| /mbedtls-3.7.0/library/ |
| D | sha3.c | 108 uint64_t t; in keccak_f1600() local
116 t = lane[(i + 4) % 5] ^ ROTR64(lane[(i + 1) % 5], 63); in keccak_f1600()
117 s[i] ^= t; s[i + 5] ^= t; s[i + 10] ^= t; s[i + 15] ^= t; s[i + 20] ^= t; in keccak_f1600()
126 t = lane[4] ^ ROTR64(lane[1], 63); in keccak_f1600()
127 s[0] ^= t; s[5] ^= t; s[10] ^= t; s[15] ^= t; s[20] ^= t; in keccak_f1600()
129 t = lane[0] ^ ROTR64(lane[2], 63); in keccak_f1600()
130 s[1] ^= t; s[6] ^= t; s[11] ^= t; s[16] ^= t; s[21] ^= t; in keccak_f1600()
132 t = lane[1] ^ ROTR64(lane[3], 63); in keccak_f1600()
133 s[2] ^= t; s[7] ^= t; s[12] ^= t; s[17] ^= t; s[22] ^= t; in keccak_f1600()
135 t = lane[2] ^ ROTR64(lane[4], 63); in keccak_f1600()
[all …]
|
| D | aes.c | 892 } t; in mbedtls_internal_aes_encrypt() local
894 t.X[0] = MBEDTLS_GET_UINT32_LE(input, 0); t.X[0] ^= *RK++; in mbedtls_internal_aes_encrypt()
895 t.X[1] = MBEDTLS_GET_UINT32_LE(input, 4); t.X[1] ^= *RK++; in mbedtls_internal_aes_encrypt()
896 t.X[2] = MBEDTLS_GET_UINT32_LE(input, 8); t.X[2] ^= *RK++; in mbedtls_internal_aes_encrypt()
897 t.X[3] = MBEDTLS_GET_UINT32_LE(input, 12); t.X[3] ^= *RK++; in mbedtls_internal_aes_encrypt()
900 AES_FROUND(t.Y[0], t.Y[1], t.Y[2], t.Y[3], t.X[0], t.X[1], t.X[2], t.X[3]); in mbedtls_internal_aes_encrypt()
901 AES_FROUND(t.X[0], t.X[1], t.X[2], t.X[3], t.Y[0], t.Y[1], t.Y[2], t.Y[3]); in mbedtls_internal_aes_encrypt()
904 AES_FROUND(t.Y[0], t.Y[1], t.Y[2], t.Y[3], t.X[0], t.X[1], t.X[2], t.X[3]); in mbedtls_internal_aes_encrypt()
906 t.X[0] = *RK++ ^ \ in mbedtls_internal_aes_encrypt()
907 ((uint32_t) FSb[MBEDTLS_BYTE_0(t.Y[0])]) ^ in mbedtls_internal_aes_encrypt()
[all …]
|
| D | timing.c | 68 struct _hr_time *t = (struct _hr_time *) val; in mbedtls_timing_get_timer() local
71 QueryPerformanceCounter(&t->start); in mbedtls_timing_get_timer()
78 delta = (unsigned long) ((now.QuadPart - t->start.QuadPart) * 1000ul in mbedtls_timing_get_timer()
88 struct _hr_time *t = (struct _hr_time *) val; in mbedtls_timing_get_timer() local
91 gettimeofday(&t->start, NULL); in mbedtls_timing_get_timer()
97 delta = (now.tv_sec - t->start.tv_sec) * 1000ul in mbedtls_timing_get_timer()
98 + (now.tv_usec - t->start.tv_usec) / 1000; in mbedtls_timing_get_timer()
|
| D | hkdf.c | 74 unsigned char t[MBEDTLS_MD_MAX_SIZE]; in mbedtls_hkdf_expand() local
111 memset(t, 0, hash_len); in mbedtls_hkdf_expand()
126 ret = mbedtls_md_hmac_update(&ctx, t, t_len); in mbedtls_hkdf_expand()
143 ret = mbedtls_md_hmac_finish(&ctx, t); in mbedtls_hkdf_expand()
149 memcpy(okm + where, t, num_to_copy); in mbedtls_hkdf_expand()
156 mbedtls_platform_zeroize(t, sizeof(t)); in mbedtls_hkdf_expand()
|
| D | nist_kw.c | 113 static void calc_a_xor_t(unsigned char A[KW_SEMIBLOCK_LENGTH], uint64_t t) in calc_a_xor_t() argument
116 for (i = 0; i < sizeof(t); i++) { in calc_a_xor_t()
117 A[i] ^= (t >> ((sizeof(t) - 1 - i) * 8)) & 0xff; in calc_a_xor_t()
134 uint64_t t = 0; in mbedtls_nist_kw_wrap() local
214 for (t = 1; t <= s; t++) { in mbedtls_nist_kw_wrap()
225 calc_a_xor_t(A, t); in mbedtls_nist_kw_wrap()
264 uint64_t t = 0; in unwrap() local
279 for (t = s; t >= 1; t--) { in unwrap()
280 calc_a_xor_t(A, t); in unwrap()
|
| D | bignum_core.c | 413 mbedtls_mpi_uint t = c + A[i]; in mbedtls_mpi_core_add() local
414 c = (t < A[i]); in mbedtls_mpi_core_add()
415 t += B[i]; in mbedtls_mpi_core_add()
416 c += (t < B[i]); in mbedtls_mpi_core_add()
417 X[i] = t; in mbedtls_mpi_core_add()
434 mbedtls_mpi_uint t = c + X[i]; in mbedtls_mpi_core_add_if() local
435 c = (t < X[i]); in mbedtls_mpi_core_add_if()
436 t += add; in mbedtls_mpi_core_add_if()
437 c += (t < add); in mbedtls_mpi_core_add_if()
438 X[i] = t; in mbedtls_mpi_core_add_if()
[all …]
|
| D | sha256.c | 380 for (int t = 16; t < 64; t += 16) { in mbedtls_internal_sha256_process_many_a64_crypto() local
383 tmp = vaddq_u32(sched0, vld1q_u32(&K[t])); in mbedtls_internal_sha256_process_many_a64_crypto()
390 tmp = vaddq_u32(sched1, vld1q_u32(&K[t + 4])); in mbedtls_internal_sha256_process_many_a64_crypto()
397 tmp = vaddq_u32(sched2, vld1q_u32(&K[t + 8])); in mbedtls_internal_sha256_process_many_a64_crypto()
404 tmp = vaddq_u32(sched3, vld1q_u32(&K[t + 12])); in mbedtls_internal_sha256_process_many_a64_crypto()
467 #define R(t) \ argument
469 local.W[t] = S1(local.W[(t) - 2]) + local.W[(t) - 7] + \
470 S0(local.W[(t) - 15]) + local.W[(t) - 16] \
|
| D | aria.c | 326 uint32_t t, u; in aria_rot128() local
332 t = ARIA_P3(b[j]); // big endian in aria_rot128()
336 t <<= n1; // rotate in aria_rot128()
337 t |= u >> n2; in aria_rot128()
338 t = ARIA_P3(t); // back to little endian in aria_rot128()
339 r[i] = a[i] ^ t; // store in aria_rot128()
340 t = u; // move to next word in aria_rot128()
422 uint32_t t = ctx->rk[i][k]; in mbedtls_aria_setkey_dec() local
424 ctx->rk[j][k] = t; in mbedtls_aria_setkey_dec()
|
| D | ssl_cache.c | 44 mbedtls_time_t t = mbedtls_time(NULL); in ssl_cache_find_entry() local
51 (int) (t - cur->timestamp) > cache->timeout) { in ssl_cache_find_entry()
136 mbedtls_time_t t = mbedtls_time(NULL), oldest = 0; in ssl_cache_pick_writing_slot() local
171 (int) (t - cur->timestamp) > cache->timeout) { in ssl_cache_pick_writing_slot()
239 cur->timestamp = t; in ssl_cache_pick_writing_slot()
|
| D | bignum.c | 1396 size_t i, n, t, k; in mbedtls_mpi_div_mpi() local
1445 t = Y.n - 1; in mbedtls_mpi_div_mpi()
1446 MBEDTLS_MPI_CHK(mbedtls_mpi_shift_l(&Y, biL * (n - t))); in mbedtls_mpi_div_mpi()
1449 Z.p[n - t]++; in mbedtls_mpi_div_mpi()
1452 MBEDTLS_MPI_CHK(mbedtls_mpi_shift_r(&Y, biL * (n - t))); in mbedtls_mpi_div_mpi()
1454 for (i = n; i > t; i--) { in mbedtls_mpi_div_mpi()
1455 if (X.p[i] >= Y.p[t]) { in mbedtls_mpi_div_mpi()
1456 Z.p[i - t - 1] = ~(mbedtls_mpi_uint) 0u; in mbedtls_mpi_div_mpi()
1458 Z.p[i - t - 1] = mbedtls_int_div_int(X.p[i], X.p[i - 1], in mbedtls_mpi_div_mpi()
1459 Y.p[t], NULL); in mbedtls_mpi_div_mpi()
[all …]
|
| D | x509write_crt.c | 388 const char *t, size_t size) in x509_write_time() argument
396 if (t[0] < '2' || (t[0] == '2' && t[1] == '0' && t[2] < '5')) { in x509_write_time()
398 (const unsigned char *) t + 2, in x509_write_time()
405 (const unsigned char *) t, in x509_write_time()
|
| D | ssl_cookie.c | 196 unsigned long t; in mbedtls_ssl_cookie_write() local
205 t = (unsigned long) mbedtls_time(NULL); in mbedtls_ssl_cookie_write()
207 t = ctx->serial++; in mbedtls_ssl_cookie_write()
210 MBEDTLS_PUT_UINT32_BE(t, *p, 0); in mbedtls_ssl_cookie_write()
|
| D | sha512.c | 479 for (unsigned int t = 16; t < 80; t += 16) { in mbedtls_internal_sha512_process_many_a64_crypto() local
482 initial_sum = vaddq_u64(s0, vld1q_u64(&K[t])); in mbedtls_internal_sha512_process_many_a64_crypto()
490 initial_sum = vaddq_u64(s1, vld1q_u64(&K[t + 2])); in mbedtls_internal_sha512_process_many_a64_crypto()
498 initial_sum = vaddq_u64(s2, vld1q_u64(&K[t + 4])); in mbedtls_internal_sha512_process_many_a64_crypto()
506 initial_sum = vaddq_u64(s3, vld1q_u64(&K[t + 6])); in mbedtls_internal_sha512_process_many_a64_crypto()
514 initial_sum = vaddq_u64(s4, vld1q_u64(&K[t + 8])); in mbedtls_internal_sha512_process_many_a64_crypto()
522 initial_sum = vaddq_u64(s5, vld1q_u64(&K[t + 10])); in mbedtls_internal_sha512_process_many_a64_crypto()
530 initial_sum = vaddq_u64(s6, vld1q_u64(&K[t + 12])); in mbedtls_internal_sha512_process_many_a64_crypto()
538 initial_sum = vaddq_u64(s7, vld1q_u64(&K[t + 14])); in mbedtls_internal_sha512_process_many_a64_crypto()
|
| D | camellia.c | 298 unsigned char t[64]; in mbedtls_camellia_setkey_enc() local
305 memset(t, 0, 64); in mbedtls_camellia_setkey_enc()
316 t[i] = key[i]; in mbedtls_camellia_setkey_enc()
321 t[24 + i] = ~t[16 + i]; in mbedtls_camellia_setkey_enc()
341 KC[i] = MBEDTLS_GET_UINT32_BE(t, i * 4); in mbedtls_camellia_setkey_enc()
|
| D | bn_mul.h | 103 { mbedtls_mpi_uint t; \
126 : "=m" (t), "=m" (c), "=m" (d), "=m" (s) \
127 : "m" (t), "m" (s), "m" (d), "m" (c), "m" (b) \
204 : "=m" (t), "=m" (c), "=m" (d), "=m" (s) \
205 : "m" (t), "m" (s), "m" (d), "m" (c), "m" (b) \
|
| /mbedtls-3.7.0/tests/suites/ |
| D | test_suite_constant_time.function | 97 unsigned char l = li, h = hi, t = ti;
100 unsigned char expected = (x >= l) && (x <= h) ? t : 0;
105 TEST_CF_SECRET(&t, sizeof(t));
107 TEST_EQUAL(mbedtls_ct_uchar_in_range_if(l, h, (unsigned char) x, t), expected);
112 TEST_CF_PUBLIC(&t, sizeof(t));
118 void mbedtls_ct_error_if(int cond, int t, int f)
122 int expected = c ? t : f;
123 int expected0 = c ? t : 0;
126 TEST_CF_SECRET(&t, sizeof(t));
129 TEST_EQUAL(mbedtls_ct_error_if(c, t, f), expected);
[all …]
|
| D | test_suite_ssl_decrypt.function | 78 /* Shorter input buffer. Either the MAC will be wrong, or there isn't
96 * so the exact error doesn't matter, but we don't want a crash. */
100 /* We won't write to buf1[0] since it's out of range, so we can cast
132 * the test framework doesn't support alternation in dependency statements,
275 * maximal length padding is used, this is less relevant but still doesn't
|
| D | test_suite_psa_crypto_low_hash.function | 53 /* We don't test with a smaller output buffer because this isn't
142 /* We don't test with a smaller output buffer because this isn't
|
| /mbedtls-3.7.0/3rdparty/p256-m/p256-m/ |
| D | p256-m.c | 186 static uint64_t u32_muladd64(uint32_t x, uint32_t y, uint32_t z, uint32_t t);
217 static uint64_t u32_muladd64(uint32_t x, uint32_t y, uint32_t z, uint32_t t) in u32_muladd64() argument
222 : [z] "+l" (z), [t] "+l" (t) in u32_muladd64()
225 return ((uint64_t) t << 32) | z; in u32_muladd64()
242 static uint64_t u32_muladd64(uint32_t x, uint32_t y, uint32_t z, uint32_t t) in u32_muladd64() argument
289 : [z] "l" (z), [t] "l" (t) in u32_muladd64()
304 static uint64_t u32_muladd64(uint32_t x, uint32_t y, uint32_t z, uint32_t t) in u32_muladd64() argument
306 return (uint64_t) x * y + z + t; in u32_muladd64()
310 static uint64_t u32_muladd64(uint32_t x, uint32_t y, uint32_t z, uint32_t t) in u32_muladd64() argument
329 acc += t; in u32_muladd64()
[all …]
|
| /mbedtls-3.7.0/3rdparty/everest/include/everest/kremlin/internal/ |
| D | target.h | 69 #define KRML_EABORT(t, msg) \ argument
71 KRML_HOST_EXIT(255), *((t *)KRML_HOST_MALLOC(sizeof(t))))
|
| /mbedtls-3.7.0/3rdparty/everest/library/ |
| D | Hacl_Curve25519.c | 121 uint128_t t[5U]; in Hacl_Bignum_Fmul_fmul() local
125 t[_i] = (uint128_t)(uint64_t)0U; in Hacl_Bignum_Fmul_fmul()
136 Hacl_Bignum_Fmul_mul_shift_reduce_(t, tmp, input2); in Hacl_Bignum_Fmul_fmul()
137 Hacl_Bignum_Fproduct_carry_wide_(t); in Hacl_Bignum_Fmul_fmul()
138 b4 = t[4U]; in Hacl_Bignum_Fmul_fmul()
139 b0 = t[0U]; in Hacl_Bignum_Fmul_fmul()
142 t[4U] = b4_; in Hacl_Bignum_Fmul_fmul()
143 t[0U] = b0_; in Hacl_Bignum_Fmul_fmul()
144 Hacl_Bignum_Fproduct_copy_from_wide_(output, t); in Hacl_Bignum_Fmul_fmul()
220 uint128_t t[5U]; in Hacl_Bignum_Fsquare_fsquare_times() local
[all …]
|
| /mbedtls-3.7.0/3rdparty/everest/library/legacy/ |
| D | Hacl_Curve25519.c | 133 FStar_UInt128_uint128 t[5U]; in Hacl_Bignum_Fmul_fmul() local
137 t[_i] = FStar_UInt128_uint64_to_uint128((uint64_t)0U); in Hacl_Bignum_Fmul_fmul()
148 Hacl_Bignum_Fmul_mul_shift_reduce_(t, tmp, input2); in Hacl_Bignum_Fmul_fmul()
149 Hacl_Bignum_Fproduct_carry_wide_(t); in Hacl_Bignum_Fmul_fmul()
150 b4 = t[4U]; in Hacl_Bignum_Fmul_fmul()
151 b0 = t[0U]; in Hacl_Bignum_Fmul_fmul()
157 t[4U] = b4_; in Hacl_Bignum_Fmul_fmul()
158 t[0U] = b0_; in Hacl_Bignum_Fmul_fmul()
159 Hacl_Bignum_Fproduct_copy_from_wide_(output, t); in Hacl_Bignum_Fmul_fmul()
262 FStar_UInt128_uint128 t[5U]; in Hacl_Bignum_Fsquare_fsquare_times() local
[all …]
|
| /mbedtls-3.7.0/ |
| D | SECURITY.md | 36 being implemented. (For example Mbed TLS alone won't guarantee that the
37 messages will arrive without delay, as the TLS protocol doesn't guarantee that
82 Mbed TLS doesn't make any security guarantees against local non-timing-based
91 Mbed TLS doesn't make any security guarantees against local fault injection
101 Mbed TLS doesn't make any security guarantees against physical attacks. If
109 Mbed TLS has evolved organically and a well defined threat model hasn't always
113 The presence of such countermeasures don't mean that Mbed TLS provides
|
| D | .pylintrc | 14 # We prefer docstrings, but we don't require them on all functions.
28 # Some functions don't need docstrings.
70 # Don't diplay statistics. Just the facts.
|
| /mbedtls-3.7.0/docs/architecture/psa-migration/ |
| D | md-cipher-dispatch.md | 54 …ing legacy interfaces (less code size, less maintenance). However, this can't be done without brea…
56 …erfaces under the hood, without breaking code in the cases where this doesn't work. Using PSA inte…
74 …perimental and may change or be removed without notice.” In practice we don't want to remove this,…
76 …gh this wouldn't be considered a backward compatibility break anyway, since we don't promise that …
93 …mbedtls/issues/6497)). This effectively extends the option to modules that aren't directly covered.
196 …e `MBEDTLS_MD5_C` for PEM decoding with PBKDF1 but don't want `PSA_ALG_WANT_MD5` because it isn't …
202 … is called from X.509 code, it should use PSA to calculate hashes. It doesn't, currently, which is…
211 …re is not enabled in `mbedtls_config.h` or `psa_config.h` doesn't guarantee that it won't be enabl…
254 …MBEDTLS_SHA256_C` is enabled, then I want RSA-PSS to support SHA-256. I don't care about negative …
255 …one at the level of PSA before it calls the RSA module, though, so it doesn't have any implication…
[all …]
|
