lib/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-07-29 11:41:15 +03:00
Code Activity

Combine core pake computation stage(step,sequence,state) into single driver step

Browse Source 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
This commit is contained in:
Przemek Stekiel
2023-01-17 12:05:38 +01:00
parent 8c8ab26b2a
commit b09c487546
8 changed files with 136 additions and 110 deletions
Download Patch File Download Diff File Expand all files Collapse all files

84
library/psa_crypto.c
View File

@ -7332,6 +7332,70 @@ psa_status_t psa_pake_set_role(
return PSA_SUCCESS;
}
/* Auxiliary function to convert core computation stage(step, sequence, state) to single driver step. */
static psa_pake_driver_step_t convert_jpake_computation_stage_to_driver_step(
psa_pake_computation_stage_t *stage)
{
switch (stage->data.jpake_computation_stage.state) {
case PSA_PAKE_OUTPUT_X1_X2:
case PSA_PAKE_INPUT_X1_X2:
switch (stage->data.jpake_computation_stage.sequence) {
case PSA_PAKE_X1_STEP_KEY_SHARE:
return PSA_JPAKE_X1_STEP_KEY_SHARE;
break;
case PSA_PAKE_X1_STEP_ZK_PUBLIC:
return PSA_JPAKE_X1_STEP_ZK_PUBLIC;
break;
case PSA_PAKE_X1_STEP_ZK_PROOF:
return PSA_JPAKE_X1_STEP_ZK_PROOF;
break;
case PSA_PAKE_X2_STEP_KEY_SHARE:
return PSA_JPAKE_X2_STEP_KEY_SHARE;
break;
case PSA_PAKE_X2_STEP_ZK_PUBLIC:
return PSA_JPAKE_X2_STEP_ZK_PUBLIC;
break;
case PSA_PAKE_X2_STEP_ZK_PROOF:
return PSA_JPAKE_X2_STEP_ZK_PROOF;
break;
default:
return PSA_JPAKE_STEP_INVALID;
}
break;
case PSA_PAKE_OUTPUT_X2S:
switch (stage->data.jpake_computation_stage.sequence) {
case PSA_PAKE_X1_STEP_KEY_SHARE:
return PSA_JPAKE_X2S_STEP_KEY_SHARE;
break;
case PSA_PAKE_X1_STEP_ZK_PUBLIC:
return PSA_JPAKE_X2S_STEP_ZK_PUBLIC;
break;
case PSA_PAKE_X1_STEP_ZK_PROOF:
return PSA_JPAKE_X2S_STEP_ZK_PROOF;
break;
return PSA_JPAKE_STEP_INVALID;
}
break;
case PSA_PAKE_INPUT_X4S:
switch (stage->data.jpake_computation_stage.sequence) {
case PSA_PAKE_X1_STEP_KEY_SHARE:
return PSA_JPAKE_X4S_STEP_KEY_SHARE;
break;
case PSA_PAKE_X1_STEP_ZK_PUBLIC:
return PSA_JPAKE_X4S_STEP_ZK_PUBLIC;
break;
case PSA_PAKE_X1_STEP_ZK_PROOF:
return PSA_JPAKE_X4S_STEP_ZK_PROOF;
break;
return PSA_JPAKE_STEP_INVALID;
}
break;
default:
return PSA_JPAKE_STEP_INVALID;
}
return PSA_JPAKE_STEP_INVALID;
}
static psa_status_t psa_pake_complete_inputs(
psa_pake_operation_t *operation)
{
@ -7501,9 +7565,14 @@ psa_status_t psa_pake_output(
return PSA_ERROR_NOT_SUPPORTED;
}
status = psa_driver_wrapper_pake_output(operation, step,
&operation->computation_stage,
output, output_size, output_length);
status = psa_driver_wrapper_pake_output(operation,
convert_jpake_computation_stage_to_driver_step(&
operation
->
computation_stage),
output,
output_size,
output_length);
if (status != PSA_SUCCESS) {
return status;
@ -7660,9 +7729,12 @@ psa_status_t psa_pake_input(
return PSA_ERROR_NOT_SUPPORTED;
}
status = psa_driver_wrapper_pake_input(operation, step,
&operation->computation_stage,
input, input_length);
status = psa_driver_wrapper_pake_input(operation,
convert_jpake_computation_stage_to_driver_step(&operation
->
computation_stage),
input,
input_length);
if (status != PSA_SUCCESS) {
return status;

6
library/psa_crypto_driver_wrappers.h
View File

@ -421,16 +421,14 @@ psa_status_t psa_driver_wrapper_pake_setup(
psa_status_t psa_driver_wrapper_pake_output(
psa_pake_operation_t *operation,
psa_pake_step_t step,
const psa_pake_computation_stage_t *computation_stage,
psa_pake_driver_step_t step,
uint8_t *output,
size_t output_size,
size_t *output_length);
psa_status_t psa_driver_wrapper_pake_input(
psa_pake_operation_t *operation,
psa_pake_step_t step,
const psa_pake_computation_stage_t *computation_stage,
psa_pake_driver_step_t step,
const uint8_t *input,
size_t input_length);

47
library/psa_crypto_pake.c
View File

@ -266,8 +266,7 @@ error:
static psa_status_t mbedtls_psa_pake_output_internal(
mbedtls_psa_pake_operation_t *operation,
psa_pake_step_t step,
const psa_pake_computation_stage_t *computation_stage,
psa_pake_driver_step_t step,
uint8_t *output,
size_t output_size,
size_t *output_length)
@ -292,12 +291,8 @@ static psa_status_t mbedtls_psa_pake_output_internal(
* to return the right parts on each step.
*/
if (operation->alg == PSA_ALG_JPAKE) {
const psa_jpake_computation_stage_t *jpake_computation_stage =
&computation_stage->data.jpake_computation_stage;
/* Initialize & write round on KEY_SHARE sequences */
if (jpake_computation_stage->state == PSA_PAKE_OUTPUT_X1_X2 &&
jpake_computation_stage->sequence == PSA_PAKE_X1_STEP_KEY_SHARE) {
if (step == PSA_JPAKE_X1_STEP_KEY_SHARE) {
ret = mbedtls_ecjpake_write_round_one(&operation->ctx.pake,
operation->buffer,
MBEDTLS_PSA_PAKE_BUFFER_SIZE,
@ -309,8 +304,7 @@ static psa_status_t mbedtls_psa_pake_output_internal(
}
operation->buffer_offset = 0;
} else if (jpake_computation_stage->state == PSA_PAKE_OUTPUT_X2S &&
jpake_computation_stage->sequence == PSA_PAKE_X1_STEP_KEY_SHARE) {
} else if (step == PSA_JPAKE_X2S_STEP_KEY_SHARE) {
ret = mbedtls_ecjpake_write_round_two(&operation->ctx.pake,
operation->buffer,
MBEDTLS_PSA_PAKE_BUFFER_SIZE,
@ -335,8 +329,7 @@ static psa_status_t mbedtls_psa_pake_output_internal(
* output with a length byte, even less a curve identifier, as that
* information is already available.
*/
if (jpake_computation_stage->state == PSA_PAKE_OUTPUT_X2S &&
jpake_computation_stage->sequence == PSA_PAKE_X1_STEP_KEY_SHARE &&
if (step == PSA_JPAKE_X2S_STEP_KEY_SHARE &&
operation->role == PSA_PAKE_ROLE_SERVER) {
/* Skip ECParameters, with is 3 bytes (RFC 8422) */
operation->buffer_offset += 3;
@ -362,10 +355,8 @@ static psa_status_t mbedtls_psa_pake_output_internal(
operation->buffer_offset += length;
/* Reset buffer after ZK_PROOF sequence */
if ((jpake_computation_stage->state == PSA_PAKE_OUTPUT_X1_X2 &&
jpake_computation_stage->sequence == PSA_PAKE_X2_STEP_ZK_PROOF) ||
(jpake_computation_stage->state == PSA_PAKE_OUTPUT_X2S &&
jpake_computation_stage->sequence == PSA_PAKE_X1_STEP_ZK_PROOF)) {
if ((step == PSA_JPAKE_X2_STEP_ZK_PROOF) ||
(step == PSA_JPAKE_X2S_STEP_ZK_PROOF)) {
mbedtls_platform_zeroize(operation->buffer, MBEDTLS_PSA_PAKE_BUFFER_SIZE);
operation->buffer_length = 0;
operation->buffer_offset = 0;
@ -375,7 +366,6 @@ static psa_status_t mbedtls_psa_pake_output_internal(
} else
#else
(void) step;
(void) computation_stage;
(void) output;
(void) output_size;
(void) output_length;
@ -384,14 +374,13 @@ static psa_status_t mbedtls_psa_pake_output_internal(
}
psa_status_t mbedtls_psa_pake_output(mbedtls_psa_pake_operation_t *operation,
psa_pake_step_t step,
const psa_pake_computation_stage_t *computation_stage,
psa_pake_driver_step_t step,
uint8_t *output,
size_t output_size,
size_t *output_length)
{
psa_status_t status = mbedtls_psa_pake_output_internal(
operation, step, computation_stage, output, output_size, output_length);
operation, step, output, output_size, output_length);
if (status != PSA_SUCCESS) {
mbedtls_psa_pake_abort(operation);
@ -402,8 +391,7 @@ psa_status_t mbedtls_psa_pake_output(mbedtls_psa_pake_operation_t *operation,
static psa_status_t mbedtls_psa_pake_input_internal(
mbedtls_psa_pake_operation_t *operation,
psa_pake_step_t step,
const psa_pake_computation_stage_t *computation_stage,
psa_pake_driver_step_t step,
const uint8_t *input,
size_t input_length)
{
@ -427,8 +415,6 @@ static psa_status_t mbedtls_psa_pake_input_internal(
* This causes any input error to be only detected on the last step.
*/
if (operation->alg == PSA_ALG_JPAKE) {
const psa_jpake_computation_stage_t *jpake_computation_stage =
&computation_stage->data.jpake_computation_stage;
/*
* Copy input to local buffer and format it as the Mbed TLS API
* expects, i.e. as defined by draft-cragie-tls-ecjpake-01 section 7.
@ -438,8 +424,7 @@ static psa_status_t mbedtls_psa_pake_input_internal(
* ECParameters structure - which means we have to prepend that when
* we're a client.
*/
if (jpake_computation_stage->state == PSA_PAKE_INPUT_X4S &&
jpake_computation_stage->sequence == PSA_PAKE_X1_STEP_KEY_SHARE &&
if (step == PSA_JPAKE_X4S_STEP_KEY_SHARE &&
operation->role == PSA_PAKE_ROLE_CLIENT) {
/* We only support secp256r1. */
/* This is the ECParameters structure defined by RFC 8422. */
@ -462,8 +447,7 @@ static psa_status_t mbedtls_psa_pake_input_internal(
operation->buffer_length += input_length;
/* Load buffer at each last round ZK_PROOF */
if (jpake_computation_stage->state == PSA_PAKE_INPUT_X1_X2 &&
jpake_computation_stage->sequence == PSA_PAKE_X2_STEP_ZK_PROOF) {
if (step == PSA_JPAKE_X2_STEP_ZK_PROOF) {
ret = mbedtls_ecjpake_read_round_one(&operation->ctx.pake,
operation->buffer,
operation->buffer_length);
@ -474,8 +458,7 @@ static psa_status_t mbedtls_psa_pake_input_internal(
if (ret != 0) {
return mbedtls_ecjpake_to_psa_error(ret);
}
} else if (jpake_computation_stage->state == PSA_PAKE_INPUT_X4S &&
jpake_computation_stage->sequence == PSA_PAKE_X1_STEP_ZK_PROOF) {
} else if (step == PSA_JPAKE_X4S_STEP_ZK_PROOF) {
ret = mbedtls_ecjpake_read_round_two(&operation->ctx.pake,
operation->buffer,
operation->buffer_length);
@ -492,7 +475,6 @@ static psa_status_t mbedtls_psa_pake_input_internal(
} else
#else
(void) step;
(void) computation_stage;
(void) input;
(void) input_length;
#endif
@ -500,13 +482,12 @@ static psa_status_t mbedtls_psa_pake_input_internal(
}
psa_status_t mbedtls_psa_pake_input(mbedtls_psa_pake_operation_t *operation,
psa_pake_step_t step,
const psa_pake_computation_stage_t *computation_stage,
psa_pake_driver_step_t step,
const uint8_t *input,
size_t input_length)
{
psa_status_t status = mbedtls_psa_pake_input_internal(
operation, step, computation_stage, input, input_length);
operation, step, input, input_length);
if (status != PSA_SUCCESS) {
mbedtls_psa_pake_abort(operation);

8
library/psa_crypto_pake.h
View File

@ -58,7 +58,6 @@ psa_status_t mbedtls_psa_pake_setup(mbedtls_psa_pake_operation_t *operation,
* \param[in,out] operation Active PAKE operation.
* \param step The step of the algorithm for which the output is
* requested.
* \param computation_stage The structure that holds PAKE computation stage.
* \param[out] output Buffer where the output is to be written in the
* format appropriate for this \p step. Refer to
* the documentation of the individual
@ -97,8 +96,7 @@ psa_status_t mbedtls_psa_pake_setup(mbedtls_psa_pake_operation_t *operation,
* results in this error code.
*/
psa_status_t mbedtls_psa_pake_output(mbedtls_psa_pake_operation_t *operation,
psa_pake_step_t step,
const psa_pake_computation_stage_t *computation_stage,
psa_pake_driver_step_t step,
uint8_t *output,
size_t output_size,
size_t *output_length);
@ -112,7 +110,6 @@ psa_status_t mbedtls_psa_pake_output(mbedtls_psa_pake_operation_t *operation,
*
* \param[in,out] operation Active PAKE operation.
* \param step The step for which the input is provided.
* \param computation_stage The structure that holds PAKE computation stage.
* \param[in] input Buffer containing the input in the format
* appropriate for this \p step. Refer to the
* documentation of the individual
@ -146,8 +143,7 @@ psa_status_t mbedtls_psa_pake_output(mbedtls_psa_pake_operation_t *operation,
* results in this error code.
*/
psa_status_t mbedtls_psa_pake_input(mbedtls_psa_pake_operation_t *operation,
psa_pake_step_t step,
const psa_pake_computation_stage_t *computation_stage,
psa_pake_driver_step_t step,
const uint8_t *input,
size_t input_length);