Externals: Update mbedtls to 2.28.0

This commit is contained in:
OatmealDome
2022-04-02 19:30:22 -04:00
parent c9896e1c4b
commit d8a5a8827e
256 changed files with 67343 additions and 15595 deletions

View File

@ -1,7 +1,7 @@
/*
* FIPS-197 compliant AES implementation
*
* Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
* Copyright The Mbed TLS Contributors
* SPDX-License-Identifier: Apache-2.0
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
@ -15,8 +15,6 @@
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*
* This file is part of mbed TLS (https://tls.mbed.org)
*/
/*
* The AES block cipher was designed by Vincent Rijmen and Joan Daemen.
@ -25,11 +23,7 @@
* http://csrc.nist.gov/publications/fips/fips197/fips-197.pdf
*/
#if !defined(MBEDTLS_CONFIG_FILE)
#include "mbedtls/config.h"
#else
#include MBEDTLS_CONFIG_FILE
#endif
#include "common.h"
#if defined(MBEDTLS_AES_C)
@ -38,6 +32,7 @@
#include "mbedtls/aes.h"
#include "mbedtls/platform.h"
#include "mbedtls/platform_util.h"
#include "mbedtls/error.h"
#if defined(MBEDTLS_PADLOCK_C)
#include "mbedtls/padlock.h"
#endif
@ -62,29 +57,6 @@
#define AES_VALIDATE( cond ) \
MBEDTLS_INTERNAL_VALIDATE( cond )
/*
* 32-bit integer manipulation macros (little endian)
*/
#ifndef GET_UINT32_LE
#define GET_UINT32_LE(n,b,i) \
{ \
(n) = ( (uint32_t) (b)[(i) ] ) \
| ( (uint32_t) (b)[(i) + 1] << 8 ) \
| ( (uint32_t) (b)[(i) + 2] << 16 ) \
| ( (uint32_t) (b)[(i) + 3] << 24 ); \
}
#endif
#ifndef PUT_UINT32_LE
#define PUT_UINT32_LE(n,b,i) \
{ \
(b)[(i) ] = (unsigned char) ( ( (n) ) & 0xFF ); \
(b)[(i) + 1] = (unsigned char) ( ( (n) >> 8 ) & 0xFF ); \
(b)[(i) + 2] = (unsigned char) ( ( (n) >> 16 ) & 0xFF ); \
(b)[(i) + 3] = (unsigned char) ( ( (n) >> 24 ) & 0xFF ); \
}
#endif
#if defined(MBEDTLS_PADLOCK_C) && \
( defined(MBEDTLS_HAVE_X86) || defined(MBEDTLS_PADLOCK_ALIGN16) )
static int aes_padlock_ace = -1;
@ -395,9 +367,9 @@ static uint32_t RCON[10];
/*
* Tables generation code
*/
#define ROTL8(x) ( ( x << 8 ) & 0xFFFFFFFF ) | ( x >> 24 )
#define XTIME(x) ( ( x << 1 ) ^ ( ( x & 0x80 ) ? 0x1B : 0x00 ) )
#define MUL(x,y) ( ( x && y ) ? pow[(log[x]+log[y]) % 255] : 0 )
#define ROTL8(x) ( ( (x) << 8 ) & 0xFFFFFFFF ) | ( (x) >> 24 )
#define XTIME(x) ( ( (x) << 1 ) ^ ( ( (x) & 0x80 ) ? 0x1B : 0x00 ) )
#define MUL(x,y) ( ( (x) && (y) ) ? pow[(log[(x)]+log[(y)]) % 255] : 0 )
static int aes_init_done = 0;
@ -414,7 +386,7 @@ static void aes_gen_tables( void )
{
pow[i] = x;
log[x] = i;
x = ( x ^ XTIME( x ) ) & 0xFF;
x = MBEDTLS_BYTE_0( x ^ XTIME( x ) );
}
/*
@ -423,7 +395,7 @@ static void aes_gen_tables( void )
for( i = 0, x = 1; i < 10; i++ )
{
RCON[i] = (uint32_t) x;
x = XTIME( x ) & 0xFF;
x = MBEDTLS_BYTE_0( XTIME( x ) );
}
/*
@ -436,10 +408,10 @@ static void aes_gen_tables( void )
{
x = pow[255 - log[i]];
y = x; y = ( ( y << 1 ) | ( y >> 7 ) ) & 0xFF;
x ^= y; y = ( ( y << 1 ) | ( y >> 7 ) ) & 0xFF;
x ^= y; y = ( ( y << 1 ) | ( y >> 7 ) ) & 0xFF;
x ^= y; y = ( ( y << 1 ) | ( y >> 7 ) ) & 0xFF;
y = x; y = MBEDTLS_BYTE_0( ( y << 1 ) | ( y >> 7 ) );
x ^= y; y = MBEDTLS_BYTE_0( ( y << 1 ) | ( y >> 7 ) );
x ^= y; y = MBEDTLS_BYTE_0( ( y << 1 ) | ( y >> 7 ) );
x ^= y; y = MBEDTLS_BYTE_0( ( y << 1 ) | ( y >> 7 ) );
x ^= y ^ 0x63;
FSb[i] = (unsigned char) x;
@ -452,8 +424,8 @@ static void aes_gen_tables( void )
for( i = 0; i < 256; i++ )
{
x = FSb[i];
y = XTIME( x ) & 0xFF;
z = ( y ^ x ) & 0xFF;
y = MBEDTLS_BYTE_0( XTIME( x ) );
z = MBEDTLS_BYTE_0( y ^ x );
FT0[i] = ( (uint32_t) y ) ^
( (uint32_t) x << 8 ) ^
@ -595,7 +567,7 @@ int mbedtls_aes_setkey_enc( mbedtls_aes_context *ctx, const unsigned char *key,
for( i = 0; i < ( keybits >> 5 ); i++ )
{
GET_UINT32_LE( RK[i], key, i << 2 );
RK[i] = MBEDTLS_GET_UINT32_LE( key, i << 2 );
}
switch( ctx->nr )
@ -605,10 +577,10 @@ int mbedtls_aes_setkey_enc( mbedtls_aes_context *ctx, const unsigned char *key,
for( i = 0; i < 10; i++, RK += 4 )
{
RK[4] = RK[0] ^ RCON[i] ^
( (uint32_t) FSb[ ( RK[3] >> 8 ) & 0xFF ] ) ^
( (uint32_t) FSb[ ( RK[3] >> 16 ) & 0xFF ] << 8 ) ^
( (uint32_t) FSb[ ( RK[3] >> 24 ) & 0xFF ] << 16 ) ^
( (uint32_t) FSb[ ( RK[3] ) & 0xFF ] << 24 );
( (uint32_t) FSb[ MBEDTLS_BYTE_1( RK[3] ) ] ) ^
( (uint32_t) FSb[ MBEDTLS_BYTE_2( RK[3] ) ] << 8 ) ^
( (uint32_t) FSb[ MBEDTLS_BYTE_3( RK[3] ) ] << 16 ) ^
( (uint32_t) FSb[ MBEDTLS_BYTE_0( RK[3] ) ] << 24 );
RK[5] = RK[1] ^ RK[4];
RK[6] = RK[2] ^ RK[5];
@ -621,10 +593,10 @@ int mbedtls_aes_setkey_enc( mbedtls_aes_context *ctx, const unsigned char *key,
for( i = 0; i < 8; i++, RK += 6 )
{
RK[6] = RK[0] ^ RCON[i] ^
( (uint32_t) FSb[ ( RK[5] >> 8 ) & 0xFF ] ) ^
( (uint32_t) FSb[ ( RK[5] >> 16 ) & 0xFF ] << 8 ) ^
( (uint32_t) FSb[ ( RK[5] >> 24 ) & 0xFF ] << 16 ) ^
( (uint32_t) FSb[ ( RK[5] ) & 0xFF ] << 24 );
( (uint32_t) FSb[ MBEDTLS_BYTE_1( RK[5] ) ] ) ^
( (uint32_t) FSb[ MBEDTLS_BYTE_2( RK[5] ) ] << 8 ) ^
( (uint32_t) FSb[ MBEDTLS_BYTE_3( RK[5] ) ] << 16 ) ^
( (uint32_t) FSb[ MBEDTLS_BYTE_0( RK[5] ) ] << 24 );
RK[7] = RK[1] ^ RK[6];
RK[8] = RK[2] ^ RK[7];
@ -639,20 +611,20 @@ int mbedtls_aes_setkey_enc( mbedtls_aes_context *ctx, const unsigned char *key,
for( i = 0; i < 7; i++, RK += 8 )
{
RK[8] = RK[0] ^ RCON[i] ^
( (uint32_t) FSb[ ( RK[7] >> 8 ) & 0xFF ] ) ^
( (uint32_t) FSb[ ( RK[7] >> 16 ) & 0xFF ] << 8 ) ^
( (uint32_t) FSb[ ( RK[7] >> 24 ) & 0xFF ] << 16 ) ^
( (uint32_t) FSb[ ( RK[7] ) & 0xFF ] << 24 );
( (uint32_t) FSb[ MBEDTLS_BYTE_1( RK[7] ) ] ) ^
( (uint32_t) FSb[ MBEDTLS_BYTE_2( RK[7] ) ] << 8 ) ^
( (uint32_t) FSb[ MBEDTLS_BYTE_3( RK[7] ) ] << 16 ) ^
( (uint32_t) FSb[ MBEDTLS_BYTE_0( RK[7] ) ] << 24 );
RK[9] = RK[1] ^ RK[8];
RK[10] = RK[2] ^ RK[9];
RK[11] = RK[3] ^ RK[10];
RK[12] = RK[4] ^
( (uint32_t) FSb[ ( RK[11] ) & 0xFF ] ) ^
( (uint32_t) FSb[ ( RK[11] >> 8 ) & 0xFF ] << 8 ) ^
( (uint32_t) FSb[ ( RK[11] >> 16 ) & 0xFF ] << 16 ) ^
( (uint32_t) FSb[ ( RK[11] >> 24 ) & 0xFF ] << 24 );
( (uint32_t) FSb[ MBEDTLS_BYTE_0( RK[11] ) ] ) ^
( (uint32_t) FSb[ MBEDTLS_BYTE_1( RK[11] ) ] << 8 ) ^
( (uint32_t) FSb[ MBEDTLS_BYTE_2( RK[11] ) ] << 16 ) ^
( (uint32_t) FSb[ MBEDTLS_BYTE_3( RK[11] ) ] << 24 );
RK[13] = RK[5] ^ RK[12];
RK[14] = RK[6] ^ RK[13];
@ -718,10 +690,10 @@ int mbedtls_aes_setkey_dec( mbedtls_aes_context *ctx, const unsigned char *key,
{
for( j = 0; j < 4; j++, SK++ )
{
*RK++ = AES_RT0( FSb[ ( *SK ) & 0xFF ] ) ^
AES_RT1( FSb[ ( *SK >> 8 ) & 0xFF ] ) ^
AES_RT2( FSb[ ( *SK >> 16 ) & 0xFF ] ) ^
AES_RT3( FSb[ ( *SK >> 24 ) & 0xFF ] );
*RK++ = AES_RT0( FSb[ MBEDTLS_BYTE_0( *SK ) ] ) ^
AES_RT1( FSb[ MBEDTLS_BYTE_1( *SK ) ] ) ^
AES_RT2( FSb[ MBEDTLS_BYTE_2( *SK ) ] ) ^
AES_RT3( FSb[ MBEDTLS_BYTE_3( *SK ) ] );
}
}
@ -735,6 +707,7 @@ exit:
return( ret );
}
#endif /* !MBEDTLS_AES_SETKEY_DEC_ALT */
#if defined(MBEDTLS_CIPHER_MODE_XTS)
static int mbedtls_aes_xts_decode_keys( const unsigned char *key,
@ -766,7 +739,7 @@ int mbedtls_aes_xts_setkey_enc( mbedtls_aes_xts_context *ctx,
const unsigned char *key,
unsigned int keybits)
{
int ret;
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
const unsigned char *key1, *key2;
unsigned int key1bits, key2bits;
@ -791,7 +764,7 @@ int mbedtls_aes_xts_setkey_dec( mbedtls_aes_xts_context *ctx,
const unsigned char *key,
unsigned int keybits)
{
int ret;
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
const unsigned char *key1, *key2;
unsigned int key1bits, key2bits;
@ -813,53 +786,53 @@ int mbedtls_aes_xts_setkey_dec( mbedtls_aes_xts_context *ctx,
}
#endif /* MBEDTLS_CIPHER_MODE_XTS */
#endif /* !MBEDTLS_AES_SETKEY_DEC_ALT */
#define AES_FROUND(X0,X1,X2,X3,Y0,Y1,Y2,Y3) \
do \
{ \
(X0) = *RK++ ^ AES_FT0( MBEDTLS_BYTE_0( Y0 ) ) ^ \
AES_FT1( MBEDTLS_BYTE_1( Y1 ) ) ^ \
AES_FT2( MBEDTLS_BYTE_2( Y2 ) ) ^ \
AES_FT3( MBEDTLS_BYTE_3( Y3 ) ); \
\
(X1) = *RK++ ^ AES_FT0( MBEDTLS_BYTE_0( Y1 ) ) ^ \
AES_FT1( MBEDTLS_BYTE_1( Y2 ) ) ^ \
AES_FT2( MBEDTLS_BYTE_2( Y3 ) ) ^ \
AES_FT3( MBEDTLS_BYTE_3( Y0 ) ); \
\
(X2) = *RK++ ^ AES_FT0( MBEDTLS_BYTE_0( Y2 ) ) ^ \
AES_FT1( MBEDTLS_BYTE_1( Y3 ) ) ^ \
AES_FT2( MBEDTLS_BYTE_2( Y0 ) ) ^ \
AES_FT3( MBEDTLS_BYTE_3( Y1 ) ); \
\
(X3) = *RK++ ^ AES_FT0( MBEDTLS_BYTE_0( Y3 ) ) ^ \
AES_FT1( MBEDTLS_BYTE_1( Y0 ) ) ^ \
AES_FT2( MBEDTLS_BYTE_2( Y1 ) ) ^ \
AES_FT3( MBEDTLS_BYTE_3( Y2 ) ); \
} while( 0 )
#define AES_FROUND(X0,X1,X2,X3,Y0,Y1,Y2,Y3) \
{ \
X0 = *RK++ ^ AES_FT0( ( Y0 ) & 0xFF ) ^ \
AES_FT1( ( Y1 >> 8 ) & 0xFF ) ^ \
AES_FT2( ( Y2 >> 16 ) & 0xFF ) ^ \
AES_FT3( ( Y3 >> 24 ) & 0xFF ); \
\
X1 = *RK++ ^ AES_FT0( ( Y1 ) & 0xFF ) ^ \
AES_FT1( ( Y2 >> 8 ) & 0xFF ) ^ \
AES_FT2( ( Y3 >> 16 ) & 0xFF ) ^ \
AES_FT3( ( Y0 >> 24 ) & 0xFF ); \
\
X2 = *RK++ ^ AES_FT0( ( Y2 ) & 0xFF ) ^ \
AES_FT1( ( Y3 >> 8 ) & 0xFF ) ^ \
AES_FT2( ( Y0 >> 16 ) & 0xFF ) ^ \
AES_FT3( ( Y1 >> 24 ) & 0xFF ); \
\
X3 = *RK++ ^ AES_FT0( ( Y3 ) & 0xFF ) ^ \
AES_FT1( ( Y0 >> 8 ) & 0xFF ) ^ \
AES_FT2( ( Y1 >> 16 ) & 0xFF ) ^ \
AES_FT3( ( Y2 >> 24 ) & 0xFF ); \
}
#define AES_RROUND(X0,X1,X2,X3,Y0,Y1,Y2,Y3) \
{ \
X0 = *RK++ ^ AES_RT0( ( Y0 ) & 0xFF ) ^ \
AES_RT1( ( Y3 >> 8 ) & 0xFF ) ^ \
AES_RT2( ( Y2 >> 16 ) & 0xFF ) ^ \
AES_RT3( ( Y1 >> 24 ) & 0xFF ); \
\
X1 = *RK++ ^ AES_RT0( ( Y1 ) & 0xFF ) ^ \
AES_RT1( ( Y0 >> 8 ) & 0xFF ) ^ \
AES_RT2( ( Y3 >> 16 ) & 0xFF ) ^ \
AES_RT3( ( Y2 >> 24 ) & 0xFF ); \
\
X2 = *RK++ ^ AES_RT0( ( Y2 ) & 0xFF ) ^ \
AES_RT1( ( Y1 >> 8 ) & 0xFF ) ^ \
AES_RT2( ( Y0 >> 16 ) & 0xFF ) ^ \
AES_RT3( ( Y3 >> 24 ) & 0xFF ); \
\
X3 = *RK++ ^ AES_RT0( ( Y3 ) & 0xFF ) ^ \
AES_RT1( ( Y2 >> 8 ) & 0xFF ) ^ \
AES_RT2( ( Y1 >> 16 ) & 0xFF ) ^ \
AES_RT3( ( Y0 >> 24 ) & 0xFF ); \
}
#define AES_RROUND(X0,X1,X2,X3,Y0,Y1,Y2,Y3) \
do \
{ \
(X0) = *RK++ ^ AES_RT0( MBEDTLS_BYTE_0( Y0 ) ) ^ \
AES_RT1( MBEDTLS_BYTE_1( Y3 ) ) ^ \
AES_RT2( MBEDTLS_BYTE_2( Y2 ) ) ^ \
AES_RT3( MBEDTLS_BYTE_3( Y1 ) ); \
\
(X1) = *RK++ ^ AES_RT0( MBEDTLS_BYTE_0( Y1 ) ) ^ \
AES_RT1( MBEDTLS_BYTE_1( Y0 ) ) ^ \
AES_RT2( MBEDTLS_BYTE_2( Y3 ) ) ^ \
AES_RT3( MBEDTLS_BYTE_3( Y2 ) ); \
\
(X2) = *RK++ ^ AES_RT0( MBEDTLS_BYTE_0( Y2 ) ) ^ \
AES_RT1( MBEDTLS_BYTE_1( Y1 ) ) ^ \
AES_RT2( MBEDTLS_BYTE_2( Y0 ) ) ^ \
AES_RT3( MBEDTLS_BYTE_3( Y3 ) ); \
\
(X3) = *RK++ ^ AES_RT0( MBEDTLS_BYTE_0( Y3 ) ) ^ \
AES_RT1( MBEDTLS_BYTE_1( Y2 ) ) ^ \
AES_RT2( MBEDTLS_BYTE_2( Y1 ) ) ^ \
AES_RT3( MBEDTLS_BYTE_3( Y0 ) ); \
} while( 0 )
/*
* AES-ECB block encryption
@ -870,51 +843,56 @@ int mbedtls_internal_aes_encrypt( mbedtls_aes_context *ctx,
unsigned char output[16] )
{
int i;
uint32_t *RK, X0, X1, X2, X3, Y0, Y1, Y2, Y3;
uint32_t *RK = ctx->rk;
struct
{
uint32_t X[4];
uint32_t Y[4];
} t;
RK = ctx->rk;
GET_UINT32_LE( X0, input, 0 ); X0 ^= *RK++;
GET_UINT32_LE( X1, input, 4 ); X1 ^= *RK++;
GET_UINT32_LE( X2, input, 8 ); X2 ^= *RK++;
GET_UINT32_LE( X3, input, 12 ); X3 ^= *RK++;
t.X[0] = MBEDTLS_GET_UINT32_LE( input, 0 ); t.X[0] ^= *RK++;
t.X[1] = MBEDTLS_GET_UINT32_LE( input, 4 ); t.X[1] ^= *RK++;
t.X[2] = MBEDTLS_GET_UINT32_LE( input, 8 ); t.X[2] ^= *RK++;
t.X[3] = MBEDTLS_GET_UINT32_LE( input, 12 ); t.X[3] ^= *RK++;
for( i = ( ctx->nr >> 1 ) - 1; i > 0; i-- )
{
AES_FROUND( Y0, Y1, Y2, Y3, X0, X1, X2, X3 );
AES_FROUND( X0, X1, X2, X3, Y0, Y1, Y2, Y3 );
AES_FROUND( t.Y[0], t.Y[1], t.Y[2], t.Y[3], t.X[0], t.X[1], t.X[2], t.X[3] );
AES_FROUND( t.X[0], t.X[1], t.X[2], t.X[3], t.Y[0], t.Y[1], t.Y[2], t.Y[3] );
}
AES_FROUND( Y0, Y1, Y2, Y3, X0, X1, X2, X3 );
AES_FROUND( t.Y[0], t.Y[1], t.Y[2], t.Y[3], t.X[0], t.X[1], t.X[2], t.X[3] );
X0 = *RK++ ^ \
( (uint32_t) FSb[ ( Y0 ) & 0xFF ] ) ^
( (uint32_t) FSb[ ( Y1 >> 8 ) & 0xFF ] << 8 ) ^
( (uint32_t) FSb[ ( Y2 >> 16 ) & 0xFF ] << 16 ) ^
( (uint32_t) FSb[ ( Y3 >> 24 ) & 0xFF ] << 24 );
t.X[0] = *RK++ ^ \
( (uint32_t) FSb[ MBEDTLS_BYTE_0( t.Y[0] ) ] ) ^
( (uint32_t) FSb[ MBEDTLS_BYTE_1( t.Y[1] ) ] << 8 ) ^
( (uint32_t) FSb[ MBEDTLS_BYTE_2( t.Y[2] ) ] << 16 ) ^
( (uint32_t) FSb[ MBEDTLS_BYTE_3( t.Y[3] ) ] << 24 );
X1 = *RK++ ^ \
( (uint32_t) FSb[ ( Y1 ) & 0xFF ] ) ^
( (uint32_t) FSb[ ( Y2 >> 8 ) & 0xFF ] << 8 ) ^
( (uint32_t) FSb[ ( Y3 >> 16 ) & 0xFF ] << 16 ) ^
( (uint32_t) FSb[ ( Y0 >> 24 ) & 0xFF ] << 24 );
t.X[1] = *RK++ ^ \
( (uint32_t) FSb[ MBEDTLS_BYTE_0( t.Y[1] ) ] ) ^
( (uint32_t) FSb[ MBEDTLS_BYTE_1( t.Y[2] ) ] << 8 ) ^
( (uint32_t) FSb[ MBEDTLS_BYTE_2( t.Y[3] ) ] << 16 ) ^
( (uint32_t) FSb[ MBEDTLS_BYTE_3( t.Y[0] ) ] << 24 );
X2 = *RK++ ^ \
( (uint32_t) FSb[ ( Y2 ) & 0xFF ] ) ^
( (uint32_t) FSb[ ( Y3 >> 8 ) & 0xFF ] << 8 ) ^
( (uint32_t) FSb[ ( Y0 >> 16 ) & 0xFF ] << 16 ) ^
( (uint32_t) FSb[ ( Y1 >> 24 ) & 0xFF ] << 24 );
t.X[2] = *RK++ ^ \
( (uint32_t) FSb[ MBEDTLS_BYTE_0( t.Y[2] ) ] ) ^
( (uint32_t) FSb[ MBEDTLS_BYTE_1( t.Y[3] ) ] << 8 ) ^
( (uint32_t) FSb[ MBEDTLS_BYTE_2( t.Y[0] ) ] << 16 ) ^
( (uint32_t) FSb[ MBEDTLS_BYTE_3( t.Y[1] ) ] << 24 );
X3 = *RK++ ^ \
( (uint32_t) FSb[ ( Y3 ) & 0xFF ] ) ^
( (uint32_t) FSb[ ( Y0 >> 8 ) & 0xFF ] << 8 ) ^
( (uint32_t) FSb[ ( Y1 >> 16 ) & 0xFF ] << 16 ) ^
( (uint32_t) FSb[ ( Y2 >> 24 ) & 0xFF ] << 24 );
t.X[3] = *RK++ ^ \
( (uint32_t) FSb[ MBEDTLS_BYTE_0( t.Y[3] ) ] ) ^
( (uint32_t) FSb[ MBEDTLS_BYTE_1( t.Y[0] ) ] << 8 ) ^
( (uint32_t) FSb[ MBEDTLS_BYTE_2( t.Y[1] ) ] << 16 ) ^
( (uint32_t) FSb[ MBEDTLS_BYTE_3( t.Y[2] ) ] << 24 );
PUT_UINT32_LE( X0, output, 0 );
PUT_UINT32_LE( X1, output, 4 );
PUT_UINT32_LE( X2, output, 8 );
PUT_UINT32_LE( X3, output, 12 );
MBEDTLS_PUT_UINT32_LE( t.X[0], output, 0 );
MBEDTLS_PUT_UINT32_LE( t.X[1], output, 4 );
MBEDTLS_PUT_UINT32_LE( t.X[2], output, 8 );
MBEDTLS_PUT_UINT32_LE( t.X[3], output, 12 );
mbedtls_platform_zeroize( &t, sizeof( t ) );
return( 0 );
}
@ -925,7 +903,7 @@ void mbedtls_aes_encrypt( mbedtls_aes_context *ctx,
const unsigned char input[16],
unsigned char output[16] )
{
mbedtls_internal_aes_encrypt( ctx, input, output );
MBEDTLS_IGNORE_RETURN( mbedtls_internal_aes_encrypt( ctx, input, output ) );
}
#endif /* !MBEDTLS_DEPRECATED_REMOVED */
@ -938,51 +916,56 @@ int mbedtls_internal_aes_decrypt( mbedtls_aes_context *ctx,
unsigned char output[16] )
{
int i;
uint32_t *RK, X0, X1, X2, X3, Y0, Y1, Y2, Y3;
uint32_t *RK = ctx->rk;
struct
{
uint32_t X[4];
uint32_t Y[4];
} t;
RK = ctx->rk;
GET_UINT32_LE( X0, input, 0 ); X0 ^= *RK++;
GET_UINT32_LE( X1, input, 4 ); X1 ^= *RK++;
GET_UINT32_LE( X2, input, 8 ); X2 ^= *RK++;
GET_UINT32_LE( X3, input, 12 ); X3 ^= *RK++;
t.X[0] = MBEDTLS_GET_UINT32_LE( input, 0 ); t.X[0] ^= *RK++;
t.X[1] = MBEDTLS_GET_UINT32_LE( input, 4 ); t.X[1] ^= *RK++;
t.X[2] = MBEDTLS_GET_UINT32_LE( input, 8 ); t.X[2] ^= *RK++;
t.X[3] = MBEDTLS_GET_UINT32_LE( input, 12 ); t.X[3] ^= *RK++;
for( i = ( ctx->nr >> 1 ) - 1; i > 0; i-- )
{
AES_RROUND( Y0, Y1, Y2, Y3, X0, X1, X2, X3 );
AES_RROUND( X0, X1, X2, X3, Y0, Y1, Y2, Y3 );
AES_RROUND( t.Y[0], t.Y[1], t.Y[2], t.Y[3], t.X[0], t.X[1], t.X[2], t.X[3] );
AES_RROUND( t.X[0], t.X[1], t.X[2], t.X[3], t.Y[0], t.Y[1], t.Y[2], t.Y[3] );
}
AES_RROUND( Y0, Y1, Y2, Y3, X0, X1, X2, X3 );
AES_RROUND( t.Y[0], t.Y[1], t.Y[2], t.Y[3], t.X[0], t.X[1], t.X[2], t.X[3] );
X0 = *RK++ ^ \
( (uint32_t) RSb[ ( Y0 ) & 0xFF ] ) ^
( (uint32_t) RSb[ ( Y3 >> 8 ) & 0xFF ] << 8 ) ^
( (uint32_t) RSb[ ( Y2 >> 16 ) & 0xFF ] << 16 ) ^
( (uint32_t) RSb[ ( Y1 >> 24 ) & 0xFF ] << 24 );
t.X[0] = *RK++ ^ \
( (uint32_t) RSb[ MBEDTLS_BYTE_0( t.Y[0] ) ] ) ^
( (uint32_t) RSb[ MBEDTLS_BYTE_1( t.Y[3] ) ] << 8 ) ^
( (uint32_t) RSb[ MBEDTLS_BYTE_2( t.Y[2] ) ] << 16 ) ^
( (uint32_t) RSb[ MBEDTLS_BYTE_3( t.Y[1] ) ] << 24 );
X1 = *RK++ ^ \
( (uint32_t) RSb[ ( Y1 ) & 0xFF ] ) ^
( (uint32_t) RSb[ ( Y0 >> 8 ) & 0xFF ] << 8 ) ^
( (uint32_t) RSb[ ( Y3 >> 16 ) & 0xFF ] << 16 ) ^
( (uint32_t) RSb[ ( Y2 >> 24 ) & 0xFF ] << 24 );
t.X[1] = *RK++ ^ \
( (uint32_t) RSb[ MBEDTLS_BYTE_0( t.Y[1] ) ] ) ^
( (uint32_t) RSb[ MBEDTLS_BYTE_1( t.Y[0] ) ] << 8 ) ^
( (uint32_t) RSb[ MBEDTLS_BYTE_2( t.Y[3] ) ] << 16 ) ^
( (uint32_t) RSb[ MBEDTLS_BYTE_3( t.Y[2] ) ] << 24 );
X2 = *RK++ ^ \
( (uint32_t) RSb[ ( Y2 ) & 0xFF ] ) ^
( (uint32_t) RSb[ ( Y1 >> 8 ) & 0xFF ] << 8 ) ^
( (uint32_t) RSb[ ( Y0 >> 16 ) & 0xFF ] << 16 ) ^
( (uint32_t) RSb[ ( Y3 >> 24 ) & 0xFF ] << 24 );
t.X[2] = *RK++ ^ \
( (uint32_t) RSb[ MBEDTLS_BYTE_0( t.Y[2] ) ] ) ^
( (uint32_t) RSb[ MBEDTLS_BYTE_1( t.Y[1] ) ] << 8 ) ^
( (uint32_t) RSb[ MBEDTLS_BYTE_2( t.Y[0] ) ] << 16 ) ^
( (uint32_t) RSb[ MBEDTLS_BYTE_3( t.Y[3] ) ] << 24 );
X3 = *RK++ ^ \
( (uint32_t) RSb[ ( Y3 ) & 0xFF ] ) ^
( (uint32_t) RSb[ ( Y2 >> 8 ) & 0xFF ] << 8 ) ^
( (uint32_t) RSb[ ( Y1 >> 16 ) & 0xFF ] << 16 ) ^
( (uint32_t) RSb[ ( Y0 >> 24 ) & 0xFF ] << 24 );
t.X[3] = *RK++ ^ \
( (uint32_t) RSb[ MBEDTLS_BYTE_0( t.Y[3] ) ] ) ^
( (uint32_t) RSb[ MBEDTLS_BYTE_1( t.Y[2] ) ] << 8 ) ^
( (uint32_t) RSb[ MBEDTLS_BYTE_2( t.Y[1] ) ] << 16 ) ^
( (uint32_t) RSb[ MBEDTLS_BYTE_3( t.Y[0] ) ] << 24 );
PUT_UINT32_LE( X0, output, 0 );
PUT_UINT32_LE( X1, output, 4 );
PUT_UINT32_LE( X2, output, 8 );
PUT_UINT32_LE( X3, output, 12 );
MBEDTLS_PUT_UINT32_LE( t.X[0], output, 0 );
MBEDTLS_PUT_UINT32_LE( t.X[1], output, 4 );
MBEDTLS_PUT_UINT32_LE( t.X[2], output, 8 );
MBEDTLS_PUT_UINT32_LE( t.X[3], output, 12 );
mbedtls_platform_zeroize( &t, sizeof( t ) );
return( 0 );
}
@ -993,7 +976,7 @@ void mbedtls_aes_decrypt( mbedtls_aes_context *ctx,
const unsigned char input[16],
unsigned char output[16] )
{
mbedtls_internal_aes_decrypt( ctx, input, output );
MBEDTLS_IGNORE_RETURN( mbedtls_internal_aes_decrypt( ctx, input, output ) );
}
#endif /* !MBEDTLS_DEPRECATED_REMOVED */
@ -1046,6 +1029,7 @@ int mbedtls_aes_crypt_cbc( mbedtls_aes_context *ctx,
unsigned char *output )
{
int i;
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
unsigned char temp[16];
AES_VALIDATE_RET( ctx != NULL );
@ -1075,7 +1059,9 @@ int mbedtls_aes_crypt_cbc( mbedtls_aes_context *ctx,
while( length > 0 )
{
memcpy( temp, input, 16 );
mbedtls_aes_crypt_ecb( ctx, mode, input, output );
ret = mbedtls_aes_crypt_ecb( ctx, mode, input, output );
if( ret != 0 )
goto exit;
for( i = 0; i < 16; i++ )
output[i] = (unsigned char)( output[i] ^ iv[i] );
@ -1094,7 +1080,9 @@ int mbedtls_aes_crypt_cbc( mbedtls_aes_context *ctx,
for( i = 0; i < 16; i++ )
output[i] = (unsigned char)( input[i] ^ iv[i] );
mbedtls_aes_crypt_ecb( ctx, mode, output, output );
ret = mbedtls_aes_crypt_ecb( ctx, mode, output, output );
if( ret != 0 )
goto exit;
memcpy( iv, output, 16 );
input += 16;
@ -1102,42 +1090,15 @@ int mbedtls_aes_crypt_cbc( mbedtls_aes_context *ctx,
length -= 16;
}
}
ret = 0;
return( 0 );
exit:
return( ret );
}
#endif /* MBEDTLS_CIPHER_MODE_CBC */
#if defined(MBEDTLS_CIPHER_MODE_XTS)
/* Endianess with 64 bits values */
#ifndef GET_UINT64_LE
#define GET_UINT64_LE(n,b,i) \
{ \
(n) = ( (uint64_t) (b)[(i) + 7] << 56 ) \
| ( (uint64_t) (b)[(i) + 6] << 48 ) \
| ( (uint64_t) (b)[(i) + 5] << 40 ) \
| ( (uint64_t) (b)[(i) + 4] << 32 ) \
| ( (uint64_t) (b)[(i) + 3] << 24 ) \
| ( (uint64_t) (b)[(i) + 2] << 16 ) \
| ( (uint64_t) (b)[(i) + 1] << 8 ) \
| ( (uint64_t) (b)[(i) ] ); \
}
#endif
#ifndef PUT_UINT64_LE
#define PUT_UINT64_LE(n,b,i) \
{ \
(b)[(i) + 7] = (unsigned char) ( (n) >> 56 ); \
(b)[(i) + 6] = (unsigned char) ( (n) >> 48 ); \
(b)[(i) + 5] = (unsigned char) ( (n) >> 40 ); \
(b)[(i) + 4] = (unsigned char) ( (n) >> 32 ); \
(b)[(i) + 3] = (unsigned char) ( (n) >> 24 ); \
(b)[(i) + 2] = (unsigned char) ( (n) >> 16 ); \
(b)[(i) + 1] = (unsigned char) ( (n) >> 8 ); \
(b)[(i) ] = (unsigned char) ( (n) ); \
}
#endif
typedef unsigned char mbedtls_be128[16];
/*
@ -1153,14 +1114,14 @@ static void mbedtls_gf128mul_x_ble( unsigned char r[16],
{
uint64_t a, b, ra, rb;
GET_UINT64_LE( a, x, 0 );
GET_UINT64_LE( b, x, 8 );
a = MBEDTLS_GET_UINT64_LE( x, 0 );
b = MBEDTLS_GET_UINT64_LE( x, 8 );
ra = ( a << 1 ) ^ 0x0087 >> ( 8 - ( ( b >> 63 ) << 3 ) );
rb = ( a >> 63 ) | ( b << 1 );
PUT_UINT64_LE( ra, r, 0 );
PUT_UINT64_LE( rb, r, 8 );
MBEDTLS_PUT_UINT64_LE( ra, r, 0 );
MBEDTLS_PUT_UINT64_LE( rb, r, 8 );
}
/*
@ -1173,7 +1134,7 @@ int mbedtls_aes_crypt_xts( mbedtls_aes_xts_context *ctx,
const unsigned char *input,
unsigned char *output )
{
int ret;
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
size_t blocks = length / 16;
size_t leftover = length % 16;
unsigned char tweak[16];
@ -1286,6 +1247,7 @@ int mbedtls_aes_crypt_cfb128( mbedtls_aes_context *ctx,
unsigned char *output )
{
int c;
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
size_t n;
AES_VALIDATE_RET( ctx != NULL );
@ -1306,7 +1268,11 @@ int mbedtls_aes_crypt_cfb128( mbedtls_aes_context *ctx,
while( length-- )
{
if( n == 0 )
mbedtls_aes_crypt_ecb( ctx, MBEDTLS_AES_ENCRYPT, iv, iv );
{
ret = mbedtls_aes_crypt_ecb( ctx, MBEDTLS_AES_ENCRYPT, iv, iv );
if( ret != 0 )
goto exit;
}
c = *input++;
*output++ = (unsigned char)( c ^ iv[n] );
@ -1320,7 +1286,11 @@ int mbedtls_aes_crypt_cfb128( mbedtls_aes_context *ctx,
while( length-- )
{
if( n == 0 )
mbedtls_aes_crypt_ecb( ctx, MBEDTLS_AES_ENCRYPT, iv, iv );
{
ret = mbedtls_aes_crypt_ecb( ctx, MBEDTLS_AES_ENCRYPT, iv, iv );
if( ret != 0 )
goto exit;
}
iv[n] = *output++ = (unsigned char)( iv[n] ^ *input++ );
@ -1329,8 +1299,10 @@ int mbedtls_aes_crypt_cfb128( mbedtls_aes_context *ctx,
}
*iv_off = n;
ret = 0;
return( 0 );
exit:
return( ret );
}
/*
@ -1343,6 +1315,7 @@ int mbedtls_aes_crypt_cfb8( mbedtls_aes_context *ctx,
const unsigned char *input,
unsigned char *output )
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
unsigned char c;
unsigned char ov[17];
@ -1355,7 +1328,9 @@ int mbedtls_aes_crypt_cfb8( mbedtls_aes_context *ctx,
while( length-- )
{
memcpy( ov, iv, 16 );
mbedtls_aes_crypt_ecb( ctx, MBEDTLS_AES_ENCRYPT, iv, iv );
ret = mbedtls_aes_crypt_ecb( ctx, MBEDTLS_AES_ENCRYPT, iv, iv );
if( ret != 0 )
goto exit;
if( mode == MBEDTLS_AES_DECRYPT )
ov[16] = *input;
@ -1367,8 +1342,10 @@ int mbedtls_aes_crypt_cfb8( mbedtls_aes_context *ctx,
memcpy( iv, ov + 1, 16 );
}
ret = 0;
return( 0 );
exit:
return( ret );
}
#endif /* MBEDTLS_CIPHER_MODE_CFB */
@ -1430,6 +1407,7 @@ int mbedtls_aes_crypt_ctr( mbedtls_aes_context *ctx,
unsigned char *output )
{
int c, i;
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
size_t n;
AES_VALIDATE_RET( ctx != NULL );
@ -1447,7 +1425,9 @@ int mbedtls_aes_crypt_ctr( mbedtls_aes_context *ctx,
while( length-- )
{
if( n == 0 ) {
mbedtls_aes_crypt_ecb( ctx, MBEDTLS_AES_ENCRYPT, nonce_counter, stream_block );
ret = mbedtls_aes_crypt_ecb( ctx, MBEDTLS_AES_ENCRYPT, nonce_counter, stream_block );
if( ret != 0 )
goto exit;
for( i = 16; i > 0; i-- )
if( ++nonce_counter[i - 1] != 0 )
@ -1460,8 +1440,10 @@ int mbedtls_aes_crypt_ctr( mbedtls_aes_context *ctx,
}
*nc_off = n;
ret = 0;
return( 0 );
exit:
return( ret );
}
#endif /* MBEDTLS_CIPHER_MODE_CTR */
@ -1820,7 +1802,7 @@ int mbedtls_aes_self_test( int verbose )
mode = i & 1;
if( verbose != 0 )
mbedtls_printf( " AES-ECB-%3d (%s): ", keybits,
mbedtls_printf( " AES-ECB-%3u (%s): ", keybits,
( mode == MBEDTLS_AES_DECRYPT ) ? "dec" : "enc" );
memset( buf, 0, 16 );
@ -1882,7 +1864,7 @@ int mbedtls_aes_self_test( int verbose )
mode = i & 1;
if( verbose != 0 )
mbedtls_printf( " AES-CBC-%3d (%s): ", keybits,
mbedtls_printf( " AES-CBC-%3u (%s): ", keybits,
( mode == MBEDTLS_AES_DECRYPT ) ? "dec" : "enc" );
memset( iv , 0, 16 );
@ -1957,7 +1939,7 @@ int mbedtls_aes_self_test( int verbose )
mode = i & 1;
if( verbose != 0 )
mbedtls_printf( " AES-CFB128-%3d (%s): ", keybits,
mbedtls_printf( " AES-CFB128-%3u (%s): ", keybits,
( mode == MBEDTLS_AES_DECRYPT ) ? "dec" : "enc" );
memcpy( iv, aes_test_cfb128_iv, 16 );
@ -2020,7 +2002,7 @@ int mbedtls_aes_self_test( int verbose )
mode = i & 1;
if( verbose != 0 )
mbedtls_printf( " AES-OFB-%3d (%s): ", keybits,
mbedtls_printf( " AES-OFB-%3u (%s): ", keybits,
( mode == MBEDTLS_AES_DECRYPT ) ? "dec" : "enc" );
memcpy( iv, aes_test_ofb_iv, 16 );