| /mbedtls-latest/library/ |
| D | sha3.c | 108 uint64_t t; in keccak_f1600() local
116 t = lane[(i + 4) % 5] ^ ROTR64(lane[(i + 1) % 5], 63); in keccak_f1600()
117 s[i] ^= t; s[i + 5] ^= t; s[i + 10] ^= t; s[i + 15] ^= t; s[i + 20] ^= t; in keccak_f1600()
126 t = lane[4] ^ ROTR64(lane[1], 63); in keccak_f1600()
127 s[0] ^= t; s[5] ^= t; s[10] ^= t; s[15] ^= t; s[20] ^= t; in keccak_f1600()
129 t = lane[0] ^ ROTR64(lane[2], 63); in keccak_f1600()
130 s[1] ^= t; s[6] ^= t; s[11] ^= t; s[16] ^= t; s[21] ^= t; in keccak_f1600()
132 t = lane[1] ^ ROTR64(lane[3], 63); in keccak_f1600()
133 s[2] ^= t; s[7] ^= t; s[12] ^= t; s[17] ^= t; s[22] ^= t; in keccak_f1600()
135 t = lane[2] ^ ROTR64(lane[4], 63); in keccak_f1600()
[all …]
|
| D | aes.c | 892 } t; in mbedtls_internal_aes_encrypt() local
894 t.X[0] = MBEDTLS_GET_UINT32_LE(input, 0); t.X[0] ^= *RK++; in mbedtls_internal_aes_encrypt()
895 t.X[1] = MBEDTLS_GET_UINT32_LE(input, 4); t.X[1] ^= *RK++; in mbedtls_internal_aes_encrypt()
896 t.X[2] = MBEDTLS_GET_UINT32_LE(input, 8); t.X[2] ^= *RK++; in mbedtls_internal_aes_encrypt()
897 t.X[3] = MBEDTLS_GET_UINT32_LE(input, 12); t.X[3] ^= *RK++; in mbedtls_internal_aes_encrypt()
900 AES_FROUND(t.Y[0], t.Y[1], t.Y[2], t.Y[3], t.X[0], t.X[1], t.X[2], t.X[3]); in mbedtls_internal_aes_encrypt()
901 AES_FROUND(t.X[0], t.X[1], t.X[2], t.X[3], t.Y[0], t.Y[1], t.Y[2], t.Y[3]); in mbedtls_internal_aes_encrypt()
904 AES_FROUND(t.Y[0], t.Y[1], t.Y[2], t.Y[3], t.X[0], t.X[1], t.X[2], t.X[3]); in mbedtls_internal_aes_encrypt()
906 t.X[0] = *RK++ ^ \ in mbedtls_internal_aes_encrypt()
907 ((uint32_t) FSb[MBEDTLS_BYTE_0(t.Y[0])]) ^ in mbedtls_internal_aes_encrypt()
[all …]
|
| D | nist_kw.c | 117 static void calc_a_xor_t(unsigned char A[KW_SEMIBLOCK_LENGTH], uint64_t t) in calc_a_xor_t() argument
120 for (i = 0; i < sizeof(t); i++) { in calc_a_xor_t()
121 A[i] ^= (t >> ((sizeof(t) - 1 - i) * 8)) & 0xff; in calc_a_xor_t()
138 uint64_t t = 0; in mbedtls_nist_kw_wrap() local
218 for (t = 1; t <= s; t++) { in mbedtls_nist_kw_wrap()
229 calc_a_xor_t(A, t); in mbedtls_nist_kw_wrap()
268 uint64_t t = 0; in unwrap() local
283 for (t = s; t >= 1; t--) { in unwrap()
284 calc_a_xor_t(A, t); in unwrap()
|
| D | timing.c | 68 struct _hr_time *t = (struct _hr_time *) val; in mbedtls_timing_get_timer() local
71 QueryPerformanceCounter(&t->start); in mbedtls_timing_get_timer()
78 delta = (unsigned long) ((now.QuadPart - t->start.QuadPart) * 1000ul in mbedtls_timing_get_timer()
88 struct _hr_time *t = (struct _hr_time *) val; in mbedtls_timing_get_timer() local
91 gettimeofday(&t->start, NULL); in mbedtls_timing_get_timer()
97 delta = (now.tv_sec - t->start.tv_sec) * 1000ul in mbedtls_timing_get_timer()
98 + (now.tv_usec - t->start.tv_usec) / 1000; in mbedtls_timing_get_timer()
|
| D | hkdf.c | 74 unsigned char t[MBEDTLS_MD_MAX_SIZE]; in mbedtls_hkdf_expand() local
111 memset(t, 0, hash_len); in mbedtls_hkdf_expand()
126 ret = mbedtls_md_hmac_update(&ctx, t, t_len); in mbedtls_hkdf_expand()
143 ret = mbedtls_md_hmac_finish(&ctx, t); in mbedtls_hkdf_expand()
149 memcpy(okm + where, t, num_to_copy); in mbedtls_hkdf_expand()
156 mbedtls_platform_zeroize(t, sizeof(t)); in mbedtls_hkdf_expand()
|
| D | bignum_core.c | 413 mbedtls_mpi_uint t = c + A[i]; in mbedtls_mpi_core_add() local
414 c = (t < A[i]); in mbedtls_mpi_core_add()
415 t += B[i]; in mbedtls_mpi_core_add()
416 c += (t < B[i]); in mbedtls_mpi_core_add()
417 X[i] = t; in mbedtls_mpi_core_add()
434 mbedtls_mpi_uint t = c + X[i]; in mbedtls_mpi_core_add_if() local
435 c = (t < X[i]); in mbedtls_mpi_core_add_if()
436 t += add; in mbedtls_mpi_core_add_if()
437 c += (t < add); in mbedtls_mpi_core_add_if()
438 X[i] = t; in mbedtls_mpi_core_add_if()
[all …]
|
| D | sha256.c | 384 for (int t = 16; t < 64; t += 16) { in mbedtls_internal_sha256_process_many_a64_crypto() local
387 tmp = vaddq_u32(sched0, vld1q_u32(&K[t])); in mbedtls_internal_sha256_process_many_a64_crypto()
394 tmp = vaddq_u32(sched1, vld1q_u32(&K[t + 4])); in mbedtls_internal_sha256_process_many_a64_crypto()
401 tmp = vaddq_u32(sched2, vld1q_u32(&K[t + 8])); in mbedtls_internal_sha256_process_many_a64_crypto()
408 tmp = vaddq_u32(sched3, vld1q_u32(&K[t + 12])); in mbedtls_internal_sha256_process_many_a64_crypto()
471 #define R(t) \ argument
473 local.W[t] = S1(local.W[(t) - 2]) + local.W[(t) - 7] + \
474 S0(local.W[(t) - 15]) + local.W[(t) - 16] \
|
| D | aria.c | 326 uint32_t t, u; in aria_rot128() local
332 t = ARIA_P3(b[j]); // big endian in aria_rot128()
336 t <<= n1; // rotate in aria_rot128()
337 t |= u >> n2; in aria_rot128()
338 t = ARIA_P3(t); // back to little endian in aria_rot128()
339 r[i] = a[i] ^ t; // store in aria_rot128()
340 t = u; // move to next word in aria_rot128()
422 uint32_t t = ctx->rk[i][k]; in mbedtls_aria_setkey_dec() local
424 ctx->rk[j][k] = t; in mbedtls_aria_setkey_dec()
|
| D | bignum.c | 1397 size_t i, n, t, k; in mbedtls_mpi_div_mpi() local
1446 t = Y.n - 1; in mbedtls_mpi_div_mpi()
1447 MBEDTLS_MPI_CHK(mbedtls_mpi_shift_l(&Y, biL * (n - t))); in mbedtls_mpi_div_mpi()
1450 Z.p[n - t]++; in mbedtls_mpi_div_mpi()
1453 MBEDTLS_MPI_CHK(mbedtls_mpi_shift_r(&Y, biL * (n - t))); in mbedtls_mpi_div_mpi()
1455 for (i = n; i > t; i--) { in mbedtls_mpi_div_mpi()
1456 if (X.p[i] >= Y.p[t]) { in mbedtls_mpi_div_mpi()
1457 Z.p[i - t - 1] = ~(mbedtls_mpi_uint) 0u; in mbedtls_mpi_div_mpi()
1459 Z.p[i - t - 1] = mbedtls_int_div_int(X.p[i], X.p[i - 1], in mbedtls_mpi_div_mpi()
1460 Y.p[t], NULL); in mbedtls_mpi_div_mpi()
[all …]
|
| D | ssl_cache.c | 44 mbedtls_time_t t = mbedtls_time(NULL); in ssl_cache_find_entry() local
51 (int) (t - cur->timestamp) > cache->timeout) { in ssl_cache_find_entry()
136 mbedtls_time_t t = mbedtls_time(NULL), oldest = 0; in ssl_cache_pick_writing_slot() local
171 (int) (t - cur->timestamp) > cache->timeout) { in ssl_cache_pick_writing_slot()
239 cur->timestamp = t; in ssl_cache_pick_writing_slot()
|
| D | x509write_crt.c | 392 const char *t, size_t size) in x509_write_time() argument
400 if (t[0] < '2' || (t[0] == '2' && t[1] == '0' && t[2] < '5')) { in x509_write_time()
402 (const unsigned char *) t + 2, in x509_write_time()
409 (const unsigned char *) t, in x509_write_time()
|
| D | sha512.c | 479 for (unsigned int t = 16; t < 80; t += 16) { in mbedtls_internal_sha512_process_many_a64_crypto() local
482 initial_sum = vaddq_u64(s0, vld1q_u64(&K[t])); in mbedtls_internal_sha512_process_many_a64_crypto()
490 initial_sum = vaddq_u64(s1, vld1q_u64(&K[t + 2])); in mbedtls_internal_sha512_process_many_a64_crypto()
498 initial_sum = vaddq_u64(s2, vld1q_u64(&K[t + 4])); in mbedtls_internal_sha512_process_many_a64_crypto()
506 initial_sum = vaddq_u64(s3, vld1q_u64(&K[t + 6])); in mbedtls_internal_sha512_process_many_a64_crypto()
514 initial_sum = vaddq_u64(s4, vld1q_u64(&K[t + 8])); in mbedtls_internal_sha512_process_many_a64_crypto()
522 initial_sum = vaddq_u64(s5, vld1q_u64(&K[t + 10])); in mbedtls_internal_sha512_process_many_a64_crypto()
530 initial_sum = vaddq_u64(s6, vld1q_u64(&K[t + 12])); in mbedtls_internal_sha512_process_many_a64_crypto()
538 initial_sum = vaddq_u64(s7, vld1q_u64(&K[t + 14])); in mbedtls_internal_sha512_process_many_a64_crypto()
|
| D | ssl_cookie.c | 200 unsigned long t; in mbedtls_ssl_cookie_write() local
209 t = (unsigned long) mbedtls_time(NULL); in mbedtls_ssl_cookie_write()
211 t = ctx->serial++; in mbedtls_ssl_cookie_write()
214 MBEDTLS_PUT_UINT32_BE(t, *p, 0); in mbedtls_ssl_cookie_write()
|
| D | camellia.c | 298 unsigned char t[64]; in mbedtls_camellia_setkey_enc() local
305 memset(t, 0, 64); in mbedtls_camellia_setkey_enc()
316 t[i] = key[i]; in mbedtls_camellia_setkey_enc()
321 t[24 + i] = ~t[16 + i]; in mbedtls_camellia_setkey_enc()
341 KC[i] = MBEDTLS_GET_UINT32_BE(t, i * 4); in mbedtls_camellia_setkey_enc()
|
| D | bn_mul.h | 103 { mbedtls_mpi_uint t; \
126 : "=m" (t), "=m" (c), "=m" (d), "=m" (s) \
127 : "m" (t), "m" (s), "m" (d), "m" (c), "m" (b) \
204 : "=m" (t), "=m" (c), "=m" (d), "=m" (s) \
205 : "m" (t), "m" (s), "m" (d), "m" (c), "m" (b) \
|
| /mbedtls-latest/tests/suites/ |
| D | test_suite_constant_time.function | 97 unsigned char l = li, h = hi, t = ti;
100 unsigned char expected = (x >= l) && (x <= h) ? t : 0;
105 TEST_CF_SECRET(&t, sizeof(t));
107 TEST_EQUAL(mbedtls_ct_uchar_in_range_if(l, h, (unsigned char) x, t), expected);
112 TEST_CF_PUBLIC(&t, sizeof(t));
118 void mbedtls_ct_error_if(int cond, int t, int f)
122 int expected = c ? t : f;
123 int expected0 = c ? t : 0;
126 TEST_CF_SECRET(&t, sizeof(t));
129 TEST_EQUAL(mbedtls_ct_error_if(c, t, f), expected);
[all …]
|
| D | test_suite_ssl_decrypt.function | 78 /* Shorter input buffer. Either the MAC will be wrong, or there isn't
96 * so the exact error doesn't matter, but we don't want a crash. */
100 /* We won't write to buf1[0] since it's out of range, so we can cast
132 * the test framework doesn't support alternation in dependency statements,
275 * maximal length padding is used, this is less relevant but still doesn't
|
| D | test_suite_psa_crypto_storage_format.function | 87 /* Mbed TLS doesn't support certain combinations of key type and algorithm
100 /* We test some configurations using drivers where the driver doesn't
103 * in those configurations, don't try to actually perform operations.
105 * Hash-and-sign algorithms where the asymmetric part doesn't use
113 /* Verification only. Verification doesn't use the hash algorithm. */
|
| D | test_suite_psa_crypto_low_hash.function | 53 /* We don't test with a smaller output buffer because this isn't
142 /* We don't test with a smaller output buffer because this isn't
|
| /mbedtls-latest/3rdparty/p256-m/p256-m/ |
| D | p256-m.c | 186 static uint64_t u32_muladd64(uint32_t x, uint32_t y, uint32_t z, uint32_t t);
217 static uint64_t u32_muladd64(uint32_t x, uint32_t y, uint32_t z, uint32_t t) in u32_muladd64() argument
222 : [z] "+l" (z), [t] "+l" (t) in u32_muladd64()
225 return ((uint64_t) t << 32) | z; in u32_muladd64()
242 static uint64_t u32_muladd64(uint32_t x, uint32_t y, uint32_t z, uint32_t t) in u32_muladd64() argument
289 : [z] "l" (z), [t] "l" (t) in u32_muladd64()
304 static uint64_t u32_muladd64(uint32_t x, uint32_t y, uint32_t z, uint32_t t) in u32_muladd64() argument
306 return (uint64_t) x * y + z + t; in u32_muladd64()
310 static uint64_t u32_muladd64(uint32_t x, uint32_t y, uint32_t z, uint32_t t) in u32_muladd64() argument
329 acc += t; in u32_muladd64()
[all …]
|
| /mbedtls-latest/3rdparty/everest/library/ |
| D | Hacl_Curve25519.c | 121 uint128_t t[5U]; in Hacl_Bignum_Fmul_fmul() local
125 t[_i] = (uint128_t)(uint64_t)0U; in Hacl_Bignum_Fmul_fmul()
136 Hacl_Bignum_Fmul_mul_shift_reduce_(t, tmp, input2); in Hacl_Bignum_Fmul_fmul()
137 Hacl_Bignum_Fproduct_carry_wide_(t); in Hacl_Bignum_Fmul_fmul()
138 b4 = t[4U]; in Hacl_Bignum_Fmul_fmul()
139 b0 = t[0U]; in Hacl_Bignum_Fmul_fmul()
142 t[4U] = b4_; in Hacl_Bignum_Fmul_fmul()
143 t[0U] = b0_; in Hacl_Bignum_Fmul_fmul()
144 Hacl_Bignum_Fproduct_copy_from_wide_(output, t); in Hacl_Bignum_Fmul_fmul()
220 uint128_t t[5U]; in Hacl_Bignum_Fsquare_fsquare_times() local
[all …]
|
| /mbedtls-latest/3rdparty/everest/library/legacy/ |
| D | Hacl_Curve25519.c | 133 FStar_UInt128_uint128 t[5U]; in Hacl_Bignum_Fmul_fmul() local
137 t[_i] = FStar_UInt128_uint64_to_uint128((uint64_t)0U); in Hacl_Bignum_Fmul_fmul()
148 Hacl_Bignum_Fmul_mul_shift_reduce_(t, tmp, input2); in Hacl_Bignum_Fmul_fmul()
149 Hacl_Bignum_Fproduct_carry_wide_(t); in Hacl_Bignum_Fmul_fmul()
150 b4 = t[4U]; in Hacl_Bignum_Fmul_fmul()
151 b0 = t[0U]; in Hacl_Bignum_Fmul_fmul()
157 t[4U] = b4_; in Hacl_Bignum_Fmul_fmul()
158 t[0U] = b0_; in Hacl_Bignum_Fmul_fmul()
159 Hacl_Bignum_Fproduct_copy_from_wide_(output, t); in Hacl_Bignum_Fmul_fmul()
262 FStar_UInt128_uint128 t[5U]; in Hacl_Bignum_Fsquare_fsquare_times() local
[all …]
|
| /mbedtls-latest/3rdparty/everest/include/everest/kremlin/internal/ |
| D | target.h | 69 #define KRML_EABORT(t, msg) \ argument
71 KRML_HOST_EXIT(255), *((t *)KRML_HOST_MALLOC(sizeof(t))))
|
| /mbedtls-latest/ |
| D | SECURITY.md | 36 being implemented. (For example Mbed TLS alone won't guarantee that the
37 messages will arrive without delay, as the TLS protocol doesn't guarantee that
82 Mbed TLS doesn't make any security guarantees against local non-timing-based
91 Mbed TLS doesn't make any security guarantees against local fault injection
101 Mbed TLS doesn't make any security guarantees against physical attacks. If
109 Mbed TLS has evolved organically and a well defined threat model hasn't always
113 The presence of such countermeasures don't mean that Mbed TLS provides
|
| /mbedtls-latest/docs/architecture/psa-migration/ |
| D | md-cipher-dispatch.md | 54 …ing legacy interfaces (less code size, less maintenance). However, this can't be done without brea…
56 …erfaces under the hood, without breaking code in the cases where this doesn't work. Using PSA inte…
74 …perimental and may change or be removed without notice.” In practice we don't want to remove this,…
76 …gh this wouldn't be considered a backward compatibility break anyway, since we don't promise that …
93 …mbedtls/issues/6497)). This effectively extends the option to modules that aren't directly covered.
196 …e `MBEDTLS_MD5_C` for PEM decoding with PBKDF1 but don't want `PSA_ALG_WANT_MD5` because it isn't …
202 … is called from X.509 code, it should use PSA to calculate hashes. It doesn't, currently, which is…
211 …re is not enabled in `mbedtls_config.h` or `psa_config.h` doesn't guarantee that it won't be enabl…
254 …MBEDTLS_SHA256_C` is enabled, then I want RSA-PSS to support SHA-256. I don't care about negative …
255 …one at the level of PSA before it calls the RSA module, though, so it doesn't have any implication…
[all …]
|
