diff --git a/hypervisor/lib/crypto/crypto_api.c b/hypervisor/lib/crypto/crypto_api.c index 0053ce40d3..b113181617 100644 --- a/hypervisor/lib/crypto/crypto_api.c +++ b/hypervisor/lib/crypto/crypto_api.c @@ -13,50 +13,38 @@ int32_t hkdf_sha256(uint8_t *out_key, size_t out_len, const uint8_t *salt, size_t salt_len, const uint8_t *info, size_t info_len) { + int32_t ret = 0; const mbedtls_md_info_t *md; /* salt and info can be NULL, others can't */ - if (!out_key || !secret) { - return 0; + if ((out_key != NULL) && (secret != NULL)) { + md = mbedtls_md_info_from_type(MBEDTLS_MD_SHA256); + if (md != NULL) { + if (mbedtls_hkdf(md, salt, salt_len, secret, secret_len, + info, info_len, out_key, out_len) == 0) { + ret = 1; + } + } } - md = mbedtls_md_info_from_type(MBEDTLS_MD_SHA256); - if (md == NULL) { - return 0; - } - - if (mbedtls_hkdf(md, - salt, salt_len, - secret, secret_len, - info, info_len, - out_key, out_len) != 0) { - return 0; - } - - return 1; + return ret; } int32_t hmac_sha256(uint8_t *out_key, const uint8_t *secret, size_t secret_len, const uint8_t *salt, size_t salt_len) { + int32_t ret = 0; const mbedtls_md_info_t *md; - if (!out_key || !secret || !salt) { - return 0; - } - - md = mbedtls_md_info_from_type(MBEDTLS_MD_SHA256); - if (md == NULL) { - return 0; - } - - if (mbedtls_md_hmac(md, - secret, secret_len, - salt, salt_len, - out_key) != 0) { - return 0; + if ((out_key != NULL) && (secret != NULL) && (salt != NULL)) { + md = mbedtls_md_info_from_type(MBEDTLS_MD_SHA256); + if (md != NULL) { + if (mbedtls_md_hmac(md, secret, secret_len, salt, salt_len, out_key) == 0) { + ret = 1; + } + } } - return 1; + return ret; } diff --git a/hypervisor/lib/crypto/mbedtls/hkdf.c b/hypervisor/lib/crypto/mbedtls/hkdf.c index 9c2b1c9a9d..1af3c9077c 100644 --- a/hypervisor/lib/crypto/mbedtls/hkdf.c +++ b/hypervisor/lib/crypto/mbedtls/hkdf.c @@ -21,161 +21,148 @@ #include "hkdf.h" -int32_t mbedtls_hkdf( const mbedtls_md_info_t *md, const uint8_t *salt, +int32_t mbedtls_hkdf(const mbedtls_md_info_t *md, const uint8_t *salt, size_t salt_len, const uint8_t *ikm, size_t ikm_len, const uint8_t *info, size_t info_len, - uint8_t *okm, size_t okm_len ) + uint8_t *okm, size_t okm_len) { int32_t ret; uint8_t prk[MBEDTLS_MD_MAX_SIZE]; - ret = mbedtls_hkdf_extract( md, salt, salt_len, ikm, ikm_len, prk ); + ret = mbedtls_hkdf_extract(md, salt, salt_len, ikm, ikm_len, prk); - if( ret == 0 ) - { - ret = mbedtls_hkdf_expand( md, prk, mbedtls_md_get_size( md ), - info, info_len, okm, okm_len ); + if (ret == 0) { + ret = mbedtls_hkdf_expand(md, prk, (size_t)mbedtls_md_get_size(md), + info, info_len, okm, okm_len); } - mbedtls_platform_zeroize( prk, sizeof( prk ) ); + (void)mbedtls_platform_zeroize(prk, sizeof(prk)); - return( ret ); + return ret; } -int32_t mbedtls_hkdf_extract( const mbedtls_md_info_t *md, +int32_t mbedtls_hkdf_extract(const mbedtls_md_info_t *md, const uint8_t *salt, size_t salt_len, const uint8_t *ikm, size_t ikm_len, - uint8_t *prk ) + uint8_t *prk) { - uint8_t null_salt[MBEDTLS_MD_MAX_SIZE] = { '\0' }; + int32_t ret = 0; + size_t tmp_salt_len = salt_len; + const uint8_t *tmp_salt = salt; + uint8_t null_salt[MBEDTLS_MD_MAX_SIZE] = { 0U }; - if( salt == NULL ) - { + if (tmp_salt == NULL) { size_t hash_len; - if( salt_len != 0 ) - { - return MBEDTLS_ERR_HKDF_BAD_INPUT_DATA; - } + if (tmp_salt_len != 0U) { + ret = MBEDTLS_ERR_HKDF_BAD_INPUT_DATA; + } else { - hash_len = mbedtls_md_get_size( md ); + hash_len = mbedtls_md_get_size(md); - if( hash_len == 0 ) - { - return MBEDTLS_ERR_HKDF_BAD_INPUT_DATA; + if (hash_len == 0U) { + ret = MBEDTLS_ERR_HKDF_BAD_INPUT_DATA; + } else { + tmp_salt = null_salt; + tmp_salt_len = hash_len; + } } + } - salt = null_salt; - salt_len = hash_len; + if (ret == 0) { + ret = mbedtls_md_hmac(md, tmp_salt, tmp_salt_len, ikm, ikm_len, prk); } - return( mbedtls_md_hmac( md, salt, salt_len, ikm, ikm_len, prk ) ); + return ret; } -int32_t mbedtls_hkdf_expand( const mbedtls_md_info_t *md, const uint8_t *prk, +int32_t mbedtls_hkdf_expand(const mbedtls_md_info_t *md, const uint8_t *prk, size_t prk_len, const uint8_t *info, - size_t info_len, uint8_t *okm, size_t okm_len ) + size_t info_len, uint8_t *okm, size_t okm_len) { size_t hash_len; size_t where = 0; size_t n; size_t t_len = 0; + size_t tmp_info_len = info_len; + const uint8_t *tmp_info = info; size_t i; int32_t ret = 0; mbedtls_md_context_t ctx; uint8_t t[MBEDTLS_MD_MAX_SIZE]; - if( okm == NULL ) - { - return( MBEDTLS_ERR_HKDF_BAD_INPUT_DATA ); - } - - hash_len = mbedtls_md_get_size( md ); - - if( prk_len < hash_len || hash_len == 0 ) - { - return( MBEDTLS_ERR_HKDF_BAD_INPUT_DATA ); - } - - if( info == NULL ) - { - info = (const uint8_t *) ""; - info_len = 0; - } - - n = okm_len / hash_len; + hash_len = mbedtls_md_get_size(md); - if( (okm_len % hash_len) != 0 ) - { - n++; - } - - /* - * Per RFC 5869 Section 2.3, okm_len must not exceed - * 255 times the hash length - */ - if( n > 255 ) - { - return( MBEDTLS_ERR_HKDF_BAD_INPUT_DATA ); - } - - mbedtls_md_init( &ctx ); - - if( (ret = mbedtls_md_setup( &ctx, md) ) != 0 ) - { - goto exit; - } + if ((okm == NULL) || (prk_len < hash_len) || (hash_len == 0U)) { + ret = MBEDTLS_ERR_HKDF_BAD_INPUT_DATA; + } else { - /* - * Compute T = T(1) | T(2) | T(3) | ... | T(N) - * Where T(N) is defined in RFC 5869 Section 2.3 - */ - for( i = 1; i <= n; i++ ) - { - size_t num_to_copy; - uint8_t c = i & 0xff; - - ret = mbedtls_md_hmac_starts( &ctx, prk, prk_len ); - if( ret != 0 ) - { - goto exit; + if (tmp_info == NULL) { + tmp_info = (const uint8_t *) ""; + tmp_info_len = 0U; } - ret = mbedtls_md_hmac_update( &ctx, t, t_len ); - if( ret != 0 ) - { - goto exit; - } + n = okm_len / hash_len; - ret = mbedtls_md_hmac_update( &ctx, info, info_len ); - if( ret != 0 ) - { - goto exit; + if ((okm_len % hash_len) != 0U) { + n++; } - /* The constant concatenated to the end of each T(n) is a single octet. - * */ - ret = mbedtls_md_hmac_update( &ctx, &c, 1 ); - if( ret != 0 ) - { - goto exit; + /* + * Per RFC 5869 Section 2.3, okm_len must not exceed + * 255 times the hash length + */ + if (n > 255U) { + ret = MBEDTLS_ERR_HKDF_BAD_INPUT_DATA; + } else { + mbedtls_md_init(&ctx); + + ret = mbedtls_md_setup(&ctx, md); + if (ret == 0) { + + /* + * Compute T = T(1) | T(2) | T(3) | ... | T(N) + * Where T(N) is defined in RFC 5869 Section 2.3 + */ + for (i = 1U; i <= n; i++) { + size_t num_to_copy; + uint8_t c = (uint8_t)(i & 0xffU); + + ret = mbedtls_md_hmac_starts(&ctx, prk, prk_len); + if (ret == 0) { + ret = mbedtls_md_hmac_update(&ctx, t, t_len); + } + + if (ret == 0) { + ret = mbedtls_md_hmac_update(&ctx, tmp_info, tmp_info_len); + } + + /* The constant concatenated to the end of each T(n) is a single octet. + * */ + if (ret == 0) { + ret = mbedtls_md_hmac_update(&ctx, &c, 1); + } + + if (ret == 0) { + ret = mbedtls_md_hmac_finish(&ctx, t); + } + + if (ret != 0) { + break; + } + + num_to_copy = (i != n) ? hash_len : (okm_len - where); + (void)memcpy_s(okm + where, num_to_copy, t, num_to_copy); + where += hash_len; + t_len = hash_len; + } + } + + mbedtls_md_free(&ctx); } - - ret = mbedtls_md_hmac_finish( &ctx, t ); - if( ret != 0 ) - { - goto exit; - } - - num_to_copy = (i != n) ? hash_len : (okm_len - where); - memcpy_s( okm + where, num_to_copy, t, num_to_copy ); - where += hash_len; - t_len = hash_len; } -exit: - mbedtls_md_free( &ctx ); - mbedtls_platform_zeroize( t, sizeof( t ) ); + (void)mbedtls_platform_zeroize(t, sizeof(t)); - return( ret ); + return ret; } diff --git a/hypervisor/lib/crypto/mbedtls/md.c b/hypervisor/lib/crypto/mbedtls/md.c index 1ccdf022ee..64f7a7c318 100644 --- a/hypervisor/lib/crypto/mbedtls/md.c +++ b/hypervisor/lib/crypto/mbedtls/md.c @@ -31,242 +31,193 @@ /* * Reminder: update profiles in x509_crt.c when adding a new hash! */ -static const int32_t supported_digests[] = { - MBEDTLS_MD_SHA256, - MBEDTLS_MD_NONE -}; -const int32_t *mbedtls_md_list( void ) +const mbedtls_md_info_t *mbedtls_md_info_from_type(mbedtls_md_type_t md_type) { - return( supported_digests ); -} + const mbedtls_md_info_t *md_info; -const mbedtls_md_info_t *mbedtls_md_info_from_type( mbedtls_md_type_t md_type ) -{ - switch( md_type ) + switch (md_type) { case MBEDTLS_MD_SHA256: - return( &mbedtls_sha256_info ); + md_info = &mbedtls_sha256_info; + break; default: - return( NULL ); + md_info = NULL; + break; } -} -void mbedtls_md_init( mbedtls_md_context_t *ctx ) -{ - memset( ctx, 0, sizeof( mbedtls_md_context_t ) ); + return md_info; } -void mbedtls_md_free( mbedtls_md_context_t *ctx ) +void mbedtls_md_init(mbedtls_md_context_t *ctx) { - if( ctx == NULL ) - return; - - mbedtls_platform_zeroize( ctx, sizeof( mbedtls_md_context_t ) ); + (void) memset(ctx, 0U, sizeof(mbedtls_md_context_t)); } -int32_t mbedtls_md_clone( mbedtls_md_context_t *dst, - const mbedtls_md_context_t *src ) +void mbedtls_md_free(mbedtls_md_context_t *ctx) { - if( dst == NULL || dst->md_info == NULL || - src == NULL || src->md_info == NULL || - dst->md_info != src->md_info ) - { - return( MBEDTLS_ERR_MD_BAD_INPUT_DATA ); + if (ctx != NULL) { + (void) mbedtls_platform_zeroize(ctx, sizeof(mbedtls_md_context_t)); } - dst->md_info->clone_func( dst->md_ctx, src->md_ctx ); - - return( 0 ); -} - -int32_t mbedtls_md_setup( mbedtls_md_context_t *ctx, const mbedtls_md_info_t *md_info ) -{ - if( md_info == NULL || ctx == NULL ) - return( MBEDTLS_ERR_MD_BAD_INPUT_DATA ); - - ctx->md_info = md_info; - - return( 0 ); -} - -int32_t mbedtls_md_starts( mbedtls_md_context_t *ctx ) -{ - if( ctx == NULL || ctx->md_info == NULL ) - return( MBEDTLS_ERR_MD_BAD_INPUT_DATA ); - - return( ctx->md_info->starts_func( ctx->md_ctx ) ); -} - -int32_t mbedtls_md_update( mbedtls_md_context_t *ctx, const uint8_t *input, size_t ilen ) -{ - if( ctx == NULL || ctx->md_info == NULL ) - return( MBEDTLS_ERR_MD_BAD_INPUT_DATA ); - - return( ctx->md_info->update_func( ctx->md_ctx, input, ilen ) ); + return; } -int32_t mbedtls_md_finish( mbedtls_md_context_t *ctx, uint8_t *output ) +int32_t mbedtls_md_setup(mbedtls_md_context_t *ctx, const mbedtls_md_info_t *md_info) { - if( ctx == NULL || ctx->md_info == NULL ) - return( MBEDTLS_ERR_MD_BAD_INPUT_DATA ); + int32_t ret = 0; - return( ctx->md_info->finish_func( ctx->md_ctx, output ) ); -} - -int32_t mbedtls_md( const mbedtls_md_info_t *md_info, const uint8_t *input, size_t ilen, - uint8_t *output ) -{ - if( md_info == NULL ) - return( MBEDTLS_ERR_MD_BAD_INPUT_DATA ); + if ((md_info == NULL) || (ctx == NULL)) { + ret = MBEDTLS_ERR_MD_BAD_INPUT_DATA; + } else { + ctx->md_info = md_info; + } - return( md_info->digest_func( input, ilen, output ) ); + return ret; } -int32_t mbedtls_md_hmac_starts( mbedtls_md_context_t *ctx, const uint8_t *key, size_t keylen ) +int32_t mbedtls_md_hmac_starts(mbedtls_md_context_t *ctx, const uint8_t *key, size_t keylen) { - int32_t ret; + int32_t ret = 0; uint8_t sum[MBEDTLS_MD_MAX_SIZE]; uint8_t *ipad, *opad; + const uint8_t *temp_key = key; size_t i; - if( ctx == NULL || ctx->md_info == NULL || ctx->hmac_ctx == NULL ) - return( MBEDTLS_ERR_MD_BAD_INPUT_DATA ); - - if( keylen > (size_t) ctx->md_info->block_size ) - { - if( ( ret = ctx->md_info->starts_func( ctx->md_ctx ) ) != 0 ) - goto cleanup; - if( ( ret = ctx->md_info->update_func( ctx->md_ctx, key, keylen ) ) != 0 ) - goto cleanup; - if( ( ret = ctx->md_info->finish_func( ctx->md_ctx, sum ) ) != 0 ) - goto cleanup; - - keylen = ctx->md_info->size; - key = sum; + if ((ctx == NULL) || (ctx->md_info == NULL) || (ctx->hmac_ctx == NULL) || (temp_key == NULL)) { + ret = MBEDTLS_ERR_MD_BAD_INPUT_DATA; } - ipad = (uint8_t *) ctx->hmac_ctx; - opad = (uint8_t *) ctx->hmac_ctx + ctx->md_info->block_size; - - memset( ipad, 0x36, ctx->md_info->block_size ); - memset( opad, 0x5C, ctx->md_info->block_size ); - - for( i = 0; i < keylen; i++ ) - { - ipad[i] = (uint8_t)( ipad[i] ^ key[i] ); - opad[i] = (uint8_t)( opad[i] ^ key[i] ); + if (ret == 0) { + if (keylen > ctx->md_info->block_size) { + ret = ctx->md_info->starts_func((void *) ctx->md_ctx); + if (ret == 0) { + ret = ctx->md_info->update_func((void *) ctx->md_ctx, temp_key, keylen); + if (ret == 0) { + ret = ctx->md_info->finish_func((void *) ctx->md_ctx, sum); + } + } + + if (ret == 0) { + keylen = (size_t) ctx->md_info->size; + temp_key = sum; + } + } + + if (ret == 0) { + ipad = (uint8_t *) ctx->hmac_ctx; + opad = (uint8_t *) ctx->hmac_ctx + ctx->md_info->block_size; + + (void) memset(ipad, 0x36U, ctx->md_info->block_size); + (void) memset(opad, 0x5CU, ctx->md_info->block_size); + + for(i = 0U; i < keylen; i++) { + *(ipad + i) = (uint8_t) (*(ipad + i) ^ *(temp_key + i)); + *(opad + i) = (uint8_t) (*(opad + i) ^ *(temp_key + i)); + } + + ret = ctx->md_info->starts_func((void *) ctx->md_ctx); + if (ret == 0) { + ret = ctx->md_info->update_func((void *) ctx->md_ctx, ipad, + ctx->md_info->block_size); + } + } + (void) mbedtls_platform_zeroize(sum, sizeof(sum)); } - if( ( ret = ctx->md_info->starts_func( ctx->md_ctx ) ) != 0 ) - goto cleanup; - if( ( ret = ctx->md_info->update_func( ctx->md_ctx, ipad, - ctx->md_info->block_size ) ) != 0 ) - goto cleanup; - -cleanup: - mbedtls_platform_zeroize( sum, sizeof( sum ) ); - - return( ret ); + return ret; } -int32_t mbedtls_md_hmac_update( mbedtls_md_context_t *ctx, const uint8_t *input, size_t ilen ) +int32_t mbedtls_md_hmac_update(mbedtls_md_context_t *ctx, const uint8_t *input, size_t ilen) { - if( ctx == NULL || ctx->md_info == NULL || ctx->hmac_ctx == NULL ) - return( MBEDTLS_ERR_MD_BAD_INPUT_DATA ); + int32_t ret; - return( ctx->md_info->update_func( ctx->md_ctx, input, ilen ) ); + if ((ctx == NULL) || (ctx->md_info == NULL) || (ctx->hmac_ctx == NULL)) { + ret = MBEDTLS_ERR_MD_BAD_INPUT_DATA; + } else { + ret = ctx->md_info->update_func((void *) ctx->md_ctx, input, ilen); + } + + return ret; } -int32_t mbedtls_md_hmac_finish( mbedtls_md_context_t *ctx, uint8_t *output ) +int32_t mbedtls_md_hmac_finish(mbedtls_md_context_t *ctx, uint8_t *output) { - int32_t ret; + int32_t ret = 0; uint8_t tmp[MBEDTLS_MD_MAX_SIZE]; uint8_t *opad; - if( ctx == NULL || ctx->md_info == NULL || ctx->hmac_ctx == NULL ) - return( MBEDTLS_ERR_MD_BAD_INPUT_DATA ); - - opad = (uint8_t *) ctx->hmac_ctx + ctx->md_info->block_size; - - if( ( ret = ctx->md_info->finish_func( ctx->md_ctx, tmp ) ) != 0 ) - return( ret ); - if( ( ret = ctx->md_info->starts_func( ctx->md_ctx ) ) != 0 ) - return( ret ); - if( ( ret = ctx->md_info->update_func( ctx->md_ctx, opad, - ctx->md_info->block_size ) ) != 0 ) - return( ret ); - if( ( ret = ctx->md_info->update_func( ctx->md_ctx, tmp, - ctx->md_info->size ) ) != 0 ) - return( ret ); - return( ctx->md_info->finish_func( ctx->md_ctx, output ) ); -} + if ((ctx == NULL) || (ctx->md_info == NULL) || (ctx->hmac_ctx == NULL)) { + ret = MBEDTLS_ERR_MD_BAD_INPUT_DATA; + } -int32_t mbedtls_md_hmac_reset( mbedtls_md_context_t *ctx ) -{ - int32_t ret; - uint8_t *ipad; + if (ret == 0) { + opad = (uint8_t *) ctx->hmac_ctx + ctx->md_info->block_size; - if( ctx == NULL || ctx->md_info == NULL || ctx->hmac_ctx == NULL ) - return( MBEDTLS_ERR_MD_BAD_INPUT_DATA ); + ret = ctx->md_info->finish_func((void *) ctx->md_ctx, tmp); + if (ret == 0) { + ret = ctx->md_info->starts_func((void *) ctx->md_ctx); + } + } - ipad = (uint8_t *) ctx->hmac_ctx; + if (ret == 0) { + ret = ctx->md_info->update_func((void *) ctx->md_ctx, opad, + ctx->md_info->block_size); + if (ret == 0) { + ret = ctx->md_info->update_func((void *) ctx->md_ctx, tmp, + ctx->md_info->size); + } + + if (ret == 0) { + ret = ctx->md_info->finish_func((void *) ctx->md_ctx, + (uint8_t *) output); + } + } - if( ( ret = ctx->md_info->starts_func( ctx->md_ctx ) ) != 0 ) - return( ret ); - return( ctx->md_info->update_func( ctx->md_ctx, ipad, - ctx->md_info->block_size ) ); + return ret; } -int32_t mbedtls_md_hmac( const mbedtls_md_info_t *md_info, +int32_t mbedtls_md_hmac(const mbedtls_md_info_t *md_info, const uint8_t *key, size_t keylen, const uint8_t *input, size_t ilen, - uint8_t *output ) + uint8_t *output) { mbedtls_md_context_t ctx; - int32_t ret; + int32_t ret = 0; - if( md_info == NULL ) - return( MBEDTLS_ERR_MD_BAD_INPUT_DATA ); - - mbedtls_md_init( &ctx ); + if (md_info == NULL) { + ret = MBEDTLS_ERR_MD_BAD_INPUT_DATA; + } - if( ( ret = mbedtls_md_setup( &ctx, md_info ) ) != 0 ) - goto cleanup; + if (ret == 0) { + mbedtls_md_init(&ctx); - if( ( ret = mbedtls_md_hmac_starts( &ctx, key, keylen ) ) != 0 ) - goto cleanup; - if( ( ret = mbedtls_md_hmac_update( &ctx, input, ilen ) ) != 0 ) - goto cleanup; - if( ( ret = mbedtls_md_hmac_finish( &ctx, output ) ) != 0 ) - goto cleanup; + ret = mbedtls_md_setup(&ctx, md_info); + if (ret == 0) { + ret = mbedtls_md_hmac_starts(&ctx, key, keylen); + } -cleanup: - mbedtls_md_free( &ctx ); + if (ret == 0) { + ret = mbedtls_md_hmac_update(&ctx, input, ilen); + } - return( ret ); -} + if (ret == 0) { + ret = mbedtls_md_hmac_finish(&ctx, output); + } -int32_t mbedtls_md_process( mbedtls_md_context_t *ctx, const uint8_t *data ) -{ - if( ctx == NULL || ctx->md_info == NULL ) - return( MBEDTLS_ERR_MD_BAD_INPUT_DATA ); + mbedtls_md_free(&ctx); + } - return( ctx->md_info->process_func( ctx->md_ctx, data ) ); + return ret; } -uint8_t mbedtls_md_get_size( const mbedtls_md_info_t *md_info ) +uint8_t mbedtls_md_get_size(const mbedtls_md_info_t *md_info) { - if( md_info == NULL ) - return( 0 ); - - return md_info->size; -} + uint8_t ret = 0U; -mbedtls_md_type_t mbedtls_md_get_type( const mbedtls_md_info_t *md_info ) -{ - if( md_info == NULL ) - return( MBEDTLS_MD_NONE ); + if (md_info != NULL) { + ret = (uint8_t) md_info->size; + } - return md_info->type; + return ret; } diff --git a/hypervisor/lib/crypto/mbedtls/md.h b/hypervisor/lib/crypto/mbedtls/md.h index 8c766c6367..408773ea13 100644 --- a/hypervisor/lib/crypto/mbedtls/md.h +++ b/hypervisor/lib/crypto/mbedtls/md.h @@ -36,14 +36,14 @@ #define MBEDTLS_ERR_MD_FILE_IO_ERROR -0x5200 /**< Opening or reading of file failed. */ #define MBEDTLS_ERR_MD_HW_ACCEL_FAILED -0x5280 /**< MD hardware accelerator failed. */ -#define mbedtls_platform_zeroize(buf, len) memset(buf, 0, len) +#define mbedtls_platform_zeroize(buf, len) memset((buf), 0U, (len)) /** * \brief Supported message digests. * */ typedef enum { - MBEDTLS_MD_NONE=0, /**< None. */ + MBEDTLS_MD_NONE = 0, /**< None. */ MBEDTLS_MD_SHA256, /**< The SHA-256 message digest. */ } mbedtls_md_type_t; @@ -62,7 +62,7 @@ typedef struct { const mbedtls_md_info_t *md_info; /** The digest-specific context. */ - uint8_t md_ctx[sizeof( mbedtls_sha256_context )]; + uint8_t md_ctx[sizeof(mbedtls_sha256_context)]; /** The HMAC part of the context. Use array here to avoid dynamic memory * allocation. The hardcode value 128 is 2 times of block_size which @@ -71,17 +71,6 @@ typedef struct { uint8_t hmac_ctx[128]; } mbedtls_md_context_t; -/** - * \brief This function returns the list of digests supported by the - * generic digest module. - * - * \return A statically allocated array of digests. Each element - * in the returned list is an integer belonging to the - * message-digest enumeration #mbedtls_md_type_t. - * The last entry is 0. - */ -const int32_t *mbedtls_md_list( void ); - /** * \brief This function returns the message-digest information * associated with the given digest type. @@ -91,7 +80,7 @@ const int32_t *mbedtls_md_list( void ); * \return The message-digest information associated with \p md_type. * \return NULL if the associated message-digest information is not found. */ -const mbedtls_md_info_t *mbedtls_md_info_from_type( mbedtls_md_type_t md_type ); +const mbedtls_md_info_t *mbedtls_md_info_from_type(mbedtls_md_type_t md_type); /** * \brief This function initializes a message-digest context without @@ -101,7 +90,7 @@ const mbedtls_md_info_t *mbedtls_md_info_from_type( mbedtls_md_type_t md_type ); * context for mbedtls_md_setup() for binding it to a * message-digest algorithm. */ -void mbedtls_md_init( mbedtls_md_context_t *ctx ); +void mbedtls_md_init(mbedtls_md_context_t *ctx); /** * \brief This function clears the internal structure of \p ctx and @@ -116,7 +105,7 @@ void mbedtls_md_init( mbedtls_md_context_t *ctx ); * You must not call this function if you have not called * mbedtls_md_init(). */ -void mbedtls_md_free( mbedtls_md_context_t *ctx ); +void mbedtls_md_free(mbedtls_md_context_t *ctx); /** * \brief This function selects the message digest algorithm to use, @@ -135,29 +124,7 @@ void mbedtls_md_free( mbedtls_md_context_t *ctx ); * failure. * \return #MBEDTLS_ERR_MD_ALLOC_FAILED on memory-allocation failure. */ -int32_t mbedtls_md_setup( mbedtls_md_context_t *ctx, const mbedtls_md_info_t *md_info ); - -/** - * \brief This function clones the state of an message-digest - * context. - * - * \note You must call mbedtls_md_setup() on \c dst before calling - * this function. - * - * \note The two contexts must have the same type, - * for example, both are SHA-256. - * - * \warning This function clones the message-digest state, not the - * HMAC state. - * - * \param dst The destination context. - * \param src The context to be cloned. - * - * \return \c 0 on success. - * \return #MBEDTLS_ERR_MD_BAD_INPUT_DATA on parameter-verification failure. - */ -int32_t mbedtls_md_clone( mbedtls_md_context_t *dst, - const mbedtls_md_context_t *src ); +int32_t mbedtls_md_setup(mbedtls_md_context_t *ctx, const mbedtls_md_info_t *md_info); /** * \brief This function extracts the message-digest size from the @@ -168,92 +135,7 @@ int32_t mbedtls_md_clone( mbedtls_md_context_t *dst, * * \return The size of the message-digest output in Bytes. */ -uint8_t mbedtls_md_get_size( const mbedtls_md_info_t *md_info ); - -/** - * \brief This function extracts the message-digest type from the - * message-digest information structure. - * - * \param md_info The information structure of the message-digest algorithm - * to use. - * - * \return The type of the message digest. - */ -mbedtls_md_type_t mbedtls_md_get_type( const mbedtls_md_info_t *md_info ); - -/** - * \brief This function starts a message-digest computation. - * - * You must call this function after setting up the context - * with mbedtls_md_setup(), and before passing data with - * mbedtls_md_update(). - * - * \param ctx The generic message-digest context. - * - * \return \c 0 on success. - * \return #MBEDTLS_ERR_MD_BAD_INPUT_DATA on parameter-verification - * failure. - */ -int32_t mbedtls_md_starts( mbedtls_md_context_t *ctx ); - -/** - * \brief This function feeds an input buffer into an ongoing - * message-digest computation. - * - * You must call mbedtls_md_starts() before calling this - * function. You may call this function multiple times. - * Afterwards, call mbedtls_md_finish(). - * - * \param ctx The generic message-digest context. - * \param input The buffer holding the input data. - * \param ilen The length of the input data. - * - * \return \c 0 on success. - * \return #MBEDTLS_ERR_MD_BAD_INPUT_DATA on parameter-verification - * failure. - */ -int32_t mbedtls_md_update( mbedtls_md_context_t *ctx, const uint8_t *input, size_t ilen ); - -/** - * \brief This function finishes the digest operation, - * and writes the result to the output buffer. - * - * Call this function after a call to mbedtls_md_starts(), - * followed by any number of calls to mbedtls_md_update(). - * Afterwards, you may either clear the context with - * mbedtls_md_free(), or call mbedtls_md_starts() to reuse - * the context for another digest operation with the same - * algorithm. - * - * \param ctx The generic message-digest context. - * \param output The buffer for the generic message-digest checksum result. - * - * \return \c 0 on success. - * \return #MBEDTLS_ERR_MD_BAD_INPUT_DATA on parameter-verification - * failure. - */ -int32_t mbedtls_md_finish( mbedtls_md_context_t *ctx, uint8_t *output ); - -/** - * \brief This function calculates the message-digest of a buffer, - * with respect to a configurable message-digest algorithm - * in a single call. - * - * The result is calculated as - * Output = message_digest(input buffer). - * - * \param md_info The information structure of the message-digest algorithm - * to use. - * \param input The buffer holding the data. - * \param ilen The length of the input data. - * \param output The generic message-digest checksum result. - * - * \return \c 0 on success. - * \return #MBEDTLS_ERR_MD_BAD_INPUT_DATA on parameter-verification - * failure. - */ -int32_t mbedtls_md( const mbedtls_md_info_t *md_info, const uint8_t *input, size_t ilen, - uint8_t *output ); +uint8_t mbedtls_md_get_size(const mbedtls_md_info_t *md_info); /** * \brief This function sets the HMAC key and prepares to @@ -273,8 +155,7 @@ int32_t mbedtls_md( const mbedtls_md_info_t *md_info, const uint8_t *input, size * \return #MBEDTLS_ERR_MD_BAD_INPUT_DATA on parameter-verification * failure. */ -int32_t mbedtls_md_hmac_starts( mbedtls_md_context_t *ctx, const uint8_t *key, - size_t keylen ); +int32_t mbedtls_md_hmac_starts(mbedtls_md_context_t *ctx, const uint8_t *key, size_t keylen); /** * \brief This function feeds an input buffer into an ongoing HMAC @@ -295,8 +176,7 @@ int32_t mbedtls_md_hmac_starts( mbedtls_md_context_t *ctx, const uint8_t *key, * \return #MBEDTLS_ERR_MD_BAD_INPUT_DATA on parameter-verification * failure. */ -int32_t mbedtls_md_hmac_update( mbedtls_md_context_t *ctx, const uint8_t *input, - size_t ilen ); +int32_t mbedtls_md_hmac_update(mbedtls_md_context_t *ctx, const uint8_t *input, size_t ilen); /** * \brief This function finishes the HMAC operation, and writes @@ -316,24 +196,7 @@ int32_t mbedtls_md_hmac_update( mbedtls_md_context_t *ctx, const uint8_t *input, * \return #MBEDTLS_ERR_MD_BAD_INPUT_DATA on parameter-verification * failure. */ -int32_t mbedtls_md_hmac_finish( mbedtls_md_context_t *ctx, uint8_t *output); - -/** - * \brief This function prepares to authenticate a new message with - * the same key as the previous HMAC operation. - * - * You may call this function after mbedtls_md_hmac_finish(). - * Afterwards call mbedtls_md_hmac_update() to pass the new - * input. - * - * \param ctx The message digest context containing an embedded HMAC - * context. - * - * \return \c 0 on success. - * \return #MBEDTLS_ERR_MD_BAD_INPUT_DATA on parameter-verification - * failure. - */ -int32_t mbedtls_md_hmac_reset( mbedtls_md_context_t *ctx ); +int32_t mbedtls_md_hmac_finish(mbedtls_md_context_t *ctx, uint8_t *output); /** * \brief This function calculates the full generic HMAC @@ -357,11 +220,7 @@ int32_t mbedtls_md_hmac_reset( mbedtls_md_context_t *ctx ); * \return #MBEDTLS_ERR_MD_BAD_INPUT_DATA on parameter-verification * failure. */ -int32_t mbedtls_md_hmac( const mbedtls_md_info_t *md_info, const uint8_t *key, size_t keylen, - const uint8_t *input, size_t ilen, - uint8_t *output ); - -/* Internal use */ -int32_t mbedtls_md_process( mbedtls_md_context_t *ctx, const uint8_t *data ); +int32_t mbedtls_md_hmac(const mbedtls_md_info_t *md_info, const uint8_t *key, size_t keylen, + const uint8_t *input, size_t ilen, uint8_t *output); #endif /* MBEDTLS_MD_H */ diff --git a/hypervisor/lib/crypto/mbedtls/md_internal.h b/hypervisor/lib/crypto/mbedtls/md_internal.h index c2c58b80f7..c321a62cc7 100644 --- a/hypervisor/lib/crypto/mbedtls/md_internal.h +++ b/hypervisor/lib/crypto/mbedtls/md_internal.h @@ -47,7 +47,7 @@ struct mbedtls_md_info_t int32_t size; /** Block length of the digest function in bytes */ - int32_t block_size; + size_t block_size; /** Digest initialisation function */ int32_t (*starts_func)( void *ctx ); diff --git a/hypervisor/lib/crypto/mbedtls/sha256.c b/hypervisor/lib/crypto/mbedtls/sha256.c index f397f0933b..05106d46e7 100644 --- a/hypervisor/lib/crypto/mbedtls/sha256.c +++ b/hypervisor/lib/crypto/mbedtls/sha256.c @@ -34,38 +34,36 @@ #ifndef GET_UINT32_BE #define GET_UINT32_BE(n,b,i) \ do { \ - (n) = ( (uint32_t) (b)[(i) ] << 24 ) \ - | ( (uint32_t) (b)[(i) + 1] << 16 ) \ - | ( (uint32_t) (b)[(i) + 2] << 8 ) \ - | ( (uint32_t) (b)[(i) + 3] ); \ -} while( 0 ) + (n) = ((uint32_t) (b)[(i) ] << 24) \ + | ((uint32_t) (b)[(i) + 1] << 16) \ + | ((uint32_t) (b)[(i) + 2] << 8) \ + | ((uint32_t) (b)[(i) + 3] ); \ +} while(0) #endif #ifndef PUT_UINT32_BE #define PUT_UINT32_BE(n,b,i) \ do { \ - (b)[(i) ] = (uint8_t) ( (n) >> 24 ); \ - (b)[(i) + 1] = (uint8_t) ( (n) >> 16 ); \ - (b)[(i) + 2] = (uint8_t) ( (n) >> 8 ); \ - (b)[(i) + 3] = (uint8_t) ( (n) ); \ -} while( 0 ) + (b)[(i) ] = (uint8_t) ((n) >> 24); \ + (b)[(i) + 1] = (uint8_t) ((n) >> 16); \ + (b)[(i) + 2] = (uint8_t) ((n) >> 8); \ + (b)[(i) + 3] = (uint8_t) ((n) ); \ +} while(0) #endif -void mbedtls_sha256_init( mbedtls_sha256_context *ctx ) +void mbedtls_sha256_init(mbedtls_sha256_context *ctx) { - memset( ctx, 0, sizeof( mbedtls_sha256_context ) ); + memset(ctx, 0U, sizeof(mbedtls_sha256_context)); } -void mbedtls_sha256_free( mbedtls_sha256_context *ctx ) +void mbedtls_sha256_free(mbedtls_sha256_context *ctx) { - if( ctx == NULL ) - return; - - mbedtls_platform_zeroize( ctx, sizeof( mbedtls_sha256_context ) ); + if (ctx != NULL) { + mbedtls_platform_zeroize(ctx, sizeof(mbedtls_sha256_context)); + } } -void mbedtls_sha256_clone( mbedtls_sha256_context *dst, - const mbedtls_sha256_context *src ) +void mbedtls_sha256_clone(mbedtls_sha256_context *dst, const mbedtls_sha256_context *src) { *dst = *src; } @@ -73,266 +71,264 @@ void mbedtls_sha256_clone( mbedtls_sha256_context *dst, /* * SHA-256 context setup */ -int32_t mbedtls_sha256_starts_ret( mbedtls_sha256_context *ctx, int32_t is224 ) +int32_t mbedtls_sha256_starts_ret(mbedtls_sha256_context *ctx, int32_t is224) { - ctx->total[0] = 0; - ctx->total[1] = 0; + ctx->total[0] = 0U; + ctx->total[1] = 0U; - if( is224 == 0 ) - { + if (is224 == 0) { /* SHA-256 */ - ctx->state[0] = 0x6A09E667; - ctx->state[1] = 0xBB67AE85; - ctx->state[2] = 0x3C6EF372; - ctx->state[3] = 0xA54FF53A; - ctx->state[4] = 0x510E527F; - ctx->state[5] = 0x9B05688C; - ctx->state[6] = 0x1F83D9AB; - ctx->state[7] = 0x5BE0CD19; - } - else - { + ctx->state[0] = 0x6A09E667U; + ctx->state[1] = 0xBB67AE85U; + ctx->state[2] = 0x3C6EF372U; + ctx->state[3] = 0xA54FF53AU; + ctx->state[4] = 0x510E527FU; + ctx->state[5] = 0x9B05688CU; + ctx->state[6] = 0x1F83D9ABU; + ctx->state[7] = 0x5BE0CD19U; + } else { /* SHA-224 */ - ctx->state[0] = 0xC1059ED8; - ctx->state[1] = 0x367CD507; - ctx->state[2] = 0x3070DD17; - ctx->state[3] = 0xF70E5939; - ctx->state[4] = 0xFFC00B31; - ctx->state[5] = 0x68581511; - ctx->state[6] = 0x64F98FA7; - ctx->state[7] = 0xBEFA4FA4; + ctx->state[0] = 0xC1059ED8U; + ctx->state[1] = 0x367CD507U; + ctx->state[2] = 0x3070DD17U; + ctx->state[3] = 0xF70E5939U; + ctx->state[4] = 0xFFC00B31U; + ctx->state[5] = 0x68581511U; + ctx->state[6] = 0x64F98FA7U; + ctx->state[7] = 0xBEFA4FA4U; } ctx->is224 = is224; - return( 0 ); + return(0); } static const uint32_t K[] = { - 0x428A2F98, 0x71374491, 0xB5C0FBCF, 0xE9B5DBA5, - 0x3956C25B, 0x59F111F1, 0x923F82A4, 0xAB1C5ED5, - 0xD807AA98, 0x12835B01, 0x243185BE, 0x550C7DC3, - 0x72BE5D74, 0x80DEB1FE, 0x9BDC06A7, 0xC19BF174, - 0xE49B69C1, 0xEFBE4786, 0x0FC19DC6, 0x240CA1CC, - 0x2DE92C6F, 0x4A7484AA, 0x5CB0A9DC, 0x76F988DA, - 0x983E5152, 0xA831C66D, 0xB00327C8, 0xBF597FC7, - 0xC6E00BF3, 0xD5A79147, 0x06CA6351, 0x14292967, - 0x27B70A85, 0x2E1B2138, 0x4D2C6DFC, 0x53380D13, - 0x650A7354, 0x766A0ABB, 0x81C2C92E, 0x92722C85, - 0xA2BFE8A1, 0xA81A664B, 0xC24B8B70, 0xC76C51A3, - 0xD192E819, 0xD6990624, 0xF40E3585, 0x106AA070, - 0x19A4C116, 0x1E376C08, 0x2748774C, 0x34B0BCB5, - 0x391C0CB3, 0x4ED8AA4A, 0x5B9CCA4F, 0x682E6FF3, - 0x748F82EE, 0x78A5636F, 0x84C87814, 0x8CC70208, - 0x90BEFFFA, 0xA4506CEB, 0xBEF9A3F7, 0xC67178F2, + 0x428A2F98U, 0x71374491U, 0xB5C0FBCFU, 0xE9B5DBA5U, + 0x3956C25BU, 0x59F111F1U, 0x923F82A4U, 0xAB1C5ED5U, + 0xD807AA98U, 0x12835B01U, 0x243185BEU, 0x550C7DC3U, + 0x72BE5D74U, 0x80DEB1FEU, 0x9BDC06A7U, 0xC19BF174U, + 0xE49B69C1U, 0xEFBE4786U, 0x0FC19DC6U, 0x240CA1CCU, + 0x2DE92C6FU, 0x4A7484AAU, 0x5CB0A9DCU, 0x76F988DAU, + 0x983E5152U, 0xA831C66DU, 0xB00327C8U, 0xBF597FC7U, + 0xC6E00BF3U, 0xD5A79147U, 0x06CA6351U, 0x14292967U, + 0x27B70A85U, 0x2E1B2138U, 0x4D2C6DFCU, 0x53380D13U, + 0x650A7354U, 0x766A0ABBU, 0x81C2C92EU, 0x92722C85U, + 0xA2BFE8A1U, 0xA81A664BU, 0xC24B8B70U, 0xC76C51A3U, + 0xD192E819U, 0xD6990624U, 0xF40E3585U, 0x106AA070U, + 0x19A4C116U, 0x1E376C08U, 0x2748774CU, 0x34B0BCB5U, + 0x391C0CB3U, 0x4ED8AA4AU, 0x5B9CCA4FU, 0x682E6FF3U, + 0x748F82EEU, 0x78A5636FU, 0x84C87814U, 0x8CC70208U, + 0x90BEFFFAU, 0xA4506CEBU, 0xBEF9A3F7U, 0xC67178F2U, }; -#define SHR(x,n) ((x & 0xFFFFFFFF) >> n) -#define ROTR(x,n) (SHR(x,n) | (x << (32 - n))) +#define SHR(x,n) (((x) & 0xFFFFFFFFU) >> (n)) +#define ROTR(x,n) (SHR((x),(n)) | ((x) << (32U - (n)))) -#define S0(x) (ROTR(x, 7) ^ ROTR(x,18) ^ SHR(x, 3)) -#define S1(x) (ROTR(x,17) ^ ROTR(x,19) ^ SHR(x,10)) +#define S0(x) (ROTR((x), 7U) ^ ROTR((x),18U) ^ SHR((x), 3U)) +#define S1(x) (ROTR((x),17U) ^ ROTR((x),19U) ^ SHR((x),10U)) -#define S2(x) (ROTR(x, 2) ^ ROTR(x,13) ^ ROTR(x,22)) -#define S3(x) (ROTR(x, 6) ^ ROTR(x,11) ^ ROTR(x,25)) +#define S2(x) (ROTR((x), 2U) ^ ROTR((x),13U) ^ ROTR((x),22U)) +#define S3(x) (ROTR((x), 6U) ^ ROTR((x),11U) ^ ROTR((x),25U)) -#define F0(x,y,z) ((x & y) | (z & (x | y))) -#define F1(x,y,z) (z ^ (x & (y ^ z))) +#define F0(x,y,z) (((x) & (y)) | ((z) & ((x) | (y)))) +#define F1(x,y,z) ((z) ^ ((x) & ((y) ^ (z)))) #define R(t) \ -( \ - W[t] = S1(W[t - 2]) + W[t - 7] + \ - S0(W[t - 15]) + W[t - 16] \ +( \ + W[(t)] = S1(W[(t) - 2]) + W[(t) - 7] + \ + S0(W[(t) - 15]) + W[(t) - 16] \ ) #define P(a,b,c,d,e,f,g,h,x,K) \ { \ - temp1 = h + S3(e) + F1(e,f,g) + K + x; \ - temp2 = S2(a) + F0(a,b,c); \ - d += temp1; h = temp1 + temp2; \ + temp1 = (h) + S3(e) + F1((e),(f),(g)) + (K) + (x); \ + temp2 = S2(a) + F0((a),(b),(c)); \ + (d) += temp1; (h) = temp1 + temp2; \ } -int32_t mbedtls_internal_sha256_process( mbedtls_sha256_context *ctx, - const uint8_t data[64] ) +int32_t mbedtls_internal_sha256_process(mbedtls_sha256_context *ctx, const uint8_t data[64]) { uint32_t temp1, temp2, W[64]; uint32_t A[8]; - uint32_t i; + int32_t i; - for( i = 0; i < 8; i++ ) + for (i = 0; i < 8; i++) { A[i] = ctx->state[i]; + } - for( i = 0; i < 16; i++ ) - GET_UINT32_BE( W[i], data, 4 * i ); - - for( i = 0; i < 16; i += 8 ) - { - P( A[0], A[1], A[2], A[3], A[4], A[5], A[6], A[7], W[i+0], K[i+0] ); - P( A[7], A[0], A[1], A[2], A[3], A[4], A[5], A[6], W[i+1], K[i+1] ); - P( A[6], A[7], A[0], A[1], A[2], A[3], A[4], A[5], W[i+2], K[i+2] ); - P( A[5], A[6], A[7], A[0], A[1], A[2], A[3], A[4], W[i+3], K[i+3] ); - P( A[4], A[5], A[6], A[7], A[0], A[1], A[2], A[3], W[i+4], K[i+4] ); - P( A[3], A[4], A[5], A[6], A[7], A[0], A[1], A[2], W[i+5], K[i+5] ); - P( A[2], A[3], A[4], A[5], A[6], A[7], A[0], A[1], W[i+6], K[i+6] ); - P( A[1], A[2], A[3], A[4], A[5], A[6], A[7], A[0], W[i+7], K[i+7] ); + for (i = 0; i < 16; i++) { + GET_UINT32_BE(W[i], data, 4 * i); } - for( i = 16; i < 64; i += 8 ) - { - P( A[0], A[1], A[2], A[3], A[4], A[5], A[6], A[7], R(i+0), K[i+0] ); - P( A[7], A[0], A[1], A[2], A[3], A[4], A[5], A[6], R(i+1), K[i+1] ); - P( A[6], A[7], A[0], A[1], A[2], A[3], A[4], A[5], R(i+2), K[i+2] ); - P( A[5], A[6], A[7], A[0], A[1], A[2], A[3], A[4], R(i+3), K[i+3] ); - P( A[4], A[5], A[6], A[7], A[0], A[1], A[2], A[3], R(i+4), K[i+4] ); - P( A[3], A[4], A[5], A[6], A[7], A[0], A[1], A[2], R(i+5), K[i+5] ); - P( A[2], A[3], A[4], A[5], A[6], A[7], A[0], A[1], R(i+6), K[i+6] ); - P( A[1], A[2], A[3], A[4], A[5], A[6], A[7], A[0], R(i+7), K[i+7] ); + for (i = 0; i < 16; i += 8) { + P(A[0], A[1], A[2], A[3], A[4], A[5], A[6], A[7], W[i+0], K[i+0]); + P(A[7], A[0], A[1], A[2], A[3], A[4], A[5], A[6], W[i+1], K[i+1]); + P(A[6], A[7], A[0], A[1], A[2], A[3], A[4], A[5], W[i+2], K[i+2]); + P(A[5], A[6], A[7], A[0], A[1], A[2], A[3], A[4], W[i+3], K[i+3]); + P(A[4], A[5], A[6], A[7], A[0], A[1], A[2], A[3], W[i+4], K[i+4]); + P(A[3], A[4], A[5], A[6], A[7], A[0], A[1], A[2], W[i+5], K[i+5]); + P(A[2], A[3], A[4], A[5], A[6], A[7], A[0], A[1], W[i+6], K[i+6]); + P(A[1], A[2], A[3], A[4], A[5], A[6], A[7], A[0], W[i+7], K[i+7]); } - for( i = 0; i < 8; i++ ) + for (i = 16; i < 64; i += 8) { + P(A[0], A[1], A[2], A[3], A[4], A[5], A[6], A[7], R(i+0), K[i+0]); + P(A[7], A[0], A[1], A[2], A[3], A[4], A[5], A[6], R(i+1), K[i+1]); + P(A[6], A[7], A[0], A[1], A[2], A[3], A[4], A[5], R(i+2), K[i+2]); + P(A[5], A[6], A[7], A[0], A[1], A[2], A[3], A[4], R(i+3), K[i+3]); + P(A[4], A[5], A[6], A[7], A[0], A[1], A[2], A[3], R(i+4), K[i+4]); + P(A[3], A[4], A[5], A[6], A[7], A[0], A[1], A[2], R(i+5), K[i+5]); + P(A[2], A[3], A[4], A[5], A[6], A[7], A[0], A[1], R(i+6), K[i+6]); + P(A[1], A[2], A[3], A[4], A[5], A[6], A[7], A[0], R(i+7), K[i+7]); + } + + for (i = 0; i < 8; i++) { ctx->state[i] += A[i]; + } - return( 0 ); + return 0; } /* * SHA-256 process buffer */ -int32_t mbedtls_sha256_update_ret( mbedtls_sha256_context *ctx, - const uint8_t *input, - size_t ilen ) +int32_t mbedtls_sha256_update_ret(mbedtls_sha256_context *ctx, const uint8_t *input, size_t ilen) { - int32_t ret; + int32_t ret = 0; size_t fill; uint32_t left; - - if( ilen == 0 ) - return( 0 ); - - left = ctx->total[0] & 0x3F; - fill = 64 - left; - - ctx->total[0] += (uint32_t) ilen; - ctx->total[0] &= 0xFFFFFFFF; - - if( ctx->total[0] < (uint32_t) ilen ) - ctx->total[1]++; - - if( left && ilen >= fill ) - { - memcpy_s( (void *) (ctx->buffer + left), fill, input, fill ); - - if( ( ret = mbedtls_internal_sha256_process( ctx, ctx->buffer ) ) != 0 ) - return( ret ); - - input += fill; - ilen -= fill; - left = 0; + const uint8_t *data = input; + size_t len = ilen; + + if ((len != 0U) && (data != NULL)) { + left = ctx->total[0] & 0x3FU; + fill = 64U - left; + + ctx->total[0] += (uint32_t)len; + ctx->total[0] &= 0xFFFFFFFFU; + + if (ctx->total[0] < (uint32_t)len) { + ctx->total[1]++; + } + + if ((left != 0U) && (len >= fill)) { + (void)memcpy_s((void *)&ctx->buffer[left], fill, data, fill); + + ret = mbedtls_internal_sha256_process(ctx, ctx->buffer); + if (ret == 0) { + data += fill; + len -= fill; + left = 0U; + } + } + + if (ret == 0) { + while (len >= 64U) { + ret = mbedtls_internal_sha256_process(ctx, data); + if (ret == 0) { + data += 64; + len -= 64U; + break; + } + } + + if (ret == 0) { + if (len > 0U) { + (void)memcpy_s((void *)&ctx->buffer[left], len, data, len); + } + } + } } - while( ilen >= 64 ) - { - if( ( ret = mbedtls_internal_sha256_process( ctx, input ) ) != 0 ) - return( ret ); - - input += 64; - ilen -= 64; - } - - if( ilen > 0 ) - memcpy_s( (void *) (ctx->buffer + left), ilen, input, ilen ); - - return( 0 ); + return ret; } /* * SHA-256 final digest */ -int32_t mbedtls_sha256_finish_ret( mbedtls_sha256_context *ctx, - uint8_t output[32] ) +int32_t mbedtls_sha256_finish_ret(mbedtls_sha256_context *ctx, uint8_t output[32]) { - int32_t ret; + int32_t ret = 0; uint32_t used; uint32_t high, low; /* * Add padding: 0x80 then 0x00 until 8 bytes remain for the length */ - used = ctx->total[0] & 0x3F; + used = ctx->total[0] & 0x3FU; + + ctx->buffer[used] = 0x80U; - ctx->buffer[used++] = 0x80; + used ++; - if( used <= 56 ) - { + if (used <= 56U) { /* Enough room for padding + length in current block */ - memset( ctx->buffer + used, 0, 56 - used ); - } - else - { + (void)memset((void *)&ctx->buffer[used], 0U, 56U - used); + } else { /* We'll need an extra block */ - memset( ctx->buffer + used, 0, 64 - used ); - - if( ( ret = mbedtls_internal_sha256_process( ctx, ctx->buffer ) ) != 0 ) - return( ret ); + (void)memset((void *)&ctx->buffer[used], 0U, 64U - used); - memset( ctx->buffer, 0, 56 ); + ret = mbedtls_internal_sha256_process(ctx, ctx->buffer); + if (ret == 0) { + (void)memset(ctx->buffer, 0U, 56U); + } } /* * Add message length */ - high = ( ctx->total[0] >> 29 ) - | ( ctx->total[1] << 3 ); - low = ( ctx->total[0] << 3 ); - - PUT_UINT32_BE( high, ctx->buffer, 56 ); - PUT_UINT32_BE( low, ctx->buffer, 60 ); - - if( ( ret = mbedtls_internal_sha256_process( ctx, ctx->buffer ) ) != 0 ) - return( ret ); + if (ret == 0) { + high = (ctx->total[0] >> 29) + | (ctx->total[1] << 3); + low = (ctx->total[0] << 3); + + PUT_UINT32_BE(high, ctx->buffer, 56); + PUT_UINT32_BE(low, ctx->buffer, 60); + + ret = mbedtls_internal_sha256_process(ctx, ctx->buffer); + if (ret == 0) { + /* + * Output final state + */ + PUT_UINT32_BE(ctx->state[0], output, 0); + PUT_UINT32_BE(ctx->state[1], output, 4); + PUT_UINT32_BE(ctx->state[2], output, 8); + PUT_UINT32_BE(ctx->state[3], output, 12); + PUT_UINT32_BE(ctx->state[4], output, 16); + PUT_UINT32_BE(ctx->state[5], output, 20); + PUT_UINT32_BE(ctx->state[6], output, 24); + + if (ctx->is224 == 0) { + PUT_UINT32_BE(ctx->state[7], output, 28); + } + } + } - /* - * Output final state - */ - PUT_UINT32_BE( ctx->state[0], output, 0 ); - PUT_UINT32_BE( ctx->state[1], output, 4 ); - PUT_UINT32_BE( ctx->state[2], output, 8 ); - PUT_UINT32_BE( ctx->state[3], output, 12 ); - PUT_UINT32_BE( ctx->state[4], output, 16 ); - PUT_UINT32_BE( ctx->state[5], output, 20 ); - PUT_UINT32_BE( ctx->state[6], output, 24 ); - - if( ctx->is224 == 0 ) - PUT_UINT32_BE( ctx->state[7], output, 28 ); - - return( 0 ); + return ret; } /* - * output = SHA-256( input buffer ) + * output = SHA-256(input buffer) */ -int32_t mbedtls_sha256_ret( const uint8_t *input, - size_t ilen, - uint8_t output[32], - int32_t is224 ) +int32_t mbedtls_sha256_ret(const uint8_t *input, size_t ilen, uint8_t output[32], int32_t is224) { - int32_t ret; + int32_t ret = 0; mbedtls_sha256_context ctx; - mbedtls_sha256_init( &ctx ); + mbedtls_sha256_init(&ctx); - if( ( ret = mbedtls_sha256_starts_ret( &ctx, is224 ) ) != 0 ) - goto exit; - - if( ( ret = mbedtls_sha256_update_ret( &ctx, input, ilen ) ) != 0 ) - goto exit; + ret = mbedtls_sha256_starts_ret(&ctx, is224); + if (ret == 0) { + ret = mbedtls_sha256_update_ret(&ctx, input, ilen); + } - if( ( ret = mbedtls_sha256_finish_ret( &ctx, output ) ) != 0 ) - goto exit; + if (ret == 0) { + ret = mbedtls_sha256_finish_ret(&ctx, output); + } -exit: - mbedtls_sha256_free( &ctx ); + mbedtls_sha256_free(&ctx); - return( ret ); + return ret; }