Temperature sensor graph sort

Change time.h to timelib.h for 32bit to compile

.github/ISSUE_TEMPLATE/bug_report.md

@@ -0,0 +1,38 @@
+---
+name: Bug report
+about: Report a bug
+title: ''
+labels: ''
+assignees: ''
+
+---
+
+**Describe the bug**
+A clear and concise description of what the bug is.
+
+**To Reproduce**
+Steps to reproduce the behavior:
+1. Go to '...'
+2. Click on '....'
+3. Scroll down to '....'
+4. See error
+
+**Expected behavior**
+A clear and concise description of what you expected to happen.
+
+**Screenshots**
+If applicable, add screenshots to help explain your problem.
+
+**Hardware information:**
+ - Meter: [e.g. Aidon]
+ - AMS reader: [e.g. Pow-U, ESP32 etc]
+ - M-bus adapter (if applicable):
+
+**Relevant firmware information:**
+ - Version: [e.g. 1.5.0]
+ - MQTT: [yes/no]
+ - HAN GPIO: [e.g. GPIO5]
+ - Temperature sensors [e.g. 3xDS18B20]
+
+**Additional context**
+Add any other context about the problem here.

.github/ISSUE_TEMPLATE/feature_request.md

@@ -0,0 +1,20 @@
+---
+name: Feature request
+about: Suggest an idea for this project
+title: ''
+labels: ''
+assignees: ''
+
+---
+
+**Is your feature request related to a problem? Please describe.**
+A clear and concise description of what the problem is. Ex. I'm always frustrated when [...]
+
+**Describe the solution you'd like**
+A clear and concise description of what you want to happen.
+
+**Describe alternatives you've considered**
+A clear and concise description of any alternative solutions or features you've considered.
+
+**Additional context**
+Add any other context or screenshots about the feature request here.

.github/ISSUE_TEMPLATE/support.md

@@ -0,0 +1,22 @@
+---
+name: Support
+about: Request support
+title: ''
+labels: ''
+assignees: ''
+
+---
+
+**Describe your problem**
+A clear and concise description of what the problem is.
+
+**Hardware information:**
+ - Meter: [e.g. Aidon]
+ - AMS reader: [e.g. Pow-U, ESP32 etc]
+ - M-bus adapter (if applicable):
+
+**Relevant firmware information:**
+ - Version: [e.g. 1.5.0]
+ - MQTT: [yes/no]
+ - HAN GPIO: [e.g. GPIO5]
+ - Temperature sensors [e.g. 3xDS18B20]

.github/workflows/build.yml

@@ -41,7 +41,7 @@ jobs:
         python -m pip install --upgrade pip
         pip install -U platformio css_html_js_minify
     - name: Configure build targets
-      run: echo "[platformio]\ndefault_envs = hw1esp12e, esp12e, esp32" > platformio-user.ini
+      run: echo "[platformio]\ndefault_envs = esp8266, esp32" > platformio-user.ini
     - name: PlatformIO lib install
       run: pio lib install
     - name: PlatformIO run

.github/workflows/release.yml

@@ -22,7 +22,7 @@ jobs:
     - name: Get release version for code
       env:
         GITHUB_REF: ${{ github.ref }}
-      run: echo ::set-env name=GITHUB_TAG::$(echo ${GITHUB_REF##*/})
+      run: echo "GITHUB_TAG=$(echo ${GITHUB_REF##*/})" >> $GITHUB_ENV
     - name: Cache Python dependencies
       uses: actions/cache@v1
       with:

.gitignore

@@ -12,3 +12,5 @@ platformio-user.ini
 /src/AmsToMqttBridge.ino.cpp
 /test
 /web/test.html
+/sdkconfig
+/.tmp

README.md

@@ -1,33 +1,12 @@
-# AMS <-> MQTT Bridge
-Orignally designed and coded by [@roarfred](https://github.com/roarfred), see the original repo at [roarfred/AmsToMqttBridge](https://github.com/roarfred/AmsToMqttBridge)
+# AMS MQTT Bridge
+This code is designed to decode data from electric smart meters installed in many countries in Europe these days. The data is presented in a graphical web interface and can also send the data to a MQTT broker which makes it suitable for home automation project. Originally it was only designed to work with Norwegian meters, but has since been adapter to read any IEC-62056-7-5 or IEC-62056-21 compliant meters.
 
-This repository contains the code and schematics necessary to build a device to receive and convert data from AMS electrical meters installed in Norway. The code can be used on both ESP8266 and ESP32, both as custom build devices or built from readily available development modules. It reads data from the HAN port of the meter and sends this to a configured MQTT bus.
-
-There is also a web interface available on runtime, showing meter data in real time.
-
-<img src="webui.jpg" width="480">
-
-## Hardware options
-Look in [hardware section](/hardware) for more details about supported hardware
-
-## Release binaries
-
-In the [Release section](https://github.com/gskjold/AmsToMqttBridge/releases) of this repository, you will find precompiled binaries for ESP8266 and ESP32 boards.
+Later development have added Energy usage graph for both day and month, as well as future energy price (Prices only  available for ESP32). The code can run on any ESP8266 or ESP32 hardware which you can read more about in the [WiKi](https://github.com/gskjold/AmsToMqttBridge/wiki). If you don't have the knowledge to set up a ESP device yourself, have a look at the shop at [amsleser.no](https://amsleser.no/).
 
 
-### Flashing binaries with [esptool.py](https://github.com/espressif/esptool)
-
-Linux:
-```esptool.py --port /dev/ttyUSB0 write_flash 0x0 firmware.bin```
-
-Windows:
-```esptool.py --port COM1 write_flash 0x0 firmware.bin```
-
-With ESP32 it is a bit more complicated:
-```esptool.py --chip esp32 --port /dev/ttyUSB0 --baud 460800 --before default_reset --after hard_reset write_flash -z --flash_mode dio --flash_freq 40m --flash_size detect 0x1000 bootloader.bin 0x8000 partitions.bin 0x10000 firmware.bin```
-
-Get the bootloader here: [Arduino ESP32 bootloader](https://github.com/espressif/arduino-esp32/tree/master/tools/sdk/bin) The default bootloader is [bootloader_dio_40m.bin](https://github.com/espressif/arduino-esp32/raw/master/tools/sdk/bin/bootloader_dio_40m.bin)
+<img src="webui.png">
 
+Go to the [WiKi](https://github.com/gskjold/AmsToMqttBridge/wiki) for information on how to get your own device! And find the latest prebuilt firmware file at the [release section](https://github.com/gskjold/AmsToMqttBridge/releases).
 
 ## Building this project with PlatformIO
 To build this project, you need [PlatformIO](https://platformio.org/) installed.
@@ -38,4 +17,4 @@ It is recommended to use Visual Studio Code with the PlatformIO plugin for devel
 
 [PlatformIO vscode plugin](https://platformio.org/install/ide?install=vscode)
 
-Copy the ```platformio-user.ini-example``` to ```platformio-user.ini``` and customize to your preference. The code will adapt to the platform and board set in your profile.
+For development purposes, copy the ```platformio-user.ini-example``` to ```platformio-user.ini``` and customize to your preference. The code will adapt to the platform and board set in your profile.

doc/Aidon_OBIS.txt

@@ -0,0 +1,18 @@
+1.1.0.2.129.255 - List version identifier
+0.0.96.1.0.255 - Meter ID
+0.0.96.1.7.255 - Meter Model
+1.0.1.7.0.255 - Active+ Instantaneous value 
+1.0.2.7.0.255 - Active- Instantaneous value
+1.0.3.7.0.255 - Reactive+ Instantaneous value
+1.0.4.7.0.255 - Reactive- Instantaneous value
+1.0.31.7.0.255 - L1 Current Instantaneous value
+1.0.51.7.0.255 - L2 Current Instantaneous value
+1.0.71.7.0.255 - L3 Current Instantaneous value
+1.0.32.7.0.255 - L1 Voltage Instantaneous value
+1.0.52.7.0.255 - L2 Voltage Instantaneous value
+1.0.72.7.0.255 - L3 Voltage Instantaneous value
+0.0.1.0.0.255 - Current date/time 
+1.0.1.8.0.255 - Active+ Energy
+1.0.2.8.0.255 - Active- Energy
+1.0.3.8.0.255 - Reactive+ Energy
+1.0.4.8.0.255 - Reactive- Energy

doc/Aidon_data.xml

@@ -0,0 +1,119 @@
+<GatewayRequest>
+  <NetworkId Value="231" />
+  <PhysicalDeviceAddress Value="" />
+  <DataNotification>
+    <LongInvokeIdAndPriority Value="40000000" />
+    <DateTime Value="" />
+    <NotificationBody>
+      <DataValue>
+        <Array Qty="0D" >
+          <Structure Qty="02" >
+            <!--1.1.0.2.129.255-->
+            <OctetString Value="0101000281FF" />
+            <String Value="AIDON_V0001" />
+          </Structure>
+          <Structure Qty="02" >
+            <!--0.0.96.1.0.255-->
+            <OctetString Value="0000600100FF" />
+            <String Value="0000000000000000" />
+          </Structure>
+          <Structure Qty="02" >
+            <!--0.0.96.1.7.255-->
+            <OctetString Value="0000600107FF" />
+            <String Value="6534" />
+          </Structure>
+          <Structure Qty="03" >
+            <!--1.0.1.7.0.255-->
+            <OctetString Value="0100010700FF" />
+            <UInt32 Value="00000339" />
+            <Structure Qty="02" >
+              <Int8 Value="00" />
+              <Enum Value="1B" />
+            </Structure>
+          </Structure>
+          <Structure Qty="03" >
+            <!--1.0.2.7.0.255-->
+            <OctetString Value="0100020700FF" />
+            <UInt32 Value="00000000" />
+            <Structure Qty="02" >
+              <Int8 Value="00" />
+              <Enum Value="1B" />
+            </Structure>
+          </Structure>
+          <Structure Qty="03" >
+            <!--1.0.3.7.0.255-->
+            <OctetString Value="0100030700FF" />
+            <UInt32 Value="00000000" />
+            <Structure Qty="02" >
+              <Int8 Value="00" />
+              <Enum Value="1D" />
+            </Structure>
+          </Structure>
+          <Structure Qty="03" >
+            <!--1.0.4.7.0.255-->
+            <OctetString Value="0100040700FF" />
+            <UInt32 Value="00000251" />
+            <Structure Qty="02" >
+              <Int8 Value="00" />
+              <Enum Value="1D" />
+            </Structure>
+          </Structure>
+          <Structure Qty="03" >
+            <!--1.0.31.7.0.255-->
+            <OctetString Value="01001F0700FF" />
+            <Int16 Value="0012" />
+            <Structure Qty="02" >
+              <Int8 Value="FF" />
+              <Enum Value="21" />
+            </Structure>
+          </Structure>
+          <Structure Qty="03" >
+            <!--1.0.51.7.0.255-->
+            <OctetString Value="0100330700FF" />
+            <Int16 Value="0003" />
+            <Structure Qty="02" >
+              <Int8 Value="FF" />
+              <Enum Value="21" />
+            </Structure>
+          </Structure>
+          <Structure Qty="03" >
+            <!--1.0.71.7.0.255-->
+            <OctetString Value="0100470700FF" />
+            <Int16 Value="0016" />
+            <Structure Qty="02" >
+              <Int8 Value="FF" />
+              <Enum Value="21" />
+            </Structure>
+          </Structure>
+          <Structure Qty="03" >
+            <!--1.0.32.7.0.255-->
+            <OctetString Value="0100200700FF" />
+            <UInt16 Value="08FE" />
+            <Structure Qty="02" >
+              <Int8 Value="FF" />
+              <Enum Value="23" />
+            </Structure>
+          </Structure>
+          <Structure Qty="03" >
+            <!--1.0.52.7.0.255-->
+            <OctetString Value="0100340700FF" />
+            <UInt16 Value="08F8" />
+            <Structure Qty="02" >
+              <Int8 Value="FF" />
+              <Enum Value="23" />
+            </Structure>
+          </Structure>
+          <Structure Qty="03" >
+            <!--1.0.72.7.0.255-->
+            <OctetString Value="0100480700FF" />
+            <UInt16 Value="08F7" />
+            <Structure Qty="02" >
+              <Int8 Value="FF" />
+              <Enum Value="23" />
+            </Structure>
+          </Structure>
+        </Array>
+      </DataValue>
+    </NotificationBody>
+  </DataNotification>
+</GatewayRequest>

doc/Kamstrup_encrypted_OBIS.txt

@@ -0,0 +1,32 @@
+1.1.1.8.0.255 - Active+ Energy
+1.1.2.8.0.255 - Active- Energy
+1.1.3.8.0.255 - Reactive+ Energy
+1.1.4.8.0.255 - Reactive- Energy
+1.1.0.0.1.255 - Electricity ID?
+1.1.1.7.0.255 - Active+ Instantaneous value
+1.1.2.7.0.255 - Active- Instantaneous value
+1.1.3.7.0.255 - Reactive+ Instantaneous value
+1.1.4.7.0.255 - Reactive- Instantaneous value
+0.1.1.0.0.255 - Current date/time
+1.1.32.7.0.255 - L1 Voltage Instantaneous value
+1.1.52.7.0.255 - L2 Voltage Instantaneous value
+1.1.72.7.0.255 - L3 Voltage Instantaneous value
+1.1.31.7.0.255 - L1 Current Instantaneous value
+1.1.51.7.0.255 - L2 Current Instantaneous value
+1.1.71.7.0.255 - L3 Current Instantaneous value
+1.1.21.7.0.255 - L1 Active+ Instantaneous value
+1.1.41.7.0.255 - L2 Active+ Instantaneous value
+1.1.61.7.0.255 - L3 Active+ Instantaneous value
+1.1.33.7.0.255 - L1 (cos.phi) (PF) Instantaneous value
+1.1.53.7.0.255 - L2 (cos.phi) (PF) Instantaneous value
+1.1.73.7.0.255 - L3 (cos.phi) (PF) Instantaneous value
+1.1.13.7.0.255 - Avegage (cos.phi) (PF) Inst. value
+1.1.22.7.0.255 - L1 Active- Instantaneous value
+1.1.42.7.0.255 - L2 Active- Instantaneous value
+1.1.62.7.0.255 - L3 Active- Instantaneous value
+1.1.22.8.0.255 - L1 Active- Energy
+1.1.42.8.0.255 - L2 Active- Energy
+1.1.62.8.0.255 - L3 Active- Energy
+1.1.21.8.0.255 - L1 Active+ Energy
+1.1.41.8.0.255 - L2 Active+ Energy
+1.1.61.8.0.255 - L3 Active+ Energy

doc/Kamstrup_encrypted_data.xml

@@ -0,0 +1,112 @@
+<GatewayRequest>
+  <NetworkId Value="231" />
+  <PhysicalDeviceAddress Value="" />
+  <DataNotification>
+    <LongInvokeIdAndPriority Value="40000000" />
+    <DateTime Value="" />
+    <NotificationBody>
+      <DataValue>
+        <Structure Qty="41" >
+          <String Value="Kamstrup_V0001" />
+          <!--1.1.1.8.0.255-->
+          <OctetString Value="0101010800FF" />
+          <UInt32 Value="001194CA" />
+          <!--1.1.2.8.0.255-->
+          <OctetString Value="0101020800FF" />
+          <UInt32 Value="00000000" />
+          <!--1.1.3.8.0.255-->
+          <OctetString Value="0101030800FF" />
+          <UInt32 Value="0000127E" />
+          <!--1.1.4.8.0.255-->
+          <OctetString Value="0101040800FF" />
+          <UInt32 Value="0009550E" />
+          <!--1.1.0.0.1.255-->
+          <OctetString Value="0101000001FF" />
+          <UInt32 Value="0144ADE1" />
+          <!--1.1.1.7.0.255-->
+          <OctetString Value="0101010700FF" />
+          <UInt32 Value="00000531" />
+          <!--1.1.2.7.0.255-->
+          <OctetString Value="0101020700FF" />
+          <UInt32 Value="00000000" />
+          <!--1.1.3.7.0.255-->
+          <OctetString Value="0101030700FF" />
+          <UInt32 Value="00000000" />
+          <!--1.1.4.7.0.255-->
+          <OctetString Value="0101040700FF" />
+          <UInt32 Value="00000054" />
+          <!--0.1.1.0.0.255-->
+          <OctetString Value="0001010000FF" />
+          <!--2020-05-12 10:24:50-->
+          <OctetString Value="07E4050C020A1832FF800080" />
+          <!--1.1.32.7.0.255-->
+          <OctetString Value="0101200700FF" />
+          <UInt16 Value="00E4" />
+          <!--1.1.52.7.0.255-->
+          <OctetString Value="0101340700FF" />
+          <UInt16 Value="00E5" />
+          <!--1.1.72.7.0.255-->
+          <OctetString Value="0101480700FF" />
+          <UInt16 Value="00E3" />
+          <!--1.1.31.7.0.255-->
+          <OctetString Value="01011F0700FF" />
+          <UInt32 Value="0000004B" />
+          <!--1.1.51.7.0.255-->
+          <OctetString Value="0101330700FF" />
+          <UInt32 Value="00000070" />
+          <!--1.1.71.7.0.255-->
+          <OctetString Value="0101470700FF" />
+          <UInt32 Value="000001E4" />
+          <!--1.1.21.7.0.255-->
+          <OctetString Value="0101150700FF" />
+          <UInt32 Value="00000070" />
+          <!--1.1.41.7.0.255-->
+          <OctetString Value="0101290700FF" />
+          <UInt32 Value="000000B5" />
+          <!--1.1.61.7.0.255-->
+          <OctetString Value="01013D0700FF" />
+          <UInt32 Value="0000040C" />
+          <!--1.1.33.7.0.255-->
+          <OctetString Value="0101210700FF" />
+          <UInt16 Value="004D" />
+          <!--1.1.53.7.0.255-->
+          <OctetString Value="0101350700FF" />
+          <UInt16 Value="004E" />
+          <!--1.1.73.7.0.255-->
+          <OctetString Value="0101490700FF" />
+          <UInt16 Value="0062" />
+          <!--1.1.13.7.0.255-->
+          <OctetString Value="01010D0700FF" />
+          <UInt16 Value="0063" />
+          <!--1.1.22.7.0.255-->
+          <OctetString Value="0101160700FF" />
+          <UInt32 Value="00000000" />
+          <!--1.1.42.7.0.255-->
+          <OctetString Value="01012A0700FF" />
+          <UInt32 Value="00000000" />
+          <!--1.1.62.7.0.255-->
+          <OctetString Value="01013E0700FF" />
+          <UInt32 Value="00000000" />
+          <!--1.1.22.8.0.255-->
+          <OctetString Value="0101160800FF" />
+          <UInt32 Value="00000000" />
+          <!--1.1.42.8.0.255-->
+          <OctetString Value="01012A0800FF" />
+          <UInt32 Value="00000000" />
+          <!--1.1.62.8.0.255-->
+          <OctetString Value="01013E0800FF" />
+          <UInt32 Value="00000000" />
+          <!--1.1.21.8.0.255-->
+          <OctetString Value="0101150800FF" />
+          <UInt32 Value="000A8F97" />
+          <!--1.1.41.8.0.255-->
+          <OctetString Value="0101290800FF" />
+          <UInt32 Value="0004C152" />
+          <!--1.1.61.8.0.255-->
+          <OctetString Value="01013D0800FF" />
+          <UInt32 Value="000243DF" />
+        </Structure>
+      </DataValue>
+    </NotificationBody>
+  </DataNotification>
+</GatewayRequest>

frames/Aidon-Sweden.raw

@@ -0,0 +1,30 @@
+7E A2 43 41 08 83 13 85 EB E6 E7 00 0F 40 00 00 00 00 
+01 1B 
+02 02 09 06 00 00 01 00 00 FF 09 0C 07 E5 0C 0A 05 10 39 00 FF 80 00 FF 
+02 03 09 06 01 00 01 07 00 FF 06 00 00 07 E5 02 02 0F 00 16 1B 
+02 03 09 06 01 00 02 07 00 FF 06 00 00 00 00 02 02 0F 00 16 1B 
+02 03 09 06 01 00 03 07 00 FF 06 00 00 00 00 02 02 0F 00 16 1D 
+02 03 09 06 01 00 04 07 00 FF 06 00 00 02 48 02 02 0F 00 16 1D 
+02 03 09 06 01 00 1F 07 00 FF 10 00 09 02 02 0F FF 16 21 
+02 03 09 06 01 00 33 07 00 FF 10 00 25 02 02 0F FF 16 21 
+02 03 09 06 01 00 47 07 00 FF 10 00 2E 02 02 0F FF 16 21 
+02 03 09 06 01 00 20 07 00 FF 12 08 E3 02 02 0F FF 16 23 
+02 03 09 06 01 00 34 07 00 FF 12 08 D8 02 02 0F FF 16 23 
+02 03 09 06 01 00 48 07 00 FF 12 08 DF 02 02 0F FF 16 23 
+02 03 09 06 01 00 15 07 00 FF 06 00 00 00 D5 02 02 0F 00 16 1B 
+02 03 09 06 01 00 16 07 00 FF 06 00 00 00 00 02 02 0F 00 16 1B 
+02 03 09 06 01 00 17 07 00 FF 06 00 00 00 00 02 02 0F 00 16 1D 
+02 03 09 06 01 00 18 07 00 FF 06 00 00 00 36 02 02 0F 00 16 1D 
+02 03 09 06 01 00 29 07 00 FF 06 00 00 03 0C 02 02 0F 00 16 1B 
+02 03 09 06 01 00 2A 07 00 FF 06 00 00 00 00 02 02 0F 00 16 1B 
+02 03 09 06 01 00 2B 07 00 FF 06 00 00 01 21 02 02 0F 00 16 1D 
+02 03 09 06 01 00 2C 07 00 FF 06 00 00 00 00 02 02 0F 00 16 1D 
+02 03 09 06 01 00 3D 07 00 FF 06 00 00 03 F9 02 02 0F 00 16 1B 
+02 03 09 06 01 00 3E 07 00 FF 06 00 00 00 00 02 02 0F 00 16 1B 
+02 03 09 06 01 00 3F 07 00 FF 06 00 00 00 00 02 02 0F 00 16 1D 
+02 03 09 06 01 00 40 07 00 FF 06 00 00 00 E9 02 02 0F 00 16 1D 
+02 03 09 06 01 00 01 08 00 FF 06 03 C2 5A 64 02 02 0F 00 16 1E 
+02 03 09 06 01 00 02 08 00 FF 06 00 00 00 00 02 02 0F 00 16 1E 
+02 03 09 06 01 00 03 08 00 FF 06 00 04 5D 06 02 02 0F 00 16 20 
+02 03 09 06 01 00 04 08 00 FF 06 00 B4 9D 89 02 02 0F 00 16 20 
+1C 90 7E

frames/Aidon-TN-3p.raw

@@ -0,0 +1,31 @@
+ T FF FF DA SA SA  C HC HC LD LS LQ AT AI AI AI AI AD
+7E A0 2A 41 08 83 13 04 13 E6 E7 00 0F 40 00 00 00 00 01 01 02 03 09 06 01 00 01 07 00 FF 06 00 00 08 64 02 02 0F 00 16 1B E1
+7E A1 1E 41 08 83 13 EE EE E6 E7 00 0F 40 00 00 00 00 01 0D 02 02 09 06 01 01 00 02 81 FF 0A 0B 41 49 44 4F 4E 5F 56 30 30 30 31 02 02 09 06 00 00 60 01 00 FF 0A 10 37 33 35 39 39 39 32 38 39 30 34 39 37 39 39 37 02 02 09 06 00 00 60 01 07 FF 0A 04 36 35 33 34 02 03 09 06 01 00 01 07 00 FF 06 00 00 08 6C 02 02 0F 00 16 1B 02 03 09 06 01 00 02 07 00 FF 06 00 00 00 00 02 02 0F 00 16 1B 02 03 09 06 01 00 03 07 00 FF 06 00 00 00 00 02 02 0F 00 16 1D 02 03 09 06 01 00 04 07 00 FF 06 00 00 02 09 02 02 0F 00 16 1D 02 03 09 06 01 00 1F 07 00 FF 10 00 41 02 02 0F FF 16 21 02 03 09 06 01 00 33 07 00 FF 10 00 13 02 02 0F FF 16 21 02 03 09 06 01 00 47 07 00 FF 10 00 0E 02 02 0F FF 16 21 02 03 09 06 01 00 20 07 00 FF 12 08 F2 02 02 0F FF 16 23 02 03 09 06 01 00 34 07 00 FF 12 08 D1 02 02 0F FF 16 23 02 03 09 06 01 00 48 07 00 FF 12 08 E8 02 02 0F FF 16 23 8B
+7E A1 8A 41 08 83 13 EB FD E6 E7 00 0F 40 00 00 00 00 01 12 02 02 09 06 01 01 00 02 81 FF 0A 0B 41 49 44 4F 4E 5F 56 30 30 30 31 02 02 09 06 00 00 60 01 00 FF 0A 10 37 33 35 39 39 39 32 38 39 30 34 39 37 39 39 37 02 02 09 06 00 00 60 01 07 FF 0A 04 36 35 33 34 02 03 09 06 01 00 01 07 00 FF 06 00 00 03 9A 02 02 0F 00 16 1B 02 03 09 06 01 00 02 07 00 FF 06 00 00 00 00 02 02 0F 00 16 1B 02 03 09 06 01 00 03 07 00 FF 06 00 00 00 00 02 02 0F 00 16 1D 02 03 09 06 01 00 04 07 00 FF 06 00 00 02 0E 02 02 0F 00 16 1D 02 03 09 06 01 00 1F 07 00 FF 10 00 11 02 02 0F FF 16 21 02 03 09 06 01 00 33 07 00 FF 10 00 10 02 02 0F FF 16 21 02 03 09 06 01 00 47 07 00 FF 10 00 0E 02 02 0F FF 16 21 02 03 09 06 01 00 20 07 00 FF 12 08 F4 02 02 0F FF 16 23 02 03 09 06 01 00 34 07 00 FF 12 08 CD 02 02 0F FF 16 23 02 03 09 06 01 00 48 07 00 FF 12 08 DC 02 02 0F FF 16 23 02 02 09 06 00 00 01 00 00 FF 09 0C 07 E5 03 18 03 08 00 00 FF 00 00 00 02 03 09 06 01 00 01 08 00 FF 06 00 47 F0 34 02 02 0F 01 16 1E 02 03 09 06 01 00 02 08 00 FF 06 00 00 00 00 02 02 0F 01 16 1E 02 03 09 06 01 00 03 08 00 FF 06 00 00 21 9E 02 02 0F 01 16 20 02 03 09 06 01 00 04 08 00 FF 06 00 08 E0 21 02 02 0F 01 16 20 57
+
+7E A1 8A 41 08 83 13 EB FD E6 E7 00 0F 40 00 00 00 00 
+01 12 
+02 02 09 06 01 01 00 02 81 FF 0A 0B 41 49 44 4F 4E 5F 56 30 30 30 31 
+02 02 09 06 00 00 60 01 00 FF 0A 10 37 33 35 39 39 39 32 38 39 30 34 39 37 39 39 37 
+02 02 09 06 00 00 60 01 07 FF 0A 04 36 35 33 34 
+02 03 09 06 01 00 01 07 00 FF 06 00 00 09 6D 02 02 0F 00 16 1B 
+02 03 09 06 01 00 02 07 00 FF 06 00 00 00 00 02 02 0F 00 16 1B 
+02 03 09 06 01 00 03 07 00 FF 06 00 00 00 00 02 02 0F 00 16 1D 
+02 03 09 06 01 00 04 07 00 FF 06 00 00 02 5B 02 02 0F 00 16 1D
+
+Object with three values      Value    Object with two values
+|     Obis code               |        |     Scaling
+|     |                       |        |     |     Unit
+02 03 09 06 01 00 1F 07 00 FF 10 00 11 02 02 0F FF 16 21 
+02 03 09 06 01 00 33 07 00 FF 10 00 03 02 02 0F FF 16 21 
+02 03 09 06 01 00 47 07 00 FF 10 00 5A 02 02 0F FF 16 21 
+02 03 09 06 01 00 20 07 00 FF 12 09 04 02 02 0F FF 16 23 
+02 03 09 06 01 00 34 07 00 FF 12 09 02 02 02 0F FF 16 23 
+02 03 09 06 01 00 48 07 00 FF 12 08 EC 02 02 0F FF 16 23 
+02 02 09 06 00 00 01 00 00 FF 09 0C 07 E5 0A 1F 00 14 00 00 FF 00 00 00 
+02 03 09 06 01 00 01 08 00 FF 06 00 56 9F 52 02 02 0F 01 16 1E 
+02 03 09 06 01 00 02 08 00 FF 06 00 00 00 00 02 02 0F 01 16 1E 
+02 03 09 06 01 00 03 08 00 FF 06 00 00 22 D0 02 02 0F 01 16 20 
+02 03 09 06 01 00 04 08 00 FF 06 00 0A F5 EC 02 02 0F 01 16 20 
+51 D7 
+7E 

frames/Kaifa-TN-3p.raw

@@ -0,0 +1,34 @@
+T  FF FF DA SA SA C  HC HC LD LS LQ AT AI AI AI AI AD
+7E A0 27 01 02 01 10 5A 87 E6 E7 00 0F 40 00 00 00 09 0C 07 E5 03 17 02 13 1A 3A FF 80 00 00 
+02 01 // Frame type and size
+06 00 00 0B F3 // Active power
+5B 05 7E // CRC and end tag
+
+T  FF FF DA SA SA C  HC HC LD LS LQ AT AI AI AI AI AD
+7E A0 78 01 02 01 10 C4 98 E6 E7 00 0F 40 00 00 00 09 0C 07 E5 03 17 02 13 1B 00 FF 80 00 00 
+02 0D // Frame type and size
+09 07 4B 46 4D 5F 30 30 31 // List version
+09 10 XX XX XX XX XX XX XX XX XX XX 35 33 34 34 39 33 // Meter ID
+09 07 4D 41 33 30 34 48 34 // Meter type
+06 00 00 0C 21 // Active import
+06 00 00 00 00 // Active export
+06 00 00 00 00 // Reactive import
+06 00 00 01 9F // Reactive export
+06 00 00 0B F3 // I1
+06 00 00 05 0B // I2
+06 00 00 25 11 // I3
+06 00 00 09 44 // U1
+06 00 00 09 49 // U2
+06 00 00 09 39 // U3
+C9 95 7E // CRC and end tag
+
+
+7E A0 9A 01 02 01 10 AA A5 E6 E7 00 0F 40 00 00 00 09 0C 07 E5 03 17 02 13 00 0A FF 80 00 00 
+02 12 09 07 4B 46 4D 5F 30 30 31 
+09 10 XX XX XX XX XX XX XX XX XX XX 35 33 34 34 39 33 
+09 07 4D 41 33 30 34 48 34 
+06 00 00 09 99 
+06 00 00 00 00 06 00 00 00 00 06 00 00 01 67 06 00 00 03 BF 06 00 00 05 05 
+06 00 00 24 34 06 00 00 09 45 06 00 00 09 4F 06 00 00 09 3B 
+09 0C 07 E5 03 17 02 13 00 0A FF 80 00 00 06 01 34 3B 5D 06 00 00 00 00 06 00 00 09 36 06 00 3C 7A 98 DA 15 7E
+7E A0 79 01 02 01 10 80 93 E6 E7 00 0F 40 00 00 00 09 0C 07 E1 09 0E 04 15 1F 14 FF 80 00 00 02 0D 09 07 4B 46 4D 5F 30 30 31 09 10 36 39 37 30 36 33 31 34 30 31 37 35 33 39 38 35 09 08 4D 41 33 30 34 48 33 45 06 00 00 04 0C 06 00 00 00 00 06 00 00 00 00 06 00 00 00 4E 06 00 00 07 C1 06 00 00 0C 9E 06 00 00 0D 7E 06 00 00 09 5F 06 00 00 00 00 06 00 00 09 66 87 96 7E 

frames/Kamstup-Encrypted.raw

@@ -0,0 +1,51 @@
+# After decode:
+7E 
+A1 E9 // Frame type and size
+41 03 13 C6 37 E6 E7 00 
+DB // Encrypted
+08 4B 41 4D 45 01 AC 4D 6E // System title
+82 // Prefix for 2-byte length
+01 D0 // Length
+30 // Security tag 0011 0000, 0=Compression off, 0=Unicast, 1=Encryption, 0=Authentication, 0000= Security Suite ID
+00 00 A3 2F // Frame counter
+
+// Decrypted frame below
+0F 00 00 00 00 
+0C 07 E4 05 0C 02 0A 19 00 FF 80 00 80 // Package timestamp
+
+02 41
+0A 0E 4B 61 6D 73 74 72 75 70 5F 56 30 30 30 31 - List ID
+09 06 01 01 01 08 00 FF   06 00 11 94 CA - Active+ Energy
+09 06 01 01 02 08 00 FF   06 00 00 00 00 - Active- Energy
+09 06 01 01 03 08 00 FF   06 00 00 12 7E - Reactive+ Energy
+09 06 01 01 04 08 00 FF   06 00 09 55 0E - Reactive- Energy
+09 06 01 01 00 00 01 FF   06 01 44 AD E1 - Electricity ID?
+09 06 01 01 01 07 00 FF   06 00 00 05 CC - Active+ Instantaneous value
+09 06 01 01 02 07 00 FF   06 00 00 00 00 - Active- Instantaneous value
+09 06 01 01 03 07 00 FF   06 00 00 00 00 - Reactive+ Instantaneous value
+09 06 01 01 04 07 00 FF   06 00 00 00 17 - Reactive- Instantaneous value
+09 06 00 01 01 00 00 FF   09 0C 07 E4 05 0C 02 0A 19 00 FF 80 00 80 - Current date/time
+09 06 01 01 20 07 00 FF   12 00 E5 - L1 Voltage Instantaneous value
+09 06 01 01 34 07 00 FF   12 00 E5 - L2 Voltage Instantaneous value
+09 06 01 01 48 07 00 FF   12 00 E3 - L3 Voltage Instantaneous value
+09 06 01 01 1F 07 00 FF   06 00 00 00 4B - L1 Current Instantaneous value
+09 06 01 01 33 07 00 FF   06 00 00 00 AA - L2 Current Instantaneous value
+09 06 01 01 47 07 00 FF   06 00 00 01 E4 - L3 Current Instantaneous value
+09 06 01 01 15 07 00 FF   06 00 00 00 71 - L1 Active+ Instantaneous value
+09 06 01 01 29 07 00 FF   06 00 00 01 54 - L2 Active+ Instantaneous value
+09 06 01 01 3D 07 00 FF   06 00 00 04 07 - L3 Active+ Instantaneous value
+09 06 01 01 21 07 00 FF   12 00 4D - L1 (cos.phi) (PF) Instantaneous value
+09 06 01 01 35 07 00 FF   12 00 5F - L2 (cos.phi) (PF) Instantaneous value
+09 06 01 01 49 07 00 FF   12 00 62 - L3 (cos.phi) (PF) Instantaneous value
+09 06 01 01 0D 07 00 FF   12 00 63 - Avegage (cos.phi) (PF) Inst. value
+09 06 01 01 16 07 00 FF   06 00 00 00 00 - L1 Active- Instantaneous value
+09 06 01 01 2A 07 00 FF   06 00 00 00 00 - L2 Active- Instantaneous value
+09 06 01 01 3E 07 00 FF   06 00 00 00 00 - L3 Active- Instantaneous value
+09 06 01 01 16 08 00 FF   06 00 00 00 00 - L1 Active- Energy
+09 06 01 01 2A 08 00 FF   06 00 00 00 00 - L2 Active- Energy
+09 06 01 01 3E 08 00 FF   06 00 00 00 00 - L3 Active- Energy
+09 06 01 01 15 08 00 FF   06 00 0A 8F 97 - L1 Active+ Energy
+09 06 01 01 29 08 00 FF   06 00 04 C1 53 - L2 Active+ Energy
+09 06 01 01 3D 08 00 FF   06 00 02 43 E0 - L3 Active+ Energy
+
+5B C3 CD 5E 79 18 18 DA 9F 97 85 FF 5A 84 7E 

frames/Kamstup-TN-3p.raw

@@ -0,0 +1,18 @@
+7E A0 E2 2B 21 13 23 9A E6 E7 00 0F 00 00 00 00 
+0C 07 E5 0B 11 03 0B 32 00 FF 80 00 00 
+
+02 19 
+0A 0E 4B 61 6D 73 74 72 75 70 5F 56 30 30 30 31 - List ID
+09 06 01 01 00 00 05 FF   0A 10 XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX - Meter ID
+09 06 01 01 60 01 01 FF   0A 12 36 38 34 31 31 33 31 42 4E 32 34 33 31 30 31 30 34 30 - Meter model
+09 06 01 01 01 07 00 FF   06 00 00 05 E6 - Active+
+09 06 01 01 02 07 00 FF   06 00 00 00 00 - Active-
+09 06 01 01 03 07 00 FF   06 00 00 00 00 - Reactive+
+09 06 01 01 04 07 00 FF   06 00 00 01 92 - Reactive-
+09 06 01 01 1F 07 00 FF   06 00 00 00 A1 - L1 current
+09 06 01 01 33 07 00 FF   06 00 00 00 C1 - L2 current
+09 06 01 01 47 07 00 FF   06 00 00 01 8E - L3 current
+09 06 01 01 20 07 00 FF   12 00 EB - L1 voltage
+09 06 01 01 34 07 00 FF   12 00 EC - L2 voltage
+09 06 01 01 48 07 00 FF   12 00 EC - L3 voltage
+EF 5F 7E

frames/austria.raw

@@ -0,0 +1,104 @@
+// HDLC header
+68 
+01 01 // Format (0x00) and total length (257)
+
+68 // Start
+53 // Control field
+FF // Address (Broadcast address)
+
+// LLC 
+00 // Control information field
+01 // Source SAP
+67 // Destination SAP
+
+DB // Encrypted
+08 53 41 47 59 05 E6 D9 FD // System title
+81 // Prefix for 1-byte length
+F8 // Length (248), starting from 0xDB and including end byte
+20 // Security tag 0010 0000, 0=Compression off, 0=Unicast, 1=Encryption, 0=No auth, 0000= Security Suite ID
+00 72 00 76 // Frame counter
+
+
+Some complete frames
+
+68 01 01 68 53 FF 00 01 67 DB 08 53 41 47 59 05 E6 D9 FD 81 F8 20 00 69 D1 4F D7 32 A2 4E 08 32 D8 38 62 C0
+91 7E 0F C3 BF 47 83 9A 1C 8F 81 D8 BC DB 8D C8 06 D6 8C B3 F2 7A 64 FF F5 AE F8 74 31 7F F0 D8 D8 30 57 57
+D7 23 C1 5A 50 23 A2 56 C5 4E 1B A3 C1 FC 75 65 75 31 4F EF D3 71 C3 E9 B4 1E CD 61 3E BF A7 27 26 A7 48 B4
+64 E3 75 B5 4A A3 57 B1 C1 8C E2 25 8F D9 14 C6 6F 9B 6B EE EF 7E 0B 3E 1C 7E 53 7F D4 A6 9D 5F 3E 5E 0B 4A
+61 BA 45 8F A4 0E D5 2D 88 F3 51 76 1D 90 78 8E 0F 29 43 D4 DF 9E 05 88 26 1F C9 4A 1D F2 C2 95 84 57 A8 95
+19 EF 45 7B E8 17 CE 59 B1 78 1D 0D 82 E4 58 3F 1A 76 D2 01 CF 65 75 3C 53 97 78 C0 8A 8A 31 94 E5 15 01 81
+EB 58 E6 95 34 3D C9 46 AF FC 57 EE 5A 6D 5E 6F 6A 21 15 D1 6B 7D 4F E2 A1 83 C4 3A 81 CA 1E C9 D0 73 84 E1
+60 E5 0E 80 BC D5 58 2D B9 1A 16
+
+// 19b
+68 0D 0D 68 53 FF 11 01 67 CD 6B CB 69 13 53 FF 98 34 16 
+
+// 263b
+68 01 01 68 53 FF 00 01 67 DB 08 53 41 47 59 05 
+E6 D9 FD 81 F8 20 00 69 D1 50 55 28 2C E9 97 46 
+82 61 19 3E 23 78 8A E6 E2 42 D1 D6 44 BA 2C 3C 
+55 0E 59 47 02 DC 8D D4 10 91 67 6B 76 9B F0 2F 
+42 BF D9 D2 FE A2 B3 AA 11 B1 BF 7B 8B B3 36 FE 
+7E B0 22 D7 60 10 48 1B 77 AA C2 DC 99 8D C2 C4 
+5D 78 83 53 92 E8 66 44 CC 32 43 A9 E8 22 B2 0E 
+DF D8 39 B3 21 5B E6 A8 F1 83 5E 85 5A A3 5D 2B 
+92 ED 59 D7 24 2C CC 26 AB A6 0A FE 78 B0 E9 D3 
+7C 6D B8 32 0F 36 C0 A0 9B A2 56 73 08 56 EE 9B 
+AD 7C CC F3 6B EC 13 63 55 2A 28 0E 7A 9B D9 2A 
+62 08 D5 9C AD E8 43 6D 7A CA 8B DD BF DB 3F E1 
+88 3F 9D B9 7C 19 D3 68 8C 57 AB 82 46 4B 75 B8 
+F3 9E 2C 22 06 2A 93 78 56 56 76 51 65 11 C7 12 
+78 AB F2 97 97 51 2A 16 70 56 30 C9 12 00 08 BC 
+80 55 6E 44 51 A1 93 CD CF BA 9A DA CA 48 19 74 
+E4 70 1E AD 63 99 16 
+
+68 0D 0D 68 53 FF 11 01 67 21 2B 32 52 74 00 40 41 90 16 
+
+68 01 01 68 53 FF 00 01 67 DB 08 53
+41 47 59 05 E6 D9 FD 81 F8 20 00 69 D1 51 A8 0C 89 6B 68 23 FE 94 57 3B AB 39 56 9F 26 E5 D9 A7 10 1C F3 E4
+0E 2E C6 8D 3F 0A FE 8B 54 ED AC AE 84 36 86 72 B6 AA 0D B3 94 88 C0 37 4C 75 09 53 6E 3F 44 E1 A9 28 F8 28
+7A D4 E0 65 0A FA 46 A9 08 A6 3A EE C6 20 B5 7C E8 F8 C1 92 40 84 54 2E F4 99 A9 04 86 42 9E 2F E3 D5 28 92
+99 80 EE 10 A4 96 7F BC 72 63 33 32 4E 1C FF 71 1C 4B 66 CE 48 9B 46 FF A5 36 F2 E6 FE 84 E8 38 56 65 2E 59
+79 4B 2A A1 84 B4 63 53 25 EA 02 F1 9B 50 A2 CA FB DE 22 BB E8 24 A5 70 52 F4 64 F5 93 D7 16 9D A1 90 6C F3
+04 C6 26 95 6E 60 3E C6 4A F6 BA BB AC 01 FE 23 74 26 3F 7E F1 05 BD 76 2A 7C 34 FA FC EF 1F 40 46 6E F1 6F
+DA 36 75 00 E6 1A BF C2 B5 7F 34 D7 37 4C A0 6C CC A7 33 EF 9C 4A B0 E7 50 67 0A FB 85 18 25 31 67 DD 16 
+
+68 0D 0D 68 53 FF 11 01 67 CD 91 DA 34 7A CE 84 AD B0 16 
+
+68 01 01 68 53 FF 00 01 67 DB 08 53 41 47 59 05 E6 D9
+FD 81 F8 20 00 69 D1 52 7F 86 D1 DD 40 FD F7 2C 67 32 4F 5D 69 56 B0 8F FB 04 A9 E6 03 C6 A7 6B 7F 86 E7 BF
+2D E6 44 09 42 BF C8 B3 92 D1 EB CA EF B2 78 56 14 F9 32 6B 8F A4 8E 44 DB 86 B8 D1 83 82 67 BC DF 3D 85 DE
+42 9F FA 88 69 F4 06 C8 CB 4C A8 FF E6 7A 44 D3 29 97 90 CA 1B 22 F7 D8 8D 6E F7 69 34 1C 7F 6A B6 AA 95 96
+D0 48 95 02 0E 76 C0 BE 31 94 A1 72 66 30 E2 72 D9 82 30 1E 9A 81 DC 23 D7 AA 10 E5 91 19 AA 5B 97 F4 51 21
+17 97 E6 2E 25 D2 7C 8D E0 D8 10 19 ED B6 2A B7 29 EA 4B B1 35 F9 89 65 1A 4D 45 BE C5 3F E9 86 24 14 A3 5B
+20 AD 9F 20 A5 57 9F DE 82 AD 58 4D 65 35 4D 4E 74 D2 0F EA DE 26 4F 48 AB 3D E0 91 0D 9C 1D E6 C8 2B 4F C2
+3B 53 21 2A 26 82 B2 7D 9F 93 83 91 9F 4C 0B 47 3A 48 60 7B A3 12 6D 0B 9A 40 77 88 16 
+
+68 0D 0D 68 53 FF 11 01 67 C7 91 CB B9 7B 23 AC 8D 7E 16 
+
+68 01 01 68 53 FF 00 01 67 DB 08 53 41 47 59 05 E6 D9 FD 81 F8 20 00 69
+D1 53 4F 0C 66 DD DE 97 31 C0 8B E5 2B CE C3 99 51 17 DE FE AB 9E 2F 1B 76 06 71 8D 2E 9D BF 54 6E E5 B3 7B
+CE 05 34 58 22 6D 53 8F 95 6A 0A 6F EA 88 87 18 CD 29 B4 B1 99 8E 03 05 EB 1B 61 9B 36 09 99 E9 42 D4 D5 BC
+E7 57 11 1E 95 FE 9B 76 CF C2 1A 52 EE 70 2B 1F 6A 52 CA 90 85 FF AB D1 F0 E5 20 90 82 3E 5E 2E 25 60 D0 FB
+74 A1 7C A2 01 C2 AC 40 4A C6 0F 82 8C 0C CE 18 B8 18 1D EF 94 CC 54 16 D8 64 1F 60 B3 34 B8 0E 0C 10 56 11
+89 D6 1E 26 91 1F 85 C4 BE 55 69 96 DA D0 D6 9E 69 4A 8F 10 BF 37 97 68 55 3E 92 B1 F1 76 21 BF 34 03 54 DB
+F1 2C 23 9F B7 79 02 E8 37 DD AF 15 79 70 C4 95 C9 28 90 4E 6F BC FA 52 E7 FE 27 B5 F3 6E C4 C3 C1 37 CF C9
+7C E8 B1 10 7F 6B 4D 49 88 CD 2B 60 22 51 D7 5C 5F E6 AA 0B E1 2B 16 
+
+68 0D 0D 68 53 FF 11 01 67 C5 B1 63 A0 24 39 F5 57 ED 16 
+
+
+
+68 01 01 68 53 FF 00 01 67 DB 08 53 41 47 59 05 E6 D9 FD 81 F8 20 00 69 D1 54 5B D2 4F 76
+37 23 43 D5 D1 C1 02 A8 E8 91 41 6D 6C F7 E5 10 1E D5 6A 1B 73 8C 54 B1 87 32 FB 85 A6 F1 80 CE 40 B9 48 5F
+54 7F 1F 6A 18 F2 54 9E ED D9 18 33 DC 52 E2 14 E1 BF 65 FE 7B 58 9B 37 89 93 8D 98 AF 63 FB 90 FA A1 02 8B
+80 32 BF 7D 9D 61 42 56 F0 2E 7A D1 1B B0 88 09 DC 21 F6 6E 0E 5D D3 D9 B8 66 69 96 2D 60 CC 55 2C F1 E3 A1
+5B 30 56 AB 57 FE 5D 6A 4F E4 40 CF A1 64 22 C7 4E 60 DD DA 8E 08 17 2F 49 F2 C8 0D F5 A0 ED 06 27 E0 A5 F9
+1C B2 7A 97 5E 59 0A CC C8 A9 25 AB 1F 6A B4 AD DE 8B FF AF 9A 4F 7F 44 D3 00 18 34 57 E3 15 A2 DB 4E D0 2A
+20 54 61 60 47 50 B9 6C 8E D0 D4 7C 27 36 0C 89 0B 82 DD 14 2D BE A1 9C D9 DF 31 F9 BF 46 A4 14 26 4D 86 04
+28 54 44 F3 49 9C 12 CF 02 15 F9 4D B7 AB 4A B2 16 68 0D 0D 68 53 FF 11 01 67 70 74 A7 30 84 47 41 BE 50 16
+68 01 01 68 53 FF 00 01 67 DB 08 53 41 47 59 05 E6 D9 FD 81 F8 20 00 69 D1 55 59 04 1D D6 A4 96 28 33 5D A5
+A5 8F 22 2F 26 3C 77 F2 94 3C D7 ED 65 24 AA 5D 96 5E 95 71 E3 1C 99 83 40 31 A1 3F 2E BD 1F 32 A7 CE 5F 32
+59 05 55 AC C9 C0 9D 2A 59 AF 09 3A 81 61 BC DB 4D 60 CF 8D 65 BF 6E 06 E5 73 59 FE 1D 1C D3 1C 08 EC 5C 8E
+57 AA 3E E6 06 6D 71 45 CE AB DC 5C 25 AC 15 09 BC A2 BD E8 12 C2 92 C9 9E D1 38 A4 02 59 38 98 38 63 3B 45
+B4 1A 20 4D 34 05 74 46 50 BE A5 87 D1 7A 5F 98 91 9A DA E9 FA 1E AA 72 10 58 3C 0A 5D 46 81 4E 57 B2 98 DF

frames/decoding.txt

@@ -0,0 +1,32 @@
+T  = Tag
+FF = Frame format (4 bit type, 1 bit segmentation, 11 bit frame length)
+DA = Destination Address (1-4 bytes, LSB=1 terminates)
+SA = Source address (1-4 bytes, LSB=1 terminates)
+C  = Control (1 byte)
+HC = HCS (2 bytes)
+
+LD = LLC Destination
+LS = LLC Remote
+LQ = LLC Quality
+
+AT = Tag (0x0F = unencrypted, 0xDB = encrypted) Not really documented that well...
+AI = Invoke ID and priority (4 bytes)
+AD = Date and time
+AS = System title
+CT = Cipher frame tag ? Undocumented
+CL = Lenght of Cipher frame. Length of payload will be this number - 5 (control and counter in start) - 12 (GCM tag appended after payload)
+CC = Security control
+CO = Invocation counter
+
+Security control bits
+01234567
+00110000 (0x30)
+0 = read acces
+1 = write access
+2 = Authenticated req
+3 = Encrypted req
+4 = Digitally signed req
+5 = Authenticated res
+6 = Encrypted res
+7 = Digitally signed res
+

hardware/README.md

@@ -1,45 +1 @@
-# Hardware options
-
-There are currently two possible hardware options for this project, both in need of external power supply. A self powered board is under development by a member of the community and is currently being tested. 
-
-## Hardware v1 by [@roarfred](https://github.com/roarfred)
-Composed from a ESP12E (or F) chip, this ESP8266 based board is designed specifically for this project with an on board M-bus chip.
-
-Building this project will require some skills in ordering and assembling electronic circuits as well as programming. No detailed instructions are available.
-
-![The HAN Reader Hardware](v1/img/HanReaderInEnclosure.PNG)
-
-*The completed board mounted in a [3D printed enclosure](/Enclosure)*
-
-## HAN reader 2.0 by [@dakarym](https://github.com/dakarym)
-A board that does not require external power source. This have only been successfully tested on Aidon as far as I know. It draws too much power for Kamstrup, but it may work with Kaifa. The design is almost 
-completely built with SMD components, so advanced soldering skills are required to make this one.
-
-[View his design here](https://github.com/dakarym/AmsToMqttBridge/tree/master/PCB)
-
-## Assembly of readily available modules
-You can also use a ESP based development board and combine this with a M-Bus module. Here are a few boards that have been tested, each one has a dedicated firmware file in the releases section. 
-
-### ESP8266 based boards
-
-[Wemos D1 mini](https://docs.wemos.cc/en/latest/d1/d1_mini.html)
-- M-Bus connected to GPIO5 (D1)
-- Jump GPIO4 (D2) to GND to force AP mode during boot
-- Dallas temp sensor connected to GPIO14 (D5)
-
-### ESP32 based boards
-
-[Wemos Lolin D32](https://docs.wemos.cc/en/latest/d32/d32.html) 
-- M-Bus connected to GPIO16
-- Jump GPIO4 to GND to force AP mode during boot
-- Dallas temp sensor connected to GPIO14
-
-[Adafruit HUZZAH32](https://www.adafruit.com/product/3405) 
-- M-Bus connected to GPIO16
-
-
-Combine one of above board with an M-Bus module. Connect 3.3v and GND together between the boards and connect the TX pin from the M-Bus board to the dedicated M-Bus pin on the ESP board.
-
-[TSS721 M-BUS module board](https://www.aliexpress.com/item/TSS721/32751482255.html)
-
-![FeatherMbus](img/feather_3010-00_mbus_slave.jpg)
+[See Hardware page in Wiki](https://github.com/gskjold/AmsToMqttBridge/wiki)

lib/HanReader/examples/Kamstrup/mqtt/KamstrupMqtt.ino

@@ -1,197 +0,0 @@
-/*
-* Simple sketch to simulate reading data from a Kamstrup
-* AMS Meter.
-*
-* Created 24. October 2017 by Roar Fredriksen
-* Modified 06. November 2017 by Ruben Andreassen
-*/
-
-#include <ESP8266WiFi.h>
-#include <PubSubClient.h>
-#include <ArduinoJson.h>
-
-#include <HanReader.h>
-#include <Kamstrup.h>
-
-// The HAN Port reader
-HanReader hanReader;
-
-// WiFi and MQTT endpoints
-const char* ssid     = "ssid";
-const char* password = "password";
-const char* mqtt_server = "ip or dns";
-const char* mqtt_topic = "sensors/out/espams";
-const char* device_name = "espams";
-
-bool enableDebug = false;
-
-WiFiClient espClient;
-PubSubClient client(espClient);
-
-void setup() {
-	//setupDebugPort(); //Comment out this line if you dont need debugging on Serial1
-  setupWiFi();
-  setupMqtt();
-
-	// initialize the HanReader
-	// (passing no han port, as we are feeding data manually, but provide Serial for debugging)
-  if (enableDebug) {
-	  hanReader.setup(&Serial, 2400, SERIAL_8N1, &Serial1);  
-  } else {
-    hanReader.setup(&Serial, 2400, SERIAL_8N1, NULL);  
-  }
-}
-
-void setupMqtt()
-{
-  client.setServer(mqtt_server, 1883);
-}
-
-void setupDebugPort()
-{
-  enableDebug = true;
-	// Initialize the Serial port for debugging
-	Serial1.begin(115200);
-	while (!Serial1) {}
-	Serial1.setDebugOutput(true);
-	Serial1.println("Serial1");
-	Serial1.println("Serial debugging port initialized");
-}
-
-
-void setupWiFi()
-{
-  // Initialize wifi
-  if (enableDebug) {
-    Serial1.print("Connecting to ");
-    Serial1.println(ssid);
-  }
-  WiFi.mode(WIFI_STA);
-  WiFi.begin(ssid, password);
-
-  while (WiFi.status() != WL_CONNECTED) {
-    delay(500);
-    if (enableDebug) Serial1.print(".");
-  }
-
-  if (enableDebug) {
-    Serial1.println("");
-    Serial1.println("WiFi connected");
-    Serial1.println("IP address: ");
-    Serial1.println(WiFi.localIP());
-  }
-}
-
-void loop() {
-  loopMqtt();
-
-	// Read one byte from the port, and see if we got a full package
-	if (hanReader.read())
-	{
-		// Get the list identifier
-		int listSize = hanReader.getListSize();
-
-    if (enableDebug) {
-  		Serial1.println("");
-  		Serial1.print("List size: ");
-  		Serial1.print(listSize);
-  		Serial1.print(": ");
-    }
-    
-		// Only care for the ACtive Power Imported, which is found in the first list
-		if (listSize == (int)Kamstrup::List1 || listSize == (int)Kamstrup::List2)
-		{
-      // Define a json object to keep the data
-      StaticJsonBuffer<MQTT_MAX_PACKET_SIZE> jsonBuffer;
-      JsonObject& root = jsonBuffer.createObject();
-      
-      // Any generic useful info here
-      root["dn"] = device_name;
-      root["up"] = millis();
-      
-      // Add a sub-structure to the json object, 
-      // to keep the data from the meter itself
-      JsonObject& data = root.createNestedObject("data");
-      
-      data["ls"] = listSize;
-      
-			data["lvi"] = hanReader.getString((int)Kamstrup_List1::ListVersionIdentifier);
-      data["mid"] = hanReader.getString((int)Kamstrup_List1::MeterID);
-      data["mt"] = hanReader.getString((int)Kamstrup_List1::MeterType);
-			data["t"] = hanReader.getPackageTime();
-      
-			data["aip"] = hanReader.getInt((int)Kamstrup_List1::ActiveImportPower); //power
-      data["aep"] = hanReader.getInt((int)Kamstrup_List1::ActiveExportPower);
-      data["rip"] = hanReader.getInt((int)Kamstrup_List1::ReactiveImportPower);
-      data["rep"] = hanReader.getInt((int)Kamstrup_List1::ReactiveExportPower);
-			
-			data["al1"] = (float)hanReader.getInt((int)Kamstrup_List1::CurrentL1) / 100.0;
-			data["al2"] = (float)hanReader.getInt((int)Kamstrup_List1::CurrentL2) / 100.0;
-			data["al3"] = (float)hanReader.getInt((int)Kamstrup_List1::CurrentL3) / 100.0;
-
-			data["vl1"] = hanReader.getInt((int)Kamstrup_List1::VoltageL1);
-			data["vl2"] = hanReader.getInt((int)Kamstrup_List1::VoltageL2);
-			data["vl3"] = hanReader.getInt((int)Kamstrup_List1::VoltageL3);
-
-			if (listSize == (int)Kamstrup::List2)
-			{
-				data["cl"] = hanReader.getTime((int)Kamstrup_List2::MeterClock);
-        data["caie"] = hanReader.getInt((int)Kamstrup_List2::CumulativeActiveImportEnergy);
-        data["caee"] = hanReader.getInt((int)Kamstrup_List2::CumulativeActiveExportEnergy);
-        data["crie"] = hanReader.getInt((int)Kamstrup_List2::CumulativeReactiveImportEnergy);
-        data["cree"] = hanReader.getInt((int)Kamstrup_List2::CumulativeReactiveExportEnergy);
-			}
-
-      if (enableDebug) {
-        root.printTo(Serial1);
-        Serial1.println("JSON length");
-        Serial1.println(root.measureLength());
-        Serial1.println("");
-      }
-      
-      // Publish the json to the MQTT server
-      char msg[MQTT_MAX_PACKET_SIZE];
-      root.printTo(msg, MQTT_MAX_PACKET_SIZE);
-      bool result = client.publish(mqtt_topic, msg);
-      
-      if (enableDebug) {
-        Serial1.println("MQTT publish result:");
-        Serial1.println(result);
-      }
-		}
-	}
-}
-
-
-// Ensure the MQTT lirary gets some attention too
-void loopMqtt()
-{
-  if (!client.connected()) {
-    reconnectMqtt();
-  }
-  client.loop();
-}
-
-void reconnectMqtt() {
-  // Loop until we're reconnected
-  while (!client.connected()) {
-    if (enableDebug) Serial1.print("Attempting MQTT connection...");
-    // Attempt to connect
-    if (client.connect("ESP8266Client")) {
-      if (enableDebug) Serial1.println("connected");
-      // Once connected, publish an announcement...
-      // client.publish("sensors", "hello world");
-      // ... and resubscribe
-      // client.subscribe("inTopic");
-    }
-    else {
-      if (enableDebug) {
-        Serial1.print("failed, rc=");
-        Serial1.print(client.state());
-        Serial1.println(" try again in 5 seconds");
-      }
-      // Wait 5 seconds before retrying
-      delay(5000);
-    }
-  }
-}

lib/HanReader/examples/Kamstrup/mqtt/README.md

@@ -1,95 +0,0 @@
-# Setup
-
-1. Copy AmsToMqttBridge\Code\Arduino\HanReader\src to Arduino\libraries
-2. Download the following libraries and put them in Arduino\libraries
-   - ESP8266WiFi
-   - PubSubClient
-   - ArduinoJson
-3. **Set MQTT_MAX_PACKET_SIZE in PubSubClient.h to at least 512 (i used 1024)**
-4. Edit the following variables in the project:
-   - ssid
-   - password
-   - mqtt_server
-   - mqtt_topic
-   - device_name
-
-## Output example:
-### List 1
-```
-{
-	"dn": "espams",
-	"up": 1475902,
-	"data": {
-		"ls": 25,
-		"lvi": "Kamstrup_V0001",
-		"mid": "5706567274389702",
-		"mt": "6841121BN243101040",
-		"t": 1510088840,
-		"aip": 3499,
-		"aep": 0,
-		"rip": 0,
-		"rep": 424,
-		"al1": 10.27,
-		"al2": 6.37,
-		"al3": 11.79,
-		"vl1": 231,
-		"vl2": 226,
-		"vl3": 231
-	}
-}
-```
-### List 2
-```
-{
-	"dn": "espams",
-	"up": 1041212,
-	"data": {
-		"ls": 35,
-		"lvi": "Kamstrup_V0001",
-		"mid": "5706567274389702",
-		"mt": "6841121BN243101040",
-		"t": 1510088405,
-		"aip": 4459,
-		"aep": 0,
-		"rip": 0,
-		"rep": 207,
-		"al1": 14.72,
-		"al2": 6.39,
-		"al3": 15.02,
-		"vl1": 231,
-		"vl2": 227,
-		"vl3": 231,
-		"cl": 1510088405,
-		"caie": 588500,
-		"caee": 0,
-		"crie": 93,
-		"cree": 80831
-	}
-}
-```
-
-### List 1 and 2 fields
-- dn = Device Name
-- up = MS since last reboot
-- ls = List Size
-- lvi = List Version Identifier
-- mid = Meter ID
-- mt = Meter Type
-- t = Time
-- aie = Active Import Power
-- aep = Active Export Power
-- rip = Reactive Import Power
-- rep = Reactive Export Power
-- al1 = Current L1
-- al2 = Current L2
-- al3 = Current L3
-- cl1 = Voltage L1
-- cl2 = Voltage L2
-- cl3 = Voltage L3
-
-### List 2 additional fields
-- cl = Meter Clock
-- caie = Cumulative Active Import Energy
-- caee = Cumulative Active Export Energy
-- crie = Cumulative Reactive Import Energy
-- cree = Cumulative Reactive Export Energy

lib/HanReader/examples/read_han_simple/read_han_simple.ino

@@ -1,61 +0,0 @@
-/*
- * Simple sketch to read MBus data from electrical meter
- * As the protocol requires "Even" parity, and this is
- * only supported on the hardware port of the ESP8266,
- * we'll have to use Serial1 for debugging.
- * 
- * This means you'll have to program the ESP using the 
- * regular RX/TX port, and then you must remove the FTDI
- * and connect the MBus signal from the meter to the
- * RS pin. The FTDI/RX can be moved to Pin2 for debugging
- * 
- * Created 14. september 2017 by Roar Fredriksen
- */
-
-#include "HanReader.h"
-#include "Kaifa.h"
-
-// The HAN Port reader
-HanReader hanReader;
-
-void setup() {
-	setupDebugPort();
-  
-	// initialize the HanReader
-	// (passing Serial as the HAN port and Serial1 for debugging)
-	hanReader.setup(&Serial, &Serial1);
-}
-
-void setupDebugPort()
-{
-	// Initialize the Serial1 port for debugging
-	// (This port is fixed to Pin2 of the ESP8266)
-	Serial1.begin(115200);
-	while (!Serial1) {}
-	Serial1.setDebugOutput(true);
-	Serial1.println("Serial1");
-	Serial1.println("Serial debugging port initialized");
-}
-
-void loop() {
-	// Read one byte from the port, and see if we got a full package
-	if (hanReader.read())
-	{
-		// Get the list identifier
-		int listSize = hanReader.getListSize();
-		
-    Serial1.println("");
-    Serial1.print("List size: ");
-    Serial1.print(listSize);
-    Serial1.print(": ");
-
-		// Only care for the ACtive Power Imported, which is found in the first list
-    if (listSize == (int)Kaifa::List1)
-    {
-      int power = hanReader.getInt((int)Kaifa_List1::ActivePowerImported);
-      Serial1.print("Power consumtion is right now: ");
-      Serial1.print(power);
-      Serial1.println(" W");
-    }
-	}
-}

lib/HanReader/examples/reporting_han_data_to_mqtt/reporting_han_data_to_mqtt.ino

@@ -1,202 +0,0 @@
-/*
- * Simple sketch to read MBus data from electrical meter
- * As the protocol requires "Even" parity, and this is
- * only supported on the hardware port of the ESP8266,
- * we'll have to use Serial1 for debugging.
- * 
- * This means you'll have to program the ESP using the 
- * regular RX/TX port, and then you must remove the FTDI
- * and connect the MBus signal from the meter to the
- * RS pin. The FTDI/RX can be moved to Pin2 for debugging
- * 
- * Created 14. september 2017 by Roar Fredriksen
- */
-
-#include <ESP8266WiFi.h>
-#include <PubSubClient.h>
-#include <ArduinoJson.h>
-#include "HanReader.h"
-#include "Kaifa.h"
-
-// The HAN Port reader
-HanReader hanReader;
-
-// WiFi and MQTT endpoints
-const char* ssid     = "Roar_Etne";
-const char* password = "**********";
-const char* mqtt_server = "192.168.10.203";
-
-WiFiClient espClient;
-PubSubClient client(espClient);
-
-void setup() {
-	setupDebugPort();
-	setupWiFi();
-	setupMqtt();
-  
-	// initialize the HanReader
-	// (passing Serial as the HAN port and Serial1 for debugging)
-	hanReader.setup(&Serial, &Serial1);
-}
-
-void setupMqtt()
-{
-	client.setServer(mqtt_server, 1883);
-}
-
-void setupDebugPort()
-{
-	// Initialize the Serial1 port for debugging
-	// (This port is fixed to Pin2 of the ESP8266)
-	Serial1.begin(115200);
-	while (!Serial1) {}
-	Serial1.setDebugOutput(true);
-	Serial1.println("Serial1");
-	Serial1.println("Serial debugging port initialized");
-}
-
-void setupWiFi()
-{
-	// Initialize wifi
-	Serial1.print("Connecting to ");
-	Serial1.println(ssid);
-	WiFi.mode(WIFI_STA);
-	WiFi.begin(ssid, password);
-
-	while (WiFi.status() != WL_CONNECTED) {
-		delay(500);
-		Serial1.print(".");
-	}
-
-	Serial1.println("");
-	Serial1.println("WiFi connected");
-	Serial1.println("IP address: ");
-	Serial1.println(WiFi.localIP());
-}
-
-void loop() {
-	loopMqtt();
-
-	// Read one byt from the port, and see if we got a full package
-	if (hanReader.read())
-	{
-    // Get the list identifier
-    int listSize = hanReader.getListSize();
-
-    Serial1.println("");
-    Serial1.print("List size: ");
-    Serial1.print(listSize);
-    Serial1.print(": ");
-
-    // Only care for the ACtive Power Imported, which is found in the first list
-    if (listSize == (int)Kaifa::List1 || listSize == (int)Kaifa::List2 || listSize == (int)Kaifa::List3)
-    {
-      if (listSize == (int)Kaifa::List1)
-      {
-        Serial1.println(" (list #1 has no ID)");
-      }
-      else
-      {
-        String id = hanReader.getString((int)Kaifa_List2::ListVersionIdentifier);
-        Serial1.println(id);
-      }
-
-  		// Get the timestamp (as unix time) from the package
-  		time_t time = hanReader.getPackageTime();
-      Serial.print("Time of the package is: ");
-      Serial.println(time);
-  
-  		// Define a json object to keep the data
-  		StaticJsonBuffer<500> jsonBuffer;
-  		JsonObject& root = jsonBuffer.createObject();
-  		
-  		// Any generic useful info here
-  		root["id"] = "espdebugger";
-  		root["up"] = millis();
-  		root["t"] = time;
-  
-  		// Add a sub-structure to the json object, 
-  		// to keep the data from the meter itself
-  		JsonObject& data = root.createNestedObject("data");
-  		
-  		// Based on the list number, get all details 
-  		// according to OBIS specifications for the meter
-  		if (listSize == (int)Kaifa::List1)
-  		{
-  			data["P"] = hanReader.getInt((int)Kaifa_List1::ActivePowerImported);
-  		}
-  		else if (listSize == (int)Kaifa::List2)
-  		{
-  			data["lv"] = hanReader.getString((int)Kaifa_List2::ListVersionIdentifier);
-  			data["id"] = hanReader.getString((int)Kaifa_List2::MeterID);
-  			data["type"] = hanReader.getString((int)Kaifa_List2::MeterType);
-  			data["P"] = hanReader.getInt((int)Kaifa_List2::ActiveImportPower);
-  			data["Q"] = hanReader.getInt((int)Kaifa_List2::ReactiveImportPower);
-  			data["I1"] = hanReader.getInt((int)Kaifa_List2::CurrentL1);
-  			data["I2"] = hanReader.getInt((int)Kaifa_List2::CurrentL2);
-  			data["I3"] = hanReader.getInt((int)Kaifa_List2::CurrentL3);
-  			data["U1"] = hanReader.getInt((int)Kaifa_List2::VoltageL1);
-  			data["U2"] = hanReader.getInt((int)Kaifa_List2::VoltageL2);
-  			data["U3"] = hanReader.getInt((int)Kaifa_List2::VoltageL3);
-  		}
-  		else if (listSize == (int)Kaifa::List3)
-  		{
-  			data["lv"] = hanReader.getString((int)Kaifa_List3::ListVersionIdentifier);;
-  			data["id"] = hanReader.getString((int)Kaifa_List3::MeterID);
-  			data["type"] = hanReader.getString((int)Kaifa_List3::MeterType);
-  			data["P"] = hanReader.getInt((int)Kaifa_List3::ActiveImportPower);
-  			data["Q"] = hanReader.getInt((int)Kaifa_List3::ReactiveImportPower);
-  			data["I1"] = hanReader.getInt((int)Kaifa_List3::CurrentL1);
-  			data["I2"] = hanReader.getInt((int)Kaifa_List3::CurrentL2);
-  			data["I3"] = hanReader.getInt((int)Kaifa_List3::CurrentL3);
-  			data["U1"] = hanReader.getInt((int)Kaifa_List3::VoltageL1);
-  			data["U2"] = hanReader.getInt((int)Kaifa_List3::VoltageL2);
-  			data["U3"] = hanReader.getInt((int)Kaifa_List3::VoltageL3);
-  			data["tPI"] = hanReader.getInt((int)Kaifa_List3::CumulativeActiveImportEnergy);
-  			data["tPO"] = hanReader.getInt((int)Kaifa_List3::CumulativeActiveExportEnergy);
-  			data["tQI"] = hanReader.getInt((int)Kaifa_List3::CumulativeReactiveImportEnergy);
-  			data["tQO"] = hanReader.getInt((int)Kaifa_List3::CumulativeReactiveExportEnergy);
-  		}
-  
-  		// Write the json to the debug port
-  		root.printTo(Serial1);
-  		Serial1.println();
-  
-  		// Publish the json to the MQTT server
-  		char msg[1024];
-  		root.printTo(msg, 1024);
-  		client.publish("sensors/out/espdebugger", msg);
-  	}
-	}
-}
-
-// Ensure the MQTT lirary gets some attention too
-void loopMqtt()
-{
-	if (!client.connected()) {
-		reconnectMqtt();
-	}
-	client.loop();
-}
-
-void reconnectMqtt() {
-	// Loop until we're reconnected
-	while (!client.connected()) {
-		Serial1.print("Attempting MQTT connection...");
-		// Attempt to connect
-		if (client.connect("ESP8266Client")) {
-			Serial1.println("connected");
-			// Once connected, publish an announcement...
-			// client.publish("sensors", "hello world");
-			// ... and resubscribe
-			// client.subscribe("inTopic");
-		}
-		else {
-			Serial1.print("failed, rc=");
-			Serial1.print(client.state());
-			Serial1.println(" try again in 5 seconds");
-			// Wait 5 seconds before retrying
-			delay(5000);
-		}
-	}
-}

lib/HanReader/library.properties

@@ -1,10 +0,0 @@
-name=HanReader
-version=1.0.1
-author=roarfred
-maintainer=roarfred <not@important.com>
-sentence=HAN support
-paragraph=HAN support
-category=Sensors
-url=https://github.com/roarfred/AmsToMqttBridge
-architectures=*
-depends=Timezone

lib/HanReader/readme.txt

@@ -1,19 +0,0 @@
-Arduino Compatible Cross Platform C++ Library Project : For more information see http://www.visualmicro.com
-
-This project works exactly the same way as an Arduino library. 
-
-Add this project to any solution that contains an Arduino project and #include <headers.h> in code as you would any normal Arduino library headers. 
-
-To enable intellisense and to support live build discovery outside of the "standard" Arduino library locations, ensure that the library is added as a shared project reference to the master Arduino project. To do this, right click the master project "References" node and then click "Add Reference". A window will open and the library will appear on the "Shared Projects" tab. Click the checkbox next to the library name to add the reference. If this library is moved the shared referencemust be removed and re-added.
-
-VS2017 has a bug, workround: After moving existing source code within a "library or shared project", close and re-open the solution.
-
-Visual Studio will display intellisense for libraries based on the platform/board that has been specified for the currently active "Startup Project" of the current solution.
-
-
-IMPORTANT: The arduino.cc Library Rules must be followed when adding code or restructing libraries.
-	
-
-
-
-blog: http://www.visualmicro.com/post/2017/01/16/Arduino-Cross-Platform-Library-Development.aspx

lib/HanReader/src/Aidon.h

@@ -1,304 +0,0 @@
-// Aidon.h
-
-#ifndef _AIDON_h
-#define _AIDON_h
-
-enum class Aidon
-{
-	List1			= 0x01,
-	List1PhaseShort = 0x09,
-	List1PhaseLong	= 0x0E,
-	List3PhaseShort = 0x0D,
-	List3PhaseLong	= 0x12,
-	List3PhaseITShort = 0x0C,
-	List3PhaseITLong  = 0x11,
-};
-
-enum class Aidon_List1
-{
-	ListSize,
-	IGN_0,
-	ActiveImportPower_OBIS,
-	ActiveImportPower,
-	IGN_1,
-	ActiveImportPowerInt8,
-	ActiveImportPowerEnum
-};
-
-
-enum class Aidon_List1Phase
-{
-	ListSize,
-	IGN_0,
-	ListVersionIdentifier_OBIS,
-	ListVersionIdentifier,
-	IGN_1,
-	MeterID_OBIS,
-	MeterID,
-	IGN_2,
-	MeterType_OBIS,
-	MeterType,
-	IGN_3,
-	ActiveImportPower_OBIS,
-	ActiveImportPower,
-	IGN_4,
-	ActiveImportPowerInt8,
-	ActiveImportPowerEnum,
-	IGN_5,
-	ActiveExportPower_OBIS,
-	ActiveExportPower,
-	IGN_6,
-	ActiveExportPowerInt8,
-	ActiveExportPowerEnum,
-	IGN_7,
-	ReactiveImportPower_OBIS,
-	ReactiveImportPower,
-	IGN_8,
-	ReactiveImportPowerInt8,
-	ReactiveImportPowerEnum,
-	IGN_9,
-	ReactiveExportPower_OBIS,
-	ReactiveExportPower,
-	IGN_10,
-	ReactiveExportPowerInt8,
-	ReactiveExportPowerEnum,
-	IGN_11,
-	CurrentL1_OBIS,
-	CurrentL1,
-	IGN_12,
-	CurrentL1Int8,
-	CurrentL1Enum,
-	IGN_13,
-	VoltageL1_OBIS,
-	VoltageL1,
-	IGN_14,
-	VoltageL1Int8,
-	VoltageL1Enum,
-	IGN_15,
-	Timestamp_OBIS,
-	Timestamp,
-	IGN_16,
-	CumulativeActiveImportEnergy_OBIS,
-	CumulativeActiveImportEnergy,
-	IGN_17,
-	CumulativeActiveImportEnergyInt8,
-	CumulativeActiveImportEnergyEnum,
-	IGN_18,
-	CumulativeActiveExportEnergy_OBIS,
-	CumulativeActiveExportEnergy,
-	IGN_19,
-	CumulativeActiveExportEnergyInt8,
-	CumulativeActiveExportEnergyEnum,
-	IGN_20,
-	CumulativeReactiveImportEnergy_OBIS,
-	CumulativeReactiveImportEnergy,
-	IGN_21,
-	CumulativeReactiveImportEnergyInt8,
-	CumulativeReactiveImportEnergyEnum,
-	IGN_22,
-	CumulativeReactiveExportEnergy_OBIS,
-	CumulativeReactiveExportEnergy,
-	IGN_23,
-	CumulativeReactiveExportEnergyInt8,
-	CumulativeReactiveExportEnergyEnum
-};
-
-enum class Aidon_List3Phase
-{
-	ListSize,
-	IGN_0,
-	ListVersionIdentifier_OBIS,
-	ListVersionIdentifier,
-	IGN_1,
-	MeterID_OBIS,
-	MeterID,
-	IGN_2,
-	MeterType_OBIS,
-	MeterType,
-	IGN_3,
-	ActiveImportPower_OBIS,
-	ActiveImportPower,
-	IGN_4,
-	ActiveImportPowerInt8,
-	ActiveImportPowerEnum,
-	IGN_5,
-	ActiveExportPower_OBIS,
-	ActiveExportPower,
-	IGN_6,
-	ActiveExportPowerInt8,
-	ActiveExportPowerEnum,
-	IGN_7,
-	ReactiveImportPower_OBIS,
-	ReactiveImportPower,
-	IGN_8,
-	ReactiveImportPowerInt8,
-	ReactiveImportPowerEnum,
-	IGN_9,
-	ReactiveExportPower_OBIS,
-	ReactiveExportPower,
-	IGN_10,
-	ReactiveExportPowerInt8,
-	ReactiveExportPowerEnum,
-	IGN_11,
-	CurrentL1_OBIS,
-	CurrentL1,
-	IGN_12,
-	CurrentL1Int8,
-	CurrentL1Enum,
-	IGN_13,
-	CurrentL2_OBIS,
-	CurrentL2,
-	IGN_14,
-	CurrentL2Int8,
-	CurrentL2Enum,
-	IGN_15,
-	CurrentL3_OBIS,
-	CurrentL3,
-	IGN_16,
-	CurrentL3Int8,
-	CurrentL3Enum,
-	IGN_17,
-	VoltageL1_OBIS,
-	VoltageL1,
-	IGN_18,
-	VoltageL1Int8,
-	VoltageL1Enum,
-	IGN_19,
-	VoltageL2_OBIS,
-	VoltageL2,
-	IGN_20,
-	VoltageL2Int8,
-	VoltageL2Enum,
-	IGN_21,
-	VoltageL3_OBIS,
-	VoltageL3,
-	IGN_22,
-	VoltageL3Int8,
-	VoltageL3Enum,
-	IGN_23,
-	Timestamp_OBIS,
-	Timestamp,
-	IGN_24,
-	CumulativeActiveImportEnergy_OBIS,
-	CumulativeActiveImportEnergy,
-	IGN_25,
-	CumulativeActiveImportEnergyInt8,
-	CumulativeActiveImportEnergyEnum,
-	IGN_26,
-	CumulativeActiveExportEnergy_OBIS,
-	CumulativeActiveExportEnergy,
-	IGN_27,
-	CumulativeActiveExportEnergyInt8,
-	CumulativeActiveExportEnergyEnum,
-	IGN_28,
-	CumulativeReactiveImportEnergy_OBIS,
-	CumulativeReactiveImportEnergy,
-	IGN_29,
-	CumulativeReactiveImportEnergyInt8,
-	CumulativeReactiveImportEnergyEnum,
-	IGN_30,
-	CumulativeReactiveExportEnergy_OBIS,
-	CumulativeReactiveExportEnergy,
-	IGN_31,
-	CumulativeReactiveExportEnergyInt8,
-	CumulativeReactiveExportEnergyEnum
-};
-
-enum class Aidon_List3PhaseIT
-{
-	ListSize,
-	IGN_0,
-	ListVersionIdentifier_OBIS,
-	ListVersionIdentifier,
-	IGN_1,
-	MeterID_OBIS,
-	MeterID,
-	IGN_2,
-	MeterType_OBIS,
-	MeterType,
-	IGN_3,
-	ActiveImportPower_OBIS,
-	ActiveImportPower,
-	IGN_4,
-	ActiveImportPowerInt8,
-	ActiveImportPowerEnum,
-	IGN_5,
-	ActiveExportPower_OBIS,
-	ActiveExportPower,
-	IGN_6,
-	ActiveExportPowerInt8,
-	ActiveExportPowerEnum,
-	IGN_7,
-	ReactiveImportPower_OBIS,
-	ReactiveImportPower,
-	IGN_8,
-	ReactiveImportPowerInt8,
-	ReactiveImportPowerEnum,
-	IGN_9,
-	ReactiveExportPower_OBIS,
-	ReactiveExportPower,
-	IGN_10,
-	ReactiveExportPowerInt8,
-	ReactiveExportPowerEnum,
-	IGN_11,
-	CurrentL1_OBIS,
-	CurrentL1,
-	IGN_12,
-	CurrentL1Int8,
-	CurrentL1Enum,
-	IGN_13,
-	CurrentL3_OBIS,
-	CurrentL3,
-	IGN_14,
-	CurrentL3Int8,
-	CurrentL3Enum,
-	IGN_15,
-	VoltageL1_OBIS,
-	VoltageL1,
-	IGN_16,
-	VoltageL1Int8,
-	VoltageL1Enum,
-	IGN_17,
-	VoltageL2_OBIS,
-	VoltageL2,
-	IGN_18,
-	VoltageL2Int8,
-	VoltageL2Enum,
-	IGN_19,
-	VoltageL3_OBIS,
-	VoltageL3,
-	IGN_20,
-	VoltageL3Int8,
-	VoltageL3Enum,
-	IGN_21,
-	Timestamp_OBIS,
-	Timestamp,
-	IGN_22,
-	CumulativeActiveImportEnergy_OBIS,
-	CumulativeActiveImportEnergy,
-	IGN_23,
-	CumulativeActiveImportEnergyInt8,
-	CumulativeActiveImportEnergyEnum,
-	IGN_24,
-	CumulativeActiveExportEnergy_OBIS,
-	CumulativeActiveExportEnergy,
-	IGN_25,
-	CumulativeActiveExportEnergyInt8,
-	CumulativeActiveExportEnergyEnum,
-	IGN_26,
-	CumulativeReactiveImportEnergy_OBIS,
-	CumulativeReactiveImportEnergy,
-	IGN_27,
-	CumulativeReactiveImportEnergyInt8,
-	CumulativeReactiveImportEnergyEnum,
-	IGN_28,
-	CumulativeReactiveExportEnergy_OBIS,
-	CumulativeReactiveExportEnergy,
-	IGN_29,
-	CumulativeReactiveExportEnergyInt8,
-	CumulativeReactiveExportEnergyEnum
-};
-
-
-#endif
-

lib/HanReader/src/Crc16.cpp

@@ -1,37 +0,0 @@
-#include "Crc16.h"
-
-Crc16Class::Crc16Class()
-{
-    unsigned short value;
-    unsigned short temp;
-    for (unsigned short i = 0; i < 256; ++i)
-    {
-        value = 0;
-        temp = i;
-        for (byte j = 0; j < 8; ++j)
-        {
-            if (((value ^ temp) & 0x0001) != 0)
-            {
-                value = (ushort)((value >> 1) ^ polynomial);
-            }
-            else
-            {
-                value >>= 1;
-            }
-            temp >>= 1;
-        }
-        table[i] = value;
-    }
-}
-
-unsigned short Crc16Class::ComputeChecksum(byte *data, int start, int length)
-{
-    ushort fcs = 0xffff;
-    for (int i = start; i < (start + length); i++)
-    {
-        byte index = (fcs ^ data[i]) & 0xff;
-        fcs = (ushort)((fcs >> 8) ^ table[index]);
-    }
-    fcs ^= 0xffff;
-    return fcs;
-}

lib/HanReader/src/Crc16.h

@@ -1,23 +0,0 @@
-#ifndef _CRC16_h
-#define _CRC16_h
-
-#if defined(ARDUINO) && ARDUINO >= 100
-  #include "Arduino.h"
-#else
-  #include "WProgram.h"
-#endif
-
-class Crc16Class
-{
-  public:
-    Crc16Class();
-    unsigned short ComputeChecksum(byte *data, int start, int length);
-  protected:
-  private:
-    const unsigned short polynomial = 0x8408;
-    unsigned short table[256];
-};
-
-#endif
-
-

lib/HanReader/src/DlmsReader.cpp

@@ -1,208 +0,0 @@
-#include "DlmsReader.h"
-
-DlmsReader::DlmsReader()
-{
-    //this->Clear();
-}
-
-void DlmsReader::Clear()
-{
-    this->position = 0;
-    this->dataLength = 0;
-    this->destinationAddressLength = 0;
-    this->sourceAddressLength = 0;
-    this->frameFormatType = 0;
-}
-
-bool DlmsReader::Read(byte data, Print* debugger)
-{
-    if (position == 0 && data != 0x7E)
-    {
-        // we haven't started yet, wait for the start flag (no need to capture any data yet)
-        return false;
-    }
-    else
-    {
-        // We have completed reading of one package, so clear and be ready for the next
-        if (dataLength > 0 && position >= dataLength + 2) {
-            if(debugger != NULL) {
-                debugger->printf("Preparing for next frame\n");
-            }
-            Clear();
-        }
-        
-        // Check if we're about to run into a buffer overflow
-        if (position >= DLMS_READER_BUFFER_SIZE) {
-            if(debugger != NULL) {
-                debugger->printf("Buffer overflow\n");
-                debugPrint(buffer, 0, position, debugger);
-            }
-            Clear();
-        }
-
-        // Check if this is a second start flag, which indicates the previous one was a stop from the last package
-        if (position == 1 && data == 0x7E)
-        {
-            // just return, we can keep the one byte we had in the buffer
-            return false;
-        }
-
-        // We have started, so capture every byte
-        buffer[position++] = data;
-
-        if (position == 1)
-        {
-            // This was the start flag, we're not done yet
-            return false;
-        }
-        else if (position == 2)
-        {
-            // Capture the Frame Format Type
-            frameFormatType = (byte)(data & 0xF0);
-            if (!IsValidFrameFormat(frameFormatType)) {
-                if(debugger != NULL) {
-                    debugger->printf("Incorrect frame format %02X\n", frameFormatType);
-                    debugPrint(buffer, 0, position, debugger);
-                }
-                Clear();
-            }
-            return false;
-        }
-        else if (position == 3)
-        {
-            // Capture the length of the data package
-            dataLength = ((buffer[1] & 0x0F) << 8) | buffer[2];
-            return false;
-        }
-        else if (destinationAddressLength == 0)
-        {
-            // Capture the destination address
-            destinationAddressLength = GetAddress(3, destinationAddress, 0, DLMS_READER_MAX_ADDRESS_SIZE);
-            if (destinationAddressLength > 3) {
-                if(debugger != NULL) {
-                    debugger->printf("Destination address length incorrect\n");
-                    debugPrint(buffer, 0, position, debugger);
-                }
-                Clear();
-            }
-            return false;
-        }
-        else if (sourceAddressLength == 0)
-        {
-            // Capture the source address
-            sourceAddressLength = GetAddress(3 + destinationAddressLength, sourceAddress, 0, DLMS_READER_MAX_ADDRESS_SIZE);
-            if (sourceAddressLength > 3) {
-                if(debugger != NULL) {
-                    debugger->printf("Source address length incorrect\n");
-                    debugPrint(buffer, 0, position, debugger);
-                }
-                Clear();
-            }
-            return false;
-        }
-        else if (position == 4 + destinationAddressLength + sourceAddressLength + 2)
-        {
-            // Verify the header checksum
-            ushort headerChecksum = GetChecksum(position - 3);
-            if (headerChecksum != Crc16.ComputeChecksum(buffer, 1, position - 3)) {
-                if(debugger != NULL) {
-                    debugger->printf("Header checksum is incorrect %02X\n", headerChecksum);
-                    debugPrint(buffer, 0, position, debugger);
-                }
-                Clear();
-            }
-            return false;
-        }
-        else if (position == dataLength + 1)
-        {
-            // Verify the data package checksum
-            ushort checksum = this->GetChecksum(position - 3);
-            if (checksum != Crc16.ComputeChecksum(buffer, 1, position - 3)) {
-                if(debugger != NULL) {
-                    debugger->printf("Frame checksum is incorrect %02X\n", checksum);
-                    debugPrint(buffer, 0, position, debugger);
-                }
-                Clear();
-            }
-            return false;
-        }
-        else if (position == dataLength + 2)
-        {
-            // We're done, check the stop flag and signal we're done
-            if (data == 0x7E)
-                return true;
-            else
-            {
-                if(debugger != NULL) {
-                    debugger->printf("Received incorrect end marker %02X\n", data);
-                    debugPrint(buffer, 0, position, debugger);
-                }
-                Clear();
-                return false;
-            }
-        }
-    }
-    return false;
-}
-
-bool DlmsReader::IsValidFrameFormat(byte frameFormatType)
-{
-    return frameFormatType == 0xA0;
-}
-
-int DlmsReader::GetRawData(byte *dataBuffer, int start, int length)
-{
-    if (dataLength > 0 && position == dataLength + 2)
-    {
-        int headerLength = 3 + destinationAddressLength + sourceAddressLength + 2;
-        int bytesWritten = 0;
-        for (int i = headerLength + 1; i < dataLength - 1; i++)
-        {
-          dataBuffer[i + start - headerLength - 1] = buffer[i];
-          bytesWritten++;
-        }
-        return bytesWritten;
-    }
-    else
-        return 0;
-}
-
-int DlmsReader::GetAddress(int addressPosition, byte* addressBuffer, int start, int length)
-{
-    int addressBufferPos = start;
-    for (int i = addressPosition; i < position; i++)
-    {
-        addressBuffer[addressBufferPos++] = buffer[i];
-        
-        // LSB=1 means this was the last address byte
-        if ((buffer[i] & 0x01) == 0x01)  
-            break;
-
-        // See if we've reached last byte, try again when we've got more data
-        else if (i == position - 1)
-            return 0;
-    }
-    return addressBufferPos - start;
-}
-
-ushort DlmsReader::GetChecksum(int checksumPosition)
-{
-    return (ushort)(buffer[checksumPosition + 2] << 8 |
-        buffer[checksumPosition + 1]);
-}
-
-void DlmsReader::debugPrint(byte *buffer, int start, int length, Print* debugger) {
-	for (int i = start; i < start + length; i++) {
-		if (buffer[i] < 0x10)
-			debugger->print("0");
-		debugger->print(buffer[i], HEX);
-		debugger->print(" ");
-		if ((i - start + 1) % 16 == 0)
-			debugger->println("");
-		else if ((i - start + 1) % 4 == 0)
-			debugger->print(" ");
-
-		yield(); // Let other get some resources too
-	}
-	debugger->println("");
-}

lib/HanReader/src/DlmsReader.h

@@ -1,43 +0,0 @@
-#ifndef _DLMSREADER_h
-#define _DLMSREADER_h
-
-#include "Crc16.h"
-
-#if defined(ARDUINO) && ARDUINO >= 100
-  #include "Arduino.h"
-#else
-  #include "WProgram.h"
-#endif
-
-#define DLMS_READER_BUFFER_SIZE 512
-#define DLMS_READER_MAX_ADDRESS_SIZE 5
-
-class DlmsReader
-{
-  public:
-    DlmsReader();
-    bool Read(byte data, Print* Debug);
-    int GetRawData(byte *buffer, int start, int length);
-    
-  protected:
-    Crc16Class Crc16;
-    
-  private:
-    byte buffer[DLMS_READER_BUFFER_SIZE];
-    int position;
-    int dataLength;
-    byte frameFormatType;
-    byte destinationAddress[DLMS_READER_MAX_ADDRESS_SIZE];
-    byte destinationAddressLength;
-    byte sourceAddress[DLMS_READER_MAX_ADDRESS_SIZE];
-    byte sourceAddressLength;
-
-    void Clear();
-    int GetAddress(int addressPosition, byte* buffer, int start, int length);
-    unsigned short GetChecksum(int checksumPosition);
-    bool IsValidFrameFormat(byte frameFormatType);
-    void WriteBuffer();
-    void debugPrint(byte *buffer, int start, int length, Print* debugger);
-};
-
-#endif

lib/HanReader/src/HanReader.cpp

@@ -1,384 +0,0 @@
-#include "HanReader.h"
-#include "mbedtls/gcm.h"
-
-HanReader::HanReader() {
-	// Central European Time (Frankfurt, Paris)
-	TimeChangeRule CEST = {"CEST", Last, Sun, Mar, 2, 120};     // Central European Summer Time
-	TimeChangeRule CET = {"CET ", Last, Sun, Oct, 3, 60};       // Central European Standard Time
-	localZone = new Timezone(CEST, CET);
-}
-
-void HanReader::setup(Stream *hanPort, RemoteDebug *debug)
-{
-	han = hanPort;
-	bytesRead = 0;
-	debugger = debug;
-
-	if (debug) debug->println("MBUS serial setup complete");
-}
-
-void HanReader::setup(Stream *hanPort){
-	setup(hanPort, NULL);
-}
-
-void HanReader::setEncryptionKey(uint8_t* encryption_key) {
-	memcpy(this->encryption_key, encryption_key, 16);
-}
-
-void HanReader::setAuthenticationKey(uint8_t* authentication_key) {
-	memcpy(this->authentication_key, authentication_key, 16);
-}
-
-
-bool HanReader::read(byte data) {
-	if (reader.Read(data, debugger->isActive(RemoteDebug::DEBUG) ? debugger : NULL)) {
-		bytesRead = reader.GetRawData(buffer, 0, 512);
-		if (debugger->isActive(RemoteDebug::INFO)) {
-			printI("Got valid DLMS data (%d bytes)", bytesRead);
-			if (debugger->isActive(RemoteDebug::DEBUG)) {
-				debugPrint(buffer, 0, bytesRead);
-			}
-		}
-
-		/*
-			Data should start with E6 E7 00 0F
-			and continue with four bytes for the InvokeId
-		*/
-		if (bytesRead < 9) {
-			printW("Invalid HAN data: Less than 9 bytes received");
-			return false;
-		}
-		else if (
-			buffer[0] != 0xE6 
-			|| buffer[1] != 0xE7
-			|| buffer[2] != 0x00
-			//|| buffer[3] != 0x0F
-		)
-		{
-			printW("Invalid HAN data: Start should be E6 E7 00");
-			return false;
-		}
-
-		// Have not found any documentation supporting this, but 0x0F for all norwegian meters.
-		// Danish meters with encryption has 0xDB, so lets assume this has something to do with that.
-		switch(buffer[3]) {
-			case 0x0F:
-				dataHeader = 8;
-				break;
-			case 0xDB:
-				printI("Decrypting frame");
-				if(!decryptFrame()) return false;
-				if (debugger->isActive(RemoteDebug::DEBUG)) {
-					printD("Data after decryption:");
-					debugPrint(buffer, 0, bytesRead);
-				}
-				dataHeader = 26;
-				break;
-		}
-
-		listSize = getInt(0, buffer, 0, bytesRead);
-		printI("HAN data is valid, listSize: %d", listSize);
-		return true;
-	}
-
-	return false;
-}
-
-const size_t headersize = 3;
-const size_t footersize = 0;
-
-mbedtls_gcm_context m_ctx;
-
-bool HanReader::decryptFrame() {
-	uint8_t system_title[8];
-    memcpy(system_title, buffer + headersize + 2, 8);
-	if (debugger->isActive(RemoteDebug::DEBUG)) {
-		printD("System title:");
-		debugPrint(system_title, 0, 8);
-	}
-
-	uint8_t initialization_vector[12];
-    memcpy(initialization_vector, system_title, 8);
-    memcpy(initialization_vector + 8, buffer + headersize + 14, 4);
-	if (debugger->isActive(RemoteDebug::DEBUG)) {
-		printD("Initialization vector:");
-		debugPrint(initialization_vector, 0, 12);
-	}
-
-    uint8_t additional_authenticated_data[17];
-    memcpy(additional_authenticated_data, buffer + headersize + 13, 1);
-    memcpy(additional_authenticated_data + 1, authentication_key, 16);
-	if (debugger->isActive(RemoteDebug::DEBUG)) {
-		printD("Additional authenticated data:");
-		debugPrint(additional_authenticated_data, 0, 12);
-	}
-
-    uint8_t authentication_tag[12];
-    memcpy(authentication_tag, buffer + headersize + bytesRead - headersize - footersize - 12, 12);
-	if (debugger->isActive(RemoteDebug::DEBUG)) {
-		printD("Authentication tag:");
-		debugPrint(authentication_tag, 0, 12);
-	}
-
-    uint8_t cipher_text[bytesRead - headersize - footersize - 18 - 12];
-    memcpy(cipher_text, buffer + headersize + 18, bytesRead - headersize - footersize - 12 - 18);
-
-	mbedtls_gcm_init(&m_ctx);
-	int success = mbedtls_gcm_setkey(&m_ctx, MBEDTLS_CIPHER_ID_AES, encryption_key, sizeof(encryption_key)*8);
-	if (0 != success ) {
-		printE("Setkey failed: " + String(success));
-		return false;
-	}
-	success = mbedtls_gcm_auth_decrypt(&m_ctx, sizeof(cipher_text), initialization_vector, sizeof(initialization_vector),
-        additional_authenticated_data, sizeof(additional_authenticated_data), authentication_tag, sizeof(authentication_tag),
-        cipher_text, buffer + headersize + 18);
-	if (0 != success) {
-		printE("authdecrypt failed: " + String(success));
-		return false;
-	}
-	mbedtls_gcm_free(&m_ctx);
-	return true;
-}
-
-void HanReader::debugPrint(byte *buffer, int start, int length) {
-	for (int i = start; i < start + length; i++) {
-		if (buffer[i] < 0x10)
-			debugger->print("0");
-		debugger->print(buffer[i], HEX);
-		debugger->print(" ");
-		if ((i - start + 1) % 16 == 0)
-			debugger->println("");
-		else if ((i - start + 1) % 4 == 0)
-			debugger->print(" ");
-
-		yield(); // Let other get some resources too
-	}
-	debugger->println("");
-}
-
-bool HanReader::read() {
-	while(han->available()) {
-		if(read(han->read())) {
-			return true;
-		}
-	}
-	return false;
-}
-
-int HanReader::getListSize() {
-	return listSize;
-}
-
-time_t HanReader::getPackageTime() {
-	int packageTimePosition = dataHeader 
-		+ (compensateFor09HeaderBug ? 1 : 0);
-
-	return getTime(buffer, packageTimePosition, bytesRead);
-}
-
-time_t HanReader::getTime(int objectId) {
-	return getTime(objectId, buffer, 0, bytesRead);
-}
-
-int32_t HanReader::getInt(int objectId) {
-	return getInt(objectId, buffer, 0, bytesRead);
-}
-
-uint32_t HanReader::getUint(int objectId) {
-	return getUint32(objectId, buffer, 0, bytesRead);
-}
-
-String HanReader::getString(int objectId) {
-	return getString(objectId, buffer, 0, bytesRead);
-}
-
-int HanReader::getBuffer(byte* buf) {
-	for (int i = 0; i < bytesRead; i++) {
-		buf[i] = buffer[i];
-	}
-	return bytesRead;
-}
-
-int HanReader::findValuePosition(int dataPosition, byte *buffer, int start, int length) {
-	// The first byte after the header gives the length 
-	// of the extended header information (variable)
-	int headerSize = dataHeader + (compensateFor09HeaderBug ? 1 : 0);
-	int firstData = headerSize + buffer[headerSize] + 1;
-
-	for (int i = start + firstData; i<length; i++) {
-		if (dataPosition-- == 0)
-			return i;
-		else if (buffer[i] == 0x00) // null
-			i += 0;
-		else if (buffer[i] == 0x0A) // String
-			i += buffer[i + 1] + 1;
-		else if (buffer[i] == 0x09) // byte array
-			i += buffer[i + 1] + 1;
-		else if (buffer[i] == 0x01) // array (1 byte for reading size)
-			i += 1;
-		else if (buffer[i] == 0x02) // struct (1 byte for reading size)
-			i += 1;
-		else if (buffer[i] == 0x10) // int16 value (2 bytes)
-			i += 2;
-		else if (buffer[i] == 0x12) // uint16 value (2 bytes)
-			i += 2;
-		else if (buffer[i] == 0x06) // uint32 value (4 bytes)
-			i += 4;
-		else if (buffer[i] == 0x0F) // int8 value (1 bytes)
-			i += 1;
-		else if (buffer[i] == 0x16) // enum (1 bytes)
-			i += 1;
-		else {
-			printW("Unknown data type found: 0x%s", String(buffer[i], HEX).c_str());
-			return 0; // unknown data type found
-		}
-	}
-
-	printD("Passed the end of the data. Length was: %d", length);
-
-	return 0;
-}
-
-
-time_t HanReader::getTime(int dataPosition, byte *buffer, int start, int length) {
-	// TODO: check if the time is represented always as a 12 byte string (0x09 0x0C)
-	int timeStart = findValuePosition(dataPosition, buffer, start, length);
-	timeStart += 1;
-	return getTime(buffer, start + timeStart, length - timeStart);
-}
-
-time_t HanReader::getTime(byte *buffer, int start, int length) {
-	int pos = start;
-	int dataLength = buffer[pos++];
-
-	if (dataLength == 0x0C) {
-		int year = buffer[pos] << 8 |
-			buffer[pos + 1];
-
-		int month = buffer[pos + 2];
-		int day = buffer[pos + 3];
-		int hour = buffer[pos + 5];
-		int minute = buffer[pos + 6];
-		int second = buffer[pos + 7];
-
-		tmElements_t tm;
-		tm.Year = year - 1970;
-		tm.Month = month;
-		tm.Day = day;
-		tm.Hour = hour;
-		tm.Minute = minute;
-		tm.Second = second;
-		return localZone->toUTC(makeTime(tm));
-	} else if(dataLength == 0) {
-		return (time_t)0L;
-	} else {
-		printW("Unknown time length: %d", dataLength);
-		// Date format not supported
-		return (time_t)0L;
-	}
-}
-
-int HanReader::getInt(int dataPosition, byte *buffer, int start, int length) {
-	int valuePosition = findValuePosition(dataPosition, buffer, start, length);
-
-	if (valuePosition > 0) {
-		switch (buffer[valuePosition++]) {
-			case 0x01:
-			case 0x02:
-			case 0x16:
-				return getUint8(dataPosition, buffer, start, length);
-			case 0x0F:
-				return getInt8(dataPosition, buffer, start, length);
-			case 0x12:
-				return getUint16(dataPosition, buffer, start, length);
-			case 0x10: 
-				return getInt16(dataPosition, buffer, start, length);
-			case 0x06:
-				return getUint32(dataPosition, buffer, start, length);
-		}
-	}
-	return 0;
-}
-
-int8_t HanReader::getInt8(int dataPosition, byte *buffer, int start, int length) {
-	int valuePosition = findValuePosition(dataPosition, buffer, start, length);
-	if (valuePosition > 0 && buffer[valuePosition++] == 0x0F) {
-		return buffer[valuePosition];
-	}
-	return 0;
-}
-
-int16_t HanReader::getInt16(int dataPosition, byte *buffer, int start, int length) {
-	int valuePosition = findValuePosition(dataPosition, buffer, start, length);
-	if (valuePosition > 0 && buffer[valuePosition++] == 0x10) {
-		return buffer[valuePosition] << 8 | buffer[valuePosition+1];
-	}
-	return 0;
-}
-
-uint8_t HanReader::getUint8(int dataPosition, byte *buffer, int start, int length) {
-	int valuePosition = findValuePosition(dataPosition, buffer, start, length);
-	if (valuePosition > 0) {
-		switch(buffer[valuePosition++]) {
-			case 0x01:
-			case 0x02:
-			case 0x16:
-				return buffer[valuePosition];
-		}
-	}
-	return 0;
-}
-
-uint16_t HanReader::getUint16(int dataPosition, byte *buffer, int start, int length) {
-	int valuePosition = findValuePosition(dataPosition, buffer, start, length);
-	if (valuePosition > 0 && buffer[valuePosition++] == 0x12) {
-		return buffer[valuePosition] << 8 | buffer[valuePosition+1];
-	}
-	return 0;
-}
-
-uint32_t HanReader::getUint32(int dataPosition, byte *buffer, int start, int length) {
-	int valuePosition = findValuePosition(dataPosition, buffer, start, length);
-	if (valuePosition > 0) {
-		if(buffer[valuePosition++] != 0x06)
-			return 0;
-		uint32_t value = 0;
-		for (int i = valuePosition; i < valuePosition + 4; i++) {
-			value = value << 8 | buffer[i];
-		}
-		return value;
-	}
-	return 0;
-}
-
-String HanReader::getString(int dataPosition, byte *buffer, int start, int length) {
-	int valuePosition = findValuePosition(dataPosition, buffer, start, length);
-	if (valuePosition > 0) {
-		String value = String("");
-		for (int i = valuePosition + 2; i < valuePosition + buffer[valuePosition + 1] + 2; i++) {
-			value += String((char)buffer[i]);
-		}
-		return value;
-	}
-	return String("");
-}
-
-void HanReader::printD(String fmt, int arg) {
-	if(debugger->isActive(RemoteDebug::DEBUG)) debugger->printf(String("(HanReader)" + fmt + "\n").c_str(), arg);
-}
-
-void HanReader::printI(String fmt, int arg) {
-	if(debugger->isActive(RemoteDebug::INFO)) debugger->printf(String("(HanReader)" + fmt + "\n").c_str(), arg);
-}
-
-void HanReader::printW(String fmt, int arg) {
-	if(debugger->isActive(RemoteDebug::WARNING)) debugger->printf(String("(HanReader)" + fmt + "\n").c_str(), arg);
-}
-
-void HanReader::printW(String fmt, const char* arg) {
-	if(debugger->isActive(RemoteDebug::WARNING)) debugger->printf(String("(HanReader)" + fmt + "\n").c_str(), arg);
-}
-
-void HanReader::printE(String fmt, int arg) {
-	if(debugger->isActive(RemoteDebug::ERROR)) debugger->printf(String("(HanReader)" + fmt + "\n").c_str(), arg);
-}

lib/HanReader/src/HanReader.h

@@ -1,74 +0,0 @@
-#ifndef _HANREADER_h
-#define _HANREADER_h
-
-#if defined(ARDUINO) && ARDUINO >= 100
-  #include "Arduino.h"
-#else
-  #include "WProgram.h"
-#endif
-
-
-#include "DlmsReader.h"
-#include <Timezone.h>
-#include "RemoteDebug.h"
-
-class HanReader
-{
-public:
-	uint dataHeader = 8;
-	bool compensateFor09HeaderBug = false;
-
-	HanReader();
-	void setup(Stream *hanPort);
-	void setup(Stream *hanPort, RemoteDebug *debug);
-	bool read();
-	bool read(byte data);
-	int getListSize();
-	time_t getPackageTime();
-	int32_t getInt(int objectId); // Use this for uint8, int8, uint16, int16
-	uint32_t getUint(int objectId); // Only for uint32
-	String getString(int objectId);
-	time_t getTime(int objectId);
-	int getBuffer(byte* buf);
-
-	void setEncryptionKey(uint8_t* encryption_key);
-	void setAuthenticationKey(uint8_t* authentication_key);
-
-private:
-	RemoteDebug* debugger;
-	Stream *han;
-	byte buffer[512];
-	int bytesRead;
-	DlmsReader reader;
-	int listSize;
-	Timezone *localZone;
-	uint8_t encryption_key[16];
-	uint8_t authentication_key[16];
-
-	int findValuePosition(int dataPosition, byte *buffer, int start, int length);
-
-	time_t getTime(int dataPosition, byte *buffer, int start, int length);
-	time_t getTime(byte *buffer, int start, int length);
-	int getInt(int dataPosition, byte *buffer, int start, int length);
-	int8_t getInt8(int dataPosition, byte *buffer, int start, int length);
-	uint8_t getUint8(int dataPosition, byte *buffer, int start, int length);
-	int16_t getInt16(int dataPosition, byte *buffer, int start, int length);
-	uint16_t getUint16(int dataPosition, byte *buffer, int start, int length);
-	uint32_t getUint32(int dataPosition, byte *buffer, int start, int length);
-	String getString(int dataPosition, byte *buffer, int start, int length);
-
-	time_t toUnixTime(int year, int month, int day, int hour, int minute, int second);
-
-	bool decryptFrame();
-
-	void debugPrint(byte *buffer, int start, int length);
-
-	void printD(String fmt, int arg=0);
-	void printI(String fmt, int arg=0);
-	void printW(String fmt, int arg=0);
-	void printW(String fmt, const char* arg);
-	void printE(String fmt, int arg=0);
-};
-
-
-#endif

lib/HanReader/src/Kaifa.h

@@ -1,57 +0,0 @@
-#ifndef _KAIFA_h
-#define _KAIFA_h
-
-enum class Kaifa {
-	List1			= 0x01,
-	List1PhaseShort	= 0x09,
-	List3PhaseShort	= 0x0D,
-	List1PhaseLong	= 0x0E,
-	List3PhaseLong	= 0x12
-};
-
-enum class Kaifa_List1 {
-	ListSize,
-	ActivePowerImported
-};
-
-enum class Kaifa_List3Phase {
-	ListSize,
-	ListVersionIdentifier,
-	MeterID,
-	MeterType,
-	ActiveImportPower,
-	ActiveExportPower,
-	ReactiveImportPower,
-	ReactiveExportPower,
-	CurrentL1,
-	CurrentL2,
-	CurrentL3,
-	VoltageL1,
-	VoltageL2,
-	VoltageL3,
-	MeterClock,
-	CumulativeActiveImportEnergy,
-	CumulativeActiveExportEnergy,
-	CumulativeReactiveImportEnergy,
-	CumulativeReactiveExportEnergy
-};
-
-enum class Kaifa_List1Phase {
-	ListSize,
-	ListVersionIdentifier,
-	MeterID,
-	MeterType,
-	ActiveImportPower,
-	ActiveExportPower,
-	ReactiveImportPower,
-	ReactiveExportPower,
-	CurrentL1,
-	VoltageL1,
-	MeterClock,
-	CumulativeActiveImportEnergy,
-	CumulativeActiveExportEnergy,
-	CumulativeReactiveImportEnergy,
-	CumulativeReactiveExportEnergy
-};
-
-#endif

lib/HanReader/src/Kamstrup.h

@@ -1,127 +0,0 @@
-// Kamstrup.h
-
-#ifndef _KAMSTRUP_h
-#define _KAMSTRUP_h
-
-enum class Kamstrup
-{
-	List1PhaseShort = 0x11,
-	List1PhaseLong  = 0x1B,
-	List3PhaseShort = 0x19,
-	List3PhaseLong  = 0x23,
-	List3PhaseITShort = 0x17,
-	List3PhaseITLong  = 0x21
-};
-
-enum class Kamstrup_List3Phase
-{
-	ListSize,
-	ListVersionIdentifier,
-	MeterID_OBIS,
-	MeterID,
-	MeterType_OBIS,
-	MeterType,
-	ActiveImportPower_OBIS,
-	ActiveImportPower,
-	ActiveExportPower_OBIS,
-	ActiveExportPower,
-	ReactiveImportPower_OBIS,
-	ReactiveImportPower,
-	ReactiveExportPower_OBIS,
-	ReactiveExportPower,
-	CurrentL1_OBIS,
-	CurrentL1,
-	CurrentL2_OBIS,
-	CurrentL2,
-	CurrentL3_OBIS,
-	CurrentL3,
-	VoltageL1_OBIS,
-	VoltageL1,
-	VoltageL2_OBIS,
-	VoltageL2,
-	VoltageL3_OBIS,
-	VoltageL3,
-	MeterClock_OBIS,
-	MeterClock,
-	CumulativeActiveImportEnergy_OBIS,
-	CumulativeActiveImportEnergy,
-	CumulativeActiveExportEnergy_OBIS,
-	CumulativeActiveExportEnergy,
-	CumulativeReactiveImportEnergy_OBIS,
-	CumulativeReactiveImportEnergy,
-	CumulativeReactiveExportEnergy_OBIS,
-	CumulativeReactiveExportEnergy
-};
-
-enum class Kamstrup_List1Phase
-{
-	ListSize,
-	ListVersionIdentifier,
-	MeterID_OBIS,
-	MeterID,
-	MeterType_OBIS,
-	MeterType,
-	ActiveImportPower_OBIS,
-	ActiveImportPower,
-	ActiveExportPower_OBIS,
-	ActiveExportPower,
-	ReactiveImportPower_OBIS,
-	ReactiveImportPower,
-	ReactiveExportPower_OBIS,
-	ReactiveExportPower,
-	CurrentL1_OBIS,
-	CurrentL1,
-	VoltageL1_OBIS,
-	VoltageL1,
-	MeterClock_OBIS,
-	MeterClock,
-	CumulativeActiveImportEnergy_OBIS,
-	CumulativeActiveImportEnergy,
-	CumulativeActiveExportEnergy_OBIS,
-	CumulativeActiveExportEnergy,
-	CumulativeReactiveImportEnergy_OBIS,
-	CumulativeReactiveImportEnergy,
-	CumulativeReactiveExportEnergy_OBIS,
-	CumulativeReactiveExportEnergy
-};
-
-enum class Kamstrup_List3PhaseIT
-{
-	ListSize,
-	ListVersionIdentifier,
-	MeterID_OBIS,
-	MeterID,
-	MeterType_OBIS,
-	MeterType,
-	ActiveImportPower_OBIS,
-	ActiveImportPower,
-	ActiveExportPower_OBIS,
-	ActiveExportPower,
-	ReactiveImportPower_OBIS,
-	ReactiveImportPower,
-	ReactiveExportPower_OBIS,
-	ReactiveExportPower,
-	CurrentL1_OBIS,
-	CurrentL1,
-	CurrentL3_OBIS,
-	CurrentL3,
-	VoltageL1_OBIS,
-	VoltageL1,
-	VoltageL2_OBIS,
-	VoltageL2,
-	VoltageL3_OBIS,
-	VoltageL3,
-	MeterClock_OBIS,
-	MeterClock,
-	CumulativeActiveImportEnergy_OBIS,
-	CumulativeActiveImportEnergy,
-	CumulativeActiveExportEnergy_OBIS,
-	CumulativeActiveExportEnergy,
-	CumulativeReactiveImportEnergy_OBIS,
-	CumulativeReactiveImportEnergy,
-	CumulativeReactiveExportEnergy_OBIS,
-	CumulativeReactiveExportEnergy
-};
-
-#endif
-

lib/HanReader/src/Omnipower.h

@@ -1,77 +0,0 @@
-#ifndef _OMNIPOWER_h
-#define _OMNIPOWER_h
-
-enum class Omnipower {
-	DLMS = 0x41
-};
-
-enum class Omnipower_DLMS {
-	ListSize,
-	ListVersionIdentifier,
-    CumulativeActiveImportEnergy_OBIS,
-    CumulativeActiveImportEnergy,
-	CumulativeActiveExportEnergy_OBIS,
-	CumulativeActiveExportEnergy,
-	CumulativeReactiveImportEnergy_OBIS,
-	CumulativeReactiveImportEnergy,
-	CumulativeReactiveExportEnergy_OBIS,
-	CumulativeReactiveExportEnergy,
-    MeterNumber_OBIS,
-    MeterNumber,
-	ActiveImportPower_OBIS,
-	ActiveImportPower,
-	ActiveExportPower_OBIS,
-	ActiveExportPower,
-	ReactiveImportPower_OBIS,
-	ReactiveImportPower,
-	ReactiveExportPower_OBIS,
-	ReactiveExportPower,
-	MeterClock_OBIS,
-	MeterClock,
-	VoltageL1_OBIS,
-	VoltageL1,
-	VoltageL2_OBIS,
-	VoltageL2,
-	VoltageL3_OBIS,
-	VoltageL3,
-	CurrentL1_OBIS,
-	CurrentL1,
-	CurrentL2_OBIS,
-	CurrentL2,
-	CurrentL3_OBIS,
-	CurrentL3,
-    ActiveImportPowerL1_OBIS,
-    ActiveImportPowerL1,
-    ActiveImportPowerL2_OBIS,
-    ActiveImportPowerL2,
-    ActiveImportPowerL3_OBIS,
-    ActiveImportPowerL3,
-    PowerFactorL1_OBIS,
-    PowerFactorL1,
-    PowerFactorL2_OBIS,
-    PowerFactorL2,
-    PowerFactorL3_OBIS,
-    PowerFactorL3,
-    PowerFactor_OBIS,
-    PowerFactor,
-    ActiveExportPowerL1_OBIS,
-    ActiveExportPowerL1,
-    ActiveExportPowerL2_OBIS,
-    ActiveExportPowerL2,
-    ActiveExportPowerL3_OBIS,
-    ActiveExportPowerL3,
-	CumulativeActiveExportEnergyL1_OBIS,
-	CumulativeActiveExportEnergyL1,
-	CumulativeActiveExportEnergyL2_OBIS,
-	CumulativeActiveExportEnergyL2,
-	CumulativeActiveExportEnergyL3_OBIS,
-	CumulativeActiveExportEnergyL3,
-    CumulativeActiveImportEnergyL1_OBIS,
-    CumulativeActiveImportEnergyL1,
-    CumulativeActiveImportEnergyL2_OBIS,
-    CumulativeActiveImportEnergyL2,
-    CumulativeActiveImportEnergyL3_OBIS,
-    CumulativeActiveImportEnergyL3
-};
-
-#endif

lib/Timezone/library.properties

@@ -7,4 +7,4 @@ paragraph=The primary aim of the Timezone library is to convert Universal Coordi
 category=Timing
 url=https://github.com/JChristensen/Timezone
 architectures=*
-depends=Time
+depends=Time (=1.6.0)

lib/mbedtls/.gitignore

@@ -1,57 +0,0 @@
-# Random seed file created by test scripts and sample programs
-seedfile
-
-# CMake build artifacts:
-CMakeCache.txt
-CMakeFiles
-CTestTestfile.cmake
-cmake_install.cmake
-Testing
-# CMake generates *.dir/ folders for in-tree builds (used by MSVC projects), ignore all of those:
-*.dir/
-# MSVC files generated by CMake:
-/*.sln
-/*.vcxproj
-/*.filters
-
-# Test coverage build artifacts:
-Coverage
-*.gcno
-*.gcda
-
-# generated by scripts/memory.sh
-massif-*
-
-# MSVC build artifacts:
-*.exe
-*.pdb
-*.ilk
-*.lib
-
-# Python build artifacts:
-*.pyc
-
-# CMake generates *.dir/ folders for in-tree builds (used by MSVC projects), ignore all of those:
-*.dir/
-
-# Microsoft CMake extension for Visual Studio Code generates a build directory by default
-/build/
-
-# Visual Studio artifacts
-/visualc/VS2010/.localhistory/
-/visualc/VS2010/.vs/
-/visualc/VS2010/Debug/
-/visualc/VS2010/Release/
-/visualc/VS2010/*.vcxproj.filters
-/visualc/VS2010/*.vcxproj.user
-
-# Generated documentation:
-/apidoc
-
-# Editor navigation files:
-/GPATH
-/GRTAGS
-/GSYMS
-/GTAGS
-/TAGS
-/tags

lib/mbedtls/.globalrc

@@ -1,3 +0,0 @@
-default:\
-    :langmap=c\:.c.h.function:\
-

lib/mbedtls/.pylintrc

@@ -1,72 +0,0 @@
-[BASIC]
-# We're ok with short funtion argument names.
-# [invalid-name]
-argument-rgx=[a-z_][a-z0-9_]*$
-
-# Allow filter and map.
-# [bad-builtin]
-bad-functions=input
-
-# We prefer docstrings, but we don't require them on all functions.
-# Require them only on long functions (for some value of long).
-# [missing-docstring]
-docstring-min-length=10
-
-# Allow longer methods than the default.
-# [invalid-name]
-method-rgx=[a-z_][a-z0-9_]{2,35}$
-
-# Allow module names containing a dash (but no underscore or uppercase letter).
-# They are whole programs, not meant to be included by another module.
-# [invalid-name]
-module-rgx=(([a-z_][a-z0-9_]*)|([A-Z][a-zA-Z0-9]+)|[a-z][-0-9a-z]+)$
-
-# Some functions don't need docstrings.
-# [missing-docstring]
-no-docstring-rgx=(run_)?main$
-
-# We're ok with short local or global variable names.
-# [invalid-name]
-variable-rgx=[a-z_][a-z0-9_]*$
-
-[DESIGN]
-# Allow more than the default 7 attributes.
-# [too-many-instance-attributes]
-max-attributes=15
-
-[FORMAT]
-# Allow longer modules than the default recommended maximum.
-# [too-many-lines]
-max-module-lines=2000
-
-[MESSAGES CONTROL]
-# * locally-disabled, locally-enabled: If we disable or enable a message
-#   locally, it's by design. There's no need to clutter the Pylint output
-#   with this information.
-# * logging-format-interpolation: Pylint warns about things like
-#   ``log.info('...'.format(...))``. It insists on ``log.info('...', ...)``.
-#   This is of minor utility (mainly a performance gain when there are
-#   many messages that use formatting and are below the log level).
-#   Some versions of Pylint (including 1.8, which is the version on
-#   Ubuntu 18.04) only recognize old-style format strings using '%',
-#   and complain about something like ``log.info('{}', foo)`` with
-#   logging-too-many-args (Pylint supports new-style formatting if
-#   declared globally with logging_format_style under [LOGGING] but
-#   this requires Pylint >=2.2).
-# * no-else-return: Allow the perfectly reasonable idiom
-#    if condition1:
-#        return value1
-#    else:
-#        return value2
-# * unnecessary-pass: If we take the trouble of adding a line with "pass",
-#   it's because we think the code is clearer that way.
-disable=locally-disabled,locally-enabled,logging-format-interpolation,no-else-return,unnecessary-pass
-
-[REPORTS]
-# Don't diplay statistics. Just the facts.
-reports=no
-
-[VARIABLES]
-# Allow unused variables if their name starts with an underscore.
-# [unused-argument]
-dummy-variables-rgx=_.*

lib/mbedtls/3rdparty/.gitignore

@@ -1 +0,0 @@
-/Makefile

lib/mbedtls/3rdparty/CMakeLists.txt

@@ -1,11 +0,0 @@
-list (APPEND thirdparty_src)
-list (APPEND thirdparty_lib)
-list (APPEND thirdparty_inc)
-list (APPEND thirdparty_def)
-
-add_subdirectory(everest)
-
-set(thirdparty_src ${thirdparty_src} PARENT_SCOPE)
-set(thirdparty_lib ${thirdparty_lib} PARENT_SCOPE)
-set(thirdparty_inc ${thirdparty_inc} PARENT_SCOPE)
-set(thirdparty_def ${thirdparty_def} PARENT_SCOPE)

lib/mbedtls/3rdparty/Makefile.inc

@@ -1,2 +0,0 @@
-THIRDPARTY_DIR = $(dir $(lastword $(MAKEFILE_LIST)))
-include $(THIRDPARTY_DIR)/everest/Makefile.inc

lib/mbedtls/3rdparty/everest/.gitignore

@@ -1,2 +0,0 @@
-*.o
-Makefile

lib/mbedtls/3rdparty/everest/CMakeLists.txt

@@ -1,31 +0,0 @@
-list (APPEND everest_src)
-list (APPEND everest_inc)
-list (APPEND everest_def)
-
-set(everest_src
-  ${CMAKE_CURRENT_SOURCE_DIR}/library/everest.c
-  ${CMAKE_CURRENT_SOURCE_DIR}/library/x25519.c
-  ${CMAKE_CURRENT_SOURCE_DIR}/library/Hacl_Curve25519_joined.c
-)
-
-list(APPEND everest_inc ${CMAKE_CURRENT_SOURCE_DIR}/include ${CMAKE_CURRENT_SOURCE_DIR}/include/everest ${CMAKE_CURRENT_SOURCE_DIR}/include/everest/kremlib)
-
-execute_process(COMMAND ${MBEDTLS_PYTHON_EXECUTABLE} ${CMAKE_CURRENT_SOURCE_DIR}/../../scripts/config.py -f ${CMAKE_CURRENT_SOURCE_DIR}/../../include/mbedtls/config.h get MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED RESULT_VARIABLE result)
-
-if(${result} EQUAL 0)
-
-  if(INSTALL_MBEDTLS_HEADERS)
-
-    install(DIRECTORY include/everest
-      DESTINATION include
-      FILE_PERMISSIONS OWNER_READ OWNER_WRITE GROUP_READ WORLD_READ
-      DIRECTORY_PERMISSIONS OWNER_READ OWNER_WRITE OWNER_EXECUTE GROUP_READ GROUP_EXECUTE WORLD_READ WORLD_EXECUTE
-      FILES_MATCHING PATTERN "*.h")
-
-  endif(INSTALL_MBEDTLS_HEADERS)
-
-endif()
-
-set(thirdparty_src ${thirdparty_src} ${everest_src} PARENT_SCOPE)
-set(thirdparty_inc ${thirdparty_inc} ${everest_inc} PARENT_SCOPE)
-set(thirdparty_def ${thirdparty_def} ${everest_def} PARENT_SCOPE)

lib/mbedtls/3rdparty/everest/Makefile.inc

@@ -1,6 +0,0 @@
-THIRDPARTY_INCLUDES+=-I../3rdparty/everest/include -I../3rdparty/everest/include/everest -I../3rdparty/everest/include/everest/kremlib
-
-THIRDPARTY_CRYPTO_OBJECTS+= \
-	../3rdparty/everest/library/everest.o \
-	../3rdparty/everest/library/x25519.o \
-	../3rdparty/everest/library/Hacl_Curve25519_joined.o

lib/mbedtls/3rdparty/everest/README.md

@@ -1,5 +0,0 @@
-The files in this directory stem from [Project Everest](https://project-everest.github.io/) and are distributed under the Apache 2.0 license.
-
-This is a formally verified implementation of Curve25519-based handshakes. The C code is automatically derived from the (verified) [original implementation](https://github.com/project-everest/hacl-star/tree/master/code/curve25519) in the [F* language](https://github.com/fstarlang/fstar) by [KreMLin](https://github.com/fstarlang/kremlin). In addition to the improved safety and security of the implementation, it is also significantly faster than the default implementation of Curve25519 in mbedTLS.
-
-The caveat is that not all platforms are supported, although the version in `everest/library/legacy` should work on most systems. The main issue is that some platforms do not provide a 128-bit integer type and KreMLin therefore has to use additional (also verified) code to simulate them, resulting in less of a performance gain overall. Explictly supported platforms are currently `x86` and `x86_64` using gcc or clang, and Visual C (2010 and later).

lib/mbedtls/3rdparty/everest/include/everest/Hacl_Curve25519.h

@@ -1,21 +0,0 @@
-/* Copyright (c) INRIA and Microsoft Corporation. All rights reserved.
-   Licensed under the Apache 2.0 License. */
-
-/* This file was generated by KreMLin <https://github.com/FStarLang/kremlin>
- * KreMLin invocation: /mnt/e/everest/verify/kremlin/krml -fc89 -fparentheses -fno-shadow -header /mnt/e/everest/verify/hdrcLh -minimal -fbuiltin-uint128 -fc89 -fparentheses -fno-shadow -header /mnt/e/everest/verify/hdrcLh -minimal -I /mnt/e/everest/verify/hacl-star/code/lib/kremlin -I /mnt/e/everest/verify/kremlin/kremlib/compat -I /mnt/e/everest/verify/hacl-star/specs -I /mnt/e/everest/verify/hacl-star/specs/old -I . -ccopt -march=native -verbose -ldopt -flto -tmpdir x25519-c -I ../bignum -bundle Hacl.Curve25519=* -minimal -add-include "kremlib.h" -skip-compilation x25519-c/out.krml -o x25519-c/Hacl_Curve25519.c
- * F* version: 059db0c8
- * KreMLin version: 916c37ac
- */
-
-
-
-#ifndef __Hacl_Curve25519_H
-#define __Hacl_Curve25519_H
-
-
-#include "kremlib.h"
-
-void Hacl_Curve25519_crypto_scalarmult(uint8_t *mypublic, uint8_t *secret, uint8_t *basepoint);
-
-#define __Hacl_Curve25519_H_DEFINED
-#endif

lib/mbedtls/3rdparty/everest/include/everest/everest.h

@@ -1,234 +0,0 @@
-/*
- *  Interface to code from Project Everest
- *
- *  Copyright 2016-2018 INRIA and Microsoft Corporation
- *  SPDX-License-Identifier: Apache-2.0
- *
- *  Licensed under the Apache License, Version 2.0 (the "License"); you may
- *  not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- *
- *  This file is part of Mbed TLS (https://tls.mbed.org).
- */
-
-#ifndef MBEDTLS_EVEREST_H
-#define MBEDTLS_EVEREST_H
-
-#include "everest/x25519.h"
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/**
- * Defines the source of the imported EC key.
- */
-typedef enum
-{
-    MBEDTLS_EVEREST_ECDH_OURS,   /**< Our key. */
-    MBEDTLS_EVEREST_ECDH_THEIRS, /**< The key of the peer. */
-} mbedtls_everest_ecdh_side;
-
-typedef struct {
-    mbedtls_x25519_context ctx;
-} mbedtls_ecdh_context_everest;
-
-
-/**
- * \brief           This function sets up the ECDH context with the information
- *                  given.
- *
- *                  This function should be called after mbedtls_ecdh_init() but
- *                  before mbedtls_ecdh_make_params(). There is no need to call
- *                  this function before mbedtls_ecdh_read_params().
- *
- *                  This is the first function used by a TLS server for ECDHE
- *                  ciphersuites.
- *
- * \param ctx       The ECDH context to set up.
- * \param grp_id    The group id of the group to set up the context for.
- *
- * \return          \c 0 on success.
- */
-int mbedtls_everest_setup( mbedtls_ecdh_context_everest *ctx, int grp_id );
-
-/**
- * \brief           This function frees a context.
- *
- * \param ctx       The context to free.
- */
-void mbedtls_everest_free( mbedtls_ecdh_context_everest *ctx );
-
-/**
- * \brief           This function generates a public key and a TLS
- *                  ServerKeyExchange payload.
- *
- *                  This is the second function used by a TLS server for ECDHE
- *                  ciphersuites. (It is called after mbedtls_ecdh_setup().)
- *
- * \note            This function assumes that the ECP group (grp) of the
- *                  \p ctx context has already been properly set,
- *                  for example, using mbedtls_ecp_group_load().
- *
- * \see             ecp.h
- *
- * \param ctx       The ECDH context.
- * \param olen      The number of characters written.
- * \param buf       The destination buffer.
- * \param blen      The length of the destination buffer.
- * \param f_rng     The RNG function.
- * \param p_rng     The RNG context.
- *
- * \return          \c 0 on success.
- * \return          An \c MBEDTLS_ERR_ECP_XXX error code on failure.
- */
-int mbedtls_everest_make_params( mbedtls_ecdh_context_everest *ctx, size_t *olen,
-                                 unsigned char *buf, size_t blen,
-                                 int( *f_rng )( void *, unsigned char *, size_t ),
-                                 void *p_rng );
-
-/**
- * \brief           This function parses and processes a TLS ServerKeyExhange
- *                  payload.
- *
- *                  This is the first function used by a TLS client for ECDHE
- *                  ciphersuites.
- *
- * \see             ecp.h
- *
- * \param ctx       The ECDH context.
- * \param buf       The pointer to the start of the input buffer.
- * \param end       The address for one Byte past the end of the buffer.
- *
- * \return          \c 0 on success.
- * \return          An \c MBEDTLS_ERR_ECP_XXX error code on failure.
- *
- */
-int mbedtls_everest_read_params( mbedtls_ecdh_context_everest *ctx,
-                                 const unsigned char **buf, const unsigned char *end );
-
-/**
- * \brief           This function parses and processes a TLS ServerKeyExhange
- *                  payload.
- *
- *                  This is the first function used by a TLS client for ECDHE
- *                  ciphersuites.
- *
- * \see             ecp.h
- *
- * \param ctx       The ECDH context.
- * \param buf       The pointer to the start of the input buffer.
- * \param end       The address for one Byte past the end of the buffer.
- *
- * \return          \c 0 on success.
- * \return          An \c MBEDTLS_ERR_ECP_XXX error code on failure.
- *
- */
-int mbedtls_everest_read_params( mbedtls_ecdh_context_everest *ctx,
-                                 const unsigned char **buf, const unsigned char *end );
-
-/**
- * \brief           This function sets up an ECDH context from an EC key.
- *
- *                  It is used by clients and servers in place of the
- *                  ServerKeyEchange for static ECDH, and imports ECDH
- *                  parameters from the EC key information of a certificate.
- *
- * \see             ecp.h
- *
- * \param ctx       The ECDH context to set up.
- * \param key       The EC key to use.
- * \param side      Defines the source of the key: 1: Our key, or
- *                  0: The key of the peer.
- *
- * \return          \c 0 on success.
- * \return          An \c MBEDTLS_ERR_ECP_XXX error code on failure.
- *
- */
-int mbedtls_everest_get_params( mbedtls_ecdh_context_everest *ctx, const mbedtls_ecp_keypair *key,
-                                mbedtls_everest_ecdh_side side );
-
-/**
- * \brief           This function generates a public key and a TLS
- *                  ClientKeyExchange payload.
- *
- *                  This is the second function used by a TLS client for ECDH(E)
- *                  ciphersuites.
- *
- * \see             ecp.h
- *
- * \param ctx       The ECDH context.
- * \param olen      The number of Bytes written.
- * \param buf       The destination buffer.
- * \param blen      The size of the destination buffer.
- * \param f_rng     The RNG function.
- * \param p_rng     The RNG context.
- *
- * \return          \c 0 on success.
- * \return          An \c MBEDTLS_ERR_ECP_XXX error code on failure.
- */
-int mbedtls_everest_make_public( mbedtls_ecdh_context_everest *ctx, size_t *olen,
-                                 unsigned char *buf, size_t blen,
-                                 int( *f_rng )( void *, unsigned char *, size_t ),
-                                 void *p_rng );
-
-/**
- * \brief       This function parses and processes a TLS ClientKeyExchange
- *              payload.
- *
- *              This is the third function used by a TLS server for ECDH(E)
- *              ciphersuites. (It is called after mbedtls_ecdh_setup() and
- *              mbedtls_ecdh_make_params().)
- *
- * \see         ecp.h
- *
- * \param ctx   The ECDH context.
- * \param buf   The start of the input buffer.
- * \param blen  The length of the input buffer.
- *
- * \return      \c 0 on success.
- * \return      An \c MBEDTLS_ERR_ECP_XXX error code on failure.
- */
-int mbedtls_everest_read_public( mbedtls_ecdh_context_everest *ctx,
-                                 const unsigned char *buf, size_t blen );
-
-/**
- * \brief           This function derives and exports the shared secret.
- *
- *                  This is the last function used by both TLS client
- *                  and servers.
- *
- * \note            If \p f_rng is not NULL, it is used to implement
- *                  countermeasures against side-channel attacks.
- *                  For more information, see mbedtls_ecp_mul().
- *
- * \see             ecp.h
- *
- * \param ctx       The ECDH context.
- * \param olen      The number of Bytes written.
- * \param buf       The destination buffer.
- * \param blen      The length of the destination buffer.
- * \param f_rng     The RNG function.
- * \param p_rng     The RNG context.
- *
- * \return          \c 0 on success.
- * \return          An \c MBEDTLS_ERR_ECP_XXX error code on failure.
- */
-int mbedtls_everest_calc_secret( mbedtls_ecdh_context_everest *ctx, size_t *olen,
-                                 unsigned char *buf, size_t blen,
-                                 int( *f_rng )( void *, unsigned char *, size_t ),
-                                 void *p_rng );
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* MBEDTLS_EVEREST_H */

lib/mbedtls/3rdparty/everest/include/everest/kremlib.h

@@ -1,29 +0,0 @@
-/*
- *  Copyright 2016-2018 INRIA and Microsoft Corporation
- *
- *  SPDX-License-Identifier: Apache-2.0
- *
- *  Licensed under the Apache License, Version 2.0 (the "License"); you may
- *  not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- *
- *  This file is part of Mbed TLS (https://tls.mbed.org) and
- *  originated from Project Everest (https://project-everest.github.io/)
- */
-
-#ifndef __KREMLIB_H
-#define __KREMLIB_H
-
-#include "kremlin/internal/target.h"
-#include "kremlin/internal/types.h"
-#include "kremlin/c_endianness.h"
-
-#endif     /* __KREMLIB_H */

lib/mbedtls/3rdparty/everest/include/everest/kremlib/FStar_UInt128.h

@@ -1,124 +0,0 @@
-/* Copyright (c) INRIA and Microsoft Corporation. All rights reserved.
-   Licensed under the Apache 2.0 License. */
-
-/* This file was generated by KreMLin <https://github.com/FStarLang/kremlin>
- * KreMLin invocation: ../krml -fc89 -fparentheses -fno-shadow -header /mnt/e/everest/verify/hdrB9w -minimal -fparentheses -fcurly-braces -fno-shadow -header copyright-header.txt -minimal -tmpdir dist/uint128 -skip-compilation -extract-uints -add-include <inttypes.h> -add-include <stdbool.h> -add-include "kremlin/internal/types.h" -bundle FStar.UInt128=* extracted/prims.krml extracted/FStar_Pervasives_Native.krml extracted/FStar_Pervasives.krml extracted/FStar_Mul.krml extracted/FStar_Squash.krml extracted/FStar_Classical.krml extracted/FStar_StrongExcludedMiddle.krml extracted/FStar_FunctionalExtensionality.krml extracted/FStar_List_Tot_Base.krml extracted/FStar_List_Tot_Properties.krml extracted/FStar_List_Tot.krml extracted/FStar_Seq_Base.krml extracted/FStar_Seq_Properties.krml extracted/FStar_Seq.krml extracted/FStar_Math_Lib.krml extracted/FStar_Math_Lemmas.krml extracted/FStar_BitVector.krml extracted/FStar_UInt.krml extracted/FStar_UInt32.krml extracted/FStar_Int.krml extracted/FStar_Int16.krml extracted/FStar_Preorder.krml extracted/FStar_Ghost.krml extracted/FStar_ErasedLogic.krml extracted/FStar_UInt64.krml extracted/FStar_Set.krml extracted/FStar_PropositionalExtensionality.krml extracted/FStar_PredicateExtensionality.krml extracted/FStar_TSet.krml extracted/FStar_Monotonic_Heap.krml extracted/FStar_Heap.krml extracted/FStar_Map.krml extracted/FStar_Monotonic_HyperHeap.krml extracted/FStar_Monotonic_HyperStack.krml extracted/FStar_HyperStack.krml extracted/FStar_Monotonic_Witnessed.krml extracted/FStar_HyperStack_ST.krml extracted/FStar_HyperStack_All.krml extracted/FStar_Date.krml extracted/FStar_Universe.krml extracted/FStar_GSet.krml extracted/FStar_ModifiesGen.krml extracted/LowStar_Monotonic_Buffer.krml extracted/LowStar_Buffer.krml extracted/Spec_Loops.krml extracted/LowStar_BufferOps.krml extracted/C_Loops.krml extracted/FStar_UInt8.krml extracted/FStar_Kremlin_Endianness.krml extracted/FStar_UInt63.krml extracted/FStar_Exn.krml extracted/FStar_ST.krml extracted/FStar_All.krml extracted/FStar_Dyn.krml extracted/FStar_Int63.krml extracted/FStar_Int64.krml extracted/FStar_Int32.krml extracted/FStar_Int8.krml extracted/FStar_UInt16.krml extracted/FStar_Int_Cast.krml extracted/FStar_UInt128.krml extracted/C_Endianness.krml extracted/FStar_List.krml extracted/FStar_Float.krml extracted/FStar_IO.krml extracted/C.krml extracted/FStar_Char.krml extracted/FStar_String.krml extracted/LowStar_Modifies.krml extracted/C_String.krml extracted/FStar_Bytes.krml extracted/FStar_HyperStack_IO.krml extracted/C_Failure.krml extracted/TestLib.krml extracted/FStar_Int_Cast_Full.krml
- * F* version: 059db0c8
- * KreMLin version: 916c37ac
- */
-
-
-
-#ifndef __FStar_UInt128_H
-#define __FStar_UInt128_H
-
-
-#include <inttypes.h>
-#include <stdbool.h>
-#include "kremlin/internal/types.h"
-
-uint64_t FStar_UInt128___proj__Mkuint128__item__low(FStar_UInt128_uint128 projectee);
-
-uint64_t FStar_UInt128___proj__Mkuint128__item__high(FStar_UInt128_uint128 projectee);
-
-typedef FStar_UInt128_uint128 FStar_UInt128_t;
-
-FStar_UInt128_uint128 FStar_UInt128_add(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b);
-
-FStar_UInt128_uint128
-FStar_UInt128_add_underspec(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b);
-
-FStar_UInt128_uint128 FStar_UInt128_add_mod(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b);
-
-FStar_UInt128_uint128 FStar_UInt128_sub(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b);
-
-FStar_UInt128_uint128
-FStar_UInt128_sub_underspec(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b);
-
-FStar_UInt128_uint128 FStar_UInt128_sub_mod(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b);
-
-FStar_UInt128_uint128 FStar_UInt128_logand(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b);
-
-FStar_UInt128_uint128 FStar_UInt128_logxor(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b);
-
-FStar_UInt128_uint128 FStar_UInt128_logor(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b);
-
-FStar_UInt128_uint128 FStar_UInt128_lognot(FStar_UInt128_uint128 a);
-
-FStar_UInt128_uint128 FStar_UInt128_shift_left(FStar_UInt128_uint128 a, uint32_t s);
-
-FStar_UInt128_uint128 FStar_UInt128_shift_right(FStar_UInt128_uint128 a, uint32_t s);
-
-bool FStar_UInt128_eq(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b);
-
-bool FStar_UInt128_gt(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b);
-
-bool FStar_UInt128_lt(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b);
-
-bool FStar_UInt128_gte(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b);
-
-bool FStar_UInt128_lte(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b);
-
-FStar_UInt128_uint128 FStar_UInt128_eq_mask(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b);
-
-FStar_UInt128_uint128 FStar_UInt128_gte_mask(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b);
-
-FStar_UInt128_uint128 FStar_UInt128_uint64_to_uint128(uint64_t a);
-
-uint64_t FStar_UInt128_uint128_to_uint64(FStar_UInt128_uint128 a);
-
-extern FStar_UInt128_uint128
-(*FStar_UInt128_op_Plus_Hat)(FStar_UInt128_uint128 x0, FStar_UInt128_uint128 x1);
-
-extern FStar_UInt128_uint128
-(*FStar_UInt128_op_Plus_Question_Hat)(FStar_UInt128_uint128 x0, FStar_UInt128_uint128 x1);
-
-extern FStar_UInt128_uint128
-(*FStar_UInt128_op_Plus_Percent_Hat)(FStar_UInt128_uint128 x0, FStar_UInt128_uint128 x1);
-
-extern FStar_UInt128_uint128
-(*FStar_UInt128_op_Subtraction_Hat)(FStar_UInt128_uint128 x0, FStar_UInt128_uint128 x1);
-
-extern FStar_UInt128_uint128
-(*FStar_UInt128_op_Subtraction_Question_Hat)(
-  FStar_UInt128_uint128 x0,
-  FStar_UInt128_uint128 x1
-);
-
-extern FStar_UInt128_uint128
-(*FStar_UInt128_op_Subtraction_Percent_Hat)(FStar_UInt128_uint128 x0, FStar_UInt128_uint128 x1);
-
-extern FStar_UInt128_uint128
-(*FStar_UInt128_op_Amp_Hat)(FStar_UInt128_uint128 x0, FStar_UInt128_uint128 x1);
-
-extern FStar_UInt128_uint128
-(*FStar_UInt128_op_Hat_Hat)(FStar_UInt128_uint128 x0, FStar_UInt128_uint128 x1);
-
-extern FStar_UInt128_uint128
-(*FStar_UInt128_op_Bar_Hat)(FStar_UInt128_uint128 x0, FStar_UInt128_uint128 x1);
-
-extern FStar_UInt128_uint128
-(*FStar_UInt128_op_Less_Less_Hat)(FStar_UInt128_uint128 x0, uint32_t x1);
-
-extern FStar_UInt128_uint128
-(*FStar_UInt128_op_Greater_Greater_Hat)(FStar_UInt128_uint128 x0, uint32_t x1);
-
-extern bool (*FStar_UInt128_op_Equals_Hat)(FStar_UInt128_uint128 x0, FStar_UInt128_uint128 x1);
-
-extern bool
-(*FStar_UInt128_op_Greater_Hat)(FStar_UInt128_uint128 x0, FStar_UInt128_uint128 x1);
-
-extern bool (*FStar_UInt128_op_Less_Hat)(FStar_UInt128_uint128 x0, FStar_UInt128_uint128 x1);
-
-extern bool
-(*FStar_UInt128_op_Greater_Equals_Hat)(FStar_UInt128_uint128 x0, FStar_UInt128_uint128 x1);
-
-extern bool
-(*FStar_UInt128_op_Less_Equals_Hat)(FStar_UInt128_uint128 x0, FStar_UInt128_uint128 x1);
-
-FStar_UInt128_uint128 FStar_UInt128_mul32(uint64_t x, uint32_t y);
-
-FStar_UInt128_uint128 FStar_UInt128_mul_wide(uint64_t x, uint64_t y);
-
-#define __FStar_UInt128_H_DEFINED
-#endif

lib/mbedtls/3rdparty/everest/include/everest/kremlib/FStar_UInt64_FStar_UInt32_FStar_UInt16_FStar_UInt8.h

@@ -1,280 +0,0 @@
-/* Copyright (c) INRIA and Microsoft Corporation. All rights reserved.
-   Licensed under the Apache 2.0 License. */
-
-/* This file was generated by KreMLin <https://github.com/FStarLang/kremlin>
- * KreMLin invocation: ../krml -fc89 -fparentheses -fno-shadow -header /mnt/e/everest/verify/hdrB9w -minimal -fparentheses -fcurly-braces -fno-shadow -header copyright-header.txt -minimal -tmpdir dist/minimal -skip-compilation -extract-uints -add-include <inttypes.h> -add-include <stdbool.h> -add-include "kremlin/internal/compat.h" -add-include "kremlin/internal/types.h" -bundle FStar.UInt64+FStar.UInt32+FStar.UInt16+FStar.UInt8=* extracted/prims.krml extracted/FStar_Pervasives_Native.krml extracted/FStar_Pervasives.krml extracted/FStar_Mul.krml extracted/FStar_Squash.krml extracted/FStar_Classical.krml extracted/FStar_StrongExcludedMiddle.krml extracted/FStar_FunctionalExtensionality.krml extracted/FStar_List_Tot_Base.krml extracted/FStar_List_Tot_Properties.krml extracted/FStar_List_Tot.krml extracted/FStar_Seq_Base.krml extracted/FStar_Seq_Properties.krml extracted/FStar_Seq.krml extracted/FStar_Math_Lib.krml extracted/FStar_Math_Lemmas.krml extracted/FStar_BitVector.krml extracted/FStar_UInt.krml extracted/FStar_UInt32.krml extracted/FStar_Int.krml extracted/FStar_Int16.krml extracted/FStar_Preorder.krml extracted/FStar_Ghost.krml extracted/FStar_ErasedLogic.krml extracted/FStar_UInt64.krml extracted/FStar_Set.krml extracted/FStar_PropositionalExtensionality.krml extracted/FStar_PredicateExtensionality.krml extracted/FStar_TSet.krml extracted/FStar_Monotonic_Heap.krml extracted/FStar_Heap.krml extracted/FStar_Map.krml extracted/FStar_Monotonic_HyperHeap.krml extracted/FStar_Monotonic_HyperStack.krml extracted/FStar_HyperStack.krml extracted/FStar_Monotonic_Witnessed.krml extracted/FStar_HyperStack_ST.krml extracted/FStar_HyperStack_All.krml extracted/FStar_Date.krml extracted/FStar_Universe.krml extracted/FStar_GSet.krml extracted/FStar_ModifiesGen.krml extracted/LowStar_Monotonic_Buffer.krml extracted/LowStar_Buffer.krml extracted/Spec_Loops.krml extracted/LowStar_BufferOps.krml extracted/C_Loops.krml extracted/FStar_UInt8.krml extracted/FStar_Kremlin_Endianness.krml extracted/FStar_UInt63.krml extracted/FStar_Exn.krml extracted/FStar_ST.krml extracted/FStar_All.krml extracted/FStar_Dyn.krml extracted/FStar_Int63.krml extracted/FStar_Int64.krml extracted/FStar_Int32.krml extracted/FStar_Int8.krml extracted/FStar_UInt16.krml extracted/FStar_Int_Cast.krml extracted/FStar_UInt128.krml extracted/C_Endianness.krml extracted/FStar_List.krml extracted/FStar_Float.krml extracted/FStar_IO.krml extracted/C.krml extracted/FStar_Char.krml extracted/FStar_String.krml extracted/LowStar_Modifies.krml extracted/C_String.krml extracted/FStar_Bytes.krml extracted/FStar_HyperStack_IO.krml extracted/C_Failure.krml extracted/TestLib.krml extracted/FStar_Int_Cast_Full.krml
- * F* version: 059db0c8
- * KreMLin version: 916c37ac
- */
-
-
-
-#ifndef __FStar_UInt64_FStar_UInt32_FStar_UInt16_FStar_UInt8_H
-#define __FStar_UInt64_FStar_UInt32_FStar_UInt16_FStar_UInt8_H
-
-
-#include <inttypes.h>
-#include <stdbool.h>
-#include "kremlin/internal/compat.h"
-#include "kremlin/internal/types.h"
-
-extern Prims_int FStar_UInt64_n;
-
-extern Prims_int FStar_UInt64_v(uint64_t x0);
-
-extern uint64_t FStar_UInt64_uint_to_t(Prims_int x0);
-
-extern uint64_t FStar_UInt64_add(uint64_t x0, uint64_t x1);
-
-extern uint64_t FStar_UInt64_add_underspec(uint64_t x0, uint64_t x1);
-
-extern uint64_t FStar_UInt64_add_mod(uint64_t x0, uint64_t x1);
-
-extern uint64_t FStar_UInt64_sub(uint64_t x0, uint64_t x1);
-
-extern uint64_t FStar_UInt64_sub_underspec(uint64_t x0, uint64_t x1);
-
-extern uint64_t FStar_UInt64_sub_mod(uint64_t x0, uint64_t x1);
-
-extern uint64_t FStar_UInt64_mul(uint64_t x0, uint64_t x1);
-
-extern uint64_t FStar_UInt64_mul_underspec(uint64_t x0, uint64_t x1);
-
-extern uint64_t FStar_UInt64_mul_mod(uint64_t x0, uint64_t x1);
-
-extern uint64_t FStar_UInt64_mul_div(uint64_t x0, uint64_t x1);
-
-extern uint64_t FStar_UInt64_div(uint64_t x0, uint64_t x1);
-
-extern uint64_t FStar_UInt64_rem(uint64_t x0, uint64_t x1);
-
-extern uint64_t FStar_UInt64_logand(uint64_t x0, uint64_t x1);
-
-extern uint64_t FStar_UInt64_logxor(uint64_t x0, uint64_t x1);
-
-extern uint64_t FStar_UInt64_logor(uint64_t x0, uint64_t x1);
-
-extern uint64_t FStar_UInt64_lognot(uint64_t x0);
-
-extern uint64_t FStar_UInt64_shift_right(uint64_t x0, uint32_t x1);
-
-extern uint64_t FStar_UInt64_shift_left(uint64_t x0, uint32_t x1);
-
-extern bool FStar_UInt64_eq(uint64_t x0, uint64_t x1);
-
-extern bool FStar_UInt64_gt(uint64_t x0, uint64_t x1);
-
-extern bool FStar_UInt64_gte(uint64_t x0, uint64_t x1);
-
-extern bool FStar_UInt64_lt(uint64_t x0, uint64_t x1);
-
-extern bool FStar_UInt64_lte(uint64_t x0, uint64_t x1);
-
-extern uint64_t FStar_UInt64_minus(uint64_t x0);
-
-extern uint32_t FStar_UInt64_n_minus_one;
-
-uint64_t FStar_UInt64_eq_mask(uint64_t a, uint64_t b);
-
-uint64_t FStar_UInt64_gte_mask(uint64_t a, uint64_t b);
-
-extern Prims_string FStar_UInt64_to_string(uint64_t x0);
-
-extern uint64_t FStar_UInt64_of_string(Prims_string x0);
-
-extern Prims_int FStar_UInt32_n;
-
-extern Prims_int FStar_UInt32_v(uint32_t x0);
-
-extern uint32_t FStar_UInt32_uint_to_t(Prims_int x0);
-
-extern uint32_t FStar_UInt32_add(uint32_t x0, uint32_t x1);
-
-extern uint32_t FStar_UInt32_add_underspec(uint32_t x0, uint32_t x1);
-
-extern uint32_t FStar_UInt32_add_mod(uint32_t x0, uint32_t x1);
-
-extern uint32_t FStar_UInt32_sub(uint32_t x0, uint32_t x1);
-
-extern uint32_t FStar_UInt32_sub_underspec(uint32_t x0, uint32_t x1);
-
-extern uint32_t FStar_UInt32_sub_mod(uint32_t x0, uint32_t x1);
-
-extern uint32_t FStar_UInt32_mul(uint32_t x0, uint32_t x1);
-
-extern uint32_t FStar_UInt32_mul_underspec(uint32_t x0, uint32_t x1);
-
-extern uint32_t FStar_UInt32_mul_mod(uint32_t x0, uint32_t x1);
-
-extern uint32_t FStar_UInt32_mul_div(uint32_t x0, uint32_t x1);
-
-extern uint32_t FStar_UInt32_div(uint32_t x0, uint32_t x1);
-
-extern uint32_t FStar_UInt32_rem(uint32_t x0, uint32_t x1);
-
-extern uint32_t FStar_UInt32_logand(uint32_t x0, uint32_t x1);
-
-extern uint32_t FStar_UInt32_logxor(uint32_t x0, uint32_t x1);
-
-extern uint32_t FStar_UInt32_logor(uint32_t x0, uint32_t x1);
-
-extern uint32_t FStar_UInt32_lognot(uint32_t x0);
-
-extern uint32_t FStar_UInt32_shift_right(uint32_t x0, uint32_t x1);
-
-extern uint32_t FStar_UInt32_shift_left(uint32_t x0, uint32_t x1);
-
-extern bool FStar_UInt32_eq(uint32_t x0, uint32_t x1);
-
-extern bool FStar_UInt32_gt(uint32_t x0, uint32_t x1);
-
-extern bool FStar_UInt32_gte(uint32_t x0, uint32_t x1);
-
-extern bool FStar_UInt32_lt(uint32_t x0, uint32_t x1);
-
-extern bool FStar_UInt32_lte(uint32_t x0, uint32_t x1);
-
-extern uint32_t FStar_UInt32_minus(uint32_t x0);
-
-extern uint32_t FStar_UInt32_n_minus_one;
-
-uint32_t FStar_UInt32_eq_mask(uint32_t a, uint32_t b);
-
-uint32_t FStar_UInt32_gte_mask(uint32_t a, uint32_t b);
-
-extern Prims_string FStar_UInt32_to_string(uint32_t x0);
-
-extern uint32_t FStar_UInt32_of_string(Prims_string x0);
-
-extern Prims_int FStar_UInt16_n;
-
-extern Prims_int FStar_UInt16_v(uint16_t x0);
-
-extern uint16_t FStar_UInt16_uint_to_t(Prims_int x0);
-
-extern uint16_t FStar_UInt16_add(uint16_t x0, uint16_t x1);
-
-extern uint16_t FStar_UInt16_add_underspec(uint16_t x0, uint16_t x1);
-
-extern uint16_t FStar_UInt16_add_mod(uint16_t x0, uint16_t x1);
-
-extern uint16_t FStar_UInt16_sub(uint16_t x0, uint16_t x1);
-
-extern uint16_t FStar_UInt16_sub_underspec(uint16_t x0, uint16_t x1);
-
-extern uint16_t FStar_UInt16_sub_mod(uint16_t x0, uint16_t x1);
-
-extern uint16_t FStar_UInt16_mul(uint16_t x0, uint16_t x1);
-
-extern uint16_t FStar_UInt16_mul_underspec(uint16_t x0, uint16_t x1);
-
-extern uint16_t FStar_UInt16_mul_mod(uint16_t x0, uint16_t x1);
-
-extern uint16_t FStar_UInt16_mul_div(uint16_t x0, uint16_t x1);
-
-extern uint16_t FStar_UInt16_div(uint16_t x0, uint16_t x1);
-
-extern uint16_t FStar_UInt16_rem(uint16_t x0, uint16_t x1);
-
-extern uint16_t FStar_UInt16_logand(uint16_t x0, uint16_t x1);
-
-extern uint16_t FStar_UInt16_logxor(uint16_t x0, uint16_t x1);
-
-extern uint16_t FStar_UInt16_logor(uint16_t x0, uint16_t x1);
-
-extern uint16_t FStar_UInt16_lognot(uint16_t x0);
-
-extern uint16_t FStar_UInt16_shift_right(uint16_t x0, uint32_t x1);
-
-extern uint16_t FStar_UInt16_shift_left(uint16_t x0, uint32_t x1);
-
-extern bool FStar_UInt16_eq(uint16_t x0, uint16_t x1);
-
-extern bool FStar_UInt16_gt(uint16_t x0, uint16_t x1);
-
-extern bool FStar_UInt16_gte(uint16_t x0, uint16_t x1);
-
-extern bool FStar_UInt16_lt(uint16_t x0, uint16_t x1);
-
-extern bool FStar_UInt16_lte(uint16_t x0, uint16_t x1);
-
-extern uint16_t FStar_UInt16_minus(uint16_t x0);
-
-extern uint32_t FStar_UInt16_n_minus_one;
-
-uint16_t FStar_UInt16_eq_mask(uint16_t a, uint16_t b);
-
-uint16_t FStar_UInt16_gte_mask(uint16_t a, uint16_t b);
-
-extern Prims_string FStar_UInt16_to_string(uint16_t x0);
-
-extern uint16_t FStar_UInt16_of_string(Prims_string x0);
-
-extern Prims_int FStar_UInt8_n;
-
-extern Prims_int FStar_UInt8_v(uint8_t x0);
-
-extern uint8_t FStar_UInt8_uint_to_t(Prims_int x0);
-
-extern uint8_t FStar_UInt8_add(uint8_t x0, uint8_t x1);
-
-extern uint8_t FStar_UInt8_add_underspec(uint8_t x0, uint8_t x1);
-
-extern uint8_t FStar_UInt8_add_mod(uint8_t x0, uint8_t x1);
-
-extern uint8_t FStar_UInt8_sub(uint8_t x0, uint8_t x1);
-
-extern uint8_t FStar_UInt8_sub_underspec(uint8_t x0, uint8_t x1);
-
-extern uint8_t FStar_UInt8_sub_mod(uint8_t x0, uint8_t x1);
-
-extern uint8_t FStar_UInt8_mul(uint8_t x0, uint8_t x1);
-
-extern uint8_t FStar_UInt8_mul_underspec(uint8_t x0, uint8_t x1);
-
-extern uint8_t FStar_UInt8_mul_mod(uint8_t x0, uint8_t x1);
-
-extern uint8_t FStar_UInt8_mul_div(uint8_t x0, uint8_t x1);
-
-extern uint8_t FStar_UInt8_div(uint8_t x0, uint8_t x1);
-
-extern uint8_t FStar_UInt8_rem(uint8_t x0, uint8_t x1);
-
-extern uint8_t FStar_UInt8_logand(uint8_t x0, uint8_t x1);
-
-extern uint8_t FStar_UInt8_logxor(uint8_t x0, uint8_t x1);
-
-extern uint8_t FStar_UInt8_logor(uint8_t x0, uint8_t x1);
-
-extern uint8_t FStar_UInt8_lognot(uint8_t x0);
-
-extern uint8_t FStar_UInt8_shift_right(uint8_t x0, uint32_t x1);
-
-extern uint8_t FStar_UInt8_shift_left(uint8_t x0, uint32_t x1);
-
-extern bool FStar_UInt8_eq(uint8_t x0, uint8_t x1);
-
-extern bool FStar_UInt8_gt(uint8_t x0, uint8_t x1);
-
-extern bool FStar_UInt8_gte(uint8_t x0, uint8_t x1);
-
-extern bool FStar_UInt8_lt(uint8_t x0, uint8_t x1);
-
-extern bool FStar_UInt8_lte(uint8_t x0, uint8_t x1);
-
-extern uint8_t FStar_UInt8_minus(uint8_t x0);
-
-extern uint32_t FStar_UInt8_n_minus_one;
-
-uint8_t FStar_UInt8_eq_mask(uint8_t a, uint8_t b);
-
-uint8_t FStar_UInt8_gte_mask(uint8_t a, uint8_t b);
-
-extern Prims_string FStar_UInt8_to_string(uint8_t x0);
-
-extern uint8_t FStar_UInt8_of_string(Prims_string x0);
-
-typedef uint8_t FStar_UInt8_byte;
-
-#define __FStar_UInt64_FStar_UInt32_FStar_UInt16_FStar_UInt8_H_DEFINED
-#endif

lib/mbedtls/3rdparty/everest/include/everest/kremlin/c_endianness.h

@@ -1,204 +0,0 @@
-/* Copyright (c) INRIA and Microsoft Corporation. All rights reserved.
-   Licensed under the Apache 2.0 License. */
-
-#ifndef __KREMLIN_ENDIAN_H
-#define __KREMLIN_ENDIAN_H
-
-#include <string.h>
-#include <inttypes.h>
-
-/******************************************************************************/
-/* Implementing C.fst (part 2: endian-ness macros)                            */
-/******************************************************************************/
-
-/* ... for Linux */
-#if defined(__linux__) || defined(__CYGWIN__)
-#  include <endian.h>
-
-/* ... for OSX */
-#elif defined(__APPLE__)
-#  include <libkern/OSByteOrder.h>
-#  define htole64(x) OSSwapHostToLittleInt64(x)
-#  define le64toh(x) OSSwapLittleToHostInt64(x)
-#  define htobe64(x) OSSwapHostToBigInt64(x)
-#  define be64toh(x) OSSwapBigToHostInt64(x)
-
-#  define htole16(x) OSSwapHostToLittleInt16(x)
-#  define le16toh(x) OSSwapLittleToHostInt16(x)
-#  define htobe16(x) OSSwapHostToBigInt16(x)
-#  define be16toh(x) OSSwapBigToHostInt16(x)
-
-#  define htole32(x) OSSwapHostToLittleInt32(x)
-#  define le32toh(x) OSSwapLittleToHostInt32(x)
-#  define htobe32(x) OSSwapHostToBigInt32(x)
-#  define be32toh(x) OSSwapBigToHostInt32(x)
-
-/* ... for Solaris */
-#elif defined(__sun__)
-#  include <sys/byteorder.h>
-#  define htole64(x) LE_64(x)
-#  define le64toh(x) LE_64(x)
-#  define htobe64(x) BE_64(x)
-#  define be64toh(x) BE_64(x)
-
-#  define htole16(x) LE_16(x)
-#  define le16toh(x) LE_16(x)
-#  define htobe16(x) BE_16(x)
-#  define be16toh(x) BE_16(x)
-
-#  define htole32(x) LE_32(x)
-#  define le32toh(x) LE_32(x)
-#  define htobe32(x) BE_32(x)
-#  define be32toh(x) BE_32(x)
-
-/* ... for the BSDs */
-#elif defined(__FreeBSD__) || defined(__NetBSD__) || defined(__DragonFly__)
-#  include <sys/endian.h>
-#elif defined(__OpenBSD__)
-#  include <endian.h>
-
-/* ... for Windows (MSVC)... not targeting XBOX 360! */
-#elif defined(_MSC_VER)
-
-#  include <stdlib.h>
-#  define htobe16(x) _byteswap_ushort(x)
-#  define htole16(x) (x)
-#  define be16toh(x) _byteswap_ushort(x)
-#  define le16toh(x) (x)
-
-#  define htobe32(x) _byteswap_ulong(x)
-#  define htole32(x) (x)
-#  define be32toh(x) _byteswap_ulong(x)
-#  define le32toh(x) (x)
-
-#  define htobe64(x) _byteswap_uint64(x)
-#  define htole64(x) (x)
-#  define be64toh(x) _byteswap_uint64(x)
-#  define le64toh(x) (x)
-
-/* ... for Windows (GCC-like, e.g. mingw or clang) */
-#elif (defined(_WIN32) || defined(_WIN64)) &&                                  \
-    (defined(__GNUC__) || defined(__clang__))
-
-#  define htobe16(x) __builtin_bswap16(x)
-#  define htole16(x) (x)
-#  define be16toh(x) __builtin_bswap16(x)
-#  define le16toh(x) (x)
-
-#  define htobe32(x) __builtin_bswap32(x)
-#  define htole32(x) (x)
-#  define be32toh(x) __builtin_bswap32(x)
-#  define le32toh(x) (x)
-
-#  define htobe64(x) __builtin_bswap64(x)
-#  define htole64(x) (x)
-#  define be64toh(x) __builtin_bswap64(x)
-#  define le64toh(x) (x)
-
-/* ... generic big-endian fallback code */
-#elif defined(__BYTE_ORDER__) && __BYTE_ORDER__ == __ORDER_BIG_ENDIAN__
-
-/* byte swapping code inspired by:
- * https://github.com/rweather/arduinolibs/blob/master/libraries/Crypto/utility/EndianUtil.h
- * */
-
-#  define htobe32(x) (x)
-#  define be32toh(x) (x)
-#  define htole32(x)                                                           \
-    (__extension__({                                                           \
-      uint32_t _temp = (x);                                                    \
-      ((_temp >> 24) & 0x000000FF) | ((_temp >> 8) & 0x0000FF00) |             \
-          ((_temp << 8) & 0x00FF0000) | ((_temp << 24) & 0xFF000000);          \
-    }))
-#  define le32toh(x) (htole32((x)))
-
-#  define htobe64(x) (x)
-#  define be64toh(x) (x)
-#  define htole64(x)                                                           \
-    (__extension__({                                                           \
-      uint64_t __temp = (x);                                                   \
-      uint32_t __low = htobe32((uint32_t)__temp);                              \
-      uint32_t __high = htobe32((uint32_t)(__temp >> 32));                     \
-      (((uint64_t)__low) << 32) | __high;                                      \
-    }))
-#  define le64toh(x) (htole64((x)))
-
-/* ... generic little-endian fallback code */
-#elif defined(__BYTE_ORDER__) && __BYTE_ORDER__ == __ORDER_LITTLE_ENDIAN__
-
-#  define htole32(x) (x)
-#  define le32toh(x) (x)
-#  define htobe32(x)                                                           \
-    (__extension__({                                                           \
-      uint32_t _temp = (x);                                                    \
-      ((_temp >> 24) & 0x000000FF) | ((_temp >> 8) & 0x0000FF00) |             \
-          ((_temp << 8) & 0x00FF0000) | ((_temp << 24) & 0xFF000000);          \
-    }))
-#  define be32toh(x) (htobe32((x)))
-
-#  define htole64(x) (x)
-#  define le64toh(x) (x)
-#  define htobe64(x)                                                           \
-    (__extension__({                                                           \
-      uint64_t __temp = (x);                                                   \
-      uint32_t __low = htobe32((uint32_t)__temp);                              \
-      uint32_t __high = htobe32((uint32_t)(__temp >> 32));                     \
-      (((uint64_t)__low) << 32) | __high;                                      \
-    }))
-#  define be64toh(x) (htobe64((x)))
-
-/* ... couldn't determine endian-ness of the target platform */
-#else
-#  error "Please define __BYTE_ORDER__!"
-
-#endif /* defined(__linux__) || ... */
-
-/* Loads and stores. These avoid undefined behavior due to unaligned memory
- * accesses, via memcpy. */
-
-inline static uint16_t load16(uint8_t *b) {
-  uint16_t x;
-  memcpy(&x, b, 2);
-  return x;
-}
-
-inline static uint32_t load32(uint8_t *b) {
-  uint32_t x;
-  memcpy(&x, b, 4);
-  return x;
-}
-
-inline static uint64_t load64(uint8_t *b) {
-  uint64_t x;
-  memcpy(&x, b, 8);
-  return x;
-}
-
-inline static void store16(uint8_t *b, uint16_t i) {
-  memcpy(b, &i, 2);
-}
-
-inline static void store32(uint8_t *b, uint32_t i) {
-  memcpy(b, &i, 4);
-}
-
-inline static void store64(uint8_t *b, uint64_t i) {
-  memcpy(b, &i, 8);
-}
-
-#define load16_le(b) (le16toh(load16(b)))
-#define store16_le(b, i) (store16(b, htole16(i)))
-#define load16_be(b) (be16toh(load16(b)))
-#define store16_be(b, i) (store16(b, htobe16(i)))
-
-#define load32_le(b) (le32toh(load32(b)))
-#define store32_le(b, i) (store32(b, htole32(i)))
-#define load32_be(b) (be32toh(load32(b)))
-#define store32_be(b, i) (store32(b, htobe32(i)))
-
-#define load64_le(b) (le64toh(load64(b)))
-#define store64_le(b, i) (store64(b, htole64(i)))
-#define load64_be(b) (be64toh(load64(b)))
-#define store64_be(b, i) (store64(b, htobe64(i)))
-
-#endif

lib/mbedtls/3rdparty/everest/include/everest/kremlin/internal/builtin.h

@@ -1,16 +0,0 @@
-/* Copyright (c) INRIA and Microsoft Corporation. All rights reserved.
-   Licensed under the Apache 2.0 License. */
-
-#ifndef __KREMLIN_BUILTIN_H
-#define __KREMLIN_BUILTIN_H
-
-/* For alloca, when using KreMLin's -falloca */
-#if (defined(_WIN32) || defined(_WIN64))
-#  include <malloc.h>
-#endif
-
-/* If some globals need to be initialized before the main, then kremlin will
- * generate and try to link last a function with this type: */
-void kremlinit_globals(void);
-
-#endif

lib/mbedtls/3rdparty/everest/include/everest/kremlin/internal/callconv.h

@@ -1,46 +0,0 @@
-/* Copyright (c) INRIA and Microsoft Corporation. All rights reserved.
-   Licensed under the Apache 2.0 License. */
-
-#ifndef __KREMLIN_CALLCONV_H
-#define __KREMLIN_CALLCONV_H
-
-/******************************************************************************/
-/* Some macros to ease compatibility                                          */
-/******************************************************************************/
-
-/* We want to generate __cdecl safely without worrying about it being undefined.
- * When using MSVC, these are always defined. When using MinGW, these are
- * defined too. They have no meaning for other platforms, so we define them to
- * be empty macros in other situations. */
-#ifndef _MSC_VER
-#ifndef __cdecl
-#define __cdecl
-#endif
-#ifndef __stdcall
-#define __stdcall
-#endif
-#ifndef __fastcall
-#define __fastcall
-#endif
-#endif
-
-/* Since KreMLin emits the inline keyword unconditionally, we follow the
- * guidelines at https://gcc.gnu.org/onlinedocs/gcc/Inline.html and make this
- * __inline__ to ensure the code compiles with -std=c90 and earlier. */
-#ifdef __GNUC__
-#  define inline __inline__
-#endif
-
-/* GCC-specific attribute syntax; everyone else gets the standard C inline
- * attribute. */
-#ifdef __GNU_C__
-#  ifndef __clang__
-#    define force_inline inline __attribute__((always_inline))
-#  else
-#    define force_inline inline
-#  endif
-#else
-#  define force_inline inline
-#endif
-
-#endif

lib/mbedtls/3rdparty/everest/include/everest/kremlin/internal/compat.h

@@ -1,34 +0,0 @@
-/* Copyright (c) INRIA and Microsoft Corporation. All rights reserved.
-   Licensed under the Apache 2.0 License. */
-
-#ifndef KRML_COMPAT_H
-#define KRML_COMPAT_H
-
-#include <inttypes.h>
-
-/* A series of macros that define C implementations of types that are not Low*,
- * to facilitate porting programs to Low*. */
-
-typedef const char *Prims_string;
-
-typedef struct {
-  uint32_t length;
-  const char *data;
-} FStar_Bytes_bytes;
-
-typedef int32_t Prims_pos, Prims_nat, Prims_nonzero, Prims_int,
-    krml_checked_int_t;
-
-#define RETURN_OR(x)                                                           \
-  do {                                                                         \
-    int64_t __ret = x;                                                         \
-    if (__ret < INT32_MIN || INT32_MAX < __ret) {                              \
-      KRML_HOST_PRINTF(                                                        \
-          "Prims.{int,nat,pos} integer overflow at %s:%d\n", __FILE__,         \
-          __LINE__);                                                           \
-      KRML_HOST_EXIT(252);                                                     \
-    }                                                                          \
-    return (int32_t)__ret;                                                     \
-  } while (0)
-
-#endif

lib/mbedtls/3rdparty/everest/include/everest/kremlin/internal/debug.h

@@ -1,57 +0,0 @@
-/* Copyright (c) INRIA and Microsoft Corporation. All rights reserved.
-   Licensed under the Apache 2.0 License. */
-
-#ifndef __KREMLIN_DEBUG_H
-#define __KREMLIN_DEBUG_H
-
-#include <inttypes.h>
-
-#include "kremlin/internal/target.h"
-
-/******************************************************************************/
-/* Debugging helpers - intended only for KreMLin developers                   */
-/******************************************************************************/
-
-/* In support of "-wasm -d force-c": we might need this function to be
- * forward-declared, because the dependency on WasmSupport appears very late,
- * after SimplifyWasm, and sadly, after the topological order has been done. */
-void WasmSupport_check_buffer_size(uint32_t s);
-
-/* A series of GCC atrocities to trace function calls (kremlin's [-d c-calls]
- * option). Useful when trying to debug, say, Wasm, to compare traces. */
-/* clang-format off */
-#ifdef __GNUC__
-#define KRML_FORMAT(X) _Generic((X),                                           \
-  uint8_t : "0x%08" PRIx8,                                                     \
-  uint16_t: "0x%08" PRIx16,                                                    \
-  uint32_t: "0x%08" PRIx32,                                                    \
-  uint64_t: "0x%08" PRIx64,                                                    \
-  int8_t  : "0x%08" PRIx8,                                                     \
-  int16_t : "0x%08" PRIx16,                                                    \
-  int32_t : "0x%08" PRIx32,                                                    \
-  int64_t : "0x%08" PRIx64,                                                    \
-  default : "%s")
-
-#define KRML_FORMAT_ARG(X) _Generic((X),                                       \
-  uint8_t : X,                                                                 \
-  uint16_t: X,                                                                 \
-  uint32_t: X,                                                                 \
-  uint64_t: X,                                                                 \
-  int8_t  : X,                                                                 \
-  int16_t : X,                                                                 \
-  int32_t : X,                                                                 \
-  int64_t : X,                                                                 \
-  default : "unknown")
-/* clang-format on */
-
-#  define KRML_DEBUG_RETURN(X)                                                 \
-    ({                                                                         \
-      __auto_type _ret = (X);                                                  \
-      KRML_HOST_PRINTF("returning: ");                                         \
-      KRML_HOST_PRINTF(KRML_FORMAT(_ret), KRML_FORMAT_ARG(_ret));              \
-      KRML_HOST_PRINTF(" \n");                                                 \
-      _ret;                                                                    \
-    })
-#endif
-
-#endif

lib/mbedtls/3rdparty/everest/include/everest/kremlin/internal/target.h

@@ -1,102 +0,0 @@
-/* Copyright (c) INRIA and Microsoft Corporation. All rights reserved.
-   Licensed under the Apache 2.0 License. */
-
-#ifndef __KREMLIN_TARGET_H
-#define __KREMLIN_TARGET_H
-
-#include <stdlib.h>
-#include <stdio.h>
-#include <stdbool.h>
-#include <inttypes.h>
-#include <limits.h>
-
-#include "kremlin/internal/callconv.h"
-
-/******************************************************************************/
-/* Macros that KreMLin will generate.                                         */
-/******************************************************************************/
-
-/* For "bare" targets that do not have a C stdlib, the user might want to use
- * [-add-early-include '"mydefinitions.h"'] and override these. */
-#ifndef KRML_HOST_PRINTF
-#  define KRML_HOST_PRINTF printf
-#endif
-
-#if (                                                                          \
-    (defined __STDC_VERSION__) && (__STDC_VERSION__ >= 199901L) &&             \
-    (!(defined KRML_HOST_EPRINTF)))
-#  define KRML_HOST_EPRINTF(...) fprintf(stderr, __VA_ARGS__)
-#endif
-
-#ifndef KRML_HOST_EXIT
-#  define KRML_HOST_EXIT exit
-#endif
-
-#ifndef KRML_HOST_MALLOC
-#  define KRML_HOST_MALLOC malloc
-#endif
-
-#ifndef KRML_HOST_CALLOC
-#  define KRML_HOST_CALLOC calloc
-#endif
-
-#ifndef KRML_HOST_FREE
-#  define KRML_HOST_FREE free
-#endif
-
-#ifndef KRML_HOST_TIME
-
-#  include <time.h>
-
-/* Prims_nat not yet in scope */
-inline static int32_t krml_time() {
-  return (int32_t)time(NULL);
-}
-
-#  define KRML_HOST_TIME krml_time
-#endif
-
-/* In statement position, exiting is easy. */
-#define KRML_EXIT                                                              \
-  do {                                                                         \
-    KRML_HOST_PRINTF("Unimplemented function at %s:%d\n", __FILE__, __LINE__); \
-    KRML_HOST_EXIT(254);                                                       \
-  } while (0)
-
-/* In expression position, use the comma-operator and a malloc to return an
- * expression of the right size. KreMLin passes t as the parameter to the macro.
- */
-#define KRML_EABORT(t, msg)                                                    \
-  (KRML_HOST_PRINTF("KreMLin abort at %s:%d\n%s\n", __FILE__, __LINE__, msg),  \
-   KRML_HOST_EXIT(255), *((t *)KRML_HOST_MALLOC(sizeof(t))))
-
-/* In FStar.Buffer.fst, the size of arrays is uint32_t, but it's a number of
- * *elements*. Do an ugly, run-time check (some of which KreMLin can eliminate).
- */
-
-#ifdef __GNUC__
-#  define _KRML_CHECK_SIZE_PRAGMA                                              \
-    _Pragma("GCC diagnostic ignored \"-Wtype-limits\"")
-#else
-#  define _KRML_CHECK_SIZE_PRAGMA
-#endif
-
-#define KRML_CHECK_SIZE(size_elt, sz)                                          \
-  do {                                                                         \
-    _KRML_CHECK_SIZE_PRAGMA                                                    \
-    if (((size_t)(sz)) > ((size_t)(SIZE_MAX / (size_elt)))) {                  \
-      KRML_HOST_PRINTF(                                                        \
-          "Maximum allocatable size exceeded, aborting before overflow at "    \
-          "%s:%d\n",                                                           \
-          __FILE__, __LINE__);                                                 \
-      KRML_HOST_EXIT(253);                                                     \
-    }                                                                          \
-  } while (0)
-
-#if defined(_MSC_VER) && _MSC_VER < 1900
-#  define KRML_HOST_SNPRINTF(buf, sz, fmt, arg) _snprintf_s(buf, sz, _TRUNCATE, fmt, arg)
-#else
-#  define KRML_HOST_SNPRINTF(buf, sz, fmt, arg) snprintf(buf, sz, fmt, arg)
-#endif
-
-#endif

lib/mbedtls/3rdparty/everest/include/everest/kremlin/internal/types.h

@@ -1,61 +0,0 @@
-/* Copyright (c) INRIA and Microsoft Corporation. All rights reserved.
-   Licensed under the Apache 2.0 License. */
-
-#ifndef KRML_TYPES_H
-#define KRML_TYPES_H
-
-#include <inttypes.h>
-#include <stdio.h>
-#include <stdlib.h>
-
-/* Types which are either abstract, meaning that have to be implemented in C, or
- * which are models, meaning that they are swapped out at compile-time for
- * hand-written C types (in which case they're marked as noextract). */
-
-typedef uint64_t FStar_UInt64_t, FStar_UInt64_t_;
-typedef int64_t FStar_Int64_t, FStar_Int64_t_;
-typedef uint32_t FStar_UInt32_t, FStar_UInt32_t_;
-typedef int32_t FStar_Int32_t, FStar_Int32_t_;
-typedef uint16_t FStar_UInt16_t, FStar_UInt16_t_;
-typedef int16_t FStar_Int16_t, FStar_Int16_t_;
-typedef uint8_t FStar_UInt8_t, FStar_UInt8_t_;
-typedef int8_t FStar_Int8_t, FStar_Int8_t_;
-
-/* Only useful when building Kremlib, because it's in the dependency graph of
- * FStar.Int.Cast. */
-typedef uint64_t FStar_UInt63_t, FStar_UInt63_t_;
-typedef int64_t FStar_Int63_t, FStar_Int63_t_;
-
-typedef double FStar_Float_float;
-typedef uint32_t FStar_Char_char;
-typedef FILE *FStar_IO_fd_read, *FStar_IO_fd_write;
-
-typedef void *FStar_Dyn_dyn;
-
-typedef const char *C_String_t, *C_String_t_;
-
-typedef int exit_code;
-typedef FILE *channel;
-
-typedef unsigned long long TestLib_cycles;
-
-typedef uint64_t FStar_Date_dateTime, FStar_Date_timeSpan;
-
-/* The uint128 type is a special case since we offer several implementations of
- * it, depending on the compiler and whether the user wants the verified
- * implementation or not. */
-#if !defined(KRML_VERIFIED_UINT128) && defined(_MSC_VER) && defined(_M_X64)
-#  include <emmintrin.h>
-typedef __m128i FStar_UInt128_uint128;
-#elif !defined(KRML_VERIFIED_UINT128) && !defined(_MSC_VER)
-typedef unsigned __int128 FStar_UInt128_uint128;
-#else
-typedef struct FStar_UInt128_uint128_s {
-  uint64_t low;
-  uint64_t high;
-} FStar_UInt128_uint128;
-#endif
-
-typedef FStar_UInt128_uint128 FStar_UInt128_t, FStar_UInt128_t_, uint128_t;
-
-#endif

lib/mbedtls/3rdparty/everest/include/everest/kremlin/internal/wasmsupport.h

@@ -1,5 +0,0 @@
-/* Copyright (c) INRIA and Microsoft Corporation. All rights reserved.
-   Licensed under the Apache 2.0 License. */
-
-/* This file is automatically included when compiling with -wasm -d force-c */
-#define WasmSupport_check_buffer_size(X)

lib/mbedtls/3rdparty/everest/include/everest/vs2010/Hacl_Curve25519.h

@@ -1,21 +0,0 @@
-/* Copyright (c) INRIA and Microsoft Corporation. All rights reserved.
-   Licensed under the Apache 2.0 License. */
-
-/* This file was generated by KreMLin <https://github.com/FStarLang/kremlin>
- * KreMLin invocation: /mnt/e/everest/verify/kremlin/krml -fc89 -fparentheses -fno-shadow -header /mnt/e/everest/verify/hdrcLh -minimal -fc89 -fparentheses -fno-shadow -header /mnt/e/everest/verify/hdrcLh -minimal -I /mnt/e/everest/verify/hacl-star/code/lib/kremlin -I /mnt/e/everest/verify/kremlin/kremlib/compat -I /mnt/e/everest/verify/hacl-star/specs -I /mnt/e/everest/verify/hacl-star/specs/old -I . -ccopt -march=native -verbose -ldopt -flto -tmpdir x25519-c -I ../bignum -bundle Hacl.Curve25519=* -minimal -add-include "kremlib.h" -skip-compilation x25519-c/out.krml -o x25519-c/Hacl_Curve25519.c
- * F* version: 059db0c8
- * KreMLin version: 916c37ac
- */
-
-
-
-#ifndef __Hacl_Curve25519_H
-#define __Hacl_Curve25519_H
-
-
-#include "kremlib.h"
-
-void Hacl_Curve25519_crypto_scalarmult(uint8_t *mypublic, uint8_t *secret, uint8_t *basepoint);
-
-#define __Hacl_Curve25519_H_DEFINED
-#endif

lib/mbedtls/3rdparty/everest/include/everest/vs2010/inttypes.h

@@ -1,36 +0,0 @@
-/*
- *  Custom inttypes.h for VS2010 KreMLin requires these definitions,
- *  but VS2010 doesn't provide them.
- *
- *  Copyright 2016-2018 INRIA and Microsoft Corporation
- *  SPDX-License-Identifier: Apache-2.0
- *
- *  Licensed under the Apache License, Version 2.0 (the "License"); you may
- *  not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- *
- *  This file is part of mbed TLS (https://tls.mbed.org)
- */
-
-#ifndef _INTTYPES_H_VS2010
-#define _INTTYPES_H_VS2010
-
-#include <stdint.h>
-
-#ifdef _MSC_VER
-#define inline __inline
-#endif
-
-/* VS2010 unsigned long == 8 bytes */
-
-#define PRIu64 "I64u"
-
-#endif

lib/mbedtls/3rdparty/everest/include/everest/vs2010/stdbool.h

@@ -1,31 +0,0 @@
-/*
- *  Custom stdbool.h for VS2010 KreMLin requires these definitions,
- *  but VS2010 doesn't provide them.
- *
- *  Copyright 2016-2018 INRIA and Microsoft Corporation
- *  SPDX-License-Identifier: Apache-2.0
- *
- *  Licensed under the Apache License, Version 2.0 (the "License"); you may
- *  not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- *
- *  This file is part of mbed TLS (https://tls.mbed.org)
- */
-
-#ifndef _STDBOOL_H_VS2010
-#define _STDBOOL_H_VS2010
-
-typedef int bool;
-
-static bool true = 1;
-static bool false = 0;
-
-#endif

lib/mbedtls/3rdparty/everest/include/everest/x25519.h

@@ -1,190 +0,0 @@
-/*
- *  ECDH with curve-optimized implementation multiplexing
- *
- *  Copyright 2016-2018 INRIA and Microsoft Corporation
- *  SPDX-License-Identifier: Apache-2.0
- *
- *  Licensed under the Apache License, Version 2.0 (the "License"); you may
- *  not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- *
- *  This file is part of mbed TLS (https://tls.mbed.org)
- */
-
-#ifndef MBEDTLS_X25519_H
-#define MBEDTLS_X25519_H
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-#define MBEDTLS_ECP_TLS_CURVE25519 0x1d
-#define MBEDTLS_X25519_KEY_SIZE_BYTES 32
-
-/**
- * Defines the source of the imported EC key.
- */
-typedef enum
-{
-    MBEDTLS_X25519_ECDH_OURS,   /**< Our key. */
-    MBEDTLS_X25519_ECDH_THEIRS, /**< The key of the peer. */
-} mbedtls_x25519_ecdh_side;
-
-/**
- * \brief           The x25519 context structure.
- */
-typedef struct
-{
-  unsigned char our_secret[MBEDTLS_X25519_KEY_SIZE_BYTES];
-  unsigned char peer_point[MBEDTLS_X25519_KEY_SIZE_BYTES];
-} mbedtls_x25519_context;
-
-/**
- * \brief           This function initializes an x25519 context.
- *
- * \param ctx       The x25519 context to initialize.
- */
-void mbedtls_x25519_init( mbedtls_x25519_context *ctx );
-
-/**
- * \brief           This function frees a context.
- *
- * \param ctx       The context to free.
- */
-void mbedtls_x25519_free( mbedtls_x25519_context *ctx );
-
-/**
- * \brief           This function generates a public key and a TLS
- *                  ServerKeyExchange payload.
- *
- *                  This is the first function used by a TLS server for x25519.
- *
- *
- * \param ctx       The x25519 context.
- * \param olen      The number of characters written.
- * \param buf       The destination buffer.
- * \param blen      The length of the destination buffer.
- * \param f_rng     The RNG function.
- * \param p_rng     The RNG context.
- *
- * \return          \c 0 on success.
- * \return          An \c MBEDTLS_ERR_ECP_XXX error code on failure.
- */
-int mbedtls_x25519_make_params( mbedtls_x25519_context *ctx, size_t *olen,
-                        unsigned char *buf, size_t blen,
-                        int( *f_rng )(void *, unsigned char *, size_t),
-                        void *p_rng );
-
-/**
- * \brief           This function parses and processes a TLS ServerKeyExchange
- *                  payload.
- *
- *
- * \param ctx       The x25519 context.
- * \param buf       The pointer to the start of the input buffer.
- * \param end       The address for one Byte past the end of the buffer.
- *
- * \return          \c 0 on success.
- * \return          An \c MBEDTLS_ERR_ECP_XXX error code on failure.
- *
- */
-int mbedtls_x25519_read_params( mbedtls_x25519_context *ctx,
-                        const unsigned char **buf, const unsigned char *end );
-
-/**
- * \brief           This function sets up an x25519 context from an EC key.
- *
- *                  It is used by clients and servers in place of the
- *                  ServerKeyEchange for static ECDH, and imports ECDH
- *                  parameters from the EC key information of a certificate.
- *
- * \see             ecp.h
- *
- * \param ctx       The x25519 context to set up.
- * \param key       The EC key to use.
- * \param side      Defines the source of the key: 1: Our key, or
- *                  0: The key of the peer.
- *
- * \return          \c 0 on success.
- * \return          An \c MBEDTLS_ERR_ECP_XXX error code on failure.
- *
- */
-int mbedtls_x25519_get_params( mbedtls_x25519_context *ctx, const mbedtls_ecp_keypair *key,
-                               mbedtls_x25519_ecdh_side side );
-
-/**
- * \brief           This function derives and exports the shared secret.
- *
- *                  This is the last function used by both TLS client
- *                  and servers.
- *
- *
- * \param ctx       The x25519 context.
- * \param olen      The number of Bytes written.
- * \param buf       The destination buffer.
- * \param blen      The length of the destination buffer.
- * \param f_rng     The RNG function.
- * \param p_rng     The RNG context.
- *
- * \return          \c 0 on success.
- * \return          An \c MBEDTLS_ERR_ECP_XXX error code on failure.
- */
-int mbedtls_x25519_calc_secret( mbedtls_x25519_context *ctx, size_t *olen,
-                        unsigned char *buf, size_t blen,
-                        int( *f_rng )(void *, unsigned char *, size_t),
-                        void *p_rng );
-
-/**
- * \brief           This function generates a public key and a TLS
- *                  ClientKeyExchange payload.
- *
- *                  This is the second function used by a TLS client for x25519.
- *
- * \see             ecp.h
- *
- * \param ctx       The x25519 context.
- * \param olen      The number of Bytes written.
- * \param buf       The destination buffer.
- * \param blen      The size of the destination buffer.
- * \param f_rng     The RNG function.
- * \param p_rng     The RNG context.
- *
- * \return          \c 0 on success.
- * \return          An \c MBEDTLS_ERR_ECP_XXX error code on failure.
- */
-int mbedtls_x25519_make_public( mbedtls_x25519_context *ctx, size_t *olen,
-                        unsigned char *buf, size_t blen,
-                        int( *f_rng )(void *, unsigned char *, size_t),
-                        void *p_rng );
-
-/**
- * \brief       This function parses and processes a TLS ClientKeyExchange
- *              payload.
- *
- *              This is the second function used by a TLS server for x25519.
- *
- * \see         ecp.h
- *
- * \param ctx   The x25519 context.
- * \param buf   The start of the input buffer.
- * \param blen  The length of the input buffer.
- *
- * \return      \c 0 on success.
- * \return      An \c MBEDTLS_ERR_ECP_XXX error code on failure.
- */
-int mbedtls_x25519_read_public( mbedtls_x25519_context *ctx,
-                        const unsigned char *buf, size_t blen );
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* x25519.h */

lib/mbedtls/3rdparty/everest/library/Hacl_Curve25519.c

@@ -1,760 +0,0 @@
-/* Copyright (c) INRIA and Microsoft Corporation. All rights reserved.
-   Licensed under the Apache 2.0 License. */
-
-/* This file was generated by KreMLin <https://github.com/FStarLang/kremlin>
- * KreMLin invocation: /mnt/e/everest/verify/kremlin/krml -fc89 -fparentheses -fno-shadow -header /mnt/e/everest/verify/hdrcLh -minimal -fbuiltin-uint128 -fc89 -fparentheses -fno-shadow -header /mnt/e/everest/verify/hdrcLh -minimal -I /mnt/e/everest/verify/hacl-star/code/lib/kremlin -I /mnt/e/everest/verify/kremlin/kremlib/compat -I /mnt/e/everest/verify/hacl-star/specs -I /mnt/e/everest/verify/hacl-star/specs/old -I . -ccopt -march=native -verbose -ldopt -flto -tmpdir x25519-c -I ../bignum -bundle Hacl.Curve25519=* -minimal -add-include "kremlib.h" -skip-compilation x25519-c/out.krml -o x25519-c/Hacl_Curve25519.c
- * F* version: 059db0c8
- * KreMLin version: 916c37ac
- */
-
-
-#include "Hacl_Curve25519.h"
-
-extern uint64_t FStar_UInt64_eq_mask(uint64_t x0, uint64_t x1);
-
-extern uint64_t FStar_UInt64_gte_mask(uint64_t x0, uint64_t x1);
-
-extern uint128_t FStar_UInt128_add(uint128_t x0, uint128_t x1);
-
-extern uint128_t FStar_UInt128_add_mod(uint128_t x0, uint128_t x1);
-
-extern uint128_t FStar_UInt128_logand(uint128_t x0, uint128_t x1);
-
-extern uint128_t FStar_UInt128_shift_right(uint128_t x0, uint32_t x1);
-
-extern uint128_t FStar_UInt128_uint64_to_uint128(uint64_t x0);
-
-extern uint64_t FStar_UInt128_uint128_to_uint64(uint128_t x0);
-
-extern uint128_t FStar_UInt128_mul_wide(uint64_t x0, uint64_t x1);
-
-static void Hacl_Bignum_Modulo_carry_top(uint64_t *b)
-{
-  uint64_t b4 = b[4U];
-  uint64_t b0 = b[0U];
-  uint64_t b4_ = b4 & (uint64_t)0x7ffffffffffffU;
-  uint64_t b0_ = b0 + (uint64_t)19U * (b4 >> (uint32_t)51U);
-  b[4U] = b4_;
-  b[0U] = b0_;
-}
-
-inline static void Hacl_Bignum_Fproduct_copy_from_wide_(uint64_t *output, uint128_t *input)
-{
-  uint32_t i;
-  for (i = (uint32_t)0U; i < (uint32_t)5U; i = i + (uint32_t)1U)
-  {
-    uint128_t xi = input[i];
-    output[i] = (uint64_t)xi;
-  }
-}
-
-inline static void
-Hacl_Bignum_Fproduct_sum_scalar_multiplication_(uint128_t *output, uint64_t *input, uint64_t s)
-{
-  uint32_t i;
-  for (i = (uint32_t)0U; i < (uint32_t)5U; i = i + (uint32_t)1U)
-  {
-    uint128_t xi = output[i];
-    uint64_t yi = input[i];
-    output[i] = xi + (uint128_t)yi * s;
-  }
-}
-
-inline static void Hacl_Bignum_Fproduct_carry_wide_(uint128_t *tmp)
-{
-  uint32_t i;
-  for (i = (uint32_t)0U; i < (uint32_t)4U; i = i + (uint32_t)1U)
-  {
-    uint32_t ctr = i;
-    uint128_t tctr = tmp[ctr];
-    uint128_t tctrp1 = tmp[ctr + (uint32_t)1U];
-    uint64_t r0 = (uint64_t)tctr & (uint64_t)0x7ffffffffffffU;
-    uint128_t c = tctr >> (uint32_t)51U;
-    tmp[ctr] = (uint128_t)r0;
-    tmp[ctr + (uint32_t)1U] = tctrp1 + c;
-  }
-}
-
-inline static void Hacl_Bignum_Fmul_shift_reduce(uint64_t *output)
-{
-  uint64_t tmp = output[4U];
-  uint64_t b0;
-  {
-    uint32_t i;
-    for (i = (uint32_t)0U; i < (uint32_t)4U; i = i + (uint32_t)1U)
-    {
-      uint32_t ctr = (uint32_t)5U - i - (uint32_t)1U;
-      uint64_t z = output[ctr - (uint32_t)1U];
-      output[ctr] = z;
-    }
-  }
-  output[0U] = tmp;
-  b0 = output[0U];
-  output[0U] = (uint64_t)19U * b0;
-}
-
-static void
-Hacl_Bignum_Fmul_mul_shift_reduce_(uint128_t *output, uint64_t *input, uint64_t *input2)
-{
-  uint32_t i;
-  uint64_t input2i;
-  {
-    uint32_t i0;
-    for (i0 = (uint32_t)0U; i0 < (uint32_t)4U; i0 = i0 + (uint32_t)1U)
-    {
-      uint64_t input2i0 = input2[i0];
-      Hacl_Bignum_Fproduct_sum_scalar_multiplication_(output, input, input2i0);
-      Hacl_Bignum_Fmul_shift_reduce(input);
-    }
-  }
-  i = (uint32_t)4U;
-  input2i = input2[i];
-  Hacl_Bignum_Fproduct_sum_scalar_multiplication_(output, input, input2i);
-}
-
-inline static void Hacl_Bignum_Fmul_fmul(uint64_t *output, uint64_t *input, uint64_t *input2)
-{
-  uint64_t tmp[5U] = { 0U };
-  memcpy(tmp, input, (uint32_t)5U * sizeof input[0U]);
-  KRML_CHECK_SIZE(sizeof (uint128_t), (uint32_t)5U);
-  {
-    uint128_t t[5U];
-    {
-      uint32_t _i;
-      for (_i = 0U; _i < (uint32_t)5U; ++_i)
-        t[_i] = (uint128_t)(uint64_t)0U;
-    }
-    {
-      uint128_t b4;
-      uint128_t b0;
-      uint128_t b4_;
-      uint128_t b0_;
-      uint64_t i0;
-      uint64_t i1;
-      uint64_t i0_;
-      uint64_t i1_;
-      Hacl_Bignum_Fmul_mul_shift_reduce_(t, tmp, input2);
-      Hacl_Bignum_Fproduct_carry_wide_(t);
-      b4 = t[4U];
-      b0 = t[0U];
-      b4_ = b4 & (uint128_t)(uint64_t)0x7ffffffffffffU;
-      b0_ = b0 + (uint128_t)(uint64_t)19U * (uint64_t)(b4 >> (uint32_t)51U);
-      t[4U] = b4_;
-      t[0U] = b0_;
-      Hacl_Bignum_Fproduct_copy_from_wide_(output, t);
-      i0 = output[0U];
-      i1 = output[1U];
-      i0_ = i0 & (uint64_t)0x7ffffffffffffU;
-      i1_ = i1 + (i0 >> (uint32_t)51U);
-      output[0U] = i0_;
-      output[1U] = i1_;
-    }
-  }
-}
-
-inline static void Hacl_Bignum_Fsquare_fsquare__(uint128_t *tmp, uint64_t *output)
-{
-  uint64_t r0 = output[0U];
-  uint64_t r1 = output[1U];
-  uint64_t r2 = output[2U];
-  uint64_t r3 = output[3U];
-  uint64_t r4 = output[4U];
-  uint64_t d0 = r0 * (uint64_t)2U;
-  uint64_t d1 = r1 * (uint64_t)2U;
-  uint64_t d2 = r2 * (uint64_t)2U * (uint64_t)19U;
-  uint64_t d419 = r4 * (uint64_t)19U;
-  uint64_t d4 = d419 * (uint64_t)2U;
-  uint128_t s0 = (uint128_t)r0 * r0 + (uint128_t)d4 * r1 + (uint128_t)d2 * r3;
-  uint128_t s1 = (uint128_t)d0 * r1 + (uint128_t)d4 * r2 + (uint128_t)(r3 * (uint64_t)19U) * r3;
-  uint128_t s2 = (uint128_t)d0 * r2 + (uint128_t)r1 * r1 + (uint128_t)d4 * r3;
-  uint128_t s3 = (uint128_t)d0 * r3 + (uint128_t)d1 * r2 + (uint128_t)r4 * d419;
-  uint128_t s4 = (uint128_t)d0 * r4 + (uint128_t)d1 * r3 + (uint128_t)r2 * r2;
-  tmp[0U] = s0;
-  tmp[1U] = s1;
-  tmp[2U] = s2;
-  tmp[3U] = s3;
-  tmp[4U] = s4;
-}
-
-inline static void Hacl_Bignum_Fsquare_fsquare_(uint128_t *tmp, uint64_t *output)
-{
-  uint128_t b4;
-  uint128_t b0;
-  uint128_t b4_;
-  uint128_t b0_;
-  uint64_t i0;
-  uint64_t i1;
-  uint64_t i0_;
-  uint64_t i1_;
-  Hacl_Bignum_Fsquare_fsquare__(tmp, output);
-  Hacl_Bignum_Fproduct_carry_wide_(tmp);
-  b4 = tmp[4U];
-  b0 = tmp[0U];
-  b4_ = b4 & (uint128_t)(uint64_t)0x7ffffffffffffU;
-  b0_ = b0 + (uint128_t)(uint64_t)19U * (uint64_t)(b4 >> (uint32_t)51U);
-  tmp[4U] = b4_;
-  tmp[0U] = b0_;
-  Hacl_Bignum_Fproduct_copy_from_wide_(output, tmp);
-  i0 = output[0U];
-  i1 = output[1U];
-  i0_ = i0 & (uint64_t)0x7ffffffffffffU;
-  i1_ = i1 + (i0 >> (uint32_t)51U);
-  output[0U] = i0_;
-  output[1U] = i1_;
-}
-
-static void
-Hacl_Bignum_Fsquare_fsquare_times_(uint64_t *input, uint128_t *tmp, uint32_t count1)
-{
-  uint32_t i;
-  Hacl_Bignum_Fsquare_fsquare_(tmp, input);
-  for (i = (uint32_t)1U; i < count1; i = i + (uint32_t)1U)
-    Hacl_Bignum_Fsquare_fsquare_(tmp, input);
-}
-
-inline static void
-Hacl_Bignum_Fsquare_fsquare_times(uint64_t *output, uint64_t *input, uint32_t count1)
-{
-  KRML_CHECK_SIZE(sizeof (uint128_t), (uint32_t)5U);
-  {
-    uint128_t t[5U];
-    {
-      uint32_t _i;
-      for (_i = 0U; _i < (uint32_t)5U; ++_i)
-        t[_i] = (uint128_t)(uint64_t)0U;
-    }
-    memcpy(output, input, (uint32_t)5U * sizeof input[0U]);
-    Hacl_Bignum_Fsquare_fsquare_times_(output, t, count1);
-  }
-}
-
-inline static void Hacl_Bignum_Fsquare_fsquare_times_inplace(uint64_t *output, uint32_t count1)
-{
-  KRML_CHECK_SIZE(sizeof (uint128_t), (uint32_t)5U);
-  {
-    uint128_t t[5U];
-    {
-      uint32_t _i;
-      for (_i = 0U; _i < (uint32_t)5U; ++_i)
-        t[_i] = (uint128_t)(uint64_t)0U;
-    }
-    Hacl_Bignum_Fsquare_fsquare_times_(output, t, count1);
-  }
-}
-
-inline static void Hacl_Bignum_Crecip_crecip(uint64_t *out, uint64_t *z)
-{
-  uint64_t buf[20U] = { 0U };
-  uint64_t *a0 = buf;
-  uint64_t *t00 = buf + (uint32_t)5U;
-  uint64_t *b0 = buf + (uint32_t)10U;
-  uint64_t *t01;
-  uint64_t *b1;
-  uint64_t *c0;
-  uint64_t *a;
-  uint64_t *t0;
-  uint64_t *b;
-  uint64_t *c;
-  Hacl_Bignum_Fsquare_fsquare_times(a0, z, (uint32_t)1U);
-  Hacl_Bignum_Fsquare_fsquare_times(t00, a0, (uint32_t)2U);
-  Hacl_Bignum_Fmul_fmul(b0, t00, z);
-  Hacl_Bignum_Fmul_fmul(a0, b0, a0);
-  Hacl_Bignum_Fsquare_fsquare_times(t00, a0, (uint32_t)1U);
-  Hacl_Bignum_Fmul_fmul(b0, t00, b0);
-  Hacl_Bignum_Fsquare_fsquare_times(t00, b0, (uint32_t)5U);
-  t01 = buf + (uint32_t)5U;
-  b1 = buf + (uint32_t)10U;
-  c0 = buf + (uint32_t)15U;
-  Hacl_Bignum_Fmul_fmul(b1, t01, b1);
-  Hacl_Bignum_Fsquare_fsquare_times(t01, b1, (uint32_t)10U);
-  Hacl_Bignum_Fmul_fmul(c0, t01, b1);
-  Hacl_Bignum_Fsquare_fsquare_times(t01, c0, (uint32_t)20U);
-  Hacl_Bignum_Fmul_fmul(t01, t01, c0);
-  Hacl_Bignum_Fsquare_fsquare_times_inplace(t01, (uint32_t)10U);
-  Hacl_Bignum_Fmul_fmul(b1, t01, b1);
-  Hacl_Bignum_Fsquare_fsquare_times(t01, b1, (uint32_t)50U);
-  a = buf;
-  t0 = buf + (uint32_t)5U;
-  b = buf + (uint32_t)10U;
-  c = buf + (uint32_t)15U;
-  Hacl_Bignum_Fmul_fmul(c, t0, b);
-  Hacl_Bignum_Fsquare_fsquare_times(t0, c, (uint32_t)100U);
-  Hacl_Bignum_Fmul_fmul(t0, t0, c);
-  Hacl_Bignum_Fsquare_fsquare_times_inplace(t0, (uint32_t)50U);
-  Hacl_Bignum_Fmul_fmul(t0, t0, b);
-  Hacl_Bignum_Fsquare_fsquare_times_inplace(t0, (uint32_t)5U);
-  Hacl_Bignum_Fmul_fmul(out, t0, a);
-}
-
-inline static void Hacl_Bignum_fsum(uint64_t *a, uint64_t *b)
-{
-  uint32_t i;
-  for (i = (uint32_t)0U; i < (uint32_t)5U; i = i + (uint32_t)1U)
-  {
-    uint64_t xi = a[i];
-    uint64_t yi = b[i];
-    a[i] = xi + yi;
-  }
-}
-
-inline static void Hacl_Bignum_fdifference(uint64_t *a, uint64_t *b)
-{
-  uint64_t tmp[5U] = { 0U };
-  uint64_t b0;
-  uint64_t b1;
-  uint64_t b2;
-  uint64_t b3;
-  uint64_t b4;
-  memcpy(tmp, b, (uint32_t)5U * sizeof b[0U]);
-  b0 = tmp[0U];
-  b1 = tmp[1U];
-  b2 = tmp[2U];
-  b3 = tmp[3U];
-  b4 = tmp[4U];
-  tmp[0U] = b0 + (uint64_t)0x3fffffffffff68U;
-  tmp[1U] = b1 + (uint64_t)0x3ffffffffffff8U;
-  tmp[2U] = b2 + (uint64_t)0x3ffffffffffff8U;
-  tmp[3U] = b3 + (uint64_t)0x3ffffffffffff8U;
-  tmp[4U] = b4 + (uint64_t)0x3ffffffffffff8U;
-  {
-    uint32_t i;
-    for (i = (uint32_t)0U; i < (uint32_t)5U; i = i + (uint32_t)1U)
-    {
-      uint64_t xi = a[i];
-      uint64_t yi = tmp[i];
-      a[i] = yi - xi;
-    }
-  }
-}
-
-inline static void Hacl_Bignum_fscalar(uint64_t *output, uint64_t *b, uint64_t s)
-{
-  KRML_CHECK_SIZE(sizeof (uint128_t), (uint32_t)5U);
-  {
-    uint128_t tmp[5U];
-    {
-      uint32_t _i;
-      for (_i = 0U; _i < (uint32_t)5U; ++_i)
-        tmp[_i] = (uint128_t)(uint64_t)0U;
-    }
-    {
-      uint128_t b4;
-      uint128_t b0;
-      uint128_t b4_;
-      uint128_t b0_;
-      {
-        uint32_t i;
-        for (i = (uint32_t)0U; i < (uint32_t)5U; i = i + (uint32_t)1U)
-        {
-          uint64_t xi = b[i];
-          tmp[i] = (uint128_t)xi * s;
-        }
-      }
-      Hacl_Bignum_Fproduct_carry_wide_(tmp);
-      b4 = tmp[4U];
-      b0 = tmp[0U];
-      b4_ = b4 & (uint128_t)(uint64_t)0x7ffffffffffffU;
-      b0_ = b0 + (uint128_t)(uint64_t)19U * (uint64_t)(b4 >> (uint32_t)51U);
-      tmp[4U] = b4_;
-      tmp[0U] = b0_;
-      Hacl_Bignum_Fproduct_copy_from_wide_(output, tmp);
-    }
-  }
-}
-
-inline static void Hacl_Bignum_fmul(uint64_t *output, uint64_t *a, uint64_t *b)
-{
-  Hacl_Bignum_Fmul_fmul(output, a, b);
-}
-
-inline static void Hacl_Bignum_crecip(uint64_t *output, uint64_t *input)
-{
-  Hacl_Bignum_Crecip_crecip(output, input);
-}
-
-static void
-Hacl_EC_Point_swap_conditional_step(uint64_t *a, uint64_t *b, uint64_t swap1, uint32_t ctr)
-{
-  uint32_t i = ctr - (uint32_t)1U;
-  uint64_t ai = a[i];
-  uint64_t bi = b[i];
-  uint64_t x = swap1 & (ai ^ bi);
-  uint64_t ai1 = ai ^ x;
-  uint64_t bi1 = bi ^ x;
-  a[i] = ai1;
-  b[i] = bi1;
-}
-
-static void
-Hacl_EC_Point_swap_conditional_(uint64_t *a, uint64_t *b, uint64_t swap1, uint32_t ctr)
-{
-  if (!(ctr == (uint32_t)0U))
-  {
-    uint32_t i;
-    Hacl_EC_Point_swap_conditional_step(a, b, swap1, ctr);
-    i = ctr - (uint32_t)1U;
-    Hacl_EC_Point_swap_conditional_(a, b, swap1, i);
-  }
-}
-
-static void Hacl_EC_Point_swap_conditional(uint64_t *a, uint64_t *b, uint64_t iswap)
-{
-  uint64_t swap1 = (uint64_t)0U - iswap;
-  Hacl_EC_Point_swap_conditional_(a, b, swap1, (uint32_t)5U);
-  Hacl_EC_Point_swap_conditional_(a + (uint32_t)5U, b + (uint32_t)5U, swap1, (uint32_t)5U);
-}
-
-static void Hacl_EC_Point_copy(uint64_t *output, uint64_t *input)
-{
-  memcpy(output, input, (uint32_t)5U * sizeof input[0U]);
-  memcpy(output + (uint32_t)5U,
-    input + (uint32_t)5U,
-    (uint32_t)5U * sizeof (input + (uint32_t)5U)[0U]);
-}
-
-static void Hacl_EC_Format_fexpand(uint64_t *output, uint8_t *input)
-{
-  uint64_t i0 = load64_le(input);
-  uint8_t *x00 = input + (uint32_t)6U;
-  uint64_t i1 = load64_le(x00);
-  uint8_t *x01 = input + (uint32_t)12U;
-  uint64_t i2 = load64_le(x01);
-  uint8_t *x02 = input + (uint32_t)19U;
-  uint64_t i3 = load64_le(x02);
-  uint8_t *x0 = input + (uint32_t)24U;
-  uint64_t i4 = load64_le(x0);
-  uint64_t output0 = i0 & (uint64_t)0x7ffffffffffffU;
-  uint64_t output1 = i1 >> (uint32_t)3U & (uint64_t)0x7ffffffffffffU;
-  uint64_t output2 = i2 >> (uint32_t)6U & (uint64_t)0x7ffffffffffffU;
-  uint64_t output3 = i3 >> (uint32_t)1U & (uint64_t)0x7ffffffffffffU;
-  uint64_t output4 = i4 >> (uint32_t)12U & (uint64_t)0x7ffffffffffffU;
-  output[0U] = output0;
-  output[1U] = output1;
-  output[2U] = output2;
-  output[3U] = output3;
-  output[4U] = output4;
-}
-
-static void Hacl_EC_Format_fcontract_first_carry_pass(uint64_t *input)
-{
-  uint64_t t0 = input[0U];
-  uint64_t t1 = input[1U];
-  uint64_t t2 = input[2U];
-  uint64_t t3 = input[3U];
-  uint64_t t4 = input[4U];
-  uint64_t t1_ = t1 + (t0 >> (uint32_t)51U);
-  uint64_t t0_ = t0 & (uint64_t)0x7ffffffffffffU;
-  uint64_t t2_ = t2 + (t1_ >> (uint32_t)51U);
-  uint64_t t1__ = t1_ & (uint64_t)0x7ffffffffffffU;
-  uint64_t t3_ = t3 + (t2_ >> (uint32_t)51U);
-  uint64_t t2__ = t2_ & (uint64_t)0x7ffffffffffffU;
-  uint64_t t4_ = t4 + (t3_ >> (uint32_t)51U);
-  uint64_t t3__ = t3_ & (uint64_t)0x7ffffffffffffU;
-  input[0U] = t0_;
-  input[1U] = t1__;
-  input[2U] = t2__;
-  input[3U] = t3__;
-  input[4U] = t4_;
-}
-
-static void Hacl_EC_Format_fcontract_first_carry_full(uint64_t *input)
-{
-  Hacl_EC_Format_fcontract_first_carry_pass(input);
-  Hacl_Bignum_Modulo_carry_top(input);
-}
-
-static void Hacl_EC_Format_fcontract_second_carry_pass(uint64_t *input)
-{
-  uint64_t t0 = input[0U];
-  uint64_t t1 = input[1U];
-  uint64_t t2 = input[2U];
-  uint64_t t3 = input[3U];
-  uint64_t t4 = input[4U];
-  uint64_t t1_ = t1 + (t0 >> (uint32_t)51U);
-  uint64_t t0_ = t0 & (uint64_t)0x7ffffffffffffU;
-  uint64_t t2_ = t2 + (t1_ >> (uint32_t)51U);
-  uint64_t t1__ = t1_ & (uint64_t)0x7ffffffffffffU;
-  uint64_t t3_ = t3 + (t2_ >> (uint32_t)51U);
-  uint64_t t2__ = t2_ & (uint64_t)0x7ffffffffffffU;
-  uint64_t t4_ = t4 + (t3_ >> (uint32_t)51U);
-  uint64_t t3__ = t3_ & (uint64_t)0x7ffffffffffffU;
-  input[0U] = t0_;
-  input[1U] = t1__;
-  input[2U] = t2__;
-  input[3U] = t3__;
-  input[4U] = t4_;
-}
-
-static void Hacl_EC_Format_fcontract_second_carry_full(uint64_t *input)
-{
-  uint64_t i0;
-  uint64_t i1;
-  uint64_t i0_;
-  uint64_t i1_;
-  Hacl_EC_Format_fcontract_second_carry_pass(input);
-  Hacl_Bignum_Modulo_carry_top(input);
-  i0 = input[0U];
-  i1 = input[1U];
-  i0_ = i0 & (uint64_t)0x7ffffffffffffU;
-  i1_ = i1 + (i0 >> (uint32_t)51U);
-  input[0U] = i0_;
-  input[1U] = i1_;
-}
-
-static void Hacl_EC_Format_fcontract_trim(uint64_t *input)
-{
-  uint64_t a0 = input[0U];
-  uint64_t a1 = input[1U];
-  uint64_t a2 = input[2U];
-  uint64_t a3 = input[3U];
-  uint64_t a4 = input[4U];
-  uint64_t mask0 = FStar_UInt64_gte_mask(a0, (uint64_t)0x7ffffffffffedU);
-  uint64_t mask1 = FStar_UInt64_eq_mask(a1, (uint64_t)0x7ffffffffffffU);
-  uint64_t mask2 = FStar_UInt64_eq_mask(a2, (uint64_t)0x7ffffffffffffU);
-  uint64_t mask3 = FStar_UInt64_eq_mask(a3, (uint64_t)0x7ffffffffffffU);
-  uint64_t mask4 = FStar_UInt64_eq_mask(a4, (uint64_t)0x7ffffffffffffU);
-  uint64_t mask = (((mask0 & mask1) & mask2) & mask3) & mask4;
-  uint64_t a0_ = a0 - ((uint64_t)0x7ffffffffffedU & mask);
-  uint64_t a1_ = a1 - ((uint64_t)0x7ffffffffffffU & mask);
-  uint64_t a2_ = a2 - ((uint64_t)0x7ffffffffffffU & mask);
-  uint64_t a3_ = a3 - ((uint64_t)0x7ffffffffffffU & mask);
-  uint64_t a4_ = a4 - ((uint64_t)0x7ffffffffffffU & mask);
-  input[0U] = a0_;
-  input[1U] = a1_;
-  input[2U] = a2_;
-  input[3U] = a3_;
-  input[4U] = a4_;
-}
-
-static void Hacl_EC_Format_fcontract_store(uint8_t *output, uint64_t *input)
-{
-  uint64_t t0 = input[0U];
-  uint64_t t1 = input[1U];
-  uint64_t t2 = input[2U];
-  uint64_t t3 = input[3U];
-  uint64_t t4 = input[4U];
-  uint64_t o0 = t1 << (uint32_t)51U | t0;
-  uint64_t o1 = t2 << (uint32_t)38U | t1 >> (uint32_t)13U;
-  uint64_t o2 = t3 << (uint32_t)25U | t2 >> (uint32_t)26U;
-  uint64_t o3 = t4 << (uint32_t)12U | t3 >> (uint32_t)39U;
-  uint8_t *b0 = output;
-  uint8_t *b1 = output + (uint32_t)8U;
-  uint8_t *b2 = output + (uint32_t)16U;
-  uint8_t *b3 = output + (uint32_t)24U;
-  store64_le(b0, o0);
-  store64_le(b1, o1);
-  store64_le(b2, o2);
-  store64_le(b3, o3);
-}
-
-static void Hacl_EC_Format_fcontract(uint8_t *output, uint64_t *input)
-{
-  Hacl_EC_Format_fcontract_first_carry_full(input);
-  Hacl_EC_Format_fcontract_second_carry_full(input);
-  Hacl_EC_Format_fcontract_trim(input);
-  Hacl_EC_Format_fcontract_store(output, input);
-}
-
-static void Hacl_EC_Format_scalar_of_point(uint8_t *scalar, uint64_t *point)
-{
-  uint64_t *x = point;
-  uint64_t *z = point + (uint32_t)5U;
-  uint64_t buf[10U] = { 0U };
-  uint64_t *zmone = buf;
-  uint64_t *sc = buf + (uint32_t)5U;
-  Hacl_Bignum_crecip(zmone, z);
-  Hacl_Bignum_fmul(sc, x, zmone);
-  Hacl_EC_Format_fcontract(scalar, sc);
-}
-
-static void
-Hacl_EC_AddAndDouble_fmonty(
-  uint64_t *pp,
-  uint64_t *ppq,
-  uint64_t *p,
-  uint64_t *pq,
-  uint64_t *qmqp
-)
-{
-  uint64_t *qx = qmqp;
-  uint64_t *x2 = pp;
-  uint64_t *z2 = pp + (uint32_t)5U;
-  uint64_t *x3 = ppq;
-  uint64_t *z3 = ppq + (uint32_t)5U;
-  uint64_t *x = p;
-  uint64_t *z = p + (uint32_t)5U;
-  uint64_t *xprime = pq;
-  uint64_t *zprime = pq + (uint32_t)5U;
-  uint64_t buf[40U] = { 0U };
-  uint64_t *origx = buf;
-  uint64_t *origxprime0 = buf + (uint32_t)5U;
-  uint64_t *xxprime0 = buf + (uint32_t)25U;
-  uint64_t *zzprime0 = buf + (uint32_t)30U;
-  uint64_t *origxprime;
-  uint64_t *xx0;
-  uint64_t *zz0;
-  uint64_t *xxprime;
-  uint64_t *zzprime;
-  uint64_t *zzzprime;
-  uint64_t *zzz;
-  uint64_t *xx;
-  uint64_t *zz;
-  uint64_t scalar;
-  memcpy(origx, x, (uint32_t)5U * sizeof x[0U]);
-  Hacl_Bignum_fsum(x, z);
-  Hacl_Bignum_fdifference(z, origx);
-  memcpy(origxprime0, xprime, (uint32_t)5U * sizeof xprime[0U]);
-  Hacl_Bignum_fsum(xprime, zprime);
-  Hacl_Bignum_fdifference(zprime, origxprime0);
-  Hacl_Bignum_fmul(xxprime0, xprime, z);
-  Hacl_Bignum_fmul(zzprime0, x, zprime);
-  origxprime = buf + (uint32_t)5U;
-  xx0 = buf + (uint32_t)15U;
-  zz0 = buf + (uint32_t)20U;
-  xxprime = buf + (uint32_t)25U;
-  zzprime = buf + (uint32_t)30U;
-  zzzprime = buf + (uint32_t)35U;
-  memcpy(origxprime, xxprime, (uint32_t)5U * sizeof xxprime[0U]);
-  Hacl_Bignum_fsum(xxprime, zzprime);
-  Hacl_Bignum_fdifference(zzprime, origxprime);
-  Hacl_Bignum_Fsquare_fsquare_times(x3, xxprime, (uint32_t)1U);
-  Hacl_Bignum_Fsquare_fsquare_times(zzzprime, zzprime, (uint32_t)1U);
-  Hacl_Bignum_fmul(z3, zzzprime, qx);
-  Hacl_Bignum_Fsquare_fsquare_times(xx0, x, (uint32_t)1U);
-  Hacl_Bignum_Fsquare_fsquare_times(zz0, z, (uint32_t)1U);
-  zzz = buf + (uint32_t)10U;
-  xx = buf + (uint32_t)15U;
-  zz = buf + (uint32_t)20U;
-  Hacl_Bignum_fmul(x2, xx, zz);
-  Hacl_Bignum_fdifference(zz, xx);
-  scalar = (uint64_t)121665U;
-  Hacl_Bignum_fscalar(zzz, zz, scalar);
-  Hacl_Bignum_fsum(zzz, xx);
-  Hacl_Bignum_fmul(z2, zzz, zz);
-}
-
-static void
-Hacl_EC_Ladder_SmallLoop_cmult_small_loop_step(
-  uint64_t *nq,
-  uint64_t *nqpq,
-  uint64_t *nq2,
-  uint64_t *nqpq2,
-  uint64_t *q,
-  uint8_t byt
-)
-{
-  uint64_t bit0 = (uint64_t)(byt >> (uint32_t)7U);
-  uint64_t bit;
-  Hacl_EC_Point_swap_conditional(nq, nqpq, bit0);
-  Hacl_EC_AddAndDouble_fmonty(nq2, nqpq2, nq, nqpq, q);
-  bit = (uint64_t)(byt >> (uint32_t)7U);
-  Hacl_EC_Point_swap_conditional(nq2, nqpq2, bit);
-}
-
-static void
-Hacl_EC_Ladder_SmallLoop_cmult_small_loop_double_step(
-  uint64_t *nq,
-  uint64_t *nqpq,
-  uint64_t *nq2,
-  uint64_t *nqpq2,
-  uint64_t *q,
-  uint8_t byt
-)
-{
-  uint8_t byt1;
-  Hacl_EC_Ladder_SmallLoop_cmult_small_loop_step(nq, nqpq, nq2, nqpq2, q, byt);
-  byt1 = byt << (uint32_t)1U;
-  Hacl_EC_Ladder_SmallLoop_cmult_small_loop_step(nq2, nqpq2, nq, nqpq, q, byt1);
-}
-
-static void
-Hacl_EC_Ladder_SmallLoop_cmult_small_loop(
-  uint64_t *nq,
-  uint64_t *nqpq,
-  uint64_t *nq2,
-  uint64_t *nqpq2,
-  uint64_t *q,
-  uint8_t byt,
-  uint32_t i
-)
-{
-  if (!(i == (uint32_t)0U))
-  {
-    uint32_t i_ = i - (uint32_t)1U;
-    uint8_t byt_;
-    Hacl_EC_Ladder_SmallLoop_cmult_small_loop_double_step(nq, nqpq, nq2, nqpq2, q, byt);
-    byt_ = byt << (uint32_t)2U;
-    Hacl_EC_Ladder_SmallLoop_cmult_small_loop(nq, nqpq, nq2, nqpq2, q, byt_, i_);
-  }
-}
-
-static void
-Hacl_EC_Ladder_BigLoop_cmult_big_loop(
-  uint8_t *n1,
-  uint64_t *nq,
-  uint64_t *nqpq,
-  uint64_t *nq2,
-  uint64_t *nqpq2,
-  uint64_t *q,
-  uint32_t i
-)
-{
-  if (!(i == (uint32_t)0U))
-  {
-    uint32_t i1 = i - (uint32_t)1U;
-    uint8_t byte = n1[i1];
-    Hacl_EC_Ladder_SmallLoop_cmult_small_loop(nq, nqpq, nq2, nqpq2, q, byte, (uint32_t)4U);
-    Hacl_EC_Ladder_BigLoop_cmult_big_loop(n1, nq, nqpq, nq2, nqpq2, q, i1);
-  }
-}
-
-static void Hacl_EC_Ladder_cmult(uint64_t *result, uint8_t *n1, uint64_t *q)
-{
-  uint64_t point_buf[40U] = { 0U };
-  uint64_t *nq = point_buf;
-  uint64_t *nqpq = point_buf + (uint32_t)10U;
-  uint64_t *nq2 = point_buf + (uint32_t)20U;
-  uint64_t *nqpq2 = point_buf + (uint32_t)30U;
-  Hacl_EC_Point_copy(nqpq, q);
-  nq[0U] = (uint64_t)1U;
-  Hacl_EC_Ladder_BigLoop_cmult_big_loop(n1, nq, nqpq, nq2, nqpq2, q, (uint32_t)32U);
-  Hacl_EC_Point_copy(result, nq);
-}
-
-void Hacl_Curve25519_crypto_scalarmult(uint8_t *mypublic, uint8_t *secret, uint8_t *basepoint)
-{
-  uint64_t buf0[10U] = { 0U };
-  uint64_t *x0 = buf0;
-  uint64_t *z = buf0 + (uint32_t)5U;
-  uint64_t *q;
-  Hacl_EC_Format_fexpand(x0, basepoint);
-  z[0U] = (uint64_t)1U;
-  q = buf0;
-  {
-    uint8_t e[32U] = { 0U };
-    uint8_t e0;
-    uint8_t e31;
-    uint8_t e01;
-    uint8_t e311;
-    uint8_t e312;
-    uint8_t *scalar;
-    memcpy(e, secret, (uint32_t)32U * sizeof secret[0U]);
-    e0 = e[0U];
-    e31 = e[31U];
-    e01 = e0 & (uint8_t)248U;
-    e311 = e31 & (uint8_t)127U;
-    e312 = e311 | (uint8_t)64U;
-    e[0U] = e01;
-    e[31U] = e312;
-    scalar = e;
-    {
-      uint64_t buf[15U] = { 0U };
-      uint64_t *nq = buf;
-      uint64_t *x = nq;
-      x[0U] = (uint64_t)1U;
-      Hacl_EC_Ladder_cmult(nq, scalar, q);
-      Hacl_EC_Format_scalar_of_point(mypublic, nq);
-    }
-  }
-}
-

lib/mbedtls/3rdparty/everest/library/Hacl_Curve25519_joined.c

@@ -1,45 +0,0 @@
-/*
- *  Interface to code from Project Everest
- *
- *  Copyright 2016-2018 INRIA and Microsoft Corporation
- *  SPDX-License-Identifier: Apache-2.0
- *
- *  Licensed under the Apache License, Version 2.0 (the "License"); you may
- *  not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- *
- *  This file is part of mbed TLS (https://tls.mbed.org)
- */
-
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "mbedtls/config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
-
-#if defined(MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED)
-
-#if defined(__SIZEOF_INT128__) && (__SIZEOF_INT128__ == 16)
-#define MBEDTLS_HAVE_INT128
-#endif
-
-#if defined(MBEDTLS_HAVE_INT128)
-#include "Hacl_Curve25519.c"
-#else
-#define KRML_VERIFIED_UINT128
-#include "kremlib/FStar_UInt128_extracted.c"
-#include "legacy/Hacl_Curve25519.c"
-#endif
-
-#include "kremlib/FStar_UInt64_FStar_UInt32_FStar_UInt16_FStar_UInt8.c"
-
-#endif /* defined(MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED) */
-

lib/mbedtls/3rdparty/everest/library/everest.c

@@ -1,111 +0,0 @@
-/*
- *  Interface to code from Project Everest
- *
- *  Copyright 2016-2018 INRIA and Microsoft Corporation
- *  SPDX-License-Identifier: Apache-2.0
- *
- *  Licensed under the Apache License, Version 2.0 (the "License"); you may
- *  not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- *
- *  This file is part of Mbed TLS (https://tls.mbed.org).
- */
-
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "mbedtls/config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
-
-#include <string.h>
-
-#include "mbedtls/ecdh.h"
-
-#include "everest/x25519.h"
-#include "everest/everest.h"
-
-#if defined(MBEDTLS_PLATFORM_C)
-#include "mbedtls/platform.h"
-#else
-#define mbedtls_calloc calloc
-#define mbedtls_free   free
-#endif
-
-#if defined(MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED)
-
-int mbedtls_everest_setup( mbedtls_ecdh_context_everest *ctx, int grp_id )
-{
-    if( grp_id != MBEDTLS_ECP_DP_CURVE25519 )
-        return MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
-    mbedtls_x25519_init( &ctx->ctx );
-    return 0;
-}
-
-void mbedtls_everest_free( mbedtls_ecdh_context_everest *ctx )
-{
-    mbedtls_x25519_free( &ctx->ctx );
-}
-
-int mbedtls_everest_make_params( mbedtls_ecdh_context_everest *ctx, size_t *olen,
-                                 unsigned char *buf, size_t blen,
-                                 int( *f_rng )( void *, unsigned char *, size_t ),
-                                 void *p_rng )
-{
-    mbedtls_x25519_context *x25519_ctx = &ctx->ctx;
-    return mbedtls_x25519_make_params( x25519_ctx, olen, buf, blen, f_rng, p_rng );
-}
-
-int mbedtls_everest_read_params( mbedtls_ecdh_context_everest *ctx,
-                                 const unsigned char **buf,
-                                 const unsigned char *end )
-{
-    mbedtls_x25519_context *x25519_ctx = &ctx->ctx;
-    return mbedtls_x25519_read_params( x25519_ctx, buf, end );
-}
-
-int mbedtls_everest_get_params( mbedtls_ecdh_context_everest *ctx,
-                                const mbedtls_ecp_keypair *key,
-                                mbedtls_everest_ecdh_side side )
-{
-    mbedtls_x25519_context *x25519_ctx = &ctx->ctx;
-    mbedtls_x25519_ecdh_side s = side == MBEDTLS_EVEREST_ECDH_OURS ?
-                                            MBEDTLS_X25519_ECDH_OURS :
-                                            MBEDTLS_X25519_ECDH_THEIRS;
-    return mbedtls_x25519_get_params( x25519_ctx, key, s );
-}
-
-int mbedtls_everest_make_public( mbedtls_ecdh_context_everest *ctx, size_t *olen,
-                                 unsigned char *buf, size_t blen,
-                                 int( *f_rng )( void *, unsigned char *, size_t ),
-                                 void *p_rng )
-{
-    mbedtls_x25519_context *x25519_ctx = &ctx->ctx;
-    return mbedtls_x25519_make_public( x25519_ctx, olen, buf, blen, f_rng, p_rng );
-}
-
-int mbedtls_everest_read_public( mbedtls_ecdh_context_everest *ctx,
-                                 const unsigned char *buf, size_t blen )
-{
-    mbedtls_x25519_context *x25519_ctx = &ctx->ctx;
-    return mbedtls_x25519_read_public ( x25519_ctx, buf, blen );
-}
-
-int mbedtls_everest_calc_secret( mbedtls_ecdh_context_everest *ctx, size_t *olen,
-                                 unsigned char *buf, size_t blen,
-                                 int( *f_rng )( void *, unsigned char *, size_t ),
-                                 void *p_rng )
-{
-    mbedtls_x25519_context *x25519_ctx = &ctx->ctx;
-    return mbedtls_x25519_calc_secret( x25519_ctx, olen, buf, blen, f_rng, p_rng );
-}
-
-#endif /* MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED */
-

lib/mbedtls/3rdparty/everest/library/kremlib/FStar_UInt128_extracted.c

@@ -1,413 +0,0 @@
-/* Copyright (c) INRIA and Microsoft Corporation. All rights reserved.
-   Licensed under the Apache 2.0 License. */
-
-/* This file was generated by KreMLin <https://github.com/FStarLang/kremlin>
- * KreMLin invocation: ../krml -fc89 -fparentheses -fno-shadow -header /mnt/e/everest/verify/hdrB9w -minimal -fparentheses -fcurly-braces -fno-shadow -header copyright-header.txt -minimal -tmpdir extracted -warn-error +9+11 -skip-compilation -extract-uints -add-include <inttypes.h> -add-include "kremlib.h" -add-include "kremlin/internal/compat.h" extracted/prims.krml extracted/FStar_Pervasives_Native.krml extracted/FStar_Pervasives.krml extracted/FStar_Mul.krml extracted/FStar_Squash.krml extracted/FStar_Classical.krml extracted/FStar_StrongExcludedMiddle.krml extracted/FStar_FunctionalExtensionality.krml extracted/FStar_List_Tot_Base.krml extracted/FStar_List_Tot_Properties.krml extracted/FStar_List_Tot.krml extracted/FStar_Seq_Base.krml extracted/FStar_Seq_Properties.krml extracted/FStar_Seq.krml extracted/FStar_Math_Lib.krml extracted/FStar_Math_Lemmas.krml extracted/FStar_BitVector.krml extracted/FStar_UInt.krml extracted/FStar_UInt32.krml extracted/FStar_Int.krml extracted/FStar_Int16.krml extracted/FStar_Preorder.krml extracted/FStar_Ghost.krml extracted/FStar_ErasedLogic.krml extracted/FStar_UInt64.krml extracted/FStar_Set.krml extracted/FStar_PropositionalExtensionality.krml extracted/FStar_PredicateExtensionality.krml extracted/FStar_TSet.krml extracted/FStar_Monotonic_Heap.krml extracted/FStar_Heap.krml extracted/FStar_Map.krml extracted/FStar_Monotonic_HyperHeap.krml extracted/FStar_Monotonic_HyperStack.krml extracted/FStar_HyperStack.krml extracted/FStar_Monotonic_Witnessed.krml extracted/FStar_HyperStack_ST.krml extracted/FStar_HyperStack_All.krml extracted/FStar_Date.krml extracted/FStar_Universe.krml extracted/FStar_GSet.krml extracted/FStar_ModifiesGen.krml extracted/LowStar_Monotonic_Buffer.krml extracted/LowStar_Buffer.krml extracted/Spec_Loops.krml extracted/LowStar_BufferOps.krml extracted/C_Loops.krml extracted/FStar_UInt8.krml extracted/FStar_Kremlin_Endianness.krml extracted/FStar_UInt63.krml extracted/FStar_Exn.krml extracted/FStar_ST.krml extracted/FStar_All.krml extracted/FStar_Dyn.krml extracted/FStar_Int63.krml extracted/FStar_Int64.krml extracted/FStar_Int32.krml extracted/FStar_Int8.krml extracted/FStar_UInt16.krml extracted/FStar_Int_Cast.krml extracted/FStar_UInt128.krml extracted/C_Endianness.krml extracted/FStar_List.krml extracted/FStar_Float.krml extracted/FStar_IO.krml extracted/C.krml extracted/FStar_Char.krml extracted/FStar_String.krml extracted/LowStar_Modifies.krml extracted/C_String.krml extracted/FStar_Bytes.krml extracted/FStar_HyperStack_IO.krml extracted/C_Failure.krml extracted/TestLib.krml extracted/FStar_Int_Cast_Full.krml
- * F* version: 059db0c8
- * KreMLin version: 916c37ac
- */
-
-
-#include "FStar_UInt128.h"
-#include "kremlin/c_endianness.h"
-#include "FStar_UInt64_FStar_UInt32_FStar_UInt16_FStar_UInt8.h"
-
-uint64_t FStar_UInt128___proj__Mkuint128__item__low(FStar_UInt128_uint128 projectee)
-{
-  return projectee.low;
-}
-
-uint64_t FStar_UInt128___proj__Mkuint128__item__high(FStar_UInt128_uint128 projectee)
-{
-  return projectee.high;
-}
-
-static uint64_t FStar_UInt128_constant_time_carry(uint64_t a, uint64_t b)
-{
-  return (a ^ ((a ^ b) | ((a - b) ^ b))) >> (uint32_t)63U;
-}
-
-static uint64_t FStar_UInt128_carry(uint64_t a, uint64_t b)
-{
-  return FStar_UInt128_constant_time_carry(a, b);
-}
-
-FStar_UInt128_uint128 FStar_UInt128_add(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b)
-{
-  FStar_UInt128_uint128
-  flat = { a.low + b.low, a.high + b.high + FStar_UInt128_carry(a.low + b.low, b.low) };
-  return flat;
-}
-
-FStar_UInt128_uint128
-FStar_UInt128_add_underspec(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b)
-{
-  FStar_UInt128_uint128
-  flat = { a.low + b.low, a.high + b.high + FStar_UInt128_carry(a.low + b.low, b.low) };
-  return flat;
-}
-
-FStar_UInt128_uint128 FStar_UInt128_add_mod(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b)
-{
-  FStar_UInt128_uint128
-  flat = { a.low + b.low, a.high + b.high + FStar_UInt128_carry(a.low + b.low, b.low) };
-  return flat;
-}
-
-FStar_UInt128_uint128 FStar_UInt128_sub(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b)
-{
-  FStar_UInt128_uint128
-  flat = { a.low - b.low, a.high - b.high - FStar_UInt128_carry(a.low, a.low - b.low) };
-  return flat;
-}
-
-FStar_UInt128_uint128
-FStar_UInt128_sub_underspec(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b)
-{
-  FStar_UInt128_uint128
-  flat = { a.low - b.low, a.high - b.high - FStar_UInt128_carry(a.low, a.low - b.low) };
-  return flat;
-}
-
-static FStar_UInt128_uint128
-FStar_UInt128_sub_mod_impl(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b)
-{
-  FStar_UInt128_uint128
-  flat = { a.low - b.low, a.high - b.high - FStar_UInt128_carry(a.low, a.low - b.low) };
-  return flat;
-}
-
-FStar_UInt128_uint128 FStar_UInt128_sub_mod(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b)
-{
-  return FStar_UInt128_sub_mod_impl(a, b);
-}
-
-FStar_UInt128_uint128 FStar_UInt128_logand(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b)
-{
-  FStar_UInt128_uint128 flat = { a.low & b.low, a.high & b.high };
-  return flat;
-}
-
-FStar_UInt128_uint128 FStar_UInt128_logxor(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b)
-{
-  FStar_UInt128_uint128 flat = { a.low ^ b.low, a.high ^ b.high };
-  return flat;
-}
-
-FStar_UInt128_uint128 FStar_UInt128_logor(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b)
-{
-  FStar_UInt128_uint128 flat = { a.low | b.low, a.high | b.high };
-  return flat;
-}
-
-FStar_UInt128_uint128 FStar_UInt128_lognot(FStar_UInt128_uint128 a)
-{
-  FStar_UInt128_uint128 flat = { ~a.low, ~a.high };
-  return flat;
-}
-
-static uint32_t FStar_UInt128_u32_64 = (uint32_t)64U;
-
-static uint64_t FStar_UInt128_add_u64_shift_left(uint64_t hi, uint64_t lo, uint32_t s)
-{
-  return (hi << s) + (lo >> (FStar_UInt128_u32_64 - s));
-}
-
-static uint64_t FStar_UInt128_add_u64_shift_left_respec(uint64_t hi, uint64_t lo, uint32_t s)
-{
-  return FStar_UInt128_add_u64_shift_left(hi, lo, s);
-}
-
-static FStar_UInt128_uint128
-FStar_UInt128_shift_left_small(FStar_UInt128_uint128 a, uint32_t s)
-{
-  if (s == (uint32_t)0U)
-  {
-    return a;
-  }
-  else
-  {
-    FStar_UInt128_uint128
-    flat = { a.low << s, FStar_UInt128_add_u64_shift_left_respec(a.high, a.low, s) };
-    return flat;
-  }
-}
-
-static FStar_UInt128_uint128
-FStar_UInt128_shift_left_large(FStar_UInt128_uint128 a, uint32_t s)
-{
-  FStar_UInt128_uint128 flat = { (uint64_t)0U, a.low << (s - FStar_UInt128_u32_64) };
-  return flat;
-}
-
-FStar_UInt128_uint128 FStar_UInt128_shift_left(FStar_UInt128_uint128 a, uint32_t s)
-{
-  if (s < FStar_UInt128_u32_64)
-  {
-    return FStar_UInt128_shift_left_small(a, s);
-  }
-  else
-  {
-    return FStar_UInt128_shift_left_large(a, s);
-  }
-}
-
-static uint64_t FStar_UInt128_add_u64_shift_right(uint64_t hi, uint64_t lo, uint32_t s)
-{
-  return (lo >> s) + (hi << (FStar_UInt128_u32_64 - s));
-}
-
-static uint64_t FStar_UInt128_add_u64_shift_right_respec(uint64_t hi, uint64_t lo, uint32_t s)
-{
-  return FStar_UInt128_add_u64_shift_right(hi, lo, s);
-}
-
-static FStar_UInt128_uint128
-FStar_UInt128_shift_right_small(FStar_UInt128_uint128 a, uint32_t s)
-{
-  if (s == (uint32_t)0U)
-  {
-    return a;
-  }
-  else
-  {
-    FStar_UInt128_uint128
-    flat = { FStar_UInt128_add_u64_shift_right_respec(a.high, a.low, s), a.high >> s };
-    return flat;
-  }
-}
-
-static FStar_UInt128_uint128
-FStar_UInt128_shift_right_large(FStar_UInt128_uint128 a, uint32_t s)
-{
-  FStar_UInt128_uint128 flat = { a.high >> (s - FStar_UInt128_u32_64), (uint64_t)0U };
-  return flat;
-}
-
-FStar_UInt128_uint128 FStar_UInt128_shift_right(FStar_UInt128_uint128 a, uint32_t s)
-{
-  if (s < FStar_UInt128_u32_64)
-  {
-    return FStar_UInt128_shift_right_small(a, s);
-  }
-  else
-  {
-    return FStar_UInt128_shift_right_large(a, s);
-  }
-}
-
-bool FStar_UInt128_eq(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b)
-{
-  return a.low == b.low && a.high == b.high;
-}
-
-bool FStar_UInt128_gt(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b)
-{
-  return a.high > b.high || (a.high == b.high && a.low > b.low);
-}
-
-bool FStar_UInt128_lt(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b)
-{
-  return a.high < b.high || (a.high == b.high && a.low < b.low);
-}
-
-bool FStar_UInt128_gte(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b)
-{
-  return a.high > b.high || (a.high == b.high && a.low >= b.low);
-}
-
-bool FStar_UInt128_lte(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b)
-{
-  return a.high < b.high || (a.high == b.high && a.low <= b.low);
-}
-
-FStar_UInt128_uint128 FStar_UInt128_eq_mask(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b)
-{
-  FStar_UInt128_uint128
-  flat =
-    {
-      FStar_UInt64_eq_mask(a.low,
-        b.low)
-      & FStar_UInt64_eq_mask(a.high, b.high),
-      FStar_UInt64_eq_mask(a.low,
-        b.low)
-      & FStar_UInt64_eq_mask(a.high, b.high)
-    };
-  return flat;
-}
-
-FStar_UInt128_uint128 FStar_UInt128_gte_mask(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b)
-{
-  FStar_UInt128_uint128
-  flat =
-    {
-      (FStar_UInt64_gte_mask(a.high, b.high) & ~FStar_UInt64_eq_mask(a.high, b.high))
-      | (FStar_UInt64_eq_mask(a.high, b.high) & FStar_UInt64_gte_mask(a.low, b.low)),
-      (FStar_UInt64_gte_mask(a.high, b.high) & ~FStar_UInt64_eq_mask(a.high, b.high))
-      | (FStar_UInt64_eq_mask(a.high, b.high) & FStar_UInt64_gte_mask(a.low, b.low))
-    };
-  return flat;
-}
-
-FStar_UInt128_uint128 FStar_UInt128_uint64_to_uint128(uint64_t a)
-{
-  FStar_UInt128_uint128 flat = { a, (uint64_t)0U };
-  return flat;
-}
-
-uint64_t FStar_UInt128_uint128_to_uint64(FStar_UInt128_uint128 a)
-{
-  return a.low;
-}
-
-FStar_UInt128_uint128
-(*FStar_UInt128_op_Plus_Hat)(FStar_UInt128_uint128 x0, FStar_UInt128_uint128 x1) =
-  FStar_UInt128_add;
-
-FStar_UInt128_uint128
-(*FStar_UInt128_op_Plus_Question_Hat)(FStar_UInt128_uint128 x0, FStar_UInt128_uint128 x1) =
-  FStar_UInt128_add_underspec;
-
-FStar_UInt128_uint128
-(*FStar_UInt128_op_Plus_Percent_Hat)(FStar_UInt128_uint128 x0, FStar_UInt128_uint128 x1) =
-  FStar_UInt128_add_mod;
-
-FStar_UInt128_uint128
-(*FStar_UInt128_op_Subtraction_Hat)(FStar_UInt128_uint128 x0, FStar_UInt128_uint128 x1) =
-  FStar_UInt128_sub;
-
-FStar_UInt128_uint128
-(*FStar_UInt128_op_Subtraction_Question_Hat)(
-  FStar_UInt128_uint128 x0,
-  FStar_UInt128_uint128 x1
-) = FStar_UInt128_sub_underspec;
-
-FStar_UInt128_uint128
-(*FStar_UInt128_op_Subtraction_Percent_Hat)(FStar_UInt128_uint128 x0, FStar_UInt128_uint128 x1) =
-  FStar_UInt128_sub_mod;
-
-FStar_UInt128_uint128
-(*FStar_UInt128_op_Amp_Hat)(FStar_UInt128_uint128 x0, FStar_UInt128_uint128 x1) =
-  FStar_UInt128_logand;
-
-FStar_UInt128_uint128
-(*FStar_UInt128_op_Hat_Hat)(FStar_UInt128_uint128 x0, FStar_UInt128_uint128 x1) =
-  FStar_UInt128_logxor;
-
-FStar_UInt128_uint128
-(*FStar_UInt128_op_Bar_Hat)(FStar_UInt128_uint128 x0, FStar_UInt128_uint128 x1) =
-  FStar_UInt128_logor;
-
-FStar_UInt128_uint128
-(*FStar_UInt128_op_Less_Less_Hat)(FStar_UInt128_uint128 x0, uint32_t x1) =
-  FStar_UInt128_shift_left;
-
-FStar_UInt128_uint128
-(*FStar_UInt128_op_Greater_Greater_Hat)(FStar_UInt128_uint128 x0, uint32_t x1) =
-  FStar_UInt128_shift_right;
-
-bool
-(*FStar_UInt128_op_Equals_Hat)(FStar_UInt128_uint128 x0, FStar_UInt128_uint128 x1) =
-  FStar_UInt128_eq;
-
-bool
-(*FStar_UInt128_op_Greater_Hat)(FStar_UInt128_uint128 x0, FStar_UInt128_uint128 x1) =
-  FStar_UInt128_gt;
-
-bool
-(*FStar_UInt128_op_Less_Hat)(FStar_UInt128_uint128 x0, FStar_UInt128_uint128 x1) =
-  FStar_UInt128_lt;
-
-bool
-(*FStar_UInt128_op_Greater_Equals_Hat)(FStar_UInt128_uint128 x0, FStar_UInt128_uint128 x1) =
-  FStar_UInt128_gte;
-
-bool
-(*FStar_UInt128_op_Less_Equals_Hat)(FStar_UInt128_uint128 x0, FStar_UInt128_uint128 x1) =
-  FStar_UInt128_lte;
-
-static uint64_t FStar_UInt128_u64_mod_32(uint64_t a)
-{
-  return a & (uint64_t)0xffffffffU;
-}
-
-static uint32_t FStar_UInt128_u32_32 = (uint32_t)32U;
-
-static uint64_t FStar_UInt128_u32_combine(uint64_t hi, uint64_t lo)
-{
-  return lo + (hi << FStar_UInt128_u32_32);
-}
-
-FStar_UInt128_uint128 FStar_UInt128_mul32(uint64_t x, uint32_t y)
-{
-  FStar_UInt128_uint128
-  flat =
-    {
-      FStar_UInt128_u32_combine((x >> FStar_UInt128_u32_32)
-        * (uint64_t)y
-        + (FStar_UInt128_u64_mod_32(x) * (uint64_t)y >> FStar_UInt128_u32_32),
-        FStar_UInt128_u64_mod_32(FStar_UInt128_u64_mod_32(x) * (uint64_t)y)),
-      ((x >> FStar_UInt128_u32_32)
-      * (uint64_t)y
-      + (FStar_UInt128_u64_mod_32(x) * (uint64_t)y >> FStar_UInt128_u32_32))
-      >> FStar_UInt128_u32_32
-    };
-  return flat;
-}
-
-typedef struct K___uint64_t_uint64_t_uint64_t_uint64_t_s
-{
-  uint64_t fst;
-  uint64_t snd;
-  uint64_t thd;
-  uint64_t f3;
-}
-K___uint64_t_uint64_t_uint64_t_uint64_t;
-
-static K___uint64_t_uint64_t_uint64_t_uint64_t
-FStar_UInt128_mul_wide_impl_t_(uint64_t x, uint64_t y)
-{
-  K___uint64_t_uint64_t_uint64_t_uint64_t
-  flat =
-    {
-      FStar_UInt128_u64_mod_32(x),
-      FStar_UInt128_u64_mod_32(FStar_UInt128_u64_mod_32(x) * FStar_UInt128_u64_mod_32(y)),
-      x
-      >> FStar_UInt128_u32_32,
-      (x >> FStar_UInt128_u32_32)
-      * FStar_UInt128_u64_mod_32(y)
-      + (FStar_UInt128_u64_mod_32(x) * FStar_UInt128_u64_mod_32(y) >> FStar_UInt128_u32_32)
-    };
-  return flat;
-}
-
-static uint64_t FStar_UInt128_u32_combine_(uint64_t hi, uint64_t lo)
-{
-  return lo + (hi << FStar_UInt128_u32_32);
-}
-
-static FStar_UInt128_uint128 FStar_UInt128_mul_wide_impl(uint64_t x, uint64_t y)
-{
-  K___uint64_t_uint64_t_uint64_t_uint64_t scrut = FStar_UInt128_mul_wide_impl_t_(x, y);
-  uint64_t u1 = scrut.fst;
-  uint64_t w3 = scrut.snd;
-  uint64_t x_ = scrut.thd;
-  uint64_t t_ = scrut.f3;
-  FStar_UInt128_uint128
-  flat =
-    {
-      FStar_UInt128_u32_combine_(u1 * (y >> FStar_UInt128_u32_32) + FStar_UInt128_u64_mod_32(t_),
-        w3),
-      x_
-      * (y >> FStar_UInt128_u32_32)
-      + (t_ >> FStar_UInt128_u32_32)
-      + ((u1 * (y >> FStar_UInt128_u32_32) + FStar_UInt128_u64_mod_32(t_)) >> FStar_UInt128_u32_32)
-    };
-  return flat;
-}
-
-FStar_UInt128_uint128 FStar_UInt128_mul_wide(uint64_t x, uint64_t y)
-{
-  return FStar_UInt128_mul_wide_impl(x, y);
-}
-

lib/mbedtls/3rdparty/everest/library/kremlib/FStar_UInt64_FStar_UInt32_FStar_UInt16_FStar_UInt8.c

@@ -1,100 +0,0 @@
-/* Copyright (c) INRIA and Microsoft Corporation. All rights reserved.
-   Licensed under the Apache 2.0 License. */
-
-/* This file was generated by KreMLin <https://github.com/FStarLang/kremlin>
- * KreMLin invocation: ../krml -fc89 -fparentheses -fno-shadow -header /mnt/e/everest/verify/hdrB9w -minimal -fparentheses -fcurly-braces -fno-shadow -header copyright-header.txt -minimal -tmpdir dist/minimal -skip-compilation -extract-uints -add-include <inttypes.h> -add-include <stdbool.h> -add-include "kremlin/internal/compat.h" -add-include "kremlin/internal/types.h" -bundle FStar.UInt64+FStar.UInt32+FStar.UInt16+FStar.UInt8=* extracted/prims.krml extracted/FStar_Pervasives_Native.krml extracted/FStar_Pervasives.krml extracted/FStar_Mul.krml extracted/FStar_Squash.krml extracted/FStar_Classical.krml extracted/FStar_StrongExcludedMiddle.krml extracted/FStar_FunctionalExtensionality.krml extracted/FStar_List_Tot_Base.krml extracted/FStar_List_Tot_Properties.krml extracted/FStar_List_Tot.krml extracted/FStar_Seq_Base.krml extracted/FStar_Seq_Properties.krml extracted/FStar_Seq.krml extracted/FStar_Math_Lib.krml extracted/FStar_Math_Lemmas.krml extracted/FStar_BitVector.krml extracted/FStar_UInt.krml extracted/FStar_UInt32.krml extracted/FStar_Int.krml extracted/FStar_Int16.krml extracted/FStar_Preorder.krml extracted/FStar_Ghost.krml extracted/FStar_ErasedLogic.krml extracted/FStar_UInt64.krml extracted/FStar_Set.krml extracted/FStar_PropositionalExtensionality.krml extracted/FStar_PredicateExtensionality.krml extracted/FStar_TSet.krml extracted/FStar_Monotonic_Heap.krml extracted/FStar_Heap.krml extracted/FStar_Map.krml extracted/FStar_Monotonic_HyperHeap.krml extracted/FStar_Monotonic_HyperStack.krml extracted/FStar_HyperStack.krml extracted/FStar_Monotonic_Witnessed.krml extracted/FStar_HyperStack_ST.krml extracted/FStar_HyperStack_All.krml extracted/FStar_Date.krml extracted/FStar_Universe.krml extracted/FStar_GSet.krml extracted/FStar_ModifiesGen.krml extracted/LowStar_Monotonic_Buffer.krml extracted/LowStar_Buffer.krml extracted/Spec_Loops.krml extracted/LowStar_BufferOps.krml extracted/C_Loops.krml extracted/FStar_UInt8.krml extracted/FStar_Kremlin_Endianness.krml extracted/FStar_UInt63.krml extracted/FStar_Exn.krml extracted/FStar_ST.krml extracted/FStar_All.krml extracted/FStar_Dyn.krml extracted/FStar_Int63.krml extracted/FStar_Int64.krml extracted/FStar_Int32.krml extracted/FStar_Int8.krml extracted/FStar_UInt16.krml extracted/FStar_Int_Cast.krml extracted/FStar_UInt128.krml extracted/C_Endianness.krml extracted/FStar_List.krml extracted/FStar_Float.krml extracted/FStar_IO.krml extracted/C.krml extracted/FStar_Char.krml extracted/FStar_String.krml extracted/LowStar_Modifies.krml extracted/C_String.krml extracted/FStar_Bytes.krml extracted/FStar_HyperStack_IO.krml extracted/C_Failure.krml extracted/TestLib.krml extracted/FStar_Int_Cast_Full.krml
- * F* version: 059db0c8
- * KreMLin version: 916c37ac
- */
-
-
-#include "FStar_UInt64_FStar_UInt32_FStar_UInt16_FStar_UInt8.h"
-
-uint64_t FStar_UInt64_eq_mask(uint64_t a, uint64_t b)
-{
-  uint64_t x = a ^ b;
-  uint64_t minus_x = ~x + (uint64_t)1U;
-  uint64_t x_or_minus_x = x | minus_x;
-  uint64_t xnx = x_or_minus_x >> (uint32_t)63U;
-  return xnx - (uint64_t)1U;
-}
-
-uint64_t FStar_UInt64_gte_mask(uint64_t a, uint64_t b)
-{
-  uint64_t x = a;
-  uint64_t y = b;
-  uint64_t x_xor_y = x ^ y;
-  uint64_t x_sub_y = x - y;
-  uint64_t x_sub_y_xor_y = x_sub_y ^ y;
-  uint64_t q = x_xor_y | x_sub_y_xor_y;
-  uint64_t x_xor_q = x ^ q;
-  uint64_t x_xor_q_ = x_xor_q >> (uint32_t)63U;
-  return x_xor_q_ - (uint64_t)1U;
-}
-
-uint32_t FStar_UInt32_eq_mask(uint32_t a, uint32_t b)
-{
-  uint32_t x = a ^ b;
-  uint32_t minus_x = ~x + (uint32_t)1U;
-  uint32_t x_or_minus_x = x | minus_x;
-  uint32_t xnx = x_or_minus_x >> (uint32_t)31U;
-  return xnx - (uint32_t)1U;
-}
-
-uint32_t FStar_UInt32_gte_mask(uint32_t a, uint32_t b)
-{
-  uint32_t x = a;
-  uint32_t y = b;
-  uint32_t x_xor_y = x ^ y;
-  uint32_t x_sub_y = x - y;
-  uint32_t x_sub_y_xor_y = x_sub_y ^ y;
-  uint32_t q = x_xor_y | x_sub_y_xor_y;
-  uint32_t x_xor_q = x ^ q;
-  uint32_t x_xor_q_ = x_xor_q >> (uint32_t)31U;
-  return x_xor_q_ - (uint32_t)1U;
-}
-
-uint16_t FStar_UInt16_eq_mask(uint16_t a, uint16_t b)
-{
-  uint16_t x = a ^ b;
-  uint16_t minus_x = ~x + (uint16_t)1U;
-  uint16_t x_or_minus_x = x | minus_x;
-  uint16_t xnx = x_or_minus_x >> (uint32_t)15U;
-  return xnx - (uint16_t)1U;
-}
-
-uint16_t FStar_UInt16_gte_mask(uint16_t a, uint16_t b)
-{
-  uint16_t x = a;
-  uint16_t y = b;
-  uint16_t x_xor_y = x ^ y;
-  uint16_t x_sub_y = x - y;
-  uint16_t x_sub_y_xor_y = x_sub_y ^ y;
-  uint16_t q = x_xor_y | x_sub_y_xor_y;
-  uint16_t x_xor_q = x ^ q;
-  uint16_t x_xor_q_ = x_xor_q >> (uint32_t)15U;
-  return x_xor_q_ - (uint16_t)1U;
-}
-
-uint8_t FStar_UInt8_eq_mask(uint8_t a, uint8_t b)
-{
-  uint8_t x = a ^ b;
-  uint8_t minus_x = ~x + (uint8_t)1U;
-  uint8_t x_or_minus_x = x | minus_x;
-  uint8_t xnx = x_or_minus_x >> (uint32_t)7U;
-  return xnx - (uint8_t)1U;
-}
-
-uint8_t FStar_UInt8_gte_mask(uint8_t a, uint8_t b)
-{
-  uint8_t x = a;
-  uint8_t y = b;
-  uint8_t x_xor_y = x ^ y;
-  uint8_t x_sub_y = x - y;
-  uint8_t x_sub_y_xor_y = x_sub_y ^ y;
-  uint8_t q = x_xor_y | x_sub_y_xor_y;
-  uint8_t x_xor_q = x ^ q;
-  uint8_t x_xor_q_ = x_xor_q >> (uint32_t)7U;
-  return x_xor_q_ - (uint8_t)1U;
-}
-

lib/mbedtls/3rdparty/everest/library/legacy/Hacl_Curve25519.c

@@ -1,805 +0,0 @@
-/* Copyright (c) INRIA and Microsoft Corporation. All rights reserved.
-   Licensed under the Apache 2.0 License. */
-
-/* This file was generated by KreMLin <https://github.com/FStarLang/kremlin>
- * KreMLin invocation: /mnt/e/everest/verify/kremlin/krml -fc89 -fparentheses -fno-shadow -header /mnt/e/everest/verify/hdrcLh -minimal -fc89 -fparentheses -fno-shadow -header /mnt/e/everest/verify/hdrcLh -minimal -I /mnt/e/everest/verify/hacl-star/code/lib/kremlin -I /mnt/e/everest/verify/kremlin/kremlib/compat -I /mnt/e/everest/verify/hacl-star/specs -I /mnt/e/everest/verify/hacl-star/specs/old -I . -ccopt -march=native -verbose -ldopt -flto -tmpdir x25519-c -I ../bignum -bundle Hacl.Curve25519=* -minimal -add-include "kremlib.h" -skip-compilation x25519-c/out.krml -o x25519-c/Hacl_Curve25519.c
- * F* version: 059db0c8
- * KreMLin version: 916c37ac
- */
-
-
-#include "Hacl_Curve25519.h"
-
-extern uint64_t FStar_UInt64_eq_mask(uint64_t x0, uint64_t x1);
-
-extern uint64_t FStar_UInt64_gte_mask(uint64_t x0, uint64_t x1);
-
-extern FStar_UInt128_uint128
-FStar_UInt128_add(FStar_UInt128_uint128 x0, FStar_UInt128_uint128 x1);
-
-extern FStar_UInt128_uint128
-FStar_UInt128_add_mod(FStar_UInt128_uint128 x0, FStar_UInt128_uint128 x1);
-
-extern FStar_UInt128_uint128
-FStar_UInt128_logand(FStar_UInt128_uint128 x0, FStar_UInt128_uint128 x1);
-
-extern FStar_UInt128_uint128 FStar_UInt128_shift_right(FStar_UInt128_uint128 x0, uint32_t x1);
-
-extern FStar_UInt128_uint128 FStar_UInt128_uint64_to_uint128(uint64_t x0);
-
-extern uint64_t FStar_UInt128_uint128_to_uint64(FStar_UInt128_uint128 x0);
-
-extern FStar_UInt128_uint128 FStar_UInt128_mul_wide(uint64_t x0, uint64_t x1);
-
-static void Hacl_Bignum_Modulo_carry_top(uint64_t *b)
-{
-  uint64_t b4 = b[4U];
-  uint64_t b0 = b[0U];
-  uint64_t b4_ = b4 & (uint64_t)0x7ffffffffffffU;
-  uint64_t b0_ = b0 + (uint64_t)19U * (b4 >> (uint32_t)51U);
-  b[4U] = b4_;
-  b[0U] = b0_;
-}
-
-inline static void
-Hacl_Bignum_Fproduct_copy_from_wide_(uint64_t *output, FStar_UInt128_uint128 *input)
-{
-  uint32_t i;
-  for (i = (uint32_t)0U; i < (uint32_t)5U; i = i + (uint32_t)1U)
-  {
-    FStar_UInt128_uint128 xi = input[i];
-    output[i] = FStar_UInt128_uint128_to_uint64(xi);
-  }
-}
-
-inline static void
-Hacl_Bignum_Fproduct_sum_scalar_multiplication_(
-  FStar_UInt128_uint128 *output,
-  uint64_t *input,
-  uint64_t s
-)
-{
-  uint32_t i;
-  for (i = (uint32_t)0U; i < (uint32_t)5U; i = i + (uint32_t)1U)
-  {
-    FStar_UInt128_uint128 xi = output[i];
-    uint64_t yi = input[i];
-    output[i] = FStar_UInt128_add_mod(xi, FStar_UInt128_mul_wide(yi, s));
-  }
-}
-
-inline static void Hacl_Bignum_Fproduct_carry_wide_(FStar_UInt128_uint128 *tmp)
-{
-  uint32_t i;
-  for (i = (uint32_t)0U; i < (uint32_t)4U; i = i + (uint32_t)1U)
-  {
-    uint32_t ctr = i;
-    FStar_UInt128_uint128 tctr = tmp[ctr];
-    FStar_UInt128_uint128 tctrp1 = tmp[ctr + (uint32_t)1U];
-    uint64_t r0 = FStar_UInt128_uint128_to_uint64(tctr) & (uint64_t)0x7ffffffffffffU;
-    FStar_UInt128_uint128 c = FStar_UInt128_shift_right(tctr, (uint32_t)51U);
-    tmp[ctr] = FStar_UInt128_uint64_to_uint128(r0);
-    tmp[ctr + (uint32_t)1U] = FStar_UInt128_add(tctrp1, c);
-  }
-}
-
-inline static void Hacl_Bignum_Fmul_shift_reduce(uint64_t *output)
-{
-  uint64_t tmp = output[4U];
-  uint64_t b0;
-  {
-    uint32_t i;
-    for (i = (uint32_t)0U; i < (uint32_t)4U; i = i + (uint32_t)1U)
-    {
-      uint32_t ctr = (uint32_t)5U - i - (uint32_t)1U;
-      uint64_t z = output[ctr - (uint32_t)1U];
-      output[ctr] = z;
-    }
-  }
-  output[0U] = tmp;
-  b0 = output[0U];
-  output[0U] = (uint64_t)19U * b0;
-}
-
-static void
-Hacl_Bignum_Fmul_mul_shift_reduce_(
-  FStar_UInt128_uint128 *output,
-  uint64_t *input,
-  uint64_t *input2
-)
-{
-  uint32_t i;
-  uint64_t input2i;
-  {
-    uint32_t i0;
-    for (i0 = (uint32_t)0U; i0 < (uint32_t)4U; i0 = i0 + (uint32_t)1U)
-    {
-      uint64_t input2i0 = input2[i0];
-      Hacl_Bignum_Fproduct_sum_scalar_multiplication_(output, input, input2i0);
-      Hacl_Bignum_Fmul_shift_reduce(input);
-    }
-  }
-  i = (uint32_t)4U;
-  input2i = input2[i];
-  Hacl_Bignum_Fproduct_sum_scalar_multiplication_(output, input, input2i);
-}
-
-inline static void Hacl_Bignum_Fmul_fmul(uint64_t *output, uint64_t *input, uint64_t *input2)
-{
-  uint64_t tmp[5U] = { 0U };
-  memcpy(tmp, input, (uint32_t)5U * sizeof input[0U]);
-  KRML_CHECK_SIZE(sizeof (FStar_UInt128_uint128), (uint32_t)5U);
-  {
-    FStar_UInt128_uint128 t[5U];
-    {
-      uint32_t _i;
-      for (_i = 0U; _i < (uint32_t)5U; ++_i)
-        t[_i] = FStar_UInt128_uint64_to_uint128((uint64_t)0U);
-    }
-    {
-      FStar_UInt128_uint128 b4;
-      FStar_UInt128_uint128 b0;
-      FStar_UInt128_uint128 b4_;
-      FStar_UInt128_uint128 b0_;
-      uint64_t i0;
-      uint64_t i1;
-      uint64_t i0_;
-      uint64_t i1_;
-      Hacl_Bignum_Fmul_mul_shift_reduce_(t, tmp, input2);
-      Hacl_Bignum_Fproduct_carry_wide_(t);
-      b4 = t[4U];
-      b0 = t[0U];
-      b4_ = FStar_UInt128_logand(b4, FStar_UInt128_uint64_to_uint128((uint64_t)0x7ffffffffffffU));
-      b0_ =
-        FStar_UInt128_add(b0,
-          FStar_UInt128_mul_wide((uint64_t)19U,
-            FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(b4, (uint32_t)51U))));
-      t[4U] = b4_;
-      t[0U] = b0_;
-      Hacl_Bignum_Fproduct_copy_from_wide_(output, t);
-      i0 = output[0U];
-      i1 = output[1U];
-      i0_ = i0 & (uint64_t)0x7ffffffffffffU;
-      i1_ = i1 + (i0 >> (uint32_t)51U);
-      output[0U] = i0_;
-      output[1U] = i1_;
-    }
-  }
-}
-
-inline static void Hacl_Bignum_Fsquare_fsquare__(FStar_UInt128_uint128 *tmp, uint64_t *output)
-{
-  uint64_t r0 = output[0U];
-  uint64_t r1 = output[1U];
-  uint64_t r2 = output[2U];
-  uint64_t r3 = output[3U];
-  uint64_t r4 = output[4U];
-  uint64_t d0 = r0 * (uint64_t)2U;
-  uint64_t d1 = r1 * (uint64_t)2U;
-  uint64_t d2 = r2 * (uint64_t)2U * (uint64_t)19U;
-  uint64_t d419 = r4 * (uint64_t)19U;
-  uint64_t d4 = d419 * (uint64_t)2U;
-  FStar_UInt128_uint128
-  s0 =
-    FStar_UInt128_add(FStar_UInt128_add(FStar_UInt128_mul_wide(r0, r0),
-        FStar_UInt128_mul_wide(d4, r1)),
-      FStar_UInt128_mul_wide(d2, r3));
-  FStar_UInt128_uint128
-  s1 =
-    FStar_UInt128_add(FStar_UInt128_add(FStar_UInt128_mul_wide(d0, r1),
-        FStar_UInt128_mul_wide(d4, r2)),
-      FStar_UInt128_mul_wide(r3 * (uint64_t)19U, r3));
-  FStar_UInt128_uint128
-  s2 =
-    FStar_UInt128_add(FStar_UInt128_add(FStar_UInt128_mul_wide(d0, r2),
-        FStar_UInt128_mul_wide(r1, r1)),
-      FStar_UInt128_mul_wide(d4, r3));
-  FStar_UInt128_uint128
-  s3 =
-    FStar_UInt128_add(FStar_UInt128_add(FStar_UInt128_mul_wide(d0, r3),
-        FStar_UInt128_mul_wide(d1, r2)),
-      FStar_UInt128_mul_wide(r4, d419));
-  FStar_UInt128_uint128
-  s4 =
-    FStar_UInt128_add(FStar_UInt128_add(FStar_UInt128_mul_wide(d0, r4),
-        FStar_UInt128_mul_wide(d1, r3)),
-      FStar_UInt128_mul_wide(r2, r2));
-  tmp[0U] = s0;
-  tmp[1U] = s1;
-  tmp[2U] = s2;
-  tmp[3U] = s3;
-  tmp[4U] = s4;
-}
-
-inline static void Hacl_Bignum_Fsquare_fsquare_(FStar_UInt128_uint128 *tmp, uint64_t *output)
-{
-  FStar_UInt128_uint128 b4;
-  FStar_UInt128_uint128 b0;
-  FStar_UInt128_uint128 b4_;
-  FStar_UInt128_uint128 b0_;
-  uint64_t i0;
-  uint64_t i1;
-  uint64_t i0_;
-  uint64_t i1_;
-  Hacl_Bignum_Fsquare_fsquare__(tmp, output);
-  Hacl_Bignum_Fproduct_carry_wide_(tmp);
-  b4 = tmp[4U];
-  b0 = tmp[0U];
-  b4_ = FStar_UInt128_logand(b4, FStar_UInt128_uint64_to_uint128((uint64_t)0x7ffffffffffffU));
-  b0_ =
-    FStar_UInt128_add(b0,
-      FStar_UInt128_mul_wide((uint64_t)19U,
-        FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(b4, (uint32_t)51U))));
-  tmp[4U] = b4_;
-  tmp[0U] = b0_;
-  Hacl_Bignum_Fproduct_copy_from_wide_(output, tmp);
-  i0 = output[0U];
-  i1 = output[1U];
-  i0_ = i0 & (uint64_t)0x7ffffffffffffU;
-  i1_ = i1 + (i0 >> (uint32_t)51U);
-  output[0U] = i0_;
-  output[1U] = i1_;
-}
-
-static void
-Hacl_Bignum_Fsquare_fsquare_times_(
-  uint64_t *input,
-  FStar_UInt128_uint128 *tmp,
-  uint32_t count1
-)
-{
-  uint32_t i;
-  Hacl_Bignum_Fsquare_fsquare_(tmp, input);
-  for (i = (uint32_t)1U; i < count1; i = i + (uint32_t)1U)
-    Hacl_Bignum_Fsquare_fsquare_(tmp, input);
-}
-
-inline static void
-Hacl_Bignum_Fsquare_fsquare_times(uint64_t *output, uint64_t *input, uint32_t count1)
-{
-  KRML_CHECK_SIZE(sizeof (FStar_UInt128_uint128), (uint32_t)5U);
-  {
-    FStar_UInt128_uint128 t[5U];
-    {
-      uint32_t _i;
-      for (_i = 0U; _i < (uint32_t)5U; ++_i)
-        t[_i] = FStar_UInt128_uint64_to_uint128((uint64_t)0U);
-    }
-    memcpy(output, input, (uint32_t)5U * sizeof input[0U]);
-    Hacl_Bignum_Fsquare_fsquare_times_(output, t, count1);
-  }
-}
-
-inline static void Hacl_Bignum_Fsquare_fsquare_times_inplace(uint64_t *output, uint32_t count1)
-{
-  KRML_CHECK_SIZE(sizeof (FStar_UInt128_uint128), (uint32_t)5U);
-  {
-    FStar_UInt128_uint128 t[5U];
-    {
-      uint32_t _i;
-      for (_i = 0U; _i < (uint32_t)5U; ++_i)
-        t[_i] = FStar_UInt128_uint64_to_uint128((uint64_t)0U);
-    }
-    Hacl_Bignum_Fsquare_fsquare_times_(output, t, count1);
-  }
-}
-
-inline static void Hacl_Bignum_Crecip_crecip(uint64_t *out, uint64_t *z)
-{
-  uint64_t buf[20U] = { 0U };
-  uint64_t *a0 = buf;
-  uint64_t *t00 = buf + (uint32_t)5U;
-  uint64_t *b0 = buf + (uint32_t)10U;
-  uint64_t *t01;
-  uint64_t *b1;
-  uint64_t *c0;
-  uint64_t *a;
-  uint64_t *t0;
-  uint64_t *b;
-  uint64_t *c;
-  Hacl_Bignum_Fsquare_fsquare_times(a0, z, (uint32_t)1U);
-  Hacl_Bignum_Fsquare_fsquare_times(t00, a0, (uint32_t)2U);
-  Hacl_Bignum_Fmul_fmul(b0, t00, z);
-  Hacl_Bignum_Fmul_fmul(a0, b0, a0);
-  Hacl_Bignum_Fsquare_fsquare_times(t00, a0, (uint32_t)1U);
-  Hacl_Bignum_Fmul_fmul(b0, t00, b0);
-  Hacl_Bignum_Fsquare_fsquare_times(t00, b0, (uint32_t)5U);
-  t01 = buf + (uint32_t)5U;
-  b1 = buf + (uint32_t)10U;
-  c0 = buf + (uint32_t)15U;
-  Hacl_Bignum_Fmul_fmul(b1, t01, b1);
-  Hacl_Bignum_Fsquare_fsquare_times(t01, b1, (uint32_t)10U);
-  Hacl_Bignum_Fmul_fmul(c0, t01, b1);
-  Hacl_Bignum_Fsquare_fsquare_times(t01, c0, (uint32_t)20U);
-  Hacl_Bignum_Fmul_fmul(t01, t01, c0);
-  Hacl_Bignum_Fsquare_fsquare_times_inplace(t01, (uint32_t)10U);
-  Hacl_Bignum_Fmul_fmul(b1, t01, b1);
-  Hacl_Bignum_Fsquare_fsquare_times(t01, b1, (uint32_t)50U);
-  a = buf;
-  t0 = buf + (uint32_t)5U;
-  b = buf + (uint32_t)10U;
-  c = buf + (uint32_t)15U;
-  Hacl_Bignum_Fmul_fmul(c, t0, b);
-  Hacl_Bignum_Fsquare_fsquare_times(t0, c, (uint32_t)100U);
-  Hacl_Bignum_Fmul_fmul(t0, t0, c);
-  Hacl_Bignum_Fsquare_fsquare_times_inplace(t0, (uint32_t)50U);
-  Hacl_Bignum_Fmul_fmul(t0, t0, b);
-  Hacl_Bignum_Fsquare_fsquare_times_inplace(t0, (uint32_t)5U);
-  Hacl_Bignum_Fmul_fmul(out, t0, a);
-}
-
-inline static void Hacl_Bignum_fsum(uint64_t *a, uint64_t *b)
-{
-  uint32_t i;
-  for (i = (uint32_t)0U; i < (uint32_t)5U; i = i + (uint32_t)1U)
-  {
-    uint64_t xi = a[i];
-    uint64_t yi = b[i];
-    a[i] = xi + yi;
-  }
-}
-
-inline static void Hacl_Bignum_fdifference(uint64_t *a, uint64_t *b)
-{
-  uint64_t tmp[5U] = { 0U };
-  uint64_t b0;
-  uint64_t b1;
-  uint64_t b2;
-  uint64_t b3;
-  uint64_t b4;
-  memcpy(tmp, b, (uint32_t)5U * sizeof b[0U]);
-  b0 = tmp[0U];
-  b1 = tmp[1U];
-  b2 = tmp[2U];
-  b3 = tmp[3U];
-  b4 = tmp[4U];
-  tmp[0U] = b0 + (uint64_t)0x3fffffffffff68U;
-  tmp[1U] = b1 + (uint64_t)0x3ffffffffffff8U;
-  tmp[2U] = b2 + (uint64_t)0x3ffffffffffff8U;
-  tmp[3U] = b3 + (uint64_t)0x3ffffffffffff8U;
-  tmp[4U] = b4 + (uint64_t)0x3ffffffffffff8U;
-  {
-    uint32_t i;
-    for (i = (uint32_t)0U; i < (uint32_t)5U; i = i + (uint32_t)1U)
-    {
-      uint64_t xi = a[i];
-      uint64_t yi = tmp[i];
-      a[i] = yi - xi;
-    }
-  }
-}
-
-inline static void Hacl_Bignum_fscalar(uint64_t *output, uint64_t *b, uint64_t s)
-{
-  KRML_CHECK_SIZE(sizeof (FStar_UInt128_uint128), (uint32_t)5U);
-  {
-    FStar_UInt128_uint128 tmp[5U];
-    {
-      uint32_t _i;
-      for (_i = 0U; _i < (uint32_t)5U; ++_i)
-        tmp[_i] = FStar_UInt128_uint64_to_uint128((uint64_t)0U);
-    }
-    {
-      FStar_UInt128_uint128 b4;
-      FStar_UInt128_uint128 b0;
-      FStar_UInt128_uint128 b4_;
-      FStar_UInt128_uint128 b0_;
-      {
-        uint32_t i;
-        for (i = (uint32_t)0U; i < (uint32_t)5U; i = i + (uint32_t)1U)
-        {
-          uint64_t xi = b[i];
-          tmp[i] = FStar_UInt128_mul_wide(xi, s);
-        }
-      }
-      Hacl_Bignum_Fproduct_carry_wide_(tmp);
-      b4 = tmp[4U];
-      b0 = tmp[0U];
-      b4_ = FStar_UInt128_logand(b4, FStar_UInt128_uint64_to_uint128((uint64_t)0x7ffffffffffffU));
-      b0_ =
-        FStar_UInt128_add(b0,
-          FStar_UInt128_mul_wide((uint64_t)19U,
-            FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(b4, (uint32_t)51U))));
-      tmp[4U] = b4_;
-      tmp[0U] = b0_;
-      Hacl_Bignum_Fproduct_copy_from_wide_(output, tmp);
-    }
-  }
-}
-
-inline static void Hacl_Bignum_fmul(uint64_t *output, uint64_t *a, uint64_t *b)
-{
-  Hacl_Bignum_Fmul_fmul(output, a, b);
-}
-
-inline static void Hacl_Bignum_crecip(uint64_t *output, uint64_t *input)
-{
-  Hacl_Bignum_Crecip_crecip(output, input);
-}
-
-static void
-Hacl_EC_Point_swap_conditional_step(uint64_t *a, uint64_t *b, uint64_t swap1, uint32_t ctr)
-{
-  uint32_t i = ctr - (uint32_t)1U;
-  uint64_t ai = a[i];
-  uint64_t bi = b[i];
-  uint64_t x = swap1 & (ai ^ bi);
-  uint64_t ai1 = ai ^ x;
-  uint64_t bi1 = bi ^ x;
-  a[i] = ai1;
-  b[i] = bi1;
-}
-
-static void
-Hacl_EC_Point_swap_conditional_(uint64_t *a, uint64_t *b, uint64_t swap1, uint32_t ctr)
-{
-  if (!(ctr == (uint32_t)0U))
-  {
-    uint32_t i;
-    Hacl_EC_Point_swap_conditional_step(a, b, swap1, ctr);
-    i = ctr - (uint32_t)1U;
-    Hacl_EC_Point_swap_conditional_(a, b, swap1, i);
-  }
-}
-
-static void Hacl_EC_Point_swap_conditional(uint64_t *a, uint64_t *b, uint64_t iswap)
-{
-  uint64_t swap1 = (uint64_t)0U - iswap;
-  Hacl_EC_Point_swap_conditional_(a, b, swap1, (uint32_t)5U);
-  Hacl_EC_Point_swap_conditional_(a + (uint32_t)5U, b + (uint32_t)5U, swap1, (uint32_t)5U);
-}
-
-static void Hacl_EC_Point_copy(uint64_t *output, uint64_t *input)
-{
-  memcpy(output, input, (uint32_t)5U * sizeof input[0U]);
-  memcpy(output + (uint32_t)5U,
-    input + (uint32_t)5U,
-    (uint32_t)5U * sizeof (input + (uint32_t)5U)[0U]);
-}
-
-static void Hacl_EC_Format_fexpand(uint64_t *output, uint8_t *input)
-{
-  uint64_t i0 = load64_le(input);
-  uint8_t *x00 = input + (uint32_t)6U;
-  uint64_t i1 = load64_le(x00);
-  uint8_t *x01 = input + (uint32_t)12U;
-  uint64_t i2 = load64_le(x01);
-  uint8_t *x02 = input + (uint32_t)19U;
-  uint64_t i3 = load64_le(x02);
-  uint8_t *x0 = input + (uint32_t)24U;
-  uint64_t i4 = load64_le(x0);
-  uint64_t output0 = i0 & (uint64_t)0x7ffffffffffffU;
-  uint64_t output1 = i1 >> (uint32_t)3U & (uint64_t)0x7ffffffffffffU;
-  uint64_t output2 = i2 >> (uint32_t)6U & (uint64_t)0x7ffffffffffffU;
-  uint64_t output3 = i3 >> (uint32_t)1U & (uint64_t)0x7ffffffffffffU;
-  uint64_t output4 = i4 >> (uint32_t)12U & (uint64_t)0x7ffffffffffffU;
-  output[0U] = output0;
-  output[1U] = output1;
-  output[2U] = output2;
-  output[3U] = output3;
-  output[4U] = output4;
-}
-
-static void Hacl_EC_Format_fcontract_first_carry_pass(uint64_t *input)
-{
-  uint64_t t0 = input[0U];
-  uint64_t t1 = input[1U];
-  uint64_t t2 = input[2U];
-  uint64_t t3 = input[3U];
-  uint64_t t4 = input[4U];
-  uint64_t t1_ = t1 + (t0 >> (uint32_t)51U);
-  uint64_t t0_ = t0 & (uint64_t)0x7ffffffffffffU;
-  uint64_t t2_ = t2 + (t1_ >> (uint32_t)51U);
-  uint64_t t1__ = t1_ & (uint64_t)0x7ffffffffffffU;
-  uint64_t t3_ = t3 + (t2_ >> (uint32_t)51U);
-  uint64_t t2__ = t2_ & (uint64_t)0x7ffffffffffffU;
-  uint64_t t4_ = t4 + (t3_ >> (uint32_t)51U);
-  uint64_t t3__ = t3_ & (uint64_t)0x7ffffffffffffU;
-  input[0U] = t0_;
-  input[1U] = t1__;
-  input[2U] = t2__;
-  input[3U] = t3__;
-  input[4U] = t4_;
-}
-
-static void Hacl_EC_Format_fcontract_first_carry_full(uint64_t *input)
-{
-  Hacl_EC_Format_fcontract_first_carry_pass(input);
-  Hacl_Bignum_Modulo_carry_top(input);
-}
-
-static void Hacl_EC_Format_fcontract_second_carry_pass(uint64_t *input)
-{
-  uint64_t t0 = input[0U];
-  uint64_t t1 = input[1U];
-  uint64_t t2 = input[2U];
-  uint64_t t3 = input[3U];
-  uint64_t t4 = input[4U];
-  uint64_t t1_ = t1 + (t0 >> (uint32_t)51U);
-  uint64_t t0_ = t0 & (uint64_t)0x7ffffffffffffU;
-  uint64_t t2_ = t2 + (t1_ >> (uint32_t)51U);
-  uint64_t t1__ = t1_ & (uint64_t)0x7ffffffffffffU;
-  uint64_t t3_ = t3 + (t2_ >> (uint32_t)51U);
-  uint64_t t2__ = t2_ & (uint64_t)0x7ffffffffffffU;
-  uint64_t t4_ = t4 + (t3_ >> (uint32_t)51U);
-  uint64_t t3__ = t3_ & (uint64_t)0x7ffffffffffffU;
-  input[0U] = t0_;
-  input[1U] = t1__;
-  input[2U] = t2__;
-  input[3U] = t3__;
-  input[4U] = t4_;
-}
-
-static void Hacl_EC_Format_fcontract_second_carry_full(uint64_t *input)
-{
-  uint64_t i0;
-  uint64_t i1;
-  uint64_t i0_;
-  uint64_t i1_;
-  Hacl_EC_Format_fcontract_second_carry_pass(input);
-  Hacl_Bignum_Modulo_carry_top(input);
-  i0 = input[0U];
-  i1 = input[1U];
-  i0_ = i0 & (uint64_t)0x7ffffffffffffU;
-  i1_ = i1 + (i0 >> (uint32_t)51U);
-  input[0U] = i0_;
-  input[1U] = i1_;
-}
-
-static void Hacl_EC_Format_fcontract_trim(uint64_t *input)
-{
-  uint64_t a0 = input[0U];
-  uint64_t a1 = input[1U];
-  uint64_t a2 = input[2U];
-  uint64_t a3 = input[3U];
-  uint64_t a4 = input[4U];
-  uint64_t mask0 = FStar_UInt64_gte_mask(a0, (uint64_t)0x7ffffffffffedU);
-  uint64_t mask1 = FStar_UInt64_eq_mask(a1, (uint64_t)0x7ffffffffffffU);
-  uint64_t mask2 = FStar_UInt64_eq_mask(a2, (uint64_t)0x7ffffffffffffU);
-  uint64_t mask3 = FStar_UInt64_eq_mask(a3, (uint64_t)0x7ffffffffffffU);
-  uint64_t mask4 = FStar_UInt64_eq_mask(a4, (uint64_t)0x7ffffffffffffU);
-  uint64_t mask = (((mask0 & mask1) & mask2) & mask3) & mask4;
-  uint64_t a0_ = a0 - ((uint64_t)0x7ffffffffffedU & mask);
-  uint64_t a1_ = a1 - ((uint64_t)0x7ffffffffffffU & mask);
-  uint64_t a2_ = a2 - ((uint64_t)0x7ffffffffffffU & mask);
-  uint64_t a3_ = a3 - ((uint64_t)0x7ffffffffffffU & mask);
-  uint64_t a4_ = a4 - ((uint64_t)0x7ffffffffffffU & mask);
-  input[0U] = a0_;
-  input[1U] = a1_;
-  input[2U] = a2_;
-  input[3U] = a3_;
-  input[4U] = a4_;
-}
-
-static void Hacl_EC_Format_fcontract_store(uint8_t *output, uint64_t *input)
-{
-  uint64_t t0 = input[0U];
-  uint64_t t1 = input[1U];
-  uint64_t t2 = input[2U];
-  uint64_t t3 = input[3U];
-  uint64_t t4 = input[4U];
-  uint64_t o0 = t1 << (uint32_t)51U | t0;
-  uint64_t o1 = t2 << (uint32_t)38U | t1 >> (uint32_t)13U;
-  uint64_t o2 = t3 << (uint32_t)25U | t2 >> (uint32_t)26U;
-  uint64_t o3 = t4 << (uint32_t)12U | t3 >> (uint32_t)39U;
-  uint8_t *b0 = output;
-  uint8_t *b1 = output + (uint32_t)8U;
-  uint8_t *b2 = output + (uint32_t)16U;
-  uint8_t *b3 = output + (uint32_t)24U;
-  store64_le(b0, o0);
-  store64_le(b1, o1);
-  store64_le(b2, o2);
-  store64_le(b3, o3);
-}
-
-static void Hacl_EC_Format_fcontract(uint8_t *output, uint64_t *input)
-{
-  Hacl_EC_Format_fcontract_first_carry_full(input);
-  Hacl_EC_Format_fcontract_second_carry_full(input);
-  Hacl_EC_Format_fcontract_trim(input);
-  Hacl_EC_Format_fcontract_store(output, input);
-}
-
-static void Hacl_EC_Format_scalar_of_point(uint8_t *scalar, uint64_t *point)
-{
-  uint64_t *x = point;
-  uint64_t *z = point + (uint32_t)5U;
-  uint64_t buf[10U] = { 0U };
-  uint64_t *zmone = buf;
-  uint64_t *sc = buf + (uint32_t)5U;
-  Hacl_Bignum_crecip(zmone, z);
-  Hacl_Bignum_fmul(sc, x, zmone);
-  Hacl_EC_Format_fcontract(scalar, sc);
-}
-
-static void
-Hacl_EC_AddAndDouble_fmonty(
-  uint64_t *pp,
-  uint64_t *ppq,
-  uint64_t *p,
-  uint64_t *pq,
-  uint64_t *qmqp
-)
-{
-  uint64_t *qx = qmqp;
-  uint64_t *x2 = pp;
-  uint64_t *z2 = pp + (uint32_t)5U;
-  uint64_t *x3 = ppq;
-  uint64_t *z3 = ppq + (uint32_t)5U;
-  uint64_t *x = p;
-  uint64_t *z = p + (uint32_t)5U;
-  uint64_t *xprime = pq;
-  uint64_t *zprime = pq + (uint32_t)5U;
-  uint64_t buf[40U] = { 0U };
-  uint64_t *origx = buf;
-  uint64_t *origxprime0 = buf + (uint32_t)5U;
-  uint64_t *xxprime0 = buf + (uint32_t)25U;
-  uint64_t *zzprime0 = buf + (uint32_t)30U;
-  uint64_t *origxprime;
-  uint64_t *xx0;
-  uint64_t *zz0;
-  uint64_t *xxprime;
-  uint64_t *zzprime;
-  uint64_t *zzzprime;
-  uint64_t *zzz;
-  uint64_t *xx;
-  uint64_t *zz;
-  uint64_t scalar;
-  memcpy(origx, x, (uint32_t)5U * sizeof x[0U]);
-  Hacl_Bignum_fsum(x, z);
-  Hacl_Bignum_fdifference(z, origx);
-  memcpy(origxprime0, xprime, (uint32_t)5U * sizeof xprime[0U]);
-  Hacl_Bignum_fsum(xprime, zprime);
-  Hacl_Bignum_fdifference(zprime, origxprime0);
-  Hacl_Bignum_fmul(xxprime0, xprime, z);
-  Hacl_Bignum_fmul(zzprime0, x, zprime);
-  origxprime = buf + (uint32_t)5U;
-  xx0 = buf + (uint32_t)15U;
-  zz0 = buf + (uint32_t)20U;
-  xxprime = buf + (uint32_t)25U;
-  zzprime = buf + (uint32_t)30U;
-  zzzprime = buf + (uint32_t)35U;
-  memcpy(origxprime, xxprime, (uint32_t)5U * sizeof xxprime[0U]);
-  Hacl_Bignum_fsum(xxprime, zzprime);
-  Hacl_Bignum_fdifference(zzprime, origxprime);
-  Hacl_Bignum_Fsquare_fsquare_times(x3, xxprime, (uint32_t)1U);
-  Hacl_Bignum_Fsquare_fsquare_times(zzzprime, zzprime, (uint32_t)1U);
-  Hacl_Bignum_fmul(z3, zzzprime, qx);
-  Hacl_Bignum_Fsquare_fsquare_times(xx0, x, (uint32_t)1U);
-  Hacl_Bignum_Fsquare_fsquare_times(zz0, z, (uint32_t)1U);
-  zzz = buf + (uint32_t)10U;
-  xx = buf + (uint32_t)15U;
-  zz = buf + (uint32_t)20U;
-  Hacl_Bignum_fmul(x2, xx, zz);
-  Hacl_Bignum_fdifference(zz, xx);
-  scalar = (uint64_t)121665U;
-  Hacl_Bignum_fscalar(zzz, zz, scalar);
-  Hacl_Bignum_fsum(zzz, xx);
-  Hacl_Bignum_fmul(z2, zzz, zz);
-}
-
-static void
-Hacl_EC_Ladder_SmallLoop_cmult_small_loop_step(
-  uint64_t *nq,
-  uint64_t *nqpq,
-  uint64_t *nq2,
-  uint64_t *nqpq2,
-  uint64_t *q,
-  uint8_t byt
-)
-{
-  uint64_t bit0 = (uint64_t)(byt >> (uint32_t)7U);
-  uint64_t bit;
-  Hacl_EC_Point_swap_conditional(nq, nqpq, bit0);
-  Hacl_EC_AddAndDouble_fmonty(nq2, nqpq2, nq, nqpq, q);
-  bit = (uint64_t)(byt >> (uint32_t)7U);
-  Hacl_EC_Point_swap_conditional(nq2, nqpq2, bit);
-}
-
-static void
-Hacl_EC_Ladder_SmallLoop_cmult_small_loop_double_step(
-  uint64_t *nq,
-  uint64_t *nqpq,
-  uint64_t *nq2,
-  uint64_t *nqpq2,
-  uint64_t *q,
-  uint8_t byt
-)
-{
-  uint8_t byt1;
-  Hacl_EC_Ladder_SmallLoop_cmult_small_loop_step(nq, nqpq, nq2, nqpq2, q, byt);
-  byt1 = byt << (uint32_t)1U;
-  Hacl_EC_Ladder_SmallLoop_cmult_small_loop_step(nq2, nqpq2, nq, nqpq, q, byt1);
-}
-
-static void
-Hacl_EC_Ladder_SmallLoop_cmult_small_loop(
-  uint64_t *nq,
-  uint64_t *nqpq,
-  uint64_t *nq2,
-  uint64_t *nqpq2,
-  uint64_t *q,
-  uint8_t byt,
-  uint32_t i
-)
-{
-  if (!(i == (uint32_t)0U))
-  {
-    uint32_t i_ = i - (uint32_t)1U;
-    uint8_t byt_;
-    Hacl_EC_Ladder_SmallLoop_cmult_small_loop_double_step(nq, nqpq, nq2, nqpq2, q, byt);
-    byt_ = byt << (uint32_t)2U;
-    Hacl_EC_Ladder_SmallLoop_cmult_small_loop(nq, nqpq, nq2, nqpq2, q, byt_, i_);
-  }
-}
-
-static void
-Hacl_EC_Ladder_BigLoop_cmult_big_loop(
-  uint8_t *n1,
-  uint64_t *nq,
-  uint64_t *nqpq,
-  uint64_t *nq2,
-  uint64_t *nqpq2,
-  uint64_t *q,
-  uint32_t i
-)
-{
-  if (!(i == (uint32_t)0U))
-  {
-    uint32_t i1 = i - (uint32_t)1U;
-    uint8_t byte = n1[i1];
-    Hacl_EC_Ladder_SmallLoop_cmult_small_loop(nq, nqpq, nq2, nqpq2, q, byte, (uint32_t)4U);
-    Hacl_EC_Ladder_BigLoop_cmult_big_loop(n1, nq, nqpq, nq2, nqpq2, q, i1);
-  }
-}
-
-static void Hacl_EC_Ladder_cmult(uint64_t *result, uint8_t *n1, uint64_t *q)
-{
-  uint64_t point_buf[40U] = { 0U };
-  uint64_t *nq = point_buf;
-  uint64_t *nqpq = point_buf + (uint32_t)10U;
-  uint64_t *nq2 = point_buf + (uint32_t)20U;
-  uint64_t *nqpq2 = point_buf + (uint32_t)30U;
-  Hacl_EC_Point_copy(nqpq, q);
-  nq[0U] = (uint64_t)1U;
-  Hacl_EC_Ladder_BigLoop_cmult_big_loop(n1, nq, nqpq, nq2, nqpq2, q, (uint32_t)32U);
-  Hacl_EC_Point_copy(result, nq);
-}
-
-void Hacl_Curve25519_crypto_scalarmult(uint8_t *mypublic, uint8_t *secret, uint8_t *basepoint)
-{
-  uint64_t buf0[10U] = { 0U };
-  uint64_t *x0 = buf0;
-  uint64_t *z = buf0 + (uint32_t)5U;
-  uint64_t *q;
-  Hacl_EC_Format_fexpand(x0, basepoint);
-  z[0U] = (uint64_t)1U;
-  q = buf0;
-  {
-    uint8_t e[32U] = { 0U };
-    uint8_t e0;
-    uint8_t e31;
-    uint8_t e01;
-    uint8_t e311;
-    uint8_t e312;
-    uint8_t *scalar;
-    memcpy(e, secret, (uint32_t)32U * sizeof secret[0U]);
-    e0 = e[0U];
-    e31 = e[31U];
-    e01 = e0 & (uint8_t)248U;
-    e311 = e31 & (uint8_t)127U;
-    e312 = e311 | (uint8_t)64U;
-    e[0U] = e01;
-    e[31U] = e312;
-    scalar = e;
-    {
-      uint64_t buf[15U] = { 0U };
-      uint64_t *nq = buf;
-      uint64_t *x = nq;
-      x[0U] = (uint64_t)1U;
-      Hacl_EC_Ladder_cmult(nq, scalar, q);
-      Hacl_EC_Format_scalar_of_point(mypublic, nq);
-    }
-  }
-}
-

lib/mbedtls/3rdparty/everest/library/x25519.c

@@ -1,190 +0,0 @@
-/*
- *  ECDH with curve-optimized implementation multiplexing
- *
- *  Copyright 2016-2018 INRIA and Microsoft Corporation
- *  SPDX-License-Identifier: Apache-2.0
- *
- *  Licensed under the Apache License, Version 2.0 (the "License"); you may
- *  not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- *
- *  This file is part of mbed TLS (https://tls.mbed.org)
- */
-
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "mbedtls/config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
-
-#if defined(MBEDTLS_ECDH_C) && defined(MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED)
-
-#include <mbedtls/ecdh.h>
-
-#if !(defined(__SIZEOF_INT128__) && (__SIZEOF_INT128__ == 16))
-#define KRML_VERIFIED_UINT128
-#endif
-
-#include <Hacl_Curve25519.h>
-#include <mbedtls/platform_util.h>
-
-#include "x25519.h"
-
-#include <string.h>
-
-/*
- * Initialize context
- */
-void mbedtls_x25519_init( mbedtls_x25519_context *ctx )
-{
-    mbedtls_platform_zeroize( ctx, sizeof( mbedtls_x25519_context ) );
-}
-
-/*
- * Free context
- */
-void mbedtls_x25519_free( mbedtls_x25519_context *ctx )
-{
-    if( ctx == NULL )
-        return;
-
-    mbedtls_platform_zeroize( ctx->our_secret, MBEDTLS_X25519_KEY_SIZE_BYTES );
-    mbedtls_platform_zeroize( ctx->peer_point, MBEDTLS_X25519_KEY_SIZE_BYTES );
-}
-
-int mbedtls_x25519_make_params( mbedtls_x25519_context *ctx, size_t *olen,
-                        unsigned char *buf, size_t blen,
-                        int( *f_rng )(void *, unsigned char *, size_t),
-                        void *p_rng )
-{
-    int ret = 0;
-
-    uint8_t base[MBEDTLS_X25519_KEY_SIZE_BYTES] = {0};
-
-    if( ( ret = f_rng( p_rng, ctx->our_secret, MBEDTLS_X25519_KEY_SIZE_BYTES ) ) != 0 )
-        return ret;
-
-    *olen = MBEDTLS_X25519_KEY_SIZE_BYTES + 4;
-    if( blen < *olen )
-        return( MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL );
-
-    *buf++ = MBEDTLS_ECP_TLS_NAMED_CURVE;
-    *buf++ = MBEDTLS_ECP_TLS_CURVE25519 >> 8;
-    *buf++ = MBEDTLS_ECP_TLS_CURVE25519 & 0xFF;
-    *buf++ = MBEDTLS_X25519_KEY_SIZE_BYTES;
-
-    base[0] = 9;
-    Hacl_Curve25519_crypto_scalarmult( buf, ctx->our_secret, base );
-
-    base[0] = 0;
-    if( memcmp( buf, base, MBEDTLS_X25519_KEY_SIZE_BYTES) == 0 )
-        return MBEDTLS_ERR_ECP_RANDOM_FAILED;
-
-    return( 0 );
-}
-
-int mbedtls_x25519_read_params( mbedtls_x25519_context *ctx,
-                        const unsigned char **buf, const unsigned char *end )
-{
-    if( end - *buf < MBEDTLS_X25519_KEY_SIZE_BYTES + 1 )
-        return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
-
-    if( ( *(*buf)++ != MBEDTLS_X25519_KEY_SIZE_BYTES ) )
-        return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
-
-    memcpy( ctx->peer_point, *buf, MBEDTLS_X25519_KEY_SIZE_BYTES );
-    *buf += MBEDTLS_X25519_KEY_SIZE_BYTES;
-    return( 0 );
-}
-
-int mbedtls_x25519_get_params( mbedtls_x25519_context *ctx, const mbedtls_ecp_keypair *key,
-                               mbedtls_x25519_ecdh_side side )
-{
-    size_t olen = 0;
-
-    switch( side ) {
-    case MBEDTLS_X25519_ECDH_THEIRS:
-        return mbedtls_ecp_point_write_binary( &key->grp, &key->Q, MBEDTLS_ECP_PF_COMPRESSED, &olen, ctx->peer_point, MBEDTLS_X25519_KEY_SIZE_BYTES );
-    case MBEDTLS_X25519_ECDH_OURS:
-        return mbedtls_mpi_write_binary_le( &key->d, ctx->our_secret, MBEDTLS_X25519_KEY_SIZE_BYTES );
-    default:
-        return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
-    }
-}
-
-int mbedtls_x25519_calc_secret( mbedtls_x25519_context *ctx, size_t *olen,
-                        unsigned char *buf, size_t blen,
-                        int( *f_rng )(void *, unsigned char *, size_t),
-                        void *p_rng )
-{
-    /* f_rng and p_rng are not used here because this implementation does not
-       need blinding since it has constant trace. */
-    (( void )f_rng);
-    (( void )p_rng);
-
-    *olen = MBEDTLS_X25519_KEY_SIZE_BYTES;
-
-    if( blen < *olen )
-        return( MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL );
-
-    Hacl_Curve25519_crypto_scalarmult( buf, ctx->our_secret, ctx->peer_point);
-
-    /* Wipe the DH secret and don't let the peer chose a small subgroup point */
-    mbedtls_platform_zeroize( ctx->our_secret, MBEDTLS_X25519_KEY_SIZE_BYTES );
-
-    if( memcmp( buf, ctx->our_secret, MBEDTLS_X25519_KEY_SIZE_BYTES) == 0 )
-        return MBEDTLS_ERR_ECP_RANDOM_FAILED;
-
-    return( 0 );
-}
-
-int mbedtls_x25519_make_public( mbedtls_x25519_context *ctx, size_t *olen,
-                        unsigned char *buf, size_t blen,
-                        int( *f_rng )(void *, unsigned char *, size_t),
-                        void *p_rng )
-{
-    int ret = 0;
-    unsigned char base[MBEDTLS_X25519_KEY_SIZE_BYTES] = { 0 };
-
-    if( ctx == NULL )
-        return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
-
-    if( ( ret = f_rng( p_rng, ctx->our_secret, MBEDTLS_X25519_KEY_SIZE_BYTES ) ) != 0 )
-        return ret;
-
-    *olen = MBEDTLS_X25519_KEY_SIZE_BYTES + 1;
-    if( blen < *olen )
-        return(MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL);
-    *buf++ = MBEDTLS_X25519_KEY_SIZE_BYTES;
-
-    base[0] = 9;
-    Hacl_Curve25519_crypto_scalarmult( buf, ctx->our_secret, base );
-
-    base[0] = 0;
-    if( memcmp( buf, base, MBEDTLS_X25519_KEY_SIZE_BYTES ) == 0 )
-        return MBEDTLS_ERR_ECP_RANDOM_FAILED;
-
-    return( ret );
-}
-
-int mbedtls_x25519_read_public( mbedtls_x25519_context *ctx,
-                        const unsigned char *buf, size_t blen )
-{
-    if( blen < MBEDTLS_X25519_KEY_SIZE_BYTES + 1 )
-        return(MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL);
-    if( (*buf++ != MBEDTLS_X25519_KEY_SIZE_BYTES) )
-        return(MBEDTLS_ERR_ECP_BAD_INPUT_DATA);
-    memcpy( ctx->peer_point, buf, MBEDTLS_X25519_KEY_SIZE_BYTES );
-    return( 0 );
-}
-
-
-#endif /* MBEDTLS_ECDH_C && MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED */

lib/mbedtls/CMakeLists.txt

@@ -1,279 +0,0 @@
-cmake_minimum_required(VERSION 2.6)
-if(TEST_CPP)
-    project("mbed TLS" C CXX)
-else()
-    project("mbed TLS" C)
-endif()
-
-# Set the project root directory.
-set(MBEDTLS_DIR ${CMAKE_CURRENT_SOURCE_DIR})
-
-option(USE_PKCS11_HELPER_LIBRARY "Build mbed TLS with the pkcs11-helper library." OFF)
-option(ENABLE_ZLIB_SUPPORT "Build mbed TLS with zlib library." OFF)
-
-option(ENABLE_PROGRAMS "Build mbed TLS programs." ON)
-
-option(UNSAFE_BUILD "Allow unsafe builds. These builds ARE NOT SECURE." OFF)
-option(MBEDTLS_FATAL_WARNINGS "Compiler warnings treated as errors" ON)
-
-string(REGEX MATCH "Clang" CMAKE_COMPILER_IS_CLANG "${CMAKE_C_COMPILER_ID}")
-string(REGEX MATCH "GNU" CMAKE_COMPILER_IS_GNU "${CMAKE_C_COMPILER_ID}")
-string(REGEX MATCH "IAR" CMAKE_COMPILER_IS_IAR "${CMAKE_C_COMPILER_ID}")
-string(REGEX MATCH "MSVC" CMAKE_COMPILER_IS_MSVC "${CMAKE_C_COMPILER_ID}")
-
-# the test suites currently have compile errors with MSVC
-if(CMAKE_COMPILER_IS_MSVC)
-    option(ENABLE_TESTING "Build mbed TLS tests." OFF)
-else()
-    option(ENABLE_TESTING "Build mbed TLS tests." ON)
-endif()
-
-# Warning string - created as a list for compatibility with CMake 2.8
-set(WARNING_BORDER "*******************************************************\n")
-set(NULL_ENTROPY_WARN_L1 "****  WARNING!  MBEDTLS_TEST_NULL_ENTROPY defined!\n")
-set(NULL_ENTROPY_WARN_L2 "****  THIS BUILD HAS NO DEFINED ENTROPY SOURCES\n")
-set(NULL_ENTROPY_WARN_L3 "****  AND IS *NOT* SUITABLE FOR PRODUCTION USE\n")
-
-set(NULL_ENTROPY_WARNING "${WARNING_BORDER}"
-                         "${NULL_ENTROPY_WARN_L1}"
-                         "${NULL_ENTROPY_WARN_L2}"
-                         "${NULL_ENTROPY_WARN_L3}"
-                         "${WARNING_BORDER}")
-
-set(CTR_DRBG_128_BIT_KEY_WARN_L1 "****  WARNING!  MBEDTLS_CTR_DRBG_USE_128_BIT_KEY defined!\n")
-set(CTR_DRBG_128_BIT_KEY_WARN_L2 "****  Using 128-bit keys for CTR_DRBG limits the security of generated\n")
-set(CTR_DRBG_128_BIT_KEY_WARN_L3 "****  keys and operations that use random values generated to 128-bit security\n")
-
-set(CTR_DRBG_128_BIT_KEY_WARNING "${WARNING_BORDER}"
-                         "${CTR_DRBG_128_BIT_KEY_WARN_L1}"
-                         "${CTR_DRBG_128_BIT_KEY_WARN_L2}"
-                         "${CTR_DRBG_128_BIT_KEY_WARN_L3}"
-                         "${WARNING_BORDER}")
-
-# Python 3 is only needed here to check for configuration warnings.
-if(NOT CMAKE_VERSION VERSION_LESS 3.15.0)
-    set(Python3_FIND_STRATEGY LOCATION)
-    find_package(Python3 COMPONENTS Interpreter)
-    if(Python3_Interpreter_FOUND)
-        set(MBEDTLS_PYTHON_EXECUTABLE ${Python3_EXECUTABLE})
-    endif()
-else()
-    find_package(PythonInterp 3)
-    if(PYTHONINTERP_FOUND)
-        set(MBEDTLS_PYTHON_EXECUTABLE ${PYTHON_EXECUTABLE})
-    endif()
-endif()
-if(MBEDTLS_PYTHON_EXECUTABLE)
-
-    # If 128-bit keys are configured for CTR_DRBG, display an appropriate warning
-    execute_process(COMMAND ${MBEDTLS_PYTHON_EXECUTABLE} ${CMAKE_CURRENT_SOURCE_DIR}/scripts/config.py -f ${CMAKE_CURRENT_SOURCE_DIR}/include/mbedtls/config.h get MBEDTLS_CTR_DRBG_USE_128_BIT_KEY
-                        RESULT_VARIABLE result)
-    if(${result} EQUAL 0)
-        message(WARNING ${CTR_DRBG_128_BIT_KEY_WARNING})
-    endif()
-
-    # If NULL Entropy is configured, display an appropriate warning
-    execute_process(COMMAND ${MBEDTLS_PYTHON_EXECUTABLE} ${CMAKE_CURRENT_SOURCE_DIR}/scripts/config.py -f ${CMAKE_CURRENT_SOURCE_DIR}/include/mbedtls/config.h get MBEDTLS_TEST_NULL_ENTROPY
-                        RESULT_VARIABLE result)
-    if(${result} EQUAL 0)
-        message(WARNING ${NULL_ENTROPY_WARNING})
-
-        if(NOT UNSAFE_BUILD)
-            message(FATAL_ERROR "\
-\n\
-Warning! You have enabled MBEDTLS_TEST_NULL_ENTROPY. \
-This option is not safe for production use and negates all security \
-It is intended for development use only. \
-\n\
-To confirm you want to build with this option, re-run cmake with the \
-option: \n\
-  cmake -DUNSAFE_BUILD=ON ")
-
-            return()
-        endif()
-    endif()
-endif()
-
-set(CMAKE_BUILD_TYPE ${CMAKE_BUILD_TYPE}
-    CACHE STRING "Choose the type of build: None Debug Release Coverage ASan ASanDbg MemSan MemSanDbg Check CheckFull"
-    FORCE)
-
-# Create a symbolic link from ${base_name} in the binary directory
-# to the corresponding path in the source directory.
-function(link_to_source base_name)
-    # Get OS dependent path to use in `execute_process`
-    if (CMAKE_HOST_WIN32)
-        #mklink is an internal command of cmd.exe it can only work with \
-        string(REPLACE "/" "\\" link "${CMAKE_CURRENT_BINARY_DIR}/${base_name}")
-        string(REPLACE "/" "\\" target "${CMAKE_CURRENT_SOURCE_DIR}/${base_name}")
-    else()
-        set(link "${CMAKE_CURRENT_BINARY_DIR}/${base_name}")
-        set(target "${CMAKE_CURRENT_SOURCE_DIR}/${base_name}")
-    endif()
-
-    if (NOT EXISTS ${link})
-        if (CMAKE_HOST_UNIX)
-            set(command ln -s ${target} ${link})
-        else()
-            if (IS_DIRECTORY ${target})
-                set(command cmd.exe /c mklink /j ${link} ${target})
-            else()
-                set(command cmd.exe /c mklink /h ${link} ${target})
-            endif()
-        endif()
-
-        execute_process(COMMAND ${command}
-            RESULT_VARIABLE result
-            ERROR_VARIABLE output)
-
-        if (NOT ${result} EQUAL 0)
-            message(FATAL_ERROR "Could not create symbolic link for: ${target} --> ${output}")
-        endif()
-    endif()
-endfunction(link_to_source)
-
-string(REGEX MATCH "Clang" CMAKE_COMPILER_IS_CLANG "${CMAKE_C_COMPILER_ID}")
-
-if(CMAKE_COMPILER_IS_GNU)
-    # some warnings we want are not available with old GCC versions
-    # note: starting with CMake 2.8 we could use CMAKE_C_COMPILER_VERSION
-    execute_process(COMMAND ${CMAKE_C_COMPILER} -dumpversion
-                    OUTPUT_VARIABLE GCC_VERSION)
-    set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wall -Wextra -Wwrite-strings")
-    if (GCC_VERSION VERSION_GREATER 4.3 OR GCC_VERSION VERSION_EQUAL 4.3)
-        set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wvla")
-    endif()
-    if (GCC_VERSION VERSION_GREATER 4.5 OR GCC_VERSION VERSION_EQUAL 4.5)
-        set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wlogical-op")
-    endif()
-    if (GCC_VERSION VERSION_GREATER 4.8 OR GCC_VERSION VERSION_EQUAL 4.8)
-        set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wshadow -Wformat-signedness")
-    endif()
-    set(CMAKE_C_FLAGS_RELEASE     "-O2")
-    set(CMAKE_C_FLAGS_DEBUG       "-O0 -g3")
-    set(CMAKE_C_FLAGS_COVERAGE    "-O0 -g3 --coverage")
-    set(CMAKE_C_FLAGS_ASAN        "-fsanitize=address -fno-common -fsanitize=undefined -fno-sanitize-recover=all -O3")
-    set(CMAKE_C_FLAGS_ASANDBG     "-fsanitize=address -fno-common -fsanitize=undefined -fno-sanitize-recover=all -O1 -g3 -fno-omit-frame-pointer -fno-optimize-sibling-calls")
-    set(CMAKE_C_FLAGS_CHECK       "-Os")
-    set(CMAKE_C_FLAGS_CHECKFULL   "${CMAKE_C_FLAGS_CHECK} -Wcast-qual")
-endif(CMAKE_COMPILER_IS_GNU)
-
-if(CMAKE_COMPILER_IS_CLANG)
-    set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wall -Wextra -Wwrite-strings -Wpointer-arith -Wimplicit-fallthrough -Wshadow -Wvla")
-    set(CMAKE_C_FLAGS_RELEASE     "-O2")
-    set(CMAKE_C_FLAGS_DEBUG       "-O0 -g3")
-    set(CMAKE_C_FLAGS_COVERAGE    "-O0 -g3 --coverage")
-    set(CMAKE_C_FLAGS_ASAN        "-fsanitize=address -fno-common -fsanitize=undefined -fno-sanitize-recover=all -O3")
-    set(CMAKE_C_FLAGS_ASANDBG     "-fsanitize=address -fno-common -fsanitize=undefined -fno-sanitize-recover=all -O1 -g3 -fno-omit-frame-pointer -fno-optimize-sibling-calls")
-    set(CMAKE_C_FLAGS_MEMSAN      "-fsanitize=memory -O3")
-    set(CMAKE_C_FLAGS_MEMSANDBG   "-fsanitize=memory -O1 -g3 -fno-omit-frame-pointer -fno-optimize-sibling-calls -fsanitize-memory-track-origins=2")
-    set(CMAKE_C_FLAGS_CHECK       "-Os")
-endif(CMAKE_COMPILER_IS_CLANG)
-
-if(CMAKE_COMPILER_IS_IAR)
-    set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} --warn_about_c_style_casts --warnings_are_errors -Ohz")
-endif(CMAKE_COMPILER_IS_IAR)
-
-if(CMAKE_COMPILER_IS_MSVC)
-    # Strictest warnings
-    set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} /W3")
-endif(CMAKE_COMPILER_IS_MSVC)
-
-if(MBEDTLS_FATAL_WARNINGS)
-    if(CMAKE_COMPILER_IS_MSVC)
-        set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} /WX")
-    endif(CMAKE_COMPILER_IS_MSVC)
-
-    if(CMAKE_COMPILER_IS_CLANG OR CMAKE_COMPILER_IS_GNU)
-        set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Werror")
-        if(UNSAFE_BUILD)
-            set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wno-error=cpp")
-            set(CMAKE_C_FLAGS_ASAN "${CMAKE_C_FLAGS_ASAN} -Wno-error=cpp")
-            set(CMAKE_C_FLAGS_ASANDBG "${CMAKE_C_FLAGS_ASANDBG} -Wno-error=cpp")
-        endif(UNSAFE_BUILD)
-    endif(CMAKE_COMPILER_IS_CLANG OR CMAKE_COMPILER_IS_GNU)
-endif(MBEDTLS_FATAL_WARNINGS)
-
-if(CMAKE_BUILD_TYPE STREQUAL "Coverage")
-    if(CMAKE_COMPILER_IS_GNU OR CMAKE_COMPILER_IS_CLANG)
-        set(CMAKE_SHARED_LINKER_FLAGS "--coverage")
-    endif(CMAKE_COMPILER_IS_GNU OR CMAKE_COMPILER_IS_CLANG)
-endif(CMAKE_BUILD_TYPE STREQUAL "Coverage")
-
-if(LIB_INSTALL_DIR)
-else()
-    set(LIB_INSTALL_DIR lib)
-endif()
-
-include_directories(include/)
-include_directories(library/)
-
-if(ENABLE_ZLIB_SUPPORT)
-    find_package(ZLIB)
-
-    if(ZLIB_FOUND)
-        include_directories(${ZLIB_INCLUDE_DIR})
-    endif(ZLIB_FOUND)
-endif(ENABLE_ZLIB_SUPPORT)
-
-add_subdirectory(include)
-
-add_subdirectory(3rdparty)
-include_directories(${thirdparty_inc})
-list(APPEND libs ${thirdparty_lib})
-add_definitions(${thirdparty_def})
-
-add_subdirectory(library)
-
-if(ENABLE_PROGRAMS)
-    add_subdirectory(programs)
-endif()
-
-ADD_CUSTOM_TARGET(apidoc
-    COMMAND doxygen mbedtls.doxyfile
-    WORKING_DIRECTORY ${CMAKE_CURRENT_SOURCE_DIR}/doxygen)
-
-if(ENABLE_TESTING)
-    enable_testing()
-
-    add_subdirectory(tests)
-
-    # additional convenience targets for Unix only
-    if(UNIX)
-
-        ADD_CUSTOM_TARGET(covtest
-            COMMAND make test
-            COMMAND programs/test/selftest
-            COMMAND tests/compat.sh
-            COMMAND tests/ssl-opt.sh
-        )
-
-        ADD_CUSTOM_TARGET(lcov
-            COMMAND rm -rf Coverage
-            COMMAND lcov --capture --initial --directory library/CMakeFiles/mbedtls.dir -o files.info
-            COMMAND lcov --capture --directory library/CMakeFiles/mbedtls.dir -o tests.info
-            COMMAND lcov --add-tracefile files.info --add-tracefile tests.info -o all.info
-            COMMAND lcov --remove all.info -o final.info '*.h'
-            COMMAND gendesc tests/Descriptions.txt -o descriptions
-            COMMAND genhtml --title "mbed TLS" --description-file descriptions --keep-descriptions --legend --no-branch-coverage -o Coverage final.info
-            COMMAND rm -f files.info tests.info all.info final.info descriptions
-        )
-
-        ADD_CUSTOM_TARGET(memcheck
-            COMMAND sed -i.bak s+/usr/bin/valgrind+`which valgrind`+ DartConfiguration.tcl
-            COMMAND ctest -O memcheck.log -D ExperimentalMemCheck
-            COMMAND tail -n1 memcheck.log | grep 'Memory checking results:' > /dev/null
-            COMMAND rm -f memcheck.log
-            COMMAND mv DartConfiguration.tcl.bak DartConfiguration.tcl
-        )
-    endif(UNIX)
-
-    # Make scripts needed for testing available in an out-of-source build.
-    if (NOT ${CMAKE_CURRENT_BINARY_DIR} STREQUAL ${CMAKE_CURRENT_SOURCE_DIR})
-        link_to_source(scripts)
-        # Copy (don't link) DartConfiguration.tcl, needed for memcheck, to
-        # keep things simple with the sed commands in the memcheck target.
-        configure_file(${CMAKE_CURRENT_SOURCE_DIR}/DartConfiguration.tcl
-                    ${CMAKE_CURRENT_BINARY_DIR}/DartConfiguration.tcl COPYONLY)
-    endif()
-endif()

lib/mbedtls/LICENSE

@@ -1,202 +0,0 @@
-
-                                 Apache License
-                           Version 2.0, January 2004
-                        http://www.apache.org/licenses/
-
-   TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
-
-   1. Definitions.
-
-      "License" shall mean the terms and conditions for use, reproduction,
-      and distribution as defined by Sections 1 through 9 of this document.
-
-      "Licensor" shall mean the copyright owner or entity authorized by
-      the copyright owner that is granting the License.
-
-      "Legal Entity" shall mean the union of the acting entity and all
-      other entities that control, are controlled by, or are under common
-      control with that entity. For the purposes of this definition,
-      "control" means (i) the power, direct or indirect, to cause the
-      direction or management of such entity, whether by contract or
-      otherwise, or (ii) ownership of fifty percent (50%) or more of the
-      outstanding shares, or (iii) beneficial ownership of such entity.
-
-      "You" (or "Your") shall mean an individual or Legal Entity
-      exercising permissions granted by this License.
-
-      "Source" form shall mean the preferred form for making modifications,
-      including but not limited to software source code, documentation
-      source, and configuration files.
-
-      "Object" form shall mean any form resulting from mechanical
-      transformation or translation of a Source form, including but
-      not limited to compiled object code, generated documentation,
-      and conversions to other media types.
-
-      "Work" shall mean the work of authorship, whether in Source or
-      Object form, made available under the License, as indicated by a
-      copyright notice that is included in or attached to the work
-      (an example is provided in the Appendix below).
-
-      "Derivative Works" shall mean any work, whether in Source or Object
-      form, that is based on (or derived from) the Work and for which the
-      editorial revisions, annotations, elaborations, or other modifications
-      represent, as a whole, an original work of authorship. For the purposes
-      of this License, Derivative Works shall not include works that remain
-      separable from, or merely link (or bind by name) to the interfaces of,
-      the Work and Derivative Works thereof.
-
-      "Contribution" shall mean any work of authorship, including
-      the original version of the Work and any modifications or additions
-      to that Work or Derivative Works thereof, that is intentionally
-      submitted to Licensor for inclusion in the Work by the copyright owner
-      or by an individual or Legal Entity authorized to submit on behalf of
-      the copyright owner. For the purposes of this definition, "submitted"
-      means any form of electronic, verbal, or written communication sent
-      to the Licensor or its representatives, including but not limited to
-      communication on electronic mailing lists, source code control systems,
-      and issue tracking systems that are managed by, or on behalf of, the
-      Licensor for the purpose of discussing and improving the Work, but
-      excluding communication that is conspicuously marked or otherwise
-      designated in writing by the copyright owner as "Not a Contribution."
-
-      "Contributor" shall mean Licensor and any individual or Legal Entity
-      on behalf of whom a Contribution has been received by Licensor and
-      subsequently incorporated within the Work.
-
-   2. Grant of Copyright License. Subject to the terms and conditions of
-      this License, each Contributor hereby grants to You a perpetual,
-      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
-      copyright license to reproduce, prepare Derivative Works of,
-      publicly display, publicly perform, sublicense, and distribute the
-      Work and such Derivative Works in Source or Object form.
-
-   3. Grant of Patent License. Subject to the terms and conditions of
-      this License, each Contributor hereby grants to You a perpetual,
-      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
-      (except as stated in this section) patent license to make, have made,
-      use, offer to sell, sell, import, and otherwise transfer the Work,
-      where such license applies only to those patent claims licensable
-      by such Contributor that are necessarily infringed by their
-      Contribution(s) alone or by combination of their Contribution(s)
-      with the Work to which such Contribution(s) was submitted. If You
-      institute patent litigation against any entity (including a
-      cross-claim or counterclaim in a lawsuit) alleging that the Work
-      or a Contribution incorporated within the Work constitutes direct
-      or contributory patent infringement, then any patent licenses
-      granted to You under this License for that Work shall terminate
-      as of the date such litigation is filed.
-
-   4. Redistribution. You may reproduce and distribute copies of the
-      Work or Derivative Works thereof in any medium, with or without
-      modifications, and in Source or Object form, provided that You
-      meet the following conditions:
-
-      (a) You must give any other recipients of the Work or
-          Derivative Works a copy of this License; and
-
-      (b) You must cause any modified files to carry prominent notices
-          stating that You changed the files; and
-
-      (c) You must retain, in the Source form of any Derivative Works
-          that You distribute, all copyright, patent, trademark, and
-          attribution notices from the Source form of the Work,
-          excluding those notices that do not pertain to any part of
-          the Derivative Works; and
-
-      (d) If the Work includes a "NOTICE" text file as part of its
-          distribution, then any Derivative Works that You distribute must
-          include a readable copy of the attribution notices contained
-          within such NOTICE file, excluding those notices that do not
-          pertain to any part of the Derivative Works, in at least one
-          of the following places: within a NOTICE text file distributed
-          as part of the Derivative Works; within the Source form or
-          documentation, if provided along with the Derivative Works; or,
-          within a display generated by the Derivative Works, if and
-          wherever such third-party notices normally appear. The contents
-          of the NOTICE file are for informational purposes only and
-          do not modify the License. You may add Your own attribution
-          notices within Derivative Works that You distribute, alongside
-          or as an addendum to the NOTICE text from the Work, provided
-          that such additional attribution notices cannot be construed
-          as modifying the License.
-
-      You may add Your own copyright statement to Your modifications and
-      may provide additional or different license terms and conditions
-      for use, reproduction, or distribution of Your modifications, or
-      for any such Derivative Works as a whole, provided Your use,
-      reproduction, and distribution of the Work otherwise complies with
-      the conditions stated in this License.
-
-   5. Submission of Contributions. Unless You explicitly state otherwise,
-      any Contribution intentionally submitted for inclusion in the Work
-      by You to the Licensor shall be under the terms and conditions of
-      this License, without any additional terms or conditions.
-      Notwithstanding the above, nothing herein shall supersede or modify
-      the terms of any separate license agreement you may have executed
-      with Licensor regarding such Contributions.
-
-   6. Trademarks. This License does not grant permission to use the trade
-      names, trademarks, service marks, or product names of the Licensor,
-      except as required for reasonable and customary use in describing the
-      origin of the Work and reproducing the content of the NOTICE file.
-
-   7. Disclaimer of Warranty. Unless required by applicable law or
-      agreed to in writing, Licensor provides the Work (and each
-      Contributor provides its Contributions) on an "AS IS" BASIS,
-      WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
-      implied, including, without limitation, any warranties or conditions
-      of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
-      PARTICULAR PURPOSE. You are solely responsible for determining the
-      appropriateness of using or redistributing the Work and assume any
-      risks associated with Your exercise of permissions under this License.
-
-   8. Limitation of Liability. In no event and under no legal theory,
-      whether in tort (including negligence), contract, or otherwise,
-      unless required by applicable law (such as deliberate and grossly
-      negligent acts) or agreed to in writing, shall any Contributor be
-      liable to You for damages, including any direct, indirect, special,
-      incidental, or consequential damages of any character arising as a
-      result of this License or out of the use or inability to use the
-      Work (including but not limited to damages for loss of goodwill,
-      work stoppage, computer failure or malfunction, or any and all
-      other commercial damages or losses), even if such Contributor
-      has been advised of the possibility of such damages.
-
-   9. Accepting Warranty or Additional Liability. While redistributing
-      the Work or Derivative Works thereof, You may choose to offer,
-      and charge a fee for, acceptance of support, warranty, indemnity,
-      or other liability obligations and/or rights consistent with this
-      License. However, in accepting such obligations, You may act only
-      on Your own behalf and on Your sole responsibility, not on behalf
-      of any other Contributor, and only if You agree to indemnify,
-      defend, and hold each Contributor harmless for any liability
-      incurred by, or claims asserted against, such Contributor by reason
-      of your accepting any such warranty or additional liability.
-
-   END OF TERMS AND CONDITIONS
-
-   APPENDIX: How to apply the Apache License to your work.
-
-      To apply the Apache License to your work, attach the following
-      boilerplate notice, with the fields enclosed by brackets "[]"
-      replaced with your own identifying information. (Don't include
-      the brackets!)  The text should be enclosed in the appropriate
-      comment syntax for the file format. We also recommend that a
-      file or class name and description of purpose be included on the
-      same "printed page" as the copyright notice for easier
-      identification within third-party archives.
-
-   Copyright [yyyy] [name of copyright owner]
-
-   Licensed under the Apache License, Version 2.0 (the "License");
-   you may not use this file except in compliance with the License.
-   You may obtain a copy of the License at
-
-       http://www.apache.org/licenses/LICENSE-2.0
-
-   Unless required by applicable law or agreed to in writing, software
-   distributed under the License is distributed on an "AS IS" BASIS,
-   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-   See the License for the specific language governing permissions and
-   limitations under the License.

lib/mbedtls/Makefile

@@ -1,134 +0,0 @@
-DESTDIR=/usr/local
-PREFIX=mbedtls_
-
-.SILENT:
-
-.PHONY: all no_test programs lib tests install uninstall clean test check covtest lcov apidoc apidoc_clean
-
-all: programs tests
-	$(MAKE) post_build
-
-no_test: programs
-
-programs: lib
-	$(MAKE) -C programs
-
-lib:
-	$(MAKE) -C library
-
-tests: lib
-	$(MAKE) -C tests
-
-ifndef WINDOWS
-install: no_test
-	mkdir -p $(DESTDIR)/include/mbedtls
-	cp -rp include/mbedtls $(DESTDIR)/include
-	mkdir -p $(DESTDIR)/include/psa
-	cp -rp include/psa $(DESTDIR)/include
-
-	mkdir -p $(DESTDIR)/lib
-	cp -RP library/libmbedtls.*    $(DESTDIR)/lib
-	cp -RP library/libmbedx509.*   $(DESTDIR)/lib
-	cp -RP library/libmbedcrypto.* $(DESTDIR)/lib
-
-	mkdir -p $(DESTDIR)/bin
-	for p in programs/*/* ; do              \
-	    if [ -x $$p ] && [ ! -d $$p ] ;     \
-	    then                                \
-	        f=$(PREFIX)`basename $$p` ;     \
-	        cp $$p $(DESTDIR)/bin/$$f ;     \
-	    fi                                  \
-	done
-
-uninstall:
-	rm -rf $(DESTDIR)/include/mbedtls
-	rm -f $(DESTDIR)/lib/libmbedtls.*
-	rm -f $(DESTDIR)/lib/libmbedx509.*
-	rm -f $(DESTDIR)/lib/libmbedcrypto.*
-
-	for p in programs/*/* ; do              \
-	    if [ -x $$p ] && [ ! -d $$p ] ;     \
-	    then                                \
-	        f=$(PREFIX)`basename $$p` ;     \
-	        rm -f $(DESTDIR)/bin/$$f ;      \
-	    fi                                  \
-	done
-endif
-
-WARNING_BORDER      =*******************************************************\n
-NULL_ENTROPY_WARN_L1=****  WARNING!  MBEDTLS_TEST_NULL_ENTROPY defined! ****\n
-NULL_ENTROPY_WARN_L2=****  THIS BUILD HAS NO DEFINED ENTROPY SOURCES    ****\n
-NULL_ENTROPY_WARN_L3=****  AND IS *NOT* SUITABLE FOR PRODUCTION USE     ****\n
-
-NULL_ENTROPY_WARNING=\n$(WARNING_BORDER)$(NULL_ENTROPY_WARN_L1)$(NULL_ENTROPY_WARN_L2)$(NULL_ENTROPY_WARN_L3)$(WARNING_BORDER)
-
-WARNING_BORDER_LONG      =**********************************************************************************\n
-CTR_DRBG_128_BIT_KEY_WARN_L1=****  WARNING!  MBEDTLS_CTR_DRBG_USE_128_BIT_KEY defined!                      ****\n
-CTR_DRBG_128_BIT_KEY_WARN_L2=****  Using 128-bit keys for CTR_DRBG limits the security of generated         ****\n
-CTR_DRBG_128_BIT_KEY_WARN_L3=****  keys and operations that use random values generated to 128-bit security ****\n
-
-CTR_DRBG_128_BIT_KEY_WARNING=\n$(WARNING_BORDER_LONG)$(CTR_DRBG_128_BIT_KEY_WARN_L1)$(CTR_DRBG_128_BIT_KEY_WARN_L2)$(CTR_DRBG_128_BIT_KEY_WARN_L3)$(WARNING_BORDER_LONG)
-
-# Post build steps
-post_build:
-ifndef WINDOWS
-
-	# If 128-bit keys are configured for CTR_DRBG, display an appropriate warning
-	-scripts/config.py get MBEDTLS_CTR_DRBG_USE_128_BIT_KEY && ([ $$? -eq 0 ]) && \
-	    echo '$(CTR_DRBG_128_BIT_KEY_WARNING)'
-
-	# If NULL Entropy is configured, display an appropriate warning
-	-scripts/config.py get MBEDTLS_TEST_NULL_ENTROPY && ([ $$? -eq 0 ]) && \
-	    echo '$(NULL_ENTROPY_WARNING)'
-endif
-
-clean:
-	$(MAKE) -C library clean
-	$(MAKE) -C programs clean
-	$(MAKE) -C tests clean
-ifndef WINDOWS
-	find . \( -name \*.gcno -o -name \*.gcda -o -name \*.info \) -exec rm {} +
-endif
-
-check: lib tests
-	$(MAKE) -C tests check
-
-test: check
-
-ifndef WINDOWS
-# note: for coverage testing, build with:
-# make CFLAGS='--coverage -g3 -O0'
-covtest:
-	$(MAKE) check
-	programs/test/selftest
-	tests/compat.sh
-	tests/ssl-opt.sh
-
-lcov:
-	rm -rf Coverage
-	lcov --capture --initial --directory library -o files.info
-	lcov --rc lcov_branch_coverage=1 --capture --directory library -o tests.info
-	lcov --rc lcov_branch_coverage=1 --add-tracefile files.info --add-tracefile tests.info -o all.info
-	lcov --rc lcov_branch_coverage=1 --remove all.info -o final.info '*.h'
-	gendesc tests/Descriptions.txt -o descriptions
-	genhtml --title "mbed TLS" --description-file descriptions --keep-descriptions --legend --branch-coverage -o Coverage final.info
-	rm -f files.info tests.info all.info final.info descriptions
-
-apidoc:
-	mkdir -p apidoc
-	cd doxygen && doxygen mbedtls.doxyfile
-
-apidoc_clean:
-	rm -rf apidoc
-endif
-
-## Editor navigation files
-C_SOURCE_FILES = $(wildcard include/*/*.h library/*.[hc] programs/*/*.[hc] tests/suites/*.function)
-# Exuberant-ctags invocation. Other ctags implementations may require different options.
-CTAGS = ctags --langmap=c:+.h.function -o
-tags: $(C_SOURCE_FILES)
-	$(CTAGS) $@ $(C_SOURCE_FILES)
-TAGS: $(C_SOURCE_FILES)
-	etags -o $@ $(C_SOURCE_FILES)
-GPATH GRTAGS GSYMS GTAGS: $(C_SOURCE_FILES)
-	ls $(C_SOURCE_FILES) | gtags -f - --gtagsconf .globalrc

lib/mbedtls/dco.txt

@@ -1,37 +0,0 @@
-Developer Certificate of Origin
-Version 1.1
-
-Copyright (C) 2004, 2006 The Linux Foundation and its contributors.
-1 Letterman Drive
-Suite D4700
-San Francisco, CA, 94129
-
-Everyone is permitted to copy and distribute verbatim copies of this
-license document, but changing it is not allowed.
-
-
-Developer's Certificate of Origin 1.1
-
-By making a contribution to this project, I certify that:
-
-(a) The contribution was created in whole or in part by me and I
-    have the right to submit it under the open source license
-    indicated in the file; or
-
-(b) The contribution is based upon previous work that, to the best
-    of my knowledge, is covered under an appropriate open source
-    license and I have the right under that license to submit that
-    work with modifications, whether created in whole or in part
-    by me, under the same open source license (unless I am
-    permitted to submit under a different license), as indicated
-    in the file; or
-
-(c) The contribution was provided directly to me by some other
-    person who certified (a), (b) or (c) and I have not modified
-    it.
-
-(d) I understand and agree that this project and the contribution
-    are public and that a record of the contribution (including all
-    personal information I submit with it, including my sign-off) is
-    maintained indefinitely and may be redistributed consistent with
-    this project or the open source license(s) involved.

lib/mbedtls/include/.gitignore

@@ -1,4 +0,0 @@
-Makefile
-*.sln
-*.vcxproj
-mbedtls/check_config

lib/mbedtls/include/CMakeLists.txt

@@ -1,22 +0,0 @@
-option(INSTALL_MBEDTLS_HEADERS "Install mbed TLS headers." ON)
-
-if(INSTALL_MBEDTLS_HEADERS)
-
-    file(GLOB headers "mbedtls/*.h")
-    file(GLOB psa_headers "psa/*.h")
-
-    install(FILES ${headers}
-        DESTINATION include/mbedtls
-        PERMISSIONS OWNER_READ OWNER_WRITE GROUP_READ WORLD_READ)
-
-    install(FILES ${psa_headers}
-        DESTINATION include/psa
-        PERMISSIONS OWNER_READ OWNER_WRITE GROUP_READ WORLD_READ)
-
-endif(INSTALL_MBEDTLS_HEADERS)
-
-# Make config.h available in an out-of-source build. ssl-opt.sh requires it.
-if (ENABLE_TESTING AND NOT ${CMAKE_CURRENT_BINARY_DIR} STREQUAL ${CMAKE_CURRENT_SOURCE_DIR})
-    link_to_source(mbedtls)
-    link_to_source(psa)
-endif()

lib/mbedtls/include/mbedtls/aes.h

@@ -1,675 +0,0 @@
-/**
- * \file aes.h
- *
- * \brief   This file contains AES definitions and functions.
- *
- *          The Advanced Encryption Standard (AES) specifies a FIPS-approved
- *          cryptographic algorithm that can be used to protect electronic
- *          data.
- *
- *          The AES algorithm is a symmetric block cipher that can
- *          encrypt and decrypt information. For more information, see
- *          <em>FIPS Publication 197: Advanced Encryption Standard</em> and
- *          <em>ISO/IEC 18033-2:2006: Information technology -- Security
- *          techniques -- Encryption algorithms -- Part 2: Asymmetric
- *          ciphers</em>.
- *
- *          The AES-XTS block mode is standardized by NIST SP 800-38E
- *          <https://nvlpubs.nist.gov/nistpubs/legacy/sp/nistspecialpublication800-38e.pdf>
- *          and described in detail by IEEE P1619
- *          <https://ieeexplore.ieee.org/servlet/opac?punumber=4375278>.
- */
-
-/*
- *  Copyright (C) 2006-2018, Arm Limited (or its affiliates), All Rights Reserved.
- *  SPDX-License-Identifier: Apache-2.0
- *
- *  Licensed under the Apache License, Version 2.0 (the "License"); you may
- *  not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- *
- *  This file is part of Mbed TLS (https://tls.mbed.org)
- */
-
-#ifndef MBEDTLS_AES_H
-#define MBEDTLS_AES_H
-
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "mbedtls/config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
-
-#include <stddef.h>
-#include <stdint.h>
-
-/* padlock.c and aesni.c rely on these values! */
-#define MBEDTLS_AES_ENCRYPT     1 /**< AES encryption. */
-#define MBEDTLS_AES_DECRYPT     0 /**< AES decryption. */
-
-/* Error codes in range 0x0020-0x0022 */
-#define MBEDTLS_ERR_AES_INVALID_KEY_LENGTH                -0x0020  /**< Invalid key length. */
-#define MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH              -0x0022  /**< Invalid data input length. */
-
-/* Error codes in range 0x0021-0x0025 */
-#define MBEDTLS_ERR_AES_BAD_INPUT_DATA                    -0x0021  /**< Invalid input data. */
-
-/* MBEDTLS_ERR_AES_FEATURE_UNAVAILABLE is deprecated and should not be used. */
-#define MBEDTLS_ERR_AES_FEATURE_UNAVAILABLE               -0x0023  /**< Feature not available. For example, an unsupported AES key size. */
-
-/* MBEDTLS_ERR_AES_HW_ACCEL_FAILED is deprecated and should not be used. */
-#define MBEDTLS_ERR_AES_HW_ACCEL_FAILED                   -0x0025  /**< AES hardware accelerator failed. */
-
-#if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && \
-    !defined(inline) && !defined(__cplusplus)
-#define inline __inline
-#endif
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-#if !defined(MBEDTLS_AES_ALT)
-// Regular implementation
-//
-
-/**
- * \brief The AES context-type definition.
- */
-typedef struct mbedtls_aes_context
-{
-    int nr;                     /*!< The number of rounds. */
-    uint32_t *rk;               /*!< AES round keys. */
-    uint32_t buf[68];           /*!< Unaligned data buffer. This buffer can
-                                     hold 32 extra Bytes, which can be used for
-                                     one of the following purposes:
-                                     <ul><li>Alignment if VIA padlock is
-                                             used.</li>
-                                     <li>Simplifying key expansion in the 256-bit
-                                         case by generating an extra round key.
-                                         </li></ul> */
-}
-mbedtls_aes_context;
-
-#if defined(MBEDTLS_CIPHER_MODE_XTS)
-/**
- * \brief The AES XTS context-type definition.
- */
-typedef struct mbedtls_aes_xts_context
-{
-    mbedtls_aes_context crypt; /*!< The AES context to use for AES block
-                                        encryption or decryption. */
-    mbedtls_aes_context tweak; /*!< The AES context used for tweak
-                                        computation. */
-} mbedtls_aes_xts_context;
-#endif /* MBEDTLS_CIPHER_MODE_XTS */
-
-#else  /* MBEDTLS_AES_ALT */
-#include "aes_alt.h"
-#endif /* MBEDTLS_AES_ALT */
-
-/**
- * \brief          This function initializes the specified AES context.
- *
- *                 It must be the first API called before using
- *                 the context.
- *
- * \param ctx      The AES context to initialize. This must not be \c NULL.
- */
-void mbedtls_aes_init( mbedtls_aes_context *ctx );
-
-/**
- * \brief          This function releases and clears the specified AES context.
- *
- * \param ctx      The AES context to clear.
- *                 If this is \c NULL, this function does nothing.
- *                 Otherwise, the context must have been at least initialized.
- */
-void mbedtls_aes_free( mbedtls_aes_context *ctx );
-
-#if defined(MBEDTLS_CIPHER_MODE_XTS)
-/**
- * \brief          This function initializes the specified AES XTS context.
- *
- *                 It must be the first API called before using
- *                 the context.
- *
- * \param ctx      The AES XTS context to initialize. This must not be \c NULL.
- */
-void mbedtls_aes_xts_init( mbedtls_aes_xts_context *ctx );
-
-/**
- * \brief          This function releases and clears the specified AES XTS context.
- *
- * \param ctx      The AES XTS context to clear.
- *                 If this is \c NULL, this function does nothing.
- *                 Otherwise, the context must have been at least initialized.
- */
-void mbedtls_aes_xts_free( mbedtls_aes_xts_context *ctx );
-#endif /* MBEDTLS_CIPHER_MODE_XTS */
-
-/**
- * \brief          This function sets the encryption key.
- *
- * \param ctx      The AES context to which the key should be bound.
- *                 It must be initialized.
- * \param key      The encryption key.
- *                 This must be a readable buffer of size \p keybits bits.
- * \param keybits  The size of data passed in bits. Valid options are:
- *                 <ul><li>128 bits</li>
- *                 <li>192 bits</li>
- *                 <li>256 bits</li></ul>
- *
- * \return         \c 0 on success.
- * \return         #MBEDTLS_ERR_AES_INVALID_KEY_LENGTH on failure.
- */
-int mbedtls_aes_setkey_enc( mbedtls_aes_context *ctx, const unsigned char *key,
-                    unsigned int keybits );
-
-/**
- * \brief          This function sets the decryption key.
- *
- * \param ctx      The AES context to which the key should be bound.
- *                 It must be initialized.
- * \param key      The decryption key.
- *                 This must be a readable buffer of size \p keybits bits.
- * \param keybits  The size of data passed. Valid options are:
- *                 <ul><li>128 bits</li>
- *                 <li>192 bits</li>
- *                 <li>256 bits</li></ul>
- *
- * \return         \c 0 on success.
- * \return         #MBEDTLS_ERR_AES_INVALID_KEY_LENGTH on failure.
- */
-int mbedtls_aes_setkey_dec( mbedtls_aes_context *ctx, const unsigned char *key,
-                    unsigned int keybits );
-
-#if defined(MBEDTLS_CIPHER_MODE_XTS)
-/**
- * \brief          This function prepares an XTS context for encryption and
- *                 sets the encryption key.
- *
- * \param ctx      The AES XTS context to which the key should be bound.
- *                 It must be initialized.
- * \param key      The encryption key. This is comprised of the XTS key1
- *                 concatenated with the XTS key2.
- *                 This must be a readable buffer of size \p keybits bits.
- * \param keybits  The size of \p key passed in bits. Valid options are:
- *                 <ul><li>256 bits (each of key1 and key2 is a 128-bit key)</li>
- *                 <li>512 bits (each of key1 and key2 is a 256-bit key)</li></ul>
- *
- * \return         \c 0 on success.
- * \return         #MBEDTLS_ERR_AES_INVALID_KEY_LENGTH on failure.
- */
-int mbedtls_aes_xts_setkey_enc( mbedtls_aes_xts_context *ctx,
-                                const unsigned char *key,
-                                unsigned int keybits );
-
-/**
- * \brief          This function prepares an XTS context for decryption and
- *                 sets the decryption key.
- *
- * \param ctx      The AES XTS context to which the key should be bound.
- *                 It must be initialized.
- * \param key      The decryption key. This is comprised of the XTS key1
- *                 concatenated with the XTS key2.
- *                 This must be a readable buffer of size \p keybits bits.
- * \param keybits  The size of \p key passed in bits. Valid options are:
- *                 <ul><li>256 bits (each of key1 and key2 is a 128-bit key)</li>
- *                 <li>512 bits (each of key1 and key2 is a 256-bit key)</li></ul>
- *
- * \return         \c 0 on success.
- * \return         #MBEDTLS_ERR_AES_INVALID_KEY_LENGTH on failure.
- */
-int mbedtls_aes_xts_setkey_dec( mbedtls_aes_xts_context *ctx,
-                                const unsigned char *key,
-                                unsigned int keybits );
-#endif /* MBEDTLS_CIPHER_MODE_XTS */
-
-/**
- * \brief          This function performs an AES single-block encryption or
- *                 decryption operation.
- *
- *                 It performs the operation defined in the \p mode parameter
- *                 (encrypt or decrypt), on the input data buffer defined in
- *                 the \p input parameter.
- *
- *                 mbedtls_aes_init(), and either mbedtls_aes_setkey_enc() or
- *                 mbedtls_aes_setkey_dec() must be called before the first
- *                 call to this API with the same context.
- *
- * \param ctx      The AES context to use for encryption or decryption.
- *                 It must be initialized and bound to a key.
- * \param mode     The AES operation: #MBEDTLS_AES_ENCRYPT or
- *                 #MBEDTLS_AES_DECRYPT.
- * \param input    The buffer holding the input data.
- *                 It must be readable and at least \c 16 Bytes long.
- * \param output   The buffer where the output data will be written.
- *                 It must be writeable and at least \c 16 Bytes long.
-
- * \return         \c 0 on success.
- */
-int mbedtls_aes_crypt_ecb( mbedtls_aes_context *ctx,
-                    int mode,
-                    const unsigned char input[16],
-                    unsigned char output[16] );
-
-#if defined(MBEDTLS_CIPHER_MODE_CBC)
-/**
- * \brief  This function performs an AES-CBC encryption or decryption operation
- *         on full blocks.
- *
- *         It performs the operation defined in the \p mode
- *         parameter (encrypt/decrypt), on the input data buffer defined in
- *         the \p input parameter.
- *
- *         It can be called as many times as needed, until all the input
- *         data is processed. mbedtls_aes_init(), and either
- *         mbedtls_aes_setkey_enc() or mbedtls_aes_setkey_dec() must be called
- *         before the first call to this API with the same context.
- *
- * \note   This function operates on full blocks, that is, the input size
- *         must be a multiple of the AES block size of \c 16 Bytes.
- *
- * \note   Upon exit, the content of the IV is updated so that you can
- *         call the same function again on the next
- *         block(s) of data and get the same result as if it was
- *         encrypted in one call. This allows a "streaming" usage.
- *         If you need to retain the contents of the IV, you should
- *         either save it manually or use the cipher module instead.
- *
- *
- * \param ctx      The AES context to use for encryption or decryption.
- *                 It must be initialized and bound to a key.
- * \param mode     The AES operation: #MBEDTLS_AES_ENCRYPT or
- *                 #MBEDTLS_AES_DECRYPT.
- * \param length   The length of the input data in Bytes. This must be a
- *                 multiple of the block size (\c 16 Bytes).
- * \param iv       Initialization vector (updated after use).
- *                 It must be a readable and writeable buffer of \c 16 Bytes.
- * \param input    The buffer holding the input data.
- *                 It must be readable and of size \p length Bytes.
- * \param output   The buffer holding the output data.
- *                 It must be writeable and of size \p length Bytes.
- *
- * \return         \c 0 on success.
- * \return         #MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH
- *                 on failure.
- */
-int mbedtls_aes_crypt_cbc( mbedtls_aes_context *ctx,
-                    int mode,
-                    size_t length,
-                    unsigned char iv[16],
-                    const unsigned char *input,
-                    unsigned char *output );
-#endif /* MBEDTLS_CIPHER_MODE_CBC */
-
-#if defined(MBEDTLS_CIPHER_MODE_XTS)
-/**
- * \brief      This function performs an AES-XTS encryption or decryption
- *             operation for an entire XTS data unit.
- *
- *             AES-XTS encrypts or decrypts blocks based on their location as
- *             defined by a data unit number. The data unit number must be
- *             provided by \p data_unit.
- *
- *             NIST SP 800-38E limits the maximum size of a data unit to 2^20
- *             AES blocks. If the data unit is larger than this, this function
- *             returns #MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH.
- *
- * \param ctx          The AES XTS context to use for AES XTS operations.
- *                     It must be initialized and bound to a key.
- * \param mode         The AES operation: #MBEDTLS_AES_ENCRYPT or
- *                     #MBEDTLS_AES_DECRYPT.
- * \param length       The length of a data unit in Bytes. This can be any
- *                     length between 16 bytes and 2^24 bytes inclusive
- *                     (between 1 and 2^20 block cipher blocks).
- * \param data_unit    The address of the data unit encoded as an array of 16
- *                     bytes in little-endian format. For disk encryption, this
- *                     is typically the index of the block device sector that
- *                     contains the data.
- * \param input        The buffer holding the input data (which is an entire
- *                     data unit). This function reads \p length Bytes from \p
- *                     input.
- * \param output       The buffer holding the output data (which is an entire
- *                     data unit). This function writes \p length Bytes to \p
- *                     output.
- *
- * \return             \c 0 on success.
- * \return             #MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH if \p length is
- *                     smaller than an AES block in size (16 Bytes) or if \p
- *                     length is larger than 2^20 blocks (16 MiB).
- */
-int mbedtls_aes_crypt_xts( mbedtls_aes_xts_context *ctx,
-                           int mode,
-                           size_t length,
-                           const unsigned char data_unit[16],
-                           const unsigned char *input,
-                           unsigned char *output );
-#endif /* MBEDTLS_CIPHER_MODE_XTS */
-
-#if defined(MBEDTLS_CIPHER_MODE_CFB)
-/**
- * \brief This function performs an AES-CFB128 encryption or decryption
- *        operation.
- *
- *        It performs the operation defined in the \p mode
- *        parameter (encrypt or decrypt), on the input data buffer
- *        defined in the \p input parameter.
- *
- *        For CFB, you must set up the context with mbedtls_aes_setkey_enc(),
- *        regardless of whether you are performing an encryption or decryption
- *        operation, that is, regardless of the \p mode parameter. This is
- *        because CFB mode uses the same key schedule for encryption and
- *        decryption.
- *
- * \note  Upon exit, the content of the IV is updated so that you can
- *        call the same function again on the next
- *        block(s) of data and get the same result as if it was
- *        encrypted in one call. This allows a "streaming" usage.
- *        If you need to retain the contents of the
- *        IV, you must either save it manually or use the cipher
- *        module instead.
- *
- *
- * \param ctx      The AES context to use for encryption or decryption.
- *                 It must be initialized and bound to a key.
- * \param mode     The AES operation: #MBEDTLS_AES_ENCRYPT or
- *                 #MBEDTLS_AES_DECRYPT.
- * \param length   The length of the input data in Bytes.
- * \param iv_off   The offset in IV (updated after use).
- *                 It must point to a valid \c size_t.
- * \param iv       The initialization vector (updated after use).
- *                 It must be a readable and writeable buffer of \c 16 Bytes.
- * \param input    The buffer holding the input data.
- *                 It must be readable and of size \p length Bytes.
- * \param output   The buffer holding the output data.
- *                 It must be writeable and of size \p length Bytes.
- *
- * \return         \c 0 on success.
- */
-int mbedtls_aes_crypt_cfb128( mbedtls_aes_context *ctx,
-                       int mode,
-                       size_t length,
-                       size_t *iv_off,
-                       unsigned char iv[16],
-                       const unsigned char *input,
-                       unsigned char *output );
-
-/**
- * \brief This function performs an AES-CFB8 encryption or decryption
- *        operation.
- *
- *        It performs the operation defined in the \p mode
- *        parameter (encrypt/decrypt), on the input data buffer defined
- *        in the \p input parameter.
- *
- *        Due to the nature of CFB, you must use the same key schedule for
- *        both encryption and decryption operations. Therefore, you must
- *        use the context initialized with mbedtls_aes_setkey_enc() for
- *        both #MBEDTLS_AES_ENCRYPT and #MBEDTLS_AES_DECRYPT.
- *
- * \note  Upon exit, the content of the IV is updated so that you can
- *        call the same function again on the next
- *        block(s) of data and get the same result as if it was
- *        encrypted in one call. This allows a "streaming" usage.
- *        If you need to retain the contents of the
- *        IV, you should either save it manually or use the cipher
- *        module instead.
- *
- *
- * \param ctx      The AES context to use for encryption or decryption.
- *                 It must be initialized and bound to a key.
- * \param mode     The AES operation: #MBEDTLS_AES_ENCRYPT or
- *                 #MBEDTLS_AES_DECRYPT
- * \param length   The length of the input data.
- * \param iv       The initialization vector (updated after use).
- *                 It must be a readable and writeable buffer of \c 16 Bytes.
- * \param input    The buffer holding the input data.
- *                 It must be readable and of size \p length Bytes.
- * \param output   The buffer holding the output data.
- *                 It must be writeable and of size \p length Bytes.
- *
- * \return         \c 0 on success.
- */
-int mbedtls_aes_crypt_cfb8( mbedtls_aes_context *ctx,
-                    int mode,
-                    size_t length,
-                    unsigned char iv[16],
-                    const unsigned char *input,
-                    unsigned char *output );
-#endif /*MBEDTLS_CIPHER_MODE_CFB */
-
-#if defined(MBEDTLS_CIPHER_MODE_OFB)
-/**
- * \brief       This function performs an AES-OFB (Output Feedback Mode)
- *              encryption or decryption operation.
- *
- *              For OFB, you must set up the context with
- *              mbedtls_aes_setkey_enc(), regardless of whether you are
- *              performing an encryption or decryption operation. This is
- *              because OFB mode uses the same key schedule for encryption and
- *              decryption.
- *
- *              The OFB operation is identical for encryption or decryption,
- *              therefore no operation mode needs to be specified.
- *
- * \note        Upon exit, the content of iv, the Initialisation Vector, is
- *              updated so that you can call the same function again on the next
- *              block(s) of data and get the same result as if it was encrypted
- *              in one call. This allows a "streaming" usage, by initialising
- *              iv_off to 0 before the first call, and preserving its value
- *              between calls.
- *
- *              For non-streaming use, the iv should be initialised on each call
- *              to a unique value, and iv_off set to 0 on each call.
- *
- *              If you need to retain the contents of the initialisation vector,
- *              you must either save it manually or use the cipher module
- *              instead.
- *
- * \warning     For the OFB mode, the initialisation vector must be unique
- *              every encryption operation. Reuse of an initialisation vector
- *              will compromise security.
- *
- * \param ctx      The AES context to use for encryption or decryption.
- *                 It must be initialized and bound to a key.
- * \param length   The length of the input data.
- * \param iv_off   The offset in IV (updated after use).
- *                 It must point to a valid \c size_t.
- * \param iv       The initialization vector (updated after use).
- *                 It must be a readable and writeable buffer of \c 16 Bytes.
- * \param input    The buffer holding the input data.
- *                 It must be readable and of size \p length Bytes.
- * \param output   The buffer holding the output data.
- *                 It must be writeable and of size \p length Bytes.
- *
- * \return         \c 0 on success.
- */
-int mbedtls_aes_crypt_ofb( mbedtls_aes_context *ctx,
-                       size_t length,
-                       size_t *iv_off,
-                       unsigned char iv[16],
-                       const unsigned char *input,
-                       unsigned char *output );
-
-#endif /* MBEDTLS_CIPHER_MODE_OFB */
-
-#if defined(MBEDTLS_CIPHER_MODE_CTR)
-/**
- * \brief      This function performs an AES-CTR encryption or decryption
- *             operation.
- *
- *             This function performs the operation defined in the \p mode
- *             parameter (encrypt/decrypt), on the input data buffer
- *             defined in the \p input parameter.
- *
- *             Due to the nature of CTR, you must use the same key schedule
- *             for both encryption and decryption operations. Therefore, you
- *             must use the context initialized with mbedtls_aes_setkey_enc()
- *             for both #MBEDTLS_AES_ENCRYPT and #MBEDTLS_AES_DECRYPT.
- *
- * \warning    You must never reuse a nonce value with the same key. Doing so
- *             would void the encryption for the two messages encrypted with
- *             the same nonce and key.
- *
- *             There are two common strategies for managing nonces with CTR:
- *
- *             1. You can handle everything as a single message processed over
- *             successive calls to this function. In that case, you want to
- *             set \p nonce_counter and \p nc_off to 0 for the first call, and
- *             then preserve the values of \p nonce_counter, \p nc_off and \p
- *             stream_block across calls to this function as they will be
- *             updated by this function.
- *
- *             With this strategy, you must not encrypt more than 2**128
- *             blocks of data with the same key.
- *
- *             2. You can encrypt separate messages by dividing the \p
- *             nonce_counter buffer in two areas: the first one used for a
- *             per-message nonce, handled by yourself, and the second one
- *             updated by this function internally.
- *
- *             For example, you might reserve the first 12 bytes for the
- *             per-message nonce, and the last 4 bytes for internal use. In that
- *             case, before calling this function on a new message you need to
- *             set the first 12 bytes of \p nonce_counter to your chosen nonce
- *             value, the last 4 to 0, and \p nc_off to 0 (which will cause \p
- *             stream_block to be ignored). That way, you can encrypt at most
- *             2**96 messages of up to 2**32 blocks each with the same key.
- *
- *             The per-message nonce (or information sufficient to reconstruct
- *             it) needs to be communicated with the ciphertext and must be unique.
- *             The recommended way to ensure uniqueness is to use a message
- *             counter. An alternative is to generate random nonces, but this
- *             limits the number of messages that can be securely encrypted:
- *             for example, with 96-bit random nonces, you should not encrypt
- *             more than 2**32 messages with the same key.
- *
- *             Note that for both stategies, sizes are measured in blocks and
- *             that an AES block is 16 bytes.
- *
- * \warning    Upon return, \p stream_block contains sensitive data. Its
- *             content must not be written to insecure storage and should be
- *             securely discarded as soon as it's no longer needed.
- *
- * \param ctx              The AES context to use for encryption or decryption.
- *                         It must be initialized and bound to a key.
- * \param length           The length of the input data.
- * \param nc_off           The offset in the current \p stream_block, for
- *                         resuming within the current cipher stream. The
- *                         offset pointer should be 0 at the start of a stream.
- *                         It must point to a valid \c size_t.
- * \param nonce_counter    The 128-bit nonce and counter.
- *                         It must be a readable-writeable buffer of \c 16 Bytes.
- * \param stream_block     The saved stream block for resuming. This is
- *                         overwritten by the function.
- *                         It must be a readable-writeable buffer of \c 16 Bytes.
- * \param input            The buffer holding the input data.
- *                         It must be readable and of size \p length Bytes.
- * \param output           The buffer holding the output data.
- *                         It must be writeable and of size \p length Bytes.
- *
- * \return                 \c 0 on success.
- */
-int mbedtls_aes_crypt_ctr( mbedtls_aes_context *ctx,
-                       size_t length,
-                       size_t *nc_off,
-                       unsigned char nonce_counter[16],
-                       unsigned char stream_block[16],
-                       const unsigned char *input,
-                       unsigned char *output );
-#endif /* MBEDTLS_CIPHER_MODE_CTR */
-
-/**
- * \brief           Internal AES block encryption function. This is only
- *                  exposed to allow overriding it using
- *                  \c MBEDTLS_AES_ENCRYPT_ALT.
- *
- * \param ctx       The AES context to use for encryption.
- * \param input     The plaintext block.
- * \param output    The output (ciphertext) block.
- *
- * \return          \c 0 on success.
- */
-int mbedtls_internal_aes_encrypt( mbedtls_aes_context *ctx,
-                                  const unsigned char input[16],
-                                  unsigned char output[16] );
-
-/**
- * \brief           Internal AES block decryption function. This is only
- *                  exposed to allow overriding it using see
- *                  \c MBEDTLS_AES_DECRYPT_ALT.
- *
- * \param ctx       The AES context to use for decryption.
- * \param input     The ciphertext block.
- * \param output    The output (plaintext) block.
- *
- * \return          \c 0 on success.
- */
-int mbedtls_internal_aes_decrypt( mbedtls_aes_context *ctx,
-                                  const unsigned char input[16],
-                                  unsigned char output[16] );
-
-#if !defined(MBEDTLS_DEPRECATED_REMOVED)
-#if defined(MBEDTLS_DEPRECATED_WARNING)
-#define MBEDTLS_DEPRECATED      __attribute__((deprecated))
-#else
-#define MBEDTLS_DEPRECATED
-#endif
-/**
- * \brief           Deprecated internal AES block encryption function
- *                  without return value.
- *
- * \deprecated      Superseded by mbedtls_internal_aes_encrypt()
- *
- * \param ctx       The AES context to use for encryption.
- * \param input     Plaintext block.
- * \param output    Output (ciphertext) block.
- */
-MBEDTLS_DEPRECATED void mbedtls_aes_encrypt( mbedtls_aes_context *ctx,
-                                             const unsigned char input[16],
-                                             unsigned char output[16] );
-
-/**
- * \brief           Deprecated internal AES block decryption function
- *                  without return value.
- *
- * \deprecated      Superseded by mbedtls_internal_aes_decrypt()
- *
- * \param ctx       The AES context to use for decryption.
- * \param input     Ciphertext block.
- * \param output    Output (plaintext) block.
- */
-MBEDTLS_DEPRECATED void mbedtls_aes_decrypt( mbedtls_aes_context *ctx,
-                                             const unsigned char input[16],
-                                             unsigned char output[16] );
-
-#undef MBEDTLS_DEPRECATED
-#endif /* !MBEDTLS_DEPRECATED_REMOVED */
-
-
-#if defined(MBEDTLS_SELF_TEST)
-/**
- * \brief          Checkup routine.
- *
- * \return         \c 0 on success.
- * \return         \c 1 on failure.
- */
-int mbedtls_aes_self_test( int verbose );
-
-#endif /* MBEDTLS_SELF_TEST */
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* aes.h */

lib/mbedtls/include/mbedtls/aesni.h

@@ -1,138 +0,0 @@
-/**
- * \file aesni.h
- *
- * \brief AES-NI for hardware AES acceleration on some Intel processors
- *
- * \warning These functions are only for internal use by other library
- *          functions; you must not call them directly.
- */
-/*
- *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
- *  SPDX-License-Identifier: Apache-2.0
- *
- *  Licensed under the Apache License, Version 2.0 (the "License"); you may
- *  not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- *
- *  This file is part of mbed TLS (https://tls.mbed.org)
- */
-#ifndef MBEDTLS_AESNI_H
-#define MBEDTLS_AESNI_H
-
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "mbedtls/config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
-
-#include "mbedtls/aes.h"
-
-#define MBEDTLS_AESNI_AES      0x02000000u
-#define MBEDTLS_AESNI_CLMUL    0x00000002u
-
-#if defined(MBEDTLS_HAVE_ASM) && defined(__GNUC__) &&  \
-    ( defined(__amd64__) || defined(__x86_64__) )   &&  \
-    ! defined(MBEDTLS_HAVE_X86_64)
-#define MBEDTLS_HAVE_X86_64
-#endif
-
-#if defined(MBEDTLS_HAVE_X86_64)
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/**
- * \brief          Internal function to detect the AES-NI feature in CPUs.
- *
- * \note           This function is only for internal use by other library
- *                 functions; you must not call it directly.
- *
- * \param what     The feature to detect
- *                 (MBEDTLS_AESNI_AES or MBEDTLS_AESNI_CLMUL)
- *
- * \return         1 if CPU has support for the feature, 0 otherwise
- */
-int mbedtls_aesni_has_support( unsigned int what );
-
-/**
- * \brief          Internal AES-NI AES-ECB block encryption and decryption
- *
- * \note           This function is only for internal use by other library
- *                 functions; you must not call it directly.
- *
- * \param ctx      AES context
- * \param mode     MBEDTLS_AES_ENCRYPT or MBEDTLS_AES_DECRYPT
- * \param input    16-byte input block
- * \param output   16-byte output block
- *
- * \return         0 on success (cannot fail)
- */
-int mbedtls_aesni_crypt_ecb( mbedtls_aes_context *ctx,
-                             int mode,
-                             const unsigned char input[16],
-                             unsigned char output[16] );
-
-/**
- * \brief          Internal GCM multiplication: c = a * b in GF(2^128)
- *
- * \note           This function is only for internal use by other library
- *                 functions; you must not call it directly.
- *
- * \param c        Result
- * \param a        First operand
- * \param b        Second operand
- *
- * \note           Both operands and result are bit strings interpreted as
- *                 elements of GF(2^128) as per the GCM spec.
- */
-void mbedtls_aesni_gcm_mult( unsigned char c[16],
-                             const unsigned char a[16],
-                             const unsigned char b[16] );
-
-/**
- * \brief           Internal round key inversion. This function computes
- *                  decryption round keys from the encryption round keys.
- *
- * \note            This function is only for internal use by other library
- *                  functions; you must not call it directly.
- *
- * \param invkey    Round keys for the equivalent inverse cipher
- * \param fwdkey    Original round keys (for encryption)
- * \param nr        Number of rounds (that is, number of round keys minus one)
- */
-void mbedtls_aesni_inverse_key( unsigned char *invkey,
-                                const unsigned char *fwdkey,
-                                int nr );
-
-/**
- * \brief           Internal key expansion for encryption
- *
- * \note            This function is only for internal use by other library
- *                  functions; you must not call it directly.
- *
- * \param rk        Destination buffer where the round keys are written
- * \param key       Encryption key
- * \param bits      Key size in bits (must be 128, 192 or 256)
- *
- * \return          0 if successful, or MBEDTLS_ERR_AES_INVALID_KEY_LENGTH
- */
-int mbedtls_aesni_setkey_enc( unsigned char *rk,
-                              const unsigned char *key,
-                              size_t bits );
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* MBEDTLS_HAVE_X86_64 */
-
-#endif /* MBEDTLS_AESNI_H */

lib/mbedtls/include/mbedtls/arc4.h

@@ -1,146 +0,0 @@
-/**
- * \file arc4.h
- *
- * \brief The ARCFOUR stream cipher
- *
- * \warning   ARC4 is considered a weak cipher and its use constitutes a
- *            security risk. We recommend considering stronger ciphers instead.
- */
-/*
- *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
- *  SPDX-License-Identifier: Apache-2.0
- *
- *  Licensed under the Apache License, Version 2.0 (the "License"); you may
- *  not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- *
- *  This file is part of mbed TLS (https://tls.mbed.org)
- *
- */
-#ifndef MBEDTLS_ARC4_H
-#define MBEDTLS_ARC4_H
-
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "mbedtls/config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
-
-#include <stddef.h>
-
-/* MBEDTLS_ERR_ARC4_HW_ACCEL_FAILED is deprecated and should not be used. */
-#define MBEDTLS_ERR_ARC4_HW_ACCEL_FAILED                  -0x0019  /**< ARC4 hardware accelerator failed. */
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-#if !defined(MBEDTLS_ARC4_ALT)
-// Regular implementation
-//
-
-/**
- * \brief     ARC4 context structure
- *
- * \warning   ARC4 is considered a weak cipher and its use constitutes a
- *            security risk. We recommend considering stronger ciphers instead.
- *
- */
-typedef struct mbedtls_arc4_context
-{
-    int x;                      /*!< permutation index */
-    int y;                      /*!< permutation index */
-    unsigned char m[256];       /*!< permutation table */
-}
-mbedtls_arc4_context;
-
-#else  /* MBEDTLS_ARC4_ALT */
-#include "arc4_alt.h"
-#endif /* MBEDTLS_ARC4_ALT */
-
-/**
- * \brief          Initialize ARC4 context
- *
- * \param ctx      ARC4 context to be initialized
- *
- * \warning        ARC4 is considered a weak cipher and its use constitutes a
- *                 security risk. We recommend considering stronger ciphers
- *                 instead.
- *
- */
-void mbedtls_arc4_init( mbedtls_arc4_context *ctx );
-
-/**
- * \brief          Clear ARC4 context
- *
- * \param ctx      ARC4 context to be cleared
- *
- * \warning        ARC4 is considered a weak cipher and its use constitutes a
- *                 security risk. We recommend considering stronger ciphers
- *                 instead.
- *
- */
-void mbedtls_arc4_free( mbedtls_arc4_context *ctx );
-
-/**
- * \brief          ARC4 key schedule
- *
- * \param ctx      ARC4 context to be setup
- * \param key      the secret key
- * \param keylen   length of the key, in bytes
- *
- * \warning        ARC4 is considered a weak cipher and its use constitutes a
- *                 security risk. We recommend considering stronger ciphers
- *                 instead.
- *
- */
-void mbedtls_arc4_setup( mbedtls_arc4_context *ctx, const unsigned char *key,
-                 unsigned int keylen );
-
-/**
- * \brief          ARC4 cipher function
- *
- * \param ctx      ARC4 context
- * \param length   length of the input data
- * \param input    buffer holding the input data
- * \param output   buffer for the output data
- *
- * \return         0 if successful
- *
- * \warning        ARC4 is considered a weak cipher and its use constitutes a
- *                 security risk. We recommend considering stronger ciphers
- *                 instead.
- *
- */
-int mbedtls_arc4_crypt( mbedtls_arc4_context *ctx, size_t length, const unsigned char *input,
-                unsigned char *output );
-
-#if defined(MBEDTLS_SELF_TEST)
-
-/**
- * \brief          Checkup routine
- *
- * \return         0 if successful, or 1 if the test failed
- *
- * \warning        ARC4 is considered a weak cipher and its use constitutes a
- *                 security risk. We recommend considering stronger ciphers
- *                 instead.
- *
- */
-int mbedtls_arc4_self_test( int verbose );
-
-#endif /* MBEDTLS_SELF_TEST */
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* arc4.h */

lib/mbedtls/include/mbedtls/aria.h

@@ -1,371 +0,0 @@
-/**
- * \file aria.h
- *
- * \brief ARIA block cipher
- *
- *        The ARIA algorithm is a symmetric block cipher that can encrypt and
- *        decrypt information. It is defined by the Korean Agency for
- *        Technology and Standards (KATS) in <em>KS X 1213:2004</em> (in
- *        Korean, but see http://210.104.33.10/ARIA/index-e.html in English)
- *        and also described by the IETF in <em>RFC 5794</em>.
- */
-/*
- *  Copyright (C) 2006-2018, ARM Limited, All Rights Reserved
- *  SPDX-License-Identifier: Apache-2.0
- *
- *  Licensed under the Apache License, Version 2.0 (the "License"); you may
- *  not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- *
- *  This file is part of mbed TLS (https://tls.mbed.org)
- */
-
-#ifndef MBEDTLS_ARIA_H
-#define MBEDTLS_ARIA_H
-
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "mbedtls/config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
-
-#include <stddef.h>
-#include <stdint.h>
-
-#include "mbedtls/platform_util.h"
-
-#define MBEDTLS_ARIA_ENCRYPT     1 /**< ARIA encryption. */
-#define MBEDTLS_ARIA_DECRYPT     0 /**< ARIA decryption. */
-
-#define MBEDTLS_ARIA_BLOCKSIZE   16 /**< ARIA block size in bytes. */
-#define MBEDTLS_ARIA_MAX_ROUNDS  16 /**< Maxiumum number of rounds in ARIA. */
-#define MBEDTLS_ARIA_MAX_KEYSIZE 32 /**< Maximum size of an ARIA key in bytes. */
-
-#if !defined(MBEDTLS_DEPRECATED_REMOVED)
-#define MBEDTLS_ERR_ARIA_INVALID_KEY_LENGTH   MBEDTLS_DEPRECATED_NUMERIC_CONSTANT( -0x005C )
-#endif /* !MBEDTLS_DEPRECATED_REMOVED */
-#define MBEDTLS_ERR_ARIA_BAD_INPUT_DATA -0x005C /**< Bad input data. */
-
-#define MBEDTLS_ERR_ARIA_INVALID_INPUT_LENGTH -0x005E /**< Invalid data input length. */
-
-/* MBEDTLS_ERR_ARIA_FEATURE_UNAVAILABLE is deprecated and should not be used.
- */
-#define MBEDTLS_ERR_ARIA_FEATURE_UNAVAILABLE  -0x005A  /**< Feature not available. For example, an unsupported ARIA key size. */
-
-/* MBEDTLS_ERR_ARIA_HW_ACCEL_FAILED is deprecated and should not be used. */
-#define MBEDTLS_ERR_ARIA_HW_ACCEL_FAILED      -0x0058  /**< ARIA hardware accelerator failed. */
-
-#if !defined(MBEDTLS_ARIA_ALT)
-// Regular implementation
-//
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/**
- * \brief The ARIA context-type definition.
- */
-typedef struct mbedtls_aria_context
-{
-    unsigned char nr;           /*!< The number of rounds (12, 14 or 16) */
-    /*! The ARIA round keys. */
-    uint32_t rk[MBEDTLS_ARIA_MAX_ROUNDS + 1][MBEDTLS_ARIA_BLOCKSIZE / 4];
-}
-mbedtls_aria_context;
-
-#else  /* MBEDTLS_ARIA_ALT */
-#include "aria_alt.h"
-#endif /* MBEDTLS_ARIA_ALT */
-
-/**
- * \brief          This function initializes the specified ARIA context.
- *
- *                 It must be the first API called before using
- *                 the context.
- *
- * \param ctx      The ARIA context to initialize. This must not be \c NULL.
- */
-void mbedtls_aria_init( mbedtls_aria_context *ctx );
-
-/**
- * \brief          This function releases and clears the specified ARIA context.
- *
- * \param ctx      The ARIA context to clear. This may be \c NULL, in which
- *                 case this function returns immediately. If it is not \c NULL,
- *                 it must point to an initialized ARIA context.
- */
-void mbedtls_aria_free( mbedtls_aria_context *ctx );
-
-/**
- * \brief          This function sets the encryption key.
- *
- * \param ctx      The ARIA context to which the key should be bound.
- *                 This must be initialized.
- * \param key      The encryption key. This must be a readable buffer
- *                 of size \p keybits Bits.
- * \param keybits  The size of \p key in Bits. Valid options are:
- *                 <ul><li>128 bits</li>
- *                 <li>192 bits</li>
- *                 <li>256 bits</li></ul>
- *
- * \return         \c 0 on success.
- * \return         A negative error code on failure.
- */
-int mbedtls_aria_setkey_enc( mbedtls_aria_context *ctx,
-                             const unsigned char *key,
-                             unsigned int keybits );
-
-/**
- * \brief          This function sets the decryption key.
- *
- * \param ctx      The ARIA context to which the key should be bound.
- *                 This must be initialized.
- * \param key      The decryption key. This must be a readable buffer
- *                 of size \p keybits Bits.
- * \param keybits  The size of data passed. Valid options are:
- *                 <ul><li>128 bits</li>
- *                 <li>192 bits</li>
- *                 <li>256 bits</li></ul>
- *
- * \return         \c 0 on success.
- * \return         A negative error code on failure.
- */
-int mbedtls_aria_setkey_dec( mbedtls_aria_context *ctx,
-                             const unsigned char *key,
-                             unsigned int keybits );
-
-/**
- * \brief          This function performs an ARIA single-block encryption or
- *                 decryption operation.
- *
- *                 It performs encryption or decryption (depending on whether
- *                 the key was set for encryption on decryption) on the input
- *                 data buffer defined in the \p input parameter.
- *
- *                 mbedtls_aria_init(), and either mbedtls_aria_setkey_enc() or
- *                 mbedtls_aria_setkey_dec() must be called before the first
- *                 call to this API with the same context.
- *
- * \param ctx      The ARIA context to use for encryption or decryption.
- *                 This must be initialized and bound to a key.
- * \param input    The 16-Byte buffer holding the input data.
- * \param output   The 16-Byte buffer holding the output data.
-
- * \return         \c 0 on success.
- * \return         A negative error code on failure.
- */
-int mbedtls_aria_crypt_ecb( mbedtls_aria_context *ctx,
-                            const unsigned char input[MBEDTLS_ARIA_BLOCKSIZE],
-                            unsigned char output[MBEDTLS_ARIA_BLOCKSIZE] );
-
-#if defined(MBEDTLS_CIPHER_MODE_CBC)
-/**
- * \brief  This function performs an ARIA-CBC encryption or decryption operation
- *         on full blocks.
- *
- *         It performs the operation defined in the \p mode
- *         parameter (encrypt/decrypt), on the input data buffer defined in
- *         the \p input parameter.
- *
- *         It can be called as many times as needed, until all the input
- *         data is processed. mbedtls_aria_init(), and either
- *         mbedtls_aria_setkey_enc() or mbedtls_aria_setkey_dec() must be called
- *         before the first call to this API with the same context.
- *
- * \note   This function operates on aligned blocks, that is, the input size
- *         must be a multiple of the ARIA block size of 16 Bytes.
- *
- * \note   Upon exit, the content of the IV is updated so that you can
- *         call the same function again on the next
- *         block(s) of data and get the same result as if it was
- *         encrypted in one call. This allows a "streaming" usage.
- *         If you need to retain the contents of the IV, you should
- *         either save it manually or use the cipher module instead.
- *
- *
- * \param ctx      The ARIA context to use for encryption or decryption.
- *                 This must be initialized and bound to a key.
- * \param mode     The mode of operation. This must be either
- *                 #MBEDTLS_ARIA_ENCRYPT for encryption, or
- *                 #MBEDTLS_ARIA_DECRYPT for decryption.
- * \param length   The length of the input data in Bytes. This must be a
- *                 multiple of the block size (16 Bytes).
- * \param iv       Initialization vector (updated after use).
- *                 This must be a readable buffer of size 16 Bytes.
- * \param input    The buffer holding the input data. This must
- *                 be a readable buffer of length \p length Bytes.
- * \param output   The buffer holding the output data. This must
- *                 be a writable buffer of length \p length Bytes.
- *
- * \return         \c 0 on success.
- * \return         A negative error code on failure.
- */
-int mbedtls_aria_crypt_cbc( mbedtls_aria_context *ctx,
-                            int mode,
-                            size_t length,
-                            unsigned char iv[MBEDTLS_ARIA_BLOCKSIZE],
-                            const unsigned char *input,
-                            unsigned char *output );
-#endif /* MBEDTLS_CIPHER_MODE_CBC */
-
-#if defined(MBEDTLS_CIPHER_MODE_CFB)
-/**
- * \brief This function performs an ARIA-CFB128 encryption or decryption
- *        operation.
- *
- *        It performs the operation defined in the \p mode
- *        parameter (encrypt or decrypt), on the input data buffer
- *        defined in the \p input parameter.
- *
- *        For CFB, you must set up the context with mbedtls_aria_setkey_enc(),
- *        regardless of whether you are performing an encryption or decryption
- *        operation, that is, regardless of the \p mode parameter. This is
- *        because CFB mode uses the same key schedule for encryption and
- *        decryption.
- *
- * \note  Upon exit, the content of the IV is updated so that you can
- *        call the same function again on the next
- *        block(s) of data and get the same result as if it was
- *        encrypted in one call. This allows a "streaming" usage.
- *        If you need to retain the contents of the
- *        IV, you must either save it manually or use the cipher
- *        module instead.
- *
- *
- * \param ctx      The ARIA context to use for encryption or decryption.
- *                 This must be initialized and bound to a key.
- * \param mode     The mode of operation. This must be either
- *                 #MBEDTLS_ARIA_ENCRYPT for encryption, or
- *                 #MBEDTLS_ARIA_DECRYPT for decryption.
- * \param length   The length of the input data \p input in Bytes.
- * \param iv_off   The offset in IV (updated after use).
- *                 This must not be larger than 15.
- * \param iv       The initialization vector (updated after use).
- *                 This must be a readable buffer of size 16 Bytes.
- * \param input    The buffer holding the input data. This must
- *                 be a readable buffer of length \p length Bytes.
- * \param output   The buffer holding the output data. This must
- *                 be a writable buffer of length \p length Bytes.
- *
- * \return         \c 0 on success.
- * \return         A negative error code on failure.
- */
-int mbedtls_aria_crypt_cfb128( mbedtls_aria_context *ctx,
-                               int mode,
-                               size_t length,
-                               size_t *iv_off,
-                               unsigned char iv[MBEDTLS_ARIA_BLOCKSIZE],
-                               const unsigned char *input,
-                               unsigned char *output );
-#endif /* MBEDTLS_CIPHER_MODE_CFB */
-
-#if defined(MBEDTLS_CIPHER_MODE_CTR)
-/**
- * \brief      This function performs an ARIA-CTR encryption or decryption
- *             operation.
- *
- *             This function performs the operation defined in the \p mode
- *             parameter (encrypt/decrypt), on the input data buffer
- *             defined in the \p input parameter.
- *
- *             Due to the nature of CTR, you must use the same key schedule
- *             for both encryption and decryption operations. Therefore, you
- *             must use the context initialized with mbedtls_aria_setkey_enc()
- *             for both #MBEDTLS_ARIA_ENCRYPT and #MBEDTLS_ARIA_DECRYPT.
- *
- * \warning    You must never reuse a nonce value with the same key. Doing so
- *             would void the encryption for the two messages encrypted with
- *             the same nonce and key.
- *
- *             There are two common strategies for managing nonces with CTR:
- *
- *             1. You can handle everything as a single message processed over
- *             successive calls to this function. In that case, you want to
- *             set \p nonce_counter and \p nc_off to 0 for the first call, and
- *             then preserve the values of \p nonce_counter, \p nc_off and \p
- *             stream_block across calls to this function as they will be
- *             updated by this function.
- *
- *             With this strategy, you must not encrypt more than 2**128
- *             blocks of data with the same key.
- *
- *             2. You can encrypt separate messages by dividing the \p
- *             nonce_counter buffer in two areas: the first one used for a
- *             per-message nonce, handled by yourself, and the second one
- *             updated by this function internally.
- *
- *             For example, you might reserve the first 12 bytes for the
- *             per-message nonce, and the last 4 bytes for internal use. In that
- *             case, before calling this function on a new message you need to
- *             set the first 12 bytes of \p nonce_counter to your chosen nonce
- *             value, the last 4 to 0, and \p nc_off to 0 (which will cause \p
- *             stream_block to be ignored). That way, you can encrypt at most
- *             2**96 messages of up to 2**32 blocks each with the same key.
- *
- *             The per-message nonce (or information sufficient to reconstruct
- *             it) needs to be communicated with the ciphertext and must be unique.
- *             The recommended way to ensure uniqueness is to use a message
- *             counter. An alternative is to generate random nonces, but this
- *             limits the number of messages that can be securely encrypted:
- *             for example, with 96-bit random nonces, you should not encrypt
- *             more than 2**32 messages with the same key.
- *
- *             Note that for both stategies, sizes are measured in blocks and
- *             that an ARIA block is 16 bytes.
- *
- * \warning    Upon return, \p stream_block contains sensitive data. Its
- *             content must not be written to insecure storage and should be
- *             securely discarded as soon as it's no longer needed.
- *
- * \param ctx              The ARIA context to use for encryption or decryption.
- *                         This must be initialized and bound to a key.
- * \param length           The length of the input data \p input in Bytes.
- * \param nc_off           The offset in Bytes in the current \p stream_block,
- *                         for resuming within the current cipher stream. The
- *                         offset pointer should be \c 0 at the start of a
- *                         stream. This must not be larger than \c 15 Bytes.
- * \param nonce_counter    The 128-bit nonce and counter. This must point to
- *                         a read/write buffer of length \c 16 bytes.
- * \param stream_block     The saved stream block for resuming. This must
- *                         point to a read/write buffer of length \c 16 bytes.
- *                         This is overwritten by the function.
- * \param input            The buffer holding the input data. This must
- *                         be a readable buffer of length \p length Bytes.
- * \param output           The buffer holding the output data. This must
- *                         be a writable buffer of length \p length Bytes.
- *
- * \return                 \c 0 on success.
- * \return                 A negative error code on failure.
- */
-int mbedtls_aria_crypt_ctr( mbedtls_aria_context *ctx,
-                            size_t length,
-                            size_t *nc_off,
-                            unsigned char nonce_counter[MBEDTLS_ARIA_BLOCKSIZE],
-                            unsigned char stream_block[MBEDTLS_ARIA_BLOCKSIZE],
-                            const unsigned char *input,
-                            unsigned char *output );
-#endif /* MBEDTLS_CIPHER_MODE_CTR */
-
-#if defined(MBEDTLS_SELF_TEST)
-/**
- * \brief          Checkup routine.
- *
- * \return         \c 0 on success, or \c 1 on failure.
- */
-int mbedtls_aria_self_test( int verbose );
-#endif /* MBEDTLS_SELF_TEST */
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* aria.h */

lib/mbedtls/include/mbedtls/asn1.h

@@ -1,609 +0,0 @@
-/**
- * \file asn1.h
- *
- * \brief Generic ASN.1 parsing
- */
-/*
- *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
- *  SPDX-License-Identifier: Apache-2.0
- *
- *  Licensed under the Apache License, Version 2.0 (the "License"); you may
- *  not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- *
- *  This file is part of mbed TLS (https://tls.mbed.org)
- */
-#ifndef MBEDTLS_ASN1_H
-#define MBEDTLS_ASN1_H
-
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "mbedtls/config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
-
-#include <stddef.h>
-
-#if defined(MBEDTLS_BIGNUM_C)
-#include "mbedtls/bignum.h"
-#endif
-
-/**
- * \addtogroup asn1_module
- * \{
- */
-
-/**
- * \name ASN1 Error codes
- * These error codes are OR'ed to X509 error codes for
- * higher error granularity.
- * ASN1 is a standard to specify data structures.
- * \{
- */
-#define MBEDTLS_ERR_ASN1_OUT_OF_DATA                      -0x0060  /**< Out of data when parsing an ASN1 data structure. */
-#define MBEDTLS_ERR_ASN1_UNEXPECTED_TAG                   -0x0062  /**< ASN1 tag was of an unexpected value. */
-#define MBEDTLS_ERR_ASN1_INVALID_LENGTH                   -0x0064  /**< Error when trying to determine the length or invalid length. */
-#define MBEDTLS_ERR_ASN1_LENGTH_MISMATCH                  -0x0066  /**< Actual length differs from expected length. */
-#define MBEDTLS_ERR_ASN1_INVALID_DATA                     -0x0068  /**< Data is invalid. */
-#define MBEDTLS_ERR_ASN1_ALLOC_FAILED                     -0x006A  /**< Memory allocation failed */
-#define MBEDTLS_ERR_ASN1_BUF_TOO_SMALL                    -0x006C  /**< Buffer too small when writing ASN.1 data structure. */
-
-/* \} name */
-
-/**
- * \name DER constants
- * These constants comply with the DER encoded ASN.1 type tags.
- * DER encoding uses hexadecimal representation.
- * An example DER sequence is:\n
- * - 0x02 -- tag indicating INTEGER
- * - 0x01 -- length in octets
- * - 0x05 -- value
- * Such sequences are typically read into \c ::mbedtls_x509_buf.
- * \{
- */
-#define MBEDTLS_ASN1_BOOLEAN                 0x01
-#define MBEDTLS_ASN1_INTEGER                 0x02
-#define MBEDTLS_ASN1_BIT_STRING              0x03
-#define MBEDTLS_ASN1_OCTET_STRING            0x04
-#define MBEDTLS_ASN1_NULL                    0x05
-#define MBEDTLS_ASN1_OID                     0x06
-#define MBEDTLS_ASN1_ENUMERATED              0x0A
-#define MBEDTLS_ASN1_UTF8_STRING             0x0C
-#define MBEDTLS_ASN1_SEQUENCE                0x10
-#define MBEDTLS_ASN1_SET                     0x11
-#define MBEDTLS_ASN1_PRINTABLE_STRING        0x13
-#define MBEDTLS_ASN1_T61_STRING              0x14
-#define MBEDTLS_ASN1_IA5_STRING              0x16
-#define MBEDTLS_ASN1_UTC_TIME                0x17
-#define MBEDTLS_ASN1_GENERALIZED_TIME        0x18
-#define MBEDTLS_ASN1_UNIVERSAL_STRING        0x1C
-#define MBEDTLS_ASN1_BMP_STRING              0x1E
-#define MBEDTLS_ASN1_PRIMITIVE               0x00
-#define MBEDTLS_ASN1_CONSTRUCTED             0x20
-#define MBEDTLS_ASN1_CONTEXT_SPECIFIC        0x80
-
-/* Slightly smaller way to check if tag is a string tag
- * compared to canonical implementation. */
-#define MBEDTLS_ASN1_IS_STRING_TAG( tag )                                     \
-    ( ( tag ) < 32u && (                                                      \
-        ( ( 1u << ( tag ) ) & ( ( 1u << MBEDTLS_ASN1_BMP_STRING )       |     \
-                                ( 1u << MBEDTLS_ASN1_UTF8_STRING )      |     \
-                                ( 1u << MBEDTLS_ASN1_T61_STRING )       |     \
-                                ( 1u << MBEDTLS_ASN1_IA5_STRING )       |     \
-                                ( 1u << MBEDTLS_ASN1_UNIVERSAL_STRING ) |     \
-                                ( 1u << MBEDTLS_ASN1_PRINTABLE_STRING ) |     \
-                                ( 1u << MBEDTLS_ASN1_BIT_STRING ) ) ) != 0 ) )
-
-/*
- * Bit masks for each of the components of an ASN.1 tag as specified in
- * ITU X.690 (08/2015), section 8.1 "General rules for encoding",
- * paragraph 8.1.2.2:
- *
- * Bit  8     7   6   5          1
- *     +-------+-----+------------+
- *     | Class | P/C | Tag number |
- *     +-------+-----+------------+
- */
-#define MBEDTLS_ASN1_TAG_CLASS_MASK          0xC0
-#define MBEDTLS_ASN1_TAG_PC_MASK             0x20
-#define MBEDTLS_ASN1_TAG_VALUE_MASK          0x1F
-
-/* \} name */
-/* \} addtogroup asn1_module */
-
-/** Returns the size of the binary string, without the trailing \\0 */
-#define MBEDTLS_OID_SIZE(x) (sizeof(x) - 1)
-
-/**
- * Compares an mbedtls_asn1_buf structure to a reference OID.
- *
- * Only works for 'defined' oid_str values (MBEDTLS_OID_HMAC_SHA1), you cannot use a
- * 'unsigned char *oid' here!
- */
-#define MBEDTLS_OID_CMP(oid_str, oid_buf)                                   \
-        ( ( MBEDTLS_OID_SIZE(oid_str) != (oid_buf)->len ) ||                \
-          memcmp( (oid_str), (oid_buf)->p, (oid_buf)->len) != 0 )
-
-#define MBEDTLS_OID_CMP_RAW(oid_str, oid_buf, oid_buf_len)              \
-        ( ( MBEDTLS_OID_SIZE(oid_str) != (oid_buf_len) ) ||             \
-          memcmp( (oid_str), (oid_buf), (oid_buf_len) ) != 0 )
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/**
- * \name Functions to parse ASN.1 data structures
- * \{
- */
-
-/**
- * Type-length-value structure that allows for ASN1 using DER.
- */
-typedef struct mbedtls_asn1_buf
-{
-    int tag;                /**< ASN1 type, e.g. MBEDTLS_ASN1_UTF8_STRING. */
-    size_t len;             /**< ASN1 length, in octets. */
-    unsigned char *p;       /**< ASN1 data, e.g. in ASCII. */
-}
-mbedtls_asn1_buf;
-
-/**
- * Container for ASN1 bit strings.
- */
-typedef struct mbedtls_asn1_bitstring
-{
-    size_t len;                 /**< ASN1 length, in octets. */
-    unsigned char unused_bits;  /**< Number of unused bits at the end of the string */
-    unsigned char *p;           /**< Raw ASN1 data for the bit string */
-}
-mbedtls_asn1_bitstring;
-
-/**
- * Container for a sequence of ASN.1 items
- */
-typedef struct mbedtls_asn1_sequence
-{
-    mbedtls_asn1_buf buf;                   /**< Buffer containing the given ASN.1 item. */
-    struct mbedtls_asn1_sequence *next;    /**< The next entry in the sequence. */
-}
-mbedtls_asn1_sequence;
-
-/**
- * Container for a sequence or list of 'named' ASN.1 data items
- */
-typedef struct mbedtls_asn1_named_data
-{
-    mbedtls_asn1_buf oid;                   /**< The object identifier. */
-    mbedtls_asn1_buf val;                   /**< The named value. */
-    struct mbedtls_asn1_named_data *next;  /**< The next entry in the sequence. */
-    unsigned char next_merged;      /**< Merge next item into the current one? */
-}
-mbedtls_asn1_named_data;
-
-/**
- * \brief       Get the length of an ASN.1 element.
- *              Updates the pointer to immediately behind the length.
- *
- * \param p     On entry, \c *p points to the first byte of the length,
- *              i.e. immediately after the tag.
- *              On successful completion, \c *p points to the first byte
- *              after the length, i.e. the first byte of the content.
- *              On error, the value of \c *p is undefined.
- * \param end   End of data.
- * \param len   On successful completion, \c *len contains the length
- *              read from the ASN.1 input.
- *
- * \return      0 if successful.
- * \return      #MBEDTLS_ERR_ASN1_OUT_OF_DATA if the ASN.1 element
- *              would end beyond \p end.
- * \return      #MBEDTLS_ERR_ASN1_INVALID_LENGTH if the length is unparseable.
- */
-int mbedtls_asn1_get_len( unsigned char **p,
-                          const unsigned char *end,
-                          size_t *len );
-
-/**
- * \brief       Get the tag and length of the element.
- *              Check for the requested tag.
- *              Updates the pointer to immediately behind the tag and length.
- *
- * \param p     On entry, \c *p points to the start of the ASN.1 element.
- *              On successful completion, \c *p points to the first byte
- *              after the length, i.e. the first byte of the content.
- *              On error, the value of \c *p is undefined.
- * \param end   End of data.
- * \param len   On successful completion, \c *len contains the length
- *              read from the ASN.1 input.
- * \param tag   The expected tag.
- *
- * \return      0 if successful.
- * \return      #MBEDTLS_ERR_ASN1_UNEXPECTED_TAG if the data does not start
- *              with the requested tag.
- * \return      #MBEDTLS_ERR_ASN1_OUT_OF_DATA if the ASN.1 element
- *              would end beyond \p end.
- * \return      #MBEDTLS_ERR_ASN1_INVALID_LENGTH if the length is unparseable.
- */
-int mbedtls_asn1_get_tag( unsigned char **p,
-                          const unsigned char *end,
-                          size_t *len, int tag );
-
-/**
- * \brief       Retrieve a boolean ASN.1 tag and its value.
- *              Updates the pointer to immediately behind the full tag.
- *
- * \param p     On entry, \c *p points to the start of the ASN.1 element.
- *              On successful completion, \c *p points to the first byte
- *              beyond the ASN.1 element.
- *              On error, the value of \c *p is undefined.
- * \param end   End of data.
- * \param val   On success, the parsed value (\c 0 or \c 1).
- *
- * \return      0 if successful.
- * \return      An ASN.1 error code if the input does not start with
- *              a valid ASN.1 BOOLEAN.
- */
-int mbedtls_asn1_get_bool( unsigned char **p,
-                           const unsigned char *end,
-                           int *val );
-
-/**
- * \brief       Retrieve an integer ASN.1 tag and its value.
- *              Updates the pointer to immediately behind the full tag.
- *
- * \param p     On entry, \c *p points to the start of the ASN.1 element.
- *              On successful completion, \c *p points to the first byte
- *              beyond the ASN.1 element.
- *              On error, the value of \c *p is undefined.
- * \param end   End of data.
- * \param val   On success, the parsed value.
- *
- * \return      0 if successful.
- * \return      An ASN.1 error code if the input does not start with
- *              a valid ASN.1 INTEGER.
- * \return      #MBEDTLS_ERR_ASN1_INVALID_LENGTH if the parsed value does
- *              not fit in an \c int.
- */
-int mbedtls_asn1_get_int( unsigned char **p,
-                          const unsigned char *end,
-                          int *val );
-
-/**
- * \brief       Retrieve an enumerated ASN.1 tag and its value.
- *              Updates the pointer to immediately behind the full tag.
- *
- * \param p     On entry, \c *p points to the start of the ASN.1 element.
- *              On successful completion, \c *p points to the first byte
- *              beyond the ASN.1 element.
- *              On error, the value of \c *p is undefined.
- * \param end   End of data.
- * \param val   On success, the parsed value.
- *
- * \return      0 if successful.
- * \return      An ASN.1 error code if the input does not start with
- *              a valid ASN.1 ENUMERATED.
- * \return      #MBEDTLS_ERR_ASN1_INVALID_LENGTH if the parsed value does
- *              not fit in an \c int.
- */
-int mbedtls_asn1_get_enum( unsigned char **p,
-                           const unsigned char *end,
-                           int *val );
-
-/**
- * \brief       Retrieve a bitstring ASN.1 tag and its value.
- *              Updates the pointer to immediately behind the full tag.
- *
- * \param p     On entry, \c *p points to the start of the ASN.1 element.
- *              On successful completion, \c *p is equal to \p end.
- *              On error, the value of \c *p is undefined.
- * \param end   End of data.
- * \param bs    On success, ::mbedtls_asn1_bitstring information about
- *              the parsed value.
- *
- * \return      0 if successful.
- * \return      #MBEDTLS_ERR_ASN1_LENGTH_MISMATCH if the input contains
- *              extra data after a valid BIT STRING.
- * \return      An ASN.1 error code if the input does not start with
- *              a valid ASN.1 BIT STRING.
- */
-int mbedtls_asn1_get_bitstring( unsigned char **p, const unsigned char *end,
-                                mbedtls_asn1_bitstring *bs );
-
-/**
- * \brief       Retrieve a bitstring ASN.1 tag without unused bits and its
- *              value.
- *              Updates the pointer to the beginning of the bit/octet string.
- *
- * \param p     On entry, \c *p points to the start of the ASN.1 element.
- *              On successful completion, \c *p points to the first byte
- *              of the content of the BIT STRING.
- *              On error, the value of \c *p is undefined.
- * \param end   End of data.
- * \param len   On success, \c *len is the length of the content in bytes.
- *
- * \return      0 if successful.
- * \return      #MBEDTLS_ERR_ASN1_INVALID_DATA if the input starts with
- *              a valid BIT STRING with a nonzero number of unused bits.
- * \return      An ASN.1 error code if the input does not start with
- *              a valid ASN.1 BIT STRING.
- */
-int mbedtls_asn1_get_bitstring_null( unsigned char **p,
-                                     const unsigned char *end,
-                                     size_t *len );
-
-/**
- * \brief       Parses and splits an ASN.1 "SEQUENCE OF <tag>".
- *              Updates the pointer to immediately behind the full sequence tag.
- *
- * This function allocates memory for the sequence elements. You can free
- * the allocated memory with mbedtls_asn1_sequence_free().
- *
- * \note        On error, this function may return a partial list in \p cur.
- *              You must set `cur->next = NULL` before calling this function!
- *              Otherwise it is impossible to distinguish a previously non-null
- *              pointer from a pointer to an object allocated by this function.
- *
- * \note        If the sequence is empty, this function does not modify
- *              \c *cur. If the sequence is valid and non-empty, this
- *              function sets `cur->buf.tag` to \p tag. This allows
- *              callers to distinguish between an empty sequence and
- *              a one-element sequence.
- *
- * \param p     On entry, \c *p points to the start of the ASN.1 element.
- *              On successful completion, \c *p is equal to \p end.
- *              On error, the value of \c *p is undefined.
- * \param end   End of data.
- * \param cur   A ::mbedtls_asn1_sequence which this function fills.
- *              When this function returns, \c *cur is the head of a linked
- *              list. Each node in this list is allocated with
- *              mbedtls_calloc() apart from \p cur itself, and should
- *              therefore be freed with mbedtls_free().
- *              The list describes the content of the sequence.
- *              The head of the list (i.e. \c *cur itself) describes the
- *              first element, `*cur->next` describes the second element, etc.
- *              For each element, `buf.tag == tag`, `buf.len` is the length
- *              of the content of the content of the element, and `buf.p`
- *              points to the first byte of the content (i.e. immediately
- *              past the length of the element).
- *              Note that list elements may be allocated even on error.
- * \param tag   Each element of the sequence must have this tag.
- *
- * \return      0 if successful.
- * \return      #MBEDTLS_ERR_ASN1_LENGTH_MISMATCH if the input contains
- *              extra data after a valid SEQUENCE OF \p tag.
- * \return      #MBEDTLS_ERR_ASN1_UNEXPECTED_TAG if the input starts with
- *              an ASN.1 SEQUENCE in which an element has a tag that
- *              is different from \p tag.
- * \return      #MBEDTLS_ERR_ASN1_ALLOC_FAILED if a memory allocation failed.
- * \return      An ASN.1 error code if the input does not start with
- *              a valid ASN.1 SEQUENCE.
- */
-int mbedtls_asn1_get_sequence_of( unsigned char **p,
-                                  const unsigned char *end,
-                                  mbedtls_asn1_sequence *cur,
-                                  int tag );
-/**
- * \brief          Free a heap-allocated linked list presentation of
- *                 an ASN.1 sequence, including the first element.
- *
- * There are two common ways to manage the memory used for the representation
- * of a parsed ASN.1 sequence:
- * - Allocate a head node `mbedtls_asn1_sequence *head` with mbedtls_calloc().
- *   Pass this node as the `cur` argument to mbedtls_asn1_get_sequence_of().
- *   When you have finished processing the sequence,
- *   call mbedtls_asn1_sequence_free() on `head`.
- * - Allocate a head node `mbedtls_asn1_sequence *head` in any manner,
- *   for example on the stack. Make sure that `head->next == NULL`.
- *   Pass `head` as the `cur` argument to mbedtls_asn1_get_sequence_of().
- *   When you have finished processing the sequence,
- *   call mbedtls_asn1_sequence_free() on `head->cur`,
- *   then free `head` itself in the appropriate manner.
- *
- * \param seq      The address of the first sequence component. This may
- *                 be \c NULL, in which case this functions returns
- *                 immediately.
- */
-void mbedtls_asn1_sequence_free( mbedtls_asn1_sequence *seq );
-
-/**
- * \brief                Traverse an ASN.1 SEQUENCE container and
- *                       call a callback for each entry.
- *
- * This function checks that the input is a SEQUENCE of elements that
- * each have a "must" tag, and calls a callback function on the elements
- * that have a "may" tag.
- *
- * For example, to validate that the input is a SEQUENCE of `tag1` and call
- * `cb` on each element, use
- * ```
- * mbedtls_asn1_traverse_sequence_of(&p, end, 0xff, tag1, 0, 0, cb, ctx);
- * ```
- *
- * To validate that the input is a SEQUENCE of ANY and call `cb` on
- * each element, use
- * ```
- * mbedtls_asn1_traverse_sequence_of(&p, end, 0, 0, 0, 0, cb, ctx);
- * ```
- *
- * To validate that the input is a SEQUENCE of CHOICE {NULL, OCTET STRING}
- * and call `cb` on each element that is an OCTET STRING, use
- * ```
- * mbedtls_asn1_traverse_sequence_of(&p, end, 0xfe, 0x04, 0xff, 0x04, cb, ctx);
- * ```
- *
- * The callback is called on the elements with a "may" tag from left to
- * right. If the input is not a valid SEQUENCE of elements with a "must" tag,
- * the callback is called on the elements up to the leftmost point where
- * the input is invalid.
- *
- * \warning              This function is still experimental and may change
- *                       at any time.
- *
- * \param p              The address of the pointer to the beginning of
- *                       the ASN.1 SEQUENCE header. This is updated to
- *                       point to the end of the ASN.1 SEQUENCE container
- *                       on a successful invocation.
- * \param end            The end of the ASN.1 SEQUENCE container.
- * \param tag_must_mask  A mask to be applied to the ASN.1 tags found within
- *                       the SEQUENCE before comparing to \p tag_must_value.
- * \param tag_must_val   The required value of each ASN.1 tag found in the
- *                       SEQUENCE, after masking with \p tag_must_mask.
- *                       Mismatching tags lead to an error.
- *                       For example, a value of \c 0 for both \p tag_must_mask
- *                       and \p tag_must_val means that every tag is allowed,
- *                       while a value of \c 0xFF for \p tag_must_mask means
- *                       that \p tag_must_val is the only allowed tag.
- * \param tag_may_mask   A mask to be applied to the ASN.1 tags found within
- *                       the SEQUENCE before comparing to \p tag_may_value.
- * \param tag_may_val    The desired value of each ASN.1 tag found in the
- *                       SEQUENCE, after masking with \p tag_may_mask.
- *                       Mismatching tags will be silently ignored.
- *                       For example, a value of \c 0 for \p tag_may_mask and
- *                       \p tag_may_val means that any tag will be considered,
- *                       while a value of \c 0xFF for \p tag_may_mask means
- *                       that all tags with value different from \p tag_may_val
- *                       will be ignored.
- * \param cb             The callback to trigger for each component
- *                       in the ASN.1 SEQUENCE that matches \p tag_may_val.
- *                       The callback function is called with the following
- *                       parameters:
- *                       - \p ctx.
- *                       - The tag of the current element.
- *                       - A pointer to the start of the current element's
- *                         content inside the input.
- *                       - The length of the content of the current element.
- *                       If the callback returns a non-zero value,
- *                       the function stops immediately,
- *                       forwarding the callback's return value.
- * \param ctx            The context to be passed to the callback \p cb.
- *
- * \return               \c 0 if successful the entire ASN.1 SEQUENCE
- *                       was traversed without parsing or callback errors.
- * \return               #MBEDTLS_ERR_ASN1_LENGTH_MISMATCH if the input
- *                       contains extra data after a valid SEQUENCE
- *                       of elements with an accepted tag.
- * \return               #MBEDTLS_ERR_ASN1_UNEXPECTED_TAG if the input starts
- *                       with an ASN.1 SEQUENCE in which an element has a tag
- *                       that is not accepted.
- * \return               An ASN.1 error code if the input does not start with
- *                       a valid ASN.1 SEQUENCE.
- * \return               A non-zero error code forwarded from the callback
- *                       \p cb in case the latter returns a non-zero value.
- */
-int mbedtls_asn1_traverse_sequence_of(
-    unsigned char **p,
-    const unsigned char *end,
-    unsigned char tag_must_mask, unsigned char tag_must_val,
-    unsigned char tag_may_mask, unsigned char tag_may_val,
-    int (*cb)( void *ctx, int tag,
-               unsigned char* start, size_t len ),
-    void *ctx );
-
-#if defined(MBEDTLS_BIGNUM_C)
-/**
- * \brief       Retrieve an integer ASN.1 tag and its value.
- *              Updates the pointer to immediately behind the full tag.
- *
- * \param p     On entry, \c *p points to the start of the ASN.1 element.
- *              On successful completion, \c *p points to the first byte
- *              beyond the ASN.1 element.
- *              On error, the value of \c *p is undefined.
- * \param end   End of data.
- * \param X     On success, the parsed value.
- *
- * \return      0 if successful.
- * \return      An ASN.1 error code if the input does not start with
- *              a valid ASN.1 INTEGER.
- * \return      #MBEDTLS_ERR_ASN1_INVALID_LENGTH if the parsed value does
- *              not fit in an \c int.
- * \return      An MPI error code if the parsed value is too large.
- */
-int mbedtls_asn1_get_mpi( unsigned char **p,
-                          const unsigned char *end,
-                          mbedtls_mpi *X );
-#endif /* MBEDTLS_BIGNUM_C */
-
-/**
- * \brief       Retrieve an AlgorithmIdentifier ASN.1 sequence.
- *              Updates the pointer to immediately behind the full
- *              AlgorithmIdentifier.
- *
- * \param p     On entry, \c *p points to the start of the ASN.1 element.
- *              On successful completion, \c *p points to the first byte
- *              beyond the AlgorithmIdentifier element.
- *              On error, the value of \c *p is undefined.
- * \param end   End of data.
- * \param alg   The buffer to receive the OID.
- * \param params The buffer to receive the parameters.
- *              This is zeroized if there are no parameters.
- *
- * \return      0 if successful or a specific ASN.1 or MPI error code.
- */
-int mbedtls_asn1_get_alg( unsigned char **p,
-                  const unsigned char *end,
-                  mbedtls_asn1_buf *alg, mbedtls_asn1_buf *params );
-
-/**
- * \brief       Retrieve an AlgorithmIdentifier ASN.1 sequence with NULL or no
- *              params.
- *              Updates the pointer to immediately behind the full
- *              AlgorithmIdentifier.
- *
- * \param p     On entry, \c *p points to the start of the ASN.1 element.
- *              On successful completion, \c *p points to the first byte
- *              beyond the AlgorithmIdentifier element.
- *              On error, the value of \c *p is undefined.
- * \param end   End of data.
- * \param alg   The buffer to receive the OID.
- *
- * \return      0 if successful or a specific ASN.1 or MPI error code.
- */
-int mbedtls_asn1_get_alg_null( unsigned char **p,
-                       const unsigned char *end,
-                       mbedtls_asn1_buf *alg );
-
-/**
- * \brief       Find a specific named_data entry in a sequence or list based on
- *              the OID.
- *
- * \param list  The list to seek through
- * \param oid   The OID to look for
- * \param len   Size of the OID
- *
- * \return      NULL if not found, or a pointer to the existing entry.
- */
-mbedtls_asn1_named_data *mbedtls_asn1_find_named_data( mbedtls_asn1_named_data *list,
-                                       const char *oid, size_t len );
-
-/**
- * \brief       Free a mbedtls_asn1_named_data entry
- *
- * \param entry The named data entry to free.
- *              This function calls mbedtls_free() on
- *              `entry->oid.p` and `entry->val.p`.
- */
-void mbedtls_asn1_free_named_data( mbedtls_asn1_named_data *entry );
-
-/**
- * \brief       Free all entries in a mbedtls_asn1_named_data list.
- *
- * \param head  Pointer to the head of the list of named data entries to free.
- *              This function calls mbedtls_asn1_free_named_data() and
- *              mbedtls_free() on each list element and
- *              sets \c *head to \c NULL.
- */
-void mbedtls_asn1_free_named_data_list( mbedtls_asn1_named_data **head );
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* asn1.h */

lib/mbedtls/include/mbedtls/asn1write.h

@@ -1,372 +0,0 @@
-/**
- * \file asn1write.h
- *
- * \brief ASN.1 buffer writing functionality
- */
-/*
- *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
- *  SPDX-License-Identifier: Apache-2.0
- *
- *  Licensed under the Apache License, Version 2.0 (the "License"); you may
- *  not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- *
- *  This file is part of mbed TLS (https://tls.mbed.org)
- */
-#ifndef MBEDTLS_ASN1_WRITE_H
-#define MBEDTLS_ASN1_WRITE_H
-
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "mbedtls/config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
-
-#include "mbedtls/asn1.h"
-
-#define MBEDTLS_ASN1_CHK_ADD(g, f)                      \
-    do                                                  \
-    {                                                   \
-        if( ( ret = (f) ) < 0 )                         \
-            return( ret );                              \
-        else                                            \
-            (g) += ret;                                 \
-    } while( 0 )
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/**
- * \brief           Write a length field in ASN.1 format.
- *
- * \note            This function works backwards in data buffer.
- *
- * \param p         The reference to the current position pointer.
- * \param start     The start of the buffer, for bounds-checking.
- * \param len       The length value to write.
- *
- * \return          The number of bytes written to \p p on success.
- * \return          A negative \c MBEDTLS_ERR_ASN1_XXX error code on failure.
- */
-int mbedtls_asn1_write_len( unsigned char **p, unsigned char *start,
-                            size_t len );
-/**
- * \brief           Write an ASN.1 tag in ASN.1 format.
- *
- * \note            This function works backwards in data buffer.
- *
- * \param p         The reference to the current position pointer.
- * \param start     The start of the buffer, for bounds-checking.
- * \param tag       The tag to write.
- *
- * \return          The number of bytes written to \p p on success.
- * \return          A negative \c MBEDTLS_ERR_ASN1_XXX error code on failure.
- */
-int mbedtls_asn1_write_tag( unsigned char **p, unsigned char *start,
-                            unsigned char tag );
-
-/**
- * \brief           Write raw buffer data.
- *
- * \note            This function works backwards in data buffer.
- *
- * \param p         The reference to the current position pointer.
- * \param start     The start of the buffer, for bounds-checking.
- * \param buf       The data buffer to write.
- * \param size      The length of the data buffer.
- *
- * \return          The number of bytes written to \p p on success.
- * \return          A negative \c MBEDTLS_ERR_ASN1_XXX error code on failure.
- */
-int mbedtls_asn1_write_raw_buffer( unsigned char **p, unsigned char *start,
-                                   const unsigned char *buf, size_t size );
-
-#if defined(MBEDTLS_BIGNUM_C)
-/**
- * \brief           Write a arbitrary-precision number (#MBEDTLS_ASN1_INTEGER)
- *                  in ASN.1 format.
- *
- * \note            This function works backwards in data buffer.
- *
- * \param p         The reference to the current position pointer.
- * \param start     The start of the buffer, for bounds-checking.
- * \param X         The MPI to write.
- *                  It must be non-negative.
- *
- * \return          The number of bytes written to \p p on success.
- * \return          A negative \c MBEDTLS_ERR_ASN1_XXX error code on failure.
- */
-int mbedtls_asn1_write_mpi( unsigned char **p, unsigned char *start,
-                            const mbedtls_mpi *X );
-#endif /* MBEDTLS_BIGNUM_C */
-
-/**
- * \brief           Write a NULL tag (#MBEDTLS_ASN1_NULL) with zero data
- *                  in ASN.1 format.
- *
- * \note            This function works backwards in data buffer.
- *
- * \param p         The reference to the current position pointer.
- * \param start     The start of the buffer, for bounds-checking.
- *
- * \return          The number of bytes written to \p p on success.
- * \return          A negative \c MBEDTLS_ERR_ASN1_XXX error code on failure.
- */
-int mbedtls_asn1_write_null( unsigned char **p, unsigned char *start );
-
-/**
- * \brief           Write an OID tag (#MBEDTLS_ASN1_OID) and data
- *                  in ASN.1 format.
- *
- * \note            This function works backwards in data buffer.
- *
- * \param p         The reference to the current position pointer.
- * \param start     The start of the buffer, for bounds-checking.
- * \param oid       The OID to write.
- * \param oid_len   The length of the OID.
- *
- * \return          The number of bytes written to \p p on success.
- * \return          A negative \c MBEDTLS_ERR_ASN1_XXX error code on failure.
- */
-int mbedtls_asn1_write_oid( unsigned char **p, unsigned char *start,
-                            const char *oid, size_t oid_len );
-
-/**
- * \brief           Write an AlgorithmIdentifier sequence in ASN.1 format.
- *
- * \note            This function works backwards in data buffer.
- *
- * \param p         The reference to the current position pointer.
- * \param start     The start of the buffer, for bounds-checking.
- * \param oid       The OID of the algorithm to write.
- * \param oid_len   The length of the algorithm's OID.
- * \param par_len   The length of the parameters, which must be already written.
- *                  If 0, NULL parameters are added
- *
- * \return          The number of bytes written to \p p on success.
- * \return          A negative \c MBEDTLS_ERR_ASN1_XXX error code on failure.
- */
-int mbedtls_asn1_write_algorithm_identifier( unsigned char **p,
-                                             unsigned char *start,
-                                             const char *oid, size_t oid_len,
-                                             size_t par_len );
-
-/**
- * \brief           Write a boolean tag (#MBEDTLS_ASN1_BOOLEAN) and value
- *                  in ASN.1 format.
- *
- * \note            This function works backwards in data buffer.
- *
- * \param p         The reference to the current position pointer.
- * \param start     The start of the buffer, for bounds-checking.
- * \param boolean   The boolean value to write, either \c 0 or \c 1.
- *
- * \return          The number of bytes written to \p p on success.
- * \return          A negative \c MBEDTLS_ERR_ASN1_XXX error code on failure.
- */
-int mbedtls_asn1_write_bool( unsigned char **p, unsigned char *start,
-                             int boolean );
-
-/**
- * \brief           Write an int tag (#MBEDTLS_ASN1_INTEGER) and value
- *                  in ASN.1 format.
- *
- * \note            This function works backwards in data buffer.
- *
- * \param p         The reference to the current position pointer.
- * \param start     The start of the buffer, for bounds-checking.
- * \param val       The integer value to write.
- *                  It must be non-negative.
- *
- * \return          The number of bytes written to \p p on success.
- * \return          A negative \c MBEDTLS_ERR_ASN1_XXX error code on failure.
- */
-int mbedtls_asn1_write_int( unsigned char **p, unsigned char *start, int val );
-
-/**
- * \brief           Write an enum tag (#MBEDTLS_ASN1_ENUMERATED) and value
- *                  in ASN.1 format.
- *
- * \note            This function works backwards in data buffer.
- *
- * \param p         The reference to the current position pointer.
- * \param start     The start of the buffer, for bounds-checking.
- * \param val       The integer value to write.
- *
- * \return          The number of bytes written to \p p on success.
- * \return          A negative \c MBEDTLS_ERR_ASN1_XXX error code on failure.
- */
-int mbedtls_asn1_write_enum( unsigned char **p, unsigned char *start, int val );
-
-/**
- * \brief           Write a string in ASN.1 format using a specific
- *                  string encoding tag.
-
- * \note            This function works backwards in data buffer.
- *
- * \param p         The reference to the current position pointer.
- * \param start     The start of the buffer, for bounds-checking.
- * \param tag       The string encoding tag to write, e.g.
- *                  #MBEDTLS_ASN1_UTF8_STRING.
- * \param text      The string to write.
- * \param text_len  The length of \p text in bytes (which might
- *                  be strictly larger than the number of characters).
- *
- * \return          The number of bytes written to \p p on success.
- * \return          A negative error code on failure.
- */
-int mbedtls_asn1_write_tagged_string( unsigned char **p, unsigned char *start,
-                                      int tag, const char *text,
-                                      size_t text_len );
-
-/**
- * \brief           Write a string in ASN.1 format using the PrintableString
- *                  string encoding tag (#MBEDTLS_ASN1_PRINTABLE_STRING).
- *
- * \note            This function works backwards in data buffer.
- *
- * \param p         The reference to the current position pointer.
- * \param start     The start of the buffer, for bounds-checking.
- * \param text      The string to write.
- * \param text_len  The length of \p text in bytes (which might
- *                  be strictly larger than the number of characters).
- *
- * \return          The number of bytes written to \p p on success.
- * \return          A negative error code on failure.
- */
-int mbedtls_asn1_write_printable_string( unsigned char **p,
-                                         unsigned char *start,
-                                         const char *text, size_t text_len );
-
-/**
- * \brief           Write a UTF8 string in ASN.1 format using the UTF8String
- *                  string encoding tag (#MBEDTLS_ASN1_UTF8_STRING).
- *
- * \note            This function works backwards in data buffer.
- *
- * \param p         The reference to the current position pointer.
- * \param start     The start of the buffer, for bounds-checking.
- * \param text      The string to write.
- * \param text_len  The length of \p text in bytes (which might
- *                  be strictly larger than the number of characters).
- *
- * \return          The number of bytes written to \p p on success.
- * \return          A negative error code on failure.
- */
-int mbedtls_asn1_write_utf8_string( unsigned char **p, unsigned char *start,
-                                    const char *text, size_t text_len );
-
-/**
- * \brief           Write a string in ASN.1 format using the IA5String
- *                  string encoding tag (#MBEDTLS_ASN1_IA5_STRING).
- *
- * \note            This function works backwards in data buffer.
- *
- * \param p         The reference to the current position pointer.
- * \param start     The start of the buffer, for bounds-checking.
- * \param text      The string to write.
- * \param text_len  The length of \p text in bytes (which might
- *                  be strictly larger than the number of characters).
- *
- * \return          The number of bytes written to \p p on success.
- * \return          A negative error code on failure.
- */
-int mbedtls_asn1_write_ia5_string( unsigned char **p, unsigned char *start,
-                                   const char *text, size_t text_len );
-
-/**
- * \brief           Write a bitstring tag (#MBEDTLS_ASN1_BIT_STRING) and
- *                  value in ASN.1 format.
- *
- * \note            This function works backwards in data buffer.
- *
- * \param p         The reference to the current position pointer.
- * \param start     The start of the buffer, for bounds-checking.
- * \param buf       The bitstring to write.
- * \param bits      The total number of bits in the bitstring.
- *
- * \return          The number of bytes written to \p p on success.
- * \return          A negative error code on failure.
- */
-int mbedtls_asn1_write_bitstring( unsigned char **p, unsigned char *start,
-                                  const unsigned char *buf, size_t bits );
-
-/**
- * \brief           This function writes a named bitstring tag
- *                  (#MBEDTLS_ASN1_BIT_STRING) and value in ASN.1 format.
- *
- *                  As stated in RFC 5280 Appendix B, trailing zeroes are
- *                  omitted when encoding named bitstrings in DER.
- *
- * \note            This function works backwards within the data buffer.
- *
- * \param p         The reference to the current position pointer.
- * \param start     The start of the buffer which is used for bounds-checking.
- * \param buf       The bitstring to write.
- * \param bits      The total number of bits in the bitstring.
- *
- * \return          The number of bytes written to \p p on success.
- * \return          A negative error code on failure.
- */
-int mbedtls_asn1_write_named_bitstring( unsigned char **p,
-                                        unsigned char *start,
-                                        const unsigned char *buf,
-                                        size_t bits );
-
-/**
- * \brief           Write an octet string tag (#MBEDTLS_ASN1_OCTET_STRING)
- *                  and value in ASN.1 format.
- *
- * \note            This function works backwards in data buffer.
- *
- * \param p         The reference to the current position pointer.
- * \param start     The start of the buffer, for bounds-checking.
- * \param buf       The buffer holding the data to write.
- * \param size      The length of the data buffer \p buf.
- *
- * \return          The number of bytes written to \p p on success.
- * \return          A negative error code on failure.
- */
-int mbedtls_asn1_write_octet_string( unsigned char **p, unsigned char *start,
-                                     const unsigned char *buf, size_t size );
-
-/**
- * \brief           Create or find a specific named_data entry for writing in a
- *                  sequence or list based on the OID. If not already in there,
- *                  a new entry is added to the head of the list.
- *                  Warning: Destructive behaviour for the val data!
- *
- * \param list      The pointer to the location of the head of the list to seek
- *                  through (will be updated in case of a new entry).
- * \param oid       The OID to look for.
- * \param oid_len   The size of the OID.
- * \param val       The associated data to store. If this is \c NULL,
- *                  no data is copied to the new or existing buffer.
- * \param val_len   The minimum length of the data buffer needed.
- *                  If this is 0, do not allocate a buffer for the associated
- *                  data.
- *                  If the OID was already present, enlarge, shrink or free
- *                  the existing buffer to fit \p val_len.
- *
- * \return          A pointer to the new / existing entry on success.
- * \return          \c NULL if if there was a memory allocation error.
- */
-mbedtls_asn1_named_data *mbedtls_asn1_store_named_data( mbedtls_asn1_named_data **list,
-                                        const char *oid, size_t oid_len,
-                                        const unsigned char *val,
-                                        size_t val_len );
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* MBEDTLS_ASN1_WRITE_H */

lib/mbedtls/include/mbedtls/base64.h

@@ -1,98 +0,0 @@
-/**
- * \file base64.h
- *
- * \brief RFC 1521 base64 encoding/decoding
- */
-/*
- *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
- *  SPDX-License-Identifier: Apache-2.0
- *
- *  Licensed under the Apache License, Version 2.0 (the "License"); you may
- *  not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- *
- *  This file is part of mbed TLS (https://tls.mbed.org)
- */
-#ifndef MBEDTLS_BASE64_H
-#define MBEDTLS_BASE64_H
-
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "mbedtls/config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
-
-#include <stddef.h>
-
-#define MBEDTLS_ERR_BASE64_BUFFER_TOO_SMALL               -0x002A  /**< Output buffer too small. */
-#define MBEDTLS_ERR_BASE64_INVALID_CHARACTER              -0x002C  /**< Invalid character in input. */
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/**
- * \brief          Encode a buffer into base64 format
- *
- * \param dst      destination buffer
- * \param dlen     size of the destination buffer
- * \param olen     number of bytes written
- * \param src      source buffer
- * \param slen     amount of data to be encoded
- *
- * \return         0 if successful, or MBEDTLS_ERR_BASE64_BUFFER_TOO_SMALL.
- *                 *olen is always updated to reflect the amount
- *                 of data that has (or would have) been written.
- *                 If that length cannot be represented, then no data is
- *                 written to the buffer and *olen is set to the maximum
- *                 length representable as a size_t.
- *
- * \note           Call this function with dlen = 0 to obtain the
- *                 required buffer size in *olen
- */
-int mbedtls_base64_encode( unsigned char *dst, size_t dlen, size_t *olen,
-                   const unsigned char *src, size_t slen );
-
-/**
- * \brief          Decode a base64-formatted buffer
- *
- * \param dst      destination buffer (can be NULL for checking size)
- * \param dlen     size of the destination buffer
- * \param olen     number of bytes written
- * \param src      source buffer
- * \param slen     amount of data to be decoded
- *
- * \return         0 if successful, MBEDTLS_ERR_BASE64_BUFFER_TOO_SMALL, or
- *                 MBEDTLS_ERR_BASE64_INVALID_CHARACTER if the input data is
- *                 not correct. *olen is always updated to reflect the amount
- *                 of data that has (or would have) been written.
- *
- * \note           Call this function with *dst = NULL or dlen = 0 to obtain
- *                 the required buffer size in *olen
- */
-int mbedtls_base64_decode( unsigned char *dst, size_t dlen, size_t *olen,
-                   const unsigned char *src, size_t slen );
-
-#if defined(MBEDTLS_SELF_TEST)
-/**
- * \brief          Checkup routine
- *
- * \return         0 if successful, or 1 if the test failed
- */
-int mbedtls_base64_self_test( int verbose );
-
-#endif /* MBEDTLS_SELF_TEST */
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* base64.h */

lib/mbedtls/include/mbedtls/blowfish.h

@@ -1,287 +0,0 @@
-/**
- * \file blowfish.h
- *
- * \brief Blowfish block cipher
- */
-/*
- *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
- *  SPDX-License-Identifier: Apache-2.0
- *
- *  Licensed under the Apache License, Version 2.0 (the "License"); you may
- *  not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- *
- *  This file is part of mbed TLS (https://tls.mbed.org)
- */
-#ifndef MBEDTLS_BLOWFISH_H
-#define MBEDTLS_BLOWFISH_H
-
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "mbedtls/config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
-
-#include <stddef.h>
-#include <stdint.h>
-
-#include "mbedtls/platform_util.h"
-
-#define MBEDTLS_BLOWFISH_ENCRYPT     1
-#define MBEDTLS_BLOWFISH_DECRYPT     0
-#define MBEDTLS_BLOWFISH_MAX_KEY_BITS     448
-#define MBEDTLS_BLOWFISH_MIN_KEY_BITS     32
-#define MBEDTLS_BLOWFISH_ROUNDS      16         /**< Rounds to use. When increasing this value, make sure to extend the initialisation vectors */
-#define MBEDTLS_BLOWFISH_BLOCKSIZE   8          /* Blowfish uses 64 bit blocks */
-
-#if !defined(MBEDTLS_DEPRECATED_REMOVED)
-#define MBEDTLS_ERR_BLOWFISH_INVALID_KEY_LENGTH   MBEDTLS_DEPRECATED_NUMERIC_CONSTANT( -0x0016 )
-#endif /* !MBEDTLS_DEPRECATED_REMOVED */
-#define MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA -0x0016 /**< Bad input data. */
-
-#define MBEDTLS_ERR_BLOWFISH_INVALID_INPUT_LENGTH -0x0018 /**< Invalid data input length. */
-
-/* MBEDTLS_ERR_BLOWFISH_HW_ACCEL_FAILED is deprecated and should not be used.
- */
-#define MBEDTLS_ERR_BLOWFISH_HW_ACCEL_FAILED                   -0x0017  /**< Blowfish hardware accelerator failed. */
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-#if !defined(MBEDTLS_BLOWFISH_ALT)
-// Regular implementation
-//
-
-/**
- * \brief          Blowfish context structure
- */
-typedef struct mbedtls_blowfish_context
-{
-    uint32_t P[MBEDTLS_BLOWFISH_ROUNDS + 2];    /*!<  Blowfish round keys    */
-    uint32_t S[4][256];                 /*!<  key dependent S-boxes  */
-}
-mbedtls_blowfish_context;
-
-#else  /* MBEDTLS_BLOWFISH_ALT */
-#include "blowfish_alt.h"
-#endif /* MBEDTLS_BLOWFISH_ALT */
-
-/**
- * \brief          Initialize a Blowfish context.
- *
- * \param ctx      The Blowfish context to be initialized.
- *                 This must not be \c NULL.
- */
-void mbedtls_blowfish_init( mbedtls_blowfish_context *ctx );
-
-/**
- * \brief          Clear a Blowfish context.
- *
- * \param ctx      The Blowfish context to be cleared.
- *                 This may be \c NULL, in which case this function
- *                 returns immediately. If it is not \c NULL, it must
- *                 point to an initialized Blowfish context.
- */
-void mbedtls_blowfish_free( mbedtls_blowfish_context *ctx );
-
-/**
- * \brief          Perform a Blowfish key schedule operation.
- *
- * \param ctx      The Blowfish context to perform the key schedule on.
- * \param key      The encryption key. This must be a readable buffer of
- *                 length \p keybits Bits.
- * \param keybits  The length of \p key in Bits. This must be between
- *                 \c 32 and \c 448 and a multiple of \c 8.
- *
- * \return         \c 0 if successful.
- * \return         A negative error code on failure.
- */
-int mbedtls_blowfish_setkey( mbedtls_blowfish_context *ctx, const unsigned char *key,
-                     unsigned int keybits );
-
-/**
- * \brief          Perform a Blowfish-ECB block encryption/decryption operation.
- *
- * \param ctx      The Blowfish context to use. This must be initialized
- *                 and bound to a key.
- * \param mode     The mode of operation. Possible values are
- *                 #MBEDTLS_BLOWFISH_ENCRYPT for encryption, or
- *                 #MBEDTLS_BLOWFISH_DECRYPT for decryption.
- * \param input    The input block. This must be a readable buffer
- *                 of size \c 8 Bytes.
- * \param output   The output block. This must be a writable buffer
- *                 of size \c 8 Bytes.
- *
- * \return         \c 0 if successful.
- * \return         A negative error code on failure.
- */
-int mbedtls_blowfish_crypt_ecb( mbedtls_blowfish_context *ctx,
-                        int mode,
-                        const unsigned char input[MBEDTLS_BLOWFISH_BLOCKSIZE],
-                        unsigned char output[MBEDTLS_BLOWFISH_BLOCKSIZE] );
-
-#if defined(MBEDTLS_CIPHER_MODE_CBC)
-/**
- * \brief          Perform a Blowfish-CBC buffer encryption/decryption operation.
- *
- * \note           Upon exit, the content of the IV is updated so that you can
- *                 call the function same function again on the following
- *                 block(s) of data and get the same result as if it was
- *                 encrypted in one call. This allows a "streaming" usage.
- *                 If on the other hand you need to retain the contents of the
- *                 IV, you should either save it manually or use the cipher
- *                 module instead.
- *
- * \param ctx      The Blowfish context to use. This must be initialized
- *                 and bound to a key.
- * \param mode     The mode of operation. Possible values are
- *                 #MBEDTLS_BLOWFISH_ENCRYPT for encryption, or
- *                 #MBEDTLS_BLOWFISH_DECRYPT for decryption.
- * \param length   The length of the input data in Bytes. This must be
- *                 multiple of \c 8.
- * \param iv       The initialization vector. This must be a read/write buffer
- *                 of length \c 8 Bytes. It is updated by this function.
- * \param input    The input data. This must be a readable buffer of length
- *                 \p length Bytes.
- * \param output   The output data. This must be a writable buffer of length
- *                 \p length Bytes.
- *
- * \return         \c 0 if successful.
- * \return         A negative error code on failure.
- */
-int mbedtls_blowfish_crypt_cbc( mbedtls_blowfish_context *ctx,
-                        int mode,
-                        size_t length,
-                        unsigned char iv[MBEDTLS_BLOWFISH_BLOCKSIZE],
-                        const unsigned char *input,
-                        unsigned char *output );
-#endif /* MBEDTLS_CIPHER_MODE_CBC */
-
-#if defined(MBEDTLS_CIPHER_MODE_CFB)
-/**
- * \brief          Perform a Blowfish CFB buffer encryption/decryption operation.
- *
- * \note           Upon exit, the content of the IV is updated so that you can
- *                 call the function same function again on the following
- *                 block(s) of data and get the same result as if it was
- *                 encrypted in one call. This allows a "streaming" usage.
- *                 If on the other hand you need to retain the contents of the
- *                 IV, you should either save it manually or use the cipher
- *                 module instead.
- *
- * \param ctx      The Blowfish context to use. This must be initialized
- *                 and bound to a key.
- * \param mode     The mode of operation. Possible values are
- *                 #MBEDTLS_BLOWFISH_ENCRYPT for encryption, or
- *                 #MBEDTLS_BLOWFISH_DECRYPT for decryption.
- * \param length   The length of the input data in Bytes.
- * \param iv_off   The offset in the initialiation vector.
- *                 The value pointed to must be smaller than \c 8 Bytes.
- *                 It is updated by this function to support the aforementioned
- *                 streaming usage.
- * \param iv       The initialization vector. This must be a read/write buffer
- *                 of size \c 8 Bytes. It is updated after use.
- * \param input    The input data. This must be a readable buffer of length
- *                 \p length Bytes.
- * \param output   The output data. This must be a writable buffer of length
- *                 \p length Bytes.
- *
- * \return         \c 0 if successful.
- * \return         A negative error code on failure.
- */
-int mbedtls_blowfish_crypt_cfb64( mbedtls_blowfish_context *ctx,
-                          int mode,
-                          size_t length,
-                          size_t *iv_off,
-                          unsigned char iv[MBEDTLS_BLOWFISH_BLOCKSIZE],
-                          const unsigned char *input,
-                          unsigned char *output );
-#endif /*MBEDTLS_CIPHER_MODE_CFB */
-
-#if defined(MBEDTLS_CIPHER_MODE_CTR)
-/**
- * \brief      Perform a Blowfish-CTR buffer encryption/decryption operation.
- *
- * \warning    You must never reuse a nonce value with the same key. Doing so
- *             would void the encryption for the two messages encrypted with
- *             the same nonce and key.
- *
- *             There are two common strategies for managing nonces with CTR:
- *
- *             1. You can handle everything as a single message processed over
- *             successive calls to this function. In that case, you want to
- *             set \p nonce_counter and \p nc_off to 0 for the first call, and
- *             then preserve the values of \p nonce_counter, \p nc_off and \p
- *             stream_block across calls to this function as they will be
- *             updated by this function.
- *
- *             With this strategy, you must not encrypt more than 2**64
- *             blocks of data with the same key.
- *
- *             2. You can encrypt separate messages by dividing the \p
- *             nonce_counter buffer in two areas: the first one used for a
- *             per-message nonce, handled by yourself, and the second one
- *             updated by this function internally.
- *
- *             For example, you might reserve the first 4 bytes for the
- *             per-message nonce, and the last 4 bytes for internal use. In that
- *             case, before calling this function on a new message you need to
- *             set the first 4 bytes of \p nonce_counter to your chosen nonce
- *             value, the last 4 to 0, and \p nc_off to 0 (which will cause \p
- *             stream_block to be ignored). That way, you can encrypt at most
- *             2**32 messages of up to 2**32 blocks each with the same key.
- *
- *             The per-message nonce (or information sufficient to reconstruct
- *             it) needs to be communicated with the ciphertext and must be unique.
- *             The recommended way to ensure uniqueness is to use a message
- *             counter.
- *
- *             Note that for both stategies, sizes are measured in blocks and
- *             that a Blowfish block is 8 bytes.
- *
- * \warning    Upon return, \p stream_block contains sensitive data. Its
- *             content must not be written to insecure storage and should be
- *             securely discarded as soon as it's no longer needed.
- *
- * \param ctx           The Blowfish context to use. This must be initialized
- *                      and bound to a key.
- * \param length        The length of the input data in Bytes.
- * \param nc_off        The offset in the current stream_block (for resuming
- *                      within current cipher stream). The offset pointer
- *                      should be \c 0 at the start of a stream and must be
- *                      smaller than \c 8. It is updated by this function.
- * \param nonce_counter The 64-bit nonce and counter. This must point to a
- *                      read/write buffer of length \c 8 Bytes.
- * \param stream_block  The saved stream-block for resuming. This must point to
- *                      a read/write buffer of length \c 8 Bytes.
- * \param input         The input data. This must be a readable buffer of
- *                      length \p length Bytes.
- * \param output        The output data. This must be a writable buffer of
- *                      length \p length Bytes.
- *
- * \return              \c 0 if successful.
- * \return              A negative error code on failure.
- */
-int mbedtls_blowfish_crypt_ctr( mbedtls_blowfish_context *ctx,
-                        size_t length,
-                        size_t *nc_off,
-                        unsigned char nonce_counter[MBEDTLS_BLOWFISH_BLOCKSIZE],
-                        unsigned char stream_block[MBEDTLS_BLOWFISH_BLOCKSIZE],
-                        const unsigned char *input,
-                        unsigned char *output );
-#endif /* MBEDTLS_CIPHER_MODE_CTR */
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* blowfish.h */

lib/mbedtls/include/mbedtls/bn_mul.h

@@ -1,940 +0,0 @@
-/**
- * \file bn_mul.h
- *
- * \brief Multi-precision integer library
- */
-/*
- *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
- *  SPDX-License-Identifier: Apache-2.0
- *
- *  Licensed under the Apache License, Version 2.0 (the "License"); you may
- *  not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- *
- *  This file is part of mbed TLS (https://tls.mbed.org)
- */
-/*
- *      Multiply source vector [s] with b, add result
- *       to destination vector [d] and set carry c.
- *
- *      Currently supports:
- *
- *         . IA-32 (386+)         . AMD64 / EM64T
- *         . IA-32 (SSE2)         . Motorola 68000
- *         . PowerPC, 32-bit      . MicroBlaze
- *         . PowerPC, 64-bit      . TriCore
- *         . SPARC v8             . ARM v3+
- *         . Alpha                . MIPS32
- *         . C, longlong          . C, generic
- */
-#ifndef MBEDTLS_BN_MUL_H
-#define MBEDTLS_BN_MUL_H
-
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "mbedtls/config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
-
-#include "mbedtls/bignum.h"
-
-#if defined(MBEDTLS_HAVE_ASM)
-
-#ifndef asm
-#define asm __asm
-#endif
-
-/* armcc5 --gnu defines __GNUC__ but doesn't support GNU's extended asm */
-#if defined(__GNUC__) && \
-    ( !defined(__ARMCC_VERSION) || __ARMCC_VERSION >= 6000000 )
-
-/*
- * Disable use of the i386 assembly code below if option -O0, to disable all
- * compiler optimisations, is passed, detected with __OPTIMIZE__
- * This is done as the number of registers used in the assembly code doesn't
- * work with the -O0 option.
- */
-#if defined(__i386__) && defined(__OPTIMIZE__)
-
-#define MULADDC_INIT                        \
-    asm(                                    \
-        "movl   %%ebx, %0           \n\t"   \
-        "movl   %5, %%esi           \n\t"   \
-        "movl   %6, %%edi           \n\t"   \
-        "movl   %7, %%ecx           \n\t"   \
-        "movl   %8, %%ebx           \n\t"
-
-#define MULADDC_CORE                        \
-        "lodsl                      \n\t"   \
-        "mull   %%ebx               \n\t"   \
-        "addl   %%ecx,   %%eax      \n\t"   \
-        "adcl   $0,      %%edx      \n\t"   \
-        "addl   (%%edi), %%eax      \n\t"   \
-        "adcl   $0,      %%edx      \n\t"   \
-        "movl   %%edx,   %%ecx      \n\t"   \
-        "stosl                      \n\t"
-
-#if defined(MBEDTLS_HAVE_SSE2)
-
-#define MULADDC_HUIT                            \
-        "movd     %%ecx,     %%mm1      \n\t"   \
-        "movd     %%ebx,     %%mm0      \n\t"   \
-        "movd     (%%edi),   %%mm3      \n\t"   \
-        "paddq    %%mm3,     %%mm1      \n\t"   \
-        "movd     (%%esi),   %%mm2      \n\t"   \
-        "pmuludq  %%mm0,     %%mm2      \n\t"   \
-        "movd     4(%%esi),  %%mm4      \n\t"   \
-        "pmuludq  %%mm0,     %%mm4      \n\t"   \
-        "movd     8(%%esi),  %%mm6      \n\t"   \
-        "pmuludq  %%mm0,     %%mm6      \n\t"   \
-        "movd     12(%%esi), %%mm7      \n\t"   \
-        "pmuludq  %%mm0,     %%mm7      \n\t"   \
-        "paddq    %%mm2,     %%mm1      \n\t"   \
-        "movd     4(%%edi),  %%mm3      \n\t"   \
-        "paddq    %%mm4,     %%mm3      \n\t"   \
-        "movd     8(%%edi),  %%mm5      \n\t"   \
-        "paddq    %%mm6,     %%mm5      \n\t"   \
-        "movd     12(%%edi), %%mm4      \n\t"   \
-        "paddq    %%mm4,     %%mm7      \n\t"   \
-        "movd     %%mm1,     (%%edi)    \n\t"   \
-        "movd     16(%%esi), %%mm2      \n\t"   \
-        "pmuludq  %%mm0,     %%mm2      \n\t"   \
-        "psrlq    $32,       %%mm1      \n\t"   \
-        "movd     20(%%esi), %%mm4      \n\t"   \
-        "pmuludq  %%mm0,     %%mm4      \n\t"   \
-        "paddq    %%mm3,     %%mm1      \n\t"   \
-        "movd     24(%%esi), %%mm6      \n\t"   \
-        "pmuludq  %%mm0,     %%mm6      \n\t"   \
-        "movd     %%mm1,     4(%%edi)   \n\t"   \
-        "psrlq    $32,       %%mm1      \n\t"   \
-        "movd     28(%%esi), %%mm3      \n\t"   \
-        "pmuludq  %%mm0,     %%mm3      \n\t"   \
-        "paddq    %%mm5,     %%mm1      \n\t"   \
-        "movd     16(%%edi), %%mm5      \n\t"   \
-        "paddq    %%mm5,     %%mm2      \n\t"   \
-        "movd     %%mm1,     8(%%edi)   \n\t"   \
-        "psrlq    $32,       %%mm1      \n\t"   \
-        "paddq    %%mm7,     %%mm1      \n\t"   \
-        "movd     20(%%edi), %%mm5      \n\t"   \
-        "paddq    %%mm5,     %%mm4      \n\t"   \
-        "movd     %%mm1,     12(%%edi)  \n\t"   \
-        "psrlq    $32,       %%mm1      \n\t"   \
-        "paddq    %%mm2,     %%mm1      \n\t"   \
-        "movd     24(%%edi), %%mm5      \n\t"   \
-        "paddq    %%mm5,     %%mm6      \n\t"   \
-        "movd     %%mm1,     16(%%edi)  \n\t"   \
-        "psrlq    $32,       %%mm1      \n\t"   \
-        "paddq    %%mm4,     %%mm1      \n\t"   \
-        "movd     28(%%edi), %%mm5      \n\t"   \
-        "paddq    %%mm5,     %%mm3      \n\t"   \
-        "movd     %%mm1,     20(%%edi)  \n\t"   \
-        "psrlq    $32,       %%mm1      \n\t"   \
-        "paddq    %%mm6,     %%mm1      \n\t"   \
-        "movd     %%mm1,     24(%%edi)  \n\t"   \
-        "psrlq    $32,       %%mm1      \n\t"   \
-        "paddq    %%mm3,     %%mm1      \n\t"   \
-        "movd     %%mm1,     28(%%edi)  \n\t"   \
-        "addl     $32,       %%edi      \n\t"   \
-        "addl     $32,       %%esi      \n\t"   \
-        "psrlq    $32,       %%mm1      \n\t"   \
-        "movd     %%mm1,     %%ecx      \n\t"
-
-#define MULADDC_STOP                    \
-        "emms                   \n\t"   \
-        "movl   %4, %%ebx       \n\t"   \
-        "movl   %%ecx, %1       \n\t"   \
-        "movl   %%edi, %2       \n\t"   \
-        "movl   %%esi, %3       \n\t"   \
-        : "=m" (t), "=m" (c), "=m" (d), "=m" (s)        \
-        : "m" (t), "m" (s), "m" (d), "m" (c), "m" (b)   \
-        : "eax", "ebx", "ecx", "edx", "esi", "edi"      \
-    );
-
-#else
-
-#define MULADDC_STOP                    \
-        "movl   %4, %%ebx       \n\t"   \
-        "movl   %%ecx, %1       \n\t"   \
-        "movl   %%edi, %2       \n\t"   \
-        "movl   %%esi, %3       \n\t"   \
-        : "=m" (t), "=m" (c), "=m" (d), "=m" (s)        \
-        : "m" (t), "m" (s), "m" (d), "m" (c), "m" (b)   \
-        : "eax", "ebx", "ecx", "edx", "esi", "edi"      \
-    );
-#endif /* SSE2 */
-#endif /* i386 */
-
-#if defined(__amd64__) || defined (__x86_64__)
-
-#define MULADDC_INIT                        \
-    asm(                                    \
-        "xorq   %%r8, %%r8\n"
-
-#define MULADDC_CORE                        \
-        "movq   (%%rsi), %%rax\n"           \
-        "mulq   %%rbx\n"                    \
-        "addq   $8, %%rsi\n"                \
-        "addq   %%rcx, %%rax\n"             \
-        "movq   %%r8, %%rcx\n"              \
-        "adcq   $0, %%rdx\n"                \
-        "nop    \n"                         \
-        "addq   %%rax, (%%rdi)\n"           \
-        "adcq   %%rdx, %%rcx\n"             \
-        "addq   $8, %%rdi\n"
-
-#define MULADDC_STOP                        \
-        : "+c" (c), "+D" (d), "+S" (s)      \
-        : "b" (b)                           \
-        : "rax", "rdx", "r8"                \
-    );
-
-#endif /* AMD64 */
-
-#if defined(__aarch64__)
-
-#define MULADDC_INIT                \
-    asm(
-
-#define MULADDC_CORE                \
-        "ldr x4, [%2], #8   \n\t"   \
-        "ldr x5, [%1]       \n\t"   \
-        "mul x6, x4, %3     \n\t"   \
-        "umulh x7, x4, %3   \n\t"   \
-        "adds x5, x5, x6    \n\t"   \
-        "adc x7, x7, xzr    \n\t"   \
-        "adds x5, x5, %0    \n\t"   \
-        "adc %0, x7, xzr    \n\t"   \
-        "str x5, [%1], #8   \n\t"
-
-#define MULADDC_STOP                        \
-         : "+r" (c),  "+r" (d), "+r" (s)    \
-         : "r" (b)                          \
-         : "x4", "x5", "x6", "x7", "cc"     \
-    );
-
-#endif /* Aarch64 */
-
-#if defined(__mc68020__) || defined(__mcpu32__)
-
-#define MULADDC_INIT                    \
-    asm(                                \
-        "movl   %3, %%a2        \n\t"   \
-        "movl   %4, %%a3        \n\t"   \
-        "movl   %5, %%d3        \n\t"   \
-        "movl   %6, %%d2        \n\t"   \
-        "moveq  #0, %%d0        \n\t"
-
-#define MULADDC_CORE                    \
-        "movel  %%a2@+, %%d1    \n\t"   \
-        "mulul  %%d2, %%d4:%%d1 \n\t"   \
-        "addl   %%d3, %%d1      \n\t"   \
-        "addxl  %%d0, %%d4      \n\t"   \
-        "moveq  #0,   %%d3      \n\t"   \
-        "addl   %%d1, %%a3@+    \n\t"   \
-        "addxl  %%d4, %%d3      \n\t"
-
-#define MULADDC_STOP                    \
-        "movl   %%d3, %0        \n\t"   \
-        "movl   %%a3, %1        \n\t"   \
-        "movl   %%a2, %2        \n\t"   \
-        : "=m" (c), "=m" (d), "=m" (s)              \
-        : "m" (s), "m" (d), "m" (c), "m" (b)        \
-        : "d0", "d1", "d2", "d3", "d4", "a2", "a3"  \
-    );
-
-#define MULADDC_HUIT                        \
-        "movel  %%a2@+,  %%d1       \n\t"   \
-        "mulul  %%d2,    %%d4:%%d1  \n\t"   \
-        "addxl  %%d3,    %%d1       \n\t"   \
-        "addxl  %%d0,    %%d4       \n\t"   \
-        "addl   %%d1,    %%a3@+     \n\t"   \
-        "movel  %%a2@+,  %%d1       \n\t"   \
-        "mulul  %%d2,    %%d3:%%d1  \n\t"   \
-        "addxl  %%d4,    %%d1       \n\t"   \
-        "addxl  %%d0,    %%d3       \n\t"   \
-        "addl   %%d1,    %%a3@+     \n\t"   \
-        "movel  %%a2@+,  %%d1       \n\t"   \
-        "mulul  %%d2,    %%d4:%%d1  \n\t"   \
-        "addxl  %%d3,    %%d1       \n\t"   \
-        "addxl  %%d0,    %%d4       \n\t"   \
-        "addl   %%d1,    %%a3@+     \n\t"   \
-        "movel  %%a2@+,  %%d1       \n\t"   \
-        "mulul  %%d2,    %%d3:%%d1  \n\t"   \
-        "addxl  %%d4,    %%d1       \n\t"   \
-        "addxl  %%d0,    %%d3       \n\t"   \
-        "addl   %%d1,    %%a3@+     \n\t"   \
-        "movel  %%a2@+,  %%d1       \n\t"   \
-        "mulul  %%d2,    %%d4:%%d1  \n\t"   \
-        "addxl  %%d3,    %%d1       \n\t"   \
-        "addxl  %%d0,    %%d4       \n\t"   \
-        "addl   %%d1,    %%a3@+     \n\t"   \
-        "movel  %%a2@+,  %%d1       \n\t"   \
-        "mulul  %%d2,    %%d3:%%d1  \n\t"   \
-        "addxl  %%d4,    %%d1       \n\t"   \
-        "addxl  %%d0,    %%d3       \n\t"   \
-        "addl   %%d1,    %%a3@+     \n\t"   \
-        "movel  %%a2@+,  %%d1       \n\t"   \
-        "mulul  %%d2,    %%d4:%%d1  \n\t"   \
-        "addxl  %%d3,    %%d1       \n\t"   \
-        "addxl  %%d0,    %%d4       \n\t"   \
-        "addl   %%d1,    %%a3@+     \n\t"   \
-        "movel  %%a2@+,  %%d1       \n\t"   \
-        "mulul  %%d2,    %%d3:%%d1  \n\t"   \
-        "addxl  %%d4,    %%d1       \n\t"   \
-        "addxl  %%d0,    %%d3       \n\t"   \
-        "addl   %%d1,    %%a3@+     \n\t"   \
-        "addxl  %%d0,    %%d3       \n\t"
-
-#endif /* MC68000 */
-
-#if defined(__powerpc64__) || defined(__ppc64__)
-
-#if defined(__MACH__) && defined(__APPLE__)
-
-#define MULADDC_INIT                        \
-    asm(                                    \
-        "ld     r3, %3              \n\t"   \
-        "ld     r4, %4              \n\t"   \
-        "ld     r5, %5              \n\t"   \
-        "ld     r6, %6              \n\t"   \
-        "addi   r3, r3, -8          \n\t"   \
-        "addi   r4, r4, -8          \n\t"   \
-        "addic  r5, r5,  0          \n\t"
-
-#define MULADDC_CORE                        \
-        "ldu    r7, 8(r3)           \n\t"   \
-        "mulld  r8, r7, r6          \n\t"   \
-        "mulhdu r9, r7, r6          \n\t"   \
-        "adde   r8, r8, r5          \n\t"   \
-        "ld     r7, 8(r4)           \n\t"   \
-        "addze  r5, r9              \n\t"   \
-        "addc   r8, r8, r7          \n\t"   \
-        "stdu   r8, 8(r4)           \n\t"
-
-#define MULADDC_STOP                        \
-        "addze  r5, r5              \n\t"   \
-        "addi   r4, r4, 8           \n\t"   \
-        "addi   r3, r3, 8           \n\t"   \
-        "std    r5, %0              \n\t"   \
-        "std    r4, %1              \n\t"   \
-        "std    r3, %2              \n\t"   \
-        : "=m" (c), "=m" (d), "=m" (s)              \
-        : "m" (s), "m" (d), "m" (c), "m" (b)        \
-        : "r3", "r4", "r5", "r6", "r7", "r8", "r9"  \
-    );
-
-
-#else /* __MACH__ && __APPLE__ */
-
-#define MULADDC_INIT                        \
-    asm(                                    \
-        "ld     %%r3, %3            \n\t"   \
-        "ld     %%r4, %4            \n\t"   \
-        "ld     %%r5, %5            \n\t"   \
-        "ld     %%r6, %6            \n\t"   \
-        "addi   %%r3, %%r3, -8      \n\t"   \
-        "addi   %%r4, %%r4, -8      \n\t"   \
-        "addic  %%r5, %%r5,  0      \n\t"
-
-#define MULADDC_CORE                        \
-        "ldu    %%r7, 8(%%r3)       \n\t"   \
-        "mulld  %%r8, %%r7, %%r6    \n\t"   \
-        "mulhdu %%r9, %%r7, %%r6    \n\t"   \
-        "adde   %%r8, %%r8, %%r5    \n\t"   \
-        "ld     %%r7, 8(%%r4)       \n\t"   \
-        "addze  %%r5, %%r9          \n\t"   \
-        "addc   %%r8, %%r8, %%r7    \n\t"   \
-        "stdu   %%r8, 8(%%r4)       \n\t"
-
-#define MULADDC_STOP                        \
-        "addze  %%r5, %%r5          \n\t"   \
-        "addi   %%r4, %%r4, 8       \n\t"   \
-        "addi   %%r3, %%r3, 8       \n\t"   \
-        "std    %%r5, %0            \n\t"   \
-        "std    %%r4, %1            \n\t"   \
-        "std    %%r3, %2            \n\t"   \
-        : "=m" (c), "=m" (d), "=m" (s)              \
-        : "m" (s), "m" (d), "m" (c), "m" (b)        \
-        : "r3", "r4", "r5", "r6", "r7", "r8", "r9"  \
-    );
-
-#endif /* __MACH__ && __APPLE__ */
-
-#elif defined(__powerpc__) || defined(__ppc__) /* end PPC64/begin PPC32  */
-
-#if defined(__MACH__) && defined(__APPLE__)
-
-#define MULADDC_INIT                    \
-    asm(                                \
-        "lwz    r3, %3          \n\t"   \
-        "lwz    r4, %4          \n\t"   \
-        "lwz    r5, %5          \n\t"   \
-        "lwz    r6, %6          \n\t"   \
-        "addi   r3, r3, -4      \n\t"   \
-        "addi   r4, r4, -4      \n\t"   \
-        "addic  r5, r5,  0      \n\t"
-
-#define MULADDC_CORE                    \
-        "lwzu   r7, 4(r3)       \n\t"   \
-        "mullw  r8, r7, r6      \n\t"   \
-        "mulhwu r9, r7, r6      \n\t"   \
-        "adde   r8, r8, r5      \n\t"   \
-        "lwz    r7, 4(r4)       \n\t"   \
-        "addze  r5, r9          \n\t"   \
-        "addc   r8, r8, r7      \n\t"   \
-        "stwu   r8, 4(r4)       \n\t"
-
-#define MULADDC_STOP                    \
-        "addze  r5, r5          \n\t"   \
-        "addi   r4, r4, 4       \n\t"   \
-        "addi   r3, r3, 4       \n\t"   \
-        "stw    r5, %0          \n\t"   \
-        "stw    r4, %1          \n\t"   \
-        "stw    r3, %2          \n\t"   \
-        : "=m" (c), "=m" (d), "=m" (s)              \
-        : "m" (s), "m" (d), "m" (c), "m" (b)        \
-        : "r3", "r4", "r5", "r6", "r7", "r8", "r9"  \
-    );
-
-#else /* __MACH__ && __APPLE__ */
-
-#define MULADDC_INIT                        \
-    asm(                                    \
-        "lwz    %%r3, %3            \n\t"   \
-        "lwz    %%r4, %4            \n\t"   \
-        "lwz    %%r5, %5            \n\t"   \
-        "lwz    %%r6, %6            \n\t"   \
-        "addi   %%r3, %%r3, -4      \n\t"   \
-        "addi   %%r4, %%r4, -4      \n\t"   \
-        "addic  %%r5, %%r5,  0      \n\t"
-
-#define MULADDC_CORE                        \
-        "lwzu   %%r7, 4(%%r3)       \n\t"   \
-        "mullw  %%r8, %%r7, %%r6    \n\t"   \
-        "mulhwu %%r9, %%r7, %%r6    \n\t"   \
-        "adde   %%r8, %%r8, %%r5    \n\t"   \
-        "lwz    %%r7, 4(%%r4)       \n\t"   \
-        "addze  %%r5, %%r9          \n\t"   \
-        "addc   %%r8, %%r8, %%r7    \n\t"   \
-        "stwu   %%r8, 4(%%r4)       \n\t"
-
-#define MULADDC_STOP                        \
-        "addze  %%r5, %%r5          \n\t"   \
-        "addi   %%r4, %%r4, 4       \n\t"   \
-        "addi   %%r3, %%r3, 4       \n\t"   \
-        "stw    %%r5, %0            \n\t"   \
-        "stw    %%r4, %1            \n\t"   \
-        "stw    %%r3, %2            \n\t"   \
-        : "=m" (c), "=m" (d), "=m" (s)              \
-        : "m" (s), "m" (d), "m" (c), "m" (b)        \
-        : "r3", "r4", "r5", "r6", "r7", "r8", "r9"  \
-    );
-
-#endif /* __MACH__ && __APPLE__ */
-
-#endif /* PPC32 */
-
-/*
- * The Sparc(64) assembly is reported to be broken.
- * Disable it for now, until we're able to fix it.
- */
-#if 0 && defined(__sparc__)
-#if defined(__sparc64__)
-
-#define MULADDC_INIT                                    \
-    asm(                                                \
-                "ldx     %3, %%o0               \n\t"   \
-                "ldx     %4, %%o1               \n\t"   \
-                "ld      %5, %%o2               \n\t"   \
-                "ld      %6, %%o3               \n\t"
-
-#define MULADDC_CORE                                    \
-                "ld      [%%o0], %%o4           \n\t"   \
-                "inc     4, %%o0                \n\t"   \
-                "ld      [%%o1], %%o5           \n\t"   \
-                "umul    %%o3, %%o4, %%o4       \n\t"   \
-                "addcc   %%o4, %%o2, %%o4       \n\t"   \
-                "rd      %%y, %%g1              \n\t"   \
-                "addx    %%g1, 0, %%g1          \n\t"   \
-                "addcc   %%o4, %%o5, %%o4       \n\t"   \
-                "st      %%o4, [%%o1]           \n\t"   \
-                "addx    %%g1, 0, %%o2          \n\t"   \
-                "inc     4, %%o1                \n\t"
-
-        #define MULADDC_STOP                            \
-                "st      %%o2, %0               \n\t"   \
-                "stx     %%o1, %1               \n\t"   \
-                "stx     %%o0, %2               \n\t"   \
-        : "=m" (c), "=m" (d), "=m" (s)          \
-        : "m" (s), "m" (d), "m" (c), "m" (b)    \
-        : "g1", "o0", "o1", "o2", "o3", "o4",   \
-          "o5"                                  \
-        );
-
-#else /* __sparc64__ */
-
-#define MULADDC_INIT                                    \
-    asm(                                                \
-                "ld      %3, %%o0               \n\t"   \
-                "ld      %4, %%o1               \n\t"   \
-                "ld      %5, %%o2               \n\t"   \
-                "ld      %6, %%o3               \n\t"
-
-#define MULADDC_CORE                                    \
-                "ld      [%%o0], %%o4           \n\t"   \
-                "inc     4, %%o0                \n\t"   \
-                "ld      [%%o1], %%o5           \n\t"   \
-                "umul    %%o3, %%o4, %%o4       \n\t"   \
-                "addcc   %%o4, %%o2, %%o4       \n\t"   \
-                "rd      %%y, %%g1              \n\t"   \
-                "addx    %%g1, 0, %%g1          \n\t"   \
-                "addcc   %%o4, %%o5, %%o4       \n\t"   \
-                "st      %%o4, [%%o1]           \n\t"   \
-                "addx    %%g1, 0, %%o2          \n\t"   \
-                "inc     4, %%o1                \n\t"
-
-#define MULADDC_STOP                                    \
-                "st      %%o2, %0               \n\t"   \
-                "st      %%o1, %1               \n\t"   \
-                "st      %%o0, %2               \n\t"   \
-        : "=m" (c), "=m" (d), "=m" (s)          \
-        : "m" (s), "m" (d), "m" (c), "m" (b)    \
-        : "g1", "o0", "o1", "o2", "o3", "o4",   \
-          "o5"                                  \
-        );
-
-#endif /* __sparc64__ */
-#endif /* __sparc__ */
-
-#if defined(__microblaze__) || defined(microblaze)
-
-#define MULADDC_INIT                    \
-    asm(                                \
-        "lwi   r3,   %3         \n\t"   \
-        "lwi   r4,   %4         \n\t"   \
-        "lwi   r5,   %5         \n\t"   \
-        "lwi   r6,   %6         \n\t"   \
-        "andi  r7,   r6, 0xffff \n\t"   \
-        "bsrli r6,   r6, 16     \n\t"
-
-#define MULADDC_CORE                    \
-        "lhui  r8,   r3,   0    \n\t"   \
-        "addi  r3,   r3,   2    \n\t"   \
-        "lhui  r9,   r3,   0    \n\t"   \
-        "addi  r3,   r3,   2    \n\t"   \
-        "mul   r10,  r9,  r6    \n\t"   \
-        "mul   r11,  r8,  r7    \n\t"   \
-        "mul   r12,  r9,  r7    \n\t"   \
-        "mul   r13,  r8,  r6    \n\t"   \
-        "bsrli  r8, r10,  16    \n\t"   \
-        "bsrli  r9, r11,  16    \n\t"   \
-        "add   r13, r13,  r8    \n\t"   \
-        "add   r13, r13,  r9    \n\t"   \
-        "bslli r10, r10,  16    \n\t"   \
-        "bslli r11, r11,  16    \n\t"   \
-        "add   r12, r12, r10    \n\t"   \
-        "addc  r13, r13,  r0    \n\t"   \
-        "add   r12, r12, r11    \n\t"   \
-        "addc  r13, r13,  r0    \n\t"   \
-        "lwi   r10,  r4,   0    \n\t"   \
-        "add   r12, r12, r10    \n\t"   \
-        "addc  r13, r13,  r0    \n\t"   \
-        "add   r12, r12,  r5    \n\t"   \
-        "addc   r5, r13,  r0    \n\t"   \
-        "swi   r12,  r4,   0    \n\t"   \
-        "addi   r4,  r4,   4    \n\t"
-
-#define MULADDC_STOP                    \
-        "swi   r5,   %0         \n\t"   \
-        "swi   r4,   %1         \n\t"   \
-        "swi   r3,   %2         \n\t"   \
-        : "=m" (c), "=m" (d), "=m" (s)              \
-        : "m" (s), "m" (d), "m" (c), "m" (b)        \
-        : "r3", "r4", "r5", "r6", "r7", "r8",       \
-          "r9", "r10", "r11", "r12", "r13"          \
-    );
-
-#endif /* MicroBlaze */
-
-#if defined(__tricore__)
-
-#define MULADDC_INIT                            \
-    asm(                                        \
-        "ld.a   %%a2, %3                \n\t"   \
-        "ld.a   %%a3, %4                \n\t"   \
-        "ld.w   %%d4, %5                \n\t"   \
-        "ld.w   %%d1, %6                \n\t"   \
-        "xor    %%d5, %%d5              \n\t"
-
-#define MULADDC_CORE                            \
-        "ld.w   %%d0,   [%%a2+]         \n\t"   \
-        "madd.u %%e2, %%e4, %%d0, %%d1  \n\t"   \
-        "ld.w   %%d0,   [%%a3]          \n\t"   \
-        "addx   %%d2,    %%d2,  %%d0    \n\t"   \
-        "addc   %%d3,    %%d3,    0     \n\t"   \
-        "mov    %%d4,    %%d3           \n\t"   \
-        "st.w  [%%a3+],  %%d2           \n\t"
-
-#define MULADDC_STOP                            \
-        "st.w   %0, %%d4                \n\t"   \
-        "st.a   %1, %%a3                \n\t"   \
-        "st.a   %2, %%a2                \n\t"   \
-        : "=m" (c), "=m" (d), "=m" (s)          \
-        : "m" (s), "m" (d), "m" (c), "m" (b)    \
-        : "d0", "d1", "e2", "d4", "a2", "a3"    \
-    );
-
-#endif /* TriCore */
-
-/*
- * Note, gcc -O0 by default uses r7 for the frame pointer, so it complains about
- * our use of r7 below, unless -fomit-frame-pointer is passed.
- *
- * On the other hand, -fomit-frame-pointer is implied by any -Ox options with
- * x !=0, which we can detect using __OPTIMIZE__ (which is also defined by
- * clang and armcc5 under the same conditions).
- *
- * So, only use the optimized assembly below for optimized build, which avoids
- * the build error and is pretty reasonable anyway.
- */
-#if defined(__GNUC__) && !defined(__OPTIMIZE__)
-#define MULADDC_CANNOT_USE_R7
-#endif
-
-#if defined(__arm__) && !defined(MULADDC_CANNOT_USE_R7)
-
-#if defined(__thumb__) && !defined(__thumb2__)
-
-#define MULADDC_INIT                                    \
-    asm(                                                \
-            "ldr    r0, %3                      \n\t"   \
-            "ldr    r1, %4                      \n\t"   \
-            "ldr    r2, %5                      \n\t"   \
-            "ldr    r3, %6                      \n\t"   \
-            "lsr    r7, r3, #16                 \n\t"   \
-            "mov    r9, r7                      \n\t"   \
-            "lsl    r7, r3, #16                 \n\t"   \
-            "lsr    r7, r7, #16                 \n\t"   \
-            "mov    r8, r7                      \n\t"
-
-#define MULADDC_CORE                                    \
-            "ldmia  r0!, {r6}                   \n\t"   \
-            "lsr    r7, r6, #16                 \n\t"   \
-            "lsl    r6, r6, #16                 \n\t"   \
-            "lsr    r6, r6, #16                 \n\t"   \
-            "mov    r4, r8                      \n\t"   \
-            "mul    r4, r6                      \n\t"   \
-            "mov    r3, r9                      \n\t"   \
-            "mul    r6, r3                      \n\t"   \
-            "mov    r5, r9                      \n\t"   \
-            "mul    r5, r7                      \n\t"   \
-            "mov    r3, r8                      \n\t"   \
-            "mul    r7, r3                      \n\t"   \
-            "lsr    r3, r6, #16                 \n\t"   \
-            "add    r5, r5, r3                  \n\t"   \
-            "lsr    r3, r7, #16                 \n\t"   \
-            "add    r5, r5, r3                  \n\t"   \
-            "add    r4, r4, r2                  \n\t"   \
-            "mov    r2, #0                      \n\t"   \
-            "adc    r5, r2                      \n\t"   \
-            "lsl    r3, r6, #16                 \n\t"   \
-            "add    r4, r4, r3                  \n\t"   \
-            "adc    r5, r2                      \n\t"   \
-            "lsl    r3, r7, #16                 \n\t"   \
-            "add    r4, r4, r3                  \n\t"   \
-            "adc    r5, r2                      \n\t"   \
-            "ldr    r3, [r1]                    \n\t"   \
-            "add    r4, r4, r3                  \n\t"   \
-            "adc    r2, r5                      \n\t"   \
-            "stmia  r1!, {r4}                   \n\t"
-
-#define MULADDC_STOP                                    \
-            "str    r2, %0                      \n\t"   \
-            "str    r1, %1                      \n\t"   \
-            "str    r0, %2                      \n\t"   \
-         : "=m" (c),  "=m" (d), "=m" (s)        \
-         : "m" (s), "m" (d), "m" (c), "m" (b)   \
-         : "r0", "r1", "r2", "r3", "r4", "r5",  \
-           "r6", "r7", "r8", "r9", "cc"         \
-         );
-
-#elif (__ARM_ARCH >= 6) && \
-    defined (__ARM_FEATURE_DSP) && (__ARM_FEATURE_DSP == 1)
-
-#define MULADDC_INIT                            \
-    asm(
-
-#define MULADDC_CORE                            \
-            "ldr    r0, [%0], #4        \n\t"   \
-            "ldr    r1, [%1]            \n\t"   \
-            "umaal  r1, %2, %3, r0      \n\t"   \
-            "str    r1, [%1], #4        \n\t"
-
-#define MULADDC_STOP                            \
-         : "=r" (s),  "=r" (d), "=r" (c)        \
-         : "r" (b), "0" (s), "1" (d), "2" (c)   \
-         : "r0", "r1", "memory"                 \
-         );
-
-#else
-
-#define MULADDC_INIT                                    \
-    asm(                                                \
-            "ldr    r0, %3                      \n\t"   \
-            "ldr    r1, %4                      \n\t"   \
-            "ldr    r2, %5                      \n\t"   \
-            "ldr    r3, %6                      \n\t"
-
-#define MULADDC_CORE                                    \
-            "ldr    r4, [r0], #4                \n\t"   \
-            "mov    r5, #0                      \n\t"   \
-            "ldr    r6, [r1]                    \n\t"   \
-            "umlal  r2, r5, r3, r4              \n\t"   \
-            "adds   r7, r6, r2                  \n\t"   \
-            "adc    r2, r5, #0                  \n\t"   \
-            "str    r7, [r1], #4                \n\t"
-
-#define MULADDC_STOP                                    \
-            "str    r2, %0                      \n\t"   \
-            "str    r1, %1                      \n\t"   \
-            "str    r0, %2                      \n\t"   \
-         : "=m" (c),  "=m" (d), "=m" (s)        \
-         : "m" (s), "m" (d), "m" (c), "m" (b)   \
-         : "r0", "r1", "r2", "r3", "r4", "r5",  \
-           "r6", "r7", "cc"                     \
-         );
-
-#endif /* Thumb */
-
-#endif /* ARMv3 */
-
-#if defined(__alpha__)
-
-#define MULADDC_INIT                    \
-    asm(                                \
-        "ldq    $1, %3          \n\t"   \
-        "ldq    $2, %4          \n\t"   \
-        "ldq    $3, %5          \n\t"   \
-        "ldq    $4, %6          \n\t"
-
-#define MULADDC_CORE                    \
-        "ldq    $6,  0($1)      \n\t"   \
-        "addq   $1,  8, $1      \n\t"   \
-        "mulq   $6, $4, $7      \n\t"   \
-        "umulh  $6, $4, $6      \n\t"   \
-        "addq   $7, $3, $7      \n\t"   \
-        "cmpult $7, $3, $3      \n\t"   \
-        "ldq    $5,  0($2)      \n\t"   \
-        "addq   $7, $5, $7      \n\t"   \
-        "cmpult $7, $5, $5      \n\t"   \
-        "stq    $7,  0($2)      \n\t"   \
-        "addq   $2,  8, $2      \n\t"   \
-        "addq   $6, $3, $3      \n\t"   \
-        "addq   $5, $3, $3      \n\t"
-
-#define MULADDC_STOP                                    \
-        "stq    $3, %0          \n\t"   \
-        "stq    $2, %1          \n\t"   \
-        "stq    $1, %2          \n\t"   \
-        : "=m" (c), "=m" (d), "=m" (s)              \
-        : "m" (s), "m" (d), "m" (c), "m" (b)        \
-        : "$1", "$2", "$3", "$4", "$5", "$6", "$7"  \
-    );
-#endif /* Alpha */
-
-#if defined(__mips__) && !defined(__mips64)
-
-#define MULADDC_INIT                    \
-    asm(                                \
-        "lw     $10, %3         \n\t"   \
-        "lw     $11, %4         \n\t"   \
-        "lw     $12, %5         \n\t"   \
-        "lw     $13, %6         \n\t"
-
-#define MULADDC_CORE                    \
-        "lw     $14, 0($10)     \n\t"   \
-        "multu  $13, $14        \n\t"   \
-        "addi   $10, $10, 4     \n\t"   \
-        "mflo   $14             \n\t"   \
-        "mfhi   $9              \n\t"   \
-        "addu   $14, $12, $14   \n\t"   \
-        "lw     $15, 0($11)     \n\t"   \
-        "sltu   $12, $14, $12   \n\t"   \
-        "addu   $15, $14, $15   \n\t"   \
-        "sltu   $14, $15, $14   \n\t"   \
-        "addu   $12, $12, $9    \n\t"   \
-        "sw     $15, 0($11)     \n\t"   \
-        "addu   $12, $12, $14   \n\t"   \
-        "addi   $11, $11, 4     \n\t"
-
-#define MULADDC_STOP                    \
-        "sw     $12, %0         \n\t"   \
-        "sw     $11, %1         \n\t"   \
-        "sw     $10, %2         \n\t"   \
-        : "=m" (c), "=m" (d), "=m" (s)                      \
-        : "m" (s), "m" (d), "m" (c), "m" (b)                \
-        : "$9", "$10", "$11", "$12", "$13", "$14", "$15", "lo", "hi" \
-    );
-
-#endif /* MIPS */
-#endif /* GNUC */
-
-#if (defined(_MSC_VER) && defined(_M_IX86)) || defined(__WATCOMC__)
-
-#define MULADDC_INIT                            \
-    __asm   mov     esi, s                      \
-    __asm   mov     edi, d                      \
-    __asm   mov     ecx, c                      \
-    __asm   mov     ebx, b
-
-#define MULADDC_CORE                            \
-    __asm   lodsd                               \
-    __asm   mul     ebx                         \
-    __asm   add     eax, ecx                    \
-    __asm   adc     edx, 0                      \
-    __asm   add     eax, [edi]                  \
-    __asm   adc     edx, 0                      \
-    __asm   mov     ecx, edx                    \
-    __asm   stosd
-
-#if defined(MBEDTLS_HAVE_SSE2)
-
-#define EMIT __asm _emit
-
-#define MULADDC_HUIT                            \
-    EMIT 0x0F  EMIT 0x6E  EMIT 0xC9             \
-    EMIT 0x0F  EMIT 0x6E  EMIT 0xC3             \
-    EMIT 0x0F  EMIT 0x6E  EMIT 0x1F             \
-    EMIT 0x0F  EMIT 0xD4  EMIT 0xCB             \
-    EMIT 0x0F  EMIT 0x6E  EMIT 0x16             \
-    EMIT 0x0F  EMIT 0xF4  EMIT 0xD0             \
-    EMIT 0x0F  EMIT 0x6E  EMIT 0x66  EMIT 0x04  \
-    EMIT 0x0F  EMIT 0xF4  EMIT 0xE0             \
-    EMIT 0x0F  EMIT 0x6E  EMIT 0x76  EMIT 0x08  \
-    EMIT 0x0F  EMIT 0xF4  EMIT 0xF0             \
-    EMIT 0x0F  EMIT 0x6E  EMIT 0x7E  EMIT 0x0C  \
-    EMIT 0x0F  EMIT 0xF4  EMIT 0xF8             \
-    EMIT 0x0F  EMIT 0xD4  EMIT 0xCA             \
-    EMIT 0x0F  EMIT 0x6E  EMIT 0x5F  EMIT 0x04  \
-    EMIT 0x0F  EMIT 0xD4  EMIT 0xDC             \
-    EMIT 0x0F  EMIT 0x6E  EMIT 0x6F  EMIT 0x08  \
-    EMIT 0x0F  EMIT 0xD4  EMIT 0xEE             \
-    EMIT 0x0F  EMIT 0x6E  EMIT 0x67  EMIT 0x0C  \
-    EMIT 0x0F  EMIT 0xD4  EMIT 0xFC             \
-    EMIT 0x0F  EMIT 0x7E  EMIT 0x0F             \
-    EMIT 0x0F  EMIT 0x6E  EMIT 0x56  EMIT 0x10  \
-    EMIT 0x0F  EMIT 0xF4  EMIT 0xD0             \
-    EMIT 0x0F  EMIT 0x73  EMIT 0xD1  EMIT 0x20  \
-    EMIT 0x0F  EMIT 0x6E  EMIT 0x66  EMIT 0x14  \
-    EMIT 0x0F  EMIT 0xF4  EMIT 0xE0             \
-    EMIT 0x0F  EMIT 0xD4  EMIT 0xCB             \
-    EMIT 0x0F  EMIT 0x6E  EMIT 0x76  EMIT 0x18  \
-    EMIT 0x0F  EMIT 0xF4  EMIT 0xF0             \
-    EMIT 0x0F  EMIT 0x7E  EMIT 0x4F  EMIT 0x04  \
-    EMIT 0x0F  EMIT 0x73  EMIT 0xD1  EMIT 0x20  \
-    EMIT 0x0F  EMIT 0x6E  EMIT 0x5E  EMIT 0x1C  \
-    EMIT 0x0F  EMIT 0xF4  EMIT 0xD8             \
-    EMIT 0x0F  EMIT 0xD4  EMIT 0xCD             \
-    EMIT 0x0F  EMIT 0x6E  EMIT 0x6F  EMIT 0x10  \
-    EMIT 0x0F  EMIT 0xD4  EMIT 0xD5             \
-    EMIT 0x0F  EMIT 0x7E  EMIT 0x4F  EMIT 0x08  \
-    EMIT 0x0F  EMIT 0x73  EMIT 0xD1  EMIT 0x20  \
-    EMIT 0x0F  EMIT 0xD4  EMIT 0xCF             \
-    EMIT 0x0F  EMIT 0x6E  EMIT 0x6F  EMIT 0x14  \
-    EMIT 0x0F  EMIT 0xD4  EMIT 0xE5             \
-    EMIT 0x0F  EMIT 0x7E  EMIT 0x4F  EMIT 0x0C  \
-    EMIT 0x0F  EMIT 0x73  EMIT 0xD1  EMIT 0x20  \
-    EMIT 0x0F  EMIT 0xD4  EMIT 0xCA             \
-    EMIT 0x0F  EMIT 0x6E  EMIT 0x6F  EMIT 0x18  \
-    EMIT 0x0F  EMIT 0xD4  EMIT 0xF5             \
-    EMIT 0x0F  EMIT 0x7E  EMIT 0x4F  EMIT 0x10  \
-    EMIT 0x0F  EMIT 0x73  EMIT 0xD1  EMIT 0x20  \
-    EMIT 0x0F  EMIT 0xD4  EMIT 0xCC             \
-    EMIT 0x0F  EMIT 0x6E  EMIT 0x6F  EMIT 0x1C  \
-    EMIT 0x0F  EMIT 0xD4  EMIT 0xDD             \
-    EMIT 0x0F  EMIT 0x7E  EMIT 0x4F  EMIT 0x14  \
-    EMIT 0x0F  EMIT 0x73  EMIT 0xD1  EMIT 0x20  \
-    EMIT 0x0F  EMIT 0xD4  EMIT 0xCE             \
-    EMIT 0x0F  EMIT 0x7E  EMIT 0x4F  EMIT 0x18  \
-    EMIT 0x0F  EMIT 0x73  EMIT 0xD1  EMIT 0x20  \
-    EMIT 0x0F  EMIT 0xD4  EMIT 0xCB             \
-    EMIT 0x0F  EMIT 0x7E  EMIT 0x4F  EMIT 0x1C  \
-    EMIT 0x83  EMIT 0xC7  EMIT 0x20             \
-    EMIT 0x83  EMIT 0xC6  EMIT 0x20             \
-    EMIT 0x0F  EMIT 0x73  EMIT 0xD1  EMIT 0x20  \
-    EMIT 0x0F  EMIT 0x7E  EMIT 0xC9
-
-#define MULADDC_STOP                            \
-    EMIT 0x0F  EMIT 0x77                        \
-    __asm   mov     c, ecx                      \
-    __asm   mov     d, edi                      \
-    __asm   mov     s, esi                      \
-
-#else
-
-#define MULADDC_STOP                            \
-    __asm   mov     c, ecx                      \
-    __asm   mov     d, edi                      \
-    __asm   mov     s, esi                      \
-
-#endif /* SSE2 */
-#endif /* MSVC */
-
-#endif /* MBEDTLS_HAVE_ASM */
-
-#if !defined(MULADDC_CORE)
-#if defined(MBEDTLS_HAVE_UDBL)
-
-#define MULADDC_INIT                    \
-{                                       \
-    mbedtls_t_udbl r;                           \
-    mbedtls_mpi_uint r0, r1;
-
-#define MULADDC_CORE                    \
-    r   = *(s++) * (mbedtls_t_udbl) b;          \
-    r0  = (mbedtls_mpi_uint) r;                   \
-    r1  = (mbedtls_mpi_uint)( r >> biL );         \
-    r0 += c;  r1 += (r0 <  c);          \
-    r0 += *d; r1 += (r0 < *d);          \
-    c = r1; *(d++) = r0;
-
-#define MULADDC_STOP                    \
-}
-
-#else
-#define MULADDC_INIT                    \
-{                                       \
-    mbedtls_mpi_uint s0, s1, b0, b1;              \
-    mbedtls_mpi_uint r0, r1, rx, ry;              \
-    b0 = ( b << biH ) >> biH;           \
-    b1 = ( b >> biH );
-
-#define MULADDC_CORE                    \
-    s0 = ( *s << biH ) >> biH;          \
-    s1 = ( *s >> biH ); s++;            \
-    rx = s0 * b1; r0 = s0 * b0;         \
-    ry = s1 * b0; r1 = s1 * b1;         \
-    r1 += ( rx >> biH );                \
-    r1 += ( ry >> biH );                \
-    rx <<= biH; ry <<= biH;             \
-    r0 += rx; r1 += (r0 < rx);          \
-    r0 += ry; r1 += (r0 < ry);          \
-    r0 +=  c; r1 += (r0 <  c);          \
-    r0 += *d; r1 += (r0 < *d);          \
-    c = r1; *(d++) = r0;
-
-#define MULADDC_STOP                    \
-}
-
-#endif /* C (generic)  */
-#endif /* C (longlong) */
-
-#endif /* bn_mul.h */

lib/mbedtls/include/mbedtls/camellia.h

@@ -1,326 +0,0 @@
-/**
- * \file camellia.h
- *
- * \brief Camellia block cipher
- */
-/*
- *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
- *  SPDX-License-Identifier: Apache-2.0
- *
- *  Licensed under the Apache License, Version 2.0 (the "License"); you may
- *  not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- *
- *  This file is part of mbed TLS (https://tls.mbed.org)
- */
-#ifndef MBEDTLS_CAMELLIA_H
-#define MBEDTLS_CAMELLIA_H
-
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "mbedtls/config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
-
-#include <stddef.h>
-#include <stdint.h>
-
-#include "mbedtls/platform_util.h"
-
-#define MBEDTLS_CAMELLIA_ENCRYPT     1
-#define MBEDTLS_CAMELLIA_DECRYPT     0
-
-#if !defined(MBEDTLS_DEPRECATED_REMOVED)
-#define MBEDTLS_ERR_CAMELLIA_INVALID_KEY_LENGTH   MBEDTLS_DEPRECATED_NUMERIC_CONSTANT( -0x0024 )
-#endif /* !MBEDTLS_DEPRECATED_REMOVED */
-#define MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA -0x0024 /**< Bad input data. */
-
-#define MBEDTLS_ERR_CAMELLIA_INVALID_INPUT_LENGTH -0x0026 /**< Invalid data input length. */
-
-/* MBEDTLS_ERR_CAMELLIA_HW_ACCEL_FAILED is deprecated and should not be used.
- */
-#define MBEDTLS_ERR_CAMELLIA_HW_ACCEL_FAILED              -0x0027  /**< Camellia hardware accelerator failed. */
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-#if !defined(MBEDTLS_CAMELLIA_ALT)
-// Regular implementation
-//
-
-/**
- * \brief          CAMELLIA context structure
- */
-typedef struct mbedtls_camellia_context
-{
-    int nr;                     /*!<  number of rounds  */
-    uint32_t rk[68];            /*!<  CAMELLIA round keys    */
-}
-mbedtls_camellia_context;
-
-#else  /* MBEDTLS_CAMELLIA_ALT */
-#include "camellia_alt.h"
-#endif /* MBEDTLS_CAMELLIA_ALT */
-
-/**
- * \brief          Initialize a CAMELLIA context.
- *
- * \param ctx      The CAMELLIA context to be initialized.
- *                 This must not be \c NULL.
- */
-void mbedtls_camellia_init( mbedtls_camellia_context *ctx );
-
-/**
- * \brief          Clear a CAMELLIA context.
- *
- * \param ctx      The CAMELLIA context to be cleared. This may be \c NULL,
- *                 in which case this function returns immediately. If it is not
- *                 \c NULL, it must be initialized.
- */
-void mbedtls_camellia_free( mbedtls_camellia_context *ctx );
-
-/**
- * \brief          Perform a CAMELLIA key schedule operation for encryption.
- *
- * \param ctx      The CAMELLIA context to use. This must be initialized.
- * \param key      The encryption key to use. This must be a readable buffer
- *                 of size \p keybits Bits.
- * \param keybits  The length of \p key in Bits. This must be either \c 128,
- *                 \c 192 or \c 256.
- *
- * \return         \c 0 if successful.
- * \return         A negative error code on failure.
- */
-int mbedtls_camellia_setkey_enc( mbedtls_camellia_context *ctx,
-                                 const unsigned char *key,
-                                 unsigned int keybits );
-
-/**
- * \brief          Perform a CAMELLIA key schedule operation for decryption.
- *
- * \param ctx      The CAMELLIA context to use. This must be initialized.
- * \param key      The decryption key. This must be a readable buffer
- *                 of size \p keybits Bits.
- * \param keybits  The length of \p key in Bits. This must be either \c 128,
- *                 \c 192 or \c 256.
- *
- * \return         \c 0 if successful.
- * \return         A negative error code on failure.
- */
-int mbedtls_camellia_setkey_dec( mbedtls_camellia_context *ctx,
-                                 const unsigned char *key,
-                                 unsigned int keybits );
-
-/**
- * \brief          Perform a CAMELLIA-ECB block encryption/decryption operation.
- *
- * \param ctx      The CAMELLIA context to use. This must be initialized
- *                 and bound to a key.
- * \param mode     The mode of operation. This must be either
- *                 #MBEDTLS_CAMELLIA_ENCRYPT or #MBEDTLS_CAMELLIA_DECRYPT.
- * \param input    The input block. This must be a readable buffer
- *                 of size \c 16 Bytes.
- * \param output   The output block. This must be a writable buffer
- *                 of size \c 16 Bytes.
- *
- * \return         \c 0 if successful.
- * \return         A negative error code on failure.
- */
-int mbedtls_camellia_crypt_ecb( mbedtls_camellia_context *ctx,
-                    int mode,
-                    const unsigned char input[16],
-                    unsigned char output[16] );
-
-#if defined(MBEDTLS_CIPHER_MODE_CBC)
-/**
- * \brief          Perform a CAMELLIA-CBC buffer encryption/decryption operation.
- *
- * \note           Upon exit, the content of the IV is updated so that you can
- *                 call the function same function again on the following
- *                 block(s) of data and get the same result as if it was
- *                 encrypted in one call. This allows a "streaming" usage.
- *                 If on the other hand you need to retain the contents of the
- *                 IV, you should either save it manually or use the cipher
- *                 module instead.
- *
- * \param ctx      The CAMELLIA context to use. This must be initialized
- *                 and bound to a key.
- * \param mode     The mode of operation. This must be either
- *                 #MBEDTLS_CAMELLIA_ENCRYPT or #MBEDTLS_CAMELLIA_DECRYPT.
- * \param length   The length in Bytes of the input data \p input.
- *                 This must be a multiple of \c 16 Bytes.
- * \param iv       The initialization vector. This must be a read/write buffer
- *                 of length \c 16 Bytes. It is updated to allow streaming
- *                 use as explained above.
- * \param input    The buffer holding the input data. This must point to a
- *                 readable buffer of length \p length Bytes.
- * \param output   The buffer holding the output data. This must point to a
- *                 writable buffer of length \p length Bytes.
- *
- * \return         \c 0 if successful.
- * \return         A negative error code on failure.
- */
-int mbedtls_camellia_crypt_cbc( mbedtls_camellia_context *ctx,
-                    int mode,
-                    size_t length,
-                    unsigned char iv[16],
-                    const unsigned char *input,
-                    unsigned char *output );
-#endif /* MBEDTLS_CIPHER_MODE_CBC */
-
-#if defined(MBEDTLS_CIPHER_MODE_CFB)
-/**
- * \brief          Perform a CAMELLIA-CFB128 buffer encryption/decryption
- *                 operation.
- *
- * \note           Due to the nature of CFB mode, you should use the same
- *                 key for both encryption and decryption. In particular, calls
- *                 to this function should be preceded by a key-schedule via
- *                 mbedtls_camellia_setkey_enc() regardless of whether \p mode
- *                 is #MBEDTLS_CAMELLIA_ENCRYPT or #MBEDTLS_CAMELLIA_DECRYPT.
- *
- * \note           Upon exit, the content of the IV is updated so that you can
- *                 call the function same function again on the following
- *                 block(s) of data and get the same result as if it was
- *                 encrypted in one call. This allows a "streaming" usage.
- *                 If on the other hand you need to retain the contents of the
- *                 IV, you should either save it manually or use the cipher
- *                 module instead.
- *
- * \param ctx      The CAMELLIA context to use. This must be initialized
- *                 and bound to a key.
- * \param mode     The mode of operation. This must be either
- *                 #MBEDTLS_CAMELLIA_ENCRYPT or #MBEDTLS_CAMELLIA_DECRYPT.
- * \param length   The length of the input data \p input. Any value is allowed.
- * \param iv_off   The current offset in the IV. This must be smaller
- *                 than \c 16 Bytes. It is updated after this call to allow
- *                 the aforementioned streaming usage.
- * \param iv       The initialization vector. This must be a read/write buffer
- *                 of length \c 16 Bytes. It is updated after this call to
- *                 allow the aforementioned streaming usage.
- * \param input    The buffer holding the input data. This must be a readable
- *                 buffer of size \p length Bytes.
- * \param output   The buffer to hold the output data. This must be a writable
- *                 buffer of length \p length Bytes.
- *
- * \return         \c 0 if successful.
- * \return         A negative error code on failure.
- */
-int mbedtls_camellia_crypt_cfb128( mbedtls_camellia_context *ctx,
-                       int mode,
-                       size_t length,
-                       size_t *iv_off,
-                       unsigned char iv[16],
-                       const unsigned char *input,
-                       unsigned char *output );
-#endif /* MBEDTLS_CIPHER_MODE_CFB */
-
-#if defined(MBEDTLS_CIPHER_MODE_CTR)
-/**
- * \brief      Perform a CAMELLIA-CTR buffer encryption/decryption operation.
- *
- * *note       Due to the nature of CTR mode, you should use the same
- *             key for both encryption and decryption. In particular, calls
- *             to this function should be preceded by a key-schedule via
- *             mbedtls_camellia_setkey_enc() regardless of whether \p mode
- *             is #MBEDTLS_CAMELLIA_ENCRYPT or #MBEDTLS_CAMELLIA_DECRYPT.
- *
- * \warning    You must never reuse a nonce value with the same key. Doing so
- *             would void the encryption for the two messages encrypted with
- *             the same nonce and key.
- *
- *             There are two common strategies for managing nonces with CTR:
- *
- *             1. You can handle everything as a single message processed over
- *             successive calls to this function. In that case, you want to
- *             set \p nonce_counter and \p nc_off to 0 for the first call, and
- *             then preserve the values of \p nonce_counter, \p nc_off and \p
- *             stream_block across calls to this function as they will be
- *             updated by this function.
- *
- *             With this strategy, you must not encrypt more than 2**128
- *             blocks of data with the same key.
- *
- *             2. You can encrypt separate messages by dividing the \p
- *             nonce_counter buffer in two areas: the first one used for a
- *             per-message nonce, handled by yourself, and the second one
- *             updated by this function internally.
- *
- *             For example, you might reserve the first \c 12 Bytes for the
- *             per-message nonce, and the last \c 4 Bytes for internal use.
- *             In that case, before calling this function on a new message you
- *             need to set the first \c 12 Bytes of \p nonce_counter to your
- *             chosen nonce value, the last four to \c 0, and \p nc_off to \c 0
- *             (which will cause \p stream_block to be ignored). That way, you
- *             can encrypt at most \c 2**96 messages of up to \c 2**32 blocks
- *             each  with the same key.
- *
- *             The per-message nonce (or information sufficient to reconstruct
- *             it) needs to be communicated with the ciphertext and must be
- *             unique. The recommended way to ensure uniqueness is to use a
- *             message counter. An alternative is to generate random nonces,
- *             but this limits the number of messages that can be securely
- *             encrypted: for example, with 96-bit random nonces, you should
- *             not encrypt more than 2**32 messages with the same key.
- *
- *             Note that for both stategies, sizes are measured in blocks and
- *             that a CAMELLIA block is \c 16 Bytes.
- *
- * \warning    Upon return, \p stream_block contains sensitive data. Its
- *             content must not be written to insecure storage and should be
- *             securely discarded as soon as it's no longer needed.
- *
- * \param ctx           The CAMELLIA context to use. This must be initialized
- *                      and bound to a key.
- * \param length        The length of the input data \p input in Bytes.
- *                      Any value is allowed.
- * \param nc_off        The offset in the current \p stream_block (for resuming
- *                      within current cipher stream). The offset pointer to
- *                      should be \c 0 at the start of a stream. It is updated
- *                      at the end of this call.
- * \param nonce_counter The 128-bit nonce and counter. This must be a read/write
- *                      buffer of length \c 16 Bytes.
- * \param stream_block  The saved stream-block for resuming. This must be a
- *                      read/write buffer of length \c 16 Bytes.
- * \param input         The input data stream. This must be a readable buffer of
- *                      size \p length Bytes.
- * \param output        The output data stream. This must be a writable buffer
- *                      of size \p length Bytes.
- *
- * \return              \c 0 if successful.
- * \return              A negative error code on failure.
- */
-int mbedtls_camellia_crypt_ctr( mbedtls_camellia_context *ctx,
-                       size_t length,
-                       size_t *nc_off,
-                       unsigned char nonce_counter[16],
-                       unsigned char stream_block[16],
-                       const unsigned char *input,
-                       unsigned char *output );
-#endif /* MBEDTLS_CIPHER_MODE_CTR */
-
-#if defined(MBEDTLS_SELF_TEST)
-
-/**
- * \brief          Checkup routine
- *
- * \return         0 if successful, or 1 if the test failed
- */
-int mbedtls_camellia_self_test( int verbose );
-
-#endif /* MBEDTLS_SELF_TEST */
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* camellia.h */

lib/mbedtls/include/mbedtls/ccm.h

@@ -1,310 +0,0 @@
-/**
- * \file ccm.h
- *
- * \brief This file provides an API for the CCM authenticated encryption
- *        mode for block ciphers.
- *
- * CCM combines Counter mode encryption with CBC-MAC authentication
- * for 128-bit block ciphers.
- *
- * Input to CCM includes the following elements:
- * <ul><li>Payload - data that is both authenticated and encrypted.</li>
- * <li>Associated data (Adata) - data that is authenticated but not
- * encrypted, For example, a header.</li>
- * <li>Nonce - A unique value that is assigned to the payload and the
- * associated data.</li></ul>
- *
- * Definition of CCM:
- * http://csrc.nist.gov/publications/nistpubs/800-38C/SP800-38C_updated-July20_2007.pdf
- * RFC 3610 "Counter with CBC-MAC (CCM)"
- *
- * Related:
- * RFC 5116 "An Interface and Algorithms for Authenticated Encryption"
- *
- * Definition of CCM*:
- * IEEE 802.15.4 - IEEE Standard for Local and metropolitan area networks
- * Integer representation is fixed most-significant-octet-first order and
- * the representation of octets is most-significant-bit-first order. This is
- * consistent with RFC 3610.
- */
-/*
- *  Copyright (C) 2006-2018, Arm Limited (or its affiliates), All Rights Reserved
- *  SPDX-License-Identifier: Apache-2.0
- *
- *  Licensed under the Apache License, Version 2.0 (the "License"); you may
- *  not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- *
- *  This file is part of Mbed TLS (https://tls.mbed.org)
- */
-
-#ifndef MBEDTLS_CCM_H
-#define MBEDTLS_CCM_H
-
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "mbedtls/config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
-
-#include "mbedtls/cipher.h"
-
-#define MBEDTLS_ERR_CCM_BAD_INPUT       -0x000D /**< Bad input parameters to the function. */
-#define MBEDTLS_ERR_CCM_AUTH_FAILED     -0x000F /**< Authenticated decryption failed. */
-
-/* MBEDTLS_ERR_CCM_HW_ACCEL_FAILED is deprecated and should not be used. */
-#define MBEDTLS_ERR_CCM_HW_ACCEL_FAILED -0x0011 /**< CCM hardware accelerator failed. */
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-#if !defined(MBEDTLS_CCM_ALT)
-// Regular implementation
-//
-
-/**
- * \brief    The CCM context-type definition. The CCM context is passed
- *           to the APIs called.
- */
-typedef struct mbedtls_ccm_context
-{
-    mbedtls_cipher_context_t cipher_ctx;    /*!< The cipher context used. */
-}
-mbedtls_ccm_context;
-
-#else  /* MBEDTLS_CCM_ALT */
-#include "ccm_alt.h"
-#endif /* MBEDTLS_CCM_ALT */
-
-/**
- * \brief           This function initializes the specified CCM context,
- *                  to make references valid, and prepare the context
- *                  for mbedtls_ccm_setkey() or mbedtls_ccm_free().
- *
- * \param ctx       The CCM context to initialize. This must not be \c NULL.
- */
-void mbedtls_ccm_init( mbedtls_ccm_context *ctx );
-
-/**
- * \brief           This function initializes the CCM context set in the
- *                  \p ctx parameter and sets the encryption key.
- *
- * \param ctx       The CCM context to initialize. This must be an initialized
- *                  context.
- * \param cipher    The 128-bit block cipher to use.
- * \param key       The encryption key. This must not be \c NULL.
- * \param keybits   The key size in bits. This must be acceptable by the cipher.
- *
- * \return          \c 0 on success.
- * \return          A CCM or cipher-specific error code on failure.
- */
-int mbedtls_ccm_setkey( mbedtls_ccm_context *ctx,
-                        mbedtls_cipher_id_t cipher,
-                        const unsigned char *key,
-                        unsigned int keybits );
-
-/**
- * \brief   This function releases and clears the specified CCM context
- *          and underlying cipher sub-context.
- *
- * \param ctx       The CCM context to clear. If this is \c NULL, the function
- *                  has no effect. Otherwise, this must be initialized.
- */
-void mbedtls_ccm_free( mbedtls_ccm_context *ctx );
-
-/**
- * \brief           This function encrypts a buffer using CCM.
- *
- * \note            The tag is written to a separate buffer. To concatenate
- *                  the \p tag with the \p output, as done in <em>RFC-3610:
- *                  Counter with CBC-MAC (CCM)</em>, use
- *                  \p tag = \p output + \p length, and make sure that the
- *                  output buffer is at least \p length + \p tag_len wide.
- *
- * \param ctx       The CCM context to use for encryption. This must be
- *                  initialized and bound to a key.
- * \param length    The length of the input data in Bytes.
- * \param iv        The initialization vector (nonce). This must be a readable
- *                  buffer of at least \p iv_len Bytes.
- * \param iv_len    The length of the nonce in Bytes: 7, 8, 9, 10, 11, 12,
- *                  or 13. The length L of the message length field is
- *                  15 - \p iv_len.
- * \param add       The additional data field. If \p add_len is greater than
- *                  zero, \p add must be a readable buffer of at least that
- *                  length.
- * \param add_len   The length of additional data in Bytes.
- *                  This must be less than `2^16 - 2^8`.
- * \param input     The buffer holding the input data. If \p length is greater
- *                  than zero, \p input must be a readable buffer of at least
- *                  that length.
- * \param output    The buffer holding the output data. If \p length is greater
- *                  than zero, \p output must be a writable buffer of at least
- *                  that length.
- * \param tag       The buffer holding the authentication field. This must be a
- *                  readable buffer of at least \p tag_len Bytes.
- * \param tag_len   The length of the authentication field to generate in Bytes:
- *                  4, 6, 8, 10, 12, 14 or 16.
- *
- * \return          \c 0 on success.
- * \return          A CCM or cipher-specific error code on failure.
- */
-int mbedtls_ccm_encrypt_and_tag( mbedtls_ccm_context *ctx, size_t length,
-                         const unsigned char *iv, size_t iv_len,
-                         const unsigned char *add, size_t add_len,
-                         const unsigned char *input, unsigned char *output,
-                         unsigned char *tag, size_t tag_len );
-
-/**
- * \brief           This function encrypts a buffer using CCM*.
- *
- * \note            The tag is written to a separate buffer. To concatenate
- *                  the \p tag with the \p output, as done in <em>RFC-3610:
- *                  Counter with CBC-MAC (CCM)</em>, use
- *                  \p tag = \p output + \p length, and make sure that the
- *                  output buffer is at least \p length + \p tag_len wide.
- *
- * \note            When using this function in a variable tag length context,
- *                  the tag length has to be encoded into the \p iv passed to
- *                  this function.
- *
- * \param ctx       The CCM context to use for encryption. This must be
- *                  initialized and bound to a key.
- * \param length    The length of the input data in Bytes.
- * \param iv        The initialization vector (nonce). This must be a readable
- *                  buffer of at least \p iv_len Bytes.
- * \param iv_len    The length of the nonce in Bytes: 7, 8, 9, 10, 11, 12,
- *                  or 13. The length L of the message length field is
- *                  15 - \p iv_len.
- * \param add       The additional data field. This must be a readable buffer of
- *                  at least \p add_len Bytes.
- * \param add_len   The length of additional data in Bytes.
- *                  This must be less than 2^16 - 2^8.
- * \param input     The buffer holding the input data. If \p length is greater
- *                  than zero, \p input must be a readable buffer of at least
- *                  that length.
- * \param output    The buffer holding the output data. If \p length is greater
- *                  than zero, \p output must be a writable buffer of at least
- *                  that length.
- * \param tag       The buffer holding the authentication field. This must be a
- *                  readable buffer of at least \p tag_len Bytes.
- * \param tag_len   The length of the authentication field to generate in Bytes:
- *                  0, 4, 6, 8, 10, 12, 14 or 16.
- *
- * \warning         Passing \c 0 as \p tag_len means that the message is no
- *                  longer authenticated.
- *
- * \return          \c 0 on success.
- * \return          A CCM or cipher-specific error code on failure.
- */
-int mbedtls_ccm_star_encrypt_and_tag( mbedtls_ccm_context *ctx, size_t length,
-                         const unsigned char *iv, size_t iv_len,
-                         const unsigned char *add, size_t add_len,
-                         const unsigned char *input, unsigned char *output,
-                         unsigned char *tag, size_t tag_len );
-
-/**
- * \brief           This function performs a CCM authenticated decryption of a
- *                  buffer.
- *
- * \param ctx       The CCM context to use for decryption. This must be
- *                  initialized and bound to a key.
- * \param length    The length of the input data in Bytes.
- * \param iv        The initialization vector (nonce). This must be a readable
- *                  buffer of at least \p iv_len Bytes.
- * \param iv_len    The length of the nonce in Bytes: 7, 8, 9, 10, 11, 12,
- *                  or 13. The length L of the message length field is
- *                  15 - \p iv_len.
- * \param add       The additional data field. This must be a readable buffer
- *                  of at least that \p add_len Bytes..
- * \param add_len   The length of additional data in Bytes.
- *                  This must be less than 2^16 - 2^8.
- * \param input     The buffer holding the input data. If \p length is greater
- *                  than zero, \p input must be a readable buffer of at least
- *                  that length.
- * \param output    The buffer holding the output data. If \p length is greater
- *                  than zero, \p output must be a writable buffer of at least
- *                  that length.
- * \param tag       The buffer holding the authentication field. This must be a
- *                  readable buffer of at least \p tag_len Bytes.
- * \param tag_len   The length of the authentication field to generate in Bytes:
- *                  4, 6, 8, 10, 12, 14 or 16.
- *
- * \return          \c 0 on success. This indicates that the message is authentic.
- * \return          #MBEDTLS_ERR_CCM_AUTH_FAILED if the tag does not match.
- * \return          A cipher-specific error code on calculation failure.
- */
-int mbedtls_ccm_auth_decrypt( mbedtls_ccm_context *ctx, size_t length,
-                      const unsigned char *iv, size_t iv_len,
-                      const unsigned char *add, size_t add_len,
-                      const unsigned char *input, unsigned char *output,
-                      const unsigned char *tag, size_t tag_len );
-
-/**
- * \brief           This function performs a CCM* authenticated decryption of a
- *                  buffer.
- *
- * \note            When using this function in a variable tag length context,
- *                  the tag length has to be decoded from \p iv and passed to
- *                  this function as \p tag_len. (\p tag needs to be adjusted
- *                  accordingly.)
- *
- * \param ctx       The CCM context to use for decryption. This must be
- *                  initialized and bound to a key.
- * \param length    The length of the input data in Bytes.
- * \param iv        The initialization vector (nonce). This must be a readable
- *                  buffer of at least \p iv_len Bytes.
- * \param iv_len    The length of the nonce in Bytes: 7, 8, 9, 10, 11, 12,
- *                  or 13. The length L of the message length field is
- *                  15 - \p iv_len.
- * \param add       The additional data field. This must be a readable buffer of
- *                  at least that \p add_len Bytes.
- * \param add_len   The length of additional data in Bytes.
- *                  This must be less than 2^16 - 2^8.
- * \param input     The buffer holding the input data. If \p length is greater
- *                  than zero, \p input must be a readable buffer of at least
- *                  that length.
- * \param output    The buffer holding the output data. If \p length is greater
- *                  than zero, \p output must be a writable buffer of at least
- *                  that length.
- * \param tag       The buffer holding the authentication field. This must be a
- *                  readable buffer of at least \p tag_len Bytes.
- * \param tag_len   The length of the authentication field in Bytes.
- *                  0, 4, 6, 8, 10, 12, 14 or 16.
- *
- * \warning         Passing \c 0 as \p tag_len means that the message is nos
- *                  longer authenticated.
- *
- * \return          \c 0 on success.
- * \return          #MBEDTLS_ERR_CCM_AUTH_FAILED if the tag does not match.
- * \return          A cipher-specific error code on calculation failure.
- */
-int mbedtls_ccm_star_auth_decrypt( mbedtls_ccm_context *ctx, size_t length,
-                      const unsigned char *iv, size_t iv_len,
-                      const unsigned char *add, size_t add_len,
-                      const unsigned char *input, unsigned char *output,
-                      const unsigned char *tag, size_t tag_len );
-
-#if defined(MBEDTLS_SELF_TEST) && defined(MBEDTLS_AES_C)
-/**
- * \brief          The CCM checkup routine.
- *
- * \return         \c 0 on success.
- * \return         \c 1 on failure.
- */
-int mbedtls_ccm_self_test( int verbose );
-#endif /* MBEDTLS_SELF_TEST && MBEDTLS_AES_C */
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* MBEDTLS_CCM_H */

lib/mbedtls/include/mbedtls/certs.h

@@ -1,252 +0,0 @@
-/**
- * \file certs.h
- *
- * \brief Sample certificates and DHM parameters for testing
- */
-/*
- *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
- *  SPDX-License-Identifier: Apache-2.0
- *
- *  Licensed under the Apache License, Version 2.0 (the "License"); you may
- *  not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- *
- *  This file is part of mbed TLS (https://tls.mbed.org)
- */
-#ifndef MBEDTLS_CERTS_H
-#define MBEDTLS_CERTS_H
-
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "mbedtls/config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
-
-#include <stddef.h>
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/* List of all PEM-encoded CA certificates, terminated by NULL;
- * PEM encoded if MBEDTLS_PEM_PARSE_C is enabled, DER encoded
- * otherwise. */
-extern const char * mbedtls_test_cas[];
-extern const size_t mbedtls_test_cas_len[];
-
-/* List of all DER-encoded CA certificates, terminated by NULL */
-extern const unsigned char * mbedtls_test_cas_der[];
-extern const size_t mbedtls_test_cas_der_len[];
-
-#if defined(MBEDTLS_PEM_PARSE_C)
-/* Concatenation of all CA certificates in PEM format if available */
-extern const char   mbedtls_test_cas_pem[];
-extern const size_t mbedtls_test_cas_pem_len;
-#endif /* MBEDTLS_PEM_PARSE_C */
-
-/*
- * CA test certificates
- */
-
-extern const char mbedtls_test_ca_crt_ec_pem[];
-extern const char mbedtls_test_ca_key_ec_pem[];
-extern const char mbedtls_test_ca_pwd_ec_pem[];
-extern const char mbedtls_test_ca_key_rsa_pem[];
-extern const char mbedtls_test_ca_pwd_rsa_pem[];
-extern const char mbedtls_test_ca_crt_rsa_sha1_pem[];
-extern const char mbedtls_test_ca_crt_rsa_sha256_pem[];
-
-extern const unsigned char mbedtls_test_ca_crt_ec_der[];
-extern const unsigned char mbedtls_test_ca_key_ec_der[];
-extern const unsigned char mbedtls_test_ca_key_rsa_der[];
-extern const unsigned char mbedtls_test_ca_crt_rsa_sha1_der[];
-extern const unsigned char mbedtls_test_ca_crt_rsa_sha256_der[];
-
-extern const size_t mbedtls_test_ca_crt_ec_pem_len;
-extern const size_t mbedtls_test_ca_key_ec_pem_len;
-extern const size_t mbedtls_test_ca_pwd_ec_pem_len;
-extern const size_t mbedtls_test_ca_key_rsa_pem_len;
-extern const size_t mbedtls_test_ca_pwd_rsa_pem_len;
-extern const size_t mbedtls_test_ca_crt_rsa_sha1_pem_len;
-extern const size_t mbedtls_test_ca_crt_rsa_sha256_pem_len;
-
-extern const size_t mbedtls_test_ca_crt_ec_der_len;
-extern const size_t mbedtls_test_ca_key_ec_der_len;
-extern const size_t mbedtls_test_ca_pwd_ec_der_len;
-extern const size_t mbedtls_test_ca_key_rsa_der_len;
-extern const size_t mbedtls_test_ca_pwd_rsa_der_len;
-extern const size_t mbedtls_test_ca_crt_rsa_sha1_der_len;
-extern const size_t mbedtls_test_ca_crt_rsa_sha256_der_len;
-
-/* Config-dependent dispatch between PEM and DER encoding
- * (PEM if enabled, otherwise DER) */
-
-extern const char mbedtls_test_ca_crt_ec[];
-extern const char mbedtls_test_ca_key_ec[];
-extern const char mbedtls_test_ca_pwd_ec[];
-extern const char mbedtls_test_ca_key_rsa[];
-extern const char mbedtls_test_ca_pwd_rsa[];
-extern const char mbedtls_test_ca_crt_rsa_sha1[];
-extern const char mbedtls_test_ca_crt_rsa_sha256[];
-
-extern const size_t mbedtls_test_ca_crt_ec_len;
-extern const size_t mbedtls_test_ca_key_ec_len;
-extern const size_t mbedtls_test_ca_pwd_ec_len;
-extern const size_t mbedtls_test_ca_key_rsa_len;
-extern const size_t mbedtls_test_ca_pwd_rsa_len;
-extern const size_t mbedtls_test_ca_crt_rsa_sha1_len;
-extern const size_t mbedtls_test_ca_crt_rsa_sha256_len;
-
-/* Config-dependent dispatch between SHA-1 and SHA-256
- * (SHA-256 if enabled, otherwise SHA-1) */
-
-extern const char mbedtls_test_ca_crt_rsa[];
-extern const size_t mbedtls_test_ca_crt_rsa_len;
-
-/* Config-dependent dispatch between EC and RSA
- * (RSA if enabled, otherwise EC) */
-
-extern const char * mbedtls_test_ca_crt;
-extern const char * mbedtls_test_ca_key;
-extern const char * mbedtls_test_ca_pwd;
-extern const size_t mbedtls_test_ca_crt_len;
-extern const size_t mbedtls_test_ca_key_len;
-extern const size_t mbedtls_test_ca_pwd_len;
-
-/*
- * Server test certificates
- */
-
-extern const char mbedtls_test_srv_crt_ec_pem[];
-extern const char mbedtls_test_srv_key_ec_pem[];
-extern const char mbedtls_test_srv_pwd_ec_pem[];
-extern const char mbedtls_test_srv_key_rsa_pem[];
-extern const char mbedtls_test_srv_pwd_rsa_pem[];
-extern const char mbedtls_test_srv_crt_rsa_sha1_pem[];
-extern const char mbedtls_test_srv_crt_rsa_sha256_pem[];
-
-extern const unsigned char mbedtls_test_srv_crt_ec_der[];
-extern const unsigned char mbedtls_test_srv_key_ec_der[];
-extern const unsigned char mbedtls_test_srv_key_rsa_der[];
-extern const unsigned char mbedtls_test_srv_crt_rsa_sha1_der[];
-extern const unsigned char mbedtls_test_srv_crt_rsa_sha256_der[];
-
-extern const size_t mbedtls_test_srv_crt_ec_pem_len;
-extern const size_t mbedtls_test_srv_key_ec_pem_len;
-extern const size_t mbedtls_test_srv_pwd_ec_pem_len;
-extern const size_t mbedtls_test_srv_key_rsa_pem_len;
-extern const size_t mbedtls_test_srv_pwd_rsa_pem_len;
-extern const size_t mbedtls_test_srv_crt_rsa_sha1_pem_len;
-extern const size_t mbedtls_test_srv_crt_rsa_sha256_pem_len;
-
-extern const size_t mbedtls_test_srv_crt_ec_der_len;
-extern const size_t mbedtls_test_srv_key_ec_der_len;
-extern const size_t mbedtls_test_srv_pwd_ec_der_len;
-extern const size_t mbedtls_test_srv_key_rsa_der_len;
-extern const size_t mbedtls_test_srv_pwd_rsa_der_len;
-extern const size_t mbedtls_test_srv_crt_rsa_sha1_der_len;
-extern const size_t mbedtls_test_srv_crt_rsa_sha256_der_len;
-
-/* Config-dependent dispatch between PEM and DER encoding
- * (PEM if enabled, otherwise DER) */
-
-extern const char mbedtls_test_srv_crt_ec[];
-extern const char mbedtls_test_srv_key_ec[];
-extern const char mbedtls_test_srv_pwd_ec[];
-extern const char mbedtls_test_srv_key_rsa[];
-extern const char mbedtls_test_srv_pwd_rsa[];
-extern const char mbedtls_test_srv_crt_rsa_sha1[];
-extern const char mbedtls_test_srv_crt_rsa_sha256[];
-
-extern const size_t mbedtls_test_srv_crt_ec_len;
-extern const size_t mbedtls_test_srv_key_ec_len;
-extern const size_t mbedtls_test_srv_pwd_ec_len;
-extern const size_t mbedtls_test_srv_key_rsa_len;
-extern const size_t mbedtls_test_srv_pwd_rsa_len;
-extern const size_t mbedtls_test_srv_crt_rsa_sha1_len;
-extern const size_t mbedtls_test_srv_crt_rsa_sha256_len;
-
-/* Config-dependent dispatch between SHA-1 and SHA-256
- * (SHA-256 if enabled, otherwise SHA-1) */
-
-extern const char mbedtls_test_srv_crt_rsa[];
-extern const size_t mbedtls_test_srv_crt_rsa_len;
-
-/* Config-dependent dispatch between EC and RSA
- * (RSA if enabled, otherwise EC) */
-
-extern const char * mbedtls_test_srv_crt;
-extern const char * mbedtls_test_srv_key;
-extern const char * mbedtls_test_srv_pwd;
-extern const size_t mbedtls_test_srv_crt_len;
-extern const size_t mbedtls_test_srv_key_len;
-extern const size_t mbedtls_test_srv_pwd_len;
-
-/*
- * Client test certificates
- */
-
-extern const char mbedtls_test_cli_crt_ec_pem[];
-extern const char mbedtls_test_cli_key_ec_pem[];
-extern const char mbedtls_test_cli_pwd_ec_pem[];
-extern const char mbedtls_test_cli_key_rsa_pem[];
-extern const char mbedtls_test_cli_pwd_rsa_pem[];
-extern const char mbedtls_test_cli_crt_rsa_pem[];
-
-extern const unsigned char mbedtls_test_cli_crt_ec_der[];
-extern const unsigned char mbedtls_test_cli_key_ec_der[];
-extern const unsigned char mbedtls_test_cli_key_rsa_der[];
-extern const unsigned char mbedtls_test_cli_crt_rsa_der[];
-
-extern const size_t mbedtls_test_cli_crt_ec_pem_len;
-extern const size_t mbedtls_test_cli_key_ec_pem_len;
-extern const size_t mbedtls_test_cli_pwd_ec_pem_len;
-extern const size_t mbedtls_test_cli_key_rsa_pem_len;
-extern const size_t mbedtls_test_cli_pwd_rsa_pem_len;
-extern const size_t mbedtls_test_cli_crt_rsa_pem_len;
-
-extern const size_t mbedtls_test_cli_crt_ec_der_len;
-extern const size_t mbedtls_test_cli_key_ec_der_len;
-extern const size_t mbedtls_test_cli_key_rsa_der_len;
-extern const size_t mbedtls_test_cli_crt_rsa_der_len;
-
-/* Config-dependent dispatch between PEM and DER encoding
- * (PEM if enabled, otherwise DER) */
-
-extern const char mbedtls_test_cli_crt_ec[];
-extern const char mbedtls_test_cli_key_ec[];
-extern const char mbedtls_test_cli_pwd_ec[];
-extern const char mbedtls_test_cli_key_rsa[];
-extern const char mbedtls_test_cli_pwd_rsa[];
-extern const char mbedtls_test_cli_crt_rsa[];
-
-extern const size_t mbedtls_test_cli_crt_ec_len;
-extern const size_t mbedtls_test_cli_key_ec_len;
-extern const size_t mbedtls_test_cli_pwd_ec_len;
-extern const size_t mbedtls_test_cli_key_rsa_len;
-extern const size_t mbedtls_test_cli_pwd_rsa_len;
-extern const size_t mbedtls_test_cli_crt_rsa_len;
-
-/* Config-dependent dispatch between EC and RSA
- * (RSA if enabled, otherwise EC) */
-
-extern const char * mbedtls_test_cli_crt;
-extern const char * mbedtls_test_cli_key;
-extern const char * mbedtls_test_cli_pwd;
-extern const size_t mbedtls_test_cli_crt_len;
-extern const size_t mbedtls_test_cli_key_len;
-extern const size_t mbedtls_test_cli_pwd_len;
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* certs.h */

lib/mbedtls/include/mbedtls/chacha20.h

@@ -1,227 +0,0 @@
-/**
- * \file chacha20.h
- *
- * \brief   This file contains ChaCha20 definitions and functions.
- *
- *          ChaCha20 is a stream cipher that can encrypt and decrypt
- *          information. ChaCha was created by Daniel Bernstein as a variant of
- *          its Salsa cipher https://cr.yp.to/chacha/chacha-20080128.pdf
- *          ChaCha20 is the variant with 20 rounds, that was also standardized
- *          in RFC 7539.
- *
- * \author Daniel King <damaki.gh@gmail.com>
- */
-
-/*
- *  Copyright (C) 2006-2018, Arm Limited (or its affiliates), All Rights Reserved.
- *  SPDX-License-Identifier: Apache-2.0
- *
- *  Licensed under the Apache License, Version 2.0 (the "License"); you may
- *  not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- *
- *  This file is part of Mbed TLS (https://tls.mbed.org)
- */
-
-#ifndef MBEDTLS_CHACHA20_H
-#define MBEDTLS_CHACHA20_H
-
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "mbedtls/config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
-
-#include <stdint.h>
-#include <stddef.h>
-
-#define MBEDTLS_ERR_CHACHA20_BAD_INPUT_DATA         -0x0051 /**< Invalid input parameter(s). */
-
-/* MBEDTLS_ERR_CHACHA20_FEATURE_UNAVAILABLE is deprecated and should not be
- * used. */
-#define MBEDTLS_ERR_CHACHA20_FEATURE_UNAVAILABLE    -0x0053 /**< Feature not available. For example, s part of the API is not implemented. */
-
-/* MBEDTLS_ERR_CHACHA20_HW_ACCEL_FAILED is deprecated and should not be used.
- */
-#define MBEDTLS_ERR_CHACHA20_HW_ACCEL_FAILED        -0x0055  /**< Chacha20 hardware accelerator failed. */
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-#if !defined(MBEDTLS_CHACHA20_ALT)
-
-typedef struct mbedtls_chacha20_context
-{
-    uint32_t state[16];          /*! The state (before round operations). */
-    uint8_t  keystream8[64];     /*! Leftover keystream bytes. */
-    size_t keystream_bytes_used; /*! Number of keystream bytes already used. */
-}
-mbedtls_chacha20_context;
-
-#else  /* MBEDTLS_CHACHA20_ALT */
-#include "chacha20_alt.h"
-#endif /* MBEDTLS_CHACHA20_ALT */
-
-/**
- * \brief           This function initializes the specified ChaCha20 context.
- *
- *                  It must be the first API called before using
- *                  the context.
- *
- *                  It is usually followed by calls to
- *                  \c mbedtls_chacha20_setkey() and
- *                  \c mbedtls_chacha20_starts(), then one or more calls to
- *                  to \c mbedtls_chacha20_update(), and finally to
- *                  \c mbedtls_chacha20_free().
- *
- * \param ctx       The ChaCha20 context to initialize.
- *                  This must not be \c NULL.
- */
-void mbedtls_chacha20_init( mbedtls_chacha20_context *ctx );
-
-/**
- * \brief           This function releases and clears the specified
- *                  ChaCha20 context.
- *
- * \param ctx       The ChaCha20 context to clear. This may be \c NULL,
- *                  in which case this function is a no-op. If it is not
- *                  \c NULL, it must point to an initialized context.
- *
- */
-void mbedtls_chacha20_free( mbedtls_chacha20_context *ctx );
-
-/**
- * \brief           This function sets the encryption/decryption key.
- *
- * \note            After using this function, you must also call
- *                  \c mbedtls_chacha20_starts() to set a nonce before you
- *                  start encrypting/decrypting data with
- *                  \c mbedtls_chacha_update().
- *
- * \param ctx       The ChaCha20 context to which the key should be bound.
- *                  It must be initialized.
- * \param key       The encryption/decryption key. This must be \c 32 Bytes
- *                  in length.
- *
- * \return          \c 0 on success.
- * \return          #MBEDTLS_ERR_CHACHA20_BAD_INPUT_DATA if ctx or key is NULL.
- */
-int mbedtls_chacha20_setkey( mbedtls_chacha20_context *ctx,
-                             const unsigned char key[32] );
-
-/**
- * \brief           This function sets the nonce and initial counter value.
- *
- * \note            A ChaCha20 context can be re-used with the same key by
- *                  calling this function to change the nonce.
- *
- * \warning         You must never use the same nonce twice with the same key.
- *                  This would void any confidentiality guarantees for the
- *                  messages encrypted with the same nonce and key.
- *
- * \param ctx       The ChaCha20 context to which the nonce should be bound.
- *                  It must be initialized and bound to a key.
- * \param nonce     The nonce. This must be \c 12 Bytes in size.
- * \param counter   The initial counter value. This is usually \c 0.
- *
- * \return          \c 0 on success.
- * \return          #MBEDTLS_ERR_CHACHA20_BAD_INPUT_DATA if ctx or nonce is
- *                  NULL.
- */
-int mbedtls_chacha20_starts( mbedtls_chacha20_context* ctx,
-                             const unsigned char nonce[12],
-                             uint32_t counter );
-
-/**
- * \brief           This function encrypts or decrypts data.
- *
- *                  Since ChaCha20 is a stream cipher, the same operation is
- *                  used for encrypting and decrypting data.
- *
- * \note            The \p input and \p output pointers must either be equal or
- *                  point to non-overlapping buffers.
- *
- * \note            \c mbedtls_chacha20_setkey() and
- *                  \c mbedtls_chacha20_starts() must be called at least once
- *                  to setup the context before this function can be called.
- *
- * \note            This function can be called multiple times in a row in
- *                  order to encrypt of decrypt data piecewise with the same
- *                  key and nonce.
- *
- * \param ctx       The ChaCha20 context to use for encryption or decryption.
- *                  It must be initialized and bound to a key and nonce.
- * \param size      The length of the input data in Bytes.
- * \param input     The buffer holding the input data.
- *                  This pointer can be \c NULL if `size == 0`.
- * \param output    The buffer holding the output data.
- *                  This must be able to hold \p size Bytes.
- *                  This pointer can be \c NULL if `size == 0`.
- *
- * \return          \c 0 on success.
- * \return          A negative error code on failure.
- */
-int mbedtls_chacha20_update( mbedtls_chacha20_context *ctx,
-                             size_t size,
-                             const unsigned char *input,
-                             unsigned char *output );
-
-/**
- * \brief           This function encrypts or decrypts data with ChaCha20 and
- *                  the given key and nonce.
- *
- *                  Since ChaCha20 is a stream cipher, the same operation is
- *                  used for encrypting and decrypting data.
- *
- * \warning         You must never use the same (key, nonce) pair more than
- *                  once. This would void any confidentiality guarantees for
- *                  the messages encrypted with the same nonce and key.
- *
- * \note            The \p input and \p output pointers must either be equal or
- *                  point to non-overlapping buffers.
- *
- * \param key       The encryption/decryption key.
- *                  This must be \c 32 Bytes in length.
- * \param nonce     The nonce. This must be \c 12 Bytes in size.
- * \param counter   The initial counter value. This is usually \c 0.
- * \param size      The length of the input data in Bytes.
- * \param input     The buffer holding the input data.
- *                  This pointer can be \c NULL if `size == 0`.
- * \param output    The buffer holding the output data.
- *                  This must be able to hold \p size Bytes.
- *                  This pointer can be \c NULL if `size == 0`.
- *
- * \return          \c 0 on success.
- * \return          A negative error code on failure.
- */
-int mbedtls_chacha20_crypt( const unsigned char key[32],
-                            const unsigned char nonce[12],
-                            uint32_t counter,
-                            size_t size,
-                            const unsigned char* input,
-                            unsigned char* output );
-
-#if defined(MBEDTLS_SELF_TEST)
-/**
- * \brief           The ChaCha20 checkup routine.
- *
- * \return          \c 0 on success.
- * \return          \c 1 on failure.
- */
-int mbedtls_chacha20_self_test( int verbose );
-#endif /* MBEDTLS_SELF_TEST */
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* MBEDTLS_CHACHA20_H */

lib/mbedtls/include/mbedtls/chachapoly.h

@@ -1,359 +0,0 @@
-/**
- * \file chachapoly.h
- *
- * \brief   This file contains the AEAD-ChaCha20-Poly1305 definitions and
- *          functions.
- *
- *          ChaCha20-Poly1305 is an algorithm for Authenticated Encryption
- *          with Associated Data (AEAD) that can be used to encrypt and
- *          authenticate data. It is based on ChaCha20 and Poly1305 by Daniel
- *          Bernstein and was standardized in RFC 7539.
- *
- * \author Daniel King <damaki.gh@gmail.com>
- */
-
-/*
- *  Copyright (C) 2006-2018, Arm Limited (or its affiliates), All Rights Reserved.
- *  SPDX-License-Identifier: Apache-2.0
- *
- *  Licensed under the Apache License, Version 2.0 (the "License"); you may
- *  not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- *
- *  This file is part of Mbed TLS (https://tls.mbed.org)
- */
-
-#ifndef MBEDTLS_CHACHAPOLY_H
-#define MBEDTLS_CHACHAPOLY_H
-
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "mbedtls/config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
-
-/* for shared error codes */
-#include "mbedtls/poly1305.h"
-
-#define MBEDTLS_ERR_CHACHAPOLY_BAD_STATE            -0x0054 /**< The requested operation is not permitted in the current state. */
-#define MBEDTLS_ERR_CHACHAPOLY_AUTH_FAILED          -0x0056 /**< Authenticated decryption failed: data was not authentic. */
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-typedef enum
-{
-    MBEDTLS_CHACHAPOLY_ENCRYPT,     /**< The mode value for performing encryption. */
-    MBEDTLS_CHACHAPOLY_DECRYPT      /**< The mode value for performing decryption. */
-}
-mbedtls_chachapoly_mode_t;
-
-#if !defined(MBEDTLS_CHACHAPOLY_ALT)
-
-#include "mbedtls/chacha20.h"
-
-typedef struct mbedtls_chachapoly_context
-{
-    mbedtls_chacha20_context chacha20_ctx;  /**< The ChaCha20 context. */
-    mbedtls_poly1305_context poly1305_ctx;  /**< The Poly1305 context. */
-    uint64_t aad_len;                       /**< The length (bytes) of the Additional Authenticated Data. */
-    uint64_t ciphertext_len;                /**< The length (bytes) of the ciphertext. */
-    int state;                              /**< The current state of the context. */
-    mbedtls_chachapoly_mode_t mode;         /**< Cipher mode (encrypt or decrypt). */
-}
-mbedtls_chachapoly_context;
-
-#else /* !MBEDTLS_CHACHAPOLY_ALT */
-#include "chachapoly_alt.h"
-#endif /* !MBEDTLS_CHACHAPOLY_ALT */
-
-/**
- * \brief           This function initializes the specified ChaCha20-Poly1305 context.
- *
- *                  It must be the first API called before using
- *                  the context. It must be followed by a call to
- *                  \c mbedtls_chachapoly_setkey() before any operation can be
- *                  done, and to \c mbedtls_chachapoly_free() once all
- *                  operations with that context have been finished.
- *
- *                  In order to encrypt or decrypt full messages at once, for
- *                  each message you should make a single call to
- *                  \c mbedtls_chachapoly_crypt_and_tag() or
- *                  \c mbedtls_chachapoly_auth_decrypt().
- *
- *                  In order to encrypt messages piecewise, for each
- *                  message you should make a call to
- *                  \c mbedtls_chachapoly_starts(), then 0 or more calls to
- *                  \c mbedtls_chachapoly_update_aad(), then 0 or more calls to
- *                  \c mbedtls_chachapoly_update(), then one call to
- *                  \c mbedtls_chachapoly_finish().
- *
- * \warning         Decryption with the piecewise API is discouraged! Always
- *                  use \c mbedtls_chachapoly_auth_decrypt() when possible!
- *
- *                  If however this is not possible because the data is too
- *                  large to fit in memory, you need to:
- *
- *                  - call \c mbedtls_chachapoly_starts() and (if needed)
- *                  \c mbedtls_chachapoly_update_aad() as above,
- *                  - call \c mbedtls_chachapoly_update() multiple times and
- *                  ensure its output (the plaintext) is NOT used in any other
- *                  way than placing it in temporary storage at this point,
- *                  - call \c mbedtls_chachapoly_finish() to compute the
- *                  authentication tag and compared it in constant time to the
- *                  tag received with the ciphertext.
- *
- *                  If the tags are not equal, you must immediately discard
- *                  all previous outputs of \c mbedtls_chachapoly_update(),
- *                  otherwise you can now safely use the plaintext.
- *
- * \param ctx       The ChachaPoly context to initialize. Must not be \c NULL.
- */
-void mbedtls_chachapoly_init( mbedtls_chachapoly_context *ctx );
-
-/**
- * \brief           This function releases and clears the specified
- *                  ChaCha20-Poly1305 context.
- *
- * \param ctx       The ChachaPoly context to clear. This may be \c NULL, in which
- *                  case this function is a no-op.
- */
-void mbedtls_chachapoly_free( mbedtls_chachapoly_context *ctx );
-
-/**
- * \brief           This function sets the ChaCha20-Poly1305
- *                  symmetric encryption key.
- *
- * \param ctx       The ChaCha20-Poly1305 context to which the key should be
- *                  bound. This must be initialized.
- * \param key       The \c 256 Bit (\c 32 Bytes) key.
- *
- * \return          \c 0 on success.
- * \return          A negative error code on failure.
- */
-int mbedtls_chachapoly_setkey( mbedtls_chachapoly_context *ctx,
-                               const unsigned char key[32] );
-
-/**
- * \brief           This function starts a ChaCha20-Poly1305 encryption or
- *                  decryption operation.
- *
- * \warning         You must never use the same nonce twice with the same key.
- *                  This would void any confidentiality and authenticity
- *                  guarantees for the messages encrypted with the same nonce
- *                  and key.
- *
- * \note            If the context is being used for AAD only (no data to
- *                  encrypt or decrypt) then \p mode can be set to any value.
- *
- * \warning         Decryption with the piecewise API is discouraged, see the
- *                  warning on \c mbedtls_chachapoly_init().
- *
- * \param ctx       The ChaCha20-Poly1305 context. This must be initialized
- *                  and bound to a key.
- * \param nonce     The nonce/IV to use for the message.
- *                  This must be a redable buffer of length \c 12 Bytes.
- * \param mode      The operation to perform: #MBEDTLS_CHACHAPOLY_ENCRYPT or
- *                  #MBEDTLS_CHACHAPOLY_DECRYPT (discouraged, see warning).
- *
- * \return          \c 0 on success.
- * \return          A negative error code on failure.
- */
-int mbedtls_chachapoly_starts( mbedtls_chachapoly_context *ctx,
-                               const unsigned char nonce[12],
-                               mbedtls_chachapoly_mode_t mode );
-
-/**
- * \brief           This function feeds additional data to be authenticated
- *                  into an ongoing ChaCha20-Poly1305 operation.
- *
- *                  The Additional Authenticated Data (AAD), also called
- *                  Associated Data (AD) is only authenticated but not
- *                  encrypted nor included in the encrypted output. It is
- *                  usually transmitted separately from the ciphertext or
- *                  computed locally by each party.
- *
- * \note            This function is called before data is encrypted/decrypted.
- *                  I.e. call this function to process the AAD before calling
- *                  \c mbedtls_chachapoly_update().
- *
- *                  You may call this function multiple times to process
- *                  an arbitrary amount of AAD. It is permitted to call
- *                  this function 0 times, if no AAD is used.
- *
- *                  This function cannot be called any more if data has
- *                  been processed by \c mbedtls_chachapoly_update(),
- *                  or if the context has been finished.
- *
- * \warning         Decryption with the piecewise API is discouraged, see the
- *                  warning on \c mbedtls_chachapoly_init().
- *
- * \param ctx       The ChaCha20-Poly1305 context. This must be initialized
- *                  and bound to a key.
- * \param aad_len   The length in Bytes of the AAD. The length has no
- *                  restrictions.
- * \param aad       Buffer containing the AAD.
- *                  This pointer can be \c NULL if `aad_len == 0`.
- *
- * \return          \c 0 on success.
- * \return          #MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA
- *                  if \p ctx or \p aad are NULL.
- * \return          #MBEDTLS_ERR_CHACHAPOLY_BAD_STATE
- *                  if the operations has not been started or has been
- *                  finished, or if the AAD has been finished.
- */
-int mbedtls_chachapoly_update_aad( mbedtls_chachapoly_context *ctx,
-                                   const unsigned char *aad,
-                                   size_t aad_len );
-
-/**
- * \brief           Thus function feeds data to be encrypted or decrypted
- *                  into an on-going ChaCha20-Poly1305
- *                  operation.
- *
- *                  The direction (encryption or decryption) depends on the
- *                  mode that was given when calling
- *                  \c mbedtls_chachapoly_starts().
- *
- *                  You may call this function multiple times to process
- *                  an arbitrary amount of data. It is permitted to call
- *                  this function 0 times, if no data is to be encrypted
- *                  or decrypted.
- *
- * \warning         Decryption with the piecewise API is discouraged, see the
- *                  warning on \c mbedtls_chachapoly_init().
- *
- * \param ctx       The ChaCha20-Poly1305 context to use. This must be initialized.
- * \param len       The length (in bytes) of the data to encrypt or decrypt.
- * \param input     The buffer containing the data to encrypt or decrypt.
- *                  This pointer can be \c NULL if `len == 0`.
- * \param output    The buffer to where the encrypted or decrypted data is
- *                  written. This must be able to hold \p len bytes.
- *                  This pointer can be \c NULL if `len == 0`.
- *
- * \return          \c 0 on success.
- * \return          #MBEDTLS_ERR_CHACHAPOLY_BAD_STATE
- *                  if the operation has not been started or has been
- *                  finished.
- * \return          Another negative error code on other kinds of failure.
- */
-int mbedtls_chachapoly_update( mbedtls_chachapoly_context *ctx,
-                               size_t len,
-                               const unsigned char *input,
-                               unsigned char *output );
-
-/**
- * \brief           This function finished the ChaCha20-Poly1305 operation and
- *                  generates the MAC (authentication tag).
- *
- * \param ctx       The ChaCha20-Poly1305 context to use. This must be initialized.
- * \param mac       The buffer to where the 128-bit (16 bytes) MAC is written.
- *
- * \warning         Decryption with the piecewise API is discouraged, see the
- *                  warning on \c mbedtls_chachapoly_init().
- *
- * \return          \c 0 on success.
- * \return          #MBEDTLS_ERR_CHACHAPOLY_BAD_STATE
- *                  if the operation has not been started or has been
- *                  finished.
- * \return          Another negative error code on other kinds of failure.
- */
-int mbedtls_chachapoly_finish( mbedtls_chachapoly_context *ctx,
-                               unsigned char mac[16] );
-
-/**
- * \brief           This function performs a complete ChaCha20-Poly1305
- *                  authenticated encryption with the previously-set key.
- *
- * \note            Before using this function, you must set the key with
- *                  \c mbedtls_chachapoly_setkey().
- *
- * \warning         You must never use the same nonce twice with the same key.
- *                  This would void any confidentiality and authenticity
- *                  guarantees for the messages encrypted with the same nonce
- *                  and key.
- *
- * \param ctx       The ChaCha20-Poly1305 context to use (holds the key).
- *                  This must be initialized.
- * \param length    The length (in bytes) of the data to encrypt or decrypt.
- * \param nonce     The 96-bit (12 bytes) nonce/IV to use.
- * \param aad       The buffer containing the additional authenticated
- *                  data (AAD). This pointer can be \c NULL if `aad_len == 0`.
- * \param aad_len   The length (in bytes) of the AAD data to process.
- * \param input     The buffer containing the data to encrypt or decrypt.
- *                  This pointer can be \c NULL if `ilen == 0`.
- * \param output    The buffer to where the encrypted or decrypted data
- *                  is written. This pointer can be \c NULL if `ilen == 0`.
- * \param tag       The buffer to where the computed 128-bit (16 bytes) MAC
- *                  is written. This must not be \c NULL.
- *
- * \return          \c 0 on success.
- * \return          A negative error code on failure.
- */
-int mbedtls_chachapoly_encrypt_and_tag( mbedtls_chachapoly_context *ctx,
-                                        size_t length,
-                                        const unsigned char nonce[12],
-                                        const unsigned char *aad,
-                                        size_t aad_len,
-                                        const unsigned char *input,
-                                        unsigned char *output,
-                                        unsigned char tag[16] );
-
-/**
- * \brief           This function performs a complete ChaCha20-Poly1305
- *                  authenticated decryption with the previously-set key.
- *
- * \note            Before using this function, you must set the key with
- *                  \c mbedtls_chachapoly_setkey().
- *
- * \param ctx       The ChaCha20-Poly1305 context to use (holds the key).
- * \param length    The length (in Bytes) of the data to decrypt.
- * \param nonce     The \c 96 Bit (\c 12 bytes) nonce/IV to use.
- * \param aad       The buffer containing the additional authenticated data (AAD).
- *                  This pointer can be \c NULL if `aad_len == 0`.
- * \param aad_len   The length (in bytes) of the AAD data to process.
- * \param tag       The buffer holding the authentication tag.
- *                  This must be a readable buffer of length \c 16 Bytes.
- * \param input     The buffer containing the data to decrypt.
- *                  This pointer can be \c NULL if `ilen == 0`.
- * \param output    The buffer to where the decrypted data is written.
- *                  This pointer can be \c NULL if `ilen == 0`.
- *
- * \return          \c 0 on success.
- * \return          #MBEDTLS_ERR_CHACHAPOLY_AUTH_FAILED
- *                  if the data was not authentic.
- * \return          Another negative error code on other kinds of failure.
- */
-int mbedtls_chachapoly_auth_decrypt( mbedtls_chachapoly_context *ctx,
-                                     size_t length,
-                                     const unsigned char nonce[12],
-                                     const unsigned char *aad,
-                                     size_t aad_len,
-                                     const unsigned char tag[16],
-                                     const unsigned char *input,
-                                     unsigned char *output );
-
-#if defined(MBEDTLS_SELF_TEST)
-/**
- * \brief           The ChaCha20-Poly1305 checkup routine.
- *
- * \return          \c 0 on success.
- * \return          \c 1 on failure.
- */
-int mbedtls_chachapoly_self_test( int verbose );
-#endif /* MBEDTLS_SELF_TEST */
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* MBEDTLS_CHACHAPOLY_H */

lib/mbedtls/include/mbedtls/check_config.h

@@ -1,860 +0,0 @@
-/**
- * \file check_config.h
- *
- * \brief Consistency checks for configuration options
- */
-/*
- *  Copyright (C) 2006-2018, ARM Limited, All Rights Reserved
- *  SPDX-License-Identifier: Apache-2.0
- *
- *  Licensed under the Apache License, Version 2.0 (the "License"); you may
- *  not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- *
- *  This file is part of mbed TLS (https://tls.mbed.org)
- */
-
-/*
- * It is recommended to include this file from your config.h
- * in order to catch dependency issues early.
- */
-
-#ifndef MBEDTLS_CHECK_CONFIG_H
-#define MBEDTLS_CHECK_CONFIG_H
-
-/*
- * We assume CHAR_BIT is 8 in many places. In practice, this is true on our
- * target platforms, so not an issue, but let's just be extra sure.
- */
-#include <limits.h>
-#if CHAR_BIT != 8
-#error "mbed TLS requires a platform with 8-bit chars"
-#endif
-
-#if defined(_WIN32)
-#if !defined(MBEDTLS_PLATFORM_C)
-#error "MBEDTLS_PLATFORM_C is required on Windows"
-#endif
-
-/* Fix the config here. Not convenient to put an #ifdef _WIN32 in config.h as
- * it would confuse config.py. */
-#if !defined(MBEDTLS_PLATFORM_SNPRINTF_ALT) && \
-    !defined(MBEDTLS_PLATFORM_SNPRINTF_MACRO)
-#define MBEDTLS_PLATFORM_SNPRINTF_ALT
-#endif
-
-#if !defined(MBEDTLS_PLATFORM_VSNPRINTF_ALT) && \
-    !defined(MBEDTLS_PLATFORM_VSNPRINTF_MACRO)
-#define MBEDTLS_PLATFORM_VSNPRINTF_ALT
-#endif
-#endif /* _WIN32 */
-
-#if defined(TARGET_LIKE_MBED) && \
-    ( defined(MBEDTLS_NET_C) || defined(MBEDTLS_TIMING_C) )
-#error "The NET and TIMING modules are not available for mbed OS - please use the network and timing functions provided by mbed OS"
-#endif
-
-#if defined(MBEDTLS_DEPRECATED_WARNING) && \
-    !defined(__GNUC__) && !defined(__clang__)
-#error "MBEDTLS_DEPRECATED_WARNING only works with GCC and Clang"
-#endif
-
-#if defined(MBEDTLS_HAVE_TIME_DATE) && !defined(MBEDTLS_HAVE_TIME)
-#error "MBEDTLS_HAVE_TIME_DATE without MBEDTLS_HAVE_TIME does not make sense"
-#endif
-
-#if defined(MBEDTLS_AESNI_C) && !defined(MBEDTLS_HAVE_ASM)
-#error "MBEDTLS_AESNI_C defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_CTR_DRBG_C) && !defined(MBEDTLS_AES_C)
-#error "MBEDTLS_CTR_DRBG_C defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_DHM_C) && !defined(MBEDTLS_BIGNUM_C)
-#error "MBEDTLS_DHM_C defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_SSL_TRUNCATED_HMAC_COMPAT) && !defined(MBEDTLS_SSL_TRUNCATED_HMAC)
-#error "MBEDTLS_SSL_TRUNCATED_HMAC_COMPAT defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_CMAC_C) && \
-    !defined(MBEDTLS_AES_C) && !defined(MBEDTLS_DES_C)
-#error "MBEDTLS_CMAC_C defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_NIST_KW_C) && \
-    ( !defined(MBEDTLS_AES_C) || !defined(MBEDTLS_CIPHER_C) )
-#error "MBEDTLS_NIST_KW_C defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_ECDH_C) && !defined(MBEDTLS_ECP_C)
-#error "MBEDTLS_ECDH_C defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_ECDSA_C) &&            \
-    ( !defined(MBEDTLS_ECP_C) ||           \
-      !defined(MBEDTLS_ASN1_PARSE_C) ||    \
-      !defined(MBEDTLS_ASN1_WRITE_C) )
-#error "MBEDTLS_ECDSA_C defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_ECJPAKE_C) &&           \
-    ( !defined(MBEDTLS_ECP_C) || !defined(MBEDTLS_MD_C) )
-#error "MBEDTLS_ECJPAKE_C defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_ECP_RESTARTABLE)           && \
-    ( defined(MBEDTLS_USE_PSA_CRYPTO)          || \
-      defined(MBEDTLS_ECDH_COMPUTE_SHARED_ALT) || \
-      defined(MBEDTLS_ECDH_GEN_PUBLIC_ALT)     || \
-      defined(MBEDTLS_ECDSA_SIGN_ALT)          || \
-      defined(MBEDTLS_ECDSA_VERIFY_ALT)        || \
-      defined(MBEDTLS_ECDSA_GENKEY_ALT)        || \
-      defined(MBEDTLS_ECP_INTERNAL_ALT)        || \
-      defined(MBEDTLS_ECP_ALT) )
-#error "MBEDTLS_ECP_RESTARTABLE defined, but it cannot coexist with an alternative or PSA-based ECP implementation"
-#endif
-
-#if defined(MBEDTLS_ECP_RESTARTABLE)           && \
-    ! defined(MBEDTLS_ECDH_LEGACY_CONTEXT)
-#error "MBEDTLS_ECP_RESTARTABLE defined, but not MBEDTLS_ECDH_LEGACY_CONTEXT"
-#endif
-
-#if defined(MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED)           && \
-    defined(MBEDTLS_ECDH_LEGACY_CONTEXT)
-#error "MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED defined, but MBEDTLS_ECDH_LEGACY_CONTEXT not disabled"
-#endif
-
-#if defined(MBEDTLS_ECDSA_DETERMINISTIC) && !defined(MBEDTLS_HMAC_DRBG_C)
-#error "MBEDTLS_ECDSA_DETERMINISTIC defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_ECP_C) && ( !defined(MBEDTLS_BIGNUM_C) || (    \
-    !defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED) &&                  \
-    !defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED) &&                  \
-    !defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED) &&                  \
-    !defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED) &&                  \
-    !defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED) &&                  \
-    !defined(MBEDTLS_ECP_DP_BP256R1_ENABLED)   &&                  \
-    !defined(MBEDTLS_ECP_DP_BP384R1_ENABLED)   &&                  \
-    !defined(MBEDTLS_ECP_DP_BP512R1_ENABLED)   &&                  \
-    !defined(MBEDTLS_ECP_DP_SECP192K1_ENABLED) &&                  \
-    !defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED) &&                  \
-    !defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED) &&                  \
-    !defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED) &&                 \
-    !defined(MBEDTLS_ECP_DP_CURVE448_ENABLED) ) )
-#error "MBEDTLS_ECP_C defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_ECP_C) && !(            \
-    defined(MBEDTLS_ECP_ALT) ||             \
-    defined(MBEDTLS_CTR_DRBG_C) ||          \
-    defined(MBEDTLS_HMAC_DRBG_C) ||         \
-    defined(MBEDTLS_ECP_NO_INTERNAL_RNG))
-#error "MBEDTLS_ECP_C requires a DRBG module unless MBEDTLS_ECP_NO_INTERNAL_RNG is defined or an alternative implementation is used"
-#endif
-
-#if defined(MBEDTLS_PK_PARSE_C) && !defined(MBEDTLS_ASN1_PARSE_C)
-#error "MBEDTLS_PK_PARSE_C defined, but not all prerequesites"
-#endif
-
-#if defined(MBEDTLS_ENTROPY_C) && (!defined(MBEDTLS_SHA512_C) &&      \
-                                    !defined(MBEDTLS_SHA256_C))
-#error "MBEDTLS_ENTROPY_C defined, but not all prerequisites"
-#endif
-#if defined(MBEDTLS_ENTROPY_C) && defined(MBEDTLS_SHA512_C) &&         \
-    defined(MBEDTLS_CTR_DRBG_ENTROPY_LEN) && (MBEDTLS_CTR_DRBG_ENTROPY_LEN > 64)
-#error "MBEDTLS_CTR_DRBG_ENTROPY_LEN value too high"
-#endif
-#if defined(MBEDTLS_ENTROPY_C) &&                                            \
-    ( !defined(MBEDTLS_SHA512_C) || defined(MBEDTLS_ENTROPY_FORCE_SHA256) ) \
-    && defined(MBEDTLS_CTR_DRBG_ENTROPY_LEN) && (MBEDTLS_CTR_DRBG_ENTROPY_LEN > 32)
-#error "MBEDTLS_CTR_DRBG_ENTROPY_LEN value too high"
-#endif
-#if defined(MBEDTLS_ENTROPY_C) && \
-    defined(MBEDTLS_ENTROPY_FORCE_SHA256) && !defined(MBEDTLS_SHA256_C)
-#error "MBEDTLS_ENTROPY_FORCE_SHA256 defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_TEST_NULL_ENTROPY) && \
-    ( !defined(MBEDTLS_ENTROPY_C) || !defined(MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES) )
-#error "MBEDTLS_TEST_NULL_ENTROPY defined, but not all prerequisites"
-#endif
-#if defined(MBEDTLS_TEST_NULL_ENTROPY) && \
-     ( defined(MBEDTLS_ENTROPY_NV_SEED) || defined(MBEDTLS_ENTROPY_HARDWARE_ALT) || \
-    defined(MBEDTLS_HAVEGE_C) )
-#error "MBEDTLS_TEST_NULL_ENTROPY defined, but entropy sources too"
-#endif
-
-#if defined(MBEDTLS_GCM_C) && (                                        \
-        !defined(MBEDTLS_AES_C) && !defined(MBEDTLS_CAMELLIA_C) && !defined(MBEDTLS_ARIA_C) )
-#error "MBEDTLS_GCM_C defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_ECP_RANDOMIZE_JAC_ALT) && !defined(MBEDTLS_ECP_INTERNAL_ALT)
-#error "MBEDTLS_ECP_RANDOMIZE_JAC_ALT defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_ECP_ADD_MIXED_ALT) && !defined(MBEDTLS_ECP_INTERNAL_ALT)
-#error "MBEDTLS_ECP_ADD_MIXED_ALT defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_ECP_DOUBLE_JAC_ALT) && !defined(MBEDTLS_ECP_INTERNAL_ALT)
-#error "MBEDTLS_ECP_DOUBLE_JAC_ALT defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_ECP_NORMALIZE_JAC_MANY_ALT) && !defined(MBEDTLS_ECP_INTERNAL_ALT)
-#error "MBEDTLS_ECP_NORMALIZE_JAC_MANY_ALT defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_ECP_NORMALIZE_JAC_ALT) && !defined(MBEDTLS_ECP_INTERNAL_ALT)
-#error "MBEDTLS_ECP_NORMALIZE_JAC_ALT defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_ECP_DOUBLE_ADD_MXZ_ALT) && !defined(MBEDTLS_ECP_INTERNAL_ALT)
-#error "MBEDTLS_ECP_DOUBLE_ADD_MXZ_ALT defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_ECP_RANDOMIZE_MXZ_ALT) && !defined(MBEDTLS_ECP_INTERNAL_ALT)
-#error "MBEDTLS_ECP_RANDOMIZE_MXZ_ALT defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_ECP_NORMALIZE_MXZ_ALT) && !defined(MBEDTLS_ECP_INTERNAL_ALT)
-#error "MBEDTLS_ECP_NORMALIZE_MXZ_ALT defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_HAVEGE_C) && !defined(MBEDTLS_TIMING_C)
-#error "MBEDTLS_HAVEGE_C defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_HKDF_C) && !defined(MBEDTLS_MD_C)
-#error "MBEDTLS_HKDF_C defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_HMAC_DRBG_C) && !defined(MBEDTLS_MD_C)
-#error "MBEDTLS_HMAC_DRBG_C defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED) &&                 \
-    ( !defined(MBEDTLS_ECDH_C) || !defined(MBEDTLS_X509_CRT_PARSE_C) )
-#error "MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) &&                 \
-    ( !defined(MBEDTLS_ECDH_C) || !defined(MBEDTLS_X509_CRT_PARSE_C) )
-#error "MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED) && !defined(MBEDTLS_DHM_C)
-#error "MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED) &&                     \
-    !defined(MBEDTLS_ECDH_C)
-#error "MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) &&                   \
-    ( !defined(MBEDTLS_DHM_C) || !defined(MBEDTLS_RSA_C) ||           \
-      !defined(MBEDTLS_X509_CRT_PARSE_C) || !defined(MBEDTLS_PKCS1_V15) )
-#error "MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) &&                 \
-    ( !defined(MBEDTLS_ECDH_C) || !defined(MBEDTLS_RSA_C) ||          \
-      !defined(MBEDTLS_X509_CRT_PARSE_C) || !defined(MBEDTLS_PKCS1_V15) )
-#error "MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) &&                 \
-    ( !defined(MBEDTLS_ECDH_C) || !defined(MBEDTLS_ECDSA_C) ||          \
-      !defined(MBEDTLS_X509_CRT_PARSE_C) )
-#error "MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED) &&                   \
-    ( !defined(MBEDTLS_RSA_C) || !defined(MBEDTLS_X509_CRT_PARSE_C) || \
-      !defined(MBEDTLS_PKCS1_V15) )
-#error "MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED) &&                       \
-    ( !defined(MBEDTLS_RSA_C) || !defined(MBEDTLS_X509_CRT_PARSE_C) || \
-      !defined(MBEDTLS_PKCS1_V15) )
-#error "MBEDTLS_KEY_EXCHANGE_RSA_ENABLED defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) &&                    \
-    ( !defined(MBEDTLS_ECJPAKE_C) || !defined(MBEDTLS_SHA256_C) ||      \
-      !defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED) )
-#error "MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) &&        \
-    !defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE) &&              \
-    ( !defined(MBEDTLS_SHA256_C) &&                             \
-      !defined(MBEDTLS_SHA512_C) &&                             \
-      !defined(MBEDTLS_SHA1_C) )
-#error "!MBEDTLS_SSL_KEEP_PEER_CERTIFICATE requires MBEDTLS_SHA512_C, MBEDTLS_SHA256_C or MBEDTLS_SHA1_C"
-#endif
-
-#if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C) &&                          \
-    ( !defined(MBEDTLS_PLATFORM_C) || !defined(MBEDTLS_PLATFORM_MEMORY) )
-#error "MBEDTLS_MEMORY_BUFFER_ALLOC_C defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_MEMORY_BACKTRACE) && !defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C)
-#error "MBEDTLS_MEMORY_BACKTRACE defined, but not all prerequesites"
-#endif
-
-#if defined(MBEDTLS_MEMORY_DEBUG) && !defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C)
-#error "MBEDTLS_MEMORY_DEBUG defined, but not all prerequesites"
-#endif
-
-#if defined(MBEDTLS_PADLOCK_C) && !defined(MBEDTLS_HAVE_ASM)
-#error "MBEDTLS_PADLOCK_C defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_PEM_PARSE_C) && !defined(MBEDTLS_BASE64_C)
-#error "MBEDTLS_PEM_PARSE_C defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_PEM_WRITE_C) && !defined(MBEDTLS_BASE64_C)
-#error "MBEDTLS_PEM_WRITE_C defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_PK_C) && \
-    ( !defined(MBEDTLS_RSA_C) && !defined(MBEDTLS_ECP_C) )
-#error "MBEDTLS_PK_C defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_PK_PARSE_C) && !defined(MBEDTLS_PK_C)
-#error "MBEDTLS_PK_PARSE_C defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_PK_WRITE_C) && !defined(MBEDTLS_PK_C)
-#error "MBEDTLS_PK_WRITE_C defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_PKCS11_C) && !defined(MBEDTLS_PK_C)
-#error "MBEDTLS_PKCS11_C defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_PKCS11_C)
-#if defined(MBEDTLS_DEPRECATED_REMOVED)
-#error "MBEDTLS_PKCS11_C is deprecated and will be removed in a future version of Mbed TLS"
-#elif defined(MBEDTLS_DEPRECATED_WARNING)
-#warning "MBEDTLS_PKCS11_C is deprecated and will be removed in a future version of Mbed TLS"
-#endif
-#endif /* MBEDTLS_PKCS11_C */
-
-#if defined(MBEDTLS_PLATFORM_EXIT_ALT) && !defined(MBEDTLS_PLATFORM_C)
-#error "MBEDTLS_PLATFORM_EXIT_ALT defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_PLATFORM_EXIT_MACRO) && !defined(MBEDTLS_PLATFORM_C)
-#error "MBEDTLS_PLATFORM_EXIT_MACRO defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_PLATFORM_EXIT_MACRO) &&\
-    ( defined(MBEDTLS_PLATFORM_STD_EXIT) ||\
-        defined(MBEDTLS_PLATFORM_EXIT_ALT) )
-#error "MBEDTLS_PLATFORM_EXIT_MACRO and MBEDTLS_PLATFORM_STD_EXIT/MBEDTLS_PLATFORM_EXIT_ALT cannot be defined simultaneously"
-#endif
-
-#if defined(MBEDTLS_PLATFORM_TIME_ALT) &&\
-    ( !defined(MBEDTLS_PLATFORM_C) ||\
-        !defined(MBEDTLS_HAVE_TIME) )
-#error "MBEDTLS_PLATFORM_TIME_ALT defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_PLATFORM_TIME_MACRO) &&\
-    ( !defined(MBEDTLS_PLATFORM_C) ||\
-        !defined(MBEDTLS_HAVE_TIME) )
-#error "MBEDTLS_PLATFORM_TIME_MACRO defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_PLATFORM_TIME_TYPE_MACRO) &&\
-    ( !defined(MBEDTLS_PLATFORM_C) ||\
-        !defined(MBEDTLS_HAVE_TIME) )
-#error "MBEDTLS_PLATFORM_TIME_TYPE_MACRO defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_PLATFORM_TIME_MACRO) &&\
-    ( defined(MBEDTLS_PLATFORM_STD_TIME) ||\
-        defined(MBEDTLS_PLATFORM_TIME_ALT) )
-#error "MBEDTLS_PLATFORM_TIME_MACRO and MBEDTLS_PLATFORM_STD_TIME/MBEDTLS_PLATFORM_TIME_ALT cannot be defined simultaneously"
-#endif
-
-#if defined(MBEDTLS_PLATFORM_TIME_TYPE_MACRO) &&\
-    ( defined(MBEDTLS_PLATFORM_STD_TIME) ||\
-        defined(MBEDTLS_PLATFORM_TIME_ALT) )
-#error "MBEDTLS_PLATFORM_TIME_TYPE_MACRO and MBEDTLS_PLATFORM_STD_TIME/MBEDTLS_PLATFORM_TIME_ALT cannot be defined simultaneously"
-#endif
-
-#if defined(MBEDTLS_PLATFORM_FPRINTF_ALT) && !defined(MBEDTLS_PLATFORM_C)
-#error "MBEDTLS_PLATFORM_FPRINTF_ALT defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_PLATFORM_FPRINTF_MACRO) && !defined(MBEDTLS_PLATFORM_C)
-#error "MBEDTLS_PLATFORM_FPRINTF_MACRO defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_PLATFORM_FPRINTF_MACRO) &&\
-    ( defined(MBEDTLS_PLATFORM_STD_FPRINTF) ||\
-        defined(MBEDTLS_PLATFORM_FPRINTF_ALT) )
-#error "MBEDTLS_PLATFORM_FPRINTF_MACRO and MBEDTLS_PLATFORM_STD_FPRINTF/MBEDTLS_PLATFORM_FPRINTF_ALT cannot be defined simultaneously"
-#endif
-
-#if defined(MBEDTLS_PLATFORM_FREE_MACRO) &&\
-    ( !defined(MBEDTLS_PLATFORM_C) || !defined(MBEDTLS_PLATFORM_MEMORY) )
-#error "MBEDTLS_PLATFORM_FREE_MACRO defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_PLATFORM_FREE_MACRO) &&\
-    defined(MBEDTLS_PLATFORM_STD_FREE)
-#error "MBEDTLS_PLATFORM_FREE_MACRO and MBEDTLS_PLATFORM_STD_FREE cannot be defined simultaneously"
-#endif
-
-#if defined(MBEDTLS_PLATFORM_FREE_MACRO) && !defined(MBEDTLS_PLATFORM_CALLOC_MACRO)
-#error "MBEDTLS_PLATFORM_CALLOC_MACRO must be defined if MBEDTLS_PLATFORM_FREE_MACRO is"
-#endif
-
-#if defined(MBEDTLS_PLATFORM_CALLOC_MACRO) &&\
-    ( !defined(MBEDTLS_PLATFORM_C) || !defined(MBEDTLS_PLATFORM_MEMORY) )
-#error "MBEDTLS_PLATFORM_CALLOC_MACRO defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_PLATFORM_CALLOC_MACRO) &&\
-    defined(MBEDTLS_PLATFORM_STD_CALLOC)
-#error "MBEDTLS_PLATFORM_CALLOC_MACRO and MBEDTLS_PLATFORM_STD_CALLOC cannot be defined simultaneously"
-#endif
-
-#if defined(MBEDTLS_PLATFORM_CALLOC_MACRO) && !defined(MBEDTLS_PLATFORM_FREE_MACRO)
-#error "MBEDTLS_PLATFORM_FREE_MACRO must be defined if MBEDTLS_PLATFORM_CALLOC_MACRO is"
-#endif
-
-#if defined(MBEDTLS_PLATFORM_MEMORY) && !defined(MBEDTLS_PLATFORM_C)
-#error "MBEDTLS_PLATFORM_MEMORY defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_PLATFORM_PRINTF_ALT) && !defined(MBEDTLS_PLATFORM_C)
-#error "MBEDTLS_PLATFORM_PRINTF_ALT defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_PLATFORM_PRINTF_MACRO) && !defined(MBEDTLS_PLATFORM_C)
-#error "MBEDTLS_PLATFORM_PRINTF_MACRO defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_PLATFORM_PRINTF_MACRO) &&\
-    ( defined(MBEDTLS_PLATFORM_STD_PRINTF) ||\
-        defined(MBEDTLS_PLATFORM_PRINTF_ALT) )
-#error "MBEDTLS_PLATFORM_PRINTF_MACRO and MBEDTLS_PLATFORM_STD_PRINTF/MBEDTLS_PLATFORM_PRINTF_ALT cannot be defined simultaneously"
-#endif
-
-#if defined(MBEDTLS_PLATFORM_SNPRINTF_ALT) && !defined(MBEDTLS_PLATFORM_C)
-#error "MBEDTLS_PLATFORM_SNPRINTF_ALT defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_PLATFORM_SNPRINTF_MACRO) && !defined(MBEDTLS_PLATFORM_C)
-#error "MBEDTLS_PLATFORM_SNPRINTF_MACRO defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_PLATFORM_SNPRINTF_MACRO) &&\
-    ( defined(MBEDTLS_PLATFORM_STD_SNPRINTF) ||\
-        defined(MBEDTLS_PLATFORM_SNPRINTF_ALT) )
-#error "MBEDTLS_PLATFORM_SNPRINTF_MACRO and MBEDTLS_PLATFORM_STD_SNPRINTF/MBEDTLS_PLATFORM_SNPRINTF_ALT cannot be defined simultaneously"
-#endif
-
-#if defined(MBEDTLS_PLATFORM_STD_MEM_HDR) &&\
-    !defined(MBEDTLS_PLATFORM_NO_STD_FUNCTIONS)
-#error "MBEDTLS_PLATFORM_STD_MEM_HDR defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_PLATFORM_STD_CALLOC) && !defined(MBEDTLS_PLATFORM_MEMORY)
-#error "MBEDTLS_PLATFORM_STD_CALLOC defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_PLATFORM_STD_CALLOC) && !defined(MBEDTLS_PLATFORM_MEMORY)
-#error "MBEDTLS_PLATFORM_STD_CALLOC defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_PLATFORM_STD_FREE) && !defined(MBEDTLS_PLATFORM_MEMORY)
-#error "MBEDTLS_PLATFORM_STD_FREE defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_PLATFORM_STD_EXIT) &&\
-    !defined(MBEDTLS_PLATFORM_EXIT_ALT)
-#error "MBEDTLS_PLATFORM_STD_EXIT defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_PLATFORM_STD_TIME) &&\
-    ( !defined(MBEDTLS_PLATFORM_TIME_ALT) ||\
-        !defined(MBEDTLS_HAVE_TIME) )
-#error "MBEDTLS_PLATFORM_STD_TIME defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_PLATFORM_STD_FPRINTF) &&\
-    !defined(MBEDTLS_PLATFORM_FPRINTF_ALT)
-#error "MBEDTLS_PLATFORM_STD_FPRINTF defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_PLATFORM_STD_PRINTF) &&\
-    !defined(MBEDTLS_PLATFORM_PRINTF_ALT)
-#error "MBEDTLS_PLATFORM_STD_PRINTF defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_PLATFORM_STD_SNPRINTF) &&\
-    !defined(MBEDTLS_PLATFORM_SNPRINTF_ALT)
-#error "MBEDTLS_PLATFORM_STD_SNPRINTF defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_ENTROPY_NV_SEED) &&\
-    ( !defined(MBEDTLS_PLATFORM_C) || !defined(MBEDTLS_ENTROPY_C) )
-#error "MBEDTLS_ENTROPY_NV_SEED defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_PLATFORM_NV_SEED_ALT) &&\
-    !defined(MBEDTLS_ENTROPY_NV_SEED)
-#error "MBEDTLS_PLATFORM_NV_SEED_ALT defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_PLATFORM_STD_NV_SEED_READ) &&\
-    !defined(MBEDTLS_PLATFORM_NV_SEED_ALT)
-#error "MBEDTLS_PLATFORM_STD_NV_SEED_READ defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_PLATFORM_STD_NV_SEED_WRITE) &&\
-    !defined(MBEDTLS_PLATFORM_NV_SEED_ALT)
-#error "MBEDTLS_PLATFORM_STD_NV_SEED_WRITE defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_PLATFORM_NV_SEED_READ_MACRO) &&\
-    ( defined(MBEDTLS_PLATFORM_STD_NV_SEED_READ) ||\
-      defined(MBEDTLS_PLATFORM_NV_SEED_ALT) )
-#error "MBEDTLS_PLATFORM_NV_SEED_READ_MACRO and MBEDTLS_PLATFORM_STD_NV_SEED_READ cannot be defined simultaneously"
-#endif
-
-#if defined(MBEDTLS_PLATFORM_NV_SEED_WRITE_MACRO) &&\
-    ( defined(MBEDTLS_PLATFORM_STD_NV_SEED_WRITE) ||\
-      defined(MBEDTLS_PLATFORM_NV_SEED_ALT) )
-#error "MBEDTLS_PLATFORM_NV_SEED_WRITE_MACRO and MBEDTLS_PLATFORM_STD_NV_SEED_WRITE cannot be defined simultaneously"
-#endif
-
-#if defined(MBEDTLS_PSA_CRYPTO_C) &&            \
-    !( defined(MBEDTLS_CTR_DRBG_C) &&           \
-       defined(MBEDTLS_ENTROPY_C) )
-#error "MBEDTLS_PSA_CRYPTO_C defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_PSA_CRYPTO_SPM) && !defined(MBEDTLS_PSA_CRYPTO_C)
-#error "MBEDTLS_PSA_CRYPTO_SPM defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_PSA_CRYPTO_SE_C) &&    \
-    ! ( defined(MBEDTLS_PSA_CRYPTO_C) && \
-        defined(MBEDTLS_PSA_CRYPTO_STORAGE_C) )
-#error "MBEDTLS_PSA_CRYPTO_SE_C defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_PSA_CRYPTO_STORAGE_C) &&            \
-    ! defined(MBEDTLS_PSA_CRYPTO_C)
-#error "MBEDTLS_PSA_CRYPTO_STORAGE_C defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_PSA_INJECT_ENTROPY) &&      \
-    !( defined(MBEDTLS_PSA_CRYPTO_STORAGE_C) && \
-       defined(MBEDTLS_ENTROPY_NV_SEED) )
-#error "MBEDTLS_PSA_INJECT_ENTROPY defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_PSA_INJECT_ENTROPY) &&              \
-    !defined(MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES)
-#error "MBEDTLS_PSA_INJECT_ENTROPY is not compatible with actual entropy sources"
-#endif
-
-#if defined(MBEDTLS_PSA_ITS_FILE_C) && \
-    !defined(MBEDTLS_FS_IO)
-#error "MBEDTLS_PSA_ITS_FILE_C defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_RSA_C) && ( !defined(MBEDTLS_BIGNUM_C) ||         \
-    !defined(MBEDTLS_OID_C) )
-#error "MBEDTLS_RSA_C defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_RSA_C) && ( !defined(MBEDTLS_PKCS1_V21) &&         \
-    !defined(MBEDTLS_PKCS1_V15) )
-#error "MBEDTLS_RSA_C defined, but none of the PKCS1 versions enabled"
-#endif
-
-#if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT) &&                        \
-    ( !defined(MBEDTLS_RSA_C) || !defined(MBEDTLS_PKCS1_V21) )
-#error "MBEDTLS_X509_RSASSA_PSS_SUPPORT defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_SHA512_NO_SHA384) && !defined(MBEDTLS_SHA512_C)
-#error "MBEDTLS_SHA512_NO_SHA384 defined without MBEDTLS_SHA512_C"
-#endif
-
-#if defined(MBEDTLS_SSL_PROTO_SSL3) && ( !defined(MBEDTLS_MD5_C) ||     \
-    !defined(MBEDTLS_SHA1_C) )
-#error "MBEDTLS_SSL_PROTO_SSL3 defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_SSL_PROTO_TLS1) && ( !defined(MBEDTLS_MD5_C) ||     \
-    !defined(MBEDTLS_SHA1_C) )
-#error "MBEDTLS_SSL_PROTO_TLS1 defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_SSL_PROTO_TLS1_1) && ( !defined(MBEDTLS_MD5_C) ||     \
-    !defined(MBEDTLS_SHA1_C) )
-#error "MBEDTLS_SSL_PROTO_TLS1_1 defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_SSL_PROTO_TLS1_2) && ( !defined(MBEDTLS_SHA1_C) &&     \
-    !defined(MBEDTLS_SHA256_C) && !defined(MBEDTLS_SHA512_C) )
-#error "MBEDTLS_SSL_PROTO_TLS1_2 defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL) && ( !defined(MBEDTLS_HKDF_C) && \
-    !defined(MBEDTLS_SHA256_C) && !defined(MBEDTLS_SHA512_C) )
-#error "MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL defined, but not all prerequisites"
-#endif
-
-#if (defined(MBEDTLS_SSL_PROTO_SSL3) || defined(MBEDTLS_SSL_PROTO_TLS1) ||  \
-     defined(MBEDTLS_SSL_PROTO_TLS1_1) || defined(MBEDTLS_SSL_PROTO_TLS1_2)) && \
-    !(defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED) ||                          \
-      defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) ||                      \
-      defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) ||                    \
-      defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) ||                  \
-      defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) ||                     \
-      defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED) ||                   \
-      defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED) ||                          \
-      defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED) ||                      \
-      defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED) ||                      \
-      defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED) ||                    \
-      defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) )
-#error "One or more versions of the TLS protocol are enabled " \
-        "but no key exchange methods defined with MBEDTLS_KEY_EXCHANGE_xxxx"
-#endif
-
-#if defined(MBEDTLS_SSL_PROTO_DTLS)     && \
-    !defined(MBEDTLS_SSL_PROTO_TLS1_1)  && \
-    !defined(MBEDTLS_SSL_PROTO_TLS1_2)
-#error "MBEDTLS_SSL_PROTO_DTLS defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_SSL_CLI_C) && !defined(MBEDTLS_SSL_TLS_C)
-#error "MBEDTLS_SSL_CLI_C defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_SSL_TLS_C) && ( !defined(MBEDTLS_CIPHER_C) ||     \
-    !defined(MBEDTLS_MD_C) )
-#error "MBEDTLS_SSL_TLS_C defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_SSL_SRV_C) && !defined(MBEDTLS_SSL_TLS_C)
-#error "MBEDTLS_SSL_SRV_C defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_SSL_TLS_C) && (!defined(MBEDTLS_SSL_PROTO_SSL3) && \
-    !defined(MBEDTLS_SSL_PROTO_TLS1) && !defined(MBEDTLS_SSL_PROTO_TLS1_1) && \
-    !defined(MBEDTLS_SSL_PROTO_TLS1_2))
-#error "MBEDTLS_SSL_TLS_C defined, but no protocols are active"
-#endif
-
-#if defined(MBEDTLS_SSL_TLS_C) && (defined(MBEDTLS_SSL_PROTO_SSL3) && \
-    defined(MBEDTLS_SSL_PROTO_TLS1_1) && !defined(MBEDTLS_SSL_PROTO_TLS1))
-#error "Illegal protocol selection"
-#endif
-
-#if defined(MBEDTLS_SSL_TLS_C) && (defined(MBEDTLS_SSL_PROTO_TLS1) && \
-    defined(MBEDTLS_SSL_PROTO_TLS1_2) && !defined(MBEDTLS_SSL_PROTO_TLS1_1))
-#error "Illegal protocol selection"
-#endif
-
-#if defined(MBEDTLS_SSL_TLS_C) && (defined(MBEDTLS_SSL_PROTO_SSL3) && \
-    defined(MBEDTLS_SSL_PROTO_TLS1_2) && (!defined(MBEDTLS_SSL_PROTO_TLS1) || \
-    !defined(MBEDTLS_SSL_PROTO_TLS1_1)))
-#error "Illegal protocol selection"
-#endif
-
-#if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY) && !defined(MBEDTLS_SSL_PROTO_DTLS)
-#error "MBEDTLS_SSL_DTLS_HELLO_VERIFY  defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE) && \
-    !defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY)
-#error "MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE  defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY) &&                              \
-    ( !defined(MBEDTLS_SSL_TLS_C) || !defined(MBEDTLS_SSL_PROTO_DTLS) )
-#error "MBEDTLS_SSL_DTLS_ANTI_REPLAY  defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) &&                              \
-    ( !defined(MBEDTLS_SSL_TLS_C) || !defined(MBEDTLS_SSL_PROTO_DTLS) )
-#error "MBEDTLS_SSL_DTLS_CONNECTION_ID  defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)            &&                 \
-    defined(MBEDTLS_SSL_CID_IN_LEN_MAX) &&                 \
-    MBEDTLS_SSL_CID_IN_LEN_MAX > 255
-#error "MBEDTLS_SSL_CID_IN_LEN_MAX too large (max 255)"
-#endif
-
-#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)            &&                  \
-    defined(MBEDTLS_SSL_CID_OUT_LEN_MAX) &&                 \
-    MBEDTLS_SSL_CID_OUT_LEN_MAX > 255
-#error "MBEDTLS_SSL_CID_OUT_LEN_MAX too large (max 255)"
-#endif
-
-#if defined(MBEDTLS_SSL_DTLS_BADMAC_LIMIT) &&                              \
-    ( !defined(MBEDTLS_SSL_TLS_C) || !defined(MBEDTLS_SSL_PROTO_DTLS) )
-#error "MBEDTLS_SSL_DTLS_BADMAC_LIMIT  defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) &&   \
-    !defined(MBEDTLS_SSL_PROTO_TLS1)   &&      \
-    !defined(MBEDTLS_SSL_PROTO_TLS1_1) &&      \
-    !defined(MBEDTLS_SSL_PROTO_TLS1_2)
-#error "MBEDTLS_SSL_ENCRYPT_THEN_MAC defined, but not all prerequsites"
-#endif
-
-#if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET) && \
-    !defined(MBEDTLS_SSL_PROTO_TLS1)   &&          \
-    !defined(MBEDTLS_SSL_PROTO_TLS1_1) &&          \
-    !defined(MBEDTLS_SSL_PROTO_TLS1_2)
-#error "MBEDTLS_SSL_EXTENDED_MASTER_SECRET defined, but not all prerequsites"
-#endif
-
-#if defined(MBEDTLS_SSL_TICKET_C) && !defined(MBEDTLS_CIPHER_C)
-#error "MBEDTLS_SSL_TICKET_C defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_SSL_CBC_RECORD_SPLITTING) && \
-    !defined(MBEDTLS_SSL_PROTO_SSL3) && !defined(MBEDTLS_SSL_PROTO_TLS1)
-#error "MBEDTLS_SSL_CBC_RECORD_SPLITTING defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION) && \
-        !defined(MBEDTLS_X509_CRT_PARSE_C)
-#error "MBEDTLS_SSL_SERVER_NAME_INDICATION defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_THREADING_PTHREAD)
-#if !defined(MBEDTLS_THREADING_C) || defined(MBEDTLS_THREADING_IMPL)
-#error "MBEDTLS_THREADING_PTHREAD defined, but not all prerequisites"
-#endif
-#define MBEDTLS_THREADING_IMPL
-#endif
-
-#if defined(MBEDTLS_THREADING_ALT)
-#if !defined(MBEDTLS_THREADING_C) || defined(MBEDTLS_THREADING_IMPL)
-#error "MBEDTLS_THREADING_ALT defined, but not all prerequisites"
-#endif
-#define MBEDTLS_THREADING_IMPL
-#endif
-
-#if defined(MBEDTLS_THREADING_C) && !defined(MBEDTLS_THREADING_IMPL)
-#error "MBEDTLS_THREADING_C defined, single threading implementation required"
-#endif
-#undef MBEDTLS_THREADING_IMPL
-
-#if defined(MBEDTLS_USE_PSA_CRYPTO) && !defined(MBEDTLS_PSA_CRYPTO_C)
-#error "MBEDTLS_USE_PSA_CRYPTO defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_VERSION_FEATURES) && !defined(MBEDTLS_VERSION_C)
-#error "MBEDTLS_VERSION_FEATURES defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_X509_USE_C) && ( !defined(MBEDTLS_BIGNUM_C) ||  \
-    !defined(MBEDTLS_OID_C) || !defined(MBEDTLS_ASN1_PARSE_C) ||      \
-    !defined(MBEDTLS_PK_PARSE_C) )
-#error "MBEDTLS_X509_USE_C defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_X509_CREATE_C) && ( !defined(MBEDTLS_BIGNUM_C) ||  \
-    !defined(MBEDTLS_OID_C) || !defined(MBEDTLS_ASN1_WRITE_C) ||       \
-    !defined(MBEDTLS_PK_WRITE_C) )
-#error "MBEDTLS_X509_CREATE_C defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_CERTS_C) && !defined(MBEDTLS_X509_USE_C)
-#error "MBEDTLS_CERTS_C defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_X509_CRT_PARSE_C) && ( !defined(MBEDTLS_X509_USE_C) )
-#error "MBEDTLS_X509_CRT_PARSE_C defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_X509_CRL_PARSE_C) && ( !defined(MBEDTLS_X509_USE_C) )
-#error "MBEDTLS_X509_CRL_PARSE_C defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_X509_CSR_PARSE_C) && ( !defined(MBEDTLS_X509_USE_C) )
-#error "MBEDTLS_X509_CSR_PARSE_C defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_X509_CRT_WRITE_C) && ( !defined(MBEDTLS_X509_CREATE_C) )
-#error "MBEDTLS_X509_CRT_WRITE_C defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_X509_CSR_WRITE_C) && ( !defined(MBEDTLS_X509_CREATE_C) )
-#error "MBEDTLS_X509_CSR_WRITE_C defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_HAVE_INT32) && defined(MBEDTLS_HAVE_INT64)
-#error "MBEDTLS_HAVE_INT32 and MBEDTLS_HAVE_INT64 cannot be defined simultaneously"
-#endif /* MBEDTLS_HAVE_INT32 && MBEDTLS_HAVE_INT64 */
-
-#if ( defined(MBEDTLS_HAVE_INT32) || defined(MBEDTLS_HAVE_INT64) ) && \
-    defined(MBEDTLS_HAVE_ASM)
-#error "MBEDTLS_HAVE_INT32/MBEDTLS_HAVE_INT64 and MBEDTLS_HAVE_ASM cannot be defined simultaneously"
-#endif /* (MBEDTLS_HAVE_INT32 || MBEDTLS_HAVE_INT64) && MBEDTLS_HAVE_ASM */
-
-#if defined(MBEDTLS_SSL_PROTO_SSL3)
-#if defined(MBEDTLS_DEPRECATED_REMOVED)
-#error "MBEDTLS_SSL_PROTO_SSL3 is deprecated and will be removed in a future version of Mbed TLS"
-#elif defined(MBEDTLS_DEPRECATED_WARNING)
-#warning "MBEDTLS_SSL_PROTO_SSL3 is deprecated and will be removed in a future version of Mbed TLS"
-#endif
-#endif /* MBEDTLS_SSL_PROTO_SSL3 */
-
-#if defined(MBEDTLS_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO)
-#if defined(MBEDTLS_DEPRECATED_REMOVED)
-#error "MBEDTLS_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO is deprecated and will be removed in a future version of Mbed TLS"
-#elif defined(MBEDTLS_DEPRECATED_WARNING)
-#warning "MBEDTLS_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO is deprecated and will be removed in a future version of Mbed TLS"
-#endif
-#endif /* MBEDTLS_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO */
-
-#if defined(MBEDTLS_SSL_HW_RECORD_ACCEL)
-#if defined(MBEDTLS_DEPRECATED_REMOVED)
-#error "MBEDTLS_SSL_HW_RECORD_ACCEL is deprecated and will be removed in a future version of Mbed TLS"
-#elif defined(MBEDTLS_DEPRECATED_WARNING)
-#warning "MBEDTLS_SSL_HW_RECORD_ACCEL is deprecated and will be removed in a future version of Mbed TLS"
-#endif /* MBEDTLS_DEPRECATED_REMOVED */
-#endif /* MBEDTLS_SSL_HW_RECORD_ACCEL */
-
-/*
- * Avoid warning from -pedantic. This is a convenient place for this
- * workaround since this is included by every single file before the
- * #if defined(MBEDTLS_xxx_C) that results in empty translation units.
- */
-typedef int mbedtls_iso_c_forbids_empty_translation_units;
-
-#endif /* MBEDTLS_CHECK_CONFIG_H */

lib/mbedtls/include/mbedtls/cipher.h

@@ -1,926 +0,0 @@
-/**
- * \file cipher.h
- *
- * \brief This file contains an abstraction interface for use with the cipher
- * primitives provided by the library. It provides a common interface to all of
- * the available cipher operations.
- *
- * \author Adriaan de Jong <dejong@fox-it.com>
- */
-/*
- *  Copyright (C) 2006-2018, Arm Limited (or its affiliates), All Rights Reserved
- *  SPDX-License-Identifier: Apache-2.0
- *
- *  Licensed under the Apache License, Version 2.0 (the "License"); you may
- *  not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- *
- *  This file is part of Mbed TLS (https://tls.mbed.org)
- */
-
-#ifndef MBEDTLS_CIPHER_H
-#define MBEDTLS_CIPHER_H
-
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "mbedtls/config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
-
-#include <stddef.h>
-#include "mbedtls/platform_util.h"
-
-#if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CCM_C) || defined(MBEDTLS_CHACHAPOLY_C)
-#define MBEDTLS_CIPHER_MODE_AEAD
-#endif
-
-#if defined(MBEDTLS_CIPHER_MODE_CBC)
-#define MBEDTLS_CIPHER_MODE_WITH_PADDING
-#endif
-
-#if defined(MBEDTLS_ARC4_C) || defined(MBEDTLS_CIPHER_NULL_CIPHER) || \
-    defined(MBEDTLS_CHACHA20_C)
-#define MBEDTLS_CIPHER_MODE_STREAM
-#endif
-
-#if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && \
-    !defined(inline) && !defined(__cplusplus)
-#define inline __inline
-#endif
-
-#define MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE  -0x6080  /**< The selected feature is not available. */
-#define MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA       -0x6100  /**< Bad input parameters. */
-#define MBEDTLS_ERR_CIPHER_ALLOC_FAILED         -0x6180  /**< Failed to allocate memory. */
-#define MBEDTLS_ERR_CIPHER_INVALID_PADDING      -0x6200  /**< Input data contains invalid padding and is rejected. */
-#define MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED  -0x6280  /**< Decryption of block requires a full block. */
-#define MBEDTLS_ERR_CIPHER_AUTH_FAILED          -0x6300  /**< Authentication failed (for AEAD modes). */
-#define MBEDTLS_ERR_CIPHER_INVALID_CONTEXT      -0x6380  /**< The context is invalid. For example, because it was freed. */
-
-/* MBEDTLS_ERR_CIPHER_HW_ACCEL_FAILED is deprecated and should not be used. */
-#define MBEDTLS_ERR_CIPHER_HW_ACCEL_FAILED      -0x6400  /**< Cipher hardware accelerator failed. */
-
-#define MBEDTLS_CIPHER_VARIABLE_IV_LEN     0x01    /**< Cipher accepts IVs of variable length. */
-#define MBEDTLS_CIPHER_VARIABLE_KEY_LEN    0x02    /**< Cipher accepts keys of variable length. */
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/**
- * \brief     Supported cipher types.
- *
- * \warning   RC4 and DES are considered weak ciphers and their use
- *            constitutes a security risk. Arm recommends considering stronger
- *            ciphers instead.
- */
-typedef enum {
-    MBEDTLS_CIPHER_ID_NONE = 0,  /**< Placeholder to mark the end of cipher ID lists. */
-    MBEDTLS_CIPHER_ID_NULL,      /**< The identity cipher, treated as a stream cipher. */
-    MBEDTLS_CIPHER_ID_AES,       /**< The AES cipher. */
-    MBEDTLS_CIPHER_ID_DES,       /**< The DES cipher. */
-    MBEDTLS_CIPHER_ID_3DES,      /**< The Triple DES cipher. */
-    MBEDTLS_CIPHER_ID_CAMELLIA,  /**< The Camellia cipher. */
-    MBEDTLS_CIPHER_ID_BLOWFISH,  /**< The Blowfish cipher. */
-    MBEDTLS_CIPHER_ID_ARC4,      /**< The RC4 cipher. */
-    MBEDTLS_CIPHER_ID_ARIA,      /**< The Aria cipher. */
-    MBEDTLS_CIPHER_ID_CHACHA20,  /**< The ChaCha20 cipher. */
-} mbedtls_cipher_id_t;
-
-/**
- * \brief     Supported {cipher type, cipher mode} pairs.
- *
- * \warning   RC4 and DES are considered weak ciphers and their use
- *            constitutes a security risk. Arm recommends considering stronger
- *            ciphers instead.
- */
-typedef enum {
-    MBEDTLS_CIPHER_NONE = 0,             /**< Placeholder to mark the end of cipher-pair lists. */
-    MBEDTLS_CIPHER_NULL,                 /**< The identity stream cipher. */
-    MBEDTLS_CIPHER_AES_128_ECB,          /**< AES cipher with 128-bit ECB mode. */
-    MBEDTLS_CIPHER_AES_192_ECB,          /**< AES cipher with 192-bit ECB mode. */
-    MBEDTLS_CIPHER_AES_256_ECB,          /**< AES cipher with 256-bit ECB mode. */
-    MBEDTLS_CIPHER_AES_128_CBC,          /**< AES cipher with 128-bit CBC mode. */
-    MBEDTLS_CIPHER_AES_192_CBC,          /**< AES cipher with 192-bit CBC mode. */
-    MBEDTLS_CIPHER_AES_256_CBC,          /**< AES cipher with 256-bit CBC mode. */
-    MBEDTLS_CIPHER_AES_128_CFB128,       /**< AES cipher with 128-bit CFB128 mode. */
-    MBEDTLS_CIPHER_AES_192_CFB128,       /**< AES cipher with 192-bit CFB128 mode. */
-    MBEDTLS_CIPHER_AES_256_CFB128,       /**< AES cipher with 256-bit CFB128 mode. */
-    MBEDTLS_CIPHER_AES_128_CTR,          /**< AES cipher with 128-bit CTR mode. */
-    MBEDTLS_CIPHER_AES_192_CTR,          /**< AES cipher with 192-bit CTR mode. */
-    MBEDTLS_CIPHER_AES_256_CTR,          /**< AES cipher with 256-bit CTR mode. */
-    MBEDTLS_CIPHER_AES_128_GCM,          /**< AES cipher with 128-bit GCM mode. */
-    MBEDTLS_CIPHER_AES_192_GCM,          /**< AES cipher with 192-bit GCM mode. */
-    MBEDTLS_CIPHER_AES_256_GCM,          /**< AES cipher with 256-bit GCM mode. */
-    MBEDTLS_CIPHER_CAMELLIA_128_ECB,     /**< Camellia cipher with 128-bit ECB mode. */
-    MBEDTLS_CIPHER_CAMELLIA_192_ECB,     /**< Camellia cipher with 192-bit ECB mode. */
-    MBEDTLS_CIPHER_CAMELLIA_256_ECB,     /**< Camellia cipher with 256-bit ECB mode. */
-    MBEDTLS_CIPHER_CAMELLIA_128_CBC,     /**< Camellia cipher with 128-bit CBC mode. */
-    MBEDTLS_CIPHER_CAMELLIA_192_CBC,     /**< Camellia cipher with 192-bit CBC mode. */
-    MBEDTLS_CIPHER_CAMELLIA_256_CBC,     /**< Camellia cipher with 256-bit CBC mode. */
-    MBEDTLS_CIPHER_CAMELLIA_128_CFB128,  /**< Camellia cipher with 128-bit CFB128 mode. */
-    MBEDTLS_CIPHER_CAMELLIA_192_CFB128,  /**< Camellia cipher with 192-bit CFB128 mode. */
-    MBEDTLS_CIPHER_CAMELLIA_256_CFB128,  /**< Camellia cipher with 256-bit CFB128 mode. */
-    MBEDTLS_CIPHER_CAMELLIA_128_CTR,     /**< Camellia cipher with 128-bit CTR mode. */
-    MBEDTLS_CIPHER_CAMELLIA_192_CTR,     /**< Camellia cipher with 192-bit CTR mode. */
-    MBEDTLS_CIPHER_CAMELLIA_256_CTR,     /**< Camellia cipher with 256-bit CTR mode. */
-    MBEDTLS_CIPHER_CAMELLIA_128_GCM,     /**< Camellia cipher with 128-bit GCM mode. */
-    MBEDTLS_CIPHER_CAMELLIA_192_GCM,     /**< Camellia cipher with 192-bit GCM mode. */
-    MBEDTLS_CIPHER_CAMELLIA_256_GCM,     /**< Camellia cipher with 256-bit GCM mode. */
-    MBEDTLS_CIPHER_DES_ECB,              /**< DES cipher with ECB mode. */
-    MBEDTLS_CIPHER_DES_CBC,              /**< DES cipher with CBC mode. */
-    MBEDTLS_CIPHER_DES_EDE_ECB,          /**< DES cipher with EDE ECB mode. */
-    MBEDTLS_CIPHER_DES_EDE_CBC,          /**< DES cipher with EDE CBC mode. */
-    MBEDTLS_CIPHER_DES_EDE3_ECB,         /**< DES cipher with EDE3 ECB mode. */
-    MBEDTLS_CIPHER_DES_EDE3_CBC,         /**< DES cipher with EDE3 CBC mode. */
-    MBEDTLS_CIPHER_BLOWFISH_ECB,         /**< Blowfish cipher with ECB mode. */
-    MBEDTLS_CIPHER_BLOWFISH_CBC,         /**< Blowfish cipher with CBC mode. */
-    MBEDTLS_CIPHER_BLOWFISH_CFB64,       /**< Blowfish cipher with CFB64 mode. */
-    MBEDTLS_CIPHER_BLOWFISH_CTR,         /**< Blowfish cipher with CTR mode. */
-    MBEDTLS_CIPHER_ARC4_128,             /**< RC4 cipher with 128-bit mode. */
-    MBEDTLS_CIPHER_AES_128_CCM,          /**< AES cipher with 128-bit CCM mode. */
-    MBEDTLS_CIPHER_AES_192_CCM,          /**< AES cipher with 192-bit CCM mode. */
-    MBEDTLS_CIPHER_AES_256_CCM,          /**< AES cipher with 256-bit CCM mode. */
-    MBEDTLS_CIPHER_CAMELLIA_128_CCM,     /**< Camellia cipher with 128-bit CCM mode. */
-    MBEDTLS_CIPHER_CAMELLIA_192_CCM,     /**< Camellia cipher with 192-bit CCM mode. */
-    MBEDTLS_CIPHER_CAMELLIA_256_CCM,     /**< Camellia cipher with 256-bit CCM mode. */
-    MBEDTLS_CIPHER_ARIA_128_ECB,         /**< Aria cipher with 128-bit key and ECB mode. */
-    MBEDTLS_CIPHER_ARIA_192_ECB,         /**< Aria cipher with 192-bit key and ECB mode. */
-    MBEDTLS_CIPHER_ARIA_256_ECB,         /**< Aria cipher with 256-bit key and ECB mode. */
-    MBEDTLS_CIPHER_ARIA_128_CBC,         /**< Aria cipher with 128-bit key and CBC mode. */
-    MBEDTLS_CIPHER_ARIA_192_CBC,         /**< Aria cipher with 192-bit key and CBC mode. */
-    MBEDTLS_CIPHER_ARIA_256_CBC,         /**< Aria cipher with 256-bit key and CBC mode. */
-    MBEDTLS_CIPHER_ARIA_128_CFB128,      /**< Aria cipher with 128-bit key and CFB-128 mode. */
-    MBEDTLS_CIPHER_ARIA_192_CFB128,      /**< Aria cipher with 192-bit key and CFB-128 mode. */
-    MBEDTLS_CIPHER_ARIA_256_CFB128,      /**< Aria cipher with 256-bit key and CFB-128 mode. */
-    MBEDTLS_CIPHER_ARIA_128_CTR,         /**< Aria cipher with 128-bit key and CTR mode. */
-    MBEDTLS_CIPHER_ARIA_192_CTR,         /**< Aria cipher with 192-bit key and CTR mode. */
-    MBEDTLS_CIPHER_ARIA_256_CTR,         /**< Aria cipher with 256-bit key and CTR mode. */
-    MBEDTLS_CIPHER_ARIA_128_GCM,         /**< Aria cipher with 128-bit key and GCM mode. */
-    MBEDTLS_CIPHER_ARIA_192_GCM,         /**< Aria cipher with 192-bit key and GCM mode. */
-    MBEDTLS_CIPHER_ARIA_256_GCM,         /**< Aria cipher with 256-bit key and GCM mode. */
-    MBEDTLS_CIPHER_ARIA_128_CCM,         /**< Aria cipher with 128-bit key and CCM mode. */
-    MBEDTLS_CIPHER_ARIA_192_CCM,         /**< Aria cipher with 192-bit key and CCM mode. */
-    MBEDTLS_CIPHER_ARIA_256_CCM,         /**< Aria cipher with 256-bit key and CCM mode. */
-    MBEDTLS_CIPHER_AES_128_OFB,          /**< AES 128-bit cipher in OFB mode. */
-    MBEDTLS_CIPHER_AES_192_OFB,          /**< AES 192-bit cipher in OFB mode. */
-    MBEDTLS_CIPHER_AES_256_OFB,          /**< AES 256-bit cipher in OFB mode. */
-    MBEDTLS_CIPHER_AES_128_XTS,          /**< AES 128-bit cipher in XTS block mode. */
-    MBEDTLS_CIPHER_AES_256_XTS,          /**< AES 256-bit cipher in XTS block mode. */
-    MBEDTLS_CIPHER_CHACHA20,             /**< ChaCha20 stream cipher. */
-    MBEDTLS_CIPHER_CHACHA20_POLY1305,    /**< ChaCha20-Poly1305 AEAD cipher. */
-    MBEDTLS_CIPHER_AES_128_KW,           /**< AES cipher with 128-bit NIST KW mode. */
-    MBEDTLS_CIPHER_AES_192_KW,           /**< AES cipher with 192-bit NIST KW mode. */
-    MBEDTLS_CIPHER_AES_256_KW,           /**< AES cipher with 256-bit NIST KW mode. */
-    MBEDTLS_CIPHER_AES_128_KWP,          /**< AES cipher with 128-bit NIST KWP mode. */
-    MBEDTLS_CIPHER_AES_192_KWP,          /**< AES cipher with 192-bit NIST KWP mode. */
-    MBEDTLS_CIPHER_AES_256_KWP,          /**< AES cipher with 256-bit NIST KWP mode. */
-} mbedtls_cipher_type_t;
-
-/** Supported cipher modes. */
-typedef enum {
-    MBEDTLS_MODE_NONE = 0,               /**< None.                        */
-    MBEDTLS_MODE_ECB,                    /**< The ECB cipher mode.         */
-    MBEDTLS_MODE_CBC,                    /**< The CBC cipher mode.         */
-    MBEDTLS_MODE_CFB,                    /**< The CFB cipher mode.         */
-    MBEDTLS_MODE_OFB,                    /**< The OFB cipher mode.         */
-    MBEDTLS_MODE_CTR,                    /**< The CTR cipher mode.         */
-    MBEDTLS_MODE_GCM,                    /**< The GCM cipher mode.         */
-    MBEDTLS_MODE_STREAM,                 /**< The stream cipher mode.      */
-    MBEDTLS_MODE_CCM,                    /**< The CCM cipher mode.         */
-    MBEDTLS_MODE_XTS,                    /**< The XTS cipher mode.         */
-    MBEDTLS_MODE_CHACHAPOLY,             /**< The ChaCha-Poly cipher mode. */
-    MBEDTLS_MODE_KW,                     /**< The SP800-38F KW mode */
-    MBEDTLS_MODE_KWP,                    /**< The SP800-38F KWP mode */
-} mbedtls_cipher_mode_t;
-
-/** Supported cipher padding types. */
-typedef enum {
-    MBEDTLS_PADDING_PKCS7 = 0,     /**< PKCS7 padding (default).        */
-    MBEDTLS_PADDING_ONE_AND_ZEROS, /**< ISO/IEC 7816-4 padding.         */
-    MBEDTLS_PADDING_ZEROS_AND_LEN, /**< ANSI X.923 padding.             */
-    MBEDTLS_PADDING_ZEROS,         /**< Zero padding (not reversible). */
-    MBEDTLS_PADDING_NONE,          /**< Never pad (full blocks only).   */
-} mbedtls_cipher_padding_t;
-
-/** Type of operation. */
-typedef enum {
-    MBEDTLS_OPERATION_NONE = -1,
-    MBEDTLS_DECRYPT = 0,
-    MBEDTLS_ENCRYPT,
-} mbedtls_operation_t;
-
-enum {
-    /** Undefined key length. */
-    MBEDTLS_KEY_LENGTH_NONE = 0,
-    /** Key length, in bits (including parity), for DES keys. */
-    MBEDTLS_KEY_LENGTH_DES  = 64,
-    /** Key length in bits, including parity, for DES in two-key EDE. */
-    MBEDTLS_KEY_LENGTH_DES_EDE = 128,
-    /** Key length in bits, including parity, for DES in three-key EDE. */
-    MBEDTLS_KEY_LENGTH_DES_EDE3 = 192,
-};
-
-/** Maximum length of any IV, in Bytes. */
-#define MBEDTLS_MAX_IV_LENGTH      16
-/** Maximum block size of any cipher, in Bytes. */
-#define MBEDTLS_MAX_BLOCK_LENGTH   16
-
-/**
- * Base cipher information (opaque struct).
- */
-typedef struct mbedtls_cipher_base_t mbedtls_cipher_base_t;
-
-/**
- * CMAC context (opaque struct).
- */
-typedef struct mbedtls_cmac_context_t mbedtls_cmac_context_t;
-
-/**
- * Cipher information. Allows calling cipher functions
- * in a generic way.
- */
-typedef struct mbedtls_cipher_info_t
-{
-    /** Full cipher identifier. For example,
-     * MBEDTLS_CIPHER_AES_256_CBC.
-     */
-    mbedtls_cipher_type_t type;
-
-    /** The cipher mode. For example, MBEDTLS_MODE_CBC. */
-    mbedtls_cipher_mode_t mode;
-
-    /** The cipher key length, in bits. This is the
-     * default length for variable sized ciphers.
-     * Includes parity bits for ciphers like DES.
-     */
-    unsigned int key_bitlen;
-
-    /** Name of the cipher. */
-    const char * name;
-
-    /** IV or nonce size, in Bytes.
-     * For ciphers that accept variable IV sizes,
-     * this is the recommended size.
-     */
-    unsigned int iv_size;
-
-    /** Bitflag comprised of MBEDTLS_CIPHER_VARIABLE_IV_LEN and
-     *  MBEDTLS_CIPHER_VARIABLE_KEY_LEN indicating whether the
-     *  cipher supports variable IV or variable key sizes, respectively.
-     */
-    int flags;
-
-    /** The block size, in Bytes. */
-    unsigned int block_size;
-
-    /** Struct for base cipher information and functions. */
-    const mbedtls_cipher_base_t *base;
-
-} mbedtls_cipher_info_t;
-
-/**
- * Generic cipher context.
- */
-typedef struct mbedtls_cipher_context_t
-{
-    /** Information about the associated cipher. */
-    const mbedtls_cipher_info_t *cipher_info;
-
-    /** Key length to use. */
-    int key_bitlen;
-
-    /** Operation that the key of the context has been
-     * initialized for.
-     */
-    mbedtls_operation_t operation;
-
-#if defined(MBEDTLS_CIPHER_MODE_WITH_PADDING)
-    /** Padding functions to use, if relevant for
-     * the specific cipher mode.
-     */
-    void (*add_padding)( unsigned char *output, size_t olen, size_t data_len );
-    int (*get_padding)( unsigned char *input, size_t ilen, size_t *data_len );
-#endif
-
-    /** Buffer for input that has not been processed yet. */
-    unsigned char unprocessed_data[MBEDTLS_MAX_BLOCK_LENGTH];
-
-    /** Number of Bytes that have not been processed yet. */
-    size_t unprocessed_len;
-
-    /** Current IV or NONCE_COUNTER for CTR-mode, data unit (or sector) number
-     * for XTS-mode. */
-    unsigned char iv[MBEDTLS_MAX_IV_LENGTH];
-
-    /** IV size in Bytes, for ciphers with variable-length IVs. */
-    size_t iv_size;
-
-    /** The cipher-specific context. */
-    void *cipher_ctx;
-
-#if defined(MBEDTLS_CMAC_C)
-    /** CMAC-specific context. */
-    mbedtls_cmac_context_t *cmac_ctx;
-#endif
-
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
-    /** Indicates whether the cipher operations should be performed
-     *  by Mbed TLS' own crypto library or an external implementation
-     *  of the PSA Crypto API.
-     *  This is unset if the cipher context was established through
-     *  mbedtls_cipher_setup(), and set if it was established through
-     *  mbedtls_cipher_setup_psa().
-     */
-    unsigned char psa_enabled;
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
-
-} mbedtls_cipher_context_t;
-
-/**
- * \brief This function retrieves the list of ciphers supported
- *        by the generic cipher module.
- *
- *        For any cipher identifier in the returned list, you can
- *        obtain the corresponding generic cipher information structure
- *        via mbedtls_cipher_info_from_type(), which can then be used
- *        to prepare a cipher context via mbedtls_cipher_setup().
- *
- *
- * \return      A statically-allocated array of cipher identifiers
- *              of type cipher_type_t. The last entry is zero.
- */
-const int *mbedtls_cipher_list( void );
-
-/**
- * \brief               This function retrieves the cipher-information
- *                      structure associated with the given cipher name.
- *
- * \param cipher_name   Name of the cipher to search for. This must not be
- *                      \c NULL.
- *
- * \return              The cipher information structure associated with the
- *                      given \p cipher_name.
- * \return              \c NULL if the associated cipher information is not found.
- */
-const mbedtls_cipher_info_t *mbedtls_cipher_info_from_string( const char *cipher_name );
-
-/**
- * \brief               This function retrieves the cipher-information
- *                      structure associated with the given cipher type.
- *
- * \param cipher_type   Type of the cipher to search for.
- *
- * \return              The cipher information structure associated with the
- *                      given \p cipher_type.
- * \return              \c NULL if the associated cipher information is not found.
- */
-const mbedtls_cipher_info_t *mbedtls_cipher_info_from_type( const mbedtls_cipher_type_t cipher_type );
-
-/**
- * \brief               This function retrieves the cipher-information
- *                      structure associated with the given cipher ID,
- *                      key size and mode.
- *
- * \param cipher_id     The ID of the cipher to search for. For example,
- *                      #MBEDTLS_CIPHER_ID_AES.
- * \param key_bitlen    The length of the key in bits.
- * \param mode          The cipher mode. For example, #MBEDTLS_MODE_CBC.
- *
- * \return              The cipher information structure associated with the
- *                      given \p cipher_id.
- * \return              \c NULL if the associated cipher information is not found.
- */
-const mbedtls_cipher_info_t *mbedtls_cipher_info_from_values( const mbedtls_cipher_id_t cipher_id,
-                                              int key_bitlen,
-                                              const mbedtls_cipher_mode_t mode );
-
-/**
- * \brief               This function initializes a \p cipher_context as NONE.
- *
- * \param ctx           The context to be initialized. This must not be \c NULL.
- */
-void mbedtls_cipher_init( mbedtls_cipher_context_t *ctx );
-
-/**
- * \brief               This function frees and clears the cipher-specific
- *                      context of \p ctx. Freeing \p ctx itself remains the
- *                      responsibility of the caller.
- *
- * \param ctx           The context to be freed. If this is \c NULL, the
- *                      function has no effect, otherwise this must point to an
- *                      initialized context.
- */
-void mbedtls_cipher_free( mbedtls_cipher_context_t *ctx );
-
-
-/**
- * \brief               This function initializes a cipher context for
- *                      use with the given cipher primitive.
- *
- * \param ctx           The context to initialize. This must be initialized.
- * \param cipher_info   The cipher to use.
- *
- * \return              \c 0 on success.
- * \return              #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA on
- *                      parameter-verification failure.
- * \return              #MBEDTLS_ERR_CIPHER_ALLOC_FAILED if allocation of the
- *                      cipher-specific context fails.
- *
- * \internal Currently, the function also clears the structure.
- * In future versions, the caller will be required to call
- * mbedtls_cipher_init() on the structure first.
- */
-int mbedtls_cipher_setup( mbedtls_cipher_context_t *ctx,
-                          const mbedtls_cipher_info_t *cipher_info );
-
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
-/**
- * \brief               This function initializes a cipher context for
- *                      PSA-based use with the given cipher primitive.
- *
- * \note                See #MBEDTLS_USE_PSA_CRYPTO for information on PSA.
- *
- * \param ctx           The context to initialize. May not be \c NULL.
- * \param cipher_info   The cipher to use.
- * \param taglen        For AEAD ciphers, the length in bytes of the
- *                      authentication tag to use. Subsequent uses of
- *                      mbedtls_cipher_auth_encrypt() or
- *                      mbedtls_cipher_auth_decrypt() must provide
- *                      the same tag length.
- *                      For non-AEAD ciphers, the value must be \c 0.
- *
- * \return              \c 0 on success.
- * \return              #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA on
- *                      parameter-verification failure.
- * \return              #MBEDTLS_ERR_CIPHER_ALLOC_FAILED if allocation of the
- *                      cipher-specific context fails.
- */
-int mbedtls_cipher_setup_psa( mbedtls_cipher_context_t *ctx,
-                              const mbedtls_cipher_info_t *cipher_info,
-                              size_t taglen );
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
-
-/**
- * \brief        This function returns the block size of the given cipher.
- *
- * \param ctx    The context of the cipher. This must be initialized.
- *
- * \return       The block size of the underlying cipher.
- * \return       \c 0 if \p ctx has not been initialized.
- */
-static inline unsigned int mbedtls_cipher_get_block_size(
-    const mbedtls_cipher_context_t *ctx )
-{
-    MBEDTLS_INTERNAL_VALIDATE_RET( ctx != NULL, 0 );
-    if( ctx->cipher_info == NULL )
-        return 0;
-
-    return ctx->cipher_info->block_size;
-}
-
-/**
- * \brief        This function returns the mode of operation for
- *               the cipher. For example, MBEDTLS_MODE_CBC.
- *
- * \param ctx    The context of the cipher. This must be initialized.
- *
- * \return       The mode of operation.
- * \return       #MBEDTLS_MODE_NONE if \p ctx has not been initialized.
- */
-static inline mbedtls_cipher_mode_t mbedtls_cipher_get_cipher_mode(
-    const mbedtls_cipher_context_t *ctx )
-{
-    MBEDTLS_INTERNAL_VALIDATE_RET( ctx != NULL, MBEDTLS_MODE_NONE );
-    if( ctx->cipher_info == NULL )
-        return MBEDTLS_MODE_NONE;
-
-    return ctx->cipher_info->mode;
-}
-
-/**
- * \brief       This function returns the size of the IV or nonce
- *              of the cipher, in Bytes.
- *
- * \param ctx   The context of the cipher. This must be initialized.
- *
- * \return      The recommended IV size if no IV has been set.
- * \return      \c 0 for ciphers not using an IV or a nonce.
- * \return      The actual size if an IV has been set.
- */
-static inline int mbedtls_cipher_get_iv_size(
-    const mbedtls_cipher_context_t *ctx )
-{
-    MBEDTLS_INTERNAL_VALIDATE_RET( ctx != NULL, 0 );
-    if( ctx->cipher_info == NULL )
-        return 0;
-
-    if( ctx->iv_size != 0 )
-        return (int) ctx->iv_size;
-
-    return (int) ctx->cipher_info->iv_size;
-}
-
-/**
- * \brief               This function returns the type of the given cipher.
- *
- * \param ctx           The context of the cipher. This must be initialized.
- *
- * \return              The type of the cipher.
- * \return              #MBEDTLS_CIPHER_NONE if \p ctx has not been initialized.
- */
-static inline mbedtls_cipher_type_t mbedtls_cipher_get_type(
-    const mbedtls_cipher_context_t *ctx )
-{
-    MBEDTLS_INTERNAL_VALIDATE_RET(
-        ctx != NULL, MBEDTLS_CIPHER_NONE );
-    if( ctx->cipher_info == NULL )
-        return MBEDTLS_CIPHER_NONE;
-
-    return ctx->cipher_info->type;
-}
-
-/**
- * \brief               This function returns the name of the given cipher
- *                      as a string.
- *
- * \param ctx           The context of the cipher. This must be initialized.
- *
- * \return              The name of the cipher.
- * \return              NULL if \p ctx has not been not initialized.
- */
-static inline const char *mbedtls_cipher_get_name(
-    const mbedtls_cipher_context_t *ctx )
-{
-    MBEDTLS_INTERNAL_VALIDATE_RET( ctx != NULL, 0 );
-    if( ctx->cipher_info == NULL )
-        return 0;
-
-    return ctx->cipher_info->name;
-}
-
-/**
- * \brief               This function returns the key length of the cipher.
- *
- * \param ctx           The context of the cipher. This must be initialized.
- *
- * \return              The key length of the cipher in bits.
- * \return              #MBEDTLS_KEY_LENGTH_NONE if ctx \p has not been
- *                      initialized.
- */
-static inline int mbedtls_cipher_get_key_bitlen(
-    const mbedtls_cipher_context_t *ctx )
-{
-    MBEDTLS_INTERNAL_VALIDATE_RET(
-        ctx != NULL, MBEDTLS_KEY_LENGTH_NONE );
-    if( ctx->cipher_info == NULL )
-        return MBEDTLS_KEY_LENGTH_NONE;
-
-    return (int) ctx->cipher_info->key_bitlen;
-}
-
-/**
- * \brief          This function returns the operation of the given cipher.
- *
- * \param ctx      The context of the cipher. This must be initialized.
- *
- * \return         The type of operation: #MBEDTLS_ENCRYPT or #MBEDTLS_DECRYPT.
- * \return         #MBEDTLS_OPERATION_NONE if \p ctx has not been initialized.
- */
-static inline mbedtls_operation_t mbedtls_cipher_get_operation(
-    const mbedtls_cipher_context_t *ctx )
-{
-    MBEDTLS_INTERNAL_VALIDATE_RET(
-        ctx != NULL, MBEDTLS_OPERATION_NONE );
-    if( ctx->cipher_info == NULL )
-        return MBEDTLS_OPERATION_NONE;
-
-    return ctx->operation;
-}
-
-/**
- * \brief               This function sets the key to use with the given context.
- *
- * \param ctx           The generic cipher context. This must be initialized and
- *                      bound to a cipher information structure.
- * \param key           The key to use. This must be a readable buffer of at
- *                      least \p key_bitlen Bits.
- * \param key_bitlen    The key length to use, in Bits.
- * \param operation     The operation that the key will be used for:
- *                      #MBEDTLS_ENCRYPT or #MBEDTLS_DECRYPT.
- *
- * \return              \c 0 on success.
- * \return              #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA on
- *                      parameter-verification failure.
- * \return              A cipher-specific error code on failure.
- */
-int mbedtls_cipher_setkey( mbedtls_cipher_context_t *ctx,
-                           const unsigned char *key,
-                           int key_bitlen,
-                           const mbedtls_operation_t operation );
-
-#if defined(MBEDTLS_CIPHER_MODE_WITH_PADDING)
-/**
- * \brief               This function sets the padding mode, for cipher modes
- *                      that use padding.
- *
- *                      The default passing mode is PKCS7 padding.
- *
- * \param ctx           The generic cipher context. This must be initialized and
- *                      bound to a cipher information structure.
- * \param mode          The padding mode.
- *
- * \return              \c 0 on success.
- * \return              #MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE
- *                      if the selected padding mode is not supported.
- * \return              #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA if the cipher mode
- *                      does not support padding.
- */
-int mbedtls_cipher_set_padding_mode( mbedtls_cipher_context_t *ctx,
-                                     mbedtls_cipher_padding_t mode );
-#endif /* MBEDTLS_CIPHER_MODE_WITH_PADDING */
-
-/**
- * \brief           This function sets the initialization vector (IV)
- *                  or nonce.
- *
- * \note            Some ciphers do not use IVs nor nonce. For these
- *                  ciphers, this function has no effect.
- *
- * \param ctx       The generic cipher context. This must be initialized and
- *                  bound to a cipher information structure.
- * \param iv        The IV to use, or NONCE_COUNTER for CTR-mode ciphers. This
- *                  must be a readable buffer of at least \p iv_len Bytes.
- * \param iv_len    The IV length for ciphers with variable-size IV.
- *                  This parameter is discarded by ciphers with fixed-size IV.
- *
- * \return          \c 0 on success.
- * \return          #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA on
- *                  parameter-verification failure.
- */
-int mbedtls_cipher_set_iv( mbedtls_cipher_context_t *ctx,
-                           const unsigned char *iv,
-                           size_t iv_len );
-
-/**
- * \brief         This function resets the cipher state.
- *
- * \param ctx     The generic cipher context. This must be initialized.
- *
- * \return        \c 0 on success.
- * \return        #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA on
- *                parameter-verification failure.
- */
-int mbedtls_cipher_reset( mbedtls_cipher_context_t *ctx );
-
-#if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CHACHAPOLY_C)
-/**
- * \brief               This function adds additional data for AEAD ciphers.
- *                      Currently supported with GCM and ChaCha20+Poly1305.
- *                      This must be called exactly once, after
- *                      mbedtls_cipher_reset().
- *
- * \param ctx           The generic cipher context. This must be initialized.
- * \param ad            The additional data to use. This must be a readable
- *                      buffer of at least \p ad_len Bytes.
- * \param ad_len        The length of \p ad in Bytes.
- *
- * \return              \c 0 on success.
- * \return              A specific error code on failure.
- */
-int mbedtls_cipher_update_ad( mbedtls_cipher_context_t *ctx,
-                      const unsigned char *ad, size_t ad_len );
-#endif /* MBEDTLS_GCM_C || MBEDTLS_CHACHAPOLY_C */
-
-/**
- * \brief               The generic cipher update function. It encrypts or
- *                      decrypts using the given cipher context. Writes as
- *                      many block-sized blocks of data as possible to output.
- *                      Any data that cannot be written immediately is either
- *                      added to the next block, or flushed when
- *                      mbedtls_cipher_finish() is called.
- *                      Exception: For MBEDTLS_MODE_ECB, expects a single block
- *                      in size. For example, 16 Bytes for AES.
- *
- * \note                If the underlying cipher is used in GCM mode, all calls
- *                      to this function, except for the last one before
- *                      mbedtls_cipher_finish(), must have \p ilen as a
- *                      multiple of the block size of the cipher.
- *
- * \param ctx           The generic cipher context. This must be initialized and
- *                      bound to a key.
- * \param input         The buffer holding the input data. This must be a
- *                      readable buffer of at least \p ilen Bytes.
- * \param ilen          The length of the input data.
- * \param output        The buffer for the output data. This must be able to
- *                      hold at least `ilen + block_size`. This must not be the
- *                      same buffer as \p input.
- * \param olen          The length of the output data, to be updated with the
- *                      actual number of Bytes written. This must not be
- *                      \c NULL.
- *
- * \return              \c 0 on success.
- * \return              #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA on
- *                      parameter-verification failure.
- * \return              #MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE on an
- *                      unsupported mode for a cipher.
- * \return              A cipher-specific error code on failure.
- */
-int mbedtls_cipher_update( mbedtls_cipher_context_t *ctx,
-                           const unsigned char *input,
-                           size_t ilen, unsigned char *output,
-                           size_t *olen );
-
-/**
- * \brief               The generic cipher finalization function. If data still
- *                      needs to be flushed from an incomplete block, the data
- *                      contained in it is padded to the size of
- *                      the last block, and written to the \p output buffer.
- *
- * \param ctx           The generic cipher context. This must be initialized and
- *                      bound to a key.
- * \param output        The buffer to write data to. This needs to be a writable
- *                      buffer of at least \p block_size Bytes.
- * \param olen          The length of the data written to the \p output buffer.
- *                      This may not be \c NULL.
- *
- * \return              \c 0 on success.
- * \return              #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA on
- *                      parameter-verification failure.
- * \return              #MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED on decryption
- *                      expecting a full block but not receiving one.
- * \return              #MBEDTLS_ERR_CIPHER_INVALID_PADDING on invalid padding
- *                      while decrypting.
- * \return              A cipher-specific error code on failure.
- */
-int mbedtls_cipher_finish( mbedtls_cipher_context_t *ctx,
-                   unsigned char *output, size_t *olen );
-
-#if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CHACHAPOLY_C)
-/**
- * \brief               This function writes a tag for AEAD ciphers.
- *                      Currently supported with GCM and ChaCha20+Poly1305.
- *                      This must be called after mbedtls_cipher_finish().
- *
- * \param ctx           The generic cipher context. This must be initialized,
- *                      bound to a key, and have just completed a cipher
- *                      operation through mbedtls_cipher_finish() the tag for
- *                      which should be written.
- * \param tag           The buffer to write the tag to. This must be a writable
- *                      buffer of at least \p tag_len Bytes.
- * \param tag_len       The length of the tag to write.
- *
- * \return              \c 0 on success.
- * \return              A specific error code on failure.
- */
-int mbedtls_cipher_write_tag( mbedtls_cipher_context_t *ctx,
-                      unsigned char *tag, size_t tag_len );
-
-/**
- * \brief               This function checks the tag for AEAD ciphers.
- *                      Currently supported with GCM and ChaCha20+Poly1305.
- *                      This must be called after mbedtls_cipher_finish().
- *
- * \param ctx           The generic cipher context. This must be initialized.
- * \param tag           The buffer holding the tag. This must be a readable
- *                      buffer of at least \p tag_len Bytes.
- * \param tag_len       The length of the tag to check.
- *
- * \return              \c 0 on success.
- * \return              A specific error code on failure.
- */
-int mbedtls_cipher_check_tag( mbedtls_cipher_context_t *ctx,
-                      const unsigned char *tag, size_t tag_len );
-#endif /* MBEDTLS_GCM_C || MBEDTLS_CHACHAPOLY_C */
-
-/**
- * \brief               The generic all-in-one encryption/decryption function,
- *                      for all ciphers except AEAD constructs.
- *
- * \param ctx           The generic cipher context. This must be initialized.
- * \param iv            The IV to use, or NONCE_COUNTER for CTR-mode ciphers.
- *                      This must be a readable buffer of at least \p iv_len
- *                      Bytes.
- * \param iv_len        The IV length for ciphers with variable-size IV.
- *                      This parameter is discarded by ciphers with fixed-size
- *                      IV.
- * \param input         The buffer holding the input data. This must be a
- *                      readable buffer of at least \p ilen Bytes.
- * \param ilen          The length of the input data in Bytes.
- * \param output        The buffer for the output data. This must be able to
- *                      hold at least `ilen + block_size`. This must not be the
- *                      same buffer as \p input.
- * \param olen          The length of the output data, to be updated with the
- *                      actual number of Bytes written. This must not be
- *                      \c NULL.
- *
- * \note                Some ciphers do not use IVs nor nonce. For these
- *                      ciphers, use \p iv = NULL and \p iv_len = 0.
- *
- * \return              \c 0 on success.
- * \return              #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA on
- *                      parameter-verification failure.
- * \return              #MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED on decryption
- *                      expecting a full block but not receiving one.
- * \return              #MBEDTLS_ERR_CIPHER_INVALID_PADDING on invalid padding
- *                      while decrypting.
- * \return              A cipher-specific error code on failure.
- */
-int mbedtls_cipher_crypt( mbedtls_cipher_context_t *ctx,
-                  const unsigned char *iv, size_t iv_len,
-                  const unsigned char *input, size_t ilen,
-                  unsigned char *output, size_t *olen );
-
-#if defined(MBEDTLS_CIPHER_MODE_AEAD)
-/**
- * \brief               The generic autenticated encryption (AEAD) function.
- *
- * \param ctx           The generic cipher context. This must be initialized and
- *                      bound to a key.
- * \param iv            The IV to use, or NONCE_COUNTER for CTR-mode ciphers.
- *                      This must be a readable buffer of at least \p iv_len
- *                      Bytes.
- * \param iv_len        The IV length for ciphers with variable-size IV.
- *                      This parameter is discarded by ciphers with fixed-size IV.
- * \param ad            The additional data to authenticate. This must be a
- *                      readable buffer of at least \p ad_len Bytes.
- * \param ad_len        The length of \p ad.
- * \param input         The buffer holding the input data. This must be a
- *                      readable buffer of at least \p ilen Bytes.
- * \param ilen          The length of the input data.
- * \param output        The buffer for the output data. This must be able to
- *                      hold at least \p ilen Bytes.
- * \param olen          The length of the output data, to be updated with the
- *                      actual number of Bytes written. This must not be
- *                      \c NULL.
- * \param tag           The buffer for the authentication tag. This must be a
- *                      writable buffer of at least \p tag_len Bytes.
- * \param tag_len       The desired length of the authentication tag.
- *
- * \return              \c 0 on success.
- * \return              #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA on
- *                      parameter-verification failure.
- * \return              A cipher-specific error code on failure.
- */
-int mbedtls_cipher_auth_encrypt( mbedtls_cipher_context_t *ctx,
-                         const unsigned char *iv, size_t iv_len,
-                         const unsigned char *ad, size_t ad_len,
-                         const unsigned char *input, size_t ilen,
-                         unsigned char *output, size_t *olen,
-                         unsigned char *tag, size_t tag_len );
-
-/**
- * \brief               The generic autenticated decryption (AEAD) function.
- *
- * \note                If the data is not authentic, then the output buffer
- *                      is zeroed out to prevent the unauthentic plaintext being
- *                      used, making this interface safer.
- *
- * \param ctx           The generic cipher context. This must be initialized and
- *                      and bound to a key.
- * \param iv            The IV to use, or NONCE_COUNTER for CTR-mode ciphers.
- *                      This must be a readable buffer of at least \p iv_len
- *                      Bytes.
- * \param iv_len        The IV length for ciphers with variable-size IV.
- *                      This parameter is discarded by ciphers with fixed-size IV.
- * \param ad            The additional data to be authenticated. This must be a
- *                      readable buffer of at least \p ad_len Bytes.
- * \param ad_len        The length of \p ad.
- * \param input         The buffer holding the input data. This must be a
- *                      readable buffer of at least \p ilen Bytes.
- * \param ilen          The length of the input data.
- * \param output        The buffer for the output data.
- *                      This must be able to hold at least \p ilen Bytes.
- * \param olen          The length of the output data, to be updated with the
- *                      actual number of Bytes written. This must not be
- *                      \c NULL.
- * \param tag           The buffer holding the authentication tag. This must be
- *                      a readable buffer of at least \p tag_len Bytes.
- * \param tag_len       The length of the authentication tag.
- *
- * \return              \c 0 on success.
- * \return              #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA on
- *                      parameter-verification failure.
- * \return              #MBEDTLS_ERR_CIPHER_AUTH_FAILED if data is not authentic.
- * \return              A cipher-specific error code on failure.
- */
-int mbedtls_cipher_auth_decrypt( mbedtls_cipher_context_t *ctx,
-                         const unsigned char *iv, size_t iv_len,
-                         const unsigned char *ad, size_t ad_len,
-                         const unsigned char *input, size_t ilen,
-                         unsigned char *output, size_t *olen,
-                         const unsigned char *tag, size_t tag_len );
-#endif /* MBEDTLS_CIPHER_MODE_AEAD */
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* MBEDTLS_CIPHER_H */

lib/mbedtls/include/mbedtls/cipher_internal.h

@@ -1,152 +0,0 @@
-/**
- * \file cipher_internal.h
- *
- * \brief Cipher wrappers.
- *
- * \author Adriaan de Jong <dejong@fox-it.com>
- */
-/*
- *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
- *  SPDX-License-Identifier: Apache-2.0
- *
- *  Licensed under the Apache License, Version 2.0 (the "License"); you may
- *  not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- *
- *  This file is part of mbed TLS (https://tls.mbed.org)
- */
-#ifndef MBEDTLS_CIPHER_WRAP_H
-#define MBEDTLS_CIPHER_WRAP_H
-
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "mbedtls/config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
-
-#include "mbedtls/cipher.h"
-
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
-#include "psa/crypto.h"
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/**
- * Base cipher information. The non-mode specific functions and values.
- */
-struct mbedtls_cipher_base_t
-{
-    /** Base Cipher type (e.g. MBEDTLS_CIPHER_ID_AES) */
-    mbedtls_cipher_id_t cipher;
-
-    /** Encrypt using ECB */
-    int (*ecb_func)( void *ctx, mbedtls_operation_t mode,
-                     const unsigned char *input, unsigned char *output );
-
-#if defined(MBEDTLS_CIPHER_MODE_CBC)
-    /** Encrypt using CBC */
-    int (*cbc_func)( void *ctx, mbedtls_operation_t mode, size_t length,
-                     unsigned char *iv, const unsigned char *input,
-                     unsigned char *output );
-#endif
-
-#if defined(MBEDTLS_CIPHER_MODE_CFB)
-    /** Encrypt using CFB (Full length) */
-    int (*cfb_func)( void *ctx, mbedtls_operation_t mode, size_t length, size_t *iv_off,
-                     unsigned char *iv, const unsigned char *input,
-                     unsigned char *output );
-#endif
-
-#if defined(MBEDTLS_CIPHER_MODE_OFB)
-    /** Encrypt using OFB (Full length) */
-    int (*ofb_func)( void *ctx, size_t length, size_t *iv_off,
-                     unsigned char *iv,
-                     const unsigned char *input,
-                     unsigned char *output );
-#endif
-
-#if defined(MBEDTLS_CIPHER_MODE_CTR)
-    /** Encrypt using CTR */
-    int (*ctr_func)( void *ctx, size_t length, size_t *nc_off,
-                     unsigned char *nonce_counter, unsigned char *stream_block,
-                     const unsigned char *input, unsigned char *output );
-#endif
-
-#if defined(MBEDTLS_CIPHER_MODE_XTS)
-    /** Encrypt or decrypt using XTS. */
-    int (*xts_func)( void *ctx, mbedtls_operation_t mode, size_t length,
-                     const unsigned char data_unit[16],
-                     const unsigned char *input, unsigned char *output );
-#endif
-
-#if defined(MBEDTLS_CIPHER_MODE_STREAM)
-    /** Encrypt using STREAM */
-    int (*stream_func)( void *ctx, size_t length,
-                        const unsigned char *input, unsigned char *output );
-#endif
-
-    /** Set key for encryption purposes */
-    int (*setkey_enc_func)( void *ctx, const unsigned char *key,
-                            unsigned int key_bitlen );
-
-    /** Set key for decryption purposes */
-    int (*setkey_dec_func)( void *ctx, const unsigned char *key,
-                            unsigned int key_bitlen);
-
-    /** Allocate a new context */
-    void * (*ctx_alloc_func)( void );
-
-    /** Free the given context */
-    void (*ctx_free_func)( void *ctx );
-
-};
-
-typedef struct
-{
-    mbedtls_cipher_type_t type;
-    const mbedtls_cipher_info_t *info;
-} mbedtls_cipher_definition_t;
-
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
-typedef enum
-{
-    MBEDTLS_CIPHER_PSA_KEY_UNSET = 0,
-    MBEDTLS_CIPHER_PSA_KEY_OWNED, /* Used for PSA-based cipher contexts which */
-                                  /* use raw key material internally imported */
-                                  /* as a volatile key, and which hence need  */
-                                  /* to destroy that key when the context is  */
-                                  /* freed.                                   */
-    MBEDTLS_CIPHER_PSA_KEY_NOT_OWNED, /* Used for PSA-based cipher contexts   */
-                                      /* which use a key provided by the      */
-                                      /* user, and which hence will not be    */
-                                      /* destroyed when the context is freed. */
-} mbedtls_cipher_psa_key_ownership;
-
-typedef struct
-{
-    psa_algorithm_t alg;
-    psa_key_handle_t slot;
-    mbedtls_cipher_psa_key_ownership slot_state;
-} mbedtls_cipher_context_psa;
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
-
-extern const mbedtls_cipher_definition_t mbedtls_cipher_definitions[];
-
-extern int mbedtls_cipher_supported[];
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* MBEDTLS_CIPHER_WRAP_H */