mirror of
https://github.com/Mbed-TLS/mbedtls.git
synced 2025-01-30 15:32:58 +00:00
Unify ssl_calc_finished_tls_sha{256,384}
Saves about 50-60 bytes on m0+ depending on whether USE_PSA is set. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
This commit is contained in:
Manuel Pégourié-Gonnard
parent
74970664a9
commit
de33278e43
@ -7639,20 +7639,22 @@ exit:
|
||||
}
|
||||
#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
|
||||
|
||||
#if defined(MBEDTLS_MD_CAN_SHA256)
|
||||
static int ssl_calc_finished_tls_sha256(
|
||||
mbedtls_ssl_context *ssl, unsigned char *buf, int from)
|
||||
static int ssl_calc_finished_tls_generic(mbedtls_ssl_context *ssl, void *ctx,
|
||||
unsigned char *padbuf, size_t hlen,
|
||||
unsigned char *buf, int from)
|
||||
{
|
||||
int len = 12;
|
||||
const char *sender;
|
||||
unsigned char padbuf[32];
|
||||
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||
size_t hash_size;
|
||||
psa_hash_operation_t sha256_psa = PSA_HASH_OPERATION_INIT;
|
||||
psa_status_t status;
|
||||
psa_hash_operation_t *hs_op = ctx;
|
||||
psa_hash_operation_t copy = PSA_HASH_OPERATION_INIT;
|
||||
size_t hash_size;
|
||||
#else
|
||||
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
|
||||
mbedtls_md_context_t sha256;
|
||||
mbedtls_md_context_t *hs_ctx = ctx;
|
||||
mbedtls_md_context_t copy;
|
||||
mbedtls_md_init(©);
|
||||
#endif
|
||||
|
||||
mbedtls_ssl_session *session = ssl->session_negotiate;
|
||||
@ -7665,67 +7667,76 @@ static int ssl_calc_finished_tls_sha256(
|
||||
: "server finished";
|
||||
|
||||
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||
sha256_psa = psa_hash_operation_init();
|
||||
MBEDTLS_SSL_DEBUG_MSG(2, ("=> calc PSA finished tls"));
|
||||
|
||||
MBEDTLS_SSL_DEBUG_MSG(2, ("=> calc PSA finished tls sha256"));
|
||||
|
||||
status = psa_hash_clone(&ssl->handshake->fin_sha256_psa, &sha256_psa);
|
||||
status = psa_hash_clone(hs_op, ©);
|
||||
if (status != PSA_SUCCESS) {
|
||||
goto exit;
|
||||
}
|
||||
|
||||
status = psa_hash_finish(&sha256_psa, padbuf, sizeof(padbuf), &hash_size);
|
||||
status = psa_hash_finish(©, padbuf, hlen, &hash_size);
|
||||
if (status != PSA_SUCCESS) {
|
||||
goto exit;
|
||||
}
|
||||
MBEDTLS_SSL_DEBUG_BUF(3, "PSA calculated padbuf", padbuf, 32);
|
||||
MBEDTLS_SSL_DEBUG_BUF(3, "PSA calculated padbuf", padbuf, hlen);
|
||||
#else
|
||||
MBEDTLS_SSL_DEBUG_MSG(2, ("=> calc finished tls"));
|
||||
|
||||
mbedtls_md_init(&sha256);
|
||||
|
||||
MBEDTLS_SSL_DEBUG_MSG(2, ("=> calc finished tls sha256"));
|
||||
|
||||
ret = mbedtls_md_setup(&sha256, mbedtls_md_info_from_type(MBEDTLS_MD_SHA256), 0);
|
||||
ret = mbedtls_md_setup(©, mbedtls_md_info_from_ctx(hs_ctx), 0);
|
||||
if (ret != 0) {
|
||||
goto exit;
|
||||
}
|
||||
ret = mbedtls_md_clone(&sha256, &ssl->handshake->fin_sha256);
|
||||
ret = mbedtls_md_clone(©, hs_ctx);
|
||||
if (ret != 0) {
|
||||
goto exit;
|
||||
}
|
||||
|
||||
ret = mbedtls_md_finish(©, padbuf);
|
||||
if (ret != 0) {
|
||||
goto exit;
|
||||
}
|
||||
#endif /* MBEDTLS_USE_PSA_CRYPTO */
|
||||
|
||||
MBEDTLS_SSL_DEBUG_BUF(4, "finished output", padbuf, hlen);
|
||||
|
||||
/*
|
||||
* TLSv1.2:
|
||||
* hash = PRF( master, finished_label,
|
||||
* Hash( handshake ) )[0.11]
|
||||
*/
|
||||
|
||||
ret = mbedtls_md_finish(&sha256, padbuf);
|
||||
if (ret != 0) {
|
||||
goto exit;
|
||||
}
|
||||
#endif /* MBEDTLS_USE_PSA_CRYPTO */
|
||||
|
||||
MBEDTLS_SSL_DEBUG_BUF(4, "finished sha256 output", padbuf, 32);
|
||||
|
||||
ssl->handshake->tls_prf(session->master, 48, sender,
|
||||
padbuf, 32, buf, len);
|
||||
padbuf, hlen, buf, len);
|
||||
|
||||
MBEDTLS_SSL_DEBUG_BUF(3, "calc finished result", buf, len);
|
||||
|
||||
mbedtls_platform_zeroize(padbuf, sizeof(padbuf));
|
||||
|
||||
MBEDTLS_SSL_DEBUG_MSG(2, ("<= calc finished"));
|
||||
MBEDTLS_SSL_DEBUG_MSG(2, ("<= calc finished"));
|
||||
|
||||
exit:
|
||||
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||
psa_hash_abort(&sha256_psa);
|
||||
psa_hash_abort(©);
|
||||
return mbedtls_md_error_from_psa(status);
|
||||
#else
|
||||
mbedtls_md_free(&sha256);
|
||||
mbedtls_md_free(©);
|
||||
return ret;
|
||||
#endif /* MBEDTLS_USE_PSA_CRYPTO */
|
||||
}
|
||||
|
||||
#if defined(MBEDTLS_MD_CAN_SHA256)
|
||||
static int ssl_calc_finished_tls_sha256(
|
||||
mbedtls_ssl_context *ssl, unsigned char *buf, int from)
|
||||
{
|
||||
unsigned char padbuf[32];
|
||||
return ssl_calc_finished_tls_generic(ssl,
|
||||
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||
&ssl->handshake->fin_sha256_psa,
|
||||
#else
|
||||
&ssl->handshake->fin_sha256,
|
||||
#endif
|
||||
padbuf, sizeof(padbuf),
|
||||
buf, from);
|
||||
}
|
||||
#endif /* MBEDTLS_MD_CAN_SHA256*/
|
||||
|
||||
|
||||
@ -7733,87 +7744,15 @@ exit:
|
||||
static int ssl_calc_finished_tls_sha384(
|
||||
mbedtls_ssl_context *ssl, unsigned char *buf, int from)
|
||||
{
|
||||
int len = 12;
|
||||
const char *sender;
|
||||
unsigned char padbuf[48];
|
||||
return ssl_calc_finished_tls_generic(ssl,
|
||||
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||
size_t hash_size;
|
||||
psa_hash_operation_t sha384_psa = PSA_HASH_OPERATION_INIT;
|
||||
psa_status_t status;
|
||||
&ssl->handshake->fin_sha384_psa,
|
||||
#else
|
||||
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
|
||||
mbedtls_md_context_t sha384;
|
||||
&ssl->handshake->fin_sha384,
|
||||
#endif
|
||||
|
||||
mbedtls_ssl_session *session = ssl->session_negotiate;
|
||||
if (!session) {
|
||||
session = ssl->session;
|
||||
}
|
||||
|
||||
sender = (from == MBEDTLS_SSL_IS_CLIENT)
|
||||
? "client finished"
|
||||
: "server finished";
|
||||
|
||||
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||
sha384_psa = psa_hash_operation_init();
|
||||
|
||||
MBEDTLS_SSL_DEBUG_MSG(2, ("=> calc PSA finished tls sha384"));
|
||||
|
||||
status = psa_hash_clone(&ssl->handshake->fin_sha384_psa, &sha384_psa);
|
||||
if (status != PSA_SUCCESS) {
|
||||
goto exit;
|
||||
}
|
||||
|
||||
status = psa_hash_finish(&sha384_psa, padbuf, sizeof(padbuf), &hash_size);
|
||||
if (status != PSA_SUCCESS) {
|
||||
goto exit;
|
||||
}
|
||||
MBEDTLS_SSL_DEBUG_BUF(3, "PSA calculated padbuf", padbuf, 48);
|
||||
#else
|
||||
mbedtls_md_init(&sha384);
|
||||
|
||||
MBEDTLS_SSL_DEBUG_MSG(2, ("=> calc finished tls sha384"));
|
||||
|
||||
ret = mbedtls_md_setup(&sha384, mbedtls_md_info_from_type(MBEDTLS_MD_SHA384), 0);
|
||||
if (ret != 0) {
|
||||
goto exit;
|
||||
}
|
||||
ret = mbedtls_md_clone(&sha384, &ssl->handshake->fin_sha384);
|
||||
if (ret != 0) {
|
||||
goto exit;
|
||||
}
|
||||
|
||||
/*
|
||||
* TLSv1.2:
|
||||
* hash = PRF( master, finished_label,
|
||||
* Hash( handshake ) )[0.11]
|
||||
*/
|
||||
|
||||
ret = mbedtls_md_finish(&sha384, padbuf);
|
||||
if (ret != 0) {
|
||||
goto exit;
|
||||
}
|
||||
#endif
|
||||
|
||||
MBEDTLS_SSL_DEBUG_BUF(4, "finished sha384 output", padbuf, 48);
|
||||
|
||||
ssl->handshake->tls_prf(session->master, 48, sender,
|
||||
padbuf, 48, buf, len);
|
||||
|
||||
MBEDTLS_SSL_DEBUG_BUF(3, "calc finished result", buf, len);
|
||||
|
||||
mbedtls_platform_zeroize(padbuf, sizeof(padbuf));
|
||||
|
||||
MBEDTLS_SSL_DEBUG_MSG(2, ("<= calc finished"));
|
||||
|
||||
exit:
|
||||
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||
psa_hash_abort(&sha384_psa);
|
||||
return mbedtls_md_error_from_psa(status);
|
||||
#else
|
||||
mbedtls_md_free(&sha384);
|
||||
return ret;
|
||||
#endif /* MBEDTLS_USE_PSA_CRYPTO */
|
||||
padbuf, sizeof(padbuf),
|
||||
buf, from);
|
||||
}
|
||||
#endif /* MBEDTLS_MD_CAN_SHA384*/
|
||||
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user