diff --git a/.github/test-spec.yml b/.github/test-spec.yml
new file mode 100644
index 0000000..4833762
--- /dev/null
+++ b/.github/test-spec.yml
@@ -0,0 +1,6 @@
+"CI-crypto-test":
+ - "**/*"
+
+"CI-tfm-test":
+ - "**/*"
+
diff --git a/Kconfig.oberon_psa_crypto b/Kconfig.oberon_psa_crypto
new file mode 100644
index 0000000..196fe0b
--- /dev/null
+++ b/Kconfig.oberon_psa_crypto
@@ -0,0 +1,7 @@
+#
+# Copyright (c) 2024 Nordic Semiconductor
+#
+# SPDX-License-Identifier: LicenseRef-Nordic-5-Clause
+#
+
+# File left intentionally blank for the Zephyr module infrastructure
diff --git a/include/mbedtls/aes.h b/include/mbedtls/aes.h
deleted file mode 100644
index d5eb1fd..0000000
--- a/include/mbedtls/aes.h
+++ /dev/null
@@ -1,631 +0,0 @@
-/**
- * \file aes.h
- *
- * \brief This file contains AES definitions and functions.
- *
- * The Advanced Encryption Standard (AES) specifies a FIPS-approved
- * cryptographic algorithm that can be used to protect electronic
- * data.
- *
- * The AES algorithm is a symmetric block cipher that can
- * encrypt and decrypt information. For more information, see
- * FIPS Publication 197: Advanced Encryption Standard and
- * ISO/IEC 18033-2:2006: Information technology -- Security
- * techniques -- Encryption algorithms -- Part 2: Asymmetric
- * ciphers.
- *
- * The AES-XTS block mode is standardized by NIST SP 800-38E
- *
- * and described in detail by IEEE P1619
- * .
- */
-
-/*
- * Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
- */
-
-#ifndef MBEDTLS_AES_H
-#define MBEDTLS_AES_H
-#include "mbedtls/private_access.h"
-
-#include "mbedtls/build_info.h"
-#include "mbedtls/platform_util.h"
-
-#include
-#include
-
-/* padlock.c and aesni.c rely on these values! */
-#define MBEDTLS_AES_ENCRYPT 1 /**< AES encryption. */
-#define MBEDTLS_AES_DECRYPT 0 /**< AES decryption. */
-
-/* Error codes in range 0x0020-0x0022 */
-/** Invalid key length. */
-#define MBEDTLS_ERR_AES_INVALID_KEY_LENGTH -0x0020
-/** Invalid data input length. */
-#define MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH -0x0022
-
-/* Error codes in range 0x0021-0x0025 */
-/** Invalid input data. */
-#define MBEDTLS_ERR_AES_BAD_INPUT_DATA -0x0021
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-#if !defined(MBEDTLS_AES_ALT)
-// Regular implementation
-//
-
-/**
- * \brief The AES context-type definition.
- */
-typedef struct mbedtls_aes_context {
- int MBEDTLS_PRIVATE(nr); /*!< The number of rounds. */
- size_t MBEDTLS_PRIVATE(rk_offset); /*!< The offset in array elements to AES
- round keys in the buffer. */
-#if defined(MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH) && !defined(MBEDTLS_PADLOCK_C)
- uint32_t MBEDTLS_PRIVATE(buf)[44]; /*!< Aligned data buffer to hold
- 10 round keys for 128-bit case. */
-#else
- uint32_t MBEDTLS_PRIVATE(buf)[68]; /*!< Unaligned data buffer. This buffer can
- hold 32 extra Bytes, which can be used for
- one of the following purposes:
- - Alignment if VIA padlock is
- used.
- - Simplifying key expansion in the 256-bit
- case by generating an extra round key.
-
*/
-#endif /* MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH && !MBEDTLS_PADLOCK_C */
-}
-mbedtls_aes_context;
-
-#if defined(MBEDTLS_CIPHER_MODE_XTS)
-/**
- * \brief The AES XTS context-type definition.
- */
-typedef struct mbedtls_aes_xts_context {
- mbedtls_aes_context MBEDTLS_PRIVATE(crypt); /*!< The AES context to use for AES block
- encryption or decryption. */
- mbedtls_aes_context MBEDTLS_PRIVATE(tweak); /*!< The AES context used for tweak
- computation. */
-} mbedtls_aes_xts_context;
-#endif /* MBEDTLS_CIPHER_MODE_XTS */
-
-#else /* MBEDTLS_AES_ALT */
-#include "aes_alt.h"
-#endif /* MBEDTLS_AES_ALT */
-
-/**
- * \brief This function initializes the specified AES context.
- *
- * It must be the first API called before using
- * the context.
- *
- * \param ctx The AES context to initialize. This must not be \c NULL.
- */
-void mbedtls_aes_init(mbedtls_aes_context *ctx);
-
-/**
- * \brief This function releases and clears the specified AES context.
- *
- * \param ctx The AES context to clear.
- * If this is \c NULL, this function does nothing.
- * Otherwise, the context must have been at least initialized.
- */
-void mbedtls_aes_free(mbedtls_aes_context *ctx);
-
-#if defined(MBEDTLS_CIPHER_MODE_XTS)
-/**
- * \brief This function initializes the specified AES XTS context.
- *
- * It must be the first API called before using
- * the context.
- *
- * \param ctx The AES XTS context to initialize. This must not be \c NULL.
- */
-void mbedtls_aes_xts_init(mbedtls_aes_xts_context *ctx);
-
-/**
- * \brief This function releases and clears the specified AES XTS context.
- *
- * \param ctx The AES XTS context to clear.
- * If this is \c NULL, this function does nothing.
- * Otherwise, the context must have been at least initialized.
- */
-void mbedtls_aes_xts_free(mbedtls_aes_xts_context *ctx);
-#endif /* MBEDTLS_CIPHER_MODE_XTS */
-
-/**
- * \brief This function sets the encryption key.
- *
- * \param ctx The AES context to which the key should be bound.
- * It must be initialized.
- * \param key The encryption key.
- * This must be a readable buffer of size \p keybits bits.
- * \param keybits The size of data passed in bits. Valid options are:
- * - 128 bits
- * - 192 bits
- * - 256 bits
- *
- * \return \c 0 on success.
- * \return #MBEDTLS_ERR_AES_INVALID_KEY_LENGTH on failure.
- */
-MBEDTLS_CHECK_RETURN_TYPICAL
-int mbedtls_aes_setkey_enc(mbedtls_aes_context *ctx, const unsigned char *key,
- unsigned int keybits);
-
-#if !defined(MBEDTLS_BLOCK_CIPHER_NO_DECRYPT)
-/**
- * \brief This function sets the decryption key.
- *
- * \param ctx The AES context to which the key should be bound.
- * It must be initialized.
- * \param key The decryption key.
- * This must be a readable buffer of size \p keybits bits.
- * \param keybits The size of data passed. Valid options are:
- * - 128 bits
- * - 192 bits
- * - 256 bits
- *
- * \return \c 0 on success.
- * \return #MBEDTLS_ERR_AES_INVALID_KEY_LENGTH on failure.
- */
-MBEDTLS_CHECK_RETURN_TYPICAL
-int mbedtls_aes_setkey_dec(mbedtls_aes_context *ctx, const unsigned char *key,
- unsigned int keybits);
-#endif /* !MBEDTLS_BLOCK_CIPHER_NO_DECRYPT */
-
-#if defined(MBEDTLS_CIPHER_MODE_XTS)
-/**
- * \brief This function prepares an XTS context for encryption and
- * sets the encryption key.
- *
- * \param ctx The AES XTS context to which the key should be bound.
- * It must be initialized.
- * \param key The encryption key. This is comprised of the XTS key1
- * concatenated with the XTS key2.
- * This must be a readable buffer of size \p keybits bits.
- * \param keybits The size of \p key passed in bits. Valid options are:
- * - 256 bits (each of key1 and key2 is a 128-bit key)
- * - 512 bits (each of key1 and key2 is a 256-bit key)
- *
- * \return \c 0 on success.
- * \return #MBEDTLS_ERR_AES_INVALID_KEY_LENGTH on failure.
- */
-MBEDTLS_CHECK_RETURN_TYPICAL
-int mbedtls_aes_xts_setkey_enc(mbedtls_aes_xts_context *ctx,
- const unsigned char *key,
- unsigned int keybits);
-
-/**
- * \brief This function prepares an XTS context for decryption and
- * sets the decryption key.
- *
- * \param ctx The AES XTS context to which the key should be bound.
- * It must be initialized.
- * \param key The decryption key. This is comprised of the XTS key1
- * concatenated with the XTS key2.
- * This must be a readable buffer of size \p keybits bits.
- * \param keybits The size of \p key passed in bits. Valid options are:
- * - 256 bits (each of key1 and key2 is a 128-bit key)
- * - 512 bits (each of key1 and key2 is a 256-bit key)
- *
- * \return \c 0 on success.
- * \return #MBEDTLS_ERR_AES_INVALID_KEY_LENGTH on failure.
- */
-MBEDTLS_CHECK_RETURN_TYPICAL
-int mbedtls_aes_xts_setkey_dec(mbedtls_aes_xts_context *ctx,
- const unsigned char *key,
- unsigned int keybits);
-#endif /* MBEDTLS_CIPHER_MODE_XTS */
-
-/**
- * \brief This function performs an AES single-block encryption or
- * decryption operation.
- *
- * It performs the operation defined in the \p mode parameter
- * (encrypt or decrypt), on the input data buffer defined in
- * the \p input parameter.
- *
- * mbedtls_aes_init(), and either mbedtls_aes_setkey_enc() or
- * mbedtls_aes_setkey_dec() must be called before the first
- * call to this API with the same context.
- *
- * \param ctx The AES context to use for encryption or decryption.
- * It must be initialized and bound to a key.
- * \param mode The AES operation: #MBEDTLS_AES_ENCRYPT or
- * #MBEDTLS_AES_DECRYPT.
- * \param input The buffer holding the input data.
- * It must be readable and at least \c 16 Bytes long.
- * \param output The buffer where the output data will be written.
- * It must be writeable and at least \c 16 Bytes long.
-
- * \return \c 0 on success.
- */
-MBEDTLS_CHECK_RETURN_TYPICAL
-int mbedtls_aes_crypt_ecb(mbedtls_aes_context *ctx,
- int mode,
- const unsigned char input[16],
- unsigned char output[16]);
-
-#if defined(MBEDTLS_CIPHER_MODE_CBC)
-/**
- * \brief This function performs an AES-CBC encryption or decryption operation
- * on full blocks.
- *
- * It performs the operation defined in the \p mode
- * parameter (encrypt/decrypt), on the input data buffer defined in
- * the \p input parameter.
- *
- * It can be called as many times as needed, until all the input
- * data is processed. mbedtls_aes_init(), and either
- * mbedtls_aes_setkey_enc() or mbedtls_aes_setkey_dec() must be called
- * before the first call to this API with the same context.
- *
- * \note This function operates on full blocks, that is, the input size
- * must be a multiple of the AES block size of \c 16 Bytes.
- *
- * \note Upon exit, the content of the IV is updated so that you can
- * call the same function again on the next
- * block(s) of data and get the same result as if it was
- * encrypted in one call. This allows a "streaming" usage.
- * If you need to retain the contents of the IV, you should
- * either save it manually or use the cipher module instead.
- *
- *
- * \param ctx The AES context to use for encryption or decryption.
- * It must be initialized and bound to a key.
- * \param mode The AES operation: #MBEDTLS_AES_ENCRYPT or
- * #MBEDTLS_AES_DECRYPT.
- * \param length The length of the input data in Bytes. This must be a
- * multiple of the block size (\c 16 Bytes).
- * \param iv Initialization vector (updated after use).
- * It must be a readable and writeable buffer of \c 16 Bytes.
- * \param input The buffer holding the input data.
- * It must be readable and of size \p length Bytes.
- * \param output The buffer holding the output data.
- * It must be writeable and of size \p length Bytes.
- *
- * \return \c 0 on success.
- * \return #MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH
- * on failure.
- */
-MBEDTLS_CHECK_RETURN_TYPICAL
-int mbedtls_aes_crypt_cbc(mbedtls_aes_context *ctx,
- int mode,
- size_t length,
- unsigned char iv[16],
- const unsigned char *input,
- unsigned char *output);
-#endif /* MBEDTLS_CIPHER_MODE_CBC */
-
-#if defined(MBEDTLS_CIPHER_MODE_XTS)
-/**
- * \brief This function performs an AES-XTS encryption or decryption
- * operation for an entire XTS data unit.
- *
- * AES-XTS encrypts or decrypts blocks based on their location as
- * defined by a data unit number. The data unit number must be
- * provided by \p data_unit.
- *
- * NIST SP 800-38E limits the maximum size of a data unit to 2^20
- * AES blocks. If the data unit is larger than this, this function
- * returns #MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH.
- *
- * \param ctx The AES XTS context to use for AES XTS operations.
- * It must be initialized and bound to a key.
- * \param mode The AES operation: #MBEDTLS_AES_ENCRYPT or
- * #MBEDTLS_AES_DECRYPT.
- * \param length The length of a data unit in Bytes. This can be any
- * length between 16 bytes and 2^24 bytes inclusive
- * (between 1 and 2^20 block cipher blocks).
- * \param data_unit The address of the data unit encoded as an array of 16
- * bytes in little-endian format. For disk encryption, this
- * is typically the index of the block device sector that
- * contains the data.
- * \param input The buffer holding the input data (which is an entire
- * data unit). This function reads \p length Bytes from \p
- * input.
- * \param output The buffer holding the output data (which is an entire
- * data unit). This function writes \p length Bytes to \p
- * output.
- *
- * \return \c 0 on success.
- * \return #MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH if \p length is
- * smaller than an AES block in size (16 Bytes) or if \p
- * length is larger than 2^20 blocks (16 MiB).
- */
-MBEDTLS_CHECK_RETURN_TYPICAL
-int mbedtls_aes_crypt_xts(mbedtls_aes_xts_context *ctx,
- int mode,
- size_t length,
- const unsigned char data_unit[16],
- const unsigned char *input,
- unsigned char *output);
-#endif /* MBEDTLS_CIPHER_MODE_XTS */
-
-#if defined(MBEDTLS_CIPHER_MODE_CFB)
-/**
- * \brief This function performs an AES-CFB128 encryption or decryption
- * operation.
- *
- * It performs the operation defined in the \p mode
- * parameter (encrypt or decrypt), on the input data buffer
- * defined in the \p input parameter.
- *
- * For CFB, you must set up the context with mbedtls_aes_setkey_enc(),
- * regardless of whether you are performing an encryption or decryption
- * operation, that is, regardless of the \p mode parameter. This is
- * because CFB mode uses the same key schedule for encryption and
- * decryption.
- *
- * \note Upon exit, the content of the IV is updated so that you can
- * call the same function again on the next
- * block(s) of data and get the same result as if it was
- * encrypted in one call. This allows a "streaming" usage.
- * If you need to retain the contents of the
- * IV, you must either save it manually or use the cipher
- * module instead.
- *
- *
- * \param ctx The AES context to use for encryption or decryption.
- * It must be initialized and bound to a key.
- * \param mode The AES operation: #MBEDTLS_AES_ENCRYPT or
- * #MBEDTLS_AES_DECRYPT.
- * \param length The length of the input data in Bytes.
- * \param iv_off The offset in IV (updated after use).
- * It must point to a valid \c size_t.
- * \param iv The initialization vector (updated after use).
- * It must be a readable and writeable buffer of \c 16 Bytes.
- * \param input The buffer holding the input data.
- * It must be readable and of size \p length Bytes.
- * \param output The buffer holding the output data.
- * It must be writeable and of size \p length Bytes.
- *
- * \return \c 0 on success.
- */
-MBEDTLS_CHECK_RETURN_TYPICAL
-int mbedtls_aes_crypt_cfb128(mbedtls_aes_context *ctx,
- int mode,
- size_t length,
- size_t *iv_off,
- unsigned char iv[16],
- const unsigned char *input,
- unsigned char *output);
-
-/**
- * \brief This function performs an AES-CFB8 encryption or decryption
- * operation.
- *
- * It performs the operation defined in the \p mode
- * parameter (encrypt/decrypt), on the input data buffer defined
- * in the \p input parameter.
- *
- * Due to the nature of CFB, you must use the same key schedule for
- * both encryption and decryption operations. Therefore, you must
- * use the context initialized with mbedtls_aes_setkey_enc() for
- * both #MBEDTLS_AES_ENCRYPT and #MBEDTLS_AES_DECRYPT.
- *
- * \note Upon exit, the content of the IV is updated so that you can
- * call the same function again on the next
- * block(s) of data and get the same result as if it was
- * encrypted in one call. This allows a "streaming" usage.
- * If you need to retain the contents of the
- * IV, you should either save it manually or use the cipher
- * module instead.
- *
- *
- * \param ctx The AES context to use for encryption or decryption.
- * It must be initialized and bound to a key.
- * \param mode The AES operation: #MBEDTLS_AES_ENCRYPT or
- * #MBEDTLS_AES_DECRYPT
- * \param length The length of the input data.
- * \param iv The initialization vector (updated after use).
- * It must be a readable and writeable buffer of \c 16 Bytes.
- * \param input The buffer holding the input data.
- * It must be readable and of size \p length Bytes.
- * \param output The buffer holding the output data.
- * It must be writeable and of size \p length Bytes.
- *
- * \return \c 0 on success.
- */
-MBEDTLS_CHECK_RETURN_TYPICAL
-int mbedtls_aes_crypt_cfb8(mbedtls_aes_context *ctx,
- int mode,
- size_t length,
- unsigned char iv[16],
- const unsigned char *input,
- unsigned char *output);
-#endif /*MBEDTLS_CIPHER_MODE_CFB */
-
-#if defined(MBEDTLS_CIPHER_MODE_OFB)
-/**
- * \brief This function performs an AES-OFB (Output Feedback Mode)
- * encryption or decryption operation.
- *
- * For OFB, you must set up the context with
- * mbedtls_aes_setkey_enc(), regardless of whether you are
- * performing an encryption or decryption operation. This is
- * because OFB mode uses the same key schedule for encryption and
- * decryption.
- *
- * The OFB operation is identical for encryption or decryption,
- * therefore no operation mode needs to be specified.
- *
- * \note Upon exit, the content of iv, the Initialisation Vector, is
- * updated so that you can call the same function again on the next
- * block(s) of data and get the same result as if it was encrypted
- * in one call. This allows a "streaming" usage, by initialising
- * iv_off to 0 before the first call, and preserving its value
- * between calls.
- *
- * For non-streaming use, the iv should be initialised on each call
- * to a unique value, and iv_off set to 0 on each call.
- *
- * If you need to retain the contents of the initialisation vector,
- * you must either save it manually or use the cipher module
- * instead.
- *
- * \warning For the OFB mode, the initialisation vector must be unique
- * every encryption operation. Reuse of an initialisation vector
- * will compromise security.
- *
- * \param ctx The AES context to use for encryption or decryption.
- * It must be initialized and bound to a key.
- * \param length The length of the input data.
- * \param iv_off The offset in IV (updated after use).
- * It must point to a valid \c size_t.
- * \param iv The initialization vector (updated after use).
- * It must be a readable and writeable buffer of \c 16 Bytes.
- * \param input The buffer holding the input data.
- * It must be readable and of size \p length Bytes.
- * \param output The buffer holding the output data.
- * It must be writeable and of size \p length Bytes.
- *
- * \return \c 0 on success.
- */
-MBEDTLS_CHECK_RETURN_TYPICAL
-int mbedtls_aes_crypt_ofb(mbedtls_aes_context *ctx,
- size_t length,
- size_t *iv_off,
- unsigned char iv[16],
- const unsigned char *input,
- unsigned char *output);
-
-#endif /* MBEDTLS_CIPHER_MODE_OFB */
-
-#if defined(MBEDTLS_CIPHER_MODE_CTR)
-/**
- * \brief This function performs an AES-CTR encryption or decryption
- * operation.
- *
- * Due to the nature of CTR, you must use the same key schedule
- * for both encryption and decryption operations. Therefore, you
- * must use the context initialized with mbedtls_aes_setkey_enc()
- * for both #MBEDTLS_AES_ENCRYPT and #MBEDTLS_AES_DECRYPT.
- *
- * \warning You must never reuse a nonce value with the same key. Doing so
- * would void the encryption for the two messages encrypted with
- * the same nonce and key.
- *
- * There are two common strategies for managing nonces with CTR:
- *
- * 1. You can handle everything as a single message processed over
- * successive calls to this function. In that case, you want to
- * set \p nonce_counter and \p nc_off to 0 for the first call, and
- * then preserve the values of \p nonce_counter, \p nc_off and \p
- * stream_block across calls to this function as they will be
- * updated by this function.
- *
- * With this strategy, you must not encrypt more than 2**128
- * blocks of data with the same key.
- *
- * 2. You can encrypt separate messages by dividing the \p
- * nonce_counter buffer in two areas: the first one used for a
- * per-message nonce, handled by yourself, and the second one
- * updated by this function internally.
- *
- * For example, you might reserve the first 12 bytes for the
- * per-message nonce, and the last 4 bytes for internal use. In that
- * case, before calling this function on a new message you need to
- * set the first 12 bytes of \p nonce_counter to your chosen nonce
- * value, the last 4 to 0, and \p nc_off to 0 (which will cause \p
- * stream_block to be ignored). That way, you can encrypt at most
- * 2**96 messages of up to 2**32 blocks each with the same key.
- *
- * The per-message nonce (or information sufficient to reconstruct
- * it) needs to be communicated with the ciphertext and must be unique.
- * The recommended way to ensure uniqueness is to use a message
- * counter. An alternative is to generate random nonces, but this
- * limits the number of messages that can be securely encrypted:
- * for example, with 96-bit random nonces, you should not encrypt
- * more than 2**32 messages with the same key.
- *
- * Note that for both strategies, sizes are measured in blocks and
- * that an AES block is 16 bytes.
- *
- * \warning Upon return, \p stream_block contains sensitive data. Its
- * content must not be written to insecure storage and should be
- * securely discarded as soon as it's no longer needed.
- *
- * \param ctx The AES context to use for encryption or decryption.
- * It must be initialized and bound to a key.
- * \param length The length of the input data.
- * \param nc_off The offset in the current \p stream_block, for
- * resuming within the current cipher stream. The
- * offset pointer should be 0 at the start of a stream.
- * It must point to a valid \c size_t.
- * \param nonce_counter The 128-bit nonce and counter.
- * It must be a readable-writeable buffer of \c 16 Bytes.
- * \param stream_block The saved stream block for resuming. This is
- * overwritten by the function.
- * It must be a readable-writeable buffer of \c 16 Bytes.
- * \param input The buffer holding the input data.
- * It must be readable and of size \p length Bytes.
- * \param output The buffer holding the output data.
- * It must be writeable and of size \p length Bytes.
- *
- * \return \c 0 on success.
- */
-MBEDTLS_CHECK_RETURN_TYPICAL
-int mbedtls_aes_crypt_ctr(mbedtls_aes_context *ctx,
- size_t length,
- size_t *nc_off,
- unsigned char nonce_counter[16],
- unsigned char stream_block[16],
- const unsigned char *input,
- unsigned char *output);
-#endif /* MBEDTLS_CIPHER_MODE_CTR */
-
-/**
- * \brief Internal AES block encryption function. This is only
- * exposed to allow overriding it using
- * \c MBEDTLS_AES_ENCRYPT_ALT.
- *
- * \param ctx The AES context to use for encryption.
- * \param input The plaintext block.
- * \param output The output (ciphertext) block.
- *
- * \return \c 0 on success.
- */
-MBEDTLS_CHECK_RETURN_TYPICAL
-int mbedtls_internal_aes_encrypt(mbedtls_aes_context *ctx,
- const unsigned char input[16],
- unsigned char output[16]);
-
-#if !defined(MBEDTLS_BLOCK_CIPHER_NO_DECRYPT)
-/**
- * \brief Internal AES block decryption function. This is only
- * exposed to allow overriding it using see
- * \c MBEDTLS_AES_DECRYPT_ALT.
- *
- * \param ctx The AES context to use for decryption.
- * \param input The ciphertext block.
- * \param output The output (plaintext) block.
- *
- * \return \c 0 on success.
- */
-MBEDTLS_CHECK_RETURN_TYPICAL
-int mbedtls_internal_aes_decrypt(mbedtls_aes_context *ctx,
- const unsigned char input[16],
- unsigned char output[16]);
-#endif /* !MBEDTLS_BLOCK_CIPHER_NO_DECRYPT */
-
-#if defined(MBEDTLS_SELF_TEST)
-/**
- * \brief Checkup routine.
- *
- * \return \c 0 on success.
- * \return \c 1 on failure.
- */
-MBEDTLS_CHECK_RETURN_CRITICAL
-int mbedtls_aes_self_test(int verbose);
-
-#endif /* MBEDTLS_SELF_TEST */
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* aes.h */
diff --git a/include/mbedtls/asn1.h b/include/mbedtls/asn1.h
deleted file mode 100644
index ff019f4..0000000
--- a/include/mbedtls/asn1.h
+++ /dev/null
@@ -1,642 +0,0 @@
-/**
- * \file asn1.h
- *
- * \brief Generic ASN.1 parsing
- */
-/*
- * Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
- */
-#ifndef MBEDTLS_ASN1_H
-#define MBEDTLS_ASN1_H
-#include "mbedtls/private_access.h"
-
-#include "mbedtls/build_info.h"
-#include "mbedtls/platform_util.h"
-
-#include
-
-#if defined(MBEDTLS_BIGNUM_C)
-#include "mbedtls/bignum.h"
-#endif
-
-/**
- * \addtogroup asn1_module
- * \{
- */
-
-/**
- * \name ASN1 Error codes
- * These error codes are combined with other error codes for
- * higher error granularity.
- * e.g. X.509 and PKCS #7 error codes
- * ASN1 is a standard to specify data structures.
- * \{
- */
-/** Out of data when parsing an ASN1 data structure. */
-#define MBEDTLS_ERR_ASN1_OUT_OF_DATA -0x0060
-/** ASN1 tag was of an unexpected value. */
-#define MBEDTLS_ERR_ASN1_UNEXPECTED_TAG -0x0062
-/** Error when trying to determine the length or invalid length. */
-#define MBEDTLS_ERR_ASN1_INVALID_LENGTH -0x0064
-/** Actual length differs from expected length. */
-#define MBEDTLS_ERR_ASN1_LENGTH_MISMATCH -0x0066
-/** Data is invalid. */
-#define MBEDTLS_ERR_ASN1_INVALID_DATA -0x0068
-/** Memory allocation failed */
-#define MBEDTLS_ERR_ASN1_ALLOC_FAILED -0x006A
-/** Buffer too small when writing ASN.1 data structure. */
-#define MBEDTLS_ERR_ASN1_BUF_TOO_SMALL -0x006C
-
-/** \} name ASN1 Error codes */
-
-/**
- * \name DER constants
- * These constants comply with the DER encoded ASN.1 type tags.
- * DER encoding uses hexadecimal representation.
- * An example DER sequence is:\n
- * - 0x02 -- tag indicating INTEGER
- * - 0x01 -- length in octets
- * - 0x05 -- value
- * Such sequences are typically read into \c ::mbedtls_x509_buf.
- * \{
- */
-#define MBEDTLS_ASN1_BOOLEAN 0x01
-#define MBEDTLS_ASN1_INTEGER 0x02
-#define MBEDTLS_ASN1_BIT_STRING 0x03
-#define MBEDTLS_ASN1_OCTET_STRING 0x04
-#define MBEDTLS_ASN1_NULL 0x05
-#define MBEDTLS_ASN1_OID 0x06
-#define MBEDTLS_ASN1_ENUMERATED 0x0A
-#define MBEDTLS_ASN1_UTF8_STRING 0x0C
-#define MBEDTLS_ASN1_SEQUENCE 0x10
-#define MBEDTLS_ASN1_SET 0x11
-#define MBEDTLS_ASN1_PRINTABLE_STRING 0x13
-#define MBEDTLS_ASN1_T61_STRING 0x14
-#define MBEDTLS_ASN1_IA5_STRING 0x16
-#define MBEDTLS_ASN1_UTC_TIME 0x17
-#define MBEDTLS_ASN1_GENERALIZED_TIME 0x18
-#define MBEDTLS_ASN1_UNIVERSAL_STRING 0x1C
-#define MBEDTLS_ASN1_BMP_STRING 0x1E
-#define MBEDTLS_ASN1_PRIMITIVE 0x00
-#define MBEDTLS_ASN1_CONSTRUCTED 0x20
-#define MBEDTLS_ASN1_CONTEXT_SPECIFIC 0x80
-
-/* Slightly smaller way to check if tag is a string tag
- * compared to canonical implementation. */
-#define MBEDTLS_ASN1_IS_STRING_TAG(tag) \
- ((unsigned int) (tag) < 32u && ( \
- ((1u << (tag)) & ((1u << MBEDTLS_ASN1_BMP_STRING) | \
- (1u << MBEDTLS_ASN1_UTF8_STRING) | \
- (1u << MBEDTLS_ASN1_T61_STRING) | \
- (1u << MBEDTLS_ASN1_IA5_STRING) | \
- (1u << MBEDTLS_ASN1_UNIVERSAL_STRING) | \
- (1u << MBEDTLS_ASN1_PRINTABLE_STRING))) != 0))
-
-/*
- * Bit masks for each of the components of an ASN.1 tag as specified in
- * ITU X.690 (08/2015), section 8.1 "General rules for encoding",
- * paragraph 8.1.2.2:
- *
- * Bit 8 7 6 5 1
- * +-------+-----+------------+
- * | Class | P/C | Tag number |
- * +-------+-----+------------+
- */
-#define MBEDTLS_ASN1_TAG_CLASS_MASK 0xC0
-#define MBEDTLS_ASN1_TAG_PC_MASK 0x20
-#define MBEDTLS_ASN1_TAG_VALUE_MASK 0x1F
-
-/** \} name DER constants */
-
-/** Returns the size of the binary string, without the trailing \\0 */
-#define MBEDTLS_OID_SIZE(x) (sizeof(x) - 1)
-
-/**
- * Compares an mbedtls_asn1_buf structure to a reference OID.
- *
- * Only works for 'defined' oid_str values (MBEDTLS_OID_HMAC_SHA1), you cannot use a
- * 'unsigned char *oid' here!
- */
-#define MBEDTLS_OID_CMP(oid_str, oid_buf) \
- ((MBEDTLS_OID_SIZE(oid_str) != (oid_buf)->len) || \
- memcmp((oid_str), (oid_buf)->p, (oid_buf)->len) != 0)
-
-#define MBEDTLS_OID_CMP_RAW(oid_str, oid_buf, oid_buf_len) \
- ((MBEDTLS_OID_SIZE(oid_str) != (oid_buf_len)) || \
- memcmp((oid_str), (oid_buf), (oid_buf_len)) != 0)
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/**
- * \name Functions to parse ASN.1 data structures
- * \{
- */
-
-/**
- * Type-length-value structure that allows for ASN1 using DER.
- */
-typedef struct mbedtls_asn1_buf {
- int tag; /**< ASN1 type, e.g. MBEDTLS_ASN1_UTF8_STRING. */
- size_t len; /**< ASN1 length, in octets. */
- unsigned char *p; /**< ASN1 data, e.g. in ASCII. */
-}
-mbedtls_asn1_buf;
-
-/**
- * Container for ASN1 bit strings.
- */
-typedef struct mbedtls_asn1_bitstring {
- size_t len; /**< ASN1 length, in octets. */
- unsigned char unused_bits; /**< Number of unused bits at the end of the string */
- unsigned char *p; /**< Raw ASN1 data for the bit string */
-}
-mbedtls_asn1_bitstring;
-
-/**
- * Container for a sequence of ASN.1 items
- */
-typedef struct mbedtls_asn1_sequence {
- mbedtls_asn1_buf buf; /**< Buffer containing the given ASN.1 item. */
-
- /** The next entry in the sequence.
- *
- * The details of memory management for sequences are not documented and
- * may change in future versions. Set this field to \p NULL when
- * initializing a structure, and do not modify it except via Mbed TLS
- * library functions.
- */
- struct mbedtls_asn1_sequence *next;
-}
-mbedtls_asn1_sequence;
-
-/**
- * Container for a sequence or list of 'named' ASN.1 data items
- */
-typedef struct mbedtls_asn1_named_data {
- mbedtls_asn1_buf oid; /**< The object identifier. */
- mbedtls_asn1_buf val; /**< The named value. */
-
- /** The next entry in the sequence.
- *
- * The details of memory management for named data sequences are not
- * documented and may change in future versions. Set this field to \p NULL
- * when initializing a structure, and do not modify it except via Mbed TLS
- * library functions.
- */
- struct mbedtls_asn1_named_data *next;
-
- /** Merge next item into the current one?
- *
- * This field exists for the sake of Mbed TLS's X.509 certificate parsing
- * code and may change in future versions of the library.
- */
- unsigned char MBEDTLS_PRIVATE(next_merged);
-}
-mbedtls_asn1_named_data;
-
-#if defined(MBEDTLS_ASN1_PARSE_C) || defined(MBEDTLS_X509_CREATE_C) || \
- defined(MBEDTLS_PSA_UTIL_HAVE_ECDSA)
-/**
- * \brief Get the length of an ASN.1 element.
- * Updates the pointer to immediately behind the length.
- *
- * \param p On entry, \c *p points to the first byte of the length,
- * i.e. immediately after the tag.
- * On successful completion, \c *p points to the first byte
- * after the length, i.e. the first byte of the content.
- * On error, the value of \c *p is undefined.
- * \param end End of data.
- * \param len On successful completion, \c *len contains the length
- * read from the ASN.1 input.
- *
- * \return 0 if successful.
- * \return #MBEDTLS_ERR_ASN1_OUT_OF_DATA if the ASN.1 element
- * would end beyond \p end.
- * \return #MBEDTLS_ERR_ASN1_INVALID_LENGTH if the length is unparsable.
- */
-int mbedtls_asn1_get_len(unsigned char **p,
- const unsigned char *end,
- size_t *len);
-
-/**
- * \brief Get the tag and length of the element.
- * Check for the requested tag.
- * Updates the pointer to immediately behind the tag and length.
- *
- * \param p On entry, \c *p points to the start of the ASN.1 element.
- * On successful completion, \c *p points to the first byte
- * after the length, i.e. the first byte of the content.
- * On error, the value of \c *p is undefined.
- * \param end End of data.
- * \param len On successful completion, \c *len contains the length
- * read from the ASN.1 input.
- * \param tag The expected tag.
- *
- * \return 0 if successful.
- * \return #MBEDTLS_ERR_ASN1_UNEXPECTED_TAG if the data does not start
- * with the requested tag.
- * \return #MBEDTLS_ERR_ASN1_OUT_OF_DATA if the ASN.1 element
- * would end beyond \p end.
- * \return #MBEDTLS_ERR_ASN1_INVALID_LENGTH if the length is unparsable.
- */
-int mbedtls_asn1_get_tag(unsigned char **p,
- const unsigned char *end,
- size_t *len, int tag);
-#endif /* MBEDTLS_ASN1_PARSE_C || MBEDTLS_X509_CREATE_C || MBEDTLS_PSA_UTIL_HAVE_ECDSA */
-
-#if defined(MBEDTLS_ASN1_PARSE_C)
-/**
- * \brief Retrieve a boolean ASN.1 tag and its value.
- * Updates the pointer to immediately behind the full tag.
- *
- * \param p On entry, \c *p points to the start of the ASN.1 element.
- * On successful completion, \c *p points to the first byte
- * beyond the ASN.1 element.
- * On error, the value of \c *p is undefined.
- * \param end End of data.
- * \param val On success, the parsed value (\c 0 or \c 1).
- *
- * \return 0 if successful.
- * \return An ASN.1 error code if the input does not start with
- * a valid ASN.1 BOOLEAN.
- */
-int mbedtls_asn1_get_bool(unsigned char **p,
- const unsigned char *end,
- int *val);
-
-/**
- * \brief Retrieve an integer ASN.1 tag and its value.
- * Updates the pointer to immediately behind the full tag.
- *
- * \param p On entry, \c *p points to the start of the ASN.1 element.
- * On successful completion, \c *p points to the first byte
- * beyond the ASN.1 element.
- * On error, the value of \c *p is undefined.
- * \param end End of data.
- * \param val On success, the parsed value.
- *
- * \return 0 if successful.
- * \return An ASN.1 error code if the input does not start with
- * a valid ASN.1 INTEGER.
- * \return #MBEDTLS_ERR_ASN1_INVALID_LENGTH if the parsed value does
- * not fit in an \c int.
- */
-int mbedtls_asn1_get_int(unsigned char **p,
- const unsigned char *end,
- int *val);
-
-/**
- * \brief Retrieve an enumerated ASN.1 tag and its value.
- * Updates the pointer to immediately behind the full tag.
- *
- * \param p On entry, \c *p points to the start of the ASN.1 element.
- * On successful completion, \c *p points to the first byte
- * beyond the ASN.1 element.
- * On error, the value of \c *p is undefined.
- * \param end End of data.
- * \param val On success, the parsed value.
- *
- * \return 0 if successful.
- * \return An ASN.1 error code if the input does not start with
- * a valid ASN.1 ENUMERATED.
- * \return #MBEDTLS_ERR_ASN1_INVALID_LENGTH if the parsed value does
- * not fit in an \c int.
- */
-int mbedtls_asn1_get_enum(unsigned char **p,
- const unsigned char *end,
- int *val);
-
-/**
- * \brief Retrieve a bitstring ASN.1 tag and its value.
- * Updates the pointer to immediately behind the full tag.
- *
- * \param p On entry, \c *p points to the start of the ASN.1 element.
- * On successful completion, \c *p is equal to \p end.
- * On error, the value of \c *p is undefined.
- * \param end End of data.
- * \param bs On success, ::mbedtls_asn1_bitstring information about
- * the parsed value.
- *
- * \return 0 if successful.
- * \return #MBEDTLS_ERR_ASN1_LENGTH_MISMATCH if the input contains
- * extra data after a valid BIT STRING.
- * \return An ASN.1 error code if the input does not start with
- * a valid ASN.1 BIT STRING.
- */
-int mbedtls_asn1_get_bitstring(unsigned char **p, const unsigned char *end,
- mbedtls_asn1_bitstring *bs);
-
-/**
- * \brief Retrieve a bitstring ASN.1 tag without unused bits and its
- * value.
- * Updates the pointer to the beginning of the bit/octet string.
- *
- * \param p On entry, \c *p points to the start of the ASN.1 element.
- * On successful completion, \c *p points to the first byte
- * of the content of the BIT STRING.
- * On error, the value of \c *p is undefined.
- * \param end End of data.
- * \param len On success, \c *len is the length of the content in bytes.
- *
- * \return 0 if successful.
- * \return #MBEDTLS_ERR_ASN1_INVALID_DATA if the input starts with
- * a valid BIT STRING with a nonzero number of unused bits.
- * \return An ASN.1 error code if the input does not start with
- * a valid ASN.1 BIT STRING.
- */
-int mbedtls_asn1_get_bitstring_null(unsigned char **p,
- const unsigned char *end,
- size_t *len);
-
-/**
- * \brief Parses and splits an ASN.1 "SEQUENCE OF ".
- * Updates the pointer to immediately behind the full sequence tag.
- *
- * This function allocates memory for the sequence elements. You can free
- * the allocated memory with mbedtls_asn1_sequence_free().
- *
- * \note On error, this function may return a partial list in \p cur.
- * You must set `cur->next = NULL` before calling this function!
- * Otherwise it is impossible to distinguish a previously non-null
- * pointer from a pointer to an object allocated by this function.
- *
- * \note If the sequence is empty, this function does not modify
- * \c *cur. If the sequence is valid and non-empty, this
- * function sets `cur->buf.tag` to \p tag. This allows
- * callers to distinguish between an empty sequence and
- * a one-element sequence.
- *
- * \param p On entry, \c *p points to the start of the ASN.1 element.
- * On successful completion, \c *p is equal to \p end.
- * On error, the value of \c *p is undefined.
- * \param end End of data.
- * \param cur A ::mbedtls_asn1_sequence which this function fills.
- * When this function returns, \c *cur is the head of a linked
- * list. Each node in this list is allocated with
- * mbedtls_calloc() apart from \p cur itself, and should
- * therefore be freed with mbedtls_free().
- * The list describes the content of the sequence.
- * The head of the list (i.e. \c *cur itself) describes the
- * first element, `*cur->next` describes the second element, etc.
- * For each element, `buf.tag == tag`, `buf.len` is the length
- * of the content of the content of the element, and `buf.p`
- * points to the first byte of the content (i.e. immediately
- * past the length of the element).
- * Note that list elements may be allocated even on error.
- * \param tag Each element of the sequence must have this tag.
- *
- * \return 0 if successful.
- * \return #MBEDTLS_ERR_ASN1_LENGTH_MISMATCH if the input contains
- * extra data after a valid SEQUENCE OF \p tag.
- * \return #MBEDTLS_ERR_ASN1_UNEXPECTED_TAG if the input starts with
- * an ASN.1 SEQUENCE in which an element has a tag that
- * is different from \p tag.
- * \return #MBEDTLS_ERR_ASN1_ALLOC_FAILED if a memory allocation failed.
- * \return An ASN.1 error code if the input does not start with
- * a valid ASN.1 SEQUENCE.
- */
-int mbedtls_asn1_get_sequence_of(unsigned char **p,
- const unsigned char *end,
- mbedtls_asn1_sequence *cur,
- int tag);
-/**
- * \brief Free a heap-allocated linked list presentation of
- * an ASN.1 sequence, including the first element.
- *
- * There are two common ways to manage the memory used for the representation
- * of a parsed ASN.1 sequence:
- * - Allocate a head node `mbedtls_asn1_sequence *head` with mbedtls_calloc().
- * Pass this node as the `cur` argument to mbedtls_asn1_get_sequence_of().
- * When you have finished processing the sequence,
- * call mbedtls_asn1_sequence_free() on `head`.
- * - Allocate a head node `mbedtls_asn1_sequence *head` in any manner,
- * for example on the stack. Make sure that `head->next == NULL`.
- * Pass `head` as the `cur` argument to mbedtls_asn1_get_sequence_of().
- * When you have finished processing the sequence,
- * call mbedtls_asn1_sequence_free() on `head->cur`,
- * then free `head` itself in the appropriate manner.
- *
- * \param seq The address of the first sequence component. This may
- * be \c NULL, in which case this functions returns
- * immediately.
- */
-void mbedtls_asn1_sequence_free(mbedtls_asn1_sequence *seq);
-
-/**
- * \brief Traverse an ASN.1 SEQUENCE container and
- * call a callback for each entry.
- *
- * This function checks that the input is a SEQUENCE of elements that
- * each have a "must" tag, and calls a callback function on the elements
- * that have a "may" tag.
- *
- * For example, to validate that the input is a SEQUENCE of `tag1` and call
- * `cb` on each element, use
- * ```
- * mbedtls_asn1_traverse_sequence_of(&p, end, 0xff, tag1, 0, 0, cb, ctx);
- * ```
- *
- * To validate that the input is a SEQUENCE of ANY and call `cb` on
- * each element, use
- * ```
- * mbedtls_asn1_traverse_sequence_of(&p, end, 0, 0, 0, 0, cb, ctx);
- * ```
- *
- * To validate that the input is a SEQUENCE of CHOICE {NULL, OCTET STRING}
- * and call `cb` on each element that is an OCTET STRING, use
- * ```
- * mbedtls_asn1_traverse_sequence_of(&p, end, 0xfe, 0x04, 0xff, 0x04, cb, ctx);
- * ```
- *
- * The callback is called on the elements with a "may" tag from left to
- * right. If the input is not a valid SEQUENCE of elements with a "must" tag,
- * the callback is called on the elements up to the leftmost point where
- * the input is invalid.
- *
- * \warning This function is still experimental and may change
- * at any time.
- *
- * \param p The address of the pointer to the beginning of
- * the ASN.1 SEQUENCE header. This is updated to
- * point to the end of the ASN.1 SEQUENCE container
- * on a successful invocation.
- * \param end The end of the ASN.1 SEQUENCE container.
- * \param tag_must_mask A mask to be applied to the ASN.1 tags found within
- * the SEQUENCE before comparing to \p tag_must_val.
- * \param tag_must_val The required value of each ASN.1 tag found in the
- * SEQUENCE, after masking with \p tag_must_mask.
- * Mismatching tags lead to an error.
- * For example, a value of \c 0 for both \p tag_must_mask
- * and \p tag_must_val means that every tag is allowed,
- * while a value of \c 0xFF for \p tag_must_mask means
- * that \p tag_must_val is the only allowed tag.
- * \param tag_may_mask A mask to be applied to the ASN.1 tags found within
- * the SEQUENCE before comparing to \p tag_may_val.
- * \param tag_may_val The desired value of each ASN.1 tag found in the
- * SEQUENCE, after masking with \p tag_may_mask.
- * Mismatching tags will be silently ignored.
- * For example, a value of \c 0 for \p tag_may_mask and
- * \p tag_may_val means that any tag will be considered,
- * while a value of \c 0xFF for \p tag_may_mask means
- * that all tags with value different from \p tag_may_val
- * will be ignored.
- * \param cb The callback to trigger for each component
- * in the ASN.1 SEQUENCE that matches \p tag_may_val.
- * The callback function is called with the following
- * parameters:
- * - \p ctx.
- * - The tag of the current element.
- * - A pointer to the start of the current element's
- * content inside the input.
- * - The length of the content of the current element.
- * If the callback returns a non-zero value,
- * the function stops immediately,
- * forwarding the callback's return value.
- * \param ctx The context to be passed to the callback \p cb.
- *
- * \return \c 0 if successful the entire ASN.1 SEQUENCE
- * was traversed without parsing or callback errors.
- * \return #MBEDTLS_ERR_ASN1_LENGTH_MISMATCH if the input
- * contains extra data after a valid SEQUENCE
- * of elements with an accepted tag.
- * \return #MBEDTLS_ERR_ASN1_UNEXPECTED_TAG if the input starts
- * with an ASN.1 SEQUENCE in which an element has a tag
- * that is not accepted.
- * \return An ASN.1 error code if the input does not start with
- * a valid ASN.1 SEQUENCE.
- * \return A non-zero error code forwarded from the callback
- * \p cb in case the latter returns a non-zero value.
- */
-int mbedtls_asn1_traverse_sequence_of(
- unsigned char **p,
- const unsigned char *end,
- unsigned char tag_must_mask, unsigned char tag_must_val,
- unsigned char tag_may_mask, unsigned char tag_may_val,
- int (*cb)(void *ctx, int tag,
- unsigned char *start, size_t len),
- void *ctx);
-
-#if defined(MBEDTLS_BIGNUM_C)
-/**
- * \brief Retrieve an integer ASN.1 tag and its value.
- * Updates the pointer to immediately behind the full tag.
- *
- * \param p On entry, \c *p points to the start of the ASN.1 element.
- * On successful completion, \c *p points to the first byte
- * beyond the ASN.1 element.
- * On error, the value of \c *p is undefined.
- * \param end End of data.
- * \param X On success, the parsed value.
- *
- * \return 0 if successful.
- * \return An ASN.1 error code if the input does not start with
- * a valid ASN.1 INTEGER.
- * \return #MBEDTLS_ERR_ASN1_INVALID_LENGTH if the parsed value does
- * not fit in an \c int.
- * \return An MPI error code if the parsed value is too large.
- */
-int mbedtls_asn1_get_mpi(unsigned char **p,
- const unsigned char *end,
- mbedtls_mpi *X);
-#endif /* MBEDTLS_BIGNUM_C */
-
-/**
- * \brief Retrieve an AlgorithmIdentifier ASN.1 sequence.
- * Updates the pointer to immediately behind the full
- * AlgorithmIdentifier.
- *
- * \param p On entry, \c *p points to the start of the ASN.1 element.
- * On successful completion, \c *p points to the first byte
- * beyond the AlgorithmIdentifier element.
- * On error, the value of \c *p is undefined.
- * \param end End of data.
- * \param alg The buffer to receive the OID.
- * \param params The buffer to receive the parameters.
- * This is zeroized if there are no parameters.
- *
- * \return 0 if successful or a specific ASN.1 or MPI error code.
- */
-int mbedtls_asn1_get_alg(unsigned char **p,
- const unsigned char *end,
- mbedtls_asn1_buf *alg, mbedtls_asn1_buf *params);
-
-/**
- * \brief Retrieve an AlgorithmIdentifier ASN.1 sequence with NULL or no
- * params.
- * Updates the pointer to immediately behind the full
- * AlgorithmIdentifier.
- *
- * \param p On entry, \c *p points to the start of the ASN.1 element.
- * On successful completion, \c *p points to the first byte
- * beyond the AlgorithmIdentifier element.
- * On error, the value of \c *p is undefined.
- * \param end End of data.
- * \param alg The buffer to receive the OID.
- *
- * \return 0 if successful or a specific ASN.1 or MPI error code.
- */
-int mbedtls_asn1_get_alg_null(unsigned char **p,
- const unsigned char *end,
- mbedtls_asn1_buf *alg);
-
-/**
- * \brief Find a specific named_data entry in a sequence or list based on
- * the OID.
- *
- * \param list The list to seek through
- * \param oid The OID to look for
- * \param len Size of the OID
- *
- * \return NULL if not found, or a pointer to the existing entry.
- */
-const mbedtls_asn1_named_data *mbedtls_asn1_find_named_data(const mbedtls_asn1_named_data *list,
- const char *oid, size_t len);
-
-#if !defined(MBEDTLS_DEPRECATED_REMOVED)
-/**
- * \brief Free a mbedtls_asn1_named_data entry
- *
- * \deprecated This function is deprecated and will be removed in a
- * future version of the library.
- * Please use mbedtls_asn1_free_named_data_list()
- * or mbedtls_asn1_free_named_data_list_shallow().
- *
- * \param entry The named data entry to free.
- * This function calls mbedtls_free() on
- * `entry->oid.p` and `entry->val.p`.
- */
-void MBEDTLS_DEPRECATED mbedtls_asn1_free_named_data(mbedtls_asn1_named_data *entry);
-#endif /* MBEDTLS_DEPRECATED_REMOVED */
-
-/**
- * \brief Free all entries in a mbedtls_asn1_named_data list.
- *
- * \param head Pointer to the head of the list of named data entries to free.
- * This function calls mbedtls_free() on
- * `entry->oid.p` and `entry->val.p` and then on `entry`
- * for each list entry, and sets \c *head to \c NULL.
- */
-void mbedtls_asn1_free_named_data_list(mbedtls_asn1_named_data **head);
-
-/**
- * \brief Free all shallow entries in a mbedtls_asn1_named_data list,
- * but do not free internal pointer targets.
- *
- * \param name Head of the list of named data entries to free.
- * This function calls mbedtls_free() on each list element.
- */
-void mbedtls_asn1_free_named_data_list_shallow(mbedtls_asn1_named_data *name);
-
-/** \} name Functions to parse ASN.1 data structures */
-/** \} addtogroup asn1_module */
-
-#endif /* MBEDTLS_ASN1_PARSE_C */
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* asn1.h */
diff --git a/include/mbedtls/asn1write.h b/include/mbedtls/asn1write.h
deleted file mode 100644
index 0c5a85a..0000000
--- a/include/mbedtls/asn1write.h
+++ /dev/null
@@ -1,390 +0,0 @@
-/**
- * \file asn1write.h
- *
- * \brief ASN.1 buffer writing functionality
- */
-/*
- * Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
- */
-#ifndef MBEDTLS_ASN1_WRITE_H
-#define MBEDTLS_ASN1_WRITE_H
-
-#include "mbedtls/build_info.h"
-
-#include "mbedtls/asn1.h"
-
-#define MBEDTLS_ASN1_CHK_ADD(g, f) \
- do \
- { \
- if ((ret = (f)) < 0) \
- return ret; \
- else \
- (g) += ret; \
- } while (0)
-
-#define MBEDTLS_ASN1_CHK_CLEANUP_ADD(g, f) \
- do \
- { \
- if ((ret = (f)) < 0) \
- goto cleanup; \
- else \
- (g) += ret; \
- } while (0)
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-#if defined(MBEDTLS_ASN1_WRITE_C) || defined(MBEDTLS_X509_USE_C) || \
- defined(MBEDTLS_PSA_UTIL_HAVE_ECDSA)
-/**
- * \brief Write a length field in ASN.1 format.
- *
- * \note This function works backwards in data buffer.
- *
- * \param p The reference to the current position pointer.
- * \param start The start of the buffer, for bounds-checking.
- * \param len The length value to write.
- *
- * \return The number of bytes written to \p p on success.
- * \return A negative \c MBEDTLS_ERR_ASN1_XXX error code on failure.
- */
-int mbedtls_asn1_write_len(unsigned char **p, const unsigned char *start,
- size_t len);
-/**
- * \brief Write an ASN.1 tag in ASN.1 format.
- *
- * \note This function works backwards in data buffer.
- *
- * \param p The reference to the current position pointer.
- * \param start The start of the buffer, for bounds-checking.
- * \param tag The tag to write.
- *
- * \return The number of bytes written to \p p on success.
- * \return A negative \c MBEDTLS_ERR_ASN1_XXX error code on failure.
- */
-int mbedtls_asn1_write_tag(unsigned char **p, const unsigned char *start,
- unsigned char tag);
-#endif /* MBEDTLS_ASN1_WRITE_C || MBEDTLS_X509_USE_C || MBEDTLS_PSA_UTIL_HAVE_ECDSA*/
-
-#if defined(MBEDTLS_ASN1_WRITE_C)
-/**
- * \brief Write raw buffer data.
- *
- * \note This function works backwards in data buffer.
- *
- * \param p The reference to the current position pointer.
- * \param start The start of the buffer, for bounds-checking.
- * \param buf The data buffer to write.
- * \param size The length of the data buffer.
- *
- * \return The number of bytes written to \p p on success.
- * \return A negative \c MBEDTLS_ERR_ASN1_XXX error code on failure.
- */
-int mbedtls_asn1_write_raw_buffer(unsigned char **p, const unsigned char *start,
- const unsigned char *buf, size_t size);
-
-#if defined(MBEDTLS_BIGNUM_C)
-/**
- * \brief Write an arbitrary-precision number (#MBEDTLS_ASN1_INTEGER)
- * in ASN.1 format.
- *
- * \note This function works backwards in data buffer.
- *
- * \param p The reference to the current position pointer.
- * \param start The start of the buffer, for bounds-checking.
- * \param X The MPI to write.
- * It must be non-negative.
- *
- * \return The number of bytes written to \p p on success.
- * \return A negative \c MBEDTLS_ERR_ASN1_XXX error code on failure.
- */
-int mbedtls_asn1_write_mpi(unsigned char **p, const unsigned char *start,
- const mbedtls_mpi *X);
-#endif /* MBEDTLS_BIGNUM_C */
-
-/**
- * \brief Write a NULL tag (#MBEDTLS_ASN1_NULL) with zero data
- * in ASN.1 format.
- *
- * \note This function works backwards in data buffer.
- *
- * \param p The reference to the current position pointer.
- * \param start The start of the buffer, for bounds-checking.
- *
- * \return The number of bytes written to \p p on success.
- * \return A negative \c MBEDTLS_ERR_ASN1_XXX error code on failure.
- */
-int mbedtls_asn1_write_null(unsigned char **p, const unsigned char *start);
-
-/**
- * \brief Write an OID tag (#MBEDTLS_ASN1_OID) and data
- * in ASN.1 format.
- *
- * \note This function works backwards in data buffer.
- *
- * \param p The reference to the current position pointer.
- * \param start The start of the buffer, for bounds-checking.
- * \param oid The OID to write.
- * \param oid_len The length of the OID.
- *
- * \return The number of bytes written to \p p on success.
- * \return A negative \c MBEDTLS_ERR_ASN1_XXX error code on failure.
- */
-int mbedtls_asn1_write_oid(unsigned char **p, const unsigned char *start,
- const char *oid, size_t oid_len);
-
-/**
- * \brief Write an AlgorithmIdentifier sequence in ASN.1 format.
- *
- * \note This function works backwards in data buffer.
- *
- * \param p The reference to the current position pointer.
- * \param start The start of the buffer, for bounds-checking.
- * \param oid The OID of the algorithm to write.
- * \param oid_len The length of the algorithm's OID.
- * \param par_len The length of the parameters, which must be already written.
- * If 0, NULL parameters are added
- *
- * \return The number of bytes written to \p p on success.
- * \return A negative \c MBEDTLS_ERR_ASN1_XXX error code on failure.
- */
-int mbedtls_asn1_write_algorithm_identifier(unsigned char **p,
- const unsigned char *start,
- const char *oid, size_t oid_len,
- size_t par_len);
-
-/**
- * \brief Write an AlgorithmIdentifier sequence in ASN.1 format.
- *
- * \note This function works backwards in data buffer.
- *
- * \param p The reference to the current position pointer.
- * \param start The start of the buffer, for bounds-checking.
- * \param oid The OID of the algorithm to write.
- * \param oid_len The length of the algorithm's OID.
- * \param par_len The length of the parameters, which must be already written.
- * \param has_par If there are any parameters. If 0, par_len must be 0. If 1
- * and \p par_len is 0, NULL parameters are added.
- *
- * \return The number of bytes written to \p p on success.
- * \return A negative \c MBEDTLS_ERR_ASN1_XXX error code on failure.
- */
-int mbedtls_asn1_write_algorithm_identifier_ext(unsigned char **p,
- const unsigned char *start,
- const char *oid, size_t oid_len,
- size_t par_len, int has_par);
-
-/**
- * \brief Write a boolean tag (#MBEDTLS_ASN1_BOOLEAN) and value
- * in ASN.1 format.
- *
- * \note This function works backwards in data buffer.
- *
- * \param p The reference to the current position pointer.
- * \param start The start of the buffer, for bounds-checking.
- * \param boolean The boolean value to write, either \c 0 or \c 1.
- *
- * \return The number of bytes written to \p p on success.
- * \return A negative \c MBEDTLS_ERR_ASN1_XXX error code on failure.
- */
-int mbedtls_asn1_write_bool(unsigned char **p, const unsigned char *start,
- int boolean);
-
-/**
- * \brief Write an int tag (#MBEDTLS_ASN1_INTEGER) and value
- * in ASN.1 format.
- *
- * \note This function works backwards in data buffer.
- *
- * \param p The reference to the current position pointer.
- * \param start The start of the buffer, for bounds-checking.
- * \param val The integer value to write.
- * It must be non-negative.
- *
- * \return The number of bytes written to \p p on success.
- * \return A negative \c MBEDTLS_ERR_ASN1_XXX error code on failure.
- */
-int mbedtls_asn1_write_int(unsigned char **p, const unsigned char *start, int val);
-
-/**
- * \brief Write an enum tag (#MBEDTLS_ASN1_ENUMERATED) and value
- * in ASN.1 format.
- *
- * \note This function works backwards in data buffer.
- *
- * \param p The reference to the current position pointer.
- * \param start The start of the buffer, for bounds-checking.
- * \param val The integer value to write.
- *
- * \return The number of bytes written to \p p on success.
- * \return A negative \c MBEDTLS_ERR_ASN1_XXX error code on failure.
- */
-int mbedtls_asn1_write_enum(unsigned char **p, const unsigned char *start, int val);
-
-/**
- * \brief Write a string in ASN.1 format using a specific
- * string encoding tag.
-
- * \note This function works backwards in data buffer.
- *
- * \param p The reference to the current position pointer.
- * \param start The start of the buffer, for bounds-checking.
- * \param tag The string encoding tag to write, e.g.
- * #MBEDTLS_ASN1_UTF8_STRING.
- * \param text The string to write.
- * \param text_len The length of \p text in bytes (which might
- * be strictly larger than the number of characters).
- *
- * \return The number of bytes written to \p p on success.
- * \return A negative error code on failure.
- */
-int mbedtls_asn1_write_tagged_string(unsigned char **p, const unsigned char *start,
- int tag, const char *text,
- size_t text_len);
-
-/**
- * \brief Write a string in ASN.1 format using the PrintableString
- * string encoding tag (#MBEDTLS_ASN1_PRINTABLE_STRING).
- *
- * \note This function works backwards in data buffer.
- *
- * \param p The reference to the current position pointer.
- * \param start The start of the buffer, for bounds-checking.
- * \param text The string to write.
- * \param text_len The length of \p text in bytes (which might
- * be strictly larger than the number of characters).
- *
- * \return The number of bytes written to \p p on success.
- * \return A negative error code on failure.
- */
-int mbedtls_asn1_write_printable_string(unsigned char **p,
- const unsigned char *start,
- const char *text, size_t text_len);
-
-/**
- * \brief Write a UTF8 string in ASN.1 format using the UTF8String
- * string encoding tag (#MBEDTLS_ASN1_UTF8_STRING).
- *
- * \note This function works backwards in data buffer.
- *
- * \param p The reference to the current position pointer.
- * \param start The start of the buffer, for bounds-checking.
- * \param text The string to write.
- * \param text_len The length of \p text in bytes (which might
- * be strictly larger than the number of characters).
- *
- * \return The number of bytes written to \p p on success.
- * \return A negative error code on failure.
- */
-int mbedtls_asn1_write_utf8_string(unsigned char **p, const unsigned char *start,
- const char *text, size_t text_len);
-
-/**
- * \brief Write a string in ASN.1 format using the IA5String
- * string encoding tag (#MBEDTLS_ASN1_IA5_STRING).
- *
- * \note This function works backwards in data buffer.
- *
- * \param p The reference to the current position pointer.
- * \param start The start of the buffer, for bounds-checking.
- * \param text The string to write.
- * \param text_len The length of \p text in bytes (which might
- * be strictly larger than the number of characters).
- *
- * \return The number of bytes written to \p p on success.
- * \return A negative error code on failure.
- */
-int mbedtls_asn1_write_ia5_string(unsigned char **p, const unsigned char *start,
- const char *text, size_t text_len);
-
-/**
- * \brief Write a bitstring tag (#MBEDTLS_ASN1_BIT_STRING) and
- * value in ASN.1 format.
- *
- * \note This function works backwards in data buffer.
- *
- * \param p The reference to the current position pointer.
- * \param start The start of the buffer, for bounds-checking.
- * \param buf The bitstring to write.
- * \param bits The total number of bits in the bitstring.
- *
- * \return The number of bytes written to \p p on success.
- * \return A negative error code on failure.
- */
-int mbedtls_asn1_write_bitstring(unsigned char **p, const unsigned char *start,
- const unsigned char *buf, size_t bits);
-
-/**
- * \brief This function writes a named bitstring tag
- * (#MBEDTLS_ASN1_BIT_STRING) and value in ASN.1 format.
- *
- * As stated in RFC 5280 Appendix B, trailing zeroes are
- * omitted when encoding named bitstrings in DER.
- *
- * \note This function works backwards within the data buffer.
- *
- * \param p The reference to the current position pointer.
- * \param start The start of the buffer which is used for bounds-checking.
- * \param buf The bitstring to write.
- * \param bits The total number of bits in the bitstring.
- *
- * \return The number of bytes written to \p p on success.
- * \return A negative error code on failure.
- */
-int mbedtls_asn1_write_named_bitstring(unsigned char **p,
- const unsigned char *start,
- const unsigned char *buf,
- size_t bits);
-
-/**
- * \brief Write an octet string tag (#MBEDTLS_ASN1_OCTET_STRING)
- * and value in ASN.1 format.
- *
- * \note This function works backwards in data buffer.
- *
- * \param p The reference to the current position pointer.
- * \param start The start of the buffer, for bounds-checking.
- * \param buf The buffer holding the data to write.
- * \param size The length of the data buffer \p buf.
- *
- * \return The number of bytes written to \p p on success.
- * \return A negative error code on failure.
- */
-int mbedtls_asn1_write_octet_string(unsigned char **p, const unsigned char *start,
- const unsigned char *buf, size_t size);
-
-/**
- * \brief Create or find a specific named_data entry for writing in a
- * sequence or list based on the OID. If not already in there,
- * a new entry is added to the head of the list.
- * Warning: Destructive behaviour for the val data!
- *
- * \param list The pointer to the location of the head of the list to seek
- * through (will be updated in case of a new entry).
- * \param oid The OID to look for.
- * \param oid_len The size of the OID.
- * \param val The associated data to store. If this is \c NULL,
- * no data is copied to the new or existing buffer.
- * \param val_len The minimum length of the data buffer needed.
- * If this is 0, do not allocate a buffer for the associated
- * data.
- * If the OID was already present, enlarge, shrink or free
- * the existing buffer to fit \p val_len.
- *
- * \return A pointer to the new / existing entry on success.
- * \return \c NULL if there was a memory allocation error.
- */
-mbedtls_asn1_named_data *mbedtls_asn1_store_named_data(mbedtls_asn1_named_data **list,
- const char *oid, size_t oid_len,
- const unsigned char *val,
- size_t val_len);
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* MBEDTLS_ASN1_WRITE_C */
-
-#endif /* MBEDTLS_ASN1_WRITE_H */
diff --git a/include/mbedtls/bignum.h b/include/mbedtls/bignum.h
deleted file mode 100644
index 71d7b97..0000000
--- a/include/mbedtls/bignum.h
+++ /dev/null
@@ -1,1084 +0,0 @@
-/**
- * \file bignum.h
- *
- * \brief Multi-precision integer library
- */
-/*
- * Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
- */
-#ifndef MBEDTLS_BIGNUM_H
-#define MBEDTLS_BIGNUM_H
-#include "mbedtls/private_access.h"
-
-#include "mbedtls/build_info.h"
-
-#include
-#include
-
-#if defined(MBEDTLS_FS_IO)
-#include
-#endif
-
-/** An error occurred while reading from or writing to a file. */
-#define MBEDTLS_ERR_MPI_FILE_IO_ERROR -0x0002
-/** Bad input parameters to function. */
-#define MBEDTLS_ERR_MPI_BAD_INPUT_DATA -0x0004
-/** There is an invalid character in the digit string. */
-#define MBEDTLS_ERR_MPI_INVALID_CHARACTER -0x0006
-/** The buffer is too small to write to. */
-#define MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL -0x0008
-/** The input arguments are negative or result in illegal output. */
-#define MBEDTLS_ERR_MPI_NEGATIVE_VALUE -0x000A
-/** The input argument for division is zero, which is not allowed. */
-#define MBEDTLS_ERR_MPI_DIVISION_BY_ZERO -0x000C
-/** The input arguments are not acceptable. */
-#define MBEDTLS_ERR_MPI_NOT_ACCEPTABLE -0x000E
-/** Memory allocation failed. */
-#define MBEDTLS_ERR_MPI_ALLOC_FAILED -0x0010
-
-#define MBEDTLS_MPI_CHK(f) \
- do \
- { \
- if ((ret = (f)) != 0) \
- goto cleanup; \
- } while (0)
-
-/*
- * Maximum size MPIs are allowed to grow to in number of limbs.
- */
-#define MBEDTLS_MPI_MAX_LIMBS 10000
-
-#if !defined(MBEDTLS_MPI_WINDOW_SIZE)
-/*
- * Maximum window size used for modular exponentiation. Default: 3
- * Minimum value: 1. Maximum value: 6.
- *
- * Result is an array of ( 2 ** MBEDTLS_MPI_WINDOW_SIZE ) MPIs used
- * for the sliding window calculation. (So 8 by default)
- *
- * Reduction in size, reduces speed.
- */
-#define MBEDTLS_MPI_WINDOW_SIZE 3 /**< Maximum window size used. */
-#endif /* !MBEDTLS_MPI_WINDOW_SIZE */
-
-#if !defined(MBEDTLS_MPI_MAX_SIZE)
-/*
- * Maximum size of MPIs allowed in bits and bytes for user-MPIs.
- * ( Default: 512 bytes => 4096 bits, Maximum tested: 2048 bytes => 16384 bits )
- *
- * Note: Calculations can temporarily result in larger MPIs. So the number
- * of limbs required (MBEDTLS_MPI_MAX_LIMBS) is higher.
- */
-#define MBEDTLS_MPI_MAX_SIZE 1024 /**< Maximum number of bytes for usable MPIs. */
-#endif /* !MBEDTLS_MPI_MAX_SIZE */
-
-#define MBEDTLS_MPI_MAX_BITS (8 * MBEDTLS_MPI_MAX_SIZE) /**< Maximum number of bits for usable MPIs. */
-
-/*
- * When reading from files with mbedtls_mpi_read_file() and writing to files with
- * mbedtls_mpi_write_file() the buffer should have space
- * for a (short) label, the MPI (in the provided radix), the newline
- * characters and the '\0'.
- *
- * By default we assume at least a 10 char label, a minimum radix of 10
- * (decimal) and a maximum of 4096 bit numbers (1234 decimal chars).
- * Autosized at compile time for at least a 10 char label, a minimum radix
- * of 10 (decimal) for a number of MBEDTLS_MPI_MAX_BITS size.
- *
- * This used to be statically sized to 1250 for a maximum of 4096 bit
- * numbers (1234 decimal chars).
- *
- * Calculate using the formula:
- * MBEDTLS_MPI_RW_BUFFER_SIZE = ceil(MBEDTLS_MPI_MAX_BITS / ln(10) * ln(2)) +
- * LabelSize + 6
- */
-#define MBEDTLS_MPI_MAX_BITS_SCALE100 (100 * MBEDTLS_MPI_MAX_BITS)
-#define MBEDTLS_LN_2_DIV_LN_10_SCALE100 332
-#define MBEDTLS_MPI_RW_BUFFER_SIZE (((MBEDTLS_MPI_MAX_BITS_SCALE100 + \
- MBEDTLS_LN_2_DIV_LN_10_SCALE100 - 1) / \
- MBEDTLS_LN_2_DIV_LN_10_SCALE100) + 10 + 6)
-
-/*
- * Define the base integer type, architecture-wise.
- *
- * 32 or 64-bit integer types can be forced regardless of the underlying
- * architecture by defining MBEDTLS_HAVE_INT32 or MBEDTLS_HAVE_INT64
- * respectively and undefining MBEDTLS_HAVE_ASM.
- *
- * Double-width integers (e.g. 128-bit in 64-bit architectures) can be
- * disabled by defining MBEDTLS_NO_UDBL_DIVISION.
- */
-#if !defined(MBEDTLS_HAVE_INT32)
- #if defined(_MSC_VER) && defined(_M_AMD64)
-/* Always choose 64-bit when using MSC */
- #if !defined(MBEDTLS_HAVE_INT64)
- #define MBEDTLS_HAVE_INT64
- #endif /* !MBEDTLS_HAVE_INT64 */
-typedef int64_t mbedtls_mpi_sint;
-typedef uint64_t mbedtls_mpi_uint;
-#define MBEDTLS_MPI_UINT_MAX UINT64_MAX
- #elif defined(__GNUC__) && ( \
- defined(__amd64__) || defined(__x86_64__) || \
- defined(__ppc64__) || defined(__powerpc64__) || \
- defined(__ia64__) || defined(__alpha__) || \
- (defined(__sparc__) && defined(__arch64__)) || \
- defined(__s390x__) || defined(__mips64) || \
- defined(__aarch64__))
- #if !defined(MBEDTLS_HAVE_INT64)
- #define MBEDTLS_HAVE_INT64
- #endif /* MBEDTLS_HAVE_INT64 */
-typedef int64_t mbedtls_mpi_sint;
-typedef uint64_t mbedtls_mpi_uint;
-#define MBEDTLS_MPI_UINT_MAX UINT64_MAX
- #if !defined(MBEDTLS_NO_UDBL_DIVISION)
-/* mbedtls_t_udbl defined as 128-bit unsigned int */
-typedef unsigned int mbedtls_t_udbl __attribute__((mode(TI)));
- #define MBEDTLS_HAVE_UDBL
- #endif /* !MBEDTLS_NO_UDBL_DIVISION */
- #elif defined(__ARMCC_VERSION) && defined(__aarch64__)
-/*
- * __ARMCC_VERSION is defined for both armcc and armclang and
- * __aarch64__ is only defined by armclang when compiling 64-bit code
- */
- #if !defined(MBEDTLS_HAVE_INT64)
- #define MBEDTLS_HAVE_INT64
- #endif /* !MBEDTLS_HAVE_INT64 */
-typedef int64_t mbedtls_mpi_sint;
-typedef uint64_t mbedtls_mpi_uint;
-#define MBEDTLS_MPI_UINT_MAX UINT64_MAX
- #if !defined(MBEDTLS_NO_UDBL_DIVISION)
-/* mbedtls_t_udbl defined as 128-bit unsigned int */
-typedef __uint128_t mbedtls_t_udbl;
- #define MBEDTLS_HAVE_UDBL
- #endif /* !MBEDTLS_NO_UDBL_DIVISION */
- #elif defined(MBEDTLS_HAVE_INT64)
-/* Force 64-bit integers with unknown compiler */
-typedef int64_t mbedtls_mpi_sint;
-typedef uint64_t mbedtls_mpi_uint;
-#define MBEDTLS_MPI_UINT_MAX UINT64_MAX
- #endif
-#endif /* !MBEDTLS_HAVE_INT32 */
-
-#if !defined(MBEDTLS_HAVE_INT64)
-/* Default to 32-bit compilation */
- #if !defined(MBEDTLS_HAVE_INT32)
- #define MBEDTLS_HAVE_INT32
- #endif /* !MBEDTLS_HAVE_INT32 */
-typedef int32_t mbedtls_mpi_sint;
-typedef uint32_t mbedtls_mpi_uint;
-#define MBEDTLS_MPI_UINT_MAX UINT32_MAX
- #if !defined(MBEDTLS_NO_UDBL_DIVISION)
-typedef uint64_t mbedtls_t_udbl;
- #define MBEDTLS_HAVE_UDBL
- #endif /* !MBEDTLS_NO_UDBL_DIVISION */
-#endif /* !MBEDTLS_HAVE_INT64 */
-
-/*
- * Sanity check that exactly one of MBEDTLS_HAVE_INT32 or MBEDTLS_HAVE_INT64 is defined,
- * so that code elsewhere doesn't have to check.
- */
-#if (!(defined(MBEDTLS_HAVE_INT32) || defined(MBEDTLS_HAVE_INT64))) || \
- (defined(MBEDTLS_HAVE_INT32) && defined(MBEDTLS_HAVE_INT64))
-#error "Only 32-bit or 64-bit limbs are supported in bignum"
-#endif
-
-/** \typedef mbedtls_mpi_uint
- * \brief The type of machine digits in a bignum, called _limbs_.
- *
- * This is always an unsigned integer type with no padding bits. The size
- * is platform-dependent.
- */
-
-/** \typedef mbedtls_mpi_sint
- * \brief The signed type corresponding to #mbedtls_mpi_uint.
- *
- * This is always an signed integer type with no padding bits. The size
- * is platform-dependent.
- */
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/**
- * \brief MPI structure
- */
-typedef struct mbedtls_mpi {
- /** Pointer to limbs.
- *
- * This may be \c NULL if \c n is 0.
- */
- mbedtls_mpi_uint *MBEDTLS_PRIVATE(p);
-
- /** Sign: -1 if the mpi is negative, 1 otherwise.
- *
- * The number 0 must be represented with `s = +1`. Although many library
- * functions treat all-limbs-zero as equivalent to a valid representation
- * of 0 regardless of the sign bit, there are exceptions, so bignum
- * functions and external callers must always set \c s to +1 for the
- * number zero.
- *
- * Note that this implies that calloc() or `... = {0}` does not create
- * a valid MPI representation. You must call mbedtls_mpi_init().
- */
- signed short MBEDTLS_PRIVATE(s);
-
- /** Total number of limbs in \c p. */
- unsigned short MBEDTLS_PRIVATE(n);
- /* Make sure that MBEDTLS_MPI_MAX_LIMBS fits in n.
- * Use the same limit value on all platforms so that we don't have to
- * think about different behavior on the rare platforms where
- * unsigned short can store values larger than the minimum required by
- * the C language, which is 65535.
- */
-#if MBEDTLS_MPI_MAX_LIMBS > 65535
-#error "MBEDTLS_MPI_MAX_LIMBS > 65535 is not supported"
-#endif
-}
-mbedtls_mpi;
-
-/**
- * \brief Initialize an MPI context.
- *
- * This makes the MPI ready to be set or freed,
- * but does not define a value for the MPI.
- *
- * \param X The MPI context to initialize. This must not be \c NULL.
- */
-void mbedtls_mpi_init(mbedtls_mpi *X);
-
-/**
- * \brief This function frees the components of an MPI context.
- *
- * \param X The MPI context to be cleared. This may be \c NULL,
- * in which case this function is a no-op. If it is
- * not \c NULL, it must point to an initialized MPI.
- */
-void mbedtls_mpi_free(mbedtls_mpi *X);
-
-/**
- * \brief Enlarge an MPI to the specified number of limbs.
- *
- * \note This function does nothing if the MPI is
- * already large enough.
- *
- * \param X The MPI to grow. It must be initialized.
- * \param nblimbs The target number of limbs.
- *
- * \return \c 0 if successful.
- * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed.
- * \return Another negative error code on other kinds of failure.
- */
-int mbedtls_mpi_grow(mbedtls_mpi *X, size_t nblimbs);
-
-/**
- * \brief This function resizes an MPI downwards, keeping at least the
- * specified number of limbs.
- *
- * If \c X is smaller than \c nblimbs, it is resized up
- * instead.
- *
- * \param X The MPI to shrink. This must point to an initialized MPI.
- * \param nblimbs The minimum number of limbs to keep.
- *
- * \return \c 0 if successful.
- * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed
- * (this can only happen when resizing up).
- * \return Another negative error code on other kinds of failure.
- */
-int mbedtls_mpi_shrink(mbedtls_mpi *X, size_t nblimbs);
-
-/**
- * \brief Make a copy of an MPI.
- *
- * \param X The destination MPI. This must point to an initialized MPI.
- * \param Y The source MPI. This must point to an initialized MPI.
- *
- * \note The limb-buffer in the destination MPI is enlarged
- * if necessary to hold the value in the source MPI.
- *
- * \return \c 0 if successful.
- * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed.
- * \return Another negative error code on other kinds of failure.
- */
-int mbedtls_mpi_copy(mbedtls_mpi *X, const mbedtls_mpi *Y);
-
-/**
- * \brief Swap the contents of two MPIs.
- *
- * \param X The first MPI. It must be initialized.
- * \param Y The second MPI. It must be initialized.
- */
-void mbedtls_mpi_swap(mbedtls_mpi *X, mbedtls_mpi *Y);
-
-/**
- * \brief Perform a safe conditional copy of MPI which doesn't
- * reveal whether the condition was true or not.
- *
- * \param X The MPI to conditionally assign to. This must point
- * to an initialized MPI.
- * \param Y The MPI to be assigned from. This must point to an
- * initialized MPI.
- * \param assign The condition deciding whether to perform the
- * assignment or not. Must be either 0 or 1:
- * * \c 1: Perform the assignment `X = Y`.
- * * \c 0: Keep the original value of \p X.
- *
- * \note This function is equivalent to
- * `if( assign ) mbedtls_mpi_copy( X, Y );`
- * except that it avoids leaking any information about whether
- * the assignment was done or not (the above code may leak
- * information through branch prediction and/or memory access
- * patterns analysis).
- *
- * \warning If \p assign is neither 0 nor 1, the result of this function
- * is indeterminate, and the resulting value in \p X might be
- * neither its original value nor the value in \p Y.
- *
- * \return \c 0 if successful.
- * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed.
- * \return Another negative error code on other kinds of failure.
- */
-int mbedtls_mpi_safe_cond_assign(mbedtls_mpi *X, const mbedtls_mpi *Y, unsigned char assign);
-
-/**
- * \brief Perform a safe conditional swap which doesn't
- * reveal whether the condition was true or not.
- *
- * \param X The first MPI. This must be initialized.
- * \param Y The second MPI. This must be initialized.
- * \param swap The condition deciding whether to perform
- * the swap or not. Must be either 0 or 1:
- * * \c 1: Swap the values of \p X and \p Y.
- * * \c 0: Keep the original values of \p X and \p Y.
- *
- * \note This function is equivalent to
- * if( swap ) mbedtls_mpi_swap( X, Y );
- * except that it avoids leaking any information about whether
- * the swap was done or not (the above code may leak
- * information through branch prediction and/or memory access
- * patterns analysis).
- *
- * \warning If \p swap is neither 0 nor 1, the result of this function
- * is indeterminate, and both \p X and \p Y might end up with
- * values different to either of the original ones.
- *
- * \return \c 0 if successful.
- * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed.
- * \return Another negative error code on other kinds of failure.
- *
- */
-int mbedtls_mpi_safe_cond_swap(mbedtls_mpi *X, mbedtls_mpi *Y, unsigned char swap);
-
-/**
- * \brief Store integer value in MPI.
- *
- * \param X The MPI to set. This must be initialized.
- * \param z The value to use.
- *
- * \return \c 0 if successful.
- * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed.
- * \return Another negative error code on other kinds of failure.
- */
-int mbedtls_mpi_lset(mbedtls_mpi *X, mbedtls_mpi_sint z);
-
-/**
- * \brief Get a specific bit from an MPI.
- *
- * \param X The MPI to query. This must be initialized.
- * \param pos Zero-based index of the bit to query.
- *
- * \return \c 0 or \c 1 on success, depending on whether bit \c pos
- * of \c X is unset or set.
- * \return A negative error code on failure.
- */
-int mbedtls_mpi_get_bit(const mbedtls_mpi *X, size_t pos);
-
-/**
- * \brief Modify a specific bit in an MPI.
- *
- * \note This function will grow the target MPI if necessary to set a
- * bit to \c 1 in a not yet existing limb. It will not grow if
- * the bit should be set to \c 0.
- *
- * \param X The MPI to modify. This must be initialized.
- * \param pos Zero-based index of the bit to modify.
- * \param val The desired value of bit \c pos: \c 0 or \c 1.
- *
- * \return \c 0 if successful.
- * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed.
- * \return Another negative error code on other kinds of failure.
- */
-int mbedtls_mpi_set_bit(mbedtls_mpi *X, size_t pos, unsigned char val);
-
-/**
- * \brief Return the number of bits of value \c 0 before the
- * least significant bit of value \c 1.
- *
- * \note This is the same as the zero-based index of
- * the least significant bit of value \c 1.
- *
- * \param X The MPI to query.
- *
- * \return The number of bits of value \c 0 before the least significant
- * bit of value \c 1 in \p X.
- */
-size_t mbedtls_mpi_lsb(const mbedtls_mpi *X);
-
-/**
- * \brief Return the number of bits up to and including the most
- * significant bit of value \c 1.
- *
- * * \note This is same as the one-based index of the most
- * significant bit of value \c 1.
- *
- * \param X The MPI to query. This must point to an initialized MPI.
- *
- * \return The number of bits up to and including the most
- * significant bit of value \c 1.
- */
-size_t mbedtls_mpi_bitlen(const mbedtls_mpi *X);
-
-/**
- * \brief Return the total size of an MPI value in bytes.
- *
- * \param X The MPI to use. This must point to an initialized MPI.
- *
- * \note The value returned by this function may be less than
- * the number of bytes used to store \p X internally.
- * This happens if and only if there are trailing bytes
- * of value zero.
- *
- * \return The least number of bytes capable of storing
- * the absolute value of \p X.
- */
-size_t mbedtls_mpi_size(const mbedtls_mpi *X);
-
-/**
- * \brief Import an MPI from an ASCII string.
- *
- * \param X The destination MPI. This must point to an initialized MPI.
- * \param radix The numeric base of the input string.
- * \param s Null-terminated string buffer.
- *
- * \return \c 0 if successful.
- * \return A negative error code on failure.
- */
-int mbedtls_mpi_read_string(mbedtls_mpi *X, int radix, const char *s);
-
-/**
- * \brief Export an MPI to an ASCII string.
- *
- * \param X The source MPI. This must point to an initialized MPI.
- * \param radix The numeric base of the output string.
- * \param buf The buffer to write the string to. This must be writable
- * buffer of length \p buflen Bytes.
- * \param buflen The available size in Bytes of \p buf.
- * \param olen The address at which to store the length of the string
- * written, including the final \c NULL byte. This must
- * not be \c NULL.
- *
- * \note You can call this function with `buflen == 0` to obtain the
- * minimum required buffer size in `*olen`.
- *
- * \return \c 0 if successful.
- * \return #MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL if the target buffer \p buf
- * is too small to hold the value of \p X in the desired base.
- * In this case, `*olen` is nonetheless updated to contain the
- * size of \p buf required for a successful call.
- * \return Another negative error code on different kinds of failure.
- */
-int mbedtls_mpi_write_string(const mbedtls_mpi *X, int radix,
- char *buf, size_t buflen, size_t *olen);
-
-#if defined(MBEDTLS_FS_IO)
-/**
- * \brief Read an MPI from a line in an opened file.
- *
- * \param X The destination MPI. This must point to an initialized MPI.
- * \param radix The numeric base of the string representation used
- * in the source line.
- * \param fin The input file handle to use. This must not be \c NULL.
- *
- * \note On success, this function advances the file stream
- * to the end of the current line or to EOF.
- *
- * The function returns \c 0 on an empty line.
- *
- * Leading whitespaces are ignored, as is a
- * '0x' prefix for radix \c 16.
- *
- * \return \c 0 if successful.
- * \return #MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL if the file read buffer
- * is too small.
- * \return Another negative error code on failure.
- */
-int mbedtls_mpi_read_file(mbedtls_mpi *X, int radix, FILE *fin);
-
-/**
- * \brief Export an MPI into an opened file.
- *
- * \param p A string prefix to emit prior to the MPI data.
- * For example, this might be a label, or "0x" when
- * printing in base \c 16. This may be \c NULL if no prefix
- * is needed.
- * \param X The source MPI. This must point to an initialized MPI.
- * \param radix The numeric base to be used in the emitted string.
- * \param fout The output file handle. This may be \c NULL, in which case
- * the output is written to \c stdout.
- *
- * \return \c 0 if successful.
- * \return A negative error code on failure.
- */
-int mbedtls_mpi_write_file(const char *p, const mbedtls_mpi *X,
- int radix, FILE *fout);
-#endif /* MBEDTLS_FS_IO */
-
-/**
- * \brief Import an MPI from unsigned big endian binary data.
- *
- * \param X The destination MPI. This must point to an initialized MPI.
- * \param buf The input buffer. This must be a readable buffer of length
- * \p buflen Bytes.
- * \param buflen The length of the input buffer \p buf in Bytes.
- *
- * \return \c 0 if successful.
- * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed.
- * \return Another negative error code on different kinds of failure.
- */
-int mbedtls_mpi_read_binary(mbedtls_mpi *X, const unsigned char *buf,
- size_t buflen);
-
-/**
- * \brief Import X from unsigned binary data, little endian
- *
- * \param X The destination MPI. This must point to an initialized MPI.
- * \param buf The input buffer. This must be a readable buffer of length
- * \p buflen Bytes.
- * \param buflen The length of the input buffer \p buf in Bytes.
- *
- * \return \c 0 if successful.
- * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed.
- * \return Another negative error code on different kinds of failure.
- */
-int mbedtls_mpi_read_binary_le(mbedtls_mpi *X,
- const unsigned char *buf, size_t buflen);
-
-/**
- * \brief Export X into unsigned binary data, big endian.
- * Always fills the whole buffer, which will start with zeros
- * if the number is smaller.
- *
- * \param X The source MPI. This must point to an initialized MPI.
- * \param buf The output buffer. This must be a writable buffer of length
- * \p buflen Bytes.
- * \param buflen The size of the output buffer \p buf in Bytes.
- *
- * \return \c 0 if successful.
- * \return #MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL if \p buf isn't
- * large enough to hold the value of \p X.
- * \return Another negative error code on different kinds of failure.
- */
-int mbedtls_mpi_write_binary(const mbedtls_mpi *X, unsigned char *buf,
- size_t buflen);
-
-/**
- * \brief Export X into unsigned binary data, little endian.
- * Always fills the whole buffer, which will end with zeros
- * if the number is smaller.
- *
- * \param X The source MPI. This must point to an initialized MPI.
- * \param buf The output buffer. This must be a writable buffer of length
- * \p buflen Bytes.
- * \param buflen The size of the output buffer \p buf in Bytes.
- *
- * \return \c 0 if successful.
- * \return #MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL if \p buf isn't
- * large enough to hold the value of \p X.
- * \return Another negative error code on different kinds of failure.
- */
-int mbedtls_mpi_write_binary_le(const mbedtls_mpi *X,
- unsigned char *buf, size_t buflen);
-
-/**
- * \brief Perform a left-shift on an MPI: X <<= count
- *
- * \param X The MPI to shift. This must point to an initialized MPI.
- * The MPI pointed by \p X may be resized to fit
- * the resulting number.
- * \param count The number of bits to shift by.
- *
- * \return \c 0 if successful.
- * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed.
- * \return Another negative error code on different kinds of failure.
- */
-int mbedtls_mpi_shift_l(mbedtls_mpi *X, size_t count);
-
-/**
- * \brief Perform a right-shift on an MPI: X >>= count
- *
- * \param X The MPI to shift. This must point to an initialized MPI.
- * \param count The number of bits to shift by.
- *
- * \return \c 0 if successful.
- * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed.
- * \return Another negative error code on different kinds of failure.
- */
-int mbedtls_mpi_shift_r(mbedtls_mpi *X, size_t count);
-
-/**
- * \brief Compare the absolute values of two MPIs.
- *
- * \param X The left-hand MPI. This must point to an initialized MPI.
- * \param Y The right-hand MPI. This must point to an initialized MPI.
- *
- * \return \c 1 if `|X|` is greater than `|Y|`.
- * \return \c -1 if `|X|` is lesser than `|Y|`.
- * \return \c 0 if `|X|` is equal to `|Y|`.
- */
-int mbedtls_mpi_cmp_abs(const mbedtls_mpi *X, const mbedtls_mpi *Y);
-
-/**
- * \brief Compare two MPIs.
- *
- * \param X The left-hand MPI. This must point to an initialized MPI.
- * \param Y The right-hand MPI. This must point to an initialized MPI.
- *
- * \return \c 1 if \p X is greater than \p Y.
- * \return \c -1 if \p X is lesser than \p Y.
- * \return \c 0 if \p X is equal to \p Y.
- */
-int mbedtls_mpi_cmp_mpi(const mbedtls_mpi *X, const mbedtls_mpi *Y);
-
-/**
- * \brief Check if an MPI is less than the other in constant time.
- *
- * \param X The left-hand MPI. This must point to an initialized MPI
- * with the same allocated length as Y.
- * \param Y The right-hand MPI. This must point to an initialized MPI
- * with the same allocated length as X.
- * \param ret The result of the comparison:
- * \c 1 if \p X is less than \p Y.
- * \c 0 if \p X is greater than or equal to \p Y.
- *
- * \return 0 on success.
- * \return MBEDTLS_ERR_MPI_BAD_INPUT_DATA if the allocated length of
- * the two input MPIs is not the same.
- */
-int mbedtls_mpi_lt_mpi_ct(const mbedtls_mpi *X, const mbedtls_mpi *Y,
- unsigned *ret);
-
-/**
- * \brief Compare an MPI with an integer.
- *
- * \param X The left-hand MPI. This must point to an initialized MPI.
- * \param z The integer value to compare \p X to.
- *
- * \return \c 1 if \p X is greater than \p z.
- * \return \c -1 if \p X is lesser than \p z.
- * \return \c 0 if \p X is equal to \p z.
- */
-int mbedtls_mpi_cmp_int(const mbedtls_mpi *X, mbedtls_mpi_sint z);
-
-/**
- * \brief Perform an unsigned addition of MPIs: X = |A| + |B|
- *
- * \param X The destination MPI. This must point to an initialized MPI.
- * \param A The first summand. This must point to an initialized MPI.
- * \param B The second summand. This must point to an initialized MPI.
- *
- * \return \c 0 if successful.
- * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed.
- * \return Another negative error code on different kinds of failure.
- */
-int mbedtls_mpi_add_abs(mbedtls_mpi *X, const mbedtls_mpi *A,
- const mbedtls_mpi *B);
-
-/**
- * \brief Perform an unsigned subtraction of MPIs: X = |A| - |B|
- *
- * \param X The destination MPI. This must point to an initialized MPI.
- * \param A The minuend. This must point to an initialized MPI.
- * \param B The subtrahend. This must point to an initialized MPI.
- *
- * \return \c 0 if successful.
- * \return #MBEDTLS_ERR_MPI_NEGATIVE_VALUE if \p B is greater than \p A.
- * \return Another negative error code on different kinds of failure.
- *
- */
-int mbedtls_mpi_sub_abs(mbedtls_mpi *X, const mbedtls_mpi *A,
- const mbedtls_mpi *B);
-
-/**
- * \brief Perform a signed addition of MPIs: X = A + B
- *
- * \param X The destination MPI. This must point to an initialized MPI.
- * \param A The first summand. This must point to an initialized MPI.
- * \param B The second summand. This must point to an initialized MPI.
- *
- * \return \c 0 if successful.
- * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed.
- * \return Another negative error code on different kinds of failure.
- */
-int mbedtls_mpi_add_mpi(mbedtls_mpi *X, const mbedtls_mpi *A,
- const mbedtls_mpi *B);
-
-/**
- * \brief Perform a signed subtraction of MPIs: X = A - B
- *
- * \param X The destination MPI. This must point to an initialized MPI.
- * \param A The minuend. This must point to an initialized MPI.
- * \param B The subtrahend. This must point to an initialized MPI.
- *
- * \return \c 0 if successful.
- * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed.
- * \return Another negative error code on different kinds of failure.
- */
-int mbedtls_mpi_sub_mpi(mbedtls_mpi *X, const mbedtls_mpi *A,
- const mbedtls_mpi *B);
-
-/**
- * \brief Perform a signed addition of an MPI and an integer: X = A + b
- *
- * \param X The destination MPI. This must point to an initialized MPI.
- * \param A The first summand. This must point to an initialized MPI.
- * \param b The second summand.
- *
- * \return \c 0 if successful.
- * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed.
- * \return Another negative error code on different kinds of failure.
- */
-int mbedtls_mpi_add_int(mbedtls_mpi *X, const mbedtls_mpi *A,
- mbedtls_mpi_sint b);
-
-/**
- * \brief Perform a signed subtraction of an MPI and an integer:
- * X = A - b
- *
- * \param X The destination MPI. This must point to an initialized MPI.
- * \param A The minuend. This must point to an initialized MPI.
- * \param b The subtrahend.
- *
- * \return \c 0 if successful.
- * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed.
- * \return Another negative error code on different kinds of failure.
- */
-int mbedtls_mpi_sub_int(mbedtls_mpi *X, const mbedtls_mpi *A,
- mbedtls_mpi_sint b);
-
-/**
- * \brief Perform a multiplication of two MPIs: X = A * B
- *
- * \param X The destination MPI. This must point to an initialized MPI.
- * \param A The first factor. This must point to an initialized MPI.
- * \param B The second factor. This must point to an initialized MPI.
- *
- * \return \c 0 if successful.
- * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed.
- * \return Another negative error code on different kinds of failure.
- *
- */
-int mbedtls_mpi_mul_mpi(mbedtls_mpi *X, const mbedtls_mpi *A,
- const mbedtls_mpi *B);
-
-/**
- * \brief Perform a multiplication of an MPI with an unsigned integer:
- * X = A * b
- *
- * \param X The destination MPI. This must point to an initialized MPI.
- * \param A The first factor. This must point to an initialized MPI.
- * \param b The second factor.
- *
- * \return \c 0 if successful.
- * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed.
- * \return Another negative error code on different kinds of failure.
- *
- */
-int mbedtls_mpi_mul_int(mbedtls_mpi *X, const mbedtls_mpi *A,
- mbedtls_mpi_uint b);
-
-/**
- * \brief Perform a division with remainder of two MPIs:
- * A = Q * B + R
- *
- * \param Q The destination MPI for the quotient.
- * This may be \c NULL if the value of the
- * quotient is not needed. This must not alias A or B.
- * \param R The destination MPI for the remainder value.
- * This may be \c NULL if the value of the
- * remainder is not needed. This must not alias A or B.
- * \param A The dividend. This must point to an initialized MPI.
- * \param B The divisor. This must point to an initialized MPI.
- *
- * \return \c 0 if successful.
- * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed.
- * \return #MBEDTLS_ERR_MPI_DIVISION_BY_ZERO if \p B equals zero.
- * \return Another negative error code on different kinds of failure.
- */
-int mbedtls_mpi_div_mpi(mbedtls_mpi *Q, mbedtls_mpi *R, const mbedtls_mpi *A,
- const mbedtls_mpi *B);
-
-/**
- * \brief Perform a division with remainder of an MPI by an integer:
- * A = Q * b + R
- *
- * \param Q The destination MPI for the quotient.
- * This may be \c NULL if the value of the
- * quotient is not needed. This must not alias A.
- * \param R The destination MPI for the remainder value.
- * This may be \c NULL if the value of the
- * remainder is not needed. This must not alias A.
- * \param A The dividend. This must point to an initialized MPi.
- * \param b The divisor.
- *
- * \return \c 0 if successful.
- * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed.
- * \return #MBEDTLS_ERR_MPI_DIVISION_BY_ZERO if \p b equals zero.
- * \return Another negative error code on different kinds of failure.
- */
-int mbedtls_mpi_div_int(mbedtls_mpi *Q, mbedtls_mpi *R, const mbedtls_mpi *A,
- mbedtls_mpi_sint b);
-
-/**
- * \brief Perform a modular reduction. R = A mod B
- *
- * \param R The destination MPI for the residue value.
- * This must point to an initialized MPI.
- * \param A The MPI to compute the residue of.
- * This must point to an initialized MPI.
- * \param B The base of the modular reduction.
- * This must point to an initialized MPI.
- *
- * \return \c 0 if successful.
- * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed.
- * \return #MBEDTLS_ERR_MPI_DIVISION_BY_ZERO if \p B equals zero.
- * \return #MBEDTLS_ERR_MPI_NEGATIVE_VALUE if \p B is negative.
- * \return Another negative error code on different kinds of failure.
- *
- */
-int mbedtls_mpi_mod_mpi(mbedtls_mpi *R, const mbedtls_mpi *A,
- const mbedtls_mpi *B);
-
-/**
- * \brief Perform a modular reduction with respect to an integer.
- * r = A mod b
- *
- * \param r The address at which to store the residue.
- * This must not be \c NULL.
- * \param A The MPI to compute the residue of.
- * This must point to an initialized MPi.
- * \param b The integer base of the modular reduction.
- *
- * \return \c 0 if successful.
- * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed.
- * \return #MBEDTLS_ERR_MPI_DIVISION_BY_ZERO if \p b equals zero.
- * \return #MBEDTLS_ERR_MPI_NEGATIVE_VALUE if \p b is negative.
- * \return Another negative error code on different kinds of failure.
- */
-int mbedtls_mpi_mod_int(mbedtls_mpi_uint *r, const mbedtls_mpi *A,
- mbedtls_mpi_sint b);
-
-/**
- * \brief Perform a sliding-window exponentiation: X = A^E mod N
- *
- * \param X The destination MPI. This must point to an initialized MPI.
- * This must not alias E or N.
- * \param A The base of the exponentiation.
- * This must point to an initialized MPI.
- * \param E The exponent MPI. This must point to an initialized MPI.
- * \param N The base for the modular reduction. This must point to an
- * initialized MPI.
- * \param prec_RR A helper MPI depending solely on \p N which can be used to
- * speed-up multiple modular exponentiations for the same value
- * of \p N. This may be \c NULL. If it is not \c NULL, it must
- * point to an initialized MPI. If it hasn't been used after
- * the call to mbedtls_mpi_init(), this function will compute
- * the helper value and store it in \p prec_RR for reuse on
- * subsequent calls to this function. Otherwise, the function
- * will assume that \p prec_RR holds the helper value set by a
- * previous call to mbedtls_mpi_exp_mod(), and reuse it.
- *
- * \return \c 0 if successful.
- * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed.
- * \return #MBEDTLS_ERR_MPI_BAD_INPUT_DATA if \c N is negative or
- * even, or if \c E is negative.
- * \return Another negative error code on different kinds of failures.
- *
- */
-int mbedtls_mpi_exp_mod(mbedtls_mpi *X, const mbedtls_mpi *A,
- const mbedtls_mpi *E, const mbedtls_mpi *N,
- mbedtls_mpi *prec_RR);
-
-/**
- * \brief Fill an MPI with a number of random bytes.
- *
- * \param X The destination MPI. This must point to an initialized MPI.
- * \param size The number of random bytes to generate.
- * \param f_rng The RNG function to use. This must not be \c NULL.
- * \param p_rng The RNG parameter to be passed to \p f_rng. This may be
- * \c NULL if \p f_rng doesn't need a context argument.
- *
- * \return \c 0 if successful.
- * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed.
- * \return Another negative error code on failure.
- *
- * \note The bytes obtained from the RNG are interpreted
- * as a big-endian representation of an MPI; this can
- * be relevant in applications like deterministic ECDSA.
- */
-int mbedtls_mpi_fill_random(mbedtls_mpi *X, size_t size,
- int (*f_rng)(void *, unsigned char *, size_t),
- void *p_rng);
-
-/** Generate a random number uniformly in a range.
- *
- * This function generates a random number between \p min inclusive and
- * \p N exclusive.
- *
- * The procedure complies with RFC 6979 §3.3 (deterministic ECDSA)
- * when the RNG is a suitably parametrized instance of HMAC_DRBG
- * and \p min is \c 1.
- *
- * \note There are `N - min` possible outputs. The lower bound
- * \p min can be reached, but the upper bound \p N cannot.
- *
- * \param X The destination MPI. This must point to an initialized MPI.
- * \param min The minimum value to return.
- * It must be nonnegative.
- * \param N The upper bound of the range, exclusive.
- * In other words, this is one plus the maximum value to return.
- * \p N must be strictly larger than \p min.
- * \param f_rng The RNG function to use. This must not be \c NULL.
- * \param p_rng The RNG parameter to be passed to \p f_rng.
- *
- * \return \c 0 if successful.
- * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed.
- * \return #MBEDTLS_ERR_MPI_BAD_INPUT_DATA if \p min or \p N is invalid
- * or if they are incompatible.
- * \return #MBEDTLS_ERR_MPI_NOT_ACCEPTABLE if the implementation was
- * unable to find a suitable value within a limited number
- * of attempts. This has a negligible probability if \p N
- * is significantly larger than \p min, which is the case
- * for all usual cryptographic applications.
- * \return Another negative error code on failure.
- */
-int mbedtls_mpi_random(mbedtls_mpi *X,
- mbedtls_mpi_sint min,
- const mbedtls_mpi *N,
- int (*f_rng)(void *, unsigned char *, size_t),
- void *p_rng);
-
-/**
- * \brief Compute the greatest common divisor: G = gcd(A, B)
- *
- * \param G The destination MPI. This must point to an initialized MPI.
- * \param A The first operand. This must point to an initialized MPI.
- * \param B The second operand. This must point to an initialized MPI.
- *
- * \return \c 0 if successful.
- * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed.
- * \return Another negative error code on different kinds of failure.
- */
-int mbedtls_mpi_gcd(mbedtls_mpi *G, const mbedtls_mpi *A,
- const mbedtls_mpi *B);
-
-/**
- * \brief Compute the modular inverse: X = A^-1 mod N
- *
- * \param X The destination MPI. This must point to an initialized MPI.
- * \param A The MPI to calculate the modular inverse of. This must point
- * to an initialized MPI.
- * \param N The base of the modular inversion. This must point to an
- * initialized MPI.
- *
- * \return \c 0 if successful.
- * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed.
- * \return #MBEDTLS_ERR_MPI_BAD_INPUT_DATA if \p N is less than
- * or equal to one.
- * \return #MBEDTLS_ERR_MPI_NOT_ACCEPTABLE if \p A has no modular
- * inverse with respect to \p N.
- */
-int mbedtls_mpi_inv_mod(mbedtls_mpi *X, const mbedtls_mpi *A,
- const mbedtls_mpi *N);
-
-/**
- * \brief Miller-Rabin primality test.
- *
- * \warning If \p X is potentially generated by an adversary, for example
- * when validating cryptographic parameters that you didn't
- * generate yourself and that are supposed to be prime, then
- * \p rounds should be at least the half of the security
- * strength of the cryptographic algorithm. On the other hand,
- * if \p X is chosen uniformly or non-adversarially (as is the
- * case when mbedtls_mpi_gen_prime calls this function), then
- * \p rounds can be much lower.
- *
- * \param X The MPI to check for primality.
- * This must point to an initialized MPI.
- * \param rounds The number of bases to perform the Miller-Rabin primality
- * test for. The probability of returning 0 on a composite is
- * at most 2-2*\p rounds .
- * \param f_rng The RNG function to use. This must not be \c NULL.
- * \param p_rng The RNG parameter to be passed to \p f_rng.
- * This may be \c NULL if \p f_rng doesn't use
- * a context parameter.
- *
- * \return \c 0 if successful, i.e. \p X is probably prime.
- * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed.
- * \return #MBEDTLS_ERR_MPI_NOT_ACCEPTABLE if \p X is not prime.
- * \return Another negative error code on other kinds of failure.
- */
-int mbedtls_mpi_is_prime_ext(const mbedtls_mpi *X, int rounds,
- int (*f_rng)(void *, unsigned char *, size_t),
- void *p_rng);
-/**
- * \brief Flags for mbedtls_mpi_gen_prime()
- *
- * Each of these flags is a constraint on the result X returned by
- * mbedtls_mpi_gen_prime().
- */
-typedef enum {
- MBEDTLS_MPI_GEN_PRIME_FLAG_DH = 0x0001, /**< (X-1)/2 is prime too */
- MBEDTLS_MPI_GEN_PRIME_FLAG_LOW_ERR = 0x0002, /**< lower error rate from 2-80 to 2-128 */
-} mbedtls_mpi_gen_prime_flag_t;
-
-/**
- * \brief Generate a prime number.
- *
- * \param X The destination MPI to store the generated prime in.
- * This must point to an initialized MPi.
- * \param nbits The required size of the destination MPI in bits.
- * This must be between \c 3 and #MBEDTLS_MPI_MAX_BITS.
- * \param flags A mask of flags of type #mbedtls_mpi_gen_prime_flag_t.
- * \param f_rng The RNG function to use. This must not be \c NULL.
- * \param p_rng The RNG parameter to be passed to \p f_rng.
- * This may be \c NULL if \p f_rng doesn't use
- * a context parameter.
- *
- * \return \c 0 if successful, in which case \p X holds a
- * probably prime number.
- * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed.
- * \return #MBEDTLS_ERR_MPI_BAD_INPUT_DATA if `nbits` is not between
- * \c 3 and #MBEDTLS_MPI_MAX_BITS.
- */
-int mbedtls_mpi_gen_prime(mbedtls_mpi *X, size_t nbits, int flags,
- int (*f_rng)(void *, unsigned char *, size_t),
- void *p_rng);
-
-#if defined(MBEDTLS_SELF_TEST)
-
-/**
- * \brief Checkup routine
- *
- * \return 0 if successful, or 1 if the test failed
- */
-int mbedtls_mpi_self_test(int verbose);
-
-#endif /* MBEDTLS_SELF_TEST */
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* bignum.h */
diff --git a/include/mbedtls/build_info.h b/include/mbedtls/build_info.h
index c348d88..8242ec6 100644
--- a/include/mbedtls/build_info.h
+++ b/include/mbedtls/build_info.h
@@ -26,16 +26,16 @@
*/
#define MBEDTLS_VERSION_MAJOR 3
#define MBEDTLS_VERSION_MINOR 6
-#define MBEDTLS_VERSION_PATCH 0
+#define MBEDTLS_VERSION_PATCH 1
/**
* The single version number has the following structure:
* MMNNPP00
* Major version | Minor version | Patch version
*/
-#define MBEDTLS_VERSION_NUMBER 0x03060000
-#define MBEDTLS_VERSION_STRING "3.6.0"
-#define MBEDTLS_VERSION_STRING_FULL "Mbed TLS 3.6.0"
+#define MBEDTLS_VERSION_NUMBER 0x03060100
+#define MBEDTLS_VERSION_STRING "3.6.1"
+#define MBEDTLS_VERSION_STRING_FULL "Mbed TLS 3.6.1"
/* Macros for build-time platform detection */
@@ -101,6 +101,13 @@
#define inline __inline
#endif
+#if defined(MBEDTLS_CONFIG_FILES_READ)
+#error "Something went wrong: MBEDTLS_CONFIG_FILES_READ defined before reading the config files!"
+#endif
+#if defined(MBEDTLS_CONFIG_IS_FINALIZED)
+#error "Something went wrong: MBEDTLS_CONFIG_IS_FINALIZED defined before reading the config files!"
+#endif
+
/* X.509, TLS and non-PSA crypto configuration */
#if !defined(MBEDTLS_CONFIG_FILE)
#include "mbedtls/mbedtls_config.h"
@@ -135,6 +142,12 @@
#endif
#endif /* defined(MBEDTLS_PSA_CRYPTO_CONFIG) */
+/* Indicate that all configuration files have been read.
+ * It is now time to adjust the configuration (follow through on dependencies,
+ * make PSA and legacy crypto consistent, etc.).
+ */
+#define MBEDTLS_CONFIG_FILES_READ
+
/* Auto-enable MBEDTLS_CTR_DRBG_USE_128_BIT_KEY if
* MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH and MBEDTLS_CTR_DRBG_C defined
* to ensure a 128-bit key size in CTR_DRBG.
@@ -163,4 +176,19 @@
#include "mbedtls/config_psa.h"
#endif
+#include "mbedtls/config_adjust_legacy_crypto.h"
+
+#include "mbedtls/config_adjust_x509.h"
+
+#include "mbedtls/config_adjust_ssl.h"
+
+/* Indicate that all configuration symbols are set,
+ * even the ones that are calculated programmatically.
+ * It is now safe to query the configuration (to check it, to size buffers,
+ * etc.).
+ */
+#define MBEDTLS_CONFIG_IS_FINALIZED
+
+#include "mbedtls/check_config.h"
+
#endif /* MBEDTLS_BUILD_INFO_H */
diff --git a/include/mbedtls/cipher.h b/include/mbedtls/cipher.h
deleted file mode 100644
index 1dc31c9..0000000
--- a/include/mbedtls/cipher.h
+++ /dev/null
@@ -1,1173 +0,0 @@
-/**
- * \file cipher.h
- *
- * \brief This file contains an abstraction interface for use with the cipher
- * primitives provided by the library. It provides a common interface to all of
- * the available cipher operations.
- *
- * \author Adriaan de Jong
- */
-/*
- * Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
- */
-
-#ifndef MBEDTLS_CIPHER_H
-#define MBEDTLS_CIPHER_H
-#include "mbedtls/private_access.h"
-
-#include "mbedtls/build_info.h"
-
-#include
-#include "mbedtls/platform_util.h"
-
-#if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CCM_C) || defined(MBEDTLS_CHACHAPOLY_C)
-#define MBEDTLS_CIPHER_MODE_AEAD
-#endif
-
-#if defined(MBEDTLS_CIPHER_MODE_CBC)
-#define MBEDTLS_CIPHER_MODE_WITH_PADDING
-#endif
-
-#if defined(MBEDTLS_CIPHER_NULL_CIPHER) || \
- defined(MBEDTLS_CHACHA20_C)
-#define MBEDTLS_CIPHER_MODE_STREAM
-#endif
-
-/** The selected feature is not available. */
-#define MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE -0x6080
-/** Bad input parameters. */
-#define MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA -0x6100
-/** Failed to allocate memory. */
-#define MBEDTLS_ERR_CIPHER_ALLOC_FAILED -0x6180
-/** Input data contains invalid padding and is rejected. */
-#define MBEDTLS_ERR_CIPHER_INVALID_PADDING -0x6200
-/** Decryption of block requires a full block. */
-#define MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED -0x6280
-/** Authentication failed (for AEAD modes). */
-#define MBEDTLS_ERR_CIPHER_AUTH_FAILED -0x6300
-/** The context is invalid. For example, because it was freed. */
-#define MBEDTLS_ERR_CIPHER_INVALID_CONTEXT -0x6380
-
-#define MBEDTLS_CIPHER_VARIABLE_IV_LEN 0x01 /**< Cipher accepts IVs of variable length. */
-#define MBEDTLS_CIPHER_VARIABLE_KEY_LEN 0x02 /**< Cipher accepts keys of variable length. */
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/**
- * \brief Supported cipher types.
- *
- * \warning DES/3DES are considered weak ciphers and their use
- * constitutes a security risk. We recommend considering stronger
- * ciphers instead.
- */
-typedef enum {
- MBEDTLS_CIPHER_ID_NONE = 0, /**< Placeholder to mark the end of cipher ID lists. */
- MBEDTLS_CIPHER_ID_NULL, /**< The identity cipher, treated as a stream cipher. */
- MBEDTLS_CIPHER_ID_AES, /**< The AES cipher. */
- MBEDTLS_CIPHER_ID_DES, /**< The DES cipher. \warning DES is considered weak. */
- MBEDTLS_CIPHER_ID_3DES, /**< The Triple DES cipher. \warning 3DES is considered weak. */
- MBEDTLS_CIPHER_ID_CAMELLIA, /**< The Camellia cipher. */
- MBEDTLS_CIPHER_ID_ARIA, /**< The Aria cipher. */
- MBEDTLS_CIPHER_ID_CHACHA20, /**< The ChaCha20 cipher. */
-} mbedtls_cipher_id_t;
-
-/**
- * \brief Supported {cipher type, cipher mode} pairs.
- *
- * \warning DES/3DES are considered weak ciphers and their use
- * constitutes a security risk. We recommend considering stronger
- * ciphers instead.
- */
-typedef enum {
- MBEDTLS_CIPHER_NONE = 0, /**< Placeholder to mark the end of cipher-pair lists. */
- MBEDTLS_CIPHER_NULL, /**< The identity stream cipher. */
- MBEDTLS_CIPHER_AES_128_ECB, /**< AES cipher with 128-bit ECB mode. */
- MBEDTLS_CIPHER_AES_192_ECB, /**< AES cipher with 192-bit ECB mode. */
- MBEDTLS_CIPHER_AES_256_ECB, /**< AES cipher with 256-bit ECB mode. */
- MBEDTLS_CIPHER_AES_128_CBC, /**< AES cipher with 128-bit CBC mode. */
- MBEDTLS_CIPHER_AES_192_CBC, /**< AES cipher with 192-bit CBC mode. */
- MBEDTLS_CIPHER_AES_256_CBC, /**< AES cipher with 256-bit CBC mode. */
- MBEDTLS_CIPHER_AES_128_CFB128, /**< AES cipher with 128-bit CFB128 mode. */
- MBEDTLS_CIPHER_AES_192_CFB128, /**< AES cipher with 192-bit CFB128 mode. */
- MBEDTLS_CIPHER_AES_256_CFB128, /**< AES cipher with 256-bit CFB128 mode. */
- MBEDTLS_CIPHER_AES_128_CTR, /**< AES cipher with 128-bit CTR mode. */
- MBEDTLS_CIPHER_AES_192_CTR, /**< AES cipher with 192-bit CTR mode. */
- MBEDTLS_CIPHER_AES_256_CTR, /**< AES cipher with 256-bit CTR mode. */
- MBEDTLS_CIPHER_AES_128_GCM, /**< AES cipher with 128-bit GCM mode. */
- MBEDTLS_CIPHER_AES_192_GCM, /**< AES cipher with 192-bit GCM mode. */
- MBEDTLS_CIPHER_AES_256_GCM, /**< AES cipher with 256-bit GCM mode. */
- MBEDTLS_CIPHER_CAMELLIA_128_ECB, /**< Camellia cipher with 128-bit ECB mode. */
- MBEDTLS_CIPHER_CAMELLIA_192_ECB, /**< Camellia cipher with 192-bit ECB mode. */
- MBEDTLS_CIPHER_CAMELLIA_256_ECB, /**< Camellia cipher with 256-bit ECB mode. */
- MBEDTLS_CIPHER_CAMELLIA_128_CBC, /**< Camellia cipher with 128-bit CBC mode. */
- MBEDTLS_CIPHER_CAMELLIA_192_CBC, /**< Camellia cipher with 192-bit CBC mode. */
- MBEDTLS_CIPHER_CAMELLIA_256_CBC, /**< Camellia cipher with 256-bit CBC mode. */
- MBEDTLS_CIPHER_CAMELLIA_128_CFB128, /**< Camellia cipher with 128-bit CFB128 mode. */
- MBEDTLS_CIPHER_CAMELLIA_192_CFB128, /**< Camellia cipher with 192-bit CFB128 mode. */
- MBEDTLS_CIPHER_CAMELLIA_256_CFB128, /**< Camellia cipher with 256-bit CFB128 mode. */
- MBEDTLS_CIPHER_CAMELLIA_128_CTR, /**< Camellia cipher with 128-bit CTR mode. */
- MBEDTLS_CIPHER_CAMELLIA_192_CTR, /**< Camellia cipher with 192-bit CTR mode. */
- MBEDTLS_CIPHER_CAMELLIA_256_CTR, /**< Camellia cipher with 256-bit CTR mode. */
- MBEDTLS_CIPHER_CAMELLIA_128_GCM, /**< Camellia cipher with 128-bit GCM mode. */
- MBEDTLS_CIPHER_CAMELLIA_192_GCM, /**< Camellia cipher with 192-bit GCM mode. */
- MBEDTLS_CIPHER_CAMELLIA_256_GCM, /**< Camellia cipher with 256-bit GCM mode. */
- MBEDTLS_CIPHER_DES_ECB, /**< DES cipher with ECB mode. \warning DES is considered weak. */
- MBEDTLS_CIPHER_DES_CBC, /**< DES cipher with CBC mode. \warning DES is considered weak. */
- MBEDTLS_CIPHER_DES_EDE_ECB, /**< DES cipher with EDE ECB mode. \warning 3DES is considered weak. */
- MBEDTLS_CIPHER_DES_EDE_CBC, /**< DES cipher with EDE CBC mode. \warning 3DES is considered weak. */
- MBEDTLS_CIPHER_DES_EDE3_ECB, /**< DES cipher with EDE3 ECB mode. \warning 3DES is considered weak. */
- MBEDTLS_CIPHER_DES_EDE3_CBC, /**< DES cipher with EDE3 CBC mode. \warning 3DES is considered weak. */
- MBEDTLS_CIPHER_AES_128_CCM, /**< AES cipher with 128-bit CCM mode. */
- MBEDTLS_CIPHER_AES_192_CCM, /**< AES cipher with 192-bit CCM mode. */
- MBEDTLS_CIPHER_AES_256_CCM, /**< AES cipher with 256-bit CCM mode. */
- MBEDTLS_CIPHER_AES_128_CCM_STAR_NO_TAG, /**< AES cipher with 128-bit CCM_STAR_NO_TAG mode. */
- MBEDTLS_CIPHER_AES_192_CCM_STAR_NO_TAG, /**< AES cipher with 192-bit CCM_STAR_NO_TAG mode. */
- MBEDTLS_CIPHER_AES_256_CCM_STAR_NO_TAG, /**< AES cipher with 256-bit CCM_STAR_NO_TAG mode. */
- MBEDTLS_CIPHER_CAMELLIA_128_CCM, /**< Camellia cipher with 128-bit CCM mode. */
- MBEDTLS_CIPHER_CAMELLIA_192_CCM, /**< Camellia cipher with 192-bit CCM mode. */
- MBEDTLS_CIPHER_CAMELLIA_256_CCM, /**< Camellia cipher with 256-bit CCM mode. */
- MBEDTLS_CIPHER_CAMELLIA_128_CCM_STAR_NO_TAG, /**< Camellia cipher with 128-bit CCM_STAR_NO_TAG mode. */
- MBEDTLS_CIPHER_CAMELLIA_192_CCM_STAR_NO_TAG, /**< Camellia cipher with 192-bit CCM_STAR_NO_TAG mode. */
- MBEDTLS_CIPHER_CAMELLIA_256_CCM_STAR_NO_TAG, /**< Camellia cipher with 256-bit CCM_STAR_NO_TAG mode. */
- MBEDTLS_CIPHER_ARIA_128_ECB, /**< Aria cipher with 128-bit key and ECB mode. */
- MBEDTLS_CIPHER_ARIA_192_ECB, /**< Aria cipher with 192-bit key and ECB mode. */
- MBEDTLS_CIPHER_ARIA_256_ECB, /**< Aria cipher with 256-bit key and ECB mode. */
- MBEDTLS_CIPHER_ARIA_128_CBC, /**< Aria cipher with 128-bit key and CBC mode. */
- MBEDTLS_CIPHER_ARIA_192_CBC, /**< Aria cipher with 192-bit key and CBC mode. */
- MBEDTLS_CIPHER_ARIA_256_CBC, /**< Aria cipher with 256-bit key and CBC mode. */
- MBEDTLS_CIPHER_ARIA_128_CFB128, /**< Aria cipher with 128-bit key and CFB-128 mode. */
- MBEDTLS_CIPHER_ARIA_192_CFB128, /**< Aria cipher with 192-bit key and CFB-128 mode. */
- MBEDTLS_CIPHER_ARIA_256_CFB128, /**< Aria cipher with 256-bit key and CFB-128 mode. */
- MBEDTLS_CIPHER_ARIA_128_CTR, /**< Aria cipher with 128-bit key and CTR mode. */
- MBEDTLS_CIPHER_ARIA_192_CTR, /**< Aria cipher with 192-bit key and CTR mode. */
- MBEDTLS_CIPHER_ARIA_256_CTR, /**< Aria cipher with 256-bit key and CTR mode. */
- MBEDTLS_CIPHER_ARIA_128_GCM, /**< Aria cipher with 128-bit key and GCM mode. */
- MBEDTLS_CIPHER_ARIA_192_GCM, /**< Aria cipher with 192-bit key and GCM mode. */
- MBEDTLS_CIPHER_ARIA_256_GCM, /**< Aria cipher with 256-bit key and GCM mode. */
- MBEDTLS_CIPHER_ARIA_128_CCM, /**< Aria cipher with 128-bit key and CCM mode. */
- MBEDTLS_CIPHER_ARIA_192_CCM, /**< Aria cipher with 192-bit key and CCM mode. */
- MBEDTLS_CIPHER_ARIA_256_CCM, /**< Aria cipher with 256-bit key and CCM mode. */
- MBEDTLS_CIPHER_ARIA_128_CCM_STAR_NO_TAG, /**< Aria cipher with 128-bit key and CCM_STAR_NO_TAG mode. */
- MBEDTLS_CIPHER_ARIA_192_CCM_STAR_NO_TAG, /**< Aria cipher with 192-bit key and CCM_STAR_NO_TAG mode. */
- MBEDTLS_CIPHER_ARIA_256_CCM_STAR_NO_TAG, /**< Aria cipher with 256-bit key and CCM_STAR_NO_TAG mode. */
- MBEDTLS_CIPHER_AES_128_OFB, /**< AES 128-bit cipher in OFB mode. */
- MBEDTLS_CIPHER_AES_192_OFB, /**< AES 192-bit cipher in OFB mode. */
- MBEDTLS_CIPHER_AES_256_OFB, /**< AES 256-bit cipher in OFB mode. */
- MBEDTLS_CIPHER_AES_128_XTS, /**< AES 128-bit cipher in XTS block mode. */
- MBEDTLS_CIPHER_AES_256_XTS, /**< AES 256-bit cipher in XTS block mode. */
- MBEDTLS_CIPHER_CHACHA20, /**< ChaCha20 stream cipher. */
- MBEDTLS_CIPHER_CHACHA20_POLY1305, /**< ChaCha20-Poly1305 AEAD cipher. */
- MBEDTLS_CIPHER_AES_128_KW, /**< AES cipher with 128-bit NIST KW mode. */
- MBEDTLS_CIPHER_AES_192_KW, /**< AES cipher with 192-bit NIST KW mode. */
- MBEDTLS_CIPHER_AES_256_KW, /**< AES cipher with 256-bit NIST KW mode. */
- MBEDTLS_CIPHER_AES_128_KWP, /**< AES cipher with 128-bit NIST KWP mode. */
- MBEDTLS_CIPHER_AES_192_KWP, /**< AES cipher with 192-bit NIST KWP mode. */
- MBEDTLS_CIPHER_AES_256_KWP, /**< AES cipher with 256-bit NIST KWP mode. */
-} mbedtls_cipher_type_t;
-
-/** Supported cipher modes. */
-typedef enum {
- MBEDTLS_MODE_NONE = 0, /**< None. */
- MBEDTLS_MODE_ECB, /**< The ECB cipher mode. */
- MBEDTLS_MODE_CBC, /**< The CBC cipher mode. */
- MBEDTLS_MODE_CFB, /**< The CFB cipher mode. */
- MBEDTLS_MODE_OFB, /**< The OFB cipher mode. */
- MBEDTLS_MODE_CTR, /**< The CTR cipher mode. */
- MBEDTLS_MODE_GCM, /**< The GCM cipher mode. */
- MBEDTLS_MODE_STREAM, /**< The stream cipher mode. */
- MBEDTLS_MODE_CCM, /**< The CCM cipher mode. */
- MBEDTLS_MODE_CCM_STAR_NO_TAG, /**< The CCM*-no-tag cipher mode. */
- MBEDTLS_MODE_XTS, /**< The XTS cipher mode. */
- MBEDTLS_MODE_CHACHAPOLY, /**< The ChaCha-Poly cipher mode. */
- MBEDTLS_MODE_KW, /**< The SP800-38F KW mode */
- MBEDTLS_MODE_KWP, /**< The SP800-38F KWP mode */
-} mbedtls_cipher_mode_t;
-
-/** Supported cipher padding types. */
-typedef enum {
- MBEDTLS_PADDING_PKCS7 = 0, /**< PKCS7 padding (default). */
- MBEDTLS_PADDING_ONE_AND_ZEROS, /**< ISO/IEC 7816-4 padding. */
- MBEDTLS_PADDING_ZEROS_AND_LEN, /**< ANSI X.923 padding. */
- MBEDTLS_PADDING_ZEROS, /**< Zero padding (not reversible). */
- MBEDTLS_PADDING_NONE, /**< Never pad (full blocks only). */
-} mbedtls_cipher_padding_t;
-
-/** Type of operation. */
-typedef enum {
- MBEDTLS_OPERATION_NONE = -1,
- MBEDTLS_DECRYPT = 0,
- MBEDTLS_ENCRYPT,
-} mbedtls_operation_t;
-
-enum {
- /** Undefined key length. */
- MBEDTLS_KEY_LENGTH_NONE = 0,
- /** Key length, in bits (including parity), for DES keys. \warning DES is considered weak. */
- MBEDTLS_KEY_LENGTH_DES = 64,
- /** Key length in bits, including parity, for DES in two-key EDE. \warning 3DES is considered weak. */
- MBEDTLS_KEY_LENGTH_DES_EDE = 128,
- /** Key length in bits, including parity, for DES in three-key EDE. \warning 3DES is considered weak. */
- MBEDTLS_KEY_LENGTH_DES_EDE3 = 192,
-};
-
-/** Maximum length of any IV, in Bytes. */
-/* This should ideally be derived automatically from list of ciphers.
- * This should be kept in sync with MBEDTLS_SSL_MAX_IV_LENGTH defined
- * in library/ssl_misc.h. */
-#define MBEDTLS_MAX_IV_LENGTH 16
-
-/** Maximum block size of any cipher, in Bytes. */
-/* This should ideally be derived automatically from list of ciphers.
- * This should be kept in sync with MBEDTLS_SSL_MAX_BLOCK_LENGTH defined
- * in library/ssl_misc.h. */
-#define MBEDTLS_MAX_BLOCK_LENGTH 16
-
-/** Maximum key length, in Bytes. */
-/* This should ideally be derived automatically from list of ciphers.
- * For now, only check whether XTS is enabled which uses 64 Byte keys,
- * and use 32 Bytes as an upper bound for the maximum key length otherwise.
- * This should be kept in sync with MBEDTLS_SSL_MAX_BLOCK_LENGTH defined
- * in library/ssl_misc.h, which however deliberately ignores the case of XTS
- * since the latter isn't used in SSL/TLS. */
-#if defined(MBEDTLS_CIPHER_MODE_XTS)
-#define MBEDTLS_MAX_KEY_LENGTH 64
-#else
-#define MBEDTLS_MAX_KEY_LENGTH 32
-#endif /* MBEDTLS_CIPHER_MODE_XTS */
-
-/**
- * Base cipher information (opaque struct).
- */
-typedef struct mbedtls_cipher_base_t mbedtls_cipher_base_t;
-
-/**
- * CMAC context (opaque struct).
- */
-typedef struct mbedtls_cmac_context_t mbedtls_cmac_context_t;
-
-/**
- * Cipher information. Allows calling cipher functions
- * in a generic way.
- *
- * \note The library does not support custom cipher info structures,
- * only built-in structures returned by the functions
- * mbedtls_cipher_info_from_string(),
- * mbedtls_cipher_info_from_type(),
- * mbedtls_cipher_info_from_values(),
- * mbedtls_cipher_info_from_psa().
- *
- * \note Some fields store a value that has been right-shifted to save
- * code-size, so should not be used directly. The accessor
- * functions adjust for this and return the "natural" value.
- */
-typedef struct mbedtls_cipher_info_t {
- /** Name of the cipher. */
- const char *MBEDTLS_PRIVATE(name);
-
- /** The block size, in bytes. */
- unsigned int MBEDTLS_PRIVATE(block_size) : 5;
-
- /** IV or nonce size, in bytes (right shifted by #MBEDTLS_IV_SIZE_SHIFT).
- * For ciphers that accept variable IV sizes,
- * this is the recommended size.
- */
- unsigned int MBEDTLS_PRIVATE(iv_size) : 3;
-
- /** The cipher key length, in bits (right shifted by #MBEDTLS_KEY_BITLEN_SHIFT).
- * This is the default length for variable sized ciphers.
- * Includes parity bits for ciphers like DES.
- */
- unsigned int MBEDTLS_PRIVATE(key_bitlen) : 4;
-
- /** The cipher mode (as per mbedtls_cipher_mode_t).
- * For example, MBEDTLS_MODE_CBC.
- */
- unsigned int MBEDTLS_PRIVATE(mode) : 4;
-
- /** Full cipher identifier (as per mbedtls_cipher_type_t).
- * For example, MBEDTLS_CIPHER_AES_256_CBC.
- *
- * This could be 7 bits, but 8 bits retains byte alignment for the
- * next field, which reduces code size to access that field.
- */
- unsigned int MBEDTLS_PRIVATE(type) : 8;
-
- /** Bitflag comprised of MBEDTLS_CIPHER_VARIABLE_IV_LEN and
- * MBEDTLS_CIPHER_VARIABLE_KEY_LEN indicating whether the
- * cipher supports variable IV or variable key sizes, respectively.
- */
- unsigned int MBEDTLS_PRIVATE(flags) : 2;
-
- /** Index to LUT for base cipher information and functions. */
- unsigned int MBEDTLS_PRIVATE(base_idx) : 5;
-
-} mbedtls_cipher_info_t;
-
-/* For internal use only.
- * These are used to more compactly represent the fields above. */
-#define MBEDTLS_KEY_BITLEN_SHIFT 6
-#define MBEDTLS_IV_SIZE_SHIFT 2
-/**
- * Generic cipher context.
- */
-typedef struct mbedtls_cipher_context_t {
- /** Information about the associated cipher. */
- const mbedtls_cipher_info_t *MBEDTLS_PRIVATE(cipher_info);
-
- /** Key length to use. */
- int MBEDTLS_PRIVATE(key_bitlen);
-
- /** Operation that the key of the context has been
- * initialized for.
- */
- mbedtls_operation_t MBEDTLS_PRIVATE(operation);
-
-#if defined(MBEDTLS_CIPHER_MODE_WITH_PADDING)
- /** Padding functions to use, if relevant for
- * the specific cipher mode.
- */
- void(*MBEDTLS_PRIVATE(add_padding))(unsigned char *output, size_t olen, size_t data_len);
- int(*MBEDTLS_PRIVATE(get_padding))(unsigned char *input, size_t ilen, size_t *data_len);
-#endif
-
- /** Buffer for input that has not been processed yet. */
- unsigned char MBEDTLS_PRIVATE(unprocessed_data)[MBEDTLS_MAX_BLOCK_LENGTH];
-
- /** Number of Bytes that have not been processed yet. */
- size_t MBEDTLS_PRIVATE(unprocessed_len);
-
- /** Current IV or NONCE_COUNTER for CTR-mode, data unit (or sector) number
- * for XTS-mode. */
- unsigned char MBEDTLS_PRIVATE(iv)[MBEDTLS_MAX_IV_LENGTH];
-
- /** IV size in Bytes, for ciphers with variable-length IVs. */
- size_t MBEDTLS_PRIVATE(iv_size);
-
- /** The cipher-specific context. */
- void *MBEDTLS_PRIVATE(cipher_ctx);
-
-#if defined(MBEDTLS_CMAC_C)
- /** CMAC-specific context. */
- mbedtls_cmac_context_t *MBEDTLS_PRIVATE(cmac_ctx);
-#endif
-
-#if defined(MBEDTLS_USE_PSA_CRYPTO) && !defined(MBEDTLS_DEPRECATED_REMOVED)
- /** Indicates whether the cipher operations should be performed
- * by Mbed TLS' own crypto library or an external implementation
- * of the PSA Crypto API.
- * This is unset if the cipher context was established through
- * mbedtls_cipher_setup(), and set if it was established through
- * mbedtls_cipher_setup_psa().
- */
- unsigned char MBEDTLS_PRIVATE(psa_enabled);
-#endif /* MBEDTLS_USE_PSA_CRYPTO && !MBEDTLS_DEPRECATED_REMOVED */
-
-} mbedtls_cipher_context_t;
-
-/**
- * \brief This function retrieves the list of ciphers supported
- * by the generic cipher module.
- *
- * For any cipher identifier in the returned list, you can
- * obtain the corresponding generic cipher information structure
- * via mbedtls_cipher_info_from_type(), which can then be used
- * to prepare a cipher context via mbedtls_cipher_setup().
- *
- *
- * \return A statically-allocated array of cipher identifiers
- * of type cipher_type_t. The last entry is zero.
- */
-const int *mbedtls_cipher_list(void);
-
-/**
- * \brief This function retrieves the cipher-information
- * structure associated with the given cipher name.
- *
- * \param cipher_name Name of the cipher to search for. This must not be
- * \c NULL.
- *
- * \return The cipher information structure associated with the
- * given \p cipher_name.
- * \return \c NULL if the associated cipher information is not found.
- */
-const mbedtls_cipher_info_t *mbedtls_cipher_info_from_string(const char *cipher_name);
-
-/**
- * \brief This function retrieves the cipher-information
- * structure associated with the given cipher type.
- *
- * \param cipher_type Type of the cipher to search for.
- *
- * \return The cipher information structure associated with the
- * given \p cipher_type.
- * \return \c NULL if the associated cipher information is not found.
- */
-const mbedtls_cipher_info_t *mbedtls_cipher_info_from_type(const mbedtls_cipher_type_t cipher_type);
-
-/**
- * \brief This function retrieves the cipher-information
- * structure associated with the given cipher ID,
- * key size and mode.
- *
- * \param cipher_id The ID of the cipher to search for. For example,
- * #MBEDTLS_CIPHER_ID_AES.
- * \param key_bitlen The length of the key in bits.
- * \param mode The cipher mode. For example, #MBEDTLS_MODE_CBC.
- *
- * \return The cipher information structure associated with the
- * given \p cipher_id.
- * \return \c NULL if the associated cipher information is not found.
- */
-const mbedtls_cipher_info_t *mbedtls_cipher_info_from_values(const mbedtls_cipher_id_t cipher_id,
- int key_bitlen,
- const mbedtls_cipher_mode_t mode);
-
-/**
- * \brief Retrieve the identifier for a cipher info structure.
- *
- * \param[in] info The cipher info structure to query.
- * This may be \c NULL.
- *
- * \return The full cipher identifier (\c MBEDTLS_CIPHER_xxx).
- * \return #MBEDTLS_CIPHER_NONE if \p info is \c NULL.
- */
-static inline mbedtls_cipher_type_t mbedtls_cipher_info_get_type(
- const mbedtls_cipher_info_t *info)
-{
- if (info == NULL) {
- return MBEDTLS_CIPHER_NONE;
- } else {
- return (mbedtls_cipher_type_t) info->MBEDTLS_PRIVATE(type);
- }
-}
-
-/**
- * \brief Retrieve the operation mode for a cipher info structure.
- *
- * \param[in] info The cipher info structure to query.
- * This may be \c NULL.
- *
- * \return The cipher mode (\c MBEDTLS_MODE_xxx).
- * \return #MBEDTLS_MODE_NONE if \p info is \c NULL.
- */
-static inline mbedtls_cipher_mode_t mbedtls_cipher_info_get_mode(
- const mbedtls_cipher_info_t *info)
-{
- if (info == NULL) {
- return MBEDTLS_MODE_NONE;
- } else {
- return (mbedtls_cipher_mode_t) info->MBEDTLS_PRIVATE(mode);
- }
-}
-
-/**
- * \brief Retrieve the key size for a cipher info structure.
- *
- * \param[in] info The cipher info structure to query.
- * This may be \c NULL.
- *
- * \return The key length in bits.
- * For variable-sized ciphers, this is the default length.
- * For DES, this includes the parity bits.
- * \return \c 0 if \p info is \c NULL.
- */
-static inline size_t mbedtls_cipher_info_get_key_bitlen(
- const mbedtls_cipher_info_t *info)
-{
- if (info == NULL) {
- return 0;
- } else {
- return ((size_t) info->MBEDTLS_PRIVATE(key_bitlen)) << MBEDTLS_KEY_BITLEN_SHIFT;
- }
-}
-
-/**
- * \brief Retrieve the human-readable name for a
- * cipher info structure.
- *
- * \param[in] info The cipher info structure to query.
- * This may be \c NULL.
- *
- * \return The cipher name, which is a human readable string,
- * with static storage duration.
- * \return \c NULL if \p info is \c NULL.
- */
-static inline const char *mbedtls_cipher_info_get_name(
- const mbedtls_cipher_info_t *info)
-{
- if (info == NULL) {
- return NULL;
- } else {
- return info->MBEDTLS_PRIVATE(name);
- }
-}
-
-/**
- * \brief This function returns the size of the IV or nonce
- * for the cipher info structure, in bytes.
- *
- * \param info The cipher info structure. This may be \c NULL.
- *
- * \return The recommended IV size.
- * \return \c 0 for ciphers not using an IV or a nonce.
- * \return \c 0 if \p info is \c NULL.
- */
-static inline size_t mbedtls_cipher_info_get_iv_size(
- const mbedtls_cipher_info_t *info)
-{
- if (info == NULL) {
- return 0;
- }
-
- return ((size_t) info->MBEDTLS_PRIVATE(iv_size)) << MBEDTLS_IV_SIZE_SHIFT;
-}
-
-/**
- * \brief This function returns the block size of the given
- * cipher info structure in bytes.
- *
- * \param info The cipher info structure. This may be \c NULL.
- *
- * \return The block size of the cipher.
- * \return \c 1 if the cipher is a stream cipher.
- * \return \c 0 if \p info is \c NULL.
- */
-static inline size_t mbedtls_cipher_info_get_block_size(
- const mbedtls_cipher_info_t *info)
-{
- if (info == NULL) {
- return 0;
- }
-
- return (size_t) (info->MBEDTLS_PRIVATE(block_size));
-}
-
-/**
- * \brief This function returns a non-zero value if the key length for
- * the given cipher is variable.
- *
- * \param info The cipher info structure. This may be \c NULL.
- *
- * \return Non-zero if the key length is variable, \c 0 otherwise.
- * \return \c 0 if the given pointer is \c NULL.
- */
-static inline int mbedtls_cipher_info_has_variable_key_bitlen(
- const mbedtls_cipher_info_t *info)
-{
- if (info == NULL) {
- return 0;
- }
-
- return info->MBEDTLS_PRIVATE(flags) & MBEDTLS_CIPHER_VARIABLE_KEY_LEN;
-}
-
-/**
- * \brief This function returns a non-zero value if the IV size for
- * the given cipher is variable.
- *
- * \param info The cipher info structure. This may be \c NULL.
- *
- * \return Non-zero if the IV size is variable, \c 0 otherwise.
- * \return \c 0 if the given pointer is \c NULL.
- */
-static inline int mbedtls_cipher_info_has_variable_iv_size(
- const mbedtls_cipher_info_t *info)
-{
- if (info == NULL) {
- return 0;
- }
-
- return info->MBEDTLS_PRIVATE(flags) & MBEDTLS_CIPHER_VARIABLE_IV_LEN;
-}
-
-/**
- * \brief This function initializes a \p ctx as NONE.
- *
- * \param ctx The context to be initialized. This must not be \c NULL.
- */
-void mbedtls_cipher_init(mbedtls_cipher_context_t *ctx);
-
-/**
- * \brief This function frees and clears the cipher-specific
- * context of \p ctx. Freeing \p ctx itself remains the
- * responsibility of the caller.
- *
- * \param ctx The context to be freed. If this is \c NULL, the
- * function has no effect, otherwise this must point to an
- * initialized context.
- */
-void mbedtls_cipher_free(mbedtls_cipher_context_t *ctx);
-
-
-/**
- * \brief This function prepares a cipher context for
- * use with the given cipher primitive.
- *
- * \note After calling this function, you should call
- * mbedtls_cipher_setkey() and, if the mode uses padding,
- * mbedtls_cipher_set_padding_mode(), then for each
- * message to encrypt or decrypt with this key, either:
- * - mbedtls_cipher_crypt() for one-shot processing with
- * non-AEAD modes;
- * - mbedtls_cipher_auth_encrypt_ext() or
- * mbedtls_cipher_auth_decrypt_ext() for one-shot
- * processing with AEAD modes or NIST_KW;
- * - for multi-part processing, see the documentation of
- * mbedtls_cipher_reset().
- *
- * \param ctx The context to prepare. This must be initialized by
- * a call to mbedtls_cipher_init() first.
- * \param cipher_info The cipher to use.
- *
- * \return \c 0 on success.
- * \return #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA on
- * parameter-verification failure.
- * \return #MBEDTLS_ERR_CIPHER_ALLOC_FAILED if allocation of the
- * cipher-specific context fails.
- */
-int mbedtls_cipher_setup(mbedtls_cipher_context_t *ctx,
- const mbedtls_cipher_info_t *cipher_info);
-
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
-#if !defined(MBEDTLS_DEPRECATED_REMOVED)
-/**
- * \brief This function initializes a cipher context for
- * PSA-based use with the given cipher primitive.
- *
- * \deprecated This function is deprecated and will be removed in a
- * future version of the library.
- * Please use psa_aead_xxx() / psa_cipher_xxx() directly
- * instead.
- *
- * \note See #MBEDTLS_USE_PSA_CRYPTO for information on PSA.
- *
- * \param ctx The context to initialize. May not be \c NULL.
- * \param cipher_info The cipher to use.
- * \param taglen For AEAD ciphers, the length in bytes of the
- * authentication tag to use. Subsequent uses of
- * mbedtls_cipher_auth_encrypt_ext() or
- * mbedtls_cipher_auth_decrypt_ext() must provide
- * the same tag length.
- * For non-AEAD ciphers, the value must be \c 0.
- *
- * \return \c 0 on success.
- * \return #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA on
- * parameter-verification failure.
- * \return #MBEDTLS_ERR_CIPHER_ALLOC_FAILED if allocation of the
- * cipher-specific context fails.
- */
-int MBEDTLS_DEPRECATED mbedtls_cipher_setup_psa(mbedtls_cipher_context_t *ctx,
- const mbedtls_cipher_info_t *cipher_info,
- size_t taglen);
-#endif /* MBEDTLS_DEPRECATED_REMOVED */
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
-
-/**
- * \brief This function returns the block size of the given cipher
- * in bytes.
- *
- * \param ctx The context of the cipher.
- *
- * \return The block size of the underlying cipher.
- * \return \c 1 if the cipher is a stream cipher.
- * \return \c 0 if \p ctx has not been initialized.
- */
-static inline unsigned int mbedtls_cipher_get_block_size(
- const mbedtls_cipher_context_t *ctx)
-{
- if (ctx->MBEDTLS_PRIVATE(cipher_info) == NULL) {
- return 0;
- }
-
- return (unsigned int) ctx->MBEDTLS_PRIVATE(cipher_info)->MBEDTLS_PRIVATE(block_size);
-}
-
-/**
- * \brief This function returns the mode of operation for
- * the cipher. For example, MBEDTLS_MODE_CBC.
- *
- * \param ctx The context of the cipher. This must be initialized.
- *
- * \return The mode of operation.
- * \return #MBEDTLS_MODE_NONE if \p ctx has not been initialized.
- */
-static inline mbedtls_cipher_mode_t mbedtls_cipher_get_cipher_mode(
- const mbedtls_cipher_context_t *ctx)
-{
- if (ctx->MBEDTLS_PRIVATE(cipher_info) == NULL) {
- return MBEDTLS_MODE_NONE;
- }
-
- return (mbedtls_cipher_mode_t) ctx->MBEDTLS_PRIVATE(cipher_info)->MBEDTLS_PRIVATE(mode);
-}
-
-/**
- * \brief This function returns the size of the IV or nonce
- * of the cipher, in Bytes.
- *
- * \param ctx The context of the cipher. This must be initialized.
- *
- * \return The recommended IV size if no IV has been set.
- * \return \c 0 for ciphers not using an IV or a nonce.
- * \return The actual size if an IV has been set.
- */
-static inline int mbedtls_cipher_get_iv_size(
- const mbedtls_cipher_context_t *ctx)
-{
- if (ctx->MBEDTLS_PRIVATE(cipher_info) == NULL) {
- return 0;
- }
-
- if (ctx->MBEDTLS_PRIVATE(iv_size) != 0) {
- return (int) ctx->MBEDTLS_PRIVATE(iv_size);
- }
-
- return (int) (((int) ctx->MBEDTLS_PRIVATE(cipher_info)->MBEDTLS_PRIVATE(iv_size)) <<
- MBEDTLS_IV_SIZE_SHIFT);
-}
-
-/**
- * \brief This function returns the type of the given cipher.
- *
- * \param ctx The context of the cipher. This must be initialized.
- *
- * \return The type of the cipher.
- * \return #MBEDTLS_CIPHER_NONE if \p ctx has not been initialized.
- */
-static inline mbedtls_cipher_type_t mbedtls_cipher_get_type(
- const mbedtls_cipher_context_t *ctx)
-{
- if (ctx->MBEDTLS_PRIVATE(cipher_info) == NULL) {
- return MBEDTLS_CIPHER_NONE;
- }
-
- return (mbedtls_cipher_type_t) ctx->MBEDTLS_PRIVATE(cipher_info)->MBEDTLS_PRIVATE(type);
-}
-
-/**
- * \brief This function returns the name of the given cipher
- * as a string.
- *
- * \param ctx The context of the cipher. This must be initialized.
- *
- * \return The name of the cipher.
- * \return NULL if \p ctx has not been not initialized.
- */
-static inline const char *mbedtls_cipher_get_name(
- const mbedtls_cipher_context_t *ctx)
-{
- if (ctx->MBEDTLS_PRIVATE(cipher_info) == NULL) {
- return 0;
- }
-
- return ctx->MBEDTLS_PRIVATE(cipher_info)->MBEDTLS_PRIVATE(name);
-}
-
-/**
- * \brief This function returns the key length of the cipher.
- *
- * \param ctx The context of the cipher. This must be initialized.
- *
- * \return The key length of the cipher in bits.
- * \return #MBEDTLS_KEY_LENGTH_NONE if \p ctx has not been
- * initialized.
- */
-static inline int mbedtls_cipher_get_key_bitlen(
- const mbedtls_cipher_context_t *ctx)
-{
- if (ctx->MBEDTLS_PRIVATE(cipher_info) == NULL) {
- return MBEDTLS_KEY_LENGTH_NONE;
- }
-
- return (int) ctx->MBEDTLS_PRIVATE(cipher_info)->MBEDTLS_PRIVATE(key_bitlen) <<
- MBEDTLS_KEY_BITLEN_SHIFT;
-}
-
-/**
- * \brief This function returns the operation of the given cipher.
- *
- * \param ctx The context of the cipher. This must be initialized.
- *
- * \return The type of operation: #MBEDTLS_ENCRYPT or #MBEDTLS_DECRYPT.
- * \return #MBEDTLS_OPERATION_NONE if \p ctx has not been initialized.
- */
-static inline mbedtls_operation_t mbedtls_cipher_get_operation(
- const mbedtls_cipher_context_t *ctx)
-{
- if (ctx->MBEDTLS_PRIVATE(cipher_info) == NULL) {
- return MBEDTLS_OPERATION_NONE;
- }
-
- return ctx->MBEDTLS_PRIVATE(operation);
-}
-
-/**
- * \brief This function sets the key to use with the given context.
- *
- * \param ctx The generic cipher context. This must be initialized and
- * bound to a cipher information structure.
- * \param key The key to use. This must be a readable buffer of at
- * least \p key_bitlen Bits.
- * \param key_bitlen The key length to use, in Bits.
- * \param operation The operation that the key will be used for:
- * #MBEDTLS_ENCRYPT or #MBEDTLS_DECRYPT.
- *
- * \return \c 0 on success.
- * \return #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA on
- * parameter-verification failure.
- * \return A cipher-specific error code on failure.
- */
-int mbedtls_cipher_setkey(mbedtls_cipher_context_t *ctx,
- const unsigned char *key,
- int key_bitlen,
- const mbedtls_operation_t operation);
-
-#if defined(MBEDTLS_CIPHER_MODE_WITH_PADDING)
-/**
- * \brief This function sets the padding mode, for cipher modes
- * that use padding.
- *
- *
- * \param ctx The generic cipher context. This must be initialized and
- * bound to a cipher information structure.
- * \param mode The padding mode.
- *
- * \return \c 0 on success.
- * \return #MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE
- * if the selected padding mode is not supported.
- * \return #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA if the cipher mode
- * does not support padding.
- */
-int mbedtls_cipher_set_padding_mode(mbedtls_cipher_context_t *ctx,
- mbedtls_cipher_padding_t mode);
-#endif /* MBEDTLS_CIPHER_MODE_WITH_PADDING */
-
-/**
- * \brief This function sets the initialization vector (IV)
- * or nonce.
- *
- * \note Some ciphers do not use IVs nor nonce. For these
- * ciphers, this function has no effect.
- *
- * \note For #MBEDTLS_CIPHER_CHACHA20, the nonce length must
- * be 12, and the initial counter value is 0.
- *
- * \note For #MBEDTLS_CIPHER_CHACHA20_POLY1305, the nonce length
- * must be 12.
- *
- * \param ctx The generic cipher context. This must be initialized and
- * bound to a cipher information structure.
- * \param iv The IV to use, or NONCE_COUNTER for CTR-mode ciphers. This
- * must be a readable buffer of at least \p iv_len Bytes.
- * \param iv_len The IV length for ciphers with variable-size IV.
- * This parameter is discarded by ciphers with fixed-size IV.
- *
- * \return \c 0 on success.
- * \return #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA on
- * parameter-verification failure.
- */
-int mbedtls_cipher_set_iv(mbedtls_cipher_context_t *ctx,
- const unsigned char *iv,
- size_t iv_len);
-
-/**
- * \brief This function resets the cipher state.
- *
- * \note With non-AEAD ciphers, the order of calls for each message
- * is as follows:
- * 1. mbedtls_cipher_set_iv() if the mode uses an IV/nonce.
- * 2. mbedtls_cipher_reset()
- * 3. mbedtls_cipher_update() one or more times
- * 4. mbedtls_cipher_finish()
- * .
- * This sequence can be repeated to encrypt or decrypt multiple
- * messages with the same key.
- *
- * \note With AEAD ciphers, the order of calls for each message
- * is as follows:
- * 1. mbedtls_cipher_set_iv() if the mode uses an IV/nonce.
- * 2. mbedtls_cipher_reset()
- * 3. mbedtls_cipher_update_ad()
- * 4. mbedtls_cipher_update() one or more times
- * 5. mbedtls_cipher_finish()
- * 6. mbedtls_cipher_check_tag() (for decryption) or
- * mbedtls_cipher_write_tag() (for encryption).
- * .
- * This sequence can be repeated to encrypt or decrypt multiple
- * messages with the same key.
- *
- * \param ctx The generic cipher context. This must be bound to a key.
- *
- * \return \c 0 on success.
- * \return #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA on
- * parameter-verification failure.
- */
-int mbedtls_cipher_reset(mbedtls_cipher_context_t *ctx);
-
-#if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CHACHAPOLY_C)
-/**
- * \brief This function adds additional data for AEAD ciphers.
- * Currently supported with GCM and ChaCha20+Poly1305.
- *
- * \param ctx The generic cipher context. This must be initialized.
- * \param ad The additional data to use. This must be a readable
- * buffer of at least \p ad_len Bytes.
- * \param ad_len The length of \p ad in Bytes.
- *
- * \return \c 0 on success.
- * \return A specific error code on failure.
- */
-int mbedtls_cipher_update_ad(mbedtls_cipher_context_t *ctx,
- const unsigned char *ad, size_t ad_len);
-#endif /* MBEDTLS_GCM_C || MBEDTLS_CHACHAPOLY_C */
-
-/**
- * \brief The generic cipher update function. It encrypts or
- * decrypts using the given cipher context. Writes as
- * many block-sized blocks of data as possible to output.
- * Any data that cannot be written immediately is either
- * added to the next block, or flushed when
- * mbedtls_cipher_finish() is called.
- * Exception: For MBEDTLS_MODE_ECB, expects a single block
- * in size. For example, 16 Bytes for AES.
- *
- * \param ctx The generic cipher context. This must be initialized and
- * bound to a key.
- * \param input The buffer holding the input data. This must be a
- * readable buffer of at least \p ilen Bytes.
- * \param ilen The length of the input data.
- * \param output The buffer for the output data. This must be able to
- * hold at least `ilen + block_size`. This must not be the
- * same buffer as \p input.
- * \param olen The length of the output data, to be updated with the
- * actual number of Bytes written. This must not be
- * \c NULL.
- *
- * \return \c 0 on success.
- * \return #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA on
- * parameter-verification failure.
- * \return #MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE on an
- * unsupported mode for a cipher.
- * \return A cipher-specific error code on failure.
- */
-int mbedtls_cipher_update(mbedtls_cipher_context_t *ctx,
- const unsigned char *input,
- size_t ilen, unsigned char *output,
- size_t *olen);
-
-/**
- * \brief The generic cipher finalization function. If data still
- * needs to be flushed from an incomplete block, the data
- * contained in it is padded to the size of
- * the last block, and written to the \p output buffer.
- *
- * \param ctx The generic cipher context. This must be initialized and
- * bound to a key.
- * \param output The buffer to write data to. This needs to be a writable
- * buffer of at least block_size Bytes.
- * \param olen The length of the data written to the \p output buffer.
- * This may not be \c NULL.
- *
- * \return \c 0 on success.
- * \return #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA on
- * parameter-verification failure.
- * \return #MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED on decryption
- * expecting a full block but not receiving one.
- * \return #MBEDTLS_ERR_CIPHER_INVALID_PADDING on invalid padding
- * while decrypting.
- * \return A cipher-specific error code on failure.
- */
-int mbedtls_cipher_finish(mbedtls_cipher_context_t *ctx,
- unsigned char *output, size_t *olen);
-
-#if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CHACHAPOLY_C)
-/**
- * \brief This function writes a tag for AEAD ciphers.
- * Currently supported with GCM and ChaCha20+Poly1305.
- * This must be called after mbedtls_cipher_finish().
- *
- * \param ctx The generic cipher context. This must be initialized,
- * bound to a key, and have just completed a cipher
- * operation through mbedtls_cipher_finish() the tag for
- * which should be written.
- * \param tag The buffer to write the tag to. This must be a writable
- * buffer of at least \p tag_len Bytes.
- * \param tag_len The length of the tag to write.
- *
- * \return \c 0 on success.
- * \return A specific error code on failure.
- */
-int mbedtls_cipher_write_tag(mbedtls_cipher_context_t *ctx,
- unsigned char *tag, size_t tag_len);
-
-/**
- * \brief This function checks the tag for AEAD ciphers.
- * Currently supported with GCM and ChaCha20+Poly1305.
- * This must be called after mbedtls_cipher_finish().
- *
- * \param ctx The generic cipher context. This must be initialized.
- * \param tag The buffer holding the tag. This must be a readable
- * buffer of at least \p tag_len Bytes.
- * \param tag_len The length of the tag to check.
- *
- * \return \c 0 on success.
- * \return A specific error code on failure.
- */
-int mbedtls_cipher_check_tag(mbedtls_cipher_context_t *ctx,
- const unsigned char *tag, size_t tag_len);
-#endif /* MBEDTLS_GCM_C || MBEDTLS_CHACHAPOLY_C */
-
-/**
- * \brief The generic all-in-one encryption/decryption function,
- * for all ciphers except AEAD constructs.
- *
- * \param ctx The generic cipher context. This must be initialized.
- * \param iv The IV to use, or NONCE_COUNTER for CTR-mode ciphers.
- * This must be a readable buffer of at least \p iv_len
- * Bytes.
- * \param iv_len The IV length for ciphers with variable-size IV.
- * This parameter is discarded by ciphers with fixed-size
- * IV.
- * \param input The buffer holding the input data. This must be a
- * readable buffer of at least \p ilen Bytes.
- * \param ilen The length of the input data in Bytes.
- * \param output The buffer for the output data. This must be able to
- * hold at least `ilen + block_size`. This must not be the
- * same buffer as \p input.
- * \param olen The length of the output data, to be updated with the
- * actual number of Bytes written. This must not be
- * \c NULL.
- *
- * \note Some ciphers do not use IVs nor nonce. For these
- * ciphers, use \p iv = NULL and \p iv_len = 0.
- *
- * \return \c 0 on success.
- * \return #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA on
- * parameter-verification failure.
- * \return #MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED on decryption
- * expecting a full block but not receiving one.
- * \return #MBEDTLS_ERR_CIPHER_INVALID_PADDING on invalid padding
- * while decrypting.
- * \return A cipher-specific error code on failure.
- */
-int mbedtls_cipher_crypt(mbedtls_cipher_context_t *ctx,
- const unsigned char *iv, size_t iv_len,
- const unsigned char *input, size_t ilen,
- unsigned char *output, size_t *olen);
-
-#if defined(MBEDTLS_CIPHER_MODE_AEAD) || defined(MBEDTLS_NIST_KW_C)
-/**
- * \brief The authenticated encryption (AEAD/NIST_KW) function.
- *
- * \note For AEAD modes, the tag will be appended to the
- * ciphertext, as recommended by RFC 5116.
- * (NIST_KW doesn't have a separate tag.)
- *
- * \param ctx The generic cipher context. This must be initialized and
- * bound to a key, with an AEAD algorithm or NIST_KW.
- * \param iv The nonce to use. This must be a readable buffer of
- * at least \p iv_len Bytes and may be \c NULL if \p
- * iv_len is \c 0.
- * \param iv_len The length of the nonce. For AEAD ciphers, this must
- * satisfy the constraints imposed by the cipher used.
- * For NIST_KW, this must be \c 0.
- * \param ad The additional data to authenticate. This must be a
- * readable buffer of at least \p ad_len Bytes, and may
- * be \c NULL is \p ad_len is \c 0.
- * \param ad_len The length of \p ad. For NIST_KW, this must be \c 0.
- * \param input The buffer holding the input data. This must be a
- * readable buffer of at least \p ilen Bytes, and may be
- * \c NULL if \p ilen is \c 0.
- * \param ilen The length of the input data.
- * \param output The buffer for the output data. This must be a
- * writable buffer of at least \p output_len Bytes, and
- * must not be \c NULL.
- * \param output_len The length of the \p output buffer in Bytes. For AEAD
- * ciphers, this must be at least \p ilen + \p tag_len.
- * For NIST_KW, this must be at least \p ilen + 8
- * (rounded up to a multiple of 8 if KWP is used);
- * \p ilen + 15 is always a safe value.
- * \param olen This will be filled with the actual number of Bytes
- * written to the \p output buffer. This must point to a
- * writable object of type \c size_t.
- * \param tag_len The desired length of the authentication tag. For AEAD
- * ciphers, this must match the constraints imposed by
- * the cipher used, and in particular must not be \c 0.
- * For NIST_KW, this must be \c 0.
- *
- * \return \c 0 on success.
- * \return #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA on
- * parameter-verification failure.
- * \return A cipher-specific error code on failure.
- */
-int mbedtls_cipher_auth_encrypt_ext(mbedtls_cipher_context_t *ctx,
- const unsigned char *iv, size_t iv_len,
- const unsigned char *ad, size_t ad_len,
- const unsigned char *input, size_t ilen,
- unsigned char *output, size_t output_len,
- size_t *olen, size_t tag_len);
-
-/**
- * \brief The authenticated encryption (AEAD/NIST_KW) function.
- *
- * \note If the data is not authentic, then the output buffer
- * is zeroed out to prevent the unauthentic plaintext being
- * used, making this interface safer.
- *
- * \note For AEAD modes, the tag must be appended to the
- * ciphertext, as recommended by RFC 5116.
- * (NIST_KW doesn't have a separate tag.)
- *
- * \param ctx The generic cipher context. This must be initialized and
- * bound to a key, with an AEAD algorithm or NIST_KW.
- * \param iv The nonce to use. This must be a readable buffer of
- * at least \p iv_len Bytes and may be \c NULL if \p
- * iv_len is \c 0.
- * \param iv_len The length of the nonce. For AEAD ciphers, this must
- * satisfy the constraints imposed by the cipher used.
- * For NIST_KW, this must be \c 0.
- * \param ad The additional data to authenticate. This must be a
- * readable buffer of at least \p ad_len Bytes, and may
- * be \c NULL is \p ad_len is \c 0.
- * \param ad_len The length of \p ad. For NIST_KW, this must be \c 0.
- * \param input The buffer holding the input data. This must be a
- * readable buffer of at least \p ilen Bytes, and may be
- * \c NULL if \p ilen is \c 0.
- * \param ilen The length of the input data. For AEAD ciphers this
- * must be at least \p tag_len. For NIST_KW this must be
- * at least \c 8.
- * \param output The buffer for the output data. This must be a
- * writable buffer of at least \p output_len Bytes, and
- * may be \c NULL if \p output_len is \c 0.
- * \param output_len The length of the \p output buffer in Bytes. For AEAD
- * ciphers, this must be at least \p ilen - \p tag_len.
- * For NIST_KW, this must be at least \p ilen - 8.
- * \param olen This will be filled with the actual number of Bytes
- * written to the \p output buffer. This must point to a
- * writable object of type \c size_t.
- * \param tag_len The actual length of the authentication tag. For AEAD
- * ciphers, this must match the constraints imposed by
- * the cipher used, and in particular must not be \c 0.
- * For NIST_KW, this must be \c 0.
- *
- * \return \c 0 on success.
- * \return #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA on
- * parameter-verification failure.
- * \return #MBEDTLS_ERR_CIPHER_AUTH_FAILED if data is not authentic.
- * \return A cipher-specific error code on failure.
- */
-int mbedtls_cipher_auth_decrypt_ext(mbedtls_cipher_context_t *ctx,
- const unsigned char *iv, size_t iv_len,
- const unsigned char *ad, size_t ad_len,
- const unsigned char *input, size_t ilen,
- unsigned char *output, size_t output_len,
- size_t *olen, size_t tag_len);
-#endif /* MBEDTLS_CIPHER_MODE_AEAD || MBEDTLS_NIST_KW_C */
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* MBEDTLS_CIPHER_H */
diff --git a/include/mbedtls/config_psa.h b/include/mbedtls/config_psa.h
index 6d116f2..776eb74 100644
--- a/include/mbedtls/config_psa.h
+++ b/include/mbedtls/config_psa.h
@@ -40,6 +40,4 @@
#include "psa/crypto_driver_config.h"
-#include "oberon_config.h"
-
#endif /* MBEDTLS_CONFIG_PSA_H */
diff --git a/include/mbedtls/constant_time.h b/include/mbedtls/constant_time.h
deleted file mode 100644
index d31bff6..0000000
--- a/include/mbedtls/constant_time.h
+++ /dev/null
@@ -1,36 +0,0 @@
-/**
- * Constant-time functions
- */
-/*
- * Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
- */
-
-#ifndef MBEDTLS_CONSTANT_TIME_H
-#define MBEDTLS_CONSTANT_TIME_H
-
-#include
-
-/** Constant-time buffer comparison without branches.
- *
- * This is equivalent to the standard memcmp function, but is likely to be
- * compiled to code using bitwise operations rather than a branch, such that
- * the time taken is constant w.r.t. the data pointed to by \p a and \p b,
- * and w.r.t. whether \p a and \p b are equal or not. It is not constant-time
- * w.r.t. \p n .
- *
- * This function can be used to write constant-time code by replacing branches
- * with bit operations using masks.
- *
- * \param a Pointer to the first buffer, containing at least \p n bytes. May not be NULL.
- * \param b Pointer to the second buffer, containing at least \p n bytes. May not be NULL.
- * \param n The number of bytes to compare.
- *
- * \return Zero if the contents of the two buffers are the same,
- * otherwise non-zero.
- */
-int mbedtls_ct_memcmp(const void *a,
- const void *b,
- size_t n);
-
-#endif /* MBEDTLS_CONSTANT_TIME_H */
diff --git a/include/mbedtls/ctr_drbg.h b/include/mbedtls/ctr_drbg.h
deleted file mode 100644
index c00756d..0000000
--- a/include/mbedtls/ctr_drbg.h
+++ /dev/null
@@ -1,582 +0,0 @@
-/**
- * \file ctr_drbg.h
- *
- * \brief This file contains definitions and functions for the
- * CTR_DRBG pseudorandom generator.
- *
- * CTR_DRBG is a standardized way of building a PRNG from a block-cipher
- * in counter mode operation, as defined in NIST SP 800-90A:
- * Recommendation for Random Number Generation Using Deterministic Random
- * Bit Generators.
- *
- * The Mbed TLS implementation of CTR_DRBG uses AES-256 (default) or AES-128
- * (if \c MBEDTLS_CTR_DRBG_USE_128_BIT_KEY is enabled at compile time)
- * as the underlying block cipher, with a derivation function.
- *
- * The security strength as defined in NIST SP 800-90A is
- * 128 bits when AES-128 is used (\c MBEDTLS_CTR_DRBG_USE_128_BIT_KEY enabled)
- * and 256 bits otherwise, provided that #MBEDTLS_CTR_DRBG_ENTROPY_LEN is
- * kept at its default value (and not overridden in mbedtls_config.h) and that the
- * DRBG instance is set up with default parameters.
- * See the documentation of mbedtls_ctr_drbg_seed() for more
- * information.
- */
-/*
- * Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
- */
-
-#ifndef MBEDTLS_CTR_DRBG_H
-#define MBEDTLS_CTR_DRBG_H
-#include "mbedtls/private_access.h"
-
-#include "mbedtls/build_info.h"
-
-/* In case AES_C is defined then it is the primary option for backward
- * compatibility purposes. If that's not available, PSA is used instead */
-#if defined(MBEDTLS_AES_C)
-#include "mbedtls/aes.h"
-#else
-#include "psa/crypto.h"
-#endif
-
-#include "entropy.h"
-
-#if defined(MBEDTLS_THREADING_C)
-#include "mbedtls/threading.h"
-#endif
-
-/** The entropy source failed. */
-#define MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED -0x0034
-/** The requested random buffer length is too big. */
-#define MBEDTLS_ERR_CTR_DRBG_REQUEST_TOO_BIG -0x0036
-/** The input (entropy + additional data) is too large. */
-#define MBEDTLS_ERR_CTR_DRBG_INPUT_TOO_BIG -0x0038
-/** Read or write error in file. */
-#define MBEDTLS_ERR_CTR_DRBG_FILE_IO_ERROR -0x003A
-
-#define MBEDTLS_CTR_DRBG_BLOCKSIZE 16 /**< The block size used by the cipher. */
-
-#if defined(MBEDTLS_CTR_DRBG_USE_128_BIT_KEY)
-#define MBEDTLS_CTR_DRBG_KEYSIZE 16
-/**< The key size in bytes used by the cipher.
- *
- * Compile-time choice: 16 bytes (128 bits)
- * because #MBEDTLS_CTR_DRBG_USE_128_BIT_KEY is enabled.
- */
-#else
-#define MBEDTLS_CTR_DRBG_KEYSIZE 32
-/**< The key size in bytes used by the cipher.
- *
- * Compile-time choice: 32 bytes (256 bits)
- * because \c MBEDTLS_CTR_DRBG_USE_128_BIT_KEY is disabled.
- */
-#endif
-
-#define MBEDTLS_CTR_DRBG_KEYBITS (MBEDTLS_CTR_DRBG_KEYSIZE * 8) /**< The key size for the DRBG operation, in bits. */
-#define MBEDTLS_CTR_DRBG_SEEDLEN (MBEDTLS_CTR_DRBG_KEYSIZE + MBEDTLS_CTR_DRBG_BLOCKSIZE) /**< The seed length, calculated as (counter + AES key). */
-
-/**
- * \name SECTION: Module settings
- *
- * The configuration options you can set for this module are in this section.
- * Either change them in mbedtls_config.h or define them using the compiler command
- * line.
- * \{
- */
-
-/** \def MBEDTLS_CTR_DRBG_ENTROPY_LEN
- *
- * \brief The amount of entropy used per seed by default, in bytes.
- */
-#if !defined(MBEDTLS_CTR_DRBG_ENTROPY_LEN)
-#if defined(MBEDTLS_ENTROPY_SHA512_ACCUMULATOR)
-/** This is 48 bytes because the entropy module uses SHA-512.
- */
-#define MBEDTLS_CTR_DRBG_ENTROPY_LEN 48
-
-#else /* MBEDTLS_ENTROPY_SHA512_ACCUMULATOR */
-
-/** This is 32 bytes because the entropy module uses SHA-256.
- */
-#if !defined(MBEDTLS_CTR_DRBG_USE_128_BIT_KEY)
-/** \warning To achieve a 256-bit security strength, you must pass a nonce
- * to mbedtls_ctr_drbg_seed().
- */
-#endif /* !defined(MBEDTLS_CTR_DRBG_USE_128_BIT_KEY) */
-#define MBEDTLS_CTR_DRBG_ENTROPY_LEN 32
-#endif /* MBEDTLS_ENTROPY_SHA512_ACCUMULATOR */
-#endif /* !defined(MBEDTLS_CTR_DRBG_ENTROPY_LEN) */
-
-#if !defined(MBEDTLS_CTR_DRBG_RESEED_INTERVAL)
-#define MBEDTLS_CTR_DRBG_RESEED_INTERVAL 10000
-/**< The interval before reseed is performed by default. */
-#endif
-
-#if !defined(MBEDTLS_CTR_DRBG_MAX_INPUT)
-#define MBEDTLS_CTR_DRBG_MAX_INPUT 256
-/**< The maximum number of additional input Bytes. */
-#endif
-
-#if !defined(MBEDTLS_CTR_DRBG_MAX_REQUEST)
-#define MBEDTLS_CTR_DRBG_MAX_REQUEST 1024
-/**< The maximum number of requested Bytes per call. */
-#endif
-
-#if !defined(MBEDTLS_CTR_DRBG_MAX_SEED_INPUT)
-#define MBEDTLS_CTR_DRBG_MAX_SEED_INPUT 384
-/**< The maximum size of seed or reseed buffer in bytes. */
-#endif
-
-/** \} name SECTION: Module settings */
-
-#define MBEDTLS_CTR_DRBG_PR_OFF 0
-/**< Prediction resistance is disabled. */
-#define MBEDTLS_CTR_DRBG_PR_ON 1
-/**< Prediction resistance is enabled. */
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-#if MBEDTLS_CTR_DRBG_ENTROPY_LEN >= MBEDTLS_CTR_DRBG_KEYSIZE * 3 / 2
-/** The default length of the nonce read from the entropy source.
- *
- * This is \c 0 because a single read from the entropy source is sufficient
- * to include a nonce.
- * See the documentation of mbedtls_ctr_drbg_seed() for more information.
- */
-#define MBEDTLS_CTR_DRBG_ENTROPY_NONCE_LEN 0
-#else
-/** The default length of the nonce read from the entropy source.
- *
- * This is half of the default entropy length because a single read from
- * the entropy source does not provide enough material to form a nonce.
- * See the documentation of mbedtls_ctr_drbg_seed() for more information.
- */
-#define MBEDTLS_CTR_DRBG_ENTROPY_NONCE_LEN (MBEDTLS_CTR_DRBG_ENTROPY_LEN + 1) / 2
-#endif
-
-#if !defined(MBEDTLS_AES_C)
-typedef struct mbedtls_ctr_drbg_psa_context {
- mbedtls_svc_key_id_t key_id;
- psa_cipher_operation_t operation;
-} mbedtls_ctr_drbg_psa_context;
-#endif
-
-/**
- * \brief The CTR_DRBG context structure.
- */
-typedef struct mbedtls_ctr_drbg_context {
- unsigned char MBEDTLS_PRIVATE(counter)[16]; /*!< The counter (V). */
- int MBEDTLS_PRIVATE(reseed_counter); /*!< The reseed counter.
- * This is the number of requests that have
- * been made since the last (re)seeding,
- * minus one.
- * Before the initial seeding, this field
- * contains the amount of entropy in bytes
- * to use as a nonce for the initial seeding,
- * or -1 if no nonce length has been explicitly
- * set (see mbedtls_ctr_drbg_set_nonce_len()).
- */
- int MBEDTLS_PRIVATE(prediction_resistance); /*!< This determines whether prediction
- resistance is enabled, that is
- whether to systematically reseed before
- each random generation. */
- size_t MBEDTLS_PRIVATE(entropy_len); /*!< The amount of entropy grabbed on each
- seed or reseed operation, in bytes. */
- int MBEDTLS_PRIVATE(reseed_interval); /*!< The reseed interval.
- * This is the maximum number of requests
- * that can be made between reseedings. */
-
-#if defined(MBEDTLS_AES_C)
- mbedtls_aes_context MBEDTLS_PRIVATE(aes_ctx); /*!< The AES context. */
-#else
- mbedtls_ctr_drbg_psa_context MBEDTLS_PRIVATE(psa_ctx); /*!< The PSA context. */
-#endif
-
- /*
- * Callbacks (Entropy)
- */
- int(*MBEDTLS_PRIVATE(f_entropy))(void *, unsigned char *, size_t);
- /*!< The entropy callback function. */
-
- void *MBEDTLS_PRIVATE(p_entropy); /*!< The context for the entropy function. */
-
-#if defined(MBEDTLS_THREADING_C)
- /* Invariant: the mutex is initialized if and only if f_entropy != NULL.
- * This means that the mutex is initialized during the initial seeding
- * in mbedtls_ctr_drbg_seed() and freed in mbedtls_ctr_drbg_free().
- *
- * Note that this invariant may change without notice. Do not rely on it
- * and do not access the mutex directly in application code.
- */
- mbedtls_threading_mutex_t MBEDTLS_PRIVATE(mutex);
-#endif
-}
-mbedtls_ctr_drbg_context;
-
-/**
- * \brief This function initializes the CTR_DRBG context,
- * and prepares it for mbedtls_ctr_drbg_seed()
- * or mbedtls_ctr_drbg_free().
- *
- * \note The reseed interval is
- * #MBEDTLS_CTR_DRBG_RESEED_INTERVAL by default.
- * You can override it by calling
- * mbedtls_ctr_drbg_set_reseed_interval().
- *
- * \param ctx The CTR_DRBG context to initialize.
- */
-void mbedtls_ctr_drbg_init(mbedtls_ctr_drbg_context *ctx);
-
-/**
- * \brief This function seeds and sets up the CTR_DRBG
- * entropy source for future reseeds.
- *
- * A typical choice for the \p f_entropy and \p p_entropy parameters is
- * to use the entropy module:
- * - \p f_entropy is mbedtls_entropy_func();
- * - \p p_entropy is an instance of ::mbedtls_entropy_context initialized
- * with mbedtls_entropy_init() (which registers the platform's default
- * entropy sources).
- *
- * The entropy length is #MBEDTLS_CTR_DRBG_ENTROPY_LEN by default.
- * You can override it by calling mbedtls_ctr_drbg_set_entropy_len().
- *
- * The entropy nonce length is:
- * - \c 0 if the entropy length is at least 3/2 times the entropy length,
- * which guarantees that the security strength is the maximum permitted
- * by the key size and entropy length according to NIST SP 800-90A §10.2.1;
- * - Half the entropy length otherwise.
- * You can override it by calling mbedtls_ctr_drbg_set_nonce_len().
- * With the default entropy length, the entropy nonce length is
- * #MBEDTLS_CTR_DRBG_ENTROPY_NONCE_LEN.
- *
- * You can provide a nonce and personalization string in addition to the
- * entropy source, to make this instantiation as unique as possible.
- * See SP 800-90A §8.6.7 for more details about nonces.
- *
- * The _seed_material_ value passed to the derivation function in
- * the CTR_DRBG Instantiate Process described in NIST SP 800-90A §10.2.1.3.2
- * is the concatenation of the following strings:
- * - A string obtained by calling \p f_entropy function for the entropy
- * length.
- */
-#if MBEDTLS_CTR_DRBG_ENTROPY_NONCE_LEN == 0
-/**
- * - If mbedtls_ctr_drbg_set_nonce_len() has been called, a string
- * obtained by calling \p f_entropy function for the specified length.
- */
-#else
-/**
- * - A string obtained by calling \p f_entropy function for the entropy nonce
- * length. If the entropy nonce length is \c 0, this function does not
- * make a second call to \p f_entropy.
- */
-#endif
-#if defined(MBEDTLS_THREADING_C)
-/**
- * \note When Mbed TLS is built with threading support,
- * after this function returns successfully,
- * it is safe to call mbedtls_ctr_drbg_random()
- * from multiple threads. Other operations, including
- * reseeding, are not thread-safe.
- */
-#endif /* MBEDTLS_THREADING_C */
-/**
- * - The \p custom string.
- *
- * \note To achieve the nominal security strength permitted
- * by CTR_DRBG, the entropy length must be:
- * - at least 16 bytes for a 128-bit strength
- * (maximum achievable strength when using AES-128);
- * - at least 32 bytes for a 256-bit strength
- * (maximum achievable strength when using AES-256).
- *
- * In addition, if you do not pass a nonce in \p custom,
- * the sum of the entropy length
- * and the entropy nonce length must be:
- * - at least 24 bytes for a 128-bit strength
- * (maximum achievable strength when using AES-128);
- * - at least 48 bytes for a 256-bit strength
- * (maximum achievable strength when using AES-256).
- *
- * \param ctx The CTR_DRBG context to seed.
- * It must have been initialized with
- * mbedtls_ctr_drbg_init().
- * After a successful call to mbedtls_ctr_drbg_seed(),
- * you may not call mbedtls_ctr_drbg_seed() again on
- * the same context unless you call
- * mbedtls_ctr_drbg_free() and mbedtls_ctr_drbg_init()
- * again first.
- * After a failed call to mbedtls_ctr_drbg_seed(),
- * you must call mbedtls_ctr_drbg_free().
- * \param f_entropy The entropy callback, taking as arguments the
- * \p p_entropy context, the buffer to fill, and the
- * length of the buffer.
- * \p f_entropy is always called with a buffer size
- * less than or equal to the entropy length.
- * \param p_entropy The entropy context to pass to \p f_entropy.
- * \param custom The personalization string.
- * This can be \c NULL, in which case the personalization
- * string is empty regardless of the value of \p len.
- * \param len The length of the personalization string.
- * This must be at most
- * #MBEDTLS_CTR_DRBG_MAX_SEED_INPUT
- * - #MBEDTLS_CTR_DRBG_ENTROPY_LEN.
- *
- * \return \c 0 on success.
- * \return #MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED on failure.
- */
-int mbedtls_ctr_drbg_seed(mbedtls_ctr_drbg_context *ctx,
- int (*f_entropy)(void *, unsigned char *, size_t),
- void *p_entropy,
- const unsigned char *custom,
- size_t len);
-
-/**
- * \brief This function resets CTR_DRBG context to the state immediately
- * after initial call of mbedtls_ctr_drbg_init().
- *
- * \param ctx The CTR_DRBG context to clear.
- */
-void mbedtls_ctr_drbg_free(mbedtls_ctr_drbg_context *ctx);
-
-/**
- * \brief This function turns prediction resistance on or off.
- * The default value is off.
- *
- * \note If enabled, entropy is gathered at the beginning of
- * every call to mbedtls_ctr_drbg_random_with_add()
- * or mbedtls_ctr_drbg_random().
- * Only use this if your entropy source has sufficient
- * throughput.
- *
- * \param ctx The CTR_DRBG context.
- * \param resistance #MBEDTLS_CTR_DRBG_PR_ON or #MBEDTLS_CTR_DRBG_PR_OFF.
- */
-void mbedtls_ctr_drbg_set_prediction_resistance(mbedtls_ctr_drbg_context *ctx,
- int resistance);
-
-/**
- * \brief This function sets the amount of entropy grabbed on each
- * seed or reseed.
- *
- * The default value is #MBEDTLS_CTR_DRBG_ENTROPY_LEN.
- *
- * \note The security strength of CTR_DRBG is bounded by the
- * entropy length. Thus:
- * - When using AES-256
- * (\c MBEDTLS_CTR_DRBG_USE_128_BIT_KEY is disabled,
- * which is the default),
- * \p len must be at least 32 (in bytes)
- * to achieve a 256-bit strength.
- * - When using AES-128
- * (\c MBEDTLS_CTR_DRBG_USE_128_BIT_KEY is enabled)
- * \p len must be at least 16 (in bytes)
- * to achieve a 128-bit strength.
- *
- * \param ctx The CTR_DRBG context.
- * \param len The amount of entropy to grab, in bytes.
- * This must be at most #MBEDTLS_CTR_DRBG_MAX_SEED_INPUT
- * and at most the maximum length accepted by the
- * entropy function that is set in the context.
- */
-void mbedtls_ctr_drbg_set_entropy_len(mbedtls_ctr_drbg_context *ctx,
- size_t len);
-
-/**
- * \brief This function sets the amount of entropy grabbed
- * as a nonce for the initial seeding.
- *
- * Call this function before calling mbedtls_ctr_drbg_seed() to read
- * a nonce from the entropy source during the initial seeding.
- *
- * \param ctx The CTR_DRBG context.
- * \param len The amount of entropy to grab for the nonce, in bytes.
- * This must be at most #MBEDTLS_CTR_DRBG_MAX_SEED_INPUT
- * and at most the maximum length accepted by the
- * entropy function that is set in the context.
- *
- * \return \c 0 on success.
- * \return #MBEDTLS_ERR_CTR_DRBG_INPUT_TOO_BIG if \p len is
- * more than #MBEDTLS_CTR_DRBG_MAX_SEED_INPUT.
- * \return #MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED
- * if the initial seeding has already taken place.
- */
-int mbedtls_ctr_drbg_set_nonce_len(mbedtls_ctr_drbg_context *ctx,
- size_t len);
-
-/**
- * \brief This function sets the reseed interval.
- *
- * The reseed interval is the number of calls to mbedtls_ctr_drbg_random()
- * or mbedtls_ctr_drbg_random_with_add() after which the entropy function
- * is called again.
- *
- * The default value is #MBEDTLS_CTR_DRBG_RESEED_INTERVAL.
- *
- * \param ctx The CTR_DRBG context.
- * \param interval The reseed interval.
- */
-void mbedtls_ctr_drbg_set_reseed_interval(mbedtls_ctr_drbg_context *ctx,
- int interval);
-
-/**
- * \brief This function reseeds the CTR_DRBG context, that is
- * extracts data from the entropy source.
- *
- * \note This function is not thread-safe. It is not safe
- * to call this function if another thread might be
- * concurrently obtaining random numbers from the same
- * context or updating or reseeding the same context.
- *
- * \param ctx The CTR_DRBG context.
- * \param additional Additional data to add to the state. Can be \c NULL.
- * \param len The length of the additional data.
- * This must be less than
- * #MBEDTLS_CTR_DRBG_MAX_SEED_INPUT - \c entropy_len
- * where \c entropy_len is the entropy length
- * configured for the context.
- *
- * \return \c 0 on success.
- * \return #MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED on failure.
- */
-int mbedtls_ctr_drbg_reseed(mbedtls_ctr_drbg_context *ctx,
- const unsigned char *additional, size_t len);
-
-/**
- * \brief This function updates the state of the CTR_DRBG context.
- *
- * \note This function is not thread-safe. It is not safe
- * to call this function if another thread might be
- * concurrently obtaining random numbers from the same
- * context or updating or reseeding the same context.
- *
- * \param ctx The CTR_DRBG context.
- * \param additional The data to update the state with. This must not be
- * \c NULL unless \p add_len is \c 0.
- * \param add_len Length of \p additional in bytes. This must be at
- * most #MBEDTLS_CTR_DRBG_MAX_SEED_INPUT.
- *
- * \return \c 0 on success.
- * \return #MBEDTLS_ERR_CTR_DRBG_INPUT_TOO_BIG if
- * \p add_len is more than
- * #MBEDTLS_CTR_DRBG_MAX_SEED_INPUT.
- * \return An error from the underlying AES cipher on failure.
- */
-int mbedtls_ctr_drbg_update(mbedtls_ctr_drbg_context *ctx,
- const unsigned char *additional,
- size_t add_len);
-
-/**
- * \brief This function updates a CTR_DRBG instance with additional
- * data and uses it to generate random data.
- *
- * This function automatically reseeds if the reseed counter is exceeded
- * or prediction resistance is enabled.
- *
- * \note This function is not thread-safe. It is not safe
- * to call this function if another thread might be
- * concurrently obtaining random numbers from the same
- * context or updating or reseeding the same context.
- *
- * \param p_rng The CTR_DRBG context. This must be a pointer to a
- * #mbedtls_ctr_drbg_context structure.
- * \param output The buffer to fill.
- * \param output_len The length of the buffer in bytes.
- * \param additional Additional data to update. Can be \c NULL, in which
- * case the additional data is empty regardless of
- * the value of \p add_len.
- * \param add_len The length of the additional data
- * if \p additional is not \c NULL.
- * This must be less than #MBEDTLS_CTR_DRBG_MAX_INPUT
- * and less than
- * #MBEDTLS_CTR_DRBG_MAX_SEED_INPUT - \c entropy_len
- * where \c entropy_len is the entropy length
- * configured for the context.
- *
- * \return \c 0 on success.
- * \return #MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED or
- * #MBEDTLS_ERR_CTR_DRBG_REQUEST_TOO_BIG on failure.
- */
-int mbedtls_ctr_drbg_random_with_add(void *p_rng,
- unsigned char *output, size_t output_len,
- const unsigned char *additional, size_t add_len);
-
-/**
- * \brief This function uses CTR_DRBG to generate random data.
- *
- * This function automatically reseeds if the reseed counter is exceeded
- * or prediction resistance is enabled.
- */
-#if defined(MBEDTLS_THREADING_C)
-/**
- * \note When Mbed TLS is built with threading support,
- * it is safe to call mbedtls_ctr_drbg_random()
- * from multiple threads. Other operations, including
- * reseeding, are not thread-safe.
- */
-#endif /* MBEDTLS_THREADING_C */
-/**
- * \param p_rng The CTR_DRBG context. This must be a pointer to a
- * #mbedtls_ctr_drbg_context structure.
- * \param output The buffer to fill.
- * \param output_len The length of the buffer in bytes.
- *
- * \return \c 0 on success.
- * \return #MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED or
- * #MBEDTLS_ERR_CTR_DRBG_REQUEST_TOO_BIG on failure.
- */
-int mbedtls_ctr_drbg_random(void *p_rng,
- unsigned char *output, size_t output_len);
-
-#if defined(MBEDTLS_FS_IO)
-/**
- * \brief This function writes a seed file.
- *
- * \param ctx The CTR_DRBG context.
- * \param path The name of the file.
- *
- * \return \c 0 on success.
- * \return #MBEDTLS_ERR_CTR_DRBG_FILE_IO_ERROR on file error.
- * \return #MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED on reseed
- * failure.
- */
-int mbedtls_ctr_drbg_write_seed_file(mbedtls_ctr_drbg_context *ctx, const char *path);
-
-/**
- * \brief This function reads and updates a seed file. The seed
- * is added to this instance.
- *
- * \param ctx The CTR_DRBG context.
- * \param path The name of the file.
- *
- * \return \c 0 on success.
- * \return #MBEDTLS_ERR_CTR_DRBG_FILE_IO_ERROR on file error.
- * \return #MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED on
- * reseed failure.
- * \return #MBEDTLS_ERR_CTR_DRBG_INPUT_TOO_BIG if the existing
- * seed file is too large.
- */
-int mbedtls_ctr_drbg_update_seed_file(mbedtls_ctr_drbg_context *ctx, const char *path);
-#endif /* MBEDTLS_FS_IO */
-
-#if defined(MBEDTLS_SELF_TEST)
-
-/**
- * \brief The CTR_DRBG checkup routine.
- *
- * \return \c 0 on success.
- * \return \c 1 on failure.
- */
-int mbedtls_ctr_drbg_self_test(int verbose);
-
-#endif /* MBEDTLS_SELF_TEST */
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* ctr_drbg.h */
diff --git a/include/mbedtls/ecdsa.h b/include/mbedtls/ecdsa.h
deleted file mode 100644
index 2ecf349..0000000
--- a/include/mbedtls/ecdsa.h
+++ /dev/null
@@ -1,671 +0,0 @@
-/**
- * \file ecdsa.h
- *
- * \brief This file contains ECDSA definitions and functions.
- *
- * The Elliptic Curve Digital Signature Algorithm (ECDSA) is defined in
- * Standards for Efficient Cryptography Group (SECG):
- * SEC1 Elliptic Curve Cryptography.
- * The use of ECDSA for TLS is defined in RFC-4492: Elliptic Curve
- * Cryptography (ECC) Cipher Suites for Transport Layer Security (TLS).
- *
- */
-/*
- * Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
- */
-
-#ifndef MBEDTLS_ECDSA_H
-#define MBEDTLS_ECDSA_H
-#include "mbedtls/private_access.h"
-
-#include "mbedtls/build_info.h"
-
-#include "mbedtls/ecp.h"
-#include "mbedtls/md.h"
-
-/**
- * \brief Maximum ECDSA signature size for a given curve bit size
- *
- * \param bits Curve size in bits
- * \return Maximum signature size in bytes
- *
- * \note This macro returns a compile-time constant if its argument
- * is one. It may evaluate its argument multiple times.
- */
-/*
- * Ecdsa-Sig-Value ::= SEQUENCE {
- * r INTEGER,
- * s INTEGER
- * }
- *
- * For each of r and s, the value (V) may include an extra initial "0" bit.
- */
-#define MBEDTLS_ECDSA_MAX_SIG_LEN(bits) \
- (/*T,L of SEQUENCE*/ ((bits) >= 61 * 8 ? 3 : 2) + \
- /*T,L of r,s*/ 2 * (((bits) >= 127 * 8 ? 3 : 2) + \
- /*V of r,s*/ ((bits) + 8) / 8))
-
-/** The maximal size of an ECDSA signature in Bytes. */
-#define MBEDTLS_ECDSA_MAX_LEN MBEDTLS_ECDSA_MAX_SIG_LEN(MBEDTLS_ECP_MAX_BITS)
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/**
- * \brief The ECDSA context structure.
- *
- * \warning Performing multiple operations concurrently on the same
- * ECDSA context is not supported; objects of this type
- * should not be shared between multiple threads.
- *
- * \note pk_wrap module assumes that "ecdsa_context" is identical
- * to "ecp_keypair" (see for example structure
- * "mbedtls_eckey_info" where ECDSA sign/verify functions
- * are used also for EC key)
- */
-typedef mbedtls_ecp_keypair mbedtls_ecdsa_context;
-
-#if defined(MBEDTLS_ECP_RESTARTABLE)
-
-/**
- * \brief Internal restart context for ecdsa_verify()
- *
- * \note Opaque struct, defined in ecdsa.c
- */
-typedef struct mbedtls_ecdsa_restart_ver mbedtls_ecdsa_restart_ver_ctx;
-
-/**
- * \brief Internal restart context for ecdsa_sign()
- *
- * \note Opaque struct, defined in ecdsa.c
- */
-typedef struct mbedtls_ecdsa_restart_sig mbedtls_ecdsa_restart_sig_ctx;
-
-#if defined(MBEDTLS_ECDSA_DETERMINISTIC)
-/**
- * \brief Internal restart context for ecdsa_sign_det()
- *
- * \note Opaque struct, defined in ecdsa.c
- */
-typedef struct mbedtls_ecdsa_restart_det mbedtls_ecdsa_restart_det_ctx;
-#endif
-
-/**
- * \brief General context for resuming ECDSA operations
- */
-typedef struct {
- mbedtls_ecp_restart_ctx MBEDTLS_PRIVATE(ecp); /*!< base context for ECP restart and
- shared administrative info */
- mbedtls_ecdsa_restart_ver_ctx *MBEDTLS_PRIVATE(ver); /*!< ecdsa_verify() sub-context */
- mbedtls_ecdsa_restart_sig_ctx *MBEDTLS_PRIVATE(sig); /*!< ecdsa_sign() sub-context */
-#if defined(MBEDTLS_ECDSA_DETERMINISTIC)
- mbedtls_ecdsa_restart_det_ctx *MBEDTLS_PRIVATE(det); /*!< ecdsa_sign_det() sub-context */
-#endif
-} mbedtls_ecdsa_restart_ctx;
-
-#else /* MBEDTLS_ECP_RESTARTABLE */
-
-/* Now we can declare functions that take a pointer to that */
-typedef void mbedtls_ecdsa_restart_ctx;
-
-#endif /* MBEDTLS_ECP_RESTARTABLE */
-
-/**
- * \brief This function checks whether a given group can be used
- * for ECDSA.
- *
- * \param gid The ECP group ID to check.
- *
- * \return \c 1 if the group can be used, \c 0 otherwise
- */
-int mbedtls_ecdsa_can_do(mbedtls_ecp_group_id gid);
-
-/**
- * \brief This function computes the ECDSA signature of a
- * previously-hashed message.
- *
- * \note The deterministic version implemented in
- * mbedtls_ecdsa_sign_det_ext() is usually preferred.
- *
- * \note If the bitlength of the message hash is larger than the
- * bitlength of the group order, then the hash is truncated
- * as defined in Standards for Efficient Cryptography Group
- * (SECG): SEC1 Elliptic Curve Cryptography, section
- * 4.1.3, step 5.
- *
- * \see ecp.h
- *
- * \param grp The context for the elliptic curve to use.
- * This must be initialized and have group parameters
- * set, for example through mbedtls_ecp_group_load().
- * \param r The MPI context in which to store the first part
- * the signature. This must be initialized.
- * \param s The MPI context in which to store the second part
- * the signature. This must be initialized.
- * \param d The private signing key. This must be initialized.
- * \param buf The content to be signed. This is usually the hash of
- * the original data to be signed. This must be a readable
- * buffer of length \p blen Bytes. It may be \c NULL if
- * \p blen is zero.
- * \param blen The length of \p buf in Bytes.
- * \param f_rng The RNG function. This must not be \c NULL.
- * \param p_rng The RNG context to be passed to \p f_rng. This may be
- * \c NULL if \p f_rng doesn't need a context parameter.
- *
- * \return \c 0 on success.
- * \return An \c MBEDTLS_ERR_ECP_XXX
- * or \c MBEDTLS_MPI_XXX error code on failure.
- */
-int mbedtls_ecdsa_sign(mbedtls_ecp_group *grp, mbedtls_mpi *r, mbedtls_mpi *s,
- const mbedtls_mpi *d, const unsigned char *buf, size_t blen,
- int (*f_rng)(void *, unsigned char *, size_t), void *p_rng);
-
-#if defined(MBEDTLS_ECDSA_DETERMINISTIC)
-/**
- * \brief This function computes the ECDSA signature of a
- * previously-hashed message, deterministic version.
- *
- * For more information, see RFC-6979: Deterministic
- * Usage of the Digital Signature Algorithm (DSA) and Elliptic
- * Curve Digital Signature Algorithm (ECDSA).
- *
- * \note If the bitlength of the message hash is larger than the
- * bitlength of the group order, then the hash is truncated as
- * defined in Standards for Efficient Cryptography Group
- * (SECG): SEC1 Elliptic Curve Cryptography, section
- * 4.1.3, step 5.
- *
- * \see ecp.h
- *
- * \param grp The context for the elliptic curve to use.
- * This must be initialized and have group parameters
- * set, for example through mbedtls_ecp_group_load().
- * \param r The MPI context in which to store the first part
- * the signature. This must be initialized.
- * \param s The MPI context in which to store the second part
- * the signature. This must be initialized.
- * \param d The private signing key. This must be initialized
- * and setup, for example through mbedtls_ecp_gen_privkey().
- * \param buf The hashed content to be signed. This must be a readable
- * buffer of length \p blen Bytes. It may be \c NULL if
- * \p blen is zero.
- * \param blen The length of \p buf in Bytes.
- * \param md_alg The hash algorithm used to hash the original data.
- * \param f_rng_blind The RNG function used for blinding. This must not be
- * \c NULL.
- * \param p_rng_blind The RNG context to be passed to \p f_rng_blind. This
- * may be \c NULL if \p f_rng_blind doesn't need a context
- * parameter.
- *
- * \return \c 0 on success.
- * \return An \c MBEDTLS_ERR_ECP_XXX or \c MBEDTLS_MPI_XXX
- * error code on failure.
- */
-int mbedtls_ecdsa_sign_det_ext(mbedtls_ecp_group *grp, mbedtls_mpi *r,
- mbedtls_mpi *s, const mbedtls_mpi *d,
- const unsigned char *buf, size_t blen,
- mbedtls_md_type_t md_alg,
- int (*f_rng_blind)(void *, unsigned char *, size_t),
- void *p_rng_blind);
-#endif /* MBEDTLS_ECDSA_DETERMINISTIC */
-
-#if !defined(MBEDTLS_ECDSA_SIGN_ALT)
-/**
- * \brief This function computes the ECDSA signature of a
- * previously-hashed message, in a restartable way.
- *
- * \note The deterministic version implemented in
- * mbedtls_ecdsa_sign_det_restartable() is usually
- * preferred.
- *
- * \note This function is like \c mbedtls_ecdsa_sign() but
- * it can return early and restart according to the
- * limit set with \c mbedtls_ecp_set_max_ops() to
- * reduce blocking.
- *
- * \note If the bitlength of the message hash is larger
- * than the bitlength of the group order, then the
- * hash is truncated as defined in Standards for
- * Efficient Cryptography Group (SECG): SEC1 Elliptic
- * Curve Cryptography, section 4.1.3, step 5.
- *
- * \see ecp.h
- *
- * \param grp The context for the elliptic curve to use.
- * This must be initialized and have group parameters
- * set, for example through mbedtls_ecp_group_load().
- * \param r The MPI context in which to store the first part
- * the signature. This must be initialized.
- * \param s The MPI context in which to store the second part
- * the signature. This must be initialized.
- * \param d The private signing key. This must be initialized
- * and setup, for example through
- * mbedtls_ecp_gen_privkey().
- * \param buf The hashed content to be signed. This must be a readable
- * buffer of length \p blen Bytes. It may be \c NULL if
- * \p blen is zero.
- * \param blen The length of \p buf in Bytes.
- * \param f_rng The RNG function. This must not be \c NULL.
- * \param p_rng The RNG context to be passed to \p f_rng. This may be
- * \c NULL if \p f_rng doesn't need a context parameter.
- * \param f_rng_blind The RNG function used for blinding. This must not be
- * \c NULL.
- * \param p_rng_blind The RNG context to be passed to \p f_rng. This may be
- * \c NULL if \p f_rng doesn't need a context parameter.
- * \param rs_ctx The restart context to use. This may be \c NULL
- * to disable restarting. If it is not \c NULL, it
- * must point to an initialized restart context.
- *
- * \return \c 0 on success.
- * \return #MBEDTLS_ERR_ECP_IN_PROGRESS if maximum number of
- * operations was reached: see \c
- * mbedtls_ecp_set_max_ops().
- * \return Another \c MBEDTLS_ERR_ECP_XXX, \c
- * MBEDTLS_ERR_MPI_XXX or \c MBEDTLS_ERR_ASN1_XXX
- * error code on failure.
- */
-int mbedtls_ecdsa_sign_restartable(
- mbedtls_ecp_group *grp,
- mbedtls_mpi *r, mbedtls_mpi *s,
- const mbedtls_mpi *d,
- const unsigned char *buf, size_t blen,
- int (*f_rng)(void *, unsigned char *, size_t),
- void *p_rng,
- int (*f_rng_blind)(void *, unsigned char *, size_t),
- void *p_rng_blind,
- mbedtls_ecdsa_restart_ctx *rs_ctx);
-
-#endif /* !MBEDTLS_ECDSA_SIGN_ALT */
-
-#if defined(MBEDTLS_ECDSA_DETERMINISTIC)
-
-/**
- * \brief This function computes the ECDSA signature of a
- * previously-hashed message, in a restartable way.
- *
- * \note This function is like \c
- * mbedtls_ecdsa_sign_det_ext() but it can return
- * early and restart according to the limit set with
- * \c mbedtls_ecp_set_max_ops() to reduce blocking.
- *
- * \note If the bitlength of the message hash is larger
- * than the bitlength of the group order, then the
- * hash is truncated as defined in Standards for
- * Efficient Cryptography Group (SECG): SEC1 Elliptic
- * Curve Cryptography, section 4.1.3, step 5.
- *
- * \see ecp.h
- *
- * \param grp The context for the elliptic curve to use.
- * This must be initialized and have group parameters
- * set, for example through mbedtls_ecp_group_load().
- * \param r The MPI context in which to store the first part
- * the signature. This must be initialized.
- * \param s The MPI context in which to store the second part
- * the signature. This must be initialized.
- * \param d The private signing key. This must be initialized
- * and setup, for example through
- * mbedtls_ecp_gen_privkey().
- * \param buf The hashed content to be signed. This must be a readable
- * buffer of length \p blen Bytes. It may be \c NULL if
- * \p blen is zero.
- * \param blen The length of \p buf in Bytes.
- * \param md_alg The hash algorithm used to hash the original data.
- * \param f_rng_blind The RNG function used for blinding. This must not be
- * \c NULL.
- * \param p_rng_blind The RNG context to be passed to \p f_rng_blind. This may be
- * \c NULL if \p f_rng_blind doesn't need a context parameter.
- * \param rs_ctx The restart context to use. This may be \c NULL
- * to disable restarting. If it is not \c NULL, it
- * must point to an initialized restart context.
- *
- * \return \c 0 on success.
- * \return #MBEDTLS_ERR_ECP_IN_PROGRESS if maximum number of
- * operations was reached: see \c
- * mbedtls_ecp_set_max_ops().
- * \return Another \c MBEDTLS_ERR_ECP_XXX, \c
- * MBEDTLS_ERR_MPI_XXX or \c MBEDTLS_ERR_ASN1_XXX
- * error code on failure.
- */
-int mbedtls_ecdsa_sign_det_restartable(
- mbedtls_ecp_group *grp,
- mbedtls_mpi *r, mbedtls_mpi *s,
- const mbedtls_mpi *d, const unsigned char *buf, size_t blen,
- mbedtls_md_type_t md_alg,
- int (*f_rng_blind)(void *, unsigned char *, size_t),
- void *p_rng_blind,
- mbedtls_ecdsa_restart_ctx *rs_ctx);
-
-#endif /* MBEDTLS_ECDSA_DETERMINISTIC */
-
-/**
- * \brief This function verifies the ECDSA signature of a
- * previously-hashed message.
- *
- * \note If the bitlength of the message hash is larger than the
- * bitlength of the group order, then the hash is truncated as
- * defined in Standards for Efficient Cryptography Group
- * (SECG): SEC1 Elliptic Curve Cryptography, section
- * 4.1.4, step 3.
- *
- * \see ecp.h
- *
- * \param grp The ECP group to use.
- * This must be initialized and have group parameters
- * set, for example through mbedtls_ecp_group_load().
- * \param buf The hashed content that was signed. This must be a readable
- * buffer of length \p blen Bytes. It may be \c NULL if
- * \p blen is zero.
- * \param blen The length of \p buf in Bytes.
- * \param Q The public key to use for verification. This must be
- * initialized and setup.
- * \param r The first integer of the signature.
- * This must be initialized.
- * \param s The second integer of the signature.
- * This must be initialized.
- *
- * \return \c 0 on success.
- * \return An \c MBEDTLS_ERR_ECP_XXX or \c MBEDTLS_MPI_XXX
- * error code on failure.
- */
-int mbedtls_ecdsa_verify(mbedtls_ecp_group *grp,
- const unsigned char *buf, size_t blen,
- const mbedtls_ecp_point *Q, const mbedtls_mpi *r,
- const mbedtls_mpi *s);
-
-#if !defined(MBEDTLS_ECDSA_VERIFY_ALT)
-/**
- * \brief This function verifies the ECDSA signature of a
- * previously-hashed message, in a restartable manner
- *
- * \note If the bitlength of the message hash is larger than the
- * bitlength of the group order, then the hash is truncated as
- * defined in Standards for Efficient Cryptography Group
- * (SECG): SEC1 Elliptic Curve Cryptography, section
- * 4.1.4, step 3.
- *
- * \see ecp.h
- *
- * \param grp The ECP group to use.
- * This must be initialized and have group parameters
- * set, for example through mbedtls_ecp_group_load().
- * \param buf The hashed content that was signed. This must be a readable
- * buffer of length \p blen Bytes. It may be \c NULL if
- * \p blen is zero.
- * \param blen The length of \p buf in Bytes.
- * \param Q The public key to use for verification. This must be
- * initialized and setup.
- * \param r The first integer of the signature.
- * This must be initialized.
- * \param s The second integer of the signature.
- * This must be initialized.
- * \param rs_ctx The restart context to use. This may be \c NULL to disable
- * restarting. If it is not \c NULL, it must point to an
- * initialized restart context.
- *
- * \return \c 0 on success.
- * \return #MBEDTLS_ERR_ECP_IN_PROGRESS if maximum number of
- * operations was reached: see \c mbedtls_ecp_set_max_ops().
- * \return An \c MBEDTLS_ERR_ECP_XXX or \c MBEDTLS_MPI_XXX
- * error code on failure.
- */
-int mbedtls_ecdsa_verify_restartable(mbedtls_ecp_group *grp,
- const unsigned char *buf, size_t blen,
- const mbedtls_ecp_point *Q,
- const mbedtls_mpi *r,
- const mbedtls_mpi *s,
- mbedtls_ecdsa_restart_ctx *rs_ctx);
-
-#endif /* !MBEDTLS_ECDSA_VERIFY_ALT */
-
-/**
- * \brief This function computes the ECDSA signature and writes it
- * to a buffer, serialized as defined in RFC-4492:
- * Elliptic Curve Cryptography (ECC) Cipher Suites for
- * Transport Layer Security (TLS).
- *
- * \warning It is not thread-safe to use the same context in
- * multiple threads.
- *
- * \note The deterministic version is used if
- * #MBEDTLS_ECDSA_DETERMINISTIC is defined. For more
- * information, see RFC-6979: Deterministic Usage
- * of the Digital Signature Algorithm (DSA) and Elliptic
- * Curve Digital Signature Algorithm (ECDSA).
- *
- * \note If the bitlength of the message hash is larger than the
- * bitlength of the group order, then the hash is truncated as
- * defined in Standards for Efficient Cryptography Group
- * (SECG): SEC1 Elliptic Curve Cryptography, section
- * 4.1.3, step 5.
- *
- * \see ecp.h
- *
- * \param ctx The ECDSA context to use. This must be initialized
- * and have a group and private key bound to it, for example
- * via mbedtls_ecdsa_genkey() or mbedtls_ecdsa_from_keypair().
- * \param md_alg The message digest that was used to hash the message.
- * \param hash The message hash to be signed. This must be a readable
- * buffer of length \p hlen Bytes.
- * \param hlen The length of the hash \p hash in Bytes.
- * \param sig The buffer to which to write the signature. This must be a
- * writable buffer of length at least twice as large as the
- * size of the curve used, plus 9. For example, 73 Bytes if
- * a 256-bit curve is used. A buffer length of
- * #MBEDTLS_ECDSA_MAX_LEN is always safe.
- * \param sig_size The size of the \p sig buffer in bytes.
- * \param slen The address at which to store the actual length of
- * the signature written. Must not be \c NULL.
- * \param f_rng The RNG function. This must not be \c NULL if
- * #MBEDTLS_ECDSA_DETERMINISTIC is unset. Otherwise,
- * it is used only for blinding and may be set to \c NULL, but
- * doing so is DEPRECATED.
- * \param p_rng The RNG context to be passed to \p f_rng. This may be
- * \c NULL if \p f_rng is \c NULL or doesn't use a context.
- *
- * \return \c 0 on success.
- * \return An \c MBEDTLS_ERR_ECP_XXX, \c MBEDTLS_ERR_MPI_XXX or
- * \c MBEDTLS_ERR_ASN1_XXX error code on failure.
- */
-int mbedtls_ecdsa_write_signature(mbedtls_ecdsa_context *ctx,
- mbedtls_md_type_t md_alg,
- const unsigned char *hash, size_t hlen,
- unsigned char *sig, size_t sig_size, size_t *slen,
- int (*f_rng)(void *, unsigned char *, size_t),
- void *p_rng);
-
-/**
- * \brief This function computes the ECDSA signature and writes it
- * to a buffer, in a restartable way.
- *
- * \see \c mbedtls_ecdsa_write_signature()
- *
- * \note This function is like \c mbedtls_ecdsa_write_signature()
- * but it can return early and restart according to the limit
- * set with \c mbedtls_ecp_set_max_ops() to reduce blocking.
- *
- * \param ctx The ECDSA context to use. This must be initialized
- * and have a group and private key bound to it, for example
- * via mbedtls_ecdsa_genkey() or mbedtls_ecdsa_from_keypair().
- * \param md_alg The message digest that was used to hash the message.
- * \param hash The message hash to be signed. This must be a readable
- * buffer of length \p hlen Bytes.
- * \param hlen The length of the hash \p hash in Bytes.
- * \param sig The buffer to which to write the signature. This must be a
- * writable buffer of length at least twice as large as the
- * size of the curve used, plus 9. For example, 73 Bytes if
- * a 256-bit curve is used. A buffer length of
- * #MBEDTLS_ECDSA_MAX_LEN is always safe.
- * \param sig_size The size of the \p sig buffer in bytes.
- * \param slen The address at which to store the actual length of
- * the signature written. Must not be \c NULL.
- * \param f_rng The RNG function. This must not be \c NULL if
- * #MBEDTLS_ECDSA_DETERMINISTIC is unset. Otherwise,
- * it is unused and may be set to \c NULL.
- * \param p_rng The RNG context to be passed to \p f_rng. This may be
- * \c NULL if \p f_rng is \c NULL or doesn't use a context.
- * \param rs_ctx The restart context to use. This may be \c NULL to disable
- * restarting. If it is not \c NULL, it must point to an
- * initialized restart context.
- *
- * \return \c 0 on success.
- * \return #MBEDTLS_ERR_ECP_IN_PROGRESS if maximum number of
- * operations was reached: see \c mbedtls_ecp_set_max_ops().
- * \return Another \c MBEDTLS_ERR_ECP_XXX, \c MBEDTLS_ERR_MPI_XXX or
- * \c MBEDTLS_ERR_ASN1_XXX error code on failure.
- */
-int mbedtls_ecdsa_write_signature_restartable(mbedtls_ecdsa_context *ctx,
- mbedtls_md_type_t md_alg,
- const unsigned char *hash, size_t hlen,
- unsigned char *sig, size_t sig_size, size_t *slen,
- int (*f_rng)(void *, unsigned char *, size_t),
- void *p_rng,
- mbedtls_ecdsa_restart_ctx *rs_ctx);
-
-/**
- * \brief This function reads and verifies an ECDSA signature.
- *
- * \note If the bitlength of the message hash is larger than the
- * bitlength of the group order, then the hash is truncated as
- * defined in Standards for Efficient Cryptography Group
- * (SECG): SEC1 Elliptic Curve Cryptography, section
- * 4.1.4, step 3.
- *
- * \see ecp.h
- *
- * \param ctx The ECDSA context to use. This must be initialized
- * and have a group and public key bound to it.
- * \param hash The message hash that was signed. This must be a readable
- * buffer of length \p hlen Bytes.
- * \param hlen The size of the hash \p hash.
- * \param sig The signature to read and verify. This must be a readable
- * buffer of length \p slen Bytes.
- * \param slen The size of \p sig in Bytes.
- *
- * \return \c 0 on success.
- * \return #MBEDTLS_ERR_ECP_BAD_INPUT_DATA if signature is invalid.
- * \return #MBEDTLS_ERR_ECP_SIG_LEN_MISMATCH if there is a valid
- * signature in \p sig, but its length is less than \p siglen.
- * \return An \c MBEDTLS_ERR_ECP_XXX or \c MBEDTLS_ERR_MPI_XXX
- * error code on failure for any other reason.
- */
-int mbedtls_ecdsa_read_signature(mbedtls_ecdsa_context *ctx,
- const unsigned char *hash, size_t hlen,
- const unsigned char *sig, size_t slen);
-
-/**
- * \brief This function reads and verifies an ECDSA signature,
- * in a restartable way.
- *
- * \see \c mbedtls_ecdsa_read_signature()
- *
- * \note This function is like \c mbedtls_ecdsa_read_signature()
- * but it can return early and restart according to the limit
- * set with \c mbedtls_ecp_set_max_ops() to reduce blocking.
- *
- * \param ctx The ECDSA context to use. This must be initialized
- * and have a group and public key bound to it.
- * \param hash The message hash that was signed. This must be a readable
- * buffer of length \p hlen Bytes.
- * \param hlen The size of the hash \p hash.
- * \param sig The signature to read and verify. This must be a readable
- * buffer of length \p slen Bytes.
- * \param slen The size of \p sig in Bytes.
- * \param rs_ctx The restart context to use. This may be \c NULL to disable
- * restarting. If it is not \c NULL, it must point to an
- * initialized restart context.
- *
- * \return \c 0 on success.
- * \return #MBEDTLS_ERR_ECP_BAD_INPUT_DATA if signature is invalid.
- * \return #MBEDTLS_ERR_ECP_SIG_LEN_MISMATCH if there is a valid
- * signature in \p sig, but its length is less than \p siglen.
- * \return #MBEDTLS_ERR_ECP_IN_PROGRESS if maximum number of
- * operations was reached: see \c mbedtls_ecp_set_max_ops().
- * \return Another \c MBEDTLS_ERR_ECP_XXX or \c MBEDTLS_ERR_MPI_XXX
- * error code on failure for any other reason.
- */
-int mbedtls_ecdsa_read_signature_restartable(mbedtls_ecdsa_context *ctx,
- const unsigned char *hash, size_t hlen,
- const unsigned char *sig, size_t slen,
- mbedtls_ecdsa_restart_ctx *rs_ctx);
-
-/**
- * \brief This function generates an ECDSA keypair on the given curve.
- *
- * \see ecp.h
- *
- * \param ctx The ECDSA context to store the keypair in.
- * This must be initialized.
- * \param gid The elliptic curve to use. One of the various
- * \c MBEDTLS_ECP_DP_XXX macros depending on configuration.
- * \param f_rng The RNG function to use. This must not be \c NULL.
- * \param p_rng The RNG context to be passed to \p f_rng. This may be
- * \c NULL if \p f_rng doesn't need a context argument.
- *
- * \return \c 0 on success.
- * \return An \c MBEDTLS_ERR_ECP_XXX code on failure.
- */
-int mbedtls_ecdsa_genkey(mbedtls_ecdsa_context *ctx, mbedtls_ecp_group_id gid,
- int (*f_rng)(void *, unsigned char *, size_t), void *p_rng);
-
-/**
- * \brief This function sets up an ECDSA context from an EC key pair.
- *
- * \see ecp.h
- *
- * \param ctx The ECDSA context to setup. This must be initialized.
- * \param key The EC key to use. This must be initialized and hold
- * a private-public key pair or a public key. In the former
- * case, the ECDSA context may be used for signature creation
- * and verification after this call. In the latter case, it
- * may be used for signature verification.
- *
- * \return \c 0 on success.
- * \return An \c MBEDTLS_ERR_ECP_XXX code on failure.
- */
-int mbedtls_ecdsa_from_keypair(mbedtls_ecdsa_context *ctx,
- const mbedtls_ecp_keypair *key);
-
-/**
- * \brief This function initializes an ECDSA context.
- *
- * \param ctx The ECDSA context to initialize.
- * This must not be \c NULL.
- */
-void mbedtls_ecdsa_init(mbedtls_ecdsa_context *ctx);
-
-/**
- * \brief This function frees an ECDSA context.
- *
- * \param ctx The ECDSA context to free. This may be \c NULL,
- * in which case this function does nothing. If it
- * is not \c NULL, it must be initialized.
- */
-void mbedtls_ecdsa_free(mbedtls_ecdsa_context *ctx);
-
-#if defined(MBEDTLS_ECP_RESTARTABLE)
-/**
- * \brief Initialize a restart context.
- *
- * \param ctx The restart context to initialize.
- * This must not be \c NULL.
- */
-void mbedtls_ecdsa_restart_init(mbedtls_ecdsa_restart_ctx *ctx);
-
-/**
- * \brief Free the components of a restart context.
- *
- * \param ctx The restart context to free. This may be \c NULL,
- * in which case this function does nothing. If it
- * is not \c NULL, it must be initialized.
- */
-void mbedtls_ecdsa_restart_free(mbedtls_ecdsa_restart_ctx *ctx);
-#endif /* MBEDTLS_ECP_RESTARTABLE */
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* ecdsa.h */
diff --git a/include/mbedtls/ecp.h b/include/mbedtls/ecp.h
deleted file mode 100644
index d8f73ae..0000000
--- a/include/mbedtls/ecp.h
+++ /dev/null
@@ -1,1528 +0,0 @@
-/**
- * \file ecp.h
- *
- * \brief This file provides an API for Elliptic Curves over GF(P) (ECP).
- *
- * The use of ECP in cryptography and TLS is defined in
- * Standards for Efficient Cryptography Group (SECG): SEC1
- * Elliptic Curve Cryptography and
- * RFC-4492: Elliptic Curve Cryptography (ECC) Cipher Suites
- * for Transport Layer Security (TLS).
- *
- * RFC-2409: The Internet Key Exchange (IKE) defines ECP
- * group types.
- *
- */
-
-/*
- * Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
- */
-
-#ifndef MBEDTLS_ECP_H
-#define MBEDTLS_ECP_H
-#include "mbedtls/private_access.h"
-
-#include "mbedtls/build_info.h"
-#include "mbedtls/platform_util.h"
-
-#include "mbedtls/bignum.h"
-
-/*
- * ECP error codes
- */
-/** Bad input parameters to function. */
-#define MBEDTLS_ERR_ECP_BAD_INPUT_DATA -0x4F80
-/** The buffer is too small to write to. */
-#define MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL -0x4F00
-/** The requested feature is not available, for example, the requested curve is not supported. */
-#define MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE -0x4E80
-/** The signature is not valid. */
-#define MBEDTLS_ERR_ECP_VERIFY_FAILED -0x4E00
-/** Memory allocation failed. */
-#define MBEDTLS_ERR_ECP_ALLOC_FAILED -0x4D80
-/** Generation of random value, such as ephemeral key, failed. */
-#define MBEDTLS_ERR_ECP_RANDOM_FAILED -0x4D00
-/** Invalid private or public key. */
-#define MBEDTLS_ERR_ECP_INVALID_KEY -0x4C80
-/** The buffer contains a valid signature followed by more data. */
-#define MBEDTLS_ERR_ECP_SIG_LEN_MISMATCH -0x4C00
-/** Operation in progress, call again with the same parameters to continue. */
-#define MBEDTLS_ERR_ECP_IN_PROGRESS -0x4B00
-
-/* Flags indicating whether to include code that is specific to certain
- * types of curves. These flags are for internal library use only. */
-#if defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED) || \
- defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED) || \
- defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED) || \
- defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED) || \
- defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED) || \
- defined(MBEDTLS_ECP_DP_BP256R1_ENABLED) || \
- defined(MBEDTLS_ECP_DP_BP384R1_ENABLED) || \
- defined(MBEDTLS_ECP_DP_BP512R1_ENABLED) || \
- defined(MBEDTLS_ECP_DP_SECP192K1_ENABLED) || \
- defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED) || \
- defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED)
-#define MBEDTLS_ECP_SHORT_WEIERSTRASS_ENABLED
-#endif
-#if defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED) || \
- defined(MBEDTLS_ECP_DP_CURVE448_ENABLED)
-#define MBEDTLS_ECP_MONTGOMERY_ENABLED
-#endif
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/**
- * Domain-parameter identifiers: curve, subgroup, and generator.
- *
- * \note Only curves over prime fields are supported.
- *
- * \warning This library does not support validation of arbitrary domain
- * parameters. Therefore, only standardized domain parameters from trusted
- * sources should be used. See mbedtls_ecp_group_load().
- */
-/* Note: when adding a new curve:
- * - Add it at the end of this enum, otherwise you'll break the ABI by
- * changing the numerical value for existing curves.
- * - Increment MBEDTLS_ECP_DP_MAX below if needed.
- * - Update the calculation of MBEDTLS_ECP_MAX_BITS below.
- * - Add the corresponding MBEDTLS_ECP_DP_xxx_ENABLED macro definition to
- * mbedtls_config.h.
- * - List the curve as a dependency of MBEDTLS_ECP_C and
- * MBEDTLS_ECDSA_C if supported in check_config.h.
- * - Add the curve to the appropriate curve type macro
- * MBEDTLS_ECP_yyy_ENABLED above.
- * - Add the necessary definitions to ecp_curves.c.
- * - Add the curve to the ecp_supported_curves array in ecp.c.
- * - Add the curve to applicable profiles in x509_crt.c.
- * - Add the curve to applicable presets in ssl_tls.c.
- */
-typedef enum {
- MBEDTLS_ECP_DP_NONE = 0, /*!< Curve not defined. */
- MBEDTLS_ECP_DP_SECP192R1, /*!< Domain parameters for the 192-bit curve defined by FIPS 186-4 and SEC1. */
- MBEDTLS_ECP_DP_SECP224R1, /*!< Domain parameters for the 224-bit curve defined by FIPS 186-4 and SEC1. */
- MBEDTLS_ECP_DP_SECP256R1, /*!< Domain parameters for the 256-bit curve defined by FIPS 186-4 and SEC1. */
- MBEDTLS_ECP_DP_SECP384R1, /*!< Domain parameters for the 384-bit curve defined by FIPS 186-4 and SEC1. */
- MBEDTLS_ECP_DP_SECP521R1, /*!< Domain parameters for the 521-bit curve defined by FIPS 186-4 and SEC1. */
- MBEDTLS_ECP_DP_BP256R1, /*!< Domain parameters for 256-bit Brainpool curve. */
- MBEDTLS_ECP_DP_BP384R1, /*!< Domain parameters for 384-bit Brainpool curve. */
- MBEDTLS_ECP_DP_BP512R1, /*!< Domain parameters for 512-bit Brainpool curve. */
- MBEDTLS_ECP_DP_CURVE25519, /*!< Domain parameters for Curve25519. */
- MBEDTLS_ECP_DP_SECP192K1, /*!< Domain parameters for 192-bit "Koblitz" curve. */
- MBEDTLS_ECP_DP_SECP224K1, /*!< Domain parameters for 224-bit "Koblitz" curve. */
- MBEDTLS_ECP_DP_SECP256K1, /*!< Domain parameters for 256-bit "Koblitz" curve. */
- MBEDTLS_ECP_DP_CURVE448, /*!< Domain parameters for Curve448. */
-} mbedtls_ecp_group_id;
-
-/**
- * The number of supported curves, plus one for #MBEDTLS_ECP_DP_NONE.
- */
-#define MBEDTLS_ECP_DP_MAX 14
-
-/*
- * Curve types
- */
-typedef enum {
- MBEDTLS_ECP_TYPE_NONE = 0,
- MBEDTLS_ECP_TYPE_SHORT_WEIERSTRASS, /* y^2 = x^3 + a x + b */
- MBEDTLS_ECP_TYPE_MONTGOMERY, /* y^2 = x^3 + a x^2 + x */
-} mbedtls_ecp_curve_type;
-
-/**
- * Curve information, for use by other modules.
- *
- * The fields of this structure are part of the public API and can be
- * accessed directly by applications. Future versions of the library may
- * add extra fields or reorder existing fields.
- */
-typedef struct mbedtls_ecp_curve_info {
- mbedtls_ecp_group_id grp_id; /*!< An internal identifier. */
- uint16_t tls_id; /*!< The TLS NamedCurve identifier. */
- uint16_t bit_size; /*!< The curve size in bits. */
- const char *name; /*!< A human-friendly name. */
-} mbedtls_ecp_curve_info;
-
-/**
- * \brief The ECP point structure, in Jacobian coordinates.
- *
- * \note All functions expect and return points satisfying
- * the following condition: Z == 0 or
- * Z == 1. Other values of \p Z are
- * used only by internal functions.
- * The point is zero, or "at infinity", if Z == 0.
- * Otherwise, \p X and \p Y are its standard (affine)
- * coordinates.
- */
-typedef struct mbedtls_ecp_point {
- mbedtls_mpi MBEDTLS_PRIVATE(X); /*!< The X coordinate of the ECP point. */
- mbedtls_mpi MBEDTLS_PRIVATE(Y); /*!< The Y coordinate of the ECP point. */
- mbedtls_mpi MBEDTLS_PRIVATE(Z); /*!< The Z coordinate of the ECP point. */
-}
-mbedtls_ecp_point;
-
-#if !defined(MBEDTLS_ECP_ALT)
-/*
- * default Mbed TLS elliptic curve arithmetic implementation
- *
- * (in case MBEDTLS_ECP_ALT is defined then the developer has to provide an
- * alternative implementation for the whole module and it will replace this
- * one.)
- */
-
-/**
- * \brief The ECP group structure.
- *
- * We consider two types of curve equations:
- * - Short Weierstrass:
y^2 = x^3 + A x + B mod P
- * (SEC1 + RFC-4492)
- * - Montgomery:
y^2 = x^3 + A x^2 + x mod P (Curve25519,
- * Curve448)
- * In both cases, the generator (\p G) for a prime-order subgroup is fixed.
- *
- * For Short Weierstrass, this subgroup is the whole curve, and its
- * cardinality is denoted by \p N. Our code requires that \p N is an
- * odd prime as mbedtls_ecp_mul() requires an odd number, and
- * mbedtls_ecdsa_sign() requires that it is prime for blinding purposes.
- *
- * The default implementation only initializes \p A without setting it to the
- * authentic value for curves with A = -3(SECP256R1, etc), in which
- * case you need to load \p A by yourself when using domain parameters directly,
- * for example:
- * \code
- * mbedtls_mpi_init(&A);
- * mbedtls_ecp_group_init(&grp);
- * CHECK_RETURN(mbedtls_ecp_group_load(&grp, grp_id));
- * if (mbedtls_ecp_group_a_is_minus_3(&grp)) {
- * CHECK_RETURN(mbedtls_mpi_sub_int(&A, &grp.P, 3));
- * } else {
- * CHECK_RETURN(mbedtls_mpi_copy(&A, &grp.A));
- * }
- *
- * do_something_with_a(&A);
- *
- * cleanup:
- * mbedtls_mpi_free(&A);
- * mbedtls_ecp_group_free(&grp);
- * \endcode
- *
- * For Montgomery curves, we do not store \p A, but (A + 2) / 4,
- * which is the quantity used in the formulas. Additionally, \p nbits is
- * not the size of \p N but the required size for private keys.
- *
- * If \p modp is NULL, reduction modulo \p P is done using a generic algorithm.
- * Otherwise, \p modp must point to a function that takes an \p mbedtls_mpi in the
- * range of 0..2^(2*pbits)-1, and transforms it in-place to an integer
- * which is congruent mod \p P to the given MPI, and is close enough to \p pbits
- * in size, so that it may be efficiently brought in the 0..P-1 range by a few
- * additions or subtractions. Therefore, it is only an approximative modular
- * reduction. It must return 0 on success and non-zero on failure.
- *
- * \note Alternative implementations of the ECP module must obey the
- * following constraints.
- * * Group IDs must be distinct: if two group structures have
- * the same ID, then they must be identical.
- * * The fields \c id, \c P, \c A, \c B, \c G, \c N,
- * \c pbits and \c nbits must have the same type and semantics
- * as in the built-in implementation.
- * They must be available for reading, but direct modification
- * of these fields does not need to be supported.
- * They do not need to be at the same offset in the structure.
- */
-typedef struct mbedtls_ecp_group {
- mbedtls_ecp_group_id id; /*!< An internal group identifier. */
- mbedtls_mpi P; /*!< The prime modulus of the base field. */
- mbedtls_mpi A; /*!< For Short Weierstrass: \p A in the equation. Note that
- \p A is not set to the authentic value in some cases.
- Refer to detailed description of ::mbedtls_ecp_group if
- using domain parameters in the structure.
- For Montgomery curves: (A + 2) / 4. */
- mbedtls_mpi B; /*!< For Short Weierstrass: \p B in the equation.
- For Montgomery curves: unused. */
- mbedtls_ecp_point G; /*!< The generator of the subgroup used. */
- mbedtls_mpi N; /*!< The order of \p G. */
- size_t pbits; /*!< The number of bits in \p P.*/
- size_t nbits; /*!< For Short Weierstrass: The number of bits in \p P.
- For Montgomery curves: the number of bits in the
- private keys. */
- /* End of public fields */
-
- unsigned int MBEDTLS_PRIVATE(h); /*!< \internal 1 if the constants are static. */
- int(*MBEDTLS_PRIVATE(modp))(mbedtls_mpi *); /*!< The function for fast pseudo-reduction
- mod \p P (see above).*/
- int(*MBEDTLS_PRIVATE(t_pre))(mbedtls_ecp_point *, void *); /*!< Unused. */
- int(*MBEDTLS_PRIVATE(t_post))(mbedtls_ecp_point *, void *); /*!< Unused. */
- void *MBEDTLS_PRIVATE(t_data); /*!< Unused. */
- mbedtls_ecp_point *MBEDTLS_PRIVATE(T); /*!< Pre-computed points for ecp_mul_comb(). */
- size_t MBEDTLS_PRIVATE(T_size); /*!< The number of dynamic allocated pre-computed points. */
-}
-mbedtls_ecp_group;
-
-/**
- * \name SECTION: Module settings
- *
- * The configuration options you can set for this module are in this section.
- * Either change them in mbedtls_config.h, or define them using the compiler command line.
- * \{
- */
-
-#if !defined(MBEDTLS_ECP_WINDOW_SIZE)
-/*
- * Maximum "window" size used for point multiplication.
- * Default: a point where higher memory usage yields diminishing performance
- * returns.
- * Minimum value: 2. Maximum value: 7.
- *
- * Result is an array of at most ( 1 << ( MBEDTLS_ECP_WINDOW_SIZE - 1 ) )
- * points used for point multiplication. This value is directly tied to EC
- * peak memory usage, so decreasing it by one should roughly cut memory usage
- * by two (if large curves are in use).
- *
- * Reduction in size may reduce speed, but larger curves are impacted first.
- * Sample performances (in ECDHE handshakes/s, with FIXED_POINT_OPTIM = 1):
- * w-size: 6 5 4 3 2
- * 521 145 141 135 120 97
- * 384 214 209 198 177 146
- * 256 320 320 303 262 226
- * 224 475 475 453 398 342
- * 192 640 640 633 587 476
- */
-#define MBEDTLS_ECP_WINDOW_SIZE 4 /**< The maximum window size used. */
-#endif /* MBEDTLS_ECP_WINDOW_SIZE */
-
-#if !defined(MBEDTLS_ECP_FIXED_POINT_OPTIM)
-/*
- * Trade code size for speed on fixed-point multiplication.
- *
- * This speeds up repeated multiplication of the generator (that is, the
- * multiplication in ECDSA signatures, and half of the multiplications in
- * ECDSA verification and ECDHE) by a factor roughly 3 to 4.
- *
- * For each n-bit Short Weierstrass curve that is enabled, this adds 4n bytes
- * of code size if n < 384 and 8n otherwise.
- *
- * Change this value to 0 to reduce code size.
- */
-#define MBEDTLS_ECP_FIXED_POINT_OPTIM 1 /**< Enable fixed-point speed-up. */
-#endif /* MBEDTLS_ECP_FIXED_POINT_OPTIM */
-
-/** \} name SECTION: Module settings */
-
-#else /* MBEDTLS_ECP_ALT */
-#include "ecp_alt.h"
-#endif /* MBEDTLS_ECP_ALT */
-
-/**
- * The maximum size of the groups, that is, of \c N and \c P.
- */
-#if !defined(MBEDTLS_ECP_LIGHT)
-/* Dummy definition to help code that has optional ECP support and
- * defines an MBEDTLS_ECP_MAX_BYTES-sized array unconditionally. */
-#define MBEDTLS_ECP_MAX_BITS 1
-/* Note: the curves must be listed in DECREASING size! */
-#elif defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED)
-#define MBEDTLS_ECP_MAX_BITS 521
-#elif defined(MBEDTLS_ECP_DP_BP512R1_ENABLED)
-#define MBEDTLS_ECP_MAX_BITS 512
-#elif defined(MBEDTLS_ECP_DP_CURVE448_ENABLED)
-#define MBEDTLS_ECP_MAX_BITS 448
-#elif defined(MBEDTLS_ECP_DP_BP384R1_ENABLED)
-#define MBEDTLS_ECP_MAX_BITS 384
-#elif defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED)
-#define MBEDTLS_ECP_MAX_BITS 384
-#elif defined(MBEDTLS_ECP_DP_BP256R1_ENABLED)
-#define MBEDTLS_ECP_MAX_BITS 256
-#elif defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED)
-#define MBEDTLS_ECP_MAX_BITS 256
-#elif defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED)
-#define MBEDTLS_ECP_MAX_BITS 256
-#elif defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED)
-#define MBEDTLS_ECP_MAX_BITS 255
-#elif defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED)
-#define MBEDTLS_ECP_MAX_BITS 225 // n is slightly above 2^224
-#elif defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED)
-#define MBEDTLS_ECP_MAX_BITS 224
-#elif defined(MBEDTLS_ECP_DP_SECP192K1_ENABLED)
-#define MBEDTLS_ECP_MAX_BITS 192
-#elif defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED)
-#define MBEDTLS_ECP_MAX_BITS 192
-#else /* !MBEDTLS_ECP_LIGHT */
-#error "Missing definition of MBEDTLS_ECP_MAX_BITS"
-#endif /* !MBEDTLS_ECP_LIGHT */
-
-#define MBEDTLS_ECP_MAX_BYTES ((MBEDTLS_ECP_MAX_BITS + 7) / 8)
-#define MBEDTLS_ECP_MAX_PT_LEN (2 * MBEDTLS_ECP_MAX_BYTES + 1)
-
-#if defined(MBEDTLS_ECP_RESTARTABLE)
-
-/**
- * \brief Internal restart context for multiplication
- *
- * \note Opaque struct
- */
-typedef struct mbedtls_ecp_restart_mul mbedtls_ecp_restart_mul_ctx;
-
-/**
- * \brief Internal restart context for ecp_muladd()
- *
- * \note Opaque struct
- */
-typedef struct mbedtls_ecp_restart_muladd mbedtls_ecp_restart_muladd_ctx;
-
-/**
- * \brief General context for resuming ECC operations
- */
-typedef struct {
- unsigned MBEDTLS_PRIVATE(ops_done); /*!< current ops count */
- unsigned MBEDTLS_PRIVATE(depth); /*!< call depth (0 = top-level) */
- mbedtls_ecp_restart_mul_ctx *MBEDTLS_PRIVATE(rsm); /*!< ecp_mul_comb() sub-context */
- mbedtls_ecp_restart_muladd_ctx *MBEDTLS_PRIVATE(ma); /*!< ecp_muladd() sub-context */
-} mbedtls_ecp_restart_ctx;
-
-/*
- * Operation counts for restartable functions
- */
-#define MBEDTLS_ECP_OPS_CHK 3 /*!< basic ops count for ecp_check_pubkey() */
-#define MBEDTLS_ECP_OPS_DBL 8 /*!< basic ops count for ecp_double_jac() */
-#define MBEDTLS_ECP_OPS_ADD 11 /*!< basic ops count for see ecp_add_mixed() */
-#define MBEDTLS_ECP_OPS_INV 120 /*!< empirical equivalent for mpi_mod_inv() */
-
-/**
- * \brief Internal; for restartable functions in other modules.
- * Check and update basic ops budget.
- *
- * \param grp Group structure
- * \param rs_ctx Restart context
- * \param ops Number of basic ops to do
- *
- * \return \c 0 if doing \p ops basic ops is still allowed,
- * \return #MBEDTLS_ERR_ECP_IN_PROGRESS otherwise.
- */
-int mbedtls_ecp_check_budget(const mbedtls_ecp_group *grp,
- mbedtls_ecp_restart_ctx *rs_ctx,
- unsigned ops);
-
-/* Utility macro for checking and updating ops budget */
-#define MBEDTLS_ECP_BUDGET(ops) \
- MBEDTLS_MPI_CHK(mbedtls_ecp_check_budget(grp, rs_ctx, \
- (unsigned) (ops)));
-
-#else /* MBEDTLS_ECP_RESTARTABLE */
-
-#define MBEDTLS_ECP_BUDGET(ops) /* no-op; for compatibility */
-
-/* We want to declare restartable versions of existing functions anyway */
-typedef void mbedtls_ecp_restart_ctx;
-
-#endif /* MBEDTLS_ECP_RESTARTABLE */
-
-/**
- * \brief The ECP key-pair structure.
- *
- * A generic key-pair that may be used for ECDSA and fixed ECDH, for example.
- *
- * \note Members are deliberately in the same order as in the
- * ::mbedtls_ecdsa_context structure.
- */
-typedef struct mbedtls_ecp_keypair {
- mbedtls_ecp_group MBEDTLS_PRIVATE(grp); /*!< Elliptic curve and base point */
- mbedtls_mpi MBEDTLS_PRIVATE(d); /*!< our secret value */
- mbedtls_ecp_point MBEDTLS_PRIVATE(Q); /*!< our public value */
-}
-mbedtls_ecp_keypair;
-
-/**
- * The uncompressed point format for Short Weierstrass curves
- * (MBEDTLS_ECP_DP_SECP_XXX and MBEDTLS_ECP_DP_BP_XXX).
- */
-#define MBEDTLS_ECP_PF_UNCOMPRESSED 0
-/**
- * The compressed point format for Short Weierstrass curves
- * (MBEDTLS_ECP_DP_SECP_XXX and MBEDTLS_ECP_DP_BP_XXX).
- *
- * \warning While this format is supported for all concerned curves for
- * writing, when it comes to parsing, it is not supported for all
- * curves. Specifically, parsing compressed points on
- * MBEDTLS_ECP_DP_SECP224R1 and MBEDTLS_ECP_DP_SECP224K1 is not
- * supported.
- */
-#define MBEDTLS_ECP_PF_COMPRESSED 1
-
-/*
- * Some other constants from RFC 4492
- */
-#define MBEDTLS_ECP_TLS_NAMED_CURVE 3 /**< The named_curve of ECCurveType. */
-
-#if defined(MBEDTLS_ECP_RESTARTABLE)
-/**
- * \brief Set the maximum number of basic operations done in a row.
- *
- * If more operations are needed to complete a computation,
- * #MBEDTLS_ERR_ECP_IN_PROGRESS will be returned by the
- * function performing the computation. It is then the
- * caller's responsibility to either call again with the same
- * parameters until it returns 0 or an error code; or to free
- * the restart context if the operation is to be aborted.
- *
- * It is strictly required that all input parameters and the
- * restart context be the same on successive calls for the
- * same operation, but output parameters need not be the
- * same; they must not be used until the function finally
- * returns 0.
- *
- * This only applies to functions whose documentation
- * mentions they may return #MBEDTLS_ERR_ECP_IN_PROGRESS (or
- * #MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS for functions in the
- * SSL module). For functions that accept a "restart context"
- * argument, passing NULL disables restart and makes the
- * function equivalent to the function with the same name
- * with \c _restartable removed. For functions in the ECDH
- * module, restart is disabled unless the function accepts
- * an "ECDH context" argument and
- * mbedtls_ecdh_enable_restart() was previously called on
- * that context. For function in the SSL module, restart is
- * only enabled for specific sides and key exchanges
- * (currently only for clients and ECDHE-ECDSA).
- *
- * \warning Using the PSA interruptible interfaces with keys in local
- * storage and no accelerator driver will also call this
- * function to set the values specified via those interfaces,
- * overwriting values previously set. Care should be taken if
- * mixing these two interfaces.
- *
- * \param max_ops Maximum number of basic operations done in a row.
- * Default: 0 (unlimited).
- * Lower (non-zero) values mean ECC functions will block for
- * a lesser maximum amount of time.
- *
- * \note A "basic operation" is defined as a rough equivalent of a
- * multiplication in GF(p) for the NIST P-256 curve.
- * As an indication, with default settings, a scalar
- * multiplication (full run of \c mbedtls_ecp_mul()) is:
- * - about 3300 basic operations for P-256
- * - about 9400 basic operations for P-384
- *
- * \note Very low values are not always respected: sometimes
- * functions need to block for a minimum number of
- * operations, and will do so even if max_ops is set to a
- * lower value. That minimum depends on the curve size, and
- * can be made lower by decreasing the value of
- * \c MBEDTLS_ECP_WINDOW_SIZE. As an indication, here is the
- * lowest effective value for various curves and values of
- * that parameter (w for short):
- * w=6 w=5 w=4 w=3 w=2
- * P-256 208 208 160 136 124
- * P-384 682 416 320 272 248
- * P-521 1364 832 640 544 496
- *
- * \note This setting is currently ignored by Curve25519.
- */
-void mbedtls_ecp_set_max_ops(unsigned max_ops);
-
-/**
- * \brief Check if restart is enabled (max_ops != 0)
- *
- * \return \c 0 if \c max_ops == 0 (restart disabled)
- * \return \c 1 otherwise (restart enabled)
- */
-int mbedtls_ecp_restart_is_enabled(void);
-#endif /* MBEDTLS_ECP_RESTARTABLE */
-
-/*
- * Get the type of a curve
- */
-mbedtls_ecp_curve_type mbedtls_ecp_get_type(const mbedtls_ecp_group *grp);
-
-/**
- * \brief This function retrieves the information defined in
- * mbedtls_ecp_curve_info() for all supported curves.
- *
- * \note This function returns information about all curves
- * supported by the library. Some curves may not be
- * supported for all algorithms. Call mbedtls_ecdh_can_do()
- * or mbedtls_ecdsa_can_do() to check if a curve is
- * supported for ECDH or ECDSA.
- *
- * \return A statically allocated array. The last entry is 0.
- */
-const mbedtls_ecp_curve_info *mbedtls_ecp_curve_list(void);
-
-/**
- * \brief This function retrieves the list of internal group
- * identifiers of all supported curves in the order of
- * preference.
- *
- * \note This function returns information about all curves
- * supported by the library. Some curves may not be
- * supported for all algorithms. Call mbedtls_ecdh_can_do()
- * or mbedtls_ecdsa_can_do() to check if a curve is
- * supported for ECDH or ECDSA.
- *
- * \return A statically allocated array,
- * terminated with MBEDTLS_ECP_DP_NONE.
- */
-const mbedtls_ecp_group_id *mbedtls_ecp_grp_id_list(void);
-
-/**
- * \brief This function retrieves curve information from an internal
- * group identifier.
- *
- * \param grp_id An \c MBEDTLS_ECP_DP_XXX value.
- *
- * \return The associated curve information on success.
- * \return NULL on failure.
- */
-const mbedtls_ecp_curve_info *mbedtls_ecp_curve_info_from_grp_id(mbedtls_ecp_group_id grp_id);
-
-/**
- * \brief This function retrieves curve information from a TLS
- * NamedCurve value.
- *
- * \param tls_id An \c MBEDTLS_ECP_DP_XXX value.
- *
- * \return The associated curve information on success.
- * \return NULL on failure.
- */
-const mbedtls_ecp_curve_info *mbedtls_ecp_curve_info_from_tls_id(uint16_t tls_id);
-
-/**
- * \brief This function retrieves curve information from a
- * human-readable name.
- *
- * \param name The human-readable name.
- *
- * \return The associated curve information on success.
- * \return NULL on failure.
- */
-const mbedtls_ecp_curve_info *mbedtls_ecp_curve_info_from_name(const char *name);
-
-/**
- * \brief This function initializes a point as zero.
- *
- * \param pt The point to initialize.
- */
-void mbedtls_ecp_point_init(mbedtls_ecp_point *pt);
-
-/**
- * \brief This function initializes an ECP group context
- * without loading any domain parameters.
- *
- * \note After this function is called, domain parameters
- * for various ECP groups can be loaded through the
- * mbedtls_ecp_group_load() or mbedtls_ecp_tls_read_group()
- * functions.
- */
-void mbedtls_ecp_group_init(mbedtls_ecp_group *grp);
-
-/**
- * \brief This function initializes a key pair as an invalid one.
- *
- * \param key The key pair to initialize.
- */
-void mbedtls_ecp_keypair_init(mbedtls_ecp_keypair *key);
-
-/**
- * \brief This function frees the components of a point.
- *
- * \param pt The point to free.
- */
-void mbedtls_ecp_point_free(mbedtls_ecp_point *pt);
-
-/**
- * \brief This function frees the components of an ECP group.
- *
- * \param grp The group to free. This may be \c NULL, in which
- * case this function returns immediately. If it is not
- * \c NULL, it must point to an initialized ECP group.
- */
-void mbedtls_ecp_group_free(mbedtls_ecp_group *grp);
-
-/**
- * \brief This function frees the components of a key pair.
- *
- * \param key The key pair to free. This may be \c NULL, in which
- * case this function returns immediately. If it is not
- * \c NULL, it must point to an initialized ECP key pair.
- */
-void mbedtls_ecp_keypair_free(mbedtls_ecp_keypair *key);
-
-#if defined(MBEDTLS_ECP_RESTARTABLE)
-/**
- * \brief Initialize a restart context.
- *
- * \param ctx The restart context to initialize. This must
- * not be \c NULL.
- */
-void mbedtls_ecp_restart_init(mbedtls_ecp_restart_ctx *ctx);
-
-/**
- * \brief Free the components of a restart context.
- *
- * \param ctx The restart context to free. This may be \c NULL, in which
- * case this function returns immediately. If it is not
- * \c NULL, it must point to an initialized restart context.
- */
-void mbedtls_ecp_restart_free(mbedtls_ecp_restart_ctx *ctx);
-#endif /* MBEDTLS_ECP_RESTARTABLE */
-
-/**
- * \brief This function copies the contents of point \p Q into
- * point \p P.
- *
- * \param P The destination point. This must be initialized.
- * \param Q The source point. This must be initialized.
- *
- * \return \c 0 on success.
- * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED on memory-allocation failure.
- * \return Another negative error code for other kinds of failure.
- */
-int mbedtls_ecp_copy(mbedtls_ecp_point *P, const mbedtls_ecp_point *Q);
-
-/**
- * \brief This function copies the contents of group \p src into
- * group \p dst.
- *
- * \param dst The destination group. This must be initialized.
- * \param src The source group. This must be initialized.
- *
- * \return \c 0 on success.
- * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED on memory-allocation failure.
- * \return Another negative error code on other kinds of failure.
- */
-int mbedtls_ecp_group_copy(mbedtls_ecp_group *dst,
- const mbedtls_ecp_group *src);
-
-/**
- * \brief This function sets a point to the point at infinity.
- *
- * \param pt The point to set. This must be initialized.
- *
- * \return \c 0 on success.
- * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED on memory-allocation failure.
- * \return Another negative error code on other kinds of failure.
- */
-int mbedtls_ecp_set_zero(mbedtls_ecp_point *pt);
-
-/**
- * \brief This function checks if a point is the point at infinity.
- *
- * \param pt The point to test. This must be initialized.
- *
- * \return \c 1 if the point is zero.
- * \return \c 0 if the point is non-zero.
- * \return A negative error code on failure.
- */
-int mbedtls_ecp_is_zero(mbedtls_ecp_point *pt);
-
-/**
- * \brief This function compares two points.
- *
- * \note This assumes that the points are normalized. Otherwise,
- * they may compare as "not equal" even if they are.
- *
- * \param P The first point to compare. This must be initialized.
- * \param Q The second point to compare. This must be initialized.
- *
- * \return \c 0 if the points are equal.
- * \return #MBEDTLS_ERR_ECP_BAD_INPUT_DATA if the points are not equal.
- */
-int mbedtls_ecp_point_cmp(const mbedtls_ecp_point *P,
- const mbedtls_ecp_point *Q);
-
-/**
- * \brief This function imports a non-zero point from two ASCII
- * strings.
- *
- * \param P The destination point. This must be initialized.
- * \param radix The numeric base of the input.
- * \param x The first affine coordinate, as a null-terminated string.
- * \param y The second affine coordinate, as a null-terminated string.
- *
- * \return \c 0 on success.
- * \return An \c MBEDTLS_ERR_MPI_XXX error code on failure.
- */
-int mbedtls_ecp_point_read_string(mbedtls_ecp_point *P, int radix,
- const char *x, const char *y);
-
-/**
- * \brief This function exports a point into unsigned binary data.
- *
- * \param grp The group to which the point should belong.
- * This must be initialized and have group parameters
- * set, for example through mbedtls_ecp_group_load().
- * \param P The point to export. This must be initialized.
- * \param format The point format. This must be either
- * #MBEDTLS_ECP_PF_COMPRESSED or #MBEDTLS_ECP_PF_UNCOMPRESSED.
- * (For groups without these formats, this parameter is
- * ignored. But it still has to be either of the above
- * values.)
- * \param olen The address at which to store the length of
- * the output in Bytes. This must not be \c NULL.
- * \param buf The output buffer. This must be a writable buffer
- * of length \p buflen Bytes.
- * \param buflen The length of the output buffer \p buf in Bytes.
- *
- * \return \c 0 on success.
- * \return #MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL if the output buffer
- * is too small to hold the point.
- * \return #MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE if the point format
- * or the export for the given group is not implemented.
- * \return Another negative error code on other kinds of failure.
- */
-int mbedtls_ecp_point_write_binary(const mbedtls_ecp_group *grp,
- const mbedtls_ecp_point *P,
- int format, size_t *olen,
- unsigned char *buf, size_t buflen);
-
-/**
- * \brief This function imports a point from unsigned binary data.
- *
- * \note This function does not check that the point actually
- * belongs to the given group, see mbedtls_ecp_check_pubkey()
- * for that.
- *
- * \note For compressed points, see #MBEDTLS_ECP_PF_COMPRESSED for
- * limitations.
- *
- * \param grp The group to which the point should belong.
- * This must be initialized and have group parameters
- * set, for example through mbedtls_ecp_group_load().
- * \param P The destination context to import the point to.
- * This must be initialized.
- * \param buf The input buffer. This must be a readable buffer
- * of length \p ilen Bytes.
- * \param ilen The length of the input buffer \p buf in Bytes.
- *
- * \return \c 0 on success.
- * \return #MBEDTLS_ERR_ECP_BAD_INPUT_DATA if the input is invalid.
- * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED on memory-allocation failure.
- * \return #MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE if the import for the
- * given group is not implemented.
- */
-int mbedtls_ecp_point_read_binary(const mbedtls_ecp_group *grp,
- mbedtls_ecp_point *P,
- const unsigned char *buf, size_t ilen);
-
-/**
- * \brief This function imports a point from a TLS ECPoint record.
- *
- * \note On function return, \p *buf is updated to point immediately
- * after the ECPoint record.
- *
- * \param grp The ECP group to use.
- * This must be initialized and have group parameters
- * set, for example through mbedtls_ecp_group_load().
- * \param pt The destination point.
- * \param buf The address of the pointer to the start of the input buffer.
- * \param len The length of the buffer.
- *
- * \return \c 0 on success.
- * \return An \c MBEDTLS_ERR_MPI_XXX error code on initialization
- * failure.
- * \return #MBEDTLS_ERR_ECP_BAD_INPUT_DATA if input is invalid.
- */
-int mbedtls_ecp_tls_read_point(const mbedtls_ecp_group *grp,
- mbedtls_ecp_point *pt,
- const unsigned char **buf, size_t len);
-
-/**
- * \brief This function exports a point as a TLS ECPoint record
- * defined in RFC 4492, Section 5.4.
- *
- * \param grp The ECP group to use.
- * This must be initialized and have group parameters
- * set, for example through mbedtls_ecp_group_load().
- * \param pt The point to be exported. This must be initialized.
- * \param format The point format to use. This must be either
- * #MBEDTLS_ECP_PF_COMPRESSED or #MBEDTLS_ECP_PF_UNCOMPRESSED.
- * \param olen The address at which to store the length in Bytes
- * of the data written.
- * \param buf The target buffer. This must be a writable buffer of
- * length \p blen Bytes.
- * \param blen The length of the target buffer \p buf in Bytes.
- *
- * \return \c 0 on success.
- * \return #MBEDTLS_ERR_ECP_BAD_INPUT_DATA if the input is invalid.
- * \return #MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL if the target buffer
- * is too small to hold the exported point.
- * \return Another negative error code on other kinds of failure.
- */
-int mbedtls_ecp_tls_write_point(const mbedtls_ecp_group *grp,
- const mbedtls_ecp_point *pt,
- int format, size_t *olen,
- unsigned char *buf, size_t blen);
-
-/**
- * \brief This function sets up an ECP group context
- * from a standardized set of domain parameters.
- *
- * \note The index should be a value of the NamedCurve enum,
- * as defined in RFC-4492: Elliptic Curve Cryptography
- * (ECC) Cipher Suites for Transport Layer Security (TLS),
- * usually in the form of an \c MBEDTLS_ECP_DP_XXX macro.
- *
- * \param grp The group context to setup. This must be initialized.
- * \param id The identifier of the domain parameter set to load.
- *
- * \return \c 0 on success.
- * \return #MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE if \p id doesn't
- * correspond to a known group.
- * \return Another negative error code on other kinds of failure.
- */
-int mbedtls_ecp_group_load(mbedtls_ecp_group *grp, mbedtls_ecp_group_id id);
-
-/**
- * \brief This function sets up an ECP group context from a TLS
- * ECParameters record as defined in RFC 4492, Section 5.4.
- *
- * \note The read pointer \p buf is updated to point right after
- * the ECParameters record on exit.
- *
- * \param grp The group context to setup. This must be initialized.
- * \param buf The address of the pointer to the start of the input buffer.
- * \param len The length of the input buffer \c *buf in Bytes.
- *
- * \return \c 0 on success.
- * \return #MBEDTLS_ERR_ECP_BAD_INPUT_DATA if input is invalid.
- * \return #MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE if the group is not
- * recognized.
- * \return Another negative error code on other kinds of failure.
- */
-int mbedtls_ecp_tls_read_group(mbedtls_ecp_group *grp,
- const unsigned char **buf, size_t len);
-
-/**
- * \brief This function extracts an elliptic curve group ID from a
- * TLS ECParameters record as defined in RFC 4492, Section 5.4.
- *
- * \note The read pointer \p buf is updated to point right after
- * the ECParameters record on exit.
- *
- * \param grp The address at which to store the group id.
- * This must not be \c NULL.
- * \param buf The address of the pointer to the start of the input buffer.
- * \param len The length of the input buffer \c *buf in Bytes.
- *
- * \return \c 0 on success.
- * \return #MBEDTLS_ERR_ECP_BAD_INPUT_DATA if input is invalid.
- * \return #MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE if the group is not
- * recognized.
- * \return Another negative error code on other kinds of failure.
- */
-int mbedtls_ecp_tls_read_group_id(mbedtls_ecp_group_id *grp,
- const unsigned char **buf,
- size_t len);
-/**
- * \brief This function exports an elliptic curve as a TLS
- * ECParameters record as defined in RFC 4492, Section 5.4.
- *
- * \param grp The ECP group to be exported.
- * This must be initialized and have group parameters
- * set, for example through mbedtls_ecp_group_load().
- * \param olen The address at which to store the number of Bytes written.
- * This must not be \c NULL.
- * \param buf The buffer to write to. This must be a writable buffer
- * of length \p blen Bytes.
- * \param blen The length of the output buffer \p buf in Bytes.
- *
- * \return \c 0 on success.
- * \return #MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL if the output
- * buffer is too small to hold the exported group.
- * \return Another negative error code on other kinds of failure.
- */
-int mbedtls_ecp_tls_write_group(const mbedtls_ecp_group *grp,
- size_t *olen,
- unsigned char *buf, size_t blen);
-
-/**
- * \brief This function performs a scalar multiplication of a point
- * by an integer: \p R = \p m * \p P.
- *
- * It is not thread-safe to use same group in multiple threads.
- *
- * \note To prevent timing attacks, this function
- * executes the exact same sequence of base-field
- * operations for any valid \p m. It avoids any if-branch or
- * array index depending on the value of \p m. It also uses
- * \p f_rng to randomize some intermediate results.
- *
- * \param grp The ECP group to use.
- * This must be initialized and have group parameters
- * set, for example through mbedtls_ecp_group_load().
- * \param R The point in which to store the result of the calculation.
- * This must be initialized.
- * \param m The integer by which to multiply. This must be initialized.
- * \param P The point to multiply. This must be initialized.
- * \param f_rng The RNG function. This must not be \c NULL.
- * \param p_rng The RNG context to be passed to \p f_rng. This may be \c
- * NULL if \p f_rng doesn't need a context.
- *
- * \return \c 0 on success.
- * \return #MBEDTLS_ERR_ECP_INVALID_KEY if \p m is not a valid private
- * key, or \p P is not a valid public key.
- * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED on memory-allocation failure.
- * \return Another negative error code on other kinds of failure.
- */
-int mbedtls_ecp_mul(mbedtls_ecp_group *grp, mbedtls_ecp_point *R,
- const mbedtls_mpi *m, const mbedtls_ecp_point *P,
- int (*f_rng)(void *, unsigned char *, size_t), void *p_rng);
-
-/**
- * \brief This function performs multiplication of a point by
- * an integer: \p R = \p m * \p P in a restartable way.
- *
- * \see mbedtls_ecp_mul()
- *
- * \note This function does the same as \c mbedtls_ecp_mul(), but
- * it can return early and restart according to the limit set
- * with \c mbedtls_ecp_set_max_ops() to reduce blocking.
- *
- * \param grp The ECP group to use.
- * This must be initialized and have group parameters
- * set, for example through mbedtls_ecp_group_load().
- * \param R The point in which to store the result of the calculation.
- * This must be initialized.
- * \param m The integer by which to multiply. This must be initialized.
- * \param P The point to multiply. This must be initialized.
- * \param f_rng The RNG function. This must not be \c NULL.
- * \param p_rng The RNG context to be passed to \p f_rng. This may be \c
- * NULL if \p f_rng doesn't need a context.
- * \param rs_ctx The restart context (NULL disables restart).
- *
- * \return \c 0 on success.
- * \return #MBEDTLS_ERR_ECP_INVALID_KEY if \p m is not a valid private
- * key, or \p P is not a valid public key.
- * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED on memory-allocation failure.
- * \return #MBEDTLS_ERR_ECP_IN_PROGRESS if maximum number of
- * operations was reached: see \c mbedtls_ecp_set_max_ops().
- * \return Another negative error code on other kinds of failure.
- */
-int mbedtls_ecp_mul_restartable(mbedtls_ecp_group *grp, mbedtls_ecp_point *R,
- const mbedtls_mpi *m, const mbedtls_ecp_point *P,
- int (*f_rng)(void *, unsigned char *, size_t), void *p_rng,
- mbedtls_ecp_restart_ctx *rs_ctx);
-
-#if defined(MBEDTLS_ECP_SHORT_WEIERSTRASS_ENABLED)
-/**
- * \brief This function checks if domain parameter A of the curve is
- * \c -3.
- *
- * \note This function is only defined for short Weierstrass curves.
- * It may not be included in builds without any short
- * Weierstrass curve.
- *
- * \param grp The ECP group to use.
- * This must be initialized and have group parameters
- * set, for example through mbedtls_ecp_group_load().
- *
- * \return \c 1 if A = -3.
- * \return \c 0 Otherwise.
- */
-static inline int mbedtls_ecp_group_a_is_minus_3(const mbedtls_ecp_group *grp)
-{
- return grp->A.MBEDTLS_PRIVATE(p) == NULL;
-}
-
-/**
- * \brief This function performs multiplication and addition of two
- * points by integers: \p R = \p m * \p P + \p n * \p Q
- *
- * It is not thread-safe to use same group in multiple threads.
- *
- * \note In contrast to mbedtls_ecp_mul(), this function does not
- * guarantee a constant execution flow and timing.
- *
- * \note This function is only defined for short Weierstrass curves.
- * It may not be included in builds without any short
- * Weierstrass curve.
- *
- * \param grp The ECP group to use.
- * This must be initialized and have group parameters
- * set, for example through mbedtls_ecp_group_load().
- * \param R The point in which to store the result of the calculation.
- * This must be initialized.
- * \param m The integer by which to multiply \p P.
- * This must be initialized.
- * \param P The point to multiply by \p m. This must be initialized.
- * \param n The integer by which to multiply \p Q.
- * This must be initialized.
- * \param Q The point to be multiplied by \p n.
- * This must be initialized.
- *
- * \return \c 0 on success.
- * \return #MBEDTLS_ERR_ECP_INVALID_KEY if \p m or \p n are not
- * valid private keys, or \p P or \p Q are not valid public
- * keys.
- * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED on memory-allocation failure.
- * \return #MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE if \p grp does not
- * designate a short Weierstrass curve.
- * \return Another negative error code on other kinds of failure.
- */
-int mbedtls_ecp_muladd(mbedtls_ecp_group *grp, mbedtls_ecp_point *R,
- const mbedtls_mpi *m, const mbedtls_ecp_point *P,
- const mbedtls_mpi *n, const mbedtls_ecp_point *Q);
-
-/**
- * \brief This function performs multiplication and addition of two
- * points by integers: \p R = \p m * \p P + \p n * \p Q in a
- * restartable way.
- *
- * \see \c mbedtls_ecp_muladd()
- *
- * \note This function works the same as \c mbedtls_ecp_muladd(),
- * but it can return early and restart according to the limit
- * set with \c mbedtls_ecp_set_max_ops() to reduce blocking.
- *
- * \note This function is only defined for short Weierstrass curves.
- * It may not be included in builds without any short
- * Weierstrass curve.
- *
- * \param grp The ECP group to use.
- * This must be initialized and have group parameters
- * set, for example through mbedtls_ecp_group_load().
- * \param R The point in which to store the result of the calculation.
- * This must be initialized.
- * \param m The integer by which to multiply \p P.
- * This must be initialized.
- * \param P The point to multiply by \p m. This must be initialized.
- * \param n The integer by which to multiply \p Q.
- * This must be initialized.
- * \param Q The point to be multiplied by \p n.
- * This must be initialized.
- * \param rs_ctx The restart context (NULL disables restart).
- *
- * \return \c 0 on success.
- * \return #MBEDTLS_ERR_ECP_INVALID_KEY if \p m or \p n are not
- * valid private keys, or \p P or \p Q are not valid public
- * keys.
- * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED on memory-allocation failure.
- * \return #MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE if \p grp does not
- * designate a short Weierstrass curve.
- * \return #MBEDTLS_ERR_ECP_IN_PROGRESS if maximum number of
- * operations was reached: see \c mbedtls_ecp_set_max_ops().
- * \return Another negative error code on other kinds of failure.
- */
-int mbedtls_ecp_muladd_restartable(
- mbedtls_ecp_group *grp, mbedtls_ecp_point *R,
- const mbedtls_mpi *m, const mbedtls_ecp_point *P,
- const mbedtls_mpi *n, const mbedtls_ecp_point *Q,
- mbedtls_ecp_restart_ctx *rs_ctx);
-#endif /* MBEDTLS_ECP_SHORT_WEIERSTRASS_ENABLED */
-
-/**
- * \brief This function checks that a point is a valid public key
- * on this curve.
- *
- * It only checks that the point is non-zero, has
- * valid coordinates and lies on the curve. It does not verify
- * that it is indeed a multiple of \c G. This additional
- * check is computationally more expensive, is not required
- * by standards, and should not be necessary if the group
- * used has a small cofactor. In particular, it is useless for
- * the NIST groups which all have a cofactor of 1.
- *
- * \note This function uses bare components rather than an
- * ::mbedtls_ecp_keypair structure, to ease use with other
- * structures, such as ::mbedtls_ecdh_context or
- * ::mbedtls_ecdsa_context.
- *
- * \param grp The ECP group the point should belong to.
- * This must be initialized and have group parameters
- * set, for example through mbedtls_ecp_group_load().
- * \param pt The point to check. This must be initialized.
- *
- * \return \c 0 if the point is a valid public key.
- * \return #MBEDTLS_ERR_ECP_INVALID_KEY if the point is not
- * a valid public key for the given curve.
- * \return Another negative error code on other kinds of failure.
- */
-int mbedtls_ecp_check_pubkey(const mbedtls_ecp_group *grp,
- const mbedtls_ecp_point *pt);
-
-/**
- * \brief This function checks that an \c mbedtls_mpi is a
- * valid private key for this curve.
- *
- * \note This function uses bare components rather than an
- * ::mbedtls_ecp_keypair structure to ease use with other
- * structures, such as ::mbedtls_ecdh_context or
- * ::mbedtls_ecdsa_context.
- *
- * \param grp The ECP group the private key should belong to.
- * This must be initialized and have group parameters
- * set, for example through mbedtls_ecp_group_load().
- * \param d The integer to check. This must be initialized.
- *
- * \return \c 0 if the point is a valid private key.
- * \return #MBEDTLS_ERR_ECP_INVALID_KEY if the point is not a valid
- * private key for the given curve.
- * \return Another negative error code on other kinds of failure.
- */
-int mbedtls_ecp_check_privkey(const mbedtls_ecp_group *grp,
- const mbedtls_mpi *d);
-
-/**
- * \brief This function generates a private key.
- *
- * \param grp The ECP group to generate a private key for.
- * This must be initialized and have group parameters
- * set, for example through mbedtls_ecp_group_load().
- * \param d The destination MPI (secret part). This must be initialized.
- * \param f_rng The RNG function. This must not be \c NULL.
- * \param p_rng The RNG parameter to be passed to \p f_rng. This may be
- * \c NULL if \p f_rng doesn't need a context argument.
- *
- * \return \c 0 on success.
- * \return An \c MBEDTLS_ERR_ECP_XXX or \c MBEDTLS_MPI_XXX error code
- * on failure.
- */
-int mbedtls_ecp_gen_privkey(const mbedtls_ecp_group *grp,
- mbedtls_mpi *d,
- int (*f_rng)(void *, unsigned char *, size_t),
- void *p_rng);
-
-/**
- * \brief This function generates a keypair with a configurable base
- * point.
- *
- * \note This function uses bare components rather than an
- * ::mbedtls_ecp_keypair structure to ease use with other
- * structures, such as ::mbedtls_ecdh_context or
- * ::mbedtls_ecdsa_context.
- *
- * \param grp The ECP group to generate a key pair for.
- * This must be initialized and have group parameters
- * set, for example through mbedtls_ecp_group_load().
- * \param G The base point to use. This must be initialized
- * and belong to \p grp. It replaces the default base
- * point \c grp->G used by mbedtls_ecp_gen_keypair().
- * \param d The destination MPI (secret part).
- * This must be initialized.
- * \param Q The destination point (public part).
- * This must be initialized.
- * \param f_rng The RNG function. This must not be \c NULL.
- * \param p_rng The RNG context to be passed to \p f_rng. This may
- * be \c NULL if \p f_rng doesn't need a context argument.
- *
- * \return \c 0 on success.
- * \return An \c MBEDTLS_ERR_ECP_XXX or \c MBEDTLS_MPI_XXX error code
- * on failure.
- */
-int mbedtls_ecp_gen_keypair_base(mbedtls_ecp_group *grp,
- const mbedtls_ecp_point *G,
- mbedtls_mpi *d, mbedtls_ecp_point *Q,
- int (*f_rng)(void *, unsigned char *, size_t),
- void *p_rng);
-
-/**
- * \brief This function generates an ECP keypair.
- *
- * \note This function uses bare components rather than an
- * ::mbedtls_ecp_keypair structure to ease use with other
- * structures, such as ::mbedtls_ecdh_context or
- * ::mbedtls_ecdsa_context.
- *
- * \param grp The ECP group to generate a key pair for.
- * This must be initialized and have group parameters
- * set, for example through mbedtls_ecp_group_load().
- * \param d The destination MPI (secret part).
- * This must be initialized.
- * \param Q The destination point (public part).
- * This must be initialized.
- * \param f_rng The RNG function. This must not be \c NULL.
- * \param p_rng The RNG context to be passed to \p f_rng. This may
- * be \c NULL if \p f_rng doesn't need a context argument.
- *
- * \return \c 0 on success.
- * \return An \c MBEDTLS_ERR_ECP_XXX or \c MBEDTLS_MPI_XXX error code
- * on failure.
- */
-int mbedtls_ecp_gen_keypair(mbedtls_ecp_group *grp, mbedtls_mpi *d,
- mbedtls_ecp_point *Q,
- int (*f_rng)(void *, unsigned char *, size_t),
- void *p_rng);
-
-/**
- * \brief This function generates an ECP key.
- *
- * \param grp_id The ECP group identifier.
- * \param key The destination key. This must be initialized.
- * \param f_rng The RNG function to use. This must not be \c NULL.
- * \param p_rng The RNG context to be passed to \p f_rng. This may
- * be \c NULL if \p f_rng doesn't need a context argument.
- *
- * \return \c 0 on success.
- * \return An \c MBEDTLS_ERR_ECP_XXX or \c MBEDTLS_MPI_XXX error code
- * on failure.
- */
-int mbedtls_ecp_gen_key(mbedtls_ecp_group_id grp_id, mbedtls_ecp_keypair *key,
- int (*f_rng)(void *, unsigned char *, size_t),
- void *p_rng);
-
-/** \brief Set the public key in a key pair object.
- *
- * \note This function does not check that the point actually
- * belongs to the given group. Call mbedtls_ecp_check_pubkey()
- * on \p Q before calling this function to check that.
- *
- * \note This function does not check that the public key matches
- * the private key that is already in \p key, if any.
- * To check the consistency of the resulting key pair object,
- * call mbedtls_ecp_check_pub_priv() after setting both
- * the public key and the private key.
- *
- * \param grp_id The ECP group identifier.
- * \param key The key pair object. It must be initialized.
- * If its group has already been set, it must match \p grp_id.
- * If its group has not been set, it will be set to \p grp_id.
- * If the public key has already been set, it is overwritten.
- * \param Q The public key to copy. This must be a point on the
- * curve indicated by \p grp_id.
- *
- * \return \c 0 on success.
- * \return #MBEDTLS_ERR_ECP_BAD_INPUT_DATA if \p key does not
- * match \p grp_id.
- * \return #MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE if the operation for
- * the group is not implemented.
- * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED on memory-allocation failure.
- * \return Another negative error code on other kinds of failure.
- */
-int mbedtls_ecp_set_public_key(mbedtls_ecp_group_id grp_id,
- mbedtls_ecp_keypair *key,
- const mbedtls_ecp_point *Q);
-
-/**
- * \brief This function reads an elliptic curve private key.
- *
- * \note This function does not set the public key in the
- * key pair object. Without a public key, the key pair object
- * cannot be used with operations that require the public key.
- * Call mbedtls_ecp_keypair_calc_public() to set the public
- * key from the private key. Alternatively, you can call
- * mbedtls_ecp_set_public_key() to set the public key part,
- * and then optionally mbedtls_ecp_check_pub_priv() to check
- * that the private and public parts are consistent.
- *
- * \note If a public key has already been set in the key pair
- * object, this function does not check that it is consistent
- * with the private key. Call mbedtls_ecp_check_pub_priv()
- * after setting both the public key and the private key
- * to make that check.
- *
- * \param grp_id The ECP group identifier.
- * \param key The destination key.
- * \param buf The buffer containing the binary representation of the
- * key. (Big endian integer for Weierstrass curves, byte
- * string for Montgomery curves.)
- * \param buflen The length of the buffer in bytes.
- *
- * \return \c 0 on success.
- * \return #MBEDTLS_ERR_ECP_INVALID_KEY error if the key is
- * invalid.
- * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed.
- * \return #MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE if the operation for
- * the group is not implemented.
- * \return Another negative error code on different kinds of failure.
- */
-int mbedtls_ecp_read_key(mbedtls_ecp_group_id grp_id, mbedtls_ecp_keypair *key,
- const unsigned char *buf, size_t buflen);
-
-#if !defined(MBEDTLS_DEPRECATED_REMOVED)
-/**
- * \brief This function exports an elliptic curve private key.
- *
- * \deprecated Note that although this function accepts an output
- * buffer that is smaller or larger than the key, most key
- * import interfaces require the output to have exactly
- * key's nominal length. It is generally simplest to
- * pass the key's nominal length as \c buflen, after
- * checking that the output buffer is large enough.
- * See the description of the \p buflen parameter for
- * how to calculate the nominal length.
- * To avoid this difficulty, use mbedtls_ecp_write_key_ext()
- * instead.
- * mbedtls_ecp_write_key() is deprecated and will be
- * removed in a future version of the library.
- *
- * \note If the private key was not set in \p key,
- * the output is unspecified. Future versions
- * may return an error in that case.
- *
- * \param key The private key.
- * \param buf The output buffer for containing the binary representation
- * of the key.
- * For Weierstrass curves, this is the big-endian
- * representation, padded with null bytes at the beginning
- * to reach \p buflen bytes.
- * For Montgomery curves, this is the standard byte string
- * representation (which is little-endian), padded with
- * null bytes at the end to reach \p buflen bytes.
- * \param buflen The total length of the buffer in bytes.
- * The length of the output is
- * (`grp->nbits` + 7) / 8 bytes
- * where `grp->nbits` is the private key size in bits.
- * For Weierstrass keys, if the output buffer is smaller,
- * leading zeros are trimmed to fit if possible. For
- * Montgomery keys, the output buffer must always be large
- * enough for the nominal length.
- *
- * \return \c 0 on success.
- * \return #MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL or
- * #MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL if the \p key
- * representation is larger than the available space in \p buf.
- * \return Another negative error code on different kinds of failure.
- */
-int MBEDTLS_DEPRECATED mbedtls_ecp_write_key(mbedtls_ecp_keypair *key,
- unsigned char *buf, size_t buflen);
-#endif /* MBEDTLS_DEPRECATED_REMOVED */
-
-/**
- * \brief This function exports an elliptic curve private key.
- *
- * \param key The private key.
- * \param olen On success, the length of the private key.
- * This is always (`grp->nbits` + 7) / 8 bytes
- * where `grp->nbits` is the private key size in bits.
- * \param buf The output buffer for containing the binary representation
- * of the key.
- * \param buflen The total length of the buffer in bytes.
- * #MBEDTLS_ECP_MAX_BYTES is always sufficient.
- *
- * \return \c 0 on success.
- * \return #MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL if the \p key
- * representation is larger than the available space in \p buf.
- * \return #MBEDTLS_ERR_ECP_BAD_INPUT_DATA if no private key is
- * set in \p key.
- * \return Another negative error code on different kinds of failure.
- */
-int mbedtls_ecp_write_key_ext(const mbedtls_ecp_keypair *key,
- size_t *olen, unsigned char *buf, size_t buflen);
-
-/**
- * \brief This function exports an elliptic curve public key.
- *
- * \note If the public key was not set in \p key,
- * the output is unspecified. Future versions
- * may return an error in that case.
- *
- * \param key The public key.
- * \param format The point format. This must be either
- * #MBEDTLS_ECP_PF_COMPRESSED or #MBEDTLS_ECP_PF_UNCOMPRESSED.
- * (For groups without these formats, this parameter is
- * ignored. But it still has to be either of the above
- * values.)
- * \param olen The address at which to store the length of
- * the output in Bytes. This must not be \c NULL.
- * \param buf The output buffer. This must be a writable buffer
- * of length \p buflen Bytes.
- * \param buflen The length of the output buffer \p buf in Bytes.
- *
- * \return \c 0 on success.
- * \return #MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL if the output buffer
- * is too small to hold the point.
- * \return #MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE if the point format
- * or the export for the given group is not implemented.
- * \return Another negative error code on other kinds of failure.
- */
-int mbedtls_ecp_write_public_key(const mbedtls_ecp_keypair *key,
- int format, size_t *olen,
- unsigned char *buf, size_t buflen);
-
-/**
- * \brief This function checks that the keypair objects
- * \p pub and \p prv have the same group and the
- * same public point, and that the private key in
- * \p prv is consistent with the public key.
- *
- * \param pub The keypair structure holding the public key. This
- * must be initialized. If it contains a private key, that
- * part is ignored.
- * \param prv The keypair structure holding the full keypair.
- * This must be initialized.
- * \param f_rng The RNG function. This must not be \c NULL.
- * \param p_rng The RNG context to be passed to \p f_rng. This may be \c
- * NULL if \p f_rng doesn't need a context.
- *
- * \return \c 0 on success, meaning that the keys are valid and match.
- * \return #MBEDTLS_ERR_ECP_BAD_INPUT_DATA if the keys are invalid or do not match.
- * \return An \c MBEDTLS_ERR_ECP_XXX or an \c MBEDTLS_ERR_MPI_XXX
- * error code on calculation failure.
- */
-int mbedtls_ecp_check_pub_priv(
- const mbedtls_ecp_keypair *pub, const mbedtls_ecp_keypair *prv,
- int (*f_rng)(void *, unsigned char *, size_t), void *p_rng);
-
-/** \brief Calculate the public key from a private key in a key pair.
- *
- * \param key A keypair structure. It must have a private key set.
- * If the public key is set, it will be overwritten.
- * \param f_rng The RNG function. This must not be \c NULL.
- * \param p_rng The RNG context to be passed to \p f_rng. This may be \c
- * NULL if \p f_rng doesn't need a context.
- *
- * \return \c 0 on success. The key pair object can be used for
- * operations that require the public key.
- * \return An \c MBEDTLS_ERR_ECP_XXX or an \c MBEDTLS_ERR_MPI_XXX
- * error code on calculation failure.
- */
-int mbedtls_ecp_keypair_calc_public(
- mbedtls_ecp_keypair *key,
- int (*f_rng)(void *, unsigned char *, size_t), void *p_rng);
-
-/** \brief Query the group that a key pair belongs to.
- *
- * \param key The key pair to query.
- *
- * \return The group ID for the group registered in the key pair
- * object.
- * This is \c MBEDTLS_ECP_DP_NONE if no group has been set
- * in the key pair object.
- */
-mbedtls_ecp_group_id mbedtls_ecp_keypair_get_group_id(
- const mbedtls_ecp_keypair *key);
-
-/**
- * \brief This function exports generic key-pair parameters.
- *
- * Each of the output parameters can be a null pointer
- * if you do not need that parameter.
- *
- * \note If the private key or the public key was not set in \p key,
- * the corresponding output is unspecified. Future versions
- * may return an error in that case.
- *
- * \param key The key pair to export from.
- * \param grp Slot for exported ECP group.
- * It must either be null or point to an initialized ECP group.
- * \param d Slot for the exported secret value.
- * It must either be null or point to an initialized mpi.
- * \param Q Slot for the exported public value.
- * It must either be null or point to an initialized ECP point.
- *
- * \return \c 0 on success,
- * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED on memory-allocation failure.
- * \return #MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE if key id doesn't
- * correspond to a known group.
- * \return Another negative error code on other kinds of failure.
- */
-int mbedtls_ecp_export(const mbedtls_ecp_keypair *key, mbedtls_ecp_group *grp,
- mbedtls_mpi *d, mbedtls_ecp_point *Q);
-
-#if defined(MBEDTLS_SELF_TEST)
-
-/**
- * \brief The ECP checkup routine.
- *
- * \return \c 0 on success.
- * \return \c 1 on failure.
- */
-int mbedtls_ecp_self_test(int verbose);
-
-#endif /* MBEDTLS_SELF_TEST */
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* ecp.h */
diff --git a/include/mbedtls/entropy.h b/include/mbedtls/entropy.h
deleted file mode 100644
index 20fd687..0000000
--- a/include/mbedtls/entropy.h
+++ /dev/null
@@ -1,273 +0,0 @@
-/**
- * \file entropy.h
- *
- * \brief Entropy accumulator implementation
- */
-/*
- * Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
- */
-#ifndef MBEDTLS_ENTROPY_H
-#define MBEDTLS_ENTROPY_H
-#include "mbedtls/private_access.h"
-
-#include "mbedtls/build_info.h"
-
-#include
-
-#include "md.h"
-
-#if defined(MBEDTLS_MD_CAN_SHA512) && !defined(MBEDTLS_ENTROPY_FORCE_SHA256)
-#define MBEDTLS_ENTROPY_SHA512_ACCUMULATOR
-#define MBEDTLS_ENTROPY_MD MBEDTLS_MD_SHA512
-#define MBEDTLS_ENTROPY_BLOCK_SIZE 64 /**< Block size of entropy accumulator (SHA-512) */
-#else
-#if defined(MBEDTLS_MD_CAN_SHA256)
-#define MBEDTLS_ENTROPY_SHA256_ACCUMULATOR
-#define MBEDTLS_ENTROPY_MD MBEDTLS_MD_SHA256
-#define MBEDTLS_ENTROPY_BLOCK_SIZE 32 /**< Block size of entropy accumulator (SHA-256) */
-#endif
-#endif
-
-#if defined(MBEDTLS_THREADING_C)
-#include "mbedtls/threading.h"
-#endif
-
-
-/** Critical entropy source failure. */
-#define MBEDTLS_ERR_ENTROPY_SOURCE_FAILED -0x003C
-/** No more sources can be added. */
-#define MBEDTLS_ERR_ENTROPY_MAX_SOURCES -0x003E
-/** No sources have been added to poll. */
-#define MBEDTLS_ERR_ENTROPY_NO_SOURCES_DEFINED -0x0040
-/** No strong sources have been added to poll. */
-#define MBEDTLS_ERR_ENTROPY_NO_STRONG_SOURCE -0x003D
-/** Read/write error in file. */
-#define MBEDTLS_ERR_ENTROPY_FILE_IO_ERROR -0x003F
-
-/**
- * \name SECTION: Module settings
- *
- * The configuration options you can set for this module are in this section.
- * Either change them in mbedtls_config.h or define them on the compiler command line.
- * \{
- */
-
-#if !defined(MBEDTLS_ENTROPY_MAX_SOURCES)
-#define MBEDTLS_ENTROPY_MAX_SOURCES 20 /**< Maximum number of sources supported */
-#endif
-
-#if !defined(MBEDTLS_ENTROPY_MAX_GATHER)
-#define MBEDTLS_ENTROPY_MAX_GATHER 128 /**< Maximum amount requested from entropy sources */
-#endif
-
-/** \} name SECTION: Module settings */
-
-#define MBEDTLS_ENTROPY_MAX_SEED_SIZE 1024 /**< Maximum size of seed we read from seed file */
-#define MBEDTLS_ENTROPY_SOURCE_MANUAL MBEDTLS_ENTROPY_MAX_SOURCES
-
-#define MBEDTLS_ENTROPY_SOURCE_STRONG 1 /**< Entropy source is strong */
-#define MBEDTLS_ENTROPY_SOURCE_WEAK 0 /**< Entropy source is weak */
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/**
- * \brief Entropy poll callback pointer
- *
- * \param data Callback-specific data pointer
- * \param output Data to fill
- * \param len Maximum size to provide
- * \param olen The actual amount of bytes put into the buffer (Can be 0)
- *
- * \return 0 if no critical failures occurred,
- * MBEDTLS_ERR_ENTROPY_SOURCE_FAILED otherwise
- */
-typedef int (*mbedtls_entropy_f_source_ptr)(void *data, unsigned char *output, size_t len,
- size_t *olen);
-
-/**
- * \brief Entropy source state
- */
-typedef struct mbedtls_entropy_source_state {
- mbedtls_entropy_f_source_ptr MBEDTLS_PRIVATE(f_source); /**< The entropy source callback */
- void *MBEDTLS_PRIVATE(p_source); /**< The callback data pointer */
- size_t MBEDTLS_PRIVATE(size); /**< Amount received in bytes */
- size_t MBEDTLS_PRIVATE(threshold); /**< Minimum bytes required before release */
- int MBEDTLS_PRIVATE(strong); /**< Is the source strong? */
-}
-mbedtls_entropy_source_state;
-
-/**
- * \brief Entropy context structure
- */
-typedef struct mbedtls_entropy_context {
- mbedtls_md_context_t MBEDTLS_PRIVATE(accumulator);
- int MBEDTLS_PRIVATE(accumulator_started); /* 0 after init.
- * 1 after the first update.
- * -1 after free. */
- int MBEDTLS_PRIVATE(source_count); /* Number of entries used in source. */
- mbedtls_entropy_source_state MBEDTLS_PRIVATE(source)[MBEDTLS_ENTROPY_MAX_SOURCES];
-#if defined(MBEDTLS_THREADING_C)
- mbedtls_threading_mutex_t MBEDTLS_PRIVATE(mutex); /*!< mutex */
-#endif
-#if defined(MBEDTLS_ENTROPY_NV_SEED)
- int MBEDTLS_PRIVATE(initial_entropy_run);
-#endif
-}
-mbedtls_entropy_context;
-
-#if !defined(MBEDTLS_NO_PLATFORM_ENTROPY)
-/**
- * \brief Platform-specific entropy poll callback
- */
-int mbedtls_platform_entropy_poll(void *data,
- unsigned char *output, size_t len, size_t *olen);
-#endif
-
-/**
- * \brief Initialize the context
- *
- * \param ctx Entropy context to initialize
- */
-void mbedtls_entropy_init(mbedtls_entropy_context *ctx);
-
-/**
- * \brief Free the data in the context
- *
- * \param ctx Entropy context to free
- */
-void mbedtls_entropy_free(mbedtls_entropy_context *ctx);
-
-/**
- * \brief Adds an entropy source to poll
- * (Thread-safe if MBEDTLS_THREADING_C is enabled)
- *
- * \param ctx Entropy context
- * \param f_source Entropy function
- * \param p_source Function data
- * \param threshold Minimum required from source before entropy is released
- * ( with mbedtls_entropy_func() ) (in bytes)
- * \param strong MBEDTLS_ENTROPY_SOURCE_STRONG or
- * MBEDTLS_ENTROPY_SOURCE_WEAK.
- * At least one strong source needs to be added.
- * Weaker sources (such as the cycle counter) can be used as
- * a complement.
- *
- * \return 0 if successful or MBEDTLS_ERR_ENTROPY_MAX_SOURCES
- */
-int mbedtls_entropy_add_source(mbedtls_entropy_context *ctx,
- mbedtls_entropy_f_source_ptr f_source, void *p_source,
- size_t threshold, int strong);
-
-/**
- * \brief Trigger an extra gather poll for the accumulator
- * (Thread-safe if MBEDTLS_THREADING_C is enabled)
- *
- * \param ctx Entropy context
- *
- * \return 0 if successful, or MBEDTLS_ERR_ENTROPY_SOURCE_FAILED
- */
-int mbedtls_entropy_gather(mbedtls_entropy_context *ctx);
-
-/**
- * \brief Retrieve entropy from the accumulator
- * (Maximum length: MBEDTLS_ENTROPY_BLOCK_SIZE)
- * (Thread-safe if MBEDTLS_THREADING_C is enabled)
- *
- * \param data Entropy context
- * \param output Buffer to fill
- * \param len Number of bytes desired, must be at most MBEDTLS_ENTROPY_BLOCK_SIZE
- *
- * \return 0 if successful, or MBEDTLS_ERR_ENTROPY_SOURCE_FAILED
- */
-int mbedtls_entropy_func(void *data, unsigned char *output, size_t len);
-
-/**
- * \brief Add data to the accumulator manually
- * (Thread-safe if MBEDTLS_THREADING_C is enabled)
- *
- * \param ctx Entropy context
- * \param data Data to add
- * \param len Length of data
- *
- * \return 0 if successful
- */
-int mbedtls_entropy_update_manual(mbedtls_entropy_context *ctx,
- const unsigned char *data, size_t len);
-
-#if defined(MBEDTLS_ENTROPY_NV_SEED)
-/**
- * \brief Trigger an update of the seed file in NV by using the
- * current entropy pool.
- *
- * \param ctx Entropy context
- *
- * \return 0 if successful
- */
-int mbedtls_entropy_update_nv_seed(mbedtls_entropy_context *ctx);
-#endif /* MBEDTLS_ENTROPY_NV_SEED */
-
-#if defined(MBEDTLS_FS_IO)
-/**
- * \brief Write a seed file
- *
- * \param ctx Entropy context
- * \param path Name of the file
- *
- * \return 0 if successful,
- * MBEDTLS_ERR_ENTROPY_FILE_IO_ERROR on file error, or
- * MBEDTLS_ERR_ENTROPY_SOURCE_FAILED
- */
-int mbedtls_entropy_write_seed_file(mbedtls_entropy_context *ctx, const char *path);
-
-/**
- * \brief Read and update a seed file. Seed is added to this
- * instance. No more than MBEDTLS_ENTROPY_MAX_SEED_SIZE bytes are
- * read from the seed file. The rest is ignored.
- *
- * \param ctx Entropy context
- * \param path Name of the file
- *
- * \return 0 if successful,
- * MBEDTLS_ERR_ENTROPY_FILE_IO_ERROR on file error,
- * MBEDTLS_ERR_ENTROPY_SOURCE_FAILED
- */
-int mbedtls_entropy_update_seed_file(mbedtls_entropy_context *ctx, const char *path);
-#endif /* MBEDTLS_FS_IO */
-
-#if defined(MBEDTLS_SELF_TEST)
-/**
- * \brief Checkup routine
- *
- * This module self-test also calls the entropy self-test,
- * mbedtls_entropy_source_self_test();
- *
- * \return 0 if successful, or 1 if a test failed
- */
-int mbedtls_entropy_self_test(int verbose);
-
-#if defined(MBEDTLS_ENTROPY_HARDWARE_ALT)
-/**
- * \brief Checkup routine
- *
- * Verifies the integrity of the hardware entropy source
- * provided by the function 'mbedtls_hardware_poll()'.
- *
- * Note this is the only hardware entropy source that is known
- * at link time, and other entropy sources configured
- * dynamically at runtime by the function
- * mbedtls_entropy_add_source() will not be tested.
- *
- * \return 0 if successful, or 1 if a test failed
- */
-int mbedtls_entropy_source_self_test(int verbose);
-#endif /* MBEDTLS_ENTROPY_HARDWARE_ALT */
-#endif /* MBEDTLS_SELF_TEST */
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* entropy.h */
diff --git a/include/mbedtls/error.h b/include/mbedtls/error.h
deleted file mode 100644
index 186589a..0000000
--- a/include/mbedtls/error.h
+++ /dev/null
@@ -1,201 +0,0 @@
-/**
- * \file error.h
- *
- * \brief Error to string translation
- */
-/*
- * Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
- */
-#ifndef MBEDTLS_ERROR_H
-#define MBEDTLS_ERROR_H
-
-#include "mbedtls/build_info.h"
-
-#include
-
-/**
- * Error code layout.
- *
- * Currently we try to keep all error codes within the negative space of 16
- * bits signed integers to support all platforms (-0x0001 - -0x7FFF). In
- * addition we'd like to give two layers of information on the error if
- * possible.
- *
- * For that purpose the error codes are segmented in the following manner:
- *
- * 16 bit error code bit-segmentation
- *
- * 1 bit - Unused (sign bit)
- * 3 bits - High level module ID
- * 5 bits - Module-dependent error code
- * 7 bits - Low level module errors
- *
- * For historical reasons, low-level error codes are divided in even and odd,
- * even codes were assigned first, and -1 is reserved for other errors.
- *
- * Low-level module errors (0x0002-0x007E, 0x0001-0x007F)
- *
- * Module Nr Codes assigned
- * ERROR 2 0x006E 0x0001
- * MPI 7 0x0002-0x0010
- * GCM 3 0x0012-0x0016 0x0013-0x0013
- * THREADING 3 0x001A-0x001E
- * AES 5 0x0020-0x0022 0x0021-0x0025
- * CAMELLIA 3 0x0024-0x0026 0x0027-0x0027
- * BASE64 2 0x002A-0x002C
- * OID 1 0x002E-0x002E 0x000B-0x000B
- * PADLOCK 1 0x0030-0x0030
- * DES 2 0x0032-0x0032 0x0033-0x0033
- * CTR_DBRG 4 0x0034-0x003A
- * ENTROPY 3 0x003C-0x0040 0x003D-0x003F
- * NET 13 0x0042-0x0052 0x0043-0x0049
- * ARIA 4 0x0058-0x005E
- * ASN1 7 0x0060-0x006C
- * CMAC 1 0x007A-0x007A
- * PBKDF2 1 0x007C-0x007C
- * HMAC_DRBG 4 0x0003-0x0009
- * CCM 3 0x000D-0x0011
- * MD5 1 0x002F-0x002F
- * RIPEMD160 1 0x0031-0x0031
- * SHA1 1 0x0035-0x0035 0x0073-0x0073
- * SHA256 1 0x0037-0x0037 0x0074-0x0074
- * SHA512 1 0x0039-0x0039 0x0075-0x0075
- * SHA-3 1 0x0076-0x0076
- * CHACHA20 3 0x0051-0x0055
- * POLY1305 3 0x0057-0x005B
- * CHACHAPOLY 2 0x0054-0x0056
- * PLATFORM 2 0x0070-0x0072
- * LMS 5 0x0011-0x0019
- *
- * High-level module nr (3 bits - 0x0...-0x7...)
- * Name ID Nr of Errors
- * PEM 1 9
- * PKCS#12 1 4 (Started from top)
- * X509 2 20
- * PKCS5 2 4 (Started from top)
- * DHM 3 11
- * PK 3 15 (Started from top)
- * RSA 4 11
- * ECP 4 10 (Started from top)
- * MD 5 5
- * HKDF 5 1 (Started from top)
- * PKCS7 5 12 (Started from 0x5300)
- * SSL 5 2 (Started from 0x5F00)
- * CIPHER 6 8 (Started from 0x6080)
- * SSL 6 22 (Started from top, plus 0x6000)
- * SSL 7 20 (Started from 0x7000, gaps at
- * 0x7380, 0x7900-0x7980, 0x7A80-0x7E80)
- *
- * Module dependent error code (5 bits 0x.00.-0x.F8.)
- */
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/** Generic error */
-#define MBEDTLS_ERR_ERROR_GENERIC_ERROR -0x0001
-/** This is a bug in the library */
-#define MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED -0x006E
-
-/** Hardware accelerator failed */
-#define MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED -0x0070
-/** The requested feature is not supported by the platform */
-#define MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED -0x0072
-
-/**
- * \brief Combines a high-level and low-level error code together.
- *
- * Wrapper macro for mbedtls_error_add(). See that function for
- * more details.
- */
-#define MBEDTLS_ERROR_ADD(high, low) \
- mbedtls_error_add(high, low, __FILE__, __LINE__)
-
-#if defined(MBEDTLS_TEST_HOOKS)
-/**
- * \brief Testing hook called before adding/combining two error codes together.
- * Only used when invasive testing is enabled via MBEDTLS_TEST_HOOKS.
- */
-extern void (*mbedtls_test_hook_error_add)(int, int, const char *, int);
-#endif
-
-/**
- * \brief Combines a high-level and low-level error code together.
- *
- * This function can be called directly however it is usually
- * called via the #MBEDTLS_ERROR_ADD macro.
- *
- * While a value of zero is not a negative error code, it is still an
- * error code (that denotes success) and can be combined with both a
- * negative error code or another value of zero.
- *
- * \note When invasive testing is enabled via #MBEDTLS_TEST_HOOKS, also try to
- * call \link mbedtls_test_hook_error_add \endlink.
- *
- * \param high high-level error code. See error.h for more details.
- * \param low low-level error code. See error.h for more details.
- * \param file file where this error code addition occurred.
- * \param line line where this error code addition occurred.
- */
-static inline int mbedtls_error_add(int high, int low,
- const char *file, int line)
-{
-#if defined(MBEDTLS_TEST_HOOKS)
- if (*mbedtls_test_hook_error_add != NULL) {
- (*mbedtls_test_hook_error_add)(high, low, file, line);
- }
-#endif
- (void) file;
- (void) line;
-
- return high + low;
-}
-
-/**
- * \brief Translate an Mbed TLS error code into a string representation.
- * The result is truncated if necessary and always includes a
- * terminating null byte.
- *
- * \param errnum error code
- * \param buffer buffer to place representation in
- * \param buflen length of the buffer
- */
-void mbedtls_strerror(int errnum, char *buffer, size_t buflen);
-
-/**
- * \brief Translate the high-level part of an Mbed TLS error code into a string
- * representation.
- *
- * This function returns a const pointer to an un-modifiable string. The caller
- * must not try to modify the string. It is intended to be used mostly for
- * logging purposes.
- *
- * \param error_code error code
- *
- * \return The string representation of the error code, or \c NULL if the error
- * code is unknown.
- */
-const char *mbedtls_high_level_strerr(int error_code);
-
-/**
- * \brief Translate the low-level part of an Mbed TLS error code into a string
- * representation.
- *
- * This function returns a const pointer to an un-modifiable string. The caller
- * must not try to modify the string. It is intended to be used mostly for
- * logging purposes.
- *
- * \param error_code error code
- *
- * \return The string representation of the error code, or \c NULL if the error
- * code is unknown.
- */
-const char *mbedtls_low_level_strerr(int error_code);
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* error.h */
diff --git a/include/mbedtls/legacy_or_psa.h b/include/mbedtls/legacy_or_psa.h
deleted file mode 100644
index e9bdb77..0000000
--- a/include/mbedtls/legacy_or_psa.h
+++ /dev/null
@@ -1,215 +0,0 @@
-/**
- * Macros to express dependencies for code and tests that may use either the
- * legacy API or PSA in various builds. This whole header file is currently
- * for internal use only and both the header file and the macros it defines
- * may change or be removed without notice.
- */
-/*
- * Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-/*
- * Note: applications that are targeting a specific configuration do not need
- * to use these macros; instead they should directly use the functions they
- * know are available in their configuration.
- *
- * Note: code that is purely based on PSA Crypto (psa_xxx() functions)
- * does not need to use these macros; instead it should use the relevant
- * PSA_WANT_xxx macros.
- *
- * Note: code that is purely based on the legacy crypto APIs (mbedtls_xxx())
- * does not need to use these macros; instead it should use the relevant
- * MBEDTLS_xxx macros.
- *
- * These macros are for code that wants to use and will do so
- * using or PSA depending on , where:
- * - will generally be an algorithm (SHA-256, ECDH) but may
- * also be a key type (AES, RSA, EC) or domain parameters (elliptic curve);
- * - will be either:
- * - low-level module API (aes.h, sha256.h), or
- * - an abstraction layer (md.h, cipher.h);
- * - will be either:
- * - depending on what's available in the build:
- * legacy API used if available, PSA otherwise
- * (this is done to ensure backwards compatibility); or
- * - depending on whether MBEDTLS_USE_PSA_CRYPTO is defined.
- *
- * Examples:
- * - TLS 1.2 will compute hashes using either mbedtls_md_xxx() (and
- * mbedtls_sha256_xxx()) or psa_aead_xxx() depending on whether
- * MBEDTLS_USE_PSA_CRYPTO is defined;
- * - RSA PKCS#1 v2.1 will compute hashes (for padding) using either
- * `mbedtls_md()` if it's available, or `psa_hash_compute()` otherwise;
- * - PEM decoding of PEM-encrypted keys will compute MD5 hashes using either
- * `mbedtls_md5_xxx()` if it's available, or `psa_hash_xxx()` otherwise.
- *
- * Note: the macros are essential to express test dependencies. Inside code,
- * we could instead just use the equivalent pre-processor condition, but
- * that's not possible in test dependencies where we need a single macro.
- * Hopefully, using these macros in code will also help with consistency.
- *
- * The naming scheme for these macros is:
- * MBEDTLS_HAS_feature_VIA_legacy_OR_PSA(_condition)
- * where:
- * - feature is expressed the same way as in PSA_WANT_xxx macros, for example:
- * KEY_TYPE_AES, ALG_SHA_256, ECC_SECP_R1_256;
- * - legacy is either LOWLEVEL or the name of the layer: MD, CIPHER;
- * - condition is omitted if it's based on availability, else it's
- * BASED_ON_USE_PSA.
- *
- * Coming back to the examples above:
- * - TLS 1.2 will determine if it can use SHA-256 using
- * MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA
- * for the purposes of negotiation, and in test dependencies;
- * - RSA PKCS#1 v2.1 tests that used SHA-256 will depend on
- * MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA
- * - PEM decoding code and its associated tests will depend on
- * MBEDTLS_HAS_ALG_MD5_VIA_LOWLEVEL_OR_PSA
- *
- * Note: every time it's possible to use, say SHA-256, via the MD API, then
- * it's also possible to use it via the low-level API. So, code that wants to
- * use SHA-256 via both APIs only needs to depend on the MD macro. Also, it
- * just so happens that all the code choosing which API to use based on
- * MBEDTLS_USE_PSA_CRYPTO (X.509, TLS 1.2/shared), always uses the abstraction
- * layer (sometimes in addition to the low-level API), so we don't need the
- * MBEDTLS_HAS_feature_VIA_LOWLEVEL_OR_PSA_BASED_ON_USE_PSA macros.
- * (PK, while obeying MBEDTLS_USE_PSA_CRYPTO, doesn't compute hashes itself,
- * even less makes use of ciphers.)
- *
- * Note: the macros MBEDTLS_HAS_feature_VIA_LOWLEVEL_OR_PSA are the minimal
- * condition for being able to use at all. As such, they should be
- * used for guarding data about , such as OIDs or size. For example,
- * OID values related to SHA-256 are only useful when SHA-256 can be used at
- * least in some way.
- */
-
-#ifndef MBEDTLS_OR_PSA_HELPERS_H
-#define MBEDTLS_OR_PSA_HELPERS_H
-
-#include "mbedtls/build_info.h"
-#if defined(MBEDTLS_PSA_CRYPTO_C)
-#include "psa/crypto.h"
-#endif /* MBEDTLS_PSA_CRYPTO_C */
-
-/*
- * Hashes
- */
-
-/* Hashes using low-level or PSA based on availability */
-#if defined(MBEDTLS_MD5_C) || \
- (defined(MBEDTLS_PSA_CRYPTO_C) && defined(PSA_WANT_ALG_MD5))
-#define MBEDTLS_HAS_ALG_MD5_VIA_LOWLEVEL_OR_PSA
-#endif
-#if defined(MBEDTLS_RIPEMD160_C) || \
- (defined(MBEDTLS_PSA_CRYPTO_C) && defined(PSA_WANT_ALG_RIPEMD160))
-#define MBEDTLS_HAS_ALG_RIPEMD160_VIA_LOWLEVEL_OR_PSA
-#endif
-#if defined(MBEDTLS_SHA1_C) || \
- (defined(MBEDTLS_PSA_CRYPTO_C) && defined(PSA_WANT_ALG_SHA_1))
-#define MBEDTLS_HAS_ALG_SHA_1_VIA_LOWLEVEL_OR_PSA
-#endif
-#if defined(MBEDTLS_SHA224_C) || \
- (defined(MBEDTLS_PSA_CRYPTO_C) && defined(PSA_WANT_ALG_SHA_224))
-#define MBEDTLS_HAS_ALG_SHA_224_VIA_LOWLEVEL_OR_PSA
-#endif
-#if defined(MBEDTLS_SHA256_C) || \
- (defined(MBEDTLS_PSA_CRYPTO_C) && defined(PSA_WANT_ALG_SHA_256))
-#define MBEDTLS_HAS_ALG_SHA_256_VIA_LOWLEVEL_OR_PSA
-#endif
-#if defined(MBEDTLS_SHA384_C) || \
- (defined(MBEDTLS_PSA_CRYPTO_C) && defined(PSA_WANT_ALG_SHA_384))
-#define MBEDTLS_HAS_ALG_SHA_384_VIA_LOWLEVEL_OR_PSA
-#endif
-#if defined(MBEDTLS_SHA512_C) || \
- (defined(MBEDTLS_PSA_CRYPTO_C) && defined(PSA_WANT_ALG_SHA_512))
-#define MBEDTLS_HAS_ALG_SHA_512_VIA_LOWLEVEL_OR_PSA
-#endif
-
-/* Hashes using MD or PSA based on availability */
-#if (defined(MBEDTLS_MD_C) && defined(MBEDTLS_MD5_C)) || \
- (!defined(MBEDTLS_MD_C) && \
- defined(MBEDTLS_PSA_CRYPTO_C) && defined(PSA_WANT_ALG_MD5))
-#define MBEDTLS_HAS_ALG_MD5_VIA_MD_OR_PSA
-#endif
-#if (defined(MBEDTLS_MD_C) && defined(MBEDTLS_RIPEMD160_C)) || \
- (!defined(MBEDTLS_MD_C) && \
- defined(MBEDTLS_PSA_CRYPTO_C) && defined(PSA_WANT_ALG_RIPEMD160))
-#define MBEDTLS_HAS_ALG_RIPEMD160_VIA_MD_OR_PSA
-#endif
-#if (defined(MBEDTLS_MD_C) && defined(MBEDTLS_SHA1_C)) || \
- (!defined(MBEDTLS_MD_C) && \
- defined(MBEDTLS_PSA_CRYPTO_C) && defined(PSA_WANT_ALG_SHA_1))
-#define MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA
-#endif
-#if (defined(MBEDTLS_MD_C) && defined(MBEDTLS_SHA224_C)) || \
- (!defined(MBEDTLS_MD_C) && \
- defined(MBEDTLS_PSA_CRYPTO_C) && defined(PSA_WANT_ALG_SHA_224))
-#define MBEDTLS_HAS_ALG_SHA_224_VIA_MD_OR_PSA
-#endif
-#if (defined(MBEDTLS_MD_C) && defined(MBEDTLS_SHA256_C)) || \
- (!defined(MBEDTLS_MD_C) && \
- defined(MBEDTLS_PSA_CRYPTO_C) && defined(PSA_WANT_ALG_SHA_256))
-#define MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA
-#endif
-#if (defined(MBEDTLS_MD_C) && defined(MBEDTLS_SHA384_C)) || \
- (!defined(MBEDTLS_MD_C) && \
- defined(MBEDTLS_PSA_CRYPTO_C) && defined(PSA_WANT_ALG_SHA_384))
-#define MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA
-#endif
-#if (defined(MBEDTLS_MD_C) && defined(MBEDTLS_SHA512_C)) || \
- (!defined(MBEDTLS_MD_C) && \
- defined(MBEDTLS_PSA_CRYPTO_C) && defined(PSA_WANT_ALG_SHA_512))
-#define MBEDTLS_HAS_ALG_SHA_512_VIA_MD_OR_PSA
-#endif
-
-/* Hashes using MD or PSA based on MBEDTLS_USE_PSA_CRYPTO */
-#if (!defined(MBEDTLS_USE_PSA_CRYPTO) && \
- defined(MBEDTLS_MD_C) && defined(MBEDTLS_MD5_C)) || \
- (defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_ALG_MD5))
-#define MBEDTLS_HAS_ALG_MD5_VIA_MD_OR_PSA_BASED_ON_USE_PSA
-#endif
-#if (!defined(MBEDTLS_USE_PSA_CRYPTO) && \
- defined(MBEDTLS_MD_C) && defined(MBEDTLS_RIPEMD160_C)) || \
- (defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_ALG_RIPEMD160))
-#define MBEDTLS_HAS_ALG_RIPEMD160_VIA_MD_OR_PSA_BASED_ON_USE_PSA
-#endif
-#if (!defined(MBEDTLS_USE_PSA_CRYPTO) && \
- defined(MBEDTLS_MD_C) && defined(MBEDTLS_SHA1_C)) || \
- (defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_ALG_SHA_1))
-#define MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA_BASED_ON_USE_PSA
-#endif
-#if (!defined(MBEDTLS_USE_PSA_CRYPTO) && \
- defined(MBEDTLS_MD_C) && defined(MBEDTLS_SHA224_C)) || \
- (defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_ALG_SHA_224))
-#define MBEDTLS_HAS_ALG_SHA_224_VIA_MD_OR_PSA_BASED_ON_USE_PSA
-#endif
-#if (!defined(MBEDTLS_USE_PSA_CRYPTO) && \
- defined(MBEDTLS_MD_C) && defined(MBEDTLS_SHA256_C)) || \
- (defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_ALG_SHA_256))
-#define MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA
-#endif
-#if (!defined(MBEDTLS_USE_PSA_CRYPTO) && \
- defined(MBEDTLS_MD_C) && defined(MBEDTLS_SHA384_C)) || \
- (defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_ALG_SHA_384))
-#define MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA
-#endif
-#if (!defined(MBEDTLS_USE_PSA_CRYPTO) && \
- defined(MBEDTLS_MD_C) && defined(MBEDTLS_SHA512_C)) || \
- (defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_ALG_SHA_512))
-#define MBEDTLS_HAS_ALG_SHA_512_VIA_MD_OR_PSA_BASED_ON_USE_PSA
-#endif
-
-#endif /* MBEDTLS_OR_PSA_HELPERS_H */
diff --git a/include/mbedtls/mbedtls_config.h b/include/mbedtls/mbedtls_config.h
deleted file mode 100644
index 9e7dd95..0000000
--- a/include/mbedtls/mbedtls_config.h
+++ /dev/null
@@ -1,4223 +0,0 @@
-/**
- * \file mbedtls_config.h
- *
- * \brief Configuration options (set of defines)
- *
- * This set of compile-time options may be used to enable
- * or disable features selectively, and reduce the global
- * memory footprint.
- */
-/*
- * Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
- */
-
-/*
- * NOTICE: This file has been modified by Oberon microsystems AG.
- */
-
-/*
- * Note: do not change configurations in this file; mbedtls_config.h is only
- * provided for legacy dependencies and might be removed in future versions
- * of this PSA Crypto implementation.
- */
-
-#define MBEDTLS_TEST_PSA_SKIP_IF_SMALL_RSA_KEY 1 /* !!OM */
-
-/**
- * This is an optional version symbol that enables compatibility handling of
- * config files.
- *
- * It is equal to the #MBEDTLS_VERSION_NUMBER of the Mbed TLS version that
- * introduced the config format we want to be compatible with.
- */
-//#define MBEDTLS_CONFIG_VERSION 0x03000000
-
-/**
- * \name SECTION: System support
- *
- * This section sets system specific settings.
- * \{
- */
-
-/**
- * \def MBEDTLS_HAVE_ASM
- *
- * The compiler has support for asm().
- *
- * Requires support for asm() in compiler.
- *
- * Used in:
- * library/aesni.h
- * library/aria.c
- * library/bn_mul.h
- * library/constant_time.c
- * library/padlock.h
- *
- * Required by:
- * MBEDTLS_AESCE_C
- * MBEDTLS_AESNI_C (on some platforms)
- * MBEDTLS_PADLOCK_C
- *
- * Comment to disable the use of assembly code.
- */
-#define MBEDTLS_HAVE_ASM
-
-/**
- * \def MBEDTLS_NO_UDBL_DIVISION
- *
- * The platform lacks support for double-width integer division (64-bit
- * division on a 32-bit platform, 128-bit division on a 64-bit platform).
- *
- * Used in:
- * include/mbedtls/bignum.h
- * library/bignum.c
- *
- * The bignum code uses double-width division to speed up some operations.
- * Double-width division is often implemented in software that needs to
- * be linked with the program. The presence of a double-width integer
- * type is usually detected automatically through preprocessor macros,
- * but the automatic detection cannot know whether the code needs to
- * and can be linked with an implementation of division for that type.
- * By default division is assumed to be usable if the type is present.
- * Uncomment this option to prevent the use of double-width division.
- *
- * Note that division for the native integer type is always required.
- * Furthermore, a 64-bit type is always required even on a 32-bit
- * platform, but it need not support multiplication or division. In some
- * cases it is also desirable to disable some double-width operations. For
- * example, if double-width division is implemented in software, disabling
- * it can reduce code size in some embedded targets.
- */
-//#define MBEDTLS_NO_UDBL_DIVISION
-
-/**
- * \def MBEDTLS_NO_64BIT_MULTIPLICATION
- *
- * The platform lacks support for 32x32 -> 64-bit multiplication.
- *
- * Used in:
- * library/poly1305.c
- *
- * Some parts of the library may use multiplication of two unsigned 32-bit
- * operands with a 64-bit result in order to speed up computations. On some
- * platforms, this is not available in hardware and has to be implemented in
- * software, usually in a library provided by the toolchain.
- *
- * Sometimes it is not desirable to have to link to that library. This option
- * removes the dependency of that library on platforms that lack a hardware
- * 64-bit multiplier by embedding a software implementation in Mbed TLS.
- *
- * Note that depending on the compiler, this may decrease performance compared
- * to using the library function provided by the toolchain.
- */
-//#define MBEDTLS_NO_64BIT_MULTIPLICATION
-
-/**
- * \def MBEDTLS_HAVE_SSE2
- *
- * CPU supports SSE2 instruction set.
- *
- * Uncomment if the CPU supports SSE2 (IA-32 specific).
- */
-//#define MBEDTLS_HAVE_SSE2
-
-/**
- * \def MBEDTLS_HAVE_TIME
- *
- * System has time.h and time().
- * The time does not need to be correct, only time differences are used,
- * by contrast with MBEDTLS_HAVE_TIME_DATE
- *
- * Defining MBEDTLS_HAVE_TIME allows you to specify MBEDTLS_PLATFORM_TIME_ALT,
- * MBEDTLS_PLATFORM_TIME_MACRO, MBEDTLS_PLATFORM_TIME_TYPE_MACRO and
- * MBEDTLS_PLATFORM_STD_TIME.
- *
- * Comment if your system does not support time functions.
- *
- * \note If MBEDTLS_TIMING_C is set - to enable the semi-portable timing
- * interface - timing.c will include time.h on suitable platforms
- * regardless of the setting of MBEDTLS_HAVE_TIME, unless
- * MBEDTLS_TIMING_ALT is used. See timing.c for more information.
- */
-#define MBEDTLS_HAVE_TIME
-
-/**
- * \def MBEDTLS_HAVE_TIME_DATE
- *
- * System has time.h, time(), and an implementation for
- * mbedtls_platform_gmtime_r() (see below).
- * The time needs to be correct (not necessarily very accurate, but at least
- * the date should be correct). This is used to verify the validity period of
- * X.509 certificates.
- *
- * Comment if your system does not have a correct clock.
- *
- * \note mbedtls_platform_gmtime_r() is an abstraction in platform_util.h that
- * behaves similarly to the gmtime_r() function from the C standard. Refer to
- * the documentation for mbedtls_platform_gmtime_r() for more information.
- *
- * \note It is possible to configure an implementation for
- * mbedtls_platform_gmtime_r() at compile-time by using the macro
- * MBEDTLS_PLATFORM_GMTIME_R_ALT.
- */
-#define MBEDTLS_HAVE_TIME_DATE
-
-/**
- * \def MBEDTLS_PLATFORM_MEMORY
- *
- * Enable the memory allocation layer.
- *
- * By default Mbed TLS uses the system-provided calloc() and free().
- * This allows different allocators (self-implemented or provided) to be
- * provided to the platform abstraction layer.
- *
- * Enabling #MBEDTLS_PLATFORM_MEMORY without the
- * MBEDTLS_PLATFORM_{FREE,CALLOC}_MACROs will provide
- * "mbedtls_platform_set_calloc_free()" allowing you to set an alternative calloc() and
- * free() function pointer at runtime.
- *
- * Enabling #MBEDTLS_PLATFORM_MEMORY and specifying
- * MBEDTLS_PLATFORM_{CALLOC,FREE}_MACROs will allow you to specify the
- * alternate function at compile time.
- *
- * An overview of how the value of mbedtls_calloc is determined:
- *
- * - if !MBEDTLS_PLATFORM_MEMORY
- * - mbedtls_calloc = calloc
- * - if MBEDTLS_PLATFORM_MEMORY
- * - if (MBEDTLS_PLATFORM_CALLOC_MACRO && MBEDTLS_PLATFORM_FREE_MACRO):
- * - mbedtls_calloc = MBEDTLS_PLATFORM_CALLOC_MACRO
- * - if !(MBEDTLS_PLATFORM_CALLOC_MACRO && MBEDTLS_PLATFORM_FREE_MACRO):
- * - Dynamic setup via mbedtls_platform_set_calloc_free is now possible with a default value MBEDTLS_PLATFORM_STD_CALLOC.
- * - How is MBEDTLS_PLATFORM_STD_CALLOC handled?
- * - if MBEDTLS_PLATFORM_NO_STD_FUNCTIONS:
- * - MBEDTLS_PLATFORM_STD_CALLOC is not set to anything;
- * - MBEDTLS_PLATFORM_STD_MEM_HDR can be included if present;
- * - if !MBEDTLS_PLATFORM_NO_STD_FUNCTIONS:
- * - if MBEDTLS_PLATFORM_STD_CALLOC is present:
- * - User-defined MBEDTLS_PLATFORM_STD_CALLOC is respected;
- * - if !MBEDTLS_PLATFORM_STD_CALLOC:
- * - MBEDTLS_PLATFORM_STD_CALLOC = calloc
- *
- * - At this point the presence of MBEDTLS_PLATFORM_STD_CALLOC is checked.
- * - if !MBEDTLS_PLATFORM_STD_CALLOC
- * - MBEDTLS_PLATFORM_STD_CALLOC = uninitialized_calloc
- *
- * - mbedtls_calloc = MBEDTLS_PLATFORM_STD_CALLOC.
- *
- * Defining MBEDTLS_PLATFORM_CALLOC_MACRO and #MBEDTLS_PLATFORM_STD_CALLOC at the same time is not possible.
- * MBEDTLS_PLATFORM_CALLOC_MACRO and MBEDTLS_PLATFORM_FREE_MACRO must both be defined or undefined at the same time.
- * #MBEDTLS_PLATFORM_STD_CALLOC and #MBEDTLS_PLATFORM_STD_FREE do not have to be defined at the same time, as, if they are used,
- * dynamic setup of these functions is possible. See the tree above to see how are they handled in all cases.
- * An uninitialized #MBEDTLS_PLATFORM_STD_CALLOC always fails, returning a null pointer.
- * An uninitialized #MBEDTLS_PLATFORM_STD_FREE does not do anything.
- *
- * Requires: MBEDTLS_PLATFORM_C
- *
- * Enable this layer to allow use of alternative memory allocators.
- */
-//#define MBEDTLS_PLATFORM_MEMORY
-
-/**
- * \def MBEDTLS_PLATFORM_NO_STD_FUNCTIONS
- *
- * Do not assign standard functions in the platform layer (e.g. calloc() to
- * MBEDTLS_PLATFORM_STD_CALLOC and printf() to MBEDTLS_PLATFORM_STD_PRINTF)
- *
- * This makes sure there are no linking errors on platforms that do not support
- * these functions. You will HAVE to provide alternatives, either at runtime
- * via the platform_set_xxx() functions or at compile time by setting
- * the MBEDTLS_PLATFORM_STD_XXX defines, or enabling a
- * MBEDTLS_PLATFORM_XXX_MACRO.
- *
- * Requires: MBEDTLS_PLATFORM_C
- *
- * Uncomment to prevent default assignment of standard functions in the
- * platform layer.
- */
-//#define MBEDTLS_PLATFORM_NO_STD_FUNCTIONS
-
-/**
- * \def MBEDTLS_PLATFORM_EXIT_ALT
- *
- * MBEDTLS_PLATFORM_XXX_ALT: Uncomment a macro to let Mbed TLS support the
- * function in the platform abstraction layer.
- *
- * Example: In case you uncomment MBEDTLS_PLATFORM_PRINTF_ALT, Mbed TLS will
- * provide a function "mbedtls_platform_set_printf()" that allows you to set an
- * alternative printf function pointer.
- *
- * All these define require MBEDTLS_PLATFORM_C to be defined!
- *
- * \note MBEDTLS_PLATFORM_SNPRINTF_ALT is required on Windows;
- * it will be enabled automatically by check_config.h
- *
- * \warning MBEDTLS_PLATFORM_XXX_ALT cannot be defined at the same time as
- * MBEDTLS_PLATFORM_XXX_MACRO!
- *
- * Requires: MBEDTLS_PLATFORM_TIME_ALT requires MBEDTLS_HAVE_TIME
- *
- * Uncomment a macro to enable alternate implementation of specific base
- * platform function
- */
-//#define MBEDTLS_PLATFORM_SETBUF_ALT
-//#define MBEDTLS_PLATFORM_EXIT_ALT
-//#define MBEDTLS_PLATFORM_TIME_ALT
-//#define MBEDTLS_PLATFORM_FPRINTF_ALT
-//#define MBEDTLS_PLATFORM_PRINTF_ALT
-//#define MBEDTLS_PLATFORM_SNPRINTF_ALT
-//#define MBEDTLS_PLATFORM_VSNPRINTF_ALT
-//#define MBEDTLS_PLATFORM_NV_SEED_ALT
-//#define MBEDTLS_PLATFORM_SETUP_TEARDOWN_ALT
-//#define MBEDTLS_PLATFORM_MS_TIME_ALT
-
-/**
- * Uncomment the macro to let Mbed TLS use your alternate implementation of
- * mbedtls_platform_gmtime_r(). This replaces the default implementation in
- * platform_util.c.
- *
- * gmtime() is not a thread-safe function as defined in the C standard. The
- * library will try to use safer implementations of this function, such as
- * gmtime_r() when available. However, if Mbed TLS cannot identify the target
- * system, the implementation of mbedtls_platform_gmtime_r() will default to
- * using the standard gmtime(). In this case, calls from the library to
- * gmtime() will be guarded by the global mutex mbedtls_threading_gmtime_mutex
- * if MBEDTLS_THREADING_C is enabled. We recommend that calls from outside the
- * library are also guarded with this mutex to avoid race conditions. However,
- * if the macro MBEDTLS_PLATFORM_GMTIME_R_ALT is defined, Mbed TLS will
- * unconditionally use the implementation for mbedtls_platform_gmtime_r()
- * supplied at compile time.
- */
-//#define MBEDTLS_PLATFORM_GMTIME_R_ALT
-
-/**
- * Uncomment the macro to let Mbed TLS use your alternate implementation of
- * mbedtls_platform_zeroize(), to wipe sensitive data in memory. This replaces
- * the default implementation in platform_util.c.
- *
- * By default, the library uses a system function such as memset_s()
- * (optional feature of C11), explicit_bzero() (BSD and compatible), or
- * SecureZeroMemory (Windows). If no such function is detected, the library
- * falls back to a plain C implementation. Compilers are technically
- * permitted to optimize this implementation out, meaning that the memory is
- * not actually wiped. The library tries to prevent that, but the C language
- * makes it impossible to guarantee that the memory will always be wiped.
- *
- * If your platform provides a guaranteed method to wipe memory which
- * `platform_util.c` does not detect, define this macro to the name of
- * a function that takes two arguments, a `void *` pointer and a length,
- * and wipes that many bytes starting at the specified address. For example,
- * if your platform has explicit_bzero() but `platform_util.c` does not
- * detect its presence, define `MBEDTLS_PLATFORM_ZEROIZE_ALT` to be
- * `explicit_bzero` to use that function as mbedtls_platform_zeroize().
- */
-//#define MBEDTLS_PLATFORM_ZEROIZE_ALT
-
-/**
- * \def MBEDTLS_DEPRECATED_WARNING
- *
- * Mark deprecated functions and features so that they generate a warning if
- * used. Functionality deprecated in one version will usually be removed in the
- * next version. You can enable this to help you prepare the transition to a
- * new major version by making sure your code is not using this functionality.
- *
- * This only works with GCC and Clang. With other compilers, you may want to
- * use MBEDTLS_DEPRECATED_REMOVED
- *
- * Uncomment to get warnings on using deprecated functions and features.
- */
-//#define MBEDTLS_DEPRECATED_WARNING
-
-/**
- * \def MBEDTLS_DEPRECATED_REMOVED
- *
- * Remove deprecated functions and features so that they generate an error if
- * used. Functionality deprecated in one version will usually be removed in the
- * next version. You can enable this to help you prepare the transition to a
- * new major version by making sure your code is not using this functionality.
- *
- * Uncomment to get errors on using deprecated functions and features.
- */
-//#define MBEDTLS_DEPRECATED_REMOVED
-
-/** \} name SECTION: System support */
-
-/**
- * \name SECTION: Mbed TLS feature support
- *
- * This section sets support for features that are or are not needed
- * within the modules that are enabled.
- * \{
- */
-
-/**
- * \def MBEDTLS_TIMING_ALT
- *
- * Uncomment to provide your own alternate implementation for
- * mbedtls_timing_get_timer(), mbedtls_set_alarm(), mbedtls_set/get_delay()
- *
- * Only works if you have MBEDTLS_TIMING_C enabled.
- *
- * You will need to provide a header "timing_alt.h" and an implementation at
- * compile time.
- */
-//#define MBEDTLS_TIMING_ALT
-
-/**
- * \def MBEDTLS_AES_ALT
- *
- * MBEDTLS__MODULE_NAME__ALT: Uncomment a macro to let Mbed TLS use your
- * alternate core implementation of a symmetric crypto, an arithmetic or hash
- * module (e.g. platform specific assembly optimized implementations). Keep
- * in mind that the function prototypes should remain the same.
- *
- * This replaces the whole module. If you only want to replace one of the
- * functions, use one of the MBEDTLS__FUNCTION_NAME__ALT flags.
- *
- * Example: In case you uncomment MBEDTLS_AES_ALT, Mbed TLS will no longer
- * provide the "struct mbedtls_aes_context" definition and omit the base
- * function declarations and implementations. "aes_alt.h" will be included from
- * "aes.h" to include the new function definitions.
- *
- * Uncomment a macro to enable alternate implementation of the corresponding
- * module.
- *
- * \warning MD5, DES and SHA-1 are considered weak and their
- * use constitutes a security risk. If possible, we recommend
- * avoiding dependencies on them, and considering stronger message
- * digests and ciphers instead.
- *
- */
-//#define MBEDTLS_AES_ALT
-//#define MBEDTLS_ARIA_ALT
-//#define MBEDTLS_CAMELLIA_ALT
-//#define MBEDTLS_CCM_ALT
-//#define MBEDTLS_CHACHA20_ALT
-//#define MBEDTLS_CHACHAPOLY_ALT
-//#define MBEDTLS_CMAC_ALT
-//#define MBEDTLS_DES_ALT
-//#define MBEDTLS_DHM_ALT
-//#define MBEDTLS_ECJPAKE_ALT
-//#define MBEDTLS_GCM_ALT
-//#define MBEDTLS_NIST_KW_ALT
-//#define MBEDTLS_MD5_ALT
-//#define MBEDTLS_POLY1305_ALT
-//#define MBEDTLS_RIPEMD160_ALT
-//#define MBEDTLS_RSA_ALT
-//#define MBEDTLS_SHA1_ALT
-//#define MBEDTLS_SHA256_ALT
-//#define MBEDTLS_SHA512_ALT
-
-/*
- * When replacing the elliptic curve module, please consider, that it is
- * implemented with two .c files:
- * - ecp.c
- * - ecp_curves.c
- * You can replace them very much like all the other MBEDTLS__MODULE_NAME__ALT
- * macros as described above. The only difference is that you have to make sure
- * that you provide functionality for both .c files.
- */
-//#define MBEDTLS_ECP_ALT
-
-/**
- * \def MBEDTLS_SHA256_PROCESS_ALT
- *
- * MBEDTLS__FUNCTION_NAME__ALT: Uncomment a macro to let Mbed TLS use you
- * alternate core implementation of symmetric crypto or hash function. Keep in
- * mind that function prototypes should remain the same.
- *
- * This replaces only one function. The header file from Mbed TLS is still
- * used, in contrast to the MBEDTLS__MODULE_NAME__ALT flags.
- *
- * Example: In case you uncomment MBEDTLS_SHA256_PROCESS_ALT, Mbed TLS will
- * no longer provide the mbedtls_sha1_process() function, but it will still provide
- * the other function (using your mbedtls_sha1_process() function) and the definition
- * of mbedtls_sha1_context, so your implementation of mbedtls_sha1_process must be compatible
- * with this definition.
- *
- * \note If you use the AES_xxx_ALT macros, then it is recommended to also set
- * MBEDTLS_AES_ROM_TABLES in order to help the linker garbage-collect the AES
- * tables.
- *
- * Uncomment a macro to enable alternate implementation of the corresponding
- * function.
- *
- * \warning MD5, DES and SHA-1 are considered weak and their use
- * constitutes a security risk. If possible, we recommend avoiding
- * dependencies on them, and considering stronger message digests
- * and ciphers instead.
- *
- * \warning If both MBEDTLS_ECDSA_SIGN_ALT and MBEDTLS_ECDSA_DETERMINISTIC are
- * enabled, then the deterministic ECDH signature functions pass the
- * the static HMAC-DRBG as RNG to mbedtls_ecdsa_sign(). Therefore
- * alternative implementations should use the RNG only for generating
- * the ephemeral key and nothing else. If this is not possible, then
- * MBEDTLS_ECDSA_DETERMINISTIC should be disabled and an alternative
- * implementation should be provided for mbedtls_ecdsa_sign_det_ext().
- *
- */
-//#define MBEDTLS_MD5_PROCESS_ALT
-//#define MBEDTLS_RIPEMD160_PROCESS_ALT
-//#define MBEDTLS_SHA1_PROCESS_ALT
-//#define MBEDTLS_SHA256_PROCESS_ALT
-//#define MBEDTLS_SHA512_PROCESS_ALT
-//#define MBEDTLS_DES_SETKEY_ALT
-//#define MBEDTLS_DES_CRYPT_ECB_ALT
-//#define MBEDTLS_DES3_CRYPT_ECB_ALT
-//#define MBEDTLS_AES_SETKEY_ENC_ALT
-//#define MBEDTLS_AES_SETKEY_DEC_ALT
-//#define MBEDTLS_AES_ENCRYPT_ALT
-//#define MBEDTLS_AES_DECRYPT_ALT
-//#define MBEDTLS_ECDH_GEN_PUBLIC_ALT
-//#define MBEDTLS_ECDH_COMPUTE_SHARED_ALT
-//#define MBEDTLS_ECDSA_VERIFY_ALT
-//#define MBEDTLS_ECDSA_SIGN_ALT
-//#define MBEDTLS_ECDSA_GENKEY_ALT
-
-/**
- * \def MBEDTLS_ECP_INTERNAL_ALT
- *
- * Expose a part of the internal interface of the Elliptic Curve Point module.
- *
- * MBEDTLS_ECP__FUNCTION_NAME__ALT: Uncomment a macro to let Mbed TLS use your
- * alternative core implementation of elliptic curve arithmetic. Keep in mind
- * that function prototypes should remain the same.
- *
- * This partially replaces one function. The header file from Mbed TLS is still
- * used, in contrast to the MBEDTLS_ECP_ALT flag. The original implementation
- * is still present and it is used for group structures not supported by the
- * alternative.
- *
- * The original implementation can in addition be removed by setting the
- * MBEDTLS_ECP_NO_FALLBACK option, in which case any function for which the
- * corresponding MBEDTLS_ECP__FUNCTION_NAME__ALT macro is defined will not be
- * able to fallback to curves not supported by the alternative implementation.
- *
- * Any of these options become available by defining MBEDTLS_ECP_INTERNAL_ALT
- * and implementing the following functions:
- * unsigned char mbedtls_internal_ecp_grp_capable(
- * const mbedtls_ecp_group *grp )
- * int mbedtls_internal_ecp_init( const mbedtls_ecp_group *grp )
- * void mbedtls_internal_ecp_free( const mbedtls_ecp_group *grp )
- * The mbedtls_internal_ecp_grp_capable function should return 1 if the
- * replacement functions implement arithmetic for the given group and 0
- * otherwise.
- * The functions mbedtls_internal_ecp_init and mbedtls_internal_ecp_free are
- * called before and after each point operation and provide an opportunity to
- * implement optimized set up and tear down instructions.
- *
- * Example: In case you set MBEDTLS_ECP_INTERNAL_ALT and
- * MBEDTLS_ECP_DOUBLE_JAC_ALT, Mbed TLS will still provide the ecp_double_jac()
- * function, but will use your mbedtls_internal_ecp_double_jac() if the group
- * for the operation is supported by your implementation (i.e. your
- * mbedtls_internal_ecp_grp_capable() function returns 1 for this group). If the
- * group is not supported by your implementation, then the original Mbed TLS
- * implementation of ecp_double_jac() is used instead, unless this fallback
- * behaviour is disabled by setting MBEDTLS_ECP_NO_FALLBACK (in which case
- * ecp_double_jac() will return MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE).
- *
- * The function prototypes and the definition of mbedtls_ecp_group and
- * mbedtls_ecp_point will not change based on MBEDTLS_ECP_INTERNAL_ALT, so your
- * implementation of mbedtls_internal_ecp__function_name__ must be compatible
- * with their definitions.
- *
- * Uncomment a macro to enable alternate implementation of the corresponding
- * function.
- */
-/* Required for all the functions in this section */
-//#define MBEDTLS_ECP_INTERNAL_ALT
-/* Turn off software fallback for curves not supported in hardware */
-//#define MBEDTLS_ECP_NO_FALLBACK
-/* Support for Weierstrass curves with Jacobi representation */
-//#define MBEDTLS_ECP_RANDOMIZE_JAC_ALT
-//#define MBEDTLS_ECP_ADD_MIXED_ALT
-//#define MBEDTLS_ECP_DOUBLE_JAC_ALT
-//#define MBEDTLS_ECP_NORMALIZE_JAC_MANY_ALT
-//#define MBEDTLS_ECP_NORMALIZE_JAC_ALT
-/* Support for curves with Montgomery arithmetic */
-//#define MBEDTLS_ECP_DOUBLE_ADD_MXZ_ALT
-//#define MBEDTLS_ECP_RANDOMIZE_MXZ_ALT
-//#define MBEDTLS_ECP_NORMALIZE_MXZ_ALT
-
-/**
- * \def MBEDTLS_ENTROPY_HARDWARE_ALT
- *
- * Uncomment this macro to let Mbed TLS use your own implementation of a
- * hardware entropy collector.
- *
- * Your function must be called \c mbedtls_hardware_poll(), have the same
- * prototype as declared in library/entropy_poll.h, and accept NULL as first
- * argument.
- *
- * Uncomment to use your own hardware entropy collector.
- */
-//#define MBEDTLS_ENTROPY_HARDWARE_ALT
-
-/**
- * \def MBEDTLS_AES_ROM_TABLES
- *
- * Use precomputed AES tables stored in ROM.
- *
- * Uncomment this macro to use precomputed AES tables stored in ROM.
- * Comment this macro to generate AES tables in RAM at runtime.
- *
- * Tradeoff: Using precomputed ROM tables reduces RAM usage by ~8kb
- * (or ~2kb if \c MBEDTLS_AES_FEWER_TABLES is used) and reduces the
- * initialization time before the first AES operation can be performed.
- * It comes at the cost of additional ~8kb ROM use (resp. ~2kb if \c
- * MBEDTLS_AES_FEWER_TABLES below is used), and potentially degraded
- * performance if ROM access is slower than RAM access.
- *
- * This option is independent of \c MBEDTLS_AES_FEWER_TABLES.
- */
-//#define MBEDTLS_AES_ROM_TABLES
-
-/**
- * \def MBEDTLS_AES_FEWER_TABLES
- *
- * Use less ROM/RAM for AES tables.
- *
- * Uncommenting this macro omits 75% of the AES tables from
- * ROM / RAM (depending on the value of \c MBEDTLS_AES_ROM_TABLES)
- * by computing their values on the fly during operations
- * (the tables are entry-wise rotations of one another).
- *
- * Tradeoff: Uncommenting this reduces the RAM / ROM footprint
- * by ~6kb but at the cost of more arithmetic operations during
- * runtime. Specifically, one has to compare 4 accesses within
- * different tables to 4 accesses with additional arithmetic
- * operations within the same table. The performance gain/loss
- * depends on the system and memory details.
- *
- * This option is independent of \c MBEDTLS_AES_ROM_TABLES.
- */
-//#define MBEDTLS_AES_FEWER_TABLES
-
-/**
- * \def MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
- *
- * Use only 128-bit keys in AES operations to save ROM.
- *
- * Uncomment this macro to remove support for AES operations that use 192-
- * or 256-bit keys.
- *
- * Uncommenting this macro reduces the size of AES code by ~300 bytes
- * on v8-M/Thumb2.
- *
- * Module: library/aes.c
- *
- * Requires: MBEDTLS_AES_C
- */
-//#define MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
-
-/*
- * Disable plain C implementation for AES.
- *
- * When the plain C implementation is enabled, and an implementation using a
- * special CPU feature (such as MBEDTLS_AESCE_C) is also enabled, runtime
- * detection will be used to select between them.
- *
- * If only one implementation is present, runtime detection will not be used.
- * This configuration will crash at runtime if running on a CPU without the
- * necessary features. It will not build unless at least one of MBEDTLS_AESCE_C
- * and/or MBEDTLS_AESNI_C is enabled & present in the build.
- */
-//#define MBEDTLS_AES_USE_HARDWARE_ONLY
-
-/**
- * \def MBEDTLS_CAMELLIA_SMALL_MEMORY
- *
- * Use less ROM for the Camellia implementation (saves about 768 bytes).
- *
- * Uncomment this macro to use less memory for Camellia.
- */
-//#define MBEDTLS_CAMELLIA_SMALL_MEMORY
-
-/**
- * \def MBEDTLS_CHECK_RETURN_WARNING
- *
- * If this macro is defined, emit a compile-time warning if application code
- * calls a function without checking its return value, but the return value
- * should generally be checked in portable applications.
- *
- * This is only supported on platforms where #MBEDTLS_CHECK_RETURN is
- * implemented. Otherwise this option has no effect.
- *
- * Uncomment to get warnings on using fallible functions without checking
- * their return value.
- *
- * \note This feature is a work in progress.
- * Warnings will be added to more functions in the future.
- *
- * \note A few functions are considered critical, and ignoring the return
- * value of these functions will trigger a warning even if this
- * macro is not defined. To completely disable return value check
- * warnings, define #MBEDTLS_CHECK_RETURN with an empty expansion.
- */
-//#define MBEDTLS_CHECK_RETURN_WARNING
-
-/**
- * \def MBEDTLS_CIPHER_MODE_CBC
- *
- * Enable Cipher Block Chaining mode (CBC) for symmetric ciphers.
- */
-#define MBEDTLS_CIPHER_MODE_CBC
-
-/**
- * \def MBEDTLS_CIPHER_MODE_CFB
- *
- * Enable Cipher Feedback mode (CFB) for symmetric ciphers.
- */
-//#define MBEDTLS_CIPHER_MODE_CFB /* !!OM */
-
-/**
- * \def MBEDTLS_CIPHER_MODE_CTR
- *
- * Enable Counter Block Cipher mode (CTR) for symmetric ciphers.
- */
-#define MBEDTLS_CIPHER_MODE_CTR
-
-/**
- * \def MBEDTLS_CIPHER_MODE_OFB
- *
- * Enable Output Feedback mode (OFB) for symmetric ciphers.
- */
-//#define MBEDTLS_CIPHER_MODE_OFB /* !!OM */
-
-/**
- * \def MBEDTLS_CIPHER_MODE_XTS
- *
- * Enable Xor-encrypt-xor with ciphertext stealing mode (XTS) for AES.
- */
-//#define MBEDTLS_CIPHER_MODE_XTS /* !!OM */
-
-/**
- * \def MBEDTLS_CIPHER_NULL_CIPHER
- *
- * Enable NULL cipher.
- * Warning: Only do so when you know what you are doing. This allows for
- * encryption or channels without any security!
- *
- * To enable the following ciphersuites:
- * MBEDTLS_TLS_ECDH_ECDSA_WITH_NULL_SHA
- * MBEDTLS_TLS_ECDH_RSA_WITH_NULL_SHA
- * MBEDTLS_TLS_ECDHE_ECDSA_WITH_NULL_SHA
- * MBEDTLS_TLS_ECDHE_RSA_WITH_NULL_SHA
- * MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA384
- * MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA256
- * MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA
- * MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA384
- * MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA256
- * MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA
- * MBEDTLS_TLS_RSA_WITH_NULL_SHA256
- * MBEDTLS_TLS_RSA_WITH_NULL_SHA
- * MBEDTLS_TLS_RSA_WITH_NULL_MD5
- * MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA384
- * MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA256
- * MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA
- * MBEDTLS_TLS_PSK_WITH_NULL_SHA384
- * MBEDTLS_TLS_PSK_WITH_NULL_SHA256
- * MBEDTLS_TLS_PSK_WITH_NULL_SHA
- *
- * Uncomment this macro to enable the NULL cipher and ciphersuites
- */
-//#define MBEDTLS_CIPHER_NULL_CIPHER
-
-/**
- * \def MBEDTLS_CIPHER_PADDING_PKCS7
- *
- * MBEDTLS_CIPHER_PADDING_XXX: Uncomment or comment macros to add support for
- * specific padding modes in the cipher layer with cipher modes that support
- * padding (e.g. CBC)
- *
- * If you disable all padding modes, only full blocks can be used with CBC.
- *
- * Enable padding modes in the cipher layer.
- */
-#define MBEDTLS_CIPHER_PADDING_PKCS7
-#define MBEDTLS_CIPHER_PADDING_ONE_AND_ZEROS
-#define MBEDTLS_CIPHER_PADDING_ZEROS_AND_LEN
-#define MBEDTLS_CIPHER_PADDING_ZEROS
-
-/** \def MBEDTLS_CTR_DRBG_USE_128_BIT_KEY
- *
- * Uncomment this macro to use a 128-bit key in the CTR_DRBG module.
- * Without this, CTR_DRBG uses a 256-bit key
- * unless \c MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH is set.
- */
-//#define MBEDTLS_CTR_DRBG_USE_128_BIT_KEY
-
-/**
- * Enable the verified implementations of ECDH primitives from Project Everest
- * (currently only Curve25519). This feature changes the layout of ECDH
- * contexts and therefore is a compatibility break for applications that access
- * fields of a mbedtls_ecdh_context structure directly. See also
- * MBEDTLS_ECDH_LEGACY_CONTEXT in include/mbedtls/ecdh.h.
- *
- * The Everest code is provided under the Apache 2.0 license only; therefore enabling this
- * option is not compatible with taking the library under the GPL v2.0-or-later license.
- */
-//#define MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED
-
-/**
- * \def MBEDTLS_ECP_DP_SECP192R1_ENABLED
- *
- * MBEDTLS_ECP_XXXX_ENABLED: Enables specific curves within the Elliptic Curve
- * module. By default all supported curves are enabled.
- *
- * Comment macros to disable the curve and functions for it
- */
-/* Short Weierstrass curves (supporting ECP, ECDH, ECDSA) */
-//#define MBEDTLS_ECP_DP_SECP192R1_ENABLED /* !!OM */
-#define MBEDTLS_ECP_DP_SECP224R1_ENABLED
-#define MBEDTLS_ECP_DP_SECP256R1_ENABLED
-#define MBEDTLS_ECP_DP_SECP384R1_ENABLED
-//#define MBEDTLS_ECP_DP_SECP521R1_ENABLED /* !!OM */
-//#define MBEDTLS_ECP_DP_SECP192K1_ENABLED /* !!OM */
-//#define MBEDTLS_ECP_DP_SECP224K1_ENABLED /* !!OM */
-//#define MBEDTLS_ECP_DP_SECP256K1_ENABLED /* !!OM */
-//#define MBEDTLS_ECP_DP_BP256R1_ENABLED /* !!OM */
-//#define MBEDTLS_ECP_DP_BP384R1_ENABLED /* !!OM */
-//#define MBEDTLS_ECP_DP_BP512R1_ENABLED /* !!OM */
-/* Montgomery curves (supporting ECP) */
-#define MBEDTLS_ECP_DP_CURVE25519_ENABLED
-//#define MBEDTLS_ECP_DP_CURVE448_ENABLED /* !!OM */
-
-/**
- * \def MBEDTLS_ECP_NIST_OPTIM
- *
- * Enable specific 'modulo p' routines for each NIST prime.
- * Depending on the prime and architecture, makes operations 4 to 8 times
- * faster on the corresponding curve.
- *
- * Comment this macro to disable NIST curves optimisation.
- */
-#define MBEDTLS_ECP_NIST_OPTIM
-
-/**
- * \def MBEDTLS_ECP_RESTARTABLE
- *
- * Enable "non-blocking" ECC operations that can return early and be resumed.
- *
- * This allows various functions to pause by returning
- * #MBEDTLS_ERR_ECP_IN_PROGRESS (or, for functions in the SSL module,
- * #MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS) and then be called later again in
- * order to further progress and eventually complete their operation. This is
- * controlled through mbedtls_ecp_set_max_ops() which limits the maximum
- * number of ECC operations a function may perform before pausing; see
- * mbedtls_ecp_set_max_ops() for more information.
- *
- * This is useful in non-threaded environments if you want to avoid blocking
- * for too long on ECC (and, hence, X.509 or SSL/TLS) operations.
- *
- * This option:
- * - Adds xxx_restartable() variants of existing operations in the
- * following modules, with corresponding restart context types:
- * - ECP (for Short Weierstrass curves only): scalar multiplication (mul),
- * linear combination (muladd);
- * - ECDSA: signature generation & verification;
- * - PK: signature generation & verification;
- * - X509: certificate chain verification.
- * - Adds mbedtls_ecdh_enable_restart() in the ECDH module.
- * - Changes the behaviour of TLS 1.2 clients (not servers) when using the
- * ECDHE-ECDSA key exchange (not other key exchanges) to make all ECC
- * computations restartable:
- * - ECDH operations from the key exchange, only for Short Weierstrass
- * curves, only when MBEDTLS_USE_PSA_CRYPTO is not enabled.
- * - verification of the server's key exchange signature;
- * - verification of the server's certificate chain;
- * - generation of the client's signature if client authentication is used,
- * with an ECC key/certificate.
- *
- * \note In the cases above, the usual SSL/TLS functions, such as
- * mbedtls_ssl_handshake(), can now return
- * MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS.
- *
- * \note When this option and MBEDTLS_USE_PSA_CRYPTO are both enabled,
- * restartable operations in PK, X.509 and TLS (see above) are not
- * using PSA. On the other hand, ECDH computations in TLS are using
- * PSA, and are not restartable. These are temporary limitations that
- * should be lifted in the future.
- *
- * \note This option only works with the default software implementation of
- * elliptic curve functionality. It is incompatible with
- * MBEDTLS_ECP_ALT, MBEDTLS_ECDH_XXX_ALT, MBEDTLS_ECDSA_XXX_ALT.
- *
- * Requires: MBEDTLS_ECP_C
- *
- * Uncomment this macro to enable restartable ECC computations.
- */
-//#define MBEDTLS_ECP_RESTARTABLE
-
-/**
- * Uncomment to enable using new bignum code in the ECC modules.
- *
- * \warning This is currently experimental, incomplete and therefore should not
- * be used in production.
- */
-//#define MBEDTLS_ECP_WITH_MPI_UINT
-
-/**
- * \def MBEDTLS_ECDSA_DETERMINISTIC
- *
- * Enable deterministic ECDSA (RFC 6979).
- * Standard ECDSA is "fragile" in the sense that lack of entropy when signing
- * may result in a compromise of the long-term signing key. This is avoided by
- * the deterministic variant.
- *
- * Requires: MBEDTLS_HMAC_DRBG_C, MBEDTLS_ECDSA_C
- *
- * Comment this macro to disable deterministic ECDSA.
- */
-#define MBEDTLS_ECDSA_DETERMINISTIC
-
-/**
- * \def MBEDTLS_KEY_EXCHANGE_PSK_ENABLED
- *
- * Enable the PSK based ciphersuite modes in SSL / TLS.
- *
- * This enables the following ciphersuites (if other requisites are
- * enabled as well):
- * MBEDTLS_TLS_PSK_WITH_AES_256_GCM_SHA384
- * MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA384
- * MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA
- * MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384
- * MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384
- * MBEDTLS_TLS_PSK_WITH_AES_128_GCM_SHA256
- * MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA256
- * MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA
- * MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256
- * MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256
- */
-#define MBEDTLS_KEY_EXCHANGE_PSK_ENABLED
-
-/**
- * \def MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED
- *
- * Enable the DHE-PSK based ciphersuite modes in SSL / TLS.
- *
- * Requires: MBEDTLS_DHM_C
- *
- * This enables the following ciphersuites (if other requisites are
- * enabled as well):
- * MBEDTLS_TLS_DHE_PSK_WITH_AES_256_GCM_SHA384
- * MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA384
- * MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA
- * MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384
- * MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384
- * MBEDTLS_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256
- * MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256
- * MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA
- * MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256
- * MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256
- *
- * \warning Using DHE constitutes a security risk as it
- * is not possible to validate custom DH parameters.
- * If possible, it is recommended users should consider
- * preferring other methods of key exchange.
- * See dhm.h for more details.
- *
- */
-//#define MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED /* !!OM */
-
-/**
- * \def MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
- *
- * Enable the ECDHE-PSK based ciphersuite modes in SSL / TLS.
- *
- * Requires: MBEDTLS_ECDH_C or (MBEDTLS_USE_PSA_CRYPTO and PSA_WANT_ALG_ECDH)
- *
- * This enables the following ciphersuites (if other requisites are
- * enabled as well):
- * MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384
- * MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA
- * MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384
- * MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256
- * MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA
- * MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256
- */
-#define MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
-
-/**
- * \def MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED
- *
- * Enable the RSA-PSK based ciphersuite modes in SSL / TLS.
- *
- * Requires: MBEDTLS_RSA_C, MBEDTLS_PKCS1_V15,
- * MBEDTLS_X509_CRT_PARSE_C
- *
- * This enables the following ciphersuites (if other requisites are
- * enabled as well):
- * MBEDTLS_TLS_RSA_PSK_WITH_AES_256_GCM_SHA384
- * MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA384
- * MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA
- * MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384
- * MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384
- * MBEDTLS_TLS_RSA_PSK_WITH_AES_128_GCM_SHA256
- * MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA256
- * MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA
- * MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256
- * MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256
- */
-#define MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED
-
-/**
- * \def MBEDTLS_KEY_EXCHANGE_RSA_ENABLED
- *
- * Enable the RSA-only based ciphersuite modes in SSL / TLS.
- *
- * Requires: MBEDTLS_RSA_C, MBEDTLS_PKCS1_V15,
- * MBEDTLS_X509_CRT_PARSE_C
- *
- * This enables the following ciphersuites (if other requisites are
- * enabled as well):
- * MBEDTLS_TLS_RSA_WITH_AES_256_GCM_SHA384
- * MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA256
- * MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA
- * MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384
- * MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256
- * MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA
- * MBEDTLS_TLS_RSA_WITH_AES_128_GCM_SHA256
- * MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA256
- * MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA
- * MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256
- * MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256
- * MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA
- */
-#define MBEDTLS_KEY_EXCHANGE_RSA_ENABLED
-
-/**
- * \def MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED
- *
- * Enable the DHE-RSA based ciphersuite modes in SSL / TLS.
- *
- * Requires: MBEDTLS_DHM_C, MBEDTLS_RSA_C, MBEDTLS_PKCS1_V15,
- * MBEDTLS_X509_CRT_PARSE_C
- *
- * This enables the following ciphersuites (if other requisites are
- * enabled as well):
- * MBEDTLS_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
- * MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
- * MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA
- * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384
- * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256
- * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA
- * MBEDTLS_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
- * MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
- * MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA
- * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256
- * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256
- * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA
- *
- * \warning Using DHE constitutes a security risk as it
- * is not possible to validate custom DH parameters.
- * If possible, it is recommended users should consider
- * preferring other methods of key exchange.
- * See dhm.h for more details.
- *
- */
-//#define MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED /* !!OM */
-
-/**
- * \def MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED
- *
- * Enable the ECDHE-RSA based ciphersuite modes in SSL / TLS.
- *
- * Requires: MBEDTLS_ECDH_C or (MBEDTLS_USE_PSA_CRYPTO and PSA_WANT_ALG_ECDH)
- * MBEDTLS_RSA_C
- * MBEDTLS_PKCS1_V15
- * MBEDTLS_X509_CRT_PARSE_C
- *
- * This enables the following ciphersuites (if other requisites are
- * enabled as well):
- * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
- * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
- * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
- * MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384
- * MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384
- * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
- * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
- * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
- * MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256
- * MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256
- */
-#define MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED
-
-/**
- * \def MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
- *
- * Enable the ECDHE-ECDSA based ciphersuite modes in SSL / TLS.
- *
- * Requires: MBEDTLS_ECDH_C or (MBEDTLS_USE_PSA_CRYPTO and PSA_WANT_ALG_ECDH)
- * MBEDTLS_ECDSA_C or (MBEDTLS_USE_PSA_CRYPTO and PSA_WANT_ALG_ECDSA)
- * MBEDTLS_X509_CRT_PARSE_C
- *
- * This enables the following ciphersuites (if other requisites are
- * enabled as well):
- * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
- * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
- * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
- * MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384
- * MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384
- * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
- * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
- * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
- * MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256
- * MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256
- */
-#define MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
-
-/**
- * \def MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED
- *
- * Enable the ECDH-ECDSA based ciphersuite modes in SSL / TLS.
- *
- * Requires: MBEDTLS_ECDH_C or (MBEDTLS_USE_PSA_CRYPTO and PSA_WANT_ALG_ECDH)
- * MBEDTLS_ECDSA_C or (MBEDTLS_USE_PSA_CRYPTO and PSA_WANT_ALG_ECDSA)
- * MBEDTLS_X509_CRT_PARSE_C
- *
- * This enables the following ciphersuites (if other requisites are
- * enabled as well):
- * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA
- * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
- * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
- * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
- * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256
- * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384
- * MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256
- * MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384
- * MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256
- * MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384
- */
-#define MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED
-
-/**
- * \def MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED
- *
- * Enable the ECDH-RSA based ciphersuite modes in SSL / TLS.
- *
- * Requires: MBEDTLS_ECDH_C or (MBEDTLS_USE_PSA_CRYPTO and PSA_WANT_ALG_ECDH)
- * MBEDTLS_RSA_C
- * MBEDTLS_X509_CRT_PARSE_C
- *
- * This enables the following ciphersuites (if other requisites are
- * enabled as well):
- * MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA
- * MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
- * MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256
- * MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
- * MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256
- * MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384
- * MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256
- * MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384
- * MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256
- * MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384
- */
-#define MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED
-
-/**
- * \def MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED
- *
- * Enable the ECJPAKE based ciphersuite modes in SSL / TLS.
- *
- * \warning This is currently experimental. EC J-PAKE support is based on the
- * Thread v1.0.0 specification; incompatible changes to the specification
- * might still happen. For this reason, this is disabled by default.
- *
- * Requires: MBEDTLS_ECJPAKE_C or (MBEDTLS_USE_PSA_CRYPTO and PSA_WANT_ALG_JPAKE)
- * SHA-256 (via MBEDTLS_SHA256_C or a PSA driver)
- * MBEDTLS_ECP_DP_SECP256R1_ENABLED
- *
- * \warning If SHA-256 is provided only by a PSA driver, you must call
- * psa_crypto_init() before the first hanshake (even if
- * MBEDTLS_USE_PSA_CRYPTO is disabled).
- *
- * This enables the following ciphersuites (if other requisites are
- * enabled as well):
- * MBEDTLS_TLS_ECJPAKE_WITH_AES_128_CCM_8
- */
-//#define MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED
-
-/**
- * \def MBEDTLS_PK_PARSE_EC_EXTENDED
- *
- * Enhance support for reading EC keys using variants of SEC1 not allowed by
- * RFC 5915 and RFC 5480.
- *
- * Currently this means parsing the SpecifiedECDomain choice of EC
- * parameters (only known groups are supported, not arbitrary domains, to
- * avoid validation issues).
- *
- * Disable if you only need to support RFC 5915 + 5480 key formats.
- */
-#define MBEDTLS_PK_PARSE_EC_EXTENDED
-
-/**
- * \def MBEDTLS_PK_PARSE_EC_COMPRESSED
- *
- * Enable the support for parsing public keys of type Short Weierstrass
- * (MBEDTLS_ECP_DP_SECP_XXX and MBEDTLS_ECP_DP_BP_XXX) which are using the
- * compressed point format. This parsing is done through ECP module's functions.
- *
- * \note As explained in the description of MBEDTLS_ECP_PF_COMPRESSED (in ecp.h)
- * the only unsupported curves are MBEDTLS_ECP_DP_SECP224R1 and
- * MBEDTLS_ECP_DP_SECP224K1.
- */
-//#define MBEDTLS_PK_PARSE_EC_COMPRESSED /* !!OM */
-
-/**
- * \def MBEDTLS_ERROR_STRERROR_DUMMY
- *
- * Enable a dummy error function to make use of mbedtls_strerror() in
- * third party libraries easier when MBEDTLS_ERROR_C is disabled
- * (no effect when MBEDTLS_ERROR_C is enabled).
- *
- * You can safely disable this if MBEDTLS_ERROR_C is enabled, or if you're
- * not using mbedtls_strerror() or error_strerror() in your application.
- *
- * Disable if you run into name conflicts and want to really remove the
- * mbedtls_strerror()
- */
-#define MBEDTLS_ERROR_STRERROR_DUMMY
-
-/**
- * \def MBEDTLS_GENPRIME
- *
- * Enable the prime-number generation code.
- *
- * Requires: MBEDTLS_BIGNUM_C
- */
-//#define MBEDTLS_GENPRIME /* !!OM */
-
-/**
- * \def MBEDTLS_FS_IO
- *
- * Enable functions that use the filesystem.
- */
-#define MBEDTLS_FS_IO
-
-/**
- * \def MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES
- *
- * Do not add default entropy sources in mbedtls_entropy_init().
- *
- * This is useful to have more control over the added entropy sources in an
- * application.
- *
- * Uncomment this macro to prevent loading of default entropy functions.
- */
-//#define MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES
-
-/**
- * \def MBEDTLS_NO_PLATFORM_ENTROPY
- *
- * Do not use built-in platform entropy functions.
- * This is useful if your platform does not support
- * standards like the /dev/urandom or Windows CryptoAPI.
- *
- * Uncomment this macro to disable the built-in platform entropy functions.
- */
-//#define MBEDTLS_NO_PLATFORM_ENTROPY
-
-/**
- * \def MBEDTLS_ENTROPY_FORCE_SHA256
- *
- * Force the entropy accumulator to use a SHA-256 accumulator instead of the
- * default SHA-512 based one (if both are available).
- *
- * Requires: MBEDTLS_SHA256_C
- *
- * On 32-bit systems SHA-256 can be much faster than SHA-512. Use this option
- * if you have performance concerns.
- *
- * This option is only useful if both MBEDTLS_SHA256_C and
- * MBEDTLS_SHA512_C are defined. Otherwise the available hash module is used.
- */
-//#define MBEDTLS_ENTROPY_FORCE_SHA256
-
-/**
- * \def MBEDTLS_ENTROPY_NV_SEED
- *
- * Enable the non-volatile (NV) seed file-based entropy source.
- * (Also enables the NV seed read/write functions in the platform layer)
- *
- * This is crucial (if not required) on systems that do not have a
- * cryptographic entropy source (in hardware or kernel) available.
- *
- * Requires: MBEDTLS_ENTROPY_C, MBEDTLS_PLATFORM_C
- *
- * \note The read/write functions that are used by the entropy source are
- * determined in the platform layer, and can be modified at runtime and/or
- * compile-time depending on the flags (MBEDTLS_PLATFORM_NV_SEED_*) used.
- *
- * \note If you use the default implementation functions that read a seedfile
- * with regular fopen(), please make sure you make a seedfile with the
- * proper name (defined in MBEDTLS_PLATFORM_STD_NV_SEED_FILE) and at
- * least MBEDTLS_ENTROPY_BLOCK_SIZE bytes in size that can be read from
- * and written to or you will get an entropy source error! The default
- * implementation will only use the first MBEDTLS_ENTROPY_BLOCK_SIZE
- * bytes from the file.
- *
- * \note The entropy collector will write to the seed file before entropy is
- * given to an external source, to update it.
- */
-//#define MBEDTLS_ENTROPY_NV_SEED
-
-/* MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER
- *
- * Enable key identifiers that encode a key owner identifier.
- *
- * The owner of a key is identified by a value of type ::mbedtls_key_owner_id_t
- * which is currently hard-coded to be int32_t.
- *
- * Note that this option is meant for internal use only and may be removed
- * without notice.
- */
-//#define MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER
-
-/**
- * \def MBEDTLS_MEMORY_DEBUG
- *
- * Enable debugging of buffer allocator memory issues. Automatically prints
- * (to stderr) all (fatal) messages on memory allocation issues. Enables
- * function for 'debug output' of allocated memory.
- *
- * Requires: MBEDTLS_MEMORY_BUFFER_ALLOC_C
- *
- * Uncomment this macro to let the buffer allocator print out error messages.
- */
-//#define MBEDTLS_MEMORY_DEBUG
-
-/**
- * \def MBEDTLS_MEMORY_BACKTRACE
- *
- * Include backtrace information with each allocated block.
- *
- * Requires: MBEDTLS_MEMORY_BUFFER_ALLOC_C
- * GLIBC-compatible backtrace() and backtrace_symbols() support
- *
- * Uncomment this macro to include backtrace information
- */
-//#define MBEDTLS_MEMORY_BACKTRACE
-
-/**
- * \def MBEDTLS_PK_RSA_ALT_SUPPORT
- *
- * Support external private RSA keys (eg from a HSM) in the PK layer.
- *
- * Comment this macro to disable support for external private RSA keys.
- */
-#define MBEDTLS_PK_RSA_ALT_SUPPORT
-
-/**
- * \def MBEDTLS_PKCS1_V15
- *
- * Enable support for PKCS#1 v1.5 encoding.
- *
- * Requires: MBEDTLS_RSA_C
- *
- * This enables support for PKCS#1 v1.5 operations.
- */
-#define MBEDTLS_PKCS1_V15
-
-/**
- * \def MBEDTLS_PKCS1_V21
- *
- * Enable support for PKCS#1 v2.1 encoding.
- *
- * Requires: MBEDTLS_RSA_C
- *
- * \warning If using a hash that is only provided by PSA drivers, you must
- * call psa_crypto_init() before doing any PKCS#1 v2.1 operation.
- *
- * This enables support for RSAES-OAEP and RSASSA-PSS operations.
- */
-#define MBEDTLS_PKCS1_V21
-
-/** \def MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS
- *
- * Enable support for platform built-in keys. If you enable this feature,
- * you must implement the function mbedtls_psa_platform_get_builtin_key().
- * See the documentation of that function for more information.
- *
- * Built-in keys are typically derived from a hardware unique key or
- * stored in a secure element.
- *
- * Requires: MBEDTLS_PSA_CRYPTO_C.
- *
- * \warning This interface is experimental and may change or be removed
- * without notice.
- */
-//#define MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS
-
-/** \def MBEDTLS_PSA_CRYPTO_CLIENT
- *
- * Enable support for PSA crypto client.
- *
- * \note This option allows to include the code necessary for a PSA
- * crypto client when the PSA crypto implementation is not included in
- * the library (MBEDTLS_PSA_CRYPTO_C disabled). The code included is the
- * code to set and get PSA key attributes.
- * The development of PSA drivers partially relying on the library to
- * fulfill the hardware gaps is another possible usage of this option.
- *
- * \warning This interface is experimental and may change or be removed
- * without notice.
- */
-#define MBEDTLS_PSA_CRYPTO_CLIENT /* !!OM */
-
-/** \def MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG
- *
- * Make the PSA Crypto module use an external random generator provided
- * by a driver, instead of Mbed TLS's entropy and DRBG modules.
- *
- * \note This random generator must deliver random numbers with cryptographic
- * quality and high performance. It must supply unpredictable numbers
- * with a uniform distribution. The implementation of this function
- * is responsible for ensuring that the random generator is seeded
- * with sufficient entropy. If you have a hardware TRNG which is slow
- * or delivers non-uniform output, declare it as an entropy source
- * with mbedtls_entropy_add_source() instead of enabling this option.
- *
- * If you enable this option, you must configure the type
- * ::mbedtls_psa_external_random_context_t in psa/crypto_platform.h
- * and define a function called mbedtls_psa_external_get_random()
- * with the following prototype:
- * ```
- * psa_status_t mbedtls_psa_external_get_random(
- * mbedtls_psa_external_random_context_t *context,
- * uint8_t *output, size_t output_size, size_t *output_length);
- * );
- * ```
- * The \c context value is initialized to 0 before the first call.
- * The function must fill the \c output buffer with \c output_size bytes
- * of random data and set \c *output_length to \c output_size.
- *
- * Requires: MBEDTLS_PSA_CRYPTO_C
- *
- * \warning If you enable this option, code that uses the PSA cryptography
- * interface will not use any of the entropy sources set up for
- * the entropy module, nor the NV seed that MBEDTLS_ENTROPY_NV_SEED
- * enables.
- *
- * \note This option is experimental and may be removed without notice.
- */
-//#define MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG
-
-/**
- * \def MBEDTLS_PSA_CRYPTO_SPM
- *
- * When MBEDTLS_PSA_CRYPTO_SPM is defined, the code is built for SPM (Secure
- * Partition Manager) integration which separates the code into two parts: a
- * NSPE (Non-Secure Process Environment) and an SPE (Secure Process
- * Environment).
- *
- * If you enable this option, your build environment must include a header
- * file `"crypto_spe.h"` (either in the `psa` subdirectory of the Mbed TLS
- * header files, or in another directory on the compiler's include search
- * path). Alternatively, your platform may customize the header
- * `psa/crypto_platform.h`, in which case it can skip or replace the
- * inclusion of `"crypto_spe.h"`.
- *
- * Module: library/psa_crypto.c
- * Requires: MBEDTLS_PSA_CRYPTO_C
- *
- */
-//#define MBEDTLS_PSA_CRYPTO_SPM
-
-/**
- * Uncomment to enable p256-m. This is an alternative implementation of
- * key generation, ECDH and (randomized) ECDSA on the curve SECP256R1.
- * Compared to the default implementation:
- *
- * - p256-m has a much smaller code size and RAM footprint.
- * - p256-m is only available via the PSA API. This includes the pk module
- * when #MBEDTLS_USE_PSA_CRYPTO is enabled.
- * - p256-m does not support deterministic ECDSA, EC-JPAKE, custom protocols
- * over the core arithmetic, or deterministic derivation of keys.
- *
- * We recommend enabling this option if your application uses the PSA API
- * and the only elliptic curve support it needs is ECDH and ECDSA over
- * SECP256R1.
- *
- * If you enable this option, you do not need to enable any ECC-related
- * MBEDTLS_xxx option. You do need to separately request support for the
- * cryptographic mechanisms through the PSA API:
- * - #MBEDTLS_PSA_CRYPTO_C and #MBEDTLS_PSA_CRYPTO_CONFIG for PSA-based
- * configuration;
- * - #MBEDTLS_USE_PSA_CRYPTO if you want to use p256-m from PK, X.509 or TLS;
- * - #PSA_WANT_ECC_SECP_R1_256;
- * - #PSA_WANT_ALG_ECDH and/or #PSA_WANT_ALG_ECDSA as needed;
- * - #PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY, #PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC,
- * #PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT,
- * #PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_EXPORT and/or
- * #PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE as needed.
- *
- * \note To benefit from the smaller code size of p256-m, make sure that you
- * do not enable any ECC-related option not supported by p256-m: this
- * would cause the built-in ECC implementation to be built as well, in
- * order to provide the required option.
- * Make sure #PSA_WANT_ALG_DETERMINISTIC_ECDSA, #PSA_WANT_ALG_JPAKE and
- * #PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE, and curves other than
- * SECP256R1 are disabled as they are not supported by this driver.
- * Also, avoid defining #MBEDTLS_PK_PARSE_EC_COMPRESSED or
- * #MBEDTLS_PK_PARSE_EC_EXTENDED as those currently require a subset of
- * the built-in ECC implementation, see docs/driver-only-builds.md.
- */
-//#define MBEDTLS_PSA_P256M_DRIVER_ENABLED
-
-/**
- * \def MBEDTLS_PSA_INJECT_ENTROPY
- *
- * Enable support for entropy injection at first boot. This feature is
- * required on systems that do not have a built-in entropy source (TRNG).
- * This feature is currently not supported on systems that have a built-in
- * entropy source.
- *
- * Requires: MBEDTLS_PSA_CRYPTO_STORAGE_C, MBEDTLS_ENTROPY_NV_SEED
- *
- */
-//#define MBEDTLS_PSA_INJECT_ENTROPY
-
-/**
- * \def MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS
- *
- * Assume all buffers passed to PSA functions are owned exclusively by the
- * PSA function and are not stored in shared memory.
- *
- * This option may be enabled if all buffers passed to any PSA function reside
- * in memory that is accessible only to the PSA function during its execution.
- *
- * This option MUST be disabled whenever buffer arguments are in memory shared
- * with an untrusted party, for example where arguments to PSA calls are passed
- * across a trust boundary.
- *
- * \note Enabling this option reduces memory usage and code size.
- *
- * \note Enabling this option causes overlap of input and output buffers
- * not to be supported by PSA functions.
- */
-//#define MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS
-
-/**
- * \def MBEDTLS_RSA_NO_CRT
- *
- * Do not use the Chinese Remainder Theorem
- * for the RSA private operation.
- *
- * Uncomment this macro to disable the use of CRT in RSA.
- *
- */
-//#define MBEDTLS_RSA_NO_CRT
-
-/**
- * \def MBEDTLS_SELF_TEST
- *
- * Enable the checkup functions (*_self_test).
- */
-#define MBEDTLS_SELF_TEST
-
-/**
- * \def MBEDTLS_SHA256_SMALLER
- *
- * Enable an implementation of SHA-256 that has lower ROM footprint but also
- * lower performance.
- *
- * The default implementation is meant to be a reasonable compromise between
- * performance and size. This version optimizes more aggressively for size at
- * the expense of performance. Eg on Cortex-M4 it reduces the size of
- * mbedtls_sha256_process() from ~2KB to ~0.5KB for a performance hit of about
- * 30%.
- *
- * Uncomment to enable the smaller implementation of SHA256.
- */
-//#define MBEDTLS_SHA256_SMALLER
-
-/**
- * \def MBEDTLS_SHA512_SMALLER
- *
- * Enable an implementation of SHA-512 that has lower ROM footprint but also
- * lower performance.
- *
- * Uncomment to enable the smaller implementation of SHA512.
- */
-//#define MBEDTLS_SHA512_SMALLER
-
-/**
- * \def MBEDTLS_SSL_ALL_ALERT_MESSAGES
- *
- * Enable sending of alert messages in case of encountered errors as per RFC.
- * If you choose not to send the alert messages, Mbed TLS can still communicate
- * with other servers, only debugging of failures is harder.
- *
- * The advantage of not sending alert messages, is that no information is given
- * about reasons for failures thus preventing adversaries of gaining intel.
- *
- * Enable sending of all alert messages
- */
-#define MBEDTLS_SSL_ALL_ALERT_MESSAGES
-
-/**
- * \def MBEDTLS_SSL_DTLS_CONNECTION_ID
- *
- * Enable support for the DTLS Connection ID (CID) extension,
- * which allows to identify DTLS connections across changes
- * in the underlying transport. The CID functionality is described
- * in RFC 9146.
- *
- * Setting this option enables the SSL APIs `mbedtls_ssl_set_cid()`,
- * mbedtls_ssl_get_own_cid()`, `mbedtls_ssl_get_peer_cid()` and
- * `mbedtls_ssl_conf_cid()`. See the corresponding documentation for
- * more information.
- *
- * The maximum lengths of outgoing and incoming CIDs can be configured
- * through the options
- * - MBEDTLS_SSL_CID_OUT_LEN_MAX
- * - MBEDTLS_SSL_CID_IN_LEN_MAX.
- *
- * Requires: MBEDTLS_SSL_PROTO_DTLS
- *
- * Uncomment to enable the Connection ID extension.
- */
-#define MBEDTLS_SSL_DTLS_CONNECTION_ID
-
-
-/**
- * \def MBEDTLS_SSL_DTLS_CONNECTION_ID_COMPAT
- *
- * Defines whether RFC 9146 (default) or the legacy version
- * (version draft-ietf-tls-dtls-connection-id-05,
- * https://tools.ietf.org/html/draft-ietf-tls-dtls-connection-id-05)
- * is used.
- *
- * Set the value to 0 for the standard version, and
- * 1 for the legacy draft version.
- *
- * \deprecated Support for the legacy version of the DTLS
- * Connection ID feature is deprecated. Please
- * switch to the standardized version defined
- * in RFC 9146 enabled by utilizing
- * MBEDTLS_SSL_DTLS_CONNECTION_ID without use
- * of MBEDTLS_SSL_DTLS_CONNECTION_ID_COMPAT.
- *
- * Requires: MBEDTLS_SSL_DTLS_CONNECTION_ID
- */
-#define MBEDTLS_SSL_DTLS_CONNECTION_ID_COMPAT 0
-
-/**
- * \def MBEDTLS_SSL_ASYNC_PRIVATE
- *
- * Enable asynchronous external private key operations in SSL. This allows
- * you to configure an SSL connection to call an external cryptographic
- * module to perform private key operations instead of performing the
- * operation inside the library.
- *
- * Requires: MBEDTLS_X509_CRT_PARSE_C
- */
-//#define MBEDTLS_SSL_ASYNC_PRIVATE
-
-/**
- * \def MBEDTLS_SSL_CONTEXT_SERIALIZATION
- *
- * Enable serialization of the TLS context structures, through use of the
- * functions mbedtls_ssl_context_save() and mbedtls_ssl_context_load().
- *
- * This pair of functions allows one side of a connection to serialize the
- * context associated with the connection, then free or re-use that context
- * while the serialized state is persisted elsewhere, and finally deserialize
- * that state to a live context for resuming read/write operations on the
- * connection. From a protocol perspective, the state of the connection is
- * unaffected, in particular this is entirely transparent to the peer.
- *
- * Note: this is distinct from TLS session resumption, which is part of the
- * protocol and fully visible by the peer. TLS session resumption enables
- * establishing new connections associated to a saved session with shorter,
- * lighter handshakes, while context serialization is a local optimization in
- * handling a single, potentially long-lived connection.
- *
- * Enabling these APIs makes some SSL structures larger, as 64 extra bytes are
- * saved after the handshake to allow for more efficient serialization, so if
- * you don't need this feature you'll save RAM by disabling it.
- *
- * Requires: MBEDTLS_GCM_C or MBEDTLS_CCM_C or MBEDTLS_CHACHAPOLY_C
- *
- * Comment to disable the context serialization APIs.
- */
-#define MBEDTLS_SSL_CONTEXT_SERIALIZATION
-
-/**
- * \def MBEDTLS_SSL_DEBUG_ALL
- *
- * Enable the debug messages in SSL module for all issues.
- * Debug messages have been disabled in some places to prevent timing
- * attacks due to (unbalanced) debugging function calls.
- *
- * If you need all error reporting you should enable this during debugging,
- * but remove this for production servers that should log as well.
- *
- * Uncomment this macro to report all debug messages on errors introducing
- * a timing side-channel.
- *
- */
-//#define MBEDTLS_SSL_DEBUG_ALL
-
-/** \def MBEDTLS_SSL_ENCRYPT_THEN_MAC
- *
- * Enable support for Encrypt-then-MAC, RFC 7366.
- *
- * This allows peers that both support it to use a more robust protection for
- * ciphersuites using CBC, providing deep resistance against timing attacks
- * on the padding or underlying cipher.
- *
- * This only affects CBC ciphersuites, and is useless if none is defined.
- *
- * Requires: MBEDTLS_SSL_PROTO_TLS1_2
- *
- * Comment this macro to disable support for Encrypt-then-MAC
- */
-#define MBEDTLS_SSL_ENCRYPT_THEN_MAC
-
-/** \def MBEDTLS_SSL_EXTENDED_MASTER_SECRET
- *
- * Enable support for RFC 7627: Session Hash and Extended Master Secret
- * Extension.
- *
- * This was introduced as "the proper fix" to the Triple Handshake family of
- * attacks, but it is recommended to always use it (even if you disable
- * renegotiation), since it actually fixes a more fundamental issue in the
- * original SSL/TLS design, and has implications beyond Triple Handshake.
- *
- * Requires: MBEDTLS_SSL_PROTO_TLS1_2
- *
- * Comment this macro to disable support for Extended Master Secret.
- */
-#define MBEDTLS_SSL_EXTENDED_MASTER_SECRET
-
-/**
- * \def MBEDTLS_SSL_KEEP_PEER_CERTIFICATE
- *
- * This option controls the availability of the API mbedtls_ssl_get_peer_cert()
- * giving access to the peer's certificate after completion of the handshake.
- *
- * Unless you need mbedtls_ssl_peer_cert() in your application, it is
- * recommended to disable this option for reduced RAM usage.
- *
- * \note If this option is disabled, mbedtls_ssl_get_peer_cert() is still
- * defined, but always returns \c NULL.
- *
- * \note This option has no influence on the protection against the
- * triple handshake attack. Even if it is disabled, Mbed TLS will
- * still ensure that certificates do not change during renegotiation,
- * for example by keeping a hash of the peer's certificate.
- *
- * \note This option is required if MBEDTLS_SSL_PROTO_TLS1_3 is set.
- *
- * Comment this macro to disable storing the peer's certificate
- * after the handshake.
- */
-#define MBEDTLS_SSL_KEEP_PEER_CERTIFICATE
-
-/**
- * \def MBEDTLS_SSL_RENEGOTIATION
- *
- * Enable support for TLS renegotiation.
- *
- * The two main uses of renegotiation are (1) refresh keys on long-lived
- * connections and (2) client authentication after the initial handshake.
- * If you don't need renegotiation, it's probably better to disable it, since
- * it has been associated with security issues in the past and is easy to
- * misuse/misunderstand.
- *
- * Requires: MBEDTLS_SSL_PROTO_TLS1_2
- *
- * Comment this to disable support for renegotiation.
- *
- * \note Even if this option is disabled, both client and server are aware
- * of the Renegotiation Indication Extension (RFC 5746) used to
- * prevent the SSL renegotiation attack (see RFC 5746 Sect. 1).
- * (See \c mbedtls_ssl_conf_legacy_renegotiation for the
- * configuration of this extension).
- *
- */
-#define MBEDTLS_SSL_RENEGOTIATION
-
-/**
- * \def MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
- *
- * Enable support for RFC 6066 max_fragment_length extension in SSL.
- *
- * Comment this macro to disable support for the max_fragment_length extension
- */
-#define MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
-
-/**
- * \def MBEDTLS_SSL_RECORD_SIZE_LIMIT
- *
- * Enable support for RFC 8449 record_size_limit extension in SSL (TLS 1.3 only).
- *
- * Requires: MBEDTLS_SSL_PROTO_TLS1_3
- *
- * Uncomment this macro to enable support for the record_size_limit extension
- */
-//#define MBEDTLS_SSL_RECORD_SIZE_LIMIT
-
-/**
- * \def MBEDTLS_SSL_PROTO_TLS1_2
- *
- * Enable support for TLS 1.2 (and DTLS 1.2 if DTLS is enabled).
- *
- * Requires: Without MBEDTLS_USE_PSA_CRYPTO: MBEDTLS_MD_C and
- * (MBEDTLS_SHA256_C or MBEDTLS_SHA384_C or
- * SHA-256 or SHA-512 provided by a PSA driver)
- * With MBEDTLS_USE_PSA_CRYPTO:
- * PSA_WANT_ALG_SHA_256 or PSA_WANT_ALG_SHA_384
- *
- * \warning If building with MBEDTLS_USE_PSA_CRYPTO, or if the hash(es) used
- * are only provided by PSA drivers, you must call psa_crypto_init() before
- * doing any TLS operations.
- *
- * Comment this macro to disable support for TLS 1.2 / DTLS 1.2
- */
-#define MBEDTLS_SSL_PROTO_TLS1_2
-
-/**
- * \def MBEDTLS_SSL_PROTO_TLS1_3
- *
- * Enable support for TLS 1.3.
- *
- * \note See docs/architecture/tls13-support.md for a description of the TLS
- * 1.3 support that this option enables.
- *
- * Requires: MBEDTLS_SSL_KEEP_PEER_CERTIFICATE
- * Requires: MBEDTLS_PSA_CRYPTO_C
- *
- * \note TLS 1.3 uses PSA crypto for cryptographic operations that are
- * directly performed by TLS 1.3 code. As a consequence, you must
- * call psa_crypto_init() before the first TLS 1.3 handshake.
- *
- * \note Cryptographic operations performed indirectly via another module
- * (X.509, PK) or by code shared with TLS 1.2 (record protection,
- * running handshake hash) only use PSA crypto if
- * #MBEDTLS_USE_PSA_CRYPTO is enabled.
- *
- * Uncomment this macro to enable the support for TLS 1.3.
- */
-//#define MBEDTLS_SSL_PROTO_TLS1_3
-
-/**
- * \def MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
- *
- * Enable TLS 1.3 middlebox compatibility mode.
- *
- * As specified in Section D.4 of RFC 8446, TLS 1.3 offers a compatibility
- * mode to make a TLS 1.3 connection more likely to pass through middle boxes
- * expecting TLS 1.2 traffic.
- *
- * Turning on the compatibility mode comes at the cost of a few added bytes
- * on the wire, but it doesn't affect compatibility with TLS 1.3 implementations
- * that don't use it. Therefore, unless transmission bandwidth is critical and
- * you know that middlebox compatibility issues won't occur, it is therefore
- * recommended to set this option.
- *
- * Comment to disable compatibility mode for TLS 1.3. If
- * MBEDTLS_SSL_PROTO_TLS1_3 is not enabled, this option does not have any
- * effect on the build.
- *
- */
-//#define MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-
-/**
- * \def MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
- *
- * Enable TLS 1.3 PSK key exchange mode.
- *
- * Comment to disable support for the PSK key exchange mode in TLS 1.3. If
- * MBEDTLS_SSL_PROTO_TLS1_3 is not enabled, this option does not have any
- * effect on the build.
- *
- */
-#define MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
-
-/**
- * \def MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
- *
- * Enable TLS 1.3 ephemeral key exchange mode.
- *
- * Requires: PSA_WANT_ALG_ECDH or PSA_WANT_ALG_FFDH
- * MBEDTLS_X509_CRT_PARSE_C
- * and at least one of:
- * MBEDTLS_ECDSA_C or (MBEDTLS_USE_PSA_CRYPTO and PSA_WANT_ALG_ECDSA)
- * MBEDTLS_PKCS1_V21
- *
- * Comment to disable support for the ephemeral key exchange mode in TLS 1.3.
- * If MBEDTLS_SSL_PROTO_TLS1_3 is not enabled, this option does not have any
- * effect on the build.
- *
- */
-#define MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-
-/**
- * \def MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
- *
- * Enable TLS 1.3 PSK ephemeral key exchange mode.
- *
- * Requires: PSA_WANT_ALG_ECDH or PSA_WANT_ALG_FFDH
- *
- * Comment to disable support for the PSK ephemeral key exchange mode in
- * TLS 1.3. If MBEDTLS_SSL_PROTO_TLS1_3 is not enabled, this option does not
- * have any effect on the build.
- *
- */
-#define MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
-
-/**
- * \def MBEDTLS_SSL_EARLY_DATA
- *
- * Enable support for RFC 8446 TLS 1.3 early data.
- *
- * Requires: MBEDTLS_SSL_SESSION_TICKETS and either
- * MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED or
- * MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
- *
- * Comment this to disable support for early data. If MBEDTLS_SSL_PROTO_TLS1_3
- * is not enabled, this option does not have any effect on the build.
- *
- * \note The maximum amount of early data can be set with
- * MBEDTLS_SSL_MAX_EARLY_DATA_SIZE.
- *
- */
-//#define MBEDTLS_SSL_EARLY_DATA
-
-/**
- * \def MBEDTLS_SSL_PROTO_DTLS
- *
- * Enable support for DTLS (all available versions).
- *
- * Enable this and MBEDTLS_SSL_PROTO_TLS1_2 to enable DTLS 1.2.
- *
- * Requires: MBEDTLS_SSL_PROTO_TLS1_2
- *
- * Comment this macro to disable support for DTLS
- */
-#define MBEDTLS_SSL_PROTO_DTLS
-
-/**
- * \def MBEDTLS_SSL_ALPN
- *
- * Enable support for RFC 7301 Application Layer Protocol Negotiation.
- *
- * Comment this macro to disable support for ALPN.
- */
-#define MBEDTLS_SSL_ALPN
-
-/**
- * \def MBEDTLS_SSL_DTLS_ANTI_REPLAY
- *
- * Enable support for the anti-replay mechanism in DTLS.
- *
- * Requires: MBEDTLS_SSL_TLS_C
- * MBEDTLS_SSL_PROTO_DTLS
- *
- * \warning Disabling this is often a security risk!
- * See mbedtls_ssl_conf_dtls_anti_replay() for details.
- *
- * Comment this to disable anti-replay in DTLS.
- */
-#define MBEDTLS_SSL_DTLS_ANTI_REPLAY
-
-/**
- * \def MBEDTLS_SSL_DTLS_HELLO_VERIFY
- *
- * Enable support for HelloVerifyRequest on DTLS servers.
- *
- * This feature is highly recommended to prevent DTLS servers being used as
- * amplifiers in DoS attacks against other hosts. It should always be enabled
- * unless you know for sure amplification cannot be a problem in the
- * environment in which your server operates.
- *
- * \warning Disabling this can be a security risk! (see above)
- *
- * Requires: MBEDTLS_SSL_PROTO_DTLS
- *
- * Comment this to disable support for HelloVerifyRequest.
- */
-#define MBEDTLS_SSL_DTLS_HELLO_VERIFY
-
-/**
- * \def MBEDTLS_SSL_DTLS_SRTP
- *
- * Enable support for negotiation of DTLS-SRTP (RFC 5764)
- * through the use_srtp extension.
- *
- * \note This feature provides the minimum functionality required
- * to negotiate the use of DTLS-SRTP and to allow the derivation of
- * the associated SRTP packet protection key material.
- * In particular, the SRTP packet protection itself, as well as the
- * demultiplexing of RTP and DTLS packets at the datagram layer
- * (see Section 5 of RFC 5764), are not handled by this feature.
- * Instead, after successful completion of a handshake negotiating
- * the use of DTLS-SRTP, the extended key exporter API
- * mbedtls_ssl_conf_export_keys_cb() should be used to implement
- * the key exporter described in Section 4.2 of RFC 5764 and RFC 5705
- * (this is implemented in the SSL example programs).
- * The resulting key should then be passed to an SRTP stack.
- *
- * Setting this option enables the runtime API
- * mbedtls_ssl_conf_dtls_srtp_protection_profiles()
- * through which the supported DTLS-SRTP protection
- * profiles can be configured. You must call this API at
- * runtime if you wish to negotiate the use of DTLS-SRTP.
- *
- * Requires: MBEDTLS_SSL_PROTO_DTLS
- *
- * Uncomment this to enable support for use_srtp extension.
- */
-//#define MBEDTLS_SSL_DTLS_SRTP
-
-/**
- * \def MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE
- *
- * Enable server-side support for clients that reconnect from the same port.
- *
- * Some clients unexpectedly close the connection and try to reconnect using the
- * same source port. This needs special support from the server to handle the
- * new connection securely, as described in section 4.2.8 of RFC 6347. This
- * flag enables that support.
- *
- * Requires: MBEDTLS_SSL_DTLS_HELLO_VERIFY
- *
- * Comment this to disable support for clients reusing the source port.
- */
-#define MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE
-
-/**
- * \def MBEDTLS_SSL_SESSION_TICKETS
- *
- * Enable support for RFC 5077 session tickets in SSL.
- * Client-side, provides full support for session tickets (maintenance of a
- * session store remains the responsibility of the application, though).
- * Server-side, you also need to provide callbacks for writing and parsing
- * tickets, including authenticated encryption and key management. Example
- * callbacks are provided by MBEDTLS_SSL_TICKET_C.
- *
- * Comment this macro to disable support for SSL session tickets
- */
-#define MBEDTLS_SSL_SESSION_TICKETS
-
-/**
- * \def MBEDTLS_SSL_SERVER_NAME_INDICATION
- *
- * Enable support for RFC 6066 server name indication (SNI) in SSL.
- *
- * Requires: MBEDTLS_X509_CRT_PARSE_C
- *
- * Comment this macro to disable support for server name indication in SSL
- */
-#define MBEDTLS_SSL_SERVER_NAME_INDICATION
-
-/**
- * \def MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH
- *
- * When this option is enabled, the SSL buffer will be resized automatically
- * based on the negotiated maximum fragment length in each direction.
- *
- * Requires: MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
- */
-//#define MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH
-
-/**
- * \def MBEDTLS_TEST_CONSTANT_FLOW_MEMSAN
- *
- * Enable testing of the constant-flow nature of some sensitive functions with
- * clang's MemorySanitizer. This causes some existing tests to also test
- * this non-functional property of the code under test.
- *
- * This setting requires compiling with clang -fsanitize=memory. The test
- * suites can then be run normally.
- *
- * \warning This macro is only used for extended testing; it is not considered
- * part of the library's API, so it may change or disappear at any time.
- *
- * Uncomment to enable testing of the constant-flow nature of selected code.
- */
-//#define MBEDTLS_TEST_CONSTANT_FLOW_MEMSAN
-
-/**
- * \def MBEDTLS_TEST_CONSTANT_FLOW_VALGRIND
- *
- * Enable testing of the constant-flow nature of some sensitive functions with
- * valgrind's memcheck tool. This causes some existing tests to also test
- * this non-functional property of the code under test.
- *
- * This setting requires valgrind headers for building, and is only useful for
- * testing if the tests suites are run with valgrind's memcheck. This can be
- * done for an individual test suite with 'valgrind ./test_suite_xxx', or when
- * using CMake, this can be done for all test suites with 'make memcheck'.
- *
- * \warning This macro is only used for extended testing; it is not considered
- * part of the library's API, so it may change or disappear at any time.
- *
- * Uncomment to enable testing of the constant-flow nature of selected code.
- */
-//#define MBEDTLS_TEST_CONSTANT_FLOW_VALGRIND
-
-/**
- * \def MBEDTLS_TEST_HOOKS
- *
- * Enable features for invasive testing such as introspection functions and
- * hooks for fault injection. This enables additional unit tests.
- *
- * Merely enabling this feature should not change the behavior of the product.
- * It only adds new code, and new branching points where the default behavior
- * is the same as when this feature is disabled.
- * However, this feature increases the attack surface: there is an added
- * risk of vulnerabilities, and more gadgets that can make exploits easier.
- * Therefore this feature must never be enabled in production.
- *
- * See `docs/architecture/testing/mbed-crypto-invasive-testing.md` for more
- * information.
- *
- * Uncomment to enable invasive tests.
- */
-//#define MBEDTLS_TEST_HOOKS
-
-/**
- * \def MBEDTLS_THREADING_ALT
- *
- * Provide your own alternate threading implementation.
- *
- * Requires: MBEDTLS_THREADING_C
- *
- * Uncomment this to allow your own alternate threading implementation.
- */
-//#define MBEDTLS_THREADING_ALT
-
-/**
- * \def MBEDTLS_THREADING_PTHREAD
- *
- * Enable the pthread wrapper layer for the threading layer.
- *
- * Requires: MBEDTLS_THREADING_C
- *
- * Uncomment this to enable pthread mutexes.
- */
-//#define MBEDTLS_THREADING_PTHREAD
-
-/**
- * \def MBEDTLS_USE_PSA_CRYPTO
- *
- * Make the X.509 and TLS libraries use PSA for cryptographic operations as
- * much as possible, and enable new APIs for using keys handled by PSA Crypto.
- *
- * \note Development of this option is currently in progress, and parts of Mbed
- * TLS's X.509 and TLS modules are not ported to PSA yet. However, these parts
- * will still continue to work as usual, so enabling this option should not
- * break backwards compatibility.
- *
- * \warning If you enable this option, you need to call `psa_crypto_init()`
- * before calling any function from the SSL/TLS, X.509 or PK modules, except
- * for the various mbedtls_xxx_init() functions which can be called at any time.
- *
- * \note An important and desirable effect of this option is that it allows
- * PK, X.509 and TLS to take advantage of PSA drivers. For example, enabling
- * this option is what allows use of drivers for ECDSA, ECDH and EC J-PAKE in
- * those modules. However, note that even with this option disabled, some code
- * in PK, X.509, TLS or the crypto library might still use PSA drivers, if it
- * can determine it's safe to do so; currently that's the case for hashes.
- *
- * \note See docs/use-psa-crypto.md for a complete description this option.
- *
- * Requires: MBEDTLS_PSA_CRYPTO_C.
- *
- * Uncomment this to enable internal use of PSA Crypto and new associated APIs.
- */
-#define MBEDTLS_USE_PSA_CRYPTO /* !!OM */
-
-/**
- * \def MBEDTLS_PSA_CRYPTO_CONFIG
- *
- * This setting allows support for cryptographic mechanisms through the PSA
- * API to be configured separately from support through the mbedtls API.
- *
- * When this option is disabled, the PSA API exposes the cryptographic
- * mechanisms that can be implemented on top of the `mbedtls_xxx` API
- * configured with `MBEDTLS_XXX` symbols.
- *
- * When this option is enabled, the PSA API exposes the cryptographic
- * mechanisms requested by the `PSA_WANT_XXX` symbols defined in
- * include/psa/crypto_config.h. The corresponding `MBEDTLS_XXX` settings are
- * automatically enabled if required (i.e. if no PSA driver provides the
- * mechanism). You may still freely enable additional `MBEDTLS_XXX` symbols
- * in mbedtls_config.h.
- *
- * If the symbol #MBEDTLS_PSA_CRYPTO_CONFIG_FILE is defined, it specifies
- * an alternative header to include instead of include/psa/crypto_config.h.
- *
- * \warning This option is experimental, in that the set of `PSA_WANT_XXX`
- * symbols is not completely finalized yet, and the configuration
- * tooling is not ideally adapted to having two separate configuration
- * files.
- * Future minor releases of Mbed TLS may make minor changes to those
- * symbols, but we will endeavor to provide a transition path.
- * Nonetheless, this option is considered mature enough to use in
- * production, as long as you accept that you may need to make
- * minor changes to psa/crypto_config.h when upgrading Mbed TLS.
- */
-#define MBEDTLS_PSA_CRYPTO_CONFIG /* !!OM */
-
-/**
- * \def MBEDTLS_VERSION_FEATURES
- *
- * Allow run-time checking of compile-time enabled features. Thus allowing users
- * to check at run-time if the library is for instance compiled with threading
- * support via mbedtls_version_check_feature().
- *
- * Requires: MBEDTLS_VERSION_C
- *
- * Comment this to disable run-time checking and save ROM space
- */
-#define MBEDTLS_VERSION_FEATURES
-
-/**
- * \def MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK
- *
- * If set, this enables the X.509 API `mbedtls_x509_crt_verify_with_ca_cb()`
- * and the SSL API `mbedtls_ssl_conf_ca_cb()` which allow users to configure
- * the set of trusted certificates through a callback instead of a linked
- * list.
- *
- * This is useful for example in environments where a large number of trusted
- * certificates is present and storing them in a linked list isn't efficient
- * enough, or when the set of trusted certificates changes frequently.
- *
- * See the documentation of `mbedtls_x509_crt_verify_with_ca_cb()` and
- * `mbedtls_ssl_conf_ca_cb()` for more information.
- *
- * Requires: MBEDTLS_X509_CRT_PARSE_C
- *
- * Uncomment to enable trusted certificate callbacks.
- */
-//#define MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK
-
-/**
- * \def MBEDTLS_X509_REMOVE_INFO
- *
- * Disable mbedtls_x509_*_info() and related APIs.
- *
- * Uncomment to omit mbedtls_x509_*_info(), as well as mbedtls_debug_print_crt()
- * and other functions/constants only used by these functions, thus reducing
- * the code footprint by several KB.
- */
-//#define MBEDTLS_X509_REMOVE_INFO
-
-/**
- * \def MBEDTLS_X509_RSASSA_PSS_SUPPORT
- *
- * Enable parsing and verification of X.509 certificates, CRLs and CSRS
- * signed with RSASSA-PSS (aka PKCS#1 v2.1).
- *
- * Requires: MBEDTLS_PKCS1_V21
- *
- * Comment this macro to disallow using RSASSA-PSS in certificates.
- */
-#define MBEDTLS_X509_RSASSA_PSS_SUPPORT
-/** \} name SECTION: Mbed TLS feature support */
-
-/**
- * \name SECTION: Mbed TLS modules
- *
- * This section enables or disables entire modules in Mbed TLS
- * \{
- */
-
-/**
- * \def MBEDTLS_AESNI_C
- *
- * Enable AES-NI support on x86-64 or x86-32.
- *
- * \note AESNI is only supported with certain compilers and target options:
- * - Visual Studio: supported
- * - GCC, x86-64, target not explicitly supporting AESNI:
- * requires MBEDTLS_HAVE_ASM.
- * - GCC, x86-32, target not explicitly supporting AESNI:
- * not supported.
- * - GCC, x86-64 or x86-32, target supporting AESNI: supported.
- * For this assembly-less implementation, you must currently compile
- * `library/aesni.c` and `library/aes.c` with machine options to enable
- * SSE2 and AESNI instructions: `gcc -msse2 -maes -mpclmul` or
- * `clang -maes -mpclmul`.
- * - Non-x86 targets: this option is silently ignored.
- * - Other compilers: this option is silently ignored.
- *
- * \note
- * Above, "GCC" includes compatible compilers such as Clang.
- * The limitations on target support are likely to be relaxed in the future.
- *
- * Module: library/aesni.c
- * Caller: library/aes.c
- *
- * Requires: MBEDTLS_HAVE_ASM (on some platforms, see note)
- *
- * This module adds support for the AES-NI instructions on x86.
- */
-#define MBEDTLS_AESNI_C
-
-/**
- * \def MBEDTLS_AESCE_C
- *
- * Enable AES cryptographic extension support on Armv8.
- *
- * Module: library/aesce.c
- * Caller: library/aes.c
- *
- * Requires: MBEDTLS_AES_C
- *
- * \warning Runtime detection only works on Linux. For non-Linux operating
- * system, Armv8-A Cryptographic Extensions must be supported by
- * the CPU when this option is enabled.
- *
- * \note Minimum compiler versions for this feature when targeting aarch64
- * are Clang 4.0; armclang 6.6; GCC 6.0; or MSVC 2019 version 16.11.2.
- * Minimum compiler versions for this feature when targeting 32-bit
- * Arm or Thumb are Clang 11.0; armclang 6.20; or GCC 6.0.
- *
- * \note \c CFLAGS must be set to a minimum of \c -march=armv8-a+crypto for
- * armclang <= 6.9
- *
- * This module adds support for the AES Armv8-A Cryptographic Extensions on Armv8 systems.
- */
-#define MBEDTLS_AESCE_C
-
-/**
- * \def MBEDTLS_AES_C
- *
- * Enable the AES block cipher.
- *
- * Module: library/aes.c
- * Caller: library/cipher.c
- * library/pem.c
- * library/ctr_drbg.c
- *
- * This module enables the following ciphersuites (if other requisites are
- * enabled as well):
- * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA
- * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
- * MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA
- * MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
- * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
- * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
- * MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256
- * MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
- * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256
- * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384
- * MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256
- * MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384
- * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
- * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
- * MBEDTLS_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
- * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
- * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
- * MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
- * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
- * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
- * MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA
- * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
- * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
- * MBEDTLS_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
- * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
- * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
- * MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
- * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
- * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
- * MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA
- * MBEDTLS_TLS_DHE_PSK_WITH_AES_256_GCM_SHA384
- * MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384
- * MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA384
- * MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA
- * MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA
- * MBEDTLS_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256
- * MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256
- * MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256
- * MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA
- * MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA
- * MBEDTLS_TLS_RSA_WITH_AES_256_GCM_SHA384
- * MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA256
- * MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA
- * MBEDTLS_TLS_RSA_WITH_AES_128_GCM_SHA256
- * MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA256
- * MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA
- * MBEDTLS_TLS_RSA_PSK_WITH_AES_256_GCM_SHA384
- * MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA384
- * MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA
- * MBEDTLS_TLS_RSA_PSK_WITH_AES_128_GCM_SHA256
- * MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA256
- * MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA
- * MBEDTLS_TLS_PSK_WITH_AES_256_GCM_SHA384
- * MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA384
- * MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA
- * MBEDTLS_TLS_PSK_WITH_AES_128_GCM_SHA256
- * MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA256
- * MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA
- *
- * PEM_PARSE uses AES for decrypting encrypted keys.
- */
-#define MBEDTLS_AES_C
-
-/**
- * \def MBEDTLS_ASN1_PARSE_C
- *
- * Enable the generic ASN1 parser.
- *
- * Module: library/asn1.c
- * Caller: library/x509.c
- * library/dhm.c
- * library/pkcs12.c
- * library/pkcs5.c
- * library/pkparse.c
- */
-#define MBEDTLS_ASN1_PARSE_C
-
-/**
- * \def MBEDTLS_ASN1_WRITE_C
- *
- * Enable the generic ASN1 writer.
- *
- * Module: library/asn1write.c
- * Caller: library/ecdsa.c
- * library/pkwrite.c
- * library/x509_create.c
- * library/x509write_crt.c
- * library/x509write_csr.c
- */
-#define MBEDTLS_ASN1_WRITE_C
-
-/**
- * \def MBEDTLS_BASE64_C
- *
- * Enable the Base64 module.
- *
- * Module: library/base64.c
- * Caller: library/pem.c
- *
- * This module is required for PEM support (required by X.509).
- */
-#define MBEDTLS_BASE64_C
-
-/**
- * \def MBEDTLS_BLOCK_CIPHER_NO_DECRYPT
- *
- * Remove decryption operation for AES, ARIA and Camellia block cipher.
- *
- * \note This feature is incompatible with insecure block cipher,
- * MBEDTLS_DES_C, and cipher modes which always require decryption
- * operation, MBEDTLS_CIPHER_MODE_CBC, MBEDTLS_CIPHER_MODE_XTS and
- * MBEDTLS_NIST_KW_C. When #MBEDTLS_PSA_CRYPTO_CONFIG is enabled,
- * this feature is incompatible with following supported PSA equivalence,
- * PSA_WANT_ALG_ECB_NO_PADDING, PSA_WANT_ALG_CBC_NO_PADDING,
- * PSA_WANT_ALG_CBC_PKCS7 and PSA_WANT_KEY_TYPE_DES.
- *
- * Module: library/aes.c
- * library/aesce.c
- * library/aesni.c
- * library/aria.c
- * library/camellia.c
- * library/cipher.c
- */
-//#define MBEDTLS_BLOCK_CIPHER_NO_DECRYPT
-
-/**
- * \def MBEDTLS_BIGNUM_C
- *
- * Enable the multi-precision integer library.
- *
- * Module: library/bignum.c
- * library/bignum_core.c
- * library/bignum_mod.c
- * library/bignum_mod_raw.c
- * Caller: library/dhm.c
- * library/ecp.c
- * library/ecdsa.c
- * library/rsa.c
- * library/rsa_alt_helpers.c
- * library/ssl_tls.c
- *
- * This module is required for RSA, DHM and ECC (ECDH, ECDSA) support.
- */
-#define MBEDTLS_BIGNUM_C
-
-/**
- * \def MBEDTLS_CAMELLIA_C
- *
- * Enable the Camellia block cipher.
- *
- * Module: library/camellia.c
- * Caller: library/cipher.c
- *
- * This module enables the following ciphersuites (if other requisites are
- * enabled as well):
- * MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256
- * MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384
- * MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256
- * MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384
- * MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256
- * MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384
- * MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256
- * MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384
- * MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384
- * MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384
- * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384
- * MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384
- * MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384
- * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256
- * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA
- * MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256
- * MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256
- * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256
- * MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256
- * MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256
- * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256
- * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA
- * MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384
- * MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384
- * MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384
- * MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256
- * MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256
- * MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256
- * MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384
- * MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256
- * MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA
- * MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256
- * MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256
- * MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA
- * MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384
- * MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384
- * MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256
- * MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256
- * MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384
- * MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384
- * MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256
- * MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256
- */
-//#define MBEDTLS_CAMELLIA_C /* !!OM */
-
-/**
- * \def MBEDTLS_ARIA_C
- *
- * Enable the ARIA block cipher.
- *
- * Module: library/aria.c
- * Caller: library/cipher.c
- *
- * This module enables the following ciphersuites (if other requisites are
- * enabled as well):
- *
- * MBEDTLS_TLS_RSA_WITH_ARIA_128_CBC_SHA256
- * MBEDTLS_TLS_RSA_WITH_ARIA_256_CBC_SHA384
- * MBEDTLS_TLS_DHE_RSA_WITH_ARIA_128_CBC_SHA256
- * MBEDTLS_TLS_DHE_RSA_WITH_ARIA_256_CBC_SHA384
- * MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_128_CBC_SHA256
- * MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_256_CBC_SHA384
- * MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_128_CBC_SHA256
- * MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_256_CBC_SHA384
- * MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_128_CBC_SHA256
- * MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_256_CBC_SHA384
- * MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_128_CBC_SHA256
- * MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_256_CBC_SHA384
- * MBEDTLS_TLS_RSA_WITH_ARIA_128_GCM_SHA256
- * MBEDTLS_TLS_RSA_WITH_ARIA_256_GCM_SHA384
- * MBEDTLS_TLS_DHE_RSA_WITH_ARIA_128_GCM_SHA256
- * MBEDTLS_TLS_DHE_RSA_WITH_ARIA_256_GCM_SHA384
- * MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256
- * MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384
- * MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_128_GCM_SHA256
- * MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_256_GCM_SHA384
- * MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256
- * MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384
- * MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_128_GCM_SHA256
- * MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_256_GCM_SHA384
- * MBEDTLS_TLS_PSK_WITH_ARIA_128_CBC_SHA256
- * MBEDTLS_TLS_PSK_WITH_ARIA_256_CBC_SHA384
- * MBEDTLS_TLS_DHE_PSK_WITH_ARIA_128_CBC_SHA256
- * MBEDTLS_TLS_DHE_PSK_WITH_ARIA_256_CBC_SHA384
- * MBEDTLS_TLS_RSA_PSK_WITH_ARIA_128_CBC_SHA256
- * MBEDTLS_TLS_RSA_PSK_WITH_ARIA_256_CBC_SHA384
- * MBEDTLS_TLS_PSK_WITH_ARIA_128_GCM_SHA256
- * MBEDTLS_TLS_PSK_WITH_ARIA_256_GCM_SHA384
- * MBEDTLS_TLS_DHE_PSK_WITH_ARIA_128_GCM_SHA256
- * MBEDTLS_TLS_DHE_PSK_WITH_ARIA_256_GCM_SHA384
- * MBEDTLS_TLS_RSA_PSK_WITH_ARIA_128_GCM_SHA256
- * MBEDTLS_TLS_RSA_PSK_WITH_ARIA_256_GCM_SHA384
- * MBEDTLS_TLS_ECDHE_PSK_WITH_ARIA_128_CBC_SHA256
- * MBEDTLS_TLS_ECDHE_PSK_WITH_ARIA_256_CBC_SHA384
- */
-//#define MBEDTLS_ARIA_C /* !!OM */
-
-/**
- * \def MBEDTLS_CCM_C
- *
- * Enable the Counter with CBC-MAC (CCM) mode for 128-bit block cipher.
- *
- * Module: library/ccm.c
- *
- * Requires: MBEDTLS_CIPHER_C, MBEDTLS_AES_C or MBEDTLS_CAMELLIA_C or
- * MBEDTLS_ARIA_C
- *
- * This module enables the AES-CCM ciphersuites, if other requisites are
- * enabled as well.
- */
-#define MBEDTLS_CCM_C
-
-/**
- * \def MBEDTLS_CHACHA20_C
- *
- * Enable the ChaCha20 stream cipher.
- *
- * Module: library/chacha20.c
- */
-#define MBEDTLS_CHACHA20_C
-
-/**
- * \def MBEDTLS_CHACHAPOLY_C
- *
- * Enable the ChaCha20-Poly1305 AEAD algorithm.
- *
- * Module: library/chachapoly.c
- *
- * This module requires: MBEDTLS_CHACHA20_C, MBEDTLS_POLY1305_C
- */
-#define MBEDTLS_CHACHAPOLY_C
-
-/**
- * \def MBEDTLS_CIPHER_C
- *
- * Enable the generic cipher layer.
- *
- * Module: library/cipher.c
- * Caller: library/ccm.c
- * library/cmac.c
- * library/gcm.c
- * library/nist_kw.c
- * library/pkcs12.c
- * library/pkcs5.c
- * library/psa_crypto_aead.c
- * library/psa_crypto_mac.c
- * library/ssl_ciphersuites.c
- * library/ssl_msg.c
- * library/ssl_ticket.c (unless MBEDTLS_USE_PSA_CRYPTO is enabled)
- * Auto-enabled by: MBEDTLS_PSA_CRYPTO_C depending on which ciphers are enabled
- * (see the documentation of that option for details).
- *
- * Uncomment to enable generic cipher wrappers.
- */
-#define MBEDTLS_CIPHER_C
-
-/**
- * \def MBEDTLS_CMAC_C
- *
- * Enable the CMAC (Cipher-based Message Authentication Code) mode for block
- * ciphers.
- *
- * \note When #MBEDTLS_CMAC_ALT is active, meaning that the underlying
- * implementation of the CMAC algorithm is provided by an alternate
- * implementation, that alternate implementation may opt to not support
- * AES-192 or 3DES as underlying block ciphers for the CMAC operation.
- *
- * Module: library/cmac.c
- *
- * Requires: MBEDTLS_CIPHER_C, MBEDTLS_AES_C or MBEDTLS_DES_C
- *
- */
-#define MBEDTLS_CMAC_C
-
-/**
- * \def MBEDTLS_CTR_DRBG_C
- *
- * Enable the CTR_DRBG AES-based random generator.
- * The CTR_DRBG generator uses AES-256 by default.
- * To use AES-128 instead, enable \c MBEDTLS_CTR_DRBG_USE_128_BIT_KEY above.
- *
- * AES support can either be achived through builtin (MBEDTLS_AES_C) or PSA.
- * Builtin is the default option when MBEDTLS_AES_C is defined otherwise PSA
- * is used.
- *
- * \warning When using PSA, the user should call `psa_crypto_init()` before
- * using any CTR_DRBG operation (except `mbedtls_ctr_drbg_init()`).
- *
- * \note AES-128 will be used if \c MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH is set.
- *
- * \note To achieve a 256-bit security strength with CTR_DRBG,
- * you must use AES-256 *and* use sufficient entropy.
- * See ctr_drbg.h for more details.
- *
- * Module: library/ctr_drbg.c
- * Caller:
- *
- * Requires: MBEDTLS_AES_C or
- * (PSA_WANT_KEY_TYPE_AES and PSA_WANT_ALG_ECB_NO_PADDING and
- * MBEDTLS_PSA_CRYPTO_C)
- *
- * This module provides the CTR_DRBG AES random number generator.
- */
-#define MBEDTLS_CTR_DRBG_C
-
-/**
- * \def MBEDTLS_DEBUG_C
- *
- * Enable the debug functions.
- *
- * Module: library/debug.c
- * Caller: library/ssl_msg.c
- * library/ssl_tls.c
- * library/ssl_tls12_*.c
- * library/ssl_tls13_*.c
- *
- * This module provides debugging functions.
- */
-#define MBEDTLS_DEBUG_C
-
-/**
- * \def MBEDTLS_DES_C
- *
- * Enable the DES block cipher.
- *
- * Module: library/des.c
- * Caller: library/pem.c
- * library/cipher.c
- *
- * PEM_PARSE uses DES/3DES for decrypting encrypted keys.
- *
- * \warning DES/3DES are considered weak ciphers and their use constitutes a
- * security risk. We recommend considering stronger ciphers instead.
- */
-//#define MBEDTLS_DES_C /* !!OM */
-
-/**
- * \def MBEDTLS_DHM_C
- *
- * Enable the Diffie-Hellman-Merkle module.
- *
- * Module: library/dhm.c
- * Caller: library/ssl_tls.c
- * library/ssl*_client.c
- * library/ssl*_server.c
- *
- * This module is used by the following key exchanges:
- * DHE-RSA, DHE-PSK
- *
- * \warning Using DHE constitutes a security risk as it
- * is not possible to validate custom DH parameters.
- * If possible, it is recommended users should consider
- * preferring other methods of key exchange.
- * See dhm.h for more details.
- *
- */
-//#define MBEDTLS_DHM_C /* !!OM */
-
-/**
- * \def MBEDTLS_ECDH_C
- *
- * Enable the elliptic curve Diffie-Hellman library.
- *
- * Module: library/ecdh.c
- * Caller: library/psa_crypto.c
- * library/ssl_tls.c
- * library/ssl*_client.c
- * library/ssl*_server.c
- *
- * This module is used by the following key exchanges:
- * ECDHE-ECDSA, ECDHE-RSA, DHE-PSK
- *
- * Requires: MBEDTLS_ECP_C
- */
-#define MBEDTLS_ECDH_C
-
-/**
- * \def MBEDTLS_ECDSA_C
- *
- * Enable the elliptic curve DSA library.
- *
- * Module: library/ecdsa.c
- * Caller:
- *
- * This module is used by the following key exchanges:
- * ECDHE-ECDSA
- *
- * Requires: MBEDTLS_ECP_C, MBEDTLS_ASN1_WRITE_C, MBEDTLS_ASN1_PARSE_C,
- * and at least one MBEDTLS_ECP_DP_XXX_ENABLED for a
- * short Weierstrass curve.
- */
-#define MBEDTLS_ECDSA_C
-
-/**
- * \def MBEDTLS_ECJPAKE_C
- *
- * Enable the elliptic curve J-PAKE library.
- *
- * \note EC J-PAKE support is based on the Thread v1.0.0 specification.
- * It has not been reviewed for compliance with newer standards such as
- * Thread v1.1 or RFC 8236.
- *
- * Module: library/ecjpake.c
- * Caller:
- *
- * This module is used by the following key exchanges:
- * ECJPAKE
- *
- * Requires: MBEDTLS_ECP_C and either MBEDTLS_MD_C or MBEDTLS_PSA_CRYPTO_C
- *
- * \warning If using a hash that is only provided by PSA drivers, you must
- * call psa_crypto_init() before doing any EC J-PAKE operations.
- */
-#define MBEDTLS_ECJPAKE_C
-
-/**
- * \def MBEDTLS_ECP_C
- *
- * Enable the elliptic curve over GF(p) library.
- *
- * Module: library/ecp.c
- * Caller: library/ecdh.c
- * library/ecdsa.c
- * library/ecjpake.c
- *
- * Requires: MBEDTLS_BIGNUM_C and at least one MBEDTLS_ECP_DP_XXX_ENABLED
- */
-#define MBEDTLS_ECP_C
-
-/**
- * \def MBEDTLS_ENTROPY_C
- *
- * Enable the platform-specific entropy code.
- *
- * Module: library/entropy.c
- * Caller:
- *
- * Requires: MBEDTLS_SHA512_C or MBEDTLS_SHA256_C
- *
- * This module provides a generic entropy pool
- */
-#define MBEDTLS_ENTROPY_C
-
-/**
- * \def MBEDTLS_ERROR_C
- *
- * Enable error code to error string conversion.
- *
- * Module: library/error.c
- * Caller:
- *
- * This module enables mbedtls_strerror().
- */
-#define MBEDTLS_ERROR_C
-
-/**
- * \def MBEDTLS_GCM_C
- *
- * Enable the Galois/Counter Mode (GCM).
- *
- * Module: library/gcm.c
- *
- * Requires: MBEDTLS_CIPHER_C, MBEDTLS_AES_C or MBEDTLS_CAMELLIA_C or
- * MBEDTLS_ARIA_C
- *
- * This module enables the AES-GCM and CAMELLIA-GCM ciphersuites, if other
- * requisites are enabled as well.
- */
-#define MBEDTLS_GCM_C
-
-/**
- * \def MBEDTLS_GCM_LARGE_TABLE
- *
- * Enable large pre-computed tables for Galois/Counter Mode (GCM).
- * Can significantly increase throughput on systems without GCM hardware
- * acceleration (e.g., AESNI, AESCE).
- *
- * The mbedtls_gcm_context size will increase by 3840 bytes.
- * The code size will increase by roughly 344 bytes.
- *
- * Module: library/gcm.c
- *
- * Requires: MBEDTLS_GCM_C
- */
-//#define MBEDTLS_GCM_LARGE_TABLE
-
-/**
- * \def MBEDTLS_HKDF_C
- *
- * Enable the HKDF algorithm (RFC 5869).
- *
- * Module: library/hkdf.c
- * Caller:
- *
- * Requires: MBEDTLS_MD_C
- *
- * This module adds support for the Hashed Message Authentication Code
- * (HMAC)-based key derivation function (HKDF).
- */
-#define MBEDTLS_HKDF_C
-
-/**
- * \def MBEDTLS_HMAC_DRBG_C
- *
- * Enable the HMAC_DRBG random generator.
- *
- * Module: library/hmac_drbg.c
- * Caller:
- *
- * Requires: MBEDTLS_MD_C
- *
- * Uncomment to enable the HMAC_DRBG random number generator.
- */
-#define MBEDTLS_HMAC_DRBG_C
-
-/**
- * \def MBEDTLS_LMS_C
- *
- * Enable the LMS stateful-hash asymmetric signature algorithm.
- *
- * Module: library/lms.c
- * Caller:
- *
- * Requires: MBEDTLS_PSA_CRYPTO_C
- *
- * Uncomment to enable the LMS verification algorithm and public key operations.
- */
-//#define MBEDTLS_LMS_C /* !!OM */
-
-/**
- * \def MBEDTLS_LMS_PRIVATE
- *
- * Enable LMS private-key operations and signing code. Functions enabled by this
- * option are experimental, and should not be used in production.
- *
- * Requires: MBEDTLS_LMS_C
- *
- * Uncomment to enable the LMS signature algorithm and private key operations.
- */
-//#define MBEDTLS_LMS_PRIVATE
-
-/**
- * \def MBEDTLS_NIST_KW_C
- *
- * Enable the Key Wrapping mode for 128-bit block ciphers,
- * as defined in NIST SP 800-38F. Only KW and KWP modes
- * are supported. At the moment, only AES is approved by NIST.
- *
- * Module: library/nist_kw.c
- *
- * Requires: MBEDTLS_AES_C and MBEDTLS_CIPHER_C
- */
-#define MBEDTLS_NIST_KW_C
-
-/**
- * \def MBEDTLS_MD_C
- *
- * Enable the generic layer for message digest (hashing) and HMAC.
- *
- * Requires: one of: MBEDTLS_MD5_C, MBEDTLS_RIPEMD160_C, MBEDTLS_SHA1_C,
- * MBEDTLS_SHA224_C, MBEDTLS_SHA256_C, MBEDTLS_SHA384_C,
- * MBEDTLS_SHA512_C, or MBEDTLS_PSA_CRYPTO_C with at least
- * one hash.
- * Module: library/md.c
- * Caller: library/constant_time.c
- * library/ecdsa.c
- * library/ecjpake.c
- * library/hkdf.c
- * library/hmac_drbg.c
- * library/pk.c
- * library/pkcs5.c
- * library/pkcs12.c
- * library/psa_crypto_ecp.c
- * library/psa_crypto_rsa.c
- * library/rsa.c
- * library/ssl_cookie.c
- * library/ssl_msg.c
- * library/ssl_tls.c
- * library/x509.c
- * library/x509_crt.c
- * library/x509write_crt.c
- * library/x509write_csr.c
- *
- * Uncomment to enable generic message digest wrappers.
- */
-#define MBEDTLS_MD_C
-
-/**
- * \def MBEDTLS_MD5_C
- *
- * Enable the MD5 hash algorithm.
- *
- * Module: library/md5.c
- * Caller: library/md.c
- * library/pem.c
- * library/ssl_tls.c
- *
- * This module is required for TLS 1.2 depending on the handshake parameters.
- * Further, it is used for checking MD5-signed certificates, and for PBKDF1
- * when decrypting PEM-encoded encrypted keys.
- *
- * \warning MD5 is considered a weak message digest and its use constitutes a
- * security risk. If possible, we recommend avoiding dependencies on
- * it, and considering stronger message digests instead.
- *
- */
-//#define MBEDTLS_MD5_C /* !!OM */
-
-/**
- * \def MBEDTLS_MEMORY_BUFFER_ALLOC_C
- *
- * Enable the buffer allocator implementation that makes use of a (stack)
- * based buffer to 'allocate' dynamic memory. (replaces calloc() and free()
- * calls)
- *
- * Module: library/memory_buffer_alloc.c
- *
- * Requires: MBEDTLS_PLATFORM_C
- * MBEDTLS_PLATFORM_MEMORY (to use it within Mbed TLS)
- *
- * Enable this module to enable the buffer memory allocator.
- */
-//#define MBEDTLS_MEMORY_BUFFER_ALLOC_C
-
-/**
- * \def MBEDTLS_NET_C
- *
- * Enable the TCP and UDP over IPv6/IPv4 networking routines.
- *
- * \note This module only works on POSIX/Unix (including Linux, BSD and OS X)
- * and Windows. For other platforms, you'll want to disable it, and write your
- * own networking callbacks to be passed to \c mbedtls_ssl_set_bio().
- *
- * \note See also our Knowledge Base article about porting to a new
- * environment:
- * https://mbed-tls.readthedocs.io/en/latest/kb/how-to/how-do-i-port-mbed-tls-to-a-new-environment-OS
- *
- * Module: library/net_sockets.c
- *
- * This module provides networking routines.
- */
-#define MBEDTLS_NET_C
-
-/**
- * \def MBEDTLS_OID_C
- *
- * Enable the OID database.
- *
- * Module: library/oid.c
- * Caller: library/asn1write.c
- * library/pkcs5.c
- * library/pkparse.c
- * library/pkwrite.c
- * library/rsa.c
- * library/x509.c
- * library/x509_create.c
- * library/x509_crl.c
- * library/x509_crt.c
- * library/x509_csr.c
- * library/x509write_crt.c
- * library/x509write_csr.c
- *
- * This modules translates between OIDs and internal values.
- */
-#define MBEDTLS_OID_C
-
-/**
- * \def MBEDTLS_PADLOCK_C
- *
- * Enable VIA Padlock support on x86.
- *
- * Module: library/padlock.c
- * Caller: library/aes.c
- *
- * Requires: MBEDTLS_HAVE_ASM
- *
- * This modules adds support for the VIA PadLock on x86.
- */
-#define MBEDTLS_PADLOCK_C
-
-/**
- * \def MBEDTLS_PEM_PARSE_C
- *
- * Enable PEM decoding / parsing.
- *
- * Module: library/pem.c
- * Caller: library/dhm.c
- * library/pkparse.c
- * library/x509_crl.c
- * library/x509_crt.c
- * library/x509_csr.c
- *
- * Requires: MBEDTLS_BASE64_C
- * optionally MBEDTLS_MD5_C, or PSA Crypto with MD5 (see below)
- *
- * \warning When parsing password-protected files, if MD5 is provided only by
- * a PSA driver, you must call psa_crypto_init() before the first file.
- *
- * This modules adds support for decoding / parsing PEM files.
- */
-//#define MBEDTLS_PEM_PARSE_C /* !!OM */
-
-/**
- * \def MBEDTLS_PEM_WRITE_C
- *
- * Enable PEM encoding / writing.
- *
- * Module: library/pem.c
- * Caller: library/pkwrite.c
- * library/x509write_crt.c
- * library/x509write_csr.c
- *
- * Requires: MBEDTLS_BASE64_C
- *
- * This modules adds support for encoding / writing PEM files.
- */
-//#define MBEDTLS_PEM_WRITE_C /* !!OM */
-
-/**
- * \def MBEDTLS_PK_C
- *
- * Enable the generic public (asymmetric) key layer.
- *
- * Module: library/pk.c
- * Caller: library/psa_crypto_rsa.c
- * library/ssl_tls.c
- * library/ssl*_client.c
- * library/ssl*_server.c
- * library/x509.c
- *
- * Requires: MBEDTLS_MD_C, MBEDTLS_RSA_C or MBEDTLS_ECP_C
- *
- * Uncomment to enable generic public key wrappers.
- */
-#define MBEDTLS_PK_C
-
-/**
- * \def MBEDTLS_PK_PARSE_C
- *
- * Enable the generic public (asymmetric) key parser.
- *
- * Module: library/pkparse.c
- * Caller: library/x509_crt.c
- * library/x509_csr.c
- *
- * Requires: MBEDTLS_ASN1_PARSE_C, MBEDTLS_OID_C, MBEDTLS_PK_C
- *
- * Uncomment to enable generic public key parse functions.
- */
-#define MBEDTLS_PK_PARSE_C
-
-/**
- * \def MBEDTLS_PK_WRITE_C
- *
- * Enable the generic public (asymmetric) key writer.
- *
- * Module: library/pkwrite.c
- * Caller: library/x509write.c
- *
- * Requires: MBEDTLS_ASN1_WRITE_C, MBEDTLS_OID_C, MBEDTLS_PK_C
- *
- * Uncomment to enable generic public key write functions.
- */
-#define MBEDTLS_PK_WRITE_C
-
-/**
- * \def MBEDTLS_PKCS5_C
- *
- * Enable PKCS#5 functions.
- *
- * Module: library/pkcs5.c
- *
- * Auto-enables: MBEDTLS_MD_C
- *
- * \warning If using a hash that is only provided by PSA drivers, you must
- * call psa_crypto_init() before doing any PKCS5 operations.
- *
- * This module adds support for the PKCS#5 functions.
- */
-#define MBEDTLS_PKCS5_C
-
-/**
- * \def MBEDTLS_PKCS7_C
- *
- * Enable PKCS #7 core for using PKCS #7-formatted signatures.
- * RFC Link - https://tools.ietf.org/html/rfc2315
- *
- * Module: library/pkcs7.c
- *
- * Requires: MBEDTLS_ASN1_PARSE_C, MBEDTLS_OID_C, MBEDTLS_PK_PARSE_C,
- * MBEDTLS_X509_CRT_PARSE_C MBEDTLS_X509_CRL_PARSE_C,
- * MBEDTLS_BIGNUM_C, MBEDTLS_MD_C
- *
- * This module is required for the PKCS #7 parsing modules.
- */
-//#define MBEDTLS_PKCS7_C /* !!OM */
-
-/**
- * \def MBEDTLS_PKCS12_C
- *
- * Enable PKCS#12 PBE functions.
- * Adds algorithms for parsing PKCS#8 encrypted private keys
- *
- * Module: library/pkcs12.c
- * Caller: library/pkparse.c
- *
- * Requires: MBEDTLS_ASN1_PARSE_C and either MBEDTLS_MD_C or
- * MBEDTLS_PSA_CRYPTO_C.
- *
- * \warning If using a hash that is only provided by PSA drivers, you must
- * call psa_crypto_init() before doing any PKCS12 operations.
- *
- * This module enables PKCS#12 functions.
- */
-#define MBEDTLS_PKCS12_C
-
-/**
- * \def MBEDTLS_PLATFORM_C
- *
- * Enable the platform abstraction layer that allows you to re-assign
- * functions like calloc(), free(), snprintf(), printf(), fprintf(), exit().
- *
- * Enabling MBEDTLS_PLATFORM_C enables to use of MBEDTLS_PLATFORM_XXX_ALT
- * or MBEDTLS_PLATFORM_XXX_MACRO directives, allowing the functions mentioned
- * above to be specified at runtime or compile time respectively.
- *
- * \note This abstraction layer must be enabled on Windows (including MSYS2)
- * as other modules rely on it for a fixed snprintf implementation.
- *
- * Module: library/platform.c
- * Caller: Most other .c files
- *
- * This module enables abstraction of common (libc) functions.
- */
-#define MBEDTLS_PLATFORM_C
-
-/**
- * \def MBEDTLS_POLY1305_C
- *
- * Enable the Poly1305 MAC algorithm.
- *
- * Module: library/poly1305.c
- * Caller: library/chachapoly.c
- */
-#define MBEDTLS_POLY1305_C
-
-/**
- * \def MBEDTLS_PSA_CRYPTO_C
- *
- * Enable the Platform Security Architecture cryptography API.
- *
- * Module: library/psa_crypto.c
- *
- * Requires: either MBEDTLS_CTR_DRBG_C and MBEDTLS_ENTROPY_C,
- * or MBEDTLS_HMAC_DRBG_C and MBEDTLS_ENTROPY_C,
- * or MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG.
- * Auto-enables: MBEDTLS_CIPHER_C if any unauthenticated (ie, non-AEAD) cipher
- * is enabled in PSA (unless it's fully accelerated, see
- * docs/driver-only-builds.md about that).
- */
-#define MBEDTLS_PSA_CRYPTO_C
-
-/**
- * \def MBEDTLS_PSA_CRYPTO_SE_C
- *
- * Enable dynamic secure element support in the Platform Security Architecture
- * cryptography API.
- *
- * \deprecated This feature is deprecated. Please switch to the PSA driver
- * interface.
- *
- * \warning This feature is not thread-safe, and should not be used in a
- * multi-threaded environment.
- *
- * Module: library/psa_crypto_se.c
- *
- * Requires: MBEDTLS_PSA_CRYPTO_C, MBEDTLS_PSA_CRYPTO_STORAGE_C
- *
- */
-//#define MBEDTLS_PSA_CRYPTO_SE_C
-
-/**
- * \def MBEDTLS_PSA_CRYPTO_STORAGE_C
- *
- * Enable the Platform Security Architecture persistent key storage.
- *
- * Module: library/psa_crypto_storage.c
- *
- * Requires: MBEDTLS_PSA_CRYPTO_C,
- * either MBEDTLS_PSA_ITS_FILE_C or a native implementation of
- * the PSA ITS interface
- */
-#define MBEDTLS_PSA_CRYPTO_STORAGE_C
-
-/**
- * \def MBEDTLS_PSA_ITS_FILE_C
- *
- * Enable the emulation of the Platform Security Architecture
- * Internal Trusted Storage (PSA ITS) over files.
- *
- * Module: library/psa_its_file.c
- *
- * Requires: MBEDTLS_FS_IO
- */
-#define MBEDTLS_PSA_ITS_FILE_C
-
-/**
- * \def MBEDTLS_RIPEMD160_C
- *
- * Enable the RIPEMD-160 hash algorithm.
- *
- * Module: library/ripemd160.c
- * Caller: library/md.c
- *
- */
-//#define MBEDTLS_RIPEMD160_C /* !!OM */
-
-/**
- * \def MBEDTLS_RSA_C
- *
- * Enable the RSA public-key cryptosystem.
- *
- * Module: library/rsa.c
- * library/rsa_alt_helpers.c
- * Caller: library/pk.c
- * library/psa_crypto.c
- * library/ssl_tls.c
- * library/ssl*_client.c
- * library/ssl*_server.c
- *
- * This module is used by the following key exchanges:
- * RSA, DHE-RSA, ECDHE-RSA, RSA-PSK
- *
- * Requires: MBEDTLS_BIGNUM_C, MBEDTLS_OID_C
- */
-#define MBEDTLS_RSA_C
-
-/**
- * \def MBEDTLS_SHA1_C
- *
- * Enable the SHA1 cryptographic hash algorithm.
- *
- * Module: library/sha1.c
- * Caller: library/md.c
- * library/psa_crypto_hash.c
- *
- * This module is required for TLS 1.2 depending on the handshake parameters,
- * and for SHA1-signed certificates.
- *
- * \warning SHA-1 is considered a weak message digest and its use constitutes
- * a security risk. If possible, we recommend avoiding dependencies
- * on it, and considering stronger message digests instead.
- *
- */
-#define MBEDTLS_SHA1_C
-
-/**
- * \def MBEDTLS_SHA224_C
- *
- * Enable the SHA-224 cryptographic hash algorithm.
- *
- * Module: library/sha256.c
- * Caller: library/md.c
- * library/ssl_cookie.c
- *
- * This module adds support for SHA-224.
- */
-#define MBEDTLS_SHA224_C
-
-/**
- * \def MBEDTLS_SHA256_C
- *
- * Enable the SHA-256 cryptographic hash algorithm.
- *
- * Module: library/sha256.c
- * Caller: library/entropy.c
- * library/md.c
- * library/ssl_tls.c
- * library/ssl*_client.c
- * library/ssl*_server.c
- *
- * This module adds support for SHA-256.
- * This module is required for the SSL/TLS 1.2 PRF function.
- */
-#define MBEDTLS_SHA256_C
-
-/**
- * \def MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_IF_PRESENT
- *
- * Enable acceleration of the SHA-256 and SHA-224 cryptographic hash algorithms
- * with the ARMv8 cryptographic extensions if they are available at runtime.
- * If not, the library will fall back to the C implementation.
- *
- * \note If MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_IF_PRESENT is defined when building
- * for a non-Armv8-A build it will be silently ignored.
- *
- * \note Minimum compiler versions for this feature are Clang 4.0,
- * armclang 6.6 or GCC 6.0.
- *
- * \note \c CFLAGS must be set to a minimum of \c -march=armv8-a+crypto for
- * armclang <= 6.9
- *
- * \note This was previously known as MBEDTLS_SHA256_USE_A64_CRYPTO_IF_PRESENT.
- * That name is deprecated, but may still be used as an alternative form for this
- * option.
- *
- * \warning MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_IF_PRESENT cannot be defined at the
- * same time as MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_ONLY.
- *
- * Requires: MBEDTLS_SHA256_C.
- *
- * Module: library/sha256.c
- *
- * Uncomment to have the library check for the Armv8-A SHA-256 crypto extensions
- * and use them if available.
- */
-//#define MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_IF_PRESENT
-
-/**
- * \def MBEDTLS_SHA256_USE_A64_CRYPTO_IF_PRESENT
- *
- * \deprecated This is now known as MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_IF_PRESENT.
- * This name is now deprecated, but may still be used as an alternative form for
- * this option.
- */
-//#define MBEDTLS_SHA256_USE_A64_CRYPTO_IF_PRESENT
-
-/**
- * \def MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_ONLY
- *
- * Enable acceleration of the SHA-256 and SHA-224 cryptographic hash algorithms
- * with the ARMv8 cryptographic extensions, which must be available at runtime
- * or else an illegal instruction fault will occur.
- *
- * \note This allows builds with a smaller code size than with
- * MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_IF_PRESENT
- *
- * \note Minimum compiler versions for this feature are Clang 4.0,
- * armclang 6.6 or GCC 6.0.
- *
- * \note \c CFLAGS must be set to a minimum of \c -march=armv8-a+crypto for
- * armclang <= 6.9
- *
- * \note This was previously known as MBEDTLS_SHA256_USE_A64_CRYPTO_ONLY.
- * That name is deprecated, but may still be used as an alternative form for this
- * option.
- *
- * \warning MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_ONLY cannot be defined at the same
- * time as MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_IF_PRESENT.
- *
- * Requires: MBEDTLS_SHA256_C.
- *
- * Module: library/sha256.c
- *
- * Uncomment to have the library use the Armv8-A SHA-256 crypto extensions
- * unconditionally.
- */
-//#define MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_ONLY
-
-/**
- * \def MBEDTLS_SHA256_USE_A64_CRYPTO_ONLY
- *
- * \deprecated This is now known as MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_ONLY.
- * This name is now deprecated, but may still be used as an alternative form for
- * this option.
- */
-//#define MBEDTLS_SHA256_USE_A64_CRYPTO_ONLY
-
-/**
- * \def MBEDTLS_SHA384_C
- *
- * Enable the SHA-384 cryptographic hash algorithm.
- *
- * Module: library/sha512.c
- * Caller: library/md.c
- * library/psa_crypto_hash.c
- * library/ssl_tls.c
- * library/ssl*_client.c
- * library/ssl*_server.c
- *
- * Comment to disable SHA-384
- */
-#define MBEDTLS_SHA384_C
-
-/**
- * \def MBEDTLS_SHA512_C
- *
- * Enable SHA-512 cryptographic hash algorithms.
- *
- * Module: library/sha512.c
- * Caller: library/entropy.c
- * library/md.c
- * library/ssl_tls.c
- * library/ssl_cookie.c
- *
- * This module adds support for SHA-512.
- */
-#define MBEDTLS_SHA512_C
-
-/**
- * \def MBEDTLS_SHA3_C
- *
- * Enable the SHA3 cryptographic hash algorithm.
- *
- * Module: library/sha3.c
- *
- * This module adds support for SHA3.
- */
-#define MBEDTLS_SHA3_C
-
-/**
- * \def MBEDTLS_SHA512_USE_A64_CRYPTO_IF_PRESENT
- *
- * Enable acceleration of the SHA-512 and SHA-384 cryptographic hash algorithms
- * with the ARMv8 cryptographic extensions if they are available at runtime.
- * If not, the library will fall back to the C implementation.
- *
- * \note If MBEDTLS_SHA512_USE_A64_CRYPTO_IF_PRESENT is defined when building
- * for a non-Aarch64 build it will be silently ignored.
- *
- * \note Minimum compiler versions for this feature are Clang 7.0,
- * armclang 6.9 or GCC 8.0.
- *
- * \note \c CFLAGS must be set to a minimum of \c -march=armv8.2-a+sha3 for
- * armclang 6.9
- *
- * \warning MBEDTLS_SHA512_USE_A64_CRYPTO_IF_PRESENT cannot be defined at the
- * same time as MBEDTLS_SHA512_USE_A64_CRYPTO_ONLY.
- *
- * Requires: MBEDTLS_SHA512_C.
- *
- * Module: library/sha512.c
- *
- * Uncomment to have the library check for the A64 SHA-512 crypto extensions
- * and use them if available.
- */
-//#define MBEDTLS_SHA512_USE_A64_CRYPTO_IF_PRESENT
-
-/**
- * \def MBEDTLS_SHA512_USE_A64_CRYPTO_ONLY
- *
- * Enable acceleration of the SHA-512 and SHA-384 cryptographic hash algorithms
- * with the ARMv8 cryptographic extensions, which must be available at runtime
- * or else an illegal instruction fault will occur.
- *
- * \note This allows builds with a smaller code size than with
- * MBEDTLS_SHA512_USE_A64_CRYPTO_IF_PRESENT
- *
- * \note Minimum compiler versions for this feature are Clang 7.0,
- * armclang 6.9 or GCC 8.0.
- *
- * \note \c CFLAGS must be set to a minimum of \c -march=armv8.2-a+sha3 for
- * armclang 6.9
- *
- * \warning MBEDTLS_SHA512_USE_A64_CRYPTO_ONLY cannot be defined at the same
- * time as MBEDTLS_SHA512_USE_A64_CRYPTO_IF_PRESENT.
- *
- * Requires: MBEDTLS_SHA512_C.
- *
- * Module: library/sha512.c
- *
- * Uncomment to have the library use the A64 SHA-512 crypto extensions
- * unconditionally.
- */
-//#define MBEDTLS_SHA512_USE_A64_CRYPTO_ONLY
-
-/**
- * \def MBEDTLS_SSL_CACHE_C
- *
- * Enable simple SSL cache implementation.
- *
- * Module: library/ssl_cache.c
- * Caller:
- *
- * Requires: MBEDTLS_SSL_CACHE_C
- */
-#define MBEDTLS_SSL_CACHE_C
-
-/**
- * \def MBEDTLS_SSL_COOKIE_C
- *
- * Enable basic implementation of DTLS cookies for hello verification.
- *
- * Module: library/ssl_cookie.c
- * Caller:
- */
-#define MBEDTLS_SSL_COOKIE_C
-
-/**
- * \def MBEDTLS_SSL_TICKET_C
- *
- * Enable an implementation of TLS server-side callbacks for session tickets.
- *
- * Module: library/ssl_ticket.c
- * Caller:
- *
- * Requires: (MBEDTLS_CIPHER_C || MBEDTLS_USE_PSA_CRYPTO) &&
- * (MBEDTLS_GCM_C || MBEDTLS_CCM_C || MBEDTLS_CHACHAPOLY_C)
- */
-#define MBEDTLS_SSL_TICKET_C
-
-/**
- * \def MBEDTLS_SSL_CLI_C
- *
- * Enable the SSL/TLS client code.
- *
- * Module: library/ssl*_client.c
- * Caller:
- *
- * Requires: MBEDTLS_SSL_TLS_C
- *
- * This module is required for SSL/TLS client support.
- */
-#define MBEDTLS_SSL_CLI_C
-
-/**
- * \def MBEDTLS_SSL_SRV_C
- *
- * Enable the SSL/TLS server code.
- *
- * Module: library/ssl*_server.c
- * Caller:
- *
- * Requires: MBEDTLS_SSL_TLS_C
- *
- * This module is required for SSL/TLS server support.
- */
-#define MBEDTLS_SSL_SRV_C
-
-/**
- * \def MBEDTLS_SSL_TLS_C
- *
- * Enable the generic SSL/TLS code.
- *
- * Module: library/ssl_tls.c
- * Caller: library/ssl*_client.c
- * library/ssl*_server.c
- *
- * Requires: MBEDTLS_CIPHER_C, MBEDTLS_MD_C
- * and at least one of the MBEDTLS_SSL_PROTO_XXX defines
- *
- * This module is required for SSL/TLS.
- */
-#define MBEDTLS_SSL_TLS_C
-
-/**
- * \def MBEDTLS_THREADING_C
- *
- * Enable the threading abstraction layer.
- * By default Mbed TLS assumes it is used in a non-threaded environment or that
- * contexts are not shared between threads. If you do intend to use contexts
- * between threads, you will need to enable this layer to prevent race
- * conditions. See also our Knowledge Base article about threading:
- * https://mbed-tls.readthedocs.io/en/latest/kb/development/thread-safety-and-multi-threading
- *
- * Module: library/threading.c
- *
- * This allows different threading implementations (self-implemented or
- * provided).
- *
- * You will have to enable either MBEDTLS_THREADING_ALT or
- * MBEDTLS_THREADING_PTHREAD.
- *
- * Enable this layer to allow use of mutexes within Mbed TLS
- */
-//#define MBEDTLS_THREADING_C
-
-/**
- * \def MBEDTLS_TIMING_C
- *
- * Enable the semi-portable timing interface.
- *
- * \note The provided implementation only works on POSIX/Unix (including Linux,
- * BSD and OS X) and Windows. On other platforms, you can either disable that
- * module and provide your own implementations of the callbacks needed by
- * \c mbedtls_ssl_set_timer_cb() for DTLS, or leave it enabled and provide
- * your own implementation of the whole module by setting
- * \c MBEDTLS_TIMING_ALT in the current file.
- *
- * \note The timing module will include time.h on suitable platforms
- * regardless of the setting of MBEDTLS_HAVE_TIME, unless
- * MBEDTLS_TIMING_ALT is used. See timing.c for more information.
- *
- * \note See also our Knowledge Base article about porting to a new
- * environment:
- * https://mbed-tls.readthedocs.io/en/latest/kb/how-to/how-do-i-port-mbed-tls-to-a-new-environment-OS
- *
- * Module: library/timing.c
- */
-#define MBEDTLS_TIMING_C
-
-/**
- * \def MBEDTLS_VERSION_C
- *
- * Enable run-time version information.
- *
- * Module: library/version.c
- *
- * This module provides run-time version information.
- */
-#define MBEDTLS_VERSION_C
-
-/**
- * \def MBEDTLS_X509_USE_C
- *
- * Enable X.509 core for using certificates.
- *
- * Module: library/x509.c
- * Caller: library/x509_crl.c
- * library/x509_crt.c
- * library/x509_csr.c
- *
- * Requires: MBEDTLS_ASN1_PARSE_C, MBEDTLS_BIGNUM_C, MBEDTLS_OID_C, MBEDTLS_PK_PARSE_C,
- * (MBEDTLS_MD_C or MBEDTLS_USE_PSA_CRYPTO)
- *
- * \warning If building with MBEDTLS_USE_PSA_CRYPTO, you must call
- * psa_crypto_init() before doing any X.509 operation.
- *
- * This module is required for the X.509 parsing modules.
- */
-#define MBEDTLS_X509_USE_C
-
-/**
- * \def MBEDTLS_X509_CRT_PARSE_C
- *
- * Enable X.509 certificate parsing.
- *
- * Module: library/x509_crt.c
- * Caller: library/ssl_tls.c
- * library/ssl*_client.c
- * library/ssl*_server.c
- *
- * Requires: MBEDTLS_X509_USE_C
- *
- * This module is required for X.509 certificate parsing.
- */
-#define MBEDTLS_X509_CRT_PARSE_C
-
-/**
- * \def MBEDTLS_X509_CRL_PARSE_C
- *
- * Enable X.509 CRL parsing.
- *
- * Module: library/x509_crl.c
- * Caller: library/x509_crt.c
- *
- * Requires: MBEDTLS_X509_USE_C
- *
- * This module is required for X.509 CRL parsing.
- */
-#define MBEDTLS_X509_CRL_PARSE_C
-
-/**
- * \def MBEDTLS_X509_CSR_PARSE_C
- *
- * Enable X.509 Certificate Signing Request (CSR) parsing.
- *
- * Module: library/x509_csr.c
- * Caller: library/x509_crt_write.c
- *
- * Requires: MBEDTLS_X509_USE_C
- *
- * This module is used for reading X.509 certificate request.
- */
-#define MBEDTLS_X509_CSR_PARSE_C
-
-/**
- * \def MBEDTLS_X509_CREATE_C
- *
- * Enable X.509 core for creating certificates.
- *
- * Module: library/x509_create.c
- *
- * Requires: MBEDTLS_BIGNUM_C, MBEDTLS_OID_C, MBEDTLS_PK_PARSE_C,
- * (MBEDTLS_MD_C or MBEDTLS_USE_PSA_CRYPTO)
- *
- * \warning If building with MBEDTLS_USE_PSA_CRYPTO, you must call
- * psa_crypto_init() before doing any X.509 create operation.
- *
- * This module is the basis for creating X.509 certificates and CSRs.
- */
-#define MBEDTLS_X509_CREATE_C
-
-/**
- * \def MBEDTLS_X509_CRT_WRITE_C
- *
- * Enable creating X.509 certificates.
- *
- * Module: library/x509_crt_write.c
- *
- * Requires: MBEDTLS_X509_CREATE_C
- *
- * This module is required for X.509 certificate creation.
- */
-#define MBEDTLS_X509_CRT_WRITE_C
-
-/**
- * \def MBEDTLS_X509_CSR_WRITE_C
- *
- * Enable creating X.509 Certificate Signing Requests (CSR).
- *
- * Module: library/x509_csr_write.c
- *
- * Requires: MBEDTLS_X509_CREATE_C
- *
- * This module is required for X.509 certificate request writing.
- */
-#define MBEDTLS_X509_CSR_WRITE_C
-
-/** \} name SECTION: Mbed TLS modules */
-
-/**
- * \name SECTION: General configuration options
- *
- * This section contains Mbed TLS build settings that are not associated
- * with a particular module.
- *
- * \{
- */
-
-/**
- * \def MBEDTLS_CONFIG_FILE
- *
- * If defined, this is a header which will be included instead of
- * `"mbedtls/mbedtls_config.h"`.
- * This header file specifies the compile-time configuration of Mbed TLS.
- * Unlike other configuration options, this one must be defined on the
- * compiler command line: a definition in `mbedtls_config.h` would have
- * no effect.
- *
- * This macro is expanded after an \#include directive. This is a popular but
- * non-standard feature of the C language, so this feature is only available
- * with compilers that perform macro expansion on an \#include line.
- *
- * The value of this symbol is typically a path in double quotes, either
- * absolute or relative to a directory on the include search path.
- */
-//#define MBEDTLS_CONFIG_FILE "mbedtls/mbedtls_config.h"
-
-/**
- * \def MBEDTLS_USER_CONFIG_FILE
- *
- * If defined, this is a header which will be included after
- * `"mbedtls/mbedtls_config.h"` or #MBEDTLS_CONFIG_FILE.
- * This allows you to modify the default configuration, including the ability
- * to undefine options that are enabled by default.
- *
- * This macro is expanded after an \#include directive. This is a popular but
- * non-standard feature of the C language, so this feature is only available
- * with compilers that perform macro expansion on an \#include line.
- *
- * The value of this symbol is typically a path in double quotes, either
- * absolute or relative to a directory on the include search path.
- */
-//#define MBEDTLS_USER_CONFIG_FILE "/dev/null"
-
-/**
- * \def MBEDTLS_PSA_CRYPTO_CONFIG_FILE
- *
- * If defined, this is a header which will be included instead of
- * `"psa/crypto_config.h"`.
- * This header file specifies which cryptographic mechanisms are available
- * through the PSA API when #MBEDTLS_PSA_CRYPTO_CONFIG is enabled, and
- * is not used when #MBEDTLS_PSA_CRYPTO_CONFIG is disabled.
- *
- * This macro is expanded after an \#include directive. This is a popular but
- * non-standard feature of the C language, so this feature is only available
- * with compilers that perform macro expansion on an \#include line.
- *
- * The value of this symbol is typically a path in double quotes, either
- * absolute or relative to a directory on the include search path.
- */
-//#define MBEDTLS_PSA_CRYPTO_CONFIG_FILE "psa/crypto_config.h"
-
-/**
- * \def MBEDTLS_PSA_CRYPTO_USER_CONFIG_FILE
- *
- * If defined, this is a header which will be included after
- * `"psa/crypto_config.h"` or #MBEDTLS_PSA_CRYPTO_CONFIG_FILE.
- * This allows you to modify the default configuration, including the ability
- * to undefine options that are enabled by default.
- *
- * This macro is expanded after an \#include directive. This is a popular but
- * non-standard feature of the C language, so this feature is only available
- * with compilers that perform macro expansion on an \#include line.
- *
- * The value of this symbol is typically a path in double quotes, either
- * absolute or relative to a directory on the include search path.
- */
-//#define MBEDTLS_PSA_CRYPTO_USER_CONFIG_FILE "/dev/null"
-
-/**
- * \def MBEDTLS_PSA_CRYPTO_PLATFORM_FILE
- *
- * If defined, this is a header which will be included instead of
- * `"psa/crypto_platform.h"`. This file should declare the same identifiers
- * as the one in Mbed TLS, but with definitions adapted to the platform on
- * which the library code will run.
- *
- * \note The required content of this header can vary from one version of
- * Mbed TLS to the next. Integrators who provide an alternative file
- * should review the changes in the original file whenever they
- * upgrade Mbed TLS.
- *
- * This macro is expanded after an \#include directive. This is a popular but
- * non-standard feature of the C language, so this feature is only available
- * with compilers that perform macro expansion on an \#include line.
- *
- * The value of this symbol is typically a path in double quotes, either
- * absolute or relative to a directory on the include search path.
- */
-//#define MBEDTLS_PSA_CRYPTO_PLATFORM_FILE "psa/crypto_platform_alt.h"
-
-/**
- * \def MBEDTLS_PSA_CRYPTO_STRUCT_FILE
- *
- * If defined, this is a header which will be included instead of
- * `"psa/crypto_struct.h"`. This file should declare the same identifiers
- * as the one in Mbed TLS, but with definitions adapted to the environment
- * in which the library code will run. The typical use for this feature
- * is to provide alternative type definitions on the client side in
- * client-server integrations of PSA crypto, where operation structures
- * contain handles instead of cryptographic data.
- *
- * \note The required content of this header can vary from one version of
- * Mbed TLS to the next. Integrators who provide an alternative file
- * should review the changes in the original file whenever they
- * upgrade Mbed TLS.
- *
- * This macro is expanded after an \#include directive. This is a popular but
- * non-standard feature of the C language, so this feature is only available
- * with compilers that perform macro expansion on an \#include line.
- *
- * The value of this symbol is typically a path in double quotes, either
- * absolute or relative to a directory on the include search path.
- */
-//#define MBEDTLS_PSA_CRYPTO_STRUCT_FILE "psa/crypto_struct_alt.h"
-
-/** \} name SECTION: General configuration options */
-
-/**
- * \name SECTION: Module configuration options
- *
- * This section allows for the setting of module specific sizes and
- * configuration options. The default values are already present in the
- * relevant header files and should suffice for the regular use cases.
- *
- * Our advice is to enable options and change their values here
- * only if you have a good reason and know the consequences.
- * \{
- */
-/* The Doxygen documentation here is used when a user comments out a
- * setting and runs doxygen themselves. On the other hand, when we typeset
- * the full documentation including disabled settings, the documentation
- * in specific modules' header files is used if present. When editing this
- * file, make sure that each option is documented in exactly one place,
- * plus optionally a same-line Doxygen comment here if there is a Doxygen
- * comment in the specific module. */
-
-/* MPI / BIGNUM options */
-//#define MBEDTLS_MPI_WINDOW_SIZE 2 /**< Maximum window size used. */
-//#define MBEDTLS_MPI_MAX_SIZE 1024 /**< Maximum number of bytes for usable MPIs. */
-
-/* CTR_DRBG options */
-//#define MBEDTLS_CTR_DRBG_ENTROPY_LEN 48 /**< Amount of entropy used per seed by default (48 with SHA-512, 32 with SHA-256) */
-//#define MBEDTLS_CTR_DRBG_RESEED_INTERVAL 10000 /**< Interval before reseed is performed by default */
-//#define MBEDTLS_CTR_DRBG_MAX_INPUT 256 /**< Maximum number of additional input bytes */
-//#define MBEDTLS_CTR_DRBG_MAX_REQUEST 1024 /**< Maximum number of requested bytes per call */
-//#define MBEDTLS_CTR_DRBG_MAX_SEED_INPUT 384 /**< Maximum size of (re)seed buffer */
-
-/* HMAC_DRBG options */
-//#define MBEDTLS_HMAC_DRBG_RESEED_INTERVAL 10000 /**< Interval before reseed is performed by default */
-//#define MBEDTLS_HMAC_DRBG_MAX_INPUT 256 /**< Maximum number of additional input bytes */
-//#define MBEDTLS_HMAC_DRBG_MAX_REQUEST 1024 /**< Maximum number of requested bytes per call */
-//#define MBEDTLS_HMAC_DRBG_MAX_SEED_INPUT 384 /**< Maximum size of (re)seed buffer */
-
-/* ECP options */
-//#define MBEDTLS_ECP_WINDOW_SIZE 4 /**< Maximum window size used */
-//#define MBEDTLS_ECP_FIXED_POINT_OPTIM 1 /**< Enable fixed-point speed-up */
-
-/* Entropy options */
-//#define MBEDTLS_ENTROPY_MAX_SOURCES 20 /**< Maximum number of sources supported */
-//#define MBEDTLS_ENTROPY_MAX_GATHER 128 /**< Maximum amount requested from entropy sources */
-//#define MBEDTLS_ENTROPY_MIN_HARDWARE 32 /**< Default minimum number of bytes required for the hardware entropy source mbedtls_hardware_poll() before entropy is released */
-
-/* Memory buffer allocator options */
-//#define MBEDTLS_MEMORY_ALIGN_MULTIPLE 4 /**< Align on multiples of this value */
-
-/* Platform options */
-//#define MBEDTLS_PLATFORM_STD_MEM_HDR /**< Header to include if MBEDTLS_PLATFORM_NO_STD_FUNCTIONS is defined. Don't define if no header is needed. */
-
-/** \def MBEDTLS_PLATFORM_STD_CALLOC
- *
- * Default allocator to use, can be undefined.
- * It must initialize the allocated buffer memory to zeroes.
- * The size of the buffer is the product of the two parameters.
- * The calloc function returns either a null pointer or a pointer to the allocated space.
- * If the product is 0, the function may either return NULL or a valid pointer to an array of size 0 which is a valid input to the deallocation function.
- * An uninitialized #MBEDTLS_PLATFORM_STD_CALLOC always fails, returning a null pointer.
- * See the description of #MBEDTLS_PLATFORM_MEMORY for more details.
- * The corresponding deallocation function is #MBEDTLS_PLATFORM_STD_FREE.
- */
-//#define MBEDTLS_PLATFORM_STD_CALLOC calloc
-
-/** \def MBEDTLS_PLATFORM_STD_FREE
- *
- * Default free to use, can be undefined.
- * NULL is a valid parameter, and the function must do nothing.
- * A non-null parameter will always be a pointer previously returned by #MBEDTLS_PLATFORM_STD_CALLOC and not yet freed.
- * An uninitialized #MBEDTLS_PLATFORM_STD_FREE does not do anything.
- * See the description of #MBEDTLS_PLATFORM_MEMORY for more details (same principles as for MBEDTLS_PLATFORM_STD_CALLOC apply).
- */
-//#define MBEDTLS_PLATFORM_STD_FREE free
-//#define MBEDTLS_PLATFORM_STD_SETBUF setbuf /**< Default setbuf to use, can be undefined */
-//#define MBEDTLS_PLATFORM_STD_EXIT exit /**< Default exit to use, can be undefined */
-//#define MBEDTLS_PLATFORM_STD_TIME time /**< Default time to use, can be undefined. MBEDTLS_HAVE_TIME must be enabled */
-//#define MBEDTLS_PLATFORM_STD_FPRINTF fprintf /**< Default fprintf to use, can be undefined */
-//#define MBEDTLS_PLATFORM_STD_PRINTF printf /**< Default printf to use, can be undefined */
-/* Note: your snprintf must correctly zero-terminate the buffer! */
-//#define MBEDTLS_PLATFORM_STD_SNPRINTF snprintf /**< Default snprintf to use, can be undefined */
-//#define MBEDTLS_PLATFORM_STD_EXIT_SUCCESS 0 /**< Default exit value to use, can be undefined */
-//#define MBEDTLS_PLATFORM_STD_EXIT_FAILURE 1 /**< Default exit value to use, can be undefined */
-//#define MBEDTLS_PLATFORM_STD_NV_SEED_READ mbedtls_platform_std_nv_seed_read /**< Default nv_seed_read function to use, can be undefined */
-//#define MBEDTLS_PLATFORM_STD_NV_SEED_WRITE mbedtls_platform_std_nv_seed_write /**< Default nv_seed_write function to use, can be undefined */
-//#define MBEDTLS_PLATFORM_STD_NV_SEED_FILE "seedfile" /**< Seed file to read/write with default implementation */
-
-/* To use the following function macros, MBEDTLS_PLATFORM_C must be enabled. */
-/* MBEDTLS_PLATFORM_XXX_MACRO and MBEDTLS_PLATFORM_XXX_ALT cannot both be defined */
-//#define MBEDTLS_PLATFORM_CALLOC_MACRO calloc /**< Default allocator macro to use, can be undefined. See MBEDTLS_PLATFORM_STD_CALLOC for requirements. */
-//#define MBEDTLS_PLATFORM_FREE_MACRO free /**< Default free macro to use, can be undefined. See MBEDTLS_PLATFORM_STD_FREE for requirements. */
-//#define MBEDTLS_PLATFORM_EXIT_MACRO exit /**< Default exit macro to use, can be undefined */
-//#define MBEDTLS_PLATFORM_SETBUF_MACRO setbuf /**< Default setbuf macro to use, can be undefined */
-//#define MBEDTLS_PLATFORM_TIME_MACRO time /**< Default time macro to use, can be undefined. MBEDTLS_HAVE_TIME must be enabled */
-//#define MBEDTLS_PLATFORM_TIME_TYPE_MACRO time_t /**< Default time macro to use, can be undefined. MBEDTLS_HAVE_TIME must be enabled */
-//#define MBEDTLS_PLATFORM_FPRINTF_MACRO fprintf /**< Default fprintf macro to use, can be undefined */
-//#define MBEDTLS_PLATFORM_PRINTF_MACRO printf /**< Default printf macro to use, can be undefined */
-/* Note: your snprintf must correctly zero-terminate the buffer! */
-//#define MBEDTLS_PLATFORM_SNPRINTF_MACRO snprintf /**< Default snprintf macro to use, can be undefined */
-//#define MBEDTLS_PLATFORM_VSNPRINTF_MACRO vsnprintf /**< Default vsnprintf macro to use, can be undefined */
-//#define MBEDTLS_PLATFORM_NV_SEED_READ_MACRO mbedtls_platform_std_nv_seed_read /**< Default nv_seed_read function to use, can be undefined */
-//#define MBEDTLS_PLATFORM_NV_SEED_WRITE_MACRO mbedtls_platform_std_nv_seed_write /**< Default nv_seed_write function to use, can be undefined */
-//#define MBEDTLS_PLATFORM_MS_TIME_TYPE_MACRO int64_t //#define MBEDTLS_PLATFORM_MS_TIME_TYPE_MACRO int64_t /**< Default milliseconds time macro to use, can be undefined. MBEDTLS_HAVE_TIME must be enabled. It must be signed, and at least 64 bits. If it is changed from the default, MBEDTLS_PRINTF_MS_TIME must be updated to match.*/
-//#define MBEDTLS_PRINTF_MS_TIME PRId64 /**< Default fmt for printf. That's avoid compiler warning if mbedtls_ms_time_t is redefined */
-
-/** \def MBEDTLS_CHECK_RETURN
- *
- * This macro is used at the beginning of the declaration of a function
- * to indicate that its return value should be checked. It should
- * instruct the compiler to emit a warning or an error if the function
- * is called without checking its return value.
- *
- * There is a default implementation for popular compilers in platform_util.h.
- * You can override the default implementation by defining your own here.
- *
- * If the implementation here is empty, this will effectively disable the
- * checking of functions' return values.
- */
-//#define MBEDTLS_CHECK_RETURN __attribute__((__warn_unused_result__))
-
-/** \def MBEDTLS_IGNORE_RETURN
- *
- * This macro requires one argument, which should be a C function call.
- * If that function call would cause a #MBEDTLS_CHECK_RETURN warning, this
- * warning is suppressed.
- */
-//#define MBEDTLS_IGNORE_RETURN( result ) ((void) !(result))
-
-/* PSA options */
-/**
- * Use HMAC_DRBG with the specified hash algorithm for HMAC_DRBG for the
- * PSA crypto subsystem.
- *
- * If this option is unset:
- * - If CTR_DRBG is available, the PSA subsystem uses it rather than HMAC_DRBG.
- * - Otherwise, the PSA subsystem uses HMAC_DRBG with either
- * #MBEDTLS_MD_SHA512 or #MBEDTLS_MD_SHA256 based on availability and
- * on unspecified heuristics.
- */
-//#define MBEDTLS_PSA_HMAC_DRBG_MD_TYPE MBEDTLS_MD_SHA256
-
-/** \def MBEDTLS_PSA_KEY_SLOT_COUNT
- * Restrict the PSA library to supporting a maximum amount of simultaneously
- * loaded keys. A loaded key is a key stored by the PSA Crypto core as a
- * volatile key, or a persistent key which is loaded temporarily by the
- * library as part of a crypto operation in flight.
- *
- * If this option is unset, the library will fall back to a default value of
- * 32 keys.
- */
-//#define MBEDTLS_PSA_KEY_SLOT_COUNT 32
-
-/* RSA OPTIONS */
-//#define MBEDTLS_RSA_GEN_KEY_MIN_BITS 1024 /**< Minimum RSA key size that can be generated in bits (Minimum possible value is 128 bits) */
-
-/* SSL Cache options */
-//#define MBEDTLS_SSL_CACHE_DEFAULT_TIMEOUT 86400 /**< 1 day */
-//#define MBEDTLS_SSL_CACHE_DEFAULT_MAX_ENTRIES 50 /**< Maximum entries in cache */
-
-/* SSL options */
-
-/** \def MBEDTLS_SSL_IN_CONTENT_LEN
- *
- * Maximum length (in bytes) of incoming plaintext fragments.
- *
- * This determines the size of the incoming TLS I/O buffer in such a way
- * that it is capable of holding the specified amount of plaintext data,
- * regardless of the protection mechanism used.
- *
- * \note When using a value less than the default of 16KB on the client, it is
- * recommended to use the Maximum Fragment Length (MFL) extension to
- * inform the server about this limitation. On the server, there
- * is no supported, standardized way of informing the client about
- * restriction on the maximum size of incoming messages, and unless
- * the limitation has been communicated by other means, it is recommended
- * to only change the outgoing buffer size #MBEDTLS_SSL_OUT_CONTENT_LEN
- * while keeping the default value of 16KB for the incoming buffer.
- *
- * Uncomment to set the maximum plaintext size of the incoming I/O buffer.
- */
-//#define MBEDTLS_SSL_IN_CONTENT_LEN 16384
-
-/** \def MBEDTLS_SSL_CID_IN_LEN_MAX
- *
- * The maximum length of CIDs used for incoming DTLS messages.
- *
- */
-//#define MBEDTLS_SSL_CID_IN_LEN_MAX 32
-
-/** \def MBEDTLS_SSL_CID_OUT_LEN_MAX
- *
- * The maximum length of CIDs used for outgoing DTLS messages.
- *
- */
-//#define MBEDTLS_SSL_CID_OUT_LEN_MAX 32
-
-/** \def MBEDTLS_SSL_CID_TLS1_3_PADDING_GRANULARITY
- *
- * This option controls the use of record plaintext padding
- * in TLS 1.3 and when using the Connection ID extension in DTLS 1.2.
- *
- * The padding will always be chosen so that the length of the
- * padded plaintext is a multiple of the value of this option.
- *
- * Note: A value of \c 1 means that no padding will be used
- * for outgoing records.
- *
- * Note: On systems lacking division instructions,
- * a power of two should be preferred.
- */
-//#define MBEDTLS_SSL_CID_TLS1_3_PADDING_GRANULARITY 16
-
-/** \def MBEDTLS_SSL_OUT_CONTENT_LEN
- *
- * Maximum length (in bytes) of outgoing plaintext fragments.
- *
- * This determines the size of the outgoing TLS I/O buffer in such a way
- * that it is capable of holding the specified amount of plaintext data,
- * regardless of the protection mechanism used.
- *
- * It is possible to save RAM by setting a smaller outward buffer, while keeping
- * the default inward 16384 byte buffer to conform to the TLS specification.
- *
- * The minimum required outward buffer size is determined by the handshake
- * protocol's usage. Handshaking will fail if the outward buffer is too small.
- * The specific size requirement depends on the configured ciphers and any
- * certificate data which is sent during the handshake.
- *
- * Uncomment to set the maximum plaintext size of the outgoing I/O buffer.
- */
-//#define MBEDTLS_SSL_OUT_CONTENT_LEN 16384
-
-/** \def MBEDTLS_SSL_DTLS_MAX_BUFFERING
- *
- * Maximum number of heap-allocated bytes for the purpose of
- * DTLS handshake message reassembly and future message buffering.
- *
- * This should be at least 9/8 * MBEDTLS_SSL_IN_CONTENT_LEN
- * to account for a reassembled handshake message of maximum size,
- * together with its reassembly bitmap.
- *
- * A value of 2 * MBEDTLS_SSL_IN_CONTENT_LEN (32768 by default)
- * should be sufficient for all practical situations as it allows
- * to reassembly a large handshake message (such as a certificate)
- * while buffering multiple smaller handshake messages.
- *
- */
-//#define MBEDTLS_SSL_DTLS_MAX_BUFFERING 32768
-
-//#define MBEDTLS_PSK_MAX_LEN 32 /**< Max size of TLS pre-shared keys, in bytes (default 256 or 384 bits) */
-//#define MBEDTLS_SSL_COOKIE_TIMEOUT 60 /**< Default expiration delay of DTLS cookies, in seconds if HAVE_TIME, or in number of cookies issued */
-
-/**
- * Complete list of ciphersuites to use, in order of preference.
- *
- * \warning No dependency checking is done on that field! This option can only
- * be used to restrict the set of available ciphersuites. It is your
- * responsibility to make sure the needed modules are active.
- *
- * Use this to save a few hundred bytes of ROM (default ordering of all
- * available ciphersuites) and a few to a few hundred bytes of RAM.
- *
- * The value below is only an example, not the default.
- */
-//#define MBEDTLS_SSL_CIPHERSUITES MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
-
-/**
- * \def MBEDTLS_SSL_MAX_EARLY_DATA_SIZE
- *
- * The default maximum amount of 0-RTT data. See the documentation of
- * \c mbedtls_ssl_conf_max_early_data_size() for more information.
- *
- * It must be positive and smaller than UINT32_MAX.
- *
- * If MBEDTLS_SSL_EARLY_DATA is not defined, this default value does not
- * have any impact on the build.
- */
-//#define MBEDTLS_SSL_MAX_EARLY_DATA_SIZE 1024
-
-/**
- * \def MBEDTLS_SSL_TLS1_3_TICKET_AGE_TOLERANCE
- *
- * Maximum allowed ticket age difference in milliseconds tolerated between
- * server and client. Default value is 6000. This is not used in TLS 1.2.
- *
- * - The client ticket age is the time difference between the time when the
- * client proposes to the server to use the ticket and the time the client
- * received the ticket from the server.
- * - The server ticket age is the time difference between the time when the
- * server receives a proposition from the client to use the ticket and the
- * time when the ticket was created by the server.
- *
- * The ages might be different due to the client and server clocks not running
- * at the same pace. The typical accuracy of an RTC crystal is +/-100 to +/-20 parts
- * per million (360 to 72 milliseconds per hour). Default tolerance window is
- * 6s, thus in the worst case clients and servers must sync up their system time
- * every 6000/360/2~=8 hours.
- *
- * See section 8.3 of the TLS 1.3 specification(RFC 8446) for more information.
- */
-//#define MBEDTLS_SSL_TLS1_3_TICKET_AGE_TOLERANCE 6000
-
-/**
- * \def MBEDTLS_SSL_TLS1_3_TICKET_NONCE_LENGTH
- *
- * Size in bytes of a ticket nonce. This is not used in TLS 1.2.
- *
- * This must be less than 256.
- */
-//#define MBEDTLS_SSL_TLS1_3_TICKET_NONCE_LENGTH 32
-
-/**
- * \def MBEDTLS_SSL_TLS1_3_DEFAULT_NEW_SESSION_TICKETS
- *
- * Default number of NewSessionTicket messages to be sent by a TLS 1.3 server
- * after handshake completion. This is not used in TLS 1.2 and relevant only if
- * the MBEDTLS_SSL_SESSION_TICKETS option is enabled.
- *
- */
-//#define MBEDTLS_SSL_TLS1_3_DEFAULT_NEW_SESSION_TICKETS 1
-
-/* X509 options */
-//#define MBEDTLS_X509_MAX_INTERMEDIATE_CA 8 /**< Maximum number of intermediate CAs in a verification chain. */
-//#define MBEDTLS_X509_MAX_FILE_PATH_LEN 512 /**< Maximum length of a path/filename string in bytes including the null terminator character ('\0'). */
-
-/** \} name SECTION: Module configuration options */
diff --git a/include/mbedtls/md.h b/include/mbedtls/md.h
deleted file mode 100644
index 478e9f7..0000000
--- a/include/mbedtls/md.h
+++ /dev/null
@@ -1,526 +0,0 @@
-/**
- * \file md.h
- *
- * \brief This file contains the generic functions for message-digest
- * (hashing) and HMAC.
- *
- * \author Adriaan de Jong
- */
-/*
- * Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
- */
-
-#ifndef MBEDTLS_MD_H
-#define MBEDTLS_MD_H
-#include "mbedtls/private_access.h"
-
-#include
-
-#include "mbedtls/build_info.h"
-#include "mbedtls/platform_util.h"
-
-/** The selected feature is not available. */
-#define MBEDTLS_ERR_MD_FEATURE_UNAVAILABLE -0x5080
-/** Bad input parameters to function. */
-#define MBEDTLS_ERR_MD_BAD_INPUT_DATA -0x5100
-/** Failed to allocate memory. */
-#define MBEDTLS_ERR_MD_ALLOC_FAILED -0x5180
-/** Opening or reading of file failed. */
-#define MBEDTLS_ERR_MD_FILE_IO_ERROR -0x5200
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/**
- * \brief Supported message digests.
- *
- * \warning MD5 and SHA-1 are considered weak message digests and
- * their use constitutes a security risk. We recommend considering
- * stronger message digests instead.
- *
- */
-/* Note: these are aligned with the definitions of PSA_ALG_ macros for hashes,
- * in order to enable an efficient implementation of conversion functions.
- * This is tested by md_to_from_psa() in test_suite_md. */
-typedef enum {
- MBEDTLS_MD_NONE=0, /**< None. */
- MBEDTLS_MD_MD5=0x03, /**< The MD5 message digest. */
- MBEDTLS_MD_RIPEMD160=0x04, /**< The RIPEMD-160 message digest. */
- MBEDTLS_MD_SHA1=0x05, /**< The SHA-1 message digest. */
- MBEDTLS_MD_SHA224=0x08, /**< The SHA-224 message digest. */
- MBEDTLS_MD_SHA256=0x09, /**< The SHA-256 message digest. */
- MBEDTLS_MD_SHA384=0x0a, /**< The SHA-384 message digest. */
- MBEDTLS_MD_SHA512=0x0b, /**< The SHA-512 message digest. */
- MBEDTLS_MD_SHA3_224=0x10, /**< The SHA3-224 message digest. */
- MBEDTLS_MD_SHA3_256=0x11, /**< The SHA3-256 message digest. */
- MBEDTLS_MD_SHA3_384=0x12, /**< The SHA3-384 message digest. */
- MBEDTLS_MD_SHA3_512=0x13, /**< The SHA3-512 message digest. */
-} mbedtls_md_type_t;
-
-/* Note: this should always be >= PSA_HASH_MAX_SIZE
- * in all builds with both CRYPTO_C and MD_LIGHT.
- *
- * This is to make things easier for modules such as TLS that may define a
- * buffer size using MD_MAX_SIZE in a part of the code that's common to PSA
- * and legacy, then assume the buffer's size is PSA_HASH_MAX_SIZE in another
- * part of the code based on PSA.
- */
-#if defined(MBEDTLS_MD_CAN_SHA512) || defined(MBEDTLS_MD_CAN_SHA3_512)
-#define MBEDTLS_MD_MAX_SIZE 64 /* longest known is SHA512 */
-#elif defined(MBEDTLS_MD_CAN_SHA384) || defined(MBEDTLS_MD_CAN_SHA3_384)
-#define MBEDTLS_MD_MAX_SIZE 48 /* longest known is SHA384 */
-#elif defined(MBEDTLS_MD_CAN_SHA256) || defined(MBEDTLS_MD_CAN_SHA3_256)
-#define MBEDTLS_MD_MAX_SIZE 32 /* longest known is SHA256 */
-#elif defined(MBEDTLS_MD_CAN_SHA224) || defined(MBEDTLS_MD_CAN_SHA3_224)
-#define MBEDTLS_MD_MAX_SIZE 28 /* longest known is SHA224 */
-#else
-#define MBEDTLS_MD_MAX_SIZE 20 /* longest known is SHA1 or RIPE MD-160
- or smaller (MD5 and earlier) */
-#endif
-
-#if defined(MBEDTLS_MD_CAN_SHA3_224)
-#define MBEDTLS_MD_MAX_BLOCK_SIZE 144 /* the longest known is SHA3-224 */
-#elif defined(MBEDTLS_MD_CAN_SHA3_256)
-#define MBEDTLS_MD_MAX_BLOCK_SIZE 136
-#elif defined(MBEDTLS_MD_CAN_SHA512) || defined(MBEDTLS_MD_CAN_SHA384)
-#define MBEDTLS_MD_MAX_BLOCK_SIZE 128
-#elif defined(MBEDTLS_MD_CAN_SHA3_384)
-#define MBEDTLS_MD_MAX_BLOCK_SIZE 104
-#elif defined(MBEDTLS_MD_CAN_SHA3_512)
-#define MBEDTLS_MD_MAX_BLOCK_SIZE 72
-#else
-#define MBEDTLS_MD_MAX_BLOCK_SIZE 64
-#endif
-
-/**
- * Opaque struct.
- *
- * Constructed using either #mbedtls_md_info_from_string or
- * #mbedtls_md_info_from_type.
- *
- * Fields can be accessed with #mbedtls_md_get_size,
- * #mbedtls_md_get_type and #mbedtls_md_get_name.
- */
-/* Defined internally in library/md_wrap.h. */
-typedef struct mbedtls_md_info_t mbedtls_md_info_t;
-
-/**
- * Used internally to indicate whether a context uses legacy or PSA.
- *
- * Internal use only.
- */
-typedef enum {
- MBEDTLS_MD_ENGINE_LEGACY = 0,
- MBEDTLS_MD_ENGINE_PSA,
-} mbedtls_md_engine_t;
-
-/**
- * The generic message-digest context.
- */
-typedef struct mbedtls_md_context_t {
- /** Information about the associated message digest. */
- const mbedtls_md_info_t *MBEDTLS_PRIVATE(md_info);
-
-#if defined(MBEDTLS_MD_SOME_PSA)
- /** Are hash operations dispatched to PSA or legacy? */
- mbedtls_md_engine_t MBEDTLS_PRIVATE(engine);
-#endif
-
- /** The digest-specific context (legacy) or the PSA operation. */
- void *MBEDTLS_PRIVATE(md_ctx);
-
-#if defined(MBEDTLS_MD_C)
- /** The HMAC part of the context. */
- void *MBEDTLS_PRIVATE(hmac_ctx);
-#endif
-} mbedtls_md_context_t;
-
-/**
- * \brief This function returns the message-digest information
- * associated with the given digest type.
- *
- * \param md_type The type of digest to search for.
- *
- * \return The message-digest information associated with \p md_type.
- * \return NULL if the associated message-digest information is not found.
- */
-const mbedtls_md_info_t *mbedtls_md_info_from_type(mbedtls_md_type_t md_type);
-
-/**
- * \brief This function initializes a message-digest context without
- * binding it to a particular message-digest algorithm.
- *
- * This function should always be called first. It prepares the
- * context for mbedtls_md_setup() for binding it to a
- * message-digest algorithm.
- */
-void mbedtls_md_init(mbedtls_md_context_t *ctx);
-
-/**
- * \brief This function clears the internal structure of \p ctx and
- * frees any embedded internal structure, but does not free
- * \p ctx itself.
- *
- * If you have called mbedtls_md_setup() on \p ctx, you must
- * call mbedtls_md_free() when you are no longer using the
- * context.
- * Calling this function if you have previously
- * called mbedtls_md_init() and nothing else is optional.
- * You must not call this function if you have not called
- * mbedtls_md_init().
- */
-void mbedtls_md_free(mbedtls_md_context_t *ctx);
-
-
-/**
- * \brief This function selects the message digest algorithm to use,
- * and allocates internal structures.
- *
- * It should be called after mbedtls_md_init() or
- * mbedtls_md_free(). Makes it necessary to call
- * mbedtls_md_free() later.
- *
- * \param ctx The context to set up.
- * \param md_info The information structure of the message-digest algorithm
- * to use.
- * \param hmac Defines if HMAC is used. 0: HMAC is not used (saves some memory),
- * or non-zero: HMAC is used with this context.
- *
- * \return \c 0 on success.
- * \return #MBEDTLS_ERR_MD_BAD_INPUT_DATA on parameter-verification
- * failure.
- * \return #MBEDTLS_ERR_MD_ALLOC_FAILED on memory-allocation failure.
- */
-MBEDTLS_CHECK_RETURN_TYPICAL
-int mbedtls_md_setup(mbedtls_md_context_t *ctx, const mbedtls_md_info_t *md_info, int hmac);
-
-/**
- * \brief This function clones the state of a message-digest
- * context.
- *
- * \note You must call mbedtls_md_setup() on \c dst before calling
- * this function.
- *
- * \note The two contexts must have the same type,
- * for example, both are SHA-256.
- *
- * \warning This function clones the message-digest state, not the
- * HMAC state.
- *
- * \param dst The destination context.
- * \param src The context to be cloned.
- *
- * \return \c 0 on success.
- * \return #MBEDTLS_ERR_MD_BAD_INPUT_DATA on parameter-verification failure.
- * \return #MBEDTLS_ERR_MD_FEATURE_UNAVAILABLE if both contexts are
- * not using the same engine. This can be avoided by moving
- * the call to psa_crypto_init() before the first call to
- * mbedtls_md_setup().
- */
-MBEDTLS_CHECK_RETURN_TYPICAL
-int mbedtls_md_clone(mbedtls_md_context_t *dst,
- const mbedtls_md_context_t *src);
-
-/**
- * \brief This function extracts the message-digest size from the
- * message-digest information structure.
- *
- * \param md_info The information structure of the message-digest algorithm
- * to use.
- *
- * \return The size of the message-digest output in Bytes.
- */
-unsigned char mbedtls_md_get_size(const mbedtls_md_info_t *md_info);
-
-/**
- * \brief This function gives the message-digest size associated to
- * message-digest type.
- *
- * \param md_type The message-digest type.
- *
- * \return The size of the message-digest output in Bytes,
- * or 0 if the message-digest type is not known.
- */
-static inline unsigned char mbedtls_md_get_size_from_type(mbedtls_md_type_t md_type)
-{
- return mbedtls_md_get_size(mbedtls_md_info_from_type(md_type));
-}
-
-/**
- * \brief This function extracts the message-digest type from the
- * message-digest information structure.
- *
- * \param md_info The information structure of the message-digest algorithm
- * to use.
- *
- * \return The type of the message digest.
- */
-mbedtls_md_type_t mbedtls_md_get_type(const mbedtls_md_info_t *md_info);
-
-/**
- * \brief This function starts a message-digest computation.
- *
- * You must call this function after setting up the context
- * with mbedtls_md_setup(), and before passing data with
- * mbedtls_md_update().
- *
- * \param ctx The generic message-digest context.
- *
- * \return \c 0 on success.
- * \return #MBEDTLS_ERR_MD_BAD_INPUT_DATA on parameter-verification
- * failure.
- */
-MBEDTLS_CHECK_RETURN_TYPICAL
-int mbedtls_md_starts(mbedtls_md_context_t *ctx);
-
-/**
- * \brief This function feeds an input buffer into an ongoing
- * message-digest computation.
- *
- * You must call mbedtls_md_starts() before calling this
- * function. You may call this function multiple times.
- * Afterwards, call mbedtls_md_finish().
- *
- * \param ctx The generic message-digest context.
- * \param input The buffer holding the input data.
- * \param ilen The length of the input data.
- *
- * \return \c 0 on success.
- * \return #MBEDTLS_ERR_MD_BAD_INPUT_DATA on parameter-verification
- * failure.
- */
-MBEDTLS_CHECK_RETURN_TYPICAL
-int mbedtls_md_update(mbedtls_md_context_t *ctx, const unsigned char *input, size_t ilen);
-
-/**
- * \brief This function finishes the digest operation,
- * and writes the result to the output buffer.
- *
- * Call this function after a call to mbedtls_md_starts(),
- * followed by any number of calls to mbedtls_md_update().
- * Afterwards, you may either clear the context with
- * mbedtls_md_free(), or call mbedtls_md_starts() to reuse
- * the context for another digest operation with the same
- * algorithm.
- *
- * \param ctx The generic message-digest context.
- * \param output The buffer for the generic message-digest checksum result.
- *
- * \return \c 0 on success.
- * \return #MBEDTLS_ERR_MD_BAD_INPUT_DATA on parameter-verification
- * failure.
- */
-MBEDTLS_CHECK_RETURN_TYPICAL
-int mbedtls_md_finish(mbedtls_md_context_t *ctx, unsigned char *output);
-
-/**
- * \brief This function calculates the message-digest of a buffer,
- * with respect to a configurable message-digest algorithm
- * in a single call.
- *
- * The result is calculated as
- * Output = message_digest(input buffer).
- *
- * \param md_info The information structure of the message-digest algorithm
- * to use.
- * \param input The buffer holding the data.
- * \param ilen The length of the input data.
- * \param output The generic message-digest checksum result.
- *
- * \return \c 0 on success.
- * \return #MBEDTLS_ERR_MD_BAD_INPUT_DATA on parameter-verification
- * failure.
- */
-MBEDTLS_CHECK_RETURN_TYPICAL
-int mbedtls_md(const mbedtls_md_info_t *md_info, const unsigned char *input, size_t ilen,
- unsigned char *output);
-
-/**
- * \brief This function returns the list of digests supported by the
- * generic digest module.
- *
- * \note The list starts with the strongest available hashes.
- *
- * \return A statically allocated array of digests. Each element
- * in the returned list is an integer belonging to the
- * message-digest enumeration #mbedtls_md_type_t.
- * The last entry is 0.
- */
-const int *mbedtls_md_list(void);
-
-/**
- * \brief This function returns the message-digest information
- * associated with the given digest name.
- *
- * \param md_name The name of the digest to search for.
- *
- * \return The message-digest information associated with \p md_name.
- * \return NULL if the associated message-digest information is not found.
- */
-const mbedtls_md_info_t *mbedtls_md_info_from_string(const char *md_name);
-
-/**
- * \brief This function returns the name of the message digest for
- * the message-digest information structure given.
- *
- * \param md_info The information structure of the message-digest algorithm
- * to use.
- *
- * \return The name of the message digest.
- */
-const char *mbedtls_md_get_name(const mbedtls_md_info_t *md_info);
-
-/**
- * \brief This function returns the message-digest information
- * from the given context.
- *
- * \param ctx The context from which to extract the information.
- * This must be initialized (or \c NULL).
- *
- * \return The message-digest information associated with \p ctx.
- * \return \c NULL if \p ctx is \c NULL.
- */
-const mbedtls_md_info_t *mbedtls_md_info_from_ctx(
- const mbedtls_md_context_t *ctx);
-
-#if defined(MBEDTLS_FS_IO)
-/**
- * \brief This function calculates the message-digest checksum
- * result of the contents of the provided file.
- *
- * The result is calculated as
- * Output = message_digest(file contents).
- *
- * \param md_info The information structure of the message-digest algorithm
- * to use.
- * \param path The input file name.
- * \param output The generic message-digest checksum result.
- *
- * \return \c 0 on success.
- * \return #MBEDTLS_ERR_MD_FILE_IO_ERROR on an I/O error accessing
- * the file pointed by \p path.
- * \return #MBEDTLS_ERR_MD_BAD_INPUT_DATA if \p md_info was NULL.
- */
-MBEDTLS_CHECK_RETURN_TYPICAL
-int mbedtls_md_file(const mbedtls_md_info_t *md_info, const char *path,
- unsigned char *output);
-#endif /* MBEDTLS_FS_IO */
-
-/**
- * \brief This function sets the HMAC key and prepares to
- * authenticate a new message.
- *
- * Call this function after mbedtls_md_setup(), to use
- * the MD context for an HMAC calculation, then call
- * mbedtls_md_hmac_update() to provide the input data, and
- * mbedtls_md_hmac_finish() to get the HMAC value.
- *
- * \param ctx The message digest context containing an embedded HMAC
- * context.
- * \param key The HMAC secret key.
- * \param keylen The length of the HMAC key in Bytes.
- *
- * \return \c 0 on success.
- * \return #MBEDTLS_ERR_MD_BAD_INPUT_DATA on parameter-verification
- * failure.
- */
-MBEDTLS_CHECK_RETURN_TYPICAL
-int mbedtls_md_hmac_starts(mbedtls_md_context_t *ctx, const unsigned char *key,
- size_t keylen);
-
-/**
- * \brief This function feeds an input buffer into an ongoing HMAC
- * computation.
- *
- * Call mbedtls_md_hmac_starts() or mbedtls_md_hmac_reset()
- * before calling this function.
- * You may call this function multiple times to pass the
- * input piecewise.
- * Afterwards, call mbedtls_md_hmac_finish().
- *
- * \param ctx The message digest context containing an embedded HMAC
- * context.
- * \param input The buffer holding the input data.
- * \param ilen The length of the input data.
- *
- * \return \c 0 on success.
- * \return #MBEDTLS_ERR_MD_BAD_INPUT_DATA on parameter-verification
- * failure.
- */
-MBEDTLS_CHECK_RETURN_TYPICAL
-int mbedtls_md_hmac_update(mbedtls_md_context_t *ctx, const unsigned char *input,
- size_t ilen);
-
-/**
- * \brief This function finishes the HMAC operation, and writes
- * the result to the output buffer.
- *
- * Call this function after mbedtls_md_hmac_starts() and
- * mbedtls_md_hmac_update() to get the HMAC value. Afterwards
- * you may either call mbedtls_md_free() to clear the context,
- * or call mbedtls_md_hmac_reset() to reuse the context with
- * the same HMAC key.
- *
- * \param ctx The message digest context containing an embedded HMAC
- * context.
- * \param output The generic HMAC checksum result.
- *
- * \return \c 0 on success.
- * \return #MBEDTLS_ERR_MD_BAD_INPUT_DATA on parameter-verification
- * failure.
- */
-MBEDTLS_CHECK_RETURN_TYPICAL
-int mbedtls_md_hmac_finish(mbedtls_md_context_t *ctx, unsigned char *output);
-
-/**
- * \brief This function prepares to authenticate a new message with
- * the same key as the previous HMAC operation.
- *
- * You may call this function after mbedtls_md_hmac_finish().
- * Afterwards call mbedtls_md_hmac_update() to pass the new
- * input.
- *
- * \param ctx The message digest context containing an embedded HMAC
- * context.
- *
- * \return \c 0 on success.
- * \return #MBEDTLS_ERR_MD_BAD_INPUT_DATA on parameter-verification
- * failure.
- */
-MBEDTLS_CHECK_RETURN_TYPICAL
-int mbedtls_md_hmac_reset(mbedtls_md_context_t *ctx);
-
-/**
- * \brief This function calculates the full generic HMAC
- * on the input buffer with the provided key.
- *
- * The function allocates the context, performs the
- * calculation, and frees the context.
- *
- * The HMAC result is calculated as
- * output = generic HMAC(hmac key, input buffer).
- *
- * \param md_info The information structure of the message-digest algorithm
- * to use.
- * \param key The HMAC secret key.
- * \param keylen The length of the HMAC secret key in Bytes.
- * \param input The buffer holding the input data.
- * \param ilen The length of the input data.
- * \param output The generic HMAC result.
- *
- * \return \c 0 on success.
- * \return #MBEDTLS_ERR_MD_BAD_INPUT_DATA on parameter-verification
- * failure.
- */
-MBEDTLS_CHECK_RETURN_TYPICAL
-int mbedtls_md_hmac(const mbedtls_md_info_t *md_info, const unsigned char *key, size_t keylen,
- const unsigned char *input, size_t ilen,
- unsigned char *output);
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* MBEDTLS_MD_H */
diff --git a/include/mbedtls/memory_buffer_alloc.h b/include/mbedtls/memory_buffer_alloc.h
deleted file mode 100644
index b527d9b..0000000
--- a/include/mbedtls/memory_buffer_alloc.h
+++ /dev/null
@@ -1,142 +0,0 @@
-/**
- * \file memory_buffer_alloc.h
- *
- * \brief Buffer-based memory allocator
- */
-/*
- * Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
- */
-#ifndef MBEDTLS_MEMORY_BUFFER_ALLOC_H
-#define MBEDTLS_MEMORY_BUFFER_ALLOC_H
-
-#include "mbedtls/build_info.h"
-
-#include
-
-/**
- * \name SECTION: Module settings
- *
- * The configuration options you can set for this module are in this section.
- * Either change them in mbedtls_config.h or define them on the compiler command line.
- * \{
- */
-
-#if !defined(MBEDTLS_MEMORY_ALIGN_MULTIPLE)
-#define MBEDTLS_MEMORY_ALIGN_MULTIPLE 4 /**< Align on multiples of this value */
-#endif
-
-/** \} name SECTION: Module settings */
-
-#define MBEDTLS_MEMORY_VERIFY_NONE 0
-#define MBEDTLS_MEMORY_VERIFY_ALLOC (1 << 0)
-#define MBEDTLS_MEMORY_VERIFY_FREE (1 << 1)
-#define MBEDTLS_MEMORY_VERIFY_ALWAYS (MBEDTLS_MEMORY_VERIFY_ALLOC | \
- MBEDTLS_MEMORY_VERIFY_FREE)
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/**
- * \brief Initialize use of stack-based memory allocator.
- * The stack-based allocator does memory management inside the
- * presented buffer and does not call calloc() and free().
- * It sets the global mbedtls_calloc() and mbedtls_free() pointers
- * to its own functions.
- * (Provided mbedtls_calloc() and mbedtls_free() are thread-safe if
- * MBEDTLS_THREADING_C is defined)
- *
- * \note This code is not optimized and provides a straight-forward
- * implementation of a stack-based memory allocator.
- *
- * \param buf buffer to use as heap
- * \param len size of the buffer
- */
-void mbedtls_memory_buffer_alloc_init(unsigned char *buf, size_t len);
-
-/**
- * \brief Free the mutex for thread-safety and clear remaining memory
- */
-void mbedtls_memory_buffer_alloc_free(void);
-
-/**
- * \brief Determine when the allocator should automatically verify the state
- * of the entire chain of headers / meta-data.
- * (Default: MBEDTLS_MEMORY_VERIFY_NONE)
- *
- * \param verify One of MBEDTLS_MEMORY_VERIFY_NONE, MBEDTLS_MEMORY_VERIFY_ALLOC,
- * MBEDTLS_MEMORY_VERIFY_FREE or MBEDTLS_MEMORY_VERIFY_ALWAYS
- */
-void mbedtls_memory_buffer_set_verify(int verify);
-
-#if defined(MBEDTLS_MEMORY_DEBUG)
-/**
- * \brief Print out the status of the allocated memory (primarily for use
- * after a program should have de-allocated all memory)
- * Prints out a list of 'still allocated' blocks and their stack
- * trace if MBEDTLS_MEMORY_BACKTRACE is defined.
- */
-void mbedtls_memory_buffer_alloc_status(void);
-
-/**
- * \brief Get the number of alloc/free so far.
- *
- * \param alloc_count Number of allocations.
- * \param free_count Number of frees.
- */
-void mbedtls_memory_buffer_alloc_count_get(size_t *alloc_count, size_t *free_count);
-
-/**
- * \brief Get the peak heap usage so far
- *
- * \param max_used Peak number of bytes in use or committed. This
- * includes bytes in allocated blocks too small to split
- * into smaller blocks but larger than the requested size.
- * \param max_blocks Peak number of blocks in use, including free and used
- */
-void mbedtls_memory_buffer_alloc_max_get(size_t *max_used, size_t *max_blocks);
-
-/**
- * \brief Reset peak statistics
- */
-void mbedtls_memory_buffer_alloc_max_reset(void);
-
-/**
- * \brief Get the current heap usage
- *
- * \param cur_used Current number of bytes in use or committed. This
- * includes bytes in allocated blocks too small to split
- * into smaller blocks but larger than the requested size.
- * \param cur_blocks Current number of blocks in use, including free and used
- */
-void mbedtls_memory_buffer_alloc_cur_get(size_t *cur_used, size_t *cur_blocks);
-#endif /* MBEDTLS_MEMORY_DEBUG */
-
-/**
- * \brief Verifies that all headers in the memory buffer are correct
- * and contain sane values. Helps debug buffer-overflow errors.
- *
- * Prints out first failure if MBEDTLS_MEMORY_DEBUG is defined.
- * Prints out full header information if MBEDTLS_MEMORY_DEBUG
- * is defined. (Includes stack trace information for each block if
- * MBEDTLS_MEMORY_BACKTRACE is defined as well).
- *
- * \return 0 if verified, 1 otherwise
- */
-int mbedtls_memory_buffer_alloc_verify(void);
-
-#if defined(MBEDTLS_SELF_TEST)
-/**
- * \brief Checkup routine
- *
- * \return 0 if successful, or 1 if a test failed
- */
-int mbedtls_memory_buffer_alloc_self_test(int verbose);
-#endif
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* memory_buffer_alloc.h */
diff --git a/include/mbedtls/oid.h b/include/mbedtls/oid.h
deleted file mode 100644
index fdc25eb..0000000
--- a/include/mbedtls/oid.h
+++ /dev/null
@@ -1,727 +0,0 @@
-/**
- * \file oid.h
- *
- * \brief Object Identifier (OID) database
- */
-/*
- * Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
- */
-#ifndef MBEDTLS_OID_H
-#define MBEDTLS_OID_H
-#include "mbedtls/private_access.h"
-
-#include "mbedtls/build_info.h"
-
-#include "mbedtls/asn1.h"
-#include "mbedtls/pk.h"
-
-#include
-
-#if defined(MBEDTLS_CIPHER_C)
-#include "mbedtls/cipher.h"
-#endif
-
-#include "mbedtls/md.h"
-
-/** OID is not found. */
-#define MBEDTLS_ERR_OID_NOT_FOUND -0x002E
-/** output buffer is too small */
-#define MBEDTLS_ERR_OID_BUF_TOO_SMALL -0x000B
-
-/* This is for the benefit of X.509, but defined here in order to avoid
- * having a "backwards" include of x.509.h here */
-/*
- * X.509 extension types (internal, arbitrary values for bitsets)
- */
-#define MBEDTLS_OID_X509_EXT_AUTHORITY_KEY_IDENTIFIER (1 << 0)
-#define MBEDTLS_OID_X509_EXT_SUBJECT_KEY_IDENTIFIER (1 << 1)
-#define MBEDTLS_OID_X509_EXT_KEY_USAGE (1 << 2)
-#define MBEDTLS_OID_X509_EXT_CERTIFICATE_POLICIES (1 << 3)
-#define MBEDTLS_OID_X509_EXT_POLICY_MAPPINGS (1 << 4)
-#define MBEDTLS_OID_X509_EXT_SUBJECT_ALT_NAME (1 << 5)
-#define MBEDTLS_OID_X509_EXT_ISSUER_ALT_NAME (1 << 6)
-#define MBEDTLS_OID_X509_EXT_SUBJECT_DIRECTORY_ATTRS (1 << 7)
-#define MBEDTLS_OID_X509_EXT_BASIC_CONSTRAINTS (1 << 8)
-#define MBEDTLS_OID_X509_EXT_NAME_CONSTRAINTS (1 << 9)
-#define MBEDTLS_OID_X509_EXT_POLICY_CONSTRAINTS (1 << 10)
-#define MBEDTLS_OID_X509_EXT_EXTENDED_KEY_USAGE (1 << 11)
-#define MBEDTLS_OID_X509_EXT_CRL_DISTRIBUTION_POINTS (1 << 12)
-#define MBEDTLS_OID_X509_EXT_INIHIBIT_ANYPOLICY (1 << 13)
-#define MBEDTLS_OID_X509_EXT_FRESHEST_CRL (1 << 14)
-#define MBEDTLS_OID_X509_EXT_NS_CERT_TYPE (1 << 16)
-
-/*
- * Maximum number of OID components allowed
- */
-#define MBEDTLS_OID_MAX_COMPONENTS 128
-
-/*
- * Top level OID tuples
- */
-#define MBEDTLS_OID_ISO_MEMBER_BODIES "\x2a" /* {iso(1) member-body(2)} */
-#define MBEDTLS_OID_ISO_IDENTIFIED_ORG "\x2b" /* {iso(1) identified-organization(3)} */
-#define MBEDTLS_OID_ISO_CCITT_DS "\x55" /* {joint-iso-ccitt(2) ds(5)} */
-#define MBEDTLS_OID_ISO_ITU_COUNTRY "\x60" /* {joint-iso-itu-t(2) country(16)} */
-
-/*
- * ISO Member bodies OID parts
- */
-#define MBEDTLS_OID_COUNTRY_US "\x86\x48" /* {us(840)} */
-#define MBEDTLS_OID_ORG_RSA_DATA_SECURITY "\x86\xf7\x0d" /* {rsadsi(113549)} */
-#define MBEDTLS_OID_RSA_COMPANY MBEDTLS_OID_ISO_MEMBER_BODIES MBEDTLS_OID_COUNTRY_US \
- MBEDTLS_OID_ORG_RSA_DATA_SECURITY /* {iso(1) member-body(2) us(840) rsadsi(113549)} */
-#define MBEDTLS_OID_ORG_ANSI_X9_62 "\xce\x3d" /* ansi-X9-62(10045) */
-#define MBEDTLS_OID_ANSI_X9_62 MBEDTLS_OID_ISO_MEMBER_BODIES MBEDTLS_OID_COUNTRY_US \
- MBEDTLS_OID_ORG_ANSI_X9_62
-
-/*
- * ISO Identified organization OID parts
- */
-#define MBEDTLS_OID_ORG_DOD "\x06" /* {dod(6)} */
-#define MBEDTLS_OID_ORG_OIW "\x0e"
-#define MBEDTLS_OID_OIW_SECSIG MBEDTLS_OID_ORG_OIW "\x03"
-#define MBEDTLS_OID_OIW_SECSIG_ALG MBEDTLS_OID_OIW_SECSIG "\x02"
-#define MBEDTLS_OID_OIW_SECSIG_SHA1 MBEDTLS_OID_OIW_SECSIG_ALG "\x1a"
-#define MBEDTLS_OID_ORG_THAWTE "\x65" /* thawte(101) */
-#define MBEDTLS_OID_THAWTE MBEDTLS_OID_ISO_IDENTIFIED_ORG \
- MBEDTLS_OID_ORG_THAWTE
-#define MBEDTLS_OID_ORG_CERTICOM "\x81\x04" /* certicom(132) */
-#define MBEDTLS_OID_CERTICOM MBEDTLS_OID_ISO_IDENTIFIED_ORG \
- MBEDTLS_OID_ORG_CERTICOM
-#define MBEDTLS_OID_ORG_TELETRUST "\x24" /* teletrust(36) */
-#define MBEDTLS_OID_TELETRUST MBEDTLS_OID_ISO_IDENTIFIED_ORG \
- MBEDTLS_OID_ORG_TELETRUST
-
-/*
- * ISO ITU OID parts
- */
-#define MBEDTLS_OID_ORGANIZATION "\x01" /* {organization(1)} */
-#define MBEDTLS_OID_ISO_ITU_US_ORG MBEDTLS_OID_ISO_ITU_COUNTRY MBEDTLS_OID_COUNTRY_US \
- MBEDTLS_OID_ORGANIZATION /* {joint-iso-itu-t(2) country(16) us(840) organization(1)} */
-
-#define MBEDTLS_OID_ORG_GOV "\x65" /* {gov(101)} */
-#define MBEDTLS_OID_GOV MBEDTLS_OID_ISO_ITU_US_ORG MBEDTLS_OID_ORG_GOV /* {joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101)} */
-
-#define MBEDTLS_OID_ORG_NETSCAPE "\x86\xF8\x42" /* {netscape(113730)} */
-#define MBEDTLS_OID_NETSCAPE MBEDTLS_OID_ISO_ITU_US_ORG MBEDTLS_OID_ORG_NETSCAPE /* Netscape OID {joint-iso-itu-t(2) country(16) us(840) organization(1) netscape(113730)} */
-
-/* ISO arc for standard certificate and CRL extensions */
-#define MBEDTLS_OID_ID_CE MBEDTLS_OID_ISO_CCITT_DS "\x1D" /**< id-ce OBJECT IDENTIFIER ::= {joint-iso-ccitt(2) ds(5) 29} */
-
-#define MBEDTLS_OID_NIST_ALG MBEDTLS_OID_GOV "\x03\x04" /** { joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) nistAlgorithm(4) */
-
-/**
- * Private Internet Extensions
- * { iso(1) identified-organization(3) dod(6) internet(1)
- * security(5) mechanisms(5) pkix(7) }
- */
-#define MBEDTLS_OID_INTERNET MBEDTLS_OID_ISO_IDENTIFIED_ORG MBEDTLS_OID_ORG_DOD \
- "\x01"
-#define MBEDTLS_OID_PKIX MBEDTLS_OID_INTERNET "\x05\x05\x07"
-
-/*
- * Arc for standard naming attributes
- */
-#define MBEDTLS_OID_AT MBEDTLS_OID_ISO_CCITT_DS "\x04" /**< id-at OBJECT IDENTIFIER ::= {joint-iso-ccitt(2) ds(5) 4} */
-#define MBEDTLS_OID_AT_CN MBEDTLS_OID_AT "\x03" /**< id-at-commonName AttributeType:= {id-at 3} */
-#define MBEDTLS_OID_AT_SUR_NAME MBEDTLS_OID_AT "\x04" /**< id-at-surName AttributeType:= {id-at 4} */
-#define MBEDTLS_OID_AT_SERIAL_NUMBER MBEDTLS_OID_AT "\x05" /**< id-at-serialNumber AttributeType:= {id-at 5} */
-#define MBEDTLS_OID_AT_COUNTRY MBEDTLS_OID_AT "\x06" /**< id-at-countryName AttributeType:= {id-at 6} */
-#define MBEDTLS_OID_AT_LOCALITY MBEDTLS_OID_AT "\x07" /**< id-at-locality AttributeType:= {id-at 7} */
-#define MBEDTLS_OID_AT_STATE MBEDTLS_OID_AT "\x08" /**< id-at-state AttributeType:= {id-at 8} */
-#define MBEDTLS_OID_AT_ORGANIZATION MBEDTLS_OID_AT "\x0A" /**< id-at-organizationName AttributeType:= {id-at 10} */
-#define MBEDTLS_OID_AT_ORG_UNIT MBEDTLS_OID_AT "\x0B" /**< id-at-organizationalUnitName AttributeType:= {id-at 11} */
-#define MBEDTLS_OID_AT_TITLE MBEDTLS_OID_AT "\x0C" /**< id-at-title AttributeType:= {id-at 12} */
-#define MBEDTLS_OID_AT_POSTAL_ADDRESS MBEDTLS_OID_AT "\x10" /**< id-at-postalAddress AttributeType:= {id-at 16} */
-#define MBEDTLS_OID_AT_POSTAL_CODE MBEDTLS_OID_AT "\x11" /**< id-at-postalCode AttributeType:= {id-at 17} */
-#define MBEDTLS_OID_AT_GIVEN_NAME MBEDTLS_OID_AT "\x2A" /**< id-at-givenName AttributeType:= {id-at 42} */
-#define MBEDTLS_OID_AT_INITIALS MBEDTLS_OID_AT "\x2B" /**< id-at-initials AttributeType:= {id-at 43} */
-#define MBEDTLS_OID_AT_GENERATION_QUALIFIER MBEDTLS_OID_AT "\x2C" /**< id-at-generationQualifier AttributeType:= {id-at 44} */
-#define MBEDTLS_OID_AT_UNIQUE_IDENTIFIER MBEDTLS_OID_AT "\x2D" /**< id-at-uniqueIdentifier AttributeType:= {id-at 45} */
-#define MBEDTLS_OID_AT_DN_QUALIFIER MBEDTLS_OID_AT "\x2E" /**< id-at-dnQualifier AttributeType:= {id-at 46} */
-#define MBEDTLS_OID_AT_PSEUDONYM MBEDTLS_OID_AT "\x41" /**< id-at-pseudonym AttributeType:= {id-at 65} */
-
-#define MBEDTLS_OID_UID "\x09\x92\x26\x89\x93\xF2\x2C\x64\x01\x01" /** id-domainComponent AttributeType:= {itu-t(0) data(9) pss(2342) ucl(19200300) pilot(100) pilotAttributeType(1) uid(1)} */
-#define MBEDTLS_OID_DOMAIN_COMPONENT "\x09\x92\x26\x89\x93\xF2\x2C\x64\x01\x19" /** id-domainComponent AttributeType:= {itu-t(0) data(9) pss(2342) ucl(19200300) pilot(100) pilotAttributeType(1) domainComponent(25)} */
-
-/*
- * OIDs for standard certificate extensions
- */
-#define MBEDTLS_OID_AUTHORITY_KEY_IDENTIFIER MBEDTLS_OID_ID_CE "\x23" /**< id-ce-authorityKeyIdentifier OBJECT IDENTIFIER ::= { id-ce 35 } */
-#define MBEDTLS_OID_SUBJECT_KEY_IDENTIFIER MBEDTLS_OID_ID_CE "\x0E" /**< id-ce-subjectKeyIdentifier OBJECT IDENTIFIER ::= { id-ce 14 } */
-#define MBEDTLS_OID_KEY_USAGE MBEDTLS_OID_ID_CE "\x0F" /**< id-ce-keyUsage OBJECT IDENTIFIER ::= { id-ce 15 } */
-#define MBEDTLS_OID_CERTIFICATE_POLICIES MBEDTLS_OID_ID_CE "\x20" /**< id-ce-certificatePolicies OBJECT IDENTIFIER ::= { id-ce 32 } */
-#define MBEDTLS_OID_POLICY_MAPPINGS MBEDTLS_OID_ID_CE "\x21" /**< id-ce-policyMappings OBJECT IDENTIFIER ::= { id-ce 33 } */
-#define MBEDTLS_OID_SUBJECT_ALT_NAME MBEDTLS_OID_ID_CE "\x11" /**< id-ce-subjectAltName OBJECT IDENTIFIER ::= { id-ce 17 } */
-#define MBEDTLS_OID_ISSUER_ALT_NAME MBEDTLS_OID_ID_CE "\x12" /**< id-ce-issuerAltName OBJECT IDENTIFIER ::= { id-ce 18 } */
-#define MBEDTLS_OID_SUBJECT_DIRECTORY_ATTRS MBEDTLS_OID_ID_CE "\x09" /**< id-ce-subjectDirectoryAttributes OBJECT IDENTIFIER ::= { id-ce 9 } */
-#define MBEDTLS_OID_BASIC_CONSTRAINTS MBEDTLS_OID_ID_CE "\x13" /**< id-ce-basicConstraints OBJECT IDENTIFIER ::= { id-ce 19 } */
-#define MBEDTLS_OID_NAME_CONSTRAINTS MBEDTLS_OID_ID_CE "\x1E" /**< id-ce-nameConstraints OBJECT IDENTIFIER ::= { id-ce 30 } */
-#define MBEDTLS_OID_POLICY_CONSTRAINTS MBEDTLS_OID_ID_CE "\x24" /**< id-ce-policyConstraints OBJECT IDENTIFIER ::= { id-ce 36 } */
-#define MBEDTLS_OID_EXTENDED_KEY_USAGE MBEDTLS_OID_ID_CE "\x25" /**< id-ce-extKeyUsage OBJECT IDENTIFIER ::= { id-ce 37 } */
-#define MBEDTLS_OID_CRL_DISTRIBUTION_POINTS MBEDTLS_OID_ID_CE "\x1F" /**< id-ce-cRLDistributionPoints OBJECT IDENTIFIER ::= { id-ce 31 } */
-#define MBEDTLS_OID_INIHIBIT_ANYPOLICY MBEDTLS_OID_ID_CE "\x36" /**< id-ce-inhibitAnyPolicy OBJECT IDENTIFIER ::= { id-ce 54 } */
-#define MBEDTLS_OID_FRESHEST_CRL MBEDTLS_OID_ID_CE "\x2E" /**< id-ce-freshestCRL OBJECT IDENTIFIER ::= { id-ce 46 } */
-
-/*
- * Certificate policies
- */
-#define MBEDTLS_OID_ANY_POLICY MBEDTLS_OID_CERTIFICATE_POLICIES "\x00" /**< anyPolicy OBJECT IDENTIFIER ::= { id-ce-certificatePolicies 0 } */
-
-/*
- * Netscape certificate extensions
- */
-#define MBEDTLS_OID_NS_CERT MBEDTLS_OID_NETSCAPE "\x01"
-#define MBEDTLS_OID_NS_CERT_TYPE MBEDTLS_OID_NS_CERT "\x01"
-#define MBEDTLS_OID_NS_BASE_URL MBEDTLS_OID_NS_CERT "\x02"
-#define MBEDTLS_OID_NS_REVOCATION_URL MBEDTLS_OID_NS_CERT "\x03"
-#define MBEDTLS_OID_NS_CA_REVOCATION_URL MBEDTLS_OID_NS_CERT "\x04"
-#define MBEDTLS_OID_NS_RENEWAL_URL MBEDTLS_OID_NS_CERT "\x07"
-#define MBEDTLS_OID_NS_CA_POLICY_URL MBEDTLS_OID_NS_CERT "\x08"
-#define MBEDTLS_OID_NS_SSL_SERVER_NAME MBEDTLS_OID_NS_CERT "\x0C"
-#define MBEDTLS_OID_NS_COMMENT MBEDTLS_OID_NS_CERT "\x0D"
-#define MBEDTLS_OID_NS_DATA_TYPE MBEDTLS_OID_NETSCAPE "\x02"
-#define MBEDTLS_OID_NS_CERT_SEQUENCE MBEDTLS_OID_NS_DATA_TYPE "\x05"
-
-/*
- * OIDs for CRL extensions
- */
-#define MBEDTLS_OID_PRIVATE_KEY_USAGE_PERIOD MBEDTLS_OID_ID_CE "\x10"
-#define MBEDTLS_OID_CRL_NUMBER MBEDTLS_OID_ID_CE "\x14" /**< id-ce-cRLNumber OBJECT IDENTIFIER ::= { id-ce 20 } */
-
-/*
- * X.509 v3 Extended key usage OIDs
- */
-#define MBEDTLS_OID_ANY_EXTENDED_KEY_USAGE MBEDTLS_OID_EXTENDED_KEY_USAGE "\x00" /**< anyExtendedKeyUsage OBJECT IDENTIFIER ::= { id-ce-extKeyUsage 0 } */
-
-#define MBEDTLS_OID_KP MBEDTLS_OID_PKIX "\x03" /**< id-kp OBJECT IDENTIFIER ::= { id-pkix 3 } */
-#define MBEDTLS_OID_SERVER_AUTH MBEDTLS_OID_KP "\x01" /**< id-kp-serverAuth OBJECT IDENTIFIER ::= { id-kp 1 } */
-#define MBEDTLS_OID_CLIENT_AUTH MBEDTLS_OID_KP "\x02" /**< id-kp-clientAuth OBJECT IDENTIFIER ::= { id-kp 2 } */
-#define MBEDTLS_OID_CODE_SIGNING MBEDTLS_OID_KP "\x03" /**< id-kp-codeSigning OBJECT IDENTIFIER ::= { id-kp 3 } */
-#define MBEDTLS_OID_EMAIL_PROTECTION MBEDTLS_OID_KP "\x04" /**< id-kp-emailProtection OBJECT IDENTIFIER ::= { id-kp 4 } */
-#define MBEDTLS_OID_TIME_STAMPING MBEDTLS_OID_KP "\x08" /**< id-kp-timeStamping OBJECT IDENTIFIER ::= { id-kp 8 } */
-#define MBEDTLS_OID_OCSP_SIGNING MBEDTLS_OID_KP "\x09" /**< id-kp-OCSPSigning OBJECT IDENTIFIER ::= { id-kp 9 } */
-
-/**
- * Wi-SUN Alliance Field Area Network
- * { iso(1) identified-organization(3) dod(6) internet(1)
- * private(4) enterprise(1) WiSUN(45605) FieldAreaNetwork(1) }
- */
-#define MBEDTLS_OID_WISUN_FAN MBEDTLS_OID_INTERNET "\x04\x01\x82\xe4\x25\x01"
-
-#define MBEDTLS_OID_ON MBEDTLS_OID_PKIX "\x08" /**< id-on OBJECT IDENTIFIER ::= { id-pkix 8 } */
-#define MBEDTLS_OID_ON_HW_MODULE_NAME MBEDTLS_OID_ON "\x04" /**< id-on-hardwareModuleName OBJECT IDENTIFIER ::= { id-on 4 } */
-
-/*
- * PKCS definition OIDs
- */
-
-#define MBEDTLS_OID_PKCS MBEDTLS_OID_RSA_COMPANY "\x01" /**< pkcs OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) 1 } */
-#define MBEDTLS_OID_PKCS1 MBEDTLS_OID_PKCS "\x01" /**< pkcs-1 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) 1 } */
-#define MBEDTLS_OID_PKCS5 MBEDTLS_OID_PKCS "\x05" /**< pkcs-5 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) 5 } */
-#define MBEDTLS_OID_PKCS7 MBEDTLS_OID_PKCS "\x07" /**< pkcs-7 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) 7 } */
-#define MBEDTLS_OID_PKCS9 MBEDTLS_OID_PKCS "\x09" /**< pkcs-9 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) 9 } */
-#define MBEDTLS_OID_PKCS12 MBEDTLS_OID_PKCS "\x0c" /**< pkcs-12 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) 12 } */
-
-/*
- * PKCS#1 OIDs
- */
-#define MBEDTLS_OID_PKCS1_RSA MBEDTLS_OID_PKCS1 "\x01" /**< rsaEncryption OBJECT IDENTIFIER ::= { pkcs-1 1 } */
-#define MBEDTLS_OID_PKCS1_MD5 MBEDTLS_OID_PKCS1 "\x04" /**< md5WithRSAEncryption ::= { pkcs-1 4 } */
-#define MBEDTLS_OID_PKCS1_SHA1 MBEDTLS_OID_PKCS1 "\x05" /**< sha1WithRSAEncryption ::= { pkcs-1 5 } */
-#define MBEDTLS_OID_PKCS1_SHA224 MBEDTLS_OID_PKCS1 "\x0e" /**< sha224WithRSAEncryption ::= { pkcs-1 14 } */
-#define MBEDTLS_OID_PKCS1_SHA256 MBEDTLS_OID_PKCS1 "\x0b" /**< sha256WithRSAEncryption ::= { pkcs-1 11 } */
-#define MBEDTLS_OID_PKCS1_SHA384 MBEDTLS_OID_PKCS1 "\x0c" /**< sha384WithRSAEncryption ::= { pkcs-1 12 } */
-#define MBEDTLS_OID_PKCS1_SHA512 MBEDTLS_OID_PKCS1 "\x0d" /**< sha512WithRSAEncryption ::= { pkcs-1 13 } */
-
-#define MBEDTLS_OID_RSA_SHA_OBS "\x2B\x0E\x03\x02\x1D"
-
-#define MBEDTLS_OID_PKCS9_EMAIL MBEDTLS_OID_PKCS9 "\x01" /**< emailAddress AttributeType ::= { pkcs-9 1 } */
-
-/* RFC 4055 */
-#define MBEDTLS_OID_RSASSA_PSS MBEDTLS_OID_PKCS1 "\x0a" /**< id-RSASSA-PSS ::= { pkcs-1 10 } */
-#define MBEDTLS_OID_MGF1 MBEDTLS_OID_PKCS1 "\x08" /**< id-mgf1 ::= { pkcs-1 8 } */
-
-/*
- * Digest algorithms
- */
-#define MBEDTLS_OID_DIGEST_ALG_MD5 MBEDTLS_OID_RSA_COMPANY "\x02\x05" /**< id-mbedtls_md5 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) digestAlgorithm(2) 5 } */
-#define MBEDTLS_OID_DIGEST_ALG_SHA1 MBEDTLS_OID_ISO_IDENTIFIED_ORG \
- MBEDTLS_OID_OIW_SECSIG_SHA1 /**< id-mbedtls_sha1 OBJECT IDENTIFIER ::= { iso(1) identified-organization(3) oiw(14) secsig(3) algorithms(2) 26 } */
-#define MBEDTLS_OID_DIGEST_ALG_SHA224 MBEDTLS_OID_NIST_ALG "\x02\x04" /**< id-sha224 OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) nistalgorithm(4) hashalgs(2) 4 } */
-#define MBEDTLS_OID_DIGEST_ALG_SHA256 MBEDTLS_OID_NIST_ALG "\x02\x01" /**< id-mbedtls_sha256 OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) nistalgorithm(4) hashalgs(2) 1 } */
-
-#define MBEDTLS_OID_DIGEST_ALG_SHA384 MBEDTLS_OID_NIST_ALG "\x02\x02" /**< id-sha384 OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) nistalgorithm(4) hashalgs(2) 2 } */
-
-#define MBEDTLS_OID_DIGEST_ALG_SHA512 MBEDTLS_OID_NIST_ALG "\x02\x03" /**< id-mbedtls_sha512 OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) nistalgorithm(4) hashalgs(2) 3 } */
-
-#define MBEDTLS_OID_DIGEST_ALG_RIPEMD160 MBEDTLS_OID_TELETRUST "\x03\x02\x01" /**< id-ripemd160 OBJECT IDENTIFIER :: { iso(1) identified-organization(3) teletrust(36) algorithm(3) hashAlgorithm(2) ripemd160(1) } */
-
-#define MBEDTLS_OID_DIGEST_ALG_SHA3_224 MBEDTLS_OID_NIST_ALG "\x02\x07" /**< id-sha3-224 OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) nistAlgorithms(4) hashalgs(2) sha3-224(7) } */
-
-#define MBEDTLS_OID_DIGEST_ALG_SHA3_256 MBEDTLS_OID_NIST_ALG "\x02\x08" /**< id-sha3-256 OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) nistAlgorithms(4) hashalgs(2) sha3-256(8) } */
-
-#define MBEDTLS_OID_DIGEST_ALG_SHA3_384 MBEDTLS_OID_NIST_ALG "\x02\x09" /**< id-sha3-384 OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) nistAlgorithms(4) hashalgs(2) sha3-384(9) } */
-
-#define MBEDTLS_OID_DIGEST_ALG_SHA3_512 MBEDTLS_OID_NIST_ALG "\x02\x0a" /**< id-sha3-512 OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) nistAlgorithms(4) hashalgs(2) sha3-512(10) } */
-
-
-#define MBEDTLS_OID_HMAC_SHA1 MBEDTLS_OID_RSA_COMPANY "\x02\x07" /**< id-hmacWithSHA1 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) digestAlgorithm(2) 7 } */
-
-#define MBEDTLS_OID_HMAC_SHA224 MBEDTLS_OID_RSA_COMPANY "\x02\x08" /**< id-hmacWithSHA224 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) digestAlgorithm(2) 8 } */
-
-#define MBEDTLS_OID_HMAC_SHA256 MBEDTLS_OID_RSA_COMPANY "\x02\x09" /**< id-hmacWithSHA256 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) digestAlgorithm(2) 9 } */
-
-#define MBEDTLS_OID_HMAC_SHA384 MBEDTLS_OID_RSA_COMPANY "\x02\x0A" /**< id-hmacWithSHA384 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) digestAlgorithm(2) 10 } */
-
-#define MBEDTLS_OID_HMAC_SHA512 MBEDTLS_OID_RSA_COMPANY "\x02\x0B" /**< id-hmacWithSHA512 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) digestAlgorithm(2) 11 } */
-
-#define MBEDTLS_OID_HMAC_SHA3_224 MBEDTLS_OID_NIST_ALG "\x02\x0d" /**< id-hmacWithSHA3-512 OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) nistAlgorithms(4) hashalgs(2) hmacWithSHA3-224(13) } */
-
-#define MBEDTLS_OID_HMAC_SHA3_256 MBEDTLS_OID_NIST_ALG "\x02\x0e" /**< id-hmacWithSHA3-512 OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) nistAlgorithms(4) hashalgs(2) hmacWithSHA3-256(14) } */
-
-#define MBEDTLS_OID_HMAC_SHA3_384 MBEDTLS_OID_NIST_ALG "\x02\x0f" /**< id-hmacWithSHA3-512 OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) nistAlgorithms(4) hashalgs(2) hmacWithSHA3-384(15) } */
-
-#define MBEDTLS_OID_HMAC_SHA3_512 MBEDTLS_OID_NIST_ALG "\x02\x10" /**< id-hmacWithSHA3-512 OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) nistAlgorithms(4) hashalgs(2) hmacWithSHA3-512(16) } */
-
-#define MBEDTLS_OID_HMAC_RIPEMD160 MBEDTLS_OID_INTERNET "\x05\x05\x08\x01\x04" /**< id-hmacWithSHA1 OBJECT IDENTIFIER ::= {iso(1) iso-identified-organization(3) dod(6) internet(1) security(5) mechanisms(5) ipsec(8) isakmpOakley(1) hmacRIPEMD160(4)} */
-
-/*
- * Encryption algorithms,
- * the following standardized object identifiers are specified at
- * https://datatracker.ietf.org/doc/html/rfc8018#appendix-C.
- */
-#define MBEDTLS_OID_DES_CBC MBEDTLS_OID_ISO_IDENTIFIED_ORG \
- MBEDTLS_OID_OIW_SECSIG_ALG "\x07" /**< desCBC OBJECT IDENTIFIER ::= { iso(1) identified-organization(3) oiw(14) secsig(3) algorithms(2) 7 } */
-#define MBEDTLS_OID_DES_EDE3_CBC MBEDTLS_OID_RSA_COMPANY "\x03\x07" /**< des-ede3-cbc OBJECT IDENTIFIER ::= { iso(1) member-body(2) -- us(840) rsadsi(113549) encryptionAlgorithm(3) 7 } */
-#define MBEDTLS_OID_AES MBEDTLS_OID_NIST_ALG "\x01" /** aes OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) nistAlgorithm(4) 1 } */
-#define MBEDTLS_OID_AES_128_CBC MBEDTLS_OID_AES "\x02" /** aes128-cbc-pad OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) nistAlgorithms(4) aes(1) aes128-CBC-PAD(2) } */
-#define MBEDTLS_OID_AES_192_CBC MBEDTLS_OID_AES "\x16" /** aes192-cbc-pad OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) nistAlgorithms(4) aes(1) aes192-CBC-PAD(22) } */
-#define MBEDTLS_OID_AES_256_CBC MBEDTLS_OID_AES "\x2a" /** aes256-cbc-pad OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) nistAlgorithms(4) aes(1) aes256-CBC-PAD(42) } */
-
-/*
- * Key Wrapping algorithms
- */
-/*
- * RFC 5649
- */
-#define MBEDTLS_OID_AES128_KW MBEDTLS_OID_AES "\x05" /** id-aes128-wrap OBJECT IDENTIFIER ::= { aes 5 } */
-#define MBEDTLS_OID_AES128_KWP MBEDTLS_OID_AES "\x08" /** id-aes128-wrap-pad OBJECT IDENTIFIER ::= { aes 8 } */
-#define MBEDTLS_OID_AES192_KW MBEDTLS_OID_AES "\x19" /** id-aes192-wrap OBJECT IDENTIFIER ::= { aes 25 } */
-#define MBEDTLS_OID_AES192_KWP MBEDTLS_OID_AES "\x1c" /** id-aes192-wrap-pad OBJECT IDENTIFIER ::= { aes 28 } */
-#define MBEDTLS_OID_AES256_KW MBEDTLS_OID_AES "\x2d" /** id-aes256-wrap OBJECT IDENTIFIER ::= { aes 45 } */
-#define MBEDTLS_OID_AES256_KWP MBEDTLS_OID_AES "\x30" /** id-aes256-wrap-pad OBJECT IDENTIFIER ::= { aes 48 } */
-/*
- * PKCS#5 OIDs
- */
-#define MBEDTLS_OID_PKCS5_PBKDF2 MBEDTLS_OID_PKCS5 "\x0c" /**< id-PBKDF2 OBJECT IDENTIFIER ::= {pkcs-5 12} */
-#define MBEDTLS_OID_PKCS5_PBES2 MBEDTLS_OID_PKCS5 "\x0d" /**< id-PBES2 OBJECT IDENTIFIER ::= {pkcs-5 13} */
-#define MBEDTLS_OID_PKCS5_PBMAC1 MBEDTLS_OID_PKCS5 "\x0e" /**< id-PBMAC1 OBJECT IDENTIFIER ::= {pkcs-5 14} */
-
-/*
- * PKCS#5 PBES1 algorithms
- */
-#define MBEDTLS_OID_PKCS5_PBE_MD5_DES_CBC MBEDTLS_OID_PKCS5 "\x03" /**< pbeWithMD5AndDES-CBC OBJECT IDENTIFIER ::= {pkcs-5 3} */
-#define MBEDTLS_OID_PKCS5_PBE_MD5_RC2_CBC MBEDTLS_OID_PKCS5 "\x06" /**< pbeWithMD5AndRC2-CBC OBJECT IDENTIFIER ::= {pkcs-5 6} */
-#define MBEDTLS_OID_PKCS5_PBE_SHA1_DES_CBC MBEDTLS_OID_PKCS5 "\x0a" /**< pbeWithSHA1AndDES-CBC OBJECT IDENTIFIER ::= {pkcs-5 10} */
-#define MBEDTLS_OID_PKCS5_PBE_SHA1_RC2_CBC MBEDTLS_OID_PKCS5 "\x0b" /**< pbeWithSHA1AndRC2-CBC OBJECT IDENTIFIER ::= {pkcs-5 11} */
-
-/*
- * PKCS#7 OIDs
- */
-#define MBEDTLS_OID_PKCS7_DATA MBEDTLS_OID_PKCS7 "\x01" /**< Content type is Data OBJECT IDENTIFIER ::= {pkcs-7 1} */
-#define MBEDTLS_OID_PKCS7_SIGNED_DATA MBEDTLS_OID_PKCS7 "\x02" /**< Content type is Signed Data OBJECT IDENTIFIER ::= {pkcs-7 2} */
-#define MBEDTLS_OID_PKCS7_ENVELOPED_DATA MBEDTLS_OID_PKCS7 "\x03" /**< Content type is Enveloped Data OBJECT IDENTIFIER ::= {pkcs-7 3} */
-#define MBEDTLS_OID_PKCS7_SIGNED_AND_ENVELOPED_DATA MBEDTLS_OID_PKCS7 "\x04" /**< Content type is Signed and Enveloped Data OBJECT IDENTIFIER ::= {pkcs-7 4} */
-#define MBEDTLS_OID_PKCS7_DIGESTED_DATA MBEDTLS_OID_PKCS7 "\x05" /**< Content type is Digested Data OBJECT IDENTIFIER ::= {pkcs-7 5} */
-#define MBEDTLS_OID_PKCS7_ENCRYPTED_DATA MBEDTLS_OID_PKCS7 "\x06" /**< Content type is Encrypted Data OBJECT IDENTIFIER ::= {pkcs-7 6} */
-
-/*
- * PKCS#8 OIDs
- */
-#define MBEDTLS_OID_PKCS9_CSR_EXT_REQ MBEDTLS_OID_PKCS9 "\x0e" /**< extensionRequest OBJECT IDENTIFIER ::= {pkcs-9 14} */
-
-/*
- * PKCS#12 PBE OIDs
- */
-#define MBEDTLS_OID_PKCS12_PBE MBEDTLS_OID_PKCS12 "\x01" /**< pkcs-12PbeIds OBJECT IDENTIFIER ::= {pkcs-12 1} */
-
-#define MBEDTLS_OID_PKCS12_PBE_SHA1_DES3_EDE_CBC MBEDTLS_OID_PKCS12_PBE "\x03" /**< pbeWithSHAAnd3-KeyTripleDES-CBC OBJECT IDENTIFIER ::= {pkcs-12PbeIds 3} */
-#define MBEDTLS_OID_PKCS12_PBE_SHA1_DES2_EDE_CBC MBEDTLS_OID_PKCS12_PBE "\x04" /**< pbeWithSHAAnd2-KeyTripleDES-CBC OBJECT IDENTIFIER ::= {pkcs-12PbeIds 4} */
-#define MBEDTLS_OID_PKCS12_PBE_SHA1_RC2_128_CBC MBEDTLS_OID_PKCS12_PBE "\x05" /**< pbeWithSHAAnd128BitRC2-CBC OBJECT IDENTIFIER ::= {pkcs-12PbeIds 5} */
-#define MBEDTLS_OID_PKCS12_PBE_SHA1_RC2_40_CBC MBEDTLS_OID_PKCS12_PBE "\x06" /**< pbeWithSHAAnd40BitRC2-CBC OBJECT IDENTIFIER ::= {pkcs-12PbeIds 6} */
-
-/*
- * EC key algorithms from RFC 5480
- */
-
-/* id-ecPublicKey OBJECT IDENTIFIER ::= {
- * iso(1) member-body(2) us(840) ansi-X9-62(10045) keyType(2) 1 } */
-#define MBEDTLS_OID_EC_ALG_UNRESTRICTED MBEDTLS_OID_ANSI_X9_62 "\x02\01"
-
-/* id-ecDH OBJECT IDENTIFIER ::= {
- * iso(1) identified-organization(3) certicom(132)
- * schemes(1) ecdh(12) } */
-#define MBEDTLS_OID_EC_ALG_ECDH MBEDTLS_OID_CERTICOM "\x01\x0c"
-
-/*
- * ECParameters namedCurve identifiers, from RFC 5480, RFC 5639, and SEC2
- */
-
-/* secp192r1 OBJECT IDENTIFIER ::= {
- * iso(1) member-body(2) us(840) ansi-X9-62(10045) curves(3) prime(1) 1 } */
-#define MBEDTLS_OID_EC_GRP_SECP192R1 MBEDTLS_OID_ANSI_X9_62 "\x03\x01\x01"
-
-/* secp224r1 OBJECT IDENTIFIER ::= {
- * iso(1) identified-organization(3) certicom(132) curve(0) 33 } */
-#define MBEDTLS_OID_EC_GRP_SECP224R1 MBEDTLS_OID_CERTICOM "\x00\x21"
-
-/* secp256r1 OBJECT IDENTIFIER ::= {
- * iso(1) member-body(2) us(840) ansi-X9-62(10045) curves(3) prime(1) 7 } */
-#define MBEDTLS_OID_EC_GRP_SECP256R1 MBEDTLS_OID_ANSI_X9_62 "\x03\x01\x07"
-
-/* secp384r1 OBJECT IDENTIFIER ::= {
- * iso(1) identified-organization(3) certicom(132) curve(0) 34 } */
-#define MBEDTLS_OID_EC_GRP_SECP384R1 MBEDTLS_OID_CERTICOM "\x00\x22"
-
-/* secp521r1 OBJECT IDENTIFIER ::= {
- * iso(1) identified-organization(3) certicom(132) curve(0) 35 } */
-#define MBEDTLS_OID_EC_GRP_SECP521R1 MBEDTLS_OID_CERTICOM "\x00\x23"
-
-/* secp192k1 OBJECT IDENTIFIER ::= {
- * iso(1) identified-organization(3) certicom(132) curve(0) 31 } */
-#define MBEDTLS_OID_EC_GRP_SECP192K1 MBEDTLS_OID_CERTICOM "\x00\x1f"
-
-/* secp224k1 OBJECT IDENTIFIER ::= {
- * iso(1) identified-organization(3) certicom(132) curve(0) 32 } */
-#define MBEDTLS_OID_EC_GRP_SECP224K1 MBEDTLS_OID_CERTICOM "\x00\x20"
-
-/* secp256k1 OBJECT IDENTIFIER ::= {
- * iso(1) identified-organization(3) certicom(132) curve(0) 10 } */
-#define MBEDTLS_OID_EC_GRP_SECP256K1 MBEDTLS_OID_CERTICOM "\x00\x0a"
-
-/* RFC 5639 4.1
- * ecStdCurvesAndGeneration OBJECT IDENTIFIER::= {iso(1)
- * identified-organization(3) teletrust(36) algorithm(3) signature-
- * algorithm(3) ecSign(2) 8}
- * ellipticCurve OBJECT IDENTIFIER ::= {ecStdCurvesAndGeneration 1}
- * versionOne OBJECT IDENTIFIER ::= {ellipticCurve 1} */
-#define MBEDTLS_OID_EC_BRAINPOOL_V1 MBEDTLS_OID_TELETRUST "\x03\x03\x02\x08\x01\x01"
-
-/* brainpoolP256r1 OBJECT IDENTIFIER ::= {versionOne 7} */
-#define MBEDTLS_OID_EC_GRP_BP256R1 MBEDTLS_OID_EC_BRAINPOOL_V1 "\x07"
-
-/* brainpoolP384r1 OBJECT IDENTIFIER ::= {versionOne 11} */
-#define MBEDTLS_OID_EC_GRP_BP384R1 MBEDTLS_OID_EC_BRAINPOOL_V1 "\x0B"
-
-/* brainpoolP512r1 OBJECT IDENTIFIER ::= {versionOne 13} */
-#define MBEDTLS_OID_EC_GRP_BP512R1 MBEDTLS_OID_EC_BRAINPOOL_V1 "\x0D"
-
-/*
- * SEC1 C.1
- *
- * prime-field OBJECT IDENTIFIER ::= { id-fieldType 1 }
- * id-fieldType OBJECT IDENTIFIER ::= { ansi-X9-62 fieldType(1)}
- */
-#define MBEDTLS_OID_ANSI_X9_62_FIELD_TYPE MBEDTLS_OID_ANSI_X9_62 "\x01"
-#define MBEDTLS_OID_ANSI_X9_62_PRIME_FIELD MBEDTLS_OID_ANSI_X9_62_FIELD_TYPE "\x01"
-
-/*
- * ECDSA signature identifiers, from RFC 5480
- */
-#define MBEDTLS_OID_ANSI_X9_62_SIG MBEDTLS_OID_ANSI_X9_62 "\x04" /* signatures(4) */
-#define MBEDTLS_OID_ANSI_X9_62_SIG_SHA2 MBEDTLS_OID_ANSI_X9_62_SIG "\x03" /* ecdsa-with-SHA2(3) */
-
-/* ecdsa-with-SHA1 OBJECT IDENTIFIER ::= {
- * iso(1) member-body(2) us(840) ansi-X9-62(10045) signatures(4) 1 } */
-#define MBEDTLS_OID_ECDSA_SHA1 MBEDTLS_OID_ANSI_X9_62_SIG "\x01"
-
-/* ecdsa-with-SHA224 OBJECT IDENTIFIER ::= {
- * iso(1) member-body(2) us(840) ansi-X9-62(10045) signatures(4)
- * ecdsa-with-SHA2(3) 1 } */
-#define MBEDTLS_OID_ECDSA_SHA224 MBEDTLS_OID_ANSI_X9_62_SIG_SHA2 "\x01"
-
-/* ecdsa-with-SHA256 OBJECT IDENTIFIER ::= {
- * iso(1) member-body(2) us(840) ansi-X9-62(10045) signatures(4)
- * ecdsa-with-SHA2(3) 2 } */
-#define MBEDTLS_OID_ECDSA_SHA256 MBEDTLS_OID_ANSI_X9_62_SIG_SHA2 "\x02"
-
-/* ecdsa-with-SHA384 OBJECT IDENTIFIER ::= {
- * iso(1) member-body(2) us(840) ansi-X9-62(10045) signatures(4)
- * ecdsa-with-SHA2(3) 3 } */
-#define MBEDTLS_OID_ECDSA_SHA384 MBEDTLS_OID_ANSI_X9_62_SIG_SHA2 "\x03"
-
-/* ecdsa-with-SHA512 OBJECT IDENTIFIER ::= {
- * iso(1) member-body(2) us(840) ansi-X9-62(10045) signatures(4)
- * ecdsa-with-SHA2(3) 4 } */
-#define MBEDTLS_OID_ECDSA_SHA512 MBEDTLS_OID_ANSI_X9_62_SIG_SHA2 "\x04"
-
-/*
- * EC key algorithms from RFC 8410
- */
-
-#define MBEDTLS_OID_X25519 MBEDTLS_OID_THAWTE "\x6e" /**< id-X25519 OBJECT IDENTIFIER ::= { 1 3 101 110 } */
-#define MBEDTLS_OID_X448 MBEDTLS_OID_THAWTE "\x6f" /**< id-X448 OBJECT IDENTIFIER ::= { 1 3 101 111 } */
-#define MBEDTLS_OID_ED25519 MBEDTLS_OID_THAWTE "\x70" /**< id-Ed25519 OBJECT IDENTIFIER ::= { 1 3 101 112 } */
-#define MBEDTLS_OID_ED448 MBEDTLS_OID_THAWTE "\x71" /**< id-Ed448 OBJECT IDENTIFIER ::= { 1 3 101 113 } */
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/**
- * \brief Base OID descriptor structure
- */
-typedef struct mbedtls_oid_descriptor_t {
- const char *MBEDTLS_PRIVATE(asn1); /*!< OID ASN.1 representation */
- size_t MBEDTLS_PRIVATE(asn1_len); /*!< length of asn1 */
-#if !defined(MBEDTLS_X509_REMOVE_INFO)
- const char *MBEDTLS_PRIVATE(name); /*!< official name (e.g. from RFC) */
- const char *MBEDTLS_PRIVATE(description); /*!< human friendly description */
-#endif
-} mbedtls_oid_descriptor_t;
-
-/**
- * \brief Translate an ASN.1 OID into its numeric representation
- * (e.g. "\x2A\x86\x48\x86\xF7\x0D" into "1.2.840.113549")
- *
- * \param buf buffer to put representation in
- * \param size size of the buffer
- * \param oid OID to translate
- *
- * \return Length of the string written (excluding final NULL) or
- * MBEDTLS_ERR_OID_BUF_TOO_SMALL in case of error
- */
-int mbedtls_oid_get_numeric_string(char *buf, size_t size, const mbedtls_asn1_buf *oid);
-
-/**
- * \brief Translate a string containing a dotted-decimal
- * representation of an ASN.1 OID into its encoded form
- * (e.g. "1.2.840.113549" into "\x2A\x86\x48\x86\xF7\x0D").
- * On success, this function allocates oid->buf from the
- * heap. It must be freed by the caller using mbedtls_free().
- *
- * \param oid #mbedtls_asn1_buf to populate with the DER-encoded OID
- * \param oid_str string representation of the OID to parse
- * \param size length of the OID string, not including any null terminator
- *
- * \return 0 if successful
- * \return #MBEDTLS_ERR_ASN1_INVALID_DATA if \p oid_str does not
- * represent a valid OID
- * \return #MBEDTLS_ERR_ASN1_ALLOC_FAILED if the function fails to
- * allocate oid->buf
- */
-int mbedtls_oid_from_numeric_string(mbedtls_asn1_buf *oid, const char *oid_str, size_t size);
-
-/**
- * \brief Translate an X.509 extension OID into local values
- *
- * \param oid OID to use
- * \param ext_type place to store the extension type
- *
- * \return 0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND
- */
-int mbedtls_oid_get_x509_ext_type(const mbedtls_asn1_buf *oid, int *ext_type);
-
-/**
- * \brief Translate an X.509 attribute type OID into the short name
- * (e.g. the OID for an X520 Common Name into "CN")
- *
- * \param oid OID to use
- * \param short_name place to store the string pointer
- *
- * \return 0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND
- */
-int mbedtls_oid_get_attr_short_name(const mbedtls_asn1_buf *oid, const char **short_name);
-
-/**
- * \brief Translate PublicKeyAlgorithm OID into pk_type
- *
- * \param oid OID to use
- * \param pk_alg place to store public key algorithm
- *
- * \return 0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND
- */
-int mbedtls_oid_get_pk_alg(const mbedtls_asn1_buf *oid, mbedtls_pk_type_t *pk_alg);
-
-/**
- * \brief Translate pk_type into PublicKeyAlgorithm OID
- *
- * \param pk_alg Public key type to look for
- * \param oid place to store ASN.1 OID string pointer
- * \param olen length of the OID
- *
- * \return 0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND
- */
-int mbedtls_oid_get_oid_by_pk_alg(mbedtls_pk_type_t pk_alg,
- const char **oid, size_t *olen);
-
-#if defined(MBEDTLS_PK_HAVE_ECC_KEYS)
-/**
- * \brief Translate NamedCurve OID into an EC group identifier
- *
- * \param oid OID to use
- * \param grp_id place to store group id
- *
- * \return 0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND
- */
-int mbedtls_oid_get_ec_grp(const mbedtls_asn1_buf *oid, mbedtls_ecp_group_id *grp_id);
-
-/**
- * \brief Translate EC group identifier into NamedCurve OID
- *
- * \param grp_id EC group identifier
- * \param oid place to store ASN.1 OID string pointer
- * \param olen length of the OID
- *
- * \return 0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND
- */
-int mbedtls_oid_get_oid_by_ec_grp(mbedtls_ecp_group_id grp_id,
- const char **oid, size_t *olen);
-
-/**
- * \brief Translate AlgorithmIdentifier OID into an EC group identifier,
- * for curves that are directly encoded at this level
- *
- * \param oid OID to use
- * \param grp_id place to store group id
- *
- * \return 0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND
- */
-int mbedtls_oid_get_ec_grp_algid(const mbedtls_asn1_buf *oid, mbedtls_ecp_group_id *grp_id);
-
-/**
- * \brief Translate EC group identifier into AlgorithmIdentifier OID,
- * for curves that are directly encoded at this level
- *
- * \param grp_id EC group identifier
- * \param oid place to store ASN.1 OID string pointer
- * \param olen length of the OID
- *
- * \return 0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND
- */
-int mbedtls_oid_get_oid_by_ec_grp_algid(mbedtls_ecp_group_id grp_id,
- const char **oid, size_t *olen);
-#endif /* MBEDTLS_PK_HAVE_ECC_KEYS */
-
-/**
- * \brief Translate SignatureAlgorithm OID into md_type and pk_type
- *
- * \param oid OID to use
- * \param md_alg place to store message digest algorithm
- * \param pk_alg place to store public key algorithm
- *
- * \return 0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND
- */
-int mbedtls_oid_get_sig_alg(const mbedtls_asn1_buf *oid,
- mbedtls_md_type_t *md_alg, mbedtls_pk_type_t *pk_alg);
-
-/**
- * \brief Translate SignatureAlgorithm OID into description
- *
- * \param oid OID to use
- * \param desc place to store string pointer
- *
- * \return 0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND
- */
-int mbedtls_oid_get_sig_alg_desc(const mbedtls_asn1_buf *oid, const char **desc);
-
-/**
- * \brief Translate md_type and pk_type into SignatureAlgorithm OID
- *
- * \param md_alg message digest algorithm
- * \param pk_alg public key algorithm
- * \param oid place to store ASN.1 OID string pointer
- * \param olen length of the OID
- *
- * \return 0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND
- */
-int mbedtls_oid_get_oid_by_sig_alg(mbedtls_pk_type_t pk_alg, mbedtls_md_type_t md_alg,
- const char **oid, size_t *olen);
-
-/**
- * \brief Translate hmac algorithm OID into md_type
- *
- * \param oid OID to use
- * \param md_hmac place to store message hmac algorithm
- *
- * \return 0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND
- */
-int mbedtls_oid_get_md_hmac(const mbedtls_asn1_buf *oid, mbedtls_md_type_t *md_hmac);
-
-/**
- * \brief Translate hash algorithm OID into md_type
- *
- * \param oid OID to use
- * \param md_alg place to store message digest algorithm
- *
- * \return 0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND
- */
-int mbedtls_oid_get_md_alg(const mbedtls_asn1_buf *oid, mbedtls_md_type_t *md_alg);
-
-#if !defined(MBEDTLS_X509_REMOVE_INFO)
-/**
- * \brief Translate Extended Key Usage OID into description
- *
- * \param oid OID to use
- * \param desc place to store string pointer
- *
- * \return 0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND
- */
-int mbedtls_oid_get_extended_key_usage(const mbedtls_asn1_buf *oid, const char **desc);
-#endif
-
-/**
- * \brief Translate certificate policies OID into description
- *
- * \param oid OID to use
- * \param desc place to store string pointer
- *
- * \return 0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND
- */
-int mbedtls_oid_get_certificate_policies(const mbedtls_asn1_buf *oid, const char **desc);
-
-/**
- * \brief Translate md_type into hash algorithm OID
- *
- * \param md_alg message digest algorithm
- * \param oid place to store ASN.1 OID string pointer
- * \param olen length of the OID
- *
- * \return 0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND
- */
-int mbedtls_oid_get_oid_by_md(mbedtls_md_type_t md_alg, const char **oid, size_t *olen);
-
-#if defined(MBEDTLS_CIPHER_C)
-/**
- * \brief Translate encryption algorithm OID into cipher_type
- *
- * \param oid OID to use
- * \param cipher_alg place to store cipher algorithm
- *
- * \return 0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND
- */
-int mbedtls_oid_get_cipher_alg(const mbedtls_asn1_buf *oid, mbedtls_cipher_type_t *cipher_alg);
-
-#if defined(MBEDTLS_PKCS12_C)
-/**
- * \brief Translate PKCS#12 PBE algorithm OID into md_type and
- * cipher_type
- *
- * \param oid OID to use
- * \param md_alg place to store message digest algorithm
- * \param cipher_alg place to store cipher algorithm
- *
- * \return 0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND
- */
-int mbedtls_oid_get_pkcs12_pbe_alg(const mbedtls_asn1_buf *oid, mbedtls_md_type_t *md_alg,
- mbedtls_cipher_type_t *cipher_alg);
-#endif /* MBEDTLS_PKCS12_C */
-#endif /* MBEDTLS_CIPHER_C */
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* oid.h */
diff --git a/include/mbedtls/pk.h b/include/mbedtls/pk.h
deleted file mode 100644
index fde302f..0000000
--- a/include/mbedtls/pk.h
+++ /dev/null
@@ -1,1288 +0,0 @@
-/**
- * \file pk.h
- *
- * \brief Public Key abstraction layer
- */
-/*
- * Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
- */
-
-#ifndef MBEDTLS_PK_H
-#define MBEDTLS_PK_H
-#include "mbedtls/private_access.h"
-
-#include "mbedtls/build_info.h"
-
-#include "mbedtls/md.h"
-
-#if defined(MBEDTLS_RSA_C)
-#include "mbedtls/rsa.h"
-#endif
-
-#if defined(MBEDTLS_ECP_C)
-#include "mbedtls/ecp.h"
-#endif
-
-#if defined(MBEDTLS_ECDSA_C)
-#include "mbedtls/ecdsa.h"
-#endif
-
-#if defined(MBEDTLS_PSA_CRYPTO_CLIENT)
-#include "psa/crypto.h"
-#endif
-
-/** Memory allocation failed. */
-#define MBEDTLS_ERR_PK_ALLOC_FAILED -0x3F80
-/** Type mismatch, eg attempt to encrypt with an ECDSA key */
-#define MBEDTLS_ERR_PK_TYPE_MISMATCH -0x3F00
-/** Bad input parameters to function. */
-#define MBEDTLS_ERR_PK_BAD_INPUT_DATA -0x3E80
-/** Read/write of file failed. */
-#define MBEDTLS_ERR_PK_FILE_IO_ERROR -0x3E00
-/** Unsupported key version */
-#define MBEDTLS_ERR_PK_KEY_INVALID_VERSION -0x3D80
-/** Invalid key tag or value. */
-#define MBEDTLS_ERR_PK_KEY_INVALID_FORMAT -0x3D00
-/** Key algorithm is unsupported (only RSA and EC are supported). */
-#define MBEDTLS_ERR_PK_UNKNOWN_PK_ALG -0x3C80
-/** Private key password can't be empty. */
-#define MBEDTLS_ERR_PK_PASSWORD_REQUIRED -0x3C00
-/** Given private key password does not allow for correct decryption. */
-#define MBEDTLS_ERR_PK_PASSWORD_MISMATCH -0x3B80
-/** The pubkey tag or value is invalid (only RSA and EC are supported). */
-#define MBEDTLS_ERR_PK_INVALID_PUBKEY -0x3B00
-/** The algorithm tag or value is invalid. */
-#define MBEDTLS_ERR_PK_INVALID_ALG -0x3A80
-/** Elliptic curve is unsupported (only NIST curves are supported). */
-#define MBEDTLS_ERR_PK_UNKNOWN_NAMED_CURVE -0x3A00
-/** Unavailable feature, e.g. RSA disabled for RSA key. */
-#define MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE -0x3980
-/** The buffer contains a valid signature followed by more data. */
-#define MBEDTLS_ERR_PK_SIG_LEN_MISMATCH -0x3900
-/** The output buffer is too small. */
-#define MBEDTLS_ERR_PK_BUFFER_TOO_SMALL -0x3880
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/**
- * \brief Public key types
- */
-typedef enum {
- MBEDTLS_PK_NONE=0,
- MBEDTLS_PK_RSA,
- MBEDTLS_PK_ECKEY,
- MBEDTLS_PK_ECKEY_DH,
- MBEDTLS_PK_ECDSA,
- MBEDTLS_PK_RSA_ALT,
- MBEDTLS_PK_RSASSA_PSS,
- MBEDTLS_PK_OPAQUE,
-} mbedtls_pk_type_t;
-
-/**
- * \brief Options for RSASSA-PSS signature verification.
- * See \c mbedtls_rsa_rsassa_pss_verify_ext()
- */
-typedef struct mbedtls_pk_rsassa_pss_options {
- /** The digest to use for MGF1 in PSS.
- *
- * \note When #MBEDTLS_USE_PSA_CRYPTO is enabled and #MBEDTLS_RSA_C is
- * disabled, this must be equal to the \c md_alg argument passed
- * to mbedtls_pk_verify_ext(). In a future version of the library,
- * this constraint may apply whenever #MBEDTLS_USE_PSA_CRYPTO is
- * enabled regardless of the status of #MBEDTLS_RSA_C.
- */
- mbedtls_md_type_t mgf1_hash_id;
-
- /** The expected length of the salt, in bytes. This may be
- * #MBEDTLS_RSA_SALT_LEN_ANY to accept any salt length.
- *
- * \note When #MBEDTLS_USE_PSA_CRYPTO is enabled, only
- * #MBEDTLS_RSA_SALT_LEN_ANY is valid. Any other value may be
- * ignored (allowing any salt length).
- */
- int expected_salt_len;
-
-} mbedtls_pk_rsassa_pss_options;
-
-/**
- * \brief Maximum size of a signature made by mbedtls_pk_sign().
- */
-/* We need to set MBEDTLS_PK_SIGNATURE_MAX_SIZE to the maximum signature
- * size among the supported signature types. Do it by starting at 0,
- * then incrementally increasing to be large enough for each supported
- * signature mechanism.
- *
- * The resulting value can be 0, for example if MBEDTLS_ECDH_C is enabled
- * (which allows the pk module to be included) but neither MBEDTLS_ECDSA_C
- * nor MBEDTLS_RSA_C nor any opaque signature mechanism (PSA or RSA_ALT).
- */
-#define MBEDTLS_PK_SIGNATURE_MAX_SIZE 0
-
-#if (defined(MBEDTLS_RSA_C) || defined(MBEDTLS_PK_RSA_ALT_SUPPORT)) && \
- MBEDTLS_MPI_MAX_SIZE > MBEDTLS_PK_SIGNATURE_MAX_SIZE
-/* For RSA, the signature can be as large as the bignum module allows.
- * For RSA_ALT, the signature size is not necessarily tied to what the
- * bignum module can do, but in the absence of any specific setting,
- * we use that (rsa_alt_sign_wrap in library/pk_wrap.h will check). */
-#undef MBEDTLS_PK_SIGNATURE_MAX_SIZE
-#define MBEDTLS_PK_SIGNATURE_MAX_SIZE MBEDTLS_MPI_MAX_SIZE
-#endif
-
-#if defined(MBEDTLS_ECDSA_C) && \
- MBEDTLS_ECDSA_MAX_LEN > MBEDTLS_PK_SIGNATURE_MAX_SIZE
-/* For ECDSA, the ecdsa module exports a constant for the maximum
- * signature size. */
-#undef MBEDTLS_PK_SIGNATURE_MAX_SIZE
-#define MBEDTLS_PK_SIGNATURE_MAX_SIZE MBEDTLS_ECDSA_MAX_LEN
-#endif
-
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
-#if PSA_SIGNATURE_MAX_SIZE > MBEDTLS_PK_SIGNATURE_MAX_SIZE
-/* PSA_SIGNATURE_MAX_SIZE is the maximum size of a signature made
- * through the PSA API in the PSA representation. */
-#undef MBEDTLS_PK_SIGNATURE_MAX_SIZE
-#define MBEDTLS_PK_SIGNATURE_MAX_SIZE PSA_SIGNATURE_MAX_SIZE
-#endif
-
-#if PSA_VENDOR_ECDSA_SIGNATURE_MAX_SIZE + 11 > MBEDTLS_PK_SIGNATURE_MAX_SIZE
-/* The Mbed TLS representation is different for ECDSA signatures:
- * PSA uses the raw concatenation of r and s,
- * whereas Mbed TLS uses the ASN.1 representation (SEQUENCE of two INTEGERs).
- * Add the overhead of ASN.1: up to (1+2) + 2 * (1+2+1) for the
- * types, lengths (represented by up to 2 bytes), and potential leading
- * zeros of the INTEGERs and the SEQUENCE. */
-#undef MBEDTLS_PK_SIGNATURE_MAX_SIZE
-#define MBEDTLS_PK_SIGNATURE_MAX_SIZE (PSA_VENDOR_ECDSA_SIGNATURE_MAX_SIZE + 11)
-#endif
-#endif /* defined(MBEDTLS_USE_PSA_CRYPTO) */
-
-/* Internal helper to define which fields in the pk_context structure below
- * should be used for EC keys: legacy ecp_keypair or the raw (PSA friendly)
- * format. It should be noted that this only affects how data is stored, not
- * which functions are used for various operations. The overall picture looks
- * like this:
- * - if USE_PSA is not defined and ECP_C is defined then use ecp_keypair data
- * structure and legacy functions
- * - if USE_PSA is defined and
- * - if ECP_C then use ecp_keypair structure, convert data to a PSA friendly
- * format and use PSA functions
- * - if !ECP_C then use new raw data and PSA functions directly.
- *
- * The main reason for the "intermediate" (USE_PSA + ECP_C) above is that as long
- * as ECP_C is defined mbedtls_pk_ec() gives the user a read/write access to the
- * ecp_keypair structure inside the pk_context so they can modify it using
- * ECP functions which are not under PK module's control.
- */
-#if defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY) && \
- !defined(MBEDTLS_ECP_C)
-#define MBEDTLS_PK_USE_PSA_EC_DATA
-#endif
-
-/**
- * \brief Types for interfacing with the debug module
- */
-typedef enum {
- MBEDTLS_PK_DEBUG_NONE = 0,
- MBEDTLS_PK_DEBUG_MPI,
- MBEDTLS_PK_DEBUG_ECP,
- MBEDTLS_PK_DEBUG_PSA_EC,
-} mbedtls_pk_debug_type;
-
-/**
- * \brief Item to send to the debug module
- */
-typedef struct mbedtls_pk_debug_item {
- mbedtls_pk_debug_type MBEDTLS_PRIVATE(type);
- const char *MBEDTLS_PRIVATE(name);
- void *MBEDTLS_PRIVATE(value);
-} mbedtls_pk_debug_item;
-
-/** Maximum number of item send for debugging, plus 1 */
-#define MBEDTLS_PK_DEBUG_MAX_ITEMS 3
-
-/**
- * \brief Public key information and operations
- *
- * \note The library does not support custom pk info structures,
- * only built-in structures returned by
- * mbedtls_cipher_info_from_type().
- */
-typedef struct mbedtls_pk_info_t mbedtls_pk_info_t;
-
-#define MBEDTLS_PK_MAX_EC_PUBKEY_RAW_LEN \
- PSA_KEY_EXPORT_ECC_PUBLIC_KEY_MAX_SIZE(PSA_VENDOR_ECC_MAX_CURVE_BITS)
-/**
- * \brief Public key container
- */
-typedef struct mbedtls_pk_context {
- const mbedtls_pk_info_t *MBEDTLS_PRIVATE(pk_info); /**< Public key information */
- void *MBEDTLS_PRIVATE(pk_ctx); /**< Underlying public key context */
- /* The following field is used to store the ID of a private key in the
- * following cases:
- * - opaque key when MBEDTLS_USE_PSA_CRYPTO is defined
- * - normal key when MBEDTLS_PK_USE_PSA_EC_DATA is defined. In this case:
- * - the pk_ctx above is not not used to store the private key anymore.
- * Actually that field not populated at all in this case because also
- * the public key will be stored in raw format as explained below
- * - this ID is used for all private key operations (ex: sign, check
- * key pair, key write, etc) using PSA functions
- *
- * Note: this private key storing solution only affects EC keys, not the
- * other ones. The latters still use the pk_ctx to store their own
- * context. */
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
- mbedtls_svc_key_id_t MBEDTLS_PRIVATE(priv_id); /**< Key ID for opaque keys */
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
- /* The following fields are meant for storing the public key in raw format
- * which is handy for:
- * - easily importing it into the PSA context
- * - reducing the ECP module dependencies in the PK one.
- *
- * When MBEDTLS_PK_USE_PSA_EC_DATA is enabled:
- * - the pk_ctx above is not used anymore for storing the public key
- * inside the ecp_keypair structure
- * - the following fields are used for all public key operations: signature
- * verify, key pair check and key write.
- * - For a key pair, priv_id contains the private key. For a public key,
- * priv_id is null.
- * Of course, when MBEDTLS_PK_USE_PSA_EC_DATA is not enabled, the legacy
- * ecp_keypair structure is used for storing the public key and performing
- * all the operations.
- *
- * Note: This new public key storing solution only works for EC keys, not
- * other ones. The latters still use pk_ctx to store their own
- * context.
- */
-#if defined(MBEDTLS_PK_USE_PSA_EC_DATA)
- uint8_t MBEDTLS_PRIVATE(pub_raw)[MBEDTLS_PK_MAX_EC_PUBKEY_RAW_LEN]; /**< Raw public key */
- size_t MBEDTLS_PRIVATE(pub_raw_len); /**< Valid bytes in "pub_raw" */
- psa_ecc_family_t MBEDTLS_PRIVATE(ec_family); /**< EC family of pk */
- size_t MBEDTLS_PRIVATE(ec_bits); /**< Curve's bits of pk */
-#endif /* MBEDTLS_PK_USE_PSA_EC_DATA */
-} mbedtls_pk_context;
-
-#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
-/**
- * \brief Context for resuming operations
- */
-typedef struct {
- const mbedtls_pk_info_t *MBEDTLS_PRIVATE(pk_info); /**< Public key information */
- void *MBEDTLS_PRIVATE(rs_ctx); /**< Underlying restart context */
-} mbedtls_pk_restart_ctx;
-#else /* MBEDTLS_ECDSA_C && MBEDTLS_ECP_RESTARTABLE */
-/* Now we can declare functions that take a pointer to that */
-typedef void mbedtls_pk_restart_ctx;
-#endif /* MBEDTLS_ECDSA_C && MBEDTLS_ECP_RESTARTABLE */
-
-#if defined(MBEDTLS_PK_RSA_ALT_SUPPORT)
-/**
- * \brief Types for RSA-alt abstraction
- */
-typedef int (*mbedtls_pk_rsa_alt_decrypt_func)(void *ctx, size_t *olen,
- const unsigned char *input, unsigned char *output,
- size_t output_max_len);
-typedef int (*mbedtls_pk_rsa_alt_sign_func)(void *ctx,
- int (*f_rng)(void *, unsigned char *, size_t),
- void *p_rng,
- mbedtls_md_type_t md_alg, unsigned int hashlen,
- const unsigned char *hash, unsigned char *sig);
-typedef size_t (*mbedtls_pk_rsa_alt_key_len_func)(void *ctx);
-#endif /* MBEDTLS_PK_RSA_ALT_SUPPORT */
-
-/**
- * \brief Return information associated with the given PK type
- *
- * \param pk_type PK type to search for.
- *
- * \return The PK info associated with the type or NULL if not found.
- */
-const mbedtls_pk_info_t *mbedtls_pk_info_from_type(mbedtls_pk_type_t pk_type);
-
-/**
- * \brief Initialize a #mbedtls_pk_context (as NONE).
- *
- * \param ctx The context to initialize.
- * This must not be \c NULL.
- */
-void mbedtls_pk_init(mbedtls_pk_context *ctx);
-
-/**
- * \brief Free the components of a #mbedtls_pk_context.
- *
- * \param ctx The context to clear. It must have been initialized.
- * If this is \c NULL, this function does nothing.
- *
- * \note For contexts that have been set up with
- * mbedtls_pk_setup_opaque(), this does not free the underlying
- * PSA key and you still need to call psa_destroy_key()
- * independently if you want to destroy that key.
- */
-void mbedtls_pk_free(mbedtls_pk_context *ctx);
-
-#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
-/**
- * \brief Initialize a restart context
- *
- * \param ctx The context to initialize.
- * This must not be \c NULL.
- */
-void mbedtls_pk_restart_init(mbedtls_pk_restart_ctx *ctx);
-
-/**
- * \brief Free the components of a restart context
- *
- * \param ctx The context to clear. It must have been initialized.
- * If this is \c NULL, this function does nothing.
- */
-void mbedtls_pk_restart_free(mbedtls_pk_restart_ctx *ctx);
-#endif /* MBEDTLS_ECDSA_C && MBEDTLS_ECP_RESTARTABLE */
-
-/**
- * \brief Initialize a PK context with the information given
- * and allocates the type-specific PK subcontext.
- *
- * \param ctx Context to initialize. It must not have been set
- * up yet (type #MBEDTLS_PK_NONE).
- * \param info Information to use
- *
- * \return 0 on success,
- * MBEDTLS_ERR_PK_BAD_INPUT_DATA on invalid input,
- * MBEDTLS_ERR_PK_ALLOC_FAILED on allocation failure.
- *
- * \note For contexts holding an RSA-alt key, use
- * \c mbedtls_pk_setup_rsa_alt() instead.
- */
-int mbedtls_pk_setup(mbedtls_pk_context *ctx, const mbedtls_pk_info_t *info);
-
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
-/**
- * \brief Initialize a PK context to wrap a PSA key.
- *
- * \note This function replaces mbedtls_pk_setup() for contexts
- * that wrap a (possibly opaque) PSA key instead of
- * storing and manipulating the key material directly.
- *
- * \param ctx The context to initialize. It must be empty (type NONE).
- * \param key The PSA key to wrap, which must hold an ECC or RSA key
- * pair (see notes below).
- *
- * \note The wrapped key must remain valid as long as the
- * wrapping PK context is in use, that is at least between
- * the point this function is called and the point
- * mbedtls_pk_free() is called on this context. The wrapped
- * key might then be independently used or destroyed.
- *
- * \note This function is currently only available for ECC or RSA
- * key pairs (that is, keys containing private key material).
- * Support for other key types may be added later.
- *
- * \return \c 0 on success.
- * \return #MBEDTLS_ERR_PK_BAD_INPUT_DATA on invalid input
- * (context already used, invalid key identifier).
- * \return #MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE if the key is not an
- * ECC key pair.
- * \return #MBEDTLS_ERR_PK_ALLOC_FAILED on allocation failure.
- */
-int mbedtls_pk_setup_opaque(mbedtls_pk_context *ctx,
- const mbedtls_svc_key_id_t key);
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
-
-#if defined(MBEDTLS_PK_RSA_ALT_SUPPORT)
-/**
- * \brief Initialize an RSA-alt context
- *
- * \param ctx Context to initialize. It must not have been set
- * up yet (type #MBEDTLS_PK_NONE).
- * \param key RSA key pointer
- * \param decrypt_func Decryption function
- * \param sign_func Signing function
- * \param key_len_func Function returning key length in bytes
- *
- * \return 0 on success, or MBEDTLS_ERR_PK_BAD_INPUT_DATA if the
- * context wasn't already initialized as RSA_ALT.
- *
- * \note This function replaces \c mbedtls_pk_setup() for RSA-alt.
- */
-int mbedtls_pk_setup_rsa_alt(mbedtls_pk_context *ctx, void *key,
- mbedtls_pk_rsa_alt_decrypt_func decrypt_func,
- mbedtls_pk_rsa_alt_sign_func sign_func,
- mbedtls_pk_rsa_alt_key_len_func key_len_func);
-#endif /* MBEDTLS_PK_RSA_ALT_SUPPORT */
-
-/**
- * \brief Get the size in bits of the underlying key
- *
- * \param ctx The context to query. It must have been initialized.
- *
- * \return Key size in bits, or 0 on error
- */
-size_t mbedtls_pk_get_bitlen(const mbedtls_pk_context *ctx);
-
-/**
- * \brief Get the length in bytes of the underlying key
- *
- * \param ctx The context to query. It must have been initialized.
- *
- * \return Key length in bytes, or 0 on error
- */
-static inline size_t mbedtls_pk_get_len(const mbedtls_pk_context *ctx)
-{
- return (mbedtls_pk_get_bitlen(ctx) + 7) / 8;
-}
-
-/**
- * \brief Tell if a context can do the operation given by type
- *
- * \param ctx The context to query. It must have been initialized.
- * \param type The desired type.
- *
- * \return 1 if the context can do operations on the given type.
- * \return 0 if the context cannot do the operations on the given
- * type. This is always the case for a context that has
- * been initialized but not set up, or that has been
- * cleared with mbedtls_pk_free().
- */
-int mbedtls_pk_can_do(const mbedtls_pk_context *ctx, mbedtls_pk_type_t type);
-
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
-/**
- * \brief Tell if context can do the operation given by PSA algorithm
- *
- * \param ctx The context to query. It must have been initialized.
- * \param alg PSA algorithm to check against, the following are allowed:
- * PSA_ALG_RSA_PKCS1V15_SIGN(hash),
- * PSA_ALG_RSA_PSS(hash),
- * PSA_ALG_RSA_PKCS1V15_CRYPT,
- * PSA_ALG_ECDSA(hash),
- * PSA_ALG_ECDH, where hash is a specific hash.
- * \param usage PSA usage flag to check against, must be composed of:
- * PSA_KEY_USAGE_SIGN_HASH
- * PSA_KEY_USAGE_DECRYPT
- * PSA_KEY_USAGE_DERIVE.
- * Context key must match all passed usage flags.
- *
- * \warning Since the set of allowed algorithms and usage flags may be
- * expanded in the future, the return value \c 0 should not
- * be taken in account for non-allowed algorithms and usage
- * flags.
- *
- * \return 1 if the context can do operations on the given type.
- * \return 0 if the context cannot do the operations on the given
- * type, for non-allowed algorithms and usage flags, or
- * for a context that has been initialized but not set up
- * or that has been cleared with mbedtls_pk_free().
- */
-int mbedtls_pk_can_do_ext(const mbedtls_pk_context *ctx, psa_algorithm_t alg,
- psa_key_usage_t usage);
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
-
-#if defined(MBEDTLS_PSA_CRYPTO_CLIENT)
-/**
- * \brief Determine valid PSA attributes that can be used to
- * import a key into PSA.
- *
- * The attributes determined by this function are suitable
- * for calling mbedtls_pk_import_into_psa() to create
- * a PSA key with the same key material.
- *
- * The typical flow of operations involving this function is
- * ```
- * psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
- * int ret = mbedtls_pk_get_psa_attributes(pk, &attributes);
- * if (ret != 0) ...; // error handling omitted
- * // Tweak attributes if desired
- * psa_key_id_t key_id = 0;
- * ret = mbedtls_pk_import_into_psa(pk, &attributes, &key_id);
- * if (ret != 0) ...; // error handling omitted
- * ```
- *
- * \note This function does not support RSA-alt contexts
- * (set up with mbedtls_pk_setup_rsa_alt()).
- *
- * \param[in] pk The PK context to use. It must have been set up.
- * It can either contain a key pair or just a public key.
- * \param usage A single `PSA_KEY_USAGE_xxx` flag among the following:
- * - #PSA_KEY_USAGE_DECRYPT: \p pk must contain a
- * key pair. The output \p attributes will contain a
- * key pair type, and the usage policy will allow
- * #PSA_KEY_USAGE_ENCRYPT as well as
- * #PSA_KEY_USAGE_DECRYPT.
- * - #PSA_KEY_USAGE_DERIVE: \p pk must contain a
- * key pair. The output \p attributes will contain a
- * key pair type.
- * - #PSA_KEY_USAGE_ENCRYPT: The output
- * \p attributes will contain a public key type.
- * - #PSA_KEY_USAGE_SIGN_HASH: \p pk must contain a
- * key pair. The output \p attributes will contain a
- * key pair type, and the usage policy will allow
- * #PSA_KEY_USAGE_VERIFY_HASH as well as
- * #PSA_KEY_USAGE_SIGN_HASH.
- * - #PSA_KEY_USAGE_SIGN_MESSAGE: \p pk must contain a
- * key pair. The output \p attributes will contain a
- * key pair type, and the usage policy will allow
- * #PSA_KEY_USAGE_VERIFY_MESSAGE as well as
- * #PSA_KEY_USAGE_SIGN_MESSAGE.
- * - #PSA_KEY_USAGE_VERIFY_HASH: The output
- * \p attributes will contain a public key type.
- * - #PSA_KEY_USAGE_VERIFY_MESSAGE: The output
- * \p attributes will contain a public key type.
- * \param[out] attributes
- * On success, valid attributes to import the key into PSA.
- * - The lifetime and key identifier are unchanged. If the
- * attribute structure was initialized or reset before
- * calling this function, this will result in a volatile
- * key. Call psa_set_key_identifier() before or after this
- * function if you wish to create a persistent key. Call
- * psa_set_key_lifetime() before or after this function if
- * you wish to import the key in a secure element.
- * - The key type and bit-size are determined by the contents
- * of the PK context. If the PK context contains a key
- * pair, the key type can be either a key pair type or
- * the corresponding public key type, depending on
- * \p usage. If the PK context contains a public key,
- * the key type is a public key type.
- * - The key's policy is determined by the key type and
- * the \p usage parameter. The usage always allows
- * \p usage, exporting and copying the key, and
- * possibly other permissions as documented for the
- * \p usage parameter.
- * The permitted algorithm policy is determined as follows
- * based on the #mbedtls_pk_type_t type of \p pk,
- * the chosen \p usage and other factors:
- * - #MBEDTLS_PK_RSA whose underlying
- * #mbedtls_rsa_context has the padding mode
- * #MBEDTLS_RSA_PKCS_V15:
- * #PSA_ALG_RSA_PKCS1V15_SIGN(#PSA_ALG_ANY_HASH)
- * if \p usage is SIGN/VERIFY, and
- * #PSA_ALG_RSA_PKCS1V15_CRYPT
- * if \p usage is ENCRYPT/DECRYPT.
- * - #MBEDTLS_PK_RSA whose underlying
- * #mbedtls_rsa_context has the padding mode
- * #MBEDTLS_RSA_PKCS_V21 and the digest type
- * corresponding to the PSA algorithm \c hash:
- * #PSA_ALG_RSA_PSS_ANY_SALT(#PSA_ALG_ANY_HASH)
- * if \p usage is SIGN/VERIFY, and
- * #PSA_ALG_RSA_OAEP(\c hash)
- * if \p usage is ENCRYPT/DECRYPT.
- * - #MBEDTLS_PK_RSA_ALT: not supported.
- * - #MBEDTLS_PK_ECDSA or #MBEDTLS_PK_ECKEY
- * if \p usage is SIGN/VERIFY:
- * #PSA_ALG_DETERMINISTIC_ECDSA(#PSA_ALG_ANY_HASH)
- * if #MBEDTLS_ECDSA_DETERMINISTIC is enabled,
- * otherwise #PSA_ALG_ECDSA(#PSA_ALG_ANY_HASH).
- * - #MBEDTLS_PK_ECKEY_DH or #MBEDTLS_PK_ECKEY
- * if \p usage is DERIVE:
- * #PSA_ALG_ECDH.
- * - #MBEDTLS_PK_OPAQUE: same as the primary algorithm
- * set for the underlying PSA key, except that
- * sign/decrypt flags are removed if the type is
- * set to a public key type.
- * The underlying key must allow \p usage.
- * Note that the enrollment algorithm set with
- * psa_set_key_enrollment_algorithm() is not copied.
- *
- * \return 0 on success.
- * #MBEDTLS_ERR_PK_TYPE_MISMATCH if \p pk does not contain
- * a key of the type identified in \p attributes.
- * Another error code on other failures.
- */
-int mbedtls_pk_get_psa_attributes(const mbedtls_pk_context *pk,
- psa_key_usage_t usage,
- psa_key_attributes_t *attributes);
-
-/**
- * \brief Import a key into the PSA key store.
- *
- * This function is equivalent to calling psa_import_key()
- * with the key material from \p pk.
- *
- * The typical way to use this function is:
- * -# Call mbedtls_pk_get_psa_attributes() to obtain
- * attributes for the given key.
- * -# If desired, modify the attributes, for example:
- * - To create a persistent key, call
- * psa_set_key_identifier() and optionally
- * psa_set_key_lifetime().
- * - To import only the public part of a key pair:
- *
- * psa_set_key_type(&attributes,
- * PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR(
- * psa_get_key_type(&attributes)));
- * - Restrict the key usage if desired.
- * -# Call mbedtls_pk_import_into_psa().
- *
- * \note This function does not support RSA-alt contexts
- * (set up with mbedtls_pk_setup_rsa_alt()).
- *
- * \param[in] pk The PK context to use. It must have been set up.
- * It can either contain a key pair or just a public key.
- * \param[in] attributes
- * The attributes to use for the new key. They must be
- * compatible with \p pk. In particular, the key type
- * must match the content of \p pk.
- * If \p pk contains a key pair, the key type in
- * attributes can be either the key pair type or the
- * corresponding public key type (to import only the
- * public part).
- * \param[out] key_id
- * On success, the identifier of the newly created key.
- * On error, this is #MBEDTLS_SVC_KEY_ID_INIT.
- *
- * \return 0 on success.
- * #MBEDTLS_ERR_PK_TYPE_MISMATCH if \p pk does not contain
- * a key of the type identified in \p attributes.
- * Another error code on other failures.
- */
-int mbedtls_pk_import_into_psa(const mbedtls_pk_context *pk,
- const psa_key_attributes_t *attributes,
- mbedtls_svc_key_id_t *key_id);
-
-/**
- * \brief Create a PK context starting from a key stored in PSA.
- * This key:
- * - must be exportable and
- * - must be an RSA or EC key pair or public key (FFDH is not supported in PK).
- *
- * The resulting PK object will be a transparent type:
- * - #MBEDTLS_PK_RSA for RSA keys or
- * - #MBEDTLS_PK_ECKEY for EC keys.
- *
- * Once this functions returns the PK object will be completely
- * independent from the original PSA key that it was generated
- * from.
- * Calling mbedtls_pk_sign(), mbedtls_pk_verify(),
- * mbedtls_pk_encrypt(), mbedtls_pk_decrypt() on the resulting
- * PK context will perform the corresponding algorithm for that
- * PK context type.
- * * For ECDSA, the choice of deterministic vs randomized will
- * be based on the compile-time setting #MBEDTLS_ECDSA_DETERMINISTIC.
- * * For an RSA key, the output PK context will allow both
- * encrypt/decrypt and sign/verify regardless of the original
- * key's policy.
- * The original key's policy determines the output key's padding
- * mode: PCKS1 v2.1 is set if the PSA key policy is OAEP or PSS,
- * otherwise PKCS1 v1.5 is set.
- *
- * \param key_id The key identifier of the key stored in PSA.
- * \param pk The PK context that will be filled. It must be initialized,
- * but not set up.
- *
- * \return 0 on success.
- * \return #MBEDTLS_ERR_PK_BAD_INPUT_DATA in case the provided input
- * parameters are not correct.
- */
-int mbedtls_pk_copy_from_psa(mbedtls_svc_key_id_t key_id, mbedtls_pk_context *pk);
-
-/**
- * \brief Create a PK context for the public key of a PSA key.
- *
- * The key must be an RSA or ECC key. It can be either a
- * public key or a key pair, and only the public key is copied.
- * The resulting PK object will be a transparent type:
- * - #MBEDTLS_PK_RSA for RSA keys or
- * - #MBEDTLS_PK_ECKEY for EC keys.
- *
- * Once this functions returns the PK object will be completely
- * independent from the original PSA key that it was generated
- * from.
- * Calling mbedtls_pk_verify() or
- * mbedtls_pk_encrypt() on the resulting
- * PK context will perform the corresponding algorithm for that
- * PK context type.
- *
- * For an RSA key, the output PK context will allow both
- * encrypt and verify regardless of the original key's policy.
- * The original key's policy determines the output key's padding
- * mode: PCKS1 v2.1 is set if the PSA key policy is OAEP or PSS,
- * otherwise PKCS1 v1.5 is set.
- *
- * \param key_id The key identifier of the key stored in PSA.
- * \param pk The PK context that will be filled. It must be initialized,
- * but not set up.
- *
- * \return 0 on success.
- * \return MBEDTLS_ERR_PK_BAD_INPUT_DATA in case the provided input
- * parameters are not correct.
- */
-int mbedtls_pk_copy_public_from_psa(mbedtls_svc_key_id_t key_id, mbedtls_pk_context *pk);
-#endif /* MBEDTLS_PSA_CRYPTO_CLIENT */
-
-/**
- * \brief Verify signature (including padding if relevant).
- *
- * \param ctx The PK context to use. It must have been set up.
- * \param md_alg Hash algorithm used.
- * This can be #MBEDTLS_MD_NONE if the signature algorithm
- * does not rely on a hash algorithm (non-deterministic
- * ECDSA, RSA PKCS#1 v1.5).
- * For PKCS#1 v1.5, if \p md_alg is #MBEDTLS_MD_NONE, then
- * \p hash is the DigestInfo structure used by RFC 8017
- * §9.2 steps 3–6. If \p md_alg is a valid hash
- * algorithm then \p hash is the digest itself, and this
- * function calculates the DigestInfo encoding internally.
- * \param hash Hash of the message to sign
- * \param hash_len Hash length
- * \param sig Signature to verify
- * \param sig_len Signature length
- *
- * \note For keys of type #MBEDTLS_PK_RSA, the signature algorithm is
- * either PKCS#1 v1.5 or PSS (accepting any salt length),
- * depending on the padding mode in the underlying RSA context.
- * For a pk object constructed by parsing, this is PKCS#1 v1.5
- * by default. Use mbedtls_pk_verify_ext() to explicitly select
- * a different algorithm.
- *
- * \return 0 on success (signature is valid),
- * #MBEDTLS_ERR_PK_SIG_LEN_MISMATCH if there is a valid
- * signature in \p sig but its length is less than \p sig_len,
- * or a specific error code.
- */
-int mbedtls_pk_verify(mbedtls_pk_context *ctx, mbedtls_md_type_t md_alg,
- const unsigned char *hash, size_t hash_len,
- const unsigned char *sig, size_t sig_len);
-
-/**
- * \brief Restartable version of \c mbedtls_pk_verify()
- *
- * \note Performs the same job as \c mbedtls_pk_verify(), but can
- * return early and restart according to the limit set with
- * \c mbedtls_ecp_set_max_ops() to reduce blocking for ECC
- * operations. For RSA, same as \c mbedtls_pk_verify().
- *
- * \param ctx The PK context to use. It must have been set up.
- * \param md_alg Hash algorithm used (see notes)
- * \param hash Hash of the message to sign
- * \param hash_len Hash length or 0 (see notes)
- * \param sig Signature to verify
- * \param sig_len Signature length
- * \param rs_ctx Restart context (NULL to disable restart)
- *
- * \return See \c mbedtls_pk_verify(), or
- * \return #MBEDTLS_ERR_ECP_IN_PROGRESS if maximum number of
- * operations was reached: see \c mbedtls_ecp_set_max_ops().
- */
-int mbedtls_pk_verify_restartable(mbedtls_pk_context *ctx,
- mbedtls_md_type_t md_alg,
- const unsigned char *hash, size_t hash_len,
- const unsigned char *sig, size_t sig_len,
- mbedtls_pk_restart_ctx *rs_ctx);
-
-/**
- * \brief Verify signature, with options.
- * (Includes verification of the padding depending on type.)
- *
- * \param type Signature type (inc. possible padding type) to verify
- * \param options Pointer to type-specific options, or NULL
- * \param ctx The PK context to use. It must have been set up.
- * \param md_alg Hash algorithm used (see notes)
- * \param hash Hash of the message to sign
- * \param hash_len Hash length or 0 (see notes)
- * \param sig Signature to verify
- * \param sig_len Signature length
- *
- * \return 0 on success (signature is valid),
- * #MBEDTLS_ERR_PK_TYPE_MISMATCH if the PK context can't be
- * used for this type of signatures,
- * #MBEDTLS_ERR_PK_SIG_LEN_MISMATCH if there is a valid
- * signature in \p sig but its length is less than \p sig_len,
- * or a specific error code.
- *
- * \note If hash_len is 0, then the length associated with md_alg
- * is used instead, or an error returned if it is invalid.
- *
- * \note md_alg may be MBEDTLS_MD_NONE, only if hash_len != 0
- *
- * \note If type is MBEDTLS_PK_RSASSA_PSS, then options must point
- * to a mbedtls_pk_rsassa_pss_options structure,
- * otherwise it must be NULL. Note that if
- * #MBEDTLS_USE_PSA_CRYPTO is defined, the salt length is not
- * verified as PSA_ALG_RSA_PSS_ANY_SALT is used.
- */
-int mbedtls_pk_verify_ext(mbedtls_pk_type_t type, const void *options,
- mbedtls_pk_context *ctx, mbedtls_md_type_t md_alg,
- const unsigned char *hash, size_t hash_len,
- const unsigned char *sig, size_t sig_len);
-
-/**
- * \brief Make signature, including padding if relevant.
- *
- * \param ctx The PK context to use. It must have been set up
- * with a private key.
- * \param md_alg Hash algorithm used (see notes)
- * \param hash Hash of the message to sign
- * \param hash_len Hash length
- * \param sig Place to write the signature.
- * It must have enough room for the signature.
- * #MBEDTLS_PK_SIGNATURE_MAX_SIZE is always enough.
- * You may use a smaller buffer if it is large enough
- * given the key type.
- * \param sig_size The size of the \p sig buffer in bytes.
- * \param sig_len On successful return,
- * the number of bytes written to \p sig.
- * \param f_rng RNG function, must not be \c NULL.
- * \param p_rng RNG parameter
- *
- * \note For keys of type #MBEDTLS_PK_RSA, the signature algorithm is
- * either PKCS#1 v1.5 or PSS (using the largest possible salt
- * length up to the hash length), depending on the padding mode
- * in the underlying RSA context. For a pk object constructed
- * by parsing, this is PKCS#1 v1.5 by default. Use
- * mbedtls_pk_verify_ext() to explicitly select a different
- * algorithm.
- *
- * \return 0 on success, or a specific error code.
- *
- * \note For RSA, md_alg may be MBEDTLS_MD_NONE if hash_len != 0.
- * For ECDSA, md_alg may never be MBEDTLS_MD_NONE.
- */
-int mbedtls_pk_sign(mbedtls_pk_context *ctx, mbedtls_md_type_t md_alg,
- const unsigned char *hash, size_t hash_len,
- unsigned char *sig, size_t sig_size, size_t *sig_len,
- int (*f_rng)(void *, unsigned char *, size_t), void *p_rng);
-
-/**
- * \brief Make signature given a signature type.
- *
- * \param pk_type Signature type.
- * \param ctx The PK context to use. It must have been set up
- * with a private key.
- * \param md_alg Hash algorithm used (see notes)
- * \param hash Hash of the message to sign
- * \param hash_len Hash length
- * \param sig Place to write the signature.
- * It must have enough room for the signature.
- * #MBEDTLS_PK_SIGNATURE_MAX_SIZE is always enough.
- * You may use a smaller buffer if it is large enough
- * given the key type.
- * \param sig_size The size of the \p sig buffer in bytes.
- * \param sig_len On successful return,
- * the number of bytes written to \p sig.
- * \param f_rng RNG function, must not be \c NULL.
- * \param p_rng RNG parameter
- *
- * \return 0 on success, or a specific error code.
- *
- * \note When \p pk_type is #MBEDTLS_PK_RSASSA_PSS,
- * see #PSA_ALG_RSA_PSS for a description of PSS options used.
- *
- * \note For RSA, md_alg may be MBEDTLS_MD_NONE if hash_len != 0.
- * For ECDSA, md_alg may never be MBEDTLS_MD_NONE.
- *
- */
-int mbedtls_pk_sign_ext(mbedtls_pk_type_t pk_type,
- mbedtls_pk_context *ctx,
- mbedtls_md_type_t md_alg,
- const unsigned char *hash, size_t hash_len,
- unsigned char *sig, size_t sig_size, size_t *sig_len,
- int (*f_rng)(void *, unsigned char *, size_t),
- void *p_rng);
-
-/**
- * \brief Restartable version of \c mbedtls_pk_sign()
- *
- * \note Performs the same job as \c mbedtls_pk_sign(), but can
- * return early and restart according to the limit set with
- * \c mbedtls_ecp_set_max_ops() to reduce blocking for ECC
- * operations. For RSA, same as \c mbedtls_pk_sign().
- *
- * \param ctx The PK context to use. It must have been set up
- * with a private key.
- * \param md_alg Hash algorithm used (see notes for mbedtls_pk_sign())
- * \param hash Hash of the message to sign
- * \param hash_len Hash length
- * \param sig Place to write the signature.
- * It must have enough room for the signature.
- * #MBEDTLS_PK_SIGNATURE_MAX_SIZE is always enough.
- * You may use a smaller buffer if it is large enough
- * given the key type.
- * \param sig_size The size of the \p sig buffer in bytes.
- * \param sig_len On successful return,
- * the number of bytes written to \p sig.
- * \param f_rng RNG function, must not be \c NULL.
- * \param p_rng RNG parameter
- * \param rs_ctx Restart context (NULL to disable restart)
- *
- * \return See \c mbedtls_pk_sign().
- * \return #MBEDTLS_ERR_ECP_IN_PROGRESS if maximum number of
- * operations was reached: see \c mbedtls_ecp_set_max_ops().
- */
-int mbedtls_pk_sign_restartable(mbedtls_pk_context *ctx,
- mbedtls_md_type_t md_alg,
- const unsigned char *hash, size_t hash_len,
- unsigned char *sig, size_t sig_size, size_t *sig_len,
- int (*f_rng)(void *, unsigned char *, size_t), void *p_rng,
- mbedtls_pk_restart_ctx *rs_ctx);
-
-/**
- * \brief Decrypt message (including padding if relevant).
- *
- * \param ctx The PK context to use. It must have been set up
- * with a private key.
- * \param input Input to decrypt
- * \param ilen Input size
- * \param output Decrypted output
- * \param olen Decrypted message length
- * \param osize Size of the output buffer
- * \param f_rng RNG function, must not be \c NULL.
- * \param p_rng RNG parameter
- *
- * \note For keys of type #MBEDTLS_PK_RSA, the signature algorithm is
- * either PKCS#1 v1.5 or OAEP, depending on the padding mode in
- * the underlying RSA context. For a pk object constructed by
- * parsing, this is PKCS#1 v1.5 by default.
- *
- * \return 0 on success, or a specific error code.
- */
-int mbedtls_pk_decrypt(mbedtls_pk_context *ctx,
- const unsigned char *input, size_t ilen,
- unsigned char *output, size_t *olen, size_t osize,
- int (*f_rng)(void *, unsigned char *, size_t), void *p_rng);
-
-/**
- * \brief Encrypt message (including padding if relevant).
- *
- * \param ctx The PK context to use. It must have been set up.
- * \param input Message to encrypt
- * \param ilen Message size
- * \param output Encrypted output
- * \param olen Encrypted output length
- * \param osize Size of the output buffer
- * \param f_rng RNG function, must not be \c NULL.
- * \param p_rng RNG parameter
- *
- * \note For keys of type #MBEDTLS_PK_RSA, the signature algorithm is
- * either PKCS#1 v1.5 or OAEP, depending on the padding mode in
- * the underlying RSA context. For a pk object constructed by
- * parsing, this is PKCS#1 v1.5 by default.
- *
- * \note \p f_rng is used for padding generation.
- *
- * \return 0 on success, or a specific error code.
- */
-int mbedtls_pk_encrypt(mbedtls_pk_context *ctx,
- const unsigned char *input, size_t ilen,
- unsigned char *output, size_t *olen, size_t osize,
- int (*f_rng)(void *, unsigned char *, size_t), void *p_rng);
-
-/**
- * \brief Check if a public-private pair of keys matches.
- *
- * \param pub Context holding a public key.
- * \param prv Context holding a private (and public) key.
- * \param f_rng RNG function, must not be \c NULL.
- * \param p_rng RNG parameter
- *
- * \return \c 0 on success (keys were checked and match each other).
- * \return #MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE if the keys could not
- * be checked - in that case they may or may not match.
- * \return #MBEDTLS_ERR_PK_BAD_INPUT_DATA if a context is invalid.
- * \return Another non-zero value if the keys do not match.
- */
-int mbedtls_pk_check_pair(const mbedtls_pk_context *pub,
- const mbedtls_pk_context *prv,
- int (*f_rng)(void *, unsigned char *, size_t),
- void *p_rng);
-
-/**
- * \brief Export debug information
- *
- * \param ctx The PK context to use. It must have been initialized.
- * \param items Place to write debug items
- *
- * \return 0 on success or MBEDTLS_ERR_PK_BAD_INPUT_DATA
- */
-int mbedtls_pk_debug(const mbedtls_pk_context *ctx, mbedtls_pk_debug_item *items);
-
-/**
- * \brief Access the type name
- *
- * \param ctx The PK context to use. It must have been initialized.
- *
- * \return Type name on success, or "invalid PK"
- */
-const char *mbedtls_pk_get_name(const mbedtls_pk_context *ctx);
-
-/**
- * \brief Get the key type
- *
- * \param ctx The PK context to use. It must have been initialized.
- *
- * \return Type on success.
- * \return #MBEDTLS_PK_NONE for a context that has not been set up.
- */
-mbedtls_pk_type_t mbedtls_pk_get_type(const mbedtls_pk_context *ctx);
-
-#if defined(MBEDTLS_RSA_C)
-/**
- * Quick access to an RSA context inside a PK context.
- *
- * \warning This function can only be used when the type of the context, as
- * returned by mbedtls_pk_get_type(), is #MBEDTLS_PK_RSA.
- * Ensuring that is the caller's responsibility.
- * Alternatively, you can check whether this function returns NULL.
- *
- * \return The internal RSA context held by the PK context, or NULL.
- */
-static inline mbedtls_rsa_context *mbedtls_pk_rsa(const mbedtls_pk_context pk)
-{
- switch (mbedtls_pk_get_type(&pk)) {
- case MBEDTLS_PK_RSA:
- return (mbedtls_rsa_context *) (pk).MBEDTLS_PRIVATE(pk_ctx);
- default:
- return NULL;
- }
-}
-#endif /* MBEDTLS_RSA_C */
-
-#if defined(MBEDTLS_ECP_C)
-/**
- * Quick access to an EC context inside a PK context.
- *
- * \warning This function can only be used when the type of the context, as
- * returned by mbedtls_pk_get_type(), is #MBEDTLS_PK_ECKEY,
- * #MBEDTLS_PK_ECKEY_DH, or #MBEDTLS_PK_ECDSA.
- * Ensuring that is the caller's responsibility.
- * Alternatively, you can check whether this function returns NULL.
- *
- * \return The internal EC context held by the PK context, or NULL.
- */
-static inline mbedtls_ecp_keypair *mbedtls_pk_ec(const mbedtls_pk_context pk)
-{
- switch (mbedtls_pk_get_type(&pk)) {
- case MBEDTLS_PK_ECKEY:
- case MBEDTLS_PK_ECKEY_DH:
- case MBEDTLS_PK_ECDSA:
- return (mbedtls_ecp_keypair *) (pk).MBEDTLS_PRIVATE(pk_ctx);
- default:
- return NULL;
- }
-}
-#endif /* MBEDTLS_ECP_C */
-
-#if defined(MBEDTLS_PK_PARSE_C)
-/** \ingroup pk_module */
-/**
- * \brief Parse a private key in PEM or DER format
- *
- * \note If #MBEDTLS_USE_PSA_CRYPTO is enabled, the PSA crypto
- * subsystem must have been initialized by calling
- * psa_crypto_init() before calling this function.
- *
- * \param ctx The PK context to fill. It must have been initialized
- * but not set up.
- * \param key Input buffer to parse.
- * The buffer must contain the input exactly, with no
- * extra trailing material. For PEM, the buffer must
- * contain a null-terminated string.
- * \param keylen Size of \b key in bytes.
- * For PEM data, this includes the terminating null byte,
- * so \p keylen must be equal to `strlen(key) + 1`.
- * \param pwd Optional password for decryption.
- * Pass \c NULL if expecting a non-encrypted key.
- * Pass a string of \p pwdlen bytes if expecting an encrypted
- * key; a non-encrypted key will also be accepted.
- * The empty password is not supported.
- * \param pwdlen Size of the password in bytes.
- * Ignored if \p pwd is \c NULL.
- * \param f_rng RNG function, must not be \c NULL. Used for blinding.
- * \param p_rng RNG parameter
- *
- * \note On entry, ctx must be empty, either freshly initialised
- * with mbedtls_pk_init() or reset with mbedtls_pk_free(). If you need a
- * specific key type, check the result with mbedtls_pk_can_do().
- *
- * \note The key is also checked for correctness.
- *
- * \return 0 if successful, or a specific PK or PEM error code
- */
-int mbedtls_pk_parse_key(mbedtls_pk_context *ctx,
- const unsigned char *key, size_t keylen,
- const unsigned char *pwd, size_t pwdlen,
- int (*f_rng)(void *, unsigned char *, size_t), void *p_rng);
-
-/** \ingroup pk_module */
-/**
- * \brief Parse a public key in PEM or DER format
- *
- * \note If #MBEDTLS_USE_PSA_CRYPTO is enabled, the PSA crypto
- * subsystem must have been initialized by calling
- * psa_crypto_init() before calling this function.
- *
- * \param ctx The PK context to fill. It must have been initialized
- * but not set up.
- * \param key Input buffer to parse.
- * The buffer must contain the input exactly, with no
- * extra trailing material. For PEM, the buffer must
- * contain a null-terminated string.
- * \param keylen Size of \b key in bytes.
- * For PEM data, this includes the terminating null byte,
- * so \p keylen must be equal to `strlen(key) + 1`.
- *
- * \note On entry, ctx must be empty, either freshly initialised
- * with mbedtls_pk_init() or reset with mbedtls_pk_free(). If you need a
- * specific key type, check the result with mbedtls_pk_can_do().
- *
- * \note For compressed points, see #MBEDTLS_ECP_PF_COMPRESSED for
- * limitations.
- *
- * \note The key is also checked for correctness.
- *
- * \return 0 if successful, or a specific PK or PEM error code
- */
-int mbedtls_pk_parse_public_key(mbedtls_pk_context *ctx,
- const unsigned char *key, size_t keylen);
-
-#if defined(MBEDTLS_FS_IO)
-/** \ingroup pk_module */
-/**
- * \brief Load and parse a private key
- *
- * \note If #MBEDTLS_USE_PSA_CRYPTO is enabled, the PSA crypto
- * subsystem must have been initialized by calling
- * psa_crypto_init() before calling this function.
- *
- * \param ctx The PK context to fill. It must have been initialized
- * but not set up.
- * \param path filename to read the private key from
- * \param password Optional password to decrypt the file.
- * Pass \c NULL if expecting a non-encrypted key.
- * Pass a null-terminated string if expecting an encrypted
- * key; a non-encrypted key will also be accepted.
- * The empty password is not supported.
- * \param f_rng RNG function, must not be \c NULL. Used for blinding.
- * \param p_rng RNG parameter
- *
- * \note On entry, ctx must be empty, either freshly initialised
- * with mbedtls_pk_init() or reset with mbedtls_pk_free(). If you need a
- * specific key type, check the result with mbedtls_pk_can_do().
- *
- * \note The key is also checked for correctness.
- *
- * \return 0 if successful, or a specific PK or PEM error code
- */
-int mbedtls_pk_parse_keyfile(mbedtls_pk_context *ctx,
- const char *path, const char *password,
- int (*f_rng)(void *, unsigned char *, size_t), void *p_rng);
-
-/** \ingroup pk_module */
-/**
- * \brief Load and parse a public key
- *
- * \param ctx The PK context to fill. It must have been initialized
- * but not set up.
- * \param path filename to read the public key from
- *
- * \note On entry, ctx must be empty, either freshly initialised
- * with mbedtls_pk_init() or reset with mbedtls_pk_free(). If
- * you need a specific key type, check the result with
- * mbedtls_pk_can_do().
- *
- * \note The key is also checked for correctness.
- *
- * \return 0 if successful, or a specific PK or PEM error code
- */
-int mbedtls_pk_parse_public_keyfile(mbedtls_pk_context *ctx, const char *path);
-#endif /* MBEDTLS_FS_IO */
-#endif /* MBEDTLS_PK_PARSE_C */
-
-#if defined(MBEDTLS_PK_WRITE_C)
-/**
- * \brief Write a private key to a PKCS#1 or SEC1 DER structure
- * Note: data is written at the end of the buffer! Use the
- * return value to determine where you should start
- * using the buffer
- *
- * \param ctx PK context which must contain a valid private key.
- * \param buf buffer to write to
- * \param size size of the buffer
- *
- * \return length of data written if successful, or a specific
- * error code
- */
-int mbedtls_pk_write_key_der(const mbedtls_pk_context *ctx, unsigned char *buf, size_t size);
-
-/**
- * \brief Write a public key to a SubjectPublicKeyInfo DER structure
- * Note: data is written at the end of the buffer! Use the
- * return value to determine where you should start
- * using the buffer
- *
- * \param ctx PK context which must contain a valid public or private key.
- * \param buf buffer to write to
- * \param size size of the buffer
- *
- * \return length of data written if successful, or a specific
- * error code
- */
-int mbedtls_pk_write_pubkey_der(const mbedtls_pk_context *ctx, unsigned char *buf, size_t size);
-
-#if defined(MBEDTLS_PEM_WRITE_C)
-/**
- * \brief Write a public key to a PEM string
- *
- * \param ctx PK context which must contain a valid public or private key.
- * \param buf Buffer to write to. The output includes a
- * terminating null byte.
- * \param size Size of the buffer in bytes.
- *
- * \return 0 if successful, or a specific error code
- */
-int mbedtls_pk_write_pubkey_pem(const mbedtls_pk_context *ctx, unsigned char *buf, size_t size);
-
-/**
- * \brief Write a private key to a PKCS#1 or SEC1 PEM string
- *
- * \param ctx PK context which must contain a valid private key.
- * \param buf Buffer to write to. The output includes a
- * terminating null byte.
- * \param size Size of the buffer in bytes.
- *
- * \return 0 if successful, or a specific error code
- */
-int mbedtls_pk_write_key_pem(const mbedtls_pk_context *ctx, unsigned char *buf, size_t size);
-#endif /* MBEDTLS_PEM_WRITE_C */
-#endif /* MBEDTLS_PK_WRITE_C */
-
-/*
- * WARNING: Low-level functions. You probably do not want to use these unless
- * you are certain you do ;)
- */
-
-#if defined(MBEDTLS_PK_PARSE_C)
-/**
- * \brief Parse a SubjectPublicKeyInfo DER structure
- *
- * \param p the position in the ASN.1 data
- * \param end end of the buffer
- * \param pk The PK context to fill. It must have been initialized
- * but not set up.
- *
- * \return 0 if successful, or a specific PK error code
- */
-int mbedtls_pk_parse_subpubkey(unsigned char **p, const unsigned char *end,
- mbedtls_pk_context *pk);
-#endif /* MBEDTLS_PK_PARSE_C */
-
-#if defined(MBEDTLS_PK_WRITE_C)
-/**
- * \brief Write a subjectPublicKey to ASN.1 data
- * Note: function works backwards in data buffer
- *
- * \param p reference to current position pointer
- * \param start start of the buffer (for bounds-checking)
- * \param key PK context which must contain a valid public or private key.
- *
- * \return the length written or a negative error code
- */
-int mbedtls_pk_write_pubkey(unsigned char **p, unsigned char *start,
- const mbedtls_pk_context *key);
-#endif /* MBEDTLS_PK_WRITE_C */
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* MBEDTLS_PK_H */
diff --git a/include/mbedtls/platform.h b/include/mbedtls/platform.h
deleted file mode 100644
index de3d71d..0000000
--- a/include/mbedtls/platform.h
+++ /dev/null
@@ -1,485 +0,0 @@
-/**
- * \file platform.h
- *
- * \brief This file contains the definitions and functions of the
- * Mbed TLS platform abstraction layer.
- *
- * The platform abstraction layer removes the need for the library
- * to directly link to standard C library functions or operating
- * system services, making the library easier to port and embed.
- * Application developers and users of the library can provide their own
- * implementations of these functions, or implementations specific to
- * their platform, which can be statically linked to the library or
- * dynamically configured at runtime.
- *
- * When all compilation options related to platform abstraction are
- * disabled, this header just defines `mbedtls_xxx` function names
- * as aliases to the standard `xxx` function.
- *
- * Most modules in the library and example programs are expected to
- * include this header.
- */
-/*
- * Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
- */
-#ifndef MBEDTLS_PLATFORM_H
-#define MBEDTLS_PLATFORM_H
-#include "mbedtls/private_access.h"
-
-#include "mbedtls/build_info.h"
-
-#if defined(MBEDTLS_HAVE_TIME)
-#include "mbedtls/platform_time.h"
-#endif
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/**
- * \name SECTION: Module settings
- *
- * The configuration options you can set for this module are in this section.
- * Either change them in mbedtls_config.h or define them on the compiler command line.
- * \{
- */
-
-/* The older Microsoft Windows common runtime provides non-conforming
- * implementations of some standard library functions, including snprintf
- * and vsnprintf. This affects MSVC and MinGW builds.
- */
-#if defined(__MINGW32__) || (defined(_MSC_VER) && _MSC_VER <= 1900)
-#define MBEDTLS_PLATFORM_HAS_NON_CONFORMING_SNPRINTF
-#define MBEDTLS_PLATFORM_HAS_NON_CONFORMING_VSNPRINTF
-#endif
-
-#if !defined(MBEDTLS_PLATFORM_NO_STD_FUNCTIONS)
-#include
-#include
-#if defined(MBEDTLS_HAVE_TIME)
-#include
-#endif
-#if !defined(MBEDTLS_PLATFORM_STD_SNPRINTF)
-#if defined(MBEDTLS_PLATFORM_HAS_NON_CONFORMING_SNPRINTF)
-#define MBEDTLS_PLATFORM_STD_SNPRINTF mbedtls_platform_win32_snprintf /**< The default \c snprintf function to use. */
-#else
-#define MBEDTLS_PLATFORM_STD_SNPRINTF snprintf /**< The default \c snprintf function to use. */
-#endif
-#endif
-#if !defined(MBEDTLS_PLATFORM_STD_VSNPRINTF)
-#if defined(MBEDTLS_PLATFORM_HAS_NON_CONFORMING_VSNPRINTF)
-#define MBEDTLS_PLATFORM_STD_VSNPRINTF mbedtls_platform_win32_vsnprintf /**< The default \c vsnprintf function to use. */
-#else
-#define MBEDTLS_PLATFORM_STD_VSNPRINTF vsnprintf /**< The default \c vsnprintf function to use. */
-#endif
-#endif
-#if !defined(MBEDTLS_PLATFORM_STD_PRINTF)
-#define MBEDTLS_PLATFORM_STD_PRINTF printf /**< The default \c printf function to use. */
-#endif
-#if !defined(MBEDTLS_PLATFORM_STD_FPRINTF)
-#define MBEDTLS_PLATFORM_STD_FPRINTF fprintf /**< The default \c fprintf function to use. */
-#endif
-#if !defined(MBEDTLS_PLATFORM_STD_CALLOC)
-#define MBEDTLS_PLATFORM_STD_CALLOC calloc /**< The default \c calloc function to use. */
-#endif
-#if !defined(MBEDTLS_PLATFORM_STD_FREE)
-#define MBEDTLS_PLATFORM_STD_FREE free /**< The default \c free function to use. */
-#endif
-#if !defined(MBEDTLS_PLATFORM_STD_SETBUF)
-#define MBEDTLS_PLATFORM_STD_SETBUF setbuf /**< The default \c setbuf function to use. */
-#endif
-#if !defined(MBEDTLS_PLATFORM_STD_EXIT)
-#define MBEDTLS_PLATFORM_STD_EXIT exit /**< The default \c exit function to use. */
-#endif
-#if !defined(MBEDTLS_PLATFORM_STD_TIME)
-#define MBEDTLS_PLATFORM_STD_TIME time /**< The default \c time function to use. */
-#endif
-#if !defined(MBEDTLS_PLATFORM_STD_EXIT_SUCCESS)
-#define MBEDTLS_PLATFORM_STD_EXIT_SUCCESS EXIT_SUCCESS /**< The default exit value to use. */
-#endif
-#if !defined(MBEDTLS_PLATFORM_STD_EXIT_FAILURE)
-#define MBEDTLS_PLATFORM_STD_EXIT_FAILURE EXIT_FAILURE /**< The default exit value to use. */
-#endif
-#if defined(MBEDTLS_FS_IO)
-#if !defined(MBEDTLS_PLATFORM_STD_NV_SEED_READ)
-#define MBEDTLS_PLATFORM_STD_NV_SEED_READ mbedtls_platform_std_nv_seed_read
-#endif
-#if !defined(MBEDTLS_PLATFORM_STD_NV_SEED_WRITE)
-#define MBEDTLS_PLATFORM_STD_NV_SEED_WRITE mbedtls_platform_std_nv_seed_write
-#endif
-#if !defined(MBEDTLS_PLATFORM_STD_NV_SEED_FILE)
-#define MBEDTLS_PLATFORM_STD_NV_SEED_FILE "seedfile"
-#endif
-#endif /* MBEDTLS_FS_IO */
-#else /* MBEDTLS_PLATFORM_NO_STD_FUNCTIONS */
-#if defined(MBEDTLS_PLATFORM_STD_MEM_HDR)
-#include MBEDTLS_PLATFORM_STD_MEM_HDR
-#endif
-#endif /* MBEDTLS_PLATFORM_NO_STD_FUNCTIONS */
-
-/* Enable certain documented defines only when generating doxygen to avoid
- * an "unrecognized define" error. */
-#if defined(__DOXYGEN__) && !defined(MBEDTLS_PLATFORM_STD_CALLOC)
-#define MBEDTLS_PLATFORM_STD_CALLOC
-#endif
-
-#if defined(__DOXYGEN__) && !defined(MBEDTLS_PLATFORM_STD_FREE)
-#define MBEDTLS_PLATFORM_STD_FREE
-#endif
-
-/** \} name SECTION: Module settings */
-
-/*
- * The function pointers for calloc and free.
- * Please see MBEDTLS_PLATFORM_STD_CALLOC and MBEDTLS_PLATFORM_STD_FREE
- * in mbedtls_config.h for more information about behaviour and requirements.
- */
-#if defined(MBEDTLS_PLATFORM_MEMORY)
-#if defined(MBEDTLS_PLATFORM_FREE_MACRO) && \
- defined(MBEDTLS_PLATFORM_CALLOC_MACRO)
-#undef mbedtls_free
-#undef mbedtls_calloc
-#define mbedtls_free MBEDTLS_PLATFORM_FREE_MACRO
-#define mbedtls_calloc MBEDTLS_PLATFORM_CALLOC_MACRO
-#else
-/* For size_t */
-#include
-extern void *mbedtls_calloc(size_t n, size_t size);
-extern void mbedtls_free(void *ptr);
-
-/**
- * \brief This function dynamically sets the memory-management
- * functions used by the library, during runtime.
- *
- * \param calloc_func The \c calloc function implementation.
- * \param free_func The \c free function implementation.
- *
- * \return \c 0.
- */
-int mbedtls_platform_set_calloc_free(void *(*calloc_func)(size_t, size_t),
- void (*free_func)(void *));
-#endif /* MBEDTLS_PLATFORM_FREE_MACRO && MBEDTLS_PLATFORM_CALLOC_MACRO */
-#else /* !MBEDTLS_PLATFORM_MEMORY */
-#undef mbedtls_free
-#undef mbedtls_calloc
-#define mbedtls_free free
-#define mbedtls_calloc calloc
-#endif /* MBEDTLS_PLATFORM_MEMORY && !MBEDTLS_PLATFORM_{FREE,CALLOC}_MACRO */
-
-/*
- * The function pointers for fprintf
- */
-#if defined(MBEDTLS_PLATFORM_FPRINTF_ALT)
-/* We need FILE * */
-#include
-extern int (*mbedtls_fprintf)(FILE *stream, const char *format, ...);
-
-/**
- * \brief This function dynamically configures the fprintf
- * function that is called when the
- * mbedtls_fprintf() function is invoked by the library.
- *
- * \param fprintf_func The \c fprintf function implementation.
- *
- * \return \c 0.
- */
-int mbedtls_platform_set_fprintf(int (*fprintf_func)(FILE *stream, const char *,
- ...));
-#else
-#undef mbedtls_fprintf
-#if defined(MBEDTLS_PLATFORM_FPRINTF_MACRO)
-#define mbedtls_fprintf MBEDTLS_PLATFORM_FPRINTF_MACRO
-#else
-#define mbedtls_fprintf fprintf
-#endif /* MBEDTLS_PLATFORM_FPRINTF_MACRO */
-#endif /* MBEDTLS_PLATFORM_FPRINTF_ALT */
-
-/*
- * The function pointers for printf
- */
-#if defined(MBEDTLS_PLATFORM_PRINTF_ALT)
-extern int (*mbedtls_printf)(const char *format, ...);
-
-/**
- * \brief This function dynamically configures the snprintf
- * function that is called when the mbedtls_snprintf()
- * function is invoked by the library.
- *
- * \param printf_func The \c printf function implementation.
- *
- * \return \c 0 on success.
- */
-int mbedtls_platform_set_printf(int (*printf_func)(const char *, ...));
-#else /* !MBEDTLS_PLATFORM_PRINTF_ALT */
-#undef mbedtls_printf
-#if defined(MBEDTLS_PLATFORM_PRINTF_MACRO)
-#define mbedtls_printf MBEDTLS_PLATFORM_PRINTF_MACRO
-#else
-#define mbedtls_printf printf
-#endif /* MBEDTLS_PLATFORM_PRINTF_MACRO */
-#endif /* MBEDTLS_PLATFORM_PRINTF_ALT */
-
-/*
- * The function pointers for snprintf
- *
- * The snprintf implementation should conform to C99:
- * - it *must* always correctly zero-terminate the buffer
- * (except when n == 0, then it must leave the buffer untouched)
- * - however it is acceptable to return -1 instead of the required length when
- * the destination buffer is too short.
- */
-#if defined(MBEDTLS_PLATFORM_HAS_NON_CONFORMING_SNPRINTF)
-/* For Windows (inc. MSYS2), we provide our own fixed implementation */
-int mbedtls_platform_win32_snprintf(char *s, size_t n, const char *fmt, ...);
-#endif
-
-#if defined(MBEDTLS_PLATFORM_SNPRINTF_ALT)
-extern int (*mbedtls_snprintf)(char *s, size_t n, const char *format, ...);
-
-/**
- * \brief This function allows configuring a custom
- * \c snprintf function pointer.
- *
- * \param snprintf_func The \c snprintf function implementation.
- *
- * \return \c 0 on success.
- */
-int mbedtls_platform_set_snprintf(int (*snprintf_func)(char *s, size_t n,
- const char *format, ...));
-#else /* MBEDTLS_PLATFORM_SNPRINTF_ALT */
-#undef mbedtls_snprintf
-#if defined(MBEDTLS_PLATFORM_SNPRINTF_MACRO)
-#define mbedtls_snprintf MBEDTLS_PLATFORM_SNPRINTF_MACRO
-#else
-#define mbedtls_snprintf MBEDTLS_PLATFORM_STD_SNPRINTF
-#endif /* MBEDTLS_PLATFORM_SNPRINTF_MACRO */
-#endif /* MBEDTLS_PLATFORM_SNPRINTF_ALT */
-
-/*
- * The function pointers for vsnprintf
- *
- * The vsnprintf implementation should conform to C99:
- * - it *must* always correctly zero-terminate the buffer
- * (except when n == 0, then it must leave the buffer untouched)
- * - however it is acceptable to return -1 instead of the required length when
- * the destination buffer is too short.
- */
-#if defined(MBEDTLS_PLATFORM_HAS_NON_CONFORMING_VSNPRINTF)
-#include
-/* For Older Windows (inc. MSYS2), we provide our own fixed implementation */
-int mbedtls_platform_win32_vsnprintf(char *s, size_t n, const char *fmt, va_list arg);
-#endif
-
-#if defined(MBEDTLS_PLATFORM_VSNPRINTF_ALT)
-#include
-extern int (*mbedtls_vsnprintf)(char *s, size_t n, const char *format, va_list arg);
-
-/**
- * \brief Set your own snprintf function pointer
- *
- * \param vsnprintf_func The \c vsnprintf function implementation
- *
- * \return \c 0
- */
-int mbedtls_platform_set_vsnprintf(int (*vsnprintf_func)(char *s, size_t n,
- const char *format, va_list arg));
-#else /* MBEDTLS_PLATFORM_VSNPRINTF_ALT */
-#undef mbedtls_vsnprintf
-#if defined(MBEDTLS_PLATFORM_VSNPRINTF_MACRO)
-#define mbedtls_vsnprintf MBEDTLS_PLATFORM_VSNPRINTF_MACRO
-#else
-#define mbedtls_vsnprintf vsnprintf
-#endif /* MBEDTLS_PLATFORM_VSNPRINTF_MACRO */
-#endif /* MBEDTLS_PLATFORM_VSNPRINTF_ALT */
-
-/*
- * The function pointers for setbuf
- */
-#if defined(MBEDTLS_PLATFORM_SETBUF_ALT)
-#include
-/**
- * \brief Function pointer to call for `setbuf()` functionality
- * (changing the internal buffering on stdio calls).
- *
- * \note The library calls this function to disable
- * buffering when reading or writing sensitive data,
- * to avoid having extra copies of sensitive data
- * remaining in stdio buffers after the file is
- * closed. If this is not a concern, for example if
- * your platform's stdio doesn't have any buffering,
- * you can set mbedtls_setbuf to a function that
- * does nothing.
- *
- * The library always calls this function with
- * `buf` equal to `NULL`.
- */
-extern void (*mbedtls_setbuf)(FILE *stream, char *buf);
-
-/**
- * \brief Dynamically configure the function that is called
- * when the mbedtls_setbuf() function is called by the
- * library.
- *
- * \param setbuf_func The \c setbuf function implementation
- *
- * \return \c 0
- */
-int mbedtls_platform_set_setbuf(void (*setbuf_func)(
- FILE *stream, char *buf));
-#else
-#undef mbedtls_setbuf
-#if defined(MBEDTLS_PLATFORM_SETBUF_MACRO)
-/**
- * \brief Macro defining the function for the library to
- * call for `setbuf` functionality (changing the
- * internal buffering on stdio calls).
- *
- * \note See extra comments on the mbedtls_setbuf() function
- * pointer above.
- *
- * \return \c 0 on success, negative on error.
- */
-#define mbedtls_setbuf MBEDTLS_PLATFORM_SETBUF_MACRO
-#else
-#define mbedtls_setbuf setbuf
-#endif /* MBEDTLS_PLATFORM_SETBUF_MACRO */
-#endif /* MBEDTLS_PLATFORM_SETBUF_ALT */
-
-/*
- * The function pointers for exit
- */
-#if defined(MBEDTLS_PLATFORM_EXIT_ALT)
-extern void (*mbedtls_exit)(int status);
-
-/**
- * \brief This function dynamically configures the exit
- * function that is called when the mbedtls_exit()
- * function is invoked by the library.
- *
- * \param exit_func The \c exit function implementation.
- *
- * \return \c 0 on success.
- */
-int mbedtls_platform_set_exit(void (*exit_func)(int status));
-#else
-#undef mbedtls_exit
-#if defined(MBEDTLS_PLATFORM_EXIT_MACRO)
-#define mbedtls_exit MBEDTLS_PLATFORM_EXIT_MACRO
-#else
-#define mbedtls_exit exit
-#endif /* MBEDTLS_PLATFORM_EXIT_MACRO */
-#endif /* MBEDTLS_PLATFORM_EXIT_ALT */
-
-/*
- * The default exit values
- */
-#if defined(MBEDTLS_PLATFORM_STD_EXIT_SUCCESS)
-#define MBEDTLS_EXIT_SUCCESS MBEDTLS_PLATFORM_STD_EXIT_SUCCESS
-#else
-#define MBEDTLS_EXIT_SUCCESS 0
-#endif
-#if defined(MBEDTLS_PLATFORM_STD_EXIT_FAILURE)
-#define MBEDTLS_EXIT_FAILURE MBEDTLS_PLATFORM_STD_EXIT_FAILURE
-#else
-#define MBEDTLS_EXIT_FAILURE 1
-#endif
-
-/*
- * The function pointers for reading from and writing a seed file to
- * Non-Volatile storage (NV) in a platform-independent way
- *
- * Only enabled when the NV seed entropy source is enabled
- */
-#if defined(MBEDTLS_ENTROPY_NV_SEED)
-#if !defined(MBEDTLS_PLATFORM_NO_STD_FUNCTIONS) && defined(MBEDTLS_FS_IO)
-/* Internal standard platform definitions */
-int mbedtls_platform_std_nv_seed_read(unsigned char *buf, size_t buf_len);
-int mbedtls_platform_std_nv_seed_write(unsigned char *buf, size_t buf_len);
-#endif
-
-#if defined(MBEDTLS_PLATFORM_NV_SEED_ALT)
-extern int (*mbedtls_nv_seed_read)(unsigned char *buf, size_t buf_len);
-extern int (*mbedtls_nv_seed_write)(unsigned char *buf, size_t buf_len);
-
-/**
- * \brief This function allows configuring custom seed file writing and
- * reading functions.
- *
- * \param nv_seed_read_func The seed reading function implementation.
- * \param nv_seed_write_func The seed writing function implementation.
- *
- * \return \c 0 on success.
- */
-int mbedtls_platform_set_nv_seed(
- int (*nv_seed_read_func)(unsigned char *buf, size_t buf_len),
- int (*nv_seed_write_func)(unsigned char *buf, size_t buf_len)
- );
-#else
-#undef mbedtls_nv_seed_read
-#undef mbedtls_nv_seed_write
-#if defined(MBEDTLS_PLATFORM_NV_SEED_READ_MACRO) && \
- defined(MBEDTLS_PLATFORM_NV_SEED_WRITE_MACRO)
-#define mbedtls_nv_seed_read MBEDTLS_PLATFORM_NV_SEED_READ_MACRO
-#define mbedtls_nv_seed_write MBEDTLS_PLATFORM_NV_SEED_WRITE_MACRO
-#else
-#define mbedtls_nv_seed_read mbedtls_platform_std_nv_seed_read
-#define mbedtls_nv_seed_write mbedtls_platform_std_nv_seed_write
-#endif
-#endif /* MBEDTLS_PLATFORM_NV_SEED_ALT */
-#endif /* MBEDTLS_ENTROPY_NV_SEED */
-
-#if !defined(MBEDTLS_PLATFORM_SETUP_TEARDOWN_ALT)
-
-/**
- * \brief The platform context structure.
- *
- * \note This structure may be used to assist platform-specific
- * setup or teardown operations.
- */
-typedef struct mbedtls_platform_context {
- char MBEDTLS_PRIVATE(dummy); /**< A placeholder member, as empty structs are not portable. */
-}
-mbedtls_platform_context;
-
-#else
-#include "platform_alt.h"
-#endif /* !MBEDTLS_PLATFORM_SETUP_TEARDOWN_ALT */
-
-/**
- * \brief This function performs any platform-specific initialization
- * operations.
- *
- * \note This function should be called before any other library functions.
- *
- * Its implementation is platform-specific, and unless
- * platform-specific code is provided, it does nothing.
- *
- * \note The usage and necessity of this function is dependent on the platform.
- *
- * \param ctx The platform context.
- *
- * \return \c 0 on success.
- */
-int mbedtls_platform_setup(mbedtls_platform_context *ctx);
-/**
- * \brief This function performs any platform teardown operations.
- *
- * \note This function should be called after every other Mbed TLS module
- * has been correctly freed using the appropriate free function.
- *
- * Its implementation is platform-specific, and unless
- * platform-specific code is provided, it does nothing.
- *
- * \note The usage and necessity of this function is dependent on the platform.
- *
- * \param ctx The platform context.
- *
- */
-void mbedtls_platform_teardown(mbedtls_platform_context *ctx);
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* platform.h */
diff --git a/include/mbedtls/platform_time.h b/include/mbedtls/platform_time.h
deleted file mode 100644
index 97f1963..0000000
--- a/include/mbedtls/platform_time.h
+++ /dev/null
@@ -1,79 +0,0 @@
-/**
- * \file platform_time.h
- *
- * \brief Mbed TLS Platform time abstraction
- */
-/*
- * Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
- */
-#ifndef MBEDTLS_PLATFORM_TIME_H
-#define MBEDTLS_PLATFORM_TIME_H
-
-#include "mbedtls/build_info.h"
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/*
- * The time_t datatype
- */
-#if defined(MBEDTLS_PLATFORM_TIME_TYPE_MACRO)
-typedef MBEDTLS_PLATFORM_TIME_TYPE_MACRO mbedtls_time_t;
-#else
-/* For time_t */
-#include
-typedef time_t mbedtls_time_t;
-#endif /* MBEDTLS_PLATFORM_TIME_TYPE_MACRO */
-
-#if defined(MBEDTLS_PLATFORM_MS_TIME_TYPE_MACRO)
-typedef MBEDTLS_PLATFORM_MS_TIME_TYPE_MACRO mbedtls_ms_time_t;
-#else
-#include
-#include
-typedef int64_t mbedtls_ms_time_t;
-#endif /* MBEDTLS_PLATFORM_MS_TIME_TYPE_MACRO */
-
-/**
- * \brief Get time in milliseconds.
- *
- * \return Monotonically-increasing current time in milliseconds.
- *
- * \note Define MBEDTLS_PLATFORM_MS_TIME_ALT to be able to provide an
- * alternative implementation
- *
- * \warning This function returns a monotonically-increasing time value from a
- * start time that will differ from platform to platform, and possibly
- * from run to run of the process.
- *
- */
-mbedtls_ms_time_t mbedtls_ms_time(void);
-
-/*
- * The function pointers for time
- */
-#if defined(MBEDTLS_PLATFORM_TIME_ALT)
-extern mbedtls_time_t (*mbedtls_time)(mbedtls_time_t *time);
-
-/**
- * \brief Set your own time function pointer
- *
- * \param time_func the time function implementation
- *
- * \return 0
- */
-int mbedtls_platform_set_time(mbedtls_time_t (*time_func)(mbedtls_time_t *time));
-#else
-#if defined(MBEDTLS_PLATFORM_TIME_MACRO)
-#define mbedtls_time MBEDTLS_PLATFORM_TIME_MACRO
-#else
-#define mbedtls_time time
-#endif /* MBEDTLS_PLATFORM_TIME_MACRO */
-#endif /* MBEDTLS_PLATFORM_TIME_ALT */
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* platform_time.h */
diff --git a/include/mbedtls/platform_util.h b/include/mbedtls/platform_util.h
deleted file mode 100644
index 1b371ef..0000000
--- a/include/mbedtls/platform_util.h
+++ /dev/null
@@ -1,197 +0,0 @@
-/**
- * \file platform_util.h
- *
- * \brief Common and shared functions used by multiple modules in the Mbed TLS
- * library.
- */
-/*
- * Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
- */
-#ifndef MBEDTLS_PLATFORM_UTIL_H
-#define MBEDTLS_PLATFORM_UTIL_H
-
-#include "mbedtls/build_info.h"
-
-#include
-#if defined(MBEDTLS_HAVE_TIME_DATE)
-#include "mbedtls/platform_time.h"
-#include
-#endif /* MBEDTLS_HAVE_TIME_DATE */
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/* Internal helper macros for deprecating API constants. */
-#if !defined(MBEDTLS_DEPRECATED_REMOVED)
-#if defined(MBEDTLS_DEPRECATED_WARNING)
-#define MBEDTLS_DEPRECATED __attribute__((deprecated))
-MBEDTLS_DEPRECATED typedef char const *mbedtls_deprecated_string_constant_t;
-#define MBEDTLS_DEPRECATED_STRING_CONSTANT(VAL) \
- ((mbedtls_deprecated_string_constant_t) (VAL))
-MBEDTLS_DEPRECATED typedef int mbedtls_deprecated_numeric_constant_t;
-#define MBEDTLS_DEPRECATED_NUMERIC_CONSTANT(VAL) \
- ((mbedtls_deprecated_numeric_constant_t) (VAL))
-#else /* MBEDTLS_DEPRECATED_WARNING */
-#define MBEDTLS_DEPRECATED
-#define MBEDTLS_DEPRECATED_STRING_CONSTANT(VAL) VAL
-#define MBEDTLS_DEPRECATED_NUMERIC_CONSTANT(VAL) VAL
-#endif /* MBEDTLS_DEPRECATED_WARNING */
-#endif /* MBEDTLS_DEPRECATED_REMOVED */
-
-/* Implementation of the check-return facility.
- * See the user documentation in mbedtls_config.h.
- *
- * Do not use this macro directly to annotate function: instead,
- * use one of MBEDTLS_CHECK_RETURN_CRITICAL or MBEDTLS_CHECK_RETURN_TYPICAL
- * depending on how important it is to check the return value.
- */
-#if !defined(MBEDTLS_CHECK_RETURN)
-#if defined(__GNUC__)
-#define MBEDTLS_CHECK_RETURN __attribute__((__warn_unused_result__))
-#elif defined(_MSC_VER) && _MSC_VER >= 1700
-#include
-#define MBEDTLS_CHECK_RETURN _Check_return_
-#else
-#define MBEDTLS_CHECK_RETURN
-#endif
-#endif
-
-/** Critical-failure function
- *
- * This macro appearing at the beginning of the declaration of a function
- * indicates that its return value should be checked in all applications.
- * Omitting the check is very likely to indicate a bug in the application
- * and will result in a compile-time warning if #MBEDTLS_CHECK_RETURN
- * is implemented for the compiler in use.
- *
- * \note The use of this macro is a work in progress.
- * This macro may be added to more functions in the future.
- * Such an extension is not considered an API break, provided that
- * there are near-unavoidable circumstances under which the function
- * can fail. For example, signature/MAC/AEAD verification functions,
- * and functions that require a random generator, are considered
- * return-check-critical.
- */
-#define MBEDTLS_CHECK_RETURN_CRITICAL MBEDTLS_CHECK_RETURN
-
-/** Ordinary-failure function
- *
- * This macro appearing at the beginning of the declaration of a function
- * indicates that its return value should be generally be checked in portable
- * applications. Omitting the check will result in a compile-time warning if
- * #MBEDTLS_CHECK_RETURN is implemented for the compiler in use and
- * #MBEDTLS_CHECK_RETURN_WARNING is enabled in the compile-time configuration.
- *
- * You can use #MBEDTLS_IGNORE_RETURN to explicitly ignore the return value
- * of a function that is annotated with #MBEDTLS_CHECK_RETURN.
- *
- * \note The use of this macro is a work in progress.
- * This macro will be added to more functions in the future.
- * Eventually this should appear before most functions returning
- * an error code (as \c int in the \c mbedtls_xxx API or
- * as ::psa_status_t in the \c psa_xxx API).
- */
-#if defined(MBEDTLS_CHECK_RETURN_WARNING)
-#define MBEDTLS_CHECK_RETURN_TYPICAL MBEDTLS_CHECK_RETURN
-#else
-#define MBEDTLS_CHECK_RETURN_TYPICAL
-#endif
-
-/** Benign-failure function
- *
- * This macro appearing at the beginning of the declaration of a function
- * indicates that it is rarely useful to check its return value.
- *
- * This macro has an empty expansion. It exists for documentation purposes:
- * a #MBEDTLS_CHECK_RETURN_OPTIONAL annotation indicates that the function
- * has been analyzed for return-check usefulness, whereas the lack of
- * an annotation indicates that the function has not been analyzed and its
- * return-check usefulness is unknown.
- */
-#define MBEDTLS_CHECK_RETURN_OPTIONAL
-
-/** \def MBEDTLS_IGNORE_RETURN
- *
- * Call this macro with one argument, a function call, to suppress a warning
- * from #MBEDTLS_CHECK_RETURN due to that function call.
- */
-#if !defined(MBEDTLS_IGNORE_RETURN)
-/* GCC doesn't silence the warning with just (void)(result).
- * (void)!(result) is known to work up at least up to GCC 10, as well
- * as with Clang and MSVC.
- *
- * https://gcc.gnu.org/onlinedocs/gcc-3.4.6/gcc/Non_002dbugs.html
- * https://stackoverflow.com/questions/40576003/ignoring-warning-wunused-result
- * https://gcc.gnu.org/bugzilla/show_bug.cgi?id=66425#c34
- */
-#define MBEDTLS_IGNORE_RETURN(result) ((void) !(result))
-#endif
-
-/* If the following macro is defined, the library is being built by the test
- * framework, and the framework is going to provide a replacement
- * mbedtls_platform_zeroize() using a preprocessor macro, so the function
- * declaration should be omitted. */
-#if !defined(MBEDTLS_TEST_DEFINES_ZEROIZE) //no-check-names
-/**
- * \brief Securely zeroize a buffer
- *
- * The function is meant to wipe the data contained in a buffer so
- * that it can no longer be recovered even if the program memory
- * is later compromised. Call this function on sensitive data
- * stored on the stack before returning from a function, and on
- * sensitive data stored on the heap before freeing the heap
- * object.
- *
- * It is extremely difficult to guarantee that calls to
- * mbedtls_platform_zeroize() are not removed by aggressive
- * compiler optimizations in a portable way. For this reason, Mbed
- * TLS provides the configuration option
- * MBEDTLS_PLATFORM_ZEROIZE_ALT, which allows users to configure
- * mbedtls_platform_zeroize() to use a suitable implementation for
- * their platform and needs
- *
- * \param buf Buffer to be zeroized
- * \param len Length of the buffer in bytes
- *
- */
-void mbedtls_platform_zeroize(void *buf, size_t len);
-#endif
-
-#if defined(MBEDTLS_HAVE_TIME_DATE)
-/**
- * \brief Platform-specific implementation of gmtime_r()
- *
- * The function is a thread-safe abstraction that behaves
- * similarly to the gmtime_r() function from Unix/POSIX.
- *
- * Mbed TLS will try to identify the underlying platform and
- * make use of an appropriate underlying implementation (e.g.
- * gmtime_r() for POSIX and gmtime_s() for Windows). If this is
- * not possible, then gmtime() will be used. In this case, calls
- * from the library to gmtime() will be guarded by the mutex
- * mbedtls_threading_gmtime_mutex if MBEDTLS_THREADING_C is
- * enabled. It is recommended that calls from outside the library
- * are also guarded by this mutex.
- *
- * If MBEDTLS_PLATFORM_GMTIME_R_ALT is defined, then Mbed TLS will
- * unconditionally use the alternative implementation for
- * mbedtls_platform_gmtime_r() supplied by the user at compile time.
- *
- * \param tt Pointer to an object containing time (in seconds) since the
- * epoch to be converted
- * \param tm_buf Pointer to an object where the results will be stored
- *
- * \return Pointer to an object of type struct tm on success, otherwise
- * NULL
- */
-struct tm *mbedtls_platform_gmtime_r(const mbedtls_time_t *tt,
- struct tm *tm_buf);
-#endif /* MBEDTLS_HAVE_TIME_DATE */
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* MBEDTLS_PLATFORM_UTIL_H */
diff --git a/include/mbedtls/private_access.h b/include/mbedtls/private_access.h
deleted file mode 100644
index 580f3eb..0000000
--- a/include/mbedtls/private_access.h
+++ /dev/null
@@ -1,20 +0,0 @@
-/**
- * \file private_access.h
- *
- * \brief Macro wrapper for struct's members.
- */
-/*
- * Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
- */
-
-#ifndef MBEDTLS_PRIVATE_ACCESS_H
-#define MBEDTLS_PRIVATE_ACCESS_H
-
-#ifndef MBEDTLS_ALLOW_PRIVATE_ACCESS
-#define MBEDTLS_PRIVATE(member) private_##member
-#else
-#define MBEDTLS_PRIVATE(member) member
-#endif
-
-#endif /* MBEDTLS_PRIVATE_ACCESS_H */
diff --git a/include/mbedtls/psa_util.h b/include/mbedtls/psa_util.h
deleted file mode 100644
index 8f371ab..0000000
--- a/include/mbedtls/psa_util.h
+++ /dev/null
@@ -1,189 +0,0 @@
-/**
- * \file psa_util.h
- *
- * \brief Utility functions for the use of the PSA Crypto library.
- */
-/*
- * Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
- */
-
-#ifndef MBEDTLS_PSA_UTIL_H
-#define MBEDTLS_PSA_UTIL_H
-#include "mbedtls/private_access.h"
-
-#include "mbedtls/build_info.h"
-#include "mbedtls/md.h" // for mbedtls_md_type_t
-
-#include "psa/crypto.h"
-
-/* ASN1 defines used in the ECDSA conversion functions.
- * Note: intentionally not adding MBEDTLS_ASN1_[PARSE|WRITE]_C guards here
- * otherwise error codes would be unknown in test_suite_psa_crypto_util.data.*/
-#include
-
-#if defined(MBEDTLS_PSA_CRYPTO_CLIENT)
-
-/** The random generator function for the PSA subsystem.
- *
- * This function is suitable as the `f_rng` random generator function
- * parameter of many `mbedtls_xxx` functions.
- *
- * The implementation of this function depends on the configuration of the
- * library.
- *
- * \note This function may only be used if the PSA crypto subsystem is active.
- * This means that you must call psa_crypto_init() before any call to
- * this function, and you must not call this function after calling
- * mbedtls_psa_crypto_free().
- *
- * \param p_rng This parameter is only kept for backward compatibility
- * reasons with legacy `f_rng` functions and it's ignored.
- * Set to #MBEDTLS_PSA_RANDOM_STATE or NULL.
- * \param output The buffer to fill. It must have room for
- * \c output_size bytes.
- * \param output_size The number of bytes to write to \p output.
- * This function may fail if \p output_size is too
- * large. It is guaranteed to accept any output size
- * requested by Mbed TLS library functions. The
- * maximum request size depends on the library
- * configuration.
- *
- * \return \c 0 on success.
- * \return An `MBEDTLS_ERR_ENTROPY_xxx`,
- * `MBEDTLS_ERR_PLATFORM_xxx,
- * `MBEDTLS_ERR_CTR_DRBG_xxx` or
- * `MBEDTLS_ERR_HMAC_DRBG_xxx` on error.
- */
-int mbedtls_psa_get_random(void *p_rng,
- unsigned char *output,
- size_t output_size);
-
-/** The random generator state for the PSA subsystem.
- *
- * This macro always expands to NULL because the `p_rng` parameter is unused
- * in mbedtls_psa_get_random(), but it's kept for interface's backward
- * compatibility.
- */
-#define MBEDTLS_PSA_RANDOM_STATE NULL
-
-/** \defgroup psa_tls_helpers TLS helper functions
- * @{
- */
-#if defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY)
-#include
-
-/** Convert an ECC curve identifier from the Mbed TLS encoding to PSA.
- *
- * \param grpid An Mbed TLS elliptic curve identifier
- * (`MBEDTLS_ECP_DP_xxx`).
- * \param[out] bits On success the bit size of the curve; 0 on failure.
- *
- * \return If the curve is supported in the PSA API, this function
- * returns the proper PSA curve identifier
- * (`PSA_ECC_FAMILY_xxx`). This holds even if the curve is
- * not supported by the ECP module.
- * \return \c 0 if the curve is not supported in the PSA API.
- */
-psa_ecc_family_t mbedtls_ecc_group_to_psa(mbedtls_ecp_group_id grpid,
- size_t *bits);
-
-/** Convert an ECC curve identifier from the PSA encoding to Mbed TLS.
- *
- * \param family A PSA elliptic curve family identifier
- * (`PSA_ECC_FAMILY_xxx`).
- * \param bits The bit-length of a private key on \p curve.
- *
- * \return If the curve is supported in the PSA API, this function
- * returns the corresponding Mbed TLS elliptic curve
- * identifier (`MBEDTLS_ECP_DP_xxx`).
- * \return #MBEDTLS_ECP_DP_NONE if the combination of \c curve
- * and \p bits is not supported.
- */
-mbedtls_ecp_group_id mbedtls_ecc_group_from_psa(psa_ecc_family_t family,
- size_t bits);
-#endif /* PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY */
-
-/**
- * \brief This function returns the PSA algorithm identifier
- * associated with the given digest type.
- *
- * \param md_type The type of digest to search for. Must not be NONE.
- *
- * \warning If \p md_type is \c MBEDTLS_MD_NONE, this function will
- * not return \c PSA_ALG_NONE, but an invalid algorithm.
- *
- * \warning This function does not check if the algorithm is
- * supported, it always returns the corresponding identifier.
- *
- * \return The PSA algorithm identifier associated with \p md_type,
- * regardless of whether it is supported or not.
- */
-static inline psa_algorithm_t mbedtls_md_psa_alg_from_type(mbedtls_md_type_t md_type)
-{
- return PSA_ALG_CATEGORY_HASH | (psa_algorithm_t) md_type;
-}
-
-/**
- * \brief This function returns the given digest type
- * associated with the PSA algorithm identifier.
- *
- * \param psa_alg The PSA algorithm identifier to search for.
- *
- * \warning This function does not check if the algorithm is
- * supported, it always returns the corresponding identifier.
- *
- * \return The MD type associated with \p psa_alg,
- * regardless of whether it is supported or not.
- */
-static inline mbedtls_md_type_t mbedtls_md_type_from_psa_alg(psa_algorithm_t psa_alg)
-{
- return (mbedtls_md_type_t) (psa_alg & PSA_ALG_HASH_MASK);
-}
-#endif /* MBEDTLS_PSA_CRYPTO_CLIENT */
-
-#if defined(MBEDTLS_PSA_UTIL_HAVE_ECDSA)
-
-/** Convert an ECDSA signature from raw format to DER ASN.1 format.
- *
- * \param bits Size of each coordinate in bits.
- * \param raw Buffer that contains the signature in raw format.
- * \param raw_len Length of \p raw in bytes. This must be
- * PSA_BITS_TO_BYTES(bits) bytes.
- * \param[out] der Buffer that will be filled with the converted DER
- * output. It can overlap with raw buffer.
- * \param der_size Size of \p der in bytes. It is enough if \p der_size
- * is at least the size of the actual output. (The size
- * of the output can vary depending on the presence of
- * leading zeros in the data.) You can use
- * #MBEDTLS_ECDSA_MAX_SIG_LEN(\p bits) to determine a
- * size that is large enough for all signatures for a
- * given value of \p bits.
- * \param[out] der_len On success it contains the amount of valid data
- * (in bytes) written to \p der. It's undefined
- * in case of failure.
- */
-int mbedtls_ecdsa_raw_to_der(size_t bits, const unsigned char *raw, size_t raw_len,
- unsigned char *der, size_t der_size, size_t *der_len);
-
-/** Convert an ECDSA signature from DER ASN.1 format to raw format.
- *
- * \param bits Size of each coordinate in bits.
- * \param der Buffer that contains the signature in DER format.
- * \param der_len Size of \p der in bytes.
- * \param[out] raw Buffer that will be filled with the converted raw
- * signature. It can overlap with der buffer.
- * \param raw_size Size of \p raw in bytes. Must be at least
- * 2 * PSA_BITS_TO_BYTES(bits) bytes.
- * \param[out] raw_len On success it is updated with the amount of valid
- * data (in bytes) written to \p raw. It's undefined
- * in case of failure.
- */
-int mbedtls_ecdsa_der_to_raw(size_t bits, const unsigned char *der, size_t der_len,
- unsigned char *raw, size_t raw_size, size_t *raw_len);
-
-#endif /* MBEDTLS_PSA_UTIL_HAVE_ECDSA */
-
-/**@}*/
-
-#endif /* MBEDTLS_PSA_UTIL_H */
diff --git a/include/mbedtls/rsa.h b/include/mbedtls/rsa.h
deleted file mode 100644
index c1e76b3..0000000
--- a/include/mbedtls/rsa.h
+++ /dev/null
@@ -1,1164 +0,0 @@
-/**
- * \file rsa.h
- *
- * \brief This file provides an API for the RSA public-key cryptosystem.
- *
- * The RSA public-key cryptosystem is defined in Public-Key
- * Cryptography Standards (PKCS) #1 v1.5: RSA Encryption
- * and Public-Key Cryptography Standards (PKCS) #1 v2.1:
- * RSA Cryptography Specifications.
- *
- */
-/*
- * Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
- */
-#ifndef MBEDTLS_RSA_H
-#define MBEDTLS_RSA_H
-#include "mbedtls/private_access.h"
-
-#include "mbedtls/build_info.h"
-
-#include "mbedtls/bignum.h"
-#include "mbedtls/md.h"
-
-#if defined(MBEDTLS_THREADING_C)
-#include "mbedtls/threading.h"
-#endif
-
-/*
- * RSA Error codes
- */
-/** Bad input parameters to function. */
-#define MBEDTLS_ERR_RSA_BAD_INPUT_DATA -0x4080
-/** Input data contains invalid padding and is rejected. */
-#define MBEDTLS_ERR_RSA_INVALID_PADDING -0x4100
-/** Something failed during generation of a key. */
-#define MBEDTLS_ERR_RSA_KEY_GEN_FAILED -0x4180
-/** Key failed to pass the validity check of the library. */
-#define MBEDTLS_ERR_RSA_KEY_CHECK_FAILED -0x4200
-/** The public key operation failed. */
-#define MBEDTLS_ERR_RSA_PUBLIC_FAILED -0x4280
-/** The private key operation failed. */
-#define MBEDTLS_ERR_RSA_PRIVATE_FAILED -0x4300
-/** The PKCS#1 verification failed. */
-#define MBEDTLS_ERR_RSA_VERIFY_FAILED -0x4380
-/** The output buffer for decryption is not large enough. */
-#define MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE -0x4400
-/** The random generator failed to generate non-zeros. */
-#define MBEDTLS_ERR_RSA_RNG_FAILED -0x4480
-
-/*
- * RSA constants
- */
-
-#define MBEDTLS_RSA_PKCS_V15 0 /**< Use PKCS#1 v1.5 encoding. */
-#define MBEDTLS_RSA_PKCS_V21 1 /**< Use PKCS#1 v2.1 encoding. */
-
-#define MBEDTLS_RSA_SIGN 1 /**< Identifier for RSA signature operations. */
-#define MBEDTLS_RSA_CRYPT 2 /**< Identifier for RSA encryption and decryption operations. */
-
-#define MBEDTLS_RSA_SALT_LEN_ANY -1
-
-/*
- * The above constants may be used even if the RSA module is compile out,
- * eg for alternative (PKCS#11) RSA implementations in the PK layers.
- */
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-#if !defined(MBEDTLS_RSA_ALT)
-// Regular implementation
-//
-
-#if !defined(MBEDTLS_RSA_GEN_KEY_MIN_BITS)
-#define MBEDTLS_RSA_GEN_KEY_MIN_BITS 1024
-#elif MBEDTLS_RSA_GEN_KEY_MIN_BITS < 128
-#error "MBEDTLS_RSA_GEN_KEY_MIN_BITS must be at least 128 bits"
-#endif
-
-/**
- * \brief The RSA context structure.
- */
-typedef struct mbedtls_rsa_context {
- int MBEDTLS_PRIVATE(ver); /*!< Reserved for internal purposes.
- * Do not set this field in application
- * code. Its meaning might change without
- * notice. */
- size_t MBEDTLS_PRIVATE(len); /*!< The size of \p N in Bytes. */
-
- mbedtls_mpi MBEDTLS_PRIVATE(N); /*!< The public modulus. */
- mbedtls_mpi MBEDTLS_PRIVATE(E); /*!< The public exponent. */
-
- mbedtls_mpi MBEDTLS_PRIVATE(D); /*!< The private exponent. */
- mbedtls_mpi MBEDTLS_PRIVATE(P); /*!< The first prime factor. */
- mbedtls_mpi MBEDTLS_PRIVATE(Q); /*!< The second prime factor. */
-
- mbedtls_mpi MBEDTLS_PRIVATE(DP); /*!< D % (P - 1). */
- mbedtls_mpi MBEDTLS_PRIVATE(DQ); /*!< D % (Q - 1). */
- mbedtls_mpi MBEDTLS_PRIVATE(QP); /*!< 1 / (Q % P). */
-
- mbedtls_mpi MBEDTLS_PRIVATE(RN); /*!< cached R^2 mod N. */
-
- mbedtls_mpi MBEDTLS_PRIVATE(RP); /*!< cached R^2 mod P. */
- mbedtls_mpi MBEDTLS_PRIVATE(RQ); /*!< cached R^2 mod Q. */
-
- mbedtls_mpi MBEDTLS_PRIVATE(Vi); /*!< The cached blinding value. */
- mbedtls_mpi MBEDTLS_PRIVATE(Vf); /*!< The cached un-blinding value. */
-
- int MBEDTLS_PRIVATE(padding); /*!< Selects padding mode:
- #MBEDTLS_RSA_PKCS_V15 for 1.5 padding and
- #MBEDTLS_RSA_PKCS_V21 for OAEP or PSS. */
- int MBEDTLS_PRIVATE(hash_id); /*!< Hash identifier of mbedtls_md_type_t type,
- as specified in md.h for use in the MGF
- mask generating function used in the
- EME-OAEP and EMSA-PSS encodings. */
-#if defined(MBEDTLS_THREADING_C)
- /* Invariant: the mutex is initialized iff ver != 0. */
- mbedtls_threading_mutex_t MBEDTLS_PRIVATE(mutex); /*!< Thread-safety mutex. */
-#endif
-}
-mbedtls_rsa_context;
-
-#else /* MBEDTLS_RSA_ALT */
-#include "rsa_alt.h"
-#endif /* MBEDTLS_RSA_ALT */
-
-/**
- * \brief This function initializes an RSA context.
- *
- * \note This function initializes the padding and the hash
- * identifier to respectively #MBEDTLS_RSA_PKCS_V15 and
- * #MBEDTLS_MD_NONE. See mbedtls_rsa_set_padding() for more
- * information about those parameters.
- *
- * \param ctx The RSA context to initialize. This must not be \c NULL.
- */
-void mbedtls_rsa_init(mbedtls_rsa_context *ctx);
-
-/**
- * \brief This function sets padding for an already initialized RSA
- * context.
- *
- * \note Set padding to #MBEDTLS_RSA_PKCS_V21 for the RSAES-OAEP
- * encryption scheme and the RSASSA-PSS signature scheme.
- *
- * \note The \p hash_id parameter is ignored when using
- * #MBEDTLS_RSA_PKCS_V15 padding.
- *
- * \note The choice of padding mode is strictly enforced for private
- * key operations, since there might be security concerns in
- * mixing padding modes. For public key operations it is
- * a default value, which can be overridden by calling specific
- * \c mbedtls_rsa_rsaes_xxx or \c mbedtls_rsa_rsassa_xxx
- * functions.
- *
- * \note The hash selected in \p hash_id is always used for OEAP
- * encryption. For PSS signatures, it is always used for
- * making signatures, but can be overridden for verifying them.
- * If set to #MBEDTLS_MD_NONE, it is always overridden.
- *
- * \param ctx The initialized RSA context to be configured.
- * \param padding The padding mode to use. This must be either
- * #MBEDTLS_RSA_PKCS_V15 or #MBEDTLS_RSA_PKCS_V21.
- * \param hash_id The hash identifier for PSS or OAEP, if \p padding is
- * #MBEDTLS_RSA_PKCS_V21. #MBEDTLS_MD_NONE is accepted by this
- * function but may be not suitable for some operations.
- * Ignored if \p padding is #MBEDTLS_RSA_PKCS_V15.
- *
- * \return \c 0 on success.
- * \return #MBEDTLS_ERR_RSA_INVALID_PADDING failure:
- * \p padding or \p hash_id is invalid.
- */
-int mbedtls_rsa_set_padding(mbedtls_rsa_context *ctx, int padding,
- mbedtls_md_type_t hash_id);
-
-/**
- * \brief This function retrieves padding mode of initialized
- * RSA context.
- *
- * \param ctx The initialized RSA context.
- *
- * \return RSA padding mode.
- *
- */
-int mbedtls_rsa_get_padding_mode(const mbedtls_rsa_context *ctx);
-
-/**
- * \brief This function retrieves hash identifier of mbedtls_md_type_t
- * type.
- *
- * \param ctx The initialized RSA context.
- *
- * \return Hash identifier of mbedtls_md_type_t type.
- *
- */
-int mbedtls_rsa_get_md_alg(const mbedtls_rsa_context *ctx);
-
-/**
- * \brief This function imports a set of core parameters into an
- * RSA context.
- *
- * \note This function can be called multiple times for successive
- * imports, if the parameters are not simultaneously present.
- *
- * Any sequence of calls to this function should be followed
- * by a call to mbedtls_rsa_complete(), which checks and
- * completes the provided information to a ready-for-use
- * public or private RSA key.
- *
- * \note See mbedtls_rsa_complete() for more information on which
- * parameters are necessary to set up a private or public
- * RSA key.
- *
- * \note The imported parameters are copied and need not be preserved
- * for the lifetime of the RSA context being set up.
- *
- * \param ctx The initialized RSA context to store the parameters in.
- * \param N The RSA modulus. This may be \c NULL.
- * \param P The first prime factor of \p N. This may be \c NULL.
- * \param Q The second prime factor of \p N. This may be \c NULL.
- * \param D The private exponent. This may be \c NULL.
- * \param E The public exponent. This may be \c NULL.
- *
- * \return \c 0 on success.
- * \return A non-zero error code on failure.
- */
-int mbedtls_rsa_import(mbedtls_rsa_context *ctx,
- const mbedtls_mpi *N,
- const mbedtls_mpi *P, const mbedtls_mpi *Q,
- const mbedtls_mpi *D, const mbedtls_mpi *E);
-
-/**
- * \brief This function imports core RSA parameters, in raw big-endian
- * binary format, into an RSA context.
- *
- * \note This function can be called multiple times for successive
- * imports, if the parameters are not simultaneously present.
- *
- * Any sequence of calls to this function should be followed
- * by a call to mbedtls_rsa_complete(), which checks and
- * completes the provided information to a ready-for-use
- * public or private RSA key.
- *
- * \note See mbedtls_rsa_complete() for more information on which
- * parameters are necessary to set up a private or public
- * RSA key.
- *
- * \note The imported parameters are copied and need not be preserved
- * for the lifetime of the RSA context being set up.
- *
- * \param ctx The initialized RSA context to store the parameters in.
- * \param N The RSA modulus. This may be \c NULL.
- * \param N_len The Byte length of \p N; it is ignored if \p N == NULL.
- * \param P The first prime factor of \p N. This may be \c NULL.
- * \param P_len The Byte length of \p P; it is ignored if \p P == NULL.
- * \param Q The second prime factor of \p N. This may be \c NULL.
- * \param Q_len The Byte length of \p Q; it is ignored if \p Q == NULL.
- * \param D The private exponent. This may be \c NULL.
- * \param D_len The Byte length of \p D; it is ignored if \p D == NULL.
- * \param E The public exponent. This may be \c NULL.
- * \param E_len The Byte length of \p E; it is ignored if \p E == NULL.
- *
- * \return \c 0 on success.
- * \return A non-zero error code on failure.
- */
-int mbedtls_rsa_import_raw(mbedtls_rsa_context *ctx,
- unsigned char const *N, size_t N_len,
- unsigned char const *P, size_t P_len,
- unsigned char const *Q, size_t Q_len,
- unsigned char const *D, size_t D_len,
- unsigned char const *E, size_t E_len);
-
-/**
- * \brief This function completes an RSA context from
- * a set of imported core parameters.
- *
- * To setup an RSA public key, precisely \c N and \c E
- * must have been imported.
- *
- * To setup an RSA private key, sufficient information must
- * be present for the other parameters to be derivable.
- *
- * The default implementation supports the following:
- * - Derive \c P, \c Q from \c N, \c D, \c E.
- * - Derive \c N, \c D from \c P, \c Q, \c E.
- * Alternative implementations need not support these.
- *
- * If this function runs successfully, it guarantees that
- * the RSA context can be used for RSA operations without
- * the risk of failure or crash.
- *
- * \warning This function need not perform consistency checks
- * for the imported parameters. In particular, parameters that
- * are not needed by the implementation might be silently
- * discarded and left unchecked. To check the consistency
- * of the key material, see mbedtls_rsa_check_privkey().
- *
- * \param ctx The initialized RSA context holding imported parameters.
- *
- * \return \c 0 on success.
- * \return #MBEDTLS_ERR_RSA_BAD_INPUT_DATA if the attempted derivations
- * failed.
- *
- */
-int mbedtls_rsa_complete(mbedtls_rsa_context *ctx);
-
-/**
- * \brief This function exports the core parameters of an RSA key.
- *
- * If this function runs successfully, the non-NULL buffers
- * pointed to by \p N, \p P, \p Q, \p D, and \p E are fully
- * written, with additional unused space filled leading by
- * zero Bytes.
- *
- * Possible reasons for returning
- * #MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED:
- * - An alternative RSA implementation is in use, which
- * stores the key externally, and either cannot or should
- * not export it into RAM.
- * - A SW or HW implementation might not support a certain
- * deduction. For example, \p P, \p Q from \p N, \p D,
- * and \p E if the former are not part of the
- * implementation.
- *
- * If the function fails due to an unsupported operation,
- * the RSA context stays intact and remains usable.
- *
- * \param ctx The initialized RSA context.
- * \param N The MPI to hold the RSA modulus.
- * This may be \c NULL if this field need not be exported.
- * \param P The MPI to hold the first prime factor of \p N.
- * This may be \c NULL if this field need not be exported.
- * \param Q The MPI to hold the second prime factor of \p N.
- * This may be \c NULL if this field need not be exported.
- * \param D The MPI to hold the private exponent.
- * This may be \c NULL if this field need not be exported.
- * \param E The MPI to hold the public exponent.
- * This may be \c NULL if this field need not be exported.
- *
- * \return \c 0 on success.
- * \return #MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED if exporting the
- * requested parameters cannot be done due to missing
- * functionality or because of security policies.
- * \return A non-zero return code on any other failure.
- *
- */
-int mbedtls_rsa_export(const mbedtls_rsa_context *ctx,
- mbedtls_mpi *N, mbedtls_mpi *P, mbedtls_mpi *Q,
- mbedtls_mpi *D, mbedtls_mpi *E);
-
-/**
- * \brief This function exports core parameters of an RSA key
- * in raw big-endian binary format.
- *
- * If this function runs successfully, the non-NULL buffers
- * pointed to by \p N, \p P, \p Q, \p D, and \p E are fully
- * written, with additional unused space filled leading by
- * zero Bytes.
- *
- * Possible reasons for returning
- * #MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED:
- * - An alternative RSA implementation is in use, which
- * stores the key externally, and either cannot or should
- * not export it into RAM.
- * - A SW or HW implementation might not support a certain
- * deduction. For example, \p P, \p Q from \p N, \p D,
- * and \p E if the former are not part of the
- * implementation.
- * If the function fails due to an unsupported operation,
- * the RSA context stays intact and remains usable.
- *
- * \note The length parameters are ignored if the corresponding
- * buffer pointers are NULL.
- *
- * \param ctx The initialized RSA context.
- * \param N The Byte array to store the RSA modulus,
- * or \c NULL if this field need not be exported.
- * \param N_len The size of the buffer for the modulus.
- * \param P The Byte array to hold the first prime factor of \p N,
- * or \c NULL if this field need not be exported.
- * \param P_len The size of the buffer for the first prime factor.
- * \param Q The Byte array to hold the second prime factor of \p N,
- * or \c NULL if this field need not be exported.
- * \param Q_len The size of the buffer for the second prime factor.
- * \param D The Byte array to hold the private exponent,
- * or \c NULL if this field need not be exported.
- * \param D_len The size of the buffer for the private exponent.
- * \param E The Byte array to hold the public exponent,
- * or \c NULL if this field need not be exported.
- * \param E_len The size of the buffer for the public exponent.
- *
- * \return \c 0 on success.
- * \return #MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED if exporting the
- * requested parameters cannot be done due to missing
- * functionality or because of security policies.
- * \return A non-zero return code on any other failure.
- */
-int mbedtls_rsa_export_raw(const mbedtls_rsa_context *ctx,
- unsigned char *N, size_t N_len,
- unsigned char *P, size_t P_len,
- unsigned char *Q, size_t Q_len,
- unsigned char *D, size_t D_len,
- unsigned char *E, size_t E_len);
-
-/**
- * \brief This function exports CRT parameters of a private RSA key.
- *
- * \note Alternative RSA implementations not using CRT-parameters
- * internally can implement this function based on
- * mbedtls_rsa_deduce_opt().
- *
- * \param ctx The initialized RSA context.
- * \param DP The MPI to hold \c D modulo `P-1`,
- * or \c NULL if it need not be exported.
- * \param DQ The MPI to hold \c D modulo `Q-1`,
- * or \c NULL if it need not be exported.
- * \param QP The MPI to hold modular inverse of \c Q modulo \c P,
- * or \c NULL if it need not be exported.
- *
- * \return \c 0 on success.
- * \return A non-zero error code on failure.
- *
- */
-int mbedtls_rsa_export_crt(const mbedtls_rsa_context *ctx,
- mbedtls_mpi *DP, mbedtls_mpi *DQ, mbedtls_mpi *QP);
-
-/**
- * \brief This function retrieves the length of the RSA modulus in bits.
- *
- * \param ctx The initialized RSA context.
- *
- * \return The length of the RSA modulus in bits.
- *
- */
-size_t mbedtls_rsa_get_bitlen(const mbedtls_rsa_context *ctx);
-
-/**
- * \brief This function retrieves the length of RSA modulus in Bytes.
- *
- * \param ctx The initialized RSA context.
- *
- * \return The length of the RSA modulus in Bytes.
- *
- */
-size_t mbedtls_rsa_get_len(const mbedtls_rsa_context *ctx);
-
-/**
- * \brief This function generates an RSA keypair.
- *
- * \note mbedtls_rsa_init() must be called before this function,
- * to set up the RSA context.
- *
- * \param ctx The initialized RSA context used to hold the key.
- * \param f_rng The RNG function to be used for key generation.
- * This is mandatory and must not be \c NULL.
- * \param p_rng The RNG context to be passed to \p f_rng.
- * This may be \c NULL if \p f_rng doesn't need a context.
- * \param nbits The size of the public key in bits.
- * \param exponent The public exponent to use. For example, \c 65537.
- * This must be odd and greater than \c 1.
- *
- * \return \c 0 on success.
- * \return An \c MBEDTLS_ERR_RSA_XXX error code on failure.
- */
-int mbedtls_rsa_gen_key(mbedtls_rsa_context *ctx,
- int (*f_rng)(void *, unsigned char *, size_t),
- void *p_rng,
- unsigned int nbits, int exponent);
-
-/**
- * \brief This function checks if a context contains at least an RSA
- * public key.
- *
- * If the function runs successfully, it is guaranteed that
- * enough information is present to perform an RSA public key
- * operation using mbedtls_rsa_public().
- *
- * \param ctx The initialized RSA context to check.
- *
- * \return \c 0 on success.
- * \return An \c MBEDTLS_ERR_RSA_XXX error code on failure.
- *
- */
-int mbedtls_rsa_check_pubkey(const mbedtls_rsa_context *ctx);
-
-/**
- * \brief This function checks if a context contains an RSA private key
- * and perform basic consistency checks.
- *
- * \note The consistency checks performed by this function not only
- * ensure that mbedtls_rsa_private() can be called successfully
- * on the given context, but that the various parameters are
- * mutually consistent with high probability, in the sense that
- * mbedtls_rsa_public() and mbedtls_rsa_private() are inverses.
- *
- * \warning This function should catch accidental misconfigurations
- * like swapping of parameters, but it cannot establish full
- * trust in neither the quality nor the consistency of the key
- * material that was used to setup the given RSA context:
- * - Consistency: Imported parameters that are irrelevant
- * for the implementation might be silently dropped. If dropped,
- * the current function does not have access to them,
- * and therefore cannot check them. See mbedtls_rsa_complete().
- * If you want to check the consistency of the entire
- * content of a PKCS1-encoded RSA private key, for example, you
- * should use mbedtls_rsa_validate_params() before setting
- * up the RSA context.
- * Additionally, if the implementation performs empirical checks,
- * these checks substantiate but do not guarantee consistency.
- * - Quality: This function is not expected to perform
- * extended quality assessments like checking that the prime
- * factors are safe. Additionally, it is the responsibility of the
- * user to ensure the trustworthiness of the source of his RSA
- * parameters, which goes beyond what is effectively checkable
- * by the library.
- *
- * \param ctx The initialized RSA context to check.
- *
- * \return \c 0 on success.
- * \return An \c MBEDTLS_ERR_RSA_XXX error code on failure.
- */
-int mbedtls_rsa_check_privkey(const mbedtls_rsa_context *ctx);
-
-/**
- * \brief This function checks a public-private RSA key pair.
- *
- * It checks each of the contexts, and makes sure they match.
- *
- * \param pub The initialized RSA context holding the public key.
- * \param prv The initialized RSA context holding the private key.
- *
- * \return \c 0 on success.
- * \return An \c MBEDTLS_ERR_RSA_XXX error code on failure.
- */
-int mbedtls_rsa_check_pub_priv(const mbedtls_rsa_context *pub,
- const mbedtls_rsa_context *prv);
-
-/**
- * \brief This function performs an RSA public key operation.
- *
- * \param ctx The initialized RSA context to use.
- * \param input The input buffer. This must be a readable buffer
- * of length \c ctx->len Bytes. For example, \c 256 Bytes
- * for an 2048-bit RSA modulus.
- * \param output The output buffer. This must be a writable buffer
- * of length \c ctx->len Bytes. For example, \c 256 Bytes
- * for an 2048-bit RSA modulus.
- *
- * \note This function does not handle message padding.
- *
- * \note Make sure to set \p input[0] = 0 or ensure that
- * input is smaller than \c N.
- *
- * \return \c 0 on success.
- * \return An \c MBEDTLS_ERR_RSA_XXX error code on failure.
- */
-int mbedtls_rsa_public(mbedtls_rsa_context *ctx,
- const unsigned char *input,
- unsigned char *output);
-
-/**
- * \brief This function performs an RSA private key operation.
- *
- * \note Blinding is used if and only if a PRNG is provided.
- *
- * \note If blinding is used, both the base of exponentiation
- * and the exponent are blinded, providing protection
- * against some side-channel attacks.
- *
- * \warning It is deprecated and a security risk to not provide
- * a PRNG here and thereby prevent the use of blinding.
- * Future versions of the library may enforce the presence
- * of a PRNG.
- *
- * \param ctx The initialized RSA context to use.
- * \param f_rng The RNG function, used for blinding. It is mandatory.
- * \param p_rng The RNG context to pass to \p f_rng. This may be \c NULL
- * if \p f_rng doesn't need a context.
- * \param input The input buffer. This must be a readable buffer
- * of length \c ctx->len Bytes. For example, \c 256 Bytes
- * for an 2048-bit RSA modulus.
- * \param output The output buffer. This must be a writable buffer
- * of length \c ctx->len Bytes. For example, \c 256 Bytes
- * for an 2048-bit RSA modulus.
- *
- * \return \c 0 on success.
- * \return An \c MBEDTLS_ERR_RSA_XXX error code on failure.
- *
- */
-int mbedtls_rsa_private(mbedtls_rsa_context *ctx,
- int (*f_rng)(void *, unsigned char *, size_t),
- void *p_rng,
- const unsigned char *input,
- unsigned char *output);
-
-/**
- * \brief This function adds the message padding, then performs an RSA
- * operation.
- *
- * It is the generic wrapper for performing a PKCS#1 encryption
- * operation.
- *
- * \param ctx The initialized RSA context to use.
- * \param f_rng The RNG to use. It is used for padding generation
- * and it is mandatory.
- * \param p_rng The RNG context to be passed to \p f_rng. May be
- * \c NULL if \p f_rng doesn't need a context argument.
- * \param ilen The length of the plaintext in Bytes.
- * \param input The input data to encrypt. This must be a readable
- * buffer of size \p ilen Bytes. It may be \c NULL if
- * `ilen == 0`.
- * \param output The output buffer. This must be a writable buffer
- * of length \c ctx->len Bytes. For example, \c 256 Bytes
- * for an 2048-bit RSA modulus.
- *
- * \return \c 0 on success.
- * \return An \c MBEDTLS_ERR_RSA_XXX error code on failure.
- */
-int mbedtls_rsa_pkcs1_encrypt(mbedtls_rsa_context *ctx,
- int (*f_rng)(void *, unsigned char *, size_t),
- void *p_rng,
- size_t ilen,
- const unsigned char *input,
- unsigned char *output);
-
-/**
- * \brief This function performs a PKCS#1 v1.5 encryption operation
- * (RSAES-PKCS1-v1_5-ENCRYPT).
- *
- * \param ctx The initialized RSA context to use.
- * \param f_rng The RNG function to use. It is mandatory and used for
- * padding generation.
- * \param p_rng The RNG context to be passed to \p f_rng. This may
- * be \c NULL if \p f_rng doesn't need a context argument.
- * \param ilen The length of the plaintext in Bytes.
- * \param input The input data to encrypt. This must be a readable
- * buffer of size \p ilen Bytes. It may be \c NULL if
- * `ilen == 0`.
- * \param output The output buffer. This must be a writable buffer
- * of length \c ctx->len Bytes. For example, \c 256 Bytes
- * for an 2048-bit RSA modulus.
- *
- * \return \c 0 on success.
- * \return An \c MBEDTLS_ERR_RSA_XXX error code on failure.
- */
-int mbedtls_rsa_rsaes_pkcs1_v15_encrypt(mbedtls_rsa_context *ctx,
- int (*f_rng)(void *, unsigned char *, size_t),
- void *p_rng,
- size_t ilen,
- const unsigned char *input,
- unsigned char *output);
-
-/**
- * \brief This function performs a PKCS#1 v2.1 OAEP encryption
- * operation (RSAES-OAEP-ENCRYPT).
- *
- * \note The output buffer must be as large as the size
- * of ctx->N. For example, 128 Bytes if RSA-1024 is used.
- *
- * \param ctx The initialized RSA context to use.
- * \param f_rng The RNG function to use. This is needed for padding
- * generation and is mandatory.
- * \param p_rng The RNG context to be passed to \p f_rng. This may
- * be \c NULL if \p f_rng doesn't need a context argument.
- * \param label The buffer holding the custom label to use.
- * This must be a readable buffer of length \p label_len
- * Bytes. It may be \c NULL if \p label_len is \c 0.
- * \param label_len The length of the label in Bytes.
- * \param ilen The length of the plaintext buffer \p input in Bytes.
- * \param input The input data to encrypt. This must be a readable
- * buffer of size \p ilen Bytes. It may be \c NULL if
- * `ilen == 0`.
- * \param output The output buffer. This must be a writable buffer
- * of length \c ctx->len Bytes. For example, \c 256 Bytes
- * for an 2048-bit RSA modulus.
- *
- * \return \c 0 on success.
- * \return An \c MBEDTLS_ERR_RSA_XXX error code on failure.
- */
-int mbedtls_rsa_rsaes_oaep_encrypt(mbedtls_rsa_context *ctx,
- int (*f_rng)(void *, unsigned char *, size_t),
- void *p_rng,
- const unsigned char *label, size_t label_len,
- size_t ilen,
- const unsigned char *input,
- unsigned char *output);
-
-/**
- * \brief This function performs an RSA operation, then removes the
- * message padding.
- *
- * It is the generic wrapper for performing a PKCS#1 decryption
- * operation.
- *
- * \warning When \p ctx->padding is set to #MBEDTLS_RSA_PKCS_V15,
- * mbedtls_rsa_rsaes_pkcs1_v15_decrypt() is called, which is an
- * inherently dangerous function (CWE-242).
- *
- * \note The output buffer length \c output_max_len should be
- * as large as the size \p ctx->len of \p ctx->N (for example,
- * 128 Bytes if RSA-1024 is used) to be able to hold an
- * arbitrary decrypted message. If it is not large enough to
- * hold the decryption of the particular ciphertext provided,
- * the function returns \c MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE.
- *
- * \param ctx The initialized RSA context to use.
- * \param f_rng The RNG function. This is used for blinding and is
- * mandatory; see mbedtls_rsa_private() for more.
- * \param p_rng The RNG context to be passed to \p f_rng. This may be
- * \c NULL if \p f_rng doesn't need a context.
- * \param olen The address at which to store the length of
- * the plaintext. This must not be \c NULL.
- * \param input The ciphertext buffer. This must be a readable buffer
- * of length \c ctx->len Bytes. For example, \c 256 Bytes
- * for an 2048-bit RSA modulus.
- * \param output The buffer used to hold the plaintext. This must
- * be a writable buffer of length \p output_max_len Bytes.
- * \param output_max_len The length in Bytes of the output buffer \p output.
- *
- * \return \c 0 on success.
- * \return An \c MBEDTLS_ERR_RSA_XXX error code on failure.
- */
-int mbedtls_rsa_pkcs1_decrypt(mbedtls_rsa_context *ctx,
- int (*f_rng)(void *, unsigned char *, size_t),
- void *p_rng,
- size_t *olen,
- const unsigned char *input,
- unsigned char *output,
- size_t output_max_len);
-
-/**
- * \brief This function performs a PKCS#1 v1.5 decryption
- * operation (RSAES-PKCS1-v1_5-DECRYPT).
- *
- * \warning This is an inherently dangerous function (CWE-242). Unless
- * it is used in a side channel free and safe way (eg.
- * implementing the TLS protocol as per 7.4.7.1 of RFC 5246),
- * the calling code is vulnerable.
- *
- * \note The output buffer length \c output_max_len should be
- * as large as the size \p ctx->len of \p ctx->N, for example,
- * 128 Bytes if RSA-1024 is used, to be able to hold an
- * arbitrary decrypted message. If it is not large enough to
- * hold the decryption of the particular ciphertext provided,
- * the function returns #MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE.
- *
- * \param ctx The initialized RSA context to use.
- * \param f_rng The RNG function. This is used for blinding and is
- * mandatory; see mbedtls_rsa_private() for more.
- * \param p_rng The RNG context to be passed to \p f_rng. This may be
- * \c NULL if \p f_rng doesn't need a context.
- * \param olen The address at which to store the length of
- * the plaintext. This must not be \c NULL.
- * \param input The ciphertext buffer. This must be a readable buffer
- * of length \c ctx->len Bytes. For example, \c 256 Bytes
- * for an 2048-bit RSA modulus.
- * \param output The buffer used to hold the plaintext. This must
- * be a writable buffer of length \p output_max_len Bytes.
- * \param output_max_len The length in Bytes of the output buffer \p output.
- *
- * \return \c 0 on success.
- * \return An \c MBEDTLS_ERR_RSA_XXX error code on failure.
- *
- */
-int mbedtls_rsa_rsaes_pkcs1_v15_decrypt(mbedtls_rsa_context *ctx,
- int (*f_rng)(void *, unsigned char *, size_t),
- void *p_rng,
- size_t *olen,
- const unsigned char *input,
- unsigned char *output,
- size_t output_max_len);
-
-/**
- * \brief This function performs a PKCS#1 v2.1 OAEP decryption
- * operation (RSAES-OAEP-DECRYPT).
- *
- * \note The output buffer length \c output_max_len should be
- * as large as the size \p ctx->len of \p ctx->N, for
- * example, 128 Bytes if RSA-1024 is used, to be able to
- * hold an arbitrary decrypted message. If it is not
- * large enough to hold the decryption of the particular
- * ciphertext provided, the function returns
- * #MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE.
- *
- * \param ctx The initialized RSA context to use.
- * \param f_rng The RNG function. This is used for blinding and is
- * mandatory.
- * \param p_rng The RNG context to be passed to \p f_rng. This may be
- * \c NULL if \p f_rng doesn't need a context.
- * \param label The buffer holding the custom label to use.
- * This must be a readable buffer of length \p label_len
- * Bytes. It may be \c NULL if \p label_len is \c 0.
- * \param label_len The length of the label in Bytes.
- * \param olen The address at which to store the length of
- * the plaintext. This must not be \c NULL.
- * \param input The ciphertext buffer. This must be a readable buffer
- * of length \c ctx->len Bytes. For example, \c 256 Bytes
- * for an 2048-bit RSA modulus.
- * \param output The buffer used to hold the plaintext. This must
- * be a writable buffer of length \p output_max_len Bytes.
- * \param output_max_len The length in Bytes of the output buffer \p output.
- *
- * \return \c 0 on success.
- * \return An \c MBEDTLS_ERR_RSA_XXX error code on failure.
- */
-int mbedtls_rsa_rsaes_oaep_decrypt(mbedtls_rsa_context *ctx,
- int (*f_rng)(void *, unsigned char *, size_t),
- void *p_rng,
- const unsigned char *label, size_t label_len,
- size_t *olen,
- const unsigned char *input,
- unsigned char *output,
- size_t output_max_len);
-
-/**
- * \brief This function performs a private RSA operation to sign
- * a message digest using PKCS#1.
- *
- * It is the generic wrapper for performing a PKCS#1
- * signature.
- *
- * \note The \p sig buffer must be as large as the size
- * of \p ctx->N. For example, 128 Bytes if RSA-1024 is used.
- *
- * \note For PKCS#1 v2.1 encoding, see comments on
- * mbedtls_rsa_rsassa_pss_sign() for details on
- * \p md_alg and \p hash_id.
- *
- * \param ctx The initialized RSA context to use.
- * \param f_rng The RNG function to use. This is mandatory and
- * must not be \c NULL.
- * \param p_rng The RNG context to be passed to \p f_rng. This may be \c NULL
- * if \p f_rng doesn't need a context argument.
- * \param md_alg The message-digest algorithm used to hash the original data.
- * Use #MBEDTLS_MD_NONE for signing raw data.
- * \param hashlen The length of the message digest or raw data in Bytes.
- * If \p md_alg is not #MBEDTLS_MD_NONE, this must match the
- * output length of the corresponding hash algorithm.
- * \param hash The buffer holding the message digest or raw data.
- * This must be a readable buffer of at least \p hashlen Bytes.
- * \param sig The buffer to hold the signature. This must be a writable
- * buffer of length \c ctx->len Bytes. For example, \c 256 Bytes
- * for an 2048-bit RSA modulus. A buffer length of
- * #MBEDTLS_MPI_MAX_SIZE is always safe.
- *
- * \return \c 0 if the signing operation was successful.
- * \return An \c MBEDTLS_ERR_RSA_XXX error code on failure.
- */
-int mbedtls_rsa_pkcs1_sign(mbedtls_rsa_context *ctx,
- int (*f_rng)(void *, unsigned char *, size_t),
- void *p_rng,
- mbedtls_md_type_t md_alg,
- unsigned int hashlen,
- const unsigned char *hash,
- unsigned char *sig);
-
-/**
- * \brief This function performs a PKCS#1 v1.5 signature
- * operation (RSASSA-PKCS1-v1_5-SIGN).
- *
- * \param ctx The initialized RSA context to use.
- * \param f_rng The RNG function. This is used for blinding and is
- * mandatory; see mbedtls_rsa_private() for more.
- * \param p_rng The RNG context to be passed to \p f_rng. This may be \c NULL
- * if \p f_rng doesn't need a context argument.
- * \param md_alg The message-digest algorithm used to hash the original data.
- * Use #MBEDTLS_MD_NONE for signing raw data.
- * \param hashlen The length of the message digest or raw data in Bytes.
- * If \p md_alg is not #MBEDTLS_MD_NONE, this must match the
- * output length of the corresponding hash algorithm.
- * \param hash The buffer holding the message digest or raw data.
- * This must be a readable buffer of at least \p hashlen Bytes.
- * \param sig The buffer to hold the signature. This must be a writable
- * buffer of length \c ctx->len Bytes. For example, \c 256 Bytes
- * for an 2048-bit RSA modulus. A buffer length of
- * #MBEDTLS_MPI_MAX_SIZE is always safe.
- *
- * \return \c 0 if the signing operation was successful.
- * \return An \c MBEDTLS_ERR_RSA_XXX error code on failure.
- */
-int mbedtls_rsa_rsassa_pkcs1_v15_sign(mbedtls_rsa_context *ctx,
- int (*f_rng)(void *, unsigned char *, size_t),
- void *p_rng,
- mbedtls_md_type_t md_alg,
- unsigned int hashlen,
- const unsigned char *hash,
- unsigned char *sig);
-
-#if defined(MBEDTLS_PKCS1_V21)
-/**
- * \brief This function performs a PKCS#1 v2.1 PSS signature
- * operation (RSASSA-PSS-SIGN).
- *
- * \note The \c hash_id set in \p ctx by calling
- * mbedtls_rsa_set_padding() selects the hash used for the
- * encoding operation and for the mask generation function
- * (MGF1). For more details on the encoding operation and the
- * mask generation function, consult RFC-3447: Public-Key
- * Cryptography Standards (PKCS) #1 v2.1: RSA Cryptography
- * Specifications.
- *
- * \note This function enforces that the provided salt length complies
- * with FIPS 186-4 §5.5 (e) and RFC 8017 (PKCS#1 v2.2) §9.1.1
- * step 3. The constraint is that the hash length plus the salt
- * length plus 2 bytes must be at most the key length. If this
- * constraint is not met, this function returns
- * #MBEDTLS_ERR_RSA_BAD_INPUT_DATA.
- *
- * \param ctx The initialized RSA context to use.
- * \param f_rng The RNG function. It is mandatory and must not be \c NULL.
- * \param p_rng The RNG context to be passed to \p f_rng. This may be \c NULL
- * if \p f_rng doesn't need a context argument.
- * \param md_alg The message-digest algorithm used to hash the original data.
- * Use #MBEDTLS_MD_NONE for signing raw data.
- * \param hashlen The length of the message digest or raw data in Bytes.
- * If \p md_alg is not #MBEDTLS_MD_NONE, this must match the
- * output length of the corresponding hash algorithm.
- * \param hash The buffer holding the message digest or raw data.
- * This must be a readable buffer of at least \p hashlen Bytes.
- * \param saltlen The length of the salt that should be used.
- * If passed #MBEDTLS_RSA_SALT_LEN_ANY, the function will use
- * the largest possible salt length up to the hash length,
- * which is the largest permitted by some standards including
- * FIPS 186-4 §5.5.
- * \param sig The buffer to hold the signature. This must be a writable
- * buffer of length \c ctx->len Bytes. For example, \c 256 Bytes
- * for an 2048-bit RSA modulus. A buffer length of
- * #MBEDTLS_MPI_MAX_SIZE is always safe.
- *
- * \return \c 0 if the signing operation was successful.
- * \return An \c MBEDTLS_ERR_RSA_XXX error code on failure.
- */
-int mbedtls_rsa_rsassa_pss_sign_ext(mbedtls_rsa_context *ctx,
- int (*f_rng)(void *, unsigned char *, size_t),
- void *p_rng,
- mbedtls_md_type_t md_alg,
- unsigned int hashlen,
- const unsigned char *hash,
- int saltlen,
- unsigned char *sig);
-
-/**
- * \brief This function performs a PKCS#1 v2.1 PSS signature
- * operation (RSASSA-PSS-SIGN).
- *
- * \note The \c hash_id set in \p ctx by calling
- * mbedtls_rsa_set_padding() selects the hash used for the
- * encoding operation and for the mask generation function
- * (MGF1). For more details on the encoding operation and the
- * mask generation function, consult RFC-3447: Public-Key
- * Cryptography Standards (PKCS) #1 v2.1: RSA Cryptography
- * Specifications.
- *
- * \note This function always uses the maximum possible salt size,
- * up to the length of the payload hash. This choice of salt
- * size complies with FIPS 186-4 §5.5 (e) and RFC 8017 (PKCS#1
- * v2.2) §9.1.1 step 3. Furthermore this function enforces a
- * minimum salt size which is the hash size minus 2 bytes. If
- * this minimum size is too large given the key size (the salt
- * size, plus the hash size, plus 2 bytes must be no more than
- * the key size in bytes), this function returns
- * #MBEDTLS_ERR_RSA_BAD_INPUT_DATA.
- *
- * \param ctx The initialized RSA context to use.
- * \param f_rng The RNG function. It is mandatory and must not be \c NULL.
- * \param p_rng The RNG context to be passed to \p f_rng. This may be \c NULL
- * if \p f_rng doesn't need a context argument.
- * \param md_alg The message-digest algorithm used to hash the original data.
- * Use #MBEDTLS_MD_NONE for signing raw data.
- * \param hashlen The length of the message digest or raw data in Bytes.
- * If \p md_alg is not #MBEDTLS_MD_NONE, this must match the
- * output length of the corresponding hash algorithm.
- * \param hash The buffer holding the message digest or raw data.
- * This must be a readable buffer of at least \p hashlen Bytes.
- * \param sig The buffer to hold the signature. This must be a writable
- * buffer of length \c ctx->len Bytes. For example, \c 256 Bytes
- * for an 2048-bit RSA modulus. A buffer length of
- * #MBEDTLS_MPI_MAX_SIZE is always safe.
- *
- * \return \c 0 if the signing operation was successful.
- * \return An \c MBEDTLS_ERR_RSA_XXX error code on failure.
- */
-int mbedtls_rsa_rsassa_pss_sign(mbedtls_rsa_context *ctx,
- int (*f_rng)(void *, unsigned char *, size_t),
- void *p_rng,
- mbedtls_md_type_t md_alg,
- unsigned int hashlen,
- const unsigned char *hash,
- unsigned char *sig);
-#endif /* MBEDTLS_PKCS1_V21 */
-
-/**
- * \brief This function performs a public RSA operation and checks
- * the message digest.
- *
- * This is the generic wrapper for performing a PKCS#1
- * verification.
- *
- * \note For PKCS#1 v2.1 encoding, see comments on
- * mbedtls_rsa_rsassa_pss_verify() about \c md_alg and
- * \c hash_id.
- *
- * \param ctx The initialized RSA public key context to use.
- * \param md_alg The message-digest algorithm used to hash the original data.
- * Use #MBEDTLS_MD_NONE for signing raw data.
- * \param hashlen The length of the message digest or raw data in Bytes.
- * If \p md_alg is not #MBEDTLS_MD_NONE, this must match the
- * output length of the corresponding hash algorithm.
- * \param hash The buffer holding the message digest or raw data.
- * This must be a readable buffer of at least \p hashlen Bytes.
- * \param sig The buffer holding the signature. This must be a readable
- * buffer of length \c ctx->len Bytes. For example, \c 256 Bytes
- * for an 2048-bit RSA modulus.
- *
- * \return \c 0 if the verify operation was successful.
- * \return An \c MBEDTLS_ERR_RSA_XXX error code on failure.
- */
-int mbedtls_rsa_pkcs1_verify(mbedtls_rsa_context *ctx,
- mbedtls_md_type_t md_alg,
- unsigned int hashlen,
- const unsigned char *hash,
- const unsigned char *sig);
-
-/**
- * \brief This function performs a PKCS#1 v1.5 verification
- * operation (RSASSA-PKCS1-v1_5-VERIFY).
- *
- * \param ctx The initialized RSA public key context to use.
- * \param md_alg The message-digest algorithm used to hash the original data.
- * Use #MBEDTLS_MD_NONE for signing raw data.
- * \param hashlen The length of the message digest or raw data in Bytes.
- * If \p md_alg is not #MBEDTLS_MD_NONE, this must match the
- * output length of the corresponding hash algorithm.
- * \param hash The buffer holding the message digest or raw data.
- * This must be a readable buffer of at least \p hashlen Bytes.
- * \param sig The buffer holding the signature. This must be a readable
- * buffer of length \c ctx->len Bytes. For example, \c 256 Bytes
- * for an 2048-bit RSA modulus.
- *
- * \return \c 0 if the verify operation was successful.
- * \return An \c MBEDTLS_ERR_RSA_XXX error code on failure.
- */
-int mbedtls_rsa_rsassa_pkcs1_v15_verify(mbedtls_rsa_context *ctx,
- mbedtls_md_type_t md_alg,
- unsigned int hashlen,
- const unsigned char *hash,
- const unsigned char *sig);
-
-/**
- * \brief This function performs a PKCS#1 v2.1 PSS verification
- * operation (RSASSA-PSS-VERIFY).
- *
- * \note The \c hash_id set in \p ctx by calling
- * mbedtls_rsa_set_padding() selects the hash used for the
- * encoding operation and for the mask generation function
- * (MGF1). For more details on the encoding operation and the
- * mask generation function, consult RFC-3447: Public-Key
- * Cryptography Standards (PKCS) #1 v2.1: RSA Cryptography
- * Specifications. If the \c hash_id set in \p ctx by
- * mbedtls_rsa_set_padding() is #MBEDTLS_MD_NONE, the \p md_alg
- * parameter is used.
- *
- * \param ctx The initialized RSA public key context to use.
- * \param md_alg The message-digest algorithm used to hash the original data.
- * Use #MBEDTLS_MD_NONE for signing raw data.
- * \param hashlen The length of the message digest or raw data in Bytes.
- * If \p md_alg is not #MBEDTLS_MD_NONE, this must match the
- * output length of the corresponding hash algorithm.
- * \param hash The buffer holding the message digest or raw data.
- * This must be a readable buffer of at least \p hashlen Bytes.
- * \param sig The buffer holding the signature. This must be a readable
- * buffer of length \c ctx->len Bytes. For example, \c 256 Bytes
- * for an 2048-bit RSA modulus.
- *
- * \return \c 0 if the verify operation was successful.
- * \return An \c MBEDTLS_ERR_RSA_XXX error code on failure.
- */
-int mbedtls_rsa_rsassa_pss_verify(mbedtls_rsa_context *ctx,
- mbedtls_md_type_t md_alg,
- unsigned int hashlen,
- const unsigned char *hash,
- const unsigned char *sig);
-
-/**
- * \brief This function performs a PKCS#1 v2.1 PSS verification
- * operation (RSASSA-PSS-VERIFY).
- *
- * \note The \p sig buffer must be as large as the size
- * of \p ctx->N. For example, 128 Bytes if RSA-1024 is used.
- *
- * \note The \c hash_id set in \p ctx by mbedtls_rsa_set_padding() is
- * ignored.
- *
- * \param ctx The initialized RSA public key context to use.
- * \param md_alg The message-digest algorithm used to hash the original data.
- * Use #MBEDTLS_MD_NONE for signing raw data.
- * \param hashlen The length of the message digest or raw data in Bytes.
- * If \p md_alg is not #MBEDTLS_MD_NONE, this must match the
- * output length of the corresponding hash algorithm.
- * \param hash The buffer holding the message digest or raw data.
- * This must be a readable buffer of at least \p hashlen Bytes.
- * \param mgf1_hash_id The message digest algorithm used for the
- * verification operation and the mask generation
- * function (MGF1). For more details on the encoding
- * operation and the mask generation function, consult
- * RFC-3447: Public-Key Cryptography Standards
- * (PKCS) #1 v2.1: RSA Cryptography
- * Specifications.
- * \param expected_salt_len The length of the salt used in padding. Use
- * #MBEDTLS_RSA_SALT_LEN_ANY to accept any salt length.
- * \param sig The buffer holding the signature. This must be a readable
- * buffer of length \c ctx->len Bytes. For example, \c 256 Bytes
- * for an 2048-bit RSA modulus.
- *
- * \return \c 0 if the verify operation was successful.
- * \return An \c MBEDTLS_ERR_RSA_XXX error code on failure.
- */
-int mbedtls_rsa_rsassa_pss_verify_ext(mbedtls_rsa_context *ctx,
- mbedtls_md_type_t md_alg,
- unsigned int hashlen,
- const unsigned char *hash,
- mbedtls_md_type_t mgf1_hash_id,
- int expected_salt_len,
- const unsigned char *sig);
-
-/**
- * \brief This function copies the components of an RSA context.
- *
- * \param dst The destination context. This must be initialized.
- * \param src The source context. This must be initialized.
- *
- * \return \c 0 on success.
- * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED on memory allocation failure.
- */
-int mbedtls_rsa_copy(mbedtls_rsa_context *dst, const mbedtls_rsa_context *src);
-
-/**
- * \brief This function frees the components of an RSA key.
- *
- * \param ctx The RSA context to free. May be \c NULL, in which case
- * this function is a no-op. If it is not \c NULL, it must
- * point to an initialized RSA context.
- */
-void mbedtls_rsa_free(mbedtls_rsa_context *ctx);
-
-#if defined(MBEDTLS_SELF_TEST)
-
-/**
- * \brief The RSA checkup routine.
- *
- * \return \c 0 on success.
- * \return \c 1 on failure.
- */
-int mbedtls_rsa_self_test(int verbose);
-
-#endif /* MBEDTLS_SELF_TEST */
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* rsa.h */
diff --git a/include/mbedtls/sha256.h b/include/mbedtls/sha256.h
deleted file mode 100644
index ca568e2..0000000
--- a/include/mbedtls/sha256.h
+++ /dev/null
@@ -1,200 +0,0 @@
-/**
- * \file sha256.h
- *
- * \brief This file contains SHA-224 and SHA-256 definitions and functions.
- *
- * The Secure Hash Algorithms 224 and 256 (SHA-224 and SHA-256) cryptographic
- * hash functions are defined in FIPS 180-4: Secure Hash Standard (SHS).
- */
-/*
- * Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
- */
-#ifndef MBEDTLS_SHA256_H
-#define MBEDTLS_SHA256_H
-#include "mbedtls/private_access.h"
-
-#include "mbedtls/build_info.h"
-
-#include
-#include
-
-/** SHA-256 input data was malformed. */
-#define MBEDTLS_ERR_SHA256_BAD_INPUT_DATA -0x0074
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-#if !defined(MBEDTLS_SHA256_ALT)
-// Regular implementation
-//
-
-/**
- * \brief The SHA-256 context structure.
- *
- * The structure is used both for SHA-256 and for SHA-224
- * checksum calculations. The choice between these two is
- * made in the call to mbedtls_sha256_starts().
- */
-typedef struct mbedtls_sha256_context {
- unsigned char MBEDTLS_PRIVATE(buffer)[64]; /*!< The data block being processed. */
- uint32_t MBEDTLS_PRIVATE(total)[2]; /*!< The number of Bytes processed. */
- uint32_t MBEDTLS_PRIVATE(state)[8]; /*!< The intermediate digest state. */
-#if defined(MBEDTLS_SHA224_C)
- int MBEDTLS_PRIVATE(is224); /*!< Determines which function to use:
- 0: Use SHA-256, or 1: Use SHA-224. */
-#endif
-}
-mbedtls_sha256_context;
-
-#else /* MBEDTLS_SHA256_ALT */
-#include "sha256_alt.h"
-#endif /* MBEDTLS_SHA256_ALT */
-
-/**
- * \brief This function initializes a SHA-256 context.
- *
- * \param ctx The SHA-256 context to initialize. This must not be \c NULL.
- */
-void mbedtls_sha256_init(mbedtls_sha256_context *ctx);
-
-/**
- * \brief This function clears a SHA-256 context.
- *
- * \param ctx The SHA-256 context to clear. This may be \c NULL, in which
- * case this function returns immediately. If it is not \c NULL,
- * it must point to an initialized SHA-256 context.
- */
-void mbedtls_sha256_free(mbedtls_sha256_context *ctx);
-
-/**
- * \brief This function clones the state of a SHA-256 context.
- *
- * \param dst The destination context. This must be initialized.
- * \param src The context to clone. This must be initialized.
- */
-void mbedtls_sha256_clone(mbedtls_sha256_context *dst,
- const mbedtls_sha256_context *src);
-
-/**
- * \brief This function starts a SHA-224 or SHA-256 checksum
- * calculation.
- *
- * \param ctx The context to use. This must be initialized.
- * \param is224 This determines which function to use. This must be
- * either \c 0 for SHA-256, or \c 1 for SHA-224.
- *
- * \note is224 must be defined accordingly to the enabled
- * MBEDTLS_SHA224_C/MBEDTLS_SHA256_C symbols otherwise the
- * function will return #MBEDTLS_ERR_SHA512_BAD_INPUT_DATA.
- *
- * \return \c 0 on success.
- * \return A negative error code on failure.
- */
-int mbedtls_sha256_starts(mbedtls_sha256_context *ctx, int is224);
-
-/**
- * \brief This function feeds an input buffer into an ongoing
- * SHA-256 checksum calculation.
- *
- * \param ctx The SHA-256 context. This must be initialized
- * and have a hash operation started.
- * \param input The buffer holding the data. This must be a readable
- * buffer of length \p ilen Bytes.
- * \param ilen The length of the input data in Bytes.
- *
- * \return \c 0 on success.
- * \return A negative error code on failure.
- */
-int mbedtls_sha256_update(mbedtls_sha256_context *ctx,
- const unsigned char *input,
- size_t ilen);
-
-/**
- * \brief This function finishes the SHA-256 operation, and writes
- * the result to the output buffer.
- *
- * \param ctx The SHA-256 context. This must be initialized
- * and have a hash operation started.
- * \param output The SHA-224 or SHA-256 checksum result.
- * This must be a writable buffer of length \c 32 bytes
- * for SHA-256, \c 28 bytes for SHA-224.
- *
- * \return \c 0 on success.
- * \return A negative error code on failure.
- */
-int mbedtls_sha256_finish(mbedtls_sha256_context *ctx,
- unsigned char *output);
-
-/**
- * \brief This function processes a single data block within
- * the ongoing SHA-256 computation. This function is for
- * internal use only.
- *
- * \param ctx The SHA-256 context. This must be initialized.
- * \param data The buffer holding one block of data. This must
- * be a readable buffer of length \c 64 Bytes.
- *
- * \return \c 0 on success.
- * \return A negative error code on failure.
- */
-int mbedtls_internal_sha256_process(mbedtls_sha256_context *ctx,
- const unsigned char data[64]);
-
-/**
- * \brief This function calculates the SHA-224 or SHA-256
- * checksum of a buffer.
- *
- * The function allocates the context, performs the
- * calculation, and frees the context.
- *
- * The SHA-256 result is calculated as
- * output = SHA-256(input buffer).
- *
- * \param input The buffer holding the data. This must be a readable
- * buffer of length \p ilen Bytes.
- * \param ilen The length of the input data in Bytes.
- * \param output The SHA-224 or SHA-256 checksum result.
- * This must be a writable buffer of length \c 32 bytes
- * for SHA-256, \c 28 bytes for SHA-224.
- * \param is224 Determines which function to use. This must be
- * either \c 0 for SHA-256, or \c 1 for SHA-224.
- *
- * \return \c 0 on success.
- * \return A negative error code on failure.
- */
-int mbedtls_sha256(const unsigned char *input,
- size_t ilen,
- unsigned char *output,
- int is224);
-
-#if defined(MBEDTLS_SELF_TEST)
-
-#if defined(MBEDTLS_SHA224_C)
-/**
- * \brief The SHA-224 checkup routine.
- *
- * \return \c 0 on success.
- * \return \c 1 on failure.
- */
-int mbedtls_sha224_self_test(int verbose);
-#endif /* MBEDTLS_SHA224_C */
-
-#if defined(MBEDTLS_SHA256_C)
-/**
- * \brief The SHA-256 checkup routine.
- *
- * \return \c 0 on success.
- * \return \c 1 on failure.
- */
-int mbedtls_sha256_self_test(int verbose);
-#endif /* MBEDTLS_SHA256_C */
-
-#endif /* MBEDTLS_SELF_TEST */
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* mbedtls_sha256.h */
diff --git a/include/mbedtls/sha512.h b/include/mbedtls/sha512.h
deleted file mode 100644
index 1c20e4c..0000000
--- a/include/mbedtls/sha512.h
+++ /dev/null
@@ -1,208 +0,0 @@
-/**
- * \file sha512.h
- * \brief This file contains SHA-384 and SHA-512 definitions and functions.
- *
- * The Secure Hash Algorithms 384 and 512 (SHA-384 and SHA-512) cryptographic
- * hash functions are defined in FIPS 180-4: Secure Hash Standard (SHS).
- */
-/*
- * Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
- */
-#ifndef MBEDTLS_SHA512_H
-#define MBEDTLS_SHA512_H
-#include "mbedtls/private_access.h"
-
-#include "mbedtls/build_info.h"
-
-#include
-#include
-
-/** SHA-512 input data was malformed. */
-#define MBEDTLS_ERR_SHA512_BAD_INPUT_DATA -0x0075
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-#if !defined(MBEDTLS_SHA512_ALT)
-// Regular implementation
-//
-
-/**
- * \brief The SHA-512 context structure.
- *
- * The structure is used both for SHA-384 and for SHA-512
- * checksum calculations. The choice between these two is
- * made in the call to mbedtls_sha512_starts().
- */
-typedef struct mbedtls_sha512_context {
- uint64_t MBEDTLS_PRIVATE(total)[2]; /*!< The number of Bytes processed. */
- uint64_t MBEDTLS_PRIVATE(state)[8]; /*!< The intermediate digest state. */
- unsigned char MBEDTLS_PRIVATE(buffer)[128]; /*!< The data block being processed. */
-#if defined(MBEDTLS_SHA384_C)
- int MBEDTLS_PRIVATE(is384); /*!< Determines which function to use:
- 0: Use SHA-512, or 1: Use SHA-384. */
-#endif
-}
-mbedtls_sha512_context;
-
-#else /* MBEDTLS_SHA512_ALT */
-#include "sha512_alt.h"
-#endif /* MBEDTLS_SHA512_ALT */
-
-/**
- * \brief This function initializes a SHA-512 context.
- *
- * \param ctx The SHA-512 context to initialize. This must
- * not be \c NULL.
- */
-void mbedtls_sha512_init(mbedtls_sha512_context *ctx);
-
-/**
- * \brief This function clears a SHA-512 context.
- *
- * \param ctx The SHA-512 context to clear. This may be \c NULL,
- * in which case this function does nothing. If it
- * is not \c NULL, it must point to an initialized
- * SHA-512 context.
- */
-void mbedtls_sha512_free(mbedtls_sha512_context *ctx);
-
-/**
- * \brief This function clones the state of a SHA-512 context.
- *
- * \param dst The destination context. This must be initialized.
- * \param src The context to clone. This must be initialized.
- */
-void mbedtls_sha512_clone(mbedtls_sha512_context *dst,
- const mbedtls_sha512_context *src);
-
-/**
- * \brief This function starts a SHA-384 or SHA-512 checksum
- * calculation.
- *
- * \param ctx The SHA-512 context to use. This must be initialized.
- * \param is384 Determines which function to use. This must be
- * either \c 0 for SHA-512, or \c 1 for SHA-384.
- *
- * \note is384 must be defined accordingly to the enabled
- * MBEDTLS_SHA384_C/MBEDTLS_SHA512_C symbols otherwise the
- * function will return #MBEDTLS_ERR_SHA512_BAD_INPUT_DATA.
- *
- * \return \c 0 on success.
- * \return A negative error code on failure.
- */
-int mbedtls_sha512_starts(mbedtls_sha512_context *ctx, int is384);
-
-/**
- * \brief This function feeds an input buffer into an ongoing
- * SHA-512 checksum calculation.
- *
- * \param ctx The SHA-512 context. This must be initialized
- * and have a hash operation started.
- * \param input The buffer holding the input data. This must
- * be a readable buffer of length \p ilen Bytes.
- * \param ilen The length of the input data in Bytes.
- *
- * \return \c 0 on success.
- * \return A negative error code on failure.
- */
-int mbedtls_sha512_update(mbedtls_sha512_context *ctx,
- const unsigned char *input,
- size_t ilen);
-
-/**
- * \brief This function finishes the SHA-512 operation, and writes
- * the result to the output buffer.
- *
- * \param ctx The SHA-512 context. This must be initialized
- * and have a hash operation started.
- * \param output The SHA-384 or SHA-512 checksum result.
- * This must be a writable buffer of length \c 64 bytes
- * for SHA-512, \c 48 bytes for SHA-384.
- *
- * \return \c 0 on success.
- * \return A negative error code on failure.
- */
-int mbedtls_sha512_finish(mbedtls_sha512_context *ctx,
- unsigned char *output);
-
-/**
- * \brief This function processes a single data block within
- * the ongoing SHA-512 computation.
- * This function is for internal use only.
- *
- * \param ctx The SHA-512 context. This must be initialized.
- * \param data The buffer holding one block of data. This
- * must be a readable buffer of length \c 128 Bytes.
- *
- * \return \c 0 on success.
- * \return A negative error code on failure.
- */
-int mbedtls_internal_sha512_process(mbedtls_sha512_context *ctx,
- const unsigned char data[128]);
-
-/**
- * \brief This function calculates the SHA-512 or SHA-384
- * checksum of a buffer.
- *
- * The function allocates the context, performs the
- * calculation, and frees the context.
- *
- * The SHA-512 result is calculated as
- * output = SHA-512(input buffer).
- *
- * \param input The buffer holding the input data. This must be
- * a readable buffer of length \p ilen Bytes.
- * \param ilen The length of the input data in Bytes.
- * \param output The SHA-384 or SHA-512 checksum result.
- * This must be a writable buffer of length \c 64 bytes
- * for SHA-512, \c 48 bytes for SHA-384.
- * \param is384 Determines which function to use. This must be either
- * \c 0 for SHA-512, or \c 1 for SHA-384.
- *
- * \note is384 must be defined accordingly with the supported
- * symbols in the config file. If:
- * - is384 is 0, but \c MBEDTLS_SHA384_C is not defined, or
- * - is384 is 1, but \c MBEDTLS_SHA512_C is not defined
- * then the function will return
- * #MBEDTLS_ERR_SHA512_BAD_INPUT_DATA.
- *
- * \return \c 0 on success.
- * \return A negative error code on failure.
- */
-int mbedtls_sha512(const unsigned char *input,
- size_t ilen,
- unsigned char *output,
- int is384);
-
-#if defined(MBEDTLS_SELF_TEST)
-
-#if defined(MBEDTLS_SHA384_C)
-/**
- * \brief The SHA-384 checkup routine.
- *
- * \return \c 0 on success.
- * \return \c 1 on failure.
- */
-int mbedtls_sha384_self_test(int verbose);
-#endif /* MBEDTLS_SHA384_C */
-
-#if defined(MBEDTLS_SHA512_C)
-/**
- * \brief The SHA-512 checkup routine.
- *
- * \return \c 0 on success.
- * \return \c 1 on failure.
- */
-int mbedtls_sha512_self_test(int verbose);
-#endif /* MBEDTLS_SHA512_C */
-
-#endif /* MBEDTLS_SELF_TEST */
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* mbedtls_sha512.h */
diff --git a/include/mbedtls/threading.h b/include/mbedtls/threading.h
deleted file mode 100644
index d50d04e..0000000
--- a/include/mbedtls/threading.h
+++ /dev/null
@@ -1,137 +0,0 @@
-/**
- * \file threading.h
- *
- * \brief Threading abstraction layer
- */
-/*
- * Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
- */
-#ifndef MBEDTLS_THREADING_H
-#define MBEDTLS_THREADING_H
-#include "mbedtls/private_access.h"
-
-#include "mbedtls/build_info.h"
-
-#include
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/** Bad input parameters to function. */
-#define MBEDTLS_ERR_THREADING_BAD_INPUT_DATA -0x001C
-/** Locking / unlocking / free failed with error code. */
-#define MBEDTLS_ERR_THREADING_MUTEX_ERROR -0x001E
-
-#if defined(MBEDTLS_THREADING_PTHREAD)
-#include
-typedef struct mbedtls_threading_mutex_t {
- pthread_mutex_t MBEDTLS_PRIVATE(mutex);
-
- /* WARNING - state should only be accessed when holding the mutex lock in
- * tests/src/threading_helpers.c, otherwise corruption can occur.
- * state will be 0 after a failed init or a free, and nonzero after a
- * successful init. This field is for testing only and thus not considered
- * part of the public API of Mbed TLS and may change without notice.*/
- char MBEDTLS_PRIVATE(state);
-
-} mbedtls_threading_mutex_t;
-#endif
-
-#if defined(MBEDTLS_THREADING_ALT)
-/* You should define the mbedtls_threading_mutex_t type in your header */
-#include "threading_alt.h"
-
-/**
- * \brief Set your alternate threading implementation function
- * pointers and initialize global mutexes. If used, this
- * function must be called once in the main thread before any
- * other Mbed TLS function is called, and
- * mbedtls_threading_free_alt() must be called once in the main
- * thread after all other Mbed TLS functions.
- *
- * \note mutex_init() and mutex_free() don't return a status code.
- * If mutex_init() fails, it should leave its argument (the
- * mutex) in a state such that mutex_lock() will fail when
- * called with this argument.
- *
- * \param mutex_init the init function implementation
- * \param mutex_free the free function implementation
- * \param mutex_lock the lock function implementation
- * \param mutex_unlock the unlock function implementation
- */
-void mbedtls_threading_set_alt(void (*mutex_init)(mbedtls_threading_mutex_t *),
- void (*mutex_free)(mbedtls_threading_mutex_t *),
- int (*mutex_lock)(mbedtls_threading_mutex_t *),
- int (*mutex_unlock)(mbedtls_threading_mutex_t *));
-
-/**
- * \brief Free global mutexes.
- */
-void mbedtls_threading_free_alt(void);
-#endif /* MBEDTLS_THREADING_ALT */
-
-#if defined(MBEDTLS_THREADING_C)
-/*
- * The function pointers for mutex_init, mutex_free, mutex_ and mutex_unlock
- *
- * All these functions are expected to work or the result will be undefined.
- */
-extern void (*mbedtls_mutex_init)(mbedtls_threading_mutex_t *mutex);
-extern void (*mbedtls_mutex_free)(mbedtls_threading_mutex_t *mutex);
-extern int (*mbedtls_mutex_lock)(mbedtls_threading_mutex_t *mutex);
-extern int (*mbedtls_mutex_unlock)(mbedtls_threading_mutex_t *mutex);
-
-/*
- * Global mutexes
- */
-#if defined(MBEDTLS_FS_IO)
-extern mbedtls_threading_mutex_t mbedtls_threading_readdir_mutex;
-#endif
-
-#if defined(MBEDTLS_HAVE_TIME_DATE) && !defined(MBEDTLS_PLATFORM_GMTIME_R_ALT)
-/* This mutex may or may not be used in the default definition of
- * mbedtls_platform_gmtime_r(), but in order to determine that,
- * we need to check POSIX features, hence modify _POSIX_C_SOURCE.
- * With the current approach, this declaration is orphaned, lacking
- * an accompanying definition, in case mbedtls_platform_gmtime_r()
- * doesn't need it, but that's not a problem. */
-extern mbedtls_threading_mutex_t mbedtls_threading_gmtime_mutex;
-#endif /* MBEDTLS_HAVE_TIME_DATE && !MBEDTLS_PLATFORM_GMTIME_R_ALT */
-
-#if defined(MBEDTLS_PSA_CRYPTO_C)
-/*
- * A mutex used to make the PSA subsystem thread safe.
- *
- * key_slot_mutex protects the registered_readers and
- * state variable for all key slots in &global_data.key_slots.
- *
- * This mutex must be held when any read from or write to a state or
- * registered_readers field is performed, i.e. when calling functions:
- * psa_key_slot_state_transition(), psa_register_read(), psa_unregister_read(),
- * psa_key_slot_has_readers() and psa_wipe_key_slot(). */
-extern mbedtls_threading_mutex_t mbedtls_threading_key_slot_mutex;
-
-/*
- * A mutex used to make the non-rng PSA global_data struct members thread safe.
- *
- * This mutex must be held when reading or writing to any of the PSA global_data
- * structure members, other than the rng_state or rng struct. */
-extern mbedtls_threading_mutex_t mbedtls_threading_psa_globaldata_mutex;
-
-/*
- * A mutex used to make the PSA global_data rng data thread safe.
- *
- * This mutex must be held when reading or writing to the PSA
- * global_data rng_state or rng struct members. */
-extern mbedtls_threading_mutex_t mbedtls_threading_psa_rngdata_mutex;
-#endif
-
-#endif /* MBEDTLS_THREADING_C */
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* threading.h */
diff --git a/include/mbedtls/timing.h b/include/mbedtls/timing.h
deleted file mode 100644
index 62ae102..0000000
--- a/include/mbedtls/timing.h
+++ /dev/null
@@ -1,94 +0,0 @@
-/**
- * \file timing.h
- *
- * \brief Portable interface to timeouts and to the CPU cycle counter
- */
-/*
- * Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
- */
-#ifndef MBEDTLS_TIMING_H
-#define MBEDTLS_TIMING_H
-#include "mbedtls/private_access.h"
-
-#include "mbedtls/build_info.h"
-
-#include
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-#if !defined(MBEDTLS_TIMING_ALT)
-// Regular implementation
-//
-
-/**
- * \brief timer structure
- */
-struct mbedtls_timing_hr_time {
- uint64_t MBEDTLS_PRIVATE(opaque)[4];
-};
-
-/**
- * \brief Context for mbedtls_timing_set/get_delay()
- */
-typedef struct mbedtls_timing_delay_context {
- struct mbedtls_timing_hr_time MBEDTLS_PRIVATE(timer);
- uint32_t MBEDTLS_PRIVATE(int_ms);
- uint32_t MBEDTLS_PRIVATE(fin_ms);
-} mbedtls_timing_delay_context;
-
-#else /* MBEDTLS_TIMING_ALT */
-#include "timing_alt.h"
-#endif /* MBEDTLS_TIMING_ALT */
-
-/* Internal use */
-unsigned long mbedtls_timing_get_timer(struct mbedtls_timing_hr_time *val, int reset);
-
-/**
- * \brief Set a pair of delays to watch
- * (See \c mbedtls_timing_get_delay().)
- *
- * \param data Pointer to timing data.
- * Must point to a valid \c mbedtls_timing_delay_context struct.
- * \param int_ms First (intermediate) delay in milliseconds.
- * The effect if int_ms > fin_ms is unspecified.
- * \param fin_ms Second (final) delay in milliseconds.
- * Pass 0 to cancel the current delay.
- *
- * \note To set a single delay, either use \c mbedtls_timing_set_timer
- * directly or use this function with int_ms == fin_ms.
- */
-void mbedtls_timing_set_delay(void *data, uint32_t int_ms, uint32_t fin_ms);
-
-/**
- * \brief Get the status of delays
- * (Memory helper: number of delays passed.)
- *
- * \param data Pointer to timing data
- * Must point to a valid \c mbedtls_timing_delay_context struct.
- *
- * \return -1 if cancelled (fin_ms = 0),
- * 0 if none of the delays are passed,
- * 1 if only the intermediate delay is passed,
- * 2 if the final delay is passed.
- */
-int mbedtls_timing_get_delay(void *data);
-
-/**
- * \brief Get the final timing delay
- *
- * \param data Pointer to timing data
- * Must point to a valid \c mbedtls_timing_delay_context struct.
- *
- * \return Final timing delay in milliseconds.
- */
-uint32_t mbedtls_timing_get_final_delay(
- const mbedtls_timing_delay_context *data);
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* timing.h */
diff --git a/include/psa/crypto_extra.h b/include/psa/crypto_extra.h
index 1e830a2..580eae9 100644
--- a/include/psa/crypto_extra.h
+++ b/include/psa/crypto_extra.h
@@ -475,7 +475,7 @@ psa_status_t mbedtls_psa_external_get_random(
* This value is part of the library's ABI since changing it would invalidate
* the values of built-in key identifiers in applications.
*/
-#define MBEDTLS_PSA_KEY_ID_BUILTIN_MIN ((psa_key_id_t) 0x7fff0000)
+#define MBEDTLS_PSA_KEY_ID_BUILTIN_MIN ((psa_key_id_t) 0x40000000)
/** The maximum value for a key identifier that is built into the
* implementation.
diff --git a/include/psa/crypto_sizes.h b/include/psa/crypto_sizes.h
index fdc22ba..ab1cb56 100644
--- a/include/psa/crypto_sizes.h
+++ b/include/psa/crypto_sizes.h
@@ -262,6 +262,7 @@
/* The maximum size of an ECC key on this implementation, in bits.
* This is a vendor-specific macro. */
+#ifndef PSA_VENDOR_ECC_MAX_CURVE_BITS
#if defined(PSA_WANT_ECC_SECP_R1_521) /*!!OM*/
#define PSA_VENDOR_ECC_MAX_CURVE_BITS 521u
#elif defined(PSA_WANT_ECC_BRAINPOOL_P_R1_512)
@@ -295,6 +296,7 @@
#else
#define PSA_VENDOR_ECC_MAX_CURVE_BITS 0u
#endif
+#endif
/** This macro returns the maximum supported length of the PSK for the
* TLS-1.2 PSK-to-MS key derivation
diff --git a/include/psa/crypto_struct.h b/include/psa/crypto_struct.h
index e42d315..4a2b1d2 100644
--- a/include/psa/crypto_struct.h
+++ b/include/psa/crypto_struct.h
@@ -54,6 +54,8 @@
#define PSA_CRYPTO_STRUCT_H
#include "mbedtls/private_access.h"
+#include
+
#ifdef __cplusplus
extern "C" {
#endif
@@ -85,11 +87,9 @@ struct psa_hash_operation_s {
psa_driver_hash_context_t MBEDTLS_PRIVATE(ctx);
#endif
};
-#if defined(MBEDTLS_PSA_CRYPTO_CLIENT) && !defined(MBEDTLS_PSA_CRYPTO_C)
-#define PSA_HASH_OPERATION_INIT { 0 }
-#else
-#define PSA_HASH_OPERATION_INIT { 0, { 0 } }
-#endif
+
+#define PSA_HASH_OPERATION_INIT { }
+
static inline struct psa_hash_operation_s psa_hash_operation_init(void)
{
const struct psa_hash_operation_s v = PSA_HASH_OPERATION_INIT;
@@ -117,11 +117,9 @@ struct psa_cipher_operation_s {
#endif
};
-#if defined(MBEDTLS_PSA_CRYPTO_CLIENT) && !defined(MBEDTLS_PSA_CRYPTO_C)
-#define PSA_CIPHER_OPERATION_INIT { 0 }
-#else
-#define PSA_CIPHER_OPERATION_INIT { 0, 0, 0, 0, { 0 } }
-#endif
+
+#define PSA_CIPHER_OPERATION_INIT { }
+
static inline struct psa_cipher_operation_s psa_cipher_operation_init(void)
{
const struct psa_cipher_operation_s v = PSA_CIPHER_OPERATION_INIT;
@@ -149,11 +147,8 @@ struct psa_mac_operation_s {
#endif
};
-#if defined(MBEDTLS_PSA_CRYPTO_CLIENT) && !defined(MBEDTLS_PSA_CRYPTO_C)
-#define PSA_MAC_OPERATION_INIT { 0 }
-#else
-#define PSA_MAC_OPERATION_INIT { 0, 0, 0, { 0 } }
-#endif
+#define PSA_MAC_OPERATION_INIT { }
+
static inline struct psa_mac_operation_s psa_mac_operation_init(void)
{
const struct psa_mac_operation_s v = PSA_MAC_OPERATION_INIT;
@@ -188,11 +183,9 @@ struct psa_aead_operation_s {
#endif
};
-#if defined(MBEDTLS_PSA_CRYPTO_CLIENT) && !defined(MBEDTLS_PSA_CRYPTO_C)
-#define PSA_AEAD_OPERATION_INIT { 0 }
-#else
-#define PSA_AEAD_OPERATION_INIT { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, { 0 } }
-#endif
+
+#define PSA_AEAD_OPERATION_INIT { }
+
static inline struct psa_aead_operation_s psa_aead_operation_init(void)
{
const struct psa_aead_operation_s v = PSA_AEAD_OPERATION_INIT;
@@ -233,12 +226,9 @@ struct psa_key_derivation_s { /*!!OM*/
#endif
};
-#if defined(MBEDTLS_PSA_CRYPTO_CLIENT) && !defined(MBEDTLS_PSA_CRYPTO_C)
-#define PSA_KEY_DERIVATION_OPERATION_INIT { 0 }
-#else
-/* This only zeroes out the first byte in the union, the rest is unspecified. */
-#define PSA_KEY_DERIVATION_OPERATION_INIT { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, { 0 } }
-#endif
+
+#define PSA_KEY_DERIVATION_OPERATION_INIT { }
+
static inline struct psa_key_derivation_s psa_key_derivation_operation_init(
void)
{
@@ -289,6 +279,10 @@ typedef uint16_t psa_key_bits_t;
* conditionals. */
#define PSA_MAX_KEY_BITS 0xfff8
+/* Reserved key attribute init used when MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER *
+ * Is enabled (changes the parameters of the initalization) */
+#define MBEDTLS_KEY_ATTRIBUTE_RESERVED_INIT (int32_t) 0
+
struct psa_key_attributes_s {
#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
psa_key_slot_number_t MBEDTLS_PRIVATE(slot_number);
@@ -310,18 +304,40 @@ struct psa_key_attributes_s {
* struct
*/
mbedtls_svc_key_id_t MBEDTLS_PRIVATE(id);
+#if !defined(MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER)
+ /* Reserved field added to enforce ABI-compliance */
+ int32_t MBEDTLS_PRIVATE(reserved);
+#endif /* !MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER */
};
+/* This will assert if there has ben an incompatible change in psa_key_attributes_s */
+//_Static_assert(sizeof(struct psa_key_attributes_s) == 32, "Unexpected struct size.");
+
#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
#define PSA_KEY_ATTRIBUTES_MAYBE_SLOT_NUMBER 0, 0,
#else
#define PSA_KEY_ATTRIBUTES_MAYBE_SLOT_NUMBER
#endif
+
+/* There is a difference in the initialization of the psa_key_attributes_s
+ * dependent on MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER being set or not,
+ * ensuring we can have ABI compliance in this structure type.
+ */
+#if defined(MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER)
#define PSA_KEY_ATTRIBUTES_INIT { PSA_KEY_ATTRIBUTES_MAYBE_SLOT_NUMBER \
PSA_KEY_TYPE_NONE, 0, \
PSA_KEY_LIFETIME_VOLATILE, \
PSA_KEY_POLICY_INIT, \
MBEDTLS_SVC_KEY_ID_INIT }
+#else
+#define PSA_KEY_ATTRIBUTES_INIT { PSA_KEY_ATTRIBUTES_MAYBE_SLOT_NUMBER \
+ PSA_KEY_TYPE_NONE, 0, \
+ PSA_KEY_LIFETIME_VOLATILE, \
+ PSA_KEY_POLICY_INIT, \
+ MBEDTLS_SVC_KEY_ID_INIT, \
+ MBEDTLS_KEY_ATTRIBUTE_RESERVED_INIT}
+#endif /* MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER */
+
static inline struct psa_key_attributes_s psa_key_attributes_init(void)
{
@@ -481,12 +497,9 @@ struct psa_pake_operation_s { /*!!OM*/
#endif
};
-#if defined(MBEDTLS_PSA_CRYPTO_CLIENT) && !defined(MBEDTLS_PSA_CRYPTO_C)
-#define PSA_PAKE_OPERATION_INIT { 0 }
-#else
-/* This only zeroes out the first byte in the union, the rest is unspecified. */
-#define PSA_PAKE_OPERATION_INIT { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, { 0 } }
-#endif
+
+#define PSA_PAKE_OPERATION_INIT { }
+
static inline struct psa_pake_operation_s psa_pake_operation_init(void)
{
const struct psa_pake_operation_s v = PSA_PAKE_OPERATION_INIT;
@@ -516,11 +529,7 @@ struct psa_sign_hash_interruptible_operation_s {
#endif
};
-#if defined(MBEDTLS_PSA_CRYPTO_CLIENT) && !defined(MBEDTLS_PSA_CRYPTO_C)
-#define PSA_SIGN_HASH_INTERRUPTIBLE_OPERATION_INIT { 0 }
-#else
-#define PSA_SIGN_HASH_INTERRUPTIBLE_OPERATION_INIT { 0, { 0 }, 0, 0 }
-#endif
+#define PSA_SIGN_HASH_INTERRUPTIBLE_OPERATION_INIT { }
static inline struct psa_sign_hash_interruptible_operation_s
psa_sign_hash_interruptible_operation_init(void)
@@ -554,11 +563,8 @@ struct psa_verify_hash_interruptible_operation_s {
#endif
};
-#if defined(MBEDTLS_PSA_CRYPTO_CLIENT) && !defined(MBEDTLS_PSA_CRYPTO_C)
-#define PSA_VERIFY_HASH_INTERRUPTIBLE_OPERATION_INIT { 0 }
-#else
-#define PSA_VERIFY_HASH_INTERRUPTIBLE_OPERATION_INIT { 0, { 0 }, 0, 0 }
-#endif
+
+#define PSA_VERIFY_HASH_INTERRUPTIBLE_OPERATION_INIT { }
static inline struct psa_verify_hash_interruptible_operation_s
psa_verify_hash_interruptible_operation_init(void)
diff --git a/library/bignum_mod.h b/library/bignum_mod.h
index 963d888..832d1ff 100644
--- a/library/bignum_mod.h
+++ b/library/bignum_mod.h
@@ -69,7 +69,7 @@
#ifndef MBEDTLS_BIGNUM_MOD_H
#define MBEDTLS_BIGNUM_MOD_H
-#include "common.h"
+#include "oberon_psa_common.h"
#if defined(MBEDTLS_BIGNUM_C)
#include "mbedtls/bignum.h"
diff --git a/library/constant_time.c b/library/constant_time.c
index d212ddf..c9f3933 100644
--- a/library/constant_time.c
+++ b/library/constant_time.c
@@ -13,7 +13,7 @@
#include
#include
-#include "common.h"
+#include "oberon_psa_common.h"
#include "constant_time_internal.h"
#include "mbedtls/constant_time.h"
#include "mbedtls/error.h"
diff --git a/library/constant_time_impl.h b/library/constant_time_impl.h
index 2a4574b..64b1c16 100644
--- a/library/constant_time_impl.h
+++ b/library/constant_time_impl.h
@@ -10,7 +10,7 @@
#include
-#include "common.h"
+#include "oberon_psa_common.h"
#if defined(MBEDTLS_BIGNUM_C)
#include "mbedtls/bignum.h"
diff --git a/library/constant_time_internal.h b/library/constant_time_internal.h
index 61a5c6d..6af46ee 100644
--- a/library/constant_time_internal.h
+++ b/library/constant_time_internal.h
@@ -11,7 +11,7 @@
#include
#include
-#include "common.h"
+#include "oberon_psa_common.h"
#if defined(MBEDTLS_BIGNUM_C)
#include "mbedtls/bignum.h"
diff --git a/library/md_psa.h b/library/md_psa.h
index 028ba24..c968b5a 100644
--- a/library/md_psa.h
+++ b/library/md_psa.h
@@ -10,7 +10,7 @@
#ifndef MBEDTLS_MD_PSA_H
#define MBEDTLS_MD_PSA_H
-#include "common.h"
+#include "oberon_psa_common.h"
#include "mbedtls/md.h"
#include "psa/crypto.h"
diff --git a/library/common.h b/library/oberon_psa_common.h
similarity index 100%
rename from library/common.h
rename to library/oberon_psa_common.h
diff --git a/library/platform.c b/library/platform.c
index 890c4cb..68c870f 100644
--- a/library/platform.c
+++ b/library/platform.c
@@ -5,7 +5,7 @@
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
-#include "common.h"
+#include "oberon_psa_common.h"
#if defined(MBEDTLS_PLATFORM_C)
diff --git a/library/platform_util.c b/library/platform_util.c
index 0741bf5..6a5307d 100644
--- a/library/platform_util.c
+++ b/library/platform_util.c
@@ -20,7 +20,7 @@
#define _GNU_SOURCE
#endif
-#include "common.h"
+#include "oberon_psa_common.h"
#include "mbedtls/platform_util.h"
#include "mbedtls/platform.h"
diff --git a/library/psa_crypto.c b/library/psa_crypto.c
index a4a13be..693296b 100644
--- a/library/psa_crypto.c
+++ b/library/psa_crypto.c
@@ -10,7 +10,7 @@
* NOTICE: This file has been modified by Oberon microsystems AG.
*/
-#include "common.h"
+#include "oberon_psa_common.h"
#include "psa_crypto_core_common.h"
#if defined(MBEDTLS_PSA_CRYPTO_C)
@@ -870,6 +870,15 @@ psa_status_t psa_destroy_key(mbedtls_svc_key_id_t key)
}
#endif /* defined(MBEDTLS_PSA_CRYPTO_STORAGE_C) */
+#if defined(MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS)
+ if (psa_key_id_is_builtin(MBEDTLS_SVC_KEY_ID_GET_KEY_ID(slot->attr.id))) {
+ status = psa_driver_wrapper_destroy_builtin_key(&slot->attr);
+ if (overall_status == PSA_SUCCESS) {
+ overall_status = status;
+ }
+ }
+#endif /* defined(MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS) */
+
exit:
/* Unregister from reading the slot. If we are the last active reader
* then this will wipe the slot. */
@@ -1129,7 +1138,7 @@ static psa_status_t psa_validate_key_attributes(
return PSA_ERROR_INVALID_ARGUMENT;
}
} else {
- if (!psa_is_valid_key_id(psa_get_key_id(attributes), 0)) {
+ if (!psa_is_valid_key_id(psa_get_key_id(attributes), 1)) {
return PSA_ERROR_INVALID_ARGUMENT;
}
}
@@ -1277,7 +1286,11 @@ static psa_status_t psa_finish_key_creation(
#endif
#if defined(MBEDTLS_PSA_CRYPTO_STORAGE_C)
- if (!PSA_KEY_LIFETIME_IS_VOLATILE(slot->attr.lifetime)) {
+ if (!PSA_KEY_LIFETIME_IS_VOLATILE(slot->attr.lifetime)
+#if defined(MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS)
+ && !psa_key_id_is_builtin(MBEDTLS_SVC_KEY_ID_GET_KEY_ID(slot->attr.id))
+#endif
+ ) {
/* Key material is saved in export representation in the slot, so
* just pass the slot buffer for storage. */
status = psa_save_persistent_key(&slot->attr,
@@ -1365,6 +1378,129 @@ static psa_status_t psa_validate_optional_attributes(
return PSA_SUCCESS;
}
+static psa_status_t psa_validate_ecc_key_attr(const psa_key_attributes_t *attributes)
+{
+ psa_algorithm_t alg = psa_get_key_algorithm(attributes);
+ size_t key_bits_attr = psa_get_key_bits(attributes);
+ psa_key_type_t type = psa_get_key_type(attributes);
+
+ /* Without algorithm we can't evaluate more fields */
+ if (alg == PSA_ALG_NONE) {
+ return PSA_SUCCESS;
+ }
+
+ /* It is not mandatory to set the key bits field, so zero is valid*/
+ if (key_bits_attr == 0) {
+ return PSA_SUCCESS;
+ }
+
+ /* Check if the size matches the curve family */
+ switch (PSA_KEY_TYPE_ECC_GET_FAMILY(type)) {
+ case PSA_ECC_FAMILY_SECP_K1:
+ if (key_bits_attr != 192 && key_bits_attr != 225 && key_bits_attr != 256) {
+ return PSA_ERROR_INVALID_ARGUMENT;
+ }
+ break;
+ case PSA_ECC_FAMILY_SECP_R1:
+ if (key_bits_attr != 192 && key_bits_attr != 224 && key_bits_attr != 256 &&
+ key_bits_attr != 384 && key_bits_attr != 521) {
+ return PSA_ERROR_INVALID_ARGUMENT;
+ }
+ break;
+ case PSA_ECC_FAMILY_SECT_K1:
+ if (key_bits_attr != 233 && key_bits_attr != 239 && key_bits_attr != 283 &&
+ key_bits_attr != 409 && key_bits_attr != 571) {
+ return PSA_ERROR_INVALID_ARGUMENT;
+ }
+ break;
+ case PSA_ECC_FAMILY_SECT_R1:
+ if (key_bits_attr != 233 && key_bits_attr != 283 && key_bits_attr != 409 &&
+ key_bits_attr != 571) {
+ return PSA_ERROR_INVALID_ARGUMENT;
+ }
+ break;
+ case PSA_ECC_FAMILY_BRAINPOOL_P_R1:
+ if (key_bits_attr != 192 && key_bits_attr != 224 && key_bits_attr != 256 &&
+ key_bits_attr != 320 && key_bits_attr != 384 && key_bits_attr != 512) {
+ return PSA_ERROR_INVALID_ARGUMENT;
+ }
+ break;
+ case PSA_ECC_FAMILY_TWISTED_EDWARDS:
+ case PSA_ECC_FAMILY_MONTGOMERY:
+ if (key_bits_attr != 255 && key_bits_attr != 448) {
+ return PSA_ERROR_INVALID_ARGUMENT;
+ }
+ break;
+ default:
+ return PSA_ERROR_NOT_SUPPORTED;
+ }
+
+ return PSA_SUCCESS;
+}
+
+static psa_status_t psa_validate_ecc_key_data_length(const psa_key_attributes_t *attributes,
+ size_t data_length)
+{
+ psa_algorithm_t alg = psa_get_key_algorithm(attributes);
+ psa_key_type_t type = psa_get_key_type(attributes);
+ size_t key_bits_attr = psa_get_key_bits(attributes);
+
+
+ /* Without algorithm we can't evaluate more fields */
+ if (alg == PSA_ALG_NONE) {
+ return PSA_SUCCESS;
+ }
+
+ /* It is not mandatory to set the key bits field, so zero is valid */
+ if (key_bits_attr == 0) {
+ return PSA_SUCCESS;
+ }
+
+ /* Check if the size matches the curve family */
+ switch (PSA_KEY_TYPE_ECC_GET_FAMILY(type)) {
+ case PSA_ECC_FAMILY_SECP_R1:
+ /* secpr1p521 can be encoded in 65(first byte = 0) or 66 bytes therefore checking for
+ * 65 bytes is enough
+ */
+ if (key_bits_attr == 521) {
+ if (data_length < 65) {
+ return PSA_ERROR_INVALID_ARGUMENT;
+ } else {
+ return PSA_SUCCESS;
+ }
+ }
+ /* else we can do the same check than for all other curves */
+ case PSA_ECC_FAMILY_SECT_K1:
+ case PSA_ECC_FAMILY_SECT_R1:
+ case PSA_ECC_FAMILY_BRAINPOOL_P_R1:
+ case PSA_ECC_FAMILY_TWISTED_EDWARDS:
+ case PSA_ECC_FAMILY_MONTGOMERY:
+ if (data_length < PSA_BITS_TO_BYTES(key_bits_attr)){
+ return PSA_ERROR_INVALID_ARGUMENT;
+ }
+ break;
+ default:
+ break;
+ }
+
+ return PSA_SUCCESS;
+}
+
+static psa_status_t psa_ecc_key_zero_check(const uint8_t *data, size_t data_length)
+{
+ uint8_t zero = 0;
+
+ for (size_t i = 0; i < data_length; i++) {
+ zero |= data[i];
+ }
+
+ if (zero == 0) {
+ return PSA_ERROR_INVALID_ARGUMENT;
+ }
+
+ return PSA_SUCCESS;
+}
+
psa_status_t psa_import_key(const psa_key_attributes_t *attributes,
const uint8_t *data,
size_t data_length,
@@ -1375,6 +1511,7 @@ psa_status_t psa_import_key(const psa_key_attributes_t *attributes,
psa_se_drv_table_entry_t *driver = NULL;
size_t bits;
size_t storage_size = data_length;
+ psa_key_type_t key_type = psa_get_key_type(attributes);
*key = MBEDTLS_SVC_KEY_ID_INIT;
@@ -1390,6 +1527,22 @@ psa_status_t psa_import_key(const psa_key_attributes_t *attributes,
return PSA_ERROR_NOT_SUPPORTED;
}
+ /* Check the ecc keys for plausibility */
+ if(PSA_KEY_TYPE_IS_ECC_KEY_PAIR(key_type) || PSA_KEY_TYPE_IS_ECC_PUBLIC_KEY(key_type)) {
+ status = psa_validate_ecc_key_attr(attributes);
+ if (status != PSA_SUCCESS) {
+ return status;
+ }
+ status = psa_validate_ecc_key_data_length(attributes, data_length);
+ if (status != PSA_SUCCESS) {
+ return status;
+ }
+ status = psa_ecc_key_zero_check(data, data_length);
+ if (status != PSA_SUCCESS) {
+ return status;
+ }
+ }
+
status = psa_start_key_creation(PSA_KEY_CREATION_IMPORT, attributes,
&slot, &driver);
if (status != PSA_SUCCESS) {
@@ -4122,6 +4275,7 @@ psa_status_t psa_key_derivation_setup(psa_key_derivation_operation_t *operation,
* that the input was passed as a buffer rather than via a key object.
*/
static int psa_key_derivation_check_input_type(
+ psa_algorithm_t alg,
psa_key_derivation_step_t step,
psa_key_type_t key_type)
{
@@ -4139,6 +4293,9 @@ static int psa_key_derivation_check_input_type(
if (key_type == PSA_KEY_TYPE_NONE) {
return PSA_SUCCESS;
}
+ if (key_type == PSA_KEY_TYPE_AES && alg == PSA_ALG_SP800_108_COUNTER_CMAC) {
+ return PSA_SUCCESS;
+ }
break;
case PSA_KEY_DERIVATION_INPUT_SALT:
if (key_type == PSA_KEY_TYPE_PEPPER) {
@@ -4164,7 +4321,7 @@ static int psa_key_derivation_check_input_type(
static psa_status_t psa_key_derivation_input_internal(
psa_key_derivation_operation_t *operation,
psa_key_derivation_step_t step,
- psa_key_type_t key_type,
+ psa_key_attributes_t *attributes,
const uint8_t *data,
size_t data_length)
{
@@ -4172,12 +4329,19 @@ static psa_status_t psa_key_derivation_input_internal(
status = psa_key_derivation_check_state(operation, step);
if (status != PSA_SUCCESS) goto exit;
- status = psa_key_derivation_check_input_type(step, key_type);
+ status = psa_key_derivation_check_input_type(operation->alg, step, attributes ? attributes->type : PSA_KEY_TYPE_NONE);
if (status != PSA_SUCCESS) {
goto exit;
}
- status = psa_driver_wrapper_key_derivation_input_bytes(operation, step, data, data_length);
+ if (attributes)
+ {
+ status = psa_driver_wrapper_key_derivation_input_key(operation, step, attributes, data, data_length);
+ }
+ else {
+ status = psa_driver_wrapper_key_derivation_input_bytes(operation, step, data, data_length);
+ }
+
if (status != PSA_SUCCESS) goto exit;
return PSA_SUCCESS;
@@ -4194,7 +4358,7 @@ psa_status_t psa_key_derivation_input_bytes(
size_t data_length)
{
return psa_key_derivation_input_internal(operation, step,
- PSA_KEY_TYPE_NONE,
+ NULL,
data, data_length);
}
@@ -4213,7 +4377,7 @@ psa_status_t psa_key_derivation_input_integer(
status = psa_key_derivation_check_state(operation, step);
if (status != PSA_SUCCESS) goto exit;
- status = psa_key_derivation_check_input_type(step, PSA_KEY_TYPE_NONE);
+ status = psa_key_derivation_check_input_type(operation->alg, step, PSA_KEY_TYPE_NONE);
if (status != PSA_SUCCESS) goto exit;
if (PSA_ALG_IS_PBKDF2(operation->alg)) {
@@ -4246,7 +4410,7 @@ psa_status_t psa_key_derivation_input_key(
psa_status_t unlock_status = PSA_ERROR_CORRUPTION_DETECTED;
psa_key_slot_t *slot = NULL;
- status = psa_get_and_lock_transparent_key_slot_with_policy(
+ status = psa_get_and_lock_key_slot_with_policy(
key, &slot, 0, operation->alg);
if (status != PSA_SUCCESS) goto exit;
@@ -4267,7 +4431,7 @@ psa_status_t psa_key_derivation_input_key(
}
status = psa_key_derivation_input_internal(operation,
- step, slot->attr.type,
+ step, &slot->attr,
slot->key.data,
slot->key.bytes);
@@ -4319,7 +4483,7 @@ static psa_status_t psa_key_agreement_internal(psa_key_derivation_operation_t *o
* the shared secret. A shared secret is permitted wherever a key
* of type DERIVE is permitted. */
status = psa_key_derivation_input_internal(operation, step,
- PSA_KEY_TYPE_DERIVE,
+ NULL,
shared_secret,
shared_secret_length);
exit:
@@ -5117,6 +5281,7 @@ psa_status_t psa_generate_key(const psa_key_attributes_t *attributes,
psa_key_slot_t *slot = NULL;
psa_se_drv_table_entry_t *driver = NULL;
size_t key_buffer_size;
+ psa_key_type_t key_type = psa_get_key_type(attributes);
*key = MBEDTLS_SVC_KEY_ID_INIT;
@@ -5131,6 +5296,15 @@ psa_status_t psa_generate_key(const psa_key_attributes_t *attributes,
return PSA_ERROR_INVALID_ARGUMENT;
}
+ /* Check the ecc keys for plausibility */
+ if(PSA_KEY_TYPE_IS_ECC_KEY_PAIR(key_type) || PSA_KEY_TYPE_IS_ECC_PUBLIC_KEY(key_type)) {
+ status = psa_validate_ecc_key_attr(attributes);
+ if (status != PSA_SUCCESS) {
+ return status;
+ }
+ }
+
+
status = psa_start_key_creation(PSA_KEY_CREATION_GENERATE, attributes,
&slot, &driver);
if (status != PSA_SUCCESS) {
@@ -5189,6 +5363,7 @@ psa_status_t psa_generate_key(const psa_key_attributes_t *attributes,
/* Module setup */
/****************************************************************/
+#if !defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG)
psa_status_t mbedtls_psa_crypto_configure_entropy_sources(
void (* entropy_init)(mbedtls_entropy_context *ctx),
void (* entropy_free)(mbedtls_entropy_context *ctx))
@@ -5197,6 +5372,7 @@ psa_status_t mbedtls_psa_crypto_configure_entropy_sources(
(void)entropy_free;
return PSA_SUCCESS;
}
+#endif
void mbedtls_psa_crypto_free(void)
{
diff --git a/library/psa_crypto_client.c b/library/psa_crypto_client.c
index 72f671d..254c8b1 100644
--- a/library/psa_crypto_client.c
+++ b/library/psa_crypto_client.c
@@ -6,7 +6,7 @@
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
-#include "common.h"
+#include "oberon_psa_common.h"
#include "psa/crypto.h"
#if defined(MBEDTLS_PSA_CRYPTO_CLIENT)
diff --git a/library/psa_crypto_driver_wrappers.c b/library/psa_crypto_driver_wrappers.c
index a3568fa..db93a3a 100644
--- a/library/psa_crypto_driver_wrappers.c
+++ b/library/psa_crypto_driver_wrappers.c
@@ -22,7 +22,7 @@
* NOTICE: This file has been modified by Oberon microsystems AG.
*/
-#include "common.h"
+#include "oberon_psa_common.h"
#include "psa/crypto.h"
#include "psa_crypto_core.h"
#include "psa_crypto_driver_wrappers.h"
@@ -2098,4 +2098,15 @@ psa_status_t psa_driver_wrapper_free_random(
return PSA_SUCCESS;
}
+psa_status_t psa_driver_wrapper_destroy_builtin_key(const psa_key_attributes_t *attributes)
+{
+ psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION(attributes->core.lifetime);
+
+ switch (location) {
+ /* Add cases for drivers here */
+ }
+
+ return PSA_ERROR_NOT_SUPPORTED;
+}
+
#endif /* MBEDTLS_PSA_CRYPTO_C */
diff --git a/library/psa_crypto_driver_wrappers.h b/library/psa_crypto_driver_wrappers.h
index 87bd49d..43a0ab0 100644
--- a/library/psa_crypto_driver_wrappers.h
+++ b/library/psa_crypto_driver_wrappers.h
@@ -23,6 +23,7 @@
#include "psa/crypto.h"
#include "psa/crypto_driver_common.h"
+#include "psa/crypto_types.h"
/*
* Initialization and termination functions
@@ -153,6 +154,9 @@ psa_status_t psa_driver_wrapper_derive_key(
const uint8_t *input, size_t input_length,
uint8_t *key_buffer, size_t key_buffer_size, size_t *key_buffer_length);
+psa_status_t psa_driver_wrapper_destroy_builtin_key(
+ const psa_key_attributes_t *attributes);
+
/*
* Cipher functions
*/
@@ -430,6 +434,12 @@ psa_status_t psa_driver_wrapper_key_derivation_input_bytes(
psa_key_derivation_step_t step,
const uint8_t *data, size_t data_length);
+psa_status_t psa_driver_wrapper_key_derivation_input_key(
+ psa_key_derivation_operation_t *operation,
+ psa_key_derivation_step_t step,
+ psa_key_attributes_t *attributes,
+ const uint8_t *data, size_t data_length);
+
psa_status_t psa_driver_wrapper_key_derivation_input_integer(
psa_key_derivation_operation_t *operation,
psa_key_derivation_step_t step,
diff --git a/library/psa_crypto_invasive.h b/library/psa_crypto_invasive.h
index 8b445a1..7b19055 100644
--- a/library/psa_crypto_invasive.h
+++ b/library/psa_crypto_invasive.h
@@ -26,7 +26,7 @@
#include "psa/build_info.h"
#include "psa/crypto.h"
-#include "common.h"
+#include "oberon_psa_common.h"
#include "mbedtls/entropy.h"
diff --git a/library/psa_crypto_slot_management.c b/library/psa_crypto_slot_management.c
index b184ed0..89a3136 100644
--- a/library/psa_crypto_slot_management.c
+++ b/library/psa_crypto_slot_management.c
@@ -6,7 +6,7 @@
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
-#include "common.h"
+#include "oberon_psa_common.h"
#if defined(MBEDTLS_PSA_CRYPTO_C)
@@ -531,12 +531,8 @@ psa_status_t psa_validate_key_persistence(psa_key_lifetime_t lifetime)
return PSA_SUCCESS;
} else {
/* Persistent keys require storage support */
-#if defined(MBEDTLS_PSA_CRYPTO_STORAGE_C)
- if (PSA_KEY_LIFETIME_IS_READ_ONLY(lifetime)) {
- return PSA_ERROR_INVALID_ARGUMENT;
- } else {
- return PSA_SUCCESS;
- }
+#if defined(MBEDTLS_PSA_CRYPTO_STORAGE_C) || defined(MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS)
+ return PSA_SUCCESS;
#else /* MBEDTLS_PSA_CRYPTO_STORAGE_C */
return PSA_ERROR_NOT_SUPPORTED;
#endif /* !MBEDTLS_PSA_CRYPTO_STORAGE_C */
diff --git a/library/psa_crypto_storage.c b/library/psa_crypto_storage.c
index 7d1317b..53cb436 100644
--- a/library/psa_crypto_storage.c
+++ b/library/psa_crypto_storage.c
@@ -6,7 +6,7 @@
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
-#include "common.h"
+#include "oberon_psa_common.h"
#if defined(MBEDTLS_PSA_CRYPTO_STORAGE_C)
@@ -121,6 +121,11 @@ int psa_is_key_present_in_storage(const mbedtls_svc_key_id_t key)
*
* \retval #PSA_SUCCESS \emptydescription
* \retval #PSA_ERROR_INSUFFICIENT_STORAGE \emptydescription
+ * \retval #PSA_ERROR_DATA_CORRUPT \emptydescription
+ * \retval #PSA_ERROR_DOES_NOT_EXIST \emptydescription
+ * \retval #PSA_ERROR_INVALID_ARGUMENT \emptydescription
+ * \retval #PSA_ERROR_NOT_PERMITTED \emptydescription
+ * \retval #PSA_ERROR_NOT_SUPPORTED \emptydescription
* \retval #PSA_ERROR_ALREADY_EXISTS \emptydescription
* \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription
* \retval #PSA_ERROR_DATA_INVALID \emptydescription
@@ -139,7 +144,7 @@ static psa_status_t psa_crypto_storage_store(const mbedtls_svc_key_id_t key,
status = psa_its_set(data_identifier, (uint32_t) data_length, data, 0);
if (status != PSA_SUCCESS) {
- return PSA_ERROR_DATA_INVALID;
+ return status;
}
status = psa_its_get_info(data_identifier, &data_identifier_info);
diff --git a/library/psa_its_file.c b/library/psa_its_file.c
index 9567137..0f0963c 100644
--- a/library/psa_its_file.c
+++ b/library/psa_its_file.c
@@ -6,7 +6,7 @@
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
-#include "common.h"
+#include "oberon_psa_common.h"
#if defined(MBEDTLS_PSA_ITS_FILE_C)
diff --git a/library/threading.c b/library/threading.c
index 85db243..c6f41bd 100644
--- a/library/threading.c
+++ b/library/threading.c
@@ -13,7 +13,7 @@
#define _POSIX_C_SOURCE 200112L
#endif
-#include "common.h"
+#include "oberon_psa_common.h"
#if defined(MBEDTLS_THREADING_C)
diff --git a/oberon/drivers/oberon_config.h b/oberon/drivers/oberon_config.h
index ca3b248..b419789 100644
--- a/oberon/drivers/oberon_config.h
+++ b/oberon/drivers/oberon_config.h
@@ -1773,6 +1773,60 @@
#endif
#endif
+#if defined(PSA_WANT_ECC_BRAINPOOL_P_R1_160)
+#if defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY) && !defined(PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY_BRAINPOOL_P_R1_160)
+#error "No software implementation for brainpoolP160r1 public key"
+#endif
+#if defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT) && !defined(PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_IMPORT_BRAINPOOL_P_R1_160)
+#error "No software implementation for brainpoolP160r1 key pair import"
+#endif
+#if defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_EXPORT) && !defined(PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_EXPORT_BRAINPOOL_P_R1_160)
+#error "No software implementation for brainpoolP160r1 key pair export"
+#endif
+#if defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE) && !defined(PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_GENERATE_BRAINPOOL_P_R1_160)
+#error "No software implementation for brainpoolP160r1 key pair generate"
+#endif
+#if defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE) && !defined(PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_DERIVE_BRAINPOOL_P_R1_160)
+#error "No software implementation for brainpoolP160r1 key pair derive"
+#endif
+#endif
+
+#if defined(PSA_WANT_ECC_BRAINPOOL_P_R1_192)
+#if defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY) && !defined(PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY_BRAINPOOL_P_R1_192)
+#error "No software implementation for brainpoolP192r1 public key"
+#endif
+#if defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT) && !defined(PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_IMPORT_BRAINPOOL_P_R1_192)
+#error "No software implementation for brainpoolP192r1 key pair import"
+#endif
+#if defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_EXPORT) && !defined(PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_EXPORT_BRAINPOOL_P_R1_192)
+#error "No software implementation for brainpoolP192r1 key pair export"
+#endif
+#if defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE) && !defined(PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_GENERATE_BRAINPOOL_P_R1_192)
+#error "No software implementation for brainpoolP192r1 key pair generate"
+#endif
+#if defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE) && !defined(PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_DERIVE_BRAINPOOL_P_R1_192)
+#error "No software implementation for brainpoolP192r1 key pair derive"
+#endif
+#endif
+
+#if defined(PSA_WANT_ECC_BRAINPOOL_P_R1_224)
+#if defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY) && !defined(PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY_BRAINPOOL_P_R1_224)
+#error "No software implementation for brainpoolP224r1 public key"
+#endif
+#if defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT) && !defined(PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_IMPORT_BRAINPOOL_P_R1_224)
+#error "No software implementation for brainpoolP224r1 key pair import"
+#endif
+#if defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_EXPORT) && !defined(PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_EXPORT_BRAINPOOL_P_R1_224)
+#error "No software implementation for brainpoolP224r1 key pair export"
+#endif
+#if defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE) && !defined(PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_GENERATE_BRAINPOOL_P_R1_224)
+#error "No software implementation for brainpoolP224r1 key pair generate"
+#endif
+#if defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE) && !defined(PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_DERIVE_BRAINPOOL_P_R1_224)
+#error "No software implementation for brainpoolP224r1 key pair derive"
+#endif
+#endif
+
#if defined(PSA_WANT_ECC_BRAINPOOL_P_R1_256)
#if defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY) && !defined(PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY_BRAINPOOL_P_R1_256)
#error "No software implementation for brainpoolP256r1 public key"
@@ -1791,6 +1845,24 @@
#endif
#endif
+#if defined(PSA_WANT_ECC_BRAINPOOL_P_R1_320)
+#if defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY) && !defined(PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY_BRAINPOOL_P_R1_320)
+#error "No software implementation for brainpoolP320r1 public key"
+#endif
+#if defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT) && !defined(PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_IMPORT_BRAINPOOL_P_R1_320)
+#error "No software implementation for brainpoolP320r1 key pair import"
+#endif
+#if defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_EXPORT) && !defined(PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_EXPORT_BRAINPOOL_P_R1_320)
+#error "No software implementation for brainpoolP320r1 key pair export"
+#endif
+#if defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE) && !defined(PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_GENERATE_BRAINPOOL_P_R1_320)
+#error "No software implementation for brainpoolP320r1 key pair generate"
+#endif
+#if defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE) && !defined(PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_DERIVE_BRAINPOOL_P_R1_320)
+#error "No software implementation for brainpoolP320r1 key pair derive"
+#endif
+#endif
+
#if defined(PSA_WANT_ECC_BRAINPOOL_P_R1_384)
#if defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY) && !defined(PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY_BRAINPOOL_P_R1_384)
#error "No software implementation for brainpoolP384r1 public key"
diff --git a/oberon/drivers/oberon_ecdsa.c b/oberon/drivers/oberon_ecdsa.c
index 2f6bfeb..3202957 100644
--- a/oberon/drivers/oberon_ecdsa.c
+++ b/oberon/drivers/oberon_ecdsa.c
@@ -295,6 +295,7 @@ psa_status_t oberon_ecdsa_sign_message(
switch (psa_get_key_bits(attributes)) {
#ifdef PSA_NEED_OBERON_PURE_EDDSA_TWISTED_EDWARDS_255
case 255:
+ if (alg == PSA_ALG_ED25519PH) return PSA_ERROR_NOT_SUPPORTED;
if (key_length != ocrypto_ed25519_SECRET_KEY_BYTES) return PSA_ERROR_INVALID_ARGUMENT;
if (signature_size < ocrypto_ed25519_BYTES) return PSA_ERROR_BUFFER_TOO_SMALL;
*signature_length = ocrypto_ed25519_BYTES;
@@ -304,6 +305,7 @@ psa_status_t oberon_ecdsa_sign_message(
#endif
#ifdef PSA_NEED_OBERON_PURE_EDDSA_TWISTED_EDWARDS_448
case 448:
+ if (alg == PSA_ALG_ED448PH) return PSA_ERROR_NOT_SUPPORTED;
if (key_length != ocrypto_ed448_SECRET_KEY_BYTES) return PSA_ERROR_INVALID_ARGUMENT;
if (signature_size < ocrypto_ed448_BYTES) return PSA_ERROR_BUFFER_TOO_SMALL;
*signature_length = ocrypto_ed448_BYTES;
@@ -484,6 +486,7 @@ psa_status_t oberon_ecdsa_verify_message(
switch (psa_get_key_bits(attributes)) {
#ifdef PSA_NEED_OBERON_PURE_EDDSA_TWISTED_EDWARDS_255
case 255:
+ if (alg == PSA_ALG_ED25519PH) return PSA_ERROR_NOT_SUPPORTED;
if (key_length != ocrypto_ed25519_PUBLIC_KEY_BYTES) return PSA_ERROR_INVALID_ARGUMENT;
if (signature_length != ocrypto_ed25519_BYTES) return PSA_ERROR_INVALID_SIGNATURE;
if (type == PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_TWISTED_EDWARDS)) {
@@ -495,6 +498,7 @@ psa_status_t oberon_ecdsa_verify_message(
#endif /* PSA_NEED_OBERON_PURE_EDDSA_TWISTED_EDWARDS_255 */
#ifdef PSA_NEED_OBERON_PURE_EDDSA_TWISTED_EDWARDS_448
case 448:
+ if (alg == PSA_ALG_ED448PH) return PSA_ERROR_NOT_SUPPORTED;
if (key_length != ocrypto_ed448_PUBLIC_KEY_BYTES) return PSA_ERROR_INVALID_ARGUMENT;
if (signature_length != ocrypto_ed448_BYTES) return PSA_ERROR_INVALID_SIGNATURE;
if (type == PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_TWISTED_EDWARDS)) {
diff --git a/oberon/drivers/oberon_hash.h b/oberon/drivers/oberon_hash.h
index 2f64c8e..a618a25 100644
--- a/oberon/drivers/oberon_hash.h
+++ b/oberon/drivers/oberon_hash.h
@@ -20,13 +20,7 @@ extern "C" {
typedef struct {
-#if defined(PSA_NEED_OBERON_SHA_384) || defined(PSA_NEED_OBERON_SHA_512)
uint64_t ctx[52];
-#elif defined(PSA_NEED_OBERON_SHA_1)
- uint64_t ctx[44];
-#else
- uint64_t ctx[27];
-#endif
psa_algorithm_t alg;
} oberon_hash_operation_t;
diff --git a/oberon/drivers/oberon_key_derivation.c b/oberon/drivers/oberon_key_derivation.c
index db4a27e..792184f 100644
--- a/oberon/drivers/oberon_key_derivation.c
+++ b/oberon/drivers/oberon_key_derivation.c
@@ -22,7 +22,7 @@ static const uint8_t zero[PSA_HASH_MAX_SIZE] = { 0 };
#if defined(PSA_NEED_OBERON_HKDF) || defined(PSA_NEED_OBERON_PBKDF2_HMAC) || defined(PSA_NEED_OBERON_PBKDF2_AES_CMAC_PRF_128) || \
- defined(PSA_NEED_OBERON_SP800_108_COUNTER_HMAC) || defined(PSA_NEED_OBERON_SP800_108_COUNTER_CMAC)
+ defined(PSA_NEED_OBERON_SP800_108_COUNTER_HMAC) || defined(PSA_NEED_OBERON_SP800_108_COUNTER_CMAC) || defined(PSA_NEED_OBERON_TLS12_PRF) || defined(PSA_NEED_OBERON_TLS12_PSK_TO_MS)
static psa_status_t oberon_setup_mac(
oberon_key_derivation_operation_t *operation,
const uint8_t *key, size_t key_length)
diff --git a/oberon/platforms/demo/library/psa_crypto_driver_wrappers.c b/oberon/platforms/demo/library/psa_crypto_driver_wrappers.c
index a3568fa..a62826e 100644
--- a/oberon/platforms/demo/library/psa_crypto_driver_wrappers.c
+++ b/oberon/platforms/demo/library/psa_crypto_driver_wrappers.c
@@ -22,7 +22,7 @@
* NOTICE: This file has been modified by Oberon microsystems AG.
*/
-#include "common.h"
+#include "oberon_psa_common.h"
#include "psa/crypto.h"
#include "psa_crypto_core.h"
#include "psa_crypto_driver_wrappers.h"
diff --git a/oberon/platforms/nordic_nrf/library/psa_crypto_driver_wrappers.c b/oberon/platforms/nordic_nrf/library/psa_crypto_driver_wrappers.c
index 0bbe6d5..63a6f25 100644
--- a/oberon/platforms/nordic_nrf/library/psa_crypto_driver_wrappers.c
+++ b/oberon/platforms/nordic_nrf/library/psa_crypto_driver_wrappers.c
@@ -22,7 +22,7 @@
* NOTICE: This file has been modified by Oberon microsystems AG.
*/
-#include "common.h"
+#include "oberon_psa_common.h"
#include "psa/crypto.h"
#include "psa_crypto_core.h"
#include "psa_crypto_driver_wrappers.h"
diff --git a/programs/ssl/library/md.c b/programs/ssl/library/md.c
index 12a3ea2..8d994b8 100644
--- a/programs/ssl/library/md.c
+++ b/programs/ssl/library/md.c
@@ -9,7 +9,7 @@
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
-#include "common.h"
+#include "oberon_psa_common.h"
/*
* Availability of functions in this module is controlled by two
diff --git a/programs/ssl/library/psa_util.c b/programs/ssl/library/psa_util.c
index 4ccc5b0..9411e38 100644
--- a/programs/ssl/library/psa_util.c
+++ b/programs/ssl/library/psa_util.c
@@ -6,7 +6,7 @@
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
-#include "common.h"
+#include "oberon_psa_common.h"
/* This is needed for MBEDTLS_ERR_XXX macros */
#include
diff --git a/tests/generated/test_suite_psa_crypto.c b/tests/generated/test_suite_psa_crypto.c
index aeddbc1..f85ac1a 100644
--- a/tests/generated/test_suite_psa_crypto.c
+++ b/tests/generated/test_suite_psa_crypto.c
@@ -167,7 +167,7 @@ static int restore_output(FILE *out_stream, int dup_fd)
#include "mbedtls/asn1.h"
#include "mbedtls/asn1write.h"
#include "mbedtls/oid.h"
-#include "common.h"
+#include "oberon_psa_common.h"
#include "mbedtls/psa_util.h"
diff --git a/tests/generated/test_suite_psa_crypto.pbkdf2.c b/tests/generated/test_suite_psa_crypto.pbkdf2.c
index 269ba21..941626d 100644
--- a/tests/generated/test_suite_psa_crypto.pbkdf2.c
+++ b/tests/generated/test_suite_psa_crypto.pbkdf2.c
@@ -167,7 +167,7 @@ static int restore_output(FILE *out_stream, int dup_fd)
#include "mbedtls/asn1.h"
#include "mbedtls/asn1write.h"
#include "mbedtls/oid.h"
-#include "common.h"
+#include "oberon_psa_common.h"
#include "mbedtls/psa_util.h"
diff --git a/tests/generated/test_suite_psa_crypto_memory.c b/tests/generated/test_suite_psa_crypto_memory.c
index d0d584e..0270d36 100644
--- a/tests/generated/test_suite_psa_crypto_memory.c
+++ b/tests/generated/test_suite_psa_crypto_memory.c
@@ -165,7 +165,7 @@ static int restore_output(FILE *out_stream, int dup_fd)
#line 2 "tests/suites/test_suite_psa_crypto_memory.function"
#include
-#include "common.h"
+#include "oberon_psa_common.h"
#include "psa/crypto.h"
diff --git a/tests/include/test/macros.h b/tests/include/test/macros.h
index a73e06f..daf7984 100644
--- a/tests/include/test/macros.h
+++ b/tests/include/test/macros.h
@@ -21,7 +21,7 @@
#if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C)
#include "mbedtls/memory_buffer_alloc.h"
#endif
-#include "common.h"
+#include "oberon_psa_common.h"
/**
* \brief This macro tests the expression passed to it as a test step or
diff --git a/tests/src/asn1parse_min.c b/tests/src/asn1parse_min.c
index dc4f8ff..21817f3 100644
--- a/tests/src/asn1parse_min.c
+++ b/tests/src/asn1parse_min.c
@@ -21,7 +21,7 @@
* NOTICE: This file has been modified by Oberon microsystems AG.
*/
-#include "common.h"
+#include "oberon_psa_common.h"
#if defined(MBEDTLS_ASN1_PARSE_C)
diff --git a/tests/src/asn1write_min.c b/tests/src/asn1write_min.c
index 62d22c1..ab06184 100644
--- a/tests/src/asn1write_min.c
+++ b/tests/src/asn1write_min.c
@@ -21,7 +21,7 @@
* NOTICE: This file has been modified by Oberon microsystems AG.
*/
-#include "common.h"
+#include "oberon_psa_common.h"
#if defined(MBEDTLS_ASN1_WRITE_C)
diff --git a/zephyr/module.yml b/zephyr/module.yml
new file mode 100644
index 0000000..418106f
--- /dev/null
+++ b/zephyr/module.yml
@@ -0,0 +1,5 @@
+name: oberon-psa-crypto
+
+build:
+ cmake-ext: True
+ kconfig: Kconfig.oberon_psa_crypto