diff --git a/mbedtls/aes.h b/mbedtls/aes.h
deleted file mode 100644
index e381c11..0000000
--- a/mbedtls/aes.h
+++ /dev/null
@@ -1,640 +0,0 @@
-/**
- * \file aes.h
- *
- * \brief This file contains AES definitions and functions.
- *
- * The Advanced Encryption Standard (AES) specifies a FIPS-approved
- * cryptographic algorithm that can be used to protect electronic
- * data.
- *
- * The AES algorithm is a symmetric block cipher that can
- * encrypt and decrypt information. For more information, see
- * FIPS Publication 197: Advanced Encryption Standard and
- * ISO/IEC 18033-2:2006: Information technology -- Security
- * techniques -- Encryption algorithms -- Part 2: Asymmetric
- * ciphers.
- *
- * The AES-XTS block mode is standardized by NIST SP 800-38E
- *
- * and described in detail by IEEE P1619
- * .
- */
-
-/*
- * Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-#ifndef MBEDTLS_AES_H
-#define MBEDTLS_AES_H
-#include "mbedtls/private_access.h"
-
-#include "mbedtls/build_info.h"
-#include "mbedtls/platform_util.h"
-
-#include
-#include
-
-/* padlock.c and aesni.c rely on these values! */
-#define MBEDTLS_AES_ENCRYPT 1 /**< AES encryption. */
-#define MBEDTLS_AES_DECRYPT 0 /**< AES decryption. */
-
-/* Error codes in range 0x0020-0x0022 */
-/** Invalid key length. */
-#define MBEDTLS_ERR_AES_INVALID_KEY_LENGTH -0x0020
-/** Invalid data input length. */
-#define MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH -0x0022
-
-/* Error codes in range 0x0021-0x0025 */
-/** Invalid input data. */
-#define MBEDTLS_ERR_AES_BAD_INPUT_DATA -0x0021
-
-#if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && \
- !defined(inline) && !defined(__cplusplus)
-#define inline __inline
-#endif
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-#if !defined(MBEDTLS_AES_ALT)
-// Regular implementation
-//
-
-/**
- * \brief The AES context-type definition.
- */
-typedef struct mbedtls_aes_context
-{
- int MBEDTLS_PRIVATE(nr); /*!< The number of rounds. */
- uint32_t *MBEDTLS_PRIVATE(rk); /*!< AES round keys. */
- uint32_t MBEDTLS_PRIVATE(buf)[68]; /*!< Unaligned data buffer. This buffer can
- hold 32 extra Bytes, which can be used for
- one of the following purposes:
- - Alignment if VIA padlock is
- used.
- - Simplifying key expansion in the 256-bit
- case by generating an extra round key.
-
*/
-}
-mbedtls_aes_context;
-
-#if defined(MBEDTLS_CIPHER_MODE_XTS)
-/**
- * \brief The AES XTS context-type definition.
- */
-typedef struct mbedtls_aes_xts_context
-{
- mbedtls_aes_context MBEDTLS_PRIVATE(crypt); /*!< The AES context to use for AES block
- encryption or decryption. */
- mbedtls_aes_context MBEDTLS_PRIVATE(tweak); /*!< The AES context used for tweak
- computation. */
-} mbedtls_aes_xts_context;
-#endif /* MBEDTLS_CIPHER_MODE_XTS */
-
-#else /* MBEDTLS_AES_ALT */
-#include "aes_alt.h"
-#endif /* MBEDTLS_AES_ALT */
-
-/**
- * \brief This function initializes the specified AES context.
- *
- * It must be the first API called before using
- * the context.
- *
- * \param ctx The AES context to initialize. This must not be \c NULL.
- */
-void mbedtls_aes_init( mbedtls_aes_context *ctx );
-
-/**
- * \brief This function releases and clears the specified AES context.
- *
- * \param ctx The AES context to clear.
- * If this is \c NULL, this function does nothing.
- * Otherwise, the context must have been at least initialized.
- */
-void mbedtls_aes_free( mbedtls_aes_context *ctx );
-
-#if defined(MBEDTLS_CIPHER_MODE_XTS)
-/**
- * \brief This function initializes the specified AES XTS context.
- *
- * It must be the first API called before using
- * the context.
- *
- * \param ctx The AES XTS context to initialize. This must not be \c NULL.
- */
-void mbedtls_aes_xts_init( mbedtls_aes_xts_context *ctx );
-
-/**
- * \brief This function releases and clears the specified AES XTS context.
- *
- * \param ctx The AES XTS context to clear.
- * If this is \c NULL, this function does nothing.
- * Otherwise, the context must have been at least initialized.
- */
-void mbedtls_aes_xts_free( mbedtls_aes_xts_context *ctx );
-#endif /* MBEDTLS_CIPHER_MODE_XTS */
-
-/**
- * \brief This function sets the encryption key.
- *
- * \param ctx The AES context to which the key should be bound.
- * It must be initialized.
- * \param key The encryption key.
- * This must be a readable buffer of size \p keybits bits.
- * \param keybits The size of data passed in bits. Valid options are:
- * - 128 bits
- * - 192 bits
- * - 256 bits
- *
- * \return \c 0 on success.
- * \return #MBEDTLS_ERR_AES_INVALID_KEY_LENGTH on failure.
- */
-MBEDTLS_CHECK_RETURN_TYPICAL
-int mbedtls_aes_setkey_enc( mbedtls_aes_context *ctx, const unsigned char *key,
- unsigned int keybits );
-
-/**
- * \brief This function sets the decryption key.
- *
- * \param ctx The AES context to which the key should be bound.
- * It must be initialized.
- * \param key The decryption key.
- * This must be a readable buffer of size \p keybits bits.
- * \param keybits The size of data passed. Valid options are:
- * - 128 bits
- * - 192 bits
- * - 256 bits
- *
- * \return \c 0 on success.
- * \return #MBEDTLS_ERR_AES_INVALID_KEY_LENGTH on failure.
- */
-MBEDTLS_CHECK_RETURN_TYPICAL
-int mbedtls_aes_setkey_dec( mbedtls_aes_context *ctx, const unsigned char *key,
- unsigned int keybits );
-
-#if defined(MBEDTLS_CIPHER_MODE_XTS)
-/**
- * \brief This function prepares an XTS context for encryption and
- * sets the encryption key.
- *
- * \param ctx The AES XTS context to which the key should be bound.
- * It must be initialized.
- * \param key The encryption key. This is comprised of the XTS key1
- * concatenated with the XTS key2.
- * This must be a readable buffer of size \p keybits bits.
- * \param keybits The size of \p key passed in bits. Valid options are:
- * - 256 bits (each of key1 and key2 is a 128-bit key)
- * - 512 bits (each of key1 and key2 is a 256-bit key)
- *
- * \return \c 0 on success.
- * \return #MBEDTLS_ERR_AES_INVALID_KEY_LENGTH on failure.
- */
-MBEDTLS_CHECK_RETURN_TYPICAL
-int mbedtls_aes_xts_setkey_enc( mbedtls_aes_xts_context *ctx,
- const unsigned char *key,
- unsigned int keybits );
-
-/**
- * \brief This function prepares an XTS context for decryption and
- * sets the decryption key.
- *
- * \param ctx The AES XTS context to which the key should be bound.
- * It must be initialized.
- * \param key The decryption key. This is comprised of the XTS key1
- * concatenated with the XTS key2.
- * This must be a readable buffer of size \p keybits bits.
- * \param keybits The size of \p key passed in bits. Valid options are:
- * - 256 bits (each of key1 and key2 is a 128-bit key)
- * - 512 bits (each of key1 and key2 is a 256-bit key)
- *
- * \return \c 0 on success.
- * \return #MBEDTLS_ERR_AES_INVALID_KEY_LENGTH on failure.
- */
-MBEDTLS_CHECK_RETURN_TYPICAL
-int mbedtls_aes_xts_setkey_dec( mbedtls_aes_xts_context *ctx,
- const unsigned char *key,
- unsigned int keybits );
-#endif /* MBEDTLS_CIPHER_MODE_XTS */
-
-/**
- * \brief This function performs an AES single-block encryption or
- * decryption operation.
- *
- * It performs the operation defined in the \p mode parameter
- * (encrypt or decrypt), on the input data buffer defined in
- * the \p input parameter.
- *
- * mbedtls_aes_init(), and either mbedtls_aes_setkey_enc() or
- * mbedtls_aes_setkey_dec() must be called before the first
- * call to this API with the same context.
- *
- * \param ctx The AES context to use for encryption or decryption.
- * It must be initialized and bound to a key.
- * \param mode The AES operation: #MBEDTLS_AES_ENCRYPT or
- * #MBEDTLS_AES_DECRYPT.
- * \param input The buffer holding the input data.
- * It must be readable and at least \c 16 Bytes long.
- * \param output The buffer where the output data will be written.
- * It must be writeable and at least \c 16 Bytes long.
-
- * \return \c 0 on success.
- */
-MBEDTLS_CHECK_RETURN_TYPICAL
-int mbedtls_aes_crypt_ecb( mbedtls_aes_context *ctx,
- int mode,
- const unsigned char input[16],
- unsigned char output[16] );
-
-#if defined(MBEDTLS_CIPHER_MODE_CBC)
-/**
- * \brief This function performs an AES-CBC encryption or decryption operation
- * on full blocks.
- *
- * It performs the operation defined in the \p mode
- * parameter (encrypt/decrypt), on the input data buffer defined in
- * the \p input parameter.
- *
- * It can be called as many times as needed, until all the input
- * data is processed. mbedtls_aes_init(), and either
- * mbedtls_aes_setkey_enc() or mbedtls_aes_setkey_dec() must be called
- * before the first call to this API with the same context.
- *
- * \note This function operates on full blocks, that is, the input size
- * must be a multiple of the AES block size of \c 16 Bytes.
- *
- * \note Upon exit, the content of the IV is updated so that you can
- * call the same function again on the next
- * block(s) of data and get the same result as if it was
- * encrypted in one call. This allows a "streaming" usage.
- * If you need to retain the contents of the IV, you should
- * either save it manually or use the cipher module instead.
- *
- *
- * \param ctx The AES context to use for encryption or decryption.
- * It must be initialized and bound to a key.
- * \param mode The AES operation: #MBEDTLS_AES_ENCRYPT or
- * #MBEDTLS_AES_DECRYPT.
- * \param length The length of the input data in Bytes. This must be a
- * multiple of the block size (\c 16 Bytes).
- * \param iv Initialization vector (updated after use).
- * It must be a readable and writeable buffer of \c 16 Bytes.
- * \param input The buffer holding the input data.
- * It must be readable and of size \p length Bytes.
- * \param output The buffer holding the output data.
- * It must be writeable and of size \p length Bytes.
- *
- * \return \c 0 on success.
- * \return #MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH
- * on failure.
- */
-MBEDTLS_CHECK_RETURN_TYPICAL
-int mbedtls_aes_crypt_cbc( mbedtls_aes_context *ctx,
- int mode,
- size_t length,
- unsigned char iv[16],
- const unsigned char *input,
- unsigned char *output );
-#endif /* MBEDTLS_CIPHER_MODE_CBC */
-
-#if defined(MBEDTLS_CIPHER_MODE_XTS)
-/**
- * \brief This function performs an AES-XTS encryption or decryption
- * operation for an entire XTS data unit.
- *
- * AES-XTS encrypts or decrypts blocks based on their location as
- * defined by a data unit number. The data unit number must be
- * provided by \p data_unit.
- *
- * NIST SP 800-38E limits the maximum size of a data unit to 2^20
- * AES blocks. If the data unit is larger than this, this function
- * returns #MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH.
- *
- * \param ctx The AES XTS context to use for AES XTS operations.
- * It must be initialized and bound to a key.
- * \param mode The AES operation: #MBEDTLS_AES_ENCRYPT or
- * #MBEDTLS_AES_DECRYPT.
- * \param length The length of a data unit in Bytes. This can be any
- * length between 16 bytes and 2^24 bytes inclusive
- * (between 1 and 2^20 block cipher blocks).
- * \param data_unit The address of the data unit encoded as an array of 16
- * bytes in little-endian format. For disk encryption, this
- * is typically the index of the block device sector that
- * contains the data.
- * \param input The buffer holding the input data (which is an entire
- * data unit). This function reads \p length Bytes from \p
- * input.
- * \param output The buffer holding the output data (which is an entire
- * data unit). This function writes \p length Bytes to \p
- * output.
- *
- * \return \c 0 on success.
- * \return #MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH if \p length is
- * smaller than an AES block in size (16 Bytes) or if \p
- * length is larger than 2^20 blocks (16 MiB).
- */
-MBEDTLS_CHECK_RETURN_TYPICAL
-int mbedtls_aes_crypt_xts( mbedtls_aes_xts_context *ctx,
- int mode,
- size_t length,
- const unsigned char data_unit[16],
- const unsigned char *input,
- unsigned char *output );
-#endif /* MBEDTLS_CIPHER_MODE_XTS */
-
-#if defined(MBEDTLS_CIPHER_MODE_CFB)
-/**
- * \brief This function performs an AES-CFB128 encryption or decryption
- * operation.
- *
- * It performs the operation defined in the \p mode
- * parameter (encrypt or decrypt), on the input data buffer
- * defined in the \p input parameter.
- *
- * For CFB, you must set up the context with mbedtls_aes_setkey_enc(),
- * regardless of whether you are performing an encryption or decryption
- * operation, that is, regardless of the \p mode parameter. This is
- * because CFB mode uses the same key schedule for encryption and
- * decryption.
- *
- * \note Upon exit, the content of the IV is updated so that you can
- * call the same function again on the next
- * block(s) of data and get the same result as if it was
- * encrypted in one call. This allows a "streaming" usage.
- * If you need to retain the contents of the
- * IV, you must either save it manually or use the cipher
- * module instead.
- *
- *
- * \param ctx The AES context to use for encryption or decryption.
- * It must be initialized and bound to a key.
- * \param mode The AES operation: #MBEDTLS_AES_ENCRYPT or
- * #MBEDTLS_AES_DECRYPT.
- * \param length The length of the input data in Bytes.
- * \param iv_off The offset in IV (updated after use).
- * It must point to a valid \c size_t.
- * \param iv The initialization vector (updated after use).
- * It must be a readable and writeable buffer of \c 16 Bytes.
- * \param input The buffer holding the input data.
- * It must be readable and of size \p length Bytes.
- * \param output The buffer holding the output data.
- * It must be writeable and of size \p length Bytes.
- *
- * \return \c 0 on success.
- */
-MBEDTLS_CHECK_RETURN_TYPICAL
-int mbedtls_aes_crypt_cfb128( mbedtls_aes_context *ctx,
- int mode,
- size_t length,
- size_t *iv_off,
- unsigned char iv[16],
- const unsigned char *input,
- unsigned char *output );
-
-/**
- * \brief This function performs an AES-CFB8 encryption or decryption
- * operation.
- *
- * It performs the operation defined in the \p mode
- * parameter (encrypt/decrypt), on the input data buffer defined
- * in the \p input parameter.
- *
- * Due to the nature of CFB, you must use the same key schedule for
- * both encryption and decryption operations. Therefore, you must
- * use the context initialized with mbedtls_aes_setkey_enc() for
- * both #MBEDTLS_AES_ENCRYPT and #MBEDTLS_AES_DECRYPT.
- *
- * \note Upon exit, the content of the IV is updated so that you can
- * call the same function again on the next
- * block(s) of data and get the same result as if it was
- * encrypted in one call. This allows a "streaming" usage.
- * If you need to retain the contents of the
- * IV, you should either save it manually or use the cipher
- * module instead.
- *
- *
- * \param ctx The AES context to use for encryption or decryption.
- * It must be initialized and bound to a key.
- * \param mode The AES operation: #MBEDTLS_AES_ENCRYPT or
- * #MBEDTLS_AES_DECRYPT
- * \param length The length of the input data.
- * \param iv The initialization vector (updated after use).
- * It must be a readable and writeable buffer of \c 16 Bytes.
- * \param input The buffer holding the input data.
- * It must be readable and of size \p length Bytes.
- * \param output The buffer holding the output data.
- * It must be writeable and of size \p length Bytes.
- *
- * \return \c 0 on success.
- */
-MBEDTLS_CHECK_RETURN_TYPICAL
-int mbedtls_aes_crypt_cfb8( mbedtls_aes_context *ctx,
- int mode,
- size_t length,
- unsigned char iv[16],
- const unsigned char *input,
- unsigned char *output );
-#endif /*MBEDTLS_CIPHER_MODE_CFB */
-
-#if defined(MBEDTLS_CIPHER_MODE_OFB)
-/**
- * \brief This function performs an AES-OFB (Output Feedback Mode)
- * encryption or decryption operation.
- *
- * For OFB, you must set up the context with
- * mbedtls_aes_setkey_enc(), regardless of whether you are
- * performing an encryption or decryption operation. This is
- * because OFB mode uses the same key schedule for encryption and
- * decryption.
- *
- * The OFB operation is identical for encryption or decryption,
- * therefore no operation mode needs to be specified.
- *
- * \note Upon exit, the content of iv, the Initialisation Vector, is
- * updated so that you can call the same function again on the next
- * block(s) of data and get the same result as if it was encrypted
- * in one call. This allows a "streaming" usage, by initialising
- * iv_off to 0 before the first call, and preserving its value
- * between calls.
- *
- * For non-streaming use, the iv should be initialised on each call
- * to a unique value, and iv_off set to 0 on each call.
- *
- * If you need to retain the contents of the initialisation vector,
- * you must either save it manually or use the cipher module
- * instead.
- *
- * \warning For the OFB mode, the initialisation vector must be unique
- * every encryption operation. Reuse of an initialisation vector
- * will compromise security.
- *
- * \param ctx The AES context to use for encryption or decryption.
- * It must be initialized and bound to a key.
- * \param length The length of the input data.
- * \param iv_off The offset in IV (updated after use).
- * It must point to a valid \c size_t.
- * \param iv The initialization vector (updated after use).
- * It must be a readable and writeable buffer of \c 16 Bytes.
- * \param input The buffer holding the input data.
- * It must be readable and of size \p length Bytes.
- * \param output The buffer holding the output data.
- * It must be writeable and of size \p length Bytes.
- *
- * \return \c 0 on success.
- */
-MBEDTLS_CHECK_RETURN_TYPICAL
-int mbedtls_aes_crypt_ofb( mbedtls_aes_context *ctx,
- size_t length,
- size_t *iv_off,
- unsigned char iv[16],
- const unsigned char *input,
- unsigned char *output );
-
-#endif /* MBEDTLS_CIPHER_MODE_OFB */
-
-#if defined(MBEDTLS_CIPHER_MODE_CTR)
-/**
- * \brief This function performs an AES-CTR encryption or decryption
- * operation.
- *
- * Due to the nature of CTR, you must use the same key schedule
- * for both encryption and decryption operations. Therefore, you
- * must use the context initialized with mbedtls_aes_setkey_enc()
- * for both #MBEDTLS_AES_ENCRYPT and #MBEDTLS_AES_DECRYPT.
- *
- * \warning You must never reuse a nonce value with the same key. Doing so
- * would void the encryption for the two messages encrypted with
- * the same nonce and key.
- *
- * There are two common strategies for managing nonces with CTR:
- *
- * 1. You can handle everything as a single message processed over
- * successive calls to this function. In that case, you want to
- * set \p nonce_counter and \p nc_off to 0 for the first call, and
- * then preserve the values of \p nonce_counter, \p nc_off and \p
- * stream_block across calls to this function as they will be
- * updated by this function.
- *
- * With this strategy, you must not encrypt more than 2**128
- * blocks of data with the same key.
- *
- * 2. You can encrypt separate messages by dividing the \p
- * nonce_counter buffer in two areas: the first one used for a
- * per-message nonce, handled by yourself, and the second one
- * updated by this function internally.
- *
- * For example, you might reserve the first 12 bytes for the
- * per-message nonce, and the last 4 bytes for internal use. In that
- * case, before calling this function on a new message you need to
- * set the first 12 bytes of \p nonce_counter to your chosen nonce
- * value, the last 4 to 0, and \p nc_off to 0 (which will cause \p
- * stream_block to be ignored). That way, you can encrypt at most
- * 2**96 messages of up to 2**32 blocks each with the same key.
- *
- * The per-message nonce (or information sufficient to reconstruct
- * it) needs to be communicated with the ciphertext and must be unique.
- * The recommended way to ensure uniqueness is to use a message
- * counter. An alternative is to generate random nonces, but this
- * limits the number of messages that can be securely encrypted:
- * for example, with 96-bit random nonces, you should not encrypt
- * more than 2**32 messages with the same key.
- *
- * Note that for both stategies, sizes are measured in blocks and
- * that an AES block is 16 bytes.
- *
- * \warning Upon return, \p stream_block contains sensitive data. Its
- * content must not be written to insecure storage and should be
- * securely discarded as soon as it's no longer needed.
- *
- * \param ctx The AES context to use for encryption or decryption.
- * It must be initialized and bound to a key.
- * \param length The length of the input data.
- * \param nc_off The offset in the current \p stream_block, for
- * resuming within the current cipher stream. The
- * offset pointer should be 0 at the start of a stream.
- * It must point to a valid \c size_t.
- * \param nonce_counter The 128-bit nonce and counter.
- * It must be a readable-writeable buffer of \c 16 Bytes.
- * \param stream_block The saved stream block for resuming. This is
- * overwritten by the function.
- * It must be a readable-writeable buffer of \c 16 Bytes.
- * \param input The buffer holding the input data.
- * It must be readable and of size \p length Bytes.
- * \param output The buffer holding the output data.
- * It must be writeable and of size \p length Bytes.
- *
- * \return \c 0 on success.
- */
-MBEDTLS_CHECK_RETURN_TYPICAL
-int mbedtls_aes_crypt_ctr( mbedtls_aes_context *ctx,
- size_t length,
- size_t *nc_off,
- unsigned char nonce_counter[16],
- unsigned char stream_block[16],
- const unsigned char *input,
- unsigned char *output );
-#endif /* MBEDTLS_CIPHER_MODE_CTR */
-
-/**
- * \brief Internal AES block encryption function. This is only
- * exposed to allow overriding it using
- * \c MBEDTLS_AES_ENCRYPT_ALT.
- *
- * \param ctx The AES context to use for encryption.
- * \param input The plaintext block.
- * \param output The output (ciphertext) block.
- *
- * \return \c 0 on success.
- */
-MBEDTLS_CHECK_RETURN_TYPICAL
-int mbedtls_internal_aes_encrypt( mbedtls_aes_context *ctx,
- const unsigned char input[16],
- unsigned char output[16] );
-
-/**
- * \brief Internal AES block decryption function. This is only
- * exposed to allow overriding it using see
- * \c MBEDTLS_AES_DECRYPT_ALT.
- *
- * \param ctx The AES context to use for decryption.
- * \param input The ciphertext block.
- * \param output The output (plaintext) block.
- *
- * \return \c 0 on success.
- */
-MBEDTLS_CHECK_RETURN_TYPICAL
-int mbedtls_internal_aes_decrypt( mbedtls_aes_context *ctx,
- const unsigned char input[16],
- unsigned char output[16] );
-
-#if defined(MBEDTLS_SELF_TEST)
-/**
- * \brief Checkup routine.
- *
- * \return \c 0 on success.
- * \return \c 1 on failure.
- */
-MBEDTLS_CHECK_RETURN_CRITICAL
-int mbedtls_aes_self_test( int verbose );
-
-#endif /* MBEDTLS_SELF_TEST */
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* aes.h */
diff --git a/mbedtls/aria.h b/mbedtls/aria.h
deleted file mode 100644
index 1a96d15..0000000
--- a/mbedtls/aria.h
+++ /dev/null
@@ -1,358 +0,0 @@
-/**
- * \file aria.h
- *
- * \brief ARIA block cipher
- *
- * The ARIA algorithm is a symmetric block cipher that can encrypt and
- * decrypt information. It is defined by the Korean Agency for
- * Technology and Standards (KATS) in KS X 1213:2004 (in
- * Korean, but see http://210.104.33.10/ARIA/index-e.html in English)
- * and also described by the IETF in RFC 5794.
- */
-/*
- * Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-#ifndef MBEDTLS_ARIA_H
-#define MBEDTLS_ARIA_H
-#include "mbedtls/private_access.h"
-
-#include "mbedtls/build_info.h"
-
-#include
-#include
-
-#include "mbedtls/platform_util.h"
-
-#define MBEDTLS_ARIA_ENCRYPT 1 /**< ARIA encryption. */
-#define MBEDTLS_ARIA_DECRYPT 0 /**< ARIA decryption. */
-
-#define MBEDTLS_ARIA_BLOCKSIZE 16 /**< ARIA block size in bytes. */
-#define MBEDTLS_ARIA_MAX_ROUNDS 16 /**< Maxiumum number of rounds in ARIA. */
-#define MBEDTLS_ARIA_MAX_KEYSIZE 32 /**< Maximum size of an ARIA key in bytes. */
-
-/** Bad input data. */
-#define MBEDTLS_ERR_ARIA_BAD_INPUT_DATA -0x005C
-
-/** Invalid data input length. */
-#define MBEDTLS_ERR_ARIA_INVALID_INPUT_LENGTH -0x005E
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-#if !defined(MBEDTLS_ARIA_ALT)
-// Regular implementation
-//
-
-/**
- * \brief The ARIA context-type definition.
- */
-typedef struct mbedtls_aria_context
-{
- unsigned char MBEDTLS_PRIVATE(nr); /*!< The number of rounds (12, 14 or 16) */
- /*! The ARIA round keys. */
- uint32_t MBEDTLS_PRIVATE(rk)[MBEDTLS_ARIA_MAX_ROUNDS + 1][MBEDTLS_ARIA_BLOCKSIZE / 4];
-}
-mbedtls_aria_context;
-
-#else /* MBEDTLS_ARIA_ALT */
-#include "aria_alt.h"
-#endif /* MBEDTLS_ARIA_ALT */
-
-/**
- * \brief This function initializes the specified ARIA context.
- *
- * It must be the first API called before using
- * the context.
- *
- * \param ctx The ARIA context to initialize. This must not be \c NULL.
- */
-void mbedtls_aria_init( mbedtls_aria_context *ctx );
-
-/**
- * \brief This function releases and clears the specified ARIA context.
- *
- * \param ctx The ARIA context to clear. This may be \c NULL, in which
- * case this function returns immediately. If it is not \c NULL,
- * it must point to an initialized ARIA context.
- */
-void mbedtls_aria_free( mbedtls_aria_context *ctx );
-
-/**
- * \brief This function sets the encryption key.
- *
- * \param ctx The ARIA context to which the key should be bound.
- * This must be initialized.
- * \param key The encryption key. This must be a readable buffer
- * of size \p keybits Bits.
- * \param keybits The size of \p key in Bits. Valid options are:
- * - 128 bits
- * - 192 bits
- * - 256 bits
- *
- * \return \c 0 on success.
- * \return A negative error code on failure.
- */
-int mbedtls_aria_setkey_enc( mbedtls_aria_context *ctx,
- const unsigned char *key,
- unsigned int keybits );
-
-/**
- * \brief This function sets the decryption key.
- *
- * \param ctx The ARIA context to which the key should be bound.
- * This must be initialized.
- * \param key The decryption key. This must be a readable buffer
- * of size \p keybits Bits.
- * \param keybits The size of data passed. Valid options are:
- * - 128 bits
- * - 192 bits
- * - 256 bits
- *
- * \return \c 0 on success.
- * \return A negative error code on failure.
- */
-int mbedtls_aria_setkey_dec( mbedtls_aria_context *ctx,
- const unsigned char *key,
- unsigned int keybits );
-
-/**
- * \brief This function performs an ARIA single-block encryption or
- * decryption operation.
- *
- * It performs encryption or decryption (depending on whether
- * the key was set for encryption on decryption) on the input
- * data buffer defined in the \p input parameter.
- *
- * mbedtls_aria_init(), and either mbedtls_aria_setkey_enc() or
- * mbedtls_aria_setkey_dec() must be called before the first
- * call to this API with the same context.
- *
- * \param ctx The ARIA context to use for encryption or decryption.
- * This must be initialized and bound to a key.
- * \param input The 16-Byte buffer holding the input data.
- * \param output The 16-Byte buffer holding the output data.
-
- * \return \c 0 on success.
- * \return A negative error code on failure.
- */
-int mbedtls_aria_crypt_ecb( mbedtls_aria_context *ctx,
- const unsigned char input[MBEDTLS_ARIA_BLOCKSIZE],
- unsigned char output[MBEDTLS_ARIA_BLOCKSIZE] );
-
-#if defined(MBEDTLS_CIPHER_MODE_CBC)
-/**
- * \brief This function performs an ARIA-CBC encryption or decryption operation
- * on full blocks.
- *
- * It performs the operation defined in the \p mode
- * parameter (encrypt/decrypt), on the input data buffer defined in
- * the \p input parameter.
- *
- * It can be called as many times as needed, until all the input
- * data is processed. mbedtls_aria_init(), and either
- * mbedtls_aria_setkey_enc() or mbedtls_aria_setkey_dec() must be called
- * before the first call to this API with the same context.
- *
- * \note This function operates on aligned blocks, that is, the input size
- * must be a multiple of the ARIA block size of 16 Bytes.
- *
- * \note Upon exit, the content of the IV is updated so that you can
- * call the same function again on the next
- * block(s) of data and get the same result as if it was
- * encrypted in one call. This allows a "streaming" usage.
- * If you need to retain the contents of the IV, you should
- * either save it manually or use the cipher module instead.
- *
- *
- * \param ctx The ARIA context to use for encryption or decryption.
- * This must be initialized and bound to a key.
- * \param mode The mode of operation. This must be either
- * #MBEDTLS_ARIA_ENCRYPT for encryption, or
- * #MBEDTLS_ARIA_DECRYPT for decryption.
- * \param length The length of the input data in Bytes. This must be a
- * multiple of the block size (16 Bytes).
- * \param iv Initialization vector (updated after use).
- * This must be a readable buffer of size 16 Bytes.
- * \param input The buffer holding the input data. This must
- * be a readable buffer of length \p length Bytes.
- * \param output The buffer holding the output data. This must
- * be a writable buffer of length \p length Bytes.
- *
- * \return \c 0 on success.
- * \return A negative error code on failure.
- */
-int mbedtls_aria_crypt_cbc( mbedtls_aria_context *ctx,
- int mode,
- size_t length,
- unsigned char iv[MBEDTLS_ARIA_BLOCKSIZE],
- const unsigned char *input,
- unsigned char *output );
-#endif /* MBEDTLS_CIPHER_MODE_CBC */
-
-#if defined(MBEDTLS_CIPHER_MODE_CFB)
-/**
- * \brief This function performs an ARIA-CFB128 encryption or decryption
- * operation.
- *
- * It performs the operation defined in the \p mode
- * parameter (encrypt or decrypt), on the input data buffer
- * defined in the \p input parameter.
- *
- * For CFB, you must set up the context with mbedtls_aria_setkey_enc(),
- * regardless of whether you are performing an encryption or decryption
- * operation, that is, regardless of the \p mode parameter. This is
- * because CFB mode uses the same key schedule for encryption and
- * decryption.
- *
- * \note Upon exit, the content of the IV is updated so that you can
- * call the same function again on the next
- * block(s) of data and get the same result as if it was
- * encrypted in one call. This allows a "streaming" usage.
- * If you need to retain the contents of the
- * IV, you must either save it manually or use the cipher
- * module instead.
- *
- *
- * \param ctx The ARIA context to use for encryption or decryption.
- * This must be initialized and bound to a key.
- * \param mode The mode of operation. This must be either
- * #MBEDTLS_ARIA_ENCRYPT for encryption, or
- * #MBEDTLS_ARIA_DECRYPT for decryption.
- * \param length The length of the input data \p input in Bytes.
- * \param iv_off The offset in IV (updated after use).
- * This must not be larger than 15.
- * \param iv The initialization vector (updated after use).
- * This must be a readable buffer of size 16 Bytes.
- * \param input The buffer holding the input data. This must
- * be a readable buffer of length \p length Bytes.
- * \param output The buffer holding the output data. This must
- * be a writable buffer of length \p length Bytes.
- *
- * \return \c 0 on success.
- * \return A negative error code on failure.
- */
-int mbedtls_aria_crypt_cfb128( mbedtls_aria_context *ctx,
- int mode,
- size_t length,
- size_t *iv_off,
- unsigned char iv[MBEDTLS_ARIA_BLOCKSIZE],
- const unsigned char *input,
- unsigned char *output );
-#endif /* MBEDTLS_CIPHER_MODE_CFB */
-
-#if defined(MBEDTLS_CIPHER_MODE_CTR)
-/**
- * \brief This function performs an ARIA-CTR encryption or decryption
- * operation.
- *
- * This function performs the operation defined in the \p mode
- * parameter (encrypt/decrypt), on the input data buffer
- * defined in the \p input parameter.
- *
- * Due to the nature of CTR, you must use the same key schedule
- * for both encryption and decryption operations. Therefore, you
- * must use the context initialized with mbedtls_aria_setkey_enc()
- * for both #MBEDTLS_ARIA_ENCRYPT and #MBEDTLS_ARIA_DECRYPT.
- *
- * \warning You must never reuse a nonce value with the same key. Doing so
- * would void the encryption for the two messages encrypted with
- * the same nonce and key.
- *
- * There are two common strategies for managing nonces with CTR:
- *
- * 1. You can handle everything as a single message processed over
- * successive calls to this function. In that case, you want to
- * set \p nonce_counter and \p nc_off to 0 for the first call, and
- * then preserve the values of \p nonce_counter, \p nc_off and \p
- * stream_block across calls to this function as they will be
- * updated by this function.
- *
- * With this strategy, you must not encrypt more than 2**128
- * blocks of data with the same key.
- *
- * 2. You can encrypt separate messages by dividing the \p
- * nonce_counter buffer in two areas: the first one used for a
- * per-message nonce, handled by yourself, and the second one
- * updated by this function internally.
- *
- * For example, you might reserve the first 12 bytes for the
- * per-message nonce, and the last 4 bytes for internal use. In that
- * case, before calling this function on a new message you need to
- * set the first 12 bytes of \p nonce_counter to your chosen nonce
- * value, the last 4 to 0, and \p nc_off to 0 (which will cause \p
- * stream_block to be ignored). That way, you can encrypt at most
- * 2**96 messages of up to 2**32 blocks each with the same key.
- *
- * The per-message nonce (or information sufficient to reconstruct
- * it) needs to be communicated with the ciphertext and must be unique.
- * The recommended way to ensure uniqueness is to use a message
- * counter. An alternative is to generate random nonces, but this
- * limits the number of messages that can be securely encrypted:
- * for example, with 96-bit random nonces, you should not encrypt
- * more than 2**32 messages with the same key.
- *
- * Note that for both stategies, sizes are measured in blocks and
- * that an ARIA block is 16 bytes.
- *
- * \warning Upon return, \p stream_block contains sensitive data. Its
- * content must not be written to insecure storage and should be
- * securely discarded as soon as it's no longer needed.
- *
- * \param ctx The ARIA context to use for encryption or decryption.
- * This must be initialized and bound to a key.
- * \param length The length of the input data \p input in Bytes.
- * \param nc_off The offset in Bytes in the current \p stream_block,
- * for resuming within the current cipher stream. The
- * offset pointer should be \c 0 at the start of a
- * stream. This must not be larger than \c 15 Bytes.
- * \param nonce_counter The 128-bit nonce and counter. This must point to
- * a read/write buffer of length \c 16 bytes.
- * \param stream_block The saved stream block for resuming. This must
- * point to a read/write buffer of length \c 16 bytes.
- * This is overwritten by the function.
- * \param input The buffer holding the input data. This must
- * be a readable buffer of length \p length Bytes.
- * \param output The buffer holding the output data. This must
- * be a writable buffer of length \p length Bytes.
- *
- * \return \c 0 on success.
- * \return A negative error code on failure.
- */
-int mbedtls_aria_crypt_ctr( mbedtls_aria_context *ctx,
- size_t length,
- size_t *nc_off,
- unsigned char nonce_counter[MBEDTLS_ARIA_BLOCKSIZE],
- unsigned char stream_block[MBEDTLS_ARIA_BLOCKSIZE],
- const unsigned char *input,
- unsigned char *output );
-#endif /* MBEDTLS_CIPHER_MODE_CTR */
-
-#if defined(MBEDTLS_SELF_TEST)
-/**
- * \brief Checkup routine.
- *
- * \return \c 0 on success, or \c 1 on failure.
- */
-int mbedtls_aria_self_test( int verbose );
-#endif /* MBEDTLS_SELF_TEST */
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* aria.h */
diff --git a/mbedtls/asn1.h b/mbedtls/asn1.h
deleted file mode 100644
index 4746c1c..0000000
--- a/mbedtls/asn1.h
+++ /dev/null
@@ -1,633 +0,0 @@
-/**
- * \file asn1.h
- *
- * \brief Generic ASN.1 parsing
- */
-/*
- * Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-#ifndef MBEDTLS_ASN1_H
-#define MBEDTLS_ASN1_H
-#include "mbedtls/private_access.h"
-
-#include "mbedtls/build_info.h"
-
-#include
-
-#if defined(MBEDTLS_BIGNUM_C)
-#include "mbedtls/bignum.h"
-#endif
-
-/**
- * \addtogroup asn1_module
- * \{
- */
-
-/**
- * \name ASN1 Error codes
- * These error codes are OR'ed to X509 error codes for
- * higher error granularity.
- * ASN1 is a standard to specify data structures.
- * \{
- */
-/** Out of data when parsing an ASN1 data structure. */
-#define MBEDTLS_ERR_ASN1_OUT_OF_DATA -0x0060
-/** ASN1 tag was of an unexpected value. */
-#define MBEDTLS_ERR_ASN1_UNEXPECTED_TAG -0x0062
-/** Error when trying to determine the length or invalid length. */
-#define MBEDTLS_ERR_ASN1_INVALID_LENGTH -0x0064
-/** Actual length differs from expected length. */
-#define MBEDTLS_ERR_ASN1_LENGTH_MISMATCH -0x0066
-/** Data is invalid. */
-#define MBEDTLS_ERR_ASN1_INVALID_DATA -0x0068
-/** Memory allocation failed */
-#define MBEDTLS_ERR_ASN1_ALLOC_FAILED -0x006A
-/** Buffer too small when writing ASN.1 data structure. */
-#define MBEDTLS_ERR_ASN1_BUF_TOO_SMALL -0x006C
-
-/* \} name */
-
-/**
- * \name DER constants
- * These constants comply with the DER encoded ASN.1 type tags.
- * DER encoding uses hexadecimal representation.
- * An example DER sequence is:\n
- * - 0x02 -- tag indicating INTEGER
- * - 0x01 -- length in octets
- * - 0x05 -- value
- * Such sequences are typically read into \c ::mbedtls_x509_buf.
- * \{
- */
-#define MBEDTLS_ASN1_BOOLEAN 0x01
-#define MBEDTLS_ASN1_INTEGER 0x02
-#define MBEDTLS_ASN1_BIT_STRING 0x03
-#define MBEDTLS_ASN1_OCTET_STRING 0x04
-#define MBEDTLS_ASN1_NULL 0x05
-#define MBEDTLS_ASN1_OID 0x06
-#define MBEDTLS_ASN1_ENUMERATED 0x0A
-#define MBEDTLS_ASN1_UTF8_STRING 0x0C
-#define MBEDTLS_ASN1_SEQUENCE 0x10
-#define MBEDTLS_ASN1_SET 0x11
-#define MBEDTLS_ASN1_PRINTABLE_STRING 0x13
-#define MBEDTLS_ASN1_T61_STRING 0x14
-#define MBEDTLS_ASN1_IA5_STRING 0x16
-#define MBEDTLS_ASN1_UTC_TIME 0x17
-#define MBEDTLS_ASN1_GENERALIZED_TIME 0x18
-#define MBEDTLS_ASN1_UNIVERSAL_STRING 0x1C
-#define MBEDTLS_ASN1_BMP_STRING 0x1E
-#define MBEDTLS_ASN1_PRIMITIVE 0x00
-#define MBEDTLS_ASN1_CONSTRUCTED 0x20
-#define MBEDTLS_ASN1_CONTEXT_SPECIFIC 0x80
-
-/* Slightly smaller way to check if tag is a string tag
- * compared to canonical implementation. */
-#define MBEDTLS_ASN1_IS_STRING_TAG( tag ) \
- ( ( tag ) < 32u && ( \
- ( ( 1u << ( tag ) ) & ( ( 1u << MBEDTLS_ASN1_BMP_STRING ) | \
- ( 1u << MBEDTLS_ASN1_UTF8_STRING ) | \
- ( 1u << MBEDTLS_ASN1_T61_STRING ) | \
- ( 1u << MBEDTLS_ASN1_IA5_STRING ) | \
- ( 1u << MBEDTLS_ASN1_UNIVERSAL_STRING ) | \
- ( 1u << MBEDTLS_ASN1_PRINTABLE_STRING ) | \
- ( 1u << MBEDTLS_ASN1_BIT_STRING ) ) ) != 0 ) )
-
-/*
- * Bit masks for each of the components of an ASN.1 tag as specified in
- * ITU X.690 (08/2015), section 8.1 "General rules for encoding",
- * paragraph 8.1.2.2:
- *
- * Bit 8 7 6 5 1
- * +-------+-----+------------+
- * | Class | P/C | Tag number |
- * +-------+-----+------------+
- */
-#define MBEDTLS_ASN1_TAG_CLASS_MASK 0xC0
-#define MBEDTLS_ASN1_TAG_PC_MASK 0x20
-#define MBEDTLS_ASN1_TAG_VALUE_MASK 0x1F
-
-/* \} name */
-/* \} addtogroup asn1_module */
-
-/** Returns the size of the binary string, without the trailing \\0 */
-#define MBEDTLS_OID_SIZE(x) (sizeof(x) - 1)
-
-/**
- * Compares an mbedtls_asn1_buf structure to a reference OID.
- *
- * Only works for 'defined' oid_str values (MBEDTLS_OID_HMAC_SHA1), you cannot use a
- * 'unsigned char *oid' here!
- */
-#define MBEDTLS_OID_CMP(oid_str, oid_buf) \
- ( ( MBEDTLS_OID_SIZE(oid_str) != (oid_buf)->len ) || \
- memcmp( (oid_str), (oid_buf)->p, (oid_buf)->len) != 0 )
-
-#define MBEDTLS_OID_CMP_RAW(oid_str, oid_buf, oid_buf_len) \
- ( ( MBEDTLS_OID_SIZE(oid_str) != (oid_buf_len) ) || \
- memcmp( (oid_str), (oid_buf), (oid_buf_len) ) != 0 )
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/**
- * \name Functions to parse ASN.1 data structures
- * \{
- */
-
-/**
- * Type-length-value structure that allows for ASN1 using DER.
- */
-typedef struct mbedtls_asn1_buf
-{
- int tag; /**< ASN1 type, e.g. MBEDTLS_ASN1_UTF8_STRING. */
- size_t len; /**< ASN1 length, in octets. */
- unsigned char *p; /**< ASN1 data, e.g. in ASCII. */
-}
-mbedtls_asn1_buf;
-
-/**
- * Container for ASN1 bit strings.
- */
-typedef struct mbedtls_asn1_bitstring
-{
- size_t len; /**< ASN1 length, in octets. */
- unsigned char unused_bits; /**< Number of unused bits at the end of the string */
- unsigned char *p; /**< Raw ASN1 data for the bit string */
-}
-mbedtls_asn1_bitstring;
-
-/**
- * Container for a sequence of ASN.1 items
- */
-typedef struct mbedtls_asn1_sequence
-{
- mbedtls_asn1_buf buf; /**< Buffer containing the given ASN.1 item. */
-
- /** The next entry in the sequence.
- *
- * The details of memory management for sequences are not documented and
- * may change in future versions. Set this field to \p NULL when
- * initializing a structure, and do not modify it except via Mbed TLS
- * library functions.
- */
- struct mbedtls_asn1_sequence *next;
-}
-mbedtls_asn1_sequence;
-
-/**
- * Container for a sequence or list of 'named' ASN.1 data items
- */
-typedef struct mbedtls_asn1_named_data
-{
- mbedtls_asn1_buf oid; /**< The object identifier. */
- mbedtls_asn1_buf val; /**< The named value. */
-
- /** The next entry in the sequence.
- *
- * The details of memory management for named data sequences are not
- * documented and may change in future versions. Set this field to \p NULL
- * when initializing a structure, and do not modify it except via Mbed TLS
- * library functions.
- */
- struct mbedtls_asn1_named_data *next;
-
- /** Merge next item into the current one?
- *
- * This field exists for the sake of Mbed TLS's X.509 certificate parsing
- * code and may change in future versions of the library.
- */
- unsigned char MBEDTLS_PRIVATE(next_merged);
-}
-mbedtls_asn1_named_data;
-
-/**
- * \brief Get the length of an ASN.1 element.
- * Updates the pointer to immediately behind the length.
- *
- * \param p On entry, \c *p points to the first byte of the length,
- * i.e. immediately after the tag.
- * On successful completion, \c *p points to the first byte
- * after the length, i.e. the first byte of the content.
- * On error, the value of \c *p is undefined.
- * \param end End of data.
- * \param len On successful completion, \c *len contains the length
- * read from the ASN.1 input.
- *
- * \return 0 if successful.
- * \return #MBEDTLS_ERR_ASN1_OUT_OF_DATA if the ASN.1 element
- * would end beyond \p end.
- * \return #MBEDTLS_ERR_ASN1_INVALID_LENGTH if the length is unparseable.
- */
-int mbedtls_asn1_get_len( unsigned char **p,
- const unsigned char *end,
- size_t *len );
-
-/**
- * \brief Get the tag and length of the element.
- * Check for the requested tag.
- * Updates the pointer to immediately behind the tag and length.
- *
- * \param p On entry, \c *p points to the start of the ASN.1 element.
- * On successful completion, \c *p points to the first byte
- * after the length, i.e. the first byte of the content.
- * On error, the value of \c *p is undefined.
- * \param end End of data.
- * \param len On successful completion, \c *len contains the length
- * read from the ASN.1 input.
- * \param tag The expected tag.
- *
- * \return 0 if successful.
- * \return #MBEDTLS_ERR_ASN1_UNEXPECTED_TAG if the data does not start
- * with the requested tag.
- * \return #MBEDTLS_ERR_ASN1_OUT_OF_DATA if the ASN.1 element
- * would end beyond \p end.
- * \return #MBEDTLS_ERR_ASN1_INVALID_LENGTH if the length is unparseable.
- */
-int mbedtls_asn1_get_tag( unsigned char **p,
- const unsigned char *end,
- size_t *len, int tag );
-
-/**
- * \brief Retrieve a boolean ASN.1 tag and its value.
- * Updates the pointer to immediately behind the full tag.
- *
- * \param p On entry, \c *p points to the start of the ASN.1 element.
- * On successful completion, \c *p points to the first byte
- * beyond the ASN.1 element.
- * On error, the value of \c *p is undefined.
- * \param end End of data.
- * \param val On success, the parsed value (\c 0 or \c 1).
- *
- * \return 0 if successful.
- * \return An ASN.1 error code if the input does not start with
- * a valid ASN.1 BOOLEAN.
- */
-int mbedtls_asn1_get_bool( unsigned char **p,
- const unsigned char *end,
- int *val );
-
-/**
- * \brief Retrieve an integer ASN.1 tag and its value.
- * Updates the pointer to immediately behind the full tag.
- *
- * \param p On entry, \c *p points to the start of the ASN.1 element.
- * On successful completion, \c *p points to the first byte
- * beyond the ASN.1 element.
- * On error, the value of \c *p is undefined.
- * \param end End of data.
- * \param val On success, the parsed value.
- *
- * \return 0 if successful.
- * \return An ASN.1 error code if the input does not start with
- * a valid ASN.1 INTEGER.
- * \return #MBEDTLS_ERR_ASN1_INVALID_LENGTH if the parsed value does
- * not fit in an \c int.
- */
-int mbedtls_asn1_get_int( unsigned char **p,
- const unsigned char *end,
- int *val );
-
-/**
- * \brief Retrieve an enumerated ASN.1 tag and its value.
- * Updates the pointer to immediately behind the full tag.
- *
- * \param p On entry, \c *p points to the start of the ASN.1 element.
- * On successful completion, \c *p points to the first byte
- * beyond the ASN.1 element.
- * On error, the value of \c *p is undefined.
- * \param end End of data.
- * \param val On success, the parsed value.
- *
- * \return 0 if successful.
- * \return An ASN.1 error code if the input does not start with
- * a valid ASN.1 ENUMERATED.
- * \return #MBEDTLS_ERR_ASN1_INVALID_LENGTH if the parsed value does
- * not fit in an \c int.
- */
-int mbedtls_asn1_get_enum( unsigned char **p,
- const unsigned char *end,
- int *val );
-
-/**
- * \brief Retrieve a bitstring ASN.1 tag and its value.
- * Updates the pointer to immediately behind the full tag.
- *
- * \param p On entry, \c *p points to the start of the ASN.1 element.
- * On successful completion, \c *p is equal to \p end.
- * On error, the value of \c *p is undefined.
- * \param end End of data.
- * \param bs On success, ::mbedtls_asn1_bitstring information about
- * the parsed value.
- *
- * \return 0 if successful.
- * \return #MBEDTLS_ERR_ASN1_LENGTH_MISMATCH if the input contains
- * extra data after a valid BIT STRING.
- * \return An ASN.1 error code if the input does not start with
- * a valid ASN.1 BIT STRING.
- */
-int mbedtls_asn1_get_bitstring( unsigned char **p, const unsigned char *end,
- mbedtls_asn1_bitstring *bs );
-
-/**
- * \brief Retrieve a bitstring ASN.1 tag without unused bits and its
- * value.
- * Updates the pointer to the beginning of the bit/octet string.
- *
- * \param p On entry, \c *p points to the start of the ASN.1 element.
- * On successful completion, \c *p points to the first byte
- * of the content of the BIT STRING.
- * On error, the value of \c *p is undefined.
- * \param end End of data.
- * \param len On success, \c *len is the length of the content in bytes.
- *
- * \return 0 if successful.
- * \return #MBEDTLS_ERR_ASN1_INVALID_DATA if the input starts with
- * a valid BIT STRING with a nonzero number of unused bits.
- * \return An ASN.1 error code if the input does not start with
- * a valid ASN.1 BIT STRING.
- */
-int mbedtls_asn1_get_bitstring_null( unsigned char **p,
- const unsigned char *end,
- size_t *len );
-
-/**
- * \brief Parses and splits an ASN.1 "SEQUENCE OF ".
- * Updates the pointer to immediately behind the full sequence tag.
- *
- * This function allocates memory for the sequence elements. You can free
- * the allocated memory with mbedtls_asn1_sequence_free().
- *
- * \note On error, this function may return a partial list in \p cur.
- * You must set `cur->next = NULL` before calling this function!
- * Otherwise it is impossible to distinguish a previously non-null
- * pointer from a pointer to an object allocated by this function.
- *
- * \note If the sequence is empty, this function does not modify
- * \c *cur. If the sequence is valid and non-empty, this
- * function sets `cur->buf.tag` to \p tag. This allows
- * callers to distinguish between an empty sequence and
- * a one-element sequence.
- *
- * \param p On entry, \c *p points to the start of the ASN.1 element.
- * On successful completion, \c *p is equal to \p end.
- * On error, the value of \c *p is undefined.
- * \param end End of data.
- * \param cur A ::mbedtls_asn1_sequence which this function fills.
- * When this function returns, \c *cur is the head of a linked
- * list. Each node in this list is allocated with
- * mbedtls_calloc() apart from \p cur itself, and should
- * therefore be freed with mbedtls_free().
- * The list describes the content of the sequence.
- * The head of the list (i.e. \c *cur itself) describes the
- * first element, `*cur->next` describes the second element, etc.
- * For each element, `buf.tag == tag`, `buf.len` is the length
- * of the content of the content of the element, and `buf.p`
- * points to the first byte of the content (i.e. immediately
- * past the length of the element).
- * Note that list elements may be allocated even on error.
- * \param tag Each element of the sequence must have this tag.
- *
- * \return 0 if successful.
- * \return #MBEDTLS_ERR_ASN1_LENGTH_MISMATCH if the input contains
- * extra data after a valid SEQUENCE OF \p tag.
- * \return #MBEDTLS_ERR_ASN1_UNEXPECTED_TAG if the input starts with
- * an ASN.1 SEQUENCE in which an element has a tag that
- * is different from \p tag.
- * \return #MBEDTLS_ERR_ASN1_ALLOC_FAILED if a memory allocation failed.
- * \return An ASN.1 error code if the input does not start with
- * a valid ASN.1 SEQUENCE.
- */
-int mbedtls_asn1_get_sequence_of( unsigned char **p,
- const unsigned char *end,
- mbedtls_asn1_sequence *cur,
- int tag );
-/**
- * \brief Free a heap-allocated linked list presentation of
- * an ASN.1 sequence, including the first element.
- *
- * There are two common ways to manage the memory used for the representation
- * of a parsed ASN.1 sequence:
- * - Allocate a head node `mbedtls_asn1_sequence *head` with mbedtls_calloc().
- * Pass this node as the `cur` argument to mbedtls_asn1_get_sequence_of().
- * When you have finished processing the sequence,
- * call mbedtls_asn1_sequence_free() on `head`.
- * - Allocate a head node `mbedtls_asn1_sequence *head` in any manner,
- * for example on the stack. Make sure that `head->next == NULL`.
- * Pass `head` as the `cur` argument to mbedtls_asn1_get_sequence_of().
- * When you have finished processing the sequence,
- * call mbedtls_asn1_sequence_free() on `head->cur`,
- * then free `head` itself in the appropriate manner.
- *
- * \param seq The address of the first sequence component. This may
- * be \c NULL, in which case this functions returns
- * immediately.
- */
-void mbedtls_asn1_sequence_free( mbedtls_asn1_sequence *seq );
-
-/**
- * \brief Traverse an ASN.1 SEQUENCE container and
- * call a callback for each entry.
- *
- * This function checks that the input is a SEQUENCE of elements that
- * each have a "must" tag, and calls a callback function on the elements
- * that have a "may" tag.
- *
- * For example, to validate that the input is a SEQUENCE of `tag1` and call
- * `cb` on each element, use
- * ```
- * mbedtls_asn1_traverse_sequence_of(&p, end, 0xff, tag1, 0, 0, cb, ctx);
- * ```
- *
- * To validate that the input is a SEQUENCE of ANY and call `cb` on
- * each element, use
- * ```
- * mbedtls_asn1_traverse_sequence_of(&p, end, 0, 0, 0, 0, cb, ctx);
- * ```
- *
- * To validate that the input is a SEQUENCE of CHOICE {NULL, OCTET STRING}
- * and call `cb` on each element that is an OCTET STRING, use
- * ```
- * mbedtls_asn1_traverse_sequence_of(&p, end, 0xfe, 0x04, 0xff, 0x04, cb, ctx);
- * ```
- *
- * The callback is called on the elements with a "may" tag from left to
- * right. If the input is not a valid SEQUENCE of elements with a "must" tag,
- * the callback is called on the elements up to the leftmost point where
- * the input is invalid.
- *
- * \warning This function is still experimental and may change
- * at any time.
- *
- * \param p The address of the pointer to the beginning of
- * the ASN.1 SEQUENCE header. This is updated to
- * point to the end of the ASN.1 SEQUENCE container
- * on a successful invocation.
- * \param end The end of the ASN.1 SEQUENCE container.
- * \param tag_must_mask A mask to be applied to the ASN.1 tags found within
- * the SEQUENCE before comparing to \p tag_must_value.
- * \param tag_must_val The required value of each ASN.1 tag found in the
- * SEQUENCE, after masking with \p tag_must_mask.
- * Mismatching tags lead to an error.
- * For example, a value of \c 0 for both \p tag_must_mask
- * and \p tag_must_val means that every tag is allowed,
- * while a value of \c 0xFF for \p tag_must_mask means
- * that \p tag_must_val is the only allowed tag.
- * \param tag_may_mask A mask to be applied to the ASN.1 tags found within
- * the SEQUENCE before comparing to \p tag_may_value.
- * \param tag_may_val The desired value of each ASN.1 tag found in the
- * SEQUENCE, after masking with \p tag_may_mask.
- * Mismatching tags will be silently ignored.
- * For example, a value of \c 0 for \p tag_may_mask and
- * \p tag_may_val means that any tag will be considered,
- * while a value of \c 0xFF for \p tag_may_mask means
- * that all tags with value different from \p tag_may_val
- * will be ignored.
- * \param cb The callback to trigger for each component
- * in the ASN.1 SEQUENCE that matches \p tag_may_val.
- * The callback function is called with the following
- * parameters:
- * - \p ctx.
- * - The tag of the current element.
- * - A pointer to the start of the current element's
- * content inside the input.
- * - The length of the content of the current element.
- * If the callback returns a non-zero value,
- * the function stops immediately,
- * forwarding the callback's return value.
- * \param ctx The context to be passed to the callback \p cb.
- *
- * \return \c 0 if successful the entire ASN.1 SEQUENCE
- * was traversed without parsing or callback errors.
- * \return #MBEDTLS_ERR_ASN1_LENGTH_MISMATCH if the input
- * contains extra data after a valid SEQUENCE
- * of elements with an accepted tag.
- * \return #MBEDTLS_ERR_ASN1_UNEXPECTED_TAG if the input starts
- * with an ASN.1 SEQUENCE in which an element has a tag
- * that is not accepted.
- * \return An ASN.1 error code if the input does not start with
- * a valid ASN.1 SEQUENCE.
- * \return A non-zero error code forwarded from the callback
- * \p cb in case the latter returns a non-zero value.
- */
-int mbedtls_asn1_traverse_sequence_of(
- unsigned char **p,
- const unsigned char *end,
- unsigned char tag_must_mask, unsigned char tag_must_val,
- unsigned char tag_may_mask, unsigned char tag_may_val,
- int (*cb)( void *ctx, int tag,
- unsigned char* start, size_t len ),
- void *ctx );
-
-#if defined(MBEDTLS_BIGNUM_C)
-/**
- * \brief Retrieve an integer ASN.1 tag and its value.
- * Updates the pointer to immediately behind the full tag.
- *
- * \param p On entry, \c *p points to the start of the ASN.1 element.
- * On successful completion, \c *p points to the first byte
- * beyond the ASN.1 element.
- * On error, the value of \c *p is undefined.
- * \param end End of data.
- * \param X On success, the parsed value.
- *
- * \return 0 if successful.
- * \return An ASN.1 error code if the input does not start with
- * a valid ASN.1 INTEGER.
- * \return #MBEDTLS_ERR_ASN1_INVALID_LENGTH if the parsed value does
- * not fit in an \c int.
- * \return An MPI error code if the parsed value is too large.
- */
-int mbedtls_asn1_get_mpi( unsigned char **p,
- const unsigned char *end,
- mbedtls_mpi *X );
-#endif /* MBEDTLS_BIGNUM_C */
-
-/**
- * \brief Retrieve an AlgorithmIdentifier ASN.1 sequence.
- * Updates the pointer to immediately behind the full
- * AlgorithmIdentifier.
- *
- * \param p On entry, \c *p points to the start of the ASN.1 element.
- * On successful completion, \c *p points to the first byte
- * beyond the AlgorithmIdentifier element.
- * On error, the value of \c *p is undefined.
- * \param end End of data.
- * \param alg The buffer to receive the OID.
- * \param params The buffer to receive the parameters.
- * This is zeroized if there are no parameters.
- *
- * \return 0 if successful or a specific ASN.1 or MPI error code.
- */
-int mbedtls_asn1_get_alg( unsigned char **p,
- const unsigned char *end,
- mbedtls_asn1_buf *alg, mbedtls_asn1_buf *params );
-
-/**
- * \brief Retrieve an AlgorithmIdentifier ASN.1 sequence with NULL or no
- * params.
- * Updates the pointer to immediately behind the full
- * AlgorithmIdentifier.
- *
- * \param p On entry, \c *p points to the start of the ASN.1 element.
- * On successful completion, \c *p points to the first byte
- * beyond the AlgorithmIdentifier element.
- * On error, the value of \c *p is undefined.
- * \param end End of data.
- * \param alg The buffer to receive the OID.
- *
- * \return 0 if successful or a specific ASN.1 or MPI error code.
- */
-int mbedtls_asn1_get_alg_null( unsigned char **p,
- const unsigned char *end,
- mbedtls_asn1_buf *alg );
-
-/**
- * \brief Find a specific named_data entry in a sequence or list based on
- * the OID.
- *
- * \param list The list to seek through
- * \param oid The OID to look for
- * \param len Size of the OID
- *
- * \return NULL if not found, or a pointer to the existing entry.
- */
-const mbedtls_asn1_named_data *mbedtls_asn1_find_named_data( const mbedtls_asn1_named_data *list,
- const char *oid, size_t len );
-
-/**
- * \brief Free a mbedtls_asn1_named_data entry
- *
- * \param entry The named data entry to free.
- * This function calls mbedtls_free() on
- * `entry->oid.p` and `entry->val.p`.
- */
-void mbedtls_asn1_free_named_data( mbedtls_asn1_named_data *entry );
-
-/**
- * \brief Free all entries in a mbedtls_asn1_named_data list.
- *
- * \param head Pointer to the head of the list of named data entries to free.
- * This function calls mbedtls_asn1_free_named_data() and
- * mbedtls_free() on each list element and
- * sets \c *head to \c NULL.
- */
-void mbedtls_asn1_free_named_data_list( mbedtls_asn1_named_data **head );
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* asn1.h */
diff --git a/mbedtls/asn1write.h b/mbedtls/asn1write.h
deleted file mode 100644
index d60ca0d..0000000
--- a/mbedtls/asn1write.h
+++ /dev/null
@@ -1,366 +0,0 @@
-/**
- * \file asn1write.h
- *
- * \brief ASN.1 buffer writing functionality
- */
-/*
- * Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-#ifndef MBEDTLS_ASN1_WRITE_H
-#define MBEDTLS_ASN1_WRITE_H
-
-#include "mbedtls/build_info.h"
-
-#include "mbedtls/asn1.h"
-
-#define MBEDTLS_ASN1_CHK_ADD(g, f) \
- do \
- { \
- if( ( ret = (f) ) < 0 ) \
- return( ret ); \
- else \
- (g) += ret; \
- } while( 0 )
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/**
- * \brief Write a length field in ASN.1 format.
- *
- * \note This function works backwards in data buffer.
- *
- * \param p The reference to the current position pointer.
- * \param start The start of the buffer, for bounds-checking.
- * \param len The length value to write.
- *
- * \return The number of bytes written to \p p on success.
- * \return A negative \c MBEDTLS_ERR_ASN1_XXX error code on failure.
- */
-int mbedtls_asn1_write_len( unsigned char **p, const unsigned char *start,
- size_t len );
-/**
- * \brief Write an ASN.1 tag in ASN.1 format.
- *
- * \note This function works backwards in data buffer.
- *
- * \param p The reference to the current position pointer.
- * \param start The start of the buffer, for bounds-checking.
- * \param tag The tag to write.
- *
- * \return The number of bytes written to \p p on success.
- * \return A negative \c MBEDTLS_ERR_ASN1_XXX error code on failure.
- */
-int mbedtls_asn1_write_tag( unsigned char **p, const unsigned char *start,
- unsigned char tag );
-
-/**
- * \brief Write raw buffer data.
- *
- * \note This function works backwards in data buffer.
- *
- * \param p The reference to the current position pointer.
- * \param start The start of the buffer, for bounds-checking.
- * \param buf The data buffer to write.
- * \param size The length of the data buffer.
- *
- * \return The number of bytes written to \p p on success.
- * \return A negative \c MBEDTLS_ERR_ASN1_XXX error code on failure.
- */
-int mbedtls_asn1_write_raw_buffer( unsigned char **p, const unsigned char *start,
- const unsigned char *buf, size_t size );
-
-#if defined(MBEDTLS_BIGNUM_C)
-/**
- * \brief Write a arbitrary-precision number (#MBEDTLS_ASN1_INTEGER)
- * in ASN.1 format.
- *
- * \note This function works backwards in data buffer.
- *
- * \param p The reference to the current position pointer.
- * \param start The start of the buffer, for bounds-checking.
- * \param X The MPI to write.
- * It must be non-negative.
- *
- * \return The number of bytes written to \p p on success.
- * \return A negative \c MBEDTLS_ERR_ASN1_XXX error code on failure.
- */
-int mbedtls_asn1_write_mpi( unsigned char **p, const unsigned char *start,
- const mbedtls_mpi *X );
-#endif /* MBEDTLS_BIGNUM_C */
-
-/**
- * \brief Write a NULL tag (#MBEDTLS_ASN1_NULL) with zero data
- * in ASN.1 format.
- *
- * \note This function works backwards in data buffer.
- *
- * \param p The reference to the current position pointer.
- * \param start The start of the buffer, for bounds-checking.
- *
- * \return The number of bytes written to \p p on success.
- * \return A negative \c MBEDTLS_ERR_ASN1_XXX error code on failure.
- */
-int mbedtls_asn1_write_null( unsigned char **p, const unsigned char *start );
-
-/**
- * \brief Write an OID tag (#MBEDTLS_ASN1_OID) and data
- * in ASN.1 format.
- *
- * \note This function works backwards in data buffer.
- *
- * \param p The reference to the current position pointer.
- * \param start The start of the buffer, for bounds-checking.
- * \param oid The OID to write.
- * \param oid_len The length of the OID.
- *
- * \return The number of bytes written to \p p on success.
- * \return A negative \c MBEDTLS_ERR_ASN1_XXX error code on failure.
- */
-int mbedtls_asn1_write_oid( unsigned char **p, const unsigned char *start,
- const char *oid, size_t oid_len );
-
-/**
- * \brief Write an AlgorithmIdentifier sequence in ASN.1 format.
- *
- * \note This function works backwards in data buffer.
- *
- * \param p The reference to the current position pointer.
- * \param start The start of the buffer, for bounds-checking.
- * \param oid The OID of the algorithm to write.
- * \param oid_len The length of the algorithm's OID.
- * \param par_len The length of the parameters, which must be already written.
- * If 0, NULL parameters are added
- *
- * \return The number of bytes written to \p p on success.
- * \return A negative \c MBEDTLS_ERR_ASN1_XXX error code on failure.
- */
-int mbedtls_asn1_write_algorithm_identifier( unsigned char **p,
- const unsigned char *start,
- const char *oid, size_t oid_len,
- size_t par_len );
-
-/**
- * \brief Write a boolean tag (#MBEDTLS_ASN1_BOOLEAN) and value
- * in ASN.1 format.
- *
- * \note This function works backwards in data buffer.
- *
- * \param p The reference to the current position pointer.
- * \param start The start of the buffer, for bounds-checking.
- * \param boolean The boolean value to write, either \c 0 or \c 1.
- *
- * \return The number of bytes written to \p p on success.
- * \return A negative \c MBEDTLS_ERR_ASN1_XXX error code on failure.
- */
-int mbedtls_asn1_write_bool( unsigned char **p, const unsigned char *start,
- int boolean );
-
-/**
- * \brief Write an int tag (#MBEDTLS_ASN1_INTEGER) and value
- * in ASN.1 format.
- *
- * \note This function works backwards in data buffer.
- *
- * \param p The reference to the current position pointer.
- * \param start The start of the buffer, for bounds-checking.
- * \param val The integer value to write.
- * It must be non-negative.
- *
- * \return The number of bytes written to \p p on success.
- * \return A negative \c MBEDTLS_ERR_ASN1_XXX error code on failure.
- */
-int mbedtls_asn1_write_int( unsigned char **p, const unsigned char *start, int val );
-
-/**
- * \brief Write an enum tag (#MBEDTLS_ASN1_ENUMERATED) and value
- * in ASN.1 format.
- *
- * \note This function works backwards in data buffer.
- *
- * \param p The reference to the current position pointer.
- * \param start The start of the buffer, for bounds-checking.
- * \param val The integer value to write.
- *
- * \return The number of bytes written to \p p on success.
- * \return A negative \c MBEDTLS_ERR_ASN1_XXX error code on failure.
- */
-int mbedtls_asn1_write_enum( unsigned char **p, const unsigned char *start, int val );
-
-/**
- * \brief Write a string in ASN.1 format using a specific
- * string encoding tag.
-
- * \note This function works backwards in data buffer.
- *
- * \param p The reference to the current position pointer.
- * \param start The start of the buffer, for bounds-checking.
- * \param tag The string encoding tag to write, e.g.
- * #MBEDTLS_ASN1_UTF8_STRING.
- * \param text The string to write.
- * \param text_len The length of \p text in bytes (which might
- * be strictly larger than the number of characters).
- *
- * \return The number of bytes written to \p p on success.
- * \return A negative error code on failure.
- */
-int mbedtls_asn1_write_tagged_string( unsigned char **p, const unsigned char *start,
- int tag, const char *text,
- size_t text_len );
-
-/**
- * \brief Write a string in ASN.1 format using the PrintableString
- * string encoding tag (#MBEDTLS_ASN1_PRINTABLE_STRING).
- *
- * \note This function works backwards in data buffer.
- *
- * \param p The reference to the current position pointer.
- * \param start The start of the buffer, for bounds-checking.
- * \param text The string to write.
- * \param text_len The length of \p text in bytes (which might
- * be strictly larger than the number of characters).
- *
- * \return The number of bytes written to \p p on success.
- * \return A negative error code on failure.
- */
-int mbedtls_asn1_write_printable_string( unsigned char **p,
- const unsigned char *start,
- const char *text, size_t text_len );
-
-/**
- * \brief Write a UTF8 string in ASN.1 format using the UTF8String
- * string encoding tag (#MBEDTLS_ASN1_UTF8_STRING).
- *
- * \note This function works backwards in data buffer.
- *
- * \param p The reference to the current position pointer.
- * \param start The start of the buffer, for bounds-checking.
- * \param text The string to write.
- * \param text_len The length of \p text in bytes (which might
- * be strictly larger than the number of characters).
- *
- * \return The number of bytes written to \p p on success.
- * \return A negative error code on failure.
- */
-int mbedtls_asn1_write_utf8_string( unsigned char **p, const unsigned char *start,
- const char *text, size_t text_len );
-
-/**
- * \brief Write a string in ASN.1 format using the IA5String
- * string encoding tag (#MBEDTLS_ASN1_IA5_STRING).
- *
- * \note This function works backwards in data buffer.
- *
- * \param p The reference to the current position pointer.
- * \param start The start of the buffer, for bounds-checking.
- * \param text The string to write.
- * \param text_len The length of \p text in bytes (which might
- * be strictly larger than the number of characters).
- *
- * \return The number of bytes written to \p p on success.
- * \return A negative error code on failure.
- */
-int mbedtls_asn1_write_ia5_string( unsigned char **p, const unsigned char *start,
- const char *text, size_t text_len );
-
-/**
- * \brief Write a bitstring tag (#MBEDTLS_ASN1_BIT_STRING) and
- * value in ASN.1 format.
- *
- * \note This function works backwards in data buffer.
- *
- * \param p The reference to the current position pointer.
- * \param start The start of the buffer, for bounds-checking.
- * \param buf The bitstring to write.
- * \param bits The total number of bits in the bitstring.
- *
- * \return The number of bytes written to \p p on success.
- * \return A negative error code on failure.
- */
-int mbedtls_asn1_write_bitstring( unsigned char **p, const unsigned char *start,
- const unsigned char *buf, size_t bits );
-
-/**
- * \brief This function writes a named bitstring tag
- * (#MBEDTLS_ASN1_BIT_STRING) and value in ASN.1 format.
- *
- * As stated in RFC 5280 Appendix B, trailing zeroes are
- * omitted when encoding named bitstrings in DER.
- *
- * \note This function works backwards within the data buffer.
- *
- * \param p The reference to the current position pointer.
- * \param start The start of the buffer which is used for bounds-checking.
- * \param buf The bitstring to write.
- * \param bits The total number of bits in the bitstring.
- *
- * \return The number of bytes written to \p p on success.
- * \return A negative error code on failure.
- */
-int mbedtls_asn1_write_named_bitstring( unsigned char **p,
- const unsigned char *start,
- const unsigned char *buf,
- size_t bits );
-
-/**
- * \brief Write an octet string tag (#MBEDTLS_ASN1_OCTET_STRING)
- * and value in ASN.1 format.
- *
- * \note This function works backwards in data buffer.
- *
- * \param p The reference to the current position pointer.
- * \param start The start of the buffer, for bounds-checking.
- * \param buf The buffer holding the data to write.
- * \param size The length of the data buffer \p buf.
- *
- * \return The number of bytes written to \p p on success.
- * \return A negative error code on failure.
- */
-int mbedtls_asn1_write_octet_string( unsigned char **p, const unsigned char *start,
- const unsigned char *buf, size_t size );
-
-/**
- * \brief Create or find a specific named_data entry for writing in a
- * sequence or list based on the OID. If not already in there,
- * a new entry is added to the head of the list.
- * Warning: Destructive behaviour for the val data!
- *
- * \param list The pointer to the location of the head of the list to seek
- * through (will be updated in case of a new entry).
- * \param oid The OID to look for.
- * \param oid_len The size of the OID.
- * \param val The associated data to store. If this is \c NULL,
- * no data is copied to the new or existing buffer.
- * \param val_len The minimum length of the data buffer needed.
- * If this is 0, do not allocate a buffer for the associated
- * data.
- * If the OID was already present, enlarge, shrink or free
- * the existing buffer to fit \p val_len.
- *
- * \return A pointer to the new / existing entry on success.
- * \return \c NULL if if there was a memory allocation error.
- */
-mbedtls_asn1_named_data *mbedtls_asn1_store_named_data( mbedtls_asn1_named_data **list,
- const char *oid, size_t oid_len,
- const unsigned char *val,
- size_t val_len );
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* MBEDTLS_ASN1_WRITE_H */
diff --git a/mbedtls/base64.h b/mbedtls/base64.h
deleted file mode 100644
index 8378589..0000000
--- a/mbedtls/base64.h
+++ /dev/null
@@ -1,94 +0,0 @@
-/**
- * \file base64.h
- *
- * \brief RFC 1521 base64 encoding/decoding
- */
-/*
- * Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-#ifndef MBEDTLS_BASE64_H
-#define MBEDTLS_BASE64_H
-
-#include "mbedtls/build_info.h"
-
-#include
-
-/** Output buffer too small. */
-#define MBEDTLS_ERR_BASE64_BUFFER_TOO_SMALL -0x002A
-/** Invalid character in input. */
-#define MBEDTLS_ERR_BASE64_INVALID_CHARACTER -0x002C
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/**
- * \brief Encode a buffer into base64 format
- *
- * \param dst destination buffer
- * \param dlen size of the destination buffer
- * \param olen number of bytes written
- * \param src source buffer
- * \param slen amount of data to be encoded
- *
- * \return 0 if successful, or MBEDTLS_ERR_BASE64_BUFFER_TOO_SMALL.
- * *olen is always updated to reflect the amount
- * of data that has (or would have) been written.
- * If that length cannot be represented, then no data is
- * written to the buffer and *olen is set to the maximum
- * length representable as a size_t.
- *
- * \note Call this function with dlen = 0 to obtain the
- * required buffer size in *olen
- */
-int mbedtls_base64_encode( unsigned char *dst, size_t dlen, size_t *olen,
- const unsigned char *src, size_t slen );
-
-/**
- * \brief Decode a base64-formatted buffer
- *
- * \param dst destination buffer (can be NULL for checking size)
- * \param dlen size of the destination buffer
- * \param olen number of bytes written
- * \param src source buffer
- * \param slen amount of data to be decoded
- *
- * \return 0 if successful, MBEDTLS_ERR_BASE64_BUFFER_TOO_SMALL, or
- * MBEDTLS_ERR_BASE64_INVALID_CHARACTER if the input data is
- * not correct. *olen is always updated to reflect the amount
- * of data that has (or would have) been written.
- *
- * \note Call this function with *dst = NULL or dlen = 0 to obtain
- * the required buffer size in *olen
- */
-int mbedtls_base64_decode( unsigned char *dst, size_t dlen, size_t *olen,
- const unsigned char *src, size_t slen );
-
-#if defined(MBEDTLS_SELF_TEST)
-/**
- * \brief Checkup routine
- *
- * \return 0 if successful, or 1 if the test failed
- */
-int mbedtls_base64_self_test( int verbose );
-
-#endif /* MBEDTLS_SELF_TEST */
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* base64.h */
diff --git a/mbedtls/bignum.h b/mbedtls/bignum.h
deleted file mode 100644
index 45d3119..0000000
--- a/mbedtls/bignum.h
+++ /dev/null
@@ -1,1029 +0,0 @@
-/**
- * \file bignum.h
- *
- * \brief Multi-precision integer library
- */
-/*
- * Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-#ifndef MBEDTLS_BIGNUM_H
-#define MBEDTLS_BIGNUM_H
-#include "mbedtls/private_access.h"
-
-#include "mbedtls/build_info.h"
-
-#include
-#include
-
-#if defined(MBEDTLS_FS_IO)
-#include
-#endif
-
-/** An error occurred while reading from or writing to a file. */
-#define MBEDTLS_ERR_MPI_FILE_IO_ERROR -0x0002
-/** Bad input parameters to function. */
-#define MBEDTLS_ERR_MPI_BAD_INPUT_DATA -0x0004
-/** There is an invalid character in the digit string. */
-#define MBEDTLS_ERR_MPI_INVALID_CHARACTER -0x0006
-/** The buffer is too small to write to. */
-#define MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL -0x0008
-/** The input arguments are negative or result in illegal output. */
-#define MBEDTLS_ERR_MPI_NEGATIVE_VALUE -0x000A
-/** The input argument for division is zero, which is not allowed. */
-#define MBEDTLS_ERR_MPI_DIVISION_BY_ZERO -0x000C
-/** The input arguments are not acceptable. */
-#define MBEDTLS_ERR_MPI_NOT_ACCEPTABLE -0x000E
-/** Memory allocation failed. */
-#define MBEDTLS_ERR_MPI_ALLOC_FAILED -0x0010
-
-#define MBEDTLS_MPI_CHK(f) \
- do \
- { \
- if( ( ret = (f) ) != 0 ) \
- goto cleanup; \
- } while( 0 )
-
-/*
- * Maximum size MPIs are allowed to grow to in number of limbs.
- */
-#define MBEDTLS_MPI_MAX_LIMBS 10000
-
-#if !defined(MBEDTLS_MPI_WINDOW_SIZE)
-/*
- * Maximum window size used for modular exponentiation. Default: 6
- * Minimum value: 1. Maximum value: 6.
- *
- * Result is an array of ( 2 ** MBEDTLS_MPI_WINDOW_SIZE ) MPIs used
- * for the sliding window calculation. (So 64 by default)
- *
- * Reduction in size, reduces speed.
- */
-#define MBEDTLS_MPI_WINDOW_SIZE 6 /**< Maximum window size used. */
-#endif /* !MBEDTLS_MPI_WINDOW_SIZE */
-
-#if !defined(MBEDTLS_MPI_MAX_SIZE)
-/*
- * Maximum size of MPIs allowed in bits and bytes for user-MPIs.
- * ( Default: 512 bytes => 4096 bits, Maximum tested: 2048 bytes => 16384 bits )
- *
- * Note: Calculations can temporarily result in larger MPIs. So the number
- * of limbs required (MBEDTLS_MPI_MAX_LIMBS) is higher.
- */
-#define MBEDTLS_MPI_MAX_SIZE 1024 /**< Maximum number of bytes for usable MPIs. */
-#endif /* !MBEDTLS_MPI_MAX_SIZE */
-
-#define MBEDTLS_MPI_MAX_BITS ( 8 * MBEDTLS_MPI_MAX_SIZE ) /**< Maximum number of bits for usable MPIs. */
-
-/*
- * When reading from files with mbedtls_mpi_read_file() and writing to files with
- * mbedtls_mpi_write_file() the buffer should have space
- * for a (short) label, the MPI (in the provided radix), the newline
- * characters and the '\0'.
- *
- * By default we assume at least a 10 char label, a minimum radix of 10
- * (decimal) and a maximum of 4096 bit numbers (1234 decimal chars).
- * Autosized at compile time for at least a 10 char label, a minimum radix
- * of 10 (decimal) for a number of MBEDTLS_MPI_MAX_BITS size.
- *
- * This used to be statically sized to 1250 for a maximum of 4096 bit
- * numbers (1234 decimal chars).
- *
- * Calculate using the formula:
- * MBEDTLS_MPI_RW_BUFFER_SIZE = ceil(MBEDTLS_MPI_MAX_BITS / ln(10) * ln(2)) +
- * LabelSize + 6
- */
-#define MBEDTLS_MPI_MAX_BITS_SCALE100 ( 100 * MBEDTLS_MPI_MAX_BITS )
-#define MBEDTLS_LN_2_DIV_LN_10_SCALE100 332
-#define MBEDTLS_MPI_RW_BUFFER_SIZE ( ((MBEDTLS_MPI_MAX_BITS_SCALE100 + MBEDTLS_LN_2_DIV_LN_10_SCALE100 - 1) / MBEDTLS_LN_2_DIV_LN_10_SCALE100) + 10 + 6 )
-
-/*
- * Define the base integer type, architecture-wise.
- *
- * 32 or 64-bit integer types can be forced regardless of the underlying
- * architecture by defining MBEDTLS_HAVE_INT32 or MBEDTLS_HAVE_INT64
- * respectively and undefining MBEDTLS_HAVE_ASM.
- *
- * Double-width integers (e.g. 128-bit in 64-bit architectures) can be
- * disabled by defining MBEDTLS_NO_UDBL_DIVISION.
- */
-#if !defined(MBEDTLS_HAVE_INT32)
- #if defined(_MSC_VER) && defined(_M_AMD64)
- /* Always choose 64-bit when using MSC */
- #if !defined(MBEDTLS_HAVE_INT64)
- #define MBEDTLS_HAVE_INT64
- #endif /* !MBEDTLS_HAVE_INT64 */
- typedef int64_t mbedtls_mpi_sint;
- typedef uint64_t mbedtls_mpi_uint;
- #elif defined(__GNUC__) && ( \
- defined(__amd64__) || defined(__x86_64__) || \
- defined(__ppc64__) || defined(__powerpc64__) || \
- defined(__ia64__) || defined(__alpha__) || \
- ( defined(__sparc__) && defined(__arch64__) ) || \
- defined(__s390x__) || defined(__mips64) || \
- defined(__aarch64__) )
- #if !defined(MBEDTLS_HAVE_INT64)
- #define MBEDTLS_HAVE_INT64
- #endif /* MBEDTLS_HAVE_INT64 */
- typedef int64_t mbedtls_mpi_sint;
- typedef uint64_t mbedtls_mpi_uint;
- #if !defined(MBEDTLS_NO_UDBL_DIVISION)
- /* mbedtls_t_udbl defined as 128-bit unsigned int */
- typedef unsigned int mbedtls_t_udbl __attribute__((mode(TI)));
- #define MBEDTLS_HAVE_UDBL
- #endif /* !MBEDTLS_NO_UDBL_DIVISION */
- #elif defined(__ARMCC_VERSION) && defined(__aarch64__)
- /*
- * __ARMCC_VERSION is defined for both armcc and armclang and
- * __aarch64__ is only defined by armclang when compiling 64-bit code
- */
- #if !defined(MBEDTLS_HAVE_INT64)
- #define MBEDTLS_HAVE_INT64
- #endif /* !MBEDTLS_HAVE_INT64 */
- typedef int64_t mbedtls_mpi_sint;
- typedef uint64_t mbedtls_mpi_uint;
- #if !defined(MBEDTLS_NO_UDBL_DIVISION)
- /* mbedtls_t_udbl defined as 128-bit unsigned int */
- typedef __uint128_t mbedtls_t_udbl;
- #define MBEDTLS_HAVE_UDBL
- #endif /* !MBEDTLS_NO_UDBL_DIVISION */
- #elif defined(MBEDTLS_HAVE_INT64)
- /* Force 64-bit integers with unknown compiler */
- typedef int64_t mbedtls_mpi_sint;
- typedef uint64_t mbedtls_mpi_uint;
- #endif
-#endif /* !MBEDTLS_HAVE_INT32 */
-
-#if !defined(MBEDTLS_HAVE_INT64)
- /* Default to 32-bit compilation */
- #if !defined(MBEDTLS_HAVE_INT32)
- #define MBEDTLS_HAVE_INT32
- #endif /* !MBEDTLS_HAVE_INT32 */
- typedef int32_t mbedtls_mpi_sint;
- typedef uint32_t mbedtls_mpi_uint;
- #if !defined(MBEDTLS_NO_UDBL_DIVISION)
- typedef uint64_t mbedtls_t_udbl;
- #define MBEDTLS_HAVE_UDBL
- #endif /* !MBEDTLS_NO_UDBL_DIVISION */
-#endif /* !MBEDTLS_HAVE_INT64 */
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/**
- * \brief MPI structure
- */
-typedef struct mbedtls_mpi
-{
- int MBEDTLS_PRIVATE(s); /*!< Sign: -1 if the mpi is negative, 1 otherwise */
- size_t MBEDTLS_PRIVATE(n); /*!< total # of limbs */
- mbedtls_mpi_uint *MBEDTLS_PRIVATE(p); /*!< pointer to limbs */
-}
-mbedtls_mpi;
-
-/**
- * \brief Initialize an MPI context.
- *
- * This makes the MPI ready to be set or freed,
- * but does not define a value for the MPI.
- *
- * \param X The MPI context to initialize. This must not be \c NULL.
- */
-void mbedtls_mpi_init( mbedtls_mpi *X );
-
-/**
- * \brief This function frees the components of an MPI context.
- *
- * \param X The MPI context to be cleared. This may be \c NULL,
- * in which case this function is a no-op. If it is
- * not \c NULL, it must point to an initialized MPI.
- */
-void mbedtls_mpi_free( mbedtls_mpi *X );
-
-/**
- * \brief Enlarge an MPI to the specified number of limbs.
- *
- * \note This function does nothing if the MPI is
- * already large enough.
- *
- * \param X The MPI to grow. It must be initialized.
- * \param nblimbs The target number of limbs.
- *
- * \return \c 0 if successful.
- * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed.
- * \return Another negative error code on other kinds of failure.
- */
-int mbedtls_mpi_grow( mbedtls_mpi *X, size_t nblimbs );
-
-/**
- * \brief This function resizes an MPI downwards, keeping at least the
- * specified number of limbs.
- *
- * If \c X is smaller than \c nblimbs, it is resized up
- * instead.
- *
- * \param X The MPI to shrink. This must point to an initialized MPI.
- * \param nblimbs The minimum number of limbs to keep.
- *
- * \return \c 0 if successful.
- * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed
- * (this can only happen when resizing up).
- * \return Another negative error code on other kinds of failure.
- */
-int mbedtls_mpi_shrink( mbedtls_mpi *X, size_t nblimbs );
-
-/**
- * \brief Make a copy of an MPI.
- *
- * \param X The destination MPI. This must point to an initialized MPI.
- * \param Y The source MPI. This must point to an initialized MPI.
- *
- * \note The limb-buffer in the destination MPI is enlarged
- * if necessary to hold the value in the source MPI.
- *
- * \return \c 0 if successful.
- * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed.
- * \return Another negative error code on other kinds of failure.
- */
-int mbedtls_mpi_copy( mbedtls_mpi *X, const mbedtls_mpi *Y );
-
-/**
- * \brief Swap the contents of two MPIs.
- *
- * \param X The first MPI. It must be initialized.
- * \param Y The second MPI. It must be initialized.
- */
-void mbedtls_mpi_swap( mbedtls_mpi *X, mbedtls_mpi *Y );
-
-/**
- * \brief Perform a safe conditional copy of MPI which doesn't
- * reveal whether the condition was true or not.
- *
- * \param X The MPI to conditionally assign to. This must point
- * to an initialized MPI.
- * \param Y The MPI to be assigned from. This must point to an
- * initialized MPI.
- * \param assign The condition deciding whether to perform the
- * assignment or not. Possible values:
- * * \c 1: Perform the assignment `X = Y`.
- * * \c 0: Keep the original value of \p X.
- *
- * \note This function is equivalent to
- * `if( assign ) mbedtls_mpi_copy( X, Y );`
- * except that it avoids leaking any information about whether
- * the assignment was done or not (the above code may leak
- * information through branch prediction and/or memory access
- * patterns analysis).
- *
- * \return \c 0 if successful.
- * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed.
- * \return Another negative error code on other kinds of failure.
- */
-int mbedtls_mpi_safe_cond_assign( mbedtls_mpi *X, const mbedtls_mpi *Y, unsigned char assign );
-
-/**
- * \brief Perform a safe conditional swap which doesn't
- * reveal whether the condition was true or not.
- *
- * \param X The first MPI. This must be initialized.
- * \param Y The second MPI. This must be initialized.
- * \param assign The condition deciding whether to perform
- * the swap or not. Possible values:
- * * \c 1: Swap the values of \p X and \p Y.
- * * \c 0: Keep the original values of \p X and \p Y.
- *
- * \note This function is equivalent to
- * if( assign ) mbedtls_mpi_swap( X, Y );
- * except that it avoids leaking any information about whether
- * the assignment was done or not (the above code may leak
- * information through branch prediction and/or memory access
- * patterns analysis).
- *
- * \return \c 0 if successful.
- * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed.
- * \return Another negative error code on other kinds of failure.
- *
- */
-int mbedtls_mpi_safe_cond_swap( mbedtls_mpi *X, mbedtls_mpi *Y, unsigned char assign );
-
-/**
- * \brief Store integer value in MPI.
- *
- * \param X The MPI to set. This must be initialized.
- * \param z The value to use.
- *
- * \return \c 0 if successful.
- * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed.
- * \return Another negative error code on other kinds of failure.
- */
-int mbedtls_mpi_lset( mbedtls_mpi *X, mbedtls_mpi_sint z );
-
-/**
- * \brief Get a specific bit from an MPI.
- *
- * \param X The MPI to query. This must be initialized.
- * \param pos Zero-based index of the bit to query.
- *
- * \return \c 0 or \c 1 on success, depending on whether bit \c pos
- * of \c X is unset or set.
- * \return A negative error code on failure.
- */
-int mbedtls_mpi_get_bit( const mbedtls_mpi *X, size_t pos );
-
-/**
- * \brief Modify a specific bit in an MPI.
- *
- * \note This function will grow the target MPI if necessary to set a
- * bit to \c 1 in a not yet existing limb. It will not grow if
- * the bit should be set to \c 0.
- *
- * \param X The MPI to modify. This must be initialized.
- * \param pos Zero-based index of the bit to modify.
- * \param val The desired value of bit \c pos: \c 0 or \c 1.
- *
- * \return \c 0 if successful.
- * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed.
- * \return Another negative error code on other kinds of failure.
- */
-int mbedtls_mpi_set_bit( mbedtls_mpi *X, size_t pos, unsigned char val );
-
-/**
- * \brief Return the number of bits of value \c 0 before the
- * least significant bit of value \c 1.
- *
- * \note This is the same as the zero-based index of
- * the least significant bit of value \c 1.
- *
- * \param X The MPI to query.
- *
- * \return The number of bits of value \c 0 before the least significant
- * bit of value \c 1 in \p X.
- */
-size_t mbedtls_mpi_lsb( const mbedtls_mpi *X );
-
-/**
- * \brief Return the number of bits up to and including the most
- * significant bit of value \c 1.
- *
- * * \note This is same as the one-based index of the most
- * significant bit of value \c 1.
- *
- * \param X The MPI to query. This must point to an initialized MPI.
- *
- * \return The number of bits up to and including the most
- * significant bit of value \c 1.
- */
-size_t mbedtls_mpi_bitlen( const mbedtls_mpi *X );
-
-/**
- * \brief Return the total size of an MPI value in bytes.
- *
- * \param X The MPI to use. This must point to an initialized MPI.
- *
- * \note The value returned by this function may be less than
- * the number of bytes used to store \p X internally.
- * This happens if and only if there are trailing bytes
- * of value zero.
- *
- * \return The least number of bytes capable of storing
- * the absolute value of \p X.
- */
-size_t mbedtls_mpi_size( const mbedtls_mpi *X );
-
-/**
- * \brief Import an MPI from an ASCII string.
- *
- * \param X The destination MPI. This must point to an initialized MPI.
- * \param radix The numeric base of the input string.
- * \param s Null-terminated string buffer.
- *
- * \return \c 0 if successful.
- * \return A negative error code on failure.
- */
-int mbedtls_mpi_read_string( mbedtls_mpi *X, int radix, const char *s );
-
-/**
- * \brief Export an MPI to an ASCII string.
- *
- * \param X The source MPI. This must point to an initialized MPI.
- * \param radix The numeric base of the output string.
- * \param buf The buffer to write the string to. This must be writable
- * buffer of length \p buflen Bytes.
- * \param buflen The available size in Bytes of \p buf.
- * \param olen The address at which to store the length of the string
- * written, including the final \c NULL byte. This must
- * not be \c NULL.
- *
- * \note You can call this function with `buflen == 0` to obtain the
- * minimum required buffer size in `*olen`.
- *
- * \return \c 0 if successful.
- * \return #MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL if the target buffer \p buf
- * is too small to hold the value of \p X in the desired base.
- * In this case, `*olen` is nonetheless updated to contain the
- * size of \p buf required for a successful call.
- * \return Another negative error code on different kinds of failure.
- */
-int mbedtls_mpi_write_string( const mbedtls_mpi *X, int radix,
- char *buf, size_t buflen, size_t *olen );
-
-#if defined(MBEDTLS_FS_IO)
-/**
- * \brief Read an MPI from a line in an opened file.
- *
- * \param X The destination MPI. This must point to an initialized MPI.
- * \param radix The numeric base of the string representation used
- * in the source line.
- * \param fin The input file handle to use. This must not be \c NULL.
- *
- * \note On success, this function advances the file stream
- * to the end of the current line or to EOF.
- *
- * The function returns \c 0 on an empty line.
- *
- * Leading whitespaces are ignored, as is a
- * '0x' prefix for radix \c 16.
- *
- * \return \c 0 if successful.
- * \return #MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL if the file read buffer
- * is too small.
- * \return Another negative error code on failure.
- */
-int mbedtls_mpi_read_file( mbedtls_mpi *X, int radix, FILE *fin );
-
-/**
- * \brief Export an MPI into an opened file.
- *
- * \param p A string prefix to emit prior to the MPI data.
- * For example, this might be a label, or "0x" when
- * printing in base \c 16. This may be \c NULL if no prefix
- * is needed.
- * \param X The source MPI. This must point to an initialized MPI.
- * \param radix The numeric base to be used in the emitted string.
- * \param fout The output file handle. This may be \c NULL, in which case
- * the output is written to \c stdout.
- *
- * \return \c 0 if successful.
- * \return A negative error code on failure.
- */
-int mbedtls_mpi_write_file( const char *p, const mbedtls_mpi *X,
- int radix, FILE *fout );
-#endif /* MBEDTLS_FS_IO */
-
-/**
- * \brief Import an MPI from unsigned big endian binary data.
- *
- * \param X The destination MPI. This must point to an initialized MPI.
- * \param buf The input buffer. This must be a readable buffer of length
- * \p buflen Bytes.
- * \param buflen The length of the input buffer \p p in Bytes.
- *
- * \return \c 0 if successful.
- * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed.
- * \return Another negative error code on different kinds of failure.
- */
-int mbedtls_mpi_read_binary( mbedtls_mpi *X, const unsigned char *buf,
- size_t buflen );
-
-/**
- * \brief Import X from unsigned binary data, little endian
- *
- * \param X The destination MPI. This must point to an initialized MPI.
- * \param buf The input buffer. This must be a readable buffer of length
- * \p buflen Bytes.
- * \param buflen The length of the input buffer \p p in Bytes.
- *
- * \return \c 0 if successful.
- * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed.
- * \return Another negative error code on different kinds of failure.
- */
-int mbedtls_mpi_read_binary_le( mbedtls_mpi *X,
- const unsigned char *buf, size_t buflen );
-
-/**
- * \brief Export X into unsigned binary data, big endian.
- * Always fills the whole buffer, which will start with zeros
- * if the number is smaller.
- *
- * \param X The source MPI. This must point to an initialized MPI.
- * \param buf The output buffer. This must be a writable buffer of length
- * \p buflen Bytes.
- * \param buflen The size of the output buffer \p buf in Bytes.
- *
- * \return \c 0 if successful.
- * \return #MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL if \p buf isn't
- * large enough to hold the value of \p X.
- * \return Another negative error code on different kinds of failure.
- */
-int mbedtls_mpi_write_binary( const mbedtls_mpi *X, unsigned char *buf,
- size_t buflen );
-
-/**
- * \brief Export X into unsigned binary data, little endian.
- * Always fills the whole buffer, which will end with zeros
- * if the number is smaller.
- *
- * \param X The source MPI. This must point to an initialized MPI.
- * \param buf The output buffer. This must be a writable buffer of length
- * \p buflen Bytes.
- * \param buflen The size of the output buffer \p buf in Bytes.
- *
- * \return \c 0 if successful.
- * \return #MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL if \p buf isn't
- * large enough to hold the value of \p X.
- * \return Another negative error code on different kinds of failure.
- */
-int mbedtls_mpi_write_binary_le( const mbedtls_mpi *X,
- unsigned char *buf, size_t buflen );
-
-/**
- * \brief Perform a left-shift on an MPI: X <<= count
- *
- * \param X The MPI to shift. This must point to an initialized MPI.
- * \param count The number of bits to shift by.
- *
- * \return \c 0 if successful.
- * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed.
- * \return Another negative error code on different kinds of failure.
- */
-int mbedtls_mpi_shift_l( mbedtls_mpi *X, size_t count );
-
-/**
- * \brief Perform a right-shift on an MPI: X >>= count
- *
- * \param X The MPI to shift. This must point to an initialized MPI.
- * \param count The number of bits to shift by.
- *
- * \return \c 0 if successful.
- * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed.
- * \return Another negative error code on different kinds of failure.
- */
-int mbedtls_mpi_shift_r( mbedtls_mpi *X, size_t count );
-
-/**
- * \brief Compare the absolute values of two MPIs.
- *
- * \param X The left-hand MPI. This must point to an initialized MPI.
- * \param Y The right-hand MPI. This must point to an initialized MPI.
- *
- * \return \c 1 if `|X|` is greater than `|Y|`.
- * \return \c -1 if `|X|` is lesser than `|Y|`.
- * \return \c 0 if `|X|` is equal to `|Y|`.
- */
-int mbedtls_mpi_cmp_abs( const mbedtls_mpi *X, const mbedtls_mpi *Y );
-
-/**
- * \brief Compare two MPIs.
- *
- * \param X The left-hand MPI. This must point to an initialized MPI.
- * \param Y The right-hand MPI. This must point to an initialized MPI.
- *
- * \return \c 1 if \p X is greater than \p Y.
- * \return \c -1 if \p X is lesser than \p Y.
- * \return \c 0 if \p X is equal to \p Y.
- */
-int mbedtls_mpi_cmp_mpi( const mbedtls_mpi *X, const mbedtls_mpi *Y );
-
-/**
- * \brief Check if an MPI is less than the other in constant time.
- *
- * \param X The left-hand MPI. This must point to an initialized MPI
- * with the same allocated length as Y.
- * \param Y The right-hand MPI. This must point to an initialized MPI
- * with the same allocated length as X.
- * \param ret The result of the comparison:
- * \c 1 if \p X is less than \p Y.
- * \c 0 if \p X is greater than or equal to \p Y.
- *
- * \return 0 on success.
- * \return MBEDTLS_ERR_MPI_BAD_INPUT_DATA if the allocated length of
- * the two input MPIs is not the same.
- */
-int mbedtls_mpi_lt_mpi_ct( const mbedtls_mpi *X, const mbedtls_mpi *Y,
- unsigned *ret );
-
-/**
- * \brief Compare an MPI with an integer.
- *
- * \param X The left-hand MPI. This must point to an initialized MPI.
- * \param z The integer value to compare \p X to.
- *
- * \return \c 1 if \p X is greater than \p z.
- * \return \c -1 if \p X is lesser than \p z.
- * \return \c 0 if \p X is equal to \p z.
- */
-int mbedtls_mpi_cmp_int( const mbedtls_mpi *X, mbedtls_mpi_sint z );
-
-/**
- * \brief Perform an unsigned addition of MPIs: X = |A| + |B|
- *
- * \param X The destination MPI. This must point to an initialized MPI.
- * \param A The first summand. This must point to an initialized MPI.
- * \param B The second summand. This must point to an initialized MPI.
- *
- * \return \c 0 if successful.
- * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed.
- * \return Another negative error code on different kinds of failure.
- */
-int mbedtls_mpi_add_abs( mbedtls_mpi *X, const mbedtls_mpi *A,
- const mbedtls_mpi *B );
-
-/**
- * \brief Perform an unsigned subtraction of MPIs: X = |A| - |B|
- *
- * \param X The destination MPI. This must point to an initialized MPI.
- * \param A The minuend. This must point to an initialized MPI.
- * \param B The subtrahend. This must point to an initialized MPI.
- *
- * \return \c 0 if successful.
- * \return #MBEDTLS_ERR_MPI_NEGATIVE_VALUE if \p B is greater than \p A.
- * \return Another negative error code on different kinds of failure.
- *
- */
-int mbedtls_mpi_sub_abs( mbedtls_mpi *X, const mbedtls_mpi *A,
- const mbedtls_mpi *B );
-
-/**
- * \brief Perform a signed addition of MPIs: X = A + B
- *
- * \param X The destination MPI. This must point to an initialized MPI.
- * \param A The first summand. This must point to an initialized MPI.
- * \param B The second summand. This must point to an initialized MPI.
- *
- * \return \c 0 if successful.
- * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed.
- * \return Another negative error code on different kinds of failure.
- */
-int mbedtls_mpi_add_mpi( mbedtls_mpi *X, const mbedtls_mpi *A,
- const mbedtls_mpi *B );
-
-/**
- * \brief Perform a signed subtraction of MPIs: X = A - B
- *
- * \param X The destination MPI. This must point to an initialized MPI.
- * \param A The minuend. This must point to an initialized MPI.
- * \param B The subtrahend. This must point to an initialized MPI.
- *
- * \return \c 0 if successful.
- * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed.
- * \return Another negative error code on different kinds of failure.
- */
-int mbedtls_mpi_sub_mpi( mbedtls_mpi *X, const mbedtls_mpi *A,
- const mbedtls_mpi *B );
-
-/**
- * \brief Perform a signed addition of an MPI and an integer: X = A + b
- *
- * \param X The destination MPI. This must point to an initialized MPI.
- * \param A The first summand. This must point to an initialized MPI.
- * \param b The second summand.
- *
- * \return \c 0 if successful.
- * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed.
- * \return Another negative error code on different kinds of failure.
- */
-int mbedtls_mpi_add_int( mbedtls_mpi *X, const mbedtls_mpi *A,
- mbedtls_mpi_sint b );
-
-/**
- * \brief Perform a signed subtraction of an MPI and an integer:
- * X = A - b
- *
- * \param X The destination MPI. This must point to an initialized MPI.
- * \param A The minuend. This must point to an initialized MPI.
- * \param b The subtrahend.
- *
- * \return \c 0 if successful.
- * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed.
- * \return Another negative error code on different kinds of failure.
- */
-int mbedtls_mpi_sub_int( mbedtls_mpi *X, const mbedtls_mpi *A,
- mbedtls_mpi_sint b );
-
-/**
- * \brief Perform a multiplication of two MPIs: X = A * B
- *
- * \param X The destination MPI. This must point to an initialized MPI.
- * \param A The first factor. This must point to an initialized MPI.
- * \param B The second factor. This must point to an initialized MPI.
- *
- * \return \c 0 if successful.
- * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed.
- * \return Another negative error code on different kinds of failure.
- *
- */
-int mbedtls_mpi_mul_mpi( mbedtls_mpi *X, const mbedtls_mpi *A,
- const mbedtls_mpi *B );
-
-/**
- * \brief Perform a multiplication of an MPI with an unsigned integer:
- * X = A * b
- *
- * \param X The destination MPI. This must point to an initialized MPI.
- * \param A The first factor. This must point to an initialized MPI.
- * \param b The second factor.
- *
- * \return \c 0 if successful.
- * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed.
- * \return Another negative error code on different kinds of failure.
- *
- */
-int mbedtls_mpi_mul_int( mbedtls_mpi *X, const mbedtls_mpi *A,
- mbedtls_mpi_uint b );
-
-/**
- * \brief Perform a division with remainder of two MPIs:
- * A = Q * B + R
- *
- * \param Q The destination MPI for the quotient.
- * This may be \c NULL if the value of the
- * quotient is not needed.
- * \param R The destination MPI for the remainder value.
- * This may be \c NULL if the value of the
- * remainder is not needed.
- * \param A The dividend. This must point to an initialized MPi.
- * \param B The divisor. This must point to an initialized MPI.
- *
- * \return \c 0 if successful.
- * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed.
- * \return #MBEDTLS_ERR_MPI_DIVISION_BY_ZERO if \p B equals zero.
- * \return Another negative error code on different kinds of failure.
- */
-int mbedtls_mpi_div_mpi( mbedtls_mpi *Q, mbedtls_mpi *R, const mbedtls_mpi *A,
- const mbedtls_mpi *B );
-
-/**
- * \brief Perform a division with remainder of an MPI by an integer:
- * A = Q * b + R
- *
- * \param Q The destination MPI for the quotient.
- * This may be \c NULL if the value of the
- * quotient is not needed.
- * \param R The destination MPI for the remainder value.
- * This may be \c NULL if the value of the
- * remainder is not needed.
- * \param A The dividend. This must point to an initialized MPi.
- * \param b The divisor.
- *
- * \return \c 0 if successful.
- * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed.
- * \return #MBEDTLS_ERR_MPI_DIVISION_BY_ZERO if \p b equals zero.
- * \return Another negative error code on different kinds of failure.
- */
-int mbedtls_mpi_div_int( mbedtls_mpi *Q, mbedtls_mpi *R, const mbedtls_mpi *A,
- mbedtls_mpi_sint b );
-
-/**
- * \brief Perform a modular reduction. R = A mod B
- *
- * \param R The destination MPI for the residue value.
- * This must point to an initialized MPI.
- * \param A The MPI to compute the residue of.
- * This must point to an initialized MPI.
- * \param B The base of the modular reduction.
- * This must point to an initialized MPI.
- *
- * \return \c 0 if successful.
- * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed.
- * \return #MBEDTLS_ERR_MPI_DIVISION_BY_ZERO if \p B equals zero.
- * \return #MBEDTLS_ERR_MPI_NEGATIVE_VALUE if \p B is negative.
- * \return Another negative error code on different kinds of failure.
- *
- */
-int mbedtls_mpi_mod_mpi( mbedtls_mpi *R, const mbedtls_mpi *A,
- const mbedtls_mpi *B );
-
-/**
- * \brief Perform a modular reduction with respect to an integer.
- * r = A mod b
- *
- * \param r The address at which to store the residue.
- * This must not be \c NULL.
- * \param A The MPI to compute the residue of.
- * This must point to an initialized MPi.
- * \param b The integer base of the modular reduction.
- *
- * \return \c 0 if successful.
- * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed.
- * \return #MBEDTLS_ERR_MPI_DIVISION_BY_ZERO if \p b equals zero.
- * \return #MBEDTLS_ERR_MPI_NEGATIVE_VALUE if \p b is negative.
- * \return Another negative error code on different kinds of failure.
- */
-int mbedtls_mpi_mod_int( mbedtls_mpi_uint *r, const mbedtls_mpi *A,
- mbedtls_mpi_sint b );
-
-/**
- * \brief Perform a sliding-window exponentiation: X = A^E mod N
- *
- * \param X The destination MPI. This must point to an initialized MPI.
- * \param A The base of the exponentiation.
- * This must point to an initialized MPI.
- * \param E The exponent MPI. This must point to an initialized MPI.
- * \param N The base for the modular reduction. This must point to an
- * initialized MPI.
- * \param prec_RR A helper MPI depending solely on \p N which can be used to
- * speed-up multiple modular exponentiations for the same value
- * of \p N. This may be \c NULL. If it is not \c NULL, it must
- * point to an initialized MPI. If it hasn't been used after
- * the call to mbedtls_mpi_init(), this function will compute
- * the helper value and store it in \p prec_RR for reuse on
- * subsequent calls to this function. Otherwise, the function
- * will assume that \p prec_RR holds the helper value set by a
- * previous call to mbedtls_mpi_exp_mod(), and reuse it.
- *
- * \return \c 0 if successful.
- * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed.
- * \return #MBEDTLS_ERR_MPI_BAD_INPUT_DATA if \c N is negative or
- * even, or if \c E is negative.
- * \return Another negative error code on different kinds of failures.
- *
- */
-int mbedtls_mpi_exp_mod( mbedtls_mpi *X, const mbedtls_mpi *A,
- const mbedtls_mpi *E, const mbedtls_mpi *N,
- mbedtls_mpi *prec_RR );
-
-/**
- * \brief Fill an MPI with a number of random bytes.
- *
- * \param X The destination MPI. This must point to an initialized MPI.
- * \param size The number of random bytes to generate.
- * \param f_rng The RNG function to use. This must not be \c NULL.
- * \param p_rng The RNG parameter to be passed to \p f_rng. This may be
- * \c NULL if \p f_rng doesn't need a context argument.
- *
- * \return \c 0 if successful.
- * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed.
- * \return Another negative error code on failure.
- *
- * \note The bytes obtained from the RNG are interpreted
- * as a big-endian representation of an MPI; this can
- * be relevant in applications like deterministic ECDSA.
- */
-int mbedtls_mpi_fill_random( mbedtls_mpi *X, size_t size,
- int (*f_rng)(void *, unsigned char *, size_t),
- void *p_rng );
-
-/** Generate a random number uniformly in a range.
- *
- * This function generates a random number between \p min inclusive and
- * \p N exclusive.
- *
- * The procedure complies with RFC 6979 §3.3 (deterministic ECDSA)
- * when the RNG is a suitably parametrized instance of HMAC_DRBG
- * and \p min is \c 1.
- *
- * \note There are `N - min` possible outputs. The lower bound
- * \p min can be reached, but the upper bound \p N cannot.
- *
- * \param X The destination MPI. This must point to an initialized MPI.
- * \param min The minimum value to return.
- * It must be nonnegative.
- * \param N The upper bound of the range, exclusive.
- * In other words, this is one plus the maximum value to return.
- * \p N must be strictly larger than \p min.
- * \param f_rng The RNG function to use. This must not be \c NULL.
- * \param p_rng The RNG parameter to be passed to \p f_rng.
- *
- * \return \c 0 if successful.
- * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed.
- * \return #MBEDTLS_ERR_MPI_BAD_INPUT_DATA if \p min or \p N is invalid
- * or if they are incompatible.
- * \return #MBEDTLS_ERR_MPI_NOT_ACCEPTABLE if the implementation was
- * unable to find a suitable value within a limited number
- * of attempts. This has a negligible probability if \p N
- * is significantly larger than \p min, which is the case
- * for all usual cryptographic applications.
- * \return Another negative error code on failure.
- */
-int mbedtls_mpi_random( mbedtls_mpi *X,
- mbedtls_mpi_sint min,
- const mbedtls_mpi *N,
- int (*f_rng)(void *, unsigned char *, size_t),
- void *p_rng );
-
-/**
- * \brief Compute the greatest common divisor: G = gcd(A, B)
- *
- * \param G The destination MPI. This must point to an initialized MPI.
- * \param A The first operand. This must point to an initialized MPI.
- * \param B The second operand. This must point to an initialized MPI.
- *
- * \return \c 0 if successful.
- * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed.
- * \return Another negative error code on different kinds of failure.
- */
-int mbedtls_mpi_gcd( mbedtls_mpi *G, const mbedtls_mpi *A,
- const mbedtls_mpi *B );
-
-/**
- * \brief Compute the modular inverse: X = A^-1 mod N
- *
- * \param X The destination MPI. This must point to an initialized MPI.
- * \param A The MPI to calculate the modular inverse of. This must point
- * to an initialized MPI.
- * \param N The base of the modular inversion. This must point to an
- * initialized MPI.
- *
- * \return \c 0 if successful.
- * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed.
- * \return #MBEDTLS_ERR_MPI_BAD_INPUT_DATA if \p N is less than
- * or equal to one.
- * \return #MBEDTLS_ERR_MPI_NOT_ACCEPTABLE if \p has no modular inverse
- * with respect to \p N.
- */
-int mbedtls_mpi_inv_mod( mbedtls_mpi *X, const mbedtls_mpi *A,
- const mbedtls_mpi *N );
-
-/**
- * \brief Miller-Rabin primality test.
- *
- * \warning If \p X is potentially generated by an adversary, for example
- * when validating cryptographic parameters that you didn't
- * generate yourself and that are supposed to be prime, then
- * \p rounds should be at least the half of the security
- * strength of the cryptographic algorithm. On the other hand,
- * if \p X is chosen uniformly or non-adversially (as is the
- * case when mbedtls_mpi_gen_prime calls this function), then
- * \p rounds can be much lower.
- *
- * \param X The MPI to check for primality.
- * This must point to an initialized MPI.
- * \param rounds The number of bases to perform the Miller-Rabin primality
- * test for. The probability of returning 0 on a composite is
- * at most 2-2*\p rounds.
- * \param f_rng The RNG function to use. This must not be \c NULL.
- * \param p_rng The RNG parameter to be passed to \p f_rng.
- * This may be \c NULL if \p f_rng doesn't use
- * a context parameter.
- *
- * \return \c 0 if successful, i.e. \p X is probably prime.
- * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed.
- * \return #MBEDTLS_ERR_MPI_NOT_ACCEPTABLE if \p X is not prime.
- * \return Another negative error code on other kinds of failure.
- */
-int mbedtls_mpi_is_prime_ext( const mbedtls_mpi *X, int rounds,
- int (*f_rng)(void *, unsigned char *, size_t),
- void *p_rng );
-/**
- * \brief Flags for mbedtls_mpi_gen_prime()
- *
- * Each of these flags is a constraint on the result X returned by
- * mbedtls_mpi_gen_prime().
- */
-typedef enum {
- MBEDTLS_MPI_GEN_PRIME_FLAG_DH = 0x0001, /**< (X-1)/2 is prime too */
- MBEDTLS_MPI_GEN_PRIME_FLAG_LOW_ERR = 0x0002, /**< lower error rate from 2-80 to 2-128 */
-} mbedtls_mpi_gen_prime_flag_t;
-
-/**
- * \brief Generate a prime number.
- *
- * \param X The destination MPI to store the generated prime in.
- * This must point to an initialized MPi.
- * \param nbits The required size of the destination MPI in bits.
- * This must be between \c 3 and #MBEDTLS_MPI_MAX_BITS.
- * \param flags A mask of flags of type #mbedtls_mpi_gen_prime_flag_t.
- * \param f_rng The RNG function to use. This must not be \c NULL.
- * \param p_rng The RNG parameter to be passed to \p f_rng.
- * This may be \c NULL if \p f_rng doesn't use
- * a context parameter.
- *
- * \return \c 0 if successful, in which case \p X holds a
- * probably prime number.
- * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed.
- * \return #MBEDTLS_ERR_MPI_BAD_INPUT_DATA if `nbits` is not between
- * \c 3 and #MBEDTLS_MPI_MAX_BITS.
- */
-int mbedtls_mpi_gen_prime( mbedtls_mpi *X, size_t nbits, int flags,
- int (*f_rng)(void *, unsigned char *, size_t),
- void *p_rng );
-
-#if defined(MBEDTLS_SELF_TEST)
-
-/**
- * \brief Checkup routine
- *
- * \return 0 if successful, or 1 if the test failed
- */
-int mbedtls_mpi_self_test( int verbose );
-
-#endif /* MBEDTLS_SELF_TEST */
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* bignum.h */
diff --git a/mbedtls/build_info.h b/mbedtls/build_info.h
deleted file mode 100644
index cef6566..0000000
--- a/mbedtls/build_info.h
+++ /dev/null
@@ -1,83 +0,0 @@
-/**
- * \file build_info.h
- *
- * \brief Build-time configuration info
- *
- * Include this file if you need to depend on the
- * configuration options defined in mbedtls_config.h or MBEDTLS_CONFIG_FILE
- */
- /*
- * Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-#ifndef MBEDTLS_BUILD_INFO_H
-#define MBEDTLS_BUILD_INFO_H
-
-/*
- * This set of compile-time defines can be used to determine the version number
- * of the Mbed TLS library used. Run-time variables for the same can be found in
- * version.h
- */
-
-/**
- * The version number x.y.z is split into three parts.
- * Major, Minor, Patchlevel
- */
-#define MBEDTLS_VERSION_MAJOR 3
-#define MBEDTLS_VERSION_MINOR 1
-#define MBEDTLS_VERSION_PATCH 0
-
-/**
- * The single version number has the following structure:
- * MMNNPP00
- * Major version | Minor version | Patch version
- */
-#define MBEDTLS_VERSION_NUMBER 0x03010000
-#define MBEDTLS_VERSION_STRING "3.1.0"
-#define MBEDTLS_VERSION_STRING_FULL "mbed TLS 3.1.0"
-
-#if defined(_MSC_VER) && !defined(_CRT_SECURE_NO_DEPRECATE)
-#define _CRT_SECURE_NO_DEPRECATE 1
-#endif
-
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "mbedtls/mbedtls_config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
-
-#if defined(MBEDTLS_CONFIG_VERSION) && ( \
- MBEDTLS_CONFIG_VERSION < 0x03000000 || \
- MBEDTLS_CONFIG_VERSION > MBEDTLS_VERSION_NUMBER )
-#error "Invalid config version, defined value of MBEDTLS_CONFIG_VERSION is unsupported"
-#endif
-
-/* Target and application specific configurations
- *
- * Allow user to override any previous default.
- *
- */
-#if defined(MBEDTLS_USER_CONFIG_FILE)
-#include MBEDTLS_USER_CONFIG_FILE
-#endif
-
-#if defined(MBEDTLS_PSA_CRYPTO_CONFIG)
-#include "mbedtls/config_psa.h"
-#endif
-
-#include "mbedtls/check_config.h"
-
-#endif /* MBEDTLS_BUILD_INFO_H */
diff --git a/mbedtls/camellia.h b/mbedtls/camellia.h
deleted file mode 100644
index 6feeaf0..0000000
--- a/mbedtls/camellia.h
+++ /dev/null
@@ -1,316 +0,0 @@
-/**
- * \file camellia.h
- *
- * \brief Camellia block cipher
- */
-/*
- * Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-#ifndef MBEDTLS_CAMELLIA_H
-#define MBEDTLS_CAMELLIA_H
-#include "mbedtls/private_access.h"
-
-#include "mbedtls/build_info.h"
-
-#include
-#include
-
-#include "mbedtls/platform_util.h"
-
-#define MBEDTLS_CAMELLIA_ENCRYPT 1
-#define MBEDTLS_CAMELLIA_DECRYPT 0
-
-/** Bad input data. */
-#define MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA -0x0024
-
-/** Invalid data input length. */
-#define MBEDTLS_ERR_CAMELLIA_INVALID_INPUT_LENGTH -0x0026
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-#if !defined(MBEDTLS_CAMELLIA_ALT)
-// Regular implementation
-//
-
-/**
- * \brief CAMELLIA context structure
- */
-typedef struct mbedtls_camellia_context
-{
- int MBEDTLS_PRIVATE(nr); /*!< number of rounds */
- uint32_t MBEDTLS_PRIVATE(rk)[68]; /*!< CAMELLIA round keys */
-}
-mbedtls_camellia_context;
-
-#else /* MBEDTLS_CAMELLIA_ALT */
-#include "camellia_alt.h"
-#endif /* MBEDTLS_CAMELLIA_ALT */
-
-/**
- * \brief Initialize a CAMELLIA context.
- *
- * \param ctx The CAMELLIA context to be initialized.
- * This must not be \c NULL.
- */
-void mbedtls_camellia_init( mbedtls_camellia_context *ctx );
-
-/**
- * \brief Clear a CAMELLIA context.
- *
- * \param ctx The CAMELLIA context to be cleared. This may be \c NULL,
- * in which case this function returns immediately. If it is not
- * \c NULL, it must be initialized.
- */
-void mbedtls_camellia_free( mbedtls_camellia_context *ctx );
-
-/**
- * \brief Perform a CAMELLIA key schedule operation for encryption.
- *
- * \param ctx The CAMELLIA context to use. This must be initialized.
- * \param key The encryption key to use. This must be a readable buffer
- * of size \p keybits Bits.
- * \param keybits The length of \p key in Bits. This must be either \c 128,
- * \c 192 or \c 256.
- *
- * \return \c 0 if successful.
- * \return A negative error code on failure.
- */
-int mbedtls_camellia_setkey_enc( mbedtls_camellia_context *ctx,
- const unsigned char *key,
- unsigned int keybits );
-
-/**
- * \brief Perform a CAMELLIA key schedule operation for decryption.
- *
- * \param ctx The CAMELLIA context to use. This must be initialized.
- * \param key The decryption key. This must be a readable buffer
- * of size \p keybits Bits.
- * \param keybits The length of \p key in Bits. This must be either \c 128,
- * \c 192 or \c 256.
- *
- * \return \c 0 if successful.
- * \return A negative error code on failure.
- */
-int mbedtls_camellia_setkey_dec( mbedtls_camellia_context *ctx,
- const unsigned char *key,
- unsigned int keybits );
-
-/**
- * \brief Perform a CAMELLIA-ECB block encryption/decryption operation.
- *
- * \param ctx The CAMELLIA context to use. This must be initialized
- * and bound to a key.
- * \param mode The mode of operation. This must be either
- * #MBEDTLS_CAMELLIA_ENCRYPT or #MBEDTLS_CAMELLIA_DECRYPT.
- * \param input The input block. This must be a readable buffer
- * of size \c 16 Bytes.
- * \param output The output block. This must be a writable buffer
- * of size \c 16 Bytes.
- *
- * \return \c 0 if successful.
- * \return A negative error code on failure.
- */
-int mbedtls_camellia_crypt_ecb( mbedtls_camellia_context *ctx,
- int mode,
- const unsigned char input[16],
- unsigned char output[16] );
-
-#if defined(MBEDTLS_CIPHER_MODE_CBC)
-/**
- * \brief Perform a CAMELLIA-CBC buffer encryption/decryption operation.
- *
- * \note Upon exit, the content of the IV is updated so that you can
- * call the function same function again on the following
- * block(s) of data and get the same result as if it was
- * encrypted in one call. This allows a "streaming" usage.
- * If on the other hand you need to retain the contents of the
- * IV, you should either save it manually or use the cipher
- * module instead.
- *
- * \param ctx The CAMELLIA context to use. This must be initialized
- * and bound to a key.
- * \param mode The mode of operation. This must be either
- * #MBEDTLS_CAMELLIA_ENCRYPT or #MBEDTLS_CAMELLIA_DECRYPT.
- * \param length The length in Bytes of the input data \p input.
- * This must be a multiple of \c 16 Bytes.
- * \param iv The initialization vector. This must be a read/write buffer
- * of length \c 16 Bytes. It is updated to allow streaming
- * use as explained above.
- * \param input The buffer holding the input data. This must point to a
- * readable buffer of length \p length Bytes.
- * \param output The buffer holding the output data. This must point to a
- * writable buffer of length \p length Bytes.
- *
- * \return \c 0 if successful.
- * \return A negative error code on failure.
- */
-int mbedtls_camellia_crypt_cbc( mbedtls_camellia_context *ctx,
- int mode,
- size_t length,
- unsigned char iv[16],
- const unsigned char *input,
- unsigned char *output );
-#endif /* MBEDTLS_CIPHER_MODE_CBC */
-
-#if defined(MBEDTLS_CIPHER_MODE_CFB)
-/**
- * \brief Perform a CAMELLIA-CFB128 buffer encryption/decryption
- * operation.
- *
- * \note Due to the nature of CFB mode, you should use the same
- * key for both encryption and decryption. In particular, calls
- * to this function should be preceded by a key-schedule via
- * mbedtls_camellia_setkey_enc() regardless of whether \p mode
- * is #MBEDTLS_CAMELLIA_ENCRYPT or #MBEDTLS_CAMELLIA_DECRYPT.
- *
- * \note Upon exit, the content of the IV is updated so that you can
- * call the function same function again on the following
- * block(s) of data and get the same result as if it was
- * encrypted in one call. This allows a "streaming" usage.
- * If on the other hand you need to retain the contents of the
- * IV, you should either save it manually or use the cipher
- * module instead.
- *
- * \param ctx The CAMELLIA context to use. This must be initialized
- * and bound to a key.
- * \param mode The mode of operation. This must be either
- * #MBEDTLS_CAMELLIA_ENCRYPT or #MBEDTLS_CAMELLIA_DECRYPT.
- * \param length The length of the input data \p input. Any value is allowed.
- * \param iv_off The current offset in the IV. This must be smaller
- * than \c 16 Bytes. It is updated after this call to allow
- * the aforementioned streaming usage.
- * \param iv The initialization vector. This must be a read/write buffer
- * of length \c 16 Bytes. It is updated after this call to
- * allow the aforementioned streaming usage.
- * \param input The buffer holding the input data. This must be a readable
- * buffer of size \p length Bytes.
- * \param output The buffer to hold the output data. This must be a writable
- * buffer of length \p length Bytes.
- *
- * \return \c 0 if successful.
- * \return A negative error code on failure.
- */
-int mbedtls_camellia_crypt_cfb128( mbedtls_camellia_context *ctx,
- int mode,
- size_t length,
- size_t *iv_off,
- unsigned char iv[16],
- const unsigned char *input,
- unsigned char *output );
-#endif /* MBEDTLS_CIPHER_MODE_CFB */
-
-#if defined(MBEDTLS_CIPHER_MODE_CTR)
-/**
- * \brief Perform a CAMELLIA-CTR buffer encryption/decryption operation.
- *
- * *note Due to the nature of CTR mode, you should use the same
- * key for both encryption and decryption. In particular, calls
- * to this function should be preceded by a key-schedule via
- * mbedtls_camellia_setkey_enc() regardless of whether \p mode
- * is #MBEDTLS_CAMELLIA_ENCRYPT or #MBEDTLS_CAMELLIA_DECRYPT.
- *
- * \warning You must never reuse a nonce value with the same key. Doing so
- * would void the encryption for the two messages encrypted with
- * the same nonce and key.
- *
- * There are two common strategies for managing nonces with CTR:
- *
- * 1. You can handle everything as a single message processed over
- * successive calls to this function. In that case, you want to
- * set \p nonce_counter and \p nc_off to 0 for the first call, and
- * then preserve the values of \p nonce_counter, \p nc_off and \p
- * stream_block across calls to this function as they will be
- * updated by this function.
- *
- * With this strategy, you must not encrypt more than 2**128
- * blocks of data with the same key.
- *
- * 2. You can encrypt separate messages by dividing the \p
- * nonce_counter buffer in two areas: the first one used for a
- * per-message nonce, handled by yourself, and the second one
- * updated by this function internally.
- *
- * For example, you might reserve the first \c 12 Bytes for the
- * per-message nonce, and the last \c 4 Bytes for internal use.
- * In that case, before calling this function on a new message you
- * need to set the first \c 12 Bytes of \p nonce_counter to your
- * chosen nonce value, the last four to \c 0, and \p nc_off to \c 0
- * (which will cause \p stream_block to be ignored). That way, you
- * can encrypt at most \c 2**96 messages of up to \c 2**32 blocks
- * each with the same key.
- *
- * The per-message nonce (or information sufficient to reconstruct
- * it) needs to be communicated with the ciphertext and must be
- * unique. The recommended way to ensure uniqueness is to use a
- * message counter. An alternative is to generate random nonces,
- * but this limits the number of messages that can be securely
- * encrypted: for example, with 96-bit random nonces, you should
- * not encrypt more than 2**32 messages with the same key.
- *
- * Note that for both stategies, sizes are measured in blocks and
- * that a CAMELLIA block is \c 16 Bytes.
- *
- * \warning Upon return, \p stream_block contains sensitive data. Its
- * content must not be written to insecure storage and should be
- * securely discarded as soon as it's no longer needed.
- *
- * \param ctx The CAMELLIA context to use. This must be initialized
- * and bound to a key.
- * \param length The length of the input data \p input in Bytes.
- * Any value is allowed.
- * \param nc_off The offset in the current \p stream_block (for resuming
- * within current cipher stream). The offset pointer to
- * should be \c 0 at the start of a stream. It is updated
- * at the end of this call.
- * \param nonce_counter The 128-bit nonce and counter. This must be a read/write
- * buffer of length \c 16 Bytes.
- * \param stream_block The saved stream-block for resuming. This must be a
- * read/write buffer of length \c 16 Bytes.
- * \param input The input data stream. This must be a readable buffer of
- * size \p length Bytes.
- * \param output The output data stream. This must be a writable buffer
- * of size \p length Bytes.
- *
- * \return \c 0 if successful.
- * \return A negative error code on failure.
- */
-int mbedtls_camellia_crypt_ctr( mbedtls_camellia_context *ctx,
- size_t length,
- size_t *nc_off,
- unsigned char nonce_counter[16],
- unsigned char stream_block[16],
- const unsigned char *input,
- unsigned char *output );
-#endif /* MBEDTLS_CIPHER_MODE_CTR */
-
-#if defined(MBEDTLS_SELF_TEST)
-
-/**
- * \brief Checkup routine
- *
- * \return 0 if successful, or 1 if the test failed
- */
-int mbedtls_camellia_self_test( int verbose );
-
-#endif /* MBEDTLS_SELF_TEST */
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* camellia.h */
diff --git a/mbedtls/ccm.h b/mbedtls/ccm.h
deleted file mode 100644
index 1be1689..0000000
--- a/mbedtls/ccm.h
+++ /dev/null
@@ -1,532 +0,0 @@
-/**
- * \file ccm.h
- *
- * \brief This file provides an API for the CCM authenticated encryption
- * mode for block ciphers.
- *
- * CCM combines Counter mode encryption with CBC-MAC authentication
- * for 128-bit block ciphers.
- *
- * Input to CCM includes the following elements:
- * - Payload - data that is both authenticated and encrypted.
- * - Associated data (Adata) - data that is authenticated but not
- * encrypted, For example, a header.
- * - Nonce - A unique value that is assigned to the payload and the
- * associated data.
- *
- * Definition of CCM:
- * http://csrc.nist.gov/publications/nistpubs/800-38C/SP800-38C_updated-July20_2007.pdf
- * RFC 3610 "Counter with CBC-MAC (CCM)"
- *
- * Related:
- * RFC 5116 "An Interface and Algorithms for Authenticated Encryption"
- *
- * Definition of CCM*:
- * IEEE 802.15.4 - IEEE Standard for Local and metropolitan area networks
- * Integer representation is fixed most-significant-octet-first order and
- * the representation of octets is most-significant-bit-first order. This is
- * consistent with RFC 3610.
- */
-/*
- * Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-#ifndef MBEDTLS_CCM_H
-#define MBEDTLS_CCM_H
-#include "mbedtls/private_access.h"
-
-#include "mbedtls/build_info.h"
-
-#include "mbedtls/cipher.h"
-
-#define MBEDTLS_CCM_DECRYPT 0
-#define MBEDTLS_CCM_ENCRYPT 1
-#define MBEDTLS_CCM_STAR_DECRYPT 2
-#define MBEDTLS_CCM_STAR_ENCRYPT 3
-
-/** Bad input parameters to the function. */
-#define MBEDTLS_ERR_CCM_BAD_INPUT -0x000D
-/** Authenticated decryption failed. */
-#define MBEDTLS_ERR_CCM_AUTH_FAILED -0x000F
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-#if !defined(MBEDTLS_CCM_ALT)
-// Regular implementation
-//
-
-/**
- * \brief The CCM context-type definition. The CCM context is passed
- * to the APIs called.
- */
-typedef struct mbedtls_ccm_context
-{
- unsigned char MBEDTLS_PRIVATE(y)[16]; /*!< The Y working buffer */
- unsigned char MBEDTLS_PRIVATE(ctr)[16]; /*!< The counter buffer */
- mbedtls_cipher_context_t MBEDTLS_PRIVATE(cipher_ctx); /*!< The cipher context used. */
- size_t MBEDTLS_PRIVATE(plaintext_len); /*!< Total plaintext length */
- size_t MBEDTLS_PRIVATE(add_len); /*!< Total authentication data length */
- size_t MBEDTLS_PRIVATE(tag_len); /*!< Total tag length */
- size_t MBEDTLS_PRIVATE(processed); /*!< Track how many bytes of input data
- were processed (chunked input).
- Used independently for both auth data
- and plaintext/ciphertext.
- This variable is set to zero after
- auth data input is finished. */
- unsigned char MBEDTLS_PRIVATE(q); /*!< The Q working value */
- unsigned char MBEDTLS_PRIVATE(mode); /*!< The operation to perform:
- #MBEDTLS_CCM_ENCRYPT or
- #MBEDTLS_CCM_DECRYPT or
- #MBEDTLS_CCM_STAR_ENCRYPT or
- #MBEDTLS_CCM_STAR_DECRYPT. */
- int MBEDTLS_PRIVATE(state); /*!< Working value holding context's
- state. Used for chunked data
- input */
-}
-mbedtls_ccm_context;
-
-#else /* MBEDTLS_CCM_ALT */
-#include "ccm_alt.h"
-#endif /* MBEDTLS_CCM_ALT */
-
-/**
- * \brief This function initializes the specified CCM context,
- * to make references valid, and prepare the context
- * for mbedtls_ccm_setkey() or mbedtls_ccm_free().
- *
- * \param ctx The CCM context to initialize. This must not be \c NULL.
- */
-void mbedtls_ccm_init( mbedtls_ccm_context *ctx );
-
-/**
- * \brief This function initializes the CCM context set in the
- * \p ctx parameter and sets the encryption key.
- *
- * \param ctx The CCM context to initialize. This must be an initialized
- * context.
- * \param cipher The 128-bit block cipher to use.
- * \param key The encryption key. This must not be \c NULL.
- * \param keybits The key size in bits. This must be acceptable by the cipher.
- *
- * \return \c 0 on success.
- * \return A CCM or cipher-specific error code on failure.
- */
-int mbedtls_ccm_setkey( mbedtls_ccm_context *ctx,
- mbedtls_cipher_id_t cipher,
- const unsigned char *key,
- unsigned int keybits );
-
-/**
- * \brief This function releases and clears the specified CCM context
- * and underlying cipher sub-context.
- *
- * \param ctx The CCM context to clear. If this is \c NULL, the function
- * has no effect. Otherwise, this must be initialized.
- */
-void mbedtls_ccm_free( mbedtls_ccm_context *ctx );
-
-/**
- * \brief This function encrypts a buffer using CCM.
- *
- * \note The tag is written to a separate buffer. To concatenate
- * the \p tag with the \p output, as done in RFC-3610:
- * Counter with CBC-MAC (CCM), use
- * \p tag = \p output + \p length, and make sure that the
- * output buffer is at least \p length + \p tag_len wide.
- *
- * \param ctx The CCM context to use for encryption. This must be
- * initialized and bound to a key.
- * \param length The length of the input data in Bytes.
- * \param iv The initialization vector (nonce). This must be a readable
- * buffer of at least \p iv_len Bytes.
- * \param iv_len The length of the nonce in Bytes: 7, 8, 9, 10, 11, 12,
- * or 13. The length L of the message length field is
- * 15 - \p iv_len.
- * \param ad The additional data field. If \p ad_len is greater than
- * zero, \p ad must be a readable buffer of at least that
- * length.
- * \param ad_len The length of additional data in Bytes.
- * This must be less than `2^16 - 2^8`.
- * \param input The buffer holding the input data. If \p length is greater
- * than zero, \p input must be a readable buffer of at least
- * that length.
- * \param output The buffer holding the output data. If \p length is greater
- * than zero, \p output must be a writable buffer of at least
- * that length.
- * \param tag The buffer holding the authentication field. This must be a
- * writable buffer of at least \p tag_len Bytes.
- * \param tag_len The length of the authentication field to generate in Bytes:
- * 4, 6, 8, 10, 12, 14 or 16.
- *
- * \return \c 0 on success.
- * \return A CCM or cipher-specific error code on failure.
- */
-int mbedtls_ccm_encrypt_and_tag( mbedtls_ccm_context *ctx, size_t length,
- const unsigned char *iv, size_t iv_len,
- const unsigned char *ad, size_t ad_len,
- const unsigned char *input, unsigned char *output,
- unsigned char *tag, size_t tag_len );
-
-/**
- * \brief This function encrypts a buffer using CCM*.
- *
- * \note The tag is written to a separate buffer. To concatenate
- * the \p tag with the \p output, as done in RFC-3610:
- * Counter with CBC-MAC (CCM), use
- * \p tag = \p output + \p length, and make sure that the
- * output buffer is at least \p length + \p tag_len wide.
- *
- * \note When using this function in a variable tag length context,
- * the tag length has to be encoded into the \p iv passed to
- * this function.
- *
- * \param ctx The CCM context to use for encryption. This must be
- * initialized and bound to a key.
- * \param length The length of the input data in Bytes.
- * For tag length = 0, input length is ignored.
- * \param iv The initialization vector (nonce). This must be a readable
- * buffer of at least \p iv_len Bytes.
- * \param iv_len The length of the nonce in Bytes: 7, 8, 9, 10, 11, 12,
- * or 13. The length L of the message length field is
- * 15 - \p iv_len.
- * \param ad The additional data field. This must be a readable buffer of
- * at least \p ad_len Bytes.
- * \param ad_len The length of additional data in Bytes.
- * This must be less than 2^16 - 2^8.
- * \param input The buffer holding the input data. If \p length is greater
- * than zero, \p input must be a readable buffer of at least
- * that length.
- * \param output The buffer holding the output data. If \p length is greater
- * than zero, \p output must be a writable buffer of at least
- * that length.
- * \param tag The buffer holding the authentication field. This must be a
- * writable buffer of at least \p tag_len Bytes.
- * \param tag_len The length of the authentication field to generate in Bytes:
- * 0, 4, 6, 8, 10, 12, 14 or 16.
- *
- * \warning Passing \c 0 as \p tag_len means that the message is no
- * longer authenticated.
- *
- * \return \c 0 on success.
- * \return A CCM or cipher-specific error code on failure.
- */
-int mbedtls_ccm_star_encrypt_and_tag( mbedtls_ccm_context *ctx, size_t length,
- const unsigned char *iv, size_t iv_len,
- const unsigned char *ad, size_t ad_len,
- const unsigned char *input, unsigned char *output,
- unsigned char *tag, size_t tag_len );
-
-/**
- * \brief This function performs a CCM authenticated decryption of a
- * buffer.
- *
- * \param ctx The CCM context to use for decryption. This must be
- * initialized and bound to a key.
- * \param length The length of the input data in Bytes.
- * \param iv The initialization vector (nonce). This must be a readable
- * buffer of at least \p iv_len Bytes.
- * \param iv_len The length of the nonce in Bytes: 7, 8, 9, 10, 11, 12,
- * or 13. The length L of the message length field is
- * 15 - \p iv_len.
- * \param ad The additional data field. This must be a readable buffer
- * of at least that \p ad_len Bytes..
- * \param ad_len The length of additional data in Bytes.
- * This must be less than 2^16 - 2^8.
- * \param input The buffer holding the input data. If \p length is greater
- * than zero, \p input must be a readable buffer of at least
- * that length.
- * \param output The buffer holding the output data. If \p length is greater
- * than zero, \p output must be a writable buffer of at least
- * that length.
- * \param tag The buffer holding the authentication field. This must be a
- * readable buffer of at least \p tag_len Bytes.
- * \param tag_len The length of the authentication field to generate in Bytes:
- * 4, 6, 8, 10, 12, 14 or 16.
- *
- * \return \c 0 on success. This indicates that the message is authentic.
- * \return #MBEDTLS_ERR_CCM_AUTH_FAILED if the tag does not match.
- * \return A cipher-specific error code on calculation failure.
- */
-int mbedtls_ccm_auth_decrypt( mbedtls_ccm_context *ctx, size_t length,
- const unsigned char *iv, size_t iv_len,
- const unsigned char *ad, size_t ad_len,
- const unsigned char *input, unsigned char *output,
- const unsigned char *tag, size_t tag_len );
-
-/**
- * \brief This function performs a CCM* authenticated decryption of a
- * buffer.
- *
- * \note When using this function in a variable tag length context,
- * the tag length has to be decoded from \p iv and passed to
- * this function as \p tag_len. (\p tag needs to be adjusted
- * accordingly.)
- *
- * \param ctx The CCM context to use for decryption. This must be
- * initialized and bound to a key.
- * \param length The length of the input data in Bytes.
- * For tag length = 0, input length is ignored.
- * \param iv The initialization vector (nonce). This must be a readable
- * buffer of at least \p iv_len Bytes.
- * \param iv_len The length of the nonce in Bytes: 7, 8, 9, 10, 11, 12,
- * or 13. The length L of the message length field is
- * 15 - \p iv_len.
- * \param ad The additional data field. This must be a readable buffer of
- * at least that \p ad_len Bytes.
- * \param ad_len The length of additional data in Bytes.
- * This must be less than 2^16 - 2^8.
- * \param input The buffer holding the input data. If \p length is greater
- * than zero, \p input must be a readable buffer of at least
- * that length.
- * \param output The buffer holding the output data. If \p length is greater
- * than zero, \p output must be a writable buffer of at least
- * that length.
- * \param tag The buffer holding the authentication field. This must be a
- * readable buffer of at least \p tag_len Bytes.
- * \param tag_len The length of the authentication field in Bytes.
- * 0, 4, 6, 8, 10, 12, 14 or 16.
- *
- * \warning Passing \c 0 as \p tag_len means that the message is nos
- * longer authenticated.
- *
- * \return \c 0 on success.
- * \return #MBEDTLS_ERR_CCM_AUTH_FAILED if the tag does not match.
- * \return A cipher-specific error code on calculation failure.
- */
-int mbedtls_ccm_star_auth_decrypt( mbedtls_ccm_context *ctx, size_t length,
- const unsigned char *iv, size_t iv_len,
- const unsigned char *ad, size_t ad_len,
- const unsigned char *input, unsigned char *output,
- const unsigned char *tag, size_t tag_len );
-
-/**
- * \brief This function starts a CCM encryption or decryption
- * operation.
- *
- * This function and mbedtls_ccm_set_lengths() must be called
- * before calling mbedtls_ccm_update_ad() or
- * mbedtls_ccm_update(). This function can be called before
- * or after mbedtls_ccm_set_lengths().
- *
- * \note This function is not implemented in Mbed TLS yet.
- *
- * \param ctx The CCM context. This must be initialized.
- * \param mode The operation to perform: #MBEDTLS_CCM_ENCRYPT or
- * #MBEDTLS_CCM_DECRYPT or #MBEDTLS_CCM_STAR_ENCRYPT or
- * #MBEDTLS_CCM_STAR_DECRYPT.
- * \param iv The initialization vector. This must be a readable buffer
- * of at least \p iv_len Bytes.
- * \param iv_len The length of the nonce in Bytes: 7, 8, 9, 10, 11, 12,
- * or 13. The length L of the message length field is
- * 15 - \p iv_len.
- *
- * \return \c 0 on success.
- * \return #MBEDTLS_ERR_CCM_BAD_INPUT on failure:
- * \p ctx is in an invalid state,
- * \p mode is invalid,
- * \p iv_len is invalid (lower than \c 7 or greater than
- * \c 13).
- */
-int mbedtls_ccm_starts( mbedtls_ccm_context *ctx,
- int mode,
- const unsigned char *iv,
- size_t iv_len );
-
-/**
- * \brief This function declares the lengths of the message
- * and additional data for a CCM encryption or decryption
- * operation.
- *
- * This function and mbedtls_ccm_starts() must be called
- * before calling mbedtls_ccm_update_ad() or
- * mbedtls_ccm_update(). This function can be called before
- * or after mbedtls_ccm_starts().
- *
- * \note This function is not implemented in Mbed TLS yet.
- *
- * \param ctx The CCM context. This must be initialized.
- * \param total_ad_len The total length of additional data in bytes.
- * This must be less than `2^16 - 2^8`.
- * \param plaintext_len The length in bytes of the plaintext to encrypt or
- * result of the decryption (thus not encompassing the
- * additional data that are not encrypted).
- * \param tag_len The length of the tag to generate in Bytes:
- * 4, 6, 8, 10, 12, 14 or 16.
- * For CCM*, zero is also valid.
- *
- * \return \c 0 on success.
- * \return #MBEDTLS_ERR_CCM_BAD_INPUT on failure:
- * \p ctx is in an invalid state,
- * \p total_ad_len is greater than \c 0xFF00.
- */
-int mbedtls_ccm_set_lengths( mbedtls_ccm_context *ctx,
- size_t total_ad_len,
- size_t plaintext_len,
- size_t tag_len );
-
-/**
- * \brief This function feeds an input buffer as associated data
- * (authenticated but not encrypted data) in a CCM
- * encryption or decryption operation.
- *
- * You may call this function zero, one or more times
- * to pass successive parts of the additional data. The
- * lengths \p ad_len of the data parts should eventually add
- * up exactly to the total length of additional data
- * \c total_ad_len passed to mbedtls_ccm_set_lengths(). You
- * may not call this function after calling
- * mbedtls_ccm_update().
- *
- * \note This function is not implemented in Mbed TLS yet.
- *
- * \param ctx The CCM context. This must have been started with
- * mbedtls_ccm_starts(), the lengths of the message and
- * additional data must have been declared with
- * mbedtls_ccm_set_lengths() and this must not have yet
- * received any input with mbedtls_ccm_update().
- * \param ad The buffer holding the additional data, or \c NULL
- * if \p ad_len is \c 0.
- * \param ad_len The length of the additional data. If \c 0,
- * \p ad may be \c NULL.
- *
- * \return \c 0 on success.
- * \return #MBEDTLS_ERR_CCM_BAD_INPUT on failure:
- * \p ctx is in an invalid state,
- * total input length too long.
- */
-int mbedtls_ccm_update_ad( mbedtls_ccm_context *ctx,
- const unsigned char *ad,
- size_t ad_len );
-
-/**
- * \brief This function feeds an input buffer into an ongoing CCM
- * encryption or decryption operation.
- *
- * You may call this function zero, one or more times
- * to pass successive parts of the input: the plaintext to
- * encrypt, or the ciphertext (not including the tag) to
- * decrypt. After the last part of the input, call
- * mbedtls_ccm_finish(). The lengths \p input_len of the
- * data parts should eventually add up exactly to the
- * plaintext length \c plaintext_len passed to
- * mbedtls_ccm_set_lengths().
- *
- * This function may produce output in one of the following
- * ways:
- * - Immediate output: the output length is always equal
- * to the input length.
- * - Buffered output: except for the last part of input data,
- * the output consists of a whole number of 16-byte blocks.
- * If the total input length so far (not including
- * associated data) is 16 \* *B* + *A* with *A* < 16 then
- * the total output length is 16 \* *B*.
- * For the last part of input data, the output length is
- * equal to the input length plus the number of bytes (*A*)
- * buffered in the previous call to the function (if any).
- * The function uses the plaintext length
- * \c plaintext_len passed to mbedtls_ccm_set_lengths()
- * to detect the last part of input data.
- *
- * In particular:
- * - It is always correct to call this function with
- * \p output_size >= \p input_len + 15.
- * - If \p input_len is a multiple of 16 for all the calls
- * to this function during an operation (not necessary for
- * the last one) then it is correct to use \p output_size
- * =\p input_len.
- *
- * \note This function is not implemented in Mbed TLS yet.
- *
- * \param ctx The CCM context. This must have been started with
- * mbedtls_ccm_starts() and the lengths of the message and
- * additional data must have been declared with
- * mbedtls_ccm_set_lengths().
- * \param input The buffer holding the input data. If \p input_len
- * is greater than zero, this must be a readable buffer
- * of at least \p input_len bytes.
- * \param input_len The length of the input data in bytes.
- * \param output The buffer for the output data. If \p output_size
- * is greater than zero, this must be a writable buffer of
- * at least \p output_size bytes.
- * \param output_size The size of the output buffer in bytes.
- * See the function description regarding the output size.
- * \param output_len On success, \p *output_len contains the actual
- * length of the output written in \p output.
- * On failure, the content of \p *output_len is
- * unspecified.
- *
- * \return \c 0 on success.
- * \return #MBEDTLS_ERR_CCM_BAD_INPUT on failure:
- * \p ctx is in an invalid state,
- * total input length too long,
- * or \p output_size too small.
- */
-int mbedtls_ccm_update( mbedtls_ccm_context *ctx,
- const unsigned char *input, size_t input_len,
- unsigned char *output, size_t output_size,
- size_t *output_len );
-
-/**
- * \brief This function finishes the CCM operation and generates
- * the authentication tag.
- *
- * It wraps up the CCM stream, and generates the
- * tag. The tag can have a maximum length of 16 Bytes.
- *
- * \note This function is not implemented in Mbed TLS yet.
- *
- * \param ctx The CCM context. This must have been started with
- * mbedtls_ccm_starts() and the lengths of the message and
- * additional data must have been declared with
- * mbedtls_ccm_set_lengths().
- * \param tag The buffer for holding the tag. If \p tag_len is greater
- * than zero, this must be a writable buffer of at least \p
- * tag_len Bytes.
- * \param tag_len The length of the tag. Must match the tag length passed to
- * mbedtls_ccm_set_lengths() function.
- *
- * \return \c 0 on success.
- * \return #MBEDTLS_ERR_CCM_BAD_INPUT on failure:
- * \p ctx is in an invalid state,
- * invalid value of \p tag_len,
- * the total amount of additional data passed to
- * mbedtls_ccm_update_ad() was lower than the total length of
- * additional data \c total_ad_len passed to
- * mbedtls_ccm_set_lengths(),
- * the total amount of input data passed to
- * mbedtls_ccm_update() was lower than the plaintext length
- * \c plaintext_len passed to mbedtls_ccm_set_lengths().
- */
-int mbedtls_ccm_finish( mbedtls_ccm_context *ctx,
- unsigned char *tag, size_t tag_len );
-
-#if defined(MBEDTLS_SELF_TEST) && defined(MBEDTLS_AES_C)
-/**
- * \brief The CCM checkup routine.
- *
- * \return \c 0 on success.
- * \return \c 1 on failure.
- */
-int mbedtls_ccm_self_test( int verbose );
-#endif /* MBEDTLS_SELF_TEST && MBEDTLS_AES_C */
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* MBEDTLS_CCM_H */
diff --git a/mbedtls/chacha20.h b/mbedtls/chacha20.h
deleted file mode 100644
index 8af16ed..0000000
--- a/mbedtls/chacha20.h
+++ /dev/null
@@ -1,215 +0,0 @@
-/**
- * \file chacha20.h
- *
- * \brief This file contains ChaCha20 definitions and functions.
- *
- * ChaCha20 is a stream cipher that can encrypt and decrypt
- * information. ChaCha was created by Daniel Bernstein as a variant of
- * its Salsa cipher https://cr.yp.to/chacha/chacha-20080128.pdf
- * ChaCha20 is the variant with 20 rounds, that was also standardized
- * in RFC 7539.
- *
- * \author Daniel King
- */
-
-/*
- * Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-#ifndef MBEDTLS_CHACHA20_H
-#define MBEDTLS_CHACHA20_H
-#include "mbedtls/private_access.h"
-
-#include "mbedtls/build_info.h"
-
-#include
-#include
-
-/** Invalid input parameter(s). */
-#define MBEDTLS_ERR_CHACHA20_BAD_INPUT_DATA -0x0051
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-#if !defined(MBEDTLS_CHACHA20_ALT)
-
-typedef struct mbedtls_chacha20_context
-{
- uint32_t MBEDTLS_PRIVATE(state)[16]; /*! The state (before round operations). */
- uint8_t MBEDTLS_PRIVATE(keystream8)[64]; /*! Leftover keystream bytes. */
- size_t MBEDTLS_PRIVATE(keystream_bytes_used); /*! Number of keystream bytes already used. */
-}
-mbedtls_chacha20_context;
-
-#else /* MBEDTLS_CHACHA20_ALT */
-#include "chacha20_alt.h"
-#endif /* MBEDTLS_CHACHA20_ALT */
-
-/**
- * \brief This function initializes the specified ChaCha20 context.
- *
- * It must be the first API called before using
- * the context.
- *
- * It is usually followed by calls to
- * \c mbedtls_chacha20_setkey() and
- * \c mbedtls_chacha20_starts(), then one or more calls to
- * to \c mbedtls_chacha20_update(), and finally to
- * \c mbedtls_chacha20_free().
- *
- * \param ctx The ChaCha20 context to initialize.
- * This must not be \c NULL.
- */
-void mbedtls_chacha20_init( mbedtls_chacha20_context *ctx );
-
-/**
- * \brief This function releases and clears the specified
- * ChaCha20 context.
- *
- * \param ctx The ChaCha20 context to clear. This may be \c NULL,
- * in which case this function is a no-op. If it is not
- * \c NULL, it must point to an initialized context.
- *
- */
-void mbedtls_chacha20_free( mbedtls_chacha20_context *ctx );
-
-/**
- * \brief This function sets the encryption/decryption key.
- *
- * \note After using this function, you must also call
- * \c mbedtls_chacha20_starts() to set a nonce before you
- * start encrypting/decrypting data with
- * \c mbedtls_chacha_update().
- *
- * \param ctx The ChaCha20 context to which the key should be bound.
- * It must be initialized.
- * \param key The encryption/decryption key. This must be \c 32 Bytes
- * in length.
- *
- * \return \c 0 on success.
- * \return #MBEDTLS_ERR_CHACHA20_BAD_INPUT_DATA if ctx or key is NULL.
- */
-int mbedtls_chacha20_setkey( mbedtls_chacha20_context *ctx,
- const unsigned char key[32] );
-
-/**
- * \brief This function sets the nonce and initial counter value.
- *
- * \note A ChaCha20 context can be re-used with the same key by
- * calling this function to change the nonce.
- *
- * \warning You must never use the same nonce twice with the same key.
- * This would void any confidentiality guarantees for the
- * messages encrypted with the same nonce and key.
- *
- * \param ctx The ChaCha20 context to which the nonce should be bound.
- * It must be initialized and bound to a key.
- * \param nonce The nonce. This must be \c 12 Bytes in size.
- * \param counter The initial counter value. This is usually \c 0.
- *
- * \return \c 0 on success.
- * \return #MBEDTLS_ERR_CHACHA20_BAD_INPUT_DATA if ctx or nonce is
- * NULL.
- */
-int mbedtls_chacha20_starts( mbedtls_chacha20_context* ctx,
- const unsigned char nonce[12],
- uint32_t counter );
-
-/**
- * \brief This function encrypts or decrypts data.
- *
- * Since ChaCha20 is a stream cipher, the same operation is
- * used for encrypting and decrypting data.
- *
- * \note The \p input and \p output pointers must either be equal or
- * point to non-overlapping buffers.
- *
- * \note \c mbedtls_chacha20_setkey() and
- * \c mbedtls_chacha20_starts() must be called at least once
- * to setup the context before this function can be called.
- *
- * \note This function can be called multiple times in a row in
- * order to encrypt of decrypt data piecewise with the same
- * key and nonce.
- *
- * \param ctx The ChaCha20 context to use for encryption or decryption.
- * It must be initialized and bound to a key and nonce.
- * \param size The length of the input data in Bytes.
- * \param input The buffer holding the input data.
- * This pointer can be \c NULL if `size == 0`.
- * \param output The buffer holding the output data.
- * This must be able to hold \p size Bytes.
- * This pointer can be \c NULL if `size == 0`.
- *
- * \return \c 0 on success.
- * \return A negative error code on failure.
- */
-int mbedtls_chacha20_update( mbedtls_chacha20_context *ctx,
- size_t size,
- const unsigned char *input,
- unsigned char *output );
-
-/**
- * \brief This function encrypts or decrypts data with ChaCha20 and
- * the given key and nonce.
- *
- * Since ChaCha20 is a stream cipher, the same operation is
- * used for encrypting and decrypting data.
- *
- * \warning You must never use the same (key, nonce) pair more than
- * once. This would void any confidentiality guarantees for
- * the messages encrypted with the same nonce and key.
- *
- * \note The \p input and \p output pointers must either be equal or
- * point to non-overlapping buffers.
- *
- * \param key The encryption/decryption key.
- * This must be \c 32 Bytes in length.
- * \param nonce The nonce. This must be \c 12 Bytes in size.
- * \param counter The initial counter value. This is usually \c 0.
- * \param size The length of the input data in Bytes.
- * \param input The buffer holding the input data.
- * This pointer can be \c NULL if `size == 0`.
- * \param output The buffer holding the output data.
- * This must be able to hold \p size Bytes.
- * This pointer can be \c NULL if `size == 0`.
- *
- * \return \c 0 on success.
- * \return A negative error code on failure.
- */
-int mbedtls_chacha20_crypt( const unsigned char key[32],
- const unsigned char nonce[12],
- uint32_t counter,
- size_t size,
- const unsigned char* input,
- unsigned char* output );
-
-#if defined(MBEDTLS_SELF_TEST)
-/**
- * \brief The ChaCha20 checkup routine.
- *
- * \return \c 0 on success.
- * \return \c 1 on failure.
- */
-int mbedtls_chacha20_self_test( int verbose );
-#endif /* MBEDTLS_SELF_TEST */
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* MBEDTLS_CHACHA20_H */
diff --git a/mbedtls/chachapoly.h b/mbedtls/chachapoly.h
deleted file mode 100644
index 3f4318f..0000000
--- a/mbedtls/chachapoly.h
+++ /dev/null
@@ -1,356 +0,0 @@
-/**
- * \file chachapoly.h
- *
- * \brief This file contains the AEAD-ChaCha20-Poly1305 definitions and
- * functions.
- *
- * ChaCha20-Poly1305 is an algorithm for Authenticated Encryption
- * with Associated Data (AEAD) that can be used to encrypt and
- * authenticate data. It is based on ChaCha20 and Poly1305 by Daniel
- * Bernstein and was standardized in RFC 7539.
- *
- * \author Daniel King
- */
-
-/*
- * Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-#ifndef MBEDTLS_CHACHAPOLY_H
-#define MBEDTLS_CHACHAPOLY_H
-#include "mbedtls/private_access.h"
-
-#include "mbedtls/build_info.h"
-
-/* for shared error codes */
-#include "mbedtls/poly1305.h"
-
-/** The requested operation is not permitted in the current state. */
-#define MBEDTLS_ERR_CHACHAPOLY_BAD_STATE -0x0054
-/** Authenticated decryption failed: data was not authentic. */
-#define MBEDTLS_ERR_CHACHAPOLY_AUTH_FAILED -0x0056
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-typedef enum
-{
- MBEDTLS_CHACHAPOLY_ENCRYPT, /**< The mode value for performing encryption. */
- MBEDTLS_CHACHAPOLY_DECRYPT /**< The mode value for performing decryption. */
-}
-mbedtls_chachapoly_mode_t;
-
-#if !defined(MBEDTLS_CHACHAPOLY_ALT)
-
-#include "mbedtls/chacha20.h"
-
-typedef struct mbedtls_chachapoly_context
-{
- mbedtls_chacha20_context MBEDTLS_PRIVATE(chacha20_ctx); /**< The ChaCha20 context. */
- mbedtls_poly1305_context MBEDTLS_PRIVATE(poly1305_ctx); /**< The Poly1305 context. */
- uint64_t MBEDTLS_PRIVATE(aad_len); /**< The length (bytes) of the Additional Authenticated Data. */
- uint64_t MBEDTLS_PRIVATE(ciphertext_len); /**< The length (bytes) of the ciphertext. */
- int MBEDTLS_PRIVATE(state); /**< The current state of the context. */
- mbedtls_chachapoly_mode_t MBEDTLS_PRIVATE(mode); /**< Cipher mode (encrypt or decrypt). */
-}
-mbedtls_chachapoly_context;
-
-#else /* !MBEDTLS_CHACHAPOLY_ALT */
-#include "chachapoly_alt.h"
-#endif /* !MBEDTLS_CHACHAPOLY_ALT */
-
-/**
- * \brief This function initializes the specified ChaCha20-Poly1305 context.
- *
- * It must be the first API called before using
- * the context. It must be followed by a call to
- * \c mbedtls_chachapoly_setkey() before any operation can be
- * done, and to \c mbedtls_chachapoly_free() once all
- * operations with that context have been finished.
- *
- * In order to encrypt or decrypt full messages at once, for
- * each message you should make a single call to
- * \c mbedtls_chachapoly_crypt_and_tag() or
- * \c mbedtls_chachapoly_auth_decrypt().
- *
- * In order to encrypt messages piecewise, for each
- * message you should make a call to
- * \c mbedtls_chachapoly_starts(), then 0 or more calls to
- * \c mbedtls_chachapoly_update_aad(), then 0 or more calls to
- * \c mbedtls_chachapoly_update(), then one call to
- * \c mbedtls_chachapoly_finish().
- *
- * \warning Decryption with the piecewise API is discouraged! Always
- * use \c mbedtls_chachapoly_auth_decrypt() when possible!
- *
- * If however this is not possible because the data is too
- * large to fit in memory, you need to:
- *
- * - call \c mbedtls_chachapoly_starts() and (if needed)
- * \c mbedtls_chachapoly_update_aad() as above,
- * - call \c mbedtls_chachapoly_update() multiple times and
- * ensure its output (the plaintext) is NOT used in any other
- * way than placing it in temporary storage at this point,
- * - call \c mbedtls_chachapoly_finish() to compute the
- * authentication tag and compared it in constant time to the
- * tag received with the ciphertext.
- *
- * If the tags are not equal, you must immediately discard
- * all previous outputs of \c mbedtls_chachapoly_update(),
- * otherwise you can now safely use the plaintext.
- *
- * \param ctx The ChachaPoly context to initialize. Must not be \c NULL.
- */
-void mbedtls_chachapoly_init( mbedtls_chachapoly_context *ctx );
-
-/**
- * \brief This function releases and clears the specified
- * ChaCha20-Poly1305 context.
- *
- * \param ctx The ChachaPoly context to clear. This may be \c NULL, in which
- * case this function is a no-op.
- */
-void mbedtls_chachapoly_free( mbedtls_chachapoly_context *ctx );
-
-/**
- * \brief This function sets the ChaCha20-Poly1305
- * symmetric encryption key.
- *
- * \param ctx The ChaCha20-Poly1305 context to which the key should be
- * bound. This must be initialized.
- * \param key The \c 256 Bit (\c 32 Bytes) key.
- *
- * \return \c 0 on success.
- * \return A negative error code on failure.
- */
-int mbedtls_chachapoly_setkey( mbedtls_chachapoly_context *ctx,
- const unsigned char key[32] );
-
-/**
- * \brief This function starts a ChaCha20-Poly1305 encryption or
- * decryption operation.
- *
- * \warning You must never use the same nonce twice with the same key.
- * This would void any confidentiality and authenticity
- * guarantees for the messages encrypted with the same nonce
- * and key.
- *
- * \note If the context is being used for AAD only (no data to
- * encrypt or decrypt) then \p mode can be set to any value.
- *
- * \warning Decryption with the piecewise API is discouraged, see the
- * warning on \c mbedtls_chachapoly_init().
- *
- * \param ctx The ChaCha20-Poly1305 context. This must be initialized
- * and bound to a key.
- * \param nonce The nonce/IV to use for the message.
- * This must be a redable buffer of length \c 12 Bytes.
- * \param mode The operation to perform: #MBEDTLS_CHACHAPOLY_ENCRYPT or
- * #MBEDTLS_CHACHAPOLY_DECRYPT (discouraged, see warning).
- *
- * \return \c 0 on success.
- * \return A negative error code on failure.
- */
-int mbedtls_chachapoly_starts( mbedtls_chachapoly_context *ctx,
- const unsigned char nonce[12],
- mbedtls_chachapoly_mode_t mode );
-
-/**
- * \brief This function feeds additional data to be authenticated
- * into an ongoing ChaCha20-Poly1305 operation.
- *
- * The Additional Authenticated Data (AAD), also called
- * Associated Data (AD) is only authenticated but not
- * encrypted nor included in the encrypted output. It is
- * usually transmitted separately from the ciphertext or
- * computed locally by each party.
- *
- * \note This function is called before data is encrypted/decrypted.
- * I.e. call this function to process the AAD before calling
- * \c mbedtls_chachapoly_update().
- *
- * You may call this function multiple times to process
- * an arbitrary amount of AAD. It is permitted to call
- * this function 0 times, if no AAD is used.
- *
- * This function cannot be called any more if data has
- * been processed by \c mbedtls_chachapoly_update(),
- * or if the context has been finished.
- *
- * \warning Decryption with the piecewise API is discouraged, see the
- * warning on \c mbedtls_chachapoly_init().
- *
- * \param ctx The ChaCha20-Poly1305 context. This must be initialized
- * and bound to a key.
- * \param aad_len The length in Bytes of the AAD. The length has no
- * restrictions.
- * \param aad Buffer containing the AAD.
- * This pointer can be \c NULL if `aad_len == 0`.
- *
- * \return \c 0 on success.
- * \return #MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA
- * if \p ctx or \p aad are NULL.
- * \return #MBEDTLS_ERR_CHACHAPOLY_BAD_STATE
- * if the operations has not been started or has been
- * finished, or if the AAD has been finished.
- */
-int mbedtls_chachapoly_update_aad( mbedtls_chachapoly_context *ctx,
- const unsigned char *aad,
- size_t aad_len );
-
-/**
- * \brief Thus function feeds data to be encrypted or decrypted
- * into an on-going ChaCha20-Poly1305
- * operation.
- *
- * The direction (encryption or decryption) depends on the
- * mode that was given when calling
- * \c mbedtls_chachapoly_starts().
- *
- * You may call this function multiple times to process
- * an arbitrary amount of data. It is permitted to call
- * this function 0 times, if no data is to be encrypted
- * or decrypted.
- *
- * \warning Decryption with the piecewise API is discouraged, see the
- * warning on \c mbedtls_chachapoly_init().
- *
- * \param ctx The ChaCha20-Poly1305 context to use. This must be initialized.
- * \param len The length (in bytes) of the data to encrypt or decrypt.
- * \param input The buffer containing the data to encrypt or decrypt.
- * This pointer can be \c NULL if `len == 0`.
- * \param output The buffer to where the encrypted or decrypted data is
- * written. This must be able to hold \p len bytes.
- * This pointer can be \c NULL if `len == 0`.
- *
- * \return \c 0 on success.
- * \return #MBEDTLS_ERR_CHACHAPOLY_BAD_STATE
- * if the operation has not been started or has been
- * finished.
- * \return Another negative error code on other kinds of failure.
- */
-int mbedtls_chachapoly_update( mbedtls_chachapoly_context *ctx,
- size_t len,
- const unsigned char *input,
- unsigned char *output );
-
-/**
- * \brief This function finished the ChaCha20-Poly1305 operation and
- * generates the MAC (authentication tag).
- *
- * \param ctx The ChaCha20-Poly1305 context to use. This must be initialized.
- * \param mac The buffer to where the 128-bit (16 bytes) MAC is written.
- *
- * \warning Decryption with the piecewise API is discouraged, see the
- * warning on \c mbedtls_chachapoly_init().
- *
- * \return \c 0 on success.
- * \return #MBEDTLS_ERR_CHACHAPOLY_BAD_STATE
- * if the operation has not been started or has been
- * finished.
- * \return Another negative error code on other kinds of failure.
- */
-int mbedtls_chachapoly_finish( mbedtls_chachapoly_context *ctx,
- unsigned char mac[16] );
-
-/**
- * \brief This function performs a complete ChaCha20-Poly1305
- * authenticated encryption with the previously-set key.
- *
- * \note Before using this function, you must set the key with
- * \c mbedtls_chachapoly_setkey().
- *
- * \warning You must never use the same nonce twice with the same key.
- * This would void any confidentiality and authenticity
- * guarantees for the messages encrypted with the same nonce
- * and key.
- *
- * \param ctx The ChaCha20-Poly1305 context to use (holds the key).
- * This must be initialized.
- * \param length The length (in bytes) of the data to encrypt or decrypt.
- * \param nonce The 96-bit (12 bytes) nonce/IV to use.
- * \param aad The buffer containing the additional authenticated
- * data (AAD). This pointer can be \c NULL if `aad_len == 0`.
- * \param aad_len The length (in bytes) of the AAD data to process.
- * \param input The buffer containing the data to encrypt or decrypt.
- * This pointer can be \c NULL if `ilen == 0`.
- * \param output The buffer to where the encrypted or decrypted data
- * is written. This pointer can be \c NULL if `ilen == 0`.
- * \param tag The buffer to where the computed 128-bit (16 bytes) MAC
- * is written. This must not be \c NULL.
- *
- * \return \c 0 on success.
- * \return A negative error code on failure.
- */
-int mbedtls_chachapoly_encrypt_and_tag( mbedtls_chachapoly_context *ctx,
- size_t length,
- const unsigned char nonce[12],
- const unsigned char *aad,
- size_t aad_len,
- const unsigned char *input,
- unsigned char *output,
- unsigned char tag[16] );
-
-/**
- * \brief This function performs a complete ChaCha20-Poly1305
- * authenticated decryption with the previously-set key.
- *
- * \note Before using this function, you must set the key with
- * \c mbedtls_chachapoly_setkey().
- *
- * \param ctx The ChaCha20-Poly1305 context to use (holds the key).
- * \param length The length (in Bytes) of the data to decrypt.
- * \param nonce The \c 96 Bit (\c 12 bytes) nonce/IV to use.
- * \param aad The buffer containing the additional authenticated data (AAD).
- * This pointer can be \c NULL if `aad_len == 0`.
- * \param aad_len The length (in bytes) of the AAD data to process.
- * \param tag The buffer holding the authentication tag.
- * This must be a readable buffer of length \c 16 Bytes.
- * \param input The buffer containing the data to decrypt.
- * This pointer can be \c NULL if `ilen == 0`.
- * \param output The buffer to where the decrypted data is written.
- * This pointer can be \c NULL if `ilen == 0`.
- *
- * \return \c 0 on success.
- * \return #MBEDTLS_ERR_CHACHAPOLY_AUTH_FAILED
- * if the data was not authentic.
- * \return Another negative error code on other kinds of failure.
- */
-int mbedtls_chachapoly_auth_decrypt( mbedtls_chachapoly_context *ctx,
- size_t length,
- const unsigned char nonce[12],
- const unsigned char *aad,
- size_t aad_len,
- const unsigned char tag[16],
- const unsigned char *input,
- unsigned char *output );
-
-#if defined(MBEDTLS_SELF_TEST)
-/**
- * \brief The ChaCha20-Poly1305 checkup routine.
- *
- * \return \c 0 on success.
- * \return \c 1 on failure.
- */
-int mbedtls_chachapoly_self_test( int verbose );
-#endif /* MBEDTLS_SELF_TEST */
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* MBEDTLS_CHACHAPOLY_H */
diff --git a/mbedtls/check_config.h b/mbedtls/check_config.h
deleted file mode 100644
index ce97f6a..0000000
--- a/mbedtls/check_config.h
+++ /dev/null
@@ -1,833 +0,0 @@
-/**
- * \file check_config.h
- *
- * \brief Consistency checks for configuration options
- */
-/*
- * Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-#ifndef MBEDTLS_CHECK_CONFIG_H
-#define MBEDTLS_CHECK_CONFIG_H
-
-/*
- * We assume CHAR_BIT is 8 in many places. In practice, this is true on our
- * target platforms, so not an issue, but let's just be extra sure.
- */
-#include
-#if CHAR_BIT != 8
-#error "mbed TLS requires a platform with 8-bit chars"
-#endif
-
-#if defined(_WIN32)
-#if !defined(MBEDTLS_PLATFORM_C)
-#error "MBEDTLS_PLATFORM_C is required on Windows"
-#endif
-
-/* Fix the config here. Not convenient to put an #ifdef _WIN32 in mbedtls_config.h as
- * it would confuse config.py. */
-#if !defined(MBEDTLS_PLATFORM_SNPRINTF_ALT) && \
- !defined(MBEDTLS_PLATFORM_SNPRINTF_MACRO)
-#define MBEDTLS_PLATFORM_SNPRINTF_ALT
-#endif
-
-#if !defined(MBEDTLS_PLATFORM_VSNPRINTF_ALT) && \
- !defined(MBEDTLS_PLATFORM_VSNPRINTF_MACRO)
-#define MBEDTLS_PLATFORM_VSNPRINTF_ALT
-#endif
-#endif /* _WIN32 */
-
-#if defined(TARGET_LIKE_MBED) && defined(MBEDTLS_NET_C)
-#error "The NET module is not available for mbed OS - please use the network functions provided by Mbed OS"
-#endif
-
-#if defined(MBEDTLS_DEPRECATED_WARNING) && \
- !defined(__GNUC__) && !defined(__clang__)
-#error "MBEDTLS_DEPRECATED_WARNING only works with GCC and Clang"
-#endif
-
-#if defined(MBEDTLS_HAVE_TIME_DATE) && !defined(MBEDTLS_HAVE_TIME)
-#error "MBEDTLS_HAVE_TIME_DATE without MBEDTLS_HAVE_TIME does not make sense"
-#endif
-
-#if defined(MBEDTLS_AESNI_C) && !defined(MBEDTLS_HAVE_ASM)
-#error "MBEDTLS_AESNI_C defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_CTR_DRBG_C) && !defined(MBEDTLS_AES_C)
-#error "MBEDTLS_CTR_DRBG_C defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_DHM_C) && !defined(MBEDTLS_BIGNUM_C)
-#error "MBEDTLS_DHM_C defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_CMAC_C) && \
- !defined(MBEDTLS_AES_C) && !defined(MBEDTLS_DES_C)
-#error "MBEDTLS_CMAC_C defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_NIST_KW_C) && \
- ( !defined(MBEDTLS_AES_C) || !defined(MBEDTLS_CIPHER_C) )
-#error "MBEDTLS_NIST_KW_C defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_ECDH_C) && !defined(MBEDTLS_ECP_C)
-#error "MBEDTLS_ECDH_C defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_ECDSA_C) && \
- ( !defined(MBEDTLS_ECP_C) || \
- !( defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED) || \
- defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED) || \
- defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED) || \
- defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED) || \
- defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED) || \
- defined(MBEDTLS_ECP_DP_SECP192K1_ENABLED) || \
- defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED) || \
- defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED) || \
- defined(MBEDTLS_ECP_DP_BP256R1_ENABLED) || \
- defined(MBEDTLS_ECP_DP_BP384R1_ENABLED) || \
- defined(MBEDTLS_ECP_DP_BP512R1_ENABLED) ) || \
- !defined(MBEDTLS_ASN1_PARSE_C) || \
- !defined(MBEDTLS_ASN1_WRITE_C) )
-#error "MBEDTLS_ECDSA_C defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_ECJPAKE_C) && \
- ( !defined(MBEDTLS_ECP_C) || !defined(MBEDTLS_MD_C) )
-#error "MBEDTLS_ECJPAKE_C defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_ECP_RESTARTABLE) && \
- ( defined(MBEDTLS_USE_PSA_CRYPTO) || \
- defined(MBEDTLS_ECDH_COMPUTE_SHARED_ALT) || \
- defined(MBEDTLS_ECDH_GEN_PUBLIC_ALT) || \
- defined(MBEDTLS_ECDSA_SIGN_ALT) || \
- defined(MBEDTLS_ECDSA_VERIFY_ALT) || \
- defined(MBEDTLS_ECDSA_GENKEY_ALT) || \
- defined(MBEDTLS_ECP_INTERNAL_ALT) || \
- defined(MBEDTLS_ECP_ALT) )
-#error "MBEDTLS_ECP_RESTARTABLE defined, but it cannot coexist with an alternative or PSA-based ECP implementation"
-#endif
-
-#if defined(MBEDTLS_ECDSA_DETERMINISTIC) && !defined(MBEDTLS_HMAC_DRBG_C)
-#error "MBEDTLS_ECDSA_DETERMINISTIC defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_ECP_C) && ( !defined(MBEDTLS_BIGNUM_C) || ( \
- !defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED) && \
- !defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED) && \
- !defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED) && \
- !defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED) && \
- !defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED) && \
- !defined(MBEDTLS_ECP_DP_BP256R1_ENABLED) && \
- !defined(MBEDTLS_ECP_DP_BP384R1_ENABLED) && \
- !defined(MBEDTLS_ECP_DP_BP512R1_ENABLED) && \
- !defined(MBEDTLS_ECP_DP_SECP192K1_ENABLED) && \
- !defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED) && \
- !defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED) && \
- !defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED) && \
- !defined(MBEDTLS_ECP_DP_CURVE448_ENABLED) ) )
-#error "MBEDTLS_ECP_C defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_PK_PARSE_C) && !defined(MBEDTLS_ASN1_PARSE_C)
-#error "MBEDTLS_PK_PARSE_C defined, but not all prerequesites"
-#endif
-
-#if defined(MBEDTLS_ENTROPY_C) && (!defined(MBEDTLS_SHA512_C) && \
- !defined(MBEDTLS_SHA256_C))
-#error "MBEDTLS_ENTROPY_C defined, but not all prerequisites"
-#endif
-#if defined(MBEDTLS_ENTROPY_C) && defined(MBEDTLS_SHA512_C) && \
- defined(MBEDTLS_CTR_DRBG_ENTROPY_LEN) && (MBEDTLS_CTR_DRBG_ENTROPY_LEN > 64)
-#error "MBEDTLS_CTR_DRBG_ENTROPY_LEN value too high"
-#endif
-#if defined(MBEDTLS_ENTROPY_C) && \
- ( !defined(MBEDTLS_SHA512_C) || defined(MBEDTLS_ENTROPY_FORCE_SHA256) ) \
- && defined(MBEDTLS_CTR_DRBG_ENTROPY_LEN) && (MBEDTLS_CTR_DRBG_ENTROPY_LEN > 32)
-#error "MBEDTLS_CTR_DRBG_ENTROPY_LEN value too high"
-#endif
-#if defined(MBEDTLS_ENTROPY_C) && \
- defined(MBEDTLS_ENTROPY_FORCE_SHA256) && !defined(MBEDTLS_SHA256_C)
-#error "MBEDTLS_ENTROPY_FORCE_SHA256 defined, but not all prerequisites"
-#endif
-
-#if defined(__has_feature)
-#if __has_feature(memory_sanitizer)
-#define MBEDTLS_HAS_MEMSAN
-#endif
-#endif
-#if defined(MBEDTLS_TEST_CONSTANT_FLOW_MEMSAN) && !defined(MBEDTLS_HAS_MEMSAN)
-#error "MBEDTLS_TEST_CONSTANT_FLOW_MEMSAN requires building with MemorySanitizer"
-#endif
-#undef MBEDTLS_HAS_MEMSAN
-
-#if defined(MBEDTLS_GCM_C) && ( \
- !defined(MBEDTLS_AES_C) && !defined(MBEDTLS_CAMELLIA_C) && !defined(MBEDTLS_ARIA_C) )
-#error "MBEDTLS_GCM_C defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_ECP_RANDOMIZE_JAC_ALT) && !defined(MBEDTLS_ECP_INTERNAL_ALT)
-#error "MBEDTLS_ECP_RANDOMIZE_JAC_ALT defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_ECP_ADD_MIXED_ALT) && !defined(MBEDTLS_ECP_INTERNAL_ALT)
-#error "MBEDTLS_ECP_ADD_MIXED_ALT defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_ECP_DOUBLE_JAC_ALT) && !defined(MBEDTLS_ECP_INTERNAL_ALT)
-#error "MBEDTLS_ECP_DOUBLE_JAC_ALT defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_ECP_NORMALIZE_JAC_MANY_ALT) && !defined(MBEDTLS_ECP_INTERNAL_ALT)
-#error "MBEDTLS_ECP_NORMALIZE_JAC_MANY_ALT defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_ECP_NORMALIZE_JAC_ALT) && !defined(MBEDTLS_ECP_INTERNAL_ALT)
-#error "MBEDTLS_ECP_NORMALIZE_JAC_ALT defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_ECP_DOUBLE_ADD_MXZ_ALT) && !defined(MBEDTLS_ECP_INTERNAL_ALT)
-#error "MBEDTLS_ECP_DOUBLE_ADD_MXZ_ALT defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_ECP_RANDOMIZE_MXZ_ALT) && !defined(MBEDTLS_ECP_INTERNAL_ALT)
-#error "MBEDTLS_ECP_RANDOMIZE_MXZ_ALT defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_ECP_NORMALIZE_MXZ_ALT) && !defined(MBEDTLS_ECP_INTERNAL_ALT)
-#error "MBEDTLS_ECP_NORMALIZE_MXZ_ALT defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_ECP_NO_FALLBACK) && !defined(MBEDTLS_ECP_INTERNAL_ALT)
-#error "MBEDTLS_ECP_NO_FALLBACK defined, but no alternative implementation enabled"
-#endif
-
-#if defined(MBEDTLS_HKDF_C) && !defined(MBEDTLS_MD_C)
-#error "MBEDTLS_HKDF_C defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_HMAC_DRBG_C) && !defined(MBEDTLS_MD_C)
-#error "MBEDTLS_HMAC_DRBG_C defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED) && \
- ( !defined(MBEDTLS_ECDH_C) || !defined(MBEDTLS_ECDSA_C) || \
- !defined(MBEDTLS_X509_CRT_PARSE_C) )
-#error "MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) && \
- ( !defined(MBEDTLS_ECDH_C) || !defined(MBEDTLS_RSA_C) || \
- !defined(MBEDTLS_X509_CRT_PARSE_C) )
-#error "MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED) && !defined(MBEDTLS_DHM_C)
-#error "MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED) && \
- !defined(MBEDTLS_ECDH_C)
-#error "MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) && \
- ( !defined(MBEDTLS_DHM_C) || !defined(MBEDTLS_RSA_C) || \
- !defined(MBEDTLS_X509_CRT_PARSE_C) || !defined(MBEDTLS_PKCS1_V15) )
-#error "MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) && \
- ( !defined(MBEDTLS_ECDH_C) || !defined(MBEDTLS_RSA_C) || \
- !defined(MBEDTLS_X509_CRT_PARSE_C) || !defined(MBEDTLS_PKCS1_V15) )
-#error "MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) && \
- ( !defined(MBEDTLS_ECDH_C) || !defined(MBEDTLS_ECDSA_C) || \
- !defined(MBEDTLS_X509_CRT_PARSE_C) )
-#error "MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED) && \
- ( !defined(MBEDTLS_RSA_C) || !defined(MBEDTLS_X509_CRT_PARSE_C) || \
- !defined(MBEDTLS_PKCS1_V15) )
-#error "MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED) && \
- ( !defined(MBEDTLS_RSA_C) || !defined(MBEDTLS_X509_CRT_PARSE_C) || \
- !defined(MBEDTLS_PKCS1_V15) )
-#error "MBEDTLS_KEY_EXCHANGE_RSA_ENABLED defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) && \
- ( !defined(MBEDTLS_ECJPAKE_C) || !defined(MBEDTLS_SHA256_C) || \
- !defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED) )
-#error "MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) && \
- !defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE) && \
- ( !defined(MBEDTLS_SHA256_C) && \
- !defined(MBEDTLS_SHA512_C) && \
- !defined(MBEDTLS_SHA1_C) )
-#error "!MBEDTLS_SSL_KEEP_PEER_CERTIFICATE requires MBEDTLS_SHA512_C, MBEDTLS_SHA256_C or MBEDTLS_SHA1_C"
-#endif
-
-#if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C) && \
- ( !defined(MBEDTLS_PLATFORM_C) || !defined(MBEDTLS_PLATFORM_MEMORY) )
-#error "MBEDTLS_MEMORY_BUFFER_ALLOC_C defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_MEMORY_BACKTRACE) && !defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C)
-#error "MBEDTLS_MEMORY_BACKTRACE defined, but not all prerequesites"
-#endif
-
-#if defined(MBEDTLS_MEMORY_DEBUG) && !defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C)
-#error "MBEDTLS_MEMORY_DEBUG defined, but not all prerequesites"
-#endif
-
-#if defined(MBEDTLS_PADLOCK_C) && !defined(MBEDTLS_HAVE_ASM)
-#error "MBEDTLS_PADLOCK_C defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_PEM_PARSE_C) && !defined(MBEDTLS_BASE64_C)
-#error "MBEDTLS_PEM_PARSE_C defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_PEM_WRITE_C) && !defined(MBEDTLS_BASE64_C)
-#error "MBEDTLS_PEM_WRITE_C defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_PK_C) && \
- ( !defined(MBEDTLS_RSA_C) && !defined(MBEDTLS_ECP_C) )
-#error "MBEDTLS_PK_C defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_PK_PARSE_C) && !defined(MBEDTLS_PK_C)
-#error "MBEDTLS_PK_PARSE_C defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_PK_WRITE_C) && !defined(MBEDTLS_PK_C)
-#error "MBEDTLS_PK_WRITE_C defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_PLATFORM_EXIT_ALT) && !defined(MBEDTLS_PLATFORM_C)
-#error "MBEDTLS_PLATFORM_EXIT_ALT defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_PLATFORM_EXIT_MACRO) && !defined(MBEDTLS_PLATFORM_C)
-#error "MBEDTLS_PLATFORM_EXIT_MACRO defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_PLATFORM_EXIT_MACRO) &&\
- ( defined(MBEDTLS_PLATFORM_STD_EXIT) ||\
- defined(MBEDTLS_PLATFORM_EXIT_ALT) )
-#error "MBEDTLS_PLATFORM_EXIT_MACRO and MBEDTLS_PLATFORM_STD_EXIT/MBEDTLS_PLATFORM_EXIT_ALT cannot be defined simultaneously"
-#endif
-
-#if defined(MBEDTLS_PLATFORM_TIME_ALT) &&\
- ( !defined(MBEDTLS_PLATFORM_C) ||\
- !defined(MBEDTLS_HAVE_TIME) )
-#error "MBEDTLS_PLATFORM_TIME_ALT defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_PLATFORM_TIME_MACRO) &&\
- ( !defined(MBEDTLS_PLATFORM_C) ||\
- !defined(MBEDTLS_HAVE_TIME) )
-#error "MBEDTLS_PLATFORM_TIME_MACRO defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_PLATFORM_TIME_TYPE_MACRO) &&\
- ( !defined(MBEDTLS_PLATFORM_C) ||\
- !defined(MBEDTLS_HAVE_TIME) )
-#error "MBEDTLS_PLATFORM_TIME_TYPE_MACRO defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_PLATFORM_TIME_MACRO) &&\
- ( defined(MBEDTLS_PLATFORM_STD_TIME) ||\
- defined(MBEDTLS_PLATFORM_TIME_ALT) )
-#error "MBEDTLS_PLATFORM_TIME_MACRO and MBEDTLS_PLATFORM_STD_TIME/MBEDTLS_PLATFORM_TIME_ALT cannot be defined simultaneously"
-#endif
-
-#if defined(MBEDTLS_PLATFORM_TIME_TYPE_MACRO) &&\
- ( defined(MBEDTLS_PLATFORM_STD_TIME) ||\
- defined(MBEDTLS_PLATFORM_TIME_ALT) )
-#error "MBEDTLS_PLATFORM_TIME_TYPE_MACRO and MBEDTLS_PLATFORM_STD_TIME/MBEDTLS_PLATFORM_TIME_ALT cannot be defined simultaneously"
-#endif
-
-#if defined(MBEDTLS_PLATFORM_FPRINTF_ALT) && !defined(MBEDTLS_PLATFORM_C)
-#error "MBEDTLS_PLATFORM_FPRINTF_ALT defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_PLATFORM_FPRINTF_MACRO) && !defined(MBEDTLS_PLATFORM_C)
-#error "MBEDTLS_PLATFORM_FPRINTF_MACRO defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_PLATFORM_FPRINTF_MACRO) &&\
- ( defined(MBEDTLS_PLATFORM_STD_FPRINTF) ||\
- defined(MBEDTLS_PLATFORM_FPRINTF_ALT) )
-#error "MBEDTLS_PLATFORM_FPRINTF_MACRO and MBEDTLS_PLATFORM_STD_FPRINTF/MBEDTLS_PLATFORM_FPRINTF_ALT cannot be defined simultaneously"
-#endif
-
-#if defined(MBEDTLS_PLATFORM_FREE_MACRO) &&\
- ( !defined(MBEDTLS_PLATFORM_C) || !defined(MBEDTLS_PLATFORM_MEMORY) )
-#error "MBEDTLS_PLATFORM_FREE_MACRO defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_PLATFORM_FREE_MACRO) &&\
- defined(MBEDTLS_PLATFORM_STD_FREE)
-#error "MBEDTLS_PLATFORM_FREE_MACRO and MBEDTLS_PLATFORM_STD_FREE cannot be defined simultaneously"
-#endif
-
-#if defined(MBEDTLS_PLATFORM_FREE_MACRO) && !defined(MBEDTLS_PLATFORM_CALLOC_MACRO)
-#error "MBEDTLS_PLATFORM_CALLOC_MACRO must be defined if MBEDTLS_PLATFORM_FREE_MACRO is"
-#endif
-
-#if defined(MBEDTLS_PLATFORM_CALLOC_MACRO) &&\
- ( !defined(MBEDTLS_PLATFORM_C) || !defined(MBEDTLS_PLATFORM_MEMORY) )
-#error "MBEDTLS_PLATFORM_CALLOC_MACRO defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_PLATFORM_CALLOC_MACRO) &&\
- defined(MBEDTLS_PLATFORM_STD_CALLOC)
-#error "MBEDTLS_PLATFORM_CALLOC_MACRO and MBEDTLS_PLATFORM_STD_CALLOC cannot be defined simultaneously"
-#endif
-
-#if defined(MBEDTLS_PLATFORM_CALLOC_MACRO) && !defined(MBEDTLS_PLATFORM_FREE_MACRO)
-#error "MBEDTLS_PLATFORM_FREE_MACRO must be defined if MBEDTLS_PLATFORM_CALLOC_MACRO is"
-#endif
-
-#if defined(MBEDTLS_PLATFORM_MEMORY) && !defined(MBEDTLS_PLATFORM_C)
-#error "MBEDTLS_PLATFORM_MEMORY defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_PLATFORM_PRINTF_ALT) && !defined(MBEDTLS_PLATFORM_C)
-#error "MBEDTLS_PLATFORM_PRINTF_ALT defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_PLATFORM_PRINTF_MACRO) && !defined(MBEDTLS_PLATFORM_C)
-#error "MBEDTLS_PLATFORM_PRINTF_MACRO defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_PLATFORM_PRINTF_MACRO) &&\
- ( defined(MBEDTLS_PLATFORM_STD_PRINTF) ||\
- defined(MBEDTLS_PLATFORM_PRINTF_ALT) )
-#error "MBEDTLS_PLATFORM_PRINTF_MACRO and MBEDTLS_PLATFORM_STD_PRINTF/MBEDTLS_PLATFORM_PRINTF_ALT cannot be defined simultaneously"
-#endif
-
-#if defined(MBEDTLS_PLATFORM_SNPRINTF_ALT) && !defined(MBEDTLS_PLATFORM_C)
-#error "MBEDTLS_PLATFORM_SNPRINTF_ALT defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_PLATFORM_SNPRINTF_MACRO) && !defined(MBEDTLS_PLATFORM_C)
-#error "MBEDTLS_PLATFORM_SNPRINTF_MACRO defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_PLATFORM_SNPRINTF_MACRO) &&\
- ( defined(MBEDTLS_PLATFORM_STD_SNPRINTF) ||\
- defined(MBEDTLS_PLATFORM_SNPRINTF_ALT) )
-#error "MBEDTLS_PLATFORM_SNPRINTF_MACRO and MBEDTLS_PLATFORM_STD_SNPRINTF/MBEDTLS_PLATFORM_SNPRINTF_ALT cannot be defined simultaneously"
-#endif
-
-#if defined(MBEDTLS_PLATFORM_STD_MEM_HDR) &&\
- !defined(MBEDTLS_PLATFORM_NO_STD_FUNCTIONS)
-#error "MBEDTLS_PLATFORM_STD_MEM_HDR defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_PLATFORM_STD_CALLOC) && !defined(MBEDTLS_PLATFORM_MEMORY)
-#error "MBEDTLS_PLATFORM_STD_CALLOC defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_PLATFORM_STD_FREE) && !defined(MBEDTLS_PLATFORM_MEMORY)
-#error "MBEDTLS_PLATFORM_STD_FREE defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_PLATFORM_STD_EXIT) &&\
- !defined(MBEDTLS_PLATFORM_EXIT_ALT)
-#error "MBEDTLS_PLATFORM_STD_EXIT defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_PLATFORM_STD_TIME) &&\
- ( !defined(MBEDTLS_PLATFORM_TIME_ALT) ||\
- !defined(MBEDTLS_HAVE_TIME) )
-#error "MBEDTLS_PLATFORM_STD_TIME defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_PLATFORM_STD_FPRINTF) &&\
- !defined(MBEDTLS_PLATFORM_FPRINTF_ALT)
-#error "MBEDTLS_PLATFORM_STD_FPRINTF defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_PLATFORM_STD_PRINTF) &&\
- !defined(MBEDTLS_PLATFORM_PRINTF_ALT)
-#error "MBEDTLS_PLATFORM_STD_PRINTF defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_PLATFORM_STD_SNPRINTF) &&\
- !defined(MBEDTLS_PLATFORM_SNPRINTF_ALT)
-#error "MBEDTLS_PLATFORM_STD_SNPRINTF defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_ENTROPY_NV_SEED) &&\
- ( !defined(MBEDTLS_PLATFORM_C) || !defined(MBEDTLS_ENTROPY_C) )
-#error "MBEDTLS_ENTROPY_NV_SEED defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_PLATFORM_NV_SEED_ALT) &&\
- !defined(MBEDTLS_ENTROPY_NV_SEED)
-#error "MBEDTLS_PLATFORM_NV_SEED_ALT defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_PLATFORM_STD_NV_SEED_READ) &&\
- !defined(MBEDTLS_PLATFORM_NV_SEED_ALT)
-#error "MBEDTLS_PLATFORM_STD_NV_SEED_READ defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_PLATFORM_STD_NV_SEED_WRITE) &&\
- !defined(MBEDTLS_PLATFORM_NV_SEED_ALT)
-#error "MBEDTLS_PLATFORM_STD_NV_SEED_WRITE defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_PLATFORM_NV_SEED_READ_MACRO) &&\
- ( defined(MBEDTLS_PLATFORM_STD_NV_SEED_READ) ||\
- defined(MBEDTLS_PLATFORM_NV_SEED_ALT) )
-#error "MBEDTLS_PLATFORM_NV_SEED_READ_MACRO and MBEDTLS_PLATFORM_STD_NV_SEED_READ cannot be defined simultaneously"
-#endif
-
-#if defined(MBEDTLS_PLATFORM_NV_SEED_WRITE_MACRO) &&\
- ( defined(MBEDTLS_PLATFORM_STD_NV_SEED_WRITE) ||\
- defined(MBEDTLS_PLATFORM_NV_SEED_ALT) )
-#error "MBEDTLS_PLATFORM_NV_SEED_WRITE_MACRO and MBEDTLS_PLATFORM_STD_NV_SEED_WRITE cannot be defined simultaneously"
-#endif
-
-#if defined(MBEDTLS_PSA_CRYPTO_C) && \
- !( ( ( defined(MBEDTLS_CTR_DRBG_C) || defined(MBEDTLS_HMAC_DRBG_C) ) && \
- defined(MBEDTLS_ENTROPY_C) ) || \
- defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG) )
-#error "MBEDTLS_PSA_CRYPTO_C defined, but not all prerequisites (missing RNG)"
-#endif
-
-#if defined(MBEDTLS_PSA_CRYPTO_SPM) && !defined(MBEDTLS_PSA_CRYPTO_C)
-#error "MBEDTLS_PSA_CRYPTO_SPM defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_PSA_CRYPTO_SE_C) && \
- ! ( defined(MBEDTLS_PSA_CRYPTO_C) && \
- defined(MBEDTLS_PSA_CRYPTO_STORAGE_C) )
-#error "MBEDTLS_PSA_CRYPTO_SE_C defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_PSA_CRYPTO_STORAGE_C) && \
- ! defined(MBEDTLS_PSA_CRYPTO_C)
-#error "MBEDTLS_PSA_CRYPTO_STORAGE_C defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_PSA_INJECT_ENTROPY) && \
- !( defined(MBEDTLS_PSA_CRYPTO_STORAGE_C) && \
- defined(MBEDTLS_ENTROPY_NV_SEED) )
-#error "MBEDTLS_PSA_INJECT_ENTROPY defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_PSA_INJECT_ENTROPY) && \
- !defined(MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES)
-#error "MBEDTLS_PSA_INJECT_ENTROPY is not compatible with actual entropy sources"
-#endif
-
-#if defined(MBEDTLS_PSA_INJECT_ENTROPY) && \
- defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG)
-#error "MBEDTLS_PSA_INJECT_ENTROPY is not compatible with MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG"
-#endif
-
-#if defined(MBEDTLS_PSA_ITS_FILE_C) && \
- !defined(MBEDTLS_FS_IO)
-#error "MBEDTLS_PSA_ITS_FILE_C defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER) && \
- defined(MBEDTLS_USE_PSA_CRYPTO)
-#error "MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER defined, but it cannot coexist with MBEDTLS_USE_PSA_CRYPTO."
-#endif
-
-#if defined(MBEDTLS_RSA_C) && ( !defined(MBEDTLS_BIGNUM_C) || \
- !defined(MBEDTLS_OID_C) )
-#error "MBEDTLS_RSA_C defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_RSA_C) && ( !defined(MBEDTLS_PKCS1_V21) && \
- !defined(MBEDTLS_PKCS1_V15) )
-#error "MBEDTLS_RSA_C defined, but none of the PKCS1 versions enabled"
-#endif
-
-#if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT) && \
- ( !defined(MBEDTLS_RSA_C) || !defined(MBEDTLS_PKCS1_V21) )
-#error "MBEDTLS_X509_RSASSA_PSS_SUPPORT defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_SHA384_C) && !defined(MBEDTLS_SHA512_C)
-#error "MBEDTLS_SHA384_C defined without MBEDTLS_SHA512_C"
-#endif
-
-#if defined(MBEDTLS_SHA224_C) && !defined(MBEDTLS_SHA256_C)
-#error "MBEDTLS_SHA224_C defined without MBEDTLS_SHA256_C"
-#endif
-
-#if defined(MBEDTLS_SHA256_C) && !defined(MBEDTLS_SHA224_C)
-#error "MBEDTLS_SHA256_C defined without MBEDTLS_SHA224_C"
-#endif
-
-#if defined(MBEDTLS_SSL_PROTO_TLS1_2) && ( !defined(MBEDTLS_SHA1_C) && \
- !defined(MBEDTLS_SHA256_C) && !defined(MBEDTLS_SHA512_C) )
-#error "MBEDTLS_SSL_PROTO_TLS1_2 defined, but not all prerequisites"
-#endif
-
-/*
- * HKDF is mandatory for TLS 1.3.
- * Otherwise support for at least one ciphersuite mandates either SHA_256 or
- * SHA_384.
- */
-#if defined(MBEDTLS_SSL_PROTO_TLS1_3) && \
- ( ( !defined(MBEDTLS_HKDF_C) ) || \
- ( !defined(MBEDTLS_SHA256_C) && !defined(MBEDTLS_SHA384_C) ) || \
- ( !defined(MBEDTLS_PSA_CRYPTO_C) ) )
-#error "MBEDTLS_SSL_PROTO_TLS1_3 defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_SSL_PROTO_TLS1_2) && \
- !(defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED) || \
- defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) || \
- defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \
- defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) || \
- defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) || \
- defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED) || \
- defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED) || \
- defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED) || \
- defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED) || \
- defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED) || \
- defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) )
-#error "One or more versions of the TLS protocol are enabled " \
- "but no key exchange methods defined with MBEDTLS_KEY_EXCHANGE_xxxx"
-#endif
-
-#if defined(MBEDTLS_SSL_PROTO_DTLS) && \
- !defined(MBEDTLS_SSL_PROTO_TLS1_2)
-#error "MBEDTLS_SSL_PROTO_DTLS defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_SSL_CLI_C) && !defined(MBEDTLS_SSL_TLS_C)
-#error "MBEDTLS_SSL_CLI_C defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_SSL_TLS_C) && ( !defined(MBEDTLS_CIPHER_C) || \
- !defined(MBEDTLS_MD_C) )
-#error "MBEDTLS_SSL_TLS_C defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_SSL_SRV_C) && !defined(MBEDTLS_SSL_TLS_C)
-#error "MBEDTLS_SSL_SRV_C defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_SSL_TLS_C) && !defined(MBEDTLS_SSL_PROTO_TLS1_2)
-#error "MBEDTLS_SSL_TLS_C defined, but no protocols are active"
-#endif
-
-#if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY) && !defined(MBEDTLS_SSL_PROTO_DTLS)
-#error "MBEDTLS_SSL_DTLS_HELLO_VERIFY defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE) && \
- !defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY)
-#error "MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY) && \
- ( !defined(MBEDTLS_SSL_TLS_C) || !defined(MBEDTLS_SSL_PROTO_DTLS) )
-#error "MBEDTLS_SSL_DTLS_ANTI_REPLAY defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) && \
- ( !defined(MBEDTLS_SSL_TLS_C) || !defined(MBEDTLS_SSL_PROTO_DTLS) )
-#error "MBEDTLS_SSL_DTLS_CONNECTION_ID defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) && \
- defined(MBEDTLS_SSL_CID_IN_LEN_MAX) && \
- MBEDTLS_SSL_CID_IN_LEN_MAX > 255
-#error "MBEDTLS_SSL_CID_IN_LEN_MAX too large (max 255)"
-#endif
-
-#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) && \
- defined(MBEDTLS_SSL_CID_OUT_LEN_MAX) && \
- MBEDTLS_SSL_CID_OUT_LEN_MAX > 255
-#error "MBEDTLS_SSL_CID_OUT_LEN_MAX too large (max 255)"
-#endif
-
-#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) && \
- !defined(MBEDTLS_SSL_PROTO_TLS1_2)
-#error "MBEDTLS_SSL_ENCRYPT_THEN_MAC defined, but not all prerequsites"
-#endif
-
-#if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET) && \
- !defined(MBEDTLS_SSL_PROTO_TLS1_2)
-#error "MBEDTLS_SSL_EXTENDED_MASTER_SECRET defined, but not all prerequsites"
-#endif
-
-#if defined(MBEDTLS_SSL_TICKET_C) && !defined(MBEDTLS_CIPHER_C)
-#error "MBEDTLS_SSL_TICKET_C defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION) && \
- !defined(MBEDTLS_X509_CRT_PARSE_C)
-#error "MBEDTLS_SSL_SERVER_NAME_INDICATION defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_THREADING_PTHREAD)
-#if !defined(MBEDTLS_THREADING_C) || defined(MBEDTLS_THREADING_IMPL)
-#error "MBEDTLS_THREADING_PTHREAD defined, but not all prerequisites"
-#endif
-#define MBEDTLS_THREADING_IMPL
-#endif
-
-#if defined(MBEDTLS_THREADING_ALT)
-#if !defined(MBEDTLS_THREADING_C) || defined(MBEDTLS_THREADING_IMPL)
-#error "MBEDTLS_THREADING_ALT defined, but not all prerequisites"
-#endif
-#define MBEDTLS_THREADING_IMPL
-#endif
-
-#if defined(MBEDTLS_THREADING_C) && !defined(MBEDTLS_THREADING_IMPL)
-#error "MBEDTLS_THREADING_C defined, single threading implementation required"
-#endif
-#undef MBEDTLS_THREADING_IMPL
-
-#if defined(MBEDTLS_USE_PSA_CRYPTO) && !defined(MBEDTLS_PSA_CRYPTO_C)
-#error "MBEDTLS_USE_PSA_CRYPTO defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_VERSION_FEATURES) && !defined(MBEDTLS_VERSION_C)
-#error "MBEDTLS_VERSION_FEATURES defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_X509_USE_C) && ( !defined(MBEDTLS_BIGNUM_C) || \
- !defined(MBEDTLS_OID_C) || !defined(MBEDTLS_ASN1_PARSE_C) || \
- !defined(MBEDTLS_PK_PARSE_C) )
-#error "MBEDTLS_X509_USE_C defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_X509_CREATE_C) && ( !defined(MBEDTLS_BIGNUM_C) || \
- !defined(MBEDTLS_OID_C) || !defined(MBEDTLS_ASN1_WRITE_C) || \
- !defined(MBEDTLS_PK_WRITE_C) )
-#error "MBEDTLS_X509_CREATE_C defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_X509_CRT_PARSE_C) && ( !defined(MBEDTLS_X509_USE_C) )
-#error "MBEDTLS_X509_CRT_PARSE_C defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_X509_CRL_PARSE_C) && ( !defined(MBEDTLS_X509_USE_C) )
-#error "MBEDTLS_X509_CRL_PARSE_C defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_X509_CSR_PARSE_C) && ( !defined(MBEDTLS_X509_USE_C) )
-#error "MBEDTLS_X509_CSR_PARSE_C defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_X509_CRT_WRITE_C) && ( !defined(MBEDTLS_X509_CREATE_C) )
-#error "MBEDTLS_X509_CRT_WRITE_C defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_X509_CSR_WRITE_C) && ( !defined(MBEDTLS_X509_CREATE_C) )
-#error "MBEDTLS_X509_CSR_WRITE_C defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_HAVE_INT32) && defined(MBEDTLS_HAVE_INT64)
-#error "MBEDTLS_HAVE_INT32 and MBEDTLS_HAVE_INT64 cannot be defined simultaneously"
-#endif /* MBEDTLS_HAVE_INT32 && MBEDTLS_HAVE_INT64 */
-
-#if ( defined(MBEDTLS_HAVE_INT32) || defined(MBEDTLS_HAVE_INT64) ) && \
- defined(MBEDTLS_HAVE_ASM)
-#error "MBEDTLS_HAVE_INT32/MBEDTLS_HAVE_INT64 and MBEDTLS_HAVE_ASM cannot be defined simultaneously"
-#endif /* (MBEDTLS_HAVE_INT32 || MBEDTLS_HAVE_INT64) && MBEDTLS_HAVE_ASM */
-
-#if defined(MBEDTLS_SSL_DTLS_SRTP) && ( !defined(MBEDTLS_SSL_PROTO_DTLS) )
-#error "MBEDTLS_SSL_DTLS_SRTP defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH) && ( !defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH) )
-#error "MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH defined, but not all prerequisites"
-#endif
-
-
-
-/* Reject attempts to enable options that have been removed and that could
- * cause a build to succeed but with features removed. */
-
-#if defined(MBEDTLS_HAVEGE_C) //no-check-names
-#error "MBEDTLS_HAVEGE_C was removed in Mbed TLS 3.0. See https://github.com/ARMmbed/mbedtls/issues/2599"
-#endif
-
-#if defined(MBEDTLS_SSL_HW_RECORD_ACCEL) //no-check-names
-#error "MBEDTLS_SSL_HW_RECORD_ACCEL was removed in Mbed TLS 3.0. See https://github.com/ARMmbed/mbedtls/issues/4031"
-#endif
-
-#if defined(MBEDTLS_SSL_PROTO_SSL3) //no-check-names
-#error "MBEDTLS_SSL_PROTO_SSL3 (SSL v3.0 support) was removed in Mbed TLS 3.0. See https://github.com/ARMmbed/mbedtls/issues/4031"
-#endif
-
-#if defined(MBEDTLS_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO) //no-check-names
-#error "MBEDTLS_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO (SSL v2 ClientHello support) was removed in Mbed TLS 3.0. See https://github.com/ARMmbed/mbedtls/issues/4031"
-#endif
-
-#if defined(MBEDTLS_SSL_TRUNCATED_HMAC_COMPAT) //no-check-names
-#error "MBEDTLS_SSL_TRUNCATED_HMAC_COMPAT (compatibility with the buggy implementation of truncated HMAC in Mbed TLS up to 2.7) was removed in Mbed TLS 3.0. See https://github.com/ARMmbed/mbedtls/issues/4031"
-#endif
-
-#if defined(MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_CERTIFICATES) //no-check-names
-#error "MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_CERTIFICATES was removed in Mbed TLS 3.0. See the ChangeLog entry if you really need SHA-1-signed certificates."
-#endif
-
-#if defined(MBEDTLS_ZLIB_SUPPORT) //no-check-names
-#error "MBEDTLS_ZLIB_SUPPORT was removed in Mbed TLS 3.0. See https://github.com/ARMmbed/mbedtls/issues/4031"
-#endif
-
-#if defined(MBEDTLS_CHECK_PARAMS) //no-check-names
-#error "MBEDTLS_CHECK_PARAMS was removed in Mbed TLS 3.0. See https://github.com/ARMmbed/mbedtls/issues/4313"
-#endif
-
-#if defined(MBEDTLS_SSL_CID_PADDING_GRANULARITY) //no-check-names
-#error "MBEDTLS_SSL_CID_PADDING_GRANULARITY was removed in Mbed TLS 3.0. See https://github.com/ARMmbed/mbedtls/issues/4335"
-#endif
-
-#if defined(MBEDTLS_SSL_TLS1_3_PADDING_GRANULARITY) //no-check-names
-#error "MBEDTLS_SSL_TLS1_3_PADDING_GRANULARITY was removed in Mbed TLS 3.0. See https://github.com/ARMmbed/mbedtls/issues/4335"
-#endif
-
-#if defined(MBEDTLS_SSL_TRUNCATED_HMAC) //no-check-names
-#error "MBEDTLS_SSL_TRUNCATED_HMAC was removed in Mbed TLS 3.0. See https://github.com/ARMmbed/mbedtls/issues/4341"
-#endif
-
-/*
- * Avoid warning from -pedantic. This is a convenient place for this
- * workaround since this is included by every single file before the
- * #if defined(MBEDTLS_xxx_C) that results in empty translation units.
- */
-typedef int mbedtls_iso_c_forbids_empty_translation_units;
-
-#endif /* MBEDTLS_CHECK_CONFIG_H */
diff --git a/mbedtls/cipher.h b/mbedtls/cipher.h
deleted file mode 100644
index c04097d..0000000
--- a/mbedtls/cipher.h
+++ /dev/null
@@ -1,1159 +0,0 @@
-/**
- * \file cipher.h
- *
- * \brief This file contains an abstraction interface for use with the cipher
- * primitives provided by the library. It provides a common interface to all of
- * the available cipher operations.
- *
- * \author Adriaan de Jong
- */
-/*
- * Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-#ifndef MBEDTLS_CIPHER_H
-#define MBEDTLS_CIPHER_H
-#include "mbedtls/private_access.h"
-
-#include "mbedtls/build_info.h"
-
-#include
-#include "mbedtls/platform_util.h"
-
-#if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CCM_C) || defined(MBEDTLS_CHACHAPOLY_C)
-#define MBEDTLS_CIPHER_MODE_AEAD
-#endif
-
-#if defined(MBEDTLS_CIPHER_MODE_CBC)
-#define MBEDTLS_CIPHER_MODE_WITH_PADDING
-#endif
-
-#if defined(MBEDTLS_CIPHER_NULL_CIPHER) || \
- defined(MBEDTLS_CHACHA20_C)
-#define MBEDTLS_CIPHER_MODE_STREAM
-#endif
-
-#if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && \
- !defined(inline) && !defined(__cplusplus)
-#define inline __inline
-#endif
-
-/** The selected feature is not available. */
-#define MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE -0x6080
-/** Bad input parameters. */
-#define MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA -0x6100
-/** Failed to allocate memory. */
-#define MBEDTLS_ERR_CIPHER_ALLOC_FAILED -0x6180
-/** Input data contains invalid padding and is rejected. */
-#define MBEDTLS_ERR_CIPHER_INVALID_PADDING -0x6200
-/** Decryption of block requires a full block. */
-#define MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED -0x6280
-/** Authentication failed (for AEAD modes). */
-#define MBEDTLS_ERR_CIPHER_AUTH_FAILED -0x6300
-/** The context is invalid. For example, because it was freed. */
-#define MBEDTLS_ERR_CIPHER_INVALID_CONTEXT -0x6380
-
-#define MBEDTLS_CIPHER_VARIABLE_IV_LEN 0x01 /**< Cipher accepts IVs of variable length. */
-#define MBEDTLS_CIPHER_VARIABLE_KEY_LEN 0x02 /**< Cipher accepts keys of variable length. */
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/**
- * \brief Supported cipher types.
- *
- * \warning DES is considered weak cipher and its use
- * constitutes a security risk. Arm recommends considering stronger
- * ciphers instead.
- */
-typedef enum {
- MBEDTLS_CIPHER_ID_NONE = 0, /**< Placeholder to mark the end of cipher ID lists. */
- MBEDTLS_CIPHER_ID_NULL, /**< The identity cipher, treated as a stream cipher. */
- MBEDTLS_CIPHER_ID_AES, /**< The AES cipher. */
- MBEDTLS_CIPHER_ID_DES, /**< The DES cipher. */
- MBEDTLS_CIPHER_ID_3DES, /**< The Triple DES cipher. */
- MBEDTLS_CIPHER_ID_CAMELLIA, /**< The Camellia cipher. */
- MBEDTLS_CIPHER_ID_ARIA, /**< The Aria cipher. */
- MBEDTLS_CIPHER_ID_CHACHA20, /**< The ChaCha20 cipher. */
-} mbedtls_cipher_id_t;
-
-/**
- * \brief Supported {cipher type, cipher mode} pairs.
- *
- * \warning DES is considered weak cipher and its use
- * constitutes a security risk. Arm recommends considering stronger
- * ciphers instead.
- */
-typedef enum {
- MBEDTLS_CIPHER_NONE = 0, /**< Placeholder to mark the end of cipher-pair lists. */
- MBEDTLS_CIPHER_NULL, /**< The identity stream cipher. */
- MBEDTLS_CIPHER_AES_128_ECB, /**< AES cipher with 128-bit ECB mode. */
- MBEDTLS_CIPHER_AES_192_ECB, /**< AES cipher with 192-bit ECB mode. */
- MBEDTLS_CIPHER_AES_256_ECB, /**< AES cipher with 256-bit ECB mode. */
- MBEDTLS_CIPHER_AES_128_CBC, /**< AES cipher with 128-bit CBC mode. */
- MBEDTLS_CIPHER_AES_192_CBC, /**< AES cipher with 192-bit CBC mode. */
- MBEDTLS_CIPHER_AES_256_CBC, /**< AES cipher with 256-bit CBC mode. */
- MBEDTLS_CIPHER_AES_128_CFB128, /**< AES cipher with 128-bit CFB128 mode. */
- MBEDTLS_CIPHER_AES_192_CFB128, /**< AES cipher with 192-bit CFB128 mode. */
- MBEDTLS_CIPHER_AES_256_CFB128, /**< AES cipher with 256-bit CFB128 mode. */
- MBEDTLS_CIPHER_AES_128_CTR, /**< AES cipher with 128-bit CTR mode. */
- MBEDTLS_CIPHER_AES_192_CTR, /**< AES cipher with 192-bit CTR mode. */
- MBEDTLS_CIPHER_AES_256_CTR, /**< AES cipher with 256-bit CTR mode. */
- MBEDTLS_CIPHER_AES_128_GCM, /**< AES cipher with 128-bit GCM mode. */
- MBEDTLS_CIPHER_AES_192_GCM, /**< AES cipher with 192-bit GCM mode. */
- MBEDTLS_CIPHER_AES_256_GCM, /**< AES cipher with 256-bit GCM mode. */
- MBEDTLS_CIPHER_CAMELLIA_128_ECB, /**< Camellia cipher with 128-bit ECB mode. */
- MBEDTLS_CIPHER_CAMELLIA_192_ECB, /**< Camellia cipher with 192-bit ECB mode. */
- MBEDTLS_CIPHER_CAMELLIA_256_ECB, /**< Camellia cipher with 256-bit ECB mode. */
- MBEDTLS_CIPHER_CAMELLIA_128_CBC, /**< Camellia cipher with 128-bit CBC mode. */
- MBEDTLS_CIPHER_CAMELLIA_192_CBC, /**< Camellia cipher with 192-bit CBC mode. */
- MBEDTLS_CIPHER_CAMELLIA_256_CBC, /**< Camellia cipher with 256-bit CBC mode. */
- MBEDTLS_CIPHER_CAMELLIA_128_CFB128, /**< Camellia cipher with 128-bit CFB128 mode. */
- MBEDTLS_CIPHER_CAMELLIA_192_CFB128, /**< Camellia cipher with 192-bit CFB128 mode. */
- MBEDTLS_CIPHER_CAMELLIA_256_CFB128, /**< Camellia cipher with 256-bit CFB128 mode. */
- MBEDTLS_CIPHER_CAMELLIA_128_CTR, /**< Camellia cipher with 128-bit CTR mode. */
- MBEDTLS_CIPHER_CAMELLIA_192_CTR, /**< Camellia cipher with 192-bit CTR mode. */
- MBEDTLS_CIPHER_CAMELLIA_256_CTR, /**< Camellia cipher with 256-bit CTR mode. */
- MBEDTLS_CIPHER_CAMELLIA_128_GCM, /**< Camellia cipher with 128-bit GCM mode. */
- MBEDTLS_CIPHER_CAMELLIA_192_GCM, /**< Camellia cipher with 192-bit GCM mode. */
- MBEDTLS_CIPHER_CAMELLIA_256_GCM, /**< Camellia cipher with 256-bit GCM mode. */
- MBEDTLS_CIPHER_DES_ECB, /**< DES cipher with ECB mode. */
- MBEDTLS_CIPHER_DES_CBC, /**< DES cipher with CBC mode. */
- MBEDTLS_CIPHER_DES_EDE_ECB, /**< DES cipher with EDE ECB mode. */
- MBEDTLS_CIPHER_DES_EDE_CBC, /**< DES cipher with EDE CBC mode. */
- MBEDTLS_CIPHER_DES_EDE3_ECB, /**< DES cipher with EDE3 ECB mode. */
- MBEDTLS_CIPHER_DES_EDE3_CBC, /**< DES cipher with EDE3 CBC mode. */
- MBEDTLS_CIPHER_AES_128_CCM, /**< AES cipher with 128-bit CCM mode. */
- MBEDTLS_CIPHER_AES_192_CCM, /**< AES cipher with 192-bit CCM mode. */
- MBEDTLS_CIPHER_AES_256_CCM, /**< AES cipher with 256-bit CCM mode. */
- MBEDTLS_CIPHER_AES_128_CCM_STAR_NO_TAG, /**< AES cipher with 128-bit CCM_STAR_NO_TAG mode. */
- MBEDTLS_CIPHER_AES_192_CCM_STAR_NO_TAG, /**< AES cipher with 192-bit CCM_STAR_NO_TAG mode. */
- MBEDTLS_CIPHER_AES_256_CCM_STAR_NO_TAG, /**< AES cipher with 256-bit CCM_STAR_NO_TAG mode. */
- MBEDTLS_CIPHER_CAMELLIA_128_CCM, /**< Camellia cipher with 128-bit CCM mode. */
- MBEDTLS_CIPHER_CAMELLIA_192_CCM, /**< Camellia cipher with 192-bit CCM mode. */
- MBEDTLS_CIPHER_CAMELLIA_256_CCM, /**< Camellia cipher with 256-bit CCM mode. */
- MBEDTLS_CIPHER_CAMELLIA_128_CCM_STAR_NO_TAG, /**< Camellia cipher with 128-bit CCM_STAR_NO_TAG mode. */
- MBEDTLS_CIPHER_CAMELLIA_192_CCM_STAR_NO_TAG, /**< Camellia cipher with 192-bit CCM_STAR_NO_TAG mode. */
- MBEDTLS_CIPHER_CAMELLIA_256_CCM_STAR_NO_TAG, /**< Camellia cipher with 256-bit CCM_STAR_NO_TAG mode. */
- MBEDTLS_CIPHER_ARIA_128_ECB, /**< Aria cipher with 128-bit key and ECB mode. */
- MBEDTLS_CIPHER_ARIA_192_ECB, /**< Aria cipher with 192-bit key and ECB mode. */
- MBEDTLS_CIPHER_ARIA_256_ECB, /**< Aria cipher with 256-bit key and ECB mode. */
- MBEDTLS_CIPHER_ARIA_128_CBC, /**< Aria cipher with 128-bit key and CBC mode. */
- MBEDTLS_CIPHER_ARIA_192_CBC, /**< Aria cipher with 192-bit key and CBC mode. */
- MBEDTLS_CIPHER_ARIA_256_CBC, /**< Aria cipher with 256-bit key and CBC mode. */
- MBEDTLS_CIPHER_ARIA_128_CFB128, /**< Aria cipher with 128-bit key and CFB-128 mode. */
- MBEDTLS_CIPHER_ARIA_192_CFB128, /**< Aria cipher with 192-bit key and CFB-128 mode. */
- MBEDTLS_CIPHER_ARIA_256_CFB128, /**< Aria cipher with 256-bit key and CFB-128 mode. */
- MBEDTLS_CIPHER_ARIA_128_CTR, /**< Aria cipher with 128-bit key and CTR mode. */
- MBEDTLS_CIPHER_ARIA_192_CTR, /**< Aria cipher with 192-bit key and CTR mode. */
- MBEDTLS_CIPHER_ARIA_256_CTR, /**< Aria cipher with 256-bit key and CTR mode. */
- MBEDTLS_CIPHER_ARIA_128_GCM, /**< Aria cipher with 128-bit key and GCM mode. */
- MBEDTLS_CIPHER_ARIA_192_GCM, /**< Aria cipher with 192-bit key and GCM mode. */
- MBEDTLS_CIPHER_ARIA_256_GCM, /**< Aria cipher with 256-bit key and GCM mode. */
- MBEDTLS_CIPHER_ARIA_128_CCM, /**< Aria cipher with 128-bit key and CCM mode. */
- MBEDTLS_CIPHER_ARIA_192_CCM, /**< Aria cipher with 192-bit key and CCM mode. */
- MBEDTLS_CIPHER_ARIA_256_CCM, /**< Aria cipher with 256-bit key and CCM mode. */
- MBEDTLS_CIPHER_ARIA_128_CCM_STAR_NO_TAG, /**< Aria cipher with 128-bit key and CCM_STAR_NO_TAG mode. */
- MBEDTLS_CIPHER_ARIA_192_CCM_STAR_NO_TAG, /**< Aria cipher with 192-bit key and CCM_STAR_NO_TAG mode. */
- MBEDTLS_CIPHER_ARIA_256_CCM_STAR_NO_TAG, /**< Aria cipher with 256-bit key and CCM_STAR_NO_TAG mode. */
- MBEDTLS_CIPHER_AES_128_OFB, /**< AES 128-bit cipher in OFB mode. */
- MBEDTLS_CIPHER_AES_192_OFB, /**< AES 192-bit cipher in OFB mode. */
- MBEDTLS_CIPHER_AES_256_OFB, /**< AES 256-bit cipher in OFB mode. */
- MBEDTLS_CIPHER_AES_128_XTS, /**< AES 128-bit cipher in XTS block mode. */
- MBEDTLS_CIPHER_AES_256_XTS, /**< AES 256-bit cipher in XTS block mode. */
- MBEDTLS_CIPHER_CHACHA20, /**< ChaCha20 stream cipher. */
- MBEDTLS_CIPHER_CHACHA20_POLY1305, /**< ChaCha20-Poly1305 AEAD cipher. */
- MBEDTLS_CIPHER_AES_128_KW, /**< AES cipher with 128-bit NIST KW mode. */
- MBEDTLS_CIPHER_AES_192_KW, /**< AES cipher with 192-bit NIST KW mode. */
- MBEDTLS_CIPHER_AES_256_KW, /**< AES cipher with 256-bit NIST KW mode. */
- MBEDTLS_CIPHER_AES_128_KWP, /**< AES cipher with 128-bit NIST KWP mode. */
- MBEDTLS_CIPHER_AES_192_KWP, /**< AES cipher with 192-bit NIST KWP mode. */
- MBEDTLS_CIPHER_AES_256_KWP, /**< AES cipher with 256-bit NIST KWP mode. */
-} mbedtls_cipher_type_t;
-
-/** Supported cipher modes. */
-typedef enum {
- MBEDTLS_MODE_NONE = 0, /**< None. */
- MBEDTLS_MODE_ECB, /**< The ECB cipher mode. */
- MBEDTLS_MODE_CBC, /**< The CBC cipher mode. */
- MBEDTLS_MODE_CFB, /**< The CFB cipher mode. */
- MBEDTLS_MODE_OFB, /**< The OFB cipher mode. */
- MBEDTLS_MODE_CTR, /**< The CTR cipher mode. */
- MBEDTLS_MODE_GCM, /**< The GCM cipher mode. */
- MBEDTLS_MODE_STREAM, /**< The stream cipher mode. */
- MBEDTLS_MODE_CCM, /**< The CCM cipher mode. */
- MBEDTLS_MODE_CCM_STAR_NO_TAG, /**< The CCM*-no-tag cipher mode. */
- MBEDTLS_MODE_XTS, /**< The XTS cipher mode. */
- MBEDTLS_MODE_CHACHAPOLY, /**< The ChaCha-Poly cipher mode. */
- MBEDTLS_MODE_KW, /**< The SP800-38F KW mode */
- MBEDTLS_MODE_KWP, /**< The SP800-38F KWP mode */
-} mbedtls_cipher_mode_t;
-
-/** Supported cipher padding types. */
-typedef enum {
- MBEDTLS_PADDING_PKCS7 = 0, /**< PKCS7 padding (default). */
- MBEDTLS_PADDING_ONE_AND_ZEROS, /**< ISO/IEC 7816-4 padding. */
- MBEDTLS_PADDING_ZEROS_AND_LEN, /**< ANSI X.923 padding. */
- MBEDTLS_PADDING_ZEROS, /**< Zero padding (not reversible). */
- MBEDTLS_PADDING_NONE, /**< Never pad (full blocks only). */
-} mbedtls_cipher_padding_t;
-
-/** Type of operation. */
-typedef enum {
- MBEDTLS_OPERATION_NONE = -1,
- MBEDTLS_DECRYPT = 0,
- MBEDTLS_ENCRYPT,
-} mbedtls_operation_t;
-
-enum {
- /** Undefined key length. */
- MBEDTLS_KEY_LENGTH_NONE = 0,
- /** Key length, in bits (including parity), for DES keys. */
- MBEDTLS_KEY_LENGTH_DES = 64,
- /** Key length in bits, including parity, for DES in two-key EDE. */
- MBEDTLS_KEY_LENGTH_DES_EDE = 128,
- /** Key length in bits, including parity, for DES in three-key EDE. */
- MBEDTLS_KEY_LENGTH_DES_EDE3 = 192,
-};
-
-/** Maximum length of any IV, in Bytes. */
-/* This should ideally be derived automatically from list of ciphers.
- * This should be kept in sync with MBEDTLS_SSL_MAX_IV_LENGTH defined
- * in library/ssl_misc.h. */
-#define MBEDTLS_MAX_IV_LENGTH 16
-
-/** Maximum block size of any cipher, in Bytes. */
-/* This should ideally be derived automatically from list of ciphers.
- * This should be kept in sync with MBEDTLS_SSL_MAX_BLOCK_LENGTH defined
- * in library/ssl_misc.h. */
-#define MBEDTLS_MAX_BLOCK_LENGTH 16
-
-/** Maximum key length, in Bytes. */
-/* This should ideally be derived automatically from list of ciphers.
- * For now, only check whether XTS is enabled which uses 64 Byte keys,
- * and use 32 Bytes as an upper bound for the maximum key length otherwise.
- * This should be kept in sync with MBEDTLS_SSL_MAX_BLOCK_LENGTH defined
- * in library/ssl_misc.h, which however deliberately ignores the case of XTS
- * since the latter isn't used in SSL/TLS. */
-#if defined(MBEDTLS_CIPHER_MODE_XTS)
-#define MBEDTLS_MAX_KEY_LENGTH 64
-#else
-#define MBEDTLS_MAX_KEY_LENGTH 32
-#endif /* MBEDTLS_CIPHER_MODE_XTS */
-
-/**
- * Base cipher information (opaque struct).
- */
-typedef struct mbedtls_cipher_base_t mbedtls_cipher_base_t;
-
-/**
- * CMAC context (opaque struct).
- */
-typedef struct mbedtls_cmac_context_t mbedtls_cmac_context_t;
-
-/**
- * Cipher information. Allows calling cipher functions
- * in a generic way.
- *
- * \note The library does not support custom cipher info structures,
- * only built-in structures returned by the functions
- * mbedtls_cipher_info_from_string(),
- * mbedtls_cipher_info_from_type(),
- * mbedtls_cipher_info_from_values(),
- * mbedtls_cipher_info_from_psa().
- */
-typedef struct mbedtls_cipher_info_t
-{
- /** Full cipher identifier. For example,
- * MBEDTLS_CIPHER_AES_256_CBC.
- */
- mbedtls_cipher_type_t MBEDTLS_PRIVATE(type);
-
- /** The cipher mode. For example, MBEDTLS_MODE_CBC. */
- mbedtls_cipher_mode_t MBEDTLS_PRIVATE(mode);
-
- /** The cipher key length, in bits. This is the
- * default length for variable sized ciphers.
- * Includes parity bits for ciphers like DES.
- */
- unsigned int MBEDTLS_PRIVATE(key_bitlen);
-
- /** Name of the cipher. */
- const char * MBEDTLS_PRIVATE(name);
-
- /** IV or nonce size, in Bytes.
- * For ciphers that accept variable IV sizes,
- * this is the recommended size.
- */
- unsigned int MBEDTLS_PRIVATE(iv_size);
-
- /** Bitflag comprised of MBEDTLS_CIPHER_VARIABLE_IV_LEN and
- * MBEDTLS_CIPHER_VARIABLE_KEY_LEN indicating whether the
- * cipher supports variable IV or variable key sizes, respectively.
- */
- int MBEDTLS_PRIVATE(flags);
-
- /** The block size, in Bytes. */
- unsigned int MBEDTLS_PRIVATE(block_size);
-
- /** Struct for base cipher information and functions. */
- const mbedtls_cipher_base_t *MBEDTLS_PRIVATE(base);
-
-} mbedtls_cipher_info_t;
-
-/**
- * Generic cipher context.
- */
-typedef struct mbedtls_cipher_context_t
-{
- /** Information about the associated cipher. */
- const mbedtls_cipher_info_t *MBEDTLS_PRIVATE(cipher_info);
-
- /** Key length to use. */
- int MBEDTLS_PRIVATE(key_bitlen);
-
- /** Operation that the key of the context has been
- * initialized for.
- */
- mbedtls_operation_t MBEDTLS_PRIVATE(operation);
-
-#if defined(MBEDTLS_CIPHER_MODE_WITH_PADDING)
- /** Padding functions to use, if relevant for
- * the specific cipher mode.
- */
- void (*MBEDTLS_PRIVATE(add_padding))( unsigned char *output, size_t olen, size_t data_len );
- int (*MBEDTLS_PRIVATE(get_padding))( unsigned char *input, size_t ilen, size_t *data_len );
-#endif
-
- /** Buffer for input that has not been processed yet. */
- unsigned char MBEDTLS_PRIVATE(unprocessed_data)[MBEDTLS_MAX_BLOCK_LENGTH];
-
- /** Number of Bytes that have not been processed yet. */
- size_t MBEDTLS_PRIVATE(unprocessed_len);
-
- /** Current IV or NONCE_COUNTER for CTR-mode, data unit (or sector) number
- * for XTS-mode. */
- unsigned char MBEDTLS_PRIVATE(iv)[MBEDTLS_MAX_IV_LENGTH];
-
- /** IV size in Bytes, for ciphers with variable-length IVs. */
- size_t MBEDTLS_PRIVATE(iv_size);
-
- /** The cipher-specific context. */
- void *MBEDTLS_PRIVATE(cipher_ctx);
-
-#if defined(MBEDTLS_CMAC_C)
- /** CMAC-specific context. */
- mbedtls_cmac_context_t *MBEDTLS_PRIVATE(cmac_ctx);
-#endif
-
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
- /** Indicates whether the cipher operations should be performed
- * by Mbed TLS' own crypto library or an external implementation
- * of the PSA Crypto API.
- * This is unset if the cipher context was established through
- * mbedtls_cipher_setup(), and set if it was established through
- * mbedtls_cipher_setup_psa().
- */
- unsigned char MBEDTLS_PRIVATE(psa_enabled);
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
-
-} mbedtls_cipher_context_t;
-
-/**
- * \brief This function retrieves the list of ciphers supported
- * by the generic cipher module.
- *
- * For any cipher identifier in the returned list, you can
- * obtain the corresponding generic cipher information structure
- * via mbedtls_cipher_info_from_type(), which can then be used
- * to prepare a cipher context via mbedtls_cipher_setup().
- *
- *
- * \return A statically-allocated array of cipher identifiers
- * of type cipher_type_t. The last entry is zero.
- */
-const int *mbedtls_cipher_list( void );
-
-/**
- * \brief This function retrieves the cipher-information
- * structure associated with the given cipher name.
- *
- * \param cipher_name Name of the cipher to search for. This must not be
- * \c NULL.
- *
- * \return The cipher information structure associated with the
- * given \p cipher_name.
- * \return \c NULL if the associated cipher information is not found.
- */
-const mbedtls_cipher_info_t *mbedtls_cipher_info_from_string( const char *cipher_name );
-
-/**
- * \brief This function retrieves the cipher-information
- * structure associated with the given cipher type.
- *
- * \param cipher_type Type of the cipher to search for.
- *
- * \return The cipher information structure associated with the
- * given \p cipher_type.
- * \return \c NULL if the associated cipher information is not found.
- */
-const mbedtls_cipher_info_t *mbedtls_cipher_info_from_type( const mbedtls_cipher_type_t cipher_type );
-
-/**
- * \brief This function retrieves the cipher-information
- * structure associated with the given cipher ID,
- * key size and mode.
- *
- * \param cipher_id The ID of the cipher to search for. For example,
- * #MBEDTLS_CIPHER_ID_AES.
- * \param key_bitlen The length of the key in bits.
- * \param mode The cipher mode. For example, #MBEDTLS_MODE_CBC.
- *
- * \return The cipher information structure associated with the
- * given \p cipher_id.
- * \return \c NULL if the associated cipher information is not found.
- */
-const mbedtls_cipher_info_t *mbedtls_cipher_info_from_values( const mbedtls_cipher_id_t cipher_id,
- int key_bitlen,
- const mbedtls_cipher_mode_t mode );
-
-/**
- * \brief Retrieve the identifier for a cipher info structure.
- *
- * \param[in] info The cipher info structure to query.
- * This may be \c NULL.
- *
- * \return The full cipher identifier (\c MBEDTLS_CIPHER_xxx).
- * \return #MBEDTLS_CIPHER_NONE if \p info is \c NULL.
- */
-static inline mbedtls_cipher_type_t mbedtls_cipher_info_get_type(
- const mbedtls_cipher_info_t *info )
-{
- if( info == NULL )
- return( MBEDTLS_CIPHER_NONE );
- else
- return( info->MBEDTLS_PRIVATE(type) );
-}
-
-/**
- * \brief Retrieve the operation mode for a cipher info structure.
- *
- * \param[in] info The cipher info structure to query.
- * This may be \c NULL.
- *
- * \return The cipher mode (\c MBEDTLS_MODE_xxx).
- * \return #MBEDTLS_MODE_NONE if \p info is \c NULL.
- */
-static inline mbedtls_cipher_mode_t mbedtls_cipher_info_get_mode(
- const mbedtls_cipher_info_t *info )
-{
- if( info == NULL )
- return( MBEDTLS_MODE_NONE );
- else
- return( info->MBEDTLS_PRIVATE(mode) );
-}
-
-/**
- * \brief Retrieve the key size for a cipher info structure.
- *
- * \param[in] info The cipher info structure to query.
- * This may be \c NULL.
- *
- * \return The key length in bits.
- * For variable-sized ciphers, this is the default length.
- * For DES, this includes the parity bits.
- * \return \c 0 if \p info is \c NULL.
- */
-static inline size_t mbedtls_cipher_info_get_key_bitlen(
- const mbedtls_cipher_info_t *info )
-{
- if( info == NULL )
- return( 0 );
- else
- return( info->MBEDTLS_PRIVATE(key_bitlen) );
-}
-
-/**
- * \brief Retrieve the human-readable name for a
- * cipher info structure.
- *
- * \param[in] info The cipher info structure to query.
- * This may be \c NULL.
- *
- * \return The cipher name, which is a human readable string,
- * with static storage duration.
- * \return \c NULL if \c info is \p NULL.
- */
-static inline const char *mbedtls_cipher_info_get_name(
- const mbedtls_cipher_info_t *info )
-{
- if( info == NULL )
- return( NULL );
- else
- return( info->MBEDTLS_PRIVATE(name) );
-}
-
-/**
- * \brief This function returns the size of the IV or nonce
- * for the cipher info structure, in bytes.
- *
- * \param info The cipher info structure. This may be \c NULL.
- *
- * \return The recommended IV size.
- * \return \c 0 for ciphers not using an IV or a nonce.
- * \return \c 0 if \p info is \c NULL.
- */
-static inline size_t mbedtls_cipher_info_get_iv_size(
- const mbedtls_cipher_info_t *info )
-{
- if( info == NULL )
- return( 0 );
-
- return( (size_t) info->MBEDTLS_PRIVATE(iv_size) );
-}
-
-/**
- * \brief This function returns the block size of the given
- * cipher info structure in bytes.
- *
- * \param info The cipher info structure. This may be \c NULL.
- *
- * \return The block size of the cipher.
- * \return \c 1 if the cipher is a stream cipher.
- * \return \c 0 if \p info is \c NULL.
- */
-static inline size_t mbedtls_cipher_info_get_block_size(
- const mbedtls_cipher_info_t *info )
-{
- if( info == NULL )
- return( 0 );
-
- return( (size_t) info->MBEDTLS_PRIVATE(block_size) );
-}
-
-/**
- * \brief This function returns a non-zero value if the key length for
- * the given cipher is variable.
- *
- * \param info The cipher info structure. This may be \c NULL.
- *
- * \return Non-zero if the key length is variable, \c 0 otherwise.
- * \return \c 0 if the given pointer is \c NULL.
- */
-static inline int mbedtls_cipher_info_has_variable_key_bitlen(
- const mbedtls_cipher_info_t *info )
-{
- if( info == NULL )
- return( 0 );
-
- return( info->MBEDTLS_PRIVATE(flags) & MBEDTLS_CIPHER_VARIABLE_KEY_LEN );
-}
-
-/**
- * \brief This function returns a non-zero value if the IV size for
- * the given cipher is variable.
- *
- * \param info The cipher info structure. This may be \c NULL.
- *
- * \return Non-zero if the IV size is variable, \c 0 otherwise.
- * \return \c 0 if the given pointer is \c NULL.
- */
-static inline int mbedtls_cipher_info_has_variable_iv_size(
- const mbedtls_cipher_info_t *info )
-{
- if( info == NULL )
- return( 0 );
-
- return( info->MBEDTLS_PRIVATE(flags) & MBEDTLS_CIPHER_VARIABLE_IV_LEN );
-}
-
-/**
- * \brief This function initializes a \p cipher_context as NONE.
- *
- * \param ctx The context to be initialized. This must not be \c NULL.
- */
-void mbedtls_cipher_init( mbedtls_cipher_context_t *ctx );
-
-/**
- * \brief This function frees and clears the cipher-specific
- * context of \p ctx. Freeing \p ctx itself remains the
- * responsibility of the caller.
- *
- * \param ctx The context to be freed. If this is \c NULL, the
- * function has no effect, otherwise this must point to an
- * initialized context.
- */
-void mbedtls_cipher_free( mbedtls_cipher_context_t *ctx );
-
-
-/**
- * \brief This function prepares a cipher context for
- * use with the given cipher primitive.
- *
- * \note After calling this function, you should call
- * mbedtls_cipher_setkey() and, if the mode uses padding,
- * mbedtls_cipher_set_padding_mode(), then for each
- * message to encrypt or decrypt with this key, either:
- * - mbedtls_cipher_crypt() for one-shot processing with
- * non-AEAD modes;
- * - mbedtls_cipher_auth_encrypt_ext() or
- * mbedtls_cipher_auth_decrypt_ext() for one-shot
- * processing with AEAD modes or NIST_KW;
- * - for multi-part processing, see the documentation of
- * mbedtls_cipher_reset().
- *
- * \param ctx The context to prepare. This must be initialized by
- * a call to mbedtls_cipher_init() first.
- * \param cipher_info The cipher to use.
- *
- * \return \c 0 on success.
- * \return #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA on
- * parameter-verification failure.
- * \return #MBEDTLS_ERR_CIPHER_ALLOC_FAILED if allocation of the
- * cipher-specific context fails.
- */
-int mbedtls_cipher_setup( mbedtls_cipher_context_t *ctx,
- const mbedtls_cipher_info_t *cipher_info );
-
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
-/**
- * \brief This function initializes a cipher context for
- * PSA-based use with the given cipher primitive.
- *
- * \note See #MBEDTLS_USE_PSA_CRYPTO for information on PSA.
- *
- * \param ctx The context to initialize. May not be \c NULL.
- * \param cipher_info The cipher to use.
- * \param taglen For AEAD ciphers, the length in bytes of the
- * authentication tag to use. Subsequent uses of
- * mbedtls_cipher_auth_encrypt_ext() or
- * mbedtls_cipher_auth_decrypt_ext() must provide
- * the same tag length.
- * For non-AEAD ciphers, the value must be \c 0.
- *
- * \return \c 0 on success.
- * \return #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA on
- * parameter-verification failure.
- * \return #MBEDTLS_ERR_CIPHER_ALLOC_FAILED if allocation of the
- * cipher-specific context fails.
- */
-int mbedtls_cipher_setup_psa( mbedtls_cipher_context_t *ctx,
- const mbedtls_cipher_info_t *cipher_info,
- size_t taglen );
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
-
-/**
- * \brief This function returns the block size of the given cipher
- * in bytes.
- *
- * \param ctx The context of the cipher.
- *
- * \return The block size of the underlying cipher.
- * \return \c 1 if the cipher is a stream cipher.
- * \return \c 0 if \p ctx has not been initialized.
- */
-static inline unsigned int mbedtls_cipher_get_block_size(
- const mbedtls_cipher_context_t *ctx )
-{
- MBEDTLS_INTERNAL_VALIDATE_RET( ctx != NULL, 0 );
- if( ctx->MBEDTLS_PRIVATE(cipher_info) == NULL )
- return 0;
-
- return ctx->MBEDTLS_PRIVATE(cipher_info)->MBEDTLS_PRIVATE(block_size);
-}
-
-/**
- * \brief This function returns the mode of operation for
- * the cipher. For example, MBEDTLS_MODE_CBC.
- *
- * \param ctx The context of the cipher. This must be initialized.
- *
- * \return The mode of operation.
- * \return #MBEDTLS_MODE_NONE if \p ctx has not been initialized.
- */
-static inline mbedtls_cipher_mode_t mbedtls_cipher_get_cipher_mode(
- const mbedtls_cipher_context_t *ctx )
-{
- MBEDTLS_INTERNAL_VALIDATE_RET( ctx != NULL, MBEDTLS_MODE_NONE );
- if( ctx->MBEDTLS_PRIVATE(cipher_info) == NULL )
- return MBEDTLS_MODE_NONE;
-
- return ctx->MBEDTLS_PRIVATE(cipher_info)->MBEDTLS_PRIVATE(mode);
-}
-
-/**
- * \brief This function returns the size of the IV or nonce
- * of the cipher, in Bytes.
- *
- * \param ctx The context of the cipher. This must be initialized.
- *
- * \return The recommended IV size if no IV has been set.
- * \return \c 0 for ciphers not using an IV or a nonce.
- * \return The actual size if an IV has been set.
- */
-static inline int mbedtls_cipher_get_iv_size(
- const mbedtls_cipher_context_t *ctx )
-{
- MBEDTLS_INTERNAL_VALIDATE_RET( ctx != NULL, 0 );
- if( ctx->MBEDTLS_PRIVATE(cipher_info) == NULL )
- return 0;
-
- if( ctx->MBEDTLS_PRIVATE(iv_size) != 0 )
- return (int) ctx->MBEDTLS_PRIVATE(iv_size);
-
- return (int) ctx->MBEDTLS_PRIVATE(cipher_info)->MBEDTLS_PRIVATE(iv_size);
-}
-
-/**
- * \brief This function returns the type of the given cipher.
- *
- * \param ctx The context of the cipher. This must be initialized.
- *
- * \return The type of the cipher.
- * \return #MBEDTLS_CIPHER_NONE if \p ctx has not been initialized.
- */
-static inline mbedtls_cipher_type_t mbedtls_cipher_get_type(
- const mbedtls_cipher_context_t *ctx )
-{
- MBEDTLS_INTERNAL_VALIDATE_RET(
- ctx != NULL, MBEDTLS_CIPHER_NONE );
- if( ctx->MBEDTLS_PRIVATE(cipher_info) == NULL )
- return MBEDTLS_CIPHER_NONE;
-
- return ctx->MBEDTLS_PRIVATE(cipher_info)->MBEDTLS_PRIVATE(type);
-}
-
-/**
- * \brief This function returns the name of the given cipher
- * as a string.
- *
- * \param ctx The context of the cipher. This must be initialized.
- *
- * \return The name of the cipher.
- * \return NULL if \p ctx has not been not initialized.
- */
-static inline const char *mbedtls_cipher_get_name(
- const mbedtls_cipher_context_t *ctx )
-{
- MBEDTLS_INTERNAL_VALIDATE_RET( ctx != NULL, 0 );
- if( ctx->MBEDTLS_PRIVATE(cipher_info) == NULL )
- return 0;
-
- return ctx->MBEDTLS_PRIVATE(cipher_info)->MBEDTLS_PRIVATE(name);
-}
-
-/**
- * \brief This function returns the key length of the cipher.
- *
- * \param ctx The context of the cipher. This must be initialized.
- *
- * \return The key length of the cipher in bits.
- * \return #MBEDTLS_KEY_LENGTH_NONE if ctx \p has not been
- * initialized.
- */
-static inline int mbedtls_cipher_get_key_bitlen(
- const mbedtls_cipher_context_t *ctx )
-{
- MBEDTLS_INTERNAL_VALIDATE_RET(
- ctx != NULL, MBEDTLS_KEY_LENGTH_NONE );
- if( ctx->MBEDTLS_PRIVATE(cipher_info) == NULL )
- return MBEDTLS_KEY_LENGTH_NONE;
-
- return (int) ctx->MBEDTLS_PRIVATE(cipher_info)->MBEDTLS_PRIVATE(key_bitlen);
-}
-
-/**
- * \brief This function returns the operation of the given cipher.
- *
- * \param ctx The context of the cipher. This must be initialized.
- *
- * \return The type of operation: #MBEDTLS_ENCRYPT or #MBEDTLS_DECRYPT.
- * \return #MBEDTLS_OPERATION_NONE if \p ctx has not been initialized.
- */
-static inline mbedtls_operation_t mbedtls_cipher_get_operation(
- const mbedtls_cipher_context_t *ctx )
-{
- MBEDTLS_INTERNAL_VALIDATE_RET(
- ctx != NULL, MBEDTLS_OPERATION_NONE );
- if( ctx->MBEDTLS_PRIVATE(cipher_info) == NULL )
- return MBEDTLS_OPERATION_NONE;
-
- return ctx->MBEDTLS_PRIVATE(operation);
-}
-
-/**
- * \brief This function sets the key to use with the given context.
- *
- * \param ctx The generic cipher context. This must be initialized and
- * bound to a cipher information structure.
- * \param key The key to use. This must be a readable buffer of at
- * least \p key_bitlen Bits.
- * \param key_bitlen The key length to use, in Bits.
- * \param operation The operation that the key will be used for:
- * #MBEDTLS_ENCRYPT or #MBEDTLS_DECRYPT.
- *
- * \return \c 0 on success.
- * \return #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA on
- * parameter-verification failure.
- * \return A cipher-specific error code on failure.
- */
-int mbedtls_cipher_setkey( mbedtls_cipher_context_t *ctx,
- const unsigned char *key,
- int key_bitlen,
- const mbedtls_operation_t operation );
-
-#if defined(MBEDTLS_CIPHER_MODE_WITH_PADDING)
-/**
- * \brief This function sets the padding mode, for cipher modes
- * that use padding.
- *
- * The default passing mode is PKCS7 padding.
- *
- * \param ctx The generic cipher context. This must be initialized and
- * bound to a cipher information structure.
- * \param mode The padding mode.
- *
- * \return \c 0 on success.
- * \return #MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE
- * if the selected padding mode is not supported.
- * \return #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA if the cipher mode
- * does not support padding.
- */
-int mbedtls_cipher_set_padding_mode( mbedtls_cipher_context_t *ctx,
- mbedtls_cipher_padding_t mode );
-#endif /* MBEDTLS_CIPHER_MODE_WITH_PADDING */
-
-/**
- * \brief This function sets the initialization vector (IV)
- * or nonce.
- *
- * \note Some ciphers do not use IVs nor nonce. For these
- * ciphers, this function has no effect.
- *
- * \param ctx The generic cipher context. This must be initialized and
- * bound to a cipher information structure.
- * \param iv The IV to use, or NONCE_COUNTER for CTR-mode ciphers. This
- * must be a readable buffer of at least \p iv_len Bytes.
- * \param iv_len The IV length for ciphers with variable-size IV.
- * This parameter is discarded by ciphers with fixed-size IV.
- *
- * \return \c 0 on success.
- * \return #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA on
- * parameter-verification failure.
- */
-int mbedtls_cipher_set_iv( mbedtls_cipher_context_t *ctx,
- const unsigned char *iv,
- size_t iv_len );
-
-/**
- * \brief This function resets the cipher state.
- *
- * \note With non-AEAD ciphers, the order of calls for each message
- * is as follows:
- * 1. mbedtls_cipher_set_iv() if the mode uses an IV/nonce.
- * 2. mbedtls_cipher_reset()
- * 3. mbedtls_cipher_update() one or more times
- * 4. mbedtls_cipher_finish()
- * .
- * This sequence can be repeated to encrypt or decrypt multiple
- * messages with the same key.
- *
- * \note With AEAD ciphers, the order of calls for each message
- * is as follows:
- * 1. mbedtls_cipher_set_iv() if the mode uses an IV/nonce.
- * 2. mbedtls_cipher_reset()
- * 3. mbedtls_cipher_update_ad()
- * 4. mbedtls_cipher_update() one or more times
- * 5. mbedtls_cipher_finish()
- * 6. mbedtls_cipher_check_tag() (for decryption) or
- * mbedtls_cipher_write_tag() (for encryption).
- * .
- * This sequence can be repeated to encrypt or decrypt multiple
- * messages with the same key.
- *
- * \param ctx The generic cipher context. This must be bound to a key.
- *
- * \return \c 0 on success.
- * \return #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA on
- * parameter-verification failure.
- */
-int mbedtls_cipher_reset( mbedtls_cipher_context_t *ctx );
-
-#if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CHACHAPOLY_C)
-/**
- * \brief This function adds additional data for AEAD ciphers.
- * Currently supported with GCM and ChaCha20+Poly1305.
- *
- * \param ctx The generic cipher context. This must be initialized.
- * \param ad The additional data to use. This must be a readable
- * buffer of at least \p ad_len Bytes.
- * \param ad_len The length of \p ad in Bytes.
- *
- * \return \c 0 on success.
- * \return A specific error code on failure.
- */
-int mbedtls_cipher_update_ad( mbedtls_cipher_context_t *ctx,
- const unsigned char *ad, size_t ad_len );
-#endif /* MBEDTLS_GCM_C || MBEDTLS_CHACHAPOLY_C */
-
-/**
- * \brief The generic cipher update function. It encrypts or
- * decrypts using the given cipher context. Writes as
- * many block-sized blocks of data as possible to output.
- * Any data that cannot be written immediately is either
- * added to the next block, or flushed when
- * mbedtls_cipher_finish() is called.
- * Exception: For MBEDTLS_MODE_ECB, expects a single block
- * in size. For example, 16 Bytes for AES.
- *
- * \param ctx The generic cipher context. This must be initialized and
- * bound to a key.
- * \param input The buffer holding the input data. This must be a
- * readable buffer of at least \p ilen Bytes.
- * \param ilen The length of the input data.
- * \param output The buffer for the output data. This must be able to
- * hold at least `ilen + block_size`. This must not be the
- * same buffer as \p input.
- * \param olen The length of the output data, to be updated with the
- * actual number of Bytes written. This must not be
- * \c NULL.
- *
- * \return \c 0 on success.
- * \return #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA on
- * parameter-verification failure.
- * \return #MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE on an
- * unsupported mode for a cipher.
- * \return A cipher-specific error code on failure.
- */
-int mbedtls_cipher_update( mbedtls_cipher_context_t *ctx,
- const unsigned char *input,
- size_t ilen, unsigned char *output,
- size_t *olen );
-
-/**
- * \brief The generic cipher finalization function. If data still
- * needs to be flushed from an incomplete block, the data
- * contained in it is padded to the size of
- * the last block, and written to the \p output buffer.
- *
- * \param ctx The generic cipher context. This must be initialized and
- * bound to a key.
- * \param output The buffer to write data to. This needs to be a writable
- * buffer of at least \p block_size Bytes.
- * \param olen The length of the data written to the \p output buffer.
- * This may not be \c NULL.
- *
- * \return \c 0 on success.
- * \return #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA on
- * parameter-verification failure.
- * \return #MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED on decryption
- * expecting a full block but not receiving one.
- * \return #MBEDTLS_ERR_CIPHER_INVALID_PADDING on invalid padding
- * while decrypting.
- * \return A cipher-specific error code on failure.
- */
-int mbedtls_cipher_finish( mbedtls_cipher_context_t *ctx,
- unsigned char *output, size_t *olen );
-
-#if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CHACHAPOLY_C)
-/**
- * \brief This function writes a tag for AEAD ciphers.
- * Currently supported with GCM and ChaCha20+Poly1305.
- * This must be called after mbedtls_cipher_finish().
- *
- * \param ctx The generic cipher context. This must be initialized,
- * bound to a key, and have just completed a cipher
- * operation through mbedtls_cipher_finish() the tag for
- * which should be written.
- * \param tag The buffer to write the tag to. This must be a writable
- * buffer of at least \p tag_len Bytes.
- * \param tag_len The length of the tag to write.
- *
- * \return \c 0 on success.
- * \return A specific error code on failure.
- */
-int mbedtls_cipher_write_tag( mbedtls_cipher_context_t *ctx,
- unsigned char *tag, size_t tag_len );
-
-/**
- * \brief This function checks the tag for AEAD ciphers.
- * Currently supported with GCM and ChaCha20+Poly1305.
- * This must be called after mbedtls_cipher_finish().
- *
- * \param ctx The generic cipher context. This must be initialized.
- * \param tag The buffer holding the tag. This must be a readable
- * buffer of at least \p tag_len Bytes.
- * \param tag_len The length of the tag to check.
- *
- * \return \c 0 on success.
- * \return A specific error code on failure.
- */
-int mbedtls_cipher_check_tag( mbedtls_cipher_context_t *ctx,
- const unsigned char *tag, size_t tag_len );
-#endif /* MBEDTLS_GCM_C || MBEDTLS_CHACHAPOLY_C */
-
-/**
- * \brief The generic all-in-one encryption/decryption function,
- * for all ciphers except AEAD constructs.
- *
- * \param ctx The generic cipher context. This must be initialized.
- * \param iv The IV to use, or NONCE_COUNTER for CTR-mode ciphers.
- * This must be a readable buffer of at least \p iv_len
- * Bytes.
- * \param iv_len The IV length for ciphers with variable-size IV.
- * This parameter is discarded by ciphers with fixed-size
- * IV.
- * \param input The buffer holding the input data. This must be a
- * readable buffer of at least \p ilen Bytes.
- * \param ilen The length of the input data in Bytes.
- * \param output The buffer for the output data. This must be able to
- * hold at least `ilen + block_size`. This must not be the
- * same buffer as \p input.
- * \param olen The length of the output data, to be updated with the
- * actual number of Bytes written. This must not be
- * \c NULL.
- *
- * \note Some ciphers do not use IVs nor nonce. For these
- * ciphers, use \p iv = NULL and \p iv_len = 0.
- *
- * \return \c 0 on success.
- * \return #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA on
- * parameter-verification failure.
- * \return #MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED on decryption
- * expecting a full block but not receiving one.
- * \return #MBEDTLS_ERR_CIPHER_INVALID_PADDING on invalid padding
- * while decrypting.
- * \return A cipher-specific error code on failure.
- */
-int mbedtls_cipher_crypt( mbedtls_cipher_context_t *ctx,
- const unsigned char *iv, size_t iv_len,
- const unsigned char *input, size_t ilen,
- unsigned char *output, size_t *olen );
-
-#if defined(MBEDTLS_CIPHER_MODE_AEAD) || defined(MBEDTLS_NIST_KW_C)
-/**
- * \brief The authenticated encryption (AEAD/NIST_KW) function.
- *
- * \note For AEAD modes, the tag will be appended to the
- * ciphertext, as recommended by RFC 5116.
- * (NIST_KW doesn't have a separate tag.)
- *
- * \param ctx The generic cipher context. This must be initialized and
- * bound to a key, with an AEAD algorithm or NIST_KW.
- * \param iv The nonce to use. This must be a readable buffer of
- * at least \p iv_len Bytes and may be \c NULL if \p
- * iv_len is \c 0.
- * \param iv_len The length of the nonce. For AEAD ciphers, this must
- * satisfy the constraints imposed by the cipher used.
- * For NIST_KW, this must be \c 0.
- * \param ad The additional data to authenticate. This must be a
- * readable buffer of at least \p ad_len Bytes, and may
- * be \c NULL is \p ad_len is \c 0.
- * \param ad_len The length of \p ad. For NIST_KW, this must be \c 0.
- * \param input The buffer holding the input data. This must be a
- * readable buffer of at least \p ilen Bytes, and may be
- * \c NULL if \p ilen is \c 0.
- * \param ilen The length of the input data.
- * \param output The buffer for the output data. This must be a
- * writable buffer of at least \p output_len Bytes, and
- * must not be \c NULL.
- * \param output_len The length of the \p output buffer in Bytes. For AEAD
- * ciphers, this must be at least \p ilen + \p tag_len.
- * For NIST_KW, this must be at least \p ilen + 8
- * (rounded up to a multiple of 8 if KWP is used);
- * \p ilen + 15 is always a safe value.
- * \param olen This will be filled with the actual number of Bytes
- * written to the \p output buffer. This must point to a
- * writable object of type \c size_t.
- * \param tag_len The desired length of the authentication tag. For AEAD
- * ciphers, this must match the constraints imposed by
- * the cipher used, and in particular must not be \c 0.
- * For NIST_KW, this must be \c 0.
- *
- * \return \c 0 on success.
- * \return #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA on
- * parameter-verification failure.
- * \return A cipher-specific error code on failure.
- */
-int mbedtls_cipher_auth_encrypt_ext( mbedtls_cipher_context_t *ctx,
- const unsigned char *iv, size_t iv_len,
- const unsigned char *ad, size_t ad_len,
- const unsigned char *input, size_t ilen,
- unsigned char *output, size_t output_len,
- size_t *olen, size_t tag_len );
-
-/**
- * \brief The authenticated encryption (AEAD/NIST_KW) function.
- *
- * \note If the data is not authentic, then the output buffer
- * is zeroed out to prevent the unauthentic plaintext being
- * used, making this interface safer.
- *
- * \note For AEAD modes, the tag must be appended to the
- * ciphertext, as recommended by RFC 5116.
- * (NIST_KW doesn't have a separate tag.)
- *
- * \param ctx The generic cipher context. This must be initialized and
- * bound to a key, with an AEAD algorithm or NIST_KW.
- * \param iv The nonce to use. This must be a readable buffer of
- * at least \p iv_len Bytes and may be \c NULL if \p
- * iv_len is \c 0.
- * \param iv_len The length of the nonce. For AEAD ciphers, this must
- * satisfy the constraints imposed by the cipher used.
- * For NIST_KW, this must be \c 0.
- * \param ad The additional data to authenticate. This must be a
- * readable buffer of at least \p ad_len Bytes, and may
- * be \c NULL is \p ad_len is \c 0.
- * \param ad_len The length of \p ad. For NIST_KW, this must be \c 0.
- * \param input The buffer holding the input data. This must be a
- * readable buffer of at least \p ilen Bytes, and may be
- * \c NULL if \p ilen is \c 0.
- * \param ilen The length of the input data. For AEAD ciphers this
- * must be at least \p tag_len. For NIST_KW this must be
- * at least \c 8.
- * \param output The buffer for the output data. This must be a
- * writable buffer of at least \p output_len Bytes, and
- * may be \c NULL if \p output_len is \c 0.
- * \param output_len The length of the \p output buffer in Bytes. For AEAD
- * ciphers, this must be at least \p ilen - \p tag_len.
- * For NIST_KW, this must be at least \p ilen - 8.
- * \param olen This will be filled with the actual number of Bytes
- * written to the \p output buffer. This must point to a
- * writable object of type \c size_t.
- * \param tag_len The actual length of the authentication tag. For AEAD
- * ciphers, this must match the constraints imposed by
- * the cipher used, and in particular must not be \c 0.
- * For NIST_KW, this must be \c 0.
- *
- * \return \c 0 on success.
- * \return #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA on
- * parameter-verification failure.
- * \return #MBEDTLS_ERR_CIPHER_AUTH_FAILED if data is not authentic.
- * \return A cipher-specific error code on failure.
- */
-int mbedtls_cipher_auth_decrypt_ext( mbedtls_cipher_context_t *ctx,
- const unsigned char *iv, size_t iv_len,
- const unsigned char *ad, size_t ad_len,
- const unsigned char *input, size_t ilen,
- unsigned char *output, size_t output_len,
- size_t *olen, size_t tag_len );
-#endif /* MBEDTLS_CIPHER_MODE_AEAD || MBEDTLS_NIST_KW_C */
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* MBEDTLS_CIPHER_H */
diff --git a/mbedtls/cmac.h b/mbedtls/cmac.h
deleted file mode 100644
index 21ce882..0000000
--- a/mbedtls/cmac.h
+++ /dev/null
@@ -1,240 +0,0 @@
-/**
- * \file cmac.h
- *
- * \brief This file contains CMAC definitions and functions.
- *
- * The Cipher-based Message Authentication Code (CMAC) Mode for
- * Authentication is defined in RFC-4493: The AES-CMAC Algorithm.
- */
-/*
- * Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-#ifndef MBEDTLS_CMAC_H
-#define MBEDTLS_CMAC_H
-#include "mbedtls/private_access.h"
-
-#include "mbedtls/build_info.h"
-
-#include "mbedtls/cipher.h"
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-#define MBEDTLS_AES_BLOCK_SIZE 16
-#define MBEDTLS_DES3_BLOCK_SIZE 8
-
-#if defined(MBEDTLS_AES_C)
-#define MBEDTLS_CIPHER_BLKSIZE_MAX 16 /**< The longest block used by CMAC is that of AES. */
-#else
-#define MBEDTLS_CIPHER_BLKSIZE_MAX 8 /**< The longest block used by CMAC is that of 3DES. */
-#endif
-
-#if !defined(MBEDTLS_CMAC_ALT)
-
-/**
- * The CMAC context structure.
- */
-struct mbedtls_cmac_context_t
-{
- /** The internal state of the CMAC algorithm. */
- unsigned char MBEDTLS_PRIVATE(state)[MBEDTLS_CIPHER_BLKSIZE_MAX];
-
- /** Unprocessed data - either data that was not block aligned and is still
- * pending processing, or the final block. */
- unsigned char MBEDTLS_PRIVATE(unprocessed_block)[MBEDTLS_CIPHER_BLKSIZE_MAX];
-
- /** The length of data pending processing. */
- size_t MBEDTLS_PRIVATE(unprocessed_len);
-};
-
-#else /* !MBEDTLS_CMAC_ALT */
-#include "cmac_alt.h"
-#endif /* !MBEDTLS_CMAC_ALT */
-
-/**
- * \brief This function starts a new CMAC computation
- * by setting the CMAC key, and preparing to authenticate
- * the input data.
- * It must be called with an initialized cipher context.
- *
- * Once this function has completed, data can be supplied
- * to the CMAC computation by calling
- * mbedtls_cipher_cmac_update().
- *
- * To start a CMAC computation using the same key as a previous
- * CMAC computation, use mbedtls_cipher_cmac_finish().
- *
- * \note When the CMAC implementation is supplied by an alternate
- * implementation (through #MBEDTLS_CMAC_ALT), some ciphers
- * may not be supported by that implementation, and thus
- * return an error. Alternate implementations must support
- * AES-128 and AES-256, and may support AES-192 and 3DES.
- *
- * \param ctx The cipher context used for the CMAC operation, initialized
- * as one of the following types: MBEDTLS_CIPHER_AES_128_ECB,
- * MBEDTLS_CIPHER_AES_192_ECB, MBEDTLS_CIPHER_AES_256_ECB,
- * or MBEDTLS_CIPHER_DES_EDE3_ECB.
- * \param key The CMAC key.
- * \param keybits The length of the CMAC key in bits.
- * Must be supported by the cipher.
- *
- * \return \c 0 on success.
- * \return A cipher-specific error code on failure.
- */
-int mbedtls_cipher_cmac_starts( mbedtls_cipher_context_t *ctx,
- const unsigned char *key, size_t keybits );
-
-/**
- * \brief This function feeds an input buffer into an ongoing CMAC
- * computation.
- *
- * The CMAC computation must have previously been started
- * by calling mbedtls_cipher_cmac_starts() or
- * mbedtls_cipher_cmac_reset().
- *
- * Call this function as many times as needed to input the
- * data to be authenticated.
- * Once all of the required data has been input,
- * call mbedtls_cipher_cmac_finish() to obtain the result
- * of the CMAC operation.
- *
- * \param ctx The cipher context used for the CMAC operation.
- * \param input The buffer holding the input data.
- * \param ilen The length of the input data.
- *
- * \return \c 0 on success.
- * \return #MBEDTLS_ERR_MD_BAD_INPUT_DATA
- * if parameter verification fails.
- */
-int mbedtls_cipher_cmac_update( mbedtls_cipher_context_t *ctx,
- const unsigned char *input, size_t ilen );
-
-/**
- * \brief This function finishes an ongoing CMAC operation, and
- * writes the result to the output buffer.
- *
- * It should be followed either by
- * mbedtls_cipher_cmac_reset(), which starts another CMAC
- * operation with the same key, or mbedtls_cipher_free(),
- * which clears the cipher context.
- *
- * \param ctx The cipher context used for the CMAC operation.
- * \param output The output buffer for the CMAC checksum result.
- *
- * \return \c 0 on success.
- * \return #MBEDTLS_ERR_MD_BAD_INPUT_DATA
- * if parameter verification fails.
- */
-int mbedtls_cipher_cmac_finish( mbedtls_cipher_context_t *ctx,
- unsigned char *output );
-
-/**
- * \brief This function starts a new CMAC operation with the same
- * key as the previous one.
- *
- * It should be called after finishing the previous CMAC
- * operation with mbedtls_cipher_cmac_finish().
- * After calling this function,
- * call mbedtls_cipher_cmac_update() to supply the new
- * CMAC operation with data.
- *
- * \param ctx The cipher context used for the CMAC operation.
- *
- * \return \c 0 on success.
- * \return #MBEDTLS_ERR_MD_BAD_INPUT_DATA
- * if parameter verification fails.
- */
-int mbedtls_cipher_cmac_reset( mbedtls_cipher_context_t *ctx );
-
-/**
- * \brief This function calculates the full generic CMAC
- * on the input buffer with the provided key.
- *
- * The function allocates the context, performs the
- * calculation, and frees the context.
- *
- * The CMAC result is calculated as
- * output = generic CMAC(cmac key, input buffer).
- *
- * \note When the CMAC implementation is supplied by an alternate
- * implementation (through #MBEDTLS_CMAC_ALT), some ciphers
- * may not be supported by that implementation, and thus
- * return an error. Alternate implementations must support
- * AES-128 and AES-256, and may support AES-192 and 3DES.
- *
- * \param cipher_info The cipher information.
- * \param key The CMAC key.
- * \param keylen The length of the CMAC key in bits.
- * \param input The buffer holding the input data.
- * \param ilen The length of the input data.
- * \param output The buffer for the generic CMAC result.
- *
- * \return \c 0 on success.
- * \return #MBEDTLS_ERR_MD_BAD_INPUT_DATA
- * if parameter verification fails.
- */
-int mbedtls_cipher_cmac( const mbedtls_cipher_info_t *cipher_info,
- const unsigned char *key, size_t keylen,
- const unsigned char *input, size_t ilen,
- unsigned char *output );
-
-#if defined(MBEDTLS_AES_C)
-/**
- * \brief This function implements the AES-CMAC-PRF-128 pseudorandom
- * function, as defined in
- * RFC-4615: The Advanced Encryption Standard-Cipher-based
- * Message Authentication Code-Pseudo-Random Function-128
- * (AES-CMAC-PRF-128) Algorithm for the Internet Key
- * Exchange Protocol (IKE).
- *
- * \param key The key to use.
- * \param key_len The key length in Bytes.
- * \param input The buffer holding the input data.
- * \param in_len The length of the input data in Bytes.
- * \param output The buffer holding the generated 16 Bytes of
- * pseudorandom output.
- *
- * \return \c 0 on success.
- */
-int mbedtls_aes_cmac_prf_128( const unsigned char *key, size_t key_len,
- const unsigned char *input, size_t in_len,
- unsigned char output[16] );
-#endif /* MBEDTLS_AES_C */
-
-#if defined(MBEDTLS_SELF_TEST) && ( defined(MBEDTLS_AES_C) || defined(MBEDTLS_DES_C) )
-/**
- * \brief The CMAC checkup routine.
- *
- * \note In case the CMAC routines are provided by an alternative
- * implementation (i.e. #MBEDTLS_CMAC_ALT is defined), the
- * checkup routine will succeed even if the implementation does
- * not support the less widely used AES-192 or 3DES primitives.
- * The self-test requires at least AES-128 and AES-256 to be
- * supported by the underlying implementation.
- *
- * \return \c 0 on success.
- * \return \c 1 on failure.
- */
-int mbedtls_cmac_self_test( int verbose );
-#endif /* MBEDTLS_SELF_TEST && ( MBEDTLS_AES_C || MBEDTLS_DES_C ) */
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* MBEDTLS_CMAC_H */
diff --git a/mbedtls/compat-2.x.h b/mbedtls/compat-2.x.h
deleted file mode 100644
index cdf81dc..0000000
--- a/mbedtls/compat-2.x.h
+++ /dev/null
@@ -1,58 +0,0 @@
-/**
- * \file compat-2.x.h
- *
- * \brief Compatibility definitions
- *
- * \deprecated Use the new names directly instead
- */
-/*
- * Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-#if defined(MBEDTLS_DEPRECATED_WARNING)
-#warning "Including compat-2.x.h is deprecated"
-#endif
-
-#ifndef MBEDTLS_COMPAT2X_H
-#define MBEDTLS_COMPAT2X_H
-
-/*
- * Macros for renamed functions
- */
-#define mbedtls_ctr_drbg_update_ret mbedtls_ctr_drbg_update
-#define mbedtls_hmac_drbg_update_ret mbedtls_hmac_drbg_update
-#define mbedtls_md5_starts_ret mbedtls_md5_starts
-#define mbedtls_md5_update_ret mbedtls_md5_update
-#define mbedtls_md5_finish_ret mbedtls_md5_finish
-#define mbedtls_md5_ret mbedtls_md5
-#define mbedtls_ripemd160_starts_ret mbedtls_ripemd160_starts
-#define mbedtls_ripemd160_update_ret mbedtls_ripemd160_update
-#define mbedtls_ripemd160_finish_ret mbedtls_ripemd160_finish
-#define mbedtls_ripemd160_ret mbedtls_ripemd160
-#define mbedtls_sha1_starts_ret mbedtls_sha1_starts
-#define mbedtls_sha1_update_ret mbedtls_sha1_update
-#define mbedtls_sha1_finish_ret mbedtls_sha1_finish
-#define mbedtls_sha1_ret mbedtls_sha1
-#define mbedtls_sha256_starts_ret mbedtls_sha256_starts
-#define mbedtls_sha256_update_ret mbedtls_sha256_update
-#define mbedtls_sha256_finish_ret mbedtls_sha256_finish
-#define mbedtls_sha256_ret mbedtls_sha256
-#define mbedtls_sha512_starts_ret mbedtls_sha512_starts
-#define mbedtls_sha512_update_ret mbedtls_sha512_update
-#define mbedtls_sha512_finish_ret mbedtls_sha512_finish
-#define mbedtls_sha512_ret mbedtls_sha512
-
-#endif /* MBEDTLS_COMPAT2X_H */
diff --git a/mbedtls/config_psa.h b/mbedtls/config_psa.h
deleted file mode 100644
index 68dda0f..0000000
--- a/mbedtls/config_psa.h
+++ /dev/null
@@ -1,800 +0,0 @@
-/**
- * \file mbedtls/config_psa.h
- * \brief PSA crypto configuration options (set of defines)
- *
- * This set of compile-time options takes settings defined in
- * include/mbedtls/mbedtls_config.h and include/psa/crypto_config.h and uses
- * those definitions to define symbols used in the library code.
- *
- * Users and integrators should not edit this file, please edit
- * include/mbedtls/mbedtls_config.h for MBETLS_XXX settings or
- * include/psa/crypto_config.h for PSA_WANT_XXX settings.
- */
-/*
- * Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-#ifndef MBEDTLS_CONFIG_PSA_H
-#define MBEDTLS_CONFIG_PSA_H
-
-#if defined(MBEDTLS_PSA_CRYPTO_CONFIG)
-#include "psa/crypto_config.h"
-#endif /* defined(MBEDTLS_PSA_CRYPTO_CONFIG) */
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-
-
-/****************************************************************/
-/* De facto synonyms */
-/****************************************************************/
-
-#if defined(PSA_WANT_ALG_ECDSA_ANY) && !defined(PSA_WANT_ALG_ECDSA)
-#define PSA_WANT_ALG_ECDSA PSA_WANT_ALG_ECDSA_ANY
-#elif !defined(PSA_WANT_ALG_ECDSA_ANY) && defined(PSA_WANT_ALG_ECDSA)
-#define PSA_WANT_ALG_ECDSA_ANY PSA_WANT_ALG_ECDSA
-#endif
-
-#if defined(PSA_WANT_ALG_RSA_PKCS1V15_SIGN_RAW) && !defined(PSA_WANT_ALG_RSA_PKCS1V15_SIGN)
-#define PSA_WANT_ALG_RSA_PKCS1V15_SIGN PSA_WANT_ALG_RSA_PKCS1V15_SIGN_RAW
-#elif !defined(PSA_WANT_ALG_RSA_PKCS1V15_SIGN_RAW) && defined(PSA_WANT_ALG_RSA_PKCS1V15_SIGN)
-#define PSA_WANT_ALG_RSA_PKCS1V15_SIGN_RAW PSA_WANT_ALG_RSA_PKCS1V15_SIGN
-#endif
-
-#if defined(PSA_WANT_ALG_RSA_PSS_ANY_SALT) && !defined(PSA_WANT_ALG_RSA_PSS)
-#define PSA_WANT_ALG_RSA_PSS PSA_WANT_ALG_RSA_PSS_ANY_SALT
-#elif !defined(PSA_WANT_ALG_RSA_PSS_ANY_SALT) && defined(PSA_WANT_ALG_RSA_PSS)
-#define PSA_WANT_ALG_RSA_PSS_ANY_SALT PSA_WANT_ALG_RSA_PSS
-#endif
-
-
-
-/****************************************************************/
-/* Require built-in implementations based on PSA requirements */
-/****************************************************************/
-
-#if defined(MBEDTLS_PSA_CRYPTO_CONFIG)
-
-#if defined(PSA_WANT_ALG_DETERMINISTIC_ECDSA)
-#if !defined(MBEDTLS_PSA_ACCEL_ALG_DETERMINISTIC_ECDSA)
-#define MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA 1
-#define MBEDTLS_ECDSA_DETERMINISTIC
-#define MBEDTLS_ECDSA_C
-#define MBEDTLS_HMAC_DRBG_C
-#define MBEDTLS_MD_C
-#endif /* !MBEDTLS_PSA_ACCEL_ALG_DETERMINISTIC_ECDSA */
-#endif /* PSA_WANT_ALG_DETERMINISTIC_ECDSA */
-
-#if defined(PSA_WANT_ALG_ECDH)
-#if !defined(MBEDTLS_PSA_ACCEL_ALG_ECDH)
-#define MBEDTLS_PSA_BUILTIN_ALG_ECDH 1
-#define MBEDTLS_ECDH_C
-#define MBEDTLS_ECP_C
-#define MBEDTLS_BIGNUM_C
-#endif /* !MBEDTLS_PSA_ACCEL_ALG_ECDH */
-#endif /* PSA_WANT_ALG_ECDH */
-
-#if defined(PSA_WANT_ALG_ECDSA)
-#if !defined(MBEDTLS_PSA_ACCEL_ALG_ECDSA)
-#define MBEDTLS_PSA_BUILTIN_ALG_ECDSA 1
-#define MBEDTLS_ECDSA_C
-#define MBEDTLS_ECP_C
-#define MBEDTLS_BIGNUM_C
-#define MBEDTLS_ASN1_PARSE_C
-#define MBEDTLS_ASN1_WRITE_C
-#endif /* !MBEDTLS_PSA_ACCEL_ALG_ECDSA */
-#endif /* PSA_WANT_ALG_ECDSA */
-
-#if defined(PSA_WANT_ALG_HKDF)
-#if !defined(MBEDTLS_PSA_ACCEL_ALG_HKDF)
-#define MBEDTLS_PSA_BUILTIN_ALG_HMAC 1
-#define MBEDTLS_PSA_BUILTIN_ALG_HKDF 1
-#endif /* !MBEDTLS_PSA_ACCEL_ALG_HKDF */
-#endif /* PSA_WANT_ALG_HKDF */
-
-#if defined(PSA_WANT_ALG_HMAC)
-#if !defined(MBEDTLS_PSA_ACCEL_ALG_HMAC)
-#define MBEDTLS_PSA_BUILTIN_ALG_HMAC 1
-#endif /* !MBEDTLS_PSA_ACCEL_ALG_HMAC */
-#endif /* PSA_WANT_ALG_HMAC */
-
-#if defined(PSA_WANT_ALG_MD5) && !defined(MBEDTLS_PSA_ACCEL_ALG_MD5)
-#define MBEDTLS_PSA_BUILTIN_ALG_MD5 1
-#define MBEDTLS_MD5_C
-#endif
-
-#if defined(PSA_WANT_ALG_RIPEMD160) && !defined(MBEDTLS_PSA_ACCEL_ALG_RIPEMD160)
-#define MBEDTLS_PSA_BUILTIN_ALG_RIPEMD160 1
-#define MBEDTLS_RIPEMD160_C
-#endif
-
-#if defined(PSA_WANT_ALG_RSA_OAEP)
-#if !defined(MBEDTLS_PSA_ACCEL_ALG_RSA_OAEP)
-#define MBEDTLS_PSA_BUILTIN_ALG_RSA_OAEP 1
-#define MBEDTLS_RSA_C
-#define MBEDTLS_BIGNUM_C
-#define MBEDTLS_OID_C
-#define MBEDTLS_PKCS1_V21
-#define MBEDTLS_MD_C
-#endif /* !MBEDTLS_PSA_ACCEL_ALG_RSA_OAEP */
-#endif /* PSA_WANT_ALG_RSA_OAEP */
-
-#if defined(PSA_WANT_ALG_RSA_PKCS1V15_CRYPT)
-#if !defined(MBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_CRYPT)
-#define MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT 1
-#define MBEDTLS_RSA_C
-#define MBEDTLS_BIGNUM_C
-#define MBEDTLS_OID_C
-#define MBEDTLS_PKCS1_V15
-#endif /* !MBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_CRYPT */
-#endif /* PSA_WANT_ALG_RSA_PKCS1V15_CRYPT */
-
-#if defined(PSA_WANT_ALG_RSA_PKCS1V15_SIGN)
-#if !defined(MBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_SIGN)
-#define MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN 1
-#define MBEDTLS_RSA_C
-#define MBEDTLS_BIGNUM_C
-#define MBEDTLS_OID_C
-#define MBEDTLS_PKCS1_V15
-#define MBEDTLS_MD_C
-#endif /* !MBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_SIGN */
-#endif /* PSA_WANT_ALG_RSA_PKCS1V15_SIGN */
-
-#if defined(PSA_WANT_ALG_RSA_PSS)
-#if !defined(MBEDTLS_PSA_ACCEL_ALG_RSA_PSS)
-#define MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS 1
-#define MBEDTLS_RSA_C
-#define MBEDTLS_BIGNUM_C
-#define MBEDTLS_OID_C
-#define MBEDTLS_PKCS1_V21
-#define MBEDTLS_MD_C
-#endif /* !MBEDTLS_PSA_ACCEL_ALG_RSA_PSS */
-#endif /* PSA_WANT_ALG_RSA_PSS */
-
-#if defined(PSA_WANT_ALG_SHA_1) && !defined(MBEDTLS_PSA_ACCEL_ALG_SHA_1)
-#define MBEDTLS_PSA_BUILTIN_ALG_SHA_1 1
-#define MBEDTLS_SHA1_C
-#endif
-
-#if defined(PSA_WANT_ALG_SHA_224) && !defined(MBEDTLS_PSA_ACCEL_ALG_SHA_224)
-#define MBEDTLS_PSA_BUILTIN_ALG_SHA_224 1
-#define MBEDTLS_SHA224_C
-#endif
-
-#if defined(PSA_WANT_ALG_SHA_256) && !defined(MBEDTLS_PSA_ACCEL_ALG_SHA_256)
-#define MBEDTLS_PSA_BUILTIN_ALG_SHA_256 1
-#define MBEDTLS_SHA256_C
-#endif
-
-#if defined(PSA_WANT_ALG_SHA_384) && !defined(MBEDTLS_PSA_ACCEL_ALG_SHA_384)
-#define MBEDTLS_PSA_BUILTIN_ALG_SHA_384 1
-#define MBEDTLS_SHA384_C
-#endif
-
-#if defined(PSA_WANT_ALG_SHA_512) && !defined(MBEDTLS_PSA_ACCEL_ALG_SHA_512)
-#define MBEDTLS_PSA_BUILTIN_ALG_SHA_512 1
-#define MBEDTLS_SHA512_C
-#endif
-
-#if defined(PSA_WANT_ALG_TLS12_PRF)
-#if !defined(MBEDTLS_PSA_ACCEL_ALG_TLS12_PRF)
-#define MBEDTLS_PSA_BUILTIN_ALG_TLS12_PRF 1
-#endif /* !MBEDTLS_PSA_ACCEL_ALG_TLS12_PRF */
-#endif /* PSA_WANT_ALG_TLS12_PRF */
-
-#if defined(PSA_WANT_ALG_TLS12_PSK_TO_MS)
-#if !defined(MBEDTLS_PSA_ACCEL_ALG_TLS12_PSK_TO_MS)
-#define MBEDTLS_PSA_BUILTIN_ALG_TLS12_PSK_TO_MS 1
-#endif /* !MBEDTLS_PSA_ACCEL_ALG_TLS12_PSK_TO_MS */
-#endif /* PSA_WANT_ALG_TLS12_PSK_TO_MS */
-
-#if defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR)
-#if !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR)
-#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR 1
-#define MBEDTLS_ECP_C
-#define MBEDTLS_BIGNUM_C
-#endif /* !MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR */
-#endif /* PSA_WANT_KEY_TYPE_ECC_KEY_PAIR */
-
-#if defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY)
-#if !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY)
-#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY 1
-#define MBEDTLS_ECP_C
-#define MBEDTLS_BIGNUM_C
-#endif /* !MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY */
-#endif /* PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY */
-
-#if defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR)
-#if !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR)
-#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR 1
-#define MBEDTLS_RSA_C
-#define MBEDTLS_BIGNUM_C
-#define MBEDTLS_OID_C
-#define MBEDTLS_GENPRIME
-#define MBEDTLS_PK_PARSE_C
-#define MBEDTLS_PK_WRITE_C
-#define MBEDTLS_PK_C
-#define MBEDTLS_ASN1_PARSE_C
-#define MBEDTLS_ASN1_WRITE_C
-#endif /* !MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR */
-#endif /* PSA_WANT_KEY_TYPE_RSA_KEY_PAIR */
-
-#if defined(PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY)
-#if !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_PUBLIC_KEY)
-#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY 1
-#define MBEDTLS_RSA_C
-#define MBEDTLS_BIGNUM_C
-#define MBEDTLS_OID_C
-#define MBEDTLS_PK_PARSE_C
-#define MBEDTLS_PK_WRITE_C
-#define MBEDTLS_PK_C
-#define MBEDTLS_ASN1_PARSE_C
-#define MBEDTLS_ASN1_WRITE_C
-#endif /* !MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_PUBLIC_KEY */
-#endif /* PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY */
-
-/* If any of the block modes are requested that don't have an
- * associated HW assist, define PSA_HAVE_SOFT_BLOCK_MODE for checking
- * in the block cipher key types. */
-#if (defined(PSA_WANT_ALG_CTR) && !defined(MBEDTLS_PSA_ACCEL_ALG_CTR)) || \
- (defined(PSA_WANT_ALG_CFB) && !defined(MBEDTLS_PSA_ACCEL_ALG_CFB)) || \
- (defined(PSA_WANT_ALG_OFB) && !defined(MBEDTLS_PSA_ACCEL_ALG_OFB)) || \
- (defined(PSA_WANT_ALG_XTS) && !defined(MBEDTLS_PSA_ACCEL_ALG_XTS)) || \
- defined(PSA_WANT_ALG_ECB_NO_PADDING) || \
- (defined(PSA_WANT_ALG_CBC_NO_PADDING) && \
- !defined(MBEDTLS_PSA_ACCEL_ALG_CBC_NO_PADDING)) || \
- (defined(PSA_WANT_ALG_CBC_PKCS7) && \
- !defined(MBEDTLS_PSA_ACCEL_ALG_CBC_PKCS7)) || \
- (defined(PSA_WANT_ALG_CMAC) && !defined(MBEDTLS_PSA_ACCEL_ALG_CMAC))
-#define PSA_HAVE_SOFT_BLOCK_MODE 1
-#endif
-
-#if (defined(PSA_WANT_ALG_GCM) && !defined(MBEDTLS_PSA_ACCEL_ALG_GCM)) || \
- (defined(PSA_WANT_ALG_CCM) && !defined(MBEDTLS_PSA_ACCEL_ALG_CCM))
-#define PSA_HAVE_SOFT_BLOCK_AEAD 1
-#endif
-
-#if defined(PSA_WANT_KEY_TYPE_AES)
-#if !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_AES)
-#define PSA_HAVE_SOFT_KEY_TYPE_AES 1
-#endif /* !MBEDTLS_PSA_ACCEL_KEY_TYPE_AES */
-#if defined(PSA_HAVE_SOFT_KEY_TYPE_AES) || \
- defined(PSA_HAVE_SOFT_BLOCK_MODE) || \
- defined(PSA_HAVE_SOFT_BLOCK_AEAD)
-#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_AES 1
-#define MBEDTLS_AES_C
-#endif /* PSA_HAVE_SOFT_KEY_TYPE_AES || PSA_HAVE_SOFT_BLOCK_MODE */
-#endif /* PSA_WANT_KEY_TYPE_AES */
-
-#if defined(PSA_WANT_KEY_TYPE_ARIA)
-#if !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ARIA)
-#define PSA_HAVE_SOFT_KEY_TYPE_ARIA 1
-#endif /* !MBEDTLS_PSA_ACCEL_KEY_TYPE_ARIA */
-#if defined(PSA_HAVE_SOFT_KEY_TYPE_ARIA) || \
- defined(PSA_HAVE_SOFT_BLOCK_MODE) || \
- defined(PSA_HAVE_SOFT_BLOCK_AEAD)
-#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_ARIA 1
-#define MBEDTLS_ARIA_C
-#endif /* PSA_HAVE_SOFT_KEY_TYPE_ARIA || PSA_HAVE_SOFT_BLOCK_MODE */
-#endif /* PSA_WANT_KEY_TYPE_ARIA */
-
-#if defined(PSA_WANT_KEY_TYPE_CAMELLIA)
-#if !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_CAMELLIA)
-#define PSA_HAVE_SOFT_KEY_TYPE_CAMELLIA 1
-#endif /* !MBEDTLS_PSA_ACCEL_KEY_TYPE_CAMELLIA */
-#if defined(PSA_HAVE_SOFT_KEY_TYPE_CAMELLIA) || \
- defined(PSA_HAVE_SOFT_BLOCK_MODE) || \
- defined(PSA_HAVE_SOFT_BLOCK_AEAD)
-#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_CAMELLIA 1
-#define MBEDTLS_CAMELLIA_C
-#endif /* PSA_HAVE_SOFT_KEY_TYPE_CAMELLIA || PSA_HAVE_SOFT_BLOCK_MODE */
-#endif /* PSA_WANT_KEY_TYPE_CAMELLIA */
-
-#if defined(PSA_WANT_KEY_TYPE_DES)
-#if !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_DES)
-#define PSA_HAVE_SOFT_KEY_TYPE_DES 1
-#endif /* !MBEDTLS_PSA_ACCEL_KEY_TYPE_DES */
-#if defined(PSA_HAVE_SOFT_KEY_TYPE_DES) || \
- defined(PSA_HAVE_SOFT_BLOCK_MODE)
-#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_DES 1
-#define MBEDTLS_DES_C
-#endif /*PSA_HAVE_SOFT_KEY_TYPE_DES || PSA_HAVE_SOFT_BLOCK_MODE */
-#endif /* PSA_WANT_KEY_TYPE_DES */
-
-#if defined(PSA_WANT_KEY_TYPE_CHACHA20)
-#if !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_CHACHA20)
-#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_CHACHA20 1
-#define MBEDTLS_CHACHA20_C
-#endif /*!MBEDTLS_PSA_ACCEL_KEY_TYPE_CHACHA20 */
-#endif /* PSA_WANT_KEY_TYPE_CHACHA20 */
-
-/* If any of the software block ciphers are selected, define
- * PSA_HAVE_SOFT_BLOCK_CIPHER, which can be used in any of these
- * situations. */
-#if defined(PSA_HAVE_SOFT_KEY_TYPE_AES) || \
- defined(PSA_HAVE_SOFT_KEY_TYPE_ARIA) || \
- defined(PSA_HAVE_SOFT_KEY_TYPE_DES) || \
- defined(PSA_HAVE_SOFT_KEY_TYPE_CAMELLIA)
-#define PSA_HAVE_SOFT_BLOCK_CIPHER 1
-#endif
-
-#if defined(PSA_WANT_ALG_STREAM_CIPHER)
-#define MBEDTLS_PSA_BUILTIN_ALG_STREAM_CIPHER 1
-#endif /* PSA_WANT_ALG_STREAM_CIPHER */
-
-#if defined(PSA_WANT_ALG_CBC_MAC)
-#if !defined(MBEDTLS_PSA_ACCEL_ALG_CBC_MAC)
-#error "CBC-MAC is not yet supported via the PSA API in Mbed TLS."
-#define MBEDTLS_PSA_BUILTIN_ALG_CBC_MAC 1
-#endif /* !MBEDTLS_PSA_ACCEL_ALG_CBC_MAC */
-#endif /* PSA_WANT_ALG_CBC_MAC */
-
-#if defined(PSA_WANT_ALG_CMAC)
-#if !defined(MBEDTLS_PSA_ACCEL_ALG_CMAC) || \
- defined(PSA_HAVE_SOFT_BLOCK_CIPHER)
-#define MBEDTLS_PSA_BUILTIN_ALG_CMAC 1
-#define MBEDTLS_CMAC_C
-#endif /* !MBEDTLS_PSA_ACCEL_ALG_CMAC */
-#endif /* PSA_WANT_ALG_CMAC */
-
-#if defined(PSA_WANT_ALG_CTR)
-#if !defined(MBEDTLS_PSA_ACCEL_ALG_CTR) || \
- defined(PSA_HAVE_SOFT_BLOCK_CIPHER)
-#define MBEDTLS_PSA_BUILTIN_ALG_CTR 1
-#define MBEDTLS_CIPHER_MODE_CTR
-#endif
-#endif /* PSA_WANT_ALG_CTR */
-
-#if defined(PSA_WANT_ALG_CFB)
-#if !defined(MBEDTLS_PSA_ACCEL_ALG_CFB) || \
- defined(PSA_HAVE_SOFT_BLOCK_CIPHER)
-#define MBEDTLS_PSA_BUILTIN_ALG_CFB 1
-#define MBEDTLS_CIPHER_MODE_CFB
-#endif
-#endif /* PSA_WANT_ALG_CFB */
-
-#if defined(PSA_WANT_ALG_OFB)
-#if !defined(MBEDTLS_PSA_ACCEL_ALG_OFB) || \
- defined(PSA_HAVE_SOFT_BLOCK_CIPHER)
-#define MBEDTLS_PSA_BUILTIN_ALG_OFB 1
-#define MBEDTLS_CIPHER_MODE_OFB
-#endif
-#endif /* PSA_WANT_ALG_OFB */
-
-#if defined(PSA_WANT_ALG_XTS)
-#if !defined(MBEDTLS_PSA_ACCEL_ALG_XTS) || \
- defined(PSA_HAVE_SOFT_BLOCK_CIPHER)
-#define MBEDTLS_PSA_BUILTIN_ALG_XTS 1
-#define MBEDTLS_CIPHER_MODE_XTS
-#endif
-#endif /* PSA_WANT_ALG_XTS */
-
-#if defined(PSA_WANT_ALG_ECB_NO_PADDING)
-#define MBEDTLS_PSA_BUILTIN_ALG_ECB_NO_PADDING 1
-#endif
-
-#if defined(PSA_WANT_ALG_CBC_NO_PADDING)
-#if !defined(MBEDTLS_PSA_ACCEL_ALG_CBC_NO_PADDING) || \
- defined(PSA_HAVE_SOFT_BLOCK_CIPHER)
-#define MBEDTLS_CIPHER_MODE_CBC
-#define MBEDTLS_PSA_BUILTIN_ALG_CBC_NO_PADDING 1
-#endif
-#endif /* PSA_WANT_ALG_CBC_NO_PADDING */
-
-#if defined(PSA_WANT_ALG_CBC_PKCS7)
-#if !defined(MBEDTLS_PSA_ACCEL_ALG_CBC_PKCS7) || \
- defined(PSA_HAVE_SOFT_BLOCK_CIPHER)
-#define MBEDTLS_CIPHER_MODE_CBC
-#define MBEDTLS_PSA_BUILTIN_ALG_CBC_PKCS7 1
-#define MBEDTLS_CIPHER_PADDING_PKCS7
-#endif
-#endif /* PSA_WANT_ALG_CBC_PKCS7 */
-
-#if defined(PSA_WANT_ALG_CCM)
-#if !defined(MBEDTLS_PSA_ACCEL_ALG_CCM) || \
- defined(PSA_HAVE_SOFT_KEY_TYPE_AES) || \
- defined(PSA_HAVE_SOFT_KEY_TYPE_ARIA) || \
- defined(PSA_HAVE_SOFT_KEY_TYPE_CAMELLIA)
-#define MBEDTLS_PSA_BUILTIN_ALG_CCM 1
-#define MBEDTLS_CCM_C
-#endif
-#endif /* PSA_WANT_ALG_CCM */
-
-#if defined(PSA_WANT_ALG_GCM)
-#if !defined(MBEDTLS_PSA_ACCEL_ALG_GCM) || \
- defined(PSA_HAVE_SOFT_KEY_TYPE_AES) || \
- defined(PSA_HAVE_SOFT_KEY_TYPE_ARIA) || \
- defined(PSA_HAVE_SOFT_KEY_TYPE_CAMELLIA)
-#define MBEDTLS_PSA_BUILTIN_ALG_GCM 1
-#define MBEDTLS_GCM_C
-#endif
-#endif /* PSA_WANT_ALG_GCM */
-
-#if defined(PSA_WANT_ALG_CHACHA20_POLY1305)
-#if !defined(MBEDTLS_PSA_ACCEL_ALG_CHACHA20_POLY1305)
-#if defined(PSA_WANT_KEY_TYPE_CHACHA20)
-#define MBEDTLS_CHACHAPOLY_C
-#define MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305 1
-#endif /* PSA_WANT_KEY_TYPE_CHACHA20 */
-#endif /* !MBEDTLS_PSA_ACCEL_ALG_CHACHA20_POLY1305 */
-#endif /* PSA_WANT_ALG_CHACHA20_POLY1305 */
-
-#if defined(PSA_WANT_ECC_BRAINPOOL_P_R1_256)
-#if !defined(MBEDTLS_PSA_ACCEL_ECC_BRAINPOOL_P_R1_256)
-#define MBEDTLS_ECP_DP_BP256R1_ENABLED
-#define MBEDTLS_PSA_BUILTIN_ECC_BRAINPOOL_P_R1_256 1
-#endif /* !MBEDTLS_PSA_ACCEL_ECC_BRAINPOOL_P_R1_256 */
-#endif /* PSA_WANT_ECC_BRAINPOOL_P_R1_256 */
-
-#if defined(PSA_WANT_ECC_BRAINPOOL_P_R1_384)
-#if !defined(MBEDTLS_PSA_ACCEL_ECC_BRAINPOOL_P_R1_384)
-#define MBEDTLS_ECP_DP_BP384R1_ENABLED
-#define MBEDTLS_PSA_BUILTIN_ECC_BRAINPOOL_P_R1_384 1
-#endif /* !MBEDTLS_PSA_ACCEL_ECC_BRAINPOOL_P_R1_384 */
-#endif /* PSA_WANT_ECC_BRAINPOOL_P_R1_384 */
-
-#if defined(PSA_WANT_ECC_BRAINPOOL_P_R1_512)
-#if !defined(MBEDTLS_PSA_ACCEL_ECC_BRAINPOOL_P_R1_512)
-#define MBEDTLS_ECP_DP_BP512R1_ENABLED
-#define MBEDTLS_PSA_BUILTIN_ECC_BRAINPOOL_P_R1_512 1
-#endif /* !MBEDTLS_PSA_ACCEL_ECC_BRAINPOOL_P_R1_512 */
-#endif /* PSA_WANT_ECC_BRAINPOOL_P_R1_512 */
-
-#if defined(PSA_WANT_ECC_MONTGOMERY_255)
-#if !defined(MBEDTLS_PSA_ACCEL_ECC_MONTGOMERY_255)
-#define MBEDTLS_ECP_DP_CURVE25519_ENABLED
-#define MBEDTLS_PSA_BUILTIN_ECC_MONTGOMERY_255 1
-#endif /* !MBEDTLS_PSA_ACCEL_ECC_MONTGOMERY_255 */
-#endif /* PSA_WANT_ECC_MONTGOMERY_255 */
-
-#if defined(PSA_WANT_ECC_MONTGOMERY_448)
-#if !defined(MBEDTLS_PSA_ACCEL_ECC_MONTGOMERY_448)
-#define MBEDTLS_ECP_DP_CURVE448_ENABLED
-#define MBEDTLS_PSA_BUILTIN_ECC_MONTGOMERY_448 1
-#endif /* !MBEDTLS_PSA_ACCEL_ECC_MONTGOMERY_448 */
-#endif /* PSA_WANT_ECC_MONTGOMERY_448 */
-
-#if defined(PSA_WANT_ECC_SECP_R1_192)
-#if !defined(MBEDTLS_PSA_ACCEL_ECC_SECP_R1_192)
-#define MBEDTLS_ECP_DP_SECP192R1_ENABLED
-#define MBEDTLS_PSA_BUILTIN_ECC_SECP_R1_192 1
-#endif /* !MBEDTLS_PSA_ACCEL_ECC_SECP_R1_192 */
-#endif /* PSA_WANT_ECC_SECP_R1_192 */
-
-#if defined(PSA_WANT_ECC_SECP_R1_224)
-#if !defined(MBEDTLS_PSA_ACCEL_ECC_SECP_R1_224)
-#define MBEDTLS_ECP_DP_SECP224R1_ENABLED
-#define MBEDTLS_PSA_BUILTIN_ECC_SECP_R1_224 1
-#endif /* !MBEDTLS_PSA_ACCEL_ECC_SECP_R1_224 */
-#endif /* PSA_WANT_ECC_SECP_R1_224 */
-
-#if defined(PSA_WANT_ECC_SECP_R1_256)
-#if !defined(MBEDTLS_PSA_ACCEL_ECC_SECP_R1_256)
-#define MBEDTLS_ECP_DP_SECP256R1_ENABLED
-#define MBEDTLS_PSA_BUILTIN_ECC_SECP_R1_256 1
-#endif /* !MBEDTLS_PSA_ACCEL_ECC_SECP_R1_256 */
-#endif /* PSA_WANT_ECC_SECP_R1_256 */
-
-#if defined(PSA_WANT_ECC_SECP_R1_384)
-#if !defined(MBEDTLS_PSA_ACCEL_ECC_SECP_R1_384)
-#define MBEDTLS_ECP_DP_SECP384R1_ENABLED
-#define MBEDTLS_PSA_BUILTIN_ECC_SECP_R1_384 1
-#endif /* !MBEDTLS_PSA_ACCEL_ECC_SECP_R1_384 */
-#endif /* PSA_WANT_ECC_SECP_R1_384 */
-
-#if defined(PSA_WANT_ECC_SECP_R1_521)
-#if !defined(MBEDTLS_PSA_ACCEL_ECC_SECP_R1_521)
-#define MBEDTLS_ECP_DP_SECP521R1_ENABLED
-#define MBEDTLS_PSA_BUILTIN_ECC_SECP_R1_521 1
-#endif /* !MBEDTLS_PSA_ACCEL_ECC_SECP_R1_521 */
-#endif /* PSA_WANT_ECC_SECP_R1_521 */
-
-#if defined(PSA_WANT_ECC_SECP_K1_192)
-#if !defined(MBEDTLS_PSA_ACCEL_ECC_SECP_K1_192)
-#define MBEDTLS_ECP_DP_SECP192K1_ENABLED
-#define MBEDTLS_PSA_BUILTIN_ECC_SECP_K1_192 1
-#endif /* !MBEDTLS_PSA_ACCEL_ECC_SECP_K1_192 */
-#endif /* PSA_WANT_ECC_SECP_K1_192 */
-
-#if defined(PSA_WANT_ECC_SECP_K1_224)
-#if !defined(MBEDTLS_PSA_ACCEL_ECC_SECP_K1_224)
-/*
- * SECP224K1 is buggy via the PSA API in Mbed TLS
- * (https://github.com/ARMmbed/mbedtls/issues/3541).
- */
-#error "SECP224K1 is buggy via the PSA API in Mbed TLS."
-#define MBEDTLS_ECP_DP_SECP224K1_ENABLED
-#define MBEDTLS_PSA_BUILTIN_ECC_SECP_K1_224 1
-#endif /* !MBEDTLS_PSA_ACCEL_ECC_SECP_K1_224 */
-#endif /* PSA_WANT_ECC_SECP_K1_224 */
-
-#if defined(PSA_WANT_ECC_SECP_K1_256)
-#if !defined(MBEDTLS_PSA_ACCEL_ECC_SECP_K1_256)
-#define MBEDTLS_ECP_DP_SECP256K1_ENABLED
-#define MBEDTLS_PSA_BUILTIN_ECC_SECP_K1_256 1
-#endif /* !MBEDTLS_PSA_ACCEL_ECC_SECP_K1_256 */
-#endif /* PSA_WANT_ECC_SECP_K1_256 */
-
-
-
-/****************************************************************/
-/* Infer PSA requirements from Mbed TLS capabilities */
-/****************************************************************/
-
-#else /* MBEDTLS_PSA_CRYPTO_CONFIG */
-
-/*
- * Ensure PSA_WANT_* defines are setup properly if MBEDTLS_PSA_CRYPTO_CONFIG
- * is not defined
- */
-
-#if defined(MBEDTLS_CCM_C)
-#define MBEDTLS_PSA_BUILTIN_ALG_CCM 1
-#define PSA_WANT_ALG_CCM 1
-#endif /* MBEDTLS_CCM_C */
-
-#if defined(MBEDTLS_CMAC_C)
-#define MBEDTLS_PSA_BUILTIN_ALG_CMAC 1
-#define PSA_WANT_ALG_CMAC 1
-#endif /* MBEDTLS_CMAC_C */
-
-#if defined(MBEDTLS_ECDH_C)
-#define MBEDTLS_PSA_BUILTIN_ALG_ECDH 1
-#define PSA_WANT_ALG_ECDH 1
-#endif /* MBEDTLS_ECDH_C */
-
-#if defined(MBEDTLS_ECDSA_C)
-#define MBEDTLS_PSA_BUILTIN_ALG_ECDSA 1
-#define PSA_WANT_ALG_ECDSA 1
-#define PSA_WANT_ALG_ECDSA_ANY 1
-
-// Only add in DETERMINISTIC support if ECDSA is also enabled
-#if defined(MBEDTLS_ECDSA_DETERMINISTIC)
-#define MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA 1
-#define PSA_WANT_ALG_DETERMINISTIC_ECDSA 1
-#endif /* MBEDTLS_ECDSA_DETERMINISTIC */
-
-#endif /* MBEDTLS_ECDSA_C */
-
-#if defined(MBEDTLS_ECP_C)
-#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR 1
-#define PSA_WANT_KEY_TYPE_ECC_KEY_PAIR 1
-#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY 1
-#define PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY 1
-#endif /* MBEDTLS_ECP_C */
-
-#if defined(MBEDTLS_GCM_C)
-#define MBEDTLS_PSA_BUILTIN_ALG_GCM 1
-#define PSA_WANT_ALG_GCM 1
-#endif /* MBEDTLS_GCM_C */
-
-#if defined(MBEDTLS_HKDF_C)
-#define MBEDTLS_PSA_BUILTIN_ALG_HMAC 1
-#define PSA_WANT_ALG_HMAC 1
-#define MBEDTLS_PSA_BUILTIN_ALG_HKDF 1
-#define PSA_WANT_ALG_HKDF 1
-#endif /* MBEDTLS_HKDF_C */
-
-#if defined(MBEDTLS_MD_C)
-#define MBEDTLS_PSA_BUILTIN_ALG_HMAC 1
-#define PSA_WANT_ALG_HMAC 1
-#define PSA_WANT_KEY_TYPE_HMAC
-#define MBEDTLS_PSA_BUILTIN_ALG_TLS12_PRF 1
-#define PSA_WANT_ALG_TLS12_PRF 1
-#define MBEDTLS_PSA_BUILTIN_ALG_TLS12_PSK_TO_MS 1
-#define PSA_WANT_ALG_TLS12_PSK_TO_MS 1
-#endif /* MBEDTLS_MD_C */
-
-#if defined(MBEDTLS_MD5_C)
-#define MBEDTLS_PSA_BUILTIN_ALG_MD5 1
-#define PSA_WANT_ALG_MD5 1
-#endif
-
-#if defined(MBEDTLS_RIPEMD160_C)
-#define MBEDTLS_PSA_BUILTIN_ALG_RIPEMD160 1
-#define PSA_WANT_ALG_RIPEMD160 1
-#endif
-
-#if defined(MBEDTLS_RSA_C)
-#if defined(MBEDTLS_PKCS1_V15)
-#define MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT 1
-#define PSA_WANT_ALG_RSA_PKCS1V15_CRYPT 1
-#define MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN 1
-#define PSA_WANT_ALG_RSA_PKCS1V15_SIGN 1
-#define PSA_WANT_ALG_RSA_PKCS1V15_SIGN_RAW 1
-#endif /* MBEDTLS_PKCS1_V15 */
-#if defined(MBEDTLS_PKCS1_V21)
-#define MBEDTLS_PSA_BUILTIN_ALG_RSA_OAEP 1
-#define PSA_WANT_ALG_RSA_OAEP 1
-#define MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS 1
-#define PSA_WANT_ALG_RSA_PSS 1
-#endif /* MBEDTLS_PKCS1_V21 */
-#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR 1
-#define PSA_WANT_KEY_TYPE_RSA_KEY_PAIR 1
-#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY 1
-#define PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY 1
-#endif /* MBEDTLS_RSA_C */
-
-#if defined(MBEDTLS_SHA1_C)
-#define MBEDTLS_PSA_BUILTIN_ALG_SHA_1 1
-#define PSA_WANT_ALG_SHA_1 1
-#endif
-
-#if defined(MBEDTLS_SHA224_C)
-#define MBEDTLS_PSA_BUILTIN_ALG_SHA_224 1
-#define PSA_WANT_ALG_SHA_224 1
-#endif
-
-#if defined(MBEDTLS_SHA256_C)
-#define MBEDTLS_PSA_BUILTIN_ALG_SHA_256 1
-#define PSA_WANT_ALG_SHA_256 1
-#endif
-
-#if defined(MBEDTLS_SHA384_C)
-#define MBEDTLS_PSA_BUILTIN_ALG_SHA_384 1
-#define PSA_WANT_ALG_SHA_384 1
-#endif
-
-#if defined(MBEDTLS_SHA512_C)
-#define MBEDTLS_PSA_BUILTIN_ALG_SHA_512 1
-#define PSA_WANT_ALG_SHA_512 1
-#endif
-
-#if defined(MBEDTLS_AES_C)
-#define PSA_WANT_KEY_TYPE_AES 1
-#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_AES 1
-#endif
-
-#if defined(MBEDTLS_ARIA_C)
-#define PSA_WANT_KEY_TYPE_ARIA 1
-#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_ARIA 1
-#endif
-
-#if defined(MBEDTLS_CAMELLIA_C)
-#define PSA_WANT_KEY_TYPE_CAMELLIA 1
-#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_CAMELLIA 1
-#endif
-
-#if defined(MBEDTLS_DES_C)
-#define PSA_WANT_KEY_TYPE_DES 1
-#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_DES 1
-#endif
-
-#if defined(MBEDTLS_CHACHA20_C)
-#define PSA_WANT_KEY_TYPE_CHACHA20 1
-#define PSA_WANT_ALG_STREAM_CIPHER 1
-#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_CHACHA20 1
-#define MBEDTLS_PSA_BUILTIN_ALG_STREAM_CIPHER 1
-#if defined(MBEDTLS_CHACHAPOLY_C)
-#define PSA_WANT_ALG_CHACHA20_POLY1305 1
-#define MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305 1
-#endif
-#endif
-
-#if defined(MBEDTLS_CIPHER_MODE_CBC)
-#define MBEDTLS_PSA_BUILTIN_ALG_CBC_NO_PADDING 1
-#define PSA_WANT_ALG_CBC_NO_PADDING 1
-#if defined(MBEDTLS_CIPHER_PADDING_PKCS7)
-#define MBEDTLS_PSA_BUILTIN_ALG_CBC_PKCS7 1
-#define PSA_WANT_ALG_CBC_PKCS7 1
-#endif
-#endif
-
-#if defined(MBEDTLS_AES_C) || defined(MBEDTLS_DES_C) || \
- defined(MBEDTLS_ARIA_C) || defined(MBEDTLS_CAMELLIA_C)
-#define MBEDTLS_PSA_BUILTIN_ALG_ECB_NO_PADDING 1
-#define PSA_WANT_ALG_ECB_NO_PADDING 1
-#endif
-
-#if defined(MBEDTLS_CIPHER_MODE_CFB)
-#define MBEDTLS_PSA_BUILTIN_ALG_CFB 1
-#define PSA_WANT_ALG_CFB 1
-#endif
-
-#if defined(MBEDTLS_CIPHER_MODE_CTR)
-#define MBEDTLS_PSA_BUILTIN_ALG_CTR 1
-#define PSA_WANT_ALG_CTR 1
-#endif
-
-#if defined(MBEDTLS_CIPHER_MODE_OFB)
-#define MBEDTLS_PSA_BUILTIN_ALG_OFB 1
-#define PSA_WANT_ALG_OFB 1
-#endif
-
-#if defined(MBEDTLS_CIPHER_MODE_XTS)
-#define MBEDTLS_PSA_BUILTIN_ALG_XTS 1
-#define PSA_WANT_ALG_XTS 1
-#endif
-
-#if defined(MBEDTLS_ECP_DP_BP256R1_ENABLED)
-#define MBEDTLS_PSA_BUILTIN_ECC_BRAINPOOL_P_R1_256 1
-#define PSA_WANT_ECC_BRAINPOOL_P_R1_256
-#endif
-
-#if defined(MBEDTLS_ECP_DP_BP384R1_ENABLED)
-#define MBEDTLS_PSA_BUILTIN_ECC_BRAINPOOL_P_R1_384 1
-#define PSA_WANT_ECC_BRAINPOOL_P_R1_384
-#endif
-
-#if defined(MBEDTLS_ECP_DP_BP512R1_ENABLED)
-#define MBEDTLS_PSA_BUILTIN_ECC_BRAINPOOL_P_R1_512 1
-#define PSA_WANT_ECC_BRAINPOOL_P_R1_512
-#endif
-
-#if defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED)
-#define MBEDTLS_PSA_BUILTIN_ECC_MONTGOMERY_255 1
-#define PSA_WANT_ECC_MONTGOMERY_255
-#endif
-
-#if defined(MBEDTLS_ECP_DP_CURVE448_ENABLED)
-#define MBEDTLS_PSA_BUILTIN_ECC_MONTGOMERY_448 1
-#define PSA_WANT_ECC_MONTGOMERY_448
-#endif
-
-#if defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED)
-#define MBEDTLS_PSA_BUILTIN_ECC_SECP_R1_192 1
-#define PSA_WANT_ECC_SECP_R1_192
-#endif
-
-#if defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED)
-#define MBEDTLS_PSA_BUILTIN_ECC_SECP_R1_224 1
-#define PSA_WANT_ECC_SECP_R1_224
-#endif
-
-#if defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED)
-#define MBEDTLS_PSA_BUILTIN_ECC_SECP_R1_256 1
-#define PSA_WANT_ECC_SECP_R1_256
-#endif
-
-#if defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED)
-#define MBEDTLS_PSA_BUILTIN_ECC_SECP_R1_384 1
-#define PSA_WANT_ECC_SECP_R1_384
-#endif
-
-#if defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED)
-#define MBEDTLS_PSA_BUILTIN_ECC_SECP_R1_521 1
-#define PSA_WANT_ECC_SECP_R1_521
-#endif
-
-#if defined(MBEDTLS_ECP_DP_SECP192K1_ENABLED)
-#define MBEDTLS_PSA_BUILTIN_ECC_SECP_K1_192 1
-#define PSA_WANT_ECC_SECP_K1_192
-#endif
-
-/* SECP224K1 is buggy via the PSA API (https://github.com/ARMmbed/mbedtls/issues/3541) */
-#if 0 && defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED)
-#define MBEDTLS_PSA_BUILTIN_ECC_SECP_K1_224 1
-#define PSA_WANT_ECC_SECP_K1_224
-#endif
-
-#if defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED)
-#define MBEDTLS_PSA_BUILTIN_ECC_SECP_K1_256 1
-#define PSA_WANT_ECC_SECP_K1_256
-#endif
-
-#endif /* MBEDTLS_PSA_CRYPTO_CONFIG */
-
-/* These features are always enabled. */
-#define PSA_WANT_KEY_TYPE_DERIVE 1
-#define PSA_WANT_KEY_TYPE_RAW_DATA 1
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* MBEDTLS_CONFIG_PSA_H */
diff --git a/mbedtls/constant_time.h b/mbedtls/constant_time.h
deleted file mode 100644
index c5de57a..0000000
--- a/mbedtls/constant_time.h
+++ /dev/null
@@ -1,45 +0,0 @@
-/**
- * Constant-time functions
- *
- * Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-#ifndef MBEDTLS_CONSTANT_TIME_H
-#define MBEDTLS_CONSTANT_TIME_H
-
-#include
-
-
-/** Constant-time buffer comparison without branches.
- *
- * This is equivalent to the standard memcmp function, but is likely to be
- * compiled to code using bitwise operation rather than a branch.
- *
- * This function can be used to write constant-time code by replacing branches
- * with bit operations using masks.
- *
- * \param a Pointer to the first buffer.
- * \param b Pointer to the second buffer.
- * \param n The number of bytes to compare in the buffer.
- *
- * \return Zero if the content of the two buffer is the same,
- * otherwise non-zero.
- */
-int mbedtls_ct_memcmp( const void *a,
- const void *b,
- size_t n );
-
-#endif /* MBEDTLS_CONSTANT_TIME_H */
diff --git a/mbedtls/ctr_drbg.h b/mbedtls/ctr_drbg.h
deleted file mode 100644
index 959a5d5..0000000
--- a/mbedtls/ctr_drbg.h
+++ /dev/null
@@ -1,579 +0,0 @@
-/**
- * \file ctr_drbg.h
- *
- * \brief This file contains definitions and functions for the
- * CTR_DRBG pseudorandom generator.
- *
- * CTR_DRBG is a standardized way of building a PRNG from a block-cipher
- * in counter mode operation, as defined in NIST SP 800-90A:
- * Recommendation for Random Number Generation Using Deterministic Random
- * Bit Generators.
- *
- * The Mbed TLS implementation of CTR_DRBG uses AES-256 (default) or AES-128
- * (if \c MBEDTLS_CTR_DRBG_USE_128_BIT_KEY is enabled at compile time)
- * as the underlying block cipher, with a derivation function.
- *
- * The security strength as defined in NIST SP 800-90A is
- * 128 bits when AES-128 is used (\c MBEDTLS_CTR_DRBG_USE_128_BIT_KEY enabled)
- * and 256 bits otherwise, provided that #MBEDTLS_CTR_DRBG_ENTROPY_LEN is
- * kept at its default value (and not overridden in mbedtls_config.h) and that the
- * DRBG instance is set up with default parameters.
- * See the documentation of mbedtls_ctr_drbg_seed() for more
- * information.
- */
-/*
- * Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-#ifndef MBEDTLS_CTR_DRBG_H
-#define MBEDTLS_CTR_DRBG_H
-#include "mbedtls/private_access.h"
-
-#include "mbedtls/build_info.h"
-
-#include "mbedtls/aes.h"
-
-#if defined(MBEDTLS_THREADING_C)
-#include "mbedtls/threading.h"
-#endif
-
-/** The entropy source failed. */
-#define MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED -0x0034
-/** The requested random buffer length is too big. */
-#define MBEDTLS_ERR_CTR_DRBG_REQUEST_TOO_BIG -0x0036
-/** The input (entropy + additional data) is too large. */
-#define MBEDTLS_ERR_CTR_DRBG_INPUT_TOO_BIG -0x0038
-/** Read or write error in file. */
-#define MBEDTLS_ERR_CTR_DRBG_FILE_IO_ERROR -0x003A
-
-#define MBEDTLS_CTR_DRBG_BLOCKSIZE 16 /**< The block size used by the cipher. */
-
-#if defined(MBEDTLS_CTR_DRBG_USE_128_BIT_KEY)
-#define MBEDTLS_CTR_DRBG_KEYSIZE 16
-/**< The key size in bytes used by the cipher.
- *
- * Compile-time choice: 16 bytes (128 bits)
- * because #MBEDTLS_CTR_DRBG_USE_128_BIT_KEY is enabled.
- */
-#else
-#define MBEDTLS_CTR_DRBG_KEYSIZE 32
-/**< The key size in bytes used by the cipher.
- *
- * Compile-time choice: 32 bytes (256 bits)
- * because \c MBEDTLS_CTR_DRBG_USE_128_BIT_KEY is disabled.
- */
-#endif
-
-#define MBEDTLS_CTR_DRBG_KEYBITS ( MBEDTLS_CTR_DRBG_KEYSIZE * 8 ) /**< The key size for the DRBG operation, in bits. */
-#define MBEDTLS_CTR_DRBG_SEEDLEN ( MBEDTLS_CTR_DRBG_KEYSIZE + MBEDTLS_CTR_DRBG_BLOCKSIZE ) /**< The seed length, calculated as (counter + AES key). */
-
-/**
- * \name SECTION: Module settings
- *
- * The configuration options you can set for this module are in this section.
- * Either change them in mbedtls_config.h or define them using the compiler command
- * line.
- * \{
- */
-
-/** \def MBEDTLS_CTR_DRBG_ENTROPY_LEN
- *
- * \brief The amount of entropy used per seed by default, in bytes.
- */
-#if !defined(MBEDTLS_CTR_DRBG_ENTROPY_LEN)
-#if defined(MBEDTLS_SHA512_C) && !defined(MBEDTLS_ENTROPY_FORCE_SHA256)
-/** This is 48 bytes because the entropy module uses SHA-512
- * (\c MBEDTLS_ENTROPY_FORCE_SHA256 is disabled).
- */
-#define MBEDTLS_CTR_DRBG_ENTROPY_LEN 48
-
-#else /* defined(MBEDTLS_SHA512_C) && !defined(MBEDTLS_ENTROPY_FORCE_SHA256) */
-
-/** This is 32 bytes because the entropy module uses SHA-256
- * (the SHA512 module is disabled or
- * \c MBEDTLS_ENTROPY_FORCE_SHA256 is enabled).
- */
-#if !defined(MBEDTLS_CTR_DRBG_USE_128_BIT_KEY)
-/** \warning To achieve a 256-bit security strength, you must pass a nonce
- * to mbedtls_ctr_drbg_seed().
- */
-#endif /* !defined(MBEDTLS_CTR_DRBG_USE_128_BIT_KEY) */
-#define MBEDTLS_CTR_DRBG_ENTROPY_LEN 32
-#endif /* defined(MBEDTLS_SHA512_C) && !defined(MBEDTLS_ENTROPY_FORCE_SHA256) */
-#endif /* !defined(MBEDTLS_CTR_DRBG_ENTROPY_LEN) */
-
-#if !defined(MBEDTLS_CTR_DRBG_RESEED_INTERVAL)
-#define MBEDTLS_CTR_DRBG_RESEED_INTERVAL 10000
-/**< The interval before reseed is performed by default. */
-#endif
-
-#if !defined(MBEDTLS_CTR_DRBG_MAX_INPUT)
-#define MBEDTLS_CTR_DRBG_MAX_INPUT 256
-/**< The maximum number of additional input Bytes. */
-#endif
-
-#if !defined(MBEDTLS_CTR_DRBG_MAX_REQUEST)
-#define MBEDTLS_CTR_DRBG_MAX_REQUEST 1024
-/**< The maximum number of requested Bytes per call. */
-#endif
-
-#if !defined(MBEDTLS_CTR_DRBG_MAX_SEED_INPUT)
-#define MBEDTLS_CTR_DRBG_MAX_SEED_INPUT 384
-/**< The maximum size of seed or reseed buffer in bytes. */
-#endif
-
-/* \} name SECTION: Module settings */
-
-#define MBEDTLS_CTR_DRBG_PR_OFF 0
-/**< Prediction resistance is disabled. */
-#define MBEDTLS_CTR_DRBG_PR_ON 1
-/**< Prediction resistance is enabled. */
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-#if MBEDTLS_CTR_DRBG_ENTROPY_LEN >= MBEDTLS_CTR_DRBG_KEYSIZE * 3 / 2
-/** The default length of the nonce read from the entropy source.
- *
- * This is \c 0 because a single read from the entropy source is sufficient
- * to include a nonce.
- * See the documentation of mbedtls_ctr_drbg_seed() for more information.
- */
-#define MBEDTLS_CTR_DRBG_ENTROPY_NONCE_LEN 0
-#else
-/** The default length of the nonce read from the entropy source.
- *
- * This is half of the default entropy length because a single read from
- * the entropy source does not provide enough material to form a nonce.
- * See the documentation of mbedtls_ctr_drbg_seed() for more information.
- */
-#define MBEDTLS_CTR_DRBG_ENTROPY_NONCE_LEN ( MBEDTLS_CTR_DRBG_ENTROPY_LEN + 1 ) / 2
-#endif
-
-/**
- * \brief The CTR_DRBG context structure.
- */
-typedef struct mbedtls_ctr_drbg_context
-{
- unsigned char MBEDTLS_PRIVATE(counter)[16]; /*!< The counter (V). */
- int MBEDTLS_PRIVATE(reseed_counter); /*!< The reseed counter.
- * This is the number of requests that have
- * been made since the last (re)seeding,
- * minus one.
- * Before the initial seeding, this field
- * contains the amount of entropy in bytes
- * to use as a nonce for the initial seeding,
- * or -1 if no nonce length has been explicitly
- * set (see mbedtls_ctr_drbg_set_nonce_len()).
- */
- int MBEDTLS_PRIVATE(prediction_resistance); /*!< This determines whether prediction
- resistance is enabled, that is
- whether to systematically reseed before
- each random generation. */
- size_t MBEDTLS_PRIVATE(entropy_len); /*!< The amount of entropy grabbed on each
- seed or reseed operation, in bytes. */
- int MBEDTLS_PRIVATE(reseed_interval); /*!< The reseed interval.
- * This is the maximum number of requests
- * that can be made between reseedings. */
-
- mbedtls_aes_context MBEDTLS_PRIVATE(aes_ctx); /*!< The AES context. */
-
- /*
- * Callbacks (Entropy)
- */
- int (*MBEDTLS_PRIVATE(f_entropy))(void *, unsigned char *, size_t);
- /*!< The entropy callback function. */
-
- void *MBEDTLS_PRIVATE(p_entropy); /*!< The context for the entropy function. */
-
-#if defined(MBEDTLS_THREADING_C)
- /* Invariant: the mutex is initialized if and only if f_entropy != NULL.
- * This means that the mutex is initialized during the initial seeding
- * in mbedtls_ctr_drbg_seed() and freed in mbedtls_ctr_drbg_free().
- *
- * Note that this invariant may change without notice. Do not rely on it
- * and do not access the mutex directly in application code.
- */
- mbedtls_threading_mutex_t MBEDTLS_PRIVATE(mutex);
-#endif
-}
-mbedtls_ctr_drbg_context;
-
-/**
- * \brief This function initializes the CTR_DRBG context,
- * and prepares it for mbedtls_ctr_drbg_seed()
- * or mbedtls_ctr_drbg_free().
- *
- * \note The reseed interval is
- * #MBEDTLS_CTR_DRBG_RESEED_INTERVAL by default.
- * You can override it by calling
- * mbedtls_ctr_drbg_set_reseed_interval().
- *
- * \param ctx The CTR_DRBG context to initialize.
- */
-void mbedtls_ctr_drbg_init( mbedtls_ctr_drbg_context *ctx );
-
-/**
- * \brief This function seeds and sets up the CTR_DRBG
- * entropy source for future reseeds.
- *
- * A typical choice for the \p f_entropy and \p p_entropy parameters is
- * to use the entropy module:
- * - \p f_entropy is mbedtls_entropy_func();
- * - \p p_entropy is an instance of ::mbedtls_entropy_context initialized
- * with mbedtls_entropy_init() (which registers the platform's default
- * entropy sources).
- *
- * The entropy length is #MBEDTLS_CTR_DRBG_ENTROPY_LEN by default.
- * You can override it by calling mbedtls_ctr_drbg_set_entropy_len().
- *
- * The entropy nonce length is:
- * - \c 0 if the entropy length is at least 3/2 times the entropy length,
- * which guarantees that the security strength is the maximum permitted
- * by the key size and entropy length according to NIST SP 800-90A §10.2.1;
- * - Half the entropy length otherwise.
- * You can override it by calling mbedtls_ctr_drbg_set_nonce_len().
- * With the default entropy length, the entropy nonce length is
- * #MBEDTLS_CTR_DRBG_ENTROPY_NONCE_LEN.
- *
- * You can provide a nonce and personalization string in addition to the
- * entropy source, to make this instantiation as unique as possible.
- * See SP 800-90A §8.6.7 for more details about nonces.
- *
- * The _seed_material_ value passed to the derivation function in
- * the CTR_DRBG Instantiate Process described in NIST SP 800-90A §10.2.1.3.2
- * is the concatenation of the following strings:
- * - A string obtained by calling \p f_entropy function for the entropy
- * length.
- */
-#if MBEDTLS_CTR_DRBG_ENTROPY_NONCE_LEN == 0
-/**
- * - If mbedtls_ctr_drbg_set_nonce_len() has been called, a string
- * obtained by calling \p f_entropy function for the specified length.
- */
-#else
-/**
- * - A string obtained by calling \p f_entropy function for the entropy nonce
- * length. If the entropy nonce length is \c 0, this function does not
- * make a second call to \p f_entropy.
- */
-#endif
-#if defined(MBEDTLS_THREADING_C)
-/**
- * \note When Mbed TLS is built with threading support,
- * after this function returns successfully,
- * it is safe to call mbedtls_ctr_drbg_random()
- * from multiple threads. Other operations, including
- * reseeding, are not thread-safe.
- */
-#endif /* MBEDTLS_THREADING_C */
-/**
- * - The \p custom string.
- *
- * \note To achieve the nominal security strength permitted
- * by CTR_DRBG, the entropy length must be:
- * - at least 16 bytes for a 128-bit strength
- * (maximum achievable strength when using AES-128);
- * - at least 32 bytes for a 256-bit strength
- * (maximum achievable strength when using AES-256).
- *
- * In addition, if you do not pass a nonce in \p custom,
- * the sum of the entropy length
- * and the entropy nonce length must be:
- * - at least 24 bytes for a 128-bit strength
- * (maximum achievable strength when using AES-128);
- * - at least 48 bytes for a 256-bit strength
- * (maximum achievable strength when using AES-256).
- *
- * \param ctx The CTR_DRBG context to seed.
- * It must have been initialized with
- * mbedtls_ctr_drbg_init().
- * After a successful call to mbedtls_ctr_drbg_seed(),
- * you may not call mbedtls_ctr_drbg_seed() again on
- * the same context unless you call
- * mbedtls_ctr_drbg_free() and mbedtls_ctr_drbg_init()
- * again first.
- * After a failed call to mbedtls_ctr_drbg_seed(),
- * you must call mbedtls_ctr_drbg_free().
- * \param f_entropy The entropy callback, taking as arguments the
- * \p p_entropy context, the buffer to fill, and the
- * length of the buffer.
- * \p f_entropy is always called with a buffer size
- * less than or equal to the entropy length.
- * \param p_entropy The entropy context to pass to \p f_entropy.
- * \param custom The personalization string.
- * This can be \c NULL, in which case the personalization
- * string is empty regardless of the value of \p len.
- * \param len The length of the personalization string.
- * This must be at most
- * #MBEDTLS_CTR_DRBG_MAX_SEED_INPUT
- * - #MBEDTLS_CTR_DRBG_ENTROPY_LEN.
- *
- * \return \c 0 on success.
- * \return #MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED on failure.
- */
-int mbedtls_ctr_drbg_seed( mbedtls_ctr_drbg_context *ctx,
- int (*f_entropy)(void *, unsigned char *, size_t),
- void *p_entropy,
- const unsigned char *custom,
- size_t len );
-
-/**
- * \brief This function resets CTR_DRBG context to the state immediately
- * after initial call of mbedtls_ctr_drbg_init().
- *
- * \param ctx The CTR_DRBG context to clear.
- */
-void mbedtls_ctr_drbg_free( mbedtls_ctr_drbg_context *ctx );
-
-/**
- * \brief This function turns prediction resistance on or off.
- * The default value is off.
- *
- * \note If enabled, entropy is gathered at the beginning of
- * every call to mbedtls_ctr_drbg_random_with_add()
- * or mbedtls_ctr_drbg_random().
- * Only use this if your entropy source has sufficient
- * throughput.
- *
- * \param ctx The CTR_DRBG context.
- * \param resistance #MBEDTLS_CTR_DRBG_PR_ON or #MBEDTLS_CTR_DRBG_PR_OFF.
- */
-void mbedtls_ctr_drbg_set_prediction_resistance( mbedtls_ctr_drbg_context *ctx,
- int resistance );
-
-/**
- * \brief This function sets the amount of entropy grabbed on each
- * seed or reseed.
- *
- * The default value is #MBEDTLS_CTR_DRBG_ENTROPY_LEN.
- *
- * \note The security strength of CTR_DRBG is bounded by the
- * entropy length. Thus:
- * - When using AES-256
- * (\c MBEDTLS_CTR_DRBG_USE_128_BIT_KEY is disabled,
- * which is the default),
- * \p len must be at least 32 (in bytes)
- * to achieve a 256-bit strength.
- * - When using AES-128
- * (\c MBEDTLS_CTR_DRBG_USE_128_BIT_KEY is enabled)
- * \p len must be at least 16 (in bytes)
- * to achieve a 128-bit strength.
- *
- * \param ctx The CTR_DRBG context.
- * \param len The amount of entropy to grab, in bytes.
- * This must be at most #MBEDTLS_CTR_DRBG_MAX_SEED_INPUT
- * and at most the maximum length accepted by the
- * entropy function that is set in the context.
- */
-void mbedtls_ctr_drbg_set_entropy_len( mbedtls_ctr_drbg_context *ctx,
- size_t len );
-
-/**
- * \brief This function sets the amount of entropy grabbed
- * as a nonce for the initial seeding.
- *
- * Call this function before calling mbedtls_ctr_drbg_seed() to read
- * a nonce from the entropy source during the initial seeding.
- *
- * \param ctx The CTR_DRBG context.
- * \param len The amount of entropy to grab for the nonce, in bytes.
- * This must be at most #MBEDTLS_CTR_DRBG_MAX_SEED_INPUT
- * and at most the maximum length accepted by the
- * entropy function that is set in the context.
- *
- * \return \c 0 on success.
- * \return #MBEDTLS_ERR_CTR_DRBG_INPUT_TOO_BIG if \p len is
- * more than #MBEDTLS_CTR_DRBG_MAX_SEED_INPUT.
- * \return #MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED
- * if the initial seeding has already taken place.
- */
-int mbedtls_ctr_drbg_set_nonce_len( mbedtls_ctr_drbg_context *ctx,
- size_t len );
-
-/**
- * \brief This function sets the reseed interval.
- *
- * The reseed interval is the number of calls to mbedtls_ctr_drbg_random()
- * or mbedtls_ctr_drbg_random_with_add() after which the entropy function
- * is called again.
- *
- * The default value is #MBEDTLS_CTR_DRBG_RESEED_INTERVAL.
- *
- * \param ctx The CTR_DRBG context.
- * \param interval The reseed interval.
- */
-void mbedtls_ctr_drbg_set_reseed_interval( mbedtls_ctr_drbg_context *ctx,
- int interval );
-
-/**
- * \brief This function reseeds the CTR_DRBG context, that is
- * extracts data from the entropy source.
- *
- * \note This function is not thread-safe. It is not safe
- * to call this function if another thread might be
- * concurrently obtaining random numbers from the same
- * context or updating or reseeding the same context.
- *
- * \param ctx The CTR_DRBG context.
- * \param additional Additional data to add to the state. Can be \c NULL.
- * \param len The length of the additional data.
- * This must be less than
- * #MBEDTLS_CTR_DRBG_MAX_SEED_INPUT - \c entropy_len
- * where \c entropy_len is the entropy length
- * configured for the context.
- *
- * \return \c 0 on success.
- * \return #MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED on failure.
- */
-int mbedtls_ctr_drbg_reseed( mbedtls_ctr_drbg_context *ctx,
- const unsigned char *additional, size_t len );
-
-/**
- * \brief This function updates the state of the CTR_DRBG context.
- *
- * \note This function is not thread-safe. It is not safe
- * to call this function if another thread might be
- * concurrently obtaining random numbers from the same
- * context or updating or reseeding the same context.
- *
- * \param ctx The CTR_DRBG context.
- * \param additional The data to update the state with. This must not be
- * \c NULL unless \p add_len is \c 0.
- * \param add_len Length of \p additional in bytes. This must be at
- * most #MBEDTLS_CTR_DRBG_MAX_SEED_INPUT.
- *
- * \return \c 0 on success.
- * \return #MBEDTLS_ERR_CTR_DRBG_INPUT_TOO_BIG if
- * \p add_len is more than
- * #MBEDTLS_CTR_DRBG_MAX_SEED_INPUT.
- * \return An error from the underlying AES cipher on failure.
- */
-int mbedtls_ctr_drbg_update( mbedtls_ctr_drbg_context *ctx,
- const unsigned char *additional,
- size_t add_len );
-
-/**
- * \brief This function updates a CTR_DRBG instance with additional
- * data and uses it to generate random data.
- *
- * This function automatically reseeds if the reseed counter is exceeded
- * or prediction resistance is enabled.
- *
- * \note This function is not thread-safe. It is not safe
- * to call this function if another thread might be
- * concurrently obtaining random numbers from the same
- * context or updating or reseeding the same context.
- *
- * \param p_rng The CTR_DRBG context. This must be a pointer to a
- * #mbedtls_ctr_drbg_context structure.
- * \param output The buffer to fill.
- * \param output_len The length of the buffer in bytes.
- * \param additional Additional data to update. Can be \c NULL, in which
- * case the additional data is empty regardless of
- * the value of \p add_len.
- * \param add_len The length of the additional data
- * if \p additional is not \c NULL.
- * This must be less than #MBEDTLS_CTR_DRBG_MAX_INPUT
- * and less than
- * #MBEDTLS_CTR_DRBG_MAX_SEED_INPUT - \c entropy_len
- * where \c entropy_len is the entropy length
- * configured for the context.
- *
- * \return \c 0 on success.
- * \return #MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED or
- * #MBEDTLS_ERR_CTR_DRBG_REQUEST_TOO_BIG on failure.
- */
-int mbedtls_ctr_drbg_random_with_add( void *p_rng,
- unsigned char *output, size_t output_len,
- const unsigned char *additional, size_t add_len );
-
-/**
- * \brief This function uses CTR_DRBG to generate random data.
- *
- * This function automatically reseeds if the reseed counter is exceeded
- * or prediction resistance is enabled.
- */
-#if defined(MBEDTLS_THREADING_C)
-/**
- * \note When Mbed TLS is built with threading support,
- * it is safe to call mbedtls_ctr_drbg_random()
- * from multiple threads. Other operations, including
- * reseeding, are not thread-safe.
- */
-#endif /* MBEDTLS_THREADING_C */
-/**
- * \param p_rng The CTR_DRBG context. This must be a pointer to a
- * #mbedtls_ctr_drbg_context structure.
- * \param output The buffer to fill.
- * \param output_len The length of the buffer in bytes.
- *
- * \return \c 0 on success.
- * \return #MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED or
- * #MBEDTLS_ERR_CTR_DRBG_REQUEST_TOO_BIG on failure.
- */
-int mbedtls_ctr_drbg_random( void *p_rng,
- unsigned char *output, size_t output_len );
-
-#if defined(MBEDTLS_FS_IO)
-/**
- * \brief This function writes a seed file.
- *
- * \param ctx The CTR_DRBG context.
- * \param path The name of the file.
- *
- * \return \c 0 on success.
- * \return #MBEDTLS_ERR_CTR_DRBG_FILE_IO_ERROR on file error.
- * \return #MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED on reseed
- * failure.
- */
-int mbedtls_ctr_drbg_write_seed_file( mbedtls_ctr_drbg_context *ctx, const char *path );
-
-/**
- * \brief This function reads and updates a seed file. The seed
- * is added to this instance.
- *
- * \param ctx The CTR_DRBG context.
- * \param path The name of the file.
- *
- * \return \c 0 on success.
- * \return #MBEDTLS_ERR_CTR_DRBG_FILE_IO_ERROR on file error.
- * \return #MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED on
- * reseed failure.
- * \return #MBEDTLS_ERR_CTR_DRBG_INPUT_TOO_BIG if the existing
- * seed file is too large.
- */
-int mbedtls_ctr_drbg_update_seed_file( mbedtls_ctr_drbg_context *ctx, const char *path );
-#endif /* MBEDTLS_FS_IO */
-
-#if defined(MBEDTLS_SELF_TEST)
-
-/**
- * \brief The CTR_DRBG checkup routine.
- *
- * \return \c 0 on success.
- * \return \c 1 on failure.
- */
-int mbedtls_ctr_drbg_self_test( int verbose );
-
-#endif /* MBEDTLS_SELF_TEST */
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* ctr_drbg.h */
diff --git a/mbedtls/debug.h b/mbedtls/debug.h
deleted file mode 100644
index 0aed596..0000000
--- a/mbedtls/debug.h
+++ /dev/null
@@ -1,311 +0,0 @@
-/**
- * \file debug.h
- *
- * \brief Functions for controlling and providing debug output from the library.
- */
-/*
- * Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-#ifndef MBEDTLS_DEBUG_H
-#define MBEDTLS_DEBUG_H
-
-#include "mbedtls/build_info.h"
-
-#include "mbedtls/ssl.h"
-
-#if defined(MBEDTLS_ECP_C)
-#include "mbedtls/ecp.h"
-#endif
-
-#if defined(MBEDTLS_DEBUG_C)
-
-#define MBEDTLS_DEBUG_STRIP_PARENS( ... ) __VA_ARGS__
-
-#define MBEDTLS_SSL_DEBUG_MSG( level, args ) \
- mbedtls_debug_print_msg( ssl, level, __FILE__, __LINE__, \
- MBEDTLS_DEBUG_STRIP_PARENS args )
-
-#define MBEDTLS_SSL_DEBUG_RET( level, text, ret ) \
- mbedtls_debug_print_ret( ssl, level, __FILE__, __LINE__, text, ret )
-
-#define MBEDTLS_SSL_DEBUG_BUF( level, text, buf, len ) \
- mbedtls_debug_print_buf( ssl, level, __FILE__, __LINE__, text, buf, len )
-
-#if defined(MBEDTLS_BIGNUM_C)
-#define MBEDTLS_SSL_DEBUG_MPI( level, text, X ) \
- mbedtls_debug_print_mpi( ssl, level, __FILE__, __LINE__, text, X )
-#endif
-
-#if defined(MBEDTLS_ECP_C)
-#define MBEDTLS_SSL_DEBUG_ECP( level, text, X ) \
- mbedtls_debug_print_ecp( ssl, level, __FILE__, __LINE__, text, X )
-#endif
-
-#if defined(MBEDTLS_X509_CRT_PARSE_C)
-#if !defined(MBEDTLS_X509_REMOVE_INFO)
-#define MBEDTLS_SSL_DEBUG_CRT( level, text, crt ) \
- mbedtls_debug_print_crt( ssl, level, __FILE__, __LINE__, text, crt )
-#else
-#define MBEDTLS_SSL_DEBUG_CRT( level, text, crt ) do { } while( 0 )
-#endif /* MBEDTLS_X509_REMOVE_INFO */
-#endif /* MBEDTLS_X509_CRT_PARSE_C */
-
-#if defined(MBEDTLS_ECDH_C)
-#define MBEDTLS_SSL_DEBUG_ECDH( level, ecdh, attr ) \
- mbedtls_debug_printf_ecdh( ssl, level, __FILE__, __LINE__, ecdh, attr )
-#endif
-
-#else /* MBEDTLS_DEBUG_C */
-
-#define MBEDTLS_SSL_DEBUG_MSG( level, args ) do { } while( 0 )
-#define MBEDTLS_SSL_DEBUG_RET( level, text, ret ) do { } while( 0 )
-#define MBEDTLS_SSL_DEBUG_BUF( level, text, buf, len ) do { } while( 0 )
-#define MBEDTLS_SSL_DEBUG_MPI( level, text, X ) do { } while( 0 )
-#define MBEDTLS_SSL_DEBUG_ECP( level, text, X ) do { } while( 0 )
-#define MBEDTLS_SSL_DEBUG_CRT( level, text, crt ) do { } while( 0 )
-#define MBEDTLS_SSL_DEBUG_ECDH( level, ecdh, attr ) do { } while( 0 )
-
-#endif /* MBEDTLS_DEBUG_C */
-
-/**
- * \def MBEDTLS_PRINTF_ATTRIBUTE
- *
- * Mark a function as having printf attributes, and thus enable checking
- * via -wFormat and other flags. This does nothing on builds with compilers
- * that do not support the format attribute
- *
- * Module: library/debug.c
- * Caller:
- *
- * This module provides debugging functions.
- */
-#if defined(__has_attribute)
-#if __has_attribute(format)
-#if defined(__MINGW32__) && __USE_MINGW_ANSI_STDIO == 1
-#define MBEDTLS_PRINTF_ATTRIBUTE(string_index, first_to_check) \
- __attribute__((__format__ (gnu_printf, string_index, first_to_check)))
-#else /* defined(__MINGW32__) && __USE_MINGW_ANSI_STDIO == 1 */
-#define MBEDTLS_PRINTF_ATTRIBUTE(string_index, first_to_check) \
- __attribute__((format(printf, string_index, first_to_check)))
-#endif
-#else /* __has_attribute(format) */
-#define MBEDTLS_PRINTF_ATTRIBUTE(string_index, first_to_check)
-#endif /* __has_attribute(format) */
-#else /* defined(__has_attribute) */
-#define MBEDTLS_PRINTF_ATTRIBUTE(string_index, first_to_check)
-#endif
-
-/**
- * \def MBEDTLS_PRINTF_SIZET
- *
- * MBEDTLS_PRINTF_xxx: Due to issues with older window compilers
- * and MinGW we need to define the printf specifier for size_t
- * and long long per platform.
- *
- * Module: library/debug.c
- * Caller:
- *
- * This module provides debugging functions.
- */
-#if (defined(__MINGW32__) && __USE_MINGW_ANSI_STDIO == 0) || (defined(_MSC_VER) && _MSC_VER < 1800)
- #include
- #define MBEDTLS_PRINTF_SIZET PRIuPTR
- #define MBEDTLS_PRINTF_LONGLONG "I64d"
-#else /* (defined(__MINGW32__) && __USE_MINGW_ANSI_STDIO == 0) || (defined(_MSC_VER) && _MSC_VER < 1800) */
- #define MBEDTLS_PRINTF_SIZET "zu"
- #define MBEDTLS_PRINTF_LONGLONG "lld"
-#endif /* (defined(__MINGW32__) && __USE_MINGW_ANSI_STDIO == 0) || (defined(_MSC_VER) && _MSC_VER < 1800) */
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/**
- * \brief Set the threshold error level to handle globally all debug output.
- * Debug messages that have a level over the threshold value are
- * discarded.
- * (Default value: 0 = No debug )
- *
- * \param threshold theshold level of messages to filter on. Messages at a
- * higher level will be discarded.
- * - Debug levels
- * - 0 No debug
- * - 1 Error
- * - 2 State change
- * - 3 Informational
- * - 4 Verbose
- */
-void mbedtls_debug_set_threshold( int threshold );
-
-/**
- * \brief Print a message to the debug output. This function is always used
- * through the MBEDTLS_SSL_DEBUG_MSG() macro, which supplies the ssl
- * context, file and line number parameters.
- *
- * \param ssl SSL context
- * \param level error level of the debug message
- * \param file file the message has occurred in
- * \param line line number the message has occurred at
- * \param format format specifier, in printf format
- * \param ... variables used by the format specifier
- *
- * \attention This function is intended for INTERNAL usage within the
- * library only.
- */
-void mbedtls_debug_print_msg( const mbedtls_ssl_context *ssl, int level,
- const char *file, int line,
- const char *format, ... ) MBEDTLS_PRINTF_ATTRIBUTE(5, 6);
-
-/**
- * \brief Print the return value of a function to the debug output. This
- * function is always used through the MBEDTLS_SSL_DEBUG_RET() macro,
- * which supplies the ssl context, file and line number parameters.
- *
- * \param ssl SSL context
- * \param level error level of the debug message
- * \param file file the error has occurred in
- * \param line line number the error has occurred in
- * \param text the name of the function that returned the error
- * \param ret the return code value
- *
- * \attention This function is intended for INTERNAL usage within the
- * library only.
- */
-void mbedtls_debug_print_ret( const mbedtls_ssl_context *ssl, int level,
- const char *file, int line,
- const char *text, int ret );
-
-/**
- * \brief Output a buffer of size len bytes to the debug output. This function
- * is always used through the MBEDTLS_SSL_DEBUG_BUF() macro,
- * which supplies the ssl context, file and line number parameters.
- *
- * \param ssl SSL context
- * \param level error level of the debug message
- * \param file file the error has occurred in
- * \param line line number the error has occurred in
- * \param text a name or label for the buffer being dumped. Normally the
- * variable or buffer name
- * \param buf the buffer to be outputted
- * \param len length of the buffer
- *
- * \attention This function is intended for INTERNAL usage within the
- * library only.
- */
-void mbedtls_debug_print_buf( const mbedtls_ssl_context *ssl, int level,
- const char *file, int line, const char *text,
- const unsigned char *buf, size_t len );
-
-#if defined(MBEDTLS_BIGNUM_C)
-/**
- * \brief Print a MPI variable to the debug output. This function is always
- * used through the MBEDTLS_SSL_DEBUG_MPI() macro, which supplies the
- * ssl context, file and line number parameters.
- *
- * \param ssl SSL context
- * \param level error level of the debug message
- * \param file file the error has occurred in
- * \param line line number the error has occurred in
- * \param text a name or label for the MPI being output. Normally the
- * variable name
- * \param X the MPI variable
- *
- * \attention This function is intended for INTERNAL usage within the
- * library only.
- */
-void mbedtls_debug_print_mpi( const mbedtls_ssl_context *ssl, int level,
- const char *file, int line,
- const char *text, const mbedtls_mpi *X );
-#endif
-
-#if defined(MBEDTLS_ECP_C)
-/**
- * \brief Print an ECP point to the debug output. This function is always
- * used through the MBEDTLS_SSL_DEBUG_ECP() macro, which supplies the
- * ssl context, file and line number parameters.
- *
- * \param ssl SSL context
- * \param level error level of the debug message
- * \param file file the error has occurred in
- * \param line line number the error has occurred in
- * \param text a name or label for the ECP point being output. Normally the
- * variable name
- * \param X the ECP point
- *
- * \attention This function is intended for INTERNAL usage within the
- * library only.
- */
-void mbedtls_debug_print_ecp( const mbedtls_ssl_context *ssl, int level,
- const char *file, int line,
- const char *text, const mbedtls_ecp_point *X );
-#endif
-
-#if defined(MBEDTLS_X509_CRT_PARSE_C) && !defined(MBEDTLS_X509_REMOVE_INFO)
-/**
- * \brief Print a X.509 certificate structure to the debug output. This
- * function is always used through the MBEDTLS_SSL_DEBUG_CRT() macro,
- * which supplies the ssl context, file and line number parameters.
- *
- * \param ssl SSL context
- * \param level error level of the debug message
- * \param file file the error has occurred in
- * \param line line number the error has occurred in
- * \param text a name or label for the certificate being output
- * \param crt X.509 certificate structure
- *
- * \attention This function is intended for INTERNAL usage within the
- * library only.
- */
-void mbedtls_debug_print_crt( const mbedtls_ssl_context *ssl, int level,
- const char *file, int line,
- const char *text, const mbedtls_x509_crt *crt );
-#endif
-
-#if defined(MBEDTLS_ECDH_C)
-typedef enum
-{
- MBEDTLS_DEBUG_ECDH_Q,
- MBEDTLS_DEBUG_ECDH_QP,
- MBEDTLS_DEBUG_ECDH_Z,
-} mbedtls_debug_ecdh_attr;
-
-/**
- * \brief Print a field of the ECDH structure in the SSL context to the debug
- * output. This function is always used through the
- * MBEDTLS_SSL_DEBUG_ECDH() macro, which supplies the ssl context, file
- * and line number parameters.
- *
- * \param ssl SSL context
- * \param level error level of the debug message
- * \param file file the error has occurred in
- * \param line line number the error has occurred in
- * \param ecdh the ECDH context
- * \param attr the identifier of the attribute being output
- *
- * \attention This function is intended for INTERNAL usage within the
- * library only.
- */
-void mbedtls_debug_printf_ecdh( const mbedtls_ssl_context *ssl, int level,
- const char *file, int line,
- const mbedtls_ecdh_context *ecdh,
- mbedtls_debug_ecdh_attr attr );
-#endif
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* debug.h */
diff --git a/mbedtls/des.h b/mbedtls/des.h
deleted file mode 100644
index be74cb1..0000000
--- a/mbedtls/des.h
+++ /dev/null
@@ -1,363 +0,0 @@
-/**
- * \file des.h
- *
- * \brief DES block cipher
- *
- * \warning DES is considered a weak cipher and its use constitutes a
- * security risk. We recommend considering stronger ciphers
- * instead.
- */
-/*
- * Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- *
- */
-#ifndef MBEDTLS_DES_H
-#define MBEDTLS_DES_H
-#include "mbedtls/private_access.h"
-
-#include "mbedtls/build_info.h"
-#include "mbedtls/platform_util.h"
-
-#include
-#include
-
-#define MBEDTLS_DES_ENCRYPT 1
-#define MBEDTLS_DES_DECRYPT 0
-
-/** The data input has an invalid length. */
-#define MBEDTLS_ERR_DES_INVALID_INPUT_LENGTH -0x0032
-
-#define MBEDTLS_DES_KEY_SIZE 8
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-#if !defined(MBEDTLS_DES_ALT)
-// Regular implementation
-//
-
-/**
- * \brief DES context structure
- *
- * \warning DES is considered a weak cipher and its use constitutes a
- * security risk. We recommend considering stronger ciphers
- * instead.
- */
-typedef struct mbedtls_des_context
-{
- uint32_t MBEDTLS_PRIVATE(sk)[32]; /*!< DES subkeys */
-}
-mbedtls_des_context;
-
-/**
- * \brief Triple-DES context structure
- */
-typedef struct mbedtls_des3_context
-{
- uint32_t MBEDTLS_PRIVATE(sk)[96]; /*!< 3DES subkeys */
-}
-mbedtls_des3_context;
-
-#else /* MBEDTLS_DES_ALT */
-#include "des_alt.h"
-#endif /* MBEDTLS_DES_ALT */
-
-/**
- * \brief Initialize DES context
- *
- * \param ctx DES context to be initialized
- *
- * \warning DES is considered a weak cipher and its use constitutes a
- * security risk. We recommend considering stronger ciphers
- * instead.
- */
-void mbedtls_des_init( mbedtls_des_context *ctx );
-
-/**
- * \brief Clear DES context
- *
- * \param ctx DES context to be cleared
- *
- * \warning DES is considered a weak cipher and its use constitutes a
- * security risk. We recommend considering stronger ciphers
- * instead.
- */
-void mbedtls_des_free( mbedtls_des_context *ctx );
-
-/**
- * \brief Initialize Triple-DES context
- *
- * \param ctx DES3 context to be initialized
- */
-void mbedtls_des3_init( mbedtls_des3_context *ctx );
-
-/**
- * \brief Clear Triple-DES context
- *
- * \param ctx DES3 context to be cleared
- */
-void mbedtls_des3_free( mbedtls_des3_context *ctx );
-
-/**
- * \brief Set key parity on the given key to odd.
- *
- * DES keys are 56 bits long, but each byte is padded with
- * a parity bit to allow verification.
- *
- * \param key 8-byte secret key
- *
- * \warning DES is considered a weak cipher and its use constitutes a
- * security risk. We recommend considering stronger ciphers
- * instead.
- */
-void mbedtls_des_key_set_parity( unsigned char key[MBEDTLS_DES_KEY_SIZE] );
-
-/**
- * \brief Check that key parity on the given key is odd.
- *
- * DES keys are 56 bits long, but each byte is padded with
- * a parity bit to allow verification.
- *
- * \param key 8-byte secret key
- *
- * \return 0 is parity was ok, 1 if parity was not correct.
- *
- * \warning DES is considered a weak cipher and its use constitutes a
- * security risk. We recommend considering stronger ciphers
- * instead.
- */
-MBEDTLS_CHECK_RETURN_TYPICAL
-int mbedtls_des_key_check_key_parity( const unsigned char key[MBEDTLS_DES_KEY_SIZE] );
-
-/**
- * \brief Check that key is not a weak or semi-weak DES key
- *
- * \param key 8-byte secret key
- *
- * \return 0 if no weak key was found, 1 if a weak key was identified.
- *
- * \warning DES is considered a weak cipher and its use constitutes a
- * security risk. We recommend considering stronger ciphers
- * instead.
- */
-MBEDTLS_CHECK_RETURN_TYPICAL
-int mbedtls_des_key_check_weak( const unsigned char key[MBEDTLS_DES_KEY_SIZE] );
-
-/**
- * \brief DES key schedule (56-bit, encryption)
- *
- * \param ctx DES context to be initialized
- * \param key 8-byte secret key
- *
- * \return 0
- *
- * \warning DES is considered a weak cipher and its use constitutes a
- * security risk. We recommend considering stronger ciphers
- * instead.
- */
-MBEDTLS_CHECK_RETURN_TYPICAL
-int mbedtls_des_setkey_enc( mbedtls_des_context *ctx, const unsigned char key[MBEDTLS_DES_KEY_SIZE] );
-
-/**
- * \brief DES key schedule (56-bit, decryption)
- *
- * \param ctx DES context to be initialized
- * \param key 8-byte secret key
- *
- * \return 0
- *
- * \warning DES is considered a weak cipher and its use constitutes a
- * security risk. We recommend considering stronger ciphers
- * instead.
- */
-MBEDTLS_CHECK_RETURN_TYPICAL
-int mbedtls_des_setkey_dec( mbedtls_des_context *ctx, const unsigned char key[MBEDTLS_DES_KEY_SIZE] );
-
-/**
- * \brief Triple-DES key schedule (112-bit, encryption)
- *
- * \param ctx 3DES context to be initialized
- * \param key 16-byte secret key
- *
- * \return 0
- */
-MBEDTLS_CHECK_RETURN_TYPICAL
-int mbedtls_des3_set2key_enc( mbedtls_des3_context *ctx,
- const unsigned char key[MBEDTLS_DES_KEY_SIZE * 2] );
-
-/**
- * \brief Triple-DES key schedule (112-bit, decryption)
- *
- * \param ctx 3DES context to be initialized
- * \param key 16-byte secret key
- *
- * \return 0
- */
-MBEDTLS_CHECK_RETURN_TYPICAL
-int mbedtls_des3_set2key_dec( mbedtls_des3_context *ctx,
- const unsigned char key[MBEDTLS_DES_KEY_SIZE * 2] );
-
-/**
- * \brief Triple-DES key schedule (168-bit, encryption)
- *
- * \param ctx 3DES context to be initialized
- * \param key 24-byte secret key
- *
- * \return 0
- */
-MBEDTLS_CHECK_RETURN_TYPICAL
-int mbedtls_des3_set3key_enc( mbedtls_des3_context *ctx,
- const unsigned char key[MBEDTLS_DES_KEY_SIZE * 3] );
-
-/**
- * \brief Triple-DES key schedule (168-bit, decryption)
- *
- * \param ctx 3DES context to be initialized
- * \param key 24-byte secret key
- *
- * \return 0
- */
-MBEDTLS_CHECK_RETURN_TYPICAL
-int mbedtls_des3_set3key_dec( mbedtls_des3_context *ctx,
- const unsigned char key[MBEDTLS_DES_KEY_SIZE * 3] );
-
-/**
- * \brief DES-ECB block encryption/decryption
- *
- * \param ctx DES context
- * \param input 64-bit input block
- * \param output 64-bit output block
- *
- * \return 0 if successful
- *
- * \warning DES is considered a weak cipher and its use constitutes a
- * security risk. We recommend considering stronger ciphers
- * instead.
- */
-MBEDTLS_CHECK_RETURN_TYPICAL
-int mbedtls_des_crypt_ecb( mbedtls_des_context *ctx,
- const unsigned char input[8],
- unsigned char output[8] );
-
-#if defined(MBEDTLS_CIPHER_MODE_CBC)
-/**
- * \brief DES-CBC buffer encryption/decryption
- *
- * \note Upon exit, the content of the IV is updated so that you can
- * call the function same function again on the following
- * block(s) of data and get the same result as if it was
- * encrypted in one call. This allows a "streaming" usage.
- * If on the other hand you need to retain the contents of the
- * IV, you should either save it manually or use the cipher
- * module instead.
- *
- * \param ctx DES context
- * \param mode MBEDTLS_DES_ENCRYPT or MBEDTLS_DES_DECRYPT
- * \param length length of the input data
- * \param iv initialization vector (updated after use)
- * \param input buffer holding the input data
- * \param output buffer holding the output data
- *
- * \warning DES is considered a weak cipher and its use constitutes a
- * security risk. We recommend considering stronger ciphers
- * instead.
- */
-MBEDTLS_CHECK_RETURN_TYPICAL
-int mbedtls_des_crypt_cbc( mbedtls_des_context *ctx,
- int mode,
- size_t length,
- unsigned char iv[8],
- const unsigned char *input,
- unsigned char *output );
-#endif /* MBEDTLS_CIPHER_MODE_CBC */
-
-/**
- * \brief 3DES-ECB block encryption/decryption
- *
- * \param ctx 3DES context
- * \param input 64-bit input block
- * \param output 64-bit output block
- *
- * \return 0 if successful
- */
-MBEDTLS_CHECK_RETURN_TYPICAL
-int mbedtls_des3_crypt_ecb( mbedtls_des3_context *ctx,
- const unsigned char input[8],
- unsigned char output[8] );
-
-#if defined(MBEDTLS_CIPHER_MODE_CBC)
-/**
- * \brief 3DES-CBC buffer encryption/decryption
- *
- * \note Upon exit, the content of the IV is updated so that you can
- * call the function same function again on the following
- * block(s) of data and get the same result as if it was
- * encrypted in one call. This allows a "streaming" usage.
- * If on the other hand you need to retain the contents of the
- * IV, you should either save it manually or use the cipher
- * module instead.
- *
- * \param ctx 3DES context
- * \param mode MBEDTLS_DES_ENCRYPT or MBEDTLS_DES_DECRYPT
- * \param length length of the input data
- * \param iv initialization vector (updated after use)
- * \param input buffer holding the input data
- * \param output buffer holding the output data
- *
- * \return 0 if successful, or MBEDTLS_ERR_DES_INVALID_INPUT_LENGTH
- */
-MBEDTLS_CHECK_RETURN_TYPICAL
-int mbedtls_des3_crypt_cbc( mbedtls_des3_context *ctx,
- int mode,
- size_t length,
- unsigned char iv[8],
- const unsigned char *input,
- unsigned char *output );
-#endif /* MBEDTLS_CIPHER_MODE_CBC */
-
-/**
- * \brief Internal function for key expansion.
- * (Only exposed to allow overriding it,
- * see MBEDTLS_DES_SETKEY_ALT)
- *
- * \param SK Round keys
- * \param key Base key
- *
- * \warning DES is considered a weak cipher and its use constitutes a
- * security risk. We recommend considering stronger ciphers
- * instead.
- */
-void mbedtls_des_setkey( uint32_t SK[32],
- const unsigned char key[MBEDTLS_DES_KEY_SIZE] );
-
-#if defined(MBEDTLS_SELF_TEST)
-
-/**
- * \brief Checkup routine
- *
- * \return 0 if successful, or 1 if the test failed
- */
-MBEDTLS_CHECK_RETURN_CRITICAL
-int mbedtls_des_self_test( int verbose );
-
-#endif /* MBEDTLS_SELF_TEST */
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* des.h */
diff --git a/mbedtls/dhm.h b/mbedtls/dhm.h
deleted file mode 100644
index 32a957d..0000000
--- a/mbedtls/dhm.h
+++ /dev/null
@@ -1,986 +0,0 @@
-/**
- * \file dhm.h
- *
- * \brief This file contains Diffie-Hellman-Merkle (DHM) key exchange
- * definitions and functions.
- *
- * Diffie-Hellman-Merkle (DHM) key exchange is defined in
- * RFC-2631: Diffie-Hellman Key Agreement Method and
- * Public-Key Cryptography Standards (PKCS) #3: Diffie
- * Hellman Key Agreement Standard.
- *
- * RFC-3526: More Modular Exponential (MODP) Diffie-Hellman groups for
- * Internet Key Exchange (IKE) defines a number of standardized
- * Diffie-Hellman groups for IKE.
- *
- * RFC-5114: Additional Diffie-Hellman Groups for Use with IETF
- * Standards defines a number of standardized Diffie-Hellman
- * groups that can be used.
- *
- * \warning The security of the DHM key exchange relies on the proper choice
- * of prime modulus - optimally, it should be a safe prime. The usage
- * of non-safe primes both decreases the difficulty of the underlying
- * discrete logarithm problem and can lead to small subgroup attacks
- * leaking private exponent bits when invalid public keys are used
- * and not detected. This is especially relevant if the same DHM
- * parameters are reused for multiple key exchanges as in static DHM,
- * while the criticality of small-subgroup attacks is lower for
- * ephemeral DHM.
- *
- * \warning For performance reasons, the code does neither perform primality
- * nor safe primality tests, nor the expensive checks for invalid
- * subgroups. Moreover, even if these were performed, non-standardized
- * primes cannot be trusted because of the possibility of backdoors
- * that can't be effectively checked for.
- *
- * \warning Diffie-Hellman-Merkle is therefore a security risk when not using
- * standardized primes generated using a trustworthy ("nothing up
- * my sleeve") method, such as the RFC 3526 / 7919 primes. In the TLS
- * protocol, DH parameters need to be negotiated, so using the default
- * primes systematically is not always an option. If possible, use
- * Elliptic Curve Diffie-Hellman (ECDH), which has better performance,
- * and for which the TLS protocol mandates the use of standard
- * parameters.
- *
- */
-/*
- * Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-#ifndef MBEDTLS_DHM_H
-#define MBEDTLS_DHM_H
-#include "mbedtls/private_access.h"
-
-#include "mbedtls/build_info.h"
-#include "mbedtls/bignum.h"
-
-/*
- * DHM Error codes
- */
-/** Bad input parameters. */
-#define MBEDTLS_ERR_DHM_BAD_INPUT_DATA -0x3080
-/** Reading of the DHM parameters failed. */
-#define MBEDTLS_ERR_DHM_READ_PARAMS_FAILED -0x3100
-/** Making of the DHM parameters failed. */
-#define MBEDTLS_ERR_DHM_MAKE_PARAMS_FAILED -0x3180
-/** Reading of the public values failed. */
-#define MBEDTLS_ERR_DHM_READ_PUBLIC_FAILED -0x3200
-/** Making of the public value failed. */
-#define MBEDTLS_ERR_DHM_MAKE_PUBLIC_FAILED -0x3280
-/** Calculation of the DHM secret failed. */
-#define MBEDTLS_ERR_DHM_CALC_SECRET_FAILED -0x3300
-/** The ASN.1 data is not formatted correctly. */
-#define MBEDTLS_ERR_DHM_INVALID_FORMAT -0x3380
-/** Allocation of memory failed. */
-#define MBEDTLS_ERR_DHM_ALLOC_FAILED -0x3400
-/** Read or write of file failed. */
-#define MBEDTLS_ERR_DHM_FILE_IO_ERROR -0x3480
-/** Setting the modulus and generator failed. */
-#define MBEDTLS_ERR_DHM_SET_GROUP_FAILED -0x3580
-
-/** Which parameter to access in mbedtls_dhm_get_value(). */
-typedef enum
-{
- MBEDTLS_DHM_PARAM_P, /*!< The prime modulus. */
- MBEDTLS_DHM_PARAM_G, /*!< The generator. */
- MBEDTLS_DHM_PARAM_X, /*!< Our secret value. */
- MBEDTLS_DHM_PARAM_GX, /*!< Our public key = \c G^X mod \c P. */
- MBEDTLS_DHM_PARAM_GY, /*!< The public key of the peer = \c G^Y mod \c P. */
- MBEDTLS_DHM_PARAM_K, /*!< The shared secret = \c G^(XY) mod \c P. */
-} mbedtls_dhm_parameter;
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-#if !defined(MBEDTLS_DHM_ALT)
-
-/**
- * \brief The DHM context structure.
- */
-typedef struct mbedtls_dhm_context
-{
- mbedtls_mpi MBEDTLS_PRIVATE(P); /*!< The prime modulus. */
- mbedtls_mpi MBEDTLS_PRIVATE(G); /*!< The generator. */
- mbedtls_mpi MBEDTLS_PRIVATE(X); /*!< Our secret value. */
- mbedtls_mpi MBEDTLS_PRIVATE(GX); /*!< Our public key = \c G^X mod \c P. */
- mbedtls_mpi MBEDTLS_PRIVATE(GY); /*!< The public key of the peer = \c G^Y mod \c P. */
- mbedtls_mpi MBEDTLS_PRIVATE(K); /*!< The shared secret = \c G^(XY) mod \c P. */
- mbedtls_mpi MBEDTLS_PRIVATE(RP); /*!< The cached value = \c R^2 mod \c P. */
- mbedtls_mpi MBEDTLS_PRIVATE(Vi); /*!< The blinding value. */
- mbedtls_mpi MBEDTLS_PRIVATE(Vf); /*!< The unblinding value. */
- mbedtls_mpi MBEDTLS_PRIVATE(pX); /*!< The previous \c X. */
-}
-mbedtls_dhm_context;
-
-#else /* MBEDTLS_DHM_ALT */
-#include "dhm_alt.h"
-#endif /* MBEDTLS_DHM_ALT */
-
-/**
- * \brief This function initializes the DHM context.
- *
- * \param ctx The DHM context to initialize.
- */
-void mbedtls_dhm_init( mbedtls_dhm_context *ctx );
-
-/**
- * \brief This function parses the DHM parameters in a
- * TLS ServerKeyExchange handshake message
- * (DHM modulus, generator, and public key).
- *
- * \note In a TLS handshake, this is the how the client
- * sets up its DHM context from the server's public
- * DHM key material.
- *
- * \param ctx The DHM context to use. This must be initialized.
- * \param p On input, *p must be the start of the input buffer.
- * On output, *p is updated to point to the end of the data
- * that has been read. On success, this is the first byte
- * past the end of the ServerKeyExchange parameters.
- * On error, this is the point at which an error has been
- * detected, which is usually not useful except to debug
- * failures.
- * \param end The end of the input buffer.
- *
- * \return \c 0 on success.
- * \return An \c MBEDTLS_ERR_DHM_XXX error code on failure.
- */
-int mbedtls_dhm_read_params( mbedtls_dhm_context *ctx,
- unsigned char **p,
- const unsigned char *end );
-
-/**
- * \brief This function generates a DHM key pair and exports its
- * public part together with the DHM parameters in the format
- * used in a TLS ServerKeyExchange handshake message.
- *
- * \note This function assumes that the DHM parameters \c ctx->P
- * and \c ctx->G have already been properly set. For that, use
- * mbedtls_dhm_set_group() below in conjunction with
- * mbedtls_mpi_read_binary() and mbedtls_mpi_read_string().
- *
- * \note In a TLS handshake, this is the how the server generates
- * and exports its DHM key material.
- *
- * \param ctx The DHM context to use. This must be initialized
- * and have the DHM parameters set. It may or may not
- * already have imported the peer's public key.
- * \param x_size The private key size in Bytes.
- * \param olen The address at which to store the number of Bytes
- * written on success. This must not be \c NULL.
- * \param output The destination buffer. This must be a writable buffer of
- * sufficient size to hold the reduced binary presentation of
- * the modulus, the generator and the public key, each wrapped
- * with a 2-byte length field. It is the responsibility of the
- * caller to ensure that enough space is available. Refer to
- * mbedtls_mpi_size() to computing the byte-size of an MPI.
- * \param f_rng The RNG function. Must not be \c NULL.
- * \param p_rng The RNG context to be passed to \p f_rng. This may be
- * \c NULL if \p f_rng doesn't need a context parameter.
- *
- * \return \c 0 on success.
- * \return An \c MBEDTLS_ERR_DHM_XXX error code on failure.
- */
-int mbedtls_dhm_make_params( mbedtls_dhm_context *ctx, int x_size,
- unsigned char *output, size_t *olen,
- int (*f_rng)(void *, unsigned char *, size_t),
- void *p_rng );
-
-/**
- * \brief This function sets the prime modulus and generator.
- *
- * \note This function can be used to set \c ctx->P, \c ctx->G
- * in preparation for mbedtls_dhm_make_params().
- *
- * \param ctx The DHM context to configure. This must be initialized.
- * \param P The MPI holding the DHM prime modulus. This must be
- * an initialized MPI.
- * \param G The MPI holding the DHM generator. This must be an
- * initialized MPI.
- *
- * \return \c 0 if successful.
- * \return An \c MBEDTLS_ERR_DHM_XXX error code on failure.
- */
-int mbedtls_dhm_set_group( mbedtls_dhm_context *ctx,
- const mbedtls_mpi *P,
- const mbedtls_mpi *G );
-
-/**
- * \brief This function imports the raw public value of the peer.
- *
- * \note In a TLS handshake, this is the how the server imports
- * the Client's public DHM key.
- *
- * \param ctx The DHM context to use. This must be initialized and have
- * its DHM parameters set, e.g. via mbedtls_dhm_set_group().
- * It may or may not already have generated its own private key.
- * \param input The input buffer containing the \c G^Y value of the peer.
- * This must be a readable buffer of size \p ilen Bytes.
- * \param ilen The size of the input buffer \p input in Bytes.
- *
- * \return \c 0 on success.
- * \return An \c MBEDTLS_ERR_DHM_XXX error code on failure.
- */
-int mbedtls_dhm_read_public( mbedtls_dhm_context *ctx,
- const unsigned char *input, size_t ilen );
-
-/**
- * \brief This function creates a DHM key pair and exports
- * the raw public key in big-endian format.
- *
- * \note The destination buffer is always fully written
- * so as to contain a big-endian representation of G^X mod P.
- * If it is larger than \c ctx->len, it is padded accordingly
- * with zero-bytes at the beginning.
- *
- * \param ctx The DHM context to use. This must be initialized and
- * have the DHM parameters set. It may or may not already
- * have imported the peer's public key.
- * \param x_size The private key size in Bytes.
- * \param output The destination buffer. This must be a writable buffer of
- * size \p olen Bytes.
- * \param olen The length of the destination buffer. This must be at least
- * equal to `ctx->len` (the size of \c P).
- * \param f_rng The RNG function. This must not be \c NULL.
- * \param p_rng The RNG context to be passed to \p f_rng. This may be \c NULL
- * if \p f_rng doesn't need a context argument.
- *
- * \return \c 0 on success.
- * \return An \c MBEDTLS_ERR_DHM_XXX error code on failure.
- */
-int mbedtls_dhm_make_public( mbedtls_dhm_context *ctx, int x_size,
- unsigned char *output, size_t olen,
- int (*f_rng)(void *, unsigned char *, size_t),
- void *p_rng );
-
-/**
- * \brief This function derives and exports the shared secret
- * \c (G^Y)^X mod \c P.
- *
- * \note If \p f_rng is not \c NULL, it is used to blind the input as
- * a countermeasure against timing attacks. Blinding is used
- * only if our private key \c X is re-used, and not used
- * otherwise. We recommend always passing a non-NULL
- * \p f_rng argument.
- *
- * \param ctx The DHM context to use. This must be initialized
- * and have its own private key generated and the peer's
- * public key imported.
- * \param output The buffer to write the generated shared key to. This
- * must be a writable buffer of size \p output_size Bytes.
- * \param output_size The size of the destination buffer. This must be at
- * least the size of \c ctx->len (the size of \c P).
- * \param olen On exit, holds the actual number of Bytes written.
- * \param f_rng The RNG function. Must not be \c NULL. Used for
- * blinding.
- * \param p_rng The RNG context to be passed to \p f_rng. This may be
- * \c NULL if \p f_rng doesn't need a context parameter.
- *
- * \return \c 0 on success.
- * \return An \c MBEDTLS_ERR_DHM_XXX error code on failure.
- */
-int mbedtls_dhm_calc_secret( mbedtls_dhm_context *ctx,
- unsigned char *output, size_t output_size, size_t *olen,
- int (*f_rng)(void *, unsigned char *, size_t),
- void *p_rng );
-
-/**
- * \brief This function returns the size of the prime modulus in bits.
- *
- * \param ctx The DHM context to query.
- *
- * \return The size of the prime modulus in bits,
- * i.e. the number n such that 2^(n-1) <= P < 2^n.
- */
-size_t mbedtls_dhm_get_bitlen( const mbedtls_dhm_context *ctx );
-
-/**
- * \brief This function returns the size of the prime modulus in bytes.
- *
- * \param ctx The DHM context to query.
- *
- * \return The size of the prime modulus in bytes,
- * i.e. the number n such that 2^(8*(n-1)) <= P < 2^(8*n).
- */
-size_t mbedtls_dhm_get_len( const mbedtls_dhm_context *ctx );
-
-/**
- * \brief This function copies a parameter of a DHM key.
- *
- * \param ctx The DHM context to query.
- * \param param The parameter to copy.
- * \param dest The MPI object to copy the value into. It must be
- * initialized.
- *
- * \return \c 0 on success.
- * \return #MBEDTLS_ERR_DHM_BAD_INPUT_DATA if \p field is invalid.
- * \return An \c MBEDTLS_ERR_MPI_XXX error code if the copy fails.
- */
-int mbedtls_dhm_get_value( const mbedtls_dhm_context *ctx,
- mbedtls_dhm_parameter param,
- mbedtls_mpi *dest );
-
-/**
- * \brief This function frees and clears the components
- * of a DHM context.
- *
- * \param ctx The DHM context to free and clear. This may be \c NULL,
- * in which case this function is a no-op. If it is not \c NULL,
- * it must point to an initialized DHM context.
- */
-void mbedtls_dhm_free( mbedtls_dhm_context *ctx );
-
-#if defined(MBEDTLS_ASN1_PARSE_C)
-/**
- * \brief This function parses DHM parameters in PEM or DER format.
- *
- * \param dhm The DHM context to import the DHM parameters into.
- * This must be initialized.
- * \param dhmin The input buffer. This must be a readable buffer of
- * length \p dhminlen Bytes.
- * \param dhminlen The size of the input buffer \p dhmin, including the
- * terminating \c NULL Byte for PEM data.
- *
- * \return \c 0 on success.
- * \return An \c MBEDTLS_ERR_DHM_XXX or \c MBEDTLS_ERR_PEM_XXX error
- * code on failure.
- */
-int mbedtls_dhm_parse_dhm( mbedtls_dhm_context *dhm, const unsigned char *dhmin,
- size_t dhminlen );
-
-#if defined(MBEDTLS_FS_IO)
-/**
- * \brief This function loads and parses DHM parameters from a file.
- *
- * \param dhm The DHM context to load the parameters to.
- * This must be initialized.
- * \param path The filename to read the DHM parameters from.
- * This must not be \c NULL.
- *
- * \return \c 0 on success.
- * \return An \c MBEDTLS_ERR_DHM_XXX or \c MBEDTLS_ERR_PEM_XXX
- * error code on failure.
- */
-int mbedtls_dhm_parse_dhmfile( mbedtls_dhm_context *dhm, const char *path );
-#endif /* MBEDTLS_FS_IO */
-#endif /* MBEDTLS_ASN1_PARSE_C */
-
-#if defined(MBEDTLS_SELF_TEST)
-
-/**
- * \brief The DMH checkup routine.
- *
- * \return \c 0 on success.
- * \return \c 1 on failure.
- */
-int mbedtls_dhm_self_test( int verbose );
-
-#endif /* MBEDTLS_SELF_TEST */
-#ifdef __cplusplus
-}
-#endif
-
-/**
- * RFC 3526, RFC 5114 and RFC 7919 standardize a number of
- * Diffie-Hellman groups, some of which are included here
- * for use within the SSL/TLS module and the user's convenience
- * when configuring the Diffie-Hellman parameters by hand
- * through \c mbedtls_ssl_conf_dh_param.
- *
- * The following lists the source of the above groups in the standards:
- * - RFC 5114 section 2.2: 2048-bit MODP Group with 224-bit Prime Order Subgroup
- * - RFC 3526 section 3: 2048-bit MODP Group
- * - RFC 3526 section 4: 3072-bit MODP Group
- * - RFC 3526 section 5: 4096-bit MODP Group
- * - RFC 7919 section A.1: ffdhe2048
- * - RFC 7919 section A.2: ffdhe3072
- * - RFC 7919 section A.3: ffdhe4096
- * - RFC 7919 section A.4: ffdhe6144
- * - RFC 7919 section A.5: ffdhe8192
- *
- * The constants with suffix "_p" denote the chosen prime moduli, while
- * the constants with suffix "_g" denote the chosen generator
- * of the associated prime field.
- *
- * The constants further suffixed with "_bin" are provided in binary format,
- * while all other constants represent null-terminated strings holding the
- * hexadecimal presentation of the respective numbers.
- *
- * The primes from RFC 3526 and RFC 7919 have been generating by the following
- * trust-worthy procedure:
- * - Fix N in { 2048, 3072, 4096, 6144, 8192 } and consider the N-bit number
- * the first and last 64 bits are all 1, and the remaining N - 128 bits of
- * which are 0x7ff...ff.
- * - Add the smallest multiple of the first N - 129 bits of the binary expansion
- * of pi (for RFC 5236) or e (for RFC 7919) to this intermediate bit-string
- * such that the resulting integer is a safe-prime.
- * - The result is the respective RFC 3526 / 7919 prime, and the corresponding
- * generator is always chosen to be 2 (which is a square for these prime,
- * hence the corresponding subgroup has order (p-1)/2 and avoids leaking a
- * bit in the private exponent).
- *
- */
-
-/*
- * Trustworthy DHM parameters in binary form
- */
-
-#define MBEDTLS_DHM_RFC3526_MODP_2048_P_BIN { \
- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \
- 0xC9, 0x0F, 0xDA, 0xA2, 0x21, 0x68, 0xC2, 0x34, \
- 0xC4, 0xC6, 0x62, 0x8B, 0x80, 0xDC, 0x1C, 0xD1, \
- 0x29, 0x02, 0x4E, 0x08, 0x8A, 0x67, 0xCC, 0x74, \
- 0x02, 0x0B, 0xBE, 0xA6, 0x3B, 0x13, 0x9B, 0x22, \
- 0x51, 0x4A, 0x08, 0x79, 0x8E, 0x34, 0x04, 0xDD, \
- 0xEF, 0x95, 0x19, 0xB3, 0xCD, 0x3A, 0x43, 0x1B, \
- 0x30, 0x2B, 0x0A, 0x6D, 0xF2, 0x5F, 0x14, 0x37, \
- 0x4F, 0xE1, 0x35, 0x6D, 0x6D, 0x51, 0xC2, 0x45, \
- 0xE4, 0x85, 0xB5, 0x76, 0x62, 0x5E, 0x7E, 0xC6, \
- 0xF4, 0x4C, 0x42, 0xE9, 0xA6, 0x37, 0xED, 0x6B, \
- 0x0B, 0xFF, 0x5C, 0xB6, 0xF4, 0x06, 0xB7, 0xED, \
- 0xEE, 0x38, 0x6B, 0xFB, 0x5A, 0x89, 0x9F, 0xA5, \
- 0xAE, 0x9F, 0x24, 0x11, 0x7C, 0x4B, 0x1F, 0xE6, \
- 0x49, 0x28, 0x66, 0x51, 0xEC, 0xE4, 0x5B, 0x3D, \
- 0xC2, 0x00, 0x7C, 0xB8, 0xA1, 0x63, 0xBF, 0x05, \
- 0x98, 0xDA, 0x48, 0x36, 0x1C, 0x55, 0xD3, 0x9A, \
- 0x69, 0x16, 0x3F, 0xA8, 0xFD, 0x24, 0xCF, 0x5F, \
- 0x83, 0x65, 0x5D, 0x23, 0xDC, 0xA3, 0xAD, 0x96, \
- 0x1C, 0x62, 0xF3, 0x56, 0x20, 0x85, 0x52, 0xBB, \
- 0x9E, 0xD5, 0x29, 0x07, 0x70, 0x96, 0x96, 0x6D, \
- 0x67, 0x0C, 0x35, 0x4E, 0x4A, 0xBC, 0x98, 0x04, \
- 0xF1, 0x74, 0x6C, 0x08, 0xCA, 0x18, 0x21, 0x7C, \
- 0x32, 0x90, 0x5E, 0x46, 0x2E, 0x36, 0xCE, 0x3B, \
- 0xE3, 0x9E, 0x77, 0x2C, 0x18, 0x0E, 0x86, 0x03, \
- 0x9B, 0x27, 0x83, 0xA2, 0xEC, 0x07, 0xA2, 0x8F, \
- 0xB5, 0xC5, 0x5D, 0xF0, 0x6F, 0x4C, 0x52, 0xC9, \
- 0xDE, 0x2B, 0xCB, 0xF6, 0x95, 0x58, 0x17, 0x18, \
- 0x39, 0x95, 0x49, 0x7C, 0xEA, 0x95, 0x6A, 0xE5, \
- 0x15, 0xD2, 0x26, 0x18, 0x98, 0xFA, 0x05, 0x10, \
- 0x15, 0x72, 0x8E, 0x5A, 0x8A, 0xAC, 0xAA, 0x68, \
- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF }
-
-#define MBEDTLS_DHM_RFC3526_MODP_2048_G_BIN { 0x02 }
-
-#define MBEDTLS_DHM_RFC3526_MODP_3072_P_BIN { \
- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \
- 0xC9, 0x0F, 0xDA, 0xA2, 0x21, 0x68, 0xC2, 0x34, \
- 0xC4, 0xC6, 0x62, 0x8B, 0x80, 0xDC, 0x1C, 0xD1, \
- 0x29, 0x02, 0x4E, 0x08, 0x8A, 0x67, 0xCC, 0x74, \
- 0x02, 0x0B, 0xBE, 0xA6, 0x3B, 0x13, 0x9B, 0x22, \
- 0x51, 0x4A, 0x08, 0x79, 0x8E, 0x34, 0x04, 0xDD, \
- 0xEF, 0x95, 0x19, 0xB3, 0xCD, 0x3A, 0x43, 0x1B, \
- 0x30, 0x2B, 0x0A, 0x6D, 0xF2, 0x5F, 0x14, 0x37, \
- 0x4F, 0xE1, 0x35, 0x6D, 0x6D, 0x51, 0xC2, 0x45, \
- 0xE4, 0x85, 0xB5, 0x76, 0x62, 0x5E, 0x7E, 0xC6, \
- 0xF4, 0x4C, 0x42, 0xE9, 0xA6, 0x37, 0xED, 0x6B, \
- 0x0B, 0xFF, 0x5C, 0xB6, 0xF4, 0x06, 0xB7, 0xED, \
- 0xEE, 0x38, 0x6B, 0xFB, 0x5A, 0x89, 0x9F, 0xA5, \
- 0xAE, 0x9F, 0x24, 0x11, 0x7C, 0x4B, 0x1F, 0xE6, \
- 0x49, 0x28, 0x66, 0x51, 0xEC, 0xE4, 0x5B, 0x3D, \
- 0xC2, 0x00, 0x7C, 0xB8, 0xA1, 0x63, 0xBF, 0x05, \
- 0x98, 0xDA, 0x48, 0x36, 0x1C, 0x55, 0xD3, 0x9A, \
- 0x69, 0x16, 0x3F, 0xA8, 0xFD, 0x24, 0xCF, 0x5F, \
- 0x83, 0x65, 0x5D, 0x23, 0xDC, 0xA3, 0xAD, 0x96, \
- 0x1C, 0x62, 0xF3, 0x56, 0x20, 0x85, 0x52, 0xBB, \
- 0x9E, 0xD5, 0x29, 0x07, 0x70, 0x96, 0x96, 0x6D, \
- 0x67, 0x0C, 0x35, 0x4E, 0x4A, 0xBC, 0x98, 0x04, \
- 0xF1, 0x74, 0x6C, 0x08, 0xCA, 0x18, 0x21, 0x7C, \
- 0x32, 0x90, 0x5E, 0x46, 0x2E, 0x36, 0xCE, 0x3B, \
- 0xE3, 0x9E, 0x77, 0x2C, 0x18, 0x0E, 0x86, 0x03, \
- 0x9B, 0x27, 0x83, 0xA2, 0xEC, 0x07, 0xA2, 0x8F, \
- 0xB5, 0xC5, 0x5D, 0xF0, 0x6F, 0x4C, 0x52, 0xC9, \
- 0xDE, 0x2B, 0xCB, 0xF6, 0x95, 0x58, 0x17, 0x18, \
- 0x39, 0x95, 0x49, 0x7C, 0xEA, 0x95, 0x6A, 0xE5, \
- 0x15, 0xD2, 0x26, 0x18, 0x98, 0xFA, 0x05, 0x10, \
- 0x15, 0x72, 0x8E, 0x5A, 0x8A, 0xAA, 0xC4, 0x2D, \
- 0xAD, 0x33, 0x17, 0x0D, 0x04, 0x50, 0x7A, 0x33, \
- 0xA8, 0x55, 0x21, 0xAB, 0xDF, 0x1C, 0xBA, 0x64, \
- 0xEC, 0xFB, 0x85, 0x04, 0x58, 0xDB, 0xEF, 0x0A, \
- 0x8A, 0xEA, 0x71, 0x57, 0x5D, 0x06, 0x0C, 0x7D, \
- 0xB3, 0x97, 0x0F, 0x85, 0xA6, 0xE1, 0xE4, 0xC7, \
- 0xAB, 0xF5, 0xAE, 0x8C, 0xDB, 0x09, 0x33, 0xD7, \
- 0x1E, 0x8C, 0x94, 0xE0, 0x4A, 0x25, 0x61, 0x9D, \
- 0xCE, 0xE3, 0xD2, 0x26, 0x1A, 0xD2, 0xEE, 0x6B, \
- 0xF1, 0x2F, 0xFA, 0x06, 0xD9, 0x8A, 0x08, 0x64, \
- 0xD8, 0x76, 0x02, 0x73, 0x3E, 0xC8, 0x6A, 0x64, \
- 0x52, 0x1F, 0x2B, 0x18, 0x17, 0x7B, 0x20, 0x0C, \
- 0xBB, 0xE1, 0x17, 0x57, 0x7A, 0x61, 0x5D, 0x6C, \
- 0x77, 0x09, 0x88, 0xC0, 0xBA, 0xD9, 0x46, 0xE2, \
- 0x08, 0xE2, 0x4F, 0xA0, 0x74, 0xE5, 0xAB, 0x31, \
- 0x43, 0xDB, 0x5B, 0xFC, 0xE0, 0xFD, 0x10, 0x8E, \
- 0x4B, 0x82, 0xD1, 0x20, 0xA9, 0x3A, 0xD2, 0xCA, \
- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF }
-
-#define MBEDTLS_DHM_RFC3526_MODP_3072_G_BIN { 0x02 }
-
-#define MBEDTLS_DHM_RFC3526_MODP_4096_P_BIN { \
- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \
- 0xC9, 0x0F, 0xDA, 0xA2, 0x21, 0x68, 0xC2, 0x34, \
- 0xC4, 0xC6, 0x62, 0x8B, 0x80, 0xDC, 0x1C, 0xD1, \
- 0x29, 0x02, 0x4E, 0x08, 0x8A, 0x67, 0xCC, 0x74, \
- 0x02, 0x0B, 0xBE, 0xA6, 0x3B, 0x13, 0x9B, 0x22, \
- 0x51, 0x4A, 0x08, 0x79, 0x8E, 0x34, 0x04, 0xDD, \
- 0xEF, 0x95, 0x19, 0xB3, 0xCD, 0x3A, 0x43, 0x1B, \
- 0x30, 0x2B, 0x0A, 0x6D, 0xF2, 0x5F, 0x14, 0x37, \
- 0x4F, 0xE1, 0x35, 0x6D, 0x6D, 0x51, 0xC2, 0x45, \
- 0xE4, 0x85, 0xB5, 0x76, 0x62, 0x5E, 0x7E, 0xC6, \
- 0xF4, 0x4C, 0x42, 0xE9, 0xA6, 0x37, 0xED, 0x6B, \
- 0x0B, 0xFF, 0x5C, 0xB6, 0xF4, 0x06, 0xB7, 0xED, \
- 0xEE, 0x38, 0x6B, 0xFB, 0x5A, 0x89, 0x9F, 0xA5, \
- 0xAE, 0x9F, 0x24, 0x11, 0x7C, 0x4B, 0x1F, 0xE6, \
- 0x49, 0x28, 0x66, 0x51, 0xEC, 0xE4, 0x5B, 0x3D, \
- 0xC2, 0x00, 0x7C, 0xB8, 0xA1, 0x63, 0xBF, 0x05, \
- 0x98, 0xDA, 0x48, 0x36, 0x1C, 0x55, 0xD3, 0x9A, \
- 0x69, 0x16, 0x3F, 0xA8, 0xFD, 0x24, 0xCF, 0x5F, \
- 0x83, 0x65, 0x5D, 0x23, 0xDC, 0xA3, 0xAD, 0x96, \
- 0x1C, 0x62, 0xF3, 0x56, 0x20, 0x85, 0x52, 0xBB, \
- 0x9E, 0xD5, 0x29, 0x07, 0x70, 0x96, 0x96, 0x6D, \
- 0x67, 0x0C, 0x35, 0x4E, 0x4A, 0xBC, 0x98, 0x04, \
- 0xF1, 0x74, 0x6C, 0x08, 0xCA, 0x18, 0x21, 0x7C, \
- 0x32, 0x90, 0x5E, 0x46, 0x2E, 0x36, 0xCE, 0x3B, \
- 0xE3, 0x9E, 0x77, 0x2C, 0x18, 0x0E, 0x86, 0x03, \
- 0x9B, 0x27, 0x83, 0xA2, 0xEC, 0x07, 0xA2, 0x8F, \
- 0xB5, 0xC5, 0x5D, 0xF0, 0x6F, 0x4C, 0x52, 0xC9, \
- 0xDE, 0x2B, 0xCB, 0xF6, 0x95, 0x58, 0x17, 0x18, \
- 0x39, 0x95, 0x49, 0x7C, 0xEA, 0x95, 0x6A, 0xE5, \
- 0x15, 0xD2, 0x26, 0x18, 0x98, 0xFA, 0x05, 0x10, \
- 0x15, 0x72, 0x8E, 0x5A, 0x8A, 0xAA, 0xC4, 0x2D, \
- 0xAD, 0x33, 0x17, 0x0D, 0x04, 0x50, 0x7A, 0x33, \
- 0xA8, 0x55, 0x21, 0xAB, 0xDF, 0x1C, 0xBA, 0x64, \
- 0xEC, 0xFB, 0x85, 0x04, 0x58, 0xDB, 0xEF, 0x0A, \
- 0x8A, 0xEA, 0x71, 0x57, 0x5D, 0x06, 0x0C, 0x7D, \
- 0xB3, 0x97, 0x0F, 0x85, 0xA6, 0xE1, 0xE4, 0xC7, \
- 0xAB, 0xF5, 0xAE, 0x8C, 0xDB, 0x09, 0x33, 0xD7, \
- 0x1E, 0x8C, 0x94, 0xE0, 0x4A, 0x25, 0x61, 0x9D, \
- 0xCE, 0xE3, 0xD2, 0x26, 0x1A, 0xD2, 0xEE, 0x6B, \
- 0xF1, 0x2F, 0xFA, 0x06, 0xD9, 0x8A, 0x08, 0x64, \
- 0xD8, 0x76, 0x02, 0x73, 0x3E, 0xC8, 0x6A, 0x64, \
- 0x52, 0x1F, 0x2B, 0x18, 0x17, 0x7B, 0x20, 0x0C, \
- 0xBB, 0xE1, 0x17, 0x57, 0x7A, 0x61, 0x5D, 0x6C, \
- 0x77, 0x09, 0x88, 0xC0, 0xBA, 0xD9, 0x46, 0xE2, \
- 0x08, 0xE2, 0x4F, 0xA0, 0x74, 0xE5, 0xAB, 0x31, \
- 0x43, 0xDB, 0x5B, 0xFC, 0xE0, 0xFD, 0x10, 0x8E, \
- 0x4B, 0x82, 0xD1, 0x20, 0xA9, 0x21, 0x08, 0x01, \
- 0x1A, 0x72, 0x3C, 0x12, 0xA7, 0x87, 0xE6, 0xD7, \
- 0x88, 0x71, 0x9A, 0x10, 0xBD, 0xBA, 0x5B, 0x26, \
- 0x99, 0xC3, 0x27, 0x18, 0x6A, 0xF4, 0xE2, 0x3C, \
- 0x1A, 0x94, 0x68, 0x34, 0xB6, 0x15, 0x0B, 0xDA, \
- 0x25, 0x83, 0xE9, 0xCA, 0x2A, 0xD4, 0x4C, 0xE8, \
- 0xDB, 0xBB, 0xC2, 0xDB, 0x04, 0xDE, 0x8E, 0xF9, \
- 0x2E, 0x8E, 0xFC, 0x14, 0x1F, 0xBE, 0xCA, 0xA6, \
- 0x28, 0x7C, 0x59, 0x47, 0x4E, 0x6B, 0xC0, 0x5D, \
- 0x99, 0xB2, 0x96, 0x4F, 0xA0, 0x90, 0xC3, 0xA2, \
- 0x23, 0x3B, 0xA1, 0x86, 0x51, 0x5B, 0xE7, 0xED, \
- 0x1F, 0x61, 0x29, 0x70, 0xCE, 0xE2, 0xD7, 0xAF, \
- 0xB8, 0x1B, 0xDD, 0x76, 0x21, 0x70, 0x48, 0x1C, \
- 0xD0, 0x06, 0x91, 0x27, 0xD5, 0xB0, 0x5A, 0xA9, \
- 0x93, 0xB4, 0xEA, 0x98, 0x8D, 0x8F, 0xDD, 0xC1, \
- 0x86, 0xFF, 0xB7, 0xDC, 0x90, 0xA6, 0xC0, 0x8F, \
- 0x4D, 0xF4, 0x35, 0xC9, 0x34, 0x06, 0x31, 0x99, \
- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF }
-
-#define MBEDTLS_DHM_RFC3526_MODP_4096_G_BIN { 0x02 }
-
-#define MBEDTLS_DHM_RFC7919_FFDHE2048_P_BIN { \
- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \
- 0xAD, 0xF8, 0x54, 0x58, 0xA2, 0xBB, 0x4A, 0x9A, \
- 0xAF, 0xDC, 0x56, 0x20, 0x27, 0x3D, 0x3C, 0xF1, \
- 0xD8, 0xB9, 0xC5, 0x83, 0xCE, 0x2D, 0x36, 0x95, \
- 0xA9, 0xE1, 0x36, 0x41, 0x14, 0x64, 0x33, 0xFB, \
- 0xCC, 0x93, 0x9D, 0xCE, 0x24, 0x9B, 0x3E, 0xF9, \
- 0x7D, 0x2F, 0xE3, 0x63, 0x63, 0x0C, 0x75, 0xD8, \
- 0xF6, 0x81, 0xB2, 0x02, 0xAE, 0xC4, 0x61, 0x7A, \
- 0xD3, 0xDF, 0x1E, 0xD5, 0xD5, 0xFD, 0x65, 0x61, \
- 0x24, 0x33, 0xF5, 0x1F, 0x5F, 0x06, 0x6E, 0xD0, \
- 0x85, 0x63, 0x65, 0x55, 0x3D, 0xED, 0x1A, 0xF3, \
- 0xB5, 0x57, 0x13, 0x5E, 0x7F, 0x57, 0xC9, 0x35, \
- 0x98, 0x4F, 0x0C, 0x70, 0xE0, 0xE6, 0x8B, 0x77, \
- 0xE2, 0xA6, 0x89, 0xDA, 0xF3, 0xEF, 0xE8, 0x72, \
- 0x1D, 0xF1, 0x58, 0xA1, 0x36, 0xAD, 0xE7, 0x35, \
- 0x30, 0xAC, 0xCA, 0x4F, 0x48, 0x3A, 0x79, 0x7A, \
- 0xBC, 0x0A, 0xB1, 0x82, 0xB3, 0x24, 0xFB, 0x61, \
- 0xD1, 0x08, 0xA9, 0x4B, 0xB2, 0xC8, 0xE3, 0xFB, \
- 0xB9, 0x6A, 0xDA, 0xB7, 0x60, 0xD7, 0xF4, 0x68, \
- 0x1D, 0x4F, 0x42, 0xA3, 0xDE, 0x39, 0x4D, 0xF4, \
- 0xAE, 0x56, 0xED, 0xE7, 0x63, 0x72, 0xBB, 0x19, \
- 0x0B, 0x07, 0xA7, 0xC8, 0xEE, 0x0A, 0x6D, 0x70, \
- 0x9E, 0x02, 0xFC, 0xE1, 0xCD, 0xF7, 0xE2, 0xEC, \
- 0xC0, 0x34, 0x04, 0xCD, 0x28, 0x34, 0x2F, 0x61, \
- 0x91, 0x72, 0xFE, 0x9C, 0xE9, 0x85, 0x83, 0xFF, \
- 0x8E, 0x4F, 0x12, 0x32, 0xEE, 0xF2, 0x81, 0x83, \
- 0xC3, 0xFE, 0x3B, 0x1B, 0x4C, 0x6F, 0xAD, 0x73, \
- 0x3B, 0xB5, 0xFC, 0xBC, 0x2E, 0xC2, 0x20, 0x05, \
- 0xC5, 0x8E, 0xF1, 0x83, 0x7D, 0x16, 0x83, 0xB2, \
- 0xC6, 0xF3, 0x4A, 0x26, 0xC1, 0xB2, 0xEF, 0xFA, \
- 0x88, 0x6B, 0x42, 0x38, 0x61, 0x28, 0x5C, 0x97, \
- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, }
-
-#define MBEDTLS_DHM_RFC7919_FFDHE2048_G_BIN { 0x02 }
-
-#define MBEDTLS_DHM_RFC7919_FFDHE3072_P_BIN { \
- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \
- 0xAD, 0xF8, 0x54, 0x58, 0xA2, 0xBB, 0x4A, 0x9A, \
- 0xAF, 0xDC, 0x56, 0x20, 0x27, 0x3D, 0x3C, 0xF1, \
- 0xD8, 0xB9, 0xC5, 0x83, 0xCE, 0x2D, 0x36, 0x95, \
- 0xA9, 0xE1, 0x36, 0x41, 0x14, 0x64, 0x33, 0xFB, \
- 0xCC, 0x93, 0x9D, 0xCE, 0x24, 0x9B, 0x3E, 0xF9, \
- 0x7D, 0x2F, 0xE3, 0x63, 0x63, 0x0C, 0x75, 0xD8, \
- 0xF6, 0x81, 0xB2, 0x02, 0xAE, 0xC4, 0x61, 0x7A, \
- 0xD3, 0xDF, 0x1E, 0xD5, 0xD5, 0xFD, 0x65, 0x61, \
- 0x24, 0x33, 0xF5, 0x1F, 0x5F, 0x06, 0x6E, 0xD0, \
- 0x85, 0x63, 0x65, 0x55, 0x3D, 0xED, 0x1A, 0xF3, \
- 0xB5, 0x57, 0x13, 0x5E, 0x7F, 0x57, 0xC9, 0x35, \
- 0x98, 0x4F, 0x0C, 0x70, 0xE0, 0xE6, 0x8B, 0x77, \
- 0xE2, 0xA6, 0x89, 0xDA, 0xF3, 0xEF, 0xE8, 0x72, \
- 0x1D, 0xF1, 0x58, 0xA1, 0x36, 0xAD, 0xE7, 0x35, \
- 0x30, 0xAC, 0xCA, 0x4F, 0x48, 0x3A, 0x79, 0x7A, \
- 0xBC, 0x0A, 0xB1, 0x82, 0xB3, 0x24, 0xFB, 0x61, \
- 0xD1, 0x08, 0xA9, 0x4B, 0xB2, 0xC8, 0xE3, 0xFB, \
- 0xB9, 0x6A, 0xDA, 0xB7, 0x60, 0xD7, 0xF4, 0x68, \
- 0x1D, 0x4F, 0x42, 0xA3, 0xDE, 0x39, 0x4D, 0xF4, \
- 0xAE, 0x56, 0xED, 0xE7, 0x63, 0x72, 0xBB, 0x19, \
- 0x0B, 0x07, 0xA7, 0xC8, 0xEE, 0x0A, 0x6D, 0x70, \
- 0x9E, 0x02, 0xFC, 0xE1, 0xCD, 0xF7, 0xE2, 0xEC, \
- 0xC0, 0x34, 0x04, 0xCD, 0x28, 0x34, 0x2F, 0x61, \
- 0x91, 0x72, 0xFE, 0x9C, 0xE9, 0x85, 0x83, 0xFF, \
- 0x8E, 0x4F, 0x12, 0x32, 0xEE, 0xF2, 0x81, 0x83, \
- 0xC3, 0xFE, 0x3B, 0x1B, 0x4C, 0x6F, 0xAD, 0x73, \
- 0x3B, 0xB5, 0xFC, 0xBC, 0x2E, 0xC2, 0x20, 0x05, \
- 0xC5, 0x8E, 0xF1, 0x83, 0x7D, 0x16, 0x83, 0xB2, \
- 0xC6, 0xF3, 0x4A, 0x26, 0xC1, 0xB2, 0xEF, 0xFA, \
- 0x88, 0x6B, 0x42, 0x38, 0x61, 0x1F, 0xCF, 0xDC, \
- 0xDE, 0x35, 0x5B, 0x3B, 0x65, 0x19, 0x03, 0x5B, \
- 0xBC, 0x34, 0xF4, 0xDE, 0xF9, 0x9C, 0x02, 0x38, \
- 0x61, 0xB4, 0x6F, 0xC9, 0xD6, 0xE6, 0xC9, 0x07, \
- 0x7A, 0xD9, 0x1D, 0x26, 0x91, 0xF7, 0xF7, 0xEE, \
- 0x59, 0x8C, 0xB0, 0xFA, 0xC1, 0x86, 0xD9, 0x1C, \
- 0xAE, 0xFE, 0x13, 0x09, 0x85, 0x13, 0x92, 0x70, \
- 0xB4, 0x13, 0x0C, 0x93, 0xBC, 0x43, 0x79, 0x44, \
- 0xF4, 0xFD, 0x44, 0x52, 0xE2, 0xD7, 0x4D, 0xD3, \
- 0x64, 0xF2, 0xE2, 0x1E, 0x71, 0xF5, 0x4B, 0xFF, \
- 0x5C, 0xAE, 0x82, 0xAB, 0x9C, 0x9D, 0xF6, 0x9E, \
- 0xE8, 0x6D, 0x2B, 0xC5, 0x22, 0x36, 0x3A, 0x0D, \
- 0xAB, 0xC5, 0x21, 0x97, 0x9B, 0x0D, 0xEA, 0xDA, \
- 0x1D, 0xBF, 0x9A, 0x42, 0xD5, 0xC4, 0x48, 0x4E, \
- 0x0A, 0xBC, 0xD0, 0x6B, 0xFA, 0x53, 0xDD, 0xEF, \
- 0x3C, 0x1B, 0x20, 0xEE, 0x3F, 0xD5, 0x9D, 0x7C, \
- 0x25, 0xE4, 0x1D, 0x2B, 0x66, 0xC6, 0x2E, 0x37, \
- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF }
-
-#define MBEDTLS_DHM_RFC7919_FFDHE3072_G_BIN { 0x02 }
-
-#define MBEDTLS_DHM_RFC7919_FFDHE4096_P_BIN { \
- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \
- 0xAD, 0xF8, 0x54, 0x58, 0xA2, 0xBB, 0x4A, 0x9A, \
- 0xAF, 0xDC, 0x56, 0x20, 0x27, 0x3D, 0x3C, 0xF1, \
- 0xD8, 0xB9, 0xC5, 0x83, 0xCE, 0x2D, 0x36, 0x95, \
- 0xA9, 0xE1, 0x36, 0x41, 0x14, 0x64, 0x33, 0xFB, \
- 0xCC, 0x93, 0x9D, 0xCE, 0x24, 0x9B, 0x3E, 0xF9, \
- 0x7D, 0x2F, 0xE3, 0x63, 0x63, 0x0C, 0x75, 0xD8, \
- 0xF6, 0x81, 0xB2, 0x02, 0xAE, 0xC4, 0x61, 0x7A, \
- 0xD3, 0xDF, 0x1E, 0xD5, 0xD5, 0xFD, 0x65, 0x61, \
- 0x24, 0x33, 0xF5, 0x1F, 0x5F, 0x06, 0x6E, 0xD0, \
- 0x85, 0x63, 0x65, 0x55, 0x3D, 0xED, 0x1A, 0xF3, \
- 0xB5, 0x57, 0x13, 0x5E, 0x7F, 0x57, 0xC9, 0x35, \
- 0x98, 0x4F, 0x0C, 0x70, 0xE0, 0xE6, 0x8B, 0x77, \
- 0xE2, 0xA6, 0x89, 0xDA, 0xF3, 0xEF, 0xE8, 0x72, \
- 0x1D, 0xF1, 0x58, 0xA1, 0x36, 0xAD, 0xE7, 0x35, \
- 0x30, 0xAC, 0xCA, 0x4F, 0x48, 0x3A, 0x79, 0x7A, \
- 0xBC, 0x0A, 0xB1, 0x82, 0xB3, 0x24, 0xFB, 0x61, \
- 0xD1, 0x08, 0xA9, 0x4B, 0xB2, 0xC8, 0xE3, 0xFB, \
- 0xB9, 0x6A, 0xDA, 0xB7, 0x60, 0xD7, 0xF4, 0x68, \
- 0x1D, 0x4F, 0x42, 0xA3, 0xDE, 0x39, 0x4D, 0xF4, \
- 0xAE, 0x56, 0xED, 0xE7, 0x63, 0x72, 0xBB, 0x19, \
- 0x0B, 0x07, 0xA7, 0xC8, 0xEE, 0x0A, 0x6D, 0x70, \
- 0x9E, 0x02, 0xFC, 0xE1, 0xCD, 0xF7, 0xE2, 0xEC, \
- 0xC0, 0x34, 0x04, 0xCD, 0x28, 0x34, 0x2F, 0x61, \
- 0x91, 0x72, 0xFE, 0x9C, 0xE9, 0x85, 0x83, 0xFF, \
- 0x8E, 0x4F, 0x12, 0x32, 0xEE, 0xF2, 0x81, 0x83, \
- 0xC3, 0xFE, 0x3B, 0x1B, 0x4C, 0x6F, 0xAD, 0x73, \
- 0x3B, 0xB5, 0xFC, 0xBC, 0x2E, 0xC2, 0x20, 0x05, \
- 0xC5, 0x8E, 0xF1, 0x83, 0x7D, 0x16, 0x83, 0xB2, \
- 0xC6, 0xF3, 0x4A, 0x26, 0xC1, 0xB2, 0xEF, 0xFA, \
- 0x88, 0x6B, 0x42, 0x38, 0x61, 0x1F, 0xCF, 0xDC, \
- 0xDE, 0x35, 0x5B, 0x3B, 0x65, 0x19, 0x03, 0x5B, \
- 0xBC, 0x34, 0xF4, 0xDE, 0xF9, 0x9C, 0x02, 0x38, \
- 0x61, 0xB4, 0x6F, 0xC9, 0xD6, 0xE6, 0xC9, 0x07, \
- 0x7A, 0xD9, 0x1D, 0x26, 0x91, 0xF7, 0xF7, 0xEE, \
- 0x59, 0x8C, 0xB0, 0xFA, 0xC1, 0x86, 0xD9, 0x1C, \
- 0xAE, 0xFE, 0x13, 0x09, 0x85, 0x13, 0x92, 0x70, \
- 0xB4, 0x13, 0x0C, 0x93, 0xBC, 0x43, 0x79, 0x44, \
- 0xF4, 0xFD, 0x44, 0x52, 0xE2, 0xD7, 0x4D, 0xD3, \
- 0x64, 0xF2, 0xE2, 0x1E, 0x71, 0xF5, 0x4B, 0xFF, \
- 0x5C, 0xAE, 0x82, 0xAB, 0x9C, 0x9D, 0xF6, 0x9E, \
- 0xE8, 0x6D, 0x2B, 0xC5, 0x22, 0x36, 0x3A, 0x0D, \
- 0xAB, 0xC5, 0x21, 0x97, 0x9B, 0x0D, 0xEA, 0xDA, \
- 0x1D, 0xBF, 0x9A, 0x42, 0xD5, 0xC4, 0x48, 0x4E, \
- 0x0A, 0xBC, 0xD0, 0x6B, 0xFA, 0x53, 0xDD, 0xEF, \
- 0x3C, 0x1B, 0x20, 0xEE, 0x3F, 0xD5, 0x9D, 0x7C, \
- 0x25, 0xE4, 0x1D, 0x2B, 0x66, 0x9E, 0x1E, 0xF1, \
- 0x6E, 0x6F, 0x52, 0xC3, 0x16, 0x4D, 0xF4, 0xFB, \
- 0x79, 0x30, 0xE9, 0xE4, 0xE5, 0x88, 0x57, 0xB6, \
- 0xAC, 0x7D, 0x5F, 0x42, 0xD6, 0x9F, 0x6D, 0x18, \
- 0x77, 0x63, 0xCF, 0x1D, 0x55, 0x03, 0x40, 0x04, \
- 0x87, 0xF5, 0x5B, 0xA5, 0x7E, 0x31, 0xCC, 0x7A, \
- 0x71, 0x35, 0xC8, 0x86, 0xEF, 0xB4, 0x31, 0x8A, \
- 0xED, 0x6A, 0x1E, 0x01, 0x2D, 0x9E, 0x68, 0x32, \
- 0xA9, 0x07, 0x60, 0x0A, 0x91, 0x81, 0x30, 0xC4, \
- 0x6D, 0xC7, 0x78, 0xF9, 0x71, 0xAD, 0x00, 0x38, \
- 0x09, 0x29, 0x99, 0xA3, 0x33, 0xCB, 0x8B, 0x7A, \
- 0x1A, 0x1D, 0xB9, 0x3D, 0x71, 0x40, 0x00, 0x3C, \
- 0x2A, 0x4E, 0xCE, 0xA9, 0xF9, 0x8D, 0x0A, 0xCC, \
- 0x0A, 0x82, 0x91, 0xCD, 0xCE, 0xC9, 0x7D, 0xCF, \
- 0x8E, 0xC9, 0xB5, 0x5A, 0x7F, 0x88, 0xA4, 0x6B, \
- 0x4D, 0xB5, 0xA8, 0x51, 0xF4, 0x41, 0x82, 0xE1, \
- 0xC6, 0x8A, 0x00, 0x7E, 0x5E, 0x65, 0x5F, 0x6A, \
- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF }
-
-#define MBEDTLS_DHM_RFC7919_FFDHE4096_G_BIN { 0x02 }
-
-#define MBEDTLS_DHM_RFC7919_FFDHE6144_P_BIN { \
- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \
- 0xAD, 0xF8, 0x54, 0x58, 0xA2, 0xBB, 0x4A, 0x9A, \
- 0xAF, 0xDC, 0x56, 0x20, 0x27, 0x3D, 0x3C, 0xF1, \
- 0xD8, 0xB9, 0xC5, 0x83, 0xCE, 0x2D, 0x36, 0x95, \
- 0xA9, 0xE1, 0x36, 0x41, 0x14, 0x64, 0x33, 0xFB, \
- 0xCC, 0x93, 0x9D, 0xCE, 0x24, 0x9B, 0x3E, 0xF9, \
- 0x7D, 0x2F, 0xE3, 0x63, 0x63, 0x0C, 0x75, 0xD8, \
- 0xF6, 0x81, 0xB2, 0x02, 0xAE, 0xC4, 0x61, 0x7A, \
- 0xD3, 0xDF, 0x1E, 0xD5, 0xD5, 0xFD, 0x65, 0x61, \
- 0x24, 0x33, 0xF5, 0x1F, 0x5F, 0x06, 0x6E, 0xD0, \
- 0x85, 0x63, 0x65, 0x55, 0x3D, 0xED, 0x1A, 0xF3, \
- 0xB5, 0x57, 0x13, 0x5E, 0x7F, 0x57, 0xC9, 0x35, \
- 0x98, 0x4F, 0x0C, 0x70, 0xE0, 0xE6, 0x8B, 0x77, \
- 0xE2, 0xA6, 0x89, 0xDA, 0xF3, 0xEF, 0xE8, 0x72, \
- 0x1D, 0xF1, 0x58, 0xA1, 0x36, 0xAD, 0xE7, 0x35, \
- 0x30, 0xAC, 0xCA, 0x4F, 0x48, 0x3A, 0x79, 0x7A, \
- 0xBC, 0x0A, 0xB1, 0x82, 0xB3, 0x24, 0xFB, 0x61, \
- 0xD1, 0x08, 0xA9, 0x4B, 0xB2, 0xC8, 0xE3, 0xFB, \
- 0xB9, 0x6A, 0xDA, 0xB7, 0x60, 0xD7, 0xF4, 0x68, \
- 0x1D, 0x4F, 0x42, 0xA3, 0xDE, 0x39, 0x4D, 0xF4, \
- 0xAE, 0x56, 0xED, 0xE7, 0x63, 0x72, 0xBB, 0x19, \
- 0x0B, 0x07, 0xA7, 0xC8, 0xEE, 0x0A, 0x6D, 0x70, \
- 0x9E, 0x02, 0xFC, 0xE1, 0xCD, 0xF7, 0xE2, 0xEC, \
- 0xC0, 0x34, 0x04, 0xCD, 0x28, 0x34, 0x2F, 0x61, \
- 0x91, 0x72, 0xFE, 0x9C, 0xE9, 0x85, 0x83, 0xFF, \
- 0x8E, 0x4F, 0x12, 0x32, 0xEE, 0xF2, 0x81, 0x83, \
- 0xC3, 0xFE, 0x3B, 0x1B, 0x4C, 0x6F, 0xAD, 0x73, \
- 0x3B, 0xB5, 0xFC, 0xBC, 0x2E, 0xC2, 0x20, 0x05, \
- 0xC5, 0x8E, 0xF1, 0x83, 0x7D, 0x16, 0x83, 0xB2, \
- 0xC6, 0xF3, 0x4A, 0x26, 0xC1, 0xB2, 0xEF, 0xFA, \
- 0x88, 0x6B, 0x42, 0x38, 0x61, 0x1F, 0xCF, 0xDC, \
- 0xDE, 0x35, 0x5B, 0x3B, 0x65, 0x19, 0x03, 0x5B, \
- 0xBC, 0x34, 0xF4, 0xDE, 0xF9, 0x9C, 0x02, 0x38, \
- 0x61, 0xB4, 0x6F, 0xC9, 0xD6, 0xE6, 0xC9, 0x07, \
- 0x7A, 0xD9, 0x1D, 0x26, 0x91, 0xF7, 0xF7, 0xEE, \
- 0x59, 0x8C, 0xB0, 0xFA, 0xC1, 0x86, 0xD9, 0x1C, \
- 0xAE, 0xFE, 0x13, 0x09, 0x85, 0x13, 0x92, 0x70, \
- 0xB4, 0x13, 0x0C, 0x93, 0xBC, 0x43, 0x79, 0x44, \
- 0xF4, 0xFD, 0x44, 0x52, 0xE2, 0xD7, 0x4D, 0xD3, \
- 0x64, 0xF2, 0xE2, 0x1E, 0x71, 0xF5, 0x4B, 0xFF, \
- 0x5C, 0xAE, 0x82, 0xAB, 0x9C, 0x9D, 0xF6, 0x9E, \
- 0xE8, 0x6D, 0x2B, 0xC5, 0x22, 0x36, 0x3A, 0x0D, \
- 0xAB, 0xC5, 0x21, 0x97, 0x9B, 0x0D, 0xEA, 0xDA, \
- 0x1D, 0xBF, 0x9A, 0x42, 0xD5, 0xC4, 0x48, 0x4E, \
- 0x0A, 0xBC, 0xD0, 0x6B, 0xFA, 0x53, 0xDD, 0xEF, \
- 0x3C, 0x1B, 0x20, 0xEE, 0x3F, 0xD5, 0x9D, 0x7C, \
- 0x25, 0xE4, 0x1D, 0x2B, 0x66, 0x9E, 0x1E, 0xF1, \
- 0x6E, 0x6F, 0x52, 0xC3, 0x16, 0x4D, 0xF4, 0xFB, \
- 0x79, 0x30, 0xE9, 0xE4, 0xE5, 0x88, 0x57, 0xB6, \
- 0xAC, 0x7D, 0x5F, 0x42, 0xD6, 0x9F, 0x6D, 0x18, \
- 0x77, 0x63, 0xCF, 0x1D, 0x55, 0x03, 0x40, 0x04, \
- 0x87, 0xF5, 0x5B, 0xA5, 0x7E, 0x31, 0xCC, 0x7A, \
- 0x71, 0x35, 0xC8, 0x86, 0xEF, 0xB4, 0x31, 0x8A, \
- 0xED, 0x6A, 0x1E, 0x01, 0x2D, 0x9E, 0x68, 0x32, \
- 0xA9, 0x07, 0x60, 0x0A, 0x91, 0x81, 0x30, 0xC4, \
- 0x6D, 0xC7, 0x78, 0xF9, 0x71, 0xAD, 0x00, 0x38, \
- 0x09, 0x29, 0x99, 0xA3, 0x33, 0xCB, 0x8B, 0x7A, \
- 0x1A, 0x1D, 0xB9, 0x3D, 0x71, 0x40, 0x00, 0x3C, \
- 0x2A, 0x4E, 0xCE, 0xA9, 0xF9, 0x8D, 0x0A, 0xCC, \
- 0x0A, 0x82, 0x91, 0xCD, 0xCE, 0xC9, 0x7D, 0xCF, \
- 0x8E, 0xC9, 0xB5, 0x5A, 0x7F, 0x88, 0xA4, 0x6B, \
- 0x4D, 0xB5, 0xA8, 0x51, 0xF4, 0x41, 0x82, 0xE1, \
- 0xC6, 0x8A, 0x00, 0x7E, 0x5E, 0x0D, 0xD9, 0x02, \
- 0x0B, 0xFD, 0x64, 0xB6, 0x45, 0x03, 0x6C, 0x7A, \
- 0x4E, 0x67, 0x7D, 0x2C, 0x38, 0x53, 0x2A, 0x3A, \
- 0x23, 0xBA, 0x44, 0x42, 0xCA, 0xF5, 0x3E, 0xA6, \
- 0x3B, 0xB4, 0x54, 0x32, 0x9B, 0x76, 0x24, 0xC8, \
- 0x91, 0x7B, 0xDD, 0x64, 0xB1, 0xC0, 0xFD, 0x4C, \
- 0xB3, 0x8E, 0x8C, 0x33, 0x4C, 0x70, 0x1C, 0x3A, \
- 0xCD, 0xAD, 0x06, 0x57, 0xFC, 0xCF, 0xEC, 0x71, \
- 0x9B, 0x1F, 0x5C, 0x3E, 0x4E, 0x46, 0x04, 0x1F, \
- 0x38, 0x81, 0x47, 0xFB, 0x4C, 0xFD, 0xB4, 0x77, \
- 0xA5, 0x24, 0x71, 0xF7, 0xA9, 0xA9, 0x69, 0x10, \
- 0xB8, 0x55, 0x32, 0x2E, 0xDB, 0x63, 0x40, 0xD8, \
- 0xA0, 0x0E, 0xF0, 0x92, 0x35, 0x05, 0x11, 0xE3, \
- 0x0A, 0xBE, 0xC1, 0xFF, 0xF9, 0xE3, 0xA2, 0x6E, \
- 0x7F, 0xB2, 0x9F, 0x8C, 0x18, 0x30, 0x23, 0xC3, \
- 0x58, 0x7E, 0x38, 0xDA, 0x00, 0x77, 0xD9, 0xB4, \
- 0x76, 0x3E, 0x4E, 0x4B, 0x94, 0xB2, 0xBB, 0xC1, \
- 0x94, 0xC6, 0x65, 0x1E, 0x77, 0xCA, 0xF9, 0x92, \
- 0xEE, 0xAA, 0xC0, 0x23, 0x2A, 0x28, 0x1B, 0xF6, \
- 0xB3, 0xA7, 0x39, 0xC1, 0x22, 0x61, 0x16, 0x82, \
- 0x0A, 0xE8, 0xDB, 0x58, 0x47, 0xA6, 0x7C, 0xBE, \
- 0xF9, 0xC9, 0x09, 0x1B, 0x46, 0x2D, 0x53, 0x8C, \
- 0xD7, 0x2B, 0x03, 0x74, 0x6A, 0xE7, 0x7F, 0x5E, \
- 0x62, 0x29, 0x2C, 0x31, 0x15, 0x62, 0xA8, 0x46, \
- 0x50, 0x5D, 0xC8, 0x2D, 0xB8, 0x54, 0x33, 0x8A, \
- 0xE4, 0x9F, 0x52, 0x35, 0xC9, 0x5B, 0x91, 0x17, \
- 0x8C, 0xCF, 0x2D, 0xD5, 0xCA, 0xCE, 0xF4, 0x03, \
- 0xEC, 0x9D, 0x18, 0x10, 0xC6, 0x27, 0x2B, 0x04, \
- 0x5B, 0x3B, 0x71, 0xF9, 0xDC, 0x6B, 0x80, 0xD6, \
- 0x3F, 0xDD, 0x4A, 0x8E, 0x9A, 0xDB, 0x1E, 0x69, \
- 0x62, 0xA6, 0x95, 0x26, 0xD4, 0x31, 0x61, 0xC1, \
- 0xA4, 0x1D, 0x57, 0x0D, 0x79, 0x38, 0xDA, 0xD4, \
- 0xA4, 0x0E, 0x32, 0x9C, 0xD0, 0xE4, 0x0E, 0x65, \
- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF }
-
-#define MBEDTLS_DHM_RFC7919_FFDHE6144_G_BIN { 0x02 }
-
-#define MBEDTLS_DHM_RFC7919_FFDHE8192_P_BIN { \
- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \
- 0xAD, 0xF8, 0x54, 0x58, 0xA2, 0xBB, 0x4A, 0x9A, \
- 0xAF, 0xDC, 0x56, 0x20, 0x27, 0x3D, 0x3C, 0xF1, \
- 0xD8, 0xB9, 0xC5, 0x83, 0xCE, 0x2D, 0x36, 0x95, \
- 0xA9, 0xE1, 0x36, 0x41, 0x14, 0x64, 0x33, 0xFB, \
- 0xCC, 0x93, 0x9D, 0xCE, 0x24, 0x9B, 0x3E, 0xF9, \
- 0x7D, 0x2F, 0xE3, 0x63, 0x63, 0x0C, 0x75, 0xD8, \
- 0xF6, 0x81, 0xB2, 0x02, 0xAE, 0xC4, 0x61, 0x7A, \
- 0xD3, 0xDF, 0x1E, 0xD5, 0xD5, 0xFD, 0x65, 0x61, \
- 0x24, 0x33, 0xF5, 0x1F, 0x5F, 0x06, 0x6E, 0xD0, \
- 0x85, 0x63, 0x65, 0x55, 0x3D, 0xED, 0x1A, 0xF3, \
- 0xB5, 0x57, 0x13, 0x5E, 0x7F, 0x57, 0xC9, 0x35, \
- 0x98, 0x4F, 0x0C, 0x70, 0xE0, 0xE6, 0x8B, 0x77, \
- 0xE2, 0xA6, 0x89, 0xDA, 0xF3, 0xEF, 0xE8, 0x72, \
- 0x1D, 0xF1, 0x58, 0xA1, 0x36, 0xAD, 0xE7, 0x35, \
- 0x30, 0xAC, 0xCA, 0x4F, 0x48, 0x3A, 0x79, 0x7A, \
- 0xBC, 0x0A, 0xB1, 0x82, 0xB3, 0x24, 0xFB, 0x61, \
- 0xD1, 0x08, 0xA9, 0x4B, 0xB2, 0xC8, 0xE3, 0xFB, \
- 0xB9, 0x6A, 0xDA, 0xB7, 0x60, 0xD7, 0xF4, 0x68, \
- 0x1D, 0x4F, 0x42, 0xA3, 0xDE, 0x39, 0x4D, 0xF4, \
- 0xAE, 0x56, 0xED, 0xE7, 0x63, 0x72, 0xBB, 0x19, \
- 0x0B, 0x07, 0xA7, 0xC8, 0xEE, 0x0A, 0x6D, 0x70, \
- 0x9E, 0x02, 0xFC, 0xE1, 0xCD, 0xF7, 0xE2, 0xEC, \
- 0xC0, 0x34, 0x04, 0xCD, 0x28, 0x34, 0x2F, 0x61, \
- 0x91, 0x72, 0xFE, 0x9C, 0xE9, 0x85, 0x83, 0xFF, \
- 0x8E, 0x4F, 0x12, 0x32, 0xEE, 0xF2, 0x81, 0x83, \
- 0xC3, 0xFE, 0x3B, 0x1B, 0x4C, 0x6F, 0xAD, 0x73, \
- 0x3B, 0xB5, 0xFC, 0xBC, 0x2E, 0xC2, 0x20, 0x05, \
- 0xC5, 0x8E, 0xF1, 0x83, 0x7D, 0x16, 0x83, 0xB2, \
- 0xC6, 0xF3, 0x4A, 0x26, 0xC1, 0xB2, 0xEF, 0xFA, \
- 0x88, 0x6B, 0x42, 0x38, 0x61, 0x1F, 0xCF, 0xDC, \
- 0xDE, 0x35, 0x5B, 0x3B, 0x65, 0x19, 0x03, 0x5B, \
- 0xBC, 0x34, 0xF4, 0xDE, 0xF9, 0x9C, 0x02, 0x38, \
- 0x61, 0xB4, 0x6F, 0xC9, 0xD6, 0xE6, 0xC9, 0x07, \
- 0x7A, 0xD9, 0x1D, 0x26, 0x91, 0xF7, 0xF7, 0xEE, \
- 0x59, 0x8C, 0xB0, 0xFA, 0xC1, 0x86, 0xD9, 0x1C, \
- 0xAE, 0xFE, 0x13, 0x09, 0x85, 0x13, 0x92, 0x70, \
- 0xB4, 0x13, 0x0C, 0x93, 0xBC, 0x43, 0x79, 0x44, \
- 0xF4, 0xFD, 0x44, 0x52, 0xE2, 0xD7, 0x4D, 0xD3, \
- 0x64, 0xF2, 0xE2, 0x1E, 0x71, 0xF5, 0x4B, 0xFF, \
- 0x5C, 0xAE, 0x82, 0xAB, 0x9C, 0x9D, 0xF6, 0x9E, \
- 0xE8, 0x6D, 0x2B, 0xC5, 0x22, 0x36, 0x3A, 0x0D, \
- 0xAB, 0xC5, 0x21, 0x97, 0x9B, 0x0D, 0xEA, 0xDA, \
- 0x1D, 0xBF, 0x9A, 0x42, 0xD5, 0xC4, 0x48, 0x4E, \
- 0x0A, 0xBC, 0xD0, 0x6B, 0xFA, 0x53, 0xDD, 0xEF, \
- 0x3C, 0x1B, 0x20, 0xEE, 0x3F, 0xD5, 0x9D, 0x7C, \
- 0x25, 0xE4, 0x1D, 0x2B, 0x66, 0x9E, 0x1E, 0xF1, \
- 0x6E, 0x6F, 0x52, 0xC3, 0x16, 0x4D, 0xF4, 0xFB, \
- 0x79, 0x30, 0xE9, 0xE4, 0xE5, 0x88, 0x57, 0xB6, \
- 0xAC, 0x7D, 0x5F, 0x42, 0xD6, 0x9F, 0x6D, 0x18, \
- 0x77, 0x63, 0xCF, 0x1D, 0x55, 0x03, 0x40, 0x04, \
- 0x87, 0xF5, 0x5B, 0xA5, 0x7E, 0x31, 0xCC, 0x7A, \
- 0x71, 0x35, 0xC8, 0x86, 0xEF, 0xB4, 0x31, 0x8A, \
- 0xED, 0x6A, 0x1E, 0x01, 0x2D, 0x9E, 0x68, 0x32, \
- 0xA9, 0x07, 0x60, 0x0A, 0x91, 0x81, 0x30, 0xC4, \
- 0x6D, 0xC7, 0x78, 0xF9, 0x71, 0xAD, 0x00, 0x38, \
- 0x09, 0x29, 0x99, 0xA3, 0x33, 0xCB, 0x8B, 0x7A, \
- 0x1A, 0x1D, 0xB9, 0x3D, 0x71, 0x40, 0x00, 0x3C, \
- 0x2A, 0x4E, 0xCE, 0xA9, 0xF9, 0x8D, 0x0A, 0xCC, \
- 0x0A, 0x82, 0x91, 0xCD, 0xCE, 0xC9, 0x7D, 0xCF, \
- 0x8E, 0xC9, 0xB5, 0x5A, 0x7F, 0x88, 0xA4, 0x6B, \
- 0x4D, 0xB5, 0xA8, 0x51, 0xF4, 0x41, 0x82, 0xE1, \
- 0xC6, 0x8A, 0x00, 0x7E, 0x5E, 0x0D, 0xD9, 0x02, \
- 0x0B, 0xFD, 0x64, 0xB6, 0x45, 0x03, 0x6C, 0x7A, \
- 0x4E, 0x67, 0x7D, 0x2C, 0x38, 0x53, 0x2A, 0x3A, \
- 0x23, 0xBA, 0x44, 0x42, 0xCA, 0xF5, 0x3E, 0xA6, \
- 0x3B, 0xB4, 0x54, 0x32, 0x9B, 0x76, 0x24, 0xC8, \
- 0x91, 0x7B, 0xDD, 0x64, 0xB1, 0xC0, 0xFD, 0x4C, \
- 0xB3, 0x8E, 0x8C, 0x33, 0x4C, 0x70, 0x1C, 0x3A, \
- 0xCD, 0xAD, 0x06, 0x57, 0xFC, 0xCF, 0xEC, 0x71, \
- 0x9B, 0x1F, 0x5C, 0x3E, 0x4E, 0x46, 0x04, 0x1F, \
- 0x38, 0x81, 0x47, 0xFB, 0x4C, 0xFD, 0xB4, 0x77, \
- 0xA5, 0x24, 0x71, 0xF7, 0xA9, 0xA9, 0x69, 0x10, \
- 0xB8, 0x55, 0x32, 0x2E, 0xDB, 0x63, 0x40, 0xD8, \
- 0xA0, 0x0E, 0xF0, 0x92, 0x35, 0x05, 0x11, 0xE3, \
- 0x0A, 0xBE, 0xC1, 0xFF, 0xF9, 0xE3, 0xA2, 0x6E, \
- 0x7F, 0xB2, 0x9F, 0x8C, 0x18, 0x30, 0x23, 0xC3, \
- 0x58, 0x7E, 0x38, 0xDA, 0x00, 0x77, 0xD9, 0xB4, \
- 0x76, 0x3E, 0x4E, 0x4B, 0x94, 0xB2, 0xBB, 0xC1, \
- 0x94, 0xC6, 0x65, 0x1E, 0x77, 0xCA, 0xF9, 0x92, \
- 0xEE, 0xAA, 0xC0, 0x23, 0x2A, 0x28, 0x1B, 0xF6, \
- 0xB3, 0xA7, 0x39, 0xC1, 0x22, 0x61, 0x16, 0x82, \
- 0x0A, 0xE8, 0xDB, 0x58, 0x47, 0xA6, 0x7C, 0xBE, \
- 0xF9, 0xC9, 0x09, 0x1B, 0x46, 0x2D, 0x53, 0x8C, \
- 0xD7, 0x2B, 0x03, 0x74, 0x6A, 0xE7, 0x7F, 0x5E, \
- 0x62, 0x29, 0x2C, 0x31, 0x15, 0x62, 0xA8, 0x46, \
- 0x50, 0x5D, 0xC8, 0x2D, 0xB8, 0x54, 0x33, 0x8A, \
- 0xE4, 0x9F, 0x52, 0x35, 0xC9, 0x5B, 0x91, 0x17, \
- 0x8C, 0xCF, 0x2D, 0xD5, 0xCA, 0xCE, 0xF4, 0x03, \
- 0xEC, 0x9D, 0x18, 0x10, 0xC6, 0x27, 0x2B, 0x04, \
- 0x5B, 0x3B, 0x71, 0xF9, 0xDC, 0x6B, 0x80, 0xD6, \
- 0x3F, 0xDD, 0x4A, 0x8E, 0x9A, 0xDB, 0x1E, 0x69, \
- 0x62, 0xA6, 0x95, 0x26, 0xD4, 0x31, 0x61, 0xC1, \
- 0xA4, 0x1D, 0x57, 0x0D, 0x79, 0x38, 0xDA, 0xD4, \
- 0xA4, 0x0E, 0x32, 0x9C, 0xCF, 0xF4, 0x6A, 0xAA, \
- 0x36, 0xAD, 0x00, 0x4C, 0xF6, 0x00, 0xC8, 0x38, \
- 0x1E, 0x42, 0x5A, 0x31, 0xD9, 0x51, 0xAE, 0x64, \
- 0xFD, 0xB2, 0x3F, 0xCE, 0xC9, 0x50, 0x9D, 0x43, \
- 0x68, 0x7F, 0xEB, 0x69, 0xED, 0xD1, 0xCC, 0x5E, \
- 0x0B, 0x8C, 0xC3, 0xBD, 0xF6, 0x4B, 0x10, 0xEF, \
- 0x86, 0xB6, 0x31, 0x42, 0xA3, 0xAB, 0x88, 0x29, \
- 0x55, 0x5B, 0x2F, 0x74, 0x7C, 0x93, 0x26, 0x65, \
- 0xCB, 0x2C, 0x0F, 0x1C, 0xC0, 0x1B, 0xD7, 0x02, \
- 0x29, 0x38, 0x88, 0x39, 0xD2, 0xAF, 0x05, 0xE4, \
- 0x54, 0x50, 0x4A, 0xC7, 0x8B, 0x75, 0x82, 0x82, \
- 0x28, 0x46, 0xC0, 0xBA, 0x35, 0xC3, 0x5F, 0x5C, \
- 0x59, 0x16, 0x0C, 0xC0, 0x46, 0xFD, 0x82, 0x51, \
- 0x54, 0x1F, 0xC6, 0x8C, 0x9C, 0x86, 0xB0, 0x22, \
- 0xBB, 0x70, 0x99, 0x87, 0x6A, 0x46, 0x0E, 0x74, \
- 0x51, 0xA8, 0xA9, 0x31, 0x09, 0x70, 0x3F, 0xEE, \
- 0x1C, 0x21, 0x7E, 0x6C, 0x38, 0x26, 0xE5, 0x2C, \
- 0x51, 0xAA, 0x69, 0x1E, 0x0E, 0x42, 0x3C, 0xFC, \
- 0x99, 0xE9, 0xE3, 0x16, 0x50, 0xC1, 0x21, 0x7B, \
- 0x62, 0x48, 0x16, 0xCD, 0xAD, 0x9A, 0x95, 0xF9, \
- 0xD5, 0xB8, 0x01, 0x94, 0x88, 0xD9, 0xC0, 0xA0, \
- 0xA1, 0xFE, 0x30, 0x75, 0xA5, 0x77, 0xE2, 0x31, \
- 0x83, 0xF8, 0x1D, 0x4A, 0x3F, 0x2F, 0xA4, 0x57, \
- 0x1E, 0xFC, 0x8C, 0xE0, 0xBA, 0x8A, 0x4F, 0xE8, \
- 0xB6, 0x85, 0x5D, 0xFE, 0x72, 0xB0, 0xA6, 0x6E, \
- 0xDE, 0xD2, 0xFB, 0xAB, 0xFB, 0xE5, 0x8A, 0x30, \
- 0xFA, 0xFA, 0xBE, 0x1C, 0x5D, 0x71, 0xA8, 0x7E, \
- 0x2F, 0x74, 0x1E, 0xF8, 0xC1, 0xFE, 0x86, 0xFE, \
- 0xA6, 0xBB, 0xFD, 0xE5, 0x30, 0x67, 0x7F, 0x0D, \
- 0x97, 0xD1, 0x1D, 0x49, 0xF7, 0xA8, 0x44, 0x3D, \
- 0x08, 0x22, 0xE5, 0x06, 0xA9, 0xF4, 0x61, 0x4E, \
- 0x01, 0x1E, 0x2A, 0x94, 0x83, 0x8F, 0xF8, 0x8C, \
- 0xD6, 0x8C, 0x8B, 0xB7, 0xC5, 0xC6, 0x42, 0x4C, \
- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF }
-
-#define MBEDTLS_DHM_RFC7919_FFDHE8192_G_BIN { 0x02 }
-
-#endif /* dhm.h */
diff --git a/mbedtls/ecdh.h b/mbedtls/ecdh.h
deleted file mode 100644
index 7fa7440..0000000
--- a/mbedtls/ecdh.h
+++ /dev/null
@@ -1,458 +0,0 @@
-/**
- * \file ecdh.h
- *
- * \brief This file contains ECDH definitions and functions.
- *
- * The Elliptic Curve Diffie-Hellman (ECDH) protocol is an anonymous
- * key agreement protocol allowing two parties to establish a shared
- * secret over an insecure channel. Each party must have an
- * elliptic-curve public–private key pair.
- *
- * For more information, see NIST SP 800-56A Rev. 2: Recommendation for
- * Pair-Wise Key Establishment Schemes Using Discrete Logarithm
- * Cryptography.
- */
-/*
- * Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-#ifndef MBEDTLS_ECDH_H
-#define MBEDTLS_ECDH_H
-#include "mbedtls/private_access.h"
-
-#include "mbedtls/build_info.h"
-
-#include "mbedtls/ecp.h"
-
-/*
- * Mbed TLS supports two formats for ECDH contexts (#mbedtls_ecdh_context
- * defined in `ecdh.h`). For most applications, the choice of format makes
- * no difference, since all library functions can work with either format,
- * except that the new format is incompatible with MBEDTLS_ECP_RESTARTABLE.
-
- * The new format used when this option is disabled is smaller
- * (56 bytes on a 32-bit platform). In future versions of the library, it
- * will support alternative implementations of ECDH operations.
- * The new format is incompatible with applications that access
- * context fields directly and with restartable ECP operations.
- */
-
-#if defined(MBEDTLS_ECP_RESTARTABLE)
-#define MBEDTLS_ECDH_LEGACY_CONTEXT
-#else
-#undef MBEDTLS_ECDH_LEGACY_CONTEXT
-#endif
-
-#if defined(MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED)
-#undef MBEDTLS_ECDH_LEGACY_CONTEXT
-#include "everest/everest.h"
-#endif
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/**
- * Defines the source of the imported EC key.
- */
-typedef enum
-{
- MBEDTLS_ECDH_OURS, /**< Our key. */
- MBEDTLS_ECDH_THEIRS, /**< The key of the peer. */
-} mbedtls_ecdh_side;
-
-#if !defined(MBEDTLS_ECDH_LEGACY_CONTEXT)
-/**
- * Defines the ECDH implementation used.
- *
- * Later versions of the library may add new variants, therefore users should
- * not make any assumptions about them.
- */
-typedef enum
-{
- MBEDTLS_ECDH_VARIANT_NONE = 0, /*!< Implementation not defined. */
- MBEDTLS_ECDH_VARIANT_MBEDTLS_2_0,/*!< The default Mbed TLS implementation */
-#if defined(MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED)
- MBEDTLS_ECDH_VARIANT_EVEREST /*!< Everest implementation */
-#endif
-} mbedtls_ecdh_variant;
-
-/**
- * The context used by the default ECDH implementation.
- *
- * Later versions might change the structure of this context, therefore users
- * should not make any assumptions about the structure of
- * mbedtls_ecdh_context_mbed.
- */
-typedef struct mbedtls_ecdh_context_mbed
-{
- mbedtls_ecp_group MBEDTLS_PRIVATE(grp); /*!< The elliptic curve used. */
- mbedtls_mpi MBEDTLS_PRIVATE(d); /*!< The private key. */
- mbedtls_ecp_point MBEDTLS_PRIVATE(Q); /*!< The public key. */
- mbedtls_ecp_point MBEDTLS_PRIVATE(Qp); /*!< The value of the public key of the peer. */
- mbedtls_mpi MBEDTLS_PRIVATE(z); /*!< The shared secret. */
-#if defined(MBEDTLS_ECP_RESTARTABLE)
- mbedtls_ecp_restart_ctx MBEDTLS_PRIVATE(rs); /*!< The restart context for EC computations. */
-#endif
-} mbedtls_ecdh_context_mbed;
-#endif
-
-/**
- *
- * \warning Performing multiple operations concurrently on the same
- * ECDSA context is not supported; objects of this type
- * should not be shared between multiple threads.
- * \brief The ECDH context structure.
- */
-typedef struct mbedtls_ecdh_context
-{
-#if defined(MBEDTLS_ECDH_LEGACY_CONTEXT)
- mbedtls_ecp_group MBEDTLS_PRIVATE(grp); /*!< The elliptic curve used. */
- mbedtls_mpi MBEDTLS_PRIVATE(d); /*!< The private key. */
- mbedtls_ecp_point MBEDTLS_PRIVATE(Q); /*!< The public key. */
- mbedtls_ecp_point MBEDTLS_PRIVATE(Qp); /*!< The value of the public key of the peer. */
- mbedtls_mpi MBEDTLS_PRIVATE(z); /*!< The shared secret. */
- int MBEDTLS_PRIVATE(point_format); /*!< The format of point export in TLS messages. */
- mbedtls_ecp_point MBEDTLS_PRIVATE(Vi); /*!< The blinding value. */
- mbedtls_ecp_point MBEDTLS_PRIVATE(Vf); /*!< The unblinding value. */
- mbedtls_mpi MBEDTLS_PRIVATE(_d); /*!< The previous \p d. */
-#if defined(MBEDTLS_ECP_RESTARTABLE)
- int MBEDTLS_PRIVATE(restart_enabled); /*!< The flag for restartable mode. */
- mbedtls_ecp_restart_ctx MBEDTLS_PRIVATE(rs); /*!< The restart context for EC computations. */
-#endif /* MBEDTLS_ECP_RESTARTABLE */
-#else
- uint8_t MBEDTLS_PRIVATE(point_format); /*!< The format of point export in TLS messages
- as defined in RFC 4492. */
- mbedtls_ecp_group_id MBEDTLS_PRIVATE(grp_id);/*!< The elliptic curve used. */
- mbedtls_ecdh_variant MBEDTLS_PRIVATE(var); /*!< The ECDH implementation/structure used. */
- union
- {
- mbedtls_ecdh_context_mbed MBEDTLS_PRIVATE(mbed_ecdh);
-#if defined(MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED)
- mbedtls_ecdh_context_everest MBEDTLS_PRIVATE(everest_ecdh);
-#endif
- } MBEDTLS_PRIVATE(ctx); /*!< Implementation-specific context. The
- context in use is specified by the \c var
- field. */
-#if defined(MBEDTLS_ECP_RESTARTABLE)
- uint8_t MBEDTLS_PRIVATE(restart_enabled); /*!< The flag for restartable mode. Functions of
- an alternative implementation not supporting
- restartable mode must return
- MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED error
- if this flag is set. */
-#endif /* MBEDTLS_ECP_RESTARTABLE */
-#endif /* MBEDTLS_ECDH_LEGACY_CONTEXT */
-}
-mbedtls_ecdh_context;
-
-/**
- * \brief Check whether a given group can be used for ECDH.
- *
- * \param gid The ECP group ID to check.
- *
- * \return \c 1 if the group can be used, \c 0 otherwise
- */
-int mbedtls_ecdh_can_do( mbedtls_ecp_group_id gid );
-
-/**
- * \brief This function generates an ECDH keypair on an elliptic
- * curve.
- *
- * This function performs the first of two core computations
- * implemented during the ECDH key exchange. The second core
- * computation is performed by mbedtls_ecdh_compute_shared().
- *
- * \see ecp.h
- *
- * \param grp The ECP group to use. This must be initialized and have
- * domain parameters loaded, for example through
- * mbedtls_ecp_load() or mbedtls_ecp_tls_read_group().
- * \param d The destination MPI (private key).
- * This must be initialized.
- * \param Q The destination point (public key).
- * This must be initialized.
- * \param f_rng The RNG function to use. This must not be \c NULL.
- * \param p_rng The RNG context to be passed to \p f_rng. This may be
- * \c NULL in case \p f_rng doesn't need a context argument.
- *
- * \return \c 0 on success.
- * \return Another \c MBEDTLS_ERR_ECP_XXX or
- * \c MBEDTLS_MPI_XXX error code on failure.
- */
-int mbedtls_ecdh_gen_public( mbedtls_ecp_group *grp, mbedtls_mpi *d, mbedtls_ecp_point *Q,
- int (*f_rng)(void *, unsigned char *, size_t),
- void *p_rng );
-
-/**
- * \brief This function computes the shared secret.
- *
- * This function performs the second of two core computations
- * implemented during the ECDH key exchange. The first core
- * computation is performed by mbedtls_ecdh_gen_public().
- *
- * \see ecp.h
- *
- * \note If \p f_rng is not NULL, it is used to implement
- * countermeasures against side-channel attacks.
- * For more information, see mbedtls_ecp_mul().
- *
- * \param grp The ECP group to use. This must be initialized and have
- * domain parameters loaded, for example through
- * mbedtls_ecp_load() or mbedtls_ecp_tls_read_group().
- * \param z The destination MPI (shared secret).
- * This must be initialized.
- * \param Q The public key from another party.
- * This must be initialized.
- * \param d Our secret exponent (private key).
- * This must be initialized.
- * \param f_rng The RNG function to use. This must not be \c NULL.
- * \param p_rng The RNG context to be passed to \p f_rng. This may be
- * \c NULL if \p f_rng is \c NULL or doesn't need a
- * context argument.
- *
- * \return \c 0 on success.
- * \return Another \c MBEDTLS_ERR_ECP_XXX or
- * \c MBEDTLS_MPI_XXX error code on failure.
- */
-int mbedtls_ecdh_compute_shared( mbedtls_ecp_group *grp, mbedtls_mpi *z,
- const mbedtls_ecp_point *Q, const mbedtls_mpi *d,
- int (*f_rng)(void *, unsigned char *, size_t),
- void *p_rng );
-
-/**
- * \brief This function initializes an ECDH context.
- *
- * \param ctx The ECDH context to initialize. This must not be \c NULL.
- */
-void mbedtls_ecdh_init( mbedtls_ecdh_context *ctx );
-
-/**
- * \brief This function sets up the ECDH context with the information
- * given.
- *
- * This function should be called after mbedtls_ecdh_init() but
- * before mbedtls_ecdh_make_params(). There is no need to call
- * this function before mbedtls_ecdh_read_params().
- *
- * This is the first function used by a TLS server for ECDHE
- * ciphersuites.
- *
- * \param ctx The ECDH context to set up. This must be initialized.
- * \param grp_id The group id of the group to set up the context for.
- *
- * \return \c 0 on success.
- */
-int mbedtls_ecdh_setup( mbedtls_ecdh_context *ctx,
- mbedtls_ecp_group_id grp_id );
-
-/**
- * \brief This function frees a context.
- *
- * \param ctx The context to free. This may be \c NULL, in which
- * case this function does nothing. If it is not \c NULL,
- * it must point to an initialized ECDH context.
- */
-void mbedtls_ecdh_free( mbedtls_ecdh_context *ctx );
-
-/**
- * \brief This function generates an EC key pair and exports its
- * in the format used in a TLS ServerKeyExchange handshake
- * message.
- *
- * This is the second function used by a TLS server for ECDHE
- * ciphersuites. (It is called after mbedtls_ecdh_setup().)
- *
- * \see ecp.h
- *
- * \param ctx The ECDH context to use. This must be initialized
- * and bound to a group, for example via mbedtls_ecdh_setup().
- * \param olen The address at which to store the number of Bytes written.
- * \param buf The destination buffer. This must be a writable buffer of
- * length \p blen Bytes.
- * \param blen The length of the destination buffer \p buf in Bytes.
- * \param f_rng The RNG function to use. This must not be \c NULL.
- * \param p_rng The RNG context to be passed to \p f_rng. This may be
- * \c NULL in case \p f_rng doesn't need a context argument.
- *
- * \return \c 0 on success.
- * \return #MBEDTLS_ERR_ECP_IN_PROGRESS if maximum number of
- * operations was reached: see \c mbedtls_ecp_set_max_ops().
- * \return Another \c MBEDTLS_ERR_ECP_XXX error code on failure.
- */
-int mbedtls_ecdh_make_params( mbedtls_ecdh_context *ctx, size_t *olen,
- unsigned char *buf, size_t blen,
- int (*f_rng)(void *, unsigned char *, size_t),
- void *p_rng );
-
-/**
- * \brief This function parses the ECDHE parameters in a
- * TLS ServerKeyExchange handshake message.
- *
- * \note In a TLS handshake, this is the how the client
- * sets up its ECDHE context from the server's public
- * ECDHE key material.
- *
- * \see ecp.h
- *
- * \param ctx The ECDHE context to use. This must be initialized.
- * \param buf On input, \c *buf must be the start of the input buffer.
- * On output, \c *buf is updated to point to the end of the
- * data that has been read. On success, this is the first byte
- * past the end of the ServerKeyExchange parameters.
- * On error, this is the point at which an error has been
- * detected, which is usually not useful except to debug
- * failures.
- * \param end The end of the input buffer.
- *
- * \return \c 0 on success.
- * \return An \c MBEDTLS_ERR_ECP_XXX error code on failure.
- *
- */
-int mbedtls_ecdh_read_params( mbedtls_ecdh_context *ctx,
- const unsigned char **buf,
- const unsigned char *end );
-
-/**
- * \brief This function sets up an ECDH context from an EC key.
- *
- * It is used by clients and servers in place of the
- * ServerKeyEchange for static ECDH, and imports ECDH
- * parameters from the EC key information of a certificate.
- *
- * \see ecp.h
- *
- * \param ctx The ECDH context to set up. This must be initialized.
- * \param key The EC key to use. This must be initialized.
- * \param side Defines the source of the key. Possible values are:
- * - #MBEDTLS_ECDH_OURS: The key is ours.
- * - #MBEDTLS_ECDH_THEIRS: The key is that of the peer.
- *
- * \return \c 0 on success.
- * \return Another \c MBEDTLS_ERR_ECP_XXX error code on failure.
- *
- */
-int mbedtls_ecdh_get_params( mbedtls_ecdh_context *ctx,
- const mbedtls_ecp_keypair *key,
- mbedtls_ecdh_side side );
-
-/**
- * \brief This function generates a public key and exports it
- * as a TLS ClientKeyExchange payload.
- *
- * This is the second function used by a TLS client for ECDH(E)
- * ciphersuites.
- *
- * \see ecp.h
- *
- * \param ctx The ECDH context to use. This must be initialized
- * and bound to a group, the latter usually by
- * mbedtls_ecdh_read_params().
- * \param olen The address at which to store the number of Bytes written.
- * This must not be \c NULL.
- * \param buf The destination buffer. This must be a writable buffer
- * of length \p blen Bytes.
- * \param blen The size of the destination buffer \p buf in Bytes.
- * \param f_rng The RNG function to use. This must not be \c NULL.
- * \param p_rng The RNG context to be passed to \p f_rng. This may be
- * \c NULL in case \p f_rng doesn't need a context argument.
- *
- * \return \c 0 on success.
- * \return #MBEDTLS_ERR_ECP_IN_PROGRESS if maximum number of
- * operations was reached: see \c mbedtls_ecp_set_max_ops().
- * \return Another \c MBEDTLS_ERR_ECP_XXX error code on failure.
- */
-int mbedtls_ecdh_make_public( mbedtls_ecdh_context *ctx, size_t *olen,
- unsigned char *buf, size_t blen,
- int (*f_rng)(void *, unsigned char *, size_t),
- void *p_rng );
-
-/**
- * \brief This function parses and processes the ECDHE payload of a
- * TLS ClientKeyExchange message.
- *
- * This is the third function used by a TLS server for ECDH(E)
- * ciphersuites. (It is called after mbedtls_ecdh_setup() and
- * mbedtls_ecdh_make_params().)
- *
- * \see ecp.h
- *
- * \param ctx The ECDH context to use. This must be initialized
- * and bound to a group, for example via mbedtls_ecdh_setup().
- * \param buf The pointer to the ClientKeyExchange payload. This must
- * be a readable buffer of length \p blen Bytes.
- * \param blen The length of the input buffer \p buf in Bytes.
- *
- * \return \c 0 on success.
- * \return An \c MBEDTLS_ERR_ECP_XXX error code on failure.
- */
-int mbedtls_ecdh_read_public( mbedtls_ecdh_context *ctx,
- const unsigned char *buf, size_t blen );
-
-/**
- * \brief This function derives and exports the shared secret.
- *
- * This is the last function used by both TLS client
- * and servers.
- *
- * \note If \p f_rng is not NULL, it is used to implement
- * countermeasures against side-channel attacks.
- * For more information, see mbedtls_ecp_mul().
- *
- * \see ecp.h
-
- * \param ctx The ECDH context to use. This must be initialized
- * and have its own private key generated and the peer's
- * public key imported.
- * \param olen The address at which to store the total number of
- * Bytes written on success. This must not be \c NULL.
- * \param buf The buffer to write the generated shared key to. This
- * must be a writable buffer of size \p blen Bytes.
- * \param blen The length of the destination buffer \p buf in Bytes.
- * \param f_rng The RNG function to use. This must not be \c NULL.
- * \param p_rng The RNG context. This may be \c NULL if \p f_rng
- * doesn't need a context argument.
- *
- * \return \c 0 on success.
- * \return #MBEDTLS_ERR_ECP_IN_PROGRESS if maximum number of
- * operations was reached: see \c mbedtls_ecp_set_max_ops().
- * \return Another \c MBEDTLS_ERR_ECP_XXX error code on failure.
- */
-int mbedtls_ecdh_calc_secret( mbedtls_ecdh_context *ctx, size_t *olen,
- unsigned char *buf, size_t blen,
- int (*f_rng)(void *, unsigned char *, size_t),
- void *p_rng );
-
-#if defined(MBEDTLS_ECP_RESTARTABLE)
-/**
- * \brief This function enables restartable EC computations for this
- * context. (Default: disabled.)
- *
- * \see \c mbedtls_ecp_set_max_ops()
- *
- * \note It is not possible to safely disable restartable
- * computations once enabled, except by free-ing the context,
- * which cancels possible in-progress operations.
- *
- * \param ctx The ECDH context to use. This must be initialized.
- */
-void mbedtls_ecdh_enable_restart( mbedtls_ecdh_context *ctx );
-#endif /* MBEDTLS_ECP_RESTARTABLE */
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* ecdh.h */
diff --git a/mbedtls/ecdsa.h b/mbedtls/ecdsa.h
deleted file mode 100644
index 71b73ee..0000000
--- a/mbedtls/ecdsa.h
+++ /dev/null
@@ -1,506 +0,0 @@
-/**
- * \file ecdsa.h
- *
- * \brief This file contains ECDSA definitions and functions.
- *
- * The Elliptic Curve Digital Signature Algorithm (ECDSA) is defined in
- * Standards for Efficient Cryptography Group (SECG):
- * SEC1 Elliptic Curve Cryptography.
- * The use of ECDSA for TLS is defined in RFC-4492: Elliptic Curve
- * Cryptography (ECC) Cipher Suites for Transport Layer Security (TLS).
- *
- */
-/*
- * Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-#ifndef MBEDTLS_ECDSA_H
-#define MBEDTLS_ECDSA_H
-#include "mbedtls/private_access.h"
-
-#include "mbedtls/build_info.h"
-
-#include "mbedtls/ecp.h"
-#include "mbedtls/md.h"
-
-/**
- * \brief Maximum ECDSA signature size for a given curve bit size
- *
- * \param bits Curve size in bits
- * \return Maximum signature size in bytes
- *
- * \note This macro returns a compile-time constant if its argument
- * is one. It may evaluate its argument multiple times.
- */
-/*
- * Ecdsa-Sig-Value ::= SEQUENCE {
- * r INTEGER,
- * s INTEGER
- * }
- *
- * For each of r and s, the value (V) may include an extra initial "0" bit.
- */
-#define MBEDTLS_ECDSA_MAX_SIG_LEN( bits ) \
- ( /*T,L of SEQUENCE*/ ( ( bits ) >= 61 * 8 ? 3 : 2 ) + \
- /*T,L of r,s*/ 2 * ( ( ( bits ) >= 127 * 8 ? 3 : 2 ) + \
- /*V of r,s*/ ( ( bits ) + 8 ) / 8 ) )
-
-/** The maximal size of an ECDSA signature in Bytes. */
-#define MBEDTLS_ECDSA_MAX_LEN MBEDTLS_ECDSA_MAX_SIG_LEN( MBEDTLS_ECP_MAX_BITS )
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/**
- * \brief The ECDSA context structure.
- *
- * \warning Performing multiple operations concurrently on the same
- * ECDSA context is not supported; objects of this type
- * should not be shared between multiple threads.
- */
-typedef mbedtls_ecp_keypair mbedtls_ecdsa_context;
-
-#if defined(MBEDTLS_ECP_RESTARTABLE)
-
-/**
- * \brief Internal restart context for ecdsa_verify()
- *
- * \note Opaque struct, defined in ecdsa.c
- */
-typedef struct mbedtls_ecdsa_restart_ver mbedtls_ecdsa_restart_ver_ctx;
-
-/**
- * \brief Internal restart context for ecdsa_sign()
- *
- * \note Opaque struct, defined in ecdsa.c
- */
-typedef struct mbedtls_ecdsa_restart_sig mbedtls_ecdsa_restart_sig_ctx;
-
-#if defined(MBEDTLS_ECDSA_DETERMINISTIC)
-/**
- * \brief Internal restart context for ecdsa_sign_det()
- *
- * \note Opaque struct, defined in ecdsa.c
- */
-typedef struct mbedtls_ecdsa_restart_det mbedtls_ecdsa_restart_det_ctx;
-#endif
-
-/**
- * \brief General context for resuming ECDSA operations
- */
-typedef struct
-{
- mbedtls_ecp_restart_ctx MBEDTLS_PRIVATE(ecp); /*!< base context for ECP restart and
- shared administrative info */
- mbedtls_ecdsa_restart_ver_ctx *MBEDTLS_PRIVATE(ver); /*!< ecdsa_verify() sub-context */
- mbedtls_ecdsa_restart_sig_ctx *MBEDTLS_PRIVATE(sig); /*!< ecdsa_sign() sub-context */
-#if defined(MBEDTLS_ECDSA_DETERMINISTIC)
- mbedtls_ecdsa_restart_det_ctx *MBEDTLS_PRIVATE(det); /*!< ecdsa_sign_det() sub-context */
-#endif
-} mbedtls_ecdsa_restart_ctx;
-
-#else /* MBEDTLS_ECP_RESTARTABLE */
-
-/* Now we can declare functions that take a pointer to that */
-typedef void mbedtls_ecdsa_restart_ctx;
-
-#endif /* MBEDTLS_ECP_RESTARTABLE */
-
-/**
- * \brief This function checks whether a given group can be used
- * for ECDSA.
- *
- * \param gid The ECP group ID to check.
- *
- * \return \c 1 if the group can be used, \c 0 otherwise
- */
-int mbedtls_ecdsa_can_do( mbedtls_ecp_group_id gid );
-
-/**
- * \brief This function computes the ECDSA signature of a
- * previously-hashed message.
- *
- * \note The deterministic version implemented in
- * mbedtls_ecdsa_sign_det_ext() is usually preferred.
- *
- * \note If the bitlength of the message hash is larger than the
- * bitlength of the group order, then the hash is truncated
- * as defined in Standards for Efficient Cryptography Group
- * (SECG): SEC1 Elliptic Curve Cryptography, section
- * 4.1.3, step 5.
- *
- * \see ecp.h
- *
- * \param grp The context for the elliptic curve to use.
- * This must be initialized and have group parameters
- * set, for example through mbedtls_ecp_group_load().
- * \param r The MPI context in which to store the first part
- * the signature. This must be initialized.
- * \param s The MPI context in which to store the second part
- * the signature. This must be initialized.
- * \param d The private signing key. This must be initialized.
- * \param buf The content to be signed. This is usually the hash of
- * the original data to be signed. This must be a readable
- * buffer of length \p blen Bytes. It may be \c NULL if
- * \p blen is zero.
- * \param blen The length of \p buf in Bytes.
- * \param f_rng The RNG function. This must not be \c NULL.
- * \param p_rng The RNG context to be passed to \p f_rng. This may be
- * \c NULL if \p f_rng doesn't need a context parameter.
- *
- * \return \c 0 on success.
- * \return An \c MBEDTLS_ERR_ECP_XXX
- * or \c MBEDTLS_MPI_XXX error code on failure.
- */
-int mbedtls_ecdsa_sign( mbedtls_ecp_group *grp, mbedtls_mpi *r, mbedtls_mpi *s,
- const mbedtls_mpi *d, const unsigned char *buf, size_t blen,
- int (*f_rng)(void *, unsigned char *, size_t), void *p_rng );
-
-#if defined(MBEDTLS_ECDSA_DETERMINISTIC)
-/**
- * \brief This function computes the ECDSA signature of a
- * previously-hashed message, deterministic version.
- *
- * For more information, see RFC-6979: Deterministic
- * Usage of the Digital Signature Algorithm (DSA) and Elliptic
- * Curve Digital Signature Algorithm (ECDSA).
- *
- * \note If the bitlength of the message hash is larger than the
- * bitlength of the group order, then the hash is truncated as
- * defined in Standards for Efficient Cryptography Group
- * (SECG): SEC1 Elliptic Curve Cryptography, section
- * 4.1.3, step 5.
- *
- * \see ecp.h
- *
- * \param grp The context for the elliptic curve to use.
- * This must be initialized and have group parameters
- * set, for example through mbedtls_ecp_group_load().
- * \param r The MPI context in which to store the first part
- * the signature. This must be initialized.
- * \param s The MPI context in which to store the second part
- * the signature. This must be initialized.
- * \param d The private signing key. This must be initialized
- * and setup, for example through mbedtls_ecp_gen_privkey().
- * \param buf The hashed content to be signed. This must be a readable
- * buffer of length \p blen Bytes. It may be \c NULL if
- * \p blen is zero.
- * \param blen The length of \p buf in Bytes.
- * \param md_alg The hash algorithm used to hash the original data.
- * \param f_rng_blind The RNG function used for blinding. This must not be
- * \c NULL.
- * \param p_rng_blind The RNG context to be passed to \p f_rng. This may be
- * \c NULL if \p f_rng doesn't need a context parameter.
- *
- * \return \c 0 on success.
- * \return An \c MBEDTLS_ERR_ECP_XXX or \c MBEDTLS_MPI_XXX
- * error code on failure.
- */
-int mbedtls_ecdsa_sign_det_ext( mbedtls_ecp_group *grp, mbedtls_mpi *r,
- mbedtls_mpi *s, const mbedtls_mpi *d,
- const unsigned char *buf, size_t blen,
- mbedtls_md_type_t md_alg,
- int (*f_rng_blind)(void *, unsigned char *, size_t),
- void *p_rng_blind );
-#endif /* MBEDTLS_ECDSA_DETERMINISTIC */
-
-/**
- * \brief This function verifies the ECDSA signature of a
- * previously-hashed message.
- *
- * \note If the bitlength of the message hash is larger than the
- * bitlength of the group order, then the hash is truncated as
- * defined in Standards for Efficient Cryptography Group
- * (SECG): SEC1 Elliptic Curve Cryptography, section
- * 4.1.4, step 3.
- *
- * \see ecp.h
- *
- * \param grp The ECP group to use.
- * This must be initialized and have group parameters
- * set, for example through mbedtls_ecp_group_load().
- * \param buf The hashed content that was signed. This must be a readable
- * buffer of length \p blen Bytes. It may be \c NULL if
- * \p blen is zero.
- * \param blen The length of \p buf in Bytes.
- * \param Q The public key to use for verification. This must be
- * initialized and setup.
- * \param r The first integer of the signature.
- * This must be initialized.
- * \param s The second integer of the signature.
- * This must be initialized.
- *
- * \return \c 0 on success.
- * \return #MBEDTLS_ERR_ECP_BAD_INPUT_DATA if the signature
- * is invalid.
- * \return An \c MBEDTLS_ERR_ECP_XXX or \c MBEDTLS_MPI_XXX
- * error code on failure for any other reason.
- */
-int mbedtls_ecdsa_verify( mbedtls_ecp_group *grp,
- const unsigned char *buf, size_t blen,
- const mbedtls_ecp_point *Q, const mbedtls_mpi *r,
- const mbedtls_mpi *s);
-
-/**
- * \brief This function computes the ECDSA signature and writes it
- * to a buffer, serialized as defined in RFC-4492:
- * Elliptic Curve Cryptography (ECC) Cipher Suites for
- * Transport Layer Security (TLS).
- *
- * \warning It is not thread-safe to use the same context in
- * multiple threads.
- *
- * \note The deterministic version is used if
- * #MBEDTLS_ECDSA_DETERMINISTIC is defined. For more
- * information, see RFC-6979: Deterministic Usage
- * of the Digital Signature Algorithm (DSA) and Elliptic
- * Curve Digital Signature Algorithm (ECDSA).
- *
- * \note If the bitlength of the message hash is larger than the
- * bitlength of the group order, then the hash is truncated as
- * defined in Standards for Efficient Cryptography Group
- * (SECG): SEC1 Elliptic Curve Cryptography, section
- * 4.1.3, step 5.
- *
- * \see ecp.h
- *
- * \param ctx The ECDSA context to use. This must be initialized
- * and have a group and private key bound to it, for example
- * via mbedtls_ecdsa_genkey() or mbedtls_ecdsa_from_keypair().
- * \param md_alg The message digest that was used to hash the message.
- * \param hash The message hash to be signed. This must be a readable
- * buffer of length \p blen Bytes.
- * \param hlen The length of the hash \p hash in Bytes.
- * \param sig The buffer to which to write the signature. This must be a
- * writable buffer of length at least twice as large as the
- * size of the curve used, plus 9. For example, 73 Bytes if
- * a 256-bit curve is used. A buffer length of
- * #MBEDTLS_ECDSA_MAX_LEN is always safe.
- * \param sig_size The size of the \p sig buffer in bytes.
- * \param slen The address at which to store the actual length of
- * the signature written. Must not be \c NULL.
- * \param f_rng The RNG function. This must not be \c NULL if
- * #MBEDTLS_ECDSA_DETERMINISTIC is unset. Otherwise,
- * it is used only for blinding and may be set to \c NULL, but
- * doing so is DEPRECATED.
- * \param p_rng The RNG context to be passed to \p f_rng. This may be
- * \c NULL if \p f_rng is \c NULL or doesn't use a context.
- *
- * \return \c 0 on success.
- * \return An \c MBEDTLS_ERR_ECP_XXX, \c MBEDTLS_ERR_MPI_XXX or
- * \c MBEDTLS_ERR_ASN1_XXX error code on failure.
- */
-int mbedtls_ecdsa_write_signature( mbedtls_ecdsa_context *ctx,
- mbedtls_md_type_t md_alg,
- const unsigned char *hash, size_t hlen,
- unsigned char *sig, size_t sig_size, size_t *slen,
- int (*f_rng)(void *, unsigned char *, size_t),
- void *p_rng );
-
-/**
- * \brief This function computes the ECDSA signature and writes it
- * to a buffer, in a restartable way.
- *
- * \see \c mbedtls_ecdsa_write_signature()
- *
- * \note This function is like \c mbedtls_ecdsa_write_signature()
- * but it can return early and restart according to the limit
- * set with \c mbedtls_ecp_set_max_ops() to reduce blocking.
- *
- * \param ctx The ECDSA context to use. This must be initialized
- * and have a group and private key bound to it, for example
- * via mbedtls_ecdsa_genkey() or mbedtls_ecdsa_from_keypair().
- * \param md_alg The message digest that was used to hash the message.
- * \param hash The message hash to be signed. This must be a readable
- * buffer of length \p blen Bytes.
- * \param hlen The length of the hash \p hash in Bytes.
- * \param sig The buffer to which to write the signature. This must be a
- * writable buffer of length at least twice as large as the
- * size of the curve used, plus 9. For example, 73 Bytes if
- * a 256-bit curve is used. A buffer length of
- * #MBEDTLS_ECDSA_MAX_LEN is always safe.
- * \param sig_size The size of the \p sig buffer in bytes.
- * \param slen The address at which to store the actual length of
- * the signature written. Must not be \c NULL.
- * \param f_rng The RNG function. This must not be \c NULL if
- * #MBEDTLS_ECDSA_DETERMINISTIC is unset. Otherwise,
- * it is unused and may be set to \c NULL.
- * \param p_rng The RNG context to be passed to \p f_rng. This may be
- * \c NULL if \p f_rng is \c NULL or doesn't use a context.
- * \param rs_ctx The restart context to use. This may be \c NULL to disable
- * restarting. If it is not \c NULL, it must point to an
- * initialized restart context.
- *
- * \return \c 0 on success.
- * \return #MBEDTLS_ERR_ECP_IN_PROGRESS if maximum number of
- * operations was reached: see \c mbedtls_ecp_set_max_ops().
- * \return Another \c MBEDTLS_ERR_ECP_XXX, \c MBEDTLS_ERR_MPI_XXX or
- * \c MBEDTLS_ERR_ASN1_XXX error code on failure.
- */
-int mbedtls_ecdsa_write_signature_restartable( mbedtls_ecdsa_context *ctx,
- mbedtls_md_type_t md_alg,
- const unsigned char *hash, size_t hlen,
- unsigned char *sig, size_t sig_size, size_t *slen,
- int (*f_rng)(void *, unsigned char *, size_t),
- void *p_rng,
- mbedtls_ecdsa_restart_ctx *rs_ctx );
-
-/**
- * \brief This function reads and verifies an ECDSA signature.
- *
- * \note If the bitlength of the message hash is larger than the
- * bitlength of the group order, then the hash is truncated as
- * defined in Standards for Efficient Cryptography Group
- * (SECG): SEC1 Elliptic Curve Cryptography, section
- * 4.1.4, step 3.
- *
- * \see ecp.h
- *
- * \param ctx The ECDSA context to use. This must be initialized
- * and have a group and public key bound to it.
- * \param hash The message hash that was signed. This must be a readable
- * buffer of length \p size Bytes.
- * \param hlen The size of the hash \p hash.
- * \param sig The signature to read and verify. This must be a readable
- * buffer of length \p slen Bytes.
- * \param slen The size of \p sig in Bytes.
- *
- * \return \c 0 on success.
- * \return #MBEDTLS_ERR_ECP_BAD_INPUT_DATA if signature is invalid.
- * \return #MBEDTLS_ERR_ECP_SIG_LEN_MISMATCH if there is a valid
- * signature in \p sig, but its length is less than \p siglen.
- * \return An \c MBEDTLS_ERR_ECP_XXX or \c MBEDTLS_ERR_MPI_XXX
- * error code on failure for any other reason.
- */
-int mbedtls_ecdsa_read_signature( mbedtls_ecdsa_context *ctx,
- const unsigned char *hash, size_t hlen,
- const unsigned char *sig, size_t slen );
-
-/**
- * \brief This function reads and verifies an ECDSA signature,
- * in a restartable way.
- *
- * \see \c mbedtls_ecdsa_read_signature()
- *
- * \note This function is like \c mbedtls_ecdsa_read_signature()
- * but it can return early and restart according to the limit
- * set with \c mbedtls_ecp_set_max_ops() to reduce blocking.
- *
- * \param ctx The ECDSA context to use. This must be initialized
- * and have a group and public key bound to it.
- * \param hash The message hash that was signed. This must be a readable
- * buffer of length \p size Bytes.
- * \param hlen The size of the hash \p hash.
- * \param sig The signature to read and verify. This must be a readable
- * buffer of length \p slen Bytes.
- * \param slen The size of \p sig in Bytes.
- * \param rs_ctx The restart context to use. This may be \c NULL to disable
- * restarting. If it is not \c NULL, it must point to an
- * initialized restart context.
- *
- * \return \c 0 on success.
- * \return #MBEDTLS_ERR_ECP_BAD_INPUT_DATA if signature is invalid.
- * \return #MBEDTLS_ERR_ECP_SIG_LEN_MISMATCH if there is a valid
- * signature in \p sig, but its length is less than \p siglen.
- * \return #MBEDTLS_ERR_ECP_IN_PROGRESS if maximum number of
- * operations was reached: see \c mbedtls_ecp_set_max_ops().
- * \return Another \c MBEDTLS_ERR_ECP_XXX or \c MBEDTLS_ERR_MPI_XXX
- * error code on failure for any other reason.
- */
-int mbedtls_ecdsa_read_signature_restartable( mbedtls_ecdsa_context *ctx,
- const unsigned char *hash, size_t hlen,
- const unsigned char *sig, size_t slen,
- mbedtls_ecdsa_restart_ctx *rs_ctx );
-
-/**
- * \brief This function generates an ECDSA keypair on the given curve.
- *
- * \see ecp.h
- *
- * \param ctx The ECDSA context to store the keypair in.
- * This must be initialized.
- * \param gid The elliptic curve to use. One of the various
- * \c MBEDTLS_ECP_DP_XXX macros depending on configuration.
- * \param f_rng The RNG function to use. This must not be \c NULL.
- * \param p_rng The RNG context to be passed to \p f_rng. This may be
- * \c NULL if \p f_rng doesn't need a context argument.
- *
- * \return \c 0 on success.
- * \return An \c MBEDTLS_ERR_ECP_XXX code on failure.
- */
-int mbedtls_ecdsa_genkey( mbedtls_ecdsa_context *ctx, mbedtls_ecp_group_id gid,
- int (*f_rng)(void *, unsigned char *, size_t), void *p_rng );
-
-/**
- * \brief This function sets up an ECDSA context from an EC key pair.
- *
- * \see ecp.h
- *
- * \param ctx The ECDSA context to setup. This must be initialized.
- * \param key The EC key to use. This must be initialized and hold
- * a private-public key pair or a public key. In the former
- * case, the ECDSA context may be used for signature creation
- * and verification after this call. In the latter case, it
- * may be used for signature verification.
- *
- * \return \c 0 on success.
- * \return An \c MBEDTLS_ERR_ECP_XXX code on failure.
- */
-int mbedtls_ecdsa_from_keypair( mbedtls_ecdsa_context *ctx,
- const mbedtls_ecp_keypair *key );
-
-/**
- * \brief This function initializes an ECDSA context.
- *
- * \param ctx The ECDSA context to initialize.
- * This must not be \c NULL.
- */
-void mbedtls_ecdsa_init( mbedtls_ecdsa_context *ctx );
-
-/**
- * \brief This function frees an ECDSA context.
- *
- * \param ctx The ECDSA context to free. This may be \c NULL,
- * in which case this function does nothing. If it
- * is not \c NULL, it must be initialized.
- */
-void mbedtls_ecdsa_free( mbedtls_ecdsa_context *ctx );
-
-#if defined(MBEDTLS_ECP_RESTARTABLE)
-/**
- * \brief Initialize a restart context.
- *
- * \param ctx The restart context to initialize.
- * This must not be \c NULL.
- */
-void mbedtls_ecdsa_restart_init( mbedtls_ecdsa_restart_ctx *ctx );
-
-/**
- * \brief Free the components of a restart context.
- *
- * \param ctx The restart context to free. This may be \c NULL,
- * in which case this function does nothing. If it
- * is not \c NULL, it must be initialized.
- */
-void mbedtls_ecdsa_restart_free( mbedtls_ecdsa_restart_ctx *ctx );
-#endif /* MBEDTLS_ECP_RESTARTABLE */
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* ecdsa.h */
diff --git a/mbedtls/ecjpake.h b/mbedtls/ecjpake.h
deleted file mode 100644
index a73f624..0000000
--- a/mbedtls/ecjpake.h
+++ /dev/null
@@ -1,287 +0,0 @@
-/**
- * \file ecjpake.h
- *
- * \brief Elliptic curve J-PAKE
- */
-/*
- * Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-#ifndef MBEDTLS_ECJPAKE_H
-#define MBEDTLS_ECJPAKE_H
-#include "mbedtls/private_access.h"
-
-/*
- * J-PAKE is a password-authenticated key exchange that allows deriving a
- * strong shared secret from a (potentially low entropy) pre-shared
- * passphrase, with forward secrecy and mutual authentication.
- * https://en.wikipedia.org/wiki/Password_Authenticated_Key_Exchange_by_Juggling
- *
- * This file implements the Elliptic Curve variant of J-PAKE,
- * as defined in Chapter 7.4 of the Thread v1.0 Specification,
- * available to members of the Thread Group http://threadgroup.org/
- *
- * As the J-PAKE algorithm is inherently symmetric, so is our API.
- * Each party needs to send its first round message, in any order, to the
- * other party, then each sends its second round message, in any order.
- * The payloads are serialized in a way suitable for use in TLS, but could
- * also be use outside TLS.
- */
-#include "mbedtls/build_info.h"
-
-#include "mbedtls/ecp.h"
-#include "mbedtls/md.h"
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/**
- * Roles in the EC J-PAKE exchange
- */
-typedef enum {
- MBEDTLS_ECJPAKE_CLIENT = 0, /**< Client */
- MBEDTLS_ECJPAKE_SERVER, /**< Server */
-} mbedtls_ecjpake_role;
-
-#if !defined(MBEDTLS_ECJPAKE_ALT)
-/**
- * EC J-PAKE context structure.
- *
- * J-PAKE is a symmetric protocol, except for the identifiers used in
- * Zero-Knowledge Proofs, and the serialization of the second message
- * (KeyExchange) as defined by the Thread spec.
- *
- * In order to benefit from this symmetry, we choose a different naming
- * convetion from the Thread v1.0 spec. Correspondance is indicated in the
- * description as a pair C: client name, S: server name
- */
-typedef struct mbedtls_ecjpake_context
-{
- const mbedtls_md_info_t *MBEDTLS_PRIVATE(md_info); /**< Hash to use */
- mbedtls_ecp_group MBEDTLS_PRIVATE(grp); /**< Elliptic curve */
- mbedtls_ecjpake_role MBEDTLS_PRIVATE(role); /**< Are we client or server? */
- int MBEDTLS_PRIVATE(point_format); /**< Format for point export */
-
- mbedtls_ecp_point MBEDTLS_PRIVATE(Xm1); /**< My public key 1 C: X1, S: X3 */
- mbedtls_ecp_point MBEDTLS_PRIVATE(Xm2); /**< My public key 2 C: X2, S: X4 */
- mbedtls_ecp_point MBEDTLS_PRIVATE(Xp1); /**< Peer public key 1 C: X3, S: X1 */
- mbedtls_ecp_point MBEDTLS_PRIVATE(Xp2); /**< Peer public key 2 C: X4, S: X2 */
- mbedtls_ecp_point MBEDTLS_PRIVATE(Xp); /**< Peer public key C: Xs, S: Xc */
-
- mbedtls_mpi MBEDTLS_PRIVATE(xm1); /**< My private key 1 C: x1, S: x3 */
- mbedtls_mpi MBEDTLS_PRIVATE(xm2); /**< My private key 2 C: x2, S: x4 */
-
- mbedtls_mpi MBEDTLS_PRIVATE(s); /**< Pre-shared secret (passphrase) */
-} mbedtls_ecjpake_context;
-
-#else /* MBEDTLS_ECJPAKE_ALT */
-#include "ecjpake_alt.h"
-#endif /* MBEDTLS_ECJPAKE_ALT */
-
-/**
- * \brief Initialize an ECJPAKE context.
- *
- * \param ctx The ECJPAKE context to initialize.
- * This must not be \c NULL.
- */
-void mbedtls_ecjpake_init( mbedtls_ecjpake_context *ctx );
-
-/**
- * \brief Set up an ECJPAKE context for use.
- *
- * \note Currently the only values for hash/curve allowed by the
- * standard are #MBEDTLS_MD_SHA256/#MBEDTLS_ECP_DP_SECP256R1.
- *
- * \param ctx The ECJPAKE context to set up. This must be initialized.
- * \param role The role of the caller. This must be either
- * #MBEDTLS_ECJPAKE_CLIENT or #MBEDTLS_ECJPAKE_SERVER.
- * \param hash The identifier of the hash function to use,
- * for example #MBEDTLS_MD_SHA256.
- * \param curve The identifier of the elliptic curve to use,
- * for example #MBEDTLS_ECP_DP_SECP256R1.
- * \param secret The pre-shared secret (passphrase). This must be
- * a readable buffer of length \p len Bytes. It need
- * only be valid for the duration of this call.
- * \param len The length of the pre-shared secret \p secret.
- *
- * \return \c 0 if successful.
- * \return A negative error code on failure.
- */
-int mbedtls_ecjpake_setup( mbedtls_ecjpake_context *ctx,
- mbedtls_ecjpake_role role,
- mbedtls_md_type_t hash,
- mbedtls_ecp_group_id curve,
- const unsigned char *secret,
- size_t len );
-
-/**
- * \brief Set the point format for future reads and writes.
- *
- * \param ctx The ECJPAKE context to configure.
- * \param point_format The point format to use:
- * #MBEDTLS_ECP_PF_UNCOMPRESSED (default)
- * or #MBEDTLS_ECP_PF_COMPRESSED.
- *
- * \return \c 0 if successful.
- * \return #MBEDTLS_ERR_ECP_BAD_INPUT_DATA if \p point_format
- * is invalid.
- */
-int mbedtls_ecjpake_set_point_format( mbedtls_ecjpake_context *ctx,
- int point_format );
-
-/**
- * \brief Check if an ECJPAKE context is ready for use.
- *
- * \param ctx The ECJPAKE context to check. This must be
- * initialized.
- *
- * \return \c 0 if the context is ready for use.
- * \return #MBEDTLS_ERR_ECP_BAD_INPUT_DATA otherwise.
- */
-int mbedtls_ecjpake_check( const mbedtls_ecjpake_context *ctx );
-
-/**
- * \brief Generate and write the first round message
- * (TLS: contents of the Client/ServerHello extension,
- * excluding extension type and length bytes).
- *
- * \param ctx The ECJPAKE context to use. This must be
- * initialized and set up.
- * \param buf The buffer to write the contents to. This must be a
- * writable buffer of length \p len Bytes.
- * \param len The length of \p buf in Bytes.
- * \param olen The address at which to store the total number
- * of Bytes written to \p buf. This must not be \c NULL.
- * \param f_rng The RNG function to use. This must not be \c NULL.
- * \param p_rng The RNG parameter to be passed to \p f_rng. This
- * may be \c NULL if \p f_rng doesn't use a context.
- *
- * \return \c 0 if successful.
- * \return A negative error code on failure.
- */
-int mbedtls_ecjpake_write_round_one( mbedtls_ecjpake_context *ctx,
- unsigned char *buf, size_t len, size_t *olen,
- int (*f_rng)(void *, unsigned char *, size_t),
- void *p_rng );
-
-/**
- * \brief Read and process the first round message
- * (TLS: contents of the Client/ServerHello extension,
- * excluding extension type and length bytes).
- *
- * \param ctx The ECJPAKE context to use. This must be initialized
- * and set up.
- * \param buf The buffer holding the first round message. This must
- * be a readable buffer of length \p len Bytes.
- * \param len The length in Bytes of \p buf.
- *
- * \return \c 0 if successful.
- * \return A negative error code on failure.
- */
-int mbedtls_ecjpake_read_round_one( mbedtls_ecjpake_context *ctx,
- const unsigned char *buf,
- size_t len );
-
-/**
- * \brief Generate and write the second round message
- * (TLS: contents of the Client/ServerKeyExchange).
- *
- * \param ctx The ECJPAKE context to use. This must be initialized,
- * set up, and already have performed round one.
- * \param buf The buffer to write the round two contents to.
- * This must be a writable buffer of length \p len Bytes.
- * \param len The size of \p buf in Bytes.
- * \param olen The address at which to store the total number of Bytes
- * written to \p buf. This must not be \c NULL.
- * \param f_rng The RNG function to use. This must not be \c NULL.
- * \param p_rng The RNG parameter to be passed to \p f_rng. This
- * may be \c NULL if \p f_rng doesn't use a context.
- *
- * \return \c 0 if successful.
- * \return A negative error code on failure.
- */
-int mbedtls_ecjpake_write_round_two( mbedtls_ecjpake_context *ctx,
- unsigned char *buf, size_t len, size_t *olen,
- int (*f_rng)(void *, unsigned char *, size_t),
- void *p_rng );
-
-/**
- * \brief Read and process the second round message
- * (TLS: contents of the Client/ServerKeyExchange).
- *
- * \param ctx The ECJPAKE context to use. This must be initialized
- * and set up and already have performed round one.
- * \param buf The buffer holding the second round message. This must
- * be a readable buffer of length \p len Bytes.
- * \param len The length in Bytes of \p buf.
- *
- * \return \c 0 if successful.
- * \return A negative error code on failure.
- */
-int mbedtls_ecjpake_read_round_two( mbedtls_ecjpake_context *ctx,
- const unsigned char *buf,
- size_t len );
-
-/**
- * \brief Derive the shared secret
- * (TLS: Pre-Master Secret).
- *
- * \param ctx The ECJPAKE context to use. This must be initialized,
- * set up and have performed both round one and two.
- * \param buf The buffer to write the derived secret to. This must
- * be a writable buffer of length \p len Bytes.
- * \param len The length of \p buf in Bytes.
- * \param olen The address at which to store the total number of Bytes
- * written to \p buf. This must not be \c NULL.
- * \param f_rng The RNG function to use. This must not be \c NULL.
- * \param p_rng The RNG parameter to be passed to \p f_rng. This
- * may be \c NULL if \p f_rng doesn't use a context.
- *
- * \return \c 0 if successful.
- * \return A negative error code on failure.
- */
-int mbedtls_ecjpake_derive_secret( mbedtls_ecjpake_context *ctx,
- unsigned char *buf, size_t len, size_t *olen,
- int (*f_rng)(void *, unsigned char *, size_t),
- void *p_rng );
-
-/**
- * \brief This clears an ECJPAKE context and frees any
- * embedded data structure.
- *
- * \param ctx The ECJPAKE context to free. This may be \c NULL,
- * in which case this function does nothing. If it is not
- * \c NULL, it must point to an initialized ECJPAKE context.
- */
-void mbedtls_ecjpake_free( mbedtls_ecjpake_context *ctx );
-
-#if defined(MBEDTLS_SELF_TEST)
-
-/**
- * \brief Checkup routine
- *
- * \return 0 if successful, or 1 if a test failed
- */
-int mbedtls_ecjpake_self_test( int verbose );
-
-#endif /* MBEDTLS_SELF_TEST */
-
-#ifdef __cplusplus
-}
-#endif
-
-
-#endif /* ecjpake.h */
diff --git a/mbedtls/ecp.h b/mbedtls/ecp.h
deleted file mode 100644
index 5b26084..0000000
--- a/mbedtls/ecp.h
+++ /dev/null
@@ -1,1297 +0,0 @@
-/**
- * \file ecp.h
- *
- * \brief This file provides an API for Elliptic Curves over GF(P) (ECP).
- *
- * The use of ECP in cryptography and TLS is defined in
- * Standards for Efficient Cryptography Group (SECG): SEC1
- * Elliptic Curve Cryptography and
- * RFC-4492: Elliptic Curve Cryptography (ECC) Cipher Suites
- * for Transport Layer Security (TLS).
- *
- * RFC-2409: The Internet Key Exchange (IKE) defines ECP
- * group types.
- *
- */
-
-/*
- * Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-#ifndef MBEDTLS_ECP_H
-#define MBEDTLS_ECP_H
-#include "mbedtls/private_access.h"
-
-#include "mbedtls/build_info.h"
-
-#include "mbedtls/bignum.h"
-
-/*
- * ECP error codes
- */
-/** Bad input parameters to function. */
-#define MBEDTLS_ERR_ECP_BAD_INPUT_DATA -0x4F80
-/** The buffer is too small to write to. */
-#define MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL -0x4F00
-/** The requested feature is not available, for example, the requested curve is not supported. */
-#define MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE -0x4E80
-/** The signature is not valid. */
-#define MBEDTLS_ERR_ECP_VERIFY_FAILED -0x4E00
-/** Memory allocation failed. */
-#define MBEDTLS_ERR_ECP_ALLOC_FAILED -0x4D80
-/** Generation of random value, such as ephemeral key, failed. */
-#define MBEDTLS_ERR_ECP_RANDOM_FAILED -0x4D00
-/** Invalid private or public key. */
-#define MBEDTLS_ERR_ECP_INVALID_KEY -0x4C80
-/** The buffer contains a valid signature followed by more data. */
-#define MBEDTLS_ERR_ECP_SIG_LEN_MISMATCH -0x4C00
-/** Operation in progress, call again with the same parameters to continue. */
-#define MBEDTLS_ERR_ECP_IN_PROGRESS -0x4B00
-
-/* Flags indicating whether to include code that is specific to certain
- * types of curves. These flags are for internal library use only. */
-#if defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED) || \
- defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED) || \
- defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED) || \
- defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED) || \
- defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED) || \
- defined(MBEDTLS_ECP_DP_BP256R1_ENABLED) || \
- defined(MBEDTLS_ECP_DP_BP384R1_ENABLED) || \
- defined(MBEDTLS_ECP_DP_BP512R1_ENABLED) || \
- defined(MBEDTLS_ECP_DP_SECP192K1_ENABLED) || \
- defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED) || \
- defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED)
-#define MBEDTLS_ECP_SHORT_WEIERSTRASS_ENABLED
-#endif
-#if defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED) || \
- defined(MBEDTLS_ECP_DP_CURVE448_ENABLED)
-#define MBEDTLS_ECP_MONTGOMERY_ENABLED
-#endif
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/**
- * Domain-parameter identifiers: curve, subgroup, and generator.
- *
- * \note Only curves over prime fields are supported.
- *
- * \warning This library does not support validation of arbitrary domain
- * parameters. Therefore, only standardized domain parameters from trusted
- * sources should be used. See mbedtls_ecp_group_load().
- */
-/* Note: when adding a new curve:
- * - Add it at the end of this enum, otherwise you'll break the ABI by
- * changing the numerical value for existing curves.
- * - Increment MBEDTLS_ECP_DP_MAX below if needed.
- * - Update the calculation of MBEDTLS_ECP_MAX_BITS below.
- * - Add the corresponding MBEDTLS_ECP_DP_xxx_ENABLED macro definition to
- * mbedtls_config.h.
- * - List the curve as a dependency of MBEDTLS_ECP_C and
- * MBEDTLS_ECDSA_C if supported in check_config.h.
- * - Add the curve to the appropriate curve type macro
- * MBEDTLS_ECP_yyy_ENABLED above.
- * - Add the necessary definitions to ecp_curves.c.
- * - Add the curve to the ecp_supported_curves array in ecp.c.
- * - Add the curve to applicable profiles in x509_crt.c.
- * - Add the curve to applicable presets in ssl_tls.c.
- */
-typedef enum
-{
- MBEDTLS_ECP_DP_NONE = 0, /*!< Curve not defined. */
- MBEDTLS_ECP_DP_SECP192R1, /*!< Domain parameters for the 192-bit curve defined by FIPS 186-4 and SEC1. */
- MBEDTLS_ECP_DP_SECP224R1, /*!< Domain parameters for the 224-bit curve defined by FIPS 186-4 and SEC1. */
- MBEDTLS_ECP_DP_SECP256R1, /*!< Domain parameters for the 256-bit curve defined by FIPS 186-4 and SEC1. */
- MBEDTLS_ECP_DP_SECP384R1, /*!< Domain parameters for the 384-bit curve defined by FIPS 186-4 and SEC1. */
- MBEDTLS_ECP_DP_SECP521R1, /*!< Domain parameters for the 521-bit curve defined by FIPS 186-4 and SEC1. */
- MBEDTLS_ECP_DP_BP256R1, /*!< Domain parameters for 256-bit Brainpool curve. */
- MBEDTLS_ECP_DP_BP384R1, /*!< Domain parameters for 384-bit Brainpool curve. */
- MBEDTLS_ECP_DP_BP512R1, /*!< Domain parameters for 512-bit Brainpool curve. */
- MBEDTLS_ECP_DP_CURVE25519, /*!< Domain parameters for Curve25519. */
- MBEDTLS_ECP_DP_SECP192K1, /*!< Domain parameters for 192-bit "Koblitz" curve. */
- MBEDTLS_ECP_DP_SECP224K1, /*!< Domain parameters for 224-bit "Koblitz" curve. */
- MBEDTLS_ECP_DP_SECP256K1, /*!< Domain parameters for 256-bit "Koblitz" curve. */
- MBEDTLS_ECP_DP_CURVE448, /*!< Domain parameters for Curve448. */
-} mbedtls_ecp_group_id;
-
-/**
- * The number of supported curves, plus one for #MBEDTLS_ECP_DP_NONE.
- */
-#define MBEDTLS_ECP_DP_MAX 14
-
-/*
- * Curve types
- */
-typedef enum
-{
- MBEDTLS_ECP_TYPE_NONE = 0,
- MBEDTLS_ECP_TYPE_SHORT_WEIERSTRASS, /* y^2 = x^3 + a x + b */
- MBEDTLS_ECP_TYPE_MONTGOMERY, /* y^2 = x^3 + a x^2 + x */
-} mbedtls_ecp_curve_type;
-
-/**
- * Curve information, for use by other modules.
- *
- * The fields of this structure are part of the public API and can be
- * accessed directly by applications. Future versions of the library may
- * add extra fields or reorder existing fields.
- */
-typedef struct mbedtls_ecp_curve_info
-{
- mbedtls_ecp_group_id grp_id; /*!< An internal identifier. */
- uint16_t tls_id; /*!< The TLS NamedCurve identifier. */
- uint16_t bit_size; /*!< The curve size in bits. */
- const char *name; /*!< A human-friendly name. */
-} mbedtls_ecp_curve_info;
-
-/**
- * \brief The ECP point structure, in Jacobian coordinates.
- *
- * \note All functions expect and return points satisfying
- * the following condition: Z == 0 or
- * Z == 1. Other values of \p Z are
- * used only by internal functions.
- * The point is zero, or "at infinity", if Z == 0.
- * Otherwise, \p X and \p Y are its standard (affine)
- * coordinates.
- */
-typedef struct mbedtls_ecp_point
-{
- mbedtls_mpi MBEDTLS_PRIVATE(X); /*!< The X coordinate of the ECP point. */
- mbedtls_mpi MBEDTLS_PRIVATE(Y); /*!< The Y coordinate of the ECP point. */
- mbedtls_mpi MBEDTLS_PRIVATE(Z); /*!< The Z coordinate of the ECP point. */
-}
-mbedtls_ecp_point;
-
-#if !defined(MBEDTLS_ECP_ALT)
-/*
- * default mbed TLS elliptic curve arithmetic implementation
- *
- * (in case MBEDTLS_ECP_ALT is defined then the developer has to provide an
- * alternative implementation for the whole module and it will replace this
- * one.)
- */
-
-/**
- * \brief The ECP group structure.
- *
- * We consider two types of curve equations:
- * - Short Weierstrass:
y^2 = x^3 + A x + B mod P
- * (SEC1 + RFC-4492)
- * - Montgomery:
y^2 = x^3 + A x^2 + x mod P (Curve25519,
- * Curve448)
- * In both cases, the generator (\p G) for a prime-order subgroup is fixed.
- *
- * For Short Weierstrass, this subgroup is the whole curve, and its
- * cardinality is denoted by \p N. Our code requires that \p N is an
- * odd prime as mbedtls_ecp_mul() requires an odd number, and
- * mbedtls_ecdsa_sign() requires that it is prime for blinding purposes.
- *
- * For Montgomery curves, we do not store \p A, but (A + 2) / 4,
- * which is the quantity used in the formulas. Additionally, \p nbits is
- * not the size of \p N but the required size for private keys.
- *
- * If \p modp is NULL, reduction modulo \p P is done using a generic algorithm.
- * Otherwise, \p modp must point to a function that takes an \p mbedtls_mpi in the
- * range of 0..2^(2*pbits)-1, and transforms it in-place to an integer
- * which is congruent mod \p P to the given MPI, and is close enough to \p pbits
- * in size, so that it may be efficiently brought in the 0..P-1 range by a few
- * additions or subtractions. Therefore, it is only an approximative modular
- * reduction. It must return 0 on success and non-zero on failure.
- *
- * \note Alternative implementations of the ECP module must obey the
- * following constraints.
- * * Group IDs must be distinct: if two group structures have
- * the same ID, then they must be identical.
- * * The fields \c id, \c P, \c A, \c B, \c G, \c N,
- * \c pbits and \c nbits must have the same type and semantics
- * as in the built-in implementation.
- * They must be available for reading, but direct modification
- * of these fields does not need to be supported.
- * They do not need to be at the same offset in the structure.
- */
-typedef struct mbedtls_ecp_group
-{
- mbedtls_ecp_group_id id; /*!< An internal group identifier. */
- mbedtls_mpi P; /*!< The prime modulus of the base field. */
- mbedtls_mpi A; /*!< For Short Weierstrass: \p A in the equation. For
- Montgomery curves: (A + 2) / 4. */
- mbedtls_mpi B; /*!< For Short Weierstrass: \p B in the equation.
- For Montgomery curves: unused. */
- mbedtls_ecp_point G; /*!< The generator of the subgroup used. */
- mbedtls_mpi N; /*!< The order of \p G. */
- size_t pbits; /*!< The number of bits in \p P.*/
- size_t nbits; /*!< For Short Weierstrass: The number of bits in \p P.
- For Montgomery curves: the number of bits in the
- private keys. */
- /* End of public fields */
-
- unsigned int MBEDTLS_PRIVATE(h); /*!< \internal 1 if the constants are static. */
- int (*MBEDTLS_PRIVATE(modp))(mbedtls_mpi *); /*!< The function for fast pseudo-reduction
- mod \p P (see above).*/
- int (*MBEDTLS_PRIVATE(t_pre))(mbedtls_ecp_point *, void *); /*!< Unused. */
- int (*MBEDTLS_PRIVATE(t_post))(mbedtls_ecp_point *, void *); /*!< Unused. */
- void *MBEDTLS_PRIVATE(t_data); /*!< Unused. */
- mbedtls_ecp_point *MBEDTLS_PRIVATE(T); /*!< Pre-computed points for ecp_mul_comb(). */
- size_t MBEDTLS_PRIVATE(T_size); /*!< The number of dynamic allocated pre-computed points. */
-}
-mbedtls_ecp_group;
-
-/**
- * \name SECTION: Module settings
- *
- * The configuration options you can set for this module are in this section.
- * Either change them in mbedtls_config.h, or define them using the compiler command line.
- * \{
- */
-
-#if !defined(MBEDTLS_ECP_WINDOW_SIZE)
-/*
- * Maximum "window" size used for point multiplication.
- * Default: a point where higher memory usage yields disminishing performance
- * returns.
- * Minimum value: 2. Maximum value: 7.
- *
- * Result is an array of at most ( 1 << ( MBEDTLS_ECP_WINDOW_SIZE - 1 ) )
- * points used for point multiplication. This value is directly tied to EC
- * peak memory usage, so decreasing it by one should roughly cut memory usage
- * by two (if large curves are in use).
- *
- * Reduction in size may reduce speed, but larger curves are impacted first.
- * Sample performances (in ECDHE handshakes/s, with FIXED_POINT_OPTIM = 1):
- * w-size: 6 5 4 3 2
- * 521 145 141 135 120 97
- * 384 214 209 198 177 146
- * 256 320 320 303 262 226
- * 224 475 475 453 398 342
- * 192 640 640 633 587 476
- */
-#define MBEDTLS_ECP_WINDOW_SIZE 4 /**< The maximum window size used. */
-#endif /* MBEDTLS_ECP_WINDOW_SIZE */
-
-#if !defined(MBEDTLS_ECP_FIXED_POINT_OPTIM)
-/*
- * Trade code size for speed on fixed-point multiplication.
- *
- * This speeds up repeated multiplication of the generator (that is, the
- * multiplication in ECDSA signatures, and half of the multiplications in
- * ECDSA verification and ECDHE) by a factor roughly 3 to 4.
- *
- * For each n-bit Short Weierstrass curve that is enabled, this adds 4n bytes
- * of code size if n < 384 and 8n otherwise.
- *
- * Change this value to 0 to reduce code size.
- */
-#define MBEDTLS_ECP_FIXED_POINT_OPTIM 1 /**< Enable fixed-point speed-up. */
-#endif /* MBEDTLS_ECP_FIXED_POINT_OPTIM */
-
-/* \} name SECTION: Module settings */
-
-#else /* MBEDTLS_ECP_ALT */
-#include "ecp_alt.h"
-#endif /* MBEDTLS_ECP_ALT */
-
-/**
- * The maximum size of the groups, that is, of \c N and \c P.
- */
-#if !defined(MBEDTLS_ECP_C)
-/* Dummy definition to help code that has optional ECP support and
- * defines an MBEDTLS_ECP_MAX_BYTES-sized array unconditionally. */
-#define MBEDTLS_ECP_MAX_BITS 1
-/* Note: the curves must be listed in DECREASING size! */
-#elif defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED)
-#define MBEDTLS_ECP_MAX_BITS 521
-#elif defined(MBEDTLS_ECP_DP_BP512R1_ENABLED)
-#define MBEDTLS_ECP_MAX_BITS 512
-#elif defined(MBEDTLS_ECP_DP_CURVE448_ENABLED)
-#define MBEDTLS_ECP_MAX_BITS 448
-#elif defined(MBEDTLS_ECP_DP_BP384R1_ENABLED)
-#define MBEDTLS_ECP_MAX_BITS 384
-#elif defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED)
-#define MBEDTLS_ECP_MAX_BITS 384
-#elif defined(MBEDTLS_ECP_DP_BP256R1_ENABLED)
-#define MBEDTLS_ECP_MAX_BITS 256
-#elif defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED)
-#define MBEDTLS_ECP_MAX_BITS 256
-#elif defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED)
-#define MBEDTLS_ECP_MAX_BITS 256
-#elif defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED)
-#define MBEDTLS_ECP_MAX_BITS 255
-#elif defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED)
-#define MBEDTLS_ECP_MAX_BITS 225 // n is slightly above 2^224
-#elif defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED)
-#define MBEDTLS_ECP_MAX_BITS 224
-#elif defined(MBEDTLS_ECP_DP_SECP192K1_ENABLED)
-#define MBEDTLS_ECP_MAX_BITS 192
-#elif defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED)
-#define MBEDTLS_ECP_MAX_BITS 192
-#else
-#error "Missing definition of MBEDTLS_ECP_MAX_BITS"
-#endif
-
-#define MBEDTLS_ECP_MAX_BYTES ( ( MBEDTLS_ECP_MAX_BITS + 7 ) / 8 )
-#define MBEDTLS_ECP_MAX_PT_LEN ( 2 * MBEDTLS_ECP_MAX_BYTES + 1 )
-
-#if defined(MBEDTLS_ECP_RESTARTABLE)
-
-/**
- * \brief Internal restart context for multiplication
- *
- * \note Opaque struct
- */
-typedef struct mbedtls_ecp_restart_mul mbedtls_ecp_restart_mul_ctx;
-
-/**
- * \brief Internal restart context for ecp_muladd()
- *
- * \note Opaque struct
- */
-typedef struct mbedtls_ecp_restart_muladd mbedtls_ecp_restart_muladd_ctx;
-
-/**
- * \brief General context for resuming ECC operations
- */
-typedef struct
-{
- unsigned MBEDTLS_PRIVATE(ops_done); /*!< current ops count */
- unsigned MBEDTLS_PRIVATE(depth); /*!< call depth (0 = top-level) */
- mbedtls_ecp_restart_mul_ctx *MBEDTLS_PRIVATE(rsm); /*!< ecp_mul_comb() sub-context */
- mbedtls_ecp_restart_muladd_ctx *MBEDTLS_PRIVATE(ma); /*!< ecp_muladd() sub-context */
-} mbedtls_ecp_restart_ctx;
-
-/*
- * Operation counts for restartable functions
- */
-#define MBEDTLS_ECP_OPS_CHK 3 /*!< basic ops count for ecp_check_pubkey() */
-#define MBEDTLS_ECP_OPS_DBL 8 /*!< basic ops count for ecp_double_jac() */
-#define MBEDTLS_ECP_OPS_ADD 11 /*!< basic ops count for see ecp_add_mixed() */
-#define MBEDTLS_ECP_OPS_INV 120 /*!< empirical equivalent for mpi_mod_inv() */
-
-/**
- * \brief Internal; for restartable functions in other modules.
- * Check and update basic ops budget.
- *
- * \param grp Group structure
- * \param rs_ctx Restart context
- * \param ops Number of basic ops to do
- *
- * \return \c 0 if doing \p ops basic ops is still allowed,
- * \return #MBEDTLS_ERR_ECP_IN_PROGRESS otherwise.
- */
-int mbedtls_ecp_check_budget( const mbedtls_ecp_group *grp,
- mbedtls_ecp_restart_ctx *rs_ctx,
- unsigned ops );
-
-/* Utility macro for checking and updating ops budget */
-#define MBEDTLS_ECP_BUDGET( ops ) \
- MBEDTLS_MPI_CHK( mbedtls_ecp_check_budget( grp, rs_ctx, \
- (unsigned) (ops) ) );
-
-#else /* MBEDTLS_ECP_RESTARTABLE */
-
-#define MBEDTLS_ECP_BUDGET( ops ) /* no-op; for compatibility */
-
-/* We want to declare restartable versions of existing functions anyway */
-typedef void mbedtls_ecp_restart_ctx;
-
-#endif /* MBEDTLS_ECP_RESTARTABLE */
-
-/**
- * \brief The ECP key-pair structure.
- *
- * A generic key-pair that may be used for ECDSA and fixed ECDH, for example.
- *
- * \note Members are deliberately in the same order as in the
- * ::mbedtls_ecdsa_context structure.
- */
-typedef struct mbedtls_ecp_keypair
-{
- mbedtls_ecp_group MBEDTLS_PRIVATE(grp); /*!< Elliptic curve and base point */
- mbedtls_mpi MBEDTLS_PRIVATE(d); /*!< our secret value */
- mbedtls_ecp_point MBEDTLS_PRIVATE(Q); /*!< our public value */
-}
-mbedtls_ecp_keypair;
-
-/*
- * Point formats, from RFC 4492's enum ECPointFormat
- */
-#define MBEDTLS_ECP_PF_UNCOMPRESSED 0 /**< Uncompressed point format. */
-#define MBEDTLS_ECP_PF_COMPRESSED 1 /**< Compressed point format. */
-
-/*
- * Some other constants from RFC 4492
- */
-#define MBEDTLS_ECP_TLS_NAMED_CURVE 3 /**< The named_curve of ECCurveType. */
-
-#if defined(MBEDTLS_ECP_RESTARTABLE)
-/**
- * \brief Set the maximum number of basic operations done in a row.
- *
- * If more operations are needed to complete a computation,
- * #MBEDTLS_ERR_ECP_IN_PROGRESS will be returned by the
- * function performing the computation. It is then the
- * caller's responsibility to either call again with the same
- * parameters until it returns 0 or an error code; or to free
- * the restart context if the operation is to be aborted.
- *
- * It is strictly required that all input parameters and the
- * restart context be the same on successive calls for the
- * same operation, but output parameters need not be the
- * same; they must not be used until the function finally
- * returns 0.
- *
- * This only applies to functions whose documentation
- * mentions they may return #MBEDTLS_ERR_ECP_IN_PROGRESS (or
- * #MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS for functions in the
- * SSL module). For functions that accept a "restart context"
- * argument, passing NULL disables restart and makes the
- * function equivalent to the function with the same name
- * with \c _restartable removed. For functions in the ECDH
- * module, restart is disabled unless the function accepts
- * an "ECDH context" argument and
- * mbedtls_ecdh_enable_restart() was previously called on
- * that context. For function in the SSL module, restart is
- * only enabled for specific sides and key exchanges
- * (currently only for clients and ECDHE-ECDSA).
- *
- * \param max_ops Maximum number of basic operations done in a row.
- * Default: 0 (unlimited).
- * Lower (non-zero) values mean ECC functions will block for
- * a lesser maximum amount of time.
- *
- * \note A "basic operation" is defined as a rough equivalent of a
- * multiplication in GF(p) for the NIST P-256 curve.
- * As an indication, with default settings, a scalar
- * multiplication (full run of \c mbedtls_ecp_mul()) is:
- * - about 3300 basic operations for P-256
- * - about 9400 basic operations for P-384
- *
- * \note Very low values are not always respected: sometimes
- * functions need to block for a minimum number of
- * operations, and will do so even if max_ops is set to a
- * lower value. That minimum depends on the curve size, and
- * can be made lower by decreasing the value of
- * \c MBEDTLS_ECP_WINDOW_SIZE. As an indication, here is the
- * lowest effective value for various curves and values of
- * that parameter (w for short):
- * w=6 w=5 w=4 w=3 w=2
- * P-256 208 208 160 136 124
- * P-384 682 416 320 272 248
- * P-521 1364 832 640 544 496
- *
- * \note This setting is currently ignored by Curve25519.
- */
-void mbedtls_ecp_set_max_ops( unsigned max_ops );
-
-/**
- * \brief Check if restart is enabled (max_ops != 0)
- *
- * \return \c 0 if \c max_ops == 0 (restart disabled)
- * \return \c 1 otherwise (restart enabled)
- */
-int mbedtls_ecp_restart_is_enabled( void );
-#endif /* MBEDTLS_ECP_RESTARTABLE */
-
-/*
- * Get the type of a curve
- */
-mbedtls_ecp_curve_type mbedtls_ecp_get_type( const mbedtls_ecp_group *grp );
-
-/**
- * \brief This function retrieves the information defined in
- * mbedtls_ecp_curve_info() for all supported curves.
- *
- * \note This function returns information about all curves
- * supported by the library. Some curves may not be
- * supported for all algorithms. Call mbedtls_ecdh_can_do()
- * or mbedtls_ecdsa_can_do() to check if a curve is
- * supported for ECDH or ECDSA.
- *
- * \return A statically allocated array. The last entry is 0.
- */
-const mbedtls_ecp_curve_info *mbedtls_ecp_curve_list( void );
-
-/**
- * \brief This function retrieves the list of internal group
- * identifiers of all supported curves in the order of
- * preference.
- *
- * \note This function returns information about all curves
- * supported by the library. Some curves may not be
- * supported for all algorithms. Call mbedtls_ecdh_can_do()
- * or mbedtls_ecdsa_can_do() to check if a curve is
- * supported for ECDH or ECDSA.
- *
- * \return A statically allocated array,
- * terminated with MBEDTLS_ECP_DP_NONE.
- */
-const mbedtls_ecp_group_id *mbedtls_ecp_grp_id_list( void );
-
-/**
- * \brief This function retrieves curve information from an internal
- * group identifier.
- *
- * \param grp_id An \c MBEDTLS_ECP_DP_XXX value.
- *
- * \return The associated curve information on success.
- * \return NULL on failure.
- */
-const mbedtls_ecp_curve_info *mbedtls_ecp_curve_info_from_grp_id( mbedtls_ecp_group_id grp_id );
-
-/**
- * \brief This function retrieves curve information from a TLS
- * NamedCurve value.
- *
- * \param tls_id An \c MBEDTLS_ECP_DP_XXX value.
- *
- * \return The associated curve information on success.
- * \return NULL on failure.
- */
-const mbedtls_ecp_curve_info *mbedtls_ecp_curve_info_from_tls_id( uint16_t tls_id );
-
-/**
- * \brief This function retrieves curve information from a
- * human-readable name.
- *
- * \param name The human-readable name.
- *
- * \return The associated curve information on success.
- * \return NULL on failure.
- */
-const mbedtls_ecp_curve_info *mbedtls_ecp_curve_info_from_name( const char *name );
-
-/**
- * \brief This function initializes a point as zero.
- *
- * \param pt The point to initialize.
- */
-void mbedtls_ecp_point_init( mbedtls_ecp_point *pt );
-
-/**
- * \brief This function initializes an ECP group context
- * without loading any domain parameters.
- *
- * \note After this function is called, domain parameters
- * for various ECP groups can be loaded through the
- * mbedtls_ecp_group_load() or mbedtls_ecp_tls_read_group()
- * functions.
- */
-void mbedtls_ecp_group_init( mbedtls_ecp_group *grp );
-
-/**
- * \brief This function initializes a key pair as an invalid one.
- *
- * \param key The key pair to initialize.
- */
-void mbedtls_ecp_keypair_init( mbedtls_ecp_keypair *key );
-
-/**
- * \brief This function frees the components of a point.
- *
- * \param pt The point to free.
- */
-void mbedtls_ecp_point_free( mbedtls_ecp_point *pt );
-
-/**
- * \brief This function frees the components of an ECP group.
- *
- * \param grp The group to free. This may be \c NULL, in which
- * case this function returns immediately. If it is not
- * \c NULL, it must point to an initialized ECP group.
- */
-void mbedtls_ecp_group_free( mbedtls_ecp_group *grp );
-
-/**
- * \brief This function frees the components of a key pair.
- *
- * \param key The key pair to free. This may be \c NULL, in which
- * case this function returns immediately. If it is not
- * \c NULL, it must point to an initialized ECP key pair.
- */
-void mbedtls_ecp_keypair_free( mbedtls_ecp_keypair *key );
-
-#if defined(MBEDTLS_ECP_RESTARTABLE)
-/**
- * \brief Initialize a restart context.
- *
- * \param ctx The restart context to initialize. This must
- * not be \c NULL.
- */
-void mbedtls_ecp_restart_init( mbedtls_ecp_restart_ctx *ctx );
-
-/**
- * \brief Free the components of a restart context.
- *
- * \param ctx The restart context to free. This may be \c NULL, in which
- * case this function returns immediately. If it is not
- * \c NULL, it must point to an initialized restart context.
- */
-void mbedtls_ecp_restart_free( mbedtls_ecp_restart_ctx *ctx );
-#endif /* MBEDTLS_ECP_RESTARTABLE */
-
-/**
- * \brief This function copies the contents of point \p Q into
- * point \p P.
- *
- * \param P The destination point. This must be initialized.
- * \param Q The source point. This must be initialized.
- *
- * \return \c 0 on success.
- * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED on memory-allocation failure.
- * \return Another negative error code for other kinds of failure.
- */
-int mbedtls_ecp_copy( mbedtls_ecp_point *P, const mbedtls_ecp_point *Q );
-
-/**
- * \brief This function copies the contents of group \p src into
- * group \p dst.
- *
- * \param dst The destination group. This must be initialized.
- * \param src The source group. This must be initialized.
- *
- * \return \c 0 on success.
- * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED on memory-allocation failure.
- * \return Another negative error code on other kinds of failure.
- */
-int mbedtls_ecp_group_copy( mbedtls_ecp_group *dst,
- const mbedtls_ecp_group *src );
-
-/**
- * \brief This function sets a point to the point at infinity.
- *
- * \param pt The point to set. This must be initialized.
- *
- * \return \c 0 on success.
- * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED on memory-allocation failure.
- * \return Another negative error code on other kinds of failure.
- */
-int mbedtls_ecp_set_zero( mbedtls_ecp_point *pt );
-
-/**
- * \brief This function checks if a point is the point at infinity.
- *
- * \param pt The point to test. This must be initialized.
- *
- * \return \c 1 if the point is zero.
- * \return \c 0 if the point is non-zero.
- * \return A negative error code on failure.
- */
-int mbedtls_ecp_is_zero( mbedtls_ecp_point *pt );
-
-/**
- * \brief This function compares two points.
- *
- * \note This assumes that the points are normalized. Otherwise,
- * they may compare as "not equal" even if they are.
- *
- * \param P The first point to compare. This must be initialized.
- * \param Q The second point to compare. This must be initialized.
- *
- * \return \c 0 if the points are equal.
- * \return #MBEDTLS_ERR_ECP_BAD_INPUT_DATA if the points are not equal.
- */
-int mbedtls_ecp_point_cmp( const mbedtls_ecp_point *P,
- const mbedtls_ecp_point *Q );
-
-/**
- * \brief This function imports a non-zero point from two ASCII
- * strings.
- *
- * \param P The destination point. This must be initialized.
- * \param radix The numeric base of the input.
- * \param x The first affine coordinate, as a null-terminated string.
- * \param y The second affine coordinate, as a null-terminated string.
- *
- * \return \c 0 on success.
- * \return An \c MBEDTLS_ERR_MPI_XXX error code on failure.
- */
-int mbedtls_ecp_point_read_string( mbedtls_ecp_point *P, int radix,
- const char *x, const char *y );
-
-/**
- * \brief This function exports a point into unsigned binary data.
- *
- * \param grp The group to which the point should belong.
- * This must be initialized and have group parameters
- * set, for example through mbedtls_ecp_group_load().
- * \param P The point to export. This must be initialized.
- * \param format The point format. This must be either
- * #MBEDTLS_ECP_PF_COMPRESSED or #MBEDTLS_ECP_PF_UNCOMPRESSED.
- * (For groups without these formats, this parameter is
- * ignored. But it still has to be either of the above
- * values.)
- * \param olen The address at which to store the length of
- * the output in Bytes. This must not be \c NULL.
- * \param buf The output buffer. This must be a writable buffer
- * of length \p buflen Bytes.
- * \param buflen The length of the output buffer \p buf in Bytes.
- *
- * \return \c 0 on success.
- * \return #MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL if the output buffer
- * is too small to hold the point.
- * \return #MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE if the point format
- * or the export for the given group is not implemented.
- * \return Another negative error code on other kinds of failure.
- */
-int mbedtls_ecp_point_write_binary( const mbedtls_ecp_group *grp,
- const mbedtls_ecp_point *P,
- int format, size_t *olen,
- unsigned char *buf, size_t buflen );
-
-/**
- * \brief This function imports a point from unsigned binary data.
- *
- * \note This function does not check that the point actually
- * belongs to the given group, see mbedtls_ecp_check_pubkey()
- * for that.
- *
- * \param grp The group to which the point should belong.
- * This must be initialized and have group parameters
- * set, for example through mbedtls_ecp_group_load().
- * \param P The destination context to import the point to.
- * This must be initialized.
- * \param buf The input buffer. This must be a readable buffer
- * of length \p ilen Bytes.
- * \param ilen The length of the input buffer \p buf in Bytes.
- *
- * \return \c 0 on success.
- * \return #MBEDTLS_ERR_ECP_BAD_INPUT_DATA if the input is invalid.
- * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED on memory-allocation failure.
- * \return #MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE if the import for the
- * given group is not implemented.
- */
-int mbedtls_ecp_point_read_binary( const mbedtls_ecp_group *grp,
- mbedtls_ecp_point *P,
- const unsigned char *buf, size_t ilen );
-
-/**
- * \brief This function imports a point from a TLS ECPoint record.
- *
- * \note On function return, \p *buf is updated to point immediately
- * after the ECPoint record.
- *
- * \param grp The ECP group to use.
- * This must be initialized and have group parameters
- * set, for example through mbedtls_ecp_group_load().
- * \param pt The destination point.
- * \param buf The address of the pointer to the start of the input buffer.
- * \param len The length of the buffer.
- *
- * \return \c 0 on success.
- * \return An \c MBEDTLS_ERR_MPI_XXX error code on initialization
- * failure.
- * \return #MBEDTLS_ERR_ECP_BAD_INPUT_DATA if input is invalid.
- */
-int mbedtls_ecp_tls_read_point( const mbedtls_ecp_group *grp,
- mbedtls_ecp_point *pt,
- const unsigned char **buf, size_t len );
-
-/**
- * \brief This function exports a point as a TLS ECPoint record
- * defined in RFC 4492, Section 5.4.
- *
- * \param grp The ECP group to use.
- * This must be initialized and have group parameters
- * set, for example through mbedtls_ecp_group_load().
- * \param pt The point to be exported. This must be initialized.
- * \param format The point format to use. This must be either
- * #MBEDTLS_ECP_PF_COMPRESSED or #MBEDTLS_ECP_PF_UNCOMPRESSED.
- * \param olen The address at which to store the length in Bytes
- * of the data written.
- * \param buf The target buffer. This must be a writable buffer of
- * length \p blen Bytes.
- * \param blen The length of the target buffer \p buf in Bytes.
- *
- * \return \c 0 on success.
- * \return #MBEDTLS_ERR_ECP_BAD_INPUT_DATA if the input is invalid.
- * \return #MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL if the target buffer
- * is too small to hold the exported point.
- * \return Another negative error code on other kinds of failure.
- */
-int mbedtls_ecp_tls_write_point( const mbedtls_ecp_group *grp,
- const mbedtls_ecp_point *pt,
- int format, size_t *olen,
- unsigned char *buf, size_t blen );
-
-/**
- * \brief This function sets up an ECP group context
- * from a standardized set of domain parameters.
- *
- * \note The index should be a value of the NamedCurve enum,
- * as defined in RFC-4492: Elliptic Curve Cryptography
- * (ECC) Cipher Suites for Transport Layer Security (TLS),
- * usually in the form of an \c MBEDTLS_ECP_DP_XXX macro.
- *
- * \param grp The group context to setup. This must be initialized.
- * \param id The identifier of the domain parameter set to load.
- *
- * \return \c 0 on success.
- * \return #MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE if \p id doesn't
- * correspond to a known group.
- * \return Another negative error code on other kinds of failure.
- */
-int mbedtls_ecp_group_load( mbedtls_ecp_group *grp, mbedtls_ecp_group_id id );
-
-/**
- * \brief This function sets up an ECP group context from a TLS
- * ECParameters record as defined in RFC 4492, Section 5.4.
- *
- * \note The read pointer \p buf is updated to point right after
- * the ECParameters record on exit.
- *
- * \param grp The group context to setup. This must be initialized.
- * \param buf The address of the pointer to the start of the input buffer.
- * \param len The length of the input buffer \c *buf in Bytes.
- *
- * \return \c 0 on success.
- * \return #MBEDTLS_ERR_ECP_BAD_INPUT_DATA if input is invalid.
- * \return #MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE if the group is not
- * recognized.
- * \return Another negative error code on other kinds of failure.
- */
-int mbedtls_ecp_tls_read_group( mbedtls_ecp_group *grp,
- const unsigned char **buf, size_t len );
-
-/**
- * \brief This function extracts an elliptic curve group ID from a
- * TLS ECParameters record as defined in RFC 4492, Section 5.4.
- *
- * \note The read pointer \p buf is updated to point right after
- * the ECParameters record on exit.
- *
- * \param grp The address at which to store the group id.
- * This must not be \c NULL.
- * \param buf The address of the pointer to the start of the input buffer.
- * \param len The length of the input buffer \c *buf in Bytes.
- *
- * \return \c 0 on success.
- * \return #MBEDTLS_ERR_ECP_BAD_INPUT_DATA if input is invalid.
- * \return #MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE if the group is not
- * recognized.
- * \return Another negative error code on other kinds of failure.
- */
-int mbedtls_ecp_tls_read_group_id( mbedtls_ecp_group_id *grp,
- const unsigned char **buf,
- size_t len );
-/**
- * \brief This function exports an elliptic curve as a TLS
- * ECParameters record as defined in RFC 4492, Section 5.4.
- *
- * \param grp The ECP group to be exported.
- * This must be initialized and have group parameters
- * set, for example through mbedtls_ecp_group_load().
- * \param olen The address at which to store the number of Bytes written.
- * This must not be \c NULL.
- * \param buf The buffer to write to. This must be a writable buffer
- * of length \p blen Bytes.
- * \param blen The length of the output buffer \p buf in Bytes.
- *
- * \return \c 0 on success.
- * \return #MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL if the output
- * buffer is too small to hold the exported group.
- * \return Another negative error code on other kinds of failure.
- */
-int mbedtls_ecp_tls_write_group( const mbedtls_ecp_group *grp,
- size_t *olen,
- unsigned char *buf, size_t blen );
-
-/**
- * \brief This function performs a scalar multiplication of a point
- * by an integer: \p R = \p m * \p P.
- *
- * It is not thread-safe to use same group in multiple threads.
- *
- * \note To prevent timing attacks, this function
- * executes the exact same sequence of base-field
- * operations for any valid \p m. It avoids any if-branch or
- * array index depending on the value of \p m. If also uses
- * \p f_rng to randomize some intermediate results.
- *
- * \param grp The ECP group to use.
- * This must be initialized and have group parameters
- * set, for example through mbedtls_ecp_group_load().
- * \param R The point in which to store the result of the calculation.
- * This must be initialized.
- * \param m The integer by which to multiply. This must be initialized.
- * \param P The point to multiply. This must be initialized.
- * \param f_rng The RNG function. This must not be \c NULL.
- * \param p_rng The RNG context to be passed to \p f_rng. This may be \c
- * NULL if \p f_rng doesn't need a context.
- *
- * \return \c 0 on success.
- * \return #MBEDTLS_ERR_ECP_INVALID_KEY if \p m is not a valid private
- * key, or \p P is not a valid public key.
- * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED on memory-allocation failure.
- * \return Another negative error code on other kinds of failure.
- */
-int mbedtls_ecp_mul( mbedtls_ecp_group *grp, mbedtls_ecp_point *R,
- const mbedtls_mpi *m, const mbedtls_ecp_point *P,
- int (*f_rng)(void *, unsigned char *, size_t), void *p_rng );
-
-/**
- * \brief This function performs multiplication of a point by
- * an integer: \p R = \p m * \p P in a restartable way.
- *
- * \see mbedtls_ecp_mul()
- *
- * \note This function does the same as \c mbedtls_ecp_mul(), but
- * it can return early and restart according to the limit set
- * with \c mbedtls_ecp_set_max_ops() to reduce blocking.
- *
- * \param grp The ECP group to use.
- * This must be initialized and have group parameters
- * set, for example through mbedtls_ecp_group_load().
- * \param R The point in which to store the result of the calculation.
- * This must be initialized.
- * \param m The integer by which to multiply. This must be initialized.
- * \param P The point to multiply. This must be initialized.
- * \param f_rng The RNG function. This must not be \c NULL.
- * \param p_rng The RNG context to be passed to \p f_rng. This may be \c
- * NULL if \p f_rng doesn't need a context.
- * \param rs_ctx The restart context (NULL disables restart).
- *
- * \return \c 0 on success.
- * \return #MBEDTLS_ERR_ECP_INVALID_KEY if \p m is not a valid private
- * key, or \p P is not a valid public key.
- * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED on memory-allocation failure.
- * \return #MBEDTLS_ERR_ECP_IN_PROGRESS if maximum number of
- * operations was reached: see \c mbedtls_ecp_set_max_ops().
- * \return Another negative error code on other kinds of failure.
- */
-int mbedtls_ecp_mul_restartable( mbedtls_ecp_group *grp, mbedtls_ecp_point *R,
- const mbedtls_mpi *m, const mbedtls_ecp_point *P,
- int (*f_rng)(void *, unsigned char *, size_t), void *p_rng,
- mbedtls_ecp_restart_ctx *rs_ctx );
-
-#if defined(MBEDTLS_ECP_SHORT_WEIERSTRASS_ENABLED)
-/**
- * \brief This function performs multiplication and addition of two
- * points by integers: \p R = \p m * \p P + \p n * \p Q
- *
- * It is not thread-safe to use same group in multiple threads.
- *
- * \note In contrast to mbedtls_ecp_mul(), this function does not
- * guarantee a constant execution flow and timing.
- *
- * \note This function is only defined for short Weierstrass curves.
- * It may not be included in builds without any short
- * Weierstrass curve.
- *
- * \param grp The ECP group to use.
- * This must be initialized and have group parameters
- * set, for example through mbedtls_ecp_group_load().
- * \param R The point in which to store the result of the calculation.
- * This must be initialized.
- * \param m The integer by which to multiply \p P.
- * This must be initialized.
- * \param P The point to multiply by \p m. This must be initialized.
- * \param n The integer by which to multiply \p Q.
- * This must be initialized.
- * \param Q The point to be multiplied by \p n.
- * This must be initialized.
- *
- * \return \c 0 on success.
- * \return #MBEDTLS_ERR_ECP_INVALID_KEY if \p m or \p n are not
- * valid private keys, or \p P or \p Q are not valid public
- * keys.
- * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED on memory-allocation failure.
- * \return #MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE if \p grp does not
- * designate a short Weierstrass curve.
- * \return Another negative error code on other kinds of failure.
- */
-int mbedtls_ecp_muladd( mbedtls_ecp_group *grp, mbedtls_ecp_point *R,
- const mbedtls_mpi *m, const mbedtls_ecp_point *P,
- const mbedtls_mpi *n, const mbedtls_ecp_point *Q );
-
-/**
- * \brief This function performs multiplication and addition of two
- * points by integers: \p R = \p m * \p P + \p n * \p Q in a
- * restartable way.
- *
- * \see \c mbedtls_ecp_muladd()
- *
- * \note This function works the same as \c mbedtls_ecp_muladd(),
- * but it can return early and restart according to the limit
- * set with \c mbedtls_ecp_set_max_ops() to reduce blocking.
- *
- * \note This function is only defined for short Weierstrass curves.
- * It may not be included in builds without any short
- * Weierstrass curve.
- *
- * \param grp The ECP group to use.
- * This must be initialized and have group parameters
- * set, for example through mbedtls_ecp_group_load().
- * \param R The point in which to store the result of the calculation.
- * This must be initialized.
- * \param m The integer by which to multiply \p P.
- * This must be initialized.
- * \param P The point to multiply by \p m. This must be initialized.
- * \param n The integer by which to multiply \p Q.
- * This must be initialized.
- * \param Q The point to be multiplied by \p n.
- * This must be initialized.
- * \param rs_ctx The restart context (NULL disables restart).
- *
- * \return \c 0 on success.
- * \return #MBEDTLS_ERR_ECP_INVALID_KEY if \p m or \p n are not
- * valid private keys, or \p P or \p Q are not valid public
- * keys.
- * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED on memory-allocation failure.
- * \return #MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE if \p grp does not
- * designate a short Weierstrass curve.
- * \return #MBEDTLS_ERR_ECP_IN_PROGRESS if maximum number of
- * operations was reached: see \c mbedtls_ecp_set_max_ops().
- * \return Another negative error code on other kinds of failure.
- */
-int mbedtls_ecp_muladd_restartable(
- mbedtls_ecp_group *grp, mbedtls_ecp_point *R,
- const mbedtls_mpi *m, const mbedtls_ecp_point *P,
- const mbedtls_mpi *n, const mbedtls_ecp_point *Q,
- mbedtls_ecp_restart_ctx *rs_ctx );
-#endif /* MBEDTLS_ECP_SHORT_WEIERSTRASS_ENABLED */
-
-/**
- * \brief This function checks that a point is a valid public key
- * on this curve.
- *
- * It only checks that the point is non-zero, has
- * valid coordinates and lies on the curve. It does not verify
- * that it is indeed a multiple of \p G. This additional
- * check is computationally more expensive, is not required
- * by standards, and should not be necessary if the group
- * used has a small cofactor. In particular, it is useless for
- * the NIST groups which all have a cofactor of 1.
- *
- * \note This function uses bare components rather than an
- * ::mbedtls_ecp_keypair structure, to ease use with other
- * structures, such as ::mbedtls_ecdh_context or
- * ::mbedtls_ecdsa_context.
- *
- * \param grp The ECP group the point should belong to.
- * This must be initialized and have group parameters
- * set, for example through mbedtls_ecp_group_load().
- * \param pt The point to check. This must be initialized.
- *
- * \return \c 0 if the point is a valid public key.
- * \return #MBEDTLS_ERR_ECP_INVALID_KEY if the point is not
- * a valid public key for the given curve.
- * \return Another negative error code on other kinds of failure.
- */
-int mbedtls_ecp_check_pubkey( const mbedtls_ecp_group *grp,
- const mbedtls_ecp_point *pt );
-
-/**
- * \brief This function checks that an \p mbedtls_mpi is a
- * valid private key for this curve.
- *
- * \note This function uses bare components rather than an
- * ::mbedtls_ecp_keypair structure to ease use with other
- * structures, such as ::mbedtls_ecdh_context or
- * ::mbedtls_ecdsa_context.
- *
- * \param grp The ECP group the private key should belong to.
- * This must be initialized and have group parameters
- * set, for example through mbedtls_ecp_group_load().
- * \param d The integer to check. This must be initialized.
- *
- * \return \c 0 if the point is a valid private key.
- * \return #MBEDTLS_ERR_ECP_INVALID_KEY if the point is not a valid
- * private key for the given curve.
- * \return Another negative error code on other kinds of failure.
- */
-int mbedtls_ecp_check_privkey( const mbedtls_ecp_group *grp,
- const mbedtls_mpi *d );
-
-/**
- * \brief This function generates a private key.
- *
- * \param grp The ECP group to generate a private key for.
- * This must be initialized and have group parameters
- * set, for example through mbedtls_ecp_group_load().
- * \param d The destination MPI (secret part). This must be initialized.
- * \param f_rng The RNG function. This must not be \c NULL.
- * \param p_rng The RNG parameter to be passed to \p f_rng. This may be
- * \c NULL if \p f_rng doesn't need a context argument.
- *
- * \return \c 0 on success.
- * \return An \c MBEDTLS_ERR_ECP_XXX or \c MBEDTLS_MPI_XXX error code
- * on failure.
- */
-int mbedtls_ecp_gen_privkey( const mbedtls_ecp_group *grp,
- mbedtls_mpi *d,
- int (*f_rng)(void *, unsigned char *, size_t),
- void *p_rng );
-
-/**
- * \brief This function generates a keypair with a configurable base
- * point.
- *
- * \note This function uses bare components rather than an
- * ::mbedtls_ecp_keypair structure to ease use with other
- * structures, such as ::mbedtls_ecdh_context or
- * ::mbedtls_ecdsa_context.
- *
- * \param grp The ECP group to generate a key pair for.
- * This must be initialized and have group parameters
- * set, for example through mbedtls_ecp_group_load().
- * \param G The base point to use. This must be initialized
- * and belong to \p grp. It replaces the default base
- * point \c grp->G used by mbedtls_ecp_gen_keypair().
- * \param d The destination MPI (secret part).
- * This must be initialized.
- * \param Q The destination point (public part).
- * This must be initialized.
- * \param f_rng The RNG function. This must not be \c NULL.
- * \param p_rng The RNG context to be passed to \p f_rng. This may
- * be \c NULL if \p f_rng doesn't need a context argument.
- *
- * \return \c 0 on success.
- * \return An \c MBEDTLS_ERR_ECP_XXX or \c MBEDTLS_MPI_XXX error code
- * on failure.
- */
-int mbedtls_ecp_gen_keypair_base( mbedtls_ecp_group *grp,
- const mbedtls_ecp_point *G,
- mbedtls_mpi *d, mbedtls_ecp_point *Q,
- int (*f_rng)(void *, unsigned char *, size_t),
- void *p_rng );
-
-/**
- * \brief This function generates an ECP keypair.
- *
- * \note This function uses bare components rather than an
- * ::mbedtls_ecp_keypair structure to ease use with other
- * structures, such as ::mbedtls_ecdh_context or
- * ::mbedtls_ecdsa_context.
- *
- * \param grp The ECP group to generate a key pair for.
- * This must be initialized and have group parameters
- * set, for example through mbedtls_ecp_group_load().
- * \param d The destination MPI (secret part).
- * This must be initialized.
- * \param Q The destination point (public part).
- * This must be initialized.
- * \param f_rng The RNG function. This must not be \c NULL.
- * \param p_rng The RNG context to be passed to \p f_rng. This may
- * be \c NULL if \p f_rng doesn't need a context argument.
- *
- * \return \c 0 on success.
- * \return An \c MBEDTLS_ERR_ECP_XXX or \c MBEDTLS_MPI_XXX error code
- * on failure.
- */
-int mbedtls_ecp_gen_keypair( mbedtls_ecp_group *grp, mbedtls_mpi *d,
- mbedtls_ecp_point *Q,
- int (*f_rng)(void *, unsigned char *, size_t),
- void *p_rng );
-
-/**
- * \brief This function generates an ECP key.
- *
- * \param grp_id The ECP group identifier.
- * \param key The destination key. This must be initialized.
- * \param f_rng The RNG function to use. This must not be \c NULL.
- * \param p_rng The RNG context to be passed to \p f_rng. This may
- * be \c NULL if \p f_rng doesn't need a context argument.
- *
- * \return \c 0 on success.
- * \return An \c MBEDTLS_ERR_ECP_XXX or \c MBEDTLS_MPI_XXX error code
- * on failure.
- */
-int mbedtls_ecp_gen_key( mbedtls_ecp_group_id grp_id, mbedtls_ecp_keypair *key,
- int (*f_rng)(void *, unsigned char *, size_t),
- void *p_rng );
-
-/**
- * \brief This function reads an elliptic curve private key.
- *
- * \param grp_id The ECP group identifier.
- * \param key The destination key.
- * \param buf The buffer containing the binary representation of the
- * key. (Big endian integer for Weierstrass curves, byte
- * string for Montgomery curves.)
- * \param buflen The length of the buffer in bytes.
- *
- * \return \c 0 on success.
- * \return #MBEDTLS_ERR_ECP_INVALID_KEY error if the key is
- * invalid.
- * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed.
- * \return #MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE if the operation for
- * the group is not implemented.
- * \return Another negative error code on different kinds of failure.
- */
-int mbedtls_ecp_read_key( mbedtls_ecp_group_id grp_id, mbedtls_ecp_keypair *key,
- const unsigned char *buf, size_t buflen );
-
-/**
- * \brief This function exports an elliptic curve private key.
- *
- * \param key The private key.
- * \param buf The output buffer for containing the binary representation
- * of the key. (Big endian integer for Weierstrass curves, byte
- * string for Montgomery curves.)
- * \param buflen The total length of the buffer in bytes.
- *
- * \return \c 0 on success.
- * \return #MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL if the \p key
- representation is larger than the available space in \p buf.
- * \return #MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE if the operation for
- * the group is not implemented.
- * \return Another negative error code on different kinds of failure.
- */
-int mbedtls_ecp_write_key( mbedtls_ecp_keypair *key,
- unsigned char *buf, size_t buflen );
-
-/**
- * \brief This function checks that the keypair objects
- * \p pub and \p prv have the same group and the
- * same public point, and that the private key in
- * \p prv is consistent with the public key.
- *
- * \param pub The keypair structure holding the public key. This
- * must be initialized. If it contains a private key, that
- * part is ignored.
- * \param prv The keypair structure holding the full keypair.
- * This must be initialized.
- * \param f_rng The RNG function. This must not be \c NULL.
- * \param p_rng The RNG context to be passed to \p f_rng. This may be \c
- * NULL if \p f_rng doesn't need a context.
- *
- * \return \c 0 on success, meaning that the keys are valid and match.
- * \return #MBEDTLS_ERR_ECP_BAD_INPUT_DATA if the keys are invalid or do not match.
- * \return An \c MBEDTLS_ERR_ECP_XXX or an \c MBEDTLS_ERR_MPI_XXX
- * error code on calculation failure.
- */
-int mbedtls_ecp_check_pub_priv(
- const mbedtls_ecp_keypair *pub, const mbedtls_ecp_keypair *prv,
- int (*f_rng)(void *, unsigned char *, size_t), void *p_rng );
-
-#if defined(MBEDTLS_SELF_TEST)
-
-/**
- * \brief The ECP checkup routine.
- *
- * \return \c 0 on success.
- * \return \c 1 on failure.
- */
-int mbedtls_ecp_self_test( int verbose );
-
-#endif /* MBEDTLS_SELF_TEST */
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* ecp.h */
diff --git a/mbedtls/entropy.h b/mbedtls/entropy.h
deleted file mode 100644
index fede05f..0000000
--- a/mbedtls/entropy.h
+++ /dev/null
@@ -1,293 +0,0 @@
-/**
- * \file entropy.h
- *
- * \brief Entropy accumulator implementation
- */
-/*
- * Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-#ifndef MBEDTLS_ENTROPY_H
-#define MBEDTLS_ENTROPY_H
-#include "mbedtls/private_access.h"
-
-#include "mbedtls/build_info.h"
-
-#include
-
-#if defined(MBEDTLS_SHA512_C) && !defined(MBEDTLS_ENTROPY_FORCE_SHA256)
-#include "mbedtls/sha512.h"
-#define MBEDTLS_ENTROPY_SHA512_ACCUMULATOR
-#else
-#if defined(MBEDTLS_SHA256_C)
-#define MBEDTLS_ENTROPY_SHA256_ACCUMULATOR
-#include "mbedtls/sha256.h"
-#endif
-#endif
-
-#if defined(MBEDTLS_THREADING_C)
-#include "mbedtls/threading.h"
-#endif
-
-
-/** Critical entropy source failure. */
-#define MBEDTLS_ERR_ENTROPY_SOURCE_FAILED -0x003C
-/** No more sources can be added. */
-#define MBEDTLS_ERR_ENTROPY_MAX_SOURCES -0x003E
-/** No sources have been added to poll. */
-#define MBEDTLS_ERR_ENTROPY_NO_SOURCES_DEFINED -0x0040
-/** No strong sources have been added to poll. */
-#define MBEDTLS_ERR_ENTROPY_NO_STRONG_SOURCE -0x003D
-/** Read/write error in file. */
-#define MBEDTLS_ERR_ENTROPY_FILE_IO_ERROR -0x003F
-
-/**
- * \name SECTION: Module settings
- *
- * The configuration options you can set for this module are in this section.
- * Either change them in mbedtls_config.h or define them on the compiler command line.
- * \{
- */
-
-#if !defined(MBEDTLS_ENTROPY_MAX_SOURCES)
-#define MBEDTLS_ENTROPY_MAX_SOURCES 20 /**< Maximum number of sources supported */
-#endif
-
-#if !defined(MBEDTLS_ENTROPY_MAX_GATHER)
-#define MBEDTLS_ENTROPY_MAX_GATHER 128 /**< Maximum amount requested from entropy sources */
-#endif
-
-/* \} name SECTION: Module settings */
-
-#if defined(MBEDTLS_ENTROPY_SHA512_ACCUMULATOR)
-#define MBEDTLS_ENTROPY_BLOCK_SIZE 64 /**< Block size of entropy accumulator (SHA-512) */
-#else
-#define MBEDTLS_ENTROPY_BLOCK_SIZE 32 /**< Block size of entropy accumulator (SHA-256) */
-#endif
-
-#define MBEDTLS_ENTROPY_MAX_SEED_SIZE 1024 /**< Maximum size of seed we read from seed file */
-#define MBEDTLS_ENTROPY_SOURCE_MANUAL MBEDTLS_ENTROPY_MAX_SOURCES
-
-#define MBEDTLS_ENTROPY_SOURCE_STRONG 1 /**< Entropy source is strong */
-#define MBEDTLS_ENTROPY_SOURCE_WEAK 0 /**< Entropy source is weak */
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/**
- * \brief Entropy poll callback pointer
- *
- * \param data Callback-specific data pointer
- * \param output Data to fill
- * \param len Maximum size to provide
- * \param olen The actual amount of bytes put into the buffer (Can be 0)
- *
- * \return 0 if no critical failures occurred,
- * MBEDTLS_ERR_ENTROPY_SOURCE_FAILED otherwise
- */
-typedef int (*mbedtls_entropy_f_source_ptr)(void *data, unsigned char *output, size_t len,
- size_t *olen);
-
-/**
- * \brief Entropy source state
- */
-typedef struct mbedtls_entropy_source_state
-{
- mbedtls_entropy_f_source_ptr MBEDTLS_PRIVATE(f_source); /**< The entropy source callback */
- void * MBEDTLS_PRIVATE(p_source); /**< The callback data pointer */
- size_t MBEDTLS_PRIVATE(size); /**< Amount received in bytes */
- size_t MBEDTLS_PRIVATE(threshold); /**< Minimum bytes required before release */
- int MBEDTLS_PRIVATE(strong); /**< Is the source strong? */
-}
-mbedtls_entropy_source_state;
-
-/**
- * \brief Entropy context structure
- */
-typedef struct mbedtls_entropy_context
-{
- int MBEDTLS_PRIVATE(accumulator_started); /* 0 after init.
- * 1 after the first update.
- * -1 after free. */
-#if defined(MBEDTLS_ENTROPY_SHA512_ACCUMULATOR)
- mbedtls_sha512_context MBEDTLS_PRIVATE(accumulator);
-#elif defined(MBEDTLS_ENTROPY_SHA256_ACCUMULATOR)
- mbedtls_sha256_context MBEDTLS_PRIVATE(accumulator);
-#endif
- int MBEDTLS_PRIVATE(source_count); /* Number of entries used in source. */
- mbedtls_entropy_source_state MBEDTLS_PRIVATE(source)[MBEDTLS_ENTROPY_MAX_SOURCES];
-#if defined(MBEDTLS_THREADING_C)
- mbedtls_threading_mutex_t MBEDTLS_PRIVATE(mutex); /*!< mutex */
-#endif
-#if defined(MBEDTLS_ENTROPY_NV_SEED)
- int MBEDTLS_PRIVATE(initial_entropy_run);
-#endif
-}
-mbedtls_entropy_context;
-
-#if !defined(MBEDTLS_NO_PLATFORM_ENTROPY)
-/**
- * \brief Platform-specific entropy poll callback
- */
-int mbedtls_platform_entropy_poll( void *data,
- unsigned char *output, size_t len, size_t *olen );
-#endif
-
-/**
- * \brief Initialize the context
- *
- * \param ctx Entropy context to initialize
- */
-void mbedtls_entropy_init( mbedtls_entropy_context *ctx );
-
-/**
- * \brief Free the data in the context
- *
- * \param ctx Entropy context to free
- */
-void mbedtls_entropy_free( mbedtls_entropy_context *ctx );
-
-/**
- * \brief Adds an entropy source to poll
- * (Thread-safe if MBEDTLS_THREADING_C is enabled)
- *
- * \param ctx Entropy context
- * \param f_source Entropy function
- * \param p_source Function data
- * \param threshold Minimum required from source before entropy is released
- * ( with mbedtls_entropy_func() ) (in bytes)
- * \param strong MBEDTLS_ENTROPY_SOURCE_STRONG or
- * MBEDTLS_ENTROPY_SOURCE_WEAK.
- * At least one strong source needs to be added.
- * Weaker sources (such as the cycle counter) can be used as
- * a complement.
- *
- * \return 0 if successful or MBEDTLS_ERR_ENTROPY_MAX_SOURCES
- */
-int mbedtls_entropy_add_source( mbedtls_entropy_context *ctx,
- mbedtls_entropy_f_source_ptr f_source, void *p_source,
- size_t threshold, int strong );
-
-/**
- * \brief Trigger an extra gather poll for the accumulator
- * (Thread-safe if MBEDTLS_THREADING_C is enabled)
- *
- * \param ctx Entropy context
- *
- * \return 0 if successful, or MBEDTLS_ERR_ENTROPY_SOURCE_FAILED
- */
-int mbedtls_entropy_gather( mbedtls_entropy_context *ctx );
-
-/**
- * \brief Retrieve entropy from the accumulator
- * (Maximum length: MBEDTLS_ENTROPY_BLOCK_SIZE)
- * (Thread-safe if MBEDTLS_THREADING_C is enabled)
- *
- * \param data Entropy context
- * \param output Buffer to fill
- * \param len Number of bytes desired, must be at most MBEDTLS_ENTROPY_BLOCK_SIZE
- *
- * \return 0 if successful, or MBEDTLS_ERR_ENTROPY_SOURCE_FAILED
- */
-int mbedtls_entropy_func( void *data, unsigned char *output, size_t len );
-
-/**
- * \brief Add data to the accumulator manually
- * (Thread-safe if MBEDTLS_THREADING_C is enabled)
- *
- * \param ctx Entropy context
- * \param data Data to add
- * \param len Length of data
- *
- * \return 0 if successful
- */
-int mbedtls_entropy_update_manual( mbedtls_entropy_context *ctx,
- const unsigned char *data, size_t len );
-
-#if defined(MBEDTLS_ENTROPY_NV_SEED)
-/**
- * \brief Trigger an update of the seed file in NV by using the
- * current entropy pool.
- *
- * \param ctx Entropy context
- *
- * \return 0 if successful
- */
-int mbedtls_entropy_update_nv_seed( mbedtls_entropy_context *ctx );
-#endif /* MBEDTLS_ENTROPY_NV_SEED */
-
-#if defined(MBEDTLS_FS_IO)
-/**
- * \brief Write a seed file
- *
- * \param ctx Entropy context
- * \param path Name of the file
- *
- * \return 0 if successful,
- * MBEDTLS_ERR_ENTROPY_FILE_IO_ERROR on file error, or
- * MBEDTLS_ERR_ENTROPY_SOURCE_FAILED
- */
-int mbedtls_entropy_write_seed_file( mbedtls_entropy_context *ctx, const char *path );
-
-/**
- * \brief Read and update a seed file. Seed is added to this
- * instance. No more than MBEDTLS_ENTROPY_MAX_SEED_SIZE bytes are
- * read from the seed file. The rest is ignored.
- *
- * \param ctx Entropy context
- * \param path Name of the file
- *
- * \return 0 if successful,
- * MBEDTLS_ERR_ENTROPY_FILE_IO_ERROR on file error,
- * MBEDTLS_ERR_ENTROPY_SOURCE_FAILED
- */
-int mbedtls_entropy_update_seed_file( mbedtls_entropy_context *ctx, const char *path );
-#endif /* MBEDTLS_FS_IO */
-
-#if defined(MBEDTLS_SELF_TEST)
-/**
- * \brief Checkup routine
- *
- * This module self-test also calls the entropy self-test,
- * mbedtls_entropy_source_self_test();
- *
- * \return 0 if successful, or 1 if a test failed
- */
-int mbedtls_entropy_self_test( int verbose );
-
-#if defined(MBEDTLS_ENTROPY_HARDWARE_ALT)
-/**
- * \brief Checkup routine
- *
- * Verifies the integrity of the hardware entropy source
- * provided by the function 'mbedtls_hardware_poll()'.
- *
- * Note this is the only hardware entropy source that is known
- * at link time, and other entropy sources configured
- * dynamically at runtime by the function
- * mbedtls_entropy_add_source() will not be tested.
- *
- * \return 0 if successful, or 1 if a test failed
- */
-int mbedtls_entropy_source_self_test( int verbose );
-#endif /* MBEDTLS_ENTROPY_HARDWARE_ALT */
-#endif /* MBEDTLS_SELF_TEST */
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* entropy.h */
diff --git a/mbedtls/error.h b/mbedtls/error.h
deleted file mode 100644
index 8b2b9ea..0000000
--- a/mbedtls/error.h
+++ /dev/null
@@ -1,214 +0,0 @@
-/**
- * \file error.h
- *
- * \brief Error to string translation
- */
-/*
- * Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-#ifndef MBEDTLS_ERROR_H
-#define MBEDTLS_ERROR_H
-
-#include "mbedtls/build_info.h"
-
-#include
-
-#if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && \
- !defined(inline) && !defined(__cplusplus)
-#define inline __inline
-#endif
-
-/**
- * Error code layout.
- *
- * Currently we try to keep all error codes within the negative space of 16
- * bits signed integers to support all platforms (-0x0001 - -0x7FFF). In
- * addition we'd like to give two layers of information on the error if
- * possible.
- *
- * For that purpose the error codes are segmented in the following manner:
- *
- * 16 bit error code bit-segmentation
- *
- * 1 bit - Unused (sign bit)
- * 3 bits - High level module ID
- * 5 bits - Module-dependent error code
- * 7 bits - Low level module errors
- *
- * For historical reasons, low-level error codes are divided in even and odd,
- * even codes were assigned first, and -1 is reserved for other errors.
- *
- * Low-level module errors (0x0002-0x007E, 0x0001-0x007F)
- *
- * Module Nr Codes assigned
- * ERROR 2 0x006E 0x0001
- * MPI 7 0x0002-0x0010
- * GCM 3 0x0012-0x0016 0x0013-0x0013
- * THREADING 3 0x001A-0x001E
- * AES 5 0x0020-0x0022 0x0021-0x0025
- * CAMELLIA 3 0x0024-0x0026 0x0027-0x0027
- * BASE64 2 0x002A-0x002C
- * OID 1 0x002E-0x002E 0x000B-0x000B
- * PADLOCK 1 0x0030-0x0030
- * DES 2 0x0032-0x0032 0x0033-0x0033
- * CTR_DBRG 4 0x0034-0x003A
- * ENTROPY 3 0x003C-0x0040 0x003D-0x003F
- * NET 13 0x0042-0x0052 0x0043-0x0049
- * ARIA 4 0x0058-0x005E
- * ASN1 7 0x0060-0x006C
- * CMAC 1 0x007A-0x007A
- * PBKDF2 1 0x007C-0x007C
- * HMAC_DRBG 4 0x0003-0x0009
- * CCM 3 0x000D-0x0011
- * MD5 1 0x002F-0x002F
- * RIPEMD160 1 0x0031-0x0031
- * SHA1 1 0x0035-0x0035 0x0073-0x0073
- * SHA256 1 0x0037-0x0037 0x0074-0x0074
- * SHA512 1 0x0039-0x0039 0x0075-0x0075
- * CHACHA20 3 0x0051-0x0055
- * POLY1305 3 0x0057-0x005B
- * CHACHAPOLY 2 0x0054-0x0056
- * PLATFORM 2 0x0070-0x0072
- *
- * High-level module nr (3 bits - 0x0...-0x7...)
- * Name ID Nr of Errors
- * PEM 1 9
- * PKCS#12 1 4 (Started from top)
- * X509 2 20
- * PKCS5 2 4 (Started from top)
- * DHM 3 11
- * PK 3 15 (Started from top)
- * RSA 4 11
- * ECP 4 10 (Started from top)
- * MD 5 5
- * HKDF 5 1 (Started from top)
- * SSL 5 2 (Started from 0x5F00)
- * CIPHER 6 8 (Started from 0x6080)
- * SSL 6 22 (Started from top, plus 0x6000)
- * SSL 7 20 (Started from 0x7000, gaps at
- * 0x7380, 0x7900-0x7980, 0x7A80-0x7E80)
- *
- * Module dependent error code (5 bits 0x.00.-0x.F8.)
- */
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/** Generic error */
-#define MBEDTLS_ERR_ERROR_GENERIC_ERROR -0x0001
-/** This is a bug in the library */
-#define MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED -0x006E
-
-/** Hardware accelerator failed */
-#define MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED -0x0070
-/** The requested feature is not supported by the platform */
-#define MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED -0x0072
-
-/**
- * \brief Combines a high-level and low-level error code together.
- *
- * Wrapper macro for mbedtls_error_add(). See that function for
- * more details.
- */
-#define MBEDTLS_ERROR_ADD( high, low ) \
- mbedtls_error_add( high, low, __FILE__, __LINE__ )
-
-#if defined(MBEDTLS_TEST_HOOKS)
-/**
- * \brief Testing hook called before adding/combining two error codes together.
- * Only used when invasive testing is enabled via MBEDTLS_TEST_HOOKS.
- */
-extern void (*mbedtls_test_hook_error_add)( int, int, const char *, int );
-#endif
-
-/**
- * \brief Combines a high-level and low-level error code together.
- *
- * This function can be called directly however it is usually
- * called via the #MBEDTLS_ERROR_ADD macro.
- *
- * While a value of zero is not a negative error code, it is still an
- * error code (that denotes success) and can be combined with both a
- * negative error code or another value of zero.
- *
- * \note When invasive testing is enabled via #MBEDTLS_TEST_HOOKS, also try to
- * call \link mbedtls_test_hook_error_add \endlink.
- *
- * \param high high-level error code. See error.h for more details.
- * \param low low-level error code. See error.h for more details.
- * \param file file where this error code addition occurred.
- * \param line line where this error code addition occurred.
- */
-static inline int mbedtls_error_add( int high, int low,
- const char *file, int line )
-{
-#if defined(MBEDTLS_TEST_HOOKS)
- if( *mbedtls_test_hook_error_add != NULL )
- ( *mbedtls_test_hook_error_add )( high, low, file, line );
-#endif
- (void)file;
- (void)line;
-
- return( high + low );
-}
-
-/**
- * \brief Translate a mbed TLS error code into a string representation,
- * Result is truncated if necessary and always includes a terminating
- * null byte.
- *
- * \param errnum error code
- * \param buffer buffer to place representation in
- * \param buflen length of the buffer
- */
-void mbedtls_strerror( int errnum, char *buffer, size_t buflen );
-
-/**
- * \brief Translate the high-level part of an Mbed TLS error code into a string
- * representation.
- *
- * This function returns a const pointer to an un-modifiable string. The caller
- * must not try to modify the string. It is intended to be used mostly for
- * logging purposes.
- *
- * \param error_code error code
- *
- * \return The string representation of the error code, or \c NULL if the error
- * code is unknown.
- */
-const char * mbedtls_high_level_strerr( int error_code );
-
-/**
- * \brief Translate the low-level part of an Mbed TLS error code into a string
- * representation.
- *
- * This function returns a const pointer to an un-modifiable string. The caller
- * must not try to modify the string. It is intended to be used mostly for
- * logging purposes.
- *
- * \param error_code error code
- *
- * \return The string representation of the error code, or \c NULL if the error
- * code is unknown.
- */
-const char * mbedtls_low_level_strerr( int error_code );
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* error.h */
diff --git a/mbedtls/gcm.h b/mbedtls/gcm.h
deleted file mode 100644
index 7dc9dfb..0000000
--- a/mbedtls/gcm.h
+++ /dev/null
@@ -1,383 +0,0 @@
-/**
- * \file gcm.h
- *
- * \brief This file contains GCM definitions and functions.
- *
- * The Galois/Counter Mode (GCM) for 128-bit block ciphers is defined
- * in D. McGrew, J. Viega, The Galois/Counter Mode of Operation
- * (GCM), Natl. Inst. Stand. Technol.
- *
- * For more information on GCM, see NIST SP 800-38D: Recommendation for
- * Block Cipher Modes of Operation: Galois/Counter Mode (GCM) and GMAC.
- *
- */
-/*
- * Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-#ifndef MBEDTLS_GCM_H
-#define MBEDTLS_GCM_H
-#include "mbedtls/private_access.h"
-
-#include "mbedtls/build_info.h"
-
-#include "mbedtls/cipher.h"
-
-#include
-
-#define MBEDTLS_GCM_ENCRYPT 1
-#define MBEDTLS_GCM_DECRYPT 0
-
-/** Authenticated decryption failed. */
-#define MBEDTLS_ERR_GCM_AUTH_FAILED -0x0012
-/** Bad input parameters to function. */
-#define MBEDTLS_ERR_GCM_BAD_INPUT -0x0014
-/** An output buffer is too small. */
-#define MBEDTLS_ERR_GCM_BUFFER_TOO_SMALL -0x0016
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-#if !defined(MBEDTLS_GCM_ALT)
-
-/**
- * \brief The GCM context structure.
- */
-typedef struct mbedtls_gcm_context
-{
- mbedtls_cipher_context_t MBEDTLS_PRIVATE(cipher_ctx); /*!< The cipher context used. */
- uint64_t MBEDTLS_PRIVATE(HL)[16]; /*!< Precalculated HTable low. */
- uint64_t MBEDTLS_PRIVATE(HH)[16]; /*!< Precalculated HTable high. */
- uint64_t MBEDTLS_PRIVATE(len); /*!< The total length of the encrypted data. */
- uint64_t MBEDTLS_PRIVATE(add_len); /*!< The total length of the additional data. */
- unsigned char MBEDTLS_PRIVATE(base_ectr)[16]; /*!< The first ECTR for tag. */
- unsigned char MBEDTLS_PRIVATE(y)[16]; /*!< The Y working value. */
- unsigned char MBEDTLS_PRIVATE(buf)[16]; /*!< The buf working value. */
- int MBEDTLS_PRIVATE(mode); /*!< The operation to perform:
- #MBEDTLS_GCM_ENCRYPT or
- #MBEDTLS_GCM_DECRYPT. */
-}
-mbedtls_gcm_context;
-
-#else /* !MBEDTLS_GCM_ALT */
-#include "gcm_alt.h"
-#endif /* !MBEDTLS_GCM_ALT */
-
-/**
- * \brief This function initializes the specified GCM context,
- * to make references valid, and prepares the context
- * for mbedtls_gcm_setkey() or mbedtls_gcm_free().
- *
- * The function does not bind the GCM context to a particular
- * cipher, nor set the key. For this purpose, use
- * mbedtls_gcm_setkey().
- *
- * \param ctx The GCM context to initialize. This must not be \c NULL.
- */
-void mbedtls_gcm_init( mbedtls_gcm_context *ctx );
-
-/**
- * \brief This function associates a GCM context with a
- * cipher algorithm and a key.
- *
- * \param ctx The GCM context. This must be initialized.
- * \param cipher The 128-bit block cipher to use.
- * \param key The encryption key. This must be a readable buffer of at
- * least \p keybits bits.
- * \param keybits The key size in bits. Valid options are:
- * - 128 bits
- * - 192 bits
- * - 256 bits
- *
- * \return \c 0 on success.
- * \return A cipher-specific error code on failure.
- */
-int mbedtls_gcm_setkey( mbedtls_gcm_context *ctx,
- mbedtls_cipher_id_t cipher,
- const unsigned char *key,
- unsigned int keybits );
-
-/**
- * \brief This function performs GCM encryption or decryption of a buffer.
- *
- * \note For encryption, the output buffer can be the same as the
- * input buffer. For decryption, the output buffer cannot be
- * the same as input buffer. If the buffers overlap, the output
- * buffer must trail at least 8 Bytes behind the input buffer.
- *
- * \warning When this function performs a decryption, it outputs the
- * authentication tag and does not verify that the data is
- * authentic. You should use this function to perform encryption
- * only. For decryption, use mbedtls_gcm_auth_decrypt() instead.
- *
- * \param ctx The GCM context to use for encryption or decryption. This
- * must be initialized.
- * \param mode The operation to perform:
- * - #MBEDTLS_GCM_ENCRYPT to perform authenticated encryption.
- * The ciphertext is written to \p output and the
- * authentication tag is written to \p tag.
- * - #MBEDTLS_GCM_DECRYPT to perform decryption.
- * The plaintext is written to \p output and the
- * authentication tag is written to \p tag.
- * Note that this mode is not recommended, because it does
- * not verify the authenticity of the data. For this reason,
- * you should use mbedtls_gcm_auth_decrypt() instead of
- * calling this function in decryption mode.
- * \param length The length of the input data, which is equal to the length
- * of the output data.
- * \param iv The initialization vector. This must be a readable buffer of
- * at least \p iv_len Bytes.
- * \param iv_len The length of the IV.
- * \param add The buffer holding the additional data. This must be of at
- * least that size in Bytes.
- * \param add_len The length of the additional data.
- * \param input The buffer holding the input data. If \p length is greater
- * than zero, this must be a readable buffer of at least that
- * size in Bytes.
- * \param output The buffer for holding the output data. If \p length is greater
- * than zero, this must be a writable buffer of at least that
- * size in Bytes.
- * \param tag_len The length of the tag to generate.
- * \param tag The buffer for holding the tag. This must be a writable
- * buffer of at least \p tag_len Bytes.
- *
- * \return \c 0 if the encryption or decryption was performed
- * successfully. Note that in #MBEDTLS_GCM_DECRYPT mode,
- * this does not indicate that the data is authentic.
- * \return #MBEDTLS_ERR_GCM_BAD_INPUT if the lengths or pointers are
- * not valid or a cipher-specific error code if the encryption
- * or decryption failed.
- */
-int mbedtls_gcm_crypt_and_tag( mbedtls_gcm_context *ctx,
- int mode,
- size_t length,
- const unsigned char *iv,
- size_t iv_len,
- const unsigned char *add,
- size_t add_len,
- const unsigned char *input,
- unsigned char *output,
- size_t tag_len,
- unsigned char *tag );
-
-/**
- * \brief This function performs a GCM authenticated decryption of a
- * buffer.
- *
- * \note For decryption, the output buffer cannot be the same as
- * input buffer. If the buffers overlap, the output buffer
- * must trail at least 8 Bytes behind the input buffer.
- *
- * \param ctx The GCM context. This must be initialized.
- * \param length The length of the ciphertext to decrypt, which is also
- * the length of the decrypted plaintext.
- * \param iv The initialization vector. This must be a readable buffer
- * of at least \p iv_len Bytes.
- * \param iv_len The length of the IV.
- * \param add The buffer holding the additional data. This must be of at
- * least that size in Bytes.
- * \param add_len The length of the additional data.
- * \param tag The buffer holding the tag to verify. This must be a
- * readable buffer of at least \p tag_len Bytes.
- * \param tag_len The length of the tag to verify.
- * \param input The buffer holding the ciphertext. If \p length is greater
- * than zero, this must be a readable buffer of at least that
- * size.
- * \param output The buffer for holding the decrypted plaintext. If \p length
- * is greater than zero, this must be a writable buffer of at
- * least that size.
- *
- * \return \c 0 if successful and authenticated.
- * \return #MBEDTLS_ERR_GCM_AUTH_FAILED if the tag does not match.
- * \return #MBEDTLS_ERR_GCM_BAD_INPUT if the lengths or pointers are
- * not valid or a cipher-specific error code if the decryption
- * failed.
- */
-int mbedtls_gcm_auth_decrypt( mbedtls_gcm_context *ctx,
- size_t length,
- const unsigned char *iv,
- size_t iv_len,
- const unsigned char *add,
- size_t add_len,
- const unsigned char *tag,
- size_t tag_len,
- const unsigned char *input,
- unsigned char *output );
-
-/**
- * \brief This function starts a GCM encryption or decryption
- * operation.
- *
- * \param ctx The GCM context. This must be initialized.
- * \param mode The operation to perform: #MBEDTLS_GCM_ENCRYPT or
- * #MBEDTLS_GCM_DECRYPT.
- * \param iv The initialization vector. This must be a readable buffer of
- * at least \p iv_len Bytes.
- * \param iv_len The length of the IV.
- *
- * \return \c 0 on success.
- */
-int mbedtls_gcm_starts( mbedtls_gcm_context *ctx,
- int mode,
- const unsigned char *iv,
- size_t iv_len );
-
-/**
- * \brief This function feeds an input buffer as associated data
- * (authenticated but not encrypted data) in a GCM
- * encryption or decryption operation.
- *
- * Call this function after mbedtls_gcm_starts() to pass
- * the associated data. If the associated data is empty,
- * you do not need to call this function. You may not
- * call this function after calling mbedtls_cipher_update().
- *
- * \param ctx The GCM context. This must have been started with
- * mbedtls_gcm_starts() and must not have yet received
- * any input with mbedtls_gcm_update().
- * \param add The buffer holding the additional data, or \c NULL
- * if \p add_len is \c 0.
- * \param add_len The length of the additional data. If \c 0,
- * \p add may be \c NULL.
- *
- * \return \c 0 on success.
- */
-int mbedtls_gcm_update_ad( mbedtls_gcm_context *ctx,
- const unsigned char *add,
- size_t add_len );
-
-/**
- * \brief This function feeds an input buffer into an ongoing GCM
- * encryption or decryption operation.
- *
- * You may call this function zero, one or more times
- * to pass successive parts of the input: the plaintext to
- * encrypt, or the ciphertext (not including the tag) to
- * decrypt. After the last part of the input, call
- * mbedtls_gcm_finish().
- *
- * This function may produce output in one of the following
- * ways:
- * - Immediate output: the output length is always equal
- * to the input length.
- * - Buffered output: the output consists of a whole number
- * of 16-byte blocks. If the total input length so far
- * (not including associated data) is 16 \* *B* + *A*
- * with *A* < 16 then the total output length is 16 \* *B*.
- *
- * In particular:
- * - It is always correct to call this function with
- * \p output_size >= \p input_length + 15.
- * - If \p input_length is a multiple of 16 for all the calls
- * to this function during an operation, then it is
- * correct to use \p output_size = \p input_length.
- *
- * \note For decryption, the output buffer cannot be the same as
- * input buffer. If the buffers overlap, the output buffer
- * must trail at least 8 Bytes behind the input buffer.
- *
- * \param ctx The GCM context. This must be initialized.
- * \param input The buffer holding the input data. If \p input_length
- * is greater than zero, this must be a readable buffer
- * of at least \p input_length bytes.
- * \param input_length The length of the input data in bytes.
- * \param output The buffer for the output data. If \p output_size
- * is greater than zero, this must be a writable buffer of
- * of at least \p output_size bytes.
- * \param output_size The size of the output buffer in bytes.
- * See the function description regarding the output size.
- * \param output_length On success, \p *output_length contains the actual
- * length of the output written in \p output.
- * On failure, the content of \p *output_length is
- * unspecified.
- *
- * \return \c 0 on success.
- * \return #MBEDTLS_ERR_GCM_BAD_INPUT on failure:
- * total input length too long,
- * unsupported input/output buffer overlap detected,
- * or \p output_size too small.
- */
-int mbedtls_gcm_update( mbedtls_gcm_context *ctx,
- const unsigned char *input, size_t input_length,
- unsigned char *output, size_t output_size,
- size_t *output_length );
-
-/**
- * \brief This function finishes the GCM operation and generates
- * the authentication tag.
- *
- * It wraps up the GCM stream, and generates the
- * tag. The tag can have a maximum length of 16 Bytes.
- *
- * \param ctx The GCM context. This must be initialized.
- * \param tag The buffer for holding the tag. This must be a writable
- * buffer of at least \p tag_len Bytes.
- * \param tag_len The length of the tag to generate. This must be at least
- * four.
- * \param output The buffer for the final output.
- * If \p output_size is nonzero, this must be a writable
- * buffer of at least \p output_size bytes.
- * \param output_size The size of the \p output buffer in bytes.
- * This must be large enough for the output that
- * mbedtls_gcm_update() has not produced. In particular:
- * - If mbedtls_gcm_update() produces immediate output,
- * or if the total input size is a multiple of \c 16,
- * then mbedtls_gcm_finish() never produces any output,
- * so \p output_size can be \c 0.
- * - \p output_size never needs to be more than \c 15.
- * \param output_length On success, \p *output_length contains the actual
- * length of the output written in \p output.
- * On failure, the content of \p *output_length is
- * unspecified.
- *
- * \return \c 0 on success.
- * \return #MBEDTLS_ERR_GCM_BAD_INPUT on failure:
- * invalid value of \p tag_len,
- * or \p output_size too small.
- */
-int mbedtls_gcm_finish( mbedtls_gcm_context *ctx,
- unsigned char *output, size_t output_size,
- size_t *output_length,
- unsigned char *tag, size_t tag_len );
-
-/**
- * \brief This function clears a GCM context and the underlying
- * cipher sub-context.
- *
- * \param ctx The GCM context to clear. If this is \c NULL, the call has
- * no effect. Otherwise, this must be initialized.
- */
-void mbedtls_gcm_free( mbedtls_gcm_context *ctx );
-
-#if defined(MBEDTLS_SELF_TEST)
-
-/**
- * \brief The GCM checkup routine.
- *
- * \return \c 0 on success.
- * \return \c 1 on failure.
- */
-int mbedtls_gcm_self_test( int verbose );
-
-#endif /* MBEDTLS_SELF_TEST */
-
-#ifdef __cplusplus
-}
-#endif
-
-
-#endif /* gcm.h */
diff --git a/mbedtls/hkdf.h b/mbedtls/hkdf.h
deleted file mode 100644
index e6bfe05..0000000
--- a/mbedtls/hkdf.h
+++ /dev/null
@@ -1,136 +0,0 @@
-/**
- * \file hkdf.h
- *
- * \brief This file contains the HKDF interface.
- *
- * The HMAC-based Extract-and-Expand Key Derivation Function (HKDF) is
- * specified by RFC 5869.
- */
-/*
- * Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-#ifndef MBEDTLS_HKDF_H
-#define MBEDTLS_HKDF_H
-
-#include "mbedtls/build_info.h"
-
-#include "mbedtls/md.h"
-
-/**
- * \name HKDF Error codes
- * \{
- */
-/** Bad input parameters to function. */
-#define MBEDTLS_ERR_HKDF_BAD_INPUT_DATA -0x5F80
-/* \} name */
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/**
- * \brief This is the HMAC-based Extract-and-Expand Key Derivation Function
- * (HKDF).
- *
- * \param md A hash function; md.size denotes the length of the hash
- * function output in bytes.
- * \param salt An optional salt value (a non-secret random value);
- * if the salt is not provided, a string of all zeros of
- * md.size length is used as the salt.
- * \param salt_len The length in bytes of the optional \p salt.
- * \param ikm The input keying material.
- * \param ikm_len The length in bytes of \p ikm.
- * \param info An optional context and application specific information
- * string. This can be a zero-length string.
- * \param info_len The length of \p info in bytes.
- * \param okm The output keying material of \p okm_len bytes.
- * \param okm_len The length of the output keying material in bytes. This
- * must be less than or equal to 255 * md.size bytes.
- *
- * \return 0 on success.
- * \return #MBEDTLS_ERR_HKDF_BAD_INPUT_DATA when the parameters are invalid.
- * \return An MBEDTLS_ERR_MD_* error for errors returned from the underlying
- * MD layer.
- */
-int mbedtls_hkdf( const mbedtls_md_info_t *md, const unsigned char *salt,
- size_t salt_len, const unsigned char *ikm, size_t ikm_len,
- const unsigned char *info, size_t info_len,
- unsigned char *okm, size_t okm_len );
-
-/**
- * \brief Take the input keying material \p ikm and extract from it a
- * fixed-length pseudorandom key \p prk.
- *
- * \warning This function should only be used if the security of it has been
- * studied and established in that particular context (eg. TLS 1.3
- * key schedule). For standard HKDF security guarantees use
- * \c mbedtls_hkdf instead.
- *
- * \param md A hash function; md.size denotes the length of the
- * hash function output in bytes.
- * \param salt An optional salt value (a non-secret random value);
- * if the salt is not provided, a string of all zeros
- * of md.size length is used as the salt.
- * \param salt_len The length in bytes of the optional \p salt.
- * \param ikm The input keying material.
- * \param ikm_len The length in bytes of \p ikm.
- * \param[out] prk A pseudorandom key of at least md.size bytes.
- *
- * \return 0 on success.
- * \return #MBEDTLS_ERR_HKDF_BAD_INPUT_DATA when the parameters are invalid.
- * \return An MBEDTLS_ERR_MD_* error for errors returned from the underlying
- * MD layer.
- */
-int mbedtls_hkdf_extract( const mbedtls_md_info_t *md,
- const unsigned char *salt, size_t salt_len,
- const unsigned char *ikm, size_t ikm_len,
- unsigned char *prk );
-
-/**
- * \brief Expand the supplied \p prk into several additional pseudorandom
- * keys, which is the output of the HKDF.
- *
- * \warning This function should only be used if the security of it has been
- * studied and established in that particular context (eg. TLS 1.3
- * key schedule). For standard HKDF security guarantees use
- * \c mbedtls_hkdf instead.
- *
- * \param md A hash function; md.size denotes the length of the hash
- * function output in bytes.
- * \param prk A pseudorandom key of at least md.size bytes. \p prk is
- * usually the output from the HKDF extract step.
- * \param prk_len The length in bytes of \p prk.
- * \param info An optional context and application specific information
- * string. This can be a zero-length string.
- * \param info_len The length of \p info in bytes.
- * \param okm The output keying material of \p okm_len bytes.
- * \param okm_len The length of the output keying material in bytes. This
- * must be less than or equal to 255 * md.size bytes.
- *
- * \return 0 on success.
- * \return #MBEDTLS_ERR_HKDF_BAD_INPUT_DATA when the parameters are invalid.
- * \return An MBEDTLS_ERR_MD_* error for errors returned from the underlying
- * MD layer.
- */
-int mbedtls_hkdf_expand( const mbedtls_md_info_t *md, const unsigned char *prk,
- size_t prk_len, const unsigned char *info,
- size_t info_len, unsigned char *okm, size_t okm_len );
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* hkdf.h */
diff --git a/mbedtls/hmac_drbg.h b/mbedtls/hmac_drbg.h
deleted file mode 100644
index 0f1653f..0000000
--- a/mbedtls/hmac_drbg.h
+++ /dev/null
@@ -1,447 +0,0 @@
-/**
- * \file hmac_drbg.h
- *
- * \brief The HMAC_DRBG pseudorandom generator.
- *
- * This module implements the HMAC_DRBG pseudorandom generator described
- * in NIST SP 800-90A: Recommendation for Random Number Generation Using
- * Deterministic Random Bit Generators.
- */
-/*
- * Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-#ifndef MBEDTLS_HMAC_DRBG_H
-#define MBEDTLS_HMAC_DRBG_H
-#include "mbedtls/private_access.h"
-
-#include "mbedtls/build_info.h"
-
-#include "mbedtls/md.h"
-
-#if defined(MBEDTLS_THREADING_C)
-#include "mbedtls/threading.h"
-#endif
-
-/*
- * Error codes
- */
-/** Too many random requested in single call. */
-#define MBEDTLS_ERR_HMAC_DRBG_REQUEST_TOO_BIG -0x0003
-/** Input too large (Entropy + additional). */
-#define MBEDTLS_ERR_HMAC_DRBG_INPUT_TOO_BIG -0x0005
-/** Read/write error in file. */
-#define MBEDTLS_ERR_HMAC_DRBG_FILE_IO_ERROR -0x0007
-/** The entropy source failed. */
-#define MBEDTLS_ERR_HMAC_DRBG_ENTROPY_SOURCE_FAILED -0x0009
-
-/**
- * \name SECTION: Module settings
- *
- * The configuration options you can set for this module are in this section.
- * Either change them in mbedtls_config.h or define them on the compiler command line.
- * \{
- */
-
-#if !defined(MBEDTLS_HMAC_DRBG_RESEED_INTERVAL)
-#define MBEDTLS_HMAC_DRBG_RESEED_INTERVAL 10000 /**< Interval before reseed is performed by default */
-#endif
-
-#if !defined(MBEDTLS_HMAC_DRBG_MAX_INPUT)
-#define MBEDTLS_HMAC_DRBG_MAX_INPUT 256 /**< Maximum number of additional input bytes */
-#endif
-
-#if !defined(MBEDTLS_HMAC_DRBG_MAX_REQUEST)
-#define MBEDTLS_HMAC_DRBG_MAX_REQUEST 1024 /**< Maximum number of requested bytes per call */
-#endif
-
-#if !defined(MBEDTLS_HMAC_DRBG_MAX_SEED_INPUT)
-#define MBEDTLS_HMAC_DRBG_MAX_SEED_INPUT 384 /**< Maximum size of (re)seed buffer */
-#endif
-
-/* \} name SECTION: Module settings */
-
-#define MBEDTLS_HMAC_DRBG_PR_OFF 0 /**< No prediction resistance */
-#define MBEDTLS_HMAC_DRBG_PR_ON 1 /**< Prediction resistance enabled */
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/**
- * HMAC_DRBG context.
- */
-typedef struct mbedtls_hmac_drbg_context
-{
- /* Working state: the key K is not stored explicitly,
- * but is implied by the HMAC context */
- mbedtls_md_context_t MBEDTLS_PRIVATE(md_ctx); /*!< HMAC context (inc. K) */
- unsigned char MBEDTLS_PRIVATE(V)[MBEDTLS_MD_MAX_SIZE]; /*!< V in the spec */
- int MBEDTLS_PRIVATE(reseed_counter); /*!< reseed counter */
-
- /* Administrative state */
- size_t MBEDTLS_PRIVATE(entropy_len); /*!< entropy bytes grabbed on each (re)seed */
- int MBEDTLS_PRIVATE(prediction_resistance); /*!< enable prediction resistance (Automatic
- reseed before every random generation) */
- int MBEDTLS_PRIVATE(reseed_interval); /*!< reseed interval */
-
- /* Callbacks */
- int (*MBEDTLS_PRIVATE(f_entropy))(void *, unsigned char *, size_t); /*!< entropy function */
- void *MBEDTLS_PRIVATE(p_entropy); /*!< context for the entropy function */
-
-#if defined(MBEDTLS_THREADING_C)
- /* Invariant: the mutex is initialized if and only if
- * md_ctx->md_info != NULL. This means that the mutex is initialized
- * during the initial seeding in mbedtls_hmac_drbg_seed() or
- * mbedtls_hmac_drbg_seed_buf() and freed in mbedtls_ctr_drbg_free().
- *
- * Note that this invariant may change without notice. Do not rely on it
- * and do not access the mutex directly in application code.
- */
- mbedtls_threading_mutex_t MBEDTLS_PRIVATE(mutex);
-#endif
-} mbedtls_hmac_drbg_context;
-
-/**
- * \brief HMAC_DRBG context initialization.
- *
- * This function makes the context ready for mbedtls_hmac_drbg_seed(),
- * mbedtls_hmac_drbg_seed_buf() or mbedtls_hmac_drbg_free().
- *
- * \note The reseed interval is #MBEDTLS_HMAC_DRBG_RESEED_INTERVAL
- * by default. Override this value by calling
- * mbedtls_hmac_drbg_set_reseed_interval().
- *
- * \param ctx HMAC_DRBG context to be initialized.
- */
-void mbedtls_hmac_drbg_init( mbedtls_hmac_drbg_context *ctx );
-
-/**
- * \brief HMAC_DRBG initial seeding.
- *
- * Set the initial seed and set up the entropy source for future reseeds.
- *
- * A typical choice for the \p f_entropy and \p p_entropy parameters is
- * to use the entropy module:
- * - \p f_entropy is mbedtls_entropy_func();
- * - \p p_entropy is an instance of ::mbedtls_entropy_context initialized
- * with mbedtls_entropy_init() (which registers the platform's default
- * entropy sources).
- *
- * You can provide a personalization string in addition to the
- * entropy source, to make this instantiation as unique as possible.
- *
- * \note By default, the security strength as defined by NIST is:
- * - 128 bits if \p md_info is SHA-1;
- * - 192 bits if \p md_info is SHA-224;
- * - 256 bits if \p md_info is SHA-256, SHA-384 or SHA-512.
- * Note that SHA-256 is just as efficient as SHA-224.
- * The security strength can be reduced if a smaller
- * entropy length is set with
- * mbedtls_hmac_drbg_set_entropy_len().
- *
- * \note The default entropy length is the security strength
- * (converted from bits to bytes). You can override
- * it by calling mbedtls_hmac_drbg_set_entropy_len().
- *
- * \note During the initial seeding, this function calls
- * the entropy source to obtain a nonce
- * whose length is half the entropy length.
- */
-#if defined(MBEDTLS_THREADING_C)
-/**
- * \note When Mbed TLS is built with threading support,
- * after this function returns successfully,
- * it is safe to call mbedtls_hmac_drbg_random()
- * from multiple threads. Other operations, including
- * reseeding, are not thread-safe.
- */
-#endif /* MBEDTLS_THREADING_C */
-/**
- * \param ctx HMAC_DRBG context to be seeded.
- * \param md_info MD algorithm to use for HMAC_DRBG.
- * \param f_entropy The entropy callback, taking as arguments the
- * \p p_entropy context, the buffer to fill, and the
- * length of the buffer.
- * \p f_entropy is always called with a length that is
- * less than or equal to the entropy length.
- * \param p_entropy The entropy context to pass to \p f_entropy.
- * \param custom The personalization string.
- * This can be \c NULL, in which case the personalization
- * string is empty regardless of the value of \p len.
- * \param len The length of the personalization string.
- * This must be at most #MBEDTLS_HMAC_DRBG_MAX_INPUT
- * and also at most
- * #MBEDTLS_HMAC_DRBG_MAX_SEED_INPUT - \p entropy_len * 3 / 2
- * where \p entropy_len is the entropy length
- * described above.
- *
- * \return \c 0 if successful.
- * \return #MBEDTLS_ERR_MD_BAD_INPUT_DATA if \p md_info is
- * invalid.
- * \return #MBEDTLS_ERR_MD_ALLOC_FAILED if there was not enough
- * memory to allocate context data.
- * \return #MBEDTLS_ERR_HMAC_DRBG_ENTROPY_SOURCE_FAILED
- * if the call to \p f_entropy failed.
- */
-int mbedtls_hmac_drbg_seed( mbedtls_hmac_drbg_context *ctx,
- const mbedtls_md_info_t * md_info,
- int (*f_entropy)(void *, unsigned char *, size_t),
- void *p_entropy,
- const unsigned char *custom,
- size_t len );
-
-/**
- * \brief Initilisation of simpified HMAC_DRBG (never reseeds).
- *
- * This function is meant for use in algorithms that need a pseudorandom
- * input such as deterministic ECDSA.
- */
-#if defined(MBEDTLS_THREADING_C)
-/**
- * \note When Mbed TLS is built with threading support,
- * after this function returns successfully,
- * it is safe to call mbedtls_hmac_drbg_random()
- * from multiple threads. Other operations, including
- * reseeding, are not thread-safe.
- */
-#endif /* MBEDTLS_THREADING_C */
-/**
- * \param ctx HMAC_DRBG context to be initialised.
- * \param md_info MD algorithm to use for HMAC_DRBG.
- * \param data Concatenation of the initial entropy string and
- * the additional data.
- * \param data_len Length of \p data in bytes.
- *
- * \return \c 0 if successful. or
- * \return #MBEDTLS_ERR_MD_BAD_INPUT_DATA if \p md_info is
- * invalid.
- * \return #MBEDTLS_ERR_MD_ALLOC_FAILED if there was not enough
- * memory to allocate context data.
- */
-int mbedtls_hmac_drbg_seed_buf( mbedtls_hmac_drbg_context *ctx,
- const mbedtls_md_info_t * md_info,
- const unsigned char *data, size_t data_len );
-
-/**
- * \brief This function turns prediction resistance on or off.
- * The default value is off.
- *
- * \note If enabled, entropy is gathered at the beginning of
- * every call to mbedtls_hmac_drbg_random_with_add()
- * or mbedtls_hmac_drbg_random().
- * Only use this if your entropy source has sufficient
- * throughput.
- *
- * \param ctx The HMAC_DRBG context.
- * \param resistance #MBEDTLS_HMAC_DRBG_PR_ON or #MBEDTLS_HMAC_DRBG_PR_OFF.
- */
-void mbedtls_hmac_drbg_set_prediction_resistance( mbedtls_hmac_drbg_context *ctx,
- int resistance );
-
-/**
- * \brief This function sets the amount of entropy grabbed on each
- * seed or reseed.
- *
- * See the documentation of mbedtls_hmac_drbg_seed() for the default value.
- *
- * \param ctx The HMAC_DRBG context.
- * \param len The amount of entropy to grab, in bytes.
- */
-void mbedtls_hmac_drbg_set_entropy_len( mbedtls_hmac_drbg_context *ctx,
- size_t len );
-
-/**
- * \brief Set the reseed interval.
- *
- * The reseed interval is the number of calls to mbedtls_hmac_drbg_random()
- * or mbedtls_hmac_drbg_random_with_add() after which the entropy function
- * is called again.
- *
- * The default value is #MBEDTLS_HMAC_DRBG_RESEED_INTERVAL.
- *
- * \param ctx The HMAC_DRBG context.
- * \param interval The reseed interval.
- */
-void mbedtls_hmac_drbg_set_reseed_interval( mbedtls_hmac_drbg_context *ctx,
- int interval );
-
-/**
- * \brief This function updates the state of the HMAC_DRBG context.
- *
- * \note This function is not thread-safe. It is not safe
- * to call this function if another thread might be
- * concurrently obtaining random numbers from the same
- * context or updating or reseeding the same context.
- *
- * \param ctx The HMAC_DRBG context.
- * \param additional The data to update the state with.
- * If this is \c NULL, there is no additional data.
- * \param add_len Length of \p additional in bytes.
- * Unused if \p additional is \c NULL.
- *
- * \return \c 0 on success, or an error from the underlying
- * hash calculation.
- */
-int mbedtls_hmac_drbg_update( mbedtls_hmac_drbg_context *ctx,
- const unsigned char *additional, size_t add_len );
-
-/**
- * \brief This function reseeds the HMAC_DRBG context, that is
- * extracts data from the entropy source.
- *
- * \note This function is not thread-safe. It is not safe
- * to call this function if another thread might be
- * concurrently obtaining random numbers from the same
- * context or updating or reseeding the same context.
- *
- * \param ctx The HMAC_DRBG context.
- * \param additional Additional data to add to the state.
- * If this is \c NULL, there is no additional data
- * and \p len should be \c 0.
- * \param len The length of the additional data.
- * This must be at most #MBEDTLS_HMAC_DRBG_MAX_INPUT
- * and also at most
- * #MBEDTLS_HMAC_DRBG_MAX_SEED_INPUT - \p entropy_len
- * where \p entropy_len is the entropy length
- * (see mbedtls_hmac_drbg_set_entropy_len()).
- *
- * \return \c 0 if successful.
- * \return #MBEDTLS_ERR_HMAC_DRBG_ENTROPY_SOURCE_FAILED
- * if a call to the entropy function failed.
- */
-int mbedtls_hmac_drbg_reseed( mbedtls_hmac_drbg_context *ctx,
- const unsigned char *additional, size_t len );
-
-/**
- * \brief This function updates an HMAC_DRBG instance with additional
- * data and uses it to generate random data.
- *
- * This function automatically reseeds if the reseed counter is exceeded
- * or prediction resistance is enabled.
- *
- * \note This function is not thread-safe. It is not safe
- * to call this function if another thread might be
- * concurrently obtaining random numbers from the same
- * context or updating or reseeding the same context.
- *
- * \param p_rng The HMAC_DRBG context. This must be a pointer to a
- * #mbedtls_hmac_drbg_context structure.
- * \param output The buffer to fill.
- * \param output_len The length of the buffer in bytes.
- * This must be at most #MBEDTLS_HMAC_DRBG_MAX_REQUEST.
- * \param additional Additional data to update with.
- * If this is \c NULL, there is no additional data
- * and \p add_len should be \c 0.
- * \param add_len The length of the additional data.
- * This must be at most #MBEDTLS_HMAC_DRBG_MAX_INPUT.
- *
- * \return \c 0 if successful.
- * \return #MBEDTLS_ERR_HMAC_DRBG_ENTROPY_SOURCE_FAILED
- * if a call to the entropy source failed.
- * \return #MBEDTLS_ERR_HMAC_DRBG_REQUEST_TOO_BIG if
- * \p output_len > #MBEDTLS_HMAC_DRBG_MAX_REQUEST.
- * \return #MBEDTLS_ERR_HMAC_DRBG_INPUT_TOO_BIG if
- * \p add_len > #MBEDTLS_HMAC_DRBG_MAX_INPUT.
- */
-int mbedtls_hmac_drbg_random_with_add( void *p_rng,
- unsigned char *output, size_t output_len,
- const unsigned char *additional,
- size_t add_len );
-
-/**
- * \brief This function uses HMAC_DRBG to generate random data.
- *
- * This function automatically reseeds if the reseed counter is exceeded
- * or prediction resistance is enabled.
- */
-#if defined(MBEDTLS_THREADING_C)
-/**
- * \note When Mbed TLS is built with threading support,
- * it is safe to call mbedtls_ctr_drbg_random()
- * from multiple threads. Other operations, including
- * reseeding, are not thread-safe.
- */
-#endif /* MBEDTLS_THREADING_C */
-/**
- * \param p_rng The HMAC_DRBG context. This must be a pointer to a
- * #mbedtls_hmac_drbg_context structure.
- * \param output The buffer to fill.
- * \param out_len The length of the buffer in bytes.
- * This must be at most #MBEDTLS_HMAC_DRBG_MAX_REQUEST.
- *
- * \return \c 0 if successful.
- * \return #MBEDTLS_ERR_HMAC_DRBG_ENTROPY_SOURCE_FAILED
- * if a call to the entropy source failed.
- * \return #MBEDTLS_ERR_HMAC_DRBG_REQUEST_TOO_BIG if
- * \p out_len > #MBEDTLS_HMAC_DRBG_MAX_REQUEST.
- */
-int mbedtls_hmac_drbg_random( void *p_rng, unsigned char *output, size_t out_len );
-
-/**
- * \brief This function resets HMAC_DRBG context to the state immediately
- * after initial call of mbedtls_hmac_drbg_init().
- *
- * \param ctx The HMAC_DRBG context to free.
- */
-void mbedtls_hmac_drbg_free( mbedtls_hmac_drbg_context *ctx );
-
-#if defined(MBEDTLS_FS_IO)
-/**
- * \brief This function writes a seed file.
- *
- * \param ctx The HMAC_DRBG context.
- * \param path The name of the file.
- *
- * \return \c 0 on success.
- * \return #MBEDTLS_ERR_HMAC_DRBG_FILE_IO_ERROR on file error.
- * \return #MBEDTLS_ERR_HMAC_DRBG_ENTROPY_SOURCE_FAILED on reseed
- * failure.
- */
-int mbedtls_hmac_drbg_write_seed_file( mbedtls_hmac_drbg_context *ctx, const char *path );
-
-/**
- * \brief This function reads and updates a seed file. The seed
- * is added to this instance.
- *
- * \param ctx The HMAC_DRBG context.
- * \param path The name of the file.
- *
- * \return \c 0 on success.
- * \return #MBEDTLS_ERR_HMAC_DRBG_FILE_IO_ERROR on file error.
- * \return #MBEDTLS_ERR_HMAC_DRBG_ENTROPY_SOURCE_FAILED on
- * reseed failure.
- * \return #MBEDTLS_ERR_HMAC_DRBG_INPUT_TOO_BIG if the existing
- * seed file is too large.
- */
-int mbedtls_hmac_drbg_update_seed_file( mbedtls_hmac_drbg_context *ctx, const char *path );
-#endif /* MBEDTLS_FS_IO */
-
-
-#if defined(MBEDTLS_SELF_TEST)
-/**
- * \brief The HMAC_DRBG Checkup routine.
- *
- * \return \c 0 if successful.
- * \return \c 1 if the test failed.
- */
-int mbedtls_hmac_drbg_self_test( int verbose );
-#endif
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* hmac_drbg.h */
diff --git a/mbedtls/mbedtls_config.h b/mbedtls/mbedtls_config.h
deleted file mode 100644
index 0558ee0..0000000
--- a/mbedtls/mbedtls_config.h
+++ /dev/null
@@ -1,3322 +0,0 @@
-/**
- * \file mbedtls_config.h
- *
- * \brief Configuration options (set of defines)
- *
- * This set of compile-time options may be used to enable
- * or disable features selectively, and reduce the global
- * memory footprint.
- */
-/*
- * Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-/**
- * This is an optional version symbol that enables comatibility handling of
- * config files.
- *
- * It is equal to the #MBEDTLS_VERSION_NUMBER of the Mbed TLS version that
- * introduced the config format we want to be compatible with.
- */
-//#define MBEDTLS_CONFIG_VERSION 0x03000000
-
-/**
- * \name SECTION: System support
- *
- * This section sets system specific settings.
- * \{
- */
-
-/**
- * \def MBEDTLS_HAVE_ASM
- *
- * The compiler has support for asm().
- *
- * Requires support for asm() in compiler.
- *
- * Used in:
- * library/aria.c
- * library/bn_mul.h
- *
- * Required by:
- * MBEDTLS_AESNI_C
- * MBEDTLS_PADLOCK_C
- *
- * Comment to disable the use of assembly code.
- */
-#define MBEDTLS_HAVE_ASM
-
-/**
- * \def MBEDTLS_NO_UDBL_DIVISION
- *
- * The platform lacks support for double-width integer division (64-bit
- * division on a 32-bit platform, 128-bit division on a 64-bit platform).
- *
- * Used in:
- * include/mbedtls/bignum.h
- * library/bignum.c
- *
- * The bignum code uses double-width division to speed up some operations.
- * Double-width division is often implemented in software that needs to
- * be linked with the program. The presence of a double-width integer
- * type is usually detected automatically through preprocessor macros,
- * but the automatic detection cannot know whether the code needs to
- * and can be linked with an implementation of division for that type.
- * By default division is assumed to be usable if the type is present.
- * Uncomment this option to prevent the use of double-width division.
- *
- * Note that division for the native integer type is always required.
- * Furthermore, a 64-bit type is always required even on a 32-bit
- * platform, but it need not support multiplication or division. In some
- * cases it is also desirable to disable some double-width operations. For
- * example, if double-width division is implemented in software, disabling
- * it can reduce code size in some embedded targets.
- */
-//#define MBEDTLS_NO_UDBL_DIVISION
-
-/**
- * \def MBEDTLS_NO_64BIT_MULTIPLICATION
- *
- * The platform lacks support for 32x32 -> 64-bit multiplication.
- *
- * Used in:
- * library/poly1305.c
- *
- * Some parts of the library may use multiplication of two unsigned 32-bit
- * operands with a 64-bit result in order to speed up computations. On some
- * platforms, this is not available in hardware and has to be implemented in
- * software, usually in a library provided by the toolchain.
- *
- * Sometimes it is not desirable to have to link to that library. This option
- * removes the dependency of that library on platforms that lack a hardware
- * 64-bit multiplier by embedding a software implementation in Mbed TLS.
- *
- * Note that depending on the compiler, this may decrease performance compared
- * to using the library function provided by the toolchain.
- */
-//#define MBEDTLS_NO_64BIT_MULTIPLICATION
-
-/**
- * \def MBEDTLS_HAVE_SSE2
- *
- * CPU supports SSE2 instruction set.
- *
- * Uncomment if the CPU supports SSE2 (IA-32 specific).
- */
-//#define MBEDTLS_HAVE_SSE2
-
-/**
- * \def MBEDTLS_HAVE_TIME
- *
- * System has time.h and time().
- * The time does not need to be correct, only time differences are used,
- * by contrast with MBEDTLS_HAVE_TIME_DATE
- *
- * Defining MBEDTLS_HAVE_TIME allows you to specify MBEDTLS_PLATFORM_TIME_ALT,
- * MBEDTLS_PLATFORM_TIME_MACRO, MBEDTLS_PLATFORM_TIME_TYPE_MACRO and
- * MBEDTLS_PLATFORM_STD_TIME.
- *
- * Comment if your system does not support time functions
- */
-#define MBEDTLS_HAVE_TIME
-
-/**
- * \def MBEDTLS_HAVE_TIME_DATE
- *
- * System has time.h, time(), and an implementation for
- * mbedtls_platform_gmtime_r() (see below).
- * The time needs to be correct (not necessarily very accurate, but at least
- * the date should be correct). This is used to verify the validity period of
- * X.509 certificates.
- *
- * Comment if your system does not have a correct clock.
- *
- * \note mbedtls_platform_gmtime_r() is an abstraction in platform_util.h that
- * behaves similarly to the gmtime_r() function from the C standard. Refer to
- * the documentation for mbedtls_platform_gmtime_r() for more information.
- *
- * \note It is possible to configure an implementation for
- * mbedtls_platform_gmtime_r() at compile-time by using the macro
- * MBEDTLS_PLATFORM_GMTIME_R_ALT.
- */
-#define MBEDTLS_HAVE_TIME_DATE
-
-/**
- * \def MBEDTLS_PLATFORM_MEMORY
- *
- * Enable the memory allocation layer.
- *
- * By default mbed TLS uses the system-provided calloc() and free().
- * This allows different allocators (self-implemented or provided) to be
- * provided to the platform abstraction layer.
- *
- * Enabling MBEDTLS_PLATFORM_MEMORY without the
- * MBEDTLS_PLATFORM_{FREE,CALLOC}_MACROs will provide
- * "mbedtls_platform_set_calloc_free()" allowing you to set an alternative calloc() and
- * free() function pointer at runtime.
- *
- * Enabling MBEDTLS_PLATFORM_MEMORY and specifying
- * MBEDTLS_PLATFORM_{CALLOC,FREE}_MACROs will allow you to specify the
- * alternate function at compile time.
- *
- * Requires: MBEDTLS_PLATFORM_C
- *
- * Enable this layer to allow use of alternative memory allocators.
- */
-//#define MBEDTLS_PLATFORM_MEMORY
-
-/**
- * \def MBEDTLS_PLATFORM_NO_STD_FUNCTIONS
- *
- * Do not assign standard functions in the platform layer (e.g. calloc() to
- * MBEDTLS_PLATFORM_STD_CALLOC and printf() to MBEDTLS_PLATFORM_STD_PRINTF)
- *
- * This makes sure there are no linking errors on platforms that do not support
- * these functions. You will HAVE to provide alternatives, either at runtime
- * via the platform_set_xxx() functions or at compile time by setting
- * the MBEDTLS_PLATFORM_STD_XXX defines, or enabling a
- * MBEDTLS_PLATFORM_XXX_MACRO.
- *
- * Requires: MBEDTLS_PLATFORM_C
- *
- * Uncomment to prevent default assignment of standard functions in the
- * platform layer.
- */
-//#define MBEDTLS_PLATFORM_NO_STD_FUNCTIONS
-
-/**
- * \def MBEDTLS_PLATFORM_EXIT_ALT
- *
- * MBEDTLS_PLATFORM_XXX_ALT: Uncomment a macro to let mbed TLS support the
- * function in the platform abstraction layer.
- *
- * Example: In case you uncomment MBEDTLS_PLATFORM_PRINTF_ALT, mbed TLS will
- * provide a function "mbedtls_platform_set_printf()" that allows you to set an
- * alternative printf function pointer.
- *
- * All these define require MBEDTLS_PLATFORM_C to be defined!
- *
- * \note MBEDTLS_PLATFORM_SNPRINTF_ALT is required on Windows;
- * it will be enabled automatically by check_config.h
- *
- * \warning MBEDTLS_PLATFORM_XXX_ALT cannot be defined at the same time as
- * MBEDTLS_PLATFORM_XXX_MACRO!
- *
- * Requires: MBEDTLS_PLATFORM_TIME_ALT requires MBEDTLS_HAVE_TIME
- *
- * Uncomment a macro to enable alternate implementation of specific base
- * platform function
- */
-//#define MBEDTLS_PLATFORM_EXIT_ALT
-//#define MBEDTLS_PLATFORM_TIME_ALT
-//#define MBEDTLS_PLATFORM_FPRINTF_ALT
-//#define MBEDTLS_PLATFORM_PRINTF_ALT
-//#define MBEDTLS_PLATFORM_SNPRINTF_ALT
-//#define MBEDTLS_PLATFORM_VSNPRINTF_ALT
-//#define MBEDTLS_PLATFORM_NV_SEED_ALT
-//#define MBEDTLS_PLATFORM_SETUP_TEARDOWN_ALT
-
-/**
- * \def MBEDTLS_DEPRECATED_WARNING
- *
- * Mark deprecated functions and features so that they generate a warning if
- * used. Functionality deprecated in one version will usually be removed in the
- * next version. You can enable this to help you prepare the transition to a
- * new major version by making sure your code is not using this functionality.
- *
- * This only works with GCC and Clang. With other compilers, you may want to
- * use MBEDTLS_DEPRECATED_REMOVED
- *
- * Uncomment to get warnings on using deprecated functions and features.
- */
-//#define MBEDTLS_DEPRECATED_WARNING
-
-/**
- * \def MBEDTLS_DEPRECATED_REMOVED
- *
- * Remove deprecated functions and features so that they generate an error if
- * used. Functionality deprecated in one version will usually be removed in the
- * next version. You can enable this to help you prepare the transition to a
- * new major version by making sure your code is not using this functionality.
- *
- * Uncomment to get errors on using deprecated functions and features.
- */
-//#define MBEDTLS_DEPRECATED_REMOVED
-
-/* \} name SECTION: System support */
-
-/**
- * \name SECTION: mbed TLS feature support
- *
- * This section sets support for features that are or are not needed
- * within the modules that are enabled.
- * \{
- */
-
-/**
- * \def MBEDTLS_TIMING_ALT
- *
- * Uncomment to provide your own alternate implementation for
- * mbedtls_timing_get_timer(), mbedtls_set_alarm(), mbedtls_set/get_delay()
- *
- * Only works if you have MBEDTLS_TIMING_C enabled.
- *
- * You will need to provide a header "timing_alt.h" and an implementation at
- * compile time.
- */
-//#define MBEDTLS_TIMING_ALT
-
-/**
- * \def MBEDTLS_AES_ALT
- *
- * MBEDTLS__MODULE_NAME__ALT: Uncomment a macro to let mbed TLS use your
- * alternate core implementation of a symmetric crypto, an arithmetic or hash
- * module (e.g. platform specific assembly optimized implementations). Keep
- * in mind that the function prototypes should remain the same.
- *
- * This replaces the whole module. If you only want to replace one of the
- * functions, use one of the MBEDTLS__FUNCTION_NAME__ALT flags.
- *
- * Example: In case you uncomment MBEDTLS_AES_ALT, mbed TLS will no longer
- * provide the "struct mbedtls_aes_context" definition and omit the base
- * function declarations and implementations. "aes_alt.h" will be included from
- * "aes.h" to include the new function definitions.
- *
- * Uncomment a macro to enable alternate implementation of the corresponding
- * module.
- *
- * \warning MD5, DES and SHA-1 are considered weak and their
- * use constitutes a security risk. If possible, we recommend
- * avoiding dependencies on them, and considering stronger message
- * digests and ciphers instead.
- *
- */
-//#define MBEDTLS_AES_ALT
-//#define MBEDTLS_ARIA_ALT
-//#define MBEDTLS_CAMELLIA_ALT
-//#define MBEDTLS_CCM_ALT
-//#define MBEDTLS_CHACHA20_ALT
-//#define MBEDTLS_CHACHAPOLY_ALT
-//#define MBEDTLS_CMAC_ALT
-//#define MBEDTLS_DES_ALT
-//#define MBEDTLS_DHM_ALT
-//#define MBEDTLS_ECJPAKE_ALT
-//#define MBEDTLS_GCM_ALT
-//#define MBEDTLS_NIST_KW_ALT
-//#define MBEDTLS_MD5_ALT
-//#define MBEDTLS_POLY1305_ALT
-//#define MBEDTLS_RIPEMD160_ALT
-//#define MBEDTLS_RSA_ALT
-//#define MBEDTLS_SHA1_ALT
-//#define MBEDTLS_SHA256_ALT
-//#define MBEDTLS_SHA512_ALT
-
-/*
- * When replacing the elliptic curve module, pleace consider, that it is
- * implemented with two .c files:
- * - ecp.c
- * - ecp_curves.c
- * You can replace them very much like all the other MBEDTLS__MODULE_NAME__ALT
- * macros as described above. The only difference is that you have to make sure
- * that you provide functionality for both .c files.
- */
-//#define MBEDTLS_ECP_ALT
-
-/**
- * \def MBEDTLS_SHA256_PROCESS_ALT
- *
- * MBEDTLS__FUNCTION_NAME__ALT: Uncomment a macro to let mbed TLS use you
- * alternate core implementation of symmetric crypto or hash function. Keep in
- * mind that function prototypes should remain the same.
- *
- * This replaces only one function. The header file from mbed TLS is still
- * used, in contrast to the MBEDTLS__MODULE_NAME__ALT flags.
- *
- * Example: In case you uncomment MBEDTLS_SHA256_PROCESS_ALT, mbed TLS will
- * no longer provide the mbedtls_sha1_process() function, but it will still provide
- * the other function (using your mbedtls_sha1_process() function) and the definition
- * of mbedtls_sha1_context, so your implementation of mbedtls_sha1_process must be compatible
- * with this definition.
- *
- * \note If you use the AES_xxx_ALT macros, then it is recommended to also set
- * MBEDTLS_AES_ROM_TABLES in order to help the linker garbage-collect the AES
- * tables.
- *
- * Uncomment a macro to enable alternate implementation of the corresponding
- * function.
- *
- * \warning MD5, DES and SHA-1 are considered weak and their use
- * constitutes a security risk. If possible, we recommend avoiding
- * dependencies on them, and considering stronger message digests
- * and ciphers instead.
- *
- * \warning If both MBEDTLS_ECDSA_SIGN_ALT and MBEDTLS_ECDSA_DETERMINISTIC are
- * enabled, then the deterministic ECDH signature functions pass the
- * the static HMAC-DRBG as RNG to mbedtls_ecdsa_sign(). Therefore
- * alternative implementations should use the RNG only for generating
- * the ephemeral key and nothing else. If this is not possible, then
- * MBEDTLS_ECDSA_DETERMINISTIC should be disabled and an alternative
- * implementation should be provided for mbedtls_ecdsa_sign_det_ext().
- *
- */
-//#define MBEDTLS_MD5_PROCESS_ALT
-//#define MBEDTLS_RIPEMD160_PROCESS_ALT
-//#define MBEDTLS_SHA1_PROCESS_ALT
-//#define MBEDTLS_SHA256_PROCESS_ALT
-//#define MBEDTLS_SHA512_PROCESS_ALT
-//#define MBEDTLS_DES_SETKEY_ALT
-//#define MBEDTLS_DES_CRYPT_ECB_ALT
-//#define MBEDTLS_DES3_CRYPT_ECB_ALT
-//#define MBEDTLS_AES_SETKEY_ENC_ALT
-//#define MBEDTLS_AES_SETKEY_DEC_ALT
-//#define MBEDTLS_AES_ENCRYPT_ALT
-//#define MBEDTLS_AES_DECRYPT_ALT
-//#define MBEDTLS_ECDH_GEN_PUBLIC_ALT
-//#define MBEDTLS_ECDH_COMPUTE_SHARED_ALT
-//#define MBEDTLS_ECDSA_VERIFY_ALT
-//#define MBEDTLS_ECDSA_SIGN_ALT
-//#define MBEDTLS_ECDSA_GENKEY_ALT
-
-/**
- * \def MBEDTLS_ECP_INTERNAL_ALT
- *
- * Expose a part of the internal interface of the Elliptic Curve Point module.
- *
- * MBEDTLS_ECP__FUNCTION_NAME__ALT: Uncomment a macro to let mbed TLS use your
- * alternative core implementation of elliptic curve arithmetic. Keep in mind
- * that function prototypes should remain the same.
- *
- * This partially replaces one function. The header file from mbed TLS is still
- * used, in contrast to the MBEDTLS_ECP_ALT flag. The original implementation
- * is still present and it is used for group structures not supported by the
- * alternative.
- *
- * The original implementation can in addition be removed by setting the
- * MBEDTLS_ECP_NO_FALLBACK option, in which case any function for which the
- * corresponding MBEDTLS_ECP__FUNCTION_NAME__ALT macro is defined will not be
- * able to fallback to curves not supported by the alternative implementation.
- *
- * Any of these options become available by defining MBEDTLS_ECP_INTERNAL_ALT
- * and implementing the following functions:
- * unsigned char mbedtls_internal_ecp_grp_capable(
- * const mbedtls_ecp_group *grp )
- * int mbedtls_internal_ecp_init( const mbedtls_ecp_group *grp )
- * void mbedtls_internal_ecp_free( const mbedtls_ecp_group *grp )
- * The mbedtls_internal_ecp_grp_capable function should return 1 if the
- * replacement functions implement arithmetic for the given group and 0
- * otherwise.
- * The functions mbedtls_internal_ecp_init and mbedtls_internal_ecp_free are
- * called before and after each point operation and provide an opportunity to
- * implement optimized set up and tear down instructions.
- *
- * Example: In case you set MBEDTLS_ECP_INTERNAL_ALT and
- * MBEDTLS_ECP_DOUBLE_JAC_ALT, mbed TLS will still provide the ecp_double_jac()
- * function, but will use your mbedtls_internal_ecp_double_jac() if the group
- * for the operation is supported by your implementation (i.e. your
- * mbedtls_internal_ecp_grp_capable() function returns 1 for this group). If the
- * group is not supported by your implementation, then the original mbed TLS
- * implementation of ecp_double_jac() is used instead, unless this fallback
- * behaviour is disabled by setting MBEDTLS_ECP_NO_FALLBACK (in which case
- * ecp_double_jac() will return MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE).
- *
- * The function prototypes and the definition of mbedtls_ecp_group and
- * mbedtls_ecp_point will not change based on MBEDTLS_ECP_INTERNAL_ALT, so your
- * implementation of mbedtls_internal_ecp__function_name__ must be compatible
- * with their definitions.
- *
- * Uncomment a macro to enable alternate implementation of the corresponding
- * function.
- */
-/* Required for all the functions in this section */
-//#define MBEDTLS_ECP_INTERNAL_ALT
-/* Turn off software fallback for curves not supported in hardware */
-//#define MBEDTLS_ECP_NO_FALLBACK
-/* Support for Weierstrass curves with Jacobi representation */
-//#define MBEDTLS_ECP_RANDOMIZE_JAC_ALT
-//#define MBEDTLS_ECP_ADD_MIXED_ALT
-//#define MBEDTLS_ECP_DOUBLE_JAC_ALT
-//#define MBEDTLS_ECP_NORMALIZE_JAC_MANY_ALT
-//#define MBEDTLS_ECP_NORMALIZE_JAC_ALT
-/* Support for curves with Montgomery arithmetic */
-//#define MBEDTLS_ECP_DOUBLE_ADD_MXZ_ALT
-//#define MBEDTLS_ECP_RANDOMIZE_MXZ_ALT
-//#define MBEDTLS_ECP_NORMALIZE_MXZ_ALT
-
-/**
- * \def MBEDTLS_ENTROPY_HARDWARE_ALT
- *
- * Uncomment this macro to let mbed TLS use your own implementation of a
- * hardware entropy collector.
- *
- * Your function must be called \c mbedtls_hardware_poll(), have the same
- * prototype as declared in library/entropy_poll.h, and accept NULL as first
- * argument.
- *
- * Uncomment to use your own hardware entropy collector.
- */
-//#define MBEDTLS_ENTROPY_HARDWARE_ALT
-
-/**
- * \def MBEDTLS_AES_ROM_TABLES
- *
- * Use precomputed AES tables stored in ROM.
- *
- * Uncomment this macro to use precomputed AES tables stored in ROM.
- * Comment this macro to generate AES tables in RAM at runtime.
- *
- * Tradeoff: Using precomputed ROM tables reduces RAM usage by ~8kb
- * (or ~2kb if \c MBEDTLS_AES_FEWER_TABLES is used) and reduces the
- * initialization time before the first AES operation can be performed.
- * It comes at the cost of additional ~8kb ROM use (resp. ~2kb if \c
- * MBEDTLS_AES_FEWER_TABLES below is used), and potentially degraded
- * performance if ROM access is slower than RAM access.
- *
- * This option is independent of \c MBEDTLS_AES_FEWER_TABLES.
- *
- */
-//#define MBEDTLS_AES_ROM_TABLES
-
-/**
- * \def MBEDTLS_AES_FEWER_TABLES
- *
- * Use less ROM/RAM for AES tables.
- *
- * Uncommenting this macro omits 75% of the AES tables from
- * ROM / RAM (depending on the value of \c MBEDTLS_AES_ROM_TABLES)
- * by computing their values on the fly during operations
- * (the tables are entry-wise rotations of one another).
- *
- * Tradeoff: Uncommenting this reduces the RAM / ROM footprint
- * by ~6kb but at the cost of more arithmetic operations during
- * runtime. Specifically, one has to compare 4 accesses within
- * different tables to 4 accesses with additional arithmetic
- * operations within the same table. The performance gain/loss
- * depends on the system and memory details.
- *
- * This option is independent of \c MBEDTLS_AES_ROM_TABLES.
- *
- */
-//#define MBEDTLS_AES_FEWER_TABLES
-
-/**
- * \def MBEDTLS_CAMELLIA_SMALL_MEMORY
- *
- * Use less ROM for the Camellia implementation (saves about 768 bytes).
- *
- * Uncomment this macro to use less memory for Camellia.
- */
-//#define MBEDTLS_CAMELLIA_SMALL_MEMORY
-
-/**
- * \def MBEDTLS_CHECK_RETURN_WARNING
- *
- * If this macro is defined, emit a compile-time warning if application code
- * calls a function without checking its return value, but the return value
- * should generally be checked in portable applications.
- *
- * This is only supported on platforms where #MBEDTLS_CHECK_RETURN is
- * implemented. Otherwise this option has no effect.
- *
- * Uncomment to get warnings on using fallible functions without checking
- * their return value.
- *
- * \note This feature is a work in progress.
- * Warnings will be added to more functions in the future.
- *
- * \note A few functions are considered critical, and ignoring the return
- * value of these functions will trigger a warning even if this
- * macro is not defined. To completely disable return value check
- * warnings, define #MBEDTLS_CHECK_RETURN with an empty expansion.
- */
-//#define MBEDTLS_CHECK_RETURN_WARNING
-
-/**
- * \def MBEDTLS_CIPHER_MODE_CBC
- *
- * Enable Cipher Block Chaining mode (CBC) for symmetric ciphers.
- */
-#define MBEDTLS_CIPHER_MODE_CBC
-
-/**
- * \def MBEDTLS_CIPHER_MODE_CFB
- *
- * Enable Cipher Feedback mode (CFB) for symmetric ciphers.
- */
-#define MBEDTLS_CIPHER_MODE_CFB
-
-/**
- * \def MBEDTLS_CIPHER_MODE_CTR
- *
- * Enable Counter Block Cipher mode (CTR) for symmetric ciphers.
- */
-#define MBEDTLS_CIPHER_MODE_CTR
-
-/**
- * \def MBEDTLS_CIPHER_MODE_OFB
- *
- * Enable Output Feedback mode (OFB) for symmetric ciphers.
- */
-#define MBEDTLS_CIPHER_MODE_OFB
-
-/**
- * \def MBEDTLS_CIPHER_MODE_XTS
- *
- * Enable Xor-encrypt-xor with ciphertext stealing mode (XTS) for AES.
- */
-#define MBEDTLS_CIPHER_MODE_XTS
-
-/**
- * \def MBEDTLS_CIPHER_NULL_CIPHER
- *
- * Enable NULL cipher.
- * Warning: Only do so when you know what you are doing. This allows for
- * encryption or channels without any security!
- *
- * To enable the following ciphersuites:
- * MBEDTLS_TLS_ECDH_ECDSA_WITH_NULL_SHA
- * MBEDTLS_TLS_ECDH_RSA_WITH_NULL_SHA
- * MBEDTLS_TLS_ECDHE_ECDSA_WITH_NULL_SHA
- * MBEDTLS_TLS_ECDHE_RSA_WITH_NULL_SHA
- * MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA384
- * MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA256
- * MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA
- * MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA384
- * MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA256
- * MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA
- * MBEDTLS_TLS_RSA_WITH_NULL_SHA256
- * MBEDTLS_TLS_RSA_WITH_NULL_SHA
- * MBEDTLS_TLS_RSA_WITH_NULL_MD5
- * MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA384
- * MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA256
- * MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA
- * MBEDTLS_TLS_PSK_WITH_NULL_SHA384
- * MBEDTLS_TLS_PSK_WITH_NULL_SHA256
- * MBEDTLS_TLS_PSK_WITH_NULL_SHA
- *
- * Uncomment this macro to enable the NULL cipher and ciphersuites
- */
-//#define MBEDTLS_CIPHER_NULL_CIPHER
-
-/**
- * \def MBEDTLS_CIPHER_PADDING_PKCS7
- *
- * MBEDTLS_CIPHER_PADDING_XXX: Uncomment or comment macros to add support for
- * specific padding modes in the cipher layer with cipher modes that support
- * padding (e.g. CBC)
- *
- * If you disable all padding modes, only full blocks can be used with CBC.
- *
- * Enable padding modes in the cipher layer.
- */
-#define MBEDTLS_CIPHER_PADDING_PKCS7
-#define MBEDTLS_CIPHER_PADDING_ONE_AND_ZEROS
-#define MBEDTLS_CIPHER_PADDING_ZEROS_AND_LEN
-#define MBEDTLS_CIPHER_PADDING_ZEROS
-
-/** \def MBEDTLS_CTR_DRBG_USE_128_BIT_KEY
- *
- * Uncomment this macro to use a 128-bit key in the CTR_DRBG module.
- * By default, CTR_DRBG uses a 256-bit key.
- */
-//#define MBEDTLS_CTR_DRBG_USE_128_BIT_KEY
-
-/**
- * \def MBEDTLS_ECP_DP_SECP192R1_ENABLED
- *
- * MBEDTLS_ECP_XXXX_ENABLED: Enables specific curves within the Elliptic Curve
- * module. By default all supported curves are enabled.
- *
- * Comment macros to disable the curve and functions for it
- */
-/* Short Weierstrass curves (supporting ECP, ECDH, ECDSA) */
-#define MBEDTLS_ECP_DP_SECP192R1_ENABLED
-#define MBEDTLS_ECP_DP_SECP224R1_ENABLED
-#define MBEDTLS_ECP_DP_SECP256R1_ENABLED
-#define MBEDTLS_ECP_DP_SECP384R1_ENABLED
-#define MBEDTLS_ECP_DP_SECP521R1_ENABLED
-#define MBEDTLS_ECP_DP_SECP192K1_ENABLED
-#define MBEDTLS_ECP_DP_SECP224K1_ENABLED
-#define MBEDTLS_ECP_DP_SECP256K1_ENABLED
-#define MBEDTLS_ECP_DP_BP256R1_ENABLED
-#define MBEDTLS_ECP_DP_BP384R1_ENABLED
-#define MBEDTLS_ECP_DP_BP512R1_ENABLED
-/* Montgomery curves (supporting ECP) */
-#define MBEDTLS_ECP_DP_CURVE25519_ENABLED
-#define MBEDTLS_ECP_DP_CURVE448_ENABLED
-
-/**
- * \def MBEDTLS_ECP_NIST_OPTIM
- *
- * Enable specific 'modulo p' routines for each NIST prime.
- * Depending on the prime and architecture, makes operations 4 to 8 times
- * faster on the corresponding curve.
- *
- * Comment this macro to disable NIST curves optimisation.
- */
-#define MBEDTLS_ECP_NIST_OPTIM
-
-/**
- * \def MBEDTLS_ECP_RESTARTABLE
- *
- * Enable "non-blocking" ECC operations that can return early and be resumed.
- *
- * This allows various functions to pause by returning
- * #MBEDTLS_ERR_ECP_IN_PROGRESS (or, for functions in the SSL module,
- * #MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS) and then be called later again in
- * order to further progress and eventually complete their operation. This is
- * controlled through mbedtls_ecp_set_max_ops() which limits the maximum
- * number of ECC operations a function may perform before pausing; see
- * mbedtls_ecp_set_max_ops() for more information.
- *
- * This is useful in non-threaded environments if you want to avoid blocking
- * for too long on ECC (and, hence, X.509 or SSL/TLS) operations.
- *
- * Uncomment this macro to enable restartable ECC computations.
- *
- * \note This option only works with the default software implementation of
- * elliptic curve functionality. It is incompatible with
- * MBEDTLS_ECP_ALT, MBEDTLS_ECDH_XXX_ALT, MBEDTLS_ECDSA_XXX_ALT.
- */
-//#define MBEDTLS_ECP_RESTARTABLE
-
-/**
- * \def MBEDTLS_ECDSA_DETERMINISTIC
- *
- * Enable deterministic ECDSA (RFC 6979).
- * Standard ECDSA is "fragile" in the sense that lack of entropy when signing
- * may result in a compromise of the long-term signing key. This is avoided by
- * the deterministic variant.
- *
- * Requires: MBEDTLS_HMAC_DRBG_C, MBEDTLS_ECDSA_C
- *
- * Comment this macro to disable deterministic ECDSA.
- */
-#define MBEDTLS_ECDSA_DETERMINISTIC
-
-/**
- * \def MBEDTLS_KEY_EXCHANGE_PSK_ENABLED
- *
- * Enable the PSK based ciphersuite modes in SSL / TLS.
- *
- * This enables the following ciphersuites (if other requisites are
- * enabled as well):
- * MBEDTLS_TLS_PSK_WITH_AES_256_GCM_SHA384
- * MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA384
- * MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA
- * MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384
- * MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384
- * MBEDTLS_TLS_PSK_WITH_AES_128_GCM_SHA256
- * MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA256
- * MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA
- * MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256
- * MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256
- */
-#define MBEDTLS_KEY_EXCHANGE_PSK_ENABLED
-
-/**
- * \def MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED
- *
- * Enable the DHE-PSK based ciphersuite modes in SSL / TLS.
- *
- * Requires: MBEDTLS_DHM_C
- *
- * This enables the following ciphersuites (if other requisites are
- * enabled as well):
- * MBEDTLS_TLS_DHE_PSK_WITH_AES_256_GCM_SHA384
- * MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA384
- * MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA
- * MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384
- * MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384
- * MBEDTLS_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256
- * MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256
- * MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA
- * MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256
- * MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256
- *
- * \warning Using DHE constitutes a security risk as it
- * is not possible to validate custom DH parameters.
- * If possible, it is recommended users should consider
- * preferring other methods of key exchange.
- * See dhm.h for more details.
- *
- */
-#define MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED
-
-/**
- * \def MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
- *
- * Enable the ECDHE-PSK based ciphersuite modes in SSL / TLS.
- *
- * Requires: MBEDTLS_ECDH_C
- *
- * This enables the following ciphersuites (if other requisites are
- * enabled as well):
- * MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384
- * MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA
- * MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384
- * MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256
- * MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA
- * MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256
- */
-#define MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
-
-/**
- * \def MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED
- *
- * Enable the RSA-PSK based ciphersuite modes in SSL / TLS.
- *
- * Requires: MBEDTLS_RSA_C, MBEDTLS_PKCS1_V15,
- * MBEDTLS_X509_CRT_PARSE_C
- *
- * This enables the following ciphersuites (if other requisites are
- * enabled as well):
- * MBEDTLS_TLS_RSA_PSK_WITH_AES_256_GCM_SHA384
- * MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA384
- * MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA
- * MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384
- * MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384
- * MBEDTLS_TLS_RSA_PSK_WITH_AES_128_GCM_SHA256
- * MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA256
- * MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA
- * MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256
- * MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256
- */
-#define MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED
-
-/**
- * \def MBEDTLS_KEY_EXCHANGE_RSA_ENABLED
- *
- * Enable the RSA-only based ciphersuite modes in SSL / TLS.
- *
- * Requires: MBEDTLS_RSA_C, MBEDTLS_PKCS1_V15,
- * MBEDTLS_X509_CRT_PARSE_C
- *
- * This enables the following ciphersuites (if other requisites are
- * enabled as well):
- * MBEDTLS_TLS_RSA_WITH_AES_256_GCM_SHA384
- * MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA256
- * MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA
- * MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384
- * MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256
- * MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA
- * MBEDTLS_TLS_RSA_WITH_AES_128_GCM_SHA256
- * MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA256
- * MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA
- * MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256
- * MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256
- * MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA
- */
-#define MBEDTLS_KEY_EXCHANGE_RSA_ENABLED
-
-/**
- * \def MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED
- *
- * Enable the DHE-RSA based ciphersuite modes in SSL / TLS.
- *
- * Requires: MBEDTLS_DHM_C, MBEDTLS_RSA_C, MBEDTLS_PKCS1_V15,
- * MBEDTLS_X509_CRT_PARSE_C
- *
- * This enables the following ciphersuites (if other requisites are
- * enabled as well):
- * MBEDTLS_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
- * MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
- * MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA
- * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384
- * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256
- * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA
- * MBEDTLS_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
- * MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
- * MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA
- * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256
- * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256
- * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA
- *
- * \warning Using DHE constitutes a security risk as it
- * is not possible to validate custom DH parameters.
- * If possible, it is recommended users should consider
- * preferring other methods of key exchange.
- * See dhm.h for more details.
- *
- */
-#define MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED
-
-/**
- * \def MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED
- *
- * Enable the ECDHE-RSA based ciphersuite modes in SSL / TLS.
- *
- * Requires: MBEDTLS_ECDH_C, MBEDTLS_RSA_C, MBEDTLS_PKCS1_V15,
- * MBEDTLS_X509_CRT_PARSE_C
- *
- * This enables the following ciphersuites (if other requisites are
- * enabled as well):
- * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
- * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
- * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
- * MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384
- * MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384
- * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
- * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
- * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
- * MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256
- * MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256
- */
-#define MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED
-
-/**
- * \def MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
- *
- * Enable the ECDHE-ECDSA based ciphersuite modes in SSL / TLS.
- *
- * Requires: MBEDTLS_ECDH_C, MBEDTLS_ECDSA_C, MBEDTLS_X509_CRT_PARSE_C,
- *
- * This enables the following ciphersuites (if other requisites are
- * enabled as well):
- * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
- * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
- * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
- * MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384
- * MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384
- * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
- * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
- * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
- * MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256
- * MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256
- */
-#define MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
-
-/**
- * \def MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED
- *
- * Enable the ECDH-ECDSA based ciphersuite modes in SSL / TLS.
- *
- * Requires: MBEDTLS_ECDH_C, MBEDTLS_ECDSA_C, MBEDTLS_X509_CRT_PARSE_C
- *
- * This enables the following ciphersuites (if other requisites are
- * enabled as well):
- * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA
- * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
- * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
- * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
- * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256
- * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384
- * MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256
- * MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384
- * MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256
- * MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384
- */
-#define MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED
-
-/**
- * \def MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED
- *
- * Enable the ECDH-RSA based ciphersuite modes in SSL / TLS.
- *
- * Requires: MBEDTLS_ECDH_C, MBEDTLS_RSA_C, MBEDTLS_X509_CRT_PARSE_C
- *
- * This enables the following ciphersuites (if other requisites are
- * enabled as well):
- * MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA
- * MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
- * MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256
- * MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
- * MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256
- * MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384
- * MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256
- * MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384
- * MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256
- * MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384
- */
-#define MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED
-
-/**
- * \def MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED
- *
- * Enable the ECJPAKE based ciphersuite modes in SSL / TLS.
- *
- * \warning This is currently experimental. EC J-PAKE support is based on the
- * Thread v1.0.0 specification; incompatible changes to the specification
- * might still happen. For this reason, this is disabled by default.
- *
- * Requires: MBEDTLS_ECJPAKE_C
- * MBEDTLS_SHA256_C
- * MBEDTLS_ECP_DP_SECP256R1_ENABLED
- *
- * This enables the following ciphersuites (if other requisites are
- * enabled as well):
- * MBEDTLS_TLS_ECJPAKE_WITH_AES_128_CCM_8
- */
-//#define MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED
-
-/**
- * \def MBEDTLS_PK_PARSE_EC_EXTENDED
- *
- * Enhance support for reading EC keys using variants of SEC1 not allowed by
- * RFC 5915 and RFC 5480.
- *
- * Currently this means parsing the SpecifiedECDomain choice of EC
- * parameters (only known groups are supported, not arbitrary domains, to
- * avoid validation issues).
- *
- * Disable if you only need to support RFC 5915 + 5480 key formats.
- */
-#define MBEDTLS_PK_PARSE_EC_EXTENDED
-
-/**
- * \def MBEDTLS_ERROR_STRERROR_DUMMY
- *
- * Enable a dummy error function to make use of mbedtls_strerror() in
- * third party libraries easier when MBEDTLS_ERROR_C is disabled
- * (no effect when MBEDTLS_ERROR_C is enabled).
- *
- * You can safely disable this if MBEDTLS_ERROR_C is enabled, or if you're
- * not using mbedtls_strerror() or error_strerror() in your application.
- *
- * Disable if you run into name conflicts and want to really remove the
- * mbedtls_strerror()
- */
-#define MBEDTLS_ERROR_STRERROR_DUMMY
-
-/**
- * \def MBEDTLS_GENPRIME
- *
- * Enable the prime-number generation code.
- *
- * Requires: MBEDTLS_BIGNUM_C
- */
-#define MBEDTLS_GENPRIME
-
-/**
- * \def MBEDTLS_FS_IO
- *
- * Enable functions that use the filesystem.
- */
-#define MBEDTLS_FS_IO
-
-/**
- * \def MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES
- *
- * Do not add default entropy sources in mbedtls_entropy_init().
- *
- * This is useful to have more control over the added entropy sources in an
- * application.
- *
- * Uncomment this macro to prevent loading of default entropy functions.
- */
-//#define MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES
-
-/**
- * \def MBEDTLS_NO_PLATFORM_ENTROPY
- *
- * Do not use built-in platform entropy functions.
- * This is useful if your platform does not support
- * standards like the /dev/urandom or Windows CryptoAPI.
- *
- * Uncomment this macro to disable the built-in platform entropy functions.
- */
-//#define MBEDTLS_NO_PLATFORM_ENTROPY
-
-/**
- * \def MBEDTLS_ENTROPY_FORCE_SHA256
- *
- * Force the entropy accumulator to use a SHA-256 accumulator instead of the
- * default SHA-512 based one (if both are available).
- *
- * Requires: MBEDTLS_SHA256_C
- *
- * On 32-bit systems SHA-256 can be much faster than SHA-512. Use this option
- * if you have performance concerns.
- *
- * This option is only useful if both MBEDTLS_SHA256_C and
- * MBEDTLS_SHA512_C are defined. Otherwise the available hash module is used.
- */
-//#define MBEDTLS_ENTROPY_FORCE_SHA256
-
-/**
- * \def MBEDTLS_ENTROPY_NV_SEED
- *
- * Enable the non-volatile (NV) seed file-based entropy source.
- * (Also enables the NV seed read/write functions in the platform layer)
- *
- * This is crucial (if not required) on systems that do not have a
- * cryptographic entropy source (in hardware or kernel) available.
- *
- * Requires: MBEDTLS_ENTROPY_C, MBEDTLS_PLATFORM_C
- *
- * \note The read/write functions that are used by the entropy source are
- * determined in the platform layer, and can be modified at runtime and/or
- * compile-time depending on the flags (MBEDTLS_PLATFORM_NV_SEED_*) used.
- *
- * \note If you use the default implementation functions that read a seedfile
- * with regular fopen(), please make sure you make a seedfile with the
- * proper name (defined in MBEDTLS_PLATFORM_STD_NV_SEED_FILE) and at
- * least MBEDTLS_ENTROPY_BLOCK_SIZE bytes in size that can be read from
- * and written to or you will get an entropy source error! The default
- * implementation will only use the first MBEDTLS_ENTROPY_BLOCK_SIZE
- * bytes from the file.
- *
- * \note The entropy collector will write to the seed file before entropy is
- * given to an external source, to update it.
- */
-//#define MBEDTLS_ENTROPY_NV_SEED
-
-/* MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER
- *
- * Enable key identifiers that encode a key owner identifier.
- *
- * The owner of a key is identified by a value of type ::mbedtls_key_owner_id_t
- * which is currently hard-coded to be int32_t.
- *
- * Note that this option is meant for internal use only and may be removed
- * without notice. It is incompatible with MBEDTLS_USE_PSA_CRYPTO.
- */
-//#define MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER
-
-/**
- * \def MBEDTLS_MEMORY_DEBUG
- *
- * Enable debugging of buffer allocator memory issues. Automatically prints
- * (to stderr) all (fatal) messages on memory allocation issues. Enables
- * function for 'debug output' of allocated memory.
- *
- * Requires: MBEDTLS_MEMORY_BUFFER_ALLOC_C
- *
- * Uncomment this macro to let the buffer allocator print out error messages.
- */
-//#define MBEDTLS_MEMORY_DEBUG
-
-/**
- * \def MBEDTLS_MEMORY_BACKTRACE
- *
- * Include backtrace information with each allocated block.
- *
- * Requires: MBEDTLS_MEMORY_BUFFER_ALLOC_C
- * GLIBC-compatible backtrace() an backtrace_symbols() support
- *
- * Uncomment this macro to include backtrace information
- */
-//#define MBEDTLS_MEMORY_BACKTRACE
-
-/**
- * \def MBEDTLS_PK_RSA_ALT_SUPPORT
- *
- * Support external private RSA keys (eg from a HSM) in the PK layer.
- *
- * Comment this macro to disable support for external private RSA keys.
- */
-#define MBEDTLS_PK_RSA_ALT_SUPPORT
-
-/**
- * \def MBEDTLS_PKCS1_V15
- *
- * Enable support for PKCS#1 v1.5 encoding.
- *
- * Requires: MBEDTLS_RSA_C
- *
- * This enables support for PKCS#1 v1.5 operations.
- */
-#define MBEDTLS_PKCS1_V15
-
-/**
- * \def MBEDTLS_PKCS1_V21
- *
- * Enable support for PKCS#1 v2.1 encoding.
- *
- * Requires: MBEDTLS_MD_C, MBEDTLS_RSA_C
- *
- * This enables support for RSAES-OAEP and RSASSA-PSS operations.
- */
-#define MBEDTLS_PKCS1_V21
-
-/** \def MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS
- *
- * Enable support for platform built-in keys. If you enable this feature,
- * you must implement the function mbedtls_psa_platform_get_builtin_key().
- * See the documentation of that function for more information.
- *
- * Built-in keys are typically derived from a hardware unique key or
- * stored in a secure element.
- *
- * Requires: MBEDTLS_PSA_CRYPTO_C.
- *
- * \warning This interface is experimental and may change or be removed
- * without notice.
- */
-//#define MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS
-
-/** \def MBEDTLS_PSA_CRYPTO_CLIENT
- *
- * Enable support for PSA crypto client.
- *
- * \note This option allows to include the code necessary for a PSA
- * crypto client when the PSA crypto implementation is not included in
- * the library (MBEDTLS_PSA_CRYPTO_C disabled). The code included is the
- * code to set and get PSA key attributes.
- * The development of PSA drivers partially relying on the library to
- * fulfill the hardware gaps is another possible usage of this option.
- *
- * \warning This interface is experimental and may change or be removed
- * without notice.
- */
-//#define MBEDTLS_PSA_CRYPTO_CLIENT
-
-/** \def MBEDTLS_PSA_CRYPTO_DRIVERS
- *
- * Enable support for the experimental PSA crypto driver interface.
- *
- * Requires: MBEDTLS_PSA_CRYPTO_C
- *
- * \warning This interface is experimental and may change or be removed
- * without notice.
- */
-//#define MBEDTLS_PSA_CRYPTO_DRIVERS
-
-/** \def MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG
- *
- * Make the PSA Crypto module use an external random generator provided
- * by a driver, instead of Mbed TLS's entropy and DRBG modules.
- *
- * \note This random generator must deliver random numbers with cryptographic
- * quality and high performance. It must supply unpredictable numbers
- * with a uniform distribution. The implementation of this function
- * is responsible for ensuring that the random generator is seeded
- * with sufficient entropy. If you have a hardware TRNG which is slow
- * or delivers non-uniform output, declare it as an entropy source
- * with mbedtls_entropy_add_source() instead of enabling this option.
- *
- * If you enable this option, you must configure the type
- * ::mbedtls_psa_external_random_context_t in psa/crypto_platform.h
- * and define a function called mbedtls_psa_external_get_random()
- * with the following prototype:
- * ```
- * psa_status_t mbedtls_psa_external_get_random(
- * mbedtls_psa_external_random_context_t *context,
- * uint8_t *output, size_t output_size, size_t *output_length);
- * );
- * ```
- * The \c context value is initialized to 0 before the first call.
- * The function must fill the \c output buffer with \p output_size bytes
- * of random data and set \c *output_length to \p output_size.
- *
- * Requires: MBEDTLS_PSA_CRYPTO_C
- *
- * \warning If you enable this option, code that uses the PSA cryptography
- * interface will not use any of the entropy sources set up for
- * the entropy module, nor the NV seed that MBEDTLS_ENTROPY_NV_SEED
- * enables.
- *
- * \note This option is experimental and may be removed without notice.
- */
-//#define MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG
-
-/**
- * \def MBEDTLS_PSA_CRYPTO_SPM
- *
- * When MBEDTLS_PSA_CRYPTO_SPM is defined, the code is built for SPM (Secure
- * Partition Manager) integration which separates the code into two parts: a
- * NSPE (Non-Secure Process Environment) and an SPE (Secure Process
- * Environment).
- *
- * Module: library/psa_crypto.c
- * Requires: MBEDTLS_PSA_CRYPTO_C
- *
- */
-//#define MBEDTLS_PSA_CRYPTO_SPM
-
-/**
- * \def MBEDTLS_PSA_INJECT_ENTROPY
- *
- * Enable support for entropy injection at first boot. This feature is
- * required on systems that do not have a built-in entropy source (TRNG).
- * This feature is currently not supported on systems that have a built-in
- * entropy source.
- *
- * Requires: MBEDTLS_PSA_CRYPTO_STORAGE_C, MBEDTLS_ENTROPY_NV_SEED
- *
- */
-//#define MBEDTLS_PSA_INJECT_ENTROPY
-
-/**
- * \def MBEDTLS_RSA_NO_CRT
- *
- * Do not use the Chinese Remainder Theorem
- * for the RSA private operation.
- *
- * Uncomment this macro to disable the use of CRT in RSA.
- *
- */
-//#define MBEDTLS_RSA_NO_CRT
-
-/**
- * \def MBEDTLS_SELF_TEST
- *
- * Enable the checkup functions (*_self_test).
- */
-#define MBEDTLS_SELF_TEST
-
-/**
- * \def MBEDTLS_SHA256_SMALLER
- *
- * Enable an implementation of SHA-256 that has lower ROM footprint but also
- * lower performance.
- *
- * The default implementation is meant to be a reasonnable compromise between
- * performance and size. This version optimizes more aggressively for size at
- * the expense of performance. Eg on Cortex-M4 it reduces the size of
- * mbedtls_sha256_process() from ~2KB to ~0.5KB for a performance hit of about
- * 30%.
- *
- * Uncomment to enable the smaller implementation of SHA256.
- */
-//#define MBEDTLS_SHA256_SMALLER
-
-/**
- * \def MBEDTLS_SHA512_SMALLER
- *
- * Enable an implementation of SHA-512 that has lower ROM footprint but also
- * lower performance.
- *
- * Uncomment to enable the smaller implementation of SHA512.
- */
-//#define MBEDTLS_SHA512_SMALLER
-
-/**
- * \def MBEDTLS_SSL_ALL_ALERT_MESSAGES
- *
- * Enable sending of alert messages in case of encountered errors as per RFC.
- * If you choose not to send the alert messages, mbed TLS can still communicate
- * with other servers, only debugging of failures is harder.
- *
- * The advantage of not sending alert messages, is that no information is given
- * about reasons for failures thus preventing adversaries of gaining intel.
- *
- * Enable sending of all alert messages
- */
-#define MBEDTLS_SSL_ALL_ALERT_MESSAGES
-
-/**
- * \def MBEDTLS_SSL_DTLS_CONNECTION_ID
- *
- * Enable support for the DTLS Connection ID extension
- * (version draft-ietf-tls-dtls-connection-id-05,
- * https://tools.ietf.org/html/draft-ietf-tls-dtls-connection-id-05)
- * which allows to identify DTLS connections across changes
- * in the underlying transport.
- *
- * Setting this option enables the SSL APIs `mbedtls_ssl_set_cid()`,
- * `mbedtls_ssl_get_peer_cid()` and `mbedtls_ssl_conf_cid()`.
- * See the corresponding documentation for more information.
- *
- * \warning The Connection ID extension is still in draft state.
- * We make no stability promises for the availability
- * or the shape of the API controlled by this option.
- *
- * The maximum lengths of outgoing and incoming CIDs can be configured
- * through the options
- * - MBEDTLS_SSL_CID_OUT_LEN_MAX
- * - MBEDTLS_SSL_CID_IN_LEN_MAX.
- *
- * Requires: MBEDTLS_SSL_PROTO_DTLS
- *
- * Uncomment to enable the Connection ID extension.
- */
-//#define MBEDTLS_SSL_DTLS_CONNECTION_ID
-
-/**
- * \def MBEDTLS_SSL_ASYNC_PRIVATE
- *
- * Enable asynchronous external private key operations in SSL. This allows
- * you to configure an SSL connection to call an external cryptographic
- * module to perform private key operations instead of performing the
- * operation inside the library.
- *
- */
-//#define MBEDTLS_SSL_ASYNC_PRIVATE
-
-/**
- * \def MBEDTLS_SSL_CONTEXT_SERIALIZATION
- *
- * Enable serialization of the TLS context structures, through use of the
- * functions mbedtls_ssl_context_save() and mbedtls_ssl_context_load().
- *
- * This pair of functions allows one side of a connection to serialize the
- * context associated with the connection, then free or re-use that context
- * while the serialized state is persisted elsewhere, and finally deserialize
- * that state to a live context for resuming read/write operations on the
- * connection. From a protocol perspective, the state of the connection is
- * unaffected, in particular this is entirely transparent to the peer.
- *
- * Note: this is distinct from TLS session resumption, which is part of the
- * protocol and fully visible by the peer. TLS session resumption enables
- * establishing new connections associated to a saved session with shorter,
- * lighter handshakes, while context serialization is a local optimization in
- * handling a single, potentially long-lived connection.
- *
- * Enabling these APIs makes some SSL structures larger, as 64 extra bytes are
- * saved after the handshake to allow for more efficient serialization, so if
- * you don't need this feature you'll save RAM by disabling it.
- *
- * Comment to disable the context serialization APIs.
- */
-#define MBEDTLS_SSL_CONTEXT_SERIALIZATION
-
-/**
- * \def MBEDTLS_SSL_DEBUG_ALL
- *
- * Enable the debug messages in SSL module for all issues.
- * Debug messages have been disabled in some places to prevent timing
- * attacks due to (unbalanced) debugging function calls.
- *
- * If you need all error reporting you should enable this during debugging,
- * but remove this for production servers that should log as well.
- *
- * Uncomment this macro to report all debug messages on errors introducing
- * a timing side-channel.
- *
- */
-//#define MBEDTLS_SSL_DEBUG_ALL
-
-/** \def MBEDTLS_SSL_ENCRYPT_THEN_MAC
- *
- * Enable support for Encrypt-then-MAC, RFC 7366.
- *
- * This allows peers that both support it to use a more robust protection for
- * ciphersuites using CBC, providing deep resistance against timing attacks
- * on the padding or underlying cipher.
- *
- * This only affects CBC ciphersuites, and is useless if none is defined.
- *
- * Requires: MBEDTLS_SSL_PROTO_TLS1_2
- *
- * Comment this macro to disable support for Encrypt-then-MAC
- */
-#define MBEDTLS_SSL_ENCRYPT_THEN_MAC
-
-/** \def MBEDTLS_SSL_EXTENDED_MASTER_SECRET
- *
- * Enable support for RFC 7627: Session Hash and Extended Master Secret
- * Extension.
- *
- * This was introduced as "the proper fix" to the Triple Handshake familiy of
- * attacks, but it is recommended to always use it (even if you disable
- * renegotiation), since it actually fixes a more fundamental issue in the
- * original SSL/TLS design, and has implications beyond Triple Handshake.
- *
- * Requires: MBEDTLS_SSL_PROTO_TLS1_2
- *
- * Comment this macro to disable support for Extended Master Secret.
- */
-#define MBEDTLS_SSL_EXTENDED_MASTER_SECRET
-
-/**
- * \def MBEDTLS_SSL_KEEP_PEER_CERTIFICATE
- *
- * This option controls the availability of the API mbedtls_ssl_get_peer_cert()
- * giving access to the peer's certificate after completion of the handshake.
- *
- * Unless you need mbedtls_ssl_peer_cert() in your application, it is
- * recommended to disable this option for reduced RAM usage.
- *
- * \note If this option is disabled, mbedtls_ssl_get_peer_cert() is still
- * defined, but always returns \c NULL.
- *
- * \note This option has no influence on the protection against the
- * triple handshake attack. Even if it is disabled, Mbed TLS will
- * still ensure that certificates do not change during renegotiation,
- * for exaple by keeping a hash of the peer's certificate.
- *
- * Comment this macro to disable storing the peer's certificate
- * after the handshake.
- */
-#define MBEDTLS_SSL_KEEP_PEER_CERTIFICATE
-
-/**
- * \def MBEDTLS_SSL_RENEGOTIATION
- *
- * Enable support for TLS renegotiation.
- *
- * The two main uses of renegotiation are (1) refresh keys on long-lived
- * connections and (2) client authentication after the initial handshake.
- * If you don't need renegotiation, it's probably better to disable it, since
- * it has been associated with security issues in the past and is easy to
- * misuse/misunderstand.
- *
- * Comment this to disable support for renegotiation.
- *
- * \note Even if this option is disabled, both client and server are aware
- * of the Renegotiation Indication Extension (RFC 5746) used to
- * prevent the SSL renegotiation attack (see RFC 5746 Sect. 1).
- * (See \c mbedtls_ssl_conf_legacy_renegotiation for the
- * configuration of this extension).
- *
- */
-#define MBEDTLS_SSL_RENEGOTIATION
-
-/**
- * \def MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
- *
- * Enable support for RFC 6066 max_fragment_length extension in SSL.
- *
- * Comment this macro to disable support for the max_fragment_length extension
- */
-#define MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
-
-/**
- * \def MBEDTLS_SSL_PROTO_TLS1_2
- *
- * Enable support for TLS 1.2 (and DTLS 1.2 if DTLS is enabled).
- *
- * Requires: MBEDTLS_SHA1_C or MBEDTLS_SHA256_C or MBEDTLS_SHA512_C
- * (Depends on ciphersuites)
- *
- * Comment this macro to disable support for TLS 1.2 / DTLS 1.2
- */
-#define MBEDTLS_SSL_PROTO_TLS1_2
-
-/**
- * \def MBEDTLS_SSL_PROTO_TLS1_3
- *
- * Enable support for TLS 1.3.
- *
- * \note The support for TLS 1.3 is not comprehensive yet, in particular
- * pre-shared keys are not supported.
- * See docs/architecture/tls13-support.md for a description of the TLS
- * 1.3 support that this option enables.
- *
- * Uncomment this macro to enable the support for TLS 1.3.
- *
- */
-//#define MBEDTLS_SSL_PROTO_TLS1_3
-
-/**
- * \def MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
- *
- * Enable TLS 1.3 middlebox compatibility mode.
- *
- * As specified in Section D.4 of RFC 8446, TLS 1.3 offers a compatibility
- * mode to make a TLS 1.3 connection more likely to pass through middle boxes
- * expecting TLS 1.2 traffic.
- *
- * Turning on the compatibility mode comes at the cost of a few added bytes
- * on the wire, but it doesn't affect compatibility with TLS 1.3 implementations
- * that don't use it. Therefore, unless transmission bandwidth is critical and
- * you know that middlebox compatibility issues won't occur, it is therefore
- * recommended to set this option.
- *
- * Comment to disable compatibility mode for TLS 1.3. If
- * MBEDTLS_SSL_PROTO_TLS1_3 is not enabled, this option does not have any
- * effect on the build.
- *
- */
-//#define MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-
-/**
- * \def MBEDTLS_SSL_PROTO_DTLS
- *
- * Enable support for DTLS (all available versions).
- *
- * Enable this and MBEDTLS_SSL_PROTO_TLS1_2 to enable DTLS 1.2.
- *
- * Requires: MBEDTLS_SSL_PROTO_TLS1_2
- *
- * Comment this macro to disable support for DTLS
- */
-#define MBEDTLS_SSL_PROTO_DTLS
-
-/**
- * \def MBEDTLS_SSL_ALPN
- *
- * Enable support for RFC 7301 Application Layer Protocol Negotiation.
- *
- * Comment this macro to disable support for ALPN.
- */
-#define MBEDTLS_SSL_ALPN
-
-/**
- * \def MBEDTLS_SSL_DTLS_ANTI_REPLAY
- *
- * Enable support for the anti-replay mechanism in DTLS.
- *
- * Requires: MBEDTLS_SSL_TLS_C
- * MBEDTLS_SSL_PROTO_DTLS
- *
- * \warning Disabling this is often a security risk!
- * See mbedtls_ssl_conf_dtls_anti_replay() for details.
- *
- * Comment this to disable anti-replay in DTLS.
- */
-#define MBEDTLS_SSL_DTLS_ANTI_REPLAY
-
-/**
- * \def MBEDTLS_SSL_DTLS_HELLO_VERIFY
- *
- * Enable support for HelloVerifyRequest on DTLS servers.
- *
- * This feature is highly recommended to prevent DTLS servers being used as
- * amplifiers in DoS attacks against other hosts. It should always be enabled
- * unless you know for sure amplification cannot be a problem in the
- * environment in which your server operates.
- *
- * \warning Disabling this can ba a security risk! (see above)
- *
- * Requires: MBEDTLS_SSL_PROTO_DTLS
- *
- * Comment this to disable support for HelloVerifyRequest.
- */
-#define MBEDTLS_SSL_DTLS_HELLO_VERIFY
-
-/**
- * \def MBEDTLS_SSL_DTLS_SRTP
- *
- * Enable support for negotiation of DTLS-SRTP (RFC 5764)
- * through the use_srtp extension.
- *
- * \note This feature provides the minimum functionality required
- * to negotiate the use of DTLS-SRTP and to allow the derivation of
- * the associated SRTP packet protection key material.
- * In particular, the SRTP packet protection itself, as well as the
- * demultiplexing of RTP and DTLS packets at the datagram layer
- * (see Section 5 of RFC 5764), are not handled by this feature.
- * Instead, after successful completion of a handshake negotiating
- * the use of DTLS-SRTP, the extended key exporter API
- * mbedtls_ssl_conf_export_keys_cb() should be used to implement
- * the key exporter described in Section 4.2 of RFC 5764 and RFC 5705
- * (this is implemented in the SSL example programs).
- * The resulting key should then be passed to an SRTP stack.
- *
- * Setting this option enables the runtime API
- * mbedtls_ssl_conf_dtls_srtp_protection_profiles()
- * through which the supported DTLS-SRTP protection
- * profiles can be configured. You must call this API at
- * runtime if you wish to negotiate the use of DTLS-SRTP.
- *
- * Requires: MBEDTLS_SSL_PROTO_DTLS
- *
- * Uncomment this to enable support for use_srtp extension.
- */
-//#define MBEDTLS_SSL_DTLS_SRTP
-
-/**
- * \def MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE
- *
- * Enable server-side support for clients that reconnect from the same port.
- *
- * Some clients unexpectedly close the connection and try to reconnect using the
- * same source port. This needs special support from the server to handle the
- * new connection securely, as described in section 4.2.8 of RFC 6347. This
- * flag enables that support.
- *
- * Requires: MBEDTLS_SSL_DTLS_HELLO_VERIFY
- *
- * Comment this to disable support for clients reusing the source port.
- */
-#define MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE
-
-/**
- * \def MBEDTLS_SSL_SESSION_TICKETS
- *
- * Enable support for RFC 5077 session tickets in SSL.
- * Client-side, provides full support for session tickets (maintenance of a
- * session store remains the responsibility of the application, though).
- * Server-side, you also need to provide callbacks for writing and parsing
- * tickets, including authenticated encryption and key management. Example
- * callbacks are provided by MBEDTLS_SSL_TICKET_C.
- *
- * Comment this macro to disable support for SSL session tickets
- */
-#define MBEDTLS_SSL_SESSION_TICKETS
-
-/**
- * \def MBEDTLS_SSL_SERVER_NAME_INDICATION
- *
- * Enable support for RFC 6066 server name indication (SNI) in SSL.
- *
- * Requires: MBEDTLS_X509_CRT_PARSE_C
- *
- * Comment this macro to disable support for server name indication in SSL
- */
-#define MBEDTLS_SSL_SERVER_NAME_INDICATION
-
-/**
- * \def MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH
- *
- * When this option is enabled, the SSL buffer will be resized automatically
- * based on the negotiated maximum fragment length in each direction.
- *
- * Requires: MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
- */
-//#define MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH
-
-/**
- * \def MBEDTLS_TEST_CONSTANT_FLOW_MEMSAN
- *
- * Enable testing of the constant-flow nature of some sensitive functions with
- * clang's MemorySanitizer. This causes some existing tests to also test
- * this non-functional property of the code under test.
- *
- * This setting requires compiling with clang -fsanitize=memory. The test
- * suites can then be run normally.
- *
- * \warning This macro is only used for extended testing; it is not considered
- * part of the library's API, so it may change or disappear at any time.
- *
- * Uncomment to enable testing of the constant-flow nature of selected code.
- */
-//#define MBEDTLS_TEST_CONSTANT_FLOW_MEMSAN
-
-/**
- * \def MBEDTLS_TEST_CONSTANT_FLOW_VALGRIND
- *
- * Enable testing of the constant-flow nature of some sensitive functions with
- * valgrind's memcheck tool. This causes some existing tests to also test
- * this non-functional property of the code under test.
- *
- * This setting requires valgrind headers for building, and is only useful for
- * testing if the tests suites are run with valgrind's memcheck. This can be
- * done for an individual test suite with 'valgrind ./test_suite_xxx', or when
- * using CMake, this can be done for all test suites with 'make memcheck'.
- *
- * \warning This macro is only used for extended testing; it is not considered
- * part of the library's API, so it may change or disappear at any time.
- *
- * Uncomment to enable testing of the constant-flow nature of selected code.
- */
-//#define MBEDTLS_TEST_CONSTANT_FLOW_VALGRIND
-
-/**
- * \def MBEDTLS_TEST_HOOKS
- *
- * Enable features for invasive testing such as introspection functions and
- * hooks for fault injection. This enables additional unit tests.
- *
- * Merely enabling this feature should not change the behavior of the product.
- * It only adds new code, and new branching points where the default behavior
- * is the same as when this feature is disabled.
- * However, this feature increases the attack surface: there is an added
- * risk of vulnerabilities, and more gadgets that can make exploits easier.
- * Therefore this feature must never be enabled in production.
- *
- * See `docs/architecture/testing/mbed-crypto-invasive-testing.md` for more
- * information.
- *
- * Uncomment to enable invasive tests.
- */
-//#define MBEDTLS_TEST_HOOKS
-
-/**
- * \def MBEDTLS_THREADING_ALT
- *
- * Provide your own alternate threading implementation.
- *
- * Requires: MBEDTLS_THREADING_C
- *
- * Uncomment this to allow your own alternate threading implementation.
- */
-//#define MBEDTLS_THREADING_ALT
-
-/**
- * \def MBEDTLS_THREADING_PTHREAD
- *
- * Enable the pthread wrapper layer for the threading layer.
- *
- * Requires: MBEDTLS_THREADING_C
- *
- * Uncomment this to enable pthread mutexes.
- */
-//#define MBEDTLS_THREADING_PTHREAD
-
-/**
- * \def MBEDTLS_USE_PSA_CRYPTO
- *
- * Make the X.509 and TLS library use PSA for cryptographic operations, and
- * enable new APIs for using keys handled by PSA Crypto.
- *
- * \note Development of this option is currently in progress, and parts of Mbed
- * TLS's X.509 and TLS modules are not ported to PSA yet. However, these parts
- * will still continue to work as usual, so enabling this option should not
- * break backwards compatibility.
- *
- * \note See docs/use-psa-crypto.md for a complete description of what this
- * option currently does, and of parts that are not affected by it so far.
- *
- * \warning This option enables new Mbed TLS APIs which are currently
- * considered experimental and may change in incompatible ways at any time.
- * That is, the APIs enabled by this option are not covered by the usual
- * promises of API stability.
- *
- * Requires: MBEDTLS_PSA_CRYPTO_C.
- *
- * Uncomment this to enable internal use of PSA Crypto and new associated APIs.
- */
-//#define MBEDTLS_USE_PSA_CRYPTO
-
-/**
- * \def MBEDTLS_PSA_CRYPTO_CONFIG
- *
- * This setting allows support for cryptographic mechanisms through the PSA
- * API to be configured separately from support through the mbedtls API.
- *
- * Uncomment this to enable use of PSA Crypto configuration settings which
- * can be found in include/psa/crypto_config.h.
- *
- * This feature is still experimental and is not ready for production since
- * it is not completed.
- */
-//#define MBEDTLS_PSA_CRYPTO_CONFIG
-
-/**
- * \def MBEDTLS_VERSION_FEATURES
- *
- * Allow run-time checking of compile-time enabled features. Thus allowing users
- * to check at run-time if the library is for instance compiled with threading
- * support via mbedtls_version_check_feature().
- *
- * Requires: MBEDTLS_VERSION_C
- *
- * Comment this to disable run-time checking and save ROM space
- */
-#define MBEDTLS_VERSION_FEATURES
-
-/**
- * \def MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK
- *
- * If set, this enables the X.509 API `mbedtls_x509_crt_verify_with_ca_cb()`
- * and the SSL API `mbedtls_ssl_conf_ca_cb()` which allow users to configure
- * the set of trusted certificates through a callback instead of a linked
- * list.
- *
- * This is useful for example in environments where a large number of trusted
- * certificates is present and storing them in a linked list isn't efficient
- * enough, or when the set of trusted certificates changes frequently.
- *
- * See the documentation of `mbedtls_x509_crt_verify_with_ca_cb()` and
- * `mbedtls_ssl_conf_ca_cb()` for more information.
- *
- * Uncomment to enable trusted certificate callbacks.
- */
-//#define MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK
-
-/**
- * \def MBEDTLS_X509_REMOVE_INFO
- *
- * Disable mbedtls_x509_*_info() and related APIs.
- *
- * Uncomment to omit mbedtls_x509_*_info(), as well as mbedtls_debug_print_crt()
- * and other functions/constants only used by these functions, thus reducing
- * the code footprint by several KB.
- */
-//#define MBEDTLS_X509_REMOVE_INFO
-
-/**
- * \def MBEDTLS_X509_RSASSA_PSS_SUPPORT
- *
- * Enable parsing and verification of X.509 certificates, CRLs and CSRS
- * signed with RSASSA-PSS (aka PKCS#1 v2.1).
- *
- * Comment this macro to disallow using RSASSA-PSS in certificates.
- */
-#define MBEDTLS_X509_RSASSA_PSS_SUPPORT
-/* \} name SECTION: mbed TLS feature support */
-
-/**
- * \name SECTION: mbed TLS modules
- *
- * This section enables or disables entire modules in mbed TLS
- * \{
- */
-
-/**
- * \def MBEDTLS_AESNI_C
- *
- * Enable AES-NI support on x86-64.
- *
- * Module: library/aesni.c
- * Caller: library/aes.c
- *
- * Requires: MBEDTLS_HAVE_ASM
- *
- * This modules adds support for the AES-NI instructions on x86-64
- */
-#define MBEDTLS_AESNI_C
-
-/**
- * \def MBEDTLS_AES_C
- *
- * Enable the AES block cipher.
- *
- * Module: library/aes.c
- * Caller: library/cipher.c
- * library/pem.c
- * library/ctr_drbg.c
- *
- * This module enables the following ciphersuites (if other requisites are
- * enabled as well):
- * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA
- * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
- * MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA
- * MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
- * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
- * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
- * MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256
- * MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
- * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256
- * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384
- * MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256
- * MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384
- * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
- * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
- * MBEDTLS_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
- * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
- * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
- * MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
- * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
- * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
- * MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA
- * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
- * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
- * MBEDTLS_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
- * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
- * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
- * MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
- * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
- * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
- * MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA
- * MBEDTLS_TLS_DHE_PSK_WITH_AES_256_GCM_SHA384
- * MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384
- * MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA384
- * MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA
- * MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA
- * MBEDTLS_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256
- * MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256
- * MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256
- * MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA
- * MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA
- * MBEDTLS_TLS_RSA_WITH_AES_256_GCM_SHA384
- * MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA256
- * MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA
- * MBEDTLS_TLS_RSA_WITH_AES_128_GCM_SHA256
- * MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA256
- * MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA
- * MBEDTLS_TLS_RSA_PSK_WITH_AES_256_GCM_SHA384
- * MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA384
- * MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA
- * MBEDTLS_TLS_RSA_PSK_WITH_AES_128_GCM_SHA256
- * MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA256
- * MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA
- * MBEDTLS_TLS_PSK_WITH_AES_256_GCM_SHA384
- * MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA384
- * MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA
- * MBEDTLS_TLS_PSK_WITH_AES_128_GCM_SHA256
- * MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA256
- * MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA
- *
- * PEM_PARSE uses AES for decrypting encrypted keys.
- */
-#define MBEDTLS_AES_C
-
-/**
- * \def MBEDTLS_ASN1_PARSE_C
- *
- * Enable the generic ASN1 parser.
- *
- * Module: library/asn1.c
- * Caller: library/x509.c
- * library/dhm.c
- * library/pkcs12.c
- * library/pkcs5.c
- * library/pkparse.c
- */
-#define MBEDTLS_ASN1_PARSE_C
-
-/**
- * \def MBEDTLS_ASN1_WRITE_C
- *
- * Enable the generic ASN1 writer.
- *
- * Module: library/asn1write.c
- * Caller: library/ecdsa.c
- * library/pkwrite.c
- * library/x509_create.c
- * library/x509write_crt.c
- * library/x509write_csr.c
- */
-#define MBEDTLS_ASN1_WRITE_C
-
-/**
- * \def MBEDTLS_BASE64_C
- *
- * Enable the Base64 module.
- *
- * Module: library/base64.c
- * Caller: library/pem.c
- *
- * This module is required for PEM support (required by X.509).
- */
-#define MBEDTLS_BASE64_C
-
-/**
- * \def MBEDTLS_BIGNUM_C
- *
- * Enable the multi-precision integer library.
- *
- * Module: library/bignum.c
- * Caller: library/dhm.c
- * library/ecp.c
- * library/ecdsa.c
- * library/rsa.c
- * library/rsa_alt_helpers.c
- * library/ssl_tls.c
- *
- * This module is required for RSA, DHM and ECC (ECDH, ECDSA) support.
- */
-#define MBEDTLS_BIGNUM_C
-
-/**
- * \def MBEDTLS_CAMELLIA_C
- *
- * Enable the Camellia block cipher.
- *
- * Module: library/camellia.c
- * Caller: library/cipher.c
- *
- * This module enables the following ciphersuites (if other requisites are
- * enabled as well):
- * MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256
- * MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384
- * MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256
- * MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384
- * MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256
- * MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384
- * MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256
- * MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384
- * MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384
- * MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384
- * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384
- * MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384
- * MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384
- * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256
- * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA
- * MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256
- * MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256
- * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256
- * MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256
- * MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256
- * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256
- * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA
- * MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384
- * MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384
- * MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384
- * MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256
- * MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256
- * MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256
- * MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384
- * MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256
- * MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA
- * MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256
- * MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256
- * MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA
- * MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384
- * MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384
- * MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256
- * MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256
- * MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384
- * MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384
- * MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256
- * MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256
- */
-#define MBEDTLS_CAMELLIA_C
-
-/**
- * \def MBEDTLS_ARIA_C
- *
- * Enable the ARIA block cipher.
- *
- * Module: library/aria.c
- * Caller: library/cipher.c
- *
- * This module enables the following ciphersuites (if other requisites are
- * enabled as well):
- *
- * MBEDTLS_TLS_RSA_WITH_ARIA_128_CBC_SHA256
- * MBEDTLS_TLS_RSA_WITH_ARIA_256_CBC_SHA384
- * MBEDTLS_TLS_DHE_RSA_WITH_ARIA_128_CBC_SHA256
- * MBEDTLS_TLS_DHE_RSA_WITH_ARIA_256_CBC_SHA384
- * MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_128_CBC_SHA256
- * MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_256_CBC_SHA384
- * MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_128_CBC_SHA256
- * MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_256_CBC_SHA384
- * MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_128_CBC_SHA256
- * MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_256_CBC_SHA384
- * MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_128_CBC_SHA256
- * MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_256_CBC_SHA384
- * MBEDTLS_TLS_RSA_WITH_ARIA_128_GCM_SHA256
- * MBEDTLS_TLS_RSA_WITH_ARIA_256_GCM_SHA384
- * MBEDTLS_TLS_DHE_RSA_WITH_ARIA_128_GCM_SHA256
- * MBEDTLS_TLS_DHE_RSA_WITH_ARIA_256_GCM_SHA384
- * MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256
- * MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384
- * MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_128_GCM_SHA256
- * MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_256_GCM_SHA384
- * MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256
- * MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384
- * MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_128_GCM_SHA256
- * MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_256_GCM_SHA384
- * MBEDTLS_TLS_PSK_WITH_ARIA_128_CBC_SHA256
- * MBEDTLS_TLS_PSK_WITH_ARIA_256_CBC_SHA384
- * MBEDTLS_TLS_DHE_PSK_WITH_ARIA_128_CBC_SHA256
- * MBEDTLS_TLS_DHE_PSK_WITH_ARIA_256_CBC_SHA384
- * MBEDTLS_TLS_RSA_PSK_WITH_ARIA_128_CBC_SHA256
- * MBEDTLS_TLS_RSA_PSK_WITH_ARIA_256_CBC_SHA384
- * MBEDTLS_TLS_PSK_WITH_ARIA_128_GCM_SHA256
- * MBEDTLS_TLS_PSK_WITH_ARIA_256_GCM_SHA384
- * MBEDTLS_TLS_DHE_PSK_WITH_ARIA_128_GCM_SHA256
- * MBEDTLS_TLS_DHE_PSK_WITH_ARIA_256_GCM_SHA384
- * MBEDTLS_TLS_RSA_PSK_WITH_ARIA_128_GCM_SHA256
- * MBEDTLS_TLS_RSA_PSK_WITH_ARIA_256_GCM_SHA384
- * MBEDTLS_TLS_ECDHE_PSK_WITH_ARIA_128_CBC_SHA256
- * MBEDTLS_TLS_ECDHE_PSK_WITH_ARIA_256_CBC_SHA384
- */
-#define MBEDTLS_ARIA_C
-
-/**
- * \def MBEDTLS_CCM_C
- *
- * Enable the Counter with CBC-MAC (CCM) mode for 128-bit block cipher.
- *
- * Module: library/ccm.c
- *
- * Requires: MBEDTLS_AES_C or MBEDTLS_CAMELLIA_C
- *
- * This module enables the AES-CCM ciphersuites, if other requisites are
- * enabled as well.
- */
-#define MBEDTLS_CCM_C
-
-/**
- * \def MBEDTLS_CHACHA20_C
- *
- * Enable the ChaCha20 stream cipher.
- *
- * Module: library/chacha20.c
- */
-#define MBEDTLS_CHACHA20_C
-
-/**
- * \def MBEDTLS_CHACHAPOLY_C
- *
- * Enable the ChaCha20-Poly1305 AEAD algorithm.
- *
- * Module: library/chachapoly.c
- *
- * This module requires: MBEDTLS_CHACHA20_C, MBEDTLS_POLY1305_C
- */
-#define MBEDTLS_CHACHAPOLY_C
-
-/**
- * \def MBEDTLS_CIPHER_C
- *
- * Enable the generic cipher layer.
- *
- * Module: library/cipher.c
- * Caller: library/ssl_tls.c
- *
- * Uncomment to enable generic cipher wrappers.
- */
-#define MBEDTLS_CIPHER_C
-
-/**
- * \def MBEDTLS_CMAC_C
- *
- * Enable the CMAC (Cipher-based Message Authentication Code) mode for block
- * ciphers.
- *
- * \note When #MBEDTLS_CMAC_ALT is active, meaning that the underlying
- * implementation of the CMAC algorithm is provided by an alternate
- * implementation, that alternate implementation may opt to not support
- * AES-192 or 3DES as underlying block ciphers for the CMAC operation.
- *
- * Module: library/cmac.c
- *
- * Requires: MBEDTLS_AES_C or MBEDTLS_DES_C
- *
- */
-#define MBEDTLS_CMAC_C
-
-/**
- * \def MBEDTLS_CTR_DRBG_C
- *
- * Enable the CTR_DRBG AES-based random generator.
- * The CTR_DRBG generator uses AES-256 by default.
- * To use AES-128 instead, enable \c MBEDTLS_CTR_DRBG_USE_128_BIT_KEY above.
- *
- * \note To achieve a 256-bit security strength with CTR_DRBG,
- * you must use AES-256 *and* use sufficient entropy.
- * See ctr_drbg.h for more details.
- *
- * Module: library/ctr_drbg.c
- * Caller:
- *
- * Requires: MBEDTLS_AES_C
- *
- * This module provides the CTR_DRBG AES random number generator.
- */
-#define MBEDTLS_CTR_DRBG_C
-
-/**
- * \def MBEDTLS_DEBUG_C
- *
- * Enable the debug functions.
- *
- * Module: library/debug.c
- * Caller: library/ssl_cli.c
- * library/ssl_srv.c
- * library/ssl_tls.c
- *
- * This module provides debugging functions.
- */
-#define MBEDTLS_DEBUG_C
-
-/**
- * \def MBEDTLS_DES_C
- *
- * Enable the DES block cipher.
- *
- * Module: library/des.c
- * Caller: library/pem.c
- * library/cipher.c
- *
- * PEM_PARSE uses DES/3DES for decrypting encrypted keys.
- *
- * \warning DES is considered a weak cipher and its use constitutes a
- * security risk. We recommend considering stronger ciphers instead.
- */
-#define MBEDTLS_DES_C
-
-/**
- * \def MBEDTLS_DHM_C
- *
- * Enable the Diffie-Hellman-Merkle module.
- *
- * Module: library/dhm.c
- * Caller: library/ssl_cli.c
- * library/ssl_srv.c
- *
- * This module is used by the following key exchanges:
- * DHE-RSA, DHE-PSK
- *
- * \warning Using DHE constitutes a security risk as it
- * is not possible to validate custom DH parameters.
- * If possible, it is recommended users should consider
- * preferring other methods of key exchange.
- * See dhm.h for more details.
- *
- */
-#define MBEDTLS_DHM_C
-
-/**
- * \def MBEDTLS_ECDH_C
- *
- * Enable the elliptic curve Diffie-Hellman library.
- *
- * Module: library/ecdh.c
- * Caller: library/ssl_cli.c
- * library/ssl_srv.c
- *
- * This module is used by the following key exchanges:
- * ECDHE-ECDSA, ECDHE-RSA, DHE-PSK
- *
- * Requires: MBEDTLS_ECP_C
- */
-#define MBEDTLS_ECDH_C
-
-/**
- * \def MBEDTLS_ECDSA_C
- *
- * Enable the elliptic curve DSA library.
- *
- * Module: library/ecdsa.c
- * Caller:
- *
- * This module is used by the following key exchanges:
- * ECDHE-ECDSA
- *
- * Requires: MBEDTLS_ECP_C, MBEDTLS_ASN1_WRITE_C, MBEDTLS_ASN1_PARSE_C,
- * and at least one MBEDTLS_ECP_DP_XXX_ENABLED for a
- * short Weierstrass curve.
- */
-#define MBEDTLS_ECDSA_C
-
-/**
- * \def MBEDTLS_ECJPAKE_C
- *
- * Enable the elliptic curve J-PAKE library.
- *
- * \note EC J-PAKE support is based on the Thread v1.0.0 specification.
- * It has not been reviewed for compliance with newer standards such as
- * Thread v1.1 or RFC 8236.
- *
- * Module: library/ecjpake.c
- * Caller:
- *
- * This module is used by the following key exchanges:
- * ECJPAKE
- *
- * Requires: MBEDTLS_ECP_C, MBEDTLS_MD_C
- */
-#define MBEDTLS_ECJPAKE_C
-
-/**
- * \def MBEDTLS_ECP_C
- *
- * Enable the elliptic curve over GF(p) library.
- *
- * Module: library/ecp.c
- * Caller: library/ecdh.c
- * library/ecdsa.c
- * library/ecjpake.c
- *
- * Requires: MBEDTLS_BIGNUM_C and at least one MBEDTLS_ECP_DP_XXX_ENABLED
- */
-#define MBEDTLS_ECP_C
-
-/**
- * \def MBEDTLS_ENTROPY_C
- *
- * Enable the platform-specific entropy code.
- *
- * Module: library/entropy.c
- * Caller:
- *
- * Requires: MBEDTLS_SHA512_C or MBEDTLS_SHA256_C
- *
- * This module provides a generic entropy pool
- */
-#define MBEDTLS_ENTROPY_C
-
-/**
- * \def MBEDTLS_ERROR_C
- *
- * Enable error code to error string conversion.
- *
- * Module: library/error.c
- * Caller:
- *
- * This module enables mbedtls_strerror().
- */
-#define MBEDTLS_ERROR_C
-
-/**
- * \def MBEDTLS_GCM_C
- *
- * Enable the Galois/Counter Mode (GCM).
- *
- * Module: library/gcm.c
- *
- * Requires: MBEDTLS_AES_C or MBEDTLS_CAMELLIA_C or MBEDTLS_ARIA_C
- *
- * This module enables the AES-GCM and CAMELLIA-GCM ciphersuites, if other
- * requisites are enabled as well.
- */
-#define MBEDTLS_GCM_C
-
-/**
- * \def MBEDTLS_HKDF_C
- *
- * Enable the HKDF algorithm (RFC 5869).
- *
- * Module: library/hkdf.c
- * Caller:
- *
- * Requires: MBEDTLS_MD_C
- *
- * This module adds support for the Hashed Message Authentication Code
- * (HMAC)-based key derivation function (HKDF).
- */
-#define MBEDTLS_HKDF_C
-
-/**
- * \def MBEDTLS_HMAC_DRBG_C
- *
- * Enable the HMAC_DRBG random generator.
- *
- * Module: library/hmac_drbg.c
- * Caller:
- *
- * Requires: MBEDTLS_MD_C
- *
- * Uncomment to enable the HMAC_DRBG random number geerator.
- */
-#define MBEDTLS_HMAC_DRBG_C
-
-/**
- * \def MBEDTLS_NIST_KW_C
- *
- * Enable the Key Wrapping mode for 128-bit block ciphers,
- * as defined in NIST SP 800-38F. Only KW and KWP modes
- * are supported. At the moment, only AES is approved by NIST.
- *
- * Module: library/nist_kw.c
- *
- * Requires: MBEDTLS_AES_C and MBEDTLS_CIPHER_C
- */
-#define MBEDTLS_NIST_KW_C
-
-/**
- * \def MBEDTLS_MD_C
- *
- * Enable the generic message digest layer.
- *
- * Module: library/md.c
- * Caller:
- *
- * Uncomment to enable generic message digest wrappers.
- */
-#define MBEDTLS_MD_C
-
-/**
- * \def MBEDTLS_MD5_C
- *
- * Enable the MD5 hash algorithm.
- *
- * Module: library/md5.c
- * Caller: library/md.c
- * library/pem.c
- * library/ssl_tls.c
- *
- * This module is required for TLS 1.2 depending on the handshake parameters.
- * Further, it is used for checking MD5-signed certificates, and for PBKDF1
- * when decrypting PEM-encoded encrypted keys.
- *
- * \warning MD5 is considered a weak message digest and its use constitutes a
- * security risk. If possible, we recommend avoiding dependencies on
- * it, and considering stronger message digests instead.
- *
- */
-#define MBEDTLS_MD5_C
-
-/**
- * \def MBEDTLS_MEMORY_BUFFER_ALLOC_C
- *
- * Enable the buffer allocator implementation that makes use of a (stack)
- * based buffer to 'allocate' dynamic memory. (replaces calloc() and free()
- * calls)
- *
- * Module: library/memory_buffer_alloc.c
- *
- * Requires: MBEDTLS_PLATFORM_C
- * MBEDTLS_PLATFORM_MEMORY (to use it within mbed TLS)
- *
- * Enable this module to enable the buffer memory allocator.
- */
-//#define MBEDTLS_MEMORY_BUFFER_ALLOC_C
-
-/**
- * \def MBEDTLS_NET_C
- *
- * Enable the TCP and UDP over IPv6/IPv4 networking routines.
- *
- * \note This module only works on POSIX/Unix (including Linux, BSD and OS X)
- * and Windows. For other platforms, you'll want to disable it, and write your
- * own networking callbacks to be passed to \c mbedtls_ssl_set_bio().
- *
- * \note See also our Knowledge Base article about porting to a new
- * environment:
- * https://tls.mbed.org/kb/how-to/how-do-i-port-mbed-tls-to-a-new-environment-OS
- *
- * Module: library/net_sockets.c
- *
- * This module provides networking routines.
- */
-#define MBEDTLS_NET_C
-
-/**
- * \def MBEDTLS_OID_C
- *
- * Enable the OID database.
- *
- * Module: library/oid.c
- * Caller: library/asn1write.c
- * library/pkcs5.c
- * library/pkparse.c
- * library/pkwrite.c
- * library/rsa.c
- * library/x509.c
- * library/x509_create.c
- * library/x509_crl.c
- * library/x509_crt.c
- * library/x509_csr.c
- * library/x509write_crt.c
- * library/x509write_csr.c
- *
- * This modules translates between OIDs and internal values.
- */
-#define MBEDTLS_OID_C
-
-/**
- * \def MBEDTLS_PADLOCK_C
- *
- * Enable VIA Padlock support on x86.
- *
- * Module: library/padlock.c
- * Caller: library/aes.c
- *
- * Requires: MBEDTLS_HAVE_ASM
- *
- * This modules adds support for the VIA PadLock on x86.
- */
-#define MBEDTLS_PADLOCK_C
-
-/**
- * \def MBEDTLS_PEM_PARSE_C
- *
- * Enable PEM decoding / parsing.
- *
- * Module: library/pem.c
- * Caller: library/dhm.c
- * library/pkparse.c
- * library/x509_crl.c
- * library/x509_crt.c
- * library/x509_csr.c
- *
- * Requires: MBEDTLS_BASE64_C
- *
- * This modules adds support for decoding / parsing PEM files.
- */
-#define MBEDTLS_PEM_PARSE_C
-
-/**
- * \def MBEDTLS_PEM_WRITE_C
- *
- * Enable PEM encoding / writing.
- *
- * Module: library/pem.c
- * Caller: library/pkwrite.c
- * library/x509write_crt.c
- * library/x509write_csr.c
- *
- * Requires: MBEDTLS_BASE64_C
- *
- * This modules adds support for encoding / writing PEM files.
- */
-#define MBEDTLS_PEM_WRITE_C
-
-/**
- * \def MBEDTLS_PK_C
- *
- * Enable the generic public (asymetric) key layer.
- *
- * Module: library/pk.c
- * Caller: library/ssl_tls.c
- * library/ssl_cli.c
- * library/ssl_srv.c
- *
- * Requires: MBEDTLS_RSA_C or MBEDTLS_ECP_C
- *
- * Uncomment to enable generic public key wrappers.
- */
-#define MBEDTLS_PK_C
-
-/**
- * \def MBEDTLS_PK_PARSE_C
- *
- * Enable the generic public (asymetric) key parser.
- *
- * Module: library/pkparse.c
- * Caller: library/x509_crt.c
- * library/x509_csr.c
- *
- * Requires: MBEDTLS_PK_C
- *
- * Uncomment to enable generic public key parse functions.
- */
-#define MBEDTLS_PK_PARSE_C
-
-/**
- * \def MBEDTLS_PK_WRITE_C
- *
- * Enable the generic public (asymetric) key writer.
- *
- * Module: library/pkwrite.c
- * Caller: library/x509write.c
- *
- * Requires: MBEDTLS_PK_C
- *
- * Uncomment to enable generic public key write functions.
- */
-#define MBEDTLS_PK_WRITE_C
-
-/**
- * \def MBEDTLS_PKCS5_C
- *
- * Enable PKCS#5 functions.
- *
- * Module: library/pkcs5.c
- *
- * Requires: MBEDTLS_MD_C
- *
- * This module adds support for the PKCS#5 functions.
- */
-#define MBEDTLS_PKCS5_C
-
-/**
- * \def MBEDTLS_PKCS12_C
- *
- * Enable PKCS#12 PBE functions.
- * Adds algorithms for parsing PKCS#8 encrypted private keys
- *
- * Module: library/pkcs12.c
- * Caller: library/pkparse.c
- *
- * Requires: MBEDTLS_ASN1_PARSE_C, MBEDTLS_CIPHER_C, MBEDTLS_MD_C
- *
- * This module enables PKCS#12 functions.
- */
-#define MBEDTLS_PKCS12_C
-
-/**
- * \def MBEDTLS_PLATFORM_C
- *
- * Enable the platform abstraction layer that allows you to re-assign
- * functions like calloc(), free(), snprintf(), printf(), fprintf(), exit().
- *
- * Enabling MBEDTLS_PLATFORM_C enables to use of MBEDTLS_PLATFORM_XXX_ALT
- * or MBEDTLS_PLATFORM_XXX_MACRO directives, allowing the functions mentioned
- * above to be specified at runtime or compile time respectively.
- *
- * \note This abstraction layer must be enabled on Windows (including MSYS2)
- * as other module rely on it for a fixed snprintf implementation.
- *
- * Module: library/platform.c
- * Caller: Most other .c files
- *
- * This module enables abstraction of common (libc) functions.
- */
-#define MBEDTLS_PLATFORM_C
-
-/**
- * \def MBEDTLS_POLY1305_C
- *
- * Enable the Poly1305 MAC algorithm.
- *
- * Module: library/poly1305.c
- * Caller: library/chachapoly.c
- */
-#define MBEDTLS_POLY1305_C
-
-/**
- * \def MBEDTLS_PSA_CRYPTO_C
- *
- * Enable the Platform Security Architecture cryptography API.
- *
- * Module: library/psa_crypto.c
- *
- * Requires: either MBEDTLS_CTR_DRBG_C and MBEDTLS_ENTROPY_C,
- * or MBEDTLS_HMAC_DRBG_C and MBEDTLS_ENTROPY_C,
- * or MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG.
- *
- */
-#define MBEDTLS_PSA_CRYPTO_C
-
-/**
- * \def MBEDTLS_PSA_CRYPTO_SE_C
- *
- * Enable secure element support in the Platform Security Architecture
- * cryptography API.
- *
- * \warning This feature is not yet suitable for production. It is provided
- * for API evaluation and testing purposes only.
- *
- * Module: library/psa_crypto_se.c
- *
- * Requires: MBEDTLS_PSA_CRYPTO_C, MBEDTLS_PSA_CRYPTO_STORAGE_C
- *
- */
-//#define MBEDTLS_PSA_CRYPTO_SE_C
-
-/**
- * \def MBEDTLS_PSA_CRYPTO_STORAGE_C
- *
- * Enable the Platform Security Architecture persistent key storage.
- *
- * Module: library/psa_crypto_storage.c
- *
- * Requires: MBEDTLS_PSA_CRYPTO_C,
- * either MBEDTLS_PSA_ITS_FILE_C or a native implementation of
- * the PSA ITS interface
- */
-#define MBEDTLS_PSA_CRYPTO_STORAGE_C
-
-/**
- * \def MBEDTLS_PSA_ITS_FILE_C
- *
- * Enable the emulation of the Platform Security Architecture
- * Internal Trusted Storage (PSA ITS) over files.
- *
- * Module: library/psa_its_file.c
- *
- * Requires: MBEDTLS_FS_IO
- */
-#define MBEDTLS_PSA_ITS_FILE_C
-
-/**
- * \def MBEDTLS_RIPEMD160_C
- *
- * Enable the RIPEMD-160 hash algorithm.
- *
- * Module: library/ripemd160.c
- * Caller: library/md.c
- *
- */
-#define MBEDTLS_RIPEMD160_C
-
-/**
- * \def MBEDTLS_RSA_C
- *
- * Enable the RSA public-key cryptosystem.
- *
- * Module: library/rsa.c
- * library/rsa_alt_helpers.c
- * Caller: library/ssl_cli.c
- * library/ssl_srv.c
- * library/ssl_tls.c
- * library/x509.c
- *
- * This module is used by the following key exchanges:
- * RSA, DHE-RSA, ECDHE-RSA, RSA-PSK
- *
- * Requires: MBEDTLS_BIGNUM_C, MBEDTLS_OID_C
- */
-#define MBEDTLS_RSA_C
-
-/**
- * \def MBEDTLS_SHA1_C
- *
- * Enable the SHA1 cryptographic hash algorithm.
- *
- * Module: library/sha1.c
- * Caller: library/md.c
- * library/ssl_cli.c
- * library/ssl_srv.c
- * library/ssl_tls.c
- * library/x509write_crt.c
- *
- * This module is required for TLS 1.2 depending on the handshake parameters,
- * and for SHA1-signed certificates.
- *
- * \warning SHA-1 is considered a weak message digest and its use constitutes
- * a security risk. If possible, we recommend avoiding dependencies
- * on it, and considering stronger message digests instead.
- *
- */
-#define MBEDTLS_SHA1_C
-
-/**
- * \def MBEDTLS_SHA224_C
- *
- * Enable the SHA-224 cryptographic hash algorithm.
- *
- * Requires: MBEDTLS_SHA256_C. The library does not currently support enabling
- * SHA-224 without SHA-256.
- *
- * Module: library/sha256.c
- * Caller: library/md.c
- * library/ssl_cookie.c
- *
- * This module adds support for SHA-224.
- */
-#define MBEDTLS_SHA224_C
-
-/**
- * \def MBEDTLS_SHA256_C
- *
- * Enable the SHA-256 cryptographic hash algorithm.
- *
- * Requires: MBEDTLS_SHA224_C. The library does not currently support enabling
- * SHA-256 without SHA-224.
- *
- * Module: library/sha256.c
- * Caller: library/entropy.c
- * library/md.c
- * library/ssl_cli.c
- * library/ssl_srv.c
- * library/ssl_tls.c
- *
- * This module adds support for SHA-256.
- * This module is required for the SSL/TLS 1.2 PRF function.
- */
-#define MBEDTLS_SHA256_C
-
-/**
- * \def MBEDTLS_SHA384_C
- *
- * Enable the SHA-384 cryptographic hash algorithm.
- *
- * Requires: MBEDTLS_SHA512_C
- *
- * Module: library/sha512.c
- * Caller: library/md.c
- * library/ssl_cli.c
- * library/ssl_srv.c
- *
- * Comment to disable SHA-384
- */
-#define MBEDTLS_SHA384_C
-
-/**
- * \def MBEDTLS_SHA512_C
- *
- * Enable SHA-512 cryptographic hash algorithms.
- *
- * Module: library/sha512.c
- * Caller: library/entropy.c
- * library/md.c
- * library/ssl_tls.c
- * library/ssl_cookie.c
- *
- * This module adds support for SHA-512.
- */
-#define MBEDTLS_SHA512_C
-
-/**
- * \def MBEDTLS_SSL_CACHE_C
- *
- * Enable simple SSL cache implementation.
- *
- * Module: library/ssl_cache.c
- * Caller:
- *
- * Requires: MBEDTLS_SSL_CACHE_C
- */
-#define MBEDTLS_SSL_CACHE_C
-
-/**
- * \def MBEDTLS_SSL_COOKIE_C
- *
- * Enable basic implementation of DTLS cookies for hello verification.
- *
- * Module: library/ssl_cookie.c
- * Caller:
- */
-#define MBEDTLS_SSL_COOKIE_C
-
-/**
- * \def MBEDTLS_SSL_TICKET_C
- *
- * Enable an implementation of TLS server-side callbacks for session tickets.
- *
- * Module: library/ssl_ticket.c
- * Caller:
- *
- * Requires: MBEDTLS_CIPHER_C
- */
-#define MBEDTLS_SSL_TICKET_C
-
-/**
- * \def MBEDTLS_SSL_CLI_C
- *
- * Enable the SSL/TLS client code.
- *
- * Module: library/ssl_cli.c
- * Caller:
- *
- * Requires: MBEDTLS_SSL_TLS_C
- *
- * This module is required for SSL/TLS client support.
- */
-#define MBEDTLS_SSL_CLI_C
-
-/**
- * \def MBEDTLS_SSL_SRV_C
- *
- * Enable the SSL/TLS server code.
- *
- * Module: library/ssl_srv.c
- * Caller:
- *
- * Requires: MBEDTLS_SSL_TLS_C
- *
- * This module is required for SSL/TLS server support.
- */
-#define MBEDTLS_SSL_SRV_C
-
-/**
- * \def MBEDTLS_SSL_TLS_C
- *
- * Enable the generic SSL/TLS code.
- *
- * Module: library/ssl_tls.c
- * Caller: library/ssl_cli.c
- * library/ssl_srv.c
- *
- * Requires: MBEDTLS_CIPHER_C, MBEDTLS_MD_C
- * and at least one of the MBEDTLS_SSL_PROTO_XXX defines
- *
- * This module is required for SSL/TLS.
- */
-#define MBEDTLS_SSL_TLS_C
-
-/**
- * \def MBEDTLS_THREADING_C
- *
- * Enable the threading abstraction layer.
- * By default mbed TLS assumes it is used in a non-threaded environment or that
- * contexts are not shared between threads. If you do intend to use contexts
- * between threads, you will need to enable this layer to prevent race
- * conditions. See also our Knowledge Base article about threading:
- * https://tls.mbed.org/kb/development/thread-safety-and-multi-threading
- *
- * Module: library/threading.c
- *
- * This allows different threading implementations (self-implemented or
- * provided).
- *
- * You will have to enable either MBEDTLS_THREADING_ALT or
- * MBEDTLS_THREADING_PTHREAD.
- *
- * Enable this layer to allow use of mutexes within mbed TLS
- */
-//#define MBEDTLS_THREADING_C
-
-/**
- * \def MBEDTLS_TIMING_C
- *
- * Enable the semi-portable timing interface.
- *
- * \note The provided implementation only works on POSIX/Unix (including Linux,
- * BSD and OS X) and Windows. On other platforms, you can either disable that
- * module and provide your own implementations of the callbacks needed by
- * \c mbedtls_ssl_set_timer_cb() for DTLS, or leave it enabled and provide
- * your own implementation of the whole module by setting
- * \c MBEDTLS_TIMING_ALT in the current file.
- *
- * \note See also our Knowledge Base article about porting to a new
- * environment:
- * https://tls.mbed.org/kb/how-to/how-do-i-port-mbed-tls-to-a-new-environment-OS
- *
- * Module: library/timing.c
- */
-#define MBEDTLS_TIMING_C
-
-/**
- * \def MBEDTLS_VERSION_C
- *
- * Enable run-time version information.
- *
- * Module: library/version.c
- *
- * This module provides run-time version information.
- */
-#define MBEDTLS_VERSION_C
-
-/**
- * \def MBEDTLS_X509_USE_C
- *
- * Enable X.509 core for using certificates.
- *
- * Module: library/x509.c
- * Caller: library/x509_crl.c
- * library/x509_crt.c
- * library/x509_csr.c
- *
- * Requires: MBEDTLS_ASN1_PARSE_C, MBEDTLS_BIGNUM_C, MBEDTLS_OID_C,
- * MBEDTLS_PK_PARSE_C
- *
- * This module is required for the X.509 parsing modules.
- */
-#define MBEDTLS_X509_USE_C
-
-/**
- * \def MBEDTLS_X509_CRT_PARSE_C
- *
- * Enable X.509 certificate parsing.
- *
- * Module: library/x509_crt.c
- * Caller: library/ssl_cli.c
- * library/ssl_srv.c
- * library/ssl_tls.c
- *
- * Requires: MBEDTLS_X509_USE_C
- *
- * This module is required for X.509 certificate parsing.
- */
-#define MBEDTLS_X509_CRT_PARSE_C
-
-/**
- * \def MBEDTLS_X509_CRL_PARSE_C
- *
- * Enable X.509 CRL parsing.
- *
- * Module: library/x509_crl.c
- * Caller: library/x509_crt.c
- *
- * Requires: MBEDTLS_X509_USE_C
- *
- * This module is required for X.509 CRL parsing.
- */
-#define MBEDTLS_X509_CRL_PARSE_C
-
-/**
- * \def MBEDTLS_X509_CSR_PARSE_C
- *
- * Enable X.509 Certificate Signing Request (CSR) parsing.
- *
- * Module: library/x509_csr.c
- * Caller: library/x509_crt_write.c
- *
- * Requires: MBEDTLS_X509_USE_C
- *
- * This module is used for reading X.509 certificate request.
- */
-#define MBEDTLS_X509_CSR_PARSE_C
-
-/**
- * \def MBEDTLS_X509_CREATE_C
- *
- * Enable X.509 core for creating certificates.
- *
- * Module: library/x509_create.c
- *
- * Requires: MBEDTLS_BIGNUM_C, MBEDTLS_OID_C, MBEDTLS_PK_WRITE_C
- *
- * This module is the basis for creating X.509 certificates and CSRs.
- */
-#define MBEDTLS_X509_CREATE_C
-
-/**
- * \def MBEDTLS_X509_CRT_WRITE_C
- *
- * Enable creating X.509 certificates.
- *
- * Module: library/x509_crt_write.c
- *
- * Requires: MBEDTLS_X509_CREATE_C
- *
- * This module is required for X.509 certificate creation.
- */
-#define MBEDTLS_X509_CRT_WRITE_C
-
-/**
- * \def MBEDTLS_X509_CSR_WRITE_C
- *
- * Enable creating X.509 Certificate Signing Requests (CSR).
- *
- * Module: library/x509_csr_write.c
- *
- * Requires: MBEDTLS_X509_CREATE_C
- *
- * This module is required for X.509 certificate request writing.
- */
-#define MBEDTLS_X509_CSR_WRITE_C
-
-/* \} name SECTION: mbed TLS modules */
-
-/**
- * \name SECTION: Module configuration options
- *
- * This section allows for the setting of module specific sizes and
- * configuration options. The default values are already present in the
- * relevant header files and should suffice for the regular use cases.
- *
- * Our advice is to enable options and change their values here
- * only if you have a good reason and know the consequences.
- *
- * Please check the respective header file for documentation on these
- * parameters (to prevent duplicate documentation).
- * \{
- */
-
-/* MPI / BIGNUM options */
-//#define MBEDTLS_MPI_WINDOW_SIZE 6 /**< Maximum window size used. */
-//#define MBEDTLS_MPI_MAX_SIZE 1024 /**< Maximum number of bytes for usable MPIs. */
-
-/* CTR_DRBG options */
-//#define MBEDTLS_CTR_DRBG_ENTROPY_LEN 48 /**< Amount of entropy used per seed by default (48 with SHA-512, 32 with SHA-256) */
-//#define MBEDTLS_CTR_DRBG_RESEED_INTERVAL 10000 /**< Interval before reseed is performed by default */
-//#define MBEDTLS_CTR_DRBG_MAX_INPUT 256 /**< Maximum number of additional input bytes */
-//#define MBEDTLS_CTR_DRBG_MAX_REQUEST 1024 /**< Maximum number of requested bytes per call */
-//#define MBEDTLS_CTR_DRBG_MAX_SEED_INPUT 384 /**< Maximum size of (re)seed buffer */
-
-/* HMAC_DRBG options */
-//#define MBEDTLS_HMAC_DRBG_RESEED_INTERVAL 10000 /**< Interval before reseed is performed by default */
-//#define MBEDTLS_HMAC_DRBG_MAX_INPUT 256 /**< Maximum number of additional input bytes */
-//#define MBEDTLS_HMAC_DRBG_MAX_REQUEST 1024 /**< Maximum number of requested bytes per call */
-//#define MBEDTLS_HMAC_DRBG_MAX_SEED_INPUT 384 /**< Maximum size of (re)seed buffer */
-
-/* ECP options */
-//#define MBEDTLS_ECP_WINDOW_SIZE 4 /**< Maximum window size used */
-//#define MBEDTLS_ECP_FIXED_POINT_OPTIM 1 /**< Enable fixed-point speed-up */
-
-/* Entropy options */
-//#define MBEDTLS_ENTROPY_MAX_SOURCES 20 /**< Maximum number of sources supported */
-//#define MBEDTLS_ENTROPY_MAX_GATHER 128 /**< Maximum amount requested from entropy sources */
-//#define MBEDTLS_ENTROPY_MIN_HARDWARE 32 /**< Default minimum number of bytes required for the hardware entropy source mbedtls_hardware_poll() before entropy is released */
-
-/* Memory buffer allocator options */
-//#define MBEDTLS_MEMORY_ALIGN_MULTIPLE 4 /**< Align on multiples of this value */
-
-/* Platform options */
-//#define MBEDTLS_PLATFORM_STD_MEM_HDR /**< Header to include if MBEDTLS_PLATFORM_NO_STD_FUNCTIONS is defined. Don't define if no header is needed. */
-//#define MBEDTLS_PLATFORM_STD_CALLOC calloc /**< Default allocator to use, can be undefined */
-//#define MBEDTLS_PLATFORM_STD_FREE free /**< Default free to use, can be undefined */
-//#define MBEDTLS_PLATFORM_STD_EXIT exit /**< Default exit to use, can be undefined */
-//#define MBEDTLS_PLATFORM_STD_TIME time /**< Default time to use, can be undefined. MBEDTLS_HAVE_TIME must be enabled */
-//#define MBEDTLS_PLATFORM_STD_FPRINTF fprintf /**< Default fprintf to use, can be undefined */
-//#define MBEDTLS_PLATFORM_STD_PRINTF printf /**< Default printf to use, can be undefined */
-/* Note: your snprintf must correctly zero-terminate the buffer! */
-//#define MBEDTLS_PLATFORM_STD_SNPRINTF snprintf /**< Default snprintf to use, can be undefined */
-//#define MBEDTLS_PLATFORM_STD_EXIT_SUCCESS 0 /**< Default exit value to use, can be undefined */
-//#define MBEDTLS_PLATFORM_STD_EXIT_FAILURE 1 /**< Default exit value to use, can be undefined */
-//#define MBEDTLS_PLATFORM_STD_NV_SEED_READ mbedtls_platform_std_nv_seed_read /**< Default nv_seed_read function to use, can be undefined */
-//#define MBEDTLS_PLATFORM_STD_NV_SEED_WRITE mbedtls_platform_std_nv_seed_write /**< Default nv_seed_write function to use, can be undefined */
-//#define MBEDTLS_PLATFORM_STD_NV_SEED_FILE "seedfile" /**< Seed file to read/write with default implementation */
-
-/* To Use Function Macros MBEDTLS_PLATFORM_C must be enabled */
-/* MBEDTLS_PLATFORM_XXX_MACRO and MBEDTLS_PLATFORM_XXX_ALT cannot both be defined */
-//#define MBEDTLS_PLATFORM_CALLOC_MACRO calloc /**< Default allocator macro to use, can be undefined */
-//#define MBEDTLS_PLATFORM_FREE_MACRO free /**< Default free macro to use, can be undefined */
-//#define MBEDTLS_PLATFORM_EXIT_MACRO exit /**< Default exit macro to use, can be undefined */
-//#define MBEDTLS_PLATFORM_TIME_MACRO time /**< Default time macro to use, can be undefined. MBEDTLS_HAVE_TIME must be enabled */
-//#define MBEDTLS_PLATFORM_TIME_TYPE_MACRO time_t /**< Default time macro to use, can be undefined. MBEDTLS_HAVE_TIME must be enabled */
-//#define MBEDTLS_PLATFORM_FPRINTF_MACRO fprintf /**< Default fprintf macro to use, can be undefined */
-//#define MBEDTLS_PLATFORM_PRINTF_MACRO printf /**< Default printf macro to use, can be undefined */
-/* Note: your snprintf must correctly zero-terminate the buffer! */
-//#define MBEDTLS_PLATFORM_SNPRINTF_MACRO snprintf /**< Default snprintf macro to use, can be undefined */
-//#define MBEDTLS_PLATFORM_VSNPRINTF_MACRO vsnprintf /**< Default vsnprintf macro to use, can be undefined */
-//#define MBEDTLS_PLATFORM_NV_SEED_READ_MACRO mbedtls_platform_std_nv_seed_read /**< Default nv_seed_read function to use, can be undefined */
-//#define MBEDTLS_PLATFORM_NV_SEED_WRITE_MACRO mbedtls_platform_std_nv_seed_write /**< Default nv_seed_write function to use, can be undefined */
-
-/** \def MBEDTLS_CHECK_RETURN
- *
- * This macro is used at the beginning of the declaration of a function
- * to indicate that its return value should be checked. It should
- * instruct the compiler to emit a warning or an error if the function
- * is called without checking its return value.
- *
- * There is a default implementation for popular compilers in platform_util.h.
- * You can override the default implementation by defining your own here.
- *
- * If the implementation here is empty, this will effectively disable the
- * checking of functions' return values.
- */
-//#define MBEDTLS_CHECK_RETURN __attribute__((__warn_unused_result__))
-
-/** \def MBEDTLS_IGNORE_RETURN
- *
- * This macro requires one argument, which should be a C function call.
- * If that function call would cause a #MBEDTLS_CHECK_RETURN warning, this
- * warning is suppressed.
- */
-//#define MBEDTLS_IGNORE_RETURN( result ) ((void) !(result))
-
-/* PSA options */
-/**
- * Use HMAC_DRBG with the specified hash algorithm for HMAC_DRBG for the
- * PSA crypto subsystem.
- *
- * If this option is unset:
- * - If CTR_DRBG is available, the PSA subsystem uses it rather than HMAC_DRBG.
- * - Otherwise, the PSA subsystem uses HMAC_DRBG with either
- * #MBEDTLS_MD_SHA512 or #MBEDTLS_MD_SHA256 based on availability and
- * on unspecified heuristics.
- */
-//#define MBEDTLS_PSA_HMAC_DRBG_MD_TYPE MBEDTLS_MD_SHA256
-
-/** \def MBEDTLS_PSA_KEY_SLOT_COUNT
- * Restrict the PSA library to supporting a maximum amount of simultaneously
- * loaded keys. A loaded key is a key stored by the PSA Crypto core as a
- * volatile key, or a persistent key which is loaded temporarily by the
- * library as part of a crypto operation in flight.
- *
- * If this option is unset, the library will fall back to a default value of
- * 32 keys.
- */
-//#define MBEDTLS_PSA_KEY_SLOT_COUNT 32
-
-/* SSL Cache options */
-//#define MBEDTLS_SSL_CACHE_DEFAULT_TIMEOUT 86400 /**< 1 day */
-//#define MBEDTLS_SSL_CACHE_DEFAULT_MAX_ENTRIES 50 /**< Maximum entries in cache */
-
-/* SSL options */
-
-/** \def MBEDTLS_SSL_IN_CONTENT_LEN
- *
- * Maximum length (in bytes) of incoming plaintext fragments.
- *
- * This determines the size of the incoming TLS I/O buffer in such a way
- * that it is capable of holding the specified amount of plaintext data,
- * regardless of the protection mechanism used.
- *
- * \note When using a value less than the default of 16KB on the client, it is
- * recommended to use the Maximum Fragment Length (MFL) extension to
- * inform the server about this limitation. On the server, there
- * is no supported, standardized way of informing the client about
- * restriction on the maximum size of incoming messages, and unless
- * the limitation has been communicated by other means, it is recommended
- * to only change the outgoing buffer size #MBEDTLS_SSL_OUT_CONTENT_LEN
- * while keeping the default value of 16KB for the incoming buffer.
- *
- * Uncomment to set the maximum plaintext size of the incoming I/O buffer.
- */
-//#define MBEDTLS_SSL_IN_CONTENT_LEN 16384
-
-/** \def MBEDTLS_SSL_CID_IN_LEN_MAX
- *
- * The maximum length of CIDs used for incoming DTLS messages.
- *
- */
-//#define MBEDTLS_SSL_CID_IN_LEN_MAX 32
-
-/** \def MBEDTLS_SSL_CID_OUT_LEN_MAX
- *
- * The maximum length of CIDs used for outgoing DTLS messages.
- *
- */
-//#define MBEDTLS_SSL_CID_OUT_LEN_MAX 32
-
-/** \def MBEDTLS_SSL_CID_TLS1_3_PADDING_GRANULARITY
- *
- * This option controls the use of record plaintext padding
- * in TLS 1.3 and when using the Connection ID extension in DTLS 1.2.
- *
- * The padding will always be chosen so that the length of the
- * padded plaintext is a multiple of the value of this option.
- *
- * Note: A value of \c 1 means that no padding will be used
- * for outgoing records.
- *
- * Note: On systems lacking division instructions,
- * a power of two should be preferred.
- */
-//#define MBEDTLS_SSL_CID_TLS1_3_PADDING_GRANULARITY 16
-
-/** \def MBEDTLS_SSL_OUT_CONTENT_LEN
- *
- * Maximum length (in bytes) of outgoing plaintext fragments.
- *
- * This determines the size of the outgoing TLS I/O buffer in such a way
- * that it is capable of holding the specified amount of plaintext data,
- * regardless of the protection mechanism used.
- *
- * It is possible to save RAM by setting a smaller outward buffer, while keeping
- * the default inward 16384 byte buffer to conform to the TLS specification.
- *
- * The minimum required outward buffer size is determined by the handshake
- * protocol's usage. Handshaking will fail if the outward buffer is too small.
- * The specific size requirement depends on the configured ciphers and any
- * certificate data which is sent during the handshake.
- *
- * Uncomment to set the maximum plaintext size of the outgoing I/O buffer.
- */
-//#define MBEDTLS_SSL_OUT_CONTENT_LEN 16384
-
-/** \def MBEDTLS_SSL_DTLS_MAX_BUFFERING
- *
- * Maximum number of heap-allocated bytes for the purpose of
- * DTLS handshake message reassembly and future message buffering.
- *
- * This should be at least 9/8 * MBEDTLS_SSL_IN_CONTENT_LEN
- * to account for a reassembled handshake message of maximum size,
- * together with its reassembly bitmap.
- *
- * A value of 2 * MBEDTLS_SSL_IN_CONTENT_LEN (32768 by default)
- * should be sufficient for all practical situations as it allows
- * to reassembly a large handshake message (such as a certificate)
- * while buffering multiple smaller handshake messages.
- *
- */
-//#define MBEDTLS_SSL_DTLS_MAX_BUFFERING 32768
-
-//#define MBEDTLS_PSK_MAX_LEN 32 /**< Max size of TLS pre-shared keys, in bytes (default 256 bits) */
-//#define MBEDTLS_SSL_COOKIE_TIMEOUT 60 /**< Default expiration delay of DTLS cookies, in seconds if HAVE_TIME, or in number of cookies issued */
-
-/** \def MBEDTLS_TLS_EXT_CID
- *
- * At the time of writing, the CID extension has not been assigned its
- * final value. Set this configuration option to make Mbed TLS use a
- * different value.
- *
- * A future minor revision of Mbed TLS may change the default value of
- * this option to match evolving standards and usage.
- */
-//#define MBEDTLS_TLS_EXT_CID 254
-
-/**
- * Complete list of ciphersuites to use, in order of preference.
- *
- * \warning No dependency checking is done on that field! This option can only
- * be used to restrict the set of available ciphersuites. It is your
- * responsibility to make sure the needed modules are active.
- *
- * Use this to save a few hundred bytes of ROM (default ordering of all
- * available ciphersuites) and a few to a few hundred bytes of RAM.
- *
- * The value below is only an example, not the default.
- */
-//#define MBEDTLS_SSL_CIPHERSUITES MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
-
-/* X509 options */
-//#define MBEDTLS_X509_MAX_INTERMEDIATE_CA 8 /**< Maximum number of intermediate CAs in a verification chain. */
-//#define MBEDTLS_X509_MAX_FILE_PATH_LEN 512 /**< Maximum length of a path/filename string in bytes including the null terminator character ('\0'). */
-
-/**
- * Uncomment the macro to let mbed TLS use your alternate implementation of
- * mbedtls_platform_zeroize(). This replaces the default implementation in
- * platform_util.c.
- *
- * mbedtls_platform_zeroize() is a widely used function across the library to
- * zero a block of memory. The implementation is expected to be secure in the
- * sense that it has been written to prevent the compiler from removing calls
- * to mbedtls_platform_zeroize() as part of redundant code elimination
- * optimizations. However, it is difficult to guarantee that calls to
- * mbedtls_platform_zeroize() will not be optimized by the compiler as older
- * versions of the C language standards do not provide a secure implementation
- * of memset(). Therefore, MBEDTLS_PLATFORM_ZEROIZE_ALT enables users to
- * configure their own implementation of mbedtls_platform_zeroize(), for
- * example by using directives specific to their compiler, features from newer
- * C standards (e.g using memset_s() in C11) or calling a secure memset() from
- * their system (e.g explicit_bzero() in BSD).
- */
-//#define MBEDTLS_PLATFORM_ZEROIZE_ALT
-
-/**
- * Uncomment the macro to let Mbed TLS use your alternate implementation of
- * mbedtls_platform_gmtime_r(). This replaces the default implementation in
- * platform_util.c.
- *
- * gmtime() is not a thread-safe function as defined in the C standard. The
- * library will try to use safer implementations of this function, such as
- * gmtime_r() when available. However, if Mbed TLS cannot identify the target
- * system, the implementation of mbedtls_platform_gmtime_r() will default to
- * using the standard gmtime(). In this case, calls from the library to
- * gmtime() will be guarded by the global mutex mbedtls_threading_gmtime_mutex
- * if MBEDTLS_THREADING_C is enabled. We recommend that calls from outside the
- * library are also guarded with this mutex to avoid race conditions. However,
- * if the macro MBEDTLS_PLATFORM_GMTIME_R_ALT is defined, Mbed TLS will
- * unconditionally use the implementation for mbedtls_platform_gmtime_r()
- * supplied at compile time.
- */
-//#define MBEDTLS_PLATFORM_GMTIME_R_ALT
-
-/**
- * Enable the verified implementations of ECDH primitives from Project Everest
- * (currently only Curve25519). This feature changes the layout of ECDH
- * contexts and therefore is a compatibility break for applications that access
- * fields of a mbedtls_ecdh_context structure directly. See also
- * MBEDTLS_ECDH_LEGACY_CONTEXT in include/mbedtls/ecdh.h.
- */
-//#define MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED
-
-/* \} name SECTION: Customisation configuration options */
diff --git a/mbedtls/md.h b/mbedtls/md.h
deleted file mode 100644
index 2b668f5..0000000
--- a/mbedtls/md.h
+++ /dev/null
@@ -1,464 +0,0 @@
- /**
- * \file md.h
- *
- * \brief This file contains the generic message-digest wrapper.
- *
- * \author Adriaan de Jong
- */
-/*
- * Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-#ifndef MBEDTLS_MD_H
-#define MBEDTLS_MD_H
-#include "mbedtls/private_access.h"
-
-#include
-
-#include "mbedtls/build_info.h"
-#include "mbedtls/platform_util.h"
-
-/** The selected feature is not available. */
-#define MBEDTLS_ERR_MD_FEATURE_UNAVAILABLE -0x5080
-/** Bad input parameters to function. */
-#define MBEDTLS_ERR_MD_BAD_INPUT_DATA -0x5100
-/** Failed to allocate memory. */
-#define MBEDTLS_ERR_MD_ALLOC_FAILED -0x5180
-/** Opening or reading of file failed. */
-#define MBEDTLS_ERR_MD_FILE_IO_ERROR -0x5200
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/**
- * \brief Supported message digests.
- *
- * \warning MD5 and SHA-1 are considered weak message digests and
- * their use constitutes a security risk. We recommend considering
- * stronger message digests instead.
- *
- */
-typedef enum {
- MBEDTLS_MD_NONE=0, /**< None. */
- MBEDTLS_MD_MD5, /**< The MD5 message digest. */
- MBEDTLS_MD_SHA1, /**< The SHA-1 message digest. */
- MBEDTLS_MD_SHA224, /**< The SHA-224 message digest. */
- MBEDTLS_MD_SHA256, /**< The SHA-256 message digest. */
- MBEDTLS_MD_SHA384, /**< The SHA-384 message digest. */
- MBEDTLS_MD_SHA512, /**< The SHA-512 message digest. */
- MBEDTLS_MD_RIPEMD160, /**< The RIPEMD-160 message digest. */
-} mbedtls_md_type_t;
-
-#if defined(MBEDTLS_SHA512_C)
-#define MBEDTLS_MD_MAX_SIZE 64 /* longest known is SHA512 */
-#else
-#define MBEDTLS_MD_MAX_SIZE 32 /* longest known is SHA256 or less */
-#endif
-
-#if defined(MBEDTLS_SHA512_C)
-#define MBEDTLS_MD_MAX_BLOCK_SIZE 128
-#else
-#define MBEDTLS_MD_MAX_BLOCK_SIZE 64
-#endif
-
-/**
- * Opaque struct.
- *
- * Constructed using either #mbedtls_md_info_from_string or
- * #mbedtls_md_info_from_type.
- *
- * Fields can be accessed with #mbedtls_md_get_size,
- * #mbedtls_md_get_type and #mbedtls_md_get_name.
- */
-/* Defined internally in library/md_wrap.h. */
-typedef struct mbedtls_md_info_t mbedtls_md_info_t;
-
-/**
- * The generic message-digest context.
- */
-typedef struct mbedtls_md_context_t
-{
- /** Information about the associated message digest. */
- const mbedtls_md_info_t *MBEDTLS_PRIVATE(md_info);
-
- /** The digest-specific context. */
- void *MBEDTLS_PRIVATE(md_ctx);
-
- /** The HMAC part of the context. */
- void *MBEDTLS_PRIVATE(hmac_ctx);
-} mbedtls_md_context_t;
-
-/**
- * \brief This function returns the list of digests supported by the
- * generic digest module.
- *
- * \note The list starts with the strongest available hashes.
- *
- * \return A statically allocated array of digests. Each element
- * in the returned list is an integer belonging to the
- * message-digest enumeration #mbedtls_md_type_t.
- * The last entry is 0.
- */
-const int *mbedtls_md_list( void );
-
-/**
- * \brief This function returns the message-digest information
- * associated with the given digest name.
- *
- * \param md_name The name of the digest to search for.
- *
- * \return The message-digest information associated with \p md_name.
- * \return NULL if the associated message-digest information is not found.
- */
-const mbedtls_md_info_t *mbedtls_md_info_from_string( const char *md_name );
-
-/**
- * \brief This function returns the message-digest information
- * associated with the given digest type.
- *
- * \param md_type The type of digest to search for.
- *
- * \return The message-digest information associated with \p md_type.
- * \return NULL if the associated message-digest information is not found.
- */
-const mbedtls_md_info_t *mbedtls_md_info_from_type( mbedtls_md_type_t md_type );
-
-/**
- * \brief This function initializes a message-digest context without
- * binding it to a particular message-digest algorithm.
- *
- * This function should always be called first. It prepares the
- * context for mbedtls_md_setup() for binding it to a
- * message-digest algorithm.
- */
-void mbedtls_md_init( mbedtls_md_context_t *ctx );
-
-/**
- * \brief This function clears the internal structure of \p ctx and
- * frees any embedded internal structure, but does not free
- * \p ctx itself.
- *
- * If you have called mbedtls_md_setup() on \p ctx, you must
- * call mbedtls_md_free() when you are no longer using the
- * context.
- * Calling this function if you have previously
- * called mbedtls_md_init() and nothing else is optional.
- * You must not call this function if you have not called
- * mbedtls_md_init().
- */
-void mbedtls_md_free( mbedtls_md_context_t *ctx );
-
-
-/**
- * \brief This function selects the message digest algorithm to use,
- * and allocates internal structures.
- *
- * It should be called after mbedtls_md_init() or
- * mbedtls_md_free(). Makes it necessary to call
- * mbedtls_md_free() later.
- *
- * \param ctx The context to set up.
- * \param md_info The information structure of the message-digest algorithm
- * to use.
- * \param hmac Defines if HMAC is used. 0: HMAC is not used (saves some memory),
- * or non-zero: HMAC is used with this context.
- *
- * \return \c 0 on success.
- * \return #MBEDTLS_ERR_MD_BAD_INPUT_DATA on parameter-verification
- * failure.
- * \return #MBEDTLS_ERR_MD_ALLOC_FAILED on memory-allocation failure.
- */
-MBEDTLS_CHECK_RETURN_TYPICAL
-int mbedtls_md_setup( mbedtls_md_context_t *ctx, const mbedtls_md_info_t *md_info, int hmac );
-
-/**
- * \brief This function clones the state of an message-digest
- * context.
- *
- * \note You must call mbedtls_md_setup() on \c dst before calling
- * this function.
- *
- * \note The two contexts must have the same type,
- * for example, both are SHA-256.
- *
- * \warning This function clones the message-digest state, not the
- * HMAC state.
- *
- * \param dst The destination context.
- * \param src The context to be cloned.
- *
- * \return \c 0 on success.
- * \return #MBEDTLS_ERR_MD_BAD_INPUT_DATA on parameter-verification failure.
- */
-MBEDTLS_CHECK_RETURN_TYPICAL
-int mbedtls_md_clone( mbedtls_md_context_t *dst,
- const mbedtls_md_context_t *src );
-
-/**
- * \brief This function extracts the message-digest size from the
- * message-digest information structure.
- *
- * \param md_info The information structure of the message-digest algorithm
- * to use.
- *
- * \return The size of the message-digest output in Bytes.
- */
-unsigned char mbedtls_md_get_size( const mbedtls_md_info_t *md_info );
-
-/**
- * \brief This function extracts the message-digest type from the
- * message-digest information structure.
- *
- * \param md_info The information structure of the message-digest algorithm
- * to use.
- *
- * \return The type of the message digest.
- */
-mbedtls_md_type_t mbedtls_md_get_type( const mbedtls_md_info_t *md_info );
-
-/**
- * \brief This function extracts the message-digest name from the
- * message-digest information structure.
- *
- * \param md_info The information structure of the message-digest algorithm
- * to use.
- *
- * \return The name of the message digest.
- */
-const char *mbedtls_md_get_name( const mbedtls_md_info_t *md_info );
-
-/**
- * \brief This function starts a message-digest computation.
- *
- * You must call this function after setting up the context
- * with mbedtls_md_setup(), and before passing data with
- * mbedtls_md_update().
- *
- * \param ctx The generic message-digest context.
- *
- * \return \c 0 on success.
- * \return #MBEDTLS_ERR_MD_BAD_INPUT_DATA on parameter-verification
- * failure.
- */
-MBEDTLS_CHECK_RETURN_TYPICAL
-int mbedtls_md_starts( mbedtls_md_context_t *ctx );
-
-/**
- * \brief This function feeds an input buffer into an ongoing
- * message-digest computation.
- *
- * You must call mbedtls_md_starts() before calling this
- * function. You may call this function multiple times.
- * Afterwards, call mbedtls_md_finish().
- *
- * \param ctx The generic message-digest context.
- * \param input The buffer holding the input data.
- * \param ilen The length of the input data.
- *
- * \return \c 0 on success.
- * \return #MBEDTLS_ERR_MD_BAD_INPUT_DATA on parameter-verification
- * failure.
- */
-MBEDTLS_CHECK_RETURN_TYPICAL
-int mbedtls_md_update( mbedtls_md_context_t *ctx, const unsigned char *input, size_t ilen );
-
-/**
- * \brief This function finishes the digest operation,
- * and writes the result to the output buffer.
- *
- * Call this function after a call to mbedtls_md_starts(),
- * followed by any number of calls to mbedtls_md_update().
- * Afterwards, you may either clear the context with
- * mbedtls_md_free(), or call mbedtls_md_starts() to reuse
- * the context for another digest operation with the same
- * algorithm.
- *
- * \param ctx The generic message-digest context.
- * \param output The buffer for the generic message-digest checksum result.
- *
- * \return \c 0 on success.
- * \return #MBEDTLS_ERR_MD_BAD_INPUT_DATA on parameter-verification
- * failure.
- */
-MBEDTLS_CHECK_RETURN_TYPICAL
-int mbedtls_md_finish( mbedtls_md_context_t *ctx, unsigned char *output );
-
-/**
- * \brief This function calculates the message-digest of a buffer,
- * with respect to a configurable message-digest algorithm
- * in a single call.
- *
- * The result is calculated as
- * Output = message_digest(input buffer).
- *
- * \param md_info The information structure of the message-digest algorithm
- * to use.
- * \param input The buffer holding the data.
- * \param ilen The length of the input data.
- * \param output The generic message-digest checksum result.
- *
- * \return \c 0 on success.
- * \return #MBEDTLS_ERR_MD_BAD_INPUT_DATA on parameter-verification
- * failure.
- */
-MBEDTLS_CHECK_RETURN_TYPICAL
-int mbedtls_md( const mbedtls_md_info_t *md_info, const unsigned char *input, size_t ilen,
- unsigned char *output );
-
-#if defined(MBEDTLS_FS_IO)
-/**
- * \brief This function calculates the message-digest checksum
- * result of the contents of the provided file.
- *
- * The result is calculated as
- * Output = message_digest(file contents).
- *
- * \param md_info The information structure of the message-digest algorithm
- * to use.
- * \param path The input file name.
- * \param output The generic message-digest checksum result.
- *
- * \return \c 0 on success.
- * \return #MBEDTLS_ERR_MD_FILE_IO_ERROR on an I/O error accessing
- * the file pointed by \p path.
- * \return #MBEDTLS_ERR_MD_BAD_INPUT_DATA if \p md_info was NULL.
- */
-MBEDTLS_CHECK_RETURN_TYPICAL
-int mbedtls_md_file( const mbedtls_md_info_t *md_info, const char *path,
- unsigned char *output );
-#endif /* MBEDTLS_FS_IO */
-
-/**
- * \brief This function sets the HMAC key and prepares to
- * authenticate a new message.
- *
- * Call this function after mbedtls_md_setup(), to use
- * the MD context for an HMAC calculation, then call
- * mbedtls_md_hmac_update() to provide the input data, and
- * mbedtls_md_hmac_finish() to get the HMAC value.
- *
- * \param ctx The message digest context containing an embedded HMAC
- * context.
- * \param key The HMAC secret key.
- * \param keylen The length of the HMAC key in Bytes.
- *
- * \return \c 0 on success.
- * \return #MBEDTLS_ERR_MD_BAD_INPUT_DATA on parameter-verification
- * failure.
- */
-MBEDTLS_CHECK_RETURN_TYPICAL
-int mbedtls_md_hmac_starts( mbedtls_md_context_t *ctx, const unsigned char *key,
- size_t keylen );
-
-/**
- * \brief This function feeds an input buffer into an ongoing HMAC
- * computation.
- *
- * Call mbedtls_md_hmac_starts() or mbedtls_md_hmac_reset()
- * before calling this function.
- * You may call this function multiple times to pass the
- * input piecewise.
- * Afterwards, call mbedtls_md_hmac_finish().
- *
- * \param ctx The message digest context containing an embedded HMAC
- * context.
- * \param input The buffer holding the input data.
- * \param ilen The length of the input data.
- *
- * \return \c 0 on success.
- * \return #MBEDTLS_ERR_MD_BAD_INPUT_DATA on parameter-verification
- * failure.
- */
-MBEDTLS_CHECK_RETURN_TYPICAL
-int mbedtls_md_hmac_update( mbedtls_md_context_t *ctx, const unsigned char *input,
- size_t ilen );
-
-/**
- * \brief This function finishes the HMAC operation, and writes
- * the result to the output buffer.
- *
- * Call this function after mbedtls_md_hmac_starts() and
- * mbedtls_md_hmac_update() to get the HMAC value. Afterwards
- * you may either call mbedtls_md_free() to clear the context,
- * or call mbedtls_md_hmac_reset() to reuse the context with
- * the same HMAC key.
- *
- * \param ctx The message digest context containing an embedded HMAC
- * context.
- * \param output The generic HMAC checksum result.
- *
- * \return \c 0 on success.
- * \return #MBEDTLS_ERR_MD_BAD_INPUT_DATA on parameter-verification
- * failure.
- */
-MBEDTLS_CHECK_RETURN_TYPICAL
-int mbedtls_md_hmac_finish( mbedtls_md_context_t *ctx, unsigned char *output);
-
-/**
- * \brief This function prepares to authenticate a new message with
- * the same key as the previous HMAC operation.
- *
- * You may call this function after mbedtls_md_hmac_finish().
- * Afterwards call mbedtls_md_hmac_update() to pass the new
- * input.
- *
- * \param ctx The message digest context containing an embedded HMAC
- * context.
- *
- * \return \c 0 on success.
- * \return #MBEDTLS_ERR_MD_BAD_INPUT_DATA on parameter-verification
- * failure.
- */
-MBEDTLS_CHECK_RETURN_TYPICAL
-int mbedtls_md_hmac_reset( mbedtls_md_context_t *ctx );
-
-/**
- * \brief This function calculates the full generic HMAC
- * on the input buffer with the provided key.
- *
- * The function allocates the context, performs the
- * calculation, and frees the context.
- *
- * The HMAC result is calculated as
- * output = generic HMAC(hmac key, input buffer).
- *
- * \param md_info The information structure of the message-digest algorithm
- * to use.
- * \param key The HMAC secret key.
- * \param keylen The length of the HMAC secret key in Bytes.
- * \param input The buffer holding the input data.
- * \param ilen The length of the input data.
- * \param output The generic HMAC result.
- *
- * \return \c 0 on success.
- * \return #MBEDTLS_ERR_MD_BAD_INPUT_DATA on parameter-verification
- * failure.
- */
-MBEDTLS_CHECK_RETURN_TYPICAL
-int mbedtls_md_hmac( const mbedtls_md_info_t *md_info, const unsigned char *key, size_t keylen,
- const unsigned char *input, size_t ilen,
- unsigned char *output );
-
-/* Internal use */
-MBEDTLS_CHECK_RETURN_TYPICAL
-int mbedtls_md_process( mbedtls_md_context_t *ctx, const unsigned char *data );
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* MBEDTLS_MD_H */
diff --git a/mbedtls/md5.h b/mbedtls/md5.h
deleted file mode 100644
index e7befc3..0000000
--- a/mbedtls/md5.h
+++ /dev/null
@@ -1,203 +0,0 @@
-/**
- * \file md5.h
- *
- * \brief MD5 message digest algorithm (hash function)
- *
- * \warning MD5 is considered a weak message digest and its use constitutes a
- * security risk. We recommend considering stronger message
- * digests instead.
- */
-/*
- * Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-#ifndef MBEDTLS_MD5_H
-#define MBEDTLS_MD5_H
-#include "mbedtls/private_access.h"
-
-#include "mbedtls/build_info.h"
-
-#include
-#include
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-#if !defined(MBEDTLS_MD5_ALT)
-// Regular implementation
-//
-
-/**
- * \brief MD5 context structure
- *
- * \warning MD5 is considered a weak message digest and its use
- * constitutes a security risk. We recommend considering
- * stronger message digests instead.
- *
- */
-typedef struct mbedtls_md5_context
-{
- uint32_t MBEDTLS_PRIVATE(total)[2]; /*!< number of bytes processed */
- uint32_t MBEDTLS_PRIVATE(state)[4]; /*!< intermediate digest state */
- unsigned char MBEDTLS_PRIVATE(buffer)[64]; /*!< data block being processed */
-}
-mbedtls_md5_context;
-
-#else /* MBEDTLS_MD5_ALT */
-#include "md5_alt.h"
-#endif /* MBEDTLS_MD5_ALT */
-
-/**
- * \brief Initialize MD5 context
- *
- * \param ctx MD5 context to be initialized
- *
- * \warning MD5 is considered a weak message digest and its use
- * constitutes a security risk. We recommend considering
- * stronger message digests instead.
- *
- */
-void mbedtls_md5_init( mbedtls_md5_context *ctx );
-
-/**
- * \brief Clear MD5 context
- *
- * \param ctx MD5 context to be cleared
- *
- * \warning MD5 is considered a weak message digest and its use
- * constitutes a security risk. We recommend considering
- * stronger message digests instead.
- *
- */
-void mbedtls_md5_free( mbedtls_md5_context *ctx );
-
-/**
- * \brief Clone (the state of) an MD5 context
- *
- * \param dst The destination context
- * \param src The context to be cloned
- *
- * \warning MD5 is considered a weak message digest and its use
- * constitutes a security risk. We recommend considering
- * stronger message digests instead.
- *
- */
-void mbedtls_md5_clone( mbedtls_md5_context *dst,
- const mbedtls_md5_context *src );
-
-/**
- * \brief MD5 context setup
- *
- * \param ctx context to be initialized
- *
- * \return 0 if successful
- *
- * \warning MD5 is considered a weak message digest and its use
- * constitutes a security risk. We recommend considering
- * stronger message digests instead.
- *
- */
-int mbedtls_md5_starts( mbedtls_md5_context *ctx );
-
-/**
- * \brief MD5 process buffer
- *
- * \param ctx MD5 context
- * \param input buffer holding the data
- * \param ilen length of the input data
- *
- * \return 0 if successful
- *
- * \warning MD5 is considered a weak message digest and its use
- * constitutes a security risk. We recommend considering
- * stronger message digests instead.
- *
- */
-int mbedtls_md5_update( mbedtls_md5_context *ctx,
- const unsigned char *input,
- size_t ilen );
-
-/**
- * \brief MD5 final digest
- *
- * \param ctx MD5 context
- * \param output MD5 checksum result
- *
- * \return 0 if successful
- *
- * \warning MD5 is considered a weak message digest and its use
- * constitutes a security risk. We recommend considering
- * stronger message digests instead.
- *
- */
-int mbedtls_md5_finish( mbedtls_md5_context *ctx,
- unsigned char output[16] );
-
-/**
- * \brief MD5 process data block (internal use only)
- *
- * \param ctx MD5 context
- * \param data buffer holding one block of data
- *
- * \return 0 if successful
- *
- * \warning MD5 is considered a weak message digest and its use
- * constitutes a security risk. We recommend considering
- * stronger message digests instead.
- *
- */
-int mbedtls_internal_md5_process( mbedtls_md5_context *ctx,
- const unsigned char data[64] );
-
-/**
- * \brief Output = MD5( input buffer )
- *
- * \param input buffer holding the data
- * \param ilen length of the input data
- * \param output MD5 checksum result
- *
- * \return 0 if successful
- *
- * \warning MD5 is considered a weak message digest and its use
- * constitutes a security risk. We recommend considering
- * stronger message digests instead.
- *
- */
-int mbedtls_md5( const unsigned char *input,
- size_t ilen,
- unsigned char output[16] );
-
-#if defined(MBEDTLS_SELF_TEST)
-
-/**
- * \brief Checkup routine
- *
- * \return 0 if successful, or 1 if the test failed
- *
- * \warning MD5 is considered a weak message digest and its use
- * constitutes a security risk. We recommend considering
- * stronger message digests instead.
- *
- */
-int mbedtls_md5_self_test( int verbose );
-
-#endif /* MBEDTLS_SELF_TEST */
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* mbedtls_md5.h */
diff --git a/mbedtls/memory_buffer_alloc.h b/mbedtls/memory_buffer_alloc.h
deleted file mode 100644
index d4737f5..0000000
--- a/mbedtls/memory_buffer_alloc.h
+++ /dev/null
@@ -1,145 +0,0 @@
-/**
- * \file memory_buffer_alloc.h
- *
- * \brief Buffer-based memory allocator
- */
-/*
- * Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-#ifndef MBEDTLS_MEMORY_BUFFER_ALLOC_H
-#define MBEDTLS_MEMORY_BUFFER_ALLOC_H
-
-#include "mbedtls/build_info.h"
-
-#include
-
-/**
- * \name SECTION: Module settings
- *
- * The configuration options you can set for this module are in this section.
- * Either change them in mbedtls_config.h or define them on the compiler command line.
- * \{
- */
-
-#if !defined(MBEDTLS_MEMORY_ALIGN_MULTIPLE)
-#define MBEDTLS_MEMORY_ALIGN_MULTIPLE 4 /**< Align on multiples of this value */
-#endif
-
-/* \} name SECTION: Module settings */
-
-#define MBEDTLS_MEMORY_VERIFY_NONE 0
-#define MBEDTLS_MEMORY_VERIFY_ALLOC (1 << 0)
-#define MBEDTLS_MEMORY_VERIFY_FREE (1 << 1)
-#define MBEDTLS_MEMORY_VERIFY_ALWAYS (MBEDTLS_MEMORY_VERIFY_ALLOC | MBEDTLS_MEMORY_VERIFY_FREE)
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/**
- * \brief Initialize use of stack-based memory allocator.
- * The stack-based allocator does memory management inside the
- * presented buffer and does not call calloc() and free().
- * It sets the global mbedtls_calloc() and mbedtls_free() pointers
- * to its own functions.
- * (Provided mbedtls_calloc() and mbedtls_free() are thread-safe if
- * MBEDTLS_THREADING_C is defined)
- *
- * \note This code is not optimized and provides a straight-forward
- * implementation of a stack-based memory allocator.
- *
- * \param buf buffer to use as heap
- * \param len size of the buffer
- */
-void mbedtls_memory_buffer_alloc_init( unsigned char *buf, size_t len );
-
-/**
- * \brief Free the mutex for thread-safety and clear remaining memory
- */
-void mbedtls_memory_buffer_alloc_free( void );
-
-/**
- * \brief Determine when the allocator should automatically verify the state
- * of the entire chain of headers / meta-data.
- * (Default: MBEDTLS_MEMORY_VERIFY_NONE)
- *
- * \param verify One of MBEDTLS_MEMORY_VERIFY_NONE, MBEDTLS_MEMORY_VERIFY_ALLOC,
- * MBEDTLS_MEMORY_VERIFY_FREE or MBEDTLS_MEMORY_VERIFY_ALWAYS
- */
-void mbedtls_memory_buffer_set_verify( int verify );
-
-#if defined(MBEDTLS_MEMORY_DEBUG)
-/**
- * \brief Print out the status of the allocated memory (primarily for use
- * after a program should have de-allocated all memory)
- * Prints out a list of 'still allocated' blocks and their stack
- * trace if MBEDTLS_MEMORY_BACKTRACE is defined.
- */
-void mbedtls_memory_buffer_alloc_status( void );
-
-/**
- * \brief Get the peak heap usage so far
- *
- * \param max_used Peak number of bytes in use or committed. This
- * includes bytes in allocated blocks too small to split
- * into smaller blocks but larger than the requested size.
- * \param max_blocks Peak number of blocks in use, including free and used
- */
-void mbedtls_memory_buffer_alloc_max_get( size_t *max_used, size_t *max_blocks );
-
-/**
- * \brief Reset peak statistics
- */
-void mbedtls_memory_buffer_alloc_max_reset( void );
-
-/**
- * \brief Get the current heap usage
- *
- * \param cur_used Current number of bytes in use or committed. This
- * includes bytes in allocated blocks too small to split
- * into smaller blocks but larger than the requested size.
- * \param cur_blocks Current number of blocks in use, including free and used
- */
-void mbedtls_memory_buffer_alloc_cur_get( size_t *cur_used, size_t *cur_blocks );
-#endif /* MBEDTLS_MEMORY_DEBUG */
-
-/**
- * \brief Verifies that all headers in the memory buffer are correct
- * and contain sane values. Helps debug buffer-overflow errors.
- *
- * Prints out first failure if MBEDTLS_MEMORY_DEBUG is defined.
- * Prints out full header information if MBEDTLS_MEMORY_DEBUG
- * is defined. (Includes stack trace information for each block if
- * MBEDTLS_MEMORY_BACKTRACE is defined as well).
- *
- * \return 0 if verified, 1 otherwise
- */
-int mbedtls_memory_buffer_alloc_verify( void );
-
-#if defined(MBEDTLS_SELF_TEST)
-/**
- * \brief Checkup routine
- *
- * \return 0 if successful, or 1 if a test failed
- */
-int mbedtls_memory_buffer_alloc_self_test( int verbose );
-#endif
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* memory_buffer_alloc.h */
diff --git a/mbedtls/net_sockets.h b/mbedtls/net_sockets.h
deleted file mode 100644
index 0c754b1..0000000
--- a/mbedtls/net_sockets.h
+++ /dev/null
@@ -1,304 +0,0 @@
-/**
- * \file net_sockets.h
- *
- * \brief Network sockets abstraction layer to integrate Mbed TLS into a
- * BSD-style sockets API.
- *
- * The network sockets module provides an example integration of the
- * Mbed TLS library into a BSD sockets implementation. The module is
- * intended to be an example of how Mbed TLS can be integrated into a
- * networking stack, as well as to be Mbed TLS's network integration
- * for its supported platforms.
- *
- * The module is intended only to be used with the Mbed TLS library and
- * is not intended to be used by third party application software
- * directly.
- *
- * The supported platforms are as follows:
- * * Microsoft Windows and Windows CE
- * * POSIX/Unix platforms including Linux, OS X
- *
- */
-/*
- * Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-#ifndef MBEDTLS_NET_SOCKETS_H
-#define MBEDTLS_NET_SOCKETS_H
-#include "mbedtls/private_access.h"
-
-#include "mbedtls/build_info.h"
-
-#include "mbedtls/ssl.h"
-
-#include
-#include
-
-/** Failed to open a socket. */
-#define MBEDTLS_ERR_NET_SOCKET_FAILED -0x0042
-/** The connection to the given server / port failed. */
-#define MBEDTLS_ERR_NET_CONNECT_FAILED -0x0044
-/** Binding of the socket failed. */
-#define MBEDTLS_ERR_NET_BIND_FAILED -0x0046
-/** Could not listen on the socket. */
-#define MBEDTLS_ERR_NET_LISTEN_FAILED -0x0048
-/** Could not accept the incoming connection. */
-#define MBEDTLS_ERR_NET_ACCEPT_FAILED -0x004A
-/** Reading information from the socket failed. */
-#define MBEDTLS_ERR_NET_RECV_FAILED -0x004C
-/** Sending information through the socket failed. */
-#define MBEDTLS_ERR_NET_SEND_FAILED -0x004E
-/** Connection was reset by peer. */
-#define MBEDTLS_ERR_NET_CONN_RESET -0x0050
-/** Failed to get an IP address for the given hostname. */
-#define MBEDTLS_ERR_NET_UNKNOWN_HOST -0x0052
-/** Buffer is too small to hold the data. */
-#define MBEDTLS_ERR_NET_BUFFER_TOO_SMALL -0x0043
-/** The context is invalid, eg because it was free()ed. */
-#define MBEDTLS_ERR_NET_INVALID_CONTEXT -0x0045
-/** Polling the net context failed. */
-#define MBEDTLS_ERR_NET_POLL_FAILED -0x0047
-/** Input invalid. */
-#define MBEDTLS_ERR_NET_BAD_INPUT_DATA -0x0049
-
-#define MBEDTLS_NET_LISTEN_BACKLOG 10 /**< The backlog that listen() should use. */
-
-#define MBEDTLS_NET_PROTO_TCP 0 /**< The TCP transport protocol */
-#define MBEDTLS_NET_PROTO_UDP 1 /**< The UDP transport protocol */
-
-#define MBEDTLS_NET_POLL_READ 1 /**< Used in \c mbedtls_net_poll to check for pending data */
-#define MBEDTLS_NET_POLL_WRITE 2 /**< Used in \c mbedtls_net_poll to check if write possible */
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/**
- * Wrapper type for sockets.
- *
- * Currently backed by just a file descriptor, but might be more in the future
- * (eg two file descriptors for combined IPv4 + IPv6 support, or additional
- * structures for hand-made UDP demultiplexing).
- */
-typedef struct mbedtls_net_context
-{
- /** The underlying file descriptor.
- *
- * This field is only guaranteed to be present on POSIX/Unix-like platforms.
- * On other platforms, it may have a different type, have a different
- * meaning, or be absent altogether.
- */
- int fd;
-}
-mbedtls_net_context;
-
-/**
- * \brief Initialize a context
- * Just makes the context ready to be used or freed safely.
- *
- * \param ctx Context to initialize
- */
-void mbedtls_net_init( mbedtls_net_context *ctx );
-
-/**
- * \brief Initiate a connection with host:port in the given protocol
- *
- * \param ctx Socket to use
- * \param host Host to connect to
- * \param port Port to connect to
- * \param proto Protocol: MBEDTLS_NET_PROTO_TCP or MBEDTLS_NET_PROTO_UDP
- *
- * \return 0 if successful, or one of:
- * MBEDTLS_ERR_NET_SOCKET_FAILED,
- * MBEDTLS_ERR_NET_UNKNOWN_HOST,
- * MBEDTLS_ERR_NET_CONNECT_FAILED
- *
- * \note Sets the socket in connected mode even with UDP.
- */
-int mbedtls_net_connect( mbedtls_net_context *ctx, const char *host, const char *port, int proto );
-
-/**
- * \brief Create a receiving socket on bind_ip:port in the chosen
- * protocol. If bind_ip == NULL, all interfaces are bound.
- *
- * \param ctx Socket to use
- * \param bind_ip IP to bind to, can be NULL
- * \param port Port number to use
- * \param proto Protocol: MBEDTLS_NET_PROTO_TCP or MBEDTLS_NET_PROTO_UDP
- *
- * \return 0 if successful, or one of:
- * MBEDTLS_ERR_NET_SOCKET_FAILED,
- * MBEDTLS_ERR_NET_UNKNOWN_HOST,
- * MBEDTLS_ERR_NET_BIND_FAILED,
- * MBEDTLS_ERR_NET_LISTEN_FAILED
- *
- * \note Regardless of the protocol, opens the sockets and binds it.
- * In addition, make the socket listening if protocol is TCP.
- */
-int mbedtls_net_bind( mbedtls_net_context *ctx, const char *bind_ip, const char *port, int proto );
-
-/**
- * \brief Accept a connection from a remote client
- *
- * \param bind_ctx Relevant socket
- * \param client_ctx Will contain the connected client socket
- * \param client_ip Will contain the client IP address, can be NULL
- * \param buf_size Size of the client_ip buffer
- * \param ip_len Will receive the size of the client IP written,
- * can be NULL if client_ip is null
- *
- * \return 0 if successful, or
- * MBEDTLS_ERR_NET_SOCKET_FAILED,
- * MBEDTLS_ERR_NET_BIND_FAILED,
- * MBEDTLS_ERR_NET_ACCEPT_FAILED, or
- * MBEDTLS_ERR_NET_BUFFER_TOO_SMALL if buf_size is too small,
- * MBEDTLS_ERR_SSL_WANT_READ if bind_fd was set to
- * non-blocking and accept() would block.
- */
-int mbedtls_net_accept( mbedtls_net_context *bind_ctx,
- mbedtls_net_context *client_ctx,
- void *client_ip, size_t buf_size, size_t *ip_len );
-
-/**
- * \brief Check and wait for the context to be ready for read/write
- *
- * \note The current implementation of this function uses
- * select() and returns an error if the file descriptor
- * is \c FD_SETSIZE or greater.
- *
- * \param ctx Socket to check
- * \param rw Bitflag composed of MBEDTLS_NET_POLL_READ and
- * MBEDTLS_NET_POLL_WRITE specifying the events
- * to wait for:
- * - If MBEDTLS_NET_POLL_READ is set, the function
- * will return as soon as the net context is available
- * for reading.
- * - If MBEDTLS_NET_POLL_WRITE is set, the function
- * will return as soon as the net context is available
- * for writing.
- * \param timeout Maximal amount of time to wait before returning,
- * in milliseconds. If \c timeout is zero, the
- * function returns immediately. If \c timeout is
- * -1u, the function blocks potentially indefinitely.
- *
- * \return Bitmask composed of MBEDTLS_NET_POLL_READ/WRITE
- * on success or timeout, or a negative return code otherwise.
- */
-int mbedtls_net_poll( mbedtls_net_context *ctx, uint32_t rw, uint32_t timeout );
-
-/**
- * \brief Set the socket blocking
- *
- * \param ctx Socket to set
- *
- * \return 0 if successful, or a non-zero error code
- */
-int mbedtls_net_set_block( mbedtls_net_context *ctx );
-
-/**
- * \brief Set the socket non-blocking
- *
- * \param ctx Socket to set
- *
- * \return 0 if successful, or a non-zero error code
- */
-int mbedtls_net_set_nonblock( mbedtls_net_context *ctx );
-
-/**
- * \brief Portable usleep helper
- *
- * \param usec Amount of microseconds to sleep
- *
- * \note Real amount of time slept will not be less than
- * select()'s timeout granularity (typically, 10ms).
- */
-void mbedtls_net_usleep( unsigned long usec );
-
-/**
- * \brief Read at most 'len' characters. If no error occurs,
- * the actual amount read is returned.
- *
- * \param ctx Socket
- * \param buf The buffer to write to
- * \param len Maximum length of the buffer
- *
- * \return the number of bytes received,
- * or a non-zero error code; with a non-blocking socket,
- * MBEDTLS_ERR_SSL_WANT_READ indicates read() would block.
- */
-int mbedtls_net_recv( void *ctx, unsigned char *buf, size_t len );
-
-/**
- * \brief Write at most 'len' characters. If no error occurs,
- * the actual amount read is returned.
- *
- * \param ctx Socket
- * \param buf The buffer to read from
- * \param len The length of the buffer
- *
- * \return the number of bytes sent,
- * or a non-zero error code; with a non-blocking socket,
- * MBEDTLS_ERR_SSL_WANT_WRITE indicates write() would block.
- */
-int mbedtls_net_send( void *ctx, const unsigned char *buf, size_t len );
-
-/**
- * \brief Read at most 'len' characters, blocking for at most
- * 'timeout' seconds. If no error occurs, the actual amount
- * read is returned.
- *
- * \note The current implementation of this function uses
- * select() and returns an error if the file descriptor
- * is \c FD_SETSIZE or greater.
- *
- * \param ctx Socket
- * \param buf The buffer to write to
- * \param len Maximum length of the buffer
- * \param timeout Maximum number of milliseconds to wait for data
- * 0 means no timeout (wait forever)
- *
- * \return The number of bytes received if successful.
- * MBEDTLS_ERR_SSL_TIMEOUT if the operation timed out.
- * MBEDTLS_ERR_SSL_WANT_READ if interrupted by a signal.
- * Another negative error code (MBEDTLS_ERR_NET_xxx)
- * for other failures.
- *
- * \note This function will block (until data becomes available or
- * timeout is reached) even if the socket is set to
- * non-blocking. Handling timeouts with non-blocking reads
- * requires a different strategy.
- */
-int mbedtls_net_recv_timeout( void *ctx, unsigned char *buf, size_t len,
- uint32_t timeout );
-
-/**
- * \brief Closes down the connection and free associated data
- *
- * \param ctx The context to close
- */
-void mbedtls_net_close( mbedtls_net_context *ctx );
-
-/**
- * \brief Gracefully shutdown the connection and free associated data
- *
- * \param ctx The context to free
- */
-void mbedtls_net_free( mbedtls_net_context *ctx );
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* net_sockets.h */
diff --git a/mbedtls/nist_kw.h b/mbedtls/nist_kw.h
deleted file mode 100644
index bd6c658..0000000
--- a/mbedtls/nist_kw.h
+++ /dev/null
@@ -1,179 +0,0 @@
-/**
- * \file nist_kw.h
- *
- * \brief This file provides an API for key wrapping (KW) and key wrapping with
- * padding (KWP) as defined in NIST SP 800-38F.
- * https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-38F.pdf
- *
- * Key wrapping specifies a deterministic authenticated-encryption mode
- * of operation, according to NIST SP 800-38F: Recommendation for
- * Block Cipher Modes of Operation: Methods for Key Wrapping. Its
- * purpose is to protect cryptographic keys.
- *
- * Its equivalent is RFC 3394 for KW, and RFC 5649 for KWP.
- * https://tools.ietf.org/html/rfc3394
- * https://tools.ietf.org/html/rfc5649
- *
- */
-/*
- * Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-#ifndef MBEDTLS_NIST_KW_H
-#define MBEDTLS_NIST_KW_H
-#include "mbedtls/private_access.h"
-
-#include "mbedtls/build_info.h"
-
-#include "mbedtls/cipher.h"
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-typedef enum
-{
- MBEDTLS_KW_MODE_KW = 0,
- MBEDTLS_KW_MODE_KWP = 1
-} mbedtls_nist_kw_mode_t;
-
-#if !defined(MBEDTLS_NIST_KW_ALT)
-// Regular implementation
-//
-
-/**
- * \brief The key wrapping context-type definition. The key wrapping context is passed
- * to the APIs called.
- *
- * \note The definition of this type may change in future library versions.
- * Don't make any assumptions on this context!
- */
-typedef struct {
- mbedtls_cipher_context_t MBEDTLS_PRIVATE(cipher_ctx); /*!< The cipher context used. */
-} mbedtls_nist_kw_context;
-
-#else /* MBEDTLS_NIST_key wrapping_ALT */
-#include "nist_kw_alt.h"
-#endif /* MBEDTLS_NIST_KW_ALT */
-
-/**
- * \brief This function initializes the specified key wrapping context
- * to make references valid and prepare the context
- * for mbedtls_nist_kw_setkey() or mbedtls_nist_kw_free().
- *
- * \param ctx The key wrapping context to initialize.
- *
- */
-void mbedtls_nist_kw_init( mbedtls_nist_kw_context *ctx );
-
-/**
- * \brief This function initializes the key wrapping context set in the
- * \p ctx parameter and sets the encryption key.
- *
- * \param ctx The key wrapping context.
- * \param cipher The 128-bit block cipher to use. Only AES is supported.
- * \param key The Key Encryption Key (KEK).
- * \param keybits The KEK size in bits. This must be acceptable by the cipher.
- * \param is_wrap Specify whether the operation within the context is wrapping or unwrapping
- *
- * \return \c 0 on success.
- * \return \c MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA for any invalid input.
- * \return \c MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE for 128-bit block ciphers
- * which are not supported.
- * \return cipher-specific error code on failure of the underlying cipher.
- */
-int mbedtls_nist_kw_setkey( mbedtls_nist_kw_context *ctx,
- mbedtls_cipher_id_t cipher,
- const unsigned char *key,
- unsigned int keybits,
- const int is_wrap );
-
-/**
- * \brief This function releases and clears the specified key wrapping context
- * and underlying cipher sub-context.
- *
- * \param ctx The key wrapping context to clear.
- */
-void mbedtls_nist_kw_free( mbedtls_nist_kw_context *ctx );
-
-/**
- * \brief This function encrypts a buffer using key wrapping.
- *
- * \param ctx The key wrapping context to use for encryption.
- * \param mode The key wrapping mode to use (MBEDTLS_KW_MODE_KW or MBEDTLS_KW_MODE_KWP)
- * \param input The buffer holding the input data.
- * \param in_len The length of the input data in Bytes.
- * The input uses units of 8 Bytes called semiblocks.
- * - For KW mode: a multiple of 8 bytes between 16 and 2^57-8 inclusive.
- * - For KWP mode: any length between 1 and 2^32-1 inclusive.
- * \param[out] output The buffer holding the output data.
- * - For KW mode: Must be at least 8 bytes larger than \p in_len.
- * - For KWP mode: Must be at least 8 bytes larger rounded up to a multiple of
- * 8 bytes for KWP (15 bytes at most).
- * \param[out] out_len The number of bytes written to the output buffer. \c 0 on failure.
- * \param[in] out_size The capacity of the output buffer.
- *
- * \return \c 0 on success.
- * \return \c MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA for invalid input length.
- * \return cipher-specific error code on failure of the underlying cipher.
- */
-int mbedtls_nist_kw_wrap( mbedtls_nist_kw_context *ctx, mbedtls_nist_kw_mode_t mode,
- const unsigned char *input, size_t in_len,
- unsigned char *output, size_t* out_len, size_t out_size );
-
-/**
- * \brief This function decrypts a buffer using key wrapping.
- *
- * \param ctx The key wrapping context to use for decryption.
- * \param mode The key wrapping mode to use (MBEDTLS_KW_MODE_KW or MBEDTLS_KW_MODE_KWP)
- * \param input The buffer holding the input data.
- * \param in_len The length of the input data in Bytes.
- * The input uses units of 8 Bytes called semiblocks.
- * The input must be a multiple of semiblocks.
- * - For KW mode: a multiple of 8 bytes between 24 and 2^57 inclusive.
- * - For KWP mode: a multiple of 8 bytes between 16 and 2^32 inclusive.
- * \param[out] output The buffer holding the output data.
- * The output buffer's minimal length is 8 bytes shorter than \p in_len.
- * \param[out] out_len The number of bytes written to the output buffer. \c 0 on failure.
- * For KWP mode, the length could be up to 15 bytes shorter than \p in_len,
- * depending on how much padding was added to the data.
- * \param[in] out_size The capacity of the output buffer.
- *
- * \return \c 0 on success.
- * \return \c MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA for invalid input length.
- * \return \c MBEDTLS_ERR_CIPHER_AUTH_FAILED for verification failure of the ciphertext.
- * \return cipher-specific error code on failure of the underlying cipher.
- */
-int mbedtls_nist_kw_unwrap( mbedtls_nist_kw_context *ctx, mbedtls_nist_kw_mode_t mode,
- const unsigned char *input, size_t in_len,
- unsigned char *output, size_t* out_len, size_t out_size);
-
-
-#if defined(MBEDTLS_SELF_TEST) && defined(MBEDTLS_AES_C)
-/**
- * \brief The key wrapping checkup routine.
- *
- * \return \c 0 on success.
- * \return \c 1 on failure.
- */
-int mbedtls_nist_kw_self_test( int verbose );
-#endif /* MBEDTLS_SELF_TEST && MBEDTLS_AES_C */
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* MBEDTLS_NIST_KW_H */
diff --git a/mbedtls/oid.h b/mbedtls/oid.h
deleted file mode 100644
index 836e455..0000000
--- a/mbedtls/oid.h
+++ /dev/null
@@ -1,643 +0,0 @@
-/**
- * \file oid.h
- *
- * \brief Object Identifier (OID) database
- */
-/*
- * Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-#ifndef MBEDTLS_OID_H
-#define MBEDTLS_OID_H
-#include "mbedtls/private_access.h"
-
-#include "mbedtls/build_info.h"
-
-#include "mbedtls/asn1.h"
-#include "mbedtls/pk.h"
-
-#include
-
-#if defined(MBEDTLS_CIPHER_C)
-#include "mbedtls/cipher.h"
-#endif
-
-#if defined(MBEDTLS_MD_C)
-#include "mbedtls/md.h"
-#endif
-
-/** OID is not found. */
-#define MBEDTLS_ERR_OID_NOT_FOUND -0x002E
-/** output buffer is too small */
-#define MBEDTLS_ERR_OID_BUF_TOO_SMALL -0x000B
-
-/* This is for the benefit of X.509, but defined here in order to avoid
- * having a "backwards" include of x.509.h here */
-/*
- * X.509 extension types (internal, arbitrary values for bitsets)
- */
-#define MBEDTLS_OID_X509_EXT_AUTHORITY_KEY_IDENTIFIER (1 << 0)
-#define MBEDTLS_OID_X509_EXT_SUBJECT_KEY_IDENTIFIER (1 << 1)
-#define MBEDTLS_OID_X509_EXT_KEY_USAGE (1 << 2)
-#define MBEDTLS_OID_X509_EXT_CERTIFICATE_POLICIES (1 << 3)
-#define MBEDTLS_OID_X509_EXT_POLICY_MAPPINGS (1 << 4)
-#define MBEDTLS_OID_X509_EXT_SUBJECT_ALT_NAME (1 << 5)
-#define MBEDTLS_OID_X509_EXT_ISSUER_ALT_NAME (1 << 6)
-#define MBEDTLS_OID_X509_EXT_SUBJECT_DIRECTORY_ATTRS (1 << 7)
-#define MBEDTLS_OID_X509_EXT_BASIC_CONSTRAINTS (1 << 8)
-#define MBEDTLS_OID_X509_EXT_NAME_CONSTRAINTS (1 << 9)
-#define MBEDTLS_OID_X509_EXT_POLICY_CONSTRAINTS (1 << 10)
-#define MBEDTLS_OID_X509_EXT_EXTENDED_KEY_USAGE (1 << 11)
-#define MBEDTLS_OID_X509_EXT_CRL_DISTRIBUTION_POINTS (1 << 12)
-#define MBEDTLS_OID_X509_EXT_INIHIBIT_ANYPOLICY (1 << 13)
-#define MBEDTLS_OID_X509_EXT_FRESHEST_CRL (1 << 14)
-#define MBEDTLS_OID_X509_EXT_NS_CERT_TYPE (1 << 16)
-
-/*
- * Top level OID tuples
- */
-#define MBEDTLS_OID_ISO_MEMBER_BODIES "\x2a" /* {iso(1) member-body(2)} */
-#define MBEDTLS_OID_ISO_IDENTIFIED_ORG "\x2b" /* {iso(1) identified-organization(3)} */
-#define MBEDTLS_OID_ISO_CCITT_DS "\x55" /* {joint-iso-ccitt(2) ds(5)} */
-#define MBEDTLS_OID_ISO_ITU_COUNTRY "\x60" /* {joint-iso-itu-t(2) country(16)} */
-
-/*
- * ISO Member bodies OID parts
- */
-#define MBEDTLS_OID_COUNTRY_US "\x86\x48" /* {us(840)} */
-#define MBEDTLS_OID_ORG_RSA_DATA_SECURITY "\x86\xf7\x0d" /* {rsadsi(113549)} */
-#define MBEDTLS_OID_RSA_COMPANY MBEDTLS_OID_ISO_MEMBER_BODIES MBEDTLS_OID_COUNTRY_US \
- MBEDTLS_OID_ORG_RSA_DATA_SECURITY /* {iso(1) member-body(2) us(840) rsadsi(113549)} */
-#define MBEDTLS_OID_ORG_ANSI_X9_62 "\xce\x3d" /* ansi-X9-62(10045) */
-#define MBEDTLS_OID_ANSI_X9_62 MBEDTLS_OID_ISO_MEMBER_BODIES MBEDTLS_OID_COUNTRY_US \
- MBEDTLS_OID_ORG_ANSI_X9_62
-
-/*
- * ISO Identified organization OID parts
- */
-#define MBEDTLS_OID_ORG_DOD "\x06" /* {dod(6)} */
-#define MBEDTLS_OID_ORG_OIW "\x0e"
-#define MBEDTLS_OID_OIW_SECSIG MBEDTLS_OID_ORG_OIW "\x03"
-#define MBEDTLS_OID_OIW_SECSIG_ALG MBEDTLS_OID_OIW_SECSIG "\x02"
-#define MBEDTLS_OID_OIW_SECSIG_SHA1 MBEDTLS_OID_OIW_SECSIG_ALG "\x1a"
-#define MBEDTLS_OID_ORG_CERTICOM "\x81\x04" /* certicom(132) */
-#define MBEDTLS_OID_CERTICOM MBEDTLS_OID_ISO_IDENTIFIED_ORG MBEDTLS_OID_ORG_CERTICOM
-#define MBEDTLS_OID_ORG_TELETRUST "\x24" /* teletrust(36) */
-#define MBEDTLS_OID_TELETRUST MBEDTLS_OID_ISO_IDENTIFIED_ORG MBEDTLS_OID_ORG_TELETRUST
-
-/*
- * ISO ITU OID parts
- */
-#define MBEDTLS_OID_ORGANIZATION "\x01" /* {organization(1)} */
-#define MBEDTLS_OID_ISO_ITU_US_ORG MBEDTLS_OID_ISO_ITU_COUNTRY MBEDTLS_OID_COUNTRY_US MBEDTLS_OID_ORGANIZATION /* {joint-iso-itu-t(2) country(16) us(840) organization(1)} */
-
-#define MBEDTLS_OID_ORG_GOV "\x65" /* {gov(101)} */
-#define MBEDTLS_OID_GOV MBEDTLS_OID_ISO_ITU_US_ORG MBEDTLS_OID_ORG_GOV /* {joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101)} */
-
-#define MBEDTLS_OID_ORG_NETSCAPE "\x86\xF8\x42" /* {netscape(113730)} */
-#define MBEDTLS_OID_NETSCAPE MBEDTLS_OID_ISO_ITU_US_ORG MBEDTLS_OID_ORG_NETSCAPE /* Netscape OID {joint-iso-itu-t(2) country(16) us(840) organization(1) netscape(113730)} */
-
-/* ISO arc for standard certificate and CRL extensions */
-#define MBEDTLS_OID_ID_CE MBEDTLS_OID_ISO_CCITT_DS "\x1D" /**< id-ce OBJECT IDENTIFIER ::= {joint-iso-ccitt(2) ds(5) 29} */
-
-#define MBEDTLS_OID_NIST_ALG MBEDTLS_OID_GOV "\x03\x04" /** { joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) nistAlgorithm(4) */
-
-/**
- * Private Internet Extensions
- * { iso(1) identified-organization(3) dod(6) internet(1)
- * security(5) mechanisms(5) pkix(7) }
- */
-#define MBEDTLS_OID_INTERNET MBEDTLS_OID_ISO_IDENTIFIED_ORG MBEDTLS_OID_ORG_DOD "\x01"
-#define MBEDTLS_OID_PKIX MBEDTLS_OID_INTERNET "\x05\x05\x07"
-
-/*
- * Arc for standard naming attributes
- */
-#define MBEDTLS_OID_AT MBEDTLS_OID_ISO_CCITT_DS "\x04" /**< id-at OBJECT IDENTIFIER ::= {joint-iso-ccitt(2) ds(5) 4} */
-#define MBEDTLS_OID_AT_CN MBEDTLS_OID_AT "\x03" /**< id-at-commonName AttributeType:= {id-at 3} */
-#define MBEDTLS_OID_AT_SUR_NAME MBEDTLS_OID_AT "\x04" /**< id-at-surName AttributeType:= {id-at 4} */
-#define MBEDTLS_OID_AT_SERIAL_NUMBER MBEDTLS_OID_AT "\x05" /**< id-at-serialNumber AttributeType:= {id-at 5} */
-#define MBEDTLS_OID_AT_COUNTRY MBEDTLS_OID_AT "\x06" /**< id-at-countryName AttributeType:= {id-at 6} */
-#define MBEDTLS_OID_AT_LOCALITY MBEDTLS_OID_AT "\x07" /**< id-at-locality AttributeType:= {id-at 7} */
-#define MBEDTLS_OID_AT_STATE MBEDTLS_OID_AT "\x08" /**< id-at-state AttributeType:= {id-at 8} */
-#define MBEDTLS_OID_AT_ORGANIZATION MBEDTLS_OID_AT "\x0A" /**< id-at-organizationName AttributeType:= {id-at 10} */
-#define MBEDTLS_OID_AT_ORG_UNIT MBEDTLS_OID_AT "\x0B" /**< id-at-organizationalUnitName AttributeType:= {id-at 11} */
-#define MBEDTLS_OID_AT_TITLE MBEDTLS_OID_AT "\x0C" /**< id-at-title AttributeType:= {id-at 12} */
-#define MBEDTLS_OID_AT_POSTAL_ADDRESS MBEDTLS_OID_AT "\x10" /**< id-at-postalAddress AttributeType:= {id-at 16} */
-#define MBEDTLS_OID_AT_POSTAL_CODE MBEDTLS_OID_AT "\x11" /**< id-at-postalCode AttributeType:= {id-at 17} */
-#define MBEDTLS_OID_AT_GIVEN_NAME MBEDTLS_OID_AT "\x2A" /**< id-at-givenName AttributeType:= {id-at 42} */
-#define MBEDTLS_OID_AT_INITIALS MBEDTLS_OID_AT "\x2B" /**< id-at-initials AttributeType:= {id-at 43} */
-#define MBEDTLS_OID_AT_GENERATION_QUALIFIER MBEDTLS_OID_AT "\x2C" /**< id-at-generationQualifier AttributeType:= {id-at 44} */
-#define MBEDTLS_OID_AT_UNIQUE_IDENTIFIER MBEDTLS_OID_AT "\x2D" /**< id-at-uniqueIdentifier AttributType:= {id-at 45} */
-#define MBEDTLS_OID_AT_DN_QUALIFIER MBEDTLS_OID_AT "\x2E" /**< id-at-dnQualifier AttributeType:= {id-at 46} */
-#define MBEDTLS_OID_AT_PSEUDONYM MBEDTLS_OID_AT "\x41" /**< id-at-pseudonym AttributeType:= {id-at 65} */
-
-#define MBEDTLS_OID_UID "\x09\x92\x26\x89\x93\xF2\x2C\x64\x01\x01" /** id-domainComponent AttributeType:= {itu-t(0) data(9) pss(2342) ucl(19200300) pilot(100) pilotAttributeType(1) uid(1)} */
-#define MBEDTLS_OID_DOMAIN_COMPONENT "\x09\x92\x26\x89\x93\xF2\x2C\x64\x01\x19" /** id-domainComponent AttributeType:= {itu-t(0) data(9) pss(2342) ucl(19200300) pilot(100) pilotAttributeType(1) domainComponent(25)} */
-
-/*
- * OIDs for standard certificate extensions
- */
-#define MBEDTLS_OID_AUTHORITY_KEY_IDENTIFIER MBEDTLS_OID_ID_CE "\x23" /**< id-ce-authorityKeyIdentifier OBJECT IDENTIFIER ::= { id-ce 35 } */
-#define MBEDTLS_OID_SUBJECT_KEY_IDENTIFIER MBEDTLS_OID_ID_CE "\x0E" /**< id-ce-subjectKeyIdentifier OBJECT IDENTIFIER ::= { id-ce 14 } */
-#define MBEDTLS_OID_KEY_USAGE MBEDTLS_OID_ID_CE "\x0F" /**< id-ce-keyUsage OBJECT IDENTIFIER ::= { id-ce 15 } */
-#define MBEDTLS_OID_CERTIFICATE_POLICIES MBEDTLS_OID_ID_CE "\x20" /**< id-ce-certificatePolicies OBJECT IDENTIFIER ::= { id-ce 32 } */
-#define MBEDTLS_OID_POLICY_MAPPINGS MBEDTLS_OID_ID_CE "\x21" /**< id-ce-policyMappings OBJECT IDENTIFIER ::= { id-ce 33 } */
-#define MBEDTLS_OID_SUBJECT_ALT_NAME MBEDTLS_OID_ID_CE "\x11" /**< id-ce-subjectAltName OBJECT IDENTIFIER ::= { id-ce 17 } */
-#define MBEDTLS_OID_ISSUER_ALT_NAME MBEDTLS_OID_ID_CE "\x12" /**< id-ce-issuerAltName OBJECT IDENTIFIER ::= { id-ce 18 } */
-#define MBEDTLS_OID_SUBJECT_DIRECTORY_ATTRS MBEDTLS_OID_ID_CE "\x09" /**< id-ce-subjectDirectoryAttributes OBJECT IDENTIFIER ::= { id-ce 9 } */
-#define MBEDTLS_OID_BASIC_CONSTRAINTS MBEDTLS_OID_ID_CE "\x13" /**< id-ce-basicConstraints OBJECT IDENTIFIER ::= { id-ce 19 } */
-#define MBEDTLS_OID_NAME_CONSTRAINTS MBEDTLS_OID_ID_CE "\x1E" /**< id-ce-nameConstraints OBJECT IDENTIFIER ::= { id-ce 30 } */
-#define MBEDTLS_OID_POLICY_CONSTRAINTS MBEDTLS_OID_ID_CE "\x24" /**< id-ce-policyConstraints OBJECT IDENTIFIER ::= { id-ce 36 } */
-#define MBEDTLS_OID_EXTENDED_KEY_USAGE MBEDTLS_OID_ID_CE "\x25" /**< id-ce-extKeyUsage OBJECT IDENTIFIER ::= { id-ce 37 } */
-#define MBEDTLS_OID_CRL_DISTRIBUTION_POINTS MBEDTLS_OID_ID_CE "\x1F" /**< id-ce-cRLDistributionPoints OBJECT IDENTIFIER ::= { id-ce 31 } */
-#define MBEDTLS_OID_INIHIBIT_ANYPOLICY MBEDTLS_OID_ID_CE "\x36" /**< id-ce-inhibitAnyPolicy OBJECT IDENTIFIER ::= { id-ce 54 } */
-#define MBEDTLS_OID_FRESHEST_CRL MBEDTLS_OID_ID_CE "\x2E" /**< id-ce-freshestCRL OBJECT IDENTIFIER ::= { id-ce 46 } */
-
-/*
- * Certificate policies
- */
-#define MBEDTLS_OID_ANY_POLICY MBEDTLS_OID_CERTIFICATE_POLICIES "\x00" /**< anyPolicy OBJECT IDENTIFIER ::= { id-ce-certificatePolicies 0 } */
-
-/*
- * Netscape certificate extensions
- */
-#define MBEDTLS_OID_NS_CERT MBEDTLS_OID_NETSCAPE "\x01"
-#define MBEDTLS_OID_NS_CERT_TYPE MBEDTLS_OID_NS_CERT "\x01"
-#define MBEDTLS_OID_NS_BASE_URL MBEDTLS_OID_NS_CERT "\x02"
-#define MBEDTLS_OID_NS_REVOCATION_URL MBEDTLS_OID_NS_CERT "\x03"
-#define MBEDTLS_OID_NS_CA_REVOCATION_URL MBEDTLS_OID_NS_CERT "\x04"
-#define MBEDTLS_OID_NS_RENEWAL_URL MBEDTLS_OID_NS_CERT "\x07"
-#define MBEDTLS_OID_NS_CA_POLICY_URL MBEDTLS_OID_NS_CERT "\x08"
-#define MBEDTLS_OID_NS_SSL_SERVER_NAME MBEDTLS_OID_NS_CERT "\x0C"
-#define MBEDTLS_OID_NS_COMMENT MBEDTLS_OID_NS_CERT "\x0D"
-#define MBEDTLS_OID_NS_DATA_TYPE MBEDTLS_OID_NETSCAPE "\x02"
-#define MBEDTLS_OID_NS_CERT_SEQUENCE MBEDTLS_OID_NS_DATA_TYPE "\x05"
-
-/*
- * OIDs for CRL extensions
- */
-#define MBEDTLS_OID_PRIVATE_KEY_USAGE_PERIOD MBEDTLS_OID_ID_CE "\x10"
-#define MBEDTLS_OID_CRL_NUMBER MBEDTLS_OID_ID_CE "\x14" /**< id-ce-cRLNumber OBJECT IDENTIFIER ::= { id-ce 20 } */
-
-/*
- * X.509 v3 Extended key usage OIDs
- */
-#define MBEDTLS_OID_ANY_EXTENDED_KEY_USAGE MBEDTLS_OID_EXTENDED_KEY_USAGE "\x00" /**< anyExtendedKeyUsage OBJECT IDENTIFIER ::= { id-ce-extKeyUsage 0 } */
-
-#define MBEDTLS_OID_KP MBEDTLS_OID_PKIX "\x03" /**< id-kp OBJECT IDENTIFIER ::= { id-pkix 3 } */
-#define MBEDTLS_OID_SERVER_AUTH MBEDTLS_OID_KP "\x01" /**< id-kp-serverAuth OBJECT IDENTIFIER ::= { id-kp 1 } */
-#define MBEDTLS_OID_CLIENT_AUTH MBEDTLS_OID_KP "\x02" /**< id-kp-clientAuth OBJECT IDENTIFIER ::= { id-kp 2 } */
-#define MBEDTLS_OID_CODE_SIGNING MBEDTLS_OID_KP "\x03" /**< id-kp-codeSigning OBJECT IDENTIFIER ::= { id-kp 3 } */
-#define MBEDTLS_OID_EMAIL_PROTECTION MBEDTLS_OID_KP "\x04" /**< id-kp-emailProtection OBJECT IDENTIFIER ::= { id-kp 4 } */
-#define MBEDTLS_OID_TIME_STAMPING MBEDTLS_OID_KP "\x08" /**< id-kp-timeStamping OBJECT IDENTIFIER ::= { id-kp 8 } */
-#define MBEDTLS_OID_OCSP_SIGNING MBEDTLS_OID_KP "\x09" /**< id-kp-OCSPSigning OBJECT IDENTIFIER ::= { id-kp 9 } */
-
-/**
- * Wi-SUN Alliance Field Area Network
- * { iso(1) identified-organization(3) dod(6) internet(1)
- * private(4) enterprise(1) WiSUN(45605) FieldAreaNetwork(1) }
- */
-#define MBEDTLS_OID_WISUN_FAN MBEDTLS_OID_INTERNET "\x04\x01\x82\xe4\x25\x01"
-
-#define MBEDTLS_OID_ON MBEDTLS_OID_PKIX "\x08" /**< id-on OBJECT IDENTIFIER ::= { id-pkix 8 } */
-#define MBEDTLS_OID_ON_HW_MODULE_NAME MBEDTLS_OID_ON "\x04" /**< id-on-hardwareModuleName OBJECT IDENTIFIER ::= { id-on 4 } */
-
-/*
- * PKCS definition OIDs
- */
-
-#define MBEDTLS_OID_PKCS MBEDTLS_OID_RSA_COMPANY "\x01" /**< pkcs OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) 1 } */
-#define MBEDTLS_OID_PKCS1 MBEDTLS_OID_PKCS "\x01" /**< pkcs-1 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) 1 } */
-#define MBEDTLS_OID_PKCS5 MBEDTLS_OID_PKCS "\x05" /**< pkcs-5 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) 5 } */
-#define MBEDTLS_OID_PKCS9 MBEDTLS_OID_PKCS "\x09" /**< pkcs-9 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) 9 } */
-#define MBEDTLS_OID_PKCS12 MBEDTLS_OID_PKCS "\x0c" /**< pkcs-12 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) 12 } */
-
-/*
- * PKCS#1 OIDs
- */
-#define MBEDTLS_OID_PKCS1_RSA MBEDTLS_OID_PKCS1 "\x01" /**< rsaEncryption OBJECT IDENTIFIER ::= { pkcs-1 1 } */
-#define MBEDTLS_OID_PKCS1_MD5 MBEDTLS_OID_PKCS1 "\x04" /**< md5WithRSAEncryption ::= { pkcs-1 4 } */
-#define MBEDTLS_OID_PKCS1_SHA1 MBEDTLS_OID_PKCS1 "\x05" /**< sha1WithRSAEncryption ::= { pkcs-1 5 } */
-#define MBEDTLS_OID_PKCS1_SHA224 MBEDTLS_OID_PKCS1 "\x0e" /**< sha224WithRSAEncryption ::= { pkcs-1 14 } */
-#define MBEDTLS_OID_PKCS1_SHA256 MBEDTLS_OID_PKCS1 "\x0b" /**< sha256WithRSAEncryption ::= { pkcs-1 11 } */
-#define MBEDTLS_OID_PKCS1_SHA384 MBEDTLS_OID_PKCS1 "\x0c" /**< sha384WithRSAEncryption ::= { pkcs-1 12 } */
-#define MBEDTLS_OID_PKCS1_SHA512 MBEDTLS_OID_PKCS1 "\x0d" /**< sha512WithRSAEncryption ::= { pkcs-1 13 } */
-
-#define MBEDTLS_OID_RSA_SHA_OBS "\x2B\x0E\x03\x02\x1D"
-
-#define MBEDTLS_OID_PKCS9_EMAIL MBEDTLS_OID_PKCS9 "\x01" /**< emailAddress AttributeType ::= { pkcs-9 1 } */
-
-/* RFC 4055 */
-#define MBEDTLS_OID_RSASSA_PSS MBEDTLS_OID_PKCS1 "\x0a" /**< id-RSASSA-PSS ::= { pkcs-1 10 } */
-#define MBEDTLS_OID_MGF1 MBEDTLS_OID_PKCS1 "\x08" /**< id-mgf1 ::= { pkcs-1 8 } */
-
-/*
- * Digest algorithms
- */
-#define MBEDTLS_OID_DIGEST_ALG_MD5 MBEDTLS_OID_RSA_COMPANY "\x02\x05" /**< id-mbedtls_md5 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) digestAlgorithm(2) 5 } */
-#define MBEDTLS_OID_DIGEST_ALG_SHA1 MBEDTLS_OID_ISO_IDENTIFIED_ORG MBEDTLS_OID_OIW_SECSIG_SHA1 /**< id-mbedtls_sha1 OBJECT IDENTIFIER ::= { iso(1) identified-organization(3) oiw(14) secsig(3) algorithms(2) 26 } */
-#define MBEDTLS_OID_DIGEST_ALG_SHA224 MBEDTLS_OID_NIST_ALG "\x02\x04" /**< id-sha224 OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) nistalgorithm(4) hashalgs(2) 4 } */
-#define MBEDTLS_OID_DIGEST_ALG_SHA256 MBEDTLS_OID_NIST_ALG "\x02\x01" /**< id-mbedtls_sha256 OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) nistalgorithm(4) hashalgs(2) 1 } */
-
-#define MBEDTLS_OID_DIGEST_ALG_SHA384 MBEDTLS_OID_NIST_ALG "\x02\x02" /**< id-sha384 OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) nistalgorithm(4) hashalgs(2) 2 } */
-
-#define MBEDTLS_OID_DIGEST_ALG_SHA512 MBEDTLS_OID_NIST_ALG "\x02\x03" /**< id-mbedtls_sha512 OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) nistalgorithm(4) hashalgs(2) 3 } */
-
-#define MBEDTLS_OID_DIGEST_ALG_RIPEMD160 MBEDTLS_OID_TELETRUST "\x03\x02\x01" /**< id-ripemd160 OBJECT IDENTIFIER :: { iso(1) identified-organization(3) teletrust(36) algorithm(3) hashAlgorithm(2) ripemd160(1) } */
-
-#define MBEDTLS_OID_HMAC_SHA1 MBEDTLS_OID_RSA_COMPANY "\x02\x07" /**< id-hmacWithSHA1 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) digestAlgorithm(2) 7 } */
-
-#define MBEDTLS_OID_HMAC_SHA224 MBEDTLS_OID_RSA_COMPANY "\x02\x08" /**< id-hmacWithSHA224 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) digestAlgorithm(2) 8 } */
-
-#define MBEDTLS_OID_HMAC_SHA256 MBEDTLS_OID_RSA_COMPANY "\x02\x09" /**< id-hmacWithSHA256 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) digestAlgorithm(2) 9 } */
-
-#define MBEDTLS_OID_HMAC_SHA384 MBEDTLS_OID_RSA_COMPANY "\x02\x0A" /**< id-hmacWithSHA384 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) digestAlgorithm(2) 10 } */
-
-#define MBEDTLS_OID_HMAC_SHA512 MBEDTLS_OID_RSA_COMPANY "\x02\x0B" /**< id-hmacWithSHA512 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) digestAlgorithm(2) 11 } */
-
-/*
- * Encryption algorithms
- */
-#define MBEDTLS_OID_DES_CBC MBEDTLS_OID_ISO_IDENTIFIED_ORG MBEDTLS_OID_OIW_SECSIG_ALG "\x07" /**< desCBC OBJECT IDENTIFIER ::= { iso(1) identified-organization(3) oiw(14) secsig(3) algorithms(2) 7 } */
-#define MBEDTLS_OID_DES_EDE3_CBC MBEDTLS_OID_RSA_COMPANY "\x03\x07" /**< des-ede3-cbc OBJECT IDENTIFIER ::= { iso(1) member-body(2) -- us(840) rsadsi(113549) encryptionAlgorithm(3) 7 } */
-#define MBEDTLS_OID_AES MBEDTLS_OID_NIST_ALG "\x01" /** aes OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) nistAlgorithm(4) 1 } */
-
-/*
- * Key Wrapping algorithms
- */
-/*
- * RFC 5649
- */
-#define MBEDTLS_OID_AES128_KW MBEDTLS_OID_AES "\x05" /** id-aes128-wrap OBJECT IDENTIFIER ::= { aes 5 } */
-#define MBEDTLS_OID_AES128_KWP MBEDTLS_OID_AES "\x08" /** id-aes128-wrap-pad OBJECT IDENTIFIER ::= { aes 8 } */
-#define MBEDTLS_OID_AES192_KW MBEDTLS_OID_AES "\x19" /** id-aes192-wrap OBJECT IDENTIFIER ::= { aes 25 } */
-#define MBEDTLS_OID_AES192_KWP MBEDTLS_OID_AES "\x1c" /** id-aes192-wrap-pad OBJECT IDENTIFIER ::= { aes 28 } */
-#define MBEDTLS_OID_AES256_KW MBEDTLS_OID_AES "\x2d" /** id-aes256-wrap OBJECT IDENTIFIER ::= { aes 45 } */
-#define MBEDTLS_OID_AES256_KWP MBEDTLS_OID_AES "\x30" /** id-aes256-wrap-pad OBJECT IDENTIFIER ::= { aes 48 } */
-/*
- * PKCS#5 OIDs
- */
-#define MBEDTLS_OID_PKCS5_PBKDF2 MBEDTLS_OID_PKCS5 "\x0c" /**< id-PBKDF2 OBJECT IDENTIFIER ::= {pkcs-5 12} */
-#define MBEDTLS_OID_PKCS5_PBES2 MBEDTLS_OID_PKCS5 "\x0d" /**< id-PBES2 OBJECT IDENTIFIER ::= {pkcs-5 13} */
-#define MBEDTLS_OID_PKCS5_PBMAC1 MBEDTLS_OID_PKCS5 "\x0e" /**< id-PBMAC1 OBJECT IDENTIFIER ::= {pkcs-5 14} */
-
-/*
- * PKCS#5 PBES1 algorithms
- */
-#define MBEDTLS_OID_PKCS5_PBE_MD5_DES_CBC MBEDTLS_OID_PKCS5 "\x03" /**< pbeWithMD5AndDES-CBC OBJECT IDENTIFIER ::= {pkcs-5 3} */
-#define MBEDTLS_OID_PKCS5_PBE_MD5_RC2_CBC MBEDTLS_OID_PKCS5 "\x06" /**< pbeWithMD5AndRC2-CBC OBJECT IDENTIFIER ::= {pkcs-5 6} */
-#define MBEDTLS_OID_PKCS5_PBE_SHA1_DES_CBC MBEDTLS_OID_PKCS5 "\x0a" /**< pbeWithSHA1AndDES-CBC OBJECT IDENTIFIER ::= {pkcs-5 10} */
-#define MBEDTLS_OID_PKCS5_PBE_SHA1_RC2_CBC MBEDTLS_OID_PKCS5 "\x0b" /**< pbeWithSHA1AndRC2-CBC OBJECT IDENTIFIER ::= {pkcs-5 11} */
-
-/*
- * PKCS#8 OIDs
- */
-#define MBEDTLS_OID_PKCS9_CSR_EXT_REQ MBEDTLS_OID_PKCS9 "\x0e" /**< extensionRequest OBJECT IDENTIFIER ::= {pkcs-9 14} */
-
-/*
- * PKCS#12 PBE OIDs
- */
-#define MBEDTLS_OID_PKCS12_PBE MBEDTLS_OID_PKCS12 "\x01" /**< pkcs-12PbeIds OBJECT IDENTIFIER ::= {pkcs-12 1} */
-
-#define MBEDTLS_OID_PKCS12_PBE_SHA1_DES3_EDE_CBC MBEDTLS_OID_PKCS12_PBE "\x03" /**< pbeWithSHAAnd3-KeyTripleDES-CBC OBJECT IDENTIFIER ::= {pkcs-12PbeIds 3} */
-#define MBEDTLS_OID_PKCS12_PBE_SHA1_DES2_EDE_CBC MBEDTLS_OID_PKCS12_PBE "\x04" /**< pbeWithSHAAnd2-KeyTripleDES-CBC OBJECT IDENTIFIER ::= {pkcs-12PbeIds 4} */
-#define MBEDTLS_OID_PKCS12_PBE_SHA1_RC2_128_CBC MBEDTLS_OID_PKCS12_PBE "\x05" /**< pbeWithSHAAnd128BitRC2-CBC OBJECT IDENTIFIER ::= {pkcs-12PbeIds 5} */
-#define MBEDTLS_OID_PKCS12_PBE_SHA1_RC2_40_CBC MBEDTLS_OID_PKCS12_PBE "\x06" /**< pbeWithSHAAnd40BitRC2-CBC OBJECT IDENTIFIER ::= {pkcs-12PbeIds 6} */
-
-/*
- * EC key algorithms from RFC 5480
- */
-
-/* id-ecPublicKey OBJECT IDENTIFIER ::= {
- * iso(1) member-body(2) us(840) ansi-X9-62(10045) keyType(2) 1 } */
-#define MBEDTLS_OID_EC_ALG_UNRESTRICTED MBEDTLS_OID_ANSI_X9_62 "\x02\01"
-
-/* id-ecDH OBJECT IDENTIFIER ::= {
- * iso(1) identified-organization(3) certicom(132)
- * schemes(1) ecdh(12) } */
-#define MBEDTLS_OID_EC_ALG_ECDH MBEDTLS_OID_CERTICOM "\x01\x0c"
-
-/*
- * ECParameters namedCurve identifiers, from RFC 5480, RFC 5639, and SEC2
- */
-
-/* secp192r1 OBJECT IDENTIFIER ::= {
- * iso(1) member-body(2) us(840) ansi-X9-62(10045) curves(3) prime(1) 1 } */
-#define MBEDTLS_OID_EC_GRP_SECP192R1 MBEDTLS_OID_ANSI_X9_62 "\x03\x01\x01"
-
-/* secp224r1 OBJECT IDENTIFIER ::= {
- * iso(1) identified-organization(3) certicom(132) curve(0) 33 } */
-#define MBEDTLS_OID_EC_GRP_SECP224R1 MBEDTLS_OID_CERTICOM "\x00\x21"
-
-/* secp256r1 OBJECT IDENTIFIER ::= {
- * iso(1) member-body(2) us(840) ansi-X9-62(10045) curves(3) prime(1) 7 } */
-#define MBEDTLS_OID_EC_GRP_SECP256R1 MBEDTLS_OID_ANSI_X9_62 "\x03\x01\x07"
-
-/* secp384r1 OBJECT IDENTIFIER ::= {
- * iso(1) identified-organization(3) certicom(132) curve(0) 34 } */
-#define MBEDTLS_OID_EC_GRP_SECP384R1 MBEDTLS_OID_CERTICOM "\x00\x22"
-
-/* secp521r1 OBJECT IDENTIFIER ::= {
- * iso(1) identified-organization(3) certicom(132) curve(0) 35 } */
-#define MBEDTLS_OID_EC_GRP_SECP521R1 MBEDTLS_OID_CERTICOM "\x00\x23"
-
-/* secp192k1 OBJECT IDENTIFIER ::= {
- * iso(1) identified-organization(3) certicom(132) curve(0) 31 } */
-#define MBEDTLS_OID_EC_GRP_SECP192K1 MBEDTLS_OID_CERTICOM "\x00\x1f"
-
-/* secp224k1 OBJECT IDENTIFIER ::= {
- * iso(1) identified-organization(3) certicom(132) curve(0) 32 } */
-#define MBEDTLS_OID_EC_GRP_SECP224K1 MBEDTLS_OID_CERTICOM "\x00\x20"
-
-/* secp256k1 OBJECT IDENTIFIER ::= {
- * iso(1) identified-organization(3) certicom(132) curve(0) 10 } */
-#define MBEDTLS_OID_EC_GRP_SECP256K1 MBEDTLS_OID_CERTICOM "\x00\x0a"
-
-/* RFC 5639 4.1
- * ecStdCurvesAndGeneration OBJECT IDENTIFIER::= {iso(1)
- * identified-organization(3) teletrust(36) algorithm(3) signature-
- * algorithm(3) ecSign(2) 8}
- * ellipticCurve OBJECT IDENTIFIER ::= {ecStdCurvesAndGeneration 1}
- * versionOne OBJECT IDENTIFIER ::= {ellipticCurve 1} */
-#define MBEDTLS_OID_EC_BRAINPOOL_V1 MBEDTLS_OID_TELETRUST "\x03\x03\x02\x08\x01\x01"
-
-/* brainpoolP256r1 OBJECT IDENTIFIER ::= {versionOne 7} */
-#define MBEDTLS_OID_EC_GRP_BP256R1 MBEDTLS_OID_EC_BRAINPOOL_V1 "\x07"
-
-/* brainpoolP384r1 OBJECT IDENTIFIER ::= {versionOne 11} */
-#define MBEDTLS_OID_EC_GRP_BP384R1 MBEDTLS_OID_EC_BRAINPOOL_V1 "\x0B"
-
-/* brainpoolP512r1 OBJECT IDENTIFIER ::= {versionOne 13} */
-#define MBEDTLS_OID_EC_GRP_BP512R1 MBEDTLS_OID_EC_BRAINPOOL_V1 "\x0D"
-
-/*
- * SEC1 C.1
- *
- * prime-field OBJECT IDENTIFIER ::= { id-fieldType 1 }
- * id-fieldType OBJECT IDENTIFIER ::= { ansi-X9-62 fieldType(1)}
- */
-#define MBEDTLS_OID_ANSI_X9_62_FIELD_TYPE MBEDTLS_OID_ANSI_X9_62 "\x01"
-#define MBEDTLS_OID_ANSI_X9_62_PRIME_FIELD MBEDTLS_OID_ANSI_X9_62_FIELD_TYPE "\x01"
-
-/*
- * ECDSA signature identifiers, from RFC 5480
- */
-#define MBEDTLS_OID_ANSI_X9_62_SIG MBEDTLS_OID_ANSI_X9_62 "\x04" /* signatures(4) */
-#define MBEDTLS_OID_ANSI_X9_62_SIG_SHA2 MBEDTLS_OID_ANSI_X9_62_SIG "\x03" /* ecdsa-with-SHA2(3) */
-
-/* ecdsa-with-SHA1 OBJECT IDENTIFIER ::= {
- * iso(1) member-body(2) us(840) ansi-X9-62(10045) signatures(4) 1 } */
-#define MBEDTLS_OID_ECDSA_SHA1 MBEDTLS_OID_ANSI_X9_62_SIG "\x01"
-
-/* ecdsa-with-SHA224 OBJECT IDENTIFIER ::= {
- * iso(1) member-body(2) us(840) ansi-X9-62(10045) signatures(4)
- * ecdsa-with-SHA2(3) 1 } */
-#define MBEDTLS_OID_ECDSA_SHA224 MBEDTLS_OID_ANSI_X9_62_SIG_SHA2 "\x01"
-
-/* ecdsa-with-SHA256 OBJECT IDENTIFIER ::= {
- * iso(1) member-body(2) us(840) ansi-X9-62(10045) signatures(4)
- * ecdsa-with-SHA2(3) 2 } */
-#define MBEDTLS_OID_ECDSA_SHA256 MBEDTLS_OID_ANSI_X9_62_SIG_SHA2 "\x02"
-
-/* ecdsa-with-SHA384 OBJECT IDENTIFIER ::= {
- * iso(1) member-body(2) us(840) ansi-X9-62(10045) signatures(4)
- * ecdsa-with-SHA2(3) 3 } */
-#define MBEDTLS_OID_ECDSA_SHA384 MBEDTLS_OID_ANSI_X9_62_SIG_SHA2 "\x03"
-
-/* ecdsa-with-SHA512 OBJECT IDENTIFIER ::= {
- * iso(1) member-body(2) us(840) ansi-X9-62(10045) signatures(4)
- * ecdsa-with-SHA2(3) 4 } */
-#define MBEDTLS_OID_ECDSA_SHA512 MBEDTLS_OID_ANSI_X9_62_SIG_SHA2 "\x04"
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/**
- * \brief Base OID descriptor structure
- */
-typedef struct mbedtls_oid_descriptor_t
-{
- const char *MBEDTLS_PRIVATE(asn1); /*!< OID ASN.1 representation */
- size_t MBEDTLS_PRIVATE(asn1_len); /*!< length of asn1 */
-#if !defined(MBEDTLS_X509_REMOVE_INFO)
- const char *MBEDTLS_PRIVATE(name); /*!< official name (e.g. from RFC) */
- const char *MBEDTLS_PRIVATE(description); /*!< human friendly description */
-#endif
-} mbedtls_oid_descriptor_t;
-
-/**
- * \brief Translate an ASN.1 OID into its numeric representation
- * (e.g. "\x2A\x86\x48\x86\xF7\x0D" into "1.2.840.113549")
- *
- * \param buf buffer to put representation in
- * \param size size of the buffer
- * \param oid OID to translate
- *
- * \return Length of the string written (excluding final NULL) or
- * MBEDTLS_ERR_OID_BUF_TOO_SMALL in case of error
- */
-int mbedtls_oid_get_numeric_string( char *buf, size_t size, const mbedtls_asn1_buf *oid );
-
-/**
- * \brief Translate an X.509 extension OID into local values
- *
- * \param oid OID to use
- * \param ext_type place to store the extension type
- *
- * \return 0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND
- */
-int mbedtls_oid_get_x509_ext_type( const mbedtls_asn1_buf *oid, int *ext_type );
-
-/**
- * \brief Translate an X.509 attribute type OID into the short name
- * (e.g. the OID for an X520 Common Name into "CN")
- *
- * \param oid OID to use
- * \param short_name place to store the string pointer
- *
- * \return 0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND
- */
-int mbedtls_oid_get_attr_short_name( const mbedtls_asn1_buf *oid, const char **short_name );
-
-/**
- * \brief Translate PublicKeyAlgorithm OID into pk_type
- *
- * \param oid OID to use
- * \param pk_alg place to store public key algorithm
- *
- * \return 0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND
- */
-int mbedtls_oid_get_pk_alg( const mbedtls_asn1_buf *oid, mbedtls_pk_type_t *pk_alg );
-
-/**
- * \brief Translate pk_type into PublicKeyAlgorithm OID
- *
- * \param pk_alg Public key type to look for
- * \param oid place to store ASN.1 OID string pointer
- * \param olen length of the OID
- *
- * \return 0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND
- */
-int mbedtls_oid_get_oid_by_pk_alg( mbedtls_pk_type_t pk_alg,
- const char **oid, size_t *olen );
-
-#if defined(MBEDTLS_ECP_C)
-/**
- * \brief Translate NamedCurve OID into an EC group identifier
- *
- * \param oid OID to use
- * \param grp_id place to store group id
- *
- * \return 0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND
- */
-int mbedtls_oid_get_ec_grp( const mbedtls_asn1_buf *oid, mbedtls_ecp_group_id *grp_id );
-
-/**
- * \brief Translate EC group identifier into NamedCurve OID
- *
- * \param grp_id EC group identifier
- * \param oid place to store ASN.1 OID string pointer
- * \param olen length of the OID
- *
- * \return 0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND
- */
-int mbedtls_oid_get_oid_by_ec_grp( mbedtls_ecp_group_id grp_id,
- const char **oid, size_t *olen );
-#endif /* MBEDTLS_ECP_C */
-
-#if defined(MBEDTLS_MD_C)
-/**
- * \brief Translate SignatureAlgorithm OID into md_type and pk_type
- *
- * \param oid OID to use
- * \param md_alg place to store message digest algorithm
- * \param pk_alg place to store public key algorithm
- *
- * \return 0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND
- */
-int mbedtls_oid_get_sig_alg( const mbedtls_asn1_buf *oid,
- mbedtls_md_type_t *md_alg, mbedtls_pk_type_t *pk_alg );
-
-/**
- * \brief Translate SignatureAlgorithm OID into description
- *
- * \param oid OID to use
- * \param desc place to store string pointer
- *
- * \return 0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND
- */
-int mbedtls_oid_get_sig_alg_desc( const mbedtls_asn1_buf *oid, const char **desc );
-
-/**
- * \brief Translate md_type and pk_type into SignatureAlgorithm OID
- *
- * \param md_alg message digest algorithm
- * \param pk_alg public key algorithm
- * \param oid place to store ASN.1 OID string pointer
- * \param olen length of the OID
- *
- * \return 0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND
- */
-int mbedtls_oid_get_oid_by_sig_alg( mbedtls_pk_type_t pk_alg, mbedtls_md_type_t md_alg,
- const char **oid, size_t *olen );
-
-/**
- * \brief Translate hash algorithm OID into md_type
- *
- * \param oid OID to use
- * \param md_alg place to store message digest algorithm
- *
- * \return 0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND
- */
-int mbedtls_oid_get_md_alg( const mbedtls_asn1_buf *oid, mbedtls_md_type_t *md_alg );
-
-/**
- * \brief Translate hmac algorithm OID into md_type
- *
- * \param oid OID to use
- * \param md_hmac place to store message hmac algorithm
- *
- * \return 0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND
- */
-int mbedtls_oid_get_md_hmac( const mbedtls_asn1_buf *oid, mbedtls_md_type_t *md_hmac );
-#endif /* MBEDTLS_MD_C */
-
-#if !defined(MBEDTLS_X509_REMOVE_INFO)
-/**
- * \brief Translate Extended Key Usage OID into description
- *
- * \param oid OID to use
- * \param desc place to store string pointer
- *
- * \return 0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND
- */
-int mbedtls_oid_get_extended_key_usage( const mbedtls_asn1_buf *oid, const char **desc );
-#endif
-
-/**
- * \brief Translate certificate policies OID into description
- *
- * \param oid OID to use
- * \param desc place to store string pointer
- *
- * \return 0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND
- */
-int mbedtls_oid_get_certificate_policies( const mbedtls_asn1_buf *oid, const char **desc );
-
-/**
- * \brief Translate md_type into hash algorithm OID
- *
- * \param md_alg message digest algorithm
- * \param oid place to store ASN.1 OID string pointer
- * \param olen length of the OID
- *
- * \return 0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND
- */
-int mbedtls_oid_get_oid_by_md( mbedtls_md_type_t md_alg, const char **oid, size_t *olen );
-
-#if defined(MBEDTLS_CIPHER_C)
-/**
- * \brief Translate encryption algorithm OID into cipher_type
- *
- * \param oid OID to use
- * \param cipher_alg place to store cipher algorithm
- *
- * \return 0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND
- */
-int mbedtls_oid_get_cipher_alg( const mbedtls_asn1_buf *oid, mbedtls_cipher_type_t *cipher_alg );
-#endif /* MBEDTLS_CIPHER_C */
-
-#if defined(MBEDTLS_PKCS12_C)
-/**
- * \brief Translate PKCS#12 PBE algorithm OID into md_type and
- * cipher_type
- *
- * \param oid OID to use
- * \param md_alg place to store message digest algorithm
- * \param cipher_alg place to store cipher algorithm
- *
- * \return 0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND
- */
-int mbedtls_oid_get_pkcs12_pbe_alg( const mbedtls_asn1_buf *oid, mbedtls_md_type_t *md_alg,
- mbedtls_cipher_type_t *cipher_alg );
-#endif /* MBEDTLS_PKCS12_C */
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* oid.h */
diff --git a/mbedtls/pem.h b/mbedtls/pem.h
deleted file mode 100644
index baceb07..0000000
--- a/mbedtls/pem.h
+++ /dev/null
@@ -1,150 +0,0 @@
-/**
- * \file pem.h
- *
- * \brief Privacy Enhanced Mail (PEM) decoding
- */
-/*
- * Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-#ifndef MBEDTLS_PEM_H
-#define MBEDTLS_PEM_H
-#include "mbedtls/private_access.h"
-
-#include "mbedtls/build_info.h"
-
-#include
-
-/**
- * \name PEM Error codes
- * These error codes are returned in case of errors reading the
- * PEM data.
- * \{
- */
-/** No PEM header or footer found. */
-#define MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT -0x1080
-/** PEM string is not as expected. */
-#define MBEDTLS_ERR_PEM_INVALID_DATA -0x1100
-/** Failed to allocate memory. */
-#define MBEDTLS_ERR_PEM_ALLOC_FAILED -0x1180
-/** RSA IV is not in hex-format. */
-#define MBEDTLS_ERR_PEM_INVALID_ENC_IV -0x1200
-/** Unsupported key encryption algorithm. */
-#define MBEDTLS_ERR_PEM_UNKNOWN_ENC_ALG -0x1280
-/** Private key password can't be empty. */
-#define MBEDTLS_ERR_PEM_PASSWORD_REQUIRED -0x1300
-/** Given private key password does not allow for correct decryption. */
-#define MBEDTLS_ERR_PEM_PASSWORD_MISMATCH -0x1380
-/** Unavailable feature, e.g. hashing/encryption combination. */
-#define MBEDTLS_ERR_PEM_FEATURE_UNAVAILABLE -0x1400
-/** Bad input parameters to function. */
-#define MBEDTLS_ERR_PEM_BAD_INPUT_DATA -0x1480
-/* \} name */
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-#if defined(MBEDTLS_PEM_PARSE_C)
-/**
- * \brief PEM context structure
- */
-typedef struct mbedtls_pem_context
-{
- unsigned char *MBEDTLS_PRIVATE(buf); /*!< buffer for decoded data */
- size_t MBEDTLS_PRIVATE(buflen); /*!< length of the buffer */
- unsigned char *MBEDTLS_PRIVATE(info); /*!< buffer for extra header information */
-}
-mbedtls_pem_context;
-
-/**
- * \brief PEM context setup
- *
- * \param ctx context to be initialized
- */
-void mbedtls_pem_init( mbedtls_pem_context *ctx );
-
-/**
- * \brief Read a buffer for PEM information and store the resulting
- * data into the specified context buffers.
- *
- * \param ctx context to use
- * \param header header string to seek and expect
- * \param footer footer string to seek and expect
- * \param data source data to look in (must be nul-terminated)
- * \param pwd password for decryption (can be NULL)
- * \param pwdlen length of password
- * \param use_len destination for total length used (set after header is
- * correctly read, so unless you get
- * MBEDTLS_ERR_PEM_BAD_INPUT_DATA or
- * MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT, use_len is
- * the length to skip)
- *
- * \note Attempts to check password correctness by verifying if
- * the decrypted text starts with an ASN.1 sequence of
- * appropriate length
- *
- * \return 0 on success, or a specific PEM error code
- */
-int mbedtls_pem_read_buffer( mbedtls_pem_context *ctx, const char *header, const char *footer,
- const unsigned char *data,
- const unsigned char *pwd,
- size_t pwdlen, size_t *use_len );
-
-/**
- * \brief PEM context memory freeing
- *
- * \param ctx context to be freed
- */
-void mbedtls_pem_free( mbedtls_pem_context *ctx );
-#endif /* MBEDTLS_PEM_PARSE_C */
-
-#if defined(MBEDTLS_PEM_WRITE_C)
-/**
- * \brief Write a buffer of PEM information from a DER encoded
- * buffer.
- *
- * \param header The header string to write.
- * \param footer The footer string to write.
- * \param der_data The DER data to encode.
- * \param der_len The length of the DER data \p der_data in Bytes.
- * \param buf The buffer to write to.
- * \param buf_len The length of the output buffer \p buf in Bytes.
- * \param olen The address at which to store the total length written
- * or required (if \p buf_len is not enough).
- *
- * \note You may pass \c NULL for \p buf and \c 0 for \p buf_len
- * to request the length of the resulting PEM buffer in
- * `*olen`.
- *
- * \note This function may be called with overlapping \p der_data
- * and \p buf buffers.
- *
- * \return \c 0 on success.
- * \return #MBEDTLS_ERR_BASE64_BUFFER_TOO_SMALL if \p buf isn't large
- * enough to hold the PEM buffer. In this case, `*olen` holds
- * the required minimum size of \p buf.
- * \return Another PEM or BASE64 error code on other kinds of failure.
- */
-int mbedtls_pem_write_buffer( const char *header, const char *footer,
- const unsigned char *der_data, size_t der_len,
- unsigned char *buf, size_t buf_len, size_t *olen );
-#endif /* MBEDTLS_PEM_WRITE_C */
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* pem.h */
diff --git a/mbedtls/pk.h b/mbedtls/pk.h
deleted file mode 100644
index 5f9f29f..0000000
--- a/mbedtls/pk.h
+++ /dev/null
@@ -1,909 +0,0 @@
-/**
- * \file pk.h
- *
- * \brief Public Key abstraction layer
- */
-/*
- * Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-#ifndef MBEDTLS_PK_H
-#define MBEDTLS_PK_H
-#include "mbedtls/private_access.h"
-
-#include "mbedtls/build_info.h"
-
-#include "mbedtls/md.h"
-
-#if defined(MBEDTLS_RSA_C)
-#include "mbedtls/rsa.h"
-#endif
-
-#if defined(MBEDTLS_ECP_C)
-#include "mbedtls/ecp.h"
-#endif
-
-#if defined(MBEDTLS_ECDSA_C)
-#include "mbedtls/ecdsa.h"
-#endif
-
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
-#include "psa/crypto.h"
-#endif
-
-#if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && \
- !defined(inline) && !defined(__cplusplus)
-#define inline __inline
-#endif
-
-/** Memory allocation failed. */
-#define MBEDTLS_ERR_PK_ALLOC_FAILED -0x3F80
-/** Type mismatch, eg attempt to encrypt with an ECDSA key */
-#define MBEDTLS_ERR_PK_TYPE_MISMATCH -0x3F00
-/** Bad input parameters to function. */
-#define MBEDTLS_ERR_PK_BAD_INPUT_DATA -0x3E80
-/** Read/write of file failed. */
-#define MBEDTLS_ERR_PK_FILE_IO_ERROR -0x3E00
-/** Unsupported key version */
-#define MBEDTLS_ERR_PK_KEY_INVALID_VERSION -0x3D80
-/** Invalid key tag or value. */
-#define MBEDTLS_ERR_PK_KEY_INVALID_FORMAT -0x3D00
-/** Key algorithm is unsupported (only RSA and EC are supported). */
-#define MBEDTLS_ERR_PK_UNKNOWN_PK_ALG -0x3C80
-/** Private key password can't be empty. */
-#define MBEDTLS_ERR_PK_PASSWORD_REQUIRED -0x3C00
-/** Given private key password does not allow for correct decryption. */
-#define MBEDTLS_ERR_PK_PASSWORD_MISMATCH -0x3B80
-/** The pubkey tag or value is invalid (only RSA and EC are supported). */
-#define MBEDTLS_ERR_PK_INVALID_PUBKEY -0x3B00
-/** The algorithm tag or value is invalid. */
-#define MBEDTLS_ERR_PK_INVALID_ALG -0x3A80
-/** Elliptic curve is unsupported (only NIST curves are supported). */
-#define MBEDTLS_ERR_PK_UNKNOWN_NAMED_CURVE -0x3A00
-/** Unavailable feature, e.g. RSA disabled for RSA key. */
-#define MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE -0x3980
-/** The buffer contains a valid signature followed by more data. */
-#define MBEDTLS_ERR_PK_SIG_LEN_MISMATCH -0x3900
-/** The output buffer is too small. */
-#define MBEDTLS_ERR_PK_BUFFER_TOO_SMALL -0x3880
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/**
- * \brief Public key types
- */
-typedef enum {
- MBEDTLS_PK_NONE=0,
- MBEDTLS_PK_RSA,
- MBEDTLS_PK_ECKEY,
- MBEDTLS_PK_ECKEY_DH,
- MBEDTLS_PK_ECDSA,
- MBEDTLS_PK_RSA_ALT,
- MBEDTLS_PK_RSASSA_PSS,
- MBEDTLS_PK_OPAQUE,
-} mbedtls_pk_type_t;
-
-/**
- * \brief Options for RSASSA-PSS signature verification.
- * See \c mbedtls_rsa_rsassa_pss_verify_ext()
- */
-typedef struct mbedtls_pk_rsassa_pss_options
-{
- mbedtls_md_type_t MBEDTLS_PRIVATE(mgf1_hash_id);
- int MBEDTLS_PRIVATE(expected_salt_len);
-
-} mbedtls_pk_rsassa_pss_options;
-
-/**
- * \brief Maximum size of a signature made by mbedtls_pk_sign().
- */
-/* We need to set MBEDTLS_PK_SIGNATURE_MAX_SIZE to the maximum signature
- * size among the supported signature types. Do it by starting at 0,
- * then incrementally increasing to be large enough for each supported
- * signature mechanism.
- *
- * The resulting value can be 0, for example if MBEDTLS_ECDH_C is enabled
- * (which allows the pk module to be included) but neither MBEDTLS_ECDSA_C
- * nor MBEDTLS_RSA_C nor any opaque signature mechanism (PSA or RSA_ALT).
- */
-#define MBEDTLS_PK_SIGNATURE_MAX_SIZE 0
-
-#if ( defined(MBEDTLS_RSA_C) || defined(MBEDTLS_PK_RSA_ALT_SUPPORT) ) && \
- MBEDTLS_MPI_MAX_SIZE > MBEDTLS_PK_SIGNATURE_MAX_SIZE
-/* For RSA, the signature can be as large as the bignum module allows.
- * For RSA_ALT, the signature size is not necessarily tied to what the
- * bignum module can do, but in the absence of any specific setting,
- * we use that (rsa_alt_sign_wrap in library/pk_wrap.h will check). */
-#undef MBEDTLS_PK_SIGNATURE_MAX_SIZE
-#define MBEDTLS_PK_SIGNATURE_MAX_SIZE MBEDTLS_MPI_MAX_SIZE
-#endif
-
-#if defined(MBEDTLS_ECDSA_C) && \
- MBEDTLS_ECDSA_MAX_LEN > MBEDTLS_PK_SIGNATURE_MAX_SIZE
-/* For ECDSA, the ecdsa module exports a constant for the maximum
- * signature size. */
-#undef MBEDTLS_PK_SIGNATURE_MAX_SIZE
-#define MBEDTLS_PK_SIGNATURE_MAX_SIZE MBEDTLS_ECDSA_MAX_LEN
-#endif
-
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
-#if PSA_SIGNATURE_MAX_SIZE > MBEDTLS_PK_SIGNATURE_MAX_SIZE
-/* PSA_SIGNATURE_MAX_SIZE is the maximum size of a signature made
- * through the PSA API in the PSA representation. */
-#undef MBEDTLS_PK_SIGNATURE_MAX_SIZE
-#define MBEDTLS_PK_SIGNATURE_MAX_SIZE PSA_SIGNATURE_MAX_SIZE
-#endif
-
-#if PSA_VENDOR_ECDSA_SIGNATURE_MAX_SIZE + 11 > MBEDTLS_PK_SIGNATURE_MAX_SIZE
-/* The Mbed TLS representation is different for ECDSA signatures:
- * PSA uses the raw concatenation of r and s,
- * whereas Mbed TLS uses the ASN.1 representation (SEQUENCE of two INTEGERs).
- * Add the overhead of ASN.1: up to (1+2) + 2 * (1+2+1) for the
- * types, lengths (represented by up to 2 bytes), and potential leading
- * zeros of the INTEGERs and the SEQUENCE. */
-#undef MBEDTLS_PK_SIGNATURE_MAX_SIZE
-#define MBEDTLS_PK_SIGNATURE_MAX_SIZE ( PSA_VENDOR_ECDSA_SIGNATURE_MAX_SIZE + 11 )
-#endif
-#endif /* defined(MBEDTLS_USE_PSA_CRYPTO) */
-
-/**
- * \brief Types for interfacing with the debug module
- */
-typedef enum
-{
- MBEDTLS_PK_DEBUG_NONE = 0,
- MBEDTLS_PK_DEBUG_MPI,
- MBEDTLS_PK_DEBUG_ECP,
-} mbedtls_pk_debug_type;
-
-/**
- * \brief Item to send to the debug module
- */
-typedef struct mbedtls_pk_debug_item
-{
- mbedtls_pk_debug_type MBEDTLS_PRIVATE(type);
- const char *MBEDTLS_PRIVATE(name);
- void *MBEDTLS_PRIVATE(value);
-} mbedtls_pk_debug_item;
-
-/** Maximum number of item send for debugging, plus 1 */
-#define MBEDTLS_PK_DEBUG_MAX_ITEMS 3
-
-/**
- * \brief Public key information and operations
- *
- * \note The library does not support custom pk info structures,
- * only built-in structures returned by
- * mbedtls_cipher_info_from_type().
- */
-typedef struct mbedtls_pk_info_t mbedtls_pk_info_t;
-
-/**
- * \brief Public key container
- */
-typedef struct mbedtls_pk_context
-{
- const mbedtls_pk_info_t * MBEDTLS_PRIVATE(pk_info); /**< Public key information */
- void * MBEDTLS_PRIVATE(pk_ctx); /**< Underlying public key context */
-} mbedtls_pk_context;
-
-#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
-/**
- * \brief Context for resuming operations
- */
-typedef struct
-{
- const mbedtls_pk_info_t * MBEDTLS_PRIVATE(pk_info); /**< Public key information */
- void * MBEDTLS_PRIVATE(rs_ctx); /**< Underlying restart context */
-} mbedtls_pk_restart_ctx;
-#else /* MBEDTLS_ECDSA_C && MBEDTLS_ECP_RESTARTABLE */
-/* Now we can declare functions that take a pointer to that */
-typedef void mbedtls_pk_restart_ctx;
-#endif /* MBEDTLS_ECDSA_C && MBEDTLS_ECP_RESTARTABLE */
-
-#if defined(MBEDTLS_RSA_C)
-/**
- * Quick access to an RSA context inside a PK context.
- *
- * \warning You must make sure the PK context actually holds an RSA context
- * before using this function!
- */
-static inline mbedtls_rsa_context *mbedtls_pk_rsa( const mbedtls_pk_context pk )
-{
- return( (mbedtls_rsa_context *) (pk).MBEDTLS_PRIVATE(pk_ctx) );
-}
-#endif /* MBEDTLS_RSA_C */
-
-#if defined(MBEDTLS_ECP_C)
-/**
- * Quick access to an EC context inside a PK context.
- *
- * \warning You must make sure the PK context actually holds an EC context
- * before using this function!
- */
-static inline mbedtls_ecp_keypair *mbedtls_pk_ec( const mbedtls_pk_context pk )
-{
- return( (mbedtls_ecp_keypair *) (pk).MBEDTLS_PRIVATE(pk_ctx) );
-}
-#endif /* MBEDTLS_ECP_C */
-
-#if defined(MBEDTLS_PK_RSA_ALT_SUPPORT)
-/**
- * \brief Types for RSA-alt abstraction
- */
-typedef int (*mbedtls_pk_rsa_alt_decrypt_func)( void *ctx, size_t *olen,
- const unsigned char *input, unsigned char *output,
- size_t output_max_len );
-typedef int (*mbedtls_pk_rsa_alt_sign_func)( void *ctx,
- int (*f_rng)(void *, unsigned char *, size_t), void *p_rng,
- mbedtls_md_type_t md_alg, unsigned int hashlen,
- const unsigned char *hash, unsigned char *sig );
-typedef size_t (*mbedtls_pk_rsa_alt_key_len_func)( void *ctx );
-#endif /* MBEDTLS_PK_RSA_ALT_SUPPORT */
-
-/**
- * \brief Return information associated with the given PK type
- *
- * \param pk_type PK type to search for.
- *
- * \return The PK info associated with the type or NULL if not found.
- */
-const mbedtls_pk_info_t *mbedtls_pk_info_from_type( mbedtls_pk_type_t pk_type );
-
-/**
- * \brief Initialize a #mbedtls_pk_context (as NONE).
- *
- * \param ctx The context to initialize.
- * This must not be \c NULL.
- */
-void mbedtls_pk_init( mbedtls_pk_context *ctx );
-
-/**
- * \brief Free the components of a #mbedtls_pk_context.
- *
- * \param ctx The context to clear. It must have been initialized.
- * If this is \c NULL, this function does nothing.
- *
- * \note For contexts that have been set up with
- * mbedtls_pk_setup_opaque(), this does not free the underlying
- * PSA key and you still need to call psa_destroy_key()
- * independently if you want to destroy that key.
- */
-void mbedtls_pk_free( mbedtls_pk_context *ctx );
-
-#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
-/**
- * \brief Initialize a restart context
- *
- * \param ctx The context to initialize.
- * This must not be \c NULL.
- */
-void mbedtls_pk_restart_init( mbedtls_pk_restart_ctx *ctx );
-
-/**
- * \brief Free the components of a restart context
- *
- * \param ctx The context to clear. It must have been initialized.
- * If this is \c NULL, this function does nothing.
- */
-void mbedtls_pk_restart_free( mbedtls_pk_restart_ctx *ctx );
-#endif /* MBEDTLS_ECDSA_C && MBEDTLS_ECP_RESTARTABLE */
-
-/**
- * \brief Initialize a PK context with the information given
- * and allocates the type-specific PK subcontext.
- *
- * \param ctx Context to initialize. It must not have been set
- * up yet (type #MBEDTLS_PK_NONE).
- * \param info Information to use
- *
- * \return 0 on success,
- * MBEDTLS_ERR_PK_BAD_INPUT_DATA on invalid input,
- * MBEDTLS_ERR_PK_ALLOC_FAILED on allocation failure.
- *
- * \note For contexts holding an RSA-alt key, use
- * \c mbedtls_pk_setup_rsa_alt() instead.
- */
-int mbedtls_pk_setup( mbedtls_pk_context *ctx, const mbedtls_pk_info_t *info );
-
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
-/**
- * \brief Initialize a PK context to wrap a PSA key.
- *
- * \note This function replaces mbedtls_pk_setup() for contexts
- * that wrap a (possibly opaque) PSA key instead of
- * storing and manipulating the key material directly.
- *
- * \param ctx The context to initialize. It must be empty (type NONE).
- * \param key The PSA key to wrap, which must hold an ECC key pair
- * (see notes below).
- *
- * \note The wrapped key must remain valid as long as the
- * wrapping PK context is in use, that is at least between
- * the point this function is called and the point
- * mbedtls_pk_free() is called on this context. The wrapped
- * key might then be independently used or destroyed.
- *
- * \note This function is currently only available for ECC key
- * pairs (that is, ECC keys containing private key material).
- * Support for other key types may be added later.
- *
- * \return \c 0 on success.
- * \return #MBEDTLS_ERR_PK_BAD_INPUT_DATA on invalid input
- * (context already used, invalid key identifier).
- * \return #MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE if the key is not an
- * ECC key pair.
- * \return #MBEDTLS_ERR_PK_ALLOC_FAILED on allocation failure.
- */
-int mbedtls_pk_setup_opaque( mbedtls_pk_context *ctx,
- const psa_key_id_t key );
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
-
-#if defined(MBEDTLS_PK_RSA_ALT_SUPPORT)
-/**
- * \brief Initialize an RSA-alt context
- *
- * \param ctx Context to initialize. It must not have been set
- * up yet (type #MBEDTLS_PK_NONE).
- * \param key RSA key pointer
- * \param decrypt_func Decryption function
- * \param sign_func Signing function
- * \param key_len_func Function returning key length in bytes
- *
- * \return 0 on success, or MBEDTLS_ERR_PK_BAD_INPUT_DATA if the
- * context wasn't already initialized as RSA_ALT.
- *
- * \note This function replaces \c mbedtls_pk_setup() for RSA-alt.
- */
-int mbedtls_pk_setup_rsa_alt( mbedtls_pk_context *ctx, void * key,
- mbedtls_pk_rsa_alt_decrypt_func decrypt_func,
- mbedtls_pk_rsa_alt_sign_func sign_func,
- mbedtls_pk_rsa_alt_key_len_func key_len_func );
-#endif /* MBEDTLS_PK_RSA_ALT_SUPPORT */
-
-/**
- * \brief Get the size in bits of the underlying key
- *
- * \param ctx The context to query. It must have been initialized.
- *
- * \return Key size in bits, or 0 on error
- */
-size_t mbedtls_pk_get_bitlen( const mbedtls_pk_context *ctx );
-
-/**
- * \brief Get the length in bytes of the underlying key
- *
- * \param ctx The context to query. It must have been initialized.
- *
- * \return Key length in bytes, or 0 on error
- */
-static inline size_t mbedtls_pk_get_len( const mbedtls_pk_context *ctx )
-{
- return( ( mbedtls_pk_get_bitlen( ctx ) + 7 ) / 8 );
-}
-
-/**
- * \brief Tell if a context can do the operation given by type
- *
- * \param ctx The context to query. It must have been initialized.
- * \param type The desired type.
- *
- * \return 1 if the context can do operations on the given type.
- * \return 0 if the context cannot do the operations on the given
- * type. This is always the case for a context that has
- * been initialized but not set up, or that has been
- * cleared with mbedtls_pk_free().
- */
-int mbedtls_pk_can_do( const mbedtls_pk_context *ctx, mbedtls_pk_type_t type );
-
-/**
- * \brief Verify signature (including padding if relevant).
- *
- * \param ctx The PK context to use. It must have been set up.
- * \param md_alg Hash algorithm used.
- * This can be #MBEDTLS_MD_NONE if the signature algorithm
- * does not rely on a hash algorithm (non-deterministic
- * ECDSA, RSA PKCS#1 v1.5).
- * For PKCS#1 v1.5, if \p md_alg is #MBEDTLS_MD_NONE, then
- * \p hash is the DigestInfo structure used by RFC 8017
- * §9.2 steps 3–6. If \p md_alg is a valid hash
- * algorithm then \p hash is the digest itself, and this
- * function calculates the DigestInfo encoding internally.
- * \param hash Hash of the message to sign
- * \param hash_len Hash length
- * \param sig Signature to verify
- * \param sig_len Signature length
- *
- * \return 0 on success (signature is valid),
- * #MBEDTLS_ERR_PK_SIG_LEN_MISMATCH if there is a valid
- * signature in sig but its length is less than \p siglen,
- * or a specific error code.
- *
- * \note For RSA keys, the default padding type is PKCS#1 v1.5.
- * Use \c mbedtls_pk_verify_ext( MBEDTLS_PK_RSASSA_PSS, ... )
- * to verify RSASSA_PSS signatures.
- */
-int mbedtls_pk_verify( mbedtls_pk_context *ctx, mbedtls_md_type_t md_alg,
- const unsigned char *hash, size_t hash_len,
- const unsigned char *sig, size_t sig_len );
-
-/**
- * \brief Restartable version of \c mbedtls_pk_verify()
- *
- * \note Performs the same job as \c mbedtls_pk_verify(), but can
- * return early and restart according to the limit set with
- * \c mbedtls_ecp_set_max_ops() to reduce blocking for ECC
- * operations. For RSA, same as \c mbedtls_pk_verify().
- *
- * \param ctx The PK context to use. It must have been set up.
- * \param md_alg Hash algorithm used (see notes)
- * \param hash Hash of the message to sign
- * \param hash_len Hash length or 0 (see notes)
- * \param sig Signature to verify
- * \param sig_len Signature length
- * \param rs_ctx Restart context (NULL to disable restart)
- *
- * \return See \c mbedtls_pk_verify(), or
- * \return #MBEDTLS_ERR_ECP_IN_PROGRESS if maximum number of
- * operations was reached: see \c mbedtls_ecp_set_max_ops().
- */
-int mbedtls_pk_verify_restartable( mbedtls_pk_context *ctx,
- mbedtls_md_type_t md_alg,
- const unsigned char *hash, size_t hash_len,
- const unsigned char *sig, size_t sig_len,
- mbedtls_pk_restart_ctx *rs_ctx );
-
-/**
- * \brief Verify signature, with options.
- * (Includes verification of the padding depending on type.)
- *
- * \param type Signature type (inc. possible padding type) to verify
- * \param options Pointer to type-specific options, or NULL
- * \param ctx The PK context to use. It must have been set up.
- * \param md_alg Hash algorithm used (see notes)
- * \param hash Hash of the message to sign
- * \param hash_len Hash length or 0 (see notes)
- * \param sig Signature to verify
- * \param sig_len Signature length
- *
- * \return 0 on success (signature is valid),
- * #MBEDTLS_ERR_PK_TYPE_MISMATCH if the PK context can't be
- * used for this type of signatures,
- * #MBEDTLS_ERR_PK_SIG_LEN_MISMATCH if there is a valid
- * signature in sig but its length is less than \p siglen,
- * or a specific error code.
- *
- * \note If hash_len is 0, then the length associated with md_alg
- * is used instead, or an error returned if it is invalid.
- *
- * \note md_alg may be MBEDTLS_MD_NONE, only if hash_len != 0
- *
- * \note If type is MBEDTLS_PK_RSASSA_PSS, then options must point
- * to a mbedtls_pk_rsassa_pss_options structure,
- * otherwise it must be NULL.
- */
-int mbedtls_pk_verify_ext( mbedtls_pk_type_t type, const void *options,
- mbedtls_pk_context *ctx, mbedtls_md_type_t md_alg,
- const unsigned char *hash, size_t hash_len,
- const unsigned char *sig, size_t sig_len );
-
-/**
- * \brief Make signature, including padding if relevant.
- *
- * \param ctx The PK context to use. It must have been set up
- * with a private key.
- * \param md_alg Hash algorithm used (see notes)
- * \param hash Hash of the message to sign
- * \param hash_len Hash length
- * \param sig Place to write the signature.
- * It must have enough room for the signature.
- * #MBEDTLS_PK_SIGNATURE_MAX_SIZE is always enough.
- * You may use a smaller buffer if it is large enough
- * given the key type.
- * \param sig_size The size of the \p sig buffer in bytes.
- * \param sig_len On successful return,
- * the number of bytes written to \p sig.
- * \param f_rng RNG function, must not be \c NULL.
- * \param p_rng RNG parameter
- *
- * \return 0 on success, or a specific error code.
- *
- * \note For RSA keys, the default padding type is PKCS#1 v1.5.
- * There is no interface in the PK module to make RSASSA-PSS
- * signatures yet.
- *
- * \note For RSA, md_alg may be MBEDTLS_MD_NONE if hash_len != 0.
- * For ECDSA, md_alg may never be MBEDTLS_MD_NONE.
- */
-int mbedtls_pk_sign( mbedtls_pk_context *ctx, mbedtls_md_type_t md_alg,
- const unsigned char *hash, size_t hash_len,
- unsigned char *sig, size_t sig_size, size_t *sig_len,
- int (*f_rng)(void *, unsigned char *, size_t), void *p_rng );
-
-/**
- * \brief Restartable version of \c mbedtls_pk_sign()
- *
- * \note Performs the same job as \c mbedtls_pk_sign(), but can
- * return early and restart according to the limit set with
- * \c mbedtls_ecp_set_max_ops() to reduce blocking for ECC
- * operations. For RSA, same as \c mbedtls_pk_sign().
- *
- * \param ctx The PK context to use. It must have been set up
- * with a private key.
- * \param md_alg Hash algorithm used (see notes for mbedtls_pk_sign())
- * \param hash Hash of the message to sign
- * \param hash_len Hash length
- * \param sig Place to write the signature.
- * It must have enough room for the signature.
- * #MBEDTLS_PK_SIGNATURE_MAX_SIZE is always enough.
- * You may use a smaller buffer if it is large enough
- * given the key type.
- * \param sig_size The size of the \p sig buffer in bytes.
- * \param sig_len On successful return,
- * the number of bytes written to \p sig.
- * \param f_rng RNG function, must not be \c NULL.
- * \param p_rng RNG parameter
- * \param rs_ctx Restart context (NULL to disable restart)
- *
- * \return See \c mbedtls_pk_sign().
- * \return #MBEDTLS_ERR_ECP_IN_PROGRESS if maximum number of
- * operations was reached: see \c mbedtls_ecp_set_max_ops().
- */
-int mbedtls_pk_sign_restartable( mbedtls_pk_context *ctx,
- mbedtls_md_type_t md_alg,
- const unsigned char *hash, size_t hash_len,
- unsigned char *sig, size_t sig_size, size_t *sig_len,
- int (*f_rng)(void *, unsigned char *, size_t), void *p_rng,
- mbedtls_pk_restart_ctx *rs_ctx );
-
-/**
- * \brief Decrypt message (including padding if relevant).
- *
- * \param ctx The PK context to use. It must have been set up
- * with a private key.
- * \param input Input to decrypt
- * \param ilen Input size
- * \param output Decrypted output
- * \param olen Decrypted message length
- * \param osize Size of the output buffer
- * \param f_rng RNG function, must not be \c NULL.
- * \param p_rng RNG parameter
- *
- * \note For RSA keys, the default padding type is PKCS#1 v1.5.
- *
- * \return 0 on success, or a specific error code.
- */
-int mbedtls_pk_decrypt( mbedtls_pk_context *ctx,
- const unsigned char *input, size_t ilen,
- unsigned char *output, size_t *olen, size_t osize,
- int (*f_rng)(void *, unsigned char *, size_t), void *p_rng );
-
-/**
- * \brief Encrypt message (including padding if relevant).
- *
- * \param ctx The PK context to use. It must have been set up.
- * \param input Message to encrypt
- * \param ilen Message size
- * \param output Encrypted output
- * \param olen Encrypted output length
- * \param osize Size of the output buffer
- * \param f_rng RNG function, must not be \c NULL.
- * \param p_rng RNG parameter
- *
- * \note \p f_rng is used for padding generation.
- *
- * \note For RSA keys, the default padding type is PKCS#1 v1.5.
- *
- * \return 0 on success, or a specific error code.
- */
-int mbedtls_pk_encrypt( mbedtls_pk_context *ctx,
- const unsigned char *input, size_t ilen,
- unsigned char *output, size_t *olen, size_t osize,
- int (*f_rng)(void *, unsigned char *, size_t), void *p_rng );
-
-/**
- * \brief Check if a public-private pair of keys matches.
- *
- * \param pub Context holding a public key.
- * \param prv Context holding a private (and public) key.
- * \param f_rng RNG function, must not be \c NULL.
- * \param p_rng RNG parameter
- *
- * \return \c 0 on success (keys were checked and match each other).
- * \return #MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE if the keys could not
- * be checked - in that case they may or may not match.
- * \return #MBEDTLS_ERR_PK_BAD_INPUT_DATA if a context is invalid.
- * \return Another non-zero value if the keys do not match.
- */
-int mbedtls_pk_check_pair( const mbedtls_pk_context *pub,
- const mbedtls_pk_context *prv,
- int (*f_rng)(void *, unsigned char *, size_t),
- void *p_rng );
-
-/**
- * \brief Export debug information
- *
- * \param ctx The PK context to use. It must have been initialized.
- * \param items Place to write debug items
- *
- * \return 0 on success or MBEDTLS_ERR_PK_BAD_INPUT_DATA
- */
-int mbedtls_pk_debug( const mbedtls_pk_context *ctx, mbedtls_pk_debug_item *items );
-
-/**
- * \brief Access the type name
- *
- * \param ctx The PK context to use. It must have been initialized.
- *
- * \return Type name on success, or "invalid PK"
- */
-const char * mbedtls_pk_get_name( const mbedtls_pk_context *ctx );
-
-/**
- * \brief Get the key type
- *
- * \param ctx The PK context to use. It must have been initialized.
- *
- * \return Type on success.
- * \return #MBEDTLS_PK_NONE for a context that has not been set up.
- */
-mbedtls_pk_type_t mbedtls_pk_get_type( const mbedtls_pk_context *ctx );
-
-#if defined(MBEDTLS_PK_PARSE_C)
-/** \ingroup pk_module */
-/**
- * \brief Parse a private key in PEM or DER format
- *
- * \param ctx The PK context to fill. It must have been initialized
- * but not set up.
- * \param key Input buffer to parse.
- * The buffer must contain the input exactly, with no
- * extra trailing material. For PEM, the buffer must
- * contain a null-terminated string.
- * \param keylen Size of \b key in bytes.
- * For PEM data, this includes the terminating null byte,
- * so \p keylen must be equal to `strlen(key) + 1`.
- * \param pwd Optional password for decryption.
- * Pass \c NULL if expecting a non-encrypted key.
- * Pass a string of \p pwdlen bytes if expecting an encrypted
- * key; a non-encrypted key will also be accepted.
- * The empty password is not supported.
- * \param pwdlen Size of the password in bytes.
- * Ignored if \p pwd is \c NULL.
- * \param f_rng RNG function, must not be \c NULL. Used for blinding.
- * \param p_rng RNG parameter
- *
- * \note On entry, ctx must be empty, either freshly initialised
- * with mbedtls_pk_init() or reset with mbedtls_pk_free(). If you need a
- * specific key type, check the result with mbedtls_pk_can_do().
- *
- * \note The key is also checked for correctness.
- *
- * \return 0 if successful, or a specific PK or PEM error code
- */
-int mbedtls_pk_parse_key( mbedtls_pk_context *ctx,
- const unsigned char *key, size_t keylen,
- const unsigned char *pwd, size_t pwdlen,
- int (*f_rng)(void *, unsigned char *, size_t), void *p_rng );
-
-/** \ingroup pk_module */
-/**
- * \brief Parse a public key in PEM or DER format
- *
- * \param ctx The PK context to fill. It must have been initialized
- * but not set up.
- * \param key Input buffer to parse.
- * The buffer must contain the input exactly, with no
- * extra trailing material. For PEM, the buffer must
- * contain a null-terminated string.
- * \param keylen Size of \b key in bytes.
- * For PEM data, this includes the terminating null byte,
- * so \p keylen must be equal to `strlen(key) + 1`.
- *
- * \note On entry, ctx must be empty, either freshly initialised
- * with mbedtls_pk_init() or reset with mbedtls_pk_free(). If you need a
- * specific key type, check the result with mbedtls_pk_can_do().
- *
- * \note The key is also checked for correctness.
- *
- * \return 0 if successful, or a specific PK or PEM error code
- */
-int mbedtls_pk_parse_public_key( mbedtls_pk_context *ctx,
- const unsigned char *key, size_t keylen );
-
-#if defined(MBEDTLS_FS_IO)
-/** \ingroup pk_module */
-/**
- * \brief Load and parse a private key
- *
- * \param ctx The PK context to fill. It must have been initialized
- * but not set up.
- * \param path filename to read the private key from
- * \param password Optional password to decrypt the file.
- * Pass \c NULL if expecting a non-encrypted key.
- * Pass a null-terminated string if expecting an encrypted
- * key; a non-encrypted key will also be accepted.
- * The empty password is not supported.
- * \param f_rng RNG function, must not be \c NULL. Used for blinding.
- * \param p_rng RNG parameter
- *
- * \note On entry, ctx must be empty, either freshly initialised
- * with mbedtls_pk_init() or reset with mbedtls_pk_free(). If you need a
- * specific key type, check the result with mbedtls_pk_can_do().
- *
- * \note The key is also checked for correctness.
- *
- * \return 0 if successful, or a specific PK or PEM error code
- */
-int mbedtls_pk_parse_keyfile( mbedtls_pk_context *ctx,
- const char *path, const char *password,
- int (*f_rng)(void *, unsigned char *, size_t), void *p_rng );
-
-/** \ingroup pk_module */
-/**
- * \brief Load and parse a public key
- *
- * \param ctx The PK context to fill. It must have been initialized
- * but not set up.
- * \param path filename to read the public key from
- *
- * \note On entry, ctx must be empty, either freshly initialised
- * with mbedtls_pk_init() or reset with mbedtls_pk_free(). If
- * you need a specific key type, check the result with
- * mbedtls_pk_can_do().
- *
- * \note The key is also checked for correctness.
- *
- * \return 0 if successful, or a specific PK or PEM error code
- */
-int mbedtls_pk_parse_public_keyfile( mbedtls_pk_context *ctx, const char *path );
-#endif /* MBEDTLS_FS_IO */
-#endif /* MBEDTLS_PK_PARSE_C */
-
-#if defined(MBEDTLS_PK_WRITE_C)
-/**
- * \brief Write a private key to a PKCS#1 or SEC1 DER structure
- * Note: data is written at the end of the buffer! Use the
- * return value to determine where you should start
- * using the buffer
- *
- * \param ctx PK context which must contain a valid private key.
- * \param buf buffer to write to
- * \param size size of the buffer
- *
- * \return length of data written if successful, or a specific
- * error code
- */
-int mbedtls_pk_write_key_der( const mbedtls_pk_context *ctx, unsigned char *buf, size_t size );
-
-/**
- * \brief Write a public key to a SubjectPublicKeyInfo DER structure
- * Note: data is written at the end of the buffer! Use the
- * return value to determine where you should start
- * using the buffer
- *
- * \param ctx PK context which must contain a valid public or private key.
- * \param buf buffer to write to
- * \param size size of the buffer
- *
- * \return length of data written if successful, or a specific
- * error code
- */
-int mbedtls_pk_write_pubkey_der( const mbedtls_pk_context *ctx, unsigned char *buf, size_t size );
-
-#if defined(MBEDTLS_PEM_WRITE_C)
-/**
- * \brief Write a public key to a PEM string
- *
- * \param ctx PK context which must contain a valid public or private key.
- * \param buf Buffer to write to. The output includes a
- * terminating null byte.
- * \param size Size of the buffer in bytes.
- *
- * \return 0 if successful, or a specific error code
- */
-int mbedtls_pk_write_pubkey_pem( const mbedtls_pk_context *ctx, unsigned char *buf, size_t size );
-
-/**
- * \brief Write a private key to a PKCS#1 or SEC1 PEM string
- *
- * \param ctx PK context which must contain a valid private key.
- * \param buf Buffer to write to. The output includes a
- * terminating null byte.
- * \param size Size of the buffer in bytes.
- *
- * \return 0 if successful, or a specific error code
- */
-int mbedtls_pk_write_key_pem( const mbedtls_pk_context *ctx, unsigned char *buf, size_t size );
-#endif /* MBEDTLS_PEM_WRITE_C */
-#endif /* MBEDTLS_PK_WRITE_C */
-
-/*
- * WARNING: Low-level functions. You probably do not want to use these unless
- * you are certain you do ;)
- */
-
-#if defined(MBEDTLS_PK_PARSE_C)
-/**
- * \brief Parse a SubjectPublicKeyInfo DER structure
- *
- * \param p the position in the ASN.1 data
- * \param end end of the buffer
- * \param pk The PK context to fill. It must have been initialized
- * but not set up.
- *
- * \return 0 if successful, or a specific PK error code
- */
-int mbedtls_pk_parse_subpubkey( unsigned char **p, const unsigned char *end,
- mbedtls_pk_context *pk );
-#endif /* MBEDTLS_PK_PARSE_C */
-
-#if defined(MBEDTLS_PK_WRITE_C)
-/**
- * \brief Write a subjectPublicKey to ASN.1 data
- * Note: function works backwards in data buffer
- *
- * \param p reference to current position pointer
- * \param start start of the buffer (for bounds-checking)
- * \param key PK context which must contain a valid public or private key.
- *
- * \return the length written or a negative error code
- */
-int mbedtls_pk_write_pubkey( unsigned char **p, unsigned char *start,
- const mbedtls_pk_context *key );
-#endif /* MBEDTLS_PK_WRITE_C */
-
-/*
- * Internal module functions. You probably do not want to use these unless you
- * know you do.
- */
-#if defined(MBEDTLS_FS_IO)
-int mbedtls_pk_load_file( const char *path, unsigned char **buf, size_t *n );
-#endif
-
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
-/**
- * \brief Turn an EC key into an opaque one.
- *
- * \warning This is a temporary utility function for tests. It might
- * change or be removed at any time without notice.
- *
- * \note Only ECDSA keys are supported so far. Signing with the
- * specified hash is the only allowed use of that key.
- *
- * \param pk Input: the EC key to import to a PSA key.
- * Output: a PK context wrapping that PSA key.
- * \param key Output: a PSA key identifier.
- * It's the caller's responsibility to call
- * psa_destroy_key() on that key identifier after calling
- * mbedtls_pk_free() on the PK context.
- * \param hash_alg The hash algorithm to allow for use with that key.
- *
- * \return \c 0 if successful.
- * \return An Mbed TLS error code otherwise.
- */
-int mbedtls_pk_wrap_as_opaque( mbedtls_pk_context *pk,
- psa_key_id_t *key,
- psa_algorithm_t hash_alg );
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* MBEDTLS_PK_H */
diff --git a/mbedtls/pkcs12.h b/mbedtls/pkcs12.h
deleted file mode 100644
index 1b87aea..0000000
--- a/mbedtls/pkcs12.h
+++ /dev/null
@@ -1,117 +0,0 @@
-/**
- * \file pkcs12.h
- *
- * \brief PKCS#12 Personal Information Exchange Syntax
- */
-/*
- * Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-#ifndef MBEDTLS_PKCS12_H
-#define MBEDTLS_PKCS12_H
-
-#include "mbedtls/build_info.h"
-
-#include "mbedtls/md.h"
-#include "mbedtls/cipher.h"
-#include "mbedtls/asn1.h"
-
-#include
-
-/** Bad input parameters to function. */
-#define MBEDTLS_ERR_PKCS12_BAD_INPUT_DATA -0x1F80
-/** Feature not available, e.g. unsupported encryption scheme. */
-#define MBEDTLS_ERR_PKCS12_FEATURE_UNAVAILABLE -0x1F00
-/** PBE ASN.1 data not as expected. */
-#define MBEDTLS_ERR_PKCS12_PBE_INVALID_FORMAT -0x1E80
-/** Given private key password does not allow for correct decryption. */
-#define MBEDTLS_ERR_PKCS12_PASSWORD_MISMATCH -0x1E00
-
-#define MBEDTLS_PKCS12_DERIVE_KEY 1 /**< encryption/decryption key */
-#define MBEDTLS_PKCS12_DERIVE_IV 2 /**< initialization vector */
-#define MBEDTLS_PKCS12_DERIVE_MAC_KEY 3 /**< integrity / MAC key */
-
-#define MBEDTLS_PKCS12_PBE_DECRYPT 0
-#define MBEDTLS_PKCS12_PBE_ENCRYPT 1
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-#if defined(MBEDTLS_ASN1_PARSE_C)
-
-/**
- * \brief PKCS12 Password Based function (encryption / decryption)
- * for cipher-based and mbedtls_md-based PBE's
- *
- * \param pbe_params an ASN1 buffer containing the pkcs-12 PbeParams structure
- * \param mode either #MBEDTLS_PKCS12_PBE_ENCRYPT or
- * #MBEDTLS_PKCS12_PBE_DECRYPT
- * \param cipher_type the cipher used
- * \param md_type the mbedtls_md used
- * \param pwd Latin1-encoded password used. This may only be \c NULL when
- * \p pwdlen is 0. No null terminator should be used.
- * \param pwdlen length of the password (may be 0)
- * \param input the input data
- * \param len data length
- * \param output the output buffer
- *
- * \return 0 if successful, or a MBEDTLS_ERR_XXX code
- */
-int mbedtls_pkcs12_pbe( mbedtls_asn1_buf *pbe_params, int mode,
- mbedtls_cipher_type_t cipher_type, mbedtls_md_type_t md_type,
- const unsigned char *pwd, size_t pwdlen,
- const unsigned char *input, size_t len,
- unsigned char *output );
-
-#endif /* MBEDTLS_ASN1_PARSE_C */
-
-/**
- * \brief The PKCS#12 derivation function uses a password and a salt
- * to produce pseudo-random bits for a particular "purpose".
- *
- * Depending on the given id, this function can produce an
- * encryption/decryption key, an initialization vector or an
- * integrity key.
- *
- * \param data buffer to store the derived data in
- * \param datalen length of buffer to fill
- * \param pwd The password to use. For compliance with PKCS#12 §B.1, this
- * should be a BMPString, i.e. a Unicode string where each
- * character is encoded as 2 bytes in big-endian order, with
- * no byte order mark and with a null terminator (i.e. the
- * last two bytes should be 0x00 0x00).
- * \param pwdlen length of the password (may be 0).
- * \param salt Salt buffer to use This may only be \c NULL when
- * \p saltlen is 0.
- * \param saltlen length of the salt (may be zero)
- * \param mbedtls_md mbedtls_md type to use during the derivation
- * \param id id that describes the purpose (can be
- * #MBEDTLS_PKCS12_DERIVE_KEY, #MBEDTLS_PKCS12_DERIVE_IV or
- * #MBEDTLS_PKCS12_DERIVE_MAC_KEY)
- * \param iterations number of iterations
- *
- * \return 0 if successful, or a MD, BIGNUM type error.
- */
-int mbedtls_pkcs12_derivation( unsigned char *data, size_t datalen,
- const unsigned char *pwd, size_t pwdlen,
- const unsigned char *salt, size_t saltlen,
- mbedtls_md_type_t mbedtls_md, int id, int iterations );
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* pkcs12.h */
diff --git a/mbedtls/pkcs5.h b/mbedtls/pkcs5.h
deleted file mode 100644
index 71d716b..0000000
--- a/mbedtls/pkcs5.h
+++ /dev/null
@@ -1,107 +0,0 @@
-/**
- * \file pkcs5.h
- *
- * \brief PKCS#5 functions
- *
- * \author Mathias Olsson
- */
-/*
- * Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-#ifndef MBEDTLS_PKCS5_H
-#define MBEDTLS_PKCS5_H
-
-#include "mbedtls/build_info.h"
-
-#include "mbedtls/asn1.h"
-#include "mbedtls/md.h"
-
-#include
-#include
-
-/** Bad input parameters to function. */
-#define MBEDTLS_ERR_PKCS5_BAD_INPUT_DATA -0x2f80
-/** Unexpected ASN.1 data. */
-#define MBEDTLS_ERR_PKCS5_INVALID_FORMAT -0x2f00
-/** Requested encryption or digest alg not available. */
-#define MBEDTLS_ERR_PKCS5_FEATURE_UNAVAILABLE -0x2e80
-/** Given private key password does not allow for correct decryption. */
-#define MBEDTLS_ERR_PKCS5_PASSWORD_MISMATCH -0x2e00
-
-#define MBEDTLS_PKCS5_DECRYPT 0
-#define MBEDTLS_PKCS5_ENCRYPT 1
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-#if defined(MBEDTLS_ASN1_PARSE_C)
-
-/**
- * \brief PKCS#5 PBES2 function
- *
- * \param pbe_params the ASN.1 algorithm parameters
- * \param mode either MBEDTLS_PKCS5_DECRYPT or MBEDTLS_PKCS5_ENCRYPT
- * \param pwd password to use when generating key
- * \param pwdlen length of password
- * \param data data to process
- * \param datalen length of data
- * \param output output buffer
- *
- * \returns 0 on success, or a MBEDTLS_ERR_XXX code if verification fails.
- */
-int mbedtls_pkcs5_pbes2( const mbedtls_asn1_buf *pbe_params, int mode,
- const unsigned char *pwd, size_t pwdlen,
- const unsigned char *data, size_t datalen,
- unsigned char *output );
-
-#endif /* MBEDTLS_ASN1_PARSE_C */
-
-/**
- * \brief PKCS#5 PBKDF2 using HMAC
- *
- * \param ctx Generic HMAC context
- * \param password Password to use when generating key
- * \param plen Length of password
- * \param salt Salt to use when generating key
- * \param slen Length of salt
- * \param iteration_count Iteration count
- * \param key_length Length of generated key in bytes
- * \param output Generated key. Must be at least as big as key_length
- *
- * \returns 0 on success, or a MBEDTLS_ERR_XXX code if verification fails.
- */
-int mbedtls_pkcs5_pbkdf2_hmac( mbedtls_md_context_t *ctx, const unsigned char *password,
- size_t plen, const unsigned char *salt, size_t slen,
- unsigned int iteration_count,
- uint32_t key_length, unsigned char *output );
-
-#if defined(MBEDTLS_SELF_TEST)
-
-/**
- * \brief Checkup routine
- *
- * \return 0 if successful, or 1 if the test failed
- */
-int mbedtls_pkcs5_self_test( int verbose );
-
-#endif /* MBEDTLS_SELF_TEST */
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* pkcs5.h */
diff --git a/mbedtls/platform.h b/mbedtls/platform.h
deleted file mode 100644
index 277a85c..0000000
--- a/mbedtls/platform.h
+++ /dev/null
@@ -1,411 +0,0 @@
-/**
- * \file platform.h
- *
- * \brief This file contains the definitions and functions of the
- * Mbed TLS platform abstraction layer.
- *
- * The platform abstraction layer removes the need for the library
- * to directly link to standard C library functions or operating
- * system services, making the library easier to port and embed.
- * Application developers and users of the library can provide their own
- * implementations of these functions, or implementations specific to
- * their platform, which can be statically linked to the library or
- * dynamically configured at runtime.
- */
-/*
- * Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-#ifndef MBEDTLS_PLATFORM_H
-#define MBEDTLS_PLATFORM_H
-#include "mbedtls/private_access.h"
-
-#include "mbedtls/build_info.h"
-
-#if defined(MBEDTLS_HAVE_TIME)
-#include "mbedtls/platform_time.h"
-#endif
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/**
- * \name SECTION: Module settings
- *
- * The configuration options you can set for this module are in this section.
- * Either change them in mbedtls_config.h or define them on the compiler command line.
- * \{
- */
-
-/* The older Microsoft Windows common runtime provides non-conforming
- * implementations of some standard library functions, including snprintf
- * and vsnprintf. This affects MSVC and MinGW builds.
- */
-#if defined(__MINGW32__) || (defined(_MSC_VER) && _MSC_VER <= 1900)
-#define MBEDTLS_PLATFORM_HAS_NON_CONFORMING_SNPRINTF
-#define MBEDTLS_PLATFORM_HAS_NON_CONFORMING_VSNPRINTF
-#endif
-
-#if !defined(MBEDTLS_PLATFORM_NO_STD_FUNCTIONS)
-#include
-#include
-#include
-#if !defined(MBEDTLS_PLATFORM_STD_SNPRINTF)
-#if defined(MBEDTLS_PLATFORM_HAS_NON_CONFORMING_SNPRINTF)
-#define MBEDTLS_PLATFORM_STD_SNPRINTF mbedtls_platform_win32_snprintf /**< The default \c snprintf function to use. */
-#else
-#define MBEDTLS_PLATFORM_STD_SNPRINTF snprintf /**< The default \c snprintf function to use. */
-#endif
-#endif
-#if !defined(MBEDTLS_PLATFORM_STD_VSNPRINTF)
-#if defined(MBEDTLS_PLATFORM_HAS_NON_CONFORMING_VSNPRINTF)
-#define MBEDTLS_PLATFORM_STD_VSNPRINTF mbedtls_platform_win32_vsnprintf /**< The default \c vsnprintf function to use. */
-#else
-#define MBEDTLS_PLATFORM_STD_VSNPRINTF vsnprintf /**< The default \c vsnprintf function to use. */
-#endif
-#endif
-#if !defined(MBEDTLS_PLATFORM_STD_PRINTF)
-#define MBEDTLS_PLATFORM_STD_PRINTF printf /**< The default \c printf function to use. */
-#endif
-#if !defined(MBEDTLS_PLATFORM_STD_FPRINTF)
-#define MBEDTLS_PLATFORM_STD_FPRINTF fprintf /**< The default \c fprintf function to use. */
-#endif
-#if !defined(MBEDTLS_PLATFORM_STD_CALLOC)
-#define MBEDTLS_PLATFORM_STD_CALLOC calloc /**< The default \c calloc function to use. */
-#endif
-#if !defined(MBEDTLS_PLATFORM_STD_FREE)
-#define MBEDTLS_PLATFORM_STD_FREE free /**< The default \c free function to use. */
-#endif
-#if !defined(MBEDTLS_PLATFORM_STD_EXIT)
-#define MBEDTLS_PLATFORM_STD_EXIT exit /**< The default \c exit function to use. */
-#endif
-#if !defined(MBEDTLS_PLATFORM_STD_TIME)
-#define MBEDTLS_PLATFORM_STD_TIME time /**< The default \c time function to use. */
-#endif
-#if !defined(MBEDTLS_PLATFORM_STD_EXIT_SUCCESS)
-#define MBEDTLS_PLATFORM_STD_EXIT_SUCCESS EXIT_SUCCESS /**< The default exit value to use. */
-#endif
-#if !defined(MBEDTLS_PLATFORM_STD_EXIT_FAILURE)
-#define MBEDTLS_PLATFORM_STD_EXIT_FAILURE EXIT_FAILURE /**< The default exit value to use. */
-#endif
-#if defined(MBEDTLS_FS_IO)
-#if !defined(MBEDTLS_PLATFORM_STD_NV_SEED_READ)
-#define MBEDTLS_PLATFORM_STD_NV_SEED_READ mbedtls_platform_std_nv_seed_read
-#endif
-#if !defined(MBEDTLS_PLATFORM_STD_NV_SEED_WRITE)
-#define MBEDTLS_PLATFORM_STD_NV_SEED_WRITE mbedtls_platform_std_nv_seed_write
-#endif
-#if !defined(MBEDTLS_PLATFORM_STD_NV_SEED_FILE)
-#define MBEDTLS_PLATFORM_STD_NV_SEED_FILE "seedfile"
-#endif
-#endif /* MBEDTLS_FS_IO */
-#else /* MBEDTLS_PLATFORM_NO_STD_FUNCTIONS */
-#if defined(MBEDTLS_PLATFORM_STD_MEM_HDR)
-#include MBEDTLS_PLATFORM_STD_MEM_HDR
-#endif
-#endif /* MBEDTLS_PLATFORM_NO_STD_FUNCTIONS */
-
-
-/* \} name SECTION: Module settings */
-
-/*
- * The function pointers for calloc and free.
- */
-#if defined(MBEDTLS_PLATFORM_MEMORY)
-#if defined(MBEDTLS_PLATFORM_FREE_MACRO) && \
- defined(MBEDTLS_PLATFORM_CALLOC_MACRO)
-#define mbedtls_free MBEDTLS_PLATFORM_FREE_MACRO
-#define mbedtls_calloc MBEDTLS_PLATFORM_CALLOC_MACRO
-#else
-/* For size_t */
-#include
-extern void *mbedtls_calloc( size_t n, size_t size );
-extern void mbedtls_free( void *ptr );
-
-/**
- * \brief This function dynamically sets the memory-management
- * functions used by the library, during runtime.
- *
- * \param calloc_func The \c calloc function implementation.
- * \param free_func The \c free function implementation.
- *
- * \return \c 0.
- */
-int mbedtls_platform_set_calloc_free( void * (*calloc_func)( size_t, size_t ),
- void (*free_func)( void * ) );
-#endif /* MBEDTLS_PLATFORM_FREE_MACRO && MBEDTLS_PLATFORM_CALLOC_MACRO */
-#else /* !MBEDTLS_PLATFORM_MEMORY */
-#define mbedtls_free free
-#define mbedtls_calloc calloc
-#endif /* MBEDTLS_PLATFORM_MEMORY && !MBEDTLS_PLATFORM_{FREE,CALLOC}_MACRO */
-
-/*
- * The function pointers for fprintf
- */
-#if defined(MBEDTLS_PLATFORM_FPRINTF_ALT)
-/* We need FILE * */
-#include
-extern int (*mbedtls_fprintf)( FILE *stream, const char *format, ... );
-
-/**
- * \brief This function dynamically configures the fprintf
- * function that is called when the
- * mbedtls_fprintf() function is invoked by the library.
- *
- * \param fprintf_func The \c fprintf function implementation.
- *
- * \return \c 0.
- */
-int mbedtls_platform_set_fprintf( int (*fprintf_func)( FILE *stream, const char *,
- ... ) );
-#else
-#if defined(MBEDTLS_PLATFORM_FPRINTF_MACRO)
-#define mbedtls_fprintf MBEDTLS_PLATFORM_FPRINTF_MACRO
-#else
-#define mbedtls_fprintf fprintf
-#endif /* MBEDTLS_PLATFORM_FPRINTF_MACRO */
-#endif /* MBEDTLS_PLATFORM_FPRINTF_ALT */
-
-/*
- * The function pointers for printf
- */
-#if defined(MBEDTLS_PLATFORM_PRINTF_ALT)
-extern int (*mbedtls_printf)( const char *format, ... );
-
-/**
- * \brief This function dynamically configures the snprintf
- * function that is called when the mbedtls_snprintf()
- * function is invoked by the library.
- *
- * \param printf_func The \c printf function implementation.
- *
- * \return \c 0 on success.
- */
-int mbedtls_platform_set_printf( int (*printf_func)( const char *, ... ) );
-#else /* !MBEDTLS_PLATFORM_PRINTF_ALT */
-#if defined(MBEDTLS_PLATFORM_PRINTF_MACRO)
-#define mbedtls_printf MBEDTLS_PLATFORM_PRINTF_MACRO
-#else
-#define mbedtls_printf printf
-#endif /* MBEDTLS_PLATFORM_PRINTF_MACRO */
-#endif /* MBEDTLS_PLATFORM_PRINTF_ALT */
-
-/*
- * The function pointers for snprintf
- *
- * The snprintf implementation should conform to C99:
- * - it *must* always correctly zero-terminate the buffer
- * (except when n == 0, then it must leave the buffer untouched)
- * - however it is acceptable to return -1 instead of the required length when
- * the destination buffer is too short.
- */
-#if defined(MBEDTLS_PLATFORM_HAS_NON_CONFORMING_SNPRINTF)
-/* For Windows (inc. MSYS2), we provide our own fixed implementation */
-int mbedtls_platform_win32_snprintf( char *s, size_t n, const char *fmt, ... );
-#endif
-
-#if defined(MBEDTLS_PLATFORM_SNPRINTF_ALT)
-extern int (*mbedtls_snprintf)( char * s, size_t n, const char * format, ... );
-
-/**
- * \brief This function allows configuring a custom
- * \c snprintf function pointer.
- *
- * \param snprintf_func The \c snprintf function implementation.
- *
- * \return \c 0 on success.
- */
-int mbedtls_platform_set_snprintf( int (*snprintf_func)( char * s, size_t n,
- const char * format, ... ) );
-#else /* MBEDTLS_PLATFORM_SNPRINTF_ALT */
-#if defined(MBEDTLS_PLATFORM_SNPRINTF_MACRO)
-#define mbedtls_snprintf MBEDTLS_PLATFORM_SNPRINTF_MACRO
-#else
-#define mbedtls_snprintf MBEDTLS_PLATFORM_STD_SNPRINTF
-#endif /* MBEDTLS_PLATFORM_SNPRINTF_MACRO */
-#endif /* MBEDTLS_PLATFORM_SNPRINTF_ALT */
-
-/*
- * The function pointers for vsnprintf
- *
- * The vsnprintf implementation should conform to C99:
- * - it *must* always correctly zero-terminate the buffer
- * (except when n == 0, then it must leave the buffer untouched)
- * - however it is acceptable to return -1 instead of the required length when
- * the destination buffer is too short.
- */
-#if defined(MBEDTLS_PLATFORM_HAS_NON_CONFORMING_VSNPRINTF)
-#include
-/* For Older Windows (inc. MSYS2), we provide our own fixed implementation */
-int mbedtls_platform_win32_vsnprintf( char *s, size_t n, const char *fmt, va_list arg );
-#endif
-
-#if defined(MBEDTLS_PLATFORM_VSNPRINTF_ALT)
-#include
-extern int (*mbedtls_vsnprintf)( char * s, size_t n, const char * format, va_list arg );
-
-/**
- * \brief Set your own snprintf function pointer
- *
- * \param vsnprintf_func The \c vsnprintf function implementation
- *
- * \return \c 0
- */
-int mbedtls_platform_set_vsnprintf( int (*vsnprintf_func)( char * s, size_t n,
- const char * format, va_list arg ) );
-#else /* MBEDTLS_PLATFORM_VSNPRINTF_ALT */
-#if defined(MBEDTLS_PLATFORM_VSNPRINTF_MACRO)
-#define mbedtls_vsnprintf MBEDTLS_PLATFORM_VSNPRINTF_MACRO
-#else
-#define mbedtls_vsnprintf vsnprintf
-#endif /* MBEDTLS_PLATFORM_VSNPRINTF_MACRO */
-#endif /* MBEDTLS_PLATFORM_VSNPRINTF_ALT */
-
-/*
- * The function pointers for exit
- */
-#if defined(MBEDTLS_PLATFORM_EXIT_ALT)
-extern void (*mbedtls_exit)( int status );
-
-/**
- * \brief This function dynamically configures the exit
- * function that is called when the mbedtls_exit()
- * function is invoked by the library.
- *
- * \param exit_func The \c exit function implementation.
- *
- * \return \c 0 on success.
- */
-int mbedtls_platform_set_exit( void (*exit_func)( int status ) );
-#else
-#if defined(MBEDTLS_PLATFORM_EXIT_MACRO)
-#define mbedtls_exit MBEDTLS_PLATFORM_EXIT_MACRO
-#else
-#define mbedtls_exit exit
-#endif /* MBEDTLS_PLATFORM_EXIT_MACRO */
-#endif /* MBEDTLS_PLATFORM_EXIT_ALT */
-
-/*
- * The default exit values
- */
-#if defined(MBEDTLS_PLATFORM_STD_EXIT_SUCCESS)
-#define MBEDTLS_EXIT_SUCCESS MBEDTLS_PLATFORM_STD_EXIT_SUCCESS
-#else
-#define MBEDTLS_EXIT_SUCCESS 0
-#endif
-#if defined(MBEDTLS_PLATFORM_STD_EXIT_FAILURE)
-#define MBEDTLS_EXIT_FAILURE MBEDTLS_PLATFORM_STD_EXIT_FAILURE
-#else
-#define MBEDTLS_EXIT_FAILURE 1
-#endif
-
-/*
- * The function pointers for reading from and writing a seed file to
- * Non-Volatile storage (NV) in a platform-independent way
- *
- * Only enabled when the NV seed entropy source is enabled
- */
-#if defined(MBEDTLS_ENTROPY_NV_SEED)
-#if !defined(MBEDTLS_PLATFORM_NO_STD_FUNCTIONS) && defined(MBEDTLS_FS_IO)
-/* Internal standard platform definitions */
-int mbedtls_platform_std_nv_seed_read( unsigned char *buf, size_t buf_len );
-int mbedtls_platform_std_nv_seed_write( unsigned char *buf, size_t buf_len );
-#endif
-
-#if defined(MBEDTLS_PLATFORM_NV_SEED_ALT)
-extern int (*mbedtls_nv_seed_read)( unsigned char *buf, size_t buf_len );
-extern int (*mbedtls_nv_seed_write)( unsigned char *buf, size_t buf_len );
-
-/**
- * \brief This function allows configuring custom seed file writing and
- * reading functions.
- *
- * \param nv_seed_read_func The seed reading function implementation.
- * \param nv_seed_write_func The seed writing function implementation.
- *
- * \return \c 0 on success.
- */
-int mbedtls_platform_set_nv_seed(
- int (*nv_seed_read_func)( unsigned char *buf, size_t buf_len ),
- int (*nv_seed_write_func)( unsigned char *buf, size_t buf_len )
- );
-#else
-#if defined(MBEDTLS_PLATFORM_NV_SEED_READ_MACRO) && \
- defined(MBEDTLS_PLATFORM_NV_SEED_WRITE_MACRO)
-#define mbedtls_nv_seed_read MBEDTLS_PLATFORM_NV_SEED_READ_MACRO
-#define mbedtls_nv_seed_write MBEDTLS_PLATFORM_NV_SEED_WRITE_MACRO
-#else
-#define mbedtls_nv_seed_read mbedtls_platform_std_nv_seed_read
-#define mbedtls_nv_seed_write mbedtls_platform_std_nv_seed_write
-#endif
-#endif /* MBEDTLS_PLATFORM_NV_SEED_ALT */
-#endif /* MBEDTLS_ENTROPY_NV_SEED */
-
-#if !defined(MBEDTLS_PLATFORM_SETUP_TEARDOWN_ALT)
-
-/**
- * \brief The platform context structure.
- *
- * \note This structure may be used to assist platform-specific
- * setup or teardown operations.
- */
-typedef struct mbedtls_platform_context
-{
- char MBEDTLS_PRIVATE(dummy); /**< A placeholder member, as empty structs are not portable. */
-}
-mbedtls_platform_context;
-
-#else
-#include "platform_alt.h"
-#endif /* !MBEDTLS_PLATFORM_SETUP_TEARDOWN_ALT */
-
-/**
- * \brief This function performs any platform-specific initialization
- * operations.
- *
- * \note This function should be called before any other library functions.
- *
- * Its implementation is platform-specific, and unless
- * platform-specific code is provided, it does nothing.
- *
- * \note The usage and necessity of this function is dependent on the platform.
- *
- * \param ctx The platform context.
- *
- * \return \c 0 on success.
- */
-int mbedtls_platform_setup( mbedtls_platform_context *ctx );
-/**
- * \brief This function performs any platform teardown operations.
- *
- * \note This function should be called after every other Mbed TLS module
- * has been correctly freed using the appropriate free function.
- *
- * Its implementation is platform-specific, and unless
- * platform-specific code is provided, it does nothing.
- *
- * \note The usage and necessity of this function is dependent on the platform.
- *
- * \param ctx The platform context.
- *
- */
-void mbedtls_platform_teardown( mbedtls_platform_context *ctx );
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* platform.h */
diff --git a/mbedtls/platform_time.h b/mbedtls/platform_time.h
deleted file mode 100644
index 8d4b95d..0000000
--- a/mbedtls/platform_time.h
+++ /dev/null
@@ -1,76 +0,0 @@
-/**
- * \file platform_time.h
- *
- * \brief mbed TLS Platform time abstraction
- */
-/*
- * Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-#ifndef MBEDTLS_PLATFORM_TIME_H
-#define MBEDTLS_PLATFORM_TIME_H
-
-#include "mbedtls/build_info.h"
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/**
- * \name SECTION: Module settings
- *
- * The configuration options you can set for this module are in this section.
- * Either change them in mbedtls_config.h or define them on the compiler command line.
- * \{
- */
-
-/*
- * The time_t datatype
- */
-#if defined(MBEDTLS_PLATFORM_TIME_TYPE_MACRO)
-typedef MBEDTLS_PLATFORM_TIME_TYPE_MACRO mbedtls_time_t;
-#else
-/* For time_t */
-#include
-typedef time_t mbedtls_time_t;
-#endif /* MBEDTLS_PLATFORM_TIME_TYPE_MACRO */
-
-/*
- * The function pointers for time
- */
-#if defined(MBEDTLS_PLATFORM_TIME_ALT)
-extern mbedtls_time_t (*mbedtls_time)( mbedtls_time_t* time );
-
-/**
- * \brief Set your own time function pointer
- *
- * \param time_func the time function implementation
- *
- * \return 0
- */
-int mbedtls_platform_set_time( mbedtls_time_t (*time_func)( mbedtls_time_t* time ) );
-#else
-#if defined(MBEDTLS_PLATFORM_TIME_MACRO)
-#define mbedtls_time MBEDTLS_PLATFORM_TIME_MACRO
-#else
-#define mbedtls_time time
-#endif /* MBEDTLS_PLATFORM_TIME_MACRO */
-#endif /* MBEDTLS_PLATFORM_TIME_ALT */
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* platform_time.h */
diff --git a/mbedtls/platform_util.h b/mbedtls/platform_util.h
deleted file mode 100644
index 5d2fefc..0000000
--- a/mbedtls/platform_util.h
+++ /dev/null
@@ -1,207 +0,0 @@
-/**
- * \file platform_util.h
- *
- * \brief Common and shared functions used by multiple modules in the Mbed TLS
- * library.
- */
-/*
- * Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-#ifndef MBEDTLS_PLATFORM_UTIL_H
-#define MBEDTLS_PLATFORM_UTIL_H
-
-#include "mbedtls/build_info.h"
-
-#include
-#if defined(MBEDTLS_HAVE_TIME_DATE)
-#include "mbedtls/platform_time.h"
-#include
-#endif /* MBEDTLS_HAVE_TIME_DATE */
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/* Internal macros meant to be called only from within the library. */
-#define MBEDTLS_INTERNAL_VALIDATE_RET( cond, ret ) do { } while( 0 )
-#define MBEDTLS_INTERNAL_VALIDATE( cond ) do { } while( 0 )
-
-/* Internal helper macros for deprecating API constants. */
-#if !defined(MBEDTLS_DEPRECATED_REMOVED)
-#if defined(MBEDTLS_DEPRECATED_WARNING)
-#define MBEDTLS_DEPRECATED __attribute__((deprecated))
-MBEDTLS_DEPRECATED typedef char const * mbedtls_deprecated_string_constant_t;
-#define MBEDTLS_DEPRECATED_STRING_CONSTANT( VAL ) \
- ( (mbedtls_deprecated_string_constant_t) ( VAL ) )
-MBEDTLS_DEPRECATED typedef int mbedtls_deprecated_numeric_constant_t;
-#define MBEDTLS_DEPRECATED_NUMERIC_CONSTANT( VAL ) \
- ( (mbedtls_deprecated_numeric_constant_t) ( VAL ) )
-#else /* MBEDTLS_DEPRECATED_WARNING */
-#define MBEDTLS_DEPRECATED
-#define MBEDTLS_DEPRECATED_STRING_CONSTANT( VAL ) VAL
-#define MBEDTLS_DEPRECATED_NUMERIC_CONSTANT( VAL ) VAL
-#endif /* MBEDTLS_DEPRECATED_WARNING */
-#endif /* MBEDTLS_DEPRECATED_REMOVED */
-
-/* Implementation of the check-return facility.
- * See the user documentation in mbedtls_config.h.
- *
- * Do not use this macro directly to annotate function: instead,
- * use one of MBEDTLS_CHECK_RETURN_CRITICAL or MBEDTLS_CHECK_RETURN_TYPICAL
- * depending on how important it is to check the return value.
- */
-#if !defined(MBEDTLS_CHECK_RETURN)
-#if defined(__GNUC__)
-#define MBEDTLS_CHECK_RETURN __attribute__((__warn_unused_result__))
-#elif defined(_MSC_VER) && _MSC_VER >= 1700
-#include
-#define MBEDTLS_CHECK_RETURN _Check_return_
-#else
-#define MBEDTLS_CHECK_RETURN
-#endif
-#endif
-
-/** Critical-failure function
- *
- * This macro appearing at the beginning of the declaration of a function
- * indicates that its return value should be checked in all applications.
- * Omitting the check is very likely to indicate a bug in the application
- * and will result in a compile-time warning if #MBEDTLS_CHECK_RETURN
- * is implemented for the compiler in use.
- *
- * \note The use of this macro is a work in progress.
- * This macro may be added to more functions in the future.
- * Such an extension is not considered an API break, provided that
- * there are near-unavoidable circumstances under which the function
- * can fail. For example, signature/MAC/AEAD verification functions,
- * and functions that require a random generator, are considered
- * return-check-critical.
- */
-#define MBEDTLS_CHECK_RETURN_CRITICAL MBEDTLS_CHECK_RETURN
-
-/** Ordinary-failure function
- *
- * This macro appearing at the beginning of the declaration of a function
- * indicates that its return value should be generally be checked in portable
- * applications. Omitting the check will result in a compile-time warning if
- * #MBEDTLS_CHECK_RETURN is implemented for the compiler in use and
- * #MBEDTLS_CHECK_RETURN_WARNING is enabled in the compile-time configuration.
- *
- * You can use #MBEDTLS_IGNORE_RETURN to explicitly ignore the return value
- * of a function that is annotated with #MBEDTLS_CHECK_RETURN.
- *
- * \note The use of this macro is a work in progress.
- * This macro will be added to more functions in the future.
- * Eventually this should appear before most functions returning
- * an error code (as \c int in the \c mbedtls_xxx API or
- * as ::psa_status_t in the \c psa_xxx API).
- */
-#if defined(MBEDTLS_CHECK_RETURN_WARNING)
-#define MBEDTLS_CHECK_RETURN_TYPICAL MBEDTLS_CHECK_RETURN
-#else
-#define MBEDTLS_CHECK_RETURN_TYPICAL
-#endif
-
-/** Benign-failure function
- *
- * This macro appearing at the beginning of the declaration of a function
- * indicates that it is rarely useful to check its return value.
- *
- * This macro has an empty expansion. It exists for documentation purposes:
- * a #MBEDTLS_CHECK_RETURN_OPTIONAL annotation indicates that the function
- * has been analyzed for return-check usefuless, whereas the lack of
- * an annotation indicates that the function has not been analyzed and its
- * return-check usefulness is unknown.
- */
-#define MBEDTLS_CHECK_RETURN_OPTIONAL
-
-/** \def MBEDTLS_IGNORE_RETURN
- *
- * Call this macro with one argument, a function call, to suppress a warning
- * from #MBEDTLS_CHECK_RETURN due to that function call.
- */
-#if !defined(MBEDTLS_IGNORE_RETURN)
-/* GCC doesn't silence the warning with just (void)(result).
- * (void)!(result) is known to work up at least up to GCC 10, as well
- * as with Clang and MSVC.
- *
- * https://gcc.gnu.org/onlinedocs/gcc-3.4.6/gcc/Non_002dbugs.html
- * https://stackoverflow.com/questions/40576003/ignoring-warning-wunused-result
- * https://gcc.gnu.org/bugzilla/show_bug.cgi?id=66425#c34
- */
-#define MBEDTLS_IGNORE_RETURN(result) ( (void) !( result ) )
-#endif
-
-/**
- * \brief Securely zeroize a buffer
- *
- * The function is meant to wipe the data contained in a buffer so
- * that it can no longer be recovered even if the program memory
- * is later compromised. Call this function on sensitive data
- * stored on the stack before returning from a function, and on
- * sensitive data stored on the heap before freeing the heap
- * object.
- *
- * It is extremely difficult to guarantee that calls to
- * mbedtls_platform_zeroize() are not removed by aggressive
- * compiler optimizations in a portable way. For this reason, Mbed
- * TLS provides the configuration option
- * MBEDTLS_PLATFORM_ZEROIZE_ALT, which allows users to configure
- * mbedtls_platform_zeroize() to use a suitable implementation for
- * their platform and needs
- *
- * \param buf Buffer to be zeroized
- * \param len Length of the buffer in bytes
- *
- */
-void mbedtls_platform_zeroize( void *buf, size_t len );
-
-#if defined(MBEDTLS_HAVE_TIME_DATE)
-/**
- * \brief Platform-specific implementation of gmtime_r()
- *
- * The function is a thread-safe abstraction that behaves
- * similarly to the gmtime_r() function from Unix/POSIX.
- *
- * Mbed TLS will try to identify the underlying platform and
- * make use of an appropriate underlying implementation (e.g.
- * gmtime_r() for POSIX and gmtime_s() for Windows). If this is
- * not possible, then gmtime() will be used. In this case, calls
- * from the library to gmtime() will be guarded by the mutex
- * mbedtls_threading_gmtime_mutex if MBEDTLS_THREADING_C is
- * enabled. It is recommended that calls from outside the library
- * are also guarded by this mutex.
- *
- * If MBEDTLS_PLATFORM_GMTIME_R_ALT is defined, then Mbed TLS will
- * unconditionally use the alternative implementation for
- * mbedtls_platform_gmtime_r() supplied by the user at compile time.
- *
- * \param tt Pointer to an object containing time (in seconds) since the
- * epoch to be converted
- * \param tm_buf Pointer to an object where the results will be stored
- *
- * \return Pointer to an object of type struct tm on success, otherwise
- * NULL
- */
-struct tm *mbedtls_platform_gmtime_r( const mbedtls_time_t *tt,
- struct tm *tm_buf );
-#endif /* MBEDTLS_HAVE_TIME_DATE */
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* MBEDTLS_PLATFORM_UTIL_H */
diff --git a/mbedtls/poly1305.h b/mbedtls/poly1305.h
deleted file mode 100644
index 6657aa2..0000000
--- a/mbedtls/poly1305.h
+++ /dev/null
@@ -1,181 +0,0 @@
-/**
- * \file poly1305.h
- *
- * \brief This file contains Poly1305 definitions and functions.
- *
- * Poly1305 is a one-time message authenticator that can be used to
- * authenticate messages. Poly1305-AES was created by Daniel
- * Bernstein https://cr.yp.to/mac/poly1305-20050329.pdf The generic
- * Poly1305 algorithm (not tied to AES) was also standardized in RFC
- * 7539.
- *
- * \author Daniel King
- */
-
-/*
- * Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-#ifndef MBEDTLS_POLY1305_H
-#define MBEDTLS_POLY1305_H
-#include "mbedtls/private_access.h"
-
-#include "mbedtls/build_info.h"
-
-#include
-#include
-
-/** Invalid input parameter(s). */
-#define MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA -0x0057
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-#if !defined(MBEDTLS_POLY1305_ALT)
-
-typedef struct mbedtls_poly1305_context
-{
- uint32_t MBEDTLS_PRIVATE(r)[4]; /** The value for 'r' (low 128 bits of the key). */
- uint32_t MBEDTLS_PRIVATE(s)[4]; /** The value for 's' (high 128 bits of the key). */
- uint32_t MBEDTLS_PRIVATE(acc)[5]; /** The accumulator number. */
- uint8_t MBEDTLS_PRIVATE(queue)[16]; /** The current partial block of data. */
- size_t MBEDTLS_PRIVATE(queue_len); /** The number of bytes stored in 'queue'. */
-}
-mbedtls_poly1305_context;
-
-#else /* MBEDTLS_POLY1305_ALT */
-#include "poly1305_alt.h"
-#endif /* MBEDTLS_POLY1305_ALT */
-
-/**
- * \brief This function initializes the specified Poly1305 context.
- *
- * It must be the first API called before using
- * the context.
- *
- * It is usually followed by a call to
- * \c mbedtls_poly1305_starts(), then one or more calls to
- * \c mbedtls_poly1305_update(), then one call to
- * \c mbedtls_poly1305_finish(), then finally
- * \c mbedtls_poly1305_free().
- *
- * \param ctx The Poly1305 context to initialize. This must
- * not be \c NULL.
- */
-void mbedtls_poly1305_init( mbedtls_poly1305_context *ctx );
-
-/**
- * \brief This function releases and clears the specified
- * Poly1305 context.
- *
- * \param ctx The Poly1305 context to clear. This may be \c NULL, in which
- * case this function is a no-op. If it is not \c NULL, it must
- * point to an initialized Poly1305 context.
- */
-void mbedtls_poly1305_free( mbedtls_poly1305_context *ctx );
-
-/**
- * \brief This function sets the one-time authentication key.
- *
- * \warning The key must be unique and unpredictable for each
- * invocation of Poly1305.
- *
- * \param ctx The Poly1305 context to which the key should be bound.
- * This must be initialized.
- * \param key The buffer containing the \c 32 Byte (\c 256 Bit) key.
- *
- * \return \c 0 on success.
- * \return A negative error code on failure.
- */
-int mbedtls_poly1305_starts( mbedtls_poly1305_context *ctx,
- const unsigned char key[32] );
-
-/**
- * \brief This functions feeds an input buffer into an ongoing
- * Poly1305 computation.
- *
- * It is called between \c mbedtls_cipher_poly1305_starts() and
- * \c mbedtls_cipher_poly1305_finish().
- * It can be called repeatedly to process a stream of data.
- *
- * \param ctx The Poly1305 context to use for the Poly1305 operation.
- * This must be initialized and bound to a key.
- * \param ilen The length of the input data in Bytes.
- * Any value is accepted.
- * \param input The buffer holding the input data.
- * This pointer can be \c NULL if `ilen == 0`.
- *
- * \return \c 0 on success.
- * \return A negative error code on failure.
- */
-int mbedtls_poly1305_update( mbedtls_poly1305_context *ctx,
- const unsigned char *input,
- size_t ilen );
-
-/**
- * \brief This function generates the Poly1305 Message
- * Authentication Code (MAC).
- *
- * \param ctx The Poly1305 context to use for the Poly1305 operation.
- * This must be initialized and bound to a key.
- * \param mac The buffer to where the MAC is written. This must
- * be a writable buffer of length \c 16 Bytes.
- *
- * \return \c 0 on success.
- * \return A negative error code on failure.
- */
-int mbedtls_poly1305_finish( mbedtls_poly1305_context *ctx,
- unsigned char mac[16] );
-
-/**
- * \brief This function calculates the Poly1305 MAC of the input
- * buffer with the provided key.
- *
- * \warning The key must be unique and unpredictable for each
- * invocation of Poly1305.
- *
- * \param key The buffer containing the \c 32 Byte (\c 256 Bit) key.
- * \param ilen The length of the input data in Bytes.
- * Any value is accepted.
- * \param input The buffer holding the input data.
- * This pointer can be \c NULL if `ilen == 0`.
- * \param mac The buffer to where the MAC is written. This must be
- * a writable buffer of length \c 16 Bytes.
- *
- * \return \c 0 on success.
- * \return A negative error code on failure.
- */
-int mbedtls_poly1305_mac( const unsigned char key[32],
- const unsigned char *input,
- size_t ilen,
- unsigned char mac[16] );
-
-#if defined(MBEDTLS_SELF_TEST)
-/**
- * \brief The Poly1305 checkup routine.
- *
- * \return \c 0 on success.
- * \return \c 1 on failure.
- */
-int mbedtls_poly1305_self_test( int verbose );
-#endif /* MBEDTLS_SELF_TEST */
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* MBEDTLS_POLY1305_H */
diff --git a/mbedtls/private_access.h b/mbedtls/private_access.h
deleted file mode 100644
index 98d3419..0000000
--- a/mbedtls/private_access.h
+++ /dev/null
@@ -1,32 +0,0 @@
- /**
- * \file private_access.h
- *
- * \brief Macro wrapper for struct's memebrs.
- */
-/*
- * Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-#ifndef MBEDTLS_PRIVATE_ACCESS_H
-#define MBEDTLS_PRIVATE_ACCESS_H
-
-#ifndef MBEDTLS_ALLOW_PRIVATE_ACCESS
-#define MBEDTLS_PRIVATE(member) private_##member
-#else
-#define MBEDTLS_PRIVATE(member) member
-#endif
-
-#endif /* MBEDTLS_PRIVATE_ACCESS_H */
diff --git a/mbedtls/psa_util.h b/mbedtls/psa_util.h
deleted file mode 100644
index c54c035..0000000
--- a/mbedtls/psa_util.h
+++ /dev/null
@@ -1,514 +0,0 @@
-/**
- * \file psa_util.h
- *
- * \brief Utility functions for the use of the PSA Crypto library.
- *
- * \warning This function is not part of the public API and may
- * change at any time.
- */
-/*
- * Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-#ifndef MBEDTLS_PSA_UTIL_H
-#define MBEDTLS_PSA_UTIL_H
-#include "mbedtls/private_access.h"
-
-#include "mbedtls/build_info.h"
-
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
-
-#include "psa/crypto.h"
-
-#include "mbedtls/ecp.h"
-#include "mbedtls/md.h"
-#include "mbedtls/pk.h"
-#include "mbedtls/oid.h"
-#include "mbedtls/error.h"
-
-#include
-
-/* Translations for symmetric crypto. */
-
-static inline psa_key_type_t mbedtls_psa_translate_cipher_type(
- mbedtls_cipher_type_t cipher )
-{
- switch( cipher )
- {
- case MBEDTLS_CIPHER_AES_128_CCM:
- case MBEDTLS_CIPHER_AES_192_CCM:
- case MBEDTLS_CIPHER_AES_256_CCM:
- case MBEDTLS_CIPHER_AES_128_CCM_STAR_NO_TAG:
- case MBEDTLS_CIPHER_AES_192_CCM_STAR_NO_TAG:
- case MBEDTLS_CIPHER_AES_256_CCM_STAR_NO_TAG:
- case MBEDTLS_CIPHER_AES_128_GCM:
- case MBEDTLS_CIPHER_AES_192_GCM:
- case MBEDTLS_CIPHER_AES_256_GCM:
- case MBEDTLS_CIPHER_AES_128_CBC:
- case MBEDTLS_CIPHER_AES_192_CBC:
- case MBEDTLS_CIPHER_AES_256_CBC:
- case MBEDTLS_CIPHER_AES_128_ECB:
- case MBEDTLS_CIPHER_AES_192_ECB:
- case MBEDTLS_CIPHER_AES_256_ECB:
- return( PSA_KEY_TYPE_AES );
-
- /* ARIA not yet supported in PSA. */
- /* case MBEDTLS_CIPHER_ARIA_128_CCM:
- case MBEDTLS_CIPHER_ARIA_192_CCM:
- case MBEDTLS_CIPHER_ARIA_256_CCM:
- case MBEDTLS_CIPHER_ARIA_128_CCM_STAR_NO_TAG:
- case MBEDTLS_CIPHER_ARIA_192_CCM_STAR_NO_TAG:
- case MBEDTLS_CIPHER_ARIA_256_CCM_STAR_NO_TAG:
- case MBEDTLS_CIPHER_ARIA_128_GCM:
- case MBEDTLS_CIPHER_ARIA_192_GCM:
- case MBEDTLS_CIPHER_ARIA_256_GCM:
- case MBEDTLS_CIPHER_ARIA_128_CBC:
- case MBEDTLS_CIPHER_ARIA_192_CBC:
- case MBEDTLS_CIPHER_ARIA_256_CBC:
- return( PSA_KEY_TYPE_ARIA ); */
-
- default:
- return( 0 );
- }
-}
-
-static inline psa_algorithm_t mbedtls_psa_translate_cipher_mode(
- mbedtls_cipher_mode_t mode, size_t taglen )
-{
- switch( mode )
- {
- case MBEDTLS_MODE_ECB:
- return( PSA_ALG_ECB_NO_PADDING );
- case MBEDTLS_MODE_GCM:
- return( PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, taglen ) );
- case MBEDTLS_MODE_CCM:
- return( PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_CCM, taglen ) );
- case MBEDTLS_MODE_CCM_STAR_NO_TAG:
- return PSA_ALG_CCM_STAR_NO_TAG;
- case MBEDTLS_MODE_CBC:
- if( taglen == 0 )
- return( PSA_ALG_CBC_NO_PADDING );
- else
- return( 0 );
- default:
- return( 0 );
- }
-}
-
-static inline psa_key_usage_t mbedtls_psa_translate_cipher_operation(
- mbedtls_operation_t op )
-{
- switch( op )
- {
- case MBEDTLS_ENCRYPT:
- return( PSA_KEY_USAGE_ENCRYPT );
- case MBEDTLS_DECRYPT:
- return( PSA_KEY_USAGE_DECRYPT );
- default:
- return( 0 );
- }
-}
-
-/* Translations for hashing. */
-
-static inline psa_algorithm_t mbedtls_psa_translate_md( mbedtls_md_type_t md_alg )
-{
- switch( md_alg )
- {
-#if defined(MBEDTLS_MD5_C)
- case MBEDTLS_MD_MD5:
- return( PSA_ALG_MD5 );
-#endif
-#if defined(MBEDTLS_SHA1_C)
- case MBEDTLS_MD_SHA1:
- return( PSA_ALG_SHA_1 );
-#endif
-#if defined(MBEDTLS_SHA224_C)
- case MBEDTLS_MD_SHA224:
- return( PSA_ALG_SHA_224 );
-#endif
-#if defined(MBEDTLS_SHA256_C)
- case MBEDTLS_MD_SHA256:
- return( PSA_ALG_SHA_256 );
-#endif
-#if defined(MBEDTLS_SHA384_C)
- case MBEDTLS_MD_SHA384:
- return( PSA_ALG_SHA_384 );
-#endif
-#if defined(MBEDTLS_SHA512_C)
- case MBEDTLS_MD_SHA512:
- return( PSA_ALG_SHA_512 );
-#endif
-#if defined(MBEDTLS_RIPEMD160_C)
- case MBEDTLS_MD_RIPEMD160:
- return( PSA_ALG_RIPEMD160 );
-#endif
- case MBEDTLS_MD_NONE:
- return( 0 );
- default:
- return( 0 );
- }
-}
-
-/* Translations for ECC. */
-
-static inline int mbedtls_psa_get_ecc_oid_from_id(
- psa_ecc_family_t curve, size_t bits,
- char const **oid, size_t *oid_len )
-{
- switch( curve )
- {
- case PSA_ECC_FAMILY_SECP_R1:
- switch( bits )
- {
-#if defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED)
- case 192:
- *oid = MBEDTLS_OID_EC_GRP_SECP192R1;
- *oid_len = MBEDTLS_OID_SIZE( MBEDTLS_OID_EC_GRP_SECP192R1 );
- return( 0 );
-#endif /* MBEDTLS_ECP_DP_SECP192R1_ENABLED */
-#if defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED)
- case 224:
- *oid = MBEDTLS_OID_EC_GRP_SECP224R1;
- *oid_len = MBEDTLS_OID_SIZE( MBEDTLS_OID_EC_GRP_SECP224R1 );
- return( 0 );
-#endif /* MBEDTLS_ECP_DP_SECP224R1_ENABLED */
-#if defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED)
- case 256:
- *oid = MBEDTLS_OID_EC_GRP_SECP256R1;
- *oid_len = MBEDTLS_OID_SIZE( MBEDTLS_OID_EC_GRP_SECP256R1 );
- return( 0 );
-#endif /* MBEDTLS_ECP_DP_SECP256R1_ENABLED */
-#if defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED)
- case 384:
- *oid = MBEDTLS_OID_EC_GRP_SECP384R1;
- *oid_len = MBEDTLS_OID_SIZE( MBEDTLS_OID_EC_GRP_SECP384R1 );
- return( 0 );
-#endif /* MBEDTLS_ECP_DP_SECP384R1_ENABLED */
-#if defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED)
- case 521:
- *oid = MBEDTLS_OID_EC_GRP_SECP521R1;
- *oid_len = MBEDTLS_OID_SIZE( MBEDTLS_OID_EC_GRP_SECP521R1 );
- return( 0 );
-#endif /* MBEDTLS_ECP_DP_SECP521R1_ENABLED */
- }
- break;
- case PSA_ECC_FAMILY_SECP_K1:
- switch( bits )
- {
-#if defined(MBEDTLS_ECP_DP_SECP192K1_ENABLED)
- case 192:
- *oid = MBEDTLS_OID_EC_GRP_SECP192K1;
- *oid_len = MBEDTLS_OID_SIZE( MBEDTLS_OID_EC_GRP_SECP192K1 );
- return( 0 );
-#endif /* MBEDTLS_ECP_DP_SECP192K1_ENABLED */
-#if defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED)
- case 224:
- *oid = MBEDTLS_OID_EC_GRP_SECP224K1;
- *oid_len = MBEDTLS_OID_SIZE( MBEDTLS_OID_EC_GRP_SECP224K1 );
- return( 0 );
-#endif /* MBEDTLS_ECP_DP_SECP224K1_ENABLED */
-#if defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED)
- case 256:
- *oid = MBEDTLS_OID_EC_GRP_SECP256K1;
- *oid_len = MBEDTLS_OID_SIZE( MBEDTLS_OID_EC_GRP_SECP256K1 );
- return( 0 );
-#endif /* MBEDTLS_ECP_DP_SECP256K1_ENABLED */
- }
- break;
- case PSA_ECC_FAMILY_BRAINPOOL_P_R1:
- switch( bits )
- {
-#if defined(MBEDTLS_ECP_DP_BP256R1_ENABLED)
- case 256:
- *oid = MBEDTLS_OID_EC_GRP_BP256R1;
- *oid_len = MBEDTLS_OID_SIZE( MBEDTLS_OID_EC_GRP_BP256R1 );
- return( 0 );
-#endif /* MBEDTLS_ECP_DP_BP256R1_ENABLED */
-#if defined(MBEDTLS_ECP_DP_BP384R1_ENABLED)
- case 384:
- *oid = MBEDTLS_OID_EC_GRP_BP384R1;
- *oid_len = MBEDTLS_OID_SIZE( MBEDTLS_OID_EC_GRP_BP384R1 );
- return( 0 );
-#endif /* MBEDTLS_ECP_DP_BP384R1_ENABLED */
-#if defined(MBEDTLS_ECP_DP_BP512R1_ENABLED)
- case 512:
- *oid = MBEDTLS_OID_EC_GRP_BP512R1;
- *oid_len = MBEDTLS_OID_SIZE( MBEDTLS_OID_EC_GRP_BP512R1 );
- return( 0 );
-#endif /* MBEDTLS_ECP_DP_BP512R1_ENABLED */
- }
- break;
- }
- (void) oid;
- (void) oid_len;
- return( -1 );
-}
-
-#define MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH 1
-
-#if defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED)
-#if MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH < ( 2 * ( ( 192 + 7 ) / 8 ) + 1 )
-#undef MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH
-#define MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH ( 2 * ( ( 192 + 7 ) / 8 ) + 1 )
-#endif
-#endif /* MBEDTLS_ECP_DP_SECP192R1_ENABLED */
-
-#if defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED)
-#if MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH < ( 2 * ( ( 224 + 7 ) / 8 ) + 1 )
-#undef MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH
-#define MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH ( 2 * ( ( 224 + 7 ) / 8 ) + 1 )
-#endif
-#endif /* MBEDTLS_ECP_DP_SECP224R1_ENABLED */
-
-#if defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED)
-#if MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH < ( 2 * ( ( 256 + 7 ) / 8 ) + 1 )
-#undef MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH
-#define MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH ( 2 * ( ( 256 + 7 ) / 8 ) + 1 )
-#endif
-#endif /* MBEDTLS_ECP_DP_SECP256R1_ENABLED */
-
-#if defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED)
-#if MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH < ( 2 * ( ( 384 + 7 ) / 8 ) + 1 )
-#undef MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH
-#define MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH ( 2 * ( ( 384 + 7 ) / 8 ) + 1 )
-#endif
-#endif /* MBEDTLS_ECP_DP_SECP384R1_ENABLED */
-
-#if defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED)
-#if MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH < ( 2 * ( ( 521 + 7 ) / 8 ) + 1 )
-#undef MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH
-#define MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH ( 2 * ( ( 521 + 7 ) / 8 ) + 1 )
-#endif
-#endif /* MBEDTLS_ECP_DP_SECP521R1_ENABLED */
-
-#if defined(MBEDTLS_ECP_DP_SECP192K1_ENABLED)
-#if MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH < ( 2 * ( ( 192 + 7 ) / 8 ) + 1 )
-#undef MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH
-#define MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH ( 2 * ( ( 192 + 7 ) / 8 ) + 1 )
-#endif
-#endif /* MBEDTLS_ECP_DP_SECP192K1_ENABLED */
-
-#if defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED)
-#if MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH < ( 2 * ( ( 224 + 7 ) / 8 ) + 1 )
-#undef MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH
-#define MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH ( 2 * ( ( 224 + 7 ) / 8 ) + 1 )
-#endif
-#endif /* MBEDTLS_ECP_DP_SECP224K1_ENABLED */
-
-#if defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED)
-#if MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH < ( 2 * ( ( 256 + 7 ) / 8 ) + 1 )
-#undef MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH
-#define MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH ( 2 * ( ( 256 + 7 ) / 8 ) + 1 )
-#endif
-#endif /* MBEDTLS_ECP_DP_SECP256K1_ENABLED */
-
-#if defined(MBEDTLS_ECP_DP_BP256R1_ENABLED)
-#if MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH < ( 2 * ( ( 256 + 7 ) / 8 ) + 1 )
-#undef MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH
-#define MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH ( 2 * ( ( 256 + 7 ) / 8 ) + 1 )
-#endif
-#endif /* MBEDTLS_ECP_DP_BP256R1_ENABLED */
-
-#if defined(MBEDTLS_ECP_DP_BP384R1_ENABLED)
-#if MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH < ( 2 * ( ( 384 + 7 ) / 8 ) + 1 )
-#undef MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH
-#define MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH ( 2 * ( ( 384 + 7 ) / 8 ) + 1 )
-#endif
-#endif /* MBEDTLS_ECP_DP_BP384R1_ENABLED */
-
-#if defined(MBEDTLS_ECP_DP_BP512R1_ENABLED)
-#if MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH < ( 2 * ( ( 512 + 7 ) / 8 ) + 1 )
-#undef MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH
-#define MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH ( 2 * ( ( 512 + 7 ) / 8 ) + 1 )
-#endif
-#endif /* MBEDTLS_ECP_DP_BP512R1_ENABLED */
-
-
-/* Translations for PK layer */
-
-static inline int mbedtls_psa_err_translate_pk( psa_status_t status )
-{
- switch( status )
- {
- case PSA_SUCCESS:
- return( 0 );
- case PSA_ERROR_NOT_SUPPORTED:
- return( MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE );
- case PSA_ERROR_INSUFFICIENT_MEMORY:
- return( MBEDTLS_ERR_PK_ALLOC_FAILED );
- case PSA_ERROR_INSUFFICIENT_ENTROPY:
- return( MBEDTLS_ERR_ECP_RANDOM_FAILED );
- case PSA_ERROR_BAD_STATE:
- return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
- /* All other failures */
- case PSA_ERROR_COMMUNICATION_FAILURE:
- case PSA_ERROR_HARDWARE_FAILURE:
- case PSA_ERROR_CORRUPTION_DETECTED:
- return( MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED );
- default: /* We return the same as for the 'other failures',
- * but list them separately nonetheless to indicate
- * which failure conditions we have considered. */
- return( MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED );
- }
-}
-
-/* Translations for ECC */
-
-/* This function transforms an ECC group identifier from
- * https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-parameters-8
- * into a PSA ECC group identifier. */
-#if defined(MBEDTLS_ECP_C)
-static inline psa_key_type_t mbedtls_psa_parse_tls_ecc_group(
- uint16_t tls_ecc_grp_reg_id, size_t *bits )
-{
- const mbedtls_ecp_curve_info *curve_info =
- mbedtls_ecp_curve_info_from_tls_id( tls_ecc_grp_reg_id );
- if( curve_info == NULL )
- return( 0 );
- return( PSA_KEY_TYPE_ECC_KEY_PAIR(
- mbedtls_ecc_group_to_psa( curve_info->grp_id, bits ) ) );
-}
-#endif /* MBEDTLS_ECP_C */
-
-/* This function takes a buffer holding an EC public key
- * exported through psa_export_public_key(), and converts
- * it into an ECPoint structure to be put into a ClientKeyExchange
- * message in an ECDHE exchange.
- *
- * Both the present and the foreseeable future format of EC public keys
- * used by PSA have the ECPoint structure contained in the exported key
- * as a subbuffer, and the function merely selects this subbuffer instead
- * of making a copy.
- */
-static inline int mbedtls_psa_tls_psa_ec_to_ecpoint( unsigned char *src,
- size_t srclen,
- unsigned char **dst,
- size_t *dstlen )
-{
- *dst = src;
- *dstlen = srclen;
- return( 0 );
-}
-
-/* This function takes a buffer holding an ECPoint structure
- * (as contained in a TLS ServerKeyExchange message for ECDHE
- * exchanges) and converts it into a format that the PSA key
- * agreement API understands.
- */
-static inline int mbedtls_psa_tls_ecpoint_to_psa_ec( unsigned char const *src,
- size_t srclen,
- unsigned char *dst,
- size_t dstlen,
- size_t *olen )
-{
- if( srclen > dstlen )
- return( MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL );
-
- memcpy( dst, src, srclen );
- *olen = srclen;
- return( 0 );
-}
-
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
-
-/* Expose whatever RNG the PSA subsystem uses to applications using the
- * mbedtls_xxx API. The declarations and definitions here need to be
- * consistent with the implementation in library/psa_crypto_random_impl.h.
- * See that file for implementation documentation. */
-#if defined(MBEDTLS_PSA_CRYPTO_C)
-
-/* The type of a `f_rng` random generator function that many library functions
- * take.
- *
- * This type name is not part of the Mbed TLS stable API. It may be renamed
- * or moved without warning.
- */
-typedef int mbedtls_f_rng_t( void *p_rng, unsigned char *output, size_t output_size );
-
-#if defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG)
-
-/** The random generator function for the PSA subsystem.
- *
- * This function is suitable as the `f_rng` random generator function
- * parameter of many `mbedtls_xxx` functions. Use #MBEDTLS_PSA_RANDOM_STATE
- * to obtain the \p p_rng parameter.
- *
- * The implementation of this function depends on the configuration of the
- * library.
- *
- * \note Depending on the configuration, this may be a function or
- * a pointer to a function.
- *
- * \note This function may only be used if the PSA crypto subsystem is active.
- * This means that you must call psa_crypto_init() before any call to
- * this function, and you must not call this function after calling
- * mbedtls_psa_crypto_free().
- *
- * \param p_rng The random generator context. This must be
- * #MBEDTLS_PSA_RANDOM_STATE. No other state is
- * supported.
- * \param output The buffer to fill. It must have room for
- * \c output_size bytes.
- * \param output_size The number of bytes to write to \p output.
- * This function may fail if \p output_size is too
- * large. It is guaranteed to accept any output size
- * requested by Mbed TLS library functions. The
- * maximum request size depends on the library
- * configuration.
- *
- * \return \c 0 on success.
- * \return An `MBEDTLS_ERR_ENTROPY_xxx`,
- * `MBEDTLS_ERR_PLATFORM_xxx,
- * `MBEDTLS_ERR_CTR_DRBG_xxx` or
- * `MBEDTLS_ERR_HMAC_DRBG_xxx` on error.
- */
-int mbedtls_psa_get_random( void *p_rng,
- unsigned char *output,
- size_t output_size );
-
-/** The random generator state for the PSA subsystem.
- *
- * This macro expands to an expression which is suitable as the `p_rng`
- * random generator state parameter of many `mbedtls_xxx` functions.
- * It must be used in combination with the random generator function
- * mbedtls_psa_get_random().
- *
- * The implementation of this macro depends on the configuration of the
- * library. Do not make any assumption on its nature.
- */
-#define MBEDTLS_PSA_RANDOM_STATE NULL
-
-#else /* !defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG) */
-
-#if defined(MBEDTLS_CTR_DRBG_C)
-#include "mbedtls/ctr_drbg.h"
-typedef mbedtls_ctr_drbg_context mbedtls_psa_drbg_context_t;
-static mbedtls_f_rng_t *const mbedtls_psa_get_random = mbedtls_ctr_drbg_random;
-#elif defined(MBEDTLS_HMAC_DRBG_C)
-#include "mbedtls/hmac_drbg.h"
-typedef mbedtls_hmac_drbg_context mbedtls_psa_drbg_context_t;
-static mbedtls_f_rng_t *const mbedtls_psa_get_random = mbedtls_hmac_drbg_random;
-#endif
-extern mbedtls_psa_drbg_context_t *const mbedtls_psa_random_state;
-
-#define MBEDTLS_PSA_RANDOM_STATE mbedtls_psa_random_state
-
-#endif /* !defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG) */
-
-#endif /* MBEDTLS_PSA_CRYPTO_C */
-
-#endif /* MBEDTLS_PSA_UTIL_H */
diff --git a/mbedtls/ripemd160.h b/mbedtls/ripemd160.h
deleted file mode 100644
index 9132a83..0000000
--- a/mbedtls/ripemd160.h
+++ /dev/null
@@ -1,149 +0,0 @@
-/**
- * \file ripemd160.h
- *
- * \brief RIPE MD-160 message digest
- */
-/*
- * Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-#ifndef MBEDTLS_RIPEMD160_H
-#define MBEDTLS_RIPEMD160_H
-#include "mbedtls/private_access.h"
-
-#include "mbedtls/build_info.h"
-
-#include
-#include
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-#if !defined(MBEDTLS_RIPEMD160_ALT)
-// Regular implementation
-//
-
-/**
- * \brief RIPEMD-160 context structure
- */
-typedef struct mbedtls_ripemd160_context
-{
- uint32_t MBEDTLS_PRIVATE(total)[2]; /*!< number of bytes processed */
- uint32_t MBEDTLS_PRIVATE(state)[5]; /*!< intermediate digest state */
- unsigned char MBEDTLS_PRIVATE(buffer)[64]; /*!< data block being processed */
-}
-mbedtls_ripemd160_context;
-
-#else /* MBEDTLS_RIPEMD160_ALT */
-#include "ripemd160_alt.h"
-#endif /* MBEDTLS_RIPEMD160_ALT */
-
-/**
- * \brief Initialize RIPEMD-160 context
- *
- * \param ctx RIPEMD-160 context to be initialized
- */
-void mbedtls_ripemd160_init( mbedtls_ripemd160_context *ctx );
-
-/**
- * \brief Clear RIPEMD-160 context
- *
- * \param ctx RIPEMD-160 context to be cleared
- */
-void mbedtls_ripemd160_free( mbedtls_ripemd160_context *ctx );
-
-/**
- * \brief Clone (the state of) an RIPEMD-160 context
- *
- * \param dst The destination context
- * \param src The context to be cloned
- */
-void mbedtls_ripemd160_clone( mbedtls_ripemd160_context *dst,
- const mbedtls_ripemd160_context *src );
-
-/**
- * \brief RIPEMD-160 context setup
- *
- * \param ctx context to be initialized
- *
- * \return 0 if successful
- */
-int mbedtls_ripemd160_starts( mbedtls_ripemd160_context *ctx );
-
-/**
- * \brief RIPEMD-160 process buffer
- *
- * \param ctx RIPEMD-160 context
- * \param input buffer holding the data
- * \param ilen length of the input data
- *
- * \return 0 if successful
- */
-int mbedtls_ripemd160_update( mbedtls_ripemd160_context *ctx,
- const unsigned char *input,
- size_t ilen );
-
-/**
- * \brief RIPEMD-160 final digest
- *
- * \param ctx RIPEMD-160 context
- * \param output RIPEMD-160 checksum result
- *
- * \return 0 if successful
- */
-int mbedtls_ripemd160_finish( mbedtls_ripemd160_context *ctx,
- unsigned char output[20] );
-
-/**
- * \brief RIPEMD-160 process data block (internal use only)
- *
- * \param ctx RIPEMD-160 context
- * \param data buffer holding one block of data
- *
- * \return 0 if successful
- */
-int mbedtls_internal_ripemd160_process( mbedtls_ripemd160_context *ctx,
- const unsigned char data[64] );
-
-/**
- * \brief Output = RIPEMD-160( input buffer )
- *
- * \param input buffer holding the data
- * \param ilen length of the input data
- * \param output RIPEMD-160 checksum result
- *
- * \return 0 if successful
- */
-int mbedtls_ripemd160( const unsigned char *input,
- size_t ilen,
- unsigned char output[20] );
-
-#if defined(MBEDTLS_SELF_TEST)
-
-/**
- * \brief Checkup routine
- *
- * \return 0 if successful, or 1 if the test failed
- */
-int mbedtls_ripemd160_self_test( int verbose );
-
-#endif /* MBEDTLS_SELF_TEST */
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* mbedtls_ripemd160.h */
diff --git a/mbedtls/rsa.h b/mbedtls/rsa.h
deleted file mode 100644
index d03c31d..0000000
--- a/mbedtls/rsa.h
+++ /dev/null
@@ -1,1128 +0,0 @@
-/**
- * \file rsa.h
- *
- * \brief This file provides an API for the RSA public-key cryptosystem.
- *
- * The RSA public-key cryptosystem is defined in Public-Key
- * Cryptography Standards (PKCS) #1 v1.5: RSA Encryption
- * and Public-Key Cryptography Standards (PKCS) #1 v2.1:
- * RSA Cryptography Specifications.
- *
- */
-/*
- * Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-#ifndef MBEDTLS_RSA_H
-#define MBEDTLS_RSA_H
-#include "mbedtls/private_access.h"
-
-#include "mbedtls/build_info.h"
-
-#include "mbedtls/bignum.h"
-#include "mbedtls/md.h"
-
-#if defined(MBEDTLS_THREADING_C)
-#include "mbedtls/threading.h"
-#endif
-
-/*
- * RSA Error codes
- */
-/** Bad input parameters to function. */
-#define MBEDTLS_ERR_RSA_BAD_INPUT_DATA -0x4080
-/** Input data contains invalid padding and is rejected. */
-#define MBEDTLS_ERR_RSA_INVALID_PADDING -0x4100
-/** Something failed during generation of a key. */
-#define MBEDTLS_ERR_RSA_KEY_GEN_FAILED -0x4180
-/** Key failed to pass the validity check of the library. */
-#define MBEDTLS_ERR_RSA_KEY_CHECK_FAILED -0x4200
-/** The public key operation failed. */
-#define MBEDTLS_ERR_RSA_PUBLIC_FAILED -0x4280
-/** The private key operation failed. */
-#define MBEDTLS_ERR_RSA_PRIVATE_FAILED -0x4300
-/** The PKCS#1 verification failed. */
-#define MBEDTLS_ERR_RSA_VERIFY_FAILED -0x4380
-/** The output buffer for decryption is not large enough. */
-#define MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE -0x4400
-/** The random generator failed to generate non-zeros. */
-#define MBEDTLS_ERR_RSA_RNG_FAILED -0x4480
-
-/*
- * RSA constants
- */
-
-#define MBEDTLS_RSA_PKCS_V15 0 /**< Use PKCS#1 v1.5 encoding. */
-#define MBEDTLS_RSA_PKCS_V21 1 /**< Use PKCS#1 v2.1 encoding. */
-
-#define MBEDTLS_RSA_SIGN 1 /**< Identifier for RSA signature operations. */
-#define MBEDTLS_RSA_CRYPT 2 /**< Identifier for RSA encryption and decryption operations. */
-
-#define MBEDTLS_RSA_SALT_LEN_ANY -1
-
-/*
- * The above constants may be used even if the RSA module is compile out,
- * eg for alternative (PKCS#11) RSA implemenations in the PK layers.
- */
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-#if !defined(MBEDTLS_RSA_ALT)
-// Regular implementation
-//
-
-/**
- * \brief The RSA context structure.
- */
-typedef struct mbedtls_rsa_context
-{
- int MBEDTLS_PRIVATE(ver); /*!< Reserved for internal purposes.
- * Do not set this field in application
- * code. Its meaning might change without
- * notice. */
- size_t MBEDTLS_PRIVATE(len); /*!< The size of \p N in Bytes. */
-
- mbedtls_mpi MBEDTLS_PRIVATE(N); /*!< The public modulus. */
- mbedtls_mpi MBEDTLS_PRIVATE(E); /*!< The public exponent. */
-
- mbedtls_mpi MBEDTLS_PRIVATE(D); /*!< The private exponent. */
- mbedtls_mpi MBEDTLS_PRIVATE(P); /*!< The first prime factor. */
- mbedtls_mpi MBEDTLS_PRIVATE(Q); /*!< The second prime factor. */
-
- mbedtls_mpi MBEDTLS_PRIVATE(DP); /*!< D % (P - 1). */
- mbedtls_mpi MBEDTLS_PRIVATE(DQ); /*!< D % (Q - 1). */
- mbedtls_mpi MBEDTLS_PRIVATE(QP); /*!< 1 / (Q % P). */
-
- mbedtls_mpi MBEDTLS_PRIVATE(RN); /*!< cached R^2 mod N. */
-
- mbedtls_mpi MBEDTLS_PRIVATE(RP); /*!< cached R^2 mod P. */
- mbedtls_mpi MBEDTLS_PRIVATE(RQ); /*!< cached R^2 mod Q. */
-
- mbedtls_mpi MBEDTLS_PRIVATE(Vi); /*!< The cached blinding value. */
- mbedtls_mpi MBEDTLS_PRIVATE(Vf); /*!< The cached un-blinding value. */
-
- int MBEDTLS_PRIVATE(padding); /*!< Selects padding mode:
- #MBEDTLS_RSA_PKCS_V15 for 1.5 padding and
- #MBEDTLS_RSA_PKCS_V21 for OAEP or PSS. */
- int MBEDTLS_PRIVATE(hash_id); /*!< Hash identifier of mbedtls_md_type_t type,
- as specified in md.h for use in the MGF
- mask generating function used in the
- EME-OAEP and EMSA-PSS encodings. */
-#if defined(MBEDTLS_THREADING_C)
- /* Invariant: the mutex is initialized iff ver != 0. */
- mbedtls_threading_mutex_t MBEDTLS_PRIVATE(mutex); /*!< Thread-safety mutex. */
-#endif
-}
-mbedtls_rsa_context;
-
-#else /* MBEDTLS_RSA_ALT */
-#include "rsa_alt.h"
-#endif /* MBEDTLS_RSA_ALT */
-
-/**
- * \brief This function initializes an RSA context.
- *
- * \note This function initializes the padding and the hash
- * identifier to respectively #MBEDTLS_RSA_PKCS_V15 and
- * #MBEDTLS_MD_NONE. See mbedtls_rsa_set_padding() for more
- * information about those parameters.
- *
- * \param ctx The RSA context to initialize. This must not be \c NULL.
- */
-void mbedtls_rsa_init( mbedtls_rsa_context *ctx );
-
-/**
- * \brief This function sets padding for an already initialized RSA
- * context.
- *
- * \note Set padding to #MBEDTLS_RSA_PKCS_V21 for the RSAES-OAEP
- * encryption scheme and the RSASSA-PSS signature scheme.
- *
- * \note The \p hash_id parameter is ignored when using
- * #MBEDTLS_RSA_PKCS_V15 padding.
- *
- * \note The choice of padding mode is strictly enforced for private
- * key operations, since there might be security concerns in
- * mixing padding modes. For public key operations it is
- * a default value, which can be overridden by calling specific
- * \c mbedtls_rsa_rsaes_xxx or \c mbedtls_rsa_rsassa_xxx
- * functions.
- *
- * \note The hash selected in \p hash_id is always used for OEAP
- * encryption. For PSS signatures, it is always used for
- * making signatures, but can be overridden for verifying them.
- * If set to #MBEDTLS_MD_NONE, it is always overridden.
- *
- * \param ctx The initialized RSA context to be configured.
- * \param padding The padding mode to use. This must be either
- * #MBEDTLS_RSA_PKCS_V15 or #MBEDTLS_RSA_PKCS_V21.
- * \param hash_id The hash identifier for PSS or OAEP, if \p padding is
- * #MBEDTLS_RSA_PKCS_V21. #MBEDTLS_MD_NONE is accepted by this
- * function but may be not suitable for some operations.
- * Ignored if \p padding is #MBEDTLS_RSA_PKCS_V15.
- *
- * \return \c 0 on success.
- * \return #MBEDTLS_ERR_RSA_INVALID_PADDING failure:
- * \p padding or \p hash_id is invalid.
- */
-int mbedtls_rsa_set_padding( mbedtls_rsa_context *ctx, int padding,
- mbedtls_md_type_t hash_id );
-
-/**
- * \brief This function imports a set of core parameters into an
- * RSA context.
- *
- * \note This function can be called multiple times for successive
- * imports, if the parameters are not simultaneously present.
- *
- * Any sequence of calls to this function should be followed
- * by a call to mbedtls_rsa_complete(), which checks and
- * completes the provided information to a ready-for-use
- * public or private RSA key.
- *
- * \note See mbedtls_rsa_complete() for more information on which
- * parameters are necessary to set up a private or public
- * RSA key.
- *
- * \note The imported parameters are copied and need not be preserved
- * for the lifetime of the RSA context being set up.
- *
- * \param ctx The initialized RSA context to store the parameters in.
- * \param N The RSA modulus. This may be \c NULL.
- * \param P The first prime factor of \p N. This may be \c NULL.
- * \param Q The second prime factor of \p N. This may be \c NULL.
- * \param D The private exponent. This may be \c NULL.
- * \param E The public exponent. This may be \c NULL.
- *
- * \return \c 0 on success.
- * \return A non-zero error code on failure.
- */
-int mbedtls_rsa_import( mbedtls_rsa_context *ctx,
- const mbedtls_mpi *N,
- const mbedtls_mpi *P, const mbedtls_mpi *Q,
- const mbedtls_mpi *D, const mbedtls_mpi *E );
-
-/**
- * \brief This function imports core RSA parameters, in raw big-endian
- * binary format, into an RSA context.
- *
- * \note This function can be called multiple times for successive
- * imports, if the parameters are not simultaneously present.
- *
- * Any sequence of calls to this function should be followed
- * by a call to mbedtls_rsa_complete(), which checks and
- * completes the provided information to a ready-for-use
- * public or private RSA key.
- *
- * \note See mbedtls_rsa_complete() for more information on which
- * parameters are necessary to set up a private or public
- * RSA key.
- *
- * \note The imported parameters are copied and need not be preserved
- * for the lifetime of the RSA context being set up.
- *
- * \param ctx The initialized RSA context to store the parameters in.
- * \param N The RSA modulus. This may be \c NULL.
- * \param N_len The Byte length of \p N; it is ignored if \p N == NULL.
- * \param P The first prime factor of \p N. This may be \c NULL.
- * \param P_len The Byte length of \p P; it ns ignored if \p P == NULL.
- * \param Q The second prime factor of \p N. This may be \c NULL.
- * \param Q_len The Byte length of \p Q; it is ignored if \p Q == NULL.
- * \param D The private exponent. This may be \c NULL.
- * \param D_len The Byte length of \p D; it is ignored if \p D == NULL.
- * \param E The public exponent. This may be \c NULL.
- * \param E_len The Byte length of \p E; it is ignored if \p E == NULL.
- *
- * \return \c 0 on success.
- * \return A non-zero error code on failure.
- */
-int mbedtls_rsa_import_raw( mbedtls_rsa_context *ctx,
- unsigned char const *N, size_t N_len,
- unsigned char const *P, size_t P_len,
- unsigned char const *Q, size_t Q_len,
- unsigned char const *D, size_t D_len,
- unsigned char const *E, size_t E_len );
-
-/**
- * \brief This function completes an RSA context from
- * a set of imported core parameters.
- *
- * To setup an RSA public key, precisely \p N and \p E
- * must have been imported.
- *
- * To setup an RSA private key, sufficient information must
- * be present for the other parameters to be derivable.
- *
- * The default implementation supports the following:
- * - Derive \p P, \p Q from \p N, \p D, \p E.
- * - Derive \p N, \p D from \p P, \p Q, \p E.
- * Alternative implementations need not support these.
- *
- * If this function runs successfully, it guarantees that
- * the RSA context can be used for RSA operations without
- * the risk of failure or crash.
- *
- * \warning This function need not perform consistency checks
- * for the imported parameters. In particular, parameters that
- * are not needed by the implementation might be silently
- * discarded and left unchecked. To check the consistency
- * of the key material, see mbedtls_rsa_check_privkey().
- *
- * \param ctx The initialized RSA context holding imported parameters.
- *
- * \return \c 0 on success.
- * \return #MBEDTLS_ERR_RSA_BAD_INPUT_DATA if the attempted derivations
- * failed.
- *
- */
-int mbedtls_rsa_complete( mbedtls_rsa_context *ctx );
-
-/**
- * \brief This function exports the core parameters of an RSA key.
- *
- * If this function runs successfully, the non-NULL buffers
- * pointed to by \p N, \p P, \p Q, \p D, and \p E are fully
- * written, with additional unused space filled leading by
- * zero Bytes.
- *
- * Possible reasons for returning
- * #MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED:
- * - An alternative RSA implementation is in use, which
- * stores the key externally, and either cannot or should
- * not export it into RAM.
- * - A SW or HW implementation might not support a certain
- * deduction. For example, \p P, \p Q from \p N, \p D,
- * and \p E if the former are not part of the
- * implementation.
- *
- * If the function fails due to an unsupported operation,
- * the RSA context stays intact and remains usable.
- *
- * \param ctx The initialized RSA context.
- * \param N The MPI to hold the RSA modulus.
- * This may be \c NULL if this field need not be exported.
- * \param P The MPI to hold the first prime factor of \p N.
- * This may be \c NULL if this field need not be exported.
- * \param Q The MPI to hold the second prime factor of \p N.
- * This may be \c NULL if this field need not be exported.
- * \param D The MPI to hold the private exponent.
- * This may be \c NULL if this field need not be exported.
- * \param E The MPI to hold the public exponent.
- * This may be \c NULL if this field need not be exported.
- *
- * \return \c 0 on success.
- * \return #MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED if exporting the
- * requested parameters cannot be done due to missing
- * functionality or because of security policies.
- * \return A non-zero return code on any other failure.
- *
- */
-int mbedtls_rsa_export( const mbedtls_rsa_context *ctx,
- mbedtls_mpi *N, mbedtls_mpi *P, mbedtls_mpi *Q,
- mbedtls_mpi *D, mbedtls_mpi *E );
-
-/**
- * \brief This function exports core parameters of an RSA key
- * in raw big-endian binary format.
- *
- * If this function runs successfully, the non-NULL buffers
- * pointed to by \p N, \p P, \p Q, \p D, and \p E are fully
- * written, with additional unused space filled leading by
- * zero Bytes.
- *
- * Possible reasons for returning
- * #MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED:
- * - An alternative RSA implementation is in use, which
- * stores the key externally, and either cannot or should
- * not export it into RAM.
- * - A SW or HW implementation might not support a certain
- * deduction. For example, \p P, \p Q from \p N, \p D,
- * and \p E if the former are not part of the
- * implementation.
- * If the function fails due to an unsupported operation,
- * the RSA context stays intact and remains usable.
- *
- * \note The length parameters are ignored if the corresponding
- * buffer pointers are NULL.
- *
- * \param ctx The initialized RSA context.
- * \param N The Byte array to store the RSA modulus,
- * or \c NULL if this field need not be exported.
- * \param N_len The size of the buffer for the modulus.
- * \param P The Byte array to hold the first prime factor of \p N,
- * or \c NULL if this field need not be exported.
- * \param P_len The size of the buffer for the first prime factor.
- * \param Q The Byte array to hold the second prime factor of \p N,
- * or \c NULL if this field need not be exported.
- * \param Q_len The size of the buffer for the second prime factor.
- * \param D The Byte array to hold the private exponent,
- * or \c NULL if this field need not be exported.
- * \param D_len The size of the buffer for the private exponent.
- * \param E The Byte array to hold the public exponent,
- * or \c NULL if this field need not be exported.
- * \param E_len The size of the buffer for the public exponent.
- *
- * \return \c 0 on success.
- * \return #MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED if exporting the
- * requested parameters cannot be done due to missing
- * functionality or because of security policies.
- * \return A non-zero return code on any other failure.
- */
-int mbedtls_rsa_export_raw( const mbedtls_rsa_context *ctx,
- unsigned char *N, size_t N_len,
- unsigned char *P, size_t P_len,
- unsigned char *Q, size_t Q_len,
- unsigned char *D, size_t D_len,
- unsigned char *E, size_t E_len );
-
-/**
- * \brief This function exports CRT parameters of a private RSA key.
- *
- * \note Alternative RSA implementations not using CRT-parameters
- * internally can implement this function based on
- * mbedtls_rsa_deduce_opt().
- *
- * \param ctx The initialized RSA context.
- * \param DP The MPI to hold \c D modulo `P-1`,
- * or \c NULL if it need not be exported.
- * \param DQ The MPI to hold \c D modulo `Q-1`,
- * or \c NULL if it need not be exported.
- * \param QP The MPI to hold modular inverse of \c Q modulo \c P,
- * or \c NULL if it need not be exported.
- *
- * \return \c 0 on success.
- * \return A non-zero error code on failure.
- *
- */
-int mbedtls_rsa_export_crt( const mbedtls_rsa_context *ctx,
- mbedtls_mpi *DP, mbedtls_mpi *DQ, mbedtls_mpi *QP );
-
-/**
- * \brief This function retrieves the length of RSA modulus in Bytes.
- *
- * \param ctx The initialized RSA context.
- *
- * \return The length of the RSA modulus in Bytes.
- *
- */
-size_t mbedtls_rsa_get_len( const mbedtls_rsa_context *ctx );
-
-/**
- * \brief This function generates an RSA keypair.
- *
- * \note mbedtls_rsa_init() must be called before this function,
- * to set up the RSA context.
- *
- * \param ctx The initialized RSA context used to hold the key.
- * \param f_rng The RNG function to be used for key generation.
- * This is mandatory and must not be \c NULL.
- * \param p_rng The RNG context to be passed to \p f_rng.
- * This may be \c NULL if \p f_rng doesn't need a context.
- * \param nbits The size of the public key in bits.
- * \param exponent The public exponent to use. For example, \c 65537.
- * This must be odd and greater than \c 1.
- *
- * \return \c 0 on success.
- * \return An \c MBEDTLS_ERR_RSA_XXX error code on failure.
- */
-int mbedtls_rsa_gen_key( mbedtls_rsa_context *ctx,
- int (*f_rng)(void *, unsigned char *, size_t),
- void *p_rng,
- unsigned int nbits, int exponent );
-
-/**
- * \brief This function checks if a context contains at least an RSA
- * public key.
- *
- * If the function runs successfully, it is guaranteed that
- * enough information is present to perform an RSA public key
- * operation using mbedtls_rsa_public().
- *
- * \param ctx The initialized RSA context to check.
- *
- * \return \c 0 on success.
- * \return An \c MBEDTLS_ERR_RSA_XXX error code on failure.
- *
- */
-int mbedtls_rsa_check_pubkey( const mbedtls_rsa_context *ctx );
-
-/**
- * \brief This function checks if a context contains an RSA private key
- * and perform basic consistency checks.
- *
- * \note The consistency checks performed by this function not only
- * ensure that mbedtls_rsa_private() can be called successfully
- * on the given context, but that the various parameters are
- * mutually consistent with high probability, in the sense that
- * mbedtls_rsa_public() and mbedtls_rsa_private() are inverses.
- *
- * \warning This function should catch accidental misconfigurations
- * like swapping of parameters, but it cannot establish full
- * trust in neither the quality nor the consistency of the key
- * material that was used to setup the given RSA context:
- * - Consistency: Imported parameters that are irrelevant
- * for the implementation might be silently dropped. If dropped,
- * the current function does not have access to them,
- * and therefore cannot check them. See mbedtls_rsa_complete().
- * If you want to check the consistency of the entire
- * content of an PKCS1-encoded RSA private key, for example, you
- * should use mbedtls_rsa_validate_params() before setting
- * up the RSA context.
- * Additionally, if the implementation performs empirical checks,
- * these checks substantiate but do not guarantee consistency.
- * - Quality: This function is not expected to perform
- * extended quality assessments like checking that the prime
- * factors are safe. Additionally, it is the responsibility of the
- * user to ensure the trustworthiness of the source of his RSA
- * parameters, which goes beyond what is effectively checkable
- * by the library.
- *
- * \param ctx The initialized RSA context to check.
- *
- * \return \c 0 on success.
- * \return An \c MBEDTLS_ERR_RSA_XXX error code on failure.
- */
-int mbedtls_rsa_check_privkey( const mbedtls_rsa_context *ctx );
-
-/**
- * \brief This function checks a public-private RSA key pair.
- *
- * It checks each of the contexts, and makes sure they match.
- *
- * \param pub The initialized RSA context holding the public key.
- * \param prv The initialized RSA context holding the private key.
- *
- * \return \c 0 on success.
- * \return An \c MBEDTLS_ERR_RSA_XXX error code on failure.
- */
-int mbedtls_rsa_check_pub_priv( const mbedtls_rsa_context *pub,
- const mbedtls_rsa_context *prv );
-
-/**
- * \brief This function performs an RSA public key operation.
- *
- * \param ctx The initialized RSA context to use.
- * \param input The input buffer. This must be a readable buffer
- * of length \c ctx->len Bytes. For example, \c 256 Bytes
- * for an 2048-bit RSA modulus.
- * \param output The output buffer. This must be a writable buffer
- * of length \c ctx->len Bytes. For example, \c 256 Bytes
- * for an 2048-bit RSA modulus.
- *
- * \note This function does not handle message padding.
- *
- * \note Make sure to set \p input[0] = 0 or ensure that
- * input is smaller than \p N.
- *
- * \return \c 0 on success.
- * \return An \c MBEDTLS_ERR_RSA_XXX error code on failure.
- */
-int mbedtls_rsa_public( mbedtls_rsa_context *ctx,
- const unsigned char *input,
- unsigned char *output );
-
-/**
- * \brief This function performs an RSA private key operation.
- *
- * \note Blinding is used if and only if a PRNG is provided.
- *
- * \note If blinding is used, both the base of exponentation
- * and the exponent are blinded, providing protection
- * against some side-channel attacks.
- *
- * \warning It is deprecated and a security risk to not provide
- * a PRNG here and thereby prevent the use of blinding.
- * Future versions of the library may enforce the presence
- * of a PRNG.
- *
- * \param ctx The initialized RSA context to use.
- * \param f_rng The RNG function, used for blinding. It is mandatory.
- * \param p_rng The RNG context to pass to \p f_rng. This may be \c NULL
- * if \p f_rng doesn't need a context.
- * \param input The input buffer. This must be a readable buffer
- * of length \c ctx->len Bytes. For example, \c 256 Bytes
- * for an 2048-bit RSA modulus.
- * \param output The output buffer. This must be a writable buffer
- * of length \c ctx->len Bytes. For example, \c 256 Bytes
- * for an 2048-bit RSA modulus.
- *
- * \return \c 0 on success.
- * \return An \c MBEDTLS_ERR_RSA_XXX error code on failure.
- *
- */
-int mbedtls_rsa_private( mbedtls_rsa_context *ctx,
- int (*f_rng)(void *, unsigned char *, size_t),
- void *p_rng,
- const unsigned char *input,
- unsigned char *output );
-
-/**
- * \brief This function adds the message padding, then performs an RSA
- * operation.
- *
- * It is the generic wrapper for performing a PKCS#1 encryption
- * operation.
- *
- * \param ctx The initialized RSA context to use.
- * \param f_rng The RNG to use. It is used for padding generation
- * and it is mandatory.
- * \param p_rng The RNG context to be passed to \p f_rng. May be
- * \c NULL if \p f_rng doesn't need a context argument.
- * \param ilen The length of the plaintext in Bytes.
- * \param input The input data to encrypt. This must be a readable
- * buffer of size \p ilen Bytes. It may be \c NULL if
- * `ilen == 0`.
- * \param output The output buffer. This must be a writable buffer
- * of length \c ctx->len Bytes. For example, \c 256 Bytes
- * for an 2048-bit RSA modulus.
- *
- * \return \c 0 on success.
- * \return An \c MBEDTLS_ERR_RSA_XXX error code on failure.
- */
-int mbedtls_rsa_pkcs1_encrypt( mbedtls_rsa_context *ctx,
- int (*f_rng)(void *, unsigned char *, size_t),
- void *p_rng,
- size_t ilen,
- const unsigned char *input,
- unsigned char *output );
-
-/**
- * \brief This function performs a PKCS#1 v1.5 encryption operation
- * (RSAES-PKCS1-v1_5-ENCRYPT).
- *
- * \param ctx The initialized RSA context to use.
- * \param f_rng The RNG function to use. It is mandatory and used for
- * padding generation.
- * \param p_rng The RNG context to be passed to \p f_rng. This may
- * be \c NULL if \p f_rng doesn't need a context argument.
- * \param ilen The length of the plaintext in Bytes.
- * \param input The input data to encrypt. This must be a readable
- * buffer of size \p ilen Bytes. It may be \c NULL if
- * `ilen == 0`.
- * \param output The output buffer. This must be a writable buffer
- * of length \c ctx->len Bytes. For example, \c 256 Bytes
- * for an 2048-bit RSA modulus.
- *
- * \return \c 0 on success.
- * \return An \c MBEDTLS_ERR_RSA_XXX error code on failure.
- */
-int mbedtls_rsa_rsaes_pkcs1_v15_encrypt( mbedtls_rsa_context *ctx,
- int (*f_rng)(void *, unsigned char *, size_t),
- void *p_rng,
- size_t ilen,
- const unsigned char *input,
- unsigned char *output );
-
-/**
- * \brief This function performs a PKCS#1 v2.1 OAEP encryption
- * operation (RSAES-OAEP-ENCRYPT).
- *
- * \note The output buffer must be as large as the size
- * of ctx->N. For example, 128 Bytes if RSA-1024 is used.
- *
- * \param ctx The initnialized RSA context to use.
- * \param f_rng The RNG function to use. This is needed for padding
- * generation and is mandatory.
- * \param p_rng The RNG context to be passed to \p f_rng. This may
- * be \c NULL if \p f_rng doesn't need a context argument.
- * \param label The buffer holding the custom label to use.
- * This must be a readable buffer of length \p label_len
- * Bytes. It may be \c NULL if \p label_len is \c 0.
- * \param label_len The length of the label in Bytes.
- * \param ilen The length of the plaintext buffer \p input in Bytes.
- * \param input The input data to encrypt. This must be a readable
- * buffer of size \p ilen Bytes. It may be \c NULL if
- * `ilen == 0`.
- * \param output The output buffer. This must be a writable buffer
- * of length \c ctx->len Bytes. For example, \c 256 Bytes
- * for an 2048-bit RSA modulus.
- *
- * \return \c 0 on success.
- * \return An \c MBEDTLS_ERR_RSA_XXX error code on failure.
- */
-int mbedtls_rsa_rsaes_oaep_encrypt( mbedtls_rsa_context *ctx,
- int (*f_rng)(void *, unsigned char *, size_t),
- void *p_rng,
- const unsigned char *label, size_t label_len,
- size_t ilen,
- const unsigned char *input,
- unsigned char *output );
-
-/**
- * \brief This function performs an RSA operation, then removes the
- * message padding.
- *
- * It is the generic wrapper for performing a PKCS#1 decryption
- * operation.
- *
- * \note The output buffer length \c output_max_len should be
- * as large as the size \p ctx->len of \p ctx->N (for example,
- * 128 Bytes if RSA-1024 is used) to be able to hold an
- * arbitrary decrypted message. If it is not large enough to
- * hold the decryption of the particular ciphertext provided,
- * the function returns \c MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE.
- *
- * \param ctx The initialized RSA context to use.
- * \param f_rng The RNG function. This is used for blinding and is
- * mandatory; see mbedtls_rsa_private() for more.
- * \param p_rng The RNG context to be passed to \p f_rng. This may be
- * \c NULL if \p f_rng doesn't need a context.
- * \param olen The address at which to store the length of
- * the plaintext. This must not be \c NULL.
- * \param input The ciphertext buffer. This must be a readable buffer
- * of length \c ctx->len Bytes. For example, \c 256 Bytes
- * for an 2048-bit RSA modulus.
- * \param output The buffer used to hold the plaintext. This must
- * be a writable buffer of length \p output_max_len Bytes.
- * \param output_max_len The length in Bytes of the output buffer \p output.
- *
- * \return \c 0 on success.
- * \return An \c MBEDTLS_ERR_RSA_XXX error code on failure.
- */
-int mbedtls_rsa_pkcs1_decrypt( mbedtls_rsa_context *ctx,
- int (*f_rng)(void *, unsigned char *, size_t),
- void *p_rng,
- size_t *olen,
- const unsigned char *input,
- unsigned char *output,
- size_t output_max_len );
-
-/**
- * \brief This function performs a PKCS#1 v1.5 decryption
- * operation (RSAES-PKCS1-v1_5-DECRYPT).
- *
- * \note The output buffer length \c output_max_len should be
- * as large as the size \p ctx->len of \p ctx->N, for example,
- * 128 Bytes if RSA-1024 is used, to be able to hold an
- * arbitrary decrypted message. If it is not large enough to
- * hold the decryption of the particular ciphertext provided,
- * the function returns #MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE.
- *
- * \param ctx The initialized RSA context to use.
- * \param f_rng The RNG function. This is used for blinding and is
- * mandatory; see mbedtls_rsa_private() for more.
- * \param p_rng The RNG context to be passed to \p f_rng. This may be
- * \c NULL if \p f_rng doesn't need a context.
- * \param olen The address at which to store the length of
- * the plaintext. This must not be \c NULL.
- * \param input The ciphertext buffer. This must be a readable buffer
- * of length \c ctx->len Bytes. For example, \c 256 Bytes
- * for an 2048-bit RSA modulus.
- * \param output The buffer used to hold the plaintext. This must
- * be a writable buffer of length \p output_max_len Bytes.
- * \param output_max_len The length in Bytes of the output buffer \p output.
- *
- * \return \c 0 on success.
- * \return An \c MBEDTLS_ERR_RSA_XXX error code on failure.
- *
- */
-int mbedtls_rsa_rsaes_pkcs1_v15_decrypt( mbedtls_rsa_context *ctx,
- int (*f_rng)(void *, unsigned char *, size_t),
- void *p_rng,
- size_t *olen,
- const unsigned char *input,
- unsigned char *output,
- size_t output_max_len );
-
-/**
- * \brief This function performs a PKCS#1 v2.1 OAEP decryption
- * operation (RSAES-OAEP-DECRYPT).
- *
- * \note The output buffer length \c output_max_len should be
- * as large as the size \p ctx->len of \p ctx->N, for
- * example, 128 Bytes if RSA-1024 is used, to be able to
- * hold an arbitrary decrypted message. If it is not
- * large enough to hold the decryption of the particular
- * ciphertext provided, the function returns
- * #MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE.
- *
- * \param ctx The initialized RSA context to use.
- * \param f_rng The RNG function. This is used for blinding and is
- * mandatory.
- * \param p_rng The RNG context to be passed to \p f_rng. This may be
- * \c NULL if \p f_rng doesn't need a context.
- * \param label The buffer holding the custom label to use.
- * This must be a readable buffer of length \p label_len
- * Bytes. It may be \c NULL if \p label_len is \c 0.
- * \param label_len The length of the label in Bytes.
- * \param olen The address at which to store the length of
- * the plaintext. This must not be \c NULL.
- * \param input The ciphertext buffer. This must be a readable buffer
- * of length \c ctx->len Bytes. For example, \c 256 Bytes
- * for an 2048-bit RSA modulus.
- * \param output The buffer used to hold the plaintext. This must
- * be a writable buffer of length \p output_max_len Bytes.
- * \param output_max_len The length in Bytes of the output buffer \p output.
- *
- * \return \c 0 on success.
- * \return An \c MBEDTLS_ERR_RSA_XXX error code on failure.
- */
-int mbedtls_rsa_rsaes_oaep_decrypt( mbedtls_rsa_context *ctx,
- int (*f_rng)(void *, unsigned char *, size_t),
- void *p_rng,
- const unsigned char *label, size_t label_len,
- size_t *olen,
- const unsigned char *input,
- unsigned char *output,
- size_t output_max_len );
-
-/**
- * \brief This function performs a private RSA operation to sign
- * a message digest using PKCS#1.
- *
- * It is the generic wrapper for performing a PKCS#1
- * signature.
- *
- * \note The \p sig buffer must be as large as the size
- * of \p ctx->N. For example, 128 Bytes if RSA-1024 is used.
- *
- * \note For PKCS#1 v2.1 encoding, see comments on
- * mbedtls_rsa_rsassa_pss_sign() for details on
- * \p md_alg and \p hash_id.
- *
- * \param ctx The initialized RSA context to use.
- * \param f_rng The RNG function to use. This is mandatory and
- * must not be \c NULL.
- * \param p_rng The RNG context to be passed to \p f_rng. This may be \c NULL
- * if \p f_rng doesn't need a context argument.
- * \param md_alg The message-digest algorithm used to hash the original data.
- * Use #MBEDTLS_MD_NONE for signing raw data.
- * \param hashlen The length of the message digest or raw data in Bytes.
- * If \p md_alg is not #MBEDTLS_MD_NONE, this must match the
- * output length of the corresponding hash algorithm.
- * \param hash The buffer holding the message digest or raw data.
- * This must be a readable buffer of at least \p hashlen Bytes.
- * \param sig The buffer to hold the signature. This must be a writable
- * buffer of length \c ctx->len Bytes. For example, \c 256 Bytes
- * for an 2048-bit RSA modulus. A buffer length of
- * #MBEDTLS_MPI_MAX_SIZE is always safe.
- *
- * \return \c 0 if the signing operation was successful.
- * \return An \c MBEDTLS_ERR_RSA_XXX error code on failure.
- */
-int mbedtls_rsa_pkcs1_sign( mbedtls_rsa_context *ctx,
- int (*f_rng)(void *, unsigned char *, size_t),
- void *p_rng,
- mbedtls_md_type_t md_alg,
- unsigned int hashlen,
- const unsigned char *hash,
- unsigned char *sig );
-
-/**
- * \brief This function performs a PKCS#1 v1.5 signature
- * operation (RSASSA-PKCS1-v1_5-SIGN).
- *
- * \param ctx The initialized RSA context to use.
- * \param f_rng The RNG function. This is used for blinding and is
- * mandatory; see mbedtls_rsa_private() for more.
- * \param p_rng The RNG context to be passed to \p f_rng. This may be \c NULL
- * if \p f_rng doesn't need a context argument.
- * \param md_alg The message-digest algorithm used to hash the original data.
- * Use #MBEDTLS_MD_NONE for signing raw data.
- * \param hashlen The length of the message digest or raw data in Bytes.
- * If \p md_alg is not #MBEDTLS_MD_NONE, this must match the
- * output length of the corresponding hash algorithm.
- * \param hash The buffer holding the message digest or raw data.
- * This must be a readable buffer of at least \p hashlen Bytes.
- * \param sig The buffer to hold the signature. This must be a writable
- * buffer of length \c ctx->len Bytes. For example, \c 256 Bytes
- * for an 2048-bit RSA modulus. A buffer length of
- * #MBEDTLS_MPI_MAX_SIZE is always safe.
- *
- * \return \c 0 if the signing operation was successful.
- * \return An \c MBEDTLS_ERR_RSA_XXX error code on failure.
- */
-int mbedtls_rsa_rsassa_pkcs1_v15_sign( mbedtls_rsa_context *ctx,
- int (*f_rng)(void *, unsigned char *, size_t),
- void *p_rng,
- mbedtls_md_type_t md_alg,
- unsigned int hashlen,
- const unsigned char *hash,
- unsigned char *sig );
-
-/**
- * \brief This function performs a PKCS#1 v2.1 PSS signature
- * operation (RSASSA-PSS-SIGN).
- *
- * \note The \c hash_id set in \p ctx by calling
- * mbedtls_rsa_set_padding() selects the hash used for the
- * encoding operation and for the mask generation function
- * (MGF1). For more details on the encoding operation and the
- * mask generation function, consult RFC-3447: Public-Key
- * Cryptography Standards (PKCS) #1 v2.1: RSA Cryptography
- * Specifications.
- *
- * \note This function enforces that the provided salt length complies
- * with FIPS 186-4 §5.5 (e) and RFC 8017 (PKCS#1 v2.2) §9.1.1
- * step 3. The constraint is that the hash length plus the salt
- * length plus 2 bytes must be at most the key length. If this
- * constraint is not met, this function returns
- * #MBEDTLS_ERR_RSA_BAD_INPUT_DATA.
- *
- * \param ctx The initialized RSA context to use.
- * \param f_rng The RNG function. It is mandatory and must not be \c NULL.
- * \param p_rng The RNG context to be passed to \p f_rng. This may be \c NULL
- * if \p f_rng doesn't need a context argument.
- * \param md_alg The message-digest algorithm used to hash the original data.
- * Use #MBEDTLS_MD_NONE for signing raw data.
- * \param hashlen The length of the message digest or raw data in Bytes.
- * If \p md_alg is not #MBEDTLS_MD_NONE, this must match the
- * output length of the corresponding hash algorithm.
- * \param hash The buffer holding the message digest or raw data.
- * This must be a readable buffer of at least \p hashlen Bytes.
- * \param saltlen The length of the salt that should be used.
- * If passed #MBEDTLS_RSA_SALT_LEN_ANY, the function will use
- * the largest possible salt length up to the hash length,
- * which is the largest permitted by some standards including
- * FIPS 186-4 §5.5.
- * \param sig The buffer to hold the signature. This must be a writable
- * buffer of length \c ctx->len Bytes. For example, \c 256 Bytes
- * for an 2048-bit RSA modulus. A buffer length of
- * #MBEDTLS_MPI_MAX_SIZE is always safe.
- *
- * \return \c 0 if the signing operation was successful.
- * \return An \c MBEDTLS_ERR_RSA_XXX error code on failure.
- */
-int mbedtls_rsa_rsassa_pss_sign_ext( mbedtls_rsa_context *ctx,
- int (*f_rng)(void *, unsigned char *, size_t),
- void *p_rng,
- mbedtls_md_type_t md_alg,
- unsigned int hashlen,
- const unsigned char *hash,
- int saltlen,
- unsigned char *sig );
-
-/**
- * \brief This function performs a PKCS#1 v2.1 PSS signature
- * operation (RSASSA-PSS-SIGN).
- *
- * \note The \c hash_id set in \p ctx by calling
- * mbedtls_rsa_set_padding() selects the hash used for the
- * encoding operation and for the mask generation function
- * (MGF1). For more details on the encoding operation and the
- * mask generation function, consult RFC-3447: Public-Key
- * Cryptography Standards (PKCS) #1 v2.1: RSA Cryptography
- * Specifications.
- *
- * \note This function always uses the maximum possible salt size,
- * up to the length of the payload hash. This choice of salt
- * size complies with FIPS 186-4 §5.5 (e) and RFC 8017 (PKCS#1
- * v2.2) §9.1.1 step 3. Furthermore this function enforces a
- * minimum salt size which is the hash size minus 2 bytes. If
- * this minimum size is too large given the key size (the salt
- * size, plus the hash size, plus 2 bytes must be no more than
- * the key size in bytes), this function returns
- * #MBEDTLS_ERR_RSA_BAD_INPUT_DATA.
- *
- * \param ctx The initialized RSA context to use.
- * \param f_rng The RNG function. It is mandatory and must not be \c NULL.
- * \param p_rng The RNG context to be passed to \p f_rng. This may be \c NULL
- * if \p f_rng doesn't need a context argument.
- * \param md_alg The message-digest algorithm used to hash the original data.
- * Use #MBEDTLS_MD_NONE for signing raw data.
- * \param hashlen The length of the message digest or raw data in Bytes.
- * If \p md_alg is not #MBEDTLS_MD_NONE, this must match the
- * output length of the corresponding hash algorithm.
- * \param hash The buffer holding the message digest or raw data.
- * This must be a readable buffer of at least \p hashlen Bytes.
- * \param sig The buffer to hold the signature. This must be a writable
- * buffer of length \c ctx->len Bytes. For example, \c 256 Bytes
- * for an 2048-bit RSA modulus. A buffer length of
- * #MBEDTLS_MPI_MAX_SIZE is always safe.
- *
- * \return \c 0 if the signing operation was successful.
- * \return An \c MBEDTLS_ERR_RSA_XXX error code on failure.
- */
-int mbedtls_rsa_rsassa_pss_sign( mbedtls_rsa_context *ctx,
- int (*f_rng)(void *, unsigned char *, size_t),
- void *p_rng,
- mbedtls_md_type_t md_alg,
- unsigned int hashlen,
- const unsigned char *hash,
- unsigned char *sig );
-
-/**
- * \brief This function performs a public RSA operation and checks
- * the message digest.
- *
- * This is the generic wrapper for performing a PKCS#1
- * verification.
- *
- * \note For PKCS#1 v2.1 encoding, see comments on
- * mbedtls_rsa_rsassa_pss_verify() about \p md_alg and
- * \p hash_id.
- *
- * \param ctx The initialized RSA public key context to use.
- * \param md_alg The message-digest algorithm used to hash the original data.
- * Use #MBEDTLS_MD_NONE for signing raw data.
- * \param hashlen The length of the message digest or raw data in Bytes.
- * If \p md_alg is not #MBEDTLS_MD_NONE, this must match the
- * output length of the corresponding hash algorithm.
- * \param hash The buffer holding the message digest or raw data.
- * This must be a readable buffer of at least \p hashlen Bytes.
- * \param sig The buffer holding the signature. This must be a readable
- * buffer of length \c ctx->len Bytes. For example, \c 256 Bytes
- * for an 2048-bit RSA modulus.
- *
- * \return \c 0 if the verify operation was successful.
- * \return An \c MBEDTLS_ERR_RSA_XXX error code on failure.
- */
-int mbedtls_rsa_pkcs1_verify( mbedtls_rsa_context *ctx,
- mbedtls_md_type_t md_alg,
- unsigned int hashlen,
- const unsigned char *hash,
- const unsigned char *sig );
-
-/**
- * \brief This function performs a PKCS#1 v1.5 verification
- * operation (RSASSA-PKCS1-v1_5-VERIFY).
- *
- * \param ctx The initialized RSA public key context to use.
- * \param md_alg The message-digest algorithm used to hash the original data.
- * Use #MBEDTLS_MD_NONE for signing raw data.
- * \param hashlen The length of the message digest or raw data in Bytes.
- * If \p md_alg is not #MBEDTLS_MD_NONE, this must match the
- * output length of the corresponding hash algorithm.
- * \param hash The buffer holding the message digest or raw data.
- * This must be a readable buffer of at least \p hashlen Bytes.
- * \param sig The buffer holding the signature. This must be a readable
- * buffer of length \c ctx->len Bytes. For example, \c 256 Bytes
- * for an 2048-bit RSA modulus.
- *
- * \return \c 0 if the verify operation was successful.
- * \return An \c MBEDTLS_ERR_RSA_XXX error code on failure.
- */
-int mbedtls_rsa_rsassa_pkcs1_v15_verify( mbedtls_rsa_context *ctx,
- mbedtls_md_type_t md_alg,
- unsigned int hashlen,
- const unsigned char *hash,
- const unsigned char *sig );
-
-/**
- * \brief This function performs a PKCS#1 v2.1 PSS verification
- * operation (RSASSA-PSS-VERIFY).
- *
- * \note The \c hash_id set in \p ctx by calling
- * mbedtls_rsa_set_padding() selects the hash used for the
- * encoding operation and for the mask generation function
- * (MGF1). For more details on the encoding operation and the
- * mask generation function, consult RFC-3447: Public-Key
- * Cryptography Standards (PKCS) #1 v2.1: RSA Cryptography
- * Specifications. If the \c hash_id set in \p ctx by
- * mbedtls_rsa_set_padding() is #MBEDTLS_MD_NONE, the \p md_alg
- * parameter is used.
- *
- * \param ctx The initialized RSA public key context to use.
- * \param md_alg The message-digest algorithm used to hash the original data.
- * Use #MBEDTLS_MD_NONE for signing raw data.
- * \param hashlen The length of the message digest or raw data in Bytes.
- * If \p md_alg is not #MBEDTLS_MD_NONE, this must match the
- * output length of the corresponding hash algorithm.
- * \param hash The buffer holding the message digest or raw data.
- * This must be a readable buffer of at least \p hashlen Bytes.
- * \param sig The buffer holding the signature. This must be a readable
- * buffer of length \c ctx->len Bytes. For example, \c 256 Bytes
- * for an 2048-bit RSA modulus.
- *
- * \return \c 0 if the verify operation was successful.
- * \return An \c MBEDTLS_ERR_RSA_XXX error code on failure.
- */
-int mbedtls_rsa_rsassa_pss_verify( mbedtls_rsa_context *ctx,
- mbedtls_md_type_t md_alg,
- unsigned int hashlen,
- const unsigned char *hash,
- const unsigned char *sig );
-
-/**
- * \brief This function performs a PKCS#1 v2.1 PSS verification
- * operation (RSASSA-PSS-VERIFY).
- *
- * \note The \p sig buffer must be as large as the size
- * of \p ctx->N. For example, 128 Bytes if RSA-1024 is used.
- *
- * \note The \c hash_id set in \p ctx by mbedtls_rsa_set_padding() is
- * ignored.
- *
- * \param ctx The initialized RSA public key context to use.
- * \param md_alg The message-digest algorithm used to hash the original data.
- * Use #MBEDTLS_MD_NONE for signing raw data.
- * \param hashlen The length of the message digest or raw data in Bytes.
- * If \p md_alg is not #MBEDTLS_MD_NONE, this must match the
- * output length of the corresponding hash algorithm.
- * \param hash The buffer holding the message digest or raw data.
- * This must be a readable buffer of at least \p hashlen Bytes.
- * \param mgf1_hash_id The message digest algorithm used for the
- * verification operation and the mask generation
- * function (MGF1). For more details on the encoding
- * operation and the mask generation function, consult
- * RFC-3447: Public-Key Cryptography Standards
- * (PKCS) #1 v2.1: RSA Cryptography
- * Specifications.
- * \param expected_salt_len The length of the salt used in padding. Use
- * #MBEDTLS_RSA_SALT_LEN_ANY to accept any salt length.
- * \param sig The buffer holding the signature. This must be a readable
- * buffer of length \c ctx->len Bytes. For example, \c 256 Bytes
- * for an 2048-bit RSA modulus.
- *
- * \return \c 0 if the verify operation was successful.
- * \return An \c MBEDTLS_ERR_RSA_XXX error code on failure.
- */
-int mbedtls_rsa_rsassa_pss_verify_ext( mbedtls_rsa_context *ctx,
- mbedtls_md_type_t md_alg,
- unsigned int hashlen,
- const unsigned char *hash,
- mbedtls_md_type_t mgf1_hash_id,
- int expected_salt_len,
- const unsigned char *sig );
-
-/**
- * \brief This function copies the components of an RSA context.
- *
- * \param dst The destination context. This must be initialized.
- * \param src The source context. This must be initialized.
- *
- * \return \c 0 on success.
- * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED on memory allocation failure.
- */
-int mbedtls_rsa_copy( mbedtls_rsa_context *dst, const mbedtls_rsa_context *src );
-
-/**
- * \brief This function frees the components of an RSA key.
- *
- * \param ctx The RSA context to free. May be \c NULL, in which case
- * this function is a no-op. If it is not \c NULL, it must
- * point to an initialized RSA context.
- */
-void mbedtls_rsa_free( mbedtls_rsa_context *ctx );
-
-#if defined(MBEDTLS_SELF_TEST)
-
-/**
- * \brief The RSA checkup routine.
- *
- * \return \c 0 on success.
- * \return \c 1 on failure.
- */
-int mbedtls_rsa_self_test( int verbose );
-
-#endif /* MBEDTLS_SELF_TEST */
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* rsa.h */
diff --git a/mbedtls/sha1.h b/mbedtls/sha1.h
deleted file mode 100644
index 6b55174..0000000
--- a/mbedtls/sha1.h
+++ /dev/null
@@ -1,232 +0,0 @@
-/**
- * \file sha1.h
- *
- * \brief This file contains SHA-1 definitions and functions.
- *
- * The Secure Hash Algorithm 1 (SHA-1) cryptographic hash function is defined in
- * FIPS 180-4: Secure Hash Standard (SHS).
- *
- * \warning SHA-1 is considered a weak message digest and its use constitutes
- * a security risk. We recommend considering stronger message
- * digests instead.
- */
-/*
- * Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-#ifndef MBEDTLS_SHA1_H
-#define MBEDTLS_SHA1_H
-#include "mbedtls/private_access.h"
-
-#include "mbedtls/build_info.h"
-
-#include
-#include
-
-/** SHA-1 input data was malformed. */
-#define MBEDTLS_ERR_SHA1_BAD_INPUT_DATA -0x0073
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-#if !defined(MBEDTLS_SHA1_ALT)
-// Regular implementation
-//
-
-/**
- * \brief The SHA-1 context structure.
- *
- * \warning SHA-1 is considered a weak message digest and its use
- * constitutes a security risk. We recommend considering
- * stronger message digests instead.
- *
- */
-typedef struct mbedtls_sha1_context
-{
- uint32_t MBEDTLS_PRIVATE(total)[2]; /*!< The number of Bytes processed. */
- uint32_t MBEDTLS_PRIVATE(state)[5]; /*!< The intermediate digest state. */
- unsigned char MBEDTLS_PRIVATE(buffer)[64]; /*!< The data block being processed. */
-}
-mbedtls_sha1_context;
-
-#else /* MBEDTLS_SHA1_ALT */
-#include "sha1_alt.h"
-#endif /* MBEDTLS_SHA1_ALT */
-
-/**
- * \brief This function initializes a SHA-1 context.
- *
- * \warning SHA-1 is considered a weak message digest and its use
- * constitutes a security risk. We recommend considering
- * stronger message digests instead.
- *
- * \param ctx The SHA-1 context to initialize.
- * This must not be \c NULL.
- *
- */
-void mbedtls_sha1_init( mbedtls_sha1_context *ctx );
-
-/**
- * \brief This function clears a SHA-1 context.
- *
- * \warning SHA-1 is considered a weak message digest and its use
- * constitutes a security risk. We recommend considering
- * stronger message digests instead.
- *
- * \param ctx The SHA-1 context to clear. This may be \c NULL,
- * in which case this function does nothing. If it is
- * not \c NULL, it must point to an initialized
- * SHA-1 context.
- *
- */
-void mbedtls_sha1_free( mbedtls_sha1_context *ctx );
-
-/**
- * \brief This function clones the state of a SHA-1 context.
- *
- * \warning SHA-1 is considered a weak message digest and its use
- * constitutes a security risk. We recommend considering
- * stronger message digests instead.
- *
- * \param dst The SHA-1 context to clone to. This must be initialized.
- * \param src The SHA-1 context to clone from. This must be initialized.
- *
- */
-void mbedtls_sha1_clone( mbedtls_sha1_context *dst,
- const mbedtls_sha1_context *src );
-
-/**
- * \brief This function starts a SHA-1 checksum calculation.
- *
- * \warning SHA-1 is considered a weak message digest and its use
- * constitutes a security risk. We recommend considering
- * stronger message digests instead.
- *
- * \param ctx The SHA-1 context to initialize. This must be initialized.
- *
- * \return \c 0 on success.
- * \return A negative error code on failure.
- *
- */
-int mbedtls_sha1_starts( mbedtls_sha1_context *ctx );
-
-/**
- * \brief This function feeds an input buffer into an ongoing SHA-1
- * checksum calculation.
- *
- * \warning SHA-1 is considered a weak message digest and its use
- * constitutes a security risk. We recommend considering
- * stronger message digests instead.
- *
- * \param ctx The SHA-1 context. This must be initialized
- * and have a hash operation started.
- * \param input The buffer holding the input data.
- * This must be a readable buffer of length \p ilen Bytes.
- * \param ilen The length of the input data \p input in Bytes.
- *
- * \return \c 0 on success.
- * \return A negative error code on failure.
- */
-int mbedtls_sha1_update( mbedtls_sha1_context *ctx,
- const unsigned char *input,
- size_t ilen );
-
-/**
- * \brief This function finishes the SHA-1 operation, and writes
- * the result to the output buffer.
- *
- * \warning SHA-1 is considered a weak message digest and its use
- * constitutes a security risk. We recommend considering
- * stronger message digests instead.
- *
- * \param ctx The SHA-1 context to use. This must be initialized and
- * have a hash operation started.
- * \param output The SHA-1 checksum result. This must be a writable
- * buffer of length \c 20 Bytes.
- *
- * \return \c 0 on success.
- * \return A negative error code on failure.
- */
-int mbedtls_sha1_finish( mbedtls_sha1_context *ctx,
- unsigned char output[20] );
-
-/**
- * \brief SHA-1 process data block (internal use only).
- *
- * \warning SHA-1 is considered a weak message digest and its use
- * constitutes a security risk. We recommend considering
- * stronger message digests instead.
- *
- * \param ctx The SHA-1 context to use. This must be initialized.
- * \param data The data block being processed. This must be a
- * readable buffer of length \c 64 Bytes.
- *
- * \return \c 0 on success.
- * \return A negative error code on failure.
- *
- */
-int mbedtls_internal_sha1_process( mbedtls_sha1_context *ctx,
- const unsigned char data[64] );
-
-/**
- * \brief This function calculates the SHA-1 checksum of a buffer.
- *
- * The function allocates the context, performs the
- * calculation, and frees the context.
- *
- * The SHA-1 result is calculated as
- * output = SHA-1(input buffer).
- *
- * \warning SHA-1 is considered a weak message digest and its use
- * constitutes a security risk. We recommend considering
- * stronger message digests instead.
- *
- * \param input The buffer holding the input data.
- * This must be a readable buffer of length \p ilen Bytes.
- * \param ilen The length of the input data \p input in Bytes.
- * \param output The SHA-1 checksum result.
- * This must be a writable buffer of length \c 20 Bytes.
- *
- * \return \c 0 on success.
- * \return A negative error code on failure.
- *
- */
-int mbedtls_sha1( const unsigned char *input,
- size_t ilen,
- unsigned char output[20] );
-
-#if defined(MBEDTLS_SELF_TEST)
-
-/**
- * \brief The SHA-1 checkup routine.
- *
- * \warning SHA-1 is considered a weak message digest and its use
- * constitutes a security risk. We recommend considering
- * stronger message digests instead.
- *
- * \return \c 0 on success.
- * \return \c 1 on failure.
- *
- */
-int mbedtls_sha1_self_test( int verbose );
-
-#endif /* MBEDTLS_SELF_TEST */
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* mbedtls_sha1.h */
diff --git a/mbedtls/sha256.h b/mbedtls/sha256.h
deleted file mode 100644
index 0cbbac1..0000000
--- a/mbedtls/sha256.h
+++ /dev/null
@@ -1,195 +0,0 @@
-/**
- * \file sha256.h
- *
- * \brief This file contains SHA-224 and SHA-256 definitions and functions.
- *
- * The Secure Hash Algorithms 224 and 256 (SHA-224 and SHA-256) cryptographic
- * hash functions are defined in FIPS 180-4: Secure Hash Standard (SHS).
- */
-/*
- * Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-#ifndef MBEDTLS_SHA256_H
-#define MBEDTLS_SHA256_H
-#include "mbedtls/private_access.h"
-
-#include "mbedtls/build_info.h"
-
-#include
-#include
-
-/** SHA-256 input data was malformed. */
-#define MBEDTLS_ERR_SHA256_BAD_INPUT_DATA -0x0074
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-#if !defined(MBEDTLS_SHA256_ALT)
-// Regular implementation
-//
-
-/**
- * \brief The SHA-256 context structure.
- *
- * The structure is used both for SHA-256 and for SHA-224
- * checksum calculations. The choice between these two is
- * made in the call to mbedtls_sha256_starts().
- */
-typedef struct mbedtls_sha256_context
-{
- uint32_t MBEDTLS_PRIVATE(total)[2]; /*!< The number of Bytes processed. */
- uint32_t MBEDTLS_PRIVATE(state)[8]; /*!< The intermediate digest state. */
- unsigned char MBEDTLS_PRIVATE(buffer)[64]; /*!< The data block being processed. */
- int MBEDTLS_PRIVATE(is224); /*!< Determines which function to use:
- 0: Use SHA-256, or 1: Use SHA-224. */
-}
-mbedtls_sha256_context;
-
-#else /* MBEDTLS_SHA256_ALT */
-#include "sha256_alt.h"
-#endif /* MBEDTLS_SHA256_ALT */
-
-/**
- * \brief This function initializes a SHA-256 context.
- *
- * \param ctx The SHA-256 context to initialize. This must not be \c NULL.
- */
-void mbedtls_sha256_init( mbedtls_sha256_context *ctx );
-
-/**
- * \brief This function clears a SHA-256 context.
- *
- * \param ctx The SHA-256 context to clear. This may be \c NULL, in which
- * case this function returns immediately. If it is not \c NULL,
- * it must point to an initialized SHA-256 context.
- */
-void mbedtls_sha256_free( mbedtls_sha256_context *ctx );
-
-/**
- * \brief This function clones the state of a SHA-256 context.
- *
- * \param dst The destination context. This must be initialized.
- * \param src The context to clone. This must be initialized.
- */
-void mbedtls_sha256_clone( mbedtls_sha256_context *dst,
- const mbedtls_sha256_context *src );
-
-/**
- * \brief This function starts a SHA-224 or SHA-256 checksum
- * calculation.
- *
- * \param ctx The context to use. This must be initialized.
- * \param is224 This determines which function to use. This must be
- * either \c 0 for SHA-256, or \c 1 for SHA-224.
- *
- * \return \c 0 on success.
- * \return A negative error code on failure.
- */
-int mbedtls_sha256_starts( mbedtls_sha256_context *ctx, int is224 );
-
-/**
- * \brief This function feeds an input buffer into an ongoing
- * SHA-256 checksum calculation.
- *
- * \param ctx The SHA-256 context. This must be initialized
- * and have a hash operation started.
- * \param input The buffer holding the data. This must be a readable
- * buffer of length \p ilen Bytes.
- * \param ilen The length of the input data in Bytes.
- *
- * \return \c 0 on success.
- * \return A negative error code on failure.
- */
-int mbedtls_sha256_update( mbedtls_sha256_context *ctx,
- const unsigned char *input,
- size_t ilen );
-
-/**
- * \brief This function finishes the SHA-256 operation, and writes
- * the result to the output buffer.
- *
- * \param ctx The SHA-256 context. This must be initialized
- * and have a hash operation started.
- * \param output The SHA-224 or SHA-256 checksum result.
- * This must be a writable buffer of length \c 32 bytes
- * for SHA-256, \c 28 bytes for SHA-224.
- *
- * \return \c 0 on success.
- * \return A negative error code on failure.
- */
-int mbedtls_sha256_finish( mbedtls_sha256_context *ctx,
- unsigned char *output );
-
-/**
- * \brief This function processes a single data block within
- * the ongoing SHA-256 computation. This function is for
- * internal use only.
- *
- * \param ctx The SHA-256 context. This must be initialized.
- * \param data The buffer holding one block of data. This must
- * be a readable buffer of length \c 64 Bytes.
- *
- * \return \c 0 on success.
- * \return A negative error code on failure.
- */
-int mbedtls_internal_sha256_process( mbedtls_sha256_context *ctx,
- const unsigned char data[64] );
-
-/**
- * \brief This function calculates the SHA-224 or SHA-256
- * checksum of a buffer.
- *
- * The function allocates the context, performs the
- * calculation, and frees the context.
- *
- * The SHA-256 result is calculated as
- * output = SHA-256(input buffer).
- *
- * \param input The buffer holding the data. This must be a readable
- * buffer of length \p ilen Bytes.
- * \param ilen The length of the input data in Bytes.
- * \param output The SHA-224 or SHA-256 checksum result.
- * This must be a writable buffer of length \c 32 bytes
- * for SHA-256, \c 28 bytes for SHA-224.
- * \param is224 Determines which function to use. This must be
- * either \c 0 for SHA-256, or \c 1 for SHA-224.
- *
- * \return \c 0 on success.
- * \return A negative error code on failure.
- */
-int mbedtls_sha256( const unsigned char *input,
- size_t ilen,
- unsigned char *output,
- int is224 );
-
-#if defined(MBEDTLS_SELF_TEST)
-
-/**
- * \brief The SHA-224 and SHA-256 checkup routine.
- *
- * \return \c 0 on success.
- * \return \c 1 on failure.
- */
-int mbedtls_sha256_self_test( int verbose );
-
-#endif /* MBEDTLS_SELF_TEST */
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* mbedtls_sha256.h */
diff --git a/mbedtls/sha512.h b/mbedtls/sha512.h
deleted file mode 100644
index 48901cc..0000000
--- a/mbedtls/sha512.h
+++ /dev/null
@@ -1,205 +0,0 @@
-/**
- * \file sha512.h
- * \brief This file contains SHA-384 and SHA-512 definitions and functions.
- *
- * The Secure Hash Algorithms 384 and 512 (SHA-384 and SHA-512) cryptographic
- * hash functions are defined in FIPS 180-4: Secure Hash Standard (SHS).
- */
-/*
- * Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-#ifndef MBEDTLS_SHA512_H
-#define MBEDTLS_SHA512_H
-#include "mbedtls/private_access.h"
-
-#include "mbedtls/build_info.h"
-
-#include
-#include
-
-/** SHA-512 input data was malformed. */
-#define MBEDTLS_ERR_SHA512_BAD_INPUT_DATA -0x0075
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-#if !defined(MBEDTLS_SHA512_ALT)
-// Regular implementation
-//
-
-/**
- * \brief The SHA-512 context structure.
- *
- * The structure is used both for SHA-384 and for SHA-512
- * checksum calculations. The choice between these two is
- * made in the call to mbedtls_sha512_starts().
- */
-typedef struct mbedtls_sha512_context
-{
- uint64_t MBEDTLS_PRIVATE(total)[2]; /*!< The number of Bytes processed. */
- uint64_t MBEDTLS_PRIVATE(state)[8]; /*!< The intermediate digest state. */
- unsigned char MBEDTLS_PRIVATE(buffer)[128]; /*!< The data block being processed. */
-#if defined(MBEDTLS_SHA384_C)
- int MBEDTLS_PRIVATE(is384); /*!< Determines which function to use:
- 0: Use SHA-512, or 1: Use SHA-384. */
-#endif
-}
-mbedtls_sha512_context;
-
-#else /* MBEDTLS_SHA512_ALT */
-#include "sha512_alt.h"
-#endif /* MBEDTLS_SHA512_ALT */
-
-/**
- * \brief This function initializes a SHA-512 context.
- *
- * \param ctx The SHA-512 context to initialize. This must
- * not be \c NULL.
- */
-void mbedtls_sha512_init( mbedtls_sha512_context *ctx );
-
-/**
- * \brief This function clears a SHA-512 context.
- *
- * \param ctx The SHA-512 context to clear. This may be \c NULL,
- * in which case this function does nothing. If it
- * is not \c NULL, it must point to an initialized
- * SHA-512 context.
- */
-void mbedtls_sha512_free( mbedtls_sha512_context *ctx );
-
-/**
- * \brief This function clones the state of a SHA-512 context.
- *
- * \param dst The destination context. This must be initialized.
- * \param src The context to clone. This must be initialized.
- */
-void mbedtls_sha512_clone( mbedtls_sha512_context *dst,
- const mbedtls_sha512_context *src );
-
-/**
- * \brief This function starts a SHA-384 or SHA-512 checksum
- * calculation.
- *
- * \param ctx The SHA-512 context to use. This must be initialized.
- * \param is384 Determines which function to use. This must be
- * either \c 0 for SHA-512, or \c 1 for SHA-384.
- *
- * \note When \c MBEDTLS_SHA384_C is not defined,
- * \p is384 must be \c 0, or the function will return
- * #MBEDTLS_ERR_SHA512_BAD_INPUT_DATA.
- *
- * \return \c 0 on success.
- * \return A negative error code on failure.
- */
-int mbedtls_sha512_starts( mbedtls_sha512_context *ctx, int is384 );
-
-/**
- * \brief This function feeds an input buffer into an ongoing
- * SHA-512 checksum calculation.
- *
- * \param ctx The SHA-512 context. This must be initialized
- * and have a hash operation started.
- * \param input The buffer holding the input data. This must
- * be a readable buffer of length \p ilen Bytes.
- * \param ilen The length of the input data in Bytes.
- *
- * \return \c 0 on success.
- * \return A negative error code on failure.
- */
-int mbedtls_sha512_update( mbedtls_sha512_context *ctx,
- const unsigned char *input,
- size_t ilen );
-
-/**
- * \brief This function finishes the SHA-512 operation, and writes
- * the result to the output buffer.
- *
- * \param ctx The SHA-512 context. This must be initialized
- * and have a hash operation started.
- * \param output The SHA-384 or SHA-512 checksum result.
- * This must be a writable buffer of length \c 64 bytes
- * for SHA-512, \c 48 bytes for SHA-384.
- *
- * \return \c 0 on success.
- * \return A negative error code on failure.
- */
-int mbedtls_sha512_finish( mbedtls_sha512_context *ctx,
- unsigned char *output );
-
-/**
- * \brief This function processes a single data block within
- * the ongoing SHA-512 computation.
- * This function is for internal use only.
- *
- * \param ctx The SHA-512 context. This must be initialized.
- * \param data The buffer holding one block of data. This
- * must be a readable buffer of length \c 128 Bytes.
- *
- * \return \c 0 on success.
- * \return A negative error code on failure.
- */
-int mbedtls_internal_sha512_process( mbedtls_sha512_context *ctx,
- const unsigned char data[128] );
-
-/**
- * \brief This function calculates the SHA-512 or SHA-384
- * checksum of a buffer.
- *
- * The function allocates the context, performs the
- * calculation, and frees the context.
- *
- * The SHA-512 result is calculated as
- * output = SHA-512(input buffer).
- *
- * \param input The buffer holding the input data. This must be
- * a readable buffer of length \p ilen Bytes.
- * \param ilen The length of the input data in Bytes.
- * \param output The SHA-384 or SHA-512 checksum result.
- * This must be a writable buffer of length \c 64 bytes
- * for SHA-512, \c 48 bytes for SHA-384.
- * \param is384 Determines which function to use. This must be either
- * \c 0 for SHA-512, or \c 1 for SHA-384.
- *
- * \note When \c MBEDTLS_SHA384_C is not defined, \p is384 must
- * be \c 0, or the function will return
- * #MBEDTLS_ERR_SHA512_BAD_INPUT_DATA.
- *
- * \return \c 0 on success.
- * \return A negative error code on failure.
- */
-int mbedtls_sha512( const unsigned char *input,
- size_t ilen,
- unsigned char *output,
- int is384 );
-
-#if defined(MBEDTLS_SELF_TEST)
-
- /**
- * \brief The SHA-384 or SHA-512 checkup routine.
- *
- * \return \c 0 on success.
- * \return \c 1 on failure.
- */
-int mbedtls_sha512_self_test( int verbose );
-#endif /* MBEDTLS_SELF_TEST */
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* mbedtls_sha512.h */
diff --git a/mbedtls/ssl.h b/mbedtls/ssl.h
deleted file mode 100644
index 072ebbe..0000000
--- a/mbedtls/ssl.h
+++ /dev/null
@@ -1,4526 +0,0 @@
-/**
- * \file ssl.h
- *
- * \brief SSL/TLS functions.
- */
-/*
- * Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-#ifndef MBEDTLS_SSL_H
-#define MBEDTLS_SSL_H
-#include "mbedtls/platform_util.h"
-#include "mbedtls/private_access.h"
-
-#include "mbedtls/build_info.h"
-
-#include "mbedtls/bignum.h"
-#include "mbedtls/ecp.h"
-
-#include "mbedtls/ssl_ciphersuites.h"
-
-#if defined(MBEDTLS_X509_CRT_PARSE_C)
-#include "mbedtls/x509_crt.h"
-#include "mbedtls/x509_crl.h"
-#endif
-
-#if defined(MBEDTLS_DHM_C)
-#include "mbedtls/dhm.h"
-#endif
-
-/* Adding guard for MBEDTLS_ECDSA_C to ensure no compile errors due
- * to guards also being in ssl_srv.c and ssl_cli.c. There is a gap
- * in functionality that access to ecdh_ctx structure is needed for
- * MBEDTLS_ECDSA_C which does not seem correct.
- */
-#if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C)
-#include "mbedtls/ecdh.h"
-#endif
-
-#if defined(MBEDTLS_HAVE_TIME)
-#include "mbedtls/platform_time.h"
-#endif
-
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
-#include "psa/crypto.h"
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
-
-/*
- * SSL Error codes
- */
-/** A cryptographic operation is in progress. Try again later. */
-#define MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS -0x7000
-/** The requested feature is not available. */
-#define MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE -0x7080
-/** Bad input parameters to function. */
-#define MBEDTLS_ERR_SSL_BAD_INPUT_DATA -0x7100
-/** Verification of the message MAC failed. */
-#define MBEDTLS_ERR_SSL_INVALID_MAC -0x7180
-/** An invalid SSL record was received. */
-#define MBEDTLS_ERR_SSL_INVALID_RECORD -0x7200
-/** The connection indicated an EOF. */
-#define MBEDTLS_ERR_SSL_CONN_EOF -0x7280
-/** A message could not be parsed due to a syntactic error. */
-#define MBEDTLS_ERR_SSL_DECODE_ERROR -0x7300
-/* Error space gap */
-/** No RNG was provided to the SSL module. */
-#define MBEDTLS_ERR_SSL_NO_RNG -0x7400
-/** No client certification received from the client, but required by the authentication mode. */
-#define MBEDTLS_ERR_SSL_NO_CLIENT_CERTIFICATE -0x7480
-/** Client received an extended server hello containing an unsupported extension */
-#define MBEDTLS_ERR_SSL_UNSUPPORTED_EXTENSION -0x7500
-/** No ALPN protocols supported that the client advertises */
-#define MBEDTLS_ERR_SSL_NO_APPLICATION_PROTOCOL -0x7580
-/** The own private key or pre-shared key is not set, but needed. */
-#define MBEDTLS_ERR_SSL_PRIVATE_KEY_REQUIRED -0x7600
-/** No CA Chain is set, but required to operate. */
-#define MBEDTLS_ERR_SSL_CA_CHAIN_REQUIRED -0x7680
-/** An unexpected message was received from our peer. */
-#define MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE -0x7700
-/** A fatal alert message was received from our peer. */
-#define MBEDTLS_ERR_SSL_FATAL_ALERT_MESSAGE -0x7780
-/** No server could be identified matching the client's SNI. */
-#define MBEDTLS_ERR_SSL_UNRECOGNIZED_NAME -0x7800
-/** The peer notified us that the connection is going to be closed. */
-#define MBEDTLS_ERR_SSL_PEER_CLOSE_NOTIFY -0x7880
-/* Error space gap */
-/* Error space gap */
-/** Processing of the Certificate handshake message failed. */
-#define MBEDTLS_ERR_SSL_BAD_CERTIFICATE -0x7A00
-/* Error space gap */
-/* Error space gap */
-/* Error space gap */
-/* Error space gap */
-/* Error space gap */
-/* Error space gap */
-/* Error space gap */
-/* Error space gap */
-/* Error space gap */
-/** Memory allocation failed */
-#define MBEDTLS_ERR_SSL_ALLOC_FAILED -0x7F00
-/** Hardware acceleration function returned with error */
-#define MBEDTLS_ERR_SSL_HW_ACCEL_FAILED -0x7F80
-/** Hardware acceleration function skipped / left alone data */
-#define MBEDTLS_ERR_SSL_HW_ACCEL_FALLTHROUGH -0x6F80
-/** Handshake protocol not within min/max boundaries */
-#define MBEDTLS_ERR_SSL_BAD_PROTOCOL_VERSION -0x6E80
-/** The handshake negotiation failed. */
-#define MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE -0x6E00
-/** Session ticket has expired. */
-#define MBEDTLS_ERR_SSL_SESSION_TICKET_EXPIRED -0x6D80
-/** Public key type mismatch (eg, asked for RSA key exchange and presented EC key) */
-#define MBEDTLS_ERR_SSL_PK_TYPE_MISMATCH -0x6D00
-/** Unknown identity received (eg, PSK identity) */
-#define MBEDTLS_ERR_SSL_UNKNOWN_IDENTITY -0x6C80
-/** Internal error (eg, unexpected failure in lower-level module) */
-#define MBEDTLS_ERR_SSL_INTERNAL_ERROR -0x6C00
-/** A counter would wrap (eg, too many messages exchanged). */
-#define MBEDTLS_ERR_SSL_COUNTER_WRAPPING -0x6B80
-/** Unexpected message at ServerHello in renegotiation. */
-#define MBEDTLS_ERR_SSL_WAITING_SERVER_HELLO_RENEGO -0x6B00
-/** DTLS client must retry for hello verification */
-#define MBEDTLS_ERR_SSL_HELLO_VERIFY_REQUIRED -0x6A80
-/** A buffer is too small to receive or write a message */
-#define MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL -0x6A00
-/* Error space gap */
-/** No data of requested type currently available on underlying transport. */
-#define MBEDTLS_ERR_SSL_WANT_READ -0x6900
-/** Connection requires a write call. */
-#define MBEDTLS_ERR_SSL_WANT_WRITE -0x6880
-/** The operation timed out. */
-#define MBEDTLS_ERR_SSL_TIMEOUT -0x6800
-/** The client initiated a reconnect from the same port. */
-#define MBEDTLS_ERR_SSL_CLIENT_RECONNECT -0x6780
-/** Record header looks valid but is not expected. */
-#define MBEDTLS_ERR_SSL_UNEXPECTED_RECORD -0x6700
-/** The alert message received indicates a non-fatal error. */
-#define MBEDTLS_ERR_SSL_NON_FATAL -0x6680
-/** A field in a message was incorrect or inconsistent with other fields. */
-#define MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER -0x6600
-/** Internal-only message signaling that further message-processing should be done */
-#define MBEDTLS_ERR_SSL_CONTINUE_PROCESSING -0x6580
-/** The asynchronous operation is not completed yet. */
-#define MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS -0x6500
-/** Internal-only message signaling that a message arrived early. */
-#define MBEDTLS_ERR_SSL_EARLY_MESSAGE -0x6480
-/* Error space gap */
-/* Error space gap */
-/* Error space gap */
-/* Error space gap */
-/* Error space gap */
-/* Error space gap */
-/* Error space gap */
-/* Error space gap */
-/** An encrypted DTLS-frame with an unexpected CID was received. */
-#define MBEDTLS_ERR_SSL_UNEXPECTED_CID -0x6000
-/** An operation failed due to an unexpected version or configuration. */
-#define MBEDTLS_ERR_SSL_VERSION_MISMATCH -0x5F00
-/** Invalid value in SSL config */
-#define MBEDTLS_ERR_SSL_BAD_CONFIG -0x5E80
-
-/*
- * TLS 1.3 NamedGroup values
- *
- * From RF 8446
- * enum {
- * // Elliptic Curve Groups (ECDHE)
- * secp256r1(0x0017), secp384r1(0x0018), secp521r1(0x0019),
- * x25519(0x001D), x448(0x001E),
- * // Finite Field Groups (DHE)
- * ffdhe2048(0x0100), ffdhe3072(0x0101), ffdhe4096(0x0102),
- * ffdhe6144(0x0103), ffdhe8192(0x0104),
- * // Reserved Code Points
- * ffdhe_private_use(0x01FC..0x01FF),
- * ecdhe_private_use(0xFE00..0xFEFF),
- * (0xFFFF)
- * } NamedGroup;
- *
- */
-
-/* Elliptic Curve Groups (ECDHE) */
-#define MBEDTLS_SSL_IANA_TLS_GROUP_NONE 0
-#define MBEDTLS_SSL_IANA_TLS_GROUP_SECP192K1 0x0012
-#define MBEDTLS_SSL_IANA_TLS_GROUP_SECP192R1 0x0013
-#define MBEDTLS_SSL_IANA_TLS_GROUP_SECP224K1 0x0014
-#define MBEDTLS_SSL_IANA_TLS_GROUP_SECP224R1 0x0015
-#define MBEDTLS_SSL_IANA_TLS_GROUP_SECP256K1 0x0016
-#define MBEDTLS_SSL_IANA_TLS_GROUP_SECP256R1 0x0017
-#define MBEDTLS_SSL_IANA_TLS_GROUP_SECP384R1 0x0018
-#define MBEDTLS_SSL_IANA_TLS_GROUP_SECP521R1 0x0019
-#define MBEDTLS_SSL_IANA_TLS_GROUP_BP256R1 0x001A
-#define MBEDTLS_SSL_IANA_TLS_GROUP_BP384R1 0x001B
-#define MBEDTLS_SSL_IANA_TLS_GROUP_BP512R1 0x001C
-#define MBEDTLS_SSL_IANA_TLS_GROUP_X25519 0x001D
-#define MBEDTLS_SSL_IANA_TLS_GROUP_X448 0x001E
-/* Finite Field Groups (DHE) */
-#define MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE2048 0x0100
-#define MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE3072 0x0101
-#define MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE4096 0x0102
-#define MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE6144 0x0103
-#define MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE8192 0x0104
-
-/*
- * TLS 1.3 Key Exchange Modes
- *
- * Mbed TLS internal identifiers for use with the SSL configuration API
- * mbedtls_ssl_conf_tls13_key_exchange_modes().
- */
-
-#define MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK ( 1u << 0 ) /*!< Pure-PSK TLS 1.3 key exchange,
- * encompassing both externally agreed PSKs
- * as well as resumption PSKs. */
-#define MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL ( 1u << 1 ) /*!< Pure-Ephemeral TLS 1.3 key exchanges,
- * including for example ECDHE and DHE
- * key exchanges. */
-#define MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL ( 1u << 2 ) /*!< PSK-Ephemeral TLS 1.3 key exchanges,
- * using both a PSK and an ephemeral
- * key exchange. */
-
-/* Convenience macros for sets of key exchanges. */
-#define MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_ALL \
- ( MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK | \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL | \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL ) /*!< All TLS 1.3 key exchanges */
-#define MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ALL \
- ( MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK | \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL ) /*!< All PSK-based TLS 1.3 key exchanges */
-#define MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ALL \
- ( MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL | \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL ) /*!< All ephemeral TLS 1.3 key exchanges */
-
-/*
- * Various constants
- */
-
-/* These are the high an low bytes of ProtocolVersion as defined by:
- * - RFC 5246: ProtocolVersion version = { 3, 3 }; // TLS v1.2
- * - RFC 8446: see section 4.2.1
- */
-#define MBEDTLS_SSL_MAJOR_VERSION_3 3
-#define MBEDTLS_SSL_MINOR_VERSION_3 3 /*!< TLS v1.2 */
-#define MBEDTLS_SSL_MINOR_VERSION_4 4 /*!< TLS v1.3 */
-
-#define MBEDTLS_SSL_TRANSPORT_STREAM 0 /*!< TLS */
-#define MBEDTLS_SSL_TRANSPORT_DATAGRAM 1 /*!< DTLS */
-
-#define MBEDTLS_SSL_MAX_HOST_NAME_LEN 255 /*!< Maximum host name defined in RFC 1035 */
-#define MBEDTLS_SSL_MAX_ALPN_NAME_LEN 255 /*!< Maximum size in bytes of a protocol name in alpn ext., RFC 7301 */
-
-#define MBEDTLS_SSL_MAX_ALPN_LIST_LEN 65535 /*!< Maximum size in bytes of list in alpn ext., RFC 7301 */
-
-/* RFC 6066 section 4, see also mfl_code_to_length in ssl_tls.c
- * NONE must be zero so that memset()ing structure to zero works */
-#define MBEDTLS_SSL_MAX_FRAG_LEN_NONE 0 /*!< don't use this extension */
-#define MBEDTLS_SSL_MAX_FRAG_LEN_512 1 /*!< MaxFragmentLength 2^9 */
-#define MBEDTLS_SSL_MAX_FRAG_LEN_1024 2 /*!< MaxFragmentLength 2^10 */
-#define MBEDTLS_SSL_MAX_FRAG_LEN_2048 3 /*!< MaxFragmentLength 2^11 */
-#define MBEDTLS_SSL_MAX_FRAG_LEN_4096 4 /*!< MaxFragmentLength 2^12 */
-#define MBEDTLS_SSL_MAX_FRAG_LEN_INVALID 5 /*!< first invalid value */
-
-#define MBEDTLS_SSL_IS_CLIENT 0
-#define MBEDTLS_SSL_IS_SERVER 1
-
-#define MBEDTLS_SSL_EXTENDED_MS_DISABLED 0
-#define MBEDTLS_SSL_EXTENDED_MS_ENABLED 1
-
-#define MBEDTLS_SSL_CID_DISABLED 0
-#define MBEDTLS_SSL_CID_ENABLED 1
-
-#define MBEDTLS_SSL_ETM_DISABLED 0
-#define MBEDTLS_SSL_ETM_ENABLED 1
-
-#define MBEDTLS_SSL_COMPRESS_NULL 0
-
-#define MBEDTLS_SSL_VERIFY_NONE 0
-#define MBEDTLS_SSL_VERIFY_OPTIONAL 1
-#define MBEDTLS_SSL_VERIFY_REQUIRED 2
-#define MBEDTLS_SSL_VERIFY_UNSET 3 /* Used only for sni_authmode */
-
-#define MBEDTLS_SSL_LEGACY_RENEGOTIATION 0
-#define MBEDTLS_SSL_SECURE_RENEGOTIATION 1
-
-#define MBEDTLS_SSL_RENEGOTIATION_DISABLED 0
-#define MBEDTLS_SSL_RENEGOTIATION_ENABLED 1
-
-#define MBEDTLS_SSL_ANTI_REPLAY_DISABLED 0
-#define MBEDTLS_SSL_ANTI_REPLAY_ENABLED 1
-
-#define MBEDTLS_SSL_RENEGOTIATION_NOT_ENFORCED -1
-#define MBEDTLS_SSL_RENEGO_MAX_RECORDS_DEFAULT 16
-
-#define MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION 0
-#define MBEDTLS_SSL_LEGACY_ALLOW_RENEGOTIATION 1
-#define MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE 2
-
-#define MBEDTLS_SSL_TRUNC_HMAC_DISABLED 0
-#define MBEDTLS_SSL_TRUNC_HMAC_ENABLED 1
-#define MBEDTLS_SSL_TRUNCATED_HMAC_LEN 10 /* 80 bits, rfc 6066 section 7 */
-
-#define MBEDTLS_SSL_SESSION_TICKETS_DISABLED 0
-#define MBEDTLS_SSL_SESSION_TICKETS_ENABLED 1
-
-#define MBEDTLS_SSL_PRESET_DEFAULT 0
-#define MBEDTLS_SSL_PRESET_SUITEB 2
-
-#define MBEDTLS_SSL_CERT_REQ_CA_LIST_ENABLED 1
-#define MBEDTLS_SSL_CERT_REQ_CA_LIST_DISABLED 0
-
-#define MBEDTLS_SSL_DTLS_SRTP_MKI_UNSUPPORTED 0
-#define MBEDTLS_SSL_DTLS_SRTP_MKI_SUPPORTED 1
-
-#define MBEDTLS_SSL_SRV_CIPHERSUITE_ORDER_CLIENT 1
-#define MBEDTLS_SSL_SRV_CIPHERSUITE_ORDER_SERVER 0
-
-/*
- * Default range for DTLS retransmission timer value, in milliseconds.
- * RFC 6347 4.2.4.1 says from 1 second to 60 seconds.
- */
-#define MBEDTLS_SSL_DTLS_TIMEOUT_DFL_MIN 1000
-#define MBEDTLS_SSL_DTLS_TIMEOUT_DFL_MAX 60000
-
-/**
- * \name SECTION: Module settings
- *
- * The configuration options you can set for this module are in this section.
- * Either change them in mbedtls_config.h or define them on the compiler command line.
- * \{
- */
-
-/*
- * Maximum fragment length in bytes,
- * determines the size of each of the two internal I/O buffers.
- *
- * Note: the RFC defines the default size of SSL / TLS messages. If you
- * change the value here, other clients / servers may not be able to
- * communicate with you anymore. Only change this value if you control
- * both sides of the connection and have it reduced at both sides, or
- * if you're using the Max Fragment Length extension and you know all your
- * peers are using it too!
- */
-#if !defined(MBEDTLS_SSL_IN_CONTENT_LEN)
-#define MBEDTLS_SSL_IN_CONTENT_LEN 16384
-#endif
-
-#if !defined(MBEDTLS_SSL_OUT_CONTENT_LEN)
-#define MBEDTLS_SSL_OUT_CONTENT_LEN 16384
-#endif
-
-/*
- * Maximum number of heap-allocated bytes for the purpose of
- * DTLS handshake message reassembly and future message buffering.
- */
-#if !defined(MBEDTLS_SSL_DTLS_MAX_BUFFERING)
-#define MBEDTLS_SSL_DTLS_MAX_BUFFERING 32768
-#endif
-
-/*
- * Maximum length of CIDs for incoming and outgoing messages.
- */
-#if !defined(MBEDTLS_SSL_CID_IN_LEN_MAX)
-#define MBEDTLS_SSL_CID_IN_LEN_MAX 32
-#endif
-
-#if !defined(MBEDTLS_SSL_CID_OUT_LEN_MAX)
-#define MBEDTLS_SSL_CID_OUT_LEN_MAX 32
-#endif
-
-#if !defined(MBEDTLS_SSL_CID_TLS1_3_PADDING_GRANULARITY)
-#define MBEDTLS_SSL_CID_TLS1_3_PADDING_GRANULARITY 16
-#endif
-
-/* \} name SECTION: Module settings */
-
-/*
- * Length of the verify data for secure renegotiation
- */
-#define MBEDTLS_SSL_VERIFY_DATA_MAX_LEN 12
-
-/*
- * Signaling ciphersuite values (SCSV)
- */
-#define MBEDTLS_SSL_EMPTY_RENEGOTIATION_INFO 0xFF /**< renegotiation info ext */
-
-/*
- * Supported Signature and Hash algorithms (For TLS 1.2)
- * RFC 5246 section 7.4.1.4.1
- */
-#define MBEDTLS_SSL_HASH_NONE 0
-#define MBEDTLS_SSL_HASH_MD5 1
-#define MBEDTLS_SSL_HASH_SHA1 2
-#define MBEDTLS_SSL_HASH_SHA224 3
-#define MBEDTLS_SSL_HASH_SHA256 4
-#define MBEDTLS_SSL_HASH_SHA384 5
-#define MBEDTLS_SSL_HASH_SHA512 6
-
-#define MBEDTLS_SSL_SIG_ANON 0
-#define MBEDTLS_SSL_SIG_RSA 1
-#define MBEDTLS_SSL_SIG_ECDSA 3
-
-/*
- * TLS 1.3 signature algorithms
- * RFC 8446, Section 4.2.2
- */
-
-/* RSASSA-PKCS1-v1_5 algorithms */
-#define MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA256 0x0401
-#define MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA384 0x0501
-#define MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA512 0x0601
-
-/* ECDSA algorithms */
-#define MBEDTLS_TLS1_3_SIG_ECDSA_SECP256R1_SHA256 0x0403
-#define MBEDTLS_TLS1_3_SIG_ECDSA_SECP384R1_SHA384 0x0503
-#define MBEDTLS_TLS1_3_SIG_ECDSA_SECP521R1_SHA512 0x0603
-
-/* RSASSA-PSS algorithms with public key OID rsaEncryption */
-#define MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA256 0x0804
-#define MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA384 0x0805
-#define MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA512 0x0806
-
-/* EdDSA algorithms */
-#define MBEDTLS_TLS1_3_SIG_ED25519 0x0807
-#define MBEDTLS_TLS1_3_SIG_ED448 0x0808
-
-/* RSASSA-PSS algorithms with public key OID RSASSA-PSS */
-#define MBEDTLS_TLS1_3_SIG_RSA_PSS_PSS_SHA256 0x0809
-#define MBEDTLS_TLS1_3_SIG_RSA_PSS_PSS_SHA384 0x080A
-#define MBEDTLS_TLS1_3_SIG_RSA_PSS_PSS_SHA512 0x080B
-
-/* LEGACY ALGORITHMS */
-#define MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA1 0x0201
-#define MBEDTLS_TLS1_3_SIG_ECDSA_SHA1 0x0203
-
-#define MBEDTLS_TLS1_3_SIG_NONE 0x0
-
-/*
- * Client Certificate Types
- * RFC 5246 section 7.4.4 plus RFC 4492 section 5.5
- */
-#define MBEDTLS_SSL_CERT_TYPE_RSA_SIGN 1
-#define MBEDTLS_SSL_CERT_TYPE_ECDSA_SIGN 64
-
-/*
- * Message, alert and handshake types
- */
-#define MBEDTLS_SSL_MSG_CHANGE_CIPHER_SPEC 20
-#define MBEDTLS_SSL_MSG_ALERT 21
-#define MBEDTLS_SSL_MSG_HANDSHAKE 22
-#define MBEDTLS_SSL_MSG_APPLICATION_DATA 23
-#define MBEDTLS_SSL_MSG_CID 25
-
-#define MBEDTLS_SSL_ALERT_LEVEL_WARNING 1
-#define MBEDTLS_SSL_ALERT_LEVEL_FATAL 2
-
-#define MBEDTLS_SSL_ALERT_MSG_CLOSE_NOTIFY 0 /* 0x00 */
-#define MBEDTLS_SSL_ALERT_MSG_UNEXPECTED_MESSAGE 10 /* 0x0A */
-#define MBEDTLS_SSL_ALERT_MSG_BAD_RECORD_MAC 20 /* 0x14 */
-#define MBEDTLS_SSL_ALERT_MSG_DECRYPTION_FAILED 21 /* 0x15 */
-#define MBEDTLS_SSL_ALERT_MSG_RECORD_OVERFLOW 22 /* 0x16 */
-#define MBEDTLS_SSL_ALERT_MSG_DECOMPRESSION_FAILURE 30 /* 0x1E */
-#define MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE 40 /* 0x28 */
-#define MBEDTLS_SSL_ALERT_MSG_NO_CERT 41 /* 0x29 */
-#define MBEDTLS_SSL_ALERT_MSG_BAD_CERT 42 /* 0x2A */
-#define MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT 43 /* 0x2B */
-#define MBEDTLS_SSL_ALERT_MSG_CERT_REVOKED 44 /* 0x2C */
-#define MBEDTLS_SSL_ALERT_MSG_CERT_EXPIRED 45 /* 0x2D */
-#define MBEDTLS_SSL_ALERT_MSG_CERT_UNKNOWN 46 /* 0x2E */
-#define MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER 47 /* 0x2F */
-#define MBEDTLS_SSL_ALERT_MSG_UNKNOWN_CA 48 /* 0x30 */
-#define MBEDTLS_SSL_ALERT_MSG_ACCESS_DENIED 49 /* 0x31 */
-#define MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR 50 /* 0x32 */
-#define MBEDTLS_SSL_ALERT_MSG_DECRYPT_ERROR 51 /* 0x33 */
-#define MBEDTLS_SSL_ALERT_MSG_EXPORT_RESTRICTION 60 /* 0x3C */
-#define MBEDTLS_SSL_ALERT_MSG_PROTOCOL_VERSION 70 /* 0x46 */
-#define MBEDTLS_SSL_ALERT_MSG_INSUFFICIENT_SECURITY 71 /* 0x47 */
-#define MBEDTLS_SSL_ALERT_MSG_INTERNAL_ERROR 80 /* 0x50 */
-#define MBEDTLS_SSL_ALERT_MSG_INAPROPRIATE_FALLBACK 86 /* 0x56 */
-#define MBEDTLS_SSL_ALERT_MSG_USER_CANCELED 90 /* 0x5A */
-#define MBEDTLS_SSL_ALERT_MSG_NO_RENEGOTIATION 100 /* 0x64 */
-#define MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_EXT 110 /* 0x6E */
-#define MBEDTLS_SSL_ALERT_MSG_UNRECOGNIZED_NAME 112 /* 0x70 */
-#define MBEDTLS_SSL_ALERT_MSG_UNKNOWN_PSK_IDENTITY 115 /* 0x73 */
-#define MBEDTLS_SSL_ALERT_MSG_NO_APPLICATION_PROTOCOL 120 /* 0x78 */
-
-#define MBEDTLS_SSL_HS_HELLO_REQUEST 0
-#define MBEDTLS_SSL_HS_CLIENT_HELLO 1
-#define MBEDTLS_SSL_HS_SERVER_HELLO 2
-#define MBEDTLS_SSL_HS_HELLO_VERIFY_REQUEST 3
-#define MBEDTLS_SSL_HS_NEW_SESSION_TICKET 4
-#define MBEDTLS_SSL_HS_ENCRYPTED_EXTENSIONS 8 // NEW IN TLS 1.3
-#define MBEDTLS_SSL_HS_CERTIFICATE 11
-#define MBEDTLS_SSL_HS_SERVER_KEY_EXCHANGE 12
-#define MBEDTLS_SSL_HS_CERTIFICATE_REQUEST 13
-#define MBEDTLS_SSL_HS_SERVER_HELLO_DONE 14
-#define MBEDTLS_SSL_HS_CERTIFICATE_VERIFY 15
-#define MBEDTLS_SSL_HS_CLIENT_KEY_EXCHANGE 16
-#define MBEDTLS_SSL_HS_FINISHED 20
-
-/*
- * TLS extensions
- */
-#define MBEDTLS_TLS_EXT_SERVERNAME 0
-#define MBEDTLS_TLS_EXT_SERVERNAME_HOSTNAME 0
-
-#define MBEDTLS_TLS_EXT_MAX_FRAGMENT_LENGTH 1
-
-#define MBEDTLS_TLS_EXT_TRUNCATED_HMAC 4
-#define MBEDTLS_TLS_EXT_STATUS_REQUEST 5 /* RFC 6066 TLS 1.2 and 1.3 */
-
-#define MBEDTLS_TLS_EXT_SUPPORTED_ELLIPTIC_CURVES 10
-#define MBEDTLS_TLS_EXT_SUPPORTED_GROUPS 10 /* RFC 8422,7919 TLS 1.2 and 1.3 */
-#define MBEDTLS_TLS_EXT_SUPPORTED_POINT_FORMATS 11
-
-#define MBEDTLS_TLS_EXT_SIG_ALG 13 /* RFC 8446 TLS 1.3 */
-#define MBEDTLS_TLS_EXT_USE_SRTP 14
-#define MBEDTLS_TLS_EXT_HEARTBEAT 15 /* RFC 6520 TLS 1.2 and 1.3 */
-#define MBEDTLS_TLS_EXT_ALPN 16
-
-#define MBEDTLS_TLS_EXT_SCT 18 /* RFC 6962 TLS 1.2 and 1.3 */
-#define MBEDTLS_TLS_EXT_CLI_CERT_TYPE 19 /* RFC 7250 TLS 1.2 and 1.3 */
-#define MBEDTLS_TLS_EXT_SERV_CERT_TYPE 20 /* RFC 7250 TLS 1.2 and 1.3 */
-#define MBEDTLS_TLS_EXT_PADDING 21 /* RFC 7685 TLS 1.2 and 1.3 */
-#define MBEDTLS_TLS_EXT_ENCRYPT_THEN_MAC 22 /* 0x16 */
-#define MBEDTLS_TLS_EXT_EXTENDED_MASTER_SECRET 0x0017 /* 23 */
-
-#define MBEDTLS_TLS_EXT_SESSION_TICKET 35
-
-#define MBEDTLS_TLS_EXT_PRE_SHARED_KEY 41 /* RFC 8446 TLS 1.3 */
-#define MBEDTLS_TLS_EXT_EARLY_DATA 42 /* RFC 8446 TLS 1.3 */
-#define MBEDTLS_TLS_EXT_SUPPORTED_VERSIONS 43 /* RFC 8446 TLS 1.3 */
-#define MBEDTLS_TLS_EXT_COOKIE 44 /* RFC 8446 TLS 1.3 */
-#define MBEDTLS_TLS_EXT_PSK_KEY_EXCHANGE_MODES 45 /* RFC 8446 TLS 1.3 */
-
-#define MBEDTLS_TLS_EXT_CERT_AUTH 47 /* RFC 8446 TLS 1.3 */
-#define MBEDTLS_TLS_EXT_OID_FILTERS 48 /* RFC 8446 TLS 1.3 */
-#define MBEDTLS_TLS_EXT_POST_HANDSHAKE_AUTH 49 /* RFC 8446 TLS 1.3 */
-#define MBEDTLS_TLS_EXT_SIG_ALG_CERT 50 /* RFC 8446 TLS 1.3 */
-#define MBEDTLS_TLS_EXT_KEY_SHARE 51 /* RFC 8446 TLS 1.3 */
-
-/* The value of the CID extension is still TBD as of
- * draft-ietf-tls-dtls-connection-id-05
- * (https://tools.ietf.org/html/draft-ietf-tls-dtls-connection-id-05).
- *
- * A future minor revision of Mbed TLS may change the default value of
- * this option to match evolving standards and usage.
- */
-#if !defined(MBEDTLS_TLS_EXT_CID)
-#define MBEDTLS_TLS_EXT_CID 254 /* TBD */
-#endif
-
-#define MBEDTLS_TLS_EXT_ECJPAKE_KKPP 256 /* experimental */
-
-#define MBEDTLS_TLS_EXT_RENEGOTIATION_INFO 0xFF01
-
-/*
- * Size defines
- */
-#if !defined(MBEDTLS_PSK_MAX_LEN)
-#define MBEDTLS_PSK_MAX_LEN 32 /* 256 bits */
-#endif
-
-/* Dummy type used only for its size */
-union mbedtls_ssl_premaster_secret
-{
-#if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED)
- unsigned char _pms_rsa[48]; /* RFC 5246 8.1.1 */
-#endif
-#if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED)
- unsigned char _pms_dhm[MBEDTLS_MPI_MAX_SIZE]; /* RFC 5246 8.1.2 */
-#endif
-#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \
- defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) || \
- defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) || \
- defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED)
- unsigned char _pms_ecdh[MBEDTLS_ECP_MAX_BYTES]; /* RFC 4492 5.10 */
-#endif
-#if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED)
- unsigned char _pms_psk[4 + 2 * MBEDTLS_PSK_MAX_LEN]; /* RFC 4279 2 */
-#endif
-#if defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED)
- unsigned char _pms_dhe_psk[4 + MBEDTLS_MPI_MAX_SIZE
- + MBEDTLS_PSK_MAX_LEN]; /* RFC 4279 3 */
-#endif
-#if defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED)
- unsigned char _pms_rsa_psk[52 + MBEDTLS_PSK_MAX_LEN]; /* RFC 4279 4 */
-#endif
-#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED)
- unsigned char _pms_ecdhe_psk[4 + MBEDTLS_ECP_MAX_BYTES
- + MBEDTLS_PSK_MAX_LEN]; /* RFC 5489 2 */
-#endif
-#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
- unsigned char _pms_ecjpake[32]; /* Thread spec: SHA-256 output */
-#endif
-};
-
-#define MBEDTLS_PREMASTER_SIZE sizeof( union mbedtls_ssl_premaster_secret )
-
-#define MBEDTLS_TLS1_3_MD_MAX_SIZE MBEDTLS_MD_MAX_SIZE
-
-/* Length in number of bytes of the TLS sequence number */
-#define MBEDTLS_SSL_SEQUENCE_NUMBER_LEN 8
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/*
- * SSL state machine
- */
-typedef enum
-{
- MBEDTLS_SSL_HELLO_REQUEST,
- MBEDTLS_SSL_CLIENT_HELLO,
- MBEDTLS_SSL_SERVER_HELLO,
- MBEDTLS_SSL_SERVER_CERTIFICATE,
- MBEDTLS_SSL_SERVER_KEY_EXCHANGE,
- MBEDTLS_SSL_CERTIFICATE_REQUEST,
- MBEDTLS_SSL_SERVER_HELLO_DONE,
- MBEDTLS_SSL_CLIENT_CERTIFICATE,
- MBEDTLS_SSL_CLIENT_KEY_EXCHANGE,
- MBEDTLS_SSL_CERTIFICATE_VERIFY,
- MBEDTLS_SSL_CLIENT_CHANGE_CIPHER_SPEC,
- MBEDTLS_SSL_CLIENT_FINISHED,
- MBEDTLS_SSL_SERVER_CHANGE_CIPHER_SPEC,
- MBEDTLS_SSL_SERVER_FINISHED,
- MBEDTLS_SSL_FLUSH_BUFFERS,
- MBEDTLS_SSL_HANDSHAKE_WRAPUP,
- MBEDTLS_SSL_HANDSHAKE_OVER,
- MBEDTLS_SSL_SERVER_NEW_SESSION_TICKET,
- MBEDTLS_SSL_SERVER_HELLO_VERIFY_REQUEST_SENT,
-#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
- MBEDTLS_SSL_ENCRYPTED_EXTENSIONS,
- MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY,
-#if defined(MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE)
- MBEDTLS_SSL_CLIENT_CCS_AFTER_SERVER_FINISHED,
-#endif /* MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE */
-#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
-}
-mbedtls_ssl_states;
-
-/**
- * \brief Callback type: send data on the network.
- *
- * \note That callback may be either blocking or non-blocking.
- *
- * \param ctx Context for the send callback (typically a file descriptor)
- * \param buf Buffer holding the data to send
- * \param len Length of the data to send
- *
- * \return The callback must return the number of bytes sent if any,
- * or a non-zero error code.
- * If performing non-blocking I/O, \c MBEDTLS_ERR_SSL_WANT_WRITE
- * must be returned when the operation would block.
- *
- * \note The callback is allowed to send fewer bytes than requested.
- * It must always return the number of bytes actually sent.
- */
-typedef int mbedtls_ssl_send_t( void *ctx,
- const unsigned char *buf,
- size_t len );
-
-/**
- * \brief Callback type: receive data from the network.
- *
- * \note That callback may be either blocking or non-blocking.
- *
- * \param ctx Context for the receive callback (typically a file
- * descriptor)
- * \param buf Buffer to write the received data to
- * \param len Length of the receive buffer
- *
- * \returns If data has been received, the positive number of bytes received.
- * \returns \c 0 if the connection has been closed.
- * \returns If performing non-blocking I/O, \c MBEDTLS_ERR_SSL_WANT_READ
- * must be returned when the operation would block.
- * \returns Another negative error code on other kinds of failures.
- *
- * \note The callback may receive fewer bytes than the length of the
- * buffer. It must always return the number of bytes actually
- * received and written to the buffer.
- */
-typedef int mbedtls_ssl_recv_t( void *ctx,
- unsigned char *buf,
- size_t len );
-
-/**
- * \brief Callback type: receive data from the network, with timeout
- *
- * \note That callback must block until data is received, or the
- * timeout delay expires, or the operation is interrupted by a
- * signal.
- *
- * \param ctx Context for the receive callback (typically a file descriptor)
- * \param buf Buffer to write the received data to
- * \param len Length of the receive buffer
- * \param timeout Maximum number of milliseconds to wait for data
- * 0 means no timeout (potentially waiting forever)
- *
- * \return The callback must return the number of bytes received,
- * or a non-zero error code:
- * \c MBEDTLS_ERR_SSL_TIMEOUT if the operation timed out,
- * \c MBEDTLS_ERR_SSL_WANT_READ if interrupted by a signal.
- *
- * \note The callback may receive fewer bytes than the length of the
- * buffer. It must always return the number of bytes actually
- * received and written to the buffer.
- */
-typedef int mbedtls_ssl_recv_timeout_t( void *ctx,
- unsigned char *buf,
- size_t len,
- uint32_t timeout );
-/**
- * \brief Callback type: set a pair of timers/delays to watch
- *
- * \param ctx Context pointer
- * \param int_ms Intermediate delay in milliseconds
- * \param fin_ms Final delay in milliseconds
- * 0 cancels the current timer.
- *
- * \note This callback must at least store the necessary information
- * for the associated \c mbedtls_ssl_get_timer_t callback to
- * return correct information.
- *
- * \note If using a event-driven style of programming, an event must
- * be generated when the final delay is passed. The event must
- * cause a call to \c mbedtls_ssl_handshake() with the proper
- * SSL context to be scheduled. Care must be taken to ensure
- * that at most one such call happens at a time.
- *
- * \note Only one timer at a time must be running. Calling this
- * function while a timer is running must cancel it. Cancelled
- * timers must not generate any event.
- */
-typedef void mbedtls_ssl_set_timer_t( void * ctx,
- uint32_t int_ms,
- uint32_t fin_ms );
-
-/**
- * \brief Callback type: get status of timers/delays
- *
- * \param ctx Context pointer
- *
- * \return This callback must return:
- * -1 if cancelled (fin_ms == 0),
- * 0 if none of the delays have passed,
- * 1 if only the intermediate delay has passed,
- * 2 if the final delay has passed.
- */
-typedef int mbedtls_ssl_get_timer_t( void * ctx );
-
-/* Defined below */
-typedef struct mbedtls_ssl_session mbedtls_ssl_session;
-typedef struct mbedtls_ssl_context mbedtls_ssl_context;
-typedef struct mbedtls_ssl_config mbedtls_ssl_config;
-
-/* Defined in library/ssl_misc.h */
-typedef struct mbedtls_ssl_transform mbedtls_ssl_transform;
-typedef struct mbedtls_ssl_handshake_params mbedtls_ssl_handshake_params;
-typedef struct mbedtls_ssl_sig_hash_set_t mbedtls_ssl_sig_hash_set_t;
-#if defined(MBEDTLS_X509_CRT_PARSE_C)
-typedef struct mbedtls_ssl_key_cert mbedtls_ssl_key_cert;
-#endif
-#if defined(MBEDTLS_SSL_PROTO_DTLS)
-typedef struct mbedtls_ssl_flight_item mbedtls_ssl_flight_item;
-#endif
-
-/**
- * \brief Callback type: server-side session cache getter
- *
- * The session cache is logically a key value store, with
- * keys being session IDs and values being instances of
- * mbedtls_ssl_session.
- *
- * This callback retrieves an entry in this key-value store.
- *
- * \param data The address of the session cache structure to query.
- * \param session_id The buffer holding the session ID to query.
- * \param session_id_len The length of \p session_id in Bytes.
- * \param session The address of the session structure to populate.
- * It is initialized with mbdtls_ssl_session_init(),
- * and the callback must always leave it in a state
- * where it can safely be freed via
- * mbedtls_ssl_session_free() independent of the
- * return code of this function.
- *
- * \return \c 0 on success
- * \return A non-zero return value on failure.
- *
- */
-typedef int mbedtls_ssl_cache_get_t( void *data,
- unsigned char const *session_id,
- size_t session_id_len,
- mbedtls_ssl_session *session );
-/**
- * \brief Callback type: server-side session cache setter
- *
- * The session cache is logically a key value store, with
- * keys being session IDs and values being instances of
- * mbedtls_ssl_session.
- *
- * This callback sets an entry in this key-value store.
- *
- * \param data The address of the session cache structure to modify.
- * \param session_id The buffer holding the session ID to query.
- * \param session_id_len The length of \p session_id in Bytes.
- * \param session The address of the session to be stored in the
- * session cache.
- *
- * \return \c 0 on success
- * \return A non-zero return value on failure.
- */
-typedef int mbedtls_ssl_cache_set_t( void *data,
- unsigned char const *session_id,
- size_t session_id_len,
- const mbedtls_ssl_session *session );
-
-#if defined(MBEDTLS_SSL_ASYNC_PRIVATE)
-#if defined(MBEDTLS_X509_CRT_PARSE_C)
-/**
- * \brief Callback type: start external signature operation.
- *
- * This callback is called during an SSL handshake to start
- * a signature decryption operation using an
- * external processor. The parameter \p cert contains
- * the public key; it is up to the callback function to
- * determine how to access the associated private key.
- *
- * This function typically sends or enqueues a request, and
- * does not wait for the operation to complete. This allows
- * the handshake step to be non-blocking.
- *
- * The parameters \p ssl and \p cert are guaranteed to remain
- * valid throughout the handshake. On the other hand, this
- * function must save the contents of \p hash if the value
- * is needed for later processing, because the \p hash buffer
- * is no longer valid after this function returns.
- *
- * This function may call mbedtls_ssl_set_async_operation_data()
- * to store an operation context for later retrieval
- * by the resume or cancel callback.
- *
- * \note For RSA signatures, this function must produce output
- * that is consistent with PKCS#1 v1.5 in the same way as
- * mbedtls_rsa_pkcs1_sign(). Before the private key operation,
- * apply the padding steps described in RFC 8017, section 9.2
- * "EMSA-PKCS1-v1_5" as follows.
- * - If \p md_alg is #MBEDTLS_MD_NONE, apply the PKCS#1 v1.5
- * encoding, treating \p hash as the DigestInfo to be
- * padded. In other words, apply EMSA-PKCS1-v1_5 starting
- * from step 3, with `T = hash` and `tLen = hash_len`.
- * - If `md_alg != MBEDTLS_MD_NONE`, apply the PKCS#1 v1.5
- * encoding, treating \p hash as the hash to be encoded and
- * padded. In other words, apply EMSA-PKCS1-v1_5 starting
- * from step 2, with `digestAlgorithm` obtained by calling
- * mbedtls_oid_get_oid_by_md() on \p md_alg.
- *
- * \note For ECDSA signatures, the output format is the DER encoding
- * `Ecdsa-Sig-Value` defined in
- * [RFC 4492 section 5.4](https://tools.ietf.org/html/rfc4492#section-5.4).
- *
- * \param ssl The SSL connection instance. It should not be
- * modified other than via
- * mbedtls_ssl_set_async_operation_data().
- * \param cert Certificate containing the public key.
- * In simple cases, this is one of the pointers passed to
- * mbedtls_ssl_conf_own_cert() when configuring the SSL
- * connection. However, if other callbacks are used, this
- * property may not hold. For example, if an SNI callback
- * is registered with mbedtls_ssl_conf_sni(), then
- * this callback determines what certificate is used.
- * \param md_alg Hash algorithm.
- * \param hash Buffer containing the hash. This buffer is
- * no longer valid when the function returns.
- * \param hash_len Size of the \c hash buffer in bytes.
- *
- * \return 0 if the operation was started successfully and the SSL
- * stack should call the resume callback immediately.
- * \return #MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS if the operation
- * was started successfully and the SSL stack should return
- * immediately without calling the resume callback yet.
- * \return #MBEDTLS_ERR_SSL_HW_ACCEL_FALLTHROUGH if the external
- * processor does not support this key. The SSL stack will
- * use the private key object instead.
- * \return Any other error indicates a fatal failure and is
- * propagated up the call chain. The callback should
- * use \c MBEDTLS_ERR_PK_xxx error codes, and must not
- * use \c MBEDTLS_ERR_SSL_xxx error codes except as
- * directed in the documentation of this callback.
- */
-typedef int mbedtls_ssl_async_sign_t( mbedtls_ssl_context *ssl,
- mbedtls_x509_crt *cert,
- mbedtls_md_type_t md_alg,
- const unsigned char *hash,
- size_t hash_len );
-
-/**
- * \brief Callback type: start external decryption operation.
- *
- * This callback is called during an SSL handshake to start
- * an RSA decryption operation using an
- * external processor. The parameter \p cert contains
- * the public key; it is up to the callback function to
- * determine how to access the associated private key.
- *
- * This function typically sends or enqueues a request, and
- * does not wait for the operation to complete. This allows
- * the handshake step to be non-blocking.
- *
- * The parameters \p ssl and \p cert are guaranteed to remain
- * valid throughout the handshake. On the other hand, this
- * function must save the contents of \p input if the value
- * is needed for later processing, because the \p input buffer
- * is no longer valid after this function returns.
- *
- * This function may call mbedtls_ssl_set_async_operation_data()
- * to store an operation context for later retrieval
- * by the resume or cancel callback.
- *
- * \warning RSA decryption as used in TLS is subject to a potential
- * timing side channel attack first discovered by Bleichenbacher
- * in 1998. This attack can be remotely exploitable
- * in practice. To avoid this attack, you must ensure that
- * if the callback performs an RSA decryption, the time it
- * takes to execute and return the result does not depend
- * on whether the RSA decryption succeeded or reported
- * invalid padding.
- *
- * \param ssl The SSL connection instance. It should not be
- * modified other than via
- * mbedtls_ssl_set_async_operation_data().
- * \param cert Certificate containing the public key.
- * In simple cases, this is one of the pointers passed to
- * mbedtls_ssl_conf_own_cert() when configuring the SSL
- * connection. However, if other callbacks are used, this
- * property may not hold. For example, if an SNI callback
- * is registered with mbedtls_ssl_conf_sni(), then
- * this callback determines what certificate is used.
- * \param input Buffer containing the input ciphertext. This buffer
- * is no longer valid when the function returns.
- * \param input_len Size of the \p input buffer in bytes.
- *
- * \return 0 if the operation was started successfully and the SSL
- * stack should call the resume callback immediately.
- * \return #MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS if the operation
- * was started successfully and the SSL stack should return
- * immediately without calling the resume callback yet.
- * \return #MBEDTLS_ERR_SSL_HW_ACCEL_FALLTHROUGH if the external
- * processor does not support this key. The SSL stack will
- * use the private key object instead.
- * \return Any other error indicates a fatal failure and is
- * propagated up the call chain. The callback should
- * use \c MBEDTLS_ERR_PK_xxx error codes, and must not
- * use \c MBEDTLS_ERR_SSL_xxx error codes except as
- * directed in the documentation of this callback.
- */
-typedef int mbedtls_ssl_async_decrypt_t( mbedtls_ssl_context *ssl,
- mbedtls_x509_crt *cert,
- const unsigned char *input,
- size_t input_len );
-#endif /* MBEDTLS_X509_CRT_PARSE_C */
-
-/**
- * \brief Callback type: resume external operation.
- *
- * This callback is called during an SSL handshake to resume
- * an external operation started by the
- * ::mbedtls_ssl_async_sign_t or
- * ::mbedtls_ssl_async_decrypt_t callback.
- *
- * This function typically checks the status of a pending
- * request or causes the request queue to make progress, and
- * does not wait for the operation to complete. This allows
- * the handshake step to be non-blocking.
- *
- * This function may call mbedtls_ssl_get_async_operation_data()
- * to retrieve an operation context set by the start callback.
- * It may call mbedtls_ssl_set_async_operation_data() to modify
- * this context.
- *
- * Note that when this function returns a status other than
- * #MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS, it must free any
- * resources associated with the operation.
- *
- * \param ssl The SSL connection instance. It should not be
- * modified other than via
- * mbedtls_ssl_set_async_operation_data().
- * \param output Buffer containing the output (signature or decrypted
- * data) on success.
- * \param output_len On success, number of bytes written to \p output.
- * \param output_size Size of the \p output buffer in bytes.
- *
- * \return 0 if output of the operation is available in the
- * \p output buffer.
- * \return #MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS if the operation
- * is still in progress. Subsequent requests for progress
- * on the SSL connection will call the resume callback
- * again.
- * \return Any other error means that the operation is aborted.
- * The SSL handshake is aborted. The callback should
- * use \c MBEDTLS_ERR_PK_xxx error codes, and must not
- * use \c MBEDTLS_ERR_SSL_xxx error codes except as
- * directed in the documentation of this callback.
- */
-typedef int mbedtls_ssl_async_resume_t( mbedtls_ssl_context *ssl,
- unsigned char *output,
- size_t *output_len,
- size_t output_size );
-
-/**
- * \brief Callback type: cancel external operation.
- *
- * This callback is called if an SSL connection is closed
- * while an asynchronous operation is in progress. Note that
- * this callback is not called if the
- * ::mbedtls_ssl_async_resume_t callback has run and has
- * returned a value other than
- * #MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS, since in that case
- * the asynchronous operation has already completed.
- *
- * This function may call mbedtls_ssl_get_async_operation_data()
- * to retrieve an operation context set by the start callback.
- *
- * \param ssl The SSL connection instance. It should not be
- * modified.
- */
-typedef void mbedtls_ssl_async_cancel_t( mbedtls_ssl_context *ssl );
-#endif /* MBEDTLS_SSL_ASYNC_PRIVATE */
-
-#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) && \
- !defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
-#define MBEDTLS_SSL_PEER_CERT_DIGEST_MAX_LEN 48
-#if defined(MBEDTLS_SHA256_C)
-#define MBEDTLS_SSL_PEER_CERT_DIGEST_DFL_TYPE MBEDTLS_MD_SHA256
-#define MBEDTLS_SSL_PEER_CERT_DIGEST_DFL_LEN 32
-#elif defined(MBEDTLS_SHA384_C)
-#define MBEDTLS_SSL_PEER_CERT_DIGEST_DFL_TYPE MBEDTLS_MD_SHA384
-#define MBEDTLS_SSL_PEER_CERT_DIGEST_DFL_LEN 48
-#elif defined(MBEDTLS_SHA1_C)
-#define MBEDTLS_SSL_PEER_CERT_DIGEST_DFL_TYPE MBEDTLS_MD_SHA1
-#define MBEDTLS_SSL_PEER_CERT_DIGEST_DFL_LEN 20
-#else
-/* This is already checked in check_config.h, but be sure. */
-#error "Bad configuration - need SHA-1, SHA-256 or SHA-512 enabled to compute digest of peer CRT."
-#endif
-#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED &&
- !MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
-
-typedef struct
-{
- unsigned char client_application_traffic_secret_N[ MBEDTLS_TLS1_3_MD_MAX_SIZE ];
- unsigned char server_application_traffic_secret_N[ MBEDTLS_TLS1_3_MD_MAX_SIZE ];
- unsigned char exporter_master_secret [ MBEDTLS_TLS1_3_MD_MAX_SIZE ];
- unsigned char resumption_master_secret [ MBEDTLS_TLS1_3_MD_MAX_SIZE ];
-} mbedtls_ssl_tls13_application_secrets;
-
-#if defined(MBEDTLS_SSL_DTLS_SRTP)
-
-#define MBEDTLS_TLS_SRTP_MAX_MKI_LENGTH 255
-#define MBEDTLS_TLS_SRTP_MAX_PROFILE_LIST_LENGTH 4
-/*
- * For code readability use a typedef for DTLS-SRTP profiles
- *
- * Use_srtp extension protection profiles values as defined in
- * http://www.iana.org/assignments/srtp-protection/srtp-protection.xhtml
- *
- * Reminder: if this list is expanded mbedtls_ssl_check_srtp_profile_value
- * must be updated too.
- */
-#define MBEDTLS_TLS_SRTP_AES128_CM_HMAC_SHA1_80 ( (uint16_t) 0x0001)
-#define MBEDTLS_TLS_SRTP_AES128_CM_HMAC_SHA1_32 ( (uint16_t) 0x0002)
-#define MBEDTLS_TLS_SRTP_NULL_HMAC_SHA1_80 ( (uint16_t) 0x0005)
-#define MBEDTLS_TLS_SRTP_NULL_HMAC_SHA1_32 ( (uint16_t) 0x0006)
-/* This one is not iana defined, but for code readability. */
-#define MBEDTLS_TLS_SRTP_UNSET ( (uint16_t) 0x0000)
-
-typedef uint16_t mbedtls_ssl_srtp_profile;
-
-typedef struct mbedtls_dtls_srtp_info_t
-{
- /*! The SRTP profile that was negotiated. */
- mbedtls_ssl_srtp_profile MBEDTLS_PRIVATE(chosen_dtls_srtp_profile);
- /*! The length of mki_value. */
- uint16_t MBEDTLS_PRIVATE(mki_len);
- /*! The mki_value used, with max size of 256 bytes. */
- unsigned char MBEDTLS_PRIVATE(mki_value)[MBEDTLS_TLS_SRTP_MAX_MKI_LENGTH];
-}
-mbedtls_dtls_srtp_info;
-
-#endif /* MBEDTLS_SSL_DTLS_SRTP */
-
-/*
- * This structure is used for storing current session data.
- *
- * Note: when changing this definition, we need to check and update:
- * - in tests/suites/test_suite_ssl.function:
- * ssl_populate_session() and ssl_serialize_session_save_load()
- * - in library/ssl_tls.c:
- * mbedtls_ssl_session_init() and mbedtls_ssl_session_free()
- * mbedtls_ssl_session_save() and ssl_session_load()
- * ssl_session_copy()
- */
-struct mbedtls_ssl_session
-{
-#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
- unsigned char MBEDTLS_PRIVATE(mfl_code); /*!< MaxFragmentLength negotiated by peer */
-#endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */
-
- unsigned char MBEDTLS_PRIVATE(exported);
-
- /* This field is temporarily duplicated with mbedtls_ssl_context.minor_ver.
- * Once runtime negotiation of TLS 1.2 and TLS 1.3 is implemented, it needs
- * to be studied whether one of them can be removed. */
- unsigned char MBEDTLS_PRIVATE(minor_ver); /*!< The TLS version used in the session. */
-
-#if defined(MBEDTLS_HAVE_TIME)
- mbedtls_time_t MBEDTLS_PRIVATE(start); /*!< starting time */
-#endif
- int MBEDTLS_PRIVATE(ciphersuite); /*!< chosen ciphersuite */
- int MBEDTLS_PRIVATE(compression); /*!< chosen compression */
- size_t MBEDTLS_PRIVATE(id_len); /*!< session id length */
- unsigned char MBEDTLS_PRIVATE(id)[32]; /*!< session identifier */
- unsigned char MBEDTLS_PRIVATE(master)[48]; /*!< the master secret */
-
-#if defined(MBEDTLS_X509_CRT_PARSE_C)
-#if defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
- mbedtls_x509_crt *MBEDTLS_PRIVATE(peer_cert); /*!< peer X.509 cert chain */
-#else /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
- /*! The digest of the peer's end-CRT. This must be kept to detect CRT
- * changes during renegotiation, mitigating the triple handshake attack. */
- unsigned char *MBEDTLS_PRIVATE(peer_cert_digest);
- size_t MBEDTLS_PRIVATE(peer_cert_digest_len);
- mbedtls_md_type_t MBEDTLS_PRIVATE(peer_cert_digest_type);
-#endif /* !MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
-#endif /* MBEDTLS_X509_CRT_PARSE_C */
- uint32_t MBEDTLS_PRIVATE(verify_result); /*!< verification result */
-
-#if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_CLI_C)
- unsigned char *MBEDTLS_PRIVATE(ticket); /*!< RFC 5077 session ticket */
- size_t MBEDTLS_PRIVATE(ticket_len); /*!< session ticket length */
- uint32_t MBEDTLS_PRIVATE(ticket_lifetime); /*!< ticket lifetime hint */
-#endif /* MBEDTLS_SSL_SESSION_TICKETS && MBEDTLS_SSL_CLI_C */
-
-#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
- int MBEDTLS_PRIVATE(encrypt_then_mac); /*!< flag for EtM activation */
-#endif
-
-#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
- mbedtls_ssl_tls13_application_secrets MBEDTLS_PRIVATE(app_secrets);
-#endif
-};
-
-/*
- * Identifiers for PRFs used in various versions of TLS.
- */
-typedef enum
-{
- MBEDTLS_SSL_TLS_PRF_NONE,
- MBEDTLS_SSL_TLS_PRF_SHA384,
- MBEDTLS_SSL_TLS_PRF_SHA256,
- MBEDTLS_SSL_HKDF_EXPAND_SHA384,
- MBEDTLS_SSL_HKDF_EXPAND_SHA256
-}
-mbedtls_tls_prf_types;
-
-typedef enum
-{
- MBEDTLS_SSL_KEY_EXPORT_TLS12_MASTER_SECRET = 0,
-#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
- MBEDTLS_SSL_KEY_EXPORT_TLS1_3_CLIENT_EARLY_SECRET,
- MBEDTLS_SSL_KEY_EXPORT_TLS1_3_EARLY_EXPORTER_SECRET,
- MBEDTLS_SSL_KEY_EXPORT_TLS1_3_CLIENT_HANDSHAKE_TRAFFIC_SECRET,
- MBEDTLS_SSL_KEY_EXPORT_TLS1_3_SERVER_HANDSHAKE_TRAFFIC_SECRET,
- MBEDTLS_SSL_KEY_EXPORT_TLS1_3_CLIENT_APPLICATION_TRAFFIC_SECRET,
- MBEDTLS_SSL_KEY_EXPORT_TLS1_3_SERVER_APPLICATION_TRAFFIC_SECRET,
-#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
-} mbedtls_ssl_key_export_type;
-
-/**
- * \brief Callback type: Export key alongside random values for
- * session identification, and PRF for
- * implementation of TLS key exporters.
- *
- * \param p_expkey Context for the callback.
- * \param type The type of the key that is being exported.
- * \param secret The address of the buffer holding the secret
- * that's being exporterd.
- * \param secret_len The length of \p secret in bytes.
- * \param client_random The client random bytes.
- * \param server_random The server random bytes.
- * \param tls_prf_type The identifier for the PRF used in the handshake
- * to which the key belongs.
- */
-typedef void mbedtls_ssl_export_keys_t( void *p_expkey,
- mbedtls_ssl_key_export_type type,
- const unsigned char *secret,
- size_t secret_len,
- const unsigned char client_random[32],
- const unsigned char server_random[32],
- mbedtls_tls_prf_types tls_prf_type );
-
-/**
- * SSL/TLS configuration to be shared between mbedtls_ssl_context structures.
- */
-struct mbedtls_ssl_config
-{
- /* Group items mostly by size. This helps to reduce memory wasted to
- * padding. It also helps to keep smaller fields early in the structure,
- * so that elements tend to be in the 128-element direct access window
- * on Arm Thumb, which reduces the code size. */
-
- unsigned char MBEDTLS_PRIVATE(max_major_ver); /*!< max. major version used */
- unsigned char MBEDTLS_PRIVATE(max_minor_ver); /*!< max. minor version used */
- unsigned char MBEDTLS_PRIVATE(min_major_ver); /*!< min. major version used */
- unsigned char MBEDTLS_PRIVATE(min_minor_ver); /*!< min. minor version used */
-
- /*
- * Flags (could be bit-fields to save RAM, but separate bytes make
- * the code smaller on architectures with an instruction for direct
- * byte access).
- */
-
- uint8_t MBEDTLS_PRIVATE(endpoint); /*!< 0: client, 1: server */
- uint8_t MBEDTLS_PRIVATE(transport); /*!< 0: stream (TLS), 1: datagram (DTLS) */
- uint8_t MBEDTLS_PRIVATE(authmode); /*!< MBEDTLS_SSL_VERIFY_XXX */
- /* needed even with renego disabled for LEGACY_BREAK_HANDSHAKE */
- uint8_t MBEDTLS_PRIVATE(allow_legacy_renegotiation); /*!< MBEDTLS_LEGACY_XXX */
-#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
- uint8_t MBEDTLS_PRIVATE(mfl_code); /*!< desired fragment length indicator
- (MBEDTLS_SSL_MAX_FRAG_LEN_XXX) */
-#endif
-#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
- uint8_t MBEDTLS_PRIVATE(encrypt_then_mac); /*!< negotiate encrypt-then-mac? */
-#endif
-#if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET)
- uint8_t MBEDTLS_PRIVATE(extended_ms); /*!< negotiate extended master secret? */
-#endif
-#if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY)
- uint8_t MBEDTLS_PRIVATE(anti_replay); /*!< detect and prevent replay? */
-#endif
-#if defined(MBEDTLS_SSL_RENEGOTIATION)
- uint8_t MBEDTLS_PRIVATE(disable_renegotiation); /*!< disable renegotiation? */
-#endif
-#if defined(MBEDTLS_SSL_SESSION_TICKETS)
- uint8_t MBEDTLS_PRIVATE(session_tickets); /*!< use session tickets? */
-#endif
-#if defined(MBEDTLS_SSL_SRV_C)
- uint8_t MBEDTLS_PRIVATE(cert_req_ca_list); /*!< enable sending CA list in
- Certificate Request messages? */
- uint8_t MBEDTLS_PRIVATE(respect_cli_pref); /*!< pick the ciphersuite according to
- the client's preferences rather
- than ours? */
-#endif
-#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
- uint8_t MBEDTLS_PRIVATE(ignore_unexpected_cid); /*!< Should DTLS record with
- * unexpected CID
- * lead to failure? */
-#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
-#if defined(MBEDTLS_SSL_DTLS_SRTP)
- uint8_t MBEDTLS_PRIVATE(dtls_srtp_mki_support); /* support having mki_value
- in the use_srtp extension? */
-#endif
-
- /*
- * Pointers
- */
-
- /** Allowed ciphersuites for (D)TLS 1.2 (0-terminated) */
- const int *MBEDTLS_PRIVATE(ciphersuite_list);
-
-#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
- /** Allowed TLS 1.3 key exchange modes. */
- int MBEDTLS_PRIVATE(tls13_kex_modes);
-#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
-
- /** Callback for printing debug output */
- void (*MBEDTLS_PRIVATE(f_dbg))(void *, int, const char *, int, const char *);
- void *MBEDTLS_PRIVATE(p_dbg); /*!< context for the debug function */
-
- /** Callback for getting (pseudo-)random numbers */
- int (*MBEDTLS_PRIVATE(f_rng))(void *, unsigned char *, size_t);
- void *MBEDTLS_PRIVATE(p_rng); /*!< context for the RNG function */
-
- /** Callback to retrieve a session from the cache */
- mbedtls_ssl_cache_get_t *MBEDTLS_PRIVATE(f_get_cache);
- /** Callback to store a session into the cache */
- mbedtls_ssl_cache_set_t *MBEDTLS_PRIVATE(f_set_cache);
- void *MBEDTLS_PRIVATE(p_cache); /*!< context for cache callbacks */
-
-#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
- /** Callback for setting cert according to SNI extension */
- int (*MBEDTLS_PRIVATE(f_sni))(void *, mbedtls_ssl_context *, const unsigned char *, size_t);
- void *MBEDTLS_PRIVATE(p_sni); /*!< context for SNI callback */
-#endif
-
-#if defined(MBEDTLS_X509_CRT_PARSE_C)
- /** Callback to customize X.509 certificate chain verification */
- int (*MBEDTLS_PRIVATE(f_vrfy))(void *, mbedtls_x509_crt *, int, uint32_t *);
- void *MBEDTLS_PRIVATE(p_vrfy); /*!< context for X.509 verify calllback */
-#endif
-
-#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
- /** Callback to retrieve PSK key from identity */
- int (*MBEDTLS_PRIVATE(f_psk))(void *, mbedtls_ssl_context *, const unsigned char *, size_t);
- void *MBEDTLS_PRIVATE(p_psk); /*!< context for PSK callback */
-#endif
-
-#if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY) && defined(MBEDTLS_SSL_SRV_C)
- /** Callback to create & write a cookie for ClientHello veirifcation */
- int (*MBEDTLS_PRIVATE(f_cookie_write))( void *, unsigned char **, unsigned char *,
- const unsigned char *, size_t );
- /** Callback to verify validity of a ClientHello cookie */
- int (*MBEDTLS_PRIVATE(f_cookie_check))( void *, const unsigned char *, size_t,
- const unsigned char *, size_t );
- void *MBEDTLS_PRIVATE(p_cookie); /*!< context for the cookie callbacks */
-#endif
-
-#if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_SRV_C)
- /** Callback to create & write a session ticket */
- int (*MBEDTLS_PRIVATE(f_ticket_write))( void *, const mbedtls_ssl_session *,
- unsigned char *, const unsigned char *, size_t *, uint32_t * );
- /** Callback to parse a session ticket into a session structure */
- int (*MBEDTLS_PRIVATE(f_ticket_parse))( void *, mbedtls_ssl_session *, unsigned char *, size_t);
- void *MBEDTLS_PRIVATE(p_ticket); /*!< context for the ticket callbacks */
-#endif /* MBEDTLS_SSL_SESSION_TICKETS && MBEDTLS_SSL_SRV_C */
-
-#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
- size_t MBEDTLS_PRIVATE(cid_len); /*!< The length of CIDs for incoming DTLS records. */
-#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
-
-#if defined(MBEDTLS_X509_CRT_PARSE_C)
- const mbedtls_x509_crt_profile *MBEDTLS_PRIVATE(cert_profile); /*!< verification profile */
- mbedtls_ssl_key_cert *MBEDTLS_PRIVATE(key_cert); /*!< own certificate/key pair(s) */
- mbedtls_x509_crt *MBEDTLS_PRIVATE(ca_chain); /*!< trusted CAs */
- mbedtls_x509_crl *MBEDTLS_PRIVATE(ca_crl); /*!< trusted CAs CRLs */
-#if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK)
- mbedtls_x509_crt_ca_cb_t MBEDTLS_PRIVATE(f_ca_cb);
- void *MBEDTLS_PRIVATE(p_ca_cb);
-#endif /* MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK */
-#endif /* MBEDTLS_X509_CRT_PARSE_C */
-
-#if defined(MBEDTLS_SSL_ASYNC_PRIVATE)
-#if defined(MBEDTLS_X509_CRT_PARSE_C)
- mbedtls_ssl_async_sign_t *MBEDTLS_PRIVATE(f_async_sign_start); /*!< start asynchronous signature operation */
- mbedtls_ssl_async_decrypt_t *MBEDTLS_PRIVATE(f_async_decrypt_start); /*!< start asynchronous decryption operation */
-#endif /* MBEDTLS_X509_CRT_PARSE_C */
- mbedtls_ssl_async_resume_t *MBEDTLS_PRIVATE(f_async_resume); /*!< resume asynchronous operation */
- mbedtls_ssl_async_cancel_t *MBEDTLS_PRIVATE(f_async_cancel); /*!< cancel asynchronous operation */
- void *MBEDTLS_PRIVATE(p_async_config_data); /*!< Configuration data set by mbedtls_ssl_conf_async_private_cb(). */
-#endif /* MBEDTLS_SSL_ASYNC_PRIVATE */
-
-#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
- const int *MBEDTLS_PRIVATE(sig_hashes); /*!< allowed signature hashes */
-
-#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
- const uint16_t *MBEDTLS_PRIVATE(tls13_sig_algs); /*!< allowed signature algorithms for TLS 1.3 */
-#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
-#endif
-
-#if defined(MBEDTLS_ECP_C) && !defined(MBEDTLS_DEPRECATED_REMOVED)
- const mbedtls_ecp_group_id *MBEDTLS_PRIVATE(curve_list); /*!< allowed curves */
-#endif
-
- const uint16_t *MBEDTLS_PRIVATE(group_list); /*!< allowed IANA NamedGroups */
-
-#if defined(MBEDTLS_DHM_C)
- mbedtls_mpi MBEDTLS_PRIVATE(dhm_P); /*!< prime modulus for DHM */
- mbedtls_mpi MBEDTLS_PRIVATE(dhm_G); /*!< generator for DHM */
-#endif
-
-#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
-
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
- psa_key_id_t MBEDTLS_PRIVATE(psk_opaque); /*!< PSA key slot holding opaque PSK. This field
- * should only be set via
- * mbedtls_ssl_conf_psk_opaque().
- * If either no PSK or a raw PSK have been
- * configured, this has value \c 0.
- */
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
-
- unsigned char *MBEDTLS_PRIVATE(psk); /*!< The raw pre-shared key. This field should
- * only be set via mbedtls_ssl_conf_psk().
- * If either no PSK or an opaque PSK
- * have been configured, this has value NULL. */
- size_t MBEDTLS_PRIVATE(psk_len); /*!< The length of the raw pre-shared key.
- * This field should only be set via
- * mbedtls_ssl_conf_psk().
- * Its value is non-zero if and only if
- * \c psk is not \c NULL. */
-
- unsigned char *MBEDTLS_PRIVATE(psk_identity); /*!< The PSK identity for PSK negotiation.
- * This field should only be set via
- * mbedtls_ssl_conf_psk().
- * This is set if and only if either
- * \c psk or \c psk_opaque are set. */
- size_t MBEDTLS_PRIVATE(psk_identity_len);/*!< The length of PSK identity.
- * This field should only be set via
- * mbedtls_ssl_conf_psk().
- * Its value is non-zero if and only if
- * \c psk is not \c NULL or \c psk_opaque
- * is not \c 0. */
-#endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */
-
-#if defined(MBEDTLS_SSL_ALPN)
- const char **MBEDTLS_PRIVATE(alpn_list); /*!< ordered list of protocols */
-#endif
-
-#if defined(MBEDTLS_SSL_DTLS_SRTP)
- /*! ordered list of supported srtp profile */
- const mbedtls_ssl_srtp_profile *MBEDTLS_PRIVATE(dtls_srtp_profile_list);
- /*! number of supported profiles */
- size_t MBEDTLS_PRIVATE(dtls_srtp_profile_list_len);
-#endif /* MBEDTLS_SSL_DTLS_SRTP */
-
- /*
- * Numerical settings (int)
- */
-
- uint32_t MBEDTLS_PRIVATE(read_timeout); /*!< timeout for mbedtls_ssl_read (ms) */
-
-#if defined(MBEDTLS_SSL_PROTO_DTLS)
- uint32_t MBEDTLS_PRIVATE(hs_timeout_min); /*!< initial value of the handshake
- retransmission timeout (ms) */
- uint32_t MBEDTLS_PRIVATE(hs_timeout_max); /*!< maximum value of the handshake
- retransmission timeout (ms) */
-#endif
-
-#if defined(MBEDTLS_SSL_RENEGOTIATION)
- int MBEDTLS_PRIVATE(renego_max_records); /*!< grace period for renegotiation */
- unsigned char MBEDTLS_PRIVATE(renego_period)[8]; /*!< value of the record counters
- that triggers renegotiation */
-#endif
-
- unsigned int MBEDTLS_PRIVATE(badmac_limit); /*!< limit of records with a bad MAC */
-
-#if defined(MBEDTLS_DHM_C) && defined(MBEDTLS_SSL_CLI_C)
- unsigned int MBEDTLS_PRIVATE(dhm_min_bitlen); /*!< min. bit length of the DHM prime */
-#endif
-};
-
-struct mbedtls_ssl_context
-{
- const mbedtls_ssl_config *MBEDTLS_PRIVATE(conf); /*!< configuration information */
-
- /*
- * Miscellaneous
- */
- int MBEDTLS_PRIVATE(state); /*!< SSL handshake: current state */
-#if defined(MBEDTLS_SSL_RENEGOTIATION)
- int MBEDTLS_PRIVATE(renego_status); /*!< Initial, in progress, pending? */
- int MBEDTLS_PRIVATE(renego_records_seen); /*!< Records since renego request, or with DTLS,
- number of retransmissions of request if
- renego_max_records is < 0 */
-#endif /* MBEDTLS_SSL_RENEGOTIATION */
-
- int MBEDTLS_PRIVATE(major_ver); /*!< equal to MBEDTLS_SSL_MAJOR_VERSION_3 */
-
- /* This field is temporarily duplicated with mbedtls_ssl_context.minor_ver.
- * Once runtime negotiation of TLS 1.2 and TLS 1.3 is implemented, it needs
- * to be studied whether one of them can be removed. */
- int MBEDTLS_PRIVATE(minor_ver); /*!< one of MBEDTLS_SSL_MINOR_VERSION_x macros */
- unsigned MBEDTLS_PRIVATE(badmac_seen); /*!< records with a bad MAC received */
-
-#if defined(MBEDTLS_X509_CRT_PARSE_C)
- /** Callback to customize X.509 certificate chain verification */
- int (*MBEDTLS_PRIVATE(f_vrfy))(void *, mbedtls_x509_crt *, int, uint32_t *);
- void *MBEDTLS_PRIVATE(p_vrfy); /*!< context for X.509 verify callback */
-#endif
-
- mbedtls_ssl_send_t *MBEDTLS_PRIVATE(f_send); /*!< Callback for network send */
- mbedtls_ssl_recv_t *MBEDTLS_PRIVATE(f_recv); /*!< Callback for network receive */
- mbedtls_ssl_recv_timeout_t *MBEDTLS_PRIVATE(f_recv_timeout);
- /*!< Callback for network receive with timeout */
-
- void *MBEDTLS_PRIVATE(p_bio); /*!< context for I/O operations */
-
- /*
- * Session layer
- */
- mbedtls_ssl_session *MBEDTLS_PRIVATE(session_in); /*!< current session data (in) */
- mbedtls_ssl_session *MBEDTLS_PRIVATE(session_out); /*!< current session data (out) */
- mbedtls_ssl_session *MBEDTLS_PRIVATE(session); /*!< negotiated session data */
- mbedtls_ssl_session *MBEDTLS_PRIVATE(session_negotiate); /*!< session data in negotiation */
-
- mbedtls_ssl_handshake_params *MBEDTLS_PRIVATE(handshake); /*!< params required only during
- the handshake process */
-
- /*
- * Record layer transformations
- */
- mbedtls_ssl_transform *MBEDTLS_PRIVATE(transform_in); /*!< current transform params (in)
- * This is always a reference,
- * never an owning pointer. */
- mbedtls_ssl_transform *MBEDTLS_PRIVATE(transform_out); /*!< current transform params (out)
- * This is always a reference,
- * never an owning pointer. */
- mbedtls_ssl_transform *MBEDTLS_PRIVATE(transform); /*!< negotiated transform params
- * This pointer owns the transform
- * it references. */
- mbedtls_ssl_transform *MBEDTLS_PRIVATE(transform_negotiate); /*!< transform params in negotiation
- * This pointer owns the transform
- * it references. */
-
-#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
- /*! The application data transform in TLS 1.3.
- * This pointer owns the transform it references. */
- mbedtls_ssl_transform *MBEDTLS_PRIVATE(transform_application);
-#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
-
- /*
- * Timers
- */
- void *MBEDTLS_PRIVATE(p_timer); /*!< context for the timer callbacks */
-
- mbedtls_ssl_set_timer_t *MBEDTLS_PRIVATE(f_set_timer); /*!< set timer callback */
- mbedtls_ssl_get_timer_t *MBEDTLS_PRIVATE(f_get_timer); /*!< get timer callback */
-
- /*
- * Record layer (incoming data)
- */
- unsigned char *MBEDTLS_PRIVATE(in_buf); /*!< input buffer */
- unsigned char *MBEDTLS_PRIVATE(in_ctr); /*!< 64-bit incoming message counter
- TLS: maintained by us
- DTLS: read from peer */
- unsigned char *MBEDTLS_PRIVATE(in_hdr); /*!< start of record header */
-#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
- unsigned char *MBEDTLS_PRIVATE(in_cid); /*!< The start of the CID;
- * (the end is marked by in_len). */
-#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
- unsigned char *MBEDTLS_PRIVATE(in_len); /*!< two-bytes message length field */
- unsigned char *MBEDTLS_PRIVATE(in_iv); /*!< ivlen-byte IV */
- unsigned char *MBEDTLS_PRIVATE(in_msg); /*!< message contents (in_iv+ivlen) */
- unsigned char *MBEDTLS_PRIVATE(in_offt); /*!< read offset in application data */
-
- int MBEDTLS_PRIVATE(in_msgtype); /*!< record header: message type */
- size_t MBEDTLS_PRIVATE(in_msglen); /*!< record header: message length */
- size_t MBEDTLS_PRIVATE(in_left); /*!< amount of data read so far */
-#if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH)
- size_t MBEDTLS_PRIVATE(in_buf_len); /*!< length of input buffer */
-#endif
-#if defined(MBEDTLS_SSL_PROTO_DTLS)
- uint16_t MBEDTLS_PRIVATE(in_epoch); /*!< DTLS epoch for incoming records */
- size_t MBEDTLS_PRIVATE(next_record_offset); /*!< offset of the next record in datagram
- (equal to in_left if none) */
-#endif /* MBEDTLS_SSL_PROTO_DTLS */
-#if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY)
- uint64_t MBEDTLS_PRIVATE(in_window_top); /*!< last validated record seq_num */
- uint64_t MBEDTLS_PRIVATE(in_window); /*!< bitmask for replay detection */
-#endif /* MBEDTLS_SSL_DTLS_ANTI_REPLAY */
-
- size_t MBEDTLS_PRIVATE(in_hslen); /*!< current handshake message length,
- including the handshake header */
- int MBEDTLS_PRIVATE(nb_zero); /*!< # of 0-length encrypted messages */
-
- int MBEDTLS_PRIVATE(keep_current_message); /*!< drop or reuse current message
- on next call to record layer? */
-
- /* The following three variables indicate if and, if yes,
- * what kind of alert is pending to be sent.
- */
- unsigned char MBEDTLS_PRIVATE(send_alert); /*!< Determines if a fatal alert
- should be sent. Values:
- - \c 0 , no alert is to be sent.
- - \c 1 , alert is to be sent. */
- unsigned char MBEDTLS_PRIVATE(alert_type); /*!< Type of alert if send_alert
- != 0 */
- int MBEDTLS_PRIVATE(alert_reason); /*!< The error code to be returned
- to the user once the fatal alert
- has been sent. */
-
-#if defined(MBEDTLS_SSL_PROTO_DTLS)
- uint8_t MBEDTLS_PRIVATE(disable_datagram_packing); /*!< Disable packing multiple records
- * within a single datagram. */
-#endif /* MBEDTLS_SSL_PROTO_DTLS */
-
- /*
- * Record layer (outgoing data)
- */
- unsigned char *MBEDTLS_PRIVATE(out_buf); /*!< output buffer */
- unsigned char *MBEDTLS_PRIVATE(out_ctr); /*!< 64-bit outgoing message counter */
- unsigned char *MBEDTLS_PRIVATE(out_hdr); /*!< start of record header */
-#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
- unsigned char *MBEDTLS_PRIVATE(out_cid); /*!< The start of the CID;
- * (the end is marked by in_len). */
-#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
- unsigned char *MBEDTLS_PRIVATE(out_len); /*!< two-bytes message length field */
- unsigned char *MBEDTLS_PRIVATE(out_iv); /*!< ivlen-byte IV */
- unsigned char *MBEDTLS_PRIVATE(out_msg); /*!< message contents (out_iv+ivlen) */
-
- int MBEDTLS_PRIVATE(out_msgtype); /*!< record header: message type */
- size_t MBEDTLS_PRIVATE(out_msglen); /*!< record header: message length */
- size_t MBEDTLS_PRIVATE(out_left); /*!< amount of data not yet written */
-#if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH)
- size_t MBEDTLS_PRIVATE(out_buf_len); /*!< length of output buffer */
-#endif
-
- unsigned char MBEDTLS_PRIVATE(cur_out_ctr)[MBEDTLS_SSL_SEQUENCE_NUMBER_LEN]; /*!< Outgoing record sequence number. */
-
-#if defined(MBEDTLS_SSL_PROTO_DTLS)
- uint16_t MBEDTLS_PRIVATE(mtu); /*!< path mtu, used to fragment outgoing messages */
-#endif /* MBEDTLS_SSL_PROTO_DTLS */
-
- /*
- * PKI layer
- */
- int MBEDTLS_PRIVATE(client_auth); /*!< flag for client auth. */
-
- /*
- * User settings
- */
-#if defined(MBEDTLS_X509_CRT_PARSE_C)
- char *MBEDTLS_PRIVATE(hostname); /*!< expected peer CN for verification
- (and SNI if available) */
-#endif /* MBEDTLS_X509_CRT_PARSE_C */
-
-#if defined(MBEDTLS_SSL_ALPN)
- const char *MBEDTLS_PRIVATE(alpn_chosen); /*!< negotiated protocol */
-#endif /* MBEDTLS_SSL_ALPN */
-
-#if defined(MBEDTLS_SSL_DTLS_SRTP)
- /*
- * use_srtp extension
- */
- mbedtls_dtls_srtp_info MBEDTLS_PRIVATE(dtls_srtp_info);
-#endif /* MBEDTLS_SSL_DTLS_SRTP */
-
- /*
- * Information for DTLS hello verify
- */
-#if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY) && defined(MBEDTLS_SSL_SRV_C)
- unsigned char *MBEDTLS_PRIVATE(cli_id); /*!< transport-level ID of the client */
- size_t MBEDTLS_PRIVATE(cli_id_len); /*!< length of cli_id */
-#endif /* MBEDTLS_SSL_DTLS_HELLO_VERIFY && MBEDTLS_SSL_SRV_C */
-
- /*
- * Secure renegotiation
- */
- /* needed to know when to send extension on server */
- int MBEDTLS_PRIVATE(secure_renegotiation); /*!< does peer support legacy or
- secure renegotiation */
-#if defined(MBEDTLS_SSL_RENEGOTIATION)
- size_t MBEDTLS_PRIVATE(verify_data_len); /*!< length of verify data stored */
- char MBEDTLS_PRIVATE(own_verify_data)[MBEDTLS_SSL_VERIFY_DATA_MAX_LEN]; /*!< previous handshake verify data */
- char MBEDTLS_PRIVATE(peer_verify_data)[MBEDTLS_SSL_VERIFY_DATA_MAX_LEN]; /*!< previous handshake verify data */
-#endif /* MBEDTLS_SSL_RENEGOTIATION */
-
-#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
- /* CID configuration to use in subsequent handshakes. */
-
- /*! The next incoming CID, chosen by the user and applying to
- * all subsequent handshakes. This may be different from the
- * CID currently used in case the user has re-configured the CID
- * after an initial handshake. */
- unsigned char MBEDTLS_PRIVATE(own_cid)[ MBEDTLS_SSL_CID_IN_LEN_MAX ];
- uint8_t MBEDTLS_PRIVATE(own_cid_len); /*!< The length of \c own_cid. */
- uint8_t MBEDTLS_PRIVATE(negotiate_cid); /*!< This indicates whether the CID extension should
- * be negotiated in the next handshake or not.
- * Possible values are #MBEDTLS_SSL_CID_ENABLED
- * and #MBEDTLS_SSL_CID_DISABLED. */
-#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
-
- /** Callback to export key block and master secret */
- mbedtls_ssl_export_keys_t *MBEDTLS_PRIVATE(f_export_keys);
- void *MBEDTLS_PRIVATE(p_export_keys); /*!< context for key export callback */
-};
-
-/**
- * \brief Return the name of the ciphersuite associated with the
- * given ID
- *
- * \param ciphersuite_id SSL ciphersuite ID
- *
- * \return a string containing the ciphersuite name
- */
-const char *mbedtls_ssl_get_ciphersuite_name( const int ciphersuite_id );
-
-/**
- * \brief Return the ID of the ciphersuite associated with the
- * given name
- *
- * \param ciphersuite_name SSL ciphersuite name
- *
- * \return the ID with the ciphersuite or 0 if not found
- */
-int mbedtls_ssl_get_ciphersuite_id( const char *ciphersuite_name );
-
-/**
- * \brief Initialize an SSL context
- * Just makes the context ready for mbedtls_ssl_setup() or
- * mbedtls_ssl_free()
- *
- * \param ssl SSL context
- */
-void mbedtls_ssl_init( mbedtls_ssl_context *ssl );
-
-/**
- * \brief Set up an SSL context for use
- *
- * \note No copy of the configuration context is made, it can be
- * shared by many mbedtls_ssl_context structures.
- *
- * \warning The conf structure will be accessed during the session.
- * It must not be modified or freed as long as the session
- * is active.
- *
- * \warning This function must be called exactly once per context.
- * Calling mbedtls_ssl_setup again is not supported, even
- * if no session is active.
- *
- * \param ssl SSL context
- * \param conf SSL configuration to use
- *
- * \return 0 if successful, or MBEDTLS_ERR_SSL_ALLOC_FAILED if
- * memory allocation failed
- */
-int mbedtls_ssl_setup( mbedtls_ssl_context *ssl,
- const mbedtls_ssl_config *conf );
-
-/**
- * \brief Reset an already initialized SSL context for re-use
- * while retaining application-set variables, function
- * pointers and data.
- *
- * \param ssl SSL context
- * \return 0 if successful, or MBEDTLS_ERR_SSL_ALLOC_FAILED or
- MBEDTLS_ERR_SSL_HW_ACCEL_FAILED
- */
-int mbedtls_ssl_session_reset( mbedtls_ssl_context *ssl );
-
-/**
- * \brief Set the current endpoint type
- *
- * \param conf SSL configuration
- * \param endpoint must be MBEDTLS_SSL_IS_CLIENT or MBEDTLS_SSL_IS_SERVER
- */
-void mbedtls_ssl_conf_endpoint( mbedtls_ssl_config *conf, int endpoint );
-
-/**
- * \brief Set the transport type (TLS or DTLS).
- * Default: TLS
- *
- * \note For DTLS, you must either provide a recv callback that
- * doesn't block, or one that handles timeouts, see
- * \c mbedtls_ssl_set_bio(). You also need to provide timer
- * callbacks with \c mbedtls_ssl_set_timer_cb().
- *
- * \param conf SSL configuration
- * \param transport transport type:
- * MBEDTLS_SSL_TRANSPORT_STREAM for TLS,
- * MBEDTLS_SSL_TRANSPORT_DATAGRAM for DTLS.
- */
-void mbedtls_ssl_conf_transport( mbedtls_ssl_config *conf, int transport );
-
-/**
- * \brief Set the certificate verification mode
- * Default: NONE on server, REQUIRED on client
- *
- * \param conf SSL configuration
- * \param authmode can be:
- *
- * MBEDTLS_SSL_VERIFY_NONE: peer certificate is not checked
- * (default on server)
- * (insecure on client)
- *
- * MBEDTLS_SSL_VERIFY_OPTIONAL: peer certificate is checked, however the
- * handshake continues even if verification failed;
- * mbedtls_ssl_get_verify_result() can be called after the
- * handshake is complete.
- *
- * MBEDTLS_SSL_VERIFY_REQUIRED: peer *must* present a valid certificate,
- * handshake is aborted if verification failed.
- * (default on client)
- *
- * \note On client, MBEDTLS_SSL_VERIFY_REQUIRED is the recommended mode.
- * With MBEDTLS_SSL_VERIFY_OPTIONAL, the user needs to call mbedtls_ssl_get_verify_result() at
- * the right time(s), which may not be obvious, while REQUIRED always perform
- * the verification as soon as possible. For example, REQUIRED was protecting
- * against the "triple handshake" attack even before it was found.
- */
-void mbedtls_ssl_conf_authmode( mbedtls_ssl_config *conf, int authmode );
-
-#if defined(MBEDTLS_X509_CRT_PARSE_C)
-/**
- * \brief Set the verification callback (Optional).
- *
- * If set, the provided verify callback is called for each
- * certificate in the peer's CRT chain, including the trusted
- * root. For more information, please see the documentation of
- * \c mbedtls_x509_crt_verify().
- *
- * \note For per context callbacks and contexts, please use
- * mbedtls_ssl_set_verify() instead.
- *
- * \param conf The SSL configuration to use.
- * \param f_vrfy The verification callback to use during CRT verification.
- * \param p_vrfy The opaque context to be passed to the callback.
- */
-void mbedtls_ssl_conf_verify( mbedtls_ssl_config *conf,
- int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *),
- void *p_vrfy );
-#endif /* MBEDTLS_X509_CRT_PARSE_C */
-
-/**
- * \brief Set the random number generator callback
- *
- * \param conf SSL configuration
- * \param f_rng RNG function (mandatory)
- * \param p_rng RNG parameter
- */
-void mbedtls_ssl_conf_rng( mbedtls_ssl_config *conf,
- int (*f_rng)(void *, unsigned char *, size_t),
- void *p_rng );
-
-/**
- * \brief Set the debug callback
- *
- * The callback has the following argument:
- * void * opaque context for the callback
- * int debug level
- * const char * file name
- * int line number
- * const char * message
- *
- * \param conf SSL configuration
- * \param f_dbg debug function
- * \param p_dbg debug parameter
- */
-void mbedtls_ssl_conf_dbg( mbedtls_ssl_config *conf,
- void (*f_dbg)(void *, int, const char *, int, const char *),
- void *p_dbg );
-
-/**
- * \brief Set the underlying BIO callbacks for write, read and
- * read-with-timeout.
- *
- * \param ssl SSL context
- * \param p_bio parameter (context) shared by BIO callbacks
- * \param f_send write callback
- * \param f_recv read callback
- * \param f_recv_timeout blocking read callback with timeout.
- *
- * \note One of f_recv or f_recv_timeout can be NULL, in which case
- * the other is used. If both are non-NULL, f_recv_timeout is
- * used and f_recv is ignored (as if it were NULL).
- *
- * \note The two most common use cases are:
- * - non-blocking I/O, f_recv != NULL, f_recv_timeout == NULL
- * - blocking I/O, f_recv == NULL, f_recv_timout != NULL
- *
- * \note For DTLS, you need to provide either a non-NULL
- * f_recv_timeout callback, or a f_recv that doesn't block.
- *
- * \note See the documentations of \c mbedtls_ssl_send_t,
- * \c mbedtls_ssl_recv_t and \c mbedtls_ssl_recv_timeout_t for
- * the conventions those callbacks must follow.
- *
- * \note On some platforms, net_sockets.c provides
- * \c mbedtls_net_send(), \c mbedtls_net_recv() and
- * \c mbedtls_net_recv_timeout() that are suitable to be used
- * here.
- */
-void mbedtls_ssl_set_bio( mbedtls_ssl_context *ssl,
- void *p_bio,
- mbedtls_ssl_send_t *f_send,
- mbedtls_ssl_recv_t *f_recv,
- mbedtls_ssl_recv_timeout_t *f_recv_timeout );
-
-#if defined(MBEDTLS_SSL_PROTO_DTLS)
-
-#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
-
-
-/**
- * \brief Configure the use of the Connection ID (CID)
- * extension in the next handshake.
- *
- * Reference: draft-ietf-tls-dtls-connection-id-05
- * https://tools.ietf.org/html/draft-ietf-tls-dtls-connection-id-05
- *
- * The DTLS CID extension allows the reliable association of
- * DTLS records to DTLS connections across changes in the
- * underlying transport (changed IP and Port metadata) by
- * adding explicit connection identifiers (CIDs) to the
- * headers of encrypted DTLS records. The desired CIDs are
- * configured by the application layer and are exchanged in
- * new `ClientHello` / `ServerHello` extensions during the
- * handshake, where each side indicates the CID it wants the
- * peer to use when writing encrypted messages. The CIDs are
- * put to use once records get encrypted: the stack discards
- * any incoming records that don't include the configured CID
- * in their header, and adds the peer's requested CID to the
- * headers of outgoing messages.
- *
- * This API enables or disables the use of the CID extension
- * in the next handshake and sets the value of the CID to
- * be used for incoming messages.
- *
- * \param ssl The SSL context to configure. This must be initialized.
- * \param enable This value determines whether the CID extension should
- * be used or not. Possible values are:
- * - MBEDTLS_SSL_CID_ENABLED to enable the use of the CID.
- * - MBEDTLS_SSL_CID_DISABLED (default) to disable the use
- * of the CID.
- * \param own_cid The address of the readable buffer holding the CID we want
- * the peer to use when sending encrypted messages to us.
- * This may be \c NULL if \p own_cid_len is \c 0.
- * This parameter is unused if \p enabled is set to
- * MBEDTLS_SSL_CID_DISABLED.
- * \param own_cid_len The length of \p own_cid.
- * This parameter is unused if \p enabled is set to
- * MBEDTLS_SSL_CID_DISABLED.
- *
- * \note The value of \p own_cid_len must match the value of the
- * \c len parameter passed to mbedtls_ssl_conf_cid()
- * when configuring the ::mbedtls_ssl_config that \p ssl
- * is bound to.
- *
- * \note This CID configuration applies to subsequent handshakes
- * performed on the SSL context \p ssl, but does not trigger
- * one. You still have to call `mbedtls_ssl_handshake()`
- * (for the initial handshake) or `mbedtls_ssl_renegotiate()`
- * (for a renegotiation handshake) explicitly after a
- * successful call to this function to run the handshake.
- *
- * \note This call cannot guarantee that the use of the CID
- * will be successfully negotiated in the next handshake,
- * because the peer might not support it. Specifically:
- * - On the Client, enabling the use of the CID through
- * this call implies that the `ClientHello` in the next
- * handshake will include the CID extension, thereby
- * offering the use of the CID to the server. Only if
- * the `ServerHello` contains the CID extension, too,
- * the CID extension will actually be put to use.
- * - On the Server, enabling the use of the CID through
- * this call implies that that the server will look for
- * the CID extension in a `ClientHello` from the client,
- * and, if present, reply with a CID extension in its
- * `ServerHello`.
- *
- * \note To check whether the use of the CID was negotiated
- * after the subsequent handshake has completed, please
- * use the API mbedtls_ssl_get_peer_cid().
- *
- * \warning If the use of the CID extension is enabled in this call
- * and the subsequent handshake negotiates its use, Mbed TLS
- * will silently drop every packet whose CID does not match
- * the CID configured in \p own_cid. It is the responsibility
- * of the user to adapt the underlying transport to take care
- * of CID-based demultiplexing before handing datagrams to
- * Mbed TLS.
- *
- * \return \c 0 on success. In this case, the CID configuration
- * applies to the next handshake.
- * \return A negative error code on failure.
- */
-int mbedtls_ssl_set_cid( mbedtls_ssl_context *ssl,
- int enable,
- unsigned char const *own_cid,
- size_t own_cid_len );
-
-/**
- * \brief Get information about the use of the CID extension
- * in the current connection.
- *
- * \param ssl The SSL context to query.
- * \param enabled The address at which to store whether the CID extension
- * is currently in use or not. If the CID is in use,
- * `*enabled` is set to MBEDTLS_SSL_CID_ENABLED;
- * otherwise, it is set to MBEDTLS_SSL_CID_DISABLED.
- * \param peer_cid The address of the buffer in which to store the CID
- * chosen by the peer (if the CID extension is used).
- * This may be \c NULL in case the value of peer CID
- * isn't needed. If it is not \c NULL, \p peer_cid_len
- * must not be \c NULL.
- * \param peer_cid_len The address at which to store the size of the CID
- * chosen by the peer (if the CID extension is used).
- * This is also the number of Bytes in \p peer_cid that
- * have been written.
- * This may be \c NULL in case the length of the peer CID
- * isn't needed. If it is \c NULL, \p peer_cid must be
- * \c NULL, too.
- *
- * \note This applies to the state of the CID negotiated in
- * the last complete handshake. If a handshake is in
- * progress, this function will attempt to complete
- * the handshake first.
- *
- * \note If CID extensions have been exchanged but both client
- * and server chose to use an empty CID, this function
- * sets `*enabled` to #MBEDTLS_SSL_CID_DISABLED
- * (the rationale for this is that the resulting
- * communication is the same as if the CID extensions
- * hadn't been used).
- *
- * \return \c 0 on success.
- * \return A negative error code on failure.
- */
-int mbedtls_ssl_get_peer_cid( mbedtls_ssl_context *ssl,
- int *enabled,
- unsigned char peer_cid[ MBEDTLS_SSL_CID_OUT_LEN_MAX ],
- size_t *peer_cid_len );
-
-#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
-
-/**
- * \brief Set the Maximum Tranport Unit (MTU).
- * Special value: 0 means unset (no limit).
- * This represents the maximum size of a datagram payload
- * handled by the transport layer (usually UDP) as determined
- * by the network link and stack. In practice, this controls
- * the maximum size datagram the DTLS layer will pass to the
- * \c f_send() callback set using \c mbedtls_ssl_set_bio().
- *
- * \note The limit on datagram size is converted to a limit on
- * record payload by subtracting the current overhead of
- * encapsulation and encryption/authentication if any.
- *
- * \note This can be called at any point during the connection, for
- * example when a Path Maximum Transfer Unit (PMTU)
- * estimate becomes available from other sources,
- * such as lower (or higher) protocol layers.
- *
- * \note This setting only controls the size of the packets we send,
- * and does not restrict the size of the datagrams we're
- * willing to receive. Client-side, you can request the
- * server to use smaller records with \c
- * mbedtls_ssl_conf_max_frag_len().
- *
- * \note If both a MTU and a maximum fragment length have been
- * configured (or negotiated with the peer), the resulting
- * lower limit on record payload (see first note) is used.
- *
- * \note This can only be used to decrease the maximum size
- * of datagrams (hence records, see first note) sent. It
- * cannot be used to increase the maximum size of records over
- * the limit set by #MBEDTLS_SSL_OUT_CONTENT_LEN.
- *
- * \note Values lower than the current record layer expansion will
- * result in an error when trying to send data.
- *
- * \param ssl SSL context
- * \param mtu Value of the path MTU in bytes
- */
-void mbedtls_ssl_set_mtu( mbedtls_ssl_context *ssl, uint16_t mtu );
-#endif /* MBEDTLS_SSL_PROTO_DTLS */
-
-#if defined(MBEDTLS_X509_CRT_PARSE_C)
-/**
- * \brief Set a connection-specific verification callback (optional).
- *
- * If set, the provided verify callback is called for each
- * certificate in the peer's CRT chain, including the trusted
- * root. For more information, please see the documentation of
- * \c mbedtls_x509_crt_verify().
- *
- * \note This call is analogous to mbedtls_ssl_conf_verify() but
- * binds the verification callback and context to an SSL context
- * as opposed to an SSL configuration.
- * If mbedtls_ssl_conf_verify() and mbedtls_ssl_set_verify()
- * are both used, mbedtls_ssl_set_verify() takes precedence.
- *
- * \param ssl The SSL context to use.
- * \param f_vrfy The verification callback to use during CRT verification.
- * \param p_vrfy The opaque context to be passed to the callback.
- */
-void mbedtls_ssl_set_verify( mbedtls_ssl_context *ssl,
- int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *),
- void *p_vrfy );
-#endif /* MBEDTLS_X509_CRT_PARSE_C */
-
-/**
- * \brief Set the timeout period for mbedtls_ssl_read()
- * (Default: no timeout.)
- *
- * \param conf SSL configuration context
- * \param timeout Timeout value in milliseconds.
- * Use 0 for no timeout (default).
- *
- * \note With blocking I/O, this will only work if a non-NULL
- * \c f_recv_timeout was set with \c mbedtls_ssl_set_bio().
- * With non-blocking I/O, this will only work if timer
- * callbacks were set with \c mbedtls_ssl_set_timer_cb().
- *
- * \note With non-blocking I/O, you may also skip this function
- * altogether and handle timeouts at the application layer.
- */
-void mbedtls_ssl_conf_read_timeout( mbedtls_ssl_config *conf, uint32_t timeout );
-
-/**
- * \brief Check whether a buffer contains a valid and authentic record
- * that has not been seen before. (DTLS only).
- *
- * This function does not change the user-visible state
- * of the SSL context. Its sole purpose is to provide
- * an indication of the legitimacy of an incoming record.
- *
- * This can be useful e.g. in distributed server environments
- * using the DTLS Connection ID feature, in which connections
- * might need to be passed between service instances on a change
- * of peer address, but where such disruptive operations should
- * only happen after the validity of incoming records has been
- * confirmed.
- *
- * \param ssl The SSL context to use.
- * \param buf The address of the buffer holding the record to be checked.
- * This must be a read/write buffer of length \p buflen Bytes.
- * \param buflen The length of \p buf in Bytes.
- *
- * \note This routine only checks whether the provided buffer begins
- * with a valid and authentic record that has not been seen
- * before, but does not check potential data following the
- * initial record. In particular, it is possible to pass DTLS
- * datagrams containing multiple records, in which case only
- * the first record is checked.
- *
- * \note This function modifies the input buffer \p buf. If you need
- * to preserve the original record, you have to maintain a copy.
- *
- * \return \c 0 if the record is valid and authentic and has not been
- * seen before.
- * \return MBEDTLS_ERR_SSL_INVALID_MAC if the check completed
- * successfully but the record was found to be not authentic.
- * \return MBEDTLS_ERR_SSL_INVALID_RECORD if the check completed
- * successfully but the record was found to be invalid for
- * a reason different from authenticity checking.
- * \return MBEDTLS_ERR_SSL_UNEXPECTED_RECORD if the check completed
- * successfully but the record was found to be unexpected
- * in the state of the SSL context, including replayed records.
- * \return Another negative error code on different kinds of failure.
- * In this case, the SSL context becomes unusable and needs
- * to be freed or reset before reuse.
- */
-int mbedtls_ssl_check_record( mbedtls_ssl_context const *ssl,
- unsigned char *buf,
- size_t buflen );
-
-/**
- * \brief Set the timer callbacks (Mandatory for DTLS.)
- *
- * \param ssl SSL context
- * \param p_timer parameter (context) shared by timer callbacks
- * \param f_set_timer set timer callback
- * \param f_get_timer get timer callback. Must return:
- *
- * \note See the documentation of \c mbedtls_ssl_set_timer_t and
- * \c mbedtls_ssl_get_timer_t for the conventions this pair of
- * callbacks must follow.
- *
- * \note On some platforms, timing.c provides
- * \c mbedtls_timing_set_delay() and
- * \c mbedtls_timing_get_delay() that are suitable for using
- * here, except if using an event-driven style.
- *
- * \note See also the "DTLS tutorial" article in our knowledge base.
- * https://tls.mbed.org/kb/how-to/dtls-tutorial
- */
-void mbedtls_ssl_set_timer_cb( mbedtls_ssl_context *ssl,
- void *p_timer,
- mbedtls_ssl_set_timer_t *f_set_timer,
- mbedtls_ssl_get_timer_t *f_get_timer );
-
-/**
- * \brief Callback type: generate and write session ticket
- *
- * \note This describes what a callback implementation should do.
- * This callback should generate an encrypted and
- * authenticated ticket for the session and write it to the
- * output buffer. Here, ticket means the opaque ticket part
- * of the NewSessionTicket structure of RFC 5077.
- *
- * \param p_ticket Context for the callback
- * \param session SSL session to be written in the ticket
- * \param start Start of the output buffer
- * \param end End of the output buffer
- * \param tlen On exit, holds the length written
- * \param lifetime On exit, holds the lifetime of the ticket in seconds
- *
- * \return 0 if successful, or
- * a specific MBEDTLS_ERR_XXX code.
- */
-typedef int mbedtls_ssl_ticket_write_t( void *p_ticket,
- const mbedtls_ssl_session *session,
- unsigned char *start,
- const unsigned char *end,
- size_t *tlen,
- uint32_t *lifetime );
-
-/**
- * \brief Callback type: parse and load session ticket
- *
- * \note This describes what a callback implementation should do.
- * This callback should parse a session ticket as generated
- * by the corresponding mbedtls_ssl_ticket_write_t function,
- * and, if the ticket is authentic and valid, load the
- * session.
- *
- * \note The implementation is allowed to modify the first len
- * bytes of the input buffer, eg to use it as a temporary
- * area for the decrypted ticket contents.
- *
- * \param p_ticket Context for the callback
- * \param session SSL session to be loaded
- * \param buf Start of the buffer containing the ticket
- * \param len Length of the ticket.
- *
- * \return 0 if successful, or
- * MBEDTLS_ERR_SSL_INVALID_MAC if not authentic, or
- * MBEDTLS_ERR_SSL_SESSION_TICKET_EXPIRED if expired, or
- * any other non-zero code for other failures.
- */
-typedef int mbedtls_ssl_ticket_parse_t( void *p_ticket,
- mbedtls_ssl_session *session,
- unsigned char *buf,
- size_t len );
-
-#if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_SRV_C)
-/**
- * \brief Configure SSL session ticket callbacks (server only).
- * (Default: none.)
- *
- * \note On server, session tickets are enabled by providing
- * non-NULL callbacks.
- *
- * \note On client, use \c mbedtls_ssl_conf_session_tickets().
- *
- * \param conf SSL configuration context
- * \param f_ticket_write Callback for writing a ticket
- * \param f_ticket_parse Callback for parsing a ticket
- * \param p_ticket Context shared by the two callbacks
- */
-void mbedtls_ssl_conf_session_tickets_cb( mbedtls_ssl_config *conf,
- mbedtls_ssl_ticket_write_t *f_ticket_write,
- mbedtls_ssl_ticket_parse_t *f_ticket_parse,
- void *p_ticket );
-#endif /* MBEDTLS_SSL_SESSION_TICKETS && MBEDTLS_SSL_SRV_C */
-
-/**
- * \brief Configure a key export callback.
- * (Default: none.)
- *
- * This API can be used for two purposes:
- * - Debugging: Use this API to e.g. generate an NSSKeylog
- * file and use it to inspect encrypted traffic in tools
- * such as Wireshark.
- * - Application-specific export: Use this API to implement
- * key exporters, e.g. for EAP-TLS or DTLS-SRTP.
- *
- *
- * \param ssl The SSL context to which the export
- * callback should be attached.
- * \param f_export_keys The callback for the key export.
- * \param p_export_keys The opaque context pointer to be passed to the
- * callback \p f_export_keys.
- */
-void mbedtls_ssl_set_export_keys_cb( mbedtls_ssl_context *ssl,
- mbedtls_ssl_export_keys_t *f_export_keys,
- void *p_export_keys );
-
-#if defined(MBEDTLS_SSL_ASYNC_PRIVATE)
-/**
- * \brief Configure asynchronous private key operation callbacks.
- *
- * \param conf SSL configuration context
- * \param f_async_sign Callback to start a signature operation. See
- * the description of ::mbedtls_ssl_async_sign_t
- * for more information. This may be \c NULL if the
- * external processor does not support any signature
- * operation; in this case the private key object
- * associated with the certificate will be used.
- * \param f_async_decrypt Callback to start a decryption operation. See
- * the description of ::mbedtls_ssl_async_decrypt_t
- * for more information. This may be \c NULL if the
- * external processor does not support any decryption
- * operation; in this case the private key object
- * associated with the certificate will be used.
- * \param f_async_resume Callback to resume an asynchronous operation. See
- * the description of ::mbedtls_ssl_async_resume_t
- * for more information. This may not be \c NULL unless
- * \p f_async_sign and \p f_async_decrypt are both
- * \c NULL.
- * \param f_async_cancel Callback to cancel an asynchronous operation. See
- * the description of ::mbedtls_ssl_async_cancel_t
- * for more information. This may be \c NULL if
- * no cleanup is needed.
- * \param config_data A pointer to configuration data which can be
- * retrieved with
- * mbedtls_ssl_conf_get_async_config_data(). The
- * library stores this value without dereferencing it.
- */
-void mbedtls_ssl_conf_async_private_cb( mbedtls_ssl_config *conf,
- mbedtls_ssl_async_sign_t *f_async_sign,
- mbedtls_ssl_async_decrypt_t *f_async_decrypt,
- mbedtls_ssl_async_resume_t *f_async_resume,
- mbedtls_ssl_async_cancel_t *f_async_cancel,
- void *config_data );
-
-/**
- * \brief Retrieve the configuration data set by
- * mbedtls_ssl_conf_async_private_cb().
- *
- * \param conf SSL configuration context
- * \return The configuration data set by
- * mbedtls_ssl_conf_async_private_cb().
- */
-void *mbedtls_ssl_conf_get_async_config_data( const mbedtls_ssl_config *conf );
-
-/**
- * \brief Retrieve the asynchronous operation user context.
- *
- * \note This function may only be called while a handshake
- * is in progress.
- *
- * \param ssl The SSL context to access.
- *
- * \return The asynchronous operation user context that was last
- * set during the current handshake. If
- * mbedtls_ssl_set_async_operation_data() has not yet been
- * called during the current handshake, this function returns
- * \c NULL.
- */
-void *mbedtls_ssl_get_async_operation_data( const mbedtls_ssl_context *ssl );
-
-/**
- * \brief Retrieve the asynchronous operation user context.
- *
- * \note This function may only be called while a handshake
- * is in progress.
- *
- * \param ssl The SSL context to access.
- * \param ctx The new value of the asynchronous operation user context.
- * Call mbedtls_ssl_get_async_operation_data() later during the
- * same handshake to retrieve this value.
- */
-void mbedtls_ssl_set_async_operation_data( mbedtls_ssl_context *ssl,
- void *ctx );
-#endif /* MBEDTLS_SSL_ASYNC_PRIVATE */
-
-/**
- * \brief Callback type: generate a cookie
- *
- * \param ctx Context for the callback
- * \param p Buffer to write to,
- * must be updated to point right after the cookie
- * \param end Pointer to one past the end of the output buffer
- * \param info Client ID info that was passed to
- * \c mbedtls_ssl_set_client_transport_id()
- * \param ilen Length of info in bytes
- *
- * \return The callback must return 0 on success,
- * or a negative error code.
- */
-typedef int mbedtls_ssl_cookie_write_t( void *ctx,
- unsigned char **p, unsigned char *end,
- const unsigned char *info, size_t ilen );
-
-/**
- * \brief Callback type: verify a cookie
- *
- * \param ctx Context for the callback
- * \param cookie Cookie to verify
- * \param clen Length of cookie
- * \param info Client ID info that was passed to
- * \c mbedtls_ssl_set_client_transport_id()
- * \param ilen Length of info in bytes
- *
- * \return The callback must return 0 if cookie is valid,
- * or a negative error code.
- */
-typedef int mbedtls_ssl_cookie_check_t( void *ctx,
- const unsigned char *cookie, size_t clen,
- const unsigned char *info, size_t ilen );
-
-#if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY) && defined(MBEDTLS_SSL_SRV_C)
-/**
- * \brief Register callbacks for DTLS cookies
- * (Server only. DTLS only.)
- *
- * Default: dummy callbacks that fail, in order to force you to
- * register working callbacks (and initialize their context).
- *
- * To disable HelloVerifyRequest, register NULL callbacks.
- *
- * \warning Disabling hello verification allows your server to be used
- * for amplification in DoS attacks against other hosts.
- * Only disable if you known this can't happen in your
- * particular environment.
- *
- * \note See comments on \c mbedtls_ssl_handshake() about handling
- * the MBEDTLS_ERR_SSL_HELLO_VERIFY_REQUIRED that is expected
- * on the first handshake attempt when this is enabled.
- *
- * \note This is also necessary to handle client reconnection from
- * the same port as described in RFC 6347 section 4.2.8 (only
- * the variant with cookies is supported currently). See
- * comments on \c mbedtls_ssl_read() for details.
- *
- * \param conf SSL configuration
- * \param f_cookie_write Cookie write callback
- * \param f_cookie_check Cookie check callback
- * \param p_cookie Context for both callbacks
- */
-void mbedtls_ssl_conf_dtls_cookies( mbedtls_ssl_config *conf,
- mbedtls_ssl_cookie_write_t *f_cookie_write,
- mbedtls_ssl_cookie_check_t *f_cookie_check,
- void *p_cookie );
-
-/**
- * \brief Set client's transport-level identification info.
- * (Server only. DTLS only.)
- *
- * This is usually the IP address (and port), but could be
- * anything identify the client depending on the underlying
- * network stack. Used for HelloVerifyRequest with DTLS.
- * This is *not* used to route the actual packets.
- *
- * \param ssl SSL context
- * \param info Transport-level info identifying the client (eg IP + port)
- * \param ilen Length of info in bytes
- *
- * \note An internal copy is made, so the info buffer can be reused.
- *
- * \return 0 on success,
- * MBEDTLS_ERR_SSL_BAD_INPUT_DATA if used on client,
- * MBEDTLS_ERR_SSL_ALLOC_FAILED if out of memory.
- */
-int mbedtls_ssl_set_client_transport_id( mbedtls_ssl_context *ssl,
- const unsigned char *info,
- size_t ilen );
-
-#endif /* MBEDTLS_SSL_DTLS_HELLO_VERIFY && MBEDTLS_SSL_SRV_C */
-
-#if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY)
-/**
- * \brief Enable or disable anti-replay protection for DTLS.
- * (DTLS only, no effect on TLS.)
- * Default: enabled.
- *
- * \param conf SSL configuration
- * \param mode MBEDTLS_SSL_ANTI_REPLAY_ENABLED or MBEDTLS_SSL_ANTI_REPLAY_DISABLED.
- *
- * \warning Disabling this is a security risk unless the application
- * protocol handles duplicated packets in a safe way. You
- * should not disable this without careful consideration.
- * However, if your application already detects duplicated
- * packets and needs information about them to adjust its
- * transmission strategy, then you'll want to disable this.
- */
-void mbedtls_ssl_conf_dtls_anti_replay( mbedtls_ssl_config *conf, char mode );
-#endif /* MBEDTLS_SSL_DTLS_ANTI_REPLAY */
-
-/**
- * \brief Set a limit on the number of records with a bad MAC
- * before terminating the connection.
- * (DTLS only, no effect on TLS.)
- * Default: 0 (disabled).
- *
- * \param conf SSL configuration
- * \param limit Limit, or 0 to disable.
- *
- * \note If the limit is N, then the connection is terminated when
- * the Nth non-authentic record is seen.
- *
- * \note Records with an invalid header are not counted, only the
- * ones going through the authentication-decryption phase.
- *
- * \note This is a security trade-off related to the fact that it's
- * often relatively easy for an active attacker ot inject UDP
- * datagrams. On one hand, setting a low limit here makes it
- * easier for such an attacker to forcibly terminated a
- * connection. On the other hand, a high limit or no limit
- * might make us waste resources checking authentication on
- * many bogus packets.
- */
-void mbedtls_ssl_conf_dtls_badmac_limit( mbedtls_ssl_config *conf, unsigned limit );
-
-#if defined(MBEDTLS_SSL_PROTO_DTLS)
-
-/**
- * \brief Allow or disallow packing of multiple handshake records
- * within a single datagram.
- *
- * \param ssl The SSL context to configure.
- * \param allow_packing This determines whether datagram packing may
- * be used or not. A value of \c 0 means that every
- * record will be sent in a separate datagram; a
- * value of \c 1 means that, if space permits,
- * multiple handshake messages (including CCS) belonging to
- * a single flight may be packed within a single datagram.
- *
- * \note This is enabled by default and should only be disabled
- * for test purposes, or if datagram packing causes
- * interoperability issues with peers that don't support it.
- *
- * \note Allowing datagram packing reduces the network load since
- * there's less overhead if multiple messages share the same
- * datagram. Also, it increases the handshake efficiency
- * since messages belonging to a single datagram will not
- * be reordered in transit, and so future message buffering
- * or flight retransmission (if no buffering is used) as
- * means to deal with reordering are needed less frequently.
- *
- * \note Application records are not affected by this option and
- * are currently always sent in separate datagrams.
- *
- */
-void mbedtls_ssl_set_datagram_packing( mbedtls_ssl_context *ssl,
- unsigned allow_packing );
-
-/**
- * \brief Set retransmit timeout values for the DTLS handshake.
- * (DTLS only, no effect on TLS.)
- *
- * \param conf SSL configuration
- * \param min Initial timeout value in milliseconds.
- * Default: 1000 (1 second).
- * \param max Maximum timeout value in milliseconds.
- * Default: 60000 (60 seconds).
- *
- * \note Default values are from RFC 6347 section 4.2.4.1.
- *
- * \note The 'min' value should typically be slightly above the
- * expected round-trip time to your peer, plus whatever time
- * it takes for the peer to process the message. For example,
- * if your RTT is about 600ms and you peer needs up to 1s to
- * do the cryptographic operations in the handshake, then you
- * should set 'min' slightly above 1600. Lower values of 'min'
- * might cause spurious resends which waste network resources,
- * while larger value of 'min' will increase overall latency
- * on unreliable network links.
- *
- * \note The more unreliable your network connection is, the larger
- * your max / min ratio needs to be in order to achieve
- * reliable handshakes.
- *
- * \note Messages are retransmitted up to log2(ceil(max/min)) times.
- * For example, if min = 1s and max = 5s, the retransmit plan
- * goes: send ... 1s -> resend ... 2s -> resend ... 4s ->
- * resend ... 5s -> give up and return a timeout error.
- */
-void mbedtls_ssl_conf_handshake_timeout( mbedtls_ssl_config *conf, uint32_t min, uint32_t max );
-#endif /* MBEDTLS_SSL_PROTO_DTLS */
-
-#if defined(MBEDTLS_SSL_SRV_C)
-/**
- * \brief Set the session cache callbacks (server-side only)
- * If not set, no session resuming is done (except if session
- * tickets are enabled too).
- *
- * The session cache has the responsibility to check for stale
- * entries based on timeout. See RFC 5246 for recommendations.
- *
- * Warning: session.peer_cert is cleared by the SSL/TLS layer on
- * connection shutdown, so do not cache the pointer! Either set
- * it to NULL or make a full copy of the certificate.
- *
- * The get callback is called once during the initial handshake
- * to enable session resuming. The get function has the
- * following parameters: (void *parameter, mbedtls_ssl_session *session)
- * If a valid entry is found, it should fill the master of
- * the session object with the cached values and return 0,
- * return 1 otherwise. Optionally peer_cert can be set as well
- * if it is properly present in cache entry.
- *
- * The set callback is called once during the initial handshake
- * to enable session resuming after the entire handshake has
- * been finished. The set function has the following parameters:
- * (void *parameter, const mbedtls_ssl_session *session). The function
- * should create a cache entry for future retrieval based on
- * the data in the session structure and should keep in mind
- * that the mbedtls_ssl_session object presented (and all its referenced
- * data) is cleared by the SSL/TLS layer when the connection is
- * terminated. It is recommended to add metadata to determine if
- * an entry is still valid in the future. Return 0 if
- * successfully cached, return 1 otherwise.
- *
- * \param conf SSL configuration
- * \param p_cache parmater (context) for both callbacks
- * \param f_get_cache session get callback
- * \param f_set_cache session set callback
- */
-void mbedtls_ssl_conf_session_cache( mbedtls_ssl_config *conf,
- void *p_cache,
- mbedtls_ssl_cache_get_t *f_get_cache,
- mbedtls_ssl_cache_set_t *f_set_cache );
-#endif /* MBEDTLS_SSL_SRV_C */
-
-#if defined(MBEDTLS_SSL_CLI_C)
-/**
- * \brief Load a session for session resumption.
- *
- * Sessions loaded through this call will be considered
- * for session resumption in the next handshake.
- *
- * \note Even if this call succeeds, it is not guaranteed that
- * the next handshake will indeed be shortened through the
- * use of session resumption: The server is always free
- * to reject any attempt for resumption and fall back to
- * a full handshake.
- *
- * \note This function can handle a variety of mechanisms for session
- * resumption: For TLS 1.2, both session ID-based resumption and
- * ticket-based resumption will be considered. For TLS 1.3,
- * once implemented, sessions equate to tickets, and loading
- * one or more sessions via this call will lead to their
- * corresponding tickets being advertised as resumption PSKs
- * by the client.
- *
- * \note Calling this function multiple times will only be useful
- * once TLS 1.3 is supported. For TLS 1.2 connections, this
- * function should be called at most once.
- *
- * \param ssl The SSL context representing the connection which should
- * be attempted to be setup using session resumption. This
- * must be initialized via mbedtls_ssl_init() and bound to
- * an SSL configuration via mbedtls_ssl_setup(), but
- * the handshake must not yet have been started.
- * \param session The session to be considered for session resumption.
- * This must be a session previously exported via
- * mbedtls_ssl_get_session(), and potentially serialized and
- * deserialized through mbedtls_ssl_session_save() and
- * mbedtls_ssl_session_load() in the meantime.
- *
- * \return \c 0 if successful.
- * \return \c MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE if the session
- * could not be loaded because of an implementation limitation.
- * This error is non-fatal, and has no observable effect on
- * the SSL context or the session that was attempted to be loaded.
- * \return Another negative error code on other kinds of failure.
- *
- * \sa mbedtls_ssl_get_session()
- * \sa mbedtls_ssl_session_load()
- */
-int mbedtls_ssl_set_session( mbedtls_ssl_context *ssl, const mbedtls_ssl_session *session );
-#endif /* MBEDTLS_SSL_CLI_C */
-
-/**
- * \brief Load serialized session data into a session structure.
- * On client, this can be used for loading saved sessions
- * before resuming them with mbedstls_ssl_set_session().
- * On server, this can be used for alternative implementations
- * of session cache or session tickets.
- *
- * \warning If a peer certificate chain is associated with the session,
- * the serialized state will only contain the peer's
- * end-entity certificate and the result of the chain
- * verification (unless verification was disabled), but not
- * the rest of the chain.
- *
- * \see mbedtls_ssl_session_save()
- * \see mbedtls_ssl_set_session()
- *
- * \param session The session structure to be populated. It must have been
- * initialised with mbedtls_ssl_session_init() but not
- * populated yet.
- * \param buf The buffer holding the serialized session data. It must be a
- * readable buffer of at least \p len bytes.
- * \param len The size of the serialized data in bytes.
- *
- * \return \c 0 if successful.
- * \return #MBEDTLS_ERR_SSL_ALLOC_FAILED if memory allocation failed.
- * \return #MBEDTLS_ERR_SSL_BAD_INPUT_DATA if input data is invalid.
- * \return #MBEDTLS_ERR_SSL_VERSION_MISMATCH if the serialized data
- * was generated in a different version or configuration of
- * Mbed TLS.
- * \return Another negative value for other kinds of errors (for
- * example, unsupported features in the embedded certificate).
- */
-int mbedtls_ssl_session_load( mbedtls_ssl_session *session,
- const unsigned char *buf,
- size_t len );
-
-/**
- * \brief Save session structure as serialized data in a buffer.
- * On client, this can be used for saving session data,
- * potentially in non-volatile storage, for resuming later.
- * On server, this can be used for alternative implementations
- * of session cache or session tickets.
- *
- * \see mbedtls_ssl_session_load()
- *
- * \param session The session structure to be saved.
- * \param buf The buffer to write the serialized data to. It must be a
- * writeable buffer of at least \p len bytes, or may be \c
- * NULL if \p len is \c 0.
- * \param buf_len The number of bytes available for writing in \p buf.
- * \param olen The size in bytes of the data that has been or would have
- * been written. It must point to a valid \c size_t.
- *
- * \note \p olen is updated to the correct value regardless of
- * whether \p buf_len was large enough. This makes it possible
- * to determine the necessary size by calling this function
- * with \p buf set to \c NULL and \p buf_len to \c 0.
- *
- * \return \c 0 if successful.
- * \return #MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL if \p buf is too small.
- */
-int mbedtls_ssl_session_save( const mbedtls_ssl_session *session,
- unsigned char *buf,
- size_t buf_len,
- size_t *olen );
-
-/**
- * \brief Set the list of allowed ciphersuites and the preference
- * order. First in the list has the highest preference.
- *
- * For TLS 1.2, the notion of ciphersuite determines both
- * the key exchange mechanism and the suite of symmetric
- * algorithms to be used during and after the handshake.
- *
- * For TLS 1.3 (in development), the notion of ciphersuite
- * only determines the suite of symmetric algorithms to be
- * used during and after the handshake, while key exchange
- * mechanisms are configured separately.
- *
- * In Mbed TLS, ciphersuites for both TLS 1.2 and TLS 1.3
- * are configured via this function. For users of TLS 1.3,
- * there will be separate API for the configuration of key
- * exchange mechanisms.
- *
- * The list of ciphersuites passed to this function may
- * contain a mixture of TLS 1.2 and TLS 1.3 ciphersuite
- * identifiers. This is useful if negotiation of TLS 1.3
- * should be attempted, but a fallback to TLS 1.2 would
- * be tolerated.
- *
- * \note By default, the server chooses its preferred
- * ciphersuite among those that the client supports. If
- * mbedtls_ssl_conf_preference_order() is called to prefer
- * the client's preferences, the server instead chooses
- * the client's preferred ciphersuite among those that
- * the server supports.
- *
- * \warning The ciphersuites array \p ciphersuites is not copied.
- * It must remain valid for the lifetime of the SSL
- * configuration \p conf.
- *
- * \param conf The SSL configuration to modify.
- * \param ciphersuites A 0-terminated list of IANA identifiers of supported
- * ciphersuites, accessible through \c MBEDTLS_TLS_XXX
- * and \c MBEDTLS_TLS1_3_XXX macros defined in
- * ssl_ciphersuites.h.
- */
-void mbedtls_ssl_conf_ciphersuites( mbedtls_ssl_config *conf,
- const int *ciphersuites );
-
-#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
-/**
- * \brief Set the supported key exchange modes for TLS 1.3 connections.
- *
- * In contrast to TLS 1.2, the ciphersuite concept in TLS 1.3 does not
- * include the choice of key exchange mechanism. It is therefore not
- * covered by the API mbedtls_ssl_conf_ciphersuites(). See the
- * documentation of mbedtls_ssl_conf_ciphersuites() for more
- * information on the ciphersuite concept in TLS 1.2 and TLS 1.3.
- *
- * The present function is specific to TLS 1.3 and allows users to
- * configure the set of supported key exchange mechanisms in TLS 1.3.
- *
- * \param conf The SSL configuration the change should apply to.
- * \param kex_modes A bitwise combination of one or more of the following:
- * - MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK
- * This flag enables pure-PSK key exchanges.
- * - MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL
- * This flag enables combined PSK-ephemeral key exchanges.
- * - MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL
- * This flag enables pure-ephemeral key exchanges.
- * For convenience, the following pre-defined macros are
- * available for combinations of the above:
- * - MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_ALL
- * Includes all of pure-PSK, PSK-ephemeral and pure-ephemeral.
- * - MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ALL
- * Includes both pure-PSK and combined PSK-ephemeral
- * key exchanges, but excludes pure-ephemeral key exchanges.
- * - MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ALL
- * Includes both pure-ephemeral and combined PSK-ephemeral
- * key exchanges.
- *
- * \note If a PSK-based key exchange mode shall be supported, applications
- * must also use the APIs mbedtls_ssl_conf_psk() or
- * mbedtls_ssl_conf_psk_cb() or mbedtls_ssl_conf_psk_opaque()
- * to configure the PSKs to be used.
- *
- * \note If a pure-ephemeral key exchange mode shall be supported,
- * server-side applications must also provide a certificate via
- * mbedtls_ssl_conf_own_cert().
- *
- */
-
-void mbedtls_ssl_conf_tls13_key_exchange_modes( mbedtls_ssl_config* conf,
- const int kex_modes );
-#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
-
-#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
-#define MBEDTLS_SSL_UNEXPECTED_CID_IGNORE 0
-#define MBEDTLS_SSL_UNEXPECTED_CID_FAIL 1
-/**
- * \brief Specify the length of Connection IDs for incoming
- * encrypted DTLS records, as well as the behaviour
- * on unexpected CIDs.
- *
- * By default, the CID length is set to \c 0,
- * and unexpected CIDs are silently ignored.
- *
- * \param conf The SSL configuration to modify.
- * \param len The length in Bytes of the CID fields in encrypted
- * DTLS records using the CID mechanism. This must
- * not be larger than #MBEDTLS_SSL_CID_OUT_LEN_MAX.
- * \param ignore_other_cids This determines the stack's behaviour when
- * receiving a record with an unexpected CID.
- * Possible values are:
- * - #MBEDTLS_SSL_UNEXPECTED_CID_IGNORE
- * In this case, the record is silently ignored.
- * - #MBEDTLS_SSL_UNEXPECTED_CID_FAIL
- * In this case, the stack fails with the specific
- * error code #MBEDTLS_ERR_SSL_UNEXPECTED_CID.
- *
- * \note The CID specification allows implementations to either
- * use a common length for all incoming connection IDs or
- * allow variable-length incoming IDs. Mbed TLS currently
- * requires a common length for all connections sharing the
- * same SSL configuration; this allows simpler parsing of
- * record headers.
- *
- * \return \c 0 on success.
- * \return #MBEDTLS_ERR_SSL_BAD_INPUT_DATA if \p own_cid_len
- * is too large.
- */
-int mbedtls_ssl_conf_cid( mbedtls_ssl_config *conf, size_t len,
- int ignore_other_cids );
-#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
-
-#if defined(MBEDTLS_X509_CRT_PARSE_C)
-/**
- * \brief Set the X.509 security profile used for verification
- *
- * \note The restrictions are enforced for all certificates in the
- * chain. However, signatures in the handshake are not covered
- * by this setting but by \b mbedtls_ssl_conf_sig_hashes().
- *
- * \param conf SSL configuration
- * \param profile Profile to use
- */
-void mbedtls_ssl_conf_cert_profile( mbedtls_ssl_config *conf,
- const mbedtls_x509_crt_profile *profile );
-
-/**
- * \brief Set the data required to verify peer certificate
- *
- * \note See \c mbedtls_x509_crt_verify() for notes regarding the
- * parameters ca_chain (maps to trust_ca for that function)
- * and ca_crl.
- *
- * \param conf SSL configuration
- * \param ca_chain trusted CA chain (meaning all fully trusted top-level CAs)
- * \param ca_crl trusted CA CRLs
- */
-void mbedtls_ssl_conf_ca_chain( mbedtls_ssl_config *conf,
- mbedtls_x509_crt *ca_chain,
- mbedtls_x509_crl *ca_crl );
-
-#if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK)
-/**
- * \brief Set the trusted certificate callback.
- *
- * This API allows to register the set of trusted certificates
- * through a callback, instead of a linked list as configured
- * by mbedtls_ssl_conf_ca_chain().
- *
- * This is useful for example in contexts where a large number
- * of CAs are used, and the inefficiency of maintaining them
- * in a linked list cannot be tolerated. It is also useful when
- * the set of trusted CAs needs to be modified frequently.
- *
- * See the documentation of `mbedtls_x509_crt_ca_cb_t` for
- * more information.
- *
- * \param conf The SSL configuration to register the callback with.
- * \param f_ca_cb The trusted certificate callback to use when verifying
- * certificate chains.
- * \param p_ca_cb The context to be passed to \p f_ca_cb (for example,
- * a reference to a trusted CA database).
- *
- * \note This API is incompatible with mbedtls_ssl_conf_ca_chain():
- * Any call to this function overwrites the values set through
- * earlier calls to mbedtls_ssl_conf_ca_chain() or
- * mbedtls_ssl_conf_ca_cb().
- *
- * \note This API is incompatible with CA indication in
- * CertificateRequest messages: A server-side SSL context which
- * is bound to an SSL configuration that uses a CA callback
- * configured via mbedtls_ssl_conf_ca_cb(), and which requires
- * client authentication, will send an empty CA list in the
- * corresponding CertificateRequest message.
- *
- * \note This API is incompatible with mbedtls_ssl_set_hs_ca_chain():
- * If an SSL context is bound to an SSL configuration which uses
- * CA callbacks configured via mbedtls_ssl_conf_ca_cb(), then
- * calls to mbedtls_ssl_set_hs_ca_chain() have no effect.
- *
- * \note The use of this API disables the use of restartable ECC
- * during X.509 CRT signature verification (but doesn't affect
- * other uses).
- *
- * \warning This API is incompatible with the use of CRLs. Any call to
- * mbedtls_ssl_conf_ca_cb() unsets CRLs configured through
- * earlier calls to mbedtls_ssl_conf_ca_chain().
- *
- * \warning In multi-threaded environments, the callback \p f_ca_cb
- * must be thread-safe, and it is the user's responsibility
- * to guarantee this (for example through a mutex
- * contained in the callback context pointed to by \p p_ca_cb).
- */
-void mbedtls_ssl_conf_ca_cb( mbedtls_ssl_config *conf,
- mbedtls_x509_crt_ca_cb_t f_ca_cb,
- void *p_ca_cb );
-#endif /* MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK */
-
-/**
- * \brief Set own certificate chain and private key
- *
- * \note own_cert should contain in order from the bottom up your
- * certificate chain. The top certificate (self-signed)
- * can be omitted.
- *
- * \note On server, this function can be called multiple times to
- * provision more than one cert/key pair (eg one ECDSA, one
- * RSA with SHA-256, one RSA with SHA-1). An adequate
- * certificate will be selected according to the client's
- * advertised capabilities. In case multiple certificates are
- * adequate, preference is given to the one set by the first
- * call to this function, then second, etc.
- *
- * \note On client, only the first call has any effect. That is,
- * only one client certificate can be provisioned. The
- * server's preferences in its CertficateRequest message will
- * be ignored and our only cert will be sent regardless of
- * whether it matches those preferences - the server can then
- * decide what it wants to do with it.
- *
- * \note The provided \p pk_key needs to match the public key in the
- * first certificate in \p own_cert, or all handshakes using
- * that certificate will fail. It is your responsibility
- * to ensure that; this function will not perform any check.
- * You may use mbedtls_pk_check_pair() in order to perform
- * this check yourself, but be aware that this function can
- * be computationally expensive on some key types.
- *
- * \param conf SSL configuration
- * \param own_cert own public certificate chain
- * \param pk_key own private key
- *
- * \return 0 on success or MBEDTLS_ERR_SSL_ALLOC_FAILED
- */
-int mbedtls_ssl_conf_own_cert( mbedtls_ssl_config *conf,
- mbedtls_x509_crt *own_cert,
- mbedtls_pk_context *pk_key );
-#endif /* MBEDTLS_X509_CRT_PARSE_C */
-
-#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
-/**
- * \brief Configure pre-shared keys (PSKs) and their
- * identities to be used in PSK-based ciphersuites.
- *
- * Only one PSK can be registered, through either
- * mbedtls_ssl_conf_psk() or mbedtls_ssl_conf_psk_opaque().
- * If you attempt to register more than one PSK, this function
- * fails, though this may change in future versions, which
- * may add support for multiple PSKs.
- *
- * \note This is mainly useful for clients. Servers will usually
- * want to use \c mbedtls_ssl_conf_psk_cb() instead.
- *
- * \note A PSK set by \c mbedtls_ssl_set_hs_psk() in the PSK callback
- * takes precedence over a PSK configured by this function.
- *
- * \param conf The SSL configuration to register the PSK with.
- * \param psk The pointer to the pre-shared key to use.
- * \param psk_len The length of the pre-shared key in bytes.
- * \param psk_identity The pointer to the pre-shared key identity.
- * \param psk_identity_len The length of the pre-shared key identity
- * in bytes.
- *
- * \note The PSK and its identity are copied internally and
- * hence need not be preserved by the caller for the lifetime
- * of the SSL configuration.
- *
- * \return \c 0 if successful.
- * \return #MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE if no more PSKs
- * can be configured. In this case, the old PSK(s) remain intact.
- * \return Another negative error code on other kinds of failure.
- */
-int mbedtls_ssl_conf_psk( mbedtls_ssl_config *conf,
- const unsigned char *psk, size_t psk_len,
- const unsigned char *psk_identity, size_t psk_identity_len );
-
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
-/**
- * \brief Configure one or more opaque pre-shared keys (PSKs) and
- * their identities to be used in PSK-based ciphersuites.
- *
- * Only one PSK can be registered, through either
- * mbedtls_ssl_conf_psk() or mbedtls_ssl_conf_psk_opaque().
- * If you attempt to register more than one PSK, this function
- * fails, though this may change in future versions, which
- * may add support for multiple PSKs.
- *
- * \note This is mainly useful for clients. Servers will usually
- * want to use \c mbedtls_ssl_conf_psk_cb() instead.
- *
- * \note An opaque PSK set by \c mbedtls_ssl_set_hs_psk_opaque() in
- * the PSK callback takes precedence over an opaque PSK
- * configured by this function.
- *
- * \param conf The SSL configuration to register the PSK with.
- * \param psk The identifier of the key slot holding the PSK.
- * Until \p conf is destroyed or this function is successfully
- * called again, the key slot \p psk must be populated with a
- * key of type PSA_ALG_CATEGORY_KEY_DERIVATION whose policy
- * allows its use for the key derivation algorithm applied
- * in the handshake.
- * \param psk_identity The pointer to the pre-shared key identity.
- * \param psk_identity_len The length of the pre-shared key identity
- * in bytes.
- *
- * \note The PSK identity hint is copied internally and hence need
- * not be preserved by the caller for the lifetime of the
- * SSL configuration.
- *
- * \return \c 0 if successful.
- * \return #MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE if no more PSKs
- * can be configured. In this case, the old PSK(s) remain intact.
- * \return Another negative error code on other kinds of failure.
- */
-int mbedtls_ssl_conf_psk_opaque( mbedtls_ssl_config *conf,
- psa_key_id_t psk,
- const unsigned char *psk_identity,
- size_t psk_identity_len );
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
-
-/**
- * \brief Set the pre-shared Key (PSK) for the current handshake.
- *
- * \note This should only be called inside the PSK callback,
- * i.e. the function passed to \c mbedtls_ssl_conf_psk_cb().
- *
- * \note A PSK set by this function takes precedence over a PSK
- * configured by \c mbedtls_ssl_conf_psk().
- *
- * \param ssl The SSL context to configure a PSK for.
- * \param psk The pointer to the pre-shared key.
- * \param psk_len The length of the pre-shared key in bytes.
- *
- * \return \c 0 if successful.
- * \return An \c MBEDTLS_ERR_SSL_XXX error code on failure.
- */
-int mbedtls_ssl_set_hs_psk( mbedtls_ssl_context *ssl,
- const unsigned char *psk, size_t psk_len );
-
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
-/**
- * \brief Set an opaque pre-shared Key (PSK) for the current handshake.
- *
- * \note This should only be called inside the PSK callback,
- * i.e. the function passed to \c mbedtls_ssl_conf_psk_cb().
- *
- * \note An opaque PSK set by this function takes precedence over an
- * opaque PSK configured by \c mbedtls_ssl_conf_psk_opaque().
- *
- * \param ssl The SSL context to configure a PSK for.
- * \param psk The identifier of the key slot holding the PSK.
- * For the duration of the current handshake, the key slot
- * must be populated with a key of type
- * PSA_ALG_CATEGORY_KEY_DERIVATION whose policy allows its
- * use for the key derivation algorithm
- * applied in the handshake.
- *
- * \return \c 0 if successful.
- * \return An \c MBEDTLS_ERR_SSL_XXX error code on failure.
- */
-int mbedtls_ssl_set_hs_psk_opaque( mbedtls_ssl_context *ssl,
- psa_key_id_t psk );
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
-
-/**
- * \brief Set the PSK callback (server-side only).
- *
- * If set, the PSK callback is called for each
- * handshake where a PSK-based ciphersuite was negotiated.
- * The caller provides the identity received and wants to
- * receive the actual PSK data and length.
- *
- * The callback has the following parameters:
- * - \c void*: The opaque pointer \p p_psk.
- * - \c mbedtls_ssl_context*: The SSL context to which
- * the operation applies.
- * - \c const unsigned char*: The PSK identity
- * selected by the client.
- * - \c size_t: The length of the PSK identity
- * selected by the client.
- *
- * If a valid PSK identity is found, the callback should use
- * \c mbedtls_ssl_set_hs_psk() or
- * \c mbedtls_ssl_set_hs_psk_opaque()
- * on the SSL context to set the correct PSK and return \c 0.
- * Any other return value will result in a denied PSK identity.
- *
- * \note A dynamic PSK (i.e. set by the PSK callback) takes
- * precedence over a static PSK (i.e. set by
- * \c mbedtls_ssl_conf_psk() or
- * \c mbedtls_ssl_conf_psk_opaque()).
- * This means that if you set a PSK callback using this
- * function, you don't need to set a PSK using
- * \c mbedtls_ssl_conf_psk() or
- * \c mbedtls_ssl_conf_psk_opaque()).
- *
- * \param conf The SSL configuration to register the callback with.
- * \param f_psk The callback for selecting and setting the PSK based
- * in the PSK identity chosen by the client.
- * \param p_psk A pointer to an opaque structure to be passed to
- * the callback, for example a PSK store.
- */
-void mbedtls_ssl_conf_psk_cb( mbedtls_ssl_config *conf,
- int (*f_psk)(void *, mbedtls_ssl_context *, const unsigned char *,
- size_t),
- void *p_psk );
-#endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */
-
-#if defined(MBEDTLS_DHM_C) && defined(MBEDTLS_SSL_SRV_C)
-/**
- * \brief Set the Diffie-Hellman public P and G values
- * from big-endian binary presentations.
- * (Default values: MBEDTLS_DHM_RFC3526_MODP_2048_[PG]_BIN)
- *
- * \param conf SSL configuration
- * \param dhm_P Diffie-Hellman-Merkle modulus in big-endian binary form
- * \param P_len Length of DHM modulus
- * \param dhm_G Diffie-Hellman-Merkle generator in big-endian binary form
- * \param G_len Length of DHM generator
- *
- * \return 0 if successful
- */
-int mbedtls_ssl_conf_dh_param_bin( mbedtls_ssl_config *conf,
- const unsigned char *dhm_P, size_t P_len,
- const unsigned char *dhm_G, size_t G_len );
-
-/**
- * \brief Set the Diffie-Hellman public P and G values,
- * read from existing context (server-side only)
- *
- * \param conf SSL configuration
- * \param dhm_ctx Diffie-Hellman-Merkle context
- *
- * \return 0 if successful
- */
-int mbedtls_ssl_conf_dh_param_ctx( mbedtls_ssl_config *conf, mbedtls_dhm_context *dhm_ctx );
-#endif /* MBEDTLS_DHM_C && defined(MBEDTLS_SSL_SRV_C) */
-
-#if defined(MBEDTLS_DHM_C) && defined(MBEDTLS_SSL_CLI_C)
-/**
- * \brief Set the minimum length for Diffie-Hellman parameters.
- * (Client-side only.)
- * (Default: 1024 bits.)
- *
- * \param conf SSL configuration
- * \param bitlen Minimum bit length of the DHM prime
- */
-void mbedtls_ssl_conf_dhm_min_bitlen( mbedtls_ssl_config *conf,
- unsigned int bitlen );
-#endif /* MBEDTLS_DHM_C && MBEDTLS_SSL_CLI_C */
-
-#if defined(MBEDTLS_ECP_C)
-#if !defined(MBEDTLS_DEPRECATED_REMOVED)
-/**
- * \brief Set the allowed curves in order of preference.
- *
- * On server: this only affects selection of the ECDHE curve;
- * the curves used for ECDH and ECDSA are determined by the
- * list of available certificates instead.
- *
- * On client: this affects the list of curves offered for any
- * use. The server can override our preference order.
- *
- * Both sides: limits the set of curves accepted for use in
- * ECDHE and in the peer's end-entity certificate.
- *
- * \deprecated Superseeded by mbedtls_ssl_conf_groups().
- *
- * \note This has no influence on which curves are allowed inside the
- * certificate chains, see \c mbedtls_ssl_conf_cert_profile()
- * for that. For the end-entity certificate however, the key
- * will be accepted only if it is allowed both by this list
- * and by the cert profile.
- *
- * \note This list should be ordered by decreasing preference
- * (preferred curve first).
- *
- * \note The default list is the same set of curves that
- * #mbedtls_x509_crt_profile_default allows, plus
- * ECDHE-only curves selected according to the same criteria.
- * The order favors curves with the lowest resource usage.
- *
- * \note New minor versions of Mbed TLS may extend this list,
- * for example if new curves are added to the library.
- * New minor versions of Mbed TLS will not remove items
- * from this list unless serious security concerns require it.
- * New minor versions of Mbed TLS may change the order in
- * keeping with the general principle of favoring the lowest
- * resource usage.
- *
- * \param conf SSL configuration
- * \param curves Ordered list of allowed curves,
- * terminated by MBEDTLS_ECP_DP_NONE.
- */
-void MBEDTLS_DEPRECATED mbedtls_ssl_conf_curves( mbedtls_ssl_config *conf,
- const mbedtls_ecp_group_id *curves );
-#endif /* MBEDTLS_DEPRECATED_REMOVED */
-#endif /* MBEDTLS_ECP_C */
-
-/**
- * \brief Set the allowed groups in order of preference.
- *
- * On server: This only affects the choice of key agreement mechanism
- *
- * On client: this affects the list of groups offered for any
- * use. The server can override our preference order.
- *
- * Both sides: limits the set of groups accepted for use in
- * key sharing.
- *
- * \note This function replaces the deprecated mbedtls_ssl_conf_curves(),
- * which only allows ECP curves to be configured.
- *
- * \note The most recent invocation of either mbedtls_ssl_conf_curves()
- * or mbedtls_ssl_conf_groups() nullifies all previous invocations
- * of both.
- *
- * \note This list should be ordered by decreasing preference
- * (preferred group first).
- *
- * \note When this function is not called, a default list is used,
- * consisting of all supported curves at 255 bits and above,
- * and all supported finite fields at 2048 bits and above.
- * The order favors groups with the lowest resource usage.
- *
- * \note New minor versions of Mbed TLS will not remove items
- * from the default list unless serious security concerns require it.
- * New minor versions of Mbed TLS may change the order in
- * keeping with the general principle of favoring the lowest
- * resource usage.
- *
- * \param conf SSL configuration
- * \param groups List of allowed groups ordered by preference, terminated by 0.
- * Must contain valid IANA NamedGroup IDs (provided via either an integer
- * or using MBEDTLS_TLS1_3_NAMED_GROUP_XXX macros).
- */
-void mbedtls_ssl_conf_groups( mbedtls_ssl_config *conf,
- const uint16_t *groups );
-
-#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
-/**
- * \brief Set the allowed hashes for signatures during the handshake.
- *
- * \note This only affects which hashes are offered and can be used
- * for signatures during the handshake. Hashes for message
- * authentication and the TLS PRF are controlled by the
- * ciphersuite, see \c mbedtls_ssl_conf_ciphersuites(). Hashes
- * used for certificate signature are controlled by the
- * verification profile, see \c mbedtls_ssl_conf_cert_profile().
- *
- * \note This list should be ordered by decreasing preference
- * (preferred hash first).
- *
- * \note By default, all supported hashes whose length is at least
- * 256 bits are allowed. This is the same set as the default
- * for certificate verification
- * (#mbedtls_x509_crt_profile_default).
- * The preference order is currently unspecified and may
- * change in future versions.
- *
- * \note New minor versions of Mbed TLS may extend this list,
- * for example if new curves are added to the library.
- * New minor versions of Mbed TLS will not remove items
- * from this list unless serious security concerns require it.
- *
- * \param conf SSL configuration
- * \param hashes Ordered list of allowed signature hashes,
- * terminated by \c MBEDTLS_MD_NONE.
- */
-void mbedtls_ssl_conf_sig_hashes( mbedtls_ssl_config *conf,
- const int *hashes );
-
-#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
-/**
- * \brief Configure allowed signature algorithms for use in TLS 1.3
- *
- * \param conf The SSL configuration to use.
- * \param sig_algs List of allowed IANA values for TLS 1.3 signature algorithms,
- * terminated by \c MBEDTLS_TLS1_3_SIG_NONE. The list must remain
- * available throughout the lifetime of the conf object. Supported
- * values are available as \c MBEDTLS_TLS1_3_SIG_XXXX
- */
-void mbedtls_ssl_conf_sig_algs( mbedtls_ssl_config *conf,
- const uint16_t* sig_algs );
-#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
-#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
-
-#if defined(MBEDTLS_X509_CRT_PARSE_C)
-/**
- * \brief Set or reset the hostname to check against the received
- * server certificate. It sets the ServerName TLS extension,
- * too, if that extension is enabled. (client-side only)
- *
- * \param ssl SSL context
- * \param hostname the server hostname, may be NULL to clear hostname
-
- * \note Maximum hostname length MBEDTLS_SSL_MAX_HOST_NAME_LEN.
- *
- * \return 0 if successful, MBEDTLS_ERR_SSL_ALLOC_FAILED on
- * allocation failure, MBEDTLS_ERR_SSL_BAD_INPUT_DATA on
- * too long input hostname.
- *
- * Hostname set to the one provided on success (cleared
- * when NULL). On allocation failure hostname is cleared.
- * On too long input failure, old hostname is unchanged.
- */
-int mbedtls_ssl_set_hostname( mbedtls_ssl_context *ssl, const char *hostname );
-#endif /* MBEDTLS_X509_CRT_PARSE_C */
-
-#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
-/**
- * \brief Set own certificate and key for the current handshake
- *
- * \note Same as \c mbedtls_ssl_conf_own_cert() but for use within
- * the SNI callback.
- *
- * \param ssl SSL context
- * \param own_cert own public certificate chain
- * \param pk_key own private key
- *
- * \return 0 on success or MBEDTLS_ERR_SSL_ALLOC_FAILED
- */
-int mbedtls_ssl_set_hs_own_cert( mbedtls_ssl_context *ssl,
- mbedtls_x509_crt *own_cert,
- mbedtls_pk_context *pk_key );
-
-/**
- * \brief Set the data required to verify peer certificate for the
- * current handshake
- *
- * \note Same as \c mbedtls_ssl_conf_ca_chain() but for use within
- * the SNI callback.
- *
- * \param ssl SSL context
- * \param ca_chain trusted CA chain (meaning all fully trusted top-level CAs)
- * \param ca_crl trusted CA CRLs
- */
-void mbedtls_ssl_set_hs_ca_chain( mbedtls_ssl_context *ssl,
- mbedtls_x509_crt *ca_chain,
- mbedtls_x509_crl *ca_crl );
-
-/**
- * \brief Set authmode for the current handshake.
- *
- * \note Same as \c mbedtls_ssl_conf_authmode() but for use within
- * the SNI callback.
- *
- * \param ssl SSL context
- * \param authmode MBEDTLS_SSL_VERIFY_NONE, MBEDTLS_SSL_VERIFY_OPTIONAL or
- * MBEDTLS_SSL_VERIFY_REQUIRED
- */
-void mbedtls_ssl_set_hs_authmode( mbedtls_ssl_context *ssl,
- int authmode );
-
-/**
- * \brief Set server side ServerName TLS extension callback
- * (optional, server-side only).
- *
- * If set, the ServerName callback is called whenever the
- * server receives a ServerName TLS extension from the client
- * during a handshake. The ServerName callback has the
- * following parameters: (void *parameter, mbedtls_ssl_context *ssl,
- * const unsigned char *hostname, size_t len). If a suitable
- * certificate is found, the callback must set the
- * certificate(s) and key(s) to use with \c
- * mbedtls_ssl_set_hs_own_cert() (can be called repeatedly),
- * and may optionally adjust the CA and associated CRL with \c
- * mbedtls_ssl_set_hs_ca_chain() as well as the client
- * authentication mode with \c mbedtls_ssl_set_hs_authmode(),
- * then must return 0. If no matching name is found, the
- * callback must either set a default cert, or
- * return non-zero to abort the handshake at this point.
- *
- * \param conf SSL configuration
- * \param f_sni verification function
- * \param p_sni verification parameter
- */
-void mbedtls_ssl_conf_sni( mbedtls_ssl_config *conf,
- int (*f_sni)(void *, mbedtls_ssl_context *, const unsigned char *,
- size_t),
- void *p_sni );
-#endif /* MBEDTLS_SSL_SERVER_NAME_INDICATION */
-
-#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
-/**
- * \brief Set the EC J-PAKE password for current handshake.
- *
- * \note An internal copy is made, and destroyed as soon as the
- * handshake is completed, or when the SSL context is reset or
- * freed.
- *
- * \note The SSL context needs to be already set up. The right place
- * to call this function is between \c mbedtls_ssl_setup() or
- * \c mbedtls_ssl_reset() and \c mbedtls_ssl_handshake().
- *
- * \param ssl SSL context
- * \param pw EC J-PAKE password (pre-shared secret)
- * \param pw_len length of pw in bytes
- *
- * \return 0 on success, or a negative error code.
- */
-int mbedtls_ssl_set_hs_ecjpake_password( mbedtls_ssl_context *ssl,
- const unsigned char *pw,
- size_t pw_len );
-#endif /*MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */
-
-#if defined(MBEDTLS_SSL_ALPN)
-/**
- * \brief Set the supported Application Layer Protocols.
- *
- * \param conf SSL configuration
- * \param protos Pointer to a NULL-terminated list of supported protocols,
- * in decreasing preference order. The pointer to the list is
- * recorded by the library for later reference as required, so
- * the lifetime of the table must be atleast as long as the
- * lifetime of the SSL configuration structure.
- *
- * \return 0 on success, or MBEDTLS_ERR_SSL_BAD_INPUT_DATA.
- */
-int mbedtls_ssl_conf_alpn_protocols( mbedtls_ssl_config *conf, const char **protos );
-
-/**
- * \brief Get the name of the negotiated Application Layer Protocol.
- * This function should be called after the handshake is
- * completed.
- *
- * \param ssl SSL context
- *
- * \return Protcol name, or NULL if no protocol was negotiated.
- */
-const char *mbedtls_ssl_get_alpn_protocol( const mbedtls_ssl_context *ssl );
-#endif /* MBEDTLS_SSL_ALPN */
-
-#if defined(MBEDTLS_SSL_DTLS_SRTP)
-#if defined(MBEDTLS_DEBUG_C)
-static inline const char *mbedtls_ssl_get_srtp_profile_as_string( mbedtls_ssl_srtp_profile profile )
-{
- switch( profile )
- {
- case MBEDTLS_TLS_SRTP_AES128_CM_HMAC_SHA1_80:
- return( "MBEDTLS_TLS_SRTP_AES128_CM_HMAC_SHA1_80" );
- case MBEDTLS_TLS_SRTP_AES128_CM_HMAC_SHA1_32:
- return( "MBEDTLS_TLS_SRTP_AES128_CM_HMAC_SHA1_32" );
- case MBEDTLS_TLS_SRTP_NULL_HMAC_SHA1_80:
- return( "MBEDTLS_TLS_SRTP_NULL_HMAC_SHA1_80" );
- case MBEDTLS_TLS_SRTP_NULL_HMAC_SHA1_32:
- return( "MBEDTLS_TLS_SRTP_NULL_HMAC_SHA1_32" );
- default: break;
- }
- return( "" );
-}
-#endif /* MBEDTLS_DEBUG_C */
-/**
- * \brief Manage support for mki(master key id) value
- * in use_srtp extension.
- * MKI is an optional part of SRTP used for key management
- * and re-keying. See RFC3711 section 3.1 for details.
- * The default value is
- * #MBEDTLS_SSL_DTLS_SRTP_MKI_UNSUPPORTED.
- *
- * \param conf The SSL configuration to manage mki support.
- * \param support_mki_value Enable or disable mki usage. Values are
- * #MBEDTLS_SSL_DTLS_SRTP_MKI_UNSUPPORTED
- * or #MBEDTLS_SSL_DTLS_SRTP_MKI_SUPPORTED.
- */
-void mbedtls_ssl_conf_srtp_mki_value_supported( mbedtls_ssl_config *conf,
- int support_mki_value );
-
-/**
- * \brief Set the supported DTLS-SRTP protection profiles.
- *
- * \param conf SSL configuration
- * \param profiles Pointer to a List of MBEDTLS_TLS_SRTP_UNSET terminated
- * supported protection profiles
- * in decreasing preference order.
- * The pointer to the list is recorded by the library
- * for later reference as required, so the lifetime
- * of the table must be at least as long as the lifetime
- * of the SSL configuration structure.
- * The list must not hold more than
- * MBEDTLS_TLS_SRTP_MAX_PROFILE_LIST_LENGTH elements
- * (excluding the terminating MBEDTLS_TLS_SRTP_UNSET).
- *
- * \return 0 on success
- * \return #MBEDTLS_ERR_SSL_BAD_INPUT_DATA when the list of
- * protection profiles is incorrect.
- */
-int mbedtls_ssl_conf_dtls_srtp_protection_profiles
- ( mbedtls_ssl_config *conf,
- const mbedtls_ssl_srtp_profile *profiles );
-
-/**
- * \brief Set the mki_value for the current DTLS-SRTP session.
- *
- * \param ssl SSL context to use.
- * \param mki_value The MKI value to set.
- * \param mki_len The length of the MKI value.
- *
- * \note This function is relevant on client side only.
- * The server discovers the mki value during handshake.
- * A mki value set on server side using this function
- * is ignored.
- *
- * \return 0 on success
- * \return #MBEDTLS_ERR_SSL_BAD_INPUT_DATA
- * \return #MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE
- */
-int mbedtls_ssl_dtls_srtp_set_mki_value( mbedtls_ssl_context *ssl,
- unsigned char *mki_value,
- uint16_t mki_len );
-/**
- * \brief Get the negotiated DTLS-SRTP informations:
- * Protection profile and MKI value.
- *
- * \warning This function must be called after the handshake is
- * completed. The value returned by this function must
- * not be trusted or acted upon before the handshake completes.
- *
- * \param ssl The SSL context to query.
- * \param dtls_srtp_info The negotiated DTLS-SRTP informations:
- * - Protection profile in use.
- * A direct mapping of the iana defined value for protection
- * profile on an uint16_t.
- http://www.iana.org/assignments/srtp-protection/srtp-protection.xhtml
- * #MBEDTLS_TLS_SRTP_UNSET if the use of SRTP was not negotiated
- * or peer's Hello packet was not parsed yet.
- * - mki size and value( if size is > 0 ).
- */
-void mbedtls_ssl_get_dtls_srtp_negotiation_result( const mbedtls_ssl_context *ssl,
- mbedtls_dtls_srtp_info *dtls_srtp_info );
-#endif /* MBEDTLS_SSL_DTLS_SRTP */
-
-/**
- * \brief Set the maximum supported version sent from the client side
- * and/or accepted at the server side
- * (Default: MBEDTLS_SSL_MAX_MAJOR_VERSION, MBEDTLS_SSL_MAX_MINOR_VERSION)
- *
- * \note This ignores ciphersuites from higher versions.
- *
- * \note With DTLS, use MBEDTLS_SSL_MINOR_VERSION_3 for DTLS 1.2
- *
- * \param conf SSL configuration
- * \param major Major version number (only MBEDTLS_SSL_MAJOR_VERSION_3 supported)
- * \param minor Minor version number (only MBEDTLS_SSL_MINOR_VERSION_3 supported)
- */
-void mbedtls_ssl_conf_max_version( mbedtls_ssl_config *conf, int major, int minor );
-
-/**
- * \brief Set the minimum accepted SSL/TLS protocol version
- * (Default: TLS 1.2)
- *
- * \note Input outside of the SSL_MAX_XXXXX_VERSION and
- * SSL_MIN_XXXXX_VERSION range is ignored.
- *
- * \note With DTLS, use MBEDTLS_SSL_MINOR_VERSION_3 for DTLS 1.2
- *
- * \param conf SSL configuration
- * \param major Major version number (only MBEDTLS_SSL_MAJOR_VERSION_3 supported)
- * \param minor Minor version number (only MBEDTLS_SSL_MINOR_VERSION_3 supported)
- */
-void mbedtls_ssl_conf_min_version( mbedtls_ssl_config *conf, int major, int minor );
-
-#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
-/**
- * \brief Enable or disable Encrypt-then-MAC
- * (Default: MBEDTLS_SSL_ETM_ENABLED)
- *
- * \note This should always be enabled, it is a security
- * improvement, and should not cause any interoperability
- * issue (used only if the peer supports it too).
- *
- * \param conf SSL configuration
- * \param etm MBEDTLS_SSL_ETM_ENABLED or MBEDTLS_SSL_ETM_DISABLED
- */
-void mbedtls_ssl_conf_encrypt_then_mac( mbedtls_ssl_config *conf, char etm );
-#endif /* MBEDTLS_SSL_ENCRYPT_THEN_MAC */
-
-#if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET)
-/**
- * \brief Enable or disable Extended Master Secret negotiation.
- * (Default: MBEDTLS_SSL_EXTENDED_MS_ENABLED)
- *
- * \note This should always be enabled, it is a security fix to the
- * protocol, and should not cause any interoperability issue
- * (used only if the peer supports it too).
- *
- * \param conf SSL configuration
- * \param ems MBEDTLS_SSL_EXTENDED_MS_ENABLED or MBEDTLS_SSL_EXTENDED_MS_DISABLED
- */
-void mbedtls_ssl_conf_extended_master_secret( mbedtls_ssl_config *conf, char ems );
-#endif /* MBEDTLS_SSL_EXTENDED_MASTER_SECRET */
-
-#if defined(MBEDTLS_SSL_SRV_C)
-/**
- * \brief Whether to send a list of acceptable CAs in
- * CertificateRequest messages.
- * (Default: do send)
- *
- * \param conf SSL configuration
- * \param cert_req_ca_list MBEDTLS_SSL_CERT_REQ_CA_LIST_ENABLED or
- * MBEDTLS_SSL_CERT_REQ_CA_LIST_DISABLED
- */
-void mbedtls_ssl_conf_cert_req_ca_list( mbedtls_ssl_config *conf,
- char cert_req_ca_list );
-#endif /* MBEDTLS_SSL_SRV_C */
-
-#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
-/**
- * \brief Set the maximum fragment length to emit and/or negotiate.
- * (Typical: the smaller of #MBEDTLS_SSL_IN_CONTENT_LEN and
- * #MBEDTLS_SSL_OUT_CONTENT_LEN, usually `2^14` bytes)
- * (Server: set maximum fragment length to emit,
- * usually negotiated by the client during handshake)
- * (Client: set maximum fragment length to emit *and*
- * negotiate with the server during handshake)
- * (Default: #MBEDTLS_SSL_MAX_FRAG_LEN_NONE)
- *
- * \note On the client side, the maximum fragment length extension
- * *will not* be used, unless the maximum fragment length has
- * been set via this function to a value different than
- * #MBEDTLS_SSL_MAX_FRAG_LEN_NONE.
- *
- * \note With TLS, this currently only affects ApplicationData (sent
- * with \c mbedtls_ssl_read()), not handshake messages.
- * With DTLS, this affects both ApplicationData and handshake.
- *
- * \note This sets the maximum length for a record's payload,
- * excluding record overhead that will be added to it, see
- * \c mbedtls_ssl_get_record_expansion().
- *
- * \note For DTLS, it is also possible to set a limit for the total
- * size of daragrams passed to the transport layer, including
- * record overhead, see \c mbedtls_ssl_set_mtu().
- *
- * \param conf SSL configuration
- * \param mfl_code Code for maximum fragment length (allowed values:
- * MBEDTLS_SSL_MAX_FRAG_LEN_512, MBEDTLS_SSL_MAX_FRAG_LEN_1024,
- * MBEDTLS_SSL_MAX_FRAG_LEN_2048, MBEDTLS_SSL_MAX_FRAG_LEN_4096)
- *
- * \return 0 if successful or MBEDTLS_ERR_SSL_BAD_INPUT_DATA
- */
-int mbedtls_ssl_conf_max_frag_len( mbedtls_ssl_config *conf, unsigned char mfl_code );
-#endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */
-
-#if defined(MBEDTLS_SSL_SRV_C)
-/**
- * \brief Pick the ciphersuites order according to the second parameter
- * in the SSL Server module (MBEDTLS_SSL_SRV_C).
- * (Default, if never called: MBEDTLS_SSL_SRV_CIPHERSUITE_ORDER_SERVER)
- *
- * \param conf SSL configuration
- * \param order Server or client (MBEDTLS_SSL_SRV_CIPHERSUITE_ORDER_SERVER
- * or MBEDTLS_SSL_SRV_CIPHERSUITE_ORDER_CLIENT)
- */
-void mbedtls_ssl_conf_preference_order( mbedtls_ssl_config *conf, int order );
-#endif /* MBEDTLS_SSL_SRV_C */
-
-#if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_CLI_C)
-/**
- * \brief Enable / Disable session tickets (client only).
- * (Default: MBEDTLS_SSL_SESSION_TICKETS_ENABLED.)
- *
- * \note On server, use \c mbedtls_ssl_conf_session_tickets_cb().
- *
- * \param conf SSL configuration
- * \param use_tickets Enable or disable (MBEDTLS_SSL_SESSION_TICKETS_ENABLED or
- * MBEDTLS_SSL_SESSION_TICKETS_DISABLED)
- */
-void mbedtls_ssl_conf_session_tickets( mbedtls_ssl_config *conf, int use_tickets );
-#endif /* MBEDTLS_SSL_SESSION_TICKETS && MBEDTLS_SSL_CLI_C */
-
-#if defined(MBEDTLS_SSL_RENEGOTIATION)
-/**
- * \brief Enable / Disable renegotiation support for connection when
- * initiated by peer
- * (Default: MBEDTLS_SSL_RENEGOTIATION_DISABLED)
- *
- * \warning It is recommended to always disable renegotation unless you
- * know you need it and you know what you're doing. In the
- * past, there have been several issues associated with
- * renegotiation or a poor understanding of its properties.
- *
- * \note Server-side, enabling renegotiation also makes the server
- * susceptible to a resource DoS by a malicious client.
- *
- * \param conf SSL configuration
- * \param renegotiation Enable or disable (MBEDTLS_SSL_RENEGOTIATION_ENABLED or
- * MBEDTLS_SSL_RENEGOTIATION_DISABLED)
- */
-void mbedtls_ssl_conf_renegotiation( mbedtls_ssl_config *conf, int renegotiation );
-#endif /* MBEDTLS_SSL_RENEGOTIATION */
-
-/**
- * \brief Prevent or allow legacy renegotiation.
- * (Default: MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION)
- *
- * MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION allows connections to
- * be established even if the peer does not support
- * secure renegotiation, but does not allow renegotiation
- * to take place if not secure.
- * (Interoperable and secure option)
- *
- * MBEDTLS_SSL_LEGACY_ALLOW_RENEGOTIATION allows renegotiations
- * with non-upgraded peers. Allowing legacy renegotiation
- * makes the connection vulnerable to specific man in the
- * middle attacks. (See RFC 5746)
- * (Most interoperable and least secure option)
- *
- * MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE breaks off connections
- * if peer does not support secure renegotiation. Results
- * in interoperability issues with non-upgraded peers
- * that do not support renegotiation altogether.
- * (Most secure option, interoperability issues)
- *
- * \param conf SSL configuration
- * \param allow_legacy Prevent or allow (SSL_NO_LEGACY_RENEGOTIATION,
- * SSL_ALLOW_LEGACY_RENEGOTIATION or
- * MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE)
- */
-void mbedtls_ssl_conf_legacy_renegotiation( mbedtls_ssl_config *conf, int allow_legacy );
-
-#if defined(MBEDTLS_SSL_RENEGOTIATION)
-/**
- * \brief Enforce renegotiation requests.
- * (Default: enforced, max_records = 16)
- *
- * When we request a renegotiation, the peer can comply or
- * ignore the request. This function allows us to decide
- * whether to enforce our renegotiation requests by closing
- * the connection if the peer doesn't comply.
- *
- * However, records could already be in transit from the peer
- * when the request is emitted. In order to increase
- * reliability, we can accept a number of records before the
- * expected handshake records.
- *
- * The optimal value is highly dependent on the specific usage
- * scenario.
- *
- * \note With DTLS and server-initiated renegotiation, the
- * HelloRequest is retransmited every time mbedtls_ssl_read() times
- * out or receives Application Data, until:
- * - max_records records have beens seen, if it is >= 0, or
- * - the number of retransmits that would happen during an
- * actual handshake has been reached.
- * Please remember the request might be lost a few times
- * if you consider setting max_records to a really low value.
- *
- * \warning On client, the grace period can only happen during
- * mbedtls_ssl_read(), as opposed to mbedtls_ssl_write() and mbedtls_ssl_renegotiate()
- * which always behave as if max_record was 0. The reason is,
- * if we receive application data from the server, we need a
- * place to write it, which only happens during mbedtls_ssl_read().
- *
- * \param conf SSL configuration
- * \param max_records Use MBEDTLS_SSL_RENEGOTIATION_NOT_ENFORCED if you don't want to
- * enforce renegotiation, or a non-negative value to enforce
- * it but allow for a grace period of max_records records.
- */
-void mbedtls_ssl_conf_renegotiation_enforced( mbedtls_ssl_config *conf, int max_records );
-
-/**
- * \brief Set record counter threshold for periodic renegotiation.
- * (Default: 2^48 - 1)
- *
- * Renegotiation is automatically triggered when a record
- * counter (outgoing or incoming) crosses the defined
- * threshold. The default value is meant to prevent the
- * connection from being closed when the counter is about to
- * reached its maximal value (it is not allowed to wrap).
- *
- * Lower values can be used to enforce policies such as "keys
- * must be refreshed every N packets with cipher X".
- *
- * The renegotiation period can be disabled by setting
- * conf->disable_renegotiation to
- * MBEDTLS_SSL_RENEGOTIATION_DISABLED.
- *
- * \note When the configured transport is
- * MBEDTLS_SSL_TRANSPORT_DATAGRAM the maximum renegotiation
- * period is 2^48 - 1, and for MBEDTLS_SSL_TRANSPORT_STREAM,
- * the maximum renegotiation period is 2^64 - 1.
- *
- * \param conf SSL configuration
- * \param period The threshold value: a big-endian 64-bit number.
- */
-void mbedtls_ssl_conf_renegotiation_period( mbedtls_ssl_config *conf,
- const unsigned char period[8] );
-#endif /* MBEDTLS_SSL_RENEGOTIATION */
-
-/**
- * \brief Check if there is data already read from the
- * underlying transport but not yet processed.
- *
- * \param ssl SSL context
- *
- * \return 0 if nothing's pending, 1 otherwise.
- *
- * \note This is different in purpose and behaviour from
- * \c mbedtls_ssl_get_bytes_avail in that it considers
- * any kind of unprocessed data, not only unread
- * application data. If \c mbedtls_ssl_get_bytes
- * returns a non-zero value, this function will
- * also signal pending data, but the converse does
- * not hold. For example, in DTLS there might be
- * further records waiting to be processed from
- * the current underlying transport's datagram.
- *
- * \note If this function returns 1 (data pending), this
- * does not imply that a subsequent call to
- * \c mbedtls_ssl_read will provide any data;
- * e.g., the unprocessed data might turn out
- * to be an alert or a handshake message.
- *
- * \note This function is useful in the following situation:
- * If the SSL/TLS module successfully returns from an
- * operation - e.g. a handshake or an application record
- * read - and you're awaiting incoming data next, you
- * must not immediately idle on the underlying transport
- * to have data ready, but you need to check the value
- * of this function first. The reason is that the desired
- * data might already be read but not yet processed.
- * If, in contrast, a previous call to the SSL/TLS module
- * returned MBEDTLS_ERR_SSL_WANT_READ, it is not necessary
- * to call this function, as the latter error code entails
- * that all internal data has been processed.
- *
- */
-int mbedtls_ssl_check_pending( const mbedtls_ssl_context *ssl );
-
-/**
- * \brief Return the number of application data bytes
- * remaining to be read from the current record.
- *
- * \param ssl SSL context
- *
- * \return How many bytes are available in the application
- * data record read buffer.
- *
- * \note When working over a datagram transport, this is
- * useful to detect the current datagram's boundary
- * in case \c mbedtls_ssl_read has written the maximal
- * amount of data fitting into the input buffer.
- *
- */
-size_t mbedtls_ssl_get_bytes_avail( const mbedtls_ssl_context *ssl );
-
-/**
- * \brief Return the result of the certificate verification
- *
- * \param ssl The SSL context to use.
- *
- * \return \c 0 if the certificate verification was successful.
- * \return \c -1u if the result is not available. This may happen
- * e.g. if the handshake aborts early, or a verification
- * callback returned a fatal error.
- * \return A bitwise combination of \c MBEDTLS_X509_BADCERT_XXX
- * and \c MBEDTLS_X509_BADCRL_XXX failure flags; see x509.h.
- */
-uint32_t mbedtls_ssl_get_verify_result( const mbedtls_ssl_context *ssl );
-
-/**
- * \brief Return the name of the current ciphersuite
- *
- * \param ssl SSL context
- *
- * \return a string containing the ciphersuite name
- */
-const char *mbedtls_ssl_get_ciphersuite( const mbedtls_ssl_context *ssl );
-
-/**
- * \brief Return the current TLS version
- *
- * \param ssl SSL context
- *
- * \return a string containing the TLS version
- */
-const char *mbedtls_ssl_get_version( const mbedtls_ssl_context *ssl );
-
-/**
- * \brief Return the (maximum) number of bytes added by the record
- * layer: header + encryption/MAC overhead (inc. padding)
- *
- * \param ssl SSL context
- *
- * \return Current maximum record expansion in bytes
- */
-int mbedtls_ssl_get_record_expansion( const mbedtls_ssl_context *ssl );
-
-/**
- * \brief Return the current maximum outgoing record payload in bytes.
- *
- * \note The logic to determine the maximum outgoing record payload is
- * version-specific. It takes into account various factors, such as
- * the mbedtls_config.h setting \c MBEDTLS_SSL_OUT_CONTENT_LEN, extensions
- * such as the max fragment length or record size limit extension if
- * used, and for DTLS the path MTU as configured and current
- * record expansion.
- *
- * \note With DTLS, \c mbedtls_ssl_write() will return an error if
- * called with a larger length value.
- * With TLS, \c mbedtls_ssl_write() will fragment the input if
- * necessary and return the number of bytes written; it is up
- * to the caller to call \c mbedtls_ssl_write() again in
- * order to send the remaining bytes if any.
- *
- * \sa mbedtls_ssl_get_max_out_record_payload()
- * \sa mbedtls_ssl_get_record_expansion()
- *
- * \param ssl SSL context
- *
- * \return Current maximum payload for an outgoing record,
- * or a negative error code.
- */
-int mbedtls_ssl_get_max_out_record_payload( const mbedtls_ssl_context *ssl );
-
-/**
- * \brief Return the current maximum incoming record payload in bytes.
- *
- * \note The logic to determine the maximum outgoing record payload is
- * version-specific. It takes into account various factors, such as
- * the mbedtls_config.h setting \c MBEDTLS_SSL_IN_CONTENT_LEN, extensions
- * such as the max fragment length extension or record size limit
- * extension if used, and the current record expansion.
- *
- * \sa mbedtls_ssl_set_mtu()
- * \sa mbedtls_ssl_get_max_in_record_payload()
- * \sa mbedtls_ssl_get_record_expansion()
- *
- * \param ssl SSL context
- *
- * \return Current maximum payload for an outgoing record,
- * or a negative error code.
- */
-int mbedtls_ssl_get_max_in_record_payload( const mbedtls_ssl_context *ssl );
-
-#if defined(MBEDTLS_X509_CRT_PARSE_C)
-/**
- * \brief Return the peer certificate from the current connection.
- *
- * \param ssl The SSL context to use. This must be initialized and setup.
- *
- * \return The current peer certificate, if available.
- * The returned certificate is owned by the SSL context and
- * is valid only until the next call to the SSL API.
- * \return \c NULL if no peer certificate is available. This might
- * be because the chosen ciphersuite doesn't use CRTs
- * (PSK-based ciphersuites, for example), or because
- * #MBEDTLS_SSL_KEEP_PEER_CERTIFICATE has been disabled,
- * allowing the stack to free the peer's CRT to save memory.
- *
- * \note For one-time inspection of the peer's certificate during
- * the handshake, consider registering an X.509 CRT verification
- * callback through mbedtls_ssl_conf_verify() instead of calling
- * this function. Using mbedtls_ssl_conf_verify() also comes at
- * the benefit of allowing you to influence the verification
- * process, for example by masking expected and tolerated
- * verification failures.
- *
- * \warning You must not use the pointer returned by this function
- * after any further call to the SSL API, including
- * mbedtls_ssl_read() and mbedtls_ssl_write(); this is
- * because the pointer might change during renegotiation,
- * which happens transparently to the user.
- * If you want to use the certificate across API calls,
- * you must make a copy.
- */
-const mbedtls_x509_crt *mbedtls_ssl_get_peer_cert( const mbedtls_ssl_context *ssl );
-#endif /* MBEDTLS_X509_CRT_PARSE_C */
-
-#if defined(MBEDTLS_SSL_CLI_C)
-/**
- * \brief Export a session in order to resume it later.
- *
- * \param ssl The SSL context representing the connection for which to
- * to export a session structure for later resumption.
- * \param session The target structure in which to store the exported session.
- * This must have been initialized with mbedtls_ssl_init_session()
- * but otherwise be unused.
- *
- * \note This function can handle a variety of mechanisms for session
- * resumption: For TLS 1.2, both session ID-based resumption and
- * ticket-based resumption will be considered. For TLS 1.3,
- * once implemented, sessions equate to tickets, and calling
- * this function multiple times will export the available
- * tickets one a time until no further tickets are available,
- * in which case MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE will
- * be returned.
- *
- * \note Calling this function multiple times will only be useful
- * once TLS 1.3 is supported. For TLS 1.2 connections, this
- * function should be called at most once.
- *
- * \return \c 0 if successful. In this case, \p session can be used for
- * session resumption by passing it to mbedtls_ssl_set_session(),
- * and serialized for storage via mbedtls_ssl_session_save().
- * \return #MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE if no further session
- * is available for export.
- * This error is a non-fatal, and has no observable effect on
- * the SSL context or the destination session.
- * \return Another negative error code on other kinds of failure.
- *
- * \sa mbedtls_ssl_set_session()
- * \sa mbedtls_ssl_session_save()
- */
-int mbedtls_ssl_get_session( const mbedtls_ssl_context *ssl,
- mbedtls_ssl_session *session );
-#endif /* MBEDTLS_SSL_CLI_C */
-
-/**
- * \brief Perform the SSL handshake
- *
- * \param ssl SSL context
- *
- * \return \c 0 if successful.
- * \return #MBEDTLS_ERR_SSL_WANT_READ or #MBEDTLS_ERR_SSL_WANT_WRITE
- * if the handshake is incomplete and waiting for data to
- * be available for reading from or writing to the underlying
- * transport - in this case you must call this function again
- * when the underlying transport is ready for the operation.
- * \return #MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS if an asynchronous
- * operation is in progress (see
- * mbedtls_ssl_conf_async_private_cb()) - in this case you
- * must call this function again when the operation is ready.
- * \return #MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS if a cryptographic
- * operation is in progress (see mbedtls_ecp_set_max_ops()) -
- * in this case you must call this function again to complete
- * the handshake when you're done attending other tasks.
- * \return #MBEDTLS_ERR_SSL_HELLO_VERIFY_REQUIRED if DTLS is in use
- * and the client did not demonstrate reachability yet - in
- * this case you must stop using the context (see below).
- * \return Another SSL error code - in this case you must stop using
- * the context (see below).
- *
- * \warning If this function returns something other than
- * \c 0,
- * #MBEDTLS_ERR_SSL_WANT_READ,
- * #MBEDTLS_ERR_SSL_WANT_WRITE,
- * #MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS or
- * #MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS,
- * you must stop using the SSL context for reading or writing,
- * and either free it or call \c mbedtls_ssl_session_reset()
- * on it before re-using it for a new connection; the current
- * connection must be closed.
- *
- * \note If DTLS is in use, then you may choose to handle
- * #MBEDTLS_ERR_SSL_HELLO_VERIFY_REQUIRED specially for logging
- * purposes, as it is an expected return value rather than an
- * actual error, but you still need to reset/free the context.
- *
- * \note Remarks regarding event-driven DTLS:
- * If the function returns #MBEDTLS_ERR_SSL_WANT_READ, no datagram
- * from the underlying transport layer is currently being processed,
- * and it is safe to idle until the timer or the underlying transport
- * signal a new event. This is not true for a successful handshake,
- * in which case the datagram of the underlying transport that is
- * currently being processed might or might not contain further
- * DTLS records.
- */
-int mbedtls_ssl_handshake( mbedtls_ssl_context *ssl );
-
-/**
- * \brief Perform a single step of the SSL handshake
- *
- * \note The state of the context (ssl->state) will be at
- * the next state after this function returns \c 0. Do not
- * call this function if state is MBEDTLS_SSL_HANDSHAKE_OVER.
- *
- * \param ssl SSL context
- *
- * \return See mbedtls_ssl_handshake().
- *
- * \warning If this function returns something other than \c 0,
- * #MBEDTLS_ERR_SSL_WANT_READ, #MBEDTLS_ERR_SSL_WANT_WRITE,
- * #MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS or
- * #MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS, you must stop using
- * the SSL context for reading or writing, and either free it
- * or call \c mbedtls_ssl_session_reset() on it before
- * re-using it for a new connection; the current connection
- * must be closed.
- */
-int mbedtls_ssl_handshake_step( mbedtls_ssl_context *ssl );
-
-#if defined(MBEDTLS_SSL_RENEGOTIATION)
-/**
- * \brief Initiate an SSL renegotiation on the running connection.
- * Client: perform the renegotiation right now.
- * Server: request renegotiation, which will be performed
- * during the next call to mbedtls_ssl_read() if honored by
- * client.
- *
- * \param ssl SSL context
- *
- * \return 0 if successful, or any mbedtls_ssl_handshake() return
- * value except #MBEDTLS_ERR_SSL_CLIENT_RECONNECT that can't
- * happen during a renegotiation.
- *
- * \warning If this function returns something other than \c 0,
- * #MBEDTLS_ERR_SSL_WANT_READ, #MBEDTLS_ERR_SSL_WANT_WRITE,
- * #MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS or
- * #MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS, you must stop using
- * the SSL context for reading or writing, and either free it
- * or call \c mbedtls_ssl_session_reset() on it before
- * re-using it for a new connection; the current connection
- * must be closed.
- *
- */
-int mbedtls_ssl_renegotiate( mbedtls_ssl_context *ssl );
-#endif /* MBEDTLS_SSL_RENEGOTIATION */
-
-/**
- * \brief Read at most 'len' application data bytes
- *
- * \param ssl SSL context
- * \param buf buffer that will hold the data
- * \param len maximum number of bytes to read
- *
- * \return The (positive) number of bytes read if successful.
- * \return \c 0 if the read end of the underlying transport was closed
- * without sending a CloseNotify beforehand, which might happen
- * because of various reasons (internal error of an underlying
- * stack, non-conformant peer not sending a CloseNotify and
- * such) - in this case you must stop using the context
- * (see below).
- * \return #MBEDTLS_ERR_SSL_PEER_CLOSE_NOTIFY if the underlying
- * transport is still functional, but the peer has
- * acknowledged to not send anything anymore.
- * \return #MBEDTLS_ERR_SSL_WANT_READ or #MBEDTLS_ERR_SSL_WANT_WRITE
- * if the handshake is incomplete and waiting for data to
- * be available for reading from or writing to the underlying
- * transport - in this case you must call this function again
- * when the underlying transport is ready for the operation.
- * \return #MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS if an asynchronous
- * operation is in progress (see
- * mbedtls_ssl_conf_async_private_cb()) - in this case you
- * must call this function again when the operation is ready.
- * \return #MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS if a cryptographic
- * operation is in progress (see mbedtls_ecp_set_max_ops()) -
- * in this case you must call this function again to complete
- * the handshake when you're done attending other tasks.
- * \return #MBEDTLS_ERR_SSL_CLIENT_RECONNECT if we're at the server
- * side of a DTLS connection and the client is initiating a
- * new connection using the same source port. See below.
- * \return Another SSL error code - in this case you must stop using
- * the context (see below).
- *
- * \warning If this function returns something other than
- * a positive value,
- * #MBEDTLS_ERR_SSL_WANT_READ,
- * #MBEDTLS_ERR_SSL_WANT_WRITE,
- * #MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS,
- * #MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS or
- * #MBEDTLS_ERR_SSL_CLIENT_RECONNECT,
- * you must stop using the SSL context for reading or writing,
- * and either free it or call \c mbedtls_ssl_session_reset()
- * on it before re-using it for a new connection; the current
- * connection must be closed.
- *
- * \note When this function returns #MBEDTLS_ERR_SSL_CLIENT_RECONNECT
- * (which can only happen server-side), it means that a client
- * is initiating a new connection using the same source port.
- * You can either treat that as a connection close and wait
- * for the client to resend a ClientHello, or directly
- * continue with \c mbedtls_ssl_handshake() with the same
- * context (as it has been reset internally). Either way, you
- * must make sure this is seen by the application as a new
- * connection: application state, if any, should be reset, and
- * most importantly the identity of the client must be checked
- * again. WARNING: not validating the identity of the client
- * again, or not transmitting the new identity to the
- * application layer, would allow authentication bypass!
- *
- * \note Remarks regarding event-driven DTLS:
- * - If the function returns #MBEDTLS_ERR_SSL_WANT_READ, no datagram
- * from the underlying transport layer is currently being processed,
- * and it is safe to idle until the timer or the underlying transport
- * signal a new event.
- * - This function may return MBEDTLS_ERR_SSL_WANT_READ even if data was
- * initially available on the underlying transport, as this data may have
- * been only e.g. duplicated messages or a renegotiation request.
- * Therefore, you must be prepared to receive MBEDTLS_ERR_SSL_WANT_READ even
- * when reacting to an incoming-data event from the underlying transport.
- * - On success, the datagram of the underlying transport that is currently
- * being processed may contain further DTLS records. You should call
- * \c mbedtls_ssl_check_pending to check for remaining records.
- *
- */
-int mbedtls_ssl_read( mbedtls_ssl_context *ssl, unsigned char *buf, size_t len );
-
-/**
- * \brief Try to write exactly 'len' application data bytes
- *
- * \warning This function will do partial writes in some cases. If the
- * return value is non-negative but less than length, the
- * function must be called again with updated arguments:
- * buf + ret, len - ret (if ret is the return value) until
- * it returns a value equal to the last 'len' argument.
- *
- * \param ssl SSL context
- * \param buf buffer holding the data
- * \param len how many bytes must be written
- *
- * \return The (non-negative) number of bytes actually written if
- * successful (may be less than \p len).
- * \return #MBEDTLS_ERR_SSL_WANT_READ or #MBEDTLS_ERR_SSL_WANT_WRITE
- * if the handshake is incomplete and waiting for data to
- * be available for reading from or writing to the underlying
- * transport - in this case you must call this function again
- * when the underlying transport is ready for the operation.
- * \return #MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS if an asynchronous
- * operation is in progress (see
- * mbedtls_ssl_conf_async_private_cb()) - in this case you
- * must call this function again when the operation is ready.
- * \return #MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS if a cryptographic
- * operation is in progress (see mbedtls_ecp_set_max_ops()) -
- * in this case you must call this function again to complete
- * the handshake when you're done attending other tasks.
- * \return Another SSL error code - in this case you must stop using
- * the context (see below).
- *
- * \warning If this function returns something other than
- * a non-negative value,
- * #MBEDTLS_ERR_SSL_WANT_READ,
- * #MBEDTLS_ERR_SSL_WANT_WRITE,
- * #MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS or
- * #MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS,
- * you must stop using the SSL context for reading or writing,
- * and either free it or call \c mbedtls_ssl_session_reset()
- * on it before re-using it for a new connection; the current
- * connection must be closed.
- *
- * \note When this function returns #MBEDTLS_ERR_SSL_WANT_WRITE/READ,
- * it must be called later with the *same* arguments,
- * until it returns a value greater that or equal to 0. When
- * the function returns #MBEDTLS_ERR_SSL_WANT_WRITE there may be
- * some partial data in the output buffer, however this is not
- * yet sent.
- *
- * \note If the requested length is greater than the maximum
- * fragment length (either the built-in limit or the one set
- * or negotiated with the peer), then:
- * - with TLS, less bytes than requested are written.
- * - with DTLS, MBEDTLS_ERR_SSL_BAD_INPUT_DATA is returned.
- * \c mbedtls_ssl_get_max_out_record_payload() may be used to
- * query the active maximum fragment length.
- *
- * \note Attempting to write 0 bytes will result in an empty TLS
- * application record being sent.
- */
-int mbedtls_ssl_write( mbedtls_ssl_context *ssl, const unsigned char *buf, size_t len );
-
-/**
- * \brief Send an alert message
- *
- * \param ssl SSL context
- * \param level The alert level of the message
- * (MBEDTLS_SSL_ALERT_LEVEL_WARNING or MBEDTLS_SSL_ALERT_LEVEL_FATAL)
- * \param message The alert message (SSL_ALERT_MSG_*)
- *
- * \return 0 if successful, or a specific SSL error code.
- *
- * \note If this function returns something other than 0 or
- * MBEDTLS_ERR_SSL_WANT_READ/WRITE, you must stop using
- * the SSL context for reading or writing, and either free it or
- * call \c mbedtls_ssl_session_reset() on it before re-using it
- * for a new connection; the current connection must be closed.
- */
-int mbedtls_ssl_send_alert_message( mbedtls_ssl_context *ssl,
- unsigned char level,
- unsigned char message );
-/**
- * \brief Notify the peer that the connection is being closed
- *
- * \param ssl SSL context
- *
- * \return 0 if successful, or a specific SSL error code.
- *
- * \note If this function returns something other than 0 or
- * MBEDTLS_ERR_SSL_WANT_READ/WRITE, you must stop using
- * the SSL context for reading or writing, and either free it or
- * call \c mbedtls_ssl_session_reset() on it before re-using it
- * for a new connection; the current connection must be closed.
- */
-int mbedtls_ssl_close_notify( mbedtls_ssl_context *ssl );
-
-/**
- * \brief Free referenced items in an SSL context and clear memory
- *
- * \param ssl SSL context
- */
-void mbedtls_ssl_free( mbedtls_ssl_context *ssl );
-
-#if defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION)
-/**
- * \brief Save an active connection as serialized data in a buffer.
- * This allows the freeing or re-using of the SSL context
- * while still picking up the connection later in a way that
- * it entirely transparent to the peer.
- *
- * \see mbedtls_ssl_context_load()
- *
- * \note This feature is currently only available under certain
- * conditions, see the documentation of the return value
- * #MBEDTLS_ERR_SSL_BAD_INPUT_DATA for details.
- *
- * \note When this function succeeds, it calls
- * mbedtls_ssl_session_reset() on \p ssl which as a result is
- * no longer associated with the connection that has been
- * serialized. This avoids creating copies of the connection
- * state. You're then free to either re-use the context
- * structure for a different connection, or call
- * mbedtls_ssl_free() on it. See the documentation of
- * mbedtls_ssl_session_reset() for more details.
- *
- * \param ssl The SSL context to save. On success, it is no longer
- * associated with the connection that has been serialized.
- * \param buf The buffer to write the serialized data to. It must be a
- * writeable buffer of at least \p buf_len bytes, or may be \c
- * NULL if \p buf_len is \c 0.
- * \param buf_len The number of bytes available for writing in \p buf.
- * \param olen The size in bytes of the data that has been or would have
- * been written. It must point to a valid \c size_t.
- *
- * \note \p olen is updated to the correct value regardless of
- * whether \p buf_len was large enough. This makes it possible
- * to determine the necessary size by calling this function
- * with \p buf set to \c NULL and \p buf_len to \c 0. However,
- * the value of \p olen is only guaranteed to be correct when
- * the function returns #MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL or
- * \c 0. If the return value is different, then the value of
- * \p olen is undefined.
- *
- * \return \c 0 if successful.
- * \return #MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL if \p buf is too small.
- * \return #MBEDTLS_ERR_SSL_ALLOC_FAILED if memory allocation failed
- * while reseting the context.
- * \return #MBEDTLS_ERR_SSL_BAD_INPUT_DATA if a handshake is in
- * progress, or there is pending data for reading or sending,
- * or the connection does not use DTLS 1.2 with an AEAD
- * ciphersuite, or renegotiation is enabled.
- */
-int mbedtls_ssl_context_save( mbedtls_ssl_context *ssl,
- unsigned char *buf,
- size_t buf_len,
- size_t *olen );
-
-/**
- * \brief Load serialized connection data to an SSL context.
- *
- * \see mbedtls_ssl_context_save()
- *
- * \warning The same serialized data must never be loaded into more
- * that one context. In order to ensure that, after
- * successfully loading serialized data to an SSL context, you
- * should immediately destroy or invalidate all copies of the
- * serialized data that was loaded. Loading the same data in
- * more than one context would cause severe security failures
- * including but not limited to loss of confidentiality.
- *
- * \note Before calling this function, the SSL context must be
- * prepared in one of the two following ways. The first way is
- * to take a context freshly initialised with
- * mbedtls_ssl_init() and call mbedtls_ssl_setup() on it with
- * the same ::mbedtls_ssl_config structure that was used in
- * the original connection. The second way is to
- * call mbedtls_ssl_session_reset() on a context that was
- * previously prepared as above but used in the meantime.
- * Either way, you must not use the context to perform a
- * handshake between calling mbedtls_ssl_setup() or
- * mbedtls_ssl_session_reset() and calling this function. You
- * may however call other setter functions in that time frame
- * as indicated in the note below.
- *
- * \note Before or after calling this function successfully, you
- * also need to configure some connection-specific callbacks
- * and settings before you can use the connection again
- * (unless they were already set before calling
- * mbedtls_ssl_session_reset() and the values are suitable for
- * the present connection). Specifically, you want to call
- * at least mbedtls_ssl_set_bio() and
- * mbedtls_ssl_set_timer_cb(). All other SSL setter functions
- * are not necessary to call, either because they're only used
- * in handshakes, or because the setting is already saved. You
- * might choose to call them anyway, for example in order to
- * share code between the cases of establishing a new
- * connection and the case of loading an already-established
- * connection.
- *
- * \note If you have new information about the path MTU, you want to
- * call mbedtls_ssl_set_mtu() after calling this function, as
- * otherwise this function would overwrite your
- * newly-configured value with the value that was active when
- * the context was saved.
- *
- * \note When this function returns an error code, it calls
- * mbedtls_ssl_free() on \p ssl. In this case, you need to
- * prepare the context with the usual sequence starting with a
- * call to mbedtls_ssl_init() if you want to use it again.
- *
- * \param ssl The SSL context structure to be populated. It must have
- * been prepared as described in the note above.
- * \param buf The buffer holding the serialized connection data. It must
- * be a readable buffer of at least \p len bytes.
- * \param len The size of the serialized data in bytes.
- *
- * \return \c 0 if successful.
- * \return #MBEDTLS_ERR_SSL_ALLOC_FAILED if memory allocation failed.
- * \return #MBEDTLS_ERR_SSL_VERSION_MISMATCH if the serialized data
- * comes from a different Mbed TLS version or build.
- * \return #MBEDTLS_ERR_SSL_BAD_INPUT_DATA if input data is invalid.
- */
-int mbedtls_ssl_context_load( mbedtls_ssl_context *ssl,
- const unsigned char *buf,
- size_t len );
-#endif /* MBEDTLS_SSL_CONTEXT_SERIALIZATION */
-
-/**
- * \brief Initialize an SSL configuration context
- * Just makes the context ready for
- * mbedtls_ssl_config_defaults() or mbedtls_ssl_config_free().
- *
- * \note You need to call mbedtls_ssl_config_defaults() unless you
- * manually set all of the relevant fields yourself.
- *
- * \param conf SSL configuration context
- */
-void mbedtls_ssl_config_init( mbedtls_ssl_config *conf );
-
-/**
- * \brief Load reasonnable default SSL configuration values.
- * (You need to call mbedtls_ssl_config_init() first.)
- *
- * \param conf SSL configuration context
- * \param endpoint MBEDTLS_SSL_IS_CLIENT or MBEDTLS_SSL_IS_SERVER
- * \param transport MBEDTLS_SSL_TRANSPORT_STREAM for TLS, or
- * MBEDTLS_SSL_TRANSPORT_DATAGRAM for DTLS
- * \param preset a MBEDTLS_SSL_PRESET_XXX value
- *
- * \note See \c mbedtls_ssl_conf_transport() for notes on DTLS.
- *
- * \return 0 if successful, or
- * MBEDTLS_ERR_XXX_ALLOC_FAILED on memory allocation error.
- */
-int mbedtls_ssl_config_defaults( mbedtls_ssl_config *conf,
- int endpoint, int transport, int preset );
-
-/**
- * \brief Free an SSL configuration context
- *
- * \param conf SSL configuration context
- */
-void mbedtls_ssl_config_free( mbedtls_ssl_config *conf );
-
-/**
- * \brief Initialize SSL session structure
- *
- * \param session SSL session
- */
-void mbedtls_ssl_session_init( mbedtls_ssl_session *session );
-
-/**
- * \brief Free referenced items in an SSL session including the
- * peer certificate and clear memory
- *
- * \note A session object can be freed even if the SSL context
- * that was used to retrieve the session is still in use.
- *
- * \param session SSL session
- */
-void mbedtls_ssl_session_free( mbedtls_ssl_session *session );
-
-/**
- * \brief TLS-PRF function for key derivation.
- *
- * \param prf The tls_prf type function type to be used.
- * \param secret Secret for the key derivation function.
- * \param slen Length of the secret.
- * \param label String label for the key derivation function,
- * terminated with null character.
- * \param random Random bytes.
- * \param rlen Length of the random bytes buffer.
- * \param dstbuf The buffer holding the derived key.
- * \param dlen Length of the output buffer.
- *
- * \return 0 on success. An SSL specific error on failure.
- */
-int mbedtls_ssl_tls_prf( const mbedtls_tls_prf_types prf,
- const unsigned char *secret, size_t slen,
- const char *label,
- const unsigned char *random, size_t rlen,
- unsigned char *dstbuf, size_t dlen );
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* ssl.h */
diff --git a/mbedtls/ssl_cache.h b/mbedtls/ssl_cache.h
deleted file mode 100644
index 6a81ac9..0000000
--- a/mbedtls/ssl_cache.h
+++ /dev/null
@@ -1,161 +0,0 @@
-/**
- * \file ssl_cache.h
- *
- * \brief SSL session cache implementation
- */
-/*
- * Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-#ifndef MBEDTLS_SSL_CACHE_H
-#define MBEDTLS_SSL_CACHE_H
-#include "mbedtls/private_access.h"
-
-#include "mbedtls/build_info.h"
-
-#include "mbedtls/ssl.h"
-
-#if defined(MBEDTLS_THREADING_C)
-#include "mbedtls/threading.h"
-#endif
-
-/**
- * \name SECTION: Module settings
- *
- * The configuration options you can set for this module are in this section.
- * Either change them in mbedtls_config.h or define them on the compiler command line.
- * \{
- */
-
-#if !defined(MBEDTLS_SSL_CACHE_DEFAULT_TIMEOUT)
-#define MBEDTLS_SSL_CACHE_DEFAULT_TIMEOUT 86400 /*!< 1 day */
-#endif
-
-#if !defined(MBEDTLS_SSL_CACHE_DEFAULT_MAX_ENTRIES)
-#define MBEDTLS_SSL_CACHE_DEFAULT_MAX_ENTRIES 50 /*!< Maximum entries in cache */
-#endif
-
-/* \} name SECTION: Module settings */
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-typedef struct mbedtls_ssl_cache_context mbedtls_ssl_cache_context;
-typedef struct mbedtls_ssl_cache_entry mbedtls_ssl_cache_entry;
-
-/**
- * \brief This structure is used for storing cache entries
- */
-struct mbedtls_ssl_cache_entry
-{
-#if defined(MBEDTLS_HAVE_TIME)
- mbedtls_time_t MBEDTLS_PRIVATE(timestamp); /*!< entry timestamp */
-#endif
-
- unsigned char MBEDTLS_PRIVATE(session_id)[32]; /*!< session ID */
- size_t MBEDTLS_PRIVATE(session_id_len);
-
- unsigned char *MBEDTLS_PRIVATE(session); /*!< serialized session */
- size_t MBEDTLS_PRIVATE(session_len);
-
- mbedtls_ssl_cache_entry *MBEDTLS_PRIVATE(next); /*!< chain pointer */
-};
-
-/**
- * \brief Cache context
- */
-struct mbedtls_ssl_cache_context
-{
- mbedtls_ssl_cache_entry *MBEDTLS_PRIVATE(chain); /*!< start of the chain */
- int MBEDTLS_PRIVATE(timeout); /*!< cache entry timeout */
- int MBEDTLS_PRIVATE(max_entries); /*!< maximum entries */
-#if defined(MBEDTLS_THREADING_C)
- mbedtls_threading_mutex_t MBEDTLS_PRIVATE(mutex); /*!< mutex */
-#endif
-};
-
-/**
- * \brief Initialize an SSL cache context
- *
- * \param cache SSL cache context
- */
-void mbedtls_ssl_cache_init( mbedtls_ssl_cache_context *cache );
-
-/**
- * \brief Cache get callback implementation
- * (Thread-safe if MBEDTLS_THREADING_C is enabled)
- *
- * \param data The SSL cache context to use.
- * \param session_id The pointer to the buffer holding the session ID
- * for the session to load.
- * \param session_id_len The length of \p session_id in bytes.
- * \param session The address at which to store the session
- * associated with \p session_id, if present.
- */
-int mbedtls_ssl_cache_get( void *data,
- unsigned char const *session_id,
- size_t session_id_len,
- mbedtls_ssl_session *session );
-
-/**
- * \brief Cache set callback implementation
- * (Thread-safe if MBEDTLS_THREADING_C is enabled)
- *
- * \param data The SSL cache context to use.
- * \param session_id The pointer to the buffer holding the session ID
- * associated to \p session.
- * \param session_id_len The length of \p session_id in bytes.
- * \param session The session to store.
- */
-int mbedtls_ssl_cache_set( void *data,
- unsigned char const *session_id,
- size_t session_id_len,
- const mbedtls_ssl_session *session );
-
-#if defined(MBEDTLS_HAVE_TIME)
-/**
- * \brief Set the cache timeout
- * (Default: MBEDTLS_SSL_CACHE_DEFAULT_TIMEOUT (1 day))
- *
- * A timeout of 0 indicates no timeout.
- *
- * \param cache SSL cache context
- * \param timeout cache entry timeout in seconds
- */
-void mbedtls_ssl_cache_set_timeout( mbedtls_ssl_cache_context *cache, int timeout );
-#endif /* MBEDTLS_HAVE_TIME */
-
-/**
- * \brief Set the maximum number of cache entries
- * (Default: MBEDTLS_SSL_CACHE_DEFAULT_MAX_ENTRIES (50))
- *
- * \param cache SSL cache context
- * \param max cache entry maximum
- */
-void mbedtls_ssl_cache_set_max_entries( mbedtls_ssl_cache_context *cache, int max );
-
-/**
- * \brief Free referenced items in a cache context and clear memory
- *
- * \param cache SSL cache context
- */
-void mbedtls_ssl_cache_free( mbedtls_ssl_cache_context *cache );
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* ssl_cache.h */
diff --git a/mbedtls/ssl_ciphersuites.h b/mbedtls/ssl_ciphersuites.h
deleted file mode 100644
index 18e7c98..0000000
--- a/mbedtls/ssl_ciphersuites.h
+++ /dev/null
@@ -1,535 +0,0 @@
-/**
- * \file ssl_ciphersuites.h
- *
- * \brief SSL Ciphersuites for mbed TLS
- */
-/*
- * Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-#ifndef MBEDTLS_SSL_CIPHERSUITES_H
-#define MBEDTLS_SSL_CIPHERSUITES_H
-#include "mbedtls/private_access.h"
-
-#include "mbedtls/build_info.h"
-
-#include "mbedtls/pk.h"
-#include "mbedtls/cipher.h"
-#include "mbedtls/md.h"
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/*
- * Supported ciphersuites (Official IANA names)
- */
-#define MBEDTLS_TLS_RSA_WITH_NULL_MD5 0x01 /**< Weak! */
-#define MBEDTLS_TLS_RSA_WITH_NULL_SHA 0x02 /**< Weak! */
-
-#define MBEDTLS_TLS_PSK_WITH_NULL_SHA 0x2C /**< Weak! */
-#define MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA 0x2D /**< Weak! */
-#define MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA 0x2E /**< Weak! */
-#define MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA 0x2F
-
-#define MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA 0x33
-#define MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA 0x35
-#define MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA 0x39
-
-#define MBEDTLS_TLS_RSA_WITH_NULL_SHA256 0x3B /**< Weak! */
-#define MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA256 0x3C /**< TLS 1.2 */
-#define MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA256 0x3D /**< TLS 1.2 */
-
-#define MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA 0x41
-#define MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA 0x45
-
-#define MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 0x67 /**< TLS 1.2 */
-#define MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 0x6B /**< TLS 1.2 */
-
-#define MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA 0x84
-#define MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA 0x88
-
-#define MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA 0x8C
-#define MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA 0x8D
-
-#define MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA 0x90
-#define MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA 0x91
-
-#define MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA 0x94
-#define MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA 0x95
-
-#define MBEDTLS_TLS_RSA_WITH_AES_128_GCM_SHA256 0x9C /**< TLS 1.2 */
-#define MBEDTLS_TLS_RSA_WITH_AES_256_GCM_SHA384 0x9D /**< TLS 1.2 */
-#define MBEDTLS_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 0x9E /**< TLS 1.2 */
-#define MBEDTLS_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 0x9F /**< TLS 1.2 */
-
-#define MBEDTLS_TLS_PSK_WITH_AES_128_GCM_SHA256 0xA8 /**< TLS 1.2 */
-#define MBEDTLS_TLS_PSK_WITH_AES_256_GCM_SHA384 0xA9 /**< TLS 1.2 */
-#define MBEDTLS_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 0xAA /**< TLS 1.2 */
-#define MBEDTLS_TLS_DHE_PSK_WITH_AES_256_GCM_SHA384 0xAB /**< TLS 1.2 */
-#define MBEDTLS_TLS_RSA_PSK_WITH_AES_128_GCM_SHA256 0xAC /**< TLS 1.2 */
-#define MBEDTLS_TLS_RSA_PSK_WITH_AES_256_GCM_SHA384 0xAD /**< TLS 1.2 */
-
-#define MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA256 0xAE
-#define MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA384 0xAF
-#define MBEDTLS_TLS_PSK_WITH_NULL_SHA256 0xB0 /**< Weak! */
-#define MBEDTLS_TLS_PSK_WITH_NULL_SHA384 0xB1 /**< Weak! */
-
-#define MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256 0xB2
-#define MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA384 0xB3
-#define MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA256 0xB4 /**< Weak! */
-#define MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA384 0xB5 /**< Weak! */
-
-#define MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA256 0xB6
-#define MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA384 0xB7
-#define MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA256 0xB8 /**< Weak! */
-#define MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA384 0xB9 /**< Weak! */
-
-#define MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 0xBA /**< TLS 1.2 */
-#define MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 0xBE /**< TLS 1.2 */
-
-#define MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 0xC0 /**< TLS 1.2 */
-#define MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 0xC4 /**< TLS 1.2 */
-
-#define MBEDTLS_TLS_ECDH_ECDSA_WITH_NULL_SHA 0xC001 /**< Weak! */
-#define MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA 0xC004
-#define MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA 0xC005
-
-#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_NULL_SHA 0xC006 /**< Weak! */
-#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA 0xC009
-#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA 0xC00A
-
-#define MBEDTLS_TLS_ECDH_RSA_WITH_NULL_SHA 0xC00B /**< Weak! */
-#define MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA 0xC00E
-#define MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA 0xC00F
-
-#define MBEDTLS_TLS_ECDHE_RSA_WITH_NULL_SHA 0xC010 /**< Weak! */
-#define MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 0xC013
-#define MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 0xC014
-
-#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 0xC023 /**< TLS 1.2 */
-#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 0xC024 /**< TLS 1.2 */
-#define MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 0xC025 /**< TLS 1.2 */
-#define MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 0xC026 /**< TLS 1.2 */
-#define MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 0xC027 /**< TLS 1.2 */
-#define MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 0xC028 /**< TLS 1.2 */
-#define MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 0xC029 /**< TLS 1.2 */
-#define MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 0xC02A /**< TLS 1.2 */
-
-#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 0xC02B /**< TLS 1.2 */
-#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 0xC02C /**< TLS 1.2 */
-#define MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 0xC02D /**< TLS 1.2 */
-#define MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 0xC02E /**< TLS 1.2 */
-#define MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 0xC02F /**< TLS 1.2 */
-#define MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 0xC030 /**< TLS 1.2 */
-#define MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 0xC031 /**< TLS 1.2 */
-#define MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 0xC032 /**< TLS 1.2 */
-
-#define MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA 0xC035
-#define MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA 0xC036
-#define MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256 0xC037
-#define MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384 0xC038
-#define MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA 0xC039
-#define MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA256 0xC03A
-#define MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA384 0xC03B
-
-#define MBEDTLS_TLS_RSA_WITH_ARIA_128_CBC_SHA256 0xC03C /**< TLS 1.2 */
-#define MBEDTLS_TLS_RSA_WITH_ARIA_256_CBC_SHA384 0xC03D /**< TLS 1.2 */
-#define MBEDTLS_TLS_DHE_RSA_WITH_ARIA_128_CBC_SHA256 0xC044 /**< TLS 1.2 */
-#define MBEDTLS_TLS_DHE_RSA_WITH_ARIA_256_CBC_SHA384 0xC045 /**< TLS 1.2 */
-#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_128_CBC_SHA256 0xC048 /**< TLS 1.2 */
-#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_256_CBC_SHA384 0xC049 /**< TLS 1.2 */
-#define MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_128_CBC_SHA256 0xC04A /**< TLS 1.2 */
-#define MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_256_CBC_SHA384 0xC04B /**< TLS 1.2 */
-#define MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_128_CBC_SHA256 0xC04C /**< TLS 1.2 */
-#define MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_256_CBC_SHA384 0xC04D /**< TLS 1.2 */
-#define MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_128_CBC_SHA256 0xC04E /**< TLS 1.2 */
-#define MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_256_CBC_SHA384 0xC04F /**< TLS 1.2 */
-#define MBEDTLS_TLS_RSA_WITH_ARIA_128_GCM_SHA256 0xC050 /**< TLS 1.2 */
-#define MBEDTLS_TLS_RSA_WITH_ARIA_256_GCM_SHA384 0xC051 /**< TLS 1.2 */
-#define MBEDTLS_TLS_DHE_RSA_WITH_ARIA_128_GCM_SHA256 0xC052 /**< TLS 1.2 */
-#define MBEDTLS_TLS_DHE_RSA_WITH_ARIA_256_GCM_SHA384 0xC053 /**< TLS 1.2 */
-#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256 0xC05C /**< TLS 1.2 */
-#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384 0xC05D /**< TLS 1.2 */
-#define MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_128_GCM_SHA256 0xC05E /**< TLS 1.2 */
-#define MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_256_GCM_SHA384 0xC05F /**< TLS 1.2 */
-#define MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256 0xC060 /**< TLS 1.2 */
-#define MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384 0xC061 /**< TLS 1.2 */
-#define MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_128_GCM_SHA256 0xC062 /**< TLS 1.2 */
-#define MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_256_GCM_SHA384 0xC063 /**< TLS 1.2 */
-#define MBEDTLS_TLS_PSK_WITH_ARIA_128_CBC_SHA256 0xC064 /**< TLS 1.2 */
-#define MBEDTLS_TLS_PSK_WITH_ARIA_256_CBC_SHA384 0xC065 /**< TLS 1.2 */
-#define MBEDTLS_TLS_DHE_PSK_WITH_ARIA_128_CBC_SHA256 0xC066 /**< TLS 1.2 */
-#define MBEDTLS_TLS_DHE_PSK_WITH_ARIA_256_CBC_SHA384 0xC067 /**< TLS 1.2 */
-#define MBEDTLS_TLS_RSA_PSK_WITH_ARIA_128_CBC_SHA256 0xC068 /**< TLS 1.2 */
-#define MBEDTLS_TLS_RSA_PSK_WITH_ARIA_256_CBC_SHA384 0xC069 /**< TLS 1.2 */
-#define MBEDTLS_TLS_PSK_WITH_ARIA_128_GCM_SHA256 0xC06A /**< TLS 1.2 */
-#define MBEDTLS_TLS_PSK_WITH_ARIA_256_GCM_SHA384 0xC06B /**< TLS 1.2 */
-#define MBEDTLS_TLS_DHE_PSK_WITH_ARIA_128_GCM_SHA256 0xC06C /**< TLS 1.2 */
-#define MBEDTLS_TLS_DHE_PSK_WITH_ARIA_256_GCM_SHA384 0xC06D /**< TLS 1.2 */
-#define MBEDTLS_TLS_RSA_PSK_WITH_ARIA_128_GCM_SHA256 0xC06E /**< TLS 1.2 */
-#define MBEDTLS_TLS_RSA_PSK_WITH_ARIA_256_GCM_SHA384 0xC06F /**< TLS 1.2 */
-#define MBEDTLS_TLS_ECDHE_PSK_WITH_ARIA_128_CBC_SHA256 0xC070 /**< TLS 1.2 */
-#define MBEDTLS_TLS_ECDHE_PSK_WITH_ARIA_256_CBC_SHA384 0xC071 /**< TLS 1.2 */
-
-#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 0xC072
-#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 0xC073
-#define MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 0xC074
-#define MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 0xC075
-#define MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 0xC076
-#define MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384 0xC077
-#define MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256 0xC078
-#define MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384 0xC079
-
-#define MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256 0xC07A /**< TLS 1.2 */
-#define MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384 0xC07B /**< TLS 1.2 */
-#define MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 0xC07C /**< TLS 1.2 */
-#define MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384 0xC07D /**< TLS 1.2 */
-#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 0xC086 /**< TLS 1.2 */
-#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384 0xC087 /**< TLS 1.2 */
-#define MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 0xC088 /**< TLS 1.2 */
-#define MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384 0xC089 /**< TLS 1.2 */
-#define MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 0xC08A /**< TLS 1.2 */
-#define MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384 0xC08B /**< TLS 1.2 */
-#define MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256 0xC08C /**< TLS 1.2 */
-#define MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384 0xC08D /**< TLS 1.2 */
-
-#define MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256 0xC08E /**< TLS 1.2 */
-#define MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384 0xC08F /**< TLS 1.2 */
-#define MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256 0xC090 /**< TLS 1.2 */
-#define MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384 0xC091 /**< TLS 1.2 */
-#define MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256 0xC092 /**< TLS 1.2 */
-#define MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384 0xC093 /**< TLS 1.2 */
-
-#define MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256 0xC094
-#define MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384 0xC095
-#define MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 0xC096
-#define MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 0xC097
-#define MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256 0xC098
-#define MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384 0xC099
-#define MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 0xC09A
-#define MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 0xC09B
-
-#define MBEDTLS_TLS_RSA_WITH_AES_128_CCM 0xC09C /**< TLS 1.2 */
-#define MBEDTLS_TLS_RSA_WITH_AES_256_CCM 0xC09D /**< TLS 1.2 */
-#define MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CCM 0xC09E /**< TLS 1.2 */
-#define MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CCM 0xC09F /**< TLS 1.2 */
-#define MBEDTLS_TLS_RSA_WITH_AES_128_CCM_8 0xC0A0 /**< TLS 1.2 */
-#define MBEDTLS_TLS_RSA_WITH_AES_256_CCM_8 0xC0A1 /**< TLS 1.2 */
-#define MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CCM_8 0xC0A2 /**< TLS 1.2 */
-#define MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CCM_8 0xC0A3 /**< TLS 1.2 */
-#define MBEDTLS_TLS_PSK_WITH_AES_128_CCM 0xC0A4 /**< TLS 1.2 */
-#define MBEDTLS_TLS_PSK_WITH_AES_256_CCM 0xC0A5 /**< TLS 1.2 */
-#define MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CCM 0xC0A6 /**< TLS 1.2 */
-#define MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CCM 0xC0A7 /**< TLS 1.2 */
-#define MBEDTLS_TLS_PSK_WITH_AES_128_CCM_8 0xC0A8 /**< TLS 1.2 */
-#define MBEDTLS_TLS_PSK_WITH_AES_256_CCM_8 0xC0A9 /**< TLS 1.2 */
-#define MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CCM_8 0xC0AA /**< TLS 1.2 */
-#define MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CCM_8 0xC0AB /**< TLS 1.2 */
-/* The last two are named with PSK_DHE in the RFC, which looks like a typo */
-
-#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CCM 0xC0AC /**< TLS 1.2 */
-#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CCM 0xC0AD /**< TLS 1.2 */
-#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8 0xC0AE /**< TLS 1.2 */
-#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8 0xC0AF /**< TLS 1.2 */
-
-#define MBEDTLS_TLS_ECJPAKE_WITH_AES_128_CCM_8 0xC0FF /**< experimental */
-
-/* RFC 7905 */
-#define MBEDTLS_TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 0xCCA8 /**< TLS 1.2 */
-#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 0xCCA9 /**< TLS 1.2 */
-#define MBEDTLS_TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 0xCCAA /**< TLS 1.2 */
-#define MBEDTLS_TLS_PSK_WITH_CHACHA20_POLY1305_SHA256 0xCCAB /**< TLS 1.2 */
-#define MBEDTLS_TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256 0xCCAC /**< TLS 1.2 */
-#define MBEDTLS_TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256 0xCCAD /**< TLS 1.2 */
-#define MBEDTLS_TLS_RSA_PSK_WITH_CHACHA20_POLY1305_SHA256 0xCCAE /**< TLS 1.2 */
-
-/* RFC 8446, Appendix B.4 */
-#define MBEDTLS_TLS1_3_AES_128_GCM_SHA256 0x1301 /**< TLS 1.3 */
-#define MBEDTLS_TLS1_3_AES_256_GCM_SHA384 0x1302 /**< TLS 1.3 */
-#define MBEDTLS_TLS1_3_CHACHA20_POLY1305_SHA256 0x1303 /**< TLS 1.3 */
-#define MBEDTLS_TLS1_3_AES_128_CCM_SHA256 0x1304 /**< TLS 1.3 */
-#define MBEDTLS_TLS1_3_AES_128_CCM_8_SHA256 0x1305 /**< TLS 1.3 */
-
-/* Reminder: update mbedtls_ssl_premaster_secret when adding a new key exchange.
- * Reminder: update MBEDTLS_KEY_EXCHANGE__xxx below
- */
-typedef enum {
- MBEDTLS_KEY_EXCHANGE_NONE = 0,
- MBEDTLS_KEY_EXCHANGE_RSA,
- MBEDTLS_KEY_EXCHANGE_DHE_RSA,
- MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
- MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
- MBEDTLS_KEY_EXCHANGE_PSK,
- MBEDTLS_KEY_EXCHANGE_DHE_PSK,
- MBEDTLS_KEY_EXCHANGE_RSA_PSK,
- MBEDTLS_KEY_EXCHANGE_ECDHE_PSK,
- MBEDTLS_KEY_EXCHANGE_ECDH_RSA,
- MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA,
- MBEDTLS_KEY_EXCHANGE_ECJPAKE,
-} mbedtls_key_exchange_type_t;
-
-/* Key exchanges using a certificate */
-#if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED) || \
- defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) || \
- defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \
- defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) || \
- defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED) || \
- defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) || \
- defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED)
-#define MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED
-#endif
-
-/* Key exchanges allowing client certificate requests */
-#if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED) || \
- defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) || \
- defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) || \
- defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \
- defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED) || \
- defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED)
-#define MBEDTLS_KEY_EXCHANGE_CERT_REQ_ALLOWED_ENABLED
-#endif
-
-/* Key exchanges involving server signature in ServerKeyExchange */
-#if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) || \
- defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \
- defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED)
-#define MBEDTLS_KEY_EXCHANGE_WITH_SERVER_SIGNATURE_ENABLED
-#endif
-
-/* Key exchanges using ECDH */
-#if defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) || \
- defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED)
-#define MBEDTLS_KEY_EXCHANGE_SOME_ECDH_ENABLED
-#endif
-
-/* Key exchanges that don't involve ephemeral keys */
-#if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED) || \
- defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED) || \
- defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED) || \
- defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_ENABLED)
-#define MBEDTLS_KEY_EXCHANGE_SOME_NON_PFS_ENABLED
-#endif
-
-/* Key exchanges that involve ephemeral keys */
-#if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) || \
- defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED) || \
- defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \
- defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED) || \
- defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) || \
- defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
-#define MBEDTLS_KEY_EXCHANGE_SOME_PFS_ENABLED
-#endif
-
-/* Key exchanges using a PSK */
-#if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED) || \
- defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED) || \
- defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED) || \
- defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED)
-#define MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED
-#endif
-
-/* Key exchanges using DHE */
-#if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) || \
- defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED)
-#define MBEDTLS_KEY_EXCHANGE_SOME_DHE_ENABLED
-#endif
-
-/* Key exchanges using ECDHE */
-#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \
- defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) || \
- defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED)
-#define MBEDTLS_KEY_EXCHANGE_SOME_ECDHE_ENABLED
-#endif
-
-typedef struct mbedtls_ssl_ciphersuite_t mbedtls_ssl_ciphersuite_t;
-
-#define MBEDTLS_CIPHERSUITE_WEAK 0x01 /**< Weak ciphersuite flag */
-#define MBEDTLS_CIPHERSUITE_SHORT_TAG 0x02 /**< Short authentication tag,
- eg for CCM_8 */
-#define MBEDTLS_CIPHERSUITE_NODTLS 0x04 /**< Can't be used with DTLS */
-
-/**
- * \brief This structure is used for storing ciphersuite information
- */
-struct mbedtls_ssl_ciphersuite_t
-{
- int MBEDTLS_PRIVATE(id);
- const char * MBEDTLS_PRIVATE(name);
-
- mbedtls_cipher_type_t MBEDTLS_PRIVATE(cipher);
- mbedtls_md_type_t MBEDTLS_PRIVATE(mac);
- mbedtls_key_exchange_type_t MBEDTLS_PRIVATE(key_exchange);
-
- int MBEDTLS_PRIVATE(min_major_ver);
- int MBEDTLS_PRIVATE(min_minor_ver);
- int MBEDTLS_PRIVATE(max_major_ver);
- int MBEDTLS_PRIVATE(max_minor_ver);
-
- unsigned char MBEDTLS_PRIVATE(flags);
-};
-
-const int *mbedtls_ssl_list_ciphersuites( void );
-
-const mbedtls_ssl_ciphersuite_t *mbedtls_ssl_ciphersuite_from_string( const char *ciphersuite_name );
-const mbedtls_ssl_ciphersuite_t *mbedtls_ssl_ciphersuite_from_id( int ciphersuite_id );
-
-#if defined(MBEDTLS_PK_C)
-mbedtls_pk_type_t mbedtls_ssl_get_ciphersuite_sig_pk_alg( const mbedtls_ssl_ciphersuite_t *info );
-mbedtls_pk_type_t mbedtls_ssl_get_ciphersuite_sig_alg( const mbedtls_ssl_ciphersuite_t *info );
-#endif
-
-int mbedtls_ssl_ciphersuite_uses_ec( const mbedtls_ssl_ciphersuite_t *info );
-int mbedtls_ssl_ciphersuite_uses_psk( const mbedtls_ssl_ciphersuite_t *info );
-
-#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PFS_ENABLED)
-static inline int mbedtls_ssl_ciphersuite_has_pfs( const mbedtls_ssl_ciphersuite_t *info )
-{
- switch( info->MBEDTLS_PRIVATE(key_exchange) )
- {
- case MBEDTLS_KEY_EXCHANGE_DHE_RSA:
- case MBEDTLS_KEY_EXCHANGE_DHE_PSK:
- case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA:
- case MBEDTLS_KEY_EXCHANGE_ECDHE_PSK:
- case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA:
- case MBEDTLS_KEY_EXCHANGE_ECJPAKE:
- return( 1 );
-
- default:
- return( 0 );
- }
-}
-#endif /* MBEDTLS_KEY_EXCHANGE_SOME_PFS_ENABLED */
-
-#if defined(MBEDTLS_KEY_EXCHANGE_SOME_NON_PFS_ENABLED)
-static inline int mbedtls_ssl_ciphersuite_no_pfs( const mbedtls_ssl_ciphersuite_t *info )
-{
- switch( info->MBEDTLS_PRIVATE(key_exchange) )
- {
- case MBEDTLS_KEY_EXCHANGE_ECDH_RSA:
- case MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA:
- case MBEDTLS_KEY_EXCHANGE_RSA:
- case MBEDTLS_KEY_EXCHANGE_PSK:
- case MBEDTLS_KEY_EXCHANGE_RSA_PSK:
- return( 1 );
-
- default:
- return( 0 );
- }
-}
-#endif /* MBEDTLS_KEY_EXCHANGE_SOME_NON_PFS_ENABLED */
-
-#if defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_ENABLED)
-static inline int mbedtls_ssl_ciphersuite_uses_ecdh( const mbedtls_ssl_ciphersuite_t *info )
-{
- switch( info->MBEDTLS_PRIVATE(key_exchange) )
- {
- case MBEDTLS_KEY_EXCHANGE_ECDH_RSA:
- case MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA:
- return( 1 );
-
- default:
- return( 0 );
- }
-}
-#endif /* MBEDTLS_KEY_EXCHANGE_SOME_ECDH_ENABLED */
-
-static inline int mbedtls_ssl_ciphersuite_cert_req_allowed( const mbedtls_ssl_ciphersuite_t *info )
-{
- switch( info->MBEDTLS_PRIVATE(key_exchange) )
- {
- case MBEDTLS_KEY_EXCHANGE_RSA:
- case MBEDTLS_KEY_EXCHANGE_DHE_RSA:
- case MBEDTLS_KEY_EXCHANGE_ECDH_RSA:
- case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA:
- case MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA:
- case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA:
- return( 1 );
-
- default:
- return( 0 );
- }
-}
-
-static inline int mbedtls_ssl_ciphersuite_uses_srv_cert( const mbedtls_ssl_ciphersuite_t *info )
-{
- switch( info->MBEDTLS_PRIVATE(key_exchange) )
- {
- case MBEDTLS_KEY_EXCHANGE_RSA:
- case MBEDTLS_KEY_EXCHANGE_RSA_PSK:
- case MBEDTLS_KEY_EXCHANGE_DHE_RSA:
- case MBEDTLS_KEY_EXCHANGE_ECDH_RSA:
- case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA:
- case MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA:
- case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA:
- return( 1 );
-
- default:
- return( 0 );
- }
-}
-
-#if defined(MBEDTLS_KEY_EXCHANGE_SOME_DHE_ENABLED)
-static inline int mbedtls_ssl_ciphersuite_uses_dhe( const mbedtls_ssl_ciphersuite_t *info )
-{
- switch( info->MBEDTLS_PRIVATE(key_exchange) )
- {
- case MBEDTLS_KEY_EXCHANGE_DHE_RSA:
- case MBEDTLS_KEY_EXCHANGE_DHE_PSK:
- return( 1 );
-
- default:
- return( 0 );
- }
-}
-#endif /* MBEDTLS_KEY_EXCHANGE_SOME_DHE_ENABLED) */
-
-#if defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDHE_ENABLED)
-static inline int mbedtls_ssl_ciphersuite_uses_ecdhe( const mbedtls_ssl_ciphersuite_t *info )
-{
- switch( info->MBEDTLS_PRIVATE(key_exchange) )
- {
- case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA:
- case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA:
- case MBEDTLS_KEY_EXCHANGE_ECDHE_PSK:
- return( 1 );
-
- default:
- return( 0 );
- }
-}
-#endif /* MBEDTLS_KEY_EXCHANGE_SOME_ECDHE_ENABLED) */
-
-#if defined(MBEDTLS_KEY_EXCHANGE_WITH_SERVER_SIGNATURE_ENABLED)
-static inline int mbedtls_ssl_ciphersuite_uses_server_signature( const mbedtls_ssl_ciphersuite_t *info )
-{
- switch( info->MBEDTLS_PRIVATE(key_exchange) )
- {
- case MBEDTLS_KEY_EXCHANGE_DHE_RSA:
- case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA:
- case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA:
- return( 1 );
-
- default:
- return( 0 );
- }
-}
-#endif /* MBEDTLS_KEY_EXCHANGE_WITH_SERVER_SIGNATURE_ENABLED */
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* ssl_ciphersuites.h */
diff --git a/mbedtls/ssl_cookie.h b/mbedtls/ssl_cookie.h
deleted file mode 100644
index 86698b0..0000000
--- a/mbedtls/ssl_cookie.h
+++ /dev/null
@@ -1,110 +0,0 @@
-/**
- * \file ssl_cookie.h
- *
- * \brief DTLS cookie callbacks implementation
- */
-/*
- * Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-#ifndef MBEDTLS_SSL_COOKIE_H
-#define MBEDTLS_SSL_COOKIE_H
-#include "mbedtls/private_access.h"
-
-#include "mbedtls/build_info.h"
-
-#include "mbedtls/ssl.h"
-
-#if defined(MBEDTLS_THREADING_C)
-#include "mbedtls/threading.h"
-#endif
-
-/**
- * \name SECTION: Module settings
- *
- * The configuration options you can set for this module are in this section.
- * Either change them in mbedtls_config.h or define them on the compiler command line.
- * \{
- */
-#ifndef MBEDTLS_SSL_COOKIE_TIMEOUT
-#define MBEDTLS_SSL_COOKIE_TIMEOUT 60 /**< Default expiration delay of DTLS cookies, in seconds if HAVE_TIME, or in number of cookies issued */
-#endif
-
-/* \} name SECTION: Module settings */
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/**
- * \brief Context for the default cookie functions.
- */
-typedef struct mbedtls_ssl_cookie_ctx
-{
- mbedtls_md_context_t MBEDTLS_PRIVATE(hmac_ctx); /*!< context for the HMAC portion */
-#if !defined(MBEDTLS_HAVE_TIME)
- unsigned long MBEDTLS_PRIVATE(serial); /*!< serial number for expiration */
-#endif
- unsigned long MBEDTLS_PRIVATE(timeout); /*!< timeout delay, in seconds if HAVE_TIME,
- or in number of tickets issued */
-
-#if defined(MBEDTLS_THREADING_C)
- mbedtls_threading_mutex_t MBEDTLS_PRIVATE(mutex);
-#endif
-} mbedtls_ssl_cookie_ctx;
-
-/**
- * \brief Initialize cookie context
- */
-void mbedtls_ssl_cookie_init( mbedtls_ssl_cookie_ctx *ctx );
-
-/**
- * \brief Setup cookie context (generate keys)
- */
-int mbedtls_ssl_cookie_setup( mbedtls_ssl_cookie_ctx *ctx,
- int (*f_rng)(void *, unsigned char *, size_t),
- void *p_rng );
-
-/**
- * \brief Set expiration delay for cookies
- * (Default MBEDTLS_SSL_COOKIE_TIMEOUT)
- *
- * \param ctx Cookie contex
- * \param delay Delay, in seconds if HAVE_TIME, or in number of cookies
- * issued in the meantime.
- * 0 to disable expiration (NOT recommended)
- */
-void mbedtls_ssl_cookie_set_timeout( mbedtls_ssl_cookie_ctx *ctx, unsigned long delay );
-
-/**
- * \brief Free cookie context
- */
-void mbedtls_ssl_cookie_free( mbedtls_ssl_cookie_ctx *ctx );
-
-/**
- * \brief Generate cookie, see \c mbedtls_ssl_cookie_write_t
- */
-mbedtls_ssl_cookie_write_t mbedtls_ssl_cookie_write;
-
-/**
- * \brief Verify cookie, see \c mbedtls_ssl_cookie_write_t
- */
-mbedtls_ssl_cookie_check_t mbedtls_ssl_cookie_check;
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* ssl_cookie.h */
diff --git a/mbedtls/ssl_ticket.h b/mbedtls/ssl_ticket.h
deleted file mode 100644
index 0f4117d..0000000
--- a/mbedtls/ssl_ticket.h
+++ /dev/null
@@ -1,137 +0,0 @@
-/**
- * \file ssl_ticket.h
- *
- * \brief TLS server ticket callbacks implementation
- */
-/*
- * Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-#ifndef MBEDTLS_SSL_TICKET_H
-#define MBEDTLS_SSL_TICKET_H
-#include "mbedtls/private_access.h"
-
-#include "mbedtls/build_info.h"
-
-/*
- * This implementation of the session ticket callbacks includes key
- * management, rotating the keys periodically in order to preserve forward
- * secrecy, when MBEDTLS_HAVE_TIME is defined.
- */
-
-#include "mbedtls/ssl.h"
-#include "mbedtls/cipher.h"
-
-#if defined(MBEDTLS_THREADING_C)
-#include "mbedtls/threading.h"
-#endif
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/**
- * \brief Information for session ticket protection
- */
-typedef struct mbedtls_ssl_ticket_key
-{
- unsigned char MBEDTLS_PRIVATE(name)[4]; /*!< random key identifier */
- uint32_t MBEDTLS_PRIVATE(generation_time); /*!< key generation timestamp (seconds) */
- mbedtls_cipher_context_t MBEDTLS_PRIVATE(ctx); /*!< context for auth enc/decryption */
-}
-mbedtls_ssl_ticket_key;
-
-/**
- * \brief Context for session ticket handling functions
- */
-typedef struct mbedtls_ssl_ticket_context
-{
- mbedtls_ssl_ticket_key MBEDTLS_PRIVATE(keys)[2]; /*!< ticket protection keys */
- unsigned char MBEDTLS_PRIVATE(active); /*!< index of the currently active key */
-
- uint32_t MBEDTLS_PRIVATE(ticket_lifetime); /*!< lifetime of tickets in seconds */
-
- /** Callback for getting (pseudo-)random numbers */
- int (*MBEDTLS_PRIVATE(f_rng))(void *, unsigned char *, size_t);
- void *MBEDTLS_PRIVATE(p_rng); /*!< context for the RNG function */
-
-#if defined(MBEDTLS_THREADING_C)
- mbedtls_threading_mutex_t MBEDTLS_PRIVATE(mutex);
-#endif
-}
-mbedtls_ssl_ticket_context;
-
-/**
- * \brief Initialize a ticket context.
- * (Just make it ready for mbedtls_ssl_ticket_setup()
- * or mbedtls_ssl_ticket_free().)
- *
- * \param ctx Context to be initialized
- */
-void mbedtls_ssl_ticket_init( mbedtls_ssl_ticket_context *ctx );
-
-/**
- * \brief Prepare context to be actually used
- *
- * \param ctx Context to be set up
- * \param f_rng RNG callback function (mandatory)
- * \param p_rng RNG callback context
- * \param cipher AEAD cipher to use for ticket protection.
- * Recommended value: MBEDTLS_CIPHER_AES_256_GCM.
- * \param lifetime Tickets lifetime in seconds
- * Recommended value: 86400 (one day).
- *
- * \note It is highly recommended to select a cipher that is at
- * least as strong as the strongest ciphersuite
- * supported. Usually that means a 256-bit key.
- *
- * \note The lifetime of the keys is twice the lifetime of tickets.
- * It is recommended to pick a reasonnable lifetime so as not
- * to negate the benefits of forward secrecy.
- *
- * \return 0 if successful,
- * or a specific MBEDTLS_ERR_XXX error code
- */
-int mbedtls_ssl_ticket_setup( mbedtls_ssl_ticket_context *ctx,
- int (*f_rng)(void *, unsigned char *, size_t), void *p_rng,
- mbedtls_cipher_type_t cipher,
- uint32_t lifetime );
-
-/**
- * \brief Implementation of the ticket write callback
- *
- * \note See \c mbedtls_ssl_ticket_write_t for description
- */
-mbedtls_ssl_ticket_write_t mbedtls_ssl_ticket_write;
-
-/**
- * \brief Implementation of the ticket parse callback
- *
- * \note See \c mbedtls_ssl_ticket_parse_t for description
- */
-mbedtls_ssl_ticket_parse_t mbedtls_ssl_ticket_parse;
-
-/**
- * \brief Free a context's content and zeroize it.
- *
- * \param ctx Context to be cleaned up
- */
-void mbedtls_ssl_ticket_free( mbedtls_ssl_ticket_context *ctx );
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* ssl_ticket.h */
diff --git a/mbedtls/threading.h b/mbedtls/threading.h
deleted file mode 100644
index fbc7374..0000000
--- a/mbedtls/threading.h
+++ /dev/null
@@ -1,118 +0,0 @@
-/**
- * \file threading.h
- *
- * \brief Threading abstraction layer
- */
-/*
- * Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-#ifndef MBEDTLS_THREADING_H
-#define MBEDTLS_THREADING_H
-#include "mbedtls/private_access.h"
-
-#include "mbedtls/build_info.h"
-
-#include
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/** Bad input parameters to function. */
-#define MBEDTLS_ERR_THREADING_BAD_INPUT_DATA -0x001C
-/** Locking / unlocking / free failed with error code. */
-#define MBEDTLS_ERR_THREADING_MUTEX_ERROR -0x001E
-
-#if defined(MBEDTLS_THREADING_PTHREAD)
-#include
-typedef struct mbedtls_threading_mutex_t
-{
- pthread_mutex_t MBEDTLS_PRIVATE(mutex);
- /* is_valid is 0 after a failed init or a free, and nonzero after a
- * successful init. This field is not considered part of the public
- * API of Mbed TLS and may change without notice. */
- char MBEDTLS_PRIVATE(is_valid);
-} mbedtls_threading_mutex_t;
-#endif
-
-#if defined(MBEDTLS_THREADING_ALT)
-/* You should define the mbedtls_threading_mutex_t type in your header */
-#include "threading_alt.h"
-
-/**
- * \brief Set your alternate threading implementation function
- * pointers and initialize global mutexes. If used, this
- * function must be called once in the main thread before any
- * other mbed TLS function is called, and
- * mbedtls_threading_free_alt() must be called once in the main
- * thread after all other mbed TLS functions.
- *
- * \note mutex_init() and mutex_free() don't return a status code.
- * If mutex_init() fails, it should leave its argument (the
- * mutex) in a state such that mutex_lock() will fail when
- * called with this argument.
- *
- * \param mutex_init the init function implementation
- * \param mutex_free the free function implementation
- * \param mutex_lock the lock function implementation
- * \param mutex_unlock the unlock function implementation
- */
-void mbedtls_threading_set_alt( void (*mutex_init)( mbedtls_threading_mutex_t * ),
- void (*mutex_free)( mbedtls_threading_mutex_t * ),
- int (*mutex_lock)( mbedtls_threading_mutex_t * ),
- int (*mutex_unlock)( mbedtls_threading_mutex_t * ) );
-
-/**
- * \brief Free global mutexes.
- */
-void mbedtls_threading_free_alt( void );
-#endif /* MBEDTLS_THREADING_ALT */
-
-#if defined(MBEDTLS_THREADING_C)
-/*
- * The function pointers for mutex_init, mutex_free, mutex_ and mutex_unlock
- *
- * All these functions are expected to work or the result will be undefined.
- */
-extern void (*mbedtls_mutex_init)( mbedtls_threading_mutex_t *mutex );
-extern void (*mbedtls_mutex_free)( mbedtls_threading_mutex_t *mutex );
-extern int (*mbedtls_mutex_lock)( mbedtls_threading_mutex_t *mutex );
-extern int (*mbedtls_mutex_unlock)( mbedtls_threading_mutex_t *mutex );
-
-/*
- * Global mutexes
- */
-#if defined(MBEDTLS_FS_IO)
-extern mbedtls_threading_mutex_t mbedtls_threading_readdir_mutex;
-#endif
-
-#if defined(MBEDTLS_HAVE_TIME_DATE) && !defined(MBEDTLS_PLATFORM_GMTIME_R_ALT)
-/* This mutex may or may not be used in the default definition of
- * mbedtls_platform_gmtime_r(), but in order to determine that,
- * we need to check POSIX features, hence modify _POSIX_C_SOURCE.
- * With the current approach, this declaration is orphaned, lacking
- * an accompanying definition, in case mbedtls_platform_gmtime_r()
- * doesn't need it, but that's not a problem. */
-extern mbedtls_threading_mutex_t mbedtls_threading_gmtime_mutex;
-#endif /* MBEDTLS_HAVE_TIME_DATE && !MBEDTLS_PLATFORM_GMTIME_R_ALT */
-
-#endif /* MBEDTLS_THREADING_C */
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* threading.h */
diff --git a/mbedtls/timing.h b/mbedtls/timing.h
deleted file mode 100644
index 25db1c6..0000000
--- a/mbedtls/timing.h
+++ /dev/null
@@ -1,97 +0,0 @@
-/**
- * \file timing.h
- *
- * \brief Portable interface to timeouts and to the CPU cycle counter
- */
-/*
- * Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-#ifndef MBEDTLS_TIMING_H
-#define MBEDTLS_TIMING_H
-#include "mbedtls/private_access.h"
-
-#include "mbedtls/build_info.h"
-
-#include
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-#if !defined(MBEDTLS_TIMING_ALT)
-// Regular implementation
-//
-
-/**
- * \brief timer structure
- */
-struct mbedtls_timing_hr_time
-{
- unsigned char MBEDTLS_PRIVATE(opaque)[32];
-};
-
-/**
- * \brief Context for mbedtls_timing_set/get_delay()
- */
-typedef struct mbedtls_timing_delay_context
-{
- struct mbedtls_timing_hr_time MBEDTLS_PRIVATE(timer);
- uint32_t MBEDTLS_PRIVATE(int_ms);
- uint32_t MBEDTLS_PRIVATE(fin_ms);
-} mbedtls_timing_delay_context;
-
-#else /* MBEDTLS_TIMING_ALT */
-#include "timing_alt.h"
-#endif /* MBEDTLS_TIMING_ALT */
-
-/* Internal use */
-unsigned long mbedtls_timing_get_timer( struct mbedtls_timing_hr_time *val, int reset );
-
-/**
- * \brief Set a pair of delays to watch
- * (See \c mbedtls_timing_get_delay().)
- *
- * \param data Pointer to timing data.
- * Must point to a valid \c mbedtls_timing_delay_context struct.
- * \param int_ms First (intermediate) delay in milliseconds.
- * The effect if int_ms > fin_ms is unspecified.
- * \param fin_ms Second (final) delay in milliseconds.
- * Pass 0 to cancel the current delay.
- *
- * \note To set a single delay, either use \c mbedtls_timing_set_timer
- * directly or use this function with int_ms == fin_ms.
- */
-void mbedtls_timing_set_delay( void *data, uint32_t int_ms, uint32_t fin_ms );
-
-/**
- * \brief Get the status of delays
- * (Memory helper: number of delays passed.)
- *
- * \param data Pointer to timing data
- * Must point to a valid \c mbedtls_timing_delay_context struct.
- *
- * \return -1 if cancelled (fin_ms = 0),
- * 0 if none of the delays are passed,
- * 1 if only the intermediate delay is passed,
- * 2 if the final delay is passed.
- */
-int mbedtls_timing_get_delay( void *data );
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* timing.h */
diff --git a/mbedtls/version.h b/mbedtls/version.h
deleted file mode 100644
index 773da4a..0000000
--- a/mbedtls/version.h
+++ /dev/null
@@ -1,90 +0,0 @@
-/**
- * \file version.h
- *
- * \brief Run-time version information
- */
-/*
- * Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-/*
- * This set of run-time variables can be used to determine the version number of
- * the Mbed TLS library used. Compile-time version defines for the same can be
- * found in build_info.h
- */
-#ifndef MBEDTLS_VERSION_H
-#define MBEDTLS_VERSION_H
-
-#include "mbedtls/build_info.h"
-
-#if defined(MBEDTLS_VERSION_C)
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/**
- * Get the version number.
- *
- * \return The constructed version number in the format
- * MMNNPP00 (Major, Minor, Patch).
- */
-unsigned int mbedtls_version_get_number( void );
-
-/**
- * Get the version string ("x.y.z").
- *
- * \param string The string that will receive the value.
- * (Should be at least 9 bytes in size)
- */
-void mbedtls_version_get_string( char *string );
-
-/**
- * Get the full version string ("mbed TLS x.y.z").
- *
- * \param string The string that will receive the value. The mbed TLS version
- * string will use 18 bytes AT MOST including a terminating
- * null byte.
- * (So the buffer should be at least 18 bytes to receive this
- * version string).
- */
-void mbedtls_version_get_string_full( char *string );
-
-/**
- * \brief Check if support for a feature was compiled into this
- * mbed TLS binary. This allows you to see at runtime if the
- * library was for instance compiled with or without
- * Multi-threading support.
- *
- * \note only checks against defines in the sections "System
- * support", "mbed TLS modules" and "mbed TLS feature
- * support" in mbedtls_config.h
- *
- * \param feature The string for the define to check (e.g. "MBEDTLS_AES_C")
- *
- * \return 0 if the feature is present,
- * -1 if the feature is not present and
- * -2 if support for feature checking as a whole was not
- * compiled in.
- */
-int mbedtls_version_check_feature( const char *feature );
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* MBEDTLS_VERSION_C */
-
-#endif /* version.h */
diff --git a/mbedtls/x509.h b/mbedtls/x509.h
deleted file mode 100644
index 9a4be95..0000000
--- a/mbedtls/x509.h
+++ /dev/null
@@ -1,367 +0,0 @@
-/**
- * \file x509.h
- *
- * \brief X.509 generic defines and structures
- */
-/*
- * Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-#ifndef MBEDTLS_X509_H
-#define MBEDTLS_X509_H
-#include "mbedtls/private_access.h"
-
-#include "mbedtls/build_info.h"
-
-#include "mbedtls/asn1.h"
-#include "mbedtls/pk.h"
-
-#if defined(MBEDTLS_RSA_C)
-#include "mbedtls/rsa.h"
-#endif
-
-/**
- * \addtogroup x509_module
- * \{
- */
-
-#if !defined(MBEDTLS_X509_MAX_INTERMEDIATE_CA)
-/**
- * Maximum number of intermediate CAs in a verification chain.
- * That is, maximum length of the chain, excluding the end-entity certificate
- * and the trusted root certificate.
- *
- * Set this to a low value to prevent an adversary from making you waste
- * resources verifying an overlong certificate chain.
- */
-#define MBEDTLS_X509_MAX_INTERMEDIATE_CA 8
-#endif
-
-/**
- * \name X509 Error codes
- * \{
- */
-/** Unavailable feature, e.g. RSA hashing/encryption combination. */
-#define MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE -0x2080
-/** Requested OID is unknown. */
-#define MBEDTLS_ERR_X509_UNKNOWN_OID -0x2100
-/** The CRT/CRL/CSR format is invalid, e.g. different type expected. */
-#define MBEDTLS_ERR_X509_INVALID_FORMAT -0x2180
-/** The CRT/CRL/CSR version element is invalid. */
-#define MBEDTLS_ERR_X509_INVALID_VERSION -0x2200
-/** The serial tag or value is invalid. */
-#define MBEDTLS_ERR_X509_INVALID_SERIAL -0x2280
-/** The algorithm tag or value is invalid. */
-#define MBEDTLS_ERR_X509_INVALID_ALG -0x2300
-/** The name tag or value is invalid. */
-#define MBEDTLS_ERR_X509_INVALID_NAME -0x2380
-/** The date tag or value is invalid. */
-#define MBEDTLS_ERR_X509_INVALID_DATE -0x2400
-/** The signature tag or value invalid. */
-#define MBEDTLS_ERR_X509_INVALID_SIGNATURE -0x2480
-/** The extension tag or value is invalid. */
-#define MBEDTLS_ERR_X509_INVALID_EXTENSIONS -0x2500
-/** CRT/CRL/CSR has an unsupported version number. */
-#define MBEDTLS_ERR_X509_UNKNOWN_VERSION -0x2580
-/** Signature algorithm (oid) is unsupported. */
-#define MBEDTLS_ERR_X509_UNKNOWN_SIG_ALG -0x2600
-/** Signature algorithms do not match. (see \c ::mbedtls_x509_crt sig_oid) */
-#define MBEDTLS_ERR_X509_SIG_MISMATCH -0x2680
-/** Certificate verification failed, e.g. CRL, CA or signature check failed. */
-#define MBEDTLS_ERR_X509_CERT_VERIFY_FAILED -0x2700
-/** Format not recognized as DER or PEM. */
-#define MBEDTLS_ERR_X509_CERT_UNKNOWN_FORMAT -0x2780
-/** Input invalid. */
-#define MBEDTLS_ERR_X509_BAD_INPUT_DATA -0x2800
-/** Allocation of memory failed. */
-#define MBEDTLS_ERR_X509_ALLOC_FAILED -0x2880
-/** Read/write of file failed. */
-#define MBEDTLS_ERR_X509_FILE_IO_ERROR -0x2900
-/** Destination buffer is too small. */
-#define MBEDTLS_ERR_X509_BUFFER_TOO_SMALL -0x2980
-/** A fatal error occurred, eg the chain is too long or the vrfy callback failed. */
-#define MBEDTLS_ERR_X509_FATAL_ERROR -0x3000
-/* \} name */
-
-/**
- * \name X509 Verify codes
- * \{
- */
-/* Reminder: update x509_crt_verify_strings[] in library/x509_crt.c */
-#define MBEDTLS_X509_BADCERT_EXPIRED 0x01 /**< The certificate validity has expired. */
-#define MBEDTLS_X509_BADCERT_REVOKED 0x02 /**< The certificate has been revoked (is on a CRL). */
-#define MBEDTLS_X509_BADCERT_CN_MISMATCH 0x04 /**< The certificate Common Name (CN) does not match with the expected CN. */
-#define MBEDTLS_X509_BADCERT_NOT_TRUSTED 0x08 /**< The certificate is not correctly signed by the trusted CA. */
-#define MBEDTLS_X509_BADCRL_NOT_TRUSTED 0x10 /**< The CRL is not correctly signed by the trusted CA. */
-#define MBEDTLS_X509_BADCRL_EXPIRED 0x20 /**< The CRL is expired. */
-#define MBEDTLS_X509_BADCERT_MISSING 0x40 /**< Certificate was missing. */
-#define MBEDTLS_X509_BADCERT_SKIP_VERIFY 0x80 /**< Certificate verification was skipped. */
-#define MBEDTLS_X509_BADCERT_OTHER 0x0100 /**< Other reason (can be used by verify callback) */
-#define MBEDTLS_X509_BADCERT_FUTURE 0x0200 /**< The certificate validity starts in the future. */
-#define MBEDTLS_X509_BADCRL_FUTURE 0x0400 /**< The CRL is from the future */
-#define MBEDTLS_X509_BADCERT_KEY_USAGE 0x0800 /**< Usage does not match the keyUsage extension. */
-#define MBEDTLS_X509_BADCERT_EXT_KEY_USAGE 0x1000 /**< Usage does not match the extendedKeyUsage extension. */
-#define MBEDTLS_X509_BADCERT_NS_CERT_TYPE 0x2000 /**< Usage does not match the nsCertType extension. */
-#define MBEDTLS_X509_BADCERT_BAD_MD 0x4000 /**< The certificate is signed with an unacceptable hash. */
-#define MBEDTLS_X509_BADCERT_BAD_PK 0x8000 /**< The certificate is signed with an unacceptable PK alg (eg RSA vs ECDSA). */
-#define MBEDTLS_X509_BADCERT_BAD_KEY 0x010000 /**< The certificate is signed with an unacceptable key (eg bad curve, RSA too short). */
-#define MBEDTLS_X509_BADCRL_BAD_MD 0x020000 /**< The CRL is signed with an unacceptable hash. */
-#define MBEDTLS_X509_BADCRL_BAD_PK 0x040000 /**< The CRL is signed with an unacceptable PK alg (eg RSA vs ECDSA). */
-#define MBEDTLS_X509_BADCRL_BAD_KEY 0x080000 /**< The CRL is signed with an unacceptable key (eg bad curve, RSA too short). */
-
-/* \} name */
-/* \} addtogroup x509_module */
-
-/*
- * X.509 v3 Subject Alternative Name types.
- * otherName [0] OtherName,
- * rfc822Name [1] IA5String,
- * dNSName [2] IA5String,
- * x400Address [3] ORAddress,
- * directoryName [4] Name,
- * ediPartyName [5] EDIPartyName,
- * uniformResourceIdentifier [6] IA5String,
- * iPAddress [7] OCTET STRING,
- * registeredID [8] OBJECT IDENTIFIER
- */
-#define MBEDTLS_X509_SAN_OTHER_NAME 0
-#define MBEDTLS_X509_SAN_RFC822_NAME 1
-#define MBEDTLS_X509_SAN_DNS_NAME 2
-#define MBEDTLS_X509_SAN_X400_ADDRESS_NAME 3
-#define MBEDTLS_X509_SAN_DIRECTORY_NAME 4
-#define MBEDTLS_X509_SAN_EDI_PARTY_NAME 5
-#define MBEDTLS_X509_SAN_UNIFORM_RESOURCE_IDENTIFIER 6
-#define MBEDTLS_X509_SAN_IP_ADDRESS 7
-#define MBEDTLS_X509_SAN_REGISTERED_ID 8
-
-/*
- * X.509 v3 Key Usage Extension flags
- * Reminder: update x509_info_key_usage() when adding new flags.
- */
-#define MBEDTLS_X509_KU_DIGITAL_SIGNATURE (0x80) /* bit 0 */
-#define MBEDTLS_X509_KU_NON_REPUDIATION (0x40) /* bit 1 */
-#define MBEDTLS_X509_KU_KEY_ENCIPHERMENT (0x20) /* bit 2 */
-#define MBEDTLS_X509_KU_DATA_ENCIPHERMENT (0x10) /* bit 3 */
-#define MBEDTLS_X509_KU_KEY_AGREEMENT (0x08) /* bit 4 */
-#define MBEDTLS_X509_KU_KEY_CERT_SIGN (0x04) /* bit 5 */
-#define MBEDTLS_X509_KU_CRL_SIGN (0x02) /* bit 6 */
-#define MBEDTLS_X509_KU_ENCIPHER_ONLY (0x01) /* bit 7 */
-#define MBEDTLS_X509_KU_DECIPHER_ONLY (0x8000) /* bit 8 */
-
-/*
- * Netscape certificate types
- * (http://www.mozilla.org/projects/security/pki/nss/tech-notes/tn3.html)
- */
-
-#define MBEDTLS_X509_NS_CERT_TYPE_SSL_CLIENT (0x80) /* bit 0 */
-#define MBEDTLS_X509_NS_CERT_TYPE_SSL_SERVER (0x40) /* bit 1 */
-#define MBEDTLS_X509_NS_CERT_TYPE_EMAIL (0x20) /* bit 2 */
-#define MBEDTLS_X509_NS_CERT_TYPE_OBJECT_SIGNING (0x10) /* bit 3 */
-#define MBEDTLS_X509_NS_CERT_TYPE_RESERVED (0x08) /* bit 4 */
-#define MBEDTLS_X509_NS_CERT_TYPE_SSL_CA (0x04) /* bit 5 */
-#define MBEDTLS_X509_NS_CERT_TYPE_EMAIL_CA (0x02) /* bit 6 */
-#define MBEDTLS_X509_NS_CERT_TYPE_OBJECT_SIGNING_CA (0x01) /* bit 7 */
-
-/*
- * X.509 extension types
- *
- * Comments refer to the status for using certificates. Status can be
- * different for writing certificates or reading CRLs or CSRs.
- *
- * Those are defined in oid.h as oid.c needs them in a data structure. Since
- * these were previously defined here, let's have aliases for compatibility.
- */
-#define MBEDTLS_X509_EXT_AUTHORITY_KEY_IDENTIFIER MBEDTLS_OID_X509_EXT_AUTHORITY_KEY_IDENTIFIER
-#define MBEDTLS_X509_EXT_SUBJECT_KEY_IDENTIFIER MBEDTLS_OID_X509_EXT_SUBJECT_KEY_IDENTIFIER
-#define MBEDTLS_X509_EXT_KEY_USAGE MBEDTLS_OID_X509_EXT_KEY_USAGE
-#define MBEDTLS_X509_EXT_CERTIFICATE_POLICIES MBEDTLS_OID_X509_EXT_CERTIFICATE_POLICIES
-#define MBEDTLS_X509_EXT_POLICY_MAPPINGS MBEDTLS_OID_X509_EXT_POLICY_MAPPINGS
-#define MBEDTLS_X509_EXT_SUBJECT_ALT_NAME MBEDTLS_OID_X509_EXT_SUBJECT_ALT_NAME /* Supported (DNS) */
-#define MBEDTLS_X509_EXT_ISSUER_ALT_NAME MBEDTLS_OID_X509_EXT_ISSUER_ALT_NAME
-#define MBEDTLS_X509_EXT_SUBJECT_DIRECTORY_ATTRS MBEDTLS_OID_X509_EXT_SUBJECT_DIRECTORY_ATTRS
-#define MBEDTLS_X509_EXT_BASIC_CONSTRAINTS MBEDTLS_OID_X509_EXT_BASIC_CONSTRAINTS /* Supported */
-#define MBEDTLS_X509_EXT_NAME_CONSTRAINTS MBEDTLS_OID_X509_EXT_NAME_CONSTRAINTS
-#define MBEDTLS_X509_EXT_POLICY_CONSTRAINTS MBEDTLS_OID_X509_EXT_POLICY_CONSTRAINTS
-#define MBEDTLS_X509_EXT_EXTENDED_KEY_USAGE MBEDTLS_OID_X509_EXT_EXTENDED_KEY_USAGE
-#define MBEDTLS_X509_EXT_CRL_DISTRIBUTION_POINTS MBEDTLS_OID_X509_EXT_CRL_DISTRIBUTION_POINTS
-#define MBEDTLS_X509_EXT_INIHIBIT_ANYPOLICY MBEDTLS_OID_X509_EXT_INIHIBIT_ANYPOLICY
-#define MBEDTLS_X509_EXT_FRESHEST_CRL MBEDTLS_OID_X509_EXT_FRESHEST_CRL
-#define MBEDTLS_X509_EXT_NS_CERT_TYPE MBEDTLS_OID_X509_EXT_NS_CERT_TYPE
-
-/*
- * Storage format identifiers
- * Recognized formats: PEM and DER
- */
-#define MBEDTLS_X509_FORMAT_DER 1
-#define MBEDTLS_X509_FORMAT_PEM 2
-
-#define MBEDTLS_X509_MAX_DN_NAME_SIZE 256 /**< Maximum value size of a DN entry */
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/**
- * \addtogroup x509_module
- * \{ */
-
-/**
- * \name Structures for parsing X.509 certificates, CRLs and CSRs
- * \{
- */
-
-/**
- * Type-length-value structure that allows for ASN1 using DER.
- */
-typedef mbedtls_asn1_buf mbedtls_x509_buf;
-
-/**
- * Container for ASN1 bit strings.
- */
-typedef mbedtls_asn1_bitstring mbedtls_x509_bitstring;
-
-/**
- * Container for ASN1 named information objects.
- * It allows for Relative Distinguished Names (e.g. cn=localhost,ou=code,etc.).
- */
-typedef mbedtls_asn1_named_data mbedtls_x509_name;
-
-/**
- * Container for a sequence of ASN.1 items
- */
-typedef mbedtls_asn1_sequence mbedtls_x509_sequence;
-
-/** Container for date and time (precision in seconds). */
-typedef struct mbedtls_x509_time
-{
- int year, mon, day; /**< Date. */
- int hour, min, sec; /**< Time. */
-}
-mbedtls_x509_time;
-
-/** \} name Structures for parsing X.509 certificates, CRLs and CSRs */
-/** \} addtogroup x509_module */
-
-/**
- * \brief Store the certificate DN in printable form into buf;
- * no more than size characters will be written.
- *
- * \param buf Buffer to write to
- * \param size Maximum size of buffer
- * \param dn The X509 name to represent
- *
- * \return The length of the string written (not including the
- * terminated nul byte), or a negative error code.
- */
-int mbedtls_x509_dn_gets( char *buf, size_t size, const mbedtls_x509_name *dn );
-
-/**
- * \brief Store the certificate serial in printable form into buf;
- * no more than size characters will be written.
- *
- * \param buf Buffer to write to
- * \param size Maximum size of buffer
- * \param serial The X509 serial to represent
- *
- * \return The length of the string written (not including the
- * terminated nul byte), or a negative error code.
- */
-int mbedtls_x509_serial_gets( char *buf, size_t size, const mbedtls_x509_buf *serial );
-
-/**
- * \brief Check a given mbedtls_x509_time against the system time
- * and tell if it's in the past.
- *
- * \note Intended usage is "if( is_past( valid_to ) ) ERROR".
- * Hence the return value of 1 if on internal errors.
- *
- * \param to mbedtls_x509_time to check
- *
- * \return 1 if the given time is in the past or an error occurred,
- * 0 otherwise.
- */
-int mbedtls_x509_time_is_past( const mbedtls_x509_time *to );
-
-/**
- * \brief Check a given mbedtls_x509_time against the system time
- * and tell if it's in the future.
- *
- * \note Intended usage is "if( is_future( valid_from ) ) ERROR".
- * Hence the return value of 1 if on internal errors.
- *
- * \param from mbedtls_x509_time to check
- *
- * \return 1 if the given time is in the future or an error occurred,
- * 0 otherwise.
- */
-int mbedtls_x509_time_is_future( const mbedtls_x509_time *from );
-
-/*
- * Internal module functions. You probably do not want to use these unless you
- * know you do.
- */
-int mbedtls_x509_get_name( unsigned char **p, const unsigned char *end,
- mbedtls_x509_name *cur );
-int mbedtls_x509_get_alg_null( unsigned char **p, const unsigned char *end,
- mbedtls_x509_buf *alg );
-int mbedtls_x509_get_alg( unsigned char **p, const unsigned char *end,
- mbedtls_x509_buf *alg, mbedtls_x509_buf *params );
-#if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT)
-int mbedtls_x509_get_rsassa_pss_params( const mbedtls_x509_buf *params,
- mbedtls_md_type_t *md_alg, mbedtls_md_type_t *mgf_md,
- int *salt_len );
-#endif
-int mbedtls_x509_get_sig( unsigned char **p, const unsigned char *end, mbedtls_x509_buf *sig );
-int mbedtls_x509_get_sig_alg( const mbedtls_x509_buf *sig_oid, const mbedtls_x509_buf *sig_params,
- mbedtls_md_type_t *md_alg, mbedtls_pk_type_t *pk_alg,
- void **sig_opts );
-int mbedtls_x509_get_time( unsigned char **p, const unsigned char *end,
- mbedtls_x509_time *t );
-int mbedtls_x509_get_serial( unsigned char **p, const unsigned char *end,
- mbedtls_x509_buf *serial );
-int mbedtls_x509_get_ext( unsigned char **p, const unsigned char *end,
- mbedtls_x509_buf *ext, int tag );
-#if !defined(MBEDTLS_X509_REMOVE_INFO)
-int mbedtls_x509_sig_alg_gets( char *buf, size_t size, const mbedtls_x509_buf *sig_oid,
- mbedtls_pk_type_t pk_alg, mbedtls_md_type_t md_alg,
- const void *sig_opts );
-#endif
-int mbedtls_x509_key_size_helper( char *buf, size_t buf_size, const char *name );
-int mbedtls_x509_string_to_names( mbedtls_asn1_named_data **head, const char *name );
-int mbedtls_x509_set_extension( mbedtls_asn1_named_data **head, const char *oid, size_t oid_len,
- int critical, const unsigned char *val,
- size_t val_len );
-int mbedtls_x509_write_extensions( unsigned char **p, unsigned char *start,
- mbedtls_asn1_named_data *first );
-int mbedtls_x509_write_names( unsigned char **p, unsigned char *start,
- mbedtls_asn1_named_data *first );
-int mbedtls_x509_write_sig( unsigned char **p, unsigned char *start,
- const char *oid, size_t oid_len,
- unsigned char *sig, size_t size );
-
-#define MBEDTLS_X509_SAFE_SNPRINTF \
- do { \
- if( ret < 0 || (size_t) ret >= n ) \
- return( MBEDTLS_ERR_X509_BUFFER_TOO_SMALL ); \
- \
- n -= (size_t) ret; \
- p += (size_t) ret; \
- } while( 0 )
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* x509.h */
diff --git a/mbedtls/x509_crl.h b/mbedtls/x509_crl.h
deleted file mode 100644
index 52bd43c..0000000
--- a/mbedtls/x509_crl.h
+++ /dev/null
@@ -1,186 +0,0 @@
-/**
- * \file x509_crl.h
- *
- * \brief X.509 certificate revocation list parsing
- */
-/*
- * Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-#ifndef MBEDTLS_X509_CRL_H
-#define MBEDTLS_X509_CRL_H
-#include "mbedtls/private_access.h"
-
-#include "mbedtls/build_info.h"
-
-#include "mbedtls/x509.h"
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/**
- * \addtogroup x509_module
- * \{ */
-
-/**
- * \name Structures and functions for parsing CRLs
- * \{
- */
-
-/**
- * Certificate revocation list entry.
- * Contains the CA-specific serial numbers and revocation dates.
- *
- * Some fields of this structure are publicly readable. Do not modify
- * them except via Mbed TLS library functions: the effect of modifying
- * those fields or the data that those fields points to is unspecified.
- */
-typedef struct mbedtls_x509_crl_entry
-{
- /** Direct access to the whole entry inside the containing buffer. */
- mbedtls_x509_buf raw;
- /** The serial number of the revoked certificate. */
- mbedtls_x509_buf serial;
- /** The revocation date of this entry. */
- mbedtls_x509_time revocation_date;
- /** Direct access to the list of CRL entry extensions
- * (an ASN.1 constructed sequence).
- *
- * If there are no extensions, `entry_ext.len == 0` and
- * `entry_ext.p == NULL`. */
- mbedtls_x509_buf entry_ext;
-
- /** Next element in the linked list of entries.
- * \p NULL indicates the end of the list.
- * Do not modify this field directly. */
- struct mbedtls_x509_crl_entry *next;
-}
-mbedtls_x509_crl_entry;
-
-/**
- * Certificate revocation list structure.
- * Every CRL may have multiple entries.
- */
-typedef struct mbedtls_x509_crl
-{
- mbedtls_x509_buf raw; /**< The raw certificate data (DER). */
- mbedtls_x509_buf tbs; /**< The raw certificate body (DER). The part that is To Be Signed. */
-
- int version; /**< CRL version (1=v1, 2=v2) */
- mbedtls_x509_buf sig_oid; /**< CRL signature type identifier */
-
- mbedtls_x509_buf issuer_raw; /**< The raw issuer data (DER). */
-
- mbedtls_x509_name issuer; /**< The parsed issuer data (named information object). */
-
- mbedtls_x509_time this_update;
- mbedtls_x509_time next_update;
-
- mbedtls_x509_crl_entry entry; /**< The CRL entries containing the certificate revocation times for this CA. */
-
- mbedtls_x509_buf crl_ext;
-
- mbedtls_x509_buf MBEDTLS_PRIVATE(sig_oid2);
- mbedtls_x509_buf MBEDTLS_PRIVATE(sig);
- mbedtls_md_type_t MBEDTLS_PRIVATE(sig_md); /**< Internal representation of the MD algorithm of the signature algorithm, e.g. MBEDTLS_MD_SHA256 */
- mbedtls_pk_type_t MBEDTLS_PRIVATE(sig_pk); /**< Internal representation of the Public Key algorithm of the signature algorithm, e.g. MBEDTLS_PK_RSA */
- void *MBEDTLS_PRIVATE(sig_opts); /**< Signature options to be passed to mbedtls_pk_verify_ext(), e.g. for RSASSA-PSS */
-
- /** Next element in the linked list of CRL.
- * \p NULL indicates the end of the list.
- * Do not modify this field directly. */
- struct mbedtls_x509_crl *next;
-}
-mbedtls_x509_crl;
-
-/**
- * \brief Parse a DER-encoded CRL and append it to the chained list
- *
- * \param chain points to the start of the chain
- * \param buf buffer holding the CRL data in DER format
- * \param buflen size of the buffer
- * (including the terminating null byte for PEM data)
- *
- * \return 0 if successful, or a specific X509 or PEM error code
- */
-int mbedtls_x509_crl_parse_der( mbedtls_x509_crl *chain,
- const unsigned char *buf, size_t buflen );
-/**
- * \brief Parse one or more CRLs and append them to the chained list
- *
- * \note Multiple CRLs are accepted only if using PEM format
- *
- * \param chain points to the start of the chain
- * \param buf buffer holding the CRL data in PEM or DER format
- * \param buflen size of the buffer
- * (including the terminating null byte for PEM data)
- *
- * \return 0 if successful, or a specific X509 or PEM error code
- */
-int mbedtls_x509_crl_parse( mbedtls_x509_crl *chain, const unsigned char *buf, size_t buflen );
-
-#if defined(MBEDTLS_FS_IO)
-/**
- * \brief Load one or more CRLs and append them to the chained list
- *
- * \note Multiple CRLs are accepted only if using PEM format
- *
- * \param chain points to the start of the chain
- * \param path filename to read the CRLs from (in PEM or DER encoding)
- *
- * \return 0 if successful, or a specific X509 or PEM error code
- */
-int mbedtls_x509_crl_parse_file( mbedtls_x509_crl *chain, const char *path );
-#endif /* MBEDTLS_FS_IO */
-
-#if !defined(MBEDTLS_X509_REMOVE_INFO)
-/**
- * \brief Returns an informational string about the CRL.
- *
- * \param buf Buffer to write to
- * \param size Maximum size of buffer
- * \param prefix A line prefix
- * \param crl The X509 CRL to represent
- *
- * \return The length of the string written (not including the
- * terminated nul byte), or a negative error code.
- */
-int mbedtls_x509_crl_info( char *buf, size_t size, const char *prefix,
- const mbedtls_x509_crl *crl );
-#endif /* !MBEDTLS_X509_REMOVE_INFO */
-
-/**
- * \brief Initialize a CRL (chain)
- *
- * \param crl CRL chain to initialize
- */
-void mbedtls_x509_crl_init( mbedtls_x509_crl *crl );
-
-/**
- * \brief Unallocate all CRL data
- *
- * \param crl CRL chain to free
- */
-void mbedtls_x509_crl_free( mbedtls_x509_crl *crl );
-
-/* \} name */
-/* \} addtogroup x509_module */
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* mbedtls_x509_crl.h */
diff --git a/mbedtls/x509_crt.h b/mbedtls/x509_crt.h
deleted file mode 100644
index 3c11a99..0000000
--- a/mbedtls/x509_crt.h
+++ /dev/null
@@ -1,1193 +0,0 @@
-/**
- * \file x509_crt.h
- *
- * \brief X.509 certificate parsing and writing
- */
-/*
- * Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-#ifndef MBEDTLS_X509_CRT_H
-#define MBEDTLS_X509_CRT_H
-#include "mbedtls/private_access.h"
-
-#include "mbedtls/build_info.h"
-
-#include "mbedtls/x509.h"
-#include "mbedtls/x509_crl.h"
-#include "mbedtls/bignum.h"
-
-/**
- * \addtogroup x509_module
- * \{
- */
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/**
- * \name Structures and functions for parsing and writing X.509 certificates
- * \{
- */
-
-/**
- * Container for an X.509 certificate. The certificate may be chained.
- *
- * Some fields of this structure are publicly readable. Do not modify
- * them except via Mbed TLS library functions: the effect of modifying
- * those fields or the data that those fields points to is unspecified.
- */
-typedef struct mbedtls_x509_crt
-{
- int MBEDTLS_PRIVATE(own_buffer); /**< Indicates if \c raw is owned
- * by the structure or not. */
- mbedtls_x509_buf raw; /**< The raw certificate data (DER). */
- mbedtls_x509_buf tbs; /**< The raw certificate body (DER). The part that is To Be Signed. */
-
- int version; /**< The X.509 version. (1=v1, 2=v2, 3=v3) */
- mbedtls_x509_buf serial; /**< Unique id for certificate issued by a specific CA. */
- mbedtls_x509_buf sig_oid; /**< Signature algorithm, e.g. sha1RSA */
-
- mbedtls_x509_buf issuer_raw; /**< The raw issuer data (DER). Used for quick comparison. */
- mbedtls_x509_buf subject_raw; /**< The raw subject data (DER). Used for quick comparison. */
-
- mbedtls_x509_name issuer; /**< The parsed issuer data (named information object). */
- mbedtls_x509_name subject; /**< The parsed subject data (named information object). */
-
- mbedtls_x509_time valid_from; /**< Start time of certificate validity. */
- mbedtls_x509_time valid_to; /**< End time of certificate validity. */
-
- mbedtls_x509_buf pk_raw;
- mbedtls_pk_context pk; /**< Container for the public key context. */
-
- mbedtls_x509_buf issuer_id; /**< Optional X.509 v2/v3 issuer unique identifier. */
- mbedtls_x509_buf subject_id; /**< Optional X.509 v2/v3 subject unique identifier. */
- mbedtls_x509_buf v3_ext; /**< Optional X.509 v3 extensions. */
- mbedtls_x509_sequence subject_alt_names; /**< Optional list of raw entries of Subject Alternative Names extension (currently only dNSName and OtherName are listed). */
-
- mbedtls_x509_sequence certificate_policies; /**< Optional list of certificate policies (Only anyPolicy is printed and enforced, however the rest of the policies are still listed). */
-
- int MBEDTLS_PRIVATE(ext_types); /**< Bit string containing detected and parsed extensions */
- int MBEDTLS_PRIVATE(ca_istrue); /**< Optional Basic Constraint extension value: 1 if this certificate belongs to a CA, 0 otherwise. */
- int MBEDTLS_PRIVATE(max_pathlen); /**< Optional Basic Constraint extension value: The maximum path length to the root certificate. Path length is 1 higher than RFC 5280 'meaning', so 1+ */
-
- unsigned int MBEDTLS_PRIVATE(key_usage); /**< Optional key usage extension value: See the values in x509.h */
-
- mbedtls_x509_sequence ext_key_usage; /**< Optional list of extended key usage OIDs. */
-
- unsigned char MBEDTLS_PRIVATE(ns_cert_type); /**< Optional Netscape certificate type extension value: See the values in x509.h */
-
- mbedtls_x509_buf MBEDTLS_PRIVATE(sig); /**< Signature: hash of the tbs part signed with the private key. */
- mbedtls_md_type_t MBEDTLS_PRIVATE(sig_md); /**< Internal representation of the MD algorithm of the signature algorithm, e.g. MBEDTLS_MD_SHA256 */
- mbedtls_pk_type_t MBEDTLS_PRIVATE(sig_pk); /**< Internal representation of the Public Key algorithm of the signature algorithm, e.g. MBEDTLS_PK_RSA */
- void *MBEDTLS_PRIVATE(sig_opts); /**< Signature options to be passed to mbedtls_pk_verify_ext(), e.g. for RSASSA-PSS */
-
- /** Next certificate in the linked list that constitutes the CA chain.
- * \p NULL indicates the end of the list.
- * Do not modify this field directly. */
- struct mbedtls_x509_crt *next;
-}
-mbedtls_x509_crt;
-
-/**
- * From RFC 5280 section 4.2.1.6:
- * OtherName ::= SEQUENCE {
- * type-id OBJECT IDENTIFIER,
- * value [0] EXPLICIT ANY DEFINED BY type-id }
- *
- * Future versions of the library may add new fields to this structure or
- * to its embedded union and structure.
- */
-typedef struct mbedtls_x509_san_other_name
-{
- /**
- * The type_id is an OID as deifned in RFC 5280.
- * To check the value of the type id, you should use
- * \p MBEDTLS_OID_CMP with a known OID mbedtls_x509_buf.
- */
- mbedtls_x509_buf type_id; /**< The type id. */
- union
- {
- /**
- * From RFC 4108 section 5:
- * HardwareModuleName ::= SEQUENCE {
- * hwType OBJECT IDENTIFIER,
- * hwSerialNum OCTET STRING }
- */
- struct
- {
- mbedtls_x509_buf oid; /**< The object identifier. */
- mbedtls_x509_buf val; /**< The named value. */
- }
- hardware_module_name;
- }
- value;
-}
-mbedtls_x509_san_other_name;
-
-/**
- * A structure for holding the parsed Subject Alternative Name,
- * according to type.
- *
- * Future versions of the library may add new fields to this structure or
- * to its embedded union and structure.
- */
-typedef struct mbedtls_x509_subject_alternative_name
-{
- int type; /**< The SAN type, value of MBEDTLS_X509_SAN_XXX. */
- union {
- mbedtls_x509_san_other_name other_name; /**< The otherName supported type. */
- mbedtls_x509_buf unstructured_name; /**< The buffer for the un constructed types. Only dnsName currently supported */
- }
- san; /**< A union of the supported SAN types */
-}
-mbedtls_x509_subject_alternative_name;
-
-/**
- * Build flag from an algorithm/curve identifier (pk, md, ecp)
- * Since 0 is always XXX_NONE, ignore it.
- */
-#define MBEDTLS_X509_ID_FLAG( id ) ( 1 << ( (id) - 1 ) )
-
-/**
- * Security profile for certificate verification.
- *
- * All lists are bitfields, built by ORing flags from MBEDTLS_X509_ID_FLAG().
- *
- * The fields of this structure are part of the public API and can be
- * manipulated directly by applications. Future versions of the library may
- * add extra fields or reorder existing fields.
- *
- * You can create custom profiles by starting from a copy of
- * an existing profile, such as mbedtls_x509_crt_profile_default or
- * mbedtls_x509_ctr_profile_none and then tune it to your needs.
- *
- * For example to allow SHA-224 in addition to the default:
- *
- * mbedtls_x509_crt_profile my_profile = mbedtls_x509_crt_profile_default;
- * my_profile.allowed_mds |= MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA224 );
- *
- * Or to allow only RSA-3072+ with SHA-256:
- *
- * mbedtls_x509_crt_profile my_profile = mbedtls_x509_crt_profile_none;
- * my_profile.allowed_mds = MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA256 );
- * my_profile.allowed_pks = MBEDTLS_X509_ID_FLAG( MBEDTLS_PK_RSA );
- * my_profile.rsa_min_bitlen = 3072;
- */
-typedef struct mbedtls_x509_crt_profile
-{
- uint32_t allowed_mds; /**< MDs for signatures */
- uint32_t allowed_pks; /**< PK algs for signatures */
- uint32_t allowed_curves; /**< Elliptic curves for ECDSA */
- uint32_t rsa_min_bitlen; /**< Minimum size for RSA keys */
-}
-mbedtls_x509_crt_profile;
-
-#define MBEDTLS_X509_CRT_VERSION_1 0
-#define MBEDTLS_X509_CRT_VERSION_2 1
-#define MBEDTLS_X509_CRT_VERSION_3 2
-
-#define MBEDTLS_X509_RFC5280_MAX_SERIAL_LEN 32
-#define MBEDTLS_X509_RFC5280_UTC_TIME_LEN 15
-
-#if !defined( MBEDTLS_X509_MAX_FILE_PATH_LEN )
-#define MBEDTLS_X509_MAX_FILE_PATH_LEN 512
-#endif
-
-/* This macro unfolds to the concatenation of macro invocations
- * X509_CRT_ERROR_INFO( error code,
- * error code as string,
- * human readable description )
- * where X509_CRT_ERROR_INFO is defined by the user.
- * See x509_crt.c for an example of how to use this. */
-#define MBEDTLS_X509_CRT_ERROR_INFO_LIST \
- X509_CRT_ERROR_INFO( MBEDTLS_X509_BADCERT_EXPIRED, \
- "MBEDTLS_X509_BADCERT_EXPIRED", \
- "The certificate validity has expired" ) \
- X509_CRT_ERROR_INFO( MBEDTLS_X509_BADCERT_REVOKED, \
- "MBEDTLS_X509_BADCERT_REVOKED", \
- "The certificate has been revoked (is on a CRL)" ) \
- X509_CRT_ERROR_INFO( MBEDTLS_X509_BADCERT_CN_MISMATCH, \
- "MBEDTLS_X509_BADCERT_CN_MISMATCH", \
- "The certificate Common Name (CN) does not match with the expected CN" ) \
- X509_CRT_ERROR_INFO( MBEDTLS_X509_BADCERT_NOT_TRUSTED, \
- "MBEDTLS_X509_BADCERT_NOT_TRUSTED", \
- "The certificate is not correctly signed by the trusted CA" ) \
- X509_CRT_ERROR_INFO( MBEDTLS_X509_BADCRL_NOT_TRUSTED, \
- "MBEDTLS_X509_BADCRL_NOT_TRUSTED", \
- "The CRL is not correctly signed by the trusted CA" ) \
- X509_CRT_ERROR_INFO( MBEDTLS_X509_BADCRL_EXPIRED, \
- "MBEDTLS_X509_BADCRL_EXPIRED", \
- "The CRL is expired" ) \
- X509_CRT_ERROR_INFO( MBEDTLS_X509_BADCERT_MISSING, \
- "MBEDTLS_X509_BADCERT_MISSING", \
- "Certificate was missing" ) \
- X509_CRT_ERROR_INFO( MBEDTLS_X509_BADCERT_SKIP_VERIFY, \
- "MBEDTLS_X509_BADCERT_SKIP_VERIFY", \
- "Certificate verification was skipped" ) \
- X509_CRT_ERROR_INFO( MBEDTLS_X509_BADCERT_OTHER, \
- "MBEDTLS_X509_BADCERT_OTHER", \
- "Other reason (can be used by verify callback)" ) \
- X509_CRT_ERROR_INFO( MBEDTLS_X509_BADCERT_FUTURE, \
- "MBEDTLS_X509_BADCERT_FUTURE", \
- "The certificate validity starts in the future" ) \
- X509_CRT_ERROR_INFO( MBEDTLS_X509_BADCRL_FUTURE, \
- "MBEDTLS_X509_BADCRL_FUTURE", \
- "The CRL is from the future" ) \
- X509_CRT_ERROR_INFO( MBEDTLS_X509_BADCERT_KEY_USAGE, \
- "MBEDTLS_X509_BADCERT_KEY_USAGE", \
- "Usage does not match the keyUsage extension" ) \
- X509_CRT_ERROR_INFO( MBEDTLS_X509_BADCERT_EXT_KEY_USAGE, \
- "MBEDTLS_X509_BADCERT_EXT_KEY_USAGE", \
- "Usage does not match the extendedKeyUsage extension" ) \
- X509_CRT_ERROR_INFO( MBEDTLS_X509_BADCERT_NS_CERT_TYPE, \
- "MBEDTLS_X509_BADCERT_NS_CERT_TYPE", \
- "Usage does not match the nsCertType extension" ) \
- X509_CRT_ERROR_INFO( MBEDTLS_X509_BADCERT_BAD_MD, \
- "MBEDTLS_X509_BADCERT_BAD_MD", \
- "The certificate is signed with an unacceptable hash." ) \
- X509_CRT_ERROR_INFO( MBEDTLS_X509_BADCERT_BAD_PK, \
- "MBEDTLS_X509_BADCERT_BAD_PK", \
- "The certificate is signed with an unacceptable PK alg (eg RSA vs ECDSA)." ) \
- X509_CRT_ERROR_INFO( MBEDTLS_X509_BADCERT_BAD_KEY, \
- "MBEDTLS_X509_BADCERT_BAD_KEY", \
- "The certificate is signed with an unacceptable key (eg bad curve, RSA too short)." ) \
- X509_CRT_ERROR_INFO( MBEDTLS_X509_BADCRL_BAD_MD, \
- "MBEDTLS_X509_BADCRL_BAD_MD", \
- "The CRL is signed with an unacceptable hash." ) \
- X509_CRT_ERROR_INFO( MBEDTLS_X509_BADCRL_BAD_PK, \
- "MBEDTLS_X509_BADCRL_BAD_PK", \
- "The CRL is signed with an unacceptable PK alg (eg RSA vs ECDSA)." ) \
- X509_CRT_ERROR_INFO( MBEDTLS_X509_BADCRL_BAD_KEY, \
- "MBEDTLS_X509_BADCRL_BAD_KEY", \
- "The CRL is signed with an unacceptable key (eg bad curve, RSA too short)." )
-
-/**
- * Container for writing a certificate (CRT)
- */
-typedef struct mbedtls_x509write_cert
-{
- int MBEDTLS_PRIVATE(version);
- mbedtls_mpi MBEDTLS_PRIVATE(serial);
- mbedtls_pk_context *MBEDTLS_PRIVATE(subject_key);
- mbedtls_pk_context *MBEDTLS_PRIVATE(issuer_key);
- mbedtls_asn1_named_data *MBEDTLS_PRIVATE(subject);
- mbedtls_asn1_named_data *MBEDTLS_PRIVATE(issuer);
- mbedtls_md_type_t MBEDTLS_PRIVATE(md_alg);
- char MBEDTLS_PRIVATE(not_before)[MBEDTLS_X509_RFC5280_UTC_TIME_LEN + 1];
- char MBEDTLS_PRIVATE(not_after)[MBEDTLS_X509_RFC5280_UTC_TIME_LEN + 1];
- mbedtls_asn1_named_data *MBEDTLS_PRIVATE(extensions);
-}
-mbedtls_x509write_cert;
-
-/**
- * Item in a verification chain: cert and flags for it
- */
-typedef struct {
- mbedtls_x509_crt *MBEDTLS_PRIVATE(crt);
- uint32_t MBEDTLS_PRIVATE(flags);
-} mbedtls_x509_crt_verify_chain_item;
-
-/**
- * Max size of verification chain: end-entity + intermediates + trusted root
- */
-#define MBEDTLS_X509_MAX_VERIFY_CHAIN_SIZE ( MBEDTLS_X509_MAX_INTERMEDIATE_CA + 2 )
-
-/**
- * Verification chain as built by \c mbedtls_crt_verify_chain()
- */
-typedef struct
-{
- mbedtls_x509_crt_verify_chain_item MBEDTLS_PRIVATE(items)[MBEDTLS_X509_MAX_VERIFY_CHAIN_SIZE];
- unsigned MBEDTLS_PRIVATE(len);
-
-#if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK)
- /* This stores the list of potential trusted signers obtained from
- * the CA callback used for the CRT verification, if configured.
- * We must track it somewhere because the callback passes its
- * ownership to the caller. */
- mbedtls_x509_crt *MBEDTLS_PRIVATE(trust_ca_cb_result);
-#endif /* MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK */
-} mbedtls_x509_crt_verify_chain;
-
-#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
-
-/**
- * \brief Context for resuming X.509 verify operations
- */
-typedef struct
-{
- /* for check_signature() */
- mbedtls_pk_restart_ctx MBEDTLS_PRIVATE(pk);
-
- /* for find_parent_in() */
- mbedtls_x509_crt *MBEDTLS_PRIVATE(parent); /* non-null iff parent_in in progress */
- mbedtls_x509_crt *MBEDTLS_PRIVATE(fallback_parent);
- int MBEDTLS_PRIVATE(fallback_signature_is_good);
-
- /* for find_parent() */
- int MBEDTLS_PRIVATE(parent_is_trusted); /* -1 if find_parent is not in progress */
-
- /* for verify_chain() */
- enum {
- x509_crt_rs_none,
- x509_crt_rs_find_parent,
- } MBEDTLS_PRIVATE(in_progress); /* none if no operation is in progress */
- int MBEDTLS_PRIVATE(self_cnt);
- mbedtls_x509_crt_verify_chain MBEDTLS_PRIVATE(ver_chain);
-
-} mbedtls_x509_crt_restart_ctx;
-
-#else /* MBEDTLS_ECDSA_C && MBEDTLS_ECP_RESTARTABLE */
-
-/* Now we can declare functions that take a pointer to that */
-typedef void mbedtls_x509_crt_restart_ctx;
-
-#endif /* MBEDTLS_ECDSA_C && MBEDTLS_ECP_RESTARTABLE */
-
-#if defined(MBEDTLS_X509_CRT_PARSE_C)
-/**
- * Default security profile. Should provide a good balance between security
- * and compatibility with current deployments.
- *
- * This profile permits:
- * - SHA2 hashes with at least 256 bits: SHA-256, SHA-384, SHA-512.
- * - Elliptic curves with 255 bits and above except secp256k1.
- * - RSA with 2048 bits and above.
- *
- * New minor versions of Mbed TLS may extend this profile, for example if
- * new algorithms are added to the library. New minor versions of Mbed TLS will
- * not reduce this profile unless serious security concerns require it.
- */
-extern const mbedtls_x509_crt_profile mbedtls_x509_crt_profile_default;
-
-/**
- * Expected next default profile. Recommended for new deployments.
- * Currently targets a 128-bit security level, except for allowing RSA-2048.
- * This profile may change at any time.
- */
-extern const mbedtls_x509_crt_profile mbedtls_x509_crt_profile_next;
-
-/**
- * NSA Suite B profile.
- */
-extern const mbedtls_x509_crt_profile mbedtls_x509_crt_profile_suiteb;
-
-/**
- * Empty profile that allows nothing. Useful as a basis for constructing
- * custom profiles.
- */
-extern const mbedtls_x509_crt_profile mbedtls_x509_crt_profile_none;
-
-/**
- * \brief Parse a single DER formatted certificate and add it
- * to the end of the provided chained list.
- *
- * \param chain The pointer to the start of the CRT chain to attach to.
- * When parsing the first CRT in a chain, this should point
- * to an instance of ::mbedtls_x509_crt initialized through
- * mbedtls_x509_crt_init().
- * \param buf The buffer holding the DER encoded certificate.
- * \param buflen The size in Bytes of \p buf.
- *
- * \note This function makes an internal copy of the CRT buffer
- * \p buf. In particular, \p buf may be destroyed or reused
- * after this call returns. To avoid duplicating the CRT
- * buffer (at the cost of stricter lifetime constraints),
- * use mbedtls_x509_crt_parse_der_nocopy() instead.
- *
- * \return \c 0 if successful.
- * \return A negative error code on failure.
- */
-int mbedtls_x509_crt_parse_der( mbedtls_x509_crt *chain,
- const unsigned char *buf,
- size_t buflen );
-
-/**
- * \brief The type of certificate extension callbacks.
- *
- * Callbacks of this type are passed to and used by the
- * mbedtls_x509_crt_parse_der_with_ext_cb() routine when
- * it encounters either an unsupported extension or a
- * "certificate policies" extension containing any
- * unsupported certificate policies.
- * Future versions of the library may invoke the callback
- * in other cases, if and when the need arises.
- *
- * \param p_ctx An opaque context passed to the callback.
- * \param crt The certificate being parsed.
- * \param oid The OID of the extension.
- * \param critical Whether the extension is critical.
- * \param p Pointer to the start of the extension value
- * (the content of the OCTET STRING).
- * \param end End of extension value.
- *
- * \note The callback must fail and return a negative error code
- * if it can not parse or does not support the extension.
- * When the callback fails to parse a critical extension
- * mbedtls_x509_crt_parse_der_with_ext_cb() also fails.
- * When the callback fails to parse a non critical extension
- * mbedtls_x509_crt_parse_der_with_ext_cb() simply skips
- * the extension and continues parsing.
- *
- * \return \c 0 on success.
- * \return A negative error code on failure.
- */
-typedef int (*mbedtls_x509_crt_ext_cb_t)( void *p_ctx,
- mbedtls_x509_crt const *crt,
- mbedtls_x509_buf const *oid,
- int critical,
- const unsigned char *p,
- const unsigned char *end );
-
-/**
- * \brief Parse a single DER formatted certificate and add it
- * to the end of the provided chained list.
- *
- * \param chain The pointer to the start of the CRT chain to attach to.
- * When parsing the first CRT in a chain, this should point
- * to an instance of ::mbedtls_x509_crt initialized through
- * mbedtls_x509_crt_init().
- * \param buf The buffer holding the DER encoded certificate.
- * \param buflen The size in Bytes of \p buf.
- * \param make_copy When not zero this function makes an internal copy of the
- * CRT buffer \p buf. In particular, \p buf may be destroyed
- * or reused after this call returns.
- * When zero this function avoids duplicating the CRT buffer
- * by taking temporary ownership thereof until the CRT
- * is destroyed (like mbedtls_x509_crt_parse_der_nocopy())
- * \param cb A callback invoked for every unsupported certificate
- * extension.
- * \param p_ctx An opaque context passed to the callback.
- *
- * \note This call is functionally equivalent to
- * mbedtls_x509_crt_parse_der(), and/or
- * mbedtls_x509_crt_parse_der_nocopy()
- * but it calls the callback with every unsupported
- * certificate extension and additionally the
- * "certificate policies" extension if it contains any
- * unsupported certificate policies.
- * The callback must return a negative error code if it
- * does not know how to handle such an extension.
- * When the callback fails to parse a critical extension
- * mbedtls_x509_crt_parse_der_with_ext_cb() also fails.
- * When the callback fails to parse a non critical extension
- * mbedtls_x509_crt_parse_der_with_ext_cb() simply skips
- * the extension and continues parsing.
- * Future versions of the library may invoke the callback
- * in other cases, if and when the need arises.
- *
- * \return \c 0 if successful.
- * \return A negative error code on failure.
- */
-int mbedtls_x509_crt_parse_der_with_ext_cb( mbedtls_x509_crt *chain,
- const unsigned char *buf,
- size_t buflen,
- int make_copy,
- mbedtls_x509_crt_ext_cb_t cb,
- void *p_ctx );
-
-/**
- * \brief Parse a single DER formatted certificate and add it
- * to the end of the provided chained list. This is a
- * variant of mbedtls_x509_crt_parse_der() which takes
- * temporary ownership of the CRT buffer until the CRT
- * is destroyed.
- *
- * \param chain The pointer to the start of the CRT chain to attach to.
- * When parsing the first CRT in a chain, this should point
- * to an instance of ::mbedtls_x509_crt initialized through
- * mbedtls_x509_crt_init().
- * \param buf The address of the readable buffer holding the DER encoded
- * certificate to use. On success, this buffer must be
- * retained and not be changed for the liftetime of the
- * CRT chain \p chain, that is, until \p chain is destroyed
- * through a call to mbedtls_x509_crt_free().
- * \param buflen The size in Bytes of \p buf.
- *
- * \note This call is functionally equivalent to
- * mbedtls_x509_crt_parse_der(), but it avoids creating a
- * copy of the input buffer at the cost of stronger lifetime
- * constraints. This is useful in constrained environments
- * where duplication of the CRT cannot be tolerated.
- *
- * \return \c 0 if successful.
- * \return A negative error code on failure.
- */
-int mbedtls_x509_crt_parse_der_nocopy( mbedtls_x509_crt *chain,
- const unsigned char *buf,
- size_t buflen );
-
-/**
- * \brief Parse one DER-encoded or one or more concatenated PEM-encoded
- * certificates and add them to the chained list.
- *
- * For CRTs in PEM encoding, the function parses permissively:
- * if at least one certificate can be parsed, the function
- * returns the number of certificates for which parsing failed
- * (hence \c 0 if all certificates were parsed successfully).
- * If no certificate could be parsed, the function returns
- * the first (negative) error encountered during parsing.
- *
- * PEM encoded certificates may be interleaved by other data
- * such as human readable descriptions of their content, as
- * long as the certificates are enclosed in the PEM specific
- * '-----{BEGIN/END} CERTIFICATE-----' delimiters.
- *
- * \param chain The chain to which to add the parsed certificates.
- * \param buf The buffer holding the certificate data in PEM or DER format.
- * For certificates in PEM encoding, this may be a concatenation
- * of multiple certificates; for DER encoding, the buffer must
- * comprise exactly one certificate.
- * \param buflen The size of \p buf, including the terminating \c NULL byte
- * in case of PEM encoded data.
- *
- * \return \c 0 if all certificates were parsed successfully.
- * \return The (positive) number of certificates that couldn't
- * be parsed if parsing was partly successful (see above).
- * \return A negative X509 or PEM error code otherwise.
- *
- */
-int mbedtls_x509_crt_parse( mbedtls_x509_crt *chain, const unsigned char *buf, size_t buflen );
-
-#if defined(MBEDTLS_FS_IO)
-/**
- * \brief Load one or more certificates and add them
- * to the chained list. Parses permissively. If some
- * certificates can be parsed, the result is the number
- * of failed certificates it encountered. If none complete
- * correctly, the first error is returned.
- *
- * \param chain points to the start of the chain
- * \param path filename to read the certificates from
- *
- * \return 0 if all certificates parsed successfully, a positive number
- * if partly successful or a specific X509 or PEM error code
- */
-int mbedtls_x509_crt_parse_file( mbedtls_x509_crt *chain, const char *path );
-
-/**
- * \brief Load one or more certificate files from a path and add them
- * to the chained list. Parses permissively. If some
- * certificates can be parsed, the result is the number
- * of failed certificates it encountered. If none complete
- * correctly, the first error is returned.
- *
- * \param chain points to the start of the chain
- * \param path directory / folder to read the certificate files from
- *
- * \return 0 if all certificates parsed successfully, a positive number
- * if partly successful or a specific X509 or PEM error code
- */
-int mbedtls_x509_crt_parse_path( mbedtls_x509_crt *chain, const char *path );
-
-#endif /* MBEDTLS_FS_IO */
-/**
- * \brief This function parses an item in the SubjectAlternativeNames
- * extension.
- *
- * \param san_buf The buffer holding the raw data item of the subject
- * alternative name.
- * \param san The target structure to populate with the parsed presentation
- * of the subject alternative name encoded in \p san_raw.
- *
- * \note Only "dnsName" and "otherName" of type hardware_module_name
- * as defined in RFC 4180 is supported.
- *
- * \note This function should be called on a single raw data of
- * subject alternative name. For example, after successful
- * certificate parsing, one must iterate on every item in the
- * \p crt->subject_alt_names sequence, and pass it to
- * this function.
- *
- * \warning The target structure contains pointers to the raw data of the
- * parsed certificate, and its lifetime is restricted by the
- * lifetime of the certificate.
- *
- * \return \c 0 on success
- * \return #MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE for an unsupported
- * SAN type.
- * \return Another negative value for any other failure.
- */
-int mbedtls_x509_parse_subject_alt_name( const mbedtls_x509_buf *san_buf,
- mbedtls_x509_subject_alternative_name *san );
-
-#if !defined(MBEDTLS_X509_REMOVE_INFO)
-/**
- * \brief Returns an informational string about the
- * certificate.
- *
- * \param buf Buffer to write to
- * \param size Maximum size of buffer
- * \param prefix A line prefix
- * \param crt The X509 certificate to represent
- *
- * \return The length of the string written (not including the
- * terminated nul byte), or a negative error code.
- */
-int mbedtls_x509_crt_info( char *buf, size_t size, const char *prefix,
- const mbedtls_x509_crt *crt );
-
-/**
- * \brief Returns an informational string about the
- * verification status of a certificate.
- *
- * \param buf Buffer to write to
- * \param size Maximum size of buffer
- * \param prefix A line prefix
- * \param flags Verification flags created by mbedtls_x509_crt_verify()
- *
- * \return The length of the string written (not including the
- * terminated nul byte), or a negative error code.
- */
-int mbedtls_x509_crt_verify_info( char *buf, size_t size, const char *prefix,
- uint32_t flags );
-#endif /* !MBEDTLS_X509_REMOVE_INFO */
-
-/**
- * \brief Verify a chain of certificates.
- *
- * The verify callback is a user-supplied callback that
- * can clear / modify / add flags for a certificate. If set,
- * the verification callback is called for each
- * certificate in the chain (from the trust-ca down to the
- * presented crt). The parameters for the callback are:
- * (void *parameter, mbedtls_x509_crt *crt, int certificate_depth,
- * int *flags). With the flags representing current flags for
- * that specific certificate and the certificate depth from
- * the bottom (Peer cert depth = 0).
- *
- * All flags left after returning from the callback
- * are also returned to the application. The function should
- * return 0 for anything (including invalid certificates)
- * other than fatal error, as a non-zero return code
- * immediately aborts the verification process. For fatal
- * errors, a specific error code should be used (different
- * from MBEDTLS_ERR_X509_CERT_VERIFY_FAILED which should not
- * be returned at this point), or MBEDTLS_ERR_X509_FATAL_ERROR
- * can be used if no better code is available.
- *
- * \note In case verification failed, the results can be displayed
- * using \c mbedtls_x509_crt_verify_info()
- *
- * \note Same as \c mbedtls_x509_crt_verify_with_profile() with the
- * default security profile.
- *
- * \note It is your responsibility to provide up-to-date CRLs for
- * all trusted CAs. If no CRL is provided for the CA that was
- * used to sign the certificate, CRL verification is skipped
- * silently, that is *without* setting any flag.
- *
- * \note The \c trust_ca list can contain two types of certificates:
- * (1) those of trusted root CAs, so that certificates
- * chaining up to those CAs will be trusted, and (2)
- * self-signed end-entity certificates to be trusted (for
- * specific peers you know) - in that case, the self-signed
- * certificate doesn't need to have the CA bit set.
- *
- * \param crt The certificate chain to be verified.
- * \param trust_ca The list of trusted CAs.
- * \param ca_crl The list of CRLs for trusted CAs.
- * \param cn The expected Common Name. This will be checked to be
- * present in the certificate's subjectAltNames extension or,
- * if this extension is absent, as a CN component in its
- * Subject name. Currently only DNS names are supported. This
- * may be \c NULL if the CN need not be verified.
- * \param flags The address at which to store the result of the verification.
- * If the verification couldn't be completed, the flag value is
- * set to (uint32_t) -1.
- * \param f_vrfy The verification callback to use. See the documentation
- * of mbedtls_x509_crt_verify() for more information.
- * \param p_vrfy The context to be passed to \p f_vrfy.
- *
- * \return \c 0 if the chain is valid with respect to the
- * passed CN, CAs, CRLs and security profile.
- * \return #MBEDTLS_ERR_X509_CERT_VERIFY_FAILED in case the
- * certificate chain verification failed. In this case,
- * \c *flags will have one or more
- * \c MBEDTLS_X509_BADCERT_XXX or \c MBEDTLS_X509_BADCRL_XXX
- * flags set.
- * \return Another negative error code in case of a fatal error
- * encountered during the verification process.
- */
-int mbedtls_x509_crt_verify( mbedtls_x509_crt *crt,
- mbedtls_x509_crt *trust_ca,
- mbedtls_x509_crl *ca_crl,
- const char *cn, uint32_t *flags,
- int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *),
- void *p_vrfy );
-
-/**
- * \brief Verify a chain of certificates with respect to
- * a configurable security profile.
- *
- * \note Same as \c mbedtls_x509_crt_verify(), but with explicit
- * security profile.
- *
- * \note The restrictions on keys (RSA minimum size, allowed curves
- * for ECDSA) apply to all certificates: trusted root,
- * intermediate CAs if any, and end entity certificate.
- *
- * \param crt The certificate chain to be verified.
- * \param trust_ca The list of trusted CAs.
- * \param ca_crl The list of CRLs for trusted CAs.
- * \param profile The security profile to use for the verification.
- * \param cn The expected Common Name. This may be \c NULL if the
- * CN need not be verified.
- * \param flags The address at which to store the result of the verification.
- * If the verification couldn't be completed, the flag value is
- * set to (uint32_t) -1.
- * \param f_vrfy The verification callback to use. See the documentation
- * of mbedtls_x509_crt_verify() for more information.
- * \param p_vrfy The context to be passed to \p f_vrfy.
- *
- * \return \c 0 if the chain is valid with respect to the
- * passed CN, CAs, CRLs and security profile.
- * \return #MBEDTLS_ERR_X509_CERT_VERIFY_FAILED in case the
- * certificate chain verification failed. In this case,
- * \c *flags will have one or more
- * \c MBEDTLS_X509_BADCERT_XXX or \c MBEDTLS_X509_BADCRL_XXX
- * flags set.
- * \return Another negative error code in case of a fatal error
- * encountered during the verification process.
- */
-int mbedtls_x509_crt_verify_with_profile( mbedtls_x509_crt *crt,
- mbedtls_x509_crt *trust_ca,
- mbedtls_x509_crl *ca_crl,
- const mbedtls_x509_crt_profile *profile,
- const char *cn, uint32_t *flags,
- int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *),
- void *p_vrfy );
-
-/**
- * \brief Restartable version of \c mbedtls_crt_verify_with_profile()
- *
- * \note Performs the same job as \c mbedtls_crt_verify_with_profile()
- * but can return early and restart according to the limit
- * set with \c mbedtls_ecp_set_max_ops() to reduce blocking.
- *
- * \param crt The certificate chain to be verified.
- * \param trust_ca The list of trusted CAs.
- * \param ca_crl The list of CRLs for trusted CAs.
- * \param profile The security profile to use for the verification.
- * \param cn The expected Common Name. This may be \c NULL if the
- * CN need not be verified.
- * \param flags The address at which to store the result of the verification.
- * If the verification couldn't be completed, the flag value is
- * set to (uint32_t) -1.
- * \param f_vrfy The verification callback to use. See the documentation
- * of mbedtls_x509_crt_verify() for more information.
- * \param p_vrfy The context to be passed to \p f_vrfy.
- * \param rs_ctx The restart context to use. This may be set to \c NULL
- * to disable restartable ECC.
- *
- * \return See \c mbedtls_crt_verify_with_profile(), or
- * \return #MBEDTLS_ERR_ECP_IN_PROGRESS if maximum number of
- * operations was reached: see \c mbedtls_ecp_set_max_ops().
- */
-int mbedtls_x509_crt_verify_restartable( mbedtls_x509_crt *crt,
- mbedtls_x509_crt *trust_ca,
- mbedtls_x509_crl *ca_crl,
- const mbedtls_x509_crt_profile *profile,
- const char *cn, uint32_t *flags,
- int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *),
- void *p_vrfy,
- mbedtls_x509_crt_restart_ctx *rs_ctx );
-
-/**
- * \brief The type of trusted certificate callbacks.
- *
- * Callbacks of this type are passed to and used by the CRT
- * verification routine mbedtls_x509_crt_verify_with_ca_cb()
- * when looking for trusted signers of a given certificate.
- *
- * On success, the callback returns a list of trusted
- * certificates to be considered as potential signers
- * for the input certificate.
- *
- * \param p_ctx An opaque context passed to the callback.
- * \param child The certificate for which to search a potential signer.
- * This will point to a readable certificate.
- * \param candidate_cas The address at which to store the address of the first
- * entry in the generated linked list of candidate signers.
- * This will not be \c NULL.
- *
- * \note The callback must only return a non-zero value on a
- * fatal error. If, in contrast, the search for a potential
- * signer completes without a single candidate, the
- * callback must return \c 0 and set \c *candidate_cas
- * to \c NULL.
- *
- * \return \c 0 on success. In this case, \c *candidate_cas points
- * to a heap-allocated linked list of instances of
- * ::mbedtls_x509_crt, and ownership of this list is passed
- * to the caller.
- * \return A negative error code on failure.
- */
-typedef int (*mbedtls_x509_crt_ca_cb_t)( void *p_ctx,
- mbedtls_x509_crt const *child,
- mbedtls_x509_crt **candidate_cas );
-
-#if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK)
-/**
- * \brief Version of \c mbedtls_x509_crt_verify_with_profile() which
- * uses a callback to acquire the list of trusted CA
- * certificates.
- *
- * \param crt The certificate chain to be verified.
- * \param f_ca_cb The callback to be used to query for potential signers
- * of a given child certificate. See the documentation of
- * ::mbedtls_x509_crt_ca_cb_t for more information.
- * \param p_ca_cb The opaque context to be passed to \p f_ca_cb.
- * \param profile The security profile for the verification.
- * \param cn The expected Common Name. This may be \c NULL if the
- * CN need not be verified.
- * \param flags The address at which to store the result of the verification.
- * If the verification couldn't be completed, the flag value is
- * set to (uint32_t) -1.
- * \param f_vrfy The verification callback to use. See the documentation
- * of mbedtls_x509_crt_verify() for more information.
- * \param p_vrfy The context to be passed to \p f_vrfy.
- *
- * \return See \c mbedtls_crt_verify_with_profile().
- */
-int mbedtls_x509_crt_verify_with_ca_cb( mbedtls_x509_crt *crt,
- mbedtls_x509_crt_ca_cb_t f_ca_cb,
- void *p_ca_cb,
- const mbedtls_x509_crt_profile *profile,
- const char *cn, uint32_t *flags,
- int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *),
- void *p_vrfy );
-
-#endif /* MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK */
-
-/**
- * \brief Check usage of certificate against keyUsage extension.
- *
- * \param crt Leaf certificate used.
- * \param usage Intended usage(s) (eg MBEDTLS_X509_KU_KEY_ENCIPHERMENT
- * before using the certificate to perform an RSA key
- * exchange).
- *
- * \note Except for decipherOnly and encipherOnly, a bit set in the
- * usage argument means this bit MUST be set in the
- * certificate. For decipherOnly and encipherOnly, it means
- * that bit MAY be set.
- *
- * \return 0 is these uses of the certificate are allowed,
- * MBEDTLS_ERR_X509_BAD_INPUT_DATA if the keyUsage extension
- * is present but does not match the usage argument.
- *
- * \note You should only call this function on leaf certificates, on
- * (intermediate) CAs the keyUsage extension is automatically
- * checked by \c mbedtls_x509_crt_verify().
- */
-int mbedtls_x509_crt_check_key_usage( const mbedtls_x509_crt *crt,
- unsigned int usage );
-
-/**
- * \brief Check usage of certificate against extendedKeyUsage.
- *
- * \param crt Leaf certificate used.
- * \param usage_oid Intended usage (eg MBEDTLS_OID_SERVER_AUTH or
- * MBEDTLS_OID_CLIENT_AUTH).
- * \param usage_len Length of usage_oid (eg given by MBEDTLS_OID_SIZE()).
- *
- * \return 0 if this use of the certificate is allowed,
- * MBEDTLS_ERR_X509_BAD_INPUT_DATA if not.
- *
- * \note Usually only makes sense on leaf certificates.
- */
-int mbedtls_x509_crt_check_extended_key_usage( const mbedtls_x509_crt *crt,
- const char *usage_oid,
- size_t usage_len );
-
-#if defined(MBEDTLS_X509_CRL_PARSE_C)
-/**
- * \brief Verify the certificate revocation status
- *
- * \param crt a certificate to be verified
- * \param crl the CRL to verify against
- *
- * \return 1 if the certificate is revoked, 0 otherwise
- *
- */
-int mbedtls_x509_crt_is_revoked( const mbedtls_x509_crt *crt, const mbedtls_x509_crl *crl );
-#endif /* MBEDTLS_X509_CRL_PARSE_C */
-
-/**
- * \brief Initialize a certificate (chain)
- *
- * \param crt Certificate chain to initialize
- */
-void mbedtls_x509_crt_init( mbedtls_x509_crt *crt );
-
-/**
- * \brief Unallocate all certificate data
- *
- * \param crt Certificate chain to free
- */
-void mbedtls_x509_crt_free( mbedtls_x509_crt *crt );
-
-#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
-/**
- * \brief Initialize a restart context
- */
-void mbedtls_x509_crt_restart_init( mbedtls_x509_crt_restart_ctx *ctx );
-
-/**
- * \brief Free the components of a restart context
- */
-void mbedtls_x509_crt_restart_free( mbedtls_x509_crt_restart_ctx *ctx );
-#endif /* MBEDTLS_ECDSA_C && MBEDTLS_ECP_RESTARTABLE */
-#endif /* MBEDTLS_X509_CRT_PARSE_C */
-
-/* \} name */
-/* \} addtogroup x509_module */
-
-#if defined(MBEDTLS_X509_CRT_WRITE_C)
-/**
- * \brief Initialize a CRT writing context
- *
- * \param ctx CRT context to initialize
- */
-void mbedtls_x509write_crt_init( mbedtls_x509write_cert *ctx );
-
-/**
- * \brief Set the verion for a Certificate
- * Default: MBEDTLS_X509_CRT_VERSION_3
- *
- * \param ctx CRT context to use
- * \param version version to set (MBEDTLS_X509_CRT_VERSION_1, MBEDTLS_X509_CRT_VERSION_2 or
- * MBEDTLS_X509_CRT_VERSION_3)
- */
-void mbedtls_x509write_crt_set_version( mbedtls_x509write_cert *ctx, int version );
-
-/**
- * \brief Set the serial number for a Certificate.
- *
- * \param ctx CRT context to use
- * \param serial serial number to set
- *
- * \return 0 if successful
- */
-int mbedtls_x509write_crt_set_serial( mbedtls_x509write_cert *ctx, const mbedtls_mpi *serial );
-
-/**
- * \brief Set the validity period for a Certificate
- * Timestamps should be in string format for UTC timezone
- * i.e. "YYYYMMDDhhmmss"
- * e.g. "20131231235959" for December 31st 2013
- * at 23:59:59
- *
- * \param ctx CRT context to use
- * \param not_before not_before timestamp
- * \param not_after not_after timestamp
- *
- * \return 0 if timestamp was parsed successfully, or
- * a specific error code
- */
-int mbedtls_x509write_crt_set_validity( mbedtls_x509write_cert *ctx, const char *not_before,
- const char *not_after );
-
-/**
- * \brief Set the issuer name for a Certificate
- * Issuer names should contain a comma-separated list
- * of OID types and values:
- * e.g. "C=UK,O=ARM,CN=mbed TLS CA"
- *
- * \param ctx CRT context to use
- * \param issuer_name issuer name to set
- *
- * \return 0 if issuer name was parsed successfully, or
- * a specific error code
- */
-int mbedtls_x509write_crt_set_issuer_name( mbedtls_x509write_cert *ctx,
- const char *issuer_name );
-
-/**
- * \brief Set the subject name for a Certificate
- * Subject names should contain a comma-separated list
- * of OID types and values:
- * e.g. "C=UK,O=ARM,CN=mbed TLS Server 1"
- *
- * \param ctx CRT context to use
- * \param subject_name subject name to set
- *
- * \return 0 if subject name was parsed successfully, or
- * a specific error code
- */
-int mbedtls_x509write_crt_set_subject_name( mbedtls_x509write_cert *ctx,
- const char *subject_name );
-
-/**
- * \brief Set the subject public key for the certificate
- *
- * \param ctx CRT context to use
- * \param key public key to include
- */
-void mbedtls_x509write_crt_set_subject_key( mbedtls_x509write_cert *ctx, mbedtls_pk_context *key );
-
-/**
- * \brief Set the issuer key used for signing the certificate
- *
- * \param ctx CRT context to use
- * \param key private key to sign with
- */
-void mbedtls_x509write_crt_set_issuer_key( mbedtls_x509write_cert *ctx, mbedtls_pk_context *key );
-
-/**
- * \brief Set the MD algorithm to use for the signature
- * (e.g. MBEDTLS_MD_SHA1)
- *
- * \param ctx CRT context to use
- * \param md_alg MD algorithm to use
- */
-void mbedtls_x509write_crt_set_md_alg( mbedtls_x509write_cert *ctx, mbedtls_md_type_t md_alg );
-
-/**
- * \brief Generic function to add to or replace an extension in the
- * CRT
- *
- * \param ctx CRT context to use
- * \param oid OID of the extension
- * \param oid_len length of the OID
- * \param critical if the extension is critical (per the RFC's definition)
- * \param val value of the extension OCTET STRING
- * \param val_len length of the value data
- *
- * \return 0 if successful, or a MBEDTLS_ERR_X509_ALLOC_FAILED
- */
-int mbedtls_x509write_crt_set_extension( mbedtls_x509write_cert *ctx,
- const char *oid, size_t oid_len,
- int critical,
- const unsigned char *val, size_t val_len );
-
-/**
- * \brief Set the basicConstraints extension for a CRT
- *
- * \param ctx CRT context to use
- * \param is_ca is this a CA certificate
- * \param max_pathlen maximum length of certificate chains below this
- * certificate (only for CA certificates, -1 is
- * inlimited)
- *
- * \return 0 if successful, or a MBEDTLS_ERR_X509_ALLOC_FAILED
- */
-int mbedtls_x509write_crt_set_basic_constraints( mbedtls_x509write_cert *ctx,
- int is_ca, int max_pathlen );
-
-#if defined(MBEDTLS_SHA1_C)
-/**
- * \brief Set the subjectKeyIdentifier extension for a CRT
- * Requires that mbedtls_x509write_crt_set_subject_key() has been
- * called before
- *
- * \param ctx CRT context to use
- *
- * \return 0 if successful, or a MBEDTLS_ERR_X509_ALLOC_FAILED
- */
-int mbedtls_x509write_crt_set_subject_key_identifier( mbedtls_x509write_cert *ctx );
-
-/**
- * \brief Set the authorityKeyIdentifier extension for a CRT
- * Requires that mbedtls_x509write_crt_set_issuer_key() has been
- * called before
- *
- * \param ctx CRT context to use
- *
- * \return 0 if successful, or a MBEDTLS_ERR_X509_ALLOC_FAILED
- */
-int mbedtls_x509write_crt_set_authority_key_identifier( mbedtls_x509write_cert *ctx );
-#endif /* MBEDTLS_SHA1_C */
-
-/**
- * \brief Set the Key Usage Extension flags
- * (e.g. MBEDTLS_X509_KU_DIGITAL_SIGNATURE | MBEDTLS_X509_KU_KEY_CERT_SIGN)
- *
- * \param ctx CRT context to use
- * \param key_usage key usage flags to set
- *
- * \return 0 if successful, or MBEDTLS_ERR_X509_ALLOC_FAILED
- */
-int mbedtls_x509write_crt_set_key_usage( mbedtls_x509write_cert *ctx,
- unsigned int key_usage );
-
-/**
- * \brief Set the Netscape Cert Type flags
- * (e.g. MBEDTLS_X509_NS_CERT_TYPE_SSL_CLIENT | MBEDTLS_X509_NS_CERT_TYPE_EMAIL)
- *
- * \param ctx CRT context to use
- * \param ns_cert_type Netscape Cert Type flags to set
- *
- * \return 0 if successful, or MBEDTLS_ERR_X509_ALLOC_FAILED
- */
-int mbedtls_x509write_crt_set_ns_cert_type( mbedtls_x509write_cert *ctx,
- unsigned char ns_cert_type );
-
-/**
- * \brief Free the contents of a CRT write context
- *
- * \param ctx CRT context to free
- */
-void mbedtls_x509write_crt_free( mbedtls_x509write_cert *ctx );
-
-/**
- * \brief Write a built up certificate to a X509 DER structure
- * Note: data is written at the end of the buffer! Use the
- * return value to determine where you should start
- * using the buffer
- *
- * \param ctx certificate to write away
- * \param buf buffer to write to
- * \param size size of the buffer
- * \param f_rng RNG function. This must not be \c NULL.
- * \param p_rng RNG parameter
- *
- * \return length of data written if successful, or a specific
- * error code
- *
- * \note \p f_rng is used for the signature operation.
- */
-int mbedtls_x509write_crt_der( mbedtls_x509write_cert *ctx, unsigned char *buf, size_t size,
- int (*f_rng)(void *, unsigned char *, size_t),
- void *p_rng );
-
-#if defined(MBEDTLS_PEM_WRITE_C)
-/**
- * \brief Write a built up certificate to a X509 PEM string
- *
- * \param ctx certificate to write away
- * \param buf buffer to write to
- * \param size size of the buffer
- * \param f_rng RNG function. This must not be \c NULL.
- * \param p_rng RNG parameter
- *
- * \return 0 if successful, or a specific error code
- *
- * \note \p f_rng is used for the signature operation.
- */
-int mbedtls_x509write_crt_pem( mbedtls_x509write_cert *ctx, unsigned char *buf, size_t size,
- int (*f_rng)(void *, unsigned char *, size_t),
- void *p_rng );
-#endif /* MBEDTLS_PEM_WRITE_C */
-#endif /* MBEDTLS_X509_CRT_WRITE_C */
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* mbedtls_x509_crt.h */
diff --git a/mbedtls/x509_csr.h b/mbedtls/x509_csr.h
deleted file mode 100644
index f80a1a1..0000000
--- a/mbedtls/x509_csr.h
+++ /dev/null
@@ -1,304 +0,0 @@
-/**
- * \file x509_csr.h
- *
- * \brief X.509 certificate signing request parsing and writing
- */
-/*
- * Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-#ifndef MBEDTLS_X509_CSR_H
-#define MBEDTLS_X509_CSR_H
-#include "mbedtls/private_access.h"
-
-#include "mbedtls/build_info.h"
-
-#include "mbedtls/x509.h"
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/**
- * \addtogroup x509_module
- * \{ */
-
-/**
- * \name Structures and functions for X.509 Certificate Signing Requests (CSR)
- * \{
- */
-
-/**
- * Certificate Signing Request (CSR) structure.
- *
- * Some fields of this structure are publicly readable. Do not modify
- * them except via Mbed TLS library functions: the effect of modifying
- * those fields or the data that those fields point to is unspecified.
- */
-typedef struct mbedtls_x509_csr
-{
- mbedtls_x509_buf raw; /**< The raw CSR data (DER). */
- mbedtls_x509_buf cri; /**< The raw CertificateRequestInfo body (DER). */
-
- int version; /**< CSR version (1=v1). */
-
- mbedtls_x509_buf subject_raw; /**< The raw subject data (DER). */
- mbedtls_x509_name subject; /**< The parsed subject data (named information object). */
-
- mbedtls_pk_context pk; /**< Container for the public key context. */
-
- mbedtls_x509_buf sig_oid;
- mbedtls_x509_buf MBEDTLS_PRIVATE(sig);
- mbedtls_md_type_t MBEDTLS_PRIVATE(sig_md); /**< Internal representation of the MD algorithm of the signature algorithm, e.g. MBEDTLS_MD_SHA256 */
- mbedtls_pk_type_t MBEDTLS_PRIVATE(sig_pk); /**< Internal representation of the Public Key algorithm of the signature algorithm, e.g. MBEDTLS_PK_RSA */
- void *MBEDTLS_PRIVATE(sig_opts); /**< Signature options to be passed to mbedtls_pk_verify_ext(), e.g. for RSASSA-PSS */
-}
-mbedtls_x509_csr;
-
-/**
- * Container for writing a CSR
- */
-typedef struct mbedtls_x509write_csr
-{
- mbedtls_pk_context *MBEDTLS_PRIVATE(key);
- mbedtls_asn1_named_data *MBEDTLS_PRIVATE(subject);
- mbedtls_md_type_t MBEDTLS_PRIVATE(md_alg);
- mbedtls_asn1_named_data *MBEDTLS_PRIVATE(extensions);
-}
-mbedtls_x509write_csr;
-
-#if defined(MBEDTLS_X509_CSR_PARSE_C)
-/**
- * \brief Load a Certificate Signing Request (CSR) in DER format
- *
- * \note CSR attributes (if any) are currently silently ignored.
- *
- * \param csr CSR context to fill
- * \param buf buffer holding the CRL data
- * \param buflen size of the buffer
- *
- * \return 0 if successful, or a specific X509 error code
- */
-int mbedtls_x509_csr_parse_der( mbedtls_x509_csr *csr,
- const unsigned char *buf, size_t buflen );
-
-/**
- * \brief Load a Certificate Signing Request (CSR), DER or PEM format
- *
- * \note See notes for \c mbedtls_x509_csr_parse_der()
- *
- * \param csr CSR context to fill
- * \param buf buffer holding the CRL data
- * \param buflen size of the buffer
- * (including the terminating null byte for PEM data)
- *
- * \return 0 if successful, or a specific X509 or PEM error code
- */
-int mbedtls_x509_csr_parse( mbedtls_x509_csr *csr, const unsigned char *buf, size_t buflen );
-
-#if defined(MBEDTLS_FS_IO)
-/**
- * \brief Load a Certificate Signing Request (CSR)
- *
- * \note See notes for \c mbedtls_x509_csr_parse()
- *
- * \param csr CSR context to fill
- * \param path filename to read the CSR from
- *
- * \return 0 if successful, or a specific X509 or PEM error code
- */
-int mbedtls_x509_csr_parse_file( mbedtls_x509_csr *csr, const char *path );
-#endif /* MBEDTLS_FS_IO */
-
-#if !defined(MBEDTLS_X509_REMOVE_INFO)
-/**
- * \brief Returns an informational string about the
- * CSR.
- *
- * \param buf Buffer to write to
- * \param size Maximum size of buffer
- * \param prefix A line prefix
- * \param csr The X509 CSR to represent
- *
- * \return The length of the string written (not including the
- * terminated nul byte), or a negative error code.
- */
-int mbedtls_x509_csr_info( char *buf, size_t size, const char *prefix,
- const mbedtls_x509_csr *csr );
-#endif /* !MBEDTLS_X509_REMOVE_INFO */
-
-/**
- * \brief Initialize a CSR
- *
- * \param csr CSR to initialize
- */
-void mbedtls_x509_csr_init( mbedtls_x509_csr *csr );
-
-/**
- * \brief Unallocate all CSR data
- *
- * \param csr CSR to free
- */
-void mbedtls_x509_csr_free( mbedtls_x509_csr *csr );
-#endif /* MBEDTLS_X509_CSR_PARSE_C */
-
-/* \} name */
-/* \} addtogroup x509_module */
-
-#if defined(MBEDTLS_X509_CSR_WRITE_C)
-/**
- * \brief Initialize a CSR context
- *
- * \param ctx CSR context to initialize
- */
-void mbedtls_x509write_csr_init( mbedtls_x509write_csr *ctx );
-
-/**
- * \brief Set the subject name for a CSR
- * Subject names should contain a comma-separated list
- * of OID types and values:
- * e.g. "C=UK,O=ARM,CN=mbed TLS Server 1"
- *
- * \param ctx CSR context to use
- * \param subject_name subject name to set
- *
- * \return 0 if subject name was parsed successfully, or
- * a specific error code
- */
-int mbedtls_x509write_csr_set_subject_name( mbedtls_x509write_csr *ctx,
- const char *subject_name );
-
-/**
- * \brief Set the key for a CSR (public key will be included,
- * private key used to sign the CSR when writing it)
- *
- * \param ctx CSR context to use
- * \param key Asymetric key to include
- */
-void mbedtls_x509write_csr_set_key( mbedtls_x509write_csr *ctx, mbedtls_pk_context *key );
-
-/**
- * \brief Set the MD algorithm to use for the signature
- * (e.g. MBEDTLS_MD_SHA1)
- *
- * \param ctx CSR context to use
- * \param md_alg MD algorithm to use
- */
-void mbedtls_x509write_csr_set_md_alg( mbedtls_x509write_csr *ctx, mbedtls_md_type_t md_alg );
-
-/**
- * \brief Set the Key Usage Extension flags
- * (e.g. MBEDTLS_X509_KU_DIGITAL_SIGNATURE | MBEDTLS_X509_KU_KEY_CERT_SIGN)
- *
- * \param ctx CSR context to use
- * \param key_usage key usage flags to set
- *
- * \return 0 if successful, or MBEDTLS_ERR_X509_ALLOC_FAILED
- *
- * \note The decipherOnly flag from the Key Usage
- * extension is represented by bit 8 (i.e.
- * 0x8000), which cannot typically be represented
- * in an unsigned char. Therefore, the flag
- * decipherOnly (i.e.
- * #MBEDTLS_X509_KU_DECIPHER_ONLY) cannot be set using this
- * function.
- */
-int mbedtls_x509write_csr_set_key_usage( mbedtls_x509write_csr *ctx, unsigned char key_usage );
-
-/**
- * \brief Set the Netscape Cert Type flags
- * (e.g. MBEDTLS_X509_NS_CERT_TYPE_SSL_CLIENT | MBEDTLS_X509_NS_CERT_TYPE_EMAIL)
- *
- * \param ctx CSR context to use
- * \param ns_cert_type Netscape Cert Type flags to set
- *
- * \return 0 if successful, or MBEDTLS_ERR_X509_ALLOC_FAILED
- */
-int mbedtls_x509write_csr_set_ns_cert_type( mbedtls_x509write_csr *ctx,
- unsigned char ns_cert_type );
-
-/**
- * \brief Generic function to add to or replace an extension in the
- * CSR
- *
- * \param ctx CSR context to use
- * \param oid OID of the extension
- * \param oid_len length of the OID
- * \param critical Set to 1 to mark the extension as critical, 0 otherwise.
- * \param val value of the extension OCTET STRING
- * \param val_len length of the value data
- *
- * \return 0 if successful, or a MBEDTLS_ERR_X509_ALLOC_FAILED
- */
-int mbedtls_x509write_csr_set_extension( mbedtls_x509write_csr *ctx,
- const char *oid, size_t oid_len,
- int critical,
- const unsigned char *val, size_t val_len );
-
-/**
- * \brief Free the contents of a CSR context
- *
- * \param ctx CSR context to free
- */
-void mbedtls_x509write_csr_free( mbedtls_x509write_csr *ctx );
-
-/**
- * \brief Write a CSR (Certificate Signing Request) to a
- * DER structure
- * Note: data is written at the end of the buffer! Use the
- * return value to determine where you should start
- * using the buffer
- *
- * \param ctx CSR to write away
- * \param buf buffer to write to
- * \param size size of the buffer
- * \param f_rng RNG function. This must not be \c NULL.
- * \param p_rng RNG parameter
- *
- * \return length of data written if successful, or a specific
- * error code
- *
- * \note \p f_rng is used for the signature operation.
- */
-int mbedtls_x509write_csr_der( mbedtls_x509write_csr *ctx, unsigned char *buf, size_t size,
- int (*f_rng)(void *, unsigned char *, size_t),
- void *p_rng );
-
-#if defined(MBEDTLS_PEM_WRITE_C)
-/**
- * \brief Write a CSR (Certificate Signing Request) to a
- * PEM string
- *
- * \param ctx CSR to write away
- * \param buf buffer to write to
- * \param size size of the buffer
- * \param f_rng RNG function. This must not be \c NULL.
- * \param p_rng RNG parameter
- *
- * \return 0 if successful, or a specific error code
- *
- * \note \p f_rng is used for the signature operation.
- */
-int mbedtls_x509write_csr_pem( mbedtls_x509write_csr *ctx, unsigned char *buf, size_t size,
- int (*f_rng)(void *, unsigned char *, size_t),
- void *p_rng );
-#endif /* MBEDTLS_PEM_WRITE_C */
-#endif /* MBEDTLS_X509_CSR_WRITE_C */
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* mbedtls_x509_csr.h */