mirror/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-03-26 02:37:08 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Further pake code optimizations

Browse Source 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
This commit is contained in:
Przemek Stekiel 2023-02-27 10:20:06 +01:00
parent f5dcb8886a
commit e3ef3a15cd
3 changed files with 48 additions and 67 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
include/psa/crypto_builtin_composites.h
View File

@ -208,7 +208,7 @@ typedef struct {
union { union {
unsigned int MBEDTLS_PRIVATE(dummy); unsigned int MBEDTLS_PRIVATE(dummy);
#if defined(MBEDTLS_PSA_BUILTIN_ALG_JPAKE) #if defined(MBEDTLS_PSA_BUILTIN_ALG_JPAKE)
mbedtls_ecjpake_context MBEDTLS_PRIVATE(pake); mbedtls_ecjpake_context MBEDTLS_PRIVATE(jpake);
#endif #endif
} MBEDTLS_PRIVATE(ctx); } MBEDTLS_PRIVATE(ctx);

78
library/psa_crypto.c
View File

@ -7238,7 +7238,6 @@ psa_status_t psa_pake_setup(
const psa_pake_cipher_suite_t *cipher_suite) const psa_pake_cipher_suite_t *cipher_suite)
{ {
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
psa_status_t abort_status = PSA_ERROR_CORRUPTION_DETECTED;
if (operation->stage != PSA_PAKE_OPERATION_STAGE_SETUP) { if (operation->stage != PSA_PAKE_OPERATION_STAGE_SETUP) {
status = PSA_ERROR_BAD_STATE; status = PSA_ERROR_BAD_STATE;
@ -7266,8 +7265,7 @@ psa_status_t psa_pake_setup(
computation_stage->input_step = PSA_PAKE_STEP_X1_X2; computation_stage->input_step = PSA_PAKE_STEP_X1_X2;
computation_stage->output_step = PSA_PAKE_STEP_X1_X2; computation_stage->output_step = PSA_PAKE_STEP_X1_X2;
} else } else
#else #endif /* PSA_WANT_ALG_JPAKE */
#endif
{ {
status = PSA_ERROR_NOT_SUPPORTED; status = PSA_ERROR_NOT_SUPPORTED;
goto exit; goto exit;
@ -7277,8 +7275,8 @@ psa_status_t psa_pake_setup(
return PSA_SUCCESS; return PSA_SUCCESS;
exit: exit:
abort_status = psa_pake_abort(operation); psa_pake_abort(operation);
return status == PSA_SUCCESS ? abort_status : status; return status;
} }
psa_status_t psa_pake_set_password_key( psa_status_t psa_pake_set_password_key(
@ -7287,7 +7285,6 @@ psa_status_t psa_pake_set_password_key(
{ {
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
psa_status_t unlock_status = PSA_ERROR_CORRUPTION_DETECTED; psa_status_t unlock_status = PSA_ERROR_CORRUPTION_DETECTED;
psa_status_t abort_status = PSA_ERROR_CORRUPTION_DETECTED;
psa_key_slot_t *slot = NULL; psa_key_slot_t *slot = NULL;
if (operation->stage != PSA_PAKE_OPERATION_STAGE_COLLECT_INPUTS) { if (operation->stage != PSA_PAKE_OPERATION_STAGE_COLLECT_INPUTS) {
@ -7323,15 +7320,12 @@ psa_status_t psa_pake_set_password_key(
memcpy(operation->data.inputs.password, slot->key.data, slot->key.bytes); memcpy(operation->data.inputs.password, slot->key.data, slot->key.bytes);
operation->data.inputs.password_len = slot->key.bytes; operation->data.inputs.password_len = slot->key.bytes;
operation->data.inputs.attributes = attributes; operation->data.inputs.attributes = attributes;
unlock_status = psa_unlock_key_slot(slot);
return unlock_status;
exit: exit:
if (status != PSA_SUCCESS) {
psa_pake_abort(operation);
}
unlock_status = psa_unlock_key_slot(slot); unlock_status = psa_unlock_key_slot(slot);
abort_status = psa_pake_abort(operation); return (status == PSA_SUCCESS) ? unlock_status : status;
status = (status == PSA_SUCCESS) ? unlock_status : status;
return (status == PSA_SUCCESS) ? abort_status : status;
} }
psa_status_t psa_pake_set_user( psa_status_t psa_pake_set_user(
@ -7340,7 +7334,6 @@ psa_status_t psa_pake_set_user(
size_t user_id_len) size_t user_id_len)
{ {
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
psa_status_t abort_status = PSA_ERROR_CORRUPTION_DETECTED;
(void) user_id; (void) user_id;
if (operation->stage != PSA_PAKE_OPERATION_STAGE_COLLECT_INPUTS) { if (operation->stage != PSA_PAKE_OPERATION_STAGE_COLLECT_INPUTS) {
@ -7355,8 +7348,8 @@ psa_status_t psa_pake_set_user(
return PSA_ERROR_NOT_SUPPORTED; return PSA_ERROR_NOT_SUPPORTED;
exit: exit:
abort_status = psa_pake_abort(operation); psa_pake_abort(operation);
return status == PSA_SUCCESS ? abort_status : status; return status;
} }
psa_status_t psa_pake_set_peer( psa_status_t psa_pake_set_peer(
@ -7365,7 +7358,6 @@ psa_status_t psa_pake_set_peer(
size_t peer_id_len) size_t peer_id_len)
{ {
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
psa_status_t abort_status = PSA_ERROR_CORRUPTION_DETECTED;
(void) peer_id; (void) peer_id;
if (operation->stage != PSA_PAKE_OPERATION_STAGE_COLLECT_INPUTS) { if (operation->stage != PSA_PAKE_OPERATION_STAGE_COLLECT_INPUTS) {
@ -7380,8 +7372,8 @@ psa_status_t psa_pake_set_peer(
return PSA_ERROR_NOT_SUPPORTED; return PSA_ERROR_NOT_SUPPORTED;
exit: exit:
abort_status = psa_pake_abort(operation); psa_pake_abort(operation);
return status == PSA_SUCCESS ? abort_status : status; return status;
} }
psa_status_t psa_pake_set_role( psa_status_t psa_pake_set_role(
@ -7389,7 +7381,6 @@ psa_status_t psa_pake_set_role(
psa_pake_role_t role) psa_pake_role_t role)
{ {
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
psa_status_t abort_status = PSA_ERROR_CORRUPTION_DETECTED;
if (operation->stage != PSA_PAKE_OPERATION_STAGE_COLLECT_INPUTS) { if (operation->stage != PSA_PAKE_OPERATION_STAGE_COLLECT_INPUTS) {
status = PSA_ERROR_BAD_STATE; status = PSA_ERROR_BAD_STATE;
@ -7409,8 +7400,8 @@ psa_status_t psa_pake_set_role(
return PSA_SUCCESS; return PSA_SUCCESS;
exit: exit:
abort_status = psa_pake_abort(operation); psa_pake_abort(operation);
return status == PSA_SUCCESS ? abort_status : status; return status;
} }
/* Auxiliary function to convert core computation stage(step, sequence, state) to single driver step. */ /* Auxiliary function to convert core computation stage(step, sequence, state) to single driver step. */
@ -7477,7 +7468,7 @@ static psa_crypto_driver_pake_step_t convert_jpake_computation_stage_to_driver_s
} }
return PSA_JPAKE_STEP_INVALID; return PSA_JPAKE_STEP_INVALID;
} }
#endif #endif /* PSA_WANT_ALG_JPAKE */
static psa_status_t psa_pake_complete_inputs( static psa_status_t psa_pake_complete_inputs(
psa_pake_operation_t *operation) psa_pake_operation_t *operation)
@ -7518,7 +7509,7 @@ static psa_status_t psa_pake_complete_inputs(
computation_stage->input_step = PSA_PAKE_STEP_X1_X2; computation_stage->input_step = PSA_PAKE_STEP_X1_X2;
computation_stage->output_step = PSA_PAKE_STEP_X1_X2; computation_stage->output_step = PSA_PAKE_STEP_X1_X2;
} else } else
#endif #endif /* PSA_WANT_ALG_JPAKE */
{ {
status = PSA_ERROR_NOT_SUPPORTED; status = PSA_ERROR_NOT_SUPPORTED;
} }
@ -7598,9 +7589,7 @@ static psa_status_t psa_jpake_output_prologue(
return PSA_SUCCESS; return PSA_SUCCESS;
} }
#endif
#if defined(MBEDTLS_PSA_BUILTIN_ALG_JPAKE)
static psa_status_t psa_jpake_output_epilogue( static psa_status_t psa_jpake_output_epilogue(
psa_pake_operation_t *operation) psa_pake_operation_t *operation)
{ {
@ -7620,7 +7609,7 @@ static psa_status_t psa_jpake_output_epilogue(
return PSA_SUCCESS; return PSA_SUCCESS;
} }
#endif #endif /* PSA_WANT_ALG_JPAKE */
psa_status_t psa_pake_output( psa_status_t psa_pake_output(
psa_pake_operation_t *operation, psa_pake_operation_t *operation,
@ -7630,7 +7619,6 @@ psa_status_t psa_pake_output(
size_t *output_length) size_t *output_length)
{ {
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
psa_status_t abort_status = PSA_ERROR_CORRUPTION_DETECTED;
*output_length = 0; *output_length = 0;
if (operation->stage == PSA_PAKE_OPERATION_STAGE_COLLECT_INPUTS) { if (operation->stage == PSA_PAKE_OPERATION_STAGE_COLLECT_INPUTS) {
@ -7658,7 +7646,7 @@ psa_status_t psa_pake_output(
goto exit; goto exit;
} }
break; break;
#endif #endif /* PSA_WANT_ALG_JPAKE */
default: default:
(void) step; (void) step;
status = PSA_ERROR_NOT_SUPPORTED; status = PSA_ERROR_NOT_SUPPORTED;
@ -7675,7 +7663,7 @@ psa_status_t psa_pake_output(
#else #else
(void) output; (void) output;
status = PSA_ERROR_NOT_SUPPORTED; status = PSA_ERROR_NOT_SUPPORTED;
#endif #endif /* PSA_WANT_ALG_JPAKE */
if (status != PSA_SUCCESS) { if (status != PSA_SUCCESS) {
goto exit; goto exit;
@ -7689,7 +7677,7 @@ psa_status_t psa_pake_output(
goto exit; goto exit;
} }
break; break;
#endif #endif /* PSA_WANT_ALG_JPAKE */
default: default:
status = PSA_ERROR_NOT_SUPPORTED; status = PSA_ERROR_NOT_SUPPORTED;
goto exit; goto exit;
@ -7697,8 +7685,8 @@ psa_status_t psa_pake_output(
return PSA_SUCCESS; return PSA_SUCCESS;
exit: exit:
abort_status = psa_pake_abort(operation); psa_pake_abort(operation);
return status == PSA_SUCCESS ? abort_status : status; return status;
} }
#if defined(MBEDTLS_PSA_BUILTIN_ALG_JPAKE) #if defined(MBEDTLS_PSA_BUILTIN_ALG_JPAKE)
@ -7780,9 +7768,7 @@ static psa_status_t psa_jpake_input_prologue(
return PSA_SUCCESS; return PSA_SUCCESS;
} }
#endif
#if defined(MBEDTLS_PSA_BUILTIN_ALG_JPAKE)
static psa_status_t psa_jpake_input_epilogue( static psa_status_t psa_jpake_input_epilogue(
psa_pake_operation_t *operation) psa_pake_operation_t *operation)
{ {
@ -7802,7 +7788,7 @@ static psa_status_t psa_jpake_input_epilogue(
return PSA_SUCCESS; return PSA_SUCCESS;
} }
#endif #endif /* PSA_WANT_ALG_JPAKE */
psa_status_t psa_pake_input( psa_status_t psa_pake_input(
psa_pake_operation_t *operation, psa_pake_operation_t *operation,
@ -7811,7 +7797,6 @@ psa_status_t psa_pake_input(
size_t input_length) size_t input_length)
{ {
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
psa_status_t abort_status = PSA_ERROR_CORRUPTION_DETECTED;
if (operation->stage == PSA_PAKE_OPERATION_STAGE_COLLECT_INPUTS) { if (operation->stage == PSA_PAKE_OPERATION_STAGE_COLLECT_INPUTS) {
status = psa_pake_complete_inputs(operation); status = psa_pake_complete_inputs(operation);
@ -7838,10 +7823,11 @@ psa_status_t psa_pake_input(
goto exit; goto exit;
} }
break; break;
#endif #endif /* PSA_WANT_ALG_JPAKE */
default: default:
(void) step; (void) step;
return PSA_ERROR_NOT_SUPPORTED; status = PSA_ERROR_NOT_SUPPORTED;
goto exit;
} }
#if defined(MBEDTLS_PSA_BUILTIN_ALG_JPAKE) #if defined(MBEDTLS_PSA_BUILTIN_ALG_JPAKE)
@ -7853,7 +7839,7 @@ psa_status_t psa_pake_input(
#else #else
(void) input; (void) input;
status = PSA_ERROR_NOT_SUPPORTED; status = PSA_ERROR_NOT_SUPPORTED;
#endif #endif /* PSA_WANT_ALG_JPAKE */
if (status != PSA_SUCCESS) { if (status != PSA_SUCCESS) {
goto exit; goto exit;
@ -7867,7 +7853,7 @@ psa_status_t psa_pake_input(
goto exit; goto exit;
} }
break; break;
#endif #endif /* PSA_WANT_ALG_JPAKE */
default: default:
status = PSA_ERROR_NOT_SUPPORTED; status = PSA_ERROR_NOT_SUPPORTED;
goto exit; goto exit;
@ -7875,8 +7861,8 @@ psa_status_t psa_pake_input(
return PSA_SUCCESS; return PSA_SUCCESS;
exit: exit:
abort_status = psa_pake_abort(operation); psa_pake_abort(operation);
return status == PSA_SUCCESS ? abort_status : status; return status;
} }
psa_status_t psa_pake_get_implicit_key( psa_status_t psa_pake_get_implicit_key(
@ -7903,9 +7889,7 @@ psa_status_t psa_pake_get_implicit_key(
goto exit; goto exit;
} }
} else } else
#else #endif /* PSA_WANT_ALG_JPAKE */
#endif
{ {
status = PSA_ERROR_NOT_SUPPORTED; status = PSA_ERROR_NOT_SUPPORTED;
goto exit; goto exit;
@ -7925,7 +7909,7 @@ psa_status_t psa_pake_get_implicit_key(
shared_key, shared_key,
shared_key_len); shared_key_len);
mbedtls_platform_zeroize(shared_key, MBEDTLS_PSA_JPAKE_BUFFER_SIZE); mbedtls_platform_zeroize(shared_key, sizeof(shared_key));
exit: exit:
abort_status = psa_pake_abort(operation); abort_status = psa_pake_abort(operation);
return status == PSA_SUCCESS ? abort_status : status; return status == PSA_SUCCESS ? abort_status : status;

35
library/psa_crypto_pake.c
View File

@ -171,9 +171,9 @@ static psa_status_t psa_pake_ecjpake_setup(mbedtls_psa_pake_operation_t *operati
mbedtls_ecjpake_role role = (operation->role == PSA_PAKE_ROLE_CLIENT) ? mbedtls_ecjpake_role role = (operation->role == PSA_PAKE_ROLE_CLIENT) ?
MBEDTLS_ECJPAKE_CLIENT : MBEDTLS_ECJPAKE_SERVER; MBEDTLS_ECJPAKE_CLIENT : MBEDTLS_ECJPAKE_SERVER;
mbedtls_ecjpake_init(&operation->ctx.pake); mbedtls_ecjpake_init(&operation->ctx.jpake);
ret = mbedtls_ecjpake_setup(&operation->ctx.pake, ret = mbedtls_ecjpake_setup(&operation->ctx.jpake,
role, role,
MBEDTLS_MD_SHA256, MBEDTLS_MD_SHA256,
MBEDTLS_ECP_DP_SECP256R1, MBEDTLS_ECP_DP_SECP256R1,
@ -295,9 +295,9 @@ static psa_status_t mbedtls_psa_pake_output_internal(
if (operation->alg == PSA_ALG_JPAKE) { if (operation->alg == PSA_ALG_JPAKE) {
/* Initialize & write round on KEY_SHARE sequences */ /* Initialize & write round on KEY_SHARE sequences */
if (step == PSA_JPAKE_X1_STEP_KEY_SHARE) { if (step == PSA_JPAKE_X1_STEP_KEY_SHARE) {
ret = mbedtls_ecjpake_write_round_one(&operation->ctx.pake, ret = mbedtls_ecjpake_write_round_one(&operation->ctx.jpake,
operation->buffer, operation->buffer,
MBEDTLS_PSA_JPAKE_BUFFER_SIZE, sizeof(operation->buffer),
&operation->buffer_length, &operation->buffer_length,
mbedtls_psa_get_random, mbedtls_psa_get_random,
MBEDTLS_PSA_RANDOM_STATE); MBEDTLS_PSA_RANDOM_STATE);
@ -307,9 +307,9 @@ static psa_status_t mbedtls_psa_pake_output_internal(
operation->buffer_offset = 0; operation->buffer_offset = 0;
} else if (step == PSA_JPAKE_X2S_STEP_KEY_SHARE) { } else if (step == PSA_JPAKE_X2S_STEP_KEY_SHARE) {
ret = mbedtls_ecjpake_write_round_two(&operation->ctx.pake, ret = mbedtls_ecjpake_write_round_two(&operation->ctx.jpake,
operation->buffer, operation->buffer,
MBEDTLS_PSA_JPAKE_BUFFER_SIZE, sizeof(operation->buffer),
&operation->buffer_length, &operation->buffer_length,
mbedtls_psa_get_random, mbedtls_psa_get_random,
MBEDTLS_PSA_RANDOM_STATE); MBEDTLS_PSA_RANDOM_STATE);
@ -359,7 +359,7 @@ static psa_status_t mbedtls_psa_pake_output_internal(
/* Reset buffer after ZK_PROOF sequence */ /* Reset buffer after ZK_PROOF sequence */
if ((step == PSA_JPAKE_X2_STEP_ZK_PROOF) || if ((step == PSA_JPAKE_X2_STEP_ZK_PROOF) ||
(step == PSA_JPAKE_X2S_STEP_ZK_PROOF)) { (step == PSA_JPAKE_X2S_STEP_ZK_PROOF)) {
mbedtls_platform_zeroize(operation->buffer, MBEDTLS_PSA_JPAKE_BUFFER_SIZE); mbedtls_platform_zeroize(operation->buffer, sizeof(operation->buffer));
operation->buffer_length = 0; operation->buffer_length = 0;
operation->buffer_offset = 0; operation->buffer_offset = 0;
} }
@ -446,22 +446,22 @@ static psa_status_t mbedtls_psa_pake_input_internal(
/* Load buffer at each last round ZK_PROOF */ /* Load buffer at each last round ZK_PROOF */
if (step == PSA_JPAKE_X2_STEP_ZK_PROOF) { if (step == PSA_JPAKE_X2_STEP_ZK_PROOF) {
ret = mbedtls_ecjpake_read_round_one(&operation->ctx.pake, ret = mbedtls_ecjpake_read_round_one(&operation->ctx.jpake,
operation->buffer, operation->buffer,
operation->buffer_length); operation->buffer_length);
mbedtls_platform_zeroize(operation->buffer, MBEDTLS_PSA_JPAKE_BUFFER_SIZE); mbedtls_platform_zeroize(operation->buffer, sizeof(operation->buffer));
operation->buffer_length = 0; operation->buffer_length = 0;
if (ret != 0) { if (ret != 0) {
return mbedtls_ecjpake_to_psa_error(ret); return mbedtls_ecjpake_to_psa_error(ret);
} }
} else if (step == PSA_JPAKE_X4S_STEP_ZK_PROOF) { } else if (step == PSA_JPAKE_X4S_STEP_ZK_PROOF) {
ret = mbedtls_ecjpake_read_round_two(&operation->ctx.pake, ret = mbedtls_ecjpake_read_round_two(&operation->ctx.jpake,
operation->buffer, operation->buffer,
operation->buffer_length); operation->buffer_length);
mbedtls_platform_zeroize(operation->buffer, MBEDTLS_PSA_JPAKE_BUFFER_SIZE); mbedtls_platform_zeroize(operation->buffer, sizeof(operation->buffer));
operation->buffer_length = 0; operation->buffer_length = 0;
if (ret != 0) { if (ret != 0) {
@ -499,19 +499,16 @@ psa_status_t mbedtls_psa_pake_get_implicit_key(
#if defined(MBEDTLS_PSA_BUILTIN_ALG_JPAKE) #if defined(MBEDTLS_PSA_BUILTIN_ALG_JPAKE)
if (operation->alg == PSA_ALG_JPAKE) { if (operation->alg == PSA_ALG_JPAKE) {
ret = mbedtls_ecjpake_write_shared_key(&operation->ctx.pake, ret = mbedtls_ecjpake_write_shared_key(&operation->ctx.jpake,
operation->buffer, output,
output_size, output_size,
&operation->buffer_length, output_length,
mbedtls_psa_get_random, mbedtls_psa_get_random,
MBEDTLS_PSA_RANDOM_STATE); MBEDTLS_PSA_RANDOM_STATE);
if (ret != 0) { if (ret != 0) {
return mbedtls_ecjpake_to_psa_error(ret); return mbedtls_ecjpake_to_psa_error(ret);
} }
memcpy(output, operation->buffer, operation->buffer_length);
*output_length = operation->buffer_length;
return PSA_SUCCESS; return PSA_SUCCESS;
} else } else
#else #else
@ -530,10 +527,10 @@ psa_status_t mbedtls_psa_pake_abort(mbedtls_psa_pake_operation_t *operation)
#if defined(MBEDTLS_PSA_BUILTIN_ALG_JPAKE) #if defined(MBEDTLS_PSA_BUILTIN_ALG_JPAKE)
if (operation->alg == PSA_ALG_JPAKE) { if (operation->alg == PSA_ALG_JPAKE) {
operation->role = PSA_PAKE_ROLE_NONE; operation->role = PSA_PAKE_ROLE_NONE;
mbedtls_platform_zeroize(operation->buffer, MBEDTLS_PSA_JPAKE_BUFFER_SIZE); mbedtls_platform_zeroize(operation->buffer, sizeof(operation->buffer));
operation->buffer_length = 0; operation->buffer_length = 0;
operation->buffer_offset = 0; operation->buffer_offset = 0;
mbedtls_ecjpake_free(&operation->ctx.pake); mbedtls_ecjpake_free(&operation->ctx.jpake);
} }
#endif #endif