mirror/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-04-25 09:02:48 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Further optimizations of pake set_password implementation

Browse Source 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
This commit is contained in:
Przemek Stekiel 2022-11-22 09:10:35 +01:00
parent f82effa982
commit 0bdec19c93
1 changed files with 7 additions and 19 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
library/psa_crypto_pake.c
View File

@ -274,19 +274,19 @@ psa_status_t psa_pake_set_password_key( psa_pake_operation_t *operation,
if( ( usage & PSA_KEY_USAGE_DERIVE ) == 0 ) if( ( usage & PSA_KEY_USAGE_DERIVE ) == 0 )
return( PSA_ERROR_NOT_PERMITTED ); return( PSA_ERROR_NOT_PERMITTED );
if( operation->password != NULL )
return( PSA_ERROR_BAD_STATE );
status = psa_get_and_lock_key_slot_with_policy( password, &slot, status = psa_get_and_lock_key_slot_with_policy( password, &slot,
PSA_KEY_USAGE_DERIVE, PSA_KEY_USAGE_DERIVE,
PSA_ALG_JPAKE ); PSA_ALG_JPAKE );
if( status != PSA_SUCCESS ) if( status != PSA_SUCCESS )
return( status ); return( status );
if( operation->password != NULL )
return( PSA_ERROR_BAD_STATE );
operation->password = mbedtls_calloc( 1, slot->key.bytes ); operation->password = mbedtls_calloc( 1, slot->key.bytes );
if( operation->password == NULL ) if( operation->password == NULL )
{ {
status = psa_unlock_key_slot( slot ); psa_unlock_key_slot( slot );
return( PSA_ERROR_INSUFFICIENT_MEMORY ); return( PSA_ERROR_INSUFFICIENT_MEMORY );
} }
memcpy( operation->password, slot->key.data, slot->key.bytes ); memcpy( operation->password, slot->key.data, slot->key.bytes );
@ -388,14 +388,14 @@ static psa_status_t psa_pake_ecjpake_setup( psa_pake_operation_t *operation )
operation->password, operation->password,
operation->password_len ); operation->password_len );
if( ret != 0 )
return( mbedtls_ecjpake_to_psa_error( ret ) );
mbedtls_platform_zeroize( operation->password, operation->password_len ); mbedtls_platform_zeroize( operation->password, operation->password_len );
mbedtls_free( operation->password ); mbedtls_free( operation->password );
operation->password = NULL; operation->password = NULL;
operation->password_len = 0; operation->password_len = 0;
if( ret != 0 )
return( mbedtls_ecjpake_to_psa_error( ret ) );
operation->state = PSA_PAKE_STATE_READY; operation->state = PSA_PAKE_STATE_READY;
return( PSA_SUCCESS ); return( PSA_SUCCESS );
@ -445,14 +445,8 @@ static psa_status_t psa_pake_output_internal(
if( operation->state == PSA_PAKE_STATE_SETUP ) { if( operation->state == PSA_PAKE_STATE_SETUP ) {
status = psa_pake_ecjpake_setup( operation ); status = psa_pake_ecjpake_setup( operation );
if( status != PSA_SUCCESS ) if( status != PSA_SUCCESS )
{
mbedtls_platform_zeroize( operation->password, operation->password_len );
mbedtls_free( operation->password );
operation->password = NULL;
operation->password_len = 0;
return( status ); return( status );
} }
}
if( operation->state != PSA_PAKE_STATE_READY && if( operation->state != PSA_PAKE_STATE_READY &&
operation->state != PSA_PAKE_OUTPUT_X1_X2 && operation->state != PSA_PAKE_OUTPUT_X1_X2 &&
@ -659,14 +653,8 @@ static psa_status_t psa_pake_input_internal(
{ {
status = psa_pake_ecjpake_setup( operation ); status = psa_pake_ecjpake_setup( operation );
if( status != PSA_SUCCESS ) if( status != PSA_SUCCESS )
{
mbedtls_platform_zeroize( operation->password, operation->password_len );
mbedtls_free( operation->password );
operation->password = NULL;
operation->password_len = 0;
return( status ); return( status );
} }
}
if( operation->state != PSA_PAKE_STATE_READY && if( operation->state != PSA_PAKE_STATE_READY &&
operation->state != PSA_PAKE_INPUT_X1_X2 && operation->state != PSA_PAKE_INPUT_X1_X2 &&