From a80a87460ee8fcb7a20b6383db84b0f330bcb172 Mon Sep 17 00:00:00 2001 From: Michal Gorecki Date: Wed, 12 Mar 2025 12:27:36 +0100 Subject: [PATCH 1/2] crypto/mbedtls: Upgrade to v3.6.2 This upgrades mbedtls version to v3.6.2: 1. mbedtls repository changed to version v3.6.2 2. Removed tests that are no longer supported 3. Updated/modified gcm_mynewt API: a) Function mbedtls_gcm_update_add is removed, because now function mbedtls_gcm_update_ad from mbedtls upstream provides the same functionality. b) Due to internal mbedtls API changes mbedtls_gcm_setkey_noalloc function now needs one argument more, which is keybits. This argument specifies length of key in bits and should be set to 128, 192 or 256. Other values won't be accepted. In earlier version this could be extracted from mbedtls_cipher_info_t key_bitlen field, which is no longer the case - now it's 4 bit bitfield later processed by internal mbedtls macros. It probably would be possible to not break this APIs, but since a lot of mbedtls APIs where changed in new version it was assumed that migration changes in projects using mbedtls would be necessary anyway. --- .../mbedtls/include/mbedtls/config_mynewt.h | 1 + crypto/mbedtls/include/mbedtls/gcm_mynewt.h | 26 +- crypto/mbedtls/pkg.yml | 2 +- crypto/mbedtls/selftest/src/mbedtls_test.c | 14 -- crypto/mbedtls/selftest/src/mbedtls_test.h | 6 - .../selftest/src/testcases/arc4_test.c | 27 -- .../selftest/src/testcases/gcm_mynewt_test.c | 75 +++--- .../mbedtls/selftest/src/testcases/md2_test.c | 27 -- .../mbedtls/selftest/src/testcases/md4_test.c | 27 -- .../selftest/src/testcases/timing_test.c | 27 -- .../selftest/src/testcases/x509_test.c | 27 -- .../selftest/src/testcases/xtea_test.c | 27 -- crypto/mbedtls/src/gcm_mynewt.c | 230 +++++++----------- 13 files changed, 130 insertions(+), 386 deletions(-) delete mode 100644 crypto/mbedtls/selftest/src/testcases/arc4_test.c delete mode 100644 crypto/mbedtls/selftest/src/testcases/md2_test.c delete mode 100644 crypto/mbedtls/selftest/src/testcases/md4_test.c delete mode 100644 crypto/mbedtls/selftest/src/testcases/timing_test.c delete mode 100644 crypto/mbedtls/selftest/src/testcases/x509_test.c delete mode 100644 crypto/mbedtls/selftest/src/testcases/xtea_test.c diff --git a/crypto/mbedtls/include/mbedtls/config_mynewt.h b/crypto/mbedtls/include/mbedtls/config_mynewt.h index 57b39c1194..ebe3676b38 100644 --- a/crypto/mbedtls/include/mbedtls/config_mynewt.h +++ b/crypto/mbedtls/include/mbedtls/config_mynewt.h @@ -501,6 +501,7 @@ extern "C" { #undef MBEDTLS_PSA_CRYPTO_SE_C #undef MBEDTLS_PSA_CRYPTO_STORAGE_C #undef MBEDTLS_PSA_ITS_FILE_C +#undef MBEDTLS_LMS_C #ifdef __cplusplus } diff --git a/crypto/mbedtls/include/mbedtls/gcm_mynewt.h b/crypto/mbedtls/include/mbedtls/gcm_mynewt.h index b0746448a0..40945bd48c 100644 --- a/crypto/mbedtls/include/mbedtls/gcm_mynewt.h +++ b/crypto/mbedtls/include/mbedtls/gcm_mynewt.h @@ -20,38 +20,16 @@ #ifndef _GCM_MYNEWT_H_ #define _GCM_MYNEWT_H_ +#define MBEDTLS_ALLOW_PRIVATE_ACCESS #include -/** - * \brief This function feeds an input buffer into an ongoing GCM - * encryption or decryption operation as additional data. - * This needs to be called before starting enc/dec - * operations. - * - * ` The function expects input to be a multiple of 16 - * Bytes. Only the last call before mbedtls_gcm_update() or - * mbedtls_gcm_finish() can be less than 16 Bytes. - * - * - * \param ctx The GCM context. - * \param length The length of the input data. This must be a multiple of - * 16 except in the last call before mbedtls_gcm_finish(). - * \param input The buffer holding the input ADD. - * - * \return \c 0 on success. - * \return #MBEDTLS_ERR_GCM_BAD_INPUT on failure. - */ -int mbedtls_gcm_update_add( mbedtls_gcm_context *ctx, - size_t length, - const unsigned char *input ); - - /** * Same as mbedtls_gcm_setkey, but with preallocated memory for cipher algorithm context */ int mbedtls_gcm_setkey_noalloc( mbedtls_gcm_context *ctx, const mbedtls_cipher_info_t *cipher_info, const unsigned char *key, + unsigned int keybits, void *cipher_ctx); diff --git a/crypto/mbedtls/pkg.yml b/crypto/mbedtls/pkg.yml index cb8c1c24f1..4cb20931d8 100644 --- a/crypto/mbedtls/pkg.yml +++ b/crypto/mbedtls/pkg.yml @@ -47,7 +47,7 @@ pkg.src_dirs: repository.mbedtls: type: github - vers: v2.28.9-commit + vers: v3.6.2-commit branch: master user: Mbed-TLS repo: mbedtls diff --git a/crypto/mbedtls/selftest/src/mbedtls_test.c b/crypto/mbedtls/selftest/src/mbedtls_test.c index 6928c5cee8..a8547c1f08 100644 --- a/crypto/mbedtls/selftest/src/mbedtls_test.c +++ b/crypto/mbedtls/selftest/src/mbedtls_test.c @@ -27,7 +27,6 @@ #include "mbedtls/sha256.h" #include "mbedtls/sha512.h" #include "mbedtls/aes.h" -#include "mbedtls/arc4.h" #include "mbedtls/bignum.h" #include "mbedtls/ccm.h" #include "mbedtls/dhm.h" @@ -41,7 +40,6 @@ #include "mbedtls/ripemd160.h" #include "mbedtls/rsa.h" #include "mbedtls/x509.h" -#include "mbedtls/xtea.h" #include "mbedtls/poly1305.h" #include "mbedtls/chacha20.h" #include "mbedtls/chachapoly.h" @@ -53,7 +51,6 @@ #include "mbedtls/timing.h" TEST_CASE_DECL(aes_test) -TEST_CASE_DECL(arc4_test) TEST_CASE_DECL(aria_test) TEST_CASE_DECL(base64_test) TEST_CASE_DECL(bignum_test) @@ -70,8 +67,6 @@ TEST_CASE_DECL(ecp_test) TEST_CASE_DECL(entropy_test) TEST_CASE_DECL(gcm_test) TEST_CASE_DECL(hmac_drbg_test) -TEST_CASE_DECL(md2_test) -TEST_CASE_DECL(md4_test) TEST_CASE_DECL(md5_test) TEST_CASE_DECL(memory_buffer_alloc_test) TEST_CASE_DECL(nist_kw_test) @@ -82,15 +77,11 @@ TEST_CASE_DECL(rsa_test) TEST_CASE_DECL(sha1_test) TEST_CASE_DECL(sha256_test) TEST_CASE_DECL(sha512_test) -TEST_CASE_DECL(timing_test) -TEST_CASE_DECL(x509_test) -TEST_CASE_DECL(xtea_test) TEST_CASE_DECL(gcm_mynewt_test) TEST_SUITE(mbedtls_test_all) { aes_test(); - arc4_test(); aria_test(); base64_test(); bignum_test(); @@ -107,8 +98,6 @@ TEST_SUITE(mbedtls_test_all) entropy_test(); gcm_test(); hmac_drbg_test(); - md2_test(); - md4_test(); md5_test(); nist_kw_test(); pkcs5_test(); @@ -118,9 +107,6 @@ TEST_SUITE(mbedtls_test_all) sha1_test(); sha256_test(); sha512_test(); - timing_test(); - x509_test(); - xtea_test(); gcm_mynewt_test(); } diff --git a/crypto/mbedtls/selftest/src/mbedtls_test.h b/crypto/mbedtls/selftest/src/mbedtls_test.h index f4ebb14fff..5f6286df2e 100644 --- a/crypto/mbedtls/selftest/src/mbedtls_test.h +++ b/crypto/mbedtls/selftest/src/mbedtls_test.h @@ -25,7 +25,6 @@ #include "testutil/testutil.h" #include "mbedtls/aes.h" -#include "mbedtls/arc4.h" #include "mbedtls/aria.h" #include "mbedtls/base64.h" #include "mbedtls/bignum.h" @@ -42,8 +41,6 @@ #include "mbedtls/entropy.h" #include "mbedtls/gcm.h" #include "mbedtls/hmac_drbg.h" -#include "mbedtls/md2.h" -#include "mbedtls/md4.h" #include "mbedtls/md5.h" #include "mbedtls/nist_kw.h" #include "mbedtls/pkcs5.h" @@ -53,9 +50,6 @@ #include "mbedtls/sha1.h" #include "mbedtls/sha256.h" #include "mbedtls/sha512.h" -#include "mbedtls/timing.h" -#include "mbedtls/x509.h" -#include "mbedtls/xtea.h" #include "gcm_mynewt.h" #ifdef __cplusplus diff --git a/crypto/mbedtls/selftest/src/testcases/arc4_test.c b/crypto/mbedtls/selftest/src/testcases/arc4_test.c deleted file mode 100644 index c4f4ec251d..0000000000 --- a/crypto/mbedtls/selftest/src/testcases/arc4_test.c +++ /dev/null @@ -1,27 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ -#include "mbedtls_test.h" - -TEST_CASE_SELF(arc4_test) -{ - int rc; - - rc = mbedtls_arc4_self_test(1); - TEST_ASSERT(rc == 0); -} diff --git a/crypto/mbedtls/selftest/src/testcases/gcm_mynewt_test.c b/crypto/mbedtls/selftest/src/testcases/gcm_mynewt_test.c index 90c14353fa..f062f2b4e0 100644 --- a/crypto/mbedtls/selftest/src/testcases/gcm_mynewt_test.c +++ b/crypto/mbedtls/selftest/src/testcases/gcm_mynewt_test.c @@ -24,36 +24,32 @@ static const mbedtls_cipher_info_t *rsm_ucast_cipher; /* This contains both ADD and plaintext for encryption */ static const uint8_t initial_data[110] = { - 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0A, 0x11, - 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, 0x19, 0x1A, 0x21, 0x22, - 0x23, 0x24, 0x25, 0x26, 0x27, 0x28, 0x29, 0x2A, 0x31, 0x32, 0x33, - 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x3A, 0x41, 0x42, 0x43, 0x44, - 0x45, 0x46, 0x47, 0x48, 0x49, 0x4A, 0x51, 0x52, 0x53, 0x54, 0x55, - 0x56, 0x57, 0x58, 0x59, 0x5A, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, - 0x67, 0x68, 0x69, 0x6A, 0x71, 0x72, 0x73, 0x74, 0x75, 0x76, 0x77, - 0x78, 0x79, 0x7A, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87, 0x88, - 0x89, 0x8A, 0x91, 0x92, 0x93, 0x94, 0x95, 0x96, 0x97, 0x98, 0x99, - 0x9A, 0xA1, 0xA2, 0xA3, 0xA4, 0xA5, 0xA6, 0xA7, 0xA8, 0xA9, 0xAA + 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0A, + 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, 0x19, 0x1A, + 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, 0x28, 0x29, 0x2A, + 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x3A, + 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47, 0x48, 0x49, 0x4A, + 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57, 0x58, 0x59, 0x5A, + 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67, 0x68, 0x69, 0x6A, + 0x71, 0x72, 0x73, 0x74, 0x75, 0x76, 0x77, 0x78, 0x79, 0x7A, + 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87, 0x88, 0x89, 0x8A, + 0x91, 0x92, 0x93, 0x94, 0x95, 0x96, 0x97, 0x98, 0x99, 0x9A, + 0xA1, 0xA2, 0xA3, 0xA4, 0xA5, 0xA6, 0xA7, 0xA8, 0xA9, 0xAA }; - -static const uint8_t key[32] = { 0xC0, 0xCA, 0xC0, 0x1A, 0xC0, 0xCA, 0xC0, - 0x1A, 0xC0, 0xCA, 0xC0, 0x1A, 0xC0, 0xCA, - 0xC0, 0x1A, 0xC0, 0xCA, 0xC0, 0x1A, 0xC0, - 0xCA, 0xC0, 0x1A, 0xC0, 0xCA, 0xC0, 0x1A, - 0xC0, 0xCA, 0xC0, 0x1A }; - -static const uint8_t iv[12] = { 0x0, 0x1, 0x2, 0x3, 0x4, 0x5, - 0x6, 0x7, 0x8, 0x9, 0xA, 0xB }; - -static const uint8_t expected_tag[16] = { 0x05, 0x5D, 0x8E, 0xD4, 0xF9, 0x2A, - 0x87, 0x87, 0x6F, 0x23, 0xF2, 0xE6, - 0xF0, 0x1D, 0x6D, 0x5C }; +static const uint8_t key[32] = { + 0xC0, 0xCA, 0xC0, 0x1A, 0xC0, 0xCA, 0xC0, 0x1A, + 0xC0, 0xCA, 0xC0, 0x1A, 0xC0, 0xCA, 0xC0, 0x1A, + 0xC0, 0xCA, 0xC0, 0x1A, 0xC0, 0xCA, 0xC0, 0x1A, + 0xC0, 0xCA, 0xC0, 0x1A, 0xC0, 0xCA, 0xC0, 0x1A +}; +static const uint8_t iv[12] = { 0x0, 0x1, 0x2, 0x3, 0x4, 0x5, 0x6, 0x7, 0x8, 0x9, 0xA, 0xB }; +static const uint8_t expected_tag[16] = { 0x05, 0x5D, 0x8E, 0xD4, 0xF9, 0x2A, 0x87, 0x87, + 0x6F, 0x23, 0xF2, 0xE6, 0xF0, 0x1D, 0x6D, 0x5C }; static uint8_t test_tag[16]; static uint8_t test_buf[110]; -static int -mbedtls_gcm_mynewt_test_crypt(uint8_t enc) +static int mbedtls_gcm_mynewt_test_crypt(uint8_t enc) { int add_len = 40; mbedtls_gcm_context ctx; @@ -63,22 +59,25 @@ mbedtls_gcm_mynewt_test_crypt(uint8_t enc) uint16_t off; uint16_t blklen; uint16_t totlen; + size_t len_check; int rc; if (rsm_ucast_cipher == NULL) { - rsm_ucast_cipher = mbedtls_cipher_info_from_values(MBEDTLS_CIPHER_ID_AES, - 256, MBEDTLS_MODE_ECB); + rsm_ucast_cipher = + mbedtls_cipher_info_from_values(MBEDTLS_CIPHER_ID_AES, 256, + MBEDTLS_MODE_ECB); } memset(&ctx, 0, sizeof(ctx)); mbedtls_aes_init(&aes_ctx); - rc = mbedtls_gcm_setkey_noalloc(&ctx, rsm_ucast_cipher, key, &aes_ctx); + rc = mbedtls_gcm_setkey_noalloc(&ctx, rsm_ucast_cipher, key, 256, &aes_ctx); if (rc) { goto out; } - rc = mbedtls_gcm_starts(&ctx, enc == 1 ? MBEDTLS_GCM_ENCRYPT : MBEDTLS_GCM_DECRYPT, - iv, sizeof(iv), NULL, 0); + rc = mbedtls_gcm_starts(&ctx, + enc == 1 ? MBEDTLS_GCM_ENCRYPT : MBEDTLS_GCM_DECRYPT, + iv, sizeof(iv)); if (rc) { goto out; } @@ -105,18 +104,26 @@ mbedtls_gcm_mynewt_test_crypt(uint8_t enc) } if (off < add_len) { - mbedtls_gcm_update_add(&ctx, blklen, ptr); + mbedtls_gcm_update_ad(&ctx, ptr, blklen); } else { - rc = mbedtls_gcm_update(&ctx, blklen, ptr, ptr); + rc = mbedtls_gcm_update(&ctx, ptr, blklen, ptr, blklen, &len_check); if (rc) { goto out; } + if (len_check != blklen) { + rc = 1; + goto out; + } } off += blklen; } - rc = mbedtls_gcm_finish(&ctx, test_tag, sizeof(test_tag)); + rc = mbedtls_gcm_finish(&ctx, NULL, 0, &len_check, test_tag, sizeof(test_tag)); + if (len_check != 0) { + rc = 1; + goto out; + } out: memset(&ctx, 0, sizeof(ctx)); mbedtls_aes_free(&aes_ctx); @@ -138,5 +145,5 @@ TEST_CASE_SELF(gcm_mynewt_test) rc = mbedtls_gcm_mynewt_test_crypt(0); TEST_ASSERT(rc == 0); TEST_ASSERT(memcmp(test_tag, expected_tag, sizeof(test_tag)) == 0); - TEST_ASSERT(memcmp(test_buf, initial_data, sizeof(test_buf)) == 0); + TEST_ASSERT(memcmp(test_buf, initial_data, sizeof(initial_data)) == 0); } diff --git a/crypto/mbedtls/selftest/src/testcases/md2_test.c b/crypto/mbedtls/selftest/src/testcases/md2_test.c deleted file mode 100644 index c65be75735..0000000000 --- a/crypto/mbedtls/selftest/src/testcases/md2_test.c +++ /dev/null @@ -1,27 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ -#include "mbedtls_test.h" - -TEST_CASE_SELF(md2_test) -{ - int rc; - - rc = mbedtls_md2_self_test(1); - TEST_ASSERT(rc == 0); -} diff --git a/crypto/mbedtls/selftest/src/testcases/md4_test.c b/crypto/mbedtls/selftest/src/testcases/md4_test.c deleted file mode 100644 index 1edf8e115b..0000000000 --- a/crypto/mbedtls/selftest/src/testcases/md4_test.c +++ /dev/null @@ -1,27 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ -#include "mbedtls_test.h" - -TEST_CASE_SELF(md4_test) -{ - int rc; - - rc = mbedtls_md4_self_test(1); - TEST_ASSERT(rc == 0); -} diff --git a/crypto/mbedtls/selftest/src/testcases/timing_test.c b/crypto/mbedtls/selftest/src/testcases/timing_test.c deleted file mode 100644 index 97d6bc5ad4..0000000000 --- a/crypto/mbedtls/selftest/src/testcases/timing_test.c +++ /dev/null @@ -1,27 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ -#include "mbedtls_test.h" - -TEST_CASE_SELF(timing_test) -{ - int rc; - - rc = mbedtls_timing_self_test(0); - TEST_ASSERT(rc == 0); -} diff --git a/crypto/mbedtls/selftest/src/testcases/x509_test.c b/crypto/mbedtls/selftest/src/testcases/x509_test.c deleted file mode 100644 index b89bfe9c25..0000000000 --- a/crypto/mbedtls/selftest/src/testcases/x509_test.c +++ /dev/null @@ -1,27 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ -#include "mbedtls_test.h" - -TEST_CASE_SELF(x509_test) -{ - int rc; - - rc = mbedtls_x509_self_test(1); - TEST_ASSERT(rc == 0); -} diff --git a/crypto/mbedtls/selftest/src/testcases/xtea_test.c b/crypto/mbedtls/selftest/src/testcases/xtea_test.c deleted file mode 100644 index b0f29b7ead..0000000000 --- a/crypto/mbedtls/selftest/src/testcases/xtea_test.c +++ /dev/null @@ -1,27 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ -#include "mbedtls_test.h" - -TEST_CASE_SELF(xtea_test) -{ - int rc; - - rc = mbedtls_xtea_self_test(1); - TEST_ASSERT(rc == 0); -} diff --git a/crypto/mbedtls/src/gcm_mynewt.c b/crypto/mbedtls/src/gcm_mynewt.c index dfd68f5594..f846124633 100644 --- a/crypto/mbedtls/src/gcm_mynewt.c +++ b/crypto/mbedtls/src/gcm_mynewt.c @@ -63,193 +63,133 @@ #include #if defined(MBEDTLS_AESNI_C) -#include "mbedtls/aesni.h" +#include "aesni.h" #endif #if !defined(MBEDTLS_GCM_ALT) -/* Parameter validation macros */ -#define GCM_VALIDATE_RET(cond) \ - MBEDTLS_INTERNAL_VALIDATE_RET(cond, MBEDTLS_ERR_GCM_BAD_INPUT) -#define GCM_VALIDATE(cond) \ - MBEDTLS_INTERNAL_VALIDATE(cond) +/* Used to select the acceleration mechanism */ +#define MBEDTLS_GCM_ACC_SMALLTABLE 0 +#define MBEDTLS_GCM_ACC_LARGETABLE 1 +#define MBEDTLS_GCM_ACC_AESNI 2 +#define MBEDTLS_GCM_ACC_AESCE 3 -/* - * Precompute small multiples of H, that is set - * HH[i] || HL[i] = H times i, - * where i is seen as a field element as in [MGV], ie high-order bits - * correspond to low powers of P. The result is stored in the same way, that - * is the high-order bit of HH corresponds to P^0 and the low-order bit of HL - * corresponds to P^127. - */ -static int gcm_gen_table(mbedtls_gcm_context *ctx) +static inline void gcm_set_acceleration(mbedtls_gcm_context *ctx) { - int ret, i, j; - uint64_t hi, lo; - uint64_t vl, vh; - unsigned char h[16]; - size_t olen = 0; - - memset(h, 0, 16); - if ((ret = mbedtls_cipher_update(&ctx->cipher_ctx, h, 16, h, &olen)) != 0) { - return ret; - } - - /* pack h as two 64-bits ints, big-endian */ - hi = MBEDTLS_GET_UINT32_BE(h, 0); - lo = MBEDTLS_GET_UINT32_BE(h, 4); - vh = (uint64_t) hi << 32 | lo; - - hi = MBEDTLS_GET_UINT32_BE(h, 8); - lo = MBEDTLS_GET_UINT32_BE(h, 12); - vl = (uint64_t) hi << 32 | lo; - - /* 8 = 1000 corresponds to 1 in GF(2^128) */ - ctx->HL[8] = vl; - ctx->HH[8] = vh; +#if defined(MBEDTLS_GCM_LARGE_TABLE) + ctx->acceleration = MBEDTLS_GCM_ACC_LARGETABLE; +#else + ctx->acceleration = MBEDTLS_GCM_ACC_SMALLTABLE; +#endif #if defined(MBEDTLS_AESNI_HAVE_CODE) /* With CLMUL support, we need only h, not the rest of the table */ if (mbedtls_aesni_has_support(MBEDTLS_AESNI_CLMUL)) { - return 0; + ctx->acceleration = MBEDTLS_GCM_ACC_AESNI; } #endif - /* 0 corresponds to 0 in GF(2^128) */ - ctx->HH[0] = 0; - ctx->HL[0] = 0; - - for (i = 4; i > 0; i >>= 1) { - uint32_t T = (vl & 1) * 0xe1000000U; - vl = (vh << 63) | (vl >> 1); - vh = (vh >> 1) ^ ((uint64_t) T << 32); - - ctx->HL[i] = vl; - ctx->HH[i] = vh; +#if defined(MBEDTLS_AESCE_HAVE_CODE) + if (MBEDTLS_AESCE_HAS_SUPPORT()) { + ctx->acceleration = MBEDTLS_GCM_ACC_AESCE; } - - for (i = 2; i <= 8; i *= 2) { - uint64_t *HiL = ctx->HL + i, *HiH = ctx->HH + i; - vh = *HiH; - vl = *HiL; - for (j = 1; j < i; j++) { - HiH[j] = vh ^ ctx->HH[j]; - HiL[j] = vl ^ ctx->HL[j]; - } - } - - return 0; +#endif } -/* - * Shoup's method for multiplication use this table with - * last4[x] = x times P^128 - * where x and last4[x] are seen as elements of GF(2^128) as in [MGV] - */ -static const uint64_t last4[16] = +static inline void gcm_gen_table_rightshift(uint64_t dst[2], const uint64_t src[2]) { - 0x0000, 0x1c20, 0x3840, 0x2460, - 0x7080, 0x6ca0, 0x48c0, 0x54e0, - 0xe100, 0xfd20, 0xd940, 0xc560, - 0x9180, 0x8da0, 0xa9c0, 0xb5e0 -}; + uint8_t *u8Dst = (uint8_t *) dst; + uint8_t *u8Src = (uint8_t *) src; + + MBEDTLS_PUT_UINT64_BE(MBEDTLS_GET_UINT64_BE(&src[1], 0) >> 1, &dst[1], 0); + u8Dst[8] |= (u8Src[7] & 0x01) << 7; + MBEDTLS_PUT_UINT64_BE(MBEDTLS_GET_UINT64_BE(&src[0], 0) >> 1, &dst[0], 0); + u8Dst[0] ^= (u8Src[15] & 0x01) ? 0xE1 : 0; +} /* - * Sets output to x times H using the precomputed tables. - * x and output are seen as elements of GF(2^128) as in [MGV]. + * Precompute small multiples of H, that is set + * HH[i] || HL[i] = H times i, + * where i is seen as a field element as in [MGV], ie high-order bits + * correspond to low powers of P. The result is stored in the same way, that + * is the high-order bit of HH corresponds to P^0 and the low-order bit of HL + * corresponds to P^127. */ -static void gcm_mult(mbedtls_gcm_context *ctx, const unsigned char x[16], - unsigned char output[16]) +static int gcm_gen_table(mbedtls_gcm_context *ctx) { - int i = 0; - unsigned char lo, hi, rem; - uint64_t zh, zl; - -#if defined(MBEDTLS_AESNI_HAVE_CODE) - if (mbedtls_aesni_has_support(MBEDTLS_AESNI_CLMUL)) { - unsigned char h[16]; - - MBEDTLS_PUT_UINT32_BE(ctx->HH[8] >> 32, h, 0); - MBEDTLS_PUT_UINT32_BE(ctx->HH[8], h, 4); - MBEDTLS_PUT_UINT32_BE(ctx->HL[8] >> 32, h, 8); - MBEDTLS_PUT_UINT32_BE(ctx->HL[8], h, 12); + int ret, i, j; + uint64_t u64h[2] = { 0 }; + uint8_t *h = (uint8_t *) u64h; - mbedtls_aesni_gcm_mult(output, x, h); - return; +#if defined(MBEDTLS_BLOCK_CIPHER_C) + ret = mbedtls_block_cipher_encrypt(&ctx->block_cipher_ctx, h, h); +#else + size_t olen = 0; + ret = mbedtls_cipher_update(&ctx->cipher_ctx, h, 16, h, &olen); +#endif + if (ret != 0) { + return ret; } -#endif /* MBEDTLS_AESNI_HAVE_CODE */ - - lo = x[15] & 0xf; - - zh = ctx->HH[lo]; - zl = ctx->HL[lo]; - - for (i = 15; i >= 0; i--) { - lo = x[i] & 0xf; - hi = (x[i] >> 4) & 0xf; - - if (i != 15) { - rem = (unsigned char) zl & 0xf; - zl = (zh << 60) | (zl >> 4); - zh = (zh >> 4); - zh ^= (uint64_t) last4[rem] << 48; - zh ^= ctx->HH[lo]; - zl ^= ctx->HL[lo]; - } + gcm_set_acceleration(ctx); - rem = (unsigned char) zl & 0xf; - zl = (zh << 60) | (zl >> 4); - zh = (zh >> 4); - zh ^= (uint64_t) last4[rem] << 48; - zh ^= ctx->HH[hi]; - zl ^= ctx->HL[hi]; - } + /* MBEDTLS_GCM_HTABLE_SIZE/2 = 1000 corresponds to 1 in GF(2^128) */ + ctx->H[MBEDTLS_GCM_HTABLE_SIZE/2][0] = u64h[0]; + ctx->H[MBEDTLS_GCM_HTABLE_SIZE/2][1] = u64h[1]; - MBEDTLS_PUT_UINT32_BE(zh >> 32, output, 0); - MBEDTLS_PUT_UINT32_BE(zh, output, 4); - MBEDTLS_PUT_UINT32_BE(zl >> 32, output, 8); - MBEDTLS_PUT_UINT32_BE(zl, output, 12); -} + switch (ctx->acceleration) { +#if defined(MBEDTLS_AESNI_HAVE_CODE) + case MBEDTLS_GCM_ACC_AESNI: + return 0; +#endif -int mbedtls_gcm_update_add( mbedtls_gcm_context *ctx, - size_t add_len, - const unsigned char *add ) -{ - const unsigned char *p; - size_t i; - size_t use_len; +#if defined(MBEDTLS_AESCE_HAVE_CODE) + case MBEDTLS_GCM_ACC_AESCE: + return 0; +#endif - if ( ctx->add_len & 15 ) - { - return( MBEDTLS_ERR_GCM_BAD_INPUT ); - } - ctx->add_len += add_len; - p = add; + default: + /* 0 corresponds to 0 in GF(2^128) */ + ctx->H[0][0] = 0; + ctx->H[0][1] = 0; - while (add_len > 0) - { - use_len = ( add_len < 16 ) ? add_len : 16; + for (i = MBEDTLS_GCM_HTABLE_SIZE/4; i > 0; i >>= 1) { + gcm_gen_table_rightshift(ctx->H[i], ctx->H[i*2]); + } - for( i = 0; i < use_len; i++ ) { - ctx->buf[i] ^= p[i]; +#if !defined(MBEDTLS_GCM_LARGE_TABLE) + /* pack elements of H as 64-bits ints, big-endian */ + for (i = MBEDTLS_GCM_HTABLE_SIZE/2; i > 0; i >>= 1) { + MBEDTLS_PUT_UINT64_BE(ctx->H[i][0], &ctx->H[i][0], 0); + MBEDTLS_PUT_UINT64_BE(ctx->H[i][1], &ctx->H[i][1], 0); } - gcm_mult( ctx, ctx->buf, ctx->buf ); +#endif - add_len -= use_len; - p += use_len; + for (i = 2; i < MBEDTLS_GCM_HTABLE_SIZE; i <<= 1) { + for (j = 1; j < i; j++) { + mbedtls_xor_no_simd((unsigned char *) ctx->H[i+j], + (unsigned char *) ctx->H[i], + (unsigned char *) ctx->H[j], + 16); + } + } } - return( 0 ); + return 0; } int mbedtls_gcm_setkey_noalloc( mbedtls_gcm_context *ctx, const mbedtls_cipher_info_t *cipher_info, const unsigned char *key, + unsigned int keybits, void *cipher_ctx) { int ret; + if (keybits != 128 && keybits != 192 && keybits != 256) { + return MBEDTLS_ERR_GCM_BAD_INPUT; + } + ctx->cipher_ctx.cipher_info = cipher_info; ctx->cipher_ctx.cipher_ctx = cipher_ctx; #if defined(MBEDTLS_CIPHER_MODE_WITH_PADDING) @@ -266,7 +206,7 @@ int mbedtls_gcm_setkey_noalloc( mbedtls_gcm_context *ctx, #endif /* MBEDTLS_CIPHER_MODE_WITH_PADDING */ if( ( ret = mbedtls_cipher_setkey( &ctx->cipher_ctx, key, - cipher_info->key_bitlen, + keybits, MBEDTLS_ENCRYPT ) ) != 0 ) { return( ret ); From d14a0dcb53cb8d0e4a1b72184f4c7e45411edcaf Mon Sep 17 00:00:00 2001 From: Michal Gorecki Date: Wed, 8 Oct 2025 11:43:15 +0200 Subject: [PATCH 2/2] crypto/mbedtls: Fix gcm_mynewt coding style This adjusts codings style for the latest clang-format requirements --- crypto/mbedtls/include/mbedtls/gcm_mynewt.h | 10 +-- .../selftest/src/testcases/gcm_mynewt_test.c | 51 +++++++------ crypto/mbedtls/src/gcm_mynewt.c | 73 ++++++++++--------- 3 files changed, 66 insertions(+), 68 deletions(-) diff --git a/crypto/mbedtls/include/mbedtls/gcm_mynewt.h b/crypto/mbedtls/include/mbedtls/gcm_mynewt.h index 40945bd48c..b1b02ba192 100644 --- a/crypto/mbedtls/include/mbedtls/gcm_mynewt.h +++ b/crypto/mbedtls/include/mbedtls/gcm_mynewt.h @@ -26,11 +26,9 @@ /** * Same as mbedtls_gcm_setkey, but with preallocated memory for cipher algorithm context */ -int mbedtls_gcm_setkey_noalloc( mbedtls_gcm_context *ctx, - const mbedtls_cipher_info_t *cipher_info, - const unsigned char *key, - unsigned int keybits, - void *cipher_ctx); - +int mbedtls_gcm_setkey_noalloc(mbedtls_gcm_context *ctx, + const mbedtls_cipher_info_t *cipher_info, + const unsigned char *key, unsigned int keybits, + void *cipher_ctx); #endif /* _GCM_MYNEWT_H_ */ diff --git a/crypto/mbedtls/selftest/src/testcases/gcm_mynewt_test.c b/crypto/mbedtls/selftest/src/testcases/gcm_mynewt_test.c index f062f2b4e0..46c69af7d8 100644 --- a/crypto/mbedtls/selftest/src/testcases/gcm_mynewt_test.c +++ b/crypto/mbedtls/selftest/src/testcases/gcm_mynewt_test.c @@ -24,32 +24,33 @@ static const mbedtls_cipher_info_t *rsm_ucast_cipher; /* This contains both ADD and plaintext for encryption */ static const uint8_t initial_data[110] = { - 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0A, - 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, 0x19, 0x1A, - 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, 0x28, 0x29, 0x2A, - 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x3A, - 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47, 0x48, 0x49, 0x4A, - 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57, 0x58, 0x59, 0x5A, - 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67, 0x68, 0x69, 0x6A, - 0x71, 0x72, 0x73, 0x74, 0x75, 0x76, 0x77, 0x78, 0x79, 0x7A, - 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87, 0x88, 0x89, 0x8A, - 0x91, 0x92, 0x93, 0x94, 0x95, 0x96, 0x97, 0x98, 0x99, 0x9A, - 0xA1, 0xA2, 0xA3, 0xA4, 0xA5, 0xA6, 0xA7, 0xA8, 0xA9, 0xAA + 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0A, 0x11, + 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, 0x19, 0x1A, 0x21, 0x22, + 0x23, 0x24, 0x25, 0x26, 0x27, 0x28, 0x29, 0x2A, 0x31, 0x32, 0x33, + 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x3A, 0x41, 0x42, 0x43, 0x44, + 0x45, 0x46, 0x47, 0x48, 0x49, 0x4A, 0x51, 0x52, 0x53, 0x54, 0x55, + 0x56, 0x57, 0x58, 0x59, 0x5A, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, + 0x67, 0x68, 0x69, 0x6A, 0x71, 0x72, 0x73, 0x74, 0x75, 0x76, 0x77, + 0x78, 0x79, 0x7A, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87, 0x88, + 0x89, 0x8A, 0x91, 0x92, 0x93, 0x94, 0x95, 0x96, 0x97, 0x98, 0x99, + 0x9A, 0xA1, 0xA2, 0xA3, 0xA4, 0xA5, 0xA6, 0xA7, 0xA8, 0xA9, 0xAA }; -static const uint8_t key[32] = { - 0xC0, 0xCA, 0xC0, 0x1A, 0xC0, 0xCA, 0xC0, 0x1A, - 0xC0, 0xCA, 0xC0, 0x1A, 0xC0, 0xCA, 0xC0, 0x1A, - 0xC0, 0xCA, 0xC0, 0x1A, 0xC0, 0xCA, 0xC0, 0x1A, - 0xC0, 0xCA, 0xC0, 0x1A, 0xC0, 0xCA, 0xC0, 0x1A -}; -static const uint8_t iv[12] = { 0x0, 0x1, 0x2, 0x3, 0x4, 0x5, 0x6, 0x7, 0x8, 0x9, 0xA, 0xB }; -static const uint8_t expected_tag[16] = { 0x05, 0x5D, 0x8E, 0xD4, 0xF9, 0x2A, 0x87, 0x87, - 0x6F, 0x23, 0xF2, 0xE6, 0xF0, 0x1D, 0x6D, 0x5C }; +static const uint8_t key[32] = { 0xC0, 0xCA, 0xC0, 0x1A, 0xC0, 0xCA, 0xC0, + 0x1A, 0xC0, 0xCA, 0xC0, 0x1A, 0xC0, 0xCA, + 0xC0, 0x1A, 0xC0, 0xCA, 0xC0, 0x1A, 0xC0, + 0xCA, 0xC0, 0x1A, 0xC0, 0xCA, 0xC0, 0x1A, + 0xC0, 0xCA, 0xC0, 0x1A }; +static const uint8_t iv[12] = { 0x0, 0x1, 0x2, 0x3, 0x4, 0x5, + 0x6, 0x7, 0x8, 0x9, 0xA, 0xB }; +static const uint8_t expected_tag[16] = { 0x05, 0x5D, 0x8E, 0xD4, 0xF9, 0x2A, + 0x87, 0x87, 0x6F, 0x23, 0xF2, 0xE6, + 0xF0, 0x1D, 0x6D, 0x5C }; static uint8_t test_tag[16]; static uint8_t test_buf[110]; -static int mbedtls_gcm_mynewt_test_crypt(uint8_t enc) +static int +mbedtls_gcm_mynewt_test_crypt(uint8_t enc) { int add_len = 40; mbedtls_gcm_context ctx; @@ -63,9 +64,8 @@ static int mbedtls_gcm_mynewt_test_crypt(uint8_t enc) int rc; if (rsm_ucast_cipher == NULL) { - rsm_ucast_cipher = - mbedtls_cipher_info_from_values(MBEDTLS_CIPHER_ID_AES, 256, - MBEDTLS_MODE_ECB); + rsm_ucast_cipher = mbedtls_cipher_info_from_values(MBEDTLS_CIPHER_ID_AES, + 256, MBEDTLS_MODE_ECB); } memset(&ctx, 0, sizeof(ctx)); @@ -75,8 +75,7 @@ static int mbedtls_gcm_mynewt_test_crypt(uint8_t enc) goto out; } - rc = mbedtls_gcm_starts(&ctx, - enc == 1 ? MBEDTLS_GCM_ENCRYPT : MBEDTLS_GCM_DECRYPT, + rc = mbedtls_gcm_starts(&ctx, enc == 1 ? MBEDTLS_GCM_ENCRYPT : MBEDTLS_GCM_DECRYPT, iv, sizeof(iv)); if (rc) { goto out; diff --git a/crypto/mbedtls/src/gcm_mynewt.c b/crypto/mbedtls/src/gcm_mynewt.c index f846124633..fbb480078c 100644 --- a/crypto/mbedtls/src/gcm_mynewt.c +++ b/crypto/mbedtls/src/gcm_mynewt.c @@ -69,12 +69,13 @@ #if !defined(MBEDTLS_GCM_ALT) /* Used to select the acceleration mechanism */ -#define MBEDTLS_GCM_ACC_SMALLTABLE 0 -#define MBEDTLS_GCM_ACC_LARGETABLE 1 -#define MBEDTLS_GCM_ACC_AESNI 2 -#define MBEDTLS_GCM_ACC_AESCE 3 +#define MBEDTLS_GCM_ACC_SMALLTABLE 0 +#define MBEDTLS_GCM_ACC_LARGETABLE 1 +#define MBEDTLS_GCM_ACC_AESNI 2 +#define MBEDTLS_GCM_ACC_AESCE 3 -static inline void gcm_set_acceleration(mbedtls_gcm_context *ctx) +static inline void +gcm_set_acceleration(mbedtls_gcm_context *ctx) { #if defined(MBEDTLS_GCM_LARGE_TABLE) ctx->acceleration = MBEDTLS_GCM_ACC_LARGETABLE; @@ -96,10 +97,11 @@ static inline void gcm_set_acceleration(mbedtls_gcm_context *ctx) #endif } -static inline void gcm_gen_table_rightshift(uint64_t dst[2], const uint64_t src[2]) +static inline void +gcm_gen_table_rightshift(uint64_t dst[2], const uint64_t src[2]) { - uint8_t *u8Dst = (uint8_t *) dst; - uint8_t *u8Src = (uint8_t *) src; + uint8_t *u8Dst = (uint8_t *)dst; + uint8_t *u8Src = (uint8_t *)src; MBEDTLS_PUT_UINT64_BE(MBEDTLS_GET_UINT64_BE(&src[1], 0) >> 1, &dst[1], 0); u8Dst[8] |= (u8Src[7] & 0x01) << 7; @@ -115,11 +117,12 @@ static inline void gcm_gen_table_rightshift(uint64_t dst[2], const uint64_t src[ * is the high-order bit of HH corresponds to P^0 and the low-order bit of HL * corresponds to P^127. */ -static int gcm_gen_table(mbedtls_gcm_context *ctx) +static int +gcm_gen_table(mbedtls_gcm_context *ctx) { int ret, i, j; uint64_t u64h[2] = { 0 }; - uint8_t *h = (uint8_t *) u64h; + uint8_t *h = (uint8_t *)u64h; #if defined(MBEDTLS_BLOCK_CIPHER_C) ret = mbedtls_block_cipher_encrypt(&ctx->block_cipher_ctx, h, h); @@ -134,18 +137,18 @@ static int gcm_gen_table(mbedtls_gcm_context *ctx) gcm_set_acceleration(ctx); /* MBEDTLS_GCM_HTABLE_SIZE/2 = 1000 corresponds to 1 in GF(2^128) */ - ctx->H[MBEDTLS_GCM_HTABLE_SIZE/2][0] = u64h[0]; - ctx->H[MBEDTLS_GCM_HTABLE_SIZE/2][1] = u64h[1]; + ctx->H[MBEDTLS_GCM_HTABLE_SIZE / 2][0] = u64h[0]; + ctx->H[MBEDTLS_GCM_HTABLE_SIZE / 2][1] = u64h[1]; switch (ctx->acceleration) { #if defined(MBEDTLS_AESNI_HAVE_CODE) - case MBEDTLS_GCM_ACC_AESNI: - return 0; + case MBEDTLS_GCM_ACC_AESNI: + return 0; #endif #if defined(MBEDTLS_AESCE_HAVE_CODE) - case MBEDTLS_GCM_ACC_AESCE: - return 0; + case MBEDTLS_GCM_ACC_AESCE: + return 0; #endif default: @@ -153,13 +156,13 @@ static int gcm_gen_table(mbedtls_gcm_context *ctx) ctx->H[0][0] = 0; ctx->H[0][1] = 0; - for (i = MBEDTLS_GCM_HTABLE_SIZE/4; i > 0; i >>= 1) { - gcm_gen_table_rightshift(ctx->H[i], ctx->H[i*2]); + for (i = MBEDTLS_GCM_HTABLE_SIZE / 4; i > 0; i >>= 1) { + gcm_gen_table_rightshift(ctx->H[i], ctx->H[i * 2]); } #if !defined(MBEDTLS_GCM_LARGE_TABLE) /* pack elements of H as 64-bits ints, big-endian */ - for (i = MBEDTLS_GCM_HTABLE_SIZE/2; i > 0; i >>= 1) { + for (i = MBEDTLS_GCM_HTABLE_SIZE / 2; i > 0; i >>= 1) { MBEDTLS_PUT_UINT64_BE(ctx->H[i][0], &ctx->H[i][0], 0); MBEDTLS_PUT_UINT64_BE(ctx->H[i][1], &ctx->H[i][1], 0); } @@ -167,10 +170,9 @@ static int gcm_gen_table(mbedtls_gcm_context *ctx) for (i = 2; i < MBEDTLS_GCM_HTABLE_SIZE; i <<= 1) { for (j = 1; j < i; j++) { - mbedtls_xor_no_simd((unsigned char *) ctx->H[i+j], - (unsigned char *) ctx->H[i], - (unsigned char *) ctx->H[j], - 16); + mbedtls_xor_no_simd((unsigned char *)ctx->H[i + j], + (unsigned char *)ctx->H[i], + (unsigned char *)ctx->H[j], 16); } } } @@ -178,11 +180,11 @@ static int gcm_gen_table(mbedtls_gcm_context *ctx) return 0; } -int mbedtls_gcm_setkey_noalloc( mbedtls_gcm_context *ctx, - const mbedtls_cipher_info_t *cipher_info, - const unsigned char *key, - unsigned int keybits, - void *cipher_ctx) +int +mbedtls_gcm_setkey_noalloc(mbedtls_gcm_context *ctx, + const mbedtls_cipher_info_t *cipher_info, + const unsigned char *key, unsigned int keybits, + void *cipher_ctx) { int ret; @@ -205,17 +207,16 @@ int mbedtls_gcm_setkey_noalloc( mbedtls_gcm_context *ctx, #endif #endif /* MBEDTLS_CIPHER_MODE_WITH_PADDING */ - if( ( ret = mbedtls_cipher_setkey( &ctx->cipher_ctx, key, - keybits, - MBEDTLS_ENCRYPT ) ) != 0 ) - { - return( ret ); + if ((ret = mbedtls_cipher_setkey(&ctx->cipher_ctx, key, keybits, + MBEDTLS_ENCRYPT)) != 0) { + return ret; } - if( ( ret = gcm_gen_table( ctx ) ) != 0 ) - return( ret ); + if ((ret = gcm_gen_table(ctx)) != 0) { + return ret; + } - return( 0 ); + return 0; } #endif /* !MBEDTLS_GCM_ALT */