diff --git a/library/aead_chacha20_poly1305.c b/library/aead_chacha20_poly1305.c index dac96ae34..8d7b63a70 100644 --- a/library/aead_chacha20_poly1305.c +++ b/library/aead_chacha20_poly1305.c @@ -59,15 +59,15 @@ static void mbedtls_zeroize( void *v, size_t n ) { */ static void mbedtls_aead_chacha20_poly1305_pad_aad( mbedtls_aead_chacha20_poly1305_context *ctx ) { - uint32_t partial_block_len = (uint32_t)( ctx->aad_len % 16U ); + uint32_t partial_block_len = (uint32_t) ( ctx->aad_len % 16U ); unsigned char zeroes[15]; if ( partial_block_len > 0U ) { - memset( zeroes, 0, sizeof(zeroes) ); - (void)mbedtls_poly1305_update( &ctx->poly1305_ctx, - 16U - partial_block_len, - zeroes ); + memset( zeroes, 0, sizeof( zeroes ) ); + (void) mbedtls_poly1305_update( &ctx->poly1305_ctx, + 16U - partial_block_len, + zeroes ); } } @@ -78,15 +78,15 @@ static void mbedtls_aead_chacha20_poly1305_pad_aad( mbedtls_aead_chacha20_poly13 */ static void mbedtls_aead_chacha20_poly1305_pad_ciphertext( mbedtls_aead_chacha20_poly1305_context *ctx ) { - uint32_t partial_block_len = (uint32_t)( ctx->ciphertext_len % 16U ); + uint32_t partial_block_len = (uint32_t) ( ctx->ciphertext_len % 16U ); unsigned char zeroes[15]; if ( partial_block_len > 0U ) { - memset( zeroes, 0, sizeof(zeroes) ); - (void)mbedtls_poly1305_update( &ctx->poly1305_ctx, - 16U - partial_block_len, - zeroes ); + memset( zeroes, 0, sizeof( zeroes ) ); + (void) mbedtls_poly1305_update( &ctx->poly1305_ctx, + 16U - partial_block_len, + zeroes ); } } @@ -185,12 +185,12 @@ int mbedtls_aead_chacha20_poly1305_update_aad( mbedtls_aead_chacha20_poly1305_co } else if ( ctx->state != AEAD_CHACHA20_POLY1305_STATE_AAD ) { - return (MBEDTLS_ERR_AEAD_CHACHA20_POLY1305_BAD_STATE ); + return(MBEDTLS_ERR_AEAD_CHACHA20_POLY1305_BAD_STATE ); } ctx->aad_len += aad_len; - return ( mbedtls_poly1305_update( &ctx->poly1305_ctx, aad_len, aad ) ); + return( mbedtls_poly1305_update( &ctx->poly1305_ctx, aad_len, aad ) ); } int mbedtls_aead_chacha20_poly1305_update( mbedtls_aead_chacha20_poly1305_context *ctx, @@ -228,13 +228,13 @@ int mbedtls_aead_chacha20_poly1305_update( mbedtls_aead_chacha20_poly1305_contex * the input pointers are NULL. Since we have checked their validity * above, we can safety ignore the return value. */ - (void)mbedtls_chacha20_update( &ctx->chacha20_ctx, len, input, output ); - (void)mbedtls_poly1305_update( &ctx->poly1305_ctx, len, output ); + (void) mbedtls_chacha20_update( &ctx->chacha20_ctx, len, input, output ); + (void) mbedtls_poly1305_update( &ctx->poly1305_ctx, len, output ); } else /* DECRYPT */ { - (void)mbedtls_poly1305_update( &ctx->poly1305_ctx, len, input ); - (void)mbedtls_chacha20_update( &ctx->chacha20_ctx, len, input, output ); + (void) mbedtls_poly1305_update( &ctx->poly1305_ctx, len, input ); + (void) mbedtls_chacha20_update( &ctx->chacha20_ctx, len, input, output ); } return( 0 ); @@ -268,25 +268,25 @@ int mbedtls_aead_chacha20_poly1305_finish( mbedtls_aead_chacha20_poly1305_contex /* The lengths of the AAD and ciphertext are processed by * Poly1305 as the final 128-bit block, encoded as little-endian integers. */ - len_block[0] = (unsigned char)ctx->aad_len; - len_block[1] = (unsigned char)( ctx->aad_len >> 8 ); - len_block[2] = (unsigned char)( ctx->aad_len >> 16 ); - len_block[3] = (unsigned char)( ctx->aad_len >> 24 ); - len_block[4] = (unsigned char)( ctx->aad_len >> 32 ); - len_block[5] = (unsigned char)( ctx->aad_len >> 40 ); - len_block[6] = (unsigned char)( ctx->aad_len >> 48 ); - len_block[7] = (unsigned char)( ctx->aad_len >> 56 ); - len_block[8] = (unsigned char)ctx->ciphertext_len; - len_block[9] = (unsigned char)( ctx->ciphertext_len >> 8 ); - len_block[10] = (unsigned char)( ctx->ciphertext_len >> 16 ); - len_block[11] = (unsigned char)( ctx->ciphertext_len >> 24 ); - len_block[12] = (unsigned char)( ctx->ciphertext_len >> 32 ); - len_block[13] = (unsigned char)( ctx->ciphertext_len >> 40 ); - len_block[14] = (unsigned char)( ctx->ciphertext_len >> 48 ); - len_block[15] = (unsigned char)( ctx->ciphertext_len >> 56 ); + len_block[0] = (unsigned char) ctx->aad_len; + len_block[1] = (unsigned char) ( ctx->aad_len >> 8 ); + len_block[2] = (unsigned char) ( ctx->aad_len >> 16 ); + len_block[3] = (unsigned char) ( ctx->aad_len >> 24 ); + len_block[4] = (unsigned char) ( ctx->aad_len >> 32 ); + len_block[5] = (unsigned char) ( ctx->aad_len >> 40 ); + len_block[6] = (unsigned char) ( ctx->aad_len >> 48 ); + len_block[7] = (unsigned char) ( ctx->aad_len >> 56 ); + len_block[8] = (unsigned char) ctx->ciphertext_len; + len_block[9] = (unsigned char) ( ctx->ciphertext_len >> 8 ); + len_block[10] = (unsigned char) ( ctx->ciphertext_len >> 16 ); + len_block[11] = (unsigned char) ( ctx->ciphertext_len >> 24 ); + len_block[12] = (unsigned char) ( ctx->ciphertext_len >> 32 ); + len_block[13] = (unsigned char) ( ctx->ciphertext_len >> 40 ); + len_block[14] = (unsigned char) ( ctx->ciphertext_len >> 48 ); + len_block[15] = (unsigned char) ( ctx->ciphertext_len >> 56 ); - (void)mbedtls_poly1305_update( &ctx->poly1305_ctx, 16U, len_block ); - (void)mbedtls_poly1305_finish( &ctx->poly1305_ctx, mac ); + (void) mbedtls_poly1305_update( &ctx->poly1305_ctx, 16U, len_block ); + (void) mbedtls_poly1305_finish( &ctx->poly1305_ctx, mac ); return( 0 ); } diff --git a/library/chacha20.c b/library/chacha20.c index 437e38069..4c2d8ef9a 100644 --- a/library/chacha20.c +++ b/library/chacha20.c @@ -46,14 +46,14 @@ #endif /* MBEDTLS_PLATFORM_C */ #endif /* MBEDTLS_SELF_TEST */ -#define BYTES_TO_U32_LE( data, offset ) \ - ( (uint32_t)data[offset] | \ - (uint32_t)( (uint32_t)data[(offset) + 1] << 8 ) | \ - (uint32_t)( (uint32_t)data[(offset) + 2] << 16 ) | \ - (uint32_t)( (uint32_t)data[(offset) + 3] << 24 ) \ +#define BYTES_TO_U32_LE( data, offset ) \ + ( (uint32_t) data[offset] \ + | (uint32_t) ( (uint32_t) data[( offset ) + 1] << 8 ) \ + | (uint32_t) ( (uint32_t) data[( offset ) + 2] << 16 ) \ + | (uint32_t) ( (uint32_t) data[( offset ) + 3] << 24 ) \ ) -#define ROTL32( value, amount ) ( (uint32_t)( value << amount ) | ( value >> ( 32 - amount ) ) ) +#define ROTL32( value, amount ) ( (uint32_t) ( value << amount ) | ( value >> ( 32 - amount ) ) ) #define CHACHA20_CTR_INDEX ( 12U ) @@ -171,10 +171,10 @@ static void mbedtls_chacha20_block( const uint32_t initial_state[16], { offset = i * 4U; - keystream[offset ] = (unsigned char) working_state[i]; - keystream[offset + 1U] = (unsigned char)( working_state[i] >> 8 ); - keystream[offset + 2U] = (unsigned char)( working_state[i] >> 16 ); - keystream[offset + 3U] = (unsigned char)( working_state[i] >> 24 ); + keystream[offset ] = (unsigned char) working_state[i]; + keystream[offset + 1U] = (unsigned char) ( working_state[i] >> 8 ); + keystream[offset + 2U] = (unsigned char) ( working_state[i] >> 16 ); + keystream[offset + 3U] = (unsigned char) ( working_state[i] >> 24 ); } } @@ -277,10 +277,10 @@ int mbedtls_chacha20_keystream_block( const mbedtls_chacha20_context *ctx, mbedtls_chacha20_block( initial_state, working_state, keystream ); - mbedtls_zeroize( initial_state, sizeof(initial_state) ); - mbedtls_zeroize( working_state, sizeof(working_state) ); + mbedtls_zeroize( initial_state, sizeof( initial_state ) ); + mbedtls_zeroize( working_state, sizeof( working_state ) ); - return ( 0 ); + return( 0 ); } int mbedtls_chacha20_update( mbedtls_chacha20_context *ctx, @@ -351,7 +351,7 @@ int mbedtls_chacha20_update( mbedtls_chacha20_context *ctx, ctx->initial_state[CHACHA20_CTR_INDEX]++; } - return 0; + return( 0 ); } #endif /* !MBEDTLS_CHACHA20_ALT */ @@ -380,7 +380,7 @@ int mbedtls_chacha20_crypt( const unsigned char key[32], cleanup: mbedtls_chacha20_free( &ctx ); - return result; + return( result ); } #if defined(MBEDTLS_SELF_TEST) diff --git a/library/poly1305.c b/library/poly1305.c index 004d8574a..842a4d464 100644 --- a/library/poly1305.c +++ b/library/poly1305.c @@ -45,11 +45,11 @@ #define POLY1305_BLOCK_SIZE_BYTES ( 16U ) -#define BYTES_TO_U32_LE( data, offset ) \ - ( (uint32_t)data[offset] | \ - (uint32_t)( (uint32_t)data[(offset) + 1] << 8 ) | \ - (uint32_t)( (uint32_t)data[(offset) + 2] << 16 ) | \ - (uint32_t)( (uint32_t)data[(offset) + 3] << 24 ) \ +#define BYTES_TO_U32_LE( data, offset ) \ + ( (uint32_t) data[offset] \ + | (uint32_t) ( (uint32_t) data[( offset ) + 1] << 8 ) \ + | (uint32_t) ( (uint32_t) data[( offset ) + 2] << 16 ) \ + | (uint32_t) ( (uint32_t) data[( offset ) + 3] << 24 ) \ ) /* Implementation that should never be optimized out by the compiler */ @@ -100,59 +100,59 @@ static void mbedtls_poly1305_process( mbedtls_poly1305_context *ctx, { /* Compute: acc += block */ /* Note that the input block is treated as a 128-bit little-endian integer */ - d0 = (uint64_t)acc0 + BYTES_TO_U32_LE( input, offset + 0 ); - d1 = (uint64_t)acc1 + BYTES_TO_U32_LE( input, offset + 4 ) + ( d0 >> 32U ); - d2 = (uint64_t)acc2 + BYTES_TO_U32_LE( input, offset + 8 ) + ( d1 >> 32U ); - d3 = (uint64_t)acc3 + BYTES_TO_U32_LE( input, offset + 12 ) + ( d2 >> 32U ); - acc0 = (uint32_t)d0; - acc1 = (uint32_t)d1; - acc2 = (uint32_t)d2; - acc3 = (uint32_t)d3; - acc4 += (uint32_t)( d3 >> 32U ) + needs_padding; + d0 = (uint64_t) acc0 + BYTES_TO_U32_LE( input, offset + 0 ); + d1 = (uint64_t) acc1 + BYTES_TO_U32_LE( input, offset + 4 ) + ( d0 >> 32U ); + d2 = (uint64_t) acc2 + BYTES_TO_U32_LE( input, offset + 8 ) + ( d1 >> 32U ); + d3 = (uint64_t) acc3 + BYTES_TO_U32_LE( input, offset + 12 ) + ( d2 >> 32U ); + acc0 = (uint32_t) d0; + acc1 = (uint32_t) d1; + acc2 = (uint32_t) d2; + acc3 = (uint32_t) d3; + acc4 += (uint32_t) ( d3 >> 32U ) + needs_padding; /* Compute: acc *= r */ - d0 = ( (uint64_t)acc0 * r0 ) + - ( (uint64_t)acc1 * rs3 ) + - ( (uint64_t)acc2 * rs2 ) + - ( (uint64_t)acc3 * rs1 ); - d1 = ( (uint64_t)acc0 * r1 ) + - ( (uint64_t)acc1 * r0 ) + - ( (uint64_t)acc2 * rs3 ) + - ( (uint64_t)acc3 * rs2 ) + - ( (uint64_t)acc4 * rs1 ); - d2 = ( (uint64_t)acc0 * r2 ) + - ( (uint64_t)acc1 * r1 ) + - ( (uint64_t)acc2 * r0 ) + - ( (uint64_t)acc3 * rs3 ) + - ( (uint64_t)acc4 * rs2 ); - d3 = ( (uint64_t)acc0 * r3 ) + - ( (uint64_t)acc1 * r2 ) + - ( (uint64_t)acc2 * r1 ) + - ( (uint64_t)acc3 * r0 ) + - ( (uint64_t)acc4 * rs3 ); + d0 = ( (uint64_t) acc0 * r0 ) + + ( (uint64_t) acc1 * rs3 ) + + ( (uint64_t) acc2 * rs2 ) + + ( (uint64_t) acc3 * rs1 ); + d1 = ( (uint64_t) acc0 * r1 ) + + ( (uint64_t) acc1 * r0 ) + + ( (uint64_t) acc2 * rs3 ) + + ( (uint64_t) acc3 * rs2 ) + + ( (uint64_t) acc4 * rs1 ); + d2 = ( (uint64_t) acc0 * r2 ) + + ( (uint64_t) acc1 * r1 ) + + ( (uint64_t) acc2 * r0 ) + + ( (uint64_t) acc3 * rs3 ) + + ( (uint64_t) acc4 * rs2 ); + d3 = ( (uint64_t) acc0 * r3 ) + + ( (uint64_t) acc1 * r2 ) + + ( (uint64_t) acc2 * r1 ) + + ( (uint64_t) acc3 * r0 ) + + ( (uint64_t) acc4 * rs3 ); acc4 *= r0; /* Compute: acc %= (2^130 - 5) (partial remainder) */ d1 += ( d0 >> 32 ); d2 += ( d1 >> 32 ); d3 += ( d2 >> 32 ); - acc0 = (uint32_t)d0; - acc1 = (uint32_t)d1; - acc2 = (uint32_t)d2; - acc3 = (uint32_t)d3; - acc4 = (uint32_t)( d3 >> 32 ) + acc4; + acc0 = (uint32_t) d0; + acc1 = (uint32_t) d1; + acc2 = (uint32_t) d2; + acc3 = (uint32_t) d3; + acc4 = (uint32_t) ( d3 >> 32 ) + acc4; - d0 = (uint64_t)acc0 + ( acc4 >> 2 ) + ( acc4 & 0xFFFFFFFCU ); + d0 = (uint64_t) acc0 + ( acc4 >> 2 ) + ( acc4 & 0xFFFFFFFCU ); acc4 &= 3U; - acc0 = (uint32_t)d0; - d0 = (uint64_t)acc1 + ( d0 >> 32U ); - acc1 = (uint32_t)d0; - d0 = (uint64_t)acc2 + ( d0 >> 32U ); - acc2 = (uint32_t)d0; - d0 = (uint64_t)acc3 + ( d0 >> 32U ); - acc3 = (uint32_t)d0; - d0 = (uint64_t)acc4 + ( d0 >> 32U ); - acc4 = (uint32_t)d0; + acc0 = (uint32_t) d0; + d0 = (uint64_t) acc1 + ( d0 >> 32U ); + acc1 = (uint32_t) d0; + d0 = (uint64_t) acc2 + ( d0 >> 32U ); + acc2 = (uint32_t) d0; + d0 = (uint64_t) acc3 + ( d0 >> 32U ); + acc3 = (uint32_t) d0; + d0 = (uint64_t) acc4 + ( d0 >> 32U ); + acc4 = (uint32_t) d0; offset += POLY1305_BLOCK_SIZE_BYTES; } @@ -192,18 +192,18 @@ static void mbedtls_poly1305_compute_mac( const mbedtls_poly1305_context *ctx, */ /* Calculate acc + -(2^130 - 5) */ - d = ( (uint64_t)acc0 + 5U ); - g0 = (uint32_t)d; - d = ( (uint64_t)acc1 + ( d >> 32 ) ); - g1 = (uint32_t)d; - d = ( (uint64_t)acc2 + ( d >> 32 ) ); - g2 = (uint32_t)d; - d = ( (uint64_t)acc3 + ( d >> 32 ) ); - g3 = (uint32_t)d; - g4 = acc4 + (uint32_t)( d >> 32U ); + d = ( (uint64_t) acc0 + 5U ); + g0 = (uint32_t) d; + d = ( (uint64_t) acc1 + ( d >> 32 ) ); + g1 = (uint32_t) d; + d = ( (uint64_t) acc2 + ( d >> 32 ) ); + g2 = (uint32_t) d; + d = ( (uint64_t) acc3 + ( d >> 32 ) ); + g3 = (uint32_t) d; + g4 = acc4 + (uint32_t) ( d >> 32U ); /* mask == 0xFFFFFFFF if 131st bit is set, otherwise mask == 0 */ - mask = (uint32_t)0U - ( g4 >> 2U ); + mask = (uint32_t) 0U - ( g4 >> 2U ); mask_inv = ~mask; /* If 131st bit is set then acc=g, otherwise, acc is unmodified */ @@ -213,38 +213,38 @@ static void mbedtls_poly1305_compute_mac( const mbedtls_poly1305_context *ctx, acc3 = ( acc3 & mask_inv ) | ( g3 & mask ); /* Add 's' */ - d = (uint64_t)acc0 + ctx->s[0]; - acc0 = (uint32_t)d; - d = (uint64_t)acc1 + ctx->s[1] + ( d >> 32U ); - acc1 = (uint32_t)d; - d = (uint64_t)acc2 + ctx->s[2] + ( d >> 32U ); - acc2 = (uint32_t)d; - acc3 += ctx->s[3] + (uint32_t)( d >> 32U ); + d = (uint64_t) acc0 + ctx->s[0]; + acc0 = (uint32_t) d; + d = (uint64_t) acc1 + ctx->s[1] + ( d >> 32U ); + acc1 = (uint32_t) d; + d = (uint64_t) acc2 + ctx->s[2] + ( d >> 32U ); + acc2 = (uint32_t) d; + acc3 += ctx->s[3] + (uint32_t) ( d >> 32U ); /* Compute MAC (128 least significant bits of the accumulator) */ - mac[0] = (uint8_t)acc0; - mac[1] = (uint8_t)( acc0 >> 8 ); - mac[2] = (uint8_t)( acc0 >> 16 ); - mac[3] = (uint8_t)( acc0 >> 24 ); - mac[4] = (uint8_t)acc1; - mac[5] = (uint8_t)( acc1 >> 8 ); - mac[6] = (uint8_t)( acc1 >> 16 ); - mac[7] = (uint8_t)( acc1 >> 24 ); - mac[8] = (uint8_t)acc2; - mac[9] = (uint8_t)( acc2 >> 8 ); - mac[10] = (uint8_t)( acc2 >> 16 ); - mac[11] = (uint8_t)( acc2 >> 24 ); - mac[12] = (uint8_t)acc3; - mac[13] = (uint8_t)( acc3 >> 8 ); - mac[14] = (uint8_t)( acc3 >> 16 ); - mac[15] = (uint8_t)( acc3 >> 24 ); + mac[0] = (unsigned char) acc0; + mac[1] = (unsigned char) ( acc0 >> 8 ); + mac[2] = (unsigned char) ( acc0 >> 16 ); + mac[3] = (unsigned char) ( acc0 >> 24 ); + mac[4] = (unsigned char) acc1; + mac[5] = (unsigned char) ( acc1 >> 8 ); + mac[6] = (unsigned char) ( acc1 >> 16 ); + mac[7] = (unsigned char) ( acc1 >> 24 ); + mac[8] = (unsigned char) acc2; + mac[9] = (unsigned char) ( acc2 >> 8 ); + mac[10] = (unsigned char) ( acc2 >> 16 ); + mac[11] = (unsigned char) ( acc2 >> 24 ); + mac[12] = (unsigned char) acc3; + mac[13] = (unsigned char) ( acc3 >> 8 ); + mac[14] = (unsigned char) ( acc3 >> 16 ); + mac[15] = (unsigned char) ( acc3 >> 24 ); } void mbedtls_poly1305_init( mbedtls_poly1305_context *ctx ) { if ( ctx != NULL ) { - mbedtls_zeroize( ctx, sizeof(mbedtls_poly1305_context) ); + mbedtls_zeroize( ctx, sizeof( mbedtls_poly1305_context ) ); } } @@ -252,7 +252,7 @@ void mbedtls_poly1305_free( mbedtls_poly1305_context *ctx ) { if ( ctx != NULL ) { - mbedtls_zeroize( ctx, sizeof(mbedtls_poly1305_context) ); + mbedtls_zeroize( ctx, sizeof( mbedtls_poly1305_context ) ); } } @@ -281,7 +281,7 @@ int mbedtls_poly1305_setkey( mbedtls_poly1305_context *ctx, ctx->acc[2] = 0U; ctx->acc[3] = 0U; - return 0; + return( 0 ); } int mbedtls_poly1305_update( mbedtls_poly1305_context *ctx, @@ -484,7 +484,7 @@ static const unsigned char test_mac[2][16] = int mbedtls_poly1305_self_test( int verbose ) { - uint8_t mac[16]; + unsigned char mac[16]; size_t i; int result; @@ -496,9 +496,9 @@ int mbedtls_poly1305_self_test( int verbose ) } result = mbedtls_poly1305_mac( test_keys[i], - test_data_len[i], - test_data[i], - mac ); + test_data_len[i], + test_data[i], + mac ); if ( result != 0 ) { if ( verbose != 0 )