From 8b8895b5c274c50216896cce802e861e97f7fabc Mon Sep 17 00:00:00 2001 From: Patrick Rathje Date: Thu, 16 Feb 2023 17:31:27 +0100 Subject: [PATCH] Add library files --- include/mbedtls/aes_alt.h | 72 + include/mbedtls/cc3xx_kmu.h | 403 ++ include/mbedtls/ccm_alt.h | 45 + include/mbedtls/chacha20_alt.h | 58 + include/mbedtls/chachapoly_alt.h | 43 + include/mbedtls/cmac_alt.h | 43 + include/mbedtls/dhm_alt.h | 63 + include/mbedtls/ecp_alt.h | 144 + include/mbedtls/platform_alt.h | 65 + include/mbedtls/poly1305_alt.h | 59 + include/mbedtls/rsa_alt.h | 82 + include/mbedtls/sha1_alt.h | 40 + include/mbedtls/sha256_alt.h | 40 + include/mbedtls/threading_alt.h | 21 + include/mbedtls_extra/cc_aes_defs.h | 160 + include/mbedtls_extra/cc_aes_defs_proj.h | 50 + include/mbedtls_extra/cc_bitops.h | 68 + include/mbedtls_extra/cc_ecpki_types.h | 489 +++ include/mbedtls_extra/cc_error.h | 299 ++ include/mbedtls_extra/cc_hash_defs.h | 137 + include/mbedtls_extra/cc_hash_defs_proj.h | 41 + include/mbedtls_extra/cc_kdf.h | 199 + include/mbedtls_extra/cc_pal_compiler.h | 210 ++ include/mbedtls_extra/cc_pal_types.h | 95 + include/mbedtls_extra/cc_pal_types_plat.h | 35 + include/mbedtls_extra/cc_pka_defs_hw.h | 93 + include/mbedtls_extra/cc_rnd_common.h | 246 ++ include/mbedtls_extra/cc_rnd_error.h | 120 + .../mbedtls_extra/mbedtls_cc_aes_key_wrap.h | 135 + .../mbedtls_cc_aes_key_wrap_error.h | 78 + .../mbedtls_cc_ec_mont_edw_error.h | 84 + include/mbedtls_extra/mbedtls_cc_ecies.h | 181 + include/mbedtls_extra/mbedtls_cc_hkdf.h | 100 + include/mbedtls_extra/mbedtls_cc_hkdf_error.h | 60 + include/mbedtls_extra/mbedtls_cc_srp.h | 397 ++ include/mbedtls_extra/mbedtls_cc_srp_error.h | 62 + include/nrf-config-cc310.h | 3328 +++++++++++++++++ lib/libnrf_cc310_core_0.9.14.a | Bin 0 -> 181094 bytes 38 files changed, 7845 insertions(+) create mode 100644 include/mbedtls/aes_alt.h create mode 100644 include/mbedtls/cc3xx_kmu.h create mode 100644 include/mbedtls/ccm_alt.h create mode 100644 include/mbedtls/chacha20_alt.h create mode 100644 include/mbedtls/chachapoly_alt.h create mode 100644 include/mbedtls/cmac_alt.h create mode 100644 include/mbedtls/dhm_alt.h create mode 100644 include/mbedtls/ecp_alt.h create mode 100644 include/mbedtls/platform_alt.h create mode 100644 include/mbedtls/poly1305_alt.h create mode 100644 include/mbedtls/rsa_alt.h create mode 100644 include/mbedtls/sha1_alt.h create mode 100644 include/mbedtls/sha256_alt.h create mode 100644 include/mbedtls/threading_alt.h create mode 100644 include/mbedtls_extra/cc_aes_defs.h create mode 100644 include/mbedtls_extra/cc_aes_defs_proj.h create mode 100644 include/mbedtls_extra/cc_bitops.h create mode 100644 include/mbedtls_extra/cc_ecpki_types.h create mode 100644 include/mbedtls_extra/cc_error.h create mode 100644 include/mbedtls_extra/cc_hash_defs.h create mode 100644 include/mbedtls_extra/cc_hash_defs_proj.h create mode 100644 include/mbedtls_extra/cc_kdf.h create mode 100644 include/mbedtls_extra/cc_pal_compiler.h create mode 100644 include/mbedtls_extra/cc_pal_types.h create mode 100644 include/mbedtls_extra/cc_pal_types_plat.h create mode 100644 include/mbedtls_extra/cc_pka_defs_hw.h create mode 100644 include/mbedtls_extra/cc_rnd_common.h create mode 100644 include/mbedtls_extra/cc_rnd_error.h create mode 100644 include/mbedtls_extra/mbedtls_cc_aes_key_wrap.h create mode 100644 include/mbedtls_extra/mbedtls_cc_aes_key_wrap_error.h create mode 100644 include/mbedtls_extra/mbedtls_cc_ec_mont_edw_error.h create mode 100644 include/mbedtls_extra/mbedtls_cc_ecies.h create mode 100644 include/mbedtls_extra/mbedtls_cc_hkdf.h create mode 100644 include/mbedtls_extra/mbedtls_cc_hkdf_error.h create mode 100644 include/mbedtls_extra/mbedtls_cc_srp.h create mode 100644 include/mbedtls_extra/mbedtls_cc_srp_error.h create mode 100644 include/nrf-config-cc310.h create mode 100644 lib/libnrf_cc310_core_0.9.14.a diff --git a/include/mbedtls/aes_alt.h b/include/mbedtls/aes_alt.h new file mode 100644 index 0000000..7044cf4 --- /dev/null +++ b/include/mbedtls/aes_alt.h @@ -0,0 +1,72 @@ +/* + * Copyright (c) 2001-2019, Arm Limited and Contributors. All rights reserved. + * + * SPDX-License-Identifier: BSD-3-Clause + */ + +#ifndef MBEDTLS_AES_ALT_H +#define MBEDTLS_AES_ALT_H + + +#if defined(MBEDTLS_CONFIG_FILE) +#include MBEDTLS_CONFIG_FILE +#endif + + +#include +#include + +#if defined(MBEDTLS_AES_ALT) + + +/* padlock.c and aesni.c rely on these values! */ +#define MBEDTLS_AES_ENCRYPT 1 /**< AES encryption. */ +#define MBEDTLS_AES_DECRYPT 0 /**< AES decryption. */ + +/* Error codes in range 0x0020-0x0022 */ +#define MBEDTLS_ERR_AES_INVALID_KEY_LENGTH -0x0020 /**< Invalid key length. */ +#define MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH -0x0022 /**< Invalid data input length. */ + +/* Error codes in range 0x0023-0x0025 */ +#define MBEDTLS_ERR_AES_FEATURE_UNAVAILABLE -0x0023 /**< Feature not available. For example, an unsupported AES key size. */ +#define MBEDTLS_ERR_AES_HW_ACCEL_FAILED -0x0025 /**< AES hardware accelerator failed. */ + + +/* The Size of the AES context.*/ +#define MBEDTLS_AES_CONTEXT_SIZE_IN_WORDS (29) + + +#ifdef __cplusplus +extern "C" { +#endif + +/** + * \brief AES context structure + * + */ +typedef struct +{ + uint32_t buf[MBEDTLS_AES_CONTEXT_SIZE_IN_WORDS]; +} mbedtls_aes_context; + + +#if defined(MBEDTLS_CIPHER_MODE_XTS) +/** + * \brief The AES XTS context-type definition. + */ +typedef struct mbedtls_aes_xts_context +{ + mbedtls_aes_context crypt; /*!< The AES context to use for AES block + encryption or decryption. */ + mbedtls_aes_context tweak; /*!< The AES context used for tweak + computation. */ +} mbedtls_aes_xts_context; +#endif /* MBEDTLS_CIPHER_MODE_XTS */ + +#ifdef __cplusplus +} +#endif + +#endif /* MBEDTLS_AES_ALT */ + +#endif /* MBEDTLS_AES_ALT_H */ diff --git a/include/mbedtls/cc3xx_kmu.h b/include/mbedtls/cc3xx_kmu.h new file mode 100644 index 0000000..834e863 --- /dev/null +++ b/include/mbedtls/cc3xx_kmu.h @@ -0,0 +1,403 @@ +/* + * Copyright (c) 2020 Nordic Semiconductor ASA + * + * SPDX-License-Identifier: LicenseRef-Nordic-5-Clause + */ + +/**@file + * @defgroup nrf_cc3xx_mbedcrypto nrf_cc3xx_mbedcrypto APIs + * @{ + * @brief nrf_cc3xx_mbedcrypto nrf_cc3xx_mbedcrypto library containing cc3xx + * APIs for the KMU or KDR peripherals. Further documentation can be found on : https://tls.mbed.org + * @} + * + * @defgroup nrf_cc3xx_mbedcrypto_kmu nrf_cc3xx_mbedcrypto KMU APIs + * @ingroup nrf_cc3xx_mbedcrypto + * @{ + * @brief The nrf_cc3xx_mbedcrypto_kmu APIs can be utilized to directly use or derive keys + * from KMU or KDR in ARM CryptoCell devices + */ +#ifndef CC3XX_KMU_H__ +#define CC3XX_KMU_H__ + +#include + +#if !defined(MBEDTLS_CONFIG_FILE) +#include "mbedtls/config.h" +#else +#include MBEDTLS_CONFIG_FILE +#endif + +#include "nrf_cc3xx_platform_defines.h" + + +#define MBEDTLS_SHADOW_KEY_KDF_MAX_LABEL_SIZE_IN_BYTES (64) //!< KDF input "label" can be 0 to 64 bytes. +#define MBEDTLS_SHADOW_KEY_KDF_MAX_CONTEXT_SIZE_IN_BYTES (64) //!< KDF input "context" can be 0 to 64 bytes. +#define MBEDTLS_SHADOW_KEY_KDF_MAX_DERIVED_SIZE_IN_BYTES (4080) //!< KDF max length for derived material. + + +#define MBEDTLS_ERR_SHADOW_KEY_KEY_OK (0) //!< The shadow key operation was succesful. +#define MBEDTLS_ERR_SHADOW_KEY_INVALID_SLOT (-1) //!< The shadow key operation used an invalid slot. +#define MBEDTLS_ERR_SHADOW_KEY_INVALID_SIZE (-2) //!< The shadow key was of invalid size. +#define MBEDTLS_ERR_SHADOW_KEY_KDF_INVALID_LABEL (-3) //!< The KDF input label is invalid +#define MBEDTLS_ERR_SHADOW_KEY_KDF_INVALID_CONTEXT (-4) //!< The KDF input context is invalid +#define MBEDTLS_ERR_SHADOW_KEY_KDF_INVALID_INPUT (-5) //!< The KDF input is invalid +#define MBEDTLS_ERR_SHADOW_KEY_INTERNAL_ERROR (-6) //!< KMU/KDF internal error. + +#if defined(MBEDTLS_AES_C) + +#include "mbedtls/aes.h" + +#ifdef __cplusplus +extern "C" +{ +#endif + +/** @brief Function to configure AES to use one or more KMU key slot for + * encryption + * + * @note A shadow key is not directly accessible, only reference information + * is stored in the context type + * + * @note Replaces the API mbedtls_aes_setkey_enc. + * + * @note Using this API enforces raw key usage of keys in the KMU slots. + * If derived key usage is intended, please use the API + * nrf_cc3xx_platform_kmu_aes_setkey_enc_shadow_key_derived. + * + * @param ctx AES context to set the key by KMU slot + * @param slot_id Identifier of the key slot (0 - 127) + * @param keybits Key size in bits + * + * @returns 0 on success, otherwise a negative number. + */ +int mbedtls_aes_setkey_enc_shadow_key( + mbedtls_aes_context * const ctx, + uint32_t slot_id, + unsigned int keybits); + + +/** @brief Function to configure AES to use one or more KMU key slot for + * decryption + * + * @note A shadow key is not directly accessible, only reference information + * is stored in the context type + * + * @note Replaces the API mbedtls_aes_setkey_dec. + * + * @note Using this API enforces raw key usage of keys in the KMU slots. + * If derived key usage is intended, please use the API + * nrf_cc3xx_platform_kmu_aes_setkey_dec_shadow_key_derived. + * + * @param ctx AES context to set the key by KMU slot. + * @param slot_id Identifier of the key slot (0 - 127). + * @param keybits Key size in bits. + * + * @returns 0 on success, otherwise a negative number. + */ +int mbedtls_aes_setkey_dec_shadow_key( + mbedtls_aes_context * const ctx, + uint32_t slot_id, + unsigned int keybits); + + +/** @brief Function to configure AES to use a key derived from one or more + * slots in KMU for encryption. + * + * @details See mbedtls_derive_kmu_key for details on the KDF function. + * + * @note Replaces the API mbedtls_aes_setkey_dec. + * + * @note The key derivation is executed before each requests to encrypt. + * this function only configures the context to use a derived key. + * + * @note When deriving the key from KMU registers, the derived keys exist + * in SRAM for a brief period of time, before being loaded into the + * write-only CryptoCell HW registers for AES keys before encryption. + * + * @param ctx AES context to set the decryption key by KMU slot. + * @param slot_id Identifier of the key slot (0 - 127). + * @param keybits Key size in bits. + * @param label Label to use for KDF. + * @param label_size Size of the label to use for KDF. + * @param context Context info to use for KDF. + * @param context_size Context info size to use for KDF. + * + * @returns 0 on success, otherwise a negative number. + */ +int mbedtls_aes_setkey_enc_shadow_key_derived( + mbedtls_aes_context * const ctx, + uint32_t slot_id, + unsigned int keybits, + uint8_t const * label, + size_t label_size, + uint8_t const * context, + size_t context_size); + + +/** @brief Function to configure AES to use a key derived from one or more + * slots in KMU for decryption. + * + * @details See mbedtls_derive_kmu_key for details on the KDF function. + * + * @note A shadow key is not directly accessible, only reference information + * is stored in the context type + * @note Replaces the API mbedtls_aes_setkey_enc. + * + * @note The key derivation is executed before each requests to decrypt. + * This function only configures the context to use a derived key. + * + * @note When deriving the key from KMU registers, the derived keys exist + * in SRAM for a brief period of time, before being loaded into the + * write-only CryptoCell HW registers for AES keys before decryption. + * + * @param ctx AES context to set the decryption key by KMU slot. + * @param slot_id Identifier of the key slot (0 - 127). + * @param keybits Key size in bits. + * @param label Label to use for KDF. + * @param label_size Size of the label to use for KDF. + * @param context Context info to use for KDF. + * @param context_size Context info size to use for KDF. + * + * @returns 0 on success, otherwise a negative number. + */ +int mbedtls_aes_setkey_dec_shadow_key_derived( + mbedtls_aes_context * const ctx, + uint32_t slot_id, + unsigned int keybits, + uint8_t const * label, + size_t label_size, + uint8_t const * context, + size_t context_size); + +#ifdef __cplusplus +} +#endif + +#endif /* defined(MBEDTLS_AES_C) */ + + +#if defined(MBEDTLS_CCM_C) + +#include "mbedtls/ccm.h" + +#ifdef __cplusplus +extern "C" +{ +#endif + +/** @brief Function to configure AES CCM to use one or more KMU key slot as + * encryption key. + * + * @note A shadow key is not directly accessible, only reference information + * is stored in the context type + * + * @note Replaces the API mbedtls_ccm_setkey. + * + * @note Using this API enforces raw key usage of keys in the KMU slots. + * If derived key usage is intended, please use the API + * nrf_cc3xx_platform_kmu_aes_setkey_enc_shadow_key_derived. + * + * @param ctx AES context to set the key by KMU slot. + * @param cipher Cipher id to use. + * @param slot_id Identifier of the key slot (0 - 127). + * @param keybits Key size in bits. + * + * @returns 0 on success, otherwise a negative number. + */ +int mbedtls_ccm_setkey_shadow_key( + mbedtls_ccm_context * const ctx, + mbedtls_cipher_id_t cipher, + uint32_t slot_id, + unsigned int keybits +); + +/** @brief Function to configure AES CCM to use a key derived from one or more + * slots in KMU for encryption. + * + * @details See mbedtls_derive_kmu_key for details on the KDF function. + * + * @note A shadow key is not directly accessible, only reference information + * is stored in the context type + * + * @note Replaces the API mbedtls_ccm_setkey. + * + * @note The key derivation is executed before each requests to decrypt. + * This function only configures the context to use a derived key. + * + * @note When deriving the key from KMU registers, the derived keys exist + * in SRAM for a brief period of time, before being loaded into the + * write-only CryptoCell HW registers for AES keys before decryption. + * + * @param ctx AES context to set the decryption key by KMU slot. + * @param cipher Cipher id to use. + * @param slot_id Identifier of the key slot (0 - 127). + * @param keybits Key size in bits. + * @param label Label to use for KDF. + * @param label_size Size of the label to use for KDF. + * @param context Context info to use for KDF. + * @param context_size Context info size to use for KDF. + * + * @returns 0 on success, otherwise a negative number. + */ +int mbedtls_ccm_setkey_shadow_key_derived( + mbedtls_ccm_context * const ctx, + mbedtls_cipher_id_t cipher, + uint32_t slot_id, + unsigned int keybits, + uint8_t const * label, + size_t label_size, + uint8_t const * context, + size_t context_size +); + +#ifdef __cplusplus +} +#endif + +#endif /* defined(MBEDTLS_CCM_C) */ + +#if defined(MBEDTLS_GCM_C) + +#include "mbedtls/gcm.h" + +#ifdef __cplusplus +extern "C" +{ +#endif + +/** @brief Function to configure AES GCM to use one or more KMU key slot as + * encryption key. + * + * @note A shadow key is not directly accessible, only reference information + * is stored in the context type + * + * @note Replaces the API mbedtls_gcm_setkey. + * + * @note Using this API enforces raw key usage of keys in the KMU slots. + * If derived key usage is intended, please use the API + * nrf_cc3xx_platform_kmu_aes_setkey_enc_shadow_key_derived. + * + * @param ctx AES context to set the key by KMU slot. + * @param cipher Cipher id to use. + * @param slot_id Identifier of the key slot (0 - 127). + * @param keybits Key size in bits. + * + * @returns 0 on success, otherwise a negative number. + */ +int mbedtls_gcm_setkey_shadow_key( + mbedtls_gcm_context * const ctx, + mbedtls_cipher_id_t cipher, + uint32_t slot_id, + unsigned int keybits +); + +/** @brief Function to configure AES GCM to use a key derived from one or more + * slots in KMU for encryption. + * + * @details See mbedtls_derive_kmu_key for details on the KDF function. + * + * @note A shadow key is not directly accessible, only reference information + * is stored in the context type + * + * @note Replaces the API mbedtls_gcm_setkey. + * + * @note The key derivation is executed before each requests to decrypt. + * this function only configures the context to use a derived key. + * + * @note When deriving the key from KMU registers, the derived keys exist + * in SRAM for a brief period of time, before being loaded into the + * write-only CryptoCell HW registers for AES keys before decryption. + * + * @param ctx AES context to set the decryption key by KMU slot. + * @param cipher Cipher id to use. + * @param slot_id Identifier of the key slot (0 - 127). + * @param keybits Key size in bits. + * @param label Label to use for KDF. + * @param label_size Size of the label to use for KDF. + * @param context Context info to use for KDF. + * @param context_size Context info size to use for KDF. + * + * @returns 0 on success, otherwise a negative number. + */ +int mbedtls_gcm_setkey_shadow_key_derived( + mbedtls_gcm_context * const ctx, + mbedtls_cipher_id_t cipher, + uint32_t slot_id, + unsigned int keybits, + uint8_t const * label, + size_t label_size, + uint8_t const * context, + size_t context_size +); + +#ifdef __cplusplus +} +#endif + +#endif // defined(MBEDTLS_GCM_C) + +#if defined(MBEDTLS_AES_C) + +#include "mbedtls/aes.h" + +#ifdef __cplusplus +extern "C" +{ +#endif + + +/** @brief Function to use CMAC to derive a key stored in KMU/Kdr + * + * @details The KDF is using a PRF function described in the Special publication + * 800-108: Recommendation for Key Derivation Using Pseudorandom Functions + * https://csrc.nist.gov/publications/detail/sp/800-108/final. + * + * This algorithm is described in chapter 5.1 - KDF in Counter Mode + * + * The format of the PRF (the input) is as follows: + * PRF (KI, i || Label || 0x00 || Context || L) + * + * KI: The Key derivation key + * i : The counter value for each iteration of the PRF represented + * as one byte. + * label: A string identifying the purpose of the derived key + * that is up to 64 bytes long. + * 0x00: a single byte delimiter. + * Context: Fixed information about the derived keying material + * that is up to 64 bytes long. + * L : The length of derived key material in bits represented as two + * bytes. + * + * @note On nRF52840 only slot_id == 0 is valid, pointing to the + * Kdr key (also known as a HUK key) loaded into the CryptoCell. + * + * @param slot_id Identifier of the key slot. + * @param keybits Key size in bits. + * @param label Label to use for KDF. + * @param label_size Size of the label to use for KDF. + * @param context Context info to use for KDF. + * @param context_size Context info size to use for KDF. + * @param output Output buffer. + * @param output_size Size of output buffer in bytes. + * + * @returns 0 on success, otherwise a negative number. + */ +int mbedtls_shadow_key_derive(uint32_t slot_id, + unsigned int keybits, + uint8_t const * label, + size_t label_size, + uint8_t const * context, + size_t context_size, + uint8_t * output, + size_t output_size); + +#ifdef __cplusplus +} +#endif + +#endif // defined(MBEDTLS_AES_C) + +#endif /* CC3XX_KMU_H__ */ + +/** @} */ diff --git a/include/mbedtls/ccm_alt.h b/include/mbedtls/ccm_alt.h new file mode 100644 index 0000000..5877e1e --- /dev/null +++ b/include/mbedtls/ccm_alt.h @@ -0,0 +1,45 @@ +/* + * Copyright (c) 2001-2019, Arm Limited and Contributors. All rights reserved. + * + * SPDX-License-Identifier: BSD-3-Clause + */ + +#ifndef MBEDTLS_CCM_ALT_H +#define MBEDTLS_CCM_ALT_H + +#if defined(MBEDTLS_CONFIG_FILE) +#include MBEDTLS_CONFIG_FILE +#endif + +#include +#include +#include "mbedtls/cipher.h" + +#if defined (MBEDTLS_CCM_ALT) + +#define MBEDTLS_ERR_CCM_BAD_INPUT -0x000D /**< Bad input parameters to function. */ +#define MBEDTLS_ERR_CCM_AUTH_FAILED -0x000F /**< Authenticated decryption failed. */ + +/* The Size of the CCM context.*/ +#define MBEDTLS_CCM_CONTEXT_SIZE_IN_WORDS (33) + +#ifdef __cplusplus +extern "C" { +#endif + +/** + * \brief The CCM context-type definition. The CCM context is passed + * to the APIs called. + */ +typedef struct { + uint32_t buf[MBEDTLS_CCM_CONTEXT_SIZE_IN_WORDS]; +} +mbedtls_ccm_context; + +#ifdef __cplusplus +} +#endif + +#endif /* MBEDTLS_CCM_ALT */ + +#endif /* MBEDTLS_CCM_ALT_H */ diff --git a/include/mbedtls/chacha20_alt.h b/include/mbedtls/chacha20_alt.h new file mode 100644 index 0000000..2bb7a20 --- /dev/null +++ b/include/mbedtls/chacha20_alt.h @@ -0,0 +1,58 @@ +/* + * Copyright (c) 2001-2019, Arm Limited and Contributors. All rights reserved. + * + * SPDX-License-Identifier: BSD-3-Clause + */ + +#ifndef MBEDTLS_CHACHA20_ALT_H +#define MBEDTLS_CHACHA20_ALT_H + +#if defined(MBEDTLS_CONFIG_FILE) +#include MBEDTLS_CONFIG_FILE +#endif + + +#include +#include + + +#ifdef __cplusplus +extern "C" +{ +#endif + +/************************ Defines ******************************/ + +/*! The size of the ChaCha user-context in words. */ +#define MBEDTLS_CHACHA_USER_CTX_SIZE_IN_WORDS 41 +/*! The size of the ChaCha block in Bytes. */ +#define MBEDTLS_CHACHA_BLOCK_SIZE_BYTES 64 +/*! The size of the ChaCha block in Bytes. As defined in rfc7539 */ +#define MBEDTLS_CHACHA_NONCE_SIZE_BYTES 12 +/*! The size of the ChaCha key in Bytes. */ +#define MBEDTLS_CHACHA_KEY_SIZE_BYTES 32 +/*! Internal type to identify 12 byte nonce */ +#define MBEDTLS_CHACHA_NONCE_SIZE_12BYTE_TYPE 1 + +/*! The definition of the 12-Byte array of the nonce buffer. */ +typedef uint8_t mbedtls_chacha_nonce[MBEDTLS_CHACHA_NONCE_SIZE_BYTES]; + +/*! The definition of the key buffer of the ChaCha engine. */ +typedef uint8_t mbedtls_chacha_key[MBEDTLS_CHACHA_KEY_SIZE_BYTES]; + +#if defined(MBEDTLS_CHACHA20_ALT) + +typedef struct +{ + uint32_t buf[MBEDTLS_CHACHA_USER_CTX_SIZE_IN_WORDS]; +} +mbedtls_chacha20_context; + +#endif + +#ifdef __cplusplus +} +#endif + + +#endif /* MBEDTLS_CHACHA20_ALT_H */ diff --git a/include/mbedtls/chachapoly_alt.h b/include/mbedtls/chachapoly_alt.h new file mode 100644 index 0000000..8c288eb --- /dev/null +++ b/include/mbedtls/chachapoly_alt.h @@ -0,0 +1,43 @@ +/* + * Copyright (c) 2001-2019, Arm Limited and Contributors. All rights reserved. + * + * SPDX-License-Identifier: BSD-3-Clause + */ + +#ifndef MBEDTLS_CHACHAPOLY_ALT_H +#define MBEDTLS_CHACHAPOLY_ALT_H + +#if defined(MBEDTLS_CONFIG_FILE) +#include MBEDTLS_CONFIG_FILE +#endif + +#include "chacha20_alt.h" + + +#ifdef __cplusplus +extern "C" +{ +#endif + +/************************ Defines ******************************/ +#define CHACHAPOLY_TAG_SIZE_BYTES 16 + +#if defined(MBEDTLS_CHACHAPOLY_ALT) + +typedef struct +{ + mbedtls_chacha20_context chacha20_ctx; /**< The ChaCha20 context. */ +}mbedtls_chachapoly_context; + +#endif + +#ifdef __cplusplus +extern "C" { +#endif + +#ifdef __cplusplus +} +#endif + + +#endif /* MBEDTLS_CHACHAPOLY_ALT_H */ diff --git a/include/mbedtls/cmac_alt.h b/include/mbedtls/cmac_alt.h new file mode 100644 index 0000000..7967204 --- /dev/null +++ b/include/mbedtls/cmac_alt.h @@ -0,0 +1,43 @@ +/* + * Copyright (c) 2001-2019, Arm Limited and Contributors. All rights reserved. + * + * SPDX-License-Identifier: BSD-3-Clause + */ + +#ifndef MBEDTLS_CMAC_ALT_H +#define MBEDTLS_CMAC_ALT_H + +#if defined(MBEDTLS_CONFIG_FILE) +#include MBEDTLS_CONFIG_FILE +#endif + + + +#include +#include + +#if defined(MBEDTLS_CMAC_ALT) + +/* hide internal implementation of the struct. Allocate enough space for it.*/ +#define MBEDTLS_CMAC_CONTEXT_SIZE_IN_WORDS 38 + + +#ifdef __cplusplus +extern "C" { +#endif + +/** + * \brief CMAC cipher context structure + */ +struct mbedtls_cmac_context_t{ + /*! Internal buffer */ + uint32_t buf[MBEDTLS_CMAC_CONTEXT_SIZE_IN_WORDS]; +}; + +#ifdef __cplusplus +} +#endif + +#endif /* MBEDTLS_CMAC_ALT */ + +#endif /* MBEDTLS_CMAC_ALT_H */ diff --git a/include/mbedtls/dhm_alt.h b/include/mbedtls/dhm_alt.h new file mode 100644 index 0000000..9a0382d --- /dev/null +++ b/include/mbedtls/dhm_alt.h @@ -0,0 +1,63 @@ +/* + * Copyright (c) 2001-2019, Arm Limited and Contributors. All rights reserved. + * + * SPDX-License-Identifier: BSD-3-Clause + */ + +#ifndef MBEDTLS_DHM_ALT_H +#define MBEDTLS_DHM_ALT_H + + +#if defined(MBEDTLS_DHM_ALT) + + +#if defined(MBEDTLS_CONFIG_FILE) +#include MBEDTLS_CONFIG_FILE +#endif + +#include + +/* + * DHM Error codes + */ +#define MBEDTLS_ERR_DHM_BAD_INPUT_DATA -0x3080 /**< Bad input parameters. */ +#define MBEDTLS_ERR_DHM_READ_PARAMS_FAILED -0x3100 /**< Reading of the DHM parameters failed. */ +#define MBEDTLS_ERR_DHM_MAKE_PARAMS_FAILED -0x3180 /**< Making of the DHM parameters failed. */ +#define MBEDTLS_ERR_DHM_READ_PUBLIC_FAILED -0x3200 /**< Reading of the public values failed. */ +#define MBEDTLS_ERR_DHM_MAKE_PUBLIC_FAILED -0x3280 /**< Making of the public value failed. */ +#define MBEDTLS_ERR_DHM_CALC_SECRET_FAILED -0x3300 /**< Calculation of the DHM secret failed. */ +#define MBEDTLS_ERR_DHM_INVALID_FORMAT -0x3380 /**< The ASN.1 data is not formatted correctly. */ +#define MBEDTLS_ERR_DHM_ALLOC_FAILED -0x3400 /**< Allocation of memory failed. */ +#define MBEDTLS_ERR_DHM_FILE_IO_ERROR -0x3480 /**< Read or write of file failed. */ +#define MBEDTLS_ERR_DHM_HW_ACCEL_FAILED -0x3500 /**< DHM hardware accelerator failed. */ +#define MBEDTLS_ERR_DHM_SET_GROUP_FAILED -0x3580 /**< Setting the modulus and generator failed. */ + +#ifdef __cplusplus +extern "C" { +#endif + +/** + * \brief The DHM context structure. + */ +typedef struct +{ + size_t len; /*!< The size of \p P in Bytes. */ + mbedtls_mpi P; /*!< The prime modulus. */ + mbedtls_mpi G; /*!< The generator. */ + mbedtls_mpi X; /*!< Our secret value. */ + mbedtls_mpi GX; /*!< Our public key = \c G^X mod \c P. */ + mbedtls_mpi GY; /*!< The public key of the peer = \c G^Y mod \c P. */ + mbedtls_mpi K; /*!< The shared secret = \c G^(XY) mod \c P. */ + mbedtls_mpi RP; /*!< The cached value = \c R^2 mod \c P. */ + mbedtls_mpi Vi; /*!< The blinding value. */ + mbedtls_mpi Vf; /*!< The unblinding value. */ + mbedtls_mpi pX; /*!< The previous \c X. */ +} +mbedtls_dhm_context; + +#ifdef __cplusplus +} +#endif + +#endif /* MBEDTLS_DHM_ALT - use alternative code */ +#endif /* MBEDTLS_DHM_ALT_H - include only once */ diff --git a/include/mbedtls/ecp_alt.h b/include/mbedtls/ecp_alt.h new file mode 100644 index 0000000..3288453 --- /dev/null +++ b/include/mbedtls/ecp_alt.h @@ -0,0 +1,144 @@ +/* + * Copyright (c) 2001-2019, Arm Limited and Contributors. All rights reserved. + * + * SPDX-License-Identifier: BSD-3-Clause + */ +#ifndef MBEDTLS_ECP_ALT_H +#define MBEDTLS_ECP_ALT_H + +#if defined(MBEDTLS_ECP_ALT) + +#ifdef __cplusplus +extern "C" { +#endif + +/** + * The content of the structure in this ALT implementation is + * exactly the same as ecp.h, but the type must be provided + * here as MBEDTLS_ECP_ALT is set + */ + +/** + * \brief The ECP group structure. + * + * We consider two types of curve equations: + *
  • Short Weierstrass: y^2 = x^3 + A x + B mod P + * (SEC1 + RFC-4492)
    • + *
  • Montgomery: y^2 = x^3 + A x^2 + x mod P (Curve25519, + * Curve448)
+ * In both cases, the generator (\p G) for a prime-order subgroup is fixed. + * + * For Short Weierstrass, this subgroup is the whole curve, and its + * cardinality is denoted by \p N. Our code requires that \p N is an + * odd prime as mbedtls_ecp_mul() requires an odd number, and + * mbedtls_ecdsa_sign() requires that it is prime for blinding purposes. + * + * For Montgomery curves, we do not store \p A, but (A + 2) / 4, + * which is the quantity used in the formulas. Additionally, \p nbits is + * not the size of \p N but the required size for private keys. + * + * If \p modp is NULL, reduction modulo \p P is done using a generic algorithm. + * Otherwise, \p modp must point to a function that takes an \p mbedtls_mpi in the + * range of 0..2^(2*pbits)-1, and transforms it in-place to an integer + * which is congruent mod \p P to the given MPI, and is close enough to \p pbits + * in size, so that it may be efficiently brought in the 0..P-1 range by a few + * additions or subtractions. Therefore, it is only an approximative modular + * reduction. It must return 0 on success and non-zero on failure. + * + * \note Alternative implementations must keep the group IDs distinct. If + * two group structures have the same ID, then they must be + * identical. + * + */ +typedef struct mbedtls_ecp_group +{ + mbedtls_ecp_group_id id; /*!< An internal group identifier. */ + mbedtls_mpi P; /*!< The prime modulus of the base field. */ + mbedtls_mpi A; /*!< For Short Weierstrass: \p A in the equation. For + Montgomery curves: (A + 2) / 4. */ + mbedtls_mpi B; /*!< For Short Weierstrass: \p B in the equation. + For Montgomery curves: unused. */ + mbedtls_ecp_point G; /*!< The generator of the subgroup used. */ + mbedtls_mpi N; /*!< The order of \p G. */ + size_t pbits; /*!< The number of bits in \p P.*/ + size_t nbits; /*!< For Short Weierstrass: The number of bits in \p P. + For Montgomery curves: the number of bits in the + private keys. */ + unsigned int h; /*!< \internal 1 if the constants are static. */ + int (*modp)(mbedtls_mpi *); /*!< The function for fast pseudo-reduction + mod \p P (see above).*/ + int (*t_pre)(mbedtls_ecp_point *, void *); /*!< Unused. */ + int (*t_post)(mbedtls_ecp_point *, void *); /*!< Unused. */ + void *t_data; /*!< Unused. */ + mbedtls_ecp_point *T; /*!< Pre-computed points for ecp_mul_comb(). */ + size_t T_size; /*!< The number of pre-computed points. */ +} +mbedtls_ecp_group; + +/** + * \name SECTION: Module settings + * + * The configuration options you can set for this module are in this section. + * Either change them in config.h, or define them using the compiler command line. + * \{ + */ + +#if !defined(MBEDTLS_ECP_MAX_BITS) +/** + * The maximum size of the groups, that is, of \c N and \c P. + */ +#define MBEDTLS_ECP_MAX_BITS 521 /**< The maximum size of groups, in bits. */ +#endif + +#define MBEDTLS_ECP_MAX_BYTES ( ( MBEDTLS_ECP_MAX_BITS + 7 ) / 8 ) +#define MBEDTLS_ECP_MAX_PT_LEN ( 2 * MBEDTLS_ECP_MAX_BYTES + 1 ) + +#if !defined(MBEDTLS_ECP_WINDOW_SIZE) +/* + * Maximum "window" size used for point multiplication. + * Default: 6. + * Minimum value: 2. Maximum value: 7. + * + * Result is an array of at most ( 1 << ( MBEDTLS_ECP_WINDOW_SIZE - 1 ) ) + * points used for point multiplication. This value is directly tied to EC + * peak memory usage, so decreasing it by one should roughly cut memory usage + * by two (if large curves are in use). + * + * Reduction in size may reduce speed, but larger curves are impacted first. + * Sample performances (in ECDHE handshakes/s, with FIXED_POINT_OPTIM = 1): + * w-size: 6 5 4 3 2 + * 521 145 141 135 120 97 + * 384 214 209 198 177 146 + * 256 320 320 303 262 226 + * 224 475 475 453 398 342 + * 192 640 640 633 587 476 + */ +#define MBEDTLS_ECP_WINDOW_SIZE 6 /**< The maximum window size used. */ +#endif /* MBEDTLS_ECP_WINDOW_SIZE */ + +#if !defined(MBEDTLS_ECP_FIXED_POINT_OPTIM) +/* + * Trade memory for speed on fixed-point multiplication. + * + * This speeds up repeated multiplication of the generator (that is, the + * multiplication in ECDSA signatures, and half of the multiplications in + * ECDSA verification and ECDHE) by a factor roughly 3 to 4. + * + * The cost is increasing EC peak memory usage by a factor roughly 2. + * + * Change this value to 0 to reduce peak memory usage. + */ +#define MBEDTLS_ECP_FIXED_POINT_OPTIM 1 /**< Enable fixed-point speed-up. */ +#endif /* MBEDTLS_ECP_FIXED_POINT_OPTIM */ + +/* \} name SECTION: Module settings */ + +#define MBEDTLS_ECP_BUDGET( ops ) /* no-op; for compatibility */ + +#ifdef __cplusplus +} +#endif + +#endif /* MBEDTLS_ECP_ALT */ + +#endif /* MBEDTLS_ECP_ALT_H */ diff --git a/include/mbedtls/platform_alt.h b/include/mbedtls/platform_alt.h new file mode 100644 index 0000000..4187e8b --- /dev/null +++ b/include/mbedtls/platform_alt.h @@ -0,0 +1,65 @@ +/* + * Copyright (c) 2001-2019, Arm Limited and Contributors. All rights reserved. + * + * SPDX-License-Identifier: BSD-3-Clause + */ + +#ifndef MBEDTLS_PLATFORM_ALT_H +#define MBEDTLS_PLATFORM_ALT_H + +#include +#include + +#if defined(MBEDTLS_CONFIG_FILE) +#include MBEDTLS_CONFIG_FILE +#endif + +#if defined(MBEDTLS_PLATFORM_SETUP_TEARDOWN_ALT) + +#define MBEDTLS_ERR_PLATFORM_SUCCESS (0) +#define MBEDTLS_ERR_PLATFORM_ERROR_PARAM_NULL (-0x7001) +#define MBEDTLS_ERR_PLATFORM_ERROR_INTERNAL (-0x7002) +#define MBEDTLS_ERR_PLATFORM_ERROR_RNG_TEST_FAILED (-0x7003) +#define MBEDTLS_ERR_PLATFORM_ERROR_HW_VERSION_FAILED (-0x7004) +#define MBEDTLS_ERR_PLATFORM_ERROR_PARAM_WRITE_FAILED (-0x7005) +#define MBEDTLS_ERR_PLATFORM_ERROR_MUTEX_NOT_INITIALIZED (-0x7016) +#define MBEDTLS_ERR_PLATFORM_ERROR_MUTEX_FAILED (-0x7017) +#define MBEDTLS_ERR_PLATFORM_ERROR_ENTROPY_NOT_INITIALIZED (-0x7018) +#define MBEDTLS_ERR_PLATFORM_ERROR_ENTROPY_TRNG_TOO_LONG (-0x7019) + +#ifdef __cplusplus +extern "C" { +#endif + +/** + * \brief The platform context structure. + * + */ +typedef struct { + char dummy; /**< A placeholder member, as empty structs are not portable. */ +} +mbedtls_platform_context; + + +/** @brief Function to initialize platform without rng support + * + * Call this function instead of mbedtls_platform_setup if RNG is not required. + * e.g. to conserve code size of improve startup time. + * + * @note It is possible to run mbedtls_platform_setup after calling + * this API if RNG is suddenly required. Calling mbedtls_platform_teardown + * is not required to be used, in this case. + * + * @warning Only deterministic cryptographic is supported if this API is used + * to initalize the HW. + */ +int mbedtls_platform_setup_no_rng(void); + + +#ifdef __cplusplus +} +#endif + +#endif /* MBEDTLS_PLATFORM_SETUP_TEARDOWN_ALT */ + +#endif /* MBEDTLS_PLATFORM_ALT_H */ diff --git a/include/mbedtls/poly1305_alt.h b/include/mbedtls/poly1305_alt.h new file mode 100644 index 0000000..93d400d --- /dev/null +++ b/include/mbedtls/poly1305_alt.h @@ -0,0 +1,59 @@ +/* + * Copyright (c) 2001-2019, Arm Limited and Contributors. All rights reserved. + * + * SPDX-License-Identifier: BSD-3-Clause + */ + +#ifndef MBEDTLS_POLY1305_ALT_H +#define MBEDTLS_POLY1305_ALT_H + +#if defined(MBEDTLS_CONFIG_FILE) +#include MBEDTLS_CONFIG_FILE +#endif + + +#ifdef __cplusplus +extern "C" +{ +#endif + +#if defined(MBEDTLS_POLY1305_ALT) + +/************************ defines ****************************/ +/*! The size of the POLY key in words. */ +#define MBEDTLS_POLY_KEY_SIZE_WORDS 8 + +/*! The size of the POLY key in bytes. */ +#define MBEDTLS_POLY_KEY_SIZE_BYTES 32 + +/*! The size of the POLY MAC in words. */ +#define MBEDTLS_POLY_MAC_SIZE_WORDS 4 + +/*! The size of the POLY MAC in bytes. */ +#define MBEDTLS_POLY_MAC_SIZE_BYTES 16 + +/************************ Typedefs ****************************/ +/*! The definition of the ChaCha-MAC buffer. */ +typedef uint32_t mbedtls_poly_mac[MBEDTLS_POLY_MAC_SIZE_WORDS]; + +/*! The definition of the ChaCha-key buffer. */ +typedef uint32_t mbedtls_poly_key[MBEDTLS_POLY_KEY_SIZE_WORDS]; + +typedef struct mbedtls_poly1305_context +{ + uint32_t r[4]; /** The value for 'r' (low 128 bits of the key). */ + uint32_t s[4]; /** The value for 's' (high 128 bits of the key). */ + uint32_t acc[5]; /** The accumulator number. */ + uint8_t queue[16]; /** The current partial block of data. */ + size_t queue_len; /** The number of bytes stored in 'queue'. */ +} +mbedtls_poly1305_context; + +#endif + +#ifdef __cplusplus +} +#endif + + +#endif /* MBEDTLS_POLY1305_ALT_H */ diff --git a/include/mbedtls/rsa_alt.h b/include/mbedtls/rsa_alt.h new file mode 100644 index 0000000..4a3536c --- /dev/null +++ b/include/mbedtls/rsa_alt.h @@ -0,0 +1,82 @@ +/* + * Copyright (c) 2001-2019, Arm Limited and Contributors. All rights reserved. + * + * SPDX-License-Identifier: BSD-3-Clause + */ + +#ifndef MBEDTLS_RSA_ALT_H +#define MBEDTLS_RSA_ALT_H + +#if defined(MBEDTLS_CONFIG_FILE) +#include MBEDTLS_CONFIG_FILE +#endif + +#if defined (MBEDTLS_RSA_ALT) + +#include "bignum.h" + +#if defined(MBEDTLS_THREADING_C) +#include "threading.h" +#endif + +#ifdef __cplusplus +extern "C" { +#endif + +/** + * \brief The RSA context structure. + * + * \note Direct manipulation of the members of this structure + * is deprecated. All manipulation should instead be done through + * the public interface functions. + */ +typedef struct +{ + int ver; /*!< always 0 */ + size_t len; /*!< size(N) in chars */ + + mbedtls_mpi N; /*!< public modulus */ + mbedtls_mpi E; /*!< public exponent */ + + mbedtls_mpi D; /*!< private exponent */ + mbedtls_mpi P; /*!< 1st prime factor */ + mbedtls_mpi Q; /*!< 2nd prime factor */ + + mbedtls_mpi DP; /*!< D % (P - 1) */ + mbedtls_mpi DQ; /*!< D % (Q - 1) */ + mbedtls_mpi QP; /*!< 1 / (Q % P) */ + + mbedtls_mpi RN; /*!< cached R^2 mod N */ + + mbedtls_mpi RP; /*!< cached R^2 mod P */ + mbedtls_mpi RQ; /*!< cached R^2 mod Q */ + + mbedtls_mpi Vi; /*!< cached blinding value */ + mbedtls_mpi Vf; /*!< cached un-blinding value */ + + int padding; /*!< MBEDTLS_RSA_PKCS_V15 for 1.5 padding and + MBEDTLS_RSA_PKCS_v21 for OAEP/PSS */ + int hash_id; /*!< Hash identifier of mbedtls_md_type_t as + specified in the mbedtls_md.h header file + for the EME-OAEP and EMSA-PSS + encoding */ +#if defined(MBEDTLS_THREADING_C) + mbedtls_threading_mutex_t mutex; /*!< Thread-safety mutex */ +#else + uint8_t dummy[8]; /*!< Ensuring same size when threading is disabled */ +#endif + + mbedtls_mpi NP; /*!< Barrett mod N tag NP for N-modulus */ + mbedtls_mpi BQP; /*!< Barrett mod Q tag QP for Q-factor */ + mbedtls_mpi BPP; /*!< Barrett mod P tag PP for P-factor */ + +} +mbedtls_rsa_context; + +#ifdef __cplusplus +} +#endif + +#endif /* MBEDTLS_RSA_ALT */ + +#endif /* MBEDTLS_RSA_ALT_H */ diff --git a/include/mbedtls/sha1_alt.h b/include/mbedtls/sha1_alt.h new file mode 100644 index 0000000..1a8e08c --- /dev/null +++ b/include/mbedtls/sha1_alt.h @@ -0,0 +1,40 @@ +/* + * Copyright (c) 2001-2019, Arm Limited and Contributors. All rights reserved. + * + * SPDX-License-Identifier: BSD-3-Clause + */ + +#ifndef MBEDTLS_SHA1_ALT_H +#define MBEDTLS_SHA1_ALT_H + +#include +#include + +#if defined (MBEDTLS_CONFIG_FILE) +#include MBEDTLS_CONFIG_FILE +#endif + +#if defined (MBEDTLS_SHA1_ALT) + +#define SHA_1_CONTEXT_SIZE_IN_WORDS 60 + +#define MBEDTLS_ERR_SHA1_HW_ACCEL_FAILED -0x0035 /**< SHA-1 hardware accelerator failed */ + +#ifdef __cplusplus +extern "C" { +#endif + +/** + * \brief SHA-1 context structure + */ +typedef struct mbedtls_sha1_context { + /*! Internal buffer */ + uint32_t buff[SHA_1_CONTEXT_SIZE_IN_WORDS]; // defined in cc_hash_defs_proj.h +} mbedtls_sha1_context; + +#ifdef __cplusplus +} +#endif +#endif /* MBEDTLS_SHA1_ALT */ + +#endif /* MBEDTLS_SHA1_ALT_H */ diff --git a/include/mbedtls/sha256_alt.h b/include/mbedtls/sha256_alt.h new file mode 100644 index 0000000..301f9b7 --- /dev/null +++ b/include/mbedtls/sha256_alt.h @@ -0,0 +1,40 @@ +/* + * Copyright (c) 2001-2019, Arm Limited and Contributors. All rights reserved. + * + * SPDX-License-Identifier: BSD-3-Clause + */ + +#ifndef MBEDTLS_SHA256_ALT_H +#define MBEDTLS_SHA256_ALT_H + +#include +#include + +#if defined (MBEDTLS_CONFIG_FILE) +#include MBEDTLS_CONFIG_FILE +#endif + +#if defined (MBEDTLS_SHA256_ALT) + +#define SHA_256_CONTEXT_SIZE_IN_WORDS 60 + +#define MBEDTLS_ERR_SHA256_HW_ACCEL_FAILED -0x0037 /**< SHA-256 hardware accelerator failed */ + +#ifdef __cplusplus +extern "C" { +#endif + +/** + * \brief SHA-256 context structure + */ +typedef struct mbedtls_sha256_context { + uint32_t reserved; + uint32_t buff[SHA_256_CONTEXT_SIZE_IN_WORDS]; // defined in cc_hash_defs.h +} mbedtls_sha256_context; + +#ifdef __cplusplus +} +#endif +#endif /* MBEDTLS_SHA256_ALT */ + +#endif /* MBEDTLS_SHA256_ALT_H */ diff --git a/include/mbedtls/threading_alt.h b/include/mbedtls/threading_alt.h new file mode 100644 index 0000000..ac2bde6 --- /dev/null +++ b/include/mbedtls/threading_alt.h @@ -0,0 +1,21 @@ +/* + * Copyright (c) 2001-2019, Arm Limited and Contributors. All rights reserved. + * + * SPDX-License-Identifier: BSD-3-Clause + */ + +#ifndef MBEDTLS_THREADING_ALT_H +#define MBEDTLS_THREADING_ALT_H + +#include +#include "nrf_cc3xx_platform_mutex.h" + +/** @brief Alternate declaration of mbedtls mutex type + * + * The RTOS may require allocation and freeing of resources + * as the inner type of the mutex is represented by an + * RTOS-friendly void pointer. + */ +typedef nrf_cc3xx_platform_mutex_t mbedtls_threading_mutex_t; + +#endif /* MBEDTLS_THREADING_ALT_H */ diff --git a/include/mbedtls_extra/cc_aes_defs.h b/include/mbedtls_extra/cc_aes_defs.h new file mode 100644 index 0000000..46b2c75 --- /dev/null +++ b/include/mbedtls_extra/cc_aes_defs.h @@ -0,0 +1,160 @@ +/* + * Copyright (c) 2001-2019, Arm Limited and Contributors. All rights reserved. + * + * SPDX-License-Identifier: BSD-3-Clause + */ + + /*! + @addtogroup cc_aes_defs + @{ + */ + +/*! + @file + @brief This file contains the type definitions that are used by the CryptoCell + AES APIs. + */ + + +#ifndef CC_AES_DEFS_H +#define CC_AES_DEFS_H + +#include "cc_pal_types.h" +#include "cc_aes_defs_proj.h" + + +#ifdef __cplusplus +extern "C" +{ +#endif + + +/************************ Defines ******************************/ +/*! The size of the AES block in words. */ +#define CC_AES_CRYPTO_BLOCK_SIZE_IN_WORDS 4 +/*! The size of the AES block in bytes. */ +#define CC_AES_BLOCK_SIZE_IN_BYTES (CC_AES_CRYPTO_BLOCK_SIZE_IN_WORDS * sizeof(uint32_t)) + +/*! The size of the IV buffer in words. */ +#define CC_AES_IV_SIZE_IN_WORDS CC_AES_CRYPTO_BLOCK_SIZE_IN_WORDS +/*! The size of the IV buffer in bytes. */ +#define CC_AES_IV_SIZE_IN_BYTES (CC_AES_IV_SIZE_IN_WORDS * sizeof(uint32_t)) + + +/************************ Enums ********************************/ +/*! The AES operation:
  • Encrypt
  • Decrypt
. */ +typedef enum { + /*! An AES encrypt operation. */ + CC_AES_ENCRYPT = 0, + /*! An AES decrypt operation. */ + CC_AES_DECRYPT = 1, + /*! The maximal number of operations. */ + CC_AES_NUM_OF_ENCRYPT_MODES, + /*! Reserved. */ + CC_AES_ENCRYPT_MODE_LAST = 0x7FFFFFFF +}CCAesEncryptMode_t; + +/*! The AES operation mode. */ +typedef enum { + /*! ECB mode. */ + CC_AES_MODE_ECB = 0, + /*! CBC mode. */ + CC_AES_MODE_CBC = 1, + /*! CBC-MAC mode. */ + CC_AES_MODE_CBC_MAC = 2, + /*! CTR mode. */ + CC_AES_MODE_CTR = 3, + /*! XCBC-MAC mode. */ + CC_AES_MODE_XCBC_MAC = 4, + /*! CMAC mode. */ + CC_AES_MODE_CMAC = 5, + /*! XTS mode. */ + CC_AES_MODE_XTS = 6, + /*! CBC-CTS mode. */ + CC_AES_MODE_CBC_CTS = 7, + /*! OFB mode. */ + CC_AES_MODE_OFB = 8, + + /*! The maximal number of AES modes. */ + CC_AES_NUM_OF_OPERATION_MODES, + /*! Reserved. */ + CC_AES_OPERATION_MODE_LAST = 0x7FFFFFFF +}CCAesOperationMode_t; + +/*! The AES padding type. */ +typedef enum { + /*! No padding. */ + CC_AES_PADDING_NONE = 0, + /*! PKCS7 padding. */ + CC_AES_PADDING_PKCS7 = 1, + /*! The maximal number of AES padding modes. */ + CC_AES_NUM_OF_PADDING_TYPES, + /*! Reserved. */ + CC_AES_PADDING_TYPE_LAST = 0x7FFFFFFF +}CCAesPaddingType_t; + +/*! The AES key type. */ +typedef enum { + /*! The user key. */ + CC_AES_USER_KEY = 0, + /*! The Kplt hardware key. */ + CC_AES_PLATFORM_KEY = 1, + /*! The Kcst hardware key. */ + CC_AES_CUSTOMER_KEY = 2, + /*! The maximal number of AES key types. */ + CC_AES_NUM_OF_KEY_TYPES, + /*! Reserved. */ + CC_AES_KEY_TYPE_LAST = 0x7FFFFFFF +}CCAesKeyType_t; + +/************************ Typedefs ****************************/ + +/*! Defines the IV buffer. A 16-byte array. */ +typedef uint8_t CCAesIv_t[CC_AES_IV_SIZE_IN_BYTES]; + +/*! Defines the AES key data buffer. */ +typedef uint8_t CCAesKeyBuffer_t[CC_AES_KEY_MAX_SIZE_IN_BYTES]; + +/************************ Structs ******************************/ + +/*! + The context prototype of the user. + + The argument type that is passed by the user to the AES APIs. The context + saves the state of the operation, and must be saved by the user until + the end of the API flow. + */ +typedef struct CCAesUserContext_t { + /*! The context buffer for internal usage. */ + uint32_t buff[CC_AES_USER_CTX_SIZE_IN_WORDS] ; +}CCAesUserContext_t; + + +/*! The AES key data of the user. */ +typedef struct CCAesUserKeyData_t { + /*! A pointer to the key. */ + uint8_t * pKey; + /*! The size of the key in bytes. Valid values for XTS mode, if supported: + 32 bytes or 64 bytes, indicating the full size of the double key (2x128 or + 2x256 bit). Valid values for XCBC-MAC mode: 16 bytes, as limited by the + standard. Valid values for all other modes: 16 bytes, 24 bytes, or + 32 bytes. */ + size_t keySize; +}CCAesUserKeyData_t; + +/*! The AES HW key Data. */ +typedef struct CCAesHwKeyData_t { + /*! Slot number. */ + size_t slotNumber; +}CCAesHwKeyData_t; + +#endif /* CC_AES_DEFS_H */ + +#ifdef __cplusplus +} + +#endif + +/*! + @} +*/ diff --git a/include/mbedtls_extra/cc_aes_defs_proj.h b/include/mbedtls_extra/cc_aes_defs_proj.h new file mode 100644 index 0000000..d4a13b0 --- /dev/null +++ b/include/mbedtls_extra/cc_aes_defs_proj.h @@ -0,0 +1,50 @@ +/* + * Copyright (c) 2001-2019, Arm Limited and Contributors. All rights reserved. + * + * SPDX-License-Identifier: BSD-3-Clause + */ + +/*! + @addtogroup cc_aes_defs_proj + @{ + */ + +/*! + @file + @brief This file contains project definitions that are used for CryptoCell + AES APIs. + */ + +#ifndef CC_AES_DEFS_PROJ_H +#define CC_AES_DEFS_PROJ_H + +#include "cc_pal_types.h" + + +#ifdef __cplusplus +extern "C" +{ +#endif + +/************************ Defines ******************************/ + +/*! The size of the context prototype of the user in words. +See ::CCAesUserContext_t.*/ +#define CC_AES_USER_CTX_SIZE_IN_WORDS (4+8+8+4) + +/*! The maximal size of the AES key in words. */ +#define CC_AES_KEY_MAX_SIZE_IN_WORDS 8 +/*! The maximal size of the AES key in bytes. */ +#define CC_AES_KEY_MAX_SIZE_IN_BYTES (CC_AES_KEY_MAX_SIZE_IN_WORDS * sizeof(uint32_t)) + + +#ifdef __cplusplus +} +#endif + + +/*! + @} + */ + +#endif /* #ifndef CC_AES_DEFS_PROJ_H */ diff --git a/include/mbedtls_extra/cc_bitops.h b/include/mbedtls_extra/cc_bitops.h new file mode 100644 index 0000000..d1b60c5 --- /dev/null +++ b/include/mbedtls_extra/cc_bitops.h @@ -0,0 +1,68 @@ +/* + * Copyright (c) 2001-2019, Arm Limited and Contributors. All rights reserved. + * + * SPDX-License-Identifier: BSD-3-Clause + */ + +/*! @file +@brief This file defines bit-field operations macros. +*/ + +#ifndef _CC_BITOPS_H_ +#define _CC_BITOPS_H_ + + +/*! Defintion of number of 32bit maximum value. */ +#define CC_32BIT_MAX_VALUE (0xFFFFFFFFUL) + +/*! Definition for bitmask */ +#define BITMASK(mask_size) (((mask_size) < 32) ? \ + ((1UL << (mask_size)) - 1) : 0xFFFFFFFFUL) +/*! Definition for bitmask in a given offset. */ +#define BITMASK_AT(mask_size, mask_offset) (BITMASK(mask_size) << (mask_offset)) + +/*! Definition for getting bits value from a word. */ +#define BITFIELD_GET(word, bit_offset, bit_size) \ + (((word) >> (bit_offset)) & BITMASK(bit_size)) +/*! Definition for setting bits value from a word. */ +#define BITFIELD_SET(word, bit_offset, bit_size, new_val) do { \ + word = ((word) & ~BITMASK_AT(bit_size, bit_offset)) | \ + (((new_val) & BITMASK(bit_size)) << (bit_offset)); \ +} while (0) + +/*!Definition for is val aligned to "align" ("align" must be power of 2). */ +#ifndef IS_ALIGNED +#define IS_ALIGNED(val, align) \ + (((uintptr_t)(val) & ((align) - 1)) == 0) +#endif +/*!Definition swap endianity for 32 bits word. */ +#define SWAP_ENDIAN(word) \ + (((word) >> 24) | (((word) & 0x00FF0000) >> 8) | \ + (((word) & 0x0000FF00) << 8) | (((word) & 0x000000FF) << 24)) + +#ifdef BIG__ENDIAN +#define SWAP_TO_LE(word) SWAP_ENDIAN(word) +#define SWAP_TO_BE(word) word +#else +/*! Definition for swapping to LE. */ +#define SWAP_TO_LE(word) word +/*! Definition for swapping to BE. */ +#define SWAP_TO_BE(word) SWAP_ENDIAN(word) +#endif + +/*!Align X to uint32_t size. */ +#ifndef ALIGN_TO_4BYTES +#define ALIGN_TO_4BYTES(x) (((unsigned long)(x) + (CC_32BIT_WORD_SIZE-1)) & ~(CC_32BIT_WORD_SIZE-1)) +#endif + + + +/*! Definition for is val a multiple of "mult" ("mult" must be power of 2). */ +#define IS_MULT(val, mult) \ + (((val) & ((mult) - 1)) == 0) + +/*! Definition for is NULL address. */ +#define IS_NULL_ADDR(adr) \ + (!(adr)) + +#endif /*_CC_BITOPS_H_*/ diff --git a/include/mbedtls_extra/cc_ecpki_types.h b/include/mbedtls_extra/cc_ecpki_types.h new file mode 100644 index 0000000..78c8187 --- /dev/null +++ b/include/mbedtls_extra/cc_ecpki_types.h @@ -0,0 +1,489 @@ +/* + * Copyright (c) 2001-2019, Arm Limited and Contributors. All rights reserved. + * + * SPDX-License-Identifier: BSD-3-Clause + */ + +/*! + @addtogroup cc_ecpki_types + @{ + */ + +/*! + @file + @brief This file contains all the type definitions that are used for the + CryptoCell ECPKI APIs. + */ + +#ifndef _CC_ECPKI_TYPES_H +#define _CC_ECPKI_TYPES_H + + +#include "cc_bitops.h" +#include "cc_pal_types_plat.h" +#include "cc_hash_defs.h" +#include "cc_pka_defs_hw.h" +#include "cc_pal_compiler.h" + +#ifdef __cplusplus +extern "C" +{ +#endif + + +/************************ Defines ******************************/ +/*! The size of the internal buffer in words. */ +#define CC_PKA_DOMAIN_LLF_BUFF_SIZE_IN_WORDS (10 + 3*CC_ECPKI_MODUL_MAX_LENGTH_IN_WORDS) + +/************************************************************************************** + * Enumerators + ***************************************************************************************/ + +/*------------------------------------------------------------------*/ +/*! @brief EC domain idetifiers. + + For more information, see Standards for Efficient Cryptography Group + (SECG): SEC2 Recommended Elliptic Curve Domain Parameters, Version 1.0. +*/ +typedef enum +{ + /* For prime field */ + /*! EC secp192k1. */ + CC_ECPKI_DomainID_secp192k1, + /*! EC secp192r1. */ + CC_ECPKI_DomainID_secp192r1, + /*! EC secp224k1. */ + CC_ECPKI_DomainID_secp224k1, + /*! EC secp224r1. */ + CC_ECPKI_DomainID_secp224r1, + /*! EC secp256k1. */ + CC_ECPKI_DomainID_secp256k1, + /*! EC secp256r1. */ + CC_ECPKI_DomainID_secp256r1, + /*! EC secp384r1. */ + CC_ECPKI_DomainID_secp384r1, + /*! EC secp521r1. */ + CC_ECPKI_DomainID_secp521r1, + /*! Reserved.*/ + CC_ECPKI_DomainID_OffMode, + /*! Reserved.*/ + CC_ECPKI_DomainIDLast = 0x7FFFFFFF, + +}CCEcpkiDomainID_t; + + +/*------------------------------------------------------------------*/ +/*! + @brief Hash operation mode. + + Defines hash modes according to IEEE 1363-2000: IEEE Standard for + Standard Specifications for Public-Key Cryptography. + */ +typedef enum +{ + /*! The message data will be hashed with SHA-1. */ + CC_ECPKI_HASH_SHA1_mode = 0, + /*! The message data will be hashed with SHA-224. */ + CC_ECPKI_HASH_SHA224_mode = 1, + /*! The message data will be hashed with SHA-256. */ + CC_ECPKI_HASH_SHA256_mode = 2, + /*! The message data will be hashed with SHA-384. */ + CC_ECPKI_HASH_SHA384_mode = 3, + /*! The message data will be hashed with SHA-512. */ + CC_ECPKI_HASH_SHA512_mode = 4, + /*! The message data is a digest of SHA-1 and will not be hashed. */ + CC_ECPKI_AFTER_HASH_SHA1_mode = 5, + /*! The message data is a digest of SHA-224 and will not be hashed. */ + CC_ECPKI_AFTER_HASH_SHA224_mode = 6, + /*! The message data is a digest of SHA-256 and will not be hashed. */ + CC_ECPKI_AFTER_HASH_SHA256_mode = 7, + /*! The message data is a digest of SHA-384 and will not be hashed. */ + CC_ECPKI_AFTER_HASH_SHA384_mode = 8, + /*! The message data is a digest of SHA-512 and will not be hashed. */ + CC_ECPKI_AFTER_HASH_SHA512_mode = 9, + /*! The maximal number of hash modes. */ + CC_ECPKI_HASH_NumOfModes, + /*! Reserved. */ + CC_ECPKI_HASH_OpModeLast = 0x7FFFFFFF, + +}CCEcpkiHashOpMode_t; + + +/*---------------------------------------------------*/ +/*! EC point-compression identifiers. +*/ +typedef enum +{ + /*! A compressed point. */ + CC_EC_PointCompressed = 2, + /*! An uncompressed point. */ + CC_EC_PointUncompressed = 4, + /*! An incorrect point-control value. */ + CC_EC_PointContWrong = 5, + /*! A hybrid point. */ + CC_EC_PointHybrid = 6, + /*! Reserved. */ + CC_EC_PointCompresOffMode = 8, + /*! Reserved. */ + CC_ECPKI_PointCompressionLast= 0x7FFFFFFF, +}CCEcpkiPointCompression_t; + +/*----------------------------------------------------*/ +/*! EC key checks. */ +typedef enum { + /*! Check only preliminary input parameters. */ + CheckPointersAndSizesOnly = 0, + /*! Check preliminary input parameters and verify that the EC public-key + point is on the curve. */ + ECpublKeyPartlyCheck = 1, + /*! Check preliminary input parameters, verify that the EC public-key + point is on the curve, and verify that \c EC_GeneratorOrder*PubKey = 0 */ + ECpublKeyFullCheck = 2, + /*! Reserved. */ + PublKeyChecingOffMode, + /*! Reserved. */ + EC_PublKeyCheckModeLast = 0x7FFFFFFF, +}ECPublKeyCheckMode_t; + +/*----------------------------------------------------*/ +/*! SW SCA protection type. */ +typedef enum { + /*! SCA protection inactive. */ + SCAP_Inactive, + /*! SCA protection active. */ + SCAP_Active, + /*! Reserved. */ + SCAP_OFF_MODE, + /*! Reserved. */ + SCAP_LAST = 0x7FFFFFFF +}CCEcpkiScaProtection_t; + +/************************************************************************************** + * EC Domain structure definition + ***************************************************************************************/ + +/*! + @brief The structure containing the EC domain parameters in little-endian + form. + + EC equation: \c Y^2 = \c X^3 + \c A*X + \c B over prime field \p GFp. + */ +typedef struct { + /*! EC modulus: P. */ + uint32_t ecP [CC_ECPKI_MODUL_MAX_LENGTH_IN_WORDS]; + /*! EC equation parameter A. */ + uint32_t ecA [CC_ECPKI_MODUL_MAX_LENGTH_IN_WORDS]; + /*! EC equation parameter B. */ + uint32_t ecB [CC_ECPKI_MODUL_MAX_LENGTH_IN_WORDS]; + /*! Order of generator. */ + uint32_t ecR [CC_ECPKI_MODUL_MAX_LENGTH_IN_WORDS + 1]; + /*! EC cofactor EC_Cofactor_K. The coordinates of the EC base point + generator in projective form. */ + uint32_t ecGx [CC_ECPKI_MODUL_MAX_LENGTH_IN_WORDS]; + /*! EC cofactor EC_Cofactor_K. The coordinates of the EC base point + generator in projective form. */ + uint32_t ecGy [CC_ECPKI_MODUL_MAX_LENGTH_IN_WORDS]; + /*! EC cofactor EC_Cofactor_K. The coordinates of the EC base point + generator in projective form. */ + uint32_t ecH; + /*! Specific fields that are used by the low-level functions.*/ + uint32_t llfBuff[CC_PKA_DOMAIN_LLF_BUFF_SIZE_IN_WORDS]; + /*! The size of fields in bits. */ + uint32_t modSizeInBits; + /*! The size of the order in bits. */ + uint32_t ordSizeInBits; + /*! The size of each inserted Barret tag in words. Zero if not inserted.*/ + uint32_t barrTagSizeInWords; + /*! The EC Domain identifier. */ + CCEcpkiDomainID_t DomainID; + /*! Internal buffer. */ + int8_t name[20]; +}CCEcpkiDomain_t; + + + +/************************************************************************************** + * EC point structures definitions + ***************************************************************************************/ + +/*! The structure containing the EC point in affine coordinates + and little endian form. */ +typedef struct +{ + /*! The X coordinate of the point. */ + uint32_t x[CC_ECPKI_MODUL_MAX_LENGTH_IN_WORDS]; + /*! The Y coordinate of the point. */ + uint32_t y[CC_ECPKI_MODUL_MAX_LENGTH_IN_WORDS]; + +}CCEcpkiPointAffine_t; + + +/************************************************************************************** + * ECPKI public and private key Structures + ***************************************************************************************/ + +/* --------------------------------------------------------------------- */ +/* .................. The public key structures definitions ............ */ +/* --------------------------------------------------------------------- */ + +/*! The structure containing the public key in affine coordinates.*/ +typedef struct +{ + /*! The X coordinate of the public key.*/ + uint32_t x[CC_ECPKI_MODUL_MAX_LENGTH_IN_WORDS]; + /*! The Y coordinate of the public key.*/ + uint32_t y[CC_ECPKI_MODUL_MAX_LENGTH_IN_WORDS]; + /*! The EC Domain.*/ + CCEcpkiDomain_t domain; + /*! The point type.*/ + uint32_t pointType; +} CCEcpkiPublKey_t; + + +/*! +@brief The user structure prototype of the EC public key. + +This structure must be saved by the user. It is used as input to ECC functions, +for example, CC_EcdsaVerify(). +*/ +typedef struct CCEcpkiUserPublKey_t +{ + /*! The validation tag. */ + uint32_t valid_tag; + /*! The data of the public key. */ + uint32_t PublKeyDbBuff[(sizeof(CCEcpkiPublKey_t)+3)/4]; +} CCEcpkiUserPublKey_t; + + +/* --------------------------------------------------------------------- */ +/* .................. The private key structures definitions ........... */ +/* --------------------------------------------------------------------- */ + +/*! The structure containing the data of the private key. */ +typedef struct +{ + /*! The data of the private key. */ + uint32_t PrivKey[CC_ECPKI_MODUL_MAX_LENGTH_IN_WORDS + 1]; + /*! The EC domain. */ + CCEcpkiDomain_t domain; + /*! The SCA protection mode. */ + CCEcpkiScaProtection_t scaProtection; +}CCEcpkiPrivKey_t; + + +/*! + @brief The user structure prototype of the EC private key. + + This structure must be saved by the user. It is used as input to ECC functions, + for example, CC_EcdsaSign(). + */ +typedef struct CCEcpkiUserPrivKey_t +{ + /*! The validation tag. */ + uint32_t valid_tag; + /*! The data of the private key. */ + uint32_t PrivKeyDbBuff[(sizeof(CCEcpkiPrivKey_t)+3)/4]; +} CCEcpkiUserPrivKey_t; + +/*! The type of the ECDH temporary data. */ +typedef struct CCEcdhTempData_t +{ + /*! Temporary buffers. */ + uint32_t ccEcdhIntBuff[CC_PKA_ECDH_BUFF_MAX_LENGTH_IN_WORDS]; +}CCEcdhTempData_t; + +/*! EC build temporary data. */ +typedef struct CCEcpkiBuildTempData_t +{ + /*! Temporary buffers. */ + uint32_t ccBuildTmpIntBuff[CC_PKA_ECPKI_BUILD_TMP_BUFF_MAX_LENGTH_IN_WORDS]; +}CCEcpkiBuildTempData_t; + + + +/************************************************************************** + * CryptoCell ECDSA context structures + **************************************************************************/ + +/* --------------------------------------------------------------------- */ +/* CryptoCell ECDSA Signing context structure */ +/* --------------------------------------------------------------------- */ +/*! The internal buffer used in the signing process. */ +typedef uint32_t CCEcdsaSignIntBuff_t[CC_PKA_ECDSA_SIGN_BUFF_MAX_LENGTH_IN_WORDS]; + +/*! The context definition for the signing operation. */ +typedef struct +{ + /*! The data of the private key. */ + CCEcpkiUserPrivKey_t ECDSA_SignerPrivKey; + CCHashUserContext_t hash_ctx; + /*! The hash result buffer. */ + CCHashResultBuf_t hashResult; + /*! The size of the hash result in words. */ + uint32_t hashResultSizeWords; + /*! The hash mode. */ + CCEcpkiHashOpMode_t hashMode; + /*! Internal buffer. */ + CCEcdsaSignIntBuff_t ecdsaSignIntBuff; +}EcdsaSignContext_t; + + +/* --------------------------------------------------------------------- */ +/* ECDSA Signing User context database */ +/* --------------------------------------------------------------------- */ + +/*! + @brief The context definition of the user for the signing operation. + + This context saves the state of the operation, and must be saved by the user + until the end of the API flow. + */ +typedef struct CCEcdsaSignUserContext_t +{ + /*! The data of the signing process. */ + uint32_t context_buff [(sizeof(EcdsaSignContext_t)+3)/4]; + /*! The validation tag. */ + uint32_t valid_tag; +} CCEcdsaSignUserContext_t; + + + +/****************************************************************************/ + +/* --------------------------------------------------------------------- */ +/* ECDSA Verifying context structure */ +/* --------------------------------------------------------------------- */ +/*! The internal buffer used in the verification process. */ +typedef uint32_t CCEcdsaVerifyIntBuff_t[CC_PKA_ECDSA_VERIFY_BUFF_MAX_LENGTH_IN_WORDS]; + +/*! The context definition for verification operation. */ +typedef struct +{ + /*! The data of the public key. */ + CCEcpkiUserPublKey_t ECDSA_SignerPublKey; + + CCHashUserContext_t hash_ctx; + /*! The hash result. */ + CCHashResultBuf_t hashResult; + /*! The size of the hash result in words. */ + uint32_t hashResultSizeWords; + /*! The hash mode. */ + CCEcpkiHashOpMode_t hashMode; + /*! Internal buffer. */ + CCEcdsaVerifyIntBuff_t ccEcdsaVerIntBuff; +}EcdsaVerifyContext_t; + + +/* --------------------------------------------------------------------- */ +/* ECDSA Verifying User context database */ +/* --------------------------------------------------------------------- */ +/*! + @brief The context definition of the user for the verification operation. + + The context saves the state of the operation, and must be saved by the user + until the end of the API flow. + */ +typedef struct CCEcdsaVerifyUserContext_t +{ + /*! The data of the verification process. */ + uint32_t context_buff[(sizeof(EcdsaVerifyContext_t)+3)/4]; + /*! The validation tag. */ + uint32_t valid_tag; +}CCEcdsaVerifyUserContext_t; + + +/* --------------------------------------------------------------------- */ +/* .................. key generation temp buffer ........... */ +/* --------------------------------------------------------------------- */ + +/*! The temporary data type of the ECPKI KG. */ +typedef struct CCEcpkiKgTempData_t +{ + /*! Internal buffer. */ + uint32_t ccKGIntBuff[CC_PKA_KG_BUFF_MAX_LENGTH_IN_WORDS]; +}CCEcpkiKgTempData_t; + +/*! The temporary data definition of the ECIES. */ +typedef struct CCEciesTempData_t { + /*! The data of the private key. */ + CCEcpkiUserPrivKey_t PrivKey; + /*! The data of the public key. */ + CCEcpkiUserPublKey_t PublKey; + /*! The public-key data used by conversion from Mbed TLS to CryptoCell. */ + CCEcpkiUserPublKey_t ConvPublKey; + /*! Internal buffer. */ + uint32_t zz[3*CC_ECPKI_MODUL_MAX_LENGTH_IN_WORDS + 1]; + /*! Internal buffers. */ + union { + CCEcpkiBuildTempData_t buildTempbuff; + CCEcpkiKgTempData_t KgTempBuff; + CCEcdhTempData_t DhTempBuff; + } tmp; +}CCEciesTempData_t; + + +/* --------------------------------------------------------------------- */ +/* .................. defines for FIPS ........... */ +/* --------------------------------------------------------------------- */ + +/*! The order length for FIPS ECC tests. */ +#define CC_ECPKI_FIPS_ORDER_LENGTH (256/CC_BITS_IN_BYTE) // the order of secp256r1 in bytes + +/*! ECPKI data structures for FIPS certification. */ +typedef struct CCEcpkiKgFipsContext_t +{ + /*! Signing and verification data. */ + union { + CCEcdsaSignUserContext_t signCtx; + CCEcdsaVerifyUserContext_t verifyCtx; + }operationCtx; + /*! Internal buffer. */ + uint32_t signBuff[2*CC_ECPKI_ORDER_MAX_LENGTH_IN_WORDS] ; +}CCEcpkiKgFipsContext_t; + +/*! ECDSA KAT data structures for FIPS certification. + The ECDSA KAT tests are defined for domain 256r1. */ +typedef struct CCEcdsaFipsKatContext_t{ + /*! The key data. */ + union { + /*! The private key data. */ + struct { + CCEcpkiUserPrivKey_t PrivKey; + CCEcdsaSignUserContext_t signCtx; + }userSignData; + /*! The public key data. */ + struct { + CCEcpkiUserPublKey_t PublKey; + union { + CCEcdsaVerifyUserContext_t verifyCtx; + CCEcpkiBuildTempData_t tempData; + }buildOrVerify; + }userVerifyData; + }keyContextData; + /*! Internal buffer. */ + uint8_t signBuff[2*CC_ECPKI_FIPS_ORDER_LENGTH]; +}CCEcdsaFipsKatContext_t; + +/*! ECDH KAT data structures for FIPS certification. */ +typedef struct CCEcdhFipsKatContext_t{ + /*! The public key data. */ + CCEcpkiUserPublKey_t pubKey; + /*! The private key data. */ + CCEcpkiUserPrivKey_t privKey; + /*! Internal buffers. */ + union { + CCEcpkiBuildTempData_t ecpkiTempData; + CCEcdhTempData_t ecdhTempBuff; + }tmpData; + /*! The buffer for the secret key. */ + uint8_t secretBuff[CC_ECPKI_FIPS_ORDER_LENGTH]; +}CCEcdhFipsKatContext_t; + +#ifdef __cplusplus +} +#endif + +/*! + @} + */ +#endif diff --git a/include/mbedtls_extra/cc_error.h b/include/mbedtls_extra/cc_error.h new file mode 100644 index 0000000..fc24358 --- /dev/null +++ b/include/mbedtls_extra/cc_error.h @@ -0,0 +1,299 @@ +/* + * Copyright (c) 2001-2019, Arm Limited and Contributors. All rights reserved. + * + * SPDX-License-Identifier: BSD-3-Clause + */ + + + +/*! + @addtogroup cc_error + @{ + */ + +/*! + @file + @brief This file defines the error return code types and the numbering spaces + for each module of the layers listed. +*/ + + +#ifndef _CC_ERROR_H +#define _CC_ERROR_H + +#include "cc_pal_types.h" + +#ifdef __cplusplus +extern "C" +{ +#endif + +/*! The definitions of the error number-space used for the different modules */ + +/* ........... Error base numeric mapping definitions ................... */ +/* ----------------------------------------------------------------------- */ + + /*! The error base number for CryptoCell. */ +#define CC_ERROR_BASE 0x00F00000UL + +/*! The error range number assigned for each layer. */ +#define CC_ERROR_LAYER_RANGE 0x00010000UL + +/*! The error range number assigned to each module on its specified layer. */ +#define CC_ERROR_MODULE_RANGE 0x00000100UL + +/* Defines the layer index for the error mapping. */ +/*! The CryptoCell error-layer index. */ +#define CC_LAYER_ERROR_IDX 0x00UL +/*! The error-layer index for low-level functions. */ +#define LLF_LAYER_ERROR_IDX 0x01UL +/*! The generic error-layer index. */ +#define GENERIC_ERROR_IDX 0x05UL + +/* Defines the module index for error mapping */ +/*! The AES error index.*/ +#define AES_ERROR_IDX 0x00UL +/*! The DES error index.*/ +#define DES_ERROR_IDX 0x01UL +/*! The hash error index.*/ +#define HASH_ERROR_IDX 0x02UL +/*! The HMAC error index.*/ +#define HMAC_ERROR_IDX 0x03UL +/*! The RSA error index.*/ +#define RSA_ERROR_IDX 0x04UL +/*! The DH error index.*/ +#define DH_ERROR_IDX 0x05UL +/*! The ECPKI error index.*/ +#define ECPKI_ERROR_IDX 0x08UL +/*! The RND error index.*/ +#define RND_ERROR_IDX 0x0CUL +/*! The Common error index.*/ +#define COMMON_ERROR_IDX 0x0DUL +/*! The KDF error index.*/ +#define KDF_ERROR_IDX 0x11UL +/*! The HKDF error index.*/ +#define HKDF_ERROR_IDX 0x12UL +/*! The AESCCM error index.*/ +#define AESCCM_ERROR_IDX 0x15UL +/*! The FIPS error index.*/ +#define FIPS_ERROR_IDX 0x17UL +/*! The PKA error index.*/ + +#define PKA_MODULE_ERROR_IDX 0x21UL +/*! The ChaCha error index.*/ +#define CHACHA_ERROR_IDX 0x22UL +/*! The EC Montgomery and Edwards error index.*/ +#define EC_MONT_EDW_ERROR_IDX 0x23UL +/*! The ChaCha-POLY error index.*/ +#define CHACHA_POLY_ERROR_IDX 0x24UL +/*! The POLY error index.*/ +#define POLY_ERROR_IDX 0x25UL +/*! The SRP error index.*/ +#define SRP_ERROR_IDX 0x26UL + + +/*! The AESGCM error index.*/ +#define AESGCM_ERROR_IDX 0x27UL + +/*! The AES key-wrap error index.*/ +#define AES_KEYWRAP_ERROR_IDX 0x28UL + +/*! Management error index.*/ +#define MNG_ERROR_IDX 0x29UL + +/*! Production error index.*/ +#define PROD_ERROR_IDX 0x2AUL + +/*! The FFCDH error index. */ +#define FFCDH_ERROR_IDX 0x2BUL +/*! The FFC domain error index. */ +#define FFC_DOMAIN_ERROR_IDX 0x2CUL + +/*! Do not change! Error definition, reserved for Secure Boot ECDSA */ +#define SB_ECC_ERROR_IDX_ 0x2DUL +/*! External DMA error index. */ +#define EXT_DMA_ERROR_IDX 0x2EUL + + + +/* .......... defining the error spaces for each module on each layer ........... */ +/* ------------------------------------------------------------------------------ */ + +/*! The error base address of the AES module - 0x00F00000. */ +#define CC_AES_MODULE_ERROR_BASE (CC_ERROR_BASE + \ + (CC_ERROR_LAYER_RANGE * CC_LAYER_ERROR_IDX) + \ + (CC_ERROR_MODULE_RANGE * AES_ERROR_IDX ) ) + +/*! The error base address of the DES module - 0x00F00100. */ +#define CC_DES_MODULE_ERROR_BASE (CC_ERROR_BASE + \ + (CC_ERROR_LAYER_RANGE * CC_LAYER_ERROR_IDX) + \ + (CC_ERROR_MODULE_RANGE * DES_ERROR_IDX ) ) + +/*! The error base address of the hash module - 0x00F00200. */ +#define CC_HASH_MODULE_ERROR_BASE (CC_ERROR_BASE + \ + (CC_ERROR_LAYER_RANGE * CC_LAYER_ERROR_IDX) + \ + (CC_ERROR_MODULE_RANGE * HASH_ERROR_IDX ) ) + +/*! The error base address of the HMAC module - 0x00F00300. */ +#define CC_HMAC_MODULE_ERROR_BASE (CC_ERROR_BASE + \ + (CC_ERROR_LAYER_RANGE * CC_LAYER_ERROR_IDX) + \ + (CC_ERROR_MODULE_RANGE * HMAC_ERROR_IDX ) ) + +/*! The error base address of the RSA module - 0x00F00400. */ +#define CC_RSA_MODULE_ERROR_BASE (CC_ERROR_BASE + \ + (CC_ERROR_LAYER_RANGE * CC_LAYER_ERROR_IDX) + \ + (CC_ERROR_MODULE_RANGE * RSA_ERROR_IDX ) ) + +/*! The error base address of the DH module - 0x00F00500. */ +#define CC_DH_MODULE_ERROR_BASE (CC_ERROR_BASE + \ + (CC_ERROR_LAYER_RANGE * CC_LAYER_ERROR_IDX) + \ + (CC_ERROR_MODULE_RANGE * DH_ERROR_IDX ) ) + +/*! The error base address of the ECPKI module - 0x00F00800. */ +#define CC_ECPKI_MODULE_ERROR_BASE (CC_ERROR_BASE + \ + (CC_ERROR_LAYER_RANGE * CC_LAYER_ERROR_IDX) + \ + (CC_ERROR_MODULE_RANGE * ECPKI_ERROR_IDX ) ) + +/*! The error base address of the low-level ECPKI module - 0x00F10800. */ +#define LLF_ECPKI_MODULE_ERROR_BASE (CC_ERROR_BASE + \ + (CC_ERROR_LAYER_RANGE * LLF_LAYER_ERROR_IDX) + \ + (CC_ERROR_MODULE_RANGE * ECPKI_ERROR_IDX ) ) + +/*! The error base address of the RND module - 0x00F00C00. */ +#define CC_RND_MODULE_ERROR_BASE (CC_ERROR_BASE + \ + (CC_ERROR_LAYER_RANGE * CC_LAYER_ERROR_IDX) + \ + (CC_ERROR_MODULE_RANGE * RND_ERROR_IDX ) ) + +/*! The error base address of the low-level RND module - 0x00F10C00. */ +#define LLF_RND_MODULE_ERROR_BASE (CC_ERROR_BASE + \ + (CC_ERROR_LAYER_RANGE * LLF_LAYER_ERROR_IDX) + \ + (CC_ERROR_MODULE_RANGE * RND_ERROR_IDX ) ) + +/*! The error base address of the common module - 0x00F00D00. */ +#define CC_COMMON_MODULE_ERROR_BASE (CC_ERROR_BASE + \ + (CC_ERROR_LAYER_RANGE * CC_LAYER_ERROR_IDX) + \ + (CC_ERROR_MODULE_RANGE * COMMON_ERROR_IDX ) ) + +/*! The error base address of the KDF module - 0x00F01100. */ +#define CC_KDF_MODULE_ERROR_BASE (CC_ERROR_BASE + \ + (CC_ERROR_LAYER_RANGE * CC_LAYER_ERROR_IDX) + \ + (CC_ERROR_MODULE_RANGE * KDF_ERROR_IDX ) ) + +/*! The error base address of the HKDF module - 0x00F01100. */ +#define CC_HKDF_MODULE_ERROR_BASE (CC_ERROR_BASE + \ + (CC_ERROR_LAYER_RANGE * CC_LAYER_ERROR_IDX) + \ + (CC_ERROR_MODULE_RANGE * HKDF_ERROR_IDX ) ) + +/*! The error base address of the AESCCM module - 0x00F01500. */ +#define CC_AESCCM_MODULE_ERROR_BASE (CC_ERROR_BASE + \ + (CC_ERROR_LAYER_RANGE * CC_LAYER_ERROR_IDX) + \ + (CC_ERROR_MODULE_RANGE * AESCCM_ERROR_IDX ) ) + +/*! The error base address of the FIPS module - 0x00F01700. */ +#define CC_FIPS_MODULE_ERROR_BASE (CC_ERROR_BASE + \ + (CC_ERROR_LAYER_RANGE * CC_LAYER_ERROR_IDX) + \ + (CC_ERROR_MODULE_RANGE * FIPS_ERROR_IDX ) ) + +/*! The error base address of the PKA module - 0x00F02100. */ +#define PKA_MODULE_ERROR_BASE (CC_ERROR_BASE + \ + (CC_ERROR_LAYER_RANGE * CC_LAYER_ERROR_IDX) + \ + (CC_ERROR_MODULE_RANGE * PKA_MODULE_ERROR_IDX ) ) + +/*! The error base address of the ChaCha module - 0x00F02200. */ +#define CC_CHACHA_MODULE_ERROR_BASE (CC_ERROR_BASE + \ + (CC_ERROR_LAYER_RANGE * CC_LAYER_ERROR_IDX) + \ + (CC_ERROR_MODULE_RANGE * CHACHA_ERROR_IDX ) ) +/*! The error base address of the EC MONT_EDW module - 0x00F02300. */ +#define CC_EC_MONT_EDW_MODULE_ERROR_BASE (CC_ERROR_BASE + \ + (CC_ERROR_LAYER_RANGE * CC_LAYER_ERROR_IDX) + \ + (CC_ERROR_MODULE_RANGE * EC_MONT_EDW_ERROR_IDX ) ) + +/*! The error base address of the Chacha-POLY module - 0x00F02400. */ +#define CC_CHACHA_POLY_MODULE_ERROR_BASE (CC_ERROR_BASE + \ + (CC_ERROR_LAYER_RANGE * CC_LAYER_ERROR_IDX) + \ + (CC_ERROR_MODULE_RANGE * CHACHA_POLY_ERROR_IDX ) ) +/*! The error base address of the POLY module - 0x00F02500. */ +#define CC_POLY_MODULE_ERROR_BASE (CC_ERROR_BASE + \ + (CC_ERROR_LAYER_RANGE * CC_LAYER_ERROR_IDX) + \ + (CC_ERROR_MODULE_RANGE * POLY_ERROR_IDX ) ) + +/*! The error base address of the SRP module - 0x00F02600. */ +#define CC_SRP_MODULE_ERROR_BASE (CC_ERROR_BASE + \ + (CC_ERROR_LAYER_RANGE * CC_LAYER_ERROR_IDX) + \ + (CC_ERROR_MODULE_RANGE * SRP_ERROR_IDX ) ) + +/*! The error base address of the AESGCM module - 0x00F02700. */ +#define CC_AESGCM_MODULE_ERROR_BASE (CC_ERROR_BASE + \ + (CC_ERROR_LAYER_RANGE * CC_LAYER_ERROR_IDX) + \ + (CC_ERROR_MODULE_RANGE * AESGCM_ERROR_IDX ) ) + +/*! The error base address of the AES key-wrap module - 0x00F02800. */ +#define CC_AES_KEYWRAP_MODULE_ERROR_BASE (CC_ERROR_BASE + \ + (CC_ERROR_LAYER_RANGE * CC_LAYER_ERROR_IDX) + \ + (CC_ERROR_MODULE_RANGE * AES_KEYWRAP_ERROR_IDX ) ) + +/*! The error base address of the Management module - 0x00F02900. */ +#define CC_MNG_MODULE_ERROR_BASE (CC_ERROR_BASE + \ + (CC_ERROR_LAYER_RANGE * CC_LAYER_ERROR_IDX) + \ + (CC_ERROR_MODULE_RANGE * MNG_ERROR_IDX ) ) + +/*! The error base address of the production library - 0x00F02A00 */ +#define CC_PROD_MODULE_ERROR_BASE (CC_ERROR_BASE + \ + (CC_ERROR_LAYER_RANGE * CC_LAYER_ERROR_IDX) + \ + (CC_ERROR_MODULE_RANGE * PROD_ERROR_IDX ) ) + +/*! The error base address of the FFCDH module - 0x00F02B00. */ +#define CC_FFCDH_MODULE_ERROR_BASE (CC_ERROR_BASE + \ + (CC_ERROR_LAYER_RANGE * CC_LAYER_ERROR_IDX) + \ + (CC_ERROR_MODULE_RANGE * FFCDH_ERROR_IDX ) ) + +/*! The error base address of the FFCDH module - 0x00F02B00. */ +#define CC_FFC_DOMAIN_MODULE_ERROR_BASE (CC_ERROR_BASE + \ + (CC_ERROR_LAYER_RANGE * CC_LAYER_ERROR_IDX) + \ + (CC_ERROR_MODULE_RANGE * FFC_DOMAIN_ERROR_IDX ) ) + +/*! The error base address of the External DMA module - 0x00F02B00. */ +#define CC_EXT_DMA_MODULE_ERROR_BASE (CC_ERROR_BASE + \ + (CC_ERROR_LAYER_RANGE * CC_LAYER_ERROR_IDX) + \ + (CC_ERROR_MODULE_RANGE * EXT_DMA_ERROR_IDX ) ) + +/*! The generic error base address of the user - 0x00F50000 */ +#define GENERIC_ERROR_BASE ( CC_ERROR_BASE + (CC_ERROR_LAYER_RANGE * GENERIC_ERROR_IDX) ) +/*! CryptoCell fatal error. */ +#define CC_FATAL_ERROR (GENERIC_ERROR_BASE + 0x00UL) +/*! CryptoCell out of resources error. */ +#define CC_OUT_OF_RESOURCE_ERROR (GENERIC_ERROR_BASE + 0x01UL) +/*! CryptoCell illegal resource value error. */ +#define CC_ILLEGAL_RESOURCE_VAL_ERROR (GENERIC_ERROR_BASE + 0x02UL) + + + +/* ............ The OK (success) definition ....................... */ + +/*! A macro that defines the CryptoCell return value. */ +#define CC_CRYPTO_RETURN_ERROR(retCode, retcodeInfo, funcHandler) \ + ((retCode) == 0 ? CC_OK : funcHandler(retCode, retcodeInfo)) + +/************************ Enums ********************************/ + + +/************************ Typedefs ****************************/ + + +/************************ Structs ******************************/ + + +/************************ Public Variables **********************/ + + +/************************ Public Functions **********************/ + +#ifdef __cplusplus +} +#endif + +/*! +@} + */ + +#endif diff --git a/include/mbedtls_extra/cc_hash_defs.h b/include/mbedtls_extra/cc_hash_defs.h new file mode 100644 index 0000000..9a4e4c7 --- /dev/null +++ b/include/mbedtls_extra/cc_hash_defs.h @@ -0,0 +1,137 @@ +/* + * Copyright (c) 2001-2019, Arm Limited and Contributors. All rights reserved. + * + * SPDX-License-Identifier: BSD-3-Clause + */ + + +/*! + @addtogroup cc_hash_defs + @{ +*/ + +/*! + @file + @brief This file contains definitions of the CryptoCell hash APIs. + */ + +#ifndef CC_HASH_DEFS_H +#define CC_HASH_DEFS_H + + +#ifdef __cplusplus +extern "C" +{ +#endif + +#include "cc_pal_types.h" +#include "cc_error.h" +#include "cc_hash_defs_proj.h" + +/************************ Defines ******************************/ + +/*! The size of the hash result in words. The maximal size for SHA-512 is +512 bits. */ +#define CC_HASH_RESULT_SIZE_IN_WORDS 16 + +/*! The size of the MD5 digest result in bytes. */ +#define CC_HASH_MD5_DIGEST_SIZE_IN_BYTES 16 + +/*! The size of the MD5 digest result in words. */ +#define CC_HASH_MD5_DIGEST_SIZE_IN_WORDS 4 + +/*! The size of the SHA-1 digest result in bytes. */ +#define CC_HASH_SHA1_DIGEST_SIZE_IN_BYTES 20 + +/*! The size of the SHA-1 digest result in words. */ +#define CC_HASH_SHA1_DIGEST_SIZE_IN_WORDS 5 + +/*! The size of the SHA-224 digest result in words. */ +#define CC_HASH_SHA224_DIGEST_SIZE_IN_WORDS 7 + +/*! The size of the SHA-256 digest result in words. */ +#define CC_HASH_SHA256_DIGEST_SIZE_IN_WORDS 8 + +/*! The size of the SHA-384 digest result in words. */ +#define CC_HASH_SHA384_DIGEST_SIZE_IN_WORDS 12 + +/*! The size of the SHA-512 digest result in words. */ +#define CC_HASH_SHA512_DIGEST_SIZE_IN_WORDS 16 + +/*! The size of the SHA-256 digest result in bytes. */ +#define CC_HASH_SHA224_DIGEST_SIZE_IN_BYTES 28 + +/*! The size of the SHA-256 digest result in bytes. */ +#define CC_HASH_SHA256_DIGEST_SIZE_IN_BYTES 32 + +/*! The size of the SHA-384 digest result in bytes. */ +#define CC_HASH_SHA384_DIGEST_SIZE_IN_BYTES 48 + +/*! The size of the SHA-512 digest result in bytes. */ +#define CC_HASH_SHA512_DIGEST_SIZE_IN_BYTES 64 + +/*! The size of the SHA-1 hash block in words. */ +#define CC_HASH_BLOCK_SIZE_IN_WORDS 16 + +/*! The size of the SHA-1 hash block in bytes. */ +#define CC_HASH_BLOCK_SIZE_IN_BYTES 64 + +/*! The size of the SHA-2 hash block in words. */ +#define CC_HASH_SHA512_BLOCK_SIZE_IN_WORDS 32 + +/*! The size of the SHA-2 hash block in bytes. */ +#define CC_HASH_SHA512_BLOCK_SIZE_IN_BYTES 128 + +/*! The maximal data size for the update operation. */ +#define CC_HASH_UPDATE_DATA_MAX_SIZE_IN_BYTES (1 << 29) + + +/************************ Enums ********************************/ + +/*! The hash operation mode. */ +typedef enum { + /*! SHA-1. */ + CC_HASH_SHA1_mode = 0, + /*! SHA-224. */ + CC_HASH_SHA224_mode = 1, + /*! SHA-256. */ + CC_HASH_SHA256_mode = 2, + /*! SHA-384. */ + CC_HASH_SHA384_mode = 3, + /*! SHA-512. */ + CC_HASH_SHA512_mode = 4, + /*! MD5. */ + CC_HASH_MD5_mode = 5, + /*! The number of hash modes. */ + CC_HASH_NumOfModes, + /*! Reserved. */ + CC_HASH_OperationModeLast= 0x7FFFFFFF, + +}CCHashOperationMode_t; + +/************************ Typedefs *****************************/ + +/*! The hash result buffer. */ +typedef uint32_t CCHashResultBuf_t[CC_HASH_RESULT_SIZE_IN_WORDS]; + +/************************ Structs ******************************/ +/*! + The context prototype of the user. + The argument type that is passed by the user to the hash APIs. + The context saves the state of the operation, and must be saved by the user + until the end of the API flow. +*/ +typedef struct CCHashUserContext_t { + /*! The internal buffer. */ + uint32_t buff[CC_HASH_USER_CTX_SIZE_IN_WORDS]; +}CCHashUserContext_t; + + +#ifdef __cplusplus +} +#endif + +/*! + @} + */ +#endif /* #ifndef CC_HASH_DEFS_H */ diff --git a/include/mbedtls_extra/cc_hash_defs_proj.h b/include/mbedtls_extra/cc_hash_defs_proj.h new file mode 100644 index 0000000..552ff38 --- /dev/null +++ b/include/mbedtls_extra/cc_hash_defs_proj.h @@ -0,0 +1,41 @@ +/* + * Copyright (c) 2001-2019, Arm Limited and Contributors. All rights reserved. + * + * SPDX-License-Identifier: BSD-3-Clause + */ + +/*! + @addtogroup cc_hash_defs_proj + @{ + */ + + +/*! + @file + @brief This file contains the project-specific definitions of hash APIs. + */ + +#ifndef _CC_HASH_DEFS_PROJ_H +#define _CC_HASH_DEFS_PROJ_H + +#ifdef __cplusplus +extern "C" +{ +#endif + + +/************************ Defines ******************************/ + +/*! The size of the context prototype of the user in words. +See ::CCHashUserContext_t. */ +#define CC_HASH_USER_CTX_SIZE_IN_WORDS 108 + + +#ifdef __cplusplus +} +#endif + +/*! + @} + */ +#endif diff --git a/include/mbedtls_extra/cc_kdf.h b/include/mbedtls_extra/cc_kdf.h new file mode 100644 index 0000000..377e04c --- /dev/null +++ b/include/mbedtls_extra/cc_kdf.h @@ -0,0 +1,199 @@ +/* + * Copyright (c) 2001-2019, Arm Limited and Contributors. All rights reserved. + * + * SPDX-License-Identifier: BSD-3-Clause + */ + +#ifndef _CC_KDF_H +#define _CC_KDF_H + + + +#ifdef __cplusplus +extern "C" +{ +#endif + +/*! +@file +@brief This file defines the API that supports Key derivation function in modes + as defined in Public-Key Cryptography Standards (PKCS) #3: Diffie-Hellman Key Agreement Standard, + ANSI X9.42-2003: Public Key Cryptography for the Financial Services Industry: Agreement of Symmetric Keys Using Discrete Logarithm Cryptography, + and ANSI X9.63-2011: Public Key Cryptography for the Financial Services Industry - Key Agreement and Key Transport Using Elliptic Curve + Cryptography. +@defgroup cc_kdf CryptoCell Key Derivation APIs +@{ +@ingroup cryptocell_api + +*/ + +#include "cc_hash_defs.h" + +/************************ Defines ******************************/ + +/*! Shared secret value max size in bytes */ +#define CC_KDF_MAX_SIZE_OF_SHARED_SECRET_VALUE 1024 + +/* Count and max. sizeof OtherInfo entries (pointers to data buffers) */ +/*! Number of other info entries. */ +#define CC_KDF_COUNT_OF_OTHER_INFO_ENTRIES 5 + +/*! Maximal size of keying data in bytes. */ +#define CC_KDF_MAX_SIZE_OF_KEYING_DATA 2048 +/*! Size of KDF counter in bytes */ +#define CC_KDF_COUNTER_SIZE_IN_BYTES 4 + +/************************ Enums ********************************/ + +/*! HASH operation modes */ +typedef enum +{ + /*! SHA1 mode.*/ + CC_KDF_HASH_SHA1_mode = 0, + /*! SHA224 mode.*/ + CC_KDF_HASH_SHA224_mode = 1, + /*! SHA256 mode.*/ + CC_KDF_HASH_SHA256_mode = 2, + /*! SHA384 mode.*/ + CC_KDF_HASH_SHA384_mode = 3, + /*! SHA512 mode.*/ + CC_KDF_HASH_SHA512_mode = 4, + /*! Maximal number of HASH modes. */ + CC_KDF_HASH_NumOfModes, + /*! Reserved.*/ + CC_KDF_HASH_OpModeLast = 0x7FFFFFFF, + +}CCKdfHashOpMode_t; + +/*! Key derivation modes. */ +typedef enum +{ + /*! ASN1 key derivation mode.*/ + CC_KDF_ASN1_DerivMode = 0, + /*! Concatination key derivation mode.*/ + CC_KDF_ConcatDerivMode = 1, + /*! X963 key derivation mode.*/ + CC_KDF_X963_DerivMode = CC_KDF_ConcatDerivMode, + /*! ISO 18033 KDF1 key derivation mode.*/ + CC_KDF_ISO18033_KDF1_DerivMode = 3, + /*! ISO 18033 KDF2 key derivation mode.*/ + CC_KDF_ISO18033_KDF2_DerivMode = 4, + /*! Maximal number of key derivation modes. */ + CC_KDF_DerivFunc_NumOfModes = 5, + /*! Reserved.*/ + CC_KDF_DerivFuncModeLast= 0x7FFFFFFF, + +}CCKdfDerivFuncMode_t; + +/*! Enumerator for the additional information given to the KDF. */ +typedef enum +{ + CC_KDF_ALGORITHM_ID = 0, /*! An identifier (OID), indicating algorithm for which the keying data is used. */ + CC_KDF_PARTY_U_INFO = 1, /*! Optional data of party U .*/ + CC_KDF_PARTY_V_INFO = 2, /*! Optional data of party V. */ + CC_KDF_SUPP_PRIV_INFO = 3, /*! Optional supplied private shared data. */ + CC_KDF_SUPP_PUB_INFO = 4, /*! Optional supplied public shared data. */ + + CC_KDF_MAX_COUNT_OF_ENTRIES, /*! Maximal allowed number of entries in Other Info structure. */ + /*! Reserved.*/ + CC_KDF_ENTRYS_MAX_VAL = 0x7FFFFFFF, + +}CCKdfOtherInfoEntries_t; +/************************ Typedefs ****************************/ + +/*! KDF structure, containing pointers to OtherInfo data entries and sizes. + + The structure contains two arrays: one for data pointers and one for sizes, placed according + to the order given in the the ANSI X9.42-2003: Public Key Cryptography for the Financial Services + Industry: Agreement of Symmetric Keys Using Discrete Logarithm Cryptography standard + and defined in CCKdfOtherInfoEntries_t enumerator. + On KDF ASN1 mode this order is mandatory. On other KDF modes the user may insert + optional OtherInfo simply in one (preferably the first) or in some entries. + If any data entry is not used, then the pointer value and the size must be set to NULL. */ +typedef struct +{ + /*! Pointers to data entries. */ + uint8_t *dataPointers[CC_KDF_MAX_COUNT_OF_ENTRIES]; + /*! Sizes of data entries. */ + uint32_t dataSizes[CC_KDF_MAX_COUNT_OF_ENTRIES]; +}CCKdfOtherInfo_t; + + +/************************ Structs ******************************/ + +/************************ Public Variables **********************/ + +/************************ Public Functions **********************/ + +/****************************************************************/ + +/*********************************************************************************************************/ +/*! + @brief CC_KdfKeyDerivFunc performs key derivation according to one of the modes defined in standards: + ANSI X9.42-2003: Public Key Cryptography for the Financial Services Industry: Agreement of Symmetric Keys Using Discrete Logarithm Cryptography, + ANSI X9.63-2011: Public Key Cryptography for the Financial Services Industry - Key Agreement and Key Transport Using Elliptic Curve Cryptography, + ISO/IEC 18033-2:2006: Information technology -- Security techniques -- Encryption algorithms -- Part 2: Asymmetric ciphers. + +The present implementation of the function allows the following operation modes: +
  • CC_KDF_ASN1_DerivMode - mode based on ASN.1 DER encoding;
    • +
  • CC_KDF_ConcatDerivMode - mode based on concatenation;
    • +
  • CC_KDF_X963_DerivMode = CC_KDF_ConcatDerivMode;
    • +
  • CC_KDF_ISO18033_KDF1_DerivMode, CC_KDF_ISO18033_KDF2_DerivMode - specific modes according to +ISO/IEC 18033-2 standard.
+ +The purpose of this function is to derive a keying data from the shared secret value and some +other optional shared information, included in OtherInfo (SharedInfo). + +\note All buffers arguments are represented in Big-Endian format. + +@return CC_OK on success. +@return A non-zero value on failure as defined cc_kdf_error.h or cc_hash_error.h. +*/ +CCError_t CC_KdfKeyDerivFunc( + uint8_t *pZzSecret, /*!< [in] A pointer to shared secret value octet string. */ + size_t zzSecretSize, /*!< [in] The size of the shared secret value in bytes. + The maximal size is defined as: ::CC_KDF_MAX_SIZE_OF_SHARED_SECRET_VALUE. */ + CCKdfOtherInfo_t *pOtherInfo, /*!< [in] A pointer to the structure, containing pointers to the data, shared by + two entities of agreement, depending on KDF mode: +
  • In KDF ASN1 mode OtherInfo includes ASN1 DER encoding of AlgorithmID (mandatory), + and some optional data entries as described in section 7.7.1 of the ANSI X9.42-2003: + Public Key Cryptography for the Financial Services Industry: Agreement of Symmetric Keys Using + Discrete Logarithm Cryptography standard.
    • +
  • In both ISO/IEC 18033-2:2006: Information technology -- Security techniques -- Encryption algorithms -- Part 2: + Asymmetric ciphers standard: KDF1 and KDF2 modes this parameter is ignored and may be set to NULL.
    • +
  • In other modes it is optional and may be set to NULL.
*/ + CCKdfHashOpMode_t kdfHashMode, /*!< [in] The KDF identifier of hash function to be used. The hash function output + must be at least 160 bits. */ + CCKdfDerivFuncMode_t derivMode, /*!< [in] The enum value, specifies one of above described derivation modes. */ + uint8_t *pKeyingData, /*!< [out] A pointer to the buffer for derived keying data. */ + size_t keyingDataSize /*!< [in] The size in bytes of the keying data to be derived. + The maximal size is defined as :: CC_KDF_MAX_SIZE_OF_KEYING_DATA. */ ); + +/*********************************************************************************************************/ +/*! + CC_KdfAsn1KeyDerivFunc is a macro that performs key derivation according to ASN1 DER encoding method defined + in section 7.2.1 of ANSI X9.42-2003: Public Key Cryptography for the Financial Services Industry: Agreement of Symmetric Keys Using Discrete Logarithm Cryptography standard. + For a description of the parameters see ::CC_KdfKeyDerivFunc. +*/ +#define CC_KdfAsn1KeyDerivFunc(ZZSecret_ptr,ZZSecretSize,OtherInfo_ptr,kdfHashMode,KeyingData_ptr,KeyLenInBytes)\ + CC_KdfKeyDerivFunc((ZZSecret_ptr),(ZZSecretSize),(OtherInfo_ptr),(kdfHashMode),CC_KDF_ASN1_DerivMode,(KeyingData_ptr),(KeyLenInBytes)) + + +/*********************************************************************************************************/ +/*! + CC_KdfConcatKeyDerivFunc is a macro that performs key derivation according to concatenation mode defined + in section 7.2.2 of ANSI X9.42-2003: Public Key Cryptography for the Financial Services Industry: Agreement of Symmetric Keys Using Discrete Logarithm Cryptography + standard and also meets ANSI X9.63-2011: Public Key Cryptography for the Financial Services Industry - Key Agreement and Key Transport Using Elliptic Curve + Cryptography standard. For a description of the parameters see ::CC_KdfKeyDerivFunc. +*/ +#define CC_KdfConcatKeyDerivFunc(ZZSecret_ptr,ZZSecretSize,OtherInfo_ptr,kdfHashMode,KeyingData_ptr,KeyLenInBytes)\ + CC_KdfKeyDerivFunc((ZZSecret_ptr),(ZZSecretSize),(OtherInfo_ptr),(kdfHashMode),CC_KDF_ConcatDerivMode,(KeyingData_ptr),(KeyLenInBytes)) + + +#ifdef __cplusplus +} +#endif +/** +@} + */ +#endif diff --git a/include/mbedtls_extra/cc_pal_compiler.h b/include/mbedtls_extra/cc_pal_compiler.h new file mode 100644 index 0000000..d0289c2 --- /dev/null +++ b/include/mbedtls_extra/cc_pal_compiler.h @@ -0,0 +1,210 @@ +/* + * Copyright (c) 2001-2019, Arm Limited and Contributors. All rights reserved. + * + * SPDX-License-Identifier: BSD-3-Clause + */ + +/*! + @addtogroup cc_pal_compiler + @{ + */ + +/*! + @file + @brief This file contains CryptoCell PAL platform-dependent compiler-related + definitions. + */ + + +#ifndef __CC_PAL_COMPILER_H__ +#define __CC_PAL_COMPILER_H__ + +#ifdef __GNUC__ + +/* *********************** Defines ******************************/ + +/*! Associate a symbol with a link section. */ +#define CC_PAL_COMPILER_SECTION(sectionName) __attribute__((section(sectionName))) + +/*! Mark symbol as used, that is, prevent the garbage collector from +dropping it. */ +#define CC_PAL_COMPILER_KEEP_SYMBOL __attribute__((used)) + +/*! Align a given data item in bytes. */ +#define CC_PAL_COMPILER_ALIGN(alignement) __attribute__((aligned(alignement))) + +/*! Mark a function that never returns. */ +#define CC_PAL_COMPILER_FUNC_NEVER_RETURNS __attribute__((noreturn)) + +/*! Prevent a function from being inlined. */ +#define CC_PAL_COMPILER_FUNC_DONT_INLINE __attribute__((noinline)) + +/*! Given data type might serve as an alias for another data-type pointer. */ +/* (this is used for "superclass" struct casting) */ +#define CC_PAL_COMPILER_TYPE_MAY_ALIAS __attribute__((__may_alias__)) + +/*! Get the size of a structure-type member. */ +#define CC_PAL_COMPILER_SIZEOF_STRUCT_MEMBER(type_name, member_name) \ + sizeof(((type_name *)0)->member_name) + +/*! Definition of assertion. */ +#define CC_ASSERT_CONCAT_(a, b) a##b +/*! Definition of assertion. */ +#define CC_ASSERT_CONCAT(a, b) CC_ASSERT_CONCAT_(a, b) +/*! Definition of assertion. */ +#define CC_PAL_COMPILER_ASSERT(cond, message) \ + enum { CC_ASSERT_CONCAT(assert_line_, __LINE__) = 1/(!!(cond)) } + +#elif defined(__ARM_DSM__) +#define inline + +/*! Associate a symbol with a link section. */ +#define CC_PAL_COMPILER_SECTION(sectionName) __attribute__((section(sectionName))) + +/*! Mark a symbol as used, that is, prevent garbage collector from +dropping it. */ +#define CC_PAL_COMPILER_KEEP_SYMBOL __attribute__((used)) + +/*! Align a given data item in bytes. */ +#define CC_PAL_COMPILER_ALIGN(alignement) __attribute__((aligned(alignement))) + +/*! Mark a function that never returns. */ +#define CC_PAL_COMPILER_FUNC_NEVER_RETURNS __attribute__((noreturn)) + +/*! Prevent a function from being inlined. */ +#define CC_PAL_COMPILER_FUNC_DONT_INLINE __attribute__((noinline)) + +/*! Given data type might serve as an alias for another data-type pointer. */ +/* (this is used for "superclass" struct casting) */ +#define CC_PAL_COMPILER_TYPE_MAY_ALIAS __attribute__((__may_alias__)) + +/*! Get the size of a structure-type member. */ +#define CC_PAL_COMPILER_SIZEOF_STRUCT_MEMBER(type_name, member_name) \ + sizeof(((type_name *)0)->member_name) + +/*! Definition of assertion. */ +#define CC_ASSERT_CONCAT_(a, b) a##b +/*! Definition of assertion. */ +#define CC_ASSERT_CONCAT(a, b) CC_ASSERT_CONCAT_(a, b) +/*! Definition of assertion. */ +#define CC_PAL_COMPILER_ASSERT(cond, message) \ + enum { CC_ASSERT_CONCAT(assert_line_, __LINE__) = 1/(!!(cond)) } + + +#elif defined(__ARM_DS__) +#define inline + +/*! Associate a symbol with a link section. */ +#define CC_PAL_COMPILER_SECTION(sectionName) __attribute__((section(sectionName))) + +/*! Mark a symbol as used, that is, prevent garbage collector from +dropping it. */ +#define CC_PAL_COMPILER_KEEP_SYMBOL __attribute__((used)) + +/*! Align a given data item in bytes. */ +#define CC_PAL_COMPILER_ALIGN(alignement) __attribute__((aligned(alignement))) + +/*! Mark a function that never returns. */ +#define CC_PAL_COMPILER_FUNC_NEVER_RETURNS __attribute__((noreturn)) + +/*! Prevent a function from being inlined. */ +#define CC_PAL_COMPILER_FUNC_DONT_INLINE __attribute__((noinline)) + +/*! Given data type might serve as an alias for another data-type pointer. */ +/* (this is used for "superclass" struct casting) */ +#define CC_PAL_COMPILER_TYPE_MAY_ALIAS + +/*! Get the size of a structure-type member. */ +#define CC_PAL_COMPILER_SIZEOF_STRUCT_MEMBER(type_name, member_name) \ + sizeof(((type_name *)0)->member_name) + +/*! Definition of assertion. */ +#define CC_ASSERT_CONCAT_(a, b) a##b +/*! Definition of assertion. */ +#define CC_ASSERT_CONCAT(a, b) CC_ASSERT_CONCAT_(a, b) +/*! Definition of assertion. */ +#define CC_PAL_COMPILER_ASSERT(cond, message) \ + enum { CC_ASSERT_CONCAT(assert_line_, __LINE__) = 1/(!!(cond)) } + + +#elif defined(__ARM_DS5__) +#define inline __inline + + +/*! Associate a symbol with a link section. */ +#define CC_PAL_COMPILER_SECTION(sectionName) __attribute__((section(sectionName))) + +/*! Mark a symbol as used, that is, prevent garbage collector from +dropping it. */ +#define CC_PAL_COMPILER_KEEP_SYMBOL __attribute__((used)) + +/*! Align a given data item in bytes. */ +#define CC_PAL_COMPILER_ALIGN(alignement) __attribute__((aligned(alignement))) + +/*! Mark a function that never returns. */ +#define CC_PAL_COMPILER_FUNC_NEVER_RETURNS __attribute__((noreturn)) + +/*! Prevent a function from being inlined. */ +#define CC_PAL_COMPILER_FUNC_DONT_INLINE __attribute__((noinline)) + +/*! Given data type might serve as an alias for another data-type pointer. */ +/* (this is used for "superclass" struct casting) */ +#define CC_PAL_COMPILER_TYPE_MAY_ALIAS + +/*! Get the size of a structure-type member. */ +#define CC_PAL_COMPILER_SIZEOF_STRUCT_MEMBER(type_name, member_name) \ + sizeof(((type_name *)0)->member_name) + +/*! Definition of assertion. */ +#define CC_ASSERT_CONCAT_(a, b) a##b +/*! Definition of assertion. */ +#define CC_ASSERT_CONCAT(a, b) CC_ASSERT_CONCAT_(a, b) +/*! Definition of assertion. */ +#define CC_PAL_COMPILER_ASSERT(cond, message) \ + enum { CC_ASSERT_CONCAT(assert_line_, __LINE__) = 1/(!!(cond)) } + +#elif defined(__ICCARM__) +#define inline __inline + + +/*! Associate a symbol with a link section. */ +#define CC_PAL_COMPILER_SECTION(sectionName) __attribute__((section(sectionName))) + +/*! Mark a symbol as used, that is, prevent garbage collector from +dropping it. */ +#define CC_PAL_COMPILER_KEEP_SYMBOL __attribute__((used)) + +/*! Align a given data item in bytes. */ +#define CC_PAL_COMPILER_ALIGN(alignement) __attribute__((aligned(alignement))) + +/*! Mark a function that never returns. */ +#define CC_PAL_COMPILER_FUNC_NEVER_RETURNS __attribute__((noreturn)) + +/*! Prevent a function from being inlined. */ +#define CC_PAL_COMPILER_FUNC_DONT_INLINE __attribute__((noinline)) + +/*! Given data type might serve as an alias for another data-type pointer. */ +/* (this is used for "superclass" struct casting) */ +#define CC_PAL_COMPILER_TYPE_MAY_ALIAS + +/*! Get the size of a structure-type member. */ +#define CC_PAL_COMPILER_SIZEOF_STRUCT_MEMBER(type_name, member_name) \ + sizeof(((type_name *)0)->member_name) + +/*! Definition of assertion. */ +#define CC_ASSERT_CONCAT_(a, b) a##b +/*! Definition of assertion. */ +#define CC_ASSERT_CONCAT(a, b) CC_ASSERT_CONCAT_(a, b) +/*! Definition of assertion. */ +#define CC_PAL_COMPILER_ASSERT(cond, message) \ + enum { CC_ASSERT_CONCAT(assert_line_, __LINE__) = 1/(!!(cond)) } + +#else +#error Unsupported compiler. +#endif + +/*! + @} + */ + +#endif /*__CC_PAL_COMPILER_H__*/ diff --git a/include/mbedtls_extra/cc_pal_types.h b/include/mbedtls_extra/cc_pal_types.h new file mode 100644 index 0000000..3c60f57 --- /dev/null +++ b/include/mbedtls_extra/cc_pal_types.h @@ -0,0 +1,95 @@ +/* + * Copyright (c) 2001-2019, Arm Limited and Contributors. All rights reserved. + * + * SPDX-License-Identifier: BSD-3-Clause + */ + +/*! + @addtogroup cc_pal_types + @{ +*/ + +/*! + @file + @brief This file contains definitions and types of CryptoCell PAL platform-dependent APIs. + */ + +#ifndef CC_PAL_TYPES_H +#define CC_PAL_TYPES_H + +#include "cc_pal_types_plat.h" + +/*! Boolean types.*/ +typedef enum { + /*! Boolean false definition.*/ + CC_FALSE = 0, + /*! Boolean true definition.*/ + CC_TRUE = 1 +} CCBool; + +/*! Success definition. */ +#define CC_SUCCESS 0UL +/*! Failure definition. */ +#define CC_FAIL 1UL + +/*! Success (OK) definition. */ +#define CC_OK 0 + +/*! Handles unused parameters in the code, to avoid compilation warnings. */ +#define CC_UNUSED_PARAM(prm) ((void)prm) + +/*! The maximal uint32 value.*/ +#define CC_MAX_UINT32_VAL (0xFFFFFFFF) + + +/* Minimal and Maximal macros */ +#ifdef min +/*! Definition for minimal calculation. */ +#define CC_MIN(a,b) min( a , b ) +#else +/*! Definition for minimal calculation. */ +#define CC_MIN( a , b ) ( ( (a) < (b) ) ? (a) : (b) ) +#endif + +#ifdef max +/*! Definition for maximal calculation. */ +#define CC_MAX(a,b) max( a , b ) +#else +/*! Definition for maximal calculation.. */ +#define CC_MAX( a , b ) ( ( (a) > (b) ) ? (a) : (b) ) +#endif + +/*! This macro calculates the number of full bytes from bits, where seven bits +are one byte. */ +#define CALC_FULL_BYTES(numBits) ((numBits)/CC_BITS_IN_BYTE + (((numBits) & (CC_BITS_IN_BYTE-1)) > 0)) +/*! This macro calculates the number of full 32-bit words from bits, where +31 bits are one word. */ +#define CALC_FULL_32BIT_WORDS(numBits) ((numBits)/CC_BITS_IN_32BIT_WORD + (((numBits) & (CC_BITS_IN_32BIT_WORD-1)) > 0)) +/*! This macro calculates the number of full 32-bit words from bytes, where +three bytes are one word. */ +#define CALC_32BIT_WORDS_FROM_BYTES(sizeBytes) ((sizeBytes)/CC_32BIT_WORD_SIZE + (((sizeBytes) & (CC_32BIT_WORD_SIZE-1)) > 0)) +/*! This macro calculates the number of full 32-bit words from 64-bits +dwords. */ +#define CALC_32BIT_WORDS_FROM_64BIT_DWORD(sizeWords) (sizeWords * CC_32BIT_WORD_IN_64BIT_DWORD) +/*! This macro rounds up bits to 32-bit words. */ +#define ROUNDUP_BITS_TO_32BIT_WORD(numBits) (CALC_FULL_32BIT_WORDS(numBits) * CC_BITS_IN_32BIT_WORD) +/*! This macro rounds up bits to bytes. */ +#define ROUNDUP_BITS_TO_BYTES(numBits) (CALC_FULL_BYTES(numBits) * CC_BITS_IN_BYTE) +/*! This macro rounds up bytes to 32-bit words. */ +#define ROUNDUP_BYTES_TO_32BIT_WORD(sizeBytes) (CALC_32BIT_WORDS_FROM_BYTES(sizeBytes) * CC_32BIT_WORD_SIZE) +/*! Definition of 1 KB in bytes. */ +#define CC_1K_SIZE_IN_BYTES 1024 +/*! Definition of number of bits in a byte. */ +#define CC_BITS_IN_BYTE 8 +/*! Definition of number of bits in a 32-bits word. */ +#define CC_BITS_IN_32BIT_WORD 32 +/*! Definition of number of bytes in a 32-bits word. */ +#define CC_32BIT_WORD_SIZE 4 +/*! Definition of number of 32-bits words in a 64-bits dword. */ +#define CC_32BIT_WORD_IN_64BIT_DWORD 2 + + +/*! + @} +*/ +#endif diff --git a/include/mbedtls_extra/cc_pal_types_plat.h b/include/mbedtls_extra/cc_pal_types_plat.h new file mode 100644 index 0000000..2d90da1 --- /dev/null +++ b/include/mbedtls_extra/cc_pal_types_plat.h @@ -0,0 +1,35 @@ +/* + * Copyright (c) 2001-2019, Arm Limited and Contributors. All rights reserved. + * + * SPDX-License-Identifier: BSD-3-Clause + */ + +/*! @file +@brief This file contains basic platform-dependent type definitions. +*/ +#ifndef _CC_PAL_TYPES_PLAT_H +#define _CC_PAL_TYPES_PLAT_H +/* Host specific types for standard (ISO-C99) compliant platforms */ + +#include +#include +#include + +/*! Type definition for virtual address. */ +typedef uintptr_t CCVirtAddr_t; +/*! Type Definition for boolean variable. */ +typedef uint32_t CCBool_t; +/*! Type definition for return status. */ +typedef uint32_t CCStatus; + +/*! Type definition for error return. */ +#define CCError_t CCStatus +/*! Defines inifinite value, used to define unlimited time frame. */ +#define CC_INFINITE 0xFFFFFFFF + +/*! Type definition for C export. */ +#define CEXPORT_C +/*! Type definition for C import. */ +#define CIMPORT_C + +#endif /*_CC_PAL_TYPES_PLAT_H*/ diff --git a/include/mbedtls_extra/cc_pka_defs_hw.h b/include/mbedtls_extra/cc_pka_defs_hw.h new file mode 100644 index 0000000..20afbab --- /dev/null +++ b/include/mbedtls_extra/cc_pka_defs_hw.h @@ -0,0 +1,93 @@ +/* + * Copyright (c) 2001-2019, Arm Limited and Contributors. All rights reserved. + * + * SPDX-License-Identifier: BSD-3-Clause + */ + +/*! + @addtogroup cc_pka_defs_hw + @{ + */ + +/*! + @file + @brief This file contains all of the enums and definitions that are used in + PKA APIs. + */ + +#ifndef _CC_PKA_DEFS_HW_H_ +#define _CC_PKA_DEFS_HW_H_ + +#include "cc_pal_types.h" +#include "cc_pka_hw_plat_defs.h" + +/* The valid key sizes in bits for RSA primitives (exponentiation) */ +/*! The maximal RSA modulus size. */ +#define CC_RSA_MAXIMUM_MOD_BUFFER_SIZE_IN_WORDS ((CC_RSA_MAX_VALID_KEY_SIZE_VALUE_IN_BITS + CC_PKA_WORD_SIZE_IN_BITS) / CC_BITS_IN_32BIT_WORD ) +/*! The maximal EC modulus size. */ +#define CC_ECPKI_MODUL_MAX_LENGTH_IN_BITS 521 + +/*! The size of the buffers for Barrett modulus tag NP, used in PKI +algorithms. */ +#define CC_PKA_BARRETT_MOD_TAG_BUFF_SIZE_IN_WORDS 5 +/*! The size of the buffers for Barrett modulus tag NP, used in ECC. */ +#define CC_PKA_ECPKI_BARRETT_MOD_TAG_BUFF_SIZE_IN_WORDS CC_PKA_BARRETT_MOD_TAG_BUFF_SIZE_IN_WORDS +/*! The actual size of Barrett modulus tag NP in words for current +HW platform. */ +#define CC_PKA_BARRETT_MOD_TAG_SIZE_IN_WORDS \ + (((CC_PKA_WORD_SIZE_IN_BITS + PKA_EXTRA_BITS - 1) + (CC_BITS_IN_32BIT_WORD - 1)) / CC_BITS_IN_32BIT_WORD ) +/*! The maximal size of the PKA modulus. */ +#define CC_PKA_MAXIMUM_MOD_BUFFER_SIZE_IN_WORDS CC_RSA_MAXIMUM_MOD_BUFFER_SIZE_IN_WORDS +/*! The maximal size of the PKA public-key in words. */ +#define CC_PKA_PUB_KEY_BUFF_SIZE_IN_WORDS (2*CC_PKA_BARRETT_MOD_TAG_BUFF_SIZE_IN_WORDS) +/*! The maximal size of the PKA private-key in words. */ +#define CC_PKA_PRIV_KEY_BUFF_SIZE_IN_WORDS (2*CC_PKA_BARRETT_MOD_TAG_BUFF_SIZE_IN_WORDS) +/*! The maximal size of the PKA KG buffer in words */ +#define CC_PKA_KGDATA_BUFF_SIZE_IN_WORDS (3*CC_PKA_MAXIMUM_MOD_BUFFER_SIZE_IN_WORDS + 3*CC_PKA_BARRETT_MOD_TAG_BUFF_SIZE_IN_WORDS) + +/*! The maximal size of the EC modulus in words. */ +#define CC_ECPKI_MODUL_MAX_LENGTH_IN_WORDS 18 /*!< \internal [(CC_ECPKI_MODUL_MAX_LENGTH_IN_BITS + 31)/(sizeof(uint32_t)) + 1] */ +/*! The maximal size of the EC order in words. */ +#define CC_ECPKI_ORDER_MAX_LENGTH_IN_WORDS (CC_ECPKI_MODUL_MAX_LENGTH_IN_WORDS + 1) +/*! The maximal size of the EC domain in words. */ +#define CC_PKA_DOMAIN_BUFF_SIZE_IN_WORDS (2*CC_PKA_BARRETT_MOD_TAG_BUFF_SIZE_IN_WORDS) + +/*! The ECC NAF buffer definitions. */ +#define COUNT_NAF_WORDS_PER_KEY_WORD 8 /*!< \internal Change according to NAF representation (? 2)*/ +/*! The maximal length of the ECC NAF buffer. */ +#define CC_PKA_ECDSA_NAF_BUFF_MAX_LENGTH_IN_WORDS (COUNT_NAF_WORDS_PER_KEY_WORD*CC_ECPKI_ORDER_MAX_LENGTH_IN_WORDS + 1) + +#ifndef CC_SUPPORT_ECC_SCA_SW_PROTECT +/* on fast SCA non protected mode required additional buffers for NAF key */ +/*! The size of the Scalar buffer in words. */ +#define CC_PKA_ECPKI_SCALAR_MUL_BUFF_MAX_LENGTH_IN_WORDS (CC_PKA_ECDSA_NAF_BUFF_MAX_LENGTH_IN_WORDS+CC_ECPKI_MODUL_MAX_LENGTH_IN_WORDS+2) +#else +/*! The size of the Scalar buffer in words. */ +#define CC_PKA_ECPKI_SCALAR_MUL_BUFF_MAX_LENGTH_IN_WORDS 1 /*(4*CC_ECPKI_MODUL_MAX_LENGTH_IN_WORDS)*/ +#endif +/*! The size of the ECC temporary buffer in words. */ +#define CC_PKA_ECPKI_BUILD_TMP_BUFF_MAX_LENGTH_IN_WORDS (3*CC_ECPKI_MODUL_MAX_LENGTH_IN_WORDS+CC_PKA_ECPKI_SCALAR_MUL_BUFF_MAX_LENGTH_IN_WORDS) +/*! The size of the ECC sign temporary buffer in words. */ +#define CC_PKA_ECDSA_SIGN_BUFF_MAX_LENGTH_IN_WORDS (6*CC_ECPKI_MODUL_MAX_LENGTH_IN_WORDS+CC_PKA_ECPKI_SCALAR_MUL_BUFF_MAX_LENGTH_IN_WORDS) +/*! The size of the ECC ECDH temporary-buffer in words. */ +#define CC_PKA_ECDH_BUFF_MAX_LENGTH_IN_WORDS (2*CC_ECPKI_ORDER_MAX_LENGTH_IN_WORDS + CC_PKA_ECPKI_SCALAR_MUL_BUFF_MAX_LENGTH_IN_WORDS) +/*! The size of the PKA KG temporary-buffer in words. */ +#define CC_PKA_KG_BUFF_MAX_LENGTH_IN_WORDS (2*CC_ECPKI_ORDER_MAX_LENGTH_IN_WORDS + CC_PKA_ECPKI_SCALAR_MUL_BUFF_MAX_LENGTH_IN_WORDS) +/*! The size of the ECC verify temporary-buffer in words. */ +#define CC_PKA_ECDSA_VERIFY_BUFF_MAX_LENGTH_IN_WORDS (3*CC_ECPKI_MODUL_MAX_LENGTH_IN_WORDS) + +/* *************************************************************************** */ +/*! The maximal size of the modulus buffers for CC_EC_MONT and EC_EDW in +bytes.*/ +#define CC_EC_MONT_EDW_MODULUS_MAX_SIZE_IN_BYTES 32U /*!< \internal for Curve25519 */ +/*! The maximal size of the modulus buffers for CC_EC_MONT and EC_EDW in +words. */ +#define CC_EC_MONT_EDW_MODULUS_MAX_SIZE_IN_WORDS 8U /*!< \internal for Curve25519 */ +/*! The size of the ECC Montgomery temporary buffer in words. */ +#define CC_EC_MONT_TEMP_BUFF_SIZE_IN_32BIT_WORDS (8 * CC_EC_MONT_EDW_MODULUS_MAX_SIZE_IN_WORDS) /*!< \internal Change according to actual requirements */ +/*! The size of the ECC Edwards temporary buffer in words. */ +#define CC_EC_EDW_TEMP_BUFF_SIZE_IN_31BIT_WORDS (8*CC_EC_MONT_EDW_MODULUS_MAX_SIZE_IN_WORDS + (sizeof(CCHashUserContext_t)+CC_32BIT_WORD_SIZE-1)/CC_32BIT_WORD_SIZE) +/*! + @} + */ +#endif /*_CC_PKA_DEFS_HW_H_*/ diff --git a/include/mbedtls_extra/cc_rnd_common.h b/include/mbedtls_extra/cc_rnd_common.h new file mode 100644 index 0000000..9ec29b6 --- /dev/null +++ b/include/mbedtls_extra/cc_rnd_common.h @@ -0,0 +1,246 @@ +/************************************************************************************** +* Copyright (c) 2016-2019, Arm Limited (or its affiliates). All rights reserved * +* * +* This file and the related binary are licensed under the following license: * +* * +* ARM Object Code and Header Files License, v1.0 Redistribution. * +* * +* Redistribution and use of object code, header files, and documentation, without * +* modification, are permitted provided that the following conditions are met: * +* * +* 1) Redistributions must reproduce the above copyright notice and the * +* following disclaimer in the documentation and/or other materials * +* provided with the distribution. * +* * +* 2) Unless to the extent explicitly permitted by law, no reverse * +* engineering, decompilation, or disassembly of is permitted. * +* * +* 3) Redistribution and use is permitted solely for the purpose of * +* developing or executing applications that are targeted for use * +* on an ARM-based product. * +* * +* DISCLAIMER. THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND * +* CONTRIBUTORS "AS IS." ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT * +* NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY, NON-INFRINGEMENT, * +* AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE * +* COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, * +* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED * +* TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR * +* PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF * +* LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING * +* NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * +* SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. * +**************************************************************************************/ + +/*! + @addtogroup cc_rnd + @{ + */ + +/*! + @file + @brief This file contains the CryptoCell random-number generation (RNG) APIs. + + The random-number generation module implements NIST Special Publication + 800-90A: Recommendation for Random Number Generation Using Deterministic + Random Bit Generators. + */ + + +#ifndef _CC_RND_COMMON_H +#define _CC_RND_COMMON_H + +#include "cc_error.h" +#include "cc_aes_defs.h" + +#ifdef __cplusplus +extern "C" +{ +#endif + +/************************ Defines ******************************/ + +/* RND seed and additional input sizes */ +/*! The maximal size of the random seed in words. */ +#define CC_RND_SEED_MAX_SIZE_WORDS 12 +#ifndef USE_MBEDTLS_CRYPTOCELL +#ifndef CC_RND_ADDITINAL_INPUT_MAX_SIZE_WORDS +/*! The maximal size of the additional input-data in words. */ +#define CC_RND_ADDITINAL_INPUT_MAX_SIZE_WORDS CC_RND_SEED_MAX_SIZE_WORDS +#endif +#endif +/* maximal requested size counter (12 bits active) - maximal count +of generated random 128 bit blocks allowed per one request of +Generate function according NIST 800-90 it is (2^12 - 1) = 0x3FFFF */ +/* Max size for one RNG generation (in bits) = + max_num_of_bits_per_request = 2^19 (FIPS 800-90 Tab.3) */ +/*! The maximal size of the generated vector in bits. */ +#define CC_RND_MAX_GEN_VECTOR_SIZE_BITS 0x7FFFF +/*! The maximal size of the generated random vector in bytes. */ +#define CC_RND_MAX_GEN_VECTOR_SIZE_BYTES 0xFFFF +/*! The maximal size of the generated vector in bytes. */ +#define CC_RND_REQUESTED_SIZE_COUNTER 0x3FFFF + +/* Definitions of temp buffer for RND_DMA */ +/*******************************************************************/ +/* Definitions of temp buffer for DMA */ +/*! The size of the temporary buffer in words. */ +#define CC_RND_WORK_BUFFER_SIZE_WORDS 136 + +/*! The definition of the RAM buffer, for internal use in instantiation or +reseeding operations. */ +typedef struct +{ + /*! The internal buffer. */ + uint32_t ccRndIntWorkBuff[CC_RND_WORK_BUFFER_SIZE_WORDS]; +}CCRndWorkBuff_t; + + +/* RND source buffer inner (entrpopy) offset */ +/*! The definition of the internal offset in words. */ +#define CC_RND_TRNG_SRC_INNER_OFFSET_WORDS 2 +/*! The definition of the internal offset in bytes. */ +#define CC_RND_TRNG_SRC_INNER_OFFSET_BYTES (CC_RND_TRNG_SRC_INNER_OFFSET_WORDS*sizeof(uint32_t)) + + +/************************ Enumerators ****************************/ + +/*! The definition of the random operation modes. */ +typedef enum +{ + /*! HW entropy estimation: 800-90B or full. */ + CC_RND_FE = 1, + /*! Reserved. */ + CC_RND_ModeLast = 0x7FFFFFFF, +} CCRndMode_t; + + +/************************ Structs *****************************/ + + +/* The internal state of DRBG mechanism based on AES CTR and CBC-MAC + algorithms. It is set as global data defined by the following + structure */ +/*! + + @brief The structure for the RND state. + This includes internal data that must be saved by the user between boots. + */ +typedef struct +{ +#ifndef USE_MBEDTLS_CRYPTOCELL + /* Seed buffer, consists from concatenated Key||V: max size 12 words */ + /*! The random-seed buffer. */ + uint32_t Seed[CC_RND_SEED_MAX_SIZE_WORDS]; + /* Previous value for continuous test */ + /*! The previous random data, used for continuous test. */ + uint32_t PreviousRandValue[CC_AES_CRYPTO_BLOCK_SIZE_IN_WORDS]; + /* AdditionalInput buffer max size = seed max size words + 4w for padding*/ + /*! The previous additional-input buffer. */ + uint32_t PreviousAdditionalInput[CC_RND_ADDITINAL_INPUT_MAX_SIZE_WORDS+3]; + /*! The additional-input buffer. */ + uint32_t AdditionalInput[CC_RND_ADDITINAL_INPUT_MAX_SIZE_WORDS+4]; + /*! The size of the additional input in words. */ + uint32_t AddInputSizeWords; + /*! The size of the entropy source in words. */ + uint32_t EntropySourceSizeWords; + /*! The Reseed counter (32-bit active). Indicates the number of requests + for entropy since instantiation or reseeding. */ + uint32_t ReseedCounter; + /*! The key size in words, according to security strength: 128 bits: + 4 words. 256 bits: 8 words. */ + uint32_t KeySizeWords; + /* State flag (see definition of StateFlag above), containing bit-fields, defining: + - b'0: instantiation steps: 0 - not done, 1 - done; + - 2b'9,8: working or testing mode: 0 - working, 1 - KAT DRBG test, 2 - + KAT TRNG test; + b'16: flag defining is Previous random valid or not: + 0 - not valid, 1 - valid */ + /*! The state flag used internally in the code. */ + uint32_t StateFlag; + /* validation tag */ + /*! The validation tag used internally in the code. */ + uint32_t ValidTag; + /*! The size of the RND source entropy in bits. */ + uint32_t EntropySizeBits; + +#endif + /*! The TRNG process state used internally in the code. */ + uint32_t TrngProcesState; + +} CCRndState_t; + + +/*! The RND vector-generation function pointer. */ +typedef int (*CCRndGenerateVectWorkFunc_t)( \ + /*! A pointer to the RND-state context. */ + void *rndState_ptr, \ + /*! A pointer to the output buffer. */ + unsigned char *out_ptr, \ + /*! The size of the output in bytes. */ + size_t outSizeBytes + ); + + +/*! The definition of the RND context that includes the CryptoCell + RND state structure, and a function pointer for the RND-generation + function. */ +typedef struct +{ + /*! A pointer to the internal state of the RND. + Note: This pointer should be allocated in a physical and contiguous + memory, that is accessible to the CryptoCell DMA. This pointer should + be allocated and assigned before calling CC_LibInit(). */ + void * rndState; + /*! A pointer to the entropy context. Note: This pointer should be + allocated and assigned before calling CC_LibInit(). */ + void * entropyCtx; + /*! A pointer to the user-given function for generation a random + vector. */ + CCRndGenerateVectWorkFunc_t rndGenerateVectFunc; +} CCRndContext_t; + + + + + +/*****************************************************************************/ +/********************** Public Functions *************************/ +/*****************************************************************************/ + + +/****************************************************************************************/ +/*! + @brief This function sets the RND vector-generation function into the RND + context. + + It is called as part of Arm CryptoCell library initialization, to + set the RND vector generation function into the primary RND context. + + @note It must be called before any other API that requires the RND context as + a parameter. + + @return \c CC_OK on success. + @return A non-zero value from cc_rnd_error.h on failure. + */ +CCError_t CC_RndSetGenerateVectorFunc( + /*! [in/out] A pointer to the RND context buffer that is allocated + by the user, which is used to maintain the RND state, as well as + pointers to the functions used for random vector generation. */ + CCRndContext_t *rndContext_ptr, + /*! [in] A pointer to the \c CC_RndGenerateVector random + vector-generation function. */ + CCRndGenerateVectWorkFunc_t rndGenerateVectFunc +); + + + + +#ifdef __cplusplus +} +#endif + +/*! + @} + */ +#endif /* #ifndef _CC_RND_COMMON_H */ diff --git a/include/mbedtls_extra/cc_rnd_error.h b/include/mbedtls_extra/cc_rnd_error.h new file mode 100644 index 0000000..01fa7ef --- /dev/null +++ b/include/mbedtls_extra/cc_rnd_error.h @@ -0,0 +1,120 @@ +/* + * Copyright (c) 2001-2019, Arm Limited and Contributors. All rights reserved. + * + * SPDX-License-Identifier: BSD-3-Clause + */ + + +#ifndef _CC_RND_ERROR_H +#define _CC_RND_ERROR_H + +#include "cc_error.h" + +#ifdef __cplusplus +extern "C" +{ +#endif + + +/*! +@file +@brief This file contains the definitions of the CryptoCell RND errors. +@defgroup cc_rnd_error CryptoCell RND specific errors +@{ +@ingroup cc_rnd +*/ + + +/************************ Defines ******************************/ +/*! RND module on the CryptoCell layer base address - 0x00F00C00 */ +/*! Illegal output pointer.*/ +#define CC_RND_DATA_OUT_POINTER_INVALID_ERROR (CC_RND_MODULE_ERROR_BASE + 0x0UL) +/*! Random generation in range failed .*/ +#define CC_RND_CAN_NOT_GENERATE_RAND_IN_RANGE (CC_RND_MODULE_ERROR_BASE + 0x1UL) +/*! CPRNGT test failed.*/ +#define CC_RND_CPRNG_TEST_FAIL_ERROR (CC_RND_MODULE_ERROR_BASE + 0x2UL) +/*! Illegal additional data buffer. */ +#define CC_RND_ADDITIONAL_INPUT_BUFFER_NULL (CC_RND_MODULE_ERROR_BASE + 0x3UL) +/*! Illegal additional data size. */ +#define CC_RND_ADDITIONAL_INPUT_SIZE_ERROR (CC_RND_MODULE_ERROR_BASE + 0x4UL) +/*! Data size overflow. */ +#define CC_RND_DATA_SIZE_OVERFLOW_ERROR (CC_RND_MODULE_ERROR_BASE + 0x5UL) +/*! Illegal vector size. */ +#define CC_RND_VECTOR_SIZE_ERROR (CC_RND_MODULE_ERROR_BASE + 0x6UL) +/*! Reseed counter overflow - in case this error was returned instantiation or reseeding operation must be called. */ +#define CC_RND_RESEED_COUNTER_OVERFLOW_ERROR (CC_RND_MODULE_ERROR_BASE + 0x7UL) +/*! Instantiation was not yet called. */ +#define CC_RND_INSTANTIATION_NOT_DONE_ERROR (CC_RND_MODULE_ERROR_BASE + 0x8UL) +/*! TRNG loss of samples. */ +#define CC_RND_TRNG_LOSS_SAMPLES_ERROR (CC_RND_MODULE_ERROR_BASE + 0x9UL) +/*! TRNG Time exceeded limitations. */ +#define CC_RND_TRNG_TIME_EXCEED_ERROR (CC_RND_MODULE_ERROR_BASE + 0xAUL) +/*! TRNG loss of samples and time exceeded limitations. */ +#define CC_RND_TRNG_LOSS_SAMPLES_AND_TIME_EXCEED_ERROR (CC_RND_MODULE_ERROR_BASE + 0xBUL) +/*! RND is in Known Answer Test mode. */ +#define CC_RND_IS_KAT_MODE_ERROR (CC_RND_MODULE_ERROR_BASE + 0xCUL) +/*! RND operation not supported. */ +#define CC_RND_OPERATION_IS_NOT_SUPPORTED_ERROR (CC_RND_MODULE_ERROR_BASE + 0xDUL) +/*! RND validity check failed. */ +#define CC_RND_STATE_VALIDATION_TAG_ERROR (CC_RND_MODULE_ERROR_BASE + 0xEUL) +/*! RND is not supported. */ +#define CC_RND_IS_NOT_SUPPORTED (CC_RND_MODULE_ERROR_BASE + 0xFUL) + +/*! Illegal generate vector function pointer. */ +#define CC_RND_GEN_VECTOR_FUNC_ERROR (CC_RND_MODULE_ERROR_BASE + 0x14UL) + +/*! Illegal work buffer pointer. */ +#define CC_RND_WORK_BUFFER_PTR_INVALID_ERROR (CC_RND_MODULE_ERROR_BASE + 0x20UL) +/*! Illegal AES key size. */ +#define CC_RND_ILLEGAL_AES_KEY_SIZE_ERROR (CC_RND_MODULE_ERROR_BASE + 0x21UL) +/*! Illegal data pointer. */ +#define CC_RND_ILLEGAL_DATA_PTR_ERROR (CC_RND_MODULE_ERROR_BASE + 0x22UL) +/*! Illegal data size. */ +#define CC_RND_ILLEGAL_DATA_SIZE_ERROR (CC_RND_MODULE_ERROR_BASE + 0x23UL) +/*! Illegal parameter. */ +#define CC_RND_ILLEGAL_PARAMETER_ERROR (CC_RND_MODULE_ERROR_BASE + 0x24UL) +/*! Illegal RND state pointer. */ +#define CC_RND_STATE_PTR_INVALID_ERROR (CC_RND_MODULE_ERROR_BASE + 0x25UL) +/*! TRNG errors. */ +#define CC_RND_TRNG_ERRORS_ERROR (CC_RND_MODULE_ERROR_BASE + 0x26UL) +/*! Illegal context pointer. */ +#define CC_RND_CONTEXT_PTR_INVALID_ERROR (CC_RND_MODULE_ERROR_BASE + 0x27UL) +/*! Illegal output vector pointer. */ +#define CC_RND_VECTOR_OUT_PTR_ERROR (CC_RND_MODULE_ERROR_BASE + 0x30UL) +/*! Illegal output vector size. */ +#define CC_RND_VECTOR_OUT_SIZE_ERROR (CC_RND_MODULE_ERROR_BASE + 0x31UL) +/*! Maximal vector size is too small. */ +#define CC_RND_MAX_VECTOR_IS_TOO_SMALL_ERROR (CC_RND_MODULE_ERROR_BASE + 0x32UL) +/*! Illegal Known Answer Tests parameters. */ +#define CC_RND_KAT_DATA_PARAMS_ERROR (CC_RND_MODULE_ERROR_BASE + 0x33UL) +/*! TRNG Known Answer Test not supported. */ +#define CC_RND_TRNG_KAT_NOT_SUPPORTED_ERROR (CC_RND_MODULE_ERROR_BASE + 0x34UL) +/*! SRAM memory is not defined. */ +#define CC_RND_SRAM_NOT_SUPPORTED_ERROR (CC_RND_MODULE_ERROR_BASE + 0x35UL) +/*! AES operation failure. */ +#define CC_RND_AES_ERROR (CC_RND_MODULE_ERROR_BASE + 0x36UL) +/*! TRNG mode mismatch between PAL and lib */ +#define CC_RND_MODE_MISMATCH_ERROR (CC_RND_MODULE_ERROR_BASE + 0x37UL) + + +/************************ Enums ********************************/ + + +/************************ Typedefs ****************************/ + + +/************************ Structs ******************************/ + + +/************************ Public Variables **********************/ + + +/************************ Public Functions **********************/ + +#ifdef __cplusplus +} +#endif +/** +@} + */ +#endif diff --git a/include/mbedtls_extra/mbedtls_cc_aes_key_wrap.h b/include/mbedtls_extra/mbedtls_cc_aes_key_wrap.h new file mode 100644 index 0000000..9b9ce42 --- /dev/null +++ b/include/mbedtls_extra/mbedtls_cc_aes_key_wrap.h @@ -0,0 +1,135 @@ +/* + * Copyright (c) 2001-2019, Arm Limited and Contributors. All rights reserved. + * + * SPDX-License-Identifier: BSD-3-Clause + */ + +/*! + @file + @brief This file contains all of the CryptoCell key-wrapping APIs, their enums and definitions. + + The APIs support AES key wrapping as defined in NIST SP 800-38F: Recommendation for + Block Cipher Modes of Operation: Methods for Key Wrapping. + */ + +/*! + @defgroup cc_aes_keywrap CryptoCell AES key-wrapping APIs + @brief Contains CryptoCell key-wrapping APIs. + + See mbedtls_cc_aes_key_wrap.h. + @{ + @ingroup cc_aes + @} + */ + +#ifndef _MBEDTLS_CC_AES_KEY_WRAP_H +#define _MBEDTLS_CC_AES_KEY_WRAP_H + +#include "cc_pal_types.h" +#include "cc_error.h" + + +#ifdef __cplusplus +extern "C" +{ +#endif +/************************ Defines ******************************/ +/*! The size of the AES key-wrapping semiblock in Bytes. */ +#define CC_AES_KEYWRAP_SEMIBLOCK_SIZE_BYTES (CC_AES_BLOCK_SIZE_IN_BYTES >> 1) +/*! The size of the AES key-wrapping semiblock in words. */ +#define CC_AES_KEYWRAP_SEMIBLOCK_SIZE_WORDS (CC_AES_KEYWRAP_SEMIBLOCK_SIZE_BYTES >> 2) +/*! The AES key-wrapping semiblock to Bytes shift. */ +#define CC_AES_KEYWRAP_SEMIBLOCK_TO_BYTES_SHFT 3 +/*! AES key-wrapping with padding (KWP) maximum Bytes of padding. */ +#define CC_AES_KEYWRAP_MAX_PAD_LEN 7 + +/**********************************/ +/** ICVs - Integrity Check Value **/ +/**********************************/ + +/*! The 64-bit default ICV for KW mode. */ +#define CC_AES_KEYWRAP_ICV1 {0xA6A6A6A6, 0xA6A6A6A6} +/*! The 32-bit default ICV for KWP mode. */ +#define CC_AES_KEYWRAP_ICV2 {0xA65959A6, 0x00000000} + +/************************ Typedefs ****************************/ +/*! Supported modes of the AES key-wrapping operation: KW and KWP, as defined in + NIST SP 800-38F: Recommendation for Block Cipher Modes of Operation: Methods for Key Wrapping. */ +typedef enum keyWrapMode { + CC_AES_KEYWRAP_KW_MODE = 0, /*!< KW mode. */ + CC_AES_KEYWRAP_KWP_MODE = 1, /*!< KWP mode. */ + CC_AES_KEYWRAP_NUM_OF_MODES = 2, /*!< Allowed number of AES key-wrapping modes. */ + CC_AES_KEYWRAP_RESERVE32B = INT32_MAX /*!< Reserved. */ +}mbedtls_keywrap_mode_t; + + +/******************************************* Public Functions *****************************************/ + +/******************************************************************************************************/ +/******** AES key-wrapping FUNCTION *********/ +/******************************************************************************************************/ + +/*! + @brief This is the AES wrapping or encryption function. + + AES key-wrapping specifies a deterministic authenticated-encryption mode of operation of the + AES, according to NIST SP 800-38F: Recommendation for Block Cipher Modes of Operation: Methods for Key Wrapping. + Its purpose is to protect cryptographic keys. + It uses units of 8 Bytes called semiblocks. The minimal number of input semiblocks is: +
  • For KW mode: 2 semiblocks.
    • +
  • For KWP mode: 1 semiblock.
+ + The maximal size of the output in Bytes is 64KB. This is a system restriction. + The input to key-wrapping includes the following elements: +
  • Payload - text data that is both authenticated and encrypted.
    • +
  • Key - The encryption key for the AES operation.
+ + @return \c CC_OK on success. + @return A non-zero value on failure, as defined in mbedtls_cc_aes_key_wrap_error.h. + */ +CCError_t mbedtls_aes_key_wrap( + mbedtls_keywrap_mode_t keyWrapFlag, /*!< [in] The key-wrapping mode: KW or KWP. */ + uint8_t* keyBuf, /*!< [in] A pointer to AES key-wrapping key. */ + size_t keySize, /*!< [in] The size of the key in Bytes. Valid values are: + 16 Bytes, 24 Bytes, or 32 Bytes. */ + uint8_t* pPlainText, /*!< [in] A pointer to the plain-text data for encryption. The buffer must be contiguous. */ + size_t plainTextSize, /*!< [in] The size of the plain-text data in Bytes. */ + uint8_t* pCipherText, /*!< [out] A pointer to the cipher-text output data. The buffer must be contiguous. */ + size_t* pCipherTextSize /*!< [in/out] Input: A pointer to the size of the cipher-text output data buffer. + Output: The actual size of the cipher-text output data in Bytes. */ +); + +/*! + @brief This is the AES unwrapping or decryption function. + + AES key-wrapping specifies a deterministic authenticated-encryption mode of operation of the + AES, according to NIST SP 800-38F: Recommendation for Block Cipher Modes of Operation: Methods for Key Wrapping. + Its purpose is to protect cryptographic keys. + It uses units of 8 Bytes called semiblocks. The minimal number of input semiblocks is: +
  • For KW mode: 2 semiblocks.
    • +
  • For KWP mode: 1 semiblock.
+ The maximal size of the output in bytes is 64KB. This is a system restriction. + Input to key-wrapping includes the following elements: +
  • Payload - text data that is both authenticated and encrypted.
    • +
  • Key - The encryption key for the AES operation.
+ + @return \c CC_OK on success. + @return A non-zero value on failure, as defined in mbedtls_cc_aes_key_wrap_error.h. + */ +CCError_t mbedtls_aes_key_unwrap( + mbedtls_keywrap_mode_t keyWrapFlag, /*!< [in] The enumerator defining the key-wrapping mode: KW or KWP. */ + uint8_t* keyBuf, /*!< [in] A pointer to AES key-wrapping key. */ + size_t keySize, /*!< [in] The size of the key in Bytes. Valid values are: + 16 Bytes, 24 Bytes, or 32 Bytes. */ + uint8_t* pCipherText, /*!< [in] A pointer to the cipher-text data for decryption. The buffer must be contiguous. */ + size_t cipherTextSize, /*!< [in] The size of the cipher-text data in Bytes. */ + uint8_t* pPlainText, /*!< [out] A pointer to the plain-text output data. The buffer must be contiguous. */ + size_t* pPlainTextSize /*!< [in/out] Input: A pointer to the size of the plain-text output data buffer. + Output: The actual size of the plain-text output data in Bytes. */ +); + +#ifdef __cplusplus +} +#endif + +#endif /*#ifndef _MBEDTLS_CC_AES_KEY_WRAP_H*/ diff --git a/include/mbedtls_extra/mbedtls_cc_aes_key_wrap_error.h b/include/mbedtls_extra/mbedtls_cc_aes_key_wrap_error.h new file mode 100644 index 0000000..db48f86 --- /dev/null +++ b/include/mbedtls_extra/mbedtls_cc_aes_key_wrap_error.h @@ -0,0 +1,78 @@ +/* + * Copyright (c) 2001-2019, Arm Limited and Contributors. All rights reserved. + * + * SPDX-License-Identifier: BSD-3-Clause + */ + +/*! + @file mbedtls_cc_aes_key_wrap_error.h + @brief This file contains the error definitions of the CryptoCell AES key-wrapping APIs. + */ + +/*! + @defgroup cc_aes_keywrap_error Specific errors of the CryptoCell AES key-wrapping APIs + @brief Contains the CryptoCell AES key-wrapping-API error definitions. + + See mbedtls_cc_aes_key_wrap_error.h. + @{ + @ingroup cc_aes_keywrap + @} + */ + +#ifndef _CC_AES_KEYWRAP_ERROR_H +#define _CC_AES_KEYWRAP_ERROR_H + + +#include "cc_error.h" + +#ifdef __cplusplus +extern "C" +{ +#endif + + +/************************ Defines ******************************/ + +/* CryptoCell AES key-wrapping module errors. #CC_AES_KEYWRAP_MODULE_ERROR_BASE = 0x00F02800 */ + +/*! Invalid data-in text pointer. */ +#define CC_AES_KEYWRAP_DATA_IN_POINTER_INVALID_ERROR (CC_AES_KEYWRAP_MODULE_ERROR_BASE + 0x00UL) +/*! Invalid data-out text pointer. */ +#define CC_AES_KEYWRAP_DATA_OUT_POINTER_INVALID_ERROR (CC_AES_KEYWRAP_MODULE_ERROR_BASE + 0x01UL) +/*! Invalid key pointer. */ +#define CC_AES_KEYWRAP_INVALID_KEY_POINTER_ERROR (CC_AES_KEYWRAP_MODULE_ERROR_BASE + 0x02UL) +/*! Invalid key size. */ +#define CC_AES_KEYWRAP_ILLEGAL_KEY_SIZE_ERROR (CC_AES_KEYWRAP_MODULE_ERROR_BASE + 0x03UL) +/*! Illegal semiblocks number. */ +#define CC_AES_KEYWRAP_SEMIBLOCKS_NUM_ILLEGAL (CC_AES_KEYWRAP_MODULE_ERROR_BASE + 0x04UL) +/*! Invalid parameter pointer. */ +#define CC_AES_KEYWRAP_ILLEGAL_PARAMETER_PTR_ERROR (CC_AES_KEYWRAP_MODULE_ERROR_BASE + 0x05UL) +/*! Invalid encryption mode. */ +#define CC_AES_KEYWRAP_INVALID_ENCRYPT_MODE_ERROR (CC_AES_KEYWRAP_MODULE_ERROR_BASE + 0x06UL) +/*! Illegal data-in size. */ +#define CC_AES_KEYWRAP_DATA_IN_SIZE_ILLEGAL (CC_AES_KEYWRAP_MODULE_ERROR_BASE + 0x07UL) +/*! Illegal data-out size. */ +#define CC_AES_KEYWRAP_DATA_OUT_SIZE_ILLEGAL (CC_AES_KEYWRAP_MODULE_ERROR_BASE + 0x08UL) +/*! Illegal key-wrapping mode. */ +#define CC_AES_KEYWRAP_INVALID_KEYWRAP_MODE_ERROR (CC_AES_KEYWRAP_MODULE_ERROR_BASE + 0x09UL) +/*! Key Unwrap comparison failure. */ +#define CC_AES_KEYWRAP_UNWRAP_COMPARISON_ERROR (CC_AES_KEYWRAP_MODULE_ERROR_BASE + 0x0AUL) + +/*! Not supported. */ +#define CC_AES_KEYWRAP_IS_NOT_SUPPORTED (CC_AES_KEYWRAP_MODULE_ERROR_BASE + 0xFFUL) + +/************************ Enums ********************************/ + +/************************ Typedefs ****************************/ + +/************************ Structs *****************************/ + +/************************ Public Variables *********************/ + +/************************ Public Functions *********************/ + +#ifdef __cplusplus +} +#endif + +#endif /* _CC_AES_KEYWRAP_ERROR_H */ diff --git a/include/mbedtls_extra/mbedtls_cc_ec_mont_edw_error.h b/include/mbedtls_extra/mbedtls_cc_ec_mont_edw_error.h new file mode 100644 index 0000000..e572370 --- /dev/null +++ b/include/mbedtls_extra/mbedtls_cc_ec_mont_edw_error.h @@ -0,0 +1,84 @@ +/* + * Copyright (c) 2001-2019, Arm Limited and Contributors. All rights reserved. + * + * SPDX-License-Identifier: BSD-3-Clause + */ + +#ifndef _MBEDTLS_CC_EC_MONT_EDW_ERROR_H +#define _MBEDTLS_CC_EC_MONT_EDW_ERROR_H + + +/*! +@file +@brief This file contains the definitions of the CryptoCell ECC-25519 errors. +@defgroup cc_ecmontedw_error CryptoCell ECC-25519 errors +@{ +@ingroup cryptocell_api +*/ + +#include "cc_error.h" + +#ifdef __cplusplus +extern "C" +{ +#endif + + +/************************ Defines ******************************/ + +/********************************************************************************************************** + * CryptoCell ECC-25519 MODULE ERRORS base address - 0x00F02100 * + **********************************************************************************************************/ +/*! Illegal input pointer */ +#define CC_EC_EDW_INVALID_INPUT_POINTER_ERROR (CC_EC_MONT_EDW_MODULE_ERROR_BASE + 0x00UL) +/*! Illegal input size */ +#define CC_EC_EDW_INVALID_INPUT_SIZE_ERROR (CC_EC_MONT_EDW_MODULE_ERROR_BASE + 0x01UL) +/*! Illegal scalar size */ +#define CC_EC_EDW_INVALID_SCALAR_SIZE_ERROR (CC_EC_MONT_EDW_MODULE_ERROR_BASE + 0x02UL) +/*! Illegal scalar data */ +#define CC_EC_EDW_INVALID_SCALAR_DATA_ERROR (CC_EC_MONT_EDW_MODULE_ERROR_BASE + 0x03UL) +/*! Invalid RND context pointer */ +#define CC_EC_EDW_RND_CONTEXT_PTR_INVALID_ERROR (CC_EC_MONT_EDW_MODULE_ERROR_BASE + 0x04UL) +/*! Invalid RND generate vector functions pointer */ +#define CC_EC_EDW_RND_GEN_VECTOR_FUNC_ERROR (CC_EC_MONT_EDW_MODULE_ERROR_BASE + 0x05UL) +/*! Signing or verification operation failed */ +#define CC_EC_EDW_SIGN_VERIFY_FAILED_ERROR (CC_EC_MONT_EDW_MODULE_ERROR_BASE + 0x20UL) +/*! Illegal input pointer */ +#define CC_EC_MONT_INVALID_INPUT_POINTER_ERROR (CC_EC_MONT_EDW_MODULE_ERROR_BASE + 0x30UL) +/*! Illegal input size */ +#define CC_EC_MONT_INVALID_INPUT_SIZE_ERROR (CC_EC_MONT_EDW_MODULE_ERROR_BASE + 0x31UL) +/*! Illegal domain id */ +#define CC_EC_MONT_INVALID_DOMAIN_ID_ERROR (CC_EC_MONT_EDW_MODULE_ERROR_BASE + 0x32UL) +/*! Internal PKI error */ +#define CC_ECEDW_INTERNAL_ERROR (CC_EC_MONT_EDW_MODULE_ERROR_BASE + 0x33UL) +/*! Internal PKI error */ +#define CC_ECMONT_INTERNAL_ERROR (CC_EC_MONT_EDW_MODULE_ERROR_BASE + 0x34UL) + + +/************************************************************************************************************ + * NOT SUPPORTED MODULES ERROR IDs * + ************************************************************************************************************/ +/*! EC montgomery is not supported */ +#define CC_EC_MONT_IS_NOT_SUPPORTED (CC_ECPKI_MODULE_ERROR_BASE + 0xFEUL) +/*! EC edwards is not supported */ +#define CC_EC_EDW_IS_NOT_SUPPORTED (CC_ECPKI_MODULE_ERROR_BASE + 0xFFUL) + + + +/************************ Enums ********************************/ + +/************************ Typedefs ****************************/ + +/************************ Structs ******************************/ + +/************************ Public Variables **********************/ + +/************************ Public Functions **********************/ + +#ifdef __cplusplus +} +#endif +/** +@} +*/ +#endif//_MBEDTLS_CC_EC_MONT_EDW_ERROR_H diff --git a/include/mbedtls_extra/mbedtls_cc_ecies.h b/include/mbedtls_extra/mbedtls_cc_ecies.h new file mode 100644 index 0000000..0cfb323 --- /dev/null +++ b/include/mbedtls_extra/mbedtls_cc_ecies.h @@ -0,0 +1,181 @@ +/* + * Copyright (c) 2001-2019, Arm Limited and Contributors. All rights reserved. + * + * SPDX-License-Identifier: BSD-3-Clause + */ + +/*! + @addtogroup cc_ecies + @{ +*/ + +/*! + @file mbedtls_cc_ecies.h + + @brief This file contains the CryptoCell Elliptic Curve Integrated Encryption Scheme (ECIES) APIs. + */ + +#ifndef _MBEDTLS_CC_ECIES_H +#define _MBEDTLS_CC_ECIES_H + + +#include "cc_ecpki_types.h" +#include "cc_pal_types_plat.h" +#include "cc_kdf.h" +#include "mbedtls_cc_hkdf.h" +#include "mbedtls/ecp.h" + +#ifdef __cplusplus +extern "C" +{ +#endif +/*! The maximal length of the ECIES cipher in bytes. */ +#define MBEDTLS_ECIES_MAX_CIPHER_LEN_BYTES ((2*CC_ECPKI_MODUL_MAX_LENGTH_IN_WORDS + 1) * sizeof(int)) +/*! The minimal length of the ECIES buffer in bytes. */ +#define MBEDTLS_ECIES_MIN_BUFF_LEN_BYTES (sizeof(CCEciesTempData_t)) + +/*! + @brief A macro for creating and encrypting a secret key. + + For a description of the parameters see ::mbedtls_ecies_kem_encrypt_full. + */ +#define mbedtls_ecies_kem_encrypt(pGrp, pRecipPublKey, kdfDerivMode, kdfHashMode, \ + isSingleHashMode, pSecrKey, secrKeySize, \ + pCipherData, pCipherDataSize, pBuff, buffLen, \ + f_rng, p_rng) \ + mbedtls_ecies_kem_encrypt_full((pGrp), (pRecipPublKey), (kdfDerivMode), (kdfHashMode), \ + (isSingleHashMode), NULL, NULL, (pSecrKey), (secrKeySize), \ + (pCipherData), (pCipherDataSize), (pBuff), (buffLen), \ + f_rng, p_rng) + +/*! + @brief This function creates and encrypts (encapsulates) the secret key of + required size, according to ISO/IEC 18033-2:2006: Information technology + -- Security techniques -- Encryption algorithms -- Part 2: Asymmetric + ciphers, ECIES-KEM Encryption. + + To call this function in applications, the ::mbedtls_ecies_kem_encrypt macro + definition must be used. The function itself has the additional input of the + external ephemeral key pair, used only for testing purposes. + + @note Use KDF2 function mode for compliance with X9.63-2011: Public Key + Cryptography for the Financial Services Industry – Key Agreement and Key + Transport Using Elliptic Curve Cryptography. \par + + @note The term "sender" indicates an entity that creates and + encapsulates the secret key using this function. The term "recipient" + indicates another entity which receives and decrypts the secret key. \par + + @note All public and private keys that are used must relate to the same EC + Domain. \par + + @note The user must verify that the public key of the recipient is + on the elliptic curve before it is used in this function. + + @return CCError_t \c 0 on success. + */ +CCError_t mbedtls_ecies_kem_encrypt_full( + /*! [in] The ECP group to use. */ + mbedtls_ecp_group *pGrp, + /*! [in] A pointer to the public key of the recipient. */ + mbedtls_ecp_point *pRecipUzPublKey, + /*! [in] The KDF function mode to use: KDF1 or KDF2. For more + information, see CCKdfDerivFuncMode_t() in cc_kdf.h. */ + CCKdfDerivFuncMode_t kdfDerivMode, + /*! [in] The used hash function. */ + mbedtls_hkdf_hashmode_t kdfHashMode, + /*! [in] The specific ECIES mode, according to ISO/IEC 18033-2:2006: + Information technology -- Security techniques -- Encryption algorithms + -- Part 2: Asymmetric ciphers - section 10.2: 0: Not-single hash, + or 1: Single hash. */ + uint32_t isSingleHashMode, + /*! [in] A pointer to the ephemeral public key related to the private + key. Must be set to NULL if \p pExtEphUzPrivateKey = NULL. */ + mbedtls_ecp_point *pExtEphUzPublicKey, + /*! [in] The pointer to the external ephemeral private key. This key + is used only for testing the function. In regular use, the pointer + should be set to NULL and then the random key-pair should be generated + internally. */ + mbedtls_mpi *pExtEphUzPrivateKey, + /*! [in] A pointer to the buffer for the secret-key data to be + generated. */ + uint8_t *pSecrKey, + /*! [in] The size of the secret-key data in bytes. */ + size_t secrKeySize, + /*! [in] A pointer to the encrypted cipher text. */ + uint8_t *pCipherData, + /*! [in/out] In: A pointer to the size of the buffer for CipherData + output, or Out: The size of the buffer for CipherData output in + bytes. */ + size_t *pCipherDataSize, + /*! [in] A pointer to the temporary buffer. */ + void *pBuff, + /*! [in] The size of the buffer pointed by \p pBuff. Must not be less + than #MBEDTLS_ECIES_MIN_BUFF_LEN_BYTES. */ + size_t buffLen, + /*! [in] The RNG function required for generating a key pair when + \p pExtEphUzPublicKey and \p pExtEphUzPrivateKey are NULL */ + int (*f_rng)(void *, unsigned char *, size_t), + /*! [in] The RNG parameter. */ + void *p_rng + ); + +/*! + @brief This function decrypts the encapsulated secret key passed by the + sender, according to ISO/IEC 18033-2:2006: Information technology -- + Security techniques -- Encryption algorithms -- Part 2: Asymmetric + ciphers, sec. 10.2.4 - ECIES-KEM Decryption. + + @note The KDF2 function mode must be used for compliance with X9.63-2011: + Public Key Cryptography for the Financial Services Industry – Key Agreement + and Key Transport Using Elliptic Curve Cryptograph. \par + + @note The term "sender" indicates an entity that creates and + encapsulates the secret key using this function. The term "recipient" + indicates another entity which receives and decrypts the secret key. \par + + @note All public and private keys that are used must relate to the same EC + Domain. \par + + @return CCError_t \c 0 on success. + */ +CCError_t mbedtls_ecies_kem_decrypt( + /*! [in] The ECP group to use. */ + mbedtls_ecp_group *pGrp, + /*! [in] A pointer to the private key of the recipient. */ + mbedtls_mpi *pRecipUzPrivKey, + /*! [in] The KDF function mode to use: KDF1 or KDF2. For more + information, see CCKdfDerivFuncMode_t() in cc_kdf.h. */ + CCKdfDerivFuncMode_t kdfDerivMode, + /*! [in] The used hash function. */ + mbedtls_hkdf_hashmode_t kdfHashMode, + /*! [in] The specific ECIES mode definition: 0,1, according to + ISO/IEC 18033-2:2006: Information technology -- Security techniques + -- Encryption algorithms -- Part 2: Asymmetric ciphers - + section 10.2. */ + uint32_t isSingleHashMode, + /*! [in] A pointer to the received encrypted cipher data. */ + uint8_t *pCipherData, + /*! [in] The size of the cipher data in bytes. */ + size_t cipherDataSize, + /*! [in] A pointer to the buffer for the secret-key data to be + generated. */ + uint8_t *pSecrKey, + /*! [in] The size of the secret-key data in bytes. */ + size_t secrKeySize, + /*! [in] A pointer to the temporary buffer. */ + void *pBuff, + /*! [in] The size of the buffer pointed by \p pBuff. Must not be + less than #MBEDTLS_ECIES_MIN_BUFF_LEN_BYTES. */ + size_t buffLen + ); + + +#ifdef __cplusplus +} +#endif + +/*! + @} + */ +#endif diff --git a/include/mbedtls_extra/mbedtls_cc_hkdf.h b/include/mbedtls_extra/mbedtls_cc_hkdf.h new file mode 100644 index 0000000..6c1b7d0 --- /dev/null +++ b/include/mbedtls_extra/mbedtls_cc_hkdf.h @@ -0,0 +1,100 @@ +/* + * Copyright (c) 2001-2019, Arm Limited and Contributors. All rights reserved. + * + * SPDX-License-Identifier: BSD-3-Clause + */ + +/*! + @file + @brief This file contains the CryptoCell HKDF key-derivation function API. + + This function is as defined in + RFC-5869: HMAC-based Extract-and-Expand Key Derivation Function (HKDF). + */ + +/*! + @defgroup cc_hkdf CryptoCell HKDF key-derivation function API + @brief Contains the CryptoCell HMAC key-derivation function API. See mbedtls_cc_hkdf.h. + + @{ + @ingroup cryptocell_api + @} + */ + +#ifndef _MBEDTLS_CC_HKDF_H +#define _MBEDTLS_CC_HKDF_H + + +#ifdef __cplusplus +extern "C" +{ +#endif + +#include "cc_pal_types.h" + +/*! The maximal size of the HKDF key in words. */ +#define CC_HKDF_MAX_HASH_KEY_SIZE_IN_BYTES 512 + +/*! The maximal size of the HKDF hash-digest in Bytes. */ +#define CC_HKDF_MAX_HASH_DIGEST_SIZE_IN_BYTES CC_HASH_SHA512_DIGEST_SIZE_IN_BYTES + +/************************ Defines ******************************/ + +/************************ Enums ********************************/ +/*! Supported HKDF hash modes. */ +typedef enum +{ + /*! SHA-1 mode. */ + CC_HKDF_HASH_SHA1_mode = 0, + /*! SHA-224 mode. */ + CC_HKDF_HASH_SHA224_mode = 1, + /*! SHA-256 mode. */ + CC_HKDF_HASH_SHA256_mode = 2, + /*! SHA-384 mode. */ + CC_HKDF_HASH_SHA384_mode = 3, + /*! SHA-512 mode. */ + CC_HKDF_HASH_SHA512_mode = 4, + /*! The maximal number of hash modes. */ + CC_HKDF_HASH_NumOfModes, + /*! Reserved. */ + CC_HKDF_HASH_OpModeLast = 0x7FFFFFFF, + +}mbedtls_hkdf_hashmode_t; + +/************************ Typedefs ****************************/ + +/************************ Structs ******************************/ + +/************************ Public Variables **********************/ + +/************************ Public Functions **********************/ + +/****************************************************************/ + + +/*********************************************************************************************************/ +/*! + @brief mbedtls_hkdf_key_derivation() performs the HMAC-based key derivation, as define by + RFC-5869: HMAC-based Extract-and-Expand Key Derivation Function (HKDF). + + @return \c CC_OK on success. + @return A non-zero value on failure as defined in cc_kdf_error.h, or in md.h. +*/ +CCError_t mbedtls_hkdf_key_derivation( + mbedtls_hkdf_hashmode_t HKDFhashMode, /*!< [in] The HKDF identifier of the hash function to be used. */ + uint8_t* Salt_ptr, /*!< [in] A pointer to a non-secret random value. Can be NULL. */ + size_t SaltLen, /*!< [in] The size of the \p Salt_ptr. */ + uint8_t* Ikm_ptr, /*!< [in] A pointer to an input key message. */ + uint32_t IkmLen, /*!< [in] The size of the input key message */ + uint8_t* Info, /*!< [in] A pointer to an optional context and application-specific information. Can be NULL */ + uint32_t InfoLen, /*!< [in] The size of the application-specific information. */ + uint8_t* Okm, /*!< [in] A pointer to an output key material. */ + uint32_t OkmLen, /*!< [in] The size of the output key material. */ + CCBool IsStrongKey /*!< [in] If TRUE, no need to perform the extraction phase. */ +); + +#ifdef __cplusplus +} +#endif + +#endif diff --git a/include/mbedtls_extra/mbedtls_cc_hkdf_error.h b/include/mbedtls_extra/mbedtls_cc_hkdf_error.h new file mode 100644 index 0000000..f322c57 --- /dev/null +++ b/include/mbedtls_extra/mbedtls_cc_hkdf_error.h @@ -0,0 +1,60 @@ +/* + * Copyright (c) 2001-2019, Arm Limited and Contributors. All rights reserved. + * + * SPDX-License-Identifier: BSD-3-Clause + */ + +/*! + @file + @brief This file contains the error definitions of the CryptoCell HKDF APIs. + */ + +/*! + @defgroup cc_hkdf_error Specific errors of the HKDF key-derivation APIs + @brief Contains the CryptoCell HKDF-API error definitions. See mbedtls_cc_hkdf_error.h. + @{ + @ingroup cc_hkdf + @} + */ + +#ifndef _MBEDTLS_CC_HKDF_ERROR_H +#define _MBEDTLS_CC_HKDF_ERROR_H + +#include "cc_error.h" + + +#ifdef __cplusplus +extern "C" +{ +#endif + +/************************ Defines *******************************/ + +/* The base address for the CryptoCell HKDF module errors - 0x00F01100. */ +/*! Invalid argument. */ +#define CC_HKDF_INVALID_ARGUMENT_POINTER_ERROR (CC_HKDF_MODULE_ERROR_BASE + 0x0UL) +/*! Invalid argument size. */ +#define CC_HKDF_INVALID_ARGUMENT_SIZE_ERROR (CC_HKDF_MODULE_ERROR_BASE + 0x1UL) +/*! Illegal hash mode. */ +#define CC_HKDF_INVALID_ARGUMENT_HASH_MODE_ERROR (CC_HKDF_MODULE_ERROR_BASE + 0x3UL) +/*! HKDF not supported. */ +#define CC_HKDF_IS_NOT_SUPPORTED (CC_HKDF_MODULE_ERROR_BASE + 0xFFUL) + +/************************ Enums *********************************/ + +/************************ Typedefs *****************************/ + +/************************ Structs ******************************/ + +/************************ Public Variables **********************/ + +/************************ Public Functions **********************/ + + + + +#ifdef __cplusplus +} +#endif + +#endif //_MBEDTLS_CC_HKDF_ERROR_H diff --git a/include/mbedtls_extra/mbedtls_cc_srp.h b/include/mbedtls_extra/mbedtls_cc_srp.h new file mode 100644 index 0000000..7282e17 --- /dev/null +++ b/include/mbedtls_extra/mbedtls_cc_srp.h @@ -0,0 +1,397 @@ +/* + * Copyright (c) 2001-2019, Arm Limited and Contributors. All rights reserved. + * + * SPDX-License-Identifier: BSD-3-Clause + */ + + /*! + @addtogroup cc_srp + @{ + */ + +/*! + @file + @brief This file contains all of the CryptoCell SRP APIs, their enums and + definitions. + */ + +#ifndef _MBEDTLS_CC_SRP_H +#define _MBEDTLS_CC_SRP_H + +#include "cc_pal_types.h" +#include "cc_error.h" +#include "cc_pka_defs_hw.h" +#include "cc_hash_defs.h" +#include "cc_rnd_common.h" + + +#ifdef __cplusplus +extern "C" +{ +#endif + +/*!\internal The following describes the SRP APIs usage for the Device and the Accessory :* + + Device (User) Accessory (Host) +* -------------- ----------------- + + 1. CC_SRP_HK_INIT(CC_SRP_USER, .......) CC_SRP_HK_INIT(CC_SRP_HOST, .....) + + 2. CC_SrpPwdVerCreate(..) + + 3. CC_SrpUserPubKeyCreate(..) CC_SrpHostPubKeyCreate(..) + + 4. CC_SrpUserProofCalc(..) + + 5. CC_SrpHostProofVerifyAndCalc(..) + + 6. CC_SrpUserProofVerify(..) + + 7. CC_SrpClear(..) CC_SrpClear(..) + + */ + +/************************ Defines ******************************/ +/* The SRP modulus sizes. */ +/*! SRP modulus size of 1024 bits. */ +#define CC_SRP_MODULUS_SIZE_1024_BITS 1024 +/*! SRP modulus size of 1536 bits. */ +#define CC_SRP_MODULUS_SIZE_1536_BITS 1536 +/*! SRP modulus size of 2048 bits. */ +#define CC_SRP_MODULUS_SIZE_2048_BITS 2048 +/*! SRP modulus size of 3072 bits. */ +#define CC_SRP_MODULUS_SIZE_3072_BITS 3072 + +/*! The maximal size of the SRP modulus in bits. */ +#define CC_SRP_MAX_MODULUS_IN_BITS CC_SRP_MODULUS_SIZE_3072_BITS +/*! The maximal size of the SRP modulus in bytes. */ +#define CC_SRP_MAX_MODULUS (CC_SRP_MAX_MODULUS_IN_BITS/CC_BITS_IN_BYTE) +/*! The maximal size of the SRP modulus in words. */ +#define CC_SRP_MAX_MODULUS_IN_WORDS (CC_SRP_MAX_MODULUS_IN_BITS/CC_BITS_IN_32BIT_WORD) + +/* SRP private number size range. */ +/*! The minimal size of the SRP private number in bits. */ +#define CC_SRP_PRIV_NUM_MIN_SIZE_IN_BITS (256) +/*! The minimal size of the SRP private number in bytes. */ +#define CC_SRP_PRIV_NUM_MIN_SIZE (CC_SRP_PRIV_NUM_MIN_SIZE_IN_BITS/CC_BITS_IN_BYTE) +/*! The minimal size of the SRP private number in words. */ +#define CC_SRP_PRIV_NUM_MIN_SIZE_IN_WORDS (CC_SRP_PRIV_NUM_MIN_SIZE_IN_BITS/CC_BITS_IN_32BIT_WORD) +/*! The maximal size of the SRP private number in bits. */ +#define CC_SRP_PRIV_NUM_MAX_SIZE_IN_BITS (CC_SRP_MAX_MODULUS_IN_BITS) +/*! The maximal size of the SRP private number in bytes. */ +#define CC_SRP_PRIV_NUM_MAX_SIZE (CC_SRP_PRIV_NUM_MAX_SIZE_IN_BITS/CC_BITS_IN_BYTE) +/*! The maximal size of the SRP private number in words. */ +#define CC_SRP_PRIV_NUM_MAX_SIZE_IN_WORDS (CC_SRP_PRIV_NUM_MAX_SIZE_IN_BITS/CC_BITS_IN_32BIT_WORD) + +/*! The maximal size of the SRP hash digest in words. */ +#define CC_SRP_MAX_DIGEST_IN_WORDS CC_HASH_RESULT_SIZE_IN_WORDS +/*! The maximal size of the SRP hash digest in bytes. */ +#define CC_SRP_MAX_DIGEST (CC_SRP_MAX_DIGEST_IN_WORDS*CC_32BIT_WORD_SIZE) + +/*! The minimal size of the salt in bytes. */ +#define CC_SRP_MIN_SALT_SIZE (8) +/*! The minimal size of the salt in words. */ +#define CC_SRP_MIN_SALT_SIZE_IN_WORDS (CC_SRP_MIN_SALT_SIZE/CC_32BIT_WORD_SIZE) +/*! The maximal size of the salt in bytes. */ +#define CC_SRP_MAX_SALT_SIZE (64) +/*! The maximal size of the salt in words. */ +#define CC_SRP_MAX_SALT_SIZE_IN_WORDS (CC_SRP_MAX_SALT_SIZE/CC_32BIT_WORD_SIZE) + +/************************ Typedefs ****************************/ +/*! The definition of the SRP modulus buffer. */ +typedef uint8_t mbedtls_srp_modulus[CC_SRP_MAX_MODULUS]; + +/*! The definition of the SRP digest buffer. */ +typedef uint8_t mbedtls_srp_digest[CC_SRP_MAX_DIGEST]; + +/*! The definition of the SRP session key. */ +typedef uint8_t mbedtls_srp_sessionKey[2*CC_SRP_MAX_DIGEST]; + +/************************ Enums ********************************/ + +/*! Supported SRP versions. */ +typedef enum { + /*! SRP version 3. */ + CC_SRP_VER_3 = 0, + /*! SRP version 6. */ + CC_SRP_VER_6 = 1, + /*! SRP version 6A. */ + CC_SRP_VER_6A = 2, + /*! SRP version HK. */ + CC_SRP_VER_HK = 3, +/*! The maximal number of supported versions. */ + CC_SRP_NumOfVersions, + /*! Reserved.*/ + CC_SRP_VersionLast= 0x7FFFFFFF, +}mbedtls_srp_version_t; + +/*! SRP entity types. */ +typedef enum { + /*! The host entity, also known as server, verifier, or accessory. */ + CC_SRP_HOST = 1, + /*! The user entity, also known as client, or device. */ + CC_SRP_USER = 2, + /*! The maximal number of entities types. */ + CC_SRP_NumOfEntityType, + /*! Reserved. */ + CC_SRP_EntityLast= 0x7FFFFFFF, +}mbedtls_srp_entity_t; + +/************************ Structs ******************************/ + +/*! + @brief Group parameters for the SRP. + + Defines the modulus and the generator used. + */ +typedef struct mbedtls_srp_group_param { + /*! The SRP modulus. */ + mbedtls_srp_modulus modulus; + /*! The SRP generator. */ + uint8_t gen; + /*! The size of the SRP modulus in bits. */ + size_t modSizeInBits; + /*! The valid SRP Np. */ + uint32_t validNp; + /*! The SRP Np buffer. */ + uint32_t Np[CC_PKA_BARRETT_MOD_TAG_BUFF_SIZE_IN_WORDS]; +}mbedtls_srp_group_param; + +/************************ context Structs ******************************/ +/*! The SRP context prototype */ +typedef struct mbedtls_srp_context { + /*! The SRP entitiy type. */ + mbedtls_srp_entity_t srpType; + /*! The SRP version. */ + mbedtls_srp_version_t srpVer; + /*! The group parameter including the modulus information. */// N, g, Np + mbedtls_srp_group_param groupParam; + /*! The hash mode. */ + CCHashOperationMode_t hashMode; + /*! The hash digest size. */ + size_t hashDigestSize; + /*! The session key size. */ + size_t sessionKeySize; + /*! A pointer to the RND context. */ + CCRndContext_t *pRndCtx; + /*! The modulus. */ // a or b + mbedtls_srp_modulus ephemPriv; + /*! The modulus size. */ + size_t ephemPrivSize; + /*! The user-name digest. */// M + mbedtls_srp_digest userNameDigest; + /*! The cred digest. */ // p + mbedtls_srp_digest credDigest; + /*! The SRP K multiplier. */ // k multiplier + mbedtls_srp_digest kMult; +}mbedtls_srp_context; + + +/************************ SRP common Functions **********************/ +/*****************************************************************************/ +/*! + @brief This function initiates the SRP context. + + @return \c CC_OK on success. + @return A non-zero value on failure as defined in mbedtls_cc_srp_error.h. + */ +CIMPORT_C CCError_t mbedtls_srp_init( + /*! [in] The SRP entity type. */ + mbedtls_srp_entity_t srpType, + /*! [in] The SRP version. */ + mbedtls_srp_version_t srpVer, + /*! [in] A pointer to the SRP modulus, BE Byte buffer. */ + mbedtls_srp_modulus srpModulus, + /*! [in] The SRP generator param. */ + uint8_t srpGen, + /*! [in] The size of the SRP modulus in bits. Valid values are: 1024 + bits, 1536 bits, 2048 bits, or 3072 bits. */ + size_t modSizeInBits, + /*! [in] The hash mode. */ + CCHashOperationMode_t hashMode, + /*! [in] A pointer to the username. */ + uint8_t *pUserName, + /*! [in] The size of the username buffer. Must be larger than 0. */ + size_t userNameSize, + /*! [in] A pointer to the user password. */ + uint8_t *pPwd, + /*! [in] The size of the user-password buffer. Must be larger than 0 + if \p pPwd is valid. */ + size_t pwdSize, + /*! [in] A pointer to the RND context. */ + CCRndContext_t *pRndCtx, + /*! [out] A pointer to the SRP host context. */ + mbedtls_srp_context *pCtx +); + +/*! Macro definition for a specific SRP-initialization function. */ +#define CC_SRP_HK_INIT(srpType, srpModulus, srpGen, modSizeInBits, pUserName, userNameSize, pPwd, pwdSize, pRndCtx, pCtx) \ + mbedtls_srp_init(srpType, CC_SRP_VER_HK, srpModulus, srpGen, modSizeInBits, CC_HASH_SHA512_mode, pUserName, userNameSize, pPwd, pwdSize, pRndCtx, pCtx) + + +/*****************************************************************************/ +/*! + @brief This function calculates \p pSalt and \p pwdVerifier. + + @return \c CC_OK on success. + @return A non-zero value on failure, as defined in mbedtls_cc_srp_error.h, + cc_rnd_error.h. + */ +CIMPORT_C CCError_t mbedtls_srp_pwd_ver_create( + /*! [in] The size of the random salt to generate. The range is between + #CC_SRP_MIN_SALT_SIZE and #CC_SRP_MAX_SALT_SIZE. */ + size_t saltSize, + /*! [out] A pointer to the \p pSalt number (s). */ + uint8_t *pSalt, + /*! [out] A pointer to the password verifier (v). */ + mbedtls_srp_modulus pwdVerifier, + /*! [out] A pointer to the SRP context. */ + mbedtls_srp_context *pCtx +); + + +/*****************************************************************************/ +/*! + @brief This function clears the SRP context. + + @return \c CC_OK on success. + @return A non-zero value on failure, as defined in mbedtls_cc_srp_error.h. + */ +CIMPORT_C CCError_t mbedtls_srp_clear( + /*! [in/out] A pointer to the SRP context. */ + mbedtls_srp_context *pCtx +); + + +/************************ SRP Host Functions **********************/ +/*****************************************************************************/ +/*! + @brief This function generates the public and private host ephemeral keys, + known as B and b in RFC 5054 Using the Secure Remote Password (SRP) + Protocol for TLS Authentication. + + @return \c CC_OK on success. + @return A non-zero value on failure, as defined in mbedtls_cc_srp_error.h or + cc_rnd_error.h. + */ +CIMPORT_C CCError_t mbedtls_srp_host_pub_key_create( + /*! [in] The size of the generated ephemeral private key (b). The range + is between #CC_SRP_PRIV_NUM_MIN_SIZE and #CC_SRP_PRIV_NUM_MAX_SIZE */ + size_t ephemPrivSize, + /*! [in] A pointer to the verifier (v). */ + mbedtls_srp_modulus pwdVerifier, + /*! [out] A pointer to the host ephemeral public key (B). */ + mbedtls_srp_modulus hostPubKeyB, + /*! [in/out] A pointer to the SRP context. */ + mbedtls_srp_context *pCtx +); + + +/*! + @brief This function verifies the user proof, and calculates the host-message + proof. + + @return \c CC_OK on success. + @return A non-zero value on failure, as defined in mbedtls_cc_srp_error.h. + */ +CIMPORT_C CCError_t mbedtls_srp_host_proof_verify_and_calc( + /*! [in] The size of the random salt. The range is between + #CC_SRP_MIN_SALT_SIZE and #CC_SRP_MAX_SALT_SIZE. */ + size_t saltSize, + /*! [in] A pointer to the pSalt number. */ + uint8_t *pSalt, + /*! [in] A pointer to the password verifier (v). */ + mbedtls_srp_modulus pwdVerifier, + /*! [in] A pointer to the ephemeral public key of the user (A). */ + mbedtls_srp_modulus userPubKeyA, + /*! [in] A pointer to the ephemeral public key of the host (B). */ + mbedtls_srp_modulus hostPubKeyB, + /*! [in] A pointer to the SRP user-proof buffer (M1). */ + mbedtls_srp_digest userProof, + /*! [out] A pointer to the SRP host-proof buffer (M2). */ + mbedtls_srp_digest hostProof, + /*! [out] A pointer to the SRP session key (K). */ + mbedtls_srp_sessionKey sessionKey, + /*! [in] A pointer to the SRP context. */ + mbedtls_srp_context *pCtx +); + + + +/************************ SRP User Functions **********************/ +/*****************************************************************************/ +/*! + @brief This function generates public and private user ephemeral keys, known + as A and a in RFC 5054 Using the Secure Remote Password (SRP) Protocol + for TLS Authentication. + + @return \c CC_OK on success. + @return A non-zero value on failure, as defined in mbedtls_cc_srp_error.h or + cc_rnd_error.h. + */ +CIMPORT_C CCError_t mbedtls_srp_user_pub_key_create( + /*! [in] The size of the generated ephemeral private key (a). The range + is between #CC_SRP_PRIV_NUM_MIN_SIZE and #CC_SRP_PRIV_NUM_MAX_SIZE. + The size must be 32 bit aligned */ + size_t ephemPrivSize, + /*! [out] A pointer to the user ephemeral public key (A). */ + mbedtls_srp_modulus userPubKeyA, + /*! [in/out] A pointer to the SRP context. */ + mbedtls_srp_context *pCtx +); + + +/*****************************************************************************/ +/*! + @brief This function calculates the user proof. + + @return \c CC_OK on success. + @return A non-zero value on failure, as defined in mbedtls_cc_srp_error.h. + */ +CIMPORT_C CCError_t mbedtls_srp_user_proof_calc( + /*! [in] The size of the random salt. The range is between + #CC_SRP_MIN_SALT_SIZE and #CC_SRP_MAX_SALT_SIZE. */ + size_t saltSize, + /*! [in] A pointer to the pSalt number. */ + uint8_t *pSalt, + /*! [in] A pointer to the public ephmeral key of the user (A). */ + mbedtls_srp_modulus userPubKeyA, + /*! [in] A pointer to the public ephmeral key of the host (B). */ + mbedtls_srp_modulus hostPubKeyB, + /*! [out] A pointer to the SRP user proof buffer (M1). */ + mbedtls_srp_digest userProof, + /*! [out] A pointer to the SRP session key (K). */ + mbedtls_srp_sessionKey sessionKey, + /*! [out] A pointer to the SRP context. */ + mbedtls_srp_context *pCtx +); + +/*****************************************************************************/ +/*! + @brief This function verifies the host proof. + + @return \c CC_OK on success. + @return A non-zero value on failure, as defined in mbedtls_cc_srp_error.h. + */ +CIMPORT_C CCError_t mbedtls_srp_user_proof_verify( + /*! [in] A pointer to the SRP session key (K). */ + mbedtls_srp_sessionKey sessionKey, + /*! [in] A pointer to the public ephmeral key of the user (A). */ + mbedtls_srp_modulus userPubKeyA, + /*! [in] A pointer to the SRP user proof buffer (M1). */ + mbedtls_srp_digest userProof, + /*! [in] A pointer to the SRP host proof buffer (M2). */ + mbedtls_srp_digest hostProof, + /*! [out] A pointer to the SRP user context. */ + mbedtls_srp_context *pCtx +); + + +#ifdef __cplusplus +} +#endif + +/*! + @} + */ +#endif /* #ifndef _MBEDTLS_CC_SRP_H */ diff --git a/include/mbedtls_extra/mbedtls_cc_srp_error.h b/include/mbedtls_extra/mbedtls_cc_srp_error.h new file mode 100644 index 0000000..9e28780 --- /dev/null +++ b/include/mbedtls_extra/mbedtls_cc_srp_error.h @@ -0,0 +1,62 @@ +/* + * Copyright (c) 2001-2019, Arm Limited and Contributors. All rights reserved. + * + * SPDX-License-Identifier: BSD-3-Clause + */ + +/*! + @addtogroup cc_srp_errors + @{ + */ + +/*! + @file + @brief This file contains the error definitions of the CryptoCell SRP APIs. + */ + + +#ifndef _MBEDTLS_CC_SRP_ERROR_H +#define _MBEDTLS_CC_SRP_ERROR_H + + +#include "cc_error.h" + +#ifdef __cplusplus +extern "C" +{ +#endif + +/************************ Defines ******************************/ + +/* The base address errors of the CryptoCell SRP module - 0x00F02600 */ +/*! Illegal parameter. */ +#define CC_SRP_PARAM_INVALID_ERROR (CC_SRP_MODULE_ERROR_BASE + 0x01UL) +/*! Illegal modulus size. */ +#define CC_SRP_MOD_SIZE_INVALID_ERROR (CC_SRP_MODULE_ERROR_BASE + 0x02UL) +/*! Illegal state (uninitialized) . */ +#define CC_SRP_STATE_UNINITIALIZED_ERROR (CC_SRP_MODULE_ERROR_BASE + 0x03UL) +/*! Result validation error. */ +#define CC_SRP_RESULT_ERROR (CC_SRP_MODULE_ERROR_BASE + 0x04UL) +/*! Invalid parameter. */ +#define CC_SRP_PARAM_ERROR (CC_SRP_MODULE_ERROR_BASE + 0x05UL) +/*! Internal PKI error. */ +#define CC_SRP_INTERNAL_ERROR (CC_SRP_MODULE_ERROR_BASE + 0x06UL) + +/************************ Enums ********************************/ + +/************************ Typedefs ****************************/ + +/************************ Structs *****************************/ + +/************************ Public Variables *********************/ + +/************************ Public Functions *********************/ + +#ifdef __cplusplus +} +#endif + +/*! + @} + */ +#endif //_MBEDTLS_CC_SRP_ERROR_H diff --git a/include/nrf-config-cc310.h b/include/nrf-config-cc310.h new file mode 100644 index 0000000..df0ebe8 --- /dev/null +++ b/include/nrf-config-cc310.h @@ -0,0 +1,3328 @@ +/** + * \file mbedtls_config.h + * + * \brief Configuration options (set of defines) + * + * This set of compile-time options may be used to enable + * or disable features selectively, and reduce the global + * memory footprint. + */ +/* + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +/** + * This is an optional version symbol that enables comatibility handling of + * config files. + * + * It is equal to the #MBEDTLS_VERSION_NUMBER of the Mbed TLS version that + * introduced the config format we want to be compatible with. + */ +//#define MBEDTLS_CONFIG_VERSION 0x03000000 + +/** + * \name SECTION: System support + * + * This section sets system specific settings. + * \{ + */ + +/** + * \def MBEDTLS_HAVE_ASM + * + * The compiler has support for asm(). + * + * Requires support for asm() in compiler. + * + * Used in: + * library/aria.c + * library/bn_mul.h + * + * Required by: + * MBEDTLS_AESNI_C + * MBEDTLS_PADLOCK_C + * + * Comment to disable the use of assembly code. + */ +#define MBEDTLS_HAVE_ASM + +/** + * \def MBEDTLS_NO_UDBL_DIVISION + * + * The platform lacks support for double-width integer division (64-bit + * division on a 32-bit platform, 128-bit division on a 64-bit platform). + * + * Used in: + * include/mbedtls/bignum.h + * library/bignum.c + * + * The bignum code uses double-width division to speed up some operations. + * Double-width division is often implemented in software that needs to + * be linked with the program. The presence of a double-width integer + * type is usually detected automatically through preprocessor macros, + * but the automatic detection cannot know whether the code needs to + * and can be linked with an implementation of division for that type. + * By default division is assumed to be usable if the type is present. + * Uncomment this option to prevent the use of double-width division. + * + * Note that division for the native integer type is always required. + * Furthermore, a 64-bit type is always required even on a 32-bit + * platform, but it need not support multiplication or division. In some + * cases it is also desirable to disable some double-width operations. For + * example, if double-width division is implemented in software, disabling + * it can reduce code size in some embedded targets. + */ +#define MBEDTLS_NO_UDBL_DIVISION + +/** + * \def MBEDTLS_NO_64BIT_MULTIPLICATION + * + * The platform lacks support for 32x32 -> 64-bit multiplication. + * + * Used in: + * library/poly1305.c + * + * Some parts of the library may use multiplication of two unsigned 32-bit + * operands with a 64-bit result in order to speed up computations. On some + * platforms, this is not available in hardware and has to be implemented in + * software, usually in a library provided by the toolchain. + * + * Sometimes it is not desirable to have to link to that library. This option + * removes the dependency of that library on platforms that lack a hardware + * 64-bit multiplier by embedding a software implementation in Mbed TLS. + * + * Note that depending on the compiler, this may decrease performance compared + * to using the library function provided by the toolchain. + */ +//#define MBEDTLS_NO_64BIT_MULTIPLICATION + +/** + * \def MBEDTLS_HAVE_SSE2 + * + * CPU supports SSE2 instruction set. + * + * Uncomment if the CPU supports SSE2 (IA-32 specific). + */ +//#define MBEDTLS_HAVE_SSE2 + +/** + * \def MBEDTLS_HAVE_TIME + * + * System has time.h and time(). + * The time does not need to be correct, only time differences are used, + * by contrast with MBEDTLS_HAVE_TIME_DATE + * + * Defining MBEDTLS_HAVE_TIME allows you to specify MBEDTLS_PLATFORM_TIME_ALT, + * MBEDTLS_PLATFORM_TIME_MACRO, MBEDTLS_PLATFORM_TIME_TYPE_MACRO and + * MBEDTLS_PLATFORM_STD_TIME. + * + * Comment if your system does not support time functions + */ +//#define MBEDTLS_HAVE_TIME + +/** + * \def MBEDTLS_HAVE_TIME_DATE + * + * System has time.h, time(), and an implementation for + * mbedtls_platform_gmtime_r() (see below). + * The time needs to be correct (not necessarily very accurate, but at least + * the date should be correct). This is used to verify the validity period of + * X.509 certificates. + * + * Comment if your system does not have a correct clock. + * + * \note mbedtls_platform_gmtime_r() is an abstraction in platform_util.h that + * behaves similarly to the gmtime_r() function from the C standard. Refer to + * the documentation for mbedtls_platform_gmtime_r() for more information. + * + * \note It is possible to configure an implementation for + * mbedtls_platform_gmtime_r() at compile-time by using the macro + * MBEDTLS_PLATFORM_GMTIME_R_ALT. + */ +//#define MBEDTLS_HAVE_TIME_DATE + +/** + * \def MBEDTLS_PLATFORM_MEMORY + * + * Enable the memory allocation layer. + * + * By default mbed TLS uses the system-provided calloc() and free(). + * This allows different allocators (self-implemented or provided) to be + * provided to the platform abstraction layer. + * + * Enabling MBEDTLS_PLATFORM_MEMORY without the + * MBEDTLS_PLATFORM_{FREE,CALLOC}_MACROs will provide + * "mbedtls_platform_set_calloc_free()" allowing you to set an alternative calloc() and + * free() function pointer at runtime. + * + * Enabling MBEDTLS_PLATFORM_MEMORY and specifying + * MBEDTLS_PLATFORM_{CALLOC,FREE}_MACROs will allow you to specify the + * alternate function at compile time. + * + * Requires: MBEDTLS_PLATFORM_C + * + * Enable this layer to allow use of alternative memory allocators. + */ +#define MBEDTLS_PLATFORM_MEMORY + +/** + * \def MBEDTLS_PLATFORM_NO_STD_FUNCTIONS + * + * Do not assign standard functions in the platform layer (e.g. calloc() to + * MBEDTLS_PLATFORM_STD_CALLOC and printf() to MBEDTLS_PLATFORM_STD_PRINTF) + * + * This makes sure there are no linking errors on platforms that do not support + * these functions. You will HAVE to provide alternatives, either at runtime + * via the platform_set_xxx() functions or at compile time by setting + * the MBEDTLS_PLATFORM_STD_XXX defines, or enabling a + * MBEDTLS_PLATFORM_XXX_MACRO. + * + * Requires: MBEDTLS_PLATFORM_C + * + * Uncomment to prevent default assignment of standard functions in the + * platform layer. + */ +//#define MBEDTLS_PLATFORM_NO_STD_FUNCTIONS + +/** + * \def MBEDTLS_PLATFORM_EXIT_ALT + * + * MBEDTLS_PLATFORM_XXX_ALT: Uncomment a macro to let mbed TLS support the + * function in the platform abstraction layer. + * + * Example: In case you uncomment MBEDTLS_PLATFORM_PRINTF_ALT, mbed TLS will + * provide a function "mbedtls_platform_set_printf()" that allows you to set an + * alternative printf function pointer. + * + * All these define require MBEDTLS_PLATFORM_C to be defined! + * + * \note MBEDTLS_PLATFORM_SNPRINTF_ALT is required on Windows; + * it will be enabled automatically by check_config.h + * + * \warning MBEDTLS_PLATFORM_XXX_ALT cannot be defined at the same time as + * MBEDTLS_PLATFORM_XXX_MACRO! + * + * Requires: MBEDTLS_PLATFORM_TIME_ALT requires MBEDTLS_HAVE_TIME + * + * Uncomment a macro to enable alternate implementation of specific base + * platform function + */ +//#define MBEDTLS_PLATFORM_EXIT_ALT +//#define MBEDTLS_PLATFORM_TIME_ALT +//#define MBEDTLS_PLATFORM_FPRINTF_ALT +//#define MBEDTLS_PLATFORM_PRINTF_ALT +//#define MBEDTLS_PLATFORM_SNPRINTF_ALT +//#define MBEDTLS_PLATFORM_VSNPRINTF_ALT +//#define MBEDTLS_PLATFORM_NV_SEED_ALT +#define MBEDTLS_PLATFORM_SETUP_TEARDOWN_ALT + +/** + * \def MBEDTLS_DEPRECATED_WARNING + * + * Mark deprecated functions and features so that they generate a warning if + * used. Functionality deprecated in one version will usually be removed in the + * next version. You can enable this to help you prepare the transition to a + * new major version by making sure your code is not using this functionality. + * + * This only works with GCC and Clang. With other compilers, you may want to + * use MBEDTLS_DEPRECATED_REMOVED + * + * Uncomment to get warnings on using deprecated functions and features. + */ +//#define MBEDTLS_DEPRECATED_WARNING + +/** + * \def MBEDTLS_DEPRECATED_REMOVED + * + * Remove deprecated functions and features so that they generate an error if + * used. Functionality deprecated in one version will usually be removed in the + * next version. You can enable this to help you prepare the transition to a + * new major version by making sure your code is not using this functionality. + * + * Uncomment to get errors on using deprecated functions and features. + */ +//#define MBEDTLS_DEPRECATED_REMOVED + +/* \} name SECTION: System support */ + +/** + * \name SECTION: mbed TLS feature support + * + * This section sets support for features that are or are not needed + * within the modules that are enabled. + * \{ + */ + +/** + * \def MBEDTLS_TIMING_ALT + * + * Uncomment to provide your own alternate implementation for + * mbedtls_timing_get_timer(), mbedtls_set_alarm(), mbedtls_set/get_delay() + * + * Only works if you have MBEDTLS_TIMING_C enabled. + * + * You will need to provide a header "timing_alt.h" and an implementation at + * compile time. + */ +//#define MBEDTLS_TIMING_ALT + +/** + * \def MBEDTLS_AES_ALT + * + * MBEDTLS__MODULE_NAME__ALT: Uncomment a macro to let mbed TLS use your + * alternate core implementation of a symmetric crypto, an arithmetic or hash + * module (e.g. platform specific assembly optimized implementations). Keep + * in mind that the function prototypes should remain the same. + * + * This replaces the whole module. If you only want to replace one of the + * functions, use one of the MBEDTLS__FUNCTION_NAME__ALT flags. + * + * Example: In case you uncomment MBEDTLS_AES_ALT, mbed TLS will no longer + * provide the "struct mbedtls_aes_context" definition and omit the base + * function declarations and implementations. "aes_alt.h" will be included from + * "aes.h" to include the new function definitions. + * + * Uncomment a macro to enable alternate implementation of the corresponding + * module. + * + * \warning MD5, DES and SHA-1 are considered weak and their + * use constitutes a security risk. If possible, we recommend + * avoiding dependencies on them, and considering stronger message + * digests and ciphers instead. + * + */ +#define MBEDTLS_AES_ALT +//#define MBEDTLS_ARC4_ALT +//#define MBEDTLS_ARIA_ALT +//#define MBEDTLS_CAMELLIA_ALT +#define MBEDTLS_CCM_ALT +#define MBEDTLS_CHACHA20_ALT +#define MBEDTLS_CHACHAPOLY_ALT +#define MBEDTLS_CMAC_ALT +//#define MBEDTLS_DES_ALT +#define MBEDTLS_DHM_ALT +//#define MBEDTLS_ECJPAKE_ALT +//#define MBEDTLS_GCM_ALT +//#define MBEDTLS_NIST_KW_ALT +//#define MBEDTLS_MD5_ALT +#define MBEDTLS_POLY1305_ALT +//#define MBEDTLS_RIPEMD160_ALT +#define MBEDTLS_RSA_ALT +#define MBEDTLS_SHA1_ALT +#define MBEDTLS_SHA256_ALT +//#define MBEDTLS_SHA512_ALT + +/* + * When replacing the elliptic curve module, pleace consider, that it is + * implemented with two .c files: + * - ecp.c + * - ecp_curves.c + * You can replace them very much like all the other MBEDTLS__MODULE_NAME__ALT + * macros as described above. The only difference is that you have to make sure + * that you provide functionality for both .c files. + */ +#define MBEDTLS_ECP_ALT + +/** + * \def MBEDTLS_SHA256_PROCESS_ALT + * + * MBEDTLS__FUNCTION_NAME__ALT: Uncomment a macro to let mbed TLS use you + * alternate core implementation of symmetric crypto or hash function. Keep in + * mind that function prototypes should remain the same. + * + * This replaces only one function. The header file from mbed TLS is still + * used, in contrast to the MBEDTLS__MODULE_NAME__ALT flags. + * + * Example: In case you uncomment MBEDTLS_SHA256_PROCESS_ALT, mbed TLS will + * no longer provide the mbedtls_sha1_process() function, but it will still provide + * the other function (using your mbedtls_sha1_process() function) and the definition + * of mbedtls_sha1_context, so your implementation of mbedtls_sha1_process must be compatible + * with this definition. + * + * \note If you use the AES_xxx_ALT macros, then it is recommended to also set + * MBEDTLS_AES_ROM_TABLES in order to help the linker garbage-collect the AES + * tables. + * + * Uncomment a macro to enable alternate implementation of the corresponding + * function. + * + * \warning MD5, DES and SHA-1 are considered weak and their use + * constitutes a security risk. If possible, we recommend avoiding + * dependencies on them, and considering stronger message digests + * and ciphers instead. + * + * \warning If both MBEDTLS_ECDSA_SIGN_ALT and MBEDTLS_ECDSA_DETERMINISTIC are + * enabled, then the deterministic ECDH signature functions pass the + * the static HMAC-DRBG as RNG to mbedtls_ecdsa_sign(). Therefore + * alternative implementations should use the RNG only for generating + * the ephemeral key and nothing else. If this is not possible, then + * MBEDTLS_ECDSA_DETERMINISTIC should be disabled and an alternative + * implementation should be provided for mbedtls_ecdsa_sign_det_ext(). + * + */ +//#define MBEDTLS_MD5_PROCESS_ALT +//#define MBEDTLS_RIPEMD160_PROCESS_ALT +//#define MBEDTLS_SHA1_PROCESS_ALT +//#define MBEDTLS_SHA256_PROCESS_ALT +//#define MBEDTLS_SHA512_PROCESS_ALT +//#define MBEDTLS_DES_SETKEY_ALT +//#define MBEDTLS_DES_CRYPT_ECB_ALT +//#define MBEDTLS_DES3_CRYPT_ECB_ALT +//#define MBEDTLS_AES_SETKEY_ENC_ALT +//#define MBEDTLS_AES_SETKEY_DEC_ALT +//#define MBEDTLS_AES_ENCRYPT_ALT +//#define MBEDTLS_AES_DECRYPT_ALT +#define MBEDTLS_ECDH_GEN_PUBLIC_ALT +#define MBEDTLS_ECDH_COMPUTE_SHARED_ALT +#define MBEDTLS_ECDSA_VERIFY_ALT +#define MBEDTLS_ECDSA_SIGN_ALT +#define MBEDTLS_ECDSA_GENKEY_ALT + +/** + * \def MBEDTLS_ECP_INTERNAL_ALT + * + * Expose a part of the internal interface of the Elliptic Curve Point module. + * + * MBEDTLS_ECP__FUNCTION_NAME__ALT: Uncomment a macro to let mbed TLS use your + * alternative core implementation of elliptic curve arithmetic. Keep in mind + * that function prototypes should remain the same. + * + * This partially replaces one function. The header file from mbed TLS is still + * used, in contrast to the MBEDTLS_ECP_ALT flag. The original implementation + * is still present and it is used for group structures not supported by the + * alternative. + * + * The original implementation can in addition be removed by setting the + * MBEDTLS_ECP_NO_FALLBACK option, in which case any function for which the + * corresponding MBEDTLS_ECP__FUNCTION_NAME__ALT macro is defined will not be + * able to fallback to curves not supported by the alternative implementation. + * + * Any of these options become available by defining MBEDTLS_ECP_INTERNAL_ALT + * and implementing the following functions: + * unsigned char mbedtls_internal_ecp_grp_capable( + * const mbedtls_ecp_group *grp ) + * int mbedtls_internal_ecp_init( const mbedtls_ecp_group *grp ) + * void mbedtls_internal_ecp_free( const mbedtls_ecp_group *grp ) + * The mbedtls_internal_ecp_grp_capable function should return 1 if the + * replacement functions implement arithmetic for the given group and 0 + * otherwise. + * The functions mbedtls_internal_ecp_init and mbedtls_internal_ecp_free are + * called before and after each point operation and provide an opportunity to + * implement optimized set up and tear down instructions. + * + * Example: In case you set MBEDTLS_ECP_INTERNAL_ALT and + * MBEDTLS_ECP_DOUBLE_JAC_ALT, mbed TLS will still provide the ecp_double_jac() + * function, but will use your mbedtls_internal_ecp_double_jac() if the group + * for the operation is supported by your implementation (i.e. your + * mbedtls_internal_ecp_grp_capable() function returns 1 for this group). If the + * group is not supported by your implementation, then the original mbed TLS + * implementation of ecp_double_jac() is used instead, unless this fallback + * behaviour is disabled by setting MBEDTLS_ECP_NO_FALLBACK (in which case + * ecp_double_jac() will return MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE). + * + * The function prototypes and the definition of mbedtls_ecp_group and + * mbedtls_ecp_point will not change based on MBEDTLS_ECP_INTERNAL_ALT, so your + * implementation of mbedtls_internal_ecp__function_name__ must be compatible + * with their definitions. + * + * Uncomment a macro to enable alternate implementation of the corresponding + * function. + */ +/* Required for all the functions in this section */ +//#define MBEDTLS_ECP_INTERNAL_ALT +/* Turn off software fallback for curves not supported in hardware */ +//#define MBEDTLS_ECP_NO_FALLBACK +/* Support for Weierstrass curves with Jacobi representation */ +//#define MBEDTLS_ECP_RANDOMIZE_JAC_ALT +//#define MBEDTLS_ECP_ADD_MIXED_ALT +//#define MBEDTLS_ECP_DOUBLE_JAC_ALT +//#define MBEDTLS_ECP_NORMALIZE_JAC_MANY_ALT +//#define MBEDTLS_ECP_NORMALIZE_JAC_ALT +/* Support for curves with Montgomery arithmetic */ +//#define MBEDTLS_ECP_DOUBLE_ADD_MXZ_ALT +//#define MBEDTLS_ECP_RANDOMIZE_MXZ_ALT +//#define MBEDTLS_ECP_NORMALIZE_MXZ_ALT + +/** + * \def MBEDTLS_ENTROPY_HARDWARE_ALT + * + * Uncomment this macro to let mbed TLS use your own implementation of a + * hardware entropy collector. + * + * Your function must be called \c mbedtls_hardware_poll(), have the same + * prototype as declared in library/entropy_poll.h, and accept NULL as first + * argument. + * + * Uncomment to use your own hardware entropy collector. + */ +#define MBEDTLS_ENTROPY_HARDWARE_ALT + +/** + * \def MBEDTLS_AES_ROM_TABLES + * + * Use precomputed AES tables stored in ROM. + * + * Uncomment this macro to use precomputed AES tables stored in ROM. + * Comment this macro to generate AES tables in RAM at runtime. + * + * Tradeoff: Using precomputed ROM tables reduces RAM usage by ~8kb + * (or ~2kb if \c MBEDTLS_AES_FEWER_TABLES is used) and reduces the + * initialization time before the first AES operation can be performed. + * It comes at the cost of additional ~8kb ROM use (resp. ~2kb if \c + * MBEDTLS_AES_FEWER_TABLES below is used), and potentially degraded + * performance if ROM access is slower than RAM access. + * + * This option is independent of \c MBEDTLS_AES_FEWER_TABLES. + * + */ +//#define MBEDTLS_AES_ROM_TABLES + +/** + * \def MBEDTLS_AES_FEWER_TABLES + * + * Use less ROM/RAM for AES tables. + * + * Uncommenting this macro omits 75% of the AES tables from + * ROM / RAM (depending on the value of \c MBEDTLS_AES_ROM_TABLES) + * by computing their values on the fly during operations + * (the tables are entry-wise rotations of one another). + * + * Tradeoff: Uncommenting this reduces the RAM / ROM footprint + * by ~6kb but at the cost of more arithmetic operations during + * runtime. Specifically, one has to compare 4 accesses within + * different tables to 4 accesses with additional arithmetic + * operations within the same table. The performance gain/loss + * depends on the system and memory details. + * + * This option is independent of \c MBEDTLS_AES_ROM_TABLES. + * + */ +//#define MBEDTLS_AES_FEWER_TABLES + +/** + * \def MBEDTLS_CAMELLIA_SMALL_MEMORY + * + * Use less ROM for the Camellia implementation (saves about 768 bytes). + * + * Uncomment this macro to use less memory for Camellia. + */ +//#define MBEDTLS_CAMELLIA_SMALL_MEMORY + +/** + * \def MBEDTLS_CHECK_RETURN_WARNING + * + * If this macro is defined, emit a compile-time warning if application code + * calls a function without checking its return value, but the return value + * should generally be checked in portable applications. + * + * This is only supported on platforms where #MBEDTLS_CHECK_RETURN is + * implemented. Otherwise this option has no effect. + * + * Uncomment to get warnings on using fallible functions without checking + * their return value. + * + * \note This feature is a work in progress. + * Warnings will be added to more functions in the future. + * + * \note A few functions are considered critical, and ignoring the return + * value of these functions will trigger a warning even if this + * macro is not defined. To completely disable return value check + * warnings, define #MBEDTLS_CHECK_RETURN with an empty expansion. + */ +//#define MBEDTLS_CHECK_RETURN_WARNING + +/** + * \def MBEDTLS_CIPHER_MODE_CBC + * + * Enable Cipher Block Chaining mode (CBC) for symmetric ciphers. + */ +#define MBEDTLS_CIPHER_MODE_CBC + +/** + * \def MBEDTLS_CIPHER_MODE_CFB + * + * Enable Cipher Feedback mode (CFB) for symmetric ciphers. + */ +#define MBEDTLS_CIPHER_MODE_CFB + +/** + * \def MBEDTLS_CIPHER_MODE_CTR + * + * Enable Counter Block Cipher mode (CTR) for symmetric ciphers. + */ +#define MBEDTLS_CIPHER_MODE_CTR + +/** + * \def MBEDTLS_CIPHER_MODE_OFB + * + * Enable Output Feedback mode (OFB) for symmetric ciphers. + */ +#define MBEDTLS_CIPHER_MODE_OFB + +/** + * \def MBEDTLS_CIPHER_MODE_XTS + * + * Enable Xor-encrypt-xor with ciphertext stealing mode (XTS) for AES. + */ +//#define MBEDTLS_CIPHER_MODE_XTS + +/** + * \def MBEDTLS_CIPHER_NULL_CIPHER + * + * Enable NULL cipher. + * Warning: Only do so when you know what you are doing. This allows for + * encryption or channels without any security! + * + * To enable the following ciphersuites: + * MBEDTLS_TLS_ECDH_ECDSA_WITH_NULL_SHA + * MBEDTLS_TLS_ECDH_RSA_WITH_NULL_SHA + * MBEDTLS_TLS_ECDHE_ECDSA_WITH_NULL_SHA + * MBEDTLS_TLS_ECDHE_RSA_WITH_NULL_SHA + * MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA384 + * MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA256 + * MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA + * MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA384 + * MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA256 + * MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA + * MBEDTLS_TLS_RSA_WITH_NULL_SHA256 + * MBEDTLS_TLS_RSA_WITH_NULL_SHA + * MBEDTLS_TLS_RSA_WITH_NULL_MD5 + * MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA384 + * MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA256 + * MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA + * MBEDTLS_TLS_PSK_WITH_NULL_SHA384 + * MBEDTLS_TLS_PSK_WITH_NULL_SHA256 + * MBEDTLS_TLS_PSK_WITH_NULL_SHA + * + * Uncomment this macro to enable the NULL cipher and ciphersuites + */ +//#define MBEDTLS_CIPHER_NULL_CIPHER + +/** + * \def MBEDTLS_CIPHER_PADDING_PKCS7 + * + * MBEDTLS_CIPHER_PADDING_XXX: Uncomment or comment macros to add support for + * specific padding modes in the cipher layer with cipher modes that support + * padding (e.g. CBC) + * + * If you disable all padding modes, only full blocks can be used with CBC. + * + * Enable padding modes in the cipher layer. + */ +#define MBEDTLS_CIPHER_PADDING_PKCS7 +#define MBEDTLS_CIPHER_PADDING_ONE_AND_ZEROS +#define MBEDTLS_CIPHER_PADDING_ZEROS_AND_LEN +#define MBEDTLS_CIPHER_PADDING_ZEROS + +/** \def MBEDTLS_CTR_DRBG_USE_128_BIT_KEY + * + * Uncomment this macro to use a 128-bit key in the CTR_DRBG module. + * By default, CTR_DRBG uses a 256-bit key. + */ +#define MBEDTLS_CTR_DRBG_USE_128_BIT_KEY + +/** + * \def MBEDTLS_ECP_DP_SECP192R1_ENABLED + * + * MBEDTLS_ECP_XXXX_ENABLED: Enables specific curves within the Elliptic Curve + * module. By default all supported curves are enabled. + * + * Comment macros to disable the curve and functions for it + */ +/* Short Weierstrass curves (supporting ECP, ECDH, ECDSA) */ +#define MBEDTLS_ECP_DP_SECP192R1_ENABLED +#define MBEDTLS_ECP_DP_SECP224R1_ENABLED +#define MBEDTLS_ECP_DP_SECP256R1_ENABLED +#define MBEDTLS_ECP_DP_SECP384R1_ENABLED +#define MBEDTLS_ECP_DP_SECP521R1_ENABLED +#define MBEDTLS_ECP_DP_SECP192K1_ENABLED +#define MBEDTLS_ECP_DP_SECP224K1_ENABLED +#define MBEDTLS_ECP_DP_SECP256K1_ENABLED +#define MBEDTLS_ECP_DP_BP256R1_ENABLED +//#define MBEDTLS_ECP_DP_BP384R1_ENABLED +//#define MBEDTLS_ECP_DP_BP512R1_ENABLED +/* Montgomery curves (supporting ECP) */ +#define MBEDTLS_ECP_DP_CURVE25519_ENABLED +//#define MBEDTLS_ECP_DP_CURVE448_ENABLED + +/** + * \def MBEDTLS_ECP_NIST_OPTIM + * + * Enable specific 'modulo p' routines for each NIST prime. + * Depending on the prime and architecture, makes operations 4 to 8 times + * faster on the corresponding curve. + * + * Comment this macro to disable NIST curves optimisation. + */ +#define MBEDTLS_ECP_NIST_OPTIM + +/** + * \def MBEDTLS_ECP_RESTARTABLE + * + * Enable "non-blocking" ECC operations that can return early and be resumed. + * + * This allows various functions to pause by returning + * #MBEDTLS_ERR_ECP_IN_PROGRESS (or, for functions in the SSL module, + * #MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS) and then be called later again in + * order to further progress and eventually complete their operation. This is + * controlled through mbedtls_ecp_set_max_ops() which limits the maximum + * number of ECC operations a function may perform before pausing; see + * mbedtls_ecp_set_max_ops() for more information. + * + * This is useful in non-threaded environments if you want to avoid blocking + * for too long on ECC (and, hence, X.509 or SSL/TLS) operations. + * + * Uncomment this macro to enable restartable ECC computations. + * + * \note This option only works with the default software implementation of + * elliptic curve functionality. It is incompatible with + * MBEDTLS_ECP_ALT, MBEDTLS_ECDH_XXX_ALT, MBEDTLS_ECDSA_XXX_ALT. + */ +//#define MBEDTLS_ECP_RESTARTABLE + +/** + * \def MBEDTLS_ECDSA_DETERMINISTIC + * + * Enable deterministic ECDSA (RFC 6979). + * Standard ECDSA is "fragile" in the sense that lack of entropy when signing + * may result in a compromise of the long-term signing key. This is avoided by + * the deterministic variant. + * + * Requires: MBEDTLS_HMAC_DRBG_C, MBEDTLS_ECDSA_C + * + * Comment this macro to disable deterministic ECDSA. + */ +#define MBEDTLS_ECDSA_DETERMINISTIC + +/** + * \def MBEDTLS_KEY_EXCHANGE_PSK_ENABLED + * + * Enable the PSK based ciphersuite modes in SSL / TLS. + * + * This enables the following ciphersuites (if other requisites are + * enabled as well): + * MBEDTLS_TLS_PSK_WITH_AES_256_GCM_SHA384 + * MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA384 + * MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA + * MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384 + * MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384 + * MBEDTLS_TLS_PSK_WITH_AES_128_GCM_SHA256 + * MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA256 + * MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA + * MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256 + * MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256 + */ +#define MBEDTLS_KEY_EXCHANGE_PSK_ENABLED + +/** + * \def MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED + * + * Enable the DHE-PSK based ciphersuite modes in SSL / TLS. + * + * Requires: MBEDTLS_DHM_C + * + * This enables the following ciphersuites (if other requisites are + * enabled as well): + * MBEDTLS_TLS_DHE_PSK_WITH_AES_256_GCM_SHA384 + * MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA384 + * MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA + * MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384 + * MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 + * MBEDTLS_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 + * MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256 + * MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA + * MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256 + * MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 + * MBEDTLS_TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA + * MBEDTLS_TLS_DHE_PSK_WITH_RC4_128_SHA + * + * \warning Using DHE constitutes a security risk as it + * is not possible to validate custom DH parameters. + * If possible, it is recommended users should consider + * preferring other methods of key exchange. + * See dhm.h for more details. + * + */ +// #define MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED + +/** + * \def MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED + * + * Enable the ECDHE-PSK based ciphersuite modes in SSL / TLS. + * + * Requires: MBEDTLS_ECDH_C + * + * This enables the following ciphersuites (if other requisites are + * enabled as well): + * MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384 + * MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA + * MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 + * MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256 + * MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA + * MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 + */ +#define MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED + +/** + * \def MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED + * + * Enable the RSA-PSK based ciphersuite modes in SSL / TLS. + * + * Requires: MBEDTLS_RSA_C, MBEDTLS_PKCS1_V15, + * MBEDTLS_X509_CRT_PARSE_C + * + * This enables the following ciphersuites (if other requisites are + * enabled as well): + * MBEDTLS_TLS_RSA_PSK_WITH_AES_256_GCM_SHA384 + * MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA384 + * MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA + * MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384 + * MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384 + * MBEDTLS_TLS_RSA_PSK_WITH_AES_128_GCM_SHA256 + * MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA256 + * MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA + * MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256 + * MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256 + */ +#define MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED + +/** + * \def MBEDTLS_KEY_EXCHANGE_RSA_ENABLED + * + * Enable the RSA-only based ciphersuite modes in SSL / TLS. + * + * Requires: MBEDTLS_RSA_C, MBEDTLS_PKCS1_V15, + * MBEDTLS_X509_CRT_PARSE_C + * + * This enables the following ciphersuites (if other requisites are + * enabled as well): + * MBEDTLS_TLS_RSA_WITH_AES_256_GCM_SHA384 + * MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA256 + * MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA + * MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384 + * MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 + * MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA + * MBEDTLS_TLS_RSA_WITH_AES_128_GCM_SHA256 + * MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA256 + * MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA + * MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256 + * MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 + * MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA + */ +#define MBEDTLS_KEY_EXCHANGE_RSA_ENABLED + +/** + * \def MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED + * + * Enable the DHE-RSA based ciphersuite modes in SSL / TLS. + * + * Requires: MBEDTLS_DHM_C, MBEDTLS_RSA_C, MBEDTLS_PKCS1_V15, + * MBEDTLS_X509_CRT_PARSE_C + * + * This enables the following ciphersuites (if other requisites are + * enabled as well): + * MBEDTLS_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 + * MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 + * MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA + * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384 + * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 + * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA + * MBEDTLS_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 + * MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 + * MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA + * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 + * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 + * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA + * + * \warning Using DHE constitutes a security risk as it + * is not possible to validate custom DH parameters. + * If possible, it is recommended users should consider + * preferring other methods of key exchange. + * See dhm.h for more details. + * + */ +#define MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED + +/** + * \def MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED + * + * Enable the ECDHE-RSA based ciphersuite modes in SSL / TLS. + * + * Requires: MBEDTLS_ECDH_C, MBEDTLS_RSA_C, MBEDTLS_PKCS1_V15, + * MBEDTLS_X509_CRT_PARSE_C + * + * This enables the following ciphersuites (if other requisites are + * enabled as well): + * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 + * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 + * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA + * MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384 + * MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384 + * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 + * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 + * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA + * MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 + * MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 + */ +#define MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED + +/** + * \def MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED + * + * Enable the ECDHE-ECDSA based ciphersuite modes in SSL / TLS. + * + * Requires: MBEDTLS_ECDH_C, MBEDTLS_ECDSA_C, MBEDTLS_X509_CRT_PARSE_C, + * + * This enables the following ciphersuites (if other requisites are + * enabled as well): + * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 + * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 + * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA + * MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384 + * MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 + * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 + * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 + * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA + * MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 + * MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 + */ +#define MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED + +/** + * \def MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED + * + * Enable the ECDH-ECDSA based ciphersuite modes in SSL / TLS. + * + * Requires: MBEDTLS_ECDH_C, MBEDTLS_ECDSA_C, MBEDTLS_X509_CRT_PARSE_C + * + * This enables the following ciphersuites (if other requisites are + * enabled as well): + * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA + * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA + * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 + * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 + * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 + * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 + * MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 + * MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 + * MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 + * MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384 + */ +#define MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED + +/** + * \def MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED + * + * Enable the ECDH-RSA based ciphersuite modes in SSL / TLS. + * + * Requires: MBEDTLS_ECDH_C, MBEDTLS_RSA_C, MBEDTLS_X509_CRT_PARSE_C + * + * This enables the following ciphersuites (if other requisites are + * enabled as well): + * MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA + * MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA + * MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 + * MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 + * MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 + * MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 + * MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256 + * MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384 + * MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256 + * MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384 + */ +#define MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED + +/** + * \def MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED + * + * Enable the ECJPAKE based ciphersuite modes in SSL / TLS. + * + * \warning This is currently experimental. EC J-PAKE support is based on the + * Thread v1.0.0 specification; incompatible changes to the specification + * might still happen. For this reason, this is disabled by default. + * + * Requires: MBEDTLS_ECJPAKE_C + * MBEDTLS_SHA256_C + * MBEDTLS_ECP_DP_SECP256R1_ENABLED + * + * This enables the following ciphersuites (if other requisites are + * enabled as well): + * MBEDTLS_TLS_ECJPAKE_WITH_AES_128_CCM_8 + */ +#define MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED + +/** + * \def MBEDTLS_PK_PARSE_EC_EXTENDED + * + * Enhance support for reading EC keys using variants of SEC1 not allowed by + * RFC 5915 and RFC 5480. + * + * Currently this means parsing the SpecifiedECDomain choice of EC + * parameters (only known groups are supported, not arbitrary domains, to + * avoid validation issues). + * + * Disable if you only need to support RFC 5915 + 5480 key formats. + */ +#define MBEDTLS_PK_PARSE_EC_EXTENDED + +/** + * \def MBEDTLS_ERROR_STRERROR_DUMMY + * + * Enable a dummy error function to make use of mbedtls_strerror() in + * third party libraries easier when MBEDTLS_ERROR_C is disabled + * (no effect when MBEDTLS_ERROR_C is enabled). + * + * You can safely disable this if MBEDTLS_ERROR_C is enabled, or if you're + * not using mbedtls_strerror() or error_strerror() in your application. + * + * Disable if you run into name conflicts and want to really remove the + * mbedtls_strerror() + */ +#define MBEDTLS_ERROR_STRERROR_DUMMY + +/** + * \def MBEDTLS_GENPRIME + * + * Enable the prime-number generation code. + * + * Requires: MBEDTLS_BIGNUM_C + */ +#define MBEDTLS_GENPRIME + +/** + * \def MBEDTLS_FS_IO + * + * Enable functions that use the filesystem. + */ +//#define MBEDTLS_FS_IO + +/** + * \def MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES + * + * Do not add default entropy sources in mbedtls_entropy_init(). + * + * This is useful to have more control over the added entropy sources in an + * application. + * + * Uncomment this macro to prevent loading of default entropy functions. + */ +//#define MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES + +/** + * \def MBEDTLS_NO_PLATFORM_ENTROPY + * + * Do not use built-in platform entropy functions. + * This is useful if your platform does not support + * standards like the /dev/urandom or Windows CryptoAPI. + * + * Uncomment this macro to disable the built-in platform entropy functions. + */ +#define MBEDTLS_NO_PLATFORM_ENTROPY + +/** + * \def MBEDTLS_ENTROPY_FORCE_SHA256 + * + * Force the entropy accumulator to use a SHA-256 accumulator instead of the + * default SHA-512 based one (if both are available). + * + * Requires: MBEDTLS_SHA256_C + * + * On 32-bit systems SHA-256 can be much faster than SHA-512. Use this option + * if you have performance concerns. + * + * This option is only useful if both MBEDTLS_SHA256_C and + * MBEDTLS_SHA512_C are defined. Otherwise the available hash module is used. + */ +#define MBEDTLS_ENTROPY_FORCE_SHA256 + +/** + * \def MBEDTLS_ENTROPY_NV_SEED + * + * Enable the non-volatile (NV) seed file-based entropy source. + * (Also enables the NV seed read/write functions in the platform layer) + * + * This is crucial (if not required) on systems that do not have a + * cryptographic entropy source (in hardware or kernel) available. + * + * Requires: MBEDTLS_ENTROPY_C, MBEDTLS_PLATFORM_C + * + * \note The read/write functions that are used by the entropy source are + * determined in the platform layer, and can be modified at runtime and/or + * compile-time depending on the flags (MBEDTLS_PLATFORM_NV_SEED_*) used. + * + * \note If you use the default implementation functions that read a seedfile + * with regular fopen(), please make sure you make a seedfile with the + * proper name (defined in MBEDTLS_PLATFORM_STD_NV_SEED_FILE) and at + * least MBEDTLS_ENTROPY_BLOCK_SIZE bytes in size that can be read from + * and written to or you will get an entropy source error! The default + * implementation will only use the first MBEDTLS_ENTROPY_BLOCK_SIZE + * bytes from the file. + * + * \note The entropy collector will write to the seed file before entropy is + * given to an external source, to update it. + */ +//#define MBEDTLS_ENTROPY_NV_SEED + +/* MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER + * + * Enable key identifiers that encode a key owner identifier. + * + * The owner of a key is identified by a value of type ::mbedtls_key_owner_id_t + * which is currently hard-coded to be int32_t. + * + * Note that this option is meant for internal use only and may be removed + * without notice. It is incompatible with MBEDTLS_USE_PSA_CRYPTO. + */ +//#define MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER + +/** + * \def MBEDTLS_MEMORY_DEBUG + * + * Enable debugging of buffer allocator memory issues. Automatically prints + * (to stderr) all (fatal) messages on memory allocation issues. Enables + * function for 'debug output' of allocated memory. + * + * Requires: MBEDTLS_MEMORY_BUFFER_ALLOC_C + * + * Uncomment this macro to let the buffer allocator print out error messages. + */ +//#define MBEDTLS_MEMORY_DEBUG + +/** + * \def MBEDTLS_MEMORY_BACKTRACE + * + * Include backtrace information with each allocated block. + * + * Requires: MBEDTLS_MEMORY_BUFFER_ALLOC_C + * GLIBC-compatible backtrace() an backtrace_symbols() support + * + * Uncomment this macro to include backtrace information + */ +//#define MBEDTLS_MEMORY_BACKTRACE + +/** + * \def MBEDTLS_PK_RSA_ALT_SUPPORT + * + * Support external private RSA keys (eg from a HSM) in the PK layer. + * + * Comment this macro to disable support for external private RSA keys. + */ +//#define MBEDTLS_PK_RSA_ALT_SUPPORT + +/** + * \def MBEDTLS_PKCS1_V15 + * + * Enable support for PKCS#1 v1.5 encoding. + * + * Requires: MBEDTLS_RSA_C + * + * This enables support for PKCS#1 v1.5 operations. + */ +#define MBEDTLS_PKCS1_V15 + +/** + * \def MBEDTLS_PKCS1_V21 + * + * Enable support for PKCS#1 v2.1 encoding. + * + * Requires: MBEDTLS_MD_C, MBEDTLS_RSA_C + * + * This enables support for RSAES-OAEP and RSASSA-PSS operations. + */ +#define MBEDTLS_PKCS1_V21 + +/** \def MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS + * + * Enable support for platform built-in keys. If you enable this feature, + * you must implement the function mbedtls_psa_platform_get_builtin_key(). + * See the documentation of that function for more information. + * + * Built-in keys are typically derived from a hardware unique key or + * stored in a secure element. + * + * Requires: MBEDTLS_PSA_CRYPTO_C. + * + * \warning This interface is experimental and may change or be removed + * without notice. + */ +//#define MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS + +/** \def MBEDTLS_PSA_CRYPTO_CLIENT + * + * Enable support for PSA crypto client. + * + * \note This option allows to include the code necessary for a PSA + * crypto client when the PSA crypto implementation is not included in + * the library (MBEDTLS_PSA_CRYPTO_C disabled). The code included is the + * code to set and get PSA key attributes. + * The development of PSA drivers partially relying on the library to + * fulfill the hardware gaps is another possible usage of this option. + * + * \warning This interface is experimental and may change or be removed + * without notice. + */ +//#define MBEDTLS_PSA_CRYPTO_CLIENT + +/** \def MBEDTLS_PSA_CRYPTO_DRIVERS + * + * Enable support for the experimental PSA crypto driver interface. + * + * Requires: MBEDTLS_PSA_CRYPTO_C + * + * \warning This interface is experimental and may change or be removed + * without notice. + */ +//#define MBEDTLS_PSA_CRYPTO_DRIVERS + +/** \def MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG + * + * Make the PSA Crypto module use an external random generator provided + * by a driver, instead of Mbed TLS's entropy and DRBG modules. + * + * \note This random generator must deliver random numbers with cryptographic + * quality and high performance. It must supply unpredictable numbers + * with a uniform distribution. The implementation of this function + * is responsible for ensuring that the random generator is seeded + * with sufficient entropy. If you have a hardware TRNG which is slow + * or delivers non-uniform output, declare it as an entropy source + * with mbedtls_entropy_add_source() instead of enabling this option. + * + * If you enable this option, you must configure the type + * ::mbedtls_psa_external_random_context_t in psa/crypto_platform.h + * and define a function called mbedtls_psa_external_get_random() + * with the following prototype: + * ``` + * psa_status_t mbedtls_psa_external_get_random( + * mbedtls_psa_external_random_context_t *context, + * uint8_t *output, size_t output_size, size_t *output_length); + * ); + * ``` + * The \c context value is initialized to 0 before the first call. + * The function must fill the \c output buffer with \p output_size bytes + * of random data and set \c *output_length to \p output_size. + * + * Requires: MBEDTLS_PSA_CRYPTO_C + * + * \warning If you enable this option, code that uses the PSA cryptography + * interface will not use any of the entropy sources set up for + * the entropy module, nor the NV seed that MBEDTLS_ENTROPY_NV_SEED + * enables. + * + * \note This option is experimental and may be removed without notice. + */ +//#define MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG + +/** + * \def MBEDTLS_PSA_CRYPTO_SPM + * + * When MBEDTLS_PSA_CRYPTO_SPM is defined, the code is built for SPM (Secure + * Partition Manager) integration which separates the code into two parts: a + * NSPE (Non-Secure Process Environment) and an SPE (Secure Process + * Environment). + * + * Module: library/psa_crypto.c + * Requires: MBEDTLS_PSA_CRYPTO_C + * + */ +//#define MBEDTLS_PSA_CRYPTO_SPM + +/** + * \def MBEDTLS_PSA_INJECT_ENTROPY + * + * Enable support for entropy injection at first boot. This feature is + * required on systems that do not have a built-in entropy source (TRNG). + * This feature is currently not supported on systems that have a built-in + * entropy source. + * + * Requires: MBEDTLS_PSA_CRYPTO_STORAGE_C, MBEDTLS_ENTROPY_NV_SEED + * + */ +//#define MBEDTLS_PSA_INJECT_ENTROPY + +/** + * \def MBEDTLS_RSA_NO_CRT + * + * Do not use the Chinese Remainder Theorem + * for the RSA private operation. + * + * Uncomment this macro to disable the use of CRT in RSA. + * + */ +//#define MBEDTLS_RSA_NO_CRT + +/** + * \def MBEDTLS_SELF_TEST + * + * Enable the checkup functions (*_self_test). + */ +//#define MBEDTLS_SELF_TEST + +/** + * \def MBEDTLS_SHA256_SMALLER + * + * Enable an implementation of SHA-256 that has lower ROM footprint but also + * lower performance. + * + * The default implementation is meant to be a reasonnable compromise between + * performance and size. This version optimizes more aggressively for size at + * the expense of performance. Eg on Cortex-M4 it reduces the size of + * mbedtls_sha256_process() from ~2KB to ~0.5KB for a performance hit of about + * 30%. + * + * Uncomment to enable the smaller implementation of SHA256. + */ +//#define MBEDTLS_SHA256_SMALLER + +/** + * \def MBEDTLS_SHA512_SMALLER + * + * Enable an implementation of SHA-512 that has lower ROM footprint but also + * lower performance. + * + * Uncomment to enable the smaller implementation of SHA512. + */ +//#define MBEDTLS_SHA512_SMALLER + +/** + * \def MBEDTLS_SSL_ALL_ALERT_MESSAGES + * + * Enable sending of alert messages in case of encountered errors as per RFC. + * If you choose not to send the alert messages, mbed TLS can still communicate + * with other servers, only debugging of failures is harder. + * + * The advantage of not sending alert messages, is that no information is given + * about reasons for failures thus preventing adversaries of gaining intel. + * + * Enable sending of all alert messages + */ +#define MBEDTLS_SSL_ALL_ALERT_MESSAGES + +/** + * \def MBEDTLS_SSL_DTLS_CONNECTION_ID + * + * Enable support for the DTLS Connection ID extension + * (version draft-ietf-tls-dtls-connection-id-05, + * https://tools.ietf.org/html/draft-ietf-tls-dtls-connection-id-05) + * which allows to identify DTLS connections across changes + * in the underlying transport. + * + * Setting this option enables the SSL APIs `mbedtls_ssl_set_cid()`, + * `mbedtls_ssl_get_peer_cid()` and `mbedtls_ssl_conf_cid()`. + * See the corresponding documentation for more information. + * + * \warning The Connection ID extension is still in draft state. + * We make no stability promises for the availability + * or the shape of the API controlled by this option. + * + * The maximum lengths of outgoing and incoming CIDs can be configured + * through the options + * - MBEDTLS_SSL_CID_OUT_LEN_MAX + * - MBEDTLS_SSL_CID_IN_LEN_MAX. + * + * Requires: MBEDTLS_SSL_PROTO_DTLS + * + * Uncomment to enable the Connection ID extension. + */ +//#define MBEDTLS_SSL_DTLS_CONNECTION_ID + +/** + * \def MBEDTLS_SSL_ASYNC_PRIVATE + * + * Enable asynchronous external private key operations in SSL. This allows + * you to configure an SSL connection to call an external cryptographic + * module to perform private key operations instead of performing the + * operation inside the library. + * + */ +//#define MBEDTLS_SSL_ASYNC_PRIVATE + +/** + * \def MBEDTLS_SSL_CONTEXT_SERIALIZATION + * + * Enable serialization of the TLS context structures, through use of the + * functions mbedtls_ssl_context_save() and mbedtls_ssl_context_load(). + * + * This pair of functions allows one side of a connection to serialize the + * context associated with the connection, then free or re-use that context + * while the serialized state is persisted elsewhere, and finally deserialize + * that state to a live context for resuming read/write operations on the + * connection. From a protocol perspective, the state of the connection is + * unaffected, in particular this is entirely transparent to the peer. + * + * Note: this is distinct from TLS session resumption, which is part of the + * protocol and fully visible by the peer. TLS session resumption enables + * establishing new connections associated to a saved session with shorter, + * lighter handshakes, while context serialization is a local optimization in + * handling a single, potentially long-lived connection. + * + * Enabling these APIs makes some SSL structures larger, as 64 extra bytes are + * saved after the handshake to allow for more efficient serialization, so if + * you don't need this feature you'll save RAM by disabling it. + * + * Comment to disable the context serialization APIs. + */ +#define MBEDTLS_SSL_CONTEXT_SERIALIZATION + +/** + * \def MBEDTLS_SSL_DEBUG_ALL + * + * Enable the debug messages in SSL module for all issues. + * Debug messages have been disabled in some places to prevent timing + * attacks due to (unbalanced) debugging function calls. + * + * If you need all error reporting you should enable this during debugging, + * but remove this for production servers that should log as well. + * + * Uncomment this macro to report all debug messages on errors introducing + * a timing side-channel. + * + */ +//#define MBEDTLS_SSL_DEBUG_ALL + +/** \def MBEDTLS_SSL_ENCRYPT_THEN_MAC + * + * Enable support for Encrypt-then-MAC, RFC 7366. + * + * This allows peers that both support it to use a more robust protection for + * ciphersuites using CBC, providing deep resistance against timing attacks + * on the padding or underlying cipher. + * + * This only affects CBC ciphersuites, and is useless if none is defined. + * + * Requires: MBEDTLS_SSL_PROTO_TLS1_2 + * + * Comment this macro to disable support for Encrypt-then-MAC + */ +#define MBEDTLS_SSL_ENCRYPT_THEN_MAC + +/** \def MBEDTLS_SSL_EXTENDED_MASTER_SECRET + * + * Enable support for RFC 7627: Session Hash and Extended Master Secret + * Extension. + * + * This was introduced as "the proper fix" to the Triple Handshake familiy of + * attacks, but it is recommended to always use it (even if you disable + * renegotiation), since it actually fixes a more fundamental issue in the + * original SSL/TLS design, and has implications beyond Triple Handshake. + * + * Requires: MBEDTLS_SSL_PROTO_TLS1_2 + * + * Comment this macro to disable support for Extended Master Secret. + */ +#define MBEDTLS_SSL_EXTENDED_MASTER_SECRET + +/** + * \def MBEDTLS_SSL_KEEP_PEER_CERTIFICATE + * + * This option controls the availability of the API mbedtls_ssl_get_peer_cert() + * giving access to the peer's certificate after completion of the handshake. + * + * Unless you need mbedtls_ssl_peer_cert() in your application, it is + * recommended to disable this option for reduced RAM usage. + * + * \note If this option is disabled, mbedtls_ssl_get_peer_cert() is still + * defined, but always returns \c NULL. + * + * \note This option has no influence on the protection against the + * triple handshake attack. Even if it is disabled, Mbed TLS will + * still ensure that certificates do not change during renegotiation, + * for exaple by keeping a hash of the peer's certificate. + * + * Comment this macro to disable storing the peer's certificate + * after the handshake. + */ +#define MBEDTLS_SSL_KEEP_PEER_CERTIFICATE + +/** + * \def MBEDTLS_SSL_RENEGOTIATION + * + * Enable support for TLS renegotiation. + * + * The two main uses of renegotiation are (1) refresh keys on long-lived + * connections and (2) client authentication after the initial handshake. + * If you don't need renegotiation, it's probably better to disable it, since + * it has been associated with security issues in the past and is easy to + * misuse/misunderstand. + * + * Comment this to disable support for renegotiation. + * + * \note Even if this option is disabled, both client and server are aware + * of the Renegotiation Indication Extension (RFC 5746) used to + * prevent the SSL renegotiation attack (see RFC 5746 Sect. 1). + * (See \c mbedtls_ssl_conf_legacy_renegotiation for the + * configuration of this extension). + * + */ +#define MBEDTLS_SSL_RENEGOTIATION + +/** + * \def MBEDTLS_SSL_MAX_FRAGMENT_LENGTH + * + * Enable support for RFC 6066 max_fragment_length extension in SSL. + * + * Comment this macro to disable support for the max_fragment_length extension + */ +#define MBEDTLS_SSL_MAX_FRAGMENT_LENGTH + +/** + * \def MBEDTLS_SSL_PROTO_TLS1_2 + * + * Enable support for TLS 1.2 (and DTLS 1.2 if DTLS is enabled). + * + * Requires: MBEDTLS_SHA1_C or MBEDTLS_SHA256_C or MBEDTLS_SHA512_C + * (Depends on ciphersuites) + * + * Comment this macro to disable support for TLS 1.2 / DTLS 1.2 + */ +#define MBEDTLS_SSL_PROTO_TLS1_2 + +/** + * \def MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL + * + * This macro is used to selectively enable experimental parts + * of the code that contribute to the ongoing development of + * the prototype TLS 1.3 and DTLS 1.3 implementation, and provide + * no other purpose. + * + * \warning TLS 1.3 and DTLS 1.3 aren't yet supported in Mbed TLS, + * and no feature exposed through this macro is part of the + * public API. In particular, features under the control + * of this macro are experimental and don't come with any + * stability guarantees. + * + * Uncomment this macro to enable experimental and partial + * functionality specific to TLS 1.3. + */ +//#define MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL + +/** + * \def MBEDTLS_SSL_PROTO_DTLS + * + * Enable support for DTLS (all available versions). + * + * Enable this and MBEDTLS_SSL_PROTO_TLS1_2 to enable DTLS 1.2. + * + * Requires: MBEDTLS_SSL_PROTO_TLS1_2 + * + * Comment this macro to disable support for DTLS + */ +#define MBEDTLS_SSL_PROTO_DTLS + +/** + * \def MBEDTLS_SSL_ALPN + * + * Enable support for RFC 7301 Application Layer Protocol Negotiation. + * + * Comment this macro to disable support for ALPN. + */ +#define MBEDTLS_SSL_ALPN + +/** + * \def MBEDTLS_SSL_DTLS_ANTI_REPLAY + * + * Enable support for the anti-replay mechanism in DTLS. + * + * Requires: MBEDTLS_SSL_TLS_C + * MBEDTLS_SSL_PROTO_DTLS + * + * \warning Disabling this is often a security risk! + * See mbedtls_ssl_conf_dtls_anti_replay() for details. + * + * Comment this to disable anti-replay in DTLS. + */ +#define MBEDTLS_SSL_DTLS_ANTI_REPLAY + +/** + * \def MBEDTLS_SSL_DTLS_HELLO_VERIFY + * + * Enable support for HelloVerifyRequest on DTLS servers. + * + * This feature is highly recommended to prevent DTLS servers being used as + * amplifiers in DoS attacks against other hosts. It should always be enabled + * unless you know for sure amplification cannot be a problem in the + * environment in which your server operates. + * + * \warning Disabling this can ba a security risk! (see above) + * + * Requires: MBEDTLS_SSL_PROTO_DTLS + * + * Comment this to disable support for HelloVerifyRequest. + */ +#define MBEDTLS_SSL_DTLS_HELLO_VERIFY + +/** + * \def MBEDTLS_SSL_DTLS_SRTP + * + * Enable support for negotiation of DTLS-SRTP (RFC 5764) + * through the use_srtp extension. + * + * \note This feature provides the minimum functionality required + * to negotiate the use of DTLS-SRTP and to allow the derivation of + * the associated SRTP packet protection key material. + * In particular, the SRTP packet protection itself, as well as the + * demultiplexing of RTP and DTLS packets at the datagram layer + * (see Section 5 of RFC 5764), are not handled by this feature. + * Instead, after successful completion of a handshake negotiating + * the use of DTLS-SRTP, the extended key exporter API + * mbedtls_ssl_conf_export_keys_cb() should be used to implement + * the key exporter described in Section 4.2 of RFC 5764 and RFC 5705 + * (this is implemented in the SSL example programs). + * The resulting key should then be passed to an SRTP stack. + * + * Setting this option enables the runtime API + * mbedtls_ssl_conf_dtls_srtp_protection_profiles() + * through which the supported DTLS-SRTP protection + * profiles can be configured. You must call this API at + * runtime if you wish to negotiate the use of DTLS-SRTP. + * + * Requires: MBEDTLS_SSL_PROTO_DTLS + * + * Uncomment this to enable support for use_srtp extension. + */ +//#define MBEDTLS_SSL_DTLS_SRTP + +/** + * \def MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE + * + * Enable server-side support for clients that reconnect from the same port. + * + * Some clients unexpectedly close the connection and try to reconnect using the + * same source port. This needs special support from the server to handle the + * new connection securely, as described in section 4.2.8 of RFC 6347. This + * flag enables that support. + * + * Requires: MBEDTLS_SSL_DTLS_HELLO_VERIFY + * + * Comment this to disable support for clients reusing the source port. + */ +#define MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE + +/** + * \def MBEDTLS_SSL_SESSION_TICKETS + * + * Enable support for RFC 5077 session tickets in SSL. + * Client-side, provides full support for session tickets (maintenance of a + * session store remains the responsibility of the application, though). + * Server-side, you also need to provide callbacks for writing and parsing + * tickets, including authenticated encryption and key management. Example + * callbacks are provided by MBEDTLS_SSL_TICKET_C. + * + * Comment this macro to disable support for SSL session tickets + */ +#define MBEDTLS_SSL_SESSION_TICKETS + +/** + * \def MBEDTLS_SSL_SERVER_NAME_INDICATION + * + * Enable support for RFC 6066 server name indication (SNI) in SSL. + * + * Requires: MBEDTLS_X509_CRT_PARSE_C + * + * Comment this macro to disable support for server name indication in SSL + */ +#define MBEDTLS_SSL_SERVER_NAME_INDICATION + +/** + * \def MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH + * + * When this option is enabled, the SSL buffer will be resized automatically + * based on the negotiated maximum fragment length in each direction. + * + * Requires: MBEDTLS_SSL_MAX_FRAGMENT_LENGTH + */ +//#define MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH + +/** + * \def MBEDTLS_TEST_CONSTANT_FLOW_MEMSAN + * + * Enable testing of the constant-flow nature of some sensitive functions with + * clang's MemorySanitizer. This causes some existing tests to also test + * this non-functional property of the code under test. + * + * This setting requires compiling with clang -fsanitize=memory. The test + * suites can then be run normally. + * + * \warning This macro is only used for extended testing; it is not considered + * part of the library's API, so it may change or disappear at any time. + * + * Uncomment to enable testing of the constant-flow nature of selected code. + */ +//#define MBEDTLS_TEST_CONSTANT_FLOW_MEMSAN + +/** + * \def MBEDTLS_TEST_CONSTANT_FLOW_VALGRIND + * + * Enable testing of the constant-flow nature of some sensitive functions with + * valgrind's memcheck tool. This causes some existing tests to also test + * this non-functional property of the code under test. + * + * This setting requires valgrind headers for building, and is only useful for + * testing if the tests suites are run with valgrind's memcheck. This can be + * done for an individual test suite with 'valgrind ./test_suite_xxx', or when + * using CMake, this can be done for all test suites with 'make memcheck'. + * + * \warning This macro is only used for extended testing; it is not considered + * part of the library's API, so it may change or disappear at any time. + * + * Uncomment to enable testing of the constant-flow nature of selected code. + */ +//#define MBEDTLS_TEST_CONSTANT_FLOW_VALGRIND + +/** + * \def MBEDTLS_TEST_HOOKS + * + * Enable features for invasive testing such as introspection functions and + * hooks for fault injection. This enables additional unit tests. + * + * Merely enabling this feature should not change the behavior of the product. + * It only adds new code, and new branching points where the default behavior + * is the same as when this feature is disabled. + * However, this feature increases the attack surface: there is an added + * risk of vulnerabilities, and more gadgets that can make exploits easier. + * Therefore this feature must never be enabled in production. + * + * See `docs/architecture/testing/mbed-crypto-invasive-testing.md` for more + * information. + * + * Uncomment to enable invasive tests. + */ +//#define MBEDTLS_TEST_HOOKS + +/** + * \def MBEDTLS_THREADING_ALT + * + * Provide your own alternate threading implementation. + * + * Requires: MBEDTLS_THREADING_C + * + * Uncomment this to allow your own alternate threading implementation. + */ +#define MBEDTLS_THREADING_ALT + +/** + * \def MBEDTLS_THREADING_PTHREAD + * + * Enable the pthread wrapper layer for the threading layer. + * + * Requires: MBEDTLS_THREADING_C + * + * Uncomment this to enable pthread mutexes. + */ +//#define MBEDTLS_THREADING_PTHREAD + +/** + * \def MBEDTLS_USE_PSA_CRYPTO + * + * Make the X.509 and TLS library use PSA for cryptographic operations, and + * enable new APIs for using keys handled by PSA Crypto. + * + * \note Development of this option is currently in progress, and parts of Mbed + * TLS's X.509 and TLS modules are not ported to PSA yet. However, these parts + * will still continue to work as usual, so enabling this option should not + * break backwards compatibility. + * + * \note See docs/use-psa-crypto.md for a complete description of what this + * option currently does, and of parts that are not affected by it so far. + * + * \warning This option enables new Mbed TLS APIs which are currently + * considered experimental and may change in incompatible ways at any time. + * That is, the APIs enabled by this option are not covered by the usual + * promises of API stability. + * + * Requires: MBEDTLS_PSA_CRYPTO_C. + * + * Uncomment this to enable internal use of PSA Crypto and new associated APIs. + */ +//#define MBEDTLS_USE_PSA_CRYPTO + +/** + * \def MBEDTLS_PSA_CRYPTO_CONFIG + * + * This setting allows support for cryptographic mechanisms through the PSA + * API to be configured separately from support through the mbedtls API. + * + * Uncomment this to enable use of PSA Crypto configuration settings which + * can be found in include/psa/crypto_config.h. + * + * This feature is still experimental and is not ready for production since + * it is not completed. + */ +//#define MBEDTLS_PSA_CRYPTO_CONFIG + +/** + * \def MBEDTLS_VERSION_FEATURES + * + * Allow run-time checking of compile-time enabled features. Thus allowing users + * to check at run-time if the library is for instance compiled with threading + * support via mbedtls_version_check_feature(). + * + * Requires: MBEDTLS_VERSION_C + * + * Comment this to disable run-time checking and save ROM space + */ +#define MBEDTLS_VERSION_FEATURES + +/** + * \def MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK + * + * If set, this enables the X.509 API `mbedtls_x509_crt_verify_with_ca_cb()` + * and the SSL API `mbedtls_ssl_conf_ca_cb()` which allow users to configure + * the set of trusted certificates through a callback instead of a linked + * list. + * + * This is useful for example in environments where a large number of trusted + * certificates is present and storing them in a linked list isn't efficient + * enough, or when the set of trusted certificates changes frequently. + * + * See the documentation of `mbedtls_x509_crt_verify_with_ca_cb()` and + * `mbedtls_ssl_conf_ca_cb()` for more information. + * + * Uncomment to enable trusted certificate callbacks. + */ +//#define MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK + +/** + * \def MBEDTLS_X509_REMOVE_INFO + * + * Disable mbedtls_x509_*_info() and related APIs. + * + * Uncomment to omit mbedtls_x509_*_info(), as well as mbedtls_debug_print_crt() + * and other functions/constants only used by these functions, thus reducing + * the code footprint by several KB. + */ +//#define MBEDTLS_X509_REMOVE_INFO + +/** + * \def MBEDTLS_X509_RSASSA_PSS_SUPPORT + * + * Enable parsing and verification of X.509 certificates, CRLs and CSRS + * signed with RSASSA-PSS (aka PKCS#1 v2.1). + * + * Comment this macro to disallow using RSASSA-PSS in certificates. + */ +#define MBEDTLS_X509_RSASSA_PSS_SUPPORT +/* \} name SECTION: mbed TLS feature support */ + +/** + * \name SECTION: mbed TLS modules + * + * This section enables or disables entire modules in mbed TLS + * \{ + */ + +/** + * \def MBEDTLS_AESNI_C + * + * Enable AES-NI support on x86-64. + * + * Module: library/aesni.c + * Caller: library/aes.c + * + * Requires: MBEDTLS_HAVE_ASM + * + * This modules adds support for the AES-NI instructions on x86-64 + */ +#define MBEDTLS_AESNI_C + +/** + * \def MBEDTLS_AES_C + * + * Enable the AES block cipher. + * + * Module: library/aes.c + * Caller: library/cipher.c + * library/pem.c + * library/ctr_drbg.c + * + * This module enables the following ciphersuites (if other requisites are + * enabled as well): + * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA + * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA + * MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA + * MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA + * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 + * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 + * MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 + * MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 + * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 + * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 + * MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 + * MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 + * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 + * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 + * MBEDTLS_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 + * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 + * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 + * MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 + * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA + * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA + * MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA + * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 + * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 + * MBEDTLS_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 + * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 + * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 + * MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 + * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA + * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA + * MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA + * MBEDTLS_TLS_DHE_PSK_WITH_AES_256_GCM_SHA384 + * MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384 + * MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA384 + * MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA + * MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA + * MBEDTLS_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 + * MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256 + * MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256 + * MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA + * MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA + * MBEDTLS_TLS_RSA_WITH_AES_256_GCM_SHA384 + * MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA256 + * MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA + * MBEDTLS_TLS_RSA_WITH_AES_128_GCM_SHA256 + * MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA256 + * MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA + * MBEDTLS_TLS_RSA_PSK_WITH_AES_256_GCM_SHA384 + * MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA384 + * MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA + * MBEDTLS_TLS_RSA_PSK_WITH_AES_128_GCM_SHA256 + * MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA256 + * MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA + * MBEDTLS_TLS_PSK_WITH_AES_256_GCM_SHA384 + * MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA384 + * MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA + * MBEDTLS_TLS_PSK_WITH_AES_128_GCM_SHA256 + * MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA256 + * MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA + * + * PEM_PARSE uses AES for decrypting encrypted keys. + */ +#define MBEDTLS_AES_C + +/** + * \def MBEDTLS_ASN1_PARSE_C + * + * Enable the generic ASN1 parser. + * + * Module: library/asn1.c + * Caller: library/x509.c + * library/dhm.c + * library/pkcs12.c + * library/pkcs5.c + * library/pkparse.c + */ +#define MBEDTLS_ASN1_PARSE_C + +/** + * \def MBEDTLS_ASN1_WRITE_C + * + * Enable the generic ASN1 writer. + * + * Module: library/asn1write.c + * Caller: library/ecdsa.c + * library/pkwrite.c + * library/x509_create.c + * library/x509write_crt.c + * library/x509write_csr.c + */ +#define MBEDTLS_ASN1_WRITE_C + +/** + * \def MBEDTLS_BASE64_C + * + * Enable the Base64 module. + * + * Module: library/base64.c + * Caller: library/pem.c + * + * This module is required for PEM support (required by X.509). + */ +#define MBEDTLS_BASE64_C + +/** + * \def MBEDTLS_BIGNUM_C + * + * Enable the multi-precision integer library. + * + * Module: library/bignum.c + * Caller: library/dhm.c + * library/ecp.c + * library/ecdsa.c + * library/rsa.c + * library/rsa_alt_helpers.c + * library/ssl_tls.c + * + * This module is required for RSA, DHM and ECC (ECDH, ECDSA) support. + */ +#define MBEDTLS_BIGNUM_C + +/** + * \def MBEDTLS_CAMELLIA_C + * + * Enable the Camellia block cipher. + * + * Module: library/camellia.c + * Caller: library/cipher.c + * + * This module enables the following ciphersuites (if other requisites are + * enabled as well): + * MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 + * MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 + * MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256 + * MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384 + * MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 + * MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384 + * MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256 + * MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384 + * MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384 + * MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384 + * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384 + * MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 + * MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384 + * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 + * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA + * MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 + * MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 + * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 + * MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 + * MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 + * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 + * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA + * MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384 + * MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 + * MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 + * MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256 + * MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 + * MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 + * MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384 + * MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 + * MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA + * MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256 + * MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 + * MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA + * MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384 + * MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384 + * MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256 + * MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256 + * MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384 + * MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384 + * MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256 + * MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256 + */ +#define MBEDTLS_CAMELLIA_C + +/** + * \def MBEDTLS_ARIA_C + * + * Enable the ARIA block cipher. + * + * Module: library/aria.c + * Caller: library/cipher.c + * + * This module enables the following ciphersuites (if other requisites are + * enabled as well): + * + * MBEDTLS_TLS_RSA_WITH_ARIA_128_CBC_SHA256 + * MBEDTLS_TLS_RSA_WITH_ARIA_256_CBC_SHA384 + * MBEDTLS_TLS_DHE_RSA_WITH_ARIA_128_CBC_SHA256 + * MBEDTLS_TLS_DHE_RSA_WITH_ARIA_256_CBC_SHA384 + * MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_128_CBC_SHA256 + * MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_256_CBC_SHA384 + * MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_128_CBC_SHA256 + * MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_256_CBC_SHA384 + * MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_128_CBC_SHA256 + * MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_256_CBC_SHA384 + * MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_128_CBC_SHA256 + * MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_256_CBC_SHA384 + * MBEDTLS_TLS_RSA_WITH_ARIA_128_GCM_SHA256 + * MBEDTLS_TLS_RSA_WITH_ARIA_256_GCM_SHA384 + * MBEDTLS_TLS_DHE_RSA_WITH_ARIA_128_GCM_SHA256 + * MBEDTLS_TLS_DHE_RSA_WITH_ARIA_256_GCM_SHA384 + * MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256 + * MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384 + * MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_128_GCM_SHA256 + * MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_256_GCM_SHA384 + * MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256 + * MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384 + * MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_128_GCM_SHA256 + * MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_256_GCM_SHA384 + * MBEDTLS_TLS_PSK_WITH_ARIA_128_CBC_SHA256 + * MBEDTLS_TLS_PSK_WITH_ARIA_256_CBC_SHA384 + * MBEDTLS_TLS_DHE_PSK_WITH_ARIA_128_CBC_SHA256 + * MBEDTLS_TLS_DHE_PSK_WITH_ARIA_256_CBC_SHA384 + * MBEDTLS_TLS_RSA_PSK_WITH_ARIA_128_CBC_SHA256 + * MBEDTLS_TLS_RSA_PSK_WITH_ARIA_256_CBC_SHA384 + * MBEDTLS_TLS_PSK_WITH_ARIA_128_GCM_SHA256 + * MBEDTLS_TLS_PSK_WITH_ARIA_256_GCM_SHA384 + * MBEDTLS_TLS_DHE_PSK_WITH_ARIA_128_GCM_SHA256 + * MBEDTLS_TLS_DHE_PSK_WITH_ARIA_256_GCM_SHA384 + * MBEDTLS_TLS_RSA_PSK_WITH_ARIA_128_GCM_SHA256 + * MBEDTLS_TLS_RSA_PSK_WITH_ARIA_256_GCM_SHA384 + * MBEDTLS_TLS_ECDHE_PSK_WITH_ARIA_128_CBC_SHA256 + * MBEDTLS_TLS_ECDHE_PSK_WITH_ARIA_256_CBC_SHA384 + */ +//#define MBEDTLS_ARIA_C + +/** + * \def MBEDTLS_CCM_C + * + * Enable the Counter with CBC-MAC (CCM) mode for 128-bit block cipher. + * + * Module: library/ccm.c + * + * Requires: MBEDTLS_AES_C or MBEDTLS_CAMELLIA_C + * + * This module enables the AES-CCM ciphersuites, if other requisites are + * enabled as well. + */ +#define MBEDTLS_CCM_C + +/** + * \def MBEDTLS_CHACHA20_C + * + * Enable the ChaCha20 stream cipher. + * + * Module: library/chacha20.c + */ +#define MBEDTLS_CHACHA20_C + +/** + * \def MBEDTLS_CHACHAPOLY_C + * + * Enable the ChaCha20-Poly1305 AEAD algorithm. + * + * Module: library/chachapoly.c + * + * This module requires: MBEDTLS_CHACHA20_C, MBEDTLS_POLY1305_C + */ +#define MBEDTLS_CHACHAPOLY_C + +/** + * \def MBEDTLS_CIPHER_C + * + * Enable the generic cipher layer. + * + * Module: library/cipher.c + * Caller: library/ssl_tls.c + * + * Uncomment to enable generic cipher wrappers. + */ +#define MBEDTLS_CIPHER_C + +/** + * \def MBEDTLS_CMAC_C + * + * Enable the CMAC (Cipher-based Message Authentication Code) mode for block + * ciphers. + * + * \note When #MBEDTLS_CMAC_ALT is active, meaning that the underlying + * implementation of the CMAC algorithm is provided by an alternate + * implementation, that alternate implementation may opt to not support + * AES-192 or 3DES as underlying block ciphers for the CMAC operation. + * + * Module: library/cmac.c + * + * Requires: MBEDTLS_AES_C or MBEDTLS_DES_C + * + */ +#define MBEDTLS_CMAC_C + +/** + * \def MBEDTLS_CTR_DRBG_C + * + * Enable the CTR_DRBG AES-based random generator. + * The CTR_DRBG generator uses AES-256 by default. + * To use AES-128 instead, enable \c MBEDTLS_CTR_DRBG_USE_128_BIT_KEY above. + * + * \note To achieve a 256-bit security strength with CTR_DRBG, + * you must use AES-256 *and* use sufficient entropy. + * See ctr_drbg.h for more details. + * + * Module: library/ctr_drbg.c + * Caller: + * + * Requires: MBEDTLS_AES_C + * + * This module provides the CTR_DRBG AES random number generator. + */ +#define MBEDTLS_CTR_DRBG_C + +/** + * \def MBEDTLS_DEBUG_C + * + * Enable the debug functions. + * + * Module: library/debug.c + * Caller: library/ssl_cli.c + * library/ssl_srv.c + * library/ssl_tls.c + * + * This module provides debugging functions. + */ +//#define MBEDTLS_DEBUG_C + +/** + * \def MBEDTLS_DES_C + * + * Enable the DES block cipher. + * + * Module: library/des.c + * Caller: library/pem.c + * library/cipher.c + * + * PEM_PARSE uses DES/3DES for decrypting encrypted keys. + * + * \warning DES is considered a weak cipher and its use constitutes a + * security risk. We recommend considering stronger ciphers instead. + */ +#define MBEDTLS_DES_C + +/** + * \def MBEDTLS_DHM_C + * + * Enable the Diffie-Hellman-Merkle module. + * + * Module: library/dhm.c + * Caller: library/ssl_cli.c + * library/ssl_srv.c + * + * This module is used by the following key exchanges: + * DHE-RSA, DHE-PSK + * + * \warning Using DHE constitutes a security risk as it + * is not possible to validate custom DH parameters. + * If possible, it is recommended users should consider + * preferring other methods of key exchange. + * See dhm.h for more details. + * + */ +#define MBEDTLS_DHM_C + +/** + * \def MBEDTLS_ECDH_C + * + * Enable the elliptic curve Diffie-Hellman library. + * + * Module: library/ecdh.c + * Caller: library/ssl_cli.c + * library/ssl_srv.c + * + * This module is used by the following key exchanges: + * ECDHE-ECDSA, ECDHE-RSA, DHE-PSK + * + * Requires: MBEDTLS_ECP_C + */ +#define MBEDTLS_ECDH_C + +/** + * \def MBEDTLS_ECDSA_C + * + * Enable the elliptic curve DSA library. + * + * Module: library/ecdsa.c + * Caller: + * + * This module is used by the following key exchanges: + * ECDHE-ECDSA + * + * Requires: MBEDTLS_ECP_C, MBEDTLS_ASN1_WRITE_C, MBEDTLS_ASN1_PARSE_C, + * and at least one MBEDTLS_ECP_DP_XXX_ENABLED for a + * short Weierstrass curve. + */ +#define MBEDTLS_ECDSA_C + +/** + * \def MBEDTLS_ECJPAKE_C + * + * Enable the elliptic curve J-PAKE library. + * + * \note EC J-PAKE support is based on the Thread v1.0.0 specification. + * It has not been reviewed for compliance with newer standards such as + * Thread v1.1 or RFC 8236. + * + * Module: library/ecjpake.c + * Caller: + * + * This module is used by the following key exchanges: + * ECJPAKE + * + * Requires: MBEDTLS_ECP_C, MBEDTLS_MD_C + */ +#define MBEDTLS_ECJPAKE_C + +/** + * \def MBEDTLS_ECP_C + * + * Enable the elliptic curve over GF(p) library. + * + * Module: library/ecp.c + * Caller: library/ecdh.c + * library/ecdsa.c + * library/ecjpake.c + * + * Requires: MBEDTLS_BIGNUM_C and at least one MBEDTLS_ECP_DP_XXX_ENABLED + */ +#define MBEDTLS_ECP_C + +/** + * \def MBEDTLS_ENTROPY_C + * + * Enable the platform-specific entropy code. + * + * Module: library/entropy.c + * Caller: + * + * Requires: MBEDTLS_SHA512_C or MBEDTLS_SHA256_C + * + * This module provides a generic entropy pool + */ +#define MBEDTLS_ENTROPY_C + +/** + * \def MBEDTLS_ERROR_C + * + * Enable error code to error string conversion. + * + * Module: library/error.c + * Caller: + * + * This module enables mbedtls_strerror(). + */ +#define MBEDTLS_ERROR_C + +/** + * \def MBEDTLS_GCM_C + * + * Enable the Galois/Counter Mode (GCM). + * + * Module: library/gcm.c + * + * Requires: MBEDTLS_AES_C or MBEDTLS_CAMELLIA_C or MBEDTLS_ARIA_C + * + * This module enables the AES-GCM and CAMELLIA-GCM ciphersuites, if other + * requisites are enabled as well. + */ +//#define MBEDTLS_GCM_C + +/** + * \def MBEDTLS_HKDF_C + * + * Enable the HKDF algorithm (RFC 5869). + * + * Module: library/hkdf.c + * Caller: + * + * Requires: MBEDTLS_MD_C + * + * This module adds support for the Hashed Message Authentication Code + * (HMAC)-based key derivation function (HKDF). + */ +#define MBEDTLS_HKDF_C + +/** + * \def MBEDTLS_HMAC_DRBG_C + * + * Enable the HMAC_DRBG random generator. + * + * Module: library/hmac_drbg.c + * Caller: + * + * Requires: MBEDTLS_MD_C + * + * Uncomment to enable the HMAC_DRBG random number geerator. + */ +#define MBEDTLS_HMAC_DRBG_C + +/** + * \def MBEDTLS_NIST_KW_C + * + * Enable the Key Wrapping mode for 128-bit block ciphers, + * as defined in NIST SP 800-38F. Only KW and KWP modes + * are supported. At the moment, only AES is approved by NIST. + * + * Module: library/nist_kw.c + * + * Requires: MBEDTLS_AES_C and MBEDTLS_CIPHER_C + */ +#define MBEDTLS_NIST_KW_C + +/** + * \def MBEDTLS_MD_C + * + * Enable the generic message digest layer. + * + * Module: library/md.c + * Caller: + * + * Uncomment to enable generic message digest wrappers. + */ +#define MBEDTLS_MD_C + +/** + * \def MBEDTLS_MD5_C + * + * Enable the MD5 hash algorithm. + * + * Module: library/md5.c + * Caller: library/md.c + * library/pem.c + * library/ssl_tls.c + * + * This module is required for TLS 1.2 depending on the handshake parameters. + * Further, it is used for checking MD5-signed certificates, and for PBKDF1 + * when decrypting PEM-encoded encrypted keys. + * + * \warning MD5 is considered a weak message digest and its use constitutes a + * security risk. If possible, we recommend avoiding dependencies on + * it, and considering stronger message digests instead. + * + */ +//#define MBEDTLS_MD5_C + +/** + * \def MBEDTLS_MEMORY_BUFFER_ALLOC_C + * + * Enable the buffer allocator implementation that makes use of a (stack) + * based buffer to 'allocate' dynamic memory. (replaces calloc() and free() + * calls) + * + * Module: library/memory_buffer_alloc.c + * + * Requires: MBEDTLS_PLATFORM_C + * MBEDTLS_PLATFORM_MEMORY (to use it within mbed TLS) + * + * Enable this module to enable the buffer memory allocator. + */ +#define MBEDTLS_MEMORY_BUFFER_ALLOC_C + +/** + * \def MBEDTLS_NET_C + * + * Enable the TCP and UDP over IPv6/IPv4 networking routines. + * + * \note This module only works on POSIX/Unix (including Linux, BSD and OS X) + * and Windows. For other platforms, you'll want to disable it, and write your + * own networking callbacks to be passed to \c mbedtls_ssl_set_bio(). + * + * \note See also our Knowledge Base article about porting to a new + * environment: + * https://tls.mbed.org/kb/how-to/how-do-i-port-mbed-tls-to-a-new-environment-OS + * + * Module: library/net_sockets.c + * + * This module provides networking routines. + */ +//#define MBEDTLS_NET_C + +/** + * \def MBEDTLS_OID_C + * + * Enable the OID database. + * + * Module: library/oid.c + * Caller: library/asn1write.c + * library/pkcs5.c + * library/pkparse.c + * library/pkwrite.c + * library/rsa.c + * library/x509.c + * library/x509_create.c + * library/x509_crl.c + * library/x509_crt.c + * library/x509_csr.c + * library/x509write_crt.c + * library/x509write_csr.c + * + * This modules translates between OIDs and internal values. + */ +#define MBEDTLS_OID_C + +/** + * \def MBEDTLS_PADLOCK_C + * + * Enable VIA Padlock support on x86. + * + * Module: library/padlock.c + * Caller: library/aes.c + * + * Requires: MBEDTLS_HAVE_ASM + * + * This modules adds support for the VIA PadLock on x86. + */ +//#define MBEDTLS_PADLOCK_C + +/** + * \def MBEDTLS_PEM_PARSE_C + * + * Enable PEM decoding / parsing. + * + * Module: library/pem.c + * Caller: library/dhm.c + * library/pkparse.c + * library/x509_crl.c + * library/x509_crt.c + * library/x509_csr.c + * + * Requires: MBEDTLS_BASE64_C + * + * This modules adds support for decoding / parsing PEM files. + */ +#define MBEDTLS_PEM_PARSE_C + +/** + * \def MBEDTLS_PEM_WRITE_C + * + * Enable PEM encoding / writing. + * + * Module: library/pem.c + * Caller: library/pkwrite.c + * library/x509write_crt.c + * library/x509write_csr.c + * + * Requires: MBEDTLS_BASE64_C + * + * This modules adds support for encoding / writing PEM files. + */ +#define MBEDTLS_PEM_WRITE_C + +/** + * \def MBEDTLS_PK_C + * + * Enable the generic public (asymetric) key layer. + * + * Module: library/pk.c + * Caller: library/ssl_tls.c + * library/ssl_cli.c + * library/ssl_srv.c + * + * Requires: MBEDTLS_RSA_C or MBEDTLS_ECP_C + * + * Uncomment to enable generic public key wrappers. + */ +#define MBEDTLS_PK_C + +/** + * \def MBEDTLS_PK_PARSE_C + * + * Enable the generic public (asymetric) key parser. + * + * Module: library/pkparse.c + * Caller: library/x509_crt.c + * library/x509_csr.c + * + * Requires: MBEDTLS_PK_C + * + * Uncomment to enable generic public key parse functions. + */ +#define MBEDTLS_PK_PARSE_C + +/** + * \def MBEDTLS_PK_WRITE_C + * + * Enable the generic public (asymetric) key writer. + * + * Module: library/pkwrite.c + * Caller: library/x509write.c + * + * Requires: MBEDTLS_PK_C + * + * Uncomment to enable generic public key write functions. + */ +#define MBEDTLS_PK_WRITE_C + +/** + * \def MBEDTLS_PKCS5_C + * + * Enable PKCS#5 functions. + * + * Module: library/pkcs5.c + * + * Requires: MBEDTLS_MD_C + * + * This module adds support for the PKCS#5 functions. + */ +#define MBEDTLS_PKCS5_C + +/** + * \def MBEDTLS_PKCS12_C + * + * Enable PKCS#12 PBE functions. + * Adds algorithms for parsing PKCS#8 encrypted private keys + * + * Module: library/pkcs12.c + * Caller: library/pkparse.c + * + * Requires: MBEDTLS_ASN1_PARSE_C, MBEDTLS_CIPHER_C, MBEDTLS_MD_C + * + * This module enables PKCS#12 functions. + */ +#define MBEDTLS_PKCS12_C + +/** + * \def MBEDTLS_PLATFORM_C + * + * Enable the platform abstraction layer that allows you to re-assign + * functions like calloc(), free(), snprintf(), printf(), fprintf(), exit(). + * + * Enabling MBEDTLS_PLATFORM_C enables to use of MBEDTLS_PLATFORM_XXX_ALT + * or MBEDTLS_PLATFORM_XXX_MACRO directives, allowing the functions mentioned + * above to be specified at runtime or compile time respectively. + * + * \note This abstraction layer must be enabled on Windows (including MSYS2) + * as other module rely on it for a fixed snprintf implementation. + * + * Module: library/platform.c + * Caller: Most other .c files + * + * This module enables abstraction of common (libc) functions. + */ +#define MBEDTLS_PLATFORM_C + +/** + * \def MBEDTLS_POLY1305_C + * + * Enable the Poly1305 MAC algorithm. + * + * Module: library/poly1305.c + * Caller: library/chachapoly.c + */ +#define MBEDTLS_POLY1305_C + +/** + * \def MBEDTLS_PSA_CRYPTO_C + * + * Enable the Platform Security Architecture cryptography API. + * + * Module: library/psa_crypto.c + * + * Requires: either MBEDTLS_CTR_DRBG_C and MBEDTLS_ENTROPY_C, + * or MBEDTLS_HMAC_DRBG_C and MBEDTLS_ENTROPY_C, + * or MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG. + * + */ +#define MBEDTLS_PSA_CRYPTO_C + +/** + * \def MBEDTLS_PSA_CRYPTO_SE_C + * + * Enable secure element support in the Platform Security Architecture + * cryptography API. + * + * \warning This feature is not yet suitable for production. It is provided + * for API evaluation and testing purposes only. + * + * Module: library/psa_crypto_se.c + * + * Requires: MBEDTLS_PSA_CRYPTO_C, MBEDTLS_PSA_CRYPTO_STORAGE_C + * + */ +//#define MBEDTLS_PSA_CRYPTO_SE_C + +/** + * \def MBEDTLS_PSA_CRYPTO_STORAGE_C + * + * Enable the Platform Security Architecture persistent key storage. + * + * Module: library/psa_crypto_storage.c + * + * Requires: MBEDTLS_PSA_CRYPTO_C, + * either MBEDTLS_PSA_ITS_FILE_C or a native implementation of + * the PSA ITS interface + */ +#define MBEDTLS_PSA_CRYPTO_STORAGE_C + +/** + * \def MBEDTLS_PSA_ITS_FILE_C + * + * Enable the emulation of the Platform Security Architecture + * Internal Trusted Storage (PSA ITS) over files. + * + * Module: library/psa_its_file.c + * + * Requires: MBEDTLS_FS_IO + */ +//#define MBEDTLS_PSA_ITS_FILE_C + +/** + * \def MBEDTLS_RIPEMD160_C + * + * Enable the RIPEMD-160 hash algorithm. + * + * Module: library/ripemd160.c + * Caller: library/md.c + * + */ +//#define MBEDTLS_RIPEMD160_C + +/** + * \def MBEDTLS_RSA_C + * + * Enable the RSA public-key cryptosystem. + * + * Module: library/rsa.c + * library/rsa_alt_helpers.c + * Caller: library/ssl_cli.c + * library/ssl_srv.c + * library/ssl_tls.c + * library/x509.c + * + * This module is used by the following key exchanges: + * RSA, DHE-RSA, ECDHE-RSA, RSA-PSK + * + * Requires: MBEDTLS_BIGNUM_C, MBEDTLS_OID_C + */ +#define MBEDTLS_RSA_C + +/** + * \def MBEDTLS_SHA1_C + * + * Enable the SHA1 cryptographic hash algorithm. + * + * Module: library/sha1.c + * Caller: library/md.c + * library/ssl_cli.c + * library/ssl_srv.c + * library/ssl_tls.c + * library/x509write_crt.c + * + * This module is required for TLS 1.2 depending on the handshake parameters, + * and for SHA1-signed certificates. + * + * \warning SHA-1 is considered a weak message digest and its use constitutes + * a security risk. If possible, we recommend avoiding dependencies + * on it, and considering stronger message digests instead. + * + */ +#define MBEDTLS_SHA1_C + +/** + * \def MBEDTLS_SHA224_C + * + * Enable the SHA-224 cryptographic hash algorithm. + * + * Requires: MBEDTLS_SHA256_C. The library does not currently support enabling + * SHA-224 without SHA-256. + * + * Module: library/sha256.c + * Caller: library/md.c + * library/ssl_cookie.c + * + * This module adds support for SHA-224. + */ +#define MBEDTLS_SHA224_C + +/** + * \def MBEDTLS_SHA256_C + * + * Enable the SHA-256 cryptographic hash algorithm. + * + * Requires: MBEDTLS_SHA224_C. The library does not currently support enabling + * SHA-256 without SHA-224. + * + * Module: library/sha256.c + * Caller: library/entropy.c + * library/md.c + * library/ssl_cli.c + * library/ssl_srv.c + * library/ssl_tls.c + * + * This module adds support for SHA-256. + * This module is required for the SSL/TLS 1.2 PRF function. + */ +#define MBEDTLS_SHA256_C + +/** + * \def MBEDTLS_SHA384_C + * + * Enable the SHA-384 cryptographic hash algorithm. + * + * Requires: MBEDTLS_SHA512_C + * + * Module: library/sha512.c + * Caller: library/md.c + * library/ssl_cli.c + * library/ssl_srv.c + * + * Comment to disable SHA-384 + */ +// #define MBEDTLS_SHA384_C + +/** + * \def MBEDTLS_SHA512_C + * + * Enable the SHA-384 and SHA-512 cryptographic hash algorithms. + * + * Module: library/sha512.c + * Caller: library/entropy.c + * library/md.c + * library/ssl_cli.c + * library/ssl_srv.c + * + * This module adds support for SHA-384 and SHA-512. + */ +// #define MBEDTLS_SHA512_C + +/** + * \def MBEDTLS_SSL_CACHE_C + * + * Enable simple SSL cache implementation. + * + * Module: library/ssl_cache.c + * Caller: + * + * Requires: MBEDTLS_SSL_CACHE_C + */ +#define MBEDTLS_SSL_CACHE_C + +/** + * \def MBEDTLS_SSL_COOKIE_C + * + * Enable basic implementation of DTLS cookies for hello verification. + * + * Module: library/ssl_cookie.c + * Caller: + */ +#define MBEDTLS_SSL_COOKIE_C + +/** + * \def MBEDTLS_SSL_TICKET_C + * + * Enable an implementation of TLS server-side callbacks for session tickets. + * + * Module: library/ssl_ticket.c + * Caller: + * + * Requires: MBEDTLS_CIPHER_C + */ +#define MBEDTLS_SSL_TICKET_C + +/** + * \def MBEDTLS_SSL_CLI_C + * + * Enable the SSL/TLS client code. + * + * Module: library/ssl_cli.c + * Caller: + * + * Requires: MBEDTLS_SSL_TLS_C + * + * This module is required for SSL/TLS client support. + */ +#define MBEDTLS_SSL_CLI_C + +/** + * \def MBEDTLS_SSL_SRV_C + * + * Enable the SSL/TLS server code. + * + * Module: library/ssl_srv.c + * Caller: + * + * Requires: MBEDTLS_SSL_TLS_C + * + * This module is required for SSL/TLS server support. + */ +#define MBEDTLS_SSL_SRV_C + +/** + * \def MBEDTLS_SSL_TLS_C + * + * Enable the generic SSL/TLS code. + * + * Module: library/ssl_tls.c + * Caller: library/ssl_cli.c + * library/ssl_srv.c + * + * Requires: MBEDTLS_CIPHER_C, MBEDTLS_MD_C + * and at least one of the MBEDTLS_SSL_PROTO_XXX defines + * + * This module is required for SSL/TLS. + */ +#define MBEDTLS_SSL_TLS_C + +/** + * \def MBEDTLS_THREADING_C + * + * Enable the threading abstraction layer. + * By default mbed TLS assumes it is used in a non-threaded environment or that + * contexts are not shared between threads. If you do intend to use contexts + * between threads, you will need to enable this layer to prevent race + * conditions. See also our Knowledge Base article about threading: + * https://tls.mbed.org/kb/development/thread-safety-and-multi-threading + * + * Module: library/threading.c + * + * This allows different threading implementations (self-implemented or + * provided). + * + * You will have to enable either MBEDTLS_THREADING_ALT or + * MBEDTLS_THREADING_PTHREAD. + * + * Enable this layer to allow use of mutexes within mbed TLS + */ +#define MBEDTLS_THREADING_C + +/** + * \def MBEDTLS_TIMING_C + * + * Enable the semi-portable timing interface. + * + * \note The provided implementation only works on POSIX/Unix (including Linux, + * BSD and OS X) and Windows. On other platforms, you can either disable that + * module and provide your own implementations of the callbacks needed by + * \c mbedtls_ssl_set_timer_cb() for DTLS, or leave it enabled and provide + * your own implementation of the whole module by setting + * \c MBEDTLS_TIMING_ALT in the current file. + * + * \note See also our Knowledge Base article about porting to a new + * environment: + * https://tls.mbed.org/kb/how-to/how-do-i-port-mbed-tls-to-a-new-environment-OS + * + * Module: library/timing.c + */ +//#define MBEDTLS_TIMING_C + +/** + * \def MBEDTLS_VERSION_C + * + * Enable run-time version information. + * + * Module: library/version.c + * + * This module provides run-time version information. + */ +#define MBEDTLS_VERSION_C + +/** + * \def MBEDTLS_X509_USE_C + * + * Enable X.509 core for using certificates. + * + * Module: library/x509.c + * Caller: library/x509_crl.c + * library/x509_crt.c + * library/x509_csr.c + * + * Requires: MBEDTLS_ASN1_PARSE_C, MBEDTLS_BIGNUM_C, MBEDTLS_OID_C, + * MBEDTLS_PK_PARSE_C + * + * This module is required for the X.509 parsing modules. + */ +#define MBEDTLS_X509_USE_C + +/** + * \def MBEDTLS_X509_CRT_PARSE_C + * + * Enable X.509 certificate parsing. + * + * Module: library/x509_crt.c + * Caller: library/ssl_cli.c + * library/ssl_srv.c + * library/ssl_tls.c + * + * Requires: MBEDTLS_X509_USE_C + * + * This module is required for X.509 certificate parsing. + */ +#define MBEDTLS_X509_CRT_PARSE_C + +/** + * \def MBEDTLS_X509_CRL_PARSE_C + * + * Enable X.509 CRL parsing. + * + * Module: library/x509_crl.c + * Caller: library/x509_crt.c + * + * Requires: MBEDTLS_X509_USE_C + * + * This module is required for X.509 CRL parsing. + */ +#define MBEDTLS_X509_CRL_PARSE_C + +/** + * \def MBEDTLS_X509_CSR_PARSE_C + * + * Enable X.509 Certificate Signing Request (CSR) parsing. + * + * Module: library/x509_csr.c + * Caller: library/x509_crt_write.c + * + * Requires: MBEDTLS_X509_USE_C + * + * This module is used for reading X.509 certificate request. + */ +#define MBEDTLS_X509_CSR_PARSE_C + +/** + * \def MBEDTLS_X509_CREATE_C + * + * Enable X.509 core for creating certificates. + * + * Module: library/x509_create.c + * + * Requires: MBEDTLS_BIGNUM_C, MBEDTLS_OID_C, MBEDTLS_PK_WRITE_C + * + * This module is the basis for creating X.509 certificates and CSRs. + */ +#define MBEDTLS_X509_CREATE_C + +/** + * \def MBEDTLS_X509_CRT_WRITE_C + * + * Enable creating X.509 certificates. + * + * Module: library/x509_crt_write.c + * + * Requires: MBEDTLS_X509_CREATE_C + * + * This module is required for X.509 certificate creation. + */ +#define MBEDTLS_X509_CRT_WRITE_C + +/** + * \def MBEDTLS_X509_CSR_WRITE_C + * + * Enable creating X.509 Certificate Signing Requests (CSR). + * + * Module: library/x509_csr_write.c + * + * Requires: MBEDTLS_X509_CREATE_C + * + * This module is required for X.509 certificate request writing. + */ +#define MBEDTLS_X509_CSR_WRITE_C + +/* \} name SECTION: mbed TLS modules */ + +/** + * \name SECTION: Module configuration options + * + * This section allows for the setting of module specific sizes and + * configuration options. The default values are already present in the + * relevant header files and should suffice for the regular use cases. + * + * Our advice is to enable options and change their values here + * only if you have a good reason and know the consequences. + * + * Please check the respective header file for documentation on these + * parameters (to prevent duplicate documentation). + * \{ + */ + +/* MPI / BIGNUM options */ +//#define MBEDTLS_MPI_WINDOW_SIZE 6 /**< Maximum window size used. */ +//#define MBEDTLS_MPI_MAX_SIZE 1024 /**< Maximum number of bytes for usable MPIs. */ + +/* CTR_DRBG options */ +//#define MBEDTLS_CTR_DRBG_ENTROPY_LEN 48 /**< Amount of entropy used per seed by default (48 with SHA-512, 32 with SHA-256) */ +/*! Maximal reseed counter - indicates maximal number of +requests allowed between reseeds; according to NIST 800-90 +it is (2^48 - 1), our restriction is : (int - 0xFFFF - 0xF).*/ +#define MBEDTLS_CTR_DRBG_RESEED_INTERVAL 0xFFF0 /**< Interval before reseed is performed by default */ +//#define MBEDTLS_CTR_DRBG_MAX_INPUT 256 /**< Maximum number of additional input bytes */ +//#define MBEDTLS_CTR_DRBG_MAX_REQUEST 1024 /**< Maximum number of requested bytes per call */ +//#define MBEDTLS_CTR_DRBG_MAX_SEED_INPUT 384 /**< Maximum size of (re)seed buffer */ + +/* HMAC_DRBG options */ +//#define MBEDTLS_HMAC_DRBG_RESEED_INTERVAL 10000 /**< Interval before reseed is performed by default */ +//#define MBEDTLS_HMAC_DRBG_MAX_INPUT 256 /**< Maximum number of additional input bytes */ +//#define MBEDTLS_HMAC_DRBG_MAX_REQUEST 1024 /**< Maximum number of requested bytes per call */ +//#define MBEDTLS_HMAC_DRBG_MAX_SEED_INPUT 384 /**< Maximum size of (re)seed buffer */ + +/* ECP options */ +//#define MBEDTLS_ECP_MAX_BITS 521 /**< Maximum bit size of groups */ +//#define MBEDTLS_ECP_WINDOW_SIZE 6 /**< Maximum window size used */ +//#define MBEDTLS_ECP_FIXED_POINT_OPTIM 1 /**< Enable fixed-point speed-up */ + +/* Entropy options */ +#define MBEDTLS_ENTROPY_MAX_SOURCES 1 /**< Maximum number of sources supported */ +#define MBEDTLS_ENTROPY_MAX_GATHER 144 /**< Maximum amount requested from entropy sources */ +//#define MBEDTLS_ENTROPY_MIN_HARDWARE 32 /**< Default minimum number of bytes required for the hardware entropy source mbedtls_hardware_poll() before entropy is released */ + +/* Memory buffer allocator options */ +//#define MBEDTLS_MEMORY_ALIGN_MULTIPLE 4 /**< Align on multiples of this value */ + +/* Platform options */ +//#define MBEDTLS_PLATFORM_STD_MEM_HDR /**< Header to include if MBEDTLS_PLATFORM_NO_STD_FUNCTIONS is defined. Don't define if no header is needed. */ +//#define MBEDTLS_PLATFORM_STD_CALLOC calloc /**< Default allocator to use, can be undefined */ +//#define MBEDTLS_PLATFORM_STD_FREE free /**< Default free to use, can be undefined */ +//#define MBEDTLS_PLATFORM_STD_EXIT exit /**< Default exit to use, can be undefined */ +//#define MBEDTLS_PLATFORM_STD_TIME time /**< Default time to use, can be undefined. MBEDTLS_HAVE_TIME must be enabled */ +//#define MBEDTLS_PLATFORM_STD_FPRINTF fprintf /**< Default fprintf to use, can be undefined */ +//#define MBEDTLS_PLATFORM_STD_PRINTF printf /**< Default printf to use, can be undefined */ +/* Note: your snprintf must correctly zero-terminate the buffer! */ +//#define MBEDTLS_PLATFORM_STD_SNPRINTF snprintf /**< Default snprintf to use, can be undefined */ +//#define MBEDTLS_PLATFORM_STD_EXIT_SUCCESS 0 /**< Default exit value to use, can be undefined */ +//#define MBEDTLS_PLATFORM_STD_EXIT_FAILURE 1 /**< Default exit value to use, can be undefined */ +//#define MBEDTLS_PLATFORM_STD_NV_SEED_READ mbedtls_platform_std_nv_seed_read /**< Default nv_seed_read function to use, can be undefined */ +//#define MBEDTLS_PLATFORM_STD_NV_SEED_WRITE mbedtls_platform_std_nv_seed_write /**< Default nv_seed_write function to use, can be undefined */ +//#define MBEDTLS_PLATFORM_STD_NV_SEED_FILE "seedfile" /**< Seed file to read/write with default implementation */ + +/* To Use Function Macros MBEDTLS_PLATFORM_C must be enabled */ +/* MBEDTLS_PLATFORM_XXX_MACRO and MBEDTLS_PLATFORM_XXX_ALT cannot both be defined */ +//#define MBEDTLS_PLATFORM_CALLOC_MACRO calloc /**< Default allocator macro to use, can be undefined */ +//#define MBEDTLS_PLATFORM_FREE_MACRO free /**< Default free macro to use, can be undefined */ +//#define MBEDTLS_PLATFORM_EXIT_MACRO exit /**< Default exit macro to use, can be undefined */ +//#define MBEDTLS_PLATFORM_TIME_MACRO time /**< Default time macro to use, can be undefined. MBEDTLS_HAVE_TIME must be enabled */ +//#define MBEDTLS_PLATFORM_TIME_TYPE_MACRO time_t /**< Default time macro to use, can be undefined. MBEDTLS_HAVE_TIME must be enabled */ +//#define MBEDTLS_PLATFORM_FPRINTF_MACRO fprintf /**< Default fprintf macro to use, can be undefined */ +//#define MBEDTLS_PLATFORM_PRINTF_MACRO printf /**< Default printf macro to use, can be undefined */ +/* Note: your snprintf must correctly zero-terminate the buffer! */ +//#define MBEDTLS_PLATFORM_SNPRINTF_MACRO snprintf /**< Default snprintf macro to use, can be undefined */ +//#define MBEDTLS_PLATFORM_VSNPRINTF_MACRO vsnprintf /**< Default vsnprintf macro to use, can be undefined */ +//#define MBEDTLS_PLATFORM_NV_SEED_READ_MACRO mbedtls_platform_std_nv_seed_read /**< Default nv_seed_read function to use, can be undefined */ +//#define MBEDTLS_PLATFORM_NV_SEED_WRITE_MACRO mbedtls_platform_std_nv_seed_write /**< Default nv_seed_write function to use, can be undefined */ + +/** \def MBEDTLS_CHECK_RETURN + * + * This macro is used at the beginning of the declaration of a function + * to indicate that its return value should be checked. It should + * instruct the compiler to emit a warning or an error if the function + * is called without checking its return value. + * + * There is a default implementation for popular compilers in platform_util.h. + * You can override the default implementation by defining your own here. + * + * If the implementation here is empty, this will effectively disable the + * checking of functions' return values. + */ +//#define MBEDTLS_CHECK_RETURN __attribute__((__warn_unused_result__)) + +/** \def MBEDTLS_IGNORE_RETURN + * + * This macro requires one argument, which should be a C function call. + * If that function call would cause a #MBEDTLS_CHECK_RETURN warning, this + * warning is suppressed. + */ +//#define MBEDTLS_IGNORE_RETURN( result ) ((void) !(result)) + +/* PSA options */ +/** + * Use HMAC_DRBG with the specified hash algorithm for HMAC_DRBG for the + * PSA crypto subsystem. + * + * If this option is unset: + * - If CTR_DRBG is available, the PSA subsystem uses it rather than HMAC_DRBG. + * - Otherwise, the PSA subsystem uses HMAC_DRBG with either + * #MBEDTLS_MD_SHA512 or #MBEDTLS_MD_SHA256 based on availability and + * on unspecified heuristics. + */ +#define MBEDTLS_PSA_HMAC_DRBG_MD_TYPE MBEDTLS_MD_SHA256 + +/** \def MBEDTLS_PSA_KEY_SLOT_COUNT + * Restrict the PSA library to supporting a maximum amount of simultaneously + * loaded keys. A loaded key is a key stored by the PSA Crypto core as a + * volatile key, or a persistent key which is loaded temporarily by the + * library as part of a crypto operation in flight. + * + * If this option is unset, the library will fall back to a default value of + * 32 keys. + */ +//#define MBEDTLS_PSA_KEY_SLOT_COUNT 32 + +/* SSL Cache options */ +//#define MBEDTLS_SSL_CACHE_DEFAULT_TIMEOUT 86400 /**< 1 day */ +//#define MBEDTLS_SSL_CACHE_DEFAULT_MAX_ENTRIES 50 /**< Maximum entries in cache */ + +/* SSL options */ + +/** \def MBEDTLS_SSL_IN_CONTENT_LEN + * + * Maximum length (in bytes) of incoming plaintext fragments. + * + * This determines the size of the incoming TLS I/O buffer in such a way + * that it is capable of holding the specified amount of plaintext data, + * regardless of the protection mechanism used. + * + * \note When using a value less than the default of 16KB on the client, it is + * recommended to use the Maximum Fragment Length (MFL) extension to + * inform the server about this limitation. On the server, there + * is no supported, standardized way of informing the client about + * restriction on the maximum size of incoming messages, and unless + * the limitation has been communicated by other means, it is recommended + * to only change the outgoing buffer size #MBEDTLS_SSL_OUT_CONTENT_LEN + * while keeping the default value of 16KB for the incoming buffer. + * + * Uncomment to set the maximum plaintext size of the incoming I/O buffer. + */ +//#define MBEDTLS_SSL_IN_CONTENT_LEN 16384 + +/** \def MBEDTLS_SSL_CID_IN_LEN_MAX + * + * The maximum length of CIDs used for incoming DTLS messages. + * + */ +//#define MBEDTLS_SSL_CID_IN_LEN_MAX 32 + +/** \def MBEDTLS_SSL_CID_OUT_LEN_MAX + * + * The maximum length of CIDs used for outgoing DTLS messages. + * + */ +//#define MBEDTLS_SSL_CID_OUT_LEN_MAX 32 + +/** \def MBEDTLS_SSL_CID_TLS1_3_PADDING_GRANULARITY + * + * This option controls the use of record plaintext padding + * in TLS 1.3 and when using the Connection ID extension in DTLS 1.2. + * + * The padding will always be chosen so that the length of the + * padded plaintext is a multiple of the value of this option. + * + * Note: A value of \c 1 means that no padding will be used + * for outgoing records. + * + * Note: On systems lacking division instructions, + * a power of two should be preferred. + */ +//#define MBEDTLS_SSL_CID_TLS1_3_PADDING_GRANULARITY 16 + +/** \def MBEDTLS_SSL_OUT_CONTENT_LEN + * + * Maximum length (in bytes) of outgoing plaintext fragments. + * + * This determines the size of the outgoing TLS I/O buffer in such a way + * that it is capable of holding the specified amount of plaintext data, + * regardless of the protection mechanism used. + * + * It is possible to save RAM by setting a smaller outward buffer, while keeping + * the default inward 16384 byte buffer to conform to the TLS specification. + * + * The minimum required outward buffer size is determined by the handshake + * protocol's usage. Handshaking will fail if the outward buffer is too small. + * The specific size requirement depends on the configured ciphers and any + * certificate data which is sent during the handshake. + * + * Uncomment to set the maximum plaintext size of the outgoing I/O buffer. + */ +//#define MBEDTLS_SSL_OUT_CONTENT_LEN 16384 + +/** \def MBEDTLS_SSL_DTLS_MAX_BUFFERING + * + * Maximum number of heap-allocated bytes for the purpose of + * DTLS handshake message reassembly and future message buffering. + * + * This should be at least 9/8 * MBEDTLS_SSL_IN_CONTENT_LEN + * to account for a reassembled handshake message of maximum size, + * together with its reassembly bitmap. + * + * A value of 2 * MBEDTLS_SSL_IN_CONTENT_LEN (32768 by default) + * should be sufficient for all practical situations as it allows + * to reassembly a large handshake message (such as a certificate) + * while buffering multiple smaller handshake messages. + * + */ +//#define MBEDTLS_SSL_DTLS_MAX_BUFFERING 32768 + +//#define MBEDTLS_PSK_MAX_LEN 32 /**< Max size of TLS pre-shared keys, in bytes (default 256 bits) */ +//#define MBEDTLS_SSL_COOKIE_TIMEOUT 60 /**< Default expiration delay of DTLS cookies, in seconds if HAVE_TIME, or in number of cookies issued */ + +/** \def MBEDTLS_TLS_EXT_CID + * + * At the time of writing, the CID extension has not been assigned its + * final value. Set this configuration option to make Mbed TLS use a + * different value. + * + * A future minor revision of Mbed TLS may change the default value of + * this option to match evolving standards and usage. + */ +//#define MBEDTLS_TLS_EXT_CID 254 + +/** + * Complete list of ciphersuites to use, in order of preference. + * + * \warning No dependency checking is done on that field! This option can only + * be used to restrict the set of available ciphersuites. It is your + * responsibility to make sure the needed modules are active. + * + * Use this to save a few hundred bytes of ROM (default ordering of all + * available ciphersuites) and a few to a few hundred bytes of RAM. + * + * The value below is only an example, not the default. + */ +//#define MBEDTLS_SSL_CIPHERSUITES MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 + +/* X509 options */ +//#define MBEDTLS_X509_MAX_INTERMEDIATE_CA 8 /**< Maximum number of intermediate CAs in a verification chain. */ +//#define MBEDTLS_X509_MAX_FILE_PATH_LEN 512 /**< Maximum length of a path/filename string in bytes including the null terminator character ('\0'). */ + +/** + * Uncomment the macro to let mbed TLS use your alternate implementation of + * mbedtls_platform_zeroize(). This replaces the default implementation in + * platform_util.c. + * + * mbedtls_platform_zeroize() is a widely used function across the library to + * zero a block of memory. The implementation is expected to be secure in the + * sense that it has been written to prevent the compiler from removing calls + * to mbedtls_platform_zeroize() as part of redundant code elimination + * optimizations. However, it is difficult to guarantee that calls to + * mbedtls_platform_zeroize() will not be optimized by the compiler as older + * versions of the C language standards do not provide a secure implementation + * of memset(). Therefore, MBEDTLS_PLATFORM_ZEROIZE_ALT enables users to + * configure their own implementation of mbedtls_platform_zeroize(), for + * example by using directives specific to their compiler, features from newer + * C standards (e.g using memset_s() in C11) or calling a secure memset() from + * their system (e.g explicit_bzero() in BSD). + */ +//#define MBEDTLS_PLATFORM_ZEROIZE_ALT + +/** + * Uncomment the macro to let Mbed TLS use your alternate implementation of + * mbedtls_platform_gmtime_r(). This replaces the default implementation in + * platform_util.c. + * + * gmtime() is not a thread-safe function as defined in the C standard. The + * library will try to use safer implementations of this function, such as + * gmtime_r() when available. However, if Mbed TLS cannot identify the target + * system, the implementation of mbedtls_platform_gmtime_r() will default to + * using the standard gmtime(). In this case, calls from the library to + * gmtime() will be guarded by the global mutex mbedtls_threading_gmtime_mutex + * if MBEDTLS_THREADING_C is enabled. We recommend that calls from outside the + * library are also guarded with this mutex to avoid race conditions. However, + * if the macro MBEDTLS_PLATFORM_GMTIME_R_ALT is defined, Mbed TLS will + * unconditionally use the implementation for mbedtls_platform_gmtime_r() + * supplied at compile time. + */ +//#define MBEDTLS_PLATFORM_GMTIME_R_ALT + +/** + * Enable the verified implementations of ECDH primitives from Project Everest + * (currently only Curve25519). This feature changes the layout of ECDH + * contexts and therefore is a compatibility break for applications that access + * fields of a mbedtls_ecdh_context structure directly. See also + * MBEDTLS_ECDH_LEGACY_CONTEXT in include/mbedtls/ecdh.h. + */ +//#define MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED + + +#define PSA_CRYPTO_DRIVER_CC3XX +/* \} name SECTION: Customisation configuration options */ + +/* Target and application specific configurations + * + * Allow user to override any previous default. + * + */ +#if defined(MBEDTLS_USER_CONFIG_FILE) +#include MBEDTLS_USER_CONFIG_FILE +#endif + +#if defined(MBEDTLS_PSA_CRYPTO_CONFIG) +#include "mbedtls/config_psa.h" +#endif + +#include "mbedtls/check_config.h" diff --git a/lib/libnrf_cc310_core_0.9.14.a b/lib/libnrf_cc310_core_0.9.14.a new file mode 100644 index 0000000000000000000000000000000000000000..fdfb5134ffa3b6fd77b50bc6e3e4afe72e540b08 GIT binary patch literal 181094 zcmd?S34ByV);Cy8|LsnqDPO4ju{yh6*JP|h~iQDzYfQUn9(A@kzr$u ztzfLD`ako0^*6@OJ}S=k&l#ih%Io}8e9kcU+5K~-&}k3yoZ;^7Qsw0TRWbUzGfymr#&OidtYRxtDP%@ znMpfW-_A_hxh|EN*7p|YR+X8w^Ie2_pM{w@+2!-g(sQy((z6znF3d@vpI27S^uhB= zOVabQJBADKyrQ|q>2phq3)6+1S5l)0<&>9wO_3s3VUCx;yqxm%@&`)1151kYiptaT zit>!A7B7IZ#^8dS2TELdr5z&#%-qr(Z}fSk1k)i{gXs{FRb29bx6T}(LvR_2@?cJB zv6pOKS;sJ;S5{$(m!t?S&2eR?mz9_170v4;_Wshm@|^U{ydqbrw@SLioy1bba9}Rx zg-cNawevWhj9aWjGEbDT);*vdQ)cDnWEG^BEXahty&wx0%!iU?<*w3lSLS^0Dnpzr zJNw^68_~RYnQdv_LSw%3a*EPRt`e^KM5e3ETOmp$BfYYb;a*|fPR3k?&5faM<8Y0< zP=wdcFLq_KtSsK3VHE9Br%pQ8HK(++xHP@cRZ;>+N=Jh7;&e}|&tlXe$d-?o?BYUK zUJ=zIHOHcyit_X<7j(%^&nkVOq#XX}D$ilm@Hz{hTIQONQ#7?G`}X3ZS@8e6an(m?b2nBSBhe zULgc2OI=7}jy`1Kyoosvq@lSZ%bZeDOQdy&CzO^OqBNHDDlSban(8W=mosC`h-fX7 z1)0E%UywIHTML0ZbRGnBFF~GkLJrqADJwg7+QRIT#9V?&$|@GXaSejNnGjG;)V|&dDV1?yL!4&qpzNB)aa|G8xeDL%u&Om zJ?YX4@)BJ0vu-b8xSCX4H1GBWg^76!b=+h)IY|{4W#^UW6&JbY!w?HfbEe(zD!CJ* z#E9WMdVY?pG;aRJi7PF2J&<(Y0@wWM#ZeR< zSDF*QVD8+U(lQ>3AXfr9{P>)hL|3^hrKr3ZAyaeaX%Q5vVn7t3(~BWU=?N;SA}4Ed zaduKgNqmksKPl&K3ZSy4y0VHh^QJvem|4tAmQsc!)1Xjk&eY=K@}vq3(4?>{v3LQx z!O7WkhvW1PNX^QmfVk{zT*b{T(j>qQ2P@;^xK^%d3kru%%W}|jr+XsZ8KCDZE-b;AS_UP74jqMNTuC;qv?T5RY;NDYoKo^l3Q8_UZR;va z3%|20r?j(hk|)dNWua#D!rp=C-aRgpn90WnG#3aV8O%-rTtL*EPC^7o5y}8_f%2T& zT}9c6l*k=|t~t$B>MAUwP#Q{dreijN==l@?&q+g)JJ`JRNiJwyTAaNg3j|^anpOxg zjp0-Zuw++RZruENXrnp9l#s*ZWRn=ll%1A5N^jt`$7gACg#RF*G?H>LYl;_Q-*+x3tEpMTVxA5829gC~{&AblQ<^b1g=(oUlcQ&4>>5tTj{4c?tJ3-&9{aiuo>n!RC&f& zc%30AlV%^fFySTHeCE(0xL{s~AR!40%Spn&5h#tmmH?kF{2PIPgFq99Ya-C>;aUQG z3UMs~K9A4@s7av>p=T&fci|o>w=kzXFUu3_!h{*OIc4tJE-7#arDH6ly24=CNrLn; z3;^jx#pz{Pt`aR?f>BCi(7c=?v{WrrI2DxR^~)#qSBpXyszpiV;B#($kt4C%Or5(g z@5K#ia0gEJ10%bT|(-yv_S1n1CgEdU7C~@ zn}u#n3$qQAYhhZmcCVg|a5$o)q7aL}h{WH~Be9}3;^yH*aAepPB~4NlMZqGPI27h& z9*(h7Si8dEGm;Z0yPqv&SAP6$Psxq|)kp22I@Dkl{1soda;IgK|4F(ws}X7lV#d`I z7qv4imxVkP?@*hMMX4pbeO3C~F?|Wrn|S&eI|m`PKw^;stM%x$(pu{&wxEbbj%h${ zkwcG(^qUInE+ljxa=4(#p{|L#?G}|rqi-x?tec<+AwEJgV0`)`Z4E$2FvYx znJiG|#r%DO98MER5up@*;fpO=p98FH?9%9C~7)EC-g>y%|TsMo096K#2KSx=d%R~HHELM>wUX4~o7;@a1ujWZCi<(?7!o9Ru{19r9 zHNRSEUdtl)wgy&-*j>CPS?ig~hl%l&1NpdE+3}$u%aKHycInA6G`gi}tpzuM}}w?r$J> zCp?LAUng=$-h|-EePtukB6p{%&;57EU0|72%A3+OA4QG%n>VJY$!-l6wJoR>I;^d{ zz;)PADPn~VIfoxAN|qX=a}DCv6!mbu9$|VdQbL1dXwdDXc>|SH_yTi2(U8bfQE3;o zjjxT9c?+#blkbn_15uARm}@ksJ(I0uV*yP z7PYn4bf%3WeaxaZoe_4^QjBj)uRU=_k+n*Q=W71hME3A#zpCLAq|%3c-tYm^2nkA) zR=cao!~daSdlR)^YJ*C|vvr@IGlj&qHdp$p0U?2EFK$O=89K@4ud6K=68+v`KB{Fo zta;(dE)F$dB0gb0yuI1@->&?x`S}y=mdcRaSk)d)QfNKSagCGt7cWQ&a2RmNMzs>+|aPyD%3w99R>RlHbPRul`bNUQH5 zd*Dzt4rwE|QBE;CkqZ70iypY&$$QjYXt^ErbE*NONctXVudL$f)E>NFpljwl)fghR zAzu;rEk_R|z20b9tE_nieNT@>zxAQqLR7X-8_lbIR#BXi_&e3K+CEMhbI86_O;=4T zHmUElu^?CDVdvuZa@xxdLjmzQ-4 zB=-pEMQ!=DA*#sTtlH3HP%h0!XSQ1g`)#nQ_TeNaw7ySj{c@Eb*Ba&Gb*^dsI^zAf z)*1D)xYmABYte5|TO3h~w9wnn-D^>(6FLYiv+C#8!M3r7D!fYMA1(8buIkG3&#e-% zTK;np-&N)x%=7QsA^%G?NQ?ZtdgXt%CPe0BR=c|MhYjX*b@!Y?hwtHo)N}t!_MOA3 zoZJ^Q9m1gl^_>d(&ckjm_4J)o+WHz}-$|jbLkEE+JWuqU(BWyc5}!e8*Nq}p=&`A? zw1`Ep<~@~%+XEadVsC4U?8UdDwZwO4tzSaIsV?K1tnkugF&{%H&-pb-9YywVs^7{{ zgu*lajV?BwE;)@tlgHeeY%^%GMyJW`UYe|RYjTs9CVnRwpI>M`YVTB^`dnBiK=^0i zF1oJI4Tuta!%ov$^D=~W4H##SGOeIc^J;33T^npISH{v6ys^e_gQs1NZ~IFP^&8#Q zuTOV{?~7JW_8#B%ubP&oK?w2G!T7f5+NKU+g|#OPVVfHM(PT5ArPUm0qSmF)VM)#2 zCgIPN-*T==_!*HOg?wD|Lz9Q|ul-KPO@Jn%93**U%gH9unur@xbEJt)dFpiKR?*)- zUiUuneUS8r z2$j ze8!UkZS2tI7R=BoMrbnv+C*_}lIuU_qk9C+-b+g{~ON#PE|wXyvh&W{vaPSNaGDvozJ3ss3Hf_IJP;f zitfc&^K(_cd^~!wO2mr$G1mG5;(ak5`N5keaco~Xi-!-&RukJ?MycUnzU#j|7Jc$U zq2Gup=MVXl6s>pI}Cth|onUk7~irt3D^H+Xz{YNP+AppD_Wkd(&oO?KdVWMUip zZVFcW$Z>@%c{7&@am!Tf3h|PN0iUl+(Y`ZalkY}t?%=1sy|eo!pO!$=9d68$ozv8S zjUGM496Jhl_WpAX26tfO`3=Io3iS3fFTvDeWi(d5Kp;j-tzdCc=ZllkF==m;Vn*e z8phcWci*w7t#nJ8s)SH`@KXy;kCDDb`MzGWkKY$jA1u}&tW|8+tyO%)$4^?Th`?QhXxEg_yPd98)FXFcPq9`(X=ts&GmBu(Kg-;Y z!y+`3*xUM5rG73^?w(8J*8fiAj=TwBg`7)}Up!LlnNM6i=HsrTMQtUu9cK{VA2n~t zhc23x7PZ~O*9Pur5UVvGRO(l2X#OD9YI5t7y~J5t%(5RH--$1^9Nlxq zdsam2Av>@#;h7iNYnP*(q9kOChMJ|ia&K)|teX?*?Y7)&O=NU!F=kUs&hT}`gx}Zs zqU|kFujlp@*!uo$TON(uuT_p!$H<&5D4)Ki=%pQMSDGs=7I%JoWIMPly+FJ3`vG@` z!Vj49NaLvfUASF3wuO&7Z3}xlZwsO34MHpGTWYv>QSEPlwA7Z*d-K3GAN6es^k*T- zyv%$SQ|*V9w^XbPiPBKYryE5n9$qZwEY*ueoK}kEC_mSUpuOQfS0|#(Y4+Yy0#Mt z{~py}@8RRy=A)%}^y=4XyD)Fm#ur)<_SeZRY^g&0PE1 zq_ezT&r|GmkUZc&CzQr5~*5f^|XtM`vgiVfCi=O04wTKngKjgMaN&VX#U-KRo z`3N5~1j?owtuMKF?7j~6_+7&qFKrWR-_Vuz_cfiBRteEOB&z-)p0mhlVW-l*u#LV{ zS+Z0Q%2GY=RjToqbKwc1Wt7xUGL&nau3Y1F~I2Kk!X$l(Mwb~}FACp>NmUl6~%DWg%>)%0Z(Ie#67jmt&9zn0QYm3$!eCsv7-U%H# zwl3d|=1o21%tLru+?I}EH*Ya-^fky0L0AEv$cb5tNE?PQe}i0~E$ETVsj!q@vfGv@ zgm^6EyT#Z2?1yae+h+3y+ygU@#1ETs56rYQ-=6B&&z;&VYW=hv7rM&%k!HVhu&*{h z`1BMZYpq&uzxOw5ZQ9#@J2rRbd1iQ?z7AiOI_$3$z52J6B39Gk4d|fN;Zt0P&gyW{ z=FaP|3_5hI!&KZoYORHAmmzg{P1@l-ul|1g`#O+CKS8OsZ+WqU6-J|Xo9K5?*Ck!pSl!JlUT?y zbpW?FJsWzrazy@9^}a233zJWPDKx8UME;0+hrGk0dB|5)az&AkgdLyB1oH5n{4dQ` zq_n!X{y$IWPwNPoevwznxf@BE=gB4`eN12=GALe)S^}pW@p?g6X5^+ zd5`EXr(?z=^fId!&q%UiIA$_hOIg$wC!f&%p;B1$2ZJ@+aNj4axxPLEGj?Gc@~_0& z(|q*SEUWM5de>^U_3r0v(8*}s?~htGpll|+R+ssG3v1pfE&QIr!W*EKuyBdIcd@uF z9IKmad{(2`_~NmVCoP6H^g!+VXX11=UexyY8d@9mw(^HHDe9yq#VhS=4XEQJQoLIZkYX~7Dun32&FOPX2fHF$T6_RP{-1DcWP zpIXWp*+%V|lF;A!G#Gz54egAc^^y)x@c9)z>ow}|;1=z9ueT0G z&_Vz7R_NfjF#&TVtv+dVp0&kqgQ!!X)zmG@27P?$77JDxyLyGiZt1#F!MsW@HyU9! zL)hRgejB?Q!a@;dF@)K-*fx$Z=+$jYjB4BDw=qyRE3<6rD%bXfuD@&!+~D2vE^Vg1 zt*1_Qz>r=ZMa|7XJ z)SB1TRGhIHWKwE3LB{jE?e8^n(JnksW#w`WEBp_3Kxw*6#u%e4Zt3 zD$p*l52(t&CBWv_GEx!cV9wHpUki8quy@g{LxEwY6}~Hc!YnJMG+VkTxAsrm@$;o0 zSeV}m-&Ns!6_a*+vF1UGO>4u$d;M&-RLbZ6+Dw*au-2AvE9JK?skt#l&YtU3vM+01 zTy;Gk!5%7pF`hN2Q~~Fv>wh-S^KA+DiB*-8PVBRyw694Ez9z?-+V~djsm{_U{61R0`1GN>xZx`D2^?s}UBFqKb4P>`K+!KP|a5+do+CwxP>< zGk<<8Vp^-Zwyf`>sQLY7aJ|_O)?8hAqCIdKYW2Z%^<@=%*sOQR9L80!pRCQ+7R72$ z_$X;(VoXU(qcU=HykCprcdpSi1UWw#+j?8|Yb|E~LCuQ)+IHsf$Mqb{wO}D@R>iuC zs`KW6KC#8;1I*@T#oY5}({EFLdit06^B?q_^3yY|VI=|QP3Arcf7@Dho|&IMZ!#4_ zKA>3%P-16n4f;9Y((JAA=RXO`EU~tjtmgB~ln~nkx*Xm5a>?JeT3Sq&Pa6GOu0+j9 zG^v5@%9O{>D`wD7fYPm7v(hajcFxv*KX(Jlr1J;+nTEf7p^J$j-hAE?5O+R6$%_4B zyctMeekSZEEGw>i@S5nw|MqS7iDD~!R-4uimp#foiDXgMJgusuw8tZ3n{Tf2d4UZX zk1^QEEsp(Uye0ccf7JWkuZ2{{;>nrcsBf+DL(n=}mse5kN2n3*UIx2zDhH_%Tr-i^ zCwPvA*@o;Rs2?e>@y9F*GbvqIevQx1UH-LL-HH7Jw>BuDyMF%R(wf-MwoW-e)n>bJ zz-GFz&*XbysmYo(M zwHX_{sO@IHYC)kS8CB!m2Rmy%PI|wQywLRgr|kiCGgKC;gqbgVpv-2+w)$SEQeKIV zZMXC_wJ4@bhh}>9-?o}h&sk?H;g$>g&At~FcS%NDD{c-m2mNe`USNMoHUDh+$>)O2 zG)SE-(}my4=kS#~TNMA6M$_7Cc53VM@n0PBU29%_0$9iwC9XE1w=l=GTgHWtSQGzK zqwm_8>Z}3!k>k@Xers67__oLz-?e`|*FS6E83*$AAwv9D5a_nx8tmU>&QugyOVA3Lp;G;q?3@#EX3)zqner+H7~|I2Cb z_F$cqa7IY`O}gz2P*z%=U7>bS?WeIv0SAqte6Irbm9XTJ2^40V*eADYXW(}KRNEw5 z^0TG;&av3o%eH=s!=CYSyLGQQ`JQ&m#F7b$l&3U47IT2Fsf*$}QBi$DO(%mN3K$Vw z|15mSu9i&bsnTDP^PMQ-LhENOsgD1bK9=hfv!kTmI>|>ho$S>fFg~GvUG5;>TZF+b zKR`NWHw)u`fn_d;tpA{ZMF#9KITT091j-|DhlR^)dl<00f$csU7>iok6SITe2>Z5M zX7f602^2j-OFv1Sl8%%#R?KayYsbq(B*#<)6()V>xe6~TOxB` zDd{?tBPN#0kz0SQQo_#82@NGX%tcD1uR5@?toTs<*5Zxz>_(ppA6j}|c+BEZuNU`F zT0bdU!`9-mVrA4H(ssTr!gjtb!gjtb z!gjtb!glXAL90FMb$UN6OVwE^MQxQ#h(TR;<(jbinBBBvT&q>)yxfR!13cBPunODb zPdhF4uswl0ln~(stUhozu4Ory^T$TqFX=pj?Xm8_oPw9B?x)J;Sbr<8Q!U?;o%&p3 zz==G`25e`{ZY7y~fZ9+AbRFQWOv-<{jb7 zy2|HVVFfF;eN#}auGltY5)08r$Jm`TR!wP8!j`l%HX?&oN&dcb%K22YGGb!Vh>ZBd zajGRuX;;Qgl{*HQ^I{|R*DF)ixI`Ljk%F%vD8uXxwEw^P$?KBoZ*o#pM%ZB!dN0xE zGG{|$7+Te*4c`=?wM4$#NK!yDQ$F1elTKoMjZ;lg$gvCM=tfVjZ>p?EUxIVUx%LDW zS=vD5yg}`zE)y-epbDsQK*!$lhE;eT{8YUqa!lit^C>9HuJ~El6@;0VB368T)P{OO zZ(pnoo7^}?&Ut;%8(adXjr7D{K;6aY!tinGsr~%Jbkdo@1^4h^Iw3V0Pg+_tlH+f^zzgUE-jPam+)36TD zJ;@&ABT6K##KpE&ResjamO(%3zIIl*x}BA3bDx zX|{szOzH9>8+t$Yo@dqmcn(a~x2*{)P;RSMF)QlABB$~inAR|A3Jan8Ba*1t$%fwB zU|Xw%&M4`rMr7F5^el?IdppIO31Q$N%3t`4ZLKM4Mu{HjR8!X} zBIhUKof(0LOxW4r$z?nDrGM~}tZi&)GEdorbA!%rs4bZy97nq3&gy5&2(Bwg=o0jnOp|d*f-GrnX>_Bet1FY%%UjpEN~; z=y3a94HqLiaEFbppSi>ZTvG`lGmN>~T)-sf0$TkAZtp&6Sv%Y7qwN1m{6(!6eW)tgv_;ai_ulRxQC8Bbp#l&@2pTJH4B?M1xcn#A` zc0|<(^dGD_r0NpyrRYkLvp444+ZtAdr{+G|+>%0qt9-GaQJc##XJu;-?4i^8yvkNv zRW7e%@iZg?{kPyP9e(@cOKa3}7yH3V#@EE&uN2baSq*F5izo28d_OAfTZIhPzH-&x zN6AC!H$e2n!?UyIpj$%!JDd;jI~=JK`T&up`KW%k19R5Pod8?p^BR-abE}8l&!Vxn zj;~bHQ!84h^yIy))13^Dclrw?vEyP}r5P)_f$kOEsQMzY3XV3js4Wk_)6qZYrQB#Q z&RF;AC`sKV_Z4iFdcWoMoXO$VyQDtWOK%oALAUpLTEo=qGf=6Pd|148Prv%mHQ;^<9L@NX!XY;$G6>y zr%{>~HSVYG7mg)+?Zo-9<^e+q>KdNI+Lq9n$`fCk%lFGwV!vE7<}s|`@w$p_-PNxO zuEU&$4Z0blUm(|mIa7{VS|%w@$;BUymcK5v*89{o?{-v}`Mvq7`mlnsdK%$JG;~?3 ztiY=0iU@TC_UVY-za-l~nf`Vbd!$L^wrZymB62F(Dd;zaO3bQwzsBF3`x;F$j`m=8 zN#4`c84`1D;6S2e)H5|;cb0N z^Ob1f8xHIm7iFM*cbMV%(F{?<(TL$SLqyB>^hrk=#;Vc%V^oe9hn)7Xuuspi5udhO zDRY6Y^!Fhda__LJOj_ zVy@%S>sG1Pn5*c;LPAyc?0=>gTShv0a%IkQ9ke>B)9PrGBDJD1>HjZ&9kat+u%f=J z`aVX*s(P*cFlVS&yX||FIbwEq#oddj(QCCdtZ%wo+BXe!$3t^j>MLkHe6?yW_-oUE&FWcg6EbOLcKR@$|8*apXV3&y)ckYmF#|--M&X&Rlg2_{9 zuc%pFvQxQrAnr_f2->7WP1vdM6m zalxK+#~SLIkaC$xK1Ihfx7dNKKHQM|ae%213 zE~x(i9^DO=nO4tQ9`>U>q<}R{mG4o_AmW`*yxIai!xgSH$miHmLev0rhEj_8q*Eg|e`2 z>pwjgj?p0k=fK2I&p8vx8$La!B(jwg@!R=_O+Fj6^}>q!jya1shdPY!c#T$tgk$Fz zRp@7}_nY)hQ=IPk$?=9CcrPweh&2s*+X#OR2iDr?n!mF{UJs`ie0Z)4=sL3$Z<#A8 zE}owzVkr%O{g@_4uPKw)c-5IZJ%8;P!YjmkizI&`FxKImaQmH(xY9yL620;wJ15&Q9mUJaMLF??ilHNh438QfJv2IM5a)(QJBW{p z89vhCEX~0?%gS;FvA7Yyb>+A+^O!OSmp(Tq4Vlb*yZTM`H`#oHEWMQLlM< z^i}#P15BYPqw&xOSy;;zeY}~BqC3p6g8neWa{9vztMkGNY`_i z;SJvD16UTKDZjBeP279*^4$#b-Pn^-{&_Cn%_EE}GYd4x2eLm&`Li&!3Go@=Pr1z= z2+nhu;cwph1+fi?CjFXyD18u5|2!F=A3}bej?X~&MaYUHNW0+FjN0?Y@5TL_@HgX+ z3Go@Yew70FLAC8U%xFvA>3g%!5KZEhT)*Bt{YAGvLcUqYXF#^XtsmN^?l7apdgI&K z7lnG*i`k}wj9cI?g zfQKgnh$p;cKf>$B@eaG)T*x2S@j5u@H^6{5fOQ2J;hjVp6XG*)-QZ3?K%X4x9ftG{ zF7GZ5;`N6aLx#6KLb?24w@|42iZ0A(z25TST)v-MD%^b~pu6Akhc zxjc@{gZv#_KG&>?-JxA@YG%_6 z^3%BdNw?HA_Z3~3*_{UYJF$UK^hf&;Z$iBOFtfW2@^^Fmm2RQC-B)yBW-|@)Gr9aS zx71Acm5`rpke_YPf3`vX9)tWnTt3?^b&vZ>;HMkp)49CU?GNb&d6z-nWr)u*#Ag}e za}4o0hWL4g_<4r%&NIm88RYZ0e41M-&wWJ~W>#R3FW~b1+~qAW$QSZ>Phg?vlH(N_ z;)~cgiPZ)13M(?m7aQb@S(=omF-u{^2Kf?$d~{7VMD&cMHK;13%3 zuMGUZ418C!$HZjMa05Tiz)vyo`3C+$1Miv33Hxm^#Q(*>e`Vl*Fz~;Crz)a5i6G`+ zJ>h7?)BQyd=0lN^cW^$O-R{K?WcNv)=14)WwoU}2Jv;`}Ifi{yuL{$@5=@-#&ZVq;h~ zc#3r&!UOdKQ z%*!c0na59ILnL1UzX-y3s)E-JD&H&_e-_t47(W*p;-4|_tEK!ZE`K+BTki7JN6_$pU2E_l-E4{EMg8Tl z$0UE2$IoM{B`@ri$7&_-;Q6Ef$6Ad3RkB3d8%bJA~2OQ%Nq|TeK`UZ*F-yj~bd)TvS$GQd(RxG>T_ghLw>lytB8sFq88| zcz3XCe%^yQ>G>}4JC)=Hr zR2Z69R_cOg+B;3jCWH1Q}M7(w^@hi4P7*jR{3-VwwMEKAMCH4~_v_#WNw>Ht{^jwwm~n=qz7d9QAzDop7*7lV6S-ML6arDUDA7r?!y`ZQRw$FQRs)Pcs?Hyg??WXg+h9!nJUR74c`PZI_H>qJqG?L>ipkSH?!T895Z6gV~$PS_!w zDALChMfy2Jkv^X&(pM6N{4+!$|0+?)?;{HN<3u5Uo+#w8FvR7%5rw>yDCAY5kk23r z`68l_e~c*bmlK729Z|?P5QY4CqL6PV3i&|Xypa3=qL9CZDCB1mg?u?t$X64EJU!1M zdAgS-`Ta!q!+#__PZaj|#l0ximxCzmHB!=KN#{sfBx$vz%ZVaCy7wizRnonZ9+dRB zr0uZ(fMB}6f;{}jN%TY6p8vvFEb-9uE~3E8CW`X$c8v0^l;JNEMfuRAx&GXrP|nYZ zNBU->NN1z^Mml=FOL#+xB3(RD$WI~)`D~&ncR5kWJs~M?e+Z}hN84XzKLow|5f2(F zDK7{37~)~ac%o1$nJDbb+Xd)!$4sz$Z)oc1fp8I!n?FN%M)qe%wy5Up4X2 zV--;-`6f}=yMZX|c#%K~coVf7-~5$_76t3b{~8hfA6$>2#tV9-l0GLXJlz za=jZQJx&z$aGoe|_&9*{w7yR1xgP^JQTiA6Q^@BM5BW!lLjHLvznv)L_Yp;Y$B9Dz zB2mbjq#q5Cel%M8QKIytOro$4A2&gl$ap?(0*Ct{aNd)0{~(I|n~6eSEBOWT??n{( zM-WB2(L|B%cA~)5#s}_ykgue0&^0ptb;)-lyTIQB;nxUQE)iy@?{f;Y5MQ`&HoGOFZz5_3@5O_mPZ0 zOBCh5OceS0lHHImpU)uuK;p?>GJFzIv`bp!C;Q||%IgR6%ZZ0Rv}RBGd?e!!6GePG zQRL@UFTkfYc*-}1DCV8N|ZqJiMq1SgrVNZ)}r$IzvPbX32!~0|M zFXAE3=jV{;^K+Dw_s0OOp?J_wh*G@}rFtO>oIn#OaE1~E&R9v4i2^T!DAJV>MLOOe zBOULDk#4V)Z;xt+TlLg4}z`8W>waB82BA4?SYGl)XIlqlpYi9&uAQOK_+3VGh%(Y_mqhkZ^G z?S=UQQG{EmU7}y;Cux+VyuBlS2JxWtW%$EHf%A-{>m=pvelNyL;z4O&7SXSX!akQJ z8(0i|>zT{8f`8Wm2=dGZ8-U@%Nr1$~SA7h}mn17bGXVArmppGz;73Y6k?05L-z7g+(jrM0O8TgzPe}TVq-mf7U~iu93C6U1 zdHY2^1Ed_;f%M>V@H-w4%ELiT6#tcs-z(?ApaUr!l&6E=af<$c*AHkY;;Emr5nG8`%~ z+eJ@*!}}S;|3u;6ihhdpe-S)U@;4iBxgNkRCm!LCNxGgW!Z{9bPZAHiHOqKA^*g{_ z1)lKG1UcpQ0Pbj#gHjI@MR}G>`X*8IQ-6{C*F;hNNucE4 z{Js$KyuXG#zYl@@izJ6|-cKX^ZQ>DrkSK62N*s#`Jo4>D6!KA$=l6y0pq`0`JfDZa zo=b^G_$s2nT~8Fad_IEo2V^*3PenNI|3UdW1qu~F{V(zxKos)Yykrvbz?~!GgQY#3 zM3H_Z(M!_am!+L=ML$j9KT5lzK6(9uuAy+)sfH-{14IGVn<(;k5Zxzn!QUqNG)Xfg zolg|;&k_9r<(1);paam~!WH@W%=JY*JHS(Y50rE?(I;fPfv`$EDESr9Oc`HJG)B&2 z0rtO&mm%>=C0->_4G-n`zuTTcgb!Q?QPk6LqOkWZlJfo(^)N&7+#Vld93vi$?=GUh z%5_lS@OBD$-k(5@*B^MYGqv-Bl71m6Uk?OMF!?j$=@@WDuHS%m18@6E)(3dre!)|J zNc{@e2jIM3euke@_(fR{z~lY|`Z9%sZj}_S!+D2Q3h7)xw>_kD0qrR^-$By3h{%NR0qR^pWO5AwEt6}A@Xbxvg1?4GR6c zY2%R2>GT#BrK2r4ou}6A^pJZ>t|jNSyX0De`mH0K%NcfmTwO@y$@RQS8Qf63rv4+L zt9veii7c;$CU;;g$fOMzo$F4mSii^P>QbIfh*y;{ZWy_i;MMiHN{sh*lFp&^8%wS( zp|u3QY2@FET}2(a`{XLI+_SE3by0O!k9Sub-zI}RifQztp)q>sNInSip|8VEP#PYG zQZJG&w}bN1$<%x(GHwmUj@ZJ&9BlC%8aH+FP*-_*XYXwC0=glUJS zAI-(}c&l{!(Y#yJkLI3w{pcQ()(5pi!#j%rJ>Fs9#ULS-HxQ?WXGNGE&+dcu0G!&P z;n5sdj~93^o~s~V!VAKw;SDn2S-W7pkTQ^mhIgX@Z$<{z)gVK7y>M!HNd~;_FfOe} zYlnsxXTY<%P);-!!t0Gw!<%iu8wus#)*6+RBka2kc=l}Mi!j0?zt-^XH{e~o4)>#E zD0yi5l^O6><%s8ggh%(M8s0JkUd#>R`IQmxX#*a1hV$o;gx61pM{5@N@9u{x2a4Y~ z8}VK>;H{sJ`%GEC19W(QG2mqk5&eV_kJhsF{z5-7qjpRBIdE#_Z8G5H0`C^YYlmjP zZwz==;E^8_UMNltkKRiGQFnP?1)c-Ec4&A$kkjjD*Xb7yVGWO-A?xw>Uj>i$r0DS+ zIy{)%jhAJ>I|aPKnsQQ(*mMJ)Q&(Q6lp}l68j@bWz@ei35C$Duc{dp3!XZa~q8*yt zYleJdkgwK{M?zS$3$0D*^Nj`GbPY_(5&IVdUK;RX5Ki@mqPy`f81PmCk7Tq%)33>Z zw*+`IAVjjmaBBK>Lz~v?XGNp~@!Fx`*&wH{x0Arr%1gg8*YJiJ@SMO~rGZH~Vj~TB z?ZC@GIO#V6r-qkiz}pKv8oRYa(~s8j^!m*x5$jHbHwveQS7yL#z6xHk0k0BxT6u5Q z;XPx(b3i%rH|@~$qh~~V{Z;`_Yv*Gitm#*4z;gnxGr!+tz+0!&Z=4SApaE|>@Oo*= zNjYK<81UZK>36G?BYiI#@N$7Sk^tnPmG`UxZ?8_j@sQQZ8-NSF|2+>p{C6K3o)s5* z`yJNd#p&=y8t^^=*eN%f$d}kC170)mVh~RLl7JJ@yngO6;MKv|14&_dkQ^N|4S3G` zJnbzB@fzOa2E4t)QNNwwRT=Oqb$AnWcpD9P7twe+)9-Zy-eKTrJ*MOIe#(h=; zlXApn8t_)(u8HhIc++rdcuyPfCXL0u9>i;hrr#0+Ub7DGP6%swbq2gZbQY^LFeyhY z?N!p-FByuZA)NHP8>fbM#DKRRcqG1)?9K^4_Dv8)?8>2E3?F+HaHruLO7*z#+VJ z9UkrF((AYPHem~h@I$lTR0CcE@U-^ff~01@M+|uTf!EpmG$A9IW3Nawd>h3UrYn}L3oeJYa*K5-H_AUg_P6mTq5Nt zzY2*LMTv3Dj~8nmf)iz+a#TSMWuT<|coT9XH3pPq=pd@;M*Ky{r3EsEYUa8k-*xz=mTN zJU%xtBI-!sj=-_c)hS^?5f)Wh5q{XTd^vk5*Rnn~+PsYL{bla!cfOq4bN&aHtmdBC zS-CwTm+a{g=6mGj+<4@ei5%BZj_y2qHi@(=1#FxKYvKsG}jBWn8 z^7C^_&*0qW^G@XT>SMl86)-cmU&i1)N+=6mY6lHrAyfOz%6KdH?R-mOzl^u@5q2ZH z@v->9d+@W1@F2wfk{_BlE8_~qgtPE>;$!wG(IJV05?{zYnw!!`guZG&p0OGzyYspx zzL4=w-rzm3dN+IttJ@z5DO3q1iJ$U%B_7ZC9Pcf@l6Sb>5jZGubp~h}Frd!{lDtv5 zF{jT7goZPpL{68H{NZ-gJePK|_!efWBH0inB+q^%gZOtztKo;+2gima9zp8Cv6GW1 zdTw-wEoV)=SOeW-n68ra==?Zqem3wP`L}IY(R#~!*GXE6BK9WBuai;6d+(r32 zxJ;e2OEt-$G)wKXTuCj=XD8v0YRR`H&T?JO--_5lYF@vPL~~0&%d1JNU1N`IzF=1R zkGX!(l=IK}?7viL>V0I*wh!9-t#gdn60D4};LAyQR?~&|6>KKB>Fcwmc}wGeZoCm5 zi?3>3sI~+*gsLno9^X}3nbhlurNwGmnUs~$9ajOkdL_e#t3X_Rli`D_UbqT#E!mUh zO5@+@2va|4O33w%EadHBMV&<*o$MD$?ZI!$lxCB%WRD--6Y3LaSx#+Z@KxJ}X|2!d z%-k-Cei5b>)+2slEQEVxAbI49`1V8i2I@vD_d08RPx!sZL+N`fS-F1W{NTxcVS_`_ z0%eOb@z&>5`$hA%xYlP)&&14J(+aaWYQftTYMZj0abUBan6K$4adp56p)L8Su1PC7dN4a1KZuYyRHW18y7}v`dvZ z0#E4iQHS)lOi{Yz{6~&)EzpNfEVSF7nom8V-9C}izPuFHLSdWgR$kX*`vy-$>Zw~< z#FG3wk5y{Eh`bNTyq9t+Z6H%GzT~z+ru4)7WRW*{A@bII@6demL6P?|nYyaQ?Pr;< zz|TU?e^nZsm6h8y(t4z87;|`!a%@o6F{c`c_f>EGsTyBmoE?8`t1>q3%(VDb@p!BL z2q)fxADDP->#I$(;+Ij#aD;@~6F=MfaMR5AB@_~kkPv&~-?r8pWDadjI5Sa)qX6fr zGsaZY&Uhmq+8WgX$J`<0?*^QYxBltOiF3+ub4z7{GA<<^BYB`h4aN5*#Ju9^MqU~< zEQ89*@NWL!*I9TUWH!h?&o<8`P<@Ox!|i{WC~NlxbKhf z5AH#|O?+zZ4D>j$&2QmL0oHu2_N)ckmFSa}=8mhM5noLz7~JNoQE_$+?TOWs)E~OCer9Bf5Y<;h3TKsBvsve0)x2|kDan97ia}@ri4Cefs z+jA(#k{wUWvCp56ec`&XFVM?x3NZF{$+hOAhoD&vY}eQRQ9ktQA{ir4N>#P&Ig;}$?Mw5i&knLTo(sSXQyX(S8wr=VJ?bO(RceOtifZ7-iIEn5 zu{eLNeP2HHC7;}$9LZ>$9PA#+8uGP~%rkPy zafbK&`f)2TpENg)TWR^)*wQFRb1O!HR!{GZv0PXonIl$n4s!+0Rl+v@nffv;zVrki z5i9#v3mR6PYSz)hzg&gI@7=MU!eeIu}vw7LP<0wB3xHPse%UgI% z8`+l?X!a1}`+Zzn@i*44jkTYhv${Ihxr*x?8@$XtBF;L-HHJ@p1dYk3#NWO4F5JUt zHlhq<1DE9Ag;uP2*+*!1n3G^s>df;#cD;hu9(w-k`}$;N<@%%L`J?4|--WS=IJCR~ z^q~6jfm&XDhn{}1*Z5$@_%Ow*7dK-J`LkE+42I0k4x@p!$vB1_q@F%n^z>8XahK@O z_w+UH_DXuveJah%t>eVJ-0C$iw_bBz?vVGa+PvJ#=jG^+{+si1>o_as<z>OtcBF7&7@@&uM+t_S8aIR*5#2)i8__v#V%ueI? zHP5Czo9deTY|7Ue%8k~rWvTnm`ChmGoHFeXDXyIT=PdYcXwPZ;&)INVr#_YPRBC9} zQ;_KjzB}Z4Om+09oYv*w8%z94XZz1x@563%swKO{T~F2I_9o><->}M*O62o(2B(>n z!~S!AID1aZ%y}f`k;!SRteeJ4ofF>hh+XiE~r4<_3mj*tNUB zQSzHH1x*<#F68xf22rw-u)cNby(#IbWPd7wrw(SPgl3Iznw2^mdd=oK&Pt(r@e7-o znwevDXmuykq}`cvXX@0Zf&G<`DEA%c`;Aw0+&hguL!))yklZT2tL`5{H7dT4O82d= zH!AohsrW)F@h{>VE8@GUzlD91;j%f4}4!@&9j(`WqG^X@zhFHmeYA#G)io zI*;s#x|BFE_1ye9#|OTDXXVdLS00RuT5$QhyQ2pGvcP}VBX9aWeZ_wKlY)a^{Wxb( z@5lbQ=i&d_rB9PN{NS41(-Oz-3)}t8S2umJv-Yj3Uxp=59Q^U!kAA$f=Ch~%lxG?C z*XjM|On>IvAw84s-}krvu3o`v`=5T@fAoV&@4AMpxX0db-t~OpuwiR||LYg!`D$MG z>wjq-_}dlFar1XquIPC!rhcdT{>3le{w*acymZsKH@Y`fK7YE8Pe^u9;FaoMZCBdZ zl9v)LIQBezd0A9lxAnib_eg$Vz)Sc4tL&ejh8KL>BQUGt=to!n7}>`!+WFb``o9(Q z8r}ZIY7JXYjd@e~@K}k>dG)O~yX8FEeZzv1Q|IQrn)j0Pm#8mSH%}fhJL#p@T!nWY zn|R>snY-)u{@CZ6A3y*3Kz01ccNTs7XX~Rs*8h3oeH)q&Jm$Li*;)GWweBFU@O0

IPgKrASgO<-%UEkh&c2(=lBhG_Ej{UOMR^L?g2{(AEE>wjHu?a}R*pI^NvXa6e$?>{;=IWBH=!_)VE zwrAYBn7GwhLTBFh| zoRIw}{QHQDhra#j@rV~1hc5m7n7jTm>&c#Jf3Ws42gOzWR`h&-d!Hfg-xT;fv+7jS zZC}4JEPC5pwuPlJ_f8)>f6$$K?rAmM851$R`efXXGgqyBCu|0NGp?Pt{gIxP&)t1`U-YAo{%dV~{^Rd&OCIsX`YSKr^nU-}oHLug zzyIEeFTHc?QMnAK&)kr{^q|w|t*@{4c;ro7?#3g)84% z61%VTEMd3L~C#k*=IJpa45|F&aX!)yLOCM%yTDtK<#p2bf-amP=_ z!W(&D7=!-XJUP<;$G_1Oq&XO;7JS)CjEBoWJNrhHx4bXkw@7BfR!hj^!K?0|Z!~$! zTlxMrlBeI7cJ_@XZ+RQvM@jM*ahkBpnf9-o#VHQj_3Sz58%^Hn1NeK$DE&S>wCwB~ zP2Td|Fy|KKkKy`t^MK=uzR~0@AIN|2M)-A@OVBr(^ap*D$y+{%KSTADhu%7_FORo0 zeRIh>q!)iq>`C9tkiM5bd+6Jn$9n>47qRD{Z=HGLU(e+|QX(GP808`2%V8UFT(4bl zYQ{I!s63vd4_hG_dMvCUUVqRxmb~SI-TPgHJnbs>9A?(nAm5k0AfttRUym@Z=$lL4 z`2G0rHc5z{VJlv{FG#+>LB2o#eJ{y7xO{)QbRYB$CU5)!{C$rk;J~TyUx5-Q4l}#K zAb$hEw+c%HMNC zG7g*yZ{5U+!_2}A@?nhLgGGn1XP98*U-|}=H-0#OFQG?1+#r9WLH(4Dt~M z`3N@OOFqINA8C+}WDj`BM;hb@8{`M`_dJr2&|klMmHdB*L4F8Z?uAdgojr#cZ^84f z-=X|H10*5*!P9e4m>IplxBM`+QQ`}EZ1~k3X6$D2mXG4^TO<+MH>G&(b|U;}gM2jm zK;jGeXdODq4>!pFU+jGeU{%G{|9x9_vJoI4%L_pbgym%c0=T?vm#if0YE=?KG!aN* z5){vCre~&!ex@=ILO;{Qf0l`UmSWNSW-UG1rWYBAcZ7wef3^}ELO)xQ3TVSF z)KK~yWsFYm1cgQHQVj;NK}!`%KS!KnM+&WevEkBSY&caTlzy%_7n39!JvLMtj16~? zgwoGb&I(BnHaHrL4bnp>J=`JmXBeni{%4x#&lKN}kjM#Zfxpq%a7sid|Fe`;A^fo+ z&tPoI*(Un4#W@-zal%^QZ!|W=ZK8K8SB3C*8_ALWToZk+azhAxu8BU+M4u*OZDxeLg9fZ;sDBsiRU7)at(-49|c!ygkeWCJ$5cN@*D1pGOJZi&nsD|S(P2#3!kr>3o8=ST0m4;{V4tiX? z!Qf~xJO?;6XCQrg06Ygn(-8;_M<6twwa}t)^>k>@8Yk^p=cGF{PMSmGq&){XfomW% zqtJ%?()_{YtMRU-Jyln99n4Y8F$*~7s=GFt!WBg zDBIFtX?l_GC^TxhqF&cF(ntM5FBiZYb^J~Y zI6NEi+k~JS$^0F}8H0p}P)~#?EH@#-mFfQH>+ll7H}JgzpcN{I^@KZc78W5Q@etmE z`Xsy)XPpstXlKM*+i-R}-C5e1Y}R4;R-f*RaP}qPc{p2uutpJQwOKE~_e6A8L5D>M zmCjzm>+wxF;gvW;k8q13&UCY0t(`q@-Kd>0Z5@L%ZR!6Y&YB|Jg);&PzlCqZ3Gcy~ zqJ;P1n{7gUp2 zi}p(Rw04G^wHxvU-4GFZ=D2kh+8H6H9AgRd&<+Xla!ewGsGUZLg_Nm;srYt=Fa`BP zxLlJ}tPt_epu1F2+=NRYYY{HMw{3(AH5tab9(r%O0^G}RN1_k@rz_BQSW5EWe(~c0EF2ovfniwCES#h+A5OK6eP0*2X9xw0=<%6@! z^pjT1VKB4}>BWP2w9{S8p&Ewt;W0`2i7==)DIgt>3#P~*BL&l9Kn7D0L2H9=w!-&{mQu1;UUz z&;`TeaiOtjVqa)pG@L0fIx;jb8ZtC58ZI;zO*{;ZMZ=k5(UGCCXvol5G#q02qDLfg zwE;tXVAU%d&qjk`OBf6(f)3rjFlIXPprQ7eGT4deAj%vUFNXbqkyFsAz!<+D{1^y^ zt%M~FE#srs!a-0K}Q)Mt%k0 z$MldNq2!05GlU<<-}ix&MyBslAdLLVz^@26@`D%=;CCyYL(&HZ&q*da9e|MMjQs8} z%(~gzy^xlIw@kNY?iPVdVE+1HV}Kk&gWK!y3~!HCkI=1X>u$?@73f{CKVl zWp3s-9#-;$2pz)jO++?W`C*C>!tYH(`6U|oF|09tFU1Yc?_Co=p4UqsNZ<#f;)%ViDYMSU<{h_``wi*$aH#Uvz( zlX`^ZFhWC*(9$S6n^nO|;3ka=X5<@4z#I{OfG^GtLRpyT@? zjpSEpqH_*GS8Jln8G>$uiLP=8x?4{LVGe zxrgAl)#}ITpSIC&(t|90SnCN~6y20}Ms)_D>(8;=D@yO?1 z6P<4ey1$v|28M{2cS0HSk%Ufpu=Jg3qRSqFZjOm=$q;nqCc4%k=&DV0cML&ynTc-i z5Og=0=w2Iw?j94}zz}qgndp+xskvBTx`DSaFPi8IhM;@XMAte59nS$W*4zC<&^a8T zbgvCT$8&&;{OqH(bu2ykf%Z4eL{~Hf9q(W<^1FEmy5%N1?+|pWO>{}nbrs0O0irmB zxkjgxb#M;oN_0O0riqs40O1vBB97)h&}D0n;+Hfu#yrq{5Om$cw6lz$P8IRS15(BT zzku1ErroP35t3g55JtMaNGR_?l19?a$j)*aP2l_u9Lq7-`5W08nK*@m=EUc3BvHV{ z7H%!SY05C{)x#MS`44p|Y1ep%smkQ5yltv7WrKHus-$1$4O1;Cwxh}73l$};p(j`W z=E1He?{TV=yPkg6w|Pzgr=$(^WUW@x&+~qW-zu+b{V4s*$8&l{ZRb}Uc6;f?!FMc>v4=ftpwln!fK zzG`U?e{j^p8nMrknqH-qMr?0*S&UvXn!l~guDg}8Pu}r7`pGArF4#Sve8O`~9`1U} z|56+4^C{0bv>pZDFporAQhbkjwxVSzsH=TPl{m%s9ghv|L-9S}c~-y&J<9sgdP{Np z)@&Rt+R7&6Uh&m#bpQF|1g#9i1?IwyS)JYfvaD|Zl8#>u+HUOX);(H^wVaScj>xr|((@HwOMQWG9rsJ{GO_&3RCp=vC{{T{cvNSzaC ziPsD?KSFnc-jdzEZjV-06$4KgTBG8-$HUUE%21AVHFx{#Zcq4*wcR;U>9Dm~+9SR* z`r+`0A_b3d{Zt)g#uYsghSsOm;Y}XLPOZk-0FCYuWR?@}1-R_hsJ~KU@xu0@}s- z%R!xv9QidO8?;}c^kIU2O<>TK8VgBp)G}~vjubniISvh6T@010s|#zEH@CDd21Rvq`MNc&0ixqJBpkQPKv2{+H#aup9-5}6 z`i6^FAiGFZFzumnhTOn`^ycG|fyRbKwU^a4x73!0?%d$DAoW+&21-=RUwLDLo>r7- zFs;mx@zxH#)b-04nyTxYSBP63f(dI{VYoU)7F}uWhDy-RuWhJpu5PW(t8S@fw3XFs zkhuKDrVW*As#}8z(a8mwEchNqL3VW!LeE)1hz3I)cT@uOkAzT;t|vq% za3>-3TTkfl7lhDX{F)H+;XXpl>;6objJ0hYihHZzACGn#h55)NLhuv!yFvahpc@Mg ziwHq?9wC$>D|NbNLeOm@1Rc*-C*7U8{}Y7ROVF+3Um`^KUl1ZaM+lJ~z9)>=PY6C? z=#O~sCH42@=hWe8grIlnZc#2Mk4okT<*||wd~PH}dE7zh)bC+Kxcliw{0|d?ua^*X zJ{^u_{3%#_C!C0TvUJ#_!z&1pZgH<2_=vq0i0?__Q4T*LMEXVkz+dDK{@m{zm8$Q_ z0AAz+c%G3?diKA}?-D}zpHB$>7ZD=9RzjrTLx^y<5+d9#LWFym5aIR`qVYVVL+*{B z``0?;o(H&;Dk-BMH$S#Qk`H)OpcAM~8Vj-2xph)A3b0{Cs;1 z44qzZRez{=@=LXj#`>4Wu0Ko#G_EHcjKba#wlCmGL(37p5Ef{RPMTQ{UL3Eak^FLj zF!IAxSlO=gV_3QlUL#))~k!udJo=AOs!EqhLMS~$)#QGC&H!$+MG1~XyeX^lQ5KcOhP zs%gF@HM)wYGTLK8-3yGPVH5wZNV)==r)}e&#&omxtcTt`|J`Ubk zIhauYg$GBJ0mKVY9XPi2xaM8)Lo3;~&@k*x!zR9P>BJ z(cJ1Wdv40J9~gZ~ZuQs3Y^=6bS&rCJ^DlSpZ<@a&FYUl+Rhbl3@U<}omv5=gt#<8y zrpkuC7Jc$HS$k}CsrzgbyWewU!t9tBetm;gmw(2#czq)KkvN=zrU|Kt?Jv=F7j_N8aXbQ$B*rx8+820$Ou_z zJ<)t9Gg}TgCthbgUwice<3}8%JFc@TsW)`tjGnBQ-wVs)>eeyO^>tpq;=w2RzPGU^ z6Qhn)pPau@EqY3Q?6d-#igWAt#80eO-N43Abg0Ant(H2mYLhP3!hYgWrn!ADdnT@* zyU%viX}zQ%(eIqvyk}yQCCifiO`J53vzR~lc3wr_qQpZzMQWs2v5iZ&;e^~*yp}+S zs6El@+r6>CTP-gb@XC}AdWHdOvpf}o?d^#H)^6zv!M@oO4XnfRtq^QaPZY3WmYpHk z7kVOr4Y%ADf_ zTJK@MvrU%uL#li_jFm+BoD}0zPKTZLp1{5Oe6ZNkrk+}|{G4%W zbk@9rh>Xp7)_zOm+=ILO9nmheV!+e#o&NABr{6m7;iER|Ct?&2>yJ|As>LeQg=HMo zr>MDVSbwxw`E_C}_TLtMG}^W~Z`8poa%fKVThpH(|A$kisL5F0Vu+T}%A|M4#_ZVD zaWSFW<98cAruW%k%r8h84z@;))D&q{rHm zkyY0fS!!)|s~t4#?G>?BL%GqFVf44a-$`%b&-dMxYxK9mU+a0upM8UCq0!$4e>bok z&$NEa<#fe_MNGM_=(@iQvtm<>ot+8Imwdho^{c_yajFi!(FzFaEV-cJd@z(gOwfNf zKq6-!8iKM!C_P7ppy65?;|rQd#i={G0WG38*AW0V(c2r{(KyvaYd_R^Q&!0jdW-R3 ziSGX-AlITUG5KFJ4@7U!;5R=5ZWS-PaSY{f;5jm!eaR_eI(2(gC2@tnHn3w5|f$KR>D zS!ev-@H5F$fseZe&1X=M8a#vAn*TrSYNDEbrZq!Z4PfjCV#x=*GGe%6qQt98I-wVtLPxw7~@A zJ#Al|KVL~J_l{D>tJb>A(w%vB)z!m2cJsZ;jCtOOP9?p-`^2#=*UUcX^~WS61oj2> zL{toHY39v45l3y29G|n)$v#`yTvhJW^6Z&V7O_27jMUi0H1Lqv5hTX!&7-jk2&4Aq zAAfj@&7M6PH&m6S9M_7#}QHKd-Z}%pY{kC_qzH6s)U&Qu&)p2Y~ zb8xrXPrQeFBg>xcJ>0o`_;APor@$t`Cc>t{+F(zI9S2(o3)u$wFB7{8WhuBsDNOBA zW}GGRpYKJ^Qw+PCB1S&eRp@*b`M-4N-0%LB+>g<7G-}9Fi1sFy9qvsm>x0!w;pB4v zJCS?kz>)9PO=AAXz{>pF@odcdmtD4yvY%-6cw_nA9@HH8l|6@spllIJA7-Lw?-ewZ zEsTb;1cp7)Z}5k*!0848_7yoMceTlVnaRD=oc;3Y!HE~@Uoj1b{g z>h3iyeMIYhL14(&f&9Qd*3=z6;lWa)?{Uwg$2`~Et|}k2dA@Z_X?g5eccb#bwVr-)qtr%E%=U_b zE5&}}ih*I5YWq{ek8NE~`N1hR0Z$i4&``A&-god8cKASbB^F@EmLhRz7Xzkx&eHPE{itSirlP0Oe?EIxa zIrAC+)U2q~XAnO8s6Eks)D_bCr3fMKwdd#Kl;e#e1lD=cLL z%0{QbvR-dMy(TV8x`#FUj%O@t7CVNOdU^{VZ84?DJX1M5|*<@40VqF%LfW4(5HqC~xFm>2YVRX*76 z`Gu%i2Wr+PYS!)B>4{E#!5@>0z3{opH=c+8FHl=EaPj2@apyuB^civ3vd|^~gRP;k)zCZ@h`Ot6Kf;QF}~u zT|RbyJe4;bw~%@YEN5JoSLmPQvcHu%rd?r}%6;jeu-MY8D)o2AlJlEaUhmz6y4BvL z!~Ue*!RMIWeaJ)hhxW&1+P~~FFvpvqv5Rr%K{;TEktpa(890T75&O!W8W==N{aEx@D-1R2+Hk11Sllw7~`+1Z5b(8xY zxS1a6Hz-qE0%fI**`wel>V8P<$-O?5R#!7tgLQWwUA1}{OUC|>#)7Kb^$O2#1uEw zw`$^e!ODPJ6RCkPWhuY8Rc@OO;RbwVb#wJvkpeABvA3FP$j0X4hDFs47uTLMCo2Pc zWl?^Vr7zN9s}462LMFe15RKy%!X!ocJ0WE57!*GBiem_|$95uNGW3pw;8&(Y?qQ<) zY8`&2_z+JY<3l`RZ!wg}ndF0Xh`rT-VsACl$8#K*&P#N7nGVI?YT&sChUwf%i1ggA z!@WA>w+O^r(cYMkFEW=nzR8(q6aflj4eEMPF|m@>dVG!j112EH*f#^%^kVYuw<*QR5PkAnt(&)k-`?0N8&Qmi5 zR+HnDv^hP{eq!dKQGGOalX^ph=J&8J18-K{2Uq;{#t)VBGjM158{ucZj!<55m){dw z(?<3@b#y|U?ci&WTCM4Eho1At-20qA`B9ClLrr^Xcxh^ta%4E9eXeyTmUGrHOw5ur zOsww1`2ZaHuxnU{)b1qdxu^R)W{g7VTmbQ|E zqkW%5&lhEVF3S2`@35WJNau@MwWj^N$I>|=on@Vzp`^d){bY~*Sme5x&bcCOY5JVt zsh*h5Lu1pxpKW16+Gdp@CS_XFzjtWZ&X^tfYL3nix94>}=XYjCO|)RASV1c4?)K;W zQyEp1I9IYkdkMVO!k*Qkl#w=@nDpnMNbNvTAm}6ZrSB>q=fRsO5uP?XnKH#ISM5TNL`FakCbHVQTlHX4>~ zHUTgTHXC*(>@3*XuraX1VA=Pu{l>zg4bR_%@AK2J6Lh7QyNu9JPcHN-=_se^RbH0n z3U5xSwQgr#ZV%UFywKEOT_zm5oYRNT(OGzG}l4;ai*0(?_NFY?gfa^>^B=9?-?xGUnlXbNXn#fDJR?nLP&{o$%MKAN<&_ zG-XzWA5qfxd6P?%Rjc?me^lUUMCnJpBTE0$t4w>ohqUSH3)nIBr{07BMSSVIz44{* zz`orZRch&&qpx`7>Z!1F9_$S-{Q&b*_RW01xpu{OpZziWW|mbt>=ZtK$@hiCV-OD- zyO<{?NdZDgCP81$TSMu!Z>&85dMT-CVK{FMrH>H&n*zcRrM#fwJT;VFo3};;_(uha z@x;5ujK+ppGNuwj{^2)@oad$)2*~?PlbiD*Y3ScB9e{KjiMtwQMMg>o zQX5!P;WCkySUK-C&2#moB+QXCvdY!h3hONq&c$M~L`Z84tdXy;+AM{lJU(0l&x`+1OUivtzy9wMrktGtelG z^A~HGY!F{~ru?5YPi7mDM$SX00%4rj?nn3M1`bQEqGu)@d(bji2A91rzsC;h9yMBc zi*{|~_c8dL13dXLtmIdZXCuF4OiJ0GNh8x&3xtv15=^+;fFnPqOY*w`&qjW4V*bni zPa4VZS|E)4-UdG>aOB6HU-C2WL5jdUxdi^wkTvatu*UiMBG6?^BAtd#(i*a-Yz3VU zNbXaBYDvV)zL{w=&d=8ak`R7Jg-?ZGjg(BuAGd) z&-Tj5a-H-#BG0#n3G6}QH@J}da+S$>Udnq>byKnXCPvNbQPR%zTI($HcIIXDDATbU zY1({m80Igty~@!$ERf-_|7doz{b;4wL7XzK?y1-O5iL{dMg?{#{WAOqdE;IU>vZcg z4!ip9z8O_vSYKQ$X3pGK zsW*C~uoEe&>|EHHu(M#l>@pkmT0x_I+u0pJ$hS#D zP-Zh4eh0+%$+r3~EM=q#1_HKom&sjfa#Kdp8g5V%Uxy7W3DgP4rdpyN(ss@0EWYEjoU)KrRZjIHb-KYt%#I_~L<_Z0t0{RGQg8d+23 ze&Qum4*LjmKfykM^(Om?GCU8~Pb>!B*iYOE_sR4VKLcGi?1}mbuJxS(I%$|D8goD4 zg-4C%C4ME{j7-4)%%LZ6!j2a;PuuaSJ}wM+UiYXO#QTX(`EqigKF9Lu$xheouLb`^%lW zHXnPd(%$wSf~Ncru#ze~@DzsCjxeltgke9Fa=-x@>`vG)SSzdz)(#8#GavidsCS%v zK2DQW(k{dv6=lj2Q3hJRmqQ;JACh8C|BswyPROe0TbzvZPpuJ0KgnV4i&RJdR`jQ?Z?_Lb&4`# zYJcnfWpCJmeppHASnzhQW5I7>DW5W*%rEoJGGLy+>|;UbUT$sgH*&2T*~4f~js>Cg z+TQOYlKePXl|4|<825ftC&;lQBj_#kb*jnD`K>e@TPRCPL-!4^>=y=Lsm}|JJ)t{I z#JFSHX%c#rol$~?uFCvL7nc1SRt>uBuW0fy{B-`3?_hBvnYiH?aug=TMLJwbh=RS0 z5SiMd<8RfW&~t(Q+q(OQgy<}%>+T#KvaHBw4I%hkq2ndLcHJ%cJxMn^-7hrO4pyik zN}oZC;fs&T|5@@o+p{$Ctuc?wTi_w;9E7Byv#3PW8I+p{#1-y$G5wz_qX zpBeZutmMacg#27O-BA0qxi{K4&VQDD+Ac&uF^$tX#>;onJRdj$=Jx_G4bwzp9_N!V z=H8-tiC;-K12=$urg1)J)=BGER++|maV88-;9>%1|M8Pg{{G4F#*oB+=_88qA7XC# zf4^?MM6Hh-_3;O%8T0pfn16lEk-j}W-x`-a@O_W<>s_aP@4e;Su}3T3_^iC{nsMQw ztq*TN46P;^9&MrFx((y|EE#iNIk9Av=wD>VgCFT zm5YkY3s>OY!%}Ui{gTgZ$07egV^^GTuz%7_@QH59GfvGz{|!@8^(X3DEP)Y)Se{WF@TS^LjFea!fpSf|sZu+!xDvdXaw{YG zLSyw{yyXYoLnP}TFi`&|&7WC>(#Y0e9;dzVARWgu($Lb)@t1Y2sgkrgEZd1RlHa93 zkWP-jTz?sCo=y1-UQIImN;tBm1CTsujB(Pfq zM>|qhom3(WL>XzX?A`O@)k(AbzuqD9_<8b0mWlD7Z2EsupA0Bl@6GRb9=PhyZLY4^ z2X9F>M0Zk;2}K*m-+TE-Ew8^kY4slx;%nCb>ZMP%rH{r6+GjJe%`lW_kf4L%1|j=D zjp|0~X*vF~JVM9cMPH4-q9;Yc=;mKJ{x)ZP>iFB7G06Daobk^ae}lX~ZTv;Dz8Zi3 zi^tzN`g~R!g-^J@;2$*qUHkjN=f9tKtdj5h=Y?`U^LfL|aDUlz&t;cBi1uH z_f6x76_j}-?TO&|_kaJ1*xIY(9$MG*_InrKUw?1f$F9RWeC1hRE4=qaVU7OZs$RSF zjnbd|_S~nty8klzcYpcC-+r!_3;QY_8VBX z7mDSE@fVt;ujaqTnJ|jyUpN0n>978j@mF}8$6tZ`Cyl=$yoVfrwPbxY{{Hulzgd}| z=}g&-f6(}A?8^iFxBkHQ_GFE5-fMjRtmF9JPnM?U&xt<$2L})Q^7~x{mCG`7kA3Gc zd(5>_j=d+F7Sf$L<^1ytC%-lPEZ>ty?i(4Jv(LhZv?=4xPxyr=GkapfGs|B6k*#E3 z+wjb54(wh1bWH5`KMSwytCeeaY<#_7)%@`DcCX8S`JKZP%l?-7m&do(%zpZ_@G;hz zXOMt{;RYf5KaDzq)YEeOg^J2F{(d$8{dbPPpEm!+KzIE7S0Mj+Vkw()~=52gKl+8ZBtTEnBS|M|9+yO)0VsW(5m`l26h7&Ooz$R}Tm|J!Ze z`MX9hx%S&ddq@4h2O|<%f((lKYWzj9un=H5{$fcdWc-~u z>#O{#jSpxZ3^KZNF^k)BTV2cFcYF;LI1!8!`bVkAHNSsn zzkhz-)Zcv2Givp50fs;vTX)yuPfo<8#KxT{L~dvEQ$X3XDzoA$o!Ycf8O{T zw(lYTLHcLoSj1=ZJdrq~8LAWK_$&QL|9ScRY0CSr{^6x- zr`**u{l;77EPLU+>xWm~7LjC2%-#6+hF#;5M^E$rZnfjq?Qi#<_1gz#WIQJ0G{ct3 z&;RU_(eJ;1#RFYMj}9Ai&f#gZ2R4@1ylBje@!1^S=>C4xWz9JkE}6S#^3nqrd|+Lg zGiAx9Be{P$cYEgpH?5pEuA%jRoF9&VanG%@9XI`O;!m!B*cjIMydt)*?W%G4SKPJn z>Ty5cQx(4+MOl89yQAt*7(e!M;ecO zFu=iZ2JbJ$qX&gR%dwZ=Lm0;2teotx#@~P2_>0p2wDDJXo9Dj*`A-^uLwFB4{%Xnk zYW)2#9)D*J{+%&KWt=^Ly;=Ch1R1}xvhk(TKWhEgI0k*LXMHd*&VRoMALZ=I)vrw` z{L|6wsb_9I+%hx#z@B+ecP|=wWyjU;FPt-a*>56`-g^5Dd!PJp#A7?Y*8Hpc{^-8; ziQOqX+b8TCdu#Q+v$ieNN0-P|Ik%7he&bW$o4@OZCx86-Jny$6|59Z6*)^;0oN-|D z_17)@>xmL+800Q``uERdTz&ONoq3mB`=iH-vVQ&GC-iUyZ;2w(%FG|7qi|@HUUX z0{KrGe?xc=IsR(N`fB|BuN{B!nOxv(HR_=Q>%T*czcVvu>+|Ik-|_gac922foR9Ii z;a07#U*l|TbXM0~x~{&t*12{aE~UpuR=&r_mR{c#c3Q_r_9n-j9Uob%Y_}%{P99z~ z+@U%iidU0VtGM6ht@o^%-TT5*6erK@P$s6RIFI6DOKQA0hr+Hp_gN;|a2q6jwVQ36 zYIv9LX?qbd49&ABiC=cHNv;;R~~ER+SE?nq8W6AVM9cx-Io8Qse3P$X3O) zwF{okJ-BgPb%-01&Qrrv+-kbOho`u3TJ<9F++}z7T_5lE*()a&y9X3kMc?&fd;DE4 zONV9WtKlELKCbjfevk61f3MTpZr#}f%&Y#bu3y=o{ZN^c`dV3E*etbgt2(?y^`)q< zAe^nk*7*jgp7DFctxa=r^OJTqNi5Fl$ivM(noAKk_Q=#J+YkHW+nDQPy&}I|*2?KA z+8N!$)Z5idltkb7xTFJ?Ny;R9|DvR8yDU>t3YHvTCa5W;mNx6{RTk?*D1$DP!ETg+ zhup%{Hl5=ZxS)lHvJ%H|6K|Ma_*VF7a9N zQ5H^HyKUzy$P-G!m7_8bklgipLb{{t;`iF?7UgZ}v&F>pS*=Uli{19B3;g!d z=qhop)Z?4GoT-+FDh8UGv=qeevj|?cE>Qg~x(+QWZi`yc*U@D4b}Ay&lqU~N$ZYhv z^KJbr6VLZgbm_b%FZGs=4@*}bUwjCsFvnWe>k2AxRP-XheO_~6eqT(?M?F9LFgz7D zudL5z8;+cftx53N;@)@^^wvyoyx-alI-B*VC8oM?%At6FjPAC=4Jrf12Fz%K+YWbv z!R>%M@=#dj?Rn&~^}wd{$$9I6;rZu`?~Y^MEIe5&b&UEf+x3)O@8a>c^rpwpJ~R=x zpx&(7)mWxJ_I$tnYfF%Wy@i|m9Jc(v*w|w|KSwTL3l<<3smR6nnr-24Jc@AkQ@pVk zI4)S{zG&>DdHJ9pe(2f@ZiPEN|65}p&U@q0=tJrSGiO|at> zZM4V5Nk8e|B2Io^gcHfNlh9MqPBL)fy*TxHKHAFx1#M%}ca@~3#}j?Fm?Tx4yd4vT z6CA_TnEpE~+Iulk+?4k8yG?F};X8jr*CsXbo)LH7r0!5{4~3`ZsBNlEv|Q&N^db7q zR5-)Yfz+Hjzr@l1OUEnzy)H+GL!|i?|99OQajvDN%a4SHMtAu>RJHk5;qAb9-X;gsk@=;;^5z0&b*NbwU>t`fK%oZwX|s*Y=T1^ICQz}9d^;jjKI0$F{S8f zT*!HfrGJ~nK2ZxZ1!Z3;-cp-*vt%i;4sh7ycGmNju5dNxuB~c?FFeZnP#Wrbyo$Ta zcC%#c=r^3IU7T2+siNlyLky>d^)DTnr7jeFC#&{U>!~QE#S>8nmQ*d2cV8NAPs`J3 zaL-@rLRCw7bm^;xo+P5=S-;1bq1q>EXCi5RiHs5NhMvwZ`B9y6y8)8W*mwp}D1D@$|89VuUwsFS4X2!h((}}lpy3(j zq5d&JPdwRh`faE`4)QS=8%|UT_16RwNn*pvDxv;7X(ecEI87zgKSAW@`~V5R_6`~w zPQ(qR4?PXghTC~V{YMCXm4OK^4ze~Fn=;BoKT6Q=4$$DBY=f~WJUuXIY|0q%4LjLi z1)GTaH-=zt(}U#VoS9scd#TB7T>NJE%_jfbOz!P)GyVbCM5O-Px|^HZ6VYA>>5rqf z;f_{b)!k0vjuGd6(|?L^$0~mYr27ZL9jC;?K{wA|N<de46@IOaa4xF7SYSmM6Hcd8n;X{#Db@Oh`j$G$b!o#I^3@K|%3aym+^RI! zUc97sZBq-AqMr|6P=A@h#na-M%*KXQ^{w@d4b^LK0LHrJ+QpYwH!ZDiXwAwL-fL>B zn{(H!LCkdGD2oNP>syyxj%$y_Wp2O~w~#z1x4F4`L*b?Cs@E)ObdffMpBYj=ExdiAvM&?wzck4Fx36Y=}am=Q|vQO0OftA)D+2tvK{+Jt4Y5asC&= ztMo^Bo=-uzpAg}HqC+ns`21Ff?*fv~8FV9j6(Pc{(IMXlhQFH-;l2w<`dGR_KT^kw z@U!*!bF{O_$Aixp`Xf9@mGQs}Hyqq369sy<`zYX>2tmJv5c%eNMt^a>8T>{1;m`Mp zc)kP-7efeqHX-6UOUH{l=aAm9q(^*b5rR&X3;3_p-3>atnGoUmUNWDb?QE6CRjB#t zsAlc;n%>e19ZR+nJo+r)6^b*w0wJ`9s}r=F<{17{UWt&v`G%Jx5c;@RB;YgXixTiP zzb?j@hIny~BN^(oFcOBoAVc`@Rrx=x17fp6^AvYl0EqKlM)5&6lz!-6tV6C_(v-no zC7!e&($N&cM#8#bY3`5Fo_WR&B_q;Bz+M1LzLMWdcpiY2M)Ers2qV9@4g4rMNq+0_ zY~;5e4!*C_NPd?BVdOUn2h_NLWBQ1f{BFRrkst4raRMie zw6=s=Ezawq@$3Axn3r#Ly=7O9KIyrzn6%aoYv-H5pI>@jfRC_$C+wDSww&N1I!rH@j{sJ7I^}ikes{c)=qusGH zao@@#iy|zue-Zw-*P#)JSlt84_{iHMcl;cbzh=1j=-Z=r{8$TDg>Y3-cYYF1O^xIA z2;699n^EC)%qaI-q1Uoaar8v^Y!Oc$wZ%moaOZLE9n&78$Lev@J*<70&}U*MeuVDW z_E?cdxV!0&YmeLcOA(uAH{J2=@gn?aF?VM^6511_M%4L={f5^Qg}#8a;qBp)SEY0I z*Ly8a&Ci|pNH0%3F7At%1-kf%+avTGd8)4KRdgzS{vR=Ap^`jhq346i)rxIOvB#QL z?XgZT?tUii-fnAVG3qmaNAXjE`efbRS-LGyN374cfO`e{+S^LrL@h1c$a-eoQU8)q zccak9Ku@G=Y~PN5#s4O?D|b0?zn~3w*T-&h;BF8Ho*vzJwP+2aJ4OrYua{n-$JFH- z(=kT0rVTX;-r!0n;?)Q(d{Xtq|Trikmbj?+4Sg;dWi%?QMGddKO4 z+pN;5#f*XPR$51zD7k5+rw8aJcT5)V+qBY&0lFz2Q$);@OUDK1(mT>c?57qdmmc;% z*gdJ@)S^?7i~BvWM-T(vtuE)(_NlTZidH?XeVT0bO-c$WrngU*6begxM*9rmhMpg- zI{!6GM*0zdicU!H+-SO7R-M(Sf-AYV#w`F{8cf$DM?u@b9yW?Y1x?SC+Y@X|4s$vNJV@mAjihcX2>7e+pLz;blFHS({HV+#|=EwepSa`P}Z zS?yVRZk%m&XSZhycX7e9{@3E4^&hNcsG03EWvLvYdsh1_L3O@(*U#%EE~7m|(3~T1 zmA%?K;`Z(GSe#2lOP}2_Thz#+(#k;1<#gnTmaw3-RIjc2W(VkEI%4!zHX{(}1)C7Q}wf3%W@n-->f9`YEkOMv2r? zpUbgiTA!@HjvtgjtJ2oC5l>AoU2fR;SR?%)S`0sz=e-QL;v2b#O8Ll z#cb_vLK}e&)RO^Nl)TWLi1wB+soHaC{B|XI%tB9wHN}&XT-{w2k2Z(rgqZ4dk(z{# z1W_iFi%-{cu-BQ`o~XBht**mdxpG}|?6gNF2>Rh2!$nHR7oQTyaZ-DdD48+EBLgKf zqGN<8nUTc_0lJaxBSpz17RLnWMs;Cz;!cdew7Yr|-W|ZUv0K0Fx?k!7g2s+jSLhc4a*~t^H45s2L+KrYeoa7d)BJ;X zn`!>91=wi*@d1^w=HG2_2h&3N4ML#7@cv6D+)N(tqTu%H--D*EhaE$G{_V1dtmPRg!r6-5K?^}qCYRa&-L?)n2pk{2O!Iqzz>64uHv#1V4cn7^ZOta_HA51U(Q`*Y^pC_U0tpYcrK$4WqyXM zuRy4(+6D9bJfp6)`~p4^?GYl(s*)EF%Y_wreM(N44Y_khwnqw|3rm>4bKtY3i1?`X zD1j$-Q3Wy4?a=~r*k8AC38|fB6@`5f5%lBChH09fkGw5Y%Na@?aF1lFILl$GikO$G zv&-}PJZ|DS`g0BjtTIFMHvlmA1+dJnn=x9q{g029vpF*nzBAcK`6J|H>onI z+&vHeLO@&aSr+D{J(WT~{t(%d}?~_~Hu+29!yxbxXTN3(;CGEx*x%9J#G`SVd@-&^YkkOy0{bDN}u(FwQJEN25%I{8X(fBZh0^{8D~;{fp5~X z*fP?q1MwpnZ(>KHkgyZ-*~Y?)5Puch7&%c&)cMDczz!`Tn>v*?k24~q9a+(4JWl6i zj}vVvC2cbIZ+rv&TS_bXx49*KTS`j$Hjk<3+fsaISqbW?qHi;6qRMio-+-i-2cvc{50XT8%JpiA9#ZMj=;w9PH?6_u3ux}(Oj_Nr`m+5{EKJqG2z zySOhV`ik;WUwkQj?RVORFMPTt-Bs3iE!tjuNi*xR%5kSd`t4r3pv*VvypjQB3|ez# z*tRgy52GdTF6+C#RDra=rZ!{Dy5CCj1KeHW&ODDJ$x;N3o<1``>Kqw3qm7QKX997AvTV z&?^^V^qEmEXa_vWC=n&DEpB@^Y6hj{nana$;@dFi&@t#4m#1PZ*~FeuNoY$DKBMzv z(GwS`V|?Q6i923KxZ&8*v?-5mGOsVznpBkMi_ep7jCvWqEwRP$cd|F3 zmLRDkNz5V9uH6xwPr2O#F44zvR>F3PxtcPHecWww??_Brw;R@lel1sNYucMpc0(6h z5U=&!{yaiVUogFBYB}FA`DRmJ#94Qn#of0FJ#c&hQeTx?UNF#IfZT~$IdvN2*>}5* zd;M;)jOAR%g`SRWDR*Q^?m&00+^NI&jdRI(G2dcO#as^KToHZZIfcw2dnxh`XYMN9 zzH1+C5hJ@NG3l-mcVAGJ=bN-#@7xYKm;Yuk&rm*n={AX=2{=}FxosM*U)J?ER8-OtT_P1}QK$L?3^ z<+kMAe88&!0MW6AB?oSW-w&&?fBGMG<}uCgXi?@TY*cN_)BShl2Vd&4_Z z2jReRmUYPznbdj8ARO2iGLBWfr+3;>lgumgoRAvK@wL5isrHUov^C3>%AK|jU+*N) zh6iZh?Tt_6orv1L?9tqd8ev_?cC09Ki?LgvSh45jDoJ_8Zu|6Nd&E&C95xKr0sCdw z%Y^Pa)9wM}nyhBz%vf_#FB3}dfGz~$mHw>EQe zO*OPy*qyb8+sLZ1odlc13bBu>rj_@A*I!Xv+@Np0q9?awiM?1%o(K6FKUTkkaDt|H zhyuJ7euVcELiq>TM2T|hdwu{JE(%)&+X>-j`4H|Wgfg%hdfi1Ssid%*-16UZ^3y%fhwpCw>2Noi=m?_Aqew zb^PNyApf*scCbDEzAib#pgeF#X?qc*1{Y^iQXA4%dP@oBQ7+1qoMDg-YhcROlI{=P zPKK5EqnGucPch7`sQ!M)?;76#tlM?Af@grO4kMW%k??(Zwm0I z288lXli+`e;4fF`jQo=X|AdXzLb{U@@ru$50(qhigq&8Co}4DN9l|FN=wfU&{5tZzxkze19_!9OS)O0YKv!yQQurTt99dN+3zkl%E}dN=nGFeOt;lLPCFV>`wQ zey5cV53Dne>li2aO=KRFQK=(ShEKG0jG#1_qI4uqOiCS{k}RZtC2eVs1MBsBUE@2( z3*HuRX>(83*1O}a3%e&YPwxI-%jE6}v6H*cRwlbK?^G7XYRh+Q3fb|JVo%t}Vz<&zj2ALR+2l-d!+JJNN@07O&@n-zEul0qkOyanQ{*+a zbeNupy)N!mU|!KioROu8SR;-&kgQJZihnx1h`(XtS2^ImxB6Zox4u-p&<5EQ*J&%3 z{{k5`bS+R@JFE+IfOfG~xZmLB+G4yM)B?S~)}c`*H5#t{Ie}mwmxeHu>1G%R*pC`z zt`)0Vs#jn;c>P5ijN(^e4e-kZnj({V=tqB#^hKec{!DU9bM2ad*kO#}3riB(K0D@F zmWFYhVU}farr?=$vN+9j^rJahS;7TcbG$5fY2?^SnZr1?Di|L)Hq(+uj;)1wCO`6} zIUl?R8(SB^4_-}z2tVJ3!xD(!L40BY;c`hHViq+XUV43Yh&!P+q{LrHM}S z*cyR+TsR2bjG41O)7YAoDUKk)s@;j#;?gLL7}nzOWeWEPR_su3?^;#*mcOp6!ymi* z*H?D<<2}RF>SDVpwRG&2F61}CuCIxmP8>n0V>(aZmI)kJ57^5u6S#!}C&$c+z8m8g z3cR~7+QoIAVt#iVPySM01@4g6+FLry6=wbcK=Z& z?v$Qs(6dCyht0q&|Ko5=$!ah+lQ9)b9$6ie9dT$uEL(9iD7m1W3By56I+%P z;EQ4pzP@$%CPY^BEgdtj&XP5+>YyKs&S%}7cjl|9b%(;wdc8Be;C1U!Picj3nl1Y1 zC-btJmiW_Mn4qQL3rO)rsrz#F|E8GSh|yJx{r0%rzV1tR z73TZxV~_QKPae|c`dS3z-iOkOIj~5LI%=^h(+>2csW17JDx1)-#T9ALm1;RNt4XHt ze|ytY|J;lC<1O1GkA9MM$bHbgG4Hv9mNO;A4|^@V#rr_E{vG*N^_DKXngA`|PSw^v z`W}{f7<8Zet+pNUf$vx=hue=Hv}$@XW%@E`{FZoMd+&RsC;cY8-($V|qeR!;A0>6$J96=LsSC8a`#6gx*Z)k_~vwMx2>J2vF)^HKADU#eWi&}ZIJ?(rOs6&ABuWV zOYQbO(fvQQ+@NS*jk?rfqJ$7v`Br+AG13hU(;GrNNe9Ua%Vcf zconY2YSd2Uj$B<=I%<0fS~jVYx990k(c=5tZ$ihG0lCCQ*@Wgxe)sfPEtmSQU4fcI z*(C=QF=7M>D1U^~hY5OTfL@NsS{Uv{3Z;(_^q;2V3dY7UDq5Kc1ld1{AIdjb1_F*{ z1tz!oyUL49{+yRf!|+$YlK&*ZKTNq!dIHk_Td?$R6aEp(K0Hf9|KCdoAl;E9)(zdK znA}rM?p%|5smZ+096T2OrvKb_P*H!NRx>72O(-1>MRP%=Bo&YYwwp8%Gm92k57XB2((f7a0HJ+kC;h_ ziNk$_P@FwMh!^P@LVU>h3Lz#6;v2*9_*Rj8@#3cGaFz~L9WK$~N)q9*mG0;>()QrcqiZ47n_;=|UT_`pbU&x$zo`Dx5^gEuiL zNCRHV=cMC2p%m80?|nGfM@b|3%?H9b*RaFE@Z`tdSn{jJvymU?nC#P}k^C+I!pJWM zj;+9vANfjtSK^t$nQxli@EC0FvITyKs!0&xrw?=|Gk0-fuHm$5cg3U0ig*c`HsjpI z4ZSMAvyw(Wn&&RuZ+M3!0+e)t<%sExD=(RG;(dgfGqX>6A0c(VFafxonAg4Ds*++HNiPifza^f3Y`3Y!7XrS2%P-t<_v+G zEpYN2lN^By$Ei-%^h~b<(idaV&JCF+D5=rpH(1k4CkOOKQlmMgbW%WX#Mzj>a_&4; z*BgyjwX>GAe5VKr(f2fS>V9klxCb?!J#`7fEp?gC;QK6o5yZLM3in^bBVUgcsgd)r zIFW7}&b30C6>|J>Z}fr}xt_{>8YvN5J-Nvlp6ZCL%0fWy<*$oh7$4zN;$XX7)TjBB zrpLYSy^?7>O@}9HZRvuPooee}l&BmnvRV4Kgee`C{^x9%ca0o|^KX=6doQ)AZ7#;z zv@b

vrKuJ5MWOpS`Q;X=_pNm+`t_F;mLFwhOJL#nRD+R#TRW@6GJva2}6kl03`H z-oHFa#;tTX`nNF`Wx?TI=YN5&E?T^<^2aXLLV|rHd%mEdEF4N7Cg|$|B*)9bq4W`g z{^kHZd)J`hdauz?7G|Huev9jhl!Yl9OT)f#mUIBpU1oBxGP%EQa(BQ@{!Orn$lt>z zf1Yt54f*%MlD-X=>%k5>bVGm2CDPEX1Ug$D@`0m1wBeuPSLM2urM2RGijx<{20g?B z-!2UPtpMaad1^@T=nFjsDwd1$>uPIOBN=P-bQ~v|1ccC&5LmUq1$70`s$$i-4xdb{ z!ucT0wV_gJKnM-+4n3{|MK%eR-&D*cgbZ1v!zDUgslz56{z8XNls#q5OhO2joO4A% zwiD+|K-Ls|k`?Wo3BUq|1AY-9WKY2t_%(C`ZX%>`HN9oS+W$}9m%v9=WP9JO*KC~y z2q8izVF?LKCt(X~C!KUwNZ1r`ArT@VTUgv3Z59QU(WDzONrNJeyQ4vI24#H4b<}Z5 z1QbUZaKFCV({ZHLnH=QOr`22pq_kF&Co9a4s?zwgA)^h69sdF|~W2+gq zBh+{~|3ybRgfV1dLKt)Dh7BP*%4dD(9xhPLI_nFBBlKC9Kbc$ne@m83{h9|p+Kd7q zlpkA)VWkqVNL++N7mXa@{9*vKs7>&|>4o!)2S5*>_bh&qzB?6%k78Al+Rwx3Ee9a9 zd~f20bik;5R4!gV(gh)U4qOxhpw}0_xC?oq{NiLJ&V^sB1zrmtK-&~HT=ZOu!}&!A z_{uCQh!*(IaDK51@9_XfLd@~Tj?c}7;93v=>D)<9_PO(m3)CUM7rz*U4Zb0=#$gOF zb$VP0ZgEPSHctz~ox!v!>GTn4X}-aIH{)y)0w$$@t2o2fI&%5To%YCw24=cbzEQqj zxLo`u^2=-&q?(xx`DfY;r?(k0m#2NBbd9PCK1Wj7(SI}Ew%vVCb6e0HZ}3^auw_7o zC?5+dY3lQ5$MUkoj|9&VFMN6JrnpSu%d0k7-R3WBNm-32f=(Z<`^3{*O!b24^kzvq zy~SwsMhr1`mP-~;{4(*|#2DXY(0a3cQD@D;eRWCG-O=75ZiAoX!wWV=`-P#2U({tJ zSDDXv*QxTu7=JQkyyo~E_dwh=nQ_RnTS#{XCT}wOC0`bFCCz6(+93E6@eK2sgBu2Z zVYAA2Wrbi4+jQ*I3l8wzjKkqvoOHT!5ZOgM)EOUB5wOcPaN#kVz>R+yxv8;Rax`|! z_Qq~wi^*s9Hg+43Hrw9{j%u+z+}LeuvG^LhmCCn*<65k$T$GjRUmnOSZF_=49g+2W zf_9s!9{UVuyz4InuS^^mNihv+<}*gd#b-4|HV_w0Ie&XH3FS96aLjb~g^=M$B zB`EExYtOdPGq`prJ>vsq{t>f(PjH;GQHk{Db!?5z>ySauoOi!S_tH)~txJfa$=|4H zVlH5GX~&)RXVkpH4mrowu@&!JPX=5=n&ZJwqe|=YPqu#19@#XuLGdkQU(3;u3M-TJeO20uKa`rP(`f^L zO>$=zuqL7YXmI;+lBIaV(O~%&;{1v47seiV-qblnp5ji_Y&{;tj)Zc0NrKCL@Od+G zZfZ83Uee!gj~^q~-QxDTYd?w`wdSLu!bz~nc@WygR1O(dBNH`ivpHpkGY8hc6s+@z zDK7;ZYI7I{YolidXp;6E_ad~tWVV`&Zpy)LbhWhTx9_bx%4c`A`Fx-5>h-$dgwN_6-yEh}s_LRn;*%bm$yHqX+t=EJ#D;`U`~a;@ zG7$4X^Kc$6%CAEiXl+r!GZ9mMbyzxlZBieWPjY!4=>9`Iftb>V!_ue1(qAG?<#FN< ztz9HaXo2qMYZcO&&_(GQTfd=t-uf%nEUDgDGjqeT9zk|*-d)F?3sHEFEIL#=J!j3* zqM9`|>p|#z=%=n-U$SOS^_pd5ckgU@`HzxQf6vmWuN9Ck&({mwqY4tLw}C1dgNx+H zO%!7-@;Jpz_E8ndWuA=Mx} z2KjR=JxB}uXZTvD1vgUP;eq3go$%w%*k?^7k3tmwvtG|@YNhIHoha0zD(_5oA3qhj zK}auc6-Lc$6<{Yz$eh_){nVnTAWQYO27i|t;U1E0>MR$PPQ_yCRLoNS9Lrll#Z%%o zFy6)JZhfYrYvOuXzV56Ph-XMFORG{Lrp}!Vl2A6Kic3P{AZcdY!xmxKu&QF{1C*yu ztD^gy?z&V}Pr$0e!2{bnm|1>%T zf%Z(DH@f2H#;%WBrFtm)DBRA+gx9T0O?R2N&Cqc8#&%}xIa&jFn9=TaNuLD7DM&#gfaPDh><7va!F z&kLVhZ6Ho;^lfp?P`kD*ZA`eBXWk~pwfeH()8=^sh zVqTY&u0p~NAnmQtd`Qo=;R>G%Js^Gs;5=}8;d5az2;9h#5Och-6UI5zxlR51pX7d7 z8a$Z&)EV228OQozHxTngPE-ES zV~_=E^1*k_QBOToIOH&94vQ5YbjnlIbF(IQ`k{vk2eiuLA2zFy&-U{fL!BQJFk=WO z<0~e)pZhGhB~FXYowDJTuYM^H#5{UTQty<~KWdGra9}sFob4v6cbK(1Ocj_BD?Zfb zjyo}LMBs|VWx-{|Mf1qdeeR&8LQhb2{9AMYwa}hGb4O?(o&NIxpmxXSg6t3kYTFlv zrMHEp8^hAig{6fhOK=R6jDTHA3S5h8u}P(`aWU=}QeGv1m?N0pPR|+_#=UWX07oV- zg_>9XH5+R-%v)Q&;i{P%u3}nQJ&5P9N!I5KqpFdei=J1gxqEFt3xfb#8-gLf9PdnL z7IspM`RG>^V;=hN%_n_U%1>UA{r@&+EY;==nkT3g(?!2&E}-`6z(s-PjK0SBdB_VL z;}-$%T*i2|2M=5t)A@Ww{UCgduftsMF5o;+nJ9#h@jFn6rD_)Y%kjoe_;KeLva`oe zP-la4SnsIaTp#1r^-i#YtOAn+cXewt)&*&>VTIWo0uTL(9pE3IFIaCI{>k_w`lG5k2B?Xk2 zDQzhj^Czx1Yio?zT0YH8t~P13t95u8G~pcsP7W)#(=2kw(DHBEhibpmv^cdq(4JcU z1upgZ^gMdUzqVF%Em@byo`0hKx@2GetSMh{4{UqGzPP*P$_))`h3T^3UQ0paF9> zFQBT$FkS$P(o9vRN2DD(5o4m%X7F=m6wYO;*M;WliZeuENCljwJ)+OoOsxpcY{;ii zc-cbumU(c=Ia2jr*p5N^Eklz8Z8CC2~S<( z^q%htkMbz|l=Uw4B_4Q>4PWoR37KgnkU0Oqd6x?SquY7UeGLifD?D&|ByS;p!>MH? z;|4o^6Fs_@(_4?vy^$&a|I>Q+APSVg ziQsPjGn^Niio)NfQ}4lps^03gYhb439QC5JCT45v1c3=P2JTO?vyZFlaEZgTXA=^D{d?Ed@GLnpv}a7 zr9WdT{}?kWVH|EZ7R%-I>sULLg~DX$4^x{UIp5EHPNlZl6L=3&A!LV%hP<9&U~PH3 z4nRi@34PhOrZ!CNndU;WXPp{?k6~B$TSQ<=m(vd|P@4KY50qZZ6NoA84@>_xEd5eg z`e<01WUp%H(frvJ!ll|8?eG(hXz5Czx=T9@(h#;*uDz;e{oLv+YhY))W-c215@y4Q zO?NBFfn0T;`?~tPb`EQ9wIrZKM|EH&Y2yX3{#{JWu&pq8cULG_* zUF)x@-ME&))wWD)Y&+hc<}n&`Y5to)F)Ff{VtlOgDaL$xDaDu%S5cgx@-~#-tih=b z(D|bs6r&mJ)MAnuQ~Jlvld7+?@Tx!Crp6 zp^SDlMcP$n_S<5QfYlg-ToJHFMy83WO3GWOOfM0Z!T&_5(mBM`DBft{RuG}9d2L>o z!Ym=ui5apdKz0m`{`*VrgU!b+%;qDVt>G3?p}$wkHS@@dqIxf#uHiNi?_}p~$gTlt z-R)%OZR!||Y#Go=pE?FhfDe@7=atTBlI9~kUT(T<@SI>8thNecTE4tw)3%Du@D1bG zETkGAjp|H@i0ZUkqdJoEW;haiOzLVvXrEyMy@X59~`MjUZEV&w*Vr64 z>QyfC|G}yD)WtyWK>bcrqnVYKXe+bxx;%MAJIR}*-)Cql?%2%ioe%O3((fZI@}NZ2 z<5(F9!aXR(Fo+4IVx`vVqW?+te3l@jmN-Qr#W_16MGzB4dYnQ^3oef%vQ9`z7zz8q zDS|zcJRjNNbxD6Fy=5pp$|o;P{0%8>hZiQQ=LxI?=0;QRZ^7Op#haqvW76L))tk!h z6v>{g&2l)y{p(MKVZGbzKuF0l7}uBqPuuDaiqW53a-QDH$a52E&Qkw7e#)3VQ2TC) zc?qR?0gp(wn7B75!ZG+`N}}j)W@DE8I+6A&bWp973+?A56SIdZ*hfHLRbu+8n;nU- z;V|V$(v56M!Ew(2WxA1IJ%pi{8`PjMoteszH03X+NreUd2TS#}KLZwp%^6n%m1HW%C#%}YgL=?lZs*M_C}8Gg<)YG-i%n{mZuuzShe7ypny z)(}D=hoW$#ob8gkL z^+T-c&r5zm?T82dlj=T{_o8z(m4FeyML2ZP?>V@Le{tZV@E9`s;=QO1;edr zc;~`F4%IWg{||)^4!?cFzE@6-e6srb)i=zX<}Gh4zG~F*!6y&g zy!YU}10T2l?eLk4l9t3RcyISV_Wh~*PYGePZ2tm)om_kTidb86hzG z>AGV5l{MMp$7kjCWCU+?{_JHCBxmmlieN{A`ivTSeo>mnc)OaR{WS_{+OHsDQI`&? zz`kS>G)B@_qwhy^0+#_SUb=R5^@=r%m+0R?m#(V=Tmj1u`AjMpYxy3Sio?n;(F6XQ zXE13(>5J}|^`UF!vkLT+2iyOt^)QWz^iB9Wm&QA)J|1{02p?-dlToGEoR0lj$txb~TIr<#=N!j??zH&uvVel%0Fd`{BiE2i3>q1R`*2hKQ$2EFO;dZ-iDS7vziu2(GOPNUb8Fm`!LyflY$5MZRg=oeHxMvp6?W}qJ~U`e&V64vm^Tbsi_=Own|b5N)IDSn?>~mY zhBFwqE11DxDGWyIZ=yDw!De-MZ19-kOe%MFsa}l8q9D;8Lis{Mv8!Vf^CZMQY$lN} zBU?1!o8!oWF4^s+^*sE36j)U6FI{_?_ZK>WNF{;|LMQVg3_n&LA(5>+JOca=iRL;d zF2R{N(wT>~Tnh5CY$+{vtluiJmUGzZs!DeGl)e#_ zZ(4{)Q~F9&zT7hI(X_`Bz}nLFGHIEKWmX18dVg{-XM+(wSzmL&$8RcoIi?>hR4{ z%yk~mQ22;K+&rqzQ){kk*_)oyvKKyk@)Jk4%o&w(*0;e=Y?3n#tzzcT*8Rojku}9F%}l;VErP!E<7JQO zUz*$2ex&TdUM+$oeGjlNjs39PAt(1T3cM}vE!(YA;B9$#*fHb;$!98S_px-N}Xa0-3C zW*L-fL_U3sEaw<;@_hQH6Q9X}mw&zM#^tk(!d2kut*H@dX1fLQPs7!)S_-MCAS%0v z4!yB7_3+X76kBSnDlY|=?69U-Qq7vp?da5)w5XIwCR1HlO13_ofj2$$1-b3-#btB# zI^wp!FN6hijCrg-aogXjzZ=1>eyNH;zsQO}|7euzZC=8PKtd!hA?&ZVsAUu^kF~?c z4Y1=Zz<#|4+tw%cog6!ic3;@v<=y~n8)(Oe(T?qt_A+260DC|f?S6e?S90ty+I?Yv zmzxW{EIBOzXBy}OQvV94w7#N6y0Su$toR*`-*FWlDWk{}mr?A2><>P)QY7HF>_xvB zXW#A|H*`CF7w(y8c-aX3yU^)#lBuPYrRv{>+jAen+L>U#_|rkG{qY$ysce9LKc6xC zm&NJ#(^yPntm+dQwo)ygPkX*i3~EHVvgd0i>R7N0*x%rv-_*4@yTV>WfS{5#dctfPwQU2XpyN^KbJ$lPy4!thjBTTN%O zMFIUm$uVXAqxmjPbQ$x=$3`j6fmqqSuc3`nU!?xUWW*tT ztflHE^tVd1+j-m3Rx8??FWh~}9&Ggnj(Zy27c-k3$2==9H~Wn47w53O8}JvIu%3b5s4_NRtF57T`Z;A9Wb1^74`@Q*v)=65_g!h;K_|_ zP0X(-g=b5wMQ$mhI;NS8I8Myv@c*~8vbYpJ4r?ig<~MCWOeikSFEzUeN;4eIdWG~g zg{hF;TiDJUja)=0B8}QPaR%7Eqt-h$f!fM+8l~fCUdoM46MRXjgLH2Y7yEbTPkKJt zed*xJ*hPK`8l)FB%?;WebAopJADnMEFBD{GqDs(Cjdw|~sdC3=Inx5p;r!NN#j}|m z=Al}gR+3oy6nK`KW34_aD|vX(-pzJiNo?sMNc+H~#y;(*6o(p5Ne zW$dCR>|xq3#6BjhdPkS8c;9%IW*&DP1exHQz#tArL&^{WYd6Umi(5tf+O$cW_I%g0CkC(< zIMX+iwLq&sYIl4|GW_S73x={5TF~X3M{9yvzFBM?bo^9=oak}}%uWl96|k7&tfXF0 z;j3WJqW&t_)gFW0j}peK2&HJBXuHas61KL*x`?ffggkX^6quUQ62Mxv0BhTM&a>7= zEjhM2!0TE9;0c^g_O=s!6Ipq9tC-}Q#A}1KidyScUA;YQBA#R_W;Z*C8B3}{1xkQH)`-&OPA{|oVD`7aiEtUF8 z83xje^lb` z%P56MH~^wJ0)_aw>v`p~#DiM2m&QD_2db2$t~UVCWd%9XPi6eBL%n}15lER6y! zPc^kW^0`AiCeeEGuQ91MjQ)a1TxCTd0-R7J<84UCgVqagoid9wQyoWq!>8a1Bk2y# zt@qs7FS5P;kP_)z`)P}3;K-J`s1z6)s%!Doq&N|KnnT*{-l+fBZrNBaPtR+KpI+j4 zI*NS6k|*85o67HME(~~>uUA;IW%cVR!8fR+9!Js~;>dqdc3nBuCG}{M=Fm)WP1%)% z$9NUKPQIdSosLH z&2b^;pe?j=+-DM@r<;S%JEtcKAg0kl%V{9gHZGN96KAO5wnAl2uYExP34x<=~m| z<>i{kUe4zbJeoa$^EdQ_wH@&}G_U#cBU(k55xNRPnWTfS=cx@3Xm&9F<1KqFbsn2_ zWQ#32MVN@Ov1MJI@cXDb>Gx4BEkfj|{S)%*EIhX0t3!gonj0PS)0#y2ti zr8+(~azg_7dgzUBX7~kqdDQej`R0j+KULqbQ1d?tNr#ZfzJ@i7zLn9Z{ckm>`HOfG z_*5S~z8Pt^q$iMn)ZXQdWcZWx@~Qc?A!(xbPrk{c-9JySX7&CSy;^9uyeG(bTJPsY zv*!)f>8t6okoqG0@{n{7HQMKaqD4rMp%Dq@nYD*z#B|oDN=vU|X_K%)OHBmrpIMmleNb^AZNx#EIkGEm-D-Q1)uIGGO%dcejqqMcEf7hC&SE-wvP%kN5Qn>Ug zco;3bdSm7KCHPA!(Hzd4OaO-e*koL@VPoz3wY6g$dcJnrnEbxtW*uC)cEy^F^VVwq zU)d9SJP-63w7`Ss*48XpQN8M{+!fdcomF%7#(7ua;172P%ZmzN&kgj@zIAOFdO^*S zwX18_*TCAX=7#~Q1%pv(R>YT4jP|fgi>;_9N>dx7_%bb~eL70NsKo&-K8C(P@S&h> zbqIn}i%EZo;IwB)&)K2HztP~IXfZpN1U#qq{54v=R;&&+qeMx)nD7rse)6YhH zvz8|N&jf!{i~p#_pJ_3TJyb3)E{cEDJ~bH+9>W_(uLcw1Mh>6!``S!ztgx2TJ2RyH z^qiC8kM8;OtR?k<&}W-E8xQZ$yCwB5L`ci|$s6pb>i?-dc4{m5?7jBbX+GnD50^y% zgyK;j=$Y$!bTd|m;YES~jb}V?dVK8SvljWVTg8zObG!%fJM_8fTyb5)<#_iYP5b9g z4c?UmJ9PL>d*vAZ7(I$#!_|u(Zldv%2Tt#007B`N;{(+KM)YVVB0QoOz!ggG2>LUP zw>)rqp92s|?{}bA3>eXi#Kq~wfLJKKPjJ41#%CTly>tx^-JXSU{rlEY$O0aQAu2ix zHvsRPbQFN+#Eo&di`oc1*M^JU0bo6J!Jgm0^^{t6N`~twD9NyaL@%ZV{&Vca2|rS2 zf6_UhQ(Hx2SlBtWAFDT(badDqRin>;{mBQ1-C6bfQ7bO`=)Hes{rOid|DL<%t-}*m zq%64Xhr^H28@uo7h4F99JblHZ$MW)KT5E-d&#t-Z8t3nKZ20%u%r92SbM8C-+xwro z^-rtM%$a?a=bnK57k_zl>Fu*RE~~lnw)bNeZ(DZLlpSYY_5E(_z~~*{zB=0X&Wrie zmNpbejHr3`NY3Ov@0h07JKs0t+V(v4U(PneJ-Pp~+DVs&HfZ4BrULcUQiA>f885>tDF&y29MM*X%6Fv~_>< z;l-KL=P!9aa?g#Q2)9h>uY7+0FQ?zP_1Rae>sKB+@^@p}(0xZ zTlm|BqiVPR`6~ITRcSAMaLHx6bM}w@>+h;0$-u?WmSLEFD z!ZVhLck^A7uU%06@1>6flcywnHG2B|H)g+f!&6rmKk$dGaSyh)ZO1+1|A1 zbK95YkG^s1u3ub#^F1R+SVr7FY~JE4EQuXuhaYVHczE8#``k~btpNw_~_nSzi#h$VAO)KgFpDM*DiXd^pfbeUFoy#ePzqyU%lV2@b)P4W9>PKznG#- zTcs?zr+m_*6JEbBc=_Y*#nI=_p0sp!OzvIh583znXP4|d@5Pa6mapEbN)->RSUrD6 z(r=}q|9Ii`$F8|J{(!u}y!fx@eYAXR#7z%246O~m{_+J6OfD(v_qOkayEi0t+s9vf z@W`+&?#_44|L~z{_OY?qZ&W`z=|muAY)5wbm*uP09rfIFFuLgDJNx}%#AmHV3*v8G z|8?pei{CIE|IOgP+_|o5hOvi?)ut!yyBm8uI{eOl0W^$ z`MDA2oxk~}?xg$yD^|UeyW(Br!KTn+h(Few%|KduZeaA7)d!tK74Eo~bt3Mh0Yh$8o?1S%rJFQWe znHh27g$mEmEt%TTDtP!0#5$=ESWpF$nJnkeea+t6-h*n(iO-?xtkzR8w8jS85E6{c z-U9*1cka39k&Xc_&27X2a6MA2r??s^)8q}&AY}|ODVVA%zHCi`wT-I7$<=ay>ou@oOMNU1AQyvYp9;-qI4-PqQ_aUsRY+$1wAci ziH67duma%Fy*v;Nx`?+8<-=|V-nsB$F9Yu+?j@e{hjc}Mh4;t@4iEH93gLWM0C?A{ zS?n*z+pr!UCpB9Eq%HcN?Bk8ka-8$o$$t{#7{Z6eqi4`w^tR@TfXNJ5xaY;EjPB;A zV%+yWmEfLI<_&Jg8Mz&zuUl&Nb<2Bw-AWz&$ud0(11#UCyG?8t6gaWu;X?Cn0e`w? zDUWGXKzjac2K;johRA%)8r%!^E6g(hzdIFHQ&l=*T9W(aU|p6WMLF|EEy?8J5A2aV z%|cQ(s61BPA9_ploILoal~3=I)jj50;0xilyu1$U zUbSaL?U|S@g<_mpHJ*86y_zCgp3tFGQtS(+Bu+I2hv|%Ufc>9Ij`GRNU%@9 z_r=rX`(j>oaY5JhOX&{M2qhUh?r>hj?x4K_qCs~w7=+H<9>G5!`naFYGw z4xu2huV7e7L6{wOC&e1%_34X)L2)$KV%j5<@^}P-M7ivp`-U+o`3TA0G z?JZGTHsI3R@@{LI$w&GouXxlp{DOxpr3r!OJZf8hhS^VpV@2$8*4_Io+OnbbMDS{F zvG$CHvYi+YFb1?3y=c#9(}rfzOFL*78;~-#sAGl6A$d&?zZHyxuWRaKo6uuEY76aw z=zVOAP+J@NI$C%o+B)m;4RhVbN7Nkj_g?Kf+bwDBnx2&5rrx0JQAeH1cvFh1#T9fz}g#q;djxN{-g{%Qiy$; z`K5VX*Rvf*YI}Ugv6A7_o)zuN5q^{5rLUYLqmP~lj;c4Yv5(j3iJ-ln|3CdSItTbdN;$m_dbq&+YC4R=E`cw$k<%|&Bok$!Md zz+6OF)V8VZ7Is7$(p@8F61Fo?RY|>#cE(8W6g^GAI0`>Cw-pX9DGZnksekhJt+o70 z**~Df*%2|muwx5$ES=D}kC;F>)Z(>1PzgN`QFP&atu_{OjdrTf(3Y@>jl`-im38f* z?U&j!wO?w-)P`?sW@B+iUaJx9X*#q1J*73leRb$8h4EF!Or?0xHtQs>95PcyeD6%f z+ghC{Vr2iF2Xoe=XU|!xO`CMLO6MZXS?Vt_HFUP3*^9p8+22qdb*bHkj^Wvu+tlZa zX%bq!S`*YxIR)NIi#0rqf0*lT#atIL1w&%Ttxk-JY`)|ByV!+KD(%=_NOfJzNI;{&MeTBfaVGsL z44a#2eAC9YyzR|KnxE4rwMM%4KXpNw(T#Db7Ht3{*bcEixIIh4TuW3`ZpBP(U{h#0 zdXGdH_s|BeZ$%5Z`ukgeN@Xfqfcop~7NCAh)yh#{-_ogl%Y*38+n~vBc4U-3qc{VJ zP8xgYJ5pcE>)77MH=vof_cu_#D}6aW0;%7CzSa+Y1BZKZ*f*%_^$q;`H`w|;-{9xI zW>v+OY*fM@h4KDo&Zx5$3eTf8g%LZwp~1-T5AcPHz9Ld_XrH$?zM0|o$iQj!(-Ual zwl}_&;p+<{HKpG``?9_9BN;}mUVf5x_XOHk4Gpv}O6wd#Prx5qL)$|TXekl8ZlZK$ zSpL$mbm)4A@V#OA4~3;)4okm%ACTis9Eo-Ud8rBzt3xGehnFE&cEWa%fbu=;J#V4yN`874q3+0k5UrW5*k8DkVhCoMD29OH0g96ap@m}LeM2#wM?`%S9`zLo zMi8hS5WTG$9({MZ?=da?surKr;(u!K4tz(V_bZA)?;v8LcLU{v-rX7=qXT*eDUJAD z4gQ4|Q#q)7L$%nemG5OO{eboy>U%_gGTjIIRoea6Q;he&nPQaVR}|y@!^{0S!SQ_l zygw3sl>emmye}w5eo#wO-=*he(0zCw^&cwdB9ehGl9OG+q)8T{JVy#6`CoaZxBng2qK2IK2`8Lg_Vx(4%`fJ$}}j(@Q`G zjjKFxdMg14rS}==RRKojqjGV2_4plHzGEPq& z=Xe;6>pbxC(O3{l?;z+^0Y>y9adCQoz;C+Ufr~;d9#*RUWPd4-t|PcY<%Q1zFLd7H zMW8t3^@ITM8~~8q4_mnGxl{%!8|dl5j!AX|Cjuz{87?nO#Lb`RclF?notT@Yo+?-W z{wH~1)`WBSr=i*M(a)BXt##3zzP~ky^Q>o#B%ynr_HkuJU85P`O~Xv<8|Gp2re@`I zWdcbSoul3gnmy+q8(kJd9J($`JQ_^M7JU-q(2bBMYTl#nNQ12>Reremo7=vH-8Oi5 z&2x+F#L5D98u(ToW@~LJ{5sJpL1JrjUJ8Z#r@DhxJDsn?d;Z*cUUcV>pz2m8=n&q^R6t+4kkoEJ z(((Cd!trT@=m})Un`l#;$F#?I%%MHmtj~_o@;_twMj_NL3-zbDVfZV;(zLn81L5Dr z6No7-tlv<*xRxe>q8mS)uo$SJ(KW(oKua8NLZO;sffu2)EtUY$xF4kR*M;r0C)?f<22p`IxF-oB&y{9 zmaUWUn&_FG&#H-^JTw2#>0UWdJ=6wyYo+m>+9MCV)rZf`zrsLHEgC~T8{Y|!(ln2R z(kn-r+Aj~Bo*RJBx#}^{a{@;6s4SdbHGUI4Dkp_;NYFEQpgg)R#}ztP{TMqa#6v=5 z>Ie6>6cFDF93JSI6vF4K&w+QXn#KNdys?uUefoT#2xykW0evF;r9Cf)V*+_V%$_(g zTb43N%(7-G?s)ioYDjtVjAv~md`{Tm{mHY|bWAvN>pJ1g zTDH?vyWjR)M6vBTn%kZ{BdiS`6XAWs=G5|^KN7U3Dreqar<~bXOK_U|WZ0r6*(5!s zv6-GD)YA-zlY*NtGZ`@}4L6>y>~BqTjxoX?`i+|ol^Gv~Y!cFPsgC4SkX2$fG(v7k zQgfNf%Sk%#3|tO5Rf8z8eIWeGf}eHGPs!W?CFz0P)|%p0&SWC3T17Oai0~7Q zQZk?D0(?w!sUl>#@h(UK6<=Q9ZtU%BcQurX`uQ7@7IFEJ==YYoNX{5Y(dBz2k)rwX z_$e_P7ECa!TCyrSEIHds4WO6A@Muql)2KwLZe2e`lXTs{q=FjeVZtuo z+VxagntO}!Hp&@`ChbP)2FeX|w{m7Cdy|rm+gz?digP7)V_KYemr}@_?GfGxW;>F0 zWXQT`euqUMiKa7<i2G z?-en%yu%V%9$0=6SGuVolMSk6D8GiO0Kql zlj~Nk&`J%t?28>IJnV`!+idl=#&=L7lgQeJZ5)H~Jt0@%?jlD?7FmsP6mHh%&$&Lm7?7Sjs%mRM9)BPkkLC7&j3w!E2RIqEe9TI)Y>C{ zk6QTJ^|@}9C!|)Mi~V3~M}rtgcuO~Ngwz6aVJ&p=H`{~q=?mj2A1zChpIdUH@kZ)i zF-cEpw~ktP?>8FI`;DGwJRrRo@q_;h?SEFWk4k^|ET#g87sOI4B&fbTlQ9>lLCqf( zk_MY1Xg>S!i_g9)Hpxdr1M!O7Ug%O}kUVmD2m)9mHb2r_^G`g3`Mnwj8#(qb#VCHW?|Q4ARwwI>P8*(H=ldDc*j=XkW3 ze3DU`cqxiMq8Ru8nPS}Eg_!RDY5cJMG0$d*dp_n*=7=Hk>%~WoLpn5|idaa&UsS6u zR|v53yhjoq^*J7R&kyH^mt(_$s+Ray!l8?vSB5K;UIWt9 zM|t4%iU0`ZhdrRz3RpNlyaX_!N9Clj69oF=hgTsFkEvxy`12>=g}yVd7m9gZ5^e%? zz3KoYewfBIDxVEkxa@{>y*wwl7-G4%nftn%KhWfZq(ruSQI`Rm`IGl_|IVK6 z-xECOly;Jhs5?bix}RLwvAH1IFV|bXuvrTNw-@Z`ZfV}r{jzWqv|xmB^6A&jcPYeS z5SK@L$lynuH!yyLpWh`8l%OtX`51ge0}$60B}N}npnFLthu^!F-OKeBaPByX?k$Ct z_$^9a;P$*_#b(C6f{)TQ7>J9iCN7F;>0gKetD@;Z7heqE=$oUw-c~ zHp+fOgXPY=4ta^u=j@Pjj7{c-(hj3F-j&y3G?fPIbKKCja0L=w4i}CLcPTl}z+QJz zU~iG)d&CV*jGTdA)Gcy%373(Uli3G*=1D3Sm+cpjvSkd!o4DYaop>QyXEb{9;s1|o zlEr~fS9wI@17$z>Ax9L05pPJmJ0P`Y#?5mskThJ5Db}Ns-`Xi!n+jiUv+Sul$ zz49pMmoqo{x`h^Bw`ezeD>`<>g1@y}ym=iv^1$Uf_LW9r^>lk4`j?e!SrCuUdC?|T z_uK{?ai?bgouy0<$n6f??#7p%(8x5FIL{B9svYbu&gl~*qG=m6=Qbz8qd;+SU{^sw zmog6N5~>yQctExpP%BOg`7#(_Zd6j8SVC2tBW|CfVD>@Nq8RZJODD%8xQQBK#K~ zGB;WLg4fz4`eK)hX+o;PB;L`D7Qa$2`63(5eruClFZ$xI6?}2aX-tahgz%lo2wr<; zPj`_+%BuUA$s2!_O#dArSTiu4aLKB-v(?wqs>tn zkZVxjZTh)pV`g-{^UFVN_I8U7Z@1($>?GeR-frwocFRr$DcfXkw}Sa%i|Fk(IKACQ zd(2K3dGtW*HhQ-z`%29_wHEG--xJCb<`iPRw(-V8=DN`oA*XL>UkO&WoYKu7k^p5v#K&np6= zxgwxg3OjZ{lP^Lf`lGy~7=2K;QRzl|N9*Gf-T8`Ve)&`vVUF>R;h5+P2kc|LV_7-q z8EZS@vg0s%I-$W?)UgBBX=ebn91%f> z=;wHISl+;IBeQL+rp9~6YrXdqQ2WR}&O2^5VNUQ)U?m&)ZM23t$va7Vj*2a;m;^C>UaJY7*yZ%9*1equq4^t6z-h_LmjbdRXDDq-Kvv{Y=I2GX_^mlu)L}JI z$#cEAeB@vw#bobf_Dp*FHf78a=r(3$VWzwtt4H? zu}_7R%iGOvU}o)YM~?)Tv<3EWgt?EDx-dJVZQBy-6WQF4w(X!kOEa&j$?A`XJnMGX zUf>A~Z(#jEW`ULP{M0LKN%cvLiy(-s-BIV-sZ$bM0O-DXJPpxK7G8uMoy zVbS=jjkn;s2I4Cj;HSr&M|mM*F|uE&M%El_eZ)t>-3gt|K-n1}>FnY#QkG;$d zw>EBvDu41*4bOp(L8|5D&t$r#J(6#-8`{j)3h+lamDRfo4pY3VU1|~<9~Hq_gmfFym*40d!?bVSxC(U$D}^NfH&M0XZBNB%=yoVR2mvvsl1{;!lg7)Jy4wr zbBWGS?@-nPRXS53r&8%qiJpB|*dyOv*byPqj^yCt9NcAhfqS(N^A2MzQEp0Pc6jpx zd-L+;KO!zfA{J=1DR}EVzTL*JgfXCg6aDctNh&(G^73C zWDY{2PP4%E$A+h!?^~W~g3YCQX$ktNkOrHzPD-(}?~)Lhp`8^u7QZ0bBg$+Bo7bSu zWYz|u)8i7S7*1~y=ff5pzIlEjV%Q2bzYtVBnaf?^%QLGo+%ou9-lO{KPdY!|(m*=j z)B* z5(6epdVkCa9o>g3-ERexTMiaU?$-T8)7)TWD*Q$nBX^dUHL?0(>*0V^rg*g1oA30rbTVYik-l0d=j6g z>O^mIVH6c;)P7c3QXI>yn^A8~^QN)>N0R!BY4yo^J-rV>Vwx7rvSPHj8$DRahAzG^ ztZo>y#tj{Odt^gQQ{}Au4k0@~Flvq|TTIXk=4tgViOuoW*oEo?Ml_EB)@T)hAPriG+rD9L8 z8M8-!yp_#S?_e_>)n}w%AsiQtmaqg_SLrI~$V{X~6ckMMg~8zvq$(g#bKIogx$ zoP$Ci-AhkLuf#bHe4TjoO<04)9-Rw4)LvT>@1<5ry^i`E@kzwZ(mg9kiee{DiTAH4 z?2}>bH>iyD*4tfbZ&mvt@k`{@jqbdV-8t1em9=exMEEZ#nO{1PSz{$Dh+2=asV82@ z3S!R*nJBbP6F8C*{hepj&uDxNw22dm!z{WzAFCr*9@eGX(Rw52fM2sY>z!O~VvlGl z>oA-1J0c<`mlk(O=CTgSa{N?u3awD18o@(Hf-jut6_dZUPEP(-oVvzu^JbL}95T8r zp`O;KSeY7aY-O6~&13KI$DnYM=F5CFGIe=f8r)My++%^afTtP1S?Dcf zX{>M=og#0Mmj4OTAKBercT*nLUUYA&D2gr^y;Qg5kF%dGk513&5_zLc6X zm9yMi-iv;jx2&mjS#$o*Hk&`HDW-7%R#*~RONOfqy`TC^Uf_YeSSA;WgKW&0V`+-< z?Jiq=C)!rN4SS_0f}YKd6$!f|_r$yU`PTS9%ju85a_2_NiQw`lj|UIlE2K^dN`Kf{ zIO7BJ>3k72CP=yB$(@B0TeE`F-=$o?P}XrlIpHp?pv#54@!)$k`9}f z4@!!!QnL2vf7NEf7dA-rUFmGzT;E*QS}@kwUvD3T`LQ`wX7l5B|M=UXD@%Lk)AK*s zSXzN=<|o!p#oAW*+cvtNY>_ga#}5h)f{^V|T2b3{2w5AY^>nNbsq|H{r^aZI1CH6g z*^JKn=$RiVcONB6b9{5yef=2L@!&;!qfxt}4_rRh;IrM5x(fG8I6>9FLGJyy_=b z@3A)0+@+pci}dH9r%Z(>NYy7OS=gm91ii&(X^KE?l3&Xac_Z~RXJjFtPJ%>`OwHyB zJnn>d$1aIUFUguF$&dz0I?D0iJ9-lDLCnCN>S_H(z#V4eFB+%%?p`?j4Wr;7`A}f60PVc zvh=JZ-h&=Umit|^Dm^{M^hk`YqP82Xmac?RA>N(px|mTZU@$tvL+!PI!A=B+?w=0J z$V2bN^|4^5@xb6Uu$4R3rOlK!LSCUs!S+(xrO* zh24``s>&q}*sYKrK?WcNTY+a2I>ks4(&ps-mi<-km)aBD=dsf9vx$RQ=@J=?pN1XC zVDSt_vUloZ{mLMTambxFE|Jg3X*7PTcB|>!Am^HlrK1iJCq*Y==^jg&wZvLXxI>vN zSa6s{erTE zB?}p?g{)j8o7W_y!aN2cnJLvb^@R6=332>1x)C~|bjC}tt30pz#Ymn?WpsypF)lyN zXRsNJDoIf3Ig=S|GJ|m)iChL757+?*Ny3R9^{o$;ilZdWZg!B&o9=cn%nSx2nKzYl z6oU<8FzV@acRGXF8H{_sQ0*<7&)m9E!5UXxJy|-x%eg1terz7rMBs( z20xpBU#BFChwsS`en71^PG51%iMP8OpQPUNS}w$$zJw(d3EMOsk1v4SzO z)rj1rG^A-OzrjuPOYOZT|LoGcMK^Sx@&fyq=97%svB&o^eUV=)g&o`aQTxGeQQ;x6 zpw!|c2{(O7-Zzk2Y4nRYfhYJ%-E-Xw-Rc=X4^~0T+7$o9QuwA~&*0Rl2l004U|%+* z&*-!;3nb0OSk*(#iTQJA38+EJzYkJ=g`KdazD3k9rdP>+OVgkd;!@R>3PxnMvqdu? zjrnGOLJ5=D;9Pw=xOT-v82lVAFluS;8PcF?KHD1>X*$s6rW6fkWn*3FcjIF^jorTH z`J%~J@2)O0)l|yLN`0d)gqs4qa_!?m61m zIE`@HIDeiWxIMp=X)Z-RUlH&`RCIZ+qqm?PMjChU7WRC7hmmT= zS>`MzD0s@jkkcf|opW6Bnd_I#>ex1GR)=vqU?mgE#M3uN&I+W=5>A&z&^XGq#4w6t z>^)$Q@xGv9} zVQpIqUu`?jFYSV+*p@xPWN;3UOHWMpi$i1G$+fD7W5r$hOtK%lM&Ka~ZBeDkjV7ic zr?@Tbi}1QkZn8AcJ{9%rF7#gnO|D5lX+K+)=P0+`(Ht9?Zc3(;@*_;A>jxN4Z?hO7 zvlPq+1)SfnLyt>>JU;_FyOZAv4)vJoZUHOnciT>mbXy-H`j$rpA3P|`qc65llVH_8 zWAXc+QT!Q@X}uH_Jeqv$%+`&zR3ZK2Rt4i#4EnsfXJ%?L?lg36HSg=R$@{QRvai!@ z-PaizVLmM@=F^g_)V)yfV!=z;7lxEPEvYKuWK<(|U>uG41KJ{+z=t}T^5fbfnm%N| zqS~zf)aCx9_&{xisV!fZstM_TX??NX=to(%P?<^EiFQ62yPipE`GoW*+px=$`G?ky zHkGI0tx0ZUSU4h|JtZNXhIAUz64DCN z!;l_^w1Tt|=@H^}W+n5LQzHN~idVEAJ!J-Tq-X$aBw%K7C16&-GDRa`nSfcvYQQ1^ z8!egu8x2^bcmZJ1fQ=Q+fQ29Q5&#=7 zMgTS*umo`|VEqA`C`JM{5wQN^Fu)Q4%N3&l%LOb^90XVrU{l0sz@`9}B*p@k4A?X= z2C!*>C5tA&2IH+~q`h)#25Mn&+Bc>V0a3p3%!iLd7AQd$XnQxfRe&r|fc~iMoli~v zj3My_p7C>n%8>a%CB|0Ols~fSA8jwf4~qroS>vINk}TL^_ca}cFC5VQn257|(*&pB zf)C~rpyr@T4}*;q-iJrCN(x)Ecd(lV>vHzyRzrBVt9JVeTJ77jxt{GXtL?6OTIGg zY0R~J_t-w`E#kI_zps5Ja>IE~L`|FZd362cEZg6wUK4x8B@yw950>{^CtWk(xjCZ; z9JnvwGM|7yQ?VZFgLd(f!(mV`5IeoHgw0`Qsb6JUglJ z+UKUOxajXQ#@;f>l{M}`cXwW0*^=lZv*for=G--9*22;69ABI%Ew0JDarep@BX+D^ ze5m=Vzm~?|a6$I5P5wLoa?@|8j=P;~ZkxdUM?q6OUKjvdUPFXoFg=n9A?$cz3ciR7 zzP?NFHRcKn@f~XL9aiEytV8{85pF^4--(*vgIa%3__gp9YW#WB_A99E!@>#SFE|H$ zO8C3bDSRu4qDhPrW5j;qKyi>bOw17{in-!6u}qvTUMOBHR*TETwc-`xb>fZUP2w-b zda+TwPrP4zLfkL@Ry-uWAigfXCB7pb7Eg%n;%V_K@gL&9M2i$5ohPM9qoo`vSDGT_ zNoCS(=>ln?v{F_FlB@?TA87^ltQIMsZi!C7b{DY z70QjuCgnCPMfNE7DGw|AmFJWfl;10FDeovpm5-Iv%DOWX{R{&PgA5}K zBMoB>vkey*E;iH{t}<*g+yR3FcN!WE_ZS{DJZkv0;VHxOhSv>$FuY@EGaNO1XlOTl zW%$-$GDaC=jRTBBjA_P9<5=S~W1g|dSYn)MoNJtK{JHDN;&@I-=&?tCkxcWjB8*1v zDqX=$VJGc3hNLNf0dUno+GahWuQOH-WRnir5zv5M45Qzo)8kruDviGE$row&2cYLB zK|_z8e@wq$wLkxPNSg9L1FjlKqpv6QWl#Q6WK;Q8L2*xl_8xmbuJnd9)z?KKY05vS zzqXp+5|XC;>zR-jKeYRIgrq6In3M!r(0{O0U-sz<|8xEMs(pI9{=Si{ymk8bh*ZgH zfBUjOPxJyhz22>X?8*0r*ckntI=(H8eq0znX-W4487JoGc|9Sa=O=#2(30+*Pg>JG zLB?s+-uZMowI|3JpF@L;IdokJfJ(b9EWJA{{Y+T;ov`#@!qU1zB;Z8frq_*{9vYUO z6qYUwOZV9NSMMjCV;+e9YNQGDGQKg{g}5;+-xrp?KP=sbG=b5W<{~?xd z6UbgY5A=LG2TiwpgE$WVdfJ{^US}BoQZ2m|_r&7+U&Zqg$Krc#)zUb5gfzbQdYoxo zR&&#At2#hQ6F8@L+*JsYPHmsYM{vAQOUbj@{e z`4vm5H!wK6iNST$P_6V3U2~Ufab@+YnKi4SzP_kt{o2Y^)fM+Sg+9Zzeq&|z`s&r} zEC3xwbziY+6<)Vw&6RXKRsTjP)G8Du=)f<-P&aCDBQQ@;JShlVapuL@^Y_ucjFF@(snn zi^KFqaV5>2xW9^G&|69|-hVm8cz+tT>Agswo$3ug+561V;wp;sF$YtOa?^QCifOE- z=RHEPOM8DjZ#|VC`4gyKk-whe0=x&spg)xG@sJ%Fodzxbl@=>hA8wpa*5X$w2Ax(d zX0}j}K1pdjuM4r{)NG#=3j(T~(Vs;z%CU&Ygpc}KPciE2TJ8SZwV38n$%%8R6r+BA zrKM36_I`}c00C<{q)P?i3oWKOhS^-97zY%X?G)4p^X)+g7XDl3r9+3z@PW4Hs7NT5 zK8R)seIta8ygf+h!ez_!+e7XS9WB%msn<>VXw@^4^vdr&g7nJLM-XnexQ|hwC#%;0 z&;t$`B!2P&{cb#X=w%^9k7A82!}4>sL#iRrU-6c4a9#Ef6oJ_ zNBtW^h2YdOj)l;pdpW(U@H>>=Qe+ap&jY8o0f10?#2oVSQMouh8aG1e&5Km|`*3jvDQl|8PZz%0R_~|Qf^<$huBbD zOw`>%d$AST-nF+nH=}o&sL_4kAcj%5Iig08C|`4;Q?|G)W}92tmaI5Q{9{SSic8th zk!Z$#zjNN_eNW%s(pDBh_N1rhJm);;Ip5FooO93nzEj|&y{8d2`Q2Y&S+wT_gx?2< zF!{Z0@XJS<@XJG9lV33u(19Q}SRkSLJ)E%VVm z3p$n|Aao5rx_w2U5atL9UEHCAs8z79IQ_F%l%p6*;g!1w!tq=$O#38NoK1BTqc6=7i+;W~b!O z@TD7q4lHA(enCxonxXY?<-`L#PlSp)SCF3n5BTaWK zsS=2<0u!JUGfFyJ@UEG%(MuJT%+ifQ%;>b0x?rt+v7T#%s#G&g#0D1}$5Vi7h_DWh z^Ht~)2yN332K9Zdd|-SOtcmNr9p$D8%HV7l#|j^+kSCwGg?)}p?h zQrk&t71__zlsYoQIZq?9RV=IAQlWV@q)F=HEr> zsn{9w)}fF8{jU(7R`^vYV|yuT639Vqa?X|1_2%2(0v^u0Whj(4D{2kq zg(jcA(+aBFzbkMXJ(&A`)t0DL6gvBG>C6{HgSpm;lhJ7`r>=KbG^6)iiH_|${>IrE z<+s1qdoWm(xhGTQXHBb*9l`&*k4-*ZkiEjjQ{4xiu@Bg11zoT7|Qwa0XtC4Qd!EW{s!kgrJ-HBYhR0oQA*@^0ZZBb z&e<^U15KOx;%zLeM#{SS3 zFzun4Q^r)~8csphrZA^dmzD+Nts~a=e__KEnGFZWdB7vCU_eh8K%2${+A#AG!L?n3 zJbaf_)F40~s(02%6!E(RflvHCA5Qrtz;siF5I-!5@QMGg#4*n1NnDqG= zFVgdUQM5Tq>0`o|)8_%%r#iQnE=$*|pMTpxWA+Kmp?h!Y|EqQQ z!_F^aJ-EswpY$&+ctJl+#<-`lUk|gV}-H z=u@>tf6T^x+kkyr0X0T;?@I+&Lr>nFpw^2VJ6CG$xbpbiVDG^df1gpD-5c1kb9S&O zpmayD8n<2}g-t>A4V;{M?SrOh=j=9pv$gtzft|B?mzBKj=${9uUxt42-2MeWuoi6S zv#$GcU!k3G!-FNO`)5GkFX{`-57Y99M(la}hu#Pm@oA_Hk!jnr5PIk2bUZy3fL|~- ze@`2AIX+6Wrfth<)pwNN8pw3wGaNs>_P_u{MGDg(g{hUo_@^*0FMHj{HRC~8 zon5}_M(7DDXu7jdo^}3Q2uA2mN&*kKzsFWi$%UW6r!JLqYf`Z;vZwfyO3%a{PY;;h z;h~EDn?9WTaV43Xp^jWlD2l7Lr)_JCdaZV6mr`O%VRCD&Z=bj~E+m7e>0BD~h6=*u z#&5mEySjPuYB@JR;@#1%dr-FxaMVpH$KUPv`yGEBeKf3zK7&@+*fU{1Qky-S~B+nYwYxICW#x(T!v6bCY2H9aRJUk98vW zb>mu8{BfP6{tI1K_r?i*f7U(X9fxjA=t5lGn8T5{%-^AFbTP&qnn-o<#LU!Y+!Kp; zB(1XL>u)aGn1m(2sV9k(#___%{=G%k1Z|>pYl8a1ToVrfC#`_YP5M{{E*wTE0ml<) zIjr2)@wW13jSjV9s}$$Nt93`0d3{&~SjeCi3yd(OZUU z5{Z@8(WGaaFP-y`bBra^ZldlYj_omU zJT?Jefb)7CoR<#%?!q$BWdnrT!0 z7DAo#8+$dymvpSh({SV~a#&Q2l3}2!6eF3UpH> z5$O_4wzcDSiD%A@rMH$iZw>@crL*S}c>ZE@XIHzdjIq{5#nKA>+VyelarpZoz+D&9p~(Ylu4Nl(g;U48t>djajA7Q0dut z_E`g4J{9F{9ERtr`>;-w(iP^qqwcW0N$oQRoAFFeXR~VnZtjZ5T|_d)@TgNv6XNG0 zgMbL^oDMI)P%#d`o(!V-%11@mUgE41f1e=)d3l*WFZEu~?=wzYyfZE_=TxOfMvvM) zMXD~52nVxWBU8P8_#E4N<>-FON?9$G-{wq~Rac65(@x^IS2(^LPSVg3Uj=9Ks{x*l zA7!w~kN2a6AL}Cgnh-Ymtp(2YAt3d;0}&>_2>7vXbmS}ioX7C zCcko{e$+F