edhoc 1.4.0 → 2.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (759) hide show
  1. package/.clang-format +79 -0
  2. package/README.md +6 -5
  3. package/dist/cbor-utils.d.ts +30 -0
  4. package/dist/cbor-utils.d.ts.map +1 -0
  5. package/dist/cbor-utils.js +179 -0
  6. package/dist/cipher-suites.d.ts +13 -0
  7. package/dist/cipher-suites.d.ts.map +1 -0
  8. package/dist/cipher-suites.js +22 -0
  9. package/dist/edhoc.d.ts +84 -283
  10. package/dist/edhoc.d.ts.map +1 -1
  11. package/dist/edhoc.js +562 -34
  12. package/package.json +5 -19
  13. package/.gitmodules +0 -3
  14. package/binding.gyp +0 -66
  15. package/dist/bindings.d.ts +0 -5
  16. package/dist/bindings.d.ts.map +0 -1
  17. package/dist/bindings.js +0 -10
  18. package/external/libedhoc/backends/cbor/include/backend_cbor_bstr_type_decode.h +0 -35
  19. package/external/libedhoc/backends/cbor/include/backend_cbor_bstr_type_encode.h +0 -35
  20. package/external/libedhoc/backends/cbor/include/backend_cbor_bstr_type_types.h +0 -34
  21. package/external/libedhoc/backends/cbor/include/backend_cbor_ead_decode.h +0 -35
  22. package/external/libedhoc/backends/cbor/include/backend_cbor_ead_encode.h +0 -35
  23. package/external/libedhoc/backends/cbor/include/backend_cbor_edhoc_types.h +0 -102
  24. package/external/libedhoc/backends/cbor/include/backend_cbor_enc_structure_decode.h +0 -35
  25. package/external/libedhoc/backends/cbor/include/backend_cbor_enc_structure_encode.h +0 -35
  26. package/external/libedhoc/backends/cbor/include/backend_cbor_enc_structure_types.h +0 -37
  27. package/external/libedhoc/backends/cbor/include/backend_cbor_id_cred_x_decode.h +0 -35
  28. package/external/libedhoc/backends/cbor/include/backend_cbor_id_cred_x_encode.h +0 -35
  29. package/external/libedhoc/backends/cbor/include/backend_cbor_info_decode.h +0 -35
  30. package/external/libedhoc/backends/cbor/include/backend_cbor_info_encode.h +0 -35
  31. package/external/libedhoc/backends/cbor/include/backend_cbor_int_type_decode.h +0 -35
  32. package/external/libedhoc/backends/cbor/include/backend_cbor_int_type_encode.h +0 -35
  33. package/external/libedhoc/backends/cbor/include/backend_cbor_int_type_types.h +0 -34
  34. package/external/libedhoc/backends/cbor/include/backend_cbor_message_1_decode.h +0 -35
  35. package/external/libedhoc/backends/cbor/include/backend_cbor_message_1_encode.h +0 -35
  36. package/external/libedhoc/backends/cbor/include/backend_cbor_message_2_decode.h +0 -35
  37. package/external/libedhoc/backends/cbor/include/backend_cbor_message_2_encode.h +0 -35
  38. package/external/libedhoc/backends/cbor/include/backend_cbor_message_3_decode.h +0 -35
  39. package/external/libedhoc/backends/cbor/include/backend_cbor_message_3_encode.h +0 -35
  40. package/external/libedhoc/backends/cbor/include/backend_cbor_message_4_decode.h +0 -35
  41. package/external/libedhoc/backends/cbor/include/backend_cbor_message_4_encode.h +0 -35
  42. package/external/libedhoc/backends/cbor/include/backend_cbor_message_error_decode.h +0 -35
  43. package/external/libedhoc/backends/cbor/include/backend_cbor_message_error_encode.h +0 -35
  44. package/external/libedhoc/backends/cbor/include/backend_cbor_plaintext_2_decode.h +0 -35
  45. package/external/libedhoc/backends/cbor/include/backend_cbor_plaintext_2_encode.h +0 -35
  46. package/external/libedhoc/backends/cbor/include/backend_cbor_plaintext_3_decode.h +0 -35
  47. package/external/libedhoc/backends/cbor/include/backend_cbor_plaintext_3_encode.h +0 -35
  48. package/external/libedhoc/backends/cbor/include/backend_cbor_plaintext_4_decode.h +0 -35
  49. package/external/libedhoc/backends/cbor/include/backend_cbor_plaintext_4_encode.h +0 -35
  50. package/external/libedhoc/backends/cbor/include/backend_cbor_sig_structure_decode.h +0 -35
  51. package/external/libedhoc/backends/cbor/include/backend_cbor_sig_structure_encode.h +0 -35
  52. package/external/libedhoc/backends/cbor/include/backend_cbor_sig_structure_types.h +0 -38
  53. package/external/libedhoc/backends/cbor/include/backend_cbor_x509_types.h +0 -180
  54. package/external/libedhoc/backends/cbor/src/backend_cbor_bstr_type_decode.c +0 -50
  55. package/external/libedhoc/backends/cbor/src/backend_cbor_bstr_type_encode.c +0 -50
  56. package/external/libedhoc/backends/cbor/src/backend_cbor_ead_decode.c +0 -69
  57. package/external/libedhoc/backends/cbor/src/backend_cbor_ead_encode.c +0 -69
  58. package/external/libedhoc/backends/cbor/src/backend_cbor_enc_structure_decode.c +0 -53
  59. package/external/libedhoc/backends/cbor/src/backend_cbor_enc_structure_encode.c +0 -53
  60. package/external/libedhoc/backends/cbor/src/backend_cbor_id_cred_x_decode.c +0 -152
  61. package/external/libedhoc/backends/cbor/src/backend_cbor_id_cred_x_encode.c +0 -152
  62. package/external/libedhoc/backends/cbor/src/backend_cbor_info_decode.c +0 -52
  63. package/external/libedhoc/backends/cbor/src/backend_cbor_info_encode.c +0 -52
  64. package/external/libedhoc/backends/cbor/src/backend_cbor_int_type_decode.c +0 -50
  65. package/external/libedhoc/backends/cbor/src/backend_cbor_int_type_encode.c +0 -50
  66. package/external/libedhoc/backends/cbor/src/backend_cbor_message_1_decode.c +0 -115
  67. package/external/libedhoc/backends/cbor/src/backend_cbor_message_1_encode.c +0 -115
  68. package/external/libedhoc/backends/cbor/src/backend_cbor_message_2_decode.c +0 -50
  69. package/external/libedhoc/backends/cbor/src/backend_cbor_message_2_encode.c +0 -50
  70. package/external/libedhoc/backends/cbor/src/backend_cbor_message_3_decode.c +0 -50
  71. package/external/libedhoc/backends/cbor/src/backend_cbor_message_3_encode.c +0 -50
  72. package/external/libedhoc/backends/cbor/src/backend_cbor_message_4_decode.c +0 -50
  73. package/external/libedhoc/backends/cbor/src/backend_cbor_message_4_encode.c +0 -50
  74. package/external/libedhoc/backends/cbor/src/backend_cbor_message_error_decode.c +0 -92
  75. package/external/libedhoc/backends/cbor/src/backend_cbor_message_error_encode.c +0 -92
  76. package/external/libedhoc/backends/cbor/src/backend_cbor_plaintext_2_decode.c +0 -216
  77. package/external/libedhoc/backends/cbor/src/backend_cbor_plaintext_2_encode.c +0 -217
  78. package/external/libedhoc/backends/cbor/src/backend_cbor_plaintext_3_decode.c +0 -212
  79. package/external/libedhoc/backends/cbor/src/backend_cbor_plaintext_3_encode.c +0 -212
  80. package/external/libedhoc/backends/cbor/src/backend_cbor_plaintext_4_decode.c +0 -87
  81. package/external/libedhoc/backends/cbor/src/backend_cbor_plaintext_4_encode.c +0 -87
  82. package/external/libedhoc/backends/cbor/src/backend_cbor_sig_structure_decode.c +0 -54
  83. package/external/libedhoc/backends/cbor/src/backend_cbor_sig_structure_encode.c +0 -54
  84. package/external/libedhoc/externals/Unity/examples/example_1/src/ProductionCode.c +0 -31
  85. package/external/libedhoc/externals/Unity/examples/example_1/src/ProductionCode.h +0 -10
  86. package/external/libedhoc/externals/Unity/examples/example_1/src/ProductionCode2.c +0 -18
  87. package/external/libedhoc/externals/Unity/examples/example_1/src/ProductionCode2.h +0 -9
  88. package/external/libedhoc/externals/Unity/examples/example_1/test/TestProductionCode.c +0 -69
  89. package/external/libedhoc/externals/Unity/examples/example_1/test/TestProductionCode2.c +0 -38
  90. package/external/libedhoc/externals/Unity/examples/example_1/test/test_runners/TestProductionCode2_Runner.c +0 -53
  91. package/external/libedhoc/externals/Unity/examples/example_1/test/test_runners/TestProductionCode_Runner.c +0 -57
  92. package/external/libedhoc/externals/Unity/examples/example_2/src/ProductionCode.c +0 -31
  93. package/external/libedhoc/externals/Unity/examples/example_2/src/ProductionCode.h +0 -10
  94. package/external/libedhoc/externals/Unity/examples/example_2/src/ProductionCode2.c +0 -18
  95. package/external/libedhoc/externals/Unity/examples/example_2/src/ProductionCode2.h +0 -9
  96. package/external/libedhoc/externals/Unity/examples/example_2/test/TestProductionCode.c +0 -71
  97. package/external/libedhoc/externals/Unity/examples/example_2/test/TestProductionCode2.c +0 -40
  98. package/external/libedhoc/externals/Unity/examples/example_2/test/test_runners/TestProductionCode2_Runner.c +0 -16
  99. package/external/libedhoc/externals/Unity/examples/example_2/test/test_runners/TestProductionCode_Runner.c +0 -18
  100. package/external/libedhoc/externals/Unity/examples/example_2/test/test_runners/all_tests.c +0 -19
  101. package/external/libedhoc/externals/Unity/examples/example_3/helper/UnityHelper.c +0 -17
  102. package/external/libedhoc/externals/Unity/examples/example_3/helper/UnityHelper.h +0 -19
  103. package/external/libedhoc/externals/Unity/examples/example_3/src/ProductionCode.c +0 -31
  104. package/external/libedhoc/externals/Unity/examples/example_3/src/ProductionCode.h +0 -10
  105. package/external/libedhoc/externals/Unity/examples/example_3/src/ProductionCode2.c +0 -18
  106. package/external/libedhoc/externals/Unity/examples/example_3/src/ProductionCode2.h +0 -9
  107. package/external/libedhoc/externals/Unity/examples/example_3/test/TestProductionCode.c +0 -69
  108. package/external/libedhoc/externals/Unity/examples/example_3/test/TestProductionCode2.c +0 -38
  109. package/external/libedhoc/externals/Unity/examples/example_4/src/ProductionCode.c +0 -31
  110. package/external/libedhoc/externals/Unity/examples/example_4/src/ProductionCode.h +0 -10
  111. package/external/libedhoc/externals/Unity/examples/example_4/src/ProductionCode2.c +0 -18
  112. package/external/libedhoc/externals/Unity/examples/example_4/src/ProductionCode2.h +0 -9
  113. package/external/libedhoc/externals/Unity/examples/example_4/test/TestProductionCode.c +0 -70
  114. package/external/libedhoc/externals/Unity/examples/example_4/test/TestProductionCode2.c +0 -42
  115. package/external/libedhoc/externals/Unity/examples/example_4/test/test_runners/TestProductionCode2_Runner.c +0 -53
  116. package/external/libedhoc/externals/Unity/examples/example_4/test/test_runners/TestProductionCode_Runner.c +0 -57
  117. package/external/libedhoc/externals/Unity/examples/unity_config.h +0 -251
  118. package/external/libedhoc/externals/Unity/extras/bdd/src/unity_bdd.h +0 -44
  119. package/external/libedhoc/externals/Unity/extras/bdd/test/test_bdd.c +0 -129
  120. package/external/libedhoc/externals/Unity/extras/fixture/src/unity_fixture.c +0 -310
  121. package/external/libedhoc/externals/Unity/extras/fixture/src/unity_fixture.h +0 -95
  122. package/external/libedhoc/externals/Unity/extras/fixture/src/unity_fixture_internals.h +0 -51
  123. package/external/libedhoc/externals/Unity/extras/fixture/test/main/AllTests.c +0 -20
  124. package/external/libedhoc/externals/Unity/extras/fixture/test/template_fixture_tests.c +0 -40
  125. package/external/libedhoc/externals/Unity/extras/fixture/test/unity_fixture_Test.c +0 -246
  126. package/external/libedhoc/externals/Unity/extras/fixture/test/unity_fixture_TestRunner.c +0 -33
  127. package/external/libedhoc/externals/Unity/extras/memory/src/unity_memory.c +0 -203
  128. package/external/libedhoc/externals/Unity/extras/memory/src/unity_memory.h +0 -61
  129. package/external/libedhoc/externals/Unity/extras/memory/test/unity_memory_Test.c +0 -326
  130. package/external/libedhoc/externals/Unity/extras/memory/test/unity_memory_TestRunner.c +0 -50
  131. package/external/libedhoc/externals/Unity/extras/memory/test/unity_output_Spy.c +0 -57
  132. package/external/libedhoc/externals/Unity/extras/memory/test/unity_output_Spy.h +0 -17
  133. package/external/libedhoc/externals/Unity/src/unity.c +0 -2501
  134. package/external/libedhoc/externals/Unity/src/unity.h +0 -698
  135. package/external/libedhoc/externals/Unity/src/unity_internals.h +0 -1183
  136. package/external/libedhoc/externals/Unity/test/expectdata/testsample_cmd.c +0 -61
  137. package/external/libedhoc/externals/Unity/test/expectdata/testsample_def.c +0 -57
  138. package/external/libedhoc/externals/Unity/test/expectdata/testsample_head1.c +0 -55
  139. package/external/libedhoc/externals/Unity/test/expectdata/testsample_head1.h +0 -15
  140. package/external/libedhoc/externals/Unity/test/expectdata/testsample_mock_cmd.c +0 -80
  141. package/external/libedhoc/externals/Unity/test/expectdata/testsample_mock_def.c +0 -76
  142. package/external/libedhoc/externals/Unity/test/expectdata/testsample_mock_head1.c +0 -75
  143. package/external/libedhoc/externals/Unity/test/expectdata/testsample_mock_head1.h +0 -13
  144. package/external/libedhoc/externals/Unity/test/expectdata/testsample_mock_new1.c +0 -89
  145. package/external/libedhoc/externals/Unity/test/expectdata/testsample_mock_new2.c +0 -89
  146. package/external/libedhoc/externals/Unity/test/expectdata/testsample_mock_param.c +0 -77
  147. package/external/libedhoc/externals/Unity/test/expectdata/testsample_mock_run1.c +0 -89
  148. package/external/libedhoc/externals/Unity/test/expectdata/testsample_mock_run2.c +0 -89
  149. package/external/libedhoc/externals/Unity/test/expectdata/testsample_mock_yaml.c +0 -90
  150. package/external/libedhoc/externals/Unity/test/expectdata/testsample_new1.c +0 -67
  151. package/external/libedhoc/externals/Unity/test/expectdata/testsample_new2.c +0 -70
  152. package/external/libedhoc/externals/Unity/test/expectdata/testsample_param.c +0 -58
  153. package/external/libedhoc/externals/Unity/test/expectdata/testsample_run1.c +0 -67
  154. package/external/libedhoc/externals/Unity/test/expectdata/testsample_run2.c +0 -70
  155. package/external/libedhoc/externals/Unity/test/expectdata/testsample_yaml.c +0 -71
  156. package/external/libedhoc/externals/Unity/test/testdata/CException.h +0 -18
  157. package/external/libedhoc/externals/Unity/test/testdata/Defs.h +0 -16
  158. package/external/libedhoc/externals/Unity/test/testdata/cmock.h +0 -21
  159. package/external/libedhoc/externals/Unity/test/testdata/mockMock.h +0 -20
  160. package/external/libedhoc/externals/Unity/test/testdata/testRunnerGenerator.c +0 -204
  161. package/external/libedhoc/externals/Unity/test/testdata/testRunnerGeneratorSmall.c +0 -73
  162. package/external/libedhoc/externals/Unity/test/testdata/testRunnerGeneratorWithMocks.c +0 -200
  163. package/external/libedhoc/externals/Unity/test/tests/self_assessment_utils.h +0 -151
  164. package/external/libedhoc/externals/Unity/test/tests/test_unity_arrays.c +0 -2941
  165. package/external/libedhoc/externals/Unity/test/tests/test_unity_core.c +0 -375
  166. package/external/libedhoc/externals/Unity/test/tests/test_unity_doubles.c +0 -1285
  167. package/external/libedhoc/externals/Unity/test/tests/test_unity_floats.c +0 -1395
  168. package/external/libedhoc/externals/Unity/test/tests/test_unity_integers.c +0 -2863
  169. package/external/libedhoc/externals/Unity/test/tests/test_unity_integers_64.c +0 -783
  170. package/external/libedhoc/externals/Unity/test/tests/test_unity_memory.c +0 -82
  171. package/external/libedhoc/externals/Unity/test/tests/test_unity_parameterized.c +0 -309
  172. package/external/libedhoc/externals/Unity/test/tests/test_unity_parameterizedDemo.c +0 -28
  173. package/external/libedhoc/externals/Unity/test/tests/test_unity_strings.c +0 -330
  174. package/external/libedhoc/externals/Unity/test/tests/types_for_test.h +0 -21
  175. package/external/libedhoc/externals/compact25519/src/c25519/c25519.c +0 -126
  176. package/external/libedhoc/externals/compact25519/src/c25519/c25519.h +0 -49
  177. package/external/libedhoc/externals/compact25519/src/c25519/ed25519.c +0 -323
  178. package/external/libedhoc/externals/compact25519/src/c25519/ed25519.h +0 -84
  179. package/external/libedhoc/externals/compact25519/src/c25519/edsign.c +0 -171
  180. package/external/libedhoc/externals/compact25519/src/c25519/edsign.h +0 -53
  181. package/external/libedhoc/externals/compact25519/src/c25519/f25519.c +0 -330
  182. package/external/libedhoc/externals/compact25519/src/c25519/f25519.h +0 -98
  183. package/external/libedhoc/externals/compact25519/src/c25519/fprime.c +0 -226
  184. package/external/libedhoc/externals/compact25519/src/c25519/fprime.h +0 -81
  185. package/external/libedhoc/externals/compact25519/src/c25519/sha512.c +0 -230
  186. package/external/libedhoc/externals/compact25519/src/c25519/sha512.h +0 -54
  187. package/external/libedhoc/externals/compact25519/src/compact_ed25519.c +0 -46
  188. package/external/libedhoc/externals/compact25519/src/compact_ed25519.h +0 -110
  189. package/external/libedhoc/externals/compact25519/src/compact_wipe.c +0 -12
  190. package/external/libedhoc/externals/compact25519/src/compact_wipe.h +0 -14
  191. package/external/libedhoc/externals/compact25519/src/compact_x25519.c +0 -68
  192. package/external/libedhoc/externals/compact25519/src/compact_x25519.h +0 -101
  193. package/external/libedhoc/externals/compact25519/test/pcg_random.h +0 -25
  194. package/external/libedhoc/externals/compact25519/test/run-all.c +0 -178
  195. package/external/libedhoc/externals/mbedtls/3rdparty/everest/include/everest/Hacl_Curve25519.h +0 -21
  196. package/external/libedhoc/externals/mbedtls/3rdparty/everest/include/everest/everest.h +0 -234
  197. package/external/libedhoc/externals/mbedtls/3rdparty/everest/include/everest/kremlib/FStar_UInt128.h +0 -124
  198. package/external/libedhoc/externals/mbedtls/3rdparty/everest/include/everest/kremlib/FStar_UInt64_FStar_UInt32_FStar_UInt16_FStar_UInt8.h +0 -280
  199. package/external/libedhoc/externals/mbedtls/3rdparty/everest/include/everest/kremlib.h +0 -29
  200. package/external/libedhoc/externals/mbedtls/3rdparty/everest/include/everest/kremlin/c_endianness.h +0 -204
  201. package/external/libedhoc/externals/mbedtls/3rdparty/everest/include/everest/kremlin/internal/builtin.h +0 -16
  202. package/external/libedhoc/externals/mbedtls/3rdparty/everest/include/everest/kremlin/internal/callconv.h +0 -46
  203. package/external/libedhoc/externals/mbedtls/3rdparty/everest/include/everest/kremlin/internal/compat.h +0 -34
  204. package/external/libedhoc/externals/mbedtls/3rdparty/everest/include/everest/kremlin/internal/debug.h +0 -57
  205. package/external/libedhoc/externals/mbedtls/3rdparty/everest/include/everest/kremlin/internal/target.h +0 -102
  206. package/external/libedhoc/externals/mbedtls/3rdparty/everest/include/everest/kremlin/internal/types.h +0 -61
  207. package/external/libedhoc/externals/mbedtls/3rdparty/everest/include/everest/kremlin/internal/wasmsupport.h +0 -5
  208. package/external/libedhoc/externals/mbedtls/3rdparty/everest/include/everest/vs2013/Hacl_Curve25519.h +0 -21
  209. package/external/libedhoc/externals/mbedtls/3rdparty/everest/include/everest/vs2013/inttypes.h +0 -36
  210. package/external/libedhoc/externals/mbedtls/3rdparty/everest/include/everest/vs2013/stdbool.h +0 -31
  211. package/external/libedhoc/externals/mbedtls/3rdparty/everest/include/everest/x25519.h +0 -190
  212. package/external/libedhoc/externals/mbedtls/3rdparty/everest/library/Hacl_Curve25519.c +0 -760
  213. package/external/libedhoc/externals/mbedtls/3rdparty/everest/library/Hacl_Curve25519_joined.c +0 -50
  214. package/external/libedhoc/externals/mbedtls/3rdparty/everest/library/everest.c +0 -102
  215. package/external/libedhoc/externals/mbedtls/3rdparty/everest/library/kremlib/FStar_UInt128_extracted.c +0 -413
  216. package/external/libedhoc/externals/mbedtls/3rdparty/everest/library/kremlib/FStar_UInt64_FStar_UInt32_FStar_UInt16_FStar_UInt8.c +0 -100
  217. package/external/libedhoc/externals/mbedtls/3rdparty/everest/library/legacy/Hacl_Curve25519.c +0 -805
  218. package/external/libedhoc/externals/mbedtls/3rdparty/everest/library/x25519.c +0 -186
  219. package/external/libedhoc/externals/mbedtls/3rdparty/p256-m/p256-m/p256-m.c +0 -1514
  220. package/external/libedhoc/externals/mbedtls/3rdparty/p256-m/p256-m/p256-m.h +0 -135
  221. package/external/libedhoc/externals/mbedtls/3rdparty/p256-m/p256-m_driver_entrypoints.c +0 -312
  222. package/external/libedhoc/externals/mbedtls/3rdparty/p256-m/p256-m_driver_entrypoints.h +0 -219
  223. package/external/libedhoc/externals/mbedtls/configs/config-ccm-psk-dtls1_2.h +0 -92
  224. package/external/libedhoc/externals/mbedtls/configs/config-ccm-psk-tls1_2.h +0 -83
  225. package/external/libedhoc/externals/mbedtls/configs/config-no-entropy.h +0 -73
  226. package/external/libedhoc/externals/mbedtls/configs/config-suite-b.h +0 -106
  227. package/external/libedhoc/externals/mbedtls/configs/config-symmetric-only.h +0 -77
  228. package/external/libedhoc/externals/mbedtls/configs/config-thread.h +0 -76
  229. package/external/libedhoc/externals/mbedtls/configs/crypto-config-ccm-aes-sha256.h +0 -25
  230. package/external/libedhoc/externals/mbedtls/configs/crypto_config_profile_medium.h +0 -136
  231. package/external/libedhoc/externals/mbedtls/configs/tfm_mbedcrypto_config_profile_medium.h +0 -609
  232. package/external/libedhoc/externals/mbedtls/doxygen/input/doc_encdec.h +0 -54
  233. package/external/libedhoc/externals/mbedtls/doxygen/input/doc_hashing.h +0 -30
  234. package/external/libedhoc/externals/mbedtls/doxygen/input/doc_mainpage.h +0 -19
  235. package/external/libedhoc/externals/mbedtls/doxygen/input/doc_rng.h +0 -27
  236. package/external/libedhoc/externals/mbedtls/doxygen/input/doc_ssltls.h +0 -37
  237. package/external/libedhoc/externals/mbedtls/doxygen/input/doc_tcpip.h +0 -32
  238. package/external/libedhoc/externals/mbedtls/doxygen/input/doc_x509.h +0 -31
  239. package/external/libedhoc/externals/mbedtls/include/mbedtls/aes.h +0 -627
  240. package/external/libedhoc/externals/mbedtls/include/mbedtls/aria.h +0 -341
  241. package/external/libedhoc/externals/mbedtls/include/mbedtls/asn1.h +0 -641
  242. package/external/libedhoc/externals/mbedtls/include/mbedtls/asn1write.h +0 -389
  243. package/external/libedhoc/externals/mbedtls/include/mbedtls/base64.h +0 -82
  244. package/external/libedhoc/externals/mbedtls/include/mbedtls/bignum.h +0 -1084
  245. package/external/libedhoc/externals/mbedtls/include/mbedtls/build_info.h +0 -146
  246. package/external/libedhoc/externals/mbedtls/include/mbedtls/camellia.h +0 -303
  247. package/external/libedhoc/externals/mbedtls/include/mbedtls/ccm.h +0 -518
  248. package/external/libedhoc/externals/mbedtls/include/mbedtls/chacha20.h +0 -202
  249. package/external/libedhoc/externals/mbedtls/include/mbedtls/chachapoly.h +0 -342
  250. package/external/libedhoc/externals/mbedtls/include/mbedtls/check_config.h +0 -1206
  251. package/external/libedhoc/externals/mbedtls/include/mbedtls/cipher.h +0 -1183
  252. package/external/libedhoc/externals/mbedtls/include/mbedtls/cmac.h +0 -246
  253. package/external/libedhoc/externals/mbedtls/include/mbedtls/compat-2.x.h +0 -46
  254. package/external/libedhoc/externals/mbedtls/include/mbedtls/config_adjust_legacy_crypto.h +0 -183
  255. package/external/libedhoc/externals/mbedtls/include/mbedtls/config_adjust_legacy_from_psa.h +0 -877
  256. package/external/libedhoc/externals/mbedtls/include/mbedtls/config_adjust_psa_from_legacy.h +0 -334
  257. package/external/libedhoc/externals/mbedtls/include/mbedtls/config_adjust_psa_superset_legacy.h +0 -142
  258. package/external/libedhoc/externals/mbedtls/include/mbedtls/config_adjust_ssl.h +0 -76
  259. package/external/libedhoc/externals/mbedtls/include/mbedtls/config_adjust_x509.h +0 -25
  260. package/external/libedhoc/externals/mbedtls/include/mbedtls/config_psa.h +0 -55
  261. package/external/libedhoc/externals/mbedtls/include/mbedtls/constant_time.h +0 -36
  262. package/external/libedhoc/externals/mbedtls/include/mbedtls/ctr_drbg.h +0 -564
  263. package/external/libedhoc/externals/mbedtls/include/mbedtls/debug.h +0 -308
  264. package/external/libedhoc/externals/mbedtls/include/mbedtls/des.h +0 -385
  265. package/external/libedhoc/externals/mbedtls/include/mbedtls/dhm.h +0 -972
  266. package/external/libedhoc/externals/mbedtls/include/mbedtls/ecdh.h +0 -441
  267. package/external/libedhoc/externals/mbedtls/include/mbedtls/ecdsa.h +0 -671
  268. package/external/libedhoc/externals/mbedtls/include/mbedtls/ecjpake.h +0 -298
  269. package/external/libedhoc/externals/mbedtls/include/mbedtls/ecp.h +0 -1362
  270. package/external/libedhoc/externals/mbedtls/include/mbedtls/entropy.h +0 -273
  271. package/external/libedhoc/externals/mbedtls/include/mbedtls/error.h +0 -201
  272. package/external/libedhoc/externals/mbedtls/include/mbedtls/gcm.h +0 -370
  273. package/external/libedhoc/externals/mbedtls/include/mbedtls/hkdf.h +0 -124
  274. package/external/libedhoc/externals/mbedtls/include/mbedtls/hmac_drbg.h +0 -434
  275. package/external/libedhoc/externals/mbedtls/include/mbedtls/lms.h +0 -440
  276. package/external/libedhoc/externals/mbedtls/include/mbedtls/mbedtls_config.h +0 -4116
  277. package/external/libedhoc/externals/mbedtls/include/mbedtls/md.h +0 -640
  278. package/external/libedhoc/externals/mbedtls/include/mbedtls/md5.h +0 -190
  279. package/external/libedhoc/externals/mbedtls/include/mbedtls/memory_buffer_alloc.h +0 -142
  280. package/external/libedhoc/externals/mbedtls/include/mbedtls/net_sockets.h +0 -299
  281. package/external/libedhoc/externals/mbedtls/include/mbedtls/nist_kw.h +0 -166
  282. package/external/libedhoc/externals/mbedtls/include/mbedtls/oid.h +0 -722
  283. package/external/libedhoc/externals/mbedtls/include/mbedtls/pem.h +0 -160
  284. package/external/libedhoc/externals/mbedtls/include/mbedtls/pk.h +0 -1091
  285. package/external/libedhoc/externals/mbedtls/include/mbedtls/pkcs12.h +0 -186
  286. package/external/libedhoc/externals/mbedtls/include/mbedtls/pkcs5.h +0 -197
  287. package/external/libedhoc/externals/mbedtls/include/mbedtls/pkcs7.h +0 -241
  288. package/external/libedhoc/externals/mbedtls/include/mbedtls/platform.h +0 -485
  289. package/external/libedhoc/externals/mbedtls/include/mbedtls/platform_time.h +0 -79
  290. package/external/libedhoc/externals/mbedtls/include/mbedtls/platform_util.h +0 -201
  291. package/external/libedhoc/externals/mbedtls/include/mbedtls/poly1305.h +0 -168
  292. package/external/libedhoc/externals/mbedtls/include/mbedtls/private_access.h +0 -20
  293. package/external/libedhoc/externals/mbedtls/include/mbedtls/psa_util.h +0 -104
  294. package/external/libedhoc/externals/mbedtls/include/mbedtls/ripemd160.h +0 -136
  295. package/external/libedhoc/externals/mbedtls/include/mbedtls/rsa.h +0 -1143
  296. package/external/libedhoc/externals/mbedtls/include/mbedtls/sha1.h +0 -219
  297. package/external/libedhoc/externals/mbedtls/include/mbedtls/sha256.h +0 -198
  298. package/external/libedhoc/externals/mbedtls/include/mbedtls/sha3.h +0 -172
  299. package/external/libedhoc/externals/mbedtls/include/mbedtls/sha512.h +0 -208
  300. package/external/libedhoc/externals/mbedtls/include/mbedtls/ssl.h +0 -5369
  301. package/external/libedhoc/externals/mbedtls/include/mbedtls/ssl_cache.h +0 -187
  302. package/external/libedhoc/externals/mbedtls/include/mbedtls/ssl_ciphersuites.h +0 -616
  303. package/external/libedhoc/externals/mbedtls/include/mbedtls/ssl_cookie.h +0 -106
  304. package/external/libedhoc/externals/mbedtls/include/mbedtls/ssl_ticket.h +0 -181
  305. package/external/libedhoc/externals/mbedtls/include/mbedtls/threading.h +0 -105
  306. package/external/libedhoc/externals/mbedtls/include/mbedtls/timing.h +0 -94
  307. package/external/libedhoc/externals/mbedtls/include/mbedtls/version.h +0 -78
  308. package/external/libedhoc/externals/mbedtls/include/mbedtls/x509.h +0 -550
  309. package/external/libedhoc/externals/mbedtls/include/mbedtls/x509_crl.h +0 -184
  310. package/external/libedhoc/externals/mbedtls/include/mbedtls/x509_crt.h +0 -1196
  311. package/external/libedhoc/externals/mbedtls/include/mbedtls/x509_csr.h +0 -319
  312. package/external/libedhoc/externals/mbedtls/include/psa/build_info.h +0 -20
  313. package/external/libedhoc/externals/mbedtls/include/psa/crypto.h +0 -4685
  314. package/external/libedhoc/externals/mbedtls/include/psa/crypto_adjust_auto_enabled.h +0 -21
  315. package/external/libedhoc/externals/mbedtls/include/psa/crypto_adjust_config_key_pair_types.h +0 -91
  316. package/external/libedhoc/externals/mbedtls/include/psa/crypto_adjust_config_synonyms.h +0 -45
  317. package/external/libedhoc/externals/mbedtls/include/psa/crypto_builtin_composites.h +0 -210
  318. package/external/libedhoc/externals/mbedtls/include/psa/crypto_builtin_key_derivation.h +0 -118
  319. package/external/libedhoc/externals/mbedtls/include/psa/crypto_builtin_primitives.h +0 -114
  320. package/external/libedhoc/externals/mbedtls/include/psa/crypto_compat.h +0 -153
  321. package/external/libedhoc/externals/mbedtls/include/psa/crypto_config.h +0 -153
  322. package/external/libedhoc/externals/mbedtls/include/psa/crypto_driver_common.h +0 -44
  323. package/external/libedhoc/externals/mbedtls/include/psa/crypto_driver_contexts_composites.h +0 -151
  324. package/external/libedhoc/externals/mbedtls/include/psa/crypto_driver_contexts_key_derivation.h +0 -52
  325. package/external/libedhoc/externals/mbedtls/include/psa/crypto_driver_contexts_primitives.h +0 -105
  326. package/external/libedhoc/externals/mbedtls/include/psa/crypto_extra.h +0 -2064
  327. package/external/libedhoc/externals/mbedtls/include/psa/crypto_legacy.h +0 -88
  328. package/external/libedhoc/externals/mbedtls/include/psa/crypto_platform.h +0 -92
  329. package/external/libedhoc/externals/mbedtls/include/psa/crypto_se_driver.h +0 -1383
  330. package/external/libedhoc/externals/mbedtls/include/psa/crypto_sizes.h +0 -1282
  331. package/external/libedhoc/externals/mbedtls/include/psa/crypto_struct.h +0 -460
  332. package/external/libedhoc/externals/mbedtls/include/psa/crypto_types.h +0 -453
  333. package/external/libedhoc/externals/mbedtls/include/psa/crypto_values.h +0 -2756
  334. package/external/libedhoc/externals/mbedtls/library/aes.c +0 -2315
  335. package/external/libedhoc/externals/mbedtls/library/aesce.c +0 -503
  336. package/external/libedhoc/externals/mbedtls/library/aesce.h +0 -121
  337. package/external/libedhoc/externals/mbedtls/library/aesni.c +0 -802
  338. package/external/libedhoc/externals/mbedtls/library/aesni.h +0 -158
  339. package/external/libedhoc/externals/mbedtls/library/alignment.h +0 -509
  340. package/external/libedhoc/externals/mbedtls/library/aria.c +0 -991
  341. package/external/libedhoc/externals/mbedtls/library/asn1parse.c +0 -467
  342. package/external/libedhoc/externals/mbedtls/library/asn1write.c +0 -436
  343. package/external/libedhoc/externals/mbedtls/library/base64.c +0 -299
  344. package/external/libedhoc/externals/mbedtls/library/base64_internal.h +0 -45
  345. package/external/libedhoc/externals/mbedtls/library/bignum.c +0 -2806
  346. package/external/libedhoc/externals/mbedtls/library/bignum_core.c +0 -894
  347. package/external/libedhoc/externals/mbedtls/library/bignum_core.h +0 -763
  348. package/external/libedhoc/externals/mbedtls/library/bignum_mod.c +0 -394
  349. package/external/libedhoc/externals/mbedtls/library/bignum_mod.h +0 -452
  350. package/external/libedhoc/externals/mbedtls/library/bignum_mod_raw.c +0 -276
  351. package/external/libedhoc/externals/mbedtls/library/bignum_mod_raw.h +0 -416
  352. package/external/libedhoc/externals/mbedtls/library/bignum_mod_raw_invasive.h +0 -34
  353. package/external/libedhoc/externals/mbedtls/library/bn_mul.h +0 -1094
  354. package/external/libedhoc/externals/mbedtls/library/camellia.c +0 -1044
  355. package/external/libedhoc/externals/mbedtls/library/ccm.c +0 -712
  356. package/external/libedhoc/externals/mbedtls/library/chacha20.c +0 -497
  357. package/external/libedhoc/externals/mbedtls/library/chachapoly.c +0 -478
  358. package/external/libedhoc/externals/mbedtls/library/check_crypto_config.h +0 -141
  359. package/external/libedhoc/externals/mbedtls/library/cipher.c +0 -1664
  360. package/external/libedhoc/externals/mbedtls/library/cipher_wrap.c +0 -2422
  361. package/external/libedhoc/externals/mbedtls/library/cipher_wrap.h +0 -132
  362. package/external/libedhoc/externals/mbedtls/library/cmac.c +0 -1067
  363. package/external/libedhoc/externals/mbedtls/library/common.h +0 -325
  364. package/external/libedhoc/externals/mbedtls/library/constant_time.c +0 -261
  365. package/external/libedhoc/externals/mbedtls/library/constant_time_impl.h +0 -554
  366. package/external/libedhoc/externals/mbedtls/library/constant_time_internal.h +0 -579
  367. package/external/libedhoc/externals/mbedtls/library/ctr_drbg.c +0 -881
  368. package/external/libedhoc/externals/mbedtls/library/debug.c +0 -465
  369. package/external/libedhoc/externals/mbedtls/library/des.c +0 -1042
  370. package/external/libedhoc/externals/mbedtls/library/dhm.c +0 -712
  371. package/external/libedhoc/externals/mbedtls/library/ecdh.c +0 -685
  372. package/external/libedhoc/externals/mbedtls/library/ecdsa.c +0 -867
  373. package/external/libedhoc/externals/mbedtls/library/ecjpake.c +0 -1216
  374. package/external/libedhoc/externals/mbedtls/library/ecp.c +0 -3631
  375. package/external/libedhoc/externals/mbedtls/library/ecp_curves.c +0 -5467
  376. package/external/libedhoc/externals/mbedtls/library/ecp_curves_new.c +0 -6043
  377. package/external/libedhoc/externals/mbedtls/library/ecp_internal_alt.h +0 -287
  378. package/external/libedhoc/externals/mbedtls/library/ecp_invasive.h +0 -325
  379. package/external/libedhoc/externals/mbedtls/library/entropy.c +0 -676
  380. package/external/libedhoc/externals/mbedtls/library/entropy_poll.c +0 -229
  381. package/external/libedhoc/externals/mbedtls/library/entropy_poll.h +0 -64
  382. package/external/libedhoc/externals/mbedtls/library/error.c +0 -878
  383. package/external/libedhoc/externals/mbedtls/library/gcm.c +0 -1168
  384. package/external/libedhoc/externals/mbedtls/library/hkdf.c +0 -161
  385. package/external/libedhoc/externals/mbedtls/library/hmac_drbg.c +0 -633
  386. package/external/libedhoc/externals/mbedtls/library/lmots.c +0 -821
  387. package/external/libedhoc/externals/mbedtls/library/lmots.h +0 -311
  388. package/external/libedhoc/externals/mbedtls/library/lms.c +0 -779
  389. package/external/libedhoc/externals/mbedtls/library/md.c +0 -1108
  390. package/external/libedhoc/externals/mbedtls/library/md5.c +0 -426
  391. package/external/libedhoc/externals/mbedtls/library/md_psa.h +0 -63
  392. package/external/libedhoc/externals/mbedtls/library/md_wrap.h +0 -46
  393. package/external/libedhoc/externals/mbedtls/library/memory_buffer_alloc.c +0 -745
  394. package/external/libedhoc/externals/mbedtls/library/mps_common.h +0 -181
  395. package/external/libedhoc/externals/mbedtls/library/mps_error.h +0 -89
  396. package/external/libedhoc/externals/mbedtls/library/mps_reader.c +0 -538
  397. package/external/libedhoc/externals/mbedtls/library/mps_reader.h +0 -366
  398. package/external/libedhoc/externals/mbedtls/library/mps_trace.c +0 -112
  399. package/external/libedhoc/externals/mbedtls/library/mps_trace.h +0 -154
  400. package/external/libedhoc/externals/mbedtls/library/net_sockets.c +0 -696
  401. package/external/libedhoc/externals/mbedtls/library/nist_kw.c +0 -725
  402. package/external/libedhoc/externals/mbedtls/library/oid.c +0 -1154
  403. package/external/libedhoc/externals/mbedtls/library/padlock.c +0 -155
  404. package/external/libedhoc/externals/mbedtls/library/padlock.h +0 -111
  405. package/external/libedhoc/externals/mbedtls/library/pem.c +0 -520
  406. package/external/libedhoc/externals/mbedtls/library/pk.c +0 -970
  407. package/external/libedhoc/externals/mbedtls/library/pk_internal.h +0 -118
  408. package/external/libedhoc/externals/mbedtls/library/pk_wrap.c +0 -1834
  409. package/external/libedhoc/externals/mbedtls/library/pk_wrap.h +0 -156
  410. package/external/libedhoc/externals/mbedtls/library/pkcs12.c +0 -447
  411. package/external/libedhoc/externals/mbedtls/library/pkcs5.c +0 -496
  412. package/external/libedhoc/externals/mbedtls/library/pkcs7.c +0 -773
  413. package/external/libedhoc/externals/mbedtls/library/pkparse.c +0 -1845
  414. package/external/libedhoc/externals/mbedtls/library/pkwrite.c +0 -836
  415. package/external/libedhoc/externals/mbedtls/library/pkwrite.h +0 -112
  416. package/external/libedhoc/externals/mbedtls/library/platform.c +0 -402
  417. package/external/libedhoc/externals/mbedtls/library/platform_util.c +0 -285
  418. package/external/libedhoc/externals/mbedtls/library/poly1305.c +0 -492
  419. package/external/libedhoc/externals/mbedtls/library/psa_crypto.c +0 -8432
  420. package/external/libedhoc/externals/mbedtls/library/psa_crypto_aead.c +0 -653
  421. package/external/libedhoc/externals/mbedtls/library/psa_crypto_aead.h +0 -499
  422. package/external/libedhoc/externals/mbedtls/library/psa_crypto_cipher.c +0 -590
  423. package/external/libedhoc/externals/mbedtls/library/psa_crypto_cipher.h +0 -293
  424. package/external/libedhoc/externals/mbedtls/library/psa_crypto_client.c +0 -67
  425. package/external/libedhoc/externals/mbedtls/library/psa_crypto_core.h +0 -838
  426. package/external/libedhoc/externals/mbedtls/library/psa_crypto_core_common.h +0 -52
  427. package/external/libedhoc/externals/mbedtls/library/psa_crypto_driver_wrappers.h +0 -2871
  428. package/external/libedhoc/externals/mbedtls/library/psa_crypto_driver_wrappers_no_static.c +0 -256
  429. package/external/libedhoc/externals/mbedtls/library/psa_crypto_driver_wrappers_no_static.h +0 -31
  430. package/external/libedhoc/externals/mbedtls/library/psa_crypto_ecp.c +0 -561
  431. package/external/libedhoc/externals/mbedtls/library/psa_crypto_ecp.h +0 -267
  432. package/external/libedhoc/externals/mbedtls/library/psa_crypto_ffdh.c +0 -295
  433. package/external/libedhoc/externals/mbedtls/library/psa_crypto_ffdh.h +0 -132
  434. package/external/libedhoc/externals/mbedtls/library/psa_crypto_hash.c +0 -470
  435. package/external/libedhoc/externals/mbedtls/library/psa_crypto_hash.h +0 -211
  436. package/external/libedhoc/externals/mbedtls/library/psa_crypto_invasive.h +0 -70
  437. package/external/libedhoc/externals/mbedtls/library/psa_crypto_its.h +0 -131
  438. package/external/libedhoc/externals/mbedtls/library/psa_crypto_mac.c +0 -496
  439. package/external/libedhoc/externals/mbedtls/library/psa_crypto_mac.h +0 -264
  440. package/external/libedhoc/externals/mbedtls/library/psa_crypto_pake.c +0 -571
  441. package/external/libedhoc/externals/mbedtls/library/psa_crypto_pake.h +0 -159
  442. package/external/libedhoc/externals/mbedtls/library/psa_crypto_random_impl.h +0 -192
  443. package/external/libedhoc/externals/mbedtls/library/psa_crypto_rsa.c +0 -727
  444. package/external/libedhoc/externals/mbedtls/library/psa_crypto_rsa.h +0 -317
  445. package/external/libedhoc/externals/mbedtls/library/psa_crypto_se.c +0 -373
  446. package/external/libedhoc/externals/mbedtls/library/psa_crypto_se.h +0 -185
  447. package/external/libedhoc/externals/mbedtls/library/psa_crypto_slot_management.c +0 -559
  448. package/external/libedhoc/externals/mbedtls/library/psa_crypto_slot_management.h +0 -213
  449. package/external/libedhoc/externals/mbedtls/library/psa_crypto_storage.c +0 -481
  450. package/external/libedhoc/externals/mbedtls/library/psa_crypto_storage.h +0 -384
  451. package/external/libedhoc/externals/mbedtls/library/psa_its_file.c +0 -259
  452. package/external/libedhoc/externals/mbedtls/library/psa_util.c +0 -160
  453. package/external/libedhoc/externals/mbedtls/library/psa_util_internal.h +0 -96
  454. package/external/libedhoc/externals/mbedtls/library/ripemd160.c +0 -490
  455. package/external/libedhoc/externals/mbedtls/library/rsa.c +0 -2640
  456. package/external/libedhoc/externals/mbedtls/library/rsa_alt_helpers.c +0 -447
  457. package/external/libedhoc/externals/mbedtls/library/rsa_alt_helpers.h +0 -208
  458. package/external/libedhoc/externals/mbedtls/library/sha1.c +0 -480
  459. package/external/libedhoc/externals/mbedtls/library/sha256.c +0 -946
  460. package/external/libedhoc/externals/mbedtls/library/sha3.c +0 -626
  461. package/external/libedhoc/externals/mbedtls/library/sha512.c +0 -1111
  462. package/external/libedhoc/externals/mbedtls/library/ssl_cache.c +0 -410
  463. package/external/libedhoc/externals/mbedtls/library/ssl_ciphersuites.c +0 -2050
  464. package/external/libedhoc/externals/mbedtls/library/ssl_client.c +0 -1017
  465. package/external/libedhoc/externals/mbedtls/library/ssl_client.h +0 -22
  466. package/external/libedhoc/externals/mbedtls/library/ssl_cookie.c +0 -380
  467. package/external/libedhoc/externals/mbedtls/library/ssl_debug_helpers.h +0 -78
  468. package/external/libedhoc/externals/mbedtls/library/ssl_debug_helpers_generated.c +0 -234
  469. package/external/libedhoc/externals/mbedtls/library/ssl_misc.h +0 -2847
  470. package/external/libedhoc/externals/mbedtls/library/ssl_msg.c +0 -6155
  471. package/external/libedhoc/externals/mbedtls/library/ssl_ticket.c +0 -540
  472. package/external/libedhoc/externals/mbedtls/library/ssl_tls.c +0 -9577
  473. package/external/libedhoc/externals/mbedtls/library/ssl_tls12_client.c +0 -3607
  474. package/external/libedhoc/externals/mbedtls/library/ssl_tls12_server.c +0 -4403
  475. package/external/libedhoc/externals/mbedtls/library/ssl_tls13_client.c +0 -3046
  476. package/external/libedhoc/externals/mbedtls/library/ssl_tls13_generic.c +0 -1740
  477. package/external/libedhoc/externals/mbedtls/library/ssl_tls13_invasive.h +0 -23
  478. package/external/libedhoc/externals/mbedtls/library/ssl_tls13_keys.c +0 -1897
  479. package/external/libedhoc/externals/mbedtls/library/ssl_tls13_keys.h +0 -651
  480. package/external/libedhoc/externals/mbedtls/library/ssl_tls13_server.c +0 -3146
  481. package/external/libedhoc/externals/mbedtls/library/threading.c +0 -181
  482. package/external/libedhoc/externals/mbedtls/library/timing.c +0 -154
  483. package/external/libedhoc/externals/mbedtls/library/version.c +0 -32
  484. package/external/libedhoc/externals/mbedtls/library/version_features.c +0 -826
  485. package/external/libedhoc/externals/mbedtls/library/x509.c +0 -1776
  486. package/external/libedhoc/externals/mbedtls/library/x509_create.c +0 -557
  487. package/external/libedhoc/externals/mbedtls/library/x509_crl.c +0 -712
  488. package/external/libedhoc/externals/mbedtls/library/x509_crt.c +0 -3292
  489. package/external/libedhoc/externals/mbedtls/library/x509_csr.c +0 -574
  490. package/external/libedhoc/externals/mbedtls/library/x509write.c +0 -174
  491. package/external/libedhoc/externals/mbedtls/library/x509write_crt.c +0 -681
  492. package/external/libedhoc/externals/mbedtls/library/x509write_csr.c +0 -331
  493. package/external/libedhoc/externals/mbedtls/programs/aes/crypt_and_hash.c +0 -573
  494. package/external/libedhoc/externals/mbedtls/programs/cipher/cipher_aead_demo.c +0 -259
  495. package/external/libedhoc/externals/mbedtls/programs/fuzz/common.c +0 -105
  496. package/external/libedhoc/externals/mbedtls/programs/fuzz/common.h +0 -25
  497. package/external/libedhoc/externals/mbedtls/programs/fuzz/fuzz_client.c +0 -195
  498. package/external/libedhoc/externals/mbedtls/programs/fuzz/fuzz_dtlsclient.c +0 -138
  499. package/external/libedhoc/externals/mbedtls/programs/fuzz/fuzz_dtlsserver.c +0 -183
  500. package/external/libedhoc/externals/mbedtls/programs/fuzz/fuzz_pkcs7.c +0 -20
  501. package/external/libedhoc/externals/mbedtls/programs/fuzz/fuzz_privkey.c +0 -106
  502. package/external/libedhoc/externals/mbedtls/programs/fuzz/fuzz_pubkey.c +0 -86
  503. package/external/libedhoc/externals/mbedtls/programs/fuzz/fuzz_server.c +0 -218
  504. package/external/libedhoc/externals/mbedtls/programs/fuzz/fuzz_x509crl.c +0 -41
  505. package/external/libedhoc/externals/mbedtls/programs/fuzz/fuzz_x509crt.c +0 -41
  506. package/external/libedhoc/externals/mbedtls/programs/fuzz/fuzz_x509csr.c +0 -41
  507. package/external/libedhoc/externals/mbedtls/programs/fuzz/onefile.c +0 -69
  508. package/external/libedhoc/externals/mbedtls/programs/hash/generic_sum.c +0 -209
  509. package/external/libedhoc/externals/mbedtls/programs/hash/hello.c +0 -45
  510. package/external/libedhoc/externals/mbedtls/programs/hash/md_hmac_demo.c +0 -136
  511. package/external/libedhoc/externals/mbedtls/programs/pkey/dh_client.c +0 -274
  512. package/external/libedhoc/externals/mbedtls/programs/pkey/dh_genprime.c +0 -161
  513. package/external/libedhoc/externals/mbedtls/programs/pkey/dh_server.c +0 -296
  514. package/external/libedhoc/externals/mbedtls/programs/pkey/ecdh_curve25519.c +0 -189
  515. package/external/libedhoc/externals/mbedtls/programs/pkey/ecdsa.c +0 -217
  516. package/external/libedhoc/externals/mbedtls/programs/pkey/gen_key.c +0 -419
  517. package/external/libedhoc/externals/mbedtls/programs/pkey/key_app.c +0 -316
  518. package/external/libedhoc/externals/mbedtls/programs/pkey/key_app_writer.c +0 -435
  519. package/external/libedhoc/externals/mbedtls/programs/pkey/mpi_demo.c +0 -84
  520. package/external/libedhoc/externals/mbedtls/programs/pkey/pk_decrypt.c +0 -153
  521. package/external/libedhoc/externals/mbedtls/programs/pkey/pk_encrypt.c +0 -154
  522. package/external/libedhoc/externals/mbedtls/programs/pkey/pk_sign.c +0 -155
  523. package/external/libedhoc/externals/mbedtls/programs/pkey/pk_verify.c +0 -128
  524. package/external/libedhoc/externals/mbedtls/programs/pkey/rsa_decrypt.c +0 -172
  525. package/external/libedhoc/externals/mbedtls/programs/pkey/rsa_encrypt.c +0 -149
  526. package/external/libedhoc/externals/mbedtls/programs/pkey/rsa_genkey.c +0 -141
  527. package/external/libedhoc/externals/mbedtls/programs/pkey/rsa_sign.c +0 -155
  528. package/external/libedhoc/externals/mbedtls/programs/pkey/rsa_sign_pss.c +0 -161
  529. package/external/libedhoc/externals/mbedtls/programs/pkey/rsa_verify.c +0 -131
  530. package/external/libedhoc/externals/mbedtls/programs/pkey/rsa_verify_pss.c +0 -136
  531. package/external/libedhoc/externals/mbedtls/programs/psa/aead_demo.c +0 -281
  532. package/external/libedhoc/externals/mbedtls/programs/psa/crypto_examples.c +0 -321
  533. package/external/libedhoc/externals/mbedtls/programs/psa/hmac_demo.c +0 -159
  534. package/external/libedhoc/externals/mbedtls/programs/psa/key_ladder_demo.c +0 -691
  535. package/external/libedhoc/externals/mbedtls/programs/psa/psa_constant_names.c +0 -310
  536. package/external/libedhoc/externals/mbedtls/programs/psa/psa_constant_names_generated.c +0 -474
  537. package/external/libedhoc/externals/mbedtls/programs/random/gen_entropy.c +0 -75
  538. package/external/libedhoc/externals/mbedtls/programs/random/gen_random_ctr_drbg.c +0 -107
  539. package/external/libedhoc/externals/mbedtls/programs/ssl/dtls_client.c +0 -342
  540. package/external/libedhoc/externals/mbedtls/programs/ssl/dtls_server.c +0 -408
  541. package/external/libedhoc/externals/mbedtls/programs/ssl/mini_client.c +0 -274
  542. package/external/libedhoc/externals/mbedtls/programs/ssl/ssl_client1.c +0 -288
  543. package/external/libedhoc/externals/mbedtls/programs/ssl/ssl_client2.c +0 -3118
  544. package/external/libedhoc/externals/mbedtls/programs/ssl/ssl_context_info.c +0 -1009
  545. package/external/libedhoc/externals/mbedtls/programs/ssl/ssl_fork_server.c +0 -381
  546. package/external/libedhoc/externals/mbedtls/programs/ssl/ssl_mail_client.c +0 -804
  547. package/external/libedhoc/externals/mbedtls/programs/ssl/ssl_pthread_server.c +0 -489
  548. package/external/libedhoc/externals/mbedtls/programs/ssl/ssl_server.c +0 -362
  549. package/external/libedhoc/externals/mbedtls/programs/ssl/ssl_server2.c +0 -4268
  550. package/external/libedhoc/externals/mbedtls/programs/ssl/ssl_test_common_source.c +0 -375
  551. package/external/libedhoc/externals/mbedtls/programs/ssl/ssl_test_lib.c +0 -601
  552. package/external/libedhoc/externals/mbedtls/programs/ssl/ssl_test_lib.h +0 -306
  553. package/external/libedhoc/externals/mbedtls/programs/test/benchmark.c +0 -1284
  554. package/external/libedhoc/externals/mbedtls/programs/test/cmake_package/cmake_package.c +0 -27
  555. package/external/libedhoc/externals/mbedtls/programs/test/cmake_package_install/cmake_package_install.c +0 -28
  556. package/external/libedhoc/externals/mbedtls/programs/test/cmake_subproject/cmake_subproject.c +0 -28
  557. package/external/libedhoc/externals/mbedtls/programs/test/dlopen.c +0 -92
  558. package/external/libedhoc/externals/mbedtls/programs/test/query_compile_time_config.c +0 -66
  559. package/external/libedhoc/externals/mbedtls/programs/test/query_config.c +0 -5137
  560. package/external/libedhoc/externals/mbedtls/programs/test/query_config.h +0 -34
  561. package/external/libedhoc/externals/mbedtls/programs/test/query_included_headers.c +0 -29
  562. package/external/libedhoc/externals/mbedtls/programs/test/selftest.c +0 -583
  563. package/external/libedhoc/externals/mbedtls/programs/test/udp_proxy.c +0 -967
  564. package/external/libedhoc/externals/mbedtls/programs/test/zeroize.c +0 -72
  565. package/external/libedhoc/externals/mbedtls/programs/util/pem2der.c +0 -265
  566. package/external/libedhoc/externals/mbedtls/programs/util/strerror.c +0 -61
  567. package/external/libedhoc/externals/mbedtls/programs/wince_main.c +0 -31
  568. package/external/libedhoc/externals/mbedtls/programs/x509/cert_app.c +0 -456
  569. package/external/libedhoc/externals/mbedtls/programs/x509/cert_req.c +0 -509
  570. package/external/libedhoc/externals/mbedtls/programs/x509/cert_write.c +0 -1012
  571. package/external/libedhoc/externals/mbedtls/programs/x509/crl_app.c +0 -132
  572. package/external/libedhoc/externals/mbedtls/programs/x509/load_roots.c +0 -165
  573. package/external/libedhoc/externals/mbedtls/programs/x509/req_app.c +0 -132
  574. package/external/libedhoc/externals/mbedtls/tests/configs/tls13-only.h +0 -31
  575. package/external/libedhoc/externals/mbedtls/tests/configs/user-config-for-test.h +0 -89
  576. package/external/libedhoc/externals/mbedtls/tests/configs/user-config-malloc-0-null.h +0 -22
  577. package/external/libedhoc/externals/mbedtls/tests/configs/user-config-zeroize-memset.h +0 -17
  578. package/external/libedhoc/externals/mbedtls/tests/include/alt-dummy/aes_alt.h +0 -23
  579. package/external/libedhoc/externals/mbedtls/tests/include/alt-dummy/aria_alt.h +0 -16
  580. package/external/libedhoc/externals/mbedtls/tests/include/alt-dummy/camellia_alt.h +0 -16
  581. package/external/libedhoc/externals/mbedtls/tests/include/alt-dummy/ccm_alt.h +0 -16
  582. package/external/libedhoc/externals/mbedtls/tests/include/alt-dummy/chacha20_alt.h +0 -16
  583. package/external/libedhoc/externals/mbedtls/tests/include/alt-dummy/chachapoly_alt.h +0 -18
  584. package/external/libedhoc/externals/mbedtls/tests/include/alt-dummy/cmac_alt.h +0 -15
  585. package/external/libedhoc/externals/mbedtls/tests/include/alt-dummy/des_alt.h +0 -22
  586. package/external/libedhoc/externals/mbedtls/tests/include/alt-dummy/dhm_alt.h +0 -16
  587. package/external/libedhoc/externals/mbedtls/tests/include/alt-dummy/ecjpake_alt.h +0 -15
  588. package/external/libedhoc/externals/mbedtls/tests/include/alt-dummy/ecp_alt.h +0 -22
  589. package/external/libedhoc/externals/mbedtls/tests/include/alt-dummy/gcm_alt.h +0 -16
  590. package/external/libedhoc/externals/mbedtls/tests/include/alt-dummy/md5_alt.h +0 -16
  591. package/external/libedhoc/externals/mbedtls/tests/include/alt-dummy/nist_kw_alt.h +0 -15
  592. package/external/libedhoc/externals/mbedtls/tests/include/alt-dummy/platform_alt.h +0 -16
  593. package/external/libedhoc/externals/mbedtls/tests/include/alt-dummy/poly1305_alt.h +0 -16
  594. package/external/libedhoc/externals/mbedtls/tests/include/alt-dummy/ripemd160_alt.h +0 -16
  595. package/external/libedhoc/externals/mbedtls/tests/include/alt-dummy/rsa_alt.h +0 -16
  596. package/external/libedhoc/externals/mbedtls/tests/include/alt-dummy/sha1_alt.h +0 -16
  597. package/external/libedhoc/externals/mbedtls/tests/include/alt-dummy/sha256_alt.h +0 -16
  598. package/external/libedhoc/externals/mbedtls/tests/include/alt-dummy/sha512_alt.h +0 -16
  599. package/external/libedhoc/externals/mbedtls/tests/include/alt-dummy/threading_alt.h +0 -14
  600. package/external/libedhoc/externals/mbedtls/tests/include/alt-dummy/timing_alt.h +0 -19
  601. package/external/libedhoc/externals/mbedtls/tests/include/alt-extra/psa/crypto.h +0 -7
  602. package/external/libedhoc/externals/mbedtls/tests/include/baremetal-override/time.h +0 -6
  603. package/external/libedhoc/externals/mbedtls/tests/include/spe/crypto_spe.h +0 -131
  604. package/external/libedhoc/externals/mbedtls/tests/include/test/arguments.h +0 -26
  605. package/external/libedhoc/externals/mbedtls/tests/include/test/asn1_helpers.h +0 -38
  606. package/external/libedhoc/externals/mbedtls/tests/include/test/bignum_helpers.h +0 -106
  607. package/external/libedhoc/externals/mbedtls/tests/include/test/certs.h +0 -234
  608. package/external/libedhoc/externals/mbedtls/tests/include/test/constant_flow.h +0 -71
  609. package/external/libedhoc/externals/mbedtls/tests/include/test/drivers/aead.h +0 -121
  610. package/external/libedhoc/externals/mbedtls/tests/include/test/drivers/asymmetric_encryption.h +0 -67
  611. package/external/libedhoc/externals/mbedtls/tests/include/test/drivers/cipher.h +0 -130
  612. package/external/libedhoc/externals/mbedtls/tests/include/test/drivers/config_test_driver.h +0 -44
  613. package/external/libedhoc/externals/mbedtls/tests/include/test/drivers/crypto_config_test_driver_extension.h +0 -430
  614. package/external/libedhoc/externals/mbedtls/tests/include/test/drivers/hash.h +0 -64
  615. package/external/libedhoc/externals/mbedtls/tests/include/test/drivers/key_agreement.h +0 -62
  616. package/external/libedhoc/externals/mbedtls/tests/include/test/drivers/key_management.h +0 -123
  617. package/external/libedhoc/externals/mbedtls/tests/include/test/drivers/mac.h +0 -125
  618. package/external/libedhoc/externals/mbedtls/tests/include/test/drivers/pake.h +0 -75
  619. package/external/libedhoc/externals/mbedtls/tests/include/test/drivers/signature.h +0 -112
  620. package/external/libedhoc/externals/mbedtls/tests/include/test/drivers/test_driver.h +0 -32
  621. package/external/libedhoc/externals/mbedtls/tests/include/test/fake_external_rng_for_test.h +0 -40
  622. package/external/libedhoc/externals/mbedtls/tests/include/test/helpers.h +0 -268
  623. package/external/libedhoc/externals/mbedtls/tests/include/test/macros.h +0 -250
  624. package/external/libedhoc/externals/mbedtls/tests/include/test/psa_crypto_helpers.h +0 -398
  625. package/external/libedhoc/externals/mbedtls/tests/include/test/psa_exercise_key.h +0 -223
  626. package/external/libedhoc/externals/mbedtls/tests/include/test/psa_helpers.h +0 -24
  627. package/external/libedhoc/externals/mbedtls/tests/include/test/random.h +0 -91
  628. package/external/libedhoc/externals/mbedtls/tests/include/test/ssl_helpers.h +0 -628
  629. package/external/libedhoc/externals/mbedtls/tests/src/asn1_helpers.c +0 -62
  630. package/external/libedhoc/externals/mbedtls/tests/src/bignum_helpers.c +0 -145
  631. package/external/libedhoc/externals/mbedtls/tests/src/certs.c +0 -480
  632. package/external/libedhoc/externals/mbedtls/tests/src/drivers/hash.c +0 -199
  633. package/external/libedhoc/externals/mbedtls/tests/src/drivers/platform_builtin_keys.c +0 -78
  634. package/external/libedhoc/externals/mbedtls/tests/src/drivers/test_driver_aead.c +0 -462
  635. package/external/libedhoc/externals/mbedtls/tests/src/drivers/test_driver_asymmetric_encryption.c +0 -151
  636. package/external/libedhoc/externals/mbedtls/tests/src/drivers/test_driver_cipher.c +0 -424
  637. package/external/libedhoc/externals/mbedtls/tests/src/drivers/test_driver_key_agreement.c +0 -147
  638. package/external/libedhoc/externals/mbedtls/tests/src/drivers/test_driver_key_management.c +0 -783
  639. package/external/libedhoc/externals/mbedtls/tests/src/drivers/test_driver_mac.c +0 -422
  640. package/external/libedhoc/externals/mbedtls/tests/src/drivers/test_driver_pake.c +0 -202
  641. package/external/libedhoc/externals/mbedtls/tests/src/drivers/test_driver_signature.c +0 -405
  642. package/external/libedhoc/externals/mbedtls/tests/src/fake_external_rng_for_test.c +0 -45
  643. package/external/libedhoc/externals/mbedtls/tests/src/helpers.c +0 -353
  644. package/external/libedhoc/externals/mbedtls/tests/src/psa_crypto_helpers.c +0 -196
  645. package/external/libedhoc/externals/mbedtls/tests/src/psa_exercise_key.c +0 -989
  646. package/external/libedhoc/externals/mbedtls/tests/src/random.c +0 -136
  647. package/external/libedhoc/externals/mbedtls/tests/src/test_certs.h +0 -1226
  648. package/external/libedhoc/externals/mbedtls/tests/src/test_helpers/ssl_helpers.c +0 -2292
  649. package/external/libedhoc/externals/mbedtls/tests/src/threading_helpers.c +0 -210
  650. package/external/libedhoc/externals/zcbor/include/zcbor_common.h +0 -509
  651. package/external/libedhoc/externals/zcbor/include/zcbor_decode.h +0 -447
  652. package/external/libedhoc/externals/zcbor/include/zcbor_encode.h +0 -240
  653. package/external/libedhoc/externals/zcbor/include/zcbor_print.h +0 -165
  654. package/external/libedhoc/externals/zcbor/include/zcbor_tags.h +0 -94
  655. package/external/libedhoc/externals/zcbor/samples/hello_world/src/main.c +0 -41
  656. package/external/libedhoc/externals/zcbor/samples/pet/include/pet_decode.h +0 -39
  657. package/external/libedhoc/externals/zcbor/samples/pet/include/pet_encode.h +0 -39
  658. package/external/libedhoc/externals/zcbor/samples/pet/include/pet_types.h +0 -47
  659. package/external/libedhoc/externals/zcbor/samples/pet/src/main.c +0 -128
  660. package/external/libedhoc/externals/zcbor/samples/pet/src/pet_decode.c +0 -60
  661. package/external/libedhoc/externals/zcbor/samples/pet/src/pet_encode.c +0 -61
  662. package/external/libedhoc/externals/zcbor/src/zcbor_common.c +0 -430
  663. package/external/libedhoc/externals/zcbor/src/zcbor_decode.c +0 -1567
  664. package/external/libedhoc/externals/zcbor/src/zcbor_encode.c +0 -609
  665. package/external/libedhoc/externals/zcbor/tests/decode/test1_suit_old_formats/src/main.c +0 -367
  666. package/external/libedhoc/externals/zcbor/tests/decode/test2_suit/src/main.c +0 -189
  667. package/external/libedhoc/externals/zcbor/tests/decode/test3_simple/src/main.c +0 -528
  668. package/external/libedhoc/externals/zcbor/tests/decode/test5_corner_cases/src/main.c +0 -2154
  669. package/external/libedhoc/externals/zcbor/tests/decode/test7_suit9_simple/src/main.c +0 -134
  670. package/external/libedhoc/externals/zcbor/tests/decode/test8_suit12/src/main.c +0 -862
  671. package/external/libedhoc/externals/zcbor/tests/decode/test9_manifest14/src/main.c +0 -363
  672. package/external/libedhoc/externals/zcbor/tests/encode/test1_suit/src/main.c +0 -453
  673. package/external/libedhoc/externals/zcbor/tests/encode/test2_simple/src/main.c +0 -122
  674. package/external/libedhoc/externals/zcbor/tests/encode/test3_corner_cases/src/main.c +0 -1554
  675. package/external/libedhoc/externals/zcbor/tests/encode/test4_senml/src/main.c +0 -65
  676. package/external/libedhoc/externals/zcbor/tests/fuzz/fuzz_everything.c +0 -12
  677. package/external/libedhoc/externals/zcbor/tests/fuzz/fuzz_manifest12.c +0 -136
  678. package/external/libedhoc/externals/zcbor/tests/fuzz/fuzz_pet.c +0 -12
  679. package/external/libedhoc/externals/zcbor/tests/fuzz/main_entry.c +0 -60
  680. package/external/libedhoc/externals/zcbor/tests/fuzz/main_entry.h +0 -5
  681. package/external/libedhoc/externals/zcbor/tests/unit/test1_unit_tests/src/main.c +0 -1437
  682. package/external/libedhoc/externals/zcbor/tests/unit/test3_float16/src/main.c +0 -203
  683. package/external/libedhoc/include/edhoc.h +0 -687
  684. package/external/libedhoc/include/edhoc_common.h +0 -289
  685. package/external/libedhoc/include/edhoc_context.h +0 -343
  686. package/external/libedhoc/include/edhoc_credentials.h +0 -265
  687. package/external/libedhoc/include/edhoc_crypto.h +0 -331
  688. package/external/libedhoc/include/edhoc_ead.h +0 -102
  689. package/external/libedhoc/include/edhoc_macros.h +0 -60
  690. package/external/libedhoc/include/edhoc_values.h +0 -181
  691. package/external/libedhoc/library/edhoc.c +0 -253
  692. package/external/libedhoc/library/edhoc_common.c +0 -1314
  693. package/external/libedhoc/library/edhoc_exporter.c +0 -542
  694. package/external/libedhoc/library/edhoc_message_1.c +0 -474
  695. package/external/libedhoc/library/edhoc_message_2.c +0 -1697
  696. package/external/libedhoc/library/edhoc_message_3.c +0 -1467
  697. package/external/libedhoc/library/edhoc_message_4.c +0 -828
  698. package/external/libedhoc/library/edhoc_message_error.c +0 -238
  699. package/external/libedhoc/tests/include/cipher_suite_0.h +0 -131
  700. package/external/libedhoc/tests/include/cipher_suite_2.h +0 -139
  701. package/external/libedhoc/tests/include/test_vector_rfc9529_chapter_2.h +0 -786
  702. package/external/libedhoc/tests/include/test_vector_rfc9529_chapter_3.h +0 -529
  703. package/external/libedhoc/tests/include/test_vector_x5chain_sign_keys_suite_0.h +0 -137
  704. package/external/libedhoc/tests/include/test_vector_x5chain_sign_keys_suite_2.h +0 -168
  705. package/external/libedhoc/tests/include/test_vector_x5chain_static_dh_keys_suite_2.h +0 -162
  706. package/external/libedhoc/tests/include/test_vector_x5t_sign_keys_suite_2.h +0 -180
  707. package/external/libedhoc/tests/src/cipher_suite_0.c +0 -445
  708. package/external/libedhoc/tests/src/cipher_suite_2.c +0 -600
  709. package/external/libedhoc/tests/src/module_test_api.c +0 -430
  710. package/external/libedhoc/tests/src/module_test_cipher_suite_0.c +0 -395
  711. package/external/libedhoc/tests/src/module_test_cipher_suite_2.c +0 -392
  712. package/external/libedhoc/tests/src/module_test_error_message.c +0 -251
  713. package/external/libedhoc/tests/src/module_test_main.c +0 -49
  714. package/external/libedhoc/tests/src/module_test_rfc9528_suites_negotiation.c +0 -541
  715. package/external/libedhoc/tests/src/module_test_rfc9529_chapter_2.c +0 -2681
  716. package/external/libedhoc/tests/src/module_test_rfc9529_chapter_3.c +0 -1635
  717. package/external/libedhoc/tests/src/module_test_x5chain_sign_keys_suite_0.c +0 -1135
  718. package/external/libedhoc/tests/src/module_test_x5chain_sign_keys_suite_2.c +0 -1249
  719. package/external/libedhoc/tests/src/module_test_x5chain_static_dh_keys_suite_2.c +0 -798
  720. package/external/libedhoc/tests/src/module_test_x5t_sign_keys_suite_2.c +0 -956
  721. package/include/Binding.h +0 -359
  722. package/include/EdhocComposeAsyncWorker.h +0 -49
  723. package/include/EdhocCredentialManager.h +0 -106
  724. package/include/EdhocCryptoManager.h +0 -495
  725. package/include/EdhocEadManager.h +0 -147
  726. package/include/EdhocExportOscoreAsyncWorker.h +0 -57
  727. package/include/EdhocKeyExporterAsyncWorker.h +0 -56
  728. package/include/EdhocKeyUpdateAsyncWorker.h +0 -55
  729. package/include/EdhocProcessAsyncWorker.h +0 -55
  730. package/include/RunningContext.h +0 -102
  731. package/include/Suites.h +0 -27
  732. package/include/Utils.h +0 -71
  733. package/patches/prebuildify-cross+5.1.0.dev.patch +0 -26
  734. package/patches/prebuildify-cross+5.1.1.dev.patch +0 -26
  735. package/prebuilds/android-arm/edhoc.armv7.node +0 -0
  736. package/prebuilds/android-arm64/edhoc.armv8.node +0 -0
  737. package/prebuilds/darwin-arm64/edhoc.node +0 -0
  738. package/prebuilds/darwin-x64/edhoc.node +0 -0
  739. package/prebuilds/linux-arm/edhoc.armv6.node +0 -0
  740. package/prebuilds/linux-arm/edhoc.armv7.node +0 -0
  741. package/prebuilds/linux-arm64/edhoc.armv8.node +0 -0
  742. package/prebuilds/linux-x64/edhoc.glibc.node +0 -0
  743. package/prebuilds/linux-x64/edhoc.musl.node +0 -0
  744. package/prebuilds/win32-ia32/edhoc.node +0 -0
  745. package/prebuilds/win32-x64/edhoc.node +0 -0
  746. package/src/Binding.cpp +0 -446
  747. package/src/EdhocComposeAsyncWorker.cpp +0 -60
  748. package/src/EdhocCredentialManager.cpp +0 -425
  749. package/src/EdhocCryptoManager.cpp +0 -593
  750. package/src/EdhocEadManager.cpp +0 -148
  751. package/src/EdhocExportOscoreAsyncWorker.cpp +0 -67
  752. package/src/EdhocKeyExporterAsyncWorker.cpp +0 -39
  753. package/src/EdhocKeyUpdateAsyncWorker.cpp +0 -31
  754. package/src/EdhocProcessAsyncWorker.cpp +0 -120
  755. package/src/RunningContext.cpp +0 -95
  756. package/src/Suites.cpp +0 -120
  757. package/src/Utils.cpp +0 -54
  758. package/test/basic.test.ts +0 -127
  759. package/test/vectors.test.ts +0 -111
package/external/libedhoc/externals/mbedtls/library/rsa.c DELETED
@@ -1,2640 +0,0 @@
1
- /*
2
- * The RSA public-key cryptosystem
3
- *
4
- * Copyright The Mbed TLS Contributors
5
- * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
6
- */
7
-
8
- /*
9
- * The following sources were referenced in the design of this implementation
10
- * of the RSA algorithm:
11
- *
12
- * [1] A method for obtaining digital signatures and public-key cryptosystems
13
- * R Rivest, A Shamir, and L Adleman
14
- * http://people.csail.mit.edu/rivest/pubs.html#RSA78
15
- *
16
- * [2] Handbook of Applied Cryptography - 1997, Chapter 8
17
- * Menezes, van Oorschot and Vanstone
18
- *
19
- * [3] Malware Guard Extension: Using SGX to Conceal Cache Attacks
20
- * Michael Schwarz, Samuel Weiser, Daniel Gruss, Clémentine Maurice and
21
- * Stefan Mangard
22
- * https://arxiv.org/abs/1702.08719v2
23
- *
24
- */
25
-
26
- #include "common.h"
27
-
28
- #if defined(MBEDTLS_RSA_C)
29
-
30
- #include "mbedtls/rsa.h"
31
- #include "rsa_alt_helpers.h"
32
- #include "mbedtls/oid.h"
33
- #include "mbedtls/platform_util.h"
34
- #include "mbedtls/error.h"
35
- #include "constant_time_internal.h"
36
- #include "mbedtls/constant_time.h"
37
- #include "md_psa.h"
38
-
39
- #include <string.h>
40
-
41
- #if defined(MBEDTLS_PKCS1_V15) && !defined(__OpenBSD__) && !defined(__NetBSD__)
42
- #include <stdlib.h>
43
- #endif
44
-
45
- #include "mbedtls/platform.h"
46
-
47
-
48
- #if defined(MBEDTLS_PKCS1_V15) && defined(MBEDTLS_RSA_C) && !defined(MBEDTLS_RSA_ALT)
49
-
50
- /** This function performs the unpadding part of a PKCS#1 v1.5 decryption
51
- * operation (EME-PKCS1-v1_5 decoding).
52
- *
53
- * \note The return value from this function is a sensitive value
54
- * (this is unusual). #MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE shouldn't happen
55
- * in a well-written application, but 0 vs #MBEDTLS_ERR_RSA_INVALID_PADDING
56
- * is often a situation that an attacker can provoke and leaking which
57
- * one is the result is precisely the information the attacker wants.
58
- *
59
- * \param input The input buffer which is the payload inside PKCS#1v1.5
60
- * encryption padding, called the "encoded message EM"
61
- * by the terminology.
62
- * \param ilen The length of the payload in the \p input buffer.
63
- * \param output The buffer for the payload, called "message M" by the
64
- * PKCS#1 terminology. This must be a writable buffer of
65
- * length \p output_max_len bytes.
66
- * \param olen The address at which to store the length of
67
- * the payload. This must not be \c NULL.
68
- * \param output_max_len The length in bytes of the output buffer \p output.
69
- *
70
- * \return \c 0 on success.
71
- * \return #MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE
72
- * The output buffer is too small for the unpadded payload.
73
- * \return #MBEDTLS_ERR_RSA_INVALID_PADDING
74
- * The input doesn't contain properly formatted padding.
75
- */
76
- static int mbedtls_ct_rsaes_pkcs1_v15_unpadding(unsigned char *input,
77
- size_t ilen,
78
- unsigned char *output,
79
- size_t output_max_len,
80
- size_t *olen)
81
- {
82
- int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
83
- size_t i, plaintext_max_size;
84
-
85
- /* The following variables take sensitive values: their value must
86
- * not leak into the observable behavior of the function other than
87
- * the designated outputs (output, olen, return value). Otherwise
88
- * this would open the execution of the function to
89
- * side-channel-based variants of the Bleichenbacher padding oracle
90
- * attack. Potential side channels include overall timing, memory
91
- * access patterns (especially visible to an adversary who has access
92
- * to a shared memory cache), and branches (especially visible to
93
- * an adversary who has access to a shared code cache or to a shared
94
- * branch predictor). */
95
- size_t pad_count = 0;
96
- mbedtls_ct_condition_t bad;
97
- mbedtls_ct_condition_t pad_done;
98
- size_t plaintext_size = 0;
99
- mbedtls_ct_condition_t output_too_large;
100
-
101
- plaintext_max_size = (output_max_len > ilen - 11) ? ilen - 11
102
- : output_max_len;
103
-
104
- /* Check and get padding length in constant time and constant
105
- * memory trace. The first byte must be 0. */
106
- bad = mbedtls_ct_bool(input[0]);
107
-
108
-
109
- /* Decode EME-PKCS1-v1_5 padding: 0x00 || 0x02 || PS || 0x00
110
- * where PS must be at least 8 nonzero bytes. */
111
- bad = mbedtls_ct_bool_or(bad, mbedtls_ct_uint_ne(input[1], MBEDTLS_RSA_CRYPT));
112
-
113
- /* Read the whole buffer. Set pad_done to nonzero if we find
114
- * the 0x00 byte and remember the padding length in pad_count. */
115
- pad_done = MBEDTLS_CT_FALSE;
116
- for (i = 2; i < ilen; i++) {
117
- mbedtls_ct_condition_t found = mbedtls_ct_uint_eq(input[i], 0);
118
- pad_done = mbedtls_ct_bool_or(pad_done, found);
119
- pad_count += mbedtls_ct_uint_if_else_0(mbedtls_ct_bool_not(pad_done), 1);
120
- }
121
-
122
- /* If pad_done is still zero, there's no data, only unfinished padding. */
123
- bad = mbedtls_ct_bool_or(bad, mbedtls_ct_bool_not(pad_done));
124
-
125
- /* There must be at least 8 bytes of padding. */
126
- bad = mbedtls_ct_bool_or(bad, mbedtls_ct_uint_gt(8, pad_count));
127
-
128
- /* If the padding is valid, set plaintext_size to the number of
129
- * remaining bytes after stripping the padding. If the padding
130
- * is invalid, avoid leaking this fact through the size of the
131
- * output: use the maximum message size that fits in the output
132
- * buffer. Do it without branches to avoid leaking the padding
133
- * validity through timing. RSA keys are small enough that all the
134
- * size_t values involved fit in unsigned int. */
135
- plaintext_size = mbedtls_ct_uint_if(
136
- bad, (unsigned) plaintext_max_size,
137
- (unsigned) (ilen - pad_count - 3));
138
-
139
- /* Set output_too_large to 0 if the plaintext fits in the output
140
- * buffer and to 1 otherwise. */
141
- output_too_large = mbedtls_ct_uint_gt(plaintext_size,
142
- plaintext_max_size);
143
-
144
- /* Set ret without branches to avoid timing attacks. Return:
145
- * - INVALID_PADDING if the padding is bad (bad != 0).
146
- * - OUTPUT_TOO_LARGE if the padding is good but the decrypted
147
- * plaintext does not fit in the output buffer.
148
- * - 0 if the padding is correct. */
149
- ret = mbedtls_ct_error_if(
150
- bad,
151
- MBEDTLS_ERR_RSA_INVALID_PADDING,
152
- mbedtls_ct_error_if_else_0(output_too_large, MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE)
153
- );
154
-
155
- /* If the padding is bad or the plaintext is too large, zero the
156
- * data that we're about to copy to the output buffer.
157
- * We need to copy the same amount of data
158
- * from the same buffer whether the padding is good or not to
159
- * avoid leaking the padding validity through overall timing or
160
- * through memory or cache access patterns. */
161
- mbedtls_ct_zeroize_if(mbedtls_ct_bool_or(bad, output_too_large), input + 11, ilen - 11);
162
-
163
- /* If the plaintext is too large, truncate it to the buffer size.
164
- * Copy anyway to avoid revealing the length through timing, because
165
- * revealing the length is as bad as revealing the padding validity
166
- * for a Bleichenbacher attack. */
167
- plaintext_size = mbedtls_ct_uint_if(output_too_large,
168
- (unsigned) plaintext_max_size,
169
- (unsigned) plaintext_size);
170
-
171
- /* Move the plaintext to the leftmost position where it can start in
172
- * the working buffer, i.e. make it start plaintext_max_size from
173
- * the end of the buffer. Do this with a memory access trace that
174
- * does not depend on the plaintext size. After this move, the
175
- * starting location of the plaintext is no longer sensitive
176
- * information. */
177
- mbedtls_ct_memmove_left(input + ilen - plaintext_max_size,
178
- plaintext_max_size,
179
- plaintext_max_size - plaintext_size);
180
-
181
- /* Finally copy the decrypted plaintext plus trailing zeros into the output
182
- * buffer. If output_max_len is 0, then output may be an invalid pointer
183
- * and the result of memcpy() would be undefined; prevent undefined
184
- * behavior making sure to depend only on output_max_len (the size of the
185
- * user-provided output buffer), which is independent from plaintext
186
- * length, validity of padding, success of the decryption, and other
187
- * secrets. */
188
- if (output_max_len != 0) {
189
- memcpy(output, input + ilen - plaintext_max_size, plaintext_max_size);
190
- }
191
-
192
- /* Report the amount of data we copied to the output buffer. In case
193
- * of errors (bad padding or output too large), the value of *olen
194
- * when this function returns is not specified. Making it equivalent
195
- * to the good case limits the risks of leaking the padding validity. */
196
- *olen = plaintext_size;
197
-
198
- return ret;
199
- }
200
-
201
- #endif /* MBEDTLS_PKCS1_V15 && MBEDTLS_RSA_C && ! MBEDTLS_RSA_ALT */
202
-
203
- #if !defined(MBEDTLS_RSA_ALT)
204
-
205
- int mbedtls_rsa_import(mbedtls_rsa_context *ctx,
206
- const mbedtls_mpi *N,
207
- const mbedtls_mpi *P, const mbedtls_mpi *Q,
208
- const mbedtls_mpi *D, const mbedtls_mpi *E)
209
- {
210
- int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
211
-
212
- if ((N != NULL && (ret = mbedtls_mpi_copy(&ctx->N, N)) != 0) ||
213
- (P != NULL && (ret = mbedtls_mpi_copy(&ctx->P, P)) != 0) ||
214
- (Q != NULL && (ret = mbedtls_mpi_copy(&ctx->Q, Q)) != 0) ||
215
- (D != NULL && (ret = mbedtls_mpi_copy(&ctx->D, D)) != 0) ||
216
- (E != NULL && (ret = mbedtls_mpi_copy(&ctx->E, E)) != 0)) {
217
- return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_RSA_BAD_INPUT_DATA, ret);
218
- }
219
-
220
- if (N != NULL) {
221
- ctx->len = mbedtls_mpi_size(&ctx->N);
222
- }
223
-
224
- return 0;
225
- }
226
-
227
- int mbedtls_rsa_import_raw(mbedtls_rsa_context *ctx,
228
- unsigned char const *N, size_t N_len,
229
- unsigned char const *P, size_t P_len,
230
- unsigned char const *Q, size_t Q_len,
231
- unsigned char const *D, size_t D_len,
232
- unsigned char const *E, size_t E_len)
233
- {
234
- int ret = 0;
235
-
236
- if (N != NULL) {
237
- MBEDTLS_MPI_CHK(mbedtls_mpi_read_binary(&ctx->N, N, N_len));
238
- ctx->len = mbedtls_mpi_size(&ctx->N);
239
- }
240
-
241
- if (P != NULL) {
242
- MBEDTLS_MPI_CHK(mbedtls_mpi_read_binary(&ctx->P, P, P_len));
243
- }
244
-
245
- if (Q != NULL) {
246
- MBEDTLS_MPI_CHK(mbedtls_mpi_read_binary(&ctx->Q, Q, Q_len));
247
- }
248
-
249
- if (D != NULL) {
250
- MBEDTLS_MPI_CHK(mbedtls_mpi_read_binary(&ctx->D, D, D_len));
251
- }
252
-
253
- if (E != NULL) {
254
- MBEDTLS_MPI_CHK(mbedtls_mpi_read_binary(&ctx->E, E, E_len));
255
- }
256
-
257
- cleanup:
258
-
259
- if (ret != 0) {
260
- return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_RSA_BAD_INPUT_DATA, ret);
261
- }
262
-
263
- return 0;
264
- }
265
-
266
- /*
267
- * Checks whether the context fields are set in such a way
268
- * that the RSA primitives will be able to execute without error.
269
- * It does *not* make guarantees for consistency of the parameters.
270
- */
271
- static int rsa_check_context(mbedtls_rsa_context const *ctx, int is_priv,
272
- int blinding_needed)
273
- {
274
- #if !defined(MBEDTLS_RSA_NO_CRT)
275
- /* blinding_needed is only used for NO_CRT to decide whether
276
- * P,Q need to be present or not. */
277
- ((void) blinding_needed);
278
- #endif
279
-
280
- if (ctx->len != mbedtls_mpi_size(&ctx->N) ||
281
- ctx->len > MBEDTLS_MPI_MAX_SIZE) {
282
- return MBEDTLS_ERR_RSA_BAD_INPUT_DATA;
283
- }
284
-
285
- /*
286
- * 1. Modular exponentiation needs positive, odd moduli.
287
- */
288
-
289
- /* Modular exponentiation wrt. N is always used for
290
- * RSA public key operations. */
291
- if (mbedtls_mpi_cmp_int(&ctx->N, 0) <= 0 ||
292
- mbedtls_mpi_get_bit(&ctx->N, 0) == 0) {
293
- return MBEDTLS_ERR_RSA_BAD_INPUT_DATA;
294
- }
295
-
296
- #if !defined(MBEDTLS_RSA_NO_CRT)
297
- /* Modular exponentiation for P and Q is only
298
- * used for private key operations and if CRT
299
- * is used. */
300
- if (is_priv &&
301
- (mbedtls_mpi_cmp_int(&ctx->P, 0) <= 0 ||
302
- mbedtls_mpi_get_bit(&ctx->P, 0) == 0 ||
303
- mbedtls_mpi_cmp_int(&ctx->Q, 0) <= 0 ||
304
- mbedtls_mpi_get_bit(&ctx->Q, 0) == 0)) {
305
- return MBEDTLS_ERR_RSA_BAD_INPUT_DATA;
306
- }
307
- #endif /* !MBEDTLS_RSA_NO_CRT */
308
-
309
- /*
310
- * 2. Exponents must be positive
311
- */
312
-
313
- /* Always need E for public key operations */
314
- if (mbedtls_mpi_cmp_int(&ctx->E, 0) <= 0) {
315
- return MBEDTLS_ERR_RSA_BAD_INPUT_DATA;
316
- }
317
-
318
- #if defined(MBEDTLS_RSA_NO_CRT)
319
- /* For private key operations, use D or DP & DQ
320
- * as (unblinded) exponents. */
321
- if (is_priv && mbedtls_mpi_cmp_int(&ctx->D, 0) <= 0) {
322
- return MBEDTLS_ERR_RSA_BAD_INPUT_DATA;
323
- }
324
- #else
325
- if (is_priv &&
326
- (mbedtls_mpi_cmp_int(&ctx->DP, 0) <= 0 ||
327
- mbedtls_mpi_cmp_int(&ctx->DQ, 0) <= 0)) {
328
- return MBEDTLS_ERR_RSA_BAD_INPUT_DATA;
329
- }
330
- #endif /* MBEDTLS_RSA_NO_CRT */
331
-
332
- /* Blinding shouldn't make exponents negative either,
333
- * so check that P, Q >= 1 if that hasn't yet been
334
- * done as part of 1. */
335
- #if defined(MBEDTLS_RSA_NO_CRT)
336
- if (is_priv && blinding_needed &&
337
- (mbedtls_mpi_cmp_int(&ctx->P, 0) <= 0 ||
338
- mbedtls_mpi_cmp_int(&ctx->Q, 0) <= 0)) {
339
- return MBEDTLS_ERR_RSA_BAD_INPUT_DATA;
340
- }
341
- #endif
342
-
343
- /* It wouldn't lead to an error if it wasn't satisfied,
344
- * but check for QP >= 1 nonetheless. */
345
- #if !defined(MBEDTLS_RSA_NO_CRT)
346
- if (is_priv &&
347
- mbedtls_mpi_cmp_int(&ctx->QP, 0) <= 0) {
348
- return MBEDTLS_ERR_RSA_BAD_INPUT_DATA;
349
- }
350
- #endif
351
-
352
- return 0;
353
- }
354
-
355
- int mbedtls_rsa_complete(mbedtls_rsa_context *ctx)
356
- {
357
- int ret = 0;
358
- int have_N, have_P, have_Q, have_D, have_E;
359
- #if !defined(MBEDTLS_RSA_NO_CRT)
360
- int have_DP, have_DQ, have_QP;
361
- #endif
362
- int n_missing, pq_missing, d_missing, is_pub, is_priv;
363
-
364
- have_N = (mbedtls_mpi_cmp_int(&ctx->N, 0) != 0);
365
- have_P = (mbedtls_mpi_cmp_int(&ctx->P, 0) != 0);
366
- have_Q = (mbedtls_mpi_cmp_int(&ctx->Q, 0) != 0);
367
- have_D = (mbedtls_mpi_cmp_int(&ctx->D, 0) != 0);
368
- have_E = (mbedtls_mpi_cmp_int(&ctx->E, 0) != 0);
369
-
370
- #if !defined(MBEDTLS_RSA_NO_CRT)
371
- have_DP = (mbedtls_mpi_cmp_int(&ctx->DP, 0) != 0);
372
- have_DQ = (mbedtls_mpi_cmp_int(&ctx->DQ, 0) != 0);
373
- have_QP = (mbedtls_mpi_cmp_int(&ctx->QP, 0) != 0);
374
- #endif
375
-
376
- /*
377
- * Check whether provided parameters are enough
378
- * to deduce all others. The following incomplete
379
- * parameter sets for private keys are supported:
380
- *
381
- * (1) P, Q missing.
382
- * (2) D and potentially N missing.
383
- *
384
- */
385
-
386
- n_missing = have_P && have_Q && have_D && have_E;
387
- pq_missing = have_N && !have_P && !have_Q && have_D && have_E;
388
- d_missing = have_P && have_Q && !have_D && have_E;
389
- is_pub = have_N && !have_P && !have_Q && !have_D && have_E;
390
-
391
- /* These three alternatives are mutually exclusive */
392
- is_priv = n_missing || pq_missing || d_missing;
393
-
394
- if (!is_priv && !is_pub) {
395
- return MBEDTLS_ERR_RSA_BAD_INPUT_DATA;
396
- }
397
-
398
- /*
399
- * Step 1: Deduce N if P, Q are provided.
400
- */
401
-
402
- if (!have_N && have_P && have_Q) {
403
- if ((ret = mbedtls_mpi_mul_mpi(&ctx->N, &ctx->P,
404
- &ctx->Q)) != 0) {
405
- return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_RSA_BAD_INPUT_DATA, ret);
406
- }
407
-
408
- ctx->len = mbedtls_mpi_size(&ctx->N);
409
- }
410
-
411
- /*
412
- * Step 2: Deduce and verify all remaining core parameters.
413
- */
414
-
415
- if (pq_missing) {
416
- ret = mbedtls_rsa_deduce_primes(&ctx->N, &ctx->E, &ctx->D,
417
- &ctx->P, &ctx->Q);
418
- if (ret != 0) {
419
- return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_RSA_BAD_INPUT_DATA, ret);
420
- }
421
-
422
- } else if (d_missing) {
423
- if ((ret = mbedtls_rsa_deduce_private_exponent(&ctx->P,
424
- &ctx->Q,
425
- &ctx->E,
426
- &ctx->D)) != 0) {
427
- return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_RSA_BAD_INPUT_DATA, ret);
428
- }
429
- }
430
-
431
- /*
432
- * Step 3: Deduce all additional parameters specific
433
- * to our current RSA implementation.
434
- */
435
-
436
- #if !defined(MBEDTLS_RSA_NO_CRT)
437
- if (is_priv && !(have_DP && have_DQ && have_QP)) {
438
- ret = mbedtls_rsa_deduce_crt(&ctx->P, &ctx->Q, &ctx->D,
439
- &ctx->DP, &ctx->DQ, &ctx->QP);
440
- if (ret != 0) {
441
- return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_RSA_BAD_INPUT_DATA, ret);
442
- }
443
- }
444
- #endif /* MBEDTLS_RSA_NO_CRT */
445
-
446
- /*
447
- * Step 3: Basic sanity checks
448
- */
449
-
450
- return rsa_check_context(ctx, is_priv, 1);
451
- }
452
-
453
- int mbedtls_rsa_export_raw(const mbedtls_rsa_context *ctx,
454
- unsigned char *N, size_t N_len,
455
- unsigned char *P, size_t P_len,
456
- unsigned char *Q, size_t Q_len,
457
- unsigned char *D, size_t D_len,
458
- unsigned char *E, size_t E_len)
459
- {
460
- int ret = 0;
461
- int is_priv;
462
-
463
- /* Check if key is private or public */
464
- is_priv =
465
- mbedtls_mpi_cmp_int(&ctx->N, 0) != 0 &&
466
- mbedtls_mpi_cmp_int(&ctx->P, 0) != 0 &&
467
- mbedtls_mpi_cmp_int(&ctx->Q, 0) != 0 &&
468
- mbedtls_mpi_cmp_int(&ctx->D, 0) != 0 &&
469
- mbedtls_mpi_cmp_int(&ctx->E, 0) != 0;
470
-
471
- if (!is_priv) {
472
- /* If we're trying to export private parameters for a public key,
473
- * something must be wrong. */
474
- if (P != NULL || Q != NULL || D != NULL) {
475
- return MBEDTLS_ERR_RSA_BAD_INPUT_DATA;
476
- }
477
-
478
- }
479
-
480
- if (N != NULL) {
481
- MBEDTLS_MPI_CHK(mbedtls_mpi_write_binary(&ctx->N, N, N_len));
482
- }
483
-
484
- if (P != NULL) {
485
- MBEDTLS_MPI_CHK(mbedtls_mpi_write_binary(&ctx->P, P, P_len));
486
- }
487
-
488
- if (Q != NULL) {
489
- MBEDTLS_MPI_CHK(mbedtls_mpi_write_binary(&ctx->Q, Q, Q_len));
490
- }
491
-
492
- if (D != NULL) {
493
- MBEDTLS_MPI_CHK(mbedtls_mpi_write_binary(&ctx->D, D, D_len));
494
- }
495
-
496
- if (E != NULL) {
497
- MBEDTLS_MPI_CHK(mbedtls_mpi_write_binary(&ctx->E, E, E_len));
498
- }
499
-
500
- cleanup:
501
-
502
- return ret;
503
- }
504
-
505
- int mbedtls_rsa_export(const mbedtls_rsa_context *ctx,
506
- mbedtls_mpi *N, mbedtls_mpi *P, mbedtls_mpi *Q,
507
- mbedtls_mpi *D, mbedtls_mpi *E)
508
- {
509
- int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
510
- int is_priv;
511
-
512
- /* Check if key is private or public */
513
- is_priv =
514
- mbedtls_mpi_cmp_int(&ctx->N, 0) != 0 &&
515
- mbedtls_mpi_cmp_int(&ctx->P, 0) != 0 &&
516
- mbedtls_mpi_cmp_int(&ctx->Q, 0) != 0 &&
517
- mbedtls_mpi_cmp_int(&ctx->D, 0) != 0 &&
518
- mbedtls_mpi_cmp_int(&ctx->E, 0) != 0;
519
-
520
- if (!is_priv) {
521
- /* If we're trying to export private parameters for a public key,
522
- * something must be wrong. */
523
- if (P != NULL || Q != NULL || D != NULL) {
524
- return MBEDTLS_ERR_RSA_BAD_INPUT_DATA;
525
- }
526
-
527
- }
528
-
529
- /* Export all requested core parameters. */
530
-
531
- if ((N != NULL && (ret = mbedtls_mpi_copy(N, &ctx->N)) != 0) ||
532
- (P != NULL && (ret = mbedtls_mpi_copy(P, &ctx->P)) != 0) ||
533
- (Q != NULL && (ret = mbedtls_mpi_copy(Q, &ctx->Q)) != 0) ||
534
- (D != NULL && (ret = mbedtls_mpi_copy(D, &ctx->D)) != 0) ||
535
- (E != NULL && (ret = mbedtls_mpi_copy(E, &ctx->E)) != 0)) {
536
- return ret;
537
- }
538
-
539
- return 0;
540
- }
541
-
542
- /*
543
- * Export CRT parameters
544
- * This must also be implemented if CRT is not used, for being able to
545
- * write DER encoded RSA keys. The helper function mbedtls_rsa_deduce_crt
546
- * can be used in this case.
547
- */
548
- int mbedtls_rsa_export_crt(const mbedtls_rsa_context *ctx,
549
- mbedtls_mpi *DP, mbedtls_mpi *DQ, mbedtls_mpi *QP)
550
- {
551
- int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
552
- int is_priv;
553
-
554
- /* Check if key is private or public */
555
- is_priv =
556
- mbedtls_mpi_cmp_int(&ctx->N, 0) != 0 &&
557
- mbedtls_mpi_cmp_int(&ctx->P, 0) != 0 &&
558
- mbedtls_mpi_cmp_int(&ctx->Q, 0) != 0 &&
559
- mbedtls_mpi_cmp_int(&ctx->D, 0) != 0 &&
560
- mbedtls_mpi_cmp_int(&ctx->E, 0) != 0;
561
-
562
- if (!is_priv) {
563
- return MBEDTLS_ERR_RSA_BAD_INPUT_DATA;
564
- }
565
-
566
- #if !defined(MBEDTLS_RSA_NO_CRT)
567
- /* Export all requested blinding parameters. */
568
- if ((DP != NULL && (ret = mbedtls_mpi_copy(DP, &ctx->DP)) != 0) ||
569
- (DQ != NULL && (ret = mbedtls_mpi_copy(DQ, &ctx->DQ)) != 0) ||
570
- (QP != NULL && (ret = mbedtls_mpi_copy(QP, &ctx->QP)) != 0)) {
571
- return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_RSA_BAD_INPUT_DATA, ret);
572
- }
573
- #else
574
- if ((ret = mbedtls_rsa_deduce_crt(&ctx->P, &ctx->Q, &ctx->D,
575
- DP, DQ, QP)) != 0) {
576
- return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_RSA_BAD_INPUT_DATA, ret);
577
- }
578
- #endif
579
-
580
- return 0;
581
- }
582
-
583
- /*
584
- * Initialize an RSA context
585
- */
586
- void mbedtls_rsa_init(mbedtls_rsa_context *ctx)
587
- {
588
- memset(ctx, 0, sizeof(mbedtls_rsa_context));
589
-
590
- ctx->padding = MBEDTLS_RSA_PKCS_V15;
591
- ctx->hash_id = MBEDTLS_MD_NONE;
592
-
593
- #if defined(MBEDTLS_THREADING_C)
594
- /* Set ctx->ver to nonzero to indicate that the mutex has been
595
- * initialized and will need to be freed. */
596
- ctx->ver = 1;
597
- mbedtls_mutex_init(&ctx->mutex);
598
- #endif
599
- }
600
-
601
- /*
602
- * Set padding for an existing RSA context
603
- */
604
- int mbedtls_rsa_set_padding(mbedtls_rsa_context *ctx, int padding,
605
- mbedtls_md_type_t hash_id)
606
- {
607
- switch (padding) {
608
- #if defined(MBEDTLS_PKCS1_V15)
609
- case MBEDTLS_RSA_PKCS_V15:
610
- break;
611
- #endif
612
-
613
- #if defined(MBEDTLS_PKCS1_V21)
614
- case MBEDTLS_RSA_PKCS_V21:
615
- break;
616
- #endif
617
- default:
618
- return MBEDTLS_ERR_RSA_INVALID_PADDING;
619
- }
620
-
621
- #if defined(MBEDTLS_PKCS1_V21)
622
- if ((padding == MBEDTLS_RSA_PKCS_V21) &&
623
- (hash_id != MBEDTLS_MD_NONE)) {
624
- /* Just make sure this hash is supported in this build. */
625
- if (mbedtls_md_info_from_type(hash_id) == NULL) {
626
- return MBEDTLS_ERR_RSA_INVALID_PADDING;
627
- }
628
- }
629
- #endif /* MBEDTLS_PKCS1_V21 */
630
-
631
- ctx->padding = padding;
632
- ctx->hash_id = hash_id;
633
-
634
- return 0;
635
- }
636
-
637
- /*
638
- * Get padding mode of initialized RSA context
639
- */
640
- int mbedtls_rsa_get_padding_mode(const mbedtls_rsa_context *ctx)
641
- {
642
- return ctx->padding;
643
- }
644
-
645
- /*
646
- * Get hash identifier of mbedtls_md_type_t type
647
- */
648
- int mbedtls_rsa_get_md_alg(const mbedtls_rsa_context *ctx)
649
- {
650
- return ctx->hash_id;
651
- }
652
-
653
- /*
654
- * Get length in bytes of RSA modulus
655
- */
656
- size_t mbedtls_rsa_get_len(const mbedtls_rsa_context *ctx)
657
- {
658
- return ctx->len;
659
- }
660
-
661
-
662
- #if defined(MBEDTLS_GENPRIME)
663
-
664
- /*
665
- * Generate an RSA keypair
666
- *
667
- * This generation method follows the RSA key pair generation procedure of
668
- * FIPS 186-4 if 2^16 < exponent < 2^256 and nbits = 2048 or nbits = 3072.
669
- */
670
- int mbedtls_rsa_gen_key(mbedtls_rsa_context *ctx,
671
- int (*f_rng)(void *, unsigned char *, size_t),
672
- void *p_rng,
673
- unsigned int nbits, int exponent)
674
- {
675
- int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
676
- mbedtls_mpi H, G, L;
677
- int prime_quality = 0;
678
-
679
- /*
680
- * If the modulus is 1024 bit long or shorter, then the security strength of
681
- * the RSA algorithm is less than or equal to 80 bits and therefore an error
682
- * rate of 2^-80 is sufficient.
683
- */
684
- if (nbits > 1024) {
685
- prime_quality = MBEDTLS_MPI_GEN_PRIME_FLAG_LOW_ERR;
686
- }
687
-
688
- mbedtls_mpi_init(&H);
689
- mbedtls_mpi_init(&G);
690
- mbedtls_mpi_init(&L);
691
-
692
- if (exponent < 3 || nbits % 2 != 0) {
693
- ret = MBEDTLS_ERR_RSA_BAD_INPUT_DATA;
694
- goto cleanup;
695
- }
696
-
697
- if (nbits < MBEDTLS_RSA_GEN_KEY_MIN_BITS) {
698
- ret = MBEDTLS_ERR_RSA_BAD_INPUT_DATA;
699
- goto cleanup;
700
- }
701
-
702
- /*
703
- * find primes P and Q with Q < P so that:
704
- * 1. |P-Q| > 2^( nbits / 2 - 100 )
705
- * 2. GCD( E, (P-1)*(Q-1) ) == 1
706
- * 3. E^-1 mod LCM(P-1, Q-1) > 2^( nbits / 2 )
707
- */
708
- MBEDTLS_MPI_CHK(mbedtls_mpi_lset(&ctx->E, exponent));
709
-
710
- do {
711
- MBEDTLS_MPI_CHK(mbedtls_mpi_gen_prime(&ctx->P, nbits >> 1,
712
- prime_quality, f_rng, p_rng));
713
-
714
- MBEDTLS_MPI_CHK(mbedtls_mpi_gen_prime(&ctx->Q, nbits >> 1,
715
- prime_quality, f_rng, p_rng));
716
-
717
- /* make sure the difference between p and q is not too small (FIPS 186-4 §B.3.3 step 5.4) */
718
- MBEDTLS_MPI_CHK(mbedtls_mpi_sub_mpi(&H, &ctx->P, &ctx->Q));
719
- if (mbedtls_mpi_bitlen(&H) <= ((nbits >= 200) ? ((nbits >> 1) - 99) : 0)) {
720
- continue;
721
- }
722
-
723
- /* not required by any standards, but some users rely on the fact that P > Q */
724
- if (H.s < 0) {
725
- mbedtls_mpi_swap(&ctx->P, &ctx->Q);
726
- }
727
-
728
- /* Temporarily replace P,Q by P-1, Q-1 */
729
- MBEDTLS_MPI_CHK(mbedtls_mpi_sub_int(&ctx->P, &ctx->P, 1));
730
- MBEDTLS_MPI_CHK(mbedtls_mpi_sub_int(&ctx->Q, &ctx->Q, 1));
731
- MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mpi(&H, &ctx->P, &ctx->Q));
732
-
733
- /* check GCD( E, (P-1)*(Q-1) ) == 1 (FIPS 186-4 §B.3.1 criterion 2(a)) */
734
- MBEDTLS_MPI_CHK(mbedtls_mpi_gcd(&G, &ctx->E, &H));
735
- if (mbedtls_mpi_cmp_int(&G, 1) != 0) {
736
- continue;
737
- }
738
-
739
- /* compute smallest possible D = E^-1 mod LCM(P-1, Q-1) (FIPS 186-4 §B.3.1 criterion 3(b)) */
740
- MBEDTLS_MPI_CHK(mbedtls_mpi_gcd(&G, &ctx->P, &ctx->Q));
741
- MBEDTLS_MPI_CHK(mbedtls_mpi_div_mpi(&L, NULL, &H, &G));
742
- MBEDTLS_MPI_CHK(mbedtls_mpi_inv_mod(&ctx->D, &ctx->E, &L));
743
-
744
- if (mbedtls_mpi_bitlen(&ctx->D) <= ((nbits + 1) / 2)) { // (FIPS 186-4 §B.3.1 criterion 3(a))
745
- continue;
746
- }
747
-
748
- break;
749
- } while (1);
750
-
751
- /* Restore P,Q */
752
- MBEDTLS_MPI_CHK(mbedtls_mpi_add_int(&ctx->P, &ctx->P, 1));
753
- MBEDTLS_MPI_CHK(mbedtls_mpi_add_int(&ctx->Q, &ctx->Q, 1));
754
-
755
- MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mpi(&ctx->N, &ctx->P, &ctx->Q));
756
-
757
- ctx->len = mbedtls_mpi_size(&ctx->N);
758
-
759
- #if !defined(MBEDTLS_RSA_NO_CRT)
760
- /*
761
- * DP = D mod (P - 1)
762
- * DQ = D mod (Q - 1)
763
- * QP = Q^-1 mod P
764
- */
765
- MBEDTLS_MPI_CHK(mbedtls_rsa_deduce_crt(&ctx->P, &ctx->Q, &ctx->D,
766
- &ctx->DP, &ctx->DQ, &ctx->QP));
767
- #endif /* MBEDTLS_RSA_NO_CRT */
768
-
769
- /* Double-check */
770
- MBEDTLS_MPI_CHK(mbedtls_rsa_check_privkey(ctx));
771
-
772
- cleanup:
773
-
774
- mbedtls_mpi_free(&H);
775
- mbedtls_mpi_free(&G);
776
- mbedtls_mpi_free(&L);
777
-
778
- if (ret != 0) {
779
- mbedtls_rsa_free(ctx);
780
-
781
- if ((-ret & ~0x7f) == 0) {
782
- ret = MBEDTLS_ERROR_ADD(MBEDTLS_ERR_RSA_KEY_GEN_FAILED, ret);
783
- }
784
- return ret;
785
- }
786
-
787
- return 0;
788
- }
789
-
790
- #endif /* MBEDTLS_GENPRIME */
791
-
792
- /*
793
- * Check a public RSA key
794
- */
795
- int mbedtls_rsa_check_pubkey(const mbedtls_rsa_context *ctx)
796
- {
797
- if (rsa_check_context(ctx, 0 /* public */, 0 /* no blinding */) != 0) {
798
- return MBEDTLS_ERR_RSA_KEY_CHECK_FAILED;
799
- }
800
-
801
- if (mbedtls_mpi_bitlen(&ctx->N) < 128) {
802
- return MBEDTLS_ERR_RSA_KEY_CHECK_FAILED;
803
- }
804
-
805
- if (mbedtls_mpi_get_bit(&ctx->E, 0) == 0 ||
806
- mbedtls_mpi_bitlen(&ctx->E) < 2 ||
807
- mbedtls_mpi_cmp_mpi(&ctx->E, &ctx->N) >= 0) {
808
- return MBEDTLS_ERR_RSA_KEY_CHECK_FAILED;
809
- }
810
-
811
- return 0;
812
- }
813
-
814
- /*
815
- * Check for the consistency of all fields in an RSA private key context
816
- */
817
- int mbedtls_rsa_check_privkey(const mbedtls_rsa_context *ctx)
818
- {
819
- if (mbedtls_rsa_check_pubkey(ctx) != 0 ||
820
- rsa_check_context(ctx, 1 /* private */, 1 /* blinding */) != 0) {
821
- return MBEDTLS_ERR_RSA_KEY_CHECK_FAILED;
822
- }
823
-
824
- if (mbedtls_rsa_validate_params(&ctx->N, &ctx->P, &ctx->Q,
825
- &ctx->D, &ctx->E, NULL, NULL) != 0) {
826
- return MBEDTLS_ERR_RSA_KEY_CHECK_FAILED;
827
- }
828
-
829
- #if !defined(MBEDTLS_RSA_NO_CRT)
830
- else if (mbedtls_rsa_validate_crt(&ctx->P, &ctx->Q, &ctx->D,
831
- &ctx->DP, &ctx->DQ, &ctx->QP) != 0) {
832
- return MBEDTLS_ERR_RSA_KEY_CHECK_FAILED;
833
- }
834
- #endif
835
-
836
- return 0;
837
- }
838
-
839
- /*
840
- * Check if contexts holding a public and private key match
841
- */
842
- int mbedtls_rsa_check_pub_priv(const mbedtls_rsa_context *pub,
843
- const mbedtls_rsa_context *prv)
844
- {
845
- if (mbedtls_rsa_check_pubkey(pub) != 0 ||
846
- mbedtls_rsa_check_privkey(prv) != 0) {
847
- return MBEDTLS_ERR_RSA_KEY_CHECK_FAILED;
848
- }
849
-
850
- if (mbedtls_mpi_cmp_mpi(&pub->N, &prv->N) != 0 ||
851
- mbedtls_mpi_cmp_mpi(&pub->E, &prv->E) != 0) {
852
- return MBEDTLS_ERR_RSA_KEY_CHECK_FAILED;
853
- }
854
-
855
- return 0;
856
- }
857
-
858
- /*
859
- * Do an RSA public key operation
860
- */
861
- int mbedtls_rsa_public(mbedtls_rsa_context *ctx,
862
- const unsigned char *input,
863
- unsigned char *output)
864
- {
865
- int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
866
- size_t olen;
867
- mbedtls_mpi T;
868
-
869
- if (rsa_check_context(ctx, 0 /* public */, 0 /* no blinding */)) {
870
- return MBEDTLS_ERR_RSA_BAD_INPUT_DATA;
871
- }
872
-
873
- mbedtls_mpi_init(&T);
874
-
875
- #if defined(MBEDTLS_THREADING_C)
876
- if ((ret = mbedtls_mutex_lock(&ctx->mutex)) != 0) {
877
- return ret;
878
- }
879
- #endif
880
-
881
- MBEDTLS_MPI_CHK(mbedtls_mpi_read_binary(&T, input, ctx->len));
882
-
883
- if (mbedtls_mpi_cmp_mpi(&T, &ctx->N) >= 0) {
884
- ret = MBEDTLS_ERR_MPI_BAD_INPUT_DATA;
885
- goto cleanup;
886
- }
887
-
888
- olen = ctx->len;
889
- MBEDTLS_MPI_CHK(mbedtls_mpi_exp_mod(&T, &T, &ctx->E, &ctx->N, &ctx->RN));
890
- MBEDTLS_MPI_CHK(mbedtls_mpi_write_binary(&T, output, olen));
891
-
892
- cleanup:
893
- #if defined(MBEDTLS_THREADING_C)
894
- if (mbedtls_mutex_unlock(&ctx->mutex) != 0) {
895
- return MBEDTLS_ERR_THREADING_MUTEX_ERROR;
896
- }
897
- #endif
898
-
899
- mbedtls_mpi_free(&T);
900
-
901
- if (ret != 0) {
902
- return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_RSA_PUBLIC_FAILED, ret);
903
- }
904
-
905
- return 0;
906
- }
907
-
908
- /*
909
- * Generate or update blinding values, see section 10 of:
910
- * KOCHER, Paul C. Timing attacks on implementations of Diffie-Hellman, RSA,
911
- * DSS, and other systems. In : Advances in Cryptology-CRYPTO'96. Springer
912
- * Berlin Heidelberg, 1996. p. 104-113.
913
- */
914
- static int rsa_prepare_blinding(mbedtls_rsa_context *ctx,
915
- int (*f_rng)(void *, unsigned char *, size_t), void *p_rng)
916
- {
917
- int ret, count = 0;
918
- mbedtls_mpi R;
919
-
920
- mbedtls_mpi_init(&R);
921
-
922
- if (ctx->Vf.p != NULL) {
923
- /* We already have blinding values, just update them by squaring */
924
- MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mpi(&ctx->Vi, &ctx->Vi, &ctx->Vi));
925
- MBEDTLS_MPI_CHK(mbedtls_mpi_mod_mpi(&ctx->Vi, &ctx->Vi, &ctx->N));
926
- MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mpi(&ctx->Vf, &ctx->Vf, &ctx->Vf));
927
- MBEDTLS_MPI_CHK(mbedtls_mpi_mod_mpi(&ctx->Vf, &ctx->Vf, &ctx->N));
928
-
929
- goto cleanup;
930
- }
931
-
932
- /* Unblinding value: Vf = random number, invertible mod N */
933
- do {
934
- if (count++ > 10) {
935
- ret = MBEDTLS_ERR_RSA_RNG_FAILED;
936
- goto cleanup;
937
- }
938
-
939
- MBEDTLS_MPI_CHK(mbedtls_mpi_fill_random(&ctx->Vf, ctx->len - 1, f_rng, p_rng));
940
-
941
- /* Compute Vf^-1 as R * (R Vf)^-1 to avoid leaks from inv_mod. */
942
- MBEDTLS_MPI_CHK(mbedtls_mpi_fill_random(&R, ctx->len - 1, f_rng, p_rng));
943
- MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mpi(&ctx->Vi, &ctx->Vf, &R));
944
- MBEDTLS_MPI_CHK(mbedtls_mpi_mod_mpi(&ctx->Vi, &ctx->Vi, &ctx->N));
945
-
946
- /* At this point, Vi is invertible mod N if and only if both Vf and R
947
- * are invertible mod N. If one of them isn't, we don't need to know
948
- * which one, we just loop and choose new values for both of them.
949
- * (Each iteration succeeds with overwhelming probability.) */
950
- ret = mbedtls_mpi_inv_mod(&ctx->Vi, &ctx->Vi, &ctx->N);
951
- if (ret != 0 && ret != MBEDTLS_ERR_MPI_NOT_ACCEPTABLE) {
952
- goto cleanup;
953
- }
954
-
955
- } while (ret == MBEDTLS_ERR_MPI_NOT_ACCEPTABLE);
956
-
957
- /* Finish the computation of Vf^-1 = R * (R Vf)^-1 */
958
- MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mpi(&ctx->Vi, &ctx->Vi, &R));
959
- MBEDTLS_MPI_CHK(mbedtls_mpi_mod_mpi(&ctx->Vi, &ctx->Vi, &ctx->N));
960
-
961
- /* Blinding value: Vi = Vf^(-e) mod N
962
- * (Vi already contains Vf^-1 at this point) */
963
- MBEDTLS_MPI_CHK(mbedtls_mpi_exp_mod(&ctx->Vi, &ctx->Vi, &ctx->E, &ctx->N, &ctx->RN));
964
-
965
-
966
- cleanup:
967
- mbedtls_mpi_free(&R);
968
-
969
- return ret;
970
- }
971
-
972
- /*
973
- * Exponent blinding supposed to prevent side-channel attacks using multiple
974
- * traces of measurements to recover the RSA key. The more collisions are there,
975
- * the more bits of the key can be recovered. See [3].
976
- *
977
- * Collecting n collisions with m bit long blinding value requires 2^(m-m/n)
978
- * observations on average.
979
- *
980
- * For example with 28 byte blinding to achieve 2 collisions the adversary has
981
- * to make 2^112 observations on average.
982
- *
983
- * (With the currently (as of 2017 April) known best algorithms breaking 2048
984
- * bit RSA requires approximately as much time as trying out 2^112 random keys.
985
- * Thus in this sense with 28 byte blinding the security is not reduced by
986
- * side-channel attacks like the one in [3])
987
- *
988
- * This countermeasure does not help if the key recovery is possible with a
989
- * single trace.
990
- */
991
- #define RSA_EXPONENT_BLINDING 28
992
-
993
- /*
994
- * Do an RSA private key operation
995
- */
996
- int mbedtls_rsa_private(mbedtls_rsa_context *ctx,
997
- int (*f_rng)(void *, unsigned char *, size_t),
998
- void *p_rng,
999
- const unsigned char *input,
1000
- unsigned char *output)
1001
- {
1002
- int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
1003
- size_t olen;
1004
-
1005
- /* Temporary holding the result */
1006
- mbedtls_mpi T;
1007
-
1008
- /* Temporaries holding P-1, Q-1 and the
1009
- * exponent blinding factor, respectively. */
1010
- mbedtls_mpi P1, Q1, R;
1011
-
1012
- #if !defined(MBEDTLS_RSA_NO_CRT)
1013
- /* Temporaries holding the results mod p resp. mod q. */
1014
- mbedtls_mpi TP, TQ;
1015
-
1016
- /* Temporaries holding the blinded exponents for
1017
- * the mod p resp. mod q computation (if used). */
1018
- mbedtls_mpi DP_blind, DQ_blind;
1019
-
1020
- /* Pointers to actual exponents to be used - either the unblinded
1021
- * or the blinded ones, depending on the presence of a PRNG. */
1022
- mbedtls_mpi *DP = &ctx->DP;
1023
- mbedtls_mpi *DQ = &ctx->DQ;
1024
- #else
1025
- /* Temporary holding the blinded exponent (if used). */
1026
- mbedtls_mpi D_blind;
1027
-
1028
- /* Pointer to actual exponent to be used - either the unblinded
1029
- * or the blinded one, depending on the presence of a PRNG. */
1030
- mbedtls_mpi *D = &ctx->D;
1031
- #endif /* MBEDTLS_RSA_NO_CRT */
1032
-
1033
- /* Temporaries holding the initial input and the double
1034
- * checked result; should be the same in the end. */
1035
- mbedtls_mpi I, C;
1036
-
1037
- if (f_rng == NULL) {
1038
- return MBEDTLS_ERR_RSA_BAD_INPUT_DATA;
1039
- }
1040
-
1041
- if (rsa_check_context(ctx, 1 /* private key checks */,
1042
- 1 /* blinding on */) != 0) {
1043
- return MBEDTLS_ERR_RSA_BAD_INPUT_DATA;
1044
- }
1045
-
1046
- #if defined(MBEDTLS_THREADING_C)
1047
- if ((ret = mbedtls_mutex_lock(&ctx->mutex)) != 0) {
1048
- return ret;
1049
- }
1050
- #endif
1051
-
1052
- /* MPI Initialization */
1053
- mbedtls_mpi_init(&T);
1054
-
1055
- mbedtls_mpi_init(&P1);
1056
- mbedtls_mpi_init(&Q1);
1057
- mbedtls_mpi_init(&R);
1058
-
1059
- #if defined(MBEDTLS_RSA_NO_CRT)
1060
- mbedtls_mpi_init(&D_blind);
1061
- #else
1062
- mbedtls_mpi_init(&DP_blind);
1063
- mbedtls_mpi_init(&DQ_blind);
1064
- #endif
1065
-
1066
- #if !defined(MBEDTLS_RSA_NO_CRT)
1067
- mbedtls_mpi_init(&TP); mbedtls_mpi_init(&TQ);
1068
- #endif
1069
-
1070
- mbedtls_mpi_init(&I);
1071
- mbedtls_mpi_init(&C);
1072
-
1073
- /* End of MPI initialization */
1074
-
1075
- MBEDTLS_MPI_CHK(mbedtls_mpi_read_binary(&T, input, ctx->len));
1076
- if (mbedtls_mpi_cmp_mpi(&T, &ctx->N) >= 0) {
1077
- ret = MBEDTLS_ERR_MPI_BAD_INPUT_DATA;
1078
- goto cleanup;
1079
- }
1080
-
1081
- MBEDTLS_MPI_CHK(mbedtls_mpi_copy(&I, &T));
1082
-
1083
- /*
1084
- * Blinding
1085
- * T = T * Vi mod N
1086
- */
1087
- MBEDTLS_MPI_CHK(rsa_prepare_blinding(ctx, f_rng, p_rng));
1088
- MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mpi(&T, &T, &ctx->Vi));
1089
- MBEDTLS_MPI_CHK(mbedtls_mpi_mod_mpi(&T, &T, &ctx->N));
1090
-
1091
- /*
1092
- * Exponent blinding
1093
- */
1094
- MBEDTLS_MPI_CHK(mbedtls_mpi_sub_int(&P1, &ctx->P, 1));
1095
- MBEDTLS_MPI_CHK(mbedtls_mpi_sub_int(&Q1, &ctx->Q, 1));
1096
-
1097
- #if defined(MBEDTLS_RSA_NO_CRT)
1098
- /*
1099
- * D_blind = ( P - 1 ) * ( Q - 1 ) * R + D
1100
- */
1101
- MBEDTLS_MPI_CHK(mbedtls_mpi_fill_random(&R, RSA_EXPONENT_BLINDING,
1102
- f_rng, p_rng));
1103
- MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mpi(&D_blind, &P1, &Q1));
1104
- MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mpi(&D_blind, &D_blind, &R));
1105
- MBEDTLS_MPI_CHK(mbedtls_mpi_add_mpi(&D_blind, &D_blind, &ctx->D));
1106
-
1107
- D = &D_blind;
1108
- #else
1109
- /*
1110
- * DP_blind = ( P - 1 ) * R + DP
1111
- */
1112
- MBEDTLS_MPI_CHK(mbedtls_mpi_fill_random(&R, RSA_EXPONENT_BLINDING,
1113
- f_rng, p_rng));
1114
- MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mpi(&DP_blind, &P1, &R));
1115
- MBEDTLS_MPI_CHK(mbedtls_mpi_add_mpi(&DP_blind, &DP_blind,
1116
- &ctx->DP));
1117
-
1118
- DP = &DP_blind;
1119
-
1120
- /*
1121
- * DQ_blind = ( Q - 1 ) * R + DQ
1122
- */
1123
- MBEDTLS_MPI_CHK(mbedtls_mpi_fill_random(&R, RSA_EXPONENT_BLINDING,
1124
- f_rng, p_rng));
1125
- MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mpi(&DQ_blind, &Q1, &R));
1126
- MBEDTLS_MPI_CHK(mbedtls_mpi_add_mpi(&DQ_blind, &DQ_blind,
1127
- &ctx->DQ));
1128
-
1129
- DQ = &DQ_blind;
1130
- #endif /* MBEDTLS_RSA_NO_CRT */
1131
-
1132
- #if defined(MBEDTLS_RSA_NO_CRT)
1133
- MBEDTLS_MPI_CHK(mbedtls_mpi_exp_mod(&T, &T, D, &ctx->N, &ctx->RN));
1134
- #else
1135
- /*
1136
- * Faster decryption using the CRT
1137
- *
1138
- * TP = input ^ dP mod P
1139
- * TQ = input ^ dQ mod Q
1140
- */
1141
-
1142
- MBEDTLS_MPI_CHK(mbedtls_mpi_exp_mod(&TP, &T, DP, &ctx->P, &ctx->RP));
1143
- MBEDTLS_MPI_CHK(mbedtls_mpi_exp_mod(&TQ, &T, DQ, &ctx->Q, &ctx->RQ));
1144
-
1145
- /*
1146
- * T = (TP - TQ) * (Q^-1 mod P) mod P
1147
- */
1148
- MBEDTLS_MPI_CHK(mbedtls_mpi_sub_mpi(&T, &TP, &TQ));
1149
- MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mpi(&TP, &T, &ctx->QP));
1150
- MBEDTLS_MPI_CHK(mbedtls_mpi_mod_mpi(&T, &TP, &ctx->P));
1151
-
1152
- /*
1153
- * T = TQ + T * Q
1154
- */
1155
- MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mpi(&TP, &T, &ctx->Q));
1156
- MBEDTLS_MPI_CHK(mbedtls_mpi_add_mpi(&T, &TQ, &TP));
1157
- #endif /* MBEDTLS_RSA_NO_CRT */
1158
-
1159
- /*
1160
- * Unblind
1161
- * T = T * Vf mod N
1162
- */
1163
- MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mpi(&T, &T, &ctx->Vf));
1164
- MBEDTLS_MPI_CHK(mbedtls_mpi_mod_mpi(&T, &T, &ctx->N));
1165
-
1166
- /* Verify the result to prevent glitching attacks. */
1167
- MBEDTLS_MPI_CHK(mbedtls_mpi_exp_mod(&C, &T, &ctx->E,
1168
- &ctx->N, &ctx->RN));
1169
- if (mbedtls_mpi_cmp_mpi(&C, &I) != 0) {
1170
- ret = MBEDTLS_ERR_RSA_VERIFY_FAILED;
1171
- goto cleanup;
1172
- }
1173
-
1174
- olen = ctx->len;
1175
- MBEDTLS_MPI_CHK(mbedtls_mpi_write_binary(&T, output, olen));
1176
-
1177
- cleanup:
1178
- #if defined(MBEDTLS_THREADING_C)
1179
- if (mbedtls_mutex_unlock(&ctx->mutex) != 0) {
1180
- return MBEDTLS_ERR_THREADING_MUTEX_ERROR;
1181
- }
1182
- #endif
1183
-
1184
- mbedtls_mpi_free(&P1);
1185
- mbedtls_mpi_free(&Q1);
1186
- mbedtls_mpi_free(&R);
1187
-
1188
- #if defined(MBEDTLS_RSA_NO_CRT)
1189
- mbedtls_mpi_free(&D_blind);
1190
- #else
1191
- mbedtls_mpi_free(&DP_blind);
1192
- mbedtls_mpi_free(&DQ_blind);
1193
- #endif
1194
-
1195
- mbedtls_mpi_free(&T);
1196
-
1197
- #if !defined(MBEDTLS_RSA_NO_CRT)
1198
- mbedtls_mpi_free(&TP); mbedtls_mpi_free(&TQ);
1199
- #endif
1200
-
1201
- mbedtls_mpi_free(&C);
1202
- mbedtls_mpi_free(&I);
1203
-
1204
- if (ret != 0 && ret >= -0x007f) {
1205
- return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_RSA_PRIVATE_FAILED, ret);
1206
- }
1207
-
1208
- return ret;
1209
- }
1210
-
1211
- #if defined(MBEDTLS_PKCS1_V21)
1212
- /**
1213
- * Generate and apply the MGF1 operation (from PKCS#1 v2.1) to a buffer.
1214
- *
1215
- * \param dst buffer to mask
1216
- * \param dlen length of destination buffer
1217
- * \param src source of the mask generation
1218
- * \param slen length of the source buffer
1219
- * \param md_alg message digest to use
1220
- */
1221
- static int mgf_mask(unsigned char *dst, size_t dlen, unsigned char *src,
1222
- size_t slen, mbedtls_md_type_t md_alg)
1223
- {
1224
- unsigned char counter[4];
1225
- unsigned char *p;
1226
- unsigned int hlen;
1227
- size_t i, use_len;
1228
- unsigned char mask[MBEDTLS_MD_MAX_SIZE];
1229
- int ret = 0;
1230
- const mbedtls_md_info_t *md_info;
1231
- mbedtls_md_context_t md_ctx;
1232
-
1233
- mbedtls_md_init(&md_ctx);
1234
- md_info = mbedtls_md_info_from_type(md_alg);
1235
- if (md_info == NULL) {
1236
- return MBEDTLS_ERR_RSA_BAD_INPUT_DATA;
1237
- }
1238
-
1239
- mbedtls_md_init(&md_ctx);
1240
- if ((ret = mbedtls_md_setup(&md_ctx, md_info, 0)) != 0) {
1241
- goto exit;
1242
- }
1243
-
1244
- hlen = mbedtls_md_get_size(md_info);
1245
-
1246
- memset(mask, 0, sizeof(mask));
1247
- memset(counter, 0, 4);
1248
-
1249
- /* Generate and apply dbMask */
1250
- p = dst;
1251
-
1252
- while (dlen > 0) {
1253
- use_len = hlen;
1254
- if (dlen < hlen) {
1255
- use_len = dlen;
1256
- }
1257
-
1258
- if ((ret = mbedtls_md_starts(&md_ctx)) != 0) {
1259
- goto exit;
1260
- }
1261
- if ((ret = mbedtls_md_update(&md_ctx, src, slen)) != 0) {
1262
- goto exit;
1263
- }
1264
- if ((ret = mbedtls_md_update(&md_ctx, counter, 4)) != 0) {
1265
- goto exit;
1266
- }
1267
- if ((ret = mbedtls_md_finish(&md_ctx, mask)) != 0) {
1268
- goto exit;
1269
- }
1270
-
1271
- for (i = 0; i < use_len; ++i) {
1272
- *p++ ^= mask[i];
1273
- }
1274
-
1275
- counter[3]++;
1276
-
1277
- dlen -= use_len;
1278
- }
1279
-
1280
- exit:
1281
- mbedtls_platform_zeroize(mask, sizeof(mask));
1282
- mbedtls_md_free(&md_ctx);
1283
-
1284
- return ret;
1285
- }
1286
-
1287
- /**
1288
- * Generate Hash(M') as in RFC 8017 page 43 points 5 and 6.
1289
- *
1290
- * \param hash the input hash
1291
- * \param hlen length of the input hash
1292
- * \param salt the input salt
1293
- * \param slen length of the input salt
1294
- * \param out the output buffer - must be large enough for \p md_alg
1295
- * \param md_alg message digest to use
1296
- */
1297
- static int hash_mprime(const unsigned char *hash, size_t hlen,
1298
- const unsigned char *salt, size_t slen,
1299
- unsigned char *out, mbedtls_md_type_t md_alg)
1300
- {
1301
- const unsigned char zeros[8] = { 0, 0, 0, 0, 0, 0, 0, 0 };
1302
-
1303
- mbedtls_md_context_t md_ctx;
1304
- int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
1305
-
1306
- const mbedtls_md_info_t *md_info = mbedtls_md_info_from_type(md_alg);
1307
- if (md_info == NULL) {
1308
- return MBEDTLS_ERR_RSA_BAD_INPUT_DATA;
1309
- }
1310
-
1311
- mbedtls_md_init(&md_ctx);
1312
- if ((ret = mbedtls_md_setup(&md_ctx, md_info, 0)) != 0) {
1313
- goto exit;
1314
- }
1315
- if ((ret = mbedtls_md_starts(&md_ctx)) != 0) {
1316
- goto exit;
1317
- }
1318
- if ((ret = mbedtls_md_update(&md_ctx, zeros, sizeof(zeros))) != 0) {
1319
- goto exit;
1320
- }
1321
- if ((ret = mbedtls_md_update(&md_ctx, hash, hlen)) != 0) {
1322
- goto exit;
1323
- }
1324
- if ((ret = mbedtls_md_update(&md_ctx, salt, slen)) != 0) {
1325
- goto exit;
1326
- }
1327
- if ((ret = mbedtls_md_finish(&md_ctx, out)) != 0) {
1328
- goto exit;
1329
- }
1330
-
1331
- exit:
1332
- mbedtls_md_free(&md_ctx);
1333
-
1334
- return ret;
1335
- }
1336
-
1337
- /**
1338
- * Compute a hash.
1339
- *
1340
- * \param md_alg algorithm to use
1341
- * \param input input message to hash
1342
- * \param ilen input length
1343
- * \param output the output buffer - must be large enough for \p md_alg
1344
- */
1345
- static int compute_hash(mbedtls_md_type_t md_alg,
1346
- const unsigned char *input, size_t ilen,
1347
- unsigned char *output)
1348
- {
1349
- const mbedtls_md_info_t *md_info;
1350
-
1351
- md_info = mbedtls_md_info_from_type(md_alg);
1352
- if (md_info == NULL) {
1353
- return MBEDTLS_ERR_RSA_BAD_INPUT_DATA;
1354
- }
1355
-
1356
- return mbedtls_md(md_info, input, ilen, output);
1357
- }
1358
- #endif /* MBEDTLS_PKCS1_V21 */
1359
-
1360
- #if defined(MBEDTLS_PKCS1_V21)
1361
- /*
1362
- * Implementation of the PKCS#1 v2.1 RSAES-OAEP-ENCRYPT function
1363
- */
1364
- int mbedtls_rsa_rsaes_oaep_encrypt(mbedtls_rsa_context *ctx,
1365
- int (*f_rng)(void *, unsigned char *, size_t),
1366
- void *p_rng,
1367
- const unsigned char *label, size_t label_len,
1368
- size_t ilen,
1369
- const unsigned char *input,
1370
- unsigned char *output)
1371
- {
1372
- size_t olen;
1373
- int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
1374
- unsigned char *p = output;
1375
- unsigned int hlen;
1376
-
1377
- if (f_rng == NULL) {
1378
- return MBEDTLS_ERR_RSA_BAD_INPUT_DATA;
1379
- }
1380
-
1381
- hlen = mbedtls_md_get_size_from_type((mbedtls_md_type_t) ctx->hash_id);
1382
- if (hlen == 0) {
1383
- return MBEDTLS_ERR_RSA_BAD_INPUT_DATA;
1384
- }
1385
-
1386
- olen = ctx->len;
1387
-
1388
- /* first comparison checks for overflow */
1389
- if (ilen + 2 * hlen + 2 < ilen || olen < ilen + 2 * hlen + 2) {
1390
- return MBEDTLS_ERR_RSA_BAD_INPUT_DATA;
1391
- }
1392
-
1393
- memset(output, 0, olen);
1394
-
1395
- *p++ = 0;
1396
-
1397
- /* Generate a random octet string seed */
1398
- if ((ret = f_rng(p_rng, p, hlen)) != 0) {
1399
- return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_RSA_RNG_FAILED, ret);
1400
- }
1401
-
1402
- p += hlen;
1403
-
1404
- /* Construct DB */
1405
- ret = compute_hash((mbedtls_md_type_t) ctx->hash_id, label, label_len, p);
1406
- if (ret != 0) {
1407
- return ret;
1408
- }
1409
- p += hlen;
1410
- p += olen - 2 * hlen - 2 - ilen;
1411
- *p++ = 1;
1412
- if (ilen != 0) {
1413
- memcpy(p, input, ilen);
1414
- }
1415
-
1416
- /* maskedDB: Apply dbMask to DB */
1417
- if ((ret = mgf_mask(output + hlen + 1, olen - hlen - 1, output + 1, hlen,
1418
- (mbedtls_md_type_t) ctx->hash_id)) != 0) {
1419
- return ret;
1420
- }
1421
-
1422
- /* maskedSeed: Apply seedMask to seed */
1423
- if ((ret = mgf_mask(output + 1, hlen, output + hlen + 1, olen - hlen - 1,
1424
- (mbedtls_md_type_t) ctx->hash_id)) != 0) {
1425
- return ret;
1426
- }
1427
-
1428
- return mbedtls_rsa_public(ctx, output, output);
1429
- }
1430
- #endif /* MBEDTLS_PKCS1_V21 */
1431
-
1432
- #if defined(MBEDTLS_PKCS1_V15)
1433
- /*
1434
- * Implementation of the PKCS#1 v2.1 RSAES-PKCS1-V1_5-ENCRYPT function
1435
- */
1436
- int mbedtls_rsa_rsaes_pkcs1_v15_encrypt(mbedtls_rsa_context *ctx,
1437
- int (*f_rng)(void *, unsigned char *, size_t),
1438
- void *p_rng, size_t ilen,
1439
- const unsigned char *input,
1440
- unsigned char *output)
1441
- {
1442
- size_t nb_pad, olen;
1443
- int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
1444
- unsigned char *p = output;
1445
-
1446
- olen = ctx->len;
1447
-
1448
- /* first comparison checks for overflow */
1449
- if (ilen + 11 < ilen || olen < ilen + 11) {
1450
- return MBEDTLS_ERR_RSA_BAD_INPUT_DATA;
1451
- }
1452
-
1453
- nb_pad = olen - 3 - ilen;
1454
-
1455
- *p++ = 0;
1456
-
1457
- if (f_rng == NULL) {
1458
- return MBEDTLS_ERR_RSA_BAD_INPUT_DATA;
1459
- }
1460
-
1461
- *p++ = MBEDTLS_RSA_CRYPT;
1462
-
1463
- while (nb_pad-- > 0) {
1464
- int rng_dl = 100;
1465
-
1466
- do {
1467
- ret = f_rng(p_rng, p, 1);
1468
- } while (*p == 0 && --rng_dl && ret == 0);
1469
-
1470
- /* Check if RNG failed to generate data */
1471
- if (rng_dl == 0 || ret != 0) {
1472
- return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_RSA_RNG_FAILED, ret);
1473
- }
1474
-
1475
- p++;
1476
- }
1477
-
1478
- *p++ = 0;
1479
- if (ilen != 0) {
1480
- memcpy(p, input, ilen);
1481
- }
1482
-
1483
- return mbedtls_rsa_public(ctx, output, output);
1484
- }
1485
- #endif /* MBEDTLS_PKCS1_V15 */
1486
-
1487
- /*
1488
- * Add the message padding, then do an RSA operation
1489
- */
1490
- int mbedtls_rsa_pkcs1_encrypt(mbedtls_rsa_context *ctx,
1491
- int (*f_rng)(void *, unsigned char *, size_t),
1492
- void *p_rng,
1493
- size_t ilen,
1494
- const unsigned char *input,
1495
- unsigned char *output)
1496
- {
1497
- switch (ctx->padding) {
1498
- #if defined(MBEDTLS_PKCS1_V15)
1499
- case MBEDTLS_RSA_PKCS_V15:
1500
- return mbedtls_rsa_rsaes_pkcs1_v15_encrypt(ctx, f_rng, p_rng,
1501
- ilen, input, output);
1502
- #endif
1503
-
1504
- #if defined(MBEDTLS_PKCS1_V21)
1505
- case MBEDTLS_RSA_PKCS_V21:
1506
- return mbedtls_rsa_rsaes_oaep_encrypt(ctx, f_rng, p_rng, NULL, 0,
1507
- ilen, input, output);
1508
- #endif
1509
-
1510
- default:
1511
- return MBEDTLS_ERR_RSA_INVALID_PADDING;
1512
- }
1513
- }
1514
-
1515
- #if defined(MBEDTLS_PKCS1_V21)
1516
- /*
1517
- * Implementation of the PKCS#1 v2.1 RSAES-OAEP-DECRYPT function
1518
- */
1519
- int mbedtls_rsa_rsaes_oaep_decrypt(mbedtls_rsa_context *ctx,
1520
- int (*f_rng)(void *, unsigned char *, size_t),
1521
- void *p_rng,
1522
- const unsigned char *label, size_t label_len,
1523
- size_t *olen,
1524
- const unsigned char *input,
1525
- unsigned char *output,
1526
- size_t output_max_len)
1527
- {
1528
- int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
1529
- size_t ilen, i, pad_len;
1530
- unsigned char *p;
1531
- mbedtls_ct_condition_t bad, in_padding;
1532
- unsigned char buf[MBEDTLS_MPI_MAX_SIZE];
1533
- unsigned char lhash[MBEDTLS_MD_MAX_SIZE];
1534
- unsigned int hlen;
1535
-
1536
- /*
1537
- * Parameters sanity checks
1538
- */
1539
- if (ctx->padding != MBEDTLS_RSA_PKCS_V21) {
1540
- return MBEDTLS_ERR_RSA_BAD_INPUT_DATA;
1541
- }
1542
-
1543
- ilen = ctx->len;
1544
-
1545
- if (ilen < 16 || ilen > sizeof(buf)) {
1546
- return MBEDTLS_ERR_RSA_BAD_INPUT_DATA;
1547
- }
1548
-
1549
- hlen = mbedtls_md_get_size_from_type((mbedtls_md_type_t) ctx->hash_id);
1550
- if (hlen == 0) {
1551
- return MBEDTLS_ERR_RSA_BAD_INPUT_DATA;
1552
- }
1553
-
1554
- // checking for integer underflow
1555
- if (2 * hlen + 2 > ilen) {
1556
- return MBEDTLS_ERR_RSA_BAD_INPUT_DATA;
1557
- }
1558
-
1559
- /*
1560
- * RSA operation
1561
- */
1562
- ret = mbedtls_rsa_private(ctx, f_rng, p_rng, input, buf);
1563
-
1564
- if (ret != 0) {
1565
- goto cleanup;
1566
- }
1567
-
1568
- /*
1569
- * Unmask data and generate lHash
1570
- */
1571
- /* seed: Apply seedMask to maskedSeed */
1572
- if ((ret = mgf_mask(buf + 1, hlen, buf + hlen + 1, ilen - hlen - 1,
1573
- (mbedtls_md_type_t) ctx->hash_id)) != 0 ||
1574
- /* DB: Apply dbMask to maskedDB */
1575
- (ret = mgf_mask(buf + hlen + 1, ilen - hlen - 1, buf + 1, hlen,
1576
- (mbedtls_md_type_t) ctx->hash_id)) != 0) {
1577
- goto cleanup;
1578
- }
1579
-
1580
- /* Generate lHash */
1581
- ret = compute_hash((mbedtls_md_type_t) ctx->hash_id,
1582
- label, label_len, lhash);
1583
- if (ret != 0) {
1584
- goto cleanup;
1585
- }
1586
-
1587
- /*
1588
- * Check contents, in "constant-time"
1589
- */
1590
- p = buf;
1591
-
1592
- bad = mbedtls_ct_bool(*p++); /* First byte must be 0 */
1593
-
1594
- p += hlen; /* Skip seed */
1595
-
1596
- /* Check lHash */
1597
- bad = mbedtls_ct_bool_or(bad, mbedtls_ct_bool(mbedtls_ct_memcmp(lhash, p, hlen)));
1598
- p += hlen;
1599
-
1600
- /* Get zero-padding len, but always read till end of buffer
1601
- * (minus one, for the 01 byte) */
1602
- pad_len = 0;
1603
- in_padding = MBEDTLS_CT_TRUE;
1604
- for (i = 0; i < ilen - 2 * hlen - 2; i++) {
1605
- in_padding = mbedtls_ct_bool_and(in_padding, mbedtls_ct_uint_eq(p[i], 0));
1606
- pad_len += mbedtls_ct_uint_if_else_0(in_padding, 1);
1607
- }
1608
-
1609
- p += pad_len;
1610
- bad = mbedtls_ct_bool_or(bad, mbedtls_ct_uint_ne(*p++, 0x01));
1611
-
1612
- /*
1613
- * The only information "leaked" is whether the padding was correct or not
1614
- * (eg, no data is copied if it was not correct). This meets the
1615
- * recommendations in PKCS#1 v2.2: an opponent cannot distinguish between
1616
- * the different error conditions.
1617
- */
1618
- if (bad != MBEDTLS_CT_FALSE) {
1619
- ret = MBEDTLS_ERR_RSA_INVALID_PADDING;
1620
- goto cleanup;
1621
- }
1622
-
1623
- if (ilen - (p - buf) > output_max_len) {
1624
- ret = MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE;
1625
- goto cleanup;
1626
- }
1627
-
1628
- *olen = ilen - (p - buf);
1629
- if (*olen != 0) {
1630
- memcpy(output, p, *olen);
1631
- }
1632
- ret = 0;
1633
-
1634
- cleanup:
1635
- mbedtls_platform_zeroize(buf, sizeof(buf));
1636
- mbedtls_platform_zeroize(lhash, sizeof(lhash));
1637
-
1638
- return ret;
1639
- }
1640
- #endif /* MBEDTLS_PKCS1_V21 */
1641
-
1642
- #if defined(MBEDTLS_PKCS1_V15)
1643
- /*
1644
- * Implementation of the PKCS#1 v2.1 RSAES-PKCS1-V1_5-DECRYPT function
1645
- */
1646
- int mbedtls_rsa_rsaes_pkcs1_v15_decrypt(mbedtls_rsa_context *ctx,
1647
- int (*f_rng)(void *, unsigned char *, size_t),
1648
- void *p_rng,
1649
- size_t *olen,
1650
- const unsigned char *input,
1651
- unsigned char *output,
1652
- size_t output_max_len)
1653
- {
1654
- int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
1655
- size_t ilen;
1656
- unsigned char buf[MBEDTLS_MPI_MAX_SIZE];
1657
-
1658
- ilen = ctx->len;
1659
-
1660
- if (ctx->padding != MBEDTLS_RSA_PKCS_V15) {
1661
- return MBEDTLS_ERR_RSA_BAD_INPUT_DATA;
1662
- }
1663
-
1664
- if (ilen < 16 || ilen > sizeof(buf)) {
1665
- return MBEDTLS_ERR_RSA_BAD_INPUT_DATA;
1666
- }
1667
-
1668
- ret = mbedtls_rsa_private(ctx, f_rng, p_rng, input, buf);
1669
-
1670
- if (ret != 0) {
1671
- goto cleanup;
1672
- }
1673
-
1674
- ret = mbedtls_ct_rsaes_pkcs1_v15_unpadding(buf, ilen,
1675
- output, output_max_len, olen);
1676
-
1677
- cleanup:
1678
- mbedtls_platform_zeroize(buf, sizeof(buf));
1679
-
1680
- return ret;
1681
- }
1682
- #endif /* MBEDTLS_PKCS1_V15 */
1683
-
1684
- /*
1685
- * Do an RSA operation, then remove the message padding
1686
- */
1687
- int mbedtls_rsa_pkcs1_decrypt(mbedtls_rsa_context *ctx,
1688
- int (*f_rng)(void *, unsigned char *, size_t),
1689
- void *p_rng,
1690
- size_t *olen,
1691
- const unsigned char *input,
1692
- unsigned char *output,
1693
- size_t output_max_len)
1694
- {
1695
- switch (ctx->padding) {
1696
- #if defined(MBEDTLS_PKCS1_V15)
1697
- case MBEDTLS_RSA_PKCS_V15:
1698
- return mbedtls_rsa_rsaes_pkcs1_v15_decrypt(ctx, f_rng, p_rng, olen,
1699
- input, output, output_max_len);
1700
- #endif
1701
-
1702
- #if defined(MBEDTLS_PKCS1_V21)
1703
- case MBEDTLS_RSA_PKCS_V21:
1704
- return mbedtls_rsa_rsaes_oaep_decrypt(ctx, f_rng, p_rng, NULL, 0,
1705
- olen, input, output,
1706
- output_max_len);
1707
- #endif
1708
-
1709
- default:
1710
- return MBEDTLS_ERR_RSA_INVALID_PADDING;
1711
- }
1712
- }
1713
-
1714
- #if defined(MBEDTLS_PKCS1_V21)
1715
- static int rsa_rsassa_pss_sign(mbedtls_rsa_context *ctx,
1716
- int (*f_rng)(void *, unsigned char *, size_t),
1717
- void *p_rng,
1718
- mbedtls_md_type_t md_alg,
1719
- unsigned int hashlen,
1720
- const unsigned char *hash,
1721
- int saltlen,
1722
- unsigned char *sig)
1723
- {
1724
- size_t olen;
1725
- unsigned char *p = sig;
1726
- unsigned char *salt = NULL;
1727
- size_t slen, min_slen, hlen, offset = 0;
1728
- int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
1729
- size_t msb;
1730
-
1731
- if ((md_alg != MBEDTLS_MD_NONE || hashlen != 0) && hash == NULL) {
1732
- return MBEDTLS_ERR_RSA_BAD_INPUT_DATA;
1733
- }
1734
-
1735
- if (ctx->padding != MBEDTLS_RSA_PKCS_V21) {
1736
- return MBEDTLS_ERR_RSA_BAD_INPUT_DATA;
1737
- }
1738
-
1739
- if (f_rng == NULL) {
1740
- return MBEDTLS_ERR_RSA_BAD_INPUT_DATA;
1741
- }
1742
-
1743
- olen = ctx->len;
1744
-
1745
- if (md_alg != MBEDTLS_MD_NONE) {
1746
- /* Gather length of hash to sign */
1747
- size_t exp_hashlen = mbedtls_md_get_size_from_type(md_alg);
1748
- if (exp_hashlen == 0) {
1749
- return MBEDTLS_ERR_RSA_BAD_INPUT_DATA;
1750
- }
1751
-
1752
- if (hashlen != exp_hashlen) {
1753
- return MBEDTLS_ERR_RSA_BAD_INPUT_DATA;
1754
- }
1755
- }
1756
-
1757
- hlen = mbedtls_md_get_size_from_type((mbedtls_md_type_t) ctx->hash_id);
1758
- if (hlen == 0) {
1759
- return MBEDTLS_ERR_RSA_BAD_INPUT_DATA;
1760
- }
1761
-
1762
- if (saltlen == MBEDTLS_RSA_SALT_LEN_ANY) {
1763
- /* Calculate the largest possible salt length, up to the hash size.
1764
- * Normally this is the hash length, which is the maximum salt length
1765
- * according to FIPS 185-4 §5.5 (e) and common practice. If there is not
1766
- * enough room, use the maximum salt length that fits. The constraint is
1767
- * that the hash length plus the salt length plus 2 bytes must be at most
1768
- * the key length. This complies with FIPS 186-4 §5.5 (e) and RFC 8017
1769
- * (PKCS#1 v2.2) §9.1.1 step 3. */
1770
- min_slen = hlen - 2;
1771
- if (olen < hlen + min_slen + 2) {
1772
- return MBEDTLS_ERR_RSA_BAD_INPUT_DATA;
1773
- } else if (olen >= hlen + hlen + 2) {
1774
- slen = hlen;
1775
- } else {
1776
- slen = olen - hlen - 2;
1777
- }
1778
- } else if ((saltlen < 0) || (saltlen + hlen + 2 > olen)) {
1779
- return MBEDTLS_ERR_RSA_BAD_INPUT_DATA;
1780
- } else {
1781
- slen = (size_t) saltlen;
1782
- }
1783
-
1784
- memset(sig, 0, olen);
1785
-
1786
- /* Note: EMSA-PSS encoding is over the length of N - 1 bits */
1787
- msb = mbedtls_mpi_bitlen(&ctx->N) - 1;
1788
- p += olen - hlen - slen - 2;
1789
- *p++ = 0x01;
1790
-
1791
- /* Generate salt of length slen in place in the encoded message */
1792
- salt = p;
1793
- if ((ret = f_rng(p_rng, salt, slen)) != 0) {
1794
- return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_RSA_RNG_FAILED, ret);
1795
- }
1796
-
1797
- p += slen;
1798
-
1799
- /* Generate H = Hash( M' ) */
1800
- ret = hash_mprime(hash, hashlen, salt, slen, p, (mbedtls_md_type_t) ctx->hash_id);
1801
- if (ret != 0) {
1802
- return ret;
1803
- }
1804
-
1805
- /* Compensate for boundary condition when applying mask */
1806
- if (msb % 8 == 0) {
1807
- offset = 1;
1808
- }
1809
-
1810
- /* maskedDB: Apply dbMask to DB */
1811
- ret = mgf_mask(sig + offset, olen - hlen - 1 - offset, p, hlen,
1812
- (mbedtls_md_type_t) ctx->hash_id);
1813
- if (ret != 0) {
1814
- return ret;
1815
- }
1816
-
1817
- msb = mbedtls_mpi_bitlen(&ctx->N) - 1;
1818
- sig[0] &= 0xFF >> (olen * 8 - msb);
1819
-
1820
- p += hlen;
1821
- *p++ = 0xBC;
1822
-
1823
- return mbedtls_rsa_private(ctx, f_rng, p_rng, sig, sig);
1824
- }
1825
-
1826
- /*
1827
- * Implementation of the PKCS#1 v2.1 RSASSA-PSS-SIGN function with
1828
- * the option to pass in the salt length.
1829
- */
1830
- int mbedtls_rsa_rsassa_pss_sign_ext(mbedtls_rsa_context *ctx,
1831
- int (*f_rng)(void *, unsigned char *, size_t),
1832
- void *p_rng,
1833
- mbedtls_md_type_t md_alg,
1834
- unsigned int hashlen,
1835
- const unsigned char *hash,
1836
- int saltlen,
1837
- unsigned char *sig)
1838
- {
1839
- return rsa_rsassa_pss_sign(ctx, f_rng, p_rng, md_alg,
1840
- hashlen, hash, saltlen, sig);
1841
- }
1842
-
1843
-
1844
- /*
1845
- * Implementation of the PKCS#1 v2.1 RSASSA-PSS-SIGN function
1846
- */
1847
- int mbedtls_rsa_rsassa_pss_sign(mbedtls_rsa_context *ctx,
1848
- int (*f_rng)(void *, unsigned char *, size_t),
1849
- void *p_rng,
1850
- mbedtls_md_type_t md_alg,
1851
- unsigned int hashlen,
1852
- const unsigned char *hash,
1853
- unsigned char *sig)
1854
- {
1855
- return rsa_rsassa_pss_sign(ctx, f_rng, p_rng, md_alg,
1856
- hashlen, hash, MBEDTLS_RSA_SALT_LEN_ANY, sig);
1857
- }
1858
- #endif /* MBEDTLS_PKCS1_V21 */
1859
-
1860
- #if defined(MBEDTLS_PKCS1_V15)
1861
- /*
1862
- * Implementation of the PKCS#1 v2.1 RSASSA-PKCS1-V1_5-SIGN function
1863
- */
1864
-
1865
- /* Construct a PKCS v1.5 encoding of a hashed message
1866
- *
1867
- * This is used both for signature generation and verification.
1868
- *
1869
- * Parameters:
1870
- * - md_alg: Identifies the hash algorithm used to generate the given hash;
1871
- * MBEDTLS_MD_NONE if raw data is signed.
1872
- * - hashlen: Length of hash. Must match md_alg if that's not NONE.
1873
- * - hash: Buffer containing the hashed message or the raw data.
1874
- * - dst_len: Length of the encoded message.
1875
- * - dst: Buffer to hold the encoded message.
1876
- *
1877
- * Assumptions:
1878
- * - hash has size hashlen.
1879
- * - dst points to a buffer of size at least dst_len.
1880
- *
1881
- */
1882
- static int rsa_rsassa_pkcs1_v15_encode(mbedtls_md_type_t md_alg,
1883
- unsigned int hashlen,
1884
- const unsigned char *hash,
1885
- size_t dst_len,
1886
- unsigned char *dst)
1887
- {
1888
- size_t oid_size = 0;
1889
- size_t nb_pad = dst_len;
1890
- unsigned char *p = dst;
1891
- const char *oid = NULL;
1892
-
1893
- /* Are we signing hashed or raw data? */
1894
- if (md_alg != MBEDTLS_MD_NONE) {
1895
- unsigned char md_size = mbedtls_md_get_size_from_type(md_alg);
1896
- if (md_size == 0) {
1897
- return MBEDTLS_ERR_RSA_BAD_INPUT_DATA;
1898
- }
1899
-
1900
- if (mbedtls_oid_get_oid_by_md(md_alg, &oid, &oid_size) != 0) {
1901
- return MBEDTLS_ERR_RSA_BAD_INPUT_DATA;
1902
- }
1903
-
1904
- if (hashlen != md_size) {
1905
- return MBEDTLS_ERR_RSA_BAD_INPUT_DATA;
1906
- }
1907
-
1908
- /* Double-check that 8 + hashlen + oid_size can be used as a
1909
- * 1-byte ASN.1 length encoding and that there's no overflow. */
1910
- if (8 + hashlen + oid_size >= 0x80 ||
1911
- 10 + hashlen < hashlen ||
1912
- 10 + hashlen + oid_size < 10 + hashlen) {
1913
- return MBEDTLS_ERR_RSA_BAD_INPUT_DATA;
1914
- }
1915
-
1916
- /*
1917
- * Static bounds check:
1918
- * - Need 10 bytes for five tag-length pairs.
1919
- * (Insist on 1-byte length encodings to protect against variants of
1920
- * Bleichenbacher's forgery attack against lax PKCS#1v1.5 verification)
1921
- * - Need hashlen bytes for hash
1922
- * - Need oid_size bytes for hash alg OID.
1923
- */
1924
- if (nb_pad < 10 + hashlen + oid_size) {
1925
- return MBEDTLS_ERR_RSA_BAD_INPUT_DATA;
1926
- }
1927
- nb_pad -= 10 + hashlen + oid_size;
1928
- } else {
1929
- if (nb_pad < hashlen) {
1930
- return MBEDTLS_ERR_RSA_BAD_INPUT_DATA;
1931
- }
1932
-
1933
- nb_pad -= hashlen;
1934
- }
1935
-
1936
- /* Need space for signature header and padding delimiter (3 bytes),
1937
- * and 8 bytes for the minimal padding */
1938
- if (nb_pad < 3 + 8) {
1939
- return MBEDTLS_ERR_RSA_BAD_INPUT_DATA;
1940
- }
1941
- nb_pad -= 3;
1942
-
1943
- /* Now nb_pad is the amount of memory to be filled
1944
- * with padding, and at least 8 bytes long. */
1945
-
1946
- /* Write signature header and padding */
1947
- *p++ = 0;
1948
- *p++ = MBEDTLS_RSA_SIGN;
1949
- memset(p, 0xFF, nb_pad);
1950
- p += nb_pad;
1951
- *p++ = 0;
1952
-
1953
- /* Are we signing raw data? */
1954
- if (md_alg == MBEDTLS_MD_NONE) {
1955
- memcpy(p, hash, hashlen);
1956
- return 0;
1957
- }
1958
-
1959
- /* Signing hashed data, add corresponding ASN.1 structure
1960
- *
1961
- * DigestInfo ::= SEQUENCE {
1962
- * digestAlgorithm DigestAlgorithmIdentifier,
1963
- * digest Digest }
1964
- * DigestAlgorithmIdentifier ::= AlgorithmIdentifier
1965
- * Digest ::= OCTET STRING
1966
- *
1967
- * Schematic:
1968
- * TAG-SEQ + LEN [ TAG-SEQ + LEN [ TAG-OID + LEN [ OID ]
1969
- * TAG-NULL + LEN [ NULL ] ]
1970
- * TAG-OCTET + LEN [ HASH ] ]
1971
- */
1972
- *p++ = MBEDTLS_ASN1_SEQUENCE | MBEDTLS_ASN1_CONSTRUCTED;
1973
- *p++ = (unsigned char) (0x08 + oid_size + hashlen);
1974
- *p++ = MBEDTLS_ASN1_SEQUENCE | MBEDTLS_ASN1_CONSTRUCTED;
1975
- *p++ = (unsigned char) (0x04 + oid_size);
1976
- *p++ = MBEDTLS_ASN1_OID;
1977
- *p++ = (unsigned char) oid_size;
1978
- memcpy(p, oid, oid_size);
1979
- p += oid_size;
1980
- *p++ = MBEDTLS_ASN1_NULL;
1981
- *p++ = 0x00;
1982
- *p++ = MBEDTLS_ASN1_OCTET_STRING;
1983
- *p++ = (unsigned char) hashlen;
1984
- memcpy(p, hash, hashlen);
1985
- p += hashlen;
1986
-
1987
- /* Just a sanity-check, should be automatic
1988
- * after the initial bounds check. */
1989
- if (p != dst + dst_len) {
1990
- mbedtls_platform_zeroize(dst, dst_len);
1991
- return MBEDTLS_ERR_RSA_BAD_INPUT_DATA;
1992
- }
1993
-
1994
- return 0;
1995
- }
1996
-
1997
- /*
1998
- * Do an RSA operation to sign the message digest
1999
- */
2000
- int mbedtls_rsa_rsassa_pkcs1_v15_sign(mbedtls_rsa_context *ctx,
2001
- int (*f_rng)(void *, unsigned char *, size_t),
2002
- void *p_rng,
2003
- mbedtls_md_type_t md_alg,
2004
- unsigned int hashlen,
2005
- const unsigned char *hash,
2006
- unsigned char *sig)
2007
- {
2008
- int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
2009
- unsigned char *sig_try = NULL, *verif = NULL;
2010
-
2011
- if ((md_alg != MBEDTLS_MD_NONE || hashlen != 0) && hash == NULL) {
2012
- return MBEDTLS_ERR_RSA_BAD_INPUT_DATA;
2013
- }
2014
-
2015
- if (ctx->padding != MBEDTLS_RSA_PKCS_V15) {
2016
- return MBEDTLS_ERR_RSA_BAD_INPUT_DATA;
2017
- }
2018
-
2019
- /*
2020
- * Prepare PKCS1-v1.5 encoding (padding and hash identifier)
2021
- */
2022
-
2023
- if ((ret = rsa_rsassa_pkcs1_v15_encode(md_alg, hashlen, hash,
2024
- ctx->len, sig)) != 0) {
2025
- return ret;
2026
- }
2027
-
2028
- /* Private key operation
2029
- *
2030
- * In order to prevent Lenstra's attack, make the signature in a
2031
- * temporary buffer and check it before returning it.
2032
- */
2033
-
2034
- sig_try = mbedtls_calloc(1, ctx->len);
2035
- if (sig_try == NULL) {
2036
- return MBEDTLS_ERR_MPI_ALLOC_FAILED;
2037
- }
2038
-
2039
- verif = mbedtls_calloc(1, ctx->len);
2040
- if (verif == NULL) {
2041
- mbedtls_free(sig_try);
2042
- return MBEDTLS_ERR_MPI_ALLOC_FAILED;
2043
- }
2044
-
2045
- MBEDTLS_MPI_CHK(mbedtls_rsa_private(ctx, f_rng, p_rng, sig, sig_try));
2046
- MBEDTLS_MPI_CHK(mbedtls_rsa_public(ctx, sig_try, verif));
2047
-
2048
- if (mbedtls_ct_memcmp(verif, sig, ctx->len) != 0) {
2049
- ret = MBEDTLS_ERR_RSA_PRIVATE_FAILED;
2050
- goto cleanup;
2051
- }
2052
-
2053
- memcpy(sig, sig_try, ctx->len);
2054
-
2055
- cleanup:
2056
- mbedtls_zeroize_and_free(sig_try, ctx->len);
2057
- mbedtls_zeroize_and_free(verif, ctx->len);
2058
-
2059
- if (ret != 0) {
2060
- memset(sig, '!', ctx->len);
2061
- }
2062
- return ret;
2063
- }
2064
- #endif /* MBEDTLS_PKCS1_V15 */
2065
-
2066
- /*
2067
- * Do an RSA operation to sign the message digest
2068
- */
2069
- int mbedtls_rsa_pkcs1_sign(mbedtls_rsa_context *ctx,
2070
- int (*f_rng)(void *, unsigned char *, size_t),
2071
- void *p_rng,
2072
- mbedtls_md_type_t md_alg,
2073
- unsigned int hashlen,
2074
- const unsigned char *hash,
2075
- unsigned char *sig)
2076
- {
2077
- if ((md_alg != MBEDTLS_MD_NONE || hashlen != 0) && hash == NULL) {
2078
- return MBEDTLS_ERR_RSA_BAD_INPUT_DATA;
2079
- }
2080
-
2081
- switch (ctx->padding) {
2082
- #if defined(MBEDTLS_PKCS1_V15)
2083
- case MBEDTLS_RSA_PKCS_V15:
2084
- return mbedtls_rsa_rsassa_pkcs1_v15_sign(ctx, f_rng, p_rng,
2085
- md_alg, hashlen, hash, sig);
2086
- #endif
2087
-
2088
- #if defined(MBEDTLS_PKCS1_V21)
2089
- case MBEDTLS_RSA_PKCS_V21:
2090
- return mbedtls_rsa_rsassa_pss_sign(ctx, f_rng, p_rng, md_alg,
2091
- hashlen, hash, sig);
2092
- #endif
2093
-
2094
- default:
2095
- return MBEDTLS_ERR_RSA_INVALID_PADDING;
2096
- }
2097
- }
2098
-
2099
- #if defined(MBEDTLS_PKCS1_V21)
2100
- /*
2101
- * Implementation of the PKCS#1 v2.1 RSASSA-PSS-VERIFY function
2102
- */
2103
- int mbedtls_rsa_rsassa_pss_verify_ext(mbedtls_rsa_context *ctx,
2104
- mbedtls_md_type_t md_alg,
2105
- unsigned int hashlen,
2106
- const unsigned char *hash,
2107
- mbedtls_md_type_t mgf1_hash_id,
2108
- int expected_salt_len,
2109
- const unsigned char *sig)
2110
- {
2111
- int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
2112
- size_t siglen;
2113
- unsigned char *p;
2114
- unsigned char *hash_start;
2115
- unsigned char result[MBEDTLS_MD_MAX_SIZE];
2116
- unsigned int hlen;
2117
- size_t observed_salt_len, msb;
2118
- unsigned char buf[MBEDTLS_MPI_MAX_SIZE] = { 0 };
2119
-
2120
- if ((md_alg != MBEDTLS_MD_NONE || hashlen != 0) && hash == NULL) {
2121
- return MBEDTLS_ERR_RSA_BAD_INPUT_DATA;
2122
- }
2123
-
2124
- siglen = ctx->len;
2125
-
2126
- if (siglen < 16 || siglen > sizeof(buf)) {
2127
- return MBEDTLS_ERR_RSA_BAD_INPUT_DATA;
2128
- }
2129
-
2130
- ret = mbedtls_rsa_public(ctx, sig, buf);
2131
-
2132
- if (ret != 0) {
2133
- return ret;
2134
- }
2135
-
2136
- p = buf;
2137
-
2138
- if (buf[siglen - 1] != 0xBC) {
2139
- return MBEDTLS_ERR_RSA_INVALID_PADDING;
2140
- }
2141
-
2142
- if (md_alg != MBEDTLS_MD_NONE) {
2143
- /* Gather length of hash to sign */
2144
- size_t exp_hashlen = mbedtls_md_get_size_from_type(md_alg);
2145
- if (exp_hashlen == 0) {
2146
- return MBEDTLS_ERR_RSA_BAD_INPUT_DATA;
2147
- }
2148
-
2149
- if (hashlen != exp_hashlen) {
2150
- return MBEDTLS_ERR_RSA_BAD_INPUT_DATA;
2151
- }
2152
- }
2153
-
2154
- hlen = mbedtls_md_get_size_from_type(mgf1_hash_id);
2155
- if (hlen == 0) {
2156
- return MBEDTLS_ERR_RSA_BAD_INPUT_DATA;
2157
- }
2158
-
2159
- /*
2160
- * Note: EMSA-PSS verification is over the length of N - 1 bits
2161
- */
2162
- msb = mbedtls_mpi_bitlen(&ctx->N) - 1;
2163
-
2164
- if (buf[0] >> (8 - siglen * 8 + msb)) {
2165
- return MBEDTLS_ERR_RSA_BAD_INPUT_DATA;
2166
- }
2167
-
2168
- /* Compensate for boundary condition when applying mask */
2169
- if (msb % 8 == 0) {
2170
- p++;
2171
- siglen -= 1;
2172
- }
2173
-
2174
- if (siglen < hlen + 2) {
2175
- return MBEDTLS_ERR_RSA_BAD_INPUT_DATA;
2176
- }
2177
- hash_start = p + siglen - hlen - 1;
2178
-
2179
- ret = mgf_mask(p, siglen - hlen - 1, hash_start, hlen, mgf1_hash_id);
2180
- if (ret != 0) {
2181
- return ret;
2182
- }
2183
-
2184
- buf[0] &= 0xFF >> (siglen * 8 - msb);
2185
-
2186
- while (p < hash_start - 1 && *p == 0) {
2187
- p++;
2188
- }
2189
-
2190
- if (*p++ != 0x01) {
2191
- return MBEDTLS_ERR_RSA_INVALID_PADDING;
2192
- }
2193
-
2194
- observed_salt_len = hash_start - p;
2195
-
2196
- if (expected_salt_len != MBEDTLS_RSA_SALT_LEN_ANY &&
2197
- observed_salt_len != (size_t) expected_salt_len) {
2198
- return MBEDTLS_ERR_RSA_INVALID_PADDING;
2199
- }
2200
-
2201
- /*
2202
- * Generate H = Hash( M' )
2203
- */
2204
- ret = hash_mprime(hash, hashlen, p, observed_salt_len,
2205
- result, mgf1_hash_id);
2206
- if (ret != 0) {
2207
- return ret;
2208
- }
2209
-
2210
- if (memcmp(hash_start, result, hlen) != 0) {
2211
- return MBEDTLS_ERR_RSA_VERIFY_FAILED;
2212
- }
2213
-
2214
- return 0;
2215
- }
2216
-
2217
- /*
2218
- * Simplified PKCS#1 v2.1 RSASSA-PSS-VERIFY function
2219
- */
2220
- int mbedtls_rsa_rsassa_pss_verify(mbedtls_rsa_context *ctx,
2221
- mbedtls_md_type_t md_alg,
2222
- unsigned int hashlen,
2223
- const unsigned char *hash,
2224
- const unsigned char *sig)
2225
- {
2226
- mbedtls_md_type_t mgf1_hash_id;
2227
- if ((md_alg != MBEDTLS_MD_NONE || hashlen != 0) && hash == NULL) {
2228
- return MBEDTLS_ERR_RSA_BAD_INPUT_DATA;
2229
- }
2230
-
2231
- mgf1_hash_id = (ctx->hash_id != MBEDTLS_MD_NONE)
2232
- ? (mbedtls_md_type_t) ctx->hash_id
2233
- : md_alg;
2234
-
2235
- return mbedtls_rsa_rsassa_pss_verify_ext(ctx,
2236
- md_alg, hashlen, hash,
2237
- mgf1_hash_id,
2238
- MBEDTLS_RSA_SALT_LEN_ANY,
2239
- sig);
2240
-
2241
- }
2242
- #endif /* MBEDTLS_PKCS1_V21 */
2243
-
2244
- #if defined(MBEDTLS_PKCS1_V15)
2245
- /*
2246
- * Implementation of the PKCS#1 v2.1 RSASSA-PKCS1-v1_5-VERIFY function
2247
- */
2248
- int mbedtls_rsa_rsassa_pkcs1_v15_verify(mbedtls_rsa_context *ctx,
2249
- mbedtls_md_type_t md_alg,
2250
- unsigned int hashlen,
2251
- const unsigned char *hash,
2252
- const unsigned char *sig)
2253
- {
2254
- int ret = 0;
2255
- size_t sig_len;
2256
- unsigned char *encoded = NULL, *encoded_expected = NULL;
2257
-
2258
- if ((md_alg != MBEDTLS_MD_NONE || hashlen != 0) && hash == NULL) {
2259
- return MBEDTLS_ERR_RSA_BAD_INPUT_DATA;
2260
- }
2261
-
2262
- sig_len = ctx->len;
2263
-
2264
- /*
2265
- * Prepare expected PKCS1 v1.5 encoding of hash.
2266
- */
2267
-
2268
- if ((encoded = mbedtls_calloc(1, sig_len)) == NULL ||
2269
- (encoded_expected = mbedtls_calloc(1, sig_len)) == NULL) {
2270
- ret = MBEDTLS_ERR_MPI_ALLOC_FAILED;
2271
- goto cleanup;
2272
- }
2273
-
2274
- if ((ret = rsa_rsassa_pkcs1_v15_encode(md_alg, hashlen, hash, sig_len,
2275
- encoded_expected)) != 0) {
2276
- goto cleanup;
2277
- }
2278
-
2279
- /*
2280
- * Apply RSA primitive to get what should be PKCS1 encoded hash.
2281
- */
2282
-
2283
- ret = mbedtls_rsa_public(ctx, sig, encoded);
2284
- if (ret != 0) {
2285
- goto cleanup;
2286
- }
2287
-
2288
- /*
2289
- * Compare
2290
- */
2291
-
2292
- if ((ret = mbedtls_ct_memcmp(encoded, encoded_expected,
2293
- sig_len)) != 0) {
2294
- ret = MBEDTLS_ERR_RSA_VERIFY_FAILED;
2295
- goto cleanup;
2296
- }
2297
-
2298
- cleanup:
2299
-
2300
- if (encoded != NULL) {
2301
- mbedtls_zeroize_and_free(encoded, sig_len);
2302
- }
2303
-
2304
- if (encoded_expected != NULL) {
2305
- mbedtls_zeroize_and_free(encoded_expected, sig_len);
2306
- }
2307
-
2308
- return ret;
2309
- }
2310
- #endif /* MBEDTLS_PKCS1_V15 */
2311
-
2312
- /*
2313
- * Do an RSA operation and check the message digest
2314
- */
2315
- int mbedtls_rsa_pkcs1_verify(mbedtls_rsa_context *ctx,
2316
- mbedtls_md_type_t md_alg,
2317
- unsigned int hashlen,
2318
- const unsigned char *hash,
2319
- const unsigned char *sig)
2320
- {
2321
- if ((md_alg != MBEDTLS_MD_NONE || hashlen != 0) && hash == NULL) {
2322
- return MBEDTLS_ERR_RSA_BAD_INPUT_DATA;
2323
- }
2324
-
2325
- switch (ctx->padding) {
2326
- #if defined(MBEDTLS_PKCS1_V15)
2327
- case MBEDTLS_RSA_PKCS_V15:
2328
- return mbedtls_rsa_rsassa_pkcs1_v15_verify(ctx, md_alg,
2329
- hashlen, hash, sig);
2330
- #endif
2331
-
2332
- #if defined(MBEDTLS_PKCS1_V21)
2333
- case MBEDTLS_RSA_PKCS_V21:
2334
- return mbedtls_rsa_rsassa_pss_verify(ctx, md_alg,
2335
- hashlen, hash, sig);
2336
- #endif
2337
-
2338
- default:
2339
- return MBEDTLS_ERR_RSA_INVALID_PADDING;
2340
- }
2341
- }
2342
-
2343
- /*
2344
- * Copy the components of an RSA key
2345
- */
2346
- int mbedtls_rsa_copy(mbedtls_rsa_context *dst, const mbedtls_rsa_context *src)
2347
- {
2348
- int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
2349
-
2350
- dst->len = src->len;
2351
-
2352
- MBEDTLS_MPI_CHK(mbedtls_mpi_copy(&dst->N, &src->N));
2353
- MBEDTLS_MPI_CHK(mbedtls_mpi_copy(&dst->E, &src->E));
2354
-
2355
- MBEDTLS_MPI_CHK(mbedtls_mpi_copy(&dst->D, &src->D));
2356
- MBEDTLS_MPI_CHK(mbedtls_mpi_copy(&dst->P, &src->P));
2357
- MBEDTLS_MPI_CHK(mbedtls_mpi_copy(&dst->Q, &src->Q));
2358
-
2359
- #if !defined(MBEDTLS_RSA_NO_CRT)
2360
- MBEDTLS_MPI_CHK(mbedtls_mpi_copy(&dst->DP, &src->DP));
2361
- MBEDTLS_MPI_CHK(mbedtls_mpi_copy(&dst->DQ, &src->DQ));
2362
- MBEDTLS_MPI_CHK(mbedtls_mpi_copy(&dst->QP, &src->QP));
2363
- MBEDTLS_MPI_CHK(mbedtls_mpi_copy(&dst->RP, &src->RP));
2364
- MBEDTLS_MPI_CHK(mbedtls_mpi_copy(&dst->RQ, &src->RQ));
2365
- #endif
2366
-
2367
- MBEDTLS_MPI_CHK(mbedtls_mpi_copy(&dst->RN, &src->RN));
2368
-
2369
- MBEDTLS_MPI_CHK(mbedtls_mpi_copy(&dst->Vi, &src->Vi));
2370
- MBEDTLS_MPI_CHK(mbedtls_mpi_copy(&dst->Vf, &src->Vf));
2371
-
2372
- dst->padding = src->padding;
2373
- dst->hash_id = src->hash_id;
2374
-
2375
- cleanup:
2376
- if (ret != 0) {
2377
- mbedtls_rsa_free(dst);
2378
- }
2379
-
2380
- return ret;
2381
- }
2382
-
2383
- /*
2384
- * Free the components of an RSA key
2385
- */
2386
- void mbedtls_rsa_free(mbedtls_rsa_context *ctx)
2387
- {
2388
- if (ctx == NULL) {
2389
- return;
2390
- }
2391
-
2392
- mbedtls_mpi_free(&ctx->Vi);
2393
- mbedtls_mpi_free(&ctx->Vf);
2394
- mbedtls_mpi_free(&ctx->RN);
2395
- mbedtls_mpi_free(&ctx->D);
2396
- mbedtls_mpi_free(&ctx->Q);
2397
- mbedtls_mpi_free(&ctx->P);
2398
- mbedtls_mpi_free(&ctx->E);
2399
- mbedtls_mpi_free(&ctx->N);
2400
-
2401
- #if !defined(MBEDTLS_RSA_NO_CRT)
2402
- mbedtls_mpi_free(&ctx->RQ);
2403
- mbedtls_mpi_free(&ctx->RP);
2404
- mbedtls_mpi_free(&ctx->QP);
2405
- mbedtls_mpi_free(&ctx->DQ);
2406
- mbedtls_mpi_free(&ctx->DP);
2407
- #endif /* MBEDTLS_RSA_NO_CRT */
2408
-
2409
- #if defined(MBEDTLS_THREADING_C)
2410
- /* Free the mutex, but only if it hasn't been freed already. */
2411
- if (ctx->ver != 0) {
2412
- mbedtls_mutex_free(&ctx->mutex);
2413
- ctx->ver = 0;
2414
- }
2415
- #endif
2416
- }
2417
-
2418
- #endif /* !MBEDTLS_RSA_ALT */
2419
-
2420
- #if defined(MBEDTLS_SELF_TEST)
2421
-
2422
- #include "mbedtls/md.h"
2423
-
2424
- /*
2425
- * Example RSA-1024 keypair, for test purposes
2426
- */
2427
- #define KEY_LEN 128
2428
-
2429
- #define RSA_N "9292758453063D803DD603D5E777D788" \
2430
- "8ED1D5BF35786190FA2F23EBC0848AEA" \
2431
- "DDA92CA6C3D80B32C4D109BE0F36D6AE" \
2432
- "7130B9CED7ACDF54CFC7555AC14EEBAB" \
2433
- "93A89813FBF3C4F8066D2D800F7C38A8" \
2434
- "1AE31942917403FF4946B0A83D3D3E05" \
2435
- "EE57C6F5F5606FB5D4BC6CD34EE0801A" \
2436
- "5E94BB77B07507233A0BC7BAC8F90F79"
2437
-
2438
- #define RSA_E "10001"
2439
-
2440
- #define RSA_D "24BF6185468786FDD303083D25E64EFC" \
2441
- "66CA472BC44D253102F8B4A9D3BFA750" \
2442
- "91386C0077937FE33FA3252D28855837" \
2443
- "AE1B484A8A9A45F7EE8C0C634F99E8CD" \
2444
- "DF79C5CE07EE72C7F123142198164234" \
2445
- "CABB724CF78B8173B9F880FC86322407" \
2446
- "AF1FEDFDDE2BEB674CA15F3E81A1521E" \
2447
- "071513A1E85B5DFA031F21ECAE91A34D"
2448
-
2449
- #define RSA_P "C36D0EB7FCD285223CFB5AABA5BDA3D8" \
2450
- "2C01CAD19EA484A87EA4377637E75500" \
2451
- "FCB2005C5C7DD6EC4AC023CDA285D796" \
2452
- "C3D9E75E1EFC42488BB4F1D13AC30A57"
2453
-
2454
- #define RSA_Q "C000DF51A7C77AE8D7C7370C1FF55B69" \
2455
- "E211C2B9E5DB1ED0BF61D0D9899620F4" \
2456
- "910E4168387E3C30AA1E00C339A79508" \
2457
- "8452DD96A9A5EA5D9DCA68DA636032AF"
2458
-
2459
- #define PT_LEN 24
2460
- #define RSA_PT "\xAA\xBB\xCC\x03\x02\x01\x00\xFF\xFF\xFF\xFF\xFF" \
2461
- "\x11\x22\x33\x0A\x0B\x0C\xCC\xDD\xDD\xDD\xDD\xDD"
2462
-
2463
- #if defined(MBEDTLS_PKCS1_V15)
2464
- static int myrand(void *rng_state, unsigned char *output, size_t len)
2465
- {
2466
- #if !defined(__OpenBSD__) && !defined(__NetBSD__)
2467
- size_t i;
2468
-
2469
- if (rng_state != NULL) {
2470
- rng_state = NULL;
2471
- }
2472
-
2473
- for (i = 0; i < len; ++i) {
2474
- output[i] = rand();
2475
- }
2476
- #else
2477
- if (rng_state != NULL) {
2478
- rng_state = NULL;
2479
- }
2480
-
2481
- arc4random_buf(output, len);
2482
- #endif /* !OpenBSD && !NetBSD */
2483
-
2484
- return 0;
2485
- }
2486
- #endif /* MBEDTLS_PKCS1_V15 */
2487
-
2488
- /*
2489
- * Checkup routine
2490
- */
2491
- int mbedtls_rsa_self_test(int verbose)
2492
- {
2493
- int ret = 0;
2494
- #if defined(MBEDTLS_PKCS1_V15)
2495
- size_t len;
2496
- mbedtls_rsa_context rsa;
2497
- unsigned char rsa_plaintext[PT_LEN];
2498
- unsigned char rsa_decrypted[PT_LEN];
2499
- unsigned char rsa_ciphertext[KEY_LEN];
2500
- #if defined(MBEDTLS_MD_CAN_SHA1)
2501
- unsigned char sha1sum[20];
2502
- #endif
2503
-
2504
- mbedtls_mpi K;
2505
-
2506
- mbedtls_mpi_init(&K);
2507
- mbedtls_rsa_init(&rsa);
2508
-
2509
- MBEDTLS_MPI_CHK(mbedtls_mpi_read_string(&K, 16, RSA_N));
2510
- MBEDTLS_MPI_CHK(mbedtls_rsa_import(&rsa, &K, NULL, NULL, NULL, NULL));
2511
- MBEDTLS_MPI_CHK(mbedtls_mpi_read_string(&K, 16, RSA_P));
2512
- MBEDTLS_MPI_CHK(mbedtls_rsa_import(&rsa, NULL, &K, NULL, NULL, NULL));
2513
- MBEDTLS_MPI_CHK(mbedtls_mpi_read_string(&K, 16, RSA_Q));
2514
- MBEDTLS_MPI_CHK(mbedtls_rsa_import(&rsa, NULL, NULL, &K, NULL, NULL));
2515
- MBEDTLS_MPI_CHK(mbedtls_mpi_read_string(&K, 16, RSA_D));
2516
- MBEDTLS_MPI_CHK(mbedtls_rsa_import(&rsa, NULL, NULL, NULL, &K, NULL));
2517
- MBEDTLS_MPI_CHK(mbedtls_mpi_read_string(&K, 16, RSA_E));
2518
- MBEDTLS_MPI_CHK(mbedtls_rsa_import(&rsa, NULL, NULL, NULL, NULL, &K));
2519
-
2520
- MBEDTLS_MPI_CHK(mbedtls_rsa_complete(&rsa));
2521
-
2522
- if (verbose != 0) {
2523
- mbedtls_printf(" RSA key validation: ");
2524
- }
2525
-
2526
- if (mbedtls_rsa_check_pubkey(&rsa) != 0 ||
2527
- mbedtls_rsa_check_privkey(&rsa) != 0) {
2528
- if (verbose != 0) {
2529
- mbedtls_printf("failed\n");
2530
- }
2531
-
2532
- ret = 1;
2533
- goto cleanup;
2534
- }
2535
-
2536
- if (verbose != 0) {
2537
- mbedtls_printf("passed\n PKCS#1 encryption : ");
2538
- }
2539
-
2540
- memcpy(rsa_plaintext, RSA_PT, PT_LEN);
2541
-
2542
- if (mbedtls_rsa_pkcs1_encrypt(&rsa, myrand, NULL,
2543
- PT_LEN, rsa_plaintext,
2544
- rsa_ciphertext) != 0) {
2545
- if (verbose != 0) {
2546
- mbedtls_printf("failed\n");
2547
- }
2548
-
2549
- ret = 1;
2550
- goto cleanup;
2551
- }
2552
-
2553
- if (verbose != 0) {
2554
- mbedtls_printf("passed\n PKCS#1 decryption : ");
2555
- }
2556
-
2557
- if (mbedtls_rsa_pkcs1_decrypt(&rsa, myrand, NULL,
2558
- &len, rsa_ciphertext, rsa_decrypted,
2559
- sizeof(rsa_decrypted)) != 0) {
2560
- if (verbose != 0) {
2561
- mbedtls_printf("failed\n");
2562
- }
2563
-
2564
- ret = 1;
2565
- goto cleanup;
2566
- }
2567
-
2568
- if (memcmp(rsa_decrypted, rsa_plaintext, len) != 0) {
2569
- if (verbose != 0) {
2570
- mbedtls_printf("failed\n");
2571
- }
2572
-
2573
- ret = 1;
2574
- goto cleanup;
2575
- }
2576
-
2577
- if (verbose != 0) {
2578
- mbedtls_printf("passed\n");
2579
- }
2580
-
2581
- #if defined(MBEDTLS_MD_CAN_SHA1)
2582
- if (verbose != 0) {
2583
- mbedtls_printf(" PKCS#1 data sign : ");
2584
- }
2585
-
2586
- if (mbedtls_md(mbedtls_md_info_from_type(MBEDTLS_MD_SHA1),
2587
- rsa_plaintext, PT_LEN, sha1sum) != 0) {
2588
- if (verbose != 0) {
2589
- mbedtls_printf("failed\n");
2590
- }
2591
-
2592
- return 1;
2593
- }
2594
-
2595
- if (mbedtls_rsa_pkcs1_sign(&rsa, myrand, NULL,
2596
- MBEDTLS_MD_SHA1, 20,
2597
- sha1sum, rsa_ciphertext) != 0) {
2598
- if (verbose != 0) {
2599
- mbedtls_printf("failed\n");
2600
- }
2601
-
2602
- ret = 1;
2603
- goto cleanup;
2604
- }
2605
-
2606
- if (verbose != 0) {
2607
- mbedtls_printf("passed\n PKCS#1 sig. verify: ");
2608
- }
2609
-
2610
- if (mbedtls_rsa_pkcs1_verify(&rsa, MBEDTLS_MD_SHA1, 20,
2611
- sha1sum, rsa_ciphertext) != 0) {
2612
- if (verbose != 0) {
2613
- mbedtls_printf("failed\n");
2614
- }
2615
-
2616
- ret = 1;
2617
- goto cleanup;
2618
- }
2619
-
2620
- if (verbose != 0) {
2621
- mbedtls_printf("passed\n");
2622
- }
2623
- #endif /* MBEDTLS_MD_CAN_SHA1 */
2624
-
2625
- if (verbose != 0) {
2626
- mbedtls_printf("\n");
2627
- }
2628
-
2629
- cleanup:
2630
- mbedtls_mpi_free(&K);
2631
- mbedtls_rsa_free(&rsa);
2632
- #else /* MBEDTLS_PKCS1_V15 */
2633
- ((void) verbose);
2634
- #endif /* MBEDTLS_PKCS1_V15 */
2635
- return ret;
2636
- }
2637
-
2638
- #endif /* MBEDTLS_SELF_TEST */
2639
-
2640
- #endif /* MBEDTLS_RSA_C */