change hmac context to use statically allocated memory

1. removed dynamic allocation of stack context
2. moved ipad to stack
3. added defines for maximal sizes
This commit is contained in:
Nir Sonnenschein 2018-06-07 16:20:17 +03:00 committed by itayzafrir
parent 0c9ec53a10
commit 35dfbf4601
2 changed files with 15 additions and 17 deletions

View file

@ -45,6 +45,14 @@
#include "mbedtls/sha256.h" #include "mbedtls/sha256.h"
#include "mbedtls/sha512.h" #include "mbedtls/sha512.h"
#if defined(MBEDTLS_SHA512_C)
#define PSA_CRYPTO_MD_MAX_SIZE 64
#define PSA_CRYPTO_MD_BLOCK_SIZE 128
#else
#define PSA_CRYPTO_MD_MAX_SIZE 32
#define PSA_CRYPTO_MD_BLOCK_SIZE 64
#endif
struct psa_hash_operation_s struct psa_hash_operation_s
{ {
psa_algorithm_t alg; psa_algorithm_t alg;
@ -77,11 +85,10 @@ struct psa_hash_operation_s
typedef struct { typedef struct {
unsigned int block_size;
/** The hash context. */ /** The hash context. */
struct psa_hash_operation_s hash_ctx; struct psa_hash_operation_s hash_ctx;
/** The HMAC part of the context. */ /** The HMAC part of the context. */
void *hmac_ctx; char hmac_ctx[PSA_CRYPTO_MD_BLOCK_SIZE];
} psa_hmac_internal_data; } psa_hmac_internal_data;

View file

@ -1074,8 +1074,7 @@ psa_status_t psa_mac_abort( psa_mac_operation_t *operation )
if ( operation->ctx.hmac.hmac_ctx != NULL ) if ( operation->ctx.hmac.hmac_ctx != NULL )
{ {
mbedtls_zeroize( operation->ctx.hmac.hmac_ctx, mbedtls_zeroize( operation->ctx.hmac.hmac_ctx,
block_size * 2 ); block_size);
mbedtls_free( operation->ctx.hmac.hmac_ctx );
} }
} }
else else
@ -1155,8 +1154,9 @@ psa_status_t psa_mac_start( psa_mac_operation_t *operation,
#if defined(MBEDTLS_MD_C) #if defined(MBEDTLS_MD_C)
if( PSA_ALG_IS_HMAC( alg ) ) if( PSA_ALG_IS_HMAC( alg ) )
{ {
unsigned char sum[MBEDTLS_MD_MAX_SIZE]; unsigned char sum[PSA_CRYPTO_MD_MAX_SIZE];
unsigned char *ipad, *opad; unsigned char ipad[PSA_CRYPTO_MD_BLOCK_SIZE];
unsigned char *opad;
size_t i; size_t i;
size_t sum_size = MBEDTLS_MD_MAX_SIZE; size_t sum_size = MBEDTLS_MD_MAX_SIZE;
unsigned int block_size = 0; unsigned int block_size = 0;
@ -1171,12 +1171,6 @@ psa_status_t psa_mac_start( psa_mac_operation_t *operation,
operation->iv_required = 0; operation->iv_required = 0;
operation->mac_size = digest_size; operation->mac_size = digest_size;
operation->ctx.hmac.hmac_ctx = mbedtls_calloc( 2, block_size );
if( operation->ctx.hmac.hmac_ctx == NULL )
{
ret = MBEDTLS_ERR_MD_ALLOC_FAILED;
goto cleanup;
}
status = psa_hash_start( &operation->ctx.hmac.hash_ctx, status = psa_hash_start( &operation->ctx.hmac.hash_ctx,
PSA_ALG_HMAC_HASH( alg ) ); PSA_ALG_HMAC_HASH( alg ) );
@ -1198,9 +1192,7 @@ psa_status_t psa_mac_start( psa_mac_operation_t *operation,
key_ptr = sum; key_ptr = sum;
} }
ipad = ( unsigned char * ) operation->ctx.hmac.hmac_ctx; opad = ( unsigned char * ) operation->ctx.hmac.hmac_ctx;
opad = ( unsigned char * ) operation->ctx.hmac.hmac_ctx +
block_size;
memset( ipad, 0x36, block_size ); memset( ipad, 0x36, block_size );
memset( opad, 0x5C, block_size ); memset( opad, 0x5C, block_size );
@ -1326,8 +1318,7 @@ static psa_status_t psa_mac_finish_internal( psa_mac_operation_t *operation,
if( status != PSA_SUCCESS ) if( status != PSA_SUCCESS )
return( status ); return( status );
opad = (unsigned char *) operation->ctx.hmac.hmac_ctx + opad = (unsigned char *) operation->ctx.hmac.hmac_ctx;
block_size;
status = psa_hash_finish( &operation->ctx.hmac.hash_ctx, tmp, status = psa_hash_finish( &operation->ctx.hmac.hash_ctx, tmp,
sizeof ( tmp ), &hash_size ); sizeof ( tmp ), &hash_size );