psa_hmac_start: reduce stack usage
Store the temporary key in the long-key case (where the key is first hashed) directly into ipad. This reduces the stack usage a little, at a slight cost in complexity.
This commit is contained in:
parent
6a0a44e167
commit
d223b52a9a
1 changed files with 16 additions and 19 deletions
|
@ -1061,11 +1061,9 @@ static int psa_cmac_start( psa_mac_operation_t *operation,
|
||||||
|
|
||||||
static int psa_hmac_start( psa_mac_operation_t *operation,
|
static int psa_hmac_start( psa_mac_operation_t *operation,
|
||||||
psa_key_type_t key_type,
|
psa_key_type_t key_type,
|
||||||
size_t key_bits,
|
|
||||||
key_slot_t *slot,
|
key_slot_t *slot,
|
||||||
psa_algorithm_t alg )
|
psa_algorithm_t alg )
|
||||||
{
|
{
|
||||||
unsigned char sum[PSA_CRYPTO_MD_MAX_SIZE];
|
|
||||||
unsigned char ipad[PSA_CRYPTO_MD_BLOCK_SIZE];
|
unsigned char ipad[PSA_CRYPTO_MD_BLOCK_SIZE];
|
||||||
unsigned char *opad = operation->ctx.hmac.hmac_ctx;
|
unsigned char *opad = operation->ctx.hmac.hmac_ctx;
|
||||||
size_t i;
|
size_t i;
|
||||||
|
@ -1073,7 +1071,6 @@ static int psa_hmac_start( psa_mac_operation_t *operation,
|
||||||
PSA_HASH_BLOCK_SIZE( ( PSA_ALG_HMAC_HASH( alg ) ) );
|
PSA_HASH_BLOCK_SIZE( ( PSA_ALG_HMAC_HASH( alg ) ) );
|
||||||
unsigned int digest_size =
|
unsigned int digest_size =
|
||||||
PSA_HASH_FINAL_SIZE( ( PSA_ALG_HMAC_HASH( alg ) ) );
|
PSA_HASH_FINAL_SIZE( ( PSA_ALG_HMAC_HASH( alg ) ) );
|
||||||
uint8_t* key_ptr = slot->data.raw.data;
|
|
||||||
size_t key_length = slot->data.raw.bytes;
|
size_t key_length = slot->data.raw.bytes;
|
||||||
psa_status_t status;
|
psa_status_t status;
|
||||||
|
|
||||||
|
@ -1091,27 +1088,31 @@ static int psa_hmac_start( psa_mac_operation_t *operation,
|
||||||
if( status != PSA_SUCCESS )
|
if( status != PSA_SUCCESS )
|
||||||
return( status );
|
return( status );
|
||||||
|
|
||||||
if( key_bits / 8 > block_size )
|
if( key_length > block_size )
|
||||||
{
|
{
|
||||||
status = psa_hash_update( &operation->ctx.hmac.hash_ctx,
|
status = psa_hash_update( &operation->ctx.hmac.hash_ctx,
|
||||||
key_ptr, slot->data.raw.bytes);
|
slot->data.raw.data, slot->data.raw.bytes );
|
||||||
if( status != PSA_SUCCESS )
|
if( status != PSA_SUCCESS )
|
||||||
return( status );
|
return( status );
|
||||||
status = psa_hash_finish( &operation->ctx.hmac.hash_ctx,
|
status = psa_hash_finish( &operation->ctx.hmac.hash_ctx,
|
||||||
sum, sizeof( sum ), &key_length );
|
ipad, sizeof( ipad ), &key_length );
|
||||||
if( status != PSA_SUCCESS )
|
if( status != PSA_SUCCESS )
|
||||||
return( status );
|
return( status );
|
||||||
key_ptr = sum;
|
|
||||||
}
|
}
|
||||||
|
else
|
||||||
|
memcpy( ipad, slot->data.raw.data, slot->data.raw.bytes );
|
||||||
|
|
||||||
memset( ipad, 0x36, block_size );
|
/* ipad contains the key followed by garbage. Xor and fill with 0x36
|
||||||
memset( opad, 0x5C, block_size );
|
* to create the ipad value. */
|
||||||
|
|
||||||
for( i = 0; i < key_length; i++ )
|
for( i = 0; i < key_length; i++ )
|
||||||
{
|
ipad[i] ^= 0x36;
|
||||||
ipad[i] = ipad[i] ^ key_ptr[i];
|
memset( ipad + key_length, 0x36, block_size - key_length );
|
||||||
opad[i] = opad[i] ^ key_ptr[i];
|
|
||||||
}
|
/* Copy the key material from ipad to opad, flipping the requisite bits,
|
||||||
|
* and filling the rest of opad with the requisite constant. */
|
||||||
|
for( i = 0; i < key_length; i++ )
|
||||||
|
opad[i] = ipad[i] ^ 0x36 ^ 0x5C;
|
||||||
|
memset( opad + key_length, 0x5C, block_size - key_length );
|
||||||
|
|
||||||
status = psa_hash_start( &operation->ctx.hmac.hash_ctx,
|
status = psa_hash_start( &operation->ctx.hmac.hash_ctx,
|
||||||
PSA_ALG_HMAC_HASH( alg ) );
|
PSA_ALG_HMAC_HASH( alg ) );
|
||||||
|
@ -1122,8 +1123,6 @@ static int psa_hmac_start( psa_mac_operation_t *operation,
|
||||||
block_size );
|
block_size );
|
||||||
|
|
||||||
cleanup:
|
cleanup:
|
||||||
if( key_bits / 8 > (size_t) block_size )
|
|
||||||
mbedtls_zeroize( sum, key_length );
|
|
||||||
mbedtls_zeroize( ipad, key_length );
|
mbedtls_zeroize( ipad, key_length );
|
||||||
/* opad is in the context. It needs to stay in memory if this function
|
/* opad is in the context. It needs to stay in memory if this function
|
||||||
* succeeds, and it will be wiped by psa_mac_abort() called from
|
* succeeds, and it will be wiped by psa_mac_abort() called from
|
||||||
|
@ -1184,9 +1183,7 @@ psa_status_t psa_mac_start( psa_mac_operation_t *operation,
|
||||||
default:
|
default:
|
||||||
#if defined(MBEDTLS_MD_C)
|
#if defined(MBEDTLS_MD_C)
|
||||||
if( PSA_ALG_IS_HMAC( alg ) )
|
if( PSA_ALG_IS_HMAC( alg ) )
|
||||||
status = psa_hmac_start( operation,
|
status = psa_hmac_start( operation, key_type, slot, alg );
|
||||||
key_type, key_bits, slot,
|
|
||||||
alg );
|
|
||||||
else
|
else
|
||||||
#endif /* MBEDTLS_MD_C */
|
#endif /* MBEDTLS_MD_C */
|
||||||
return( PSA_ERROR_NOT_SUPPORTED );
|
return( PSA_ERROR_NOT_SUPPORTED );
|
||||||
|
|
Loading…
Reference in a new issue