| /mbedtls/library/ |
| A D | sha3.c | 108 uint64_t t; in keccak_f1600() local
117 s[i] ^= t; s[i + 5] ^= t; s[i + 10] ^= t; s[i + 15] ^= t; s[i + 20] ^= t; in keccak_f1600()
127 s[0] ^= t; s[5] ^= t; s[10] ^= t; s[15] ^= t; s[20] ^= t; in keccak_f1600()
130 s[1] ^= t; s[6] ^= t; s[11] ^= t; s[16] ^= t; s[21] ^= t; in keccak_f1600()
133 s[2] ^= t; s[7] ^= t; s[12] ^= t; s[17] ^= t; s[22] ^= t; in keccak_f1600()
136 s[3] ^= t; s[8] ^= t; s[13] ^= t; s[18] ^= t; s[23] ^= t; in keccak_f1600()
139 s[4] ^= t; s[9] ^= t; s[14] ^= t; s[19] ^= t; s[24] ^= t; in keccak_f1600()
160 t = s[1]; in keccak_f1600()
171 SWAP(s[MBEDTLS_BYTE_0(p)], t); SWAP(s[MBEDTLS_BYTE_1(p)], t); in keccak_f1600()
172 SWAP(s[MBEDTLS_BYTE_2(p)], t); SWAP(s[MBEDTLS_BYTE_3(p)], t); in keccak_f1600()
[all …]
|
| A D | aes.c | 892 } t; in mbedtls_internal_aes_encrypt() local
894 t.X[0] = MBEDTLS_GET_UINT32_LE(input, 0); t.X[0] ^= *RK++; in mbedtls_internal_aes_encrypt()
900 AES_FROUND(t.Y[0], t.Y[1], t.Y[2], t.Y[3], t.X[0], t.X[1], t.X[2], t.X[3]); in mbedtls_internal_aes_encrypt()
901 AES_FROUND(t.X[0], t.X[1], t.X[2], t.X[3], t.Y[0], t.Y[1], t.Y[2], t.Y[3]); in mbedtls_internal_aes_encrypt()
904 AES_FROUND(t.Y[0], t.Y[1], t.Y[2], t.Y[3], t.X[0], t.X[1], t.X[2], t.X[3]); in mbedtls_internal_aes_encrypt()
935 mbedtls_platform_zeroize(&t, sizeof(t)); in mbedtls_internal_aes_encrypt()
954 } t; in mbedtls_internal_aes_decrypt() local
962 AES_RROUND(t.Y[0], t.Y[1], t.Y[2], t.Y[3], t.X[0], t.X[1], t.X[2], t.X[3]); in mbedtls_internal_aes_decrypt()
963 AES_RROUND(t.X[0], t.X[1], t.X[2], t.X[3], t.Y[0], t.Y[1], t.Y[2], t.Y[3]); in mbedtls_internal_aes_decrypt()
966 AES_RROUND(t.Y[0], t.Y[1], t.Y[2], t.Y[3], t.X[0], t.X[1], t.X[2], t.X[3]); in mbedtls_internal_aes_decrypt()
[all …]
|
| A D | timing.c | 68 struct _hr_time *t = (struct _hr_time *) val; in mbedtls_timing_get_timer() local
71 QueryPerformanceCounter(&t->start); in mbedtls_timing_get_timer()
78 delta = (unsigned long) ((now.QuadPart - t->start.QuadPart) * 1000ul in mbedtls_timing_get_timer()
88 struct _hr_time *t = (struct _hr_time *) val; in mbedtls_timing_get_timer() local
91 gettimeofday(&t->start, NULL); in mbedtls_timing_get_timer()
97 delta = (now.tv_sec - t->start.tv_sec) * 1000ul in mbedtls_timing_get_timer()
98 + (now.tv_usec - t->start.tv_usec) / 1000; in mbedtls_timing_get_timer()
|
| A D | hkdf.c | 74 unsigned char t[MBEDTLS_MD_MAX_SIZE]; in mbedtls_hkdf_expand() local
111 memset(t, 0, hash_len); in mbedtls_hkdf_expand()
126 ret = mbedtls_md_hmac_update(&ctx, t, t_len); in mbedtls_hkdf_expand()
143 ret = mbedtls_md_hmac_finish(&ctx, t); in mbedtls_hkdf_expand()
149 memcpy(okm + where, t, num_to_copy); in mbedtls_hkdf_expand()
156 mbedtls_platform_zeroize(t, sizeof(t)); in mbedtls_hkdf_expand()
|
| A D | nist_kw.c | 113 static void calc_a_xor_t(unsigned char A[KW_SEMIBLOCK_LENGTH], uint64_t t) in calc_a_xor_t() argument
116 for (i = 0; i < sizeof(t); i++) { in calc_a_xor_t()
117 A[i] ^= (t >> ((sizeof(t) - 1 - i) * 8)) & 0xff; in calc_a_xor_t()
134 uint64_t t = 0; in mbedtls_nist_kw_wrap() local
214 for (t = 1; t <= s; t++) { in mbedtls_nist_kw_wrap()
225 calc_a_xor_t(A, t); in mbedtls_nist_kw_wrap()
264 uint64_t t = 0; in unwrap() local
279 for (t = s; t >= 1; t--) { in unwrap()
280 calc_a_xor_t(A, t); in unwrap()
|
| A D | bignum_core.c | 414 c = (t < A[i]); in mbedtls_mpi_core_add()
415 t += B[i]; in mbedtls_mpi_core_add()
416 c += (t < B[i]); in mbedtls_mpi_core_add()
417 X[i] = t; in mbedtls_mpi_core_add()
435 c = (t < X[i]); in mbedtls_mpi_core_add_if()
436 t += add; in mbedtls_mpi_core_add_if()
437 c += (t < add); in mbedtls_mpi_core_add_if()
438 X[i] = t; in mbedtls_mpi_core_add_if()
455 X[i] = t - B[i]; in mbedtls_mpi_core_sub()
852 c = (t > s); in mbedtls_mpi_core_sub_int()
[all …]
|
| A D | sha256.c | 380 for (int t = 16; t < 64; t += 16) { in mbedtls_internal_sha256_process_many_a64_crypto() local
383 tmp = vaddq_u32(sched0, vld1q_u32(&K[t])); in mbedtls_internal_sha256_process_many_a64_crypto()
390 tmp = vaddq_u32(sched1, vld1q_u32(&K[t + 4])); in mbedtls_internal_sha256_process_many_a64_crypto()
397 tmp = vaddq_u32(sched2, vld1q_u32(&K[t + 8])); in mbedtls_internal_sha256_process_many_a64_crypto()
404 tmp = vaddq_u32(sched3, vld1q_u32(&K[t + 12])); in mbedtls_internal_sha256_process_many_a64_crypto()
467 #define R(t) \ argument
469 local.W[t] = S1(local.W[(t) - 2]) + local.W[(t) - 7] + \
470 S0(local.W[(t) - 15]) + local.W[(t) - 16] \
|
| A D | aria.c | 326 uint32_t t, u; in aria_rot128() local
332 t = ARIA_P3(b[j]); // big endian in aria_rot128()
336 t <<= n1; // rotate in aria_rot128()
337 t |= u >> n2; in aria_rot128()
338 t = ARIA_P3(t); // back to little endian in aria_rot128()
339 r[i] = a[i] ^ t; // store in aria_rot128()
340 t = u; // move to next word in aria_rot128()
422 uint32_t t = ctx->rk[i][k]; in mbedtls_aria_setkey_dec() local
424 ctx->rk[j][k] = t; in mbedtls_aria_setkey_dec()
|
| A D | ssl_cache.c | 44 mbedtls_time_t t = mbedtls_time(NULL); in ssl_cache_find_entry() local
51 (int) (t - cur->timestamp) > cache->timeout) { in ssl_cache_find_entry()
136 mbedtls_time_t t = mbedtls_time(NULL), oldest = 0; in ssl_cache_pick_writing_slot() local
171 (int) (t - cur->timestamp) > cache->timeout) { in ssl_cache_pick_writing_slot()
239 cur->timestamp = t; in ssl_cache_pick_writing_slot()
|
| A D | bignum.c | 1396 size_t i, n, t, k; in mbedtls_mpi_div_mpi() local
1445 t = Y.n - 1; in mbedtls_mpi_div_mpi()
1449 Z.p[n - t]++; in mbedtls_mpi_div_mpi()
1454 for (i = n; i > t; i--) { in mbedtls_mpi_div_mpi()
1455 if (X.p[i] >= Y.p[t]) { in mbedtls_mpi_div_mpi()
1456 Z.p[i - t - 1] = ~(mbedtls_mpi_uint) 0u; in mbedtls_mpi_div_mpi()
1466 Z.p[i - t - 1]++; in mbedtls_mpi_div_mpi()
1468 Z.p[i - t - 1]--; in mbedtls_mpi_div_mpi()
1471 T1.p[0] = (t < 1) ? 0 : Y.p[t - 1]; in mbedtls_mpi_div_mpi()
1472 T1.p[1] = Y.p[t]; in mbedtls_mpi_div_mpi()
[all …]
|
| A D | x509write_crt.c | 388 const char *t, size_t size) in x509_write_time() argument
396 if (t[0] < '2' || (t[0] == '2' && t[1] == '0' && t[2] < '5')) { in x509_write_time()
398 (const unsigned char *) t + 2, in x509_write_time()
405 (const unsigned char *) t, in x509_write_time()
|
| A D | ssl_cookie.c | 196 unsigned long t; in mbedtls_ssl_cookie_write() local
205 t = (unsigned long) mbedtls_time(NULL); in mbedtls_ssl_cookie_write()
207 t = ctx->serial++; in mbedtls_ssl_cookie_write()
210 MBEDTLS_PUT_UINT32_BE(t, *p, 0); in mbedtls_ssl_cookie_write()
|
| A D | sha512.c | 479 for (unsigned int t = 16; t < 80; t += 16) { in mbedtls_internal_sha512_process_many_a64_crypto() local
482 initial_sum = vaddq_u64(s0, vld1q_u64(&K[t])); in mbedtls_internal_sha512_process_many_a64_crypto()
490 initial_sum = vaddq_u64(s1, vld1q_u64(&K[t + 2])); in mbedtls_internal_sha512_process_many_a64_crypto()
498 initial_sum = vaddq_u64(s2, vld1q_u64(&K[t + 4])); in mbedtls_internal_sha512_process_many_a64_crypto()
506 initial_sum = vaddq_u64(s3, vld1q_u64(&K[t + 6])); in mbedtls_internal_sha512_process_many_a64_crypto()
514 initial_sum = vaddq_u64(s4, vld1q_u64(&K[t + 8])); in mbedtls_internal_sha512_process_many_a64_crypto()
522 initial_sum = vaddq_u64(s5, vld1q_u64(&K[t + 10])); in mbedtls_internal_sha512_process_many_a64_crypto()
530 initial_sum = vaddq_u64(s6, vld1q_u64(&K[t + 12])); in mbedtls_internal_sha512_process_many_a64_crypto()
538 initial_sum = vaddq_u64(s7, vld1q_u64(&K[t + 14])); in mbedtls_internal_sha512_process_many_a64_crypto()
|
| A D | camellia.c | 298 unsigned char t[64]; in mbedtls_camellia_setkey_enc() local
305 memset(t, 0, 64); in mbedtls_camellia_setkey_enc()
316 t[i] = key[i]; in mbedtls_camellia_setkey_enc()
321 t[24 + i] = ~t[16 + i]; in mbedtls_camellia_setkey_enc()
341 KC[i] = MBEDTLS_GET_UINT32_BE(t, i * 4); in mbedtls_camellia_setkey_enc()
|
| A D | bn_mul.h | 103 { mbedtls_mpi_uint t; \
126 : "=m" (t), "=m" (c), "=m" (d), "=m" (s) \
127 : "m" (t), "m" (s), "m" (d), "m" (c), "m" (b) \
204 : "=m" (t), "=m" (c), "=m" (d), "=m" (s) \
205 : "m" (t), "m" (s), "m" (d), "m" (c), "m" (b) \
|
| /mbedtls/tests/suites/ |
| A D | test_suite_constant_time.function | 97 unsigned char l = li, h = hi, t = ti;
105 TEST_CF_SECRET(&t, sizeof(t));
112 TEST_CF_PUBLIC(&t, sizeof(t));
122 int expected = c ? t : f;
123 int expected0 = c ? t : 0;
126 TEST_CF_SECRET(&t, sizeof(t));
133 TEST_CF_PUBLIC(&t, sizeof(t));
145 mbedtls_ct_uint_t expected = c ? t : f;
146 mbedtls_ct_uint_t expected0 = c ? t : 0;
149 TEST_CF_SECRET(&t, sizeof(t));
[all …]
|
| A D | test_suite_ssl_decrypt.function | 78 /* Shorter input buffer. Either the MAC will be wrong, or there isn't
96 * so the exact error doesn't matter, but we don't want a crash. */
100 /* We won't write to buf1[0] since it's out of range, so we can cast
132 * the test framework doesn't support alternation in dependency statements,
275 * maximal length padding is used, this is less relevant but still doesn't
|
| A D | test_suite_psa_crypto_low_hash.function | 53 /* We don't test with a smaller output buffer because this isn't
142 /* We don't test with a smaller output buffer because this isn't
|
| /mbedtls/3rdparty/p256-m/p256-m/ |
| A D | p256-m.c | 222 : [z] "+l" (z), [t] "+l" (t) in u32_muladd64()
225 return ((uint64_t) t << 32) | z; in u32_muladd64()
289 : [z] "l" (z), [t] "l" (t) in u32_muladd64()
306 return (uint64_t) x * y + z + t; in u32_muladd64()
329 acc += t; in u32_muladd64()
734 uint32_t t[8]; in m256_from_bytes() local
852 uint32_t t[8]; in point_to_affine() local
859 m256_mul_p(t, t, z); /* t = z^-3 */ in point_to_affine()
1281 uint32_t t[8]; in ecdsa_m256_mod_n() local
1282 uint32_t c = u256_sub(t, x, p256_n.m); in ecdsa_m256_mod_n()
[all …]
|
| /mbedtls/3rdparty/everest/include/everest/kremlin/internal/ |
| A D | target.h | 69 #define KRML_EABORT(t, msg) \ argument
71 KRML_HOST_EXIT(255), *((t *)KRML_HOST_MALLOC(sizeof(t))))
|
| /mbedtls/3rdparty/everest/library/ |
| A D | Hacl_Curve25519.c | 121 uint128_t t[5U]; in Hacl_Bignum_Fmul_fmul() local
125 t[_i] = (uint128_t)(uint64_t)0U; in Hacl_Bignum_Fmul_fmul()
137 Hacl_Bignum_Fproduct_carry_wide_(t); in Hacl_Bignum_Fmul_fmul()
138 b4 = t[4U]; in Hacl_Bignum_Fmul_fmul()
139 b0 = t[0U]; in Hacl_Bignum_Fmul_fmul()
142 t[4U] = b4_; in Hacl_Bignum_Fmul_fmul()
143 t[0U] = b0_; in Hacl_Bignum_Fmul_fmul()
220 uint128_t t[5U]; in Hacl_Bignum_Fsquare_fsquare_times() local
224 t[_i] = (uint128_t)(uint64_t)0U; in Hacl_Bignum_Fsquare_fsquare_times()
235 uint128_t t[5U]; in Hacl_Bignum_Fsquare_fsquare_times_inplace() local
[all …]
|
| /mbedtls/3rdparty/everest/library/legacy/ |
| A D | Hacl_Curve25519.c | 133 FStar_UInt128_uint128 t[5U]; in Hacl_Bignum_Fmul_fmul() local
148 Hacl_Bignum_Fmul_mul_shift_reduce_(t, tmp, input2); in Hacl_Bignum_Fmul_fmul()
149 Hacl_Bignum_Fproduct_carry_wide_(t); in Hacl_Bignum_Fmul_fmul()
150 b4 = t[4U]; in Hacl_Bignum_Fmul_fmul()
151 b0 = t[0U]; in Hacl_Bignum_Fmul_fmul()
157 t[4U] = b4_; in Hacl_Bignum_Fmul_fmul()
158 t[0U] = b0_; in Hacl_Bignum_Fmul_fmul()
159 Hacl_Bignum_Fproduct_copy_from_wide_(output, t); in Hacl_Bignum_Fmul_fmul()
262 FStar_UInt128_uint128 t[5U]; in Hacl_Bignum_Fsquare_fsquare_times() local
269 Hacl_Bignum_Fsquare_fsquare_times_(output, t, count1); in Hacl_Bignum_Fsquare_fsquare_times()
[all …]
|
| /mbedtls/ |
| A D | SECURITY.md | 36 being implemented. (For example Mbed TLS alone won't guarantee that the
37 messages will arrive without delay, as the TLS protocol doesn't guarantee that
82 Mbed TLS doesn't make any security guarantees against local non-timing-based
91 Mbed TLS doesn't make any security guarantees against local fault injection
101 Mbed TLS doesn't make any security guarantees against physical attacks. If
109 Mbed TLS has evolved organically and a well defined threat model hasn't always
113 The presence of such countermeasures don't mean that Mbed TLS provides
|
| A D | .pylintrc | 14 # We prefer docstrings, but we don't require them on all functions.
28 # Some functions don't need docstrings.
70 # Don't diplay statistics. Just the facts.
|
| /mbedtls/docs/architecture/psa-migration/ |
| A D | md-cipher-dispatch.md | 56 …erfaces under the hood, without breaking code in the cases where this doesn't work. Using PSA inte…
74 …perimental and may change or be removed without notice.” In practice we don't want to remove this,…
76 …gh this wouldn't be considered a backward compatibility break anyway, since we don't promise that …
196 …e `MBEDTLS_MD5_C` for PEM decoding with PBKDF1 but don't want `PSA_ALG_WANT_MD5` because it isn't …
211 …re is not enabled in `mbedtls_config.h` or `psa_config.h` doesn't guarantee that it won't be enabl…
265 * No PSA accelerator. Then just call `mbedtls_sha256`, it's all there is, and it doesn't matter (fr…
314 * The md module has some legacy baggage dating from when it was more open, which we don't care abou…
319 * We can make names and HMAC optional. The mixed-domain hash interface won't be the full `MBEDTLS_M…
326 #### Don't support PK, X.509 and TLS without `MBEDTLS_USE_PSA_CRYPTO`
334 #### Don't support for `MBEDTLS_PSA_CRYPTO_CLIENT` without `MBEDTLS_PSA_CRYPTO_C`
[all …]
|