This is only needed for CFG80211_REQUIRE_SIGNED_REGDB which is not an
essential feature. CONFIG_SYSTEM_DATA_VERIFICATION is included in Linux
kernel 4.3 and later. Ubuntu activates this in all kernel versions I
used for testing. Maintaining this in backpors is some effort, remove
it.
Signed-off-by: Hauke Mehrtens <hauke@xxxxxxxxxx>
---
.../backport-include/keys/asymmetric-type.h | 35 -
.../backport-include/keys/system_keyring.h | 10 -
backport/backport-include/linux/key.h | 66 -
.../backport-include/linux/verification.h | 29 -
backport/compat/Kconfig | 26 -
backport/compat/Makefile | 28 -
backport/compat/verification/asn1parse.c | 393 ---
backport/compat/verification/bignum.c | 2458 -----------------
backport/compat/verification/key.c | 172 --
backport/compat/verification/mbedtls/asn1.h | 342 ---
backport/compat/verification/mbedtls/bignum.h | 760 -----
backport/compat/verification/mbedtls/bn_mul.h | 887 ------
backport/compat/verification/mbedtls/config.h | 15 -
backport/compat/verification/mbedtls/md.h | 354 ---
.../compat/verification/mbedtls/md_internal.h | 116 -
backport/compat/verification/mbedtls/oid.h | 570 ----
backport/compat/verification/mbedtls/pk.h | 618 -----
.../compat/verification/mbedtls/platform.h | 12 -
backport/compat/verification/mbedtls/rsa.h | 672 -----
backport/compat/verification/mbedtls/sha1.h | 135 -
backport/compat/verification/mbedtls/sha256.h | 140 -
backport/compat/verification/md.c | 471 ----
backport/compat/verification/md_wrap.c | 577 ----
backport/compat/verification/oid.c | 709 -----
backport/compat/verification/pkcs7.asn1.c | 355 ---
backport/compat/verification/pkcs7.asn1.h | 27 -
backport/compat/verification/public_key.c | 131 -
backport/compat/verification/rsa.c | 1872 -------------
backport/compat/verification/rsapubkey.asn1.c | 38 -
backport/compat/verification/rsapubkey.asn1.h | 15 -
backport/compat/verification/sha256.c | 458 ---
backport/compat/verification/verify.c | 65 -
backport/compat/verification/x509.asn1.c | 185 --
backport/compat/verification/x509.asn1.h | 23 -
backport/compat/verification/x509_akid.asn1.c | 144 -
backport/compat/verification/x509_akid.asn1.h | 15 -
copy-list | 13 -
copy-list.hwsim | 13 -
patches/verify.patch | 101 -
39 files changed, 13050 deletions(-)
delete mode 100644 backport/backport-include/keys/asymmetric-type.h
delete mode 100644 backport/backport-include/keys/system_keyring.h
delete mode 100644 backport/backport-include/linux/key.h
delete mode 100644 backport/backport-include/linux/verification.h
delete mode 100644 backport/compat/verification/asn1parse.c
delete mode 100644 backport/compat/verification/bignum.c
delete mode 100644 backport/compat/verification/key.c
delete mode 100644 backport/compat/verification/mbedtls/asn1.h
delete mode 100644 backport/compat/verification/mbedtls/bignum.h
delete mode 100644 backport/compat/verification/mbedtls/bn_mul.h
delete mode 100644 backport/compat/verification/mbedtls/config.h
delete mode 100644 backport/compat/verification/mbedtls/md.h
delete mode 100644 backport/compat/verification/mbedtls/md_internal.h
delete mode 100644 backport/compat/verification/mbedtls/oid.h
delete mode 100644 backport/compat/verification/mbedtls/pk.h
delete mode 100644 backport/compat/verification/mbedtls/platform.h
delete mode 100644 backport/compat/verification/mbedtls/rsa.h
delete mode 100644 backport/compat/verification/mbedtls/sha1.h
delete mode 100644 backport/compat/verification/mbedtls/sha256.h
delete mode 100644 backport/compat/verification/md.c
delete mode 100644 backport/compat/verification/md_wrap.c
delete mode 100644 backport/compat/verification/oid.c
delete mode 100644 backport/compat/verification/pkcs7.asn1.c
delete mode 100644 backport/compat/verification/pkcs7.asn1.h
delete mode 100644 backport/compat/verification/public_key.c
delete mode 100644 backport/compat/verification/rsa.c
delete mode 100644 backport/compat/verification/rsapubkey.asn1.c
delete mode 100644 backport/compat/verification/rsapubkey.asn1.h
delete mode 100644 backport/compat/verification/sha256.c
delete mode 100644 backport/compat/verification/verify.c
delete mode 100644 backport/compat/verification/x509.asn1.c
delete mode 100644 backport/compat/verification/x509.asn1.h
delete mode 100644 backport/compat/verification/x509_akid.asn1.c
delete mode 100644 backport/compat/verification/x509_akid.asn1.h
delete mode 100644 patches/verify.patch
diff --git a/backport/backport-include/keys/asymmetric-type.h b/backport/backport-include/keys/asymmetric-type.h
deleted file mode 100644
index 5744de9c..00000000
--- a/backport/backport-include/keys/asymmetric-type.h
+++ /dev/null
@@ -1,35 +0,0 @@
-#ifndef __BP_ASYMMETRIC_TYPE_H
-#define __BP_ASYMMETRIC_TYPE_H
-#ifdef CPTCFG_BPAUTO_BUILD_SYSTEM_DATA_VERIFICATION
-
-#include <linux/string.h>
-
-struct asymmetric_key_id {
- unsigned short len;
- unsigned char data[];
-};
-
-struct asymmetric_key_ids {
- struct asymmetric_key_id *id[2];
-};
-
-static inline bool asymmetric_key_id_same(const struct asymmetric_key_id *kid1,
- const struct asymmetric_key_id *kid2)
-{
- if (!kid1 || !kid2)
- return false;
- if (kid1->len != kid2->len)
- return false;
- return memcmp(kid1->data, kid2->data, kid1->len) == 0;
-}
-
-extern struct asymmetric_key_id *
-asymmetric_key_generate_id(const void *val_1, size_t len_1,
- const void *val_2, size_t len_2);
-
-extern struct key *find_asymmetric_key(struct key *keyring,
- const struct asymmetric_key_id *id_0,
- const struct asymmetric_key_id *id_1,
- bool partial);
-#endif
-#endif /* __BP_ASYMMETRIC_TYPE_H */
diff --git a/backport/backport-include/keys/system_keyring.h b/backport/backport-include/keys/system_keyring.h
deleted file mode 100644
index 00d2bfff..00000000
--- a/backport/backport-include/keys/system_keyring.h
+++ /dev/null
@@ -1,10 +0,0 @@
-#ifndef __BP_SYSTEM_KEYRING_H
-#define __BP_SYSTEM_KEYRING_H
-#ifndef CPTCFG_BPAUTO_BUILD_SYSTEM_DATA_VERIFICATION
-#include_next <keys/system_keyring.h>
-#else
-#include <linux/key.h>
-
-#define is_hash_blacklisted(...) 0
-#endif /* CPTCFG_BPAUTO_BUILD_SYSTEM_DATA_VERIFICATION */
-#endif /* __BP_SYSTEM_KEYRING_H */
diff --git a/backport/backport-include/linux/key.h b/backport/backport-include/linux/key.h
deleted file mode 100644
index e7abbf47..00000000
--- a/backport/backport-include/linux/key.h
+++ /dev/null
@@ -1,66 +0,0 @@
-#ifndef __BP_KEY_H
-#define __BP_KEY_H
-#ifndef CPTCFG_BPAUTO_BUILD_SYSTEM_DATA_VERIFICATION
-#include_next <linux/key.h>
-#else
-#include <linux/types.h>
-#include <linux/refcount.h>
-#include <linux/list.h>
-#include <keys/asymmetric-type.h>
-
-typedef uint32_t key_perm_t;
-
-struct key {
- refcount_t refcount;
- const char *description;
- s32 serial;
- struct list_head list;
-
- struct asymmetric_key_ids kids;
- struct public_key *public_key;
- struct public_key_signature *sig;
-
- bool keyring;
-};
-
-typedef struct __key_reference_with_attributes *key_ref_t;
-
-static inline key_ref_t make_key_ref(const struct key *key,
- bool possession)
-{
- return (key_ref_t) ((unsigned long) key | possession);
-}
-
-static inline struct key *key_ref_to_ptr(const key_ref_t key_ref)
-{
- return (struct key *) ((unsigned long) key_ref & ~1UL);
-}
-
-#define key_put LINUX_BACKPORT(key_put)
-extern void key_put(struct key *key);
-
-static inline void key_ref_put(key_ref_t key_ref)
-{
- key_put(key_ref_to_ptr(key_ref));
-}
-
-#define key_create_or_update(keyring, type, desc, payload, plen, perm, flags) \
- bp_key_create_or_update(keyring, desc, payload, plen)
-
-extern key_ref_t bp_key_create_or_update(key_ref_t keyring,
- const char *description,
- const void *payload,
- size_t plen);
-
-#define keyring_alloc(desc, uid, gid, cred, perm, flags, restrict, dest) \
- bp_keyring_alloc();
-
-extern struct key *bp_keyring_alloc(void);
-
-static inline s32 key_serial(const struct key *key)
-{
- return key ? key->serial : 0;
-}
-
-#endif /* CPTCFG_BPAUTO_BUILD_SYSTEM_DATA_VERIFICATION */
-#endif /* __BP_KEY_H */
diff --git a/backport/backport-include/linux/verification.h b/backport/backport-include/linux/verification.h
deleted file mode 100644
index ce5811e2..00000000
--- a/backport/backport-include/linux/verification.h
+++ /dev/null
@@ -1,29 +0,0 @@
-#ifndef __BP_VERIFICATION_H
-#define __BP_VERIFICATION_H
-#include <linux/version.h>
-#if !defined(CPTCFG_BPAUTO_BUILD_SYSTEM_DATA_VERIFICATION) && \
- defined(CONFIG_CRYPTO_HASH_INFO)
-#include_next <linux/verification.h>
-#else
-#include <linux/key.h>
-
-enum key_being_used_for {
- VERIFYING_MODULE_SIGNATURE,
- VERIFYING_FIRMWARE_SIGNATURE,
- VERIFYING_KEXEC_PE_SIGNATURE,
- VERIFYING_KEY_SIGNATURE,
- VERIFYING_KEY_SELF_SIGNATURE,
- VERIFYING_UNSPECIFIED_SIGNATURE,
- NR__KEY_BEING_USED_FOR
-};
-
-extern int verify_pkcs7_signature(const void *data, size_t len,
- const void *raw_pkcs7, size_t pkcs7_len,
- struct key *trusted_keys,
- enum key_being_used_for usage,
- int (*view_content)(void *ctx,
- const void *data, size_t len,
- size_t asn1hdrlen),
- void *ctx);
-#endif /* !defined(CPTCFG_BPAUTO_BUILD_SYSTEM_DATA_VERIFICATION) */
-#endif /* __BP_VERIFICATION_H */
diff --git a/backport/compat/Kconfig b/backport/compat/Kconfig
index 637c5610..d0585dbd 100644
--- a/backport/compat/Kconfig
+++ b/backport/compat/Kconfig
@@ -79,32 +79,6 @@ config BPAUTO_USERSEL_BUILD_ALL
config BPAUTO_WANT_DEV_COREDUMP
bool
-config BPAUTO_SYSTEM_DATA_VERIFICATION
- bool
-
-config BPAUTO_BUILD_SYSTEM_DATA_VERIFICATION
- bool
- default y if BPAUTO_SYSTEM_DATA_VERIFICATION
- depends on (KERNEL_4_7 || !SYSTEM_DATA_VERIFICATION) && CRYPTO_HASH_INFO
- select BPAUTO_ASN1_DECODER
- select BPAUTO_PUBLIC_KEY
- select BPAUTO_PKCS7
- #h-file linux/oid_registry.h
- #c-file lib/oid_registry.c
-
-config BPAUTO_PUBLIC_KEY
- bool
- #h-file crypto/public_key.h
-
-config BPAUTO_ASN1_DECODER
- bool
- #h-file linux/asn1_decoder.h
- #c-file lib/asn1_decoder.c
-
-config BPAUTO_PKCS7
- bool
- #h-file crypto/pkcs7.h
-
config BPAUTO_CRYPTO_LIB_ARC4
bool
diff --git a/backport/compat/Makefile b/backport/compat/Makefile
index 7c56e92f..c2b89176 100644
--- a/backport/compat/Makefile
+++ b/backport/compat/Makefile
@@ -16,31 +16,3 @@ compat-$(CPTCFG_KERNEL_5_11) += backport-5.11.o
compat-$(CPTCFG_KERNEL_5_13) += backport-5.13.o
compat-$(CPTCFG_KERNEL_5_15) += backport-5.15.o
-compat-$(CPTCFG_BPAUTO_BUILD_SYSTEM_DATA_VERIFICATION) += verification/verify.o
-compat-$(CPTCFG_BPAUTO_BUILD_SYSTEM_DATA_VERIFICATION) += verification/pkcs7.asn1.o
-compat-$(CPTCFG_BPAUTO_BUILD_SYSTEM_DATA_VERIFICATION) += verification/pkcs7_verify.o
-compat-$(CPTCFG_BPAUTO_BUILD_SYSTEM_DATA_VERIFICATION) += verification/pkcs7_parser.o
-compat-$(CPTCFG_BPAUTO_BUILD_SYSTEM_DATA_VERIFICATION) += verification/x509.asn1.o
-compat-$(CPTCFG_BPAUTO_BUILD_SYSTEM_DATA_VERIFICATION) += verification/x509_akid.asn1.o
-compat-$(CPTCFG_BPAUTO_BUILD_SYSTEM_DATA_VERIFICATION) += verification/x509_cert_parser.o
-compat-$(CPTCFG_BPAUTO_BUILD_SYSTEM_DATA_VERIFICATION) += verification/x509_public_key.o
-compat-$(CPTCFG_BPAUTO_BUILD_SYSTEM_DATA_VERIFICATION) += verification/pkcs7_trust.o
-compat-$(CPTCFG_BPAUTO_BUILD_SYSTEM_DATA_VERIFICATION) += verification/key.o
-compat-$(CPTCFG_BPAUTO_BUILD_SYSTEM_DATA_VERIFICATION) += verification/public_key.o
-compat-$(CPTCFG_BPAUTO_BUILD_SYSTEM_DATA_VERIFICATION) += verification/rsa.o
-compat-$(CPTCFG_BPAUTO_BUILD_SYSTEM_DATA_VERIFICATION) += verification/bignum.o
-compat-$(CPTCFG_BPAUTO_BUILD_SYSTEM_DATA_VERIFICATION) += verification/md.o
-compat-$(CPTCFG_BPAUTO_BUILD_SYSTEM_DATA_VERIFICATION) += verification/md_wrap.o
-compat-$(CPTCFG_BPAUTO_BUILD_SYSTEM_DATA_VERIFICATION) += verification/sha256.o
-compat-$(CPTCFG_BPAUTO_BUILD_SYSTEM_DATA_VERIFICATION) += verification/oid.o
-compat-$(CPTCFG_BPAUTO_BUILD_SYSTEM_DATA_VERIFICATION) += verification/asn1parse.o
-compat-$(CPTCFG_BPAUTO_BUILD_SYSTEM_DATA_VERIFICATION) += verification/rsapubkey.asn1.o
-
-$(obj)/lib-oid_registry.o: $(obj)/oid_registry_data.c
-
-$(obj)/oid_registry_data.c: $(src)/../include/linux/backport-oid_registry.h \
- $(src)/build_OID_registry
- $(call cmd,build_OID_registry)
-
-quiet_cmd_build_OID_registry = GEN $@
- cmd_build_OID_registry = perl $(src)/build_OID_registry $< $@
diff --git a/backport/compat/verification/asn1parse.c b/backport/compat/verification/asn1parse.c
deleted file mode 100644
index e81713c7..00000000
--- a/backport/compat/verification/asn1parse.c
+++ /dev/null
@@ -1,393 +0,0 @@
-/*
- * Generic ASN.1 parsing
- *
- * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
- * SPDX-License-Identifier: GPL-2.0
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License along
- * with this program; if not, write to the Free Software Foundation, Inc.,
- * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
- *
- * This file is part of mbed TLS (https://tls.mbed.org)
- */
-
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "mbedtls/config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
-
-#if defined(MBEDTLS_ASN1_PARSE_C)
-
-#include "mbedtls/asn1.h"
-
-#if defined(MBEDTLS_BIGNUM_C)
-#include "mbedtls/bignum.h"
-#endif
-
-#if defined(MBEDTLS_PLATFORM_C)
-#include "mbedtls/platform.h"
-#else
-#include <stdlib.h>
-#define mbedtls_calloc calloc
-#define mbedtls_free free
-#endif
-
-/* Implementation that should never be optimized out by the compiler */
-static void mbedtls_zeroize( void *v, size_t n ) {
- volatile unsigned char *p = (unsigned char*)v; while( n-- ) *p++ = 0;
-}
-
-/*
- * ASN.1 DER decoding routines
- */
-int mbedtls_asn1_get_len( unsigned char **p,
- const unsigned char *end,
- size_t *len )
-{
- if( ( end - *p ) < 1 )
- return( MBEDTLS_ERR_ASN1_OUT_OF_DATA );
-
- if( ( **p & 0x80 ) == 0 )
- *len = *(*p)++;
- else
- {
- switch( **p & 0x7F )
- {
- case 1:
- if( ( end - *p ) < 2 )
- return( MBEDTLS_ERR_ASN1_OUT_OF_DATA );
-
- *len = (*p)[1];
- (*p) += 2;
- break;
-
- case 2:
- if( ( end - *p ) < 3 )
- return( MBEDTLS_ERR_ASN1_OUT_OF_DATA );
-
- *len = ( (size_t)(*p)[1] << 8 ) | (*p)[2];
- (*p) += 3;
- break;
-
- case 3:
- if( ( end - *p ) < 4 )
- return( MBEDTLS_ERR_ASN1_OUT_OF_DATA );
-
- *len = ( (size_t)(*p)[1] << 16 ) |
- ( (size_t)(*p)[2] << 8 ) | (*p)[3];
- (*p) += 4;
- break;
-
- case 4:
- if( ( end - *p ) < 5 )
- return( MBEDTLS_ERR_ASN1_OUT_OF_DATA );
-
- *len = ( (size_t)(*p)[1] << 24 ) | ( (size_t)(*p)[2] << 16 ) |
- ( (size_t)(*p)[3] << 8 ) | (*p)[4];
- (*p) += 5;
- break;
-
- default:
- return( MBEDTLS_ERR_ASN1_INVALID_LENGTH );
- }
- }
-
- if( *len > (size_t) ( end - *p ) )
- return( MBEDTLS_ERR_ASN1_OUT_OF_DATA );
-
- return( 0 );
-}
-
-int mbedtls_asn1_get_tag( unsigned char **p,
- const unsigned char *end,
- size_t *len, int tag )
-{
- if( ( end - *p ) < 1 )
- return( MBEDTLS_ERR_ASN1_OUT_OF_DATA );
-
- if( **p != tag )
- return( MBEDTLS_ERR_ASN1_UNEXPECTED_TAG );
-
- (*p)++;
-
- return( mbedtls_asn1_get_len( p, end, len ) );
-}
-
-int mbedtls_asn1_get_bool( unsigned char **p,
- const unsigned char *end,
- int *val )
-{
- int ret;
- size_t len;
-
- if( ( ret = mbedtls_asn1_get_tag( p, end, &len, MBEDTLS_ASN1_BOOLEAN ) ) != 0 )
- return( ret );
-
- if( len != 1 )
- return( MBEDTLS_ERR_ASN1_INVALID_LENGTH );
-
- *val = ( **p != 0 ) ? 1 : 0;
- (*p)++;
-
- return( 0 );
-}
-
-int mbedtls_asn1_get_int( unsigned char **p,
- const unsigned char *end,
- int *val )
-{
- int ret;
- size_t len;
-
- if( ( ret = mbedtls_asn1_get_tag( p, end, &len, MBEDTLS_ASN1_INTEGER ) ) != 0 )
- return( ret );
-
- if( len == 0 || len > sizeof( int ) || ( **p & 0x80 ) != 0 )
- return( MBEDTLS_ERR_ASN1_INVALID_LENGTH );
-
- *val = 0;
-
- while( len-- > 0 )
- {
- *val = ( *val << 8 ) | **p;
- (*p)++;
- }
-
- return( 0 );
-}
-
-#if defined(MBEDTLS_BIGNUM_C)
-int mbedtls_asn1_get_mpi( unsigned char **p,
- const unsigned char *end,
- mbedtls_mpi *X )
-{
- int ret;
- size_t len;
-
- if( ( ret = mbedtls_asn1_get_tag( p, end, &len, MBEDTLS_ASN1_INTEGER ) ) != 0 )
- return( ret );
-
- ret = mbedtls_mpi_read_binary( X, *p, len );
-
- *p += len;
-
- return( ret );
-}
-#endif /* MBEDTLS_BIGNUM_C */
-
-int mbedtls_asn1_get_bitstring( unsigned char **p, const unsigned char *end,
- mbedtls_asn1_bitstring *bs)
-{
- int ret;
-
- /* Certificate type is a single byte bitstring */
- if( ( ret = mbedtls_asn1_get_tag( p, end, &bs->len, MBEDTLS_ASN1_BIT_STRING ) ) != 0 )
- return( ret );
-
- /* Check length, subtract one for actual bit string length */
- if( bs->len < 1 )
- return( MBEDTLS_ERR_ASN1_OUT_OF_DATA );
- bs->len -= 1;
-
- /* Get number of unused bits, ensure unused bits <= 7 */
- bs->unused_bits = **p;
- if( bs->unused_bits > 7 )
- return( MBEDTLS_ERR_ASN1_INVALID_LENGTH );
- (*p)++;
-
- /* Get actual bitstring */
- bs->p = *p;
- *p += bs->len;
-
- if( *p != end )
- return( MBEDTLS_ERR_ASN1_LENGTH_MISMATCH );
-
- return( 0 );
-}
-
-/*
- * Get a bit string without unused bits
- */
-int mbedtls_asn1_get_bitstring_null( unsigned char **p, const unsigned char *end,
- size_t *len )
-{
- int ret;
-
- if( ( ret = mbedtls_asn1_get_tag( p, end, len, MBEDTLS_ASN1_BIT_STRING ) ) != 0 )
- return( ret );
-
- if( (*len)-- < 2 || *(*p)++ != 0 )
- return( MBEDTLS_ERR_ASN1_INVALID_DATA );
-
- return( 0 );
-}
-
-
-
-/*
- * Parses and splits an ASN.1 "SEQUENCE OF <tag>"
- */
-int mbedtls_asn1_get_sequence_of( unsigned char **p,
- const unsigned char *end,
- mbedtls_asn1_sequence *cur,
- int tag)
-{
- int ret;
- size_t len;
- mbedtls_asn1_buf *buf;
-
- /* Get main sequence tag */
- if( ( ret = mbedtls_asn1_get_tag( p, end, &len,
- MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
- return( ret );
-
- if( *p + len != end )
- return( MBEDTLS_ERR_ASN1_LENGTH_MISMATCH );
-
- while( *p < end )
- {
- buf = &(cur->buf);
- buf->tag = **p;
-
- if( ( ret = mbedtls_asn1_get_tag( p, end, &buf->len, tag ) ) != 0 )
- return( ret );
-
- buf->p = *p;
- *p += buf->len;
-
- /* Allocate and assign next pointer */
- if( *p < end )
- {
- cur->next = (mbedtls_asn1_sequence*)mbedtls_calloc( 1,
- sizeof( mbedtls_asn1_sequence ) );
-
- if( cur->next == NULL )
- return( MBEDTLS_ERR_ASN1_ALLOC_FAILED );
-
- cur = cur->next;
- }
- }
-
- /* Set final sequence entry's next pointer to NULL */
- cur->next = NULL;
-
- if( *p != end )
- return( MBEDTLS_ERR_ASN1_LENGTH_MISMATCH );
-
- return( 0 );
-}
-
-int mbedtls_asn1_get_alg( unsigned char **p,
- const unsigned char *end,
- mbedtls_asn1_buf *alg, mbedtls_asn1_buf *params )
-{
- int ret;
- size_t len;
-
- if( ( ret = mbedtls_asn1_get_tag( p, end, &len,
- MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
- return( ret );
-
- if( ( end - *p ) < 1 )
- return( MBEDTLS_ERR_ASN1_OUT_OF_DATA );
-
- alg->tag = **p;
- end = *p + len;
-
- if( ( ret = mbedtls_asn1_get_tag( p, end, &alg->len, MBEDTLS_ASN1_OID ) ) != 0 )
- return( ret );
-
- alg->p = *p;
- *p += alg->len;
-
- if( *p == end )
- {
- mbedtls_zeroize( params, sizeof(mbedtls_asn1_buf) );
- return( 0 );
- }
-
- params->tag = **p;
- (*p)++;
-
- if( ( ret = mbedtls_asn1_get_len( p, end, ¶ms->len ) ) != 0 )
- return( ret );
-
- params->p = *p;
- *p += params->len;
-
- if( *p != end )
- return( MBEDTLS_ERR_ASN1_LENGTH_MISMATCH );
-
- return( 0 );
-}
-
-int mbedtls_asn1_get_alg_null( unsigned char **p,
- const unsigned char *end,
- mbedtls_asn1_buf *alg )
-{
- int ret;
- mbedtls_asn1_buf params;
-
- memset( ¶ms, 0, sizeof(mbedtls_asn1_buf) );
-
- if( ( ret = mbedtls_asn1_get_alg( p, end, alg, ¶ms ) ) != 0 )
- return( ret );
-
- if( ( params.tag != MBEDTLS_ASN1_NULL && params.tag != 0 ) || params.len != 0 )
- return( MBEDTLS_ERR_ASN1_INVALID_DATA );
-
- return( 0 );
-}
-
-void mbedtls_asn1_free_named_data( mbedtls_asn1_named_data *cur )
-{
- if( cur == NULL )
- return;
-
- mbedtls_free( cur->oid.p );
- mbedtls_free( cur->val.p );
-
- mbedtls_zeroize( cur, sizeof( mbedtls_asn1_named_data ) );
-}
-
-void mbedtls_asn1_free_named_data_list( mbedtls_asn1_named_data **head )
-{
- mbedtls_asn1_named_data *cur;
-
- while( ( cur = *head ) != NULL )
- {
- *head = cur->next;
- mbedtls_asn1_free_named_data( cur );
- mbedtls_free( cur );
- }
-}
-
-mbedtls_asn1_named_data *mbedtls_asn1_find_named_data( mbedtls_asn1_named_data *list,
- const char *oid, size_t len )
-{
- while( list != NULL )
- {
- if( list->oid.len == len &&
- memcmp( list->oid.p, oid, len ) == 0 )
- {
- break;
- }
-
- list = list->next;
- }
-
- return( list );
-}
-
-#endif /* MBEDTLS_ASN1_PARSE_C */
diff --git a/backport/compat/verification/bignum.c b/backport/compat/verification/bignum.c
deleted file mode 100644
index b8f65285..00000000
--- a/backport/compat/verification/bignum.c
+++ /dev/null
@@ -1,2458 +0,0 @@
-/*
- * Multi-precision integer library
- *
- * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
- * SPDX-License-Identifier: GPL-2.0
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License along
- * with this program; if not, write to the Free Software Foundation, Inc.,
- * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
- *
- * This file is part of mbed TLS (https://tls.mbed.org)
- */
-
-/*
- * The following sources were referenced in the design of this Multi-precision
- * Integer library:
- *
- * [1] Handbook of Applied Cryptography - 1997
- * Menezes, van Oorschot and Vanstone
- *
- * [2] Multi-Precision Math
- * Tom St Denis
- * https://github.com/libtom/libtommath/blob/develop/tommath.pdf
- *
- * [3] GNU Multi-Precision Arithmetic Library
- * https://gmplib.org/manual/index.html
- *
- */
-
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "mbedtls/config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
-
-#if defined(MBEDTLS_BIGNUM_C)
-
-#include "mbedtls/bignum.h"
-#include "mbedtls/bn_mul.h"
-
-#if defined(MBEDTLS_PLATFORM_C)
-#include "mbedtls/platform.h"
-#else
-#include <stdio.h>
-#include <stdlib.h>
-#define mbedtls_printf printf
-#define mbedtls_calloc calloc
-#define mbedtls_free free
-#endif
-
-/* Implementation that should never be optimized out by the compiler */
-static void mbedtls_mpi_zeroize( mbedtls_mpi_uint *v, size_t n ) {
- volatile mbedtls_mpi_uint *p = v; while( n-- ) *p++ = 0;
-}
-
-#define ciL (sizeof(mbedtls_mpi_uint)) /* chars in limb */
-#define biL (ciL << 3) /* bits in limb */
-#define biH (ciL << 2) /* half limb size */
-
-#define MPI_SIZE_T_MAX ( (size_t) -1 ) /* SIZE_T_MAX is not standard */
-
-/*
- * Convert between bits/chars and number of limbs
- * Divide first in order to avoid potential overflows
- */
-#define BITS_TO_LIMBS(i) ( (i) / biL + ( (i) % biL != 0 ) )
-#define CHARS_TO_LIMBS(i) ( (i) / ciL + ( (i) % ciL != 0 ) )
-
-/*
- * Initialize one MPI
- */
-void mbedtls_mpi_init( mbedtls_mpi *X )
-{
- if( X == NULL )
- return;
-
- X->s = 1;
- X->n = 0;
- X->p = NULL;
-}
-
-/*
- * Unallocate one MPI
- */
-void mbedtls_mpi_free( mbedtls_mpi *X )
-{
- if( X == NULL )
- return;
-
- if( X->p != NULL )
- {
- mbedtls_mpi_zeroize( X->p, X->n );
- mbedtls_free( X->p );
- }
-
- X->s = 1;
- X->n = 0;
- X->p = NULL;
-}
-
-/*
- * Enlarge to the specified number of limbs
- */
-int mbedtls_mpi_grow( mbedtls_mpi *X, size_t nblimbs )
-{
- mbedtls_mpi_uint *p;
-
- if( nblimbs > MBEDTLS_MPI_MAX_LIMBS )
- return( MBEDTLS_ERR_MPI_ALLOC_FAILED );
-
- if( X->n < nblimbs )
- {
- if( ( p = (mbedtls_mpi_uint*)mbedtls_calloc( nblimbs, ciL ) ) == NULL )
- return( MBEDTLS_ERR_MPI_ALLOC_FAILED );
-
- if( X->p != NULL )
- {
- memcpy( p, X->p, X->n * ciL );
- mbedtls_mpi_zeroize( X->p, X->n );
- mbedtls_free( X->p );
- }
-
- X->n = nblimbs;
- X->p = p;
- }
-
- return( 0 );
-}
-
-/*
- * Resize down as much as possible,
- * while keeping at least the specified number of limbs
- */
-int mbedtls_mpi_shrink( mbedtls_mpi *X, size_t nblimbs )
-{
- mbedtls_mpi_uint *p;
- size_t i;
-
- /* Actually resize up in this case */
- if( X->n <= nblimbs )
- return( mbedtls_mpi_grow( X, nblimbs ) );
-
- for( i = X->n - 1; i > 0; i-- )
- if( X->p[i] != 0 )
- break;
- i++;
-
- if( i < nblimbs )
- i = nblimbs;
-
- if( ( p = (mbedtls_mpi_uint*)mbedtls_calloc( i, ciL ) ) == NULL )
- return( MBEDTLS_ERR_MPI_ALLOC_FAILED );
-
- if( X->p != NULL )
- {
- memcpy( p, X->p, i * ciL );
- mbedtls_mpi_zeroize( X->p, X->n );
- mbedtls_free( X->p );
- }
-
- X->n = i;
- X->p = p;
-
- return( 0 );
-}
-
-/*
- * Copy the contents of Y into X
- */
-int mbedtls_mpi_copy( mbedtls_mpi *X, const mbedtls_mpi *Y )
-{
- int ret;
- size_t i;
-
- if( X == Y )
- return( 0 );
-
- if( Y->p == NULL )
- {
- mbedtls_mpi_free( X );
- return( 0 );
- }
-
- for( i = Y->n - 1; i > 0; i-- )
- if( Y->p[i] != 0 )
- break;
- i++;
-
- X->s = Y->s;
-
- MBEDTLS_MPI_CHK( mbedtls_mpi_grow( X, i ) );
-
- memset( X->p, 0, X->n * ciL );
- memcpy( X->p, Y->p, i * ciL );
-
-cleanup:
-
- return( ret );
-}
-
-/*
- * Swap the contents of X and Y
- */
-void mbedtls_mpi_swap( mbedtls_mpi *X, mbedtls_mpi *Y )
-{
- mbedtls_mpi T;
-
- memcpy( &T, X, sizeof( mbedtls_mpi ) );
- memcpy( X, Y, sizeof( mbedtls_mpi ) );
- memcpy( Y, &T, sizeof( mbedtls_mpi ) );
-}
-
-/*
- * Conditionally assign X = Y, without leaking information
- * about whether the assignment was made or not.
- * (Leaking information about the respective sizes of X and Y is ok however.)
- */
-int mbedtls_mpi_safe_cond_assign( mbedtls_mpi *X, const mbedtls_mpi *Y, unsigned char assign )
-{
- int ret = 0;
- size_t i;
-
- /* make sure assign is 0 or 1 in a time-constant manner */
- assign = (assign | (unsigned char)-assign) >> 7;
-
- MBEDTLS_MPI_CHK( mbedtls_mpi_grow( X, Y->n ) );
-
- X->s = X->s * ( 1 - assign ) + Y->s * assign;
-
- for( i = 0; i < Y->n; i++ )
- X->p[i] = X->p[i] * ( 1 - assign ) + Y->p[i] * assign;
-
- for( ; i < X->n; i++ )
- X->p[i] *= ( 1 - assign );
-
-cleanup:
- return( ret );
-}
-
-/*
- * Conditionally swap X and Y, without leaking information
- * about whether the swap was made or not.
- * Here it is not ok to simply swap the pointers, which whould lead to
- * different memory access patterns when X and Y are used afterwards.
- */
-int mbedtls_mpi_safe_cond_swap( mbedtls_mpi *X, mbedtls_mpi *Y, unsigned char swap )
-{
- int ret, s;
- size_t i;
- mbedtls_mpi_uint tmp;
-
- if( X == Y )
- return( 0 );
-
- /* make sure swap is 0 or 1 in a time-constant manner */
- swap = (swap | (unsigned char)-swap) >> 7;
-
- MBEDTLS_MPI_CHK( mbedtls_mpi_grow( X, Y->n ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_grow( Y, X->n ) );
-
- s = X->s;
- X->s = X->s * ( 1 - swap ) + Y->s * swap;
- Y->s = Y->s * ( 1 - swap ) + s * swap;
-
-
- for( i = 0; i < X->n; i++ )
- {
- tmp = X->p[i];
- X->p[i] = X->p[i] * ( 1 - swap ) + Y->p[i] * swap;
- Y->p[i] = Y->p[i] * ( 1 - swap ) + tmp * swap;
- }
-
-cleanup:
- return( ret );
-}
-
-/*
- * Set value from integer
- */
-int mbedtls_mpi_lset( mbedtls_mpi *X, mbedtls_mpi_sint z )
-{
- int ret;
-
- MBEDTLS_MPI_CHK( mbedtls_mpi_grow( X, 1 ) );
- memset( X->p, 0, X->n * ciL );
-
- X->p[0] = ( z < 0 ) ? -z : z;
- X->s = ( z < 0 ) ? -1 : 1;
-
-cleanup:
-
- return( ret );
-}
-
-/*
- * Get a specific bit
- */
-int mbedtls_mpi_get_bit( const mbedtls_mpi *X, size_t pos )
-{
- if( X->n * biL <= pos )
- return( 0 );
-
- return( ( X->p[pos / biL] >> ( pos % biL ) ) & 0x01 );
-}
-
-/*
- * Set a bit to a specific value of 0 or 1
- */
-int mbedtls_mpi_set_bit( mbedtls_mpi *X, size_t pos, unsigned char val )
-{
- int ret = 0;
- size_t off = pos / biL;
- size_t idx = pos % biL;
-
- if( val != 0 && val != 1 )
- return( MBEDTLS_ERR_MPI_BAD_INPUT_DATA );
-
- if( X->n * biL <= pos )
- {
- if( val == 0 )
- return( 0 );
-
- MBEDTLS_MPI_CHK( mbedtls_mpi_grow( X, off + 1 ) );
- }
-
- X->p[off] &= ~( (mbedtls_mpi_uint) 0x01 << idx );
- X->p[off] |= (mbedtls_mpi_uint) val << idx;
-
-cleanup:
-
- return( ret );
-}
-
-/*
- * Return the number of less significant zero-bits
- */
-size_t mbedtls_mpi_lsb( const mbedtls_mpi *X )
-{
- size_t i, j, count = 0;
-
- for( i = 0; i < X->n; i++ )
- for( j = 0; j < biL; j++, count++ )
- if( ( ( X->p[i] >> j ) & 1 ) != 0 )
- return( count );
-
- return( 0 );
-}
-
-/*
- * Count leading zero bits in a given integer
- */
-static size_t mbedtls_clz( const mbedtls_mpi_uint x )
-{
- size_t j;
- mbedtls_mpi_uint mask = (mbedtls_mpi_uint) 1 << (biL - 1);
-
- for( j = 0; j < biL; j++ )
- {
- if( x & mask ) break;
-
- mask >>= 1;
- }
-
- return j;
-}
-
-/*
- * Return the number of bits
- */
-size_t mbedtls_mpi_bitlen( const mbedtls_mpi *X )
-{
- size_t i, j;
-
- if( X->n == 0 )
- return( 0 );
-
- for( i = X->n - 1; i > 0; i-- )
- if( X->p[i] != 0 )
- break;
-
- j = biL - mbedtls_clz( X->p[i] );
-
- return( ( i * biL ) + j );
-}
-
-/*
- * Return the total size in bytes
- */
-size_t mbedtls_mpi_size( const mbedtls_mpi *X )
-{
- return( ( mbedtls_mpi_bitlen( X ) + 7 ) >> 3 );
-}
-
-/*
- * Convert an ASCII character to digit value
- */
-static int mpi_get_digit( mbedtls_mpi_uint *d, int radix, char c )
-{
- *d = 255;
-
- if( c >= 0x30 && c <= 0x39 ) *d = c - 0x30;
- if( c >= 0x41 && c <= 0x46 ) *d = c - 0x37;
- if( c >= 0x61 && c <= 0x66 ) *d = c - 0x57;
-
- if( *d >= (mbedtls_mpi_uint) radix )
- return( MBEDTLS_ERR_MPI_INVALID_CHARACTER );
-
- return( 0 );
-}
-
-/*
- * Import from an ASCII string
- */
-int mbedtls_mpi_read_string( mbedtls_mpi *X, int radix, const char *s )
-{
- int ret;
- size_t i, j, slen, n;
- mbedtls_mpi_uint d;
- mbedtls_mpi T;
-
- if( radix < 2 || radix > 16 )
- return( MBEDTLS_ERR_MPI_BAD_INPUT_DATA );
-
- mbedtls_mpi_init( &T );
-
- slen = strlen( s );
-
- if( radix == 16 )
- {
- if( slen > MPI_SIZE_T_MAX >> 2 )
- return( MBEDTLS_ERR_MPI_BAD_INPUT_DATA );
-
- n = BITS_TO_LIMBS( slen << 2 );
-
- MBEDTLS_MPI_CHK( mbedtls_mpi_grow( X, n ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_lset( X, 0 ) );
-
- for( i = slen, j = 0; i > 0; i--, j++ )
- {
- if( i == 1 && s[i - 1] == '-' )
- {
- X->s = -1;
- break;
- }
-
- MBEDTLS_MPI_CHK( mpi_get_digit( &d, radix, s[i - 1] ) );
- X->p[j / ( 2 * ciL )] |= d << ( ( j % ( 2 * ciL ) ) << 2 );
- }
- }
- else
- {
- MBEDTLS_MPI_CHK( mbedtls_mpi_lset( X, 0 ) );
-
- for( i = 0; i < slen; i++ )
- {
- if( i == 0 && s[i] == '-' )
- {
- X->s = -1;
- continue;
- }
-
- MBEDTLS_MPI_CHK( mpi_get_digit( &d, radix, s[i] ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_mul_int( &T, X, radix ) );
-
- if( X->s == 1 )
- {
- MBEDTLS_MPI_CHK( mbedtls_mpi_add_int( X, &T, d ) );
- }
- else
- {
- MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( X, &T, d ) );
- }
- }
- }
-
-cleanup:
-
- mbedtls_mpi_free( &T );
-
- return( ret );
-}
-
-/*
- * Helper to write the digits high-order first
- */
-static int mpi_write_hlp( mbedtls_mpi *X, int radix, char **p )
-{
- int ret;
- mbedtls_mpi_uint r;
-
- if( radix < 2 || radix > 16 )
- return( MBEDTLS_ERR_MPI_BAD_INPUT_DATA );
-
- MBEDTLS_MPI_CHK( mbedtls_mpi_mod_int( &r, X, radix ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_div_int( X, NULL, X, radix ) );
-
- if( mbedtls_mpi_cmp_int( X, 0 ) != 0 )
- MBEDTLS_MPI_CHK( mpi_write_hlp( X, radix, p ) );
-
- if( r < 10 )
- *(*p)++ = (char)( r + 0x30 );
- else
- *(*p)++ = (char)( r + 0x37 );
-
-cleanup:
-
- return( ret );
-}
-
-/*
- * Export into an ASCII string
- */
-int mbedtls_mpi_write_string( const mbedtls_mpi *X, int radix,
- char *buf, size_t buflen, size_t *olen )
-{
- int ret = 0;
- size_t n;
- char *p;
- mbedtls_mpi T;
-
- if( radix < 2 || radix > 16 )
- return( MBEDTLS_ERR_MPI_BAD_INPUT_DATA );
-
- n = mbedtls_mpi_bitlen( X );
- if( radix >= 4 ) n >>= 1;
- if( radix >= 16 ) n >>= 1;
- /*
- * Round up the buffer length to an even value to ensure that there is
- * enough room for hexadecimal values that can be represented in an odd
- * number of digits.
- */
- n += 3 + ( ( n + 1 ) & 1 );
-
- if( buflen < n )
- {
- *olen = n;
- return( MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL );
- }
-
- p = buf;
- mbedtls_mpi_init( &T );
-
- if( X->s == -1 )
- *p++ = '-';
-
- if( radix == 16 )
- {
- int c;
- size_t i, j, k;
-
- for( i = X->n, k = 0; i > 0; i-- )
- {
- for( j = ciL; j > 0; j-- )
- {
- c = ( X->p[i - 1] >> ( ( j - 1 ) << 3) ) & 0xFF;
-
- if( c == 0 && k == 0 && ( i + j ) != 2 )
- continue;
-
- *(p++) = "0123456789ABCDEF" [c / 16];
- *(p++) = "0123456789ABCDEF" [c % 16];
- k = 1;
- }
- }
- }
- else
- {
- MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &T, X ) );
-
- if( T.s == -1 )
- T.s = 1;
-
- MBEDTLS_MPI_CHK( mpi_write_hlp( &T, radix, &p ) );
- }
-
- *p++ = '\0';
- *olen = p - buf;
-
-cleanup:
-
- mbedtls_mpi_free( &T );
-
- return( ret );
-}
-
-#if defined(MBEDTLS_FS_IO)
-/*
- * Read X from an opened file
- */
-int mbedtls_mpi_read_file( mbedtls_mpi *X, int radix, FILE *fin )
-{
- mbedtls_mpi_uint d;
- size_t slen;
- char *p;
- /*
- * Buffer should have space for (short) label and decimal formatted MPI,
- * newline characters and '\0'
- */
- char s[ MBEDTLS_MPI_RW_BUFFER_SIZE ];
-
- memset( s, 0, sizeof( s ) );
- if( fgets( s, sizeof( s ) - 1, fin ) == NULL )
- return( MBEDTLS_ERR_MPI_FILE_IO_ERROR );
-
- slen = strlen( s );
- if( slen == sizeof( s ) - 2 )
- return( MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL );
-
- if( slen > 0 && s[slen - 1] == '\n' ) { slen--; s[slen] = '\0'; }
- if( slen > 0 && s[slen - 1] == '\r' ) { slen--; s[slen] = '\0'; }
-
- p = s + slen;
- while( p-- > s )
- if( mpi_get_digit( &d, radix, *p ) != 0 )
- break;
-
- return( mbedtls_mpi_read_string( X, radix, p + 1 ) );
-}
-
-/*
- * Write X into an opened file (or stdout if fout == NULL)
- */
-int mbedtls_mpi_write_file( const char *p, const mbedtls_mpi *X, int radix, FILE *fout )
-{
- int ret;
- size_t n, slen, plen;
- /*
- * Buffer should have space for (short) label and decimal formatted MPI,
- * newline characters and '\0'
- */
- char s[ MBEDTLS_MPI_RW_BUFFER_SIZE ];
-
- memset( s, 0, sizeof( s ) );
-
- MBEDTLS_MPI_CHK( mbedtls_mpi_write_string( X, radix, s, sizeof( s ) - 2, &n ) );
-
- if( p == NULL ) p = "";
-
- plen = strlen( p );
- slen = strlen( s );
- s[slen++] = '\r';
- s[slen++] = '\n';
-
- if( fout != NULL )
- {
- if( fwrite( p, 1, plen, fout ) != plen ||
- fwrite( s, 1, slen, fout ) != slen )
- return( MBEDTLS_ERR_MPI_FILE_IO_ERROR );
- }
- else
- mbedtls_printf( "%s%s", p, s );
-
-cleanup:
-
- return( ret );
-}
-#endif /* MBEDTLS_FS_IO */
-
-/*
- * Import X from unsigned binary data, big endian
- */
-int mbedtls_mpi_read_binary( mbedtls_mpi *X, const unsigned char *buf, size_t buflen )
-{
- int ret;
- size_t i, j, n;
-
- for( n = 0; n < buflen; n++ )
- if( buf[n] != 0 )
- break;
-
- MBEDTLS_MPI_CHK( mbedtls_mpi_grow( X, CHARS_TO_LIMBS( buflen - n ) ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_lset( X, 0 ) );
-
- for( i = buflen, j = 0; i > n; i--, j++ )
- X->p[j / ciL] |= ((mbedtls_mpi_uint) buf[i - 1]) << ((j % ciL) << 3);
-
-cleanup:
-
- return( ret );
-}
-
-/*
- * Export X into unsigned binary data, big endian
- */
-int mbedtls_mpi_write_binary( const mbedtls_mpi *X, unsigned char *buf, size_t buflen )
-{
- size_t i, j, n;
-
- n = mbedtls_mpi_size( X );
-
- if( buflen < n )
- return( MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL );
-
- memset( buf, 0, buflen );
-
- for( i = buflen - 1, j = 0; n > 0; i--, j++, n-- )
- buf[i] = (unsigned char)( X->p[j / ciL] >> ((j % ciL) << 3) );
-
- return( 0 );
-}
-
-/*
- * Left-shift: X <<= count
- */
-int mbedtls_mpi_shift_l( mbedtls_mpi *X, size_t count )
-{
- int ret;
- size_t i, v0, t1;
- mbedtls_mpi_uint r0 = 0, r1;
-
- v0 = count / (biL );
- t1 = count & (biL - 1);
-
- i = mbedtls_mpi_bitlen( X ) + count;
-
- if( X->n * biL < i )
- MBEDTLS_MPI_CHK( mbedtls_mpi_grow( X, BITS_TO_LIMBS( i ) ) );
-
- ret = 0;
-
- /*
- * shift by count / limb_size
- */
- if( v0 > 0 )
- {
- for( i = X->n; i > v0; i-- )
- X->p[i - 1] = X->p[i - v0 - 1];
-
- for( ; i > 0; i-- )
- X->p[i - 1] = 0;
- }
-
- /*
- * shift by count % limb_size
- */
- if( t1 > 0 )
- {
- for( i = v0; i < X->n; i++ )
- {
- r1 = X->p[i] >> (biL - t1);
- X->p[i] <<= t1;
- X->p[i] |= r0;
- r0 = r1;
- }
- }
-
-cleanup:
-
- return( ret );
-}
-
-/*
- * Right-shift: X >>= count
- */
-int mbedtls_mpi_shift_r( mbedtls_mpi *X, size_t count )
-{
- size_t i, v0, v1;
- mbedtls_mpi_uint r0 = 0, r1;
-
- v0 = count / biL;
- v1 = count & (biL - 1);
-
- if( v0 > X->n || ( v0 == X->n && v1 > 0 ) )
- return mbedtls_mpi_lset( X, 0 );
-
- /*
- * shift by count / limb_size
- */
- if( v0 > 0 )
- {
- for( i = 0; i < X->n - v0; i++ )
- X->p[i] = X->p[i + v0];
-
- for( ; i < X->n; i++ )
- X->p[i] = 0;
- }
-
- /*
- * shift by count % limb_size
- */
- if( v1 > 0 )
- {
- for( i = X->n; i > 0; i-- )
- {
- r1 = X->p[i - 1] << (biL - v1);
- X->p[i - 1] >>= v1;
- X->p[i - 1] |= r0;
- r0 = r1;
- }
- }
-
- return( 0 );
-}
-
-/*
- * Compare unsigned values
- */
-int mbedtls_mpi_cmp_abs( const mbedtls_mpi *X, const mbedtls_mpi *Y )
-{
- size_t i, j;
-
- for( i = X->n; i > 0; i-- )
- if( X->p[i - 1] != 0 )
- break;
-
- for( j = Y->n; j > 0; j-- )
- if( Y->p[j - 1] != 0 )
- break;
-
- if( i == 0 && j == 0 )
- return( 0 );
-
- if( i > j ) return( 1 );
- if( j > i ) return( -1 );
-
- for( ; i > 0; i-- )
- {
- if( X->p[i - 1] > Y->p[i - 1] ) return( 1 );
- if( X->p[i - 1] < Y->p[i - 1] ) return( -1 );
- }
-
- return( 0 );
-}
-
-/*
- * Compare signed values
- */
-int mbedtls_mpi_cmp_mpi( const mbedtls_mpi *X, const mbedtls_mpi *Y )
-{
- size_t i, j;
-
- for( i = X->n; i > 0; i-- )
- if( X->p[i - 1] != 0 )
- break;
-
- for( j = Y->n; j > 0; j-- )
- if( Y->p[j - 1] != 0 )
- break;
-
- if( i == 0 && j == 0 )
- return( 0 );
-
- if( i > j ) return( X->s );
- if( j > i ) return( -Y->s );
-
- if( X->s > 0 && Y->s < 0 ) return( 1 );
- if( Y->s > 0 && X->s < 0 ) return( -1 );
-
- for( ; i > 0; i-- )
- {
- if( X->p[i - 1] > Y->p[i - 1] ) return( X->s );
- if( X->p[i - 1] < Y->p[i - 1] ) return( -X->s );
- }
-
- return( 0 );
-}
-
-/*
- * Compare signed values
- */
-int mbedtls_mpi_cmp_int( const mbedtls_mpi *X, mbedtls_mpi_sint z )
-{
- mbedtls_mpi Y;
- mbedtls_mpi_uint p[1];
-
- *p = ( z < 0 ) ? -z : z;
- Y.s = ( z < 0 ) ? -1 : 1;
- Y.n = 1;
- Y.p = p;
-
- return( mbedtls_mpi_cmp_mpi( X, &Y ) );
-}
-
-/*
- * Unsigned addition: X = |A| + |B| (HAC 14.7)
- */
-int mbedtls_mpi_add_abs( mbedtls_mpi *X, const mbedtls_mpi *A, const mbedtls_mpi *B )
-{
- int ret;
- size_t i, j;
- mbedtls_mpi_uint *o, *p, c, tmp;
-
- if( X == B )
- {
- const mbedtls_mpi *T = A; A = X; B = T;
- }
-
- if( X != A )
- MBEDTLS_MPI_CHK( mbedtls_mpi_copy( X, A ) );
-
- /*
- * X should always be positive as a result of unsigned additions.
- */
- X->s = 1;
-
- for( j = B->n; j > 0; j-- )
- if( B->p[j - 1] != 0 )
- break;
-
- MBEDTLS_MPI_CHK( mbedtls_mpi_grow( X, j ) );
-
- o = B->p; p = X->p; c = 0;
-
- /*
- * tmp is used because it might happen that p == o
- */
- for( i = 0; i < j; i++, o++, p++ )
- {
- tmp= *o;
- *p += c; c = ( *p < c );
- *p += tmp; c += ( *p < tmp );
- }
-
- while( c != 0 )
- {
- if( i >= X->n )
- {
- MBEDTLS_MPI_CHK( mbedtls_mpi_grow( X, i + 1 ) );
- p = X->p + i;
- }
-
- *p += c; c = ( *p < c ); i++; p++;
- }
-
-cleanup:
-
- return( ret );
-}
-
-/*
- * Helper for mbedtls_mpi subtraction
- */
-static void mpi_sub_hlp( size_t n, mbedtls_mpi_uint *s, mbedtls_mpi_uint *d )
-{
- size_t i;
- mbedtls_mpi_uint c, z;
-
- for( i = c = 0; i < n; i++, s++, d++ )
- {
- z = ( *d < c ); *d -= c;
- c = ( *d < *s ) + z; *d -= *s;
- }
-
- while( c != 0 )
- {
- z = ( *d < c ); *d -= c;
- c = z; i++; d++;
- }
-}
-
-/*
- * Unsigned subtraction: X = |A| - |B| (HAC 14.9)
- */
-int mbedtls_mpi_sub_abs( mbedtls_mpi *X, const mbedtls_mpi *A, const mbedtls_mpi *B )
-{
- mbedtls_mpi TB;
- int ret;
- size_t n;
-
- if( mbedtls_mpi_cmp_abs( A, B ) < 0 )
- return( MBEDTLS_ERR_MPI_NEGATIVE_VALUE );
-
- mbedtls_mpi_init( &TB );
-
- if( X == B )
- {
- MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &TB, B ) );
- B = &TB;
- }
-
- if( X != A )
- MBEDTLS_MPI_CHK( mbedtls_mpi_copy( X, A ) );
-
- /*
- * X should always be positive as a result of unsigned subtractions.
- */
- X->s = 1;
-
- ret = 0;
-
- for( n = B->n; n > 0; n-- )
- if( B->p[n - 1] != 0 )
- break;
-
- mpi_sub_hlp( n, B->p, X->p );
-
-cleanup:
-
- mbedtls_mpi_free( &TB );
-
- return( ret );
-}
-
-/*
- * Signed addition: X = A + B
- */
-int mbedtls_mpi_add_mpi( mbedtls_mpi *X, const mbedtls_mpi *A, const mbedtls_mpi *B )
-{
- int ret, s = A->s;
-
- if( A->s * B->s < 0 )
- {
- if( mbedtls_mpi_cmp_abs( A, B ) >= 0 )
- {
- MBEDTLS_MPI_CHK( mbedtls_mpi_sub_abs( X, A, B ) );
- X->s = s;
- }
- else
- {
- MBEDTLS_MPI_CHK( mbedtls_mpi_sub_abs( X, B, A ) );
- X->s = -s;
- }
- }
- else
- {
- MBEDTLS_MPI_CHK( mbedtls_mpi_add_abs( X, A, B ) );
- X->s = s;
- }
-
-cleanup:
-
- return( ret );
-}
-
-/*
- * Signed subtraction: X = A - B
- */
-int mbedtls_mpi_sub_mpi( mbedtls_mpi *X, const mbedtls_mpi *A, const mbedtls_mpi *B )
-{
- int ret, s = A->s;
-
- if( A->s * B->s > 0 )
- {
- if( mbedtls_mpi_cmp_abs( A, B ) >= 0 )
- {
- MBEDTLS_MPI_CHK( mbedtls_mpi_sub_abs( X, A, B ) );
- X->s = s;
- }
- else
- {
- MBEDTLS_MPI_CHK( mbedtls_mpi_sub_abs( X, B, A ) );
- X->s = -s;
- }
- }
- else
- {
- MBEDTLS_MPI_CHK( mbedtls_mpi_add_abs( X, A, B ) );
- X->s = s;
- }
-
-cleanup:
-
- return( ret );
-}
-
-/*
- * Signed addition: X = A + b
- */
-int mbedtls_mpi_add_int( mbedtls_mpi *X, const mbedtls_mpi *A, mbedtls_mpi_sint b )
-{
- mbedtls_mpi _B;
- mbedtls_mpi_uint p[1];
-
- p[0] = ( b < 0 ) ? -b : b;
- _B.s = ( b < 0 ) ? -1 : 1;
- _B.n = 1;
- _B.p = p;
-
- return( mbedtls_mpi_add_mpi( X, A, &_B ) );
-}
-
-/*
- * Signed subtraction: X = A - b
- */
-int mbedtls_mpi_sub_int( mbedtls_mpi *X, const mbedtls_mpi *A, mbedtls_mpi_sint b )
-{
- mbedtls_mpi _B;
- mbedtls_mpi_uint p[1];
-
- p[0] = ( b < 0 ) ? -b : b;
- _B.s = ( b < 0 ) ? -1 : 1;
- _B.n = 1;
- _B.p = p;
-
- return( mbedtls_mpi_sub_mpi( X, A, &_B ) );
-}
-
-/*
- * Helper for mbedtls_mpi multiplication
- */
-static
-#if defined(__APPLE__) && defined(__arm__)
-/*
- * Apple LLVM version 4.2 (clang-425.0.24) (based on LLVM 3.2svn)
- * appears to need this to prevent bad ARM code generation at -O3.
- */
-__attribute__ ((noinline))
-#endif
-void mpi_mul_hlp( size_t i, mbedtls_mpi_uint *s, mbedtls_mpi_uint *d, mbedtls_mpi_uint b )
-{
- mbedtls_mpi_uint c = 0, t = 0;
-
-#if defined(MULADDC_HUIT)
- for( ; i >= 8; i -= 8 )
- {
- MULADDC_INIT
- MULADDC_HUIT
- MULADDC_STOP
- }
-
- for( ; i > 0; i-- )
- {
- MULADDC_INIT
- MULADDC_CORE
- MULADDC_STOP
- }
-#else /* MULADDC_HUIT */
- for( ; i >= 16; i -= 16 )
- {
- MULADDC_INIT
- MULADDC_CORE MULADDC_CORE
- MULADDC_CORE MULADDC_CORE
- MULADDC_CORE MULADDC_CORE
- MULADDC_CORE MULADDC_CORE
-
- MULADDC_CORE MULADDC_CORE
- MULADDC_CORE MULADDC_CORE
- MULADDC_CORE MULADDC_CORE
- MULADDC_CORE MULADDC_CORE
- MULADDC_STOP
- }
-
- for( ; i >= 8; i -= 8 )
- {
- MULADDC_INIT
- MULADDC_CORE MULADDC_CORE
- MULADDC_CORE MULADDC_CORE
-
- MULADDC_CORE MULADDC_CORE
- MULADDC_CORE MULADDC_CORE
- MULADDC_STOP
- }
-
- for( ; i > 0; i-- )
- {
- MULADDC_INIT
- MULADDC_CORE
- MULADDC_STOP
- }
-#endif /* MULADDC_HUIT */
-
- t++;
-
- do {
- *d += c; c = ( *d < c ); d++;
- }
- while( c != 0 );
-}
-
-/*
- * Baseline multiplication: X = A * B (HAC 14.12)
- */
-int mbedtls_mpi_mul_mpi( mbedtls_mpi *X, const mbedtls_mpi *A, const mbedtls_mpi *B )
-{
- int ret;
- size_t i, j;
- mbedtls_mpi TA, TB;
-
- mbedtls_mpi_init( &TA ); mbedtls_mpi_init( &TB );
-
- if( X == A ) { MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &TA, A ) ); A = &TA; }
- if( X == B ) { MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &TB, B ) ); B = &TB; }
-
- for( i = A->n; i > 0; i-- )
- if( A->p[i - 1] != 0 )
- break;
-
- for( j = B->n; j > 0; j-- )
- if( B->p[j - 1] != 0 )
- break;
-
- MBEDTLS_MPI_CHK( mbedtls_mpi_grow( X, i + j ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_lset( X, 0 ) );
-
- for( i++; j > 0; j-- )
- mpi_mul_hlp( i - 1, A->p, X->p + j - 1, B->p[j - 1] );
-
- X->s = A->s * B->s;
-
-cleanup:
-
- mbedtls_mpi_free( &TB ); mbedtls_mpi_free( &TA );
-
- return( ret );
-}
-
-/*
- * Baseline multiplication: X = A * b
- */
-int mbedtls_mpi_mul_int( mbedtls_mpi *X, const mbedtls_mpi *A, mbedtls_mpi_uint b )
-{
- mbedtls_mpi _B;
- mbedtls_mpi_uint p[1];
-
- _B.s = 1;
- _B.n = 1;
- _B.p = p;
- p[0] = b;
-
- return( mbedtls_mpi_mul_mpi( X, A, &_B ) );
-}
-
-/*
- * Unsigned integer divide - double mbedtls_mpi_uint dividend, u1/u0, and
- * mbedtls_mpi_uint divisor, d
- */
-static mbedtls_mpi_uint mbedtls_int_div_int( mbedtls_mpi_uint u1,
- mbedtls_mpi_uint u0, mbedtls_mpi_uint d, mbedtls_mpi_uint *r )
-{
-#if defined(MBEDTLS_HAVE_UDBL)
- mbedtls_t_udbl dividend, quotient;
-#else
- const mbedtls_mpi_uint radix = (mbedtls_mpi_uint) 1 << biH;
- const mbedtls_mpi_uint uint_halfword_mask = ( (mbedtls_mpi_uint) 1 << biH ) - 1;
- mbedtls_mpi_uint d0, d1, q0, q1, rAX, r0, quotient;
- mbedtls_mpi_uint u0_msw, u0_lsw;
- size_t s;
-#endif
-
- /*
- * Check for overflow
- */
- if( 0 == d || u1 >= d )
- {
- if (r != NULL) *r = ~0;
-
- return ( ~0 );
- }
-
-#if defined(MBEDTLS_HAVE_UDBL)
- dividend = (mbedtls_t_udbl) u1 << biL;
- dividend |= (mbedtls_t_udbl) u0;
- quotient = dividend / d;
- if( quotient > ( (mbedtls_t_udbl) 1 << biL ) - 1 )
- quotient = ( (mbedtls_t_udbl) 1 << biL ) - 1;
-
- if( r != NULL )
- *r = (mbedtls_mpi_uint)( dividend - (quotient * d ) );
-
- return (mbedtls_mpi_uint) quotient;
-#else
-
- /*
- * Algorithm D, Section 4.3.1 - The Art of Computer Programming
- * Vol. 2 - Seminumerical Algorithms, Knuth
- */
-
- /*
- * Normalize the divisor, d, and dividend, u0, u1
- */
- s = mbedtls_clz( d );
- d = d << s;
-
- u1 = u1 << s;
- u1 |= ( u0 >> ( biL - s ) ) & ( -(mbedtls_mpi_sint)s >> ( biL - 1 ) );
- u0 = u0 << s;
-
- d1 = d >> biH;
- d0 = d & uint_halfword_mask;
-
- u0_msw = u0 >> biH;
- u0_lsw = u0 & uint_halfword_mask;
-
- /*
- * Find the first quotient and remainder
- */
- q1 = u1 / d1;
- r0 = u1 - d1 * q1;
-
- while( q1 >= radix || ( q1 * d0 > radix * r0 + u0_msw ) )
- {
- q1 -= 1;
- r0 += d1;
-
- if ( r0 >= radix ) break;
- }
-
- rAX = ( u1 * radix ) + ( u0_msw - q1 * d );
- q0 = rAX / d1;
- r0 = rAX - q0 * d1;
-
- while( q0 >= radix || ( q0 * d0 > radix * r0 + u0_lsw ) )
- {
- q0 -= 1;
- r0 += d1;
-
- if ( r0 >= radix ) break;
- }
-
- if (r != NULL)
- *r = ( rAX * radix + u0_lsw - q0 * d ) >> s;
-
- quotient = q1 * radix + q0;
-
- return quotient;
-#endif
-}
-
-/*
- * Division by mbedtls_mpi: A = Q * B + R (HAC 14.20)
- */
-int mbedtls_mpi_div_mpi( mbedtls_mpi *Q, mbedtls_mpi *R, const mbedtls_mpi *A, const mbedtls_mpi *B )
-{
- int ret;
- size_t i, n, t, k;
- mbedtls_mpi X, Y, Z, T1, T2;
-
- if( mbedtls_mpi_cmp_int( B, 0 ) == 0 )
- return( MBEDTLS_ERR_MPI_DIVISION_BY_ZERO );
-
- mbedtls_mpi_init( &X ); mbedtls_mpi_init( &Y ); mbedtls_mpi_init( &Z );
- mbedtls_mpi_init( &T1 ); mbedtls_mpi_init( &T2 );
-
- if( mbedtls_mpi_cmp_abs( A, B ) < 0 )
- {
- if( Q != NULL ) MBEDTLS_MPI_CHK( mbedtls_mpi_lset( Q, 0 ) );
- if( R != NULL ) MBEDTLS_MPI_CHK( mbedtls_mpi_copy( R, A ) );
- return( 0 );
- }
-
- MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &X, A ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &Y, B ) );
- X.s = Y.s = 1;
-
- MBEDTLS_MPI_CHK( mbedtls_mpi_grow( &Z, A->n + 2 ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &Z, 0 ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_grow( &T1, 2 ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_grow( &T2, 3 ) );
-
- k = mbedtls_mpi_bitlen( &Y ) % biL;
- if( k < biL - 1 )
- {
- k = biL - 1 - k;
- MBEDTLS_MPI_CHK( mbedtls_mpi_shift_l( &X, k ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_shift_l( &Y, k ) );
- }
- else k = 0;
-
- n = X.n - 1;
- t = Y.n - 1;
- MBEDTLS_MPI_CHK( mbedtls_mpi_shift_l( &Y, biL * ( n - t ) ) );
-
- while( mbedtls_mpi_cmp_mpi( &X, &Y ) >= 0 )
- {
- Z.p[n - t]++;
- MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( &X, &X, &Y ) );
- }
- MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( &Y, biL * ( n - t ) ) );
-
- for( i = n; i > t ; i-- )
- {
- if( X.p[i] >= Y.p[t] )
- Z.p[i - t - 1] = ~0;
- else
- {
- Z.p[i - t - 1] = mbedtls_int_div_int( X.p[i], X.p[i - 1],
- Y.p[t], NULL);
- }
-
- Z.p[i - t - 1]++;
- do
- {
- Z.p[i - t - 1]--;
-
- MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &T1, 0 ) );
- T1.p[0] = ( t < 1 ) ? 0 : Y.p[t - 1];
- T1.p[1] = Y.p[t];
- MBEDTLS_MPI_CHK( mbedtls_mpi_mul_int( &T1, &T1, Z.p[i - t - 1] ) );
-
- MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &T2, 0 ) );
- T2.p[0] = ( i < 2 ) ? 0 : X.p[i - 2];
- T2.p[1] = ( i < 1 ) ? 0 : X.p[i - 1];
- T2.p[2] = X.p[i];
- }
- while( mbedtls_mpi_cmp_mpi( &T1, &T2 ) > 0 );
-
- MBEDTLS_MPI_CHK( mbedtls_mpi_mul_int( &T1, &Y, Z.p[i - t - 1] ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_shift_l( &T1, biL * ( i - t - 1 ) ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( &X, &X, &T1 ) );
-
- if( mbedtls_mpi_cmp_int( &X, 0 ) < 0 )
- {
- MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &T1, &Y ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_shift_l( &T1, biL * ( i - t - 1 ) ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_add_mpi( &X, &X, &T1 ) );
- Z.p[i - t - 1]--;
- }
- }
-
- if( Q != NULL )
- {
- MBEDTLS_MPI_CHK( mbedtls_mpi_copy( Q, &Z ) );
- Q->s = A->s * B->s;
- }
-
- if( R != NULL )
- {
- MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( &X, k ) );
- X.s = A->s;
- MBEDTLS_MPI_CHK( mbedtls_mpi_copy( R, &X ) );
-
- if( mbedtls_mpi_cmp_int( R, 0 ) == 0 )
- R->s = 1;
- }
-
-cleanup:
-
- mbedtls_mpi_free( &X ); mbedtls_mpi_free( &Y ); mbedtls_mpi_free( &Z );
- mbedtls_mpi_free( &T1 ); mbedtls_mpi_free( &T2 );
-
- return( ret );
-}
-
-/*
- * Division by int: A = Q * b + R
- */
-int mbedtls_mpi_div_int( mbedtls_mpi *Q, mbedtls_mpi *R, const mbedtls_mpi *A, mbedtls_mpi_sint b )
-{
- mbedtls_mpi _B;
- mbedtls_mpi_uint p[1];
-
- p[0] = ( b < 0 ) ? -b : b;
- _B.s = ( b < 0 ) ? -1 : 1;
- _B.n = 1;
- _B.p = p;
-
- return( mbedtls_mpi_div_mpi( Q, R, A, &_B ) );
-}
-
-/*
- * Modulo: R = A mod B
- */
-int mbedtls_mpi_mod_mpi( mbedtls_mpi *R, const mbedtls_mpi *A, const mbedtls_mpi *B )
-{
- int ret;
-
- if( mbedtls_mpi_cmp_int( B, 0 ) < 0 )
- return( MBEDTLS_ERR_MPI_NEGATIVE_VALUE );
-
- MBEDTLS_MPI_CHK( mbedtls_mpi_div_mpi( NULL, R, A, B ) );
-
- while( mbedtls_mpi_cmp_int( R, 0 ) < 0 )
- MBEDTLS_MPI_CHK( mbedtls_mpi_add_mpi( R, R, B ) );
-
- while( mbedtls_mpi_cmp_mpi( R, B ) >= 0 )
- MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( R, R, B ) );
-
-cleanup:
-
- return( ret );
-}
-
-/*
- * Modulo: r = A mod b
- */
-int mbedtls_mpi_mod_int( mbedtls_mpi_uint *r, const mbedtls_mpi *A, mbedtls_mpi_sint b )
-{
- size_t i;
- mbedtls_mpi_uint x, y, z;
-
- if( b == 0 )
- return( MBEDTLS_ERR_MPI_DIVISION_BY_ZERO );
-
- if( b < 0 )
- return( MBEDTLS_ERR_MPI_NEGATIVE_VALUE );
-
- /*
- * handle trivial cases
- */
- if( b == 1 )
- {
- *r = 0;
- return( 0 );
- }
-
- if( b == 2 )
- {
- *r = A->p[0] & 1;
- return( 0 );
- }
-
- /*
- * general case
- */
- for( i = A->n, y = 0; i > 0; i-- )
- {
- x = A->p[i - 1];
- y = ( y << biH ) | ( x >> biH );
- z = y / b;
- y -= z * b;
-
- x <<= biH;
- y = ( y << biH ) | ( x >> biH );
- z = y / b;
- y -= z * b;
- }
-
- /*
- * If A is negative, then the current y represents a negative value.
- * Flipping it to the positive side.
- */
- if( A->s < 0 && y != 0 )
- y = b - y;
-
- *r = y;
-
- return( 0 );
-}
-
-/*
- * Fast Montgomery initialization (thanks to Tom St Denis)
- */
-static void mpi_montg_init( mbedtls_mpi_uint *mm, const mbedtls_mpi *N )
-{
- mbedtls_mpi_uint x, m0 = N->p[0];
- unsigned int i;
-
- x = m0;
- x += ( ( m0 + 2 ) & 4 ) << 1;
-
- for( i = biL; i >= 8; i /= 2 )
- x *= ( 2 - ( m0 * x ) );
-
- *mm = ~x + 1;
-}
-
-/*
- * Montgomery multiplication: A = A * B * R^-1 mod N (HAC 14.36)
- */
-static int mpi_montmul( mbedtls_mpi *A, const mbedtls_mpi *B, const mbedtls_mpi *N, mbedtls_mpi_uint mm,
- const mbedtls_mpi *T )
-{
- size_t i, n, m;
- mbedtls_mpi_uint u0, u1, *d;
-
- if( T->n < N->n + 1 || T->p == NULL )
- return( MBEDTLS_ERR_MPI_BAD_INPUT_DATA );
-
- memset( T->p, 0, T->n * ciL );
-
- d = T->p;
- n = N->n;
- m = ( B->n < n ) ? B->n : n;
-
- for( i = 0; i < n; i++ )
- {
- /*
- * T = (T + u0*B + u1*N) / 2^biL
- */
- u0 = A->p[i];
- u1 = ( d[0] + u0 * B->p[0] ) * mm;
-
- mpi_mul_hlp( m, B->p, d, u0 );
- mpi_mul_hlp( n, N->p, d, u1 );
-
- *d++ = u0; d[n + 1] = 0;
- }
-
- memcpy( A->p, d, ( n + 1 ) * ciL );
-
- if( mbedtls_mpi_cmp_abs( A, N ) >= 0 )
- mpi_sub_hlp( n, N->p, A->p );
- else
- /* prevent timing attacks */
- mpi_sub_hlp( n, A->p, T->p );
-
- return( 0 );
-}
-
-/*
- * Montgomery reduction: A = A * R^-1 mod N
- */
-static int mpi_montred( mbedtls_mpi *A, const mbedtls_mpi *N, mbedtls_mpi_uint mm, const mbedtls_mpi *T )
-{
- mbedtls_mpi_uint z = 1;
- mbedtls_mpi U;
-
- U.n = U.s = (int) z;
- U.p = &z;
-
- return( mpi_montmul( A, &U, N, mm, T ) );
-}
-
-/*
- * Sliding-window exponentiation: X = A^E mod N (HAC 14.85)
- */
-int mbedtls_mpi_exp_mod( mbedtls_mpi *X, const mbedtls_mpi *A, const mbedtls_mpi *E, const mbedtls_mpi *N, mbedtls_mpi *_RR )
-{
- int ret;
- size_t wbits, wsize, one = 1;
- size_t i, j, nblimbs;
- size_t bufsize, nbits;
- mbedtls_mpi_uint ei, mm, state;
- struct {
- mbedtls_mpi RR, T, W[ 2 << MBEDTLS_MPI_WINDOW_SIZE ], Apos;
- } *ctx = kzalloc(sizeof(*ctx), GFP_KERNEL);
- int neg;
-
- if (!ctx)
- return -ENOMEM;
-
- if( mbedtls_mpi_cmp_int( N, 0 ) < 0 || ( N->p[0] & 1 ) == 0 ) {
- ret = ( MBEDTLS_ERR_MPI_BAD_INPUT_DATA );
- goto free_ctx;
- }
-
- if( mbedtls_mpi_cmp_int( E, 0 ) < 0 ) {
- ret = ( MBEDTLS_ERR_MPI_BAD_INPUT_DATA );
- goto free_ctx;
- }
-
- /*
- * Init temps and window size
- */
- mpi_montg_init( &mm, N );
- mbedtls_mpi_init( &ctx->RR ); mbedtls_mpi_init( &ctx->T );
- mbedtls_mpi_init( &ctx->Apos );
- memset( ctx->W, 0, sizeof( ctx->W ) );
-
- i = mbedtls_mpi_bitlen( E );
-
- wsize = ( i > 671 ) ? 6 : ( i > 239 ) ? 5 :
- ( i > 79 ) ? 4 : ( i > 23 ) ? 3 : 1;
-
- if( wsize > MBEDTLS_MPI_WINDOW_SIZE )
- wsize = MBEDTLS_MPI_WINDOW_SIZE;
-
- j = N->n + 1;
- MBEDTLS_MPI_CHK( mbedtls_mpi_grow( X, j ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_grow( &ctx->W[1], j ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_grow( &ctx->T, j * 2 ) );
-
- /*
- * Compensate for negative A (and correct at the end)
- */
- neg = ( A->s == -1 );
- if( neg )
- {
- MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &ctx->Apos, A ) );
- ctx->Apos.s = 1;
- A = &ctx->Apos;
- }
-
- /*
- * If 1st call, pre-compute R^2 mod N
- */
- if( _RR == NULL || _RR->p == NULL )
- {
- MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &ctx->RR, 1 ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_shift_l( &ctx->RR, N->n * 2 * biL ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &ctx->RR, &ctx->RR, N ) );
-
- if( _RR != NULL )
- memcpy( _RR, &ctx->RR, sizeof( mbedtls_mpi ) );
- }
- else
- memcpy( &ctx->RR, _RR, sizeof( mbedtls_mpi ) );
-
- /*
- * W[1] = A * R^2 * R^-1 mod N = A * R mod N
- */
- if( mbedtls_mpi_cmp_mpi( A, N ) >= 0 )
- MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &ctx->W[1], A, N ) );
- else
- MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &ctx->W[1], A ) );
-
- MBEDTLS_MPI_CHK( mpi_montmul( &ctx->W[1], &ctx->RR, N, mm, &ctx->T ) );
-
- /*
- * X = R^2 * R^-1 mod N = R mod N
- */
- MBEDTLS_MPI_CHK( mbedtls_mpi_copy( X, &ctx->RR ) );
- MBEDTLS_MPI_CHK( mpi_montred( X, N, mm, &ctx->T ) );
-
- if( wsize > 1 )
- {
- /*
- * W[1 << (wsize - 1)] = W[1] ^ (wsize - 1)
- */
- j = one << ( wsize - 1 );
-
- MBEDTLS_MPI_CHK( mbedtls_mpi_grow( &ctx->W[j], N->n + 1 ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &ctx->W[j], &ctx->W[1] ) );
-
- for( i = 0; i < wsize - 1; i++ )
- MBEDTLS_MPI_CHK( mpi_montmul( &ctx->W[j], &ctx->W[j], N, mm, &ctx->T ) );
-
- /*
- * W[i] = W[i - 1] * W[1]
- */
- for( i = j + 1; i < ( one << wsize ); i++ )
- {
- MBEDTLS_MPI_CHK( mbedtls_mpi_grow( &ctx->W[i], N->n + 1 ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &ctx->W[i], &ctx->W[i - 1] ) );
-
- MBEDTLS_MPI_CHK( mpi_montmul( &ctx->W[i], &ctx->W[1], N, mm, &ctx->T ) );
- }
- }
-
- nblimbs = E->n;
- bufsize = 0;
- nbits = 0;
- wbits = 0;
- state = 0;
-
- while( 1 )
- {
- if( bufsize == 0 )
- {
- if( nblimbs == 0 )
- break;
-
- nblimbs--;
-
- bufsize = sizeof( mbedtls_mpi_uint ) << 3;
- }
-
- bufsize--;
-
- ei = (E->p[nblimbs] >> bufsize) & 1;
-
- /*
- * skip leading 0s
- */
- if( ei == 0 && state == 0 )
- continue;
-
- if( ei == 0 && state == 1 )
- {
- /*
- * out of window, square X
- */
- MBEDTLS_MPI_CHK( mpi_montmul( X, X, N, mm, &ctx->T ) );
- continue;
- }
-
- /*
- * add ei to current window
- */
- state = 2;
-
- nbits++;
- wbits |= ( ei << ( wsize - nbits ) );
-
- if( nbits == wsize )
- {
- /*
- * X = X^wsize R^-1 mod N
- */
- for( i = 0; i < wsize; i++ )
- MBEDTLS_MPI_CHK( mpi_montmul( X, X, N, mm, &ctx->T ) );
-
- /*
- * X = X * W[wbits] R^-1 mod N
- */
- MBEDTLS_MPI_CHK( mpi_montmul( X, &ctx->W[wbits], N, mm, &ctx->T ) );
-
- state--;
- nbits = 0;
- wbits = 0;
- }
- }
-
- /*
- * process the remaining bits
- */
- for( i = 0; i < nbits; i++ )
- {
- MBEDTLS_MPI_CHK( mpi_montmul( X, X, N, mm, &ctx->T ) );
-
- wbits <<= 1;
-
- if( ( wbits & ( one << wsize ) ) != 0 )
- MBEDTLS_MPI_CHK( mpi_montmul( X, &ctx->W[1], N, mm, &ctx->T ) );
- }
-
- /*
- * X = A^E * R * R^-1 mod N = A^E mod N
- */
- MBEDTLS_MPI_CHK( mpi_montred( X, N, mm, &ctx->T ) );
-
- if( neg && E->n != 0 && ( E->p[0] & 1 ) != 0 )
- {
- X->s = -1;
- MBEDTLS_MPI_CHK( mbedtls_mpi_add_mpi( X, N, X ) );
- }
-
-cleanup:
-
- for( i = ( one << ( wsize - 1 ) ); i < ( one << wsize ); i++ )
- mbedtls_mpi_free( &ctx->W[i] );
-
- mbedtls_mpi_free( &ctx->W[1] ); mbedtls_mpi_free( &ctx->T ); mbedtls_mpi_free( &ctx->Apos );
-
- if( _RR == NULL || _RR->p == NULL )
- mbedtls_mpi_free( &ctx->RR );
-free_ctx:
- kfree(ctx);
-
- return( ret );
-}
-
-/*
- * Greatest common divisor: G = gcd(A, B) (HAC 14.54)
- */
-int mbedtls_mpi_gcd( mbedtls_mpi *G, const mbedtls_mpi *A, const mbedtls_mpi *B )
-{
- int ret;
- size_t lz, lzt;
- mbedtls_mpi TG, TA, TB;
-
- mbedtls_mpi_init( &TG ); mbedtls_mpi_init( &TA ); mbedtls_mpi_init( &TB );
-
- MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &TA, A ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &TB, B ) );
-
- lz = mbedtls_mpi_lsb( &TA );
- lzt = mbedtls_mpi_lsb( &TB );
-
- if( lzt < lz )
- lz = lzt;
-
- MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( &TA, lz ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( &TB, lz ) );
-
- TA.s = TB.s = 1;
-
- while( mbedtls_mpi_cmp_int( &TA, 0 ) != 0 )
- {
- MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( &TA, mbedtls_mpi_lsb( &TA ) ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( &TB, mbedtls_mpi_lsb( &TB ) ) );
-
- if( mbedtls_mpi_cmp_mpi( &TA, &TB ) >= 0 )
- {
- MBEDTLS_MPI_CHK( mbedtls_mpi_sub_abs( &TA, &TA, &TB ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( &TA, 1 ) );
- }
- else
- {
- MBEDTLS_MPI_CHK( mbedtls_mpi_sub_abs( &TB, &TB, &TA ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( &TB, 1 ) );
- }
- }
-
- MBEDTLS_MPI_CHK( mbedtls_mpi_shift_l( &TB, lz ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_copy( G, &TB ) );
-
-cleanup:
-
- mbedtls_mpi_free( &TG ); mbedtls_mpi_free( &TA ); mbedtls_mpi_free( &TB );
-
- return( ret );
-}
-
-/*
- * Fill X with size bytes of random.
- *
- * Use a temporary bytes representation to make sure the result is the same
- * regardless of the platform endianness (useful when f_rng is actually
- * deterministic, eg for tests).
- */
-int mbedtls_mpi_fill_random( mbedtls_mpi *X, size_t size,
- int (*f_rng)(void *, unsigned char *, size_t),
- void *p_rng )
-{
- int ret;
- unsigned char buf[MBEDTLS_MPI_MAX_SIZE];
-
- if( size > MBEDTLS_MPI_MAX_SIZE )
- return( MBEDTLS_ERR_MPI_BAD_INPUT_DATA );
-
- MBEDTLS_MPI_CHK( f_rng( p_rng, buf, size ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary( X, buf, size ) );
-
-cleanup:
- return( ret );
-}
-
-/*
- * Modular inverse: X = A^-1 mod N (HAC 14.61 / 14.64)
- */
-int mbedtls_mpi_inv_mod( mbedtls_mpi *X, const mbedtls_mpi *A, const mbedtls_mpi *N )
-{
- int ret;
- mbedtls_mpi G, TA, TU, U1, U2, TB, TV, V1, V2;
-
- if( mbedtls_mpi_cmp_int( N, 1 ) <= 0 )
- return( MBEDTLS_ERR_MPI_BAD_INPUT_DATA );
-
- mbedtls_mpi_init( &TA ); mbedtls_mpi_init( &TU ); mbedtls_mpi_init( &U1 ); mbedtls_mpi_init( &U2 );
- mbedtls_mpi_init( &G ); mbedtls_mpi_init( &TB ); mbedtls_mpi_init( &TV );
- mbedtls_mpi_init( &V1 ); mbedtls_mpi_init( &V2 );
-
- MBEDTLS_MPI_CHK( mbedtls_mpi_gcd( &G, A, N ) );
-
- if( mbedtls_mpi_cmp_int( &G, 1 ) != 0 )
- {
- ret = MBEDTLS_ERR_MPI_NOT_ACCEPTABLE;
- goto cleanup;
- }
-
- MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &TA, A, N ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &TU, &TA ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &TB, N ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &TV, N ) );
-
- MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &U1, 1 ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &U2, 0 ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &V1, 0 ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &V2, 1 ) );
-
- do
- {
- while( ( TU.p[0] & 1 ) == 0 )
- {
- MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( &TU, 1 ) );
-
- if( ( U1.p[0] & 1 ) != 0 || ( U2.p[0] & 1 ) != 0 )
- {
- MBEDTLS_MPI_CHK( mbedtls_mpi_add_mpi( &U1, &U1, &TB ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( &U2, &U2, &TA ) );
- }
-
- MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( &U1, 1 ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( &U2, 1 ) );
- }
-
- while( ( TV.p[0] & 1 ) == 0 )
- {
- MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( &TV, 1 ) );
-
- if( ( V1.p[0] & 1 ) != 0 || ( V2.p[0] & 1 ) != 0 )
- {
- MBEDTLS_MPI_CHK( mbedtls_mpi_add_mpi( &V1, &V1, &TB ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( &V2, &V2, &TA ) );
- }
-
- MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( &V1, 1 ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( &V2, 1 ) );
- }
-
- if( mbedtls_mpi_cmp_mpi( &TU, &TV ) >= 0 )
- {
- MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( &TU, &TU, &TV ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( &U1, &U1, &V1 ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( &U2, &U2, &V2 ) );
- }
- else
- {
- MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( &TV, &TV, &TU ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( &V1, &V1, &U1 ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( &V2, &V2, &U2 ) );
- }
- }
- while( mbedtls_mpi_cmp_int( &TU, 0 ) != 0 );
-
- while( mbedtls_mpi_cmp_int( &V1, 0 ) < 0 )
- MBEDTLS_MPI_CHK( mbedtls_mpi_add_mpi( &V1, &V1, N ) );
-
- while( mbedtls_mpi_cmp_mpi( &V1, N ) >= 0 )
- MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( &V1, &V1, N ) );
-
- MBEDTLS_MPI_CHK( mbedtls_mpi_copy( X, &V1 ) );
-
-cleanup:
-
- mbedtls_mpi_free( &TA ); mbedtls_mpi_free( &TU ); mbedtls_mpi_free( &U1 ); mbedtls_mpi_free( &U2 );
- mbedtls_mpi_free( &G ); mbedtls_mpi_free( &TB ); mbedtls_mpi_free( &TV );
- mbedtls_mpi_free( &V1 ); mbedtls_mpi_free( &V2 );
-
- return( ret );
-}
-
-#if defined(MBEDTLS_GENPRIME)
-
-static const int small_prime[] =
-{
- 3, 5, 7, 11, 13, 17, 19, 23,
- 29, 31, 37, 41, 43, 47, 53, 59,
- 61, 67, 71, 73, 79, 83, 89, 97,
- 101, 103, 107, 109, 113, 127, 131, 137,
- 139, 149, 151, 157, 163, 167, 173, 179,
- 181, 191, 193, 197, 199, 211, 223, 227,
- 229, 233, 239, 241, 251, 257, 263, 269,
- 271, 277, 281, 283, 293, 307, 311, 313,
- 317, 331, 337, 347, 349, 353, 359, 367,
- 373, 379, 383, 389, 397, 401, 409, 419,
- 421, 431, 433, 439, 443, 449, 457, 461,
- 463, 467, 479, 487, 491, 499, 503, 509,
- 521, 523, 541, 547, 557, 563, 569, 571,
- 577, 587, 593, 599, 601, 607, 613, 617,
- 619, 631, 641, 643, 647, 653, 659, 661,
- 673, 677, 683, 691, 701, 709, 719, 727,
- 733, 739, 743, 751, 757, 761, 769, 773,
- 787, 797, 809, 811, 821, 823, 827, 829,
- 839, 853, 857, 859, 863, 877, 881, 883,
- 887, 907, 911, 919, 929, 937, 941, 947,
- 953, 967, 971, 977, 983, 991, 997, -103
-};
-
-/*
- * Small divisors test (X must be positive)
- *
- * Return values:
- * 0: no small factor (possible prime, more tests needed)
- * 1: certain prime
- * MBEDTLS_ERR_MPI_NOT_ACCEPTABLE: certain non-prime
- * other negative: error
- */
-static int mpi_check_small_factors( const mbedtls_mpi *X )
-{
- int ret = 0;
- size_t i;
- mbedtls_mpi_uint r;
-
- if( ( X->p[0] & 1 ) == 0 )
- return( MBEDTLS_ERR_MPI_NOT_ACCEPTABLE );
-
- for( i = 0; small_prime[i] > 0; i++ )
- {
- if( mbedtls_mpi_cmp_int( X, small_prime[i] ) <= 0 )
- return( 1 );
-
- MBEDTLS_MPI_CHK( mbedtls_mpi_mod_int( &r, X, small_prime[i] ) );
-
- if( r == 0 )
- return( MBEDTLS_ERR_MPI_NOT_ACCEPTABLE );
- }
-
-cleanup:
- return( ret );
-}
-
-/*
- * Miller-Rabin pseudo-primality test (HAC 4.24)
- */
-static int mpi_miller_rabin( const mbedtls_mpi *X,
- int (*f_rng)(void *, unsigned char *, size_t),
- void *p_rng )
-{
- int ret, count;
- size_t i, j, k, n, s;
- mbedtls_mpi W, R, T, A, RR;
-
- mbedtls_mpi_init( &W ); mbedtls_mpi_init( &R ); mbedtls_mpi_init( &T ); mbedtls_mpi_init( &A );
- mbedtls_mpi_init( &RR );
-
- /*
- * W = |X| - 1
- * R = W >> lsb( W )
- */
- MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( &W, X, 1 ) );
- s = mbedtls_mpi_lsb( &W );
- MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &R, &W ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( &R, s ) );
-
- i = mbedtls_mpi_bitlen( X );
- /*
- * HAC, table 4.4
- */
- n = ( ( i >= 1300 ) ? 2 : ( i >= 850 ) ? 3 :
- ( i >= 650 ) ? 4 : ( i >= 350 ) ? 8 :
- ( i >= 250 ) ? 12 : ( i >= 150 ) ? 18 : 27 );
-
- for( i = 0; i < n; i++ )
- {
- /*
- * pick a random A, 1 < A < |X| - 1
- */
- MBEDTLS_MPI_CHK( mbedtls_mpi_fill_random( &A, X->n * ciL, f_rng, p_rng ) );
-
- if( mbedtls_mpi_cmp_mpi( &A, &W ) >= 0 )
- {
- j = mbedtls_mpi_bitlen( &A ) - mbedtls_mpi_bitlen( &W );
- MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( &A, j + 1 ) );
- }
- A.p[0] |= 3;
-
- count = 0;
- do {
- MBEDTLS_MPI_CHK( mbedtls_mpi_fill_random( &A, X->n * ciL, f_rng, p_rng ) );
-
- j = mbedtls_mpi_bitlen( &A );
- k = mbedtls_mpi_bitlen( &W );
- if (j > k) {
- MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( &A, j - k ) );
- }
-
- if (count++ > 30) {
- return MBEDTLS_ERR_MPI_NOT_ACCEPTABLE;
- }
-
- } while ( mbedtls_mpi_cmp_mpi( &A, &W ) >= 0 ||
- mbedtls_mpi_cmp_int( &A, 1 ) <= 0 );
-
- /*
- * A = A^R mod |X|
- */
- MBEDTLS_MPI_CHK( mbedtls_mpi_exp_mod( &A, &A, &R, X, &RR ) );
-
- if( mbedtls_mpi_cmp_mpi( &A, &W ) == 0 ||
- mbedtls_mpi_cmp_int( &A, 1 ) == 0 )
- continue;
-
- j = 1;
- while( j < s && mbedtls_mpi_cmp_mpi( &A, &W ) != 0 )
- {
- /*
- * A = A * A mod |X|
- */
- MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &T, &A, &A ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &A, &T, X ) );
-
- if( mbedtls_mpi_cmp_int( &A, 1 ) == 0 )
- break;
-
- j++;
- }
-
- /*
- * not prime if A != |X| - 1 or A == 1
- */
- if( mbedtls_mpi_cmp_mpi( &A, &W ) != 0 ||
- mbedtls_mpi_cmp_int( &A, 1 ) == 0 )
- {
- ret = MBEDTLS_ERR_MPI_NOT_ACCEPTABLE;
- break;
- }
- }
-
-cleanup:
- mbedtls_mpi_free( &W ); mbedtls_mpi_free( &R ); mbedtls_mpi_free( &T ); mbedtls_mpi_free( &A );
- mbedtls_mpi_free( &RR );
-
- return( ret );
-}
-
-/*
- * Pseudo-primality test: small factors, then Miller-Rabin
- */
-int mbedtls_mpi_is_prime( const mbedtls_mpi *X,
- int (*f_rng)(void *, unsigned char *, size_t),
- void *p_rng )
-{
- int ret;
- mbedtls_mpi XX;
-
- XX.s = 1;
- XX.n = X->n;
- XX.p = X->p;
-
- if( mbedtls_mpi_cmp_int( &XX, 0 ) == 0 ||
- mbedtls_mpi_cmp_int( &XX, 1 ) == 0 )
- return( MBEDTLS_ERR_MPI_NOT_ACCEPTABLE );
-
- if( mbedtls_mpi_cmp_int( &XX, 2 ) == 0 )
- return( 0 );
-
- if( ( ret = mpi_check_small_factors( &XX ) ) != 0 )
- {
- if( ret == 1 )
- return( 0 );
-
- return( ret );
- }
-
- return( mpi_miller_rabin( &XX, f_rng, p_rng ) );
-}
-
-/*
- * Prime number generation
- */
-int mbedtls_mpi_gen_prime( mbedtls_mpi *X, size_t nbits, int dh_flag,
- int (*f_rng)(void *, unsigned char *, size_t),
- void *p_rng )
-{
- int ret;
- size_t k, n;
- mbedtls_mpi_uint r;
- mbedtls_mpi Y;
-
- if( nbits < 3 || nbits > MBEDTLS_MPI_MAX_BITS )
- return( MBEDTLS_ERR_MPI_BAD_INPUT_DATA );
-
- mbedtls_mpi_init( &Y );
-
- n = BITS_TO_LIMBS( nbits );
-
- MBEDTLS_MPI_CHK( mbedtls_mpi_fill_random( X, n * ciL, f_rng, p_rng ) );
-
- k = mbedtls_mpi_bitlen( X );
- if( k > nbits ) MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( X, k - nbits + 1 ) );
-
- mbedtls_mpi_set_bit( X, nbits-1, 1 );
-
- X->p[0] |= 1;
-
- if( dh_flag == 0 )
- {
- while( ( ret = mbedtls_mpi_is_prime( X, f_rng, p_rng ) ) != 0 )
- {
- if( ret != MBEDTLS_ERR_MPI_NOT_ACCEPTABLE )
- goto cleanup;
-
- MBEDTLS_MPI_CHK( mbedtls_mpi_add_int( X, X, 2 ) );
- }
- }
- else
- {
- /*
- * An necessary condition for Y and X = 2Y + 1 to be prime
- * is X = 2 mod 3 (which is equivalent to Y = 2 mod 3).
- * Make sure it is satisfied, while keeping X = 3 mod 4
- */
-
- X->p[0] |= 2;
-
- MBEDTLS_MPI_CHK( mbedtls_mpi_mod_int( &r, X, 3 ) );
- if( r == 0 )
- MBEDTLS_MPI_CHK( mbedtls_mpi_add_int( X, X, 8 ) );
- else if( r == 1 )
- MBEDTLS_MPI_CHK( mbedtls_mpi_add_int( X, X, 4 ) );
-
- /* Set Y = (X-1) / 2, which is X / 2 because X is odd */
- MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &Y, X ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( &Y, 1 ) );
-
- while( 1 )
- {
- /*
- * First, check small factors for X and Y
- * before doing Miller-Rabin on any of them
- */
- if( ( ret = mpi_check_small_factors( X ) ) == 0 &&
- ( ret = mpi_check_small_factors( &Y ) ) == 0 &&
- ( ret = mpi_miller_rabin( X, f_rng, p_rng ) ) == 0 &&
- ( ret = mpi_miller_rabin( &Y, f_rng, p_rng ) ) == 0 )
- {
- break;
- }
-
- if( ret != MBEDTLS_ERR_MPI_NOT_ACCEPTABLE )
- goto cleanup;
-
- /*
- * Next candidates. We want to preserve Y = (X-1) / 2 and
- * Y = 1 mod 2 and Y = 2 mod 3 (eq X = 3 mod 4 and X = 2 mod 3)
- * so up Y by 6 and X by 12.
- */
- MBEDTLS_MPI_CHK( mbedtls_mpi_add_int( X, X, 12 ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_add_int( &Y, &Y, 6 ) );
- }
- }
-
-cleanup:
-
- mbedtls_mpi_free( &Y );
-
- return( ret );
-}
-
-#endif /* MBEDTLS_GENPRIME */
-
-#if defined(MBEDTLS_SELF_TEST)
-
-#define GCD_PAIR_COUNT 3
-
-static const int gcd_pairs[GCD_PAIR_COUNT][3] =
-{
- { 693, 609, 21 },
- { 1764, 868, 28 },
- { 768454923, 542167814, 1 }
-};
-
-/*
- * Checkup routine
- */
-int mbedtls_mpi_self_test( int verbose )
-{
- int ret, i;
- mbedtls_mpi A, E, N, X, Y, U, V;
-
- mbedtls_mpi_init( &A ); mbedtls_mpi_init( &E ); mbedtls_mpi_init( &N ); mbedtls_mpi_init( &X );
- mbedtls_mpi_init( &Y ); mbedtls_mpi_init( &U ); mbedtls_mpi_init( &V );
-
- MBEDTLS_MPI_CHK( mbedtls_mpi_read_string( &A, 16,
- "EFE021C2645FD1DC586E69184AF4A31E" \
- "D5F53E93B5F123FA41680867BA110131" \
- "944FE7952E2517337780CB0DB80E61AA" \
- "E7C8DDC6C5C6AADEB34EB38A2F40D5E6" ) );
-
- MBEDTLS_MPI_CHK( mbedtls_mpi_read_string( &E, 16,
- "B2E7EFD37075B9F03FF989C7C5051C20" \
- "34D2A323810251127E7BF8625A4F49A5" \
- "F3E27F4DA8BD59C47D6DAABA4C8127BD" \
- "5B5C25763222FEFCCFC38B832366C29E" ) );
-
- MBEDTLS_MPI_CHK( mbedtls_mpi_read_string( &N, 16,
- "0066A198186C18C10B2F5ED9B522752A" \
- "9830B69916E535C8F047518A889A43A5" \
- "94B6BED27A168D31D4A52F88925AA8F5" ) );
-
- MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &X, &A, &N ) );
-
- MBEDTLS_MPI_CHK( mbedtls_mpi_read_string( &U, 16,
- "602AB7ECA597A3D6B56FF9829A5E8B85" \
- "9E857EA95A03512E2BAE7391688D264A" \
- "A5663B0341DB9CCFD2C4C5F421FEC814" \
- "8001B72E848A38CAE1C65F78E56ABDEF" \
- "E12D3C039B8A02D6BE593F0BBBDA56F1" \
- "ECF677152EF804370C1A305CAF3B5BF1" \
- "30879B56C61DE584A0F53A2447A51E" ) );
-
- if( verbose != 0 )
- mbedtls_printf( " MPI test #1 (mul_mpi): " );
-
- if( mbedtls_mpi_cmp_mpi( &X, &U ) != 0 )
- {
- if( verbose != 0 )
- mbedtls_printf( "failed\n" );
-
- ret = 1;
- goto cleanup;
- }
-
- if( verbose != 0 )
- mbedtls_printf( "passed\n" );
-
- MBEDTLS_MPI_CHK( mbedtls_mpi_div_mpi( &X, &Y, &A, &N ) );
-
- MBEDTLS_MPI_CHK( mbedtls_mpi_read_string( &U, 16,
- "256567336059E52CAE22925474705F39A94" ) );
-
- MBEDTLS_MPI_CHK( mbedtls_mpi_read_string( &V, 16,
- "6613F26162223DF488E9CD48CC132C7A" \
- "0AC93C701B001B092E4E5B9F73BCD27B" \
- "9EE50D0657C77F374E903CDFA4C642" ) );
-
- if( verbose != 0 )
- mbedtls_printf( " MPI test #2 (div_mpi): " );
-
- if( mbedtls_mpi_cmp_mpi( &X, &U ) != 0 ||
- mbedtls_mpi_cmp_mpi( &Y, &V ) != 0 )
- {
- if( verbose != 0 )
- mbedtls_printf( "failed\n" );
-
- ret = 1;
- goto cleanup;
- }
-
- if( verbose != 0 )
- mbedtls_printf( "passed\n" );
-
- MBEDTLS_MPI_CHK( mbedtls_mpi_exp_mod( &X, &A, &E, &N, NULL ) );
-
- MBEDTLS_MPI_CHK( mbedtls_mpi_read_string( &U, 16,
- "36E139AEA55215609D2816998ED020BB" \
- "BD96C37890F65171D948E9BC7CBAA4D9" \
- "325D24D6A3C12710F10A09FA08AB87" ) );
-
- if( verbose != 0 )
- mbedtls_printf( " MPI test #3 (exp_mod): " );
-
- if( mbedtls_mpi_cmp_mpi( &X, &U ) != 0 )
- {
- if( verbose != 0 )
- mbedtls_printf( "failed\n" );
-
- ret = 1;
- goto cleanup;
- }
-
- if( verbose != 0 )
- mbedtls_printf( "passed\n" );
-
- MBEDTLS_MPI_CHK( mbedtls_mpi_inv_mod( &X, &A, &N ) );
-
- MBEDTLS_MPI_CHK( mbedtls_mpi_read_string( &U, 16,
- "003A0AAEDD7E784FC07D8F9EC6E3BFD5" \
- "C3DBA76456363A10869622EAC2DD84EC" \
- "C5B8A74DAC4D09E03B5E0BE779F2DF61" ) );
-
- if( verbose != 0 )
- mbedtls_printf( " MPI test #4 (inv_mod): " );
-
- if( mbedtls_mpi_cmp_mpi( &X, &U ) != 0 )
- {
- if( verbose != 0 )
- mbedtls_printf( "failed\n" );
-
- ret = 1;
- goto cleanup;
- }
-
- if( verbose != 0 )
- mbedtls_printf( "passed\n" );
-
- if( verbose != 0 )
- mbedtls_printf( " MPI test #5 (simple gcd): " );
-
- for( i = 0; i < GCD_PAIR_COUNT; i++ )
- {
- MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &X, gcd_pairs[i][0] ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &Y, gcd_pairs[i][1] ) );
-
- MBEDTLS_MPI_CHK( mbedtls_mpi_gcd( &A, &X, &Y ) );
-
- if( mbedtls_mpi_cmp_int( &A, gcd_pairs[i][2] ) != 0 )
- {
- if( verbose != 0 )
- mbedtls_printf( "failed at %d\n", i );
-
- ret = 1;
- goto cleanup;
- }
- }
-
- if( verbose != 0 )
- mbedtls_printf( "passed\n" );
-
-cleanup:
-
- if( ret != 0 && verbose != 0 )
- mbedtls_printf( "Unexpected error, return code = %08X\n", ret );
-
- mbedtls_mpi_free( &A ); mbedtls_mpi_free( &E ); mbedtls_mpi_free( &N ); mbedtls_mpi_free( &X );
- mbedtls_mpi_free( &Y ); mbedtls_mpi_free( &U ); mbedtls_mpi_free( &V );
-
- if( verbose != 0 )
- mbedtls_printf( "\n" );
-
- return( ret );
-}
-
-#endif /* MBEDTLS_SELF_TEST */
-
-#endif /* MBEDTLS_BIGNUM_C */
diff --git a/backport/compat/verification/key.c b/backport/compat/verification/key.c
deleted file mode 100644
index 329f8b22..00000000
--- a/backport/compat/verification/key.c
+++ /dev/null
@@ -1,172 +0,0 @@
-#include <linux/export.h>
-#include <linux/slab.h>
-#include <linux/key.h>
-#include <linux/err.h>
-#include <keys/asymmetric-type.h>
-#include "x509_parser.h"
-
-static void keyring_clear(struct key *keyring)
-{
- struct key *key, *tmp;
-
- if (!keyring->keyring)
- return;
-
- list_for_each_entry_safe(key, tmp, &keyring->list, list) {
- WARN_ON(refcount_read(&key->refcount) > 1);
- key_put(key);
- }
-}
-
-void key_put(struct key *key)
-{
- if (refcount_dec_and_test(&key->refcount)) {
- keyring_clear(key);
- list_del(&key->list);
- kfree(key->description);
- public_key_free(key->public_key);
- public_key_signature_free(key->sig);
- kfree(key->kids.id[0]);
- kfree(key->kids.id[1]);
- kfree(key);
- }
-}
-EXPORT_SYMBOL_GPL(key_put);
-
-static struct key *key_alloc(void)
-{
- struct key *key = kzalloc(sizeof(*key), GFP_KERNEL);
-
- if (!key)
- return NULL;
- refcount_set(&key->refcount, 1);
- INIT_LIST_HEAD(&key->list);
-
- return key;
-}
-
-struct key *bp_keyring_alloc(void)
-{
- struct key *key = key_alloc();
-
- if (!key)
- return NULL;
-
- key->keyring = true;
-
- return key;
-}
-EXPORT_SYMBOL_GPL(bp_keyring_alloc);
-
-key_ref_t bp_key_create_or_update(key_ref_t keyring,
- const char *description,
- const void *payload,
- size_t plen)
-{
- struct key *key = key_alloc();
- struct x509_certificate *cert;
- const char *q;
- size_t srlen, sulen;
- char *desc = NULL, *p;
- int err;
-
- if (!key)
- return NULL;
-
- cert = x509_cert_parse(payload, plen);
- if (IS_ERR(cert)) {
- err = PTR_ERR(cert);
- goto free;
- }
-
- if (cert->unsupported_sig) {
- public_key_signature_free(cert->sig);
- cert->sig = NULL;
- }
-
- sulen = strlen(cert->subject);
- if (cert->raw_skid) {
- srlen = cert->raw_skid_size;
- q = cert->raw_skid;
- } else {
- srlen = cert->raw_serial_size;
- q = cert->raw_serial;
- }
-
- err = -ENOMEM;
- desc = kmalloc(sulen + 2 + srlen * 2 + 1, GFP_KERNEL);
- if (!desc)
- goto free;
- p = memcpy(desc, cert->subject, sulen);
- p += sulen;
- *p++ = ':';
- *p++ = ' ';
- p = bin2hex(p, q, srlen);
- *p = 0;
- key->description = desc;
-
- key->kids.id[0] = cert->id;
- key->kids.id[1] = cert->skid;
- key->public_key = cert->pub;
- key->sig = cert->sig;
-
- cert->id = NULL;
- cert->skid = NULL;
- cert->pub = NULL;
- cert->sig = NULL;
- x509_free_certificate(cert);
-
- refcount_inc(&key->refcount);
- list_add_tail(&key->list, &key_ref_to_ptr(keyring)->list);
-
- return make_key_ref(key, 0);
-free:
- kfree(key);
- return ERR_PTR(err);
-}
-EXPORT_SYMBOL_GPL(bp_key_create_or_update);
-
-struct key *find_asymmetric_key(struct key *keyring,
- const struct asymmetric_key_id *id_0,
- const struct asymmetric_key_id *id_1,
- bool partial)
-{
- struct key *key;
-
- if (WARN_ON(partial))
- return ERR_PTR(-ENOENT);
- if (WARN_ON(!keyring))
- return ERR_PTR(-EINVAL);
-
- list_for_each_entry(key, &keyring->list, list) {
- const struct asymmetric_key_ids *kids = &key->kids;
-
- if (id_0 && (!kids->id[0] ||
- !asymmetric_key_id_same(id_0, kids->id[0])))
- continue;
- if (id_1 && (!kids->id[1] ||
- !asymmetric_key_id_same(id_0, kids->id[1])))
- continue;
-
- refcount_inc(&key->refcount);
- return key;
- }
-
- return ERR_PTR(-ENOKEY);
-}
-
-struct asymmetric_key_id *
-asymmetric_key_generate_id(const void *val_1, size_t len_1,
- const void *val_2, size_t len_2)
-{
- struct asymmetric_key_id *kid;
-
- kid = kmalloc(sizeof(struct asymmetric_key_id) + len_1 + len_2,
- GFP_KERNEL);
- if (!kid)
- return ERR_PTR(-ENOMEM);
- kid->len = len_1 + len_2;
- memcpy(kid->data, val_1, len_1);
- memcpy(kid->data + len_1, val_2, len_2);
- return kid;
-}
diff --git a/backport/compat/verification/mbedtls/asn1.h b/backport/compat/verification/mbedtls/asn1.h
deleted file mode 100644
index 46eb214b..00000000
--- a/backport/compat/verification/mbedtls/asn1.h
+++ /dev/null
@@ -1,342 +0,0 @@
-/**
- * \file asn1.h
- *
- * \brief Generic ASN.1 parsing
- *
- * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
- * SPDX-License-Identifier: GPL-2.0
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License along
- * with this program; if not, write to the Free Software Foundation, Inc.,
- * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
- *
- * This file is part of mbed TLS (https://tls.mbed.org)
- */
-#ifndef MBEDTLS_ASN1_H
-#define MBEDTLS_ASN1_H
-
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
-
-#if defined(MBEDTLS_BIGNUM_C)
-#include "bignum.h"
-#endif
-
-/**
- * \addtogroup asn1_module
- * \{
- */
-
-/**
- * \name ASN1 Error codes
- * These error codes are OR'ed to X509 error codes for
- * higher error granularity.
- * ASN1 is a standard to specify data structures.
- * \{
- */
-#define MBEDTLS_ERR_ASN1_OUT_OF_DATA -0x0060 /**< Out of data when parsing an ASN1 data structure. */
-#define MBEDTLS_ERR_ASN1_UNEXPECTED_TAG -0x0062 /**< ASN1 tag was of an unexpected value. */
-#define MBEDTLS_ERR_ASN1_INVALID_LENGTH -0x0064 /**< Error when trying to determine the length or invalid length. */
-#define MBEDTLS_ERR_ASN1_LENGTH_MISMATCH -0x0066 /**< Actual length differs from expected length. */
-#define MBEDTLS_ERR_ASN1_INVALID_DATA -0x0068 /**< Data is invalid. (not used) */
-#define MBEDTLS_ERR_ASN1_ALLOC_FAILED -0x006A /**< Memory allocation failed */
-#define MBEDTLS_ERR_ASN1_BUF_TOO_SMALL -0x006C /**< Buffer too small when writing ASN.1 data structure. */
-
-/* \} name */
-
-/**
- * \name DER constants
- * These constants comply with DER encoded the ANS1 type tags.
- * DER encoding uses hexadecimal representation.
- * An example DER sequence is:\n
- * - 0x02 -- tag indicating INTEGER
- * - 0x01 -- length in octets
- * - 0x05 -- value
- * Such sequences are typically read into \c ::mbedtls_x509_buf.
- * \{
- */
-#define MBEDTLS_ASN1_BOOLEAN 0x01
-#define MBEDTLS_ASN1_INTEGER 0x02
-#define MBEDTLS_ASN1_BIT_STRING 0x03
-#define MBEDTLS_ASN1_OCTET_STRING 0x04
-#define MBEDTLS_ASN1_NULL 0x05
-#define MBEDTLS_ASN1_OID 0x06
-#define MBEDTLS_ASN1_UTF8_STRING 0x0C
-#define MBEDTLS_ASN1_SEQUENCE 0x10
-#define MBEDTLS_ASN1_SET 0x11
-#define MBEDTLS_ASN1_PRINTABLE_STRING 0x13
-#define MBEDTLS_ASN1_T61_STRING 0x14
-#define MBEDTLS_ASN1_IA5_STRING 0x16
-#define MBEDTLS_ASN1_UTC_TIME 0x17
-#define MBEDTLS_ASN1_GENERALIZED_TIME 0x18
-#define MBEDTLS_ASN1_UNIVERSAL_STRING 0x1C
-#define MBEDTLS_ASN1_BMP_STRING 0x1E
-#define MBEDTLS_ASN1_PRIMITIVE 0x00
-#define MBEDTLS_ASN1_CONSTRUCTED 0x20
-#define MBEDTLS_ASN1_CONTEXT_SPECIFIC 0x80
-/* \} name */
-/* \} addtogroup asn1_module */
-
-/** Returns the size of the binary string, without the trailing \\0 */
-#define MBEDTLS_OID_SIZE(x) (sizeof(x) - 1)
-
-/**
- * Compares an mbedtls_asn1_buf structure to a reference OID.
- *
- * Only works for 'defined' oid_str values (MBEDTLS_OID_HMAC_SHA1), you cannot use a
- * 'unsigned char *oid' here!
- */
-#define MBEDTLS_OID_CMP(oid_str, oid_buf) \
- ( ( MBEDTLS_OID_SIZE(oid_str) != (oid_buf)->len ) || \
- memcmp( (oid_str), (oid_buf)->p, (oid_buf)->len) != 0 )
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/**
- * \name Functions to parse ASN.1 data structures
- * \{
- */
-
-/**
- * Type-length-value structure that allows for ASN1 using DER.
- */
-typedef struct mbedtls_asn1_buf
-{
- int tag; /**< ASN1 type, e.g. MBEDTLS_ASN1_UTF8_STRING. */
- size_t len; /**< ASN1 length, in octets. */
- unsigned char *p; /**< ASN1 data, e.g. in ASCII. */
-}
-mbedtls_asn1_buf;
-
-/**
- * Container for ASN1 bit strings.
- */
-typedef struct mbedtls_asn1_bitstring
-{
- size_t len; /**< ASN1 length, in octets. */
- unsigned char unused_bits; /**< Number of unused bits at the end of the string */
- unsigned char *p; /**< Raw ASN1 data for the bit string */
-}
-mbedtls_asn1_bitstring;
-
-/**
- * Container for a sequence of ASN.1 items
- */
-typedef struct mbedtls_asn1_sequence
-{
- mbedtls_asn1_buf buf; /**< Buffer containing the given ASN.1 item. */
- struct mbedtls_asn1_sequence *next; /**< The next entry in the sequence. */
-}
-mbedtls_asn1_sequence;
-
-/**
- * Container for a sequence or list of 'named' ASN.1 data items
- */
-typedef struct mbedtls_asn1_named_data
-{
- mbedtls_asn1_buf oid; /**< The object identifier. */
- mbedtls_asn1_buf val; /**< The named value. */
- struct mbedtls_asn1_named_data *next; /**< The next entry in the sequence. */
- unsigned char next_merged; /**< Merge next item into the current one? */
-}
-mbedtls_asn1_named_data;
-
-/**
- * \brief Get the length of an ASN.1 element.
- * Updates the pointer to immediately behind the length.
- *
- * \param p The position in the ASN.1 data
- * \param end End of data
- * \param len The variable that will receive the value
- *
- * \return 0 if successful, MBEDTLS_ERR_ASN1_OUT_OF_DATA on reaching
- * end of data, MBEDTLS_ERR_ASN1_INVALID_LENGTH if length is
- * unparseable.
- */
-int mbedtls_asn1_get_len( unsigned char **p,
- const unsigned char *end,
- size_t *len );
-
-/**
- * \brief Get the tag and length of the tag. Check for the requested tag.
- * Updates the pointer to immediately behind the tag and length.
- *
- * \param p The position in the ASN.1 data
- * \param end End of data
- * \param len The variable that will receive the length
- * \param tag The expected tag
- *
- * \return 0 if successful, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG if tag did
- * not match requested tag, or another specific ASN.1 error code.
- */
-int mbedtls_asn1_get_tag( unsigned char **p,
- const unsigned char *end,
- size_t *len, int tag );
-
-/**
- * \brief Retrieve a boolean ASN.1 tag and its value.
- * Updates the pointer to immediately behind the full tag.
- *
- * \param p The position in the ASN.1 data
- * \param end End of data
- * \param val The variable that will receive the value
- *
- * \return 0 if successful or a specific ASN.1 error code.
- */
-int mbedtls_asn1_get_bool( unsigned char **p,
- const unsigned char *end,
- int *val );
-
-/**
- * \brief Retrieve an integer ASN.1 tag and its value.
- * Updates the pointer to immediately behind the full tag.
- *
- * \param p The position in the ASN.1 data
- * \param end End of data
- * \param val The variable that will receive the value
- *
- * \return 0 if successful or a specific ASN.1 error code.
- */
-int mbedtls_asn1_get_int( unsigned char **p,
- const unsigned char *end,
- int *val );
-
-/**
- * \brief Retrieve a bitstring ASN.1 tag and its value.
- * Updates the pointer to immediately behind the full tag.
- *
- * \param p The position in the ASN.1 data
- * \param end End of data
- * \param bs The variable that will receive the value
- *
- * \return 0 if successful or a specific ASN.1 error code.
- */
-int mbedtls_asn1_get_bitstring( unsigned char **p, const unsigned char *end,
- mbedtls_asn1_bitstring *bs);
-
-/**
- * \brief Retrieve a bitstring ASN.1 tag without unused bits and its
- * value.
- * Updates the pointer to the beginning of the bit/octet string.
- *
- * \param p The position in the ASN.1 data
- * \param end End of data
- * \param len Length of the actual bit/octect string in bytes
- *
- * \return 0 if successful or a specific ASN.1 error code.
- */
-int mbedtls_asn1_get_bitstring_null( unsigned char **p, const unsigned char *end,
- size_t *len );
-
-/**
- * \brief Parses and splits an ASN.1 "SEQUENCE OF <tag>"
- * Updated the pointer to immediately behind the full sequence tag.
- *
- * \param p The position in the ASN.1 data
- * \param end End of data
- * \param cur First variable in the chain to fill
- * \param tag Type of sequence
- *
- * \return 0 if successful or a specific ASN.1 error code.
- */
-int mbedtls_asn1_get_sequence_of( unsigned char **p,
- const unsigned char *end,
- mbedtls_asn1_sequence *cur,
- int tag);
-
-#if defined(MBEDTLS_BIGNUM_C)
-/**
- * \brief Retrieve a MPI value from an integer ASN.1 tag.
- * Updates the pointer to immediately behind the full tag.
- *
- * \param p The position in the ASN.1 data
- * \param end End of data
- * \param X The MPI that will receive the value
- *
- * \return 0 if successful or a specific ASN.1 or MPI error code.
- */
-int mbedtls_asn1_get_mpi( unsigned char **p,
- const unsigned char *end,
- mbedtls_mpi *X );
-#endif /* MBEDTLS_BIGNUM_C */
-
-/**
- * \brief Retrieve an AlgorithmIdentifier ASN.1 sequence.
- * Updates the pointer to immediately behind the full
- * AlgorithmIdentifier.
- *
- * \param p The position in the ASN.1 data
- * \param end End of data
- * \param alg The buffer to receive the OID
- * \param params The buffer to receive the params (if any)
- *
- * \return 0 if successful or a specific ASN.1 or MPI error code.
- */
-int mbedtls_asn1_get_alg( unsigned char **p,
- const unsigned char *end,
- mbedtls_asn1_buf *alg, mbedtls_asn1_buf *params );
-
-/**
- * \brief Retrieve an AlgorithmIdentifier ASN.1 sequence with NULL or no
- * params.
- * Updates the pointer to immediately behind the full
- * AlgorithmIdentifier.
- *
- * \param p The position in the ASN.1 data
- * \param end End of data
- * \param alg The buffer to receive the OID
- *
- * \return 0 if successful or a specific ASN.1 or MPI error code.
- */
-int mbedtls_asn1_get_alg_null( unsigned char **p,
- const unsigned char *end,
- mbedtls_asn1_buf *alg );
-
-/**
- * \brief Find a specific named_data entry in a sequence or list based on
- * the OID.
- *
- * \param list The list to seek through
- * \param oid The OID to look for
- * \param len Size of the OID
- *
- * \return NULL if not found, or a pointer to the existing entry.
- */
-mbedtls_asn1_named_data *mbedtls_asn1_find_named_data( mbedtls_asn1_named_data *list,
- const char *oid, size_t len );
-
-/**
- * \brief Free a mbedtls_asn1_named_data entry
- *
- * \param entry The named data entry to free
- */
-void mbedtls_asn1_free_named_data( mbedtls_asn1_named_data *entry );
-
-/**
- * \brief Free all entries in a mbedtls_asn1_named_data list
- * Head will be set to NULL
- *
- * \param head Pointer to the head of the list of named data entries to free
- */
-void mbedtls_asn1_free_named_data_list( mbedtls_asn1_named_data **head );
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* asn1.h */
diff --git a/backport/compat/verification/mbedtls/bignum.h b/backport/compat/verification/mbedtls/bignum.h
deleted file mode 100644
index 69f8e2d9..00000000
--- a/backport/compat/verification/mbedtls/bignum.h
+++ /dev/null
@@ -1,760 +0,0 @@
-/**
- * \file bignum.h
- *
- * \brief Multi-precision integer library
- *
- * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
- * SPDX-License-Identifier: GPL-2.0
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License along
- * with this program; if not, write to the Free Software Foundation, Inc.,
- * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
- *
- * This file is part of mbed TLS (https://tls.mbed.org)
- */
-#ifndef MBEDTLS_BIGNUM_H
-#define MBEDTLS_BIGNUM_H
-
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
-
-#if defined(MBEDTLS_FS_IO)
-#include <stdio.h>
-#endif
-
-#define MBEDTLS_ERR_MPI_FILE_IO_ERROR -0x0002 /**< An error occurred while reading from or writing to a file. */
-#define MBEDTLS_ERR_MPI_BAD_INPUT_DATA -0x0004 /**< Bad input parameters to function. */
-#define MBEDTLS_ERR_MPI_INVALID_CHARACTER -0x0006 /**< There is an invalid character in the digit string. */
-#define MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL -0x0008 /**< The buffer is too small to write to. */
-#define MBEDTLS_ERR_MPI_NEGATIVE_VALUE -0x000A /**< The input arguments are negative or result in illegal output. */
-#define MBEDTLS_ERR_MPI_DIVISION_BY_ZERO -0x000C /**< The input argument for division is zero, which is not allowed. */
-#define MBEDTLS_ERR_MPI_NOT_ACCEPTABLE -0x000E /**< The input arguments are not acceptable. */
-#define MBEDTLS_ERR_MPI_ALLOC_FAILED -0x0010 /**< Memory allocation failed. */
-
-#define MBEDTLS_MPI_CHK(f) do { if( ( ret = f ) != 0 ) goto cleanup; } while( 0 )
-
-/*
- * Maximum size MPIs are allowed to grow to in number of limbs.
- */
-#define MBEDTLS_MPI_MAX_LIMBS 10000
-
-#if !defined(MBEDTLS_MPI_WINDOW_SIZE)
-/*
- * Maximum window size used for modular exponentiation. Default: 6
- * Minimum value: 1. Maximum value: 6.
- *
- * Result is an array of ( 2 << MBEDTLS_MPI_WINDOW_SIZE ) MPIs used
- * for the sliding window calculation. (So 64 by default)
- *
- * Reduction in size, reduces speed.
- */
-#define MBEDTLS_MPI_WINDOW_SIZE 6 /**< Maximum windows size used. */
-#endif /* !MBEDTLS_MPI_WINDOW_SIZE */
-
-#if !defined(MBEDTLS_MPI_MAX_SIZE)
-/*
- * Maximum size of MPIs allowed in bits and bytes for user-MPIs.
- * ( Default: 512 bytes => 4096 bits, Maximum tested: 2048 bytes => 16384 bits )
- *
- * Note: Calculations can results temporarily in larger MPIs. So the number
- * of limbs required (MBEDTLS_MPI_MAX_LIMBS) is higher.
- */
-#define MBEDTLS_MPI_MAX_SIZE 1024 /**< Maximum number of bytes for usable MPIs. */
-#endif /* !MBEDTLS_MPI_MAX_SIZE */
-
-#define MBEDTLS_MPI_MAX_BITS ( 8 * MBEDTLS_MPI_MAX_SIZE ) /**< Maximum number of bits for usable MPIs. */
-
-/*
- * When reading from files with mbedtls_mpi_read_file() and writing to files with
- * mbedtls_mpi_write_file() the buffer should have space
- * for a (short) label, the MPI (in the provided radix), the newline
- * characters and the '\0'.
- *
- * By default we assume at least a 10 char label, a minimum radix of 10
- * (decimal) and a maximum of 4096 bit numbers (1234 decimal chars).
- * Autosized at compile time for at least a 10 char label, a minimum radix
- * of 10 (decimal) for a number of MBEDTLS_MPI_MAX_BITS size.
- *
- * This used to be statically sized to 1250 for a maximum of 4096 bit
- * numbers (1234 decimal chars).
- *
- * Calculate using the formula:
- * MBEDTLS_MPI_RW_BUFFER_SIZE = ceil(MBEDTLS_MPI_MAX_BITS / ln(10) * ln(2)) +
- * LabelSize + 6
- */
-#define MBEDTLS_MPI_MAX_BITS_SCALE100 ( 100 * MBEDTLS_MPI_MAX_BITS )
-#define MBEDTLS_LN_2_DIV_LN_10_SCALE100 332
-#define MBEDTLS_MPI_RW_BUFFER_SIZE ( ((MBEDTLS_MPI_MAX_BITS_SCALE100 + MBEDTLS_LN_2_DIV_LN_10_SCALE100 - 1) / MBEDTLS_LN_2_DIV_LN_10_SCALE100) + 10 + 6 )
-
-/*
- * Define the base integer type, architecture-wise.
- *
- * 32 or 64-bit integer types can be forced regardless of the underlying
- * architecture by defining MBEDTLS_HAVE_INT32 or MBEDTLS_HAVE_INT64
- * respectively and undefining MBEDTLS_HAVE_ASM.
- *
- * Double-width integers (e.g. 128-bit in 64-bit architectures) can be
- * disabled by defining MBEDTLS_NO_UDBL_DIVISION.
- */
-#if !defined(MBEDTLS_HAVE_INT32)
- #if defined(_MSC_VER) && defined(_M_AMD64)
- /* Always choose 64-bit when using MSC */
- #if !defined(MBEDTLS_HAVE_INT64)
- #define MBEDTLS_HAVE_INT64
- #endif /* !MBEDTLS_HAVE_INT64 */
- typedef int64_t mbedtls_mpi_sint;
- typedef uint64_t mbedtls_mpi_uint;
- #elif defined(__GNUC__) && ( \
- defined(__amd64__) || defined(__x86_64__) || \
- defined(__ppc64__) || defined(__powerpc64__) || \
- defined(__ia64__) || defined(__alpha__) || \
- ( defined(__sparc__) && defined(__arch64__) ) || \
- defined(__s390x__) || defined(__mips64) )
- #if !defined(MBEDTLS_HAVE_INT64)
- #define MBEDTLS_HAVE_INT64
- #endif /* MBEDTLS_HAVE_INT64 */
- typedef int64_t mbedtls_mpi_sint;
- typedef uint64_t mbedtls_mpi_uint;
- #if !defined(MBEDTLS_NO_UDBL_DIVISION)
- /* mbedtls_t_udbl defined as 128-bit unsigned int */
- typedef unsigned int mbedtls_t_udbl __attribute__((mode(TI)));
- #define MBEDTLS_HAVE_UDBL
- #endif /* !MBEDTLS_NO_UDBL_DIVISION */
- #elif defined(__ARMCC_VERSION) && defined(__aarch64__)
- /*
- * __ARMCC_VERSION is defined for both armcc and armclang and
- * __aarch64__ is only defined by armclang when compiling 64-bit code
- */
- #if !defined(MBEDTLS_HAVE_INT64)
- #define MBEDTLS_HAVE_INT64
- #endif /* !MBEDTLS_HAVE_INT64 */
- typedef int64_t mbedtls_mpi_sint;
- typedef uint64_t mbedtls_mpi_uint;
- #if !defined(MBEDTLS_NO_UDBL_DIVISION)
- /* mbedtls_t_udbl defined as 128-bit unsigned int */
- typedef __uint128_t mbedtls_t_udbl;
- #define MBEDTLS_HAVE_UDBL
- #endif /* !MBEDTLS_NO_UDBL_DIVISION */
- #elif defined(MBEDTLS_HAVE_INT64)
- /* Force 64-bit integers with unknown compiler */
- typedef int64_t mbedtls_mpi_sint;
- typedef uint64_t mbedtls_mpi_uint;
- #endif
-#endif /* !MBEDTLS_HAVE_INT32 */
-
-#if !defined(MBEDTLS_HAVE_INT64)
- /* Default to 32-bit compilation */
- #if !defined(MBEDTLS_HAVE_INT32)
- #define MBEDTLS_HAVE_INT32
- #endif /* !MBEDTLS_HAVE_INT32 */
- typedef int32_t mbedtls_mpi_sint;
- typedef uint32_t mbedtls_mpi_uint;
- #if !defined(MBEDTLS_NO_UDBL_DIVISION)
- typedef uint64_t mbedtls_t_udbl;
- #define MBEDTLS_HAVE_UDBL
- #endif /* !MBEDTLS_NO_UDBL_DIVISION */
-#endif /* !MBEDTLS_HAVE_INT64 */
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/**
- * \brief MPI structure
- */
-typedef struct
-{
- int s; /*!< integer sign */
- size_t n; /*!< total # of limbs */
- mbedtls_mpi_uint *p; /*!< pointer to limbs */
-}
-mbedtls_mpi;
-
-/**
- * \brief Initialize one MPI (make internal references valid)
- * This just makes it ready to be set or freed,
- * but does not define a value for the MPI.
- *
- * \param X One MPI to initialize.
- */
-void mbedtls_mpi_init( mbedtls_mpi *X );
-
-/**
- * \brief Unallocate one MPI
- *
- * \param X One MPI to unallocate.
- */
-void mbedtls_mpi_free( mbedtls_mpi *X );
-
-/**
- * \brief Enlarge to the specified number of limbs
- *
- * \param X MPI to grow
- * \param nblimbs The target number of limbs
- *
- * \return 0 if successful,
- * MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed
- */
-int mbedtls_mpi_grow( mbedtls_mpi *X, size_t nblimbs );
-
-/**
- * \brief Resize down, keeping at least the specified number of limbs
- *
- * \param X MPI to shrink
- * \param nblimbs The minimum number of limbs to keep
- *
- * \return 0 if successful,
- * MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed
- */
-int mbedtls_mpi_shrink( mbedtls_mpi *X, size_t nblimbs );
-
-/**
- * \brief Copy the contents of Y into X
- *
- * \param X Destination MPI
- * \param Y Source MPI
- *
- * \return 0 if successful,
- * MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed
- */
-int mbedtls_mpi_copy( mbedtls_mpi *X, const mbedtls_mpi *Y );
-
-/**
- * \brief Swap the contents of X and Y
- *
- * \param X First MPI value
- * \param Y Second MPI value
- */
-void mbedtls_mpi_swap( mbedtls_mpi *X, mbedtls_mpi *Y );
-
-/**
- * \brief Safe conditional assignement X = Y if assign is 1
- *
- * \param X MPI to conditionally assign to
- * \param Y Value to be assigned
- * \param assign 1: perform the assignment, 0: keep X's original value
- *
- * \return 0 if successful,
- * MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed,
- *
- * \note This function is equivalent to
- * if( assign ) mbedtls_mpi_copy( X, Y );
- * except that it avoids leaking any information about whether
- * the assignment was done or not (the above code may leak
- * information through branch prediction and/or memory access
- * patterns analysis).
- */
-int mbedtls_mpi_safe_cond_assign( mbedtls_mpi *X, const mbedtls_mpi *Y, unsigned char assign );
-
-/**
- * \brief Safe conditional swap X <-> Y if swap is 1
- *
- * \param X First mbedtls_mpi value
- * \param Y Second mbedtls_mpi value
- * \param assign 1: perform the swap, 0: keep X and Y's original values
- *
- * \return 0 if successful,
- * MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed,
- *
- * \note This function is equivalent to
- * if( assign ) mbedtls_mpi_swap( X, Y );
- * except that it avoids leaking any information about whether
- * the assignment was done or not (the above code may leak
- * information through branch prediction and/or memory access
- * patterns analysis).
- */
-int mbedtls_mpi_safe_cond_swap( mbedtls_mpi *X, mbedtls_mpi *Y, unsigned char assign );
-
-/**
- * \brief Set value from integer
- *
- * \param X MPI to set
- * \param z Value to use
- *
- * \return 0 if successful,
- * MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed
- */
-int mbedtls_mpi_lset( mbedtls_mpi *X, mbedtls_mpi_sint z );
-
-/**
- * \brief Get a specific bit from X
- *
- * \param X MPI to use
- * \param pos Zero-based index of the bit in X
- *
- * \return Either a 0 or a 1
- */
-int mbedtls_mpi_get_bit( const mbedtls_mpi *X, size_t pos );
-
-/**
- * \brief Set a bit of X to a specific value of 0 or 1
- *
- * \note Will grow X if necessary to set a bit to 1 in a not yet
- * existing limb. Will not grow if bit should be set to 0
- *
- * \param X MPI to use
- * \param pos Zero-based index of the bit in X
- * \param val The value to set the bit to (0 or 1)
- *
- * \return 0 if successful,
- * MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed,
- * MBEDTLS_ERR_MPI_BAD_INPUT_DATA if val is not 0 or 1
- */
-int mbedtls_mpi_set_bit( mbedtls_mpi *X, size_t pos, unsigned char val );
-
-/**
- * \brief Return the number of zero-bits before the least significant
- * '1' bit
- *
- * Note: Thus also the zero-based index of the least significant '1' bit
- *
- * \param X MPI to use
- */
-size_t mbedtls_mpi_lsb( const mbedtls_mpi *X );
-
-/**
- * \brief Return the number of bits up to and including the most
- * significant '1' bit'
- *
- * Note: Thus also the one-based index of the most significant '1' bit
- *
- * \param X MPI to use
- */
-size_t mbedtls_mpi_bitlen( const mbedtls_mpi *X );
-
-/**
- * \brief Return the total size in bytes
- *
- * \param X MPI to use
- */
-size_t mbedtls_mpi_size( const mbedtls_mpi *X );
-
-/**
- * \brief Import from an ASCII string
- *
- * \param X Destination MPI
- * \param radix Input numeric base
- * \param s Null-terminated string buffer
- *
- * \return 0 if successful, or a MBEDTLS_ERR_MPI_XXX error code
- */
-int mbedtls_mpi_read_string( mbedtls_mpi *X, int radix, const char *s );
-
-/**
- * \brief Export into an ASCII string
- *
- * \param X Source MPI
- * \param radix Output numeric base
- * \param buf Buffer to write the string to
- * \param buflen Length of buf
- * \param olen Length of the string written, including final NUL byte
- *
- * \return 0 if successful, or a MBEDTLS_ERR_MPI_XXX error code.
- * *olen is always updated to reflect the amount
- * of data that has (or would have) been written.
- *
- * \note Call this function with buflen = 0 to obtain the
- * minimum required buffer size in *olen.
- */
-int mbedtls_mpi_write_string( const mbedtls_mpi *X, int radix,
- char *buf, size_t buflen, size_t *olen );
-
-#if defined(MBEDTLS_FS_IO)
-/**
- * \brief Read MPI from a line in an opened file
- *
- * \param X Destination MPI
- * \param radix Input numeric base
- * \param fin Input file handle
- *
- * \return 0 if successful, MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL if
- * the file read buffer is too small or a
- * MBEDTLS_ERR_MPI_XXX error code
- *
- * \note On success, this function advances the file stream
- * to the end of the current line or to EOF.
- *
- * The function returns 0 on an empty line.
- *
- * Leading whitespaces are ignored, as is a
- * '0x' prefix for radix 16.
- *
- */
-int mbedtls_mpi_read_file( mbedtls_mpi *X, int radix, FILE *fin );
-
-/**
- * \brief Write X into an opened file, or stdout if fout is NULL
- *
- * \param p Prefix, can be NULL
- * \param X Source MPI
- * \param radix Output numeric base
- * \param fout Output file handle (can be NULL)
- *
- * \return 0 if successful, or a MBEDTLS_ERR_MPI_XXX error code
- *
- * \note Set fout == NULL to print X on the console.
- */
-int mbedtls_mpi_write_file( const char *p, const mbedtls_mpi *X, int radix, FILE *fout );
-#endif /* MBEDTLS_FS_IO */
-
-/**
- * \brief Import X from unsigned binary data, big endian
- *
- * \param X Destination MPI
- * \param buf Input buffer
- * \param buflen Input buffer size
- *
- * \return 0 if successful,
- * MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed
- */
-int mbedtls_mpi_read_binary( mbedtls_mpi *X, const unsigned char *buf, size_t buflen );
-
-/**
- * \brief Export X into unsigned binary data, big endian.
- * Always fills the whole buffer, which will start with zeros
- * if the number is smaller.
- *
- * \param X Source MPI
- * \param buf Output buffer
- * \param buflen Output buffer size
- *
- * \return 0 if successful,
- * MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL if buf isn't large enough
- */
-int mbedtls_mpi_write_binary( const mbedtls_mpi *X, unsigned char *buf, size_t buflen );
-
-/**
- * \brief Left-shift: X <<= count
- *
- * \param X MPI to shift
- * \param count Amount to shift
- *
- * \return 0 if successful,
- * MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed
- */
-int mbedtls_mpi_shift_l( mbedtls_mpi *X, size_t count );
-
-/**
- * \brief Right-shift: X >>= count
- *
- * \param X MPI to shift
- * \param count Amount to shift
- *
- * \return 0 if successful,
- * MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed
- */
-int mbedtls_mpi_shift_r( mbedtls_mpi *X, size_t count );
-
-/**
- * \brief Compare unsigned values
- *
- * \param X Left-hand MPI
- * \param Y Right-hand MPI
- *
- * \return 1 if |X| is greater than |Y|,
- * -1 if |X| is lesser than |Y| or
- * 0 if |X| is equal to |Y|
- */
-int mbedtls_mpi_cmp_abs( const mbedtls_mpi *X, const mbedtls_mpi *Y );
-
-/**
- * \brief Compare signed values
- *
- * \param X Left-hand MPI
- * \param Y Right-hand MPI
- *
- * \return 1 if X is greater than Y,
- * -1 if X is lesser than Y or
- * 0 if X is equal to Y
- */
-int mbedtls_mpi_cmp_mpi( const mbedtls_mpi *X, const mbedtls_mpi *Y );
-
-/**
- * \brief Compare signed values
- *
- * \param X Left-hand MPI
- * \param z The integer value to compare to
- *
- * \return 1 if X is greater than z,
- * -1 if X is lesser than z or
- * 0 if X is equal to z
- */
-int mbedtls_mpi_cmp_int( const mbedtls_mpi *X, mbedtls_mpi_sint z );
-
-/**
- * \brief Unsigned addition: X = |A| + |B|
- *
- * \param X Destination MPI
- * \param A Left-hand MPI
- * \param B Right-hand MPI
- *
- * \return 0 if successful,
- * MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed
- */
-int mbedtls_mpi_add_abs( mbedtls_mpi *X, const mbedtls_mpi *A, const mbedtls_mpi *B );
-
-/**
- * \brief Unsigned subtraction: X = |A| - |B|
- *
- * \param X Destination MPI
- * \param A Left-hand MPI
- * \param B Right-hand MPI
- *
- * \return 0 if successful,
- * MBEDTLS_ERR_MPI_NEGATIVE_VALUE if B is greater than A
- */
-int mbedtls_mpi_sub_abs( mbedtls_mpi *X, const mbedtls_mpi *A, const mbedtls_mpi *B );
-
-/**
- * \brief Signed addition: X = A + B
- *
- * \param X Destination MPI
- * \param A Left-hand MPI
- * \param B Right-hand MPI
- *
- * \return 0 if successful,
- * MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed
- */
-int mbedtls_mpi_add_mpi( mbedtls_mpi *X, const mbedtls_mpi *A, const mbedtls_mpi *B );
-
-/**
- * \brief Signed subtraction: X = A - B
- *
- * \param X Destination MPI
- * \param A Left-hand MPI
- * \param B Right-hand MPI
- *
- * \return 0 if successful,
- * MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed
- */
-int mbedtls_mpi_sub_mpi( mbedtls_mpi *X, const mbedtls_mpi *A, const mbedtls_mpi *B );
-
-/**
- * \brief Signed addition: X = A + b
- *
- * \param X Destination MPI
- * \param A Left-hand MPI
- * \param b The integer value to add
- *
- * \return 0 if successful,
- * MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed
- */
-int mbedtls_mpi_add_int( mbedtls_mpi *X, const mbedtls_mpi *A, mbedtls_mpi_sint b );
-
-/**
- * \brief Signed subtraction: X = A - b
- *
- * \param X Destination MPI
- * \param A Left-hand MPI
- * \param b The integer value to subtract
- *
- * \return 0 if successful,
- * MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed
- */
-int mbedtls_mpi_sub_int( mbedtls_mpi *X, const mbedtls_mpi *A, mbedtls_mpi_sint b );
-
-/**
- * \brief Baseline multiplication: X = A * B
- *
- * \param X Destination MPI
- * \param A Left-hand MPI
- * \param B Right-hand MPI
- *
- * \return 0 if successful,
- * MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed
- */
-int mbedtls_mpi_mul_mpi( mbedtls_mpi *X, const mbedtls_mpi *A, const mbedtls_mpi *B );
-
-/**
- * \brief Baseline multiplication: X = A * b
- *
- * \param X Destination MPI
- * \param A Left-hand MPI
- * \param b The unsigned integer value to multiply with
- *
- * \note b is unsigned
- *
- * \return 0 if successful,
- * MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed
- */
-int mbedtls_mpi_mul_int( mbedtls_mpi *X, const mbedtls_mpi *A, mbedtls_mpi_uint b );
-
-/**
- * \brief Division by mbedtls_mpi: A = Q * B + R
- *
- * \param Q Destination MPI for the quotient
- * \param R Destination MPI for the rest value
- * \param A Left-hand MPI
- * \param B Right-hand MPI
- *
- * \return 0 if successful,
- * MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed,
- * MBEDTLS_ERR_MPI_DIVISION_BY_ZERO if B == 0
- *
- * \note Either Q or R can be NULL.
- */
-int mbedtls_mpi_div_mpi( mbedtls_mpi *Q, mbedtls_mpi *R, const mbedtls_mpi *A, const mbedtls_mpi *B );
-
-/**
- * \brief Division by int: A = Q * b + R
- *
- * \param Q Destination MPI for the quotient
- * \param R Destination MPI for the rest value
- * \param A Left-hand MPI
- * \param b Integer to divide by
- *
- * \return 0 if successful,
- * MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed,
- * MBEDTLS_ERR_MPI_DIVISION_BY_ZERO if b == 0
- *
- * \note Either Q or R can be NULL.
- */
-int mbedtls_mpi_div_int( mbedtls_mpi *Q, mbedtls_mpi *R, const mbedtls_mpi *A, mbedtls_mpi_sint b );
-
-/**
- * \brief Modulo: R = A mod B
- *
- * \param R Destination MPI for the rest value
- * \param A Left-hand MPI
- * \param B Right-hand MPI
- *
- * \return 0 if successful,
- * MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed,
- * MBEDTLS_ERR_MPI_DIVISION_BY_ZERO if B == 0,
- * MBEDTLS_ERR_MPI_NEGATIVE_VALUE if B < 0
- */
-int mbedtls_mpi_mod_mpi( mbedtls_mpi *R, const mbedtls_mpi *A, const mbedtls_mpi *B );
-
-/**
- * \brief Modulo: r = A mod b
- *
- * \param r Destination mbedtls_mpi_uint
- * \param A Left-hand MPI
- * \param b Integer to divide by
- *
- * \return 0 if successful,
- * MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed,
- * MBEDTLS_ERR_MPI_DIVISION_BY_ZERO if b == 0,
- * MBEDTLS_ERR_MPI_NEGATIVE_VALUE if b < 0
- */
-int mbedtls_mpi_mod_int( mbedtls_mpi_uint *r, const mbedtls_mpi *A, mbedtls_mpi_sint b );
-
-/**
- * \brief Sliding-window exponentiation: X = A^E mod N
- *
- * \param X Destination MPI
- * \param A Left-hand MPI
- * \param E Exponent MPI
- * \param N Modular MPI
- * \param _RR Speed-up MPI used for recalculations
- *
- * \return 0 if successful,
- * MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed,
- * MBEDTLS_ERR_MPI_BAD_INPUT_DATA if N is negative or even or
- * if E is negative
- *
- * \note _RR is used to avoid re-computing R*R mod N across
- * multiple calls, which speeds up things a bit. It can
- * be set to NULL if the extra performance is unneeded.
- */
-int mbedtls_mpi_exp_mod( mbedtls_mpi *X, const mbedtls_mpi *A, const mbedtls_mpi *E, const mbedtls_mpi *N, mbedtls_mpi *_RR );
-
-/**
- * \brief Fill an MPI X with size bytes of random
- *
- * \param X Destination MPI
- * \param size Size in bytes
- * \param f_rng RNG function
- * \param p_rng RNG parameter
- *
- * \return 0 if successful,
- * MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed
- */
-int mbedtls_mpi_fill_random( mbedtls_mpi *X, size_t size,
- int (*f_rng)(void *, unsigned char *, size_t),
- void *p_rng );
-
-/**
- * \brief Greatest common divisor: G = gcd(A, B)
- *
- * \param G Destination MPI
- * \param A Left-hand MPI
- * \param B Right-hand MPI
- *
- * \return 0 if successful,
- * MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed
- */
-int mbedtls_mpi_gcd( mbedtls_mpi *G, const mbedtls_mpi *A, const mbedtls_mpi *B );
-
-/**
- * \brief Modular inverse: X = A^-1 mod N
- *
- * \param X Destination MPI
- * \param A Left-hand MPI
- * \param N Right-hand MPI
- *
- * \return 0 if successful,
- * MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed,
- * MBEDTLS_ERR_MPI_BAD_INPUT_DATA if N is <= 1,
- MBEDTLS_ERR_MPI_NOT_ACCEPTABLE if A has no inverse mod N.
- */
-int mbedtls_mpi_inv_mod( mbedtls_mpi *X, const mbedtls_mpi *A, const mbedtls_mpi *N );
-
-/**
- * \brief Miller-Rabin primality test
- *
- * \param X MPI to check
- * \param f_rng RNG function
- * \param p_rng RNG parameter
- *
- * \return 0 if successful (probably prime),
- * MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed,
- * MBEDTLS_ERR_MPI_NOT_ACCEPTABLE if X is not prime
- */
-int mbedtls_mpi_is_prime( const mbedtls_mpi *X,
- int (*f_rng)(void *, unsigned char *, size_t),
- void *p_rng );
-
-/**
- * \brief Prime number generation
- *
- * \param X Destination MPI
- * \param nbits Required size of X in bits
- * ( 3 <= nbits <= MBEDTLS_MPI_MAX_BITS )
- * \param dh_flag If 1, then (X-1)/2 will be prime too
- * \param f_rng RNG function
- * \param p_rng RNG parameter
- *
- * \return 0 if successful (probably prime),
- * MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed,
- * MBEDTLS_ERR_MPI_BAD_INPUT_DATA if nbits is < 3
- */
-int mbedtls_mpi_gen_prime( mbedtls_mpi *X, size_t nbits, int dh_flag,
- int (*f_rng)(void *, unsigned char *, size_t),
- void *p_rng );
-
-/**
- * \brief Checkup routine
- *
- * \return 0 if successful, or 1 if the test failed
- */
-int mbedtls_mpi_self_test( int verbose );
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* bignum.h */
diff --git a/backport/compat/verification/mbedtls/bn_mul.h b/backport/compat/verification/mbedtls/bn_mul.h
deleted file mode 100644
index 5f59ec64..00000000
--- a/backport/compat/verification/mbedtls/bn_mul.h
+++ /dev/null
@@ -1,887 +0,0 @@
-/**
- * \file bn_mul.h
- *
- * \brief Multi-precision integer library
- *
- * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
- * SPDX-License-Identifier: GPL-2.0
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License along
- * with this program; if not, write to the Free Software Foundation, Inc.,
- * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
- *
- * This file is part of mbed TLS (https://tls.mbed.org)
- */
-/*
- * Multiply source vector [s] with b, add result
- * to destination vector [d] and set carry c.
- *
- * Currently supports:
- *
- * . IA-32 (386+) . AMD64 / EM64T
- * . IA-32 (SSE2) . Motorola 68000
- * . PowerPC, 32-bit . MicroBlaze
- * . PowerPC, 64-bit . TriCore
- * . SPARC v8 . ARM v3+
- * . Alpha . MIPS32
- * . C, longlong . C, generic
- */
-#ifndef MBEDTLS_BN_MUL_H
-#define MBEDTLS_BN_MUL_H
-
-#include "bignum.h"
-
-#if defined(MBEDTLS_HAVE_ASM)
-
-#ifndef asm
-#define asm __asm
-#endif
-
-/* armcc5 --gnu defines __GNUC__ but doesn't support GNU's extended asm */
-#if defined(__GNUC__) && \
- ( !defined(__ARMCC_VERSION) || __ARMCC_VERSION >= 6000000 )
-#if defined(__i386__)
-
-#define MULADDC_INIT \
- asm( \
- "movl %%ebx, %0 \n\t" \
- "movl %5, %%esi \n\t" \
- "movl %6, %%edi \n\t" \
- "movl %7, %%ecx \n\t" \
- "movl %8, %%ebx \n\t"
-
-#define MULADDC_CORE \
- "lodsl \n\t" \
- "mull %%ebx \n\t" \
- "addl %%ecx, %%eax \n\t" \
- "adcl $0, %%edx \n\t" \
- "addl (%%edi), %%eax \n\t" \
- "adcl $0, %%edx \n\t" \
- "movl %%edx, %%ecx \n\t" \
- "stosl \n\t"
-
-#if defined(MBEDTLS_HAVE_SSE2)
-
-#define MULADDC_HUIT \
- "movd %%ecx, %%mm1 \n\t" \
- "movd %%ebx, %%mm0 \n\t" \
- "movd (%%edi), %%mm3 \n\t" \
- "paddq %%mm3, %%mm1 \n\t" \
- "movd (%%esi), %%mm2 \n\t" \
- "pmuludq %%mm0, %%mm2 \n\t" \
- "movd 4(%%esi), %%mm4 \n\t" \
- "pmuludq %%mm0, %%mm4 \n\t" \
- "movd 8(%%esi), %%mm6 \n\t" \
- "pmuludq %%mm0, %%mm6 \n\t" \
- "movd 12(%%esi), %%mm7 \n\t" \
- "pmuludq %%mm0, %%mm7 \n\t" \
- "paddq %%mm2, %%mm1 \n\t" \
- "movd 4(%%edi), %%mm3 \n\t" \
- "paddq %%mm4, %%mm3 \n\t" \
- "movd 8(%%edi), %%mm5 \n\t" \
- "paddq %%mm6, %%mm5 \n\t" \
- "movd 12(%%edi), %%mm4 \n\t" \
- "paddq %%mm4, %%mm7 \n\t" \
- "movd %%mm1, (%%edi) \n\t" \
- "movd 16(%%esi), %%mm2 \n\t" \
- "pmuludq %%mm0, %%mm2 \n\t" \
- "psrlq $32, %%mm1 \n\t" \
- "movd 20(%%esi), %%mm4 \n\t" \
- "pmuludq %%mm0, %%mm4 \n\t" \
- "paddq %%mm3, %%mm1 \n\t" \
- "movd 24(%%esi), %%mm6 \n\t" \
- "pmuludq %%mm0, %%mm6 \n\t" \
- "movd %%mm1, 4(%%edi) \n\t" \
- "psrlq $32, %%mm1 \n\t" \
- "movd 28(%%esi), %%mm3 \n\t" \
- "pmuludq %%mm0, %%mm3 \n\t" \
- "paddq %%mm5, %%mm1 \n\t" \
- "movd 16(%%edi), %%mm5 \n\t" \
- "paddq %%mm5, %%mm2 \n\t" \
- "movd %%mm1, 8(%%edi) \n\t" \
- "psrlq $32, %%mm1 \n\t" \
- "paddq %%mm7, %%mm1 \n\t" \
- "movd 20(%%edi), %%mm5 \n\t" \
- "paddq %%mm5, %%mm4 \n\t" \
- "movd %%mm1, 12(%%edi) \n\t" \
- "psrlq $32, %%mm1 \n\t" \
- "paddq %%mm2, %%mm1 \n\t" \
- "movd 24(%%edi), %%mm5 \n\t" \
- "paddq %%mm5, %%mm6 \n\t" \
- "movd %%mm1, 16(%%edi) \n\t" \
- "psrlq $32, %%mm1 \n\t" \
- "paddq %%mm4, %%mm1 \n\t" \
- "movd 28(%%edi), %%mm5 \n\t" \
- "paddq %%mm5, %%mm3 \n\t" \
- "movd %%mm1, 20(%%edi) \n\t" \
- "psrlq $32, %%mm1 \n\t" \
- "paddq %%mm6, %%mm1 \n\t" \
- "movd %%mm1, 24(%%edi) \n\t" \
- "psrlq $32, %%mm1 \n\t" \
- "paddq %%mm3, %%mm1 \n\t" \
- "movd %%mm1, 28(%%edi) \n\t" \
- "addl $32, %%edi \n\t" \
- "addl $32, %%esi \n\t" \
- "psrlq $32, %%mm1 \n\t" \
- "movd %%mm1, %%ecx \n\t"
-
-#define MULADDC_STOP \
- "emms \n\t" \
- "movl %4, %%ebx \n\t" \
- "movl %%ecx, %1 \n\t" \
- "movl %%edi, %2 \n\t" \
- "movl %%esi, %3 \n\t" \
- : "=m" (t), "=m" (c), "=m" (d), "=m" (s) \
- : "m" (t), "m" (s), "m" (d), "m" (c), "m" (b) \
- : "eax", "ecx", "edx", "esi", "edi" \
- );
-
-#else
-
-#define MULADDC_STOP \
- "movl %4, %%ebx \n\t" \
- "movl %%ecx, %1 \n\t" \
- "movl %%edi, %2 \n\t" \
- "movl %%esi, %3 \n\t" \
- : "=m" (t), "=m" (c), "=m" (d), "=m" (s) \
- : "m" (t), "m" (s), "m" (d), "m" (c), "m" (b) \
- : "eax", "ecx", "edx", "esi", "edi" \
- );
-#endif /* SSE2 */
-#endif /* i386 */
-
-#if defined(__amd64__) || defined (__x86_64__)
-
-#define MULADDC_INIT \
- asm( \
- "xorq %%r8, %%r8 \n\t"
-
-#define MULADDC_CORE \
- "movq (%%rsi), %%rax \n\t" \
- "mulq %%rbx \n\t" \
- "addq $8, %%rsi \n\t" \
- "addq %%rcx, %%rax \n\t" \
- "movq %%r8, %%rcx \n\t" \
- "adcq $0, %%rdx \n\t" \
- "nop \n\t" \
- "addq %%rax, (%%rdi) \n\t" \
- "adcq %%rdx, %%rcx \n\t" \
- "addq $8, %%rdi \n\t"
-
-#define MULADDC_STOP \
- : "+c" (c), "+D" (d), "+S" (s) \
- : "b" (b) \
- : "rax", "rdx", "r8" \
- );
-
-#endif /* AMD64 */
-
-#if defined(__mc68020__) || defined(__mcpu32__)
-
-#define MULADDC_INIT \
- asm( \
- "movl %3, %%a2 \n\t" \
- "movl %4, %%a3 \n\t" \
- "movl %5, %%d3 \n\t" \
- "movl %6, %%d2 \n\t" \
- "moveq #0, %%d0 \n\t"
-
-#define MULADDC_CORE \
- "movel %%a2@+, %%d1 \n\t" \
- "mulul %%d2, %%d4:%%d1 \n\t" \
- "addl %%d3, %%d1 \n\t" \
- "addxl %%d0, %%d4 \n\t" \
- "moveq #0, %%d3 \n\t" \
- "addl %%d1, %%a3@+ \n\t" \
- "addxl %%d4, %%d3 \n\t"
-
-#define MULADDC_STOP \
- "movl %%d3, %0 \n\t" \
- "movl %%a3, %1 \n\t" \
- "movl %%a2, %2 \n\t" \
- : "=m" (c), "=m" (d), "=m" (s) \
- : "m" (s), "m" (d), "m" (c), "m" (b) \
- : "d0", "d1", "d2", "d3", "d4", "a2", "a3" \
- );
-
-#define MULADDC_HUIT \
- "movel %%a2@+, %%d1 \n\t" \
- "mulul %%d2, %%d4:%%d1 \n\t" \
- "addxl %%d3, %%d1 \n\t" \
- "addxl %%d0, %%d4 \n\t" \
- "addl %%d1, %%a3@+ \n\t" \
- "movel %%a2@+, %%d1 \n\t" \
- "mulul %%d2, %%d3:%%d1 \n\t" \
- "addxl %%d4, %%d1 \n\t" \
- "addxl %%d0, %%d3 \n\t" \
- "addl %%d1, %%a3@+ \n\t" \
- "movel %%a2@+, %%d1 \n\t" \
- "mulul %%d2, %%d4:%%d1 \n\t" \
- "addxl %%d3, %%d1 \n\t" \
- "addxl %%d0, %%d4 \n\t" \
- "addl %%d1, %%a3@+ \n\t" \
- "movel %%a2@+, %%d1 \n\t" \
- "mulul %%d2, %%d3:%%d1 \n\t" \
- "addxl %%d4, %%d1 \n\t" \
- "addxl %%d0, %%d3 \n\t" \
- "addl %%d1, %%a3@+ \n\t" \
- "movel %%a2@+, %%d1 \n\t" \
- "mulul %%d2, %%d4:%%d1 \n\t" \
- "addxl %%d3, %%d1 \n\t" \
- "addxl %%d0, %%d4 \n\t" \
- "addl %%d1, %%a3@+ \n\t" \
- "movel %%a2@+, %%d1 \n\t" \
- "mulul %%d2, %%d3:%%d1 \n\t" \
- "addxl %%d4, %%d1 \n\t" \
- "addxl %%d0, %%d3 \n\t" \
- "addl %%d1, %%a3@+ \n\t" \
- "movel %%a2@+, %%d1 \n\t" \
- "mulul %%d2, %%d4:%%d1 \n\t" \
- "addxl %%d3, %%d1 \n\t" \
- "addxl %%d0, %%d4 \n\t" \
- "addl %%d1, %%a3@+ \n\t" \
- "movel %%a2@+, %%d1 \n\t" \
- "mulul %%d2, %%d3:%%d1 \n\t" \
- "addxl %%d4, %%d1 \n\t" \
- "addxl %%d0, %%d3 \n\t" \
- "addl %%d1, %%a3@+ \n\t" \
- "addxl %%d0, %%d3 \n\t"
-
-#endif /* MC68000 */
-
-#if defined(__powerpc64__) || defined(__ppc64__)
-
-#if defined(__MACH__) && defined(__APPLE__)
-
-#define MULADDC_INIT \
- asm( \
- "ld r3, %3 \n\t" \
- "ld r4, %4 \n\t" \
- "ld r5, %5 \n\t" \
- "ld r6, %6 \n\t" \
- "addi r3, r3, -8 \n\t" \
- "addi r4, r4, -8 \n\t" \
- "addic r5, r5, 0 \n\t"
-
-#define MULADDC_CORE \
- "ldu r7, 8(r3) \n\t" \
- "mulld r8, r7, r6 \n\t" \
- "mulhdu r9, r7, r6 \n\t" \
- "adde r8, r8, r5 \n\t" \
- "ld r7, 8(r4) \n\t" \
- "addze r5, r9 \n\t" \
- "addc r8, r8, r7 \n\t" \
- "stdu r8, 8(r4) \n\t"
-
-#define MULADDC_STOP \
- "addze r5, r5 \n\t" \
- "addi r4, r4, 8 \n\t" \
- "addi r3, r3, 8 \n\t" \
- "std r5, %0 \n\t" \
- "std r4, %1 \n\t" \
- "std r3, %2 \n\t" \
- : "=m" (c), "=m" (d), "=m" (s) \
- : "m" (s), "m" (d), "m" (c), "m" (b) \
- : "r3", "r4", "r5", "r6", "r7", "r8", "r9" \
- );
-
-
-#else /* __MACH__ && __APPLE__ */
-
-#define MULADDC_INIT \
- asm( \
- "ld %%r3, %3 \n\t" \
- "ld %%r4, %4 \n\t" \
- "ld %%r5, %5 \n\t" \
- "ld %%r6, %6 \n\t" \
- "addi %%r3, %%r3, -8 \n\t" \
- "addi %%r4, %%r4, -8 \n\t" \
- "addic %%r5, %%r5, 0 \n\t"
-
-#define MULADDC_CORE \
- "ldu %%r7, 8(%%r3) \n\t" \
- "mulld %%r8, %%r7, %%r6 \n\t" \
- "mulhdu %%r9, %%r7, %%r6 \n\t" \
- "adde %%r8, %%r8, %%r5 \n\t" \
- "ld %%r7, 8(%%r4) \n\t" \
- "addze %%r5, %%r9 \n\t" \
- "addc %%r8, %%r8, %%r7 \n\t" \
- "stdu %%r8, 8(%%r4) \n\t"
-
-#define MULADDC_STOP \
- "addze %%r5, %%r5 \n\t" \
- "addi %%r4, %%r4, 8 \n\t" \
- "addi %%r3, %%r3, 8 \n\t" \
- "std %%r5, %0 \n\t" \
- "std %%r4, %1 \n\t" \
- "std %%r3, %2 \n\t" \
- : "=m" (c), "=m" (d), "=m" (s) \
- : "m" (s), "m" (d), "m" (c), "m" (b) \
- : "r3", "r4", "r5", "r6", "r7", "r8", "r9" \
- );
-
-#endif /* __MACH__ && __APPLE__ */
-
-#elif defined(__powerpc__) || defined(__ppc__) /* end PPC64/begin PPC32 */
-
-#if defined(__MACH__) && defined(__APPLE__)
-
-#define MULADDC_INIT \
- asm( \
- "lwz r3, %3 \n\t" \
- "lwz r4, %4 \n\t" \
- "lwz r5, %5 \n\t" \
- "lwz r6, %6 \n\t" \
- "addi r3, r3, -4 \n\t" \
- "addi r4, r4, -4 \n\t" \
- "addic r5, r5, 0 \n\t"
-
-#define MULADDC_CORE \
- "lwzu r7, 4(r3) \n\t" \
- "mullw r8, r7, r6 \n\t" \
- "mulhwu r9, r7, r6 \n\t" \
- "adde r8, r8, r5 \n\t" \
- "lwz r7, 4(r4) \n\t" \
- "addze r5, r9 \n\t" \
- "addc r8, r8, r7 \n\t" \
- "stwu r8, 4(r4) \n\t"
-
-#define MULADDC_STOP \
- "addze r5, r5 \n\t" \
- "addi r4, r4, 4 \n\t" \
- "addi r3, r3, 4 \n\t" \
- "stw r5, %0 \n\t" \
- "stw r4, %1 \n\t" \
- "stw r3, %2 \n\t" \
- : "=m" (c), "=m" (d), "=m" (s) \
- : "m" (s), "m" (d), "m" (c), "m" (b) \
- : "r3", "r4", "r5", "r6", "r7", "r8", "r9" \
- );
-
-#else /* __MACH__ && __APPLE__ */
-
-#define MULADDC_INIT \
- asm( \
- "lwz %%r3, %3 \n\t" \
- "lwz %%r4, %4 \n\t" \
- "lwz %%r5, %5 \n\t" \
- "lwz %%r6, %6 \n\t" \
- "addi %%r3, %%r3, -4 \n\t" \
- "addi %%r4, %%r4, -4 \n\t" \
- "addic %%r5, %%r5, 0 \n\t"
-
-#define MULADDC_CORE \
- "lwzu %%r7, 4(%%r3) \n\t" \
- "mullw %%r8, %%r7, %%r6 \n\t" \
- "mulhwu %%r9, %%r7, %%r6 \n\t" \
- "adde %%r8, %%r8, %%r5 \n\t" \
- "lwz %%r7, 4(%%r4) \n\t" \
- "addze %%r5, %%r9 \n\t" \
- "addc %%r8, %%r8, %%r7 \n\t" \
- "stwu %%r8, 4(%%r4) \n\t"
-
-#define MULADDC_STOP \
- "addze %%r5, %%r5 \n\t" \
- "addi %%r4, %%r4, 4 \n\t" \
- "addi %%r3, %%r3, 4 \n\t" \
- "stw %%r5, %0 \n\t" \
- "stw %%r4, %1 \n\t" \
- "stw %%r3, %2 \n\t" \
- : "=m" (c), "=m" (d), "=m" (s) \
- : "m" (s), "m" (d), "m" (c), "m" (b) \
- : "r3", "r4", "r5", "r6", "r7", "r8", "r9" \
- );
-
-#endif /* __MACH__ && __APPLE__ */
-
-#endif /* PPC32 */
-
-/*
- * The Sparc(64) assembly is reported to be broken.
- * Disable it for now, until we're able to fix it.
- */
-#if 0 && defined(__sparc__)
-#if defined(__sparc64__)
-
-#define MULADDC_INIT \
- asm( \
- "ldx %3, %%o0 \n\t" \
- "ldx %4, %%o1 \n\t" \
- "ld %5, %%o2 \n\t" \
- "ld %6, %%o3 \n\t"
-
-#define MULADDC_CORE \
- "ld [%%o0], %%o4 \n\t" \
- "inc 4, %%o0 \n\t" \
- "ld [%%o1], %%o5 \n\t" \
- "umul %%o3, %%o4, %%o4 \n\t" \
- "addcc %%o4, %%o2, %%o4 \n\t" \
- "rd %%y, %%g1 \n\t" \
- "addx %%g1, 0, %%g1 \n\t" \
- "addcc %%o4, %%o5, %%o4 \n\t" \
- "st %%o4, [%%o1] \n\t" \
- "addx %%g1, 0, %%o2 \n\t" \
- "inc 4, %%o1 \n\t"
-
- #define MULADDC_STOP \
- "st %%o2, %0 \n\t" \
- "stx %%o1, %1 \n\t" \
- "stx %%o0, %2 \n\t" \
- : "=m" (c), "=m" (d), "=m" (s) \
- : "m" (s), "m" (d), "m" (c), "m" (b) \
- : "g1", "o0", "o1", "o2", "o3", "o4", \
- "o5" \
- );
-
-#else /* __sparc64__ */
-
-#define MULADDC_INIT \
- asm( \
- "ld %3, %%o0 \n\t" \
- "ld %4, %%o1 \n\t" \
- "ld %5, %%o2 \n\t" \
- "ld %6, %%o3 \n\t"
-
-#define MULADDC_CORE \
- "ld [%%o0], %%o4 \n\t" \
- "inc 4, %%o0 \n\t" \
- "ld [%%o1], %%o5 \n\t" \
- "umul %%o3, %%o4, %%o4 \n\t" \
- "addcc %%o4, %%o2, %%o4 \n\t" \
- "rd %%y, %%g1 \n\t" \
- "addx %%g1, 0, %%g1 \n\t" \
- "addcc %%o4, %%o5, %%o4 \n\t" \
- "st %%o4, [%%o1] \n\t" \
- "addx %%g1, 0, %%o2 \n\t" \
- "inc 4, %%o1 \n\t"
-
-#define MULADDC_STOP \
- "st %%o2, %0 \n\t" \
- "st %%o1, %1 \n\t" \
- "st %%o0, %2 \n\t" \
- : "=m" (c), "=m" (d), "=m" (s) \
- : "m" (s), "m" (d), "m" (c), "m" (b) \
- : "g1", "o0", "o1", "o2", "o3", "o4", \
- "o5" \
- );
-
-#endif /* __sparc64__ */
-#endif /* __sparc__ */
-
-#if defined(__microblaze__) || defined(microblaze)
-
-#define MULADDC_INIT \
- asm( \
- "lwi r3, %3 \n\t" \
- "lwi r4, %4 \n\t" \
- "lwi r5, %5 \n\t" \
- "lwi r6, %6 \n\t" \
- "andi r7, r6, 0xffff \n\t" \
- "bsrli r6, r6, 16 \n\t"
-
-#define MULADDC_CORE \
- "lhui r8, r3, 0 \n\t" \
- "addi r3, r3, 2 \n\t" \
- "lhui r9, r3, 0 \n\t" \
- "addi r3, r3, 2 \n\t" \
- "mul r10, r9, r6 \n\t" \
- "mul r11, r8, r7 \n\t" \
- "mul r12, r9, r7 \n\t" \
- "mul r13, r8, r6 \n\t" \
- "bsrli r8, r10, 16 \n\t" \
- "bsrli r9, r11, 16 \n\t" \
- "add r13, r13, r8 \n\t" \
- "add r13, r13, r9 \n\t" \
- "bslli r10, r10, 16 \n\t" \
- "bslli r11, r11, 16 \n\t" \
- "add r12, r12, r10 \n\t" \
- "addc r13, r13, r0 \n\t" \
- "add r12, r12, r11 \n\t" \
- "addc r13, r13, r0 \n\t" \
- "lwi r10, r4, 0 \n\t" \
- "add r12, r12, r10 \n\t" \
- "addc r13, r13, r0 \n\t" \
- "add r12, r12, r5 \n\t" \
- "addc r5, r13, r0 \n\t" \
- "swi r12, r4, 0 \n\t" \
- "addi r4, r4, 4 \n\t"
-
-#define MULADDC_STOP \
- "swi r5, %0 \n\t" \
- "swi r4, %1 \n\t" \
- "swi r3, %2 \n\t" \
- : "=m" (c), "=m" (d), "=m" (s) \
- : "m" (s), "m" (d), "m" (c), "m" (b) \
- : "r3", "r4" "r5", "r6", "r7", "r8", \
- "r9", "r10", "r11", "r12", "r13" \
- );
-
-#endif /* MicroBlaze */
-
-#if defined(__tricore__)
-
-#define MULADDC_INIT \
- asm( \
- "ld.a %%a2, %3 \n\t" \
- "ld.a %%a3, %4 \n\t" \
- "ld.w %%d4, %5 \n\t" \
- "ld.w %%d1, %6 \n\t" \
- "xor %%d5, %%d5 \n\t"
-
-#define MULADDC_CORE \
- "ld.w %%d0, [%%a2+] \n\t" \
- "madd.u %%e2, %%e4, %%d0, %%d1 \n\t" \
- "ld.w %%d0, [%%a3] \n\t" \
- "addx %%d2, %%d2, %%d0 \n\t" \
- "addc %%d3, %%d3, 0 \n\t" \
- "mov %%d4, %%d3 \n\t" \
- "st.w [%%a3+], %%d2 \n\t"
-
-#define MULADDC_STOP \
- "st.w %0, %%d4 \n\t" \
- "st.a %1, %%a3 \n\t" \
- "st.a %2, %%a2 \n\t" \
- : "=m" (c), "=m" (d), "=m" (s) \
- : "m" (s), "m" (d), "m" (c), "m" (b) \
- : "d0", "d1", "e2", "d4", "a2", "a3" \
- );
-
-#endif /* TriCore */
-
-/*
- * gcc -O0 by default uses r7 for the frame pointer, so it complains about our
- * use of r7 below, unless -fomit-frame-pointer is passed. Unfortunately,
- * passing that option is not easy when building with yotta.
- *
- * On the other hand, -fomit-frame-pointer is implied by any -Ox options with
- * x !=0, which we can detect using __OPTIMIZE__ (which is also defined by
- * clang and armcc5 under the same conditions).
- *
- * So, only use the optimized assembly below for optimized build, which avoids
- * the build error and is pretty reasonable anyway.
- */
-#if defined(__GNUC__) && !defined(__OPTIMIZE__)
-#define MULADDC_CANNOT_USE_R7
-#endif
-
-#if defined(__arm__) && !defined(MULADDC_CANNOT_USE_R7)
-
-#if defined(__thumb__) && !defined(__thumb2__)
-
-#define MULADDC_INIT \
- asm( \
- "ldr r0, %3 \n\t" \
- "ldr r1, %4 \n\t" \
- "ldr r2, %5 \n\t" \
- "ldr r3, %6 \n\t" \
- "lsr r7, r3, #16 \n\t" \
- "mov r9, r7 \n\t" \
- "lsl r7, r3, #16 \n\t" \
- "lsr r7, r7, #16 \n\t" \
- "mov r8, r7 \n\t"
-
-#define MULADDC_CORE \
- "ldmia r0!, {r6} \n\t" \
- "lsr r7, r6, #16 \n\t" \
- "lsl r6, r6, #16 \n\t" \
- "lsr r6, r6, #16 \n\t" \
- "mov r4, r8 \n\t" \
- "mul r4, r6 \n\t" \
- "mov r3, r9 \n\t" \
- "mul r6, r3 \n\t" \
- "mov r5, r9 \n\t" \
- "mul r5, r7 \n\t" \
- "mov r3, r8 \n\t" \
- "mul r7, r3 \n\t" \
- "lsr r3, r6, #16 \n\t" \
- "add r5, r5, r3 \n\t" \
- "lsr r3, r7, #16 \n\t" \
- "add r5, r5, r3 \n\t" \
- "add r4, r4, r2 \n\t" \
- "mov r2, #0 \n\t" \
- "adc r5, r2 \n\t" \
- "lsl r3, r6, #16 \n\t" \
- "add r4, r4, r3 \n\t" \
- "adc r5, r2 \n\t" \
- "lsl r3, r7, #16 \n\t" \
- "add r4, r4, r3 \n\t" \
- "adc r5, r2 \n\t" \
- "ldr r3, [r1] \n\t" \
- "add r4, r4, r3 \n\t" \
- "adc r2, r5 \n\t" \
- "stmia r1!, {r4} \n\t"
-
-#define MULADDC_STOP \
- "str r2, %0 \n\t" \
- "str r1, %1 \n\t" \
- "str r0, %2 \n\t" \
- : "=m" (c), "=m" (d), "=m" (s) \
- : "m" (s), "m" (d), "m" (c), "m" (b) \
- : "r0", "r1", "r2", "r3", "r4", "r5", \
- "r6", "r7", "r8", "r9", "cc" \
- );
-
-#else
-
-#define MULADDC_INIT \
- asm( \
- "ldr r0, %3 \n\t" \
- "ldr r1, %4 \n\t" \
- "ldr r2, %5 \n\t" \
- "ldr r3, %6 \n\t"
-
-#define MULADDC_CORE \
- "ldr r4, [r0], #4 \n\t" \
- "mov r5, #0 \n\t" \
- "ldr r6, [r1] \n\t" \
- "umlal r2, r5, r3, r4 \n\t" \
- "adds r7, r6, r2 \n\t" \
- "adc r2, r5, #0 \n\t" \
- "str r7, [r1], #4 \n\t"
-
-#define MULADDC_STOP \
- "str r2, %0 \n\t" \
- "str r1, %1 \n\t" \
- "str r0, %2 \n\t" \
- : "=m" (c), "=m" (d), "=m" (s) \
- : "m" (s), "m" (d), "m" (c), "m" (b) \
- : "r0", "r1", "r2", "r3", "r4", "r5", \
- "r6", "r7", "cc" \
- );
-
-#endif /* Thumb */
-
-#endif /* ARMv3 */
-
-#if defined(__alpha__)
-
-#define MULADDC_INIT \
- asm( \
- "ldq $1, %3 \n\t" \
- "ldq $2, %4 \n\t" \
- "ldq $3, %5 \n\t" \
- "ldq $4, %6 \n\t"
-
-#define MULADDC_CORE \
- "ldq $6, 0($1) \n\t" \
- "addq $1, 8, $1 \n\t" \
- "mulq $6, $4, $7 \n\t" \
- "umulh $6, $4, $6 \n\t" \
- "addq $7, $3, $7 \n\t" \
- "cmpult $7, $3, $3 \n\t" \
- "ldq $5, 0($2) \n\t" \
- "addq $7, $5, $7 \n\t" \
- "cmpult $7, $5, $5 \n\t" \
- "stq $7, 0($2) \n\t" \
- "addq $2, 8, $2 \n\t" \
- "addq $6, $3, $3 \n\t" \
- "addq $5, $3, $3 \n\t"
-
-#define MULADDC_STOP \
- "stq $3, %0 \n\t" \
- "stq $2, %1 \n\t" \
- "stq $1, %2 \n\t" \
- : "=m" (c), "=m" (d), "=m" (s) \
- : "m" (s), "m" (d), "m" (c), "m" (b) \
- : "$1", "$2", "$3", "$4", "$5", "$6", "$7" \
- );
-#endif /* Alpha */
-
-#if defined(__mips__) && !defined(__mips64)
-
-#define MULADDC_INIT \
- asm( \
- "lw $10, %3 \n\t" \
- "lw $11, %4 \n\t" \
- "lw $12, %5 \n\t" \
- "lw $13, %6 \n\t"
-
-#define MULADDC_CORE \
- "lw $14, 0($10) \n\t" \
- "multu $13, $14 \n\t" \
- "addi $10, $10, 4 \n\t" \
- "mflo $14 \n\t" \
- "mfhi $9 \n\t" \
- "addu $14, $12, $14 \n\t" \
- "lw $15, 0($11) \n\t" \
- "sltu $12, $14, $12 \n\t" \
- "addu $15, $14, $15 \n\t" \
- "sltu $14, $15, $14 \n\t" \
- "addu $12, $12, $9 \n\t" \
- "sw $15, 0($11) \n\t" \
- "addu $12, $12, $14 \n\t" \
- "addi $11, $11, 4 \n\t"
-
-#define MULADDC_STOP \
- "sw $12, %0 \n\t" \
- "sw $11, %1 \n\t" \
- "sw $10, %2 \n\t" \
- : "=m" (c), "=m" (d), "=m" (s) \
- : "m" (s), "m" (d), "m" (c), "m" (b) \
- : "$9", "$10", "$11", "$12", "$13", "$14", "$15" \
- );
-
-#endif /* MIPS */
-#endif /* GNUC */
-
-#if (defined(_MSC_VER) && defined(_M_IX86)) || defined(__WATCOMC__)
-
-#define MULADDC_INIT \
- __asm mov esi, s \
- __asm mov edi, d \
- __asm mov ecx, c \
- __asm mov ebx, b
-
-#define MULADDC_CORE \
- __asm lodsd \
- __asm mul ebx \
- __asm add eax, ecx \
- __asm adc edx, 0 \
- __asm add eax, [edi] \
- __asm adc edx, 0 \
- __asm mov ecx, edx \
- __asm stosd
-
-#if defined(MBEDTLS_HAVE_SSE2)
-
-#define EMIT __asm _emit
-
-#define MULADDC_HUIT \
- EMIT 0x0F EMIT 0x6E EMIT 0xC9 \
- EMIT 0x0F EMIT 0x6E EMIT 0xC3 \
- EMIT 0x0F EMIT 0x6E EMIT 0x1F \
- EMIT 0x0F EMIT 0xD4 EMIT 0xCB \
- EMIT 0x0F EMIT 0x6E EMIT 0x16 \
- EMIT 0x0F EMIT 0xF4 EMIT 0xD0 \
- EMIT 0x0F EMIT 0x6E EMIT 0x66 EMIT 0x04 \
- EMIT 0x0F EMIT 0xF4 EMIT 0xE0 \
- EMIT 0x0F EMIT 0x6E EMIT 0x76 EMIT 0x08 \
- EMIT 0x0F EMIT 0xF4 EMIT 0xF0 \
- EMIT 0x0F EMIT 0x6E EMIT 0x7E EMIT 0x0C \
- EMIT 0x0F EMIT 0xF4 EMIT 0xF8 \
- EMIT 0x0F EMIT 0xD4 EMIT 0xCA \
- EMIT 0x0F EMIT 0x6E EMIT 0x5F EMIT 0x04 \
- EMIT 0x0F EMIT 0xD4 EMIT 0xDC \
- EMIT 0x0F EMIT 0x6E EMIT 0x6F EMIT 0x08 \
- EMIT 0x0F EMIT 0xD4 EMIT 0xEE \
- EMIT 0x0F EMIT 0x6E EMIT 0x67 EMIT 0x0C \
- EMIT 0x0F EMIT 0xD4 EMIT 0xFC \
- EMIT 0x0F EMIT 0x7E EMIT 0x0F \
- EMIT 0x0F EMIT 0x6E EMIT 0x56 EMIT 0x10 \
- EMIT 0x0F EMIT 0xF4 EMIT 0xD0 \
- EMIT 0x0F EMIT 0x73 EMIT 0xD1 EMIT 0x20 \
- EMIT 0x0F EMIT 0x6E EMIT 0x66 EMIT 0x14 \
- EMIT 0x0F EMIT 0xF4 EMIT 0xE0 \
- EMIT 0x0F EMIT 0xD4 EMIT 0xCB \
- EMIT 0x0F EMIT 0x6E EMIT 0x76 EMIT 0x18 \
- EMIT 0x0F EMIT 0xF4 EMIT 0xF0 \
- EMIT 0x0F EMIT 0x7E EMIT 0x4F EMIT 0x04 \
- EMIT 0x0F EMIT 0x73 EMIT 0xD1 EMIT 0x20 \
- EMIT 0x0F EMIT 0x6E EMIT 0x5E EMIT 0x1C \
- EMIT 0x0F EMIT 0xF4 EMIT 0xD8 \
- EMIT 0x0F EMIT 0xD4 EMIT 0xCD \
- EMIT 0x0F EMIT 0x6E EMIT 0x6F EMIT 0x10 \
- EMIT 0x0F EMIT 0xD4 EMIT 0xD5 \
- EMIT 0x0F EMIT 0x7E EMIT 0x4F EMIT 0x08 \
- EMIT 0x0F EMIT 0x73 EMIT 0xD1 EMIT 0x20 \
- EMIT 0x0F EMIT 0xD4 EMIT 0xCF \
- EMIT 0x0F EMIT 0x6E EMIT 0x6F EMIT 0x14 \
- EMIT 0x0F EMIT 0xD4 EMIT 0xE5 \
- EMIT 0x0F EMIT 0x7E EMIT 0x4F EMIT 0x0C \
- EMIT 0x0F EMIT 0x73 EMIT 0xD1 EMIT 0x20 \
- EMIT 0x0F EMIT 0xD4 EMIT 0xCA \
- EMIT 0x0F EMIT 0x6E EMIT 0x6F EMIT 0x18 \
- EMIT 0x0F EMIT 0xD4 EMIT 0xF5 \
- EMIT 0x0F EMIT 0x7E EMIT 0x4F EMIT 0x10 \
- EMIT 0x0F EMIT 0x73 EMIT 0xD1 EMIT 0x20 \
- EMIT 0x0F EMIT 0xD4 EMIT 0xCC \
- EMIT 0x0F EMIT 0x6E EMIT 0x6F EMIT 0x1C \
- EMIT 0x0F EMIT 0xD4 EMIT 0xDD \
- EMIT 0x0F EMIT 0x7E EMIT 0x4F EMIT 0x14 \
- EMIT 0x0F EMIT 0x73 EMIT 0xD1 EMIT 0x20 \
- EMIT 0x0F EMIT 0xD4 EMIT 0xCE \
- EMIT 0x0F EMIT 0x7E EMIT 0x4F EMIT 0x18 \
- EMIT 0x0F EMIT 0x73 EMIT 0xD1 EMIT 0x20 \
- EMIT 0x0F EMIT 0xD4 EMIT 0xCB \
- EMIT 0x0F EMIT 0x7E EMIT 0x4F EMIT 0x1C \
- EMIT 0x83 EMIT 0xC7 EMIT 0x20 \
- EMIT 0x83 EMIT 0xC6 EMIT 0x20 \
- EMIT 0x0F EMIT 0x73 EMIT 0xD1 EMIT 0x20 \
- EMIT 0x0F EMIT 0x7E EMIT 0xC9
-
-#define MULADDC_STOP \
- EMIT 0x0F EMIT 0x77 \
- __asm mov c, ecx \
- __asm mov d, edi \
- __asm mov s, esi \
-
-#else
-
-#define MULADDC_STOP \
- __asm mov c, ecx \
- __asm mov d, edi \
- __asm mov s, esi \
-
-#endif /* SSE2 */
-#endif /* MSVC */
-
-#endif /* MBEDTLS_HAVE_ASM */
-
-#if !defined(MULADDC_CORE)
-#if defined(MBEDTLS_HAVE_UDBL)
-
-#define MULADDC_INIT \
-{ \
- mbedtls_t_udbl r; \
- mbedtls_mpi_uint r0, r1;
-
-#define MULADDC_CORE \
- r = *(s++) * (mbedtls_t_udbl) b; \
- r0 = (mbedtls_mpi_uint) r; \
- r1 = (mbedtls_mpi_uint)( r >> biL ); \
- r0 += c; r1 += (r0 < c); \
- r0 += *d; r1 += (r0 < *d); \
- c = r1; *(d++) = r0;
-
-#define MULADDC_STOP \
-}
-
-#else
-#define MULADDC_INIT \
-{ \
- mbedtls_mpi_uint s0, s1, b0, b1; \
- mbedtls_mpi_uint r0, r1, rx, ry; \
- b0 = ( b << biH ) >> biH; \
- b1 = ( b >> biH );
-
-#define MULADDC_CORE \
- s0 = ( *s << biH ) >> biH; \
- s1 = ( *s >> biH ); s++; \
- rx = s0 * b1; r0 = s0 * b0; \
- ry = s1 * b0; r1 = s1 * b1; \
- r1 += ( rx >> biH ); \
- r1 += ( ry >> biH ); \
- rx <<= biH; ry <<= biH; \
- r0 += rx; r1 += (r0 < rx); \
- r0 += ry; r1 += (r0 < ry); \
- r0 += c; r1 += (r0 < c); \
- r0 += *d; r1 += (r0 < *d); \
- c = r1; *(d++) = r0;
-
-#define MULADDC_STOP \
-}
-
-#endif /* C (generic) */
-#endif /* C (longlong) */
-
-#endif /* bn_mul.h */
diff --git a/backport/compat/verification/mbedtls/config.h b/backport/compat/verification/mbedtls/config.h
deleted file mode 100644
index 91d900de..00000000
--- a/backport/compat/verification/mbedtls/config.h
+++ /dev/null
@@ -1,15 +0,0 @@
-#ifndef __MBEDTLS_CONFIG_H
-#define __MBEDTLS_CONFIG_H
-#define MBEDTLS_RSA_C
-#define MBEDTLS_PKCS1_V15
-#define MBEDTLS_MD_C
-#define __OpenBSD__
-#define MBEDTLS_PLATFORM_C
-#define MBEDTLS_BIGNUM_C
-#define MBEDTLS_OID_C
-#define MBEDTLS_ASN1_PARSE_C
-#define MBEDTLS_NO_UDBL_DIVISION
-#define MBEDTLS_SHA256_C
-#include <linux/types.h>
-#include "platform.h"
-#endif /* __MBEDTLS_CONFIG_H */
diff --git a/backport/compat/verification/mbedtls/md.h b/backport/compat/verification/mbedtls/md.h
deleted file mode 100644
index 5342e4f5..00000000
--- a/backport/compat/verification/mbedtls/md.h
+++ /dev/null
@@ -1,354 +0,0 @@
-/**
- * \file md.h
- *
- * \brief Generic message digest wrapper
- *
- * \author Adriaan de Jong <dejong@xxxxxxxxxx>
- *
- * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
- * SPDX-License-Identifier: GPL-2.0
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License along
- * with this program; if not, write to the Free Software Foundation, Inc.,
- * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
- *
- * This file is part of mbed TLS (https://tls.mbed.org)
- */
-#ifndef MBEDTLS_MD_H
-#define MBEDTLS_MD_H
-
-#define MBEDTLS_ERR_MD_FEATURE_UNAVAILABLE -0x5080 /**< The selected feature is not available. */
-#define MBEDTLS_ERR_MD_BAD_INPUT_DATA -0x5100 /**< Bad input parameters to function. */
-#define MBEDTLS_ERR_MD_ALLOC_FAILED -0x5180 /**< Failed to allocate memory. */
-#define MBEDTLS_ERR_MD_FILE_IO_ERROR -0x5200 /**< Opening or reading of file failed. */
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-typedef enum {
- MBEDTLS_MD_NONE=0,
- MBEDTLS_MD_MD2,
- MBEDTLS_MD_MD4,
- MBEDTLS_MD_MD5,
- MBEDTLS_MD_SHA1,
- MBEDTLS_MD_SHA224,
- MBEDTLS_MD_SHA256,
- MBEDTLS_MD_SHA384,
- MBEDTLS_MD_SHA512,
- MBEDTLS_MD_RIPEMD160,
-} mbedtls_md_type_t;
-
-#if defined(MBEDTLS_SHA512_C)
-#define MBEDTLS_MD_MAX_SIZE 64 /* longest known is SHA512 */
-#else
-#define MBEDTLS_MD_MAX_SIZE 32 /* longest known is SHA256 or less */
-#endif
-
-/**
- * Opaque struct defined in md_internal.h
- */
-typedef struct mbedtls_md_info_t mbedtls_md_info_t;
-
-/**
- * Generic message digest context.
- */
-typedef struct {
- /** Information about the associated message digest */
- const mbedtls_md_info_t *md_info;
-
- /** Digest-specific context */
- void *md_ctx;
-
- /** HMAC part of the context */
- void *hmac_ctx;
-} mbedtls_md_context_t;
-
-/**
- * \brief Returns the list of digests supported by the generic digest module.
- *
- * \return a statically allocated array of digests, the last entry
- * is 0.
- */
-const int *mbedtls_md_list( void );
-
-/**
- * \brief Returns the message digest information associated with the
- * given digest name.
- *
- * \param md_name Name of the digest to search for.
- *
- * \return The message digest information associated with md_name or
- * NULL if not found.
- */
-const mbedtls_md_info_t *mbedtls_md_info_from_string( const char *md_name );
-
-/**
- * \brief Returns the message digest information associated with the
- * given digest type.
- *
- * \param md_type type of digest to search for.
- *
- * \return The message digest information associated with md_type or
- * NULL if not found.
- */
-const mbedtls_md_info_t *mbedtls_md_info_from_type( mbedtls_md_type_t md_type );
-
-/**
- * \brief Initialize a md_context (as NONE)
- * This should always be called first.
- * Prepares the context for mbedtls_md_setup() or mbedtls_md_free().
- */
-void mbedtls_md_init( mbedtls_md_context_t *ctx );
-
-/**
- * \brief Free and clear the internal structures of ctx.
- * Can be called at any time after mbedtls_md_init().
- * Mandatory once mbedtls_md_setup() has been called.
- */
-void mbedtls_md_free( mbedtls_md_context_t *ctx );
-
-#if ! defined(MBEDTLS_DEPRECATED_REMOVED)
-#if defined(MBEDTLS_DEPRECATED_WARNING)
-#define MBEDTLS_DEPRECATED __attribute__((deprecated))
-#else
-#define MBEDTLS_DEPRECATED
-#endif
-/**
- * \brief Select MD to use and allocate internal structures.
- * Should be called after mbedtls_md_init() or mbedtls_md_free().
- * Makes it necessary to call mbedtls_md_free() later.
- *
- * \deprecated Superseded by mbedtls_md_setup() in 2.0.0
- *
- * \param ctx Context to set up.
- * \param md_info Message digest to use.
- *
- * \returns \c 0 on success,
- * \c MBEDTLS_ERR_MD_BAD_INPUT_DATA on parameter failure,
- * \c MBEDTLS_ERR_MD_ALLOC_FAILED memory allocation failure.
- */
-int mbedtls_md_init_ctx( mbedtls_md_context_t *ctx, const mbedtls_md_info_t *md_info ) MBEDTLS_DEPRECATED;
-#undef MBEDTLS_DEPRECATED
-#endif /* MBEDTLS_DEPRECATED_REMOVED */
-
-/**
- * \brief Select MD to use and allocate internal structures.
- * Should be called after mbedtls_md_init() or mbedtls_md_free().
- * Makes it necessary to call mbedtls_md_free() later.
- *
- * \param ctx Context to set up.
- * \param md_info Message digest to use.
- * \param hmac 0 to save some memory if HMAC will not be used,
- * non-zero is HMAC is going to be used with this context.
- *
- * \returns \c 0 on success,
- * \c MBEDTLS_ERR_MD_BAD_INPUT_DATA on parameter failure,
- * \c MBEDTLS_ERR_MD_ALLOC_FAILED memory allocation failure.
- */
-int mbedtls_md_setup( mbedtls_md_context_t *ctx, const mbedtls_md_info_t *md_info, int hmac );
-
-/**
- * \brief Clone the state of an MD context
- *
- * \note The two contexts must have been setup to the same type
- * (cloning from SHA-256 to SHA-512 make no sense).
- *
- * \warning Only clones the MD state, not the HMAC state! (for now)
- *
- * \param dst The destination context
- * \param src The context to be cloned
- *
- * \return \c 0 on success,
- * \c MBEDTLS_ERR_MD_BAD_INPUT_DATA on parameter failure.
- */
-int mbedtls_md_clone( mbedtls_md_context_t *dst,
- const mbedtls_md_context_t *src );
-
-/**
- * \brief Returns the size of the message digest output.
- *
- * \param md_info message digest info
- *
- * \return size of the message digest output in bytes.
- */
-unsigned char mbedtls_md_get_size( const mbedtls_md_info_t *md_info );
-
-/**
- * \brief Returns the type of the message digest output.
- *
- * \param md_info message digest info
- *
- * \return type of the message digest output.
- */
-mbedtls_md_type_t mbedtls_md_get_type( const mbedtls_md_info_t *md_info );
-
-/**
- * \brief Returns the name of the message digest output.
- *
- * \param md_info message digest info
- *
- * \return name of the message digest output.
- */
-const char *mbedtls_md_get_name( const mbedtls_md_info_t *md_info );
-
-/**
- * \brief Prepare the context to digest a new message.
- * Generally called after mbedtls_md_setup() or mbedtls_md_finish().
- * Followed by mbedtls_md_update().
- *
- * \param ctx generic message digest context.
- *
- * \returns 0 on success, MBEDTLS_ERR_MD_BAD_INPUT_DATA if parameter
- * verification fails.
- */
-int mbedtls_md_starts( mbedtls_md_context_t *ctx );
-
-/**
- * \brief Generic message digest process buffer
- * Called between mbedtls_md_starts() and mbedtls_md_finish().
- * May be called repeatedly.
- *
- * \param ctx Generic message digest context
- * \param input buffer holding the datal
- * \param ilen length of the input data
- *
- * \returns 0 on success, MBEDTLS_ERR_MD_BAD_INPUT_DATA if parameter
- * verification fails.
- */
-int mbedtls_md_update( mbedtls_md_context_t *ctx, const unsigned char *input, size_t ilen );
-
-/**
- * \brief Generic message digest final digest
- * Called after mbedtls_md_update().
- * Usually followed by mbedtls_md_free() or mbedtls_md_starts().
- *
- * \param ctx Generic message digest context
- * \param output Generic message digest checksum result
- *
- * \returns 0 on success, MBEDTLS_ERR_MD_BAD_INPUT_DATA if parameter
- * verification fails.
- */
-int mbedtls_md_finish( mbedtls_md_context_t *ctx, unsigned char *output );
-
-/**
- * \brief Output = message_digest( input buffer )
- *
- * \param md_info message digest info
- * \param input buffer holding the data
- * \param ilen length of the input data
- * \param output Generic message digest checksum result
- *
- * \returns 0 on success, MBEDTLS_ERR_MD_BAD_INPUT_DATA if parameter
- * verification fails.
- */
-int mbedtls_md( const mbedtls_md_info_t *md_info, const unsigned char *input, size_t ilen,
- unsigned char *output );
-
-#if defined(MBEDTLS_FS_IO)
-/**
- * \brief Output = message_digest( file contents )
- *
- * \param md_info message digest info
- * \param path input file name
- * \param output generic message digest checksum result
- *
- * \return 0 if successful,
- * MBEDTLS_ERR_MD_FILE_IO_ERROR if file input failed,
- * MBEDTLS_ERR_MD_BAD_INPUT_DATA if md_info was NULL.
- */
-int mbedtls_md_file( const mbedtls_md_info_t *md_info, const char *path,
- unsigned char *output );
-#endif /* MBEDTLS_FS_IO */
-
-/**
- * \brief Set HMAC key and prepare to authenticate a new message.
- * Usually called after mbedtls_md_setup() or mbedtls_md_hmac_finish().
- *
- * \param ctx HMAC context
- * \param key HMAC secret key
- * \param keylen length of the HMAC key in bytes
- *
- * \returns 0 on success, MBEDTLS_ERR_MD_BAD_INPUT_DATA if parameter
- * verification fails.
- */
-int mbedtls_md_hmac_starts( mbedtls_md_context_t *ctx, const unsigned char *key,
- size_t keylen );
-
-/**
- * \brief Generic HMAC process buffer.
- * Called between mbedtls_md_hmac_starts() or mbedtls_md_hmac_reset()
- * and mbedtls_md_hmac_finish().
- * May be called repeatedly.
- *
- * \param ctx HMAC context
- * \param input buffer holding the data
- * \param ilen length of the input data
- *
- * \returns 0 on success, MBEDTLS_ERR_MD_BAD_INPUT_DATA if parameter
- * verification fails.
- */
-int mbedtls_md_hmac_update( mbedtls_md_context_t *ctx, const unsigned char *input,
- size_t ilen );
-
-/**
- * \brief Output HMAC.
- * Called after mbedtls_md_hmac_update().
- * Usually followed by mbedtls_md_hmac_reset(),
- * mbedtls_md_hmac_starts(), or mbedtls_md_free().
- *
- * \param ctx HMAC context
- * \param output Generic HMAC checksum result
- *
- * \returns 0 on success, MBEDTLS_ERR_MD_BAD_INPUT_DATA if parameter
- * verification fails.
- */
-int mbedtls_md_hmac_finish( mbedtls_md_context_t *ctx, unsigned char *output);
-
-/**
- * \brief Prepare to authenticate a new message with the same key.
- * Called after mbedtls_md_hmac_finish() and before
- * mbedtls_md_hmac_update().
- *
- * \param ctx HMAC context to be reset
- *
- * \returns 0 on success, MBEDTLS_ERR_MD_BAD_INPUT_DATA if parameter
- * verification fails.
- */
-int mbedtls_md_hmac_reset( mbedtls_md_context_t *ctx );
-
-/**
- * \brief Output = Generic_HMAC( hmac key, input buffer )
- *
- * \param md_info message digest info
- * \param key HMAC secret key
- * \param keylen length of the HMAC key in bytes
- * \param input buffer holding the data
- * \param ilen length of the input data
- * \param output Generic HMAC-result
- *
- * \returns 0 on success, MBEDTLS_ERR_MD_BAD_INPUT_DATA if parameter
- * verification fails.
- */
-int mbedtls_md_hmac( const mbedtls_md_info_t *md_info, const unsigned char *key, size_t keylen,
- const unsigned char *input, size_t ilen,
- unsigned char *output );
-
-/* Internal use */
-int mbedtls_md_process( mbedtls_md_context_t *ctx, const unsigned char *data );
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* MBEDTLS_MD_H */
diff --git a/backport/compat/verification/mbedtls/md_internal.h b/backport/compat/verification/mbedtls/md_internal.h
deleted file mode 100644
index 0a8600b4..00000000
--- a/backport/compat/verification/mbedtls/md_internal.h
+++ /dev/null
@@ -1,116 +0,0 @@
-/**
- * \file md_internal.h
- *
- * \brief Message digest wrappers.
- *
- * \warning This in an internal header. Do not include directly.
- *
- * \author Adriaan de Jong <dejong@xxxxxxxxxx>
- *
- * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
- * SPDX-License-Identifier: GPL-2.0
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License along
- * with this program; if not, write to the Free Software Foundation, Inc.,
- * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
- *
- * This file is part of mbed TLS (https://tls.mbed.org)
- */
-#ifndef MBEDTLS_MD_WRAP_H
-#define MBEDTLS_MD_WRAP_H
-
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
-
-#include "md.h"
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/**
- * Message digest information.
- * Allows message digest functions to be called in a generic way.
- */
-struct mbedtls_md_info_t
-{
- /** Digest identifier */
- mbedtls_md_type_t type;
-
- /** Name of the message digest */
- const char * name;
-
- /** Output length of the digest function in bytes */
- int size;
-
- /** Block length of the digest function in bytes */
- int block_size;
-
- /** Digest initialisation function */
- void (*starts_func)( void *ctx );
-
- /** Digest update function */
- void (*update_func)( void *ctx, const unsigned char *input, size_t ilen );
-
- /** Digest finalisation function */
- void (*finish_func)( void *ctx, unsigned char *output );
-
- /** Generic digest function */
- void (*digest_func)( const unsigned char *input, size_t ilen,
- unsigned char *output );
-
- /** Allocate a new context */
- void * (*ctx_alloc_func)( void );
-
- /** Free the given context */
- void (*ctx_free_func)( void *ctx );
-
- /** Clone state from a context */
- void (*clone_func)( void *dst, const void *src );
-
- /** Internal use only */
- void (*process_func)( void *ctx, const unsigned char *input );
-};
-
-#if defined(MBEDTLS_MD2_C)
-extern const mbedtls_md_info_t mbedtls_md2_info;
-#endif
-#if defined(MBEDTLS_MD4_C)
-extern const mbedtls_md_info_t mbedtls_md4_info;
-#endif
-#if defined(MBEDTLS_MD5_C)
-extern const mbedtls_md_info_t mbedtls_md5_info;
-#endif
-#if defined(MBEDTLS_RIPEMD160_C)
-extern const mbedtls_md_info_t mbedtls_ripemd160_info;
-#endif
-#if defined(MBEDTLS_SHA1_C)
-extern const mbedtls_md_info_t mbedtls_sha1_info;
-#endif
-#if defined(MBEDTLS_SHA256_C)
-extern const mbedtls_md_info_t mbedtls_sha224_info;
-extern const mbedtls_md_info_t mbedtls_sha256_info;
-#endif
-#if defined(MBEDTLS_SHA512_C)
-extern const mbedtls_md_info_t mbedtls_sha384_info;
-extern const mbedtls_md_info_t mbedtls_sha512_info;
-#endif
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* MBEDTLS_MD_WRAP_H */
diff --git a/backport/compat/verification/mbedtls/oid.h b/backport/compat/verification/mbedtls/oid.h
deleted file mode 100644
index b2ff0887..00000000
--- a/backport/compat/verification/mbedtls/oid.h
+++ /dev/null
@@ -1,570 +0,0 @@
-/**
- * \file oid.h
- *
- * \brief Object Identifier (OID) database
- *
- * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
- * SPDX-License-Identifier: GPL-2.0
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License along
- * with this program; if not, write to the Free Software Foundation, Inc.,
- * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
- *
- * This file is part of mbed TLS (https://tls.mbed.org)
- */
-#ifndef MBEDTLS_OID_H
-#define MBEDTLS_OID_H
-
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
-
-#include "asn1.h"
-#include "pk.h"
-
-#if defined(MBEDTLS_CIPHER_C)
-#include "cipher.h"
-#endif
-
-#if defined(MBEDTLS_MD_C)
-#include "md.h"
-#endif
-
-#if defined(MBEDTLS_X509_USE_C) || defined(MBEDTLS_X509_CREATE_C)
-#include "x509.h"
-#endif
-
-#define MBEDTLS_ERR_OID_NOT_FOUND -0x002E /**< OID is not found. */
-#define MBEDTLS_ERR_OID_BUF_TOO_SMALL -0x000B /**< output buffer is too small */
-
-/*
- * Top level OID tuples
- */
-#define MBEDTLS_OID_ISO_MEMBER_BODIES "\x2a" /* {iso(1) member-body(2)} */
-#define MBEDTLS_OID_ISO_IDENTIFIED_ORG "\x2b" /* {iso(1) identified-organization(3)} */
-#define MBEDTLS_OID_ISO_CCITT_DS "\x55" /* {joint-iso-ccitt(2) ds(5)} */
-#define MBEDTLS_OID_ISO_ITU_COUNTRY "\x60" /* {joint-iso-itu-t(2) country(16)} */
-
-/*
- * ISO Member bodies OID parts
- */
-#define MBEDTLS_OID_COUNTRY_US "\x86\x48" /* {us(840)} */
-#define MBEDTLS_OID_ORG_RSA_DATA_SECURITY "\x86\xf7\x0d" /* {rsadsi(113549)} */
-#define MBEDTLS_OID_RSA_COMPANY MBEDTLS_OID_ISO_MEMBER_BODIES MBEDTLS_OID_COUNTRY_US \
- MBEDTLS_OID_ORG_RSA_DATA_SECURITY /* {iso(1) member-body(2) us(840) rsadsi(113549)} */
-#define MBEDTLS_OID_ORG_ANSI_X9_62 "\xce\x3d" /* ansi-X9-62(10045) */
-#define MBEDTLS_OID_ANSI_X9_62 MBEDTLS_OID_ISO_MEMBER_BODIES MBEDTLS_OID_COUNTRY_US \
- MBEDTLS_OID_ORG_ANSI_X9_62
-
-/*
- * ISO Identified organization OID parts
- */
-#define MBEDTLS_OID_ORG_DOD "\x06" /* {dod(6)} */
-#define MBEDTLS_OID_ORG_OIW "\x0e"
-#define MBEDTLS_OID_OIW_SECSIG MBEDTLS_OID_ORG_OIW "\x03"
-#define MBEDTLS_OID_OIW_SECSIG_ALG MBEDTLS_OID_OIW_SECSIG "\x02"
-#define MBEDTLS_OID_OIW_SECSIG_SHA1 MBEDTLS_OID_OIW_SECSIG_ALG "\x1a"
-#define MBEDTLS_OID_ORG_CERTICOM "\x81\x04" /* certicom(132) */
-#define MBEDTLS_OID_CERTICOM MBEDTLS_OID_ISO_IDENTIFIED_ORG MBEDTLS_OID_ORG_CERTICOM
-#define MBEDTLS_OID_ORG_TELETRUST "\x24" /* teletrust(36) */
-#define MBEDTLS_OID_TELETRUST MBEDTLS_OID_ISO_IDENTIFIED_ORG MBEDTLS_OID_ORG_TELETRUST
-
-/*
- * ISO ITU OID parts
- */
-#define MBEDTLS_OID_ORGANIZATION "\x01" /* {organization(1)} */
-#define MBEDTLS_OID_ISO_ITU_US_ORG MBEDTLS_OID_ISO_ITU_COUNTRY MBEDTLS_OID_COUNTRY_US MBEDTLS_OID_ORGANIZATION /* {joint-iso-itu-t(2) country(16) us(840) organization(1)} */
-
-#define MBEDTLS_OID_ORG_GOV "\x65" /* {gov(101)} */
-#define MBEDTLS_OID_GOV MBEDTLS_OID_ISO_ITU_US_ORG MBEDTLS_OID_ORG_GOV /* {joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101)} */
-
-#define MBEDTLS_OID_ORG_NETSCAPE "\x86\xF8\x42" /* {netscape(113730)} */
-#define MBEDTLS_OID_NETSCAPE MBEDTLS_OID_ISO_ITU_US_ORG MBEDTLS_OID_ORG_NETSCAPE /* Netscape OID {joint-iso-itu-t(2) country(16) us(840) organization(1) netscape(113730)} */
-
-/* ISO arc for standard certificate and CRL extensions */
-#define MBEDTLS_OID_ID_CE MBEDTLS_OID_ISO_CCITT_DS "\x1D" /**< id-ce OBJECT IDENTIFIER ::= {joint-iso-ccitt(2) ds(5) 29} */
-
-/**
- * Private Internet Extensions
- * { iso(1) identified-organization(3) dod(6) internet(1)
- * security(5) mechanisms(5) pkix(7) }
- */
-#define MBEDTLS_OID_PKIX MBEDTLS_OID_ISO_IDENTIFIED_ORG MBEDTLS_OID_ORG_DOD "\x01\x05\x05\x07"
-
-/*
- * Arc for standard naming attributes
- */
-#define MBEDTLS_OID_AT MBEDTLS_OID_ISO_CCITT_DS "\x04" /**< id-at OBJECT IDENTIFIER ::= {joint-iso-ccitt(2) ds(5) 4} */
-#define MBEDTLS_OID_AT_CN MBEDTLS_OID_AT "\x03" /**< id-at-commonName AttributeType:= {id-at 3} */
-#define MBEDTLS_OID_AT_SUR_NAME MBEDTLS_OID_AT "\x04" /**< id-at-surName AttributeType:= {id-at 4} */
-#define MBEDTLS_OID_AT_SERIAL_NUMBER MBEDTLS_OID_AT "\x05" /**< id-at-serialNumber AttributeType:= {id-at 5} */
-#define MBEDTLS_OID_AT_COUNTRY MBEDTLS_OID_AT "\x06" /**< id-at-countryName AttributeType:= {id-at 6} */
-#define MBEDTLS_OID_AT_LOCALITY MBEDTLS_OID_AT "\x07" /**< id-at-locality AttributeType:= {id-at 7} */
-#define MBEDTLS_OID_AT_STATE MBEDTLS_OID_AT "\x08" /**< id-at-state AttributeType:= {id-at 8} */
-#define MBEDTLS_OID_AT_ORGANIZATION MBEDTLS_OID_AT "\x0A" /**< id-at-organizationName AttributeType:= {id-at 10} */
-#define MBEDTLS_OID_AT_ORG_UNIT MBEDTLS_OID_AT "\x0B" /**< id-at-organizationalUnitName AttributeType:= {id-at 11} */
-#define MBEDTLS_OID_AT_TITLE MBEDTLS_OID_AT "\x0C" /**< id-at-title AttributeType:= {id-at 12} */
-#define MBEDTLS_OID_AT_POSTAL_ADDRESS MBEDTLS_OID_AT "\x10" /**< id-at-postalAddress AttributeType:= {id-at 16} */
-#define MBEDTLS_OID_AT_POSTAL_CODE MBEDTLS_OID_AT "\x11" /**< id-at-postalCode AttributeType:= {id-at 17} */
-#define MBEDTLS_OID_AT_GIVEN_NAME MBEDTLS_OID_AT "\x2A" /**< id-at-givenName AttributeType:= {id-at 42} */
-#define MBEDTLS_OID_AT_INITIALS MBEDTLS_OID_AT "\x2B" /**< id-at-initials AttributeType:= {id-at 43} */
-#define MBEDTLS_OID_AT_GENERATION_QUALIFIER MBEDTLS_OID_AT "\x2C" /**< id-at-generationQualifier AttributeType:= {id-at 44} */
-#define MBEDTLS_OID_AT_UNIQUE_IDENTIFIER MBEDTLS_OID_AT "\x2D" /**< id-at-uniqueIdentifier AttributType:= {id-at 45} */
-#define MBEDTLS_OID_AT_DN_QUALIFIER MBEDTLS_OID_AT "\x2E" /**< id-at-dnQualifier AttributeType:= {id-at 46} */
-#define MBEDTLS_OID_AT_PSEUDONYM MBEDTLS_OID_AT "\x41" /**< id-at-pseudonym AttributeType:= {id-at 65} */
-
-#define MBEDTLS_OID_DOMAIN_COMPONENT "\x09\x92\x26\x89\x93\xF2\x2C\x64\x01\x19" /** id-domainComponent AttributeType:= {itu-t(0) data(9) pss(2342) ucl(19200300) pilot(100) pilotAttributeType(1) domainComponent(25)} */
-
-/*
- * OIDs for standard certificate extensions
- */
-#define MBEDTLS_OID_AUTHORITY_KEY_IDENTIFIER MBEDTLS_OID_ID_CE "\x23" /**< id-ce-authorityKeyIdentifier OBJECT IDENTIFIER ::= { id-ce 35 } */
-#define MBEDTLS_OID_SUBJECT_KEY_IDENTIFIER MBEDTLS_OID_ID_CE "\x0E" /**< id-ce-subjectKeyIdentifier OBJECT IDENTIFIER ::= { id-ce 14 } */
-#define MBEDTLS_OID_KEY_USAGE MBEDTLS_OID_ID_CE "\x0F" /**< id-ce-keyUsage OBJECT IDENTIFIER ::= { id-ce 15 } */
-#define MBEDTLS_OID_CERTIFICATE_POLICIES MBEDTLS_OID_ID_CE "\x20" /**< id-ce-certificatePolicies OBJECT IDENTIFIER ::= { id-ce 32 } */
-#define MBEDTLS_OID_POLICY_MAPPINGS MBEDTLS_OID_ID_CE "\x21" /**< id-ce-policyMappings OBJECT IDENTIFIER ::= { id-ce 33 } */
-#define MBEDTLS_OID_SUBJECT_ALT_NAME MBEDTLS_OID_ID_CE "\x11" /**< id-ce-subjectAltName OBJECT IDENTIFIER ::= { id-ce 17 } */
-#define MBEDTLS_OID_ISSUER_ALT_NAME MBEDTLS_OID_ID_CE "\x12" /**< id-ce-issuerAltName OBJECT IDENTIFIER ::= { id-ce 18 } */
-#define MBEDTLS_OID_SUBJECT_DIRECTORY_ATTRS MBEDTLS_OID_ID_CE "\x09" /**< id-ce-subjectDirectoryAttributes OBJECT IDENTIFIER ::= { id-ce 9 } */
-#define MBEDTLS_OID_BASIC_CONSTRAINTS MBEDTLS_OID_ID_CE "\x13" /**< id-ce-basicConstraints OBJECT IDENTIFIER ::= { id-ce 19 } */
-#define MBEDTLS_OID_NAME_CONSTRAINTS MBEDTLS_OID_ID_CE "\x1E" /**< id-ce-nameConstraints OBJECT IDENTIFIER ::= { id-ce 30 } */
-#define MBEDTLS_OID_POLICY_CONSTRAINTS MBEDTLS_OID_ID_CE "\x24" /**< id-ce-policyConstraints OBJECT IDENTIFIER ::= { id-ce 36 } */
-#define MBEDTLS_OID_EXTENDED_KEY_USAGE MBEDTLS_OID_ID_CE "\x25" /**< id-ce-extKeyUsage OBJECT IDENTIFIER ::= { id-ce 37 } */
-#define MBEDTLS_OID_CRL_DISTRIBUTION_POINTS MBEDTLS_OID_ID_CE "\x1F" /**< id-ce-cRLDistributionPoints OBJECT IDENTIFIER ::= { id-ce 31 } */
-#define MBEDTLS_OID_INIHIBIT_ANYPOLICY MBEDTLS_OID_ID_CE "\x36" /**< id-ce-inhibitAnyPolicy OBJECT IDENTIFIER ::= { id-ce 54 } */
-#define MBEDTLS_OID_FRESHEST_CRL MBEDTLS_OID_ID_CE "\x2E" /**< id-ce-freshestCRL OBJECT IDENTIFIER ::= { id-ce 46 } */
-
-/*
- * Netscape certificate extensions
- */
-#define MBEDTLS_OID_NS_CERT MBEDTLS_OID_NETSCAPE "\x01"
-#define MBEDTLS_OID_NS_CERT_TYPE MBEDTLS_OID_NS_CERT "\x01"
-#define MBEDTLS_OID_NS_BASE_URL MBEDTLS_OID_NS_CERT "\x02"
-#define MBEDTLS_OID_NS_REVOCATION_URL MBEDTLS_OID_NS_CERT "\x03"
-#define MBEDTLS_OID_NS_CA_REVOCATION_URL MBEDTLS_OID_NS_CERT "\x04"
-#define MBEDTLS_OID_NS_RENEWAL_URL MBEDTLS_OID_NS_CERT "\x07"
-#define MBEDTLS_OID_NS_CA_POLICY_URL MBEDTLS_OID_NS_CERT "\x08"
-#define MBEDTLS_OID_NS_SSL_SERVER_NAME MBEDTLS_OID_NS_CERT "\x0C"
-#define MBEDTLS_OID_NS_COMMENT MBEDTLS_OID_NS_CERT "\x0D"
-#define MBEDTLS_OID_NS_DATA_TYPE MBEDTLS_OID_NETSCAPE "\x02"
-#define MBEDTLS_OID_NS_CERT_SEQUENCE MBEDTLS_OID_NS_DATA_TYPE "\x05"
-
-/*
- * OIDs for CRL extensions
- */
-#define MBEDTLS_OID_PRIVATE_KEY_USAGE_PERIOD MBEDTLS_OID_ID_CE "\x10"
-#define MBEDTLS_OID_CRL_NUMBER MBEDTLS_OID_ID_CE "\x14" /**< id-ce-cRLNumber OBJECT IDENTIFIER ::= { id-ce 20 } */
-
-/*
- * X.509 v3 Extended key usage OIDs
- */
-#define MBEDTLS_OID_ANY_EXTENDED_KEY_USAGE MBEDTLS_OID_EXTENDED_KEY_USAGE "\x00" /**< anyExtendedKeyUsage OBJECT IDENTIFIER ::= { id-ce-extKeyUsage 0 } */
-
-#define MBEDTLS_OID_KP MBEDTLS_OID_PKIX "\x03" /**< id-kp OBJECT IDENTIFIER ::= { id-pkix 3 } */
-#define MBEDTLS_OID_SERVER_AUTH MBEDTLS_OID_KP "\x01" /**< id-kp-serverAuth OBJECT IDENTIFIER ::= { id-kp 1 } */
-#define MBEDTLS_OID_CLIENT_AUTH MBEDTLS_OID_KP "\x02" /**< id-kp-clientAuth OBJECT IDENTIFIER ::= { id-kp 2 } */
-#define MBEDTLS_OID_CODE_SIGNING MBEDTLS_OID_KP "\x03" /**< id-kp-codeSigning OBJECT IDENTIFIER ::= { id-kp 3 } */
-#define MBEDTLS_OID_EMAIL_PROTECTION MBEDTLS_OID_KP "\x04" /**< id-kp-emailProtection OBJECT IDENTIFIER ::= { id-kp 4 } */
-#define MBEDTLS_OID_TIME_STAMPING MBEDTLS_OID_KP "\x08" /**< id-kp-timeStamping OBJECT IDENTIFIER ::= { id-kp 8 } */
-#define MBEDTLS_OID_OCSP_SIGNING MBEDTLS_OID_KP "\x09" /**< id-kp-OCSPSigning OBJECT IDENTIFIER ::= { id-kp 9 } */
-
-/*
- * PKCS definition OIDs
- */
-
-#define MBEDTLS_OID_PKCS MBEDTLS_OID_RSA_COMPANY "\x01" /**< pkcs OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) 1 } */
-#define MBEDTLS_OID_PKCS1 MBEDTLS_OID_PKCS "\x01" /**< pkcs-1 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) 1 } */
-#define MBEDTLS_OID_PKCS5 MBEDTLS_OID_PKCS "\x05" /**< pkcs-5 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) 5 } */
-#define MBEDTLS_OID_PKCS9 MBEDTLS_OID_PKCS "\x09" /**< pkcs-9 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) 9 } */
-#define MBEDTLS_OID_PKCS12 MBEDTLS_OID_PKCS "\x0c" /**< pkcs-12 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) 12 } */
-
-/*
- * PKCS#1 OIDs
- */
-#define MBEDTLS_OID_PKCS1_RSA MBEDTLS_OID_PKCS1 "\x01" /**< rsaEncryption OBJECT IDENTIFIER ::= { pkcs-1 1 } */
-#define MBEDTLS_OID_PKCS1_MD2 MBEDTLS_OID_PKCS1 "\x02" /**< md2WithRSAEncryption ::= { pkcs-1 2 } */
-#define MBEDTLS_OID_PKCS1_MD4 MBEDTLS_OID_PKCS1 "\x03" /**< md4WithRSAEncryption ::= { pkcs-1 3 } */
-#define MBEDTLS_OID_PKCS1_MD5 MBEDTLS_OID_PKCS1 "\x04" /**< md5WithRSAEncryption ::= { pkcs-1 4 } */
-#define MBEDTLS_OID_PKCS1_SHA1 MBEDTLS_OID_PKCS1 "\x05" /**< sha1WithRSAEncryption ::= { pkcs-1 5 } */
-#define MBEDTLS_OID_PKCS1_SHA224 MBEDTLS_OID_PKCS1 "\x0e" /**< sha224WithRSAEncryption ::= { pkcs-1 14 } */
-#define MBEDTLS_OID_PKCS1_SHA256 MBEDTLS_OID_PKCS1 "\x0b" /**< sha256WithRSAEncryption ::= { pkcs-1 11 } */
-#define MBEDTLS_OID_PKCS1_SHA384 MBEDTLS_OID_PKCS1 "\x0c" /**< sha384WithRSAEncryption ::= { pkcs-1 12 } */
-#define MBEDTLS_OID_PKCS1_SHA512 MBEDTLS_OID_PKCS1 "\x0d" /**< sha512WithRSAEncryption ::= { pkcs-1 13 } */
-
-#define MBEDTLS_OID_RSA_SHA_OBS "\x2B\x0E\x03\x02\x1D"
-
-#define MBEDTLS_OID_PKCS9_EMAIL MBEDTLS_OID_PKCS9 "\x01" /**< emailAddress AttributeType ::= { pkcs-9 1 } */
-
-/* RFC 4055 */
-#define MBEDTLS_OID_RSASSA_PSS MBEDTLS_OID_PKCS1 "\x0a" /**< id-RSASSA-PSS ::= { pkcs-1 10 } */
-#define MBEDTLS_OID_MGF1 MBEDTLS_OID_PKCS1 "\x08" /**< id-mgf1 ::= { pkcs-1 8 } */
-
-/*
- * Digest algorithms
- */
-#define MBEDTLS_OID_DIGEST_ALG_MD2 MBEDTLS_OID_RSA_COMPANY "\x02\x02" /**< id-mbedtls_md2 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) digestAlgorithm(2) 2 } */
-#define MBEDTLS_OID_DIGEST_ALG_MD4 MBEDTLS_OID_RSA_COMPANY "\x02\x04" /**< id-mbedtls_md4 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) digestAlgorithm(2) 4 } */
-#define MBEDTLS_OID_DIGEST_ALG_MD5 MBEDTLS_OID_RSA_COMPANY "\x02\x05" /**< id-mbedtls_md5 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) digestAlgorithm(2) 5 } */
-#define MBEDTLS_OID_DIGEST_ALG_SHA1 MBEDTLS_OID_ISO_IDENTIFIED_ORG MBEDTLS_OID_OIW_SECSIG_SHA1 /**< id-mbedtls_sha1 OBJECT IDENTIFIER ::= { iso(1) identified-organization(3) oiw(14) secsig(3) algorithms(2) 26 } */
-#define MBEDTLS_OID_DIGEST_ALG_SHA224 MBEDTLS_OID_GOV "\x03\x04\x02\x04" /**< id-sha224 OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) nistalgorithm(4) hashalgs(2) 4 } */
-#define MBEDTLS_OID_DIGEST_ALG_SHA256 MBEDTLS_OID_GOV "\x03\x04\x02\x01" /**< id-mbedtls_sha256 OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) nistalgorithm(4) hashalgs(2) 1 } */
-
-#define MBEDTLS_OID_DIGEST_ALG_SHA384 MBEDTLS_OID_GOV "\x03\x04\x02\x02" /**< id-sha384 OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) nistalgorithm(4) hashalgs(2) 2 } */
-
-#define MBEDTLS_OID_DIGEST_ALG_SHA512 MBEDTLS_OID_GOV "\x03\x04\x02\x03" /**< id-mbedtls_sha512 OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) nistalgorithm(4) hashalgs(2) 3 } */
-
-#define MBEDTLS_OID_HMAC_SHA1 MBEDTLS_OID_RSA_COMPANY "\x02\x07" /**< id-hmacWithSHA1 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) digestAlgorithm(2) 7 } */
-
-/*
- * Encryption algorithms
- */
-#define MBEDTLS_OID_DES_CBC MBEDTLS_OID_ISO_IDENTIFIED_ORG MBEDTLS_OID_OIW_SECSIG_ALG "\x07" /**< desCBC OBJECT IDENTIFIER ::= { iso(1) identified-organization(3) oiw(14) secsig(3) algorithms(2) 7 } */
-#define MBEDTLS_OID_DES_EDE3_CBC MBEDTLS_OID_RSA_COMPANY "\x03\x07" /**< des-ede3-cbc OBJECT IDENTIFIER ::= { iso(1) member-body(2) -- us(840) rsadsi(113549) encryptionAlgorithm(3) 7 } */
-
-/*
- * PKCS#5 OIDs
- */
-#define MBEDTLS_OID_PKCS5_PBKDF2 MBEDTLS_OID_PKCS5 "\x0c" /**< id-PBKDF2 OBJECT IDENTIFIER ::= {pkcs-5 12} */
-#define MBEDTLS_OID_PKCS5_PBES2 MBEDTLS_OID_PKCS5 "\x0d" /**< id-PBES2 OBJECT IDENTIFIER ::= {pkcs-5 13} */
-#define MBEDTLS_OID_PKCS5_PBMAC1 MBEDTLS_OID_PKCS5 "\x0e" /**< id-PBMAC1 OBJECT IDENTIFIER ::= {pkcs-5 14} */
-
-/*
- * PKCS#5 PBES1 algorithms
- */
-#define MBEDTLS_OID_PKCS5_PBE_MD2_DES_CBC MBEDTLS_OID_PKCS5 "\x01" /**< pbeWithMD2AndDES-CBC OBJECT IDENTIFIER ::= {pkcs-5 1} */
-#define MBEDTLS_OID_PKCS5_PBE_MD2_RC2_CBC MBEDTLS_OID_PKCS5 "\x04" /**< pbeWithMD2AndRC2-CBC OBJECT IDENTIFIER ::= {pkcs-5 4} */
-#define MBEDTLS_OID_PKCS5_PBE_MD5_DES_CBC MBEDTLS_OID_PKCS5 "\x03" /**< pbeWithMD5AndDES-CBC OBJECT IDENTIFIER ::= {pkcs-5 3} */
-#define MBEDTLS_OID_PKCS5_PBE_MD5_RC2_CBC MBEDTLS_OID_PKCS5 "\x06" /**< pbeWithMD5AndRC2-CBC OBJECT IDENTIFIER ::= {pkcs-5 6} */
-#define MBEDTLS_OID_PKCS5_PBE_SHA1_DES_CBC MBEDTLS_OID_PKCS5 "\x0a" /**< pbeWithSHA1AndDES-CBC OBJECT IDENTIFIER ::= {pkcs-5 10} */
-#define MBEDTLS_OID_PKCS5_PBE_SHA1_RC2_CBC MBEDTLS_OID_PKCS5 "\x0b" /**< pbeWithSHA1AndRC2-CBC OBJECT IDENTIFIER ::= {pkcs-5 11} */
-
-/*
- * PKCS#8 OIDs
- */
-#define MBEDTLS_OID_PKCS9_CSR_EXT_REQ MBEDTLS_OID_PKCS9 "\x0e" /**< extensionRequest OBJECT IDENTIFIER ::= {pkcs-9 14} */
-
-/*
- * PKCS#12 PBE OIDs
- */
-#define MBEDTLS_OID_PKCS12_PBE MBEDTLS_OID_PKCS12 "\x01" /**< pkcs-12PbeIds OBJECT IDENTIFIER ::= {pkcs-12 1} */
-
-#define MBEDTLS_OID_PKCS12_PBE_SHA1_RC4_128 MBEDTLS_OID_PKCS12_PBE "\x01" /**< pbeWithSHAAnd128BitRC4 OBJECT IDENTIFIER ::= {pkcs-12PbeIds 1} */
-#define MBEDTLS_OID_PKCS12_PBE_SHA1_RC4_40 MBEDTLS_OID_PKCS12_PBE "\x02" /**< pbeWithSHAAnd40BitRC4 OBJECT IDENTIFIER ::= {pkcs-12PbeIds 2} */
-#define MBEDTLS_OID_PKCS12_PBE_SHA1_DES3_EDE_CBC MBEDTLS_OID_PKCS12_PBE "\x03" /**< pbeWithSHAAnd3-KeyTripleDES-CBC OBJECT IDENTIFIER ::= {pkcs-12PbeIds 3} */
-#define MBEDTLS_OID_PKCS12_PBE_SHA1_DES2_EDE_CBC MBEDTLS_OID_PKCS12_PBE "\x04" /**< pbeWithSHAAnd2-KeyTripleDES-CBC OBJECT IDENTIFIER ::= {pkcs-12PbeIds 4} */
-#define MBEDTLS_OID_PKCS12_PBE_SHA1_RC2_128_CBC MBEDTLS_OID_PKCS12_PBE "\x05" /**< pbeWithSHAAnd128BitRC2-CBC OBJECT IDENTIFIER ::= {pkcs-12PbeIds 5} */
-#define MBEDTLS_OID_PKCS12_PBE_SHA1_RC2_40_CBC MBEDTLS_OID_PKCS12_PBE "\x06" /**< pbeWithSHAAnd40BitRC2-CBC OBJECT IDENTIFIER ::= {pkcs-12PbeIds 6} */
-
-/*
- * EC key algorithms from RFC 5480
- */
-
-/* id-ecPublicKey OBJECT IDENTIFIER ::= {
- * iso(1) member-body(2) us(840) ansi-X9-62(10045) keyType(2) 1 } */
-#define MBEDTLS_OID_EC_ALG_UNRESTRICTED MBEDTLS_OID_ANSI_X9_62 "\x02\01"
-
-/* id-ecDH OBJECT IDENTIFIER ::= {
- * iso(1) identified-organization(3) certicom(132)
- * schemes(1) ecdh(12) } */
-#define MBEDTLS_OID_EC_ALG_ECDH MBEDTLS_OID_CERTICOM "\x01\x0c"
-
-/*
- * ECParameters namedCurve identifiers, from RFC 5480, RFC 5639, and SEC2
- */
-
-/* secp192r1 OBJECT IDENTIFIER ::= {
- * iso(1) member-body(2) us(840) ansi-X9-62(10045) curves(3) prime(1) 1 } */
-#define MBEDTLS_OID_EC_GRP_SECP192R1 MBEDTLS_OID_ANSI_X9_62 "\x03\x01\x01"
-
-/* secp224r1 OBJECT IDENTIFIER ::= {
- * iso(1) identified-organization(3) certicom(132) curve(0) 33 } */
-#define MBEDTLS_OID_EC_GRP_SECP224R1 MBEDTLS_OID_CERTICOM "\x00\x21"
-
-/* secp256r1 OBJECT IDENTIFIER ::= {
- * iso(1) member-body(2) us(840) ansi-X9-62(10045) curves(3) prime(1) 7 } */
-#define MBEDTLS_OID_EC_GRP_SECP256R1 MBEDTLS_OID_ANSI_X9_62 "\x03\x01\x07"
-
-/* secp384r1 OBJECT IDENTIFIER ::= {
- * iso(1) identified-organization(3) certicom(132) curve(0) 34 } */
-#define MBEDTLS_OID_EC_GRP_SECP384R1 MBEDTLS_OID_CERTICOM "\x00\x22"
-
-/* secp521r1 OBJECT IDENTIFIER ::= {
- * iso(1) identified-organization(3) certicom(132) curve(0) 35 } */
-#define MBEDTLS_OID_EC_GRP_SECP521R1 MBEDTLS_OID_CERTICOM "\x00\x23"
-
-/* secp192k1 OBJECT IDENTIFIER ::= {
- * iso(1) identified-organization(3) certicom(132) curve(0) 31 } */
-#define MBEDTLS_OID_EC_GRP_SECP192K1 MBEDTLS_OID_CERTICOM "\x00\x1f"
-
-/* secp224k1 OBJECT IDENTIFIER ::= {
- * iso(1) identified-organization(3) certicom(132) curve(0) 32 } */
-#define MBEDTLS_OID_EC_GRP_SECP224K1 MBEDTLS_OID_CERTICOM "\x00\x20"
-
-/* secp256k1 OBJECT IDENTIFIER ::= {
- * iso(1) identified-organization(3) certicom(132) curve(0) 10 } */
-#define MBEDTLS_OID_EC_GRP_SECP256K1 MBEDTLS_OID_CERTICOM "\x00\x0a"
-
-/* RFC 5639 4.1
- * ecStdCurvesAndGeneration OBJECT IDENTIFIER::= {iso(1)
- * identified-organization(3) teletrust(36) algorithm(3) signature-
- * algorithm(3) ecSign(2) 8}
- * ellipticCurve OBJECT IDENTIFIER ::= {ecStdCurvesAndGeneration 1}
- * versionOne OBJECT IDENTIFIER ::= {ellipticCurve 1} */
-#define MBEDTLS_OID_EC_BRAINPOOL_V1 MBEDTLS_OID_TELETRUST "\x03\x03\x02\x08\x01\x01"
-
-/* brainpoolP256r1 OBJECT IDENTIFIER ::= {versionOne 7} */
-#define MBEDTLS_OID_EC_GRP_BP256R1 MBEDTLS_OID_EC_BRAINPOOL_V1 "\x07"
-
-/* brainpoolP384r1 OBJECT IDENTIFIER ::= {versionOne 11} */
-#define MBEDTLS_OID_EC_GRP_BP384R1 MBEDTLS_OID_EC_BRAINPOOL_V1 "\x0B"
-
-/* brainpoolP512r1 OBJECT IDENTIFIER ::= {versionOne 13} */
-#define MBEDTLS_OID_EC_GRP_BP512R1 MBEDTLS_OID_EC_BRAINPOOL_V1 "\x0D"
-
-/*
- * SEC1 C.1
- *
- * prime-field OBJECT IDENTIFIER ::= { id-fieldType 1 }
- * id-fieldType OBJECT IDENTIFIER ::= { ansi-X9-62 fieldType(1)}
- */
-#define MBEDTLS_OID_ANSI_X9_62_FIELD_TYPE MBEDTLS_OID_ANSI_X9_62 "\x01"
-#define MBEDTLS_OID_ANSI_X9_62_PRIME_FIELD MBEDTLS_OID_ANSI_X9_62_FIELD_TYPE "\x01"
-
-/*
- * ECDSA signature identifiers, from RFC 5480
- */
-#define MBEDTLS_OID_ANSI_X9_62_SIG MBEDTLS_OID_ANSI_X9_62 "\x04" /* signatures(4) */
-#define MBEDTLS_OID_ANSI_X9_62_SIG_SHA2 MBEDTLS_OID_ANSI_X9_62_SIG "\x03" /* ecdsa-with-SHA2(3) */
-
-/* ecdsa-with-SHA1 OBJECT IDENTIFIER ::= {
- * iso(1) member-body(2) us(840) ansi-X9-62(10045) signatures(4) 1 } */
-#define MBEDTLS_OID_ECDSA_SHA1 MBEDTLS_OID_ANSI_X9_62_SIG "\x01"
-
-/* ecdsa-with-SHA224 OBJECT IDENTIFIER ::= {
- * iso(1) member-body(2) us(840) ansi-X9-62(10045) signatures(4)
- * ecdsa-with-SHA2(3) 1 } */
-#define MBEDTLS_OID_ECDSA_SHA224 MBEDTLS_OID_ANSI_X9_62_SIG_SHA2 "\x01"
-
-/* ecdsa-with-SHA256 OBJECT IDENTIFIER ::= {
- * iso(1) member-body(2) us(840) ansi-X9-62(10045) signatures(4)
- * ecdsa-with-SHA2(3) 2 } */
-#define MBEDTLS_OID_ECDSA_SHA256 MBEDTLS_OID_ANSI_X9_62_SIG_SHA2 "\x02"
-
-/* ecdsa-with-SHA384 OBJECT IDENTIFIER ::= {
- * iso(1) member-body(2) us(840) ansi-X9-62(10045) signatures(4)
- * ecdsa-with-SHA2(3) 3 } */
-#define MBEDTLS_OID_ECDSA_SHA384 MBEDTLS_OID_ANSI_X9_62_SIG_SHA2 "\x03"
-
-/* ecdsa-with-SHA512 OBJECT IDENTIFIER ::= {
- * iso(1) member-body(2) us(840) ansi-X9-62(10045) signatures(4)
- * ecdsa-with-SHA2(3) 4 } */
-#define MBEDTLS_OID_ECDSA_SHA512 MBEDTLS_OID_ANSI_X9_62_SIG_SHA2 "\x04"
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/**
- * \brief Base OID descriptor structure
- */
-typedef struct {
- const char *asn1; /*!< OID ASN.1 representation */
- size_t asn1_len; /*!< length of asn1 */
- const char *name; /*!< official name (e.g. from RFC) */
- const char *description; /*!< human friendly description */
-} mbedtls_oid_descriptor_t;
-
-/**
- * \brief Translate an ASN.1 OID into its numeric representation
- * (e.g. "\x2A\x86\x48\x86\xF7\x0D" into "1.2.840.113549")
- *
- * \param buf buffer to put representation in
- * \param size size of the buffer
- * \param oid OID to translate
- *
- * \return Length of the string written (excluding final NULL) or
- * MBEDTLS_ERR_OID_BUF_TOO_SMALL in case of error
- */
-int mbedtls_oid_get_numeric_string( char *buf, size_t size, const mbedtls_asn1_buf *oid );
-
-#if defined(MBEDTLS_X509_USE_C) || defined(MBEDTLS_X509_CREATE_C)
-/**
- * \brief Translate an X.509 extension OID into local values
- *
- * \param oid OID to use
- * \param ext_type place to store the extension type
- *
- * \return 0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND
- */
-int mbedtls_oid_get_x509_ext_type( const mbedtls_asn1_buf *oid, int *ext_type );
-#endif
-
-/**
- * \brief Translate an X.509 attribute type OID into the short name
- * (e.g. the OID for an X520 Common Name into "CN")
- *
- * \param oid OID to use
- * \param short_name place to store the string pointer
- *
- * \return 0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND
- */
-int mbedtls_oid_get_attr_short_name( const mbedtls_asn1_buf *oid, const char **short_name );
-
-/**
- * \brief Translate PublicKeyAlgorithm OID into pk_type
- *
- * \param oid OID to use
- * \param pk_alg place to store public key algorithm
- *
- * \return 0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND
- */
-int mbedtls_oid_get_pk_alg( const mbedtls_asn1_buf *oid, mbedtls_pk_type_t *pk_alg );
-
-/**
- * \brief Translate pk_type into PublicKeyAlgorithm OID
- *
- * \param pk_alg Public key type to look for
- * \param oid place to store ASN.1 OID string pointer
- * \param olen length of the OID
- *
- * \return 0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND
- */
-int mbedtls_oid_get_oid_by_pk_alg( mbedtls_pk_type_t pk_alg,
- const char **oid, size_t *olen );
-
-#if defined(MBEDTLS_ECP_C)
-/**
- * \brief Translate NamedCurve OID into an EC group identifier
- *
- * \param oid OID to use
- * \param grp_id place to store group id
- *
- * \return 0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND
- */
-int mbedtls_oid_get_ec_grp( const mbedtls_asn1_buf *oid, mbedtls_ecp_group_id *grp_id );
-
-/**
- * \brief Translate EC group identifier into NamedCurve OID
- *
- * \param grp_id EC group identifier
- * \param oid place to store ASN.1 OID string pointer
- * \param olen length of the OID
- *
- * \return 0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND
- */
-int mbedtls_oid_get_oid_by_ec_grp( mbedtls_ecp_group_id grp_id,
- const char **oid, size_t *olen );
-#endif /* MBEDTLS_ECP_C */
-
-#if defined(MBEDTLS_MD_C)
-/**
- * \brief Translate SignatureAlgorithm OID into md_type and pk_type
- *
- * \param oid OID to use
- * \param md_alg place to store message digest algorithm
- * \param pk_alg place to store public key algorithm
- *
- * \return 0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND
- */
-int mbedtls_oid_get_sig_alg( const mbedtls_asn1_buf *oid,
- mbedtls_md_type_t *md_alg, mbedtls_pk_type_t *pk_alg );
-
-/**
- * \brief Translate SignatureAlgorithm OID into description
- *
- * \param oid OID to use
- * \param desc place to store string pointer
- *
- * \return 0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND
- */
-int mbedtls_oid_get_sig_alg_desc( const mbedtls_asn1_buf *oid, const char **desc );
-
-/**
- * \brief Translate md_type and pk_type into SignatureAlgorithm OID
- *
- * \param md_alg message digest algorithm
- * \param pk_alg public key algorithm
- * \param oid place to store ASN.1 OID string pointer
- * \param olen length of the OID
- *
- * \return 0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND
- */
-int mbedtls_oid_get_oid_by_sig_alg( mbedtls_pk_type_t pk_alg, mbedtls_md_type_t md_alg,
- const char **oid, size_t *olen );
-
-/**
- * \brief Translate hash algorithm OID into md_type
- *
- * \param oid OID to use
- * \param md_alg place to store message digest algorithm
- *
- * \return 0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND
- */
-int mbedtls_oid_get_md_alg( const mbedtls_asn1_buf *oid, mbedtls_md_type_t *md_alg );
-#endif /* MBEDTLS_MD_C */
-
-/**
- * \brief Translate Extended Key Usage OID into description
- *
- * \param oid OID to use
- * \param desc place to store string pointer
- *
- * \return 0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND
- */
-int mbedtls_oid_get_extended_key_usage( const mbedtls_asn1_buf *oid, const char **desc );
-
-/**
- * \brief Translate md_type into hash algorithm OID
- *
- * \param md_alg message digest algorithm
- * \param oid place to store ASN.1 OID string pointer
- * \param olen length of the OID
- *
- * \return 0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND
- */
-int mbedtls_oid_get_oid_by_md( mbedtls_md_type_t md_alg, const char **oid, size_t *olen );
-
-#if defined(MBEDTLS_CIPHER_C)
-/**
- * \brief Translate encryption algorithm OID into cipher_type
- *
- * \param oid OID to use
- * \param cipher_alg place to store cipher algorithm
- *
- * \return 0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND
- */
-int mbedtls_oid_get_cipher_alg( const mbedtls_asn1_buf *oid, mbedtls_cipher_type_t *cipher_alg );
-#endif /* MBEDTLS_CIPHER_C */
-
-#if defined(MBEDTLS_PKCS12_C)
-/**
- * \brief Translate PKCS#12 PBE algorithm OID into md_type and
- * cipher_type
- *
- * \param oid OID to use
- * \param md_alg place to store message digest algorithm
- * \param cipher_alg place to store cipher algorithm
- *
- * \return 0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND
- */
-int mbedtls_oid_get_pkcs12_pbe_alg( const mbedtls_asn1_buf *oid, mbedtls_md_type_t *md_alg,
- mbedtls_cipher_type_t *cipher_alg );
-#endif /* MBEDTLS_PKCS12_C */
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* oid.h */
diff --git a/backport/compat/verification/mbedtls/pk.h b/backport/compat/verification/mbedtls/pk.h
deleted file mode 100644
index 9aac7e2a..00000000
--- a/backport/compat/verification/mbedtls/pk.h
+++ /dev/null
@@ -1,618 +0,0 @@
-/**
- * \file pk.h
- *
- * \brief Public Key abstraction layer
- *
- * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
- * SPDX-License-Identifier: GPL-2.0
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License along
- * with this program; if not, write to the Free Software Foundation, Inc.,
- * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
- *
- * This file is part of mbed TLS (https://tls.mbed.org)
- */
-
-#ifndef MBEDTLS_PK_H
-#define MBEDTLS_PK_H
-
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
-
-#include "md.h"
-
-#if defined(MBEDTLS_RSA_C)
-#include "rsa.h"
-#endif
-
-#if defined(MBEDTLS_ECP_C)
-#include "ecp.h"
-#endif
-
-#if defined(MBEDTLS_ECDSA_C)
-#include "ecdsa.h"
-#endif
-
-#if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && \
- !defined(inline) && !defined(__cplusplus)
-#define inline __inline
-#endif
-
-#define MBEDTLS_ERR_PK_ALLOC_FAILED -0x3F80 /**< Memory allocation failed. */
-#define MBEDTLS_ERR_PK_TYPE_MISMATCH -0x3F00 /**< Type mismatch, eg attempt to encrypt with an ECDSA key */
-#define MBEDTLS_ERR_PK_BAD_INPUT_DATA -0x3E80 /**< Bad input parameters to function. */
-#define MBEDTLS_ERR_PK_FILE_IO_ERROR -0x3E00 /**< Read/write of file failed. */
-#define MBEDTLS_ERR_PK_KEY_INVALID_VERSION -0x3D80 /**< Unsupported key version */
-#define MBEDTLS_ERR_PK_KEY_INVALID_FORMAT -0x3D00 /**< Invalid key tag or value. */
-#define MBEDTLS_ERR_PK_UNKNOWN_PK_ALG -0x3C80 /**< Key algorithm is unsupported (only RSA and EC are supported). */
-#define MBEDTLS_ERR_PK_PASSWORD_REQUIRED -0x3C00 /**< Private key password can't be empty. */
-#define MBEDTLS_ERR_PK_PASSWORD_MISMATCH -0x3B80 /**< Given private key password does not allow for correct decryption. */
-#define MBEDTLS_ERR_PK_INVALID_PUBKEY -0x3B00 /**< The pubkey tag or value is invalid (only RSA and EC are supported). */
-#define MBEDTLS_ERR_PK_INVALID_ALG -0x3A80 /**< The algorithm tag or value is invalid. */
-#define MBEDTLS_ERR_PK_UNKNOWN_NAMED_CURVE -0x3A00 /**< Elliptic curve is unsupported (only NIST curves are supported). */
-#define MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE -0x3980 /**< Unavailable feature, e.g. RSA disabled for RSA key. */
-#define MBEDTLS_ERR_PK_SIG_LEN_MISMATCH -0x3900 /**< The signature is valid but its length is less than expected. */
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/**
- * \brief Public key types
- */
-typedef enum {
- MBEDTLS_PK_NONE=0,
- MBEDTLS_PK_RSA,
- MBEDTLS_PK_ECKEY,
- MBEDTLS_PK_ECKEY_DH,
- MBEDTLS_PK_ECDSA,
- MBEDTLS_PK_RSA_ALT,
- MBEDTLS_PK_RSASSA_PSS,
-} mbedtls_pk_type_t;
-
-/**
- * \brief Options for RSASSA-PSS signature verification.
- * See \c mbedtls_rsa_rsassa_pss_verify_ext()
- */
-typedef struct
-{
- mbedtls_md_type_t mgf1_hash_id;
- int expected_salt_len;
-
-} mbedtls_pk_rsassa_pss_options;
-
-/**
- * \brief Types for interfacing with the debug module
- */
-typedef enum
-{
- MBEDTLS_PK_DEBUG_NONE = 0,
- MBEDTLS_PK_DEBUG_MPI,
- MBEDTLS_PK_DEBUG_ECP,
-} mbedtls_pk_debug_type;
-
-/**
- * \brief Item to send to the debug module
- */
-typedef struct
-{
- mbedtls_pk_debug_type type;
- const char *name;
- void *value;
-} mbedtls_pk_debug_item;
-
-/** Maximum number of item send for debugging, plus 1 */
-#define MBEDTLS_PK_DEBUG_MAX_ITEMS 3
-
-/**
- * \brief Public key information and operations
- */
-typedef struct mbedtls_pk_info_t mbedtls_pk_info_t;
-
-/**
- * \brief Public key container
- */
-typedef struct
-{
- const mbedtls_pk_info_t * pk_info; /**< Public key informations */
- void * pk_ctx; /**< Underlying public key context */
-} mbedtls_pk_context;
-
-#if defined(MBEDTLS_RSA_C)
-/**
- * Quick access to an RSA context inside a PK context.
- *
- * \warning You must make sure the PK context actually holds an RSA context
- * before using this function!
- */
-static inline mbedtls_rsa_context *mbedtls_pk_rsa( const mbedtls_pk_context pk )
-{
- return( (mbedtls_rsa_context *) (pk).pk_ctx );
-}
-#endif /* MBEDTLS_RSA_C */
-
-#if defined(MBEDTLS_ECP_C)
-/**
- * Quick access to an EC context inside a PK context.
- *
- * \warning You must make sure the PK context actually holds an EC context
- * before using this function!
- */
-static inline mbedtls_ecp_keypair *mbedtls_pk_ec( const mbedtls_pk_context pk )
-{
- return( (mbedtls_ecp_keypair *) (pk).pk_ctx );
-}
-#endif /* MBEDTLS_ECP_C */
-
-#if defined(MBEDTLS_PK_RSA_ALT_SUPPORT)
-/**
- * \brief Types for RSA-alt abstraction
- */
-typedef int (*mbedtls_pk_rsa_alt_decrypt_func)( void *ctx, int mode, size_t *olen,
- const unsigned char *input, unsigned char *output,
- size_t output_max_len );
-typedef int (*mbedtls_pk_rsa_alt_sign_func)( void *ctx,
- int (*f_rng)(void *, unsigned char *, size_t), void *p_rng,
- int mode, mbedtls_md_type_t md_alg, unsigned int hashlen,
- const unsigned char *hash, unsigned char *sig );
-typedef size_t (*mbedtls_pk_rsa_alt_key_len_func)( void *ctx );
-#endif /* MBEDTLS_PK_RSA_ALT_SUPPORT */
-
-/**
- * \brief Return information associated with the given PK type
- *
- * \param pk_type PK type to search for.
- *
- * \return The PK info associated with the type or NULL if not found.
- */
-const mbedtls_pk_info_t *mbedtls_pk_info_from_type( mbedtls_pk_type_t pk_type );
-
-/**
- * \brief Initialize a mbedtls_pk_context (as NONE)
- */
-void mbedtls_pk_init( mbedtls_pk_context *ctx );
-
-/**
- * \brief Free a mbedtls_pk_context
- */
-void mbedtls_pk_free( mbedtls_pk_context *ctx );
-
-/**
- * \brief Initialize a PK context with the information given
- * and allocates the type-specific PK subcontext.
- *
- * \param ctx Context to initialize. Must be empty (type NONE).
- * \param info Information to use
- *
- * \return 0 on success,
- * MBEDTLS_ERR_PK_BAD_INPUT_DATA on invalid input,
- * MBEDTLS_ERR_PK_ALLOC_FAILED on allocation failure.
- *
- * \note For contexts holding an RSA-alt key, use
- * \c mbedtls_pk_setup_rsa_alt() instead.
- */
-int mbedtls_pk_setup( mbedtls_pk_context *ctx, const mbedtls_pk_info_t *info );
-
-#if defined(MBEDTLS_PK_RSA_ALT_SUPPORT)
-/**
- * \brief Initialize an RSA-alt context
- *
- * \param ctx Context to initialize. Must be empty (type NONE).
- * \param key RSA key pointer
- * \param decrypt_func Decryption function
- * \param sign_func Signing function
- * \param key_len_func Function returning key length in bytes
- *
- * \return 0 on success, or MBEDTLS_ERR_PK_BAD_INPUT_DATA if the
- * context wasn't already initialized as RSA_ALT.
- *
- * \note This function replaces \c mbedtls_pk_setup() for RSA-alt.
- */
-int mbedtls_pk_setup_rsa_alt( mbedtls_pk_context *ctx, void * key,
- mbedtls_pk_rsa_alt_decrypt_func decrypt_func,
- mbedtls_pk_rsa_alt_sign_func sign_func,
- mbedtls_pk_rsa_alt_key_len_func key_len_func );
-#endif /* MBEDTLS_PK_RSA_ALT_SUPPORT */
-
-/**
- * \brief Get the size in bits of the underlying key
- *
- * \param ctx Context to use
- *
- * \return Key size in bits, or 0 on error
- */
-size_t mbedtls_pk_get_bitlen( const mbedtls_pk_context *ctx );
-
-/**
- * \brief Get the length in bytes of the underlying key
- * \param ctx Context to use
- *
- * \return Key length in bytes, or 0 on error
- */
-static inline size_t mbedtls_pk_get_len( const mbedtls_pk_context *ctx )
-{
- return( ( mbedtls_pk_get_bitlen( ctx ) + 7 ) / 8 );
-}
-
-/**
- * \brief Tell if a context can do the operation given by type
- *
- * \param ctx Context to test
- * \param type Target type
- *
- * \return 0 if context can't do the operations,
- * 1 otherwise.
- */
-int mbedtls_pk_can_do( const mbedtls_pk_context *ctx, mbedtls_pk_type_t type );
-
-/**
- * \brief Verify signature (including padding if relevant).
- *
- * \param ctx PK context to use
- * \param md_alg Hash algorithm used (see notes)
- * \param hash Hash of the message to sign
- * \param hash_len Hash length or 0 (see notes)
- * \param sig Signature to verify
- * \param sig_len Signature length
- *
- * \return 0 on success (signature is valid),
- * MBEDTLS_ERR_PK_SIG_LEN_MISMATCH if the signature is
- * valid but its actual length is less than sig_len,
- * or a specific error code.
- *
- * \note For RSA keys, the default padding type is PKCS#1 v1.5.
- * Use \c mbedtls_pk_verify_ext( MBEDTLS_PK_RSASSA_PSS, ... )
- * to verify RSASSA_PSS signatures.
- *
- * \note If hash_len is 0, then the length associated with md_alg
- * is used instead, or an error returned if it is invalid.
- *
- * \note md_alg may be MBEDTLS_MD_NONE, only if hash_len != 0
- */
-int mbedtls_pk_verify( mbedtls_pk_context *ctx, mbedtls_md_type_t md_alg,
- const unsigned char *hash, size_t hash_len,
- const unsigned char *sig, size_t sig_len );
-
-/**
- * \brief Verify signature, with options.
- * (Includes verification of the padding depending on type.)
- *
- * \param type Signature type (inc. possible padding type) to verify
- * \param options Pointer to type-specific options, or NULL
- * \param ctx PK context to use
- * \param md_alg Hash algorithm used (see notes)
- * \param hash Hash of the message to sign
- * \param hash_len Hash length or 0 (see notes)
- * \param sig Signature to verify
- * \param sig_len Signature length
- *
- * \return 0 on success (signature is valid),
- * MBEDTLS_ERR_PK_TYPE_MISMATCH if the PK context can't be
- * used for this type of signatures,
- * MBEDTLS_ERR_PK_SIG_LEN_MISMATCH if the signature is
- * valid but its actual length is less than sig_len,
- * or a specific error code.
- *
- * \note If hash_len is 0, then the length associated with md_alg
- * is used instead, or an error returned if it is invalid.
- *
- * \note md_alg may be MBEDTLS_MD_NONE, only if hash_len != 0
- *
- * \note If type is MBEDTLS_PK_RSASSA_PSS, then options must point
- * to a mbedtls_pk_rsassa_pss_options structure,
- * otherwise it must be NULL.
- */
-int mbedtls_pk_verify_ext( mbedtls_pk_type_t type, const void *options,
- mbedtls_pk_context *ctx, mbedtls_md_type_t md_alg,
- const unsigned char *hash, size_t hash_len,
- const unsigned char *sig, size_t sig_len );
-
-/**
- * \brief Make signature, including padding if relevant.
- *
- * \param ctx PK context to use - must hold a private key
- * \param md_alg Hash algorithm used (see notes)
- * \param hash Hash of the message to sign
- * \param hash_len Hash length or 0 (see notes)
- * \param sig Place to write the signature
- * \param sig_len Number of bytes written
- * \param f_rng RNG function
- * \param p_rng RNG parameter
- *
- * \return 0 on success, or a specific error code.
- *
- * \note For RSA keys, the default padding type is PKCS#1 v1.5.
- * There is no interface in the PK module to make RSASSA-PSS
- * signatures yet.
- *
- * \note If hash_len is 0, then the length associated with md_alg
- * is used instead, or an error returned if it is invalid.
- *
- * \note For RSA, md_alg may be MBEDTLS_MD_NONE if hash_len != 0.
- * For ECDSA, md_alg may never be MBEDTLS_MD_NONE.
- */
-int mbedtls_pk_sign( mbedtls_pk_context *ctx, mbedtls_md_type_t md_alg,
- const unsigned char *hash, size_t hash_len,
- unsigned char *sig, size_t *sig_len,
- int (*f_rng)(void *, unsigned char *, size_t), void *p_rng );
-
-/**
- * \brief Decrypt message (including padding if relevant).
- *
- * \param ctx PK context to use - must hold a private key
- * \param input Input to decrypt
- * \param ilen Input size
- * \param output Decrypted output
- * \param olen Decrypted message length
- * \param osize Size of the output buffer
- * \param f_rng RNG function
- * \param p_rng RNG parameter
- *
- * \note For RSA keys, the default padding type is PKCS#1 v1.5.
- *
- * \return 0 on success, or a specific error code.
- */
-int mbedtls_pk_decrypt( mbedtls_pk_context *ctx,
- const unsigned char *input, size_t ilen,
- unsigned char *output, size_t *olen, size_t osize,
- int (*f_rng)(void *, unsigned char *, size_t), void *p_rng );
-
-/**
- * \brief Encrypt message (including padding if relevant).
- *
- * \param ctx PK context to use
- * \param input Message to encrypt
- * \param ilen Message size
- * \param output Encrypted output
- * \param olen Encrypted output length
- * \param osize Size of the output buffer
- * \param f_rng RNG function
- * \param p_rng RNG parameter
- *
- * \note For RSA keys, the default padding type is PKCS#1 v1.5.
- *
- * \return 0 on success, or a specific error code.
- */
-int mbedtls_pk_encrypt( mbedtls_pk_context *ctx,
- const unsigned char *input, size_t ilen,
- unsigned char *output, size_t *olen, size_t osize,
- int (*f_rng)(void *, unsigned char *, size_t), void *p_rng );
-
-/**
- * \brief Check if a public-private pair of keys matches.
- *
- * \param pub Context holding a public key.
- * \param prv Context holding a private (and public) key.
- *
- * \return 0 on success or MBEDTLS_ERR_PK_BAD_INPUT_DATA
- */
-int mbedtls_pk_check_pair( const mbedtls_pk_context *pub, const mbedtls_pk_context *prv );
-
-/**
- * \brief Export debug information
- *
- * \param ctx Context to use
- * \param items Place to write debug items
- *
- * \return 0 on success or MBEDTLS_ERR_PK_BAD_INPUT_DATA
- */
-int mbedtls_pk_debug( const mbedtls_pk_context *ctx, mbedtls_pk_debug_item *items );
-
-/**
- * \brief Access the type name
- *
- * \param ctx Context to use
- *
- * \return Type name on success, or "invalid PK"
- */
-const char * mbedtls_pk_get_name( const mbedtls_pk_context *ctx );
-
-/**
- * \brief Get the key type
- *
- * \param ctx Context to use
- *
- * \return Type on success, or MBEDTLS_PK_NONE
- */
-mbedtls_pk_type_t mbedtls_pk_get_type( const mbedtls_pk_context *ctx );
-
-#if defined(MBEDTLS_PK_PARSE_C)
-/** \ingroup pk_module */
-/**
- * \brief Parse a private key in PEM or DER format
- *
- * \param ctx key to be initialized
- * \param key input buffer
- * \param keylen size of the buffer
- * (including the terminating null byte for PEM data)
- * \param pwd password for decryption (optional)
- * \param pwdlen size of the password
- *
- * \note On entry, ctx must be empty, either freshly initialised
- * with mbedtls_pk_init() or reset with mbedtls_pk_free(). If you need a
- * specific key type, check the result with mbedtls_pk_can_do().
- *
- * \note The key is also checked for correctness.
- *
- * \return 0 if successful, or a specific PK or PEM error code
- */
-int mbedtls_pk_parse_key( mbedtls_pk_context *ctx,
- const unsigned char *key, size_t keylen,
- const unsigned char *pwd, size_t pwdlen );
-
-/** \ingroup pk_module */
-/**
- * \brief Parse a public key in PEM or DER format
- *
- * \param ctx key to be initialized
- * \param key input buffer
- * \param keylen size of the buffer
- * (including the terminating null byte for PEM data)
- *
- * \note On entry, ctx must be empty, either freshly initialised
- * with mbedtls_pk_init() or reset with mbedtls_pk_free(). If you need a
- * specific key type, check the result with mbedtls_pk_can_do().
- *
- * \note The key is also checked for correctness.
- *
- * \return 0 if successful, or a specific PK or PEM error code
- */
-int mbedtls_pk_parse_public_key( mbedtls_pk_context *ctx,
- const unsigned char *key, size_t keylen );
-
-#if defined(MBEDTLS_FS_IO)
-/** \ingroup pk_module */
-/**
- * \brief Load and parse a private key
- *
- * \param ctx key to be initialized
- * \param path filename to read the private key from
- * \param password password to decrypt the file (can be NULL)
- *
- * \note On entry, ctx must be empty, either freshly initialised
- * with mbedtls_pk_init() or reset with mbedtls_pk_free(). If you need a
- * specific key type, check the result with mbedtls_pk_can_do().
- *
- * \note The key is also checked for correctness.
- *
- * \return 0 if successful, or a specific PK or PEM error code
- */
-int mbedtls_pk_parse_keyfile( mbedtls_pk_context *ctx,
- const char *path, const char *password );
-
-/** \ingroup pk_module */
-/**
- * \brief Load and parse a public key
- *
- * \param ctx key to be initialized
- * \param path filename to read the public key from
- *
- * \note On entry, ctx must be empty, either freshly initialised
- * with mbedtls_pk_init() or reset with mbedtls_pk_free(). If
- * you need a specific key type, check the result with
- * mbedtls_pk_can_do().
- *
- * \note The key is also checked for correctness.
- *
- * \return 0 if successful, or a specific PK or PEM error code
- */
-int mbedtls_pk_parse_public_keyfile( mbedtls_pk_context *ctx, const char *path );
-#endif /* MBEDTLS_FS_IO */
-#endif /* MBEDTLS_PK_PARSE_C */
-
-#if defined(MBEDTLS_PK_WRITE_C)
-/**
- * \brief Write a private key to a PKCS#1 or SEC1 DER structure
- * Note: data is written at the end of the buffer! Use the
- * return value to determine where you should start
- * using the buffer
- *
- * \param ctx private to write away
- * \param buf buffer to write to
- * \param size size of the buffer
- *
- * \return length of data written if successful, or a specific
- * error code
- */
-int mbedtls_pk_write_key_der( mbedtls_pk_context *ctx, unsigned char *buf, size_t size );
-
-/**
- * \brief Write a public key to a SubjectPublicKeyInfo DER structure
- * Note: data is written at the end of the buffer! Use the
- * return value to determine where you should start
- * using the buffer
- *
- * \param ctx public key to write away
- * \param buf buffer to write to
- * \param size size of the buffer
- *
- * \return length of data written if successful, or a specific
- * error code
- */
-int mbedtls_pk_write_pubkey_der( mbedtls_pk_context *ctx, unsigned char *buf, size_t size );
-
-#if defined(MBEDTLS_PEM_WRITE_C)
-/**
- * \brief Write a public key to a PEM string
- *
- * \param ctx public key to write away
- * \param buf buffer to write to
- * \param size size of the buffer
- *
- * \return 0 if successful, or a specific error code
- */
-int mbedtls_pk_write_pubkey_pem( mbedtls_pk_context *ctx, unsigned char *buf, size_t size );
-
-/**
- * \brief Write a private key to a PKCS#1 or SEC1 PEM string
- *
- * \param ctx private to write away
- * \param buf buffer to write to
- * \param size size of the buffer
- *
- * \return 0 if successful, or a specific error code
- */
-int mbedtls_pk_write_key_pem( mbedtls_pk_context *ctx, unsigned char *buf, size_t size );
-#endif /* MBEDTLS_PEM_WRITE_C */
-#endif /* MBEDTLS_PK_WRITE_C */
-
-/*
- * WARNING: Low-level functions. You probably do not want to use these unless
- * you are certain you do ;)
- */
-
-#if defined(MBEDTLS_PK_PARSE_C)
-/**
- * \brief Parse a SubjectPublicKeyInfo DER structure
- *
- * \param p the position in the ASN.1 data
- * \param end end of the buffer
- * \param pk the key to fill
- *
- * \return 0 if successful, or a specific PK error code
- */
-int mbedtls_pk_parse_subpubkey( unsigned char **p, const unsigned char *end,
- mbedtls_pk_context *pk );
-#endif /* MBEDTLS_PK_PARSE_C */
-
-#if defined(MBEDTLS_PK_WRITE_C)
-/**
- * \brief Write a subjectPublicKey to ASN.1 data
- * Note: function works backwards in data buffer
- *
- * \param p reference to current position pointer
- * \param start start of the buffer (for bounds-checking)
- * \param key public key to write away
- *
- * \return the length written or a negative error code
- */
-int mbedtls_pk_write_pubkey( unsigned char **p, unsigned char *start,
- const mbedtls_pk_context *key );
-#endif /* MBEDTLS_PK_WRITE_C */
-
-/*
- * Internal module functions. You probably do not want to use these unless you
- * know you do.
- */
-#if defined(MBEDTLS_FS_IO)
-int mbedtls_pk_load_file( const char *path, unsigned char **buf, size_t *n );
-#endif
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* MBEDTLS_PK_H */
diff --git a/backport/compat/verification/mbedtls/platform.h b/backport/compat/verification/mbedtls/platform.h
deleted file mode 100644
index cf5fa56f..00000000
--- a/backport/compat/verification/mbedtls/platform.h
+++ /dev/null
@@ -1,12 +0,0 @@
-#ifndef __MBEDTLS_PLATFORM_H
-#define __MBEDTLS_PLATFORM_H
-#include <linux/kernel.h>
-#include <linux/slab.h>
-#include <linux/string.h>
-
-#define mbedtls_printf pr_debug
-#define mbedtls_calloc(a, b) kcalloc(a, b, GFP_KERNEL)
-#define mbedtls_free kfree
-#define mbedtls_snprintf snprintf
-
-#endif /* __MBEDTLS_PLATFORM_H */
diff --git a/backport/compat/verification/mbedtls/rsa.h b/backport/compat/verification/mbedtls/rsa.h
deleted file mode 100644
index 9683520c..00000000
--- a/backport/compat/verification/mbedtls/rsa.h
+++ /dev/null
@@ -1,672 +0,0 @@
-/**
- * \file rsa.h
- *
- * \brief The RSA public-key cryptosystem
- *
- * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
- * SPDX-License-Identifier: GPL-2.0
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License along
- * with this program; if not, write to the Free Software Foundation, Inc.,
- * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
- *
- * This file is part of mbed TLS (https://tls.mbed.org)
- */
-#ifndef MBEDTLS_RSA_H
-#define MBEDTLS_RSA_H
-
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
-
-#include "bignum.h"
-#include "md.h"
-
-#if defined(MBEDTLS_THREADING_C)
-#include "threading.h"
-#endif
-
-/*
- * RSA Error codes
- */
-#define MBEDTLS_ERR_RSA_BAD_INPUT_DATA -0x4080 /**< Bad input parameters to function. */
-#define MBEDTLS_ERR_RSA_INVALID_PADDING -0x4100 /**< Input data contains invalid padding and is rejected. */
-#define MBEDTLS_ERR_RSA_KEY_GEN_FAILED -0x4180 /**< Something failed during generation of a key. */
-#define MBEDTLS_ERR_RSA_KEY_CHECK_FAILED -0x4200 /**< Key failed to pass the library's validity check. */
-#define MBEDTLS_ERR_RSA_PUBLIC_FAILED -0x4280 /**< The public key operation failed. */
-#define MBEDTLS_ERR_RSA_PRIVATE_FAILED -0x4300 /**< The private key operation failed. */
-#define MBEDTLS_ERR_RSA_VERIFY_FAILED -0x4380 /**< The PKCS#1 verification failed. */
-#define MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE -0x4400 /**< The output buffer for decryption is not large enough. */
-#define MBEDTLS_ERR_RSA_RNG_FAILED -0x4480 /**< The random generator failed to generate non-zeros. */
-
-/*
- * RSA constants
- */
-#define MBEDTLS_RSA_PUBLIC 0
-#define MBEDTLS_RSA_PRIVATE 1
-
-#define MBEDTLS_RSA_PKCS_V15 0
-#define MBEDTLS_RSA_PKCS_V21 1
-
-#define MBEDTLS_RSA_SIGN 1
-#define MBEDTLS_RSA_CRYPT 2
-
-#define MBEDTLS_RSA_SALT_LEN_ANY -1
-
-/*
- * The above constants may be used even if the RSA module is compile out,
- * eg for alternative (PKCS#11) RSA implemenations in the PK layers.
- */
-#if defined(MBEDTLS_RSA_C)
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/**
- * \brief RSA context structure
- */
-typedef struct
-{
- int ver; /*!< always 0 */
- size_t len; /*!< size(N) in chars */
-
- mbedtls_mpi N; /*!< public modulus */
- mbedtls_mpi E; /*!< public exponent */
-
- mbedtls_mpi D; /*!< private exponent */
- mbedtls_mpi P; /*!< 1st prime factor */
- mbedtls_mpi Q; /*!< 2nd prime factor */
- mbedtls_mpi DP; /*!< D % (P - 1) */
- mbedtls_mpi DQ; /*!< D % (Q - 1) */
- mbedtls_mpi QP; /*!< 1 / (Q % P) */
-
- mbedtls_mpi RN; /*!< cached R^2 mod N */
- mbedtls_mpi RP; /*!< cached R^2 mod P */
- mbedtls_mpi RQ; /*!< cached R^2 mod Q */
-
- mbedtls_mpi Vi; /*!< cached blinding value */
- mbedtls_mpi Vf; /*!< cached un-blinding value */
-
- int padding; /*!< MBEDTLS_RSA_PKCS_V15 for 1.5 padding and
- MBEDTLS_RSA_PKCS_v21 for OAEP/PSS */
- int hash_id; /*!< Hash identifier of mbedtls_md_type_t as
- specified in the mbedtls_md.h header file
- for the EME-OAEP and EMSA-PSS
- encoding */
-#if defined(MBEDTLS_THREADING_C)
- mbedtls_threading_mutex_t mutex; /*!< Thread-safety mutex */
-#endif
-}
-mbedtls_rsa_context;
-
-/**
- * \brief Initialize an RSA context
- *
- * Note: Set padding to MBEDTLS_RSA_PKCS_V21 for the RSAES-OAEP
- * encryption scheme and the RSASSA-PSS signature scheme.
- *
- * \param ctx RSA context to be initialized
- * \param padding MBEDTLS_RSA_PKCS_V15 or MBEDTLS_RSA_PKCS_V21
- * \param hash_id MBEDTLS_RSA_PKCS_V21 hash identifier
- *
- * \note The hash_id parameter is actually ignored
- * when using MBEDTLS_RSA_PKCS_V15 padding.
- *
- * \note Choice of padding mode is strictly enforced for private key
- * operations, since there might be security concerns in
- * mixing padding modes. For public key operations it's merely
- * a default value, which can be overriden by calling specific
- * rsa_rsaes_xxx or rsa_rsassa_xxx functions.
- *
- * \note The chosen hash is always used for OEAP encryption.
- * For PSS signatures, it's always used for making signatures,
- * but can be overriden (and always is, if set to
- * MBEDTLS_MD_NONE) for verifying them.
- */
-void mbedtls_rsa_init( mbedtls_rsa_context *ctx,
- int padding,
- int hash_id);
-
-/**
- * \brief Set padding for an already initialized RSA context
- * See \c mbedtls_rsa_init() for details.
- *
- * \param ctx RSA context to be set
- * \param padding MBEDTLS_RSA_PKCS_V15 or MBEDTLS_RSA_PKCS_V21
- * \param hash_id MBEDTLS_RSA_PKCS_V21 hash identifier
- */
-void mbedtls_rsa_set_padding( mbedtls_rsa_context *ctx, int padding, int hash_id);
-
-/**
- * \brief Generate an RSA keypair
- *
- * \param ctx RSA context that will hold the key
- * \param f_rng RNG function
- * \param p_rng RNG parameter
- * \param nbits size of the public key in bits
- * \param exponent public exponent (e.g., 65537)
- *
- * \note mbedtls_rsa_init() must be called beforehand to setup
- * the RSA context.
- *
- * \return 0 if successful, or an MBEDTLS_ERR_RSA_XXX error code
- */
-int mbedtls_rsa_gen_key( mbedtls_rsa_context *ctx,
- int (*f_rng)(void *, unsigned char *, size_t),
- void *p_rng,
- unsigned int nbits, int exponent );
-
-/**
- * \brief Check a public RSA key
- *
- * \param ctx RSA context to be checked
- *
- * \return 0 if successful, or an MBEDTLS_ERR_RSA_XXX error code
- */
-int mbedtls_rsa_check_pubkey( const mbedtls_rsa_context *ctx );
-
-/**
- * \brief Check a private RSA key
- *
- * \param ctx RSA context to be checked
- *
- * \return 0 if successful, or an MBEDTLS_ERR_RSA_XXX error code
- */
-int mbedtls_rsa_check_privkey( const mbedtls_rsa_context *ctx );
-
-/**
- * \brief Check a public-private RSA key pair.
- * Check each of the contexts, and make sure they match.
- *
- * \param pub RSA context holding the public key
- * \param prv RSA context holding the private key
- *
- * \return 0 if successful, or an MBEDTLS_ERR_RSA_XXX error code
- */
-int mbedtls_rsa_check_pub_priv( const mbedtls_rsa_context *pub, const mbedtls_rsa_context *prv );
-
-/**
- * \brief Do an RSA public key operation
- *
- * \param ctx RSA context
- * \param input input buffer
- * \param output output buffer
- *
- * \return 0 if successful, or an MBEDTLS_ERR_RSA_XXX error code
- *
- * \note This function does NOT take care of message
- * padding. Also, be sure to set input[0] = 0 or ensure that
- * input is smaller than N.
- *
- * \note The input and output buffers must be large
- * enough (eg. 128 bytes if RSA-1024 is used).
- */
-int mbedtls_rsa_public( mbedtls_rsa_context *ctx,
- const unsigned char *input,
- unsigned char *output );
-
-/**
- * \brief Do an RSA private key operation
- *
- * \param ctx RSA context
- * \param f_rng RNG function (Needed for blinding)
- * \param p_rng RNG parameter
- * \param input input buffer
- * \param output output buffer
- *
- * \return 0 if successful, or an MBEDTLS_ERR_RSA_XXX error code
- *
- * \note The input and output buffers must be large
- * enough (eg. 128 bytes if RSA-1024 is used).
- */
-int mbedtls_rsa_private( mbedtls_rsa_context *ctx,
- int (*f_rng)(void *, unsigned char *, size_t),
- void *p_rng,
- const unsigned char *input,
- unsigned char *output );
-
-/**
- * \brief Generic wrapper to perform a PKCS#1 encryption using the
- * mode from the context. Add the message padding, then do an
- * RSA operation.
- *
- * \param ctx RSA context
- * \param f_rng RNG function (Needed for padding and PKCS#1 v2.1 encoding
- * and MBEDTLS_RSA_PRIVATE)
- * \param p_rng RNG parameter
- * \param mode MBEDTLS_RSA_PUBLIC or MBEDTLS_RSA_PRIVATE
- * \param ilen contains the plaintext length
- * \param input buffer holding the data to be encrypted
- * \param output buffer that will hold the ciphertext
- *
- * \return 0 if successful, or an MBEDTLS_ERR_RSA_XXX error code
- *
- * \note The output buffer must be as large as the size
- * of ctx->N (eg. 128 bytes if RSA-1024 is used).
- */
-int mbedtls_rsa_pkcs1_encrypt( mbedtls_rsa_context *ctx,
- int (*f_rng)(void *, unsigned char *, size_t),
- void *p_rng,
- int mode, size_t ilen,
- const unsigned char *input,
- unsigned char *output );
-
-/**
- * \brief Perform a PKCS#1 v1.5 encryption (RSAES-PKCS1-v1_5-ENCRYPT)
- *
- * \param ctx RSA context
- * \param f_rng RNG function (Needed for padding and MBEDTLS_RSA_PRIVATE)
- * \param p_rng RNG parameter
- * \param mode MBEDTLS_RSA_PUBLIC or MBEDTLS_RSA_PRIVATE
- * \param ilen contains the plaintext length
- * \param input buffer holding the data to be encrypted
- * \param output buffer that will hold the ciphertext
- *
- * \return 0 if successful, or an MBEDTLS_ERR_RSA_XXX error code
- *
- * \note The output buffer must be as large as the size
- * of ctx->N (eg. 128 bytes if RSA-1024 is used).
- */
-int mbedtls_rsa_rsaes_pkcs1_v15_encrypt( mbedtls_rsa_context *ctx,
- int (*f_rng)(void *, unsigned char *, size_t),
- void *p_rng,
- int mode, size_t ilen,
- const unsigned char *input,
- unsigned char *output );
-
-/**
- * \brief Perform a PKCS#1 v2.1 OAEP encryption (RSAES-OAEP-ENCRYPT)
- *
- * \param ctx RSA context
- * \param f_rng RNG function (Needed for padding and PKCS#1 v2.1 encoding
- * and MBEDTLS_RSA_PRIVATE)
- * \param p_rng RNG parameter
- * \param mode MBEDTLS_RSA_PUBLIC or MBEDTLS_RSA_PRIVATE
- * \param label buffer holding the custom label to use
- * \param label_len contains the label length
- * \param ilen contains the plaintext length
- * \param input buffer holding the data to be encrypted
- * \param output buffer that will hold the ciphertext
- *
- * \return 0 if successful, or an MBEDTLS_ERR_RSA_XXX error code
- *
- * \note The output buffer must be as large as the size
- * of ctx->N (eg. 128 bytes if RSA-1024 is used).
- */
-int mbedtls_rsa_rsaes_oaep_encrypt( mbedtls_rsa_context *ctx,
- int (*f_rng)(void *, unsigned char *, size_t),
- void *p_rng,
- int mode,
- const unsigned char *label, size_t label_len,
- size_t ilen,
- const unsigned char *input,
- unsigned char *output );
-
-/**
- * \brief Generic wrapper to perform a PKCS#1 decryption using the
- * mode from the context. Do an RSA operation, then remove
- * the message padding
- *
- * \param ctx RSA context
- * \param f_rng RNG function (Only needed for MBEDTLS_RSA_PRIVATE)
- * \param p_rng RNG parameter
- * \param mode MBEDTLS_RSA_PUBLIC or MBEDTLS_RSA_PRIVATE
- * \param olen will contain the plaintext length
- * \param input buffer holding the encrypted data
- * \param output buffer that will hold the plaintext
- * \param output_max_len maximum length of the output buffer
- *
- * \return 0 if successful, or an MBEDTLS_ERR_RSA_XXX error code
- *
- * \note The output buffer length \c output_max_len should be
- * as large as the size ctx->len of ctx->N (eg. 128 bytes
- * if RSA-1024 is used) to be able to hold an arbitrary
- * decrypted message. If it is not large enough to hold
- * the decryption of the particular ciphertext provided,
- * the function will return MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE.
- *
- * \note The input buffer must be as large as the size
- * of ctx->N (eg. 128 bytes if RSA-1024 is used).
- */
-int mbedtls_rsa_pkcs1_decrypt( mbedtls_rsa_context *ctx,
- int (*f_rng)(void *, unsigned char *, size_t),
- void *p_rng,
- int mode, size_t *olen,
- const unsigned char *input,
- unsigned char *output,
- size_t output_max_len );
-
-/**
- * \brief Perform a PKCS#1 v1.5 decryption (RSAES-PKCS1-v1_5-DECRYPT)
- *
- * \param ctx RSA context
- * \param f_rng RNG function (Only needed for MBEDTLS_RSA_PRIVATE)
- * \param p_rng RNG parameter
- * \param mode MBEDTLS_RSA_PUBLIC or MBEDTLS_RSA_PRIVATE
- * \param olen will contain the plaintext length
- * \param input buffer holding the encrypted data
- * \param output buffer that will hold the plaintext
- * \param output_max_len maximum length of the output buffer
- *
- * \return 0 if successful, or an MBEDTLS_ERR_RSA_XXX error code
- *
- * \note The output buffer length \c output_max_len should be
- * as large as the size ctx->len of ctx->N (eg. 128 bytes
- * if RSA-1024 is used) to be able to hold an arbitrary
- * decrypted message. If it is not large enough to hold
- * the decryption of the particular ciphertext provided,
- * the function will return MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE.
- *
- * \note The input buffer must be as large as the size
- * of ctx->N (eg. 128 bytes if RSA-1024 is used).
- */
-int mbedtls_rsa_rsaes_pkcs1_v15_decrypt( mbedtls_rsa_context *ctx,
- int (*f_rng)(void *, unsigned char *, size_t),
- void *p_rng,
- int mode, size_t *olen,
- const unsigned char *input,
- unsigned char *output,
- size_t output_max_len );
-
-/**
- * \brief Perform a PKCS#1 v2.1 OAEP decryption (RSAES-OAEP-DECRYPT)
- *
- * \param ctx RSA context
- * \param f_rng RNG function (Only needed for MBEDTLS_RSA_PRIVATE)
- * \param p_rng RNG parameter
- * \param mode MBEDTLS_RSA_PUBLIC or MBEDTLS_RSA_PRIVATE
- * \param label buffer holding the custom label to use
- * \param label_len contains the label length
- * \param olen will contain the plaintext length
- * \param input buffer holding the encrypted data
- * \param output buffer that will hold the plaintext
- * \param output_max_len maximum length of the output buffer
- *
- * \return 0 if successful, or an MBEDTLS_ERR_RSA_XXX error code
- *
- * \note The output buffer length \c output_max_len should be
- * as large as the size ctx->len of ctx->N (eg. 128 bytes
- * if RSA-1024 is used) to be able to hold an arbitrary
- * decrypted message. If it is not large enough to hold
- * the decryption of the particular ciphertext provided,
- * the function will return MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE.
- *
- * \note The input buffer must be as large as the size
- * of ctx->N (eg. 128 bytes if RSA-1024 is used).
- */
-int mbedtls_rsa_rsaes_oaep_decrypt( mbedtls_rsa_context *ctx,
- int (*f_rng)(void *, unsigned char *, size_t),
- void *p_rng,
- int mode,
- const unsigned char *label, size_t label_len,
- size_t *olen,
- const unsigned char *input,
- unsigned char *output,
- size_t output_max_len );
-
-/**
- * \brief Generic wrapper to perform a PKCS#1 signature using the
- * mode from the context. Do a private RSA operation to sign
- * a message digest
- *
- * \param ctx RSA context
- * \param f_rng RNG function (Needed for PKCS#1 v2.1 encoding and for
- * MBEDTLS_RSA_PRIVATE)
- * \param p_rng RNG parameter
- * \param mode MBEDTLS_RSA_PUBLIC or MBEDTLS_RSA_PRIVATE
- * \param md_alg a MBEDTLS_MD_XXX (use MBEDTLS_MD_NONE for signing raw data)
- * \param hashlen message digest length (for MBEDTLS_MD_NONE only)
- * \param hash buffer holding the message digest
- * \param sig buffer that will hold the ciphertext
- *
- * \return 0 if the signing operation was successful,
- * or an MBEDTLS_ERR_RSA_XXX error code
- *
- * \note The "sig" buffer must be as large as the size
- * of ctx->N (eg. 128 bytes if RSA-1024 is used).
- *
- * \note In case of PKCS#1 v2.1 encoding, see comments on
- * \note \c mbedtls_rsa_rsassa_pss_sign() for details on md_alg and hash_id.
- */
-int mbedtls_rsa_pkcs1_sign( mbedtls_rsa_context *ctx,
- int (*f_rng)(void *, unsigned char *, size_t),
- void *p_rng,
- int mode,
- mbedtls_md_type_t md_alg,
- unsigned int hashlen,
- const unsigned char *hash,
- unsigned char *sig );
-
-/**
- * \brief Perform a PKCS#1 v1.5 signature (RSASSA-PKCS1-v1_5-SIGN)
- *
- * \param ctx RSA context
- * \param f_rng RNG function (Only needed for MBEDTLS_RSA_PRIVATE)
- * \param p_rng RNG parameter
- * \param mode MBEDTLS_RSA_PUBLIC or MBEDTLS_RSA_PRIVATE
- * \param md_alg a MBEDTLS_MD_XXX (use MBEDTLS_MD_NONE for signing raw data)
- * \param hashlen message digest length (for MBEDTLS_MD_NONE only)
- * \param hash buffer holding the message digest
- * \param sig buffer that will hold the ciphertext
- *
- * \return 0 if the signing operation was successful,
- * or an MBEDTLS_ERR_RSA_XXX error code
- *
- * \note The "sig" buffer must be as large as the size
- * of ctx->N (eg. 128 bytes if RSA-1024 is used).
- */
-int mbedtls_rsa_rsassa_pkcs1_v15_sign( mbedtls_rsa_context *ctx,
- int (*f_rng)(void *, unsigned char *, size_t),
- void *p_rng,
- int mode,
- mbedtls_md_type_t md_alg,
- unsigned int hashlen,
- const unsigned char *hash,
- unsigned char *sig );
-
-/**
- * \brief Perform a PKCS#1 v2.1 PSS signature (RSASSA-PSS-SIGN)
- *
- * \param ctx RSA context
- * \param f_rng RNG function (Needed for PKCS#1 v2.1 encoding and for
- * MBEDTLS_RSA_PRIVATE)
- * \param p_rng RNG parameter
- * \param mode MBEDTLS_RSA_PUBLIC or MBEDTLS_RSA_PRIVATE
- * \param md_alg a MBEDTLS_MD_XXX (use MBEDTLS_MD_NONE for signing raw data)
- * \param hashlen message digest length (for MBEDTLS_MD_NONE only)
- * \param hash buffer holding the message digest
- * \param sig buffer that will hold the ciphertext
- *
- * \return 0 if the signing operation was successful,
- * or an MBEDTLS_ERR_RSA_XXX error code
- *
- * \note The "sig" buffer must be as large as the size
- * of ctx->N (eg. 128 bytes if RSA-1024 is used).
- *
- * \note The hash_id in the RSA context is the one used for the
- * encoding. md_alg in the function call is the type of hash
- * that is encoded. According to RFC 3447 it is advised to
- * keep both hashes the same.
- */
-int mbedtls_rsa_rsassa_pss_sign( mbedtls_rsa_context *ctx,
- int (*f_rng)(void *, unsigned char *, size_t),
- void *p_rng,
- int mode,
- mbedtls_md_type_t md_alg,
- unsigned int hashlen,
- const unsigned char *hash,
- unsigned char *sig );
-
-/**
- * \brief Generic wrapper to perform a PKCS#1 verification using the
- * mode from the context. Do a public RSA operation and check
- * the message digest
- *
- * \param ctx points to an RSA public key
- * \param f_rng RNG function (Only needed for MBEDTLS_RSA_PRIVATE)
- * \param p_rng RNG parameter
- * \param mode MBEDTLS_RSA_PUBLIC or MBEDTLS_RSA_PRIVATE
- * \param md_alg a MBEDTLS_MD_XXX (use MBEDTLS_MD_NONE for signing raw data)
- * \param hashlen message digest length (for MBEDTLS_MD_NONE only)
- * \param hash buffer holding the message digest
- * \param sig buffer holding the ciphertext
- *
- * \return 0 if the verify operation was successful,
- * or an MBEDTLS_ERR_RSA_XXX error code
- *
- * \note The "sig" buffer must be as large as the size
- * of ctx->N (eg. 128 bytes if RSA-1024 is used).
- *
- * \note In case of PKCS#1 v2.1 encoding, see comments on
- * \c mbedtls_rsa_rsassa_pss_verify() about md_alg and hash_id.
- */
-int mbedtls_rsa_pkcs1_verify( mbedtls_rsa_context *ctx,
- int (*f_rng)(void *, unsigned char *, size_t),
- void *p_rng,
- int mode,
- mbedtls_md_type_t md_alg,
- unsigned int hashlen,
- const unsigned char *hash,
- const unsigned char *sig );
-
-/**
- * \brief Perform a PKCS#1 v1.5 verification (RSASSA-PKCS1-v1_5-VERIFY)
- *
- * \param ctx points to an RSA public key
- * \param f_rng RNG function (Only needed for MBEDTLS_RSA_PRIVATE)
- * \param p_rng RNG parameter
- * \param mode MBEDTLS_RSA_PUBLIC or MBEDTLS_RSA_PRIVATE
- * \param md_alg a MBEDTLS_MD_XXX (use MBEDTLS_MD_NONE for signing raw data)
- * \param hashlen message digest length (for MBEDTLS_MD_NONE only)
- * \param hash buffer holding the message digest
- * \param sig buffer holding the ciphertext
- *
- * \return 0 if the verify operation was successful,
- * or an MBEDTLS_ERR_RSA_XXX error code
- *
- * \note The "sig" buffer must be as large as the size
- * of ctx->N (eg. 128 bytes if RSA-1024 is used).
- */
-int mbedtls_rsa_rsassa_pkcs1_v15_verify( mbedtls_rsa_context *ctx,
- int (*f_rng)(void *, unsigned char *, size_t),
- void *p_rng,
- int mode,
- mbedtls_md_type_t md_alg,
- unsigned int hashlen,
- const unsigned char *hash,
- const unsigned char *sig );
-
-/**
- * \brief Perform a PKCS#1 v2.1 PSS verification (RSASSA-PSS-VERIFY)
- * (This is the "simple" version.)
- *
- * \param ctx points to an RSA public key
- * \param f_rng RNG function (Only needed for MBEDTLS_RSA_PRIVATE)
- * \param p_rng RNG parameter
- * \param mode MBEDTLS_RSA_PUBLIC or MBEDTLS_RSA_PRIVATE
- * \param md_alg a MBEDTLS_MD_XXX (use MBEDTLS_MD_NONE for signing raw data)
- * \param hashlen message digest length (for MBEDTLS_MD_NONE only)
- * \param hash buffer holding the message digest
- * \param sig buffer holding the ciphertext
- *
- * \return 0 if the verify operation was successful,
- * or an MBEDTLS_ERR_RSA_XXX error code
- *
- * \note The "sig" buffer must be as large as the size
- * of ctx->N (eg. 128 bytes if RSA-1024 is used).
- *
- * \note The hash_id in the RSA context is the one used for the
- * verification. md_alg in the function call is the type of
- * hash that is verified. According to RFC 3447 it is advised to
- * keep both hashes the same. If hash_id in the RSA context is
- * unset, the md_alg from the function call is used.
- */
-int mbedtls_rsa_rsassa_pss_verify( mbedtls_rsa_context *ctx,
- int (*f_rng)(void *, unsigned char *, size_t),
- void *p_rng,
- int mode,
- mbedtls_md_type_t md_alg,
- unsigned int hashlen,
- const unsigned char *hash,
- const unsigned char *sig );
-
-/**
- * \brief Perform a PKCS#1 v2.1 PSS verification (RSASSA-PSS-VERIFY)
- * (This is the version with "full" options.)
- *
- * \param ctx points to an RSA public key
- * \param f_rng RNG function (Only needed for MBEDTLS_RSA_PRIVATE)
- * \param p_rng RNG parameter
- * \param mode MBEDTLS_RSA_PUBLIC or MBEDTLS_RSA_PRIVATE
- * \param md_alg a MBEDTLS_MD_XXX (use MBEDTLS_MD_NONE for signing raw data)
- * \param hashlen message digest length (for MBEDTLS_MD_NONE only)
- * \param hash buffer holding the message digest
- * \param mgf1_hash_id message digest used for mask generation
- * \param expected_salt_len Length of the salt used in padding, use
- * MBEDTLS_RSA_SALT_LEN_ANY to accept any salt length
- * \param sig buffer holding the ciphertext
- *
- * \return 0 if the verify operation was successful,
- * or an MBEDTLS_ERR_RSA_XXX error code
- *
- * \note The "sig" buffer must be as large as the size
- * of ctx->N (eg. 128 bytes if RSA-1024 is used).
- *
- * \note The hash_id in the RSA context is ignored.
- */
-int mbedtls_rsa_rsassa_pss_verify_ext( mbedtls_rsa_context *ctx,
- int (*f_rng)(void *, unsigned char *, size_t),
- void *p_rng,
- int mode,
- mbedtls_md_type_t md_alg,
- unsigned int hashlen,
- const unsigned char *hash,
- mbedtls_md_type_t mgf1_hash_id,
- int expected_salt_len,
- const unsigned char *sig );
-
-/**
- * \brief Copy the components of an RSA context
- *
- * \param dst Destination context
- * \param src Source context
- *
- * \return 0 on success,
- * MBEDTLS_ERR_MPI_ALLOC_FAILED on memory allocation failure
- */
-int mbedtls_rsa_copy( mbedtls_rsa_context *dst, const mbedtls_rsa_context *src );
-
-/**
- * \brief Free the components of an RSA key
- *
- * \param ctx RSA Context to free
- */
-void mbedtls_rsa_free( mbedtls_rsa_context *ctx );
-
-/**
- * \brief Checkup routine
- *
- * \return 0 if successful, or 1 if the test failed
- */
-int mbedtls_rsa_self_test( int verbose );
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* MBEDTLS_RSA_C */
-
-#endif /* rsa.h */
diff --git a/backport/compat/verification/mbedtls/sha1.h b/backport/compat/verification/mbedtls/sha1.h
deleted file mode 100644
index b8752edd..00000000
--- a/backport/compat/verification/mbedtls/sha1.h
+++ /dev/null
@@ -1,135 +0,0 @@
-/**
- * \file sha1.h
- *
- * \brief SHA-1 cryptographic hash function
- *
- * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
- * SPDX-License-Identifier: GPL-2.0
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License along
- * with this program; if not, write to the Free Software Foundation, Inc.,
- * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
- *
- * This file is part of mbed TLS (https://tls.mbed.org)
- */
-#ifndef MBEDTLS_SHA1_H
-#define MBEDTLS_SHA1_H
-
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
-
-#if !defined(MBEDTLS_SHA1_ALT)
-// Regular implementation
-//
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/**
- * \brief SHA-1 context structure
- */
-typedef struct
-{
- uint32_t total[2]; /*!< number of bytes processed */
- uint32_t state[5]; /*!< intermediate digest state */
- unsigned char buffer[64]; /*!< data block being processed */
-}
-mbedtls_sha1_context;
-
-/**
- * \brief Initialize SHA-1 context
- *
- * \param ctx SHA-1 context to be initialized
- */
-void mbedtls_sha1_init( mbedtls_sha1_context *ctx );
-
-/**
- * \brief Clear SHA-1 context
- *
- * \param ctx SHA-1 context to be cleared
- */
-void mbedtls_sha1_free( mbedtls_sha1_context *ctx );
-
-/**
- * \brief Clone (the state of) a SHA-1 context
- *
- * \param dst The destination context
- * \param src The context to be cloned
- */
-void mbedtls_sha1_clone( mbedtls_sha1_context *dst,
- const mbedtls_sha1_context *src );
-
-/**
- * \brief SHA-1 context setup
- *
- * \param ctx context to be initialized
- */
-void mbedtls_sha1_starts( mbedtls_sha1_context *ctx );
-
-/**
- * \brief SHA-1 process buffer
- *
- * \param ctx SHA-1 context
- * \param input buffer holding the data
- * \param ilen length of the input data
- */
-void mbedtls_sha1_update( mbedtls_sha1_context *ctx, const unsigned char *input, size_t ilen );
-
-/**
- * \brief SHA-1 final digest
- *
- * \param ctx SHA-1 context
- * \param output SHA-1 checksum result
- */
-void mbedtls_sha1_finish( mbedtls_sha1_context *ctx, unsigned char output[20] );
-
-/* Internal use */
-void mbedtls_sha1_process( mbedtls_sha1_context *ctx, const unsigned char data[64] );
-
-#ifdef __cplusplus
-}
-#endif
-
-#else /* MBEDTLS_SHA1_ALT */
-#include "sha1_alt.h"
-#endif /* MBEDTLS_SHA1_ALT */
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/**
- * \brief Output = SHA-1( input buffer )
- *
- * \param input buffer holding the data
- * \param ilen length of the input data
- * \param output SHA-1 checksum result
- */
-void mbedtls_sha1( const unsigned char *input, size_t ilen, unsigned char output[20] );
-
-/**
- * \brief Checkup routine
- *
- * \return 0 if successful, or 1 if the test failed
- */
-int mbedtls_sha1_self_test( int verbose );
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* mbedtls_sha1.h */
diff --git a/backport/compat/verification/mbedtls/sha256.h b/backport/compat/verification/mbedtls/sha256.h
deleted file mode 100644
index 68223f0b..00000000
--- a/backport/compat/verification/mbedtls/sha256.h
+++ /dev/null
@@ -1,140 +0,0 @@
-/**
- * \file sha256.h
- *
- * \brief SHA-224 and SHA-256 cryptographic hash function
- *
- * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
- * SPDX-License-Identifier: GPL-2.0
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License along
- * with this program; if not, write to the Free Software Foundation, Inc.,
- * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
- *
- * This file is part of mbed TLS (https://tls.mbed.org)
- */
-#ifndef MBEDTLS_SHA256_H
-#define MBEDTLS_SHA256_H
-
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
-
-#if !defined(MBEDTLS_SHA256_ALT)
-// Regular implementation
-//
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/**
- * \brief SHA-256 context structure
- */
-typedef struct
-{
- uint32_t total[2]; /*!< number of bytes processed */
- uint32_t state[8]; /*!< intermediate digest state */
- unsigned char buffer[64]; /*!< data block being processed */
- int is224; /*!< 0 => SHA-256, else SHA-224 */
-}
-mbedtls_sha256_context;
-
-/**
- * \brief Initialize SHA-256 context
- *
- * \param ctx SHA-256 context to be initialized
- */
-void mbedtls_sha256_init( mbedtls_sha256_context *ctx );
-
-/**
- * \brief Clear SHA-256 context
- *
- * \param ctx SHA-256 context to be cleared
- */
-void mbedtls_sha256_free( mbedtls_sha256_context *ctx );
-
-/**
- * \brief Clone (the state of) a SHA-256 context
- *
- * \param dst The destination context
- * \param src The context to be cloned
- */
-void mbedtls_sha256_clone( mbedtls_sha256_context *dst,
- const mbedtls_sha256_context *src );
-
-/**
- * \brief SHA-256 context setup
- *
- * \param ctx context to be initialized
- * \param is224 0 = use SHA256, 1 = use SHA224
- */
-void mbedtls_sha256_starts( mbedtls_sha256_context *ctx, int is224 );
-
-/**
- * \brief SHA-256 process buffer
- *
- * \param ctx SHA-256 context
- * \param input buffer holding the data
- * \param ilen length of the input data
- */
-void mbedtls_sha256_update( mbedtls_sha256_context *ctx, const unsigned char *input,
- size_t ilen );
-
-/**
- * \brief SHA-256 final digest
- *
- * \param ctx SHA-256 context
- * \param output SHA-224/256 checksum result
- */
-void mbedtls_sha256_finish( mbedtls_sha256_context *ctx, unsigned char output[32] );
-
-/* Internal use */
-void mbedtls_sha256_process( mbedtls_sha256_context *ctx, const unsigned char data[64] );
-
-#ifdef __cplusplus
-}
-#endif
-
-#else /* MBEDTLS_SHA256_ALT */
-#include "sha256_alt.h"
-#endif /* MBEDTLS_SHA256_ALT */
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/**
- * \brief Output = SHA-256( input buffer )
- *
- * \param input buffer holding the data
- * \param ilen length of the input data
- * \param output SHA-224/256 checksum result
- * \param is224 0 = use SHA256, 1 = use SHA224
- */
-void mbedtls_sha256( const unsigned char *input, size_t ilen,
- unsigned char output[32], int is224 );
-
-/**
- * \brief Checkup routine
- *
- * \return 0 if successful, or 1 if the test failed
- */
-int mbedtls_sha256_self_test( int verbose );
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* mbedtls_sha256.h */
diff --git a/backport/compat/verification/md.c b/backport/compat/verification/md.c
deleted file mode 100644
index cff07534..00000000
--- a/backport/compat/verification/md.c
+++ /dev/null
@@ -1,471 +0,0 @@
-/**
- * \file mbedtls_md.c
- *
- * \brief Generic message digest wrapper for mbed TLS
- *
- * \author Adriaan de Jong <dejong@xxxxxxxxxx>
- *
- * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
- * SPDX-License-Identifier: GPL-2.0
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License along
- * with this program; if not, write to the Free Software Foundation, Inc.,
- * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
- *
- * This file is part of mbed TLS (https://tls.mbed.org)
- */
-
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "mbedtls/config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
-
-#if defined(MBEDTLS_MD_C)
-
-#include "mbedtls/md.h"
-#include "mbedtls/md_internal.h"
-
-#if defined(MBEDTLS_PLATFORM_C)
-#include "mbedtls/platform.h"
-#else
-#include <stdlib.h>
-#define mbedtls_calloc calloc
-#define mbedtls_free free
-#endif
-
-#if defined(MBEDTLS_FS_IO)
-#include <stdio.h>
-#endif
-
-/* Implementation that should never be optimized out by the compiler */
-static void mbedtls_zeroize( void *v, size_t n ) {
- volatile unsigned char *p = v; while( n-- ) *p++ = 0;
-}
-
-/*
- * Reminder: update profiles in x509_crt.c when adding a new hash!
- */
-static const int supported_digests[] = {
-
-#if defined(MBEDTLS_SHA512_C)
- MBEDTLS_MD_SHA512,
- MBEDTLS_MD_SHA384,
-#endif
-
-#if defined(MBEDTLS_SHA256_C)
- MBEDTLS_MD_SHA256,
- MBEDTLS_MD_SHA224,
-#endif
-
-#if defined(MBEDTLS_SHA1_C)
- MBEDTLS_MD_SHA1,
-#endif
-
-#if defined(MBEDTLS_RIPEMD160_C)
- MBEDTLS_MD_RIPEMD160,
-#endif
-
-#if defined(MBEDTLS_MD5_C)
- MBEDTLS_MD_MD5,
-#endif
-
-#if defined(MBEDTLS_MD4_C)
- MBEDTLS_MD_MD4,
-#endif
-
-#if defined(MBEDTLS_MD2_C)
- MBEDTLS_MD_MD2,
-#endif
-
- MBEDTLS_MD_NONE
-};
-
-const int *mbedtls_md_list( void )
-{
- return( supported_digests );
-}
-
-const mbedtls_md_info_t *mbedtls_md_info_from_string( const char *md_name )
-{
- if( NULL == md_name )
- return( NULL );
-
- /* Get the appropriate digest information */
-#if defined(MBEDTLS_MD2_C)
- if( !strcmp( "MD2", md_name ) )
- return mbedtls_md_info_from_type( MBEDTLS_MD_MD2 );
-#endif
-#if defined(MBEDTLS_MD4_C)
- if( !strcmp( "MD4", md_name ) )
- return mbedtls_md_info_from_type( MBEDTLS_MD_MD4 );
-#endif
-#if defined(MBEDTLS_MD5_C)
- if( !strcmp( "MD5", md_name ) )
- return mbedtls_md_info_from_type( MBEDTLS_MD_MD5 );
-#endif
-#if defined(MBEDTLS_RIPEMD160_C)
- if( !strcmp( "RIPEMD160", md_name ) )
- return mbedtls_md_info_from_type( MBEDTLS_MD_RIPEMD160 );
-#endif
-#if defined(MBEDTLS_SHA1_C)
- if( !strcmp( "SHA1", md_name ) || !strcmp( "SHA", md_name ) )
- return mbedtls_md_info_from_type( MBEDTLS_MD_SHA1 );
-#endif
-#if defined(MBEDTLS_SHA256_C)
- if( !strcmp( "SHA224", md_name ) )
- return mbedtls_md_info_from_type( MBEDTLS_MD_SHA224 );
- if( !strcmp( "SHA256", md_name ) )
- return mbedtls_md_info_from_type( MBEDTLS_MD_SHA256 );
-#endif
-#if defined(MBEDTLS_SHA512_C)
- if( !strcmp( "SHA384", md_name ) )
- return mbedtls_md_info_from_type( MBEDTLS_MD_SHA384 );
- if( !strcmp( "SHA512", md_name ) )
- return mbedtls_md_info_from_type( MBEDTLS_MD_SHA512 );
-#endif
- return( NULL );
-}
-
-const mbedtls_md_info_t *mbedtls_md_info_from_type( mbedtls_md_type_t md_type )
-{
- switch( md_type )
- {
-#if defined(MBEDTLS_MD2_C)
- case MBEDTLS_MD_MD2:
- return( &mbedtls_md2_info );
-#endif
-#if defined(MBEDTLS_MD4_C)
- case MBEDTLS_MD_MD4:
- return( &mbedtls_md4_info );
-#endif
-#if defined(MBEDTLS_MD5_C)
- case MBEDTLS_MD_MD5:
- return( &mbedtls_md5_info );
-#endif
-#if defined(MBEDTLS_RIPEMD160_C)
- case MBEDTLS_MD_RIPEMD160:
- return( &mbedtls_ripemd160_info );
-#endif
-#if defined(MBEDTLS_SHA1_C)
- case MBEDTLS_MD_SHA1:
- return( &mbedtls_sha1_info );
-#endif
-#if defined(MBEDTLS_SHA256_C)
- case MBEDTLS_MD_SHA224:
- return( &mbedtls_sha224_info );
- case MBEDTLS_MD_SHA256:
- return( &mbedtls_sha256_info );
-#endif
-#if defined(MBEDTLS_SHA512_C)
- case MBEDTLS_MD_SHA384:
- return( &mbedtls_sha384_info );
- case MBEDTLS_MD_SHA512:
- return( &mbedtls_sha512_info );
-#endif
- default:
- return( NULL );
- }
-}
-
-void mbedtls_md_init( mbedtls_md_context_t *ctx )
-{
- memset( ctx, 0, sizeof( mbedtls_md_context_t ) );
-}
-
-void mbedtls_md_free( mbedtls_md_context_t *ctx )
-{
- if( ctx == NULL || ctx->md_info == NULL )
- return;
-
- if( ctx->md_ctx != NULL )
- ctx->md_info->ctx_free_func( ctx->md_ctx );
-
- if( ctx->hmac_ctx != NULL )
- {
- mbedtls_zeroize( ctx->hmac_ctx, 2 * ctx->md_info->block_size );
- mbedtls_free( ctx->hmac_ctx );
- }
-
- mbedtls_zeroize( ctx, sizeof( mbedtls_md_context_t ) );
-}
-
-int mbedtls_md_clone( mbedtls_md_context_t *dst,
- const mbedtls_md_context_t *src )
-{
- if( dst == NULL || dst->md_info == NULL ||
- src == NULL || src->md_info == NULL ||
- dst->md_info != src->md_info )
- {
- return( MBEDTLS_ERR_MD_BAD_INPUT_DATA );
- }
-
- dst->md_info->clone_func( dst->md_ctx, src->md_ctx );
-
- return( 0 );
-}
-
-#if ! defined(MBEDTLS_DEPRECATED_REMOVED)
-int mbedtls_md_init_ctx( mbedtls_md_context_t *ctx, const mbedtls_md_info_t *md_info )
-{
- return mbedtls_md_setup( ctx, md_info, 1 );
-}
-#endif
-
-int mbedtls_md_setup( mbedtls_md_context_t *ctx, const mbedtls_md_info_t *md_info, int hmac )
-{
- if( md_info == NULL || ctx == NULL )
- return( MBEDTLS_ERR_MD_BAD_INPUT_DATA );
-
- if( ( ctx->md_ctx = md_info->ctx_alloc_func() ) == NULL )
- return( MBEDTLS_ERR_MD_ALLOC_FAILED );
-
- if( hmac != 0 )
- {
- ctx->hmac_ctx = mbedtls_calloc( 2, md_info->block_size );
- if( ctx->hmac_ctx == NULL )
- {
- md_info->ctx_free_func( ctx->md_ctx );
- return( MBEDTLS_ERR_MD_ALLOC_FAILED );
- }
- }
-
- ctx->md_info = md_info;
-
- return( 0 );
-}
-
-int mbedtls_md_starts( mbedtls_md_context_t *ctx )
-{
- if( ctx == NULL || ctx->md_info == NULL )
- return( MBEDTLS_ERR_MD_BAD_INPUT_DATA );
-
- ctx->md_info->starts_func( ctx->md_ctx );
-
- return( 0 );
-}
-
-int mbedtls_md_update( mbedtls_md_context_t *ctx, const unsigned char *input, size_t ilen )
-{
- if( ctx == NULL || ctx->md_info == NULL )
- return( MBEDTLS_ERR_MD_BAD_INPUT_DATA );
-
- ctx->md_info->update_func( ctx->md_ctx, input, ilen );
-
- return( 0 );
-}
-
-int mbedtls_md_finish( mbedtls_md_context_t *ctx, unsigned char *output )
-{
- if( ctx == NULL || ctx->md_info == NULL )
- return( MBEDTLS_ERR_MD_BAD_INPUT_DATA );
-
- ctx->md_info->finish_func( ctx->md_ctx, output );
-
- return( 0 );
-}
-
-int mbedtls_md( const mbedtls_md_info_t *md_info, const unsigned char *input, size_t ilen,
- unsigned char *output )
-{
- if( md_info == NULL )
- return( MBEDTLS_ERR_MD_BAD_INPUT_DATA );
-
- md_info->digest_func( input, ilen, output );
-
- return( 0 );
-}
-
-#if defined(MBEDTLS_FS_IO)
-int mbedtls_md_file( const mbedtls_md_info_t *md_info, const char *path, unsigned char *output )
-{
- int ret;
- FILE *f;
- size_t n;
- mbedtls_md_context_t ctx;
- unsigned char buf[1024];
-
- if( md_info == NULL )
- return( MBEDTLS_ERR_MD_BAD_INPUT_DATA );
-
- if( ( f = fopen( path, "rb" ) ) == NULL )
- return( MBEDTLS_ERR_MD_FILE_IO_ERROR );
-
- mbedtls_md_init( &ctx );
-
- if( ( ret = mbedtls_md_setup( &ctx, md_info, 0 ) ) != 0 )
- goto cleanup;
-
- md_info->starts_func( ctx.md_ctx );
-
- while( ( n = fread( buf, 1, sizeof( buf ), f ) ) > 0 )
- md_info->update_func( ctx.md_ctx, buf, n );
-
- if( ferror( f ) != 0 )
- {
- ret = MBEDTLS_ERR_MD_FILE_IO_ERROR;
- goto cleanup;
- }
-
- md_info->finish_func( ctx.md_ctx, output );
-
-cleanup:
- fclose( f );
- mbedtls_md_free( &ctx );
-
- return( ret );
-}
-#endif /* MBEDTLS_FS_IO */
-
-int mbedtls_md_hmac_starts( mbedtls_md_context_t *ctx, const unsigned char *key, size_t keylen )
-{
- unsigned char sum[MBEDTLS_MD_MAX_SIZE];
- unsigned char *ipad, *opad;
- size_t i;
-
- if( ctx == NULL || ctx->md_info == NULL || ctx->hmac_ctx == NULL )
- return( MBEDTLS_ERR_MD_BAD_INPUT_DATA );
-
- if( keylen > (size_t) ctx->md_info->block_size )
- {
- ctx->md_info->starts_func( ctx->md_ctx );
- ctx->md_info->update_func( ctx->md_ctx, key, keylen );
- ctx->md_info->finish_func( ctx->md_ctx, sum );
-
- keylen = ctx->md_info->size;
- key = sum;
- }
-
- ipad = (unsigned char *) ctx->hmac_ctx;
- opad = (unsigned char *) ctx->hmac_ctx + ctx->md_info->block_size;
-
- memset( ipad, 0x36, ctx->md_info->block_size );
- memset( opad, 0x5C, ctx->md_info->block_size );
-
- for( i = 0; i < keylen; i++ )
- {
- ipad[i] = (unsigned char)( ipad[i] ^ key[i] );
- opad[i] = (unsigned char)( opad[i] ^ key[i] );
- }
-
- mbedtls_zeroize( sum, sizeof( sum ) );
-
- ctx->md_info->starts_func( ctx->md_ctx );
- ctx->md_info->update_func( ctx->md_ctx, ipad, ctx->md_info->block_size );
-
- return( 0 );
-}
-
-int mbedtls_md_hmac_update( mbedtls_md_context_t *ctx, const unsigned char *input, size_t ilen )
-{
- if( ctx == NULL || ctx->md_info == NULL || ctx->hmac_ctx == NULL )
- return( MBEDTLS_ERR_MD_BAD_INPUT_DATA );
-
- ctx->md_info->update_func( ctx->md_ctx, input, ilen );
-
- return( 0 );
-}
-
-int mbedtls_md_hmac_finish( mbedtls_md_context_t *ctx, unsigned char *output )
-{
- unsigned char tmp[MBEDTLS_MD_MAX_SIZE];
- unsigned char *opad;
-
- if( ctx == NULL || ctx->md_info == NULL || ctx->hmac_ctx == NULL )
- return( MBEDTLS_ERR_MD_BAD_INPUT_DATA );
-
- opad = (unsigned char *) ctx->hmac_ctx + ctx->md_info->block_size;
-
- ctx->md_info->finish_func( ctx->md_ctx, tmp );
- ctx->md_info->starts_func( ctx->md_ctx );
- ctx->md_info->update_func( ctx->md_ctx, opad, ctx->md_info->block_size );
- ctx->md_info->update_func( ctx->md_ctx, tmp, ctx->md_info->size );
- ctx->md_info->finish_func( ctx->md_ctx, output );
-
- return( 0 );
-}
-
-int mbedtls_md_hmac_reset( mbedtls_md_context_t *ctx )
-{
- unsigned char *ipad;
-
- if( ctx == NULL || ctx->md_info == NULL || ctx->hmac_ctx == NULL )
- return( MBEDTLS_ERR_MD_BAD_INPUT_DATA );
-
- ipad = (unsigned char *) ctx->hmac_ctx;
-
- ctx->md_info->starts_func( ctx->md_ctx );
- ctx->md_info->update_func( ctx->md_ctx, ipad, ctx->md_info->block_size );
-
- return( 0 );
-}
-
-int mbedtls_md_hmac( const mbedtls_md_info_t *md_info, const unsigned char *key, size_t keylen,
- const unsigned char *input, size_t ilen,
- unsigned char *output )
-{
- mbedtls_md_context_t ctx;
- int ret;
-
- if( md_info == NULL )
- return( MBEDTLS_ERR_MD_BAD_INPUT_DATA );
-
- mbedtls_md_init( &ctx );
-
- if( ( ret = mbedtls_md_setup( &ctx, md_info, 1 ) ) != 0 )
- return( ret );
-
- mbedtls_md_hmac_starts( &ctx, key, keylen );
- mbedtls_md_hmac_update( &ctx, input, ilen );
- mbedtls_md_hmac_finish( &ctx, output );
-
- mbedtls_md_free( &ctx );
-
- return( 0 );
-}
-
-int mbedtls_md_process( mbedtls_md_context_t *ctx, const unsigned char *data )
-{
- if( ctx == NULL || ctx->md_info == NULL )
- return( MBEDTLS_ERR_MD_BAD_INPUT_DATA );
-
- ctx->md_info->process_func( ctx->md_ctx, data );
-
- return( 0 );
-}
-
-unsigned char mbedtls_md_get_size( const mbedtls_md_info_t *md_info )
-{
- if( md_info == NULL )
- return( 0 );
-
- return md_info->size;
-}
-
-mbedtls_md_type_t mbedtls_md_get_type( const mbedtls_md_info_t *md_info )
-{
- if( md_info == NULL )
- return( MBEDTLS_MD_NONE );
-
- return md_info->type;
-}
-
-const char *mbedtls_md_get_name( const mbedtls_md_info_t *md_info )
-{
- if( md_info == NULL )
- return( NULL );
-
- return md_info->name;
-}
-
-#endif /* MBEDTLS_MD_C */
diff --git a/backport/compat/verification/md_wrap.c b/backport/compat/verification/md_wrap.c
deleted file mode 100644
index 49c47d69..00000000
--- a/backport/compat/verification/md_wrap.c
+++ /dev/null
@@ -1,577 +0,0 @@
-/**
- * \file md_wrap.c
- *
- * \brief Generic message digest wrapper for mbed TLS
- *
- * \author Adriaan de Jong <dejong@xxxxxxxxxx>
- *
- * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
- * SPDX-License-Identifier: GPL-2.0
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License along
- * with this program; if not, write to the Free Software Foundation, Inc.,
- * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
- *
- * This file is part of mbed TLS (https://tls.mbed.org)
- */
-
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "mbedtls/config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
-
-#if defined(MBEDTLS_MD_C)
-
-#include "mbedtls/md_internal.h"
-
-#if defined(MBEDTLS_MD2_C)
-#include "mbedtls/md2.h"
-#endif
-
-#if defined(MBEDTLS_MD4_C)
-#include "mbedtls/md4.h"
-#endif
-
-#if defined(MBEDTLS_MD5_C)
-#include "mbedtls/md5.h"
-#endif
-
-#if defined(MBEDTLS_RIPEMD160_C)
-#include "mbedtls/ripemd160.h"
-#endif
-
-#if defined(MBEDTLS_SHA1_C)
-#include "mbedtls/sha1.h"
-#endif
-
-#if defined(MBEDTLS_SHA256_C)
-#include "mbedtls/sha256.h"
-#endif
-
-#if defined(MBEDTLS_SHA512_C)
-#include "mbedtls/sha512.h"
-#endif
-
-#if defined(MBEDTLS_PLATFORM_C)
-#include "mbedtls/platform.h"
-#else
-#include <stdlib.h>
-#define mbedtls_calloc calloc
-#define mbedtls_free free
-#endif
-
-#if defined(MBEDTLS_MD2_C)
-
-static void md2_starts_wrap( void *ctx )
-{
- mbedtls_md2_starts( (mbedtls_md2_context *) ctx );
-}
-
-static void md2_update_wrap( void *ctx, const unsigned char *input,
- size_t ilen )
-{
- mbedtls_md2_update( (mbedtls_md2_context *) ctx, input, ilen );
-}
-
-static void md2_finish_wrap( void *ctx, unsigned char *output )
-{
- mbedtls_md2_finish( (mbedtls_md2_context *) ctx, output );
-}
-
-static void *md2_ctx_alloc( void )
-{
- void *ctx = mbedtls_calloc( 1, sizeof( mbedtls_md2_context ) );
-
- if( ctx != NULL )
- mbedtls_md2_init( (mbedtls_md2_context *) ctx );
-
- return( ctx );
-}
-
-static void md2_ctx_free( void *ctx )
-{
- mbedtls_md2_free( (mbedtls_md2_context *) ctx );
- mbedtls_free( ctx );
-}
-
-static void md2_clone_wrap( void *dst, const void *src )
-{
- mbedtls_md2_clone( (mbedtls_md2_context *) dst,
- (const mbedtls_md2_context *) src );
-}
-
-static void md2_process_wrap( void *ctx, const unsigned char *data )
-{
- ((void) data);
-
- mbedtls_md2_process( (mbedtls_md2_context *) ctx );
-}
-
-const mbedtls_md_info_t mbedtls_md2_info = {
- MBEDTLS_MD_MD2,
- "MD2",
- 16,
- 16,
- md2_starts_wrap,
- md2_update_wrap,
- md2_finish_wrap,
- mbedtls_md2,
- md2_ctx_alloc,
- md2_ctx_free,
- md2_clone_wrap,
- md2_process_wrap,
-};
-
-#endif /* MBEDTLS_MD2_C */
-
-#if defined(MBEDTLS_MD4_C)
-
-static void md4_starts_wrap( void *ctx )
-{
- mbedtls_md4_starts( (mbedtls_md4_context *) ctx );
-}
-
-static void md4_update_wrap( void *ctx, const unsigned char *input,
- size_t ilen )
-{
- mbedtls_md4_update( (mbedtls_md4_context *) ctx, input, ilen );
-}
-
-static void md4_finish_wrap( void *ctx, unsigned char *output )
-{
- mbedtls_md4_finish( (mbedtls_md4_context *) ctx, output );
-}
-
-static void *md4_ctx_alloc( void )
-{
- void *ctx = mbedtls_calloc( 1, sizeof( mbedtls_md4_context ) );
-
- if( ctx != NULL )
- mbedtls_md4_init( (mbedtls_md4_context *) ctx );
-
- return( ctx );
-}
-
-static void md4_ctx_free( void *ctx )
-{
- mbedtls_md4_free( (mbedtls_md4_context *) ctx );
- mbedtls_free( ctx );
-}
-
-static void md4_clone_wrap( void *dst, const void *src )
-{
- mbedtls_md4_clone( (mbedtls_md4_context *) dst,
- (const mbedtls_md4_context *) src );
-}
-
-static void md4_process_wrap( void *ctx, const unsigned char *data )
-{
- mbedtls_md4_process( (mbedtls_md4_context *) ctx, data );
-}
-
-const mbedtls_md_info_t mbedtls_md4_info = {
- MBEDTLS_MD_MD4,
- "MD4",
- 16,
- 64,
- md4_starts_wrap,
- md4_update_wrap,
- md4_finish_wrap,
- mbedtls_md4,
- md4_ctx_alloc,
- md4_ctx_free,
- md4_clone_wrap,
- md4_process_wrap,
-};
-
-#endif /* MBEDTLS_MD4_C */
-
-#if defined(MBEDTLS_MD5_C)
-
-static void md5_starts_wrap( void *ctx )
-{
- mbedtls_md5_starts( (mbedtls_md5_context *) ctx );
-}
-
-static void md5_update_wrap( void *ctx, const unsigned char *input,
- size_t ilen )
-{
- mbedtls_md5_update( (mbedtls_md5_context *) ctx, input, ilen );
-}
-
-static void md5_finish_wrap( void *ctx, unsigned char *output )
-{
- mbedtls_md5_finish( (mbedtls_md5_context *) ctx, output );
-}
-
-static void *md5_ctx_alloc( void )
-{
- void *ctx = mbedtls_calloc( 1, sizeof( mbedtls_md5_context ) );
-
- if( ctx != NULL )
- mbedtls_md5_init( (mbedtls_md5_context *) ctx );
-
- return( ctx );
-}
-
-static void md5_ctx_free( void *ctx )
-{
- mbedtls_md5_free( (mbedtls_md5_context *) ctx );
- mbedtls_free( ctx );
-}
-
-static void md5_clone_wrap( void *dst, const void *src )
-{
- mbedtls_md5_clone( (mbedtls_md5_context *) dst,
- (const mbedtls_md5_context *) src );
-}
-
-static void md5_process_wrap( void *ctx, const unsigned char *data )
-{
- mbedtls_md5_process( (mbedtls_md5_context *) ctx, data );
-}
-
-const mbedtls_md_info_t mbedtls_md5_info = {
- MBEDTLS_MD_MD5,
- "MD5",
- 16,
- 64,
- md5_starts_wrap,
- md5_update_wrap,
- md5_finish_wrap,
- mbedtls_md5,
- md5_ctx_alloc,
- md5_ctx_free,
- md5_clone_wrap,
- md5_process_wrap,
-};
-
-#endif /* MBEDTLS_MD5_C */
-
-#if defined(MBEDTLS_RIPEMD160_C)
-
-static void ripemd160_starts_wrap( void *ctx )
-{
- mbedtls_ripemd160_starts( (mbedtls_ripemd160_context *) ctx );
-}
-
-static void ripemd160_update_wrap( void *ctx, const unsigned char *input,
- size_t ilen )
-{
- mbedtls_ripemd160_update( (mbedtls_ripemd160_context *) ctx, input, ilen );
-}
-
-static void ripemd160_finish_wrap( void *ctx, unsigned char *output )
-{
- mbedtls_ripemd160_finish( (mbedtls_ripemd160_context *) ctx, output );
-}
-
-static void *ripemd160_ctx_alloc( void )
-{
- void *ctx = mbedtls_calloc( 1, sizeof( mbedtls_ripemd160_context ) );
-
- if( ctx != NULL )
- mbedtls_ripemd160_init( (mbedtls_ripemd160_context *) ctx );
-
- return( ctx );
-}
-
-static void ripemd160_ctx_free( void *ctx )
-{
- mbedtls_ripemd160_free( (mbedtls_ripemd160_context *) ctx );
- mbedtls_free( ctx );
-}
-
-static void ripemd160_clone_wrap( void *dst, const void *src )
-{
- mbedtls_ripemd160_clone( (mbedtls_ripemd160_context *) dst,
- (const mbedtls_ripemd160_context *) src );
-}
-
-static void ripemd160_process_wrap( void *ctx, const unsigned char *data )
-{
- mbedtls_ripemd160_process( (mbedtls_ripemd160_context *) ctx, data );
-}
-
-const mbedtls_md_info_t mbedtls_ripemd160_info = {
- MBEDTLS_MD_RIPEMD160,
- "RIPEMD160",
- 20,
- 64,
- ripemd160_starts_wrap,
- ripemd160_update_wrap,
- ripemd160_finish_wrap,
- mbedtls_ripemd160,
- ripemd160_ctx_alloc,
- ripemd160_ctx_free,
- ripemd160_clone_wrap,
- ripemd160_process_wrap,
-};
-
-#endif /* MBEDTLS_RIPEMD160_C */
-
-#if defined(MBEDTLS_SHA1_C)
-
-static void sha1_starts_wrap( void *ctx )
-{
- mbedtls_sha1_starts( (mbedtls_sha1_context *) ctx );
-}
-
-static void sha1_update_wrap( void *ctx, const unsigned char *input,
- size_t ilen )
-{
- mbedtls_sha1_update( (mbedtls_sha1_context *) ctx, input, ilen );
-}
-
-static void sha1_finish_wrap( void *ctx, unsigned char *output )
-{
- mbedtls_sha1_finish( (mbedtls_sha1_context *) ctx, output );
-}
-
-static void *sha1_ctx_alloc( void )
-{
- void *ctx = mbedtls_calloc( 1, sizeof( mbedtls_sha1_context ) );
-
- if( ctx != NULL )
- mbedtls_sha1_init( (mbedtls_sha1_context *) ctx );
-
- return( ctx );
-}
-
-static void sha1_clone_wrap( void *dst, const void *src )
-{
- mbedtls_sha1_clone( (mbedtls_sha1_context *) dst,
- (const mbedtls_sha1_context *) src );
-}
-
-static void sha1_ctx_free( void *ctx )
-{
- mbedtls_sha1_free( (mbedtls_sha1_context *) ctx );
- mbedtls_free( ctx );
-}
-
-static void sha1_process_wrap( void *ctx, const unsigned char *data )
-{
- mbedtls_sha1_process( (mbedtls_sha1_context *) ctx, data );
-}
-
-const mbedtls_md_info_t mbedtls_sha1_info = {
- MBEDTLS_MD_SHA1,
- "SHA1",
- 20,
- 64,
- sha1_starts_wrap,
- sha1_update_wrap,
- sha1_finish_wrap,
- mbedtls_sha1,
- sha1_ctx_alloc,
- sha1_ctx_free,
- sha1_clone_wrap,
- sha1_process_wrap,
-};
-
-#endif /* MBEDTLS_SHA1_C */
-
-/*
- * Wrappers for generic message digests
- */
-#if defined(MBEDTLS_SHA256_C)
-
-static void sha224_starts_wrap( void *ctx )
-{
- mbedtls_sha256_starts( (mbedtls_sha256_context *) ctx, 1 );
-}
-
-static void sha224_update_wrap( void *ctx, const unsigned char *input,
- size_t ilen )
-{
- mbedtls_sha256_update( (mbedtls_sha256_context *) ctx, input, ilen );
-}
-
-static void sha224_finish_wrap( void *ctx, unsigned char *output )
-{
- mbedtls_sha256_finish( (mbedtls_sha256_context *) ctx, output );
-}
-
-static void sha224_wrap( const unsigned char *input, size_t ilen,
- unsigned char *output )
-{
- mbedtls_sha256( input, ilen, output, 1 );
-}
-
-static void *sha224_ctx_alloc( void )
-{
- void *ctx = mbedtls_calloc( 1, sizeof( mbedtls_sha256_context ) );
-
- if( ctx != NULL )
- mbedtls_sha256_init( (mbedtls_sha256_context *) ctx );
-
- return( ctx );
-}
-
-static void sha224_ctx_free( void *ctx )
-{
- mbedtls_sha256_free( (mbedtls_sha256_context *) ctx );
- mbedtls_free( ctx );
-}
-
-static void sha224_clone_wrap( void *dst, const void *src )
-{
- mbedtls_sha256_clone( (mbedtls_sha256_context *) dst,
- (const mbedtls_sha256_context *) src );
-}
-
-static void sha224_process_wrap( void *ctx, const unsigned char *data )
-{
- mbedtls_sha256_process( (mbedtls_sha256_context *) ctx, data );
-}
-
-const mbedtls_md_info_t mbedtls_sha224_info = {
- MBEDTLS_MD_SHA224,
- "SHA224",
- 28,
- 64,
- sha224_starts_wrap,
- sha224_update_wrap,
- sha224_finish_wrap,
- sha224_wrap,
- sha224_ctx_alloc,
- sha224_ctx_free,
- sha224_clone_wrap,
- sha224_process_wrap,
-};
-
-static void sha256_starts_wrap( void *ctx )
-{
- mbedtls_sha256_starts( (mbedtls_sha256_context *) ctx, 0 );
-}
-
-static void sha256_wrap( const unsigned char *input, size_t ilen,
- unsigned char *output )
-{
- mbedtls_sha256( input, ilen, output, 0 );
-}
-
-const mbedtls_md_info_t mbedtls_sha256_info = {
- MBEDTLS_MD_SHA256,
- "SHA256",
- 32,
- 64,
- sha256_starts_wrap,
- sha224_update_wrap,
- sha224_finish_wrap,
- sha256_wrap,
- sha224_ctx_alloc,
- sha224_ctx_free,
- sha224_clone_wrap,
- sha224_process_wrap,
-};
-
-#endif /* MBEDTLS_SHA256_C */
-
-#if defined(MBEDTLS_SHA512_C)
-
-static void sha384_starts_wrap( void *ctx )
-{
- mbedtls_sha512_starts( (mbedtls_sha512_context *) ctx, 1 );
-}
-
-static void sha384_update_wrap( void *ctx, const unsigned char *input,
- size_t ilen )
-{
- mbedtls_sha512_update( (mbedtls_sha512_context *) ctx, input, ilen );
-}
-
-static void sha384_finish_wrap( void *ctx, unsigned char *output )
-{
- mbedtls_sha512_finish( (mbedtls_sha512_context *) ctx, output );
-}
-
-static void sha384_wrap( const unsigned char *input, size_t ilen,
- unsigned char *output )
-{
- mbedtls_sha512( input, ilen, output, 1 );
-}
-
-static void *sha384_ctx_alloc( void )
-{
- void *ctx = mbedtls_calloc( 1, sizeof( mbedtls_sha512_context ) );
-
- if( ctx != NULL )
- mbedtls_sha512_init( (mbedtls_sha512_context *) ctx );
-
- return( ctx );
-}
-
-static void sha384_ctx_free( void *ctx )
-{
- mbedtls_sha512_free( (mbedtls_sha512_context *) ctx );
- mbedtls_free( ctx );
-}
-
-static void sha384_clone_wrap( void *dst, const void *src )
-{
- mbedtls_sha512_clone( (mbedtls_sha512_context *) dst,
- (const mbedtls_sha512_context *) src );
-}
-
-static void sha384_process_wrap( void *ctx, const unsigned char *data )
-{
- mbedtls_sha512_process( (mbedtls_sha512_context *) ctx, data );
-}
-
-const mbedtls_md_info_t mbedtls_sha384_info = {
- MBEDTLS_MD_SHA384,
- "SHA384",
- 48,
- 128,
- sha384_starts_wrap,
- sha384_update_wrap,
- sha384_finish_wrap,
- sha384_wrap,
- sha384_ctx_alloc,
- sha384_ctx_free,
- sha384_clone_wrap,
- sha384_process_wrap,
-};
-
-static void sha512_starts_wrap( void *ctx )
-{
- mbedtls_sha512_starts( (mbedtls_sha512_context *) ctx, 0 );
-}
-
-static void sha512_wrap( const unsigned char *input, size_t ilen,
- unsigned char *output )
-{
- mbedtls_sha512( input, ilen, output, 0 );
-}
-
-const mbedtls_md_info_t mbedtls_sha512_info = {
- MBEDTLS_MD_SHA512,
- "SHA512",
- 64,
- 128,
- sha512_starts_wrap,
- sha384_update_wrap,
- sha384_finish_wrap,
- sha512_wrap,
- sha384_ctx_alloc,
- sha384_ctx_free,
- sha384_clone_wrap,
- sha384_process_wrap,
-};
-
-#endif /* MBEDTLS_SHA512_C */
-
-#endif /* MBEDTLS_MD_C */
diff --git a/backport/compat/verification/oid.c b/backport/compat/verification/oid.c
deleted file mode 100644
index 64753690..00000000
--- a/backport/compat/verification/oid.c
+++ /dev/null
@@ -1,709 +0,0 @@
-/**
- * \file oid.c
- *
- * \brief Object Identifier (OID) database
- *
- * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
- * SPDX-License-Identifier: GPL-2.0
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License along
- * with this program; if not, write to the Free Software Foundation, Inc.,
- * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
- *
- * This file is part of mbed TLS (https://tls.mbed.org)
- */
-
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "mbedtls/config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
-
-#if defined(MBEDTLS_OID_C)
-
-#include "mbedtls/oid.h"
-#include "mbedtls/rsa.h"
-
-#if defined(MBEDTLS_PLATFORM_C)
-#include "mbedtls/platform.h"
-#else
-#define mbedtls_snprintf snprintf
-#endif
-
-#if defined(MBEDTLS_X509_USE_C) || defined(MBEDTLS_X509_CREATE_C)
-#include "mbedtls/x509.h"
-#endif
-
-/*
- * Macro to automatically add the size of #define'd OIDs
- */
-#define ADD_LEN(s) s, MBEDTLS_OID_SIZE(s)
-
-/*
- * Macro to generate an internal function for oid_XXX_from_asn1() (used by
- * the other functions)
- */
-#define FN_OID_TYPED_FROM_ASN1( TYPE_T, NAME, LIST ) \
-static const TYPE_T * oid_ ## NAME ## _from_asn1( const mbedtls_asn1_buf *oid ) \
-{ \
- const TYPE_T *p = LIST; \
- const mbedtls_oid_descriptor_t *cur = (const mbedtls_oid_descriptor_t *) p; \
- if( p == NULL || oid == NULL ) return( NULL ); \
- while( cur->asn1 != NULL ) { \
- if( cur->asn1_len == oid->len && \
- memcmp( cur->asn1, oid->p, oid->len ) == 0 ) { \
- return( p ); \
- } \
- p++; \
- cur = (const mbedtls_oid_descriptor_t *) p; \
- } \
- return( NULL ); \
-}
-
-/*
- * Macro to generate a function for retrieving a single attribute from the
- * descriptor of an mbedtls_oid_descriptor_t wrapper.
- */
-#define FN_OID_GET_DESCRIPTOR_ATTR1(FN_NAME, TYPE_T, TYPE_NAME, ATTR1_TYPE, ATTR1) \
-int FN_NAME( const mbedtls_asn1_buf *oid, ATTR1_TYPE * ATTR1 ) \
-{ \
- const TYPE_T *data = oid_ ## TYPE_NAME ## _from_asn1( oid ); \
- if( data == NULL ) return( MBEDTLS_ERR_OID_NOT_FOUND ); \
- *ATTR1 = data->descriptor.ATTR1; \
- return( 0 ); \
-}
-
-/*
- * Macro to generate a function for retrieving a single attribute from an
- * mbedtls_oid_descriptor_t wrapper.
- */
-#define FN_OID_GET_ATTR1(FN_NAME, TYPE_T, TYPE_NAME, ATTR1_TYPE, ATTR1) \
-int FN_NAME( const mbedtls_asn1_buf *oid, ATTR1_TYPE * ATTR1 ) \
-{ \
- const TYPE_T *data = oid_ ## TYPE_NAME ## _from_asn1( oid ); \
- if( data == NULL ) return( MBEDTLS_ERR_OID_NOT_FOUND ); \
- *ATTR1 = data->ATTR1; \
- return( 0 ); \
-}
-
-/*
- * Macro to generate a function for retrieving two attributes from an
- * mbedtls_oid_descriptor_t wrapper.
- */
-#define FN_OID_GET_ATTR2(FN_NAME, TYPE_T, TYPE_NAME, ATTR1_TYPE, ATTR1, \
- ATTR2_TYPE, ATTR2) \
-int FN_NAME( const mbedtls_asn1_buf *oid, ATTR1_TYPE * ATTR1, ATTR2_TYPE * ATTR2 ) \
-{ \
- const TYPE_T *data = oid_ ## TYPE_NAME ## _from_asn1( oid ); \
- if( data == NULL ) return( MBEDTLS_ERR_OID_NOT_FOUND ); \
- *ATTR1 = data->ATTR1; \
- *ATTR2 = data->ATTR2; \
- return( 0 ); \
-}
-
-/*
- * Macro to generate a function for retrieving the OID based on a single
- * attribute from a mbedtls_oid_descriptor_t wrapper.
- */
-#define FN_OID_GET_OID_BY_ATTR1(FN_NAME, TYPE_T, LIST, ATTR1_TYPE, ATTR1) \
-int FN_NAME( ATTR1_TYPE ATTR1, const char **oid, size_t *olen ) \
-{ \
- const TYPE_T *cur = LIST; \
- while( cur->descriptor.asn1 != NULL ) { \
- if( cur->ATTR1 == ATTR1 ) { \
- *oid = cur->descriptor.asn1; \
- *olen = cur->descriptor.asn1_len; \
- return( 0 ); \
- } \
- cur++; \
- } \
- return( MBEDTLS_ERR_OID_NOT_FOUND ); \
-}
-
-/*
- * Macro to generate a function for retrieving the OID based on two
- * attributes from a mbedtls_oid_descriptor_t wrapper.
- */
-#define FN_OID_GET_OID_BY_ATTR2(FN_NAME, TYPE_T, LIST, ATTR1_TYPE, ATTR1, \
- ATTR2_TYPE, ATTR2) \
-int FN_NAME( ATTR1_TYPE ATTR1, ATTR2_TYPE ATTR2, const char **oid , \
- size_t *olen ) \
-{ \
- const TYPE_T *cur = LIST; \
- while( cur->descriptor.asn1 != NULL ) { \
- if( cur->ATTR1 == ATTR1 && cur->ATTR2 == ATTR2 ) { \
- *oid = cur->descriptor.asn1; \
- *olen = cur->descriptor.asn1_len; \
- return( 0 ); \
- } \
- cur++; \
- } \
- return( MBEDTLS_ERR_OID_NOT_FOUND ); \
-}
-
-#if defined(MBEDTLS_X509_USE_C) || defined(MBEDTLS_X509_CREATE_C)
-/*
- * For X520 attribute types
- */
-typedef struct {
- mbedtls_oid_descriptor_t descriptor;
- const char *short_name;
-} oid_x520_attr_t;
-
-static const oid_x520_attr_t oid_x520_attr_type[] =
-{
- {
- { ADD_LEN( MBEDTLS_OID_AT_CN ), "id-at-commonName", "Common Name" },
- "CN",
- },
- {
- { ADD_LEN( MBEDTLS_OID_AT_COUNTRY ), "id-at-countryName", "Country" },
- "C",
- },
- {
- { ADD_LEN( MBEDTLS_OID_AT_LOCALITY ), "id-at-locality", "Locality" },
- "L",
- },
- {
- { ADD_LEN( MBEDTLS_OID_AT_STATE ), "id-at-state", "State" },
- "ST",
- },
- {
- { ADD_LEN( MBEDTLS_OID_AT_ORGANIZATION ),"id-at-organizationName", "Organization" },
- "O",
- },
- {
- { ADD_LEN( MBEDTLS_OID_AT_ORG_UNIT ), "id-at-organizationalUnitName", "Org Unit" },
- "OU",
- },
- {
- { ADD_LEN( MBEDTLS_OID_PKCS9_EMAIL ), "emailAddress", "E-mail address" },
- "emailAddress",
- },
- {
- { ADD_LEN( MBEDTLS_OID_AT_SERIAL_NUMBER ),"id-at-serialNumber", "Serial number" },
- "serialNumber",
- },
- {
- { ADD_LEN( MBEDTLS_OID_AT_POSTAL_ADDRESS ),"id-at-postalAddress", "Postal address" },
- "postalAddress",
- },
- {
- { ADD_LEN( MBEDTLS_OID_AT_POSTAL_CODE ), "id-at-postalCode", "Postal code" },
- "postalCode",
- },
- {
- { ADD_LEN( MBEDTLS_OID_AT_SUR_NAME ), "id-at-surName", "Surname" },
- "SN",
- },
- {
- { ADD_LEN( MBEDTLS_OID_AT_GIVEN_NAME ), "id-at-givenName", "Given name" },
- "GN",
- },
- {
- { ADD_LEN( MBEDTLS_OID_AT_INITIALS ), "id-at-initials", "Initials" },
- "initials",
- },
- {
- { ADD_LEN( MBEDTLS_OID_AT_GENERATION_QUALIFIER ), "id-at-generationQualifier", "Generation qualifier" },
- "generationQualifier",
- },
- {
- { ADD_LEN( MBEDTLS_OID_AT_TITLE ), "id-at-title", "Title" },
- "title",
- },
- {
- { ADD_LEN( MBEDTLS_OID_AT_DN_QUALIFIER ),"id-at-dnQualifier", "Distinguished Name qualifier" },
- "dnQualifier",
- },
- {
- { ADD_LEN( MBEDTLS_OID_AT_PSEUDONYM ), "id-at-pseudonym", "Pseudonym" },
- "pseudonym",
- },
- {
- { ADD_LEN( MBEDTLS_OID_DOMAIN_COMPONENT ), "id-domainComponent", "Domain component" },
- "DC",
- },
- {
- { ADD_LEN( MBEDTLS_OID_AT_UNIQUE_IDENTIFIER ), "id-at-uniqueIdentifier", "Unique Identifier" },
- "uniqueIdentifier",
- },
- {
- { NULL, 0, NULL, NULL },
- NULL,
- }
-};
-
-FN_OID_TYPED_FROM_ASN1(oid_x520_attr_t, x520_attr, oid_x520_attr_type)
-FN_OID_GET_ATTR1(mbedtls_oid_get_attr_short_name, oid_x520_attr_t, x520_attr, const char *, short_name)
-
-/*
- * For X509 extensions
- */
-typedef struct {
- mbedtls_oid_descriptor_t descriptor;
- int ext_type;
-} oid_x509_ext_t;
-
-static const oid_x509_ext_t oid_x509_ext[] =
-{
- {
- { ADD_LEN( MBEDTLS_OID_BASIC_CONSTRAINTS ), "id-ce-basicConstraints", "Basic Constraints" },
- MBEDTLS_X509_EXT_BASIC_CONSTRAINTS,
- },
- {
- { ADD_LEN( MBEDTLS_OID_KEY_USAGE ), "id-ce-keyUsage", "Key Usage" },
- MBEDTLS_X509_EXT_KEY_USAGE,
- },
- {
- { ADD_LEN( MBEDTLS_OID_EXTENDED_KEY_USAGE ), "id-ce-extKeyUsage", "Extended Key Usage" },
- MBEDTLS_X509_EXT_EXTENDED_KEY_USAGE,
- },
- {
- { ADD_LEN( MBEDTLS_OID_SUBJECT_ALT_NAME ), "id-ce-subjectAltName", "Subject Alt Name" },
- MBEDTLS_X509_EXT_SUBJECT_ALT_NAME,
- },
- {
- { ADD_LEN( MBEDTLS_OID_NS_CERT_TYPE ), "id-netscape-certtype", "Netscape Certificate Type" },
- MBEDTLS_X509_EXT_NS_CERT_TYPE,
- },
- {
- { NULL, 0, NULL, NULL },
- 0,
- },
-};
-
-FN_OID_TYPED_FROM_ASN1(oid_x509_ext_t, x509_ext, oid_x509_ext)
-FN_OID_GET_ATTR1(mbedtls_oid_get_x509_ext_type, oid_x509_ext_t, x509_ext, int, ext_type)
-
-static const mbedtls_oid_descriptor_t oid_ext_key_usage[] =
-{
- { ADD_LEN( MBEDTLS_OID_SERVER_AUTH ), "id-kp-serverAuth", "TLS Web Server Authentication" },
- { ADD_LEN( MBEDTLS_OID_CLIENT_AUTH ), "id-kp-clientAuth", "TLS Web Client Authentication" },
- { ADD_LEN( MBEDTLS_OID_CODE_SIGNING ), "id-kp-codeSigning", "Code Signing" },
- { ADD_LEN( MBEDTLS_OID_EMAIL_PROTECTION ), "id-kp-emailProtection", "E-mail Protection" },
- { ADD_LEN( MBEDTLS_OID_TIME_STAMPING ), "id-kp-timeStamping", "Time Stamping" },
- { ADD_LEN( MBEDTLS_OID_OCSP_SIGNING ), "id-kp-OCSPSigning", "OCSP Signing" },
- { NULL, 0, NULL, NULL },
-};
-
-FN_OID_TYPED_FROM_ASN1(mbedtls_oid_descriptor_t, ext_key_usage, oid_ext_key_usage)
-FN_OID_GET_ATTR1(mbedtls_oid_get_extended_key_usage, mbedtls_oid_descriptor_t, ext_key_usage, const char *, description)
-#endif /* MBEDTLS_X509_USE_C || MBEDTLS_X509_CREATE_C */
-
-#if defined(MBEDTLS_MD_C)
-/*
- * For SignatureAlgorithmIdentifier
- */
-typedef struct {
- mbedtls_oid_descriptor_t descriptor;
- mbedtls_md_type_t md_alg;
- mbedtls_pk_type_t pk_alg;
-} oid_sig_alg_t;
-
-static const oid_sig_alg_t oid_sig_alg[] =
-{
-#if defined(MBEDTLS_RSA_C)
-#if defined(MBEDTLS_MD2_C)
- {
- { ADD_LEN( MBEDTLS_OID_PKCS1_MD2 ), "md2WithRSAEncryption", "RSA with MD2" },
- MBEDTLS_MD_MD2, MBEDTLS_PK_RSA,
- },
-#endif /* MBEDTLS_MD2_C */
-#if defined(MBEDTLS_MD4_C)
- {
- { ADD_LEN( MBEDTLS_OID_PKCS1_MD4 ), "md4WithRSAEncryption", "RSA with MD4" },
- MBEDTLS_MD_MD4, MBEDTLS_PK_RSA,
- },
-#endif /* MBEDTLS_MD4_C */
-#if defined(MBEDTLS_MD5_C)
- {
- { ADD_LEN( MBEDTLS_OID_PKCS1_MD5 ), "md5WithRSAEncryption", "RSA with MD5" },
- MBEDTLS_MD_MD5, MBEDTLS_PK_RSA,
- },
-#endif /* MBEDTLS_MD5_C */
-#if defined(MBEDTLS_SHA1_C)
- {
- { ADD_LEN( MBEDTLS_OID_PKCS1_SHA1 ), "sha-1WithRSAEncryption", "RSA with SHA1" },
- MBEDTLS_MD_SHA1, MBEDTLS_PK_RSA,
- },
-#endif /* MBEDTLS_SHA1_C */
-#if defined(MBEDTLS_SHA256_C)
- {
- { ADD_LEN( MBEDTLS_OID_PKCS1_SHA224 ), "sha224WithRSAEncryption", "RSA with SHA-224" },
- MBEDTLS_MD_SHA224, MBEDTLS_PK_RSA,
- },
- {
- { ADD_LEN( MBEDTLS_OID_PKCS1_SHA256 ), "sha256WithRSAEncryption", "RSA with SHA-256" },
- MBEDTLS_MD_SHA256, MBEDTLS_PK_RSA,
- },
-#endif /* MBEDTLS_SHA256_C */
-#if defined(MBEDTLS_SHA512_C)
- {
- { ADD_LEN( MBEDTLS_OID_PKCS1_SHA384 ), "sha384WithRSAEncryption", "RSA with SHA-384" },
- MBEDTLS_MD_SHA384, MBEDTLS_PK_RSA,
- },
- {
- { ADD_LEN( MBEDTLS_OID_PKCS1_SHA512 ), "sha512WithRSAEncryption", "RSA with SHA-512" },
- MBEDTLS_MD_SHA512, MBEDTLS_PK_RSA,
- },
-#endif /* MBEDTLS_SHA512_C */
-#if defined(MBEDTLS_SHA1_C)
- {
- { ADD_LEN( MBEDTLS_OID_RSA_SHA_OBS ), "sha-1WithRSAEncryption", "RSA with SHA1" },
- MBEDTLS_MD_SHA1, MBEDTLS_PK_RSA,
- },
-#endif /* MBEDTLS_SHA1_C */
-#endif /* MBEDTLS_RSA_C */
-#if defined(MBEDTLS_ECDSA_C)
-#if defined(MBEDTLS_SHA1_C)
- {
- { ADD_LEN( MBEDTLS_OID_ECDSA_SHA1 ), "ecdsa-with-SHA1", "ECDSA with SHA1" },
- MBEDTLS_MD_SHA1, MBEDTLS_PK_ECDSA,
- },
-#endif /* MBEDTLS_SHA1_C */
-#if defined(MBEDTLS_SHA256_C)
- {
- { ADD_LEN( MBEDTLS_OID_ECDSA_SHA224 ), "ecdsa-with-SHA224", "ECDSA with SHA224" },
- MBEDTLS_MD_SHA224, MBEDTLS_PK_ECDSA,
- },
- {
- { ADD_LEN( MBEDTLS_OID_ECDSA_SHA256 ), "ecdsa-with-SHA256", "ECDSA with SHA256" },
- MBEDTLS_MD_SHA256, MBEDTLS_PK_ECDSA,
- },
-#endif /* MBEDTLS_SHA256_C */
-#if defined(MBEDTLS_SHA512_C)
- {
- { ADD_LEN( MBEDTLS_OID_ECDSA_SHA384 ), "ecdsa-with-SHA384", "ECDSA with SHA384" },
- MBEDTLS_MD_SHA384, MBEDTLS_PK_ECDSA,
- },
- {
- { ADD_LEN( MBEDTLS_OID_ECDSA_SHA512 ), "ecdsa-with-SHA512", "ECDSA with SHA512" },
- MBEDTLS_MD_SHA512, MBEDTLS_PK_ECDSA,
- },
-#endif /* MBEDTLS_SHA512_C */
-#endif /* MBEDTLS_ECDSA_C */
-#if defined(MBEDTLS_RSA_C)
- {
- { ADD_LEN( MBEDTLS_OID_RSASSA_PSS ), "RSASSA-PSS", "RSASSA-PSS" },
- MBEDTLS_MD_NONE, MBEDTLS_PK_RSASSA_PSS,
- },
-#endif /* MBEDTLS_RSA_C */
- {
- { NULL, 0, NULL, NULL },
- MBEDTLS_MD_NONE, MBEDTLS_PK_NONE,
- },
-};
-
-FN_OID_TYPED_FROM_ASN1(oid_sig_alg_t, sig_alg, oid_sig_alg)
-FN_OID_GET_DESCRIPTOR_ATTR1(mbedtls_oid_get_sig_alg_desc, oid_sig_alg_t, sig_alg, const char *, description)
-FN_OID_GET_ATTR2(mbedtls_oid_get_sig_alg, oid_sig_alg_t, sig_alg, mbedtls_md_type_t, md_alg, mbedtls_pk_type_t, pk_alg)
-FN_OID_GET_OID_BY_ATTR2(mbedtls_oid_get_oid_by_sig_alg, oid_sig_alg_t, oid_sig_alg, mbedtls_pk_type_t, pk_alg, mbedtls_md_type_t, md_alg)
-#endif /* MBEDTLS_MD_C */
-
-/*
- * For PublicKeyInfo (PKCS1, RFC 5480)
- */
-typedef struct {
- mbedtls_oid_descriptor_t descriptor;
- mbedtls_pk_type_t pk_alg;
-} oid_pk_alg_t;
-
-static const oid_pk_alg_t oid_pk_alg[] =
-{
- {
- { ADD_LEN( MBEDTLS_OID_PKCS1_RSA ), "rsaEncryption", "RSA" },
- MBEDTLS_PK_RSA,
- },
- {
- { ADD_LEN( MBEDTLS_OID_EC_ALG_UNRESTRICTED ), "id-ecPublicKey", "Generic EC key" },
- MBEDTLS_PK_ECKEY,
- },
- {
- { ADD_LEN( MBEDTLS_OID_EC_ALG_ECDH ), "id-ecDH", "EC key for ECDH" },
- MBEDTLS_PK_ECKEY_DH,
- },
- {
- { NULL, 0, NULL, NULL },
- MBEDTLS_PK_NONE,
- },
-};
-
-FN_OID_TYPED_FROM_ASN1(oid_pk_alg_t, pk_alg, oid_pk_alg)
-FN_OID_GET_ATTR1(mbedtls_oid_get_pk_alg, oid_pk_alg_t, pk_alg, mbedtls_pk_type_t, pk_alg)
-FN_OID_GET_OID_BY_ATTR1(mbedtls_oid_get_oid_by_pk_alg, oid_pk_alg_t, oid_pk_alg, mbedtls_pk_type_t, pk_alg)
-
-#if defined(MBEDTLS_ECP_C)
-/*
- * For namedCurve (RFC 5480)
- */
-typedef struct {
- mbedtls_oid_descriptor_t descriptor;
- mbedtls_ecp_group_id grp_id;
-} oid_ecp_grp_t;
-
-static const oid_ecp_grp_t oid_ecp_grp[] =
-{
-#if defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED)
- {
- { ADD_LEN( MBEDTLS_OID_EC_GRP_SECP192R1 ), "secp192r1", "secp192r1" },
- MBEDTLS_ECP_DP_SECP192R1,
- },
-#endif /* MBEDTLS_ECP_DP_SECP192R1_ENABLED */
-#if defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED)
- {
- { ADD_LEN( MBEDTLS_OID_EC_GRP_SECP224R1 ), "secp224r1", "secp224r1" },
- MBEDTLS_ECP_DP_SECP224R1,
- },
-#endif /* MBEDTLS_ECP_DP_SECP224R1_ENABLED */
-#if defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED)
- {
- { ADD_LEN( MBEDTLS_OID_EC_GRP_SECP256R1 ), "secp256r1", "secp256r1" },
- MBEDTLS_ECP_DP_SECP256R1,
- },
-#endif /* MBEDTLS_ECP_DP_SECP256R1_ENABLED */
-#if defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED)
- {
- { ADD_LEN( MBEDTLS_OID_EC_GRP_SECP384R1 ), "secp384r1", "secp384r1" },
- MBEDTLS_ECP_DP_SECP384R1,
- },
-#endif /* MBEDTLS_ECP_DP_SECP384R1_ENABLED */
-#if defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED)
- {
- { ADD_LEN( MBEDTLS_OID_EC_GRP_SECP521R1 ), "secp521r1", "secp521r1" },
- MBEDTLS_ECP_DP_SECP521R1,
- },
-#endif /* MBEDTLS_ECP_DP_SECP521R1_ENABLED */
-#if defined(MBEDTLS_ECP_DP_SECP192K1_ENABLED)
- {
- { ADD_LEN( MBEDTLS_OID_EC_GRP_SECP192K1 ), "secp192k1", "secp192k1" },
- MBEDTLS_ECP_DP_SECP192K1,
- },
-#endif /* MBEDTLS_ECP_DP_SECP192K1_ENABLED */
-#if defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED)
- {
- { ADD_LEN( MBEDTLS_OID_EC_GRP_SECP224K1 ), "secp224k1", "secp224k1" },
- MBEDTLS_ECP_DP_SECP224K1,
- },
-#endif /* MBEDTLS_ECP_DP_SECP224K1_ENABLED */
-#if defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED)
- {
- { ADD_LEN( MBEDTLS_OID_EC_GRP_SECP256K1 ), "secp256k1", "secp256k1" },
- MBEDTLS_ECP_DP_SECP256K1,
- },
-#endif /* MBEDTLS_ECP_DP_SECP256K1_ENABLED */
-#if defined(MBEDTLS_ECP_DP_BP256R1_ENABLED)
- {
- { ADD_LEN( MBEDTLS_OID_EC_GRP_BP256R1 ), "brainpoolP256r1","brainpool256r1" },
- MBEDTLS_ECP_DP_BP256R1,
- },
-#endif /* MBEDTLS_ECP_DP_BP256R1_ENABLED */
-#if defined(MBEDTLS_ECP_DP_BP384R1_ENABLED)
- {
- { ADD_LEN( MBEDTLS_OID_EC_GRP_BP384R1 ), "brainpoolP384r1","brainpool384r1" },
- MBEDTLS_ECP_DP_BP384R1,
- },
-#endif /* MBEDTLS_ECP_DP_BP384R1_ENABLED */
-#if defined(MBEDTLS_ECP_DP_BP512R1_ENABLED)
- {
- { ADD_LEN( MBEDTLS_OID_EC_GRP_BP512R1 ), "brainpoolP512r1","brainpool512r1" },
- MBEDTLS_ECP_DP_BP512R1,
- },
-#endif /* MBEDTLS_ECP_DP_BP512R1_ENABLED */
- {
- { NULL, 0, NULL, NULL },
- MBEDTLS_ECP_DP_NONE,
- },
-};
-
-FN_OID_TYPED_FROM_ASN1(oid_ecp_grp_t, grp_id, oid_ecp_grp)
-FN_OID_GET_ATTR1(mbedtls_oid_get_ec_grp, oid_ecp_grp_t, grp_id, mbedtls_ecp_group_id, grp_id)
-FN_OID_GET_OID_BY_ATTR1(mbedtls_oid_get_oid_by_ec_grp, oid_ecp_grp_t, oid_ecp_grp, mbedtls_ecp_group_id, grp_id)
-#endif /* MBEDTLS_ECP_C */
-
-#if defined(MBEDTLS_CIPHER_C)
-/*
- * For PKCS#5 PBES2 encryption algorithm
- */
-typedef struct {
- mbedtls_oid_descriptor_t descriptor;
- mbedtls_cipher_type_t cipher_alg;
-} oid_cipher_alg_t;
-
-static const oid_cipher_alg_t oid_cipher_alg[] =
-{
- {
- { ADD_LEN( MBEDTLS_OID_DES_CBC ), "desCBC", "DES-CBC" },
- MBEDTLS_CIPHER_DES_CBC,
- },
- {
- { ADD_LEN( MBEDTLS_OID_DES_EDE3_CBC ), "des-ede3-cbc", "DES-EDE3-CBC" },
- MBEDTLS_CIPHER_DES_EDE3_CBC,
- },
- {
- { NULL, 0, NULL, NULL },
- MBEDTLS_CIPHER_NONE,
- },
-};
-
-FN_OID_TYPED_FROM_ASN1(oid_cipher_alg_t, cipher_alg, oid_cipher_alg)
-FN_OID_GET_ATTR1(mbedtls_oid_get_cipher_alg, oid_cipher_alg_t, cipher_alg, mbedtls_cipher_type_t, cipher_alg)
-#endif /* MBEDTLS_CIPHER_C */
-
-#if defined(MBEDTLS_MD_C)
-/*
- * For digestAlgorithm
- */
-typedef struct {
- mbedtls_oid_descriptor_t descriptor;
- mbedtls_md_type_t md_alg;
-} oid_md_alg_t;
-
-static const oid_md_alg_t oid_md_alg[] =
-{
-#if defined(MBEDTLS_MD2_C)
- {
- { ADD_LEN( MBEDTLS_OID_DIGEST_ALG_MD2 ), "id-md2", "MD2" },
- MBEDTLS_MD_MD2,
- },
-#endif /* MBEDTLS_MD2_C */
-#if defined(MBEDTLS_MD4_C)
- {
- { ADD_LEN( MBEDTLS_OID_DIGEST_ALG_MD4 ), "id-md4", "MD4" },
- MBEDTLS_MD_MD4,
- },
-#endif /* MBEDTLS_MD4_C */
-#if defined(MBEDTLS_MD5_C)
- {
- { ADD_LEN( MBEDTLS_OID_DIGEST_ALG_MD5 ), "id-md5", "MD5" },
- MBEDTLS_MD_MD5,
- },
-#endif /* MBEDTLS_MD5_C */
-#if defined(MBEDTLS_SHA1_C)
- {
- { ADD_LEN( MBEDTLS_OID_DIGEST_ALG_SHA1 ), "id-sha1", "SHA-1" },
- MBEDTLS_MD_SHA1,
- },
-#endif /* MBEDTLS_SHA1_C */
-#if defined(MBEDTLS_SHA256_C)
- {
- { ADD_LEN( MBEDTLS_OID_DIGEST_ALG_SHA224 ), "id-sha224", "SHA-224" },
- MBEDTLS_MD_SHA224,
- },
- {
- { ADD_LEN( MBEDTLS_OID_DIGEST_ALG_SHA256 ), "id-sha256", "SHA-256" },
- MBEDTLS_MD_SHA256,
- },
-#endif /* MBEDTLS_SHA256_C */
-#if defined(MBEDTLS_SHA512_C)
- {
- { ADD_LEN( MBEDTLS_OID_DIGEST_ALG_SHA384 ), "id-sha384", "SHA-384" },
- MBEDTLS_MD_SHA384,
- },
- {
- { ADD_LEN( MBEDTLS_OID_DIGEST_ALG_SHA512 ), "id-sha512", "SHA-512" },
- MBEDTLS_MD_SHA512,
- },
-#endif /* MBEDTLS_SHA512_C */
- {
- { NULL, 0, NULL, NULL },
- MBEDTLS_MD_NONE,
- },
-};
-
-FN_OID_TYPED_FROM_ASN1(oid_md_alg_t, md_alg, oid_md_alg)
-FN_OID_GET_ATTR1(mbedtls_oid_get_md_alg, oid_md_alg_t, md_alg, mbedtls_md_type_t, md_alg)
-FN_OID_GET_OID_BY_ATTR1(mbedtls_oid_get_oid_by_md, oid_md_alg_t, oid_md_alg, mbedtls_md_type_t, md_alg)
-#endif /* MBEDTLS_MD_C */
-
-#if defined(MBEDTLS_PKCS12_C)
-/*
- * For PKCS#12 PBEs
- */
-typedef struct {
- mbedtls_oid_descriptor_t descriptor;
- mbedtls_md_type_t md_alg;
- mbedtls_cipher_type_t cipher_alg;
-} oid_pkcs12_pbe_alg_t;
-
-static const oid_pkcs12_pbe_alg_t oid_pkcs12_pbe_alg[] =
-{
- {
- { ADD_LEN( MBEDTLS_OID_PKCS12_PBE_SHA1_DES3_EDE_CBC ), "pbeWithSHAAnd3-KeyTripleDES-CBC", "PBE with SHA1 and 3-Key 3DES" },
- MBEDTLS_MD_SHA1, MBEDTLS_CIPHER_DES_EDE3_CBC,
- },
- {
- { ADD_LEN( MBEDTLS_OID_PKCS12_PBE_SHA1_DES2_EDE_CBC ), "pbeWithSHAAnd2-KeyTripleDES-CBC", "PBE with SHA1 and 2-Key 3DES" },
- MBEDTLS_MD_SHA1, MBEDTLS_CIPHER_DES_EDE_CBC,
- },
- {
- { NULL, 0, NULL, NULL },
- MBEDTLS_MD_NONE, MBEDTLS_CIPHER_NONE,
- },
-};
-
-FN_OID_TYPED_FROM_ASN1(oid_pkcs12_pbe_alg_t, pkcs12_pbe_alg, oid_pkcs12_pbe_alg)
-FN_OID_GET_ATTR2(mbedtls_oid_get_pkcs12_pbe_alg, oid_pkcs12_pbe_alg_t, pkcs12_pbe_alg, mbedtls_md_type_t, md_alg, mbedtls_cipher_type_t, cipher_alg)
-#endif /* MBEDTLS_PKCS12_C */
-
-#define OID_SAFE_SNPRINTF \
- do { \
- if( ret < 0 || (size_t) ret >= n ) \
- return( MBEDTLS_ERR_OID_BUF_TOO_SMALL ); \
- \
- n -= (size_t) ret; \
- p += (size_t) ret; \
- } while( 0 )
-
-/* Return the x.y.z.... style numeric string for the given OID */
-int mbedtls_oid_get_numeric_string( char *buf, size_t size,
- const mbedtls_asn1_buf *oid )
-{
- int ret;
- size_t i, n;
- unsigned int value;
- char *p;
-
- p = buf;
- n = size;
-
- /* First byte contains first two dots */
- if( oid->len > 0 )
- {
- ret = mbedtls_snprintf( p, n, "%d.%d", oid->p[0] / 40, oid->p[0] % 40 );
- OID_SAFE_SNPRINTF;
- }
-
- value = 0;
- for( i = 1; i < oid->len; i++ )
- {
- /* Prevent overflow in value. */
- if( ( ( value << 7 ) >> 7 ) != value )
- return( MBEDTLS_ERR_OID_BUF_TOO_SMALL );
-
- value <<= 7;
- value += oid->p[i] & 0x7F;
-
- if( !( oid->p[i] & 0x80 ) )
- {
- /* Last byte */
- ret = mbedtls_snprintf( p, n, ".%d", value );
- OID_SAFE_SNPRINTF;
- value = 0;
- }
- }
-
- return( (int) ( size - n ) );
-}
-
-#endif /* MBEDTLS_OID_C */
diff --git a/backport/compat/verification/pkcs7.asn1.c b/backport/compat/verification/pkcs7.asn1.c
deleted file mode 100644
index d8c91f5b..00000000
--- a/backport/compat/verification/pkcs7.asn1.c
+++ /dev/null
@@ -1,355 +0,0 @@
-/*
- * Automatically generated by asn1_compiler. Do not edit
- *
- * ASN.1 parser for pkcs7
- */
-#include <linux/asn1_ber_bytecode.h>
-#include "pkcs7.asn1.h"
-
-enum pkcs7_actions {
- ACT_pkcs7_check_content_type = 0,
- ACT_pkcs7_extract_cert = 1,
- ACT_pkcs7_note_OID = 2,
- ACT_pkcs7_note_certificate_list = 3,
- ACT_pkcs7_note_content = 4,
- ACT_pkcs7_note_data = 5,
- ACT_pkcs7_note_signed_info = 6,
- ACT_pkcs7_note_signeddata_version = 7,
- ACT_pkcs7_note_signerinfo_version = 8,
- ACT_pkcs7_sig_note_authenticated_attr = 9,
- ACT_pkcs7_sig_note_digest_algo = 10,
- ACT_pkcs7_sig_note_issuer = 11,
- ACT_pkcs7_sig_note_pkey_algo = 12,
- ACT_pkcs7_sig_note_serial = 13,
- ACT_pkcs7_sig_note_set_of_authattrs = 14,
- ACT_pkcs7_sig_note_signature = 15,
- ACT_pkcs7_sig_note_skid = 16,
- NR__pkcs7_actions = 17
-};
-
-static const asn1_action_t pkcs7_action_table[NR__pkcs7_actions] = {
- [ 0] = pkcs7_check_content_type,
- [ 1] = pkcs7_extract_cert,
- [ 2] = pkcs7_note_OID,
- [ 3] = pkcs7_note_certificate_list,
- [ 4] = pkcs7_note_content,
- [ 5] = pkcs7_note_data,
- [ 6] = pkcs7_note_signed_info,
- [ 7] = pkcs7_note_signeddata_version,
- [ 8] = pkcs7_note_signerinfo_version,
- [ 9] = pkcs7_sig_note_authenticated_attr,
- [ 10] = pkcs7_sig_note_digest_algo,
- [ 11] = pkcs7_sig_note_issuer,
- [ 12] = pkcs7_sig_note_pkey_algo,
- [ 13] = pkcs7_sig_note_serial,
- [ 14] = pkcs7_sig_note_set_of_authattrs,
- [ 15] = pkcs7_sig_note_signature,
- [ 16] = pkcs7_sig_note_skid,
-};
-
-static const unsigned char pkcs7_machine[] = {
- // PKCS7ContentInfo
- [ 0] = ASN1_OP_MATCH,
- [ 1] = _tag(UNIV, CONS, SEQ),
- // ContentType
- [ 2] = ASN1_OP_MATCH_ACT,
- [ 3] = _tag(UNIV, PRIM, OID),
- [ 4] = _action(ACT_pkcs7_note_OID),
- [ 5] = ASN1_OP_ACT,
- [ 6] = _action(ACT_pkcs7_check_content_type),
- [ 7] = ASN1_OP_MATCH_JUMP_OR_SKIP, // content
- [ 8] = _tagn(CONT, CONS, 0),
- [ 9] = _jump_target(12),
- [ 10] = ASN1_OP_END_SEQ,
- [ 11] = ASN1_OP_COMPLETE,
-
- // SignedData
- [ 12] = ASN1_OP_MATCH,
- [ 13] = _tag(UNIV, CONS, SEQ),
- [ 14] = ASN1_OP_MATCH_ACT, // version
- [ 15] = _tag(UNIV, PRIM, INT),
- [ 16] = _action(ACT_pkcs7_note_signeddata_version),
- // DigestAlgorithmIdentifiers
- [ 17] = ASN1_OP_MATCH_JUMP_OR_SKIP, // daSet
- [ 18] = _tag(UNIV, CONS, SET),
- [ 19] = _jump_target(61),
- [ 20] = ASN1_OP_COND_MATCH_JUMP_OR_SKIP, // daSequence
- [ 21] = _tag(UNIV, CONS, SEQ),
- [ 22] = _jump_target(67),
- [ 23] = ASN1_OP_COND_FAIL,
- // ContentInfo
- [ 24] = ASN1_OP_MATCH,
- [ 25] = _tag(UNIV, CONS, SEQ),
- // ContentType
- [ 26] = ASN1_OP_MATCH_ACT,
- [ 27] = _tag(UNIV, PRIM, OID),
- [ 28] = _action(ACT_pkcs7_note_OID),
- [ 29] = ASN1_OP_ACT,
- [ 30] = _action(ACT_pkcs7_note_OID),
- [ 31] = ASN1_OP_MATCH_JUMP_OR_SKIP, // content
- [ 32] = _tagn(CONT, CONS, 0),
- [ 33] = _jump_target(73),
- [ 34] = ASN1_OP_END_SEQ,
- [ 35] = ASN1_OP_ACT,
- [ 36] = _action(ACT_pkcs7_note_content),
- // ExtendedCertificatesAndCertificates
- [ 37] = ASN1_OP_MATCH_JUMP_OR_SKIP, // certSet
- [ 38] = _tagn(CONT, CONS, 0),
- [ 39] = _jump_target(77), // --> ExtendedCertificatesAndCertificates
- // Certificates
- [ 40] = ASN1_OP_COND_MATCH_JUMP_OR_SKIP, // certSequence
- [ 41] = _tagn(CONT, CONS, 2),
- [ 42] = _jump_target(85), // --> Certificates
- [ 43] = ASN1_OP_ACT,
- [ 44] = _action(ACT_pkcs7_note_certificate_list),
- // CertificateRevocationLists
- [ 45] = ASN1_OP_MATCH_JUMP_OR_SKIP, // crlSet
- [ 46] = _tagn(CONT, CONS, 1),
- [ 47] = _jump_target(90), // --> CertificateRevocationLists
- // CRLSequence
- [ 48] = ASN1_OP_COND_MATCH_JUMP_OR_SKIP, // crlSequence
- [ 49] = _tagn(CONT, CONS, 3),
- [ 50] = _jump_target(96), // --> CRLSequence
- // SignerInfos
- [ 51] = ASN1_OP_MATCH_JUMP_OR_SKIP, // siSet
- [ 52] = _tag(UNIV, CONS, SET),
- [ 53] = _jump_target(102),
- [ 54] = ASN1_OP_COND_MATCH_JUMP_OR_SKIP, // siSequence
- [ 55] = _tag(UNIV, CONS, SEQ),
- [ 56] = _jump_target(108),
- [ 57] = ASN1_OP_COND_FAIL,
- [ 58] = ASN1_OP_END_SEQ,
- [ 59] = ASN1_OP_END_SEQ,
- [ 60] = ASN1_OP_RETURN,
-
- // DigestAlgorithmIdentifier
- [ 61] = ASN1_OP_MATCH_JUMP,
- [ 62] = _tag(UNIV, CONS, SEQ),
- [ 63] = _jump_target(114), // --> DigestAlgorithmIdentifier
- [ 64] = ASN1_OP_END_SET_OF,
- [ 65] = _jump_target(61),
- [ 66] = ASN1_OP_RETURN,
-
- // DigestAlgorithmIdentifier
- [ 67] = ASN1_OP_MATCH_JUMP,
- [ 68] = _tag(UNIV, CONS, SEQ),
- [ 69] = _jump_target(114), // --> DigestAlgorithmIdentifier
- [ 70] = ASN1_OP_END_SEQ_OF,
- [ 71] = _jump_target(67),
- [ 72] = ASN1_OP_RETURN,
-
- // Data
- [ 73] = ASN1_OP_MATCH_ANY_ACT,
- [ 74] = _action(ACT_pkcs7_note_data),
- [ 75] = ASN1_OP_END_SEQ,
- [ 76] = ASN1_OP_RETURN,
-
- // ExtendedCertificateOrCertificate
- // Certificate
- [ 77] = ASN1_OP_MATCH_ANY_ACT_OR_SKIP,
- [ 78] = _action(ACT_pkcs7_extract_cert),
- // ExtendedCertificate
- // Certificate
- [ 79] = ASN1_OP_COND_MATCH_ANY_ACT_OR_SKIP,
- [ 80] = _action(ACT_pkcs7_extract_cert),
- [ 81] = ASN1_OP_COND_FAIL,
- [ 82] = ASN1_OP_END_SET_OF,
- [ 83] = _jump_target(77),
- [ 84] = ASN1_OP_RETURN,
-
- // Certificate
- [ 85] = ASN1_OP_MATCH_ANY_ACT,
- [ 86] = _action(ACT_pkcs7_extract_cert),
- [ 87] = ASN1_OP_END_SEQ_OF,
- [ 88] = _jump_target(85),
- [ 89] = ASN1_OP_RETURN,
-
- // CertificateList
- [ 90] = ASN1_OP_MATCH_JUMP,
- [ 91] = _tag(UNIV, CONS, SEQ),
- [ 92] = _jump_target(120), // --> CertificateList
- [ 93] = ASN1_OP_END_SET_OF,
- [ 94] = _jump_target(90),
- [ 95] = ASN1_OP_RETURN,
-
- // CertificateList
- [ 96] = ASN1_OP_MATCH_JUMP,
- [ 97] = _tag(UNIV, CONS, SEQ),
- [ 98] = _jump_target(120), // --> CertificateList
- [ 99] = ASN1_OP_END_SEQ_OF,
- [ 100] = _jump_target(96),
- [ 101] = ASN1_OP_RETURN,
-
- // SignerInfo
- [ 102] = ASN1_OP_MATCH_JUMP,
- [ 103] = _tag(UNIV, CONS, SEQ),
- [ 104] = _jump_target(125), // --> SignerInfo
- [ 105] = ASN1_OP_END_SET_OF,
- [ 106] = _jump_target(102),
- [ 107] = ASN1_OP_RETURN,
-
- // SignerInfo
- [ 108] = ASN1_OP_MATCH_JUMP,
- [ 109] = _tag(UNIV, CONS, SEQ),
- [ 110] = _jump_target(125), // --> SignerInfo
- [ 111] = ASN1_OP_END_SEQ_OF,
- [ 112] = _jump_target(108),
- [ 113] = ASN1_OP_RETURN,
-
- [ 114] = ASN1_OP_MATCH_ACT, // algorithm
- [ 115] = _tag(UNIV, PRIM, OID),
- [ 116] = _action(ACT_pkcs7_note_OID),
- [ 117] = ASN1_OP_MATCH_ANY_OR_SKIP, // parameters
- [ 118] = ASN1_OP_END_SEQ,
- [ 119] = ASN1_OP_RETURN,
-
- // Certificate
- [ 120] = ASN1_OP_MATCH_ANY_ACT,
- [ 121] = _action(ACT_pkcs7_extract_cert),
- [ 122] = ASN1_OP_END_SEQ_OF,
- [ 123] = _jump_target(120),
- [ 124] = ASN1_OP_RETURN,
-
- [ 125] = ASN1_OP_MATCH_ACT, // version
- [ 126] = _tag(UNIV, PRIM, INT),
- [ 127] = _action(ACT_pkcs7_note_signerinfo_version),
- // SignerIdentifier
- // IssuerAndSerialNumber
- [ 128] = ASN1_OP_MATCH_JUMP_OR_SKIP, // issuerAndSerialNumber
- [ 129] = _tag(UNIV, CONS, SEQ),
- [ 130] = _jump_target(169), // --> IssuerAndSerialNumber
- // SubjectKeyIdentifier
- [ 131] = ASN1_OP_COND_MATCH_ACT_OR_SKIP, // subjectKeyIdentifier
- [ 132] = _tagn(CONT, PRIM, 0),
- [ 133] = _action(ACT_pkcs7_sig_note_skid),
- [ 134] = ASN1_OP_COND_FAIL,
- // DigestAlgorithmIdentifier
- [ 135] = ASN1_OP_MATCH_JUMP,
- [ 136] = _tag(UNIV, CONS, SEQ),
- [ 137] = _jump_target(114), // --> DigestAlgorithmIdentifier
- [ 138] = ASN1_OP_ACT,
- [ 139] = _action(ACT_pkcs7_sig_note_digest_algo),
- // SetOfAuthenticatedAttribute
- [ 140] = ASN1_OP_MATCH_JUMP_OR_SKIP, // aaSet
- [ 141] = _tagn(CONT, CONS, 0),
- [ 142] = _jump_target(192), // --> SetOfAuthenticatedAttribute
- [ 143] = ASN1_OP_MAYBE_ACT,
- [ 144] = _action(ACT_pkcs7_sig_note_set_of_authattrs),
- [ 145] = ASN1_OP_COND_MATCH_JUMP_OR_SKIP, // aaSequence
- [ 146] = _tagn(CONT, CONS, 2),
- [ 147] = _jump_target(198),
- // DigestEncryptionAlgorithmIdentifier
- [ 148] = ASN1_OP_MATCH,
- [ 149] = _tag(UNIV, CONS, SEQ),
- [ 150] = ASN1_OP_MATCH_ACT, // algorithm
- [ 151] = _tag(UNIV, PRIM, OID),
- [ 152] = _action(ACT_pkcs7_note_OID),
- [ 153] = ASN1_OP_MATCH_ANY_OR_SKIP, // parameters
- [ 154] = ASN1_OP_END_SEQ,
- [ 155] = ASN1_OP_ACT,
- [ 156] = _action(ACT_pkcs7_sig_note_pkey_algo),
- // EncryptedDigest
- [ 157] = ASN1_OP_MATCH_ACT,
- [ 158] = _tag(UNIV, PRIM, OTS),
- [ 159] = _action(ACT_pkcs7_sig_note_signature),
- [ 160] = ASN1_OP_MATCH_JUMP_OR_SKIP, // uaSet
- [ 161] = _tagn(CONT, CONS, 1),
- [ 162] = _jump_target(207),
- [ 163] = ASN1_OP_COND_MATCH_JUMP_OR_SKIP, // uaSequence
- [ 164] = _tagn(CONT, CONS, 3),
- [ 165] = _jump_target(213),
- [ 166] = ASN1_OP_END_SEQ_ACT,
- [ 167] = _action(ACT_pkcs7_note_signed_info),
- [ 168] = ASN1_OP_RETURN,
-
- // Name
- [ 169] = ASN1_OP_MATCH,
- [ 170] = _tag(UNIV, CONS, SEQ),
- // RelativeDistinguishedName
- [ 171] = ASN1_OP_MATCH,
- [ 172] = _tag(UNIV, CONS, SET),
- // AttributeValueAssertion
- [ 173] = ASN1_OP_MATCH,
- [ 174] = _tag(UNIV, CONS, SEQ),
- [ 175] = ASN1_OP_MATCH_ACT, // attributeType
- [ 176] = _tag(UNIV, PRIM, OID),
- [ 177] = _action(ACT_pkcs7_note_OID),
- [ 178] = ASN1_OP_MATCH_ANY, // attributeValue
- [ 179] = ASN1_OP_END_SEQ,
- [ 180] = ASN1_OP_END_SET_OF,
- [ 181] = _jump_target(173),
- [ 182] = ASN1_OP_END_SEQ_OF,
- [ 183] = _jump_target(171),
- [ 184] = ASN1_OP_ACT,
- [ 185] = _action(ACT_pkcs7_sig_note_issuer),
- // CertificateSerialNumber
- [ 186] = ASN1_OP_MATCH,
- [ 187] = _tag(UNIV, PRIM, INT),
- [ 188] = ASN1_OP_ACT,
- [ 189] = _action(ACT_pkcs7_sig_note_serial),
- [ 190] = ASN1_OP_END_SEQ,
- [ 191] = ASN1_OP_RETURN,
-
- // AuthenticatedAttribute
- [ 192] = ASN1_OP_MATCH_JUMP,
- [ 193] = _tag(UNIV, CONS, SEQ),
- [ 194] = _jump_target(219), // --> AuthenticatedAttribute
- [ 195] = ASN1_OP_END_SET_OF,
- [ 196] = _jump_target(192),
- [ 197] = ASN1_OP_RETURN,
-
- [ 198] = ASN1_OP_MATCH, // aaSequence
- [ 199] = _tag(UNIV, CONS, SEQ),
- // AuthenticatedAttribute
- [ 200] = ASN1_OP_MATCH_JUMP,
- [ 201] = _tag(UNIV, CONS, SEQ),
- [ 202] = _jump_target(219), // --> AuthenticatedAttribute
- [ 203] = ASN1_OP_END_SEQ_OF,
- [ 204] = _jump_target(200),
- [ 205] = ASN1_OP_END_SEQ,
- [ 206] = ASN1_OP_RETURN,
-
- // UnauthenticatedAttribute
- [ 207] = ASN1_OP_MATCH_JUMP,
- [ 208] = _tag(UNIV, CONS, SEQ),
- [ 209] = _jump_target(230), // --> UnauthenticatedAttribute
- [ 210] = ASN1_OP_END_SET_OF,
- [ 211] = _jump_target(207),
- [ 212] = ASN1_OP_RETURN,
-
- // UnauthenticatedAttribute
- [ 213] = ASN1_OP_MATCH_JUMP,
- [ 214] = _tag(UNIV, CONS, SEQ),
- [ 215] = _jump_target(230), // --> UnauthenticatedAttribute
- [ 216] = ASN1_OP_END_SEQ_OF,
- [ 217] = _jump_target(213),
- [ 218] = ASN1_OP_RETURN,
-
- [ 219] = ASN1_OP_MATCH_ACT, // type
- [ 220] = _tag(UNIV, PRIM, OID),
- [ 221] = _action(ACT_pkcs7_note_OID),
- [ 222] = ASN1_OP_MATCH, // values
- [ 223] = _tag(UNIV, CONS, SET),
- [ 224] = ASN1_OP_MATCH_ANY_ACT,
- [ 225] = _action(ACT_pkcs7_sig_note_authenticated_attr),
- [ 226] = ASN1_OP_END_SET_OF,
- [ 227] = _jump_target(224),
- [ 228] = ASN1_OP_END_SEQ,
- [ 229] = ASN1_OP_RETURN,
-
- [ 230] = ASN1_OP_MATCH, // type
- [ 231] = _tag(UNIV, PRIM, OID),
- [ 232] = ASN1_OP_MATCH, // values
- [ 233] = _tag(UNIV, CONS, SET),
- [ 234] = ASN1_OP_MATCH_ANY,
- [ 235] = ASN1_OP_END_SET_OF,
- [ 236] = _jump_target(234),
- [ 237] = ASN1_OP_END_SEQ,
- [ 238] = ASN1_OP_RETURN,
-};
-
-const struct asn1_decoder pkcs7_decoder = {
- .machine = pkcs7_machine,
- .machlen = sizeof(pkcs7_machine),
- .actions = pkcs7_action_table,
-};
diff --git a/backport/compat/verification/pkcs7.asn1.h b/backport/compat/verification/pkcs7.asn1.h
deleted file mode 100644
index b34e160f..00000000
--- a/backport/compat/verification/pkcs7.asn1.h
+++ /dev/null
@@ -1,27 +0,0 @@
-/*
- * Automatically generated by asn1_compiler. Do not edit
- *
- * ASN.1 parser for pkcs7
- */
-#include <linux/asn1_decoder.h>
-
-extern const struct asn1_decoder pkcs7_decoder;
-
-extern int pkcs7_check_content_type(void *, size_t, unsigned char, const void *, size_t);
-extern int pkcs7_extract_cert(void *, size_t, unsigned char, const void *, size_t);
-extern int pkcs7_note_OID(void *, size_t, unsigned char, const void *, size_t);
-extern int pkcs7_note_certificate_list(void *, size_t, unsigned char, const void *, size_t);
-extern int pkcs7_note_content(void *, size_t, unsigned char, const void *, size_t);
-extern int pkcs7_note_data(void *, size_t, unsigned char, const void *, size_t);
-extern int pkcs7_note_signed_info(void *, size_t, unsigned char, const void *, size_t);
-extern int pkcs7_note_signeddata_version(void *, size_t, unsigned char, const void *, size_t);
-extern int pkcs7_note_signerinfo_version(void *, size_t, unsigned char, const void *, size_t);
-extern int pkcs7_sig_note_authenticated_attr(void *, size_t, unsigned char, const void *, size_t);
-extern int pkcs7_sig_note_digest_algo(void *, size_t, unsigned char, const void *, size_t);
-extern int pkcs7_sig_note_issuer(void *, size_t, unsigned char, const void *, size_t);
-extern int pkcs7_sig_note_pkey_algo(void *, size_t, unsigned char, const void *, size_t);
-extern int pkcs7_sig_note_serial(void *, size_t, unsigned char, const void *, size_t);
-extern int pkcs7_sig_note_set_of_authattrs(void *, size_t, unsigned char, const void *, size_t);
-extern int pkcs7_sig_note_signature(void *, size_t, unsigned char, const void *, size_t);
-extern int pkcs7_sig_note_skid(void *, size_t, unsigned char, const void *, size_t);
-
diff --git a/backport/compat/verification/public_key.c b/backport/compat/verification/public_key.c
deleted file mode 100644
index 83a69357..00000000
--- a/backport/compat/verification/public_key.c
+++ /dev/null
@@ -1,131 +0,0 @@
-/*
- * Adapted from the kernel for simplicity in backports.
- *
- * Copyright (C) 2012 Red Hat, Inc. All Rights Reserved.
- * Written by David Howells (dhowells@xxxxxxxxxx)
- *
- * This program is free software; you can redistribute it and/or
- * modify it under the terms of the GNU General Public Licence
- * as published by the Free Software Foundation; either version
- * 2 of the Licence, or (at your option) any later version.
- */
-
-#define pr_fmt(fmt) "PKEY: "fmt
-#include <linux/export.h>
-#include <linux/kernel.h>
-#include <linux/slab.h>
-#include <linux/seq_file.h>
-#include <linux/scatterlist.h>
-#include <linux/asn1_decoder.h>
-#include <crypto/public_key.h>
-#include "rsapubkey.asn1.h"
-#include "mbedtls/rsa.h"
-#include "mbedtls/md.h"
-
-void public_key_free(struct public_key *key)
-{
- if (key) {
- kfree(key->key);
- kfree(key);
- }
-}
-
-int rsa_get_n(void *context, size_t hdrlen, unsigned char tag,
- const void *value, size_t vlen)
-{
- mbedtls_rsa_context *rsa = context;
-
- /* invalid key provided */
- if (!value || !vlen)
- return -EINVAL;
-
- return mbedtls_mpi_read_binary(&rsa->N, value, vlen) ? -EINVAL : 0;
-}
-
-int rsa_get_e(void *context, size_t hdrlen, unsigned char tag,
- const void *value, size_t vlen)
-{
- mbedtls_rsa_context *rsa = context;
-
- /* invalid key provided */
- if (!value || !vlen)
- return -EINVAL;
-
- return mbedtls_mpi_read_binary(&rsa->E, value, vlen) ? -EINVAL : 0;
-}
-
-int public_key_verify_signature(const struct public_key *pkey,
- const struct public_key_signature *sig)
-{
- mbedtls_rsa_context rsa;
- mbedtls_md_type_t md_alg;
- const u8 *sigdata = sig->s;
- int s_size = sig->s_size;
- int ret;
-
- if (WARN_ON(!pkey))
- return -EINVAL;
-
- if (strcmp(sig->pkey_algo, "rsa"))
- return -ENOTSUPP;
-
- if (strcmp(sig->hash_algo, "sha1") == 0)
- md_alg = MBEDTLS_MD_SHA1;
- else if (strcmp(sig->hash_algo, "sha256") == 0)
- md_alg = MBEDTLS_MD_SHA256;
- else
- return -ENOTSUPP;
-
- mbedtls_rsa_init(&rsa, MBEDTLS_RSA_PKCS_V15, 0);
-
- ret = asn1_ber_decoder(&rsapubkey_decoder, &rsa,
- pkey->key, pkey->keylen);
- if (ret)
- goto free;
-
- rsa.len = (mbedtls_mpi_bitlen(&rsa.N) + 7) >> 3;
-
- /*
- * In some cases (from X.509 certificates) we get here with a
- * BIT_STRING ASN.1 object, in which the first byte indicates
- * the number of unused bits in the bit string (in case the
- * string isn't a multiple of 8 long).
- * Assume here that it's always a multiple of 8, and just skip
- * the additional byte.
- */
- if (s_size == rsa.len + 1 && sigdata[0] == 0) {
- sigdata = sig->s + 1;
- s_size -= 1;
- }
-
- if (rsa.len != s_size) {
- ret = -EINVAL;
- goto free;
- }
-
- ret = mbedtls_rsa_pkcs1_verify(&rsa, NULL, NULL, MBEDTLS_RSA_PUBLIC,
- md_alg, 0, sig->digest, sigdata);
-
- if (ret)
- ret = -EKEYREJECTED;
- else
- ret = 0;
-
- free:
- mbedtls_rsa_free(&rsa);
-
- return ret;
-}
-
-void public_key_signature_free(struct public_key_signature *sig)
-{
- int i;
-
- if (sig) {
- for (i = 0; i < ARRAY_SIZE(sig->auth_ids); i++)
- kfree(sig->auth_ids[i]);
- kfree(sig->s);
- kfree(sig->digest);
- kfree(sig);
- }
-}
diff --git a/backport/compat/verification/rsa.c b/backport/compat/verification/rsa.c
deleted file mode 100644
index 605bd885..00000000
--- a/backport/compat/verification/rsa.c
+++ /dev/null
@@ -1,1872 +0,0 @@
-/*
- * The RSA public-key cryptosystem
- *
- * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
- * SPDX-License-Identifier: GPL-2.0
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License along
- * with this program; if not, write to the Free Software Foundation, Inc.,
- * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
- *
- * This file is part of mbed TLS (https://tls.mbed.org)
- */
-/*
- * The following sources were referenced in the design of this implementation
- * of the RSA algorithm:
- *
- * [1] A method for obtaining digital signatures and public-key cryptosystems
- * R Rivest, A Shamir, and L Adleman
- * http://people.csail.mit.edu/rivest/pubs.html#RSA78
- *
- * [2] Handbook of Applied Cryptography - 1997, Chapter 8
- * Menezes, van Oorschot and Vanstone
- *
- * [3] Malware Guard Extension: Using SGX to Conceal Cache Attacks
- * Michael Schwarz, Samuel Weiser, Daniel Gruss, Clémentine Maurice and
- * Stefan Mangard
- * https://arxiv.org/abs/1702.08719v2
- *
- */
-
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "mbedtls/config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
-
-#if defined(MBEDTLS_RSA_C)
-
-#include "mbedtls/rsa.h"
-#include "mbedtls/oid.h"
-
-#if defined(MBEDTLS_PKCS1_V21)
-#include "mbedtls/md.h"
-#endif
-
-#if defined(MBEDTLS_PKCS1_V15) && !defined(__OpenBSD__)
-#include <stdlib.h>
-#endif
-
-#if defined(MBEDTLS_PLATFORM_C)
-#include "mbedtls/platform.h"
-#else
-#include <stdio.h>
-#define mbedtls_printf printf
-#define mbedtls_calloc calloc
-#define mbedtls_free free
-#endif
-
-/* Implementation that should never be optimized out by the compiler */
-static void mbedtls_zeroize( void *v, size_t n ) {
- volatile unsigned char *p = (unsigned char*)v; while( n-- ) *p++ = 0;
-}
-
-/*
- * Initialize an RSA context
- */
-void mbedtls_rsa_init( mbedtls_rsa_context *ctx,
- int padding,
- int hash_id )
-{
- memset( ctx, 0, sizeof( mbedtls_rsa_context ) );
-
- mbedtls_rsa_set_padding( ctx, padding, hash_id );
-
-#if defined(MBEDTLS_THREADING_C)
- mbedtls_mutex_init( &ctx->mutex );
-#endif
-}
-
-/*
- * Set padding for an existing RSA context
- */
-void mbedtls_rsa_set_padding( mbedtls_rsa_context *ctx, int padding, int hash_id )
-{
- ctx->padding = padding;
- ctx->hash_id = hash_id;
-}
-
-#if defined(MBEDTLS_GENPRIME)
-
-/*
- * Generate an RSA keypair
- */
-int mbedtls_rsa_gen_key( mbedtls_rsa_context *ctx,
- int (*f_rng)(void *, unsigned char *, size_t),
- void *p_rng,
- unsigned int nbits, int exponent )
-{
- int ret;
- mbedtls_mpi P1, Q1, H, G;
-
- if( f_rng == NULL || nbits < 128 || exponent < 3 )
- return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
-
- if( nbits % 2 )
- return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
-
- mbedtls_mpi_init( &P1 ); mbedtls_mpi_init( &Q1 );
- mbedtls_mpi_init( &H ); mbedtls_mpi_init( &G );
-
- /*
- * find primes P and Q with Q < P so that:
- * GCD( E, (P-1)*(Q-1) ) == 1
- */
- MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &ctx->E, exponent ) );
-
- do
- {
- MBEDTLS_MPI_CHK( mbedtls_mpi_gen_prime( &ctx->P, nbits >> 1, 0,
- f_rng, p_rng ) );
-
- MBEDTLS_MPI_CHK( mbedtls_mpi_gen_prime( &ctx->Q, nbits >> 1, 0,
- f_rng, p_rng ) );
-
- if( mbedtls_mpi_cmp_mpi( &ctx->P, &ctx->Q ) == 0 )
- continue;
-
- MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &ctx->N, &ctx->P, &ctx->Q ) );
- if( mbedtls_mpi_bitlen( &ctx->N ) != nbits )
- continue;
-
- if( mbedtls_mpi_cmp_mpi( &ctx->P, &ctx->Q ) < 0 )
- mbedtls_mpi_swap( &ctx->P, &ctx->Q );
-
- MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( &P1, &ctx->P, 1 ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( &Q1, &ctx->Q, 1 ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &H, &P1, &Q1 ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_gcd( &G, &ctx->E, &H ) );
- }
- while( mbedtls_mpi_cmp_int( &G, 1 ) != 0 );
-
- /*
- * D = E^-1 mod ((P-1)*(Q-1))
- * DP = D mod (P - 1)
- * DQ = D mod (Q - 1)
- * QP = Q^-1 mod P
- */
- MBEDTLS_MPI_CHK( mbedtls_mpi_inv_mod( &ctx->D , &ctx->E, &H ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &ctx->DP, &ctx->D, &P1 ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &ctx->DQ, &ctx->D, &Q1 ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_inv_mod( &ctx->QP, &ctx->Q, &ctx->P ) );
-
- ctx->len = ( mbedtls_mpi_bitlen( &ctx->N ) + 7 ) >> 3;
-
-cleanup:
-
- mbedtls_mpi_free( &P1 ); mbedtls_mpi_free( &Q1 ); mbedtls_mpi_free( &H ); mbedtls_mpi_free( &G );
-
- if( ret != 0 )
- {
- mbedtls_rsa_free( ctx );
- return( MBEDTLS_ERR_RSA_KEY_GEN_FAILED + ret );
- }
-
- return( 0 );
-}
-
-#endif /* MBEDTLS_GENPRIME */
-
-/*
- * Check a public RSA key
- */
-int mbedtls_rsa_check_pubkey( const mbedtls_rsa_context *ctx )
-{
- if( !ctx->N.p || !ctx->E.p )
- return( MBEDTLS_ERR_RSA_KEY_CHECK_FAILED );
-
- if( ( ctx->N.p[0] & 1 ) == 0 ||
- ( ctx->E.p[0] & 1 ) == 0 )
- return( MBEDTLS_ERR_RSA_KEY_CHECK_FAILED );
-
- if( mbedtls_mpi_bitlen( &ctx->N ) < 128 ||
- mbedtls_mpi_bitlen( &ctx->N ) > MBEDTLS_MPI_MAX_BITS )
- return( MBEDTLS_ERR_RSA_KEY_CHECK_FAILED );
-
- if( mbedtls_mpi_bitlen( &ctx->E ) < 2 ||
- mbedtls_mpi_cmp_mpi( &ctx->E, &ctx->N ) >= 0 )
- return( MBEDTLS_ERR_RSA_KEY_CHECK_FAILED );
-
- return( 0 );
-}
-
-/*
- * Check a private RSA key
- */
-int mbedtls_rsa_check_privkey( const mbedtls_rsa_context *ctx )
-{
- int ret;
- mbedtls_mpi PQ, DE, P1, Q1, H, I, G, G2, L1, L2, DP, DQ, QP;
-
- if( ( ret = mbedtls_rsa_check_pubkey( ctx ) ) != 0 )
- return( ret );
-
- if( !ctx->P.p || !ctx->Q.p || !ctx->D.p )
- return( MBEDTLS_ERR_RSA_KEY_CHECK_FAILED );
-
- mbedtls_mpi_init( &PQ ); mbedtls_mpi_init( &DE ); mbedtls_mpi_init( &P1 ); mbedtls_mpi_init( &Q1 );
- mbedtls_mpi_init( &H ); mbedtls_mpi_init( &I ); mbedtls_mpi_init( &G ); mbedtls_mpi_init( &G2 );
- mbedtls_mpi_init( &L1 ); mbedtls_mpi_init( &L2 ); mbedtls_mpi_init( &DP ); mbedtls_mpi_init( &DQ );
- mbedtls_mpi_init( &QP );
-
- MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &PQ, &ctx->P, &ctx->Q ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &DE, &ctx->D, &ctx->E ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( &P1, &ctx->P, 1 ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( &Q1, &ctx->Q, 1 ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &H, &P1, &Q1 ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_gcd( &G, &ctx->E, &H ) );
-
- MBEDTLS_MPI_CHK( mbedtls_mpi_gcd( &G2, &P1, &Q1 ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_div_mpi( &L1, &L2, &H, &G2 ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &I, &DE, &L1 ) );
-
- MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &DP, &ctx->D, &P1 ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &DQ, &ctx->D, &Q1 ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_inv_mod( &QP, &ctx->Q, &ctx->P ) );
- /*
- * Check for a valid PKCS1v2 private key
- */
- if( mbedtls_mpi_cmp_mpi( &PQ, &ctx->N ) != 0 ||
- mbedtls_mpi_cmp_mpi( &DP, &ctx->DP ) != 0 ||
- mbedtls_mpi_cmp_mpi( &DQ, &ctx->DQ ) != 0 ||
- mbedtls_mpi_cmp_mpi( &QP, &ctx->QP ) != 0 ||
- mbedtls_mpi_cmp_int( &L2, 0 ) != 0 ||
- mbedtls_mpi_cmp_int( &I, 1 ) != 0 ||
- mbedtls_mpi_cmp_int( &G, 1 ) != 0 )
- {
- ret = MBEDTLS_ERR_RSA_KEY_CHECK_FAILED;
- }
-
-cleanup:
- mbedtls_mpi_free( &PQ ); mbedtls_mpi_free( &DE ); mbedtls_mpi_free( &P1 ); mbedtls_mpi_free( &Q1 );
- mbedtls_mpi_free( &H ); mbedtls_mpi_free( &I ); mbedtls_mpi_free( &G ); mbedtls_mpi_free( &G2 );
- mbedtls_mpi_free( &L1 ); mbedtls_mpi_free( &L2 ); mbedtls_mpi_free( &DP ); mbedtls_mpi_free( &DQ );
- mbedtls_mpi_free( &QP );
-
- if( ret == MBEDTLS_ERR_RSA_KEY_CHECK_FAILED )
- return( ret );
-
- if( ret != 0 )
- return( MBEDTLS_ERR_RSA_KEY_CHECK_FAILED + ret );
-
- return( 0 );
-}
-
-/*
- * Check if contexts holding a public and private key match
- */
-int mbedtls_rsa_check_pub_priv( const mbedtls_rsa_context *pub, const mbedtls_rsa_context *prv )
-{
- if( mbedtls_rsa_check_pubkey( pub ) != 0 ||
- mbedtls_rsa_check_privkey( prv ) != 0 )
- {
- return( MBEDTLS_ERR_RSA_KEY_CHECK_FAILED );
- }
-
- if( mbedtls_mpi_cmp_mpi( &pub->N, &prv->N ) != 0 ||
- mbedtls_mpi_cmp_mpi( &pub->E, &prv->E ) != 0 )
- {
- return( MBEDTLS_ERR_RSA_KEY_CHECK_FAILED );
- }
-
- return( 0 );
-}
-
-/*
- * Do an RSA public key operation
- */
-int mbedtls_rsa_public( mbedtls_rsa_context *ctx,
- const unsigned char *input,
- unsigned char *output )
-{
- int ret;
- size_t olen;
- mbedtls_mpi T;
-
- mbedtls_mpi_init( &T );
-
-#if defined(MBEDTLS_THREADING_C)
- if( ( ret = mbedtls_mutex_lock( &ctx->mutex ) ) != 0 )
- return( ret );
-#endif
-
- MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary( &T, input, ctx->len ) );
-
- if( mbedtls_mpi_cmp_mpi( &T, &ctx->N ) >= 0 )
- {
- ret = MBEDTLS_ERR_MPI_BAD_INPUT_DATA;
- goto cleanup;
- }
-
- olen = ctx->len;
- MBEDTLS_MPI_CHK( mbedtls_mpi_exp_mod( &T, &T, &ctx->E, &ctx->N, &ctx->RN ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( &T, output, olen ) );
-
-cleanup:
-#if defined(MBEDTLS_THREADING_C)
- if( mbedtls_mutex_unlock( &ctx->mutex ) != 0 )
- return( MBEDTLS_ERR_THREADING_MUTEX_ERROR );
-#endif
-
- mbedtls_mpi_free( &T );
-
- if( ret != 0 )
- return( MBEDTLS_ERR_RSA_PUBLIC_FAILED + ret );
-
- return( 0 );
-}
-
-/*
- * Generate or update blinding values, see section 10 of:
- * KOCHER, Paul C. Timing attacks on implementations of Diffie-Hellman, RSA,
- * DSS, and other systems. In : Advances in Cryptology-CRYPTO'96. Springer
- * Berlin Heidelberg, 1996. p. 104-113.
- */
-static int rsa_prepare_blinding( mbedtls_rsa_context *ctx,
- int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
-{
- int ret, count = 0;
-
- if( ctx->Vf.p != NULL )
- {
- /* We already have blinding values, just update them by squaring */
- MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &ctx->Vi, &ctx->Vi, &ctx->Vi ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &ctx->Vi, &ctx->Vi, &ctx->N ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &ctx->Vf, &ctx->Vf, &ctx->Vf ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &ctx->Vf, &ctx->Vf, &ctx->N ) );
-
- goto cleanup;
- }
-
- /* Unblinding value: Vf = random number, invertible mod N */
- do {
- if( count++ > 10 )
- return( MBEDTLS_ERR_RSA_RNG_FAILED );
-
- MBEDTLS_MPI_CHK( mbedtls_mpi_fill_random( &ctx->Vf, ctx->len - 1, f_rng, p_rng ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_gcd( &ctx->Vi, &ctx->Vf, &ctx->N ) );
- } while( mbedtls_mpi_cmp_int( &ctx->Vi, 1 ) != 0 );
-
- /* Blinding value: Vi = Vf^(-e) mod N */
- MBEDTLS_MPI_CHK( mbedtls_mpi_inv_mod( &ctx->Vi, &ctx->Vf, &ctx->N ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_exp_mod( &ctx->Vi, &ctx->Vi, &ctx->E, &ctx->N, &ctx->RN ) );
-
-
-cleanup:
- return( ret );
-}
-
-/*
- * Exponent blinding supposed to prevent side-channel attacks using multiple
- * traces of measurements to recover the RSA key. The more collisions are there,
- * the more bits of the key can be recovered. See [3].
- *
- * Collecting n collisions with m bit long blinding value requires 2^(m-m/n)
- * observations on avarage.
- *
- * For example with 28 byte blinding to achieve 2 collisions the adversary has
- * to make 2^112 observations on avarage.
- *
- * (With the currently (as of 2017 April) known best algorithms breaking 2048
- * bit RSA requires approximately as much time as trying out 2^112 random keys.
- * Thus in this sense with 28 byte blinding the security is not reduced by
- * side-channel attacks like the one in [3])
- *
- * This countermeasure does not help if the key recovery is possible with a
- * single trace.
- */
-#define RSA_EXPONENT_BLINDING 28
-
-/*
- * Do an RSA private key operation
- */
-int mbedtls_rsa_private( mbedtls_rsa_context *ctx,
- int (*f_rng)(void *, unsigned char *, size_t),
- void *p_rng,
- const unsigned char *input,
- unsigned char *output )
-{
- int ret;
- size_t olen;
- mbedtls_mpi T, T1, T2;
- mbedtls_mpi P1, Q1, R;
-#if defined(MBEDTLS_RSA_NO_CRT)
- mbedtls_mpi D_blind;
- mbedtls_mpi *D = &ctx->D;
-#else
- mbedtls_mpi DP_blind, DQ_blind;
- mbedtls_mpi *DP = &ctx->DP;
- mbedtls_mpi *DQ = &ctx->DQ;
-#endif
-
- /* Make sure we have private key info, prevent possible misuse */
- if( ctx->P.p == NULL || ctx->Q.p == NULL || ctx->D.p == NULL )
- return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
-
- mbedtls_mpi_init( &T ); mbedtls_mpi_init( &T1 ); mbedtls_mpi_init( &T2 );
- mbedtls_mpi_init( &P1 ); mbedtls_mpi_init( &Q1 ); mbedtls_mpi_init( &R );
-
-
- if( f_rng != NULL )
- {
-#if defined(MBEDTLS_RSA_NO_CRT)
- mbedtls_mpi_init( &D_blind );
-#else
- mbedtls_mpi_init( &DP_blind );
- mbedtls_mpi_init( &DQ_blind );
-#endif
- }
-
-
-#if defined(MBEDTLS_THREADING_C)
- if( ( ret = mbedtls_mutex_lock( &ctx->mutex ) ) != 0 )
- return( ret );
-#endif
-
- MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary( &T, input, ctx->len ) );
- if( mbedtls_mpi_cmp_mpi( &T, &ctx->N ) >= 0 )
- {
- ret = MBEDTLS_ERR_MPI_BAD_INPUT_DATA;
- goto cleanup;
- }
-
- if( f_rng != NULL )
- {
- /*
- * Blinding
- * T = T * Vi mod N
- */
- MBEDTLS_MPI_CHK( rsa_prepare_blinding( ctx, f_rng, p_rng ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &T, &T, &ctx->Vi ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &T, &T, &ctx->N ) );
-
- /*
- * Exponent blinding
- */
- MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( &P1, &ctx->P, 1 ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( &Q1, &ctx->Q, 1 ) );
-
-#if defined(MBEDTLS_RSA_NO_CRT)
- /*
- * D_blind = ( P - 1 ) * ( Q - 1 ) * R + D
- */
- MBEDTLS_MPI_CHK( mbedtls_mpi_fill_random( &R, RSA_EXPONENT_BLINDING,
- f_rng, p_rng ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &D_blind, &P1, &Q1 ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &D_blind, &D_blind, &R ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_add_mpi( &D_blind, &D_blind, &ctx->D ) );
-
- D = &D_blind;
-#else
- /*
- * DP_blind = ( P - 1 ) * R + DP
- */
- MBEDTLS_MPI_CHK( mbedtls_mpi_fill_random( &R, RSA_EXPONENT_BLINDING,
- f_rng, p_rng ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &DP_blind, &P1, &R ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_add_mpi( &DP_blind, &DP_blind,
- &ctx->DP ) );
-
- DP = &DP_blind;
-
- /*
- * DQ_blind = ( Q - 1 ) * R + DQ
- */
- MBEDTLS_MPI_CHK( mbedtls_mpi_fill_random( &R, RSA_EXPONENT_BLINDING,
- f_rng, p_rng ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &DQ_blind, &Q1, &R ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_add_mpi( &DQ_blind, &DQ_blind,
- &ctx->DQ ) );
-
- DQ = &DQ_blind;
-#endif /* MBEDTLS_RSA_NO_CRT */
- }
-
-#if defined(MBEDTLS_RSA_NO_CRT)
- MBEDTLS_MPI_CHK( mbedtls_mpi_exp_mod( &T, &T, D, &ctx->N, &ctx->RN ) );
-#else
- /*
- * Faster decryption using the CRT
- *
- * T1 = input ^ dP mod P
- * T2 = input ^ dQ mod Q
- */
- MBEDTLS_MPI_CHK( mbedtls_mpi_exp_mod( &T1, &T, DP, &ctx->P, &ctx->RP ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_exp_mod( &T2, &T, DQ, &ctx->Q, &ctx->RQ ) );
-
- /*
- * T = (T1 - T2) * (Q^-1 mod P) mod P
- */
- MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( &T, &T1, &T2 ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &T1, &T, &ctx->QP ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &T, &T1, &ctx->P ) );
-
- /*
- * T = T2 + T * Q
- */
- MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &T1, &T, &ctx->Q ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_add_mpi( &T, &T2, &T1 ) );
-#endif /* MBEDTLS_RSA_NO_CRT */
-
- if( f_rng != NULL )
- {
- /*
- * Unblind
- * T = T * Vf mod N
- */
- MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &T, &T, &ctx->Vf ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &T, &T, &ctx->N ) );
- }
-
- olen = ctx->len;
- MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( &T, output, olen ) );
-
-cleanup:
-#if defined(MBEDTLS_THREADING_C)
- if( mbedtls_mutex_unlock( &ctx->mutex ) != 0 )
- return( MBEDTLS_ERR_THREADING_MUTEX_ERROR );
-#endif
-
- mbedtls_mpi_free( &T ); mbedtls_mpi_free( &T1 ); mbedtls_mpi_free( &T2 );
- mbedtls_mpi_free( &P1 ); mbedtls_mpi_free( &Q1 ); mbedtls_mpi_free( &R );
-
- if( f_rng != NULL )
- {
-#if defined(MBEDTLS_RSA_NO_CRT)
- mbedtls_mpi_free( &D_blind );
-#else
- mbedtls_mpi_free( &DP_blind );
- mbedtls_mpi_free( &DQ_blind );
-#endif
- }
-
- if( ret != 0 )
- return( MBEDTLS_ERR_RSA_PRIVATE_FAILED + ret );
-
- return( 0 );
-}
-
-#if defined(MBEDTLS_PKCS1_V21)
-/**
- * Generate and apply the MGF1 operation (from PKCS#1 v2.1) to a buffer.
- *
- * \param dst buffer to mask
- * \param dlen length of destination buffer
- * \param src source of the mask generation
- * \param slen length of the source buffer
- * \param md_ctx message digest context to use
- */
-static void mgf_mask( unsigned char *dst, size_t dlen, unsigned char *src,
- size_t slen, mbedtls_md_context_t *md_ctx )
-{
- unsigned char mask[MBEDTLS_MD_MAX_SIZE];
- unsigned char counter[4];
- unsigned char *p;
- unsigned int hlen;
- size_t i, use_len;
-
- memset( mask, 0, MBEDTLS_MD_MAX_SIZE );
- memset( counter, 0, 4 );
-
- hlen = mbedtls_md_get_size( md_ctx->md_info );
-
- /* Generate and apply dbMask */
- p = dst;
-
- while( dlen > 0 )
- {
- use_len = hlen;
- if( dlen < hlen )
- use_len = dlen;
-
- mbedtls_md_starts( md_ctx );
- mbedtls_md_update( md_ctx, src, slen );
- mbedtls_md_update( md_ctx, counter, 4 );
- mbedtls_md_finish( md_ctx, mask );
-
- for( i = 0; i < use_len; ++i )
- *p++ ^= mask[i];
-
- counter[3]++;
-
- dlen -= use_len;
- }
-
- mbedtls_zeroize( mask, sizeof( mask ) );
-}
-#endif /* MBEDTLS_PKCS1_V21 */
-
-#if defined(MBEDTLS_PKCS1_V21)
-/*
- * Implementation of the PKCS#1 v2.1 RSAES-OAEP-ENCRYPT function
- */
-int mbedtls_rsa_rsaes_oaep_encrypt( mbedtls_rsa_context *ctx,
- int (*f_rng)(void *, unsigned char *, size_t),
- void *p_rng,
- int mode,
- const unsigned char *label, size_t label_len,
- size_t ilen,
- const unsigned char *input,
- unsigned char *output )
-{
- size_t olen;
- int ret;
- unsigned char *p = output;
- unsigned int hlen;
- const mbedtls_md_info_t *md_info;
- mbedtls_md_context_t md_ctx;
-
- if( mode == MBEDTLS_RSA_PRIVATE && ctx->padding != MBEDTLS_RSA_PKCS_V21 )
- return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
-
- if( f_rng == NULL )
- return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
-
- md_info = mbedtls_md_info_from_type( (mbedtls_md_type_t) ctx->hash_id );
- if( md_info == NULL )
- return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
-
- olen = ctx->len;
- hlen = mbedtls_md_get_size( md_info );
-
- /* first comparison checks for overflow */
- if( ilen + 2 * hlen + 2 < ilen || olen < ilen + 2 * hlen + 2 )
- return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
-
- memset( output, 0, olen );
-
- *p++ = 0;
-
- /* Generate a random octet string seed */
- if( ( ret = f_rng( p_rng, p, hlen ) ) != 0 )
- return( MBEDTLS_ERR_RSA_RNG_FAILED + ret );
-
- p += hlen;
-
- /* Construct DB */
- mbedtls_md( md_info, label, label_len, p );
- p += hlen;
- p += olen - 2 * hlen - 2 - ilen;
- *p++ = 1;
- memcpy( p, input, ilen );
-
- mbedtls_md_init( &md_ctx );
- if( ( ret = mbedtls_md_setup( &md_ctx, md_info, 0 ) ) != 0 )
- {
- mbedtls_md_free( &md_ctx );
- return( ret );
- }
-
- /* maskedDB: Apply dbMask to DB */
- mgf_mask( output + hlen + 1, olen - hlen - 1, output + 1, hlen,
- &md_ctx );
-
- /* maskedSeed: Apply seedMask to seed */
- mgf_mask( output + 1, hlen, output + hlen + 1, olen - hlen - 1,
- &md_ctx );
-
- mbedtls_md_free( &md_ctx );
-
- return( ( mode == MBEDTLS_RSA_PUBLIC )
- ? mbedtls_rsa_public( ctx, output, output )
- : mbedtls_rsa_private( ctx, f_rng, p_rng, output, output ) );
-}
-#endif /* MBEDTLS_PKCS1_V21 */
-
-#if defined(MBEDTLS_PKCS1_V15)
-/*
- * Implementation of the PKCS#1 v2.1 RSAES-PKCS1-V1_5-ENCRYPT function
- */
-int mbedtls_rsa_rsaes_pkcs1_v15_encrypt( mbedtls_rsa_context *ctx,
- int (*f_rng)(void *, unsigned char *, size_t),
- void *p_rng,
- int mode, size_t ilen,
- const unsigned char *input,
- unsigned char *output )
-{
- size_t nb_pad, olen;
- int ret;
- unsigned char *p = output;
-
- if( mode == MBEDTLS_RSA_PRIVATE && ctx->padding != MBEDTLS_RSA_PKCS_V15 )
- return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
-
- // We don't check p_rng because it won't be dereferenced here
- if( f_rng == NULL || input == NULL || output == NULL )
- return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
-
- olen = ctx->len;
-
- /* first comparison checks for overflow */
- if( ilen + 11 < ilen || olen < ilen + 11 )
- return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
-
- nb_pad = olen - 3 - ilen;
-
- *p++ = 0;
- if( mode == MBEDTLS_RSA_PUBLIC )
- {
- *p++ = MBEDTLS_RSA_CRYPT;
-
- while( nb_pad-- > 0 )
- {
- int rng_dl = 100;
-
- do {
- ret = f_rng( p_rng, p, 1 );
- } while( *p == 0 && --rng_dl && ret == 0 );
-
- /* Check if RNG failed to generate data */
- if( rng_dl == 0 || ret != 0 )
- return( MBEDTLS_ERR_RSA_RNG_FAILED + ret );
-
- p++;
- }
- }
- else
- {
- *p++ = MBEDTLS_RSA_SIGN;
-
- while( nb_pad-- > 0 )
- *p++ = 0xFF;
- }
-
- *p++ = 0;
- memcpy( p, input, ilen );
-
- return( ( mode == MBEDTLS_RSA_PUBLIC )
- ? mbedtls_rsa_public( ctx, output, output )
- : mbedtls_rsa_private( ctx, f_rng, p_rng, output, output ) );
-}
-#endif /* MBEDTLS_PKCS1_V15 */
-
-/*
- * Add the message padding, then do an RSA operation
- */
-int mbedtls_rsa_pkcs1_encrypt( mbedtls_rsa_context *ctx,
- int (*f_rng)(void *, unsigned char *, size_t),
- void *p_rng,
- int mode, size_t ilen,
- const unsigned char *input,
- unsigned char *output )
-{
- switch( ctx->padding )
- {
-#if defined(MBEDTLS_PKCS1_V15)
- case MBEDTLS_RSA_PKCS_V15:
- return mbedtls_rsa_rsaes_pkcs1_v15_encrypt( ctx, f_rng, p_rng, mode, ilen,
- input, output );
-#endif
-
-#if defined(MBEDTLS_PKCS1_V21)
- case MBEDTLS_RSA_PKCS_V21:
- return mbedtls_rsa_rsaes_oaep_encrypt( ctx, f_rng, p_rng, mode, NULL, 0,
- ilen, input, output );
-#endif
-
- default:
- return( MBEDTLS_ERR_RSA_INVALID_PADDING );
- }
-}
-
-#if defined(MBEDTLS_PKCS1_V21)
-/*
- * Implementation of the PKCS#1 v2.1 RSAES-OAEP-DECRYPT function
- */
-int mbedtls_rsa_rsaes_oaep_decrypt( mbedtls_rsa_context *ctx,
- int (*f_rng)(void *, unsigned char *, size_t),
- void *p_rng,
- int mode,
- const unsigned char *label, size_t label_len,
- size_t *olen,
- const unsigned char *input,
- unsigned char *output,
- size_t output_max_len )
-{
- int ret;
- size_t ilen, i, pad_len;
- unsigned char *p, bad, pad_done;
- unsigned char buf[MBEDTLS_MPI_MAX_SIZE];
- unsigned char lhash[MBEDTLS_MD_MAX_SIZE];
- unsigned int hlen;
- const mbedtls_md_info_t *md_info;
- mbedtls_md_context_t md_ctx;
-
- /*
- * Parameters sanity checks
- */
- if( mode == MBEDTLS_RSA_PRIVATE && ctx->padding != MBEDTLS_RSA_PKCS_V21 )
- return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
-
- ilen = ctx->len;
-
- if( ilen < 16 || ilen > sizeof( buf ) )
- return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
-
- md_info = mbedtls_md_info_from_type( (mbedtls_md_type_t) ctx->hash_id );
- if( md_info == NULL )
- return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
-
- hlen = mbedtls_md_get_size( md_info );
-
- // checking for integer underflow
- if( 2 * hlen + 2 > ilen )
- return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
-
- /*
- * RSA operation
- */
- ret = ( mode == MBEDTLS_RSA_PUBLIC )
- ? mbedtls_rsa_public( ctx, input, buf )
- : mbedtls_rsa_private( ctx, f_rng, p_rng, input, buf );
-
- if( ret != 0 )
- goto cleanup;
-
- /*
- * Unmask data and generate lHash
- */
- mbedtls_md_init( &md_ctx );
- if( ( ret = mbedtls_md_setup( &md_ctx, md_info, 0 ) ) != 0 )
- {
- mbedtls_md_free( &md_ctx );
- goto cleanup;
- }
-
-
- /* Generate lHash */
- mbedtls_md( md_info, label, label_len, lhash );
-
- /* seed: Apply seedMask to maskedSeed */
- mgf_mask( buf + 1, hlen, buf + hlen + 1, ilen - hlen - 1,
- &md_ctx );
-
- /* DB: Apply dbMask to maskedDB */
- mgf_mask( buf + hlen + 1, ilen - hlen - 1, buf + 1, hlen,
- &md_ctx );
-
- mbedtls_md_free( &md_ctx );
-
- /*
- * Check contents, in "constant-time"
- */
- p = buf;
- bad = 0;
-
- bad |= *p++; /* First byte must be 0 */
-
- p += hlen; /* Skip seed */
-
- /* Check lHash */
- for( i = 0; i < hlen; i++ )
- bad |= lhash[i] ^ *p++;
-
- /* Get zero-padding len, but always read till end of buffer
- * (minus one, for the 01 byte) */
- pad_len = 0;
- pad_done = 0;
- for( i = 0; i < ilen - 2 * hlen - 2; i++ )
- {
- pad_done |= p[i];
- pad_len += ((pad_done | (unsigned char)-pad_done) >> 7) ^ 1;
- }
-
- p += pad_len;
- bad |= *p++ ^ 0x01;
-
- /*
- * The only information "leaked" is whether the padding was correct or not
- * (eg, no data is copied if it was not correct). This meets the
- * recommendations in PKCS#1 v2.2: an opponent cannot distinguish between
- * the different error conditions.
- */
- if( bad != 0 )
- {
- ret = MBEDTLS_ERR_RSA_INVALID_PADDING;
- goto cleanup;
- }
-
- if( ilen - ( p - buf ) > output_max_len )
- {
- ret = MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE;
- goto cleanup;
- }
-
- *olen = ilen - (p - buf);
- memcpy( output, p, *olen );
- ret = 0;
-
-cleanup:
- mbedtls_zeroize( buf, sizeof( buf ) );
- mbedtls_zeroize( lhash, sizeof( lhash ) );
-
- return( ret );
-}
-#endif /* MBEDTLS_PKCS1_V21 */
-
-#if defined(MBEDTLS_PKCS1_V15)
-/*
- * Implementation of the PKCS#1 v2.1 RSAES-PKCS1-V1_5-DECRYPT function
- */
-int mbedtls_rsa_rsaes_pkcs1_v15_decrypt( mbedtls_rsa_context *ctx,
- int (*f_rng)(void *, unsigned char *, size_t),
- void *p_rng,
- int mode, size_t *olen,
- const unsigned char *input,
- unsigned char *output,
- size_t output_max_len)
-{
- int ret;
- size_t ilen, pad_count = 0, i;
- unsigned char *p, bad, pad_done = 0;
- unsigned char buf[MBEDTLS_MPI_MAX_SIZE];
-
- if( mode == MBEDTLS_RSA_PRIVATE && ctx->padding != MBEDTLS_RSA_PKCS_V15 )
- return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
-
- ilen = ctx->len;
-
- if( ilen < 16 || ilen > sizeof( buf ) )
- return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
-
- ret = ( mode == MBEDTLS_RSA_PUBLIC )
- ? mbedtls_rsa_public( ctx, input, buf )
- : mbedtls_rsa_private( ctx, f_rng, p_rng, input, buf );
-
- if( ret != 0 )
- goto cleanup;
-
- p = buf;
- bad = 0;
-
- /*
- * Check and get padding len in "constant-time"
- */
- bad |= *p++; /* First byte must be 0 */
-
- /* This test does not depend on secret data */
- if( mode == MBEDTLS_RSA_PRIVATE )
- {
- bad |= *p++ ^ MBEDTLS_RSA_CRYPT;
-
- /* Get padding len, but always read till end of buffer
- * (minus one, for the 00 byte) */
- for( i = 0; i < ilen - 3; i++ )
- {
- pad_done |= ((p[i] | (unsigned char)-p[i]) >> 7) ^ 1;
- pad_count += ((pad_done | (unsigned char)-pad_done) >> 7) ^ 1;
- }
-
- p += pad_count;
- bad |= *p++; /* Must be zero */
- }
- else
- {
- bad |= *p++ ^ MBEDTLS_RSA_SIGN;
-
- /* Get padding len, but always read till end of buffer
- * (minus one, for the 00 byte) */
- for( i = 0; i < ilen - 3; i++ )
- {
- pad_done |= ( p[i] != 0xFF );
- pad_count += ( pad_done == 0 );
- }
-
- p += pad_count;
- bad |= *p++; /* Must be zero */
- }
-
- bad |= ( pad_count < 8 );
-
- if( bad )
- {
- ret = MBEDTLS_ERR_RSA_INVALID_PADDING;
- goto cleanup;
- }
-
- if( ilen - ( p - buf ) > output_max_len )
- {
- ret = MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE;
- goto cleanup;
- }
-
- *olen = ilen - (p - buf);
- memcpy( output, p, *olen );
- ret = 0;
-
-cleanup:
- mbedtls_zeroize( buf, sizeof( buf ) );
-
- return( ret );
-}
-#endif /* MBEDTLS_PKCS1_V15 */
-
-/*
- * Do an RSA operation, then remove the message padding
- */
-int mbedtls_rsa_pkcs1_decrypt( mbedtls_rsa_context *ctx,
- int (*f_rng)(void *, unsigned char *, size_t),
- void *p_rng,
- int mode, size_t *olen,
- const unsigned char *input,
- unsigned char *output,
- size_t output_max_len)
-{
- switch( ctx->padding )
- {
-#if defined(MBEDTLS_PKCS1_V15)
- case MBEDTLS_RSA_PKCS_V15:
- return mbedtls_rsa_rsaes_pkcs1_v15_decrypt( ctx, f_rng, p_rng, mode, olen,
- input, output, output_max_len );
-#endif
-
-#if defined(MBEDTLS_PKCS1_V21)
- case MBEDTLS_RSA_PKCS_V21:
- return mbedtls_rsa_rsaes_oaep_decrypt( ctx, f_rng, p_rng, mode, NULL, 0,
- olen, input, output,
- output_max_len );
-#endif
-
- default:
- return( MBEDTLS_ERR_RSA_INVALID_PADDING );
- }
-}
-
-#if defined(MBEDTLS_PKCS1_V21)
-/*
- * Implementation of the PKCS#1 v2.1 RSASSA-PSS-SIGN function
- */
-int mbedtls_rsa_rsassa_pss_sign( mbedtls_rsa_context *ctx,
- int (*f_rng)(void *, unsigned char *, size_t),
- void *p_rng,
- int mode,
- mbedtls_md_type_t md_alg,
- unsigned int hashlen,
- const unsigned char *hash,
- unsigned char *sig )
-{
- size_t olen;
- unsigned char *p = sig;
- unsigned char salt[MBEDTLS_MD_MAX_SIZE];
- unsigned int slen, hlen, offset = 0;
- int ret;
- size_t msb;
- const mbedtls_md_info_t *md_info;
- mbedtls_md_context_t md_ctx;
-
- if( mode == MBEDTLS_RSA_PRIVATE && ctx->padding != MBEDTLS_RSA_PKCS_V21 )
- return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
-
- if( f_rng == NULL )
- return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
-
- olen = ctx->len;
-
- if( md_alg != MBEDTLS_MD_NONE )
- {
- /* Gather length of hash to sign */
- md_info = mbedtls_md_info_from_type( md_alg );
- if( md_info == NULL )
- return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
-
- hashlen = mbedtls_md_get_size( md_info );
- }
-
- md_info = mbedtls_md_info_from_type( (mbedtls_md_type_t) ctx->hash_id );
- if( md_info == NULL )
- return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
-
- hlen = mbedtls_md_get_size( md_info );
- slen = hlen;
-
- if( olen < hlen + slen + 2 )
- return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
-
- memset( sig, 0, olen );
-
- /* Generate salt of length slen */
- if( ( ret = f_rng( p_rng, salt, slen ) ) != 0 )
- return( MBEDTLS_ERR_RSA_RNG_FAILED + ret );
-
- /* Note: EMSA-PSS encoding is over the length of N - 1 bits */
- msb = mbedtls_mpi_bitlen( &ctx->N ) - 1;
- p += olen - hlen * 2 - 2;
- *p++ = 0x01;
- memcpy( p, salt, slen );
- p += slen;
-
- mbedtls_md_init( &md_ctx );
- if( ( ret = mbedtls_md_setup( &md_ctx, md_info, 0 ) ) != 0 )
- {
- mbedtls_md_free( &md_ctx );
- /* No need to zeroize salt: we didn't use it. */
- return( ret );
- }
-
- /* Generate H = Hash( M' ) */
- mbedtls_md_starts( &md_ctx );
- mbedtls_md_update( &md_ctx, p, 8 );
- mbedtls_md_update( &md_ctx, hash, hashlen );
- mbedtls_md_update( &md_ctx, salt, slen );
- mbedtls_md_finish( &md_ctx, p );
- mbedtls_zeroize( salt, sizeof( salt ) );
-
- /* Compensate for boundary condition when applying mask */
- if( msb % 8 == 0 )
- offset = 1;
-
- /* maskedDB: Apply dbMask to DB */
- mgf_mask( sig + offset, olen - hlen - 1 - offset, p, hlen, &md_ctx );
-
- mbedtls_md_free( &md_ctx );
-
- msb = mbedtls_mpi_bitlen( &ctx->N ) - 1;
- sig[0] &= 0xFF >> ( olen * 8 - msb );
-
- p += hlen;
- *p++ = 0xBC;
-
- return( ( mode == MBEDTLS_RSA_PUBLIC )
- ? mbedtls_rsa_public( ctx, sig, sig )
- : mbedtls_rsa_private( ctx, f_rng, p_rng, sig, sig ) );
-}
-#endif /* MBEDTLS_PKCS1_V21 */
-
-#if defined(MBEDTLS_PKCS1_V15)
-/*
- * Implementation of the PKCS#1 v2.1 RSASSA-PKCS1-V1_5-SIGN function
- */
-/*
- * Do an RSA operation to sign the message digest
- */
-int mbedtls_rsa_rsassa_pkcs1_v15_sign( mbedtls_rsa_context *ctx,
- int (*f_rng)(void *, unsigned char *, size_t),
- void *p_rng,
- int mode,
- mbedtls_md_type_t md_alg,
- unsigned int hashlen,
- const unsigned char *hash,
- unsigned char *sig )
-{
- size_t nb_pad, olen, oid_size = 0;
- unsigned char *p = sig;
- const char *oid = NULL;
- unsigned char *sig_try = NULL, *verif = NULL;
- size_t i;
- unsigned char diff;
- volatile unsigned char diff_no_optimize;
- int ret;
-
- if( mode == MBEDTLS_RSA_PRIVATE && ctx->padding != MBEDTLS_RSA_PKCS_V15 )
- return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
-
- olen = ctx->len;
- nb_pad = olen - 3;
-
- if( md_alg != MBEDTLS_MD_NONE )
- {
- const mbedtls_md_info_t *md_info = mbedtls_md_info_from_type( md_alg );
- if( md_info == NULL )
- return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
-
- if( mbedtls_oid_get_oid_by_md( md_alg, &oid, &oid_size ) != 0 )
- return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
-
- nb_pad -= 10 + oid_size;
-
- hashlen = mbedtls_md_get_size( md_info );
- }
-
- nb_pad -= hashlen;
-
- if( ( nb_pad < 8 ) || ( nb_pad > olen ) )
- return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
-
- *p++ = 0;
- *p++ = MBEDTLS_RSA_SIGN;
- memset( p, 0xFF, nb_pad );
- p += nb_pad;
- *p++ = 0;
-
- if( md_alg == MBEDTLS_MD_NONE )
- {
- memcpy( p, hash, hashlen );
- }
- else
- {
- /*
- * DigestInfo ::= SEQUENCE {
- * digestAlgorithm DigestAlgorithmIdentifier,
- * digest Digest }
- *
- * DigestAlgorithmIdentifier ::= AlgorithmIdentifier
- *
- * Digest ::= OCTET STRING
- */
- *p++ = MBEDTLS_ASN1_SEQUENCE | MBEDTLS_ASN1_CONSTRUCTED;
- *p++ = (unsigned char) ( 0x08 + oid_size + hashlen );
- *p++ = MBEDTLS_ASN1_SEQUENCE | MBEDTLS_ASN1_CONSTRUCTED;
- *p++ = (unsigned char) ( 0x04 + oid_size );
- *p++ = MBEDTLS_ASN1_OID;
- *p++ = oid_size & 0xFF;
- memcpy( p, oid, oid_size );
- p += oid_size;
- *p++ = MBEDTLS_ASN1_NULL;
- *p++ = 0x00;
- *p++ = MBEDTLS_ASN1_OCTET_STRING;
- *p++ = hashlen;
- memcpy( p, hash, hashlen );
- }
-
- if( mode == MBEDTLS_RSA_PUBLIC )
- return( mbedtls_rsa_public( ctx, sig, sig ) );
-
- /*
- * In order to prevent Lenstra's attack, make the signature in a
- * temporary buffer and check it before returning it.
- */
- sig_try = mbedtls_calloc( 1, ctx->len );
- if( sig_try == NULL )
- return( MBEDTLS_ERR_MPI_ALLOC_FAILED );
-
- verif = mbedtls_calloc( 1, ctx->len );
- if( verif == NULL )
- {
- mbedtls_free( sig_try );
- return( MBEDTLS_ERR_MPI_ALLOC_FAILED );
- }
-
- MBEDTLS_MPI_CHK( mbedtls_rsa_private( ctx, f_rng, p_rng, sig, sig_try ) );
- MBEDTLS_MPI_CHK( mbedtls_rsa_public( ctx, sig_try, verif ) );
-
- /* Compare in constant time just in case */
- for( diff = 0, i = 0; i < ctx->len; i++ )
- diff |= verif[i] ^ sig[i];
- diff_no_optimize = diff;
-
- if( diff_no_optimize != 0 )
- {
- ret = MBEDTLS_ERR_RSA_PRIVATE_FAILED;
- goto cleanup;
- }
-
- memcpy( sig, sig_try, ctx->len );
-
-cleanup:
- mbedtls_free( sig_try );
- mbedtls_free( verif );
-
- return( ret );
-}
-#endif /* MBEDTLS_PKCS1_V15 */
-
-/*
- * Do an RSA operation to sign the message digest
- */
-int mbedtls_rsa_pkcs1_sign( mbedtls_rsa_context *ctx,
- int (*f_rng)(void *, unsigned char *, size_t),
- void *p_rng,
- int mode,
- mbedtls_md_type_t md_alg,
- unsigned int hashlen,
- const unsigned char *hash,
- unsigned char *sig )
-{
- switch( ctx->padding )
- {
-#if defined(MBEDTLS_PKCS1_V15)
- case MBEDTLS_RSA_PKCS_V15:
- return mbedtls_rsa_rsassa_pkcs1_v15_sign( ctx, f_rng, p_rng, mode, md_alg,
- hashlen, hash, sig );
-#endif
-
-#if defined(MBEDTLS_PKCS1_V21)
- case MBEDTLS_RSA_PKCS_V21:
- return mbedtls_rsa_rsassa_pss_sign( ctx, f_rng, p_rng, mode, md_alg,
- hashlen, hash, sig );
-#endif
-
- default:
- return( MBEDTLS_ERR_RSA_INVALID_PADDING );
- }
-}
-
-#if defined(MBEDTLS_PKCS1_V21)
-/*
- * Implementation of the PKCS#1 v2.1 RSASSA-PSS-VERIFY function
- */
-int mbedtls_rsa_rsassa_pss_verify_ext( mbedtls_rsa_context *ctx,
- int (*f_rng)(void *, unsigned char *, size_t),
- void *p_rng,
- int mode,
- mbedtls_md_type_t md_alg,
- unsigned int hashlen,
- const unsigned char *hash,
- mbedtls_md_type_t mgf1_hash_id,
- int expected_salt_len,
- const unsigned char *sig )
-{
- int ret;
- size_t siglen;
- unsigned char *p;
- unsigned char result[MBEDTLS_MD_MAX_SIZE];
- unsigned char zeros[8];
- unsigned int hlen;
- size_t slen, msb;
- const mbedtls_md_info_t *md_info;
- mbedtls_md_context_t md_ctx;
- unsigned char buf[MBEDTLS_MPI_MAX_SIZE];
-
- if( mode == MBEDTLS_RSA_PRIVATE && ctx->padding != MBEDTLS_RSA_PKCS_V21 )
- return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
-
- siglen = ctx->len;
-
- if( siglen < 16 || siglen > sizeof( buf ) )
- return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
-
- ret = ( mode == MBEDTLS_RSA_PUBLIC )
- ? mbedtls_rsa_public( ctx, sig, buf )
- : mbedtls_rsa_private( ctx, f_rng, p_rng, sig, buf );
-
- if( ret != 0 )
- return( ret );
-
- p = buf;
-
- if( buf[siglen - 1] != 0xBC )
- return( MBEDTLS_ERR_RSA_INVALID_PADDING );
-
- if( md_alg != MBEDTLS_MD_NONE )
- {
- /* Gather length of hash to sign */
- md_info = mbedtls_md_info_from_type( md_alg );
- if( md_info == NULL )
- return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
-
- hashlen = mbedtls_md_get_size( md_info );
- }
-
- md_info = mbedtls_md_info_from_type( mgf1_hash_id );
- if( md_info == NULL )
- return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
-
- hlen = mbedtls_md_get_size( md_info );
- slen = siglen - hlen - 1; /* Currently length of salt + padding */
-
- memset( zeros, 0, 8 );
-
- /*
- * Note: EMSA-PSS verification is over the length of N - 1 bits
- */
- msb = mbedtls_mpi_bitlen( &ctx->N ) - 1;
-
- /* Compensate for boundary condition when applying mask */
- if( msb % 8 == 0 )
- {
- p++;
- siglen -= 1;
- }
- if( buf[0] >> ( 8 - siglen * 8 + msb ) )
- return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
-
- mbedtls_md_init( &md_ctx );
- if( ( ret = mbedtls_md_setup( &md_ctx, md_info, 0 ) ) != 0 )
- {
- mbedtls_md_free( &md_ctx );
- return( ret );
- }
-
- mgf_mask( p, siglen - hlen - 1, p + siglen - hlen - 1, hlen, &md_ctx );
-
- buf[0] &= 0xFF >> ( siglen * 8 - msb );
-
- while( p < buf + siglen && *p == 0 )
- p++;
-
- if( p == buf + siglen ||
- *p++ != 0x01 )
- {
- mbedtls_md_free( &md_ctx );
- return( MBEDTLS_ERR_RSA_INVALID_PADDING );
- }
-
- /* Actual salt len */
- slen -= p - buf;
-
- if( expected_salt_len != MBEDTLS_RSA_SALT_LEN_ANY &&
- slen != (size_t) expected_salt_len )
- {
- mbedtls_md_free( &md_ctx );
- return( MBEDTLS_ERR_RSA_INVALID_PADDING );
- }
-
- /*
- * Generate H = Hash( M' )
- */
- mbedtls_md_starts( &md_ctx );
- mbedtls_md_update( &md_ctx, zeros, 8 );
- mbedtls_md_update( &md_ctx, hash, hashlen );
- mbedtls_md_update( &md_ctx, p, slen );
- mbedtls_md_finish( &md_ctx, result );
-
- mbedtls_md_free( &md_ctx );
-
- if( memcmp( p + slen, result, hlen ) == 0 )
- return( 0 );
- else
- return( MBEDTLS_ERR_RSA_VERIFY_FAILED );
-}
-
-/*
- * Simplified PKCS#1 v2.1 RSASSA-PSS-VERIFY function
- */
-int mbedtls_rsa_rsassa_pss_verify( mbedtls_rsa_context *ctx,
- int (*f_rng)(void *, unsigned char *, size_t),
- void *p_rng,
- int mode,
- mbedtls_md_type_t md_alg,
- unsigned int hashlen,
- const unsigned char *hash,
- const unsigned char *sig )
-{
- mbedtls_md_type_t mgf1_hash_id = ( ctx->hash_id != MBEDTLS_MD_NONE )
- ? (mbedtls_md_type_t) ctx->hash_id
- : md_alg;
-
- return( mbedtls_rsa_rsassa_pss_verify_ext( ctx, f_rng, p_rng, mode,
- md_alg, hashlen, hash,
- mgf1_hash_id, MBEDTLS_RSA_SALT_LEN_ANY,
- sig ) );
-
-}
-#endif /* MBEDTLS_PKCS1_V21 */
-
-#if defined(MBEDTLS_PKCS1_V15)
-/*
- * Implementation of the PKCS#1 v2.1 RSASSA-PKCS1-v1_5-VERIFY function
- */
-int mbedtls_rsa_rsassa_pkcs1_v15_verify( mbedtls_rsa_context *ctx,
- int (*f_rng)(void *, unsigned char *, size_t),
- void *p_rng,
- int mode,
- mbedtls_md_type_t md_alg,
- unsigned int hashlen,
- const unsigned char *hash,
- const unsigned char *sig )
-{
- int ret;
- size_t len, siglen, asn1_len;
- unsigned char *p, *p0, *end;
- mbedtls_md_type_t msg_md_alg;
- const mbedtls_md_info_t *md_info;
- mbedtls_asn1_buf oid;
- unsigned char buf[MBEDTLS_MPI_MAX_SIZE];
-
- if( mode == MBEDTLS_RSA_PRIVATE && ctx->padding != MBEDTLS_RSA_PKCS_V15 )
- return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
-
- siglen = ctx->len;
-
- if( siglen < 16 || siglen > sizeof( buf ) )
- return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
-
- ret = ( mode == MBEDTLS_RSA_PUBLIC )
- ? mbedtls_rsa_public( ctx, sig, buf )
- : mbedtls_rsa_private( ctx, f_rng, p_rng, sig, buf );
-
- if( ret != 0 )
- return( ret );
-
- p = buf;
-
- if( *p++ != 0 || *p++ != MBEDTLS_RSA_SIGN )
- return( MBEDTLS_ERR_RSA_INVALID_PADDING );
-
- while( *p != 0 )
- {
- if( p >= buf + siglen - 1 || *p != 0xFF )
- return( MBEDTLS_ERR_RSA_INVALID_PADDING );
- p++;
- }
- p++; /* skip 00 byte */
-
- /* We've read: 00 01 PS 00 where PS must be at least 8 bytes */
- if( p - buf < 11 )
- return( MBEDTLS_ERR_RSA_INVALID_PADDING );
-
- len = siglen - ( p - buf );
-
- if( len == hashlen && md_alg == MBEDTLS_MD_NONE )
- {
- if( memcmp( p, hash, hashlen ) == 0 )
- return( 0 );
- else
- return( MBEDTLS_ERR_RSA_VERIFY_FAILED );
- }
-
- md_info = mbedtls_md_info_from_type( md_alg );
- if( md_info == NULL )
- return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
- hashlen = mbedtls_md_get_size( md_info );
-
- end = p + len;
-
- /*
- * Parse the ASN.1 structure inside the PKCS#1 v1.5 structure.
- * Insist on 2-byte length tags, to protect against variants of
- * Bleichenbacher's forgery attack against lax PKCS#1v1.5 verification.
- */
- p0 = p;
- if( ( ret = mbedtls_asn1_get_tag( &p, end, &asn1_len,
- MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
- return( MBEDTLS_ERR_RSA_VERIFY_FAILED );
- if( p != p0 + 2 || asn1_len + 2 != len )
- return( MBEDTLS_ERR_RSA_VERIFY_FAILED );
-
- p0 = p;
- if( ( ret = mbedtls_asn1_get_tag( &p, end, &asn1_len,
- MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
- return( MBEDTLS_ERR_RSA_VERIFY_FAILED );
- if( p != p0 + 2 || asn1_len + 6 + hashlen != len )
- return( MBEDTLS_ERR_RSA_VERIFY_FAILED );
-
- p0 = p;
- if( ( ret = mbedtls_asn1_get_tag( &p, end, &oid.len, MBEDTLS_ASN1_OID ) ) != 0 )
- return( MBEDTLS_ERR_RSA_VERIFY_FAILED );
- if( p != p0 + 2 )
- return( MBEDTLS_ERR_RSA_VERIFY_FAILED );
-
- oid.p = p;
- p += oid.len;
-
- if( mbedtls_oid_get_md_alg( &oid, &msg_md_alg ) != 0 )
- return( MBEDTLS_ERR_RSA_VERIFY_FAILED );
-
- if( md_alg != msg_md_alg )
- return( MBEDTLS_ERR_RSA_VERIFY_FAILED );
-
- /*
- * assume the algorithm parameters must be NULL
- */
- p0 = p;
- if( ( ret = mbedtls_asn1_get_tag( &p, end, &asn1_len, MBEDTLS_ASN1_NULL ) ) != 0 )
- return( MBEDTLS_ERR_RSA_VERIFY_FAILED );
- if( p != p0 + 2 )
- return( MBEDTLS_ERR_RSA_VERIFY_FAILED );
-
- p0 = p;
- if( ( ret = mbedtls_asn1_get_tag( &p, end, &asn1_len, MBEDTLS_ASN1_OCTET_STRING ) ) != 0 )
- return( MBEDTLS_ERR_RSA_VERIFY_FAILED );
- if( p != p0 + 2 || asn1_len != hashlen )
- return( MBEDTLS_ERR_RSA_VERIFY_FAILED );
-
- if( memcmp( p, hash, hashlen ) != 0 )
- return( MBEDTLS_ERR_RSA_VERIFY_FAILED );
-
- p += hashlen;
-
- if( p != end )
- return( MBEDTLS_ERR_RSA_VERIFY_FAILED );
-
- return( 0 );
-}
-#endif /* MBEDTLS_PKCS1_V15 */
-
-/*
- * Do an RSA operation and check the message digest
- */
-int mbedtls_rsa_pkcs1_verify( mbedtls_rsa_context *ctx,
- int (*f_rng)(void *, unsigned char *, size_t),
- void *p_rng,
- int mode,
- mbedtls_md_type_t md_alg,
- unsigned int hashlen,
- const unsigned char *hash,
- const unsigned char *sig )
-{
- switch( ctx->padding )
- {
-#if defined(MBEDTLS_PKCS1_V15)
- case MBEDTLS_RSA_PKCS_V15:
- return mbedtls_rsa_rsassa_pkcs1_v15_verify( ctx, f_rng, p_rng, mode, md_alg,
- hashlen, hash, sig );
-#endif
-
-#if defined(MBEDTLS_PKCS1_V21)
- case MBEDTLS_RSA_PKCS_V21:
- return mbedtls_rsa_rsassa_pss_verify( ctx, f_rng, p_rng, mode, md_alg,
- hashlen, hash, sig );
-#endif
-
- default:
- return( MBEDTLS_ERR_RSA_INVALID_PADDING );
- }
-}
-
-/*
- * Copy the components of an RSA key
- */
-int mbedtls_rsa_copy( mbedtls_rsa_context *dst, const mbedtls_rsa_context *src )
-{
- int ret;
-
- dst->ver = src->ver;
- dst->len = src->len;
-
- MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &dst->N, &src->N ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &dst->E, &src->E ) );
-
- MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &dst->D, &src->D ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &dst->P, &src->P ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &dst->Q, &src->Q ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &dst->DP, &src->DP ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &dst->DQ, &src->DQ ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &dst->QP, &src->QP ) );
-
- MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &dst->RN, &src->RN ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &dst->RP, &src->RP ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &dst->RQ, &src->RQ ) );
-
- MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &dst->Vi, &src->Vi ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &dst->Vf, &src->Vf ) );
-
- dst->padding = src->padding;
- dst->hash_id = src->hash_id;
-
-cleanup:
- if( ret != 0 )
- mbedtls_rsa_free( dst );
-
- return( ret );
-}
-
-/*
- * Free the components of an RSA key
- */
-void mbedtls_rsa_free( mbedtls_rsa_context *ctx )
-{
- mbedtls_mpi_free( &ctx->Vi ); mbedtls_mpi_free( &ctx->Vf );
- mbedtls_mpi_free( &ctx->RQ ); mbedtls_mpi_free( &ctx->RP ); mbedtls_mpi_free( &ctx->RN );
- mbedtls_mpi_free( &ctx->QP ); mbedtls_mpi_free( &ctx->DQ ); mbedtls_mpi_free( &ctx->DP );
- mbedtls_mpi_free( &ctx->Q ); mbedtls_mpi_free( &ctx->P ); mbedtls_mpi_free( &ctx->D );
- mbedtls_mpi_free( &ctx->E ); mbedtls_mpi_free( &ctx->N );
-
-#if defined(MBEDTLS_THREADING_C)
- mbedtls_mutex_free( &ctx->mutex );
-#endif
-}
-
-#if defined(MBEDTLS_SELF_TEST)
-
-#include "mbedtls/sha1.h"
-
-/*
- * Example RSA-1024 keypair, for test purposes
- */
-#define KEY_LEN 128
-
-#define RSA_N "9292758453063D803DD603D5E777D788" \
- "8ED1D5BF35786190FA2F23EBC0848AEA" \
- "DDA92CA6C3D80B32C4D109BE0F36D6AE" \
- "7130B9CED7ACDF54CFC7555AC14EEBAB" \
- "93A89813FBF3C4F8066D2D800F7C38A8" \
- "1AE31942917403FF4946B0A83D3D3E05" \
- "EE57C6F5F5606FB5D4BC6CD34EE0801A" \
- "5E94BB77B07507233A0BC7BAC8F90F79"
-
-#define RSA_E "10001"
-
-#define RSA_D "24BF6185468786FDD303083D25E64EFC" \
- "66CA472BC44D253102F8B4A9D3BFA750" \
- "91386C0077937FE33FA3252D28855837" \
- "AE1B484A8A9A45F7EE8C0C634F99E8CD" \
- "DF79C5CE07EE72C7F123142198164234" \
- "CABB724CF78B8173B9F880FC86322407" \
- "AF1FEDFDDE2BEB674CA15F3E81A1521E" \
- "071513A1E85B5DFA031F21ECAE91A34D"
-
-#define RSA_P "C36D0EB7FCD285223CFB5AABA5BDA3D8" \
- "2C01CAD19EA484A87EA4377637E75500" \
- "FCB2005C5C7DD6EC4AC023CDA285D796" \
- "C3D9E75E1EFC42488BB4F1D13AC30A57"
-
-#define RSA_Q "C000DF51A7C77AE8D7C7370C1FF55B69" \
- "E211C2B9E5DB1ED0BF61D0D9899620F4" \
- "910E4168387E3C30AA1E00C339A79508" \
- "8452DD96A9A5EA5D9DCA68DA636032AF"
-
-#define RSA_DP "C1ACF567564274FB07A0BBAD5D26E298" \
- "3C94D22288ACD763FD8E5600ED4A702D" \
- "F84198A5F06C2E72236AE490C93F07F8" \
- "3CC559CD27BC2D1CA488811730BB5725"
-
-#define RSA_DQ "4959CBF6F8FEF750AEE6977C155579C7" \
- "D8AAEA56749EA28623272E4F7D0592AF" \
- "7C1F1313CAC9471B5C523BFE592F517B" \
- "407A1BD76C164B93DA2D32A383E58357"
-
-#define RSA_QP "9AE7FBC99546432DF71896FC239EADAE" \
- "F38D18D2B2F0E2DD275AA977E2BF4411" \
- "F5A3B2A5D33605AEBBCCBA7FEB9F2D2F" \
- "A74206CEC169D74BF5A8C50D6F48EA08"
-
-#define PT_LEN 24
-#define RSA_PT "\xAA\xBB\xCC\x03\x02\x01\x00\xFF\xFF\xFF\xFF\xFF" \
- "\x11\x22\x33\x0A\x0B\x0C\xCC\xDD\xDD\xDD\xDD\xDD"
-
-#if defined(MBEDTLS_PKCS1_V15)
-static int myrand( void *rng_state, unsigned char *output, size_t len )
-{
-#if !defined(__OpenBSD__)
- size_t i;
-
- if( rng_state != NULL )
- rng_state = NULL;
-
- for( i = 0; i < len; ++i )
- output[i] = rand();
-#else
- if( rng_state != NULL )
- rng_state = NULL;
-
- arc4random_buf( output, len );
-#endif /* !OpenBSD */
-
- return( 0 );
-}
-#endif /* MBEDTLS_PKCS1_V15 */
-
-/*
- * Checkup routine
- */
-int mbedtls_rsa_self_test( int verbose )
-{
- int ret = 0;
-#if defined(MBEDTLS_PKCS1_V15)
- size_t len;
- mbedtls_rsa_context rsa;
- unsigned char rsa_plaintext[PT_LEN];
- unsigned char rsa_decrypted[PT_LEN];
- unsigned char rsa_ciphertext[KEY_LEN];
-#if defined(MBEDTLS_SHA1_C)
- unsigned char sha1sum[20];
-#endif
-
- mbedtls_rsa_init( &rsa, MBEDTLS_RSA_PKCS_V15, 0 );
-
- rsa.len = KEY_LEN;
- MBEDTLS_MPI_CHK( mbedtls_mpi_read_string( &rsa.N , 16, RSA_N ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_read_string( &rsa.E , 16, RSA_E ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_read_string( &rsa.D , 16, RSA_D ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_read_string( &rsa.P , 16, RSA_P ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_read_string( &rsa.Q , 16, RSA_Q ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_read_string( &rsa.DP, 16, RSA_DP ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_read_string( &rsa.DQ, 16, RSA_DQ ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_read_string( &rsa.QP, 16, RSA_QP ) );
-
- if( verbose != 0 )
- mbedtls_printf( " RSA key validation: " );
-
- if( mbedtls_rsa_check_pubkey( &rsa ) != 0 ||
- mbedtls_rsa_check_privkey( &rsa ) != 0 )
- {
- if( verbose != 0 )
- mbedtls_printf( "failed\n" );
-
- return( 1 );
- }
-
- if( verbose != 0 )
- mbedtls_printf( "passed\n PKCS#1 encryption : " );
-
- memcpy( rsa_plaintext, RSA_PT, PT_LEN );
-
- if( mbedtls_rsa_pkcs1_encrypt( &rsa, myrand, NULL, MBEDTLS_RSA_PUBLIC, PT_LEN,
- rsa_plaintext, rsa_ciphertext ) != 0 )
- {
- if( verbose != 0 )
- mbedtls_printf( "failed\n" );
-
- return( 1 );
- }
-
- if( verbose != 0 )
- mbedtls_printf( "passed\n PKCS#1 decryption : " );
-
- if( mbedtls_rsa_pkcs1_decrypt( &rsa, myrand, NULL, MBEDTLS_RSA_PRIVATE, &len,
- rsa_ciphertext, rsa_decrypted,
- sizeof(rsa_decrypted) ) != 0 )
- {
- if( verbose != 0 )
- mbedtls_printf( "failed\n" );
-
- return( 1 );
- }
-
- if( memcmp( rsa_decrypted, rsa_plaintext, len ) != 0 )
- {
- if( verbose != 0 )
- mbedtls_printf( "failed\n" );
-
- return( 1 );
- }
-
- if( verbose != 0 )
- mbedtls_printf( "passed\n" );
-
-#if defined(MBEDTLS_SHA1_C)
- if( verbose != 0 )
- mbedtls_printf( " PKCS#1 data sign : " );
-
- mbedtls_sha1( rsa_plaintext, PT_LEN, sha1sum );
-
- if( mbedtls_rsa_pkcs1_sign( &rsa, myrand, NULL, MBEDTLS_RSA_PRIVATE, MBEDTLS_MD_SHA1, 0,
- sha1sum, rsa_ciphertext ) != 0 )
- {
- if( verbose != 0 )
- mbedtls_printf( "failed\n" );
-
- return( 1 );
- }
-
- if( verbose != 0 )
- mbedtls_printf( "passed\n PKCS#1 sig. verify: " );
-
- if( mbedtls_rsa_pkcs1_verify( &rsa, NULL, NULL, MBEDTLS_RSA_PUBLIC, MBEDTLS_MD_SHA1, 0,
- sha1sum, rsa_ciphertext ) != 0 )
- {
- if( verbose != 0 )
- mbedtls_printf( "failed\n" );
-
- return( 1 );
- }
-
- if( verbose != 0 )
- mbedtls_printf( "passed\n" );
-#endif /* MBEDTLS_SHA1_C */
-
- if( verbose != 0 )
- mbedtls_printf( "\n" );
-
-cleanup:
- mbedtls_rsa_free( &rsa );
-#else /* MBEDTLS_PKCS1_V15 */
- ((void) verbose);
-#endif /* MBEDTLS_PKCS1_V15 */
- return( ret );
-}
-
-#endif /* MBEDTLS_SELF_TEST */
-
-#endif /* MBEDTLS_RSA_C */
diff --git a/backport/compat/verification/rsapubkey.asn1.c b/backport/compat/verification/rsapubkey.asn1.c
deleted file mode 100644
index 6bb1994e..00000000
--- a/backport/compat/verification/rsapubkey.asn1.c
+++ /dev/null
@@ -1,38 +0,0 @@
-/*
- * Automatically generated by asn1_compiler. Do not edit
- *
- * ASN.1 parser for rsapubkey
- */
-#include <linux/asn1_ber_bytecode.h>
-#include "rsapubkey.asn1.h"
-
-enum rsapubkey_actions {
- ACT_rsa_get_e = 0,
- ACT_rsa_get_n = 1,
- NR__rsapubkey_actions = 2
-};
-
-static const asn1_action_t rsapubkey_action_table[NR__rsapubkey_actions] = {
- [ 0] = rsa_get_e,
- [ 1] = rsa_get_n,
-};
-
-static const unsigned char rsapubkey_machine[] = {
- // RsaPubKey
- [ 0] = ASN1_OP_MATCH,
- [ 1] = _tag(UNIV, CONS, SEQ),
- [ 2] = ASN1_OP_MATCH_ACT, // n
- [ 3] = _tag(UNIV, PRIM, INT),
- [ 4] = _action(ACT_rsa_get_n),
- [ 5] = ASN1_OP_MATCH_ACT, // e
- [ 6] = _tag(UNIV, PRIM, INT),
- [ 7] = _action(ACT_rsa_get_e),
- [ 8] = ASN1_OP_END_SEQ,
- [ 9] = ASN1_OP_COMPLETE,
-};
-
-const struct asn1_decoder rsapubkey_decoder = {
- .machine = rsapubkey_machine,
- .machlen = sizeof(rsapubkey_machine),
- .actions = rsapubkey_action_table,
-};
diff --git a/backport/compat/verification/rsapubkey.asn1.h b/backport/compat/verification/rsapubkey.asn1.h
deleted file mode 100644
index 81a82d40..00000000
--- a/backport/compat/verification/rsapubkey.asn1.h
+++ /dev/null
@@ -1,15 +0,0 @@
-/*
- * Automatically generated by asn1_compiler. Do not edit
- *
- * ASN.1 parser for rsapubkey
- */
-#include <linux/asn1_decoder.h>
-
-extern const struct asn1_decoder rsapubkey_decoder;
-
-#define rsa_get_e LINUX_BACKPORT(rsa_get_e)
-#define rsa_get_n LINUX_BACKPORT(rsa_get_n)
-
-extern int rsa_get_e(void *, size_t, unsigned char, const void *, size_t);
-extern int rsa_get_n(void *, size_t, unsigned char, const void *, size_t);
-
diff --git a/backport/compat/verification/sha256.c b/backport/compat/verification/sha256.c
deleted file mode 100644
index 52fedf6a..00000000
--- a/backport/compat/verification/sha256.c
+++ /dev/null
@@ -1,458 +0,0 @@
-/*
- * FIPS-180-2 compliant SHA-256 implementation
- *
- * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
- * SPDX-License-Identifier: GPL-2.0
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License along
- * with this program; if not, write to the Free Software Foundation, Inc.,
- * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
- *
- * This file is part of mbed TLS (https://tls.mbed.org)
- */
-/*
- * The SHA-256 Secure Hash Standard was published by NIST in 2002.
- *
- * http://csrc.nist.gov/publications/fips/fips180-2/fips180-2.pdf
- */
-
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "mbedtls/config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
-
-#if defined(MBEDTLS_SHA256_C)
-
-#include "mbedtls/sha256.h"
-
-#if defined(MBEDTLS_SELF_TEST)
-#if defined(MBEDTLS_PLATFORM_C)
-#include "mbedtls/platform.h"
-#else
-#include <stdio.h>
-#include <stdlib.h>
-#define mbedtls_printf printf
-#define mbedtls_calloc calloc
-#define mbedtls_free free
-#endif /* MBEDTLS_PLATFORM_C */
-#endif /* MBEDTLS_SELF_TEST */
-
-#if !defined(MBEDTLS_SHA256_ALT)
-
-/* Implementation that should never be optimized out by the compiler */
-static void mbedtls_zeroize( void *v, size_t n ) {
- volatile unsigned char *p = v; while( n-- ) *p++ = 0;
-}
-
-/*
- * 32-bit integer manipulation macros (big endian)
- */
-#ifndef GET_UINT32_BE
-#define GET_UINT32_BE(n,b,i) \
-do { \
- (n) = ( (uint32_t) (b)[(i) ] << 24 ) \
- | ( (uint32_t) (b)[(i) + 1] << 16 ) \
- | ( (uint32_t) (b)[(i) + 2] << 8 ) \
- | ( (uint32_t) (b)[(i) + 3] ); \
-} while( 0 )
-#endif
-
-#ifndef PUT_UINT32_BE
-#define PUT_UINT32_BE(n,b,i) \
-do { \
- (b)[(i) ] = (unsigned char) ( (n) >> 24 ); \
- (b)[(i) + 1] = (unsigned char) ( (n) >> 16 ); \
- (b)[(i) + 2] = (unsigned char) ( (n) >> 8 ); \
- (b)[(i) + 3] = (unsigned char) ( (n) ); \
-} while( 0 )
-#endif
-
-void mbedtls_sha256_init( mbedtls_sha256_context *ctx )
-{
- memset( ctx, 0, sizeof( mbedtls_sha256_context ) );
-}
-
-void mbedtls_sha256_free( mbedtls_sha256_context *ctx )
-{
- if( ctx == NULL )
- return;
-
- mbedtls_zeroize( ctx, sizeof( mbedtls_sha256_context ) );
-}
-
-void mbedtls_sha256_clone( mbedtls_sha256_context *dst,
- const mbedtls_sha256_context *src )
-{
- *dst = *src;
-}
-
-/*
- * SHA-256 context setup
- */
-void mbedtls_sha256_starts( mbedtls_sha256_context *ctx, int is224 )
-{
- ctx->total[0] = 0;
- ctx->total[1] = 0;
-
- if( is224 == 0 )
- {
- /* SHA-256 */
- ctx->state[0] = 0x6A09E667;
- ctx->state[1] = 0xBB67AE85;
- ctx->state[2] = 0x3C6EF372;
- ctx->state[3] = 0xA54FF53A;
- ctx->state[4] = 0x510E527F;
- ctx->state[5] = 0x9B05688C;
- ctx->state[6] = 0x1F83D9AB;
- ctx->state[7] = 0x5BE0CD19;
- }
- else
- {
- /* SHA-224 */
- ctx->state[0] = 0xC1059ED8;
- ctx->state[1] = 0x367CD507;
- ctx->state[2] = 0x3070DD17;
- ctx->state[3] = 0xF70E5939;
- ctx->state[4] = 0xFFC00B31;
- ctx->state[5] = 0x68581511;
- ctx->state[6] = 0x64F98FA7;
- ctx->state[7] = 0xBEFA4FA4;
- }
-
- ctx->is224 = is224;
-}
-
-#if !defined(MBEDTLS_SHA256_PROCESS_ALT)
-static const uint32_t K[] =
-{
- 0x428A2F98, 0x71374491, 0xB5C0FBCF, 0xE9B5DBA5,
- 0x3956C25B, 0x59F111F1, 0x923F82A4, 0xAB1C5ED5,
- 0xD807AA98, 0x12835B01, 0x243185BE, 0x550C7DC3,
- 0x72BE5D74, 0x80DEB1FE, 0x9BDC06A7, 0xC19BF174,
- 0xE49B69C1, 0xEFBE4786, 0x0FC19DC6, 0x240CA1CC,
- 0x2DE92C6F, 0x4A7484AA, 0x5CB0A9DC, 0x76F988DA,
- 0x983E5152, 0xA831C66D, 0xB00327C8, 0xBF597FC7,
- 0xC6E00BF3, 0xD5A79147, 0x06CA6351, 0x14292967,
- 0x27B70A85, 0x2E1B2138, 0x4D2C6DFC, 0x53380D13,
- 0x650A7354, 0x766A0ABB, 0x81C2C92E, 0x92722C85,
- 0xA2BFE8A1, 0xA81A664B, 0xC24B8B70, 0xC76C51A3,
- 0xD192E819, 0xD6990624, 0xF40E3585, 0x106AA070,
- 0x19A4C116, 0x1E376C08, 0x2748774C, 0x34B0BCB5,
- 0x391C0CB3, 0x4ED8AA4A, 0x5B9CCA4F, 0x682E6FF3,
- 0x748F82EE, 0x78A5636F, 0x84C87814, 0x8CC70208,
- 0x90BEFFFA, 0xA4506CEB, 0xBEF9A3F7, 0xC67178F2,
-};
-
-#define SHR(x,n) ((x & 0xFFFFFFFF) >> n)
-#define ROTR(x,n) (SHR(x,n) | (x << (32 - n)))
-
-#define S0(x) (ROTR(x, 7) ^ ROTR(x,18) ^ SHR(x, 3))
-#define S1(x) (ROTR(x,17) ^ ROTR(x,19) ^ SHR(x,10))
-
-#define S2(x) (ROTR(x, 2) ^ ROTR(x,13) ^ ROTR(x,22))
-#define S3(x) (ROTR(x, 6) ^ ROTR(x,11) ^ ROTR(x,25))
-
-#define F0(x,y,z) ((x & y) | (z & (x | y)))
-#define F1(x,y,z) (z ^ (x & (y ^ z)))
-
-#define R(t) \
-( \
- W[t] = S1(W[t - 2]) + W[t - 7] + \
- S0(W[t - 15]) + W[t - 16] \
-)
-
-#define P(a,b,c,d,e,f,g,h,x,K) \
-{ \
- temp1 = h + S3(e) + F1(e,f,g) + K + x; \
- temp2 = S2(a) + F0(a,b,c); \
- d += temp1; h = temp1 + temp2; \
-}
-
-void mbedtls_sha256_process( mbedtls_sha256_context *ctx, const unsigned char data[64] )
-{
- uint32_t temp1, temp2, W[64];
- uint32_t A[8];
- unsigned int i;
-
- for( i = 0; i < 8; i++ )
- A[i] = ctx->state[i];
-
-#if defined(MBEDTLS_SHA256_SMALLER)
- for( i = 0; i < 64; i++ )
- {
- if( i < 16 )
- GET_UINT32_BE( W[i], data, 4 * i );
- else
- R( i );
-
- P( A[0], A[1], A[2], A[3], A[4], A[5], A[6], A[7], W[i], K[i] );
-
- temp1 = A[7]; A[7] = A[6]; A[6] = A[5]; A[5] = A[4]; A[4] = A[3];
- A[3] = A[2]; A[2] = A[1]; A[1] = A[0]; A[0] = temp1;
- }
-#else /* MBEDTLS_SHA256_SMALLER */
- for( i = 0; i < 16; i++ )
- GET_UINT32_BE( W[i], data, 4 * i );
-
- for( i = 0; i < 16; i += 8 )
- {
- P( A[0], A[1], A[2], A[3], A[4], A[5], A[6], A[7], W[i+0], K[i+0] );
- P( A[7], A[0], A[1], A[2], A[3], A[4], A[5], A[6], W[i+1], K[i+1] );
- P( A[6], A[7], A[0], A[1], A[2], A[3], A[4], A[5], W[i+2], K[i+2] );
- P( A[5], A[6], A[7], A[0], A[1], A[2], A[3], A[4], W[i+3], K[i+3] );
- P( A[4], A[5], A[6], A[7], A[0], A[1], A[2], A[3], W[i+4], K[i+4] );
- P( A[3], A[4], A[5], A[6], A[7], A[0], A[1], A[2], W[i+5], K[i+5] );
- P( A[2], A[3], A[4], A[5], A[6], A[7], A[0], A[1], W[i+6], K[i+6] );
- P( A[1], A[2], A[3], A[4], A[5], A[6], A[7], A[0], W[i+7], K[i+7] );
- }
-
- for( i = 16; i < 64; i += 8 )
- {
- P( A[0], A[1], A[2], A[3], A[4], A[5], A[6], A[7], R(i+0), K[i+0] );
- P( A[7], A[0], A[1], A[2], A[3], A[4], A[5], A[6], R(i+1), K[i+1] );
- P( A[6], A[7], A[0], A[1], A[2], A[3], A[4], A[5], R(i+2), K[i+2] );
- P( A[5], A[6], A[7], A[0], A[1], A[2], A[3], A[4], R(i+3), K[i+3] );
- P( A[4], A[5], A[6], A[7], A[0], A[1], A[2], A[3], R(i+4), K[i+4] );
- P( A[3], A[4], A[5], A[6], A[7], A[0], A[1], A[2], R(i+5), K[i+5] );
- P( A[2], A[3], A[4], A[5], A[6], A[7], A[0], A[1], R(i+6), K[i+6] );
- P( A[1], A[2], A[3], A[4], A[5], A[6], A[7], A[0], R(i+7), K[i+7] );
- }
-#endif /* MBEDTLS_SHA256_SMALLER */
-
- for( i = 0; i < 8; i++ )
- ctx->state[i] += A[i];
-}
-#endif /* !MBEDTLS_SHA256_PROCESS_ALT */
-
-/*
- * SHA-256 process buffer
- */
-void mbedtls_sha256_update( mbedtls_sha256_context *ctx, const unsigned char *input,
- size_t ilen )
-{
- size_t fill;
- uint32_t left;
-
- if( ilen == 0 )
- return;
-
- left = ctx->total[0] & 0x3F;
- fill = 64 - left;
-
- ctx->total[0] += (uint32_t) ilen;
- ctx->total[0] &= 0xFFFFFFFF;
-
- if( ctx->total[0] < (uint32_t) ilen )
- ctx->total[1]++;
-
- if( left && ilen >= fill )
- {
- memcpy( (void *) (ctx->buffer + left), input, fill );
- mbedtls_sha256_process( ctx, ctx->buffer );
- input += fill;
- ilen -= fill;
- left = 0;
- }
-
- while( ilen >= 64 )
- {
- mbedtls_sha256_process( ctx, input );
- input += 64;
- ilen -= 64;
- }
-
- if( ilen > 0 )
- memcpy( (void *) (ctx->buffer + left), input, ilen );
-}
-
-static const unsigned char sha256_padding[64] =
-{
- 0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0
-};
-
-/*
- * SHA-256 final digest
- */
-void mbedtls_sha256_finish( mbedtls_sha256_context *ctx, unsigned char output[32] )
-{
- uint32_t last, padn;
- uint32_t high, low;
- unsigned char msglen[8];
-
- high = ( ctx->total[0] >> 29 )
- | ( ctx->total[1] << 3 );
- low = ( ctx->total[0] << 3 );
-
- PUT_UINT32_BE( high, msglen, 0 );
- PUT_UINT32_BE( low, msglen, 4 );
-
- last = ctx->total[0] & 0x3F;
- padn = ( last < 56 ) ? ( 56 - last ) : ( 120 - last );
-
- mbedtls_sha256_update( ctx, sha256_padding, padn );
- mbedtls_sha256_update( ctx, msglen, 8 );
-
- PUT_UINT32_BE( ctx->state[0], output, 0 );
- PUT_UINT32_BE( ctx->state[1], output, 4 );
- PUT_UINT32_BE( ctx->state[2], output, 8 );
- PUT_UINT32_BE( ctx->state[3], output, 12 );
- PUT_UINT32_BE( ctx->state[4], output, 16 );
- PUT_UINT32_BE( ctx->state[5], output, 20 );
- PUT_UINT32_BE( ctx->state[6], output, 24 );
-
- if( ctx->is224 == 0 )
- PUT_UINT32_BE( ctx->state[7], output, 28 );
-}
-
-#endif /* !MBEDTLS_SHA256_ALT */
-
-/*
- * output = SHA-256( input buffer )
- */
-void mbedtls_sha256( const unsigned char *input, size_t ilen,
- unsigned char output[32], int is224 )
-{
- mbedtls_sha256_context ctx;
-
- mbedtls_sha256_init( &ctx );
- mbedtls_sha256_starts( &ctx, is224 );
- mbedtls_sha256_update( &ctx, input, ilen );
- mbedtls_sha256_finish( &ctx, output );
- mbedtls_sha256_free( &ctx );
-}
-
-#if defined(MBEDTLS_SELF_TEST)
-/*
- * FIPS-180-2 test vectors
- */
-static const unsigned char sha256_test_buf[3][57] =
-{
- { "abc" },
- { "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq" },
- { "" }
-};
-
-static const int sha256_test_buflen[3] =
-{
- 3, 56, 1000
-};
-
-static const unsigned char sha256_test_sum[6][32] =
-{
- /*
- * SHA-224 test vectors
- */
- { 0x23, 0x09, 0x7D, 0x22, 0x34, 0x05, 0xD8, 0x22,
- 0x86, 0x42, 0xA4, 0x77, 0xBD, 0xA2, 0x55, 0xB3,
- 0x2A, 0xAD, 0xBC, 0xE4, 0xBD, 0xA0, 0xB3, 0xF7,
- 0xE3, 0x6C, 0x9D, 0xA7 },
- { 0x75, 0x38, 0x8B, 0x16, 0x51, 0x27, 0x76, 0xCC,
- 0x5D, 0xBA, 0x5D, 0xA1, 0xFD, 0x89, 0x01, 0x50,
- 0xB0, 0xC6, 0x45, 0x5C, 0xB4, 0xF5, 0x8B, 0x19,
- 0x52, 0x52, 0x25, 0x25 },
- { 0x20, 0x79, 0x46, 0x55, 0x98, 0x0C, 0x91, 0xD8,
- 0xBB, 0xB4, 0xC1, 0xEA, 0x97, 0x61, 0x8A, 0x4B,
- 0xF0, 0x3F, 0x42, 0x58, 0x19, 0x48, 0xB2, 0xEE,
- 0x4E, 0xE7, 0xAD, 0x67 },
-
- /*
- * SHA-256 test vectors
- */
- { 0xBA, 0x78, 0x16, 0xBF, 0x8F, 0x01, 0xCF, 0xEA,
- 0x41, 0x41, 0x40, 0xDE, 0x5D, 0xAE, 0x22, 0x23,
- 0xB0, 0x03, 0x61, 0xA3, 0x96, 0x17, 0x7A, 0x9C,
- 0xB4, 0x10, 0xFF, 0x61, 0xF2, 0x00, 0x15, 0xAD },
- { 0x24, 0x8D, 0x6A, 0x61, 0xD2, 0x06, 0x38, 0xB8,
- 0xE5, 0xC0, 0x26, 0x93, 0x0C, 0x3E, 0x60, 0x39,
- 0xA3, 0x3C, 0xE4, 0x59, 0x64, 0xFF, 0x21, 0x67,
- 0xF6, 0xEC, 0xED, 0xD4, 0x19, 0xDB, 0x06, 0xC1 },
- { 0xCD, 0xC7, 0x6E, 0x5C, 0x99, 0x14, 0xFB, 0x92,
- 0x81, 0xA1, 0xC7, 0xE2, 0x84, 0xD7, 0x3E, 0x67,
- 0xF1, 0x80, 0x9A, 0x48, 0xA4, 0x97, 0x20, 0x0E,
- 0x04, 0x6D, 0x39, 0xCC, 0xC7, 0x11, 0x2C, 0xD0 }
-};
-
-/*
- * Checkup routine
- */
-int mbedtls_sha256_self_test( int verbose )
-{
- int i, j, k, buflen, ret = 0;
- unsigned char *buf;
- unsigned char sha256sum[32];
- mbedtls_sha256_context ctx;
-
- buf = mbedtls_calloc( 1024, sizeof(unsigned char) );
- if( NULL == buf )
- {
- if( verbose != 0 )
- mbedtls_printf( "Buffer allocation failed\n" );
-
- return( 1 );
- }
-
- mbedtls_sha256_init( &ctx );
-
- for( i = 0; i < 6; i++ )
- {
- j = i % 3;
- k = i < 3;
-
- if( verbose != 0 )
- mbedtls_printf( " SHA-%d test #%d: ", 256 - k * 32, j + 1 );
-
- mbedtls_sha256_starts( &ctx, k );
-
- if( j == 2 )
- {
- memset( buf, 'a', buflen = 1000 );
-
- for( j = 0; j < 1000; j++ )
- mbedtls_sha256_update( &ctx, buf, buflen );
- }
- else
- mbedtls_sha256_update( &ctx, sha256_test_buf[j],
- sha256_test_buflen[j] );
-
- mbedtls_sha256_finish( &ctx, sha256sum );
-
- if( memcmp( sha256sum, sha256_test_sum[i], 32 - k * 4 ) != 0 )
- {
- if( verbose != 0 )
- mbedtls_printf( "failed\n" );
-
- ret = 1;
- goto exit;
- }
-
- if( verbose != 0 )
- mbedtls_printf( "passed\n" );
- }
-
- if( verbose != 0 )
- mbedtls_printf( "\n" );
-
-exit:
- mbedtls_sha256_free( &ctx );
- mbedtls_free( buf );
-
- return( ret );
-}
-
-#endif /* MBEDTLS_SELF_TEST */
-
-#endif /* MBEDTLS_SHA256_C */
diff --git a/backport/compat/verification/verify.c b/backport/compat/verification/verify.c
deleted file mode 100644
index 6f686a63..00000000
--- a/backport/compat/verification/verify.c
+++ /dev/null
@@ -1,65 +0,0 @@
-#include <linux/kernel.h>
-#include <linux/bug.h>
-#include <linux/verification.h>
-#include <linux/export.h>
-#include <linux/err.h>
-#include <crypto/pkcs7.h>
-
-int verify_pkcs7_signature(const void *data, size_t len,
- const void *raw_pkcs7, size_t pkcs7_len,
- struct key *trusted_keys,
- enum key_being_used_for usage,
- int (*view_content)(void *ctx,
- const void *data, size_t len,
- size_t asn1hdrlen),
- void *ctx)
-{
- struct pkcs7_message *pkcs7;
- int ret;
-
- pkcs7 = pkcs7_parse_message(raw_pkcs7, pkcs7_len);
- if (IS_ERR(pkcs7))
- return PTR_ERR(pkcs7);
-
- /* The data should be detached - so we need to supply it. */
- if (data && pkcs7_supply_detached_data(pkcs7, data, len) < 0) {
- pr_err("PKCS#7 signature with non-detached data\n");
- ret = -EBADMSG;
- goto error;
- }
-
- ret = pkcs7_verify(pkcs7, usage);
- if (ret < 0)
- goto error;
-
- if (WARN_ON(!trusted_keys)) {
- ret = -EINVAL;
- goto error;
- }
-
- ret = pkcs7_validate_trust(pkcs7, trusted_keys);
- if (ret < 0) {
- if (ret == -ENOKEY)
- pr_err("PKCS#7 signature not signed with a trusted key\n");
- goto error;
- }
-
- if (view_content) {
- size_t asn1hdrlen;
-
- ret = pkcs7_get_content_data(pkcs7, &data, &len, &asn1hdrlen);
- if (ret < 0) {
- if (ret == -ENODATA)
- pr_devel("PKCS#7 message does not contain data\n");
- goto error;
- }
-
- ret = view_content(ctx, data, len, asn1hdrlen);
- }
-
-error:
- pkcs7_free_message(pkcs7);
- pr_devel("<==%s() = %d\n", __func__, ret);
- return ret;
-}
-EXPORT_SYMBOL_GPL(verify_pkcs7_signature);
diff --git a/backport/compat/verification/x509.asn1.c b/backport/compat/verification/x509.asn1.c
deleted file mode 100644
index e68864b6..00000000
--- a/backport/compat/verification/x509.asn1.c
+++ /dev/null
@@ -1,185 +0,0 @@
-/*
- * Automatically generated by asn1_compiler. Do not edit
- *
- * ASN.1 parser for x509
- */
-#include <linux/asn1_ber_bytecode.h>
-#include "x509.asn1.h"
-
-enum x509_actions {
- ACT_x509_extract_key_data = 0,
- ACT_x509_extract_name_segment = 1,
- ACT_x509_note_OID = 2,
- ACT_x509_note_issuer = 3,
- ACT_x509_note_not_after = 4,
- ACT_x509_note_not_before = 5,
- ACT_x509_note_params = 6,
- ACT_x509_note_pkey_algo = 7,
- ACT_x509_note_serial = 8,
- ACT_x509_note_signature = 9,
- ACT_x509_note_subject = 10,
- ACT_x509_note_tbs_certificate = 11,
- ACT_x509_process_extension = 12,
- NR__x509_actions = 13
-};
-
-static const asn1_action_t x509_action_table[NR__x509_actions] = {
- [ 0] = x509_extract_key_data,
- [ 1] = x509_extract_name_segment,
- [ 2] = x509_note_OID,
- [ 3] = x509_note_issuer,
- [ 4] = x509_note_not_after,
- [ 5] = x509_note_not_before,
- [ 6] = x509_note_params,
- [ 7] = x509_note_pkey_algo,
- [ 8] = x509_note_serial,
- [ 9] = x509_note_signature,
- [ 10] = x509_note_subject,
- [ 11] = x509_note_tbs_certificate,
- [ 12] = x509_process_extension,
-};
-
-static const unsigned char x509_machine[] = {
- // Certificate
- [ 0] = ASN1_OP_MATCH,
- [ 1] = _tag(UNIV, CONS, SEQ),
- // TBSCertificate
- [ 2] = ASN1_OP_MATCH,
- [ 3] = _tag(UNIV, CONS, SEQ),
- [ 4] = ASN1_OP_MATCH_JUMP_OR_SKIP, // version
- [ 5] = _tagn(CONT, CONS, 0),
- [ 6] = _jump_target(70),
- // CertificateSerialNumber
- [ 7] = ASN1_OP_MATCH,
- [ 8] = _tag(UNIV, PRIM, INT),
- [ 9] = ASN1_OP_ACT,
- [ 10] = _action(ACT_x509_note_serial),
- // AlgorithmIdentifier
- [ 11] = ASN1_OP_MATCH_JUMP,
- [ 12] = _tag(UNIV, CONS, SEQ),
- [ 13] = _jump_target(74), // --> AlgorithmIdentifier
- [ 14] = ASN1_OP_ACT,
- [ 15] = _action(ACT_x509_note_pkey_algo),
- // Name
- [ 16] = ASN1_OP_MATCH_JUMP,
- [ 17] = _tag(UNIV, CONS, SEQ),
- [ 18] = _jump_target(81), // --> Name
- [ 19] = ASN1_OP_ACT,
- [ 20] = _action(ACT_x509_note_issuer),
- // Validity
- [ 21] = ASN1_OP_MATCH,
- [ 22] = _tag(UNIV, CONS, SEQ),
- // Time
- [ 23] = ASN1_OP_MATCH_OR_SKIP, // utcTime
- [ 24] = _tag(UNIV, PRIM, UNITIM),
- [ 25] = ASN1_OP_COND_MATCH_OR_SKIP, // generalTime
- [ 26] = _tag(UNIV, PRIM, GENTIM),
- [ 27] = ASN1_OP_COND_FAIL,
- [ 28] = ASN1_OP_ACT,
- [ 29] = _action(ACT_x509_note_not_before),
- // Time
- [ 30] = ASN1_OP_MATCH_OR_SKIP, // utcTime
- [ 31] = _tag(UNIV, PRIM, UNITIM),
- [ 32] = ASN1_OP_COND_MATCH_OR_SKIP, // generalTime
- [ 33] = _tag(UNIV, PRIM, GENTIM),
- [ 34] = ASN1_OP_COND_FAIL,
- [ 35] = ASN1_OP_ACT,
- [ 36] = _action(ACT_x509_note_not_after),
- [ 37] = ASN1_OP_END_SEQ,
- // Name
- [ 38] = ASN1_OP_MATCH_JUMP,
- [ 39] = _tag(UNIV, CONS, SEQ),
- [ 40] = _jump_target(81), // --> Name
- [ 41] = ASN1_OP_ACT,
- [ 42] = _action(ACT_x509_note_subject),
- // SubjectPublicKeyInfo
- [ 43] = ASN1_OP_MATCH,
- [ 44] = _tag(UNIV, CONS, SEQ),
- // AlgorithmIdentifier
- [ 45] = ASN1_OP_MATCH_JUMP,
- [ 46] = _tag(UNIV, CONS, SEQ),
- [ 47] = _jump_target(74), // --> AlgorithmIdentifier
- [ 48] = ASN1_OP_MATCH_ACT, // subjectPublicKey
- [ 49] = _tag(UNIV, PRIM, BTS),
- [ 50] = _action(ACT_x509_extract_key_data),
- [ 51] = ASN1_OP_END_SEQ,
- // UniqueIdentifier
- [ 52] = ASN1_OP_MATCH_OR_SKIP, // issuerUniqueID
- [ 53] = _tagn(CONT, PRIM, 1),
- // UniqueIdentifier
- [ 54] = ASN1_OP_MATCH_OR_SKIP, // subjectUniqueID
- [ 55] = _tagn(CONT, PRIM, 2),
- [ 56] = ASN1_OP_MATCH_JUMP_OR_SKIP, // extensions
- [ 57] = _tagn(CONT, CONS, 3),
- [ 58] = _jump_target(96),
- [ 59] = ASN1_OP_END_SEQ,
- [ 60] = ASN1_OP_ACT,
- [ 61] = _action(ACT_x509_note_tbs_certificate),
- // AlgorithmIdentifier
- [ 62] = ASN1_OP_MATCH_JUMP,
- [ 63] = _tag(UNIV, CONS, SEQ),
- [ 64] = _jump_target(74), // --> AlgorithmIdentifier
- [ 65] = ASN1_OP_MATCH_ACT, // signature
- [ 66] = _tag(UNIV, PRIM, BTS),
- [ 67] = _action(ACT_x509_note_signature),
- [ 68] = ASN1_OP_END_SEQ,
- [ 69] = ASN1_OP_COMPLETE,
-
- // Version
- [ 70] = ASN1_OP_MATCH,
- [ 71] = _tag(UNIV, PRIM, INT),
- [ 72] = ASN1_OP_END_SEQ,
- [ 73] = ASN1_OP_RETURN,
-
- [ 74] = ASN1_OP_MATCH_ACT, // algorithm
- [ 75] = _tag(UNIV, PRIM, OID),
- [ 76] = _action(ACT_x509_note_OID),
- [ 77] = ASN1_OP_MATCH_ANY_ACT_OR_SKIP, // parameters
- [ 78] = _action(ACT_x509_note_params),
- [ 79] = ASN1_OP_END_SEQ,
- [ 80] = ASN1_OP_RETURN,
-
- // RelativeDistinguishedName
- [ 81] = ASN1_OP_MATCH,
- [ 82] = _tag(UNIV, CONS, SET),
- // AttributeValueAssertion
- [ 83] = ASN1_OP_MATCH,
- [ 84] = _tag(UNIV, CONS, SEQ),
- [ 85] = ASN1_OP_MATCH_ACT, // attributeType
- [ 86] = _tag(UNIV, PRIM, OID),
- [ 87] = _action(ACT_x509_note_OID),
- [ 88] = ASN1_OP_MATCH_ANY_ACT, // attributeValue
- [ 89] = _action(ACT_x509_extract_name_segment),
- [ 90] = ASN1_OP_END_SEQ,
- [ 91] = ASN1_OP_END_SET_OF,
- [ 92] = _jump_target(83),
- [ 93] = ASN1_OP_END_SEQ_OF,
- [ 94] = _jump_target(81),
- [ 95] = ASN1_OP_RETURN,
-
- // Extensions
- [ 96] = ASN1_OP_MATCH,
- [ 97] = _tag(UNIV, CONS, SEQ),
- // Extension
- [ 98] = ASN1_OP_MATCH,
- [ 99] = _tag(UNIV, CONS, SEQ),
- [ 100] = ASN1_OP_MATCH_ACT, // extnid
- [ 101] = _tag(UNIV, PRIM, OID),
- [ 102] = _action(ACT_x509_note_OID),
- [ 103] = ASN1_OP_MATCH_OR_SKIP, // critical
- [ 104] = _tag(UNIV, PRIM, BOOL),
- [ 105] = ASN1_OP_MATCH_ACT, // extnValue
- [ 106] = _tag(UNIV, PRIM, OTS),
- [ 107] = _action(ACT_x509_process_extension),
- [ 108] = ASN1_OP_END_SEQ,
- [ 109] = ASN1_OP_END_SEQ_OF,
- [ 110] = _jump_target(98),
- [ 111] = ASN1_OP_END_SEQ,
- [ 112] = ASN1_OP_RETURN,
-};
-
-const struct asn1_decoder x509_decoder = {
- .machine = x509_machine,
- .machlen = sizeof(x509_machine),
- .actions = x509_action_table,
-};
diff --git a/backport/compat/verification/x509.asn1.h b/backport/compat/verification/x509.asn1.h
deleted file mode 100644
index 77ec6085..00000000
--- a/backport/compat/verification/x509.asn1.h
+++ /dev/null
@@ -1,23 +0,0 @@
-/*
- * Automatically generated by asn1_compiler. Do not edit
- *
- * ASN.1 parser for x509
- */
-#include <linux/asn1_decoder.h>
-
-extern const struct asn1_decoder x509_decoder;
-
-extern int x509_extract_key_data(void *, size_t, unsigned char, const void *, size_t);
-extern int x509_extract_name_segment(void *, size_t, unsigned char, const void *, size_t);
-extern int x509_note_OID(void *, size_t, unsigned char, const void *, size_t);
-extern int x509_note_issuer(void *, size_t, unsigned char, const void *, size_t);
-extern int x509_note_not_after(void *, size_t, unsigned char, const void *, size_t);
-extern int x509_note_not_before(void *, size_t, unsigned char, const void *, size_t);
-extern int x509_note_params(void *, size_t, unsigned char, const void *, size_t);
-extern int x509_note_pkey_algo(void *, size_t, unsigned char, const void *, size_t);
-extern int x509_note_serial(void *, size_t, unsigned char, const void *, size_t);
-extern int x509_note_signature(void *, size_t, unsigned char, const void *, size_t);
-extern int x509_note_subject(void *, size_t, unsigned char, const void *, size_t);
-extern int x509_note_tbs_certificate(void *, size_t, unsigned char, const void *, size_t);
-extern int x509_process_extension(void *, size_t, unsigned char, const void *, size_t);
-
diff --git a/backport/compat/verification/x509_akid.asn1.c b/backport/compat/verification/x509_akid.asn1.c
deleted file mode 100644
index 10f4802a..00000000
--- a/backport/compat/verification/x509_akid.asn1.c
+++ /dev/null
@@ -1,144 +0,0 @@
-/*
- * Automatically generated by asn1_compiler. Do not edit
- *
- * ASN.1 parser for x509_akid
- */
-#include <linux/asn1_ber_bytecode.h>
-#include "x509_akid.asn1.h"
-
-enum x509_akid_actions {
- ACT_x509_akid_note_kid = 0,
- ACT_x509_akid_note_name = 1,
- ACT_x509_akid_note_serial = 2,
- ACT_x509_extract_name_segment = 3,
- ACT_x509_note_OID = 4,
- NR__x509_akid_actions = 5
-};
-
-static const asn1_action_t x509_akid_action_table[NR__x509_akid_actions] = {
- [ 0] = x509_akid_note_kid,
- [ 1] = x509_akid_note_name,
- [ 2] = x509_akid_note_serial,
- [ 3] = x509_extract_name_segment,
- [ 4] = x509_note_OID,
-};
-
-static const unsigned char x509_akid_machine[] = {
- // AuthorityKeyIdentifier
- [ 0] = ASN1_OP_MATCH,
- [ 1] = _tag(UNIV, CONS, SEQ),
- // KeyIdentifier
- [ 2] = ASN1_OP_MATCH_ACT_OR_SKIP, // keyIdentifier
- [ 3] = _tagn(CONT, PRIM, 0),
- [ 4] = _action(ACT_x509_akid_note_kid),
- // GeneralNames
- [ 5] = ASN1_OP_MATCH_JUMP_OR_SKIP, // authorityCertIssuer
- [ 6] = _tagn(CONT, CONS, 1),
- [ 7] = _jump_target(13), // --> GeneralNames
- // CertificateSerialNumber
- [ 8] = ASN1_OP_MATCH_ACT_OR_SKIP, // authorityCertSerialNumber
- [ 9] = _tagn(CONT, PRIM, 2),
- [ 10] = _action(ACT_x509_akid_note_serial),
- [ 11] = ASN1_OP_END_SEQ,
- [ 12] = ASN1_OP_COMPLETE,
-
- // GeneralName
- [ 13] = ASN1_OP_MATCH_JUMP_OR_SKIP, // otherName
- [ 14] = _tagn(CONT, CONS, 0),
- [ 15] = _jump_target(44),
- [ 16] = ASN1_OP_COND_MATCH_JUMP_OR_SKIP, // rfc822Name
- [ 17] = _tagn(CONT, CONS, 1),
- [ 18] = _jump_target(47),
- [ 19] = ASN1_OP_COND_MATCH_JUMP_OR_SKIP, // dNSName
- [ 20] = _tagn(CONT, CONS, 2),
- [ 21] = _jump_target(51),
- [ 22] = ASN1_OP_COND_MATCH_JUMP_OR_SKIP, // x400Address
- [ 23] = _tagn(CONT, CONS, 3),
- [ 24] = _jump_target(55),
- [ 25] = ASN1_OP_COND_MATCH_JUMP_OR_SKIP, // directoryName
- [ 26] = _tagn(CONT, CONS, 4),
- [ 27] = _jump_target(58),
- [ 28] = ASN1_OP_COND_MATCH_JUMP_OR_SKIP, // ediPartyName
- [ 29] = _tagn(CONT, CONS, 5),
- [ 30] = _jump_target(78),
- [ 31] = ASN1_OP_COND_MATCH_JUMP_OR_SKIP, // uniformResourceIdentifier
- [ 32] = _tagn(CONT, CONS, 6),
- [ 33] = _jump_target(81),
- [ 34] = ASN1_OP_COND_MATCH_JUMP_OR_SKIP, // iPAddress
- [ 35] = _tagn(CONT, CONS, 7),
- [ 36] = _jump_target(85),
- [ 37] = ASN1_OP_COND_MATCH_JUMP_OR_SKIP, // registeredID
- [ 38] = _tagn(CONT, CONS, 8),
- [ 39] = _jump_target(89),
- [ 40] = ASN1_OP_COND_FAIL,
- [ 41] = ASN1_OP_END_SEQ_OF,
- [ 42] = _jump_target(13),
- [ 43] = ASN1_OP_RETURN,
-
- [ 44] = ASN1_OP_MATCH_ANY, // otherName
- [ 45] = ASN1_OP_END_SEQ,
- [ 46] = ASN1_OP_RETURN,
-
- [ 47] = ASN1_OP_MATCH, // rfc822Name
- [ 48] = _tag(UNIV, PRIM, IA5STR),
- [ 49] = ASN1_OP_END_SEQ,
- [ 50] = ASN1_OP_RETURN,
-
- [ 51] = ASN1_OP_MATCH, // dNSName
- [ 52] = _tag(UNIV, PRIM, IA5STR),
- [ 53] = ASN1_OP_END_SEQ,
- [ 54] = ASN1_OP_RETURN,
-
- [ 55] = ASN1_OP_MATCH_ANY, // x400Address
- [ 56] = ASN1_OP_END_SEQ,
- [ 57] = ASN1_OP_RETURN,
-
- // Name
- [ 58] = ASN1_OP_MATCH,
- [ 59] = _tag(UNIV, CONS, SEQ),
- // RelativeDistinguishedName
- [ 60] = ASN1_OP_MATCH,
- [ 61] = _tag(UNIV, CONS, SET),
- // AttributeValueAssertion
- [ 62] = ASN1_OP_MATCH,
- [ 63] = _tag(UNIV, CONS, SEQ),
- [ 64] = ASN1_OP_MATCH_ACT, // attributeType
- [ 65] = _tag(UNIV, PRIM, OID),
- [ 66] = _action(ACT_x509_note_OID),
- [ 67] = ASN1_OP_MATCH_ANY_ACT, // attributeValue
- [ 68] = _action(ACT_x509_extract_name_segment),
- [ 69] = ASN1_OP_END_SEQ,
- [ 70] = ASN1_OP_END_SET_OF,
- [ 71] = _jump_target(62),
- [ 72] = ASN1_OP_END_SEQ_OF,
- [ 73] = _jump_target(60),
- [ 74] = ASN1_OP_ACT,
- [ 75] = _action(ACT_x509_akid_note_name),
- [ 76] = ASN1_OP_END_SEQ,
- [ 77] = ASN1_OP_RETURN,
-
- [ 78] = ASN1_OP_MATCH_ANY, // ediPartyName
- [ 79] = ASN1_OP_END_SEQ,
- [ 80] = ASN1_OP_RETURN,
-
- [ 81] = ASN1_OP_MATCH, // uniformResourceIdentifier
- [ 82] = _tag(UNIV, PRIM, IA5STR),
- [ 83] = ASN1_OP_END_SEQ,
- [ 84] = ASN1_OP_RETURN,
-
- [ 85] = ASN1_OP_MATCH, // iPAddress
- [ 86] = _tag(UNIV, PRIM, OTS),
- [ 87] = ASN1_OP_END_SEQ,
- [ 88] = ASN1_OP_RETURN,
-
- [ 89] = ASN1_OP_MATCH, // registeredID
- [ 90] = _tag(UNIV, PRIM, OID),
- [ 91] = ASN1_OP_END_SEQ,
- [ 92] = ASN1_OP_RETURN,
-};
-
-const struct asn1_decoder x509_akid_decoder = {
- .machine = x509_akid_machine,
- .machlen = sizeof(x509_akid_machine),
- .actions = x509_akid_action_table,
-};
diff --git a/backport/compat/verification/x509_akid.asn1.h b/backport/compat/verification/x509_akid.asn1.h
deleted file mode 100644
index 92914da5..00000000
--- a/backport/compat/verification/x509_akid.asn1.h
+++ /dev/null
@@ -1,15 +0,0 @@
-/*
- * Automatically generated by asn1_compiler. Do not edit
- *
- * ASN.1 parser for x509_akid
- */
-#include <linux/asn1_decoder.h>
-
-extern const struct asn1_decoder x509_akid_decoder;
-
-extern int x509_akid_note_kid(void *, size_t, unsigned char, const void *, size_t);
-extern int x509_akid_note_name(void *, size_t, unsigned char, const void *, size_t);
-extern int x509_akid_note_serial(void *, size_t, unsigned char, const void *, size_t);
-extern int x509_extract_name_segment(void *, size_t, unsigned char, const void *, size_t);
-extern int x509_note_OID(void *, size_t, unsigned char, const void *, size_t);
-
diff --git a/copy-list b/copy-list
index 027e9c88..30368c81 100644
--- a/copy-list
+++ b/copy-list
@@ -70,19 +70,6 @@ include/net/codel_qdisc.h
include/net/fq.h
include/net/fq_impl.h
-# signature verification code
-include/linux/asn1.h
-include/linux/asn1_ber_bytecode.h
-include/linux/oid_registry.h
-lib/build_OID_registry -> compat/build_OID_registry
-crypto/asymmetric_keys/pkcs7_parser.c -> compat/verification/pkcs7_parser.c
-crypto/asymmetric_keys/pkcs7_parser.h -> compat/verification/pkcs7_parser.h
-crypto/asymmetric_keys/pkcs7_trust.c -> compat/verification/pkcs7_trust.c
-crypto/asymmetric_keys/pkcs7_verify.c -> compat/verification/pkcs7_verify.c
-crypto/asymmetric_keys/x509_cert_parser.c -> compat/verification/x509_cert_parser.c
-crypto/asymmetric_keys/x509_parser.h -> compat/verification/x509_parser.h
-crypto/asymmetric_keys/x509_public_key.c -> compat/verification/x509_public_key.c
-
net/Makefile
net/Kconfig
net/qrtr/
diff --git a/copy-list.hwsim b/copy-list.hwsim
index 2ea91c87..b1b00bcc 100644
--- a/copy-list.hwsim
+++ b/copy-list.hwsim
@@ -66,19 +66,6 @@ include/net/codel_qdisc.h
include/net/fq.h
include/net/fq_impl.h
-# signature verification code
-include/linux/asn1.h
-include/linux/asn1_ber_bytecode.h
-include/linux/oid_registry.h
-lib/build_OID_registry -> compat/build_OID_registry
-crypto/asymmetric_keys/pkcs7_parser.c -> compat/verification/pkcs7_parser.c
-crypto/asymmetric_keys/pkcs7_parser.h -> compat/verification/pkcs7_parser.h
-crypto/asymmetric_keys/pkcs7_trust.c -> compat/verification/pkcs7_trust.c
-crypto/asymmetric_keys/pkcs7_verify.c -> compat/verification/pkcs7_verify.c
-crypto/asymmetric_keys/x509_cert_parser.c -> compat/verification/x509_cert_parser.c
-crypto/asymmetric_keys/x509_parser.h -> compat/verification/x509_parser.h
-crypto/asymmetric_keys/x509_public_key.c -> compat/verification/x509_public_key.c
-
net/Makefile
net/Kconfig
net/wireless/
diff --git a/patches/verify.patch b/patches/verify.patch
deleted file mode 100644
index 370fd5f7..00000000
--- a/patches/verify.patch
+++ /dev/null
@@ -1,101 +0,0 @@
---- a/compat/verification/pkcs7_trust.c
-+++ b/compat/verification/pkcs7_trust.c
-@@ -112,7 +112,7 @@ static int pkcs7_validate_trust_one(stru
- return -ENOKEY;
-
- matched:
-- ret = verify_signature(key, sig);
-+ ret = public_key_verify_signature(key->public_key, sig);
- key_put(key);
- if (ret < 0) {
- if (ret == -ENOMEM)
---- a/compat/verification/x509_public_key.c
-+++ b/compat/verification/x509_public_key.c
-@@ -9,11 +9,8 @@
- #include <linux/module.h>
- #include <linux/kernel.h>
- #include <linux/slab.h>
--#include <keys/asymmetric-subtype.h>
--#include <keys/asymmetric-parser.h>
- #include <keys/system_keyring.h>
- #include <crypto/hash.h>
--#include "asymmetric_keys.h"
- #include "x509_parser.h"
-
- /*
-@@ -154,6 +151,7 @@ not_self_signed:
- return 0;
- }
-
-+#if 0
- /*
- * Attempt to parse a data blob for a key as an X509 certificate.
- */
-@@ -272,3 +270,4 @@ module_exit(x509_key_exit);
- MODULE_DESCRIPTION("X.509 certificate parser");
- MODULE_AUTHOR("Red Hat, Inc.");
- MODULE_LICENSE("GPL");
-+#endif
---- a/include/crypto/pkcs7.h
-+++ b/include/crypto/pkcs7.h
-@@ -2,5 +2,10 @@
- #ifndef CPTCFG_BPAUTO_PKCS7
- #include_next <crypto/pkcs7.h>
- #else
-+#define pkcs7_verify LINUX_BACKPORT(pkcs7_verify)
-+#define pkcs7_get_content_data LINUX_BACKPORT(pkcs7_get_content_data)
-+#define pkcs7_parse_message LINUX_BACKPORT(pkcs7_parse_message)
-+#define pkcs7_free_message LINUX_BACKPORT(pkcs7_free_message)
-+#define pkcs7_validate_trust LINUX_BACKPORT(pkcs7_validate_trust)
- #include <crypto/backport-pkcs7.h>
- #endif /* CPTCFG_BPAUTO_PKCS7 */
---- a/compat/verification/x509_parser.h
-+++ b/compat/verification/x509_parser.h
-@@ -9,6 +9,10 @@
- #include <crypto/public_key.h>
- #include <keys/asymmetric-type.h>
-
-+#define x509_decode_time LINUX_BACKPORT(x509_decode_time)
-+#define x509_cert_parse LINUX_BACKPORT(x509_cert_parse)
-+#define x509_free_certificate LINUX_BACKPORT(x509_free_certificate)
-+
- struct x509_certificate {
- struct x509_certificate *next;
- struct x509_certificate *signer; /* Certificate that signed this one */
---- a/include/crypto/backport-public_key.h
-+++ b/include/crypto/backport-public_key.h
-@@ -52,34 +52,6 @@ extern void public_key_signature_free(st
-
- extern struct asymmetric_key_subtype public_key_subtype;
-
--struct key;
--struct key_type;
--union key_payload;
--
--extern int restrict_link_by_signature(struct key *dest_keyring,
-- const struct key_type *type,
-- const union key_payload *payload,
-- struct key *trust_keyring);
--
--extern int restrict_link_by_key_or_keyring(struct key *dest_keyring,
-- const struct key_type *type,
-- const union key_payload *payload,
-- struct key *trusted);
--
--extern int restrict_link_by_key_or_keyring_chain(struct key *trust_keyring,
-- const struct key_type *type,
-- const union key_payload *payload,
-- struct key *trusted);
--
--extern int query_asymmetric_key(const struct kernel_pkey_params *,
-- struct kernel_pkey_query *);
--
--extern int encrypt_blob(struct kernel_pkey_params *, const void *, void *);
--extern int decrypt_blob(struct kernel_pkey_params *, const void *, void *);
--extern int create_signature(struct kernel_pkey_params *, const void *, void *);
--extern int verify_signature(const struct key *,
-- const struct public_key_signature *);
--
- int public_key_verify_signature(const struct public_key *pkey,
- const struct public_key_signature *sig);
-
--
2.44.0
