0xE4, 0x9F, 0x52, 0x35, 0xC9, 0x5B, 0x91, 0x17, \ - 0x8C, 0xCF, 0x2D, 0xD5, 0xCA, 0xCE, 0xF4, 0x03, \ - 0xEC, 0x9D, 0x18, 0x10, 0xC6, 0x27, 0x2B, 0x04, \ - 0x5B, 0x3B, 0x71, 0xF9, 0xDC, 0x6B, 0x80, 0xD6, \ - 0x3F, 0xDD, 0x4A, 0x8E, 0x9A, 0xDB, 0x1E, 0x69, \ - 0x62, 0xA6, 0x95, 0x26, 0xD4, 0x31, 0x61, 0xC1, \ - 0xA4, 0x1D, 0x57, 0x0D, 0x79, 0x38, 0xDA, 0xD4, \ - 0xA4, 0x0E, 0x32, 0x9C, 0xCF, 0xF4, 0x6A, 0xAA, \ - 0x36, 0xAD, 0x00, 0x4C, 0xF6, 0x00, 0xC8, 0x38, \ - 0x1E, 0x42, 0x5A, 0x31, 0xD9, 0x51, 0xAE, 0x64, \ - 0xFD, 0xB2, 0x3F, 0xCE, 0xC9, 0x50, 0x9D, 0x43, \ - 0x68, 0x7F, 0xEB, 0x69, 0xED, 0xD1, 0xCC, 0x5E, \ - 0x0B, 0x8C, 0xC3, 0xBD, 0xF6, 0x4B, 0x10, 0xEF, \ - 0x86, 0xB6, 0x31, 0x42, 0xA3, 0xAB, 0x88, 0x29, \ - 0x55, 0x5B, 0x2F, 0x74, 0x7C, 0x93, 0x26, 0x65, \ - 0xCB, 0x2C, 0x0F, 0x1C, 0xC0, 0x1B, 0xD7, 0x02, \ - 0x29, 0x38, 0x88, 0x39, 0xD2, 0xAF, 0x05, 0xE4, \ - 0x54, 0x50, 0x4A, 0xC7, 0x8B, 0x75, 0x82, 0x82, \ - 0x28, 0x46, 0xC0, 0xBA, 0x35, 0xC3, 0x5F, 0x5C, \ - 0x59, 0x16, 0x0C, 0xC0, 0x46, 0xFD, 0x82, 0x51, \ - 0x54, 0x1F, 0xC6, 0x8C, 0x9C, 0x86, 0xB0, 0x22, \ - 0xBB, 0x70, 0x99, 0x87, 0x6A, 0x46, 0x0E, 0x74, \ - 0x51, 0xA8, 0xA9, 0x31, 0x09, 0x70, 0x3F, 0xEE, \ - 0x1C, 0x21, 0x7E, 0x6C, 0x38, 0x26, 0xE5, 0x2C, \ - 0x51, 0xAA, 0x69, 0x1E, 0x0E, 0x42, 0x3C, 0xFC, \ - 0x99, 0xE9, 0xE3, 0x16, 0x50, 0xC1, 0x21, 0x7B, \ - 0x62, 0x48, 0x16, 0xCD, 0xAD, 0x9A, 0x95, 0xF9, \ - 0xD5, 0xB8, 0x01, 0x94, 0x88, 0xD9, 0xC0, 0xA0, \ - 0xA1, 0xFE, 0x30, 0x75, 0xA5, 0x77, 0xE2, 0x31, \ - 0x83, 0xF8, 0x1D, 0x4A, 0x3F, 0x2F, 0xA4, 0x57, \ - 0x1E, 0xFC, 0x8C, 0xE0, 0xBA, 0x8A, 0x4F, 0xE8, \ - 0xB6, 0x85, 0x5D, 0xFE, 0x72, 0xB0, 0xA6, 0x6E, \ - 0xDE, 0xD2, 0xFB, 0xAB, 0xFB, 0xE5, 0x8A, 0x30, \ - 0xFA, 0xFA, 0xBE, 0x1C, 0x5D, 0x71, 0xA8, 0x7E, \ - 0x2F, 0x74, 0x1E, 0xF8, 0xC1, 0xFE, 0x86, 0xFE, \ - 0xA6, 0xBB, 0xFD, 0xE5, 0x30, 0x67, 0x7F, 0x0D, \ - 0x97, 0xD1, 0x1D, 0x49, 0xF7, 0xA8, 0x44, 0x3D, \ - 0x08, 0x22, 0xE5, 0x06, 0xA9, 0xF4, 0x61, 0x4E, \ - 0x01, 0x1E, 0x2A, 0x94, 0x83, 0x8F, 0xF8, 0x8C, \ - 0xD6, 0x8C, 0x8B, 0xB7, 0xC5, 0xC6, 0x42, 0x4C, \ - 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF } - -#define MBEDTLS_DHM_RFC7919_FFDHE8192_G_BIN { 0x02 } - -#endif /* dhm.h */ diff --git a/windows/mbedtls/ecdh.h b/windows/mbedtls/ecdh.h deleted file mode 100644 index 7fa7440a..00000000 --- a/windows/mbedtls/ecdh.h +++ /dev/null @@ -1,458 +0,0 @@ -/** - * \file ecdh.h - * - * \brief This file contains ECDH definitions and functions. - * - * The Elliptic Curve Diffie-Hellman (ECDH) protocol is an anonymous - * key agreement protocol allowing two parties to establish a shared - * secret over an insecure channel. Each party must have an - * elliptic-curve public–private key pair. - * - * For more information, see NIST SP 800-56A Rev. 2: Recommendation for - * Pair-Wise Key Establishment Schemes Using Discrete Logarithm - * Cryptography. - */ -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -#ifndef MBEDTLS_ECDH_H -#define MBEDTLS_ECDH_H -#include "mbedtls/private_access.h" - -#include "mbedtls/build_info.h" - -#include "mbedtls/ecp.h" - -/* - * Mbed TLS supports two formats for ECDH contexts (#mbedtls_ecdh_context - * defined in `ecdh.h`). For most applications, the choice of format makes - * no difference, since all library functions can work with either format, - * except that the new format is incompatible with MBEDTLS_ECP_RESTARTABLE. - - * The new format used when this option is disabled is smaller - * (56 bytes on a 32-bit platform). In future versions of the library, it - * will support alternative implementations of ECDH operations. - * The new format is incompatible with applications that access - * context fields directly and with restartable ECP operations. - */ - -#if defined(MBEDTLS_ECP_RESTARTABLE) -#define MBEDTLS_ECDH_LEGACY_CONTEXT -#else -#undef MBEDTLS_ECDH_LEGACY_CONTEXT -#endif - -#if defined(MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED) -#undef MBEDTLS_ECDH_LEGACY_CONTEXT -#include "everest/everest.h" -#endif - -#ifdef __cplusplus -extern "C" { -#endif - -/** - * Defines the source of the imported EC key. - */ -typedef enum -{ - MBEDTLS_ECDH_OURS, /**< Our key. */ - MBEDTLS_ECDH_THEIRS, /**< The key of the peer. */ -} mbedtls_ecdh_side; - -#if !defined(MBEDTLS_ECDH_LEGACY_CONTEXT) -/** - * Defines the ECDH implementation used. - * - * Later versions of the library may add new variants, therefore users should - * not make any assumptions about them. - */ -typedef enum -{ - MBEDTLS_ECDH_VARIANT_NONE = 0, /*!< Implementation not defined. */ - MBEDTLS_ECDH_VARIANT_MBEDTLS_2_0,/*!< The default Mbed TLS implementation */ -#if defined(MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED) - MBEDTLS_ECDH_VARIANT_EVEREST /*!< Everest implementation */ -#endif -} mbedtls_ecdh_variant; - -/** - * The context used by the default ECDH implementation. - * - * Later versions might change the structure of this context, therefore users - * should not make any assumptions about the structure of - * mbedtls_ecdh_context_mbed. - */ -typedef struct mbedtls_ecdh_context_mbed -{ - mbedtls_ecp_group MBEDTLS_PRIVATE(grp); /*!< The elliptic curve used. */ - mbedtls_mpi MBEDTLS_PRIVATE(d); /*!< The private key. */ - mbedtls_ecp_point MBEDTLS_PRIVATE(Q); /*!< The public key. */ - mbedtls_ecp_point MBEDTLS_PRIVATE(Qp); /*!< The value of the public key of the peer. */ - mbedtls_mpi MBEDTLS_PRIVATE(z); /*!< The shared secret. */ -#if defined(MBEDTLS_ECP_RESTARTABLE) - mbedtls_ecp_restart_ctx MBEDTLS_PRIVATE(rs); /*!< The restart context for EC computations. */ -#endif -} mbedtls_ecdh_context_mbed; -#endif - -/** - * - * \warning Performing multiple operations concurrently on the same - * ECDSA context is not supported; objects of this type - * should not be shared between multiple threads. - * \brief The ECDH context structure. - */ -typedef struct mbedtls_ecdh_context -{ -#if defined(MBEDTLS_ECDH_LEGACY_CONTEXT) - mbedtls_ecp_group MBEDTLS_PRIVATE(grp); /*!< The elliptic curve used. */ - mbedtls_mpi MBEDTLS_PRIVATE(d); /*!< The private key. */ - mbedtls_ecp_point MBEDTLS_PRIVATE(Q); /*!< The public key. */ - mbedtls_ecp_point MBEDTLS_PRIVATE(Qp); /*!< The value of the public key of the peer. */ - mbedtls_mpi MBEDTLS_PRIVATE(z); /*!< The shared secret. */ - int MBEDTLS_PRIVATE(point_format); /*!< The format of point export in TLS messages. */ - mbedtls_ecp_point MBEDTLS_PRIVATE(Vi); /*!< The blinding value. */ - mbedtls_ecp_point MBEDTLS_PRIVATE(Vf); /*!< The unblinding value. */ - mbedtls_mpi MBEDTLS_PRIVATE(_d); /*!< The previous \p d. */ -#if defined(MBEDTLS_ECP_RESTARTABLE) - int MBEDTLS_PRIVATE(restart_enabled); /*!< The flag for restartable mode. */ - mbedtls_ecp_restart_ctx MBEDTLS_PRIVATE(rs); /*!< The restart context for EC computations. */ -#endif /* MBEDTLS_ECP_RESTARTABLE */ -#else - uint8_t MBEDTLS_PRIVATE(point_format); /*!< The format of point export in TLS messages - as defined in RFC 4492. */ - mbedtls_ecp_group_id MBEDTLS_PRIVATE(grp_id);/*!< The elliptic curve used. */ - mbedtls_ecdh_variant MBEDTLS_PRIVATE(var); /*!< The ECDH implementation/structure used. */ - union - { - mbedtls_ecdh_context_mbed MBEDTLS_PRIVATE(mbed_ecdh); -#if defined(MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED) - mbedtls_ecdh_context_everest MBEDTLS_PRIVATE(everest_ecdh); -#endif - } MBEDTLS_PRIVATE(ctx); /*!< Implementation-specific context. The - context in use is specified by the \c var - field. */ -#if defined(MBEDTLS_ECP_RESTARTABLE) - uint8_t MBEDTLS_PRIVATE(restart_enabled); /*!< The flag for restartable mode. Functions of - an alternative implementation not supporting - restartable mode must return - MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED error - if this flag is set. */ -#endif /* MBEDTLS_ECP_RESTARTABLE */ -#endif /* MBEDTLS_ECDH_LEGACY_CONTEXT */ -} -mbedtls_ecdh_context; - -/** - * \brief Check whether a given group can be used for ECDH. - * - * \param gid The ECP group ID to check. - * - * \return \c 1 if the group can be used, \c 0 otherwise - */ -int mbedtls_ecdh_can_do( mbedtls_ecp_group_id gid ); - -/** - * \brief This function generates an ECDH keypair on an elliptic - * curve. - * - * This function performs the first of two core computations - * implemented during the ECDH key exchange. The second core - * computation is performed by mbedtls_ecdh_compute_shared(). - * - * \see ecp.h - * - * \param grp The ECP group to use. This must be initialized and have - * domain parameters loaded, for example through - * mbedtls_ecp_load() or mbedtls_ecp_tls_read_group(). - * \param d The destination MPI (private key). - * This must be initialized. - * \param Q The destination point (public key). - * This must be initialized. - * \param f_rng The RNG function to use. This must not be \c NULL. - * \param p_rng The RNG context to be passed to \p f_rng. This may be - * \c NULL in case \p f_rng doesn't need a context argument. - * - * \return \c 0 on success. - * \return Another \c MBEDTLS_ERR_ECP_XXX or - * \c MBEDTLS_MPI_XXX error code on failure. - */ -int mbedtls_ecdh_gen_public( mbedtls_ecp_group *grp, mbedtls_mpi *d, mbedtls_ecp_point *Q, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng ); - -/** - * \brief This function computes the shared secret. - * - * This function performs the second of two core computations - * implemented during the ECDH key exchange. The first core - * computation is performed by mbedtls_ecdh_gen_public(). - * - * \see ecp.h - * - * \note If \p f_rng is not NULL, it is used to implement - * countermeasures against side-channel attacks. - * For more information, see mbedtls_ecp_mul(). - * - * \param grp The ECP group to use. This must be initialized and have - * domain parameters loaded, for example through - * mbedtls_ecp_load() or mbedtls_ecp_tls_read_group(). - * \param z The destination MPI (shared secret). - * This must be initialized. - * \param Q The public key from another party. - * This must be initialized. - * \param d Our secret exponent (private key). - * This must be initialized. - * \param f_rng The RNG function to use. This must not be \c NULL. - * \param p_rng The RNG context to be passed to \p f_rng. This may be - * \c NULL if \p f_rng is \c NULL or doesn't need a - * context argument. - * - * \return \c 0 on success. - * \return Another \c MBEDTLS_ERR_ECP_XXX or - * \c MBEDTLS_MPI_XXX error code on failure. - */ -int mbedtls_ecdh_compute_shared( mbedtls_ecp_group *grp, mbedtls_mpi *z, - const mbedtls_ecp_point *Q, const mbedtls_mpi *d, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng ); - -/** - * \brief This function initializes an ECDH context. - * - * \param ctx The ECDH context to initialize. This must not be \c NULL. - */ -void mbedtls_ecdh_init( mbedtls_ecdh_context *ctx ); - -/** - * \brief This function sets up the ECDH context with the information - * given. - * - * This function should be called after mbedtls_ecdh_init() but - * before mbedtls_ecdh_make_params(). There is no need to call - * this function before mbedtls_ecdh_read_params(). - * - * This is the first function used by a TLS server for ECDHE - * ciphersuites. - * - * \param ctx The ECDH context to set up. This must be initialized. - * \param grp_id The group id of the group to set up the context for. - * - * \return \c 0 on success. - */ -int mbedtls_ecdh_setup( mbedtls_ecdh_context *ctx, - mbedtls_ecp_group_id grp_id ); - -/** - * \brief This function frees a context. - * - * \param ctx The context to free. This may be \c NULL, in which - * case this function does nothing. If it is not \c NULL, - * it must point to an initialized ECDH context. - */ -void mbedtls_ecdh_free( mbedtls_ecdh_context *ctx ); - -/** - * \brief This function generates an EC key pair and exports its - * in the format used in a TLS ServerKeyExchange handshake - * message. - * - * This is the second function used by a TLS server for ECDHE - * ciphersuites. (It is called after mbedtls_ecdh_setup().) - * - * \see ecp.h - * - * \param ctx The ECDH context to use. This must be initialized - * and bound to a group, for example via mbedtls_ecdh_setup(). - * \param olen The address at which to store the number of Bytes written. - * \param buf The destination buffer. This must be a writable buffer of - * length \p blen Bytes. - * \param blen The length of the destination buffer \p buf in Bytes. - * \param f_rng The RNG function to use. This must not be \c NULL. - * \param p_rng The RNG context to be passed to \p f_rng. This may be - * \c NULL in case \p f_rng doesn't need a context argument. - * - * \return \c 0 on success. - * \return #MBEDTLS_ERR_ECP_IN_PROGRESS if maximum number of - * operations was reached: see \c mbedtls_ecp_set_max_ops(). - * \return Another \c MBEDTLS_ERR_ECP_XXX error code on failure. - */ -int mbedtls_ecdh_make_params( mbedtls_ecdh_context *ctx, size_t *olen, - unsigned char *buf, size_t blen, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng ); - -/** - * \brief This function parses the ECDHE parameters in a - * TLS ServerKeyExchange handshake message. - * - * \note In a TLS handshake, this is the how the client - * sets up its ECDHE context from the server's public - * ECDHE key material. - * - * \see ecp.h - * - * \param ctx The ECDHE context to use. This must be initialized. - * \param buf On input, \c *buf must be the start of the input buffer. - * On output, \c *buf is updated to point to the end of the - * data that has been read. On success, this is the first byte - * past the end of the ServerKeyExchange parameters. - * On error, this is the point at which an error has been - * detected, which is usually not useful except to debug - * failures. - * \param end The end of the input buffer. - * - * \return \c 0 on success. - * \return An \c MBEDTLS_ERR_ECP_XXX error code on failure. - * - */ -int mbedtls_ecdh_read_params( mbedtls_ecdh_context *ctx, - const unsigned char **buf, - const unsigned char *end ); - -/** - * \brief This function sets up an ECDH context from an EC key. - * - * It is used by clients and servers in place of the - * ServerKeyEchange for static ECDH, and imports ECDH - * parameters from the EC key information of a certificate. - * - * \see ecp.h - * - * \param ctx The ECDH context to set up. This must be initialized. - * \param key The EC key to use. This must be initialized. - * \param side Defines the source of the key. Possible values are: - * - #MBEDTLS_ECDH_OURS: The key is ours. - * - #MBEDTLS_ECDH_THEIRS: The key is that of the peer. - * - * \return \c 0 on success. - * \return Another \c MBEDTLS_ERR_ECP_XXX error code on failure. - * - */ -int mbedtls_ecdh_get_params( mbedtls_ecdh_context *ctx, - const mbedtls_ecp_keypair *key, - mbedtls_ecdh_side side ); - -/** - * \brief This function generates a public key and exports it - * as a TLS ClientKeyExchange payload. - * - * This is the second function used by a TLS client for ECDH(E) - * ciphersuites. - * - * \see ecp.h - * - * \param ctx The ECDH context to use. This must be initialized - * and bound to a group, the latter usually by - * mbedtls_ecdh_read_params(). - * \param olen The address at which to store the number of Bytes written. - * This must not be \c NULL. - * \param buf The destination buffer. This must be a writable buffer - * of length \p blen Bytes. - * \param blen The size of the destination buffer \p buf in Bytes. - * \param f_rng The RNG function to use. This must not be \c NULL. - * \param p_rng The RNG context to be passed to \p f_rng. This may be - * \c NULL in case \p f_rng doesn't need a context argument. - * - * \return \c 0 on success. - * \return #MBEDTLS_ERR_ECP_IN_PROGRESS if maximum number of - * operations was reached: see \c mbedtls_ecp_set_max_ops(). - * \return Another \c MBEDTLS_ERR_ECP_XXX error code on failure. - */ -int mbedtls_ecdh_make_public( mbedtls_ecdh_context *ctx, size_t *olen, - unsigned char *buf, size_t blen, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng ); - -/** - * \brief This function parses and processes the ECDHE payload of a - * TLS ClientKeyExchange message. - * - * This is the third function used by a TLS server for ECDH(E) - * ciphersuites. (It is called after mbedtls_ecdh_setup() and - * mbedtls_ecdh_make_params().) - * - * \see ecp.h - * - * \param ctx The ECDH context to use. This must be initialized - * and bound to a group, for example via mbedtls_ecdh_setup(). - * \param buf The pointer to the ClientKeyExchange payload. This must - * be a readable buffer of length \p blen Bytes. - * \param blen The length of the input buffer \p buf in Bytes. - * - * \return \c 0 on success. - * \return An \c MBEDTLS_ERR_ECP_XXX error code on failure. - */ -int mbedtls_ecdh_read_public( mbedtls_ecdh_context *ctx, - const unsigned char *buf, size_t blen ); - -/** - * \brief This function derives and exports the shared secret. - * - * This is the last function used by both TLS client - * and servers. - * - * \note If \p f_rng is not NULL, it is used to implement - * countermeasures against side-channel attacks. - * For more information, see mbedtls_ecp_mul(). - * - * \see ecp.h - - * \param ctx The ECDH context to use. This must be initialized - * and have its own private key generated and the peer's - * public key imported. - * \param olen The address at which to store the total number of - * Bytes written on success. This must not be \c NULL. - * \param buf The buffer to write the generated shared key to. This - * must be a writable buffer of size \p blen Bytes. - * \param blen The length of the destination buffer \p buf in Bytes. - * \param f_rng The RNG function to use. This must not be \c NULL. - * \param p_rng The RNG context. This may be \c NULL if \p f_rng - * doesn't need a context argument. - * - * \return \c 0 on success. - * \return #MBEDTLS_ERR_ECP_IN_PROGRESS if maximum number of - * operations was reached: see \c mbedtls_ecp_set_max_ops(). - * \return Another \c MBEDTLS_ERR_ECP_XXX error code on failure. - */ -int mbedtls_ecdh_calc_secret( mbedtls_ecdh_context *ctx, size_t *olen, - unsigned char *buf, size_t blen, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng ); - -#if defined(MBEDTLS_ECP_RESTARTABLE) -/** - * \brief This function enables restartable EC computations for this - * context. (Default: disabled.) - * - * \see \c mbedtls_ecp_set_max_ops() - * - * \note It is not possible to safely disable restartable - * computations once enabled, except by free-ing the context, - * which cancels possible in-progress operations. - * - * \param ctx The ECDH context to use. This must be initialized. - */ -void mbedtls_ecdh_enable_restart( mbedtls_ecdh_context *ctx ); -#endif /* MBEDTLS_ECP_RESTARTABLE */ - -#ifdef __cplusplus -} -#endif - -#endif /* ecdh.h */ diff --git a/windows/mbedtls/ecdsa.h b/windows/mbedtls/ecdsa.h deleted file mode 100644 index 71b73eee..00000000 --- a/windows/mbedtls/ecdsa.h +++ /dev/null @@ -1,506 +0,0 @@ -/** - * \file ecdsa.h - * - * \brief This file contains ECDSA definitions and functions. - * - * The Elliptic Curve Digital Signature Algorithm (ECDSA) is defined in - * Standards for Efficient Cryptography Group (SECG): - * SEC1 Elliptic Curve Cryptography. - * The use of ECDSA for TLS is defined in RFC-4492: Elliptic Curve - * Cryptography (ECC) Cipher Suites for Transport Layer Security (TLS). - * - */ -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -#ifndef MBEDTLS_ECDSA_H -#define MBEDTLS_ECDSA_H -#include "mbedtls/private_access.h" - -#include "mbedtls/build_info.h" - -#include "mbedtls/ecp.h" -#include "mbedtls/md.h" - -/** - * \brief Maximum ECDSA signature size for a given curve bit size - * - * \param bits Curve size in bits - * \return Maximum signature size in bytes - * - * \note This macro returns a compile-time constant if its argument - * is one. It may evaluate its argument multiple times. - */ -/* - * Ecdsa-Sig-Value ::= SEQUENCE { - * r INTEGER, - * s INTEGER - * } - * - * For each of r and s, the value (V) may include an extra initial "0" bit. - */ -#define MBEDTLS_ECDSA_MAX_SIG_LEN( bits ) \ - ( /*T,L of SEQUENCE*/ ( ( bits ) >= 61 * 8 ? 3 : 2 ) + \ - /*T,L of r,s*/ 2 * ( ( ( bits ) >= 127 * 8 ? 3 : 2 ) + \ - /*V of r,s*/ ( ( bits ) + 8 ) / 8 ) ) - -/** The maximal size of an ECDSA signature in Bytes. */ -#define MBEDTLS_ECDSA_MAX_LEN MBEDTLS_ECDSA_MAX_SIG_LEN( MBEDTLS_ECP_MAX_BITS ) - -#ifdef __cplusplus -extern "C" { -#endif - -/** - * \brief The ECDSA context structure. - * - * \warning Performing multiple operations concurrently on the same - * ECDSA context is not supported; objects of this type - * should not be shared between multiple threads. - */ -typedef mbedtls_ecp_keypair mbedtls_ecdsa_context; - -#if defined(MBEDTLS_ECP_RESTARTABLE) - -/** - * \brief Internal restart context for ecdsa_verify() - * - * \note Opaque struct, defined in ecdsa.c - */ -typedef struct mbedtls_ecdsa_restart_ver mbedtls_ecdsa_restart_ver_ctx; - -/** - * \brief Internal restart context for ecdsa_sign() - * - * \note Opaque struct, defined in ecdsa.c - */ -typedef struct mbedtls_ecdsa_restart_sig mbedtls_ecdsa_restart_sig_ctx; - -#if defined(MBEDTLS_ECDSA_DETERMINISTIC) -/** - * \brief Internal restart context for ecdsa_sign_det() - * - * \note Opaque struct, defined in ecdsa.c - */ -typedef struct mbedtls_ecdsa_restart_det mbedtls_ecdsa_restart_det_ctx; -#endif - -/** - * \brief General context for resuming ECDSA operations - */ -typedef struct -{ - mbedtls_ecp_restart_ctx MBEDTLS_PRIVATE(ecp); /*!< base context for ECP restart and - shared administrative info */ - mbedtls_ecdsa_restart_ver_ctx *MBEDTLS_PRIVATE(ver); /*!< ecdsa_verify() sub-context */ - mbedtls_ecdsa_restart_sig_ctx *MBEDTLS_PRIVATE(sig); /*!< ecdsa_sign() sub-context */ -#if defined(MBEDTLS_ECDSA_DETERMINISTIC) - mbedtls_ecdsa_restart_det_ctx *MBEDTLS_PRIVATE(det); /*!< ecdsa_sign_det() sub-context */ -#endif -} mbedtls_ecdsa_restart_ctx; - -#else /* MBEDTLS_ECP_RESTARTABLE */ - -/* Now we can declare functions that take a pointer to that */ -typedef void mbedtls_ecdsa_restart_ctx; - -#endif /* MBEDTLS_ECP_RESTARTABLE */ - -/** - * \brief This function checks whether a given group can be used - * for ECDSA. - * - * \param gid The ECP group ID to check. - * - * \return \c 1 if the group can be used, \c 0 otherwise - */ -int mbedtls_ecdsa_can_do( mbedtls_ecp_group_id gid ); - -/** - * \brief This function computes the ECDSA signature of a - * previously-hashed message. - * - * \note The deterministic version implemented in - * mbedtls_ecdsa_sign_det_ext() is usually preferred. - * - * \note If the bitlength of the message hash is larger than the - * bitlength of the group order, then the hash is truncated - * as defined in Standards for Efficient Cryptography Group - * (SECG): SEC1 Elliptic Curve Cryptography, section - * 4.1.3, step 5. - * - * \see ecp.h - * - * \param grp The context for the elliptic curve to use. - * This must be initialized and have group parameters - * set, for example through mbedtls_ecp_group_load(). - * \param r The MPI context in which to store the first part - * the signature. This must be initialized. - * \param s The MPI context in which to store the second part - * the signature. This must be initialized. - * \param d The private signing key. This must be initialized. - * \param buf The content to be signed. This is usually the hash of - * the original data to be signed. This must be a readable - * buffer of length \p blen Bytes. It may be \c NULL if - * \p blen is zero. - * \param blen The length of \p buf in Bytes. - * \param f_rng The RNG function. This must not be \c NULL. - * \param p_rng The RNG context to be passed to \p f_rng. This may be - * \c NULL if \p f_rng doesn't need a context parameter. - * - * \return \c 0 on success. - * \return An \c MBEDTLS_ERR_ECP_XXX - * or \c MBEDTLS_MPI_XXX error code on failure. - */ -int mbedtls_ecdsa_sign( mbedtls_ecp_group *grp, mbedtls_mpi *r, mbedtls_mpi *s, - const mbedtls_mpi *d, const unsigned char *buf, size_t blen, - int (*f_rng)(void *, unsigned char *, size_t), void *p_rng ); - -#if defined(MBEDTLS_ECDSA_DETERMINISTIC) -/** - * \brief This function computes the ECDSA signature of a - * previously-hashed message, deterministic version. - * - * For more information, see RFC-6979: Deterministic - * Usage of the Digital Signature Algorithm (DSA) and Elliptic - * Curve Digital Signature Algorithm (ECDSA). - * - * \note If the bitlength of the message hash is larger than the - * bitlength of the group order, then the hash is truncated as - * defined in Standards for Efficient Cryptography Group - * (SECG): SEC1 Elliptic Curve Cryptography, section - * 4.1.3, step 5. - * - * \see ecp.h - * - * \param grp The context for the elliptic curve to use. - * This must be initialized and have group parameters - * set, for example through mbedtls_ecp_group_load(). - * \param r The MPI context in which to store the first part - * the signature. This must be initialized. - * \param s The MPI context in which to store the second part - * the signature. This must be initialized. - * \param d The private signing key. This must be initialized - * and setup, for example through mbedtls_ecp_gen_privkey(). - * \param buf The hashed content to be signed. This must be a readable - * buffer of length \p blen Bytes. It may be \c NULL if - * \p blen is zero. - * \param blen The length of \p buf in Bytes. - * \param md_alg The hash algorithm used to hash the original data. - * \param f_rng_blind The RNG function used for blinding. This must not be - * \c NULL. - * \param p_rng_blind The RNG context to be passed to \p f_rng. This may be - * \c NULL if \p f_rng doesn't need a context parameter. - * - * \return \c 0 on success. - * \return An \c MBEDTLS_ERR_ECP_XXX or \c MBEDTLS_MPI_XXX - * error code on failure. - */ -int mbedtls_ecdsa_sign_det_ext( mbedtls_ecp_group *grp, mbedtls_mpi *r, - mbedtls_mpi *s, const mbedtls_mpi *d, - const unsigned char *buf, size_t blen, - mbedtls_md_type_t md_alg, - int (*f_rng_blind)(void *, unsigned char *, size_t), - void *p_rng_blind ); -#endif /* MBEDTLS_ECDSA_DETERMINISTIC */ - -/** - * \brief This function verifies the ECDSA signature of a - * previously-hashed message. - * - * \note If the bitlength of the message hash is larger than the - * bitlength of the group order, then the hash is truncated as - * defined in Standards for Efficient Cryptography Group - * (SECG): SEC1 Elliptic Curve Cryptography, section - * 4.1.4, step 3. - * - * \see ecp.h - * - * \param grp The ECP group to use. - * This must be initialized and have group parameters - * set, for example through mbedtls_ecp_group_load(). - * \param buf The hashed content that was signed. This must be a readable - * buffer of length \p blen Bytes. It may be \c NULL if - * \p blen is zero. - * \param blen The length of \p buf in Bytes. - * \param Q The public key to use for verification. This must be - * initialized and setup. - * \param r The first integer of the signature. - * This must be initialized. - * \param s The second integer of the signature. - * This must be initialized. - * - * \return \c 0 on success. - * \return #MBEDTLS_ERR_ECP_BAD_INPUT_DATA if the signature - * is invalid. - * \return An \c MBEDTLS_ERR_ECP_XXX or \c MBEDTLS_MPI_XXX - * error code on failure for any other reason. - */ -int mbedtls_ecdsa_verify( mbedtls_ecp_group *grp, - const unsigned char *buf, size_t blen, - const mbedtls_ecp_point *Q, const mbedtls_mpi *r, - const mbedtls_mpi *s); - -/** - * \brief This function computes the ECDSA signature and writes it - * to a buffer, serialized as defined in RFC-4492: - * Elliptic Curve Cryptography (ECC) Cipher Suites for - * Transport Layer Security (TLS). - * - * \warning It is not thread-safe to use the same context in - * multiple threads. - * - * \note The deterministic version is used if - * #MBEDTLS_ECDSA_DETERMINISTIC is defined. For more - * information, see RFC-6979: Deterministic Usage - * of the Digital Signature Algorithm (DSA) and Elliptic - * Curve Digital Signature Algorithm (ECDSA). - * - * \note If the bitlength of the message hash is larger than the - * bitlength of the group order, then the hash is truncated as - * defined in Standards for Efficient Cryptography Group - * (SECG): SEC1 Elliptic Curve Cryptography, section - * 4.1.3, step 5. - * - * \see ecp.h - * - * \param ctx The ECDSA context to use. This must be initialized - * and have a group and private key bound to it, for example - * via mbedtls_ecdsa_genkey() or mbedtls_ecdsa_from_keypair(). - * \param md_alg The message digest that was used to hash the message. - * \param hash The message hash to be signed. This must be a readable - * buffer of length \p blen Bytes. - * \param hlen The length of the hash \p hash in Bytes. - * \param sig The buffer to which to write the signature. This must be a - * writable buffer of length at least twice as large as the - * size of the curve used, plus 9. For example, 73 Bytes if - * a 256-bit curve is used. A buffer length of - * #MBEDTLS_ECDSA_MAX_LEN is always safe. - * \param sig_size The size of the \p sig buffer in bytes. - * \param slen The address at which to store the actual length of - * the signature written. Must not be \c NULL. - * \param f_rng The RNG function. This must not be \c NULL if - * #MBEDTLS_ECDSA_DETERMINISTIC is unset. Otherwise, - * it is used only for blinding and may be set to \c NULL, but - * doing so is DEPRECATED. - * \param p_rng The RNG context to be passed to \p f_rng. This may be - * \c NULL if \p f_rng is \c NULL or doesn't use a context. - * - * \return \c 0 on success. - * \return An \c MBEDTLS_ERR_ECP_XXX, \c MBEDTLS_ERR_MPI_XXX or - * \c MBEDTLS_ERR_ASN1_XXX error code on failure. - */ -int mbedtls_ecdsa_write_signature( mbedtls_ecdsa_context *ctx, - mbedtls_md_type_t md_alg, - const unsigned char *hash, size_t hlen, - unsigned char *sig, size_t sig_size, size_t *slen, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng ); - -/** - * \brief This function computes the ECDSA signature and writes it - * to a buffer, in a restartable way. - * - * \see \c mbedtls_ecdsa_write_signature() - * - * \note This function is like \c mbedtls_ecdsa_write_signature() - * but it can return early and restart according to the limit - * set with \c mbedtls_ecp_set_max_ops() to reduce blocking. - * - * \param ctx The ECDSA context to use. This must be initialized - * and have a group and private key bound to it, for example - * via mbedtls_ecdsa_genkey() or mbedtls_ecdsa_from_keypair(). - * \param md_alg The message digest that was used to hash the message. - * \param hash The message hash to be signed. This must be a readable - * buffer of length \p blen Bytes. - * \param hlen The length of the hash \p hash in Bytes. - * \param sig The buffer to which to write the signature. This must be a - * writable buffer of length at least twice as large as the - * size of the curve used, plus 9. For example, 73 Bytes if - * a 256-bit curve is used. A buffer length of - * #MBEDTLS_ECDSA_MAX_LEN is always safe. - * \param sig_size The size of the \p sig buffer in bytes. - * \param slen The address at which to store the actual length of - * the signature written. Must not be \c NULL. - * \param f_rng The RNG function. This must not be \c NULL if - * #MBEDTLS_ECDSA_DETERMINISTIC is unset. Otherwise, - * it is unused and may be set to \c NULL. - * \param p_rng The RNG context to be passed to \p f_rng. This may be - * \c NULL if \p f_rng is \c NULL or doesn't use a context. - * \param rs_ctx The restart context to use. This may be \c NULL to disable - * restarting. If it is not \c NULL, it must point to an - * initialized restart context. - * - * \return \c 0 on success. - * \return #MBEDTLS_ERR_ECP_IN_PROGRESS if maximum number of - * operations was reached: see \c mbedtls_ecp_set_max_ops(). - * \return Another \c MBEDTLS_ERR_ECP_XXX, \c MBEDTLS_ERR_MPI_XXX or - * \c MBEDTLS_ERR_ASN1_XXX error code on failure. - */ -int mbedtls_ecdsa_write_signature_restartable( mbedtls_ecdsa_context *ctx, - mbedtls_md_type_t md_alg, - const unsigned char *hash, size_t hlen, - unsigned char *sig, size_t sig_size, size_t *slen, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng, - mbedtls_ecdsa_restart_ctx *rs_ctx ); - -/** - * \brief This function reads and verifies an ECDSA signature. - * - * \note If the bitlength of the message hash is larger than the - * bitlength of the group order, then the hash is truncated as - * defined in Standards for Efficient Cryptography Group - * (SECG): SEC1 Elliptic Curve Cryptography, section - * 4.1.4, step 3. - * - * \see ecp.h - * - * \param ctx The ECDSA context to use. This must be initialized - * and have a group and public key bound to it. - * \param hash The message hash that was signed. This must be a readable - * buffer of length \p size Bytes. - * \param hlen The size of the hash \p hash. - * \param sig The signature to read and verify. This must be a readable - * buffer of length \p slen Bytes. - * \param slen The size of \p sig in Bytes. - * - * \return \c 0 on success. - * \return #MBEDTLS_ERR_ECP_BAD_INPUT_DATA if signature is invalid. - * \return #MBEDTLS_ERR_ECP_SIG_LEN_MISMATCH if there is a valid - * signature in \p sig, but its length is less than \p siglen. - * \return An \c MBEDTLS_ERR_ECP_XXX or \c MBEDTLS_ERR_MPI_XXX - * error code on failure for any other reason. - */ -int mbedtls_ecdsa_read_signature( mbedtls_ecdsa_context *ctx, - const unsigned char *hash, size_t hlen, - const unsigned char *sig, size_t slen ); - -/** - * \brief This function reads and verifies an ECDSA signature, - * in a restartable way. - * - * \see \c mbedtls_ecdsa_read_signature() - * - * \note This function is like \c mbedtls_ecdsa_read_signature() - * but it can return early and restart according to the limit - * set with \c mbedtls_ecp_set_max_ops() to reduce blocking. - * - * \param ctx The ECDSA context to use. This must be initialized - * and have a group and public key bound to it. - * \param hash The message hash that was signed. This must be a readable - * buffer of length \p size Bytes. - * \param hlen The size of the hash \p hash. - * \param sig The signature to read and verify. This must be a readable - * buffer of length \p slen Bytes. - * \param slen The size of \p sig in Bytes. - * \param rs_ctx The restart context to use. This may be \c NULL to disable - * restarting. If it is not \c NULL, it must point to an - * initialized restart context. - * - * \return \c 0 on success. - * \return #MBEDTLS_ERR_ECP_BAD_INPUT_DATA if signature is invalid. - * \return #MBEDTLS_ERR_ECP_SIG_LEN_MISMATCH if there is a valid - * signature in \p sig, but its length is less than \p siglen. - * \return #MBEDTLS_ERR_ECP_IN_PROGRESS if maximum number of - * operations was reached: see \c mbedtls_ecp_set_max_ops(). - * \return Another \c MBEDTLS_ERR_ECP_XXX or \c MBEDTLS_ERR_MPI_XXX - * error code on failure for any other reason. - */ -int mbedtls_ecdsa_read_signature_restartable( mbedtls_ecdsa_context *ctx, - const unsigned char *hash, size_t hlen, - const unsigned char *sig, size_t slen, - mbedtls_ecdsa_restart_ctx *rs_ctx ); - -/** - * \brief This function generates an ECDSA keypair on the given curve. - * - * \see ecp.h - * - * \param ctx The ECDSA context to store the keypair in. - * This must be initialized. - * \param gid The elliptic curve to use. One of the various - * \c MBEDTLS_ECP_DP_XXX macros depending on configuration. - * \param f_rng The RNG function to use. This must not be \c NULL. - * \param p_rng The RNG context to be passed to \p f_rng. This may be - * \c NULL if \p f_rng doesn't need a context argument. - * - * \return \c 0 on success. - * \return An \c MBEDTLS_ERR_ECP_XXX code on failure. - */ -int mbedtls_ecdsa_genkey( mbedtls_ecdsa_context *ctx, mbedtls_ecp_group_id gid, - int (*f_rng)(void *, unsigned char *, size_t), void *p_rng ); - -/** - * \brief This function sets up an ECDSA context from an EC key pair. - * - * \see ecp.h - * - * \param ctx The ECDSA context to setup. This must be initialized. - * \param key The EC key to use. This must be initialized and hold - * a private-public key pair or a public key. In the former - * case, the ECDSA context may be used for signature creation - * and verification after this call. In the latter case, it - * may be used for signature verification. - * - * \return \c 0 on success. - * \return An \c MBEDTLS_ERR_ECP_XXX code on failure. - */ -int mbedtls_ecdsa_from_keypair( mbedtls_ecdsa_context *ctx, - const mbedtls_ecp_keypair *key ); - -/** - * \brief This function initializes an ECDSA context. - * - * \param ctx The ECDSA context to initialize. - * This must not be \c NULL. - */ -void mbedtls_ecdsa_init( mbedtls_ecdsa_context *ctx ); - -/** - * \brief This function frees an ECDSA context. - * - * \param ctx The ECDSA context to free. This may be \c NULL, - * in which case this function does nothing. If it - * is not \c NULL, it must be initialized. - */ -void mbedtls_ecdsa_free( mbedtls_ecdsa_context *ctx ); - -#if defined(MBEDTLS_ECP_RESTARTABLE) -/** - * \brief Initialize a restart context. - * - * \param ctx The restart context to initialize. - * This must not be \c NULL. - */ -void mbedtls_ecdsa_restart_init( mbedtls_ecdsa_restart_ctx *ctx ); - -/** - * \brief Free the components of a restart context. - * - * \param ctx The restart context to free. This may be \c NULL, - * in which case this function does nothing. If it - * is not \c NULL, it must be initialized. - */ -void mbedtls_ecdsa_restart_free( mbedtls_ecdsa_restart_ctx *ctx ); -#endif /* MBEDTLS_ECP_RESTARTABLE */ - -#ifdef __cplusplus -} -#endif - -#endif /* ecdsa.h */ diff --git a/windows/mbedtls/ecjpake.h b/windows/mbedtls/ecjpake.h deleted file mode 100644 index a73f6249..00000000 --- a/windows/mbedtls/ecjpake.h +++ /dev/null @@ -1,287 +0,0 @@ -/** - * \file ecjpake.h - * - * \brief Elliptic curve J-PAKE - */ -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -#ifndef MBEDTLS_ECJPAKE_H -#define MBEDTLS_ECJPAKE_H -#include "mbedtls/private_access.h" - -/* - * J-PAKE is a password-authenticated key exchange that allows deriving a - * strong shared secret from a (potentially low entropy) pre-shared - * passphrase, with forward secrecy and mutual authentication. - * https://en.wikipedia.org/wiki/Password_Authenticated_Key_Exchange_by_Juggling - * - * This file implements the Elliptic Curve variant of J-PAKE, - * as defined in Chapter 7.4 of the Thread v1.0 Specification, - * available to members of the Thread Group http://threadgroup.org/ - * - * As the J-PAKE algorithm is inherently symmetric, so is our API. - * Each party needs to send its first round message, in any order, to the - * other party, then each sends its second round message, in any order. - * The payloads are serialized in a way suitable for use in TLS, but could - * also be use outside TLS. - */ -#include "mbedtls/build_info.h" - -#include "mbedtls/ecp.h" -#include "mbedtls/md.h" - -#ifdef __cplusplus -extern "C" { -#endif - -/** - * Roles in the EC J-PAKE exchange - */ -typedef enum { - MBEDTLS_ECJPAKE_CLIENT = 0, /**< Client */ - MBEDTLS_ECJPAKE_SERVER, /**< Server */ -} mbedtls_ecjpake_role; - -#if !defined(MBEDTLS_ECJPAKE_ALT) -/** - * EC J-PAKE context structure. - * - * J-PAKE is a symmetric protocol, except for the identifiers used in - * Zero-Knowledge Proofs, and the serialization of the second message - * (KeyExchange) as defined by the Thread spec. - * - * In order to benefit from this symmetry, we choose a different naming - * convetion from the Thread v1.0 spec. Correspondance is indicated in the - * description as a pair C: client name, S: server name - */ -typedef struct mbedtls_ecjpake_context -{ - const mbedtls_md_info_t *MBEDTLS_PRIVATE(md_info); /**< Hash to use */ - mbedtls_ecp_group MBEDTLS_PRIVATE(grp); /**< Elliptic curve */ - mbedtls_ecjpake_role MBEDTLS_PRIVATE(role); /**< Are we client or server? */ - int MBEDTLS_PRIVATE(point_format); /**< Format for point export */ - - mbedtls_ecp_point MBEDTLS_PRIVATE(Xm1); /**< My public key 1 C: X1, S: X3 */ - mbedtls_ecp_point MBEDTLS_PRIVATE(Xm2); /**< My public key 2 C: X2, S: X4 */ - mbedtls_ecp_point MBEDTLS_PRIVATE(Xp1); /**< Peer public key 1 C: X3, S: X1 */ - mbedtls_ecp_point MBEDTLS_PRIVATE(Xp2); /**< Peer public key 2 C: X4, S: X2 */ - mbedtls_ecp_point MBEDTLS_PRIVATE(Xp); /**< Peer public key C: Xs, S: Xc */ - - mbedtls_mpi MBEDTLS_PRIVATE(xm1); /**< My private key 1 C: x1, S: x3 */ - mbedtls_mpi MBEDTLS_PRIVATE(xm2); /**< My private key 2 C: x2, S: x4 */ - - mbedtls_mpi MBEDTLS_PRIVATE(s); /**< Pre-shared secret (passphrase) */ -} mbedtls_ecjpake_context; - -#else /* MBEDTLS_ECJPAKE_ALT */ -#include "ecjpake_alt.h" -#endif /* MBEDTLS_ECJPAKE_ALT */ - -/** - * \brief Initialize an ECJPAKE context. - * - * \param ctx The ECJPAKE context to initialize. - * This must not be \c NULL. - */ -void mbedtls_ecjpake_init( mbedtls_ecjpake_context *ctx ); - -/** - * \brief Set up an ECJPAKE context for use. - * - * \note Currently the only values for hash/curve allowed by the - * standard are #MBEDTLS_MD_SHA256/#MBEDTLS_ECP_DP_SECP256R1. - * - * \param ctx The ECJPAKE context to set up. This must be initialized. - * \param role The role of the caller. This must be either - * #MBEDTLS_ECJPAKE_CLIENT or #MBEDTLS_ECJPAKE_SERVER. - * \param hash The identifier of the hash function to use, - * for example #MBEDTLS_MD_SHA256. - * \param curve The identifier of the elliptic curve to use, - * for example #MBEDTLS_ECP_DP_SECP256R1. - * \param secret The pre-shared secret (passphrase). This must be - * a readable buffer of length \p len Bytes. It need - * only be valid for the duration of this call. - * \param len The length of the pre-shared secret \p secret. - * - * \return \c 0 if successful. - * \return A negative error code on failure. - */ -int mbedtls_ecjpake_setup( mbedtls_ecjpake_context *ctx, - mbedtls_ecjpake_role role, - mbedtls_md_type_t hash, - mbedtls_ecp_group_id curve, - const unsigned char *secret, - size_t len ); - -/** - * \brief Set the point format for future reads and writes. - * - * \param ctx The ECJPAKE context to configure. - * \param point_format The point format to use: - * #MBEDTLS_ECP_PF_UNCOMPRESSED (default) - * or #MBEDTLS_ECP_PF_COMPRESSED. - * - * \return \c 0 if successful. - * \return #MBEDTLS_ERR_ECP_BAD_INPUT_DATA if \p point_format - * is invalid. - */ -int mbedtls_ecjpake_set_point_format( mbedtls_ecjpake_context *ctx, - int point_format ); - -/** - * \brief Check if an ECJPAKE context is ready for use. - * - * \param ctx The ECJPAKE context to check. This must be - * initialized. - * - * \return \c 0 if the context is ready for use. - * \return #MBEDTLS_ERR_ECP_BAD_INPUT_DATA otherwise. - */ -int mbedtls_ecjpake_check( const mbedtls_ecjpake_context *ctx ); - -/** - * \brief Generate and write the first round message - * (TLS: contents of the Client/ServerHello extension, - * excluding extension type and length bytes). - * - * \param ctx The ECJPAKE context to use. This must be - * initialized and set up. - * \param buf The buffer to write the contents to. This must be a - * writable buffer of length \p len Bytes. - * \param len The length of \p buf in Bytes. - * \param olen The address at which to store the total number - * of Bytes written to \p buf. This must not be \c NULL. - * \param f_rng The RNG function to use. This must not be \c NULL. - * \param p_rng The RNG parameter to be passed to \p f_rng. This - * may be \c NULL if \p f_rng doesn't use a context. - * - * \return \c 0 if successful. - * \return A negative error code on failure. - */ -int mbedtls_ecjpake_write_round_one( mbedtls_ecjpake_context *ctx, - unsigned char *buf, size_t len, size_t *olen, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng ); - -/** - * \brief Read and process the first round message - * (TLS: contents of the Client/ServerHello extension, - * excluding extension type and length bytes). - * - * \param ctx The ECJPAKE context to use. This must be initialized - * and set up. - * \param buf The buffer holding the first round message. This must - * be a readable buffer of length \p len Bytes. - * \param len The length in Bytes of \p buf. - * - * \return \c 0 if successful. - * \return A negative error code on failure. - */ -int mbedtls_ecjpake_read_round_one( mbedtls_ecjpake_context *ctx, - const unsigned char *buf, - size_t len ); - -/** - * \brief Generate and write the second round message - * (TLS: contents of the Client/ServerKeyExchange). - * - * \param ctx The ECJPAKE context to use. This must be initialized, - * set up, and already have performed round one. - * \param buf The buffer to write the round two contents to. - * This must be a writable buffer of length \p len Bytes. - * \param len The size of \p buf in Bytes. - * \param olen The address at which to store the total number of Bytes - * written to \p buf. This must not be \c NULL. - * \param f_rng The RNG function to use. This must not be \c NULL. - * \param p_rng The RNG parameter to be passed to \p f_rng. This - * may be \c NULL if \p f_rng doesn't use a context. - * - * \return \c 0 if successful. - * \return A negative error code on failure. - */ -int mbedtls_ecjpake_write_round_two( mbedtls_ecjpake_context *ctx, - unsigned char *buf, size_t len, size_t *olen, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng ); - -/** - * \brief Read and process the second round message - * (TLS: contents of the Client/ServerKeyExchange). - * - * \param ctx The ECJPAKE context to use. This must be initialized - * and set up and already have performed round one. - * \param buf The buffer holding the second round message. This must - * be a readable buffer of length \p len Bytes. - * \param len The length in Bytes of \p buf. - * - * \return \c 0 if successful. - * \return A negative error code on failure. - */ -int mbedtls_ecjpake_read_round_two( mbedtls_ecjpake_context *ctx, - const unsigned char *buf, - size_t len ); - -/** - * \brief Derive the shared secret - * (TLS: Pre-Master Secret). - * - * \param ctx The ECJPAKE context to use. This must be initialized, - * set up and have performed both round one and two. - * \param buf The buffer to write the derived secret to. This must - * be a writable buffer of length \p len Bytes. - * \param len The length of \p buf in Bytes. - * \param olen The address at which to store the total number of Bytes - * written to \p buf. This must not be \c NULL. - * \param f_rng The RNG function to use. This must not be \c NULL. - * \param p_rng The RNG parameter to be passed to \p f_rng. This - * may be \c NULL if \p f_rng doesn't use a context. - * - * \return \c 0 if successful. - * \return A negative error code on failure. - */ -int mbedtls_ecjpake_derive_secret( mbedtls_ecjpake_context *ctx, - unsigned char *buf, size_t len, size_t *olen, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng ); - -/** - * \brief This clears an ECJPAKE context and frees any - * embedded data structure. - * - * \param ctx The ECJPAKE context to free. This may be \c NULL, - * in which case this function does nothing. If it is not - * \c NULL, it must point to an initialized ECJPAKE context. - */ -void mbedtls_ecjpake_free( mbedtls_ecjpake_context *ctx ); - -#if defined(MBEDTLS_SELF_TEST) - -/** - * \brief Checkup routine - * - * \return 0 if successful, or 1 if a test failed - */ -int mbedtls_ecjpake_self_test( int verbose ); - -#endif /* MBEDTLS_SELF_TEST */ - -#ifdef __cplusplus -} -#endif - - -#endif /* ecjpake.h */ diff --git a/windows/mbedtls/ecp.h b/windows/mbedtls/ecp.h deleted file mode 100644 index b87114bc..00000000 --- a/windows/mbedtls/ecp.h +++ /dev/null @@ -1,1286 +0,0 @@ -/** - * \file ecp.h - * - * \brief This file provides an API for Elliptic Curves over GF(P) (ECP). - * - * The use of ECP in cryptography and TLS is defined in - * Standards for Efficient Cryptography Group (SECG): SEC1 - * Elliptic Curve Cryptography and - * RFC-4492: Elliptic Curve Cryptography (ECC) Cipher Suites - * for Transport Layer Security (TLS). - * - * RFC-2409: The Internet Key Exchange (IKE) defines ECP - * group types. - * - */ - -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -#ifndef MBEDTLS_ECP_H -#define MBEDTLS_ECP_H -#include "mbedtls/private_access.h" - -#include "mbedtls/build_info.h" - -#include "mbedtls/bignum.h" - -/* - * ECP error codes - */ -#define MBEDTLS_ERR_ECP_BAD_INPUT_DATA -0x4F80 /**< Bad input parameters to function. */ -#define MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL -0x4F00 /**< The buffer is too small to write to. */ -#define MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE -0x4E80 /**< The requested feature is not available, for example, the requested curve is not supported. */ -#define MBEDTLS_ERR_ECP_VERIFY_FAILED -0x4E00 /**< The signature is not valid. */ -#define MBEDTLS_ERR_ECP_ALLOC_FAILED -0x4D80 /**< Memory allocation failed. */ -#define MBEDTLS_ERR_ECP_RANDOM_FAILED -0x4D00 /**< Generation of random value, such as ephemeral key, failed. */ -#define MBEDTLS_ERR_ECP_INVALID_KEY -0x4C80 /**< Invalid private or public key. */ -#define MBEDTLS_ERR_ECP_SIG_LEN_MISMATCH -0x4C00 /**< The buffer contains a valid signature followed by more data. */ -#define MBEDTLS_ERR_ECP_IN_PROGRESS -0x4B00 /**< Operation in progress, call again with the same parameters to continue. */ - -/* Flags indicating whether to include code that is specific to certain - * types of curves. These flags are for internal library use only. */ -#if defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED) || \ - defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED) || \ - defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED) || \ - defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED) || \ - defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED) || \ - defined(MBEDTLS_ECP_DP_BP256R1_ENABLED) || \ - defined(MBEDTLS_ECP_DP_BP384R1_ENABLED) || \ - defined(MBEDTLS_ECP_DP_BP512R1_ENABLED) || \ - defined(MBEDTLS_ECP_DP_SECP192K1_ENABLED) || \ - defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED) || \ - defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED) -#define MBEDTLS_ECP_SHORT_WEIERSTRASS_ENABLED -#endif -#if defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED) || \ - defined(MBEDTLS_ECP_DP_CURVE448_ENABLED) -#define MBEDTLS_ECP_MONTGOMERY_ENABLED -#endif - -#ifdef __cplusplus -extern "C" { -#endif - -/** - * Domain-parameter identifiers: curve, subgroup, and generator. - * - * \note Only curves over prime fields are supported. - * - * \warning This library does not support validation of arbitrary domain - * parameters. Therefore, only standardized domain parameters from trusted - * sources should be used. See mbedtls_ecp_group_load(). - */ -/* Note: when adding a new curve: - * - Add it at the end of this enum, otherwise you'll break the ABI by - * changing the numerical value for existing curves. - * - Increment MBEDTLS_ECP_DP_MAX below if needed. - * - Update the calculation of MBEDTLS_ECP_MAX_BITS below. - * - Add the corresponding MBEDTLS_ECP_DP_xxx_ENABLED macro definition to - * mbedtls_config.h. - * - List the curve as a dependency of MBEDTLS_ECP_C and - * MBEDTLS_ECDSA_C if supported in check_config.h. - * - Add the curve to the appropriate curve type macro - * MBEDTLS_ECP_yyy_ENABLED above. - * - Add the necessary definitions to ecp_curves.c. - * - Add the curve to the ecp_supported_curves array in ecp.c. - * - Add the curve to applicable profiles in x509_crt.c. - * - Add the curve to applicable presets in ssl_tls.c. - */ -typedef enum -{ - MBEDTLS_ECP_DP_NONE = 0, /*!< Curve not defined. */ - MBEDTLS_ECP_DP_SECP192R1, /*!< Domain parameters for the 192-bit curve defined by FIPS 186-4 and SEC1. */ - MBEDTLS_ECP_DP_SECP224R1, /*!< Domain parameters for the 224-bit curve defined by FIPS 186-4 and SEC1. */ - MBEDTLS_ECP_DP_SECP256R1, /*!< Domain parameters for the 256-bit curve defined by FIPS 186-4 and SEC1. */ - MBEDTLS_ECP_DP_SECP384R1, /*!< Domain parameters for the 384-bit curve defined by FIPS 186-4 and SEC1. */ - MBEDTLS_ECP_DP_SECP521R1, /*!< Domain parameters for the 521-bit curve defined by FIPS 186-4 and SEC1. */ - MBEDTLS_ECP_DP_BP256R1, /*!< Domain parameters for 256-bit Brainpool curve. */ - MBEDTLS_ECP_DP_BP384R1, /*!< Domain parameters for 384-bit Brainpool curve. */ - MBEDTLS_ECP_DP_BP512R1, /*!< Domain parameters for 512-bit Brainpool curve. */ - MBEDTLS_ECP_DP_CURVE25519, /*!< Domain parameters for Curve25519. */ - MBEDTLS_ECP_DP_SECP192K1, /*!< Domain parameters for 192-bit "Koblitz" curve. */ - MBEDTLS_ECP_DP_SECP224K1, /*!< Domain parameters for 224-bit "Koblitz" curve. */ - MBEDTLS_ECP_DP_SECP256K1, /*!< Domain parameters for 256-bit "Koblitz" curve. */ - MBEDTLS_ECP_DP_CURVE448, /*!< Domain parameters for Curve448. */ -} mbedtls_ecp_group_id; - -/** - * The number of supported curves, plus one for #MBEDTLS_ECP_DP_NONE. - * - * \note Montgomery curves are currently excluded. - */ -#define MBEDTLS_ECP_DP_MAX 12 - -/* - * Curve types - */ -typedef enum -{ - MBEDTLS_ECP_TYPE_NONE = 0, - MBEDTLS_ECP_TYPE_SHORT_WEIERSTRASS, /* y^2 = x^3 + a x + b */ - MBEDTLS_ECP_TYPE_MONTGOMERY, /* y^2 = x^3 + a x^2 + x */ -} mbedtls_ecp_curve_type; - -/** - * Curve information, for use by other modules. - */ -typedef struct mbedtls_ecp_curve_info -{ - mbedtls_ecp_group_id MBEDTLS_PRIVATE(grp_id); /*!< An internal identifier. */ - uint16_t MBEDTLS_PRIVATE(tls_id); /*!< The TLS NamedCurve identifier. */ - uint16_t MBEDTLS_PRIVATE(bit_size); /*!< The curve size in bits. */ - const char *MBEDTLS_PRIVATE(name); /*!< A human-friendly name. */ -} mbedtls_ecp_curve_info; - -/** - * \brief The ECP point structure, in Jacobian coordinates. - * - * \note All functions expect and return points satisfying - * the following condition: Z == 0 or - * Z == 1. Other values of \p Z are - * used only by internal functions. - * The point is zero, or "at infinity", if Z == 0. - * Otherwise, \p X and \p Y are its standard (affine) - * coordinates. - */ -typedef struct mbedtls_ecp_point -{ - mbedtls_mpi MBEDTLS_PRIVATE(X); /*!< The X coordinate of the ECP point. */ - mbedtls_mpi MBEDTLS_PRIVATE(Y); /*!< The Y coordinate of the ECP point. */ - mbedtls_mpi MBEDTLS_PRIVATE(Z); /*!< The Z coordinate of the ECP point. */ -} -mbedtls_ecp_point; - -#if !defined(MBEDTLS_ECP_ALT) -/* - * default mbed TLS elliptic curve arithmetic implementation - * - * (in case MBEDTLS_ECP_ALT is defined then the developer has to provide an - * alternative implementation for the whole module and it will replace this - * one.) - */ - -/** - * \brief The ECP group structure. - * - * We consider two types of curve equations: - *
  • Short Weierstrass: y^2 = x^3 + A x + B mod P - * (SEC1 + RFC-4492)
    • - *
  • Montgomery: y^2 = x^3 + A x^2 + x mod P (Curve25519, - * Curve448)
- * In both cases, the generator (\p G) for a prime-order subgroup is fixed. - * - * For Short Weierstrass, this subgroup is the whole curve, and its - * cardinality is denoted by \p N. Our code requires that \p N is an - * odd prime as mbedtls_ecp_mul() requires an odd number, and - * mbedtls_ecdsa_sign() requires that it is prime for blinding purposes. - * - * For Montgomery curves, we do not store \p A, but (A + 2) / 4, - * which is the quantity used in the formulas. Additionally, \p nbits is - * not the size of \p N but the required size for private keys. - * - * If \p modp is NULL, reduction modulo \p P is done using a generic algorithm. - * Otherwise, \p modp must point to a function that takes an \p mbedtls_mpi in the - * range of 0..2^(2*pbits)-1, and transforms it in-place to an integer - * which is congruent mod \p P to the given MPI, and is close enough to \p pbits - * in size, so that it may be efficiently brought in the 0..P-1 range by a few - * additions or subtractions. Therefore, it is only an approximative modular - * reduction. It must return 0 on success and non-zero on failure. - * - * \note Alternative implementations of the ECP module must obey the - * following constraints. - * * Group IDs must be distinct: if two group structures have - * the same ID, then they must be identical. - * * The fields \c id, \c P, \c A, \c B, \c G, \c N, - * \c pbits and \c nbits must have the same type and semantics - * as in the built-in implementation. - * They must be available for reading, but direct modification - * of these fields does not need to be supported. - * They do not need to be at the same offset in the structure. - */ -typedef struct mbedtls_ecp_group -{ - mbedtls_ecp_group_id id; /*!< An internal group identifier. */ - mbedtls_mpi P; /*!< The prime modulus of the base field. */ - mbedtls_mpi A; /*!< For Short Weierstrass: \p A in the equation. For - Montgomery curves: (A + 2) / 4. */ - mbedtls_mpi B; /*!< For Short Weierstrass: \p B in the equation. - For Montgomery curves: unused. */ - mbedtls_ecp_point G; /*!< The generator of the subgroup used. */ - mbedtls_mpi N; /*!< The order of \p G. */ - size_t pbits; /*!< The number of bits in \p P.*/ - size_t nbits; /*!< For Short Weierstrass: The number of bits in \p P. - For Montgomery curves: the number of bits in the - private keys. */ - /* End of public fields */ - - unsigned int MBEDTLS_PRIVATE(h); /*!< \internal 1 if the constants are static. */ - int (*MBEDTLS_PRIVATE(modp))(mbedtls_mpi *); /*!< The function for fast pseudo-reduction - mod \p P (see above).*/ - int (*MBEDTLS_PRIVATE(t_pre))(mbedtls_ecp_point *, void *); /*!< Unused. */ - int (*MBEDTLS_PRIVATE(t_post))(mbedtls_ecp_point *, void *); /*!< Unused. */ - void *MBEDTLS_PRIVATE(t_data); /*!< Unused. */ - mbedtls_ecp_point *MBEDTLS_PRIVATE(T); /*!< Pre-computed points for ecp_mul_comb(). */ - size_t MBEDTLS_PRIVATE(T_size); /*!< The number of dynamic allocated pre-computed points. */ -} -mbedtls_ecp_group; - -/** - * \name SECTION: Module settings - * - * The configuration options you can set for this module are in this section. - * Either change them in mbedtls_config.h, or define them using the compiler command line. - * \{ - */ - -#if !defined(MBEDTLS_ECP_WINDOW_SIZE) -/* - * Maximum "window" size used for point multiplication. - * Default: a point where higher memory usage yields disminishing performance - * returns. - * Minimum value: 2. Maximum value: 7. - * - * Result is an array of at most ( 1 << ( MBEDTLS_ECP_WINDOW_SIZE - 1 ) ) - * points used for point multiplication. This value is directly tied to EC - * peak memory usage, so decreasing it by one should roughly cut memory usage - * by two (if large curves are in use). - * - * Reduction in size may reduce speed, but larger curves are impacted first. - * Sample performances (in ECDHE handshakes/s, with FIXED_POINT_OPTIM = 1): - * w-size: 6 5 4 3 2 - * 521 145 141 135 120 97 - * 384 214 209 198 177 146 - * 256 320 320 303 262 226 - * 224 475 475 453 398 342 - * 192 640 640 633 587 476 - */ -#define MBEDTLS_ECP_WINDOW_SIZE 4 /**< The maximum window size used. */ -#endif /* MBEDTLS_ECP_WINDOW_SIZE */ - -#if !defined(MBEDTLS_ECP_FIXED_POINT_OPTIM) -/* - * Trade code size for speed on fixed-point multiplication. - * - * This speeds up repeated multiplication of the generator (that is, the - * multiplication in ECDSA signatures, and half of the multiplications in - * ECDSA verification and ECDHE) by a factor roughly 3 to 4. - * - * For each n-bit Short Weierstrass curve that is enabled, this adds 4n bytes - * of code size if n < 384 and 8n otherwise. - * - * Change this value to 0 to reduce code size. - */ -#define MBEDTLS_ECP_FIXED_POINT_OPTIM 1 /**< Enable fixed-point speed-up. */ -#endif /* MBEDTLS_ECP_FIXED_POINT_OPTIM */ - -/* \} name SECTION: Module settings */ - -#else /* MBEDTLS_ECP_ALT */ -#include "ecp_alt.h" -#endif /* MBEDTLS_ECP_ALT */ - -/** - * The maximum size of the groups, that is, of \c N and \c P. - */ -#if !defined(MBEDTLS_ECP_C) -/* Dummy definition to help code that has optional ECP support and - * defines an MBEDTLS_ECP_MAX_BYTES-sized array unconditionally. */ -#define MBEDTLS_ECP_MAX_BITS 1 -/* Note: the curves must be listed in DECREASING size! */ -#elif defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED) -#define MBEDTLS_ECP_MAX_BITS 521 -#elif defined(MBEDTLS_ECP_DP_BP512R1_ENABLED) -#define MBEDTLS_ECP_MAX_BITS 512 -#elif defined(MBEDTLS_ECP_DP_CURVE448_ENABLED) -#define MBEDTLS_ECP_MAX_BITS 448 -#elif defined(MBEDTLS_ECP_DP_BP384R1_ENABLED) -#define MBEDTLS_ECP_MAX_BITS 384 -#elif defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED) -#define MBEDTLS_ECP_MAX_BITS 384 -#elif defined(MBEDTLS_ECP_DP_BP256R1_ENABLED) -#define MBEDTLS_ECP_MAX_BITS 256 -#elif defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED) -#define MBEDTLS_ECP_MAX_BITS 256 -#elif defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED) -#define MBEDTLS_ECP_MAX_BITS 256 -#elif defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED) -#define MBEDTLS_ECP_MAX_BITS 255 -#elif defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED) -#define MBEDTLS_ECP_MAX_BITS 225 // n is slightly above 2^224 -#elif defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED) -#define MBEDTLS_ECP_MAX_BITS 224 -#elif defined(MBEDTLS_ECP_DP_SECP192K1_ENABLED) -#define MBEDTLS_ECP_MAX_BITS 192 -#elif defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED) -#define MBEDTLS_ECP_MAX_BITS 192 -#else -#error "Missing definition of MBEDTLS_ECP_MAX_BITS" -#endif - -#define MBEDTLS_ECP_MAX_BYTES ( ( MBEDTLS_ECP_MAX_BITS + 7 ) / 8 ) -#define MBEDTLS_ECP_MAX_PT_LEN ( 2 * MBEDTLS_ECP_MAX_BYTES + 1 ) - -#if defined(MBEDTLS_ECP_RESTARTABLE) - -/** - * \brief Internal restart context for multiplication - * - * \note Opaque struct - */ -typedef struct mbedtls_ecp_restart_mul mbedtls_ecp_restart_mul_ctx; - -/** - * \brief Internal restart context for ecp_muladd() - * - * \note Opaque struct - */ -typedef struct mbedtls_ecp_restart_muladd mbedtls_ecp_restart_muladd_ctx; - -/** - * \brief General context for resuming ECC operations - */ -typedef struct -{ - unsigned MBEDTLS_PRIVATE(ops_done); /*!< current ops count */ - unsigned MBEDTLS_PRIVATE(depth); /*!< call depth (0 = top-level) */ - mbedtls_ecp_restart_mul_ctx *MBEDTLS_PRIVATE(rsm); /*!< ecp_mul_comb() sub-context */ - mbedtls_ecp_restart_muladd_ctx *MBEDTLS_PRIVATE(ma); /*!< ecp_muladd() sub-context */ -} mbedtls_ecp_restart_ctx; - -/* - * Operation counts for restartable functions - */ -#define MBEDTLS_ECP_OPS_CHK 3 /*!< basic ops count for ecp_check_pubkey() */ -#define MBEDTLS_ECP_OPS_DBL 8 /*!< basic ops count for ecp_double_jac() */ -#define MBEDTLS_ECP_OPS_ADD 11 /*!< basic ops count for see ecp_add_mixed() */ -#define MBEDTLS_ECP_OPS_INV 120 /*!< empirical equivalent for mpi_mod_inv() */ - -/** - * \brief Internal; for restartable functions in other modules. - * Check and update basic ops budget. - * - * \param grp Group structure - * \param rs_ctx Restart context - * \param ops Number of basic ops to do - * - * \return \c 0 if doing \p ops basic ops is still allowed, - * \return #MBEDTLS_ERR_ECP_IN_PROGRESS otherwise. - */ -int mbedtls_ecp_check_budget( const mbedtls_ecp_group *grp, - mbedtls_ecp_restart_ctx *rs_ctx, - unsigned ops ); - -/* Utility macro for checking and updating ops budget */ -#define MBEDTLS_ECP_BUDGET( ops ) \ - MBEDTLS_MPI_CHK( mbedtls_ecp_check_budget( grp, rs_ctx, \ - (unsigned) (ops) ) ); - -#else /* MBEDTLS_ECP_RESTARTABLE */ - -#define MBEDTLS_ECP_BUDGET( ops ) /* no-op; for compatibility */ - -/* We want to declare restartable versions of existing functions anyway */ -typedef void mbedtls_ecp_restart_ctx; - -#endif /* MBEDTLS_ECP_RESTARTABLE */ - -/** - * \brief The ECP key-pair structure. - * - * A generic key-pair that may be used for ECDSA and fixed ECDH, for example. - * - * \note Members are deliberately in the same order as in the - * ::mbedtls_ecdsa_context structure. - */ -typedef struct mbedtls_ecp_keypair -{ - mbedtls_ecp_group MBEDTLS_PRIVATE(grp); /*!< Elliptic curve and base point */ - mbedtls_mpi MBEDTLS_PRIVATE(d); /*!< our secret value */ - mbedtls_ecp_point MBEDTLS_PRIVATE(Q); /*!< our public value */ -} -mbedtls_ecp_keypair; - -/* - * Point formats, from RFC 4492's enum ECPointFormat - */ -#define MBEDTLS_ECP_PF_UNCOMPRESSED 0 /**< Uncompressed point format. */ -#define MBEDTLS_ECP_PF_COMPRESSED 1 /**< Compressed point format. */ - -/* - * Some other constants from RFC 4492 - */ -#define MBEDTLS_ECP_TLS_NAMED_CURVE 3 /**< The named_curve of ECCurveType. */ - -#if defined(MBEDTLS_ECP_RESTARTABLE) -/** - * \brief Set the maximum number of basic operations done in a row. - * - * If more operations are needed to complete a computation, - * #MBEDTLS_ERR_ECP_IN_PROGRESS will be returned by the - * function performing the computation. It is then the - * caller's responsibility to either call again with the same - * parameters until it returns 0 or an error code; or to free - * the restart context if the operation is to be aborted. - * - * It is strictly required that all input parameters and the - * restart context be the same on successive calls for the - * same operation, but output parameters need not be the - * same; they must not be used until the function finally - * returns 0. - * - * This only applies to functions whose documentation - * mentions they may return #MBEDTLS_ERR_ECP_IN_PROGRESS (or - * #MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS for functions in the - * SSL module). For functions that accept a "restart context" - * argument, passing NULL disables restart and makes the - * function equivalent to the function with the same name - * with \c _restartable removed. For functions in the ECDH - * module, restart is disabled unless the function accepts - * an "ECDH context" argument and - * mbedtls_ecdh_enable_restart() was previously called on - * that context. For function in the SSL module, restart is - * only enabled for specific sides and key exchanges - * (currently only for clients and ECDHE-ECDSA). - * - * \param max_ops Maximum number of basic operations done in a row. - * Default: 0 (unlimited). - * Lower (non-zero) values mean ECC functions will block for - * a lesser maximum amount of time. - * - * \note A "basic operation" is defined as a rough equivalent of a - * multiplication in GF(p) for the NIST P-256 curve. - * As an indication, with default settings, a scalar - * multiplication (full run of \c mbedtls_ecp_mul()) is: - * - about 3300 basic operations for P-256 - * - about 9400 basic operations for P-384 - * - * \note Very low values are not always respected: sometimes - * functions need to block for a minimum number of - * operations, and will do so even if max_ops is set to a - * lower value. That minimum depends on the curve size, and - * can be made lower by decreasing the value of - * \c MBEDTLS_ECP_WINDOW_SIZE. As an indication, here is the - * lowest effective value for various curves and values of - * that parameter (w for short): - * w=6 w=5 w=4 w=3 w=2 - * P-256 208 208 160 136 124 - * P-384 682 416 320 272 248 - * P-521 1364 832 640 544 496 - * - * \note This setting is currently ignored by Curve25519. - */ -void mbedtls_ecp_set_max_ops( unsigned max_ops ); - -/** - * \brief Check if restart is enabled (max_ops != 0) - * - * \return \c 0 if \c max_ops == 0 (restart disabled) - * \return \c 1 otherwise (restart enabled) - */ -int mbedtls_ecp_restart_is_enabled( void ); -#endif /* MBEDTLS_ECP_RESTARTABLE */ - -/* - * Get the type of a curve - */ -mbedtls_ecp_curve_type mbedtls_ecp_get_type( const mbedtls_ecp_group *grp ); - -/** - * \brief This function retrieves the information defined in - * mbedtls_ecp_curve_info() for all supported curves. - * - * \note This function returns information about all curves - * supported by the library. Some curves may not be - * supported for all algorithms. Call mbedtls_ecdh_can_do() - * or mbedtls_ecdsa_can_do() to check if a curve is - * supported for ECDH or ECDSA. - * - * \return A statically allocated array. The last entry is 0. - */ -const mbedtls_ecp_curve_info *mbedtls_ecp_curve_list( void ); - -/** - * \brief This function retrieves the list of internal group - * identifiers of all supported curves in the order of - * preference. - * - * \note This function returns information about all curves - * supported by the library. Some curves may not be - * supported for all algorithms. Call mbedtls_ecdh_can_do() - * or mbedtls_ecdsa_can_do() to check if a curve is - * supported for ECDH or ECDSA. - * - * \return A statically allocated array, - * terminated with MBEDTLS_ECP_DP_NONE. - */ -const mbedtls_ecp_group_id *mbedtls_ecp_grp_id_list( void ); - -/** - * \brief This function retrieves curve information from an internal - * group identifier. - * - * \param grp_id An \c MBEDTLS_ECP_DP_XXX value. - * - * \return The associated curve information on success. - * \return NULL on failure. - */ -const mbedtls_ecp_curve_info *mbedtls_ecp_curve_info_from_grp_id( mbedtls_ecp_group_id grp_id ); - -/** - * \brief This function retrieves curve information from a TLS - * NamedCurve value. - * - * \param tls_id An \c MBEDTLS_ECP_DP_XXX value. - * - * \return The associated curve information on success. - * \return NULL on failure. - */ -const mbedtls_ecp_curve_info *mbedtls_ecp_curve_info_from_tls_id( uint16_t tls_id ); - -/** - * \brief This function retrieves curve information from a - * human-readable name. - * - * \param name The human-readable name. - * - * \return The associated curve information on success. - * \return NULL on failure. - */ -const mbedtls_ecp_curve_info *mbedtls_ecp_curve_info_from_name( const char *name ); - -/** - * \brief This function initializes a point as zero. - * - * \param pt The point to initialize. - */ -void mbedtls_ecp_point_init( mbedtls_ecp_point *pt ); - -/** - * \brief This function initializes an ECP group context - * without loading any domain parameters. - * - * \note After this function is called, domain parameters - * for various ECP groups can be loaded through the - * mbedtls_ecp_group_load() or mbedtls_ecp_tls_read_group() - * functions. - */ -void mbedtls_ecp_group_init( mbedtls_ecp_group *grp ); - -/** - * \brief This function initializes a key pair as an invalid one. - * - * \param key The key pair to initialize. - */ -void mbedtls_ecp_keypair_init( mbedtls_ecp_keypair *key ); - -/** - * \brief This function frees the components of a point. - * - * \param pt The point to free. - */ -void mbedtls_ecp_point_free( mbedtls_ecp_point *pt ); - -/** - * \brief This function frees the components of an ECP group. - * - * \param grp The group to free. This may be \c NULL, in which - * case this function returns immediately. If it is not - * \c NULL, it must point to an initialized ECP group. - */ -void mbedtls_ecp_group_free( mbedtls_ecp_group *grp ); - -/** - * \brief This function frees the components of a key pair. - * - * \param key The key pair to free. This may be \c NULL, in which - * case this function returns immediately. If it is not - * \c NULL, it must point to an initialized ECP key pair. - */ -void mbedtls_ecp_keypair_free( mbedtls_ecp_keypair *key ); - -#if defined(MBEDTLS_ECP_RESTARTABLE) -/** - * \brief Initialize a restart context. - * - * \param ctx The restart context to initialize. This must - * not be \c NULL. - */ -void mbedtls_ecp_restart_init( mbedtls_ecp_restart_ctx *ctx ); - -/** - * \brief Free the components of a restart context. - * - * \param ctx The restart context to free. This may be \c NULL, in which - * case this function returns immediately. If it is not - * \c NULL, it must point to an initialized restart context. - */ -void mbedtls_ecp_restart_free( mbedtls_ecp_restart_ctx *ctx ); -#endif /* MBEDTLS_ECP_RESTARTABLE */ - -/** - * \brief This function copies the contents of point \p Q into - * point \p P. - * - * \param P The destination point. This must be initialized. - * \param Q The source point. This must be initialized. - * - * \return \c 0 on success. - * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED on memory-allocation failure. - * \return Another negative error code for other kinds of failure. - */ -int mbedtls_ecp_copy( mbedtls_ecp_point *P, const mbedtls_ecp_point *Q ); - -/** - * \brief This function copies the contents of group \p src into - * group \p dst. - * - * \param dst The destination group. This must be initialized. - * \param src The source group. This must be initialized. - * - * \return \c 0 on success. - * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED on memory-allocation failure. - * \return Another negative error code on other kinds of failure. - */ -int mbedtls_ecp_group_copy( mbedtls_ecp_group *dst, - const mbedtls_ecp_group *src ); - -/** - * \brief This function sets a point to the point at infinity. - * - * \param pt The point to set. This must be initialized. - * - * \return \c 0 on success. - * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED on memory-allocation failure. - * \return Another negative error code on other kinds of failure. - */ -int mbedtls_ecp_set_zero( mbedtls_ecp_point *pt ); - -/** - * \brief This function checks if a point is the point at infinity. - * - * \param pt The point to test. This must be initialized. - * - * \return \c 1 if the point is zero. - * \return \c 0 if the point is non-zero. - * \return A negative error code on failure. - */ -int mbedtls_ecp_is_zero( mbedtls_ecp_point *pt ); - -/** - * \brief This function compares two points. - * - * \note This assumes that the points are normalized. Otherwise, - * they may compare as "not equal" even if they are. - * - * \param P The first point to compare. This must be initialized. - * \param Q The second point to compare. This must be initialized. - * - * \return \c 0 if the points are equal. - * \return #MBEDTLS_ERR_ECP_BAD_INPUT_DATA if the points are not equal. - */ -int mbedtls_ecp_point_cmp( const mbedtls_ecp_point *P, - const mbedtls_ecp_point *Q ); - -/** - * \brief This function imports a non-zero point from two ASCII - * strings. - * - * \param P The destination point. This must be initialized. - * \param radix The numeric base of the input. - * \param x The first affine coordinate, as a null-terminated string. - * \param y The second affine coordinate, as a null-terminated string. - * - * \return \c 0 on success. - * \return An \c MBEDTLS_ERR_MPI_XXX error code on failure. - */ -int mbedtls_ecp_point_read_string( mbedtls_ecp_point *P, int radix, - const char *x, const char *y ); - -/** - * \brief This function exports a point into unsigned binary data. - * - * \param grp The group to which the point should belong. - * This must be initialized and have group parameters - * set, for example through mbedtls_ecp_group_load(). - * \param P The point to export. This must be initialized. - * \param format The point format. This must be either - * #MBEDTLS_ECP_PF_COMPRESSED or #MBEDTLS_ECP_PF_UNCOMPRESSED. - * (For groups without these formats, this parameter is - * ignored. But it still has to be either of the above - * values.) - * \param olen The address at which to store the length of - * the output in Bytes. This must not be \c NULL. - * \param buf The output buffer. This must be a writable buffer - * of length \p buflen Bytes. - * \param buflen The length of the output buffer \p buf in Bytes. - * - * \return \c 0 on success. - * \return #MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL if the output buffer - * is too small to hold the point. - * \return #MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE if the point format - * or the export for the given group is not implemented. - * \return Another negative error code on other kinds of failure. - */ -int mbedtls_ecp_point_write_binary( const mbedtls_ecp_group *grp, - const mbedtls_ecp_point *P, - int format, size_t *olen, - unsigned char *buf, size_t buflen ); - -/** - * \brief This function imports a point from unsigned binary data. - * - * \note This function does not check that the point actually - * belongs to the given group, see mbedtls_ecp_check_pubkey() - * for that. - * - * \param grp The group to which the point should belong. - * This must be initialized and have group parameters - * set, for example through mbedtls_ecp_group_load(). - * \param P The destination context to import the point to. - * This must be initialized. - * \param buf The input buffer. This must be a readable buffer - * of length \p ilen Bytes. - * \param ilen The length of the input buffer \p buf in Bytes. - * - * \return \c 0 on success. - * \return #MBEDTLS_ERR_ECP_BAD_INPUT_DATA if the input is invalid. - * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED on memory-allocation failure. - * \return #MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE if the import for the - * given group is not implemented. - */ -int mbedtls_ecp_point_read_binary( const mbedtls_ecp_group *grp, - mbedtls_ecp_point *P, - const unsigned char *buf, size_t ilen ); - -/** - * \brief This function imports a point from a TLS ECPoint record. - * - * \note On function return, \p *buf is updated to point immediately - * after the ECPoint record. - * - * \param grp The ECP group to use. - * This must be initialized and have group parameters - * set, for example through mbedtls_ecp_group_load(). - * \param pt The destination point. - * \param buf The address of the pointer to the start of the input buffer. - * \param len The length of the buffer. - * - * \return \c 0 on success. - * \return An \c MBEDTLS_ERR_MPI_XXX error code on initialization - * failure. - * \return #MBEDTLS_ERR_ECP_BAD_INPUT_DATA if input is invalid. - */ -int mbedtls_ecp_tls_read_point( const mbedtls_ecp_group *grp, - mbedtls_ecp_point *pt, - const unsigned char **buf, size_t len ); - -/** - * \brief This function exports a point as a TLS ECPoint record - * defined in RFC 4492, Section 5.4. - * - * \param grp The ECP group to use. - * This must be initialized and have group parameters - * set, for example through mbedtls_ecp_group_load(). - * \param pt The point to be exported. This must be initialized. - * \param format The point format to use. This must be either - * #MBEDTLS_ECP_PF_COMPRESSED or #MBEDTLS_ECP_PF_UNCOMPRESSED. - * \param olen The address at which to store the length in Bytes - * of the data written. - * \param buf The target buffer. This must be a writable buffer of - * length \p blen Bytes. - * \param blen The length of the target buffer \p buf in Bytes. - * - * \return \c 0 on success. - * \return #MBEDTLS_ERR_ECP_BAD_INPUT_DATA if the input is invalid. - * \return #MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL if the target buffer - * is too small to hold the exported point. - * \return Another negative error code on other kinds of failure. - */ -int mbedtls_ecp_tls_write_point( const mbedtls_ecp_group *grp, - const mbedtls_ecp_point *pt, - int format, size_t *olen, - unsigned char *buf, size_t blen ); - -/** - * \brief This function sets up an ECP group context - * from a standardized set of domain parameters. - * - * \note The index should be a value of the NamedCurve enum, - * as defined in RFC-4492: Elliptic Curve Cryptography - * (ECC) Cipher Suites for Transport Layer Security (TLS), - * usually in the form of an \c MBEDTLS_ECP_DP_XXX macro. - * - * \param grp The group context to setup. This must be initialized. - * \param id The identifier of the domain parameter set to load. - * - * \return \c 0 on success. - * \return #MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE if \p id doesn't - * correspond to a known group. - * \return Another negative error code on other kinds of failure. - */ -int mbedtls_ecp_group_load( mbedtls_ecp_group *grp, mbedtls_ecp_group_id id ); - -/** - * \brief This function sets up an ECP group context from a TLS - * ECParameters record as defined in RFC 4492, Section 5.4. - * - * \note The read pointer \p buf is updated to point right after - * the ECParameters record on exit. - * - * \param grp The group context to setup. This must be initialized. - * \param buf The address of the pointer to the start of the input buffer. - * \param len The length of the input buffer \c *buf in Bytes. - * - * \return \c 0 on success. - * \return #MBEDTLS_ERR_ECP_BAD_INPUT_DATA if input is invalid. - * \return #MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE if the group is not - * recognized. - * \return Another negative error code on other kinds of failure. - */ -int mbedtls_ecp_tls_read_group( mbedtls_ecp_group *grp, - const unsigned char **buf, size_t len ); - -/** - * \brief This function extracts an elliptic curve group ID from a - * TLS ECParameters record as defined in RFC 4492, Section 5.4. - * - * \note The read pointer \p buf is updated to point right after - * the ECParameters record on exit. - * - * \param grp The address at which to store the group id. - * This must not be \c NULL. - * \param buf The address of the pointer to the start of the input buffer. - * \param len The length of the input buffer \c *buf in Bytes. - * - * \return \c 0 on success. - * \return #MBEDTLS_ERR_ECP_BAD_INPUT_DATA if input is invalid. - * \return #MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE if the group is not - * recognized. - * \return Another negative error code on other kinds of failure. - */ -int mbedtls_ecp_tls_read_group_id( mbedtls_ecp_group_id *grp, - const unsigned char **buf, - size_t len ); -/** - * \brief This function exports an elliptic curve as a TLS - * ECParameters record as defined in RFC 4492, Section 5.4. - * - * \param grp The ECP group to be exported. - * This must be initialized and have group parameters - * set, for example through mbedtls_ecp_group_load(). - * \param olen The address at which to store the number of Bytes written. - * This must not be \c NULL. - * \param buf The buffer to write to. This must be a writable buffer - * of length \p blen Bytes. - * \param blen The length of the output buffer \p buf in Bytes. - * - * \return \c 0 on success. - * \return #MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL if the output - * buffer is too small to hold the exported group. - * \return Another negative error code on other kinds of failure. - */ -int mbedtls_ecp_tls_write_group( const mbedtls_ecp_group *grp, - size_t *olen, - unsigned char *buf, size_t blen ); - -/** - * \brief This function performs a scalar multiplication of a point - * by an integer: \p R = \p m * \p P. - * - * It is not thread-safe to use same group in multiple threads. - * - * \note To prevent timing attacks, this function - * executes the exact same sequence of base-field - * operations for any valid \p m. It avoids any if-branch or - * array index depending on the value of \p m. If also uses - * \p f_rng to randomize some intermediate results. - * - * \param grp The ECP group to use. - * This must be initialized and have group parameters - * set, for example through mbedtls_ecp_group_load(). - * \param R The point in which to store the result of the calculation. - * This must be initialized. - * \param m The integer by which to multiply. This must be initialized. - * \param P The point to multiply. This must be initialized. - * \param f_rng The RNG function. This must not be \c NULL. - * \param p_rng The RNG context to be passed to \p f_rng. This may be \c - * NULL if \p f_rng doesn't need a context. - * - * \return \c 0 on success. - * \return #MBEDTLS_ERR_ECP_INVALID_KEY if \p m is not a valid private - * key, or \p P is not a valid public key. - * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED on memory-allocation failure. - * \return Another negative error code on other kinds of failure. - */ -int mbedtls_ecp_mul( mbedtls_ecp_group *grp, mbedtls_ecp_point *R, - const mbedtls_mpi *m, const mbedtls_ecp_point *P, - int (*f_rng)(void *, unsigned char *, size_t), void *p_rng ); - -/** - * \brief This function performs multiplication of a point by - * an integer: \p R = \p m * \p P in a restartable way. - * - * \see mbedtls_ecp_mul() - * - * \note This function does the same as \c mbedtls_ecp_mul(), but - * it can return early and restart according to the limit set - * with \c mbedtls_ecp_set_max_ops() to reduce blocking. - * - * \param grp The ECP group to use. - * This must be initialized and have group parameters - * set, for example through mbedtls_ecp_group_load(). - * \param R The point in which to store the result of the calculation. - * This must be initialized. - * \param m The integer by which to multiply. This must be initialized. - * \param P The point to multiply. This must be initialized. - * \param f_rng The RNG function. This must not be \c NULL. - * \param p_rng The RNG context to be passed to \p f_rng. This may be \c - * NULL if \p f_rng doesn't need a context. - * \param rs_ctx The restart context (NULL disables restart). - * - * \return \c 0 on success. - * \return #MBEDTLS_ERR_ECP_INVALID_KEY if \p m is not a valid private - * key, or \p P is not a valid public key. - * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED on memory-allocation failure. - * \return #MBEDTLS_ERR_ECP_IN_PROGRESS if maximum number of - * operations was reached: see \c mbedtls_ecp_set_max_ops(). - * \return Another negative error code on other kinds of failure. - */ -int mbedtls_ecp_mul_restartable( mbedtls_ecp_group *grp, mbedtls_ecp_point *R, - const mbedtls_mpi *m, const mbedtls_ecp_point *P, - int (*f_rng)(void *, unsigned char *, size_t), void *p_rng, - mbedtls_ecp_restart_ctx *rs_ctx ); - -#if defined(MBEDTLS_ECP_SHORT_WEIERSTRASS_ENABLED) -/** - * \brief This function performs multiplication and addition of two - * points by integers: \p R = \p m * \p P + \p n * \p Q - * - * It is not thread-safe to use same group in multiple threads. - * - * \note In contrast to mbedtls_ecp_mul(), this function does not - * guarantee a constant execution flow and timing. - * - * \note This function is only defined for short Weierstrass curves. - * It may not be included in builds without any short - * Weierstrass curve. - * - * \param grp The ECP group to use. - * This must be initialized and have group parameters - * set, for example through mbedtls_ecp_group_load(). - * \param R The point in which to store the result of the calculation. - * This must be initialized. - * \param m The integer by which to multiply \p P. - * This must be initialized. - * \param P The point to multiply by \p m. This must be initialized. - * \param n The integer by which to multiply \p Q. - * This must be initialized. - * \param Q The point to be multiplied by \p n. - * This must be initialized. - * - * \return \c 0 on success. - * \return #MBEDTLS_ERR_ECP_INVALID_KEY if \p m or \p n are not - * valid private keys, or \p P or \p Q are not valid public - * keys. - * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED on memory-allocation failure. - * \return #MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE if \p grp does not - * designate a short Weierstrass curve. - * \return Another negative error code on other kinds of failure. - */ -int mbedtls_ecp_muladd( mbedtls_ecp_group *grp, mbedtls_ecp_point *R, - const mbedtls_mpi *m, const mbedtls_ecp_point *P, - const mbedtls_mpi *n, const mbedtls_ecp_point *Q ); - -/** - * \brief This function performs multiplication and addition of two - * points by integers: \p R = \p m * \p P + \p n * \p Q in a - * restartable way. - * - * \see \c mbedtls_ecp_muladd() - * - * \note This function works the same as \c mbedtls_ecp_muladd(), - * but it can return early and restart according to the limit - * set with \c mbedtls_ecp_set_max_ops() to reduce blocking. - * - * \note This function is only defined for short Weierstrass curves. - * It may not be included in builds without any short - * Weierstrass curve. - * - * \param grp The ECP group to use. - * This must be initialized and have group parameters - * set, for example through mbedtls_ecp_group_load(). - * \param R The point in which to store the result of the calculation. - * This must be initialized. - * \param m The integer by which to multiply \p P. - * This must be initialized. - * \param P The point to multiply by \p m. This must be initialized. - * \param n The integer by which to multiply \p Q. - * This must be initialized. - * \param Q The point to be multiplied by \p n. - * This must be initialized. - * \param rs_ctx The restart context (NULL disables restart). - * - * \return \c 0 on success. - * \return #MBEDTLS_ERR_ECP_INVALID_KEY if \p m or \p n are not - * valid private keys, or \p P or \p Q are not valid public - * keys. - * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED on memory-allocation failure. - * \return #MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE if \p grp does not - * designate a short Weierstrass curve. - * \return #MBEDTLS_ERR_ECP_IN_PROGRESS if maximum number of - * operations was reached: see \c mbedtls_ecp_set_max_ops(). - * \return Another negative error code on other kinds of failure. - */ -int mbedtls_ecp_muladd_restartable( - mbedtls_ecp_group *grp, mbedtls_ecp_point *R, - const mbedtls_mpi *m, const mbedtls_ecp_point *P, - const mbedtls_mpi *n, const mbedtls_ecp_point *Q, - mbedtls_ecp_restart_ctx *rs_ctx ); -#endif /* MBEDTLS_ECP_SHORT_WEIERSTRASS_ENABLED */ - -/** - * \brief This function checks that a point is a valid public key - * on this curve. - * - * It only checks that the point is non-zero, has - * valid coordinates and lies on the curve. It does not verify - * that it is indeed a multiple of \p G. This additional - * check is computationally more expensive, is not required - * by standards, and should not be necessary if the group - * used has a small cofactor. In particular, it is useless for - * the NIST groups which all have a cofactor of 1. - * - * \note This function uses bare components rather than an - * ::mbedtls_ecp_keypair structure, to ease use with other - * structures, such as ::mbedtls_ecdh_context or - * ::mbedtls_ecdsa_context. - * - * \param grp The ECP group the point should belong to. - * This must be initialized and have group parameters - * set, for example through mbedtls_ecp_group_load(). - * \param pt The point to check. This must be initialized. - * - * \return \c 0 if the point is a valid public key. - * \return #MBEDTLS_ERR_ECP_INVALID_KEY if the point is not - * a valid public key for the given curve. - * \return Another negative error code on other kinds of failure. - */ -int mbedtls_ecp_check_pubkey( const mbedtls_ecp_group *grp, - const mbedtls_ecp_point *pt ); - -/** - * \brief This function checks that an \p mbedtls_mpi is a - * valid private key for this curve. - * - * \note This function uses bare components rather than an - * ::mbedtls_ecp_keypair structure to ease use with other - * structures, such as ::mbedtls_ecdh_context or - * ::mbedtls_ecdsa_context. - * - * \param grp The ECP group the private key should belong to. - * This must be initialized and have group parameters - * set, for example through mbedtls_ecp_group_load(). - * \param d The integer to check. This must be initialized. - * - * \return \c 0 if the point is a valid private key. - * \return #MBEDTLS_ERR_ECP_INVALID_KEY if the point is not a valid - * private key for the given curve. - * \return Another negative error code on other kinds of failure. - */ -int mbedtls_ecp_check_privkey( const mbedtls_ecp_group *grp, - const mbedtls_mpi *d ); - -/** - * \brief This function generates a private key. - * - * \param grp The ECP group to generate a private key for. - * This must be initialized and have group parameters - * set, for example through mbedtls_ecp_group_load(). - * \param d The destination MPI (secret part). This must be initialized. - * \param f_rng The RNG function. This must not be \c NULL. - * \param p_rng The RNG parameter to be passed to \p f_rng. This may be - * \c NULL if \p f_rng doesn't need a context argument. - * - * \return \c 0 on success. - * \return An \c MBEDTLS_ERR_ECP_XXX or \c MBEDTLS_MPI_XXX error code - * on failure. - */ -int mbedtls_ecp_gen_privkey( const mbedtls_ecp_group *grp, - mbedtls_mpi *d, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng ); - -/** - * \brief This function generates a keypair with a configurable base - * point. - * - * \note This function uses bare components rather than an - * ::mbedtls_ecp_keypair structure to ease use with other - * structures, such as ::mbedtls_ecdh_context or - * ::mbedtls_ecdsa_context. - * - * \param grp The ECP group to generate a key pair for. - * This must be initialized and have group parameters - * set, for example through mbedtls_ecp_group_load(). - * \param G The base point to use. This must be initialized - * and belong to \p grp. It replaces the default base - * point \c grp->G used by mbedtls_ecp_gen_keypair(). - * \param d The destination MPI (secret part). - * This must be initialized. - * \param Q The destination point (public part). - * This must be initialized. - * \param f_rng The RNG function. This must not be \c NULL. - * \param p_rng The RNG context to be passed to \p f_rng. This may - * be \c NULL if \p f_rng doesn't need a context argument. - * - * \return \c 0 on success. - * \return An \c MBEDTLS_ERR_ECP_XXX or \c MBEDTLS_MPI_XXX error code - * on failure. - */ -int mbedtls_ecp_gen_keypair_base( mbedtls_ecp_group *grp, - const mbedtls_ecp_point *G, - mbedtls_mpi *d, mbedtls_ecp_point *Q, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng ); - -/** - * \brief This function generates an ECP keypair. - * - * \note This function uses bare components rather than an - * ::mbedtls_ecp_keypair structure to ease use with other - * structures, such as ::mbedtls_ecdh_context or - * ::mbedtls_ecdsa_context. - * - * \param grp The ECP group to generate a key pair for. - * This must be initialized and have group parameters - * set, for example through mbedtls_ecp_group_load(). - * \param d The destination MPI (secret part). - * This must be initialized. - * \param Q The destination point (public part). - * This must be initialized. - * \param f_rng The RNG function. This must not be \c NULL. - * \param p_rng The RNG context to be passed to \p f_rng. This may - * be \c NULL if \p f_rng doesn't need a context argument. - * - * \return \c 0 on success. - * \return An \c MBEDTLS_ERR_ECP_XXX or \c MBEDTLS_MPI_XXX error code - * on failure. - */ -int mbedtls_ecp_gen_keypair( mbedtls_ecp_group *grp, mbedtls_mpi *d, - mbedtls_ecp_point *Q, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng ); - -/** - * \brief This function generates an ECP key. - * - * \param grp_id The ECP group identifier. - * \param key The destination key. This must be initialized. - * \param f_rng The RNG function to use. This must not be \c NULL. - * \param p_rng The RNG context to be passed to \p f_rng. This may - * be \c NULL if \p f_rng doesn't need a context argument. - * - * \return \c 0 on success. - * \return An \c MBEDTLS_ERR_ECP_XXX or \c MBEDTLS_MPI_XXX error code - * on failure. - */ -int mbedtls_ecp_gen_key( mbedtls_ecp_group_id grp_id, mbedtls_ecp_keypair *key, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng ); - -/** - * \brief This function reads an elliptic curve private key. - * - * \param grp_id The ECP group identifier. - * \param key The destination key. - * \param buf The buffer containing the binary representation of the - * key. (Big endian integer for Weierstrass curves, byte - * string for Montgomery curves.) - * \param buflen The length of the buffer in bytes. - * - * \return \c 0 on success. - * \return #MBEDTLS_ERR_ECP_INVALID_KEY error if the key is - * invalid. - * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed. - * \return #MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE if the operation for - * the group is not implemented. - * \return Another negative error code on different kinds of failure. - */ -int mbedtls_ecp_read_key( mbedtls_ecp_group_id grp_id, mbedtls_ecp_keypair *key, - const unsigned char *buf, size_t buflen ); - -/** - * \brief This function exports an elliptic curve private key. - * - * \param key The private key. - * \param buf The output buffer for containing the binary representation - * of the key. (Big endian integer for Weierstrass curves, byte - * string for Montgomery curves.) - * \param buflen The total length of the buffer in bytes. - * - * \return \c 0 on success. - * \return #MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL if the \p key - representation is larger than the available space in \p buf. - * \return #MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE if the operation for - * the group is not implemented. - * \return Another negative error code on different kinds of failure. - */ -int mbedtls_ecp_write_key( mbedtls_ecp_keypair *key, - unsigned char *buf, size_t buflen ); - -/** - * \brief This function checks that the keypair objects - * \p pub and \p prv have the same group and the - * same public point, and that the private key in - * \p prv is consistent with the public key. - * - * \param pub The keypair structure holding the public key. This - * must be initialized. If it contains a private key, that - * part is ignored. - * \param prv The keypair structure holding the full keypair. - * This must be initialized. - * \param f_rng The RNG function. This must not be \c NULL. - * \param p_rng The RNG context to be passed to \p f_rng. This may be \c - * NULL if \p f_rng doesn't need a context. - * - * \return \c 0 on success, meaning that the keys are valid and match. - * \return #MBEDTLS_ERR_ECP_BAD_INPUT_DATA if the keys are invalid or do not match. - * \return An \c MBEDTLS_ERR_ECP_XXX or an \c MBEDTLS_ERR_MPI_XXX - * error code on calculation failure. - */ -int mbedtls_ecp_check_pub_priv( - const mbedtls_ecp_keypair *pub, const mbedtls_ecp_keypair *prv, - int (*f_rng)(void *, unsigned char *, size_t), void *p_rng ); - -#if defined(MBEDTLS_SELF_TEST) - -/** - * \brief The ECP checkup routine. - * - * \return \c 0 on success. - * \return \c 1 on failure. - */ -int mbedtls_ecp_self_test( int verbose ); - -#endif /* MBEDTLS_SELF_TEST */ - -#ifdef __cplusplus -} -#endif - -#endif /* ecp.h */ diff --git a/windows/mbedtls/entropy.h b/windows/mbedtls/entropy.h deleted file mode 100644 index a16a3753..00000000 --- a/windows/mbedtls/entropy.h +++ /dev/null @@ -1,288 +0,0 @@ -/** - * \file entropy.h - * - * \brief Entropy accumulator implementation - */ -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -#ifndef MBEDTLS_ENTROPY_H -#define MBEDTLS_ENTROPY_H -#include "mbedtls/private_access.h" - -#include "mbedtls/build_info.h" - -#include - -#if defined(MBEDTLS_SHA512_C) && !defined(MBEDTLS_ENTROPY_FORCE_SHA256) -#include "mbedtls/sha512.h" -#define MBEDTLS_ENTROPY_SHA512_ACCUMULATOR -#else -#if defined(MBEDTLS_SHA256_C) -#define MBEDTLS_ENTROPY_SHA256_ACCUMULATOR -#include "mbedtls/sha256.h" -#endif -#endif - -#if defined(MBEDTLS_THREADING_C) -#include "mbedtls/threading.h" -#endif - - -#define MBEDTLS_ERR_ENTROPY_SOURCE_FAILED -0x003C /**< Critical entropy source failure. */ -#define MBEDTLS_ERR_ENTROPY_MAX_SOURCES -0x003E /**< No more sources can be added. */ -#define MBEDTLS_ERR_ENTROPY_NO_SOURCES_DEFINED -0x0040 /**< No sources have been added to poll. */ -#define MBEDTLS_ERR_ENTROPY_NO_STRONG_SOURCE -0x003D /**< No strong sources have been added to poll. */ -#define MBEDTLS_ERR_ENTROPY_FILE_IO_ERROR -0x003F /**< Read/write error in file. */ - -/** - * \name SECTION: Module settings - * - * The configuration options you can set for this module are in this section. - * Either change them in mbedtls_config.h or define them on the compiler command line. - * \{ - */ - -#if !defined(MBEDTLS_ENTROPY_MAX_SOURCES) -#define MBEDTLS_ENTROPY_MAX_SOURCES 20 /**< Maximum number of sources supported */ -#endif - -#if !defined(MBEDTLS_ENTROPY_MAX_GATHER) -#define MBEDTLS_ENTROPY_MAX_GATHER 128 /**< Maximum amount requested from entropy sources */ -#endif - -/* \} name SECTION: Module settings */ - -#if defined(MBEDTLS_ENTROPY_SHA512_ACCUMULATOR) -#define MBEDTLS_ENTROPY_BLOCK_SIZE 64 /**< Block size of entropy accumulator (SHA-512) */ -#else -#define MBEDTLS_ENTROPY_BLOCK_SIZE 32 /**< Block size of entropy accumulator (SHA-256) */ -#endif - -#define MBEDTLS_ENTROPY_MAX_SEED_SIZE 1024 /**< Maximum size of seed we read from seed file */ -#define MBEDTLS_ENTROPY_SOURCE_MANUAL MBEDTLS_ENTROPY_MAX_SOURCES - -#define MBEDTLS_ENTROPY_SOURCE_STRONG 1 /**< Entropy source is strong */ -#define MBEDTLS_ENTROPY_SOURCE_WEAK 0 /**< Entropy source is weak */ - -#ifdef __cplusplus -extern "C" { -#endif - -/** - * \brief Entropy poll callback pointer - * - * \param data Callback-specific data pointer - * \param output Data to fill - * \param len Maximum size to provide - * \param olen The actual amount of bytes put into the buffer (Can be 0) - * - * \return 0 if no critical failures occurred, - * MBEDTLS_ERR_ENTROPY_SOURCE_FAILED otherwise - */ -typedef int (*mbedtls_entropy_f_source_ptr)(void *data, unsigned char *output, size_t len, - size_t *olen); - -/** - * \brief Entropy source state - */ -typedef struct mbedtls_entropy_source_state -{ - mbedtls_entropy_f_source_ptr MBEDTLS_PRIVATE(f_source); /**< The entropy source callback */ - void * MBEDTLS_PRIVATE(p_source); /**< The callback data pointer */ - size_t MBEDTLS_PRIVATE(size); /**< Amount received in bytes */ - size_t MBEDTLS_PRIVATE(threshold); /**< Minimum bytes required before release */ - int MBEDTLS_PRIVATE(strong); /**< Is the source strong? */ -} -mbedtls_entropy_source_state; - -/** - * \brief Entropy context structure - */ -typedef struct mbedtls_entropy_context -{ - int MBEDTLS_PRIVATE(accumulator_started); /* 0 after init. - * 1 after the first update. - * -1 after free. */ -#if defined(MBEDTLS_ENTROPY_SHA512_ACCUMULATOR) - mbedtls_sha512_context MBEDTLS_PRIVATE(accumulator); -#else - mbedtls_sha256_context MBEDTLS_PRIVATE(accumulator); -#endif - int MBEDTLS_PRIVATE(source_count); /* Number of entries used in source. */ - mbedtls_entropy_source_state MBEDTLS_PRIVATE(source)[MBEDTLS_ENTROPY_MAX_SOURCES]; -#if defined(MBEDTLS_THREADING_C) - mbedtls_threading_mutex_t MBEDTLS_PRIVATE(mutex); /*!< mutex */ -#endif -#if defined(MBEDTLS_ENTROPY_NV_SEED) - int MBEDTLS_PRIVATE(initial_entropy_run); -#endif -} -mbedtls_entropy_context; - -#if !defined(MBEDTLS_NO_PLATFORM_ENTROPY) -/** - * \brief Platform-specific entropy poll callback - */ -int mbedtls_platform_entropy_poll( void *data, - unsigned char *output, size_t len, size_t *olen ); -#endif - -/** - * \brief Initialize the context - * - * \param ctx Entropy context to initialize - */ -void mbedtls_entropy_init( mbedtls_entropy_context *ctx ); - -/** - * \brief Free the data in the context - * - * \param ctx Entropy context to free - */ -void mbedtls_entropy_free( mbedtls_entropy_context *ctx ); - -/** - * \brief Adds an entropy source to poll - * (Thread-safe if MBEDTLS_THREADING_C is enabled) - * - * \param ctx Entropy context - * \param f_source Entropy function - * \param p_source Function data - * \param threshold Minimum required from source before entropy is released - * ( with mbedtls_entropy_func() ) (in bytes) - * \param strong MBEDTLS_ENTROPY_SOURCE_STRONG or - * MBEDTLS_ENTROPY_SOURCE_WEAK. - * At least one strong source needs to be added. - * Weaker sources (such as the cycle counter) can be used as - * a complement. - * - * \return 0 if successful or MBEDTLS_ERR_ENTROPY_MAX_SOURCES - */ -int mbedtls_entropy_add_source( mbedtls_entropy_context *ctx, - mbedtls_entropy_f_source_ptr f_source, void *p_source, - size_t threshold, int strong ); - -/** - * \brief Trigger an extra gather poll for the accumulator - * (Thread-safe if MBEDTLS_THREADING_C is enabled) - * - * \param ctx Entropy context - * - * \return 0 if successful, or MBEDTLS_ERR_ENTROPY_SOURCE_FAILED - */ -int mbedtls_entropy_gather( mbedtls_entropy_context *ctx ); - -/** - * \brief Retrieve entropy from the accumulator - * (Maximum length: MBEDTLS_ENTROPY_BLOCK_SIZE) - * (Thread-safe if MBEDTLS_THREADING_C is enabled) - * - * \param data Entropy context - * \param output Buffer to fill - * \param len Number of bytes desired, must be at most MBEDTLS_ENTROPY_BLOCK_SIZE - * - * \return 0 if successful, or MBEDTLS_ERR_ENTROPY_SOURCE_FAILED - */ -int mbedtls_entropy_func( void *data, unsigned char *output, size_t len ); - -/** - * \brief Add data to the accumulator manually - * (Thread-safe if MBEDTLS_THREADING_C is enabled) - * - * \param ctx Entropy context - * \param data Data to add - * \param len Length of data - * - * \return 0 if successful - */ -int mbedtls_entropy_update_manual( mbedtls_entropy_context *ctx, - const unsigned char *data, size_t len ); - -#if defined(MBEDTLS_ENTROPY_NV_SEED) -/** - * \brief Trigger an update of the seed file in NV by using the - * current entropy pool. - * - * \param ctx Entropy context - * - * \return 0 if successful - */ -int mbedtls_entropy_update_nv_seed( mbedtls_entropy_context *ctx ); -#endif /* MBEDTLS_ENTROPY_NV_SEED */ - -#if defined(MBEDTLS_FS_IO) -/** - * \brief Write a seed file - * - * \param ctx Entropy context - * \param path Name of the file - * - * \return 0 if successful, - * MBEDTLS_ERR_ENTROPY_FILE_IO_ERROR on file error, or - * MBEDTLS_ERR_ENTROPY_SOURCE_FAILED - */ -int mbedtls_entropy_write_seed_file( mbedtls_entropy_context *ctx, const char *path ); - -/** - * \brief Read and update a seed file. Seed is added to this - * instance. No more than MBEDTLS_ENTROPY_MAX_SEED_SIZE bytes are - * read from the seed file. The rest is ignored. - * - * \param ctx Entropy context - * \param path Name of the file - * - * \return 0 if successful, - * MBEDTLS_ERR_ENTROPY_FILE_IO_ERROR on file error, - * MBEDTLS_ERR_ENTROPY_SOURCE_FAILED - */ -int mbedtls_entropy_update_seed_file( mbedtls_entropy_context *ctx, const char *path ); -#endif /* MBEDTLS_FS_IO */ - -#if defined(MBEDTLS_SELF_TEST) -/** - * \brief Checkup routine - * - * This module self-test also calls the entropy self-test, - * mbedtls_entropy_source_self_test(); - * - * \return 0 if successful, or 1 if a test failed - */ -int mbedtls_entropy_self_test( int verbose ); - -#if defined(MBEDTLS_ENTROPY_HARDWARE_ALT) -/** - * \brief Checkup routine - * - * Verifies the integrity of the hardware entropy source - * provided by the function 'mbedtls_hardware_poll()'. - * - * Note this is the only hardware entropy source that is known - * at link time, and other entropy sources configured - * dynamically at runtime by the function - * mbedtls_entropy_add_source() will not be tested. - * - * \return 0 if successful, or 1 if a test failed - */ -int mbedtls_entropy_source_self_test( int verbose ); -#endif /* MBEDTLS_ENTROPY_HARDWARE_ALT */ -#endif /* MBEDTLS_SELF_TEST */ - -#ifdef __cplusplus -} -#endif - -#endif /* entropy.h */ diff --git a/windows/mbedtls/error.h b/windows/mbedtls/error.h deleted file mode 100644 index 9a8690dc..00000000 --- a/windows/mbedtls/error.h +++ /dev/null @@ -1,210 +0,0 @@ -/** - * \file error.h - * - * \brief Error to string translation - */ -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -#ifndef MBEDTLS_ERROR_H -#define MBEDTLS_ERROR_H - -#include "mbedtls/build_info.h" - -#include - -#if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && \ - !defined(inline) && !defined(__cplusplus) -#define inline __inline -#endif - -/** - * Error code layout. - * - * Currently we try to keep all error codes within the negative space of 16 - * bits signed integers to support all platforms (-0x0001 - -0x7FFF). In - * addition we'd like to give two layers of information on the error if - * possible. - * - * For that purpose the error codes are segmented in the following manner: - * - * 16 bit error code bit-segmentation - * - * 1 bit - Unused (sign bit) - * 3 bits - High level module ID - * 5 bits - Module-dependent error code - * 7 bits - Low level module errors - * - * For historical reasons, low-level error codes are divided in even and odd, - * even codes were assigned first, and -1 is reserved for other errors. - * - * Low-level module errors (0x0002-0x007E, 0x0001-0x007F) - * - * Module Nr Codes assigned - * ERROR 2 0x006E 0x0001 - * MPI 7 0x0002-0x0010 - * GCM 3 0x0012-0x0014 0x0013-0x0013 - * THREADING 3 0x001A-0x001E - * AES 5 0x0020-0x0022 0x0021-0x0025 - * CAMELLIA 3 0x0024-0x0026 0x0027-0x0027 - * BASE64 2 0x002A-0x002C - * OID 1 0x002E-0x002E 0x000B-0x000B - * PADLOCK 1 0x0030-0x0030 - * DES 2 0x0032-0x0032 0x0033-0x0033 - * CTR_DBRG 4 0x0034-0x003A - * ENTROPY 3 0x003C-0x0040 0x003D-0x003F - * NET 13 0x0042-0x0052 0x0043-0x0049 - * ARIA 4 0x0058-0x005E - * ASN1 7 0x0060-0x006C - * CMAC 1 0x007A-0x007A - * PBKDF2 1 0x007C-0x007C - * HMAC_DRBG 4 0x0003-0x0009 - * CCM 3 0x000D-0x0011 - * MD5 1 0x002F-0x002F - * RIPEMD160 1 0x0031-0x0031 - * SHA1 1 0x0035-0x0035 0x0073-0x0073 - * SHA256 1 0x0037-0x0037 0x0074-0x0074 - * SHA512 1 0x0039-0x0039 0x0075-0x0075 - * CHACHA20 3 0x0051-0x0055 - * POLY1305 3 0x0057-0x005B - * CHACHAPOLY 2 0x0054-0x0056 - * PLATFORM 2 0x0070-0x0072 - * - * High-level module nr (3 bits - 0x0...-0x7...) - * Name ID Nr of Errors - * PEM 1 9 - * PKCS#12 1 4 (Started from top) - * X509 2 20 - * PKCS5 2 4 (Started from top) - * DHM 3 11 - * PK 3 15 (Started from top) - * RSA 4 11 - * ECP 4 10 (Started from top) - * MD 5 5 - * HKDF 5 1 (Started from top) - * SSL 5 2 (Started from 0x5F00) - * CIPHER 6 8 (Started from 0x6080) - * SSL 6 22 (Started from top, plus 0x6000) - * SSL 7 20 (Started from 0x7000, gaps at - * 0x7380, 0x7900-0x7980, 0x7A80-0x7E80) - * - * Module dependent error code (5 bits 0x.00.-0x.F8.) - */ - -#ifdef __cplusplus -extern "C" { -#endif - -#define MBEDTLS_ERR_ERROR_GENERIC_ERROR -0x0001 /**< Generic error */ -#define MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED -0x006E /**< This is a bug in the library */ - -#define MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED -0x0070 /**< Hardware accelerator failed */ -#define MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED -0x0072 /**< The requested feature is not supported by the platform */ - -/** - * \brief Combines a high-level and low-level error code together. - * - * Wrapper macro for mbedtls_error_add(). See that function for - * more details. - */ -#define MBEDTLS_ERROR_ADD( high, low ) \ - mbedtls_error_add( high, low, __FILE__, __LINE__ ) - -#if defined(MBEDTLS_TEST_HOOKS) -/** - * \brief Testing hook called before adding/combining two error codes together. - * Only used when invasive testing is enabled via MBEDTLS_TEST_HOOKS. - */ -extern void (*mbedtls_test_hook_error_add)( int, int, const char *, int ); -#endif - -/** - * \brief Combines a high-level and low-level error code together. - * - * This function can be called directly however it is usually - * called via the #MBEDTLS_ERROR_ADD macro. - * - * While a value of zero is not a negative error code, it is still an - * error code (that denotes success) and can be combined with both a - * negative error code or another value of zero. - * - * \note When invasive testing is enabled via #MBEDTLS_TEST_HOOKS, also try to - * call \link mbedtls_test_hook_error_add \endlink. - * - * \param high high-level error code. See error.h for more details. - * \param low low-level error code. See error.h for more details. - * \param file file where this error code addition occurred. - * \param line line where this error code addition occurred. - */ -static inline int mbedtls_error_add( int high, int low, - const char *file, int line ) -{ -#if defined(MBEDTLS_TEST_HOOKS) - if( *mbedtls_test_hook_error_add != NULL ) - ( *mbedtls_test_hook_error_add )( high, low, file, line ); -#endif - (void)file; - (void)line; - - return( high + low ); -} - -/** - * \brief Translate a mbed TLS error code into a string representation, - * Result is truncated if necessary and always includes a terminating - * null byte. - * - * \param errnum error code - * \param buffer buffer to place representation in - * \param buflen length of the buffer - */ -void mbedtls_strerror( int errnum, char *buffer, size_t buflen ); - -/** - * \brief Translate the high-level part of an Mbed TLS error code into a string - * representation. - * - * This function returns a const pointer to an un-modifiable string. The caller - * must not try to modify the string. It is intended to be used mostly for - * logging purposes. - * - * \param error_code error code - * - * \return The string representation of the error code, or \c NULL if the error - * code is unknown. - */ -const char * mbedtls_high_level_strerr( int error_code ); - -/** - * \brief Translate the low-level part of an Mbed TLS error code into a string - * representation. - * - * This function returns a const pointer to an un-modifiable string. The caller - * must not try to modify the string. It is intended to be used mostly for - * logging purposes. - * - * \param error_code error code - * - * \return The string representation of the error code, or \c NULL if the error - * code is unknown. - */ -const char * mbedtls_low_level_strerr( int error_code ); - -#ifdef __cplusplus -} -#endif - -#endif /* error.h */ diff --git a/windows/mbedtls/gcm.h b/windows/mbedtls/gcm.h deleted file mode 100644 index d1219bb1..00000000 --- a/windows/mbedtls/gcm.h +++ /dev/null @@ -1,379 +0,0 @@ -/** - * \file gcm.h - * - * \brief This file contains GCM definitions and functions. - * - * The Galois/Counter Mode (GCM) for 128-bit block ciphers is defined - * in D. McGrew, J. Viega, The Galois/Counter Mode of Operation - * (GCM), Natl. Inst. Stand. Technol. - * - * For more information on GCM, see NIST SP 800-38D: Recommendation for - * Block Cipher Modes of Operation: Galois/Counter Mode (GCM) and GMAC. - * - */ -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -#ifndef MBEDTLS_GCM_H -#define MBEDTLS_GCM_H -#include "mbedtls/private_access.h" - -#include "mbedtls/build_info.h" - -#include "mbedtls/cipher.h" - -#include - -#define MBEDTLS_GCM_ENCRYPT 1 -#define MBEDTLS_GCM_DECRYPT 0 - -#define MBEDTLS_ERR_GCM_AUTH_FAILED -0x0012 /**< Authenticated decryption failed. */ -#define MBEDTLS_ERR_GCM_BAD_INPUT -0x0014 /**< Bad input parameters to function. */ - -#ifdef __cplusplus -extern "C" { -#endif - -#if !defined(MBEDTLS_GCM_ALT) - -/** - * \brief The GCM context structure. - */ -typedef struct mbedtls_gcm_context -{ - mbedtls_cipher_context_t MBEDTLS_PRIVATE(cipher_ctx); /*!< The cipher context used. */ - uint64_t MBEDTLS_PRIVATE(HL)[16]; /*!< Precalculated HTable low. */ - uint64_t MBEDTLS_PRIVATE(HH)[16]; /*!< Precalculated HTable high. */ - uint64_t MBEDTLS_PRIVATE(len); /*!< The total length of the encrypted data. */ - uint64_t MBEDTLS_PRIVATE(add_len); /*!< The total length of the additional data. */ - unsigned char MBEDTLS_PRIVATE(base_ectr)[16]; /*!< The first ECTR for tag. */ - unsigned char MBEDTLS_PRIVATE(y)[16]; /*!< The Y working value. */ - unsigned char MBEDTLS_PRIVATE(buf)[16]; /*!< The buf working value. */ - int MBEDTLS_PRIVATE(mode); /*!< The operation to perform: - #MBEDTLS_GCM_ENCRYPT or - #MBEDTLS_GCM_DECRYPT. */ -} -mbedtls_gcm_context; - -#else /* !MBEDTLS_GCM_ALT */ -#include "gcm_alt.h" -#endif /* !MBEDTLS_GCM_ALT */ - -/** - * \brief This function initializes the specified GCM context, - * to make references valid, and prepares the context - * for mbedtls_gcm_setkey() or mbedtls_gcm_free(). - * - * The function does not bind the GCM context to a particular - * cipher, nor set the key. For this purpose, use - * mbedtls_gcm_setkey(). - * - * \param ctx The GCM context to initialize. This must not be \c NULL. - */ -void mbedtls_gcm_init( mbedtls_gcm_context *ctx ); - -/** - * \brief This function associates a GCM context with a - * cipher algorithm and a key. - * - * \param ctx The GCM context. This must be initialized. - * \param cipher The 128-bit block cipher to use. - * \param key The encryption key. This must be a readable buffer of at - * least \p keybits bits. - * \param keybits The key size in bits. Valid options are: - *
  • 128 bits
    • - *
  • 192 bits
    • - *
  • 256 bits
- * - * \return \c 0 on success. - * \return A cipher-specific error code on failure. - */ -int mbedtls_gcm_setkey( mbedtls_gcm_context *ctx, - mbedtls_cipher_id_t cipher, - const unsigned char *key, - unsigned int keybits ); - -/** - * \brief This function performs GCM encryption or decryption of a buffer. - * - * \note For encryption, the output buffer can be the same as the - * input buffer. For decryption, the output buffer cannot be - * the same as input buffer. If the buffers overlap, the output - * buffer must trail at least 8 Bytes behind the input buffer. - * - * \warning When this function performs a decryption, it outputs the - * authentication tag and does not verify that the data is - * authentic. You should use this function to perform encryption - * only. For decryption, use mbedtls_gcm_auth_decrypt() instead. - * - * \param ctx The GCM context to use for encryption or decryption. This - * must be initialized. - * \param mode The operation to perform: - * - #MBEDTLS_GCM_ENCRYPT to perform authenticated encryption. - * The ciphertext is written to \p output and the - * authentication tag is written to \p tag. - * - #MBEDTLS_GCM_DECRYPT to perform decryption. - * The plaintext is written to \p output and the - * authentication tag is written to \p tag. - * Note that this mode is not recommended, because it does - * not verify the authenticity of the data. For this reason, - * you should use mbedtls_gcm_auth_decrypt() instead of - * calling this function in decryption mode. - * \param length The length of the input data, which is equal to the length - * of the output data. - * \param iv The initialization vector. This must be a readable buffer of - * at least \p iv_len Bytes. - * \param iv_len The length of the IV. - * \param add The buffer holding the additional data. This must be of at - * least that size in Bytes. - * \param add_len The length of the additional data. - * \param input The buffer holding the input data. If \p length is greater - * than zero, this must be a readable buffer of at least that - * size in Bytes. - * \param output The buffer for holding the output data. If \p length is greater - * than zero, this must be a writable buffer of at least that - * size in Bytes. - * \param tag_len The length of the tag to generate. - * \param tag The buffer for holding the tag. This must be a writable - * buffer of at least \p tag_len Bytes. - * - * \return \c 0 if the encryption or decryption was performed - * successfully. Note that in #MBEDTLS_GCM_DECRYPT mode, - * this does not indicate that the data is authentic. - * \return #MBEDTLS_ERR_GCM_BAD_INPUT if the lengths or pointers are - * not valid or a cipher-specific error code if the encryption - * or decryption failed. - */ -int mbedtls_gcm_crypt_and_tag( mbedtls_gcm_context *ctx, - int mode, - size_t length, - const unsigned char *iv, - size_t iv_len, - const unsigned char *add, - size_t add_len, - const unsigned char *input, - unsigned char *output, - size_t tag_len, - unsigned char *tag ); - -/** - * \brief This function performs a GCM authenticated decryption of a - * buffer. - * - * \note For decryption, the output buffer cannot be the same as - * input buffer. If the buffers overlap, the output buffer - * must trail at least 8 Bytes behind the input buffer. - * - * \param ctx The GCM context. This must be initialized. - * \param length The length of the ciphertext to decrypt, which is also - * the length of the decrypted plaintext. - * \param iv The initialization vector. This must be a readable buffer - * of at least \p iv_len Bytes. - * \param iv_len The length of the IV. - * \param add The buffer holding the additional data. This must be of at - * least that size in Bytes. - * \param add_len The length of the additional data. - * \param tag The buffer holding the tag to verify. This must be a - * readable buffer of at least \p tag_len Bytes. - * \param tag_len The length of the tag to verify. - * \param input The buffer holding the ciphertext. If \p length is greater - * than zero, this must be a readable buffer of at least that - * size. - * \param output The buffer for holding the decrypted plaintext. If \p length - * is greater than zero, this must be a writable buffer of at - * least that size. - * - * \return \c 0 if successful and authenticated. - * \return #MBEDTLS_ERR_GCM_AUTH_FAILED if the tag does not match. - * \return #MBEDTLS_ERR_GCM_BAD_INPUT if the lengths or pointers are - * not valid or a cipher-specific error code if the decryption - * failed. - */ -int mbedtls_gcm_auth_decrypt( mbedtls_gcm_context *ctx, - size_t length, - const unsigned char *iv, - size_t iv_len, - const unsigned char *add, - size_t add_len, - const unsigned char *tag, - size_t tag_len, - const unsigned char *input, - unsigned char *output ); - -/** - * \brief This function starts a GCM encryption or decryption - * operation. - * - * \param ctx The GCM context. This must be initialized. - * \param mode The operation to perform: #MBEDTLS_GCM_ENCRYPT or - * #MBEDTLS_GCM_DECRYPT. - * \param iv The initialization vector. This must be a readable buffer of - * at least \p iv_len Bytes. - * \param iv_len The length of the IV. - * - * \return \c 0 on success. - */ -int mbedtls_gcm_starts( mbedtls_gcm_context *ctx, - int mode, - const unsigned char *iv, - size_t iv_len ); - -/** - * \brief This function feeds an input buffer as associated data - * (authenticated but not encrypted data) in a GCM - * encryption or decryption operation. - * - * Call this function after mbedtls_gcm_starts() to pass - * the associated data. If the associated data is empty, - * you do not need to call this function. You may not - * call this function after calling mbedtls_cipher_update(). - * - * \param ctx The GCM context. This must have been started with - * mbedtls_gcm_starts() and must not have yet received - * any input with mbedtls_gcm_update(). - * \param add The buffer holding the additional data, or \c NULL - * if \p add_len is \c 0. - * \param add_len The length of the additional data. If \c 0, - * \p add may be \c NULL. - * - * \return \c 0 on success. - */ -int mbedtls_gcm_update_ad( mbedtls_gcm_context *ctx, - const unsigned char *add, - size_t add_len ); - -/** - * \brief This function feeds an input buffer into an ongoing GCM - * encryption or decryption operation. - * - * You may call this function zero, one or more times - * to pass successive parts of the input: the plaintext to - * encrypt, or the ciphertext (not including the tag) to - * decrypt. After the last part of the input, call - * mbedtls_gcm_finish(). - * - * This function may produce output in one of the following - * ways: - * - Immediate output: the output length is always equal - * to the input length. - * - Buffered output: the output consists of a whole number - * of 16-byte blocks. If the total input length so far - * (not including associated data) is 16 \* *B* + *A* - * with *A* < 16 then the total output length is 16 \* *B*. - * - * In particular: - * - It is always correct to call this function with - * \p output_size >= \p input_length + 15. - * - If \p input_length is a multiple of 16 for all the calls - * to this function during an operation, then it is - * correct to use \p output_size = \p input_length. - * - * \note For decryption, the output buffer cannot be the same as - * input buffer. If the buffers overlap, the output buffer - * must trail at least 8 Bytes behind the input buffer. - * - * \param ctx The GCM context. This must be initialized. - * \param input The buffer holding the input data. If \p input_length - * is greater than zero, this must be a readable buffer - * of at least \p input_length bytes. - * \param input_length The length of the input data in bytes. - * \param output The buffer for the output data. If \p output_size - * is greater than zero, this must be a writable buffer of - * of at least \p output_size bytes. - * \param output_size The size of the output buffer in bytes. - * See the function description regarding the output size. - * \param output_length On success, \p *output_length contains the actual - * length of the output written in \p output. - * On failure, the content of \p *output_length is - * unspecified. - * - * \return \c 0 on success. - * \return #MBEDTLS_ERR_GCM_BAD_INPUT on failure: - * total input length too long, - * unsupported input/output buffer overlap detected, - * or \p output_size too small. - */ -int mbedtls_gcm_update( mbedtls_gcm_context *ctx, - const unsigned char *input, size_t input_length, - unsigned char *output, size_t output_size, - size_t *output_length ); - -/** - * \brief This function finishes the GCM operation and generates - * the authentication tag. - * - * It wraps up the GCM stream, and generates the - * tag. The tag can have a maximum length of 16 Bytes. - * - * \param ctx The GCM context. This must be initialized. - * \param tag The buffer for holding the tag. This must be a writable - * buffer of at least \p tag_len Bytes. - * \param tag_len The length of the tag to generate. This must be at least - * four. - * \param output The buffer for the final output. - * If \p output_size is nonzero, this must be a writable - * buffer of at least \p output_size bytes. - * \param output_size The size of the \p output buffer in bytes. - * This must be large enough for the output that - * mbedtls_gcm_update() has not produced. In particular: - * - If mbedtls_gcm_update() produces immediate output, - * or if the total input size is a multiple of \c 16, - * then mbedtls_gcm_finish() never produces any output, - * so \p output_size can be \c 0. - * - \p output_size never needs to be more than \c 15. - * \param output_length On success, \p *output_length contains the actual - * length of the output written in \p output. - * On failure, the content of \p *output_length is - * unspecified. - * - * \return \c 0 on success. - * \return #MBEDTLS_ERR_GCM_BAD_INPUT on failure: - * invalid value of \p tag_len, - * or \p output_size too small. - */ -int mbedtls_gcm_finish( mbedtls_gcm_context *ctx, - unsigned char *output, size_t output_size, - size_t *output_length, - unsigned char *tag, size_t tag_len ); - -/** - * \brief This function clears a GCM context and the underlying - * cipher sub-context. - * - * \param ctx The GCM context to clear. If this is \c NULL, the call has - * no effect. Otherwise, this must be initialized. - */ -void mbedtls_gcm_free( mbedtls_gcm_context *ctx ); - -#if defined(MBEDTLS_SELF_TEST) - -/** - * \brief The GCM checkup routine. - * - * \return \c 0 on success. - * \return \c 1 on failure. - */ -int mbedtls_gcm_self_test( int verbose ); - -#endif /* MBEDTLS_SELF_TEST */ - -#ifdef __cplusplus -} -#endif - - -#endif /* gcm.h */ diff --git a/windows/mbedtls/hkdf.h b/windows/mbedtls/hkdf.h deleted file mode 100644 index 81a62701..00000000 --- a/windows/mbedtls/hkdf.h +++ /dev/null @@ -1,135 +0,0 @@ -/** - * \file hkdf.h - * - * \brief This file contains the HKDF interface. - * - * The HMAC-based Extract-and-Expand Key Derivation Function (HKDF) is - * specified by RFC 5869. - */ -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -#ifndef MBEDTLS_HKDF_H -#define MBEDTLS_HKDF_H - -#include "mbedtls/build_info.h" - -#include "mbedtls/md.h" - -/** - * \name HKDF Error codes - * \{ - */ -#define MBEDTLS_ERR_HKDF_BAD_INPUT_DATA -0x5F80 /**< Bad input parameters to function. */ -/* \} name */ - -#ifdef __cplusplus -extern "C" { -#endif - -/** - * \brief This is the HMAC-based Extract-and-Expand Key Derivation Function - * (HKDF). - * - * \param md A hash function; md.size denotes the length of the hash - * function output in bytes. - * \param salt An optional salt value (a non-secret random value); - * if the salt is not provided, a string of all zeros of - * md.size length is used as the salt. - * \param salt_len The length in bytes of the optional \p salt. - * \param ikm The input keying material. - * \param ikm_len The length in bytes of \p ikm. - * \param info An optional context and application specific information - * string. This can be a zero-length string. - * \param info_len The length of \p info in bytes. - * \param okm The output keying material of \p okm_len bytes. - * \param okm_len The length of the output keying material in bytes. This - * must be less than or equal to 255 * md.size bytes. - * - * \return 0 on success. - * \return #MBEDTLS_ERR_HKDF_BAD_INPUT_DATA when the parameters are invalid. - * \return An MBEDTLS_ERR_MD_* error for errors returned from the underlying - * MD layer. - */ -int mbedtls_hkdf( const mbedtls_md_info_t *md, const unsigned char *salt, - size_t salt_len, const unsigned char *ikm, size_t ikm_len, - const unsigned char *info, size_t info_len, - unsigned char *okm, size_t okm_len ); - -/** - * \brief Take the input keying material \p ikm and extract from it a - * fixed-length pseudorandom key \p prk. - * - * \warning This function should only be used if the security of it has been - * studied and established in that particular context (eg. TLS 1.3 - * key schedule). For standard HKDF security guarantees use - * \c mbedtls_hkdf instead. - * - * \param md A hash function; md.size denotes the length of the - * hash function output in bytes. - * \param salt An optional salt value (a non-secret random value); - * if the salt is not provided, a string of all zeros - * of md.size length is used as the salt. - * \param salt_len The length in bytes of the optional \p salt. - * \param ikm The input keying material. - * \param ikm_len The length in bytes of \p ikm. - * \param[out] prk A pseudorandom key of at least md.size bytes. - * - * \return 0 on success. - * \return #MBEDTLS_ERR_HKDF_BAD_INPUT_DATA when the parameters are invalid. - * \return An MBEDTLS_ERR_MD_* error for errors returned from the underlying - * MD layer. - */ -int mbedtls_hkdf_extract( const mbedtls_md_info_t *md, - const unsigned char *salt, size_t salt_len, - const unsigned char *ikm, size_t ikm_len, - unsigned char *prk ); - -/** - * \brief Expand the supplied \p prk into several additional pseudorandom - * keys, which is the output of the HKDF. - * - * \warning This function should only be used if the security of it has been - * studied and established in that particular context (eg. TLS 1.3 - * key schedule). For standard HKDF security guarantees use - * \c mbedtls_hkdf instead. - * - * \param md A hash function; md.size denotes the length of the hash - * function output in bytes. - * \param prk A pseudorandom key of at least md.size bytes. \p prk is - * usually the output from the HKDF extract step. - * \param prk_len The length in bytes of \p prk. - * \param info An optional context and application specific information - * string. This can be a zero-length string. - * \param info_len The length of \p info in bytes. - * \param okm The output keying material of \p okm_len bytes. - * \param okm_len The length of the output keying material in bytes. This - * must be less than or equal to 255 * md.size bytes. - * - * \return 0 on success. - * \return #MBEDTLS_ERR_HKDF_BAD_INPUT_DATA when the parameters are invalid. - * \return An MBEDTLS_ERR_MD_* error for errors returned from the underlying - * MD layer. - */ -int mbedtls_hkdf_expand( const mbedtls_md_info_t *md, const unsigned char *prk, - size_t prk_len, const unsigned char *info, - size_t info_len, unsigned char *okm, size_t okm_len ); - -#ifdef __cplusplus -} -#endif - -#endif /* hkdf.h */ diff --git a/windows/mbedtls/hmac_drbg.h b/windows/mbedtls/hmac_drbg.h deleted file mode 100644 index 0df8ee85..00000000 --- a/windows/mbedtls/hmac_drbg.h +++ /dev/null @@ -1,443 +0,0 @@ -/** - * \file hmac_drbg.h - * - * \brief The HMAC_DRBG pseudorandom generator. - * - * This module implements the HMAC_DRBG pseudorandom generator described - * in NIST SP 800-90A: Recommendation for Random Number Generation Using - * Deterministic Random Bit Generators. - */ -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -#ifndef MBEDTLS_HMAC_DRBG_H -#define MBEDTLS_HMAC_DRBG_H -#include "mbedtls/private_access.h" - -#include "mbedtls/build_info.h" - -#include "mbedtls/md.h" - -#if defined(MBEDTLS_THREADING_C) -#include "mbedtls/threading.h" -#endif - -/* - * Error codes - */ -#define MBEDTLS_ERR_HMAC_DRBG_REQUEST_TOO_BIG -0x0003 /**< Too many random requested in single call. */ -#define MBEDTLS_ERR_HMAC_DRBG_INPUT_TOO_BIG -0x0005 /**< Input too large (Entropy + additional). */ -#define MBEDTLS_ERR_HMAC_DRBG_FILE_IO_ERROR -0x0007 /**< Read/write error in file. */ -#define MBEDTLS_ERR_HMAC_DRBG_ENTROPY_SOURCE_FAILED -0x0009 /**< The entropy source failed. */ - -/** - * \name SECTION: Module settings - * - * The configuration options you can set for this module are in this section. - * Either change them in mbedtls_config.h or define them on the compiler command line. - * \{ - */ - -#if !defined(MBEDTLS_HMAC_DRBG_RESEED_INTERVAL) -#define MBEDTLS_HMAC_DRBG_RESEED_INTERVAL 10000 /**< Interval before reseed is performed by default */ -#endif - -#if !defined(MBEDTLS_HMAC_DRBG_MAX_INPUT) -#define MBEDTLS_HMAC_DRBG_MAX_INPUT 256 /**< Maximum number of additional input bytes */ -#endif - -#if !defined(MBEDTLS_HMAC_DRBG_MAX_REQUEST) -#define MBEDTLS_HMAC_DRBG_MAX_REQUEST 1024 /**< Maximum number of requested bytes per call */ -#endif - -#if !defined(MBEDTLS_HMAC_DRBG_MAX_SEED_INPUT) -#define MBEDTLS_HMAC_DRBG_MAX_SEED_INPUT 384 /**< Maximum size of (re)seed buffer */ -#endif - -/* \} name SECTION: Module settings */ - -#define MBEDTLS_HMAC_DRBG_PR_OFF 0 /**< No prediction resistance */ -#define MBEDTLS_HMAC_DRBG_PR_ON 1 /**< Prediction resistance enabled */ - -#ifdef __cplusplus -extern "C" { -#endif - -/** - * HMAC_DRBG context. - */ -typedef struct mbedtls_hmac_drbg_context -{ - /* Working state: the key K is not stored explicitly, - * but is implied by the HMAC context */ - mbedtls_md_context_t MBEDTLS_PRIVATE(md_ctx); /*!< HMAC context (inc. K) */ - unsigned char MBEDTLS_PRIVATE(V)[MBEDTLS_MD_MAX_SIZE]; /*!< V in the spec */ - int MBEDTLS_PRIVATE(reseed_counter); /*!< reseed counter */ - - /* Administrative state */ - size_t MBEDTLS_PRIVATE(entropy_len); /*!< entropy bytes grabbed on each (re)seed */ - int MBEDTLS_PRIVATE(prediction_resistance); /*!< enable prediction resistance (Automatic - reseed before every random generation) */ - int MBEDTLS_PRIVATE(reseed_interval); /*!< reseed interval */ - - /* Callbacks */ - int (*MBEDTLS_PRIVATE(f_entropy))(void *, unsigned char *, size_t); /*!< entropy function */ - void *MBEDTLS_PRIVATE(p_entropy); /*!< context for the entropy function */ - -#if defined(MBEDTLS_THREADING_C) - /* Invariant: the mutex is initialized if and only if - * md_ctx->md_info != NULL. This means that the mutex is initialized - * during the initial seeding in mbedtls_hmac_drbg_seed() or - * mbedtls_hmac_drbg_seed_buf() and freed in mbedtls_ctr_drbg_free(). - * - * Note that this invariant may change without notice. Do not rely on it - * and do not access the mutex directly in application code. - */ - mbedtls_threading_mutex_t MBEDTLS_PRIVATE(mutex); -#endif -} mbedtls_hmac_drbg_context; - -/** - * \brief HMAC_DRBG context initialization. - * - * This function makes the context ready for mbedtls_hmac_drbg_seed(), - * mbedtls_hmac_drbg_seed_buf() or mbedtls_hmac_drbg_free(). - * - * \note The reseed interval is #MBEDTLS_HMAC_DRBG_RESEED_INTERVAL - * by default. Override this value by calling - * mbedtls_hmac_drbg_set_reseed_interval(). - * - * \param ctx HMAC_DRBG context to be initialized. - */ -void mbedtls_hmac_drbg_init( mbedtls_hmac_drbg_context *ctx ); - -/** - * \brief HMAC_DRBG initial seeding. - * - * Set the initial seed and set up the entropy source for future reseeds. - * - * A typical choice for the \p f_entropy and \p p_entropy parameters is - * to use the entropy module: - * - \p f_entropy is mbedtls_entropy_func(); - * - \p p_entropy is an instance of ::mbedtls_entropy_context initialized - * with mbedtls_entropy_init() (which registers the platform's default - * entropy sources). - * - * You can provide a personalization string in addition to the - * entropy source, to make this instantiation as unique as possible. - * - * \note By default, the security strength as defined by NIST is: - * - 128 bits if \p md_info is SHA-1; - * - 192 bits if \p md_info is SHA-224; - * - 256 bits if \p md_info is SHA-256, SHA-384 or SHA-512. - * Note that SHA-256 is just as efficient as SHA-224. - * The security strength can be reduced if a smaller - * entropy length is set with - * mbedtls_hmac_drbg_set_entropy_len(). - * - * \note The default entropy length is the security strength - * (converted from bits to bytes). You can override - * it by calling mbedtls_hmac_drbg_set_entropy_len(). - * - * \note During the initial seeding, this function calls - * the entropy source to obtain a nonce - * whose length is half the entropy length. - */ -#if defined(MBEDTLS_THREADING_C) -/** - * \note When Mbed TLS is built with threading support, - * after this function returns successfully, - * it is safe to call mbedtls_hmac_drbg_random() - * from multiple threads. Other operations, including - * reseeding, are not thread-safe. - */ -#endif /* MBEDTLS_THREADING_C */ -/** - * \param ctx HMAC_DRBG context to be seeded. - * \param md_info MD algorithm to use for HMAC_DRBG. - * \param f_entropy The entropy callback, taking as arguments the - * \p p_entropy context, the buffer to fill, and the - * length of the buffer. - * \p f_entropy is always called with a length that is - * less than or equal to the entropy length. - * \param p_entropy The entropy context to pass to \p f_entropy. - * \param custom The personalization string. - * This can be \c NULL, in which case the personalization - * string is empty regardless of the value of \p len. - * \param len The length of the personalization string. - * This must be at most #MBEDTLS_HMAC_DRBG_MAX_INPUT - * and also at most - * #MBEDTLS_HMAC_DRBG_MAX_SEED_INPUT - \p entropy_len * 3 / 2 - * where \p entropy_len is the entropy length - * described above. - * - * \return \c 0 if successful. - * \return #MBEDTLS_ERR_MD_BAD_INPUT_DATA if \p md_info is - * invalid. - * \return #MBEDTLS_ERR_MD_ALLOC_FAILED if there was not enough - * memory to allocate context data. - * \return #MBEDTLS_ERR_HMAC_DRBG_ENTROPY_SOURCE_FAILED - * if the call to \p f_entropy failed. - */ -int mbedtls_hmac_drbg_seed( mbedtls_hmac_drbg_context *ctx, - const mbedtls_md_info_t * md_info, - int (*f_entropy)(void *, unsigned char *, size_t), - void *p_entropy, - const unsigned char *custom, - size_t len ); - -/** - * \brief Initilisation of simpified HMAC_DRBG (never reseeds). - * - * This function is meant for use in algorithms that need a pseudorandom - * input such as deterministic ECDSA. - */ -#if defined(MBEDTLS_THREADING_C) -/** - * \note When Mbed TLS is built with threading support, - * after this function returns successfully, - * it is safe to call mbedtls_hmac_drbg_random() - * from multiple threads. Other operations, including - * reseeding, are not thread-safe. - */ -#endif /* MBEDTLS_THREADING_C */ -/** - * \param ctx HMAC_DRBG context to be initialised. - * \param md_info MD algorithm to use for HMAC_DRBG. - * \param data Concatenation of the initial entropy string and - * the additional data. - * \param data_len Length of \p data in bytes. - * - * \return \c 0 if successful. or - * \return #MBEDTLS_ERR_MD_BAD_INPUT_DATA if \p md_info is - * invalid. - * \return #MBEDTLS_ERR_MD_ALLOC_FAILED if there was not enough - * memory to allocate context data. - */ -int mbedtls_hmac_drbg_seed_buf( mbedtls_hmac_drbg_context *ctx, - const mbedtls_md_info_t * md_info, - const unsigned char *data, size_t data_len ); - -/** - * \brief This function turns prediction resistance on or off. - * The default value is off. - * - * \note If enabled, entropy is gathered at the beginning of - * every call to mbedtls_hmac_drbg_random_with_add() - * or mbedtls_hmac_drbg_random(). - * Only use this if your entropy source has sufficient - * throughput. - * - * \param ctx The HMAC_DRBG context. - * \param resistance #MBEDTLS_HMAC_DRBG_PR_ON or #MBEDTLS_HMAC_DRBG_PR_OFF. - */ -void mbedtls_hmac_drbg_set_prediction_resistance( mbedtls_hmac_drbg_context *ctx, - int resistance ); - -/** - * \brief This function sets the amount of entropy grabbed on each - * seed or reseed. - * - * See the documentation of mbedtls_hmac_drbg_seed() for the default value. - * - * \param ctx The HMAC_DRBG context. - * \param len The amount of entropy to grab, in bytes. - */ -void mbedtls_hmac_drbg_set_entropy_len( mbedtls_hmac_drbg_context *ctx, - size_t len ); - -/** - * \brief Set the reseed interval. - * - * The reseed interval is the number of calls to mbedtls_hmac_drbg_random() - * or mbedtls_hmac_drbg_random_with_add() after which the entropy function - * is called again. - * - * The default value is #MBEDTLS_HMAC_DRBG_RESEED_INTERVAL. - * - * \param ctx The HMAC_DRBG context. - * \param interval The reseed interval. - */ -void mbedtls_hmac_drbg_set_reseed_interval( mbedtls_hmac_drbg_context *ctx, - int interval ); - -/** - * \brief This function updates the state of the HMAC_DRBG context. - * - * \note This function is not thread-safe. It is not safe - * to call this function if another thread might be - * concurrently obtaining random numbers from the same - * context or updating or reseeding the same context. - * - * \param ctx The HMAC_DRBG context. - * \param additional The data to update the state with. - * If this is \c NULL, there is no additional data. - * \param add_len Length of \p additional in bytes. - * Unused if \p additional is \c NULL. - * - * \return \c 0 on success, or an error from the underlying - * hash calculation. - */ -int mbedtls_hmac_drbg_update( mbedtls_hmac_drbg_context *ctx, - const unsigned char *additional, size_t add_len ); - -/** - * \brief This function reseeds the HMAC_DRBG context, that is - * extracts data from the entropy source. - * - * \note This function is not thread-safe. It is not safe - * to call this function if another thread might be - * concurrently obtaining random numbers from the same - * context or updating or reseeding the same context. - * - * \param ctx The HMAC_DRBG context. - * \param additional Additional data to add to the state. - * If this is \c NULL, there is no additional data - * and \p len should be \c 0. - * \param len The length of the additional data. - * This must be at most #MBEDTLS_HMAC_DRBG_MAX_INPUT - * and also at most - * #MBEDTLS_HMAC_DRBG_MAX_SEED_INPUT - \p entropy_len - * where \p entropy_len is the entropy length - * (see mbedtls_hmac_drbg_set_entropy_len()). - * - * \return \c 0 if successful. - * \return #MBEDTLS_ERR_HMAC_DRBG_ENTROPY_SOURCE_FAILED - * if a call to the entropy function failed. - */ -int mbedtls_hmac_drbg_reseed( mbedtls_hmac_drbg_context *ctx, - const unsigned char *additional, size_t len ); - -/** - * \brief This function updates an HMAC_DRBG instance with additional - * data and uses it to generate random data. - * - * This function automatically reseeds if the reseed counter is exceeded - * or prediction resistance is enabled. - * - * \note This function is not thread-safe. It is not safe - * to call this function if another thread might be - * concurrently obtaining random numbers from the same - * context or updating or reseeding the same context. - * - * \param p_rng The HMAC_DRBG context. This must be a pointer to a - * #mbedtls_hmac_drbg_context structure. - * \param output The buffer to fill. - * \param output_len The length of the buffer in bytes. - * This must be at most #MBEDTLS_HMAC_DRBG_MAX_REQUEST. - * \param additional Additional data to update with. - * If this is \c NULL, there is no additional data - * and \p add_len should be \c 0. - * \param add_len The length of the additional data. - * This must be at most #MBEDTLS_HMAC_DRBG_MAX_INPUT. - * - * \return \c 0 if successful. - * \return #MBEDTLS_ERR_HMAC_DRBG_ENTROPY_SOURCE_FAILED - * if a call to the entropy source failed. - * \return #MBEDTLS_ERR_HMAC_DRBG_REQUEST_TOO_BIG if - * \p output_len > #MBEDTLS_HMAC_DRBG_MAX_REQUEST. - * \return #MBEDTLS_ERR_HMAC_DRBG_INPUT_TOO_BIG if - * \p add_len > #MBEDTLS_HMAC_DRBG_MAX_INPUT. - */ -int mbedtls_hmac_drbg_random_with_add( void *p_rng, - unsigned char *output, size_t output_len, - const unsigned char *additional, - size_t add_len ); - -/** - * \brief This function uses HMAC_DRBG to generate random data. - * - * This function automatically reseeds if the reseed counter is exceeded - * or prediction resistance is enabled. - */ -#if defined(MBEDTLS_THREADING_C) -/** - * \note When Mbed TLS is built with threading support, - * it is safe to call mbedtls_ctr_drbg_random() - * from multiple threads. Other operations, including - * reseeding, are not thread-safe. - */ -#endif /* MBEDTLS_THREADING_C */ -/** - * \param p_rng The HMAC_DRBG context. This must be a pointer to a - * #mbedtls_hmac_drbg_context structure. - * \param output The buffer to fill. - * \param out_len The length of the buffer in bytes. - * This must be at most #MBEDTLS_HMAC_DRBG_MAX_REQUEST. - * - * \return \c 0 if successful. - * \return #MBEDTLS_ERR_HMAC_DRBG_ENTROPY_SOURCE_FAILED - * if a call to the entropy source failed. - * \return #MBEDTLS_ERR_HMAC_DRBG_REQUEST_TOO_BIG if - * \p out_len > #MBEDTLS_HMAC_DRBG_MAX_REQUEST. - */ -int mbedtls_hmac_drbg_random( void *p_rng, unsigned char *output, size_t out_len ); - -/** - * \brief This function resets HMAC_DRBG context to the state immediately - * after initial call of mbedtls_hmac_drbg_init(). - * - * \param ctx The HMAC_DRBG context to free. - */ -void mbedtls_hmac_drbg_free( mbedtls_hmac_drbg_context *ctx ); - -#if defined(MBEDTLS_FS_IO) -/** - * \brief This function writes a seed file. - * - * \param ctx The HMAC_DRBG context. - * \param path The name of the file. - * - * \return \c 0 on success. - * \return #MBEDTLS_ERR_HMAC_DRBG_FILE_IO_ERROR on file error. - * \return #MBEDTLS_ERR_HMAC_DRBG_ENTROPY_SOURCE_FAILED on reseed - * failure. - */ -int mbedtls_hmac_drbg_write_seed_file( mbedtls_hmac_drbg_context *ctx, const char *path ); - -/** - * \brief This function reads and updates a seed file. The seed - * is added to this instance. - * - * \param ctx The HMAC_DRBG context. - * \param path The name of the file. - * - * \return \c 0 on success. - * \return #MBEDTLS_ERR_HMAC_DRBG_FILE_IO_ERROR on file error. - * \return #MBEDTLS_ERR_HMAC_DRBG_ENTROPY_SOURCE_FAILED on - * reseed failure. - * \return #MBEDTLS_ERR_HMAC_DRBG_INPUT_TOO_BIG if the existing - * seed file is too large. - */ -int mbedtls_hmac_drbg_update_seed_file( mbedtls_hmac_drbg_context *ctx, const char *path ); -#endif /* MBEDTLS_FS_IO */ - - -#if defined(MBEDTLS_SELF_TEST) -/** - * \brief The HMAC_DRBG Checkup routine. - * - * \return \c 0 if successful. - * \return \c 1 if the test failed. - */ -int mbedtls_hmac_drbg_self_test( int verbose ); -#endif - -#ifdef __cplusplus -} -#endif - -#endif /* hmac_drbg.h */ diff --git a/windows/mbedtls/mbedtls_config.h b/windows/mbedtls/mbedtls_config.h deleted file mode 100644 index a60db7e9..00000000 --- a/windows/mbedtls/mbedtls_config.h +++ /dev/null @@ -1,3263 +0,0 @@ -/** - * \file mbedtls_config.h - * - * \brief Configuration options (set of defines) - * - * This set of compile-time options may be used to enable - * or disable features selectively, and reduce the global - * memory footprint. - */ -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -/** - * This is an optional version symbol that enables comatibility handling of - * config files. - * - * It is equal to the #MBEDTLS_VERSION_NUMBER of the Mbed TLS version that - * introduced the config format we want to be compatible with. - */ -//#define MBEDTLS_CONFIG_VERSION 0x03000000 - -/** - * \name SECTION: System support - * - * This section sets system specific settings. - * \{ - */ - -/** - * \def MBEDTLS_HAVE_ASM - * - * The compiler has support for asm(). - * - * Requires support for asm() in compiler. - * - * Used in: - * library/aria.c - * library/bn_mul.h - * - * Required by: - * MBEDTLS_AESNI_C - * MBEDTLS_PADLOCK_C - * - * Comment to disable the use of assembly code. - */ -#define MBEDTLS_HAVE_ASM - -/** - * \def MBEDTLS_NO_UDBL_DIVISION - * - * The platform lacks support for double-width integer division (64-bit - * division on a 32-bit platform, 128-bit division on a 64-bit platform). - * - * Used in: - * include/mbedtls/bignum.h - * library/bignum.c - * - * The bignum code uses double-width division to speed up some operations. - * Double-width division is often implemented in software that needs to - * be linked with the program. The presence of a double-width integer - * type is usually detected automatically through preprocessor macros, - * but the automatic detection cannot know whether the code needs to - * and can be linked with an implementation of division for that type. - * By default division is assumed to be usable if the type is present. - * Uncomment this option to prevent the use of double-width division. - * - * Note that division for the native integer type is always required. - * Furthermore, a 64-bit type is always required even on a 32-bit - * platform, but it need not support multiplication or division. In some - * cases it is also desirable to disable some double-width operations. For - * example, if double-width division is implemented in software, disabling - * it can reduce code size in some embedded targets. - */ -//#define MBEDTLS_NO_UDBL_DIVISION - -/** - * \def MBEDTLS_NO_64BIT_MULTIPLICATION - * - * The platform lacks support for 32x32 -> 64-bit multiplication. - * - * Used in: - * library/poly1305.c - * - * Some parts of the library may use multiplication of two unsigned 32-bit - * operands with a 64-bit result in order to speed up computations. On some - * platforms, this is not available in hardware and has to be implemented in - * software, usually in a library provided by the toolchain. - * - * Sometimes it is not desirable to have to link to that library. This option - * removes the dependency of that library on platforms that lack a hardware - * 64-bit multiplier by embedding a software implementation in Mbed TLS. - * - * Note that depending on the compiler, this may decrease performance compared - * to using the library function provided by the toolchain. - */ -//#define MBEDTLS_NO_64BIT_MULTIPLICATION - -/** - * \def MBEDTLS_HAVE_SSE2 - * - * CPU supports SSE2 instruction set. - * - * Uncomment if the CPU supports SSE2 (IA-32 specific). - */ -//#define MBEDTLS_HAVE_SSE2 - -/** - * \def MBEDTLS_HAVE_TIME - * - * System has time.h and time(). - * The time does not need to be correct, only time differences are used, - * by contrast with MBEDTLS_HAVE_TIME_DATE - * - * Defining MBEDTLS_HAVE_TIME allows you to specify MBEDTLS_PLATFORM_TIME_ALT, - * MBEDTLS_PLATFORM_TIME_MACRO, MBEDTLS_PLATFORM_TIME_TYPE_MACRO and - * MBEDTLS_PLATFORM_STD_TIME. - * - * Comment if your system does not support time functions - */ -#define MBEDTLS_HAVE_TIME - -/** - * \def MBEDTLS_HAVE_TIME_DATE - * - * System has time.h, time(), and an implementation for - * mbedtls_platform_gmtime_r() (see below). - * The time needs to be correct (not necessarily very accurate, but at least - * the date should be correct). This is used to verify the validity period of - * X.509 certificates. - * - * Comment if your system does not have a correct clock. - * - * \note mbedtls_platform_gmtime_r() is an abstraction in platform_util.h that - * behaves similarly to the gmtime_r() function from the C standard. Refer to - * the documentation for mbedtls_platform_gmtime_r() for more information. - * - * \note It is possible to configure an implementation for - * mbedtls_platform_gmtime_r() at compile-time by using the macro - * MBEDTLS_PLATFORM_GMTIME_R_ALT. - */ -#define MBEDTLS_HAVE_TIME_DATE - -/** - * \def MBEDTLS_PLATFORM_MEMORY - * - * Enable the memory allocation layer. - * - * By default mbed TLS uses the system-provided calloc() and free(). - * This allows different allocators (self-implemented or provided) to be - * provided to the platform abstraction layer. - * - * Enabling MBEDTLS_PLATFORM_MEMORY without the - * MBEDTLS_PLATFORM_{FREE,CALLOC}_MACROs will provide - * "mbedtls_platform_set_calloc_free()" allowing you to set an alternative calloc() and - * free() function pointer at runtime. - * - * Enabling MBEDTLS_PLATFORM_MEMORY and specifying - * MBEDTLS_PLATFORM_{CALLOC,FREE}_MACROs will allow you to specify the - * alternate function at compile time. - * - * Requires: MBEDTLS_PLATFORM_C - * - * Enable this layer to allow use of alternative memory allocators. - */ -//#define MBEDTLS_PLATFORM_MEMORY - -/** - * \def MBEDTLS_PLATFORM_NO_STD_FUNCTIONS - * - * Do not assign standard functions in the platform layer (e.g. calloc() to - * MBEDTLS_PLATFORM_STD_CALLOC and printf() to MBEDTLS_PLATFORM_STD_PRINTF) - * - * This makes sure there are no linking errors on platforms that do not support - * these functions. You will HAVE to provide alternatives, either at runtime - * via the platform_set_xxx() functions or at compile time by setting - * the MBEDTLS_PLATFORM_STD_XXX defines, or enabling a - * MBEDTLS_PLATFORM_XXX_MACRO. - * - * Requires: MBEDTLS_PLATFORM_C - * - * Uncomment to prevent default assignment of standard functions in the - * platform layer. - */ -//#define MBEDTLS_PLATFORM_NO_STD_FUNCTIONS - -/** - * \def MBEDTLS_PLATFORM_EXIT_ALT - * - * MBEDTLS_PLATFORM_XXX_ALT: Uncomment a macro to let mbed TLS support the - * function in the platform abstraction layer. - * - * Example: In case you uncomment MBEDTLS_PLATFORM_PRINTF_ALT, mbed TLS will - * provide a function "mbedtls_platform_set_printf()" that allows you to set an - * alternative printf function pointer. - * - * All these define require MBEDTLS_PLATFORM_C to be defined! - * - * \note MBEDTLS_PLATFORM_SNPRINTF_ALT is required on Windows; - * it will be enabled automatically by check_config.h - * - * \warning MBEDTLS_PLATFORM_XXX_ALT cannot be defined at the same time as - * MBEDTLS_PLATFORM_XXX_MACRO! - * - * Requires: MBEDTLS_PLATFORM_TIME_ALT requires MBEDTLS_HAVE_TIME - * - * Uncomment a macro to enable alternate implementation of specific base - * platform function - */ -//#define MBEDTLS_PLATFORM_EXIT_ALT -//#define MBEDTLS_PLATFORM_TIME_ALT -//#define MBEDTLS_PLATFORM_FPRINTF_ALT -//#define MBEDTLS_PLATFORM_PRINTF_ALT -//#define MBEDTLS_PLATFORM_SNPRINTF_ALT -//#define MBEDTLS_PLATFORM_VSNPRINTF_ALT -//#define MBEDTLS_PLATFORM_NV_SEED_ALT -//#define MBEDTLS_PLATFORM_SETUP_TEARDOWN_ALT - -/** - * \def MBEDTLS_DEPRECATED_WARNING - * - * Mark deprecated functions and features so that they generate a warning if - * used. Functionality deprecated in one version will usually be removed in the - * next version. You can enable this to help you prepare the transition to a - * new major version by making sure your code is not using this functionality. - * - * This only works with GCC and Clang. With other compilers, you may want to - * use MBEDTLS_DEPRECATED_REMOVED - * - * Uncomment to get warnings on using deprecated functions and features. - */ -//#define MBEDTLS_DEPRECATED_WARNING - -/** - * \def MBEDTLS_DEPRECATED_REMOVED - * - * Remove deprecated functions and features so that they generate an error if - * used. Functionality deprecated in one version will usually be removed in the - * next version. You can enable this to help you prepare the transition to a - * new major version by making sure your code is not using this functionality. - * - * Uncomment to get errors on using deprecated functions and features. - */ -//#define MBEDTLS_DEPRECATED_REMOVED - -/* \} name SECTION: System support */ - -/** - * \name SECTION: mbed TLS feature support - * - * This section sets support for features that are or are not needed - * within the modules that are enabled. - * \{ - */ - -/** - * \def MBEDTLS_TIMING_ALT - * - * Uncomment to provide your own alternate implementation for - * mbedtls_timing_get_timer(), mbedtls_set_alarm(), mbedtls_set/get_delay() - * - * Only works if you have MBEDTLS_TIMING_C enabled. - * - * You will need to provide a header "timing_alt.h" and an implementation at - * compile time. - */ -//#define MBEDTLS_TIMING_ALT - -/** - * \def MBEDTLS_AES_ALT - * - * MBEDTLS__MODULE_NAME__ALT: Uncomment a macro to let mbed TLS use your - * alternate core implementation of a symmetric crypto, an arithmetic or hash - * module (e.g. platform specific assembly optimized implementations). Keep - * in mind that the function prototypes should remain the same. - * - * This replaces the whole module. If you only want to replace one of the - * functions, use one of the MBEDTLS__FUNCTION_NAME__ALT flags. - * - * Example: In case you uncomment MBEDTLS_AES_ALT, mbed TLS will no longer - * provide the "struct mbedtls_aes_context" definition and omit the base - * function declarations and implementations. "aes_alt.h" will be included from - * "aes.h" to include the new function definitions. - * - * Uncomment a macro to enable alternate implementation of the corresponding - * module. - * - * \warning MD5, DES and SHA-1 are considered weak and their - * use constitutes a security risk. If possible, we recommend - * avoiding dependencies on them, and considering stronger message - * digests and ciphers instead. - * - */ -//#define MBEDTLS_AES_ALT -//#define MBEDTLS_ARIA_ALT -//#define MBEDTLS_CAMELLIA_ALT -//#define MBEDTLS_CCM_ALT -//#define MBEDTLS_CHACHA20_ALT -//#define MBEDTLS_CHACHAPOLY_ALT -//#define MBEDTLS_CMAC_ALT -//#define MBEDTLS_DES_ALT -//#define MBEDTLS_DHM_ALT -//#define MBEDTLS_ECJPAKE_ALT -//#define MBEDTLS_GCM_ALT -//#define MBEDTLS_NIST_KW_ALT -//#define MBEDTLS_MD5_ALT -//#define MBEDTLS_POLY1305_ALT -//#define MBEDTLS_RIPEMD160_ALT -//#define MBEDTLS_RSA_ALT -//#define MBEDTLS_SHA1_ALT -//#define MBEDTLS_SHA256_ALT -//#define MBEDTLS_SHA512_ALT - -/* - * When replacing the elliptic curve module, pleace consider, that it is - * implemented with two .c files: - * - ecp.c - * - ecp_curves.c - * You can replace them very much like all the other MBEDTLS__MODULE_NAME__ALT - * macros as described above. The only difference is that you have to make sure - * that you provide functionality for both .c files. - */ -//#define MBEDTLS_ECP_ALT - -/** - * \def MBEDTLS_SHA256_PROCESS_ALT - * - * MBEDTLS__FUNCTION_NAME__ALT: Uncomment a macro to let mbed TLS use you - * alternate core implementation of symmetric crypto or hash function. Keep in - * mind that function prototypes should remain the same. - * - * This replaces only one function. The header file from mbed TLS is still - * used, in contrast to the MBEDTLS__MODULE_NAME__ALT flags. - * - * Example: In case you uncomment MBEDTLS_SHA256_PROCESS_ALT, mbed TLS will - * no longer provide the mbedtls_sha1_process() function, but it will still provide - * the other function (using your mbedtls_sha1_process() function) and the definition - * of mbedtls_sha1_context, so your implementation of mbedtls_sha1_process must be compatible - * with this definition. - * - * \note If you use the AES_xxx_ALT macros, then it is recommended to also set - * MBEDTLS_AES_ROM_TABLES in order to help the linker garbage-collect the AES - * tables. - * - * Uncomment a macro to enable alternate implementation of the corresponding - * function. - * - * \warning MD5, DES and SHA-1 are considered weak and their use - * constitutes a security risk. If possible, we recommend avoiding - * dependencies on them, and considering stronger message digests - * and ciphers instead. - * - * \warning If both MBEDTLS_ECDSA_SIGN_ALT and MBEDTLS_ECDSA_DETERMINISTIC are - * enabled, then the deterministic ECDH signature functions pass the - * the static HMAC-DRBG as RNG to mbedtls_ecdsa_sign(). Therefore - * alternative implementations should use the RNG only for generating - * the ephemeral key and nothing else. If this is not possible, then - * MBEDTLS_ECDSA_DETERMINISTIC should be disabled and an alternative - * implementation should be provided for mbedtls_ecdsa_sign_det_ext(). - * - */ -//#define MBEDTLS_MD5_PROCESS_ALT -//#define MBEDTLS_RIPEMD160_PROCESS_ALT -//#define MBEDTLS_SHA1_PROCESS_ALT -//#define MBEDTLS_SHA256_PROCESS_ALT -//#define MBEDTLS_SHA512_PROCESS_ALT -//#define MBEDTLS_DES_SETKEY_ALT -//#define MBEDTLS_DES_CRYPT_ECB_ALT -//#define MBEDTLS_DES3_CRYPT_ECB_ALT -//#define MBEDTLS_AES_SETKEY_ENC_ALT -//#define MBEDTLS_AES_SETKEY_DEC_ALT -//#define MBEDTLS_AES_ENCRYPT_ALT -//#define MBEDTLS_AES_DECRYPT_ALT -//#define MBEDTLS_ECDH_GEN_PUBLIC_ALT -//#define MBEDTLS_ECDH_COMPUTE_SHARED_ALT -//#define MBEDTLS_ECDSA_VERIFY_ALT -//#define MBEDTLS_ECDSA_SIGN_ALT -//#define MBEDTLS_ECDSA_GENKEY_ALT - -/** - * \def MBEDTLS_ECP_INTERNAL_ALT - * - * Expose a part of the internal interface of the Elliptic Curve Point module. - * - * MBEDTLS_ECP__FUNCTION_NAME__ALT: Uncomment a macro to let mbed TLS use your - * alternative core implementation of elliptic curve arithmetic. Keep in mind - * that function prototypes should remain the same. - * - * This partially replaces one function. The header file from mbed TLS is still - * used, in contrast to the MBEDTLS_ECP_ALT flag. The original implementation - * is still present and it is used for group structures not supported by the - * alternative. - * - * The original implementation can in addition be removed by setting the - * MBEDTLS_ECP_NO_FALLBACK option, in which case any function for which the - * corresponding MBEDTLS_ECP__FUNCTION_NAME__ALT macro is defined will not be - * able to fallback to curves not supported by the alternative implementation. - * - * Any of these options become available by defining MBEDTLS_ECP_INTERNAL_ALT - * and implementing the following functions: - * unsigned char mbedtls_internal_ecp_grp_capable( - * const mbedtls_ecp_group *grp ) - * int mbedtls_internal_ecp_init( const mbedtls_ecp_group *grp ) - * void mbedtls_internal_ecp_free( const mbedtls_ecp_group *grp ) - * The mbedtls_internal_ecp_grp_capable function should return 1 if the - * replacement functions implement arithmetic for the given group and 0 - * otherwise. - * The functions mbedtls_internal_ecp_init and mbedtls_internal_ecp_free are - * called before and after each point operation and provide an opportunity to - * implement optimized set up and tear down instructions. - * - * Example: In case you set MBEDTLS_ECP_INTERNAL_ALT and - * MBEDTLS_ECP_DOUBLE_JAC_ALT, mbed TLS will still provide the ecp_double_jac() - * function, but will use your mbedtls_internal_ecp_double_jac() if the group - * for the operation is supported by your implementation (i.e. your - * mbedtls_internal_ecp_grp_capable() function returns 1 for this group). If the - * group is not supported by your implementation, then the original mbed TLS - * implementation of ecp_double_jac() is used instead, unless this fallback - * behaviour is disabled by setting MBEDTLS_ECP_NO_FALLBACK (in which case - * ecp_double_jac() will return MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE). - * - * The function prototypes and the definition of mbedtls_ecp_group and - * mbedtls_ecp_point will not change based on MBEDTLS_ECP_INTERNAL_ALT, so your - * implementation of mbedtls_internal_ecp__function_name__ must be compatible - * with their definitions. - * - * Uncomment a macro to enable alternate implementation of the corresponding - * function. - */ -/* Required for all the functions in this section */ -//#define MBEDTLS_ECP_INTERNAL_ALT -/* Turn off software fallback for curves not supported in hardware */ -//#define MBEDTLS_ECP_NO_FALLBACK -/* Support for Weierstrass curves with Jacobi representation */ -//#define MBEDTLS_ECP_RANDOMIZE_JAC_ALT -//#define MBEDTLS_ECP_ADD_MIXED_ALT -//#define MBEDTLS_ECP_DOUBLE_JAC_ALT -//#define MBEDTLS_ECP_NORMALIZE_JAC_MANY_ALT -//#define MBEDTLS_ECP_NORMALIZE_JAC_ALT -/* Support for curves with Montgomery arithmetic */ -//#define MBEDTLS_ECP_DOUBLE_ADD_MXZ_ALT -//#define MBEDTLS_ECP_RANDOMIZE_MXZ_ALT -//#define MBEDTLS_ECP_NORMALIZE_MXZ_ALT - -/** - * \def MBEDTLS_ENTROPY_HARDWARE_ALT - * - * Uncomment this macro to let mbed TLS use your own implementation of a - * hardware entropy collector. - * - * Your function must be called \c mbedtls_hardware_poll(), have the same - * prototype as declared in library/entropy_poll.h, and accept NULL as first - * argument. - * - * Uncomment to use your own hardware entropy collector. - */ -//#define MBEDTLS_ENTROPY_HARDWARE_ALT - -/** - * \def MBEDTLS_AES_ROM_TABLES - * - * Use precomputed AES tables stored in ROM. - * - * Uncomment this macro to use precomputed AES tables stored in ROM. - * Comment this macro to generate AES tables in RAM at runtime. - * - * Tradeoff: Using precomputed ROM tables reduces RAM usage by ~8kb - * (or ~2kb if \c MBEDTLS_AES_FEWER_TABLES is used) and reduces the - * initialization time before the first AES operation can be performed. - * It comes at the cost of additional ~8kb ROM use (resp. ~2kb if \c - * MBEDTLS_AES_FEWER_TABLES below is used), and potentially degraded - * performance if ROM access is slower than RAM access. - * - * This option is independent of \c MBEDTLS_AES_FEWER_TABLES. - * - */ -//#define MBEDTLS_AES_ROM_TABLES - -/** - * \def MBEDTLS_AES_FEWER_TABLES - * - * Use less ROM/RAM for AES tables. - * - * Uncommenting this macro omits 75% of the AES tables from - * ROM / RAM (depending on the value of \c MBEDTLS_AES_ROM_TABLES) - * by computing their values on the fly during operations - * (the tables are entry-wise rotations of one another). - * - * Tradeoff: Uncommenting this reduces the RAM / ROM footprint - * by ~6kb but at the cost of more arithmetic operations during - * runtime. Specifically, one has to compare 4 accesses within - * different tables to 4 accesses with additional arithmetic - * operations within the same table. The performance gain/loss - * depends on the system and memory details. - * - * This option is independent of \c MBEDTLS_AES_ROM_TABLES. - * - */ -//#define MBEDTLS_AES_FEWER_TABLES - -/** - * \def MBEDTLS_CAMELLIA_SMALL_MEMORY - * - * Use less ROM for the Camellia implementation (saves about 768 bytes). - * - * Uncomment this macro to use less memory for Camellia. - */ -//#define MBEDTLS_CAMELLIA_SMALL_MEMORY - -/** - * \def MBEDTLS_CIPHER_MODE_CBC - * - * Enable Cipher Block Chaining mode (CBC) for symmetric ciphers. - */ -#define MBEDTLS_CIPHER_MODE_CBC - -/** - * \def MBEDTLS_CIPHER_MODE_CFB - * - * Enable Cipher Feedback mode (CFB) for symmetric ciphers. - */ -#define MBEDTLS_CIPHER_MODE_CFB - -/** - * \def MBEDTLS_CIPHER_MODE_CTR - * - * Enable Counter Block Cipher mode (CTR) for symmetric ciphers. - */ -#define MBEDTLS_CIPHER_MODE_CTR - -/** - * \def MBEDTLS_CIPHER_MODE_OFB - * - * Enable Output Feedback mode (OFB) for symmetric ciphers. - */ -#define MBEDTLS_CIPHER_MODE_OFB - -/** - * \def MBEDTLS_CIPHER_MODE_XTS - * - * Enable Xor-encrypt-xor with ciphertext stealing mode (XTS) for AES. - */ -#define MBEDTLS_CIPHER_MODE_XTS - -/** - * \def MBEDTLS_CIPHER_NULL_CIPHER - * - * Enable NULL cipher. - * Warning: Only do so when you know what you are doing. This allows for - * encryption or channels without any security! - * - * To enable the following ciphersuites: - * MBEDTLS_TLS_ECDH_ECDSA_WITH_NULL_SHA - * MBEDTLS_TLS_ECDH_RSA_WITH_NULL_SHA - * MBEDTLS_TLS_ECDHE_ECDSA_WITH_NULL_SHA - * MBEDTLS_TLS_ECDHE_RSA_WITH_NULL_SHA - * MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA384 - * MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA256 - * MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA - * MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA384 - * MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA256 - * MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA - * MBEDTLS_TLS_RSA_WITH_NULL_SHA256 - * MBEDTLS_TLS_RSA_WITH_NULL_SHA - * MBEDTLS_TLS_RSA_WITH_NULL_MD5 - * MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA384 - * MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA256 - * MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA - * MBEDTLS_TLS_PSK_WITH_NULL_SHA384 - * MBEDTLS_TLS_PSK_WITH_NULL_SHA256 - * MBEDTLS_TLS_PSK_WITH_NULL_SHA - * - * Uncomment this macro to enable the NULL cipher and ciphersuites - */ -//#define MBEDTLS_CIPHER_NULL_CIPHER - -/** - * \def MBEDTLS_CIPHER_PADDING_PKCS7 - * - * MBEDTLS_CIPHER_PADDING_XXX: Uncomment or comment macros to add support for - * specific padding modes in the cipher layer with cipher modes that support - * padding (e.g. CBC) - * - * If you disable all padding modes, only full blocks can be used with CBC. - * - * Enable padding modes in the cipher layer. - */ -#define MBEDTLS_CIPHER_PADDING_PKCS7 -#define MBEDTLS_CIPHER_PADDING_ONE_AND_ZEROS -#define MBEDTLS_CIPHER_PADDING_ZEROS_AND_LEN -#define MBEDTLS_CIPHER_PADDING_ZEROS - -/** \def MBEDTLS_CTR_DRBG_USE_128_BIT_KEY - * - * Uncomment this macro to use a 128-bit key in the CTR_DRBG module. - * By default, CTR_DRBG uses a 256-bit key. - */ -//#define MBEDTLS_CTR_DRBG_USE_128_BIT_KEY - -/** - * \def MBEDTLS_ECP_DP_SECP192R1_ENABLED - * - * MBEDTLS_ECP_XXXX_ENABLED: Enables specific curves within the Elliptic Curve - * module. By default all supported curves are enabled. - * - * Comment macros to disable the curve and functions for it - */ -/* Short Weierstrass curves (supporting ECP, ECDH, ECDSA) */ -#define MBEDTLS_ECP_DP_SECP192R1_ENABLED -#define MBEDTLS_ECP_DP_SECP224R1_ENABLED -#define MBEDTLS_ECP_DP_SECP256R1_ENABLED -#define MBEDTLS_ECP_DP_SECP384R1_ENABLED -#define MBEDTLS_ECP_DP_SECP521R1_ENABLED -#define MBEDTLS_ECP_DP_SECP192K1_ENABLED -#define MBEDTLS_ECP_DP_SECP224K1_ENABLED -#define MBEDTLS_ECP_DP_SECP256K1_ENABLED -#define MBEDTLS_ECP_DP_BP256R1_ENABLED -#define MBEDTLS_ECP_DP_BP384R1_ENABLED -#define MBEDTLS_ECP_DP_BP512R1_ENABLED -/* Montgomery curves (supporting ECP) */ -#define MBEDTLS_ECP_DP_CURVE25519_ENABLED -#define MBEDTLS_ECP_DP_CURVE448_ENABLED - -/** - * \def MBEDTLS_ECP_NIST_OPTIM - * - * Enable specific 'modulo p' routines for each NIST prime. - * Depending on the prime and architecture, makes operations 4 to 8 times - * faster on the corresponding curve. - * - * Comment this macro to disable NIST curves optimisation. - */ -#define MBEDTLS_ECP_NIST_OPTIM - -/** - * \def MBEDTLS_ECP_RESTARTABLE - * - * Enable "non-blocking" ECC operations that can return early and be resumed. - * - * This allows various functions to pause by returning - * #MBEDTLS_ERR_ECP_IN_PROGRESS (or, for functions in the SSL module, - * #MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS) and then be called later again in - * order to further progress and eventually complete their operation. This is - * controlled through mbedtls_ecp_set_max_ops() which limits the maximum - * number of ECC operations a function may perform before pausing; see - * mbedtls_ecp_set_max_ops() for more information. - * - * This is useful in non-threaded environments if you want to avoid blocking - * for too long on ECC (and, hence, X.509 or SSL/TLS) operations. - * - * Uncomment this macro to enable restartable ECC computations. - * - * \note This option only works with the default software implementation of - * elliptic curve functionality. It is incompatible with - * MBEDTLS_ECP_ALT, MBEDTLS_ECDH_XXX_ALT, MBEDTLS_ECDSA_XXX_ALT. - */ -//#define MBEDTLS_ECP_RESTARTABLE - -/** - * \def MBEDTLS_ECDSA_DETERMINISTIC - * - * Enable deterministic ECDSA (RFC 6979). - * Standard ECDSA is "fragile" in the sense that lack of entropy when signing - * may result in a compromise of the long-term signing key. This is avoided by - * the deterministic variant. - * - * Requires: MBEDTLS_HMAC_DRBG_C, MBEDTLS_ECDSA_C - * - * Comment this macro to disable deterministic ECDSA. - */ -#define MBEDTLS_ECDSA_DETERMINISTIC - -/** - * \def MBEDTLS_KEY_EXCHANGE_PSK_ENABLED - * - * Enable the PSK based ciphersuite modes in SSL / TLS. - * - * This enables the following ciphersuites (if other requisites are - * enabled as well): - * MBEDTLS_TLS_PSK_WITH_AES_256_GCM_SHA384 - * MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA384 - * MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA - * MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384 - * MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384 - * MBEDTLS_TLS_PSK_WITH_AES_128_GCM_SHA256 - * MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA256 - * MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA - * MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256 - * MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256 - */ -#define MBEDTLS_KEY_EXCHANGE_PSK_ENABLED - -/** - * \def MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED - * - * Enable the DHE-PSK based ciphersuite modes in SSL / TLS. - * - * Requires: MBEDTLS_DHM_C - * - * This enables the following ciphersuites (if other requisites are - * enabled as well): - * MBEDTLS_TLS_DHE_PSK_WITH_AES_256_GCM_SHA384 - * MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA384 - * MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA - * MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384 - * MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 - * MBEDTLS_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 - * MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256 - * MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA - * MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256 - * MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 - * - * \warning Using DHE constitutes a security risk as it - * is not possible to validate custom DH parameters. - * If possible, it is recommended users should consider - * preferring other methods of key exchange. - * See dhm.h for more details. - * - */ -#define MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED - -/** - * \def MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED - * - * Enable the ECDHE-PSK based ciphersuite modes in SSL / TLS. - * - * Requires: MBEDTLS_ECDH_C - * - * This enables the following ciphersuites (if other requisites are - * enabled as well): - * MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384 - * MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA - * MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 - * MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256 - * MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA - * MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 - */ -#define MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED - -/** - * \def MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED - * - * Enable the RSA-PSK based ciphersuite modes in SSL / TLS. - * - * Requires: MBEDTLS_RSA_C, MBEDTLS_PKCS1_V15, - * MBEDTLS_X509_CRT_PARSE_C - * - * This enables the following ciphersuites (if other requisites are - * enabled as well): - * MBEDTLS_TLS_RSA_PSK_WITH_AES_256_GCM_SHA384 - * MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA384 - * MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA - * MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384 - * MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384 - * MBEDTLS_TLS_RSA_PSK_WITH_AES_128_GCM_SHA256 - * MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA256 - * MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA - * MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256 - * MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256 - */ -#define MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED - -/** - * \def MBEDTLS_KEY_EXCHANGE_RSA_ENABLED - * - * Enable the RSA-only based ciphersuite modes in SSL / TLS. - * - * Requires: MBEDTLS_RSA_C, MBEDTLS_PKCS1_V15, - * MBEDTLS_X509_CRT_PARSE_C - * - * This enables the following ciphersuites (if other requisites are - * enabled as well): - * MBEDTLS_TLS_RSA_WITH_AES_256_GCM_SHA384 - * MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA256 - * MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA - * MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384 - * MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 - * MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA - * MBEDTLS_TLS_RSA_WITH_AES_128_GCM_SHA256 - * MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA256 - * MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA - * MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256 - * MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 - * MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA - */ -#define MBEDTLS_KEY_EXCHANGE_RSA_ENABLED - -/** - * \def MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED - * - * Enable the DHE-RSA based ciphersuite modes in SSL / TLS. - * - * Requires: MBEDTLS_DHM_C, MBEDTLS_RSA_C, MBEDTLS_PKCS1_V15, - * MBEDTLS_X509_CRT_PARSE_C - * - * This enables the following ciphersuites (if other requisites are - * enabled as well): - * MBEDTLS_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 - * MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 - * MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA - * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384 - * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 - * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA - * MBEDTLS_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 - * MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 - * MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA - * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 - * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 - * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA - * - * \warning Using DHE constitutes a security risk as it - * is not possible to validate custom DH parameters. - * If possible, it is recommended users should consider - * preferring other methods of key exchange. - * See dhm.h for more details. - * - */ -#define MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED - -/** - * \def MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED - * - * Enable the ECDHE-RSA based ciphersuite modes in SSL / TLS. - * - * Requires: MBEDTLS_ECDH_C, MBEDTLS_RSA_C, MBEDTLS_PKCS1_V15, - * MBEDTLS_X509_CRT_PARSE_C - * - * This enables the following ciphersuites (if other requisites are - * enabled as well): - * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 - * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 - * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA - * MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384 - * MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384 - * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 - * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 - * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA - * MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 - * MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 - */ -#define MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED - -/** - * \def MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED - * - * Enable the ECDHE-ECDSA based ciphersuite modes in SSL / TLS. - * - * Requires: MBEDTLS_ECDH_C, MBEDTLS_ECDSA_C, MBEDTLS_X509_CRT_PARSE_C, - * - * This enables the following ciphersuites (if other requisites are - * enabled as well): - * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 - * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 - * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA - * MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384 - * MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 - * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 - * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 - * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA - * MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 - * MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 - */ -#define MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED - -/** - * \def MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED - * - * Enable the ECDH-ECDSA based ciphersuite modes in SSL / TLS. - * - * Requires: MBEDTLS_ECDH_C, MBEDTLS_ECDSA_C, MBEDTLS_X509_CRT_PARSE_C - * - * This enables the following ciphersuites (if other requisites are - * enabled as well): - * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA - * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA - * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 - * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 - * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 - * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 - * MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 - * MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 - * MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 - * MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384 - */ -#define MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED - -/** - * \def MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED - * - * Enable the ECDH-RSA based ciphersuite modes in SSL / TLS. - * - * Requires: MBEDTLS_ECDH_C, MBEDTLS_RSA_C, MBEDTLS_X509_CRT_PARSE_C - * - * This enables the following ciphersuites (if other requisites are - * enabled as well): - * MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA - * MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA - * MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 - * MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 - * MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 - * MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 - * MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256 - * MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384 - * MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256 - * MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384 - */ -#define MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED - -/** - * \def MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED - * - * Enable the ECJPAKE based ciphersuite modes in SSL / TLS. - * - * \warning This is currently experimental. EC J-PAKE support is based on the - * Thread v1.0.0 specification; incompatible changes to the specification - * might still happen. For this reason, this is disabled by default. - * - * Requires: MBEDTLS_ECJPAKE_C - * MBEDTLS_SHA256_C - * MBEDTLS_ECP_DP_SECP256R1_ENABLED - * - * This enables the following ciphersuites (if other requisites are - * enabled as well): - * MBEDTLS_TLS_ECJPAKE_WITH_AES_128_CCM_8 - */ -//#define MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED - -/** - * \def MBEDTLS_PK_PARSE_EC_EXTENDED - * - * Enhance support for reading EC keys using variants of SEC1 not allowed by - * RFC 5915 and RFC 5480. - * - * Currently this means parsing the SpecifiedECDomain choice of EC - * parameters (only known groups are supported, not arbitrary domains, to - * avoid validation issues). - * - * Disable if you only need to support RFC 5915 + 5480 key formats. - */ -#define MBEDTLS_PK_PARSE_EC_EXTENDED - -/** - * \def MBEDTLS_ERROR_STRERROR_DUMMY - * - * Enable a dummy error function to make use of mbedtls_strerror() in - * third party libraries easier when MBEDTLS_ERROR_C is disabled - * (no effect when MBEDTLS_ERROR_C is enabled). - * - * You can safely disable this if MBEDTLS_ERROR_C is enabled, or if you're - * not using mbedtls_strerror() or error_strerror() in your application. - * - * Disable if you run into name conflicts and want to really remove the - * mbedtls_strerror() - */ -#define MBEDTLS_ERROR_STRERROR_DUMMY - -/** - * \def MBEDTLS_GENPRIME - * - * Enable the prime-number generation code. - * - * Requires: MBEDTLS_BIGNUM_C - */ -#define MBEDTLS_GENPRIME - -/** - * \def MBEDTLS_FS_IO - * - * Enable functions that use the filesystem. - */ -#define MBEDTLS_FS_IO - -/** - * \def MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES - * - * Do not add default entropy sources in mbedtls_entropy_init(). - * - * This is useful to have more control over the added entropy sources in an - * application. - * - * Uncomment this macro to prevent loading of default entropy functions. - */ -//#define MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES - -/** - * \def MBEDTLS_NO_PLATFORM_ENTROPY - * - * Do not use built-in platform entropy functions. - * This is useful if your platform does not support - * standards like the /dev/urandom or Windows CryptoAPI. - * - * Uncomment this macro to disable the built-in platform entropy functions. - */ -//#define MBEDTLS_NO_PLATFORM_ENTROPY - -/** - * \def MBEDTLS_ENTROPY_FORCE_SHA256 - * - * Force the entropy accumulator to use a SHA-256 accumulator instead of the - * default SHA-512 based one (if both are available). - * - * Requires: MBEDTLS_SHA256_C - * - * On 32-bit systems SHA-256 can be much faster than SHA-512. Use this option - * if you have performance concerns. - * - * This option is only useful if both MBEDTLS_SHA256_C and - * MBEDTLS_SHA512_C are defined. Otherwise the available hash module is used. - */ -//#define MBEDTLS_ENTROPY_FORCE_SHA256 - -/** - * \def MBEDTLS_ENTROPY_NV_SEED - * - * Enable the non-volatile (NV) seed file-based entropy source. - * (Also enables the NV seed read/write functions in the platform layer) - * - * This is crucial (if not required) on systems that do not have a - * cryptographic entropy source (in hardware or kernel) available. - * - * Requires: MBEDTLS_ENTROPY_C, MBEDTLS_PLATFORM_C - * - * \note The read/write functions that are used by the entropy source are - * determined in the platform layer, and can be modified at runtime and/or - * compile-time depending on the flags (MBEDTLS_PLATFORM_NV_SEED_*) used. - * - * \note If you use the default implementation functions that read a seedfile - * with regular fopen(), please make sure you make a seedfile with the - * proper name (defined in MBEDTLS_PLATFORM_STD_NV_SEED_FILE) and at - * least MBEDTLS_ENTROPY_BLOCK_SIZE bytes in size that can be read from - * and written to or you will get an entropy source error! The default - * implementation will only use the first MBEDTLS_ENTROPY_BLOCK_SIZE - * bytes from the file. - * - * \note The entropy collector will write to the seed file before entropy is - * given to an external source, to update it. - */ -//#define MBEDTLS_ENTROPY_NV_SEED - -/* MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER - * - * Enable key identifiers that encode a key owner identifier. - * - * The owner of a key is identified by a value of type ::mbedtls_key_owner_id_t - * which is currently hard-coded to be int32_t. - * - * Note that this option is meant for internal use only and may be removed - * without notice. It is incompatible with MBEDTLS_USE_PSA_CRYPTO. - */ -//#define MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER - -/** - * \def MBEDTLS_MEMORY_DEBUG - * - * Enable debugging of buffer allocator memory issues. Automatically prints - * (to stderr) all (fatal) messages on memory allocation issues. Enables - * function for 'debug output' of allocated memory. - * - * Requires: MBEDTLS_MEMORY_BUFFER_ALLOC_C - * - * Uncomment this macro to let the buffer allocator print out error messages. - */ -//#define MBEDTLS_MEMORY_DEBUG - -/** - * \def MBEDTLS_MEMORY_BACKTRACE - * - * Include backtrace information with each allocated block. - * - * Requires: MBEDTLS_MEMORY_BUFFER_ALLOC_C - * GLIBC-compatible backtrace() an backtrace_symbols() support - * - * Uncomment this macro to include backtrace information - */ -//#define MBEDTLS_MEMORY_BACKTRACE - -/** - * \def MBEDTLS_PK_RSA_ALT_SUPPORT - * - * Support external private RSA keys (eg from a HSM) in the PK layer. - * - * Comment this macro to disable support for external private RSA keys. - */ -#define MBEDTLS_PK_RSA_ALT_SUPPORT - -/** - * \def MBEDTLS_PKCS1_V15 - * - * Enable support for PKCS#1 v1.5 encoding. - * - * Requires: MBEDTLS_RSA_C - * - * This enables support for PKCS#1 v1.5 operations. - */ -#define MBEDTLS_PKCS1_V15 - -/** - * \def MBEDTLS_PKCS1_V21 - * - * Enable support for PKCS#1 v2.1 encoding. - * - * Requires: MBEDTLS_MD_C, MBEDTLS_RSA_C - * - * This enables support for RSAES-OAEP and RSASSA-PSS operations. - */ -#define MBEDTLS_PKCS1_V21 - -/** \def MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS - * - * Enable support for platform built-in keys. If you enable this feature, - * you must implement the function mbedtls_psa_platform_get_builtin_key(). - * See the documentation of that function for more information. - * - * Built-in keys are typically derived from a hardware unique key or - * stored in a secure element. - * - * Requires: MBEDTLS_PSA_CRYPTO_C. - * - * \warning This interface is experimental and may change or be removed - * without notice. - */ -//#define MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS - -/** \def MBEDTLS_PSA_CRYPTO_CLIENT - * - * Enable support for PSA crypto client. - * - * \note This option allows to include the code necessary for a PSA - * crypto client when the PSA crypto implementation is not included in - * the library (MBEDTLS_PSA_CRYPTO_C disabled). The code included is the - * code to set and get PSA key attributes. - * The development of PSA drivers partially relying on the library to - * fulfill the hardware gaps is another possible usage of this option. - * - * \warning This interface is experimental and may change or be removed - * without notice. - */ -//#define MBEDTLS_PSA_CRYPTO_CLIENT - -/** \def MBEDTLS_PSA_CRYPTO_DRIVERS - * - * Enable support for the experimental PSA crypto driver interface. - * - * Requires: MBEDTLS_PSA_CRYPTO_C - * - * \warning This interface is experimental and may change or be removed - * without notice. - */ -//#define MBEDTLS_PSA_CRYPTO_DRIVERS - -/** \def MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG - * - * Make the PSA Crypto module use an external random generator provided - * by a driver, instead of Mbed TLS's entropy and DRBG modules. - * - * \note This random generator must deliver random numbers with cryptographic - * quality and high performance. It must supply unpredictable numbers - * with a uniform distribution. The implementation of this function - * is responsible for ensuring that the random generator is seeded - * with sufficient entropy. If you have a hardware TRNG which is slow - * or delivers non-uniform output, declare it as an entropy source - * with mbedtls_entropy_add_source() instead of enabling this option. - * - * If you enable this option, you must configure the type - * ::mbedtls_psa_external_random_context_t in psa/crypto_platform.h - * and define a function called mbedtls_psa_external_get_random() - * with the following prototype: - * ``` - * psa_status_t mbedtls_psa_external_get_random( - * mbedtls_psa_external_random_context_t *context, - * uint8_t *output, size_t output_size, size_t *output_length); - * ); - * ``` - * The \c context value is initialized to 0 before the first call. - * The function must fill the \c output buffer with \p output_size bytes - * of random data and set \c *output_length to \p output_size. - * - * Requires: MBEDTLS_PSA_CRYPTO_C - * - * \warning If you enable this option, code that uses the PSA cryptography - * interface will not use any of the entropy sources set up for - * the entropy module, nor the NV seed that MBEDTLS_ENTROPY_NV_SEED - * enables. - * - * \note This option is experimental and may be removed without notice. - */ -//#define MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG - -/** - * \def MBEDTLS_PSA_CRYPTO_SPM - * - * When MBEDTLS_PSA_CRYPTO_SPM is defined, the code is built for SPM (Secure - * Partition Manager) integration which separates the code into two parts: a - * NSPE (Non-Secure Process Environment) and an SPE (Secure Process - * Environment). - * - * Module: library/psa_crypto.c - * Requires: MBEDTLS_PSA_CRYPTO_C - * - */ -//#define MBEDTLS_PSA_CRYPTO_SPM - -/** - * \def MBEDTLS_PSA_INJECT_ENTROPY - * - * Enable support for entropy injection at first boot. This feature is - * required on systems that do not have a built-in entropy source (TRNG). - * This feature is currently not supported on systems that have a built-in - * entropy source. - * - * Requires: MBEDTLS_PSA_CRYPTO_STORAGE_C, MBEDTLS_ENTROPY_NV_SEED - * - */ -//#define MBEDTLS_PSA_INJECT_ENTROPY - -/** - * \def MBEDTLS_RSA_NO_CRT - * - * Do not use the Chinese Remainder Theorem - * for the RSA private operation. - * - * Uncomment this macro to disable the use of CRT in RSA. - * - */ -//#define MBEDTLS_RSA_NO_CRT - -/** - * \def MBEDTLS_SELF_TEST - * - * Enable the checkup functions (*_self_test). - */ -#define MBEDTLS_SELF_TEST - -/** - * \def MBEDTLS_SHA256_SMALLER - * - * Enable an implementation of SHA-256 that has lower ROM footprint but also - * lower performance. - * - * The default implementation is meant to be a reasonnable compromise between - * performance and size. This version optimizes more aggressively for size at - * the expense of performance. Eg on Cortex-M4 it reduces the size of - * mbedtls_sha256_process() from ~2KB to ~0.5KB for a performance hit of about - * 30%. - * - * Uncomment to enable the smaller implementation of SHA256. - */ -//#define MBEDTLS_SHA256_SMALLER - -/** - * \def MBEDTLS_SHA512_SMALLER - * - * Enable an implementation of SHA-512 that has lower ROM footprint but also - * lower performance. - * - * Uncomment to enable the smaller implementation of SHA512. - */ -//#define MBEDTLS_SHA512_SMALLER - -/** - * \def MBEDTLS_SSL_ALL_ALERT_MESSAGES - * - * Enable sending of alert messages in case of encountered errors as per RFC. - * If you choose not to send the alert messages, mbed TLS can still communicate - * with other servers, only debugging of failures is harder. - * - * The advantage of not sending alert messages, is that no information is given - * about reasons for failures thus preventing adversaries of gaining intel. - * - * Enable sending of all alert messages - */ -#define MBEDTLS_SSL_ALL_ALERT_MESSAGES - -/** - * \def MBEDTLS_SSL_DTLS_CONNECTION_ID - * - * Enable support for the DTLS Connection ID extension - * (version draft-ietf-tls-dtls-connection-id-05, - * https://tools.ietf.org/html/draft-ietf-tls-dtls-connection-id-05) - * which allows to identify DTLS connections across changes - * in the underlying transport. - * - * Setting this option enables the SSL APIs `mbedtls_ssl_set_cid()`, - * `mbedtls_ssl_get_peer_cid()` and `mbedtls_ssl_conf_cid()`. - * See the corresponding documentation for more information. - * - * \warning The Connection ID extension is still in draft state. - * We make no stability promises for the availability - * or the shape of the API controlled by this option. - * - * The maximum lengths of outgoing and incoming CIDs can be configured - * through the options - * - MBEDTLS_SSL_CID_OUT_LEN_MAX - * - MBEDTLS_SSL_CID_IN_LEN_MAX. - * - * Requires: MBEDTLS_SSL_PROTO_DTLS - * - * Uncomment to enable the Connection ID extension. - */ -//#define MBEDTLS_SSL_DTLS_CONNECTION_ID - -/** - * \def MBEDTLS_SSL_ASYNC_PRIVATE - * - * Enable asynchronous external private key operations in SSL. This allows - * you to configure an SSL connection to call an external cryptographic - * module to perform private key operations instead of performing the - * operation inside the library. - * - */ -//#define MBEDTLS_SSL_ASYNC_PRIVATE - -/** - * \def MBEDTLS_SSL_CONTEXT_SERIALIZATION - * - * Enable serialization of the TLS context structures, through use of the - * functions mbedtls_ssl_context_save() and mbedtls_ssl_context_load(). - * - * This pair of functions allows one side of a connection to serialize the - * context associated with the connection, then free or re-use that context - * while the serialized state is persisted elsewhere, and finally deserialize - * that state to a live context for resuming read/write operations on the - * connection. From a protocol perspective, the state of the connection is - * unaffected, in particular this is entirely transparent to the peer. - * - * Note: this is distinct from TLS session resumption, which is part of the - * protocol and fully visible by the peer. TLS session resumption enables - * establishing new connections associated to a saved session with shorter, - * lighter handshakes, while context serialization is a local optimization in - * handling a single, potentially long-lived connection. - * - * Enabling these APIs makes some SSL structures larger, as 64 extra bytes are - * saved after the handshake to allow for more efficient serialization, so if - * you don't need this feature you'll save RAM by disabling it. - * - * Comment to disable the context serialization APIs. - */ -#define MBEDTLS_SSL_CONTEXT_SERIALIZATION - -/** - * \def MBEDTLS_SSL_DEBUG_ALL - * - * Enable the debug messages in SSL module for all issues. - * Debug messages have been disabled in some places to prevent timing - * attacks due to (unbalanced) debugging function calls. - * - * If you need all error reporting you should enable this during debugging, - * but remove this for production servers that should log as well. - * - * Uncomment this macro to report all debug messages on errors introducing - * a timing side-channel. - * - */ -//#define MBEDTLS_SSL_DEBUG_ALL - -/** \def MBEDTLS_SSL_ENCRYPT_THEN_MAC - * - * Enable support for Encrypt-then-MAC, RFC 7366. - * - * This allows peers that both support it to use a more robust protection for - * ciphersuites using CBC, providing deep resistance against timing attacks - * on the padding or underlying cipher. - * - * This only affects CBC ciphersuites, and is useless if none is defined. - * - * Requires: MBEDTLS_SSL_PROTO_TLS1_2 - * - * Comment this macro to disable support for Encrypt-then-MAC - */ -#define MBEDTLS_SSL_ENCRYPT_THEN_MAC - -/** \def MBEDTLS_SSL_EXTENDED_MASTER_SECRET - * - * Enable support for RFC 7627: Session Hash and Extended Master Secret - * Extension. - * - * This was introduced as "the proper fix" to the Triple Handshake familiy of - * attacks, but it is recommended to always use it (even if you disable - * renegotiation), since it actually fixes a more fundamental issue in the - * original SSL/TLS design, and has implications beyond Triple Handshake. - * - * Requires: MBEDTLS_SSL_PROTO_TLS1_2 - * - * Comment this macro to disable support for Extended Master Secret. - */ -#define MBEDTLS_SSL_EXTENDED_MASTER_SECRET - -/** - * \def MBEDTLS_SSL_KEEP_PEER_CERTIFICATE - * - * This option controls the availability of the API mbedtls_ssl_get_peer_cert() - * giving access to the peer's certificate after completion of the handshake. - * - * Unless you need mbedtls_ssl_peer_cert() in your application, it is - * recommended to disable this option for reduced RAM usage. - * - * \note If this option is disabled, mbedtls_ssl_get_peer_cert() is still - * defined, but always returns \c NULL. - * - * \note This option has no influence on the protection against the - * triple handshake attack. Even if it is disabled, Mbed TLS will - * still ensure that certificates do not change during renegotiation, - * for exaple by keeping a hash of the peer's certificate. - * - * Comment this macro to disable storing the peer's certificate - * after the handshake. - */ -#define MBEDTLS_SSL_KEEP_PEER_CERTIFICATE - -/** - * \def MBEDTLS_SSL_RENEGOTIATION - * - * Enable support for TLS renegotiation. - * - * The two main uses of renegotiation are (1) refresh keys on long-lived - * connections and (2) client authentication after the initial handshake. - * If you don't need renegotiation, it's probably better to disable it, since - * it has been associated with security issues in the past and is easy to - * misuse/misunderstand. - * - * Comment this to disable support for renegotiation. - * - * \note Even if this option is disabled, both client and server are aware - * of the Renegotiation Indication Extension (RFC 5746) used to - * prevent the SSL renegotiation attack (see RFC 5746 Sect. 1). - * (See \c mbedtls_ssl_conf_legacy_renegotiation for the - * configuration of this extension). - * - */ -#define MBEDTLS_SSL_RENEGOTIATION - -/** - * \def MBEDTLS_SSL_MAX_FRAGMENT_LENGTH - * - * Enable support for RFC 6066 max_fragment_length extension in SSL. - * - * Comment this macro to disable support for the max_fragment_length extension - */ -#define MBEDTLS_SSL_MAX_FRAGMENT_LENGTH - -/** - * \def MBEDTLS_SSL_PROTO_TLS1_2 - * - * Enable support for TLS 1.2 (and DTLS 1.2 if DTLS is enabled). - * - * Requires: MBEDTLS_SHA1_C or MBEDTLS_SHA256_C or MBEDTLS_SHA512_C - * (Depends on ciphersuites) - * - * Comment this macro to disable support for TLS 1.2 / DTLS 1.2 - */ -#define MBEDTLS_SSL_PROTO_TLS1_2 - -/** - * \def MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL - * - * This macro is used to selectively enable experimental parts - * of the code that contribute to the ongoing development of - * the prototype TLS 1.3 and DTLS 1.3 implementation, and provide - * no other purpose. - * - * \warning TLS 1.3 and DTLS 1.3 aren't yet supported in Mbed TLS, - * and no feature exposed through this macro is part of the - * public API. In particular, features under the control - * of this macro are experimental and don't come with any - * stability guarantees. - * - * Uncomment this macro to enable experimental and partial - * functionality specific to TLS 1.3. - */ -//#define MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL - -/** - * \def MBEDTLS_SSL_PROTO_DTLS - * - * Enable support for DTLS (all available versions). - * - * Enable this and MBEDTLS_SSL_PROTO_TLS1_2 to enable DTLS 1.2. - * - * Requires: MBEDTLS_SSL_PROTO_TLS1_2 - * - * Comment this macro to disable support for DTLS - */ -#define MBEDTLS_SSL_PROTO_DTLS - -/** - * \def MBEDTLS_SSL_ALPN - * - * Enable support for RFC 7301 Application Layer Protocol Negotiation. - * - * Comment this macro to disable support for ALPN. - */ -#define MBEDTLS_SSL_ALPN - -/** - * \def MBEDTLS_SSL_DTLS_ANTI_REPLAY - * - * Enable support for the anti-replay mechanism in DTLS. - * - * Requires: MBEDTLS_SSL_TLS_C - * MBEDTLS_SSL_PROTO_DTLS - * - * \warning Disabling this is often a security risk! - * See mbedtls_ssl_conf_dtls_anti_replay() for details. - * - * Comment this to disable anti-replay in DTLS. - */ -#define MBEDTLS_SSL_DTLS_ANTI_REPLAY - -/** - * \def MBEDTLS_SSL_DTLS_HELLO_VERIFY - * - * Enable support for HelloVerifyRequest on DTLS servers. - * - * This feature is highly recommended to prevent DTLS servers being used as - * amplifiers in DoS attacks against other hosts. It should always be enabled - * unless you know for sure amplification cannot be a problem in the - * environment in which your server operates. - * - * \warning Disabling this can ba a security risk! (see above) - * - * Requires: MBEDTLS_SSL_PROTO_DTLS - * - * Comment this to disable support for HelloVerifyRequest. - */ -#define MBEDTLS_SSL_DTLS_HELLO_VERIFY - -/** - * \def MBEDTLS_SSL_DTLS_SRTP - * - * Enable support for negotiation of DTLS-SRTP (RFC 5764) - * through the use_srtp extension. - * - * \note This feature provides the minimum functionality required - * to negotiate the use of DTLS-SRTP and to allow the derivation of - * the associated SRTP packet protection key material. - * In particular, the SRTP packet protection itself, as well as the - * demultiplexing of RTP and DTLS packets at the datagram layer - * (see Section 5 of RFC 5764), are not handled by this feature. - * Instead, after successful completion of a handshake negotiating - * the use of DTLS-SRTP, the extended key exporter API - * mbedtls_ssl_conf_export_keys_cb() should be used to implement - * the key exporter described in Section 4.2 of RFC 5764 and RFC 5705 - * (this is implemented in the SSL example programs). - * The resulting key should then be passed to an SRTP stack. - * - * Setting this option enables the runtime API - * mbedtls_ssl_conf_dtls_srtp_protection_profiles() - * through which the supported DTLS-SRTP protection - * profiles can be configured. You must call this API at - * runtime if you wish to negotiate the use of DTLS-SRTP. - * - * Requires: MBEDTLS_SSL_PROTO_DTLS - * - * Uncomment this to enable support for use_srtp extension. - */ -//#define MBEDTLS_SSL_DTLS_SRTP - -/** - * \def MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE - * - * Enable server-side support for clients that reconnect from the same port. - * - * Some clients unexpectedly close the connection and try to reconnect using the - * same source port. This needs special support from the server to handle the - * new connection securely, as described in section 4.2.8 of RFC 6347. This - * flag enables that support. - * - * Requires: MBEDTLS_SSL_DTLS_HELLO_VERIFY - * - * Comment this to disable support for clients reusing the source port. - */ -#define MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE - -/** - * \def MBEDTLS_SSL_SESSION_TICKETS - * - * Enable support for RFC 5077 session tickets in SSL. - * Client-side, provides full support for session tickets (maintenance of a - * session store remains the responsibility of the application, though). - * Server-side, you also need to provide callbacks for writing and parsing - * tickets, including authenticated encryption and key management. Example - * callbacks are provided by MBEDTLS_SSL_TICKET_C. - * - * Comment this macro to disable support for SSL session tickets - */ -#define MBEDTLS_SSL_SESSION_TICKETS - -/** - * \def MBEDTLS_SSL_EXPORT_KEYS - * - * Enable support for exporting key block and master secret. - * This is required for certain users of TLS, e.g. EAP-TLS. - * - * Comment this macro to disable support for key export - */ -#define MBEDTLS_SSL_EXPORT_KEYS - -/** - * \def MBEDTLS_SSL_SERVER_NAME_INDICATION - * - * Enable support for RFC 6066 server name indication (SNI) in SSL. - * - * Requires: MBEDTLS_X509_CRT_PARSE_C - * - * Comment this macro to disable support for server name indication in SSL - */ -#define MBEDTLS_SSL_SERVER_NAME_INDICATION - -/** - * \def MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH - * - * When this option is enabled, the SSL buffer will be resized automatically - * based on the negotiated maximum fragment length in each direction. - * - * Requires: MBEDTLS_SSL_MAX_FRAGMENT_LENGTH - */ -//#define MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH - -/** - * \def MBEDTLS_TEST_CONSTANT_FLOW_MEMSAN - * - * Enable testing of the constant-flow nature of some sensitive functions with - * clang's MemorySanitizer. This causes some existing tests to also test - * this non-functional property of the code under test. - * - * This setting requires compiling with clang -fsanitize=memory. The test - * suites can then be run normally. - * - * \warning This macro is only used for extended testing; it is not considered - * part of the library's API, so it may change or disappear at any time. - * - * Uncomment to enable testing of the constant-flow nature of selected code. - */ -//#define MBEDTLS_TEST_CONSTANT_FLOW_MEMSAN - -/** - * \def MBEDTLS_TEST_CONSTANT_FLOW_VALGRIND - * - * Enable testing of the constant-flow nature of some sensitive functions with - * valgrind's memcheck tool. This causes some existing tests to also test - * this non-functional property of the code under test. - * - * This setting requires valgrind headers for building, and is only useful for - * testing if the tests suites are run with valgrind's memcheck. This can be - * done for an individual test suite with 'valgrind ./test_suite_xxx', or when - * using CMake, this can be done for all test suites with 'make memcheck'. - * - * \warning This macro is only used for extended testing; it is not considered - * part of the library's API, so it may change or disappear at any time. - * - * Uncomment to enable testing of the constant-flow nature of selected code. - */ -//#define MBEDTLS_TEST_CONSTANT_FLOW_VALGRIND - -/** - * \def MBEDTLS_TEST_HOOKS - * - * Enable features for invasive testing such as introspection functions and - * hooks for fault injection. This enables additional unit tests. - * - * Merely enabling this feature should not change the behavior of the product. - * It only adds new code, and new branching points where the default behavior - * is the same as when this feature is disabled. - * However, this feature increases the attack surface: there is an added - * risk of vulnerabilities, and more gadgets that can make exploits easier. - * Therefore this feature must never be enabled in production. - * - * See `docs/architecture/testing/mbed-crypto-invasive-testing.md` for more - * information. - * - * Uncomment to enable invasive tests. - */ -//#define MBEDTLS_TEST_HOOKS - -/** - * \def MBEDTLS_THREADING_ALT - * - * Provide your own alternate threading implementation. - * - * Requires: MBEDTLS_THREADING_C - * - * Uncomment this to allow your own alternate threading implementation. - */ -//#define MBEDTLS_THREADING_ALT - -/** - * \def MBEDTLS_THREADING_PTHREAD - * - * Enable the pthread wrapper layer for the threading layer. - * - * Requires: MBEDTLS_THREADING_C - * - * Uncomment this to enable pthread mutexes. - */ -//#define MBEDTLS_THREADING_PTHREAD - -/** - * \def MBEDTLS_USE_PSA_CRYPTO - * - * Make the X.509 and TLS library use PSA for cryptographic operations, and - * enable new APIs for using keys handled by PSA Crypto. - * - * \note Development of this option is currently in progress, and parts of Mbed - * TLS's X.509 and TLS modules are not ported to PSA yet. However, these parts - * will still continue to work as usual, so enabling this option should not - * break backwards compatibility. - * - * \warning The PSA Crypto API is in beta stage. While you're welcome to - * experiment using it, incompatible API changes are still possible, and some - * parts may not have reached the same quality as the rest of Mbed TLS yet. - * - * \warning This option enables new Mbed TLS APIs that are dependent on the - * PSA Crypto API, so can't come with the same stability guarantees as the - * rest of the Mbed TLS APIs. You're welcome to experiment with them, but for - * now, access to these APIs is opt-in (via enabling the present option), in - * order to clearly differentiate them from the stable Mbed TLS APIs. - * - * Requires: MBEDTLS_PSA_CRYPTO_C. - * - * Uncomment this to enable internal use of PSA Crypto and new associated APIs. - */ -//#define MBEDTLS_USE_PSA_CRYPTO - -/** - * \def MBEDTLS_PSA_CRYPTO_CONFIG - * - * This setting allows support for cryptographic mechanisms through the PSA - * API to be configured separately from support through the mbedtls API. - * - * Uncomment this to enable use of PSA Crypto configuration settings which - * can be found in include/psa/crypto_config.h. - * - * This feature is still experimental and is not ready for production since - * it is not completed. - */ -//#define MBEDTLS_PSA_CRYPTO_CONFIG - -/** - * \def MBEDTLS_VERSION_FEATURES - * - * Allow run-time checking of compile-time enabled features. Thus allowing users - * to check at run-time if the library is for instance compiled with threading - * support via mbedtls_version_check_feature(). - * - * Requires: MBEDTLS_VERSION_C - * - * Comment this to disable run-time checking and save ROM space - */ -#define MBEDTLS_VERSION_FEATURES - -/** - * \def MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK - * - * If set, this enables the X.509 API `mbedtls_x509_crt_verify_with_ca_cb()` - * and the SSL API `mbedtls_ssl_conf_ca_cb()` which allow users to configure - * the set of trusted certificates through a callback instead of a linked - * list. - * - * This is useful for example in environments where a large number of trusted - * certificates is present and storing them in a linked list isn't efficient - * enough, or when the set of trusted certificates changes frequently. - * - * See the documentation of `mbedtls_x509_crt_verify_with_ca_cb()` and - * `mbedtls_ssl_conf_ca_cb()` for more information. - * - * Uncomment to enable trusted certificate callbacks. - */ -//#define MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK - -/** - * \def MBEDTLS_X509_REMOVE_INFO - * - * Disable mbedtls_x509_*_info() and related APIs. - * - * Uncomment to omit mbedtls_x509_*_info(), as well as mbedtls_debug_print_crt() - * and other functions/constants only used by these functions, thus reducing - * the code footprint by several KB. - */ -//#define MBEDTLS_X509_REMOVE_INFO - -/** - * \def MBEDTLS_X509_RSASSA_PSS_SUPPORT - * - * Enable parsing and verification of X.509 certificates, CRLs and CSRS - * signed with RSASSA-PSS (aka PKCS#1 v2.1). - * - * Comment this macro to disallow using RSASSA-PSS in certificates. - */ -#define MBEDTLS_X509_RSASSA_PSS_SUPPORT -/* \} name SECTION: mbed TLS feature support */ - -/** - * \name SECTION: mbed TLS modules - * - * This section enables or disables entire modules in mbed TLS - * \{ - */ - -/** - * \def MBEDTLS_AESNI_C - * - * Enable AES-NI support on x86-64. - * - * Module: library/aesni.c - * Caller: library/aes.c - * - * Requires: MBEDTLS_HAVE_ASM - * - * This modules adds support for the AES-NI instructions on x86-64 - */ -#define MBEDTLS_AESNI_C - -/** - * \def MBEDTLS_AES_C - * - * Enable the AES block cipher. - * - * Module: library/aes.c - * Caller: library/cipher.c - * library/pem.c - * library/ctr_drbg.c - * - * This module enables the following ciphersuites (if other requisites are - * enabled as well): - * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA - * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA - * MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA - * MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA - * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 - * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 - * MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 - * MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 - * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 - * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 - * MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 - * MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 - * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 - * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 - * MBEDTLS_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 - * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 - * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 - * MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 - * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA - * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA - * MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA - * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 - * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 - * MBEDTLS_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 - * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 - * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 - * MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 - * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA - * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA - * MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA - * MBEDTLS_TLS_DHE_PSK_WITH_AES_256_GCM_SHA384 - * MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384 - * MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA384 - * MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA - * MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA - * MBEDTLS_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 - * MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256 - * MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256 - * MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA - * MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA - * MBEDTLS_TLS_RSA_WITH_AES_256_GCM_SHA384 - * MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA256 - * MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA - * MBEDTLS_TLS_RSA_WITH_AES_128_GCM_SHA256 - * MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA256 - * MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA - * MBEDTLS_TLS_RSA_PSK_WITH_AES_256_GCM_SHA384 - * MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA384 - * MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA - * MBEDTLS_TLS_RSA_PSK_WITH_AES_128_GCM_SHA256 - * MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA256 - * MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA - * MBEDTLS_TLS_PSK_WITH_AES_256_GCM_SHA384 - * MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA384 - * MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA - * MBEDTLS_TLS_PSK_WITH_AES_128_GCM_SHA256 - * MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA256 - * MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA - * - * PEM_PARSE uses AES for decrypting encrypted keys. - */ -#define MBEDTLS_AES_C - -/** - * \def MBEDTLS_ASN1_PARSE_C - * - * Enable the generic ASN1 parser. - * - * Module: library/asn1.c - * Caller: library/x509.c - * library/dhm.c - * library/pkcs12.c - * library/pkcs5.c - * library/pkparse.c - */ -#define MBEDTLS_ASN1_PARSE_C - -/** - * \def MBEDTLS_ASN1_WRITE_C - * - * Enable the generic ASN1 writer. - * - * Module: library/asn1write.c - * Caller: library/ecdsa.c - * library/pkwrite.c - * library/x509_create.c - * library/x509write_crt.c - * library/x509write_csr.c - */ -#define MBEDTLS_ASN1_WRITE_C - -/** - * \def MBEDTLS_BASE64_C - * - * Enable the Base64 module. - * - * Module: library/base64.c - * Caller: library/pem.c - * - * This module is required for PEM support (required by X.509). - */ -#define MBEDTLS_BASE64_C - -/** - * \def MBEDTLS_BIGNUM_C - * - * Enable the multi-precision integer library. - * - * Module: library/bignum.c - * Caller: library/dhm.c - * library/ecp.c - * library/ecdsa.c - * library/rsa.c - * library/rsa_alt_helpers.c - * library/ssl_tls.c - * - * This module is required for RSA, DHM and ECC (ECDH, ECDSA) support. - */ -#define MBEDTLS_BIGNUM_C - -/** - * \def MBEDTLS_CAMELLIA_C - * - * Enable the Camellia block cipher. - * - * Module: library/camellia.c - * Caller: library/cipher.c - * - * This module enables the following ciphersuites (if other requisites are - * enabled as well): - * MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 - * MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 - * MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256 - * MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384 - * MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 - * MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384 - * MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256 - * MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384 - * MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384 - * MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384 - * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384 - * MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 - * MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384 - * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 - * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA - * MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 - * MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 - * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 - * MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 - * MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 - * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 - * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA - * MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384 - * MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 - * MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 - * MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256 - * MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 - * MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 - * MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384 - * MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 - * MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA - * MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256 - * MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 - * MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA - * MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384 - * MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384 - * MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256 - * MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256 - * MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384 - * MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384 - * MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256 - * MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256 - */ -#define MBEDTLS_CAMELLIA_C - -/** - * \def MBEDTLS_ARIA_C - * - * Enable the ARIA block cipher. - * - * Module: library/aria.c - * Caller: library/cipher.c - * - * This module enables the following ciphersuites (if other requisites are - * enabled as well): - * - * MBEDTLS_TLS_RSA_WITH_ARIA_128_CBC_SHA256 - * MBEDTLS_TLS_RSA_WITH_ARIA_256_CBC_SHA384 - * MBEDTLS_TLS_DHE_RSA_WITH_ARIA_128_CBC_SHA256 - * MBEDTLS_TLS_DHE_RSA_WITH_ARIA_256_CBC_SHA384 - * MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_128_CBC_SHA256 - * MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_256_CBC_SHA384 - * MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_128_CBC_SHA256 - * MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_256_CBC_SHA384 - * MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_128_CBC_SHA256 - * MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_256_CBC_SHA384 - * MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_128_CBC_SHA256 - * MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_256_CBC_SHA384 - * MBEDTLS_TLS_RSA_WITH_ARIA_128_GCM_SHA256 - * MBEDTLS_TLS_RSA_WITH_ARIA_256_GCM_SHA384 - * MBEDTLS_TLS_DHE_RSA_WITH_ARIA_128_GCM_SHA256 - * MBEDTLS_TLS_DHE_RSA_WITH_ARIA_256_GCM_SHA384 - * MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256 - * MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384 - * MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_128_GCM_SHA256 - * MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_256_GCM_SHA384 - * MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256 - * MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384 - * MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_128_GCM_SHA256 - * MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_256_GCM_SHA384 - * MBEDTLS_TLS_PSK_WITH_ARIA_128_CBC_SHA256 - * MBEDTLS_TLS_PSK_WITH_ARIA_256_CBC_SHA384 - * MBEDTLS_TLS_DHE_PSK_WITH_ARIA_128_CBC_SHA256 - * MBEDTLS_TLS_DHE_PSK_WITH_ARIA_256_CBC_SHA384 - * MBEDTLS_TLS_RSA_PSK_WITH_ARIA_128_CBC_SHA256 - * MBEDTLS_TLS_RSA_PSK_WITH_ARIA_256_CBC_SHA384 - * MBEDTLS_TLS_PSK_WITH_ARIA_128_GCM_SHA256 - * MBEDTLS_TLS_PSK_WITH_ARIA_256_GCM_SHA384 - * MBEDTLS_TLS_DHE_PSK_WITH_ARIA_128_GCM_SHA256 - * MBEDTLS_TLS_DHE_PSK_WITH_ARIA_256_GCM_SHA384 - * MBEDTLS_TLS_RSA_PSK_WITH_ARIA_128_GCM_SHA256 - * MBEDTLS_TLS_RSA_PSK_WITH_ARIA_256_GCM_SHA384 - * MBEDTLS_TLS_ECDHE_PSK_WITH_ARIA_128_CBC_SHA256 - * MBEDTLS_TLS_ECDHE_PSK_WITH_ARIA_256_CBC_SHA384 - */ -#define MBEDTLS_ARIA_C - -/** - * \def MBEDTLS_CCM_C - * - * Enable the Counter with CBC-MAC (CCM) mode for 128-bit block cipher. - * - * Module: library/ccm.c - * - * Requires: MBEDTLS_AES_C or MBEDTLS_CAMELLIA_C - * - * This module enables the AES-CCM ciphersuites, if other requisites are - * enabled as well. - */ -#define MBEDTLS_CCM_C - -/** - * \def MBEDTLS_CHACHA20_C - * - * Enable the ChaCha20 stream cipher. - * - * Module: library/chacha20.c - */ -#define MBEDTLS_CHACHA20_C - -/** - * \def MBEDTLS_CHACHAPOLY_C - * - * Enable the ChaCha20-Poly1305 AEAD algorithm. - * - * Module: library/chachapoly.c - * - * This module requires: MBEDTLS_CHACHA20_C, MBEDTLS_POLY1305_C - */ -#define MBEDTLS_CHACHAPOLY_C - -/** - * \def MBEDTLS_CIPHER_C - * - * Enable the generic cipher layer. - * - * Module: library/cipher.c - * Caller: library/ssl_tls.c - * - * Uncomment to enable generic cipher wrappers. - */ -#define MBEDTLS_CIPHER_C - -/** - * \def MBEDTLS_CMAC_C - * - * Enable the CMAC (Cipher-based Message Authentication Code) mode for block - * ciphers. - * - * \note When #MBEDTLS_CMAC_ALT is active, meaning that the underlying - * implementation of the CMAC algorithm is provided by an alternate - * implementation, that alternate implementation may opt to not support - * AES-192 or 3DES as underlying block ciphers for the CMAC operation. - * - * Module: library/cmac.c - * - * Requires: MBEDTLS_AES_C or MBEDTLS_DES_C - * - */ -#define MBEDTLS_CMAC_C - -/** - * \def MBEDTLS_CTR_DRBG_C - * - * Enable the CTR_DRBG AES-based random generator. - * The CTR_DRBG generator uses AES-256 by default. - * To use AES-128 instead, enable \c MBEDTLS_CTR_DRBG_USE_128_BIT_KEY above. - * - * \note To achieve a 256-bit security strength with CTR_DRBG, - * you must use AES-256 *and* use sufficient entropy. - * See ctr_drbg.h for more details. - * - * Module: library/ctr_drbg.c - * Caller: - * - * Requires: MBEDTLS_AES_C - * - * This module provides the CTR_DRBG AES random number generator. - */ -#define MBEDTLS_CTR_DRBG_C - -/** - * \def MBEDTLS_DEBUG_C - * - * Enable the debug functions. - * - * Module: library/debug.c - * Caller: library/ssl_cli.c - * library/ssl_srv.c - * library/ssl_tls.c - * - * This module provides debugging functions. - */ -#define MBEDTLS_DEBUG_C - -/** - * \def MBEDTLS_DES_C - * - * Enable the DES block cipher. - * - * Module: library/des.c - * Caller: library/pem.c - * library/cipher.c - * - * PEM_PARSE uses DES/3DES for decrypting encrypted keys. - * - * \warning DES is considered a weak cipher and its use constitutes a - * security risk. We recommend considering stronger ciphers instead. - */ -#define MBEDTLS_DES_C - -/** - * \def MBEDTLS_DHM_C - * - * Enable the Diffie-Hellman-Merkle module. - * - * Module: library/dhm.c - * Caller: library/ssl_cli.c - * library/ssl_srv.c - * - * This module is used by the following key exchanges: - * DHE-RSA, DHE-PSK - * - * \warning Using DHE constitutes a security risk as it - * is not possible to validate custom DH parameters. - * If possible, it is recommended users should consider - * preferring other methods of key exchange. - * See dhm.h for more details. - * - */ -#define MBEDTLS_DHM_C - -/** - * \def MBEDTLS_ECDH_C - * - * Enable the elliptic curve Diffie-Hellman library. - * - * Module: library/ecdh.c - * Caller: library/ssl_cli.c - * library/ssl_srv.c - * - * This module is used by the following key exchanges: - * ECDHE-ECDSA, ECDHE-RSA, DHE-PSK - * - * Requires: MBEDTLS_ECP_C - */ -#define MBEDTLS_ECDH_C - -/** - * \def MBEDTLS_ECDSA_C - * - * Enable the elliptic curve DSA library. - * - * Module: library/ecdsa.c - * Caller: - * - * This module is used by the following key exchanges: - * ECDHE-ECDSA - * - * Requires: MBEDTLS_ECP_C, MBEDTLS_ASN1_WRITE_C, MBEDTLS_ASN1_PARSE_C, - * and at least one MBEDTLS_ECP_DP_XXX_ENABLED for a - * short Weierstrass curve. - */ -#define MBEDTLS_ECDSA_C - -/** - * \def MBEDTLS_ECJPAKE_C - * - * Enable the elliptic curve J-PAKE library. - * - * \note EC J-PAKE support is based on the Thread v1.0.0 specification. - * It has not been reviewed for compliance with newer standards such as - * Thread v1.1 or RFC 8236. - * - * Module: library/ecjpake.c - * Caller: - * - * This module is used by the following key exchanges: - * ECJPAKE - * - * Requires: MBEDTLS_ECP_C, MBEDTLS_MD_C - */ -#define MBEDTLS_ECJPAKE_C - -/** - * \def MBEDTLS_ECP_C - * - * Enable the elliptic curve over GF(p) library. - * - * Module: library/ecp.c - * Caller: library/ecdh.c - * library/ecdsa.c - * library/ecjpake.c - * - * Requires: MBEDTLS_BIGNUM_C and at least one MBEDTLS_ECP_DP_XXX_ENABLED - */ -#define MBEDTLS_ECP_C - -/** - * \def MBEDTLS_ENTROPY_C - * - * Enable the platform-specific entropy code. - * - * Module: library/entropy.c - * Caller: - * - * Requires: MBEDTLS_SHA512_C or MBEDTLS_SHA256_C - * - * This module provides a generic entropy pool - */ -#define MBEDTLS_ENTROPY_C - -/** - * \def MBEDTLS_ERROR_C - * - * Enable error code to error string conversion. - * - * Module: library/error.c - * Caller: - * - * This module enables mbedtls_strerror(). - */ -#define MBEDTLS_ERROR_C - -/** - * \def MBEDTLS_GCM_C - * - * Enable the Galois/Counter Mode (GCM). - * - * Module: library/gcm.c - * - * Requires: MBEDTLS_AES_C or MBEDTLS_CAMELLIA_C or MBEDTLS_ARIA_C - * - * This module enables the AES-GCM and CAMELLIA-GCM ciphersuites, if other - * requisites are enabled as well. - */ -#define MBEDTLS_GCM_C - -/** - * \def MBEDTLS_HKDF_C - * - * Enable the HKDF algorithm (RFC 5869). - * - * Module: library/hkdf.c - * Caller: - * - * Requires: MBEDTLS_MD_C - * - * This module adds support for the Hashed Message Authentication Code - * (HMAC)-based key derivation function (HKDF). - */ -#define MBEDTLS_HKDF_C - -/** - * \def MBEDTLS_HMAC_DRBG_C - * - * Enable the HMAC_DRBG random generator. - * - * Module: library/hmac_drbg.c - * Caller: - * - * Requires: MBEDTLS_MD_C - * - * Uncomment to enable the HMAC_DRBG random number geerator. - */ -#define MBEDTLS_HMAC_DRBG_C - -/** - * \def MBEDTLS_NIST_KW_C - * - * Enable the Key Wrapping mode for 128-bit block ciphers, - * as defined in NIST SP 800-38F. Only KW and KWP modes - * are supported. At the moment, only AES is approved by NIST. - * - * Module: library/nist_kw.c - * - * Requires: MBEDTLS_AES_C and MBEDTLS_CIPHER_C - */ -#define MBEDTLS_NIST_KW_C - -/** - * \def MBEDTLS_MD_C - * - * Enable the generic message digest layer. - * - * Module: library/md.c - * Caller: - * - * Uncomment to enable generic message digest wrappers. - */ -#define MBEDTLS_MD_C - -/** - * \def MBEDTLS_MD5_C - * - * Enable the MD5 hash algorithm. - * - * Module: library/md5.c - * Caller: library/md.c - * library/pem.c - * library/ssl_tls.c - * - * This module is required for TLS 1.2 depending on the handshake parameters. - * Further, it is used for checking MD5-signed certificates, and for PBKDF1 - * when decrypting PEM-encoded encrypted keys. - * - * \warning MD5 is considered a weak message digest and its use constitutes a - * security risk. If possible, we recommend avoiding dependencies on - * it, and considering stronger message digests instead. - * - */ -#define MBEDTLS_MD5_C - -/** - * \def MBEDTLS_MEMORY_BUFFER_ALLOC_C - * - * Enable the buffer allocator implementation that makes use of a (stack) - * based buffer to 'allocate' dynamic memory. (replaces calloc() and free() - * calls) - * - * Module: library/memory_buffer_alloc.c - * - * Requires: MBEDTLS_PLATFORM_C - * MBEDTLS_PLATFORM_MEMORY (to use it within mbed TLS) - * - * Enable this module to enable the buffer memory allocator. - */ -//#define MBEDTLS_MEMORY_BUFFER_ALLOC_C - -/** - * \def MBEDTLS_NET_C - * - * Enable the TCP and UDP over IPv6/IPv4 networking routines. - * - * \note This module only works on POSIX/Unix (including Linux, BSD and OS X) - * and Windows. For other platforms, you'll want to disable it, and write your - * own networking callbacks to be passed to \c mbedtls_ssl_set_bio(). - * - * \note See also our Knowledge Base article about porting to a new - * environment: - * https://tls.mbed.org/kb/how-to/how-do-i-port-mbed-tls-to-a-new-environment-OS - * - * Module: library/net_sockets.c - * - * This module provides networking routines. - */ -#define MBEDTLS_NET_C - -/** - * \def MBEDTLS_OID_C - * - * Enable the OID database. - * - * Module: library/oid.c - * Caller: library/asn1write.c - * library/pkcs5.c - * library/pkparse.c - * library/pkwrite.c - * library/rsa.c - * library/x509.c - * library/x509_create.c - * library/x509_crl.c - * library/x509_crt.c - * library/x509_csr.c - * library/x509write_crt.c - * library/x509write_csr.c - * - * This modules translates between OIDs and internal values. - */ -#define MBEDTLS_OID_C - -/** - * \def MBEDTLS_PADLOCK_C - * - * Enable VIA Padlock support on x86. - * - * Module: library/padlock.c - * Caller: library/aes.c - * - * Requires: MBEDTLS_HAVE_ASM - * - * This modules adds support for the VIA PadLock on x86. - */ -#define MBEDTLS_PADLOCK_C - -/** - * \def MBEDTLS_PEM_PARSE_C - * - * Enable PEM decoding / parsing. - * - * Module: library/pem.c - * Caller: library/dhm.c - * library/pkparse.c - * library/x509_crl.c - * library/x509_crt.c - * library/x509_csr.c - * - * Requires: MBEDTLS_BASE64_C - * - * This modules adds support for decoding / parsing PEM files. - */ -#define MBEDTLS_PEM_PARSE_C - -/** - * \def MBEDTLS_PEM_WRITE_C - * - * Enable PEM encoding / writing. - * - * Module: library/pem.c - * Caller: library/pkwrite.c - * library/x509write_crt.c - * library/x509write_csr.c - * - * Requires: MBEDTLS_BASE64_C - * - * This modules adds support for encoding / writing PEM files. - */ -#define MBEDTLS_PEM_WRITE_C - -/** - * \def MBEDTLS_PK_C - * - * Enable the generic public (asymetric) key layer. - * - * Module: library/pk.c - * Caller: library/ssl_tls.c - * library/ssl_cli.c - * library/ssl_srv.c - * - * Requires: MBEDTLS_RSA_C or MBEDTLS_ECP_C - * - * Uncomment to enable generic public key wrappers. - */ -#define MBEDTLS_PK_C - -/** - * \def MBEDTLS_PK_PARSE_C - * - * Enable the generic public (asymetric) key parser. - * - * Module: library/pkparse.c - * Caller: library/x509_crt.c - * library/x509_csr.c - * - * Requires: MBEDTLS_PK_C - * - * Uncomment to enable generic public key parse functions. - */ -#define MBEDTLS_PK_PARSE_C - -/** - * \def MBEDTLS_PK_WRITE_C - * - * Enable the generic public (asymetric) key writer. - * - * Module: library/pkwrite.c - * Caller: library/x509write.c - * - * Requires: MBEDTLS_PK_C - * - * Uncomment to enable generic public key write functions. - */ -#define MBEDTLS_PK_WRITE_C - -/** - * \def MBEDTLS_PKCS5_C - * - * Enable PKCS#5 functions. - * - * Module: library/pkcs5.c - * - * Requires: MBEDTLS_MD_C - * - * This module adds support for the PKCS#5 functions. - */ -#define MBEDTLS_PKCS5_C - -/** - * \def MBEDTLS_PKCS12_C - * - * Enable PKCS#12 PBE functions. - * Adds algorithms for parsing PKCS#8 encrypted private keys - * - * Module: library/pkcs12.c - * Caller: library/pkparse.c - * - * Requires: MBEDTLS_ASN1_PARSE_C, MBEDTLS_CIPHER_C, MBEDTLS_MD_C - * - * This module enables PKCS#12 functions. - */ -#define MBEDTLS_PKCS12_C - -/** - * \def MBEDTLS_PLATFORM_C - * - * Enable the platform abstraction layer that allows you to re-assign - * functions like calloc(), free(), snprintf(), printf(), fprintf(), exit(). - * - * Enabling MBEDTLS_PLATFORM_C enables to use of MBEDTLS_PLATFORM_XXX_ALT - * or MBEDTLS_PLATFORM_XXX_MACRO directives, allowing the functions mentioned - * above to be specified at runtime or compile time respectively. - * - * \note This abstraction layer must be enabled on Windows (including MSYS2) - * as other module rely on it for a fixed snprintf implementation. - * - * Module: library/platform.c - * Caller: Most other .c files - * - * This module enables abstraction of common (libc) functions. - */ -#define MBEDTLS_PLATFORM_C - -/** - * \def MBEDTLS_POLY1305_C - * - * Enable the Poly1305 MAC algorithm. - * - * Module: library/poly1305.c - * Caller: library/chachapoly.c - */ -#define MBEDTLS_POLY1305_C - -/** - * \def MBEDTLS_PSA_CRYPTO_C - * - * Enable the Platform Security Architecture cryptography API. - * - * \warning The PSA Crypto API is still beta status. While you're welcome to - * experiment using it, incompatible API changes are still possible, and some - * parts may not have reached the same quality as the rest of Mbed TLS yet. - * - * Module: library/psa_crypto.c - * - * Requires: either MBEDTLS_CTR_DRBG_C and MBEDTLS_ENTROPY_C, - * or MBEDTLS_HMAC_DRBG_C and MBEDTLS_ENTROPY_C, - * or MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG. - * - */ -#define MBEDTLS_PSA_CRYPTO_C - -/** - * \def MBEDTLS_PSA_CRYPTO_SE_C - * - * Enable secure element support in the Platform Security Architecture - * cryptography API. - * - * \warning This feature is not yet suitable for production. It is provided - * for API evaluation and testing purposes only. - * - * Module: library/psa_crypto_se.c - * - * Requires: MBEDTLS_PSA_CRYPTO_C, MBEDTLS_PSA_CRYPTO_STORAGE_C - * - */ -//#define MBEDTLS_PSA_CRYPTO_SE_C - -/** - * \def MBEDTLS_PSA_CRYPTO_STORAGE_C - * - * Enable the Platform Security Architecture persistent key storage. - * - * Module: library/psa_crypto_storage.c - * - * Requires: MBEDTLS_PSA_CRYPTO_C, - * either MBEDTLS_PSA_ITS_FILE_C or a native implementation of - * the PSA ITS interface - */ -#define MBEDTLS_PSA_CRYPTO_STORAGE_C - -/** - * \def MBEDTLS_PSA_ITS_FILE_C - * - * Enable the emulation of the Platform Security Architecture - * Internal Trusted Storage (PSA ITS) over files. - * - * Module: library/psa_its_file.c - * - * Requires: MBEDTLS_FS_IO - */ -#define MBEDTLS_PSA_ITS_FILE_C - -/** - * \def MBEDTLS_RIPEMD160_C - * - * Enable the RIPEMD-160 hash algorithm. - * - * Module: library/ripemd160.c - * Caller: library/md.c - * - */ -#define MBEDTLS_RIPEMD160_C - -/** - * \def MBEDTLS_RSA_C - * - * Enable the RSA public-key cryptosystem. - * - * Module: library/rsa.c - * library/rsa_alt_helpers.c - * Caller: library/ssl_cli.c - * library/ssl_srv.c - * library/ssl_tls.c - * library/x509.c - * - * This module is used by the following key exchanges: - * RSA, DHE-RSA, ECDHE-RSA, RSA-PSK - * - * Requires: MBEDTLS_BIGNUM_C, MBEDTLS_OID_C - */ -#define MBEDTLS_RSA_C - -/** - * \def MBEDTLS_SHA1_C - * - * Enable the SHA1 cryptographic hash algorithm. - * - * Module: library/sha1.c - * Caller: library/md.c - * library/ssl_cli.c - * library/ssl_srv.c - * library/ssl_tls.c - * library/x509write_crt.c - * - * This module is required for TLS 1.2 depending on the handshake parameters, - * and for SHA1-signed certificates. - * - * \warning SHA-1 is considered a weak message digest and its use constitutes - * a security risk. If possible, we recommend avoiding dependencies - * on it, and considering stronger message digests instead. - * - */ -#define MBEDTLS_SHA1_C - -/** - * \def MBEDTLS_SHA224_C - * - * Enable the SHA-224 cryptographic hash algorithm. - * - * Requires: MBEDTLS_SHA256_C. The library does not currently support enabling - * SHA-224 without SHA-256. - * - * Module: library/sha256.c - * Caller: library/md.c - * library/ssl_cookie.c - * - * This module adds support for SHA-224. - */ -#define MBEDTLS_SHA224_C - -/** - * \def MBEDTLS_SHA256_C - * - * Enable the SHA-256 cryptographic hash algorithm. - * - * Requires: MBEDTLS_SHA224_C. The library does not currently support enabling - * SHA-256 without SHA-224. - * - * Module: library/sha256.c - * Caller: library/entropy.c - * library/md.c - * library/ssl_cli.c - * library/ssl_srv.c - * library/ssl_tls.c - * - * This module adds support for SHA-256. - * This module is required for the SSL/TLS 1.2 PRF function. - */ -#define MBEDTLS_SHA256_C - -/** - * \def MBEDTLS_SHA384_C - * - * Enable the SHA-384 cryptographic hash algorithm. - * - * Requires: MBEDTLS_SHA512_C - * - * Module: library/sha512.c - * Caller: library/md.c - * library/ssl_cli.c - * library/ssl_srv.c - * - * Comment to disable SHA-384 - */ -#define MBEDTLS_SHA384_C - -/** - * \def MBEDTLS_SHA512_C - * - * Enable SHA-512 cryptographic hash algorithms. - * - * Module: library/sha512.c - * Caller: library/entropy.c - * library/md.c - * library/ssl_tls.c - * library/ssl_cookie.c - * - * This module adds support for SHA-512. - */ -#define MBEDTLS_SHA512_C - -/** - * \def MBEDTLS_SSL_CACHE_C - * - * Enable simple SSL cache implementation. - * - * Module: library/ssl_cache.c - * Caller: - * - * Requires: MBEDTLS_SSL_CACHE_C - */ -#define MBEDTLS_SSL_CACHE_C - -/** - * \def MBEDTLS_SSL_COOKIE_C - * - * Enable basic implementation of DTLS cookies for hello verification. - * - * Module: library/ssl_cookie.c - * Caller: - */ -#define MBEDTLS_SSL_COOKIE_C - -/** - * \def MBEDTLS_SSL_TICKET_C - * - * Enable an implementation of TLS server-side callbacks for session tickets. - * - * Module: library/ssl_ticket.c - * Caller: - * - * Requires: MBEDTLS_CIPHER_C - */ -#define MBEDTLS_SSL_TICKET_C - -/** - * \def MBEDTLS_SSL_CLI_C - * - * Enable the SSL/TLS client code. - * - * Module: library/ssl_cli.c - * Caller: - * - * Requires: MBEDTLS_SSL_TLS_C - * - * This module is required for SSL/TLS client support. - */ -#define MBEDTLS_SSL_CLI_C - -/** - * \def MBEDTLS_SSL_SRV_C - * - * Enable the SSL/TLS server code. - * - * Module: library/ssl_srv.c - * Caller: - * - * Requires: MBEDTLS_SSL_TLS_C - * - * This module is required for SSL/TLS server support. - */ -#define MBEDTLS_SSL_SRV_C - -/** - * \def MBEDTLS_SSL_TLS_C - * - * Enable the generic SSL/TLS code. - * - * Module: library/ssl_tls.c - * Caller: library/ssl_cli.c - * library/ssl_srv.c - * - * Requires: MBEDTLS_CIPHER_C, MBEDTLS_MD_C - * and at least one of the MBEDTLS_SSL_PROTO_XXX defines - * - * This module is required for SSL/TLS. - */ -#define MBEDTLS_SSL_TLS_C - -/** - * \def MBEDTLS_THREADING_C - * - * Enable the threading abstraction layer. - * By default mbed TLS assumes it is used in a non-threaded environment or that - * contexts are not shared between threads. If you do intend to use contexts - * between threads, you will need to enable this layer to prevent race - * conditions. See also our Knowledge Base article about threading: - * https://tls.mbed.org/kb/development/thread-safety-and-multi-threading - * - * Module: library/threading.c - * - * This allows different threading implementations (self-implemented or - * provided). - * - * You will have to enable either MBEDTLS_THREADING_ALT or - * MBEDTLS_THREADING_PTHREAD. - * - * Enable this layer to allow use of mutexes within mbed TLS - */ -//#define MBEDTLS_THREADING_C - -/** - * \def MBEDTLS_TIMING_C - * - * Enable the semi-portable timing interface. - * - * \note The provided implementation only works on POSIX/Unix (including Linux, - * BSD and OS X) and Windows. On other platforms, you can either disable that - * module and provide your own implementations of the callbacks needed by - * \c mbedtls_ssl_set_timer_cb() for DTLS, or leave it enabled and provide - * your own implementation of the whole module by setting - * \c MBEDTLS_TIMING_ALT in the current file. - * - * \note See also our Knowledge Base article about porting to a new - * environment: - * https://tls.mbed.org/kb/how-to/how-do-i-port-mbed-tls-to-a-new-environment-OS - * - * Module: library/timing.c - */ -#define MBEDTLS_TIMING_C - -/** - * \def MBEDTLS_VERSION_C - * - * Enable run-time version information. - * - * Module: library/version.c - * - * This module provides run-time version information. - */ -#define MBEDTLS_VERSION_C - -/** - * \def MBEDTLS_X509_USE_C - * - * Enable X.509 core for using certificates. - * - * Module: library/x509.c - * Caller: library/x509_crl.c - * library/x509_crt.c - * library/x509_csr.c - * - * Requires: MBEDTLS_ASN1_PARSE_C, MBEDTLS_BIGNUM_C, MBEDTLS_OID_C, - * MBEDTLS_PK_PARSE_C - * - * This module is required for the X.509 parsing modules. - */ -#define MBEDTLS_X509_USE_C - -/** - * \def MBEDTLS_X509_CRT_PARSE_C - * - * Enable X.509 certificate parsing. - * - * Module: library/x509_crt.c - * Caller: library/ssl_cli.c - * library/ssl_srv.c - * library/ssl_tls.c - * - * Requires: MBEDTLS_X509_USE_C - * - * This module is required for X.509 certificate parsing. - */ -#define MBEDTLS_X509_CRT_PARSE_C - -/** - * \def MBEDTLS_X509_CRL_PARSE_C - * - * Enable X.509 CRL parsing. - * - * Module: library/x509_crl.c - * Caller: library/x509_crt.c - * - * Requires: MBEDTLS_X509_USE_C - * - * This module is required for X.509 CRL parsing. - */ -#define MBEDTLS_X509_CRL_PARSE_C - -/** - * \def MBEDTLS_X509_CSR_PARSE_C - * - * Enable X.509 Certificate Signing Request (CSR) parsing. - * - * Module: library/x509_csr.c - * Caller: library/x509_crt_write.c - * - * Requires: MBEDTLS_X509_USE_C - * - * This module is used for reading X.509 certificate request. - */ -#define MBEDTLS_X509_CSR_PARSE_C - -/** - * \def MBEDTLS_X509_CREATE_C - * - * Enable X.509 core for creating certificates. - * - * Module: library/x509_create.c - * - * Requires: MBEDTLS_BIGNUM_C, MBEDTLS_OID_C, MBEDTLS_PK_WRITE_C - * - * This module is the basis for creating X.509 certificates and CSRs. - */ -#define MBEDTLS_X509_CREATE_C - -/** - * \def MBEDTLS_X509_CRT_WRITE_C - * - * Enable creating X.509 certificates. - * - * Module: library/x509_crt_write.c - * - * Requires: MBEDTLS_X509_CREATE_C - * - * This module is required for X.509 certificate creation. - */ -#define MBEDTLS_X509_CRT_WRITE_C - -/** - * \def MBEDTLS_X509_CSR_WRITE_C - * - * Enable creating X.509 Certificate Signing Requests (CSR). - * - * Module: library/x509_csr_write.c - * - * Requires: MBEDTLS_X509_CREATE_C - * - * This module is required for X.509 certificate request writing. - */ -#define MBEDTLS_X509_CSR_WRITE_C - -/* \} name SECTION: mbed TLS modules */ - -/** - * \name SECTION: Module configuration options - * - * This section allows for the setting of module specific sizes and - * configuration options. The default values are already present in the - * relevant header files and should suffice for the regular use cases. - * - * Our advice is to enable options and change their values here - * only if you have a good reason and know the consequences. - * - * Please check the respective header file for documentation on these - * parameters (to prevent duplicate documentation). - * \{ - */ - -/* MPI / BIGNUM options */ -//#define MBEDTLS_MPI_WINDOW_SIZE 6 /**< Maximum window size used. */ -//#define MBEDTLS_MPI_MAX_SIZE 1024 /**< Maximum number of bytes for usable MPIs. */ - -/* CTR_DRBG options */ -//#define MBEDTLS_CTR_DRBG_ENTROPY_LEN 48 /**< Amount of entropy used per seed by default (48 with SHA-512, 32 with SHA-256) */ -//#define MBEDTLS_CTR_DRBG_RESEED_INTERVAL 10000 /**< Interval before reseed is performed by default */ -//#define MBEDTLS_CTR_DRBG_MAX_INPUT 256 /**< Maximum number of additional input bytes */ -//#define MBEDTLS_CTR_DRBG_MAX_REQUEST 1024 /**< Maximum number of requested bytes per call */ -//#define MBEDTLS_CTR_DRBG_MAX_SEED_INPUT 384 /**< Maximum size of (re)seed buffer */ - -/* HMAC_DRBG options */ -//#define MBEDTLS_HMAC_DRBG_RESEED_INTERVAL 10000 /**< Interval before reseed is performed by default */ -//#define MBEDTLS_HMAC_DRBG_MAX_INPUT 256 /**< Maximum number of additional input bytes */ -//#define MBEDTLS_HMAC_DRBG_MAX_REQUEST 1024 /**< Maximum number of requested bytes per call */ -//#define MBEDTLS_HMAC_DRBG_MAX_SEED_INPUT 384 /**< Maximum size of (re)seed buffer */ - -/* ECP options */ -//#define MBEDTLS_ECP_WINDOW_SIZE 4 /**< Maximum window size used */ -//#define MBEDTLS_ECP_FIXED_POINT_OPTIM 1 /**< Enable fixed-point speed-up */ - -/* Entropy options */ -//#define MBEDTLS_ENTROPY_MAX_SOURCES 20 /**< Maximum number of sources supported */ -//#define MBEDTLS_ENTROPY_MAX_GATHER 128 /**< Maximum amount requested from entropy sources */ -//#define MBEDTLS_ENTROPY_MIN_HARDWARE 32 /**< Default minimum number of bytes required for the hardware entropy source mbedtls_hardware_poll() before entropy is released */ - -/* Memory buffer allocator options */ -//#define MBEDTLS_MEMORY_ALIGN_MULTIPLE 4 /**< Align on multiples of this value */ - -/* Platform options */ -//#define MBEDTLS_PLATFORM_STD_MEM_HDR /**< Header to include if MBEDTLS_PLATFORM_NO_STD_FUNCTIONS is defined. Don't define if no header is needed. */ -//#define MBEDTLS_PLATFORM_STD_CALLOC calloc /**< Default allocator to use, can be undefined */ -//#define MBEDTLS_PLATFORM_STD_FREE free /**< Default free to use, can be undefined */ -//#define MBEDTLS_PLATFORM_STD_EXIT exit /**< Default exit to use, can be undefined */ -//#define MBEDTLS_PLATFORM_STD_TIME time /**< Default time to use, can be undefined. MBEDTLS_HAVE_TIME must be enabled */ -//#define MBEDTLS_PLATFORM_STD_FPRINTF fprintf /**< Default fprintf to use, can be undefined */ -//#define MBEDTLS_PLATFORM_STD_PRINTF printf /**< Default printf to use, can be undefined */ -/* Note: your snprintf must correctly zero-terminate the buffer! */ -//#define MBEDTLS_PLATFORM_STD_SNPRINTF snprintf /**< Default snprintf to use, can be undefined */ -//#define MBEDTLS_PLATFORM_STD_EXIT_SUCCESS 0 /**< Default exit value to use, can be undefined */ -//#define MBEDTLS_PLATFORM_STD_EXIT_FAILURE 1 /**< Default exit value to use, can be undefined */ -//#define MBEDTLS_PLATFORM_STD_NV_SEED_READ mbedtls_platform_std_nv_seed_read /**< Default nv_seed_read function to use, can be undefined */ -//#define MBEDTLS_PLATFORM_STD_NV_SEED_WRITE mbedtls_platform_std_nv_seed_write /**< Default nv_seed_write function to use, can be undefined */ -//#define MBEDTLS_PLATFORM_STD_NV_SEED_FILE "seedfile" /**< Seed file to read/write with default implementation */ - -/* To Use Function Macros MBEDTLS_PLATFORM_C must be enabled */ -/* MBEDTLS_PLATFORM_XXX_MACRO and MBEDTLS_PLATFORM_XXX_ALT cannot both be defined */ -//#define MBEDTLS_PLATFORM_CALLOC_MACRO calloc /**< Default allocator macro to use, can be undefined */ -//#define MBEDTLS_PLATFORM_FREE_MACRO free /**< Default free macro to use, can be undefined */ -//#define MBEDTLS_PLATFORM_EXIT_MACRO exit /**< Default exit macro to use, can be undefined */ -//#define MBEDTLS_PLATFORM_TIME_MACRO time /**< Default time macro to use, can be undefined. MBEDTLS_HAVE_TIME must be enabled */ -//#define MBEDTLS_PLATFORM_TIME_TYPE_MACRO time_t /**< Default time macro to use, can be undefined. MBEDTLS_HAVE_TIME must be enabled */ -//#define MBEDTLS_PLATFORM_FPRINTF_MACRO fprintf /**< Default fprintf macro to use, can be undefined */ -//#define MBEDTLS_PLATFORM_PRINTF_MACRO printf /**< Default printf macro to use, can be undefined */ -/* Note: your snprintf must correctly zero-terminate the buffer! */ -//#define MBEDTLS_PLATFORM_SNPRINTF_MACRO snprintf /**< Default snprintf macro to use, can be undefined */ -//#define MBEDTLS_PLATFORM_VSNPRINTF_MACRO vsnprintf /**< Default vsnprintf macro to use, can be undefined */ -//#define MBEDTLS_PLATFORM_NV_SEED_READ_MACRO mbedtls_platform_std_nv_seed_read /**< Default nv_seed_read function to use, can be undefined */ -//#define MBEDTLS_PLATFORM_NV_SEED_WRITE_MACRO mbedtls_platform_std_nv_seed_write /**< Default nv_seed_write function to use, can be undefined */ - -/* PSA options */ -/** - * Use HMAC_DRBG with the specified hash algorithm for HMAC_DRBG for the - * PSA crypto subsystem. - * - * If this option is unset: - * - If CTR_DRBG is available, the PSA subsystem uses it rather than HMAC_DRBG. - * - Otherwise, the PSA subsystem uses HMAC_DRBG with either - * #MBEDTLS_MD_SHA512 or #MBEDTLS_MD_SHA256 based on availability and - * on unspecified heuristics. - */ -//#define MBEDTLS_PSA_HMAC_DRBG_MD_TYPE MBEDTLS_MD_SHA256 - -/** \def MBEDTLS_PSA_KEY_SLOT_COUNT - * Restrict the PSA library to supporting a maximum amount of simultaneously - * loaded keys. A loaded key is a key stored by the PSA Crypto core as a - * volatile key, or a persistent key which is loaded temporarily by the - * library as part of a crypto operation in flight. - * - * If this option is unset, the library will fall back to a default value of - * 32 keys. - */ -//#define MBEDTLS_PSA_KEY_SLOT_COUNT 32 - -/* SSL Cache options */ -//#define MBEDTLS_SSL_CACHE_DEFAULT_TIMEOUT 86400 /**< 1 day */ -//#define MBEDTLS_SSL_CACHE_DEFAULT_MAX_ENTRIES 50 /**< Maximum entries in cache */ - -/* SSL options */ - -/** \def MBEDTLS_SSL_IN_CONTENT_LEN - * - * Maximum length (in bytes) of incoming plaintext fragments. - * - * This determines the size of the incoming TLS I/O buffer in such a way - * that it is capable of holding the specified amount of plaintext data, - * regardless of the protection mechanism used. - * - * \note When using a value less than the default of 16KB on the client, it is - * recommended to use the Maximum Fragment Length (MFL) extension to - * inform the server about this limitation. On the server, there - * is no supported, standardized way of informing the client about - * restriction on the maximum size of incoming messages, and unless - * the limitation has been communicated by other means, it is recommended - * to only change the outgoing buffer size #MBEDTLS_SSL_OUT_CONTENT_LEN - * while keeping the default value of 16KB for the incoming buffer. - * - * Uncomment to set the maximum plaintext size of the incoming I/O buffer. - */ -//#define MBEDTLS_SSL_IN_CONTENT_LEN 16384 - -/** \def MBEDTLS_SSL_CID_IN_LEN_MAX - * - * The maximum length of CIDs used for incoming DTLS messages. - * - */ -//#define MBEDTLS_SSL_CID_IN_LEN_MAX 32 - -/** \def MBEDTLS_SSL_CID_OUT_LEN_MAX - * - * The maximum length of CIDs used for outgoing DTLS messages. - * - */ -//#define MBEDTLS_SSL_CID_OUT_LEN_MAX 32 - -/** \def MBEDTLS_SSL_CID_TLS1_3_PADDING_GRANULARITY - * - * This option controls the use of record plaintext padding - * in TLS 1.3 and when using the Connection ID extension in DTLS 1.2. - * - * The padding will always be chosen so that the length of the - * padded plaintext is a multiple of the value of this option. - * - * Note: A value of \c 1 means that no padding will be used - * for outgoing records. - * - * Note: On systems lacking division instructions, - * a power of two should be preferred. - */ -//#define MBEDTLS_SSL_CID_TLS1_3_PADDING_GRANULARITY 16 - -/** \def MBEDTLS_SSL_OUT_CONTENT_LEN - * - * Maximum length (in bytes) of outgoing plaintext fragments. - * - * This determines the size of the outgoing TLS I/O buffer in such a way - * that it is capable of holding the specified amount of plaintext data, - * regardless of the protection mechanism used. - * - * It is possible to save RAM by setting a smaller outward buffer, while keeping - * the default inward 16384 byte buffer to conform to the TLS specification. - * - * The minimum required outward buffer size is determined by the handshake - * protocol's usage. Handshaking will fail if the outward buffer is too small. - * The specific size requirement depends on the configured ciphers and any - * certificate data which is sent during the handshake. - * - * Uncomment to set the maximum plaintext size of the outgoing I/O buffer. - */ -//#define MBEDTLS_SSL_OUT_CONTENT_LEN 16384 - -/** \def MBEDTLS_SSL_DTLS_MAX_BUFFERING - * - * Maximum number of heap-allocated bytes for the purpose of - * DTLS handshake message reassembly and future message buffering. - * - * This should be at least 9/8 * MBEDTLSSL_IN_CONTENT_LEN - * to account for a reassembled handshake message of maximum size, - * together with its reassembly bitmap. - * - * A value of 2 * MBEDTLS_SSL_IN_CONTENT_LEN (32768 by default) - * should be sufficient for all practical situations as it allows - * to reassembly a large handshake message (such as a certificate) - * while buffering multiple smaller handshake messages. - * - */ -//#define MBEDTLS_SSL_DTLS_MAX_BUFFERING 32768 - -//#define MBEDTLS_PSK_MAX_LEN 32 /**< Max size of TLS pre-shared keys, in bytes (default 256 bits) */ -//#define MBEDTLS_SSL_COOKIE_TIMEOUT 60 /**< Default expiration delay of DTLS cookies, in seconds if HAVE_TIME, or in number of cookies issued */ - -/** - * Complete list of ciphersuites to use, in order of preference. - * - * \warning No dependency checking is done on that field! This option can only - * be used to restrict the set of available ciphersuites. It is your - * responsibility to make sure the needed modules are active. - * - * Use this to save a few hundred bytes of ROM (default ordering of all - * available ciphersuites) and a few to a few hundred bytes of RAM. - * - * The value below is only an example, not the default. - */ -//#define MBEDTLS_SSL_CIPHERSUITES MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 - -/* X509 options */ -//#define MBEDTLS_X509_MAX_INTERMEDIATE_CA 8 /**< Maximum number of intermediate CAs in a verification chain. */ -//#define MBEDTLS_X509_MAX_FILE_PATH_LEN 512 /**< Maximum length of a path/filename string in bytes including the null terminator character ('\0'). */ - -/** - * Uncomment the macro to let mbed TLS use your alternate implementation of - * mbedtls_platform_zeroize(). This replaces the default implementation in - * platform_util.c. - * - * mbedtls_platform_zeroize() is a widely used function across the library to - * zero a block of memory. The implementation is expected to be secure in the - * sense that it has been written to prevent the compiler from removing calls - * to mbedtls_platform_zeroize() as part of redundant code elimination - * optimizations. However, it is difficult to guarantee that calls to - * mbedtls_platform_zeroize() will not be optimized by the compiler as older - * versions of the C language standards do not provide a secure implementation - * of memset(). Therefore, MBEDTLS_PLATFORM_ZEROIZE_ALT enables users to - * configure their own implementation of mbedtls_platform_zeroize(), for - * example by using directives specific to their compiler, features from newer - * C standards (e.g using memset_s() in C11) or calling a secure memset() from - * their system (e.g explicit_bzero() in BSD). - */ -//#define MBEDTLS_PLATFORM_ZEROIZE_ALT - -/** - * Uncomment the macro to let Mbed TLS use your alternate implementation of - * mbedtls_platform_gmtime_r(). This replaces the default implementation in - * platform_util.c. - * - * gmtime() is not a thread-safe function as defined in the C standard. The - * library will try to use safer implementations of this function, such as - * gmtime_r() when available. However, if Mbed TLS cannot identify the target - * system, the implementation of mbedtls_platform_gmtime_r() will default to - * using the standard gmtime(). In this case, calls from the library to - * gmtime() will be guarded by the global mutex mbedtls_threading_gmtime_mutex - * if MBEDTLS_THREADING_C is enabled. We recommend that calls from outside the - * library are also guarded with this mutex to avoid race conditions. However, - * if the macro MBEDTLS_PLATFORM_GMTIME_R_ALT is defined, Mbed TLS will - * unconditionally use the implementation for mbedtls_platform_gmtime_r() - * supplied at compile time. - */ -//#define MBEDTLS_PLATFORM_GMTIME_R_ALT - -/** - * Enable the verified implementations of ECDH primitives from Project Everest - * (currently only Curve25519). This feature changes the layout of ECDH - * contexts and therefore is a compatibility break for applications that access - * fields of a mbedtls_ecdh_context structure directly. See also - * MBEDTLS_ECDH_LEGACY_CONTEXT in include/mbedtls/ecdh.h. - */ -//#define MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED - -/* \} name SECTION: Customisation configuration options */ diff --git a/windows/mbedtls/md.h b/windows/mbedtls/md.h deleted file mode 100644 index 1170bc1a..00000000 --- a/windows/mbedtls/md.h +++ /dev/null @@ -1,446 +0,0 @@ - /** - * \file md.h - * - * \brief This file contains the generic message-digest wrapper. - * - * \author Adriaan de Jong - */ -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -#ifndef MBEDTLS_MD_H -#define MBEDTLS_MD_H -#include "mbedtls/private_access.h" - -#include - -#include "mbedtls/build_info.h" - -#define MBEDTLS_ERR_MD_FEATURE_UNAVAILABLE -0x5080 /**< The selected feature is not available. */ -#define MBEDTLS_ERR_MD_BAD_INPUT_DATA -0x5100 /**< Bad input parameters to function. */ -#define MBEDTLS_ERR_MD_ALLOC_FAILED -0x5180 /**< Failed to allocate memory. */ -#define MBEDTLS_ERR_MD_FILE_IO_ERROR -0x5200 /**< Opening or reading of file failed. */ - -#ifdef __cplusplus -extern "C" { -#endif - -/** - * \brief Supported message digests. - * - * \warning MD5 and SHA-1 are considered weak message digests and - * their use constitutes a security risk. We recommend considering - * stronger message digests instead. - * - */ -typedef enum { - MBEDTLS_MD_NONE=0, /**< None. */ - MBEDTLS_MD_MD5, /**< The MD5 message digest. */ - MBEDTLS_MD_SHA1, /**< The SHA-1 message digest. */ - MBEDTLS_MD_SHA224, /**< The SHA-224 message digest. */ - MBEDTLS_MD_SHA256, /**< The SHA-256 message digest. */ - MBEDTLS_MD_SHA384, /**< The SHA-384 message digest. */ - MBEDTLS_MD_SHA512, /**< The SHA-512 message digest. */ - MBEDTLS_MD_RIPEMD160, /**< The RIPEMD-160 message digest. */ -} mbedtls_md_type_t; - -#if defined(MBEDTLS_SHA512_C) -#define MBEDTLS_MD_MAX_SIZE 64 /* longest known is SHA512 */ -#else -#define MBEDTLS_MD_MAX_SIZE 32 /* longest known is SHA256 or less */ -#endif - -#if defined(MBEDTLS_SHA512_C) -#define MBEDTLS_MD_MAX_BLOCK_SIZE 128 -#else -#define MBEDTLS_MD_MAX_BLOCK_SIZE 64 -#endif - -/** - * Opaque struct. - * - * Constructed using either #mbedtls_md_info_from_string or - * #mbedtls_md_info_from_type. - * - * Fields can be accessed with #mbedtls_md_get_size, - * #mbedtls_md_get_type and #mbedtls_md_get_name. - */ -/* Defined internally in library/md_wrap.h. */ -typedef struct mbedtls_md_info_t mbedtls_md_info_t; - -/** - * The generic message-digest context. - */ -typedef struct mbedtls_md_context_t -{ - /** Information about the associated message digest. */ - const mbedtls_md_info_t *MBEDTLS_PRIVATE(md_info); - - /** The digest-specific context. */ - void *MBEDTLS_PRIVATE(md_ctx); - - /** The HMAC part of the context. */ - void *MBEDTLS_PRIVATE(hmac_ctx); -} mbedtls_md_context_t; - -/** - * \brief This function returns the list of digests supported by the - * generic digest module. - * - * \note The list starts with the strongest available hashes. - * - * \return A statically allocated array of digests. Each element - * in the returned list is an integer belonging to the - * message-digest enumeration #mbedtls_md_type_t. - * The last entry is 0. - */ -const int *mbedtls_md_list( void ); - -/** - * \brief This function returns the message-digest information - * associated with the given digest name. - * - * \param md_name The name of the digest to search for. - * - * \return The message-digest information associated with \p md_name. - * \return NULL if the associated message-digest information is not found. - */ -const mbedtls_md_info_t *mbedtls_md_info_from_string( const char *md_name ); - -/** - * \brief This function returns the message-digest information - * associated with the given digest type. - * - * \param md_type The type of digest to search for. - * - * \return The message-digest information associated with \p md_type. - * \return NULL if the associated message-digest information is not found. - */ -const mbedtls_md_info_t *mbedtls_md_info_from_type( mbedtls_md_type_t md_type ); - -/** - * \brief This function initializes a message-digest context without - * binding it to a particular message-digest algorithm. - * - * This function should always be called first. It prepares the - * context for mbedtls_md_setup() for binding it to a - * message-digest algorithm. - */ -void mbedtls_md_init( mbedtls_md_context_t *ctx ); - -/** - * \brief This function clears the internal structure of \p ctx and - * frees any embedded internal structure, but does not free - * \p ctx itself. - * - * If you have called mbedtls_md_setup() on \p ctx, you must - * call mbedtls_md_free() when you are no longer using the - * context. - * Calling this function if you have previously - * called mbedtls_md_init() and nothing else is optional. - * You must not call this function if you have not called - * mbedtls_md_init(). - */ -void mbedtls_md_free( mbedtls_md_context_t *ctx ); - - -/** - * \brief This function selects the message digest algorithm to use, - * and allocates internal structures. - * - * It should be called after mbedtls_md_init() or - * mbedtls_md_free(). Makes it necessary to call - * mbedtls_md_free() later. - * - * \param ctx The context to set up. - * \param md_info The information structure of the message-digest algorithm - * to use. - * \param hmac Defines if HMAC is used. 0: HMAC is not used (saves some memory), - * or non-zero: HMAC is used with this context. - * - * \return \c 0 on success. - * \return #MBEDTLS_ERR_MD_BAD_INPUT_DATA on parameter-verification - * failure. - * \return #MBEDTLS_ERR_MD_ALLOC_FAILED on memory-allocation failure. - */ -int mbedtls_md_setup( mbedtls_md_context_t *ctx, const mbedtls_md_info_t *md_info, int hmac ); - -/** - * \brief This function clones the state of an message-digest - * context. - * - * \note You must call mbedtls_md_setup() on \c dst before calling - * this function. - * - * \note The two contexts must have the same type, - * for example, both are SHA-256. - * - * \warning This function clones the message-digest state, not the - * HMAC state. - * - * \param dst The destination context. - * \param src The context to be cloned. - * - * \return \c 0 on success. - * \return #MBEDTLS_ERR_MD_BAD_INPUT_DATA on parameter-verification failure. - */ -int mbedtls_md_clone( mbedtls_md_context_t *dst, - const mbedtls_md_context_t *src ); - -/** - * \brief This function extracts the message-digest size from the - * message-digest information structure. - * - * \param md_info The information structure of the message-digest algorithm - * to use. - * - * \return The size of the message-digest output in Bytes. - */ -unsigned char mbedtls_md_get_size( const mbedtls_md_info_t *md_info ); - -/** - * \brief This function extracts the message-digest type from the - * message-digest information structure. - * - * \param md_info The information structure of the message-digest algorithm - * to use. - * - * \return The type of the message digest. - */ -mbedtls_md_type_t mbedtls_md_get_type( const mbedtls_md_info_t *md_info ); - -/** - * \brief This function extracts the message-digest name from the - * message-digest information structure. - * - * \param md_info The information structure of the message-digest algorithm - * to use. - * - * \return The name of the message digest. - */ -const char *mbedtls_md_get_name( const mbedtls_md_info_t *md_info ); - -/** - * \brief This function starts a message-digest computation. - * - * You must call this function after setting up the context - * with mbedtls_md_setup(), and before passing data with - * mbedtls_md_update(). - * - * \param ctx The generic message-digest context. - * - * \return \c 0 on success. - * \return #MBEDTLS_ERR_MD_BAD_INPUT_DATA on parameter-verification - * failure. - */ -int mbedtls_md_starts( mbedtls_md_context_t *ctx ); - -/** - * \brief This function feeds an input buffer into an ongoing - * message-digest computation. - * - * You must call mbedtls_md_starts() before calling this - * function. You may call this function multiple times. - * Afterwards, call mbedtls_md_finish(). - * - * \param ctx The generic message-digest context. - * \param input The buffer holding the input data. - * \param ilen The length of the input data. - * - * \return \c 0 on success. - * \return #MBEDTLS_ERR_MD_BAD_INPUT_DATA on parameter-verification - * failure. - */ -int mbedtls_md_update( mbedtls_md_context_t *ctx, const unsigned char *input, size_t ilen ); - -/** - * \brief This function finishes the digest operation, - * and writes the result to the output buffer. - * - * Call this function after a call to mbedtls_md_starts(), - * followed by any number of calls to mbedtls_md_update(). - * Afterwards, you may either clear the context with - * mbedtls_md_free(), or call mbedtls_md_starts() to reuse - * the context for another digest operation with the same - * algorithm. - * - * \param ctx The generic message-digest context. - * \param output The buffer for the generic message-digest checksum result. - * - * \return \c 0 on success. - * \return #MBEDTLS_ERR_MD_BAD_INPUT_DATA on parameter-verification - * failure. - */ -int mbedtls_md_finish( mbedtls_md_context_t *ctx, unsigned char *output ); - -/** - * \brief This function calculates the message-digest of a buffer, - * with respect to a configurable message-digest algorithm - * in a single call. - * - * The result is calculated as - * Output = message_digest(input buffer). - * - * \param md_info The information structure of the message-digest algorithm - * to use. - * \param input The buffer holding the data. - * \param ilen The length of the input data. - * \param output The generic message-digest checksum result. - * - * \return \c 0 on success. - * \return #MBEDTLS_ERR_MD_BAD_INPUT_DATA on parameter-verification - * failure. - */ -int mbedtls_md( const mbedtls_md_info_t *md_info, const unsigned char *input, size_t ilen, - unsigned char *output ); - -#if defined(MBEDTLS_FS_IO) -/** - * \brief This function calculates the message-digest checksum - * result of the contents of the provided file. - * - * The result is calculated as - * Output = message_digest(file contents). - * - * \param md_info The information structure of the message-digest algorithm - * to use. - * \param path The input file name. - * \param output The generic message-digest checksum result. - * - * \return \c 0 on success. - * \return #MBEDTLS_ERR_MD_FILE_IO_ERROR on an I/O error accessing - * the file pointed by \p path. - * \return #MBEDTLS_ERR_MD_BAD_INPUT_DATA if \p md_info was NULL. - */ -int mbedtls_md_file( const mbedtls_md_info_t *md_info, const char *path, - unsigned char *output ); -#endif /* MBEDTLS_FS_IO */ - -/** - * \brief This function sets the HMAC key and prepares to - * authenticate a new message. - * - * Call this function after mbedtls_md_setup(), to use - * the MD context for an HMAC calculation, then call - * mbedtls_md_hmac_update() to provide the input data, and - * mbedtls_md_hmac_finish() to get the HMAC value. - * - * \param ctx The message digest context containing an embedded HMAC - * context. - * \param key The HMAC secret key. - * \param keylen The length of the HMAC key in Bytes. - * - * \return \c 0 on success. - * \return #MBEDTLS_ERR_MD_BAD_INPUT_DATA on parameter-verification - * failure. - */ -int mbedtls_md_hmac_starts( mbedtls_md_context_t *ctx, const unsigned char *key, - size_t keylen ); - -/** - * \brief This function feeds an input buffer into an ongoing HMAC - * computation. - * - * Call mbedtls_md_hmac_starts() or mbedtls_md_hmac_reset() - * before calling this function. - * You may call this function multiple times to pass the - * input piecewise. - * Afterwards, call mbedtls_md_hmac_finish(). - * - * \param ctx The message digest context containing an embedded HMAC - * context. - * \param input The buffer holding the input data. - * \param ilen The length of the input data. - * - * \return \c 0 on success. - * \return #MBEDTLS_ERR_MD_BAD_INPUT_DATA on parameter-verification - * failure. - */ -int mbedtls_md_hmac_update( mbedtls_md_context_t *ctx, const unsigned char *input, - size_t ilen ); - -/** - * \brief This function finishes the HMAC operation, and writes - * the result to the output buffer. - * - * Call this function after mbedtls_md_hmac_starts() and - * mbedtls_md_hmac_update() to get the HMAC value. Afterwards - * you may either call mbedtls_md_free() to clear the context, - * or call mbedtls_md_hmac_reset() to reuse the context with - * the same HMAC key. - * - * \param ctx The message digest context containing an embedded HMAC - * context. - * \param output The generic HMAC checksum result. - * - * \return \c 0 on success. - * \return #MBEDTLS_ERR_MD_BAD_INPUT_DATA on parameter-verification - * failure. - */ -int mbedtls_md_hmac_finish( mbedtls_md_context_t *ctx, unsigned char *output); - -/** - * \brief This function prepares to authenticate a new message with - * the same key as the previous HMAC operation. - * - * You may call this function after mbedtls_md_hmac_finish(). - * Afterwards call mbedtls_md_hmac_update() to pass the new - * input. - * - * \param ctx The message digest context containing an embedded HMAC - * context. - * - * \return \c 0 on success. - * \return #MBEDTLS_ERR_MD_BAD_INPUT_DATA on parameter-verification - * failure. - */ -int mbedtls_md_hmac_reset( mbedtls_md_context_t *ctx ); - -/** - * \brief This function calculates the full generic HMAC - * on the input buffer with the provided key. - * - * The function allocates the context, performs the - * calculation, and frees the context. - * - * The HMAC result is calculated as - * output = generic HMAC(hmac key, input buffer). - * - * \param md_info The information structure of the message-digest algorithm - * to use. - * \param key The HMAC secret key. - * \param keylen The length of the HMAC secret key in Bytes. - * \param input The buffer holding the input data. - * \param ilen The length of the input data. - * \param output The generic HMAC result. - * - * \return \c 0 on success. - * \return #MBEDTLS_ERR_MD_BAD_INPUT_DATA on parameter-verification - * failure. - */ -int mbedtls_md_hmac( const mbedtls_md_info_t *md_info, const unsigned char *key, size_t keylen, - const unsigned char *input, size_t ilen, - unsigned char *output ); - -/* Internal use */ -int mbedtls_md_process( mbedtls_md_context_t *ctx, const unsigned char *data ); - -#ifdef __cplusplus -} -#endif - -#endif /* MBEDTLS_MD_H */ diff --git a/windows/mbedtls/md5.h b/windows/mbedtls/md5.h deleted file mode 100644 index e7befc34..00000000 --- a/windows/mbedtls/md5.h +++ /dev/null @@ -1,203 +0,0 @@ -/** - * \file md5.h - * - * \brief MD5 message digest algorithm (hash function) - * - * \warning MD5 is considered a weak message digest and its use constitutes a - * security risk. We recommend considering stronger message - * digests instead. - */ -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -#ifndef MBEDTLS_MD5_H -#define MBEDTLS_MD5_H -#include "mbedtls/private_access.h" - -#include "mbedtls/build_info.h" - -#include -#include - -#ifdef __cplusplus -extern "C" { -#endif - -#if !defined(MBEDTLS_MD5_ALT) -// Regular implementation -// - -/** - * \brief MD5 context structure - * - * \warning MD5 is considered a weak message digest and its use - * constitutes a security risk. We recommend considering - * stronger message digests instead. - * - */ -typedef struct mbedtls_md5_context -{ - uint32_t MBEDTLS_PRIVATE(total)[2]; /*!< number of bytes processed */ - uint32_t MBEDTLS_PRIVATE(state)[4]; /*!< intermediate digest state */ - unsigned char MBEDTLS_PRIVATE(buffer)[64]; /*!< data block being processed */ -} -mbedtls_md5_context; - -#else /* MBEDTLS_MD5_ALT */ -#include "md5_alt.h" -#endif /* MBEDTLS_MD5_ALT */ - -/** - * \brief Initialize MD5 context - * - * \param ctx MD5 context to be initialized - * - * \warning MD5 is considered a weak message digest and its use - * constitutes a security risk. We recommend considering - * stronger message digests instead. - * - */ -void mbedtls_md5_init( mbedtls_md5_context *ctx ); - -/** - * \brief Clear MD5 context - * - * \param ctx MD5 context to be cleared - * - * \warning MD5 is considered a weak message digest and its use - * constitutes a security risk. We recommend considering - * stronger message digests instead. - * - */ -void mbedtls_md5_free( mbedtls_md5_context *ctx ); - -/** - * \brief Clone (the state of) an MD5 context - * - * \param dst The destination context - * \param src The context to be cloned - * - * \warning MD5 is considered a weak message digest and its use - * constitutes a security risk. We recommend considering - * stronger message digests instead. - * - */ -void mbedtls_md5_clone( mbedtls_md5_context *dst, - const mbedtls_md5_context *src ); - -/** - * \brief MD5 context setup - * - * \param ctx context to be initialized - * - * \return 0 if successful - * - * \warning MD5 is considered a weak message digest and its use - * constitutes a security risk. We recommend considering - * stronger message digests instead. - * - */ -int mbedtls_md5_starts( mbedtls_md5_context *ctx ); - -/** - * \brief MD5 process buffer - * - * \param ctx MD5 context - * \param input buffer holding the data - * \param ilen length of the input data - * - * \return 0 if successful - * - * \warning MD5 is considered a weak message digest and its use - * constitutes a security risk. We recommend considering - * stronger message digests instead. - * - */ -int mbedtls_md5_update( mbedtls_md5_context *ctx, - const unsigned char *input, - size_t ilen ); - -/** - * \brief MD5 final digest - * - * \param ctx MD5 context - * \param output MD5 checksum result - * - * \return 0 if successful - * - * \warning MD5 is considered a weak message digest and its use - * constitutes a security risk. We recommend considering - * stronger message digests instead. - * - */ -int mbedtls_md5_finish( mbedtls_md5_context *ctx, - unsigned char output[16] ); - -/** - * \brief MD5 process data block (internal use only) - * - * \param ctx MD5 context - * \param data buffer holding one block of data - * - * \return 0 if successful - * - * \warning MD5 is considered a weak message digest and its use - * constitutes a security risk. We recommend considering - * stronger message digests instead. - * - */ -int mbedtls_internal_md5_process( mbedtls_md5_context *ctx, - const unsigned char data[64] ); - -/** - * \brief Output = MD5( input buffer ) - * - * \param input buffer holding the data - * \param ilen length of the input data - * \param output MD5 checksum result - * - * \return 0 if successful - * - * \warning MD5 is considered a weak message digest and its use - * constitutes a security risk. We recommend considering - * stronger message digests instead. - * - */ -int mbedtls_md5( const unsigned char *input, - size_t ilen, - unsigned char output[16] ); - -#if defined(MBEDTLS_SELF_TEST) - -/** - * \brief Checkup routine - * - * \return 0 if successful, or 1 if the test failed - * - * \warning MD5 is considered a weak message digest and its use - * constitutes a security risk. We recommend considering - * stronger message digests instead. - * - */ -int mbedtls_md5_self_test( int verbose ); - -#endif /* MBEDTLS_SELF_TEST */ - -#ifdef __cplusplus -} -#endif - -#endif /* mbedtls_md5.h */ diff --git a/windows/mbedtls/memory_buffer_alloc.h b/windows/mbedtls/memory_buffer_alloc.h deleted file mode 100644 index d4737f5c..00000000 --- a/windows/mbedtls/memory_buffer_alloc.h +++ /dev/null @@ -1,145 +0,0 @@ -/** - * \file memory_buffer_alloc.h - * - * \brief Buffer-based memory allocator - */ -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -#ifndef MBEDTLS_MEMORY_BUFFER_ALLOC_H -#define MBEDTLS_MEMORY_BUFFER_ALLOC_H - -#include "mbedtls/build_info.h" - -#include - -/** - * \name SECTION: Module settings - * - * The configuration options you can set for this module are in this section. - * Either change them in mbedtls_config.h or define them on the compiler command line. - * \{ - */ - -#if !defined(MBEDTLS_MEMORY_ALIGN_MULTIPLE) -#define MBEDTLS_MEMORY_ALIGN_MULTIPLE 4 /**< Align on multiples of this value */ -#endif - -/* \} name SECTION: Module settings */ - -#define MBEDTLS_MEMORY_VERIFY_NONE 0 -#define MBEDTLS_MEMORY_VERIFY_ALLOC (1 << 0) -#define MBEDTLS_MEMORY_VERIFY_FREE (1 << 1) -#define MBEDTLS_MEMORY_VERIFY_ALWAYS (MBEDTLS_MEMORY_VERIFY_ALLOC | MBEDTLS_MEMORY_VERIFY_FREE) - -#ifdef __cplusplus -extern "C" { -#endif - -/** - * \brief Initialize use of stack-based memory allocator. - * The stack-based allocator does memory management inside the - * presented buffer and does not call calloc() and free(). - * It sets the global mbedtls_calloc() and mbedtls_free() pointers - * to its own functions. - * (Provided mbedtls_calloc() and mbedtls_free() are thread-safe if - * MBEDTLS_THREADING_C is defined) - * - * \note This code is not optimized and provides a straight-forward - * implementation of a stack-based memory allocator. - * - * \param buf buffer to use as heap - * \param len size of the buffer - */ -void mbedtls_memory_buffer_alloc_init( unsigned char *buf, size_t len ); - -/** - * \brief Free the mutex for thread-safety and clear remaining memory - */ -void mbedtls_memory_buffer_alloc_free( void ); - -/** - * \brief Determine when the allocator should automatically verify the state - * of the entire chain of headers / meta-data. - * (Default: MBEDTLS_MEMORY_VERIFY_NONE) - * - * \param verify One of MBEDTLS_MEMORY_VERIFY_NONE, MBEDTLS_MEMORY_VERIFY_ALLOC, - * MBEDTLS_MEMORY_VERIFY_FREE or MBEDTLS_MEMORY_VERIFY_ALWAYS - */ -void mbedtls_memory_buffer_set_verify( int verify ); - -#if defined(MBEDTLS_MEMORY_DEBUG) -/** - * \brief Print out the status of the allocated memory (primarily for use - * after a program should have de-allocated all memory) - * Prints out a list of 'still allocated' blocks and their stack - * trace if MBEDTLS_MEMORY_BACKTRACE is defined. - */ -void mbedtls_memory_buffer_alloc_status( void ); - -/** - * \brief Get the peak heap usage so far - * - * \param max_used Peak number of bytes in use or committed. This - * includes bytes in allocated blocks too small to split - * into smaller blocks but larger than the requested size. - * \param max_blocks Peak number of blocks in use, including free and used - */ -void mbedtls_memory_buffer_alloc_max_get( size_t *max_used, size_t *max_blocks ); - -/** - * \brief Reset peak statistics - */ -void mbedtls_memory_buffer_alloc_max_reset( void ); - -/** - * \brief Get the current heap usage - * - * \param cur_used Current number of bytes in use or committed. This - * includes bytes in allocated blocks too small to split - * into smaller blocks but larger than the requested size. - * \param cur_blocks Current number of blocks in use, including free and used - */ -void mbedtls_memory_buffer_alloc_cur_get( size_t *cur_used, size_t *cur_blocks ); -#endif /* MBEDTLS_MEMORY_DEBUG */ - -/** - * \brief Verifies that all headers in the memory buffer are correct - * and contain sane values. Helps debug buffer-overflow errors. - * - * Prints out first failure if MBEDTLS_MEMORY_DEBUG is defined. - * Prints out full header information if MBEDTLS_MEMORY_DEBUG - * is defined. (Includes stack trace information for each block if - * MBEDTLS_MEMORY_BACKTRACE is defined as well). - * - * \return 0 if verified, 1 otherwise - */ -int mbedtls_memory_buffer_alloc_verify( void ); - -#if defined(MBEDTLS_SELF_TEST) -/** - * \brief Checkup routine - * - * \return 0 if successful, or 1 if a test failed - */ -int mbedtls_memory_buffer_alloc_self_test( int verbose ); -#endif - -#ifdef __cplusplus -} -#endif - -#endif /* memory_buffer_alloc.h */ diff --git a/windows/mbedtls/net_sockets.h b/windows/mbedtls/net_sockets.h deleted file mode 100644 index 7b77329a..00000000 --- a/windows/mbedtls/net_sockets.h +++ /dev/null @@ -1,285 +0,0 @@ -/** - * \file net_sockets.h - * - * \brief Network sockets abstraction layer to integrate Mbed TLS into a - * BSD-style sockets API. - * - * The network sockets module provides an example integration of the - * Mbed TLS library into a BSD sockets implementation. The module is - * intended to be an example of how Mbed TLS can be integrated into a - * networking stack, as well as to be Mbed TLS's network integration - * for its supported platforms. - * - * The module is intended only to be used with the Mbed TLS library and - * is not intended to be used by third party application software - * directly. - * - * The supported platforms are as follows: - * * Microsoft Windows and Windows CE - * * POSIX/Unix platforms including Linux, OS X - * - */ -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -#ifndef MBEDTLS_NET_SOCKETS_H -#define MBEDTLS_NET_SOCKETS_H -#include "mbedtls/private_access.h" - -#include "mbedtls/build_info.h" - -#include "mbedtls/ssl.h" - -#include -#include - -#define MBEDTLS_ERR_NET_SOCKET_FAILED -0x0042 /**< Failed to open a socket. */ -#define MBEDTLS_ERR_NET_CONNECT_FAILED -0x0044 /**< The connection to the given server / port failed. */ -#define MBEDTLS_ERR_NET_BIND_FAILED -0x0046 /**< Binding of the socket failed. */ -#define MBEDTLS_ERR_NET_LISTEN_FAILED -0x0048 /**< Could not listen on the socket. */ -#define MBEDTLS_ERR_NET_ACCEPT_FAILED -0x004A /**< Could not accept the incoming connection. */ -#define MBEDTLS_ERR_NET_RECV_FAILED -0x004C /**< Reading information from the socket failed. */ -#define MBEDTLS_ERR_NET_SEND_FAILED -0x004E /**< Sending information through the socket failed. */ -#define MBEDTLS_ERR_NET_CONN_RESET -0x0050 /**< Connection was reset by peer. */ -#define MBEDTLS_ERR_NET_UNKNOWN_HOST -0x0052 /**< Failed to get an IP address for the given hostname. */ -#define MBEDTLS_ERR_NET_BUFFER_TOO_SMALL -0x0043 /**< Buffer is too small to hold the data. */ -#define MBEDTLS_ERR_NET_INVALID_CONTEXT -0x0045 /**< The context is invalid, eg because it was free()ed. */ -#define MBEDTLS_ERR_NET_POLL_FAILED -0x0047 /**< Polling the net context failed. */ -#define MBEDTLS_ERR_NET_BAD_INPUT_DATA -0x0049 /**< Input invalid. */ - -#define MBEDTLS_NET_LISTEN_BACKLOG 10 /**< The backlog that listen() should use. */ - -#define MBEDTLS_NET_PROTO_TCP 0 /**< The TCP transport protocol */ -#define MBEDTLS_NET_PROTO_UDP 1 /**< The UDP transport protocol */ - -#define MBEDTLS_NET_POLL_READ 1 /**< Used in \c mbedtls_net_poll to check for pending data */ -#define MBEDTLS_NET_POLL_WRITE 2 /**< Used in \c mbedtls_net_poll to check if write possible */ - -#ifdef __cplusplus -extern "C" { -#endif - -/** - * Wrapper type for sockets. - * - * Currently backed by just a file descriptor, but might be more in the future - * (eg two file descriptors for combined IPv4 + IPv6 support, or additional - * structures for hand-made UDP demultiplexing). - */ -typedef struct mbedtls_net_context -{ - int MBEDTLS_PRIVATE(fd); /**< The underlying file descriptor */ -} -mbedtls_net_context; - -/** - * \brief Initialize a context - * Just makes the context ready to be used or freed safely. - * - * \param ctx Context to initialize - */ -void mbedtls_net_init( mbedtls_net_context *ctx ); - -/** - * \brief Initiate a connection with host:port in the given protocol - * - * \param ctx Socket to use - * \param host Host to connect to - * \param port Port to connect to - * \param proto Protocol: MBEDTLS_NET_PROTO_TCP or MBEDTLS_NET_PROTO_UDP - * - * \return 0 if successful, or one of: - * MBEDTLS_ERR_NET_SOCKET_FAILED, - * MBEDTLS_ERR_NET_UNKNOWN_HOST, - * MBEDTLS_ERR_NET_CONNECT_FAILED - * - * \note Sets the socket in connected mode even with UDP. - */ -int mbedtls_net_connect( mbedtls_net_context *ctx, const char *host, const char *port, int proto ); - -/** - * \brief Create a receiving socket on bind_ip:port in the chosen - * protocol. If bind_ip == NULL, all interfaces are bound. - * - * \param ctx Socket to use - * \param bind_ip IP to bind to, can be NULL - * \param port Port number to use - * \param proto Protocol: MBEDTLS_NET_PROTO_TCP or MBEDTLS_NET_PROTO_UDP - * - * \return 0 if successful, or one of: - * MBEDTLS_ERR_NET_SOCKET_FAILED, - * MBEDTLS_ERR_NET_UNKNOWN_HOST, - * MBEDTLS_ERR_NET_BIND_FAILED, - * MBEDTLS_ERR_NET_LISTEN_FAILED - * - * \note Regardless of the protocol, opens the sockets and binds it. - * In addition, make the socket listening if protocol is TCP. - */ -int mbedtls_net_bind( mbedtls_net_context *ctx, const char *bind_ip, const char *port, int proto ); - -/** - * \brief Accept a connection from a remote client - * - * \param bind_ctx Relevant socket - * \param client_ctx Will contain the connected client socket - * \param client_ip Will contain the client IP address, can be NULL - * \param buf_size Size of the client_ip buffer - * \param ip_len Will receive the size of the client IP written, - * can be NULL if client_ip is null - * - * \return 0 if successful, or - * MBEDTLS_ERR_NET_SOCKET_FAILED, - * MBEDTLS_ERR_NET_BIND_FAILED, - * MBEDTLS_ERR_NET_ACCEPT_FAILED, or - * MBEDTLS_ERR_NET_BUFFER_TOO_SMALL if buf_size is too small, - * MBEDTLS_ERR_SSL_WANT_READ if bind_fd was set to - * non-blocking and accept() would block. - */ -int mbedtls_net_accept( mbedtls_net_context *bind_ctx, - mbedtls_net_context *client_ctx, - void *client_ip, size_t buf_size, size_t *ip_len ); - -/** - * \brief Check and wait for the context to be ready for read/write - * - * \note The current implementation of this function uses - * select() and returns an error if the file descriptor - * is \c FD_SETSIZE or greater. - * - * \param ctx Socket to check - * \param rw Bitflag composed of MBEDTLS_NET_POLL_READ and - * MBEDTLS_NET_POLL_WRITE specifying the events - * to wait for: - * - If MBEDTLS_NET_POLL_READ is set, the function - * will return as soon as the net context is available - * for reading. - * - If MBEDTLS_NET_POLL_WRITE is set, the function - * will return as soon as the net context is available - * for writing. - * \param timeout Maximal amount of time to wait before returning, - * in milliseconds. If \c timeout is zero, the - * function returns immediately. If \c timeout is - * -1u, the function blocks potentially indefinitely. - * - * \return Bitmask composed of MBEDTLS_NET_POLL_READ/WRITE - * on success or timeout, or a negative return code otherwise. - */ -int mbedtls_net_poll( mbedtls_net_context *ctx, uint32_t rw, uint32_t timeout ); - -/** - * \brief Set the socket blocking - * - * \param ctx Socket to set - * - * \return 0 if successful, or a non-zero error code - */ -int mbedtls_net_set_block( mbedtls_net_context *ctx ); - -/** - * \brief Set the socket non-blocking - * - * \param ctx Socket to set - * - * \return 0 if successful, or a non-zero error code - */ -int mbedtls_net_set_nonblock( mbedtls_net_context *ctx ); - -/** - * \brief Portable usleep helper - * - * \param usec Amount of microseconds to sleep - * - * \note Real amount of time slept will not be less than - * select()'s timeout granularity (typically, 10ms). - */ -void mbedtls_net_usleep( unsigned long usec ); - -/** - * \brief Read at most 'len' characters. If no error occurs, - * the actual amount read is returned. - * - * \param ctx Socket - * \param buf The buffer to write to - * \param len Maximum length of the buffer - * - * \return the number of bytes received, - * or a non-zero error code; with a non-blocking socket, - * MBEDTLS_ERR_SSL_WANT_READ indicates read() would block. - */ -int mbedtls_net_recv( void *ctx, unsigned char *buf, size_t len ); - -/** - * \brief Write at most 'len' characters. If no error occurs, - * the actual amount read is returned. - * - * \param ctx Socket - * \param buf The buffer to read from - * \param len The length of the buffer - * - * \return the number of bytes sent, - * or a non-zero error code; with a non-blocking socket, - * MBEDTLS_ERR_SSL_WANT_WRITE indicates write() would block. - */ -int mbedtls_net_send( void *ctx, const unsigned char *buf, size_t len ); - -/** - * \brief Read at most 'len' characters, blocking for at most - * 'timeout' seconds. If no error occurs, the actual amount - * read is returned. - * - * \note The current implementation of this function uses - * select() and returns an error if the file descriptor - * is \c FD_SETSIZE or greater. - * - * \param ctx Socket - * \param buf The buffer to write to - * \param len Maximum length of the buffer - * \param timeout Maximum number of milliseconds to wait for data - * 0 means no timeout (wait forever) - * - * \return The number of bytes received if successful. - * MBEDTLS_ERR_SSL_TIMEOUT if the operation timed out. - * MBEDTLS_ERR_SSL_WANT_READ if interrupted by a signal. - * Another negative error code (MBEDTLS_ERR_NET_xxx) - * for other failures. - * - * \note This function will block (until data becomes available or - * timeout is reached) even if the socket is set to - * non-blocking. Handling timeouts with non-blocking reads - * requires a different strategy. - */ -int mbedtls_net_recv_timeout( void *ctx, unsigned char *buf, size_t len, - uint32_t timeout ); - -/** - * \brief Closes down the connection and free associated data - * - * \param ctx The context to close - */ -void mbedtls_net_close( mbedtls_net_context *ctx ); - -/** - * \brief Gracefully shutdown the connection and free associated data - * - * \param ctx The context to free - */ -void mbedtls_net_free( mbedtls_net_context *ctx ); - -#ifdef __cplusplus -} -#endif - -#endif /* net_sockets.h */ diff --git a/windows/mbedtls/nist_kw.h b/windows/mbedtls/nist_kw.h deleted file mode 100644 index bd6c6584..00000000 --- a/windows/mbedtls/nist_kw.h +++ /dev/null @@ -1,179 +0,0 @@ -/** - * \file nist_kw.h - * - * \brief This file provides an API for key wrapping (KW) and key wrapping with - * padding (KWP) as defined in NIST SP 800-38F. - * https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-38F.pdf - * - * Key wrapping specifies a deterministic authenticated-encryption mode - * of operation, according to NIST SP 800-38F: Recommendation for - * Block Cipher Modes of Operation: Methods for Key Wrapping. Its - * purpose is to protect cryptographic keys. - * - * Its equivalent is RFC 3394 for KW, and RFC 5649 for KWP. - * https://tools.ietf.org/html/rfc3394 - * https://tools.ietf.org/html/rfc5649 - * - */ -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -#ifndef MBEDTLS_NIST_KW_H -#define MBEDTLS_NIST_KW_H -#include "mbedtls/private_access.h" - -#include "mbedtls/build_info.h" - -#include "mbedtls/cipher.h" - -#ifdef __cplusplus -extern "C" { -#endif - -typedef enum -{ - MBEDTLS_KW_MODE_KW = 0, - MBEDTLS_KW_MODE_KWP = 1 -} mbedtls_nist_kw_mode_t; - -#if !defined(MBEDTLS_NIST_KW_ALT) -// Regular implementation -// - -/** - * \brief The key wrapping context-type definition. The key wrapping context is passed - * to the APIs called. - * - * \note The definition of this type may change in future library versions. - * Don't make any assumptions on this context! - */ -typedef struct { - mbedtls_cipher_context_t MBEDTLS_PRIVATE(cipher_ctx); /*!< The cipher context used. */ -} mbedtls_nist_kw_context; - -#else /* MBEDTLS_NIST_key wrapping_ALT */ -#include "nist_kw_alt.h" -#endif /* MBEDTLS_NIST_KW_ALT */ - -/** - * \brief This function initializes the specified key wrapping context - * to make references valid and prepare the context - * for mbedtls_nist_kw_setkey() or mbedtls_nist_kw_free(). - * - * \param ctx The key wrapping context to initialize. - * - */ -void mbedtls_nist_kw_init( mbedtls_nist_kw_context *ctx ); - -/** - * \brief This function initializes the key wrapping context set in the - * \p ctx parameter and sets the encryption key. - * - * \param ctx The key wrapping context. - * \param cipher The 128-bit block cipher to use. Only AES is supported. - * \param key The Key Encryption Key (KEK). - * \param keybits The KEK size in bits. This must be acceptable by the cipher. - * \param is_wrap Specify whether the operation within the context is wrapping or unwrapping - * - * \return \c 0 on success. - * \return \c MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA for any invalid input. - * \return \c MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE for 128-bit block ciphers - * which are not supported. - * \return cipher-specific error code on failure of the underlying cipher. - */ -int mbedtls_nist_kw_setkey( mbedtls_nist_kw_context *ctx, - mbedtls_cipher_id_t cipher, - const unsigned char *key, - unsigned int keybits, - const int is_wrap ); - -/** - * \brief This function releases and clears the specified key wrapping context - * and underlying cipher sub-context. - * - * \param ctx The key wrapping context to clear. - */ -void mbedtls_nist_kw_free( mbedtls_nist_kw_context *ctx ); - -/** - * \brief This function encrypts a buffer using key wrapping. - * - * \param ctx The key wrapping context to use for encryption. - * \param mode The key wrapping mode to use (MBEDTLS_KW_MODE_KW or MBEDTLS_KW_MODE_KWP) - * \param input The buffer holding the input data. - * \param in_len The length of the input data in Bytes. - * The input uses units of 8 Bytes called semiblocks. - *
  • For KW mode: a multiple of 8 bytes between 16 and 2^57-8 inclusive.
    • - *
  • For KWP mode: any length between 1 and 2^32-1 inclusive.
- * \param[out] output The buffer holding the output data. - *
  • For KW mode: Must be at least 8 bytes larger than \p in_len.
    • - *
  • For KWP mode: Must be at least 8 bytes larger rounded up to a multiple of - * 8 bytes for KWP (15 bytes at most).
- * \param[out] out_len The number of bytes written to the output buffer. \c 0 on failure. - * \param[in] out_size The capacity of the output buffer. - * - * \return \c 0 on success. - * \return \c MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA for invalid input length. - * \return cipher-specific error code on failure of the underlying cipher. - */ -int mbedtls_nist_kw_wrap( mbedtls_nist_kw_context *ctx, mbedtls_nist_kw_mode_t mode, - const unsigned char *input, size_t in_len, - unsigned char *output, size_t* out_len, size_t out_size ); - -/** - * \brief This function decrypts a buffer using key wrapping. - * - * \param ctx The key wrapping context to use for decryption. - * \param mode The key wrapping mode to use (MBEDTLS_KW_MODE_KW or MBEDTLS_KW_MODE_KWP) - * \param input The buffer holding the input data. - * \param in_len The length of the input data in Bytes. - * The input uses units of 8 Bytes called semiblocks. - * The input must be a multiple of semiblocks. - *
  • For KW mode: a multiple of 8 bytes between 24 and 2^57 inclusive.
    • - *
  • For KWP mode: a multiple of 8 bytes between 16 and 2^32 inclusive.
- * \param[out] output The buffer holding the output data. - * The output buffer's minimal length is 8 bytes shorter than \p in_len. - * \param[out] out_len The number of bytes written to the output buffer. \c 0 on failure. - * For KWP mode, the length could be up to 15 bytes shorter than \p in_len, - * depending on how much padding was added to the data. - * \param[in] out_size The capacity of the output buffer. - * - * \return \c 0 on success. - * \return \c MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA for invalid input length. - * \return \c MBEDTLS_ERR_CIPHER_AUTH_FAILED for verification failure of the ciphertext. - * \return cipher-specific error code on failure of the underlying cipher. - */ -int mbedtls_nist_kw_unwrap( mbedtls_nist_kw_context *ctx, mbedtls_nist_kw_mode_t mode, - const unsigned char *input, size_t in_len, - unsigned char *output, size_t* out_len, size_t out_size); - - -#if defined(MBEDTLS_SELF_TEST) && defined(MBEDTLS_AES_C) -/** - * \brief The key wrapping checkup routine. - * - * \return \c 0 on success. - * \return \c 1 on failure. - */ -int mbedtls_nist_kw_self_test( int verbose ); -#endif /* MBEDTLS_SELF_TEST && MBEDTLS_AES_C */ - -#ifdef __cplusplus -} -#endif - -#endif /* MBEDTLS_NIST_KW_H */ diff --git a/windows/mbedtls/oid.h b/windows/mbedtls/oid.h deleted file mode 100644 index 9e68e919..00000000 --- a/windows/mbedtls/oid.h +++ /dev/null @@ -1,641 +0,0 @@ -/** - * \file oid.h - * - * \brief Object Identifier (OID) database - */ -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -#ifndef MBEDTLS_OID_H -#define MBEDTLS_OID_H -#include "mbedtls/private_access.h" - -#include "mbedtls/build_info.h" - -#include "mbedtls/asn1.h" -#include "mbedtls/pk.h" - -#include - -#if defined(MBEDTLS_CIPHER_C) -#include "mbedtls/cipher.h" -#endif - -#if defined(MBEDTLS_MD_C) -#include "mbedtls/md.h" -#endif - -#define MBEDTLS_ERR_OID_NOT_FOUND -0x002E /**< OID is not found. */ -#define MBEDTLS_ERR_OID_BUF_TOO_SMALL -0x000B /**< output buffer is too small */ - -/* This is for the benefit of X.509, but defined here in order to avoid - * having a "backwards" include of x.509.h here */ -/* - * X.509 extension types (internal, arbitrary values for bitsets) - */ -#define MBEDTLS_OID_X509_EXT_AUTHORITY_KEY_IDENTIFIER (1 << 0) -#define MBEDTLS_OID_X509_EXT_SUBJECT_KEY_IDENTIFIER (1 << 1) -#define MBEDTLS_OID_X509_EXT_KEY_USAGE (1 << 2) -#define MBEDTLS_OID_X509_EXT_CERTIFICATE_POLICIES (1 << 3) -#define MBEDTLS_OID_X509_EXT_POLICY_MAPPINGS (1 << 4) -#define MBEDTLS_OID_X509_EXT_SUBJECT_ALT_NAME (1 << 5) -#define MBEDTLS_OID_X509_EXT_ISSUER_ALT_NAME (1 << 6) -#define MBEDTLS_OID_X509_EXT_SUBJECT_DIRECTORY_ATTRS (1 << 7) -#define MBEDTLS_OID_X509_EXT_BASIC_CONSTRAINTS (1 << 8) -#define MBEDTLS_OID_X509_EXT_NAME_CONSTRAINTS (1 << 9) -#define MBEDTLS_OID_X509_EXT_POLICY_CONSTRAINTS (1 << 10) -#define MBEDTLS_OID_X509_EXT_EXTENDED_KEY_USAGE (1 << 11) -#define MBEDTLS_OID_X509_EXT_CRL_DISTRIBUTION_POINTS (1 << 12) -#define MBEDTLS_OID_X509_EXT_INIHIBIT_ANYPOLICY (1 << 13) -#define MBEDTLS_OID_X509_EXT_FRESHEST_CRL (1 << 14) -#define MBEDTLS_OID_X509_EXT_NS_CERT_TYPE (1 << 16) - -/* - * Top level OID tuples - */ -#define MBEDTLS_OID_ISO_MEMBER_BODIES "\x2a" /* {iso(1) member-body(2)} */ -#define MBEDTLS_OID_ISO_IDENTIFIED_ORG "\x2b" /* {iso(1) identified-organization(3)} */ -#define MBEDTLS_OID_ISO_CCITT_DS "\x55" /* {joint-iso-ccitt(2) ds(5)} */ -#define MBEDTLS_OID_ISO_ITU_COUNTRY "\x60" /* {joint-iso-itu-t(2) country(16)} */ - -/* - * ISO Member bodies OID parts - */ -#define MBEDTLS_OID_COUNTRY_US "\x86\x48" /* {us(840)} */ -#define MBEDTLS_OID_ORG_RSA_DATA_SECURITY "\x86\xf7\x0d" /* {rsadsi(113549)} */ -#define MBEDTLS_OID_RSA_COMPANY MBEDTLS_OID_ISO_MEMBER_BODIES MBEDTLS_OID_COUNTRY_US \ - MBEDTLS_OID_ORG_RSA_DATA_SECURITY /* {iso(1) member-body(2) us(840) rsadsi(113549)} */ -#define MBEDTLS_OID_ORG_ANSI_X9_62 "\xce\x3d" /* ansi-X9-62(10045) */ -#define MBEDTLS_OID_ANSI_X9_62 MBEDTLS_OID_ISO_MEMBER_BODIES MBEDTLS_OID_COUNTRY_US \ - MBEDTLS_OID_ORG_ANSI_X9_62 - -/* - * ISO Identified organization OID parts - */ -#define MBEDTLS_OID_ORG_DOD "\x06" /* {dod(6)} */ -#define MBEDTLS_OID_ORG_OIW "\x0e" -#define MBEDTLS_OID_OIW_SECSIG MBEDTLS_OID_ORG_OIW "\x03" -#define MBEDTLS_OID_OIW_SECSIG_ALG MBEDTLS_OID_OIW_SECSIG "\x02" -#define MBEDTLS_OID_OIW_SECSIG_SHA1 MBEDTLS_OID_OIW_SECSIG_ALG "\x1a" -#define MBEDTLS_OID_ORG_CERTICOM "\x81\x04" /* certicom(132) */ -#define MBEDTLS_OID_CERTICOM MBEDTLS_OID_ISO_IDENTIFIED_ORG MBEDTLS_OID_ORG_CERTICOM -#define MBEDTLS_OID_ORG_TELETRUST "\x24" /* teletrust(36) */ -#define MBEDTLS_OID_TELETRUST MBEDTLS_OID_ISO_IDENTIFIED_ORG MBEDTLS_OID_ORG_TELETRUST - -/* - * ISO ITU OID parts - */ -#define MBEDTLS_OID_ORGANIZATION "\x01" /* {organization(1)} */ -#define MBEDTLS_OID_ISO_ITU_US_ORG MBEDTLS_OID_ISO_ITU_COUNTRY MBEDTLS_OID_COUNTRY_US MBEDTLS_OID_ORGANIZATION /* {joint-iso-itu-t(2) country(16) us(840) organization(1)} */ - -#define MBEDTLS_OID_ORG_GOV "\x65" /* {gov(101)} */ -#define MBEDTLS_OID_GOV MBEDTLS_OID_ISO_ITU_US_ORG MBEDTLS_OID_ORG_GOV /* {joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101)} */ - -#define MBEDTLS_OID_ORG_NETSCAPE "\x86\xF8\x42" /* {netscape(113730)} */ -#define MBEDTLS_OID_NETSCAPE MBEDTLS_OID_ISO_ITU_US_ORG MBEDTLS_OID_ORG_NETSCAPE /* Netscape OID {joint-iso-itu-t(2) country(16) us(840) organization(1) netscape(113730)} */ - -/* ISO arc for standard certificate and CRL extensions */ -#define MBEDTLS_OID_ID_CE MBEDTLS_OID_ISO_CCITT_DS "\x1D" /**< id-ce OBJECT IDENTIFIER ::= {joint-iso-ccitt(2) ds(5) 29} */ - -#define MBEDTLS_OID_NIST_ALG MBEDTLS_OID_GOV "\x03\x04" /** { joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) nistAlgorithm(4) */ - -/** - * Private Internet Extensions - * { iso(1) identified-organization(3) dod(6) internet(1) - * security(5) mechanisms(5) pkix(7) } - */ -#define MBEDTLS_OID_INTERNET MBEDTLS_OID_ISO_IDENTIFIED_ORG MBEDTLS_OID_ORG_DOD "\x01" -#define MBEDTLS_OID_PKIX MBEDTLS_OID_INTERNET "\x05\x05\x07" - -/* - * Arc for standard naming attributes - */ -#define MBEDTLS_OID_AT MBEDTLS_OID_ISO_CCITT_DS "\x04" /**< id-at OBJECT IDENTIFIER ::= {joint-iso-ccitt(2) ds(5) 4} */ -#define MBEDTLS_OID_AT_CN MBEDTLS_OID_AT "\x03" /**< id-at-commonName AttributeType:= {id-at 3} */ -#define MBEDTLS_OID_AT_SUR_NAME MBEDTLS_OID_AT "\x04" /**< id-at-surName AttributeType:= {id-at 4} */ -#define MBEDTLS_OID_AT_SERIAL_NUMBER MBEDTLS_OID_AT "\x05" /**< id-at-serialNumber AttributeType:= {id-at 5} */ -#define MBEDTLS_OID_AT_COUNTRY MBEDTLS_OID_AT "\x06" /**< id-at-countryName AttributeType:= {id-at 6} */ -#define MBEDTLS_OID_AT_LOCALITY MBEDTLS_OID_AT "\x07" /**< id-at-locality AttributeType:= {id-at 7} */ -#define MBEDTLS_OID_AT_STATE MBEDTLS_OID_AT "\x08" /**< id-at-state AttributeType:= {id-at 8} */ -#define MBEDTLS_OID_AT_ORGANIZATION MBEDTLS_OID_AT "\x0A" /**< id-at-organizationName AttributeType:= {id-at 10} */ -#define MBEDTLS_OID_AT_ORG_UNIT MBEDTLS_OID_AT "\x0B" /**< id-at-organizationalUnitName AttributeType:= {id-at 11} */ -#define MBEDTLS_OID_AT_TITLE MBEDTLS_OID_AT "\x0C" /**< id-at-title AttributeType:= {id-at 12} */ -#define MBEDTLS_OID_AT_POSTAL_ADDRESS MBEDTLS_OID_AT "\x10" /**< id-at-postalAddress AttributeType:= {id-at 16} */ -#define MBEDTLS_OID_AT_POSTAL_CODE MBEDTLS_OID_AT "\x11" /**< id-at-postalCode AttributeType:= {id-at 17} */ -#define MBEDTLS_OID_AT_GIVEN_NAME MBEDTLS_OID_AT "\x2A" /**< id-at-givenName AttributeType:= {id-at 42} */ -#define MBEDTLS_OID_AT_INITIALS MBEDTLS_OID_AT "\x2B" /**< id-at-initials AttributeType:= {id-at 43} */ -#define MBEDTLS_OID_AT_GENERATION_QUALIFIER MBEDTLS_OID_AT "\x2C" /**< id-at-generationQualifier AttributeType:= {id-at 44} */ -#define MBEDTLS_OID_AT_UNIQUE_IDENTIFIER MBEDTLS_OID_AT "\x2D" /**< id-at-uniqueIdentifier AttributType:= {id-at 45} */ -#define MBEDTLS_OID_AT_DN_QUALIFIER MBEDTLS_OID_AT "\x2E" /**< id-at-dnQualifier AttributeType:= {id-at 46} */ -#define MBEDTLS_OID_AT_PSEUDONYM MBEDTLS_OID_AT "\x41" /**< id-at-pseudonym AttributeType:= {id-at 65} */ - -#define MBEDTLS_OID_UID "\x09\x92\x26\x89\x93\xF2\x2C\x64\x01\x01" /** id-domainComponent AttributeType:= {itu-t(0) data(9) pss(2342) ucl(19200300) pilot(100) pilotAttributeType(1) uid(1)} */ -#define MBEDTLS_OID_DOMAIN_COMPONENT "\x09\x92\x26\x89\x93\xF2\x2C\x64\x01\x19" /** id-domainComponent AttributeType:= {itu-t(0) data(9) pss(2342) ucl(19200300) pilot(100) pilotAttributeType(1) domainComponent(25)} */ - -/* - * OIDs for standard certificate extensions - */ -#define MBEDTLS_OID_AUTHORITY_KEY_IDENTIFIER MBEDTLS_OID_ID_CE "\x23" /**< id-ce-authorityKeyIdentifier OBJECT IDENTIFIER ::= { id-ce 35 } */ -#define MBEDTLS_OID_SUBJECT_KEY_IDENTIFIER MBEDTLS_OID_ID_CE "\x0E" /**< id-ce-subjectKeyIdentifier OBJECT IDENTIFIER ::= { id-ce 14 } */ -#define MBEDTLS_OID_KEY_USAGE MBEDTLS_OID_ID_CE "\x0F" /**< id-ce-keyUsage OBJECT IDENTIFIER ::= { id-ce 15 } */ -#define MBEDTLS_OID_CERTIFICATE_POLICIES MBEDTLS_OID_ID_CE "\x20" /**< id-ce-certificatePolicies OBJECT IDENTIFIER ::= { id-ce 32 } */ -#define MBEDTLS_OID_POLICY_MAPPINGS MBEDTLS_OID_ID_CE "\x21" /**< id-ce-policyMappings OBJECT IDENTIFIER ::= { id-ce 33 } */ -#define MBEDTLS_OID_SUBJECT_ALT_NAME MBEDTLS_OID_ID_CE "\x11" /**< id-ce-subjectAltName OBJECT IDENTIFIER ::= { id-ce 17 } */ -#define MBEDTLS_OID_ISSUER_ALT_NAME MBEDTLS_OID_ID_CE "\x12" /**< id-ce-issuerAltName OBJECT IDENTIFIER ::= { id-ce 18 } */ -#define MBEDTLS_OID_SUBJECT_DIRECTORY_ATTRS MBEDTLS_OID_ID_CE "\x09" /**< id-ce-subjectDirectoryAttributes OBJECT IDENTIFIER ::= { id-ce 9 } */ -#define MBEDTLS_OID_BASIC_CONSTRAINTS MBEDTLS_OID_ID_CE "\x13" /**< id-ce-basicConstraints OBJECT IDENTIFIER ::= { id-ce 19 } */ -#define MBEDTLS_OID_NAME_CONSTRAINTS MBEDTLS_OID_ID_CE "\x1E" /**< id-ce-nameConstraints OBJECT IDENTIFIER ::= { id-ce 30 } */ -#define MBEDTLS_OID_POLICY_CONSTRAINTS MBEDTLS_OID_ID_CE "\x24" /**< id-ce-policyConstraints OBJECT IDENTIFIER ::= { id-ce 36 } */ -#define MBEDTLS_OID_EXTENDED_KEY_USAGE MBEDTLS_OID_ID_CE "\x25" /**< id-ce-extKeyUsage OBJECT IDENTIFIER ::= { id-ce 37 } */ -#define MBEDTLS_OID_CRL_DISTRIBUTION_POINTS MBEDTLS_OID_ID_CE "\x1F" /**< id-ce-cRLDistributionPoints OBJECT IDENTIFIER ::= { id-ce 31 } */ -#define MBEDTLS_OID_INIHIBIT_ANYPOLICY MBEDTLS_OID_ID_CE "\x36" /**< id-ce-inhibitAnyPolicy OBJECT IDENTIFIER ::= { id-ce 54 } */ -#define MBEDTLS_OID_FRESHEST_CRL MBEDTLS_OID_ID_CE "\x2E" /**< id-ce-freshestCRL OBJECT IDENTIFIER ::= { id-ce 46 } */ - -/* - * Certificate policies - */ -#define MBEDTLS_OID_ANY_POLICY MBEDTLS_OID_CERTIFICATE_POLICIES "\x00" /**< anyPolicy OBJECT IDENTIFIER ::= { id-ce-certificatePolicies 0 } */ - -/* - * Netscape certificate extensions - */ -#define MBEDTLS_OID_NS_CERT MBEDTLS_OID_NETSCAPE "\x01" -#define MBEDTLS_OID_NS_CERT_TYPE MBEDTLS_OID_NS_CERT "\x01" -#define MBEDTLS_OID_NS_BASE_URL MBEDTLS_OID_NS_CERT "\x02" -#define MBEDTLS_OID_NS_REVOCATION_URL MBEDTLS_OID_NS_CERT "\x03" -#define MBEDTLS_OID_NS_CA_REVOCATION_URL MBEDTLS_OID_NS_CERT "\x04" -#define MBEDTLS_OID_NS_RENEWAL_URL MBEDTLS_OID_NS_CERT "\x07" -#define MBEDTLS_OID_NS_CA_POLICY_URL MBEDTLS_OID_NS_CERT "\x08" -#define MBEDTLS_OID_NS_SSL_SERVER_NAME MBEDTLS_OID_NS_CERT "\x0C" -#define MBEDTLS_OID_NS_COMMENT MBEDTLS_OID_NS_CERT "\x0D" -#define MBEDTLS_OID_NS_DATA_TYPE MBEDTLS_OID_NETSCAPE "\x02" -#define MBEDTLS_OID_NS_CERT_SEQUENCE MBEDTLS_OID_NS_DATA_TYPE "\x05" - -/* - * OIDs for CRL extensions - */ -#define MBEDTLS_OID_PRIVATE_KEY_USAGE_PERIOD MBEDTLS_OID_ID_CE "\x10" -#define MBEDTLS_OID_CRL_NUMBER MBEDTLS_OID_ID_CE "\x14" /**< id-ce-cRLNumber OBJECT IDENTIFIER ::= { id-ce 20 } */ - -/* - * X.509 v3 Extended key usage OIDs - */ -#define MBEDTLS_OID_ANY_EXTENDED_KEY_USAGE MBEDTLS_OID_EXTENDED_KEY_USAGE "\x00" /**< anyExtendedKeyUsage OBJECT IDENTIFIER ::= { id-ce-extKeyUsage 0 } */ - -#define MBEDTLS_OID_KP MBEDTLS_OID_PKIX "\x03" /**< id-kp OBJECT IDENTIFIER ::= { id-pkix 3 } */ -#define MBEDTLS_OID_SERVER_AUTH MBEDTLS_OID_KP "\x01" /**< id-kp-serverAuth OBJECT IDENTIFIER ::= { id-kp 1 } */ -#define MBEDTLS_OID_CLIENT_AUTH MBEDTLS_OID_KP "\x02" /**< id-kp-clientAuth OBJECT IDENTIFIER ::= { id-kp 2 } */ -#define MBEDTLS_OID_CODE_SIGNING MBEDTLS_OID_KP "\x03" /**< id-kp-codeSigning OBJECT IDENTIFIER ::= { id-kp 3 } */ -#define MBEDTLS_OID_EMAIL_PROTECTION MBEDTLS_OID_KP "\x04" /**< id-kp-emailProtection OBJECT IDENTIFIER ::= { id-kp 4 } */ -#define MBEDTLS_OID_TIME_STAMPING MBEDTLS_OID_KP "\x08" /**< id-kp-timeStamping OBJECT IDENTIFIER ::= { id-kp 8 } */ -#define MBEDTLS_OID_OCSP_SIGNING MBEDTLS_OID_KP "\x09" /**< id-kp-OCSPSigning OBJECT IDENTIFIER ::= { id-kp 9 } */ - -/** - * Wi-SUN Alliance Field Area Network - * { iso(1) identified-organization(3) dod(6) internet(1) - * private(4) enterprise(1) WiSUN(45605) FieldAreaNetwork(1) } - */ -#define MBEDTLS_OID_WISUN_FAN MBEDTLS_OID_INTERNET "\x04\x01\x82\xe4\x25\x01" - -#define MBEDTLS_OID_ON MBEDTLS_OID_PKIX "\x08" /**< id-on OBJECT IDENTIFIER ::= { id-pkix 8 } */ -#define MBEDTLS_OID_ON_HW_MODULE_NAME MBEDTLS_OID_ON "\x04" /**< id-on-hardwareModuleName OBJECT IDENTIFIER ::= { id-on 4 } */ - -/* - * PKCS definition OIDs - */ - -#define MBEDTLS_OID_PKCS MBEDTLS_OID_RSA_COMPANY "\x01" /**< pkcs OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) 1 } */ -#define MBEDTLS_OID_PKCS1 MBEDTLS_OID_PKCS "\x01" /**< pkcs-1 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) 1 } */ -#define MBEDTLS_OID_PKCS5 MBEDTLS_OID_PKCS "\x05" /**< pkcs-5 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) 5 } */ -#define MBEDTLS_OID_PKCS9 MBEDTLS_OID_PKCS "\x09" /**< pkcs-9 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) 9 } */ -#define MBEDTLS_OID_PKCS12 MBEDTLS_OID_PKCS "\x0c" /**< pkcs-12 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) 12 } */ - -/* - * PKCS#1 OIDs - */ -#define MBEDTLS_OID_PKCS1_RSA MBEDTLS_OID_PKCS1 "\x01" /**< rsaEncryption OBJECT IDENTIFIER ::= { pkcs-1 1 } */ -#define MBEDTLS_OID_PKCS1_MD5 MBEDTLS_OID_PKCS1 "\x04" /**< md5WithRSAEncryption ::= { pkcs-1 4 } */ -#define MBEDTLS_OID_PKCS1_SHA1 MBEDTLS_OID_PKCS1 "\x05" /**< sha1WithRSAEncryption ::= { pkcs-1 5 } */ -#define MBEDTLS_OID_PKCS1_SHA224 MBEDTLS_OID_PKCS1 "\x0e" /**< sha224WithRSAEncryption ::= { pkcs-1 14 } */ -#define MBEDTLS_OID_PKCS1_SHA256 MBEDTLS_OID_PKCS1 "\x0b" /**< sha256WithRSAEncryption ::= { pkcs-1 11 } */ -#define MBEDTLS_OID_PKCS1_SHA384 MBEDTLS_OID_PKCS1 "\x0c" /**< sha384WithRSAEncryption ::= { pkcs-1 12 } */ -#define MBEDTLS_OID_PKCS1_SHA512 MBEDTLS_OID_PKCS1 "\x0d" /**< sha512WithRSAEncryption ::= { pkcs-1 13 } */ - -#define MBEDTLS_OID_RSA_SHA_OBS "\x2B\x0E\x03\x02\x1D" - -#define MBEDTLS_OID_PKCS9_EMAIL MBEDTLS_OID_PKCS9 "\x01" /**< emailAddress AttributeType ::= { pkcs-9 1 } */ - -/* RFC 4055 */ -#define MBEDTLS_OID_RSASSA_PSS MBEDTLS_OID_PKCS1 "\x0a" /**< id-RSASSA-PSS ::= { pkcs-1 10 } */ -#define MBEDTLS_OID_MGF1 MBEDTLS_OID_PKCS1 "\x08" /**< id-mgf1 ::= { pkcs-1 8 } */ - -/* - * Digest algorithms - */ -#define MBEDTLS_OID_DIGEST_ALG_MD5 MBEDTLS_OID_RSA_COMPANY "\x02\x05" /**< id-mbedtls_md5 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) digestAlgorithm(2) 5 } */ -#define MBEDTLS_OID_DIGEST_ALG_SHA1 MBEDTLS_OID_ISO_IDENTIFIED_ORG MBEDTLS_OID_OIW_SECSIG_SHA1 /**< id-mbedtls_sha1 OBJECT IDENTIFIER ::= { iso(1) identified-organization(3) oiw(14) secsig(3) algorithms(2) 26 } */ -#define MBEDTLS_OID_DIGEST_ALG_SHA224 MBEDTLS_OID_NIST_ALG "\x02\x04" /**< id-sha224 OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) nistalgorithm(4) hashalgs(2) 4 } */ -#define MBEDTLS_OID_DIGEST_ALG_SHA256 MBEDTLS_OID_NIST_ALG "\x02\x01" /**< id-mbedtls_sha256 OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) nistalgorithm(4) hashalgs(2) 1 } */ - -#define MBEDTLS_OID_DIGEST_ALG_SHA384 MBEDTLS_OID_NIST_ALG "\x02\x02" /**< id-sha384 OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) nistalgorithm(4) hashalgs(2) 2 } */ - -#define MBEDTLS_OID_DIGEST_ALG_SHA512 MBEDTLS_OID_NIST_ALG "\x02\x03" /**< id-mbedtls_sha512 OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) nistalgorithm(4) hashalgs(2) 3 } */ - -#define MBEDTLS_OID_DIGEST_ALG_RIPEMD160 MBEDTLS_OID_TELETRUST "\x03\x02\x01" /**< id-ripemd160 OBJECT IDENTIFIER :: { iso(1) identified-organization(3) teletrust(36) algorithm(3) hashAlgorithm(2) ripemd160(1) } */ - -#define MBEDTLS_OID_HMAC_SHA1 MBEDTLS_OID_RSA_COMPANY "\x02\x07" /**< id-hmacWithSHA1 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) digestAlgorithm(2) 7 } */ - -#define MBEDTLS_OID_HMAC_SHA224 MBEDTLS_OID_RSA_COMPANY "\x02\x08" /**< id-hmacWithSHA224 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) digestAlgorithm(2) 8 } */ - -#define MBEDTLS_OID_HMAC_SHA256 MBEDTLS_OID_RSA_COMPANY "\x02\x09" /**< id-hmacWithSHA256 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) digestAlgorithm(2) 9 } */ - -#define MBEDTLS_OID_HMAC_SHA384 MBEDTLS_OID_RSA_COMPANY "\x02\x0A" /**< id-hmacWithSHA384 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) digestAlgorithm(2) 10 } */ - -#define MBEDTLS_OID_HMAC_SHA512 MBEDTLS_OID_RSA_COMPANY "\x02\x0B" /**< id-hmacWithSHA512 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) digestAlgorithm(2) 11 } */ - -/* - * Encryption algorithms - */ -#define MBEDTLS_OID_DES_CBC MBEDTLS_OID_ISO_IDENTIFIED_ORG MBEDTLS_OID_OIW_SECSIG_ALG "\x07" /**< desCBC OBJECT IDENTIFIER ::= { iso(1) identified-organization(3) oiw(14) secsig(3) algorithms(2) 7 } */ -#define MBEDTLS_OID_DES_EDE3_CBC MBEDTLS_OID_RSA_COMPANY "\x03\x07" /**< des-ede3-cbc OBJECT IDENTIFIER ::= { iso(1) member-body(2) -- us(840) rsadsi(113549) encryptionAlgorithm(3) 7 } */ -#define MBEDTLS_OID_AES MBEDTLS_OID_NIST_ALG "\x01" /** aes OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) nistAlgorithm(4) 1 } */ - -/* - * Key Wrapping algorithms - */ -/* - * RFC 5649 - */ -#define MBEDTLS_OID_AES128_KW MBEDTLS_OID_AES "\x05" /** id-aes128-wrap OBJECT IDENTIFIER ::= { aes 5 } */ -#define MBEDTLS_OID_AES128_KWP MBEDTLS_OID_AES "\x08" /** id-aes128-wrap-pad OBJECT IDENTIFIER ::= { aes 8 } */ -#define MBEDTLS_OID_AES192_KW MBEDTLS_OID_AES "\x19" /** id-aes192-wrap OBJECT IDENTIFIER ::= { aes 25 } */ -#define MBEDTLS_OID_AES192_KWP MBEDTLS_OID_AES "\x1c" /** id-aes192-wrap-pad OBJECT IDENTIFIER ::= { aes 28 } */ -#define MBEDTLS_OID_AES256_KW MBEDTLS_OID_AES "\x2d" /** id-aes256-wrap OBJECT IDENTIFIER ::= { aes 45 } */ -#define MBEDTLS_OID_AES256_KWP MBEDTLS_OID_AES "\x30" /** id-aes256-wrap-pad OBJECT IDENTIFIER ::= { aes 48 } */ -/* - * PKCS#5 OIDs - */ -#define MBEDTLS_OID_PKCS5_PBKDF2 MBEDTLS_OID_PKCS5 "\x0c" /**< id-PBKDF2 OBJECT IDENTIFIER ::= {pkcs-5 12} */ -#define MBEDTLS_OID_PKCS5_PBES2 MBEDTLS_OID_PKCS5 "\x0d" /**< id-PBES2 OBJECT IDENTIFIER ::= {pkcs-5 13} */ -#define MBEDTLS_OID_PKCS5_PBMAC1 MBEDTLS_OID_PKCS5 "\x0e" /**< id-PBMAC1 OBJECT IDENTIFIER ::= {pkcs-5 14} */ - -/* - * PKCS#5 PBES1 algorithms - */ -#define MBEDTLS_OID_PKCS5_PBE_MD5_DES_CBC MBEDTLS_OID_PKCS5 "\x03" /**< pbeWithMD5AndDES-CBC OBJECT IDENTIFIER ::= {pkcs-5 3} */ -#define MBEDTLS_OID_PKCS5_PBE_MD5_RC2_CBC MBEDTLS_OID_PKCS5 "\x06" /**< pbeWithMD5AndRC2-CBC OBJECT IDENTIFIER ::= {pkcs-5 6} */ -#define MBEDTLS_OID_PKCS5_PBE_SHA1_DES_CBC MBEDTLS_OID_PKCS5 "\x0a" /**< pbeWithSHA1AndDES-CBC OBJECT IDENTIFIER ::= {pkcs-5 10} */ -#define MBEDTLS_OID_PKCS5_PBE_SHA1_RC2_CBC MBEDTLS_OID_PKCS5 "\x0b" /**< pbeWithSHA1AndRC2-CBC OBJECT IDENTIFIER ::= {pkcs-5 11} */ - -/* - * PKCS#8 OIDs - */ -#define MBEDTLS_OID_PKCS9_CSR_EXT_REQ MBEDTLS_OID_PKCS9 "\x0e" /**< extensionRequest OBJECT IDENTIFIER ::= {pkcs-9 14} */ - -/* - * PKCS#12 PBE OIDs - */ -#define MBEDTLS_OID_PKCS12_PBE MBEDTLS_OID_PKCS12 "\x01" /**< pkcs-12PbeIds OBJECT IDENTIFIER ::= {pkcs-12 1} */ - -#define MBEDTLS_OID_PKCS12_PBE_SHA1_DES3_EDE_CBC MBEDTLS_OID_PKCS12_PBE "\x03" /**< pbeWithSHAAnd3-KeyTripleDES-CBC OBJECT IDENTIFIER ::= {pkcs-12PbeIds 3} */ -#define MBEDTLS_OID_PKCS12_PBE_SHA1_DES2_EDE_CBC MBEDTLS_OID_PKCS12_PBE "\x04" /**< pbeWithSHAAnd2-KeyTripleDES-CBC OBJECT IDENTIFIER ::= {pkcs-12PbeIds 4} */ -#define MBEDTLS_OID_PKCS12_PBE_SHA1_RC2_128_CBC MBEDTLS_OID_PKCS12_PBE "\x05" /**< pbeWithSHAAnd128BitRC2-CBC OBJECT IDENTIFIER ::= {pkcs-12PbeIds 5} */ -#define MBEDTLS_OID_PKCS12_PBE_SHA1_RC2_40_CBC MBEDTLS_OID_PKCS12_PBE "\x06" /**< pbeWithSHAAnd40BitRC2-CBC OBJECT IDENTIFIER ::= {pkcs-12PbeIds 6} */ - -/* - * EC key algorithms from RFC 5480 - */ - -/* id-ecPublicKey OBJECT IDENTIFIER ::= { - * iso(1) member-body(2) us(840) ansi-X9-62(10045) keyType(2) 1 } */ -#define MBEDTLS_OID_EC_ALG_UNRESTRICTED MBEDTLS_OID_ANSI_X9_62 "\x02\01" - -/* id-ecDH OBJECT IDENTIFIER ::= { - * iso(1) identified-organization(3) certicom(132) - * schemes(1) ecdh(12) } */ -#define MBEDTLS_OID_EC_ALG_ECDH MBEDTLS_OID_CERTICOM "\x01\x0c" - -/* - * ECParameters namedCurve identifiers, from RFC 5480, RFC 5639, and SEC2 - */ - -/* secp192r1 OBJECT IDENTIFIER ::= { - * iso(1) member-body(2) us(840) ansi-X9-62(10045) curves(3) prime(1) 1 } */ -#define MBEDTLS_OID_EC_GRP_SECP192R1 MBEDTLS_OID_ANSI_X9_62 "\x03\x01\x01" - -/* secp224r1 OBJECT IDENTIFIER ::= { - * iso(1) identified-organization(3) certicom(132) curve(0) 33 } */ -#define MBEDTLS_OID_EC_GRP_SECP224R1 MBEDTLS_OID_CERTICOM "\x00\x21" - -/* secp256r1 OBJECT IDENTIFIER ::= { - * iso(1) member-body(2) us(840) ansi-X9-62(10045) curves(3) prime(1) 7 } */ -#define MBEDTLS_OID_EC_GRP_SECP256R1 MBEDTLS_OID_ANSI_X9_62 "\x03\x01\x07" - -/* secp384r1 OBJECT IDENTIFIER ::= { - * iso(1) identified-organization(3) certicom(132) curve(0) 34 } */ -#define MBEDTLS_OID_EC_GRP_SECP384R1 MBEDTLS_OID_CERTICOM "\x00\x22" - -/* secp521r1 OBJECT IDENTIFIER ::= { - * iso(1) identified-organization(3) certicom(132) curve(0) 35 } */ -#define MBEDTLS_OID_EC_GRP_SECP521R1 MBEDTLS_OID_CERTICOM "\x00\x23" - -/* secp192k1 OBJECT IDENTIFIER ::= { - * iso(1) identified-organization(3) certicom(132) curve(0) 31 } */ -#define MBEDTLS_OID_EC_GRP_SECP192K1 MBEDTLS_OID_CERTICOM "\x00\x1f" - -/* secp224k1 OBJECT IDENTIFIER ::= { - * iso(1) identified-organization(3) certicom(132) curve(0) 32 } */ -#define MBEDTLS_OID_EC_GRP_SECP224K1 MBEDTLS_OID_CERTICOM "\x00\x20" - -/* secp256k1 OBJECT IDENTIFIER ::= { - * iso(1) identified-organization(3) certicom(132) curve(0) 10 } */ -#define MBEDTLS_OID_EC_GRP_SECP256K1 MBEDTLS_OID_CERTICOM "\x00\x0a" - -/* RFC 5639 4.1 - * ecStdCurvesAndGeneration OBJECT IDENTIFIER::= {iso(1) - * identified-organization(3) teletrust(36) algorithm(3) signature- - * algorithm(3) ecSign(2) 8} - * ellipticCurve OBJECT IDENTIFIER ::= {ecStdCurvesAndGeneration 1} - * versionOne OBJECT IDENTIFIER ::= {ellipticCurve 1} */ -#define MBEDTLS_OID_EC_BRAINPOOL_V1 MBEDTLS_OID_TELETRUST "\x03\x03\x02\x08\x01\x01" - -/* brainpoolP256r1 OBJECT IDENTIFIER ::= {versionOne 7} */ -#define MBEDTLS_OID_EC_GRP_BP256R1 MBEDTLS_OID_EC_BRAINPOOL_V1 "\x07" - -/* brainpoolP384r1 OBJECT IDENTIFIER ::= {versionOne 11} */ -#define MBEDTLS_OID_EC_GRP_BP384R1 MBEDTLS_OID_EC_BRAINPOOL_V1 "\x0B" - -/* brainpoolP512r1 OBJECT IDENTIFIER ::= {versionOne 13} */ -#define MBEDTLS_OID_EC_GRP_BP512R1 MBEDTLS_OID_EC_BRAINPOOL_V1 "\x0D" - -/* - * SEC1 C.1 - * - * prime-field OBJECT IDENTIFIER ::= { id-fieldType 1 } - * id-fieldType OBJECT IDENTIFIER ::= { ansi-X9-62 fieldType(1)} - */ -#define MBEDTLS_OID_ANSI_X9_62_FIELD_TYPE MBEDTLS_OID_ANSI_X9_62 "\x01" -#define MBEDTLS_OID_ANSI_X9_62_PRIME_FIELD MBEDTLS_OID_ANSI_X9_62_FIELD_TYPE "\x01" - -/* - * ECDSA signature identifiers, from RFC 5480 - */ -#define MBEDTLS_OID_ANSI_X9_62_SIG MBEDTLS_OID_ANSI_X9_62 "\x04" /* signatures(4) */ -#define MBEDTLS_OID_ANSI_X9_62_SIG_SHA2 MBEDTLS_OID_ANSI_X9_62_SIG "\x03" /* ecdsa-with-SHA2(3) */ - -/* ecdsa-with-SHA1 OBJECT IDENTIFIER ::= { - * iso(1) member-body(2) us(840) ansi-X9-62(10045) signatures(4) 1 } */ -#define MBEDTLS_OID_ECDSA_SHA1 MBEDTLS_OID_ANSI_X9_62_SIG "\x01" - -/* ecdsa-with-SHA224 OBJECT IDENTIFIER ::= { - * iso(1) member-body(2) us(840) ansi-X9-62(10045) signatures(4) - * ecdsa-with-SHA2(3) 1 } */ -#define MBEDTLS_OID_ECDSA_SHA224 MBEDTLS_OID_ANSI_X9_62_SIG_SHA2 "\x01" - -/* ecdsa-with-SHA256 OBJECT IDENTIFIER ::= { - * iso(1) member-body(2) us(840) ansi-X9-62(10045) signatures(4) - * ecdsa-with-SHA2(3) 2 } */ -#define MBEDTLS_OID_ECDSA_SHA256 MBEDTLS_OID_ANSI_X9_62_SIG_SHA2 "\x02" - -/* ecdsa-with-SHA384 OBJECT IDENTIFIER ::= { - * iso(1) member-body(2) us(840) ansi-X9-62(10045) signatures(4) - * ecdsa-with-SHA2(3) 3 } */ -#define MBEDTLS_OID_ECDSA_SHA384 MBEDTLS_OID_ANSI_X9_62_SIG_SHA2 "\x03" - -/* ecdsa-with-SHA512 OBJECT IDENTIFIER ::= { - * iso(1) member-body(2) us(840) ansi-X9-62(10045) signatures(4) - * ecdsa-with-SHA2(3) 4 } */ -#define MBEDTLS_OID_ECDSA_SHA512 MBEDTLS_OID_ANSI_X9_62_SIG_SHA2 "\x04" - -#ifdef __cplusplus -extern "C" { -#endif - -/** - * \brief Base OID descriptor structure - */ -typedef struct mbedtls_oid_descriptor_t -{ - const char *MBEDTLS_PRIVATE(asn1); /*!< OID ASN.1 representation */ - size_t MBEDTLS_PRIVATE(asn1_len); /*!< length of asn1 */ -#if !defined(MBEDTLS_X509_REMOVE_INFO) - const char *MBEDTLS_PRIVATE(name); /*!< official name (e.g. from RFC) */ - const char *MBEDTLS_PRIVATE(description); /*!< human friendly description */ -#endif -} mbedtls_oid_descriptor_t; - -/** - * \brief Translate an ASN.1 OID into its numeric representation - * (e.g. "\x2A\x86\x48\x86\xF7\x0D" into "1.2.840.113549") - * - * \param buf buffer to put representation in - * \param size size of the buffer - * \param oid OID to translate - * - * \return Length of the string written (excluding final NULL) or - * MBEDTLS_ERR_OID_BUF_TOO_SMALL in case of error - */ -int mbedtls_oid_get_numeric_string( char *buf, size_t size, const mbedtls_asn1_buf *oid ); - -/** - * \brief Translate an X.509 extension OID into local values - * - * \param oid OID to use - * \param ext_type place to store the extension type - * - * \return 0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND - */ -int mbedtls_oid_get_x509_ext_type( const mbedtls_asn1_buf *oid, int *ext_type ); - -/** - * \brief Translate an X.509 attribute type OID into the short name - * (e.g. the OID for an X520 Common Name into "CN") - * - * \param oid OID to use - * \param short_name place to store the string pointer - * - * \return 0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND - */ -int mbedtls_oid_get_attr_short_name( const mbedtls_asn1_buf *oid, const char **short_name ); - -/** - * \brief Translate PublicKeyAlgorithm OID into pk_type - * - * \param oid OID to use - * \param pk_alg place to store public key algorithm - * - * \return 0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND - */ -int mbedtls_oid_get_pk_alg( const mbedtls_asn1_buf *oid, mbedtls_pk_type_t *pk_alg ); - -/** - * \brief Translate pk_type into PublicKeyAlgorithm OID - * - * \param pk_alg Public key type to look for - * \param oid place to store ASN.1 OID string pointer - * \param olen length of the OID - * - * \return 0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND - */ -int mbedtls_oid_get_oid_by_pk_alg( mbedtls_pk_type_t pk_alg, - const char **oid, size_t *olen ); - -#if defined(MBEDTLS_ECP_C) -/** - * \brief Translate NamedCurve OID into an EC group identifier - * - * \param oid OID to use - * \param grp_id place to store group id - * - * \return 0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND - */ -int mbedtls_oid_get_ec_grp( const mbedtls_asn1_buf *oid, mbedtls_ecp_group_id *grp_id ); - -/** - * \brief Translate EC group identifier into NamedCurve OID - * - * \param grp_id EC group identifier - * \param oid place to store ASN.1 OID string pointer - * \param olen length of the OID - * - * \return 0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND - */ -int mbedtls_oid_get_oid_by_ec_grp( mbedtls_ecp_group_id grp_id, - const char **oid, size_t *olen ); -#endif /* MBEDTLS_ECP_C */ - -#if defined(MBEDTLS_MD_C) -/** - * \brief Translate SignatureAlgorithm OID into md_type and pk_type - * - * \param oid OID to use - * \param md_alg place to store message digest algorithm - * \param pk_alg place to store public key algorithm - * - * \return 0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND - */ -int mbedtls_oid_get_sig_alg( const mbedtls_asn1_buf *oid, - mbedtls_md_type_t *md_alg, mbedtls_pk_type_t *pk_alg ); - -/** - * \brief Translate SignatureAlgorithm OID into description - * - * \param oid OID to use - * \param desc place to store string pointer - * - * \return 0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND - */ -int mbedtls_oid_get_sig_alg_desc( const mbedtls_asn1_buf *oid, const char **desc ); - -/** - * \brief Translate md_type and pk_type into SignatureAlgorithm OID - * - * \param md_alg message digest algorithm - * \param pk_alg public key algorithm - * \param oid place to store ASN.1 OID string pointer - * \param olen length of the OID - * - * \return 0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND - */ -int mbedtls_oid_get_oid_by_sig_alg( mbedtls_pk_type_t pk_alg, mbedtls_md_type_t md_alg, - const char **oid, size_t *olen ); - -/** - * \brief Translate hash algorithm OID into md_type - * - * \param oid OID to use - * \param md_alg place to store message digest algorithm - * - * \return 0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND - */ -int mbedtls_oid_get_md_alg( const mbedtls_asn1_buf *oid, mbedtls_md_type_t *md_alg ); - -/** - * \brief Translate hmac algorithm OID into md_type - * - * \param oid OID to use - * \param md_hmac place to store message hmac algorithm - * - * \return 0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND - */ -int mbedtls_oid_get_md_hmac( const mbedtls_asn1_buf *oid, mbedtls_md_type_t *md_hmac ); -#endif /* MBEDTLS_MD_C */ - -#if !defined(MBEDTLS_X509_REMOVE_INFO) -/** - * \brief Translate Extended Key Usage OID into description - * - * \param oid OID to use - * \param desc place to store string pointer - * - * \return 0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND - */ -int mbedtls_oid_get_extended_key_usage( const mbedtls_asn1_buf *oid, const char **desc ); -#endif - -/** - * \brief Translate certificate policies OID into description - * - * \param oid OID to use - * \param desc place to store string pointer - * - * \return 0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND - */ -int mbedtls_oid_get_certificate_policies( const mbedtls_asn1_buf *oid, const char **desc ); - -/** - * \brief Translate md_type into hash algorithm OID - * - * \param md_alg message digest algorithm - * \param oid place to store ASN.1 OID string pointer - * \param olen length of the OID - * - * \return 0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND - */ -int mbedtls_oid_get_oid_by_md( mbedtls_md_type_t md_alg, const char **oid, size_t *olen ); - -#if defined(MBEDTLS_CIPHER_C) -/** - * \brief Translate encryption algorithm OID into cipher_type - * - * \param oid OID to use - * \param cipher_alg place to store cipher algorithm - * - * \return 0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND - */ -int mbedtls_oid_get_cipher_alg( const mbedtls_asn1_buf *oid, mbedtls_cipher_type_t *cipher_alg ); -#endif /* MBEDTLS_CIPHER_C */ - -#if defined(MBEDTLS_PKCS12_C) -/** - * \brief Translate PKCS#12 PBE algorithm OID into md_type and - * cipher_type - * - * \param oid OID to use - * \param md_alg place to store message digest algorithm - * \param cipher_alg place to store cipher algorithm - * - * \return 0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND - */ -int mbedtls_oid_get_pkcs12_pbe_alg( const mbedtls_asn1_buf *oid, mbedtls_md_type_t *md_alg, - mbedtls_cipher_type_t *cipher_alg ); -#endif /* MBEDTLS_PKCS12_C */ - -#ifdef __cplusplus -} -#endif - -#endif /* oid.h */ diff --git a/windows/mbedtls/pem.h b/windows/mbedtls/pem.h deleted file mode 100644 index a01a296b..00000000 --- a/windows/mbedtls/pem.h +++ /dev/null @@ -1,141 +0,0 @@ -/** - * \file pem.h - * - * \brief Privacy Enhanced Mail (PEM) decoding - */ -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -#ifndef MBEDTLS_PEM_H -#define MBEDTLS_PEM_H -#include "mbedtls/private_access.h" - -#include "mbedtls/build_info.h" - -#include - -/** - * \name PEM Error codes - * These error codes are returned in case of errors reading the - * PEM data. - * \{ - */ -#define MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT -0x1080 /**< No PEM header or footer found. */ -#define MBEDTLS_ERR_PEM_INVALID_DATA -0x1100 /**< PEM string is not as expected. */ -#define MBEDTLS_ERR_PEM_ALLOC_FAILED -0x1180 /**< Failed to allocate memory. */ -#define MBEDTLS_ERR_PEM_INVALID_ENC_IV -0x1200 /**< RSA IV is not in hex-format. */ -#define MBEDTLS_ERR_PEM_UNKNOWN_ENC_ALG -0x1280 /**< Unsupported key encryption algorithm. */ -#define MBEDTLS_ERR_PEM_PASSWORD_REQUIRED -0x1300 /**< Private key password can't be empty. */ -#define MBEDTLS_ERR_PEM_PASSWORD_MISMATCH -0x1380 /**< Given private key password does not allow for correct decryption. */ -#define MBEDTLS_ERR_PEM_FEATURE_UNAVAILABLE -0x1400 /**< Unavailable feature, e.g. hashing/encryption combination. */ -#define MBEDTLS_ERR_PEM_BAD_INPUT_DATA -0x1480 /**< Bad input parameters to function. */ -/* \} name */ - -#ifdef __cplusplus -extern "C" { -#endif - -#if defined(MBEDTLS_PEM_PARSE_C) -/** - * \brief PEM context structure - */ -typedef struct mbedtls_pem_context -{ - unsigned char *MBEDTLS_PRIVATE(buf); /*!< buffer for decoded data */ - size_t MBEDTLS_PRIVATE(buflen); /*!< length of the buffer */ - unsigned char *MBEDTLS_PRIVATE(info); /*!< buffer for extra header information */ -} -mbedtls_pem_context; - -/** - * \brief PEM context setup - * - * \param ctx context to be initialized - */ -void mbedtls_pem_init( mbedtls_pem_context *ctx ); - -/** - * \brief Read a buffer for PEM information and store the resulting - * data into the specified context buffers. - * - * \param ctx context to use - * \param header header string to seek and expect - * \param footer footer string to seek and expect - * \param data source data to look in (must be nul-terminated) - * \param pwd password for decryption (can be NULL) - * \param pwdlen length of password - * \param use_len destination for total length used (set after header is - * correctly read, so unless you get - * MBEDTLS_ERR_PEM_BAD_INPUT_DATA or - * MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT, use_len is - * the length to skip) - * - * \note Attempts to check password correctness by verifying if - * the decrypted text starts with an ASN.1 sequence of - * appropriate length - * - * \return 0 on success, or a specific PEM error code - */ -int mbedtls_pem_read_buffer( mbedtls_pem_context *ctx, const char *header, const char *footer, - const unsigned char *data, - const unsigned char *pwd, - size_t pwdlen, size_t *use_len ); - -/** - * \brief PEM context memory freeing - * - * \param ctx context to be freed - */ -void mbedtls_pem_free( mbedtls_pem_context *ctx ); -#endif /* MBEDTLS_PEM_PARSE_C */ - -#if defined(MBEDTLS_PEM_WRITE_C) -/** - * \brief Write a buffer of PEM information from a DER encoded - * buffer. - * - * \param header The header string to write. - * \param footer The footer string to write. - * \param der_data The DER data to encode. - * \param der_len The length of the DER data \p der_data in Bytes. - * \param buf The buffer to write to. - * \param buf_len The length of the output buffer \p buf in Bytes. - * \param olen The address at which to store the total length written - * or required (if \p buf_len is not enough). - * - * \note You may pass \c NULL for \p buf and \c 0 for \p buf_len - * to request the length of the resulting PEM buffer in - * `*olen`. - * - * \note This function may be called with overlapping \p der_data - * and \p buf buffers. - * - * \return \c 0 on success. - * \return #MBEDTLS_ERR_BASE64_BUFFER_TOO_SMALL if \p buf isn't large - * enough to hold the PEM buffer. In this case, `*olen` holds - * the required minimum size of \p buf. - * \return Another PEM or BASE64 error code on other kinds of failure. - */ -int mbedtls_pem_write_buffer( const char *header, const char *footer, - const unsigned char *der_data, size_t der_len, - unsigned char *buf, size_t buf_len, size_t *olen ); -#endif /* MBEDTLS_PEM_WRITE_C */ - -#ifdef __cplusplus -} -#endif - -#endif /* pem.h */ diff --git a/windows/mbedtls/pk.h b/windows/mbedtls/pk.h deleted file mode 100644 index f3553ccc..00000000 --- a/windows/mbedtls/pk.h +++ /dev/null @@ -1,890 +0,0 @@ -/** - * \file pk.h - * - * \brief Public Key abstraction layer - */ -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -#ifndef MBEDTLS_PK_H -#define MBEDTLS_PK_H -#include "mbedtls/private_access.h" - -#include "mbedtls/build_info.h" - -#include "mbedtls/md.h" - -#if defined(MBEDTLS_RSA_C) -#include "mbedtls/rsa.h" -#endif - -#if defined(MBEDTLS_ECP_C) -#include "mbedtls/ecp.h" -#endif - -#if defined(MBEDTLS_ECDSA_C) -#include "mbedtls/ecdsa.h" -#endif - -#if defined(MBEDTLS_USE_PSA_CRYPTO) -#include "psa/crypto.h" -#endif - -#if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && \ - !defined(inline) && !defined(__cplusplus) -#define inline __inline -#endif - -#define MBEDTLS_ERR_PK_ALLOC_FAILED -0x3F80 /**< Memory allocation failed. */ -#define MBEDTLS_ERR_PK_TYPE_MISMATCH -0x3F00 /**< Type mismatch, eg attempt to encrypt with an ECDSA key */ -#define MBEDTLS_ERR_PK_BAD_INPUT_DATA -0x3E80 /**< Bad input parameters to function. */ -#define MBEDTLS_ERR_PK_FILE_IO_ERROR -0x3E00 /**< Read/write of file failed. */ -#define MBEDTLS_ERR_PK_KEY_INVALID_VERSION -0x3D80 /**< Unsupported key version */ -#define MBEDTLS_ERR_PK_KEY_INVALID_FORMAT -0x3D00 /**< Invalid key tag or value. */ -#define MBEDTLS_ERR_PK_UNKNOWN_PK_ALG -0x3C80 /**< Key algorithm is unsupported (only RSA and EC are supported). */ -#define MBEDTLS_ERR_PK_PASSWORD_REQUIRED -0x3C00 /**< Private key password can't be empty. */ -#define MBEDTLS_ERR_PK_PASSWORD_MISMATCH -0x3B80 /**< Given private key password does not allow for correct decryption. */ -#define MBEDTLS_ERR_PK_INVALID_PUBKEY -0x3B00 /**< The pubkey tag or value is invalid (only RSA and EC are supported). */ -#define MBEDTLS_ERR_PK_INVALID_ALG -0x3A80 /**< The algorithm tag or value is invalid. */ -#define MBEDTLS_ERR_PK_UNKNOWN_NAMED_CURVE -0x3A00 /**< Elliptic curve is unsupported (only NIST curves are supported). */ -#define MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE -0x3980 /**< Unavailable feature, e.g. RSA disabled for RSA key. */ -#define MBEDTLS_ERR_PK_SIG_LEN_MISMATCH -0x3900 /**< The buffer contains a valid signature followed by more data. */ -#define MBEDTLS_ERR_PK_BUFFER_TOO_SMALL -0x3880 /**< The output buffer is too small. */ - -#ifdef __cplusplus -extern "C" { -#endif - -/** - * \brief Public key types - */ -typedef enum { - MBEDTLS_PK_NONE=0, - MBEDTLS_PK_RSA, - MBEDTLS_PK_ECKEY, - MBEDTLS_PK_ECKEY_DH, - MBEDTLS_PK_ECDSA, - MBEDTLS_PK_RSA_ALT, - MBEDTLS_PK_RSASSA_PSS, - MBEDTLS_PK_OPAQUE, -} mbedtls_pk_type_t; - -/** - * \brief Options for RSASSA-PSS signature verification. - * See \c mbedtls_rsa_rsassa_pss_verify_ext() - */ -typedef struct mbedtls_pk_rsassa_pss_options -{ - mbedtls_md_type_t MBEDTLS_PRIVATE(mgf1_hash_id); - int MBEDTLS_PRIVATE(expected_salt_len); - -} mbedtls_pk_rsassa_pss_options; - -/** - * \brief Maximum size of a signature made by mbedtls_pk_sign(). - */ -/* We need to set MBEDTLS_PK_SIGNATURE_MAX_SIZE to the maximum signature - * size among the supported signature types. Do it by starting at 0, - * then incrementally increasing to be large enough for each supported - * signature mechanism. - * - * The resulting value can be 0, for example if MBEDTLS_ECDH_C is enabled - * (which allows the pk module to be included) but neither MBEDTLS_ECDSA_C - * nor MBEDTLS_RSA_C nor any opaque signature mechanism (PSA or RSA_ALT). - */ -#define MBEDTLS_PK_SIGNATURE_MAX_SIZE 0 - -#if ( defined(MBEDTLS_RSA_C) || defined(MBEDTLS_PK_RSA_ALT_SUPPORT) ) && \ - MBEDTLS_MPI_MAX_SIZE > MBEDTLS_PK_SIGNATURE_MAX_SIZE -/* For RSA, the signature can be as large as the bignum module allows. - * For RSA_ALT, the signature size is not necessarily tied to what the - * bignum module can do, but in the absence of any specific setting, - * we use that (rsa_alt_sign_wrap in library/pk_wrap.h will check). */ -#undef MBEDTLS_PK_SIGNATURE_MAX_SIZE -#define MBEDTLS_PK_SIGNATURE_MAX_SIZE MBEDTLS_MPI_MAX_SIZE -#endif - -#if defined(MBEDTLS_ECDSA_C) && \ - MBEDTLS_ECDSA_MAX_LEN > MBEDTLS_PK_SIGNATURE_MAX_SIZE -/* For ECDSA, the ecdsa module exports a constant for the maximum - * signature size. */ -#undef MBEDTLS_PK_SIGNATURE_MAX_SIZE -#define MBEDTLS_PK_SIGNATURE_MAX_SIZE MBEDTLS_ECDSA_MAX_LEN -#endif - -#if defined(MBEDTLS_USE_PSA_CRYPTO) -#if PSA_SIGNATURE_MAX_SIZE > MBEDTLS_PK_SIGNATURE_MAX_SIZE -/* PSA_SIGNATURE_MAX_SIZE is the maximum size of a signature made - * through the PSA API in the PSA representation. */ -#undef MBEDTLS_PK_SIGNATURE_MAX_SIZE -#define MBEDTLS_PK_SIGNATURE_MAX_SIZE PSA_SIGNATURE_MAX_SIZE -#endif - -#if PSA_VENDOR_ECDSA_SIGNATURE_MAX_SIZE + 11 > MBEDTLS_PK_SIGNATURE_MAX_SIZE -/* The Mbed TLS representation is different for ECDSA signatures: - * PSA uses the raw concatenation of r and s, - * whereas Mbed TLS uses the ASN.1 representation (SEQUENCE of two INTEGERs). - * Add the overhead of ASN.1: up to (1+2) + 2 * (1+2+1) for the - * types, lengths (represented by up to 2 bytes), and potential leading - * zeros of the INTEGERs and the SEQUENCE. */ -#undef MBEDTLS_PK_SIGNATURE_MAX_SIZE -#define MBEDTLS_PK_SIGNATURE_MAX_SIZE ( PSA_VENDOR_ECDSA_SIGNATURE_MAX_SIZE + 11 ) -#endif -#endif /* defined(MBEDTLS_USE_PSA_CRYPTO) */ - -/** - * \brief Types for interfacing with the debug module - */ -typedef enum -{ - MBEDTLS_PK_DEBUG_NONE = 0, - MBEDTLS_PK_DEBUG_MPI, - MBEDTLS_PK_DEBUG_ECP, -} mbedtls_pk_debug_type; - -/** - * \brief Item to send to the debug module - */ -typedef struct mbedtls_pk_debug_item -{ - mbedtls_pk_debug_type MBEDTLS_PRIVATE(type); - const char *MBEDTLS_PRIVATE(name); - void *MBEDTLS_PRIVATE(value); -} mbedtls_pk_debug_item; - -/** Maximum number of item send for debugging, plus 1 */ -#define MBEDTLS_PK_DEBUG_MAX_ITEMS 3 - -/** - * \brief Public key information and operations - */ -typedef struct mbedtls_pk_info_t mbedtls_pk_info_t; - -/** - * \brief Public key container - */ -typedef struct mbedtls_pk_context -{ - const mbedtls_pk_info_t * MBEDTLS_PRIVATE(pk_info); /**< Public key information */ - void * MBEDTLS_PRIVATE(pk_ctx); /**< Underlying public key context */ -} mbedtls_pk_context; - -#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE) -/** - * \brief Context for resuming operations - */ -typedef struct -{ - const mbedtls_pk_info_t * MBEDTLS_PRIVATE(pk_info); /**< Public key information */ - void * MBEDTLS_PRIVATE(rs_ctx); /**< Underlying restart context */ -} mbedtls_pk_restart_ctx; -#else /* MBEDTLS_ECDSA_C && MBEDTLS_ECP_RESTARTABLE */ -/* Now we can declare functions that take a pointer to that */ -typedef void mbedtls_pk_restart_ctx; -#endif /* MBEDTLS_ECDSA_C && MBEDTLS_ECP_RESTARTABLE */ - -#if defined(MBEDTLS_RSA_C) -/** - * Quick access to an RSA context inside a PK context. - * - * \warning You must make sure the PK context actually holds an RSA context - * before using this function! - */ -static inline mbedtls_rsa_context *mbedtls_pk_rsa( const mbedtls_pk_context pk ) -{ - return( (mbedtls_rsa_context *) (pk).MBEDTLS_PRIVATE(pk_ctx) ); -} -#endif /* MBEDTLS_RSA_C */ - -#if defined(MBEDTLS_ECP_C) -/** - * Quick access to an EC context inside a PK context. - * - * \warning You must make sure the PK context actually holds an EC context - * before using this function! - */ -static inline mbedtls_ecp_keypair *mbedtls_pk_ec( const mbedtls_pk_context pk ) -{ - return( (mbedtls_ecp_keypair *) (pk).MBEDTLS_PRIVATE(pk_ctx) ); -} -#endif /* MBEDTLS_ECP_C */ - -#if defined(MBEDTLS_PK_RSA_ALT_SUPPORT) -/** - * \brief Types for RSA-alt abstraction - */ -typedef int (*mbedtls_pk_rsa_alt_decrypt_func)( void *ctx, size_t *olen, - const unsigned char *input, unsigned char *output, - size_t output_max_len ); -typedef int (*mbedtls_pk_rsa_alt_sign_func)( void *ctx, - int (*f_rng)(void *, unsigned char *, size_t), void *p_rng, - mbedtls_md_type_t md_alg, unsigned int hashlen, - const unsigned char *hash, unsigned char *sig ); -typedef size_t (*mbedtls_pk_rsa_alt_key_len_func)( void *ctx ); -#endif /* MBEDTLS_PK_RSA_ALT_SUPPORT */ - -/** - * \brief Return information associated with the given PK type - * - * \param pk_type PK type to search for. - * - * \return The PK info associated with the type or NULL if not found. - */ -const mbedtls_pk_info_t *mbedtls_pk_info_from_type( mbedtls_pk_type_t pk_type ); - -/** - * \brief Initialize a #mbedtls_pk_context (as NONE). - * - * \param ctx The context to initialize. - * This must not be \c NULL. - */ -void mbedtls_pk_init( mbedtls_pk_context *ctx ); - -/** - * \brief Free the components of a #mbedtls_pk_context. - * - * \param ctx The context to clear. It must have been initialized. - * If this is \c NULL, this function does nothing. - * - * \note For contexts that have been set up with - * mbedtls_pk_setup_opaque(), this does not free the underlying - * PSA key and you still need to call psa_destroy_key() - * independently if you want to destroy that key. - */ -void mbedtls_pk_free( mbedtls_pk_context *ctx ); - -#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE) -/** - * \brief Initialize a restart context - * - * \param ctx The context to initialize. - * This must not be \c NULL. - */ -void mbedtls_pk_restart_init( mbedtls_pk_restart_ctx *ctx ); - -/** - * \brief Free the components of a restart context - * - * \param ctx The context to clear. It must have been initialized. - * If this is \c NULL, this function does nothing. - */ -void mbedtls_pk_restart_free( mbedtls_pk_restart_ctx *ctx ); -#endif /* MBEDTLS_ECDSA_C && MBEDTLS_ECP_RESTARTABLE */ - -/** - * \brief Initialize a PK context with the information given - * and allocates the type-specific PK subcontext. - * - * \param ctx Context to initialize. It must not have been set - * up yet (type #MBEDTLS_PK_NONE). - * \param info Information to use - * - * \return 0 on success, - * MBEDTLS_ERR_PK_BAD_INPUT_DATA on invalid input, - * MBEDTLS_ERR_PK_ALLOC_FAILED on allocation failure. - * - * \note For contexts holding an RSA-alt key, use - * \c mbedtls_pk_setup_rsa_alt() instead. - */ -int mbedtls_pk_setup( mbedtls_pk_context *ctx, const mbedtls_pk_info_t *info ); - -#if defined(MBEDTLS_USE_PSA_CRYPTO) -/** - * \brief Initialize a PK context to wrap a PSA key. - * - * \note This function replaces mbedtls_pk_setup() for contexts - * that wrap a (possibly opaque) PSA key instead of - * storing and manipulating the key material directly. - * - * \param ctx The context to initialize. It must be empty (type NONE). - * \param key The PSA key to wrap, which must hold an ECC key pair - * (see notes below). - * - * \note The wrapped key must remain valid as long as the - * wrapping PK context is in use, that is at least between - * the point this function is called and the point - * mbedtls_pk_free() is called on this context. The wrapped - * key might then be independently used or destroyed. - * - * \note This function is currently only available for ECC key - * pairs (that is, ECC keys containing private key material). - * Support for other key types may be added later. - * - * \return \c 0 on success. - * \return #MBEDTLS_ERR_PK_BAD_INPUT_DATA on invalid input - * (context already used, invalid key identifier). - * \return #MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE if the key is not an - * ECC key pair. - * \return #MBEDTLS_ERR_PK_ALLOC_FAILED on allocation failure. - */ -int mbedtls_pk_setup_opaque( mbedtls_pk_context *ctx, - const psa_key_id_t key ); -#endif /* MBEDTLS_USE_PSA_CRYPTO */ - -#if defined(MBEDTLS_PK_RSA_ALT_SUPPORT) -/** - * \brief Initialize an RSA-alt context - * - * \param ctx Context to initialize. It must not have been set - * up yet (type #MBEDTLS_PK_NONE). - * \param key RSA key pointer - * \param decrypt_func Decryption function - * \param sign_func Signing function - * \param key_len_func Function returning key length in bytes - * - * \return 0 on success, or MBEDTLS_ERR_PK_BAD_INPUT_DATA if the - * context wasn't already initialized as RSA_ALT. - * - * \note This function replaces \c mbedtls_pk_setup() for RSA-alt. - */ -int mbedtls_pk_setup_rsa_alt( mbedtls_pk_context *ctx, void * key, - mbedtls_pk_rsa_alt_decrypt_func decrypt_func, - mbedtls_pk_rsa_alt_sign_func sign_func, - mbedtls_pk_rsa_alt_key_len_func key_len_func ); -#endif /* MBEDTLS_PK_RSA_ALT_SUPPORT */ - -/** - * \brief Get the size in bits of the underlying key - * - * \param ctx The context to query. It must have been initialized. - * - * \return Key size in bits, or 0 on error - */ -size_t mbedtls_pk_get_bitlen( const mbedtls_pk_context *ctx ); - -/** - * \brief Get the length in bytes of the underlying key - * - * \param ctx The context to query. It must have been initialized. - * - * \return Key length in bytes, or 0 on error - */ -static inline size_t mbedtls_pk_get_len( const mbedtls_pk_context *ctx ) -{ - return( ( mbedtls_pk_get_bitlen( ctx ) + 7 ) / 8 ); -} - -/** - * \brief Tell if a context can do the operation given by type - * - * \param ctx The context to query. It must have been initialized. - * \param type The desired type. - * - * \return 1 if the context can do operations on the given type. - * \return 0 if the context cannot do the operations on the given - * type. This is always the case for a context that has - * been initialized but not set up, or that has been - * cleared with mbedtls_pk_free(). - */ -int mbedtls_pk_can_do( const mbedtls_pk_context *ctx, mbedtls_pk_type_t type ); - -/** - * \brief Verify signature (including padding if relevant). - * - * \param ctx The PK context to use. It must have been set up. - * \param md_alg Hash algorithm used. - * This can be #MBEDTLS_MD_NONE if the signature algorithm - * does not rely on a hash algorithm (non-deterministic - * ECDSA, RSA PKCS#1 v1.5). - * For PKCS#1 v1.5, if \p md_alg is #MBEDTLS_MD_NONE, then - * \p hash is the DigestInfo structure used by RFC 8017 - * §9.2 steps 3–6. If \p md_alg is a valid hash - * algorithm then \p hash is the digest itself, and this - * function calculates the DigestInfo encoding internally. - * \param hash Hash of the message to sign - * \param hash_len Hash length - * \param sig Signature to verify - * \param sig_len Signature length - * - * \return 0 on success (signature is valid), - * #MBEDTLS_ERR_PK_SIG_LEN_MISMATCH if there is a valid - * signature in sig but its length is less than \p siglen, - * or a specific error code. - * - * \note For RSA keys, the default padding type is PKCS#1 v1.5. - * Use \c mbedtls_pk_verify_ext( MBEDTLS_PK_RSASSA_PSS, ... ) - * to verify RSASSA_PSS signatures. - */ -int mbedtls_pk_verify( mbedtls_pk_context *ctx, mbedtls_md_type_t md_alg, - const unsigned char *hash, size_t hash_len, - const unsigned char *sig, size_t sig_len ); - -/** - * \brief Restartable version of \c mbedtls_pk_verify() - * - * \note Performs the same job as \c mbedtls_pk_verify(), but can - * return early and restart according to the limit set with - * \c mbedtls_ecp_set_max_ops() to reduce blocking for ECC - * operations. For RSA, same as \c mbedtls_pk_verify(). - * - * \param ctx The PK context to use. It must have been set up. - * \param md_alg Hash algorithm used (see notes) - * \param hash Hash of the message to sign - * \param hash_len Hash length or 0 (see notes) - * \param sig Signature to verify - * \param sig_len Signature length - * \param rs_ctx Restart context (NULL to disable restart) - * - * \return See \c mbedtls_pk_verify(), or - * \return #MBEDTLS_ERR_ECP_IN_PROGRESS if maximum number of - * operations was reached: see \c mbedtls_ecp_set_max_ops(). - */ -int mbedtls_pk_verify_restartable( mbedtls_pk_context *ctx, - mbedtls_md_type_t md_alg, - const unsigned char *hash, size_t hash_len, - const unsigned char *sig, size_t sig_len, - mbedtls_pk_restart_ctx *rs_ctx ); - -/** - * \brief Verify signature, with options. - * (Includes verification of the padding depending on type.) - * - * \param type Signature type (inc. possible padding type) to verify - * \param options Pointer to type-specific options, or NULL - * \param ctx The PK context to use. It must have been set up. - * \param md_alg Hash algorithm used (see notes) - * \param hash Hash of the message to sign - * \param hash_len Hash length or 0 (see notes) - * \param sig Signature to verify - * \param sig_len Signature length - * - * \return 0 on success (signature is valid), - * #MBEDTLS_ERR_PK_TYPE_MISMATCH if the PK context can't be - * used for this type of signatures, - * #MBEDTLS_ERR_PK_SIG_LEN_MISMATCH if there is a valid - * signature in sig but its length is less than \p siglen, - * or a specific error code. - * - * \note If hash_len is 0, then the length associated with md_alg - * is used instead, or an error returned if it is invalid. - * - * \note md_alg may be MBEDTLS_MD_NONE, only if hash_len != 0 - * - * \note If type is MBEDTLS_PK_RSASSA_PSS, then options must point - * to a mbedtls_pk_rsassa_pss_options structure, - * otherwise it must be NULL. - */ -int mbedtls_pk_verify_ext( mbedtls_pk_type_t type, const void *options, - mbedtls_pk_context *ctx, mbedtls_md_type_t md_alg, - const unsigned char *hash, size_t hash_len, - const unsigned char *sig, size_t sig_len ); - -/** - * \brief Make signature, including padding if relevant. - * - * \param ctx The PK context to use. It must have been set up - * with a private key. - * \param md_alg Hash algorithm used (see notes) - * \param hash Hash of the message to sign - * \param hash_len Hash length - * \param sig Place to write the signature. - * It must have enough room for the signature. - * #MBEDTLS_PK_SIGNATURE_MAX_SIZE is always enough. - * You may use a smaller buffer if it is large enough - * given the key type. - * \param sig_size The size of the \p sig buffer in bytes. - * \param sig_len On successful return, - * the number of bytes written to \p sig. - * \param f_rng RNG function, must not be \c NULL. - * \param p_rng RNG parameter - * - * \return 0 on success, or a specific error code. - * - * \note For RSA keys, the default padding type is PKCS#1 v1.5. - * There is no interface in the PK module to make RSASSA-PSS - * signatures yet. - * - * \note For RSA, md_alg may be MBEDTLS_MD_NONE if hash_len != 0. - * For ECDSA, md_alg may never be MBEDTLS_MD_NONE. - */ -int mbedtls_pk_sign( mbedtls_pk_context *ctx, mbedtls_md_type_t md_alg, - const unsigned char *hash, size_t hash_len, - unsigned char *sig, size_t sig_size, size_t *sig_len, - int (*f_rng)(void *, unsigned char *, size_t), void *p_rng ); - -/** - * \brief Restartable version of \c mbedtls_pk_sign() - * - * \note Performs the same job as \c mbedtls_pk_sign(), but can - * return early and restart according to the limit set with - * \c mbedtls_ecp_set_max_ops() to reduce blocking for ECC - * operations. For RSA, same as \c mbedtls_pk_sign(). - * - * \param ctx The PK context to use. It must have been set up - * with a private key. - * \param md_alg Hash algorithm used (see notes for mbedtls_pk_sign()) - * \param hash Hash of the message to sign - * \param hash_len Hash length - * \param sig Place to write the signature. - * It must have enough room for the signature. - * #MBEDTLS_PK_SIGNATURE_MAX_SIZE is always enough. - * You may use a smaller buffer if it is large enough - * given the key type. - * \param sig_size The size of the \p sig buffer in bytes. - * \param sig_len On successful return, - * the number of bytes written to \p sig. - * \param f_rng RNG function, must not be \c NULL. - * \param p_rng RNG parameter - * \param rs_ctx Restart context (NULL to disable restart) - * - * \return See \c mbedtls_pk_sign(). - * \return #MBEDTLS_ERR_ECP_IN_PROGRESS if maximum number of - * operations was reached: see \c mbedtls_ecp_set_max_ops(). - */ -int mbedtls_pk_sign_restartable( mbedtls_pk_context *ctx, - mbedtls_md_type_t md_alg, - const unsigned char *hash, size_t hash_len, - unsigned char *sig, size_t sig_size, size_t *sig_len, - int (*f_rng)(void *, unsigned char *, size_t), void *p_rng, - mbedtls_pk_restart_ctx *rs_ctx ); - -/** - * \brief Decrypt message (including padding if relevant). - * - * \param ctx The PK context to use. It must have been set up - * with a private key. - * \param input Input to decrypt - * \param ilen Input size - * \param output Decrypted output - * \param olen Decrypted message length - * \param osize Size of the output buffer - * \param f_rng RNG function, must not be \c NULL. - * \param p_rng RNG parameter - * - * \note For RSA keys, the default padding type is PKCS#1 v1.5. - * - * \return 0 on success, or a specific error code. - */ -int mbedtls_pk_decrypt( mbedtls_pk_context *ctx, - const unsigned char *input, size_t ilen, - unsigned char *output, size_t *olen, size_t osize, - int (*f_rng)(void *, unsigned char *, size_t), void *p_rng ); - -/** - * \brief Encrypt message (including padding if relevant). - * - * \param ctx The PK context to use. It must have been set up. - * \param input Message to encrypt - * \param ilen Message size - * \param output Encrypted output - * \param olen Encrypted output length - * \param osize Size of the output buffer - * \param f_rng RNG function, must not be \c NULL. - * \param p_rng RNG parameter - * - * \note \p f_rng is used for padding generation. - * - * \note For RSA keys, the default padding type is PKCS#1 v1.5. - * - * \return 0 on success, or a specific error code. - */ -int mbedtls_pk_encrypt( mbedtls_pk_context *ctx, - const unsigned char *input, size_t ilen, - unsigned char *output, size_t *olen, size_t osize, - int (*f_rng)(void *, unsigned char *, size_t), void *p_rng ); - -/** - * \brief Check if a public-private pair of keys matches. - * - * \param pub Context holding a public key. - * \param prv Context holding a private (and public) key. - * \param f_rng RNG function, must not be \c NULL. - * \param p_rng RNG parameter - * - * \return \c 0 on success (keys were checked and match each other). - * \return #MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE if the keys could not - * be checked - in that case they may or may not match. - * \return #MBEDTLS_ERR_PK_BAD_INPUT_DATA if a context is invalid. - * \return Another non-zero value if the keys do not match. - */ -int mbedtls_pk_check_pair( const mbedtls_pk_context *pub, - const mbedtls_pk_context *prv, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng ); - -/** - * \brief Export debug information - * - * \param ctx The PK context to use. It must have been initialized. - * \param items Place to write debug items - * - * \return 0 on success or MBEDTLS_ERR_PK_BAD_INPUT_DATA - */ -int mbedtls_pk_debug( const mbedtls_pk_context *ctx, mbedtls_pk_debug_item *items ); - -/** - * \brief Access the type name - * - * \param ctx The PK context to use. It must have been initialized. - * - * \return Type name on success, or "invalid PK" - */ -const char * mbedtls_pk_get_name( const mbedtls_pk_context *ctx ); - -/** - * \brief Get the key type - * - * \param ctx The PK context to use. It must have been initialized. - * - * \return Type on success. - * \return #MBEDTLS_PK_NONE for a context that has not been set up. - */ -mbedtls_pk_type_t mbedtls_pk_get_type( const mbedtls_pk_context *ctx ); - -#if defined(MBEDTLS_PK_PARSE_C) -/** \ingroup pk_module */ -/** - * \brief Parse a private key in PEM or DER format - * - * \param ctx The PK context to fill. It must have been initialized - * but not set up. - * \param key Input buffer to parse. - * The buffer must contain the input exactly, with no - * extra trailing material. For PEM, the buffer must - * contain a null-terminated string. - * \param keylen Size of \b key in bytes. - * For PEM data, this includes the terminating null byte, - * so \p keylen must be equal to `strlen(key) + 1`. - * \param pwd Optional password for decryption. - * Pass \c NULL if expecting a non-encrypted key. - * Pass a string of \p pwdlen bytes if expecting an encrypted - * key; a non-encrypted key will also be accepted. - * The empty password is not supported. - * \param pwdlen Size of the password in bytes. - * Ignored if \p pwd is \c NULL. - * \param f_rng RNG function, must not be \c NULL. Used for blinding. - * \param p_rng RNG parameter - * - * \note On entry, ctx must be empty, either freshly initialised - * with mbedtls_pk_init() or reset with mbedtls_pk_free(). If you need a - * specific key type, check the result with mbedtls_pk_can_do(). - * - * \note The key is also checked for correctness. - * - * \return 0 if successful, or a specific PK or PEM error code - */ -int mbedtls_pk_parse_key( mbedtls_pk_context *ctx, - const unsigned char *key, size_t keylen, - const unsigned char *pwd, size_t pwdlen, - int (*f_rng)(void *, unsigned char *, size_t), void *p_rng ); - -/** \ingroup pk_module */ -/** - * \brief Parse a public key in PEM or DER format - * - * \param ctx The PK context to fill. It must have been initialized - * but not set up. - * \param key Input buffer to parse. - * The buffer must contain the input exactly, with no - * extra trailing material. For PEM, the buffer must - * contain a null-terminated string. - * \param keylen Size of \b key in bytes. - * For PEM data, this includes the terminating null byte, - * so \p keylen must be equal to `strlen(key) + 1`. - * - * \note On entry, ctx must be empty, either freshly initialised - * with mbedtls_pk_init() or reset with mbedtls_pk_free(). If you need a - * specific key type, check the result with mbedtls_pk_can_do(). - * - * \note The key is also checked for correctness. - * - * \return 0 if successful, or a specific PK or PEM error code - */ -int mbedtls_pk_parse_public_key( mbedtls_pk_context *ctx, - const unsigned char *key, size_t keylen ); - -#if defined(MBEDTLS_FS_IO) -/** \ingroup pk_module */ -/** - * \brief Load and parse a private key - * - * \param ctx The PK context to fill. It must have been initialized - * but not set up. - * \param path filename to read the private key from - * \param password Optional password to decrypt the file. - * Pass \c NULL if expecting a non-encrypted key. - * Pass a null-terminated string if expecting an encrypted - * key; a non-encrypted key will also be accepted. - * The empty password is not supported. - * \param f_rng RNG function, must not be \c NULL. Used for blinding. - * \param p_rng RNG parameter - * - * \note On entry, ctx must be empty, either freshly initialised - * with mbedtls_pk_init() or reset with mbedtls_pk_free(). If you need a - * specific key type, check the result with mbedtls_pk_can_do(). - * - * \note The key is also checked for correctness. - * - * \return 0 if successful, or a specific PK or PEM error code - */ -int mbedtls_pk_parse_keyfile( mbedtls_pk_context *ctx, - const char *path, const char *password, - int (*f_rng)(void *, unsigned char *, size_t), void *p_rng ); - -/** \ingroup pk_module */ -/** - * \brief Load and parse a public key - * - * \param ctx The PK context to fill. It must have been initialized - * but not set up. - * \param path filename to read the public key from - * - * \note On entry, ctx must be empty, either freshly initialised - * with mbedtls_pk_init() or reset with mbedtls_pk_free(). If - * you need a specific key type, check the result with - * mbedtls_pk_can_do(). - * - * \note The key is also checked for correctness. - * - * \return 0 if successful, or a specific PK or PEM error code - */ -int mbedtls_pk_parse_public_keyfile( mbedtls_pk_context *ctx, const char *path ); -#endif /* MBEDTLS_FS_IO */ -#endif /* MBEDTLS_PK_PARSE_C */ - -#if defined(MBEDTLS_PK_WRITE_C) -/** - * \brief Write a private key to a PKCS#1 or SEC1 DER structure - * Note: data is written at the end of the buffer! Use the - * return value to determine where you should start - * using the buffer - * - * \param ctx PK context which must contain a valid private key. - * \param buf buffer to write to - * \param size size of the buffer - * - * \return length of data written if successful, or a specific - * error code - */ -int mbedtls_pk_write_key_der( const mbedtls_pk_context *ctx, unsigned char *buf, size_t size ); - -/** - * \brief Write a public key to a SubjectPublicKeyInfo DER structure - * Note: data is written at the end of the buffer! Use the - * return value to determine where you should start - * using the buffer - * - * \param ctx PK context which must contain a valid public or private key. - * \param buf buffer to write to - * \param size size of the buffer - * - * \return length of data written if successful, or a specific - * error code - */ -int mbedtls_pk_write_pubkey_der( const mbedtls_pk_context *ctx, unsigned char *buf, size_t size ); - -#if defined(MBEDTLS_PEM_WRITE_C) -/** - * \brief Write a public key to a PEM string - * - * \param ctx PK context which must contain a valid public or private key. - * \param buf Buffer to write to. The output includes a - * terminating null byte. - * \param size Size of the buffer in bytes. - * - * \return 0 if successful, or a specific error code - */ -int mbedtls_pk_write_pubkey_pem( const mbedtls_pk_context *ctx, unsigned char *buf, size_t size ); - -/** - * \brief Write a private key to a PKCS#1 or SEC1 PEM string - * - * \param ctx PK context which must contain a valid private key. - * \param buf Buffer to write to. The output includes a - * terminating null byte. - * \param size Size of the buffer in bytes. - * - * \return 0 if successful, or a specific error code - */ -int mbedtls_pk_write_key_pem( const mbedtls_pk_context *ctx, unsigned char *buf, size_t size ); -#endif /* MBEDTLS_PEM_WRITE_C */ -#endif /* MBEDTLS_PK_WRITE_C */ - -/* - * WARNING: Low-level functions. You probably do not want to use these unless - * you are certain you do ;) - */ - -#if defined(MBEDTLS_PK_PARSE_C) -/** - * \brief Parse a SubjectPublicKeyInfo DER structure - * - * \param p the position in the ASN.1 data - * \param end end of the buffer - * \param pk The PK context to fill. It must have been initialized - * but not set up. - * - * \return 0 if successful, or a specific PK error code - */ -int mbedtls_pk_parse_subpubkey( unsigned char **p, const unsigned char *end, - mbedtls_pk_context *pk ); -#endif /* MBEDTLS_PK_PARSE_C */ - -#if defined(MBEDTLS_PK_WRITE_C) -/** - * \brief Write a subjectPublicKey to ASN.1 data - * Note: function works backwards in data buffer - * - * \param p reference to current position pointer - * \param start start of the buffer (for bounds-checking) - * \param key PK context which must contain a valid public or private key. - * - * \return the length written or a negative error code - */ -int mbedtls_pk_write_pubkey( unsigned char **p, unsigned char *start, - const mbedtls_pk_context *key ); -#endif /* MBEDTLS_PK_WRITE_C */ - -/* - * Internal module functions. You probably do not want to use these unless you - * know you do. - */ -#if defined(MBEDTLS_FS_IO) -int mbedtls_pk_load_file( const char *path, unsigned char **buf, size_t *n ); -#endif - -#if defined(MBEDTLS_USE_PSA_CRYPTO) -/** - * \brief Turn an EC key into an opaque one. - * - * \warning This is a temporary utility function for tests. It might - * change or be removed at any time without notice. - * - * \note Only ECDSA keys are supported so far. Signing with the - * specified hash is the only allowed use of that key. - * - * \param pk Input: the EC key to import to a PSA key. - * Output: a PK context wrapping that PSA key. - * \param key Output: a PSA key identifier. - * It's the caller's responsibility to call - * psa_destroy_key() on that key identifier after calling - * mbedtls_pk_free() on the PK context. - * \param hash_alg The hash algorithm to allow for use with that key. - * - * \return \c 0 if successful. - * \return An Mbed TLS error code otherwise. - */ -int mbedtls_pk_wrap_as_opaque( mbedtls_pk_context *pk, - psa_key_id_t *key, - psa_algorithm_t hash_alg ); -#endif /* MBEDTLS_USE_PSA_CRYPTO */ - -#ifdef __cplusplus -} -#endif - -#endif /* MBEDTLS_PK_H */ diff --git a/windows/mbedtls/pkcs12.h b/windows/mbedtls/pkcs12.h deleted file mode 100644 index de139ac6..00000000 --- a/windows/mbedtls/pkcs12.h +++ /dev/null @@ -1,105 +0,0 @@ -/** - * \file pkcs12.h - * - * \brief PKCS#12 Personal Information Exchange Syntax - */ -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -#ifndef MBEDTLS_PKCS12_H -#define MBEDTLS_PKCS12_H - -#include "mbedtls/build_info.h" - -#include "mbedtls/md.h" -#include "mbedtls/cipher.h" -#include "mbedtls/asn1.h" - -#include - -#define MBEDTLS_ERR_PKCS12_BAD_INPUT_DATA -0x1F80 /**< Bad input parameters to function. */ -#define MBEDTLS_ERR_PKCS12_FEATURE_UNAVAILABLE -0x1F00 /**< Feature not available, e.g. unsupported encryption scheme. */ -#define MBEDTLS_ERR_PKCS12_PBE_INVALID_FORMAT -0x1E80 /**< PBE ASN.1 data not as expected. */ -#define MBEDTLS_ERR_PKCS12_PASSWORD_MISMATCH -0x1E00 /**< Given private key password does not allow for correct decryption. */ - -#define MBEDTLS_PKCS12_DERIVE_KEY 1 /**< encryption/decryption key */ -#define MBEDTLS_PKCS12_DERIVE_IV 2 /**< initialization vector */ -#define MBEDTLS_PKCS12_DERIVE_MAC_KEY 3 /**< integrity / MAC key */ - -#define MBEDTLS_PKCS12_PBE_DECRYPT 0 -#define MBEDTLS_PKCS12_PBE_ENCRYPT 1 - -#ifdef __cplusplus -extern "C" { -#endif - -#if defined(MBEDTLS_ASN1_PARSE_C) - -/** - * \brief PKCS12 Password Based function (encryption / decryption) - * for cipher-based and mbedtls_md-based PBE's - * - * \param pbe_params an ASN1 buffer containing the pkcs-12PbeParams structure - * \param mode either MBEDTLS_PKCS12_PBE_ENCRYPT or MBEDTLS_PKCS12_PBE_DECRYPT - * \param cipher_type the cipher used - * \param md_type the mbedtls_md used - * \param pwd the password used (may be NULL if no password is used) - * \param pwdlen length of the password (may be 0) - * \param input the input data - * \param len data length - * \param output the output buffer - * - * \return 0 if successful, or a MBEDTLS_ERR_XXX code - */ -int mbedtls_pkcs12_pbe( mbedtls_asn1_buf *pbe_params, int mode, - mbedtls_cipher_type_t cipher_type, mbedtls_md_type_t md_type, - const unsigned char *pwd, size_t pwdlen, - const unsigned char *input, size_t len, - unsigned char *output ); - -#endif /* MBEDTLS_ASN1_PARSE_C */ - -/** - * \brief The PKCS#12 derivation function uses a password and a salt - * to produce pseudo-random bits for a particular "purpose". - * - * Depending on the given id, this function can produce an - * encryption/decryption key, an nitialization vector or an - * integrity key. - * - * \param data buffer to store the derived data in - * \param datalen length to fill - * \param pwd password to use (may be NULL if no password is used) - * \param pwdlen length of the password (may be 0) - * \param salt salt buffer to use - * \param saltlen length of the salt - * \param mbedtls_md mbedtls_md type to use during the derivation - * \param id id that describes the purpose (can be MBEDTLS_PKCS12_DERIVE_KEY, - * MBEDTLS_PKCS12_DERIVE_IV or MBEDTLS_PKCS12_DERIVE_MAC_KEY) - * \param iterations number of iterations - * - * \return 0 if successful, or a MD, BIGNUM type error. - */ -int mbedtls_pkcs12_derivation( unsigned char *data, size_t datalen, - const unsigned char *pwd, size_t pwdlen, - const unsigned char *salt, size_t saltlen, - mbedtls_md_type_t mbedtls_md, int id, int iterations ); - -#ifdef __cplusplus -} -#endif - -#endif /* pkcs12.h */ diff --git a/windows/mbedtls/pkcs5.h b/windows/mbedtls/pkcs5.h deleted file mode 100644 index c339398a..00000000 --- a/windows/mbedtls/pkcs5.h +++ /dev/null @@ -1,103 +0,0 @@ -/** - * \file pkcs5.h - * - * \brief PKCS#5 functions - * - * \author Mathias Olsson - */ -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -#ifndef MBEDTLS_PKCS5_H -#define MBEDTLS_PKCS5_H - -#include "mbedtls/build_info.h" - -#include "mbedtls/asn1.h" -#include "mbedtls/md.h" - -#include -#include - -#define MBEDTLS_ERR_PKCS5_BAD_INPUT_DATA -0x2f80 /**< Bad input parameters to function. */ -#define MBEDTLS_ERR_PKCS5_INVALID_FORMAT -0x2f00 /**< Unexpected ASN.1 data. */ -#define MBEDTLS_ERR_PKCS5_FEATURE_UNAVAILABLE -0x2e80 /**< Requested encryption or digest alg not available. */ -#define MBEDTLS_ERR_PKCS5_PASSWORD_MISMATCH -0x2e00 /**< Given private key password does not allow for correct decryption. */ - -#define MBEDTLS_PKCS5_DECRYPT 0 -#define MBEDTLS_PKCS5_ENCRYPT 1 - -#ifdef __cplusplus -extern "C" { -#endif - -#if defined(MBEDTLS_ASN1_PARSE_C) - -/** - * \brief PKCS#5 PBES2 function - * - * \param pbe_params the ASN.1 algorithm parameters - * \param mode either MBEDTLS_PKCS5_DECRYPT or MBEDTLS_PKCS5_ENCRYPT - * \param pwd password to use when generating key - * \param pwdlen length of password - * \param data data to process - * \param datalen length of data - * \param output output buffer - * - * \returns 0 on success, or a MBEDTLS_ERR_XXX code if verification fails. - */ -int mbedtls_pkcs5_pbes2( const mbedtls_asn1_buf *pbe_params, int mode, - const unsigned char *pwd, size_t pwdlen, - const unsigned char *data, size_t datalen, - unsigned char *output ); - -#endif /* MBEDTLS_ASN1_PARSE_C */ - -/** - * \brief PKCS#5 PBKDF2 using HMAC - * - * \param ctx Generic HMAC context - * \param password Password to use when generating key - * \param plen Length of password - * \param salt Salt to use when generating key - * \param slen Length of salt - * \param iteration_count Iteration count - * \param key_length Length of generated key in bytes - * \param output Generated key. Must be at least as big as key_length - * - * \returns 0 on success, or a MBEDTLS_ERR_XXX code if verification fails. - */ -int mbedtls_pkcs5_pbkdf2_hmac( mbedtls_md_context_t *ctx, const unsigned char *password, - size_t plen, const unsigned char *salt, size_t slen, - unsigned int iteration_count, - uint32_t key_length, unsigned char *output ); - -#if defined(MBEDTLS_SELF_TEST) - -/** - * \brief Checkup routine - * - * \return 0 if successful, or 1 if the test failed - */ -int mbedtls_pkcs5_self_test( int verbose ); - -#endif /* MBEDTLS_SELF_TEST */ - -#ifdef __cplusplus -} -#endif - -#endif /* pkcs5.h */ diff --git a/windows/mbedtls/platform.h b/windows/mbedtls/platform.h deleted file mode 100644 index 277a85c7..00000000 --- a/windows/mbedtls/platform.h +++ /dev/null @@ -1,411 +0,0 @@ -/** - * \file platform.h - * - * \brief This file contains the definitions and functions of the - * Mbed TLS platform abstraction layer. - * - * The platform abstraction layer removes the need for the library - * to directly link to standard C library functions or operating - * system services, making the library easier to port and embed. - * Application developers and users of the library can provide their own - * implementations of these functions, or implementations specific to - * their platform, which can be statically linked to the library or - * dynamically configured at runtime. - */ -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -#ifndef MBEDTLS_PLATFORM_H -#define MBEDTLS_PLATFORM_H -#include "mbedtls/private_access.h" - -#include "mbedtls/build_info.h" - -#if defined(MBEDTLS_HAVE_TIME) -#include "mbedtls/platform_time.h" -#endif - -#ifdef __cplusplus -extern "C" { -#endif - -/** - * \name SECTION: Module settings - * - * The configuration options you can set for this module are in this section. - * Either change them in mbedtls_config.h or define them on the compiler command line. - * \{ - */ - -/* The older Microsoft Windows common runtime provides non-conforming - * implementations of some standard library functions, including snprintf - * and vsnprintf. This affects MSVC and MinGW builds. - */ -#if defined(__MINGW32__) || (defined(_MSC_VER) && _MSC_VER <= 1900) -#define MBEDTLS_PLATFORM_HAS_NON_CONFORMING_SNPRINTF -#define MBEDTLS_PLATFORM_HAS_NON_CONFORMING_VSNPRINTF -#endif - -#if !defined(MBEDTLS_PLATFORM_NO_STD_FUNCTIONS) -#include -#include -#include -#if !defined(MBEDTLS_PLATFORM_STD_SNPRINTF) -#if defined(MBEDTLS_PLATFORM_HAS_NON_CONFORMING_SNPRINTF) -#define MBEDTLS_PLATFORM_STD_SNPRINTF mbedtls_platform_win32_snprintf /**< The default \c snprintf function to use. */ -#else -#define MBEDTLS_PLATFORM_STD_SNPRINTF snprintf /**< The default \c snprintf function to use. */ -#endif -#endif -#if !defined(MBEDTLS_PLATFORM_STD_VSNPRINTF) -#if defined(MBEDTLS_PLATFORM_HAS_NON_CONFORMING_VSNPRINTF) -#define MBEDTLS_PLATFORM_STD_VSNPRINTF mbedtls_platform_win32_vsnprintf /**< The default \c vsnprintf function to use. */ -#else -#define MBEDTLS_PLATFORM_STD_VSNPRINTF vsnprintf /**< The default \c vsnprintf function to use. */ -#endif -#endif -#if !defined(MBEDTLS_PLATFORM_STD_PRINTF) -#define MBEDTLS_PLATFORM_STD_PRINTF printf /**< The default \c printf function to use. */ -#endif -#if !defined(MBEDTLS_PLATFORM_STD_FPRINTF) -#define MBEDTLS_PLATFORM_STD_FPRINTF fprintf /**< The default \c fprintf function to use. */ -#endif -#if !defined(MBEDTLS_PLATFORM_STD_CALLOC) -#define MBEDTLS_PLATFORM_STD_CALLOC calloc /**< The default \c calloc function to use. */ -#endif -#if !defined(MBEDTLS_PLATFORM_STD_FREE) -#define MBEDTLS_PLATFORM_STD_FREE free /**< The default \c free function to use. */ -#endif -#if !defined(MBEDTLS_PLATFORM_STD_EXIT) -#define MBEDTLS_PLATFORM_STD_EXIT exit /**< The default \c exit function to use. */ -#endif -#if !defined(MBEDTLS_PLATFORM_STD_TIME) -#define MBEDTLS_PLATFORM_STD_TIME time /**< The default \c time function to use. */ -#endif -#if !defined(MBEDTLS_PLATFORM_STD_EXIT_SUCCESS) -#define MBEDTLS_PLATFORM_STD_EXIT_SUCCESS EXIT_SUCCESS /**< The default exit value to use. */ -#endif -#if !defined(MBEDTLS_PLATFORM_STD_EXIT_FAILURE) -#define MBEDTLS_PLATFORM_STD_EXIT_FAILURE EXIT_FAILURE /**< The default exit value to use. */ -#endif -#if defined(MBEDTLS_FS_IO) -#if !defined(MBEDTLS_PLATFORM_STD_NV_SEED_READ) -#define MBEDTLS_PLATFORM_STD_NV_SEED_READ mbedtls_platform_std_nv_seed_read -#endif -#if !defined(MBEDTLS_PLATFORM_STD_NV_SEED_WRITE) -#define MBEDTLS_PLATFORM_STD_NV_SEED_WRITE mbedtls_platform_std_nv_seed_write -#endif -#if !defined(MBEDTLS_PLATFORM_STD_NV_SEED_FILE) -#define MBEDTLS_PLATFORM_STD_NV_SEED_FILE "seedfile" -#endif -#endif /* MBEDTLS_FS_IO */ -#else /* MBEDTLS_PLATFORM_NO_STD_FUNCTIONS */ -#if defined(MBEDTLS_PLATFORM_STD_MEM_HDR) -#include MBEDTLS_PLATFORM_STD_MEM_HDR -#endif -#endif /* MBEDTLS_PLATFORM_NO_STD_FUNCTIONS */ - - -/* \} name SECTION: Module settings */ - -/* - * The function pointers for calloc and free. - */ -#if defined(MBEDTLS_PLATFORM_MEMORY) -#if defined(MBEDTLS_PLATFORM_FREE_MACRO) && \ - defined(MBEDTLS_PLATFORM_CALLOC_MACRO) -#define mbedtls_free MBEDTLS_PLATFORM_FREE_MACRO -#define mbedtls_calloc MBEDTLS_PLATFORM_CALLOC_MACRO -#else -/* For size_t */ -#include -extern void *mbedtls_calloc( size_t n, size_t size ); -extern void mbedtls_free( void *ptr ); - -/** - * \brief This function dynamically sets the memory-management - * functions used by the library, during runtime. - * - * \param calloc_func The \c calloc function implementation. - * \param free_func The \c free function implementation. - * - * \return \c 0. - */ -int mbedtls_platform_set_calloc_free( void * (*calloc_func)( size_t, size_t ), - void (*free_func)( void * ) ); -#endif /* MBEDTLS_PLATFORM_FREE_MACRO && MBEDTLS_PLATFORM_CALLOC_MACRO */ -#else /* !MBEDTLS_PLATFORM_MEMORY */ -#define mbedtls_free free -#define mbedtls_calloc calloc -#endif /* MBEDTLS_PLATFORM_MEMORY && !MBEDTLS_PLATFORM_{FREE,CALLOC}_MACRO */ - -/* - * The function pointers for fprintf - */ -#if defined(MBEDTLS_PLATFORM_FPRINTF_ALT) -/* We need FILE * */ -#include -extern int (*mbedtls_fprintf)( FILE *stream, const char *format, ... ); - -/** - * \brief This function dynamically configures the fprintf - * function that is called when the - * mbedtls_fprintf() function is invoked by the library. - * - * \param fprintf_func The \c fprintf function implementation. - * - * \return \c 0. - */ -int mbedtls_platform_set_fprintf( int (*fprintf_func)( FILE *stream, const char *, - ... ) ); -#else -#if defined(MBEDTLS_PLATFORM_FPRINTF_MACRO) -#define mbedtls_fprintf MBEDTLS_PLATFORM_FPRINTF_MACRO -#else -#define mbedtls_fprintf fprintf -#endif /* MBEDTLS_PLATFORM_FPRINTF_MACRO */ -#endif /* MBEDTLS_PLATFORM_FPRINTF_ALT */ - -/* - * The function pointers for printf - */ -#if defined(MBEDTLS_PLATFORM_PRINTF_ALT) -extern int (*mbedtls_printf)( const char *format, ... ); - -/** - * \brief This function dynamically configures the snprintf - * function that is called when the mbedtls_snprintf() - * function is invoked by the library. - * - * \param printf_func The \c printf function implementation. - * - * \return \c 0 on success. - */ -int mbedtls_platform_set_printf( int (*printf_func)( const char *, ... ) ); -#else /* !MBEDTLS_PLATFORM_PRINTF_ALT */ -#if defined(MBEDTLS_PLATFORM_PRINTF_MACRO) -#define mbedtls_printf MBEDTLS_PLATFORM_PRINTF_MACRO -#else -#define mbedtls_printf printf -#endif /* MBEDTLS_PLATFORM_PRINTF_MACRO */ -#endif /* MBEDTLS_PLATFORM_PRINTF_ALT */ - -/* - * The function pointers for snprintf - * - * The snprintf implementation should conform to C99: - * - it *must* always correctly zero-terminate the buffer - * (except when n == 0, then it must leave the buffer untouched) - * - however it is acceptable to return -1 instead of the required length when - * the destination buffer is too short. - */ -#if defined(MBEDTLS_PLATFORM_HAS_NON_CONFORMING_SNPRINTF) -/* For Windows (inc. MSYS2), we provide our own fixed implementation */ -int mbedtls_platform_win32_snprintf( char *s, size_t n, const char *fmt, ... ); -#endif - -#if defined(MBEDTLS_PLATFORM_SNPRINTF_ALT) -extern int (*mbedtls_snprintf)( char * s, size_t n, const char * format, ... ); - -/** - * \brief This function allows configuring a custom - * \c snprintf function pointer. - * - * \param snprintf_func The \c snprintf function implementation. - * - * \return \c 0 on success. - */ -int mbedtls_platform_set_snprintf( int (*snprintf_func)( char * s, size_t n, - const char * format, ... ) ); -#else /* MBEDTLS_PLATFORM_SNPRINTF_ALT */ -#if defined(MBEDTLS_PLATFORM_SNPRINTF_MACRO) -#define mbedtls_snprintf MBEDTLS_PLATFORM_SNPRINTF_MACRO -#else -#define mbedtls_snprintf MBEDTLS_PLATFORM_STD_SNPRINTF -#endif /* MBEDTLS_PLATFORM_SNPRINTF_MACRO */ -#endif /* MBEDTLS_PLATFORM_SNPRINTF_ALT */ - -/* - * The function pointers for vsnprintf - * - * The vsnprintf implementation should conform to C99: - * - it *must* always correctly zero-terminate the buffer - * (except when n == 0, then it must leave the buffer untouched) - * - however it is acceptable to return -1 instead of the required length when - * the destination buffer is too short. - */ -#if defined(MBEDTLS_PLATFORM_HAS_NON_CONFORMING_VSNPRINTF) -#include -/* For Older Windows (inc. MSYS2), we provide our own fixed implementation */ -int mbedtls_platform_win32_vsnprintf( char *s, size_t n, const char *fmt, va_list arg ); -#endif - -#if defined(MBEDTLS_PLATFORM_VSNPRINTF_ALT) -#include -extern int (*mbedtls_vsnprintf)( char * s, size_t n, const char * format, va_list arg ); - -/** - * \brief Set your own snprintf function pointer - * - * \param vsnprintf_func The \c vsnprintf function implementation - * - * \return \c 0 - */ -int mbedtls_platform_set_vsnprintf( int (*vsnprintf_func)( char * s, size_t n, - const char * format, va_list arg ) ); -#else /* MBEDTLS_PLATFORM_VSNPRINTF_ALT */ -#if defined(MBEDTLS_PLATFORM_VSNPRINTF_MACRO) -#define mbedtls_vsnprintf MBEDTLS_PLATFORM_VSNPRINTF_MACRO -#else -#define mbedtls_vsnprintf vsnprintf -#endif /* MBEDTLS_PLATFORM_VSNPRINTF_MACRO */ -#endif /* MBEDTLS_PLATFORM_VSNPRINTF_ALT */ - -/* - * The function pointers for exit - */ -#if defined(MBEDTLS_PLATFORM_EXIT_ALT) -extern void (*mbedtls_exit)( int status ); - -/** - * \brief This function dynamically configures the exit - * function that is called when the mbedtls_exit() - * function is invoked by the library. - * - * \param exit_func The \c exit function implementation. - * - * \return \c 0 on success. - */ -int mbedtls_platform_set_exit( void (*exit_func)( int status ) ); -#else -#if defined(MBEDTLS_PLATFORM_EXIT_MACRO) -#define mbedtls_exit MBEDTLS_PLATFORM_EXIT_MACRO -#else -#define mbedtls_exit exit -#endif /* MBEDTLS_PLATFORM_EXIT_MACRO */ -#endif /* MBEDTLS_PLATFORM_EXIT_ALT */ - -/* - * The default exit values - */ -#if defined(MBEDTLS_PLATFORM_STD_EXIT_SUCCESS) -#define MBEDTLS_EXIT_SUCCESS MBEDTLS_PLATFORM_STD_EXIT_SUCCESS -#else -#define MBEDTLS_EXIT_SUCCESS 0 -#endif -#if defined(MBEDTLS_PLATFORM_STD_EXIT_FAILURE) -#define MBEDTLS_EXIT_FAILURE MBEDTLS_PLATFORM_STD_EXIT_FAILURE -#else -#define MBEDTLS_EXIT_FAILURE 1 -#endif - -/* - * The function pointers for reading from and writing a seed file to - * Non-Volatile storage (NV) in a platform-independent way - * - * Only enabled when the NV seed entropy source is enabled - */ -#if defined(MBEDTLS_ENTROPY_NV_SEED) -#if !defined(MBEDTLS_PLATFORM_NO_STD_FUNCTIONS) && defined(MBEDTLS_FS_IO) -/* Internal standard platform definitions */ -int mbedtls_platform_std_nv_seed_read( unsigned char *buf, size_t buf_len ); -int mbedtls_platform_std_nv_seed_write( unsigned char *buf, size_t buf_len ); -#endif - -#if defined(MBEDTLS_PLATFORM_NV_SEED_ALT) -extern int (*mbedtls_nv_seed_read)( unsigned char *buf, size_t buf_len ); -extern int (*mbedtls_nv_seed_write)( unsigned char *buf, size_t buf_len ); - -/** - * \brief This function allows configuring custom seed file writing and - * reading functions. - * - * \param nv_seed_read_func The seed reading function implementation. - * \param nv_seed_write_func The seed writing function implementation. - * - * \return \c 0 on success. - */ -int mbedtls_platform_set_nv_seed( - int (*nv_seed_read_func)( unsigned char *buf, size_t buf_len ), - int (*nv_seed_write_func)( unsigned char *buf, size_t buf_len ) - ); -#else -#if defined(MBEDTLS_PLATFORM_NV_SEED_READ_MACRO) && \ - defined(MBEDTLS_PLATFORM_NV_SEED_WRITE_MACRO) -#define mbedtls_nv_seed_read MBEDTLS_PLATFORM_NV_SEED_READ_MACRO -#define mbedtls_nv_seed_write MBEDTLS_PLATFORM_NV_SEED_WRITE_MACRO -#else -#define mbedtls_nv_seed_read mbedtls_platform_std_nv_seed_read -#define mbedtls_nv_seed_write mbedtls_platform_std_nv_seed_write -#endif -#endif /* MBEDTLS_PLATFORM_NV_SEED_ALT */ -#endif /* MBEDTLS_ENTROPY_NV_SEED */ - -#if !defined(MBEDTLS_PLATFORM_SETUP_TEARDOWN_ALT) - -/** - * \brief The platform context structure. - * - * \note This structure may be used to assist platform-specific - * setup or teardown operations. - */ -typedef struct mbedtls_platform_context -{ - char MBEDTLS_PRIVATE(dummy); /**< A placeholder member, as empty structs are not portable. */ -} -mbedtls_platform_context; - -#else -#include "platform_alt.h" -#endif /* !MBEDTLS_PLATFORM_SETUP_TEARDOWN_ALT */ - -/** - * \brief This function performs any platform-specific initialization - * operations. - * - * \note This function should be called before any other library functions. - * - * Its implementation is platform-specific, and unless - * platform-specific code is provided, it does nothing. - * - * \note The usage and necessity of this function is dependent on the platform. - * - * \param ctx The platform context. - * - * \return \c 0 on success. - */ -int mbedtls_platform_setup( mbedtls_platform_context *ctx ); -/** - * \brief This function performs any platform teardown operations. - * - * \note This function should be called after every other Mbed TLS module - * has been correctly freed using the appropriate free function. - * - * Its implementation is platform-specific, and unless - * platform-specific code is provided, it does nothing. - * - * \note The usage and necessity of this function is dependent on the platform. - * - * \param ctx The platform context. - * - */ -void mbedtls_platform_teardown( mbedtls_platform_context *ctx ); - -#ifdef __cplusplus -} -#endif - -#endif /* platform.h */ diff --git a/windows/mbedtls/platform_time.h b/windows/mbedtls/platform_time.h deleted file mode 100644 index 8d4b95d1..00000000 --- a/windows/mbedtls/platform_time.h +++ /dev/null @@ -1,76 +0,0 @@ -/** - * \file platform_time.h - * - * \brief mbed TLS Platform time abstraction - */ -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -#ifndef MBEDTLS_PLATFORM_TIME_H -#define MBEDTLS_PLATFORM_TIME_H - -#include "mbedtls/build_info.h" - -#ifdef __cplusplus -extern "C" { -#endif - -/** - * \name SECTION: Module settings - * - * The configuration options you can set for this module are in this section. - * Either change them in mbedtls_config.h or define them on the compiler command line. - * \{ - */ - -/* - * The time_t datatype - */ -#if defined(MBEDTLS_PLATFORM_TIME_TYPE_MACRO) -typedef MBEDTLS_PLATFORM_TIME_TYPE_MACRO mbedtls_time_t; -#else -/* For time_t */ -#include -typedef time_t mbedtls_time_t; -#endif /* MBEDTLS_PLATFORM_TIME_TYPE_MACRO */ - -/* - * The function pointers for time - */ -#if defined(MBEDTLS_PLATFORM_TIME_ALT) -extern mbedtls_time_t (*mbedtls_time)( mbedtls_time_t* time ); - -/** - * \brief Set your own time function pointer - * - * \param time_func the time function implementation - * - * \return 0 - */ -int mbedtls_platform_set_time( mbedtls_time_t (*time_func)( mbedtls_time_t* time ) ); -#else -#if defined(MBEDTLS_PLATFORM_TIME_MACRO) -#define mbedtls_time MBEDTLS_PLATFORM_TIME_MACRO -#else -#define mbedtls_time time -#endif /* MBEDTLS_PLATFORM_TIME_MACRO */ -#endif /* MBEDTLS_PLATFORM_TIME_ALT */ - -#ifdef __cplusplus -} -#endif - -#endif /* platform_time.h */ diff --git a/windows/mbedtls/platform_util.h b/windows/mbedtls/platform_util.h deleted file mode 100644 index 1a0a1351..00000000 --- a/windows/mbedtls/platform_util.h +++ /dev/null @@ -1,122 +0,0 @@ -/** - * \file platform_util.h - * - * \brief Common and shared functions used by multiple modules in the Mbed TLS - * library. - */ -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -#ifndef MBEDTLS_PLATFORM_UTIL_H -#define MBEDTLS_PLATFORM_UTIL_H - -#include "mbedtls/build_info.h" - -#include -#if defined(MBEDTLS_HAVE_TIME_DATE) -#include "mbedtls/platform_time.h" -#include -#endif /* MBEDTLS_HAVE_TIME_DATE */ - -#ifdef __cplusplus -extern "C" { -#endif - -/* Internal macros meant to be called only from within the library. */ -#define MBEDTLS_INTERNAL_VALIDATE_RET( cond, ret ) do { } while( 0 ) -#define MBEDTLS_INTERNAL_VALIDATE( cond ) do { } while( 0 ) - -/* Internal helper macros for deprecating API constants. */ -#if !defined(MBEDTLS_DEPRECATED_REMOVED) -#if defined(MBEDTLS_DEPRECATED_WARNING) -/* Deliberately don't (yet) export MBEDTLS_DEPRECATED here - * to avoid conflict with other headers which define and use - * it, too. We might want to move all these definitions here at - * some point for uniformity. */ -#define MBEDTLS_DEPRECATED __attribute__((deprecated)) -MBEDTLS_DEPRECATED typedef char const * mbedtls_deprecated_string_constant_t; -#define MBEDTLS_DEPRECATED_STRING_CONSTANT( VAL ) \ - ( (mbedtls_deprecated_string_constant_t) ( VAL ) ) -MBEDTLS_DEPRECATED typedef int mbedtls_deprecated_numeric_constant_t; -#define MBEDTLS_DEPRECATED_NUMERIC_CONSTANT( VAL ) \ - ( (mbedtls_deprecated_numeric_constant_t) ( VAL ) ) -#undef MBEDTLS_DEPRECATED -#else /* MBEDTLS_DEPRECATED_WARNING */ -#define MBEDTLS_DEPRECATED_STRING_CONSTANT( VAL ) VAL -#define MBEDTLS_DEPRECATED_NUMERIC_CONSTANT( VAL ) VAL -#endif /* MBEDTLS_DEPRECATED_WARNING */ -#endif /* MBEDTLS_DEPRECATED_REMOVED */ - -/** - * \brief Securely zeroize a buffer - * - * The function is meant to wipe the data contained in a buffer so - * that it can no longer be recovered even if the program memory - * is later compromised. Call this function on sensitive data - * stored on the stack before returning from a function, and on - * sensitive data stored on the heap before freeing the heap - * object. - * - * It is extremely difficult to guarantee that calls to - * mbedtls_platform_zeroize() are not removed by aggressive - * compiler optimizations in a portable way. For this reason, Mbed - * TLS provides the configuration option - * MBEDTLS_PLATFORM_ZEROIZE_ALT, which allows users to configure - * mbedtls_platform_zeroize() to use a suitable implementation for - * their platform and needs - * - * \param buf Buffer to be zeroized - * \param len Length of the buffer in bytes - * - */ -void mbedtls_platform_zeroize( void *buf, size_t len ); - -#if defined(MBEDTLS_HAVE_TIME_DATE) -/** - * \brief Platform-specific implementation of gmtime_r() - * - * The function is a thread-safe abstraction that behaves - * similarly to the gmtime_r() function from Unix/POSIX. - * - * Mbed TLS will try to identify the underlying platform and - * make use of an appropriate underlying implementation (e.g. - * gmtime_r() for POSIX and gmtime_s() for Windows). If this is - * not possible, then gmtime() will be used. In this case, calls - * from the library to gmtime() will be guarded by the mutex - * mbedtls_threading_gmtime_mutex if MBEDTLS_THREADING_C is - * enabled. It is recommended that calls from outside the library - * are also guarded by this mutex. - * - * If MBEDTLS_PLATFORM_GMTIME_R_ALT is defined, then Mbed TLS will - * unconditionally use the alternative implementation for - * mbedtls_platform_gmtime_r() supplied by the user at compile time. - * - * \param tt Pointer to an object containing time (in seconds) since the - * epoch to be converted - * \param tm_buf Pointer to an object where the results will be stored - * - * \return Pointer to an object of type struct tm on success, otherwise - * NULL - */ -struct tm *mbedtls_platform_gmtime_r( const mbedtls_time_t *tt, - struct tm *tm_buf ); -#endif /* MBEDTLS_HAVE_TIME_DATE */ - -#ifdef __cplusplus -} -#endif - -#endif /* MBEDTLS_PLATFORM_UTIL_H */ diff --git a/windows/mbedtls/poly1305.h b/windows/mbedtls/poly1305.h deleted file mode 100644 index 7984ca4b..00000000 --- a/windows/mbedtls/poly1305.h +++ /dev/null @@ -1,180 +0,0 @@ -/** - * \file poly1305.h - * - * \brief This file contains Poly1305 definitions and functions. - * - * Poly1305 is a one-time message authenticator that can be used to - * authenticate messages. Poly1305-AES was created by Daniel - * Bernstein https://cr.yp.to/mac/poly1305-20050329.pdf The generic - * Poly1305 algorithm (not tied to AES) was also standardized in RFC - * 7539. - * - * \author Daniel King - */ - -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -#ifndef MBEDTLS_POLY1305_H -#define MBEDTLS_POLY1305_H -#include "mbedtls/private_access.h" - -#include "mbedtls/build_info.h" - -#include -#include - -#define MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA -0x0057 /**< Invalid input parameter(s). */ - -#ifdef __cplusplus -extern "C" { -#endif - -#if !defined(MBEDTLS_POLY1305_ALT) - -typedef struct mbedtls_poly1305_context -{ - uint32_t MBEDTLS_PRIVATE(r)[4]; /** The value for 'r' (low 128 bits of the key). */ - uint32_t MBEDTLS_PRIVATE(s)[4]; /** The value for 's' (high 128 bits of the key). */ - uint32_t MBEDTLS_PRIVATE(acc)[5]; /** The accumulator number. */ - uint8_t MBEDTLS_PRIVATE(queue)[16]; /** The current partial block of data. */ - size_t MBEDTLS_PRIVATE(queue_len); /** The number of bytes stored in 'queue'. */ -} -mbedtls_poly1305_context; - -#else /* MBEDTLS_POLY1305_ALT */ -#include "poly1305_alt.h" -#endif /* MBEDTLS_POLY1305_ALT */ - -/** - * \brief This function initializes the specified Poly1305 context. - * - * It must be the first API called before using - * the context. - * - * It is usually followed by a call to - * \c mbedtls_poly1305_starts(), then one or more calls to - * \c mbedtls_poly1305_update(), then one call to - * \c mbedtls_poly1305_finish(), then finally - * \c mbedtls_poly1305_free(). - * - * \param ctx The Poly1305 context to initialize. This must - * not be \c NULL. - */ -void mbedtls_poly1305_init( mbedtls_poly1305_context *ctx ); - -/** - * \brief This function releases and clears the specified - * Poly1305 context. - * - * \param ctx The Poly1305 context to clear. This may be \c NULL, in which - * case this function is a no-op. If it is not \c NULL, it must - * point to an initialized Poly1305 context. - */ -void mbedtls_poly1305_free( mbedtls_poly1305_context *ctx ); - -/** - * \brief This function sets the one-time authentication key. - * - * \warning The key must be unique and unpredictable for each - * invocation of Poly1305. - * - * \param ctx The Poly1305 context to which the key should be bound. - * This must be initialized. - * \param key The buffer containing the \c 32 Byte (\c 256 Bit) key. - * - * \return \c 0 on success. - * \return A negative error code on failure. - */ -int mbedtls_poly1305_starts( mbedtls_poly1305_context *ctx, - const unsigned char key[32] ); - -/** - * \brief This functions feeds an input buffer into an ongoing - * Poly1305 computation. - * - * It is called between \c mbedtls_cipher_poly1305_starts() and - * \c mbedtls_cipher_poly1305_finish(). - * It can be called repeatedly to process a stream of data. - * - * \param ctx The Poly1305 context to use for the Poly1305 operation. - * This must be initialized and bound to a key. - * \param ilen The length of the input data in Bytes. - * Any value is accepted. - * \param input The buffer holding the input data. - * This pointer can be \c NULL if `ilen == 0`. - * - * \return \c 0 on success. - * \return A negative error code on failure. - */ -int mbedtls_poly1305_update( mbedtls_poly1305_context *ctx, - const unsigned char *input, - size_t ilen ); - -/** - * \brief This function generates the Poly1305 Message - * Authentication Code (MAC). - * - * \param ctx The Poly1305 context to use for the Poly1305 operation. - * This must be initialized and bound to a key. - * \param mac The buffer to where the MAC is written. This must - * be a writable buffer of length \c 16 Bytes. - * - * \return \c 0 on success. - * \return A negative error code on failure. - */ -int mbedtls_poly1305_finish( mbedtls_poly1305_context *ctx, - unsigned char mac[16] ); - -/** - * \brief This function calculates the Poly1305 MAC of the input - * buffer with the provided key. - * - * \warning The key must be unique and unpredictable for each - * invocation of Poly1305. - * - * \param key The buffer containing the \c 32 Byte (\c 256 Bit) key. - * \param ilen The length of the input data in Bytes. - * Any value is accepted. - * \param input The buffer holding the input data. - * This pointer can be \c NULL if `ilen == 0`. - * \param mac The buffer to where the MAC is written. This must be - * a writable buffer of length \c 16 Bytes. - * - * \return \c 0 on success. - * \return A negative error code on failure. - */ -int mbedtls_poly1305_mac( const unsigned char key[32], - const unsigned char *input, - size_t ilen, - unsigned char mac[16] ); - -#if defined(MBEDTLS_SELF_TEST) -/** - * \brief The Poly1305 checkup routine. - * - * \return \c 0 on success. - * \return \c 1 on failure. - */ -int mbedtls_poly1305_self_test( int verbose ); -#endif /* MBEDTLS_SELF_TEST */ - -#ifdef __cplusplus -} -#endif - -#endif /* MBEDTLS_POLY1305_H */ diff --git a/windows/mbedtls/private_access.h b/windows/mbedtls/private_access.h deleted file mode 100644 index 98d3419f..00000000 --- a/windows/mbedtls/private_access.h +++ /dev/null @@ -1,32 +0,0 @@ - /** - * \file private_access.h - * - * \brief Macro wrapper for struct's memebrs. - */ -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -#ifndef MBEDTLS_PRIVATE_ACCESS_H -#define MBEDTLS_PRIVATE_ACCESS_H - -#ifndef MBEDTLS_ALLOW_PRIVATE_ACCESS -#define MBEDTLS_PRIVATE(member) private_##member -#else -#define MBEDTLS_PRIVATE(member) member -#endif - -#endif /* MBEDTLS_PRIVATE_ACCESS_H */ diff --git a/windows/mbedtls/psa_util.h b/windows/mbedtls/psa_util.h deleted file mode 100644 index f6f2e580..00000000 --- a/windows/mbedtls/psa_util.h +++ /dev/null @@ -1,503 +0,0 @@ -/** - * \file psa_util.h - * - * \brief Utility functions for the use of the PSA Crypto library. - * - * \warning This function is not part of the public API and may - * change at any time. - */ -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -#ifndef MBEDTLS_PSA_UTIL_H -#define MBEDTLS_PSA_UTIL_H -#include "mbedtls/private_access.h" - -#include "mbedtls/build_info.h" - -#if defined(MBEDTLS_USE_PSA_CRYPTO) - -#include "psa/crypto.h" - -#include "mbedtls/ecp.h" -#include "mbedtls/md.h" -#include "mbedtls/pk.h" -#include "mbedtls/oid.h" -#include "mbedtls/error.h" - -#include - -/* Translations for symmetric crypto. */ - -static inline psa_key_type_t mbedtls_psa_translate_cipher_type( - mbedtls_cipher_type_t cipher ) -{ - switch( cipher ) - { - case MBEDTLS_CIPHER_AES_128_CCM: - case MBEDTLS_CIPHER_AES_192_CCM: - case MBEDTLS_CIPHER_AES_256_CCM: - case MBEDTLS_CIPHER_AES_128_GCM: - case MBEDTLS_CIPHER_AES_192_GCM: - case MBEDTLS_CIPHER_AES_256_GCM: - case MBEDTLS_CIPHER_AES_128_CBC: - case MBEDTLS_CIPHER_AES_192_CBC: - case MBEDTLS_CIPHER_AES_256_CBC: - return( PSA_KEY_TYPE_AES ); - - /* ARIA not yet supported in PSA. */ - /* case MBEDTLS_CIPHER_ARIA_128_CCM: - case MBEDTLS_CIPHER_ARIA_192_CCM: - case MBEDTLS_CIPHER_ARIA_256_CCM: - case MBEDTLS_CIPHER_ARIA_128_GCM: - case MBEDTLS_CIPHER_ARIA_192_GCM: - case MBEDTLS_CIPHER_ARIA_256_GCM: - case MBEDTLS_CIPHER_ARIA_128_CBC: - case MBEDTLS_CIPHER_ARIA_192_CBC: - case MBEDTLS_CIPHER_ARIA_256_CBC: - return( PSA_KEY_TYPE_ARIA ); */ - - default: - return( 0 ); - } -} - -static inline psa_algorithm_t mbedtls_psa_translate_cipher_mode( - mbedtls_cipher_mode_t mode, size_t taglen ) -{ - switch( mode ) - { - case MBEDTLS_MODE_ECB: - return( PSA_ALG_ECB_NO_PADDING ); - case MBEDTLS_MODE_GCM: - return( PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, taglen ) ); - case MBEDTLS_MODE_CCM: - return( PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_CCM, taglen ) ); - case MBEDTLS_MODE_CBC: - if( taglen == 0 ) - return( PSA_ALG_CBC_NO_PADDING ); - else - return( 0 ); - default: - return( 0 ); - } -} - -static inline psa_key_usage_t mbedtls_psa_translate_cipher_operation( - mbedtls_operation_t op ) -{ - switch( op ) - { - case MBEDTLS_ENCRYPT: - return( PSA_KEY_USAGE_ENCRYPT ); - case MBEDTLS_DECRYPT: - return( PSA_KEY_USAGE_DECRYPT ); - default: - return( 0 ); - } -} - -/* Translations for hashing. */ - -static inline psa_algorithm_t mbedtls_psa_translate_md( mbedtls_md_type_t md_alg ) -{ - switch( md_alg ) - { -#if defined(MBEDTLS_MD5_C) - case MBEDTLS_MD_MD5: - return( PSA_ALG_MD5 ); -#endif -#if defined(MBEDTLS_SHA1_C) - case MBEDTLS_MD_SHA1: - return( PSA_ALG_SHA_1 ); -#endif -#if defined(MBEDTLS_SHA224_C) - case MBEDTLS_MD_SHA224: - return( PSA_ALG_SHA_224 ); -#endif -#if defined(MBEDTLS_SHA256_C) - case MBEDTLS_MD_SHA256: - return( PSA_ALG_SHA_256 ); -#endif -#if defined(MBEDTLS_SHA384_C) - case MBEDTLS_MD_SHA384: - return( PSA_ALG_SHA_384 ); -#endif -#if defined(MBEDTLS_SHA512_C) - case MBEDTLS_MD_SHA512: - return( PSA_ALG_SHA_512 ); -#endif -#if defined(MBEDTLS_RIPEMD160_C) - case MBEDTLS_MD_RIPEMD160: - return( PSA_ALG_RIPEMD160 ); -#endif - case MBEDTLS_MD_NONE: - return( 0 ); - default: - return( 0 ); - } -} - -/* Translations for ECC. */ - -static inline int mbedtls_psa_get_ecc_oid_from_id( - psa_ecc_family_t curve, size_t bits, - char const **oid, size_t *oid_len ) -{ - switch( curve ) - { - case PSA_ECC_FAMILY_SECP_R1: - switch( bits ) - { -#if defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED) - case 192: - *oid = MBEDTLS_OID_EC_GRP_SECP192R1; - *oid_len = MBEDTLS_OID_SIZE( MBEDTLS_OID_EC_GRP_SECP192R1 ); - return( 0 ); -#endif /* MBEDTLS_ECP_DP_SECP192R1_ENABLED */ -#if defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED) - case 224: - *oid = MBEDTLS_OID_EC_GRP_SECP224R1; - *oid_len = MBEDTLS_OID_SIZE( MBEDTLS_OID_EC_GRP_SECP224R1 ); - return( 0 ); -#endif /* MBEDTLS_ECP_DP_SECP224R1_ENABLED */ -#if defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED) - case 256: - *oid = MBEDTLS_OID_EC_GRP_SECP256R1; - *oid_len = MBEDTLS_OID_SIZE( MBEDTLS_OID_EC_GRP_SECP256R1 ); - return( 0 ); -#endif /* MBEDTLS_ECP_DP_SECP256R1_ENABLED */ -#if defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED) - case 384: - *oid = MBEDTLS_OID_EC_GRP_SECP384R1; - *oid_len = MBEDTLS_OID_SIZE( MBEDTLS_OID_EC_GRP_SECP384R1 ); - return( 0 ); -#endif /* MBEDTLS_ECP_DP_SECP384R1_ENABLED */ -#if defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED) - case 521: - *oid = MBEDTLS_OID_EC_GRP_SECP521R1; - *oid_len = MBEDTLS_OID_SIZE( MBEDTLS_OID_EC_GRP_SECP521R1 ); - return( 0 ); -#endif /* MBEDTLS_ECP_DP_SECP521R1_ENABLED */ - } - break; - case PSA_ECC_FAMILY_SECP_K1: - switch( bits ) - { -#if defined(MBEDTLS_ECP_DP_SECP192K1_ENABLED) - case 192: - *oid = MBEDTLS_OID_EC_GRP_SECP192K1; - *oid_len = MBEDTLS_OID_SIZE( MBEDTLS_OID_EC_GRP_SECP192K1 ); - return( 0 ); -#endif /* MBEDTLS_ECP_DP_SECP192K1_ENABLED */ -#if defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED) - case 224: - *oid = MBEDTLS_OID_EC_GRP_SECP224K1; - *oid_len = MBEDTLS_OID_SIZE( MBEDTLS_OID_EC_GRP_SECP224K1 ); - return( 0 ); -#endif /* MBEDTLS_ECP_DP_SECP224K1_ENABLED */ -#if defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED) - case 256: - *oid = MBEDTLS_OID_EC_GRP_SECP256K1; - *oid_len = MBEDTLS_OID_SIZE( MBEDTLS_OID_EC_GRP_SECP256K1 ); - return( 0 ); -#endif /* MBEDTLS_ECP_DP_SECP256K1_ENABLED */ - } - break; - case PSA_ECC_FAMILY_BRAINPOOL_P_R1: - switch( bits ) - { -#if defined(MBEDTLS_ECP_DP_BP256R1_ENABLED) - case 256: - *oid = MBEDTLS_OID_EC_GRP_BP256R1; - *oid_len = MBEDTLS_OID_SIZE( MBEDTLS_OID_EC_GRP_BP256R1 ); - return( 0 ); -#endif /* MBEDTLS_ECP_DP_BP256R1_ENABLED */ -#if defined(MBEDTLS_ECP_DP_BP384R1_ENABLED) - case 384: - *oid = MBEDTLS_OID_EC_GRP_BP384R1; - *oid_len = MBEDTLS_OID_SIZE( MBEDTLS_OID_EC_GRP_BP384R1 ); - return( 0 ); -#endif /* MBEDTLS_ECP_DP_BP384R1_ENABLED */ -#if defined(MBEDTLS_ECP_DP_BP512R1_ENABLED) - case 512: - *oid = MBEDTLS_OID_EC_GRP_BP512R1; - *oid_len = MBEDTLS_OID_SIZE( MBEDTLS_OID_EC_GRP_BP512R1 ); - return( 0 ); -#endif /* MBEDTLS_ECP_DP_BP512R1_ENABLED */ - } - break; - } - (void) oid; - (void) oid_len; - return( -1 ); -} - -#define MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH 1 - -#if defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED) -#if MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH < ( 2 * ( ( 192 + 7 ) / 8 ) + 1 ) -#undef MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH -#define MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH ( 2 * ( ( 192 + 7 ) / 8 ) + 1 ) -#endif -#endif /* MBEDTLS_ECP_DP_SECP192R1_ENABLED */ - -#if defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED) -#if MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH < ( 2 * ( ( 224 + 7 ) / 8 ) + 1 ) -#undef MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH -#define MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH ( 2 * ( ( 224 + 7 ) / 8 ) + 1 ) -#endif -#endif /* MBEDTLS_ECP_DP_SECP224R1_ENABLED */ - -#if defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED) -#if MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH < ( 2 * ( ( 256 + 7 ) / 8 ) + 1 ) -#undef MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH -#define MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH ( 2 * ( ( 256 + 7 ) / 8 ) + 1 ) -#endif -#endif /* MBEDTLS_ECP_DP_SECP256R1_ENABLED */ - -#if defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED) -#if MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH < ( 2 * ( ( 384 + 7 ) / 8 ) + 1 ) -#undef MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH -#define MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH ( 2 * ( ( 384 + 7 ) / 8 ) + 1 ) -#endif -#endif /* MBEDTLS_ECP_DP_SECP384R1_ENABLED */ - -#if defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED) -#if MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH < ( 2 * ( ( 521 + 7 ) / 8 ) + 1 ) -#undef MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH -#define MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH ( 2 * ( ( 521 + 7 ) / 8 ) + 1 ) -#endif -#endif /* MBEDTLS_ECP_DP_SECP521R1_ENABLED */ - -#if defined(MBEDTLS_ECP_DP_SECP192K1_ENABLED) -#if MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH < ( 2 * ( ( 192 + 7 ) / 8 ) + 1 ) -#undef MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH -#define MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH ( 2 * ( ( 192 + 7 ) / 8 ) + 1 ) -#endif -#endif /* MBEDTLS_ECP_DP_SECP192K1_ENABLED */ - -#if defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED) -#if MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH < ( 2 * ( ( 224 + 7 ) / 8 ) + 1 ) -#undef MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH -#define MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH ( 2 * ( ( 224 + 7 ) / 8 ) + 1 ) -#endif -#endif /* MBEDTLS_ECP_DP_SECP224K1_ENABLED */ - -#if defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED) -#if MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH < ( 2 * ( ( 256 + 7 ) / 8 ) + 1 ) -#undef MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH -#define MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH ( 2 * ( ( 256 + 7 ) / 8 ) + 1 ) -#endif -#endif /* MBEDTLS_ECP_DP_SECP256K1_ENABLED */ - -#if defined(MBEDTLS_ECP_DP_BP256R1_ENABLED) -#if MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH < ( 2 * ( ( 256 + 7 ) / 8 ) + 1 ) -#undef MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH -#define MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH ( 2 * ( ( 256 + 7 ) / 8 ) + 1 ) -#endif -#endif /* MBEDTLS_ECP_DP_BP256R1_ENABLED */ - -#if defined(MBEDTLS_ECP_DP_BP384R1_ENABLED) -#if MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH < ( 2 * ( ( 384 + 7 ) / 8 ) + 1 ) -#undef MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH -#define MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH ( 2 * ( ( 384 + 7 ) / 8 ) + 1 ) -#endif -#endif /* MBEDTLS_ECP_DP_BP384R1_ENABLED */ - -#if defined(MBEDTLS_ECP_DP_BP512R1_ENABLED) -#if MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH < ( 2 * ( ( 512 + 7 ) / 8 ) + 1 ) -#undef MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH -#define MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH ( 2 * ( ( 512 + 7 ) / 8 ) + 1 ) -#endif -#endif /* MBEDTLS_ECP_DP_BP512R1_ENABLED */ - - -/* Translations for PK layer */ - -static inline int mbedtls_psa_err_translate_pk( psa_status_t status ) -{ - switch( status ) - { - case PSA_SUCCESS: - return( 0 ); - case PSA_ERROR_NOT_SUPPORTED: - return( MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE ); - case PSA_ERROR_INSUFFICIENT_MEMORY: - return( MBEDTLS_ERR_PK_ALLOC_FAILED ); - case PSA_ERROR_INSUFFICIENT_ENTROPY: - return( MBEDTLS_ERR_ECP_RANDOM_FAILED ); - case PSA_ERROR_BAD_STATE: - return( MBEDTLS_ERR_PK_BAD_INPUT_DATA ); - /* All other failures */ - case PSA_ERROR_COMMUNICATION_FAILURE: - case PSA_ERROR_HARDWARE_FAILURE: - case PSA_ERROR_CORRUPTION_DETECTED: - return( MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED ); - default: /* We return the same as for the 'other failures', - * but list them separately nonetheless to indicate - * which failure conditions we have considered. */ - return( MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED ); - } -} - -/* Translations for ECC */ - -/* This function transforms an ECC group identifier from - * https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-parameters-8 - * into a PSA ECC group identifier. */ -#if defined(MBEDTLS_ECP_C) -static inline psa_key_type_t mbedtls_psa_parse_tls_ecc_group( - uint16_t tls_ecc_grp_reg_id, size_t *bits ) -{ - const mbedtls_ecp_curve_info *curve_info = - mbedtls_ecp_curve_info_from_tls_id( tls_ecc_grp_reg_id ); - if( curve_info == NULL ) - return( 0 ); - return( PSA_KEY_TYPE_ECC_KEY_PAIR( - mbedtls_ecc_group_to_psa( curve_info->MBEDTLS_PRIVATE(grp_id), bits ) ) ); -} -#endif /* MBEDTLS_ECP_C */ - -/* This function takes a buffer holding an EC public key - * exported through psa_export_public_key(), and converts - * it into an ECPoint structure to be put into a ClientKeyExchange - * message in an ECDHE exchange. - * - * Both the present and the foreseeable future format of EC public keys - * used by PSA have the ECPoint structure contained in the exported key - * as a subbuffer, and the function merely selects this subbuffer instead - * of making a copy. - */ -static inline int mbedtls_psa_tls_psa_ec_to_ecpoint( unsigned char *src, - size_t srclen, - unsigned char **dst, - size_t *dstlen ) -{ - *dst = src; - *dstlen = srclen; - return( 0 ); -} - -/* This function takes a buffer holding an ECPoint structure - * (as contained in a TLS ServerKeyExchange message for ECDHE - * exchanges) and converts it into a format that the PSA key - * agreement API understands. - */ -static inline int mbedtls_psa_tls_ecpoint_to_psa_ec( unsigned char const *src, - size_t srclen, - unsigned char *dst, - size_t dstlen, - size_t *olen ) -{ - if( srclen > dstlen ) - return( MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL ); - - memcpy( dst, src, srclen ); - *olen = srclen; - return( 0 ); -} - -#endif /* MBEDTLS_USE_PSA_CRYPTO */ - -/* Expose whatever RNG the PSA subsystem uses to applications using the - * mbedtls_xxx API. The declarations and definitions here need to be - * consistent with the implementation in library/psa_crypto_random_impl.h. - * See that file for implementation documentation. */ -#if defined(MBEDTLS_PSA_CRYPTO_C) - -/* The type of a `f_rng` random generator function that many library functions - * take. - * - * This type name is not part of the Mbed TLS stable API. It may be renamed - * or moved without warning. - */ -typedef int mbedtls_f_rng_t( void *p_rng, unsigned char *output, size_t output_size ); - -#if defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG) - -/** The random generator function for the PSA subsystem. - * - * This function is suitable as the `f_rng` random generator function - * parameter of many `mbedtls_xxx` functions. Use #MBEDTLS_PSA_RANDOM_STATE - * to obtain the \p p_rng parameter. - * - * The implementation of this function depends on the configuration of the - * library. - * - * \note Depending on the configuration, this may be a function or - * a pointer to a function. - * - * \note This function may only be used if the PSA crypto subsystem is active. - * This means that you must call psa_crypto_init() before any call to - * this function, and you must not call this function after calling - * mbedtls_psa_crypto_free(). - * - * \param p_rng The random generator context. This must be - * #MBEDTLS_PSA_RANDOM_STATE. No other state is - * supported. - * \param output The buffer to fill. It must have room for - * \c output_size bytes. - * \param output_size The number of bytes to write to \p output. - * This function may fail if \p output_size is too - * large. It is guaranteed to accept any output size - * requested by Mbed TLS library functions. The - * maximum request size depends on the library - * configuration. - * - * \return \c 0 on success. - * \return An `MBEDTLS_ERR_ENTROPY_xxx`, - * `MBEDTLS_ERR_PLATFORM_xxx, - * `MBEDTLS_ERR_CTR_DRBG_xxx` or - * `MBEDTLS_ERR_HMAC_DRBG_xxx` on error. - */ -int mbedtls_psa_get_random( void *p_rng, - unsigned char *output, - size_t output_size ); - -/** The random generator state for the PSA subsystem. - * - * This macro expands to an expression which is suitable as the `p_rng` - * random generator state parameter of many `mbedtls_xxx` functions. - * It must be used in combination with the random generator function - * mbedtls_psa_get_random(). - * - * The implementation of this macro depends on the configuration of the - * library. Do not make any assumption on its nature. - */ -#define MBEDTLS_PSA_RANDOM_STATE NULL - -#else /* !defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG) */ - -#if defined(MBEDTLS_CTR_DRBG_C) -#include "mbedtls/ctr_drbg.h" -typedef mbedtls_ctr_drbg_context mbedtls_psa_drbg_context_t; -static mbedtls_f_rng_t *const mbedtls_psa_get_random = mbedtls_ctr_drbg_random; -#elif defined(MBEDTLS_HMAC_DRBG_C) -#include "mbedtls/hmac_drbg.h" -typedef mbedtls_hmac_drbg_context mbedtls_psa_drbg_context_t; -static mbedtls_f_rng_t *const mbedtls_psa_get_random = mbedtls_hmac_drbg_random; -#endif -extern mbedtls_psa_drbg_context_t *const mbedtls_psa_random_state; - -#define MBEDTLS_PSA_RANDOM_STATE mbedtls_psa_random_state - -#endif /* !defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG) */ - -#endif /* MBEDTLS_PSA_CRYPTO_C */ - -#endif /* MBEDTLS_PSA_UTIL_H */ diff --git a/windows/mbedtls/ripemd160.h b/windows/mbedtls/ripemd160.h deleted file mode 100644 index 9132a83b..00000000 --- a/windows/mbedtls/ripemd160.h +++ /dev/null @@ -1,149 +0,0 @@ -/** - * \file ripemd160.h - * - * \brief RIPE MD-160 message digest - */ -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -#ifndef MBEDTLS_RIPEMD160_H -#define MBEDTLS_RIPEMD160_H -#include "mbedtls/private_access.h" - -#include "mbedtls/build_info.h" - -#include -#include - -#ifdef __cplusplus -extern "C" { -#endif - -#if !defined(MBEDTLS_RIPEMD160_ALT) -// Regular implementation -// - -/** - * \brief RIPEMD-160 context structure - */ -typedef struct mbedtls_ripemd160_context -{ - uint32_t MBEDTLS_PRIVATE(total)[2]; /*!< number of bytes processed */ - uint32_t MBEDTLS_PRIVATE(state)[5]; /*!< intermediate digest state */ - unsigned char MBEDTLS_PRIVATE(buffer)[64]; /*!< data block being processed */ -} -mbedtls_ripemd160_context; - -#else /* MBEDTLS_RIPEMD160_ALT */ -#include "ripemd160_alt.h" -#endif /* MBEDTLS_RIPEMD160_ALT */ - -/** - * \brief Initialize RIPEMD-160 context - * - * \param ctx RIPEMD-160 context to be initialized - */ -void mbedtls_ripemd160_init( mbedtls_ripemd160_context *ctx ); - -/** - * \brief Clear RIPEMD-160 context - * - * \param ctx RIPEMD-160 context to be cleared - */ -void mbedtls_ripemd160_free( mbedtls_ripemd160_context *ctx ); - -/** - * \brief Clone (the state of) an RIPEMD-160 context - * - * \param dst The destination context - * \param src The context to be cloned - */ -void mbedtls_ripemd160_clone( mbedtls_ripemd160_context *dst, - const mbedtls_ripemd160_context *src ); - -/** - * \brief RIPEMD-160 context setup - * - * \param ctx context to be initialized - * - * \return 0 if successful - */ -int mbedtls_ripemd160_starts( mbedtls_ripemd160_context *ctx ); - -/** - * \brief RIPEMD-160 process buffer - * - * \param ctx RIPEMD-160 context - * \param input buffer holding the data - * \param ilen length of the input data - * - * \return 0 if successful - */ -int mbedtls_ripemd160_update( mbedtls_ripemd160_context *ctx, - const unsigned char *input, - size_t ilen ); - -/** - * \brief RIPEMD-160 final digest - * - * \param ctx RIPEMD-160 context - * \param output RIPEMD-160 checksum result - * - * \return 0 if successful - */ -int mbedtls_ripemd160_finish( mbedtls_ripemd160_context *ctx, - unsigned char output[20] ); - -/** - * \brief RIPEMD-160 process data block (internal use only) - * - * \param ctx RIPEMD-160 context - * \param data buffer holding one block of data - * - * \return 0 if successful - */ -int mbedtls_internal_ripemd160_process( mbedtls_ripemd160_context *ctx, - const unsigned char data[64] ); - -/** - * \brief Output = RIPEMD-160( input buffer ) - * - * \param input buffer holding the data - * \param ilen length of the input data - * \param output RIPEMD-160 checksum result - * - * \return 0 if successful - */ -int mbedtls_ripemd160( const unsigned char *input, - size_t ilen, - unsigned char output[20] ); - -#if defined(MBEDTLS_SELF_TEST) - -/** - * \brief Checkup routine - * - * \return 0 if successful, or 1 if the test failed - */ -int mbedtls_ripemd160_self_test( int verbose ); - -#endif /* MBEDTLS_SELF_TEST */ - -#ifdef __cplusplus -} -#endif - -#endif /* mbedtls_ripemd160.h */ diff --git a/windows/mbedtls/rsa.h b/windows/mbedtls/rsa.h deleted file mode 100644 index cffbe3b5..00000000 --- a/windows/mbedtls/rsa.h +++ /dev/null @@ -1,1119 +0,0 @@ -/** - * \file rsa.h - * - * \brief This file provides an API for the RSA public-key cryptosystem. - * - * The RSA public-key cryptosystem is defined in Public-Key - * Cryptography Standards (PKCS) #1 v1.5: RSA Encryption - * and Public-Key Cryptography Standards (PKCS) #1 v2.1: - * RSA Cryptography Specifications. - * - */ -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -#ifndef MBEDTLS_RSA_H -#define MBEDTLS_RSA_H -#include "mbedtls/private_access.h" - -#include "mbedtls/build_info.h" - -#include "mbedtls/bignum.h" -#include "mbedtls/md.h" - -#if defined(MBEDTLS_THREADING_C) -#include "mbedtls/threading.h" -#endif - -/* - * RSA Error codes - */ -#define MBEDTLS_ERR_RSA_BAD_INPUT_DATA -0x4080 /**< Bad input parameters to function. */ -#define MBEDTLS_ERR_RSA_INVALID_PADDING -0x4100 /**< Input data contains invalid padding and is rejected. */ -#define MBEDTLS_ERR_RSA_KEY_GEN_FAILED -0x4180 /**< Something failed during generation of a key. */ -#define MBEDTLS_ERR_RSA_KEY_CHECK_FAILED -0x4200 /**< Key failed to pass the validity check of the library. */ -#define MBEDTLS_ERR_RSA_PUBLIC_FAILED -0x4280 /**< The public key operation failed. */ -#define MBEDTLS_ERR_RSA_PRIVATE_FAILED -0x4300 /**< The private key operation failed. */ -#define MBEDTLS_ERR_RSA_VERIFY_FAILED -0x4380 /**< The PKCS#1 verification failed. */ -#define MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE -0x4400 /**< The output buffer for decryption is not large enough. */ -#define MBEDTLS_ERR_RSA_RNG_FAILED -0x4480 /**< The random generator failed to generate non-zeros. */ - -/* - * RSA constants - */ - -#define MBEDTLS_RSA_PKCS_V15 0 /**< Use PKCS#1 v1.5 encoding. */ -#define MBEDTLS_RSA_PKCS_V21 1 /**< Use PKCS#1 v2.1 encoding. */ - -#define MBEDTLS_RSA_SIGN 1 /**< Identifier for RSA signature operations. */ -#define MBEDTLS_RSA_CRYPT 2 /**< Identifier for RSA encryption and decryption operations. */ - -#define MBEDTLS_RSA_SALT_LEN_ANY -1 - -/* - * The above constants may be used even if the RSA module is compile out, - * eg for alternative (PKCS#11) RSA implemenations in the PK layers. - */ - -#ifdef __cplusplus -extern "C" { -#endif - -#if !defined(MBEDTLS_RSA_ALT) -// Regular implementation -// - -/** - * \brief The RSA context structure. - */ -typedef struct mbedtls_rsa_context -{ - int MBEDTLS_PRIVATE(ver); /*!< Reserved for internal purposes. - * Do not set this field in application - * code. Its meaning might change without - * notice. */ - size_t MBEDTLS_PRIVATE(len); /*!< The size of \p N in Bytes. */ - - mbedtls_mpi MBEDTLS_PRIVATE(N); /*!< The public modulus. */ - mbedtls_mpi MBEDTLS_PRIVATE(E); /*!< The public exponent. */ - - mbedtls_mpi MBEDTLS_PRIVATE(D); /*!< The private exponent. */ - mbedtls_mpi MBEDTLS_PRIVATE(P); /*!< The first prime factor. */ - mbedtls_mpi MBEDTLS_PRIVATE(Q); /*!< The second prime factor. */ - - mbedtls_mpi MBEDTLS_PRIVATE(DP); /*!< D % (P - 1). */ - mbedtls_mpi MBEDTLS_PRIVATE(DQ); /*!< D % (Q - 1). */ - mbedtls_mpi MBEDTLS_PRIVATE(QP); /*!< 1 / (Q % P). */ - - mbedtls_mpi MBEDTLS_PRIVATE(RN); /*!< cached R^2 mod N. */ - - mbedtls_mpi MBEDTLS_PRIVATE(RP); /*!< cached R^2 mod P. */ - mbedtls_mpi MBEDTLS_PRIVATE(RQ); /*!< cached R^2 mod Q. */ - - mbedtls_mpi MBEDTLS_PRIVATE(Vi); /*!< The cached blinding value. */ - mbedtls_mpi MBEDTLS_PRIVATE(Vf); /*!< The cached un-blinding value. */ - - int MBEDTLS_PRIVATE(padding); /*!< Selects padding mode: - #MBEDTLS_RSA_PKCS_V15 for 1.5 padding and - #MBEDTLS_RSA_PKCS_V21 for OAEP or PSS. */ - int MBEDTLS_PRIVATE(hash_id); /*!< Hash identifier of mbedtls_md_type_t type, - as specified in md.h for use in the MGF - mask generating function used in the - EME-OAEP and EMSA-PSS encodings. */ -#if defined(MBEDTLS_THREADING_C) - /* Invariant: the mutex is initialized iff ver != 0. */ - mbedtls_threading_mutex_t MBEDTLS_PRIVATE(mutex); /*!< Thread-safety mutex. */ -#endif -} -mbedtls_rsa_context; - -#else /* MBEDTLS_RSA_ALT */ -#include "rsa_alt.h" -#endif /* MBEDTLS_RSA_ALT */ - -/** - * \brief This function initializes an RSA context. - * - * \note This function initializes the padding and the hash - * identifier to respectively #MBEDTLS_RSA_PKCS_V15 and - * #MBEDTLS_MD_NONE. See mbedtls_rsa_set_padding() for more - * information about those parameters. - * - * \param ctx The RSA context to initialize. This must not be \c NULL. - */ -void mbedtls_rsa_init( mbedtls_rsa_context *ctx ); - -/** - * \brief This function sets padding for an already initialized RSA - * context. - * - * \note Set padding to #MBEDTLS_RSA_PKCS_V21 for the RSAES-OAEP - * encryption scheme and the RSASSA-PSS signature scheme. - * - * \note The \p hash_id parameter is ignored when using - * #MBEDTLS_RSA_PKCS_V15 padding. - * - * \note The choice of padding mode is strictly enforced for private - * key operations, since there might be security concerns in - * mixing padding modes. For public key operations it is - * a default value, which can be overridden by calling specific - * \c mbedtls_rsa_rsaes_xxx or \c mbedtls_rsa_rsassa_xxx - * functions. - * - * \note The hash selected in \p hash_id is always used for OEAP - * encryption. For PSS signatures, it is always used for - * making signatures, but can be overridden for verifying them. - * If set to #MBEDTLS_MD_NONE, it is always overridden. - * - * \param ctx The initialized RSA context to be configured. - * \param padding The padding mode to use. This must be either - * #MBEDTLS_RSA_PKCS_V15 or #MBEDTLS_RSA_PKCS_V21. - * \param hash_id The hash identifier for PSS or OAEP, if \p padding is - * #MBEDTLS_RSA_PKCS_V21. #MBEDTLS_MD_NONE is accepted by this - * function but may be not suitable for some operations. - * Ignored if \p padding is #MBEDTLS_RSA_PKCS_V15. - * - * \return \c 0 on success. - * \return #MBEDTLS_ERR_RSA_INVALID_PADDING failure: - * \p padding or \p hash_id is invalid. - */ -int mbedtls_rsa_set_padding( mbedtls_rsa_context *ctx, int padding, - mbedtls_md_type_t hash_id ); - -/** - * \brief This function imports a set of core parameters into an - * RSA context. - * - * \note This function can be called multiple times for successive - * imports, if the parameters are not simultaneously present. - * - * Any sequence of calls to this function should be followed - * by a call to mbedtls_rsa_complete(), which checks and - * completes the provided information to a ready-for-use - * public or private RSA key. - * - * \note See mbedtls_rsa_complete() for more information on which - * parameters are necessary to set up a private or public - * RSA key. - * - * \note The imported parameters are copied and need not be preserved - * for the lifetime of the RSA context being set up. - * - * \param ctx The initialized RSA context to store the parameters in. - * \param N The RSA modulus. This may be \c NULL. - * \param P The first prime factor of \p N. This may be \c NULL. - * \param Q The second prime factor of \p N. This may be \c NULL. - * \param D The private exponent. This may be \c NULL. - * \param E The public exponent. This may be \c NULL. - * - * \return \c 0 on success. - * \return A non-zero error code on failure. - */ -int mbedtls_rsa_import( mbedtls_rsa_context *ctx, - const mbedtls_mpi *N, - const mbedtls_mpi *P, const mbedtls_mpi *Q, - const mbedtls_mpi *D, const mbedtls_mpi *E ); - -/** - * \brief This function imports core RSA parameters, in raw big-endian - * binary format, into an RSA context. - * - * \note This function can be called multiple times for successive - * imports, if the parameters are not simultaneously present. - * - * Any sequence of calls to this function should be followed - * by a call to mbedtls_rsa_complete(), which checks and - * completes the provided information to a ready-for-use - * public or private RSA key. - * - * \note See mbedtls_rsa_complete() for more information on which - * parameters are necessary to set up a private or public - * RSA key. - * - * \note The imported parameters are copied and need not be preserved - * for the lifetime of the RSA context being set up. - * - * \param ctx The initialized RSA context to store the parameters in. - * \param N The RSA modulus. This may be \c NULL. - * \param N_len The Byte length of \p N; it is ignored if \p N == NULL. - * \param P The first prime factor of \p N. This may be \c NULL. - * \param P_len The Byte length of \p P; it ns ignored if \p P == NULL. - * \param Q The second prime factor of \p N. This may be \c NULL. - * \param Q_len The Byte length of \p Q; it is ignored if \p Q == NULL. - * \param D The private exponent. This may be \c NULL. - * \param D_len The Byte length of \p D; it is ignored if \p D == NULL. - * \param E The public exponent. This may be \c NULL. - * \param E_len The Byte length of \p E; it is ignored if \p E == NULL. - * - * \return \c 0 on success. - * \return A non-zero error code on failure. - */ -int mbedtls_rsa_import_raw( mbedtls_rsa_context *ctx, - unsigned char const *N, size_t N_len, - unsigned char const *P, size_t P_len, - unsigned char const *Q, size_t Q_len, - unsigned char const *D, size_t D_len, - unsigned char const *E, size_t E_len ); - -/** - * \brief This function completes an RSA context from - * a set of imported core parameters. - * - * To setup an RSA public key, precisely \p N and \p E - * must have been imported. - * - * To setup an RSA private key, sufficient information must - * be present for the other parameters to be derivable. - * - * The default implementation supports the following: - *
  • Derive \p P, \p Q from \p N, \p D, \p E.
    • - *
  • Derive \p N, \p D from \p P, \p Q, \p E.
- * Alternative implementations need not support these. - * - * If this function runs successfully, it guarantees that - * the RSA context can be used for RSA operations without - * the risk of failure or crash. - * - * \warning This function need not perform consistency checks - * for the imported parameters. In particular, parameters that - * are not needed by the implementation might be silently - * discarded and left unchecked. To check the consistency - * of the key material, see mbedtls_rsa_check_privkey(). - * - * \param ctx The initialized RSA context holding imported parameters. - * - * \return \c 0 on success. - * \return #MBEDTLS_ERR_RSA_BAD_INPUT_DATA if the attempted derivations - * failed. - * - */ -int mbedtls_rsa_complete( mbedtls_rsa_context *ctx ); - -/** - * \brief This function exports the core parameters of an RSA key. - * - * If this function runs successfully, the non-NULL buffers - * pointed to by \p N, \p P, \p Q, \p D, and \p E are fully - * written, with additional unused space filled leading by - * zero Bytes. - * - * Possible reasons for returning - * #MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED:
    - *
  • An alternative RSA implementation is in use, which - * stores the key externally, and either cannot or should - * not export it into RAM.
    • - *
  • A SW or HW implementation might not support a certain - * deduction. For example, \p P, \p Q from \p N, \p D, - * and \p E if the former are not part of the - * implementation.
- * - * If the function fails due to an unsupported operation, - * the RSA context stays intact and remains usable. - * - * \param ctx The initialized RSA context. - * \param N The MPI to hold the RSA modulus. - * This may be \c NULL if this field need not be exported. - * \param P The MPI to hold the first prime factor of \p N. - * This may be \c NULL if this field need not be exported. - * \param Q The MPI to hold the second prime factor of \p N. - * This may be \c NULL if this field need not be exported. - * \param D The MPI to hold the private exponent. - * This may be \c NULL if this field need not be exported. - * \param E The MPI to hold the public exponent. - * This may be \c NULL if this field need not be exported. - * - * \return \c 0 on success. - * \return #MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED if exporting the - * requested parameters cannot be done due to missing - * functionality or because of security policies. - * \return A non-zero return code on any other failure. - * - */ -int mbedtls_rsa_export( const mbedtls_rsa_context *ctx, - mbedtls_mpi *N, mbedtls_mpi *P, mbedtls_mpi *Q, - mbedtls_mpi *D, mbedtls_mpi *E ); - -/** - * \brief This function exports core parameters of an RSA key - * in raw big-endian binary format. - * - * If this function runs successfully, the non-NULL buffers - * pointed to by \p N, \p P, \p Q, \p D, and \p E are fully - * written, with additional unused space filled leading by - * zero Bytes. - * - * Possible reasons for returning - * #MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED:
    - *
  • An alternative RSA implementation is in use, which - * stores the key externally, and either cannot or should - * not export it into RAM.
    • - *
  • A SW or HW implementation might not support a certain - * deduction. For example, \p P, \p Q from \p N, \p D, - * and \p E if the former are not part of the - * implementation.
- * If the function fails due to an unsupported operation, - * the RSA context stays intact and remains usable. - * - * \note The length parameters are ignored if the corresponding - * buffer pointers are NULL. - * - * \param ctx The initialized RSA context. - * \param N The Byte array to store the RSA modulus, - * or \c NULL if this field need not be exported. - * \param N_len The size of the buffer for the modulus. - * \param P The Byte array to hold the first prime factor of \p N, - * or \c NULL if this field need not be exported. - * \param P_len The size of the buffer for the first prime factor. - * \param Q The Byte array to hold the second prime factor of \p N, - * or \c NULL if this field need not be exported. - * \param Q_len The size of the buffer for the second prime factor. - * \param D The Byte array to hold the private exponent, - * or \c NULL if this field need not be exported. - * \param D_len The size of the buffer for the private exponent. - * \param E The Byte array to hold the public exponent, - * or \c NULL if this field need not be exported. - * \param E_len The size of the buffer for the public exponent. - * - * \return \c 0 on success. - * \return #MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED if exporting the - * requested parameters cannot be done due to missing - * functionality or because of security policies. - * \return A non-zero return code on any other failure. - */ -int mbedtls_rsa_export_raw( const mbedtls_rsa_context *ctx, - unsigned char *N, size_t N_len, - unsigned char *P, size_t P_len, - unsigned char *Q, size_t Q_len, - unsigned char *D, size_t D_len, - unsigned char *E, size_t E_len ); - -/** - * \brief This function exports CRT parameters of a private RSA key. - * - * \note Alternative RSA implementations not using CRT-parameters - * internally can implement this function based on - * mbedtls_rsa_deduce_opt(). - * - * \param ctx The initialized RSA context. - * \param DP The MPI to hold \c D modulo `P-1`, - * or \c NULL if it need not be exported. - * \param DQ The MPI to hold \c D modulo `Q-1`, - * or \c NULL if it need not be exported. - * \param QP The MPI to hold modular inverse of \c Q modulo \c P, - * or \c NULL if it need not be exported. - * - * \return \c 0 on success. - * \return A non-zero error code on failure. - * - */ -int mbedtls_rsa_export_crt( const mbedtls_rsa_context *ctx, - mbedtls_mpi *DP, mbedtls_mpi *DQ, mbedtls_mpi *QP ); - -/** - * \brief This function retrieves the length of RSA modulus in Bytes. - * - * \param ctx The initialized RSA context. - * - * \return The length of the RSA modulus in Bytes. - * - */ -size_t mbedtls_rsa_get_len( const mbedtls_rsa_context *ctx ); - -/** - * \brief This function generates an RSA keypair. - * - * \note mbedtls_rsa_init() must be called before this function, - * to set up the RSA context. - * - * \param ctx The initialized RSA context used to hold the key. - * \param f_rng The RNG function to be used for key generation. - * This is mandatory and must not be \c NULL. - * \param p_rng The RNG context to be passed to \p f_rng. - * This may be \c NULL if \p f_rng doesn't need a context. - * \param nbits The size of the public key in bits. - * \param exponent The public exponent to use. For example, \c 65537. - * This must be odd and greater than \c 1. - * - * \return \c 0 on success. - * \return An \c MBEDTLS_ERR_RSA_XXX error code on failure. - */ -int mbedtls_rsa_gen_key( mbedtls_rsa_context *ctx, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng, - unsigned int nbits, int exponent ); - -/** - * \brief This function checks if a context contains at least an RSA - * public key. - * - * If the function runs successfully, it is guaranteed that - * enough information is present to perform an RSA public key - * operation using mbedtls_rsa_public(). - * - * \param ctx The initialized RSA context to check. - * - * \return \c 0 on success. - * \return An \c MBEDTLS_ERR_RSA_XXX error code on failure. - * - */ -int mbedtls_rsa_check_pubkey( const mbedtls_rsa_context *ctx ); - -/** - * \brief This function checks if a context contains an RSA private key - * and perform basic consistency checks. - * - * \note The consistency checks performed by this function not only - * ensure that mbedtls_rsa_private() can be called successfully - * on the given context, but that the various parameters are - * mutually consistent with high probability, in the sense that - * mbedtls_rsa_public() and mbedtls_rsa_private() are inverses. - * - * \warning This function should catch accidental misconfigurations - * like swapping of parameters, but it cannot establish full - * trust in neither the quality nor the consistency of the key - * material that was used to setup the given RSA context: - *
  • Consistency: Imported parameters that are irrelevant - * for the implementation might be silently dropped. If dropped, - * the current function does not have access to them, - * and therefore cannot check them. See mbedtls_rsa_complete(). - * If you want to check the consistency of the entire - * content of an PKCS1-encoded RSA private key, for example, you - * should use mbedtls_rsa_validate_params() before setting - * up the RSA context. - * Additionally, if the implementation performs empirical checks, - * these checks substantiate but do not guarantee consistency.
    • - *
  • Quality: This function is not expected to perform - * extended quality assessments like checking that the prime - * factors are safe. Additionally, it is the responsibility of the - * user to ensure the trustworthiness of the source of his RSA - * parameters, which goes beyond what is effectively checkable - * by the library.
- * - * \param ctx The initialized RSA context to check. - * - * \return \c 0 on success. - * \return An \c MBEDTLS_ERR_RSA_XXX error code on failure. - */ -int mbedtls_rsa_check_privkey( const mbedtls_rsa_context *ctx ); - -/** - * \brief This function checks a public-private RSA key pair. - * - * It checks each of the contexts, and makes sure they match. - * - * \param pub The initialized RSA context holding the public key. - * \param prv The initialized RSA context holding the private key. - * - * \return \c 0 on success. - * \return An \c MBEDTLS_ERR_RSA_XXX error code on failure. - */ -int mbedtls_rsa_check_pub_priv( const mbedtls_rsa_context *pub, - const mbedtls_rsa_context *prv ); - -/** - * \brief This function performs an RSA public key operation. - * - * \param ctx The initialized RSA context to use. - * \param input The input buffer. This must be a readable buffer - * of length \c ctx->len Bytes. For example, \c 256 Bytes - * for an 2048-bit RSA modulus. - * \param output The output buffer. This must be a writable buffer - * of length \c ctx->len Bytes. For example, \c 256 Bytes - * for an 2048-bit RSA modulus. - * - * \note This function does not handle message padding. - * - * \note Make sure to set \p input[0] = 0 or ensure that - * input is smaller than \p N. - * - * \return \c 0 on success. - * \return An \c MBEDTLS_ERR_RSA_XXX error code on failure. - */ -int mbedtls_rsa_public( mbedtls_rsa_context *ctx, - const unsigned char *input, - unsigned char *output ); - -/** - * \brief This function performs an RSA private key operation. - * - * \note Blinding is used if and only if a PRNG is provided. - * - * \note If blinding is used, both the base of exponentation - * and the exponent are blinded, providing protection - * against some side-channel attacks. - * - * \warning It is deprecated and a security risk to not provide - * a PRNG here and thereby prevent the use of blinding. - * Future versions of the library may enforce the presence - * of a PRNG. - * - * \param ctx The initialized RSA context to use. - * \param f_rng The RNG function, used for blinding. It is mandatory. - * \param p_rng The RNG context to pass to \p f_rng. This may be \c NULL - * if \p f_rng doesn't need a context. - * \param input The input buffer. This must be a readable buffer - * of length \c ctx->len Bytes. For example, \c 256 Bytes - * for an 2048-bit RSA modulus. - * \param output The output buffer. This must be a writable buffer - * of length \c ctx->len Bytes. For example, \c 256 Bytes - * for an 2048-bit RSA modulus. - * - * \return \c 0 on success. - * \return An \c MBEDTLS_ERR_RSA_XXX error code on failure. - * - */ -int mbedtls_rsa_private( mbedtls_rsa_context *ctx, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng, - const unsigned char *input, - unsigned char *output ); - -/** - * \brief This function adds the message padding, then performs an RSA - * operation. - * - * It is the generic wrapper for performing a PKCS#1 encryption - * operation. - * - * \param ctx The initialized RSA context to use. - * \param f_rng The RNG to use. It is used for padding generation - * and it is mandatory. - * \param p_rng The RNG context to be passed to \p f_rng. May be - * \c NULL if \p f_rng doesn't need a context argument. - * \param ilen The length of the plaintext in Bytes. - * \param input The input data to encrypt. This must be a readable - * buffer of size \p ilen Bytes. It may be \c NULL if - * `ilen == 0`. - * \param output The output buffer. This must be a writable buffer - * of length \c ctx->len Bytes. For example, \c 256 Bytes - * for an 2048-bit RSA modulus. - * - * \return \c 0 on success. - * \return An \c MBEDTLS_ERR_RSA_XXX error code on failure. - */ -int mbedtls_rsa_pkcs1_encrypt( mbedtls_rsa_context *ctx, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng, - size_t ilen, - const unsigned char *input, - unsigned char *output ); - -/** - * \brief This function performs a PKCS#1 v1.5 encryption operation - * (RSAES-PKCS1-v1_5-ENCRYPT). - * - * \param ctx The initialized RSA context to use. - * \param f_rng The RNG function to use. It is mandatory and used for - * padding generation. - * \param p_rng The RNG context to be passed to \p f_rng. This may - * be \c NULL if \p f_rng doesn't need a context argument. - * \param ilen The length of the plaintext in Bytes. - * \param input The input data to encrypt. This must be a readable - * buffer of size \p ilen Bytes. It may be \c NULL if - * `ilen == 0`. - * \param output The output buffer. This must be a writable buffer - * of length \c ctx->len Bytes. For example, \c 256 Bytes - * for an 2048-bit RSA modulus. - * - * \return \c 0 on success. - * \return An \c MBEDTLS_ERR_RSA_XXX error code on failure. - */ -int mbedtls_rsa_rsaes_pkcs1_v15_encrypt( mbedtls_rsa_context *ctx, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng, - size_t ilen, - const unsigned char *input, - unsigned char *output ); - -/** - * \brief This function performs a PKCS#1 v2.1 OAEP encryption - * operation (RSAES-OAEP-ENCRYPT). - * - * \note The output buffer must be as large as the size - * of ctx->N. For example, 128 Bytes if RSA-1024 is used. - * - * \param ctx The initnialized RSA context to use. - * \param f_rng The RNG function to use. This is needed for padding - * generation and is mandatory. - * \param p_rng The RNG context to be passed to \p f_rng. This may - * be \c NULL if \p f_rng doesn't need a context argument. - * \param label The buffer holding the custom label to use. - * This must be a readable buffer of length \p label_len - * Bytes. It may be \c NULL if \p label_len is \c 0. - * \param label_len The length of the label in Bytes. - * \param ilen The length of the plaintext buffer \p input in Bytes. - * \param input The input data to encrypt. This must be a readable - * buffer of size \p ilen Bytes. It may be \c NULL if - * `ilen == 0`. - * \param output The output buffer. This must be a writable buffer - * of length \c ctx->len Bytes. For example, \c 256 Bytes - * for an 2048-bit RSA modulus. - * - * \return \c 0 on success. - * \return An \c MBEDTLS_ERR_RSA_XXX error code on failure. - */ -int mbedtls_rsa_rsaes_oaep_encrypt( mbedtls_rsa_context *ctx, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng, - const unsigned char *label, size_t label_len, - size_t ilen, - const unsigned char *input, - unsigned char *output ); - -/** - * \brief This function performs an RSA operation, then removes the - * message padding. - * - * It is the generic wrapper for performing a PKCS#1 decryption - * operation. - * - * \note The output buffer length \c output_max_len should be - * as large as the size \p ctx->len of \p ctx->N (for example, - * 128 Bytes if RSA-1024 is used) to be able to hold an - * arbitrary decrypted message. If it is not large enough to - * hold the decryption of the particular ciphertext provided, - * the function returns \c MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE. - * - * \param ctx The initialized RSA context to use. - * \param f_rng The RNG function. This is used for blinding and is - * mandatory; see mbedtls_rsa_private() for more. - * \param p_rng The RNG context to be passed to \p f_rng. This may be - * \c NULL if \p f_rng doesn't need a context. - * \param olen The address at which to store the length of - * the plaintext. This must not be \c NULL. - * \param input The ciphertext buffer. This must be a readable buffer - * of length \c ctx->len Bytes. For example, \c 256 Bytes - * for an 2048-bit RSA modulus. - * \param output The buffer used to hold the plaintext. This must - * be a writable buffer of length \p output_max_len Bytes. - * \param output_max_len The length in Bytes of the output buffer \p output. - * - * \return \c 0 on success. - * \return An \c MBEDTLS_ERR_RSA_XXX error code on failure. - */ -int mbedtls_rsa_pkcs1_decrypt( mbedtls_rsa_context *ctx, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng, - size_t *olen, - const unsigned char *input, - unsigned char *output, - size_t output_max_len ); - -/** - * \brief This function performs a PKCS#1 v1.5 decryption - * operation (RSAES-PKCS1-v1_5-DECRYPT). - * - * \note The output buffer length \c output_max_len should be - * as large as the size \p ctx->len of \p ctx->N, for example, - * 128 Bytes if RSA-1024 is used, to be able to hold an - * arbitrary decrypted message. If it is not large enough to - * hold the decryption of the particular ciphertext provided, - * the function returns #MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE. - * - * \param ctx The initialized RSA context to use. - * \param f_rng The RNG function. This is used for blinding and is - * mandatory; see mbedtls_rsa_private() for more. - * \param p_rng The RNG context to be passed to \p f_rng. This may be - * \c NULL if \p f_rng doesn't need a context. - * \param olen The address at which to store the length of - * the plaintext. This must not be \c NULL. - * \param input The ciphertext buffer. This must be a readable buffer - * of length \c ctx->len Bytes. For example, \c 256 Bytes - * for an 2048-bit RSA modulus. - * \param output The buffer used to hold the plaintext. This must - * be a writable buffer of length \p output_max_len Bytes. - * \param output_max_len The length in Bytes of the output buffer \p output. - * - * \return \c 0 on success. - * \return An \c MBEDTLS_ERR_RSA_XXX error code on failure. - * - */ -int mbedtls_rsa_rsaes_pkcs1_v15_decrypt( mbedtls_rsa_context *ctx, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng, - size_t *olen, - const unsigned char *input, - unsigned char *output, - size_t output_max_len ); - -/** - * \brief This function performs a PKCS#1 v2.1 OAEP decryption - * operation (RSAES-OAEP-DECRYPT). - * - * \note The output buffer length \c output_max_len should be - * as large as the size \p ctx->len of \p ctx->N, for - * example, 128 Bytes if RSA-1024 is used, to be able to - * hold an arbitrary decrypted message. If it is not - * large enough to hold the decryption of the particular - * ciphertext provided, the function returns - * #MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE. - * - * \param ctx The initialized RSA context to use. - * \param f_rng The RNG function. This is used for blinding and is - * mandatory. - * \param p_rng The RNG context to be passed to \p f_rng. This may be - * \c NULL if \p f_rng doesn't need a context. - * \param label The buffer holding the custom label to use. - * This must be a readable buffer of length \p label_len - * Bytes. It may be \c NULL if \p label_len is \c 0. - * \param label_len The length of the label in Bytes. - * \param olen The address at which to store the length of - * the plaintext. This must not be \c NULL. - * \param input The ciphertext buffer. This must be a readable buffer - * of length \c ctx->len Bytes. For example, \c 256 Bytes - * for an 2048-bit RSA modulus. - * \param output The buffer used to hold the plaintext. This must - * be a writable buffer of length \p output_max_len Bytes. - * \param output_max_len The length in Bytes of the output buffer \p output. - * - * \return \c 0 on success. - * \return An \c MBEDTLS_ERR_RSA_XXX error code on failure. - */ -int mbedtls_rsa_rsaes_oaep_decrypt( mbedtls_rsa_context *ctx, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng, - const unsigned char *label, size_t label_len, - size_t *olen, - const unsigned char *input, - unsigned char *output, - size_t output_max_len ); - -/** - * \brief This function performs a private RSA operation to sign - * a message digest using PKCS#1. - * - * It is the generic wrapper for performing a PKCS#1 - * signature. - * - * \note The \p sig buffer must be as large as the size - * of \p ctx->N. For example, 128 Bytes if RSA-1024 is used. - * - * \note For PKCS#1 v2.1 encoding, see comments on - * mbedtls_rsa_rsassa_pss_sign() for details on - * \p md_alg and \p hash_id. - * - * \param ctx The initialized RSA context to use. - * \param f_rng The RNG function to use. This is mandatory and - * must not be \c NULL. - * \param p_rng The RNG context to be passed to \p f_rng. This may be \c NULL - * if \p f_rng doesn't need a context argument. - * \param md_alg The message-digest algorithm used to hash the original data. - * Use #MBEDTLS_MD_NONE for signing raw data. - * \param hashlen The length of the message digest or raw data in Bytes. - * If \p md_alg is not #MBEDTLS_MD_NONE, this must match the - * output length of the corresponding hash algorithm. - * \param hash The buffer holding the message digest or raw data. - * This must be a readable buffer of at least \p hashlen Bytes. - * \param sig The buffer to hold the signature. This must be a writable - * buffer of length \c ctx->len Bytes. For example, \c 256 Bytes - * for an 2048-bit RSA modulus. A buffer length of - * #MBEDTLS_MPI_MAX_SIZE is always safe. - * - * \return \c 0 if the signing operation was successful. - * \return An \c MBEDTLS_ERR_RSA_XXX error code on failure. - */ -int mbedtls_rsa_pkcs1_sign( mbedtls_rsa_context *ctx, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng, - mbedtls_md_type_t md_alg, - unsigned int hashlen, - const unsigned char *hash, - unsigned char *sig ); - -/** - * \brief This function performs a PKCS#1 v1.5 signature - * operation (RSASSA-PKCS1-v1_5-SIGN). - * - * \param ctx The initialized RSA context to use. - * \param f_rng The RNG function. This is used for blinding and is - * mandatory; see mbedtls_rsa_private() for more. - * \param p_rng The RNG context to be passed to \p f_rng. This may be \c NULL - * if \p f_rng doesn't need a context argument. - * \param md_alg The message-digest algorithm used to hash the original data. - * Use #MBEDTLS_MD_NONE for signing raw data. - * \param hashlen The length of the message digest or raw data in Bytes. - * If \p md_alg is not #MBEDTLS_MD_NONE, this must match the - * output length of the corresponding hash algorithm. - * \param hash The buffer holding the message digest or raw data. - * This must be a readable buffer of at least \p hashlen Bytes. - * \param sig The buffer to hold the signature. This must be a writable - * buffer of length \c ctx->len Bytes. For example, \c 256 Bytes - * for an 2048-bit RSA modulus. A buffer length of - * #MBEDTLS_MPI_MAX_SIZE is always safe. - * - * \return \c 0 if the signing operation was successful. - * \return An \c MBEDTLS_ERR_RSA_XXX error code on failure. - */ -int mbedtls_rsa_rsassa_pkcs1_v15_sign( mbedtls_rsa_context *ctx, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng, - mbedtls_md_type_t md_alg, - unsigned int hashlen, - const unsigned char *hash, - unsigned char *sig ); - -/** - * \brief This function performs a PKCS#1 v2.1 PSS signature - * operation (RSASSA-PSS-SIGN). - * - * \note The \c hash_id set in \p ctx by calling - * mbedtls_rsa_set_padding() selects the hash used for the - * encoding operation and for the mask generation function - * (MGF1). For more details on the encoding operation and the - * mask generation function, consult RFC-3447: Public-Key - * Cryptography Standards (PKCS) #1 v2.1: RSA Cryptography - * Specifications. - * - * \note This function enforces that the provided salt length complies - * with FIPS 186-4 §5.5 (e) and RFC 8017 (PKCS#1 v2.2) §9.1.1 - * step 3. The constraint is that the hash length plus the salt - * length plus 2 bytes must be at most the key length. If this - * constraint is not met, this function returns - * #MBEDTLS_ERR_RSA_BAD_INPUT_DATA. - * - * \param ctx The initialized RSA context to use. - * \param f_rng The RNG function. It is mandatory and must not be \c NULL. - * \param p_rng The RNG context to be passed to \p f_rng. This may be \c NULL - * if \p f_rng doesn't need a context argument. - * \param md_alg The message-digest algorithm used to hash the original data. - * Use #MBEDTLS_MD_NONE for signing raw data. - * \param hashlen The length of the message digest or raw data in Bytes. - * If \p md_alg is not #MBEDTLS_MD_NONE, this must match the - * output length of the corresponding hash algorithm. - * \param hash The buffer holding the message digest or raw data. - * This must be a readable buffer of at least \p hashlen Bytes. - * \param saltlen The length of the salt that should be used. - * If passed #MBEDTLS_RSA_SALT_LEN_ANY, the function will use - * the largest possible salt length up to the hash length, - * which is the largest permitted by some standards including - * FIPS 186-4 §5.5. - * \param sig The buffer to hold the signature. This must be a writable - * buffer of length \c ctx->len Bytes. For example, \c 256 Bytes - * for an 2048-bit RSA modulus. A buffer length of - * #MBEDTLS_MPI_MAX_SIZE is always safe. - * - * \return \c 0 if the signing operation was successful. - * \return An \c MBEDTLS_ERR_RSA_XXX error code on failure. - */ -int mbedtls_rsa_rsassa_pss_sign_ext( mbedtls_rsa_context *ctx, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng, - mbedtls_md_type_t md_alg, - unsigned int hashlen, - const unsigned char *hash, - int saltlen, - unsigned char *sig ); - -/** - * \brief This function performs a PKCS#1 v2.1 PSS signature - * operation (RSASSA-PSS-SIGN). - * - * \note The \c hash_id set in \p ctx by calling - * mbedtls_rsa_set_padding() selects the hash used for the - * encoding operation and for the mask generation function - * (MGF1). For more details on the encoding operation and the - * mask generation function, consult RFC-3447: Public-Key - * Cryptography Standards (PKCS) #1 v2.1: RSA Cryptography - * Specifications. - * - * \note This function always uses the maximum possible salt size, - * up to the length of the payload hash. This choice of salt - * size complies with FIPS 186-4 §5.5 (e) and RFC 8017 (PKCS#1 - * v2.2) §9.1.1 step 3. Furthermore this function enforces a - * minimum salt size which is the hash size minus 2 bytes. If - * this minimum size is too large given the key size (the salt - * size, plus the hash size, plus 2 bytes must be no more than - * the key size in bytes), this function returns - * #MBEDTLS_ERR_RSA_BAD_INPUT_DATA. - * - * \param ctx The initialized RSA context to use. - * \param f_rng The RNG function. It is mandatory and must not be \c NULL. - * \param p_rng The RNG context to be passed to \p f_rng. This may be \c NULL - * if \p f_rng doesn't need a context argument. - * \param md_alg The message-digest algorithm used to hash the original data. - * Use #MBEDTLS_MD_NONE for signing raw data. - * \param hashlen The length of the message digest or raw data in Bytes. - * If \p md_alg is not #MBEDTLS_MD_NONE, this must match the - * output length of the corresponding hash algorithm. - * \param hash The buffer holding the message digest or raw data. - * This must be a readable buffer of at least \p hashlen Bytes. - * \param sig The buffer to hold the signature. This must be a writable - * buffer of length \c ctx->len Bytes. For example, \c 256 Bytes - * for an 2048-bit RSA modulus. A buffer length of - * #MBEDTLS_MPI_MAX_SIZE is always safe. - * - * \return \c 0 if the signing operation was successful. - * \return An \c MBEDTLS_ERR_RSA_XXX error code on failure. - */ -int mbedtls_rsa_rsassa_pss_sign( mbedtls_rsa_context *ctx, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng, - mbedtls_md_type_t md_alg, - unsigned int hashlen, - const unsigned char *hash, - unsigned char *sig ); - -/** - * \brief This function performs a public RSA operation and checks - * the message digest. - * - * This is the generic wrapper for performing a PKCS#1 - * verification. - * - * \note For PKCS#1 v2.1 encoding, see comments on - * mbedtls_rsa_rsassa_pss_verify() about \p md_alg and - * \p hash_id. - * - * \param ctx The initialized RSA public key context to use. - * \param md_alg The message-digest algorithm used to hash the original data. - * Use #MBEDTLS_MD_NONE for signing raw data. - * \param hashlen The length of the message digest or raw data in Bytes. - * If \p md_alg is not #MBEDTLS_MD_NONE, this must match the - * output length of the corresponding hash algorithm. - * \param hash The buffer holding the message digest or raw data. - * This must be a readable buffer of at least \p hashlen Bytes. - * \param sig The buffer holding the signature. This must be a readable - * buffer of length \c ctx->len Bytes. For example, \c 256 Bytes - * for an 2048-bit RSA modulus. - * - * \return \c 0 if the verify operation was successful. - * \return An \c MBEDTLS_ERR_RSA_XXX error code on failure. - */ -int mbedtls_rsa_pkcs1_verify( mbedtls_rsa_context *ctx, - mbedtls_md_type_t md_alg, - unsigned int hashlen, - const unsigned char *hash, - const unsigned char *sig ); - -/** - * \brief This function performs a PKCS#1 v1.5 verification - * operation (RSASSA-PKCS1-v1_5-VERIFY). - * - * \param ctx The initialized RSA public key context to use. - * \param md_alg The message-digest algorithm used to hash the original data. - * Use #MBEDTLS_MD_NONE for signing raw data. - * \param hashlen The length of the message digest or raw data in Bytes. - * If \p md_alg is not #MBEDTLS_MD_NONE, this must match the - * output length of the corresponding hash algorithm. - * \param hash The buffer holding the message digest or raw data. - * This must be a readable buffer of at least \p hashlen Bytes. - * \param sig The buffer holding the signature. This must be a readable - * buffer of length \c ctx->len Bytes. For example, \c 256 Bytes - * for an 2048-bit RSA modulus. - * - * \return \c 0 if the verify operation was successful. - * \return An \c MBEDTLS_ERR_RSA_XXX error code on failure. - */ -int mbedtls_rsa_rsassa_pkcs1_v15_verify( mbedtls_rsa_context *ctx, - mbedtls_md_type_t md_alg, - unsigned int hashlen, - const unsigned char *hash, - const unsigned char *sig ); - -/** - * \brief This function performs a PKCS#1 v2.1 PSS verification - * operation (RSASSA-PSS-VERIFY). - * - * \note The \c hash_id set in \p ctx by calling - * mbedtls_rsa_set_padding() selects the hash used for the - * encoding operation and for the mask generation function - * (MGF1). For more details on the encoding operation and the - * mask generation function, consult RFC-3447: Public-Key - * Cryptography Standards (PKCS) #1 v2.1: RSA Cryptography - * Specifications. If the \c hash_id set in \p ctx by - * mbedtls_rsa_set_padding() is #MBEDTLS_MD_NONE, the \p md_alg - * parameter is used. - * - * \param ctx The initialized RSA public key context to use. - * \param md_alg The message-digest algorithm used to hash the original data. - * Use #MBEDTLS_MD_NONE for signing raw data. - * \param hashlen The length of the message digest or raw data in Bytes. - * If \p md_alg is not #MBEDTLS_MD_NONE, this must match the - * output length of the corresponding hash algorithm. - * \param hash The buffer holding the message digest or raw data. - * This must be a readable buffer of at least \p hashlen Bytes. - * \param sig The buffer holding the signature. This must be a readable - * buffer of length \c ctx->len Bytes. For example, \c 256 Bytes - * for an 2048-bit RSA modulus. - * - * \return \c 0 if the verify operation was successful. - * \return An \c MBEDTLS_ERR_RSA_XXX error code on failure. - */ -int mbedtls_rsa_rsassa_pss_verify( mbedtls_rsa_context *ctx, - mbedtls_md_type_t md_alg, - unsigned int hashlen, - const unsigned char *hash, - const unsigned char *sig ); - -/** - * \brief This function performs a PKCS#1 v2.1 PSS verification - * operation (RSASSA-PSS-VERIFY). - * - * \note The \p sig buffer must be as large as the size - * of \p ctx->N. For example, 128 Bytes if RSA-1024 is used. - * - * \note The \c hash_id set in \p ctx by mbedtls_rsa_set_padding() is - * ignored. - * - * \param ctx The initialized RSA public key context to use. - * \param md_alg The message-digest algorithm used to hash the original data. - * Use #MBEDTLS_MD_NONE for signing raw data. - * \param hashlen The length of the message digest or raw data in Bytes. - * If \p md_alg is not #MBEDTLS_MD_NONE, this must match the - * output length of the corresponding hash algorithm. - * \param hash The buffer holding the message digest or raw data. - * This must be a readable buffer of at least \p hashlen Bytes. - * \param mgf1_hash_id The message digest algorithm used for the - * verification operation and the mask generation - * function (MGF1). For more details on the encoding - * operation and the mask generation function, consult - * RFC-3447: Public-Key Cryptography Standards - * (PKCS) #1 v2.1: RSA Cryptography - * Specifications. - * \param expected_salt_len The length of the salt used in padding. Use - * #MBEDTLS_RSA_SALT_LEN_ANY to accept any salt length. - * \param sig The buffer holding the signature. This must be a readable - * buffer of length \c ctx->len Bytes. For example, \c 256 Bytes - * for an 2048-bit RSA modulus. - * - * \return \c 0 if the verify operation was successful. - * \return An \c MBEDTLS_ERR_RSA_XXX error code on failure. - */ -int mbedtls_rsa_rsassa_pss_verify_ext( mbedtls_rsa_context *ctx, - mbedtls_md_type_t md_alg, - unsigned int hashlen, - const unsigned char *hash, - mbedtls_md_type_t mgf1_hash_id, - int expected_salt_len, - const unsigned char *sig ); - -/** - * \brief This function copies the components of an RSA context. - * - * \param dst The destination context. This must be initialized. - * \param src The source context. This must be initialized. - * - * \return \c 0 on success. - * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED on memory allocation failure. - */ -int mbedtls_rsa_copy( mbedtls_rsa_context *dst, const mbedtls_rsa_context *src ); - -/** - * \brief This function frees the components of an RSA key. - * - * \param ctx The RSA context to free. May be \c NULL, in which case - * this function is a no-op. If it is not \c NULL, it must - * point to an initialized RSA context. - */ -void mbedtls_rsa_free( mbedtls_rsa_context *ctx ); - -#if defined(MBEDTLS_SELF_TEST) - -/** - * \brief The RSA checkup routine. - * - * \return \c 0 on success. - * \return \c 1 on failure. - */ -int mbedtls_rsa_self_test( int verbose ); - -#endif /* MBEDTLS_SELF_TEST */ - -#ifdef __cplusplus -} -#endif - -#endif /* rsa.h */ diff --git a/windows/mbedtls/sha1.h b/windows/mbedtls/sha1.h deleted file mode 100644 index d2db67ca..00000000 --- a/windows/mbedtls/sha1.h +++ /dev/null @@ -1,231 +0,0 @@ -/** - * \file sha1.h - * - * \brief This file contains SHA-1 definitions and functions. - * - * The Secure Hash Algorithm 1 (SHA-1) cryptographic hash function is defined in - * FIPS 180-4: Secure Hash Standard (SHS). - * - * \warning SHA-1 is considered a weak message digest and its use constitutes - * a security risk. We recommend considering stronger message - * digests instead. - */ -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -#ifndef MBEDTLS_SHA1_H -#define MBEDTLS_SHA1_H -#include "mbedtls/private_access.h" - -#include "mbedtls/build_info.h" - -#include -#include - -#define MBEDTLS_ERR_SHA1_BAD_INPUT_DATA -0x0073 /**< SHA-1 input data was malformed. */ - -#ifdef __cplusplus -extern "C" { -#endif - -#if !defined(MBEDTLS_SHA1_ALT) -// Regular implementation -// - -/** - * \brief The SHA-1 context structure. - * - * \warning SHA-1 is considered a weak message digest and its use - * constitutes a security risk. We recommend considering - * stronger message digests instead. - * - */ -typedef struct mbedtls_sha1_context -{ - uint32_t MBEDTLS_PRIVATE(total)[2]; /*!< The number of Bytes processed. */ - uint32_t MBEDTLS_PRIVATE(state)[5]; /*!< The intermediate digest state. */ - unsigned char MBEDTLS_PRIVATE(buffer)[64]; /*!< The data block being processed. */ -} -mbedtls_sha1_context; - -#else /* MBEDTLS_SHA1_ALT */ -#include "sha1_alt.h" -#endif /* MBEDTLS_SHA1_ALT */ - -/** - * \brief This function initializes a SHA-1 context. - * - * \warning SHA-1 is considered a weak message digest and its use - * constitutes a security risk. We recommend considering - * stronger message digests instead. - * - * \param ctx The SHA-1 context to initialize. - * This must not be \c NULL. - * - */ -void mbedtls_sha1_init( mbedtls_sha1_context *ctx ); - -/** - * \brief This function clears a SHA-1 context. - * - * \warning SHA-1 is considered a weak message digest and its use - * constitutes a security risk. We recommend considering - * stronger message digests instead. - * - * \param ctx The SHA-1 context to clear. This may be \c NULL, - * in which case this function does nothing. If it is - * not \c NULL, it must point to an initialized - * SHA-1 context. - * - */ -void mbedtls_sha1_free( mbedtls_sha1_context *ctx ); - -/** - * \brief This function clones the state of a SHA-1 context. - * - * \warning SHA-1 is considered a weak message digest and its use - * constitutes a security risk. We recommend considering - * stronger message digests instead. - * - * \param dst The SHA-1 context to clone to. This must be initialized. - * \param src The SHA-1 context to clone from. This must be initialized. - * - */ -void mbedtls_sha1_clone( mbedtls_sha1_context *dst, - const mbedtls_sha1_context *src ); - -/** - * \brief This function starts a SHA-1 checksum calculation. - * - * \warning SHA-1 is considered a weak message digest and its use - * constitutes a security risk. We recommend considering - * stronger message digests instead. - * - * \param ctx The SHA-1 context to initialize. This must be initialized. - * - * \return \c 0 on success. - * \return A negative error code on failure. - * - */ -int mbedtls_sha1_starts( mbedtls_sha1_context *ctx ); - -/** - * \brief This function feeds an input buffer into an ongoing SHA-1 - * checksum calculation. - * - * \warning SHA-1 is considered a weak message digest and its use - * constitutes a security risk. We recommend considering - * stronger message digests instead. - * - * \param ctx The SHA-1 context. This must be initialized - * and have a hash operation started. - * \param input The buffer holding the input data. - * This must be a readable buffer of length \p ilen Bytes. - * \param ilen The length of the input data \p input in Bytes. - * - * \return \c 0 on success. - * \return A negative error code on failure. - */ -int mbedtls_sha1_update( mbedtls_sha1_context *ctx, - const unsigned char *input, - size_t ilen ); - -/** - * \brief This function finishes the SHA-1 operation, and writes - * the result to the output buffer. - * - * \warning SHA-1 is considered a weak message digest and its use - * constitutes a security risk. We recommend considering - * stronger message digests instead. - * - * \param ctx The SHA-1 context to use. This must be initialized and - * have a hash operation started. - * \param output The SHA-1 checksum result. This must be a writable - * buffer of length \c 20 Bytes. - * - * \return \c 0 on success. - * \return A negative error code on failure. - */ -int mbedtls_sha1_finish( mbedtls_sha1_context *ctx, - unsigned char output[20] ); - -/** - * \brief SHA-1 process data block (internal use only). - * - * \warning SHA-1 is considered a weak message digest and its use - * constitutes a security risk. We recommend considering - * stronger message digests instead. - * - * \param ctx The SHA-1 context to use. This must be initialized. - * \param data The data block being processed. This must be a - * readable buffer of length \c 64 Bytes. - * - * \return \c 0 on success. - * \return A negative error code on failure. - * - */ -int mbedtls_internal_sha1_process( mbedtls_sha1_context *ctx, - const unsigned char data[64] ); - -/** - * \brief This function calculates the SHA-1 checksum of a buffer. - * - * The function allocates the context, performs the - * calculation, and frees the context. - * - * The SHA-1 result is calculated as - * output = SHA-1(input buffer). - * - * \warning SHA-1 is considered a weak message digest and its use - * constitutes a security risk. We recommend considering - * stronger message digests instead. - * - * \param input The buffer holding the input data. - * This must be a readable buffer of length \p ilen Bytes. - * \param ilen The length of the input data \p input in Bytes. - * \param output The SHA-1 checksum result. - * This must be a writable buffer of length \c 20 Bytes. - * - * \return \c 0 on success. - * \return A negative error code on failure. - * - */ -int mbedtls_sha1( const unsigned char *input, - size_t ilen, - unsigned char output[20] ); - -#if defined(MBEDTLS_SELF_TEST) - -/** - * \brief The SHA-1 checkup routine. - * - * \warning SHA-1 is considered a weak message digest and its use - * constitutes a security risk. We recommend considering - * stronger message digests instead. - * - * \return \c 0 on success. - * \return \c 1 on failure. - * - */ -int mbedtls_sha1_self_test( int verbose ); - -#endif /* MBEDTLS_SELF_TEST */ - -#ifdef __cplusplus -} -#endif - -#endif /* mbedtls_sha1.h */ diff --git a/windows/mbedtls/sha256.h b/windows/mbedtls/sha256.h deleted file mode 100644 index 7f42c2c9..00000000 --- a/windows/mbedtls/sha256.h +++ /dev/null @@ -1,191 +0,0 @@ -/** - * \file sha256.h - * - * \brief This file contains SHA-224 and SHA-256 definitions and functions. - * - * The Secure Hash Algorithms 224 and 256 (SHA-224 and SHA-256) cryptographic - * hash functions are defined in FIPS 180-4: Secure Hash Standard (SHS). - */ -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -#ifndef MBEDTLS_SHA256_H -#define MBEDTLS_SHA256_H -#include "mbedtls/private_access.h" - -#include "mbedtls/build_info.h" - -#include -#include - -#define MBEDTLS_ERR_SHA256_BAD_INPUT_DATA -0x0074 /**< SHA-256 input data was malformed. */ - -#ifdef __cplusplus -extern "C" { -#endif - -#if !defined(MBEDTLS_SHA256_ALT) -// Regular implementation -// - -/** - * \brief The SHA-256 context structure. - * - * The structure is used both for SHA-256 and for SHA-224 - * checksum calculations. The choice between these two is - * made in the call to mbedtls_sha256_starts(). - */ -typedef struct mbedtls_sha256_context -{ - uint32_t MBEDTLS_PRIVATE(total)[2]; /*!< The number of Bytes processed. */ - uint32_t MBEDTLS_PRIVATE(state)[8]; /*!< The intermediate digest state. */ - unsigned char MBEDTLS_PRIVATE(buffer)[64]; /*!< The data block being processed. */ - int MBEDTLS_PRIVATE(is224); /*!< Determines which function to use: - 0: Use SHA-256, or 1: Use SHA-224. */ -} -mbedtls_sha256_context; - -#else /* MBEDTLS_SHA256_ALT */ -#include "sha256_alt.h" -#endif /* MBEDTLS_SHA256_ALT */ - -/** - * \brief This function initializes a SHA-256 context. - * - * \param ctx The SHA-256 context to initialize. This must not be \c NULL. - */ -void mbedtls_sha256_init( mbedtls_sha256_context *ctx ); - -/** - * \brief This function clears a SHA-256 context. - * - * \param ctx The SHA-256 context to clear. This may be \c NULL, in which - * case this function returns immediately. If it is not \c NULL, - * it must point to an initialized SHA-256 context. - */ -void mbedtls_sha256_free( mbedtls_sha256_context *ctx ); - -/** - * \brief This function clones the state of a SHA-256 context. - * - * \param dst The destination context. This must be initialized. - * \param src The context to clone. This must be initialized. - */ -void mbedtls_sha256_clone( mbedtls_sha256_context *dst, - const mbedtls_sha256_context *src ); - -/** - * \brief This function starts a SHA-224 or SHA-256 checksum - * calculation. - * - * \param ctx The context to use. This must be initialized. - * \param is224 This determines which function to use. This must be - * either \c 0 for SHA-256, or \c 1 for SHA-224. - * - * \return \c 0 on success. - * \return A negative error code on failure. - */ -int mbedtls_sha256_starts( mbedtls_sha256_context *ctx, int is224 ); - -/** - * \brief This function feeds an input buffer into an ongoing - * SHA-256 checksum calculation. - * - * \param ctx The SHA-256 context. This must be initialized - * and have a hash operation started. - * \param input The buffer holding the data. This must be a readable - * buffer of length \p ilen Bytes. - * \param ilen The length of the input data in Bytes. - * - * \return \c 0 on success. - * \return A negative error code on failure. - */ -int mbedtls_sha256_update( mbedtls_sha256_context *ctx, - const unsigned char *input, - size_t ilen ); - -/** - * \brief This function finishes the SHA-256 operation, and writes - * the result to the output buffer. - * - * \param ctx The SHA-256 context. This must be initialized - * and have a hash operation started. - * \param output The SHA-224 or SHA-256 checksum result. - * This must be a writable buffer of length \c 32 bytes - * for SHA-256, \c 28 bytes for SHA-224. - * - * \return \c 0 on success. - * \return A negative error code on failure. - */ -int mbedtls_sha256_finish( mbedtls_sha256_context *ctx, - unsigned char *output ); - -/** - * \brief This function processes a single data block within - * the ongoing SHA-256 computation. This function is for - * internal use only. - * - * \param ctx The SHA-256 context. This must be initialized. - * \param data The buffer holding one block of data. This must - * be a readable buffer of length \c 64 Bytes. - * - * \return \c 0 on success. - * \return A negative error code on failure. - */ -int mbedtls_internal_sha256_process( mbedtls_sha256_context *ctx, - const unsigned char data[64] ); - -/** - * \brief This function calculates the SHA-224 or SHA-256 - * checksum of a buffer. - * - * The function allocates the context, performs the - * calculation, and frees the context. - * - * The SHA-256 result is calculated as - * output = SHA-256(input buffer). - * - * \param input The buffer holding the data. This must be a readable - * buffer of length \p ilen Bytes. - * \param ilen The length of the input data in Bytes. - * \param output The SHA-224 or SHA-256 checksum result. - * This must be a writable buffer of length \c 32 bytes - * for SHA-256, \c 28 bytes for SHA-224. - * \param is224 Determines which function to use. This must be - * either \c 0 for SHA-256, or \c 1 for SHA-224. - */ -int mbedtls_sha256( const unsigned char *input, - size_t ilen, - unsigned char *output, - int is224 ); - -#if defined(MBEDTLS_SELF_TEST) - -/** - * \brief The SHA-224 and SHA-256 checkup routine. - * - * \return \c 0 on success. - * \return \c 1 on failure. - */ -int mbedtls_sha256_self_test( int verbose ); - -#endif /* MBEDTLS_SELF_TEST */ - -#ifdef __cplusplus -} -#endif - -#endif /* mbedtls_sha256.h */ diff --git a/windows/mbedtls/sha512.h b/windows/mbedtls/sha512.h deleted file mode 100644 index c43b9075..00000000 --- a/windows/mbedtls/sha512.h +++ /dev/null @@ -1,204 +0,0 @@ -/** - * \file sha512.h - * \brief This file contains SHA-384 and SHA-512 definitions and functions. - * - * The Secure Hash Algorithms 384 and 512 (SHA-384 and SHA-512) cryptographic - * hash functions are defined in FIPS 180-4: Secure Hash Standard (SHS). - */ -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -#ifndef MBEDTLS_SHA512_H -#define MBEDTLS_SHA512_H -#include "mbedtls/private_access.h" - -#include "mbedtls/build_info.h" - -#include -#include - -#define MBEDTLS_ERR_SHA512_BAD_INPUT_DATA -0x0075 /**< SHA-512 input data was malformed. */ - -#ifdef __cplusplus -extern "C" { -#endif - -#if !defined(MBEDTLS_SHA512_ALT) -// Regular implementation -// - -/** - * \brief The SHA-512 context structure. - * - * The structure is used both for SHA-384 and for SHA-512 - * checksum calculations. The choice between these two is - * made in the call to mbedtls_sha512_starts(). - */ -typedef struct mbedtls_sha512_context -{ - uint64_t MBEDTLS_PRIVATE(total)[2]; /*!< The number of Bytes processed. */ - uint64_t MBEDTLS_PRIVATE(state)[8]; /*!< The intermediate digest state. */ - unsigned char MBEDTLS_PRIVATE(buffer)[128]; /*!< The data block being processed. */ -#if defined(MBEDTLS_SHA384_C) - int MBEDTLS_PRIVATE(is384); /*!< Determines which function to use: - 0: Use SHA-512, or 1: Use SHA-384. */ -#endif -} -mbedtls_sha512_context; - -#else /* MBEDTLS_SHA512_ALT */ -#include "sha512_alt.h" -#endif /* MBEDTLS_SHA512_ALT */ - -/** - * \brief This function initializes a SHA-512 context. - * - * \param ctx The SHA-512 context to initialize. This must - * not be \c NULL. - */ -void mbedtls_sha512_init( mbedtls_sha512_context *ctx ); - -/** - * \brief This function clears a SHA-512 context. - * - * \param ctx The SHA-512 context to clear. This may be \c NULL, - * in which case this function does nothing. If it - * is not \c NULL, it must point to an initialized - * SHA-512 context. - */ -void mbedtls_sha512_free( mbedtls_sha512_context *ctx ); - -/** - * \brief This function clones the state of a SHA-512 context. - * - * \param dst The destination context. This must be initialized. - * \param src The context to clone. This must be initialized. - */ -void mbedtls_sha512_clone( mbedtls_sha512_context *dst, - const mbedtls_sha512_context *src ); - -/** - * \brief This function starts a SHA-384 or SHA-512 checksum - * calculation. - * - * \param ctx The SHA-512 context to use. This must be initialized. - * \param is384 Determines which function to use. This must be - * either \c 0 for SHA-512, or \c 1 for SHA-384. - * - * \note When \c MBEDTLS_SHA384_C is not defined, - * \p is384 must be \c 0, or the function will return - * #MBEDTLS_ERR_SHA512_BAD_INPUT_DATA. - * - * \return \c 0 on success. - * \return A negative error code on failure. - */ -int mbedtls_sha512_starts( mbedtls_sha512_context *ctx, int is384 ); - -/** - * \brief This function feeds an input buffer into an ongoing - * SHA-512 checksum calculation. - * - * \param ctx The SHA-512 context. This must be initialized - * and have a hash operation started. - * \param input The buffer holding the input data. This must - * be a readable buffer of length \p ilen Bytes. - * \param ilen The length of the input data in Bytes. - * - * \return \c 0 on success. - * \return A negative error code on failure. - */ -int mbedtls_sha512_update( mbedtls_sha512_context *ctx, - const unsigned char *input, - size_t ilen ); - -/** - * \brief This function finishes the SHA-512 operation, and writes - * the result to the output buffer. - * - * \param ctx The SHA-512 context. This must be initialized - * and have a hash operation started. - * \param output The SHA-384 or SHA-512 checksum result. - * This must be a writable buffer of length \c 64 bytes - * for SHA-512, \c 48 bytes for SHA-384. - * - * \return \c 0 on success. - * \return A negative error code on failure. - */ -int mbedtls_sha512_finish( mbedtls_sha512_context *ctx, - unsigned char *output ); - -/** - * \brief This function processes a single data block within - * the ongoing SHA-512 computation. - * This function is for internal use only. - * - * \param ctx The SHA-512 context. This must be initialized. - * \param data The buffer holding one block of data. This - * must be a readable buffer of length \c 128 Bytes. - * - * \return \c 0 on success. - * \return A negative error code on failure. - */ -int mbedtls_internal_sha512_process( mbedtls_sha512_context *ctx, - const unsigned char data[128] ); - -/** - * \brief This function calculates the SHA-512 or SHA-384 - * checksum of a buffer. - * - * The function allocates the context, performs the - * calculation, and frees the context. - * - * The SHA-512 result is calculated as - * output = SHA-512(input buffer). - * - * \param input The buffer holding the input data. This must be - * a readable buffer of length \p ilen Bytes. - * \param ilen The length of the input data in Bytes. - * \param output The SHA-384 or SHA-512 checksum result. - * This must be a writable buffer of length \c 64 bytes - * for SHA-512, \c 48 bytes for SHA-384. - * \param is384 Determines which function to use. This must be either - * \c 0 for SHA-512, or \c 1 for SHA-384. - * - * \note When \c MBEDTLS_SHA384_C is not defined, \p is384 must - * be \c 0, or the function will return - * #MBEDTLS_ERR_SHA512_BAD_INPUT_DATA. - * - * \return \c 0 on success. - * \return A negative error code on failure. - */ -int mbedtls_sha512( const unsigned char *input, - size_t ilen, - unsigned char *output, - int is384 ); - -#if defined(MBEDTLS_SELF_TEST) - - /** - * \brief The SHA-384 or SHA-512 checkup routine. - * - * \return \c 0 on success. - * \return \c 1 on failure. - */ -int mbedtls_sha512_self_test( int verbose ); -#endif /* MBEDTLS_SELF_TEST */ - -#ifdef __cplusplus -} -#endif - -#endif /* mbedtls_sha512.h */ diff --git a/windows/mbedtls/ssl.h b/windows/mbedtls/ssl.h deleted file mode 100644 index 3a14a583..00000000 --- a/windows/mbedtls/ssl.h +++ /dev/null @@ -1,4152 +0,0 @@ -/** - * \file ssl.h - * - * \brief SSL/TLS functions. - */ -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -#ifndef MBEDTLS_SSL_H -#define MBEDTLS_SSL_H -#include "mbedtls/private_access.h" - -#include "mbedtls/build_info.h" - -#include "mbedtls/bignum.h" -#include "mbedtls/ecp.h" - -#include "mbedtls/ssl_ciphersuites.h" - -#if defined(MBEDTLS_X509_CRT_PARSE_C) -#include "mbedtls/x509_crt.h" -#include "mbedtls/x509_crl.h" -#endif - -#if defined(MBEDTLS_DHM_C) -#include "mbedtls/dhm.h" -#endif - -/* Adding guard for MBEDTLS_ECDSA_C to ensure no compile errors due - * to guards also being in ssl_srv.c and ssl_cli.c. There is a gap - * in functionality that access to ecdh_ctx structure is needed for - * MBEDTLS_ECDSA_C which does not seem correct. - */ -#if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) -#include "mbedtls/ecdh.h" -#endif - -#if defined(MBEDTLS_HAVE_TIME) -#include "mbedtls/platform_time.h" -#endif - -#if defined(MBEDTLS_USE_PSA_CRYPTO) -#include "psa/crypto.h" -#endif /* MBEDTLS_USE_PSA_CRYPTO */ - -/* - * SSL Error codes - */ -#define MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS -0x7000 /**< A cryptographic operation is in progress. Try again later. */ -#define MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE -0x7080 /**< The requested feature is not available. */ -#define MBEDTLS_ERR_SSL_BAD_INPUT_DATA -0x7100 /**< Bad input parameters to function. */ -#define MBEDTLS_ERR_SSL_INVALID_MAC -0x7180 /**< Verification of the message MAC failed. */ -#define MBEDTLS_ERR_SSL_INVALID_RECORD -0x7200 /**< An invalid SSL record was received. */ -#define MBEDTLS_ERR_SSL_CONN_EOF -0x7280 /**< The connection indicated an EOF. */ -#define MBEDTLS_ERR_SSL_DECODE_ERROR -0x7300 /**< A message could not be parsed due to a syntactic error. */ -/* Error space gap */ -#define MBEDTLS_ERR_SSL_NO_RNG -0x7400 /**< No RNG was provided to the SSL module. */ -#define MBEDTLS_ERR_SSL_NO_CLIENT_CERTIFICATE -0x7480 /**< No client certification received from the client, but required by the authentication mode. */ -#define MBEDTLS_ERR_SSL_UNSUPPORTED_EXTENSION -0x7500 /**< Client received an extended server hello containing an unsupported extension */ -#define MBEDTLS_ERR_SSL_NO_APPLICATION_PROTOCOL -0x7580 /**< No ALPN protocols supported that the client advertises */ -#define MBEDTLS_ERR_SSL_PRIVATE_KEY_REQUIRED -0x7600 /**< The own private key or pre-shared key is not set, but needed. */ -#define MBEDTLS_ERR_SSL_CA_CHAIN_REQUIRED -0x7680 /**< No CA Chain is set, but required to operate. */ -#define MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE -0x7700 /**< An unexpected message was received from our peer. */ -#define MBEDTLS_ERR_SSL_FATAL_ALERT_MESSAGE -0x7780 /**< A fatal alert message was received from our peer. */ -#define MBEDTLS_ERR_SSL_UNRECOGNIZED_NAME -0x7800 /**< No server could be identified matching the client's SNI. */ -#define MBEDTLS_ERR_SSL_PEER_CLOSE_NOTIFY -0x7880 /**< The peer notified us that the connection is going to be closed. */ -/* Error space gap */ -/* Error space gap */ -#define MBEDTLS_ERR_SSL_BAD_CERTIFICATE -0x7A00 /**< Processing of the Certificate handshake message failed. */ -/* Error space gap */ -/* Error space gap */ -/* Error space gap */ -/* Error space gap */ -/* Error space gap */ -/* Error space gap */ -/* Error space gap */ -/* Error space gap */ -/* Error space gap */ -#define MBEDTLS_ERR_SSL_ALLOC_FAILED -0x7F00 /**< Memory allocation failed */ -#define MBEDTLS_ERR_SSL_HW_ACCEL_FAILED -0x7F80 /**< Hardware acceleration function returned with error */ -#define MBEDTLS_ERR_SSL_HW_ACCEL_FALLTHROUGH -0x6F80 /**< Hardware acceleration function skipped / left alone data */ -#define MBEDTLS_ERR_SSL_BAD_PROTOCOL_VERSION -0x6E80 /**< Handshake protocol not within min/max boundaries */ -#define MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE -0x6E00 /**< The handshake negotiation failed. */ -#define MBEDTLS_ERR_SSL_SESSION_TICKET_EXPIRED -0x6D80 /**< Session ticket has expired. */ -#define MBEDTLS_ERR_SSL_PK_TYPE_MISMATCH -0x6D00 /**< Public key type mismatch (eg, asked for RSA key exchange and presented EC key) */ -#define MBEDTLS_ERR_SSL_UNKNOWN_IDENTITY -0x6C80 /**< Unknown identity received (eg, PSK identity) */ -#define MBEDTLS_ERR_SSL_INTERNAL_ERROR -0x6C00 /**< Internal error (eg, unexpected failure in lower-level module) */ -#define MBEDTLS_ERR_SSL_COUNTER_WRAPPING -0x6B80 /**< A counter would wrap (eg, too many messages exchanged). */ -#define MBEDTLS_ERR_SSL_WAITING_SERVER_HELLO_RENEGO -0x6B00 /**< Unexpected message at ServerHello in renegotiation. */ -#define MBEDTLS_ERR_SSL_HELLO_VERIFY_REQUIRED -0x6A80 /**< DTLS client must retry for hello verification */ -#define MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL -0x6A00 /**< A buffer is too small to receive or write a message */ -/* Error space gap */ -#define MBEDTLS_ERR_SSL_WANT_READ -0x6900 /**< No data of requested type currently available on underlying transport. */ -#define MBEDTLS_ERR_SSL_WANT_WRITE -0x6880 /**< Connection requires a write call. */ -#define MBEDTLS_ERR_SSL_TIMEOUT -0x6800 /**< The operation timed out. */ -#define MBEDTLS_ERR_SSL_CLIENT_RECONNECT -0x6780 /**< The client initiated a reconnect from the same port. */ -#define MBEDTLS_ERR_SSL_UNEXPECTED_RECORD -0x6700 /**< Record header looks valid but is not expected. */ -#define MBEDTLS_ERR_SSL_NON_FATAL -0x6680 /**< The alert message received indicates a non-fatal error. */ -#define MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER -0x6600 /**< A field in a message was incorrect or inconsistent with other fields. */ -#define MBEDTLS_ERR_SSL_CONTINUE_PROCESSING -0x6580 /**< Internal-only message signaling that further message-processing should be done */ -#define MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS -0x6500 /**< The asynchronous operation is not completed yet. */ -#define MBEDTLS_ERR_SSL_EARLY_MESSAGE -0x6480 /**< Internal-only message signaling that a message arrived early. */ -/* Error space gap */ -/* Error space gap */ -/* Error space gap */ -/* Error space gap */ -/* Error space gap */ -/* Error space gap */ -/* Error space gap */ -/* Error space gap */ -#define MBEDTLS_ERR_SSL_UNEXPECTED_CID -0x6000 /**< An encrypted DTLS-frame with an unexpected CID was received. */ -#define MBEDTLS_ERR_SSL_VERSION_MISMATCH -0x5F00 /**< An operation failed due to an unexpected version or configuration. */ -#define MBEDTLS_ERR_SSL_BAD_CONFIG -0x5E80 /**< Invalid value in SSL config */ - -/* - * Various constants - */ - -/* These are the high an low bytes of ProtocolVersion as defined by: - * - RFC 5246: ProtocolVersion version = { 3, 3 }; // TLS v1.2 - * - RFC 8446: see section 4.2.1 - */ -#define MBEDTLS_SSL_MAJOR_VERSION_3 3 -#define MBEDTLS_SSL_MINOR_VERSION_3 3 /*!< TLS v1.2 */ -#define MBEDTLS_SSL_MINOR_VERSION_4 4 /*!< TLS v1.3 (experimental) */ - -#define MBEDTLS_SSL_TRANSPORT_STREAM 0 /*!< TLS */ -#define MBEDTLS_SSL_TRANSPORT_DATAGRAM 1 /*!< DTLS */ - -#define MBEDTLS_SSL_MAX_HOST_NAME_LEN 255 /*!< Maximum host name defined in RFC 1035 */ -#define MBEDTLS_SSL_MAX_ALPN_NAME_LEN 255 /*!< Maximum size in bytes of a protocol name in alpn ext., RFC 7301 */ - -#define MBEDTLS_SSL_MAX_ALPN_LIST_LEN 65535 /*!< Maximum size in bytes of list in alpn ext., RFC 7301 */ - -/* RFC 6066 section 4, see also mfl_code_to_length in ssl_tls.c - * NONE must be zero so that memset()ing structure to zero works */ -#define MBEDTLS_SSL_MAX_FRAG_LEN_NONE 0 /*!< don't use this extension */ -#define MBEDTLS_SSL_MAX_FRAG_LEN_512 1 /*!< MaxFragmentLength 2^9 */ -#define MBEDTLS_SSL_MAX_FRAG_LEN_1024 2 /*!< MaxFragmentLength 2^10 */ -#define MBEDTLS_SSL_MAX_FRAG_LEN_2048 3 /*!< MaxFragmentLength 2^11 */ -#define MBEDTLS_SSL_MAX_FRAG_LEN_4096 4 /*!< MaxFragmentLength 2^12 */ -#define MBEDTLS_SSL_MAX_FRAG_LEN_INVALID 5 /*!< first invalid value */ - -#define MBEDTLS_SSL_IS_CLIENT 0 -#define MBEDTLS_SSL_IS_SERVER 1 - -#define MBEDTLS_SSL_EXTENDED_MS_DISABLED 0 -#define MBEDTLS_SSL_EXTENDED_MS_ENABLED 1 - -#define MBEDTLS_SSL_CID_DISABLED 0 -#define MBEDTLS_SSL_CID_ENABLED 1 - -#define MBEDTLS_SSL_ETM_DISABLED 0 -#define MBEDTLS_SSL_ETM_ENABLED 1 - -#define MBEDTLS_SSL_COMPRESS_NULL 0 - -#define MBEDTLS_SSL_VERIFY_NONE 0 -#define MBEDTLS_SSL_VERIFY_OPTIONAL 1 -#define MBEDTLS_SSL_VERIFY_REQUIRED 2 -#define MBEDTLS_SSL_VERIFY_UNSET 3 /* Used only for sni_authmode */ - -#define MBEDTLS_SSL_LEGACY_RENEGOTIATION 0 -#define MBEDTLS_SSL_SECURE_RENEGOTIATION 1 - -#define MBEDTLS_SSL_RENEGOTIATION_DISABLED 0 -#define MBEDTLS_SSL_RENEGOTIATION_ENABLED 1 - -#define MBEDTLS_SSL_ANTI_REPLAY_DISABLED 0 -#define MBEDTLS_SSL_ANTI_REPLAY_ENABLED 1 - -#define MBEDTLS_SSL_RENEGOTIATION_NOT_ENFORCED -1 -#define MBEDTLS_SSL_RENEGO_MAX_RECORDS_DEFAULT 16 - -#define MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION 0 -#define MBEDTLS_SSL_LEGACY_ALLOW_RENEGOTIATION 1 -#define MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE 2 - -#define MBEDTLS_SSL_TRUNC_HMAC_DISABLED 0 -#define MBEDTLS_SSL_TRUNC_HMAC_ENABLED 1 -#define MBEDTLS_SSL_TRUNCATED_HMAC_LEN 10 /* 80 bits, rfc 6066 section 7 */ - -#define MBEDTLS_SSL_SESSION_TICKETS_DISABLED 0 -#define MBEDTLS_SSL_SESSION_TICKETS_ENABLED 1 - -#define MBEDTLS_SSL_PRESET_DEFAULT 0 -#define MBEDTLS_SSL_PRESET_SUITEB 2 - -#define MBEDTLS_SSL_CERT_REQ_CA_LIST_ENABLED 1 -#define MBEDTLS_SSL_CERT_REQ_CA_LIST_DISABLED 0 - -#define MBEDTLS_SSL_DTLS_SRTP_MKI_UNSUPPORTED 0 -#define MBEDTLS_SSL_DTLS_SRTP_MKI_SUPPORTED 1 - -#define MBEDTLS_SSL_SRV_CIPHERSUITE_ORDER_CLIENT 1 -#define MBEDTLS_SSL_SRV_CIPHERSUITE_ORDER_SERVER 0 - -/* - * Default range for DTLS retransmission timer value, in milliseconds. - * RFC 6347 4.2.4.1 says from 1 second to 60 seconds. - */ -#define MBEDTLS_SSL_DTLS_TIMEOUT_DFL_MIN 1000 -#define MBEDTLS_SSL_DTLS_TIMEOUT_DFL_MAX 60000 - -/** - * \name SECTION: Module settings - * - * The configuration options you can set for this module are in this section. - * Either change them in mbedtls_config.h or define them on the compiler command line. - * \{ - */ - -/* - * Maximum fragment length in bytes, - * determines the size of each of the two internal I/O buffers. - * - * Note: the RFC defines the default size of SSL / TLS messages. If you - * change the value here, other clients / servers may not be able to - * communicate with you anymore. Only change this value if you control - * both sides of the connection and have it reduced at both sides, or - * if you're using the Max Fragment Length extension and you know all your - * peers are using it too! - */ -#if !defined(MBEDTLS_SSL_IN_CONTENT_LEN) -#define MBEDTLS_SSL_IN_CONTENT_LEN 16384 -#endif - -#if !defined(MBEDTLS_SSL_OUT_CONTENT_LEN) -#define MBEDTLS_SSL_OUT_CONTENT_LEN 16384 -#endif - -/* - * Maximum number of heap-allocated bytes for the purpose of - * DTLS handshake message reassembly and future message buffering. - */ -#if !defined(MBEDTLS_SSL_DTLS_MAX_BUFFERING) -#define MBEDTLS_SSL_DTLS_MAX_BUFFERING 32768 -#endif - -/* - * Maximum length of CIDs for incoming and outgoing messages. - */ -#if !defined(MBEDTLS_SSL_CID_IN_LEN_MAX) -#define MBEDTLS_SSL_CID_IN_LEN_MAX 32 -#endif - -#if !defined(MBEDTLS_SSL_CID_OUT_LEN_MAX) -#define MBEDTLS_SSL_CID_OUT_LEN_MAX 32 -#endif - -#if !defined(MBEDTLS_SSL_CID_TLS1_3_PADDING_GRANULARITY) -#define MBEDTLS_SSL_CID_TLS1_3_PADDING_GRANULARITY 16 -#endif - -/* \} name SECTION: Module settings */ - -/* - * Length of the verify data for secure renegotiation - */ -#define MBEDTLS_SSL_VERIFY_DATA_MAX_LEN 12 - -/* - * Signaling ciphersuite values (SCSV) - */ -#define MBEDTLS_SSL_EMPTY_RENEGOTIATION_INFO 0xFF /**< renegotiation info ext */ - -/* - * Supported Signature and Hash algorithms (For TLS 1.2) - * RFC 5246 section 7.4.1.4.1 - */ -#define MBEDTLS_SSL_HASH_NONE 0 -#define MBEDTLS_SSL_HASH_MD5 1 -#define MBEDTLS_SSL_HASH_SHA1 2 -#define MBEDTLS_SSL_HASH_SHA224 3 -#define MBEDTLS_SSL_HASH_SHA256 4 -#define MBEDTLS_SSL_HASH_SHA384 5 -#define MBEDTLS_SSL_HASH_SHA512 6 - -#define MBEDTLS_SSL_SIG_ANON 0 -#define MBEDTLS_SSL_SIG_RSA 1 -#define MBEDTLS_SSL_SIG_ECDSA 3 - -/* - * Client Certificate Types - * RFC 5246 section 7.4.4 plus RFC 4492 section 5.5 - */ -#define MBEDTLS_SSL_CERT_TYPE_RSA_SIGN 1 -#define MBEDTLS_SSL_CERT_TYPE_ECDSA_SIGN 64 - -/* - * Message, alert and handshake types - */ -#define MBEDTLS_SSL_MSG_CHANGE_CIPHER_SPEC 20 -#define MBEDTLS_SSL_MSG_ALERT 21 -#define MBEDTLS_SSL_MSG_HANDSHAKE 22 -#define MBEDTLS_SSL_MSG_APPLICATION_DATA 23 -#define MBEDTLS_SSL_MSG_CID 25 - -#define MBEDTLS_SSL_ALERT_LEVEL_WARNING 1 -#define MBEDTLS_SSL_ALERT_LEVEL_FATAL 2 - -#define MBEDTLS_SSL_ALERT_MSG_CLOSE_NOTIFY 0 /* 0x00 */ -#define MBEDTLS_SSL_ALERT_MSG_UNEXPECTED_MESSAGE 10 /* 0x0A */ -#define MBEDTLS_SSL_ALERT_MSG_BAD_RECORD_MAC 20 /* 0x14 */ -#define MBEDTLS_SSL_ALERT_MSG_DECRYPTION_FAILED 21 /* 0x15 */ -#define MBEDTLS_SSL_ALERT_MSG_RECORD_OVERFLOW 22 /* 0x16 */ -#define MBEDTLS_SSL_ALERT_MSG_DECOMPRESSION_FAILURE 30 /* 0x1E */ -#define MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE 40 /* 0x28 */ -#define MBEDTLS_SSL_ALERT_MSG_NO_CERT 41 /* 0x29 */ -#define MBEDTLS_SSL_ALERT_MSG_BAD_CERT 42 /* 0x2A */ -#define MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT 43 /* 0x2B */ -#define MBEDTLS_SSL_ALERT_MSG_CERT_REVOKED 44 /* 0x2C */ -#define MBEDTLS_SSL_ALERT_MSG_CERT_EXPIRED 45 /* 0x2D */ -#define MBEDTLS_SSL_ALERT_MSG_CERT_UNKNOWN 46 /* 0x2E */ -#define MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER 47 /* 0x2F */ -#define MBEDTLS_SSL_ALERT_MSG_UNKNOWN_CA 48 /* 0x30 */ -#define MBEDTLS_SSL_ALERT_MSG_ACCESS_DENIED 49 /* 0x31 */ -#define MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR 50 /* 0x32 */ -#define MBEDTLS_SSL_ALERT_MSG_DECRYPT_ERROR 51 /* 0x33 */ -#define MBEDTLS_SSL_ALERT_MSG_EXPORT_RESTRICTION 60 /* 0x3C */ -#define MBEDTLS_SSL_ALERT_MSG_PROTOCOL_VERSION 70 /* 0x46 */ -#define MBEDTLS_SSL_ALERT_MSG_INSUFFICIENT_SECURITY 71 /* 0x47 */ -#define MBEDTLS_SSL_ALERT_MSG_INTERNAL_ERROR 80 /* 0x50 */ -#define MBEDTLS_SSL_ALERT_MSG_INAPROPRIATE_FALLBACK 86 /* 0x56 */ -#define MBEDTLS_SSL_ALERT_MSG_USER_CANCELED 90 /* 0x5A */ -#define MBEDTLS_SSL_ALERT_MSG_NO_RENEGOTIATION 100 /* 0x64 */ -#define MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_EXT 110 /* 0x6E */ -#define MBEDTLS_SSL_ALERT_MSG_UNRECOGNIZED_NAME 112 /* 0x70 */ -#define MBEDTLS_SSL_ALERT_MSG_UNKNOWN_PSK_IDENTITY 115 /* 0x73 */ -#define MBEDTLS_SSL_ALERT_MSG_NO_APPLICATION_PROTOCOL 120 /* 0x78 */ - -#define MBEDTLS_SSL_HS_HELLO_REQUEST 0 -#define MBEDTLS_SSL_HS_CLIENT_HELLO 1 -#define MBEDTLS_SSL_HS_SERVER_HELLO 2 -#define MBEDTLS_SSL_HS_HELLO_VERIFY_REQUEST 3 -#define MBEDTLS_SSL_HS_NEW_SESSION_TICKET 4 -#define MBEDTLS_SSL_HS_CERTIFICATE 11 -#define MBEDTLS_SSL_HS_SERVER_KEY_EXCHANGE 12 -#define MBEDTLS_SSL_HS_CERTIFICATE_REQUEST 13 -#define MBEDTLS_SSL_HS_SERVER_HELLO_DONE 14 -#define MBEDTLS_SSL_HS_CERTIFICATE_VERIFY 15 -#define MBEDTLS_SSL_HS_CLIENT_KEY_EXCHANGE 16 -#define MBEDTLS_SSL_HS_FINISHED 20 - -/* - * TLS extensions - */ -#define MBEDTLS_TLS_EXT_SERVERNAME 0 -#define MBEDTLS_TLS_EXT_SERVERNAME_HOSTNAME 0 - -#define MBEDTLS_TLS_EXT_MAX_FRAGMENT_LENGTH 1 - -#define MBEDTLS_TLS_EXT_TRUNCATED_HMAC 4 - -#define MBEDTLS_TLS_EXT_SUPPORTED_ELLIPTIC_CURVES 10 -#define MBEDTLS_TLS_EXT_SUPPORTED_POINT_FORMATS 11 - -#define MBEDTLS_TLS_EXT_SIG_ALG 13 - -#define MBEDTLS_TLS_EXT_USE_SRTP 14 - -#define MBEDTLS_TLS_EXT_ALPN 16 - -#define MBEDTLS_TLS_EXT_ENCRYPT_THEN_MAC 22 /* 0x16 */ -#define MBEDTLS_TLS_EXT_EXTENDED_MASTER_SECRET 0x0017 /* 23 */ - -#define MBEDTLS_TLS_EXT_SESSION_TICKET 35 - -/* The value of the CID extension is still TBD as of - * draft-ietf-tls-dtls-connection-id-05 - * (https://tools.ietf.org/html/draft-ietf-tls-dtls-connection-id-05) */ -#define MBEDTLS_TLS_EXT_CID 254 /* TBD */ - -#define MBEDTLS_TLS_EXT_ECJPAKE_KKPP 256 /* experimental */ - -#define MBEDTLS_TLS_EXT_RENEGOTIATION_INFO 0xFF01 - -/* - * Size defines - */ -#if !defined(MBEDTLS_PSK_MAX_LEN) -#define MBEDTLS_PSK_MAX_LEN 32 /* 256 bits */ -#endif - -/* Dummy type used only for its size */ -union mbedtls_ssl_premaster_secret -{ -#if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED) - unsigned char _pms_rsa[48]; /* RFC 5246 8.1.1 */ -#endif -#if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) - unsigned char _pms_dhm[MBEDTLS_MPI_MAX_SIZE]; /* RFC 5246 8.1.2 */ -#endif -#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \ - defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) || \ - defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) || \ - defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED) - unsigned char _pms_ecdh[MBEDTLS_ECP_MAX_BYTES]; /* RFC 4492 5.10 */ -#endif -#if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED) - unsigned char _pms_psk[4 + 2 * MBEDTLS_PSK_MAX_LEN]; /* RFC 4279 2 */ -#endif -#if defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED) - unsigned char _pms_dhe_psk[4 + MBEDTLS_MPI_MAX_SIZE - + MBEDTLS_PSK_MAX_LEN]; /* RFC 4279 3 */ -#endif -#if defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED) - unsigned char _pms_rsa_psk[52 + MBEDTLS_PSK_MAX_LEN]; /* RFC 4279 4 */ -#endif -#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED) - unsigned char _pms_ecdhe_psk[4 + MBEDTLS_ECP_MAX_BYTES - + MBEDTLS_PSK_MAX_LEN]; /* RFC 5489 2 */ -#endif -#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) - unsigned char _pms_ecjpake[32]; /* Thread spec: SHA-256 output */ -#endif -}; - -#define MBEDTLS_PREMASTER_SIZE sizeof( union mbedtls_ssl_premaster_secret ) - -#ifdef __cplusplus -extern "C" { -#endif - -/* - * SSL state machine - */ -typedef enum -{ - MBEDTLS_SSL_HELLO_REQUEST, - MBEDTLS_SSL_CLIENT_HELLO, - MBEDTLS_SSL_SERVER_HELLO, - MBEDTLS_SSL_SERVER_CERTIFICATE, - MBEDTLS_SSL_SERVER_KEY_EXCHANGE, - MBEDTLS_SSL_CERTIFICATE_REQUEST, - MBEDTLS_SSL_SERVER_HELLO_DONE, - MBEDTLS_SSL_CLIENT_CERTIFICATE, - MBEDTLS_SSL_CLIENT_KEY_EXCHANGE, - MBEDTLS_SSL_CERTIFICATE_VERIFY, - MBEDTLS_SSL_CLIENT_CHANGE_CIPHER_SPEC, - MBEDTLS_SSL_CLIENT_FINISHED, - MBEDTLS_SSL_SERVER_CHANGE_CIPHER_SPEC, - MBEDTLS_SSL_SERVER_FINISHED, - MBEDTLS_SSL_FLUSH_BUFFERS, - MBEDTLS_SSL_HANDSHAKE_WRAPUP, - MBEDTLS_SSL_HANDSHAKE_OVER, - MBEDTLS_SSL_SERVER_NEW_SESSION_TICKET, - MBEDTLS_SSL_SERVER_HELLO_VERIFY_REQUEST_SENT, -} -mbedtls_ssl_states; - -/** - * \brief Callback type: send data on the network. - * - * \note That callback may be either blocking or non-blocking. - * - * \param ctx Context for the send callback (typically a file descriptor) - * \param buf Buffer holding the data to send - * \param len Length of the data to send - * - * \return The callback must return the number of bytes sent if any, - * or a non-zero error code. - * If performing non-blocking I/O, \c MBEDTLS_ERR_SSL_WANT_WRITE - * must be returned when the operation would block. - * - * \note The callback is allowed to send fewer bytes than requested. - * It must always return the number of bytes actually sent. - */ -typedef int mbedtls_ssl_send_t( void *ctx, - const unsigned char *buf, - size_t len ); - -/** - * \brief Callback type: receive data from the network. - * - * \note That callback may be either blocking or non-blocking. - * - * \param ctx Context for the receive callback (typically a file - * descriptor) - * \param buf Buffer to write the received data to - * \param len Length of the receive buffer - * - * \return The callback must return the number of bytes received, - * or a non-zero error code. - * If performing non-blocking I/O, \c MBEDTLS_ERR_SSL_WANT_READ - * must be returned when the operation would block. - * - * \note The callback may receive fewer bytes than the length of the - * buffer. It must always return the number of bytes actually - * received and written to the buffer. - */ -typedef int mbedtls_ssl_recv_t( void *ctx, - unsigned char *buf, - size_t len ); - -/** - * \brief Callback type: receive data from the network, with timeout - * - * \note That callback must block until data is received, or the - * timeout delay expires, or the operation is interrupted by a - * signal. - * - * \param ctx Context for the receive callback (typically a file descriptor) - * \param buf Buffer to write the received data to - * \param len Length of the receive buffer - * \param timeout Maximum nomber of millisecondes to wait for data - * 0 means no timeout (potentially waiting forever) - * - * \return The callback must return the number of bytes received, - * or a non-zero error code: - * \c MBEDTLS_ERR_SSL_TIMEOUT if the operation timed out, - * \c MBEDTLS_ERR_SSL_WANT_READ if interrupted by a signal. - * - * \note The callback may receive fewer bytes than the length of the - * buffer. It must always return the number of bytes actually - * received and written to the buffer. - */ -typedef int mbedtls_ssl_recv_timeout_t( void *ctx, - unsigned char *buf, - size_t len, - uint32_t timeout ); -/** - * \brief Callback type: set a pair of timers/delays to watch - * - * \param ctx Context pointer - * \param int_ms Intermediate delay in milliseconds - * \param fin_ms Final delay in milliseconds - * 0 cancels the current timer. - * - * \note This callback must at least store the necessary information - * for the associated \c mbedtls_ssl_get_timer_t callback to - * return correct information. - * - * \note If using a event-driven style of programming, an event must - * be generated when the final delay is passed. The event must - * cause a call to \c mbedtls_ssl_handshake() with the proper - * SSL context to be scheduled. Care must be taken to ensure - * that at most one such call happens at a time. - * - * \note Only one timer at a time must be running. Calling this - * function while a timer is running must cancel it. Cancelled - * timers must not generate any event. - */ -typedef void mbedtls_ssl_set_timer_t( void * ctx, - uint32_t int_ms, - uint32_t fin_ms ); - -/** - * \brief Callback type: get status of timers/delays - * - * \param ctx Context pointer - * - * \return This callback must return: - * -1 if cancelled (fin_ms == 0), - * 0 if none of the delays have passed, - * 1 if only the intermediate delay has passed, - * 2 if the final delay has passed. - */ -typedef int mbedtls_ssl_get_timer_t( void * ctx ); - -/* Defined below */ -typedef struct mbedtls_ssl_session mbedtls_ssl_session; -typedef struct mbedtls_ssl_context mbedtls_ssl_context; -typedef struct mbedtls_ssl_config mbedtls_ssl_config; - -/* Defined in library/ssl_misc.h */ -typedef struct mbedtls_ssl_transform mbedtls_ssl_transform; -typedef struct mbedtls_ssl_handshake_params mbedtls_ssl_handshake_params; -typedef struct mbedtls_ssl_sig_hash_set_t mbedtls_ssl_sig_hash_set_t; -#if defined(MBEDTLS_X509_CRT_PARSE_C) -typedef struct mbedtls_ssl_key_cert mbedtls_ssl_key_cert; -#endif -#if defined(MBEDTLS_SSL_PROTO_DTLS) -typedef struct mbedtls_ssl_flight_item mbedtls_ssl_flight_item; -#endif - -/** - * \brief Callback type: server-side session cache getter - * - * The session cache is logically a key value store, with - * keys being session IDs and values being instances of - * mbedtls_ssl_session. - * - * This callback retrieves an entry in this key-value store. - * - * \param data The address of the session cache structure to query. - * \param session_id The buffer holding the session ID to query. - * \param session_id_len The length of \p session_id in Bytes. - * \param session The address of the session structure to populate. - * It is initialized with mbdtls_ssl_session_init(), - * and the callback must always leave it in a state - * where it can safely be freed via - * mbedtls_ssl_session_free() independent of the - * return code of this function. - * - * \return \c 0 on success - * \return A non-zero return value on failure. - * - */ -typedef int mbedtls_ssl_cache_get_t( void *data, - unsigned char const *session_id, - size_t session_id_len, - mbedtls_ssl_session *session ); -/** - * \brief Callback type: server-side session cache setter - * - * The session cache is logically a key value store, with - * keys being session IDs and values being instances of - * mbedtls_ssl_session. - * - * This callback sets an entry in this key-value store. - * - * \param data The address of the session cache structure to modify. - * \param session_id The buffer holding the session ID to query. - * \param session_id_len The length of \p session_id in Bytes. - * \param session The address of the session to be stored in the - * session cache. - * - * \return \c 0 on success - * \return A non-zero return value on failure. - */ -typedef int mbedtls_ssl_cache_set_t( void *data, - unsigned char const *session_id, - size_t session_id_len, - const mbedtls_ssl_session *session ); - -#if defined(MBEDTLS_SSL_ASYNC_PRIVATE) -#if defined(MBEDTLS_X509_CRT_PARSE_C) -/** - * \brief Callback type: start external signature operation. - * - * This callback is called during an SSL handshake to start - * a signature decryption operation using an - * external processor. The parameter \p cert contains - * the public key; it is up to the callback function to - * determine how to access the associated private key. - * - * This function typically sends or enqueues a request, and - * does not wait for the operation to complete. This allows - * the handshake step to be non-blocking. - * - * The parameters \p ssl and \p cert are guaranteed to remain - * valid throughout the handshake. On the other hand, this - * function must save the contents of \p hash if the value - * is needed for later processing, because the \p hash buffer - * is no longer valid after this function returns. - * - * This function may call mbedtls_ssl_set_async_operation_data() - * to store an operation context for later retrieval - * by the resume or cancel callback. - * - * \note For RSA signatures, this function must produce output - * that is consistent with PKCS#1 v1.5 in the same way as - * mbedtls_rsa_pkcs1_sign(). Before the private key operation, - * apply the padding steps described in RFC 8017, section 9.2 - * "EMSA-PKCS1-v1_5" as follows. - * - If \p md_alg is #MBEDTLS_MD_NONE, apply the PKCS#1 v1.5 - * encoding, treating \p hash as the DigestInfo to be - * padded. In other words, apply EMSA-PKCS1-v1_5 starting - * from step 3, with `T = hash` and `tLen = hash_len`. - * - If `md_alg != MBEDTLS_MD_NONE`, apply the PKCS#1 v1.5 - * encoding, treating \p hash as the hash to be encoded and - * padded. In other words, apply EMSA-PKCS1-v1_5 starting - * from step 2, with `digestAlgorithm` obtained by calling - * mbedtls_oid_get_oid_by_md() on \p md_alg. - * - * \note For ECDSA signatures, the output format is the DER encoding - * `Ecdsa-Sig-Value` defined in - * [RFC 4492 section 5.4](https://tools.ietf.org/html/rfc4492#section-5.4). - * - * \param ssl The SSL connection instance. It should not be - * modified other than via - * mbedtls_ssl_set_async_operation_data(). - * \param cert Certificate containing the public key. - * In simple cases, this is one of the pointers passed to - * mbedtls_ssl_conf_own_cert() when configuring the SSL - * connection. However, if other callbacks are used, this - * property may not hold. For example, if an SNI callback - * is registered with mbedtls_ssl_conf_sni(), then - * this callback determines what certificate is used. - * \param md_alg Hash algorithm. - * \param hash Buffer containing the hash. This buffer is - * no longer valid when the function returns. - * \param hash_len Size of the \c hash buffer in bytes. - * - * \return 0 if the operation was started successfully and the SSL - * stack should call the resume callback immediately. - * \return #MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS if the operation - * was started successfully and the SSL stack should return - * immediately without calling the resume callback yet. - * \return #MBEDTLS_ERR_SSL_HW_ACCEL_FALLTHROUGH if the external - * processor does not support this key. The SSL stack will - * use the private key object instead. - * \return Any other error indicates a fatal failure and is - * propagated up the call chain. The callback should - * use \c MBEDTLS_ERR_PK_xxx error codes, and must not - * use \c MBEDTLS_ERR_SSL_xxx error codes except as - * directed in the documentation of this callback. - */ -typedef int mbedtls_ssl_async_sign_t( mbedtls_ssl_context *ssl, - mbedtls_x509_crt *cert, - mbedtls_md_type_t md_alg, - const unsigned char *hash, - size_t hash_len ); - -/** - * \brief Callback type: start external decryption operation. - * - * This callback is called during an SSL handshake to start - * an RSA decryption operation using an - * external processor. The parameter \p cert contains - * the public key; it is up to the callback function to - * determine how to access the associated private key. - * - * This function typically sends or enqueues a request, and - * does not wait for the operation to complete. This allows - * the handshake step to be non-blocking. - * - * The parameters \p ssl and \p cert are guaranteed to remain - * valid throughout the handshake. On the other hand, this - * function must save the contents of \p input if the value - * is needed for later processing, because the \p input buffer - * is no longer valid after this function returns. - * - * This function may call mbedtls_ssl_set_async_operation_data() - * to store an operation context for later retrieval - * by the resume or cancel callback. - * - * \warning RSA decryption as used in TLS is subject to a potential - * timing side channel attack first discovered by Bleichenbacher - * in 1998. This attack can be remotely exploitable - * in practice. To avoid this attack, you must ensure that - * if the callback performs an RSA decryption, the time it - * takes to execute and return the result does not depend - * on whether the RSA decryption succeeded or reported - * invalid padding. - * - * \param ssl The SSL connection instance. It should not be - * modified other than via - * mbedtls_ssl_set_async_operation_data(). - * \param cert Certificate containing the public key. - * In simple cases, this is one of the pointers passed to - * mbedtls_ssl_conf_own_cert() when configuring the SSL - * connection. However, if other callbacks are used, this - * property may not hold. For example, if an SNI callback - * is registered with mbedtls_ssl_conf_sni(), then - * this callback determines what certificate is used. - * \param input Buffer containing the input ciphertext. This buffer - * is no longer valid when the function returns. - * \param input_len Size of the \p input buffer in bytes. - * - * \return 0 if the operation was started successfully and the SSL - * stack should call the resume callback immediately. - * \return #MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS if the operation - * was started successfully and the SSL stack should return - * immediately without calling the resume callback yet. - * \return #MBEDTLS_ERR_SSL_HW_ACCEL_FALLTHROUGH if the external - * processor does not support this key. The SSL stack will - * use the private key object instead. - * \return Any other error indicates a fatal failure and is - * propagated up the call chain. The callback should - * use \c MBEDTLS_ERR_PK_xxx error codes, and must not - * use \c MBEDTLS_ERR_SSL_xxx error codes except as - * directed in the documentation of this callback. - */ -typedef int mbedtls_ssl_async_decrypt_t( mbedtls_ssl_context *ssl, - mbedtls_x509_crt *cert, - const unsigned char *input, - size_t input_len ); -#endif /* MBEDTLS_X509_CRT_PARSE_C */ - -/** - * \brief Callback type: resume external operation. - * - * This callback is called during an SSL handshake to resume - * an external operation started by the - * ::mbedtls_ssl_async_sign_t or - * ::mbedtls_ssl_async_decrypt_t callback. - * - * This function typically checks the status of a pending - * request or causes the request queue to make progress, and - * does not wait for the operation to complete. This allows - * the handshake step to be non-blocking. - * - * This function may call mbedtls_ssl_get_async_operation_data() - * to retrieve an operation context set by the start callback. - * It may call mbedtls_ssl_set_async_operation_data() to modify - * this context. - * - * Note that when this function returns a status other than - * #MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS, it must free any - * resources associated with the operation. - * - * \param ssl The SSL connection instance. It should not be - * modified other than via - * mbedtls_ssl_set_async_operation_data(). - * \param output Buffer containing the output (signature or decrypted - * data) on success. - * \param output_len On success, number of bytes written to \p output. - * \param output_size Size of the \p output buffer in bytes. - * - * \return 0 if output of the operation is available in the - * \p output buffer. - * \return #MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS if the operation - * is still in progress. Subsequent requests for progress - * on the SSL connection will call the resume callback - * again. - * \return Any other error means that the operation is aborted. - * The SSL handshake is aborted. The callback should - * use \c MBEDTLS_ERR_PK_xxx error codes, and must not - * use \c MBEDTLS_ERR_SSL_xxx error codes except as - * directed in the documentation of this callback. - */ -typedef int mbedtls_ssl_async_resume_t( mbedtls_ssl_context *ssl, - unsigned char *output, - size_t *output_len, - size_t output_size ); - -/** - * \brief Callback type: cancel external operation. - * - * This callback is called if an SSL connection is closed - * while an asynchronous operation is in progress. Note that - * this callback is not called if the - * ::mbedtls_ssl_async_resume_t callback has run and has - * returned a value other than - * #MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS, since in that case - * the asynchronous operation has already completed. - * - * This function may call mbedtls_ssl_get_async_operation_data() - * to retrieve an operation context set by the start callback. - * - * \param ssl The SSL connection instance. It should not be - * modified. - */ -typedef void mbedtls_ssl_async_cancel_t( mbedtls_ssl_context *ssl ); -#endif /* MBEDTLS_SSL_ASYNC_PRIVATE */ - -#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) && \ - !defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE) -#define MBEDTLS_SSL_PEER_CERT_DIGEST_MAX_LEN 48 -#if defined(MBEDTLS_SHA256_C) -#define MBEDTLS_SSL_PEER_CERT_DIGEST_DFL_TYPE MBEDTLS_MD_SHA256 -#define MBEDTLS_SSL_PEER_CERT_DIGEST_DFL_LEN 32 -#elif defined(MBEDTLS_SHA384_C) -#define MBEDTLS_SSL_PEER_CERT_DIGEST_DFL_TYPE MBEDTLS_MD_SHA384 -#define MBEDTLS_SSL_PEER_CERT_DIGEST_DFL_LEN 48 -#elif defined(MBEDTLS_SHA1_C) -#define MBEDTLS_SSL_PEER_CERT_DIGEST_DFL_TYPE MBEDTLS_MD_SHA1 -#define MBEDTLS_SSL_PEER_CERT_DIGEST_DFL_LEN 20 -#else -/* This is already checked in check_config.h, but be sure. */ -#error "Bad configuration - need SHA-1, SHA-256 or SHA-512 enabled to compute digest of peer CRT." -#endif -#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED && - !MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */ - -#if defined(MBEDTLS_SSL_DTLS_SRTP) - -#define MBEDTLS_TLS_SRTP_MAX_MKI_LENGTH 255 -#define MBEDTLS_TLS_SRTP_MAX_PROFILE_LIST_LENGTH 4 -/* - * For code readability use a typedef for DTLS-SRTP profiles - * - * Use_srtp extension protection profiles values as defined in - * http://www.iana.org/assignments/srtp-protection/srtp-protection.xhtml - * - * Reminder: if this list is expanded mbedtls_ssl_check_srtp_profile_value - * must be updated too. - */ -#define MBEDTLS_TLS_SRTP_AES128_CM_HMAC_SHA1_80 ( (uint16_t) 0x0001) -#define MBEDTLS_TLS_SRTP_AES128_CM_HMAC_SHA1_32 ( (uint16_t) 0x0002) -#define MBEDTLS_TLS_SRTP_NULL_HMAC_SHA1_80 ( (uint16_t) 0x0005) -#define MBEDTLS_TLS_SRTP_NULL_HMAC_SHA1_32 ( (uint16_t) 0x0006) -/* This one is not iana defined, but for code readability. */ -#define MBEDTLS_TLS_SRTP_UNSET ( (uint16_t) 0x0000) - -typedef uint16_t mbedtls_ssl_srtp_profile; - -typedef struct mbedtls_dtls_srtp_info_t -{ - /*! The SRTP profile that was negotiated. */ - mbedtls_ssl_srtp_profile MBEDTLS_PRIVATE(chosen_dtls_srtp_profile); - /*! The length of mki_value. */ - uint16_t MBEDTLS_PRIVATE(mki_len); - /*! The mki_value used, with max size of 256 bytes. */ - unsigned char MBEDTLS_PRIVATE(mki_value)[MBEDTLS_TLS_SRTP_MAX_MKI_LENGTH]; -} -mbedtls_dtls_srtp_info; - -#endif /* MBEDTLS_SSL_DTLS_SRTP */ - -/* - * This structure is used for storing current session data. - * - * Note: when changing this definition, we need to check and update: - * - in tests/suites/test_suite_ssl.function: - * ssl_populate_session() and ssl_serialize_session_save_load() - * - in library/ssl_tls.c: - * mbedtls_ssl_session_init() and mbedtls_ssl_session_free() - * mbedtls_ssl_session_save() and ssl_session_load() - * ssl_session_copy() - */ -struct mbedtls_ssl_session -{ -#if defined(MBEDTLS_HAVE_TIME) - mbedtls_time_t MBEDTLS_PRIVATE(start); /*!< starting time */ -#endif - int MBEDTLS_PRIVATE(ciphersuite); /*!< chosen ciphersuite */ - int MBEDTLS_PRIVATE(compression); /*!< chosen compression */ - size_t MBEDTLS_PRIVATE(id_len); /*!< session id length */ - unsigned char MBEDTLS_PRIVATE(id)[32]; /*!< session identifier */ - unsigned char MBEDTLS_PRIVATE(master)[48]; /*!< the master secret */ - - unsigned char exported; - -#if defined(MBEDTLS_X509_CRT_PARSE_C) -#if defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE) - mbedtls_x509_crt *MBEDTLS_PRIVATE(peer_cert); /*!< peer X.509 cert chain */ -#else /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */ - /*! The digest of the peer's end-CRT. This must be kept to detect CRT - * changes during renegotiation, mitigating the triple handshake attack. */ - unsigned char *MBEDTLS_PRIVATE(peer_cert_digest); - size_t MBEDTLS_PRIVATE(peer_cert_digest_len); - mbedtls_md_type_t MBEDTLS_PRIVATE(peer_cert_digest_type); -#endif /* !MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */ -#endif /* MBEDTLS_X509_CRT_PARSE_C */ - uint32_t MBEDTLS_PRIVATE(verify_result); /*!< verification result */ - -#if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_CLI_C) - unsigned char *MBEDTLS_PRIVATE(ticket); /*!< RFC 5077 session ticket */ - size_t MBEDTLS_PRIVATE(ticket_len); /*!< session ticket length */ - uint32_t MBEDTLS_PRIVATE(ticket_lifetime); /*!< ticket lifetime hint */ -#endif /* MBEDTLS_SSL_SESSION_TICKETS && MBEDTLS_SSL_CLI_C */ - -#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH) - unsigned char MBEDTLS_PRIVATE(mfl_code); /*!< MaxFragmentLength negotiated by peer */ -#endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */ - -#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) - int MBEDTLS_PRIVATE(encrypt_then_mac); /*!< flag for EtM activation */ -#endif -}; - -/* - * Identifiers for PRFs used in various versions of TLS. - */ -typedef enum -{ - MBEDTLS_SSL_TLS_PRF_NONE, - MBEDTLS_SSL_TLS_PRF_SHA384, - MBEDTLS_SSL_TLS_PRF_SHA256, - MBEDTLS_SSL_HKDF_EXPAND_SHA384, - MBEDTLS_SSL_HKDF_EXPAND_SHA256 -} -mbedtls_tls_prf_types; - -#if defined(MBEDTLS_SSL_EXPORT_KEYS) -typedef enum -{ - MBEDTLS_SSL_KEY_EXPORT_TLS12_MASTER_SECRET = 0, -#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL) - MBEDTLS_SSL_KEY_EXPORT_TLS13_CLIENT_EARLY_SECRET, - MBEDTLS_SSL_KEY_EXPORT_TLS13_EARLY_EXPORTER_SECRET, - MBEDTLS_SSL_KEY_EXPORT_TLS13_CLIENT_HANDSHAKE_TRAFFIC_SECRET, - MBEDTLS_SSL_KEY_EXPORT_TLS13_SERVER_HANDSHAKE_TRAFFIC_SECRET, - MBEDTLS_SSL_KEY_EXPORT_TLS13_CLIENT_APPLICATION_TRAFFIC_SECRET, - MBEDTLS_SSL_KEY_EXPORT_TLS13_SERVER_APPLICATION_TRAFFIC_SECRET, -#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */ -} mbedtls_ssl_key_export_type; - -/** - * \brief Callback type: Export key alongside random values for - * session identification, and PRF for - * implementation of TLS key exporters. - * - * \param p_expkey Context for the callback. - * \param type The type of the key that is being exported. - * \param secret The address of the buffer holding the secret - * that's being exporterd. - * \param secret_len The length of \p secret in bytes. - * \param client_random The client random bytes. - * \param server_random The server random bytes. - * \param tls_prf_type The identifier for the PRF used in the handshake - * to which the key belongs. - */ -typedef void mbedtls_ssl_export_keys_t( void *p_expkey, - mbedtls_ssl_key_export_type type, - const unsigned char *secret, - size_t secret_len, - const unsigned char client_random[32], - const unsigned char server_random[32], - mbedtls_tls_prf_types tls_prf_type ); -#endif /* MBEDTLS_SSL_EXPORT_KEYS */ - -/** - * SSL/TLS configuration to be shared between mbedtls_ssl_context structures. - */ -struct mbedtls_ssl_config -{ - /* Group items by size (largest first) to minimize padding overhead */ - - /* - * Pointers - */ - - /** Allowed ciphersuites for (D)TLS 1.2 (0-terminated) */ - const int *MBEDTLS_PRIVATE(ciphersuite_list); - - /** Callback for printing debug output */ - void (*MBEDTLS_PRIVATE(f_dbg))(void *, int, const char *, int, const char *); - void *MBEDTLS_PRIVATE(p_dbg); /*!< context for the debug function */ - - /** Callback for getting (pseudo-)random numbers */ - int (*MBEDTLS_PRIVATE(f_rng))(void *, unsigned char *, size_t); - void *MBEDTLS_PRIVATE(p_rng); /*!< context for the RNG function */ - - /** Callback to retrieve a session from the cache */ - mbedtls_ssl_cache_get_t *MBEDTLS_PRIVATE(f_get_cache); - /** Callback to store a session into the cache */ - mbedtls_ssl_cache_set_t *MBEDTLS_PRIVATE(f_set_cache); - void *MBEDTLS_PRIVATE(p_cache); /*!< context for cache callbacks */ - -#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION) - /** Callback for setting cert according to SNI extension */ - int (*MBEDTLS_PRIVATE(f_sni))(void *, mbedtls_ssl_context *, const unsigned char *, size_t); - void *MBEDTLS_PRIVATE(p_sni); /*!< context for SNI callback */ -#endif - -#if defined(MBEDTLS_X509_CRT_PARSE_C) - /** Callback to customize X.509 certificate chain verification */ - int (*MBEDTLS_PRIVATE(f_vrfy))(void *, mbedtls_x509_crt *, int, uint32_t *); - void *MBEDTLS_PRIVATE(p_vrfy); /*!< context for X.509 verify calllback */ -#endif - -#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED) - /** Callback to retrieve PSK key from identity */ - int (*MBEDTLS_PRIVATE(f_psk))(void *, mbedtls_ssl_context *, const unsigned char *, size_t); - void *MBEDTLS_PRIVATE(p_psk); /*!< context for PSK callback */ -#endif - -#if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY) && defined(MBEDTLS_SSL_SRV_C) - /** Callback to create & write a cookie for ClientHello veirifcation */ - int (*MBEDTLS_PRIVATE(f_cookie_write))( void *, unsigned char **, unsigned char *, - const unsigned char *, size_t ); - /** Callback to verify validity of a ClientHello cookie */ - int (*MBEDTLS_PRIVATE(f_cookie_check))( void *, const unsigned char *, size_t, - const unsigned char *, size_t ); - void *MBEDTLS_PRIVATE(p_cookie); /*!< context for the cookie callbacks */ -#endif - -#if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_SRV_C) - /** Callback to create & write a session ticket */ - int (*MBEDTLS_PRIVATE(f_ticket_write))( void *, const mbedtls_ssl_session *, - unsigned char *, const unsigned char *, size_t *, uint32_t * ); - /** Callback to parse a session ticket into a session structure */ - int (*MBEDTLS_PRIVATE(f_ticket_parse))( void *, mbedtls_ssl_session *, unsigned char *, size_t); - void *MBEDTLS_PRIVATE(p_ticket); /*!< context for the ticket callbacks */ -#endif /* MBEDTLS_SSL_SESSION_TICKETS && MBEDTLS_SSL_SRV_C */ - -#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) - size_t MBEDTLS_PRIVATE(cid_len); /*!< The length of CIDs for incoming DTLS records. */ -#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ - -#if defined(MBEDTLS_X509_CRT_PARSE_C) - const mbedtls_x509_crt_profile *MBEDTLS_PRIVATE(cert_profile); /*!< verification profile */ - mbedtls_ssl_key_cert *MBEDTLS_PRIVATE(key_cert); /*!< own certificate/key pair(s) */ - mbedtls_x509_crt *MBEDTLS_PRIVATE(ca_chain); /*!< trusted CAs */ - mbedtls_x509_crl *MBEDTLS_PRIVATE(ca_crl); /*!< trusted CAs CRLs */ -#if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK) - mbedtls_x509_crt_ca_cb_t MBEDTLS_PRIVATE(f_ca_cb); - void *MBEDTLS_PRIVATE(p_ca_cb); -#endif /* MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK */ -#endif /* MBEDTLS_X509_CRT_PARSE_C */ - -#if defined(MBEDTLS_SSL_ASYNC_PRIVATE) -#if defined(MBEDTLS_X509_CRT_PARSE_C) - mbedtls_ssl_async_sign_t *MBEDTLS_PRIVATE(f_async_sign_start); /*!< start asynchronous signature operation */ - mbedtls_ssl_async_decrypt_t *MBEDTLS_PRIVATE(f_async_decrypt_start); /*!< start asynchronous decryption operation */ -#endif /* MBEDTLS_X509_CRT_PARSE_C */ - mbedtls_ssl_async_resume_t *MBEDTLS_PRIVATE(f_async_resume); /*!< resume asynchronous operation */ - mbedtls_ssl_async_cancel_t *MBEDTLS_PRIVATE(f_async_cancel); /*!< cancel asynchronous operation */ - void *MBEDTLS_PRIVATE(p_async_config_data); /*!< Configuration data set by mbedtls_ssl_conf_async_private_cb(). */ -#endif /* MBEDTLS_SSL_ASYNC_PRIVATE */ - -#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) - const int *MBEDTLS_PRIVATE(sig_hashes); /*!< allowed signature hashes */ -#endif - -#if defined(MBEDTLS_ECP_C) - const mbedtls_ecp_group_id *MBEDTLS_PRIVATE(curve_list); /*!< allowed curves */ -#endif - -#if defined(MBEDTLS_DHM_C) - mbedtls_mpi MBEDTLS_PRIVATE(dhm_P); /*!< prime modulus for DHM */ - mbedtls_mpi MBEDTLS_PRIVATE(dhm_G); /*!< generator for DHM */ -#endif - -#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED) - -#if defined(MBEDTLS_USE_PSA_CRYPTO) - psa_key_id_t MBEDTLS_PRIVATE(psk_opaque); /*!< PSA key slot holding opaque PSK. This field - * should only be set via - * mbedtls_ssl_conf_psk_opaque(). - * If either no PSK or a raw PSK have been - * configured, this has value \c 0. - */ -#endif /* MBEDTLS_USE_PSA_CRYPTO */ - - unsigned char *MBEDTLS_PRIVATE(psk); /*!< The raw pre-shared key. This field should - * only be set via mbedtls_ssl_conf_psk(). - * If either no PSK or an opaque PSK - * have been configured, this has value NULL. */ - size_t MBEDTLS_PRIVATE(psk_len); /*!< The length of the raw pre-shared key. - * This field should only be set via - * mbedtls_ssl_conf_psk(). - * Its value is non-zero if and only if - * \c psk is not \c NULL. */ - - unsigned char *MBEDTLS_PRIVATE(psk_identity); /*!< The PSK identity for PSK negotiation. - * This field should only be set via - * mbedtls_ssl_conf_psk(). - * This is set if and only if either - * \c psk or \c psk_opaque are set. */ - size_t MBEDTLS_PRIVATE(psk_identity_len);/*!< The length of PSK identity. - * This field should only be set via - * mbedtls_ssl_conf_psk(). - * Its value is non-zero if and only if - * \c psk is not \c NULL or \c psk_opaque - * is not \c 0. */ -#endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */ - -#if defined(MBEDTLS_SSL_ALPN) - const char **MBEDTLS_PRIVATE(alpn_list); /*!< ordered list of protocols */ -#endif - -#if defined(MBEDTLS_SSL_DTLS_SRTP) - /*! ordered list of supported srtp profile */ - const mbedtls_ssl_srtp_profile *MBEDTLS_PRIVATE(dtls_srtp_profile_list); - /*! number of supported profiles */ - size_t MBEDTLS_PRIVATE(dtls_srtp_profile_list_len); -#endif /* MBEDTLS_SSL_DTLS_SRTP */ - - /* - * Numerical settings (int then char) - */ - - uint32_t MBEDTLS_PRIVATE(read_timeout); /*!< timeout for mbedtls_ssl_read (ms) */ - -#if defined(MBEDTLS_SSL_PROTO_DTLS) - uint32_t MBEDTLS_PRIVATE(hs_timeout_min); /*!< initial value of the handshake - retransmission timeout (ms) */ - uint32_t MBEDTLS_PRIVATE(hs_timeout_max); /*!< maximum value of the handshake - retransmission timeout (ms) */ -#endif - -#if defined(MBEDTLS_SSL_RENEGOTIATION) - int MBEDTLS_PRIVATE(renego_max_records); /*!< grace period for renegotiation */ - unsigned char MBEDTLS_PRIVATE(renego_period)[8]; /*!< value of the record counters - that triggers renegotiation */ -#endif - - unsigned int MBEDTLS_PRIVATE(badmac_limit); /*!< limit of records with a bad MAC */ - -#if defined(MBEDTLS_DHM_C) && defined(MBEDTLS_SSL_CLI_C) - unsigned int MBEDTLS_PRIVATE(dhm_min_bitlen); /*!< min. bit length of the DHM prime */ -#endif - - unsigned char MBEDTLS_PRIVATE(max_major_ver); /*!< max. major version used */ - unsigned char MBEDTLS_PRIVATE(max_minor_ver); /*!< max. minor version used */ - unsigned char MBEDTLS_PRIVATE(min_major_ver); /*!< min. major version used */ - unsigned char MBEDTLS_PRIVATE(min_minor_ver); /*!< min. minor version used */ - - /* - * Flags (bitfields) - */ - - unsigned int MBEDTLS_PRIVATE(endpoint) : 1; /*!< 0: client, 1: server */ - unsigned int MBEDTLS_PRIVATE(transport) : 1; /*!< stream (TLS) or datagram (DTLS) */ - unsigned int MBEDTLS_PRIVATE(authmode) : 2; /*!< MBEDTLS_SSL_VERIFY_XXX */ - /* needed even with renego disabled for LEGACY_BREAK_HANDSHAKE */ - unsigned int MBEDTLS_PRIVATE(allow_legacy_renegotiation) : 2 ; /*!< MBEDTLS_LEGACY_XXX */ -#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH) - unsigned int MBEDTLS_PRIVATE(mfl_code) : 3; /*!< desired fragment length */ -#endif -#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) - unsigned int MBEDTLS_PRIVATE(encrypt_then_mac) : 1 ; /*!< negotiate encrypt-then-mac? */ -#endif -#if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET) - unsigned int MBEDTLS_PRIVATE(extended_ms) : 1; /*!< negotiate extended master secret? */ -#endif -#if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY) - unsigned int MBEDTLS_PRIVATE(anti_replay) : 1; /*!< detect and prevent replay? */ -#endif -#if defined(MBEDTLS_SSL_RENEGOTIATION) - unsigned int MBEDTLS_PRIVATE(disable_renegotiation) : 1; /*!< disable renegotiation? */ -#endif -#if defined(MBEDTLS_SSL_SESSION_TICKETS) - unsigned int MBEDTLS_PRIVATE(session_tickets) : 1; /*!< use session tickets? */ -#endif -#if defined(MBEDTLS_SSL_SRV_C) - unsigned int MBEDTLS_PRIVATE(cert_req_ca_list) : 1; /*!< enable sending CA list in - Certificate Request messages? */ - unsigned int respect_cli_pref : 1; /*!< pick the ciphersuite according to - the client's preferences rather - than ours */ -#endif -#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) - unsigned int MBEDTLS_PRIVATE(ignore_unexpected_cid) : 1; /*!< Determines whether DTLS - * record with unexpected CID - * should lead to failure. */ -#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ -#if defined(MBEDTLS_SSL_DTLS_SRTP) - unsigned int MBEDTLS_PRIVATE(dtls_srtp_mki_support) : 1; /* support having mki_value - in the use_srtp extension */ -#endif -}; - -struct mbedtls_ssl_context -{ - const mbedtls_ssl_config *MBEDTLS_PRIVATE(conf); /*!< configuration information */ - - /* - * Miscellaneous - */ - int MBEDTLS_PRIVATE(state); /*!< SSL handshake: current state */ -#if defined(MBEDTLS_SSL_RENEGOTIATION) - int MBEDTLS_PRIVATE(renego_status); /*!< Initial, in progress, pending? */ - int MBEDTLS_PRIVATE(renego_records_seen); /*!< Records since renego request, or with DTLS, - number of retransmissions of request if - renego_max_records is < 0 */ -#endif /* MBEDTLS_SSL_RENEGOTIATION */ - - int MBEDTLS_PRIVATE(major_ver); /*!< equal to MBEDTLS_SSL_MAJOR_VERSION_3 */ - int MBEDTLS_PRIVATE(minor_ver); /*!< one of MBEDTLS_SSL_MINOR_VERSION_x macros */ - unsigned MBEDTLS_PRIVATE(badmac_seen); /*!< records with a bad MAC received */ - -#if defined(MBEDTLS_X509_CRT_PARSE_C) - /** Callback to customize X.509 certificate chain verification */ - int (*MBEDTLS_PRIVATE(f_vrfy))(void *, mbedtls_x509_crt *, int, uint32_t *); - void *MBEDTLS_PRIVATE(p_vrfy); /*!< context for X.509 verify callback */ -#endif - - mbedtls_ssl_send_t *MBEDTLS_PRIVATE(f_send); /*!< Callback for network send */ - mbedtls_ssl_recv_t *MBEDTLS_PRIVATE(f_recv); /*!< Callback for network receive */ - mbedtls_ssl_recv_timeout_t *MBEDTLS_PRIVATE(f_recv_timeout); - /*!< Callback for network receive with timeout */ - - void *MBEDTLS_PRIVATE(p_bio); /*!< context for I/O operations */ - - /* - * Session layer - */ - mbedtls_ssl_session *MBEDTLS_PRIVATE(session_in); /*!< current session data (in) */ - mbedtls_ssl_session *MBEDTLS_PRIVATE(session_out); /*!< current session data (out) */ - mbedtls_ssl_session *MBEDTLS_PRIVATE(session); /*!< negotiated session data */ - mbedtls_ssl_session *MBEDTLS_PRIVATE(session_negotiate); /*!< session data in negotiation */ - - mbedtls_ssl_handshake_params *MBEDTLS_PRIVATE(handshake); /*!< params required only during - the handshake process */ - - /* - * Record layer transformations - */ - mbedtls_ssl_transform *MBEDTLS_PRIVATE(transform_in); /*!< current transform params (in) */ - mbedtls_ssl_transform *MBEDTLS_PRIVATE(transform_out); /*!< current transform params (in) */ - mbedtls_ssl_transform *MBEDTLS_PRIVATE(transform); /*!< negotiated transform params */ - mbedtls_ssl_transform *MBEDTLS_PRIVATE(transform_negotiate); /*!< transform params in negotiation */ - - /* - * Timers - */ - void *MBEDTLS_PRIVATE(p_timer); /*!< context for the timer callbacks */ - - mbedtls_ssl_set_timer_t *MBEDTLS_PRIVATE(f_set_timer); /*!< set timer callback */ - mbedtls_ssl_get_timer_t *MBEDTLS_PRIVATE(f_get_timer); /*!< get timer callback */ - - /* - * Record layer (incoming data) - */ - unsigned char *MBEDTLS_PRIVATE(in_buf); /*!< input buffer */ - unsigned char *MBEDTLS_PRIVATE(in_ctr); /*!< 64-bit incoming message counter - TLS: maintained by us - DTLS: read from peer */ - unsigned char *MBEDTLS_PRIVATE(in_hdr); /*!< start of record header */ -#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) - unsigned char *MBEDTLS_PRIVATE(in_cid); /*!< The start of the CID; - * (the end is marked by in_len). */ -#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ - unsigned char *MBEDTLS_PRIVATE(in_len); /*!< two-bytes message length field */ - unsigned char *MBEDTLS_PRIVATE(in_iv); /*!< ivlen-byte IV */ - unsigned char *MBEDTLS_PRIVATE(in_msg); /*!< message contents (in_iv+ivlen) */ - unsigned char *MBEDTLS_PRIVATE(in_offt); /*!< read offset in application data */ - - int MBEDTLS_PRIVATE(in_msgtype); /*!< record header: message type */ - size_t MBEDTLS_PRIVATE(in_msglen); /*!< record header: message length */ - size_t MBEDTLS_PRIVATE(in_left); /*!< amount of data read so far */ -#if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH) - size_t MBEDTLS_PRIVATE(in_buf_len); /*!< length of input buffer */ -#endif -#if defined(MBEDTLS_SSL_PROTO_DTLS) - uint16_t MBEDTLS_PRIVATE(in_epoch); /*!< DTLS epoch for incoming records */ - size_t MBEDTLS_PRIVATE(next_record_offset); /*!< offset of the next record in datagram - (equal to in_left if none) */ -#endif /* MBEDTLS_SSL_PROTO_DTLS */ -#if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY) - uint64_t MBEDTLS_PRIVATE(in_window_top); /*!< last validated record seq_num */ - uint64_t MBEDTLS_PRIVATE(in_window); /*!< bitmask for replay detection */ -#endif /* MBEDTLS_SSL_DTLS_ANTI_REPLAY */ - - size_t MBEDTLS_PRIVATE(in_hslen); /*!< current handshake message length, - including the handshake header */ - int MBEDTLS_PRIVATE(nb_zero); /*!< # of 0-length encrypted messages */ - - int MBEDTLS_PRIVATE(keep_current_message); /*!< drop or reuse current message - on next call to record layer? */ - -#if defined(MBEDTLS_SSL_PROTO_DTLS) - uint8_t MBEDTLS_PRIVATE(disable_datagram_packing); /*!< Disable packing multiple records - * within a single datagram. */ -#endif /* MBEDTLS_SSL_PROTO_DTLS */ - - /* - * Record layer (outgoing data) - */ - unsigned char *MBEDTLS_PRIVATE(out_buf); /*!< output buffer */ - unsigned char *MBEDTLS_PRIVATE(out_ctr); /*!< 64-bit outgoing message counter */ - unsigned char *MBEDTLS_PRIVATE(out_hdr); /*!< start of record header */ -#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) - unsigned char *MBEDTLS_PRIVATE(out_cid); /*!< The start of the CID; - * (the end is marked by in_len). */ -#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ - unsigned char *MBEDTLS_PRIVATE(out_len); /*!< two-bytes message length field */ - unsigned char *MBEDTLS_PRIVATE(out_iv); /*!< ivlen-byte IV */ - unsigned char *MBEDTLS_PRIVATE(out_msg); /*!< message contents (out_iv+ivlen) */ - - int MBEDTLS_PRIVATE(out_msgtype); /*!< record header: message type */ - size_t MBEDTLS_PRIVATE(out_msglen); /*!< record header: message length */ - size_t MBEDTLS_PRIVATE(out_left); /*!< amount of data not yet written */ -#if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH) - size_t MBEDTLS_PRIVATE(out_buf_len); /*!< length of output buffer */ -#endif - - unsigned char MBEDTLS_PRIVATE(cur_out_ctr)[8]; /*!< Outgoing record sequence number. */ - -#if defined(MBEDTLS_SSL_PROTO_DTLS) - uint16_t MBEDTLS_PRIVATE(mtu); /*!< path mtu, used to fragment outgoing messages */ -#endif /* MBEDTLS_SSL_PROTO_DTLS */ - - /* - * PKI layer - */ - int MBEDTLS_PRIVATE(client_auth); /*!< flag for client auth. */ - - /* - * User settings - */ -#if defined(MBEDTLS_X509_CRT_PARSE_C) - char *MBEDTLS_PRIVATE(hostname); /*!< expected peer CN for verification - (and SNI if available) */ -#endif /* MBEDTLS_X509_CRT_PARSE_C */ - -#if defined(MBEDTLS_SSL_ALPN) - const char *MBEDTLS_PRIVATE(alpn_chosen); /*!< negotiated protocol */ -#endif /* MBEDTLS_SSL_ALPN */ - -#if defined(MBEDTLS_SSL_DTLS_SRTP) - /* - * use_srtp extension - */ - mbedtls_dtls_srtp_info MBEDTLS_PRIVATE(dtls_srtp_info); -#endif /* MBEDTLS_SSL_DTLS_SRTP */ - - /* - * Information for DTLS hello verify - */ -#if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY) && defined(MBEDTLS_SSL_SRV_C) - unsigned char *MBEDTLS_PRIVATE(cli_id); /*!< transport-level ID of the client */ - size_t MBEDTLS_PRIVATE(cli_id_len); /*!< length of cli_id */ -#endif /* MBEDTLS_SSL_DTLS_HELLO_VERIFY && MBEDTLS_SSL_SRV_C */ - - /* - * Secure renegotiation - */ - /* needed to know when to send extension on server */ - int MBEDTLS_PRIVATE(secure_renegotiation); /*!< does peer support legacy or - secure renegotiation */ -#if defined(MBEDTLS_SSL_RENEGOTIATION) - size_t MBEDTLS_PRIVATE(verify_data_len); /*!< length of verify data stored */ - char MBEDTLS_PRIVATE(own_verify_data)[MBEDTLS_SSL_VERIFY_DATA_MAX_LEN]; /*!< previous handshake verify data */ - char MBEDTLS_PRIVATE(peer_verify_data)[MBEDTLS_SSL_VERIFY_DATA_MAX_LEN]; /*!< previous handshake verify data */ -#endif /* MBEDTLS_SSL_RENEGOTIATION */ - -#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) - /* CID configuration to use in subsequent handshakes. */ - - /*! The next incoming CID, chosen by the user and applying to - * all subsequent handshakes. This may be different from the - * CID currently used in case the user has re-configured the CID - * after an initial handshake. */ - unsigned char MBEDTLS_PRIVATE(own_cid)[ MBEDTLS_SSL_CID_IN_LEN_MAX ]; - uint8_t MBEDTLS_PRIVATE(own_cid_len); /*!< The length of \c own_cid. */ - uint8_t MBEDTLS_PRIVATE(negotiate_cid); /*!< This indicates whether the CID extension should - * be negotiated in the next handshake or not. - * Possible values are #MBEDTLS_SSL_CID_ENABLED - * and #MBEDTLS_SSL_CID_DISABLED. */ -#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ - -#if defined(MBEDTLS_SSL_EXPORT_KEYS) - /** Callback to export key block and master secret */ - mbedtls_ssl_export_keys_t *MBEDTLS_PRIVATE(f_export_keys); - void *MBEDTLS_PRIVATE(p_export_keys); /*!< context for key export callback */ -#endif -}; - -/** - * \brief Return the name of the ciphersuite associated with the - * given ID - * - * \param ciphersuite_id SSL ciphersuite ID - * - * \return a string containing the ciphersuite name - */ -const char *mbedtls_ssl_get_ciphersuite_name( const int ciphersuite_id ); - -/** - * \brief Return the ID of the ciphersuite associated with the - * given name - * - * \param ciphersuite_name SSL ciphersuite name - * - * \return the ID with the ciphersuite or 0 if not found - */ -int mbedtls_ssl_get_ciphersuite_id( const char *ciphersuite_name ); - -/** - * \brief Initialize an SSL context - * Just makes the context ready for mbedtls_ssl_setup() or - * mbedtls_ssl_free() - * - * \param ssl SSL context - */ -void mbedtls_ssl_init( mbedtls_ssl_context *ssl ); - -/** - * \brief Set up an SSL context for use - * - * \note No copy of the configuration context is made, it can be - * shared by many mbedtls_ssl_context structures. - * - * \warning The conf structure will be accessed during the session. - * It must not be modified or freed as long as the session - * is active. - * - * \warning This function must be called exactly once per context. - * Calling mbedtls_ssl_setup again is not supported, even - * if no session is active. - * - * \param ssl SSL context - * \param conf SSL configuration to use - * - * \return 0 if successful, or MBEDTLS_ERR_SSL_ALLOC_FAILED if - * memory allocation failed - */ -int mbedtls_ssl_setup( mbedtls_ssl_context *ssl, - const mbedtls_ssl_config *conf ); - -/** - * \brief Reset an already initialized SSL context for re-use - * while retaining application-set variables, function - * pointers and data. - * - * \param ssl SSL context - * \return 0 if successful, or MBEDTLS_ERR_SSL_ALLOC_FAILED or - MBEDTLS_ERR_SSL_HW_ACCEL_FAILED - */ -int mbedtls_ssl_session_reset( mbedtls_ssl_context *ssl ); - -/** - * \brief Set the current endpoint type - * - * \param conf SSL configuration - * \param endpoint must be MBEDTLS_SSL_IS_CLIENT or MBEDTLS_SSL_IS_SERVER - */ -void mbedtls_ssl_conf_endpoint( mbedtls_ssl_config *conf, int endpoint ); - -/** - * \brief Set the transport type (TLS or DTLS). - * Default: TLS - * - * \note For DTLS, you must either provide a recv callback that - * doesn't block, or one that handles timeouts, see - * \c mbedtls_ssl_set_bio(). You also need to provide timer - * callbacks with \c mbedtls_ssl_set_timer_cb(). - * - * \param conf SSL configuration - * \param transport transport type: - * MBEDTLS_SSL_TRANSPORT_STREAM for TLS, - * MBEDTLS_SSL_TRANSPORT_DATAGRAM for DTLS. - */ -void mbedtls_ssl_conf_transport( mbedtls_ssl_config *conf, int transport ); - -/** - * \brief Set the certificate verification mode - * Default: NONE on server, REQUIRED on client - * - * \param conf SSL configuration - * \param authmode can be: - * - * MBEDTLS_SSL_VERIFY_NONE: peer certificate is not checked - * (default on server) - * (insecure on client) - * - * MBEDTLS_SSL_VERIFY_OPTIONAL: peer certificate is checked, however the - * handshake continues even if verification failed; - * mbedtls_ssl_get_verify_result() can be called after the - * handshake is complete. - * - * MBEDTLS_SSL_VERIFY_REQUIRED: peer *must* present a valid certificate, - * handshake is aborted if verification failed. - * (default on client) - * - * \note On client, MBEDTLS_SSL_VERIFY_REQUIRED is the recommended mode. - * With MBEDTLS_SSL_VERIFY_OPTIONAL, the user needs to call mbedtls_ssl_get_verify_result() at - * the right time(s), which may not be obvious, while REQUIRED always perform - * the verification as soon as possible. For example, REQUIRED was protecting - * against the "triple handshake" attack even before it was found. - */ -void mbedtls_ssl_conf_authmode( mbedtls_ssl_config *conf, int authmode ); - -#if defined(MBEDTLS_X509_CRT_PARSE_C) -/** - * \brief Set the verification callback (Optional). - * - * If set, the provided verify callback is called for each - * certificate in the peer's CRT chain, including the trusted - * root. For more information, please see the documentation of - * \c mbedtls_x509_crt_verify(). - * - * \note For per context callbacks and contexts, please use - * mbedtls_ssl_set_verify() instead. - * - * \param conf The SSL configuration to use. - * \param f_vrfy The verification callback to use during CRT verification. - * \param p_vrfy The opaque context to be passed to the callback. - */ -void mbedtls_ssl_conf_verify( mbedtls_ssl_config *conf, - int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *), - void *p_vrfy ); -#endif /* MBEDTLS_X509_CRT_PARSE_C */ - -/** - * \brief Set the random number generator callback - * - * \param conf SSL configuration - * \param f_rng RNG function (mandatory) - * \param p_rng RNG parameter - */ -void mbedtls_ssl_conf_rng( mbedtls_ssl_config *conf, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng ); - -/** - * \brief Set the debug callback - * - * The callback has the following argument: - * void * opaque context for the callback - * int debug level - * const char * file name - * int line number - * const char * message - * - * \param conf SSL configuration - * \param f_dbg debug function - * \param p_dbg debug parameter - */ -void mbedtls_ssl_conf_dbg( mbedtls_ssl_config *conf, - void (*f_dbg)(void *, int, const char *, int, const char *), - void *p_dbg ); - -/** - * \brief Set the underlying BIO callbacks for write, read and - * read-with-timeout. - * - * \param ssl SSL context - * \param p_bio parameter (context) shared by BIO callbacks - * \param f_send write callback - * \param f_recv read callback - * \param f_recv_timeout blocking read callback with timeout. - * - * \note One of f_recv or f_recv_timeout can be NULL, in which case - * the other is used. If both are non-NULL, f_recv_timeout is - * used and f_recv is ignored (as if it were NULL). - * - * \note The two most common use cases are: - * - non-blocking I/O, f_recv != NULL, f_recv_timeout == NULL - * - blocking I/O, f_recv == NULL, f_recv_timout != NULL - * - * \note For DTLS, you need to provide either a non-NULL - * f_recv_timeout callback, or a f_recv that doesn't block. - * - * \note See the documentations of \c mbedtls_ssl_send_t, - * \c mbedtls_ssl_recv_t and \c mbedtls_ssl_recv_timeout_t for - * the conventions those callbacks must follow. - * - * \note On some platforms, net_sockets.c provides - * \c mbedtls_net_send(), \c mbedtls_net_recv() and - * \c mbedtls_net_recv_timeout() that are suitable to be used - * here. - */ -void mbedtls_ssl_set_bio( mbedtls_ssl_context *ssl, - void *p_bio, - mbedtls_ssl_send_t *f_send, - mbedtls_ssl_recv_t *f_recv, - mbedtls_ssl_recv_timeout_t *f_recv_timeout ); - -#if defined(MBEDTLS_SSL_PROTO_DTLS) - -#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) - - -/** - * \brief Configure the use of the Connection ID (CID) - * extension in the next handshake. - * - * Reference: draft-ietf-tls-dtls-connection-id-05 - * https://tools.ietf.org/html/draft-ietf-tls-dtls-connection-id-05 - * - * The DTLS CID extension allows the reliable association of - * DTLS records to DTLS connections across changes in the - * underlying transport (changed IP and Port metadata) by - * adding explicit connection identifiers (CIDs) to the - * headers of encrypted DTLS records. The desired CIDs are - * configured by the application layer and are exchanged in - * new `ClientHello` / `ServerHello` extensions during the - * handshake, where each side indicates the CID it wants the - * peer to use when writing encrypted messages. The CIDs are - * put to use once records get encrypted: the stack discards - * any incoming records that don't include the configured CID - * in their header, and adds the peer's requested CID to the - * headers of outgoing messages. - * - * This API enables or disables the use of the CID extension - * in the next handshake and sets the value of the CID to - * be used for incoming messages. - * - * \param ssl The SSL context to configure. This must be initialized. - * \param enable This value determines whether the CID extension should - * be used or not. Possible values are: - * - MBEDTLS_SSL_CID_ENABLED to enable the use of the CID. - * - MBEDTLS_SSL_CID_DISABLED (default) to disable the use - * of the CID. - * \param own_cid The address of the readable buffer holding the CID we want - * the peer to use when sending encrypted messages to us. - * This may be \c NULL if \p own_cid_len is \c 0. - * This parameter is unused if \p enabled is set to - * MBEDTLS_SSL_CID_DISABLED. - * \param own_cid_len The length of \p own_cid. - * This parameter is unused if \p enabled is set to - * MBEDTLS_SSL_CID_DISABLED. - * - * \note The value of \p own_cid_len must match the value of the - * \c len parameter passed to mbedtls_ssl_conf_cid() - * when configuring the ::mbedtls_ssl_config that \p ssl - * is bound to. - * - * \note This CID configuration applies to subsequent handshakes - * performed on the SSL context \p ssl, but does not trigger - * one. You still have to call `mbedtls_ssl_handshake()` - * (for the initial handshake) or `mbedtls_ssl_renegotiate()` - * (for a renegotiation handshake) explicitly after a - * successful call to this function to run the handshake. - * - * \note This call cannot guarantee that the use of the CID - * will be successfully negotiated in the next handshake, - * because the peer might not support it. Specifically: - * - On the Client, enabling the use of the CID through - * this call implies that the `ClientHello` in the next - * handshake will include the CID extension, thereby - * offering the use of the CID to the server. Only if - * the `ServerHello` contains the CID extension, too, - * the CID extension will actually be put to use. - * - On the Server, enabling the use of the CID through - * this call implies that that the server will look for - * the CID extension in a `ClientHello` from the client, - * and, if present, reply with a CID extension in its - * `ServerHello`. - * - * \note To check whether the use of the CID was negotiated - * after the subsequent handshake has completed, please - * use the API mbedtls_ssl_get_peer_cid(). - * - * \warning If the use of the CID extension is enabled in this call - * and the subsequent handshake negotiates its use, Mbed TLS - * will silently drop every packet whose CID does not match - * the CID configured in \p own_cid. It is the responsibility - * of the user to adapt the underlying transport to take care - * of CID-based demultiplexing before handing datagrams to - * Mbed TLS. - * - * \return \c 0 on success. In this case, the CID configuration - * applies to the next handshake. - * \return A negative error code on failure. - */ -int mbedtls_ssl_set_cid( mbedtls_ssl_context *ssl, - int enable, - unsigned char const *own_cid, - size_t own_cid_len ); - -/** - * \brief Get information about the use of the CID extension - * in the current connection. - * - * \param ssl The SSL context to query. - * \param enabled The address at which to store whether the CID extension - * is currently in use or not. If the CID is in use, - * `*enabled` is set to MBEDTLS_SSL_CID_ENABLED; - * otherwise, it is set to MBEDTLS_SSL_CID_DISABLED. - * \param peer_cid The address of the buffer in which to store the CID - * chosen by the peer (if the CID extension is used). - * This may be \c NULL in case the value of peer CID - * isn't needed. If it is not \c NULL, \p peer_cid_len - * must not be \c NULL. - * \param peer_cid_len The address at which to store the size of the CID - * chosen by the peer (if the CID extension is used). - * This is also the number of Bytes in \p peer_cid that - * have been written. - * This may be \c NULL in case the length of the peer CID - * isn't needed. If it is \c NULL, \p peer_cid must be - * \c NULL, too. - * - * \note This applies to the state of the CID negotiated in - * the last complete handshake. If a handshake is in - * progress, this function will attempt to complete - * the handshake first. - * - * \note If CID extensions have been exchanged but both client - * and server chose to use an empty CID, this function - * sets `*enabled` to #MBEDTLS_SSL_CID_DISABLED - * (the rationale for this is that the resulting - * communication is the same as if the CID extensions - * hadn't been used). - * - * \return \c 0 on success. - * \return A negative error code on failure. - */ -int mbedtls_ssl_get_peer_cid( mbedtls_ssl_context *ssl, - int *enabled, - unsigned char peer_cid[ MBEDTLS_SSL_CID_OUT_LEN_MAX ], - size_t *peer_cid_len ); - -#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ - -/** - * \brief Set the Maximum Tranport Unit (MTU). - * Special value: 0 means unset (no limit). - * This represents the maximum size of a datagram payload - * handled by the transport layer (usually UDP) as determined - * by the network link and stack. In practice, this controls - * the maximum size datagram the DTLS layer will pass to the - * \c f_send() callback set using \c mbedtls_ssl_set_bio(). - * - * \note The limit on datagram size is converted to a limit on - * record payload by subtracting the current overhead of - * encapsulation and encryption/authentication if any. - * - * \note This can be called at any point during the connection, for - * example when a Path Maximum Transfer Unit (PMTU) - * estimate becomes available from other sources, - * such as lower (or higher) protocol layers. - * - * \note This setting only controls the size of the packets we send, - * and does not restrict the size of the datagrams we're - * willing to receive. Client-side, you can request the - * server to use smaller records with \c - * mbedtls_ssl_conf_max_frag_len(). - * - * \note If both a MTU and a maximum fragment length have been - * configured (or negotiated with the peer), the resulting - * lower limit on record payload (see first note) is used. - * - * \note This can only be used to decrease the maximum size - * of datagrams (hence records, see first note) sent. It - * cannot be used to increase the maximum size of records over - * the limit set by #MBEDTLS_SSL_OUT_CONTENT_LEN. - * - * \note Values lower than the current record layer expansion will - * result in an error when trying to send data. - * - * \param ssl SSL context - * \param mtu Value of the path MTU in bytes - */ -void mbedtls_ssl_set_mtu( mbedtls_ssl_context *ssl, uint16_t mtu ); -#endif /* MBEDTLS_SSL_PROTO_DTLS */ - -#if defined(MBEDTLS_X509_CRT_PARSE_C) -/** - * \brief Set a connection-specific verification callback (optional). - * - * If set, the provided verify callback is called for each - * certificate in the peer's CRT chain, including the trusted - * root. For more information, please see the documentation of - * \c mbedtls_x509_crt_verify(). - * - * \note This call is analogous to mbedtls_ssl_conf_verify() but - * binds the verification callback and context to an SSL context - * as opposed to an SSL configuration. - * If mbedtls_ssl_conf_verify() and mbedtls_ssl_set_verify() - * are both used, mbedtls_ssl_set_verify() takes precedence. - * - * \param ssl The SSL context to use. - * \param f_vrfy The verification callback to use during CRT verification. - * \param p_vrfy The opaque context to be passed to the callback. - */ -void mbedtls_ssl_set_verify( mbedtls_ssl_context *ssl, - int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *), - void *p_vrfy ); -#endif /* MBEDTLS_X509_CRT_PARSE_C */ - -/** - * \brief Set the timeout period for mbedtls_ssl_read() - * (Default: no timeout.) - * - * \param conf SSL configuration context - * \param timeout Timeout value in milliseconds. - * Use 0 for no timeout (default). - * - * \note With blocking I/O, this will only work if a non-NULL - * \c f_recv_timeout was set with \c mbedtls_ssl_set_bio(). - * With non-blocking I/O, this will only work if timer - * callbacks were set with \c mbedtls_ssl_set_timer_cb(). - * - * \note With non-blocking I/O, you may also skip this function - * altogether and handle timeouts at the application layer. - */ -void mbedtls_ssl_conf_read_timeout( mbedtls_ssl_config *conf, uint32_t timeout ); - -/** - * \brief Check whether a buffer contains a valid and authentic record - * that has not been seen before. (DTLS only). - * - * This function does not change the user-visible state - * of the SSL context. Its sole purpose is to provide - * an indication of the legitimacy of an incoming record. - * - * This can be useful e.g. in distributed server environments - * using the DTLS Connection ID feature, in which connections - * might need to be passed between service instances on a change - * of peer address, but where such disruptive operations should - * only happen after the validity of incoming records has been - * confirmed. - * - * \param ssl The SSL context to use. - * \param buf The address of the buffer holding the record to be checked. - * This must be a read/write buffer of length \p buflen Bytes. - * \param buflen The length of \p buf in Bytes. - * - * \note This routine only checks whether the provided buffer begins - * with a valid and authentic record that has not been seen - * before, but does not check potential data following the - * initial record. In particular, it is possible to pass DTLS - * datagrams containing multiple records, in which case only - * the first record is checked. - * - * \note This function modifies the input buffer \p buf. If you need - * to preserve the original record, you have to maintain a copy. - * - * \return \c 0 if the record is valid and authentic and has not been - * seen before. - * \return MBEDTLS_ERR_SSL_INVALID_MAC if the check completed - * successfully but the record was found to be not authentic. - * \return MBEDTLS_ERR_SSL_INVALID_RECORD if the check completed - * successfully but the record was found to be invalid for - * a reason different from authenticity checking. - * \return MBEDTLS_ERR_SSL_UNEXPECTED_RECORD if the check completed - * successfully but the record was found to be unexpected - * in the state of the SSL context, including replayed records. - * \return Another negative error code on different kinds of failure. - * In this case, the SSL context becomes unusable and needs - * to be freed or reset before reuse. - */ -int mbedtls_ssl_check_record( mbedtls_ssl_context const *ssl, - unsigned char *buf, - size_t buflen ); - -/** - * \brief Set the timer callbacks (Mandatory for DTLS.) - * - * \param ssl SSL context - * \param p_timer parameter (context) shared by timer callbacks - * \param f_set_timer set timer callback - * \param f_get_timer get timer callback. Must return: - * - * \note See the documentation of \c mbedtls_ssl_set_timer_t and - * \c mbedtls_ssl_get_timer_t for the conventions this pair of - * callbacks must follow. - * - * \note On some platforms, timing.c provides - * \c mbedtls_timing_set_delay() and - * \c mbedtls_timing_get_delay() that are suitable for using - * here, except if using an event-driven style. - * - * \note See also the "DTLS tutorial" article in our knowledge base. - * https://tls.mbed.org/kb/how-to/dtls-tutorial - */ -void mbedtls_ssl_set_timer_cb( mbedtls_ssl_context *ssl, - void *p_timer, - mbedtls_ssl_set_timer_t *f_set_timer, - mbedtls_ssl_get_timer_t *f_get_timer ); - -/** - * \brief Callback type: generate and write session ticket - * - * \note This describes what a callback implementation should do. - * This callback should generate an encrypted and - * authenticated ticket for the session and write it to the - * output buffer. Here, ticket means the opaque ticket part - * of the NewSessionTicket structure of RFC 5077. - * - * \param p_ticket Context for the callback - * \param session SSL session to be written in the ticket - * \param start Start of the output buffer - * \param end End of the output buffer - * \param tlen On exit, holds the length written - * \param lifetime On exit, holds the lifetime of the ticket in seconds - * - * \return 0 if successful, or - * a specific MBEDTLS_ERR_XXX code. - */ -typedef int mbedtls_ssl_ticket_write_t( void *p_ticket, - const mbedtls_ssl_session *session, - unsigned char *start, - const unsigned char *end, - size_t *tlen, - uint32_t *lifetime ); - -/** - * \brief Callback type: parse and load session ticket - * - * \note This describes what a callback implementation should do. - * This callback should parse a session ticket as generated - * by the corresponding mbedtls_ssl_ticket_write_t function, - * and, if the ticket is authentic and valid, load the - * session. - * - * \note The implementation is allowed to modify the first len - * bytes of the input buffer, eg to use it as a temporary - * area for the decrypted ticket contents. - * - * \param p_ticket Context for the callback - * \param session SSL session to be loaded - * \param buf Start of the buffer containing the ticket - * \param len Length of the ticket. - * - * \return 0 if successful, or - * MBEDTLS_ERR_SSL_INVALID_MAC if not authentic, or - * MBEDTLS_ERR_SSL_SESSION_TICKET_EXPIRED if expired, or - * any other non-zero code for other failures. - */ -typedef int mbedtls_ssl_ticket_parse_t( void *p_ticket, - mbedtls_ssl_session *session, - unsigned char *buf, - size_t len ); - -#if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_SRV_C) -/** - * \brief Configure SSL session ticket callbacks (server only). - * (Default: none.) - * - * \note On server, session tickets are enabled by providing - * non-NULL callbacks. - * - * \note On client, use \c mbedtls_ssl_conf_session_tickets(). - * - * \param conf SSL configuration context - * \param f_ticket_write Callback for writing a ticket - * \param f_ticket_parse Callback for parsing a ticket - * \param p_ticket Context shared by the two callbacks - */ -void mbedtls_ssl_conf_session_tickets_cb( mbedtls_ssl_config *conf, - mbedtls_ssl_ticket_write_t *f_ticket_write, - mbedtls_ssl_ticket_parse_t *f_ticket_parse, - void *p_ticket ); -#endif /* MBEDTLS_SSL_SESSION_TICKETS && MBEDTLS_SSL_SRV_C */ - -#if defined(MBEDTLS_SSL_EXPORT_KEYS) -/** - * \brief Configure a key export callback. - * (Default: none.) - * - * This API can be used for two purposes: - * - Debugging: Use this API to e.g. generate an NSSKeylog - * file and use it to inspect encrypted traffic in tools - * such as Wireshark. - * - Application-specific export: Use this API to implement - * key exporters, e.g. for EAP-TLS or DTLS-SRTP. - * - * - * \param ssl The SSL context to which the export - * callback should be attached. - * \param f_export_keys The callback for the key export. - * \param p_export_keys The opaque context pointer to be passed to the - * callback \p f_export_keys. - */ -void mbedtls_ssl_set_export_keys_cb( mbedtls_ssl_context *ssl, - mbedtls_ssl_export_keys_t *f_export_keys, - void *p_export_keys ); -#endif /* MBEDTLS_SSL_EXPORT_KEYS */ - -#if defined(MBEDTLS_SSL_ASYNC_PRIVATE) -/** - * \brief Configure asynchronous private key operation callbacks. - * - * \param conf SSL configuration context - * \param f_async_sign Callback to start a signature operation. See - * the description of ::mbedtls_ssl_async_sign_t - * for more information. This may be \c NULL if the - * external processor does not support any signature - * operation; in this case the private key object - * associated with the certificate will be used. - * \param f_async_decrypt Callback to start a decryption operation. See - * the description of ::mbedtls_ssl_async_decrypt_t - * for more information. This may be \c NULL if the - * external processor does not support any decryption - * operation; in this case the private key object - * associated with the certificate will be used. - * \param f_async_resume Callback to resume an asynchronous operation. See - * the description of ::mbedtls_ssl_async_resume_t - * for more information. This may not be \c NULL unless - * \p f_async_sign and \p f_async_decrypt are both - * \c NULL. - * \param f_async_cancel Callback to cancel an asynchronous operation. See - * the description of ::mbedtls_ssl_async_cancel_t - * for more information. This may be \c NULL if - * no cleanup is needed. - * \param config_data A pointer to configuration data which can be - * retrieved with - * mbedtls_ssl_conf_get_async_config_data(). The - * library stores this value without dereferencing it. - */ -void mbedtls_ssl_conf_async_private_cb( mbedtls_ssl_config *conf, - mbedtls_ssl_async_sign_t *f_async_sign, - mbedtls_ssl_async_decrypt_t *f_async_decrypt, - mbedtls_ssl_async_resume_t *f_async_resume, - mbedtls_ssl_async_cancel_t *f_async_cancel, - void *config_data ); - -/** - * \brief Retrieve the configuration data set by - * mbedtls_ssl_conf_async_private_cb(). - * - * \param conf SSL configuration context - * \return The configuration data set by - * mbedtls_ssl_conf_async_private_cb(). - */ -void *mbedtls_ssl_conf_get_async_config_data( const mbedtls_ssl_config *conf ); - -/** - * \brief Retrieve the asynchronous operation user context. - * - * \note This function may only be called while a handshake - * is in progress. - * - * \param ssl The SSL context to access. - * - * \return The asynchronous operation user context that was last - * set during the current handshake. If - * mbedtls_ssl_set_async_operation_data() has not yet been - * called during the current handshake, this function returns - * \c NULL. - */ -void *mbedtls_ssl_get_async_operation_data( const mbedtls_ssl_context *ssl ); - -/** - * \brief Retrieve the asynchronous operation user context. - * - * \note This function may only be called while a handshake - * is in progress. - * - * \param ssl The SSL context to access. - * \param ctx The new value of the asynchronous operation user context. - * Call mbedtls_ssl_get_async_operation_data() later during the - * same handshake to retrieve this value. - */ -void mbedtls_ssl_set_async_operation_data( mbedtls_ssl_context *ssl, - void *ctx ); -#endif /* MBEDTLS_SSL_ASYNC_PRIVATE */ - -/** - * \brief Callback type: generate a cookie - * - * \param ctx Context for the callback - * \param p Buffer to write to, - * must be updated to point right after the cookie - * \param end Pointer to one past the end of the output buffer - * \param info Client ID info that was passed to - * \c mbedtls_ssl_set_client_transport_id() - * \param ilen Length of info in bytes - * - * \return The callback must return 0 on success, - * or a negative error code. - */ -typedef int mbedtls_ssl_cookie_write_t( void *ctx, - unsigned char **p, unsigned char *end, - const unsigned char *info, size_t ilen ); - -/** - * \brief Callback type: verify a cookie - * - * \param ctx Context for the callback - * \param cookie Cookie to verify - * \param clen Length of cookie - * \param info Client ID info that was passed to - * \c mbedtls_ssl_set_client_transport_id() - * \param ilen Length of info in bytes - * - * \return The callback must return 0 if cookie is valid, - * or a negative error code. - */ -typedef int mbedtls_ssl_cookie_check_t( void *ctx, - const unsigned char *cookie, size_t clen, - const unsigned char *info, size_t ilen ); - -#if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY) && defined(MBEDTLS_SSL_SRV_C) -/** - * \brief Register callbacks for DTLS cookies - * (Server only. DTLS only.) - * - * Default: dummy callbacks that fail, in order to force you to - * register working callbacks (and initialize their context). - * - * To disable HelloVerifyRequest, register NULL callbacks. - * - * \warning Disabling hello verification allows your server to be used - * for amplification in DoS attacks against other hosts. - * Only disable if you known this can't happen in your - * particular environment. - * - * \note See comments on \c mbedtls_ssl_handshake() about handling - * the MBEDTLS_ERR_SSL_HELLO_VERIFY_REQUIRED that is expected - * on the first handshake attempt when this is enabled. - * - * \note This is also necessary to handle client reconnection from - * the same port as described in RFC 6347 section 4.2.8 (only - * the variant with cookies is supported currently). See - * comments on \c mbedtls_ssl_read() for details. - * - * \param conf SSL configuration - * \param f_cookie_write Cookie write callback - * \param f_cookie_check Cookie check callback - * \param p_cookie Context for both callbacks - */ -void mbedtls_ssl_conf_dtls_cookies( mbedtls_ssl_config *conf, - mbedtls_ssl_cookie_write_t *f_cookie_write, - mbedtls_ssl_cookie_check_t *f_cookie_check, - void *p_cookie ); - -/** - * \brief Set client's transport-level identification info. - * (Server only. DTLS only.) - * - * This is usually the IP address (and port), but could be - * anything identify the client depending on the underlying - * network stack. Used for HelloVerifyRequest with DTLS. - * This is *not* used to route the actual packets. - * - * \param ssl SSL context - * \param info Transport-level info identifying the client (eg IP + port) - * \param ilen Length of info in bytes - * - * \note An internal copy is made, so the info buffer can be reused. - * - * \return 0 on success, - * MBEDTLS_ERR_SSL_BAD_INPUT_DATA if used on client, - * MBEDTLS_ERR_SSL_ALLOC_FAILED if out of memory. - */ -int mbedtls_ssl_set_client_transport_id( mbedtls_ssl_context *ssl, - const unsigned char *info, - size_t ilen ); - -#endif /* MBEDTLS_SSL_DTLS_HELLO_VERIFY && MBEDTLS_SSL_SRV_C */ - -#if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY) -/** - * \brief Enable or disable anti-replay protection for DTLS. - * (DTLS only, no effect on TLS.) - * Default: enabled. - * - * \param conf SSL configuration - * \param mode MBEDTLS_SSL_ANTI_REPLAY_ENABLED or MBEDTLS_SSL_ANTI_REPLAY_DISABLED. - * - * \warning Disabling this is a security risk unless the application - * protocol handles duplicated packets in a safe way. You - * should not disable this without careful consideration. - * However, if your application already detects duplicated - * packets and needs information about them to adjust its - * transmission strategy, then you'll want to disable this. - */ -void mbedtls_ssl_conf_dtls_anti_replay( mbedtls_ssl_config *conf, char mode ); -#endif /* MBEDTLS_SSL_DTLS_ANTI_REPLAY */ - -/** - * \brief Set a limit on the number of records with a bad MAC - * before terminating the connection. - * (DTLS only, no effect on TLS.) - * Default: 0 (disabled). - * - * \param conf SSL configuration - * \param limit Limit, or 0 to disable. - * - * \note If the limit is N, then the connection is terminated when - * the Nth non-authentic record is seen. - * - * \note Records with an invalid header are not counted, only the - * ones going through the authentication-decryption phase. - * - * \note This is a security trade-off related to the fact that it's - * often relatively easy for an active attacker ot inject UDP - * datagrams. On one hand, setting a low limit here makes it - * easier for such an attacker to forcibly terminated a - * connection. On the other hand, a high limit or no limit - * might make us waste resources checking authentication on - * many bogus packets. - */ -void mbedtls_ssl_conf_dtls_badmac_limit( mbedtls_ssl_config *conf, unsigned limit ); - -#if defined(MBEDTLS_SSL_PROTO_DTLS) - -/** - * \brief Allow or disallow packing of multiple handshake records - * within a single datagram. - * - * \param ssl The SSL context to configure. - * \param allow_packing This determines whether datagram packing may - * be used or not. A value of \c 0 means that every - * record will be sent in a separate datagram; a - * value of \c 1 means that, if space permits, - * multiple handshake messages (including CCS) belonging to - * a single flight may be packed within a single datagram. - * - * \note This is enabled by default and should only be disabled - * for test purposes, or if datagram packing causes - * interoperability issues with peers that don't support it. - * - * \note Allowing datagram packing reduces the network load since - * there's less overhead if multiple messages share the same - * datagram. Also, it increases the handshake efficiency - * since messages belonging to a single datagram will not - * be reordered in transit, and so future message buffering - * or flight retransmission (if no buffering is used) as - * means to deal with reordering are needed less frequently. - * - * \note Application records are not affected by this option and - * are currently always sent in separate datagrams. - * - */ -void mbedtls_ssl_set_datagram_packing( mbedtls_ssl_context *ssl, - unsigned allow_packing ); - -/** - * \brief Set retransmit timeout values for the DTLS handshake. - * (DTLS only, no effect on TLS.) - * - * \param conf SSL configuration - * \param min Initial timeout value in milliseconds. - * Default: 1000 (1 second). - * \param max Maximum timeout value in milliseconds. - * Default: 60000 (60 seconds). - * - * \note Default values are from RFC 6347 section 4.2.4.1. - * - * \note The 'min' value should typically be slightly above the - * expected round-trip time to your peer, plus whatever time - * it takes for the peer to process the message. For example, - * if your RTT is about 600ms and you peer needs up to 1s to - * do the cryptographic operations in the handshake, then you - * should set 'min' slightly above 1600. Lower values of 'min' - * might cause spurious resends which waste network resources, - * while larger value of 'min' will increase overall latency - * on unreliable network links. - * - * \note The more unreliable your network connection is, the larger - * your max / min ratio needs to be in order to achieve - * reliable handshakes. - * - * \note Messages are retransmitted up to log2(ceil(max/min)) times. - * For example, if min = 1s and max = 5s, the retransmit plan - * goes: send ... 1s -> resend ... 2s -> resend ... 4s -> - * resend ... 5s -> give up and return a timeout error. - */ -void mbedtls_ssl_conf_handshake_timeout( mbedtls_ssl_config *conf, uint32_t min, uint32_t max ); -#endif /* MBEDTLS_SSL_PROTO_DTLS */ - -#if defined(MBEDTLS_SSL_SRV_C) -/** - * \brief Set the session cache callbacks (server-side only) - * If not set, no session resuming is done (except if session - * tickets are enabled too). - * - * The session cache has the responsibility to check for stale - * entries based on timeout. See RFC 5246 for recommendations. - * - * Warning: session.peer_cert is cleared by the SSL/TLS layer on - * connection shutdown, so do not cache the pointer! Either set - * it to NULL or make a full copy of the certificate. - * - * The get callback is called once during the initial handshake - * to enable session resuming. The get function has the - * following parameters: (void *parameter, mbedtls_ssl_session *session) - * If a valid entry is found, it should fill the master of - * the session object with the cached values and return 0, - * return 1 otherwise. Optionally peer_cert can be set as well - * if it is properly present in cache entry. - * - * The set callback is called once during the initial handshake - * to enable session resuming after the entire handshake has - * been finished. The set function has the following parameters: - * (void *parameter, const mbedtls_ssl_session *session). The function - * should create a cache entry for future retrieval based on - * the data in the session structure and should keep in mind - * that the mbedtls_ssl_session object presented (and all its referenced - * data) is cleared by the SSL/TLS layer when the connection is - * terminated. It is recommended to add metadata to determine if - * an entry is still valid in the future. Return 0 if - * successfully cached, return 1 otherwise. - * - * \param conf SSL configuration - * \param p_cache parmater (context) for both callbacks - * \param f_get_cache session get callback - * \param f_set_cache session set callback - */ -void mbedtls_ssl_conf_session_cache( mbedtls_ssl_config *conf, - void *p_cache, - mbedtls_ssl_cache_get_t *f_get_cache, - mbedtls_ssl_cache_set_t *f_set_cache ); -#endif /* MBEDTLS_SSL_SRV_C */ - -#if defined(MBEDTLS_SSL_CLI_C) -/** - * \brief Load a session for session resumption. - * - * Sessions loaded through this call will be considered - * for session resumption in the next handshake. - * - * \note Even if this call succeeds, it is not guaranteed that - * the next handshake will indeed be shortened through the - * use of session resumption: The server is always free - * to reject any attempt for resumption and fall back to - * a full handshake. - * - * \note This function can handle a variety of mechanisms for session - * resumption: For TLS 1.2, both session ID-based resumption and - * ticket-based resumption will be considered. For TLS 1.3, - * once implemented, sessions equate to tickets, and loading - * one or more sessions via this call will lead to their - * corresponding tickets being advertised as resumption PSKs - * by the client. - * - * \note Calling this function multiple times will only be useful - * once TLS 1.3 is supported. For TLS 1.2 connections, this - * function should be called at most once. - * - * \param ssl The SSL context representing the connection which should - * be attempted to be setup using session resumption. This - * must be initialized via mbedtls_ssl_init() and bound to - * an SSL configuration via mbedtls_ssl_setup(), but - * the handshake must not yet have been started. - * \param session The session to be considered for session resumption. - * This must be a session previously exported via - * mbedtls_ssl_get_session(), and potentially serialized and - * deserialized through mbedtls_ssl_session_save() and - * mbedtls_ssl_session_load() in the meantime. - * - * \return \c 0 if successful. - * \return \c MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE if the session - * could not be loaded because of an implementation limitation. - * This error is non-fatal, and has no observable effect on - * the SSL context or the session that was attempted to be loaded. - * \return Another negative error code on other kinds of failure. - * - * \sa mbedtls_ssl_get_session() - * \sa mbedtls_ssl_session_load() - */ -int mbedtls_ssl_set_session( mbedtls_ssl_context *ssl, const mbedtls_ssl_session *session ); -#endif /* MBEDTLS_SSL_CLI_C */ - -/** - * \brief Load serialized session data into a session structure. - * On client, this can be used for loading saved sessions - * before resuming them with mbedstls_ssl_set_session(). - * On server, this can be used for alternative implementations - * of session cache or session tickets. - * - * \warning If a peer certificate chain is associated with the session, - * the serialized state will only contain the peer's - * end-entity certificate and the result of the chain - * verification (unless verification was disabled), but not - * the rest of the chain. - * - * \see mbedtls_ssl_session_save() - * \see mbedtls_ssl_set_session() - * - * \param session The session structure to be populated. It must have been - * initialised with mbedtls_ssl_session_init() but not - * populated yet. - * \param buf The buffer holding the serialized session data. It must be a - * readable buffer of at least \p len bytes. - * \param len The size of the serialized data in bytes. - * - * \return \c 0 if successful. - * \return #MBEDTLS_ERR_SSL_ALLOC_FAILED if memory allocation failed. - * \return #MBEDTLS_ERR_SSL_BAD_INPUT_DATA if input data is invalid. - * \return #MBEDTLS_ERR_SSL_VERSION_MISMATCH if the serialized data - * was generated in a different version or configuration of - * Mbed TLS. - * \return Another negative value for other kinds of errors (for - * example, unsupported features in the embedded certificate). - */ -int mbedtls_ssl_session_load( mbedtls_ssl_session *session, - const unsigned char *buf, - size_t len ); - -/** - * \brief Save session structure as serialized data in a buffer. - * On client, this can be used for saving session data, - * potentially in non-volatile storage, for resuming later. - * On server, this can be used for alternative implementations - * of session cache or session tickets. - * - * \see mbedtls_ssl_session_load() - * - * \param session The session structure to be saved. - * \param buf The buffer to write the serialized data to. It must be a - * writeable buffer of at least \p len bytes, or may be \c - * NULL if \p len is \c 0. - * \param buf_len The number of bytes available for writing in \p buf. - * \param olen The size in bytes of the data that has been or would have - * been written. It must point to a valid \c size_t. - * - * \note \p olen is updated to the correct value regardless of - * whether \p buf_len was large enough. This makes it possible - * to determine the necessary size by calling this function - * with \p buf set to \c NULL and \p buf_len to \c 0. - * - * \return \c 0 if successful. - * \return #MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL if \p buf is too small. - */ -int mbedtls_ssl_session_save( const mbedtls_ssl_session *session, - unsigned char *buf, - size_t buf_len, - size_t *olen ); - -/** - * \brief Set the list of allowed ciphersuites and the preference - * order. First in the list has the highest preference. - * (Overrides all version-specific lists) - * - * The ciphersuites array is not copied, and must remain - * valid for the lifetime of the ssl_config. - * - * Note: By default, the server chooses its preferred - * ciphersuite among those that the client supports. If - * mbedtls_ssl_conf_preference_order() is called to prefer - * the client's preferences, the server instead chooses - * the client's preferred ciphersuite among those that - * the server supports. - * - * \param conf SSL configuration - * \param ciphersuites 0-terminated list of allowed ciphersuites - */ -void mbedtls_ssl_conf_ciphersuites( mbedtls_ssl_config *conf, - const int *ciphersuites ); - -#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) -#define MBEDTLS_SSL_UNEXPECTED_CID_IGNORE 0 -#define MBEDTLS_SSL_UNEXPECTED_CID_FAIL 1 -/** - * \brief Specify the length of Connection IDs for incoming - * encrypted DTLS records, as well as the behaviour - * on unexpected CIDs. - * - * By default, the CID length is set to \c 0, - * and unexpected CIDs are silently ignored. - * - * \param conf The SSL configuration to modify. - * \param len The length in Bytes of the CID fields in encrypted - * DTLS records using the CID mechanism. This must - * not be larger than #MBEDTLS_SSL_CID_OUT_LEN_MAX. - * \param ignore_other_cids This determines the stack's behaviour when - * receiving a record with an unexpected CID. - * Possible values are: - * - #MBEDTLS_SSL_UNEXPECTED_CID_IGNORE - * In this case, the record is silently ignored. - * - #MBEDTLS_SSL_UNEXPECTED_CID_FAIL - * In this case, the stack fails with the specific - * error code #MBEDTLS_ERR_SSL_UNEXPECTED_CID. - * - * \note The CID specification allows implementations to either - * use a common length for all incoming connection IDs or - * allow variable-length incoming IDs. Mbed TLS currently - * requires a common length for all connections sharing the - * same SSL configuration; this allows simpler parsing of - * record headers. - * - * \return \c 0 on success. - * \return #MBEDTLS_ERR_SSL_BAD_INPUT_DATA if \p own_cid_len - * is too large. - */ -int mbedtls_ssl_conf_cid( mbedtls_ssl_config *conf, size_t len, - int ignore_other_cids ); -#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ - -#if defined(MBEDTLS_X509_CRT_PARSE_C) -/** - * \brief Set the X.509 security profile used for verification - * - * \note The restrictions are enforced for all certificates in the - * chain. However, signatures in the handshake are not covered - * by this setting but by \b mbedtls_ssl_conf_sig_hashes(). - * - * \param conf SSL configuration - * \param profile Profile to use - */ -void mbedtls_ssl_conf_cert_profile( mbedtls_ssl_config *conf, - const mbedtls_x509_crt_profile *profile ); - -/** - * \brief Set the data required to verify peer certificate - * - * \note See \c mbedtls_x509_crt_verify() for notes regarding the - * parameters ca_chain (maps to trust_ca for that function) - * and ca_crl. - * - * \param conf SSL configuration - * \param ca_chain trusted CA chain (meaning all fully trusted top-level CAs) - * \param ca_crl trusted CA CRLs - */ -void mbedtls_ssl_conf_ca_chain( mbedtls_ssl_config *conf, - mbedtls_x509_crt *ca_chain, - mbedtls_x509_crl *ca_crl ); - -#if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK) -/** - * \brief Set the trusted certificate callback. - * - * This API allows to register the set of trusted certificates - * through a callback, instead of a linked list as configured - * by mbedtls_ssl_conf_ca_chain(). - * - * This is useful for example in contexts where a large number - * of CAs are used, and the inefficiency of maintaining them - * in a linked list cannot be tolerated. It is also useful when - * the set of trusted CAs needs to be modified frequently. - * - * See the documentation of `mbedtls_x509_crt_ca_cb_t` for - * more information. - * - * \param conf The SSL configuration to register the callback with. - * \param f_ca_cb The trusted certificate callback to use when verifying - * certificate chains. - * \param p_ca_cb The context to be passed to \p f_ca_cb (for example, - * a reference to a trusted CA database). - * - * \note This API is incompatible with mbedtls_ssl_conf_ca_chain(): - * Any call to this function overwrites the values set through - * earlier calls to mbedtls_ssl_conf_ca_chain() or - * mbedtls_ssl_conf_ca_cb(). - * - * \note This API is incompatible with CA indication in - * CertificateRequest messages: A server-side SSL context which - * is bound to an SSL configuration that uses a CA callback - * configured via mbedtls_ssl_conf_ca_cb(), and which requires - * client authentication, will send an empty CA list in the - * corresponding CertificateRequest message. - * - * \note This API is incompatible with mbedtls_ssl_set_hs_ca_chain(): - * If an SSL context is bound to an SSL configuration which uses - * CA callbacks configured via mbedtls_ssl_conf_ca_cb(), then - * calls to mbedtls_ssl_set_hs_ca_chain() have no effect. - * - * \note The use of this API disables the use of restartable ECC - * during X.509 CRT signature verification (but doesn't affect - * other uses). - * - * \warning This API is incompatible with the use of CRLs. Any call to - * mbedtls_ssl_conf_ca_cb() unsets CRLs configured through - * earlier calls to mbedtls_ssl_conf_ca_chain(). - * - * \warning In multi-threaded environments, the callback \p f_ca_cb - * must be thread-safe, and it is the user's responsibility - * to guarantee this (for example through a mutex - * contained in the callback context pointed to by \p p_ca_cb). - */ -void mbedtls_ssl_conf_ca_cb( mbedtls_ssl_config *conf, - mbedtls_x509_crt_ca_cb_t f_ca_cb, - void *p_ca_cb ); -#endif /* MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK */ - -/** - * \brief Set own certificate chain and private key - * - * \note own_cert should contain in order from the bottom up your - * certificate chain. The top certificate (self-signed) - * can be omitted. - * - * \note On server, this function can be called multiple times to - * provision more than one cert/key pair (eg one ECDSA, one - * RSA with SHA-256, one RSA with SHA-1). An adequate - * certificate will be selected according to the client's - * advertised capabilities. In case multiple certificates are - * adequate, preference is given to the one set by the first - * call to this function, then second, etc. - * - * \note On client, only the first call has any effect. That is, - * only one client certificate can be provisioned. The - * server's preferences in its CertficateRequest message will - * be ignored and our only cert will be sent regardless of - * whether it matches those preferences - the server can then - * decide what it wants to do with it. - * - * \note The provided \p pk_key needs to match the public key in the - * first certificate in \p own_cert, or all handshakes using - * that certificate will fail. It is your responsibility - * to ensure that; this function will not perform any check. - * You may use mbedtls_pk_check_pair() in order to perform - * this check yourself, but be aware that this function can - * be computationally expensive on some key types. - * - * \param conf SSL configuration - * \param own_cert own public certificate chain - * \param pk_key own private key - * - * \return 0 on success or MBEDTLS_ERR_SSL_ALLOC_FAILED - */ -int mbedtls_ssl_conf_own_cert( mbedtls_ssl_config *conf, - mbedtls_x509_crt *own_cert, - mbedtls_pk_context *pk_key ); -#endif /* MBEDTLS_X509_CRT_PARSE_C */ - -#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED) -/** - * \brief Configure pre-shared keys (PSKs) and their - * identities to be used in PSK-based ciphersuites. - * - * Only one PSK can be registered, through either - * mbedtls_ssl_conf_psk() or mbedtls_ssl_conf_psk_opaque(). - * If you attempt to register more than one PSK, this function - * fails, though this may change in future versions, which - * may add support for multiple PSKs. - * - * \note This is mainly useful for clients. Servers will usually - * want to use \c mbedtls_ssl_conf_psk_cb() instead. - * - * \note A PSK set by \c mbedtls_ssl_set_hs_psk() in the PSK callback - * takes precedence over a PSK configured by this function. - * - * \param conf The SSL configuration to register the PSK with. - * \param psk The pointer to the pre-shared key to use. - * \param psk_len The length of the pre-shared key in bytes. - * \param psk_identity The pointer to the pre-shared key identity. - * \param psk_identity_len The length of the pre-shared key identity - * in bytes. - * - * \note The PSK and its identity are copied internally and - * hence need not be preserved by the caller for the lifetime - * of the SSL configuration. - * - * \return \c 0 if successful. - * \return #MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE if no more PSKs - * can be configured. In this case, the old PSK(s) remain intact. - * \return Another negative error code on other kinds of failure. - */ -int mbedtls_ssl_conf_psk( mbedtls_ssl_config *conf, - const unsigned char *psk, size_t psk_len, - const unsigned char *psk_identity, size_t psk_identity_len ); - -#if defined(MBEDTLS_USE_PSA_CRYPTO) -/** - * \brief Configure one or more opaque pre-shared keys (PSKs) and - * their identities to be used in PSK-based ciphersuites. - * - * Only one PSK can be registered, through either - * mbedtls_ssl_conf_psk() or mbedtls_ssl_conf_psk_opaque(). - * If you attempt to register more than one PSK, this function - * fails, though this may change in future versions, which - * may add support for multiple PSKs. - * - * \note This is mainly useful for clients. Servers will usually - * want to use \c mbedtls_ssl_conf_psk_cb() instead. - * - * \note An opaque PSK set by \c mbedtls_ssl_set_hs_psk_opaque() in - * the PSK callback takes precedence over an opaque PSK - * configured by this function. - * - * \param conf The SSL configuration to register the PSK with. - * \param psk The identifier of the key slot holding the PSK. - * Until \p conf is destroyed or this function is successfully - * called again, the key slot \p psk must be populated with a - * key of type PSA_ALG_CATEGORY_KEY_DERIVATION whose policy - * allows its use for the key derivation algorithm applied - * in the handshake. - * \param psk_identity The pointer to the pre-shared key identity. - * \param psk_identity_len The length of the pre-shared key identity - * in bytes. - * - * \note The PSK identity hint is copied internally and hence need - * not be preserved by the caller for the lifetime of the - * SSL configuration. - * - * \return \c 0 if successful. - * \return #MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE if no more PSKs - * can be configured. In this case, the old PSK(s) remain intact. - * \return Another negative error code on other kinds of failure. - */ -int mbedtls_ssl_conf_psk_opaque( mbedtls_ssl_config *conf, - psa_key_id_t psk, - const unsigned char *psk_identity, - size_t psk_identity_len ); -#endif /* MBEDTLS_USE_PSA_CRYPTO */ - -/** - * \brief Set the pre-shared Key (PSK) for the current handshake. - * - * \note This should only be called inside the PSK callback, - * i.e. the function passed to \c mbedtls_ssl_conf_psk_cb(). - * - * \note A PSK set by this function takes precedence over a PSK - * configured by \c mbedtls_ssl_conf_psk(). - * - * \param ssl The SSL context to configure a PSK for. - * \param psk The pointer to the pre-shared key. - * \param psk_len The length of the pre-shared key in bytes. - * - * \return \c 0 if successful. - * \return An \c MBEDTLS_ERR_SSL_XXX error code on failure. - */ -int mbedtls_ssl_set_hs_psk( mbedtls_ssl_context *ssl, - const unsigned char *psk, size_t psk_len ); - -#if defined(MBEDTLS_USE_PSA_CRYPTO) -/** - * \brief Set an opaque pre-shared Key (PSK) for the current handshake. - * - * \note This should only be called inside the PSK callback, - * i.e. the function passed to \c mbedtls_ssl_conf_psk_cb(). - * - * \note An opaque PSK set by this function takes precedence over an - * opaque PSK configured by \c mbedtls_ssl_conf_psk_opaque(). - * - * \param ssl The SSL context to configure a PSK for. - * \param psk The identifier of the key slot holding the PSK. - * For the duration of the current handshake, the key slot - * must be populated with a key of type - * PSA_ALG_CATEGORY_KEY_DERIVATION whose policy allows its - * use for the key derivation algorithm - * applied in the handshake. - * - * \return \c 0 if successful. - * \return An \c MBEDTLS_ERR_SSL_XXX error code on failure. - */ -int mbedtls_ssl_set_hs_psk_opaque( mbedtls_ssl_context *ssl, - psa_key_id_t psk ); -#endif /* MBEDTLS_USE_PSA_CRYPTO */ - -/** - * \brief Set the PSK callback (server-side only). - * - * If set, the PSK callback is called for each - * handshake where a PSK-based ciphersuite was negotiated. - * The caller provides the identity received and wants to - * receive the actual PSK data and length. - * - * The callback has the following parameters: - * - \c void*: The opaque pointer \p p_psk. - * - \c mbedtls_ssl_context*: The SSL context to which - * the operation applies. - * - \c const unsigned char*: The PSK identity - * selected by the client. - * - \c size_t: The length of the PSK identity - * selected by the client. - * - * If a valid PSK identity is found, the callback should use - * \c mbedtls_ssl_set_hs_psk() or - * \c mbedtls_ssl_set_hs_psk_opaque() - * on the SSL context to set the correct PSK and return \c 0. - * Any other return value will result in a denied PSK identity. - * - * \note A dynamic PSK (i.e. set by the PSK callback) takes - * precedence over a static PSK (i.e. set by - * \c mbedtls_ssl_conf_psk() or - * \c mbedtls_ssl_conf_psk_opaque()). - * This means that if you set a PSK callback using this - * function, you don't need to set a PSK using - * \c mbedtls_ssl_conf_psk() or - * \c mbedtls_ssl_conf_psk_opaque()). - * - * \param conf The SSL configuration to register the callback with. - * \param f_psk The callback for selecting and setting the PSK based - * in the PSK identity chosen by the client. - * \param p_psk A pointer to an opaque structure to be passed to - * the callback, for example a PSK store. - */ -void mbedtls_ssl_conf_psk_cb( mbedtls_ssl_config *conf, - int (*f_psk)(void *, mbedtls_ssl_context *, const unsigned char *, - size_t), - void *p_psk ); -#endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */ - -#if defined(MBEDTLS_DHM_C) && defined(MBEDTLS_SSL_SRV_C) -/** - * \brief Set the Diffie-Hellman public P and G values - * from big-endian binary presentations. - * (Default values: MBEDTLS_DHM_RFC3526_MODP_2048_[PG]_BIN) - * - * \param conf SSL configuration - * \param dhm_P Diffie-Hellman-Merkle modulus in big-endian binary form - * \param P_len Length of DHM modulus - * \param dhm_G Diffie-Hellman-Merkle generator in big-endian binary form - * \param G_len Length of DHM generator - * - * \return 0 if successful - */ -int mbedtls_ssl_conf_dh_param_bin( mbedtls_ssl_config *conf, - const unsigned char *dhm_P, size_t P_len, - const unsigned char *dhm_G, size_t G_len ); - -/** - * \brief Set the Diffie-Hellman public P and G values, - * read from existing context (server-side only) - * - * \param conf SSL configuration - * \param dhm_ctx Diffie-Hellman-Merkle context - * - * \return 0 if successful - */ -int mbedtls_ssl_conf_dh_param_ctx( mbedtls_ssl_config *conf, mbedtls_dhm_context *dhm_ctx ); -#endif /* MBEDTLS_DHM_C && defined(MBEDTLS_SSL_SRV_C) */ - -#if defined(MBEDTLS_DHM_C) && defined(MBEDTLS_SSL_CLI_C) -/** - * \brief Set the minimum length for Diffie-Hellman parameters. - * (Client-side only.) - * (Default: 1024 bits.) - * - * \param conf SSL configuration - * \param bitlen Minimum bit length of the DHM prime - */ -void mbedtls_ssl_conf_dhm_min_bitlen( mbedtls_ssl_config *conf, - unsigned int bitlen ); -#endif /* MBEDTLS_DHM_C && MBEDTLS_SSL_CLI_C */ - -#if defined(MBEDTLS_ECP_C) -/** - * \brief Set the allowed curves in order of preference. - * - * On server: this only affects selection of the ECDHE curve; - * the curves used for ECDH and ECDSA are determined by the - * list of available certificates instead. - * - * On client: this affects the list of curves offered for any - * use. The server can override our preference order. - * - * Both sides: limits the set of curves accepted for use in - * ECDHE and in the peer's end-entity certificate. - * - * \note This has no influence on which curves are allowed inside the - * certificate chains, see \c mbedtls_ssl_conf_cert_profile() - * for that. For the end-entity certificate however, the key - * will be accepted only if it is allowed both by this list - * and by the cert profile. - * - * \note This list should be ordered by decreasing preference - * (preferred curve first). - * - * \note The default list is the same set of curves that - * #mbedtls_x509_crt_profile_default allows, plus - * ECDHE-only curves selected according to the same criteria. - * The order favors curves with the lowest resource usage. - * - * \note New minor versions of Mbed TLS may extend this list, - * for example if new curves are added to the library. - * New minor versions of Mbed TLS will not remove items - * from this list unless serious security concerns require it. - * New minor versions of Mbed TLS may change the order in - * keeping with the general principle of favoring the lowest - * resource usage. - * - * \param conf SSL configuration - * \param curves Ordered list of allowed curves, - * terminated by MBEDTLS_ECP_DP_NONE. - */ -void mbedtls_ssl_conf_curves( mbedtls_ssl_config *conf, - const mbedtls_ecp_group_id *curves ); -#endif /* MBEDTLS_ECP_C */ - -#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) -/** - * \brief Set the allowed hashes for signatures during the handshake. - * - * \note This only affects which hashes are offered and can be used - * for signatures during the handshake. Hashes for message - * authentication and the TLS PRF are controlled by the - * ciphersuite, see \c mbedtls_ssl_conf_ciphersuites(). Hashes - * used for certificate signature are controlled by the - * verification profile, see \c mbedtls_ssl_conf_cert_profile(). - * - * \note This list should be ordered by decreasing preference - * (preferred hash first). - * - * \note By default, all supported hashes whose length is at least - * 256 bits are allowed. This is the same set as the default - * for certificate verification - * (#mbedtls_x509_crt_profile_default). - * The preference order is currently unspecified and may - * change in future versions. - * - * \note New minor versions of Mbed TLS may extend this list, - * for example if new curves are added to the library. - * New minor versions of Mbed TLS will not remove items - * from this list unless serious security concerns require it. - * - * \param conf SSL configuration - * \param hashes Ordered list of allowed signature hashes, - * terminated by \c MBEDTLS_MD_NONE. - */ -void mbedtls_ssl_conf_sig_hashes( mbedtls_ssl_config *conf, - const int *hashes ); -#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */ - -#if defined(MBEDTLS_X509_CRT_PARSE_C) -/** - * \brief Set or reset the hostname to check against the received - * server certificate. It sets the ServerName TLS extension, - * too, if that extension is enabled. (client-side only) - * - * \param ssl SSL context - * \param hostname the server hostname, may be NULL to clear hostname - - * \note Maximum hostname length MBEDTLS_SSL_MAX_HOST_NAME_LEN. - * - * \return 0 if successful, MBEDTLS_ERR_SSL_ALLOC_FAILED on - * allocation failure, MBEDTLS_ERR_SSL_BAD_INPUT_DATA on - * too long input hostname. - * - * Hostname set to the one provided on success (cleared - * when NULL). On allocation failure hostname is cleared. - * On too long input failure, old hostname is unchanged. - */ -int mbedtls_ssl_set_hostname( mbedtls_ssl_context *ssl, const char *hostname ); -#endif /* MBEDTLS_X509_CRT_PARSE_C */ - -#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION) -/** - * \brief Set own certificate and key for the current handshake - * - * \note Same as \c mbedtls_ssl_conf_own_cert() but for use within - * the SNI callback. - * - * \param ssl SSL context - * \param own_cert own public certificate chain - * \param pk_key own private key - * - * \return 0 on success or MBEDTLS_ERR_SSL_ALLOC_FAILED - */ -int mbedtls_ssl_set_hs_own_cert( mbedtls_ssl_context *ssl, - mbedtls_x509_crt *own_cert, - mbedtls_pk_context *pk_key ); - -/** - * \brief Set the data required to verify peer certificate for the - * current handshake - * - * \note Same as \c mbedtls_ssl_conf_ca_chain() but for use within - * the SNI callback. - * - * \param ssl SSL context - * \param ca_chain trusted CA chain (meaning all fully trusted top-level CAs) - * \param ca_crl trusted CA CRLs - */ -void mbedtls_ssl_set_hs_ca_chain( mbedtls_ssl_context *ssl, - mbedtls_x509_crt *ca_chain, - mbedtls_x509_crl *ca_crl ); - -/** - * \brief Set authmode for the current handshake. - * - * \note Same as \c mbedtls_ssl_conf_authmode() but for use within - * the SNI callback. - * - * \param ssl SSL context - * \param authmode MBEDTLS_SSL_VERIFY_NONE, MBEDTLS_SSL_VERIFY_OPTIONAL or - * MBEDTLS_SSL_VERIFY_REQUIRED - */ -void mbedtls_ssl_set_hs_authmode( mbedtls_ssl_context *ssl, - int authmode ); - -/** - * \brief Set server side ServerName TLS extension callback - * (optional, server-side only). - * - * If set, the ServerName callback is called whenever the - * server receives a ServerName TLS extension from the client - * during a handshake. The ServerName callback has the - * following parameters: (void *parameter, mbedtls_ssl_context *ssl, - * const unsigned char *hostname, size_t len). If a suitable - * certificate is found, the callback must set the - * certificate(s) and key(s) to use with \c - * mbedtls_ssl_set_hs_own_cert() (can be called repeatedly), - * and may optionally adjust the CA and associated CRL with \c - * mbedtls_ssl_set_hs_ca_chain() as well as the client - * authentication mode with \c mbedtls_ssl_set_hs_authmode(), - * then must return 0. If no matching name is found, the - * callback must either set a default cert, or - * return non-zero to abort the handshake at this point. - * - * \param conf SSL configuration - * \param f_sni verification function - * \param p_sni verification parameter - */ -void mbedtls_ssl_conf_sni( mbedtls_ssl_config *conf, - int (*f_sni)(void *, mbedtls_ssl_context *, const unsigned char *, - size_t), - void *p_sni ); -#endif /* MBEDTLS_SSL_SERVER_NAME_INDICATION */ - -#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) -/** - * \brief Set the EC J-PAKE password for current handshake. - * - * \note An internal copy is made, and destroyed as soon as the - * handshake is completed, or when the SSL context is reset or - * freed. - * - * \note The SSL context needs to be already set up. The right place - * to call this function is between \c mbedtls_ssl_setup() or - * \c mbedtls_ssl_reset() and \c mbedtls_ssl_handshake(). - * - * \param ssl SSL context - * \param pw EC J-PAKE password (pre-shared secret) - * \param pw_len length of pw in bytes - * - * \return 0 on success, or a negative error code. - */ -int mbedtls_ssl_set_hs_ecjpake_password( mbedtls_ssl_context *ssl, - const unsigned char *pw, - size_t pw_len ); -#endif /*MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */ - -#if defined(MBEDTLS_SSL_ALPN) -/** - * \brief Set the supported Application Layer Protocols. - * - * \param conf SSL configuration - * \param protos Pointer to a NULL-terminated list of supported protocols, - * in decreasing preference order. The pointer to the list is - * recorded by the library for later reference as required, so - * the lifetime of the table must be atleast as long as the - * lifetime of the SSL configuration structure. - * - * \return 0 on success, or MBEDTLS_ERR_SSL_BAD_INPUT_DATA. - */ -int mbedtls_ssl_conf_alpn_protocols( mbedtls_ssl_config *conf, const char **protos ); - -/** - * \brief Get the name of the negotiated Application Layer Protocol. - * This function should be called after the handshake is - * completed. - * - * \param ssl SSL context - * - * \return Protcol name, or NULL if no protocol was negotiated. - */ -const char *mbedtls_ssl_get_alpn_protocol( const mbedtls_ssl_context *ssl ); -#endif /* MBEDTLS_SSL_ALPN */ - -#if defined(MBEDTLS_SSL_DTLS_SRTP) -#if defined(MBEDTLS_DEBUG_C) -static inline const char *mbedtls_ssl_get_srtp_profile_as_string( mbedtls_ssl_srtp_profile profile ) -{ - switch( profile ) - { - case MBEDTLS_TLS_SRTP_AES128_CM_HMAC_SHA1_80: - return( "MBEDTLS_TLS_SRTP_AES128_CM_HMAC_SHA1_80" ); - case MBEDTLS_TLS_SRTP_AES128_CM_HMAC_SHA1_32: - return( "MBEDTLS_TLS_SRTP_AES128_CM_HMAC_SHA1_32" ); - case MBEDTLS_TLS_SRTP_NULL_HMAC_SHA1_80: - return( "MBEDTLS_TLS_SRTP_NULL_HMAC_SHA1_80" ); - case MBEDTLS_TLS_SRTP_NULL_HMAC_SHA1_32: - return( "MBEDTLS_TLS_SRTP_NULL_HMAC_SHA1_32" ); - default: break; - } - return( "" ); -} -#endif /* MBEDTLS_DEBUG_C */ -/** - * \brief Manage support for mki(master key id) value - * in use_srtp extension. - * MKI is an optional part of SRTP used for key management - * and re-keying. See RFC3711 section 3.1 for details. - * The default value is - * #MBEDTLS_SSL_DTLS_SRTP_MKI_UNSUPPORTED. - * - * \param conf The SSL configuration to manage mki support. - * \param support_mki_value Enable or disable mki usage. Values are - * #MBEDTLS_SSL_DTLS_SRTP_MKI_UNSUPPORTED - * or #MBEDTLS_SSL_DTLS_SRTP_MKI_SUPPORTED. - */ -void mbedtls_ssl_conf_srtp_mki_value_supported( mbedtls_ssl_config *conf, - int support_mki_value ); - -/** - * \brief Set the supported DTLS-SRTP protection profiles. - * - * \param conf SSL configuration - * \param profiles Pointer to a List of MBEDTLS_TLS_SRTP_UNSET terminated - * supported protection profiles - * in decreasing preference order. - * The pointer to the list is recorded by the library - * for later reference as required, so the lifetime - * of the table must be at least as long as the lifetime - * of the SSL configuration structure. - * The list must not hold more than - * MBEDTLS_TLS_SRTP_MAX_PROFILE_LIST_LENGTH elements - * (excluding the terminating MBEDTLS_TLS_SRTP_UNSET). - * - * \return 0 on success - * \return #MBEDTLS_ERR_SSL_BAD_INPUT_DATA when the list of - * protection profiles is incorrect. - */ -int mbedtls_ssl_conf_dtls_srtp_protection_profiles - ( mbedtls_ssl_config *conf, - const mbedtls_ssl_srtp_profile *profiles ); - -/** - * \brief Set the mki_value for the current DTLS-SRTP session. - * - * \param ssl SSL context to use. - * \param mki_value The MKI value to set. - * \param mki_len The length of the MKI value. - * - * \note This function is relevant on client side only. - * The server discovers the mki value during handshake. - * A mki value set on server side using this function - * is ignored. - * - * \return 0 on success - * \return #MBEDTLS_ERR_SSL_BAD_INPUT_DATA - * \return #MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE - */ -int mbedtls_ssl_dtls_srtp_set_mki_value( mbedtls_ssl_context *ssl, - unsigned char *mki_value, - uint16_t mki_len ); -/** - * \brief Get the negotiated DTLS-SRTP informations: - * Protection profile and MKI value. - * - * \warning This function must be called after the handshake is - * completed. The value returned by this function must - * not be trusted or acted upon before the handshake completes. - * - * \param ssl The SSL context to query. - * \param dtls_srtp_info The negotiated DTLS-SRTP informations: - * - Protection profile in use. - * A direct mapping of the iana defined value for protection - * profile on an uint16_t. - http://www.iana.org/assignments/srtp-protection/srtp-protection.xhtml - * #MBEDTLS_TLS_SRTP_UNSET if the use of SRTP was not negotiated - * or peer's Hello packet was not parsed yet. - * - mki size and value( if size is > 0 ). - */ -void mbedtls_ssl_get_dtls_srtp_negotiation_result( const mbedtls_ssl_context *ssl, - mbedtls_dtls_srtp_info *dtls_srtp_info ); -#endif /* MBEDTLS_SSL_DTLS_SRTP */ - -/** - * \brief Set the maximum supported version sent from the client side - * and/or accepted at the server side - * (Default: MBEDTLS_SSL_MAX_MAJOR_VERSION, MBEDTLS_SSL_MAX_MINOR_VERSION) - * - * \note This ignores ciphersuites from higher versions. - * - * \note With DTLS, use MBEDTLS_SSL_MINOR_VERSION_3 for DTLS 1.2 - * - * \param conf SSL configuration - * \param major Major version number (only MBEDTLS_SSL_MAJOR_VERSION_3 supported) - * \param minor Minor version number (only MBEDTLS_SSL_MINOR_VERSION_3 supported) - */ -void mbedtls_ssl_conf_max_version( mbedtls_ssl_config *conf, int major, int minor ); - -/** - * \brief Set the minimum accepted SSL/TLS protocol version - * (Default: TLS 1.2) - * - * \note Input outside of the SSL_MAX_XXXXX_VERSION and - * SSL_MIN_XXXXX_VERSION range is ignored. - * - * \note With DTLS, use MBEDTLS_SSL_MINOR_VERSION_3 for DTLS 1.2 - * - * \param conf SSL configuration - * \param major Major version number (only MBEDTLS_SSL_MAJOR_VERSION_3 supported) - * \param minor Minor version number (only MBEDTLS_SSL_MINOR_VERSION_3 supported) - */ -void mbedtls_ssl_conf_min_version( mbedtls_ssl_config *conf, int major, int minor ); - -#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) -/** - * \brief Enable or disable Encrypt-then-MAC - * (Default: MBEDTLS_SSL_ETM_ENABLED) - * - * \note This should always be enabled, it is a security - * improvement, and should not cause any interoperability - * issue (used only if the peer supports it too). - * - * \param conf SSL configuration - * \param etm MBEDTLS_SSL_ETM_ENABLED or MBEDTLS_SSL_ETM_DISABLED - */ -void mbedtls_ssl_conf_encrypt_then_mac( mbedtls_ssl_config *conf, char etm ); -#endif /* MBEDTLS_SSL_ENCRYPT_THEN_MAC */ - -#if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET) -/** - * \brief Enable or disable Extended Master Secret negotiation. - * (Default: MBEDTLS_SSL_EXTENDED_MS_ENABLED) - * - * \note This should always be enabled, it is a security fix to the - * protocol, and should not cause any interoperability issue - * (used only if the peer supports it too). - * - * \param conf SSL configuration - * \param ems MBEDTLS_SSL_EXTENDED_MS_ENABLED or MBEDTLS_SSL_EXTENDED_MS_DISABLED - */ -void mbedtls_ssl_conf_extended_master_secret( mbedtls_ssl_config *conf, char ems ); -#endif /* MBEDTLS_SSL_EXTENDED_MASTER_SECRET */ - -#if defined(MBEDTLS_SSL_SRV_C) -/** - * \brief Whether to send a list of acceptable CAs in - * CertificateRequest messages. - * (Default: do send) - * - * \param conf SSL configuration - * \param cert_req_ca_list MBEDTLS_SSL_CERT_REQ_CA_LIST_ENABLED or - * MBEDTLS_SSL_CERT_REQ_CA_LIST_DISABLED - */ -void mbedtls_ssl_conf_cert_req_ca_list( mbedtls_ssl_config *conf, - char cert_req_ca_list ); -#endif /* MBEDTLS_SSL_SRV_C */ - -#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH) -/** - * \brief Set the maximum fragment length to emit and/or negotiate. - * (Typical: the smaller of #MBEDTLS_SSL_IN_CONTENT_LEN and - * #MBEDTLS_SSL_OUT_CONTENT_LEN, usually `2^14` bytes) - * (Server: set maximum fragment length to emit, - * usually negotiated by the client during handshake) - * (Client: set maximum fragment length to emit *and* - * negotiate with the server during handshake) - * (Default: #MBEDTLS_SSL_MAX_FRAG_LEN_NONE) - * - * \note On the client side, the maximum fragment length extension - * *will not* be used, unless the maximum fragment length has - * been set via this function to a value different than - * #MBEDTLS_SSL_MAX_FRAG_LEN_NONE. - * - * \note With TLS, this currently only affects ApplicationData (sent - * with \c mbedtls_ssl_read()), not handshake messages. - * With DTLS, this affects both ApplicationData and handshake. - * - * \note This sets the maximum length for a record's payload, - * excluding record overhead that will be added to it, see - * \c mbedtls_ssl_get_record_expansion(). - * - * \note For DTLS, it is also possible to set a limit for the total - * size of daragrams passed to the transport layer, including - * record overhead, see \c mbedtls_ssl_set_mtu(). - * - * \param conf SSL configuration - * \param mfl_code Code for maximum fragment length (allowed values: - * MBEDTLS_SSL_MAX_FRAG_LEN_512, MBEDTLS_SSL_MAX_FRAG_LEN_1024, - * MBEDTLS_SSL_MAX_FRAG_LEN_2048, MBEDTLS_SSL_MAX_FRAG_LEN_4096) - * - * \return 0 if successful or MBEDTLS_ERR_SSL_BAD_INPUT_DATA - */ -int mbedtls_ssl_conf_max_frag_len( mbedtls_ssl_config *conf, unsigned char mfl_code ); -#endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */ - -#if defined(MBEDTLS_SSL_SRV_C) -/** - * \brief Pick the ciphersuites order according to the second parameter - * in the SSL Server module (MBEDTLS_SSL_SRV_C). - * (Default, if never called: MBEDTLS_SSL_SRV_CIPHERSUITE_ORDER_SERVER) - * - * \param conf SSL configuration - * \param order Server or client (MBEDTLS_SSL_SRV_CIPHERSUITE_ORDER_SERVER - * or MBEDTLS_SSL_SRV_CIPHERSUITE_ORDER_CLIENT) - */ -void mbedtls_ssl_conf_preference_order( mbedtls_ssl_config *conf, int order ); -#endif /* MBEDTLS_SSL_SRV_C */ - -#if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_CLI_C) -/** - * \brief Enable / Disable session tickets (client only). - * (Default: MBEDTLS_SSL_SESSION_TICKETS_ENABLED.) - * - * \note On server, use \c mbedtls_ssl_conf_session_tickets_cb(). - * - * \param conf SSL configuration - * \param use_tickets Enable or disable (MBEDTLS_SSL_SESSION_TICKETS_ENABLED or - * MBEDTLS_SSL_SESSION_TICKETS_DISABLED) - */ -void mbedtls_ssl_conf_session_tickets( mbedtls_ssl_config *conf, int use_tickets ); -#endif /* MBEDTLS_SSL_SESSION_TICKETS && MBEDTLS_SSL_CLI_C */ - -#if defined(MBEDTLS_SSL_RENEGOTIATION) -/** - * \brief Enable / Disable renegotiation support for connection when - * initiated by peer - * (Default: MBEDTLS_SSL_RENEGOTIATION_DISABLED) - * - * \warning It is recommended to always disable renegotation unless you - * know you need it and you know what you're doing. In the - * past, there have been several issues associated with - * renegotiation or a poor understanding of its properties. - * - * \note Server-side, enabling renegotiation also makes the server - * susceptible to a resource DoS by a malicious client. - * - * \param conf SSL configuration - * \param renegotiation Enable or disable (MBEDTLS_SSL_RENEGOTIATION_ENABLED or - * MBEDTLS_SSL_RENEGOTIATION_DISABLED) - */ -void mbedtls_ssl_conf_renegotiation( mbedtls_ssl_config *conf, int renegotiation ); -#endif /* MBEDTLS_SSL_RENEGOTIATION */ - -/** - * \brief Prevent or allow legacy renegotiation. - * (Default: MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION) - * - * MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION allows connections to - * be established even if the peer does not support - * secure renegotiation, but does not allow renegotiation - * to take place if not secure. - * (Interoperable and secure option) - * - * MBEDTLS_SSL_LEGACY_ALLOW_RENEGOTIATION allows renegotiations - * with non-upgraded peers. Allowing legacy renegotiation - * makes the connection vulnerable to specific man in the - * middle attacks. (See RFC 5746) - * (Most interoperable and least secure option) - * - * MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE breaks off connections - * if peer does not support secure renegotiation. Results - * in interoperability issues with non-upgraded peers - * that do not support renegotiation altogether. - * (Most secure option, interoperability issues) - * - * \param conf SSL configuration - * \param allow_legacy Prevent or allow (SSL_NO_LEGACY_RENEGOTIATION, - * SSL_ALLOW_LEGACY_RENEGOTIATION or - * MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE) - */ -void mbedtls_ssl_conf_legacy_renegotiation( mbedtls_ssl_config *conf, int allow_legacy ); - -#if defined(MBEDTLS_SSL_RENEGOTIATION) -/** - * \brief Enforce renegotiation requests. - * (Default: enforced, max_records = 16) - * - * When we request a renegotiation, the peer can comply or - * ignore the request. This function allows us to decide - * whether to enforce our renegotiation requests by closing - * the connection if the peer doesn't comply. - * - * However, records could already be in transit from the peer - * when the request is emitted. In order to increase - * reliability, we can accept a number of records before the - * expected handshake records. - * - * The optimal value is highly dependent on the specific usage - * scenario. - * - * \note With DTLS and server-initiated renegotiation, the - * HelloRequest is retransmited every time mbedtls_ssl_read() times - * out or receives Application Data, until: - * - max_records records have beens seen, if it is >= 0, or - * - the number of retransmits that would happen during an - * actual handshake has been reached. - * Please remember the request might be lost a few times - * if you consider setting max_records to a really low value. - * - * \warning On client, the grace period can only happen during - * mbedtls_ssl_read(), as opposed to mbedtls_ssl_write() and mbedtls_ssl_renegotiate() - * which always behave as if max_record was 0. The reason is, - * if we receive application data from the server, we need a - * place to write it, which only happens during mbedtls_ssl_read(). - * - * \param conf SSL configuration - * \param max_records Use MBEDTLS_SSL_RENEGOTIATION_NOT_ENFORCED if you don't want to - * enforce renegotiation, or a non-negative value to enforce - * it but allow for a grace period of max_records records. - */ -void mbedtls_ssl_conf_renegotiation_enforced( mbedtls_ssl_config *conf, int max_records ); - -/** - * \brief Set record counter threshold for periodic renegotiation. - * (Default: 2^48 - 1) - * - * Renegotiation is automatically triggered when a record - * counter (outgoing or incoming) crosses the defined - * threshold. The default value is meant to prevent the - * connection from being closed when the counter is about to - * reached its maximal value (it is not allowed to wrap). - * - * Lower values can be used to enforce policies such as "keys - * must be refreshed every N packets with cipher X". - * - * The renegotiation period can be disabled by setting - * conf->disable_renegotiation to - * MBEDTLS_SSL_RENEGOTIATION_DISABLED. - * - * \note When the configured transport is - * MBEDTLS_SSL_TRANSPORT_DATAGRAM the maximum renegotiation - * period is 2^48 - 1, and for MBEDTLS_SSL_TRANSPORT_STREAM, - * the maximum renegotiation period is 2^64 - 1. - * - * \param conf SSL configuration - * \param period The threshold value: a big-endian 64-bit number. - */ -void mbedtls_ssl_conf_renegotiation_period( mbedtls_ssl_config *conf, - const unsigned char period[8] ); -#endif /* MBEDTLS_SSL_RENEGOTIATION */ - -/** - * \brief Check if there is data already read from the - * underlying transport but not yet processed. - * - * \param ssl SSL context - * - * \return 0 if nothing's pending, 1 otherwise. - * - * \note This is different in purpose and behaviour from - * \c mbedtls_ssl_get_bytes_avail in that it considers - * any kind of unprocessed data, not only unread - * application data. If \c mbedtls_ssl_get_bytes - * returns a non-zero value, this function will - * also signal pending data, but the converse does - * not hold. For example, in DTLS there might be - * further records waiting to be processed from - * the current underlying transport's datagram. - * - * \note If this function returns 1 (data pending), this - * does not imply that a subsequent call to - * \c mbedtls_ssl_read will provide any data; - * e.g., the unprocessed data might turn out - * to be an alert or a handshake message. - * - * \note This function is useful in the following situation: - * If the SSL/TLS module successfully returns from an - * operation - e.g. a handshake or an application record - * read - and you're awaiting incoming data next, you - * must not immediately idle on the underlying transport - * to have data ready, but you need to check the value - * of this function first. The reason is that the desired - * data might already be read but not yet processed. - * If, in contrast, a previous call to the SSL/TLS module - * returned MBEDTLS_ERR_SSL_WANT_READ, it is not necessary - * to call this function, as the latter error code entails - * that all internal data has been processed. - * - */ -int mbedtls_ssl_check_pending( const mbedtls_ssl_context *ssl ); - -/** - * \brief Return the number of application data bytes - * remaining to be read from the current record. - * - * \param ssl SSL context - * - * \return How many bytes are available in the application - * data record read buffer. - * - * \note When working over a datagram transport, this is - * useful to detect the current datagram's boundary - * in case \c mbedtls_ssl_read has written the maximal - * amount of data fitting into the input buffer. - * - */ -size_t mbedtls_ssl_get_bytes_avail( const mbedtls_ssl_context *ssl ); - -/** - * \brief Return the result of the certificate verification - * - * \param ssl The SSL context to use. - * - * \return \c 0 if the certificate verification was successful. - * \return \c -1u if the result is not available. This may happen - * e.g. if the handshake aborts early, or a verification - * callback returned a fatal error. - * \return A bitwise combination of \c MBEDTLS_X509_BADCERT_XXX - * and \c MBEDTLS_X509_BADCRL_XXX failure flags; see x509.h. - */ -uint32_t mbedtls_ssl_get_verify_result( const mbedtls_ssl_context *ssl ); - -/** - * \brief Return the name of the current ciphersuite - * - * \param ssl SSL context - * - * \return a string containing the ciphersuite name - */ -const char *mbedtls_ssl_get_ciphersuite( const mbedtls_ssl_context *ssl ); - -/** - * \brief Return the current TLS version - * - * \param ssl SSL context - * - * \return a string containing the TLS version - */ -const char *mbedtls_ssl_get_version( const mbedtls_ssl_context *ssl ); - -/** - * \brief Return the (maximum) number of bytes added by the record - * layer: header + encryption/MAC overhead (inc. padding) - * - * \param ssl SSL context - * - * \return Current maximum record expansion in bytes - */ -int mbedtls_ssl_get_record_expansion( const mbedtls_ssl_context *ssl ); - -/** - * \brief Return the current maximum outgoing record payload in bytes. - * - * \note The logic to determine the maximum outgoing record payload is - * version-specific. It takes into account various factors, such as - * the mbedtls_config.h setting \c MBEDTLS_SSL_OUT_CONTENT_LEN, extensions - * such as the max fragment length or record size limit extension if - * used, and for DTLS the path MTU as configured and current - * record expansion. - * - * \note With DTLS, \c mbedtls_ssl_write() will return an error if - * called with a larger length value. - * With TLS, \c mbedtls_ssl_write() will fragment the input if - * necessary and return the number of bytes written; it is up - * to the caller to call \c mbedtls_ssl_write() again in - * order to send the remaining bytes if any. - * - * \sa mbedtls_ssl_get_max_out_record_payload() - * \sa mbedtls_ssl_get_record_expansion() - * - * \param ssl SSL context - * - * \return Current maximum payload for an outgoing record, - * or a negative error code. - */ -int mbedtls_ssl_get_max_out_record_payload( const mbedtls_ssl_context *ssl ); - -/** - * \brief Return the current maximum incoming record payload in bytes. - * - * \note The logic to determine the maximum outgoing record payload is - * version-specific. It takes into account various factors, such as - * the mbedtls_config.h setting \c MBEDTLS_SSL_IN_CONTENT_LEN, extensions - * such as the max fragment length extension or record size limit - * extension if used, and the current record expansion. - * - * \sa mbedtls_ssl_set_mtu() - * \sa mbedtls_ssl_get_max_in_record_payload() - * \sa mbedtls_ssl_get_record_expansion() - * - * \param ssl SSL context - * - * \return Current maximum payload for an outgoing record, - * or a negative error code. - */ -int mbedtls_ssl_get_max_in_record_payload( const mbedtls_ssl_context *ssl ); - -#if defined(MBEDTLS_X509_CRT_PARSE_C) -/** - * \brief Return the peer certificate from the current connection. - * - * \param ssl The SSL context to use. This must be initialized and setup. - * - * \return The current peer certificate, if available. - * The returned certificate is owned by the SSL context and - * is valid only until the next call to the SSL API. - * \return \c NULL if no peer certificate is available. This might - * be because the chosen ciphersuite doesn't use CRTs - * (PSK-based ciphersuites, for example), or because - * #MBEDTLS_SSL_KEEP_PEER_CERTIFICATE has been disabled, - * allowing the stack to free the peer's CRT to save memory. - * - * \note For one-time inspection of the peer's certificate during - * the handshake, consider registering an X.509 CRT verification - * callback through mbedtls_ssl_conf_verify() instead of calling - * this function. Using mbedtls_ssl_conf_verify() also comes at - * the benefit of allowing you to influence the verification - * process, for example by masking expected and tolerated - * verification failures. - * - * \warning You must not use the pointer returned by this function - * after any further call to the SSL API, including - * mbedtls_ssl_read() and mbedtls_ssl_write(); this is - * because the pointer might change during renegotiation, - * which happens transparently to the user. - * If you want to use the certificate across API calls, - * you must make a copy. - */ -const mbedtls_x509_crt *mbedtls_ssl_get_peer_cert( const mbedtls_ssl_context *ssl ); -#endif /* MBEDTLS_X509_CRT_PARSE_C */ - -#if defined(MBEDTLS_SSL_CLI_C) -/** - * \brief Export a session in order to resume it later. - * - * \param ssl The SSL context representing the connection for which to - * to export a session structure for later resumption. - * \param session The target structure in which to store the exported session. - * This must have been initialized with mbedtls_ssl_init_session() - * but otherwise be unused. - * - * \note This function can handle a variety of mechanisms for session - * resumption: For TLS 1.2, both session ID-based resumption and - * ticket-based resumption will be considered. For TLS 1.3, - * once implemented, sessions equate to tickets, and calling - * this function multiple times will export the available - * tickets one a time until no further tickets are available, - * in which case MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE will - * be returned. - * - * \note Calling this function multiple times will only be useful - * once TLS 1.3 is supported. For TLS 1.2 connections, this - * function should be called at most once. - * - * \return \c 0 if successful. In this case, \p session can be used for - * session resumption by passing it to mbedtls_ssl_set_session(), - * and serialized for storage via mbedtls_ssl_session_save(). - * \return #MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE if no further session - * is available for export. - * This error is a non-fatal, and has no observable effect on - * the SSL context or the destination session. - * \return Another negative error code on other kinds of failure. - * - * \sa mbedtls_ssl_set_session() - * \sa mbedtls_ssl_session_save() - */ -int mbedtls_ssl_get_session( const mbedtls_ssl_context *ssl, - mbedtls_ssl_session *session ); -#endif /* MBEDTLS_SSL_CLI_C */ - -/** - * \brief Perform the SSL handshake - * - * \param ssl SSL context - * - * \return \c 0 if successful. - * \return #MBEDTLS_ERR_SSL_WANT_READ or #MBEDTLS_ERR_SSL_WANT_WRITE - * if the handshake is incomplete and waiting for data to - * be available for reading from or writing to the underlying - * transport - in this case you must call this function again - * when the underlying transport is ready for the operation. - * \return #MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS if an asynchronous - * operation is in progress (see - * mbedtls_ssl_conf_async_private_cb()) - in this case you - * must call this function again when the operation is ready. - * \return #MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS if a cryptographic - * operation is in progress (see mbedtls_ecp_set_max_ops()) - - * in this case you must call this function again to complete - * the handshake when you're done attending other tasks. - * \return #MBEDTLS_ERR_SSL_HELLO_VERIFY_REQUIRED if DTLS is in use - * and the client did not demonstrate reachability yet - in - * this case you must stop using the context (see below). - * \return Another SSL error code - in this case you must stop using - * the context (see below). - * - * \warning If this function returns something other than - * \c 0, - * #MBEDTLS_ERR_SSL_WANT_READ, - * #MBEDTLS_ERR_SSL_WANT_WRITE, - * #MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS or - * #MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS, - * you must stop using the SSL context for reading or writing, - * and either free it or call \c mbedtls_ssl_session_reset() - * on it before re-using it for a new connection; the current - * connection must be closed. - * - * \note If DTLS is in use, then you may choose to handle - * #MBEDTLS_ERR_SSL_HELLO_VERIFY_REQUIRED specially for logging - * purposes, as it is an expected return value rather than an - * actual error, but you still need to reset/free the context. - * - * \note Remarks regarding event-driven DTLS: - * If the function returns #MBEDTLS_ERR_SSL_WANT_READ, no datagram - * from the underlying transport layer is currently being processed, - * and it is safe to idle until the timer or the underlying transport - * signal a new event. This is not true for a successful handshake, - * in which case the datagram of the underlying transport that is - * currently being processed might or might not contain further - * DTLS records. - */ -int mbedtls_ssl_handshake( mbedtls_ssl_context *ssl ); - -/** - * \brief Perform a single step of the SSL handshake - * - * \note The state of the context (ssl->state) will be at - * the next state after this function returns \c 0. Do not - * call this function if state is MBEDTLS_SSL_HANDSHAKE_OVER. - * - * \param ssl SSL context - * - * \return See mbedtls_ssl_handshake(). - * - * \warning If this function returns something other than \c 0, - * #MBEDTLS_ERR_SSL_WANT_READ, #MBEDTLS_ERR_SSL_WANT_WRITE, - * #MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS or - * #MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS, you must stop using - * the SSL context for reading or writing, and either free it - * or call \c mbedtls_ssl_session_reset() on it before - * re-using it for a new connection; the current connection - * must be closed. - */ -int mbedtls_ssl_handshake_step( mbedtls_ssl_context *ssl ); - -#if defined(MBEDTLS_SSL_RENEGOTIATION) -/** - * \brief Initiate an SSL renegotiation on the running connection. - * Client: perform the renegotiation right now. - * Server: request renegotiation, which will be performed - * during the next call to mbedtls_ssl_read() if honored by - * client. - * - * \param ssl SSL context - * - * \return 0 if successful, or any mbedtls_ssl_handshake() return - * value except #MBEDTLS_ERR_SSL_CLIENT_RECONNECT that can't - * happen during a renegotiation. - * - * \warning If this function returns something other than \c 0, - * #MBEDTLS_ERR_SSL_WANT_READ, #MBEDTLS_ERR_SSL_WANT_WRITE, - * #MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS or - * #MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS, you must stop using - * the SSL context for reading or writing, and either free it - * or call \c mbedtls_ssl_session_reset() on it before - * re-using it for a new connection; the current connection - * must be closed. - * - */ -int mbedtls_ssl_renegotiate( mbedtls_ssl_context *ssl ); -#endif /* MBEDTLS_SSL_RENEGOTIATION */ - -/** - * \brief Read at most 'len' application data bytes - * - * \param ssl SSL context - * \param buf buffer that will hold the data - * \param len maximum number of bytes to read - * - * \return The (positive) number of bytes read if successful. - * \return \c 0 if the read end of the underlying transport was closed - * without sending a CloseNotify beforehand, which might happen - * because of various reasons (internal error of an underlying - * stack, non-conformant peer not sending a CloseNotify and - * such) - in this case you must stop using the context - * (see below). - * \return #MBEDTLS_ERR_SSL_PEER_CLOSE_NOTIFY if the underlying - * transport is still functional, but the peer has - * acknowledged to not send anything anymore. - * \return #MBEDTLS_ERR_SSL_WANT_READ or #MBEDTLS_ERR_SSL_WANT_WRITE - * if the handshake is incomplete and waiting for data to - * be available for reading from or writing to the underlying - * transport - in this case you must call this function again - * when the underlying transport is ready for the operation. - * \return #MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS if an asynchronous - * operation is in progress (see - * mbedtls_ssl_conf_async_private_cb()) - in this case you - * must call this function again when the operation is ready. - * \return #MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS if a cryptographic - * operation is in progress (see mbedtls_ecp_set_max_ops()) - - * in this case you must call this function again to complete - * the handshake when you're done attending other tasks. - * \return #MBEDTLS_ERR_SSL_CLIENT_RECONNECT if we're at the server - * side of a DTLS connection and the client is initiating a - * new connection using the same source port. See below. - * \return Another SSL error code - in this case you must stop using - * the context (see below). - * - * \warning If this function returns something other than - * a positive value, - * #MBEDTLS_ERR_SSL_WANT_READ, - * #MBEDTLS_ERR_SSL_WANT_WRITE, - * #MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS, - * #MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS or - * #MBEDTLS_ERR_SSL_CLIENT_RECONNECT, - * you must stop using the SSL context for reading or writing, - * and either free it or call \c mbedtls_ssl_session_reset() - * on it before re-using it for a new connection; the current - * connection must be closed. - * - * \note When this function returns #MBEDTLS_ERR_SSL_CLIENT_RECONNECT - * (which can only happen server-side), it means that a client - * is initiating a new connection using the same source port. - * You can either treat that as a connection close and wait - * for the client to resend a ClientHello, or directly - * continue with \c mbedtls_ssl_handshake() with the same - * context (as it has been reset internally). Either way, you - * must make sure this is seen by the application as a new - * connection: application state, if any, should be reset, and - * most importantly the identity of the client must be checked - * again. WARNING: not validating the identity of the client - * again, or not transmitting the new identity to the - * application layer, would allow authentication bypass! - * - * \note Remarks regarding event-driven DTLS: - * - If the function returns #MBEDTLS_ERR_SSL_WANT_READ, no datagram - * from the underlying transport layer is currently being processed, - * and it is safe to idle until the timer or the underlying transport - * signal a new event. - * - This function may return MBEDTLS_ERR_SSL_WANT_READ even if data was - * initially available on the underlying transport, as this data may have - * been only e.g. duplicated messages or a renegotiation request. - * Therefore, you must be prepared to receive MBEDTLS_ERR_SSL_WANT_READ even - * when reacting to an incoming-data event from the underlying transport. - * - On success, the datagram of the underlying transport that is currently - * being processed may contain further DTLS records. You should call - * \c mbedtls_ssl_check_pending to check for remaining records. - * - */ -int mbedtls_ssl_read( mbedtls_ssl_context *ssl, unsigned char *buf, size_t len ); - -/** - * \brief Try to write exactly 'len' application data bytes - * - * \warning This function will do partial writes in some cases. If the - * return value is non-negative but less than length, the - * function must be called again with updated arguments: - * buf + ret, len - ret (if ret is the return value) until - * it returns a value equal to the last 'len' argument. - * - * \param ssl SSL context - * \param buf buffer holding the data - * \param len how many bytes must be written - * - * \return The (non-negative) number of bytes actually written if - * successful (may be less than \p len). - * \return #MBEDTLS_ERR_SSL_WANT_READ or #MBEDTLS_ERR_SSL_WANT_WRITE - * if the handshake is incomplete and waiting for data to - * be available for reading from or writing to the underlying - * transport - in this case you must call this function again - * when the underlying transport is ready for the operation. - * \return #MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS if an asynchronous - * operation is in progress (see - * mbedtls_ssl_conf_async_private_cb()) - in this case you - * must call this function again when the operation is ready. - * \return #MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS if a cryptographic - * operation is in progress (see mbedtls_ecp_set_max_ops()) - - * in this case you must call this function again to complete - * the handshake when you're done attending other tasks. - * \return Another SSL error code - in this case you must stop using - * the context (see below). - * - * \warning If this function returns something other than - * a non-negative value, - * #MBEDTLS_ERR_SSL_WANT_READ, - * #MBEDTLS_ERR_SSL_WANT_WRITE, - * #MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS or - * #MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS, - * you must stop using the SSL context for reading or writing, - * and either free it or call \c mbedtls_ssl_session_reset() - * on it before re-using it for a new connection; the current - * connection must be closed. - * - * \note When this function returns #MBEDTLS_ERR_SSL_WANT_WRITE/READ, - * it must be called later with the *same* arguments, - * until it returns a value greater that or equal to 0. When - * the function returns #MBEDTLS_ERR_SSL_WANT_WRITE there may be - * some partial data in the output buffer, however this is not - * yet sent. - * - * \note If the requested length is greater than the maximum - * fragment length (either the built-in limit or the one set - * or negotiated with the peer), then: - * - with TLS, less bytes than requested are written. - * - with DTLS, MBEDTLS_ERR_SSL_BAD_INPUT_DATA is returned. - * \c mbedtls_ssl_get_max_out_record_payload() may be used to - * query the active maximum fragment length. - * - * \note Attempting to write 0 bytes will result in an empty TLS - * application record being sent. - */ -int mbedtls_ssl_write( mbedtls_ssl_context *ssl, const unsigned char *buf, size_t len ); - -/** - * \brief Send an alert message - * - * \param ssl SSL context - * \param level The alert level of the message - * (MBEDTLS_SSL_ALERT_LEVEL_WARNING or MBEDTLS_SSL_ALERT_LEVEL_FATAL) - * \param message The alert message (SSL_ALERT_MSG_*) - * - * \return 0 if successful, or a specific SSL error code. - * - * \note If this function returns something other than 0 or - * MBEDTLS_ERR_SSL_WANT_READ/WRITE, you must stop using - * the SSL context for reading or writing, and either free it or - * call \c mbedtls_ssl_session_reset() on it before re-using it - * for a new connection; the current connection must be closed. - */ -int mbedtls_ssl_send_alert_message( mbedtls_ssl_context *ssl, - unsigned char level, - unsigned char message ); -/** - * \brief Notify the peer that the connection is being closed - * - * \param ssl SSL context - * - * \return 0 if successful, or a specific SSL error code. - * - * \note If this function returns something other than 0 or - * MBEDTLS_ERR_SSL_WANT_READ/WRITE, you must stop using - * the SSL context for reading or writing, and either free it or - * call \c mbedtls_ssl_session_reset() on it before re-using it - * for a new connection; the current connection must be closed. - */ -int mbedtls_ssl_close_notify( mbedtls_ssl_context *ssl ); - -/** - * \brief Free referenced items in an SSL context and clear memory - * - * \param ssl SSL context - */ -void mbedtls_ssl_free( mbedtls_ssl_context *ssl ); - -#if defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION) -/** - * \brief Save an active connection as serialized data in a buffer. - * This allows the freeing or re-using of the SSL context - * while still picking up the connection later in a way that - * it entirely transparent to the peer. - * - * \see mbedtls_ssl_context_load() - * - * \note This feature is currently only available under certain - * conditions, see the documentation of the return value - * #MBEDTLS_ERR_SSL_BAD_INPUT_DATA for details. - * - * \note When this function succeeds, it calls - * mbedtls_ssl_session_reset() on \p ssl which as a result is - * no longer associated with the connection that has been - * serialized. This avoids creating copies of the connection - * state. You're then free to either re-use the context - * structure for a different connection, or call - * mbedtls_ssl_free() on it. See the documentation of - * mbedtls_ssl_session_reset() for more details. - * - * \param ssl The SSL context to save. On success, it is no longer - * associated with the connection that has been serialized. - * \param buf The buffer to write the serialized data to. It must be a - * writeable buffer of at least \p buf_len bytes, or may be \c - * NULL if \p buf_len is \c 0. - * \param buf_len The number of bytes available for writing in \p buf. - * \param olen The size in bytes of the data that has been or would have - * been written. It must point to a valid \c size_t. - * - * \note \p olen is updated to the correct value regardless of - * whether \p buf_len was large enough. This makes it possible - * to determine the necessary size by calling this function - * with \p buf set to \c NULL and \p buf_len to \c 0. However, - * the value of \p olen is only guaranteed to be correct when - * the function returns #MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL or - * \c 0. If the return value is different, then the value of - * \p olen is undefined. - * - * \return \c 0 if successful. - * \return #MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL if \p buf is too small. - * \return #MBEDTLS_ERR_SSL_ALLOC_FAILED if memory allocation failed - * while reseting the context. - * \return #MBEDTLS_ERR_SSL_BAD_INPUT_DATA if a handshake is in - * progress, or there is pending data for reading or sending, - * or the connection does not use DTLS 1.2 with an AEAD - * ciphersuite, or renegotiation is enabled. - */ -int mbedtls_ssl_context_save( mbedtls_ssl_context *ssl, - unsigned char *buf, - size_t buf_len, - size_t *olen ); - -/** - * \brief Load serialized connection data to an SSL context. - * - * \see mbedtls_ssl_context_save() - * - * \warning The same serialized data must never be loaded into more - * that one context. In order to ensure that, after - * successfully loading serialized data to an SSL context, you - * should immediately destroy or invalidate all copies of the - * serialized data that was loaded. Loading the same data in - * more than one context would cause severe security failures - * including but not limited to loss of confidentiality. - * - * \note Before calling this function, the SSL context must be - * prepared in one of the two following ways. The first way is - * to take a context freshly initialised with - * mbedtls_ssl_init() and call mbedtls_ssl_setup() on it with - * the same ::mbedtls_ssl_config structure that was used in - * the original connection. The second way is to - * call mbedtls_ssl_session_reset() on a context that was - * previously prepared as above but used in the meantime. - * Either way, you must not use the context to perform a - * handshake between calling mbedtls_ssl_setup() or - * mbedtls_ssl_session_reset() and calling this function. You - * may however call other setter functions in that time frame - * as indicated in the note below. - * - * \note Before or after calling this function successfully, you - * also need to configure some connection-specific callbacks - * and settings before you can use the connection again - * (unless they were already set before calling - * mbedtls_ssl_session_reset() and the values are suitable for - * the present connection). Specifically, you want to call - * at least mbedtls_ssl_set_bio() and - * mbedtls_ssl_set_timer_cb(). All other SSL setter functions - * are not necessary to call, either because they're only used - * in handshakes, or because the setting is already saved. You - * might choose to call them anyway, for example in order to - * share code between the cases of establishing a new - * connection and the case of loading an already-established - * connection. - * - * \note If you have new information about the path MTU, you want to - * call mbedtls_ssl_set_mtu() after calling this function, as - * otherwise this function would overwrite your - * newly-configured value with the value that was active when - * the context was saved. - * - * \note When this function returns an error code, it calls - * mbedtls_ssl_free() on \p ssl. In this case, you need to - * prepare the context with the usual sequence starting with a - * call to mbedtls_ssl_init() if you want to use it again. - * - * \param ssl The SSL context structure to be populated. It must have - * been prepared as described in the note above. - * \param buf The buffer holding the serialized connection data. It must - * be a readable buffer of at least \p len bytes. - * \param len The size of the serialized data in bytes. - * - * \return \c 0 if successful. - * \return #MBEDTLS_ERR_SSL_ALLOC_FAILED if memory allocation failed. - * \return #MBEDTLS_ERR_SSL_VERSION_MISMATCH if the serialized data - * comes from a different Mbed TLS version or build. - * \return #MBEDTLS_ERR_SSL_BAD_INPUT_DATA if input data is invalid. - */ -int mbedtls_ssl_context_load( mbedtls_ssl_context *ssl, - const unsigned char *buf, - size_t len ); -#endif /* MBEDTLS_SSL_CONTEXT_SERIALIZATION */ - -/** - * \brief Initialize an SSL configuration context - * Just makes the context ready for - * mbedtls_ssl_config_defaults() or mbedtls_ssl_config_free(). - * - * \note You need to call mbedtls_ssl_config_defaults() unless you - * manually set all of the relevant fields yourself. - * - * \param conf SSL configuration context - */ -void mbedtls_ssl_config_init( mbedtls_ssl_config *conf ); - -/** - * \brief Load reasonnable default SSL configuration values. - * (You need to call mbedtls_ssl_config_init() first.) - * - * \param conf SSL configuration context - * \param endpoint MBEDTLS_SSL_IS_CLIENT or MBEDTLS_SSL_IS_SERVER - * \param transport MBEDTLS_SSL_TRANSPORT_STREAM for TLS, or - * MBEDTLS_SSL_TRANSPORT_DATAGRAM for DTLS - * \param preset a MBEDTLS_SSL_PRESET_XXX value - * - * \note See \c mbedtls_ssl_conf_transport() for notes on DTLS. - * - * \return 0 if successful, or - * MBEDTLS_ERR_XXX_ALLOC_FAILED on memory allocation error. - */ -int mbedtls_ssl_config_defaults( mbedtls_ssl_config *conf, - int endpoint, int transport, int preset ); - -/** - * \brief Free an SSL configuration context - * - * \param conf SSL configuration context - */ -void mbedtls_ssl_config_free( mbedtls_ssl_config *conf ); - -/** - * \brief Initialize SSL session structure - * - * \param session SSL session - */ -void mbedtls_ssl_session_init( mbedtls_ssl_session *session ); - -/** - * \brief Free referenced items in an SSL session including the - * peer certificate and clear memory - * - * \note A session object can be freed even if the SSL context - * that was used to retrieve the session is still in use. - * - * \param session SSL session - */ -void mbedtls_ssl_session_free( mbedtls_ssl_session *session ); - -/** - * \brief TLS-PRF function for key derivation. - * - * \param prf The tls_prf type function type to be used. - * \param secret Secret for the key derivation function. - * \param slen Length of the secret. - * \param label String label for the key derivation function, - * terminated with null character. - * \param random Random bytes. - * \param rlen Length of the random bytes buffer. - * \param dstbuf The buffer holding the derived key. - * \param dlen Length of the output buffer. - * - * \return 0 on success. An SSL specific error on failure. - */ -int mbedtls_ssl_tls_prf( const mbedtls_tls_prf_types prf, - const unsigned char *secret, size_t slen, - const char *label, - const unsigned char *random, size_t rlen, - unsigned char *dstbuf, size_t dlen ); - -#ifdef __cplusplus -} -#endif - -#endif /* ssl.h */ diff --git a/windows/mbedtls/ssl_cache.h b/windows/mbedtls/ssl_cache.h deleted file mode 100644 index 6a81ac99..00000000 --- a/windows/mbedtls/ssl_cache.h +++ /dev/null @@ -1,161 +0,0 @@ -/** - * \file ssl_cache.h - * - * \brief SSL session cache implementation - */ -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -#ifndef MBEDTLS_SSL_CACHE_H -#define MBEDTLS_SSL_CACHE_H -#include "mbedtls/private_access.h" - -#include "mbedtls/build_info.h" - -#include "mbedtls/ssl.h" - -#if defined(MBEDTLS_THREADING_C) -#include "mbedtls/threading.h" -#endif - -/** - * \name SECTION: Module settings - * - * The configuration options you can set for this module are in this section. - * Either change them in mbedtls_config.h or define them on the compiler command line. - * \{ - */ - -#if !defined(MBEDTLS_SSL_CACHE_DEFAULT_TIMEOUT) -#define MBEDTLS_SSL_CACHE_DEFAULT_TIMEOUT 86400 /*!< 1 day */ -#endif - -#if !defined(MBEDTLS_SSL_CACHE_DEFAULT_MAX_ENTRIES) -#define MBEDTLS_SSL_CACHE_DEFAULT_MAX_ENTRIES 50 /*!< Maximum entries in cache */ -#endif - -/* \} name SECTION: Module settings */ - -#ifdef __cplusplus -extern "C" { -#endif - -typedef struct mbedtls_ssl_cache_context mbedtls_ssl_cache_context; -typedef struct mbedtls_ssl_cache_entry mbedtls_ssl_cache_entry; - -/** - * \brief This structure is used for storing cache entries - */ -struct mbedtls_ssl_cache_entry -{ -#if defined(MBEDTLS_HAVE_TIME) - mbedtls_time_t MBEDTLS_PRIVATE(timestamp); /*!< entry timestamp */ -#endif - - unsigned char MBEDTLS_PRIVATE(session_id)[32]; /*!< session ID */ - size_t MBEDTLS_PRIVATE(session_id_len); - - unsigned char *MBEDTLS_PRIVATE(session); /*!< serialized session */ - size_t MBEDTLS_PRIVATE(session_len); - - mbedtls_ssl_cache_entry *MBEDTLS_PRIVATE(next); /*!< chain pointer */ -}; - -/** - * \brief Cache context - */ -struct mbedtls_ssl_cache_context -{ - mbedtls_ssl_cache_entry *MBEDTLS_PRIVATE(chain); /*!< start of the chain */ - int MBEDTLS_PRIVATE(timeout); /*!< cache entry timeout */ - int MBEDTLS_PRIVATE(max_entries); /*!< maximum entries */ -#if defined(MBEDTLS_THREADING_C) - mbedtls_threading_mutex_t MBEDTLS_PRIVATE(mutex); /*!< mutex */ -#endif -}; - -/** - * \brief Initialize an SSL cache context - * - * \param cache SSL cache context - */ -void mbedtls_ssl_cache_init( mbedtls_ssl_cache_context *cache ); - -/** - * \brief Cache get callback implementation - * (Thread-safe if MBEDTLS_THREADING_C is enabled) - * - * \param data The SSL cache context to use. - * \param session_id The pointer to the buffer holding the session ID - * for the session to load. - * \param session_id_len The length of \p session_id in bytes. - * \param session The address at which to store the session - * associated with \p session_id, if present. - */ -int mbedtls_ssl_cache_get( void *data, - unsigned char const *session_id, - size_t session_id_len, - mbedtls_ssl_session *session ); - -/** - * \brief Cache set callback implementation - * (Thread-safe if MBEDTLS_THREADING_C is enabled) - * - * \param data The SSL cache context to use. - * \param session_id The pointer to the buffer holding the session ID - * associated to \p session. - * \param session_id_len The length of \p session_id in bytes. - * \param session The session to store. - */ -int mbedtls_ssl_cache_set( void *data, - unsigned char const *session_id, - size_t session_id_len, - const mbedtls_ssl_session *session ); - -#if defined(MBEDTLS_HAVE_TIME) -/** - * \brief Set the cache timeout - * (Default: MBEDTLS_SSL_CACHE_DEFAULT_TIMEOUT (1 day)) - * - * A timeout of 0 indicates no timeout. - * - * \param cache SSL cache context - * \param timeout cache entry timeout in seconds - */ -void mbedtls_ssl_cache_set_timeout( mbedtls_ssl_cache_context *cache, int timeout ); -#endif /* MBEDTLS_HAVE_TIME */ - -/** - * \brief Set the maximum number of cache entries - * (Default: MBEDTLS_SSL_CACHE_DEFAULT_MAX_ENTRIES (50)) - * - * \param cache SSL cache context - * \param max cache entry maximum - */ -void mbedtls_ssl_cache_set_max_entries( mbedtls_ssl_cache_context *cache, int max ); - -/** - * \brief Free referenced items in a cache context and clear memory - * - * \param cache SSL cache context - */ -void mbedtls_ssl_cache_free( mbedtls_ssl_cache_context *cache ); - -#ifdef __cplusplus -} -#endif - -#endif /* ssl_cache.h */ diff --git a/windows/mbedtls/ssl_ciphersuites.h b/windows/mbedtls/ssl_ciphersuites.h deleted file mode 100644 index 812560c8..00000000 --- a/windows/mbedtls/ssl_ciphersuites.h +++ /dev/null @@ -1,528 +0,0 @@ -/** - * \file ssl_ciphersuites.h - * - * \brief SSL Ciphersuites for mbed TLS - */ -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -#ifndef MBEDTLS_SSL_CIPHERSUITES_H -#define MBEDTLS_SSL_CIPHERSUITES_H -#include "mbedtls/private_access.h" - -#include "mbedtls/build_info.h" - -#include "mbedtls/pk.h" -#include "mbedtls/cipher.h" -#include "mbedtls/md.h" - -#ifdef __cplusplus -extern "C" { -#endif - -/* - * Supported ciphersuites (Official IANA names) - */ -#define MBEDTLS_TLS_RSA_WITH_NULL_MD5 0x01 /**< Weak! */ -#define MBEDTLS_TLS_RSA_WITH_NULL_SHA 0x02 /**< Weak! */ - -#define MBEDTLS_TLS_PSK_WITH_NULL_SHA 0x2C /**< Weak! */ -#define MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA 0x2D /**< Weak! */ -#define MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA 0x2E /**< Weak! */ -#define MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA 0x2F - -#define MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA 0x33 -#define MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA 0x35 -#define MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA 0x39 - -#define MBEDTLS_TLS_RSA_WITH_NULL_SHA256 0x3B /**< Weak! */ -#define MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA256 0x3C /**< TLS 1.2 */ -#define MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA256 0x3D /**< TLS 1.2 */ - -#define MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA 0x41 -#define MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA 0x45 - -#define MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 0x67 /**< TLS 1.2 */ -#define MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 0x6B /**< TLS 1.2 */ - -#define MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA 0x84 -#define MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA 0x88 - -#define MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA 0x8C -#define MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA 0x8D - -#define MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA 0x90 -#define MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA 0x91 - -#define MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA 0x94 -#define MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA 0x95 - -#define MBEDTLS_TLS_RSA_WITH_AES_128_GCM_SHA256 0x9C /**< TLS 1.2 */ -#define MBEDTLS_TLS_RSA_WITH_AES_256_GCM_SHA384 0x9D /**< TLS 1.2 */ -#define MBEDTLS_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 0x9E /**< TLS 1.2 */ -#define MBEDTLS_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 0x9F /**< TLS 1.2 */ - -#define MBEDTLS_TLS_PSK_WITH_AES_128_GCM_SHA256 0xA8 /**< TLS 1.2 */ -#define MBEDTLS_TLS_PSK_WITH_AES_256_GCM_SHA384 0xA9 /**< TLS 1.2 */ -#define MBEDTLS_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 0xAA /**< TLS 1.2 */ -#define MBEDTLS_TLS_DHE_PSK_WITH_AES_256_GCM_SHA384 0xAB /**< TLS 1.2 */ -#define MBEDTLS_TLS_RSA_PSK_WITH_AES_128_GCM_SHA256 0xAC /**< TLS 1.2 */ -#define MBEDTLS_TLS_RSA_PSK_WITH_AES_256_GCM_SHA384 0xAD /**< TLS 1.2 */ - -#define MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA256 0xAE -#define MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA384 0xAF -#define MBEDTLS_TLS_PSK_WITH_NULL_SHA256 0xB0 /**< Weak! */ -#define MBEDTLS_TLS_PSK_WITH_NULL_SHA384 0xB1 /**< Weak! */ - -#define MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256 0xB2 -#define MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA384 0xB3 -#define MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA256 0xB4 /**< Weak! */ -#define MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA384 0xB5 /**< Weak! */ - -#define MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA256 0xB6 -#define MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA384 0xB7 -#define MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA256 0xB8 /**< Weak! */ -#define MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA384 0xB9 /**< Weak! */ - -#define MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 0xBA /**< TLS 1.2 */ -#define MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 0xBE /**< TLS 1.2 */ - -#define MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 0xC0 /**< TLS 1.2 */ -#define MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 0xC4 /**< TLS 1.2 */ - -#define MBEDTLS_TLS_ECDH_ECDSA_WITH_NULL_SHA 0xC001 /**< Weak! */ -#define MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA 0xC004 -#define MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA 0xC005 - -#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_NULL_SHA 0xC006 /**< Weak! */ -#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA 0xC009 -#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA 0xC00A - -#define MBEDTLS_TLS_ECDH_RSA_WITH_NULL_SHA 0xC00B /**< Weak! */ -#define MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA 0xC00E -#define MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA 0xC00F - -#define MBEDTLS_TLS_ECDHE_RSA_WITH_NULL_SHA 0xC010 /**< Weak! */ -#define MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 0xC013 -#define MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 0xC014 - -#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 0xC023 /**< TLS 1.2 */ -#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 0xC024 /**< TLS 1.2 */ -#define MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 0xC025 /**< TLS 1.2 */ -#define MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 0xC026 /**< TLS 1.2 */ -#define MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 0xC027 /**< TLS 1.2 */ -#define MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 0xC028 /**< TLS 1.2 */ -#define MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 0xC029 /**< TLS 1.2 */ -#define MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 0xC02A /**< TLS 1.2 */ - -#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 0xC02B /**< TLS 1.2 */ -#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 0xC02C /**< TLS 1.2 */ -#define MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 0xC02D /**< TLS 1.2 */ -#define MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 0xC02E /**< TLS 1.2 */ -#define MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 0xC02F /**< TLS 1.2 */ -#define MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 0xC030 /**< TLS 1.2 */ -#define MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 0xC031 /**< TLS 1.2 */ -#define MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 0xC032 /**< TLS 1.2 */ - -#define MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA 0xC035 -#define MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA 0xC036 -#define MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256 0xC037 -#define MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384 0xC038 -#define MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA 0xC039 -#define MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA256 0xC03A -#define MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA384 0xC03B - -#define MBEDTLS_TLS_RSA_WITH_ARIA_128_CBC_SHA256 0xC03C /**< TLS 1.2 */ -#define MBEDTLS_TLS_RSA_WITH_ARIA_256_CBC_SHA384 0xC03D /**< TLS 1.2 */ -#define MBEDTLS_TLS_DHE_RSA_WITH_ARIA_128_CBC_SHA256 0xC044 /**< TLS 1.2 */ -#define MBEDTLS_TLS_DHE_RSA_WITH_ARIA_256_CBC_SHA384 0xC045 /**< TLS 1.2 */ -#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_128_CBC_SHA256 0xC048 /**< TLS 1.2 */ -#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_256_CBC_SHA384 0xC049 /**< TLS 1.2 */ -#define MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_128_CBC_SHA256 0xC04A /**< TLS 1.2 */ -#define MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_256_CBC_SHA384 0xC04B /**< TLS 1.2 */ -#define MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_128_CBC_SHA256 0xC04C /**< TLS 1.2 */ -#define MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_256_CBC_SHA384 0xC04D /**< TLS 1.2 */ -#define MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_128_CBC_SHA256 0xC04E /**< TLS 1.2 */ -#define MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_256_CBC_SHA384 0xC04F /**< TLS 1.2 */ -#define MBEDTLS_TLS_RSA_WITH_ARIA_128_GCM_SHA256 0xC050 /**< TLS 1.2 */ -#define MBEDTLS_TLS_RSA_WITH_ARIA_256_GCM_SHA384 0xC051 /**< TLS 1.2 */ -#define MBEDTLS_TLS_DHE_RSA_WITH_ARIA_128_GCM_SHA256 0xC052 /**< TLS 1.2 */ -#define MBEDTLS_TLS_DHE_RSA_WITH_ARIA_256_GCM_SHA384 0xC053 /**< TLS 1.2 */ -#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256 0xC05C /**< TLS 1.2 */ -#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384 0xC05D /**< TLS 1.2 */ -#define MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_128_GCM_SHA256 0xC05E /**< TLS 1.2 */ -#define MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_256_GCM_SHA384 0xC05F /**< TLS 1.2 */ -#define MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256 0xC060 /**< TLS 1.2 */ -#define MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384 0xC061 /**< TLS 1.2 */ -#define MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_128_GCM_SHA256 0xC062 /**< TLS 1.2 */ -#define MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_256_GCM_SHA384 0xC063 /**< TLS 1.2 */ -#define MBEDTLS_TLS_PSK_WITH_ARIA_128_CBC_SHA256 0xC064 /**< TLS 1.2 */ -#define MBEDTLS_TLS_PSK_WITH_ARIA_256_CBC_SHA384 0xC065 /**< TLS 1.2 */ -#define MBEDTLS_TLS_DHE_PSK_WITH_ARIA_128_CBC_SHA256 0xC066 /**< TLS 1.2 */ -#define MBEDTLS_TLS_DHE_PSK_WITH_ARIA_256_CBC_SHA384 0xC067 /**< TLS 1.2 */ -#define MBEDTLS_TLS_RSA_PSK_WITH_ARIA_128_CBC_SHA256 0xC068 /**< TLS 1.2 */ -#define MBEDTLS_TLS_RSA_PSK_WITH_ARIA_256_CBC_SHA384 0xC069 /**< TLS 1.2 */ -#define MBEDTLS_TLS_PSK_WITH_ARIA_128_GCM_SHA256 0xC06A /**< TLS 1.2 */ -#define MBEDTLS_TLS_PSK_WITH_ARIA_256_GCM_SHA384 0xC06B /**< TLS 1.2 */ -#define MBEDTLS_TLS_DHE_PSK_WITH_ARIA_128_GCM_SHA256 0xC06C /**< TLS 1.2 */ -#define MBEDTLS_TLS_DHE_PSK_WITH_ARIA_256_GCM_SHA384 0xC06D /**< TLS 1.2 */ -#define MBEDTLS_TLS_RSA_PSK_WITH_ARIA_128_GCM_SHA256 0xC06E /**< TLS 1.2 */ -#define MBEDTLS_TLS_RSA_PSK_WITH_ARIA_256_GCM_SHA384 0xC06F /**< TLS 1.2 */ -#define MBEDTLS_TLS_ECDHE_PSK_WITH_ARIA_128_CBC_SHA256 0xC070 /**< TLS 1.2 */ -#define MBEDTLS_TLS_ECDHE_PSK_WITH_ARIA_256_CBC_SHA384 0xC071 /**< TLS 1.2 */ - -#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 0xC072 -#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 0xC073 -#define MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 0xC074 -#define MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 0xC075 -#define MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 0xC076 -#define MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384 0xC077 -#define MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256 0xC078 -#define MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384 0xC079 - -#define MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256 0xC07A /**< TLS 1.2 */ -#define MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384 0xC07B /**< TLS 1.2 */ -#define MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 0xC07C /**< TLS 1.2 */ -#define MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384 0xC07D /**< TLS 1.2 */ -#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 0xC086 /**< TLS 1.2 */ -#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384 0xC087 /**< TLS 1.2 */ -#define MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 0xC088 /**< TLS 1.2 */ -#define MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384 0xC089 /**< TLS 1.2 */ -#define MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 0xC08A /**< TLS 1.2 */ -#define MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384 0xC08B /**< TLS 1.2 */ -#define MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256 0xC08C /**< TLS 1.2 */ -#define MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384 0xC08D /**< TLS 1.2 */ - -#define MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256 0xC08E /**< TLS 1.2 */ -#define MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384 0xC08F /**< TLS 1.2 */ -#define MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256 0xC090 /**< TLS 1.2 */ -#define MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384 0xC091 /**< TLS 1.2 */ -#define MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256 0xC092 /**< TLS 1.2 */ -#define MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384 0xC093 /**< TLS 1.2 */ - -#define MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256 0xC094 -#define MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384 0xC095 -#define MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 0xC096 -#define MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 0xC097 -#define MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256 0xC098 -#define MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384 0xC099 -#define MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 0xC09A -#define MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 0xC09B - -#define MBEDTLS_TLS_RSA_WITH_AES_128_CCM 0xC09C /**< TLS 1.2 */ -#define MBEDTLS_TLS_RSA_WITH_AES_256_CCM 0xC09D /**< TLS 1.2 */ -#define MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CCM 0xC09E /**< TLS 1.2 */ -#define MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CCM 0xC09F /**< TLS 1.2 */ -#define MBEDTLS_TLS_RSA_WITH_AES_128_CCM_8 0xC0A0 /**< TLS 1.2 */ -#define MBEDTLS_TLS_RSA_WITH_AES_256_CCM_8 0xC0A1 /**< TLS 1.2 */ -#define MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CCM_8 0xC0A2 /**< TLS 1.2 */ -#define MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CCM_8 0xC0A3 /**< TLS 1.2 */ -#define MBEDTLS_TLS_PSK_WITH_AES_128_CCM 0xC0A4 /**< TLS 1.2 */ -#define MBEDTLS_TLS_PSK_WITH_AES_256_CCM 0xC0A5 /**< TLS 1.2 */ -#define MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CCM 0xC0A6 /**< TLS 1.2 */ -#define MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CCM 0xC0A7 /**< TLS 1.2 */ -#define MBEDTLS_TLS_PSK_WITH_AES_128_CCM_8 0xC0A8 /**< TLS 1.2 */ -#define MBEDTLS_TLS_PSK_WITH_AES_256_CCM_8 0xC0A9 /**< TLS 1.2 */ -#define MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CCM_8 0xC0AA /**< TLS 1.2 */ -#define MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CCM_8 0xC0AB /**< TLS 1.2 */ -/* The last two are named with PSK_DHE in the RFC, which looks like a typo */ - -#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CCM 0xC0AC /**< TLS 1.2 */ -#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CCM 0xC0AD /**< TLS 1.2 */ -#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8 0xC0AE /**< TLS 1.2 */ -#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8 0xC0AF /**< TLS 1.2 */ - -#define MBEDTLS_TLS_ECJPAKE_WITH_AES_128_CCM_8 0xC0FF /**< experimental */ - -/* RFC 7905 */ -#define MBEDTLS_TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 0xCCA8 /**< TLS 1.2 */ -#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 0xCCA9 /**< TLS 1.2 */ -#define MBEDTLS_TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 0xCCAA /**< TLS 1.2 */ -#define MBEDTLS_TLS_PSK_WITH_CHACHA20_POLY1305_SHA256 0xCCAB /**< TLS 1.2 */ -#define MBEDTLS_TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256 0xCCAC /**< TLS 1.2 */ -#define MBEDTLS_TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256 0xCCAD /**< TLS 1.2 */ -#define MBEDTLS_TLS_RSA_PSK_WITH_CHACHA20_POLY1305_SHA256 0xCCAE /**< TLS 1.2 */ - -/* Reminder: update mbedtls_ssl_premaster_secret when adding a new key exchange. - * Reminder: update MBEDTLS_KEY_EXCHANGE__xxx below - */ -typedef enum { - MBEDTLS_KEY_EXCHANGE_NONE = 0, - MBEDTLS_KEY_EXCHANGE_RSA, - MBEDTLS_KEY_EXCHANGE_DHE_RSA, - MBEDTLS_KEY_EXCHANGE_ECDHE_RSA, - MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA, - MBEDTLS_KEY_EXCHANGE_PSK, - MBEDTLS_KEY_EXCHANGE_DHE_PSK, - MBEDTLS_KEY_EXCHANGE_RSA_PSK, - MBEDTLS_KEY_EXCHANGE_ECDHE_PSK, - MBEDTLS_KEY_EXCHANGE_ECDH_RSA, - MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA, - MBEDTLS_KEY_EXCHANGE_ECJPAKE, -} mbedtls_key_exchange_type_t; - -/* Key exchanges using a certificate */ -#if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED) || \ - defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) || \ - defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \ - defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) || \ - defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED) || \ - defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) || \ - defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED) -#define MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED -#endif - -/* Key exchanges allowing client certificate requests */ -#if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED) || \ - defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) || \ - defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) || \ - defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \ - defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED) || \ - defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) -#define MBEDTLS_KEY_EXCHANGE_CERT_REQ_ALLOWED_ENABLED -#endif - -/* Key exchanges involving server signature in ServerKeyExchange */ -#if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) || \ - defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \ - defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) -#define MBEDTLS_KEY_EXCHANGE_WITH_SERVER_SIGNATURE_ENABLED -#endif - -/* Key exchanges using ECDH */ -#if defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) || \ - defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED) -#define MBEDTLS_KEY_EXCHANGE_SOME_ECDH_ENABLED -#endif - -/* Key exchanges that don't involve ephemeral keys */ -#if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED) || \ - defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED) || \ - defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED) || \ - defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_ENABLED) -#define MBEDTLS_KEY_EXCHANGE_SOME_NON_PFS_ENABLED -#endif - -/* Key exchanges that involve ephemeral keys */ -#if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) || \ - defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED) || \ - defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \ - defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED) || \ - defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) || \ - defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) -#define MBEDTLS_KEY_EXCHANGE_SOME_PFS_ENABLED -#endif - -/* Key exchanges using a PSK */ -#if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED) || \ - defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED) || \ - defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED) || \ - defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED) -#define MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED -#endif - -/* Key exchanges using DHE */ -#if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) || \ - defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED) -#define MBEDTLS_KEY_EXCHANGE_SOME_DHE_ENABLED -#endif - -/* Key exchanges using ECDHE */ -#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \ - defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) || \ - defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED) -#define MBEDTLS_KEY_EXCHANGE_SOME_ECDHE_ENABLED -#endif - -typedef struct mbedtls_ssl_ciphersuite_t mbedtls_ssl_ciphersuite_t; - -#define MBEDTLS_CIPHERSUITE_WEAK 0x01 /**< Weak ciphersuite flag */ -#define MBEDTLS_CIPHERSUITE_SHORT_TAG 0x02 /**< Short authentication tag, - eg for CCM_8 */ -#define MBEDTLS_CIPHERSUITE_NODTLS 0x04 /**< Can't be used with DTLS */ - -/** - * \brief This structure is used for storing ciphersuite information - */ -struct mbedtls_ssl_ciphersuite_t -{ - int MBEDTLS_PRIVATE(id); - const char * MBEDTLS_PRIVATE(name); - - mbedtls_cipher_type_t MBEDTLS_PRIVATE(cipher); - mbedtls_md_type_t MBEDTLS_PRIVATE(mac); - mbedtls_key_exchange_type_t MBEDTLS_PRIVATE(key_exchange); - - int MBEDTLS_PRIVATE(min_major_ver); - int MBEDTLS_PRIVATE(min_minor_ver); - int MBEDTLS_PRIVATE(max_major_ver); - int MBEDTLS_PRIVATE(max_minor_ver); - - unsigned char MBEDTLS_PRIVATE(flags); -}; - -const int *mbedtls_ssl_list_ciphersuites( void ); - -const mbedtls_ssl_ciphersuite_t *mbedtls_ssl_ciphersuite_from_string( const char *ciphersuite_name ); -const mbedtls_ssl_ciphersuite_t *mbedtls_ssl_ciphersuite_from_id( int ciphersuite_id ); - -#if defined(MBEDTLS_PK_C) -mbedtls_pk_type_t mbedtls_ssl_get_ciphersuite_sig_pk_alg( const mbedtls_ssl_ciphersuite_t *info ); -mbedtls_pk_type_t mbedtls_ssl_get_ciphersuite_sig_alg( const mbedtls_ssl_ciphersuite_t *info ); -#endif - -int mbedtls_ssl_ciphersuite_uses_ec( const mbedtls_ssl_ciphersuite_t *info ); -int mbedtls_ssl_ciphersuite_uses_psk( const mbedtls_ssl_ciphersuite_t *info ); - -#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PFS_ENABLED) -static inline int mbedtls_ssl_ciphersuite_has_pfs( const mbedtls_ssl_ciphersuite_t *info ) -{ - switch( info->MBEDTLS_PRIVATE(key_exchange) ) - { - case MBEDTLS_KEY_EXCHANGE_DHE_RSA: - case MBEDTLS_KEY_EXCHANGE_DHE_PSK: - case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA: - case MBEDTLS_KEY_EXCHANGE_ECDHE_PSK: - case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA: - case MBEDTLS_KEY_EXCHANGE_ECJPAKE: - return( 1 ); - - default: - return( 0 ); - } -} -#endif /* MBEDTLS_KEY_EXCHANGE_SOME_PFS_ENABLED */ - -#if defined(MBEDTLS_KEY_EXCHANGE_SOME_NON_PFS_ENABLED) -static inline int mbedtls_ssl_ciphersuite_no_pfs( const mbedtls_ssl_ciphersuite_t *info ) -{ - switch( info->MBEDTLS_PRIVATE(key_exchange) ) - { - case MBEDTLS_KEY_EXCHANGE_ECDH_RSA: - case MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA: - case MBEDTLS_KEY_EXCHANGE_RSA: - case MBEDTLS_KEY_EXCHANGE_PSK: - case MBEDTLS_KEY_EXCHANGE_RSA_PSK: - return( 1 ); - - default: - return( 0 ); - } -} -#endif /* MBEDTLS_KEY_EXCHANGE_SOME_NON_PFS_ENABLED */ - -#if defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_ENABLED) -static inline int mbedtls_ssl_ciphersuite_uses_ecdh( const mbedtls_ssl_ciphersuite_t *info ) -{ - switch( info->MBEDTLS_PRIVATE(key_exchange) ) - { - case MBEDTLS_KEY_EXCHANGE_ECDH_RSA: - case MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA: - return( 1 ); - - default: - return( 0 ); - } -} -#endif /* MBEDTLS_KEY_EXCHANGE_SOME_ECDH_ENABLED */ - -static inline int mbedtls_ssl_ciphersuite_cert_req_allowed( const mbedtls_ssl_ciphersuite_t *info ) -{ - switch( info->MBEDTLS_PRIVATE(key_exchange) ) - { - case MBEDTLS_KEY_EXCHANGE_RSA: - case MBEDTLS_KEY_EXCHANGE_DHE_RSA: - case MBEDTLS_KEY_EXCHANGE_ECDH_RSA: - case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA: - case MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA: - case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA: - return( 1 ); - - default: - return( 0 ); - } -} - -static inline int mbedtls_ssl_ciphersuite_uses_srv_cert( const mbedtls_ssl_ciphersuite_t *info ) -{ - switch( info->MBEDTLS_PRIVATE(key_exchange) ) - { - case MBEDTLS_KEY_EXCHANGE_RSA: - case MBEDTLS_KEY_EXCHANGE_RSA_PSK: - case MBEDTLS_KEY_EXCHANGE_DHE_RSA: - case MBEDTLS_KEY_EXCHANGE_ECDH_RSA: - case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA: - case MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA: - case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA: - return( 1 ); - - default: - return( 0 ); - } -} - -#if defined(MBEDTLS_KEY_EXCHANGE_SOME_DHE_ENABLED) -static inline int mbedtls_ssl_ciphersuite_uses_dhe( const mbedtls_ssl_ciphersuite_t *info ) -{ - switch( info->MBEDTLS_PRIVATE(key_exchange) ) - { - case MBEDTLS_KEY_EXCHANGE_DHE_RSA: - case MBEDTLS_KEY_EXCHANGE_DHE_PSK: - return( 1 ); - - default: - return( 0 ); - } -} -#endif /* MBEDTLS_KEY_EXCHANGE_SOME_DHE_ENABLED) */ - -#if defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDHE_ENABLED) -static inline int mbedtls_ssl_ciphersuite_uses_ecdhe( const mbedtls_ssl_ciphersuite_t *info ) -{ - switch( info->MBEDTLS_PRIVATE(key_exchange) ) - { - case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA: - case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA: - case MBEDTLS_KEY_EXCHANGE_ECDHE_PSK: - return( 1 ); - - default: - return( 0 ); - } -} -#endif /* MBEDTLS_KEY_EXCHANGE_SOME_ECDHE_ENABLED) */ - -#if defined(MBEDTLS_KEY_EXCHANGE_WITH_SERVER_SIGNATURE_ENABLED) -static inline int mbedtls_ssl_ciphersuite_uses_server_signature( const mbedtls_ssl_ciphersuite_t *info ) -{ - switch( info->MBEDTLS_PRIVATE(key_exchange) ) - { - case MBEDTLS_KEY_EXCHANGE_DHE_RSA: - case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA: - case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA: - return( 1 ); - - default: - return( 0 ); - } -} -#endif /* MBEDTLS_KEY_EXCHANGE_WITH_SERVER_SIGNATURE_ENABLED */ - -#ifdef __cplusplus -} -#endif - -#endif /* ssl_ciphersuites.h */ diff --git a/windows/mbedtls/ssl_cookie.h b/windows/mbedtls/ssl_cookie.h deleted file mode 100644 index 86698b05..00000000 --- a/windows/mbedtls/ssl_cookie.h +++ /dev/null @@ -1,110 +0,0 @@ -/** - * \file ssl_cookie.h - * - * \brief DTLS cookie callbacks implementation - */ -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -#ifndef MBEDTLS_SSL_COOKIE_H -#define MBEDTLS_SSL_COOKIE_H -#include "mbedtls/private_access.h" - -#include "mbedtls/build_info.h" - -#include "mbedtls/ssl.h" - -#if defined(MBEDTLS_THREADING_C) -#include "mbedtls/threading.h" -#endif - -/** - * \name SECTION: Module settings - * - * The configuration options you can set for this module are in this section. - * Either change them in mbedtls_config.h or define them on the compiler command line. - * \{ - */ -#ifndef MBEDTLS_SSL_COOKIE_TIMEOUT -#define MBEDTLS_SSL_COOKIE_TIMEOUT 60 /**< Default expiration delay of DTLS cookies, in seconds if HAVE_TIME, or in number of cookies issued */ -#endif - -/* \} name SECTION: Module settings */ - -#ifdef __cplusplus -extern "C" { -#endif - -/** - * \brief Context for the default cookie functions. - */ -typedef struct mbedtls_ssl_cookie_ctx -{ - mbedtls_md_context_t MBEDTLS_PRIVATE(hmac_ctx); /*!< context for the HMAC portion */ -#if !defined(MBEDTLS_HAVE_TIME) - unsigned long MBEDTLS_PRIVATE(serial); /*!< serial number for expiration */ -#endif - unsigned long MBEDTLS_PRIVATE(timeout); /*!< timeout delay, in seconds if HAVE_TIME, - or in number of tickets issued */ - -#if defined(MBEDTLS_THREADING_C) - mbedtls_threading_mutex_t MBEDTLS_PRIVATE(mutex); -#endif -} mbedtls_ssl_cookie_ctx; - -/** - * \brief Initialize cookie context - */ -void mbedtls_ssl_cookie_init( mbedtls_ssl_cookie_ctx *ctx ); - -/** - * \brief Setup cookie context (generate keys) - */ -int mbedtls_ssl_cookie_setup( mbedtls_ssl_cookie_ctx *ctx, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng ); - -/** - * \brief Set expiration delay for cookies - * (Default MBEDTLS_SSL_COOKIE_TIMEOUT) - * - * \param ctx Cookie contex - * \param delay Delay, in seconds if HAVE_TIME, or in number of cookies - * issued in the meantime. - * 0 to disable expiration (NOT recommended) - */ -void mbedtls_ssl_cookie_set_timeout( mbedtls_ssl_cookie_ctx *ctx, unsigned long delay ); - -/** - * \brief Free cookie context - */ -void mbedtls_ssl_cookie_free( mbedtls_ssl_cookie_ctx *ctx ); - -/** - * \brief Generate cookie, see \c mbedtls_ssl_cookie_write_t - */ -mbedtls_ssl_cookie_write_t mbedtls_ssl_cookie_write; - -/** - * \brief Verify cookie, see \c mbedtls_ssl_cookie_write_t - */ -mbedtls_ssl_cookie_check_t mbedtls_ssl_cookie_check; - -#ifdef __cplusplus -} -#endif - -#endif /* ssl_cookie.h */ diff --git a/windows/mbedtls/ssl_ticket.h b/windows/mbedtls/ssl_ticket.h deleted file mode 100644 index 0f4117d3..00000000 --- a/windows/mbedtls/ssl_ticket.h +++ /dev/null @@ -1,137 +0,0 @@ -/** - * \file ssl_ticket.h - * - * \brief TLS server ticket callbacks implementation - */ -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -#ifndef MBEDTLS_SSL_TICKET_H -#define MBEDTLS_SSL_TICKET_H -#include "mbedtls/private_access.h" - -#include "mbedtls/build_info.h" - -/* - * This implementation of the session ticket callbacks includes key - * management, rotating the keys periodically in order to preserve forward - * secrecy, when MBEDTLS_HAVE_TIME is defined. - */ - -#include "mbedtls/ssl.h" -#include "mbedtls/cipher.h" - -#if defined(MBEDTLS_THREADING_C) -#include "mbedtls/threading.h" -#endif - -#ifdef __cplusplus -extern "C" { -#endif - -/** - * \brief Information for session ticket protection - */ -typedef struct mbedtls_ssl_ticket_key -{ - unsigned char MBEDTLS_PRIVATE(name)[4]; /*!< random key identifier */ - uint32_t MBEDTLS_PRIVATE(generation_time); /*!< key generation timestamp (seconds) */ - mbedtls_cipher_context_t MBEDTLS_PRIVATE(ctx); /*!< context for auth enc/decryption */ -} -mbedtls_ssl_ticket_key; - -/** - * \brief Context for session ticket handling functions - */ -typedef struct mbedtls_ssl_ticket_context -{ - mbedtls_ssl_ticket_key MBEDTLS_PRIVATE(keys)[2]; /*!< ticket protection keys */ - unsigned char MBEDTLS_PRIVATE(active); /*!< index of the currently active key */ - - uint32_t MBEDTLS_PRIVATE(ticket_lifetime); /*!< lifetime of tickets in seconds */ - - /** Callback for getting (pseudo-)random numbers */ - int (*MBEDTLS_PRIVATE(f_rng))(void *, unsigned char *, size_t); - void *MBEDTLS_PRIVATE(p_rng); /*!< context for the RNG function */ - -#if defined(MBEDTLS_THREADING_C) - mbedtls_threading_mutex_t MBEDTLS_PRIVATE(mutex); -#endif -} -mbedtls_ssl_ticket_context; - -/** - * \brief Initialize a ticket context. - * (Just make it ready for mbedtls_ssl_ticket_setup() - * or mbedtls_ssl_ticket_free().) - * - * \param ctx Context to be initialized - */ -void mbedtls_ssl_ticket_init( mbedtls_ssl_ticket_context *ctx ); - -/** - * \brief Prepare context to be actually used - * - * \param ctx Context to be set up - * \param f_rng RNG callback function (mandatory) - * \param p_rng RNG callback context - * \param cipher AEAD cipher to use for ticket protection. - * Recommended value: MBEDTLS_CIPHER_AES_256_GCM. - * \param lifetime Tickets lifetime in seconds - * Recommended value: 86400 (one day). - * - * \note It is highly recommended to select a cipher that is at - * least as strong as the strongest ciphersuite - * supported. Usually that means a 256-bit key. - * - * \note The lifetime of the keys is twice the lifetime of tickets. - * It is recommended to pick a reasonnable lifetime so as not - * to negate the benefits of forward secrecy. - * - * \return 0 if successful, - * or a specific MBEDTLS_ERR_XXX error code - */ -int mbedtls_ssl_ticket_setup( mbedtls_ssl_ticket_context *ctx, - int (*f_rng)(void *, unsigned char *, size_t), void *p_rng, - mbedtls_cipher_type_t cipher, - uint32_t lifetime ); - -/** - * \brief Implementation of the ticket write callback - * - * \note See \c mbedtls_ssl_ticket_write_t for description - */ -mbedtls_ssl_ticket_write_t mbedtls_ssl_ticket_write; - -/** - * \brief Implementation of the ticket parse callback - * - * \note See \c mbedtls_ssl_ticket_parse_t for description - */ -mbedtls_ssl_ticket_parse_t mbedtls_ssl_ticket_parse; - -/** - * \brief Free a context's content and zeroize it. - * - * \param ctx Context to be cleaned up - */ -void mbedtls_ssl_ticket_free( mbedtls_ssl_ticket_context *ctx ); - -#ifdef __cplusplus -} -#endif - -#endif /* ssl_ticket.h */ diff --git a/windows/mbedtls/threading.h b/windows/mbedtls/threading.h deleted file mode 100644 index 96cadc4d..00000000 --- a/windows/mbedtls/threading.h +++ /dev/null @@ -1,116 +0,0 @@ -/** - * \file threading.h - * - * \brief Threading abstraction layer - */ -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -#ifndef MBEDTLS_THREADING_H -#define MBEDTLS_THREADING_H -#include "mbedtls/private_access.h" - -#include "mbedtls/build_info.h" - -#include - -#ifdef __cplusplus -extern "C" { -#endif - -#define MBEDTLS_ERR_THREADING_BAD_INPUT_DATA -0x001C /**< Bad input parameters to function. */ -#define MBEDTLS_ERR_THREADING_MUTEX_ERROR -0x001E /**< Locking / unlocking / free failed with error code. */ - -#if defined(MBEDTLS_THREADING_PTHREAD) -#include -typedef struct mbedtls_threading_mutex_t -{ - pthread_mutex_t MBEDTLS_PRIVATE(mutex); - /* is_valid is 0 after a failed init or a free, and nonzero after a - * successful init. This field is not considered part of the public - * API of Mbed TLS and may change without notice. */ - char MBEDTLS_PRIVATE(is_valid); -} mbedtls_threading_mutex_t; -#endif - -#if defined(MBEDTLS_THREADING_ALT) -/* You should define the mbedtls_threading_mutex_t type in your header */ -#include "threading_alt.h" - -/** - * \brief Set your alternate threading implementation function - * pointers and initialize global mutexes. If used, this - * function must be called once in the main thread before any - * other mbed TLS function is called, and - * mbedtls_threading_free_alt() must be called once in the main - * thread after all other mbed TLS functions. - * - * \note mutex_init() and mutex_free() don't return a status code. - * If mutex_init() fails, it should leave its argument (the - * mutex) in a state such that mutex_lock() will fail when - * called with this argument. - * - * \param mutex_init the init function implementation - * \param mutex_free the free function implementation - * \param mutex_lock the lock function implementation - * \param mutex_unlock the unlock function implementation - */ -void mbedtls_threading_set_alt( void (*mutex_init)( mbedtls_threading_mutex_t * ), - void (*mutex_free)( mbedtls_threading_mutex_t * ), - int (*mutex_lock)( mbedtls_threading_mutex_t * ), - int (*mutex_unlock)( mbedtls_threading_mutex_t * ) ); - -/** - * \brief Free global mutexes. - */ -void mbedtls_threading_free_alt( void ); -#endif /* MBEDTLS_THREADING_ALT */ - -#if defined(MBEDTLS_THREADING_C) -/* - * The function pointers for mutex_init, mutex_free, mutex_ and mutex_unlock - * - * All these functions are expected to work or the result will be undefined. - */ -extern void (*mbedtls_mutex_init)( mbedtls_threading_mutex_t *mutex ); -extern void (*mbedtls_mutex_free)( mbedtls_threading_mutex_t *mutex ); -extern int (*mbedtls_mutex_lock)( mbedtls_threading_mutex_t *mutex ); -extern int (*mbedtls_mutex_unlock)( mbedtls_threading_mutex_t *mutex ); - -/* - * Global mutexes - */ -#if defined(MBEDTLS_FS_IO) -extern mbedtls_threading_mutex_t mbedtls_threading_readdir_mutex; -#endif - -#if defined(MBEDTLS_HAVE_TIME_DATE) && !defined(MBEDTLS_PLATFORM_GMTIME_R_ALT) -/* This mutex may or may not be used in the default definition of - * mbedtls_platform_gmtime_r(), but in order to determine that, - * we need to check POSIX features, hence modify _POSIX_C_SOURCE. - * With the current approach, this declaration is orphaned, lacking - * an accompanying definition, in case mbedtls_platform_gmtime_r() - * doesn't need it, but that's not a problem. */ -extern mbedtls_threading_mutex_t mbedtls_threading_gmtime_mutex; -#endif /* MBEDTLS_HAVE_TIME_DATE && !MBEDTLS_PLATFORM_GMTIME_R_ALT */ - -#endif /* MBEDTLS_THREADING_C */ - -#ifdef __cplusplus -} -#endif - -#endif /* threading.h */ diff --git a/windows/mbedtls/timing.h b/windows/mbedtls/timing.h deleted file mode 100644 index 25db1c6a..00000000 --- a/windows/mbedtls/timing.h +++ /dev/null @@ -1,97 +0,0 @@ -/** - * \file timing.h - * - * \brief Portable interface to timeouts and to the CPU cycle counter - */ -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -#ifndef MBEDTLS_TIMING_H -#define MBEDTLS_TIMING_H -#include "mbedtls/private_access.h" - -#include "mbedtls/build_info.h" - -#include - -#ifdef __cplusplus -extern "C" { -#endif - -#if !defined(MBEDTLS_TIMING_ALT) -// Regular implementation -// - -/** - * \brief timer structure - */ -struct mbedtls_timing_hr_time -{ - unsigned char MBEDTLS_PRIVATE(opaque)[32]; -}; - -/** - * \brief Context for mbedtls_timing_set/get_delay() - */ -typedef struct mbedtls_timing_delay_context -{ - struct mbedtls_timing_hr_time MBEDTLS_PRIVATE(timer); - uint32_t MBEDTLS_PRIVATE(int_ms); - uint32_t MBEDTLS_PRIVATE(fin_ms); -} mbedtls_timing_delay_context; - -#else /* MBEDTLS_TIMING_ALT */ -#include "timing_alt.h" -#endif /* MBEDTLS_TIMING_ALT */ - -/* Internal use */ -unsigned long mbedtls_timing_get_timer( struct mbedtls_timing_hr_time *val, int reset ); - -/** - * \brief Set a pair of delays to watch - * (See \c mbedtls_timing_get_delay().) - * - * \param data Pointer to timing data. - * Must point to a valid \c mbedtls_timing_delay_context struct. - * \param int_ms First (intermediate) delay in milliseconds. - * The effect if int_ms > fin_ms is unspecified. - * \param fin_ms Second (final) delay in milliseconds. - * Pass 0 to cancel the current delay. - * - * \note To set a single delay, either use \c mbedtls_timing_set_timer - * directly or use this function with int_ms == fin_ms. - */ -void mbedtls_timing_set_delay( void *data, uint32_t int_ms, uint32_t fin_ms ); - -/** - * \brief Get the status of delays - * (Memory helper: number of delays passed.) - * - * \param data Pointer to timing data - * Must point to a valid \c mbedtls_timing_delay_context struct. - * - * \return -1 if cancelled (fin_ms = 0), - * 0 if none of the delays are passed, - * 1 if only the intermediate delay is passed, - * 2 if the final delay is passed. - */ -int mbedtls_timing_get_delay( void *data ); - -#ifdef __cplusplus -} -#endif - -#endif /* timing.h */ diff --git a/windows/mbedtls/version.h b/windows/mbedtls/version.h deleted file mode 100644 index 773da4a6..00000000 --- a/windows/mbedtls/version.h +++ /dev/null @@ -1,90 +0,0 @@ -/** - * \file version.h - * - * \brief Run-time version information - */ -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -/* - * This set of run-time variables can be used to determine the version number of - * the Mbed TLS library used. Compile-time version defines for the same can be - * found in build_info.h - */ -#ifndef MBEDTLS_VERSION_H -#define MBEDTLS_VERSION_H - -#include "mbedtls/build_info.h" - -#if defined(MBEDTLS_VERSION_C) - -#ifdef __cplusplus -extern "C" { -#endif - -/** - * Get the version number. - * - * \return The constructed version number in the format - * MMNNPP00 (Major, Minor, Patch). - */ -unsigned int mbedtls_version_get_number( void ); - -/** - * Get the version string ("x.y.z"). - * - * \param string The string that will receive the value. - * (Should be at least 9 bytes in size) - */ -void mbedtls_version_get_string( char *string ); - -/** - * Get the full version string ("mbed TLS x.y.z"). - * - * \param string The string that will receive the value. The mbed TLS version - * string will use 18 bytes AT MOST including a terminating - * null byte. - * (So the buffer should be at least 18 bytes to receive this - * version string). - */ -void mbedtls_version_get_string_full( char *string ); - -/** - * \brief Check if support for a feature was compiled into this - * mbed TLS binary. This allows you to see at runtime if the - * library was for instance compiled with or without - * Multi-threading support. - * - * \note only checks against defines in the sections "System - * support", "mbed TLS modules" and "mbed TLS feature - * support" in mbedtls_config.h - * - * \param feature The string for the define to check (e.g. "MBEDTLS_AES_C") - * - * \return 0 if the feature is present, - * -1 if the feature is not present and - * -2 if support for feature checking as a whole was not - * compiled in. - */ -int mbedtls_version_check_feature( const char *feature ); - -#ifdef __cplusplus -} -#endif - -#endif /* MBEDTLS_VERSION_C */ - -#endif /* version.h */ diff --git a/windows/mbedtls/x509.h b/windows/mbedtls/x509.h deleted file mode 100644 index 5be4286e..00000000 --- a/windows/mbedtls/x509.h +++ /dev/null @@ -1,347 +0,0 @@ -/** - * \file x509.h - * - * \brief X.509 generic defines and structures - */ -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -#ifndef MBEDTLS_X509_H -#define MBEDTLS_X509_H -#include "mbedtls/private_access.h" - -#include "mbedtls/build_info.h" - -#include "mbedtls/asn1.h" -#include "mbedtls/pk.h" - -#if defined(MBEDTLS_RSA_C) -#include "mbedtls/rsa.h" -#endif - -/** - * \addtogroup x509_module - * \{ - */ - -#if !defined(MBEDTLS_X509_MAX_INTERMEDIATE_CA) -/** - * Maximum number of intermediate CAs in a verification chain. - * That is, maximum length of the chain, excluding the end-entity certificate - * and the trusted root certificate. - * - * Set this to a low value to prevent an adversary from making you waste - * resources verifying an overlong certificate chain. - */ -#define MBEDTLS_X509_MAX_INTERMEDIATE_CA 8 -#endif - -/** - * \name X509 Error codes - * \{ - */ -#define MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE -0x2080 /**< Unavailable feature, e.g. RSA hashing/encryption combination. */ -#define MBEDTLS_ERR_X509_UNKNOWN_OID -0x2100 /**< Requested OID is unknown. */ -#define MBEDTLS_ERR_X509_INVALID_FORMAT -0x2180 /**< The CRT/CRL/CSR format is invalid, e.g. different type expected. */ -#define MBEDTLS_ERR_X509_INVALID_VERSION -0x2200 /**< The CRT/CRL/CSR version element is invalid. */ -#define MBEDTLS_ERR_X509_INVALID_SERIAL -0x2280 /**< The serial tag or value is invalid. */ -#define MBEDTLS_ERR_X509_INVALID_ALG -0x2300 /**< The algorithm tag or value is invalid. */ -#define MBEDTLS_ERR_X509_INVALID_NAME -0x2380 /**< The name tag or value is invalid. */ -#define MBEDTLS_ERR_X509_INVALID_DATE -0x2400 /**< The date tag or value is invalid. */ -#define MBEDTLS_ERR_X509_INVALID_SIGNATURE -0x2480 /**< The signature tag or value invalid. */ -#define MBEDTLS_ERR_X509_INVALID_EXTENSIONS -0x2500 /**< The extension tag or value is invalid. */ -#define MBEDTLS_ERR_X509_UNKNOWN_VERSION -0x2580 /**< CRT/CRL/CSR has an unsupported version number. */ -#define MBEDTLS_ERR_X509_UNKNOWN_SIG_ALG -0x2600 /**< Signature algorithm (oid) is unsupported. */ -#define MBEDTLS_ERR_X509_SIG_MISMATCH -0x2680 /**< Signature algorithms do not match. (see \c ::mbedtls_x509_crt sig_oid) */ -#define MBEDTLS_ERR_X509_CERT_VERIFY_FAILED -0x2700 /**< Certificate verification failed, e.g. CRL, CA or signature check failed. */ -#define MBEDTLS_ERR_X509_CERT_UNKNOWN_FORMAT -0x2780 /**< Format not recognized as DER or PEM. */ -#define MBEDTLS_ERR_X509_BAD_INPUT_DATA -0x2800 /**< Input invalid. */ -#define MBEDTLS_ERR_X509_ALLOC_FAILED -0x2880 /**< Allocation of memory failed. */ -#define MBEDTLS_ERR_X509_FILE_IO_ERROR -0x2900 /**< Read/write of file failed. */ -#define MBEDTLS_ERR_X509_BUFFER_TOO_SMALL -0x2980 /**< Destination buffer is too small. */ -#define MBEDTLS_ERR_X509_FATAL_ERROR -0x3000 /**< A fatal error occurred, eg the chain is too long or the vrfy callback failed. */ -/* \} name */ - -/** - * \name X509 Verify codes - * \{ - */ -/* Reminder: update x509_crt_verify_strings[] in library/x509_crt.c */ -#define MBEDTLS_X509_BADCERT_EXPIRED 0x01 /**< The certificate validity has expired. */ -#define MBEDTLS_X509_BADCERT_REVOKED 0x02 /**< The certificate has been revoked (is on a CRL). */ -#define MBEDTLS_X509_BADCERT_CN_MISMATCH 0x04 /**< The certificate Common Name (CN) does not match with the expected CN. */ -#define MBEDTLS_X509_BADCERT_NOT_TRUSTED 0x08 /**< The certificate is not correctly signed by the trusted CA. */ -#define MBEDTLS_X509_BADCRL_NOT_TRUSTED 0x10 /**< The CRL is not correctly signed by the trusted CA. */ -#define MBEDTLS_X509_BADCRL_EXPIRED 0x20 /**< The CRL is expired. */ -#define MBEDTLS_X509_BADCERT_MISSING 0x40 /**< Certificate was missing. */ -#define MBEDTLS_X509_BADCERT_SKIP_VERIFY 0x80 /**< Certificate verification was skipped. */ -#define MBEDTLS_X509_BADCERT_OTHER 0x0100 /**< Other reason (can be used by verify callback) */ -#define MBEDTLS_X509_BADCERT_FUTURE 0x0200 /**< The certificate validity starts in the future. */ -#define MBEDTLS_X509_BADCRL_FUTURE 0x0400 /**< The CRL is from the future */ -#define MBEDTLS_X509_BADCERT_KEY_USAGE 0x0800 /**< Usage does not match the keyUsage extension. */ -#define MBEDTLS_X509_BADCERT_EXT_KEY_USAGE 0x1000 /**< Usage does not match the extendedKeyUsage extension. */ -#define MBEDTLS_X509_BADCERT_NS_CERT_TYPE 0x2000 /**< Usage does not match the nsCertType extension. */ -#define MBEDTLS_X509_BADCERT_BAD_MD 0x4000 /**< The certificate is signed with an unacceptable hash. */ -#define MBEDTLS_X509_BADCERT_BAD_PK 0x8000 /**< The certificate is signed with an unacceptable PK alg (eg RSA vs ECDSA). */ -#define MBEDTLS_X509_BADCERT_BAD_KEY 0x010000 /**< The certificate is signed with an unacceptable key (eg bad curve, RSA too short). */ -#define MBEDTLS_X509_BADCRL_BAD_MD 0x020000 /**< The CRL is signed with an unacceptable hash. */ -#define MBEDTLS_X509_BADCRL_BAD_PK 0x040000 /**< The CRL is signed with an unacceptable PK alg (eg RSA vs ECDSA). */ -#define MBEDTLS_X509_BADCRL_BAD_KEY 0x080000 /**< The CRL is signed with an unacceptable key (eg bad curve, RSA too short). */ - -/* \} name */ -/* \} addtogroup x509_module */ - -/* - * X.509 v3 Subject Alternative Name types. - * otherName [0] OtherName, - * rfc822Name [1] IA5String, - * dNSName [2] IA5String, - * x400Address [3] ORAddress, - * directoryName [4] Name, - * ediPartyName [5] EDIPartyName, - * uniformResourceIdentifier [6] IA5String, - * iPAddress [7] OCTET STRING, - * registeredID [8] OBJECT IDENTIFIER - */ -#define MBEDTLS_X509_SAN_OTHER_NAME 0 -#define MBEDTLS_X509_SAN_RFC822_NAME 1 -#define MBEDTLS_X509_SAN_DNS_NAME 2 -#define MBEDTLS_X509_SAN_X400_ADDRESS_NAME 3 -#define MBEDTLS_X509_SAN_DIRECTORY_NAME 4 -#define MBEDTLS_X509_SAN_EDI_PARTY_NAME 5 -#define MBEDTLS_X509_SAN_UNIFORM_RESOURCE_IDENTIFIER 6 -#define MBEDTLS_X509_SAN_IP_ADDRESS 7 -#define MBEDTLS_X509_SAN_REGISTERED_ID 8 - -/* - * X.509 v3 Key Usage Extension flags - * Reminder: update x509_info_key_usage() when adding new flags. - */ -#define MBEDTLS_X509_KU_DIGITAL_SIGNATURE (0x80) /* bit 0 */ -#define MBEDTLS_X509_KU_NON_REPUDIATION (0x40) /* bit 1 */ -#define MBEDTLS_X509_KU_KEY_ENCIPHERMENT (0x20) /* bit 2 */ -#define MBEDTLS_X509_KU_DATA_ENCIPHERMENT (0x10) /* bit 3 */ -#define MBEDTLS_X509_KU_KEY_AGREEMENT (0x08) /* bit 4 */ -#define MBEDTLS_X509_KU_KEY_CERT_SIGN (0x04) /* bit 5 */ -#define MBEDTLS_X509_KU_CRL_SIGN (0x02) /* bit 6 */ -#define MBEDTLS_X509_KU_ENCIPHER_ONLY (0x01) /* bit 7 */ -#define MBEDTLS_X509_KU_DECIPHER_ONLY (0x8000) /* bit 8 */ - -/* - * Netscape certificate types - * (http://www.mozilla.org/projects/security/pki/nss/tech-notes/tn3.html) - */ - -#define MBEDTLS_X509_NS_CERT_TYPE_SSL_CLIENT (0x80) /* bit 0 */ -#define MBEDTLS_X509_NS_CERT_TYPE_SSL_SERVER (0x40) /* bit 1 */ -#define MBEDTLS_X509_NS_CERT_TYPE_EMAIL (0x20) /* bit 2 */ -#define MBEDTLS_X509_NS_CERT_TYPE_OBJECT_SIGNING (0x10) /* bit 3 */ -#define MBEDTLS_X509_NS_CERT_TYPE_RESERVED (0x08) /* bit 4 */ -#define MBEDTLS_X509_NS_CERT_TYPE_SSL_CA (0x04) /* bit 5 */ -#define MBEDTLS_X509_NS_CERT_TYPE_EMAIL_CA (0x02) /* bit 6 */ -#define MBEDTLS_X509_NS_CERT_TYPE_OBJECT_SIGNING_CA (0x01) /* bit 7 */ - -/* - * X.509 extension types - * - * Comments refer to the status for using certificates. Status can be - * different for writing certificates or reading CRLs or CSRs. - * - * Those are defined in oid.h as oid.c needs them in a data structure. Since - * these were previously defined here, let's have aliases for compatibility. - */ -#define MBEDTLS_X509_EXT_AUTHORITY_KEY_IDENTIFIER MBEDTLS_OID_X509_EXT_AUTHORITY_KEY_IDENTIFIER -#define MBEDTLS_X509_EXT_SUBJECT_KEY_IDENTIFIER MBEDTLS_OID_X509_EXT_SUBJECT_KEY_IDENTIFIER -#define MBEDTLS_X509_EXT_KEY_USAGE MBEDTLS_OID_X509_EXT_KEY_USAGE -#define MBEDTLS_X509_EXT_CERTIFICATE_POLICIES MBEDTLS_OID_X509_EXT_CERTIFICATE_POLICIES -#define MBEDTLS_X509_EXT_POLICY_MAPPINGS MBEDTLS_OID_X509_EXT_POLICY_MAPPINGS -#define MBEDTLS_X509_EXT_SUBJECT_ALT_NAME MBEDTLS_OID_X509_EXT_SUBJECT_ALT_NAME /* Supported (DNS) */ -#define MBEDTLS_X509_EXT_ISSUER_ALT_NAME MBEDTLS_OID_X509_EXT_ISSUER_ALT_NAME -#define MBEDTLS_X509_EXT_SUBJECT_DIRECTORY_ATTRS MBEDTLS_OID_X509_EXT_SUBJECT_DIRECTORY_ATTRS -#define MBEDTLS_X509_EXT_BASIC_CONSTRAINTS MBEDTLS_OID_X509_EXT_BASIC_CONSTRAINTS /* Supported */ -#define MBEDTLS_X509_EXT_NAME_CONSTRAINTS MBEDTLS_OID_X509_EXT_NAME_CONSTRAINTS -#define MBEDTLS_X509_EXT_POLICY_CONSTRAINTS MBEDTLS_OID_X509_EXT_POLICY_CONSTRAINTS -#define MBEDTLS_X509_EXT_EXTENDED_KEY_USAGE MBEDTLS_OID_X509_EXT_EXTENDED_KEY_USAGE -#define MBEDTLS_X509_EXT_CRL_DISTRIBUTION_POINTS MBEDTLS_OID_X509_EXT_CRL_DISTRIBUTION_POINTS -#define MBEDTLS_X509_EXT_INIHIBIT_ANYPOLICY MBEDTLS_OID_X509_EXT_INIHIBIT_ANYPOLICY -#define MBEDTLS_X509_EXT_FRESHEST_CRL MBEDTLS_OID_X509_EXT_FRESHEST_CRL -#define MBEDTLS_X509_EXT_NS_CERT_TYPE MBEDTLS_OID_X509_EXT_NS_CERT_TYPE - -/* - * Storage format identifiers - * Recognized formats: PEM and DER - */ -#define MBEDTLS_X509_FORMAT_DER 1 -#define MBEDTLS_X509_FORMAT_PEM 2 - -#define MBEDTLS_X509_MAX_DN_NAME_SIZE 256 /**< Maximum value size of a DN entry */ - -#ifdef __cplusplus -extern "C" { -#endif - -/** - * \addtogroup x509_module - * \{ */ - -/** - * \name Structures for parsing X.509 certificates, CRLs and CSRs - * \{ - */ - -/** - * Type-length-value structure that allows for ASN1 using DER. - */ -typedef mbedtls_asn1_buf mbedtls_x509_buf; - -/** - * Container for ASN1 bit strings. - */ -typedef mbedtls_asn1_bitstring mbedtls_x509_bitstring; - -/** - * Container for ASN1 named information objects. - * It allows for Relative Distinguished Names (e.g. cn=localhost,ou=code,etc.). - */ -typedef mbedtls_asn1_named_data mbedtls_x509_name; - -/** - * Container for a sequence of ASN.1 items - */ -typedef mbedtls_asn1_sequence mbedtls_x509_sequence; - -/** Container for date and time (precision in seconds). */ -typedef struct mbedtls_x509_time -{ - int MBEDTLS_PRIVATE(year), MBEDTLS_PRIVATE(mon), MBEDTLS_PRIVATE(day); /**< Date. */ - int MBEDTLS_PRIVATE(hour), MBEDTLS_PRIVATE(min), MBEDTLS_PRIVATE(sec); /**< Time. */ -} -mbedtls_x509_time; - -/** \} name Structures for parsing X.509 certificates, CRLs and CSRs */ -/** \} addtogroup x509_module */ - -/** - * \brief Store the certificate DN in printable form into buf; - * no more than size characters will be written. - * - * \param buf Buffer to write to - * \param size Maximum size of buffer - * \param dn The X509 name to represent - * - * \return The length of the string written (not including the - * terminated nul byte), or a negative error code. - */ -int mbedtls_x509_dn_gets( char *buf, size_t size, const mbedtls_x509_name *dn ); - -/** - * \brief Store the certificate serial in printable form into buf; - * no more than size characters will be written. - * - * \param buf Buffer to write to - * \param size Maximum size of buffer - * \param serial The X509 serial to represent - * - * \return The length of the string written (not including the - * terminated nul byte), or a negative error code. - */ -int mbedtls_x509_serial_gets( char *buf, size_t size, const mbedtls_x509_buf *serial ); - -/** - * \brief Check a given mbedtls_x509_time against the system time - * and tell if it's in the past. - * - * \note Intended usage is "if( is_past( valid_to ) ) ERROR". - * Hence the return value of 1 if on internal errors. - * - * \param to mbedtls_x509_time to check - * - * \return 1 if the given time is in the past or an error occurred, - * 0 otherwise. - */ -int mbedtls_x509_time_is_past( const mbedtls_x509_time *to ); - -/** - * \brief Check a given mbedtls_x509_time against the system time - * and tell if it's in the future. - * - * \note Intended usage is "if( is_future( valid_from ) ) ERROR". - * Hence the return value of 1 if on internal errors. - * - * \param from mbedtls_x509_time to check - * - * \return 1 if the given time is in the future or an error occurred, - * 0 otherwise. - */ -int mbedtls_x509_time_is_future( const mbedtls_x509_time *from ); - -/* - * Internal module functions. You probably do not want to use these unless you - * know you do. - */ -int mbedtls_x509_get_name( unsigned char **p, const unsigned char *end, - mbedtls_x509_name *cur ); -int mbedtls_x509_get_alg_null( unsigned char **p, const unsigned char *end, - mbedtls_x509_buf *alg ); -int mbedtls_x509_get_alg( unsigned char **p, const unsigned char *end, - mbedtls_x509_buf *alg, mbedtls_x509_buf *params ); -#if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT) -int mbedtls_x509_get_rsassa_pss_params( const mbedtls_x509_buf *params, - mbedtls_md_type_t *md_alg, mbedtls_md_type_t *mgf_md, - int *salt_len ); -#endif -int mbedtls_x509_get_sig( unsigned char **p, const unsigned char *end, mbedtls_x509_buf *sig ); -int mbedtls_x509_get_sig_alg( const mbedtls_x509_buf *sig_oid, const mbedtls_x509_buf *sig_params, - mbedtls_md_type_t *md_alg, mbedtls_pk_type_t *pk_alg, - void **sig_opts ); -int mbedtls_x509_get_time( unsigned char **p, const unsigned char *end, - mbedtls_x509_time *t ); -int mbedtls_x509_get_serial( unsigned char **p, const unsigned char *end, - mbedtls_x509_buf *serial ); -int mbedtls_x509_get_ext( unsigned char **p, const unsigned char *end, - mbedtls_x509_buf *ext, int tag ); -#if !defined(MBEDTLS_X509_REMOVE_INFO) -int mbedtls_x509_sig_alg_gets( char *buf, size_t size, const mbedtls_x509_buf *sig_oid, - mbedtls_pk_type_t pk_alg, mbedtls_md_type_t md_alg, - const void *sig_opts ); -#endif -int mbedtls_x509_key_size_helper( char *buf, size_t buf_size, const char *name ); -int mbedtls_x509_string_to_names( mbedtls_asn1_named_data **head, const char *name ); -int mbedtls_x509_set_extension( mbedtls_asn1_named_data **head, const char *oid, size_t oid_len, - int critical, const unsigned char *val, - size_t val_len ); -int mbedtls_x509_write_extensions( unsigned char **p, unsigned char *start, - mbedtls_asn1_named_data *first ); -int mbedtls_x509_write_names( unsigned char **p, unsigned char *start, - mbedtls_asn1_named_data *first ); -int mbedtls_x509_write_sig( unsigned char **p, unsigned char *start, - const char *oid, size_t oid_len, - unsigned char *sig, size_t size ); - -#define MBEDTLS_X509_SAFE_SNPRINTF \ - do { \ - if( ret < 0 || (size_t) ret >= n ) \ - return( MBEDTLS_ERR_X509_BUFFER_TOO_SMALL ); \ - \ - n -= (size_t) ret; \ - p += (size_t) ret; \ - } while( 0 ) - -#ifdef __cplusplus -} -#endif - -#endif /* x509.h */ diff --git a/windows/mbedtls/x509_crl.h b/windows/mbedtls/x509_crl.h deleted file mode 100644 index 9331827b..00000000 --- a/windows/mbedtls/x509_crl.h +++ /dev/null @@ -1,171 +0,0 @@ -/** - * \file x509_crl.h - * - * \brief X.509 certificate revocation list parsing - */ -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -#ifndef MBEDTLS_X509_CRL_H -#define MBEDTLS_X509_CRL_H -#include "mbedtls/private_access.h" - -#include "mbedtls/build_info.h" - -#include "mbedtls/x509.h" - -#ifdef __cplusplus -extern "C" { -#endif - -/** - * \addtogroup x509_module - * \{ */ - -/** - * \name Structures and functions for parsing CRLs - * \{ - */ - -/** - * Certificate revocation list entry. - * Contains the CA-specific serial numbers and revocation dates. - */ -typedef struct mbedtls_x509_crl_entry -{ - mbedtls_x509_buf MBEDTLS_PRIVATE(raw); - - mbedtls_x509_buf MBEDTLS_PRIVATE(serial); - - mbedtls_x509_time MBEDTLS_PRIVATE(revocation_date); - - mbedtls_x509_buf MBEDTLS_PRIVATE(entry_ext); - - struct mbedtls_x509_crl_entry *MBEDTLS_PRIVATE(next); -} -mbedtls_x509_crl_entry; - -/** - * Certificate revocation list structure. - * Every CRL may have multiple entries. - */ -typedef struct mbedtls_x509_crl -{ - mbedtls_x509_buf MBEDTLS_PRIVATE(raw); /**< The raw certificate data (DER). */ - mbedtls_x509_buf MBEDTLS_PRIVATE(tbs); /**< The raw certificate body (DER). The part that is To Be Signed. */ - - int MBEDTLS_PRIVATE(version); /**< CRL version (1=v1, 2=v2) */ - mbedtls_x509_buf MBEDTLS_PRIVATE(sig_oid); /**< CRL signature type identifier */ - - mbedtls_x509_buf MBEDTLS_PRIVATE(issuer_raw); /**< The raw issuer data (DER). */ - - mbedtls_x509_name MBEDTLS_PRIVATE(issuer); /**< The parsed issuer data (named information object). */ - - mbedtls_x509_time MBEDTLS_PRIVATE(this_update); - mbedtls_x509_time MBEDTLS_PRIVATE(next_update); - - mbedtls_x509_crl_entry MBEDTLS_PRIVATE(entry); /**< The CRL entries containing the certificate revocation times for this CA. */ - - mbedtls_x509_buf MBEDTLS_PRIVATE(crl_ext); - - mbedtls_x509_buf MBEDTLS_PRIVATE(sig_oid2); - mbedtls_x509_buf MBEDTLS_PRIVATE(sig); - mbedtls_md_type_t MBEDTLS_PRIVATE(sig_md); /**< Internal representation of the MD algorithm of the signature algorithm, e.g. MBEDTLS_MD_SHA256 */ - mbedtls_pk_type_t MBEDTLS_PRIVATE(sig_pk); /**< Internal representation of the Public Key algorithm of the signature algorithm, e.g. MBEDTLS_PK_RSA */ - void *MBEDTLS_PRIVATE(sig_opts); /**< Signature options to be passed to mbedtls_pk_verify_ext(), e.g. for RSASSA-PSS */ - - struct mbedtls_x509_crl *MBEDTLS_PRIVATE(next); -} -mbedtls_x509_crl; - -/** - * \brief Parse a DER-encoded CRL and append it to the chained list - * - * \param chain points to the start of the chain - * \param buf buffer holding the CRL data in DER format - * \param buflen size of the buffer - * (including the terminating null byte for PEM data) - * - * \return 0 if successful, or a specific X509 or PEM error code - */ -int mbedtls_x509_crl_parse_der( mbedtls_x509_crl *chain, - const unsigned char *buf, size_t buflen ); -/** - * \brief Parse one or more CRLs and append them to the chained list - * - * \note Multiple CRLs are accepted only if using PEM format - * - * \param chain points to the start of the chain - * \param buf buffer holding the CRL data in PEM or DER format - * \param buflen size of the buffer - * (including the terminating null byte for PEM data) - * - * \return 0 if successful, or a specific X509 or PEM error code - */ -int mbedtls_x509_crl_parse( mbedtls_x509_crl *chain, const unsigned char *buf, size_t buflen ); - -#if defined(MBEDTLS_FS_IO) -/** - * \brief Load one or more CRLs and append them to the chained list - * - * \note Multiple CRLs are accepted only if using PEM format - * - * \param chain points to the start of the chain - * \param path filename to read the CRLs from (in PEM or DER encoding) - * - * \return 0 if successful, or a specific X509 or PEM error code - */ -int mbedtls_x509_crl_parse_file( mbedtls_x509_crl *chain, const char *path ); -#endif /* MBEDTLS_FS_IO */ - -#if !defined(MBEDTLS_X509_REMOVE_INFO) -/** - * \brief Returns an informational string about the CRL. - * - * \param buf Buffer to write to - * \param size Maximum size of buffer - * \param prefix A line prefix - * \param crl The X509 CRL to represent - * - * \return The length of the string written (not including the - * terminated nul byte), or a negative error code. - */ -int mbedtls_x509_crl_info( char *buf, size_t size, const char *prefix, - const mbedtls_x509_crl *crl ); -#endif /* !MBEDTLS_X509_REMOVE_INFO */ - -/** - * \brief Initialize a CRL (chain) - * - * \param crl CRL chain to initialize - */ -void mbedtls_x509_crl_init( mbedtls_x509_crl *crl ); - -/** - * \brief Unallocate all CRL data - * - * \param crl CRL chain to free - */ -void mbedtls_x509_crl_free( mbedtls_x509_crl *crl ); - -/* \} name */ -/* \} addtogroup x509_module */ - -#ifdef __cplusplus -} -#endif - -#endif /* mbedtls_x509_crl.h */ diff --git a/windows/mbedtls/x509_crt.h b/windows/mbedtls/x509_crt.h deleted file mode 100644 index 49211a94..00000000 --- a/windows/mbedtls/x509_crt.h +++ /dev/null @@ -1,1179 +0,0 @@ -/** - * \file x509_crt.h - * - * \brief X.509 certificate parsing and writing - */ -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -#ifndef MBEDTLS_X509_CRT_H -#define MBEDTLS_X509_CRT_H -#include "mbedtls/private_access.h" - -#include "mbedtls/build_info.h" - -#include "mbedtls/x509.h" -#include "mbedtls/x509_crl.h" -#include "mbedtls/bignum.h" - -/** - * \addtogroup x509_module - * \{ - */ - -#ifdef __cplusplus -extern "C" { -#endif - -/** - * \name Structures and functions for parsing and writing X.509 certificates - * \{ - */ - -/** - * Container for an X.509 certificate. The certificate may be chained. - */ -typedef struct mbedtls_x509_crt -{ - int MBEDTLS_PRIVATE(own_buffer); /**< Indicates if \c raw is owned - * by the structure or not. */ - mbedtls_x509_buf MBEDTLS_PRIVATE(raw); /**< The raw certificate data (DER). */ - mbedtls_x509_buf MBEDTLS_PRIVATE(tbs); /**< The raw certificate body (DER). The part that is To Be Signed. */ - - int MBEDTLS_PRIVATE(version); /**< The X.509 version. (1=v1, 2=v2, 3=v3) */ - mbedtls_x509_buf MBEDTLS_PRIVATE(serial); /**< Unique id for certificate issued by a specific CA. */ - mbedtls_x509_buf MBEDTLS_PRIVATE(sig_oid); /**< Signature algorithm, e.g. sha1RSA */ - - mbedtls_x509_buf MBEDTLS_PRIVATE(issuer_raw); /**< The raw issuer data (DER). Used for quick comparison. */ - mbedtls_x509_buf MBEDTLS_PRIVATE(subject_raw); /**< The raw subject data (DER). Used for quick comparison. */ - - mbedtls_x509_name MBEDTLS_PRIVATE(issuer); /**< The parsed issuer data (named information object). */ - mbedtls_x509_name MBEDTLS_PRIVATE(subject); /**< The parsed subject data (named information object). */ - - mbedtls_x509_time MBEDTLS_PRIVATE(valid_from); /**< Start time of certificate validity. */ - mbedtls_x509_time MBEDTLS_PRIVATE(valid_to); /**< End time of certificate validity. */ - - mbedtls_x509_buf MBEDTLS_PRIVATE(pk_raw); - mbedtls_pk_context MBEDTLS_PRIVATE(pk); /**< Container for the public key context. */ - - mbedtls_x509_buf MBEDTLS_PRIVATE(issuer_id); /**< Optional X.509 v2/v3 issuer unique identifier. */ - mbedtls_x509_buf MBEDTLS_PRIVATE(subject_id); /**< Optional X.509 v2/v3 subject unique identifier. */ - mbedtls_x509_buf MBEDTLS_PRIVATE(v3_ext); /**< Optional X.509 v3 extensions. */ - mbedtls_x509_sequence MBEDTLS_PRIVATE(subject_alt_names); /**< Optional list of raw entries of Subject Alternative Names extension (currently only dNSName and OtherName are listed). */ - - mbedtls_x509_sequence MBEDTLS_PRIVATE(certificate_policies); /**< Optional list of certificate policies (Only anyPolicy is printed and enforced, however the rest of the policies are still listed). */ - - int MBEDTLS_PRIVATE(ext_types); /**< Bit string containing detected and parsed extensions */ - int MBEDTLS_PRIVATE(ca_istrue); /**< Optional Basic Constraint extension value: 1 if this certificate belongs to a CA, 0 otherwise. */ - int MBEDTLS_PRIVATE(max_pathlen); /**< Optional Basic Constraint extension value: The maximum path length to the root certificate. Path length is 1 higher than RFC 5280 'meaning', so 1+ */ - - unsigned int MBEDTLS_PRIVATE(key_usage); /**< Optional key usage extension value: See the values in x509.h */ - - mbedtls_x509_sequence MBEDTLS_PRIVATE(ext_key_usage); /**< Optional list of extended key usage OIDs. */ - - unsigned char MBEDTLS_PRIVATE(ns_cert_type); /**< Optional Netscape certificate type extension value: See the values in x509.h */ - - mbedtls_x509_buf MBEDTLS_PRIVATE(sig); /**< Signature: hash of the tbs part signed with the private key. */ - mbedtls_md_type_t MBEDTLS_PRIVATE(sig_md); /**< Internal representation of the MD algorithm of the signature algorithm, e.g. MBEDTLS_MD_SHA256 */ - mbedtls_pk_type_t MBEDTLS_PRIVATE(sig_pk); /**< Internal representation of the Public Key algorithm of the signature algorithm, e.g. MBEDTLS_PK_RSA */ - void *MBEDTLS_PRIVATE(sig_opts); /**< Signature options to be passed to mbedtls_pk_verify_ext(), e.g. for RSASSA-PSS */ - - struct mbedtls_x509_crt *MBEDTLS_PRIVATE(next); /**< Next certificate in the CA-chain. */ -} -mbedtls_x509_crt; - -/** - * From RFC 5280 section 4.2.1.6: - * OtherName ::= SEQUENCE { - * type-id OBJECT IDENTIFIER, - * value [0] EXPLICIT ANY DEFINED BY type-id } - */ -typedef struct mbedtls_x509_san_other_name -{ - /** - * The type_id is an OID as deifned in RFC 5280. - * To check the value of the type id, you should use - * \p MBEDTLS_OID_CMP with a known OID mbedtls_x509_buf. - */ - mbedtls_x509_buf MBEDTLS_PRIVATE(type_id); /**< The type id. */ - union - { - /** - * From RFC 4108 section 5: - * HardwareModuleName ::= SEQUENCE { - * hwType OBJECT IDENTIFIER, - * hwSerialNum OCTET STRING } - */ - struct - { - mbedtls_x509_buf MBEDTLS_PRIVATE(oid); /**< The object identifier. */ - mbedtls_x509_buf MBEDTLS_PRIVATE(val); /**< The named value. */ - } - MBEDTLS_PRIVATE(hardware_module_name); - } - MBEDTLS_PRIVATE(value); -} -mbedtls_x509_san_other_name; - -/** - * A structure for holding the parsed Subject Alternative Name, according to type - */ -typedef struct mbedtls_x509_subject_alternative_name -{ - int MBEDTLS_PRIVATE(type); /**< The SAN type, value of MBEDTLS_X509_SAN_XXX. */ - union { - mbedtls_x509_san_other_name MBEDTLS_PRIVATE(other_name); /**< The otherName supported type. */ - mbedtls_x509_buf MBEDTLS_PRIVATE(unstructured_name); /**< The buffer for the un constructed types. Only dnsName currently supported */ - } - MBEDTLS_PRIVATE(san); /**< A union of the supported SAN types */ -} -mbedtls_x509_subject_alternative_name; - -/** - * Build flag from an algorithm/curve identifier (pk, md, ecp) - * Since 0 is always XXX_NONE, ignore it. - */ -#define MBEDTLS_X509_ID_FLAG( id ) ( 1 << ( (id) - 1 ) ) - -/** - * Security profile for certificate verification. - * - * All lists are bitfields, built by ORing flags from MBEDTLS_X509_ID_FLAG(). - * - * The fields of this structure are part of the public API and can be - * manipulated directly by applications. Future versions of the library may - * add extra fields or reorder existing fields. - * - * You can create custom profiles by starting from a copy of - * an existing profile, such as mbedtls_x509_crt_profile_default or - * mbedtls_x509_ctr_profile_none and then tune it to your needs. - * - * For example to allow SHA-224 in addition to the default: - * - * mbedtls_x509_crt_profile my_profile = mbedtls_x509_crt_profile_default; - * my_profile.allowed_mds |= MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA224 ); - * - * Or to allow only RSA-3072+ with SHA-256: - * - * mbedtls_x509_crt_profile my_profile = mbedtls_x509_crt_profile_none; - * my_profile.allowed_mds = MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA256 ); - * my_profile.allowed_pks = MBEDTLS_X509_ID_FLAG( MBEDTLS_PK_RSA ); - * my_profile.rsa_min_bitlen = 3072; - */ -typedef struct mbedtls_x509_crt_profile -{ - uint32_t allowed_mds; /**< MDs for signatures */ - uint32_t allowed_pks; /**< PK algs for signatures */ - uint32_t allowed_curves; /**< Elliptic curves for ECDSA */ - uint32_t rsa_min_bitlen; /**< Minimum size for RSA keys */ -} -mbedtls_x509_crt_profile; - -#define MBEDTLS_X509_CRT_VERSION_1 0 -#define MBEDTLS_X509_CRT_VERSION_2 1 -#define MBEDTLS_X509_CRT_VERSION_3 2 - -#define MBEDTLS_X509_RFC5280_MAX_SERIAL_LEN 32 -#define MBEDTLS_X509_RFC5280_UTC_TIME_LEN 15 - -#if !defined( MBEDTLS_X509_MAX_FILE_PATH_LEN ) -#define MBEDTLS_X509_MAX_FILE_PATH_LEN 512 -#endif - -/* This macro unfolds to the concatenation of macro invocations - * X509_CRT_ERROR_INFO( error code, - * error code as string, - * human readable description ) - * where X509_CRT_ERROR_INFO is defined by the user. - * See x509_crt.c for an example of how to use this. */ -#define MBEDTLS_X509_CRT_ERROR_INFO_LIST \ - X509_CRT_ERROR_INFO( MBEDTLS_X509_BADCERT_EXPIRED, \ - "MBEDTLS_X509_BADCERT_EXPIRED", \ - "The certificate validity has expired" ) \ - X509_CRT_ERROR_INFO( MBEDTLS_X509_BADCERT_REVOKED, \ - "MBEDTLS_X509_BADCERT_REVOKED", \ - "The certificate has been revoked (is on a CRL)" ) \ - X509_CRT_ERROR_INFO( MBEDTLS_X509_BADCERT_CN_MISMATCH, \ - "MBEDTLS_X509_BADCERT_CN_MISMATCH", \ - "The certificate Common Name (CN) does not match with the expected CN" ) \ - X509_CRT_ERROR_INFO( MBEDTLS_X509_BADCERT_NOT_TRUSTED, \ - "MBEDTLS_X509_BADCERT_NOT_TRUSTED", \ - "The certificate is not correctly signed by the trusted CA" ) \ - X509_CRT_ERROR_INFO( MBEDTLS_X509_BADCRL_NOT_TRUSTED, \ - "MBEDTLS_X509_BADCRL_NOT_TRUSTED", \ - "The CRL is not correctly signed by the trusted CA" ) \ - X509_CRT_ERROR_INFO( MBEDTLS_X509_BADCRL_EXPIRED, \ - "MBEDTLS_X509_BADCRL_EXPIRED", \ - "The CRL is expired" ) \ - X509_CRT_ERROR_INFO( MBEDTLS_X509_BADCERT_MISSING, \ - "MBEDTLS_X509_BADCERT_MISSING", \ - "Certificate was missing" ) \ - X509_CRT_ERROR_INFO( MBEDTLS_X509_BADCERT_SKIP_VERIFY, \ - "MBEDTLS_X509_BADCERT_SKIP_VERIFY", \ - "Certificate verification was skipped" ) \ - X509_CRT_ERROR_INFO( MBEDTLS_X509_BADCERT_OTHER, \ - "MBEDTLS_X509_BADCERT_OTHER", \ - "Other reason (can be used by verify callback)" ) \ - X509_CRT_ERROR_INFO( MBEDTLS_X509_BADCERT_FUTURE, \ - "MBEDTLS_X509_BADCERT_FUTURE", \ - "The certificate validity starts in the future" ) \ - X509_CRT_ERROR_INFO( MBEDTLS_X509_BADCRL_FUTURE, \ - "MBEDTLS_X509_BADCRL_FUTURE", \ - "The CRL is from the future" ) \ - X509_CRT_ERROR_INFO( MBEDTLS_X509_BADCERT_KEY_USAGE, \ - "MBEDTLS_X509_BADCERT_KEY_USAGE", \ - "Usage does not match the keyUsage extension" ) \ - X509_CRT_ERROR_INFO( MBEDTLS_X509_BADCERT_EXT_KEY_USAGE, \ - "MBEDTLS_X509_BADCERT_EXT_KEY_USAGE", \ - "Usage does not match the extendedKeyUsage extension" ) \ - X509_CRT_ERROR_INFO( MBEDTLS_X509_BADCERT_NS_CERT_TYPE, \ - "MBEDTLS_X509_BADCERT_NS_CERT_TYPE", \ - "Usage does not match the nsCertType extension" ) \ - X509_CRT_ERROR_INFO( MBEDTLS_X509_BADCERT_BAD_MD, \ - "MBEDTLS_X509_BADCERT_BAD_MD", \ - "The certificate is signed with an unacceptable hash." ) \ - X509_CRT_ERROR_INFO( MBEDTLS_X509_BADCERT_BAD_PK, \ - "MBEDTLS_X509_BADCERT_BAD_PK", \ - "The certificate is signed with an unacceptable PK alg (eg RSA vs ECDSA)." ) \ - X509_CRT_ERROR_INFO( MBEDTLS_X509_BADCERT_BAD_KEY, \ - "MBEDTLS_X509_BADCERT_BAD_KEY", \ - "The certificate is signed with an unacceptable key (eg bad curve, RSA too short)." ) \ - X509_CRT_ERROR_INFO( MBEDTLS_X509_BADCRL_BAD_MD, \ - "MBEDTLS_X509_BADCRL_BAD_MD", \ - "The CRL is signed with an unacceptable hash." ) \ - X509_CRT_ERROR_INFO( MBEDTLS_X509_BADCRL_BAD_PK, \ - "MBEDTLS_X509_BADCRL_BAD_PK", \ - "The CRL is signed with an unacceptable PK alg (eg RSA vs ECDSA)." ) \ - X509_CRT_ERROR_INFO( MBEDTLS_X509_BADCRL_BAD_KEY, \ - "MBEDTLS_X509_BADCRL_BAD_KEY", \ - "The CRL is signed with an unacceptable key (eg bad curve, RSA too short)." ) - -/** - * Container for writing a certificate (CRT) - */ -typedef struct mbedtls_x509write_cert -{ - int MBEDTLS_PRIVATE(version); - mbedtls_mpi MBEDTLS_PRIVATE(serial); - mbedtls_pk_context *MBEDTLS_PRIVATE(subject_key); - mbedtls_pk_context *MBEDTLS_PRIVATE(issuer_key); - mbedtls_asn1_named_data *MBEDTLS_PRIVATE(subject); - mbedtls_asn1_named_data *MBEDTLS_PRIVATE(issuer); - mbedtls_md_type_t MBEDTLS_PRIVATE(md_alg); - char MBEDTLS_PRIVATE(not_before)[MBEDTLS_X509_RFC5280_UTC_TIME_LEN + 1]; - char MBEDTLS_PRIVATE(not_after)[MBEDTLS_X509_RFC5280_UTC_TIME_LEN + 1]; - mbedtls_asn1_named_data *MBEDTLS_PRIVATE(extensions); -} -mbedtls_x509write_cert; - -/** - * Item in a verification chain: cert and flags for it - */ -typedef struct { - mbedtls_x509_crt *MBEDTLS_PRIVATE(crt); - uint32_t MBEDTLS_PRIVATE(flags); -} mbedtls_x509_crt_verify_chain_item; - -/** - * Max size of verification chain: end-entity + intermediates + trusted root - */ -#define MBEDTLS_X509_MAX_VERIFY_CHAIN_SIZE ( MBEDTLS_X509_MAX_INTERMEDIATE_CA + 2 ) - -/** - * Verification chain as built by \c mbedtls_crt_verify_chain() - */ -typedef struct -{ - mbedtls_x509_crt_verify_chain_item MBEDTLS_PRIVATE(items)[MBEDTLS_X509_MAX_VERIFY_CHAIN_SIZE]; - unsigned MBEDTLS_PRIVATE(len); - -#if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK) - /* This stores the list of potential trusted signers obtained from - * the CA callback used for the CRT verification, if configured. - * We must track it somewhere because the callback passes its - * ownership to the caller. */ - mbedtls_x509_crt *MBEDTLS_PRIVATE(trust_ca_cb_result); -#endif /* MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK */ -} mbedtls_x509_crt_verify_chain; - -#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE) - -/** - * \brief Context for resuming X.509 verify operations - */ -typedef struct -{ - /* for check_signature() */ - mbedtls_pk_restart_ctx MBEDTLS_PRIVATE(pk); - - /* for find_parent_in() */ - mbedtls_x509_crt *MBEDTLS_PRIVATE(parent); /* non-null iff parent_in in progress */ - mbedtls_x509_crt *MBEDTLS_PRIVATE(fallback_parent); - int MBEDTLS_PRIVATE(fallback_signature_is_good); - - /* for find_parent() */ - int MBEDTLS_PRIVATE(parent_is_trusted); /* -1 if find_parent is not in progress */ - - /* for verify_chain() */ - enum { - x509_crt_rs_none, - x509_crt_rs_find_parent, - } MBEDTLS_PRIVATE(in_progress); /* none if no operation is in progress */ - int MBEDTLS_PRIVATE(self_cnt); - mbedtls_x509_crt_verify_chain MBEDTLS_PRIVATE(ver_chain); - -} mbedtls_x509_crt_restart_ctx; - -#else /* MBEDTLS_ECDSA_C && MBEDTLS_ECP_RESTARTABLE */ - -/* Now we can declare functions that take a pointer to that */ -typedef void mbedtls_x509_crt_restart_ctx; - -#endif /* MBEDTLS_ECDSA_C && MBEDTLS_ECP_RESTARTABLE */ - -#if defined(MBEDTLS_X509_CRT_PARSE_C) -/** - * Default security profile. Should provide a good balance between security - * and compatibility with current deployments. - * - * This profile permits: - * - SHA2 hashes with at least 256 bits: SHA-256, SHA-384, SHA-512. - * - Elliptic curves with 255 bits and above except secp256k1. - * - RSA with 2048 bits and above. - * - * New minor versions of Mbed TLS may extend this profile, for example if - * new algorithms are added to the library. New minor versions of Mbed TLS will - * not reduce this profile unless serious security concerns require it. - */ -extern const mbedtls_x509_crt_profile mbedtls_x509_crt_profile_default; - -/** - * Expected next default profile. Recommended for new deployments. - * Currently targets a 128-bit security level, except for allowing RSA-2048. - * This profile may change at any time. - */ -extern const mbedtls_x509_crt_profile mbedtls_x509_crt_profile_next; - -/** - * NSA Suite B profile. - */ -extern const mbedtls_x509_crt_profile mbedtls_x509_crt_profile_suiteb; - -/** - * Empty profile that allows nothing. Useful as a basis for constructing - * custom profiles. - */ -extern const mbedtls_x509_crt_profile mbedtls_x509_crt_profile_none; - -/** - * \brief Parse a single DER formatted certificate and add it - * to the end of the provided chained list. - * - * \param chain The pointer to the start of the CRT chain to attach to. - * When parsing the first CRT in a chain, this should point - * to an instance of ::mbedtls_x509_crt initialized through - * mbedtls_x509_crt_init(). - * \param buf The buffer holding the DER encoded certificate. - * \param buflen The size in Bytes of \p buf. - * - * \note This function makes an internal copy of the CRT buffer - * \p buf. In particular, \p buf may be destroyed or reused - * after this call returns. To avoid duplicating the CRT - * buffer (at the cost of stricter lifetime constraints), - * use mbedtls_x509_crt_parse_der_nocopy() instead. - * - * \return \c 0 if successful. - * \return A negative error code on failure. - */ -int mbedtls_x509_crt_parse_der( mbedtls_x509_crt *chain, - const unsigned char *buf, - size_t buflen ); - -/** - * \brief The type of certificate extension callbacks. - * - * Callbacks of this type are passed to and used by the - * mbedtls_x509_crt_parse_der_with_ext_cb() routine when - * it encounters either an unsupported extension or a - * "certificate policies" extension containing any - * unsupported certificate policies. - * Future versions of the library may invoke the callback - * in other cases, if and when the need arises. - * - * \param p_ctx An opaque context passed to the callback. - * \param crt The certificate being parsed. - * \param oid The OID of the extension. - * \param critical Whether the extension is critical. - * \param p Pointer to the start of the extension value - * (the content of the OCTET STRING). - * \param end End of extension value. - * - * \note The callback must fail and return a negative error code - * if it can not parse or does not support the extension. - * When the callback fails to parse a critical extension - * mbedtls_x509_crt_parse_der_with_ext_cb() also fails. - * When the callback fails to parse a non critical extension - * mbedtls_x509_crt_parse_der_with_ext_cb() simply skips - * the extension and continues parsing. - * - * \return \c 0 on success. - * \return A negative error code on failure. - */ -typedef int (*mbedtls_x509_crt_ext_cb_t)( void *p_ctx, - mbedtls_x509_crt const *crt, - mbedtls_x509_buf const *oid, - int critical, - const unsigned char *p, - const unsigned char *end ); - -/** - * \brief Parse a single DER formatted certificate and add it - * to the end of the provided chained list. - * - * \param chain The pointer to the start of the CRT chain to attach to. - * When parsing the first CRT in a chain, this should point - * to an instance of ::mbedtls_x509_crt initialized through - * mbedtls_x509_crt_init(). - * \param buf The buffer holding the DER encoded certificate. - * \param buflen The size in Bytes of \p buf. - * \param make_copy When not zero this function makes an internal copy of the - * CRT buffer \p buf. In particular, \p buf may be destroyed - * or reused after this call returns. - * When zero this function avoids duplicating the CRT buffer - * by taking temporary ownership thereof until the CRT - * is destroyed (like mbedtls_x509_crt_parse_der_nocopy()) - * \param cb A callback invoked for every unsupported certificate - * extension. - * \param p_ctx An opaque context passed to the callback. - * - * \note This call is functionally equivalent to - * mbedtls_x509_crt_parse_der(), and/or - * mbedtls_x509_crt_parse_der_nocopy() - * but it calls the callback with every unsupported - * certificate extension and additionally the - * "certificate policies" extension if it contains any - * unsupported certificate policies. - * The callback must return a negative error code if it - * does not know how to handle such an extension. - * When the callback fails to parse a critical extension - * mbedtls_x509_crt_parse_der_with_ext_cb() also fails. - * When the callback fails to parse a non critical extension - * mbedtls_x509_crt_parse_der_with_ext_cb() simply skips - * the extension and continues parsing. - * Future versions of the library may invoke the callback - * in other cases, if and when the need arises. - * - * \return \c 0 if successful. - * \return A negative error code on failure. - */ -int mbedtls_x509_crt_parse_der_with_ext_cb( mbedtls_x509_crt *chain, - const unsigned char *buf, - size_t buflen, - int make_copy, - mbedtls_x509_crt_ext_cb_t cb, - void *p_ctx ); - -/** - * \brief Parse a single DER formatted certificate and add it - * to the end of the provided chained list. This is a - * variant of mbedtls_x509_crt_parse_der() which takes - * temporary ownership of the CRT buffer until the CRT - * is destroyed. - * - * \param chain The pointer to the start of the CRT chain to attach to. - * When parsing the first CRT in a chain, this should point - * to an instance of ::mbedtls_x509_crt initialized through - * mbedtls_x509_crt_init(). - * \param buf The address of the readable buffer holding the DER encoded - * certificate to use. On success, this buffer must be - * retained and not be changed for the liftetime of the - * CRT chain \p chain, that is, until \p chain is destroyed - * through a call to mbedtls_x509_crt_free(). - * \param buflen The size in Bytes of \p buf. - * - * \note This call is functionally equivalent to - * mbedtls_x509_crt_parse_der(), but it avoids creating a - * copy of the input buffer at the cost of stronger lifetime - * constraints. This is useful in constrained environments - * where duplication of the CRT cannot be tolerated. - * - * \return \c 0 if successful. - * \return A negative error code on failure. - */ -int mbedtls_x509_crt_parse_der_nocopy( mbedtls_x509_crt *chain, - const unsigned char *buf, - size_t buflen ); - -/** - * \brief Parse one DER-encoded or one or more concatenated PEM-encoded - * certificates and add them to the chained list. - * - * For CRTs in PEM encoding, the function parses permissively: - * if at least one certificate can be parsed, the function - * returns the number of certificates for which parsing failed - * (hence \c 0 if all certificates were parsed successfully). - * If no certificate could be parsed, the function returns - * the first (negative) error encountered during parsing. - * - * PEM encoded certificates may be interleaved by other data - * such as human readable descriptions of their content, as - * long as the certificates are enclosed in the PEM specific - * '-----{BEGIN/END} CERTIFICATE-----' delimiters. - * - * \param chain The chain to which to add the parsed certificates. - * \param buf The buffer holding the certificate data in PEM or DER format. - * For certificates in PEM encoding, this may be a concatenation - * of multiple certificates; for DER encoding, the buffer must - * comprise exactly one certificate. - * \param buflen The size of \p buf, including the terminating \c NULL byte - * in case of PEM encoded data. - * - * \return \c 0 if all certificates were parsed successfully. - * \return The (positive) number of certificates that couldn't - * be parsed if parsing was partly successful (see above). - * \return A negative X509 or PEM error code otherwise. - * - */ -int mbedtls_x509_crt_parse( mbedtls_x509_crt *chain, const unsigned char *buf, size_t buflen ); - -#if defined(MBEDTLS_FS_IO) -/** - * \brief Load one or more certificates and add them - * to the chained list. Parses permissively. If some - * certificates can be parsed, the result is the number - * of failed certificates it encountered. If none complete - * correctly, the first error is returned. - * - * \param chain points to the start of the chain - * \param path filename to read the certificates from - * - * \return 0 if all certificates parsed successfully, a positive number - * if partly successful or a specific X509 or PEM error code - */ -int mbedtls_x509_crt_parse_file( mbedtls_x509_crt *chain, const char *path ); - -/** - * \brief Load one or more certificate files from a path and add them - * to the chained list. Parses permissively. If some - * certificates can be parsed, the result is the number - * of failed certificates it encountered. If none complete - * correctly, the first error is returned. - * - * \param chain points to the start of the chain - * \param path directory / folder to read the certificate files from - * - * \return 0 if all certificates parsed successfully, a positive number - * if partly successful or a specific X509 or PEM error code - */ -int mbedtls_x509_crt_parse_path( mbedtls_x509_crt *chain, const char *path ); - -#endif /* MBEDTLS_FS_IO */ -/** - * \brief This function parses an item in the SubjectAlternativeNames - * extension. - * - * \param san_buf The buffer holding the raw data item of the subject - * alternative name. - * \param san The target structure to populate with the parsed presentation - * of the subject alternative name encoded in \p san_raw. - * - * \note Only "dnsName" and "otherName" of type hardware_module_name - * as defined in RFC 4180 is supported. - * - * \note This function should be called on a single raw data of - * subject alternative name. For example, after successful - * certificate parsing, one must iterate on every item in the - * \p crt->subject_alt_names sequence, and pass it to - * this function. - * - * \warning The target structure contains pointers to the raw data of the - * parsed certificate, and its lifetime is restricted by the - * lifetime of the certificate. - * - * \return \c 0 on success - * \return #MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE for an unsupported - * SAN type. - * \return Another negative value for any other failure. - */ -int mbedtls_x509_parse_subject_alt_name( const mbedtls_x509_buf *san_buf, - mbedtls_x509_subject_alternative_name *san ); - -#if !defined(MBEDTLS_X509_REMOVE_INFO) -/** - * \brief Returns an informational string about the - * certificate. - * - * \param buf Buffer to write to - * \param size Maximum size of buffer - * \param prefix A line prefix - * \param crt The X509 certificate to represent - * - * \return The length of the string written (not including the - * terminated nul byte), or a negative error code. - */ -int mbedtls_x509_crt_info( char *buf, size_t size, const char *prefix, - const mbedtls_x509_crt *crt ); - -/** - * \brief Returns an informational string about the - * verification status of a certificate. - * - * \param buf Buffer to write to - * \param size Maximum size of buffer - * \param prefix A line prefix - * \param flags Verification flags created by mbedtls_x509_crt_verify() - * - * \return The length of the string written (not including the - * terminated nul byte), or a negative error code. - */ -int mbedtls_x509_crt_verify_info( char *buf, size_t size, const char *prefix, - uint32_t flags ); -#endif /* !MBEDTLS_X509_REMOVE_INFO */ - -/** - * \brief Verify a chain of certificates. - * - * The verify callback is a user-supplied callback that - * can clear / modify / add flags for a certificate. If set, - * the verification callback is called for each - * certificate in the chain (from the trust-ca down to the - * presented crt). The parameters for the callback are: - * (void *parameter, mbedtls_x509_crt *crt, int certificate_depth, - * int *flags). With the flags representing current flags for - * that specific certificate and the certificate depth from - * the bottom (Peer cert depth = 0). - * - * All flags left after returning from the callback - * are also returned to the application. The function should - * return 0 for anything (including invalid certificates) - * other than fatal error, as a non-zero return code - * immediately aborts the verification process. For fatal - * errors, a specific error code should be used (different - * from MBEDTLS_ERR_X509_CERT_VERIFY_FAILED which should not - * be returned at this point), or MBEDTLS_ERR_X509_FATAL_ERROR - * can be used if no better code is available. - * - * \note In case verification failed, the results can be displayed - * using \c mbedtls_x509_crt_verify_info() - * - * \note Same as \c mbedtls_x509_crt_verify_with_profile() with the - * default security profile. - * - * \note It is your responsibility to provide up-to-date CRLs for - * all trusted CAs. If no CRL is provided for the CA that was - * used to sign the certificate, CRL verification is skipped - * silently, that is *without* setting any flag. - * - * \note The \c trust_ca list can contain two types of certificates: - * (1) those of trusted root CAs, so that certificates - * chaining up to those CAs will be trusted, and (2) - * self-signed end-entity certificates to be trusted (for - * specific peers you know) - in that case, the self-signed - * certificate doesn't need to have the CA bit set. - * - * \param crt The certificate chain to be verified. - * \param trust_ca The list of trusted CAs. - * \param ca_crl The list of CRLs for trusted CAs. - * \param cn The expected Common Name. This will be checked to be - * present in the certificate's subjectAltNames extension or, - * if this extension is absent, as a CN component in its - * Subject name. Currently only DNS names are supported. This - * may be \c NULL if the CN need not be verified. - * \param flags The address at which to store the result of the verification. - * If the verification couldn't be completed, the flag value is - * set to (uint32_t) -1. - * \param f_vrfy The verification callback to use. See the documentation - * of mbedtls_x509_crt_verify() for more information. - * \param p_vrfy The context to be passed to \p f_vrfy. - * - * \return \c 0 if the chain is valid with respect to the - * passed CN, CAs, CRLs and security profile. - * \return #MBEDTLS_ERR_X509_CERT_VERIFY_FAILED in case the - * certificate chain verification failed. In this case, - * \c *flags will have one or more - * \c MBEDTLS_X509_BADCERT_XXX or \c MBEDTLS_X509_BADCRL_XXX - * flags set. - * \return Another negative error code in case of a fatal error - * encountered during the verification process. - */ -int mbedtls_x509_crt_verify( mbedtls_x509_crt *crt, - mbedtls_x509_crt *trust_ca, - mbedtls_x509_crl *ca_crl, - const char *cn, uint32_t *flags, - int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *), - void *p_vrfy ); - -/** - * \brief Verify a chain of certificates with respect to - * a configurable security profile. - * - * \note Same as \c mbedtls_x509_crt_verify(), but with explicit - * security profile. - * - * \note The restrictions on keys (RSA minimum size, allowed curves - * for ECDSA) apply to all certificates: trusted root, - * intermediate CAs if any, and end entity certificate. - * - * \param crt The certificate chain to be verified. - * \param trust_ca The list of trusted CAs. - * \param ca_crl The list of CRLs for trusted CAs. - * \param profile The security profile to use for the verification. - * \param cn The expected Common Name. This may be \c NULL if the - * CN need not be verified. - * \param flags The address at which to store the result of the verification. - * If the verification couldn't be completed, the flag value is - * set to (uint32_t) -1. - * \param f_vrfy The verification callback to use. See the documentation - * of mbedtls_x509_crt_verify() for more information. - * \param p_vrfy The context to be passed to \p f_vrfy. - * - * \return \c 0 if the chain is valid with respect to the - * passed CN, CAs, CRLs and security profile. - * \return #MBEDTLS_ERR_X509_CERT_VERIFY_FAILED in case the - * certificate chain verification failed. In this case, - * \c *flags will have one or more - * \c MBEDTLS_X509_BADCERT_XXX or \c MBEDTLS_X509_BADCRL_XXX - * flags set. - * \return Another negative error code in case of a fatal error - * encountered during the verification process. - */ -int mbedtls_x509_crt_verify_with_profile( mbedtls_x509_crt *crt, - mbedtls_x509_crt *trust_ca, - mbedtls_x509_crl *ca_crl, - const mbedtls_x509_crt_profile *profile, - const char *cn, uint32_t *flags, - int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *), - void *p_vrfy ); - -/** - * \brief Restartable version of \c mbedtls_crt_verify_with_profile() - * - * \note Performs the same job as \c mbedtls_crt_verify_with_profile() - * but can return early and restart according to the limit - * set with \c mbedtls_ecp_set_max_ops() to reduce blocking. - * - * \param crt The certificate chain to be verified. - * \param trust_ca The list of trusted CAs. - * \param ca_crl The list of CRLs for trusted CAs. - * \param profile The security profile to use for the verification. - * \param cn The expected Common Name. This may be \c NULL if the - * CN need not be verified. - * \param flags The address at which to store the result of the verification. - * If the verification couldn't be completed, the flag value is - * set to (uint32_t) -1. - * \param f_vrfy The verification callback to use. See the documentation - * of mbedtls_x509_crt_verify() for more information. - * \param p_vrfy The context to be passed to \p f_vrfy. - * \param rs_ctx The restart context to use. This may be set to \c NULL - * to disable restartable ECC. - * - * \return See \c mbedtls_crt_verify_with_profile(), or - * \return #MBEDTLS_ERR_ECP_IN_PROGRESS if maximum number of - * operations was reached: see \c mbedtls_ecp_set_max_ops(). - */ -int mbedtls_x509_crt_verify_restartable( mbedtls_x509_crt *crt, - mbedtls_x509_crt *trust_ca, - mbedtls_x509_crl *ca_crl, - const mbedtls_x509_crt_profile *profile, - const char *cn, uint32_t *flags, - int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *), - void *p_vrfy, - mbedtls_x509_crt_restart_ctx *rs_ctx ); - -/** - * \brief The type of trusted certificate callbacks. - * - * Callbacks of this type are passed to and used by the CRT - * verification routine mbedtls_x509_crt_verify_with_ca_cb() - * when looking for trusted signers of a given certificate. - * - * On success, the callback returns a list of trusted - * certificates to be considered as potential signers - * for the input certificate. - * - * \param p_ctx An opaque context passed to the callback. - * \param child The certificate for which to search a potential signer. - * This will point to a readable certificate. - * \param candidate_cas The address at which to store the address of the first - * entry in the generated linked list of candidate signers. - * This will not be \c NULL. - * - * \note The callback must only return a non-zero value on a - * fatal error. If, in contrast, the search for a potential - * signer completes without a single candidate, the - * callback must return \c 0 and set \c *candidate_cas - * to \c NULL. - * - * \return \c 0 on success. In this case, \c *candidate_cas points - * to a heap-allocated linked list of instances of - * ::mbedtls_x509_crt, and ownership of this list is passed - * to the caller. - * \return A negative error code on failure. - */ -typedef int (*mbedtls_x509_crt_ca_cb_t)( void *p_ctx, - mbedtls_x509_crt const *child, - mbedtls_x509_crt **candidate_cas ); - -#if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK) -/** - * \brief Version of \c mbedtls_x509_crt_verify_with_profile() which - * uses a callback to acquire the list of trusted CA - * certificates. - * - * \param crt The certificate chain to be verified. - * \param f_ca_cb The callback to be used to query for potential signers - * of a given child certificate. See the documentation of - * ::mbedtls_x509_crt_ca_cb_t for more information. - * \param p_ca_cb The opaque context to be passed to \p f_ca_cb. - * \param profile The security profile for the verification. - * \param cn The expected Common Name. This may be \c NULL if the - * CN need not be verified. - * \param flags The address at which to store the result of the verification. - * If the verification couldn't be completed, the flag value is - * set to (uint32_t) -1. - * \param f_vrfy The verification callback to use. See the documentation - * of mbedtls_x509_crt_verify() for more information. - * \param p_vrfy The context to be passed to \p f_vrfy. - * - * \return See \c mbedtls_crt_verify_with_profile(). - */ -int mbedtls_x509_crt_verify_with_ca_cb( mbedtls_x509_crt *crt, - mbedtls_x509_crt_ca_cb_t f_ca_cb, - void *p_ca_cb, - const mbedtls_x509_crt_profile *profile, - const char *cn, uint32_t *flags, - int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *), - void *p_vrfy ); - -#endif /* MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK */ - -/** - * \brief Check usage of certificate against keyUsage extension. - * - * \param crt Leaf certificate used. - * \param usage Intended usage(s) (eg MBEDTLS_X509_KU_KEY_ENCIPHERMENT - * before using the certificate to perform an RSA key - * exchange). - * - * \note Except for decipherOnly and encipherOnly, a bit set in the - * usage argument means this bit MUST be set in the - * certificate. For decipherOnly and encipherOnly, it means - * that bit MAY be set. - * - * \return 0 is these uses of the certificate are allowed, - * MBEDTLS_ERR_X509_BAD_INPUT_DATA if the keyUsage extension - * is present but does not match the usage argument. - * - * \note You should only call this function on leaf certificates, on - * (intermediate) CAs the keyUsage extension is automatically - * checked by \c mbedtls_x509_crt_verify(). - */ -int mbedtls_x509_crt_check_key_usage( const mbedtls_x509_crt *crt, - unsigned int usage ); - -/** - * \brief Check usage of certificate against extendedKeyUsage. - * - * \param crt Leaf certificate used. - * \param usage_oid Intended usage (eg MBEDTLS_OID_SERVER_AUTH or - * MBEDTLS_OID_CLIENT_AUTH). - * \param usage_len Length of usage_oid (eg given by MBEDTLS_OID_SIZE()). - * - * \return 0 if this use of the certificate is allowed, - * MBEDTLS_ERR_X509_BAD_INPUT_DATA if not. - * - * \note Usually only makes sense on leaf certificates. - */ -int mbedtls_x509_crt_check_extended_key_usage( const mbedtls_x509_crt *crt, - const char *usage_oid, - size_t usage_len ); - -#if defined(MBEDTLS_X509_CRL_PARSE_C) -/** - * \brief Verify the certificate revocation status - * - * \param crt a certificate to be verified - * \param crl the CRL to verify against - * - * \return 1 if the certificate is revoked, 0 otherwise - * - */ -int mbedtls_x509_crt_is_revoked( const mbedtls_x509_crt *crt, const mbedtls_x509_crl *crl ); -#endif /* MBEDTLS_X509_CRL_PARSE_C */ - -/** - * \brief Initialize a certificate (chain) - * - * \param crt Certificate chain to initialize - */ -void mbedtls_x509_crt_init( mbedtls_x509_crt *crt ); - -/** - * \brief Unallocate all certificate data - * - * \param crt Certificate chain to free - */ -void mbedtls_x509_crt_free( mbedtls_x509_crt *crt ); - -#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE) -/** - * \brief Initialize a restart context - */ -void mbedtls_x509_crt_restart_init( mbedtls_x509_crt_restart_ctx *ctx ); - -/** - * \brief Free the components of a restart context - */ -void mbedtls_x509_crt_restart_free( mbedtls_x509_crt_restart_ctx *ctx ); -#endif /* MBEDTLS_ECDSA_C && MBEDTLS_ECP_RESTARTABLE */ -#endif /* MBEDTLS_X509_CRT_PARSE_C */ - -/* \} name */ -/* \} addtogroup x509_module */ - -#if defined(MBEDTLS_X509_CRT_WRITE_C) -/** - * \brief Initialize a CRT writing context - * - * \param ctx CRT context to initialize - */ -void mbedtls_x509write_crt_init( mbedtls_x509write_cert *ctx ); - -/** - * \brief Set the verion for a Certificate - * Default: MBEDTLS_X509_CRT_VERSION_3 - * - * \param ctx CRT context to use - * \param version version to set (MBEDTLS_X509_CRT_VERSION_1, MBEDTLS_X509_CRT_VERSION_2 or - * MBEDTLS_X509_CRT_VERSION_3) - */ -void mbedtls_x509write_crt_set_version( mbedtls_x509write_cert *ctx, int version ); - -/** - * \brief Set the serial number for a Certificate. - * - * \param ctx CRT context to use - * \param serial serial number to set - * - * \return 0 if successful - */ -int mbedtls_x509write_crt_set_serial( mbedtls_x509write_cert *ctx, const mbedtls_mpi *serial ); - -/** - * \brief Set the validity period for a Certificate - * Timestamps should be in string format for UTC timezone - * i.e. "YYYYMMDDhhmmss" - * e.g. "20131231235959" for December 31st 2013 - * at 23:59:59 - * - * \param ctx CRT context to use - * \param not_before not_before timestamp - * \param not_after not_after timestamp - * - * \return 0 if timestamp was parsed successfully, or - * a specific error code - */ -int mbedtls_x509write_crt_set_validity( mbedtls_x509write_cert *ctx, const char *not_before, - const char *not_after ); - -/** - * \brief Set the issuer name for a Certificate - * Issuer names should contain a comma-separated list - * of OID types and values: - * e.g. "C=UK,O=ARM,CN=mbed TLS CA" - * - * \param ctx CRT context to use - * \param issuer_name issuer name to set - * - * \return 0 if issuer name was parsed successfully, or - * a specific error code - */ -int mbedtls_x509write_crt_set_issuer_name( mbedtls_x509write_cert *ctx, - const char *issuer_name ); - -/** - * \brief Set the subject name for a Certificate - * Subject names should contain a comma-separated list - * of OID types and values: - * e.g. "C=UK,O=ARM,CN=mbed TLS Server 1" - * - * \param ctx CRT context to use - * \param subject_name subject name to set - * - * \return 0 if subject name was parsed successfully, or - * a specific error code - */ -int mbedtls_x509write_crt_set_subject_name( mbedtls_x509write_cert *ctx, - const char *subject_name ); - -/** - * \brief Set the subject public key for the certificate - * - * \param ctx CRT context to use - * \param key public key to include - */ -void mbedtls_x509write_crt_set_subject_key( mbedtls_x509write_cert *ctx, mbedtls_pk_context *key ); - -/** - * \brief Set the issuer key used for signing the certificate - * - * \param ctx CRT context to use - * \param key private key to sign with - */ -void mbedtls_x509write_crt_set_issuer_key( mbedtls_x509write_cert *ctx, mbedtls_pk_context *key ); - -/** - * \brief Set the MD algorithm to use for the signature - * (e.g. MBEDTLS_MD_SHA1) - * - * \param ctx CRT context to use - * \param md_alg MD algorithm to use - */ -void mbedtls_x509write_crt_set_md_alg( mbedtls_x509write_cert *ctx, mbedtls_md_type_t md_alg ); - -/** - * \brief Generic function to add to or replace an extension in the - * CRT - * - * \param ctx CRT context to use - * \param oid OID of the extension - * \param oid_len length of the OID - * \param critical if the extension is critical (per the RFC's definition) - * \param val value of the extension OCTET STRING - * \param val_len length of the value data - * - * \return 0 if successful, or a MBEDTLS_ERR_X509_ALLOC_FAILED - */ -int mbedtls_x509write_crt_set_extension( mbedtls_x509write_cert *ctx, - const char *oid, size_t oid_len, - int critical, - const unsigned char *val, size_t val_len ); - -/** - * \brief Set the basicConstraints extension for a CRT - * - * \param ctx CRT context to use - * \param is_ca is this a CA certificate - * \param max_pathlen maximum length of certificate chains below this - * certificate (only for CA certificates, -1 is - * inlimited) - * - * \return 0 if successful, or a MBEDTLS_ERR_X509_ALLOC_FAILED - */ -int mbedtls_x509write_crt_set_basic_constraints( mbedtls_x509write_cert *ctx, - int is_ca, int max_pathlen ); - -#if defined(MBEDTLS_SHA1_C) -/** - * \brief Set the subjectKeyIdentifier extension for a CRT - * Requires that mbedtls_x509write_crt_set_subject_key() has been - * called before - * - * \param ctx CRT context to use - * - * \return 0 if successful, or a MBEDTLS_ERR_X509_ALLOC_FAILED - */ -int mbedtls_x509write_crt_set_subject_key_identifier( mbedtls_x509write_cert *ctx ); - -/** - * \brief Set the authorityKeyIdentifier extension for a CRT - * Requires that mbedtls_x509write_crt_set_issuer_key() has been - * called before - * - * \param ctx CRT context to use - * - * \return 0 if successful, or a MBEDTLS_ERR_X509_ALLOC_FAILED - */ -int mbedtls_x509write_crt_set_authority_key_identifier( mbedtls_x509write_cert *ctx ); -#endif /* MBEDTLS_SHA1_C */ - -/** - * \brief Set the Key Usage Extension flags - * (e.g. MBEDTLS_X509_KU_DIGITAL_SIGNATURE | MBEDTLS_X509_KU_KEY_CERT_SIGN) - * - * \param ctx CRT context to use - * \param key_usage key usage flags to set - * - * \return 0 if successful, or MBEDTLS_ERR_X509_ALLOC_FAILED - */ -int mbedtls_x509write_crt_set_key_usage( mbedtls_x509write_cert *ctx, - unsigned int key_usage ); - -/** - * \brief Set the Netscape Cert Type flags - * (e.g. MBEDTLS_X509_NS_CERT_TYPE_SSL_CLIENT | MBEDTLS_X509_NS_CERT_TYPE_EMAIL) - * - * \param ctx CRT context to use - * \param ns_cert_type Netscape Cert Type flags to set - * - * \return 0 if successful, or MBEDTLS_ERR_X509_ALLOC_FAILED - */ -int mbedtls_x509write_crt_set_ns_cert_type( mbedtls_x509write_cert *ctx, - unsigned char ns_cert_type ); - -/** - * \brief Free the contents of a CRT write context - * - * \param ctx CRT context to free - */ -void mbedtls_x509write_crt_free( mbedtls_x509write_cert *ctx ); - -/** - * \brief Write a built up certificate to a X509 DER structure - * Note: data is written at the end of the buffer! Use the - * return value to determine where you should start - * using the buffer - * - * \param ctx certificate to write away - * \param buf buffer to write to - * \param size size of the buffer - * \param f_rng RNG function. This must not be \c NULL. - * \param p_rng RNG parameter - * - * \return length of data written if successful, or a specific - * error code - * - * \note \p f_rng is used for the signature operation. - */ -int mbedtls_x509write_crt_der( mbedtls_x509write_cert *ctx, unsigned char *buf, size_t size, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng ); - -#if defined(MBEDTLS_PEM_WRITE_C) -/** - * \brief Write a built up certificate to a X509 PEM string - * - * \param ctx certificate to write away - * \param buf buffer to write to - * \param size size of the buffer - * \param f_rng RNG function. This must not be \c NULL. - * \param p_rng RNG parameter - * - * \return 0 if successful, or a specific error code - * - * \note \p f_rng is used for the signature operation. - */ -int mbedtls_x509write_crt_pem( mbedtls_x509write_cert *ctx, unsigned char *buf, size_t size, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng ); -#endif /* MBEDTLS_PEM_WRITE_C */ -#endif /* MBEDTLS_X509_CRT_WRITE_C */ - -#ifdef __cplusplus -} -#endif - -#endif /* mbedtls_x509_crt.h */ diff --git a/windows/mbedtls/x509_csr.h b/windows/mbedtls/x509_csr.h deleted file mode 100644 index 674f9ce7..00000000 --- a/windows/mbedtls/x509_csr.h +++ /dev/null @@ -1,300 +0,0 @@ -/** - * \file x509_csr.h - * - * \brief X.509 certificate signing request parsing and writing - */ -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -#ifndef MBEDTLS_X509_CSR_H -#define MBEDTLS_X509_CSR_H -#include "mbedtls/private_access.h" - -#include "mbedtls/build_info.h" - -#include "mbedtls/x509.h" - -#ifdef __cplusplus -extern "C" { -#endif - -/** - * \addtogroup x509_module - * \{ */ - -/** - * \name Structures and functions for X.509 Certificate Signing Requests (CSR) - * \{ - */ - -/** - * Certificate Signing Request (CSR) structure. - */ -typedef struct mbedtls_x509_csr -{ - mbedtls_x509_buf MBEDTLS_PRIVATE(raw); /**< The raw CSR data (DER). */ - mbedtls_x509_buf MBEDTLS_PRIVATE(cri); /**< The raw CertificateRequestInfo body (DER). */ - - int MBEDTLS_PRIVATE(version); /**< CSR version (1=v1). */ - - mbedtls_x509_buf MBEDTLS_PRIVATE(subject_raw); /**< The raw subject data (DER). */ - mbedtls_x509_name MBEDTLS_PRIVATE(subject); /**< The parsed subject data (named information object). */ - - mbedtls_pk_context MBEDTLS_PRIVATE(pk); /**< Container for the public key context. */ - - mbedtls_x509_buf MBEDTLS_PRIVATE(sig_oid); - mbedtls_x509_buf MBEDTLS_PRIVATE(sig); - mbedtls_md_type_t MBEDTLS_PRIVATE(sig_md); /**< Internal representation of the MD algorithm of the signature algorithm, e.g. MBEDTLS_MD_SHA256 */ - mbedtls_pk_type_t MBEDTLS_PRIVATE(sig_pk); /**< Internal representation of the Public Key algorithm of the signature algorithm, e.g. MBEDTLS_PK_RSA */ - void *MBEDTLS_PRIVATE(sig_opts); /**< Signature options to be passed to mbedtls_pk_verify_ext(), e.g. for RSASSA-PSS */ -} -mbedtls_x509_csr; - -/** - * Container for writing a CSR - */ -typedef struct mbedtls_x509write_csr -{ - mbedtls_pk_context *MBEDTLS_PRIVATE(key); - mbedtls_asn1_named_data *MBEDTLS_PRIVATE(subject); - mbedtls_md_type_t MBEDTLS_PRIVATE(md_alg); - mbedtls_asn1_named_data *MBEDTLS_PRIVATE(extensions); -} -mbedtls_x509write_csr; - -#if defined(MBEDTLS_X509_CSR_PARSE_C) -/** - * \brief Load a Certificate Signing Request (CSR) in DER format - * - * \note CSR attributes (if any) are currently silently ignored. - * - * \param csr CSR context to fill - * \param buf buffer holding the CRL data - * \param buflen size of the buffer - * - * \return 0 if successful, or a specific X509 error code - */ -int mbedtls_x509_csr_parse_der( mbedtls_x509_csr *csr, - const unsigned char *buf, size_t buflen ); - -/** - * \brief Load a Certificate Signing Request (CSR), DER or PEM format - * - * \note See notes for \c mbedtls_x509_csr_parse_der() - * - * \param csr CSR context to fill - * \param buf buffer holding the CRL data - * \param buflen size of the buffer - * (including the terminating null byte for PEM data) - * - * \return 0 if successful, or a specific X509 or PEM error code - */ -int mbedtls_x509_csr_parse( mbedtls_x509_csr *csr, const unsigned char *buf, size_t buflen ); - -#if defined(MBEDTLS_FS_IO) -/** - * \brief Load a Certificate Signing Request (CSR) - * - * \note See notes for \c mbedtls_x509_csr_parse() - * - * \param csr CSR context to fill - * \param path filename to read the CSR from - * - * \return 0 if successful, or a specific X509 or PEM error code - */ -int mbedtls_x509_csr_parse_file( mbedtls_x509_csr *csr, const char *path ); -#endif /* MBEDTLS_FS_IO */ - -#if !defined(MBEDTLS_X509_REMOVE_INFO) -/** - * \brief Returns an informational string about the - * CSR. - * - * \param buf Buffer to write to - * \param size Maximum size of buffer - * \param prefix A line prefix - * \param csr The X509 CSR to represent - * - * \return The length of the string written (not including the - * terminated nul byte), or a negative error code. - */ -int mbedtls_x509_csr_info( char *buf, size_t size, const char *prefix, - const mbedtls_x509_csr *csr ); -#endif /* !MBEDTLS_X509_REMOVE_INFO */ - -/** - * \brief Initialize a CSR - * - * \param csr CSR to initialize - */ -void mbedtls_x509_csr_init( mbedtls_x509_csr *csr ); - -/** - * \brief Unallocate all CSR data - * - * \param csr CSR to free - */ -void mbedtls_x509_csr_free( mbedtls_x509_csr *csr ); -#endif /* MBEDTLS_X509_CSR_PARSE_C */ - -/* \} name */ -/* \} addtogroup x509_module */ - -#if defined(MBEDTLS_X509_CSR_WRITE_C) -/** - * \brief Initialize a CSR context - * - * \param ctx CSR context to initialize - */ -void mbedtls_x509write_csr_init( mbedtls_x509write_csr *ctx ); - -/** - * \brief Set the subject name for a CSR - * Subject names should contain a comma-separated list - * of OID types and values: - * e.g. "C=UK,O=ARM,CN=mbed TLS Server 1" - * - * \param ctx CSR context to use - * \param subject_name subject name to set - * - * \return 0 if subject name was parsed successfully, or - * a specific error code - */ -int mbedtls_x509write_csr_set_subject_name( mbedtls_x509write_csr *ctx, - const char *subject_name ); - -/** - * \brief Set the key for a CSR (public key will be included, - * private key used to sign the CSR when writing it) - * - * \param ctx CSR context to use - * \param key Asymetric key to include - */ -void mbedtls_x509write_csr_set_key( mbedtls_x509write_csr *ctx, mbedtls_pk_context *key ); - -/** - * \brief Set the MD algorithm to use for the signature - * (e.g. MBEDTLS_MD_SHA1) - * - * \param ctx CSR context to use - * \param md_alg MD algorithm to use - */ -void mbedtls_x509write_csr_set_md_alg( mbedtls_x509write_csr *ctx, mbedtls_md_type_t md_alg ); - -/** - * \brief Set the Key Usage Extension flags - * (e.g. MBEDTLS_X509_KU_DIGITAL_SIGNATURE | MBEDTLS_X509_KU_KEY_CERT_SIGN) - * - * \param ctx CSR context to use - * \param key_usage key usage flags to set - * - * \return 0 if successful, or MBEDTLS_ERR_X509_ALLOC_FAILED - * - * \note The decipherOnly flag from the Key Usage - * extension is represented by bit 8 (i.e. - * 0x8000), which cannot typically be represented - * in an unsigned char. Therefore, the flag - * decipherOnly (i.e. - * #MBEDTLS_X509_KU_DECIPHER_ONLY) cannot be set using this - * function. - */ -int mbedtls_x509write_csr_set_key_usage( mbedtls_x509write_csr *ctx, unsigned char key_usage ); - -/** - * \brief Set the Netscape Cert Type flags - * (e.g. MBEDTLS_X509_NS_CERT_TYPE_SSL_CLIENT | MBEDTLS_X509_NS_CERT_TYPE_EMAIL) - * - * \param ctx CSR context to use - * \param ns_cert_type Netscape Cert Type flags to set - * - * \return 0 if successful, or MBEDTLS_ERR_X509_ALLOC_FAILED - */ -int mbedtls_x509write_csr_set_ns_cert_type( mbedtls_x509write_csr *ctx, - unsigned char ns_cert_type ); - -/** - * \brief Generic function to add to or replace an extension in the - * CSR - * - * \param ctx CSR context to use - * \param oid OID of the extension - * \param oid_len length of the OID - * \param critical Set to 1 to mark the extension as critical, 0 otherwise. - * \param val value of the extension OCTET STRING - * \param val_len length of the value data - * - * \return 0 if successful, or a MBEDTLS_ERR_X509_ALLOC_FAILED - */ -int mbedtls_x509write_csr_set_extension( mbedtls_x509write_csr *ctx, - const char *oid, size_t oid_len, - int critical, - const unsigned char *val, size_t val_len ); - -/** - * \brief Free the contents of a CSR context - * - * \param ctx CSR context to free - */ -void mbedtls_x509write_csr_free( mbedtls_x509write_csr *ctx ); - -/** - * \brief Write a CSR (Certificate Signing Request) to a - * DER structure - * Note: data is written at the end of the buffer! Use the - * return value to determine where you should start - * using the buffer - * - * \param ctx CSR to write away - * \param buf buffer to write to - * \param size size of the buffer - * \param f_rng RNG function. This must not be \c NULL. - * \param p_rng RNG parameter - * - * \return length of data written if successful, or a specific - * error code - * - * \note \p f_rng is used for the signature operation. - */ -int mbedtls_x509write_csr_der( mbedtls_x509write_csr *ctx, unsigned char *buf, size_t size, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng ); - -#if defined(MBEDTLS_PEM_WRITE_C) -/** - * \brief Write a CSR (Certificate Signing Request) to a - * PEM string - * - * \param ctx CSR to write away - * \param buf buffer to write to - * \param size size of the buffer - * \param f_rng RNG function. This must not be \c NULL. - * \param p_rng RNG parameter - * - * \return 0 if successful, or a specific error code - * - * \note \p f_rng is used for the signature operation. - */ -int mbedtls_x509write_csr_pem( mbedtls_x509write_csr *ctx, unsigned char *buf, size_t size, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng ); -#endif /* MBEDTLS_PEM_WRITE_C */ -#endif /* MBEDTLS_X509_CSR_WRITE_C */ - -#ifdef __cplusplus -} -#endif - -#endif /* mbedtls_x509_csr.h */ diff --git a/windows/mbedx509.lib b/windows/mbedx509.lib deleted file mode 100644 index 7b16f6a6..00000000 Binary files a/windows/mbedx509.lib and /dev/null differ diff --git a/windows/mbedx509.pdb b/windows/mbedx509.pdb deleted file mode 100644 index ae58ba34..00000000 Binary files a/windows/mbedx509.pdb and /dev/null differ diff --git a/windows/sodium.h b/windows/sodium.h deleted file mode 100644 index d0bb25c8..00000000 --- a/windows/sodium.h +++ /dev/null @@ -1,68 +0,0 @@ - -#ifndef sodium_H -#define sodium_H - -#include "sodium/version.h" - -#include "sodium/core.h" -#include "sodium/crypto_aead_aes256gcm.h" -#include "sodium/crypto_aead_chacha20poly1305.h" -#include "sodium/crypto_aead_xchacha20poly1305.h" -#include "sodium/crypto_auth.h" -#include "sodium/crypto_auth_hmacsha256.h" -#include "sodium/crypto_auth_hmacsha512.h" -#include "sodium/crypto_auth_hmacsha512256.h" -#include "sodium/crypto_box.h" -#include "sodium/crypto_box_curve25519xsalsa20poly1305.h" -#include "sodium/crypto_core_hsalsa20.h" -#include "sodium/crypto_core_hchacha20.h" -#include "sodium/crypto_core_salsa20.h" -#include "sodium/crypto_core_salsa2012.h" -#include "sodium/crypto_core_salsa208.h" -#include "sodium/crypto_generichash.h" -#include "sodium/crypto_generichash_blake2b.h" -#include "sodium/crypto_hash.h" -#include "sodium/crypto_hash_sha256.h" -#include "sodium/crypto_hash_sha512.h" -#include "sodium/crypto_kdf.h" -#include "sodium/crypto_kdf_blake2b.h" -#include "sodium/crypto_kx.h" -#include "sodium/crypto_onetimeauth.h" -#include "sodium/crypto_onetimeauth_poly1305.h" -#include "sodium/crypto_pwhash.h" -#include "sodium/crypto_pwhash_argon2i.h" -#include "sodium/crypto_pwhash_scryptsalsa208sha256.h" -#include "sodium/crypto_scalarmult.h" -#include "sodium/crypto_scalarmult_curve25519.h" -#include "sodium/crypto_secretbox.h" -#include "sodium/crypto_secretbox_xsalsa20poly1305.h" -#include "sodium/crypto_shorthash.h" -#include "sodium/crypto_shorthash_siphash24.h" -#include "sodium/crypto_sign.h" -#include "sodium/crypto_sign_ed25519.h" -#include "sodium/crypto_stream.h" -#include "sodium/crypto_stream_chacha20.h" -#include "sodium/crypto_stream_salsa20.h" -#include "sodium/crypto_stream_xsalsa20.h" -#include "sodium/crypto_verify_16.h" -#include "sodium/crypto_verify_32.h" -#include "sodium/crypto_verify_64.h" -#include "sodium/randombytes.h" -#ifdef __native_client__ -# include "sodium/randombytes_nativeclient.h" -#endif -#include "sodium/randombytes_salsa20_random.h" -#include "sodium/randombytes_sysrandom.h" -#include "sodium/runtime.h" -#include "sodium/utils.h" - -#ifndef SODIUM_LIBRARY_MINIMAL -# include "sodium/crypto_box_curve25519xchacha20poly1305.h" -# include "sodium/crypto_secretbox_xchacha20poly1305.h" -# include "sodium/crypto_stream_aes128ctr.h" -# include "sodium/crypto_stream_salsa2012.h" -# include "sodium/crypto_stream_salsa208.h" -# include "sodium/crypto_stream_xchacha20.h" -#endif - -#endif diff --git a/windows/sodium.lib b/windows/sodium.lib deleted file mode 100644 index 8b374021..00000000 Binary files a/windows/sodium.lib and /dev/null differ diff --git a/windows/sodium/crypto_aead_aes256gcm.h b/windows/sodium/crypto_aead_aes256gcm.h deleted file mode 100644 index 972df54f..00000000 --- a/windows/sodium/crypto_aead_aes256gcm.h +++ /dev/null @@ -1,145 +0,0 @@ -#ifndef crypto_aead_aes256gcm_H -#define crypto_aead_aes256gcm_H - -#include -#include "export.h" - -#ifdef __cplusplus -# ifdef __GNUC__ -# pragma GCC diagnostic ignored "-Wlong-long" -# endif -extern "C" { -#endif - -SODIUM_EXPORT -int crypto_aead_aes256gcm_is_available(void); - -#define crypto_aead_aes256gcm_KEYBYTES 32U -SODIUM_EXPORT -size_t crypto_aead_aes256gcm_keybytes(void); - -#define crypto_aead_aes256gcm_NSECBYTES 0U -SODIUM_EXPORT -size_t crypto_aead_aes256gcm_nsecbytes(void); - -#define crypto_aead_aes256gcm_NPUBBYTES 12U -SODIUM_EXPORT -size_t crypto_aead_aes256gcm_npubbytes(void); - -#define crypto_aead_aes256gcm_ABYTES 16U -SODIUM_EXPORT -size_t crypto_aead_aes256gcm_abytes(void); - -typedef CRYPTO_ALIGN(16) unsigned char crypto_aead_aes256gcm_state[512]; - -SODIUM_EXPORT -size_t crypto_aead_aes256gcm_statebytes(void); - -SODIUM_EXPORT -int crypto_aead_aes256gcm_encrypt(unsigned char *c, - unsigned long long *clen_p, - const unsigned char *m, - unsigned long long mlen, - const unsigned char *ad, - unsigned long long adlen, - const unsigned char *nsec, - const unsigned char *npub, - const unsigned char *k); - -SODIUM_EXPORT -int crypto_aead_aes256gcm_decrypt(unsigned char *m, - unsigned long long *mlen_p, - unsigned char *nsec, - const unsigned char *c, - unsigned long long clen, - const unsigned char *ad, - unsigned long long adlen, - const unsigned char *npub, - const unsigned char *k) - __attribute__ ((warn_unused_result)); - -SODIUM_EXPORT -int crypto_aead_aes256gcm_encrypt_detached(unsigned char *c, - unsigned char *mac, - unsigned long long *maclen_p, - const unsigned char *m, - unsigned long long mlen, - const unsigned char *ad, - unsigned long long adlen, - const unsigned char *nsec, - const unsigned char *npub, - const unsigned char *k); - -SODIUM_EXPORT -int crypto_aead_aes256gcm_decrypt_detached(unsigned char *m, - unsigned char *nsec, - const unsigned char *c, - unsigned long long clen, - const unsigned char *mac, - const unsigned char *ad, - unsigned long long adlen, - const unsigned char *npub, - const unsigned char *k) - __attribute__ ((warn_unused_result)); - -/* -- Precomputation interface -- */ - -SODIUM_EXPORT -int crypto_aead_aes256gcm_beforenm(crypto_aead_aes256gcm_state *ctx_, - const unsigned char *k); - -SODIUM_EXPORT -int crypto_aead_aes256gcm_encrypt_afternm(unsigned char *c, - unsigned long long *clen_p, - const unsigned char *m, - unsigned long long mlen, - const unsigned char *ad, - unsigned long long adlen, - const unsigned char *nsec, - const unsigned char *npub, - const crypto_aead_aes256gcm_state *ctx_); - -SODIUM_EXPORT -int crypto_aead_aes256gcm_decrypt_afternm(unsigned char *m, - unsigned long long *mlen_p, - unsigned char *nsec, - const unsigned char *c, - unsigned long long clen, - const unsigned char *ad, - unsigned long long adlen, - const unsigned char *npub, - const crypto_aead_aes256gcm_state *ctx_) - __attribute__ ((warn_unused_result)); - -SODIUM_EXPORT -int crypto_aead_aes256gcm_encrypt_detached_afternm(unsigned char *c, - unsigned char *mac, - unsigned long long *maclen_p, - const unsigned char *m, - unsigned long long mlen, - const unsigned char *ad, - unsigned long long adlen, - const unsigned char *nsec, - const unsigned char *npub, - const crypto_aead_aes256gcm_state *ctx_); - -SODIUM_EXPORT -int crypto_aead_aes256gcm_decrypt_detached_afternm(unsigned char *m, - unsigned char *nsec, - const unsigned char *c, - unsigned long long clen, - const unsigned char *mac, - const unsigned char *ad, - unsigned long long adlen, - const unsigned char *npub, - const crypto_aead_aes256gcm_state *ctx_) - __attribute__ ((warn_unused_result)); - -SODIUM_EXPORT -void crypto_aead_aes256gcm_keygen(unsigned char k[crypto_aead_aes256gcm_KEYBYTES]); - -#ifdef __cplusplus -} -#endif - -#endif diff --git a/windows/sodium/crypto_auth_hmacsha256.h b/windows/sodium/crypto_auth_hmacsha256.h deleted file mode 100644 index deec5266..00000000 --- a/windows/sodium/crypto_auth_hmacsha256.h +++ /dev/null @@ -1,68 +0,0 @@ -#ifndef crypto_auth_hmacsha256_H -#define crypto_auth_hmacsha256_H - -#include -#include "crypto_hash_sha256.h" -#include "export.h" - -#ifdef __cplusplus -# ifdef __GNUC__ -# pragma GCC diagnostic ignored "-Wlong-long" -# endif -extern "C" { -#endif - -#define crypto_auth_hmacsha256_BYTES 32U -SODIUM_EXPORT -size_t crypto_auth_hmacsha256_bytes(void); - -#define crypto_auth_hmacsha256_KEYBYTES 32U -SODIUM_EXPORT -size_t crypto_auth_hmacsha256_keybytes(void); - -SODIUM_EXPORT -int crypto_auth_hmacsha256(unsigned char *out, - const unsigned char *in, - unsigned long long inlen, - const unsigned char *k); - -SODIUM_EXPORT -int crypto_auth_hmacsha256_verify(const unsigned char *h, - const unsigned char *in, - unsigned long long inlen, - const unsigned char *k) - __attribute__ ((warn_unused_result)); - -/* ------------------------------------------------------------------------- */ - -typedef struct crypto_auth_hmacsha256_state { - crypto_hash_sha256_state ictx; - crypto_hash_sha256_state octx; -} crypto_auth_hmacsha256_state; - -SODIUM_EXPORT -size_t crypto_auth_hmacsha256_statebytes(void); - -SODIUM_EXPORT -int crypto_auth_hmacsha256_init(crypto_auth_hmacsha256_state *state, - const unsigned char *key, - size_t keylen); - -SODIUM_EXPORT -int crypto_auth_hmacsha256_update(crypto_auth_hmacsha256_state *state, - const unsigned char *in, - unsigned long long inlen); - -SODIUM_EXPORT -int crypto_auth_hmacsha256_final(crypto_auth_hmacsha256_state *state, - unsigned char *out); - - -SODIUM_EXPORT -void crypto_auth_hmacsha256_keygen(unsigned char k[crypto_auth_hmacsha256_KEYBYTES]); - -#ifdef __cplusplus -} -#endif - -#endif diff --git a/windows/sodium/crypto_hash_sha256.h b/windows/sodium/crypto_hash_sha256.h deleted file mode 100644 index f64d16e0..00000000 --- a/windows/sodium/crypto_hash_sha256.h +++ /dev/null @@ -1,57 +0,0 @@ -#ifndef crypto_hash_sha256_H -#define crypto_hash_sha256_H - -/* - * WARNING: Unless you absolutely need to use SHA256 for interoperatibility, - * purposes, you might want to consider crypto_generichash() instead. - * Unlike SHA256, crypto_generichash() is not vulnerable to length - * extension attacks. - */ - -#include -#include -#include - -#include "export.h" - -#ifdef __cplusplus -# ifdef __GNUC__ -# pragma GCC diagnostic ignored "-Wlong-long" -# endif -extern "C" { -#endif - -typedef struct crypto_hash_sha256_state { - uint32_t state[8]; - uint64_t count; - uint8_t buf[64]; -} crypto_hash_sha256_state; - -SODIUM_EXPORT -size_t crypto_hash_sha256_statebytes(void); - -#define crypto_hash_sha256_BYTES 32U -SODIUM_EXPORT -size_t crypto_hash_sha256_bytes(void); - -SODIUM_EXPORT -int crypto_hash_sha256(unsigned char *out, const unsigned char *in, - unsigned long long inlen); - -SODIUM_EXPORT -int crypto_hash_sha256_init(crypto_hash_sha256_state *state); - -SODIUM_EXPORT -int crypto_hash_sha256_update(crypto_hash_sha256_state *state, - const unsigned char *in, - unsigned long long inlen); - -SODIUM_EXPORT -int crypto_hash_sha256_final(crypto_hash_sha256_state *state, - unsigned char *out); - -#ifdef __cplusplus -} -#endif - -#endif diff --git a/windows/sodium/crypto_kdf.h b/windows/sodium/crypto_kdf.h deleted file mode 100644 index 52e496a7..00000000 --- a/windows/sodium/crypto_kdf.h +++ /dev/null @@ -1,51 +0,0 @@ -#ifndef crypto_kdf_H -#define crypto_kdf_H - -#include -#include - -#include "crypto_kdf_blake2b.h" -#include "export.h" - -#ifdef __cplusplus -# ifdef __GNUC__ -# pragma GCC diagnostic ignored "-Wlong-long" -# endif -extern "C" { -#endif - -#define crypto_kdf_BYTES_MIN crypto_kdf_blake2b_BYTES_MIN -SODIUM_EXPORT -size_t crypto_kdf_bytes_min(void); - -#define crypto_kdf_BYTES_MAX crypto_kdf_blake2b_BYTES_MAX -SODIUM_EXPORT -size_t crypto_kdf_bytes_max(void); - -#define crypto_kdf_CONTEXTBYTES crypto_kdf_blake2b_CONTEXTBYTES -SODIUM_EXPORT -size_t crypto_kdf_contextbytes(void); - -#define crypto_kdf_KEYBYTES crypto_kdf_blake2b_KEYBYTES -SODIUM_EXPORT -size_t crypto_kdf_keybytes(void); - -#define crypto_kdf_PRIMITIVE "blake2b" -SODIUM_EXPORT -const char *crypto_kdf_primitive(void) - __attribute__ ((warn_unused_result)); - -SODIUM_EXPORT -int crypto_kdf_derive_from_key(unsigned char *subkey, size_t subkey_len, - uint64_t subkey_id, - const char ctx[crypto_kdf_CONTEXTBYTES], - const unsigned char key[crypto_kdf_KEYBYTES]); - -SODIUM_EXPORT -void crypto_kdf_keygen(unsigned char k[crypto_kdf_KEYBYTES]); - -#ifdef __cplusplus -} -#endif - -#endif diff --git a/windows/sodium/crypto_kdf_blake2b.h b/windows/sodium/crypto_kdf_blake2b.h deleted file mode 100644 index 5480ebe8..00000000 --- a/windows/sodium/crypto_kdf_blake2b.h +++ /dev/null @@ -1,42 +0,0 @@ -#ifndef crypto_kdf_blake2b_H -#define crypto_kdf_blake2b_H - -#include -#include - -#include "crypto_kdf_blake2b.h" -#include "export.h" - -#ifdef __cplusplus -# ifdef __GNUC__ -# pragma GCC diagnostic ignored "-Wlong-long" -# endif -extern "C" { -#endif - -#define crypto_kdf_blake2b_BYTES_MIN 16 -SODIUM_EXPORT -size_t crypto_kdf_blake2b_bytes_min(void); - -#define crypto_kdf_blake2b_BYTES_MAX 64 -SODIUM_EXPORT -size_t crypto_kdf_blake2b_bytes_max(void); - -#define crypto_kdf_blake2b_CONTEXTBYTES 8 -SODIUM_EXPORT -size_t crypto_kdf_blake2b_contextbytes(void); - -#define crypto_kdf_blake2b_KEYBYTES 32 -SODIUM_EXPORT -size_t crypto_kdf_blake2b_keybytes(void); - -SODIUM_EXPORT -int crypto_kdf_blake2b_derive_from_key(unsigned char *subkey, size_t subkey_len, - uint64_t subkey_id, - const char ctx[crypto_kdf_blake2b_CONTEXTBYTES], - const unsigned char key[crypto_kdf_blake2b_KEYBYTES]); -#ifdef __cplusplus -} -#endif - -#endif diff --git a/windows/sodium/crypto_pwhash.h b/windows/sodium/crypto_pwhash.h deleted file mode 100644 index 4a5309c4..00000000 --- a/windows/sodium/crypto_pwhash.h +++ /dev/null @@ -1,125 +0,0 @@ -#ifndef crypto_pwhash_H -#define crypto_pwhash_H - -#include - -#include "crypto_pwhash_argon2i.h" -#include "crypto_pwhash_argon2id.h" -#include "export.h" - -#ifdef __cplusplus -# ifdef __GNUC__ -# pragma GCC diagnostic ignored "-Wlong-long" -# endif -extern "C" { -#endif - -#define crypto_pwhash_ALG_ARGON2I13 crypto_pwhash_argon2i_ALG_ARGON2I13 -SODIUM_EXPORT -int crypto_pwhash_alg_argon2i13(void); - -#define crypto_pwhash_ALG_ARGON2ID13 crypto_pwhash_argon2id_ALG_ARGON2ID13 -SODIUM_EXPORT -int crypto_pwhash_alg_argon2id13(void); - -#define crypto_pwhash_ALG_DEFAULT crypto_pwhash_ALG_ARGON2I13 -SODIUM_EXPORT -int crypto_pwhash_alg_default(void); - -#define crypto_pwhash_BYTES_MIN crypto_pwhash_argon2i_BYTES_MIN -SODIUM_EXPORT -size_t crypto_pwhash_bytes_min(void); - -#define crypto_pwhash_BYTES_MAX crypto_pwhash_argon2i_BYTES_MAX -SODIUM_EXPORT -size_t crypto_pwhash_bytes_max(void); - -#define crypto_pwhash_PASSWD_MIN crypto_pwhash_argon2i_PASSWD_MIN -SODIUM_EXPORT -size_t crypto_pwhash_passwd_min(void); - -#define crypto_pwhash_PASSWD_MAX crypto_pwhash_argon2i_PASSWD_MAX -SODIUM_EXPORT -size_t crypto_pwhash_passwd_max(void); - -#define crypto_pwhash_SALTBYTES crypto_pwhash_argon2i_SALTBYTES -SODIUM_EXPORT -size_t crypto_pwhash_saltbytes(void); - -#define crypto_pwhash_STRBYTES crypto_pwhash_argon2i_STRBYTES -SODIUM_EXPORT -size_t crypto_pwhash_strbytes(void); - -#define crypto_pwhash_STRPREFIX crypto_pwhash_argon2i_STRPREFIX -SODIUM_EXPORT -const char *crypto_pwhash_strprefix(void); - -#define crypto_pwhash_OPSLIMIT_MIN crypto_pwhash_argon2i_OPSLIMIT_MIN -SODIUM_EXPORT -size_t crypto_pwhash_opslimit_min(void); - -#define crypto_pwhash_OPSLIMIT_MAX crypto_pwhash_argon2i_OPSLIMIT_MAX -SODIUM_EXPORT -size_t crypto_pwhash_opslimit_max(void); - -#define crypto_pwhash_MEMLIMIT_MIN crypto_pwhash_argon2i_MEMLIMIT_MIN -SODIUM_EXPORT -size_t crypto_pwhash_memlimit_min(void); - -#define crypto_pwhash_MEMLIMIT_MAX crypto_pwhash_argon2i_MEMLIMIT_MAX -SODIUM_EXPORT -size_t crypto_pwhash_memlimit_max(void); - -#define crypto_pwhash_OPSLIMIT_INTERACTIVE crypto_pwhash_argon2i_OPSLIMIT_INTERACTIVE -SODIUM_EXPORT -size_t crypto_pwhash_opslimit_interactive(void); - -#define crypto_pwhash_MEMLIMIT_INTERACTIVE crypto_pwhash_argon2i_MEMLIMIT_INTERACTIVE -SODIUM_EXPORT -size_t crypto_pwhash_memlimit_interactive(void); - -#define crypto_pwhash_OPSLIMIT_MODERATE crypto_pwhash_argon2i_OPSLIMIT_MODERATE -SODIUM_EXPORT -size_t crypto_pwhash_opslimit_moderate(void); - -#define crypto_pwhash_MEMLIMIT_MODERATE crypto_pwhash_argon2i_MEMLIMIT_MODERATE -SODIUM_EXPORT -size_t crypto_pwhash_memlimit_moderate(void); - -#define crypto_pwhash_OPSLIMIT_SENSITIVE crypto_pwhash_argon2i_OPSLIMIT_SENSITIVE -SODIUM_EXPORT -size_t crypto_pwhash_opslimit_sensitive(void); - -#define crypto_pwhash_MEMLIMIT_SENSITIVE crypto_pwhash_argon2i_MEMLIMIT_SENSITIVE -SODIUM_EXPORT -size_t crypto_pwhash_memlimit_sensitive(void); - -SODIUM_EXPORT -int crypto_pwhash(unsigned char * const out, unsigned long long outlen, - const char * const passwd, unsigned long long passwdlen, - const unsigned char * const salt, - unsigned long long opslimit, size_t memlimit, int alg) - __attribute__ ((warn_unused_result)); - -SODIUM_EXPORT -int crypto_pwhash_str(char out[crypto_pwhash_STRBYTES], - const char * const passwd, unsigned long long passwdlen, - unsigned long long opslimit, size_t memlimit) - __attribute__ ((warn_unused_result)); - -SODIUM_EXPORT -int crypto_pwhash_str_verify(const char str[crypto_pwhash_STRBYTES], - const char * const passwd, - unsigned long long passwdlen) - __attribute__ ((warn_unused_result)); - -#define crypto_pwhash_PRIMITIVE "argon2i" -SODIUM_EXPORT -const char *crypto_pwhash_primitive(void) - __attribute__ ((warn_unused_result)); - -#ifdef __cplusplus -} -#endif - -#endif diff --git a/windows/sodium/crypto_pwhash_argon2i.h b/windows/sodium/crypto_pwhash_argon2i.h deleted file mode 100644 index fed96587..00000000 --- a/windows/sodium/crypto_pwhash_argon2i.h +++ /dev/null @@ -1,116 +0,0 @@ -#ifndef crypto_pwhash_argon2i_H -#define crypto_pwhash_argon2i_H - -#include -#include -#include - -#include "export.h" - -#ifdef __cplusplus -# ifdef __GNUC__ -# pragma GCC diagnostic ignored "-Wlong-long" -# endif -extern "C" { -#endif - -#define crypto_pwhash_argon2i_ALG_ARGON2I13 1 -SODIUM_EXPORT -int crypto_pwhash_argon2i_alg_argon2i13(void); - -#define crypto_pwhash_argon2i_BYTES_MIN 16U -SODIUM_EXPORT -size_t crypto_pwhash_argon2i_bytes_min(void); - -#define crypto_pwhash_argon2i_BYTES_MAX 4294967295U -SODIUM_EXPORT -size_t crypto_pwhash_argon2i_bytes_max(void); - -#define crypto_pwhash_argon2i_PASSWD_MIN 0U -SODIUM_EXPORT -size_t crypto_pwhash_argon2i_passwd_min(void); - -#define crypto_pwhash_argon2i_PASSWD_MAX 4294967295U -SODIUM_EXPORT -size_t crypto_pwhash_argon2i_passwd_max(void); - -#define crypto_pwhash_argon2i_SALTBYTES 16U -SODIUM_EXPORT -size_t crypto_pwhash_argon2i_saltbytes(void); - -#define crypto_pwhash_argon2i_STRBYTES 128U -SODIUM_EXPORT -size_t crypto_pwhash_argon2i_strbytes(void); - -#define crypto_pwhash_argon2i_STRPREFIX "$argon2i$" -SODIUM_EXPORT -const char *crypto_pwhash_argon2i_strprefix(void); - -#define crypto_pwhash_argon2i_OPSLIMIT_MIN 3U -SODIUM_EXPORT -size_t crypto_pwhash_argon2i_opslimit_min(void); - -#define crypto_pwhash_argon2i_OPSLIMIT_MAX 4294967295U -SODIUM_EXPORT -size_t crypto_pwhash_argon2i_opslimit_max(void); - -#define crypto_pwhash_argon2i_MEMLIMIT_MIN 8192U -SODIUM_EXPORT -size_t crypto_pwhash_argon2i_memlimit_min(void); - -#define crypto_pwhash_argon2i_MEMLIMIT_MAX ((SIZE_MAX >= 4398046510080U) ? 4398046510080U : (SIZE_MAX >= 2147483648U) ? 2147483648U : 32768U) -SODIUM_EXPORT -size_t crypto_pwhash_argon2i_memlimit_max(void); - -#define crypto_pwhash_argon2i_OPSLIMIT_INTERACTIVE 4U -SODIUM_EXPORT -size_t crypto_pwhash_argon2i_opslimit_interactive(void); - -#define crypto_pwhash_argon2i_MEMLIMIT_INTERACTIVE 33554432U -SODIUM_EXPORT -size_t crypto_pwhash_argon2i_memlimit_interactive(void); - -#define crypto_pwhash_argon2i_OPSLIMIT_MODERATE 6U -SODIUM_EXPORT -size_t crypto_pwhash_argon2i_opslimit_moderate(void); - -#define crypto_pwhash_argon2i_MEMLIMIT_MODERATE 134217728U -SODIUM_EXPORT -size_t crypto_pwhash_argon2i_memlimit_moderate(void); - -#define crypto_pwhash_argon2i_OPSLIMIT_SENSITIVE 8U -SODIUM_EXPORT -size_t crypto_pwhash_argon2i_opslimit_sensitive(void); - -#define crypto_pwhash_argon2i_MEMLIMIT_SENSITIVE 536870912U -SODIUM_EXPORT -size_t crypto_pwhash_argon2i_memlimit_sensitive(void); - -SODIUM_EXPORT -int crypto_pwhash_argon2i(unsigned char * const out, - unsigned long long outlen, - const char * const passwd, - unsigned long long passwdlen, - const unsigned char * const salt, - unsigned long long opslimit, size_t memlimit, - int alg) - __attribute__ ((warn_unused_result)); - -SODIUM_EXPORT -int crypto_pwhash_argon2i_str(char out[crypto_pwhash_argon2i_STRBYTES], - const char * const passwd, - unsigned long long passwdlen, - unsigned long long opslimit, size_t memlimit) - __attribute__ ((warn_unused_result)); - -SODIUM_EXPORT -int crypto_pwhash_argon2i_str_verify(const char str[crypto_pwhash_argon2i_STRBYTES], - const char * const passwd, - unsigned long long passwdlen) - __attribute__ ((warn_unused_result)); - -#ifdef __cplusplus -} -#endif - -#endif diff --git a/windows/sodium/crypto_pwhash_argon2id.h b/windows/sodium/crypto_pwhash_argon2id.h deleted file mode 100644 index 550fd6fd..00000000 --- a/windows/sodium/crypto_pwhash_argon2id.h +++ /dev/null @@ -1,116 +0,0 @@ -#ifndef crypto_pwhash_argon2id_H -#define crypto_pwhash_argon2id_H - -#include -#include -#include - -#include "export.h" - -#ifdef __cplusplus -# ifdef __GNUC__ -# pragma GCC diagnostic ignored "-Wlong-long" -# endif -extern "C" { -#endif - -#define crypto_pwhash_argon2id_ALG_ARGON2ID13 2 -SODIUM_EXPORT -int crypto_pwhash_argon2id_alg_argon2id13(void); - -#define crypto_pwhash_argon2id_BYTES_MIN 16U -SODIUM_EXPORT -size_t crypto_pwhash_argon2id_bytes_min(void); - -#define crypto_pwhash_argon2id_BYTES_MAX 4294967295U -SODIUM_EXPORT -size_t crypto_pwhash_argon2id_bytes_max(void); - -#define crypto_pwhash_argon2id_PASSWD_MIN 0U -SODIUM_EXPORT -size_t crypto_pwhash_argon2id_passwd_min(void); - -#define crypto_pwhash_argon2id_PASSWD_MAX 4294967295U -SODIUM_EXPORT -size_t crypto_pwhash_argon2id_passwd_max(void); - -#define crypto_pwhash_argon2id_SALTBYTES 16U -SODIUM_EXPORT -size_t crypto_pwhash_argon2id_saltbytes(void); - -#define crypto_pwhash_argon2id_STRBYTES 128U -SODIUM_EXPORT -size_t crypto_pwhash_argon2id_strbytes(void); - -#define crypto_pwhash_argon2id_STRPREFIX "$argon2id$" -SODIUM_EXPORT -const char *crypto_pwhash_argon2id_strprefix(void); - -#define crypto_pwhash_argon2id_OPSLIMIT_MIN 1U -SODIUM_EXPORT -size_t crypto_pwhash_argon2id_opslimit_min(void); - -#define crypto_pwhash_argon2id_OPSLIMIT_MAX 4294967295U -SODIUM_EXPORT -size_t crypto_pwhash_argon2id_opslimit_max(void); - -#define crypto_pwhash_argon2id_MEMLIMIT_MIN 8192U -SODIUM_EXPORT -size_t crypto_pwhash_argon2id_memlimit_min(void); - -#define crypto_pwhash_argon2id_MEMLIMIT_MAX ((SIZE_MAX >= 4398046510080U) ? 4398046510080U : (SIZE_MAX >= 2147483648U) ? 2147483648U : 32768U) -SODIUM_EXPORT -size_t crypto_pwhash_argon2id_memlimit_max(void); - -#define crypto_pwhash_argon2id_OPSLIMIT_INTERACTIVE 2U -SODIUM_EXPORT -size_t crypto_pwhash_argon2id_opslimit_interactive(void); - -#define crypto_pwhash_argon2id_MEMLIMIT_INTERACTIVE 67108864U -SODIUM_EXPORT -size_t crypto_pwhash_argon2id_memlimit_interactive(void); - -#define crypto_pwhash_argon2id_OPSLIMIT_MODERATE 3U -SODIUM_EXPORT -size_t crypto_pwhash_argon2id_opslimit_moderate(void); - -#define crypto_pwhash_argon2id_MEMLIMIT_MODERATE 268435456U -SODIUM_EXPORT -size_t crypto_pwhash_argon2id_memlimit_moderate(void); - -#define crypto_pwhash_argon2id_OPSLIMIT_SENSITIVE 4U -SODIUM_EXPORT -size_t crypto_pwhash_argon2id_opslimit_sensitive(void); - -#define crypto_pwhash_argon2id_MEMLIMIT_SENSITIVE 1073741824U -SODIUM_EXPORT -size_t crypto_pwhash_argon2id_memlimit_sensitive(void); - -SODIUM_EXPORT -int crypto_pwhash_argon2id(unsigned char * const out, - unsigned long long outlen, - const char * const passwd, - unsigned long long passwdlen, - const unsigned char * const salt, - unsigned long long opslimit, size_t memlimit, - int alg) - __attribute__ ((warn_unused_result)); - -SODIUM_EXPORT -int crypto_pwhash_argon2id_str(char out[crypto_pwhash_argon2id_STRBYTES], - const char * const passwd, - unsigned long long passwdlen, - unsigned long long opslimit, size_t memlimit) - __attribute__ ((warn_unused_result)); - -SODIUM_EXPORT -int crypto_pwhash_argon2id_str_verify(const char str[crypto_pwhash_argon2id_STRBYTES], - const char * const passwd, - unsigned long long passwdlen) - __attribute__ ((warn_unused_result)); - -#ifdef __cplusplus -} -#endif - -#endif diff --git a/windows/sodium/crypto_pwhash_scryptsalsa208sha256.h b/windows/sodium/crypto_pwhash_scryptsalsa208sha256.h deleted file mode 100644 index 9f693e54..00000000 --- a/windows/sodium/crypto_pwhash_scryptsalsa208sha256.h +++ /dev/null @@ -1,112 +0,0 @@ -#ifndef crypto_pwhash_scryptsalsa208sha256_H -#define crypto_pwhash_scryptsalsa208sha256_H - -#include -#include -#include - -#include "export.h" - -#ifdef __cplusplus -# ifdef __GNUC__ -# pragma GCC diagnostic ignored "-Wlong-long" -# endif -extern "C" { -#endif - -#define crypto_pwhash_scryptsalsa208sha256_BYTES_MIN 16U -SODIUM_EXPORT -size_t crypto_pwhash_scryptsalsa208sha256_bytes_min(void); - -#define crypto_pwhash_scryptsalsa208sha256_BYTES_MAX SIZE_MAX -SODIUM_EXPORT -size_t crypto_pwhash_scryptsalsa208sha256_bytes_max(void); - -#define crypto_pwhash_scryptsalsa208sha256_PASSWD_MIN 0U -SODIUM_EXPORT -size_t crypto_pwhash_scryptsalsa208sha256_passwd_min(void); - -#define crypto_pwhash_scryptsalsa208sha256_PASSWD_MAX SIZE_MAX -SODIUM_EXPORT -size_t crypto_pwhash_scryptsalsa208sha256_passwd_max(void); - -#define crypto_pwhash_scryptsalsa208sha256_SALTBYTES 32U -SODIUM_EXPORT -size_t crypto_pwhash_scryptsalsa208sha256_saltbytes(void); - -#define crypto_pwhash_scryptsalsa208sha256_STRBYTES 102U -SODIUM_EXPORT -size_t crypto_pwhash_scryptsalsa208sha256_strbytes(void); - -#define crypto_pwhash_scryptsalsa208sha256_STRPREFIX "$7$" -SODIUM_EXPORT -const char *crypto_pwhash_scryptsalsa208sha256_strprefix(void); - -#define crypto_pwhash_scryptsalsa208sha256_OPSLIMIT_MIN 32768U -SODIUM_EXPORT -size_t crypto_pwhash_scryptsalsa208sha256_opslimit_min(void); - -#define crypto_pwhash_scryptsalsa208sha256_OPSLIMIT_MAX 4294967295U -SODIUM_EXPORT -size_t crypto_pwhash_scryptsalsa208sha256_opslimit_max(void); - -#define crypto_pwhash_scryptsalsa208sha256_MEMLIMIT_MIN 16777216U -SODIUM_EXPORT -size_t crypto_pwhash_scryptsalsa208sha256_memlimit_min(void); - -#define crypto_pwhash_scryptsalsa208sha256_MEMLIMIT_MAX ((SIZE_MAX >= 68719476736U) ? 68719476736U : SIZE_MAX) -SODIUM_EXPORT -size_t crypto_pwhash_scryptsalsa208sha256_memlimit_max(void); - -#define crypto_pwhash_scryptsalsa208sha256_OPSLIMIT_INTERACTIVE 524288U -SODIUM_EXPORT -size_t crypto_pwhash_scryptsalsa208sha256_opslimit_interactive(void); - -#define crypto_pwhash_scryptsalsa208sha256_MEMLIMIT_INTERACTIVE 16777216U -SODIUM_EXPORT -size_t crypto_pwhash_scryptsalsa208sha256_memlimit_interactive(void); - -#define crypto_pwhash_scryptsalsa208sha256_OPSLIMIT_SENSITIVE 33554432U -SODIUM_EXPORT -size_t crypto_pwhash_scryptsalsa208sha256_opslimit_sensitive(void); - -#define crypto_pwhash_scryptsalsa208sha256_MEMLIMIT_SENSITIVE 1073741824U -SODIUM_EXPORT -size_t crypto_pwhash_scryptsalsa208sha256_memlimit_sensitive(void); - -SODIUM_EXPORT -int crypto_pwhash_scryptsalsa208sha256(unsigned char * const out, - unsigned long long outlen, - const char * const passwd, - unsigned long long passwdlen, - const unsigned char * const salt, - unsigned long long opslimit, - size_t memlimit) - __attribute__ ((warn_unused_result)); - -SODIUM_EXPORT -int crypto_pwhash_scryptsalsa208sha256_str(char out[crypto_pwhash_scryptsalsa208sha256_STRBYTES], - const char * const passwd, - unsigned long long passwdlen, - unsigned long long opslimit, - size_t memlimit) - __attribute__ ((warn_unused_result)); - -SODIUM_EXPORT -int crypto_pwhash_scryptsalsa208sha256_str_verify(const char str[crypto_pwhash_scryptsalsa208sha256_STRBYTES], - const char * const passwd, - unsigned long long passwdlen) - __attribute__ ((warn_unused_result)); - -SODIUM_EXPORT -int crypto_pwhash_scryptsalsa208sha256_ll(const uint8_t * passwd, size_t passwdlen, - const uint8_t * salt, size_t saltlen, - uint64_t N, uint32_t r, uint32_t p, - uint8_t * buf, size_t buflen) - __attribute__ ((warn_unused_result)); - -#ifdef __cplusplus -} -#endif - -#endif diff --git a/windows/sodium/crypto_stream_aes128ctr.h b/windows/sodium/crypto_stream_aes128ctr.h deleted file mode 100644 index 33ee1b89..00000000 --- a/windows/sodium/crypto_stream_aes128ctr.h +++ /dev/null @@ -1,65 +0,0 @@ -#ifndef crypto_stream_aes128ctr_H -#define crypto_stream_aes128ctr_H - -/* - * WARNING: This is just a stream cipher. It is NOT authenticated encryption. - * While it provides some protection against eavesdropping, it does NOT - * provide any security against active attacks. - * Unless you know what you're doing, what you are looking for is probably - * the crypto_box functions. - */ - -#include -#include "export.h" - -#ifdef __cplusplus -# ifdef __GNUC__ -# pragma GCC diagnostic ignored "-Wlong-long" -# endif -extern "C" { -#endif - -#define crypto_stream_aes128ctr_KEYBYTES 16U -SODIUM_EXPORT -size_t crypto_stream_aes128ctr_keybytes(void); - -#define crypto_stream_aes128ctr_NONCEBYTES 16U -SODIUM_EXPORT -size_t crypto_stream_aes128ctr_noncebytes(void); - -#define crypto_stream_aes128ctr_BEFORENMBYTES 1408U -SODIUM_EXPORT -size_t crypto_stream_aes128ctr_beforenmbytes(void); - -SODIUM_EXPORT -int crypto_stream_aes128ctr(unsigned char *out, unsigned long long outlen, - const unsigned char *n, const unsigned char *k) - __attribute__ ((deprecated)); - -SODIUM_EXPORT -int crypto_stream_aes128ctr_xor(unsigned char *out, const unsigned char *in, - unsigned long long inlen, const unsigned char *n, - const unsigned char *k) - __attribute__ ((deprecated)); - -SODIUM_EXPORT -int crypto_stream_aes128ctr_beforenm(unsigned char *c, const unsigned char *k) - __attribute__ ((deprecated)); - -SODIUM_EXPORT -int crypto_stream_aes128ctr_afternm(unsigned char *out, unsigned long long len, - const unsigned char *nonce, const unsigned char *c) - __attribute__ ((deprecated)); - -SODIUM_EXPORT -int crypto_stream_aes128ctr_xor_afternm(unsigned char *out, const unsigned char *in, - unsigned long long len, - const unsigned char *nonce, - const unsigned char *c) - __attribute__ ((deprecated)); - -#ifdef __cplusplus -} -#endif - -#endif diff --git a/windows/sodium/export.h b/windows/sodium/export.h deleted file mode 100644 index c33bced8..00000000 --- a/windows/sodium/export.h +++ /dev/null @@ -1,44 +0,0 @@ - -#ifndef sodium_export_H -#define sodium_export_H - -#ifndef __GNUC__ -# ifdef __attribute__ -# undef __attribute__ -# endif -# define __attribute__(a) -#endif - -#ifdef SODIUM_STATIC -# define SODIUM_EXPORT -#else -# if defined(_MSC_VER) -# ifdef SODIUM_DLL_EXPORT -# define SODIUM_EXPORT __declspec(dllexport) -# else -# define SODIUM_EXPORT __declspec(dllimport) -# endif -# else -# if defined(__SUNPRO_C) -# ifndef __GNU_C__ -# define SODIUM_EXPORT __attribute__ (visibility(__global)) -# else -# define SODIUM_EXPORT __attribute__ __global -# endif -# elif defined(_MSG_VER) -# define SODIUM_EXPORT extern __declspec(dllexport) -# else -# define SODIUM_EXPORT __attribute__ ((visibility ("default"))) -# endif -# endif -#endif - -#ifndef CRYPTO_ALIGN -# if defined(__INTEL_COMPILER) || defined(_MSC_VER) -# define CRYPTO_ALIGN(x) __declspec(align(x)) -# else -# define CRYPTO_ALIGN(x) __attribute__ ((aligned(x))) -# endif -#endif - -#endif diff --git a/yojimbo.cpp b/yojimbo.cpp index e8517e67..52b5f8fd 100644 --- a/yojimbo.cpp +++ b/yojimbo.cpp @@ -87,10 +87,6 @@ void ShutdownYojimbo() #include #include -#if YOJIMBO_WITH_MBEDTLS -#include -#endif // #if YOJIMBO_WITH_MBEDTLS - extern "C" void netcode_random_bytes( uint8_t*, int ); namespace yojimbo @@ -109,70 +105,6 @@ namespace yojimbo } printf( " (%d bytes)\n", data_bytes ); } - -#if YOJIMBO_WITH_MBEDTLS - - int base64_encode_string( const char * input, char * output, int output_size ) - { - yojimbo_assert( input ); - yojimbo_assert( output ); - yojimbo_assert( output_size > 0 ); - - size_t output_length = 0; - - const int input_length = (int) ( strlen( input ) + 1 ); - - int result = mbedtls_base64_encode( (unsigned char*) output, output_size, &output_length, (unsigned char*) input, input_length ); - - return ( result == 0 ) ? (int) output_length + 1 : -1; - } - - int base64_decode_string( const char * input, char * output, int output_size ) - { - yojimbo_assert( input ); - yojimbo_assert( output ); - yojimbo_assert( output_size > 0 ); - - size_t output_length = 0; - - int result = mbedtls_base64_decode( (unsigned char*) output, output_size, &output_length, (const unsigned char*) input, strlen( input ) ); - - if ( result != 0 || output[output_length-1] != '\0' ) - { - output[0] = '\0'; - return -1; - } - - return (int) output_length; - } - - int base64_encode_data( const uint8_t * input, int input_length, char * output, int output_size ) - { - yojimbo_assert( input ); - yojimbo_assert( output ); - yojimbo_assert( output_size > 0 ); - - size_t output_length = 0; - - int result = mbedtls_base64_encode( (unsigned char*) output, output_size, &output_length, (unsigned char*) input, input_length ); - - return ( result == 0 ) ? (int) output_length : -1; - } - - int base64_decode_data( const char * input, uint8_t * output, int output_size ) - { - yojimbo_assert( input ); - yojimbo_assert( output ); - yojimbo_assert( output_size > 0 ); - - size_t output_length = 0; - - int result = mbedtls_base64_decode( (unsigned char*) output, output_size, &output_length, (const unsigned char*) input, strlen( input ) ); - - return ( result == 0 ) ? (int) output_length : -1; - } - -#endif // #if YOJIMBO_WITH_MBEDTLS } // --------------------------------------------------------------------------------- @@ -195,16 +127,16 @@ namespace yojimbo #if YOJIMBO_DEBUG_MEMORY_LEAKS if ( m_alloc_map.size() ) { - printf( "you leaked memory!\n\n" ); + yojimbo_printf( YOJIMBO_LOG_LEVEL_ERROR, "you leaked memory!\n\n" ); typedef std::map::iterator itor_type; for ( itor_type i = m_alloc_map.begin(); i != m_alloc_map.end(); ++i ) { void * p = i->first; AllocatorEntry entry = i->second; - printf( "leaked block %p (%d bytes) - %s:%d\n", p, (int) entry.size, entry.file, entry.line ); + yojimbo_printf( YOJIMBO_LOG_LEVEL_ERROR, "leaked block %p (%d bytes) - %s:%d\n", p, (int) entry.size, entry.file, entry.line ); } - printf( "\n" ); - exit(1); + yojimbo_printf( YOJIMBO_LOG_LEVEL_ERROR, "\n" ); + yojimbo_assert( false && "Leaks detected, see log" ); } #endif // #if YOJIMBO_DEBUG_MEMORY_LEAKS } @@ -669,7 +601,9 @@ namespace yojimbo static void default_assert_handler( const char * condition, const char * function, const char * file, int line ) { - printf( "assert failed: ( %s ), function %s, file %s, line %d\n", condition, function, file, line ); + // We use YOJIMBO_LOG_LEVEL_NONE because it's lower than YOJIMBO_LOG_LEVEL_ERROR, so even if you suppress errors (by setting + // yojimbo_log_level(YOJIMBO_LOG_LEVEL_NONE)), this will still be logged. + yojimbo_printf( YOJIMBO_LOG_LEVEL_NONE, "assert failed: ( %s ), function %s, file %s, line %d\n", condition, function, file, line ); #if defined( __GNUC__ ) __builtin_trap(); #elif defined( _MSC_VER ) @@ -712,7 +646,7 @@ void yojimbo_printf( int level, const char * format, ... ) va_list args; va_start( args, format ); char buffer[4*1024]; - vsprintf( buffer, format, args ); + vsnprintf( buffer, sizeof(buffer), format, args ); printf_function( "%s", buffer ); va_end( args ); } @@ -839,270 +773,6 @@ double yojimbo_time() // --------------------------------------------------------------------------------- -#if YOJIMBO_WITH_MBEDTLS -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include "certs.h" -#endif // #if YOJIMBO_WITH_MBEDTLS -#include -#include -#include "netcode.h" - -#define SERVER_PORT "8080" -#define SERVER_NAME "localhost" - -namespace yojimbo -{ - struct MatcherInternal - { -#if YOJIMBO_WITH_MBEDTLS - mbedtls_net_context server_fd; - mbedtls_entropy_context entropy; - mbedtls_ctr_drbg_context ctr_drbg; - mbedtls_ssl_context ssl; - mbedtls_ssl_config conf; - mbedtls_x509_crt cacert; -#endif // #if YOJIMBO_WITH_MBEDTLS - }; - - Matcher::Matcher( Allocator & allocator ) - { -#if YOJIMBO_WITH_MBEDTLS - yojimbo_assert( ConnectTokenBytes == NETCODE_CONNECT_TOKEN_BYTES ); - m_allocator = &allocator; - m_initialized = false; - m_matchStatus = MATCH_IDLE; - m_internal = YOJIMBO_NEW( allocator, MatcherInternal ); - memset( m_connectToken, 0, sizeof( m_connectToken ) ); -#else // #if YOJIMBO_WITH_MBEDTLS - (void) allocator; -#endif // #if YOJIMBO_WITH_MBEDTLS - } - - Matcher::~Matcher() - { -#if YOJIMBO_WITH_MBEDTLS - mbedtls_net_free( &m_internal->server_fd ); - mbedtls_x509_crt_free( &m_internal->cacert ); - mbedtls_ssl_free( &m_internal->ssl ); - mbedtls_ssl_config_free( &m_internal->conf ); - mbedtls_ctr_drbg_free( &m_internal->ctr_drbg ); - mbedtls_entropy_free( &m_internal->entropy ); - YOJIMBO_DELETE( *m_allocator, MatcherInternal, m_internal ); -#endif // #if YOJIMBO_WITH_MBEDTLS - } - - bool Matcher::Initialize() - { -#if YOJIMBO_WITH_MBEDTLS - - const char * pers = "yojimbo_client"; - - mbedtls_net_init( &m_internal->server_fd ); - mbedtls_ssl_init( &m_internal->ssl ); - mbedtls_ssl_config_init( &m_internal->conf ); - mbedtls_x509_crt_init( &m_internal->cacert ); - mbedtls_ctr_drbg_init( &m_internal->ctr_drbg ); - mbedtls_entropy_init( &m_internal->entropy ); - - int result; - - if ( ( result = mbedtls_ctr_drbg_seed( &m_internal->ctr_drbg, mbedtls_entropy_func, &m_internal->entropy, (const unsigned char *) pers, strlen( pers ) ) ) != 0 ) - { - yojimbo_printf( YOJIMBO_LOG_LEVEL_ERROR, "error: mbedtls_ctr_drbg_seed failed (%d)\n", result ); - return false; - } - - if ( mbedtls_x509_crt_parse( &m_internal->cacert, (const unsigned char *) mbedtls_test_cas_pem, mbedtls_test_cas_pem_len ) < 0 ) - { - yojimbo_printf( YOJIMBO_LOG_LEVEL_ERROR, "error: mbedtls_x509_crt_parse failed (%d)\n", result ); - return false; - } - - memset( m_connectToken, 0, sizeof( m_connectToken ) ); - -#endif // // #if YOJIMBO_WITH_MBEDTLS - - m_initialized = true; - - return true; - } - - void Matcher::RequestMatch( uint64_t protocolId, uint64_t clientId, bool verifyCertificate ) - { -#if YOJIMBO_WITH_MBEDTLS - - yojimbo_assert( m_initialized ); - - const char * data; - char request[1024]; - int bytesRead = 0; - - int result; - - if ( ( result = mbedtls_net_connect( &m_internal->server_fd, SERVER_NAME, SERVER_PORT, MBEDTLS_NET_PROTO_TCP ) ) != 0 ) - { - yojimbo_printf( YOJIMBO_LOG_LEVEL_ERROR, "error: mbedtls_net_connect failed (%d)\n", result ); - m_matchStatus = MATCH_FAILED; - goto cleanup; - } - - if ( ( result = mbedtls_ssl_config_defaults( &m_internal->conf, - MBEDTLS_SSL_IS_CLIENT, - MBEDTLS_SSL_TRANSPORT_STREAM, - MBEDTLS_SSL_PRESET_DEFAULT ) ) != 0 ) - { - yojimbo_printf( YOJIMBO_LOG_LEVEL_ERROR, "error: mbedtls_net_connect failed (%d)\n", result ); - m_matchStatus = MATCH_FAILED; - goto cleanup; - } - - mbedtls_ssl_conf_authmode( &m_internal->conf, verifyCertificate ? MBEDTLS_SSL_VERIFY_REQUIRED : MBEDTLS_SSL_VERIFY_OPTIONAL ); - mbedtls_ssl_conf_ca_chain( &m_internal->conf, &m_internal->cacert, NULL ); - mbedtls_ssl_conf_rng( &m_internal->conf, mbedtls_ctr_drbg_random, &m_internal->ctr_drbg ); - - if ( ( result = mbedtls_ssl_setup( &m_internal->ssl, &m_internal->conf ) ) != 0 ) - { - yojimbo_printf( YOJIMBO_LOG_LEVEL_ERROR, "error: mbedtls_ssl_setup failed (%d)\n", result ); - m_matchStatus = MATCH_FAILED; - goto cleanup; - } - - if ( ( result = mbedtls_ssl_set_hostname( &m_internal->ssl, "yojimbo" ) ) != 0 ) - { - yojimbo_printf( YOJIMBO_LOG_LEVEL_ERROR, "error: mbedtls_ssl_set_hostname failed (%d)\n", result ); - m_matchStatus = MATCH_FAILED; - goto cleanup; - } - - mbedtls_ssl_set_bio( &m_internal->ssl, &m_internal->server_fd, mbedtls_net_send, mbedtls_net_recv, NULL ); - - while ( ( result = mbedtls_ssl_handshake( &m_internal->ssl ) ) != 0 ) - { - if ( result != MBEDTLS_ERR_SSL_WANT_READ && result != MBEDTLS_ERR_SSL_WANT_WRITE ) - { - yojimbo_printf( YOJIMBO_LOG_LEVEL_ERROR, "error: mbedtls_ssl_handshake failed (%d)\n", result ); - m_matchStatus = MATCH_FAILED; - goto cleanup; - } - } - - if ( verifyCertificate ) - { - uint32_t flags; - if ( ( flags = mbedtls_ssl_get_verify_result( &m_internal->ssl ) ) != 0 ) - { - // IMPORTANT: certificate verification failed! - yojimbo_printf( YOJIMBO_LOG_LEVEL_ERROR, "error: mbedtls_ssl_get_verify_result failed - flags = %x\n", flags ); - m_matchStatus = MATCH_FAILED; - goto cleanup; - } - } - - sprintf( request, "GET /match/%" PRIu64 "/%" PRIu64 " HTTP/1.0\r\n\r\n", protocolId, clientId ); - - yojimbo_printf( YOJIMBO_LOG_LEVEL_DEBUG, "match request:\n" ); - yojimbo_printf( YOJIMBO_LOG_LEVEL_DEBUG, "%s\n", request ); - - while ( ( result = mbedtls_ssl_write( &m_internal->ssl, (uint8_t*) request, strlen( request ) ) ) <= 0 ) - { - if ( result != MBEDTLS_ERR_SSL_WANT_READ && result != MBEDTLS_ERR_SSL_WANT_WRITE ) - { - yojimbo_printf( YOJIMBO_LOG_LEVEL_ERROR, "error: mbedtls_ssl_write failed (%d)\n", result ); - m_matchStatus = MATCH_FAILED; - goto cleanup; - } - } - - char buffer[2*ConnectTokenBytes]; - memset( buffer, 0, sizeof( buffer ) ); - do - { - result = mbedtls_ssl_read( &m_internal->ssl, (uint8_t*) ( buffer + bytesRead ), sizeof( buffer ) - bytesRead - 1 ); - - if ( result == MBEDTLS_ERR_SSL_WANT_READ || result == MBEDTLS_ERR_SSL_WANT_WRITE ) - continue; - - if ( result == MBEDTLS_ERR_SSL_PEER_CLOSE_NOTIFY ) - break; - - if ( result <= 0 ) - break; - - bytesRead += result; - } - while( 1 ); - - yojimbo_assert( bytesRead <= (int) sizeof( buffer ) ); - - data = strstr( (const char*)buffer, "\r\n\r\n" ); - if ( !data ) - { - yojimbo_printf( YOJIMBO_LOG_LEVEL_ERROR, "error: invalid http response from matcher\n" ); - m_matchStatus = MATCH_FAILED; - goto cleanup; - } - - while ( *data == 13 || *data == 10 ) - ++data; - - yojimbo_printf( YOJIMBO_LOG_LEVEL_DEBUG, "================================================\n%s\n================================================\n", data ); - - result = base64_decode_data( data, m_connectToken, sizeof( m_connectToken ) ); - if ( result == ConnectTokenBytes ) - { - m_matchStatus = MATCH_READY; - } - else - { - yojimbo_printf( YOJIMBO_LOG_LEVEL_ERROR, "error: failed to decode connect token base64\n" ); - m_matchStatus = MATCH_FAILED; - } - - cleanup: - - mbedtls_ssl_close_notify( &m_internal->ssl ); - -#else // #if YOJIMBO_WITH_MBEDTLS - - (void) protocolId; - (void) clientId; - (void) verifyCertificate; - m_matchStatus = MATCH_FAILED; - -#endif // #if YOJIMBO_WITH_MBEDTLS - } - - MatchStatus Matcher::GetMatchStatus() - { - return m_matchStatus; - } - - void Matcher::GetConnectToken( uint8_t * connectToken ) - { -#if YOJIMBO_WITH_MBEDTLS - yojimbo_assert( connectToken ); - yojimbo_assert( m_matchStatus == MATCH_READY ); - if ( m_matchStatus == MATCH_READY ) - { - memcpy( connectToken, m_connectToken, ConnectTokenBytes ); - } -#else // #if YOJIMBO_WITH_MBEDTLS - (void) connectToken; - yojimbo_assert( false ); -#endif // #if YOJIMBO_WITH_MBEDTLS - } -} - -// --------------------------------------------------------------------------------- - namespace yojimbo { void ChannelPacketData::Initialize() @@ -1890,7 +1560,7 @@ namespace yojimbo void ReliableOrderedChannel::AddMessagePacketEntry( const uint16_t * messageIds, int numMessageIds, uint16_t sequence ) { - SentPacketEntry * sentPacket = m_sentPackets->Insert( sequence ); + SentPacketEntry * sentPacket = m_sentPackets->Insert( sequence, true ); yojimbo_assert( sentPacket ); if ( sentPacket ) { @@ -2172,7 +1842,7 @@ namespace yojimbo void ReliableOrderedChannel::AddFragmentPacketEntry( uint16_t messageId, uint16_t fragmentId, uint16_t sequence ) { - SentPacketEntry * sentPacket = m_sentPackets->Insert( sequence ); + SentPacketEntry * sentPacket = m_sentPackets->Insert( sequence, true ); yojimbo_assert( sentPacket ); if ( sentPacket ) { @@ -3303,7 +2973,7 @@ namespace yojimbo Disconnect(); SetClientState( CLIENT_STATE_DISCONNECTED ); } - else if ( state == NETCODE_CLIENT_STATE_SENDING_CONNECTION_REQUEST ) + else if ( state == NETCODE_CLIENT_STATE_SENDING_CONNECTION_REQUEST || state == NETCODE_CLIENT_STATE_SENDING_CONNECTION_RESPONSE ) { SetClientState( CLIENT_STATE_CONNECTING ); } diff --git a/yojimbo.h b/yojimbo.h index 93bc0fc0..0502abdf 100644 --- a/yojimbo.h +++ b/yojimbo.h @@ -7,17 +7,17 @@ 1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. - 2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer + 2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. - 3. Neither the name of the copyright holder nor the names of its contributors may be used to endorse or promote products derived + 3. Neither the name of the copyright holder nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission. - THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR - SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, + THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR + SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ @@ -55,7 +55,7 @@ #else #error Unknown machine endianess detected. User needs to define YOJIMBO_LITTLE_ENDIAN or YOJIMBO_BIG_ENDIAN. #endif // __BYTE_ORDER__ - + // Detect with GLIBC's endian.h #elif defined(__GLIBC__) #include @@ -66,13 +66,13 @@ #else #error Unknown machine endianess detected. User needs to define YOJIMBO_LITTLE_ENDIAN or YOJIMBO_BIG_ENDIAN. #endif // __BYTE_ORDER - + // Detect with _LITTLE_ENDIAN and _BIG_ENDIAN macro #elif defined(_LITTLE_ENDIAN) && !defined(_BIG_ENDIAN) #define YOJIMBO_LITTLE_ENDIAN 1 #elif defined(_BIG_ENDIAN) && !defined(_LITTLE_ENDIAN) #define YOJIMBO_BIG_ENDIAN 1 - + // Detect with architecture macros #elif defined(__sparc) || defined(__sparc__) \ || defined(_POWER) || defined(__powerpc__) \ @@ -88,7 +88,7 @@ #elif defined(_MSC_VER) && defined(_M_ARM) #define YOJIMBO_LITTLE_ENDIAN 1 #else - #error Unknown machine endianess detected. User needs to define YOJIMBO_LITTLE_ENDIAN or YOJIMBO_BIG_ENDIAN. + #error Unknown machine endianess detected. User needs to define YOJIMBO_LITTLE_ENDIAN or YOJIMBO_BIG_ENDIAN. #endif #endif @@ -104,10 +104,6 @@ #define YOJIMBO_DEFAULT_TIMEOUT 5 #endif -#if !defined( YOJIMBO_WITH_MBEDTLS ) -#define YOJIMBO_WITH_MBEDTLS 1 -#endif // #if !defined( YOJIMBO_WITH_MBEDTLS ) - #ifdef _MSC_VER #pragma warning( disable : 4127 ) #pragma warning( disable : 4244 ) @@ -184,35 +180,35 @@ namespace yojimbo enum ChannelType { - CHANNEL_TYPE_RELIABLE_ORDERED, ///< Messages are received reliably and in the same order they were sent. + CHANNEL_TYPE_RELIABLE_ORDERED, ///< Messages are received reliably and in the same order they were sent. CHANNEL_TYPE_UNRELIABLE_UNORDERED ///< Messages are sent unreliably. Messages may arrive out of order, or not at all. }; - /** + /** Configuration properties for a message channel. - + Channels let you specify different reliability and ordering guarantees for messages sent across a connection. - + They may be configured as one of two types: reliable-ordered or unreliable-unordered. - - Reliable ordered channels guarantee that messages (see Message) are received reliably and in the same order they were sent. + + Reliable ordered channels guarantee that messages (see Message) are received reliably and in the same order they were sent. This channel type is designed for control messages and RPCs sent between the client and server. - + Unreliable unordered channels are like UDP. There is no guarantee that messages will arrive, and messages may arrive out of order. - This channel type is designed for data that is time critical and should not be resent if dropped, like snapshots of world state sent rapidly + This channel type is designed for data that is time critical and should not be resent if dropped, like snapshots of world state sent rapidly from server to client, or cosmetic events such as effects and sounds. - + Both channel types support blocks of data attached to messages (see BlockMessage), but their treatment of blocks is quite different. - - Reliable ordered channels are designed for blocks that must be received reliably and in-order with the rest of the messages sent over the channel. - Examples of these sort of blocks include the initial state of a level, or server configuration data sent down to a client on connect. These blocks + + Reliable ordered channels are designed for blocks that must be received reliably and in-order with the rest of the messages sent over the channel. + Examples of these sort of blocks include the initial state of a level, or server configuration data sent down to a client on connect. These blocks are sent by splitting them into fragments and resending each fragment until the other side has received the entire block. This allows for sending blocks of data larger that maximum packet size quickly and reliably even under packet loss. - + Unreliable-unordered channels send blocks as-is without splitting them up into fragments. The idea is that transport level packet fragmentation - should be used on top of the generated packet to split it up into into smaller packets that can be sent across typical Internet MTU (<1500 bytes). + should be used on top of the generated packet to split it up into into smaller packets that can be sent across typical Internet MTU (<1500 bytes). Because of this, you need to make sure that the maximum block size for an unreliable-unordered channel fits within the maximum packet size. - + Channels are typically configured as part of a ConnectionConfig, which is included inside the ClientServerConfig that is passed into the Client and Server constructors. */ @@ -250,7 +246,7 @@ namespace yojimbo } }; - /** + /** Configures connection properties and the set of channels for sending and receiving messages. Specifies the maximum packet size to generate, and the number of message channels, and the per-channel configuration data. See ChannelConfig for details. Typically configured as part of a ClientServerConfig which is passed into Client and Server constructors. @@ -269,7 +265,7 @@ namespace yojimbo } }; - /** + /** Configuration shared between client and server. Passed to Client and Server constructors to configure their behavior. Please make sure that the message configuration is identical between client and server. @@ -425,7 +421,7 @@ void yojimbo_log_level( int level ); /** Printf function used by yojimbo to emit logs. - This function internally calls the printf callback set by the user. + This function internally calls the printf callback set by the user. @see yojimbo_set_printf_function */ @@ -491,9 +487,9 @@ namespace yojimbo #define YOJIMBO_NEW( a, T, ... ) ( new ( (a).Allocate( sizeof(T), __FILE__, __LINE__ ) ) T(__VA_ARGS__) ) /// Macro for deleting an object created with a yojimbo allocator. - #define YOJIMBO_DELETE( a, T, p ) do { if (p) { (p)->~T(); (a).Free( p, __FILE__, __LINE__ ); p = NULL; } } while (0) + #define YOJIMBO_DELETE( a, T, p ) do { if (p) { (p)->~T(); (a).Free( p, __FILE__, __LINE__ ); p = NULL; } } while (0) - /// Macro for allocating a block of memory with a yojimbo allocator. + /// Macro for allocating a block of memory with a yojimbo allocator. #define YOJIMBO_ALLOCATE( a, bytes ) (a).Allocate( (bytes), __FILE__, __LINE__ ) /// Macro for freeing a block of memory created with a yojimbo allocator. @@ -522,7 +518,7 @@ namespace yojimbo #if YOJIMBO_DEBUG_MEMORY_LEAKS /** - Debug structure used to track allocations and find memory leaks. + Debug structure used to track allocations and find memory leaks. Active in debug build only. Disabled in release builds for performance reasons. */ @@ -697,7 +693,7 @@ namespace yojimbo /** TLSF allocator constructor. - If you want to integrate your own allocator with yojimbo for use with the client and server, this class is a good template to start from. + If you want to integrate your own allocator with yojimbo for use with the client and server, this class is a good template to start from. Make sure your constructor has the same signature as this one, and it will work with the YOJIMBO_SERVER_ALLOCATOR and YOJIMBO_CLIENT_ALLOCATOR helper macros. @param memory Block of memory in which the allocator will work. This block must remain valid while this allocator exists. The allocator does not assume ownership of it, you must free it elsewhere, if necessary. @param bytes The size of the block of memory (bytes). The maximum amount of memory you can allocate will be less, due to allocator overhead. @@ -768,7 +764,7 @@ namespace yojimbo return result; } - /** + /** Generate a random float between a and b. IMPORTANT: This is not a cryptographically secure random. It's used only for test functions and in the network simulator. @param a The minimum integer value to generate. @@ -801,7 +797,7 @@ namespace yojimbo d = c + ( c >> 8 ), e = d + ( d >> 16 ), - result = e & 0x0000003f + result = e & 0x0000003f }; }; @@ -968,10 +964,10 @@ namespace yojimbo #endif // #if YOJIMBO_BIG_ENDIAN } - /** + /** Compares two 16 bit sequence numbers and returns true if the first one is greater than the second (considering wrapping). IMPORTANT: This is not the same as s1 > s2! - Greater than is defined specially to handle wrapping sequence numbers. + Greater than is defined specially to handle wrapping sequence numbers. If the two sequence numbers are close together, it is as normal, but they are far apart, it is assumed that they have wrapped around. Thus, sequence_greater_than( 1, 0 ) returns true, and so does sequence_greater_than( 0, 65535 )! @param s1 The first sequence number. @@ -981,14 +977,14 @@ namespace yojimbo inline bool sequence_greater_than( uint16_t s1, uint16_t s2 ) { - return ( ( s1 > s2 ) && ( s1 - s2 <= 32768 ) ) || + return ( ( s1 > s2 ) && ( s1 - s2 <= 32768 ) ) || ( ( s1 < s2 ) && ( s2 - s1 > 32768 ) ); } - /** + /** Compares two 16 bit sequence numbers and returns true if the first one is less than the second (considering wrapping). IMPORTANT: This is not the same as s1 < s2! - Greater than is defined specially to handle wrapping sequence numbers. + Greater than is defined specially to handle wrapping sequence numbers. If the two sequence numbers are close together, it is as normal, but they are far apart, it is assumed that they have wrapped around. Thus, sequence_less_than( 0, 1 ) returns true, and so does sequence_greater_than( 65535, 0 )! @param s1 The first sequence number. @@ -1025,61 +1021,6 @@ namespace yojimbo return ( n >> 1 ) ^ ( -int32_t( n & 1 ) ); } -#if YOJIMBO_WITH_MBEDTLS - - /** - Base 64 encode a string. - @param input The input string value. Must be null terminated. - @param output The output base64 encoded string. Will be null terminated. - @param output_size The size of the output buffer (bytes). Must be large enough to store the base 64 encoded string. - @returns The number of bytes in the base64 encoded string, including terminating null. -1 if the base64 encode failed because the output buffer was too small. - */ - - int base64_encode_string( const char * input, char * output, int output_size ); - - /** - Base 64 decode a string. - @param input The base64 encoded string. - @param output The decoded string. Guaranteed to be null terminated, even if the base64 is maliciously encoded. - @param output_size The size of the output buffer (bytes). - @returns The number of bytes in the decoded string, including terminating null. -1 if the base64 decode failed. - */ - - int base64_decode_string( const char * input, char * output, int output_size ); - - /** - Base 64 encode a block of data. - @param input The data to encode. - @param input_length The length of the input data (bytes). - @param output The output base64 encoded string. Will be null terminated. - @param output_size The size of the output buffer. Must be large enough to store the base 64 encoded string. - @returns The number of bytes in the base64 encoded string, including terminating null. -1 if the base64 encode failed because the output buffer was too small. - */ - - int base64_encode_data( const uint8_t * input, int input_length, char * output, int output_size ); - - /** - Base 64 decode a block of data. - @param input The base 64 data to decode. Must be a null terminated string. - @param output The output data. Will *not* be null terminated. - @param output_size The size of the output buffer. - @returns The number of bytes of decoded data. -1 if the base64 decode failed. - */ - - int base64_decode_data( const char * input, uint8_t * output, int output_size ); - - /** - Print bytes with a label. - Useful for printing out packets, encryption keys, nonce etc. - @param label The label to print out before the bytes. - @param data The data to print out to stdout. - @param data_bytes The number of bytes of data to print. - */ - - void print_bytes( const char * label, const uint8_t * data, int data_bytes ); - -#endif // #if YOJIMBO_WITH_MBEDTLS - /** A simple bit array class. You can create a bit array with a number of bits, set, clear and test if each bit is set. @@ -1230,7 +1171,7 @@ namespace yojimbo ~Queue() { yojimbo_assert( m_allocator ); - + YOJIMBO_FREE( *m_allocator, m_entries ); m_arraySize = 0; @@ -1268,7 +1209,7 @@ namespace yojimbo /** Push a value on to the queue. @param value The value to push onto the queue. - IMPORTANT: Will assert if the queue is already full. Check Queue::IsFull before calling this! + IMPORTANT: Will assert if the queue is already full. Check Queue::IsFull before calling this! */ void Push( const T & value ) @@ -1360,7 +1301,7 @@ namespace yojimbo /** Data structure that stores data indexed by sequence number. - Entries may or may not exist. If they don't exist the sequence value for the entry at that index is set to 0xFFFFFFFF. + Entries may or may not exist. If they don't exist the sequence value for the entry at that index is set to 0xFFFFFFFF. This provides a constant time lookup for an entry by sequence number. If the entry at sequence modulo buffer size doesn't have the same sequence number, that sequence number is not stored. This is incredibly useful and is used as the foundation of the packet level ack system and the reliable message send and receive queues. @see Connection @@ -1414,12 +1355,13 @@ namespace yojimbo Insert an entry in the sequence buffer. IMPORTANT: If another entry exists at the sequence modulo buffer size, it is overwritten. @param sequence The sequence number. + @param guaranteed_order Whether sequence is always the newest value (when sending) or can be out of order (when receiving). @returns The sequence buffer entry, which you must fill with your data. NULL if a sequence buffer entry could not be added for your sequence number (if the sequence number is too old for example). */ - T * Insert( uint16_t sequence ) + T * Insert( uint16_t sequence, bool guaranteed_order = false ) { - if ( sequence_greater_than( sequence + 1, m_sequence ) ) + if ( sequence_greater_than( sequence + 1, m_sequence ) || guaranteed_order ) { RemoveEntries( m_sequence, sequence ); m_sequence = sequence + 1; @@ -1532,7 +1474,7 @@ namespace yojimbo @see yojimbo::sequence_less_than */ - uint16_t GetSequence() const + uint16_t GetSequence() const { return m_sequence; } @@ -1549,7 +1491,7 @@ namespace yojimbo return sequence % m_size; } - /** + /** Get the size of the sequence buffer. @returns The size of the sequence buffer (number of entries). */ @@ -1561,17 +1503,17 @@ namespace yojimbo protected: - /** + /** Helper function to remove entries. - This is used to remove old entries as we advance the sequence buffer forward. - Otherwise, if when entries are added with holes (eg. receive buffer for packets or messages, where not all sequence numbers are added to the buffer because we have high packet loss), + This is used to remove old entries as we advance the sequence buffer forward. + Otherwise, if when entries are added with holes (eg. receive buffer for packets or messages, where not all sequence numbers are added to the buffer because we have high packet loss), and we are extremely unlucky, we can have old sequence buffer entries from the previous sequence # wrap around still in the buffer, which corrupts our internal connection state. This actually happened in the soak test at high packet loss levels (>90%). It took me days to track it down :) */ void RemoveEntries( int start_sequence, int finish_sequence ) { - if ( finish_sequence < start_sequence ) + if ( finish_sequence < start_sequence ) finish_sequence += 65535; yojimbo_assert( finish_sequence >= start_sequence ); if ( finish_sequence - start_sequence < m_size ) @@ -1593,7 +1535,7 @@ namespace yojimbo uint16_t m_sequence; ///< The most recent sequence number added to the buffer. uint32_t * m_entry_sequence; ///< Array of sequence numbers corresponding to each sequence buffer entry for fast lookup. Set to 0xFFFFFFFF if no entry exists at that index. T * m_entries; ///< The sequence buffer entries. This is where the data is stored per-entry. Separate from the sequence numbers for fast lookup (hot/cold split) when the data per-sequence number is relatively large. - + SequenceBuffer( const SequenceBuffer & other ); SequenceBuffer & operator = ( const SequenceBuffer & other ); @@ -1613,7 +1555,7 @@ namespace yojimbo /** Bit writer constructor. - Creates a bit writer object to write to the specified buffer. + Creates a bit writer object to write to the specified buffer. @param data The pointer to the buffer to fill with bitpacked data. @param bytes The size of the buffer in bytes. Must be a multiple of 4, because the bitpacker reads and writes memory as dwords, not bytes. */ @@ -1746,7 +1688,7 @@ namespace yojimbo m_data[m_wordIndex] = host_to_network( uint32_t( m_scratch & 0xFFFFFFFF ) ); m_scratch >>= 32; m_scratchBits = 0; - m_wordIndex++; + m_wordIndex++; } } @@ -1760,7 +1702,7 @@ namespace yojimbo return ( 8 - ( m_bitsWritten % 8 ) ) % 8; } - /** + /** How many bits have we written so far? @returns The number of bits written to the bit buffer. */ @@ -1780,7 +1722,7 @@ namespace yojimbo { return m_numBits - m_bitsWritten; } - + /** Get a pointer to the data written by the bit writer. Corresponds to the data block passed in to the constructor. @@ -1899,8 +1841,8 @@ namespace yojimbo /** Read an align. - Call this on read to correspond to a WriteAlign call when the bitpacked buffer was written. - This makes sure we skip ahead to the next aligned byte index. As a safety check, we verify that the padding to next byte is zero bits and return false if that's not the case. + Call this on read to correspond to a WriteAlign call when the bitpacked buffer was written. + This makes sure we skip ahead to the next aligned byte index. As a safety check, we verify that the padding to next byte is zero bits and return false if that's not the case. This will typically abort packet read. Just another safety measure... @returns True if we successfully read an align and skipped ahead past zero pad, false otherwise (probably means, no align was written to the stream). @see BitWriter::WriteAlign @@ -1973,7 +1915,7 @@ namespace yojimbo return ( 8 - m_bitsRead % 8 ) % 8; } - /** + /** How many bits have we read so far? @returns The number of bits read from the bit buffer so far. */ @@ -2026,7 +1968,7 @@ namespace yojimbo // #define yojimbo_getvarint yojimbo_get_varint // #define yojimbo_putvarint yojimbo_put_varint - /** + /** Functionality common to all stream classes. */ @@ -2202,7 +2144,7 @@ namespace yojimbo return true; } - /** + /** If we were to write an align right now, how many bits would be required? @returns The number of zero pad bits required to achieve byte alignment in [0,7]. */ @@ -2331,7 +2273,7 @@ namespace yojimbo int i = 0; uint8_t data[6]; uint32_t read_value; - do { + do { if ( m_reader.WouldReadPastEnd( 8 ) ) return false; read_value = m_reader.ReadBits( 8 ); @@ -2353,7 +2295,7 @@ namespace yojimbo int i = 0; uint8_t data[10]; uint32_t read_value; - do { + do { if ( m_reader.WouldReadPastEnd( 8 ) ) return false; read_value = m_reader.ReadBits( 8 ); @@ -2414,7 +2356,7 @@ namespace yojimbo return true; } - /** + /** If we were to read an align right now, how many bits would we need to read? @returns The number of zero pad bits required to achieve byte alignment in [0,7]. */ @@ -2432,7 +2374,7 @@ namespace yojimbo bool SerializeCheck() { -#if YOJIMBO_SERIALIZE_CHECKS +#if YOJIMBO_SERIALIZE_CHECKS if ( !SerializeAlign() ) return false; uint32_t value = 0; @@ -2477,7 +2419,7 @@ namespace yojimbo Stream class for estimating how many bits it would take to serialize something. This class acts like a bit writer (IsWriting is 1, IsReading is 0), but instead of writing data, it counts how many bits would be written. It's used by the connection channel classes to work out how many messages will fit in the channel packet budget. - Note that when the serialization includes alignment to byte (see MeasureStream::SerializeAlign), this is an estimate and not an exact measurement. The estimate is guaranteed to be conservative. + Note that when the serialization includes alignment to byte (see MeasureStream::SerializeAlign), this is an estimate and not an exact measurement. The estimate is guaranteed to be conservative. @see BitWriter @see BitReader */ @@ -2505,7 +2447,7 @@ namespace yojimbo */ bool SerializeInteger( int32_t value, int32_t min, int32_t max ) - { + { (void) value; yojimbo_assert( min < max ); yojimbo_assert( value >= min ); @@ -2522,7 +2464,7 @@ namespace yojimbo */ bool SerializeVarint32( int32_t value ) - { + { const int bits = yojimbo_measure_varint( value ) * 8; m_bitsWritten += bits; return true; @@ -2535,7 +2477,7 @@ namespace yojimbo */ bool SerializeVarint64( int64_t value ) - { + { const int bits = yojimbo_measure_varint( value ) * 8; m_bitsWritten += bits; return true; @@ -2584,9 +2526,9 @@ namespace yojimbo return true; } - /** + /** If we were to write an align right now, how many bits would be required? - IMPORTANT: Since the number of bits required for alignment depends on where an object is written in the final bit stream, this measurement is conservative. + IMPORTANT: Since the number of bits required for alignment depends on where an object is written in the final bit stream, this measurement is conservative. @returns Always returns worst case 7 bits. */ @@ -2636,7 +2578,7 @@ namespace yojimbo const int MaxAddressLength = 256; ///< The maximum length of an address when converted to a string (includes terminating NULL). @see Address::ToString - /** + /** Address type. @see Address::GetType. */ @@ -2648,7 +2590,7 @@ namespace yojimbo ADDRESS_IPV6 ///< An IPv6 address, eg: "48d9:4a08:b543:ae31:89d8:3226:b92c:cbba" }; - /** + /** An IP address and port number. Supports both IPv4 and IPv6 addresses. Identifies where a packet came from, and where a packet should be sent. @@ -2722,7 +2664,7 @@ namespace yojimbo /** Parse a string to an address. - This versions supports parsing a port included in the address string. For example, "127.0.0.1:4000" and "[::1]:40000". + This versions supports parsing a port included in the address string. For example, "127.0.0.1:4000" and "[::1]:40000". Parsing is performed via inet_pton once the port # has been extracted from the string, so you may specify any IPv4 or IPv6 address formatted in any valid way, and it should work as you expect. Depending on the type of data in the string the address will become ADDRESS_TYPE_IPV4 or ADDRESS_TYPE_IPV6. If the string is not recognized as a valid address, the address type is set to ADDRESS_TYPE_NONE, causing Address::IsValid to return false. Please check that after creating an address from a string. @@ -2853,8 +2795,8 @@ namespace yojimbo protected: - /** - Helper function to parse an address string. + /** + Helper function to parse an address string. Used by the constructors that take a string parameter. @param address The string to parse. */ @@ -3041,6 +2983,54 @@ namespace yojimbo } \ } while (0) + template bool serialize_compressed_float_internal(Stream &stream, + float &value, + float min, + float max, + float res) + { + const float delta = max - min; + const float values = delta / res; + const uint32_t maxIntegerValue = (uint32_t)ceil(values); + const int bits = bits_required(0, maxIntegerValue); + uint32_t integerValue = 0; + if (Stream::IsWriting) + { + float normalizedValue = + yojimbo_clamp((value - min) / delta, 0.0f, 1.0f); + integerValue = (uint32_t)floor(normalizedValue * + maxIntegerValue + + 0.5f); + } + if (!stream.SerializeBits(integerValue, bits)) + { + return false; + } + if (Stream::IsReading) + { + const float normalizedValue = + integerValue / float(maxIntegerValue); + value = normalizedValue * delta + min; + } + return true; + } + /** + Serialize compressed floating point value (read/write/measure). + This is a helper macro to make writing unified serialize functions easier. + Serialize macros returns false on error so we don't need to use exceptions for error handling on read. This is an important safety measure because packet data comes from the network and may be malicious. + IMPORTANT: This macro must be called inside a templated serialize function with template \. The serialize method must have a bool return value. + @param stream The stream object. May be a read, write or measure stream. + @param value The float value to serialize. + */ +#define serialize_compressed_float(stream, value, min, max, res) \ + do \ + { \ + if (!yojimbo::serialize_compressed_float_internal(stream, value, min, max, res)) \ + { \ + return false; \ + } \ + } while (0) + /** Serialize a 32 bit unsigned integer to the stream (read/write/measure). This is a helper macro to make unified serialize functions easier. @@ -3297,7 +3287,7 @@ namespace yojimbo } return true; } - + bool twoBits = false; if ( Stream::IsWriting ) { @@ -3313,7 +3303,7 @@ namespace yojimbo } return true; } - + bool fourBits = false; if ( Stream::IsWriting ) { @@ -3597,9 +3587,9 @@ namespace yojimbo @see WriteStream @see MeasureStream */ - + class Serializable - { + { public: virtual ~Serializable() {} @@ -3638,29 +3628,29 @@ namespace yojimbo #define YOJIMBO_VIRTUAL_SERIALIZE_FUNCTIONS() \ bool SerializeInternal( class yojimbo::ReadStream & stream ) { return Serialize( stream ); }; \ bool SerializeInternal( class yojimbo::WriteStream & stream ) { return Serialize( stream ); }; \ - bool SerializeInternal( class yojimbo::MeasureStream & stream ) { return Serialize( stream ); }; + bool SerializeInternal( class yojimbo::MeasureStream & stream ) { return Serialize( stream ); }; /** A reference counted object that can be serialized to a bitstream. Messages are objects that are sent between client and server across the connection. They are carried inside the ConnectionPacket generated by the Connection class. Messages can be sent reliable-ordered, or unreliable-unordered, depending on the configuration of the channel they are sent over. - + To use messages, create your own set of message classes by inheriting from this class (or from BlockMessage, if you want to attach data blocks to your message), then setup an enum of all your message types and derive a message factory class to create your message instances by type. - + There are macros to help make defining your message factory painless: - + YOJIMBO_MESSAGE_FACTORY_START YOJIMBO_DECLARE_MESSAGE_TYPE YOJIMBO_MESSAGE_FACTORY_FINISH - + Once you have a message factory, register it with your declared inside your client and server classes using: - + YOJIMBO_MESSAGE_FACTORY - + which overrides the Client::CreateMessageFactory and Server::CreateMessageFactory methods so the client and server classes use your message factory type. - + See tests/shared.h for an example showing you how to do this, and the functional tests inside tests/test.cpp for examples showing how how to send and receive messages. - + @see BlockMessage @see MessageFactory @see Connection @@ -3679,7 +3669,7 @@ namespace yojimbo Message( int blockMessage = 0 ) : m_refCount(1), m_id(0), m_type(0), m_blockMessage( blockMessage ) {} - /** + /** Set the message id. When messages are sent over a reliable-ordered channel, the message id starts at 0 and increases with each message sent over that channel. When messages are sent over an unreliable-unordered channel, the message id is set to the sequence number of the packet it was delivered in. @@ -3706,7 +3696,7 @@ namespace yojimbo /** Get the reference count on the message. - Messages start with a reference count of 1 when they are created. This is decreased when they are released. + Messages start with a reference count of 1 when they are created. This is decreased when they are released. When the reference count reaches 0, the message is destroyed. @returns The reference count on the message. */ @@ -3726,7 +3716,7 @@ namespace yojimbo Virtual serialize function (read). Reads the message in from a bitstream. Don't override this method directly, instead, use the YOJIMBO_VIRTUAL_SERIALIZE_FUNCTIONS macro in your derived message class to redirect it to a templated serialize method. - This way you can implement serialization for your packets in a single method and the C++ compiler takes care of generating specialized read, write and measure implementations for you. + This way you can implement serialization for your packets in a single method and the C++ compiler takes care of generating specialized read, write and measure implementations for you. See tests/shared.h for examples of this. */ @@ -3736,7 +3726,7 @@ namespace yojimbo Virtual serialize function (write). Write the message to a bitstream. Don't override this method directly, instead, use the YOJIMBO_VIRTUAL_SERIALIZE_FUNCTIONS macro in your derived message class to redirect it to a templated serialize method. - This way you can implement serialization for your packets in a single method and the C++ compiler takes care of generating specialized read, write and measure implementations for you. + This way you can implement serialization for your packets in a single method and the C++ compiler takes care of generating specialized read, write and measure implementations for you. See tests/shared.h for examples of this. */ @@ -3746,7 +3736,7 @@ namespace yojimbo Virtual serialize function (measure). Measure how many bits this message would take to write. This is used when working out how many messages will fit within the channel packet budget. Don't override this method directly, instead, use the YOJIMBO_VIRTUAL_SERIALIZE_FUNCTIONS macro in your derived message class to redirect it to a templated serialize method. - This way you can implement serialization for your packets in a single method and the C++ compiler takes care of generating specialized read, write and measure implementations for you. + This way you can implement serialization for your packets in a single method and the C++ compiler takes care of generating specialized read, write and measure implementations for you. See tests/shared.h for examples of this. */ @@ -3764,7 +3754,7 @@ namespace yojimbo /** Add a reference to the message. - This is called when a message is included in a packet and added to the receive queue. + This is called when a message is included in a packet and added to the receive queue. This way we don't have to pass messages by value (more efficient) and messages get cleaned up when they are delivered and no packets refer to them. */ @@ -3790,8 +3780,8 @@ namespace yojimbo private: friend class MessageFactory; - - Message( const Message & other ); + + Message( const Message & other ); const Message & operator = ( const Message & other ); @@ -3835,7 +3825,7 @@ namespace yojimbo m_blockSize = blockSize; } - /** + /** Detach the block from this message. By doing this you are responsible for copying the block pointer and allocator and making sure the block is freed. This could be used for example, if you wanted to copy off the block and store it somewhere, without the cost of copying it. @@ -3901,7 +3891,7 @@ namespace yojimbo template bool Serialize( Stream & stream ) { (void) stream; return true; } - YOJIMBO_VIRTUAL_SERIALIZE_FUNCTIONS(); + YOJIMBO_VIRTUAL_SERIALIZE_FUNCTIONS() protected: @@ -3940,16 +3930,16 @@ namespace yojimbo Defines the set of message types that can be created. You can derive a message factory yourself to create your own message types, or you can use these helper macros to do it for you: - + YOJIMBO_MESSAGE_FACTORY_START YOJIMBO_DECLARE_MESSAGE_TYPE YOJIMBO_MESSAGE_FACTORY_FINISH - + See tests/shared.h for an example showing how to use the macros. */ class MessageFactory - { + { public: /** @@ -3983,7 +3973,7 @@ namespace yojimbo yojimbo_printf( YOJIMBO_LOG_LEVEL_ERROR, "you leaked messages!\n" ); yojimbo_printf( YOJIMBO_LOG_LEVEL_ERROR, "%d messages leaked\n", (int) allocated_messages.size() ); typedef std::map::iterator itor_type; - for ( itor_type i = allocated_messages.begin(); i != allocated_messages.end(); ++i ) + for ( itor_type i = allocated_messages.begin(); i != allocated_messages.end(); ++i ) { Message * message = (Message*) i->first; yojimbo_printf( YOJIMBO_LOG_LEVEL_ERROR, "leaked message %p (type %d, refcount %d)\n", message, message->GetType(), message->GetRefCount() ); @@ -4025,7 +4015,7 @@ namespace yojimbo @param message The message to add a reference to. @see MessageFactory::Create @see MessageFactory::Release - */ + */ void AcquireMessage( Message * message ) { @@ -4123,16 +4113,16 @@ namespace yojimbo #if YOJIMBO_DEBUG_MESSAGE_LEAKS std::map allocated_messages; ///< The set of allocated messages for this factory. Used to track down message leaks. #endif // #if YOJIMBO_DEBUG_MESSAGE_LEAKS - + Allocator * m_allocator; ///< The allocator used to create messages. - + int m_numTypes; ///< The number of message types. - + MessageFactoryErrorLevel m_errorLevel; ///< The message factory error level. }; } -/** +/** Start a definition of a new message factory. This is a helper macro to make declaring your own message factory class easier. @param factory_class The name of the message factory class to generate. @@ -4154,7 +4144,7 @@ namespace yojimbo switch ( type ) \ { \ -/** +/** Add a message type to a message factory. This is a helper macro to make declaring your own message factory class easier. @param message_type The message type value. This is typically an enum value. @@ -4165,13 +4155,13 @@ namespace yojimbo #define YOJIMBO_DECLARE_MESSAGE_TYPE( message_type, message_class ) \ \ case message_type: \ - message = YOJIMBO_NEW( allocator, message_class ); \ + message = YOJIMBO_NEW( allocator, message_class, ); \ if ( !message ) \ return NULL; \ SetMessageType( message, message_type ); \ return message; -/** +/** Finish the definition of a new message factory. This is a helper macro to make declaring your own message factory class easier. See tests/shared.h for an example of usage. @@ -4297,20 +4287,20 @@ namespace yojimbo virtual ~Channel() {} /** - Reset the channel. + Reset the channel. */ virtual void Reset() = 0; /** Returns true if a message can be sent over this channel. - */ + */ virtual bool CanSendMessage() const = 0; /** Are there any messages in the send queue? - @returns True if there is at least one message in the send queue. + @returns True if there is at least one message in the send queue. */ virtual bool HasMessagesToSend() const = 0; @@ -4322,7 +4312,7 @@ namespace yojimbo virtual void SendMessage( Message * message, void *context) = 0; - /** + /** Pops the next message off the receive queue if one is available. @returns A pointer to the received message, NULL if there are no messages to receive. The caller owns the message object returned by this function and is responsible for releasing it via Message::Release. */ @@ -4360,8 +4350,8 @@ namespace yojimbo /** Process a connection packet ack. - Depending on the channel type: - 1. Acks messages and block fragments so they stop being included in outgoing connection packets (reliable-ordered channel), + Depending on the channel type: + 1. Acks messages and block fragments so they stop being included in outgoing connection packets (reliable-ordered channel), 2. Does nothing at all (unreliable-unordered). @param sequence The sequence number of the connection packet that was acked. */ @@ -4377,7 +4367,7 @@ namespace yojimbo ChannelErrorLevel GetErrorLevel() const; - /** + /** Gets the channel index. @returns The channel index in [0,numChannels-1]. */ @@ -4403,9 +4393,9 @@ namespace yojimbo /** Set the channel error level. - All errors go through this function to make debug logging easier. + All errors go through this function to make debug logging easier. */ - + void SetErrorLevel( ChannelErrorLevel errorLevel ); protected: @@ -4431,7 +4421,7 @@ namespace yojimbo { public: - /** + /** Reliable ordered channel constructor. @param allocator The allocator to use. @param messageFactory Message factory for creating and destroying messages. @@ -4467,7 +4457,7 @@ namespace yojimbo /** Are there any unacked messages in the send queue? Messages are acked individually and remain in the send queue until acked. - @returns True if there is at least one unacked message in the send queue. + @returns True if there is at least one unacked message in the send queue. */ bool HasMessagesToSend() const; @@ -4518,8 +4508,8 @@ namespace yojimbo /** Track the oldest unacked message id in the send queue. - Because messages are acked individually, the send queue is not a true queue and may have holes. - Because of this it is necessary to periodically walk forward from the previous oldest unacked message id, to find the current oldest unacked message id. + Because messages are acked individually, the send queue is not a true queue and may have holes. + Because of this it is necessary to periodically walk forward from the previous oldest unacked message id, to find the current oldest unacked message id. This lets us know our starting point for considering messages to include in the next packet we send. @see GetMessagesToSend */ @@ -4528,9 +4518,9 @@ namespace yojimbo /** True if we are currently sending a block message. - Block messages are treated differently to regular messages. + Block messages are treated differently to regular messages. Regular messages are small so we try to fit as many into the packet we can. See ReliableChannelData::GetMessagesToSend. - Blocks attached to block messages are usually larger than the maximum packet size or channel budget, so they are split up fragments. + Blocks attached to block messages are usually larger than the maximum packet size or channel budget, so they are split up fragments. While in the mode of sending a block message, each channel packet data generated has exactly one fragment from the current block in it. Fragments keep getting included in packets until all fragments of that block are acked. @returns True if currently sending a block message over the network, false otherwise. @see BlockMessage @@ -4565,12 +4555,12 @@ namespace yojimbo @returns An estimate of the number of bits required to serialize the block message and fragment data (upper bound). */ - int GetFragmentPacketData( ChannelPacketData & packetData, - uint16_t messageId, - uint16_t fragmentId, - uint8_t * fragmentData, - int fragmentSize, - int numFragments, + int GetFragmentPacketData( ChannelPacketData & packetData, + uint16_t messageId, + uint16_t fragmentId, + uint8_t * fragmentData, + int fragmentSize, + int numFragments, int messageType ); /** @@ -4595,12 +4585,12 @@ namespace yojimbo @param blockMessage Pointer to the block message. Passed this in only with the first fragment (0), pass NULL for all other fragments. */ - void ProcessPacketFragment( int messageType, - uint16_t messageId, - int numFragments, - uint16_t fragmentId, - const uint8_t * fragmentData, - int fragmentBytes, + void ProcessPacketFragment( int messageType, + uint16_t messageId, + int numFragments, + uint16_t fragmentId, + const uint8_t * fragmentData, + int fragmentBytes, BlockMessage * blockMessage ); protected: @@ -4686,9 +4676,9 @@ namespace yojimbo private: Allocator * m_allocator; ///< Allocator used to create the block data. - + SendBlockData( const SendBlockData & other ); - + SendBlockData & operator = ( const SendBlockData & other ); }; @@ -4741,7 +4731,7 @@ namespace yojimbo Allocator * m_allocator; ///< Allocator used to free the data on shutdown. ReceiveBlockData( const ReceiveBlockData & other ); - + ReceiveBlockData & operator = ( const ReceiveBlockData & other ); }; @@ -4773,7 +4763,7 @@ namespace yojimbo { public: - /** + /** Reliable ordered channel constructor. @param allocator The allocator to use. @param messageFactory Message factory for creating and destroying messages. @@ -4828,7 +4818,7 @@ namespace yojimbo CONNECTION_ERROR_CHANNEL, ///< A channel is in an error state. CONNECTION_ERROR_ALLOCATOR, ///< The allocator is an error state. CONNECTION_ERROR_MESSAGE_FACTORY, ///< The message factory is in an error state. - CONNECTION_ERROR_READ_PACKET_FAILED, ///< Failed to read packet. Received an invalid packet? + CONNECTION_ERROR_READ_PACKET_FAILED, ///< Failed to read packet. Received an invalid packet? }; /** @@ -4951,7 +4941,7 @@ namespace yojimbo @param packetData The packet data. @param packetBytes The packet size (bytes). */ - + void SendPacket( int to, uint8_t * packetData, int packetBytes ); /** @@ -5037,9 +5027,9 @@ namespace yojimbo PacketEntry * m_packetEntries; ///< Pointer to dynamically allocated packet entries. This is where buffered packets are stored. }; - /** + /** Specifies the message factory and callbacks for clients and servers. - An instance of this class is passed into the client and server constructors. + An instance of this class is passed into the client and server constructors. You can share the same adapter across a client/server pair if you have local multiplayer, eg. loopback. */ @@ -5076,7 +5066,7 @@ namespace yojimbo return NULL; } - /** + /** Override this callback to process packets sent from client to server over loopback. @param clientIndex The client index in range [0,maxClients-1] @param packetData The packet data (raw) to be sent to the server. @@ -5161,7 +5151,7 @@ namespace yojimbo /** Set the context for reading and writing packets. This is optional. It lets you pass in a pointer to some structure that you want to have available when reading and writing packets via Stream::GetContext. - Typical use case is to pass in an array of min/max ranges for values determined by some data that is loaded from a toolchain vs. being known at compile time. + Typical use case is to pass in an array of min/max ranges for values determined by some data that is loaded from a toolchain vs. being known at compile time. If you do use a context, make sure the same context data is set on client and server, and include a checksum of the context data in the protocol id. */ @@ -5216,7 +5206,7 @@ namespace yojimbo /** Advance server time. - Call this at the end of each frame to advance the server time forward. + Call this at the end of each frame to advance the server time forward. IMPORTANT: Please use a double for your time value so it maintains sufficient accuracy as time increases. */ @@ -5263,7 +5253,7 @@ namespace yojimbo virtual netcode_address_t * GetClientAddress( int clientIndex ) const = 0; - /** + /** Get the number of clients that are currently connected to the server. @returns the number of connected clients. */ @@ -5473,11 +5463,11 @@ namespace yojimbo virtual int ProcessPacketFunction( int clientIndex, uint16_t packetSequence, uint8_t * packetData, int packetBytes ) = 0; static void StaticTransmitPacketFunction( void * context, int index, uint16_t packetSequence, uint8_t * packetData, int packetBytes ); - + static int StaticProcessPacketFunction( void * context,int index, uint16_t packetSequence, uint8_t * packetData, int packetBytes ); static void * StaticAllocateFunction( void * context, uint64_t bytes ); - + static void StaticFreeFunction( void * context, void * pointer ); private: @@ -5496,7 +5486,7 @@ namespace yojimbo MessageFactory * m_clientMessageFactory[MaxClients]; ///< Array of per-client message factories. This silos message allocations per-client slot. Connection * m_clientConnection[MaxClients]; ///< Array of per-client connection classes. This is how messages are exchanged with clients. reliable_endpoint_t * m_clientEndpoint[MaxClients]; ///< Array of per-client reliable.io endpoints. - NetworkSimulator * m_networkSimulator; ///< The network simulator used to simulate packet loss, latency, jitter etc. Optional. + NetworkSimulator * m_networkSimulator; ///< The network simulator used to simulate packet loss, latency, jitter etc. Optional. uint8_t * m_packetBuffer; ///< Buffer used when writing packets. }; @@ -5577,7 +5567,7 @@ namespace yojimbo CLIENT_STATE_CONNECTED, }; - /** + /** The common interface for all clients. */ @@ -5590,7 +5580,7 @@ namespace yojimbo /** Set the context for reading and writing packets. This is optional. It lets you pass in a pointer to some structure that you want to have available when reading and writing packets via Stream::GetContext. - Typical use case is to pass in an array of min/max ranges for values determined by some data that is loaded from a toolchain vs. being known at compile time. + Typical use case is to pass in an array of min/max ranges for values determined by some data that is loaded from a toolchain vs. being known at compile time. If you do use a context, make sure the same context data is set on client and server, and include a checksum of the context data in the protocol id. */ @@ -5616,7 +5606,7 @@ namespace yojimbo /** Advance client time. - Call this at the end of each frame to advance the client time forward. + Call this at the end of each frame to advance the client time forward. IMPORTANT: Please use a double for your time value so it maintains sufficient accuracy as time increases. */ @@ -5662,7 +5652,7 @@ namespace yojimbo /** Get the client index. - The client index is the slot number that the client is occupying on the server. + The client index is the slot number that the client is occupying on the server. @returns The client index in [0,maxClients-1], where maxClients is the number of client slots allocated on the server in Server::Start. */ @@ -5886,11 +5876,11 @@ namespace yojimbo virtual int ProcessPacketFunction( uint16_t packetSequence, uint8_t * packetData, int packetBytes ) = 0; static void StaticTransmitPacketFunction( void * context, int index, uint16_t packetSequence, uint8_t * packetData, int packetBytes ); - + static int StaticProcessPacketFunction( void * context, int index, uint16_t packetSequence, uint8_t * packetData, int packetBytes ); static void * StaticAllocateFunction( void * context, uint64_t bytes ); - + static void StaticFreeFunction( void * context, void * pointer ); private: @@ -5904,7 +5894,7 @@ namespace yojimbo reliable_endpoint_t * m_endpoint; ///< reliable.io endpoint. MessageFactory * m_messageFactory; ///< The client message factory. Created and destroyed on each connection attempt. Connection * m_connection; ///< The client connection for exchanging messages with the server. - NetworkSimulator * m_networkSimulator; ///< The network simulator used to simulate packet loss, latency, jitter etc. Optional. + NetworkSimulator * m_networkSimulator; ///< The network simulator used to simulate packet loss, latency, jitter etc. Optional. ClientState m_clientState; ///< The current client state. See ClientInterface::GetClientState int m_clientIndex; ///< The client slot index on the server [0,maxClients-1]. -1 if not connected. double m_time; ///< The current client time. See ClientInterface::AdvanceTime @@ -5913,7 +5903,7 @@ namespace yojimbo private: BaseClient( const BaseClient & other ); - + const BaseClient & operator = ( const BaseClient & other ); }; @@ -5967,10 +5957,10 @@ namespace yojimbo private: - bool GenerateInsecureConnectToken( uint8_t * connectToken, - const uint8_t privateKey[], - uint64_t clientId, - const Address serverAddresses[], + bool GenerateInsecureConnectToken( uint8_t * connectToken, + const uint8_t privateKey[], + uint64_t clientId, + const Address serverAddresses[], int numServerAddresses ); void CreateClient( const Address & address ); @@ -5995,96 +5985,6 @@ namespace yojimbo Address m_boundAddress; ///< Address after socket bind, eg. with valid port uint64_t m_clientId; ///< The globally unique client id (set on each call to connect) }; - - /** - Matcher status enum. - Designed for when the matcher will be made non-blocking. The matcher is currently blocking in Matcher::RequestMatch - */ - - enum MatchStatus - { - MATCH_IDLE, ///< The matcher is idle. - MATCH_BUSY, ///< The matcher is requesting a match. - MATCH_READY, ///< The match response is ready to read with Matcher::GetConnectToken. - MATCH_FAILED ///< The matcher failed to find a match. - }; - - /** - Communicates with the matcher web service over HTTPS. - See docker/matcher/matcher.go for details. Launch the matcher via "premake5 matcher". - This class will be improved in the future, most importantly to make Matcher::RequestMatch a non-blocking operation. - */ - - class Matcher - { - public: - - /** - Matcher constructor. - @param allocator The allocator to use for allocations. - */ - - explicit Matcher( Allocator & allocator ); - - /** - Matcher destructor. - */ - - ~Matcher(); - - /** - Initialize the matcher. - @returns True if the matcher initialized successfully, false otherwise. - */ - - bool Initialize(); - - /** - Request a match. - This is how clients get connect tokens from matcher.go. - They request a match and the server replies with a set of servers to connect to, and a connect token to pass to that server. - IMPORTANT: This function is currently blocking. It will be made non-blocking in the near future. - @param protocolId The protocol id that we are using. Used to filter out servers with different protocol versions. - @param clientId A unique client identifier that identifies each client to your back end services. If you don't have this yet, just roll a random 64 bit number. - @see Matcher::GetMatchStatus - @see Matcher::GetConnectToken - */ - - void RequestMatch( uint64_t protocolId, uint64_t clientId, bool verifyCertificate ); - - /** - Get the current match status. - Because Matcher::RequestMatch is currently blocking this will be MATCH_READY or MATCH_FAILED immediately after that function returns. - If the status is MATCH_READY you can call Matcher::GetMatchResponse to get the match response data corresponding to the last call to Matcher::RequestMatch. - @returns The current match status. - */ - - MatchStatus GetMatchStatus(); - - /** - Get connect token. - This can only be called if the match status is MATCH_READY. - @param connectToken The connect token data to fill [out]. - @see Matcher::RequestMatch - @see Matcher::GetMatchStatus - */ - - void GetConnectToken( uint8_t * connectToken ); - - private: - - Matcher( const Matcher & matcher ); - - const Matcher & operator = ( const Matcher & other ); - - Allocator * m_allocator; ///< The allocator passed into the constructor. - bool m_initialized; ///< True if the matcher was successfully initialized. See Matcher::Initialize. - MatchStatus m_matchStatus; ///< The current match status. -#if YOJIMBO_WITH_MBEDTLS - struct MatcherInternal * m_internal; ///< Internals are in here to avoid spilling details of mbedtls library outside of yojimbo_matcher.cpp - uint8_t m_connectToken[ConnectTokenBytes]; ///< The connect token data from the last call to Matcher::RequestMatch once the match status is MATCH_READY. -#endif // #if YOJIMBO_WITH_MBEDTLS - }; } #endif // #ifndef YOJIMBO_H