mirror of
https://github.com/Mbed-TLS/mbedtls.git
synced 2025-07-29 11:41:15 +03:00
Unify ssl_calc_finished_tls_sha{256,384}
Saves about 50-60 bytes on m0+ depending on whether USE_PSA is set. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
This commit is contained in:
Manuel Pégourié-Gonnard
@ -7639,20 +7639,22 @@ exit:
|
|||||||
}
|
}
|
||||||
#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
|
#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
|
||||||
|
|
||||||
#if defined(MBEDTLS_MD_CAN_SHA256)
|
static int ssl_calc_finished_tls_generic(mbedtls_ssl_context *ssl, void *ctx,
|
||||||
static int ssl_calc_finished_tls_sha256(
|
unsigned char *padbuf, size_t hlen,
|
||||||
mbedtls_ssl_context *ssl, unsigned char *buf, int from)
|
unsigned char *buf, int from)
|
||||||
{
|
{
|
||||||
int len = 12;
|
int len = 12;
|
||||||
const char *sender;
|
const char *sender;
|
||||||
unsigned char padbuf[32];
|
|
||||||
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||||
size_t hash_size;
|
|
||||||
psa_hash_operation_t sha256_psa = PSA_HASH_OPERATION_INIT;
|
|
||||||
psa_status_t status;
|
psa_status_t status;
|
||||||
|
psa_hash_operation_t *hs_op = ctx;
|
||||||
|
psa_hash_operation_t copy = PSA_HASH_OPERATION_INIT;
|
||||||
|
size_t hash_size;
|
||||||
#else
|
#else
|
||||||
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
|
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
|
||||||
mbedtls_md_context_t sha256;
|
mbedtls_md_context_t *hs_ctx = ctx;
|
||||||
|
mbedtls_md_context_t copy;
|
||||||
|
mbedtls_md_init(©);
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
mbedtls_ssl_session *session = ssl->session_negotiate;
|
mbedtls_ssl_session *session = ssl->session_negotiate;
|
||||||
@ -7665,67 +7667,76 @@ static int ssl_calc_finished_tls_sha256(
|
|||||||
: "server finished";
|
: "server finished";
|
||||||
|
|
||||||
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||||
sha256_psa = psa_hash_operation_init();
|
MBEDTLS_SSL_DEBUG_MSG(2, ("=> calc PSA finished tls"));
|
||||||
|
|
||||||
MBEDTLS_SSL_DEBUG_MSG(2, ("=> calc PSA finished tls sha256"));
|
status = psa_hash_clone(hs_op, ©);
|
||||||
|
|
||||||
status = psa_hash_clone(&ssl->handshake->fin_sha256_psa, &sha256_psa);
|
|
||||||
if (status != PSA_SUCCESS) {
|
if (status != PSA_SUCCESS) {
|
||||||
goto exit;
|
goto exit;
|
||||||
}
|
}
|
||||||
|
|
||||||
status = psa_hash_finish(&sha256_psa, padbuf, sizeof(padbuf), &hash_size);
|
status = psa_hash_finish(©, padbuf, hlen, &hash_size);
|
||||||
if (status != PSA_SUCCESS) {
|
if (status != PSA_SUCCESS) {
|
||||||
goto exit;
|
goto exit;
|
||||||
}
|
}
|
||||||
MBEDTLS_SSL_DEBUG_BUF(3, "PSA calculated padbuf", padbuf, 32);
|
MBEDTLS_SSL_DEBUG_BUF(3, "PSA calculated padbuf", padbuf, hlen);
|
||||||
#else
|
#else
|
||||||
|
MBEDTLS_SSL_DEBUG_MSG(2, ("=> calc finished tls"));
|
||||||
|
|
||||||
mbedtls_md_init(&sha256);
|
ret = mbedtls_md_setup(©, mbedtls_md_info_from_ctx(hs_ctx), 0);
|
||||||
|
|
||||||
MBEDTLS_SSL_DEBUG_MSG(2, ("=> calc finished tls sha256"));
|
|
||||||
|
|
||||||
ret = mbedtls_md_setup(&sha256, mbedtls_md_info_from_type(MBEDTLS_MD_SHA256), 0);
|
|
||||||
if (ret != 0) {
|
if (ret != 0) {
|
||||||
goto exit;
|
goto exit;
|
||||||
}
|
}
|
||||||
ret = mbedtls_md_clone(&sha256, &ssl->handshake->fin_sha256);
|
ret = mbedtls_md_clone(©, hs_ctx);
|
||||||
if (ret != 0) {
|
if (ret != 0) {
|
||||||
goto exit;
|
goto exit;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
ret = mbedtls_md_finish(©, padbuf);
|
||||||
|
if (ret != 0) {
|
||||||
|
goto exit;
|
||||||
|
}
|
||||||
|
#endif /* MBEDTLS_USE_PSA_CRYPTO */
|
||||||
|
|
||||||
|
MBEDTLS_SSL_DEBUG_BUF(4, "finished output", padbuf, hlen);
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* TLSv1.2:
|
* TLSv1.2:
|
||||||
* hash = PRF( master, finished_label,
|
* hash = PRF( master, finished_label,
|
||||||
* Hash( handshake ) )[0.11]
|
* Hash( handshake ) )[0.11]
|
||||||
*/
|
*/
|
||||||
|
|
||||||
ret = mbedtls_md_finish(&sha256, padbuf);
|
|
||||||
if (ret != 0) {
|
|
||||||
goto exit;
|
|
||||||
}
|
|
||||||
#endif /* MBEDTLS_USE_PSA_CRYPTO */
|
|
||||||
|
|
||||||
MBEDTLS_SSL_DEBUG_BUF(4, "finished sha256 output", padbuf, 32);
|
|
||||||
|
|
||||||
ssl->handshake->tls_prf(session->master, 48, sender,
|
ssl->handshake->tls_prf(session->master, 48, sender,
|
||||||
padbuf, 32, buf, len);
|
padbuf, hlen, buf, len);
|
||||||
|
|
||||||
MBEDTLS_SSL_DEBUG_BUF(3, "calc finished result", buf, len);
|
MBEDTLS_SSL_DEBUG_BUF(3, "calc finished result", buf, len);
|
||||||
|
|
||||||
mbedtls_platform_zeroize(padbuf, sizeof(padbuf));
|
mbedtls_platform_zeroize(padbuf, sizeof(padbuf));
|
||||||
|
|
||||||
MBEDTLS_SSL_DEBUG_MSG(2, ("<= calc finished"));
|
MBEDTLS_SSL_DEBUG_MSG(2, ("<= calc finished"));
|
||||||
|
|
||||||
exit:
|
exit:
|
||||||
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||||
psa_hash_abort(&sha256_psa);
|
psa_hash_abort(©);
|
||||||
return mbedtls_md_error_from_psa(status);
|
return mbedtls_md_error_from_psa(status);
|
||||||
#else
|
#else
|
||||||
mbedtls_md_free(&sha256);
|
mbedtls_md_free(©);
|
||||||
return ret;
|
return ret;
|
||||||
#endif /* MBEDTLS_USE_PSA_CRYPTO */
|
#endif /* MBEDTLS_USE_PSA_CRYPTO */
|
||||||
}
|
}
|
||||||
|
|
||||||
|
#if defined(MBEDTLS_MD_CAN_SHA256)
|
||||||
|
static int ssl_calc_finished_tls_sha256(
|
||||||
|
mbedtls_ssl_context *ssl, unsigned char *buf, int from)
|
||||||
|
{
|
||||||
|
unsigned char padbuf[32];
|
||||||
|
return ssl_calc_finished_tls_generic(ssl,
|
||||||
|
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||||
|
&ssl->handshake->fin_sha256_psa,
|
||||||
|
#else
|
||||||
|
&ssl->handshake->fin_sha256,
|
||||||
|
#endif
|
||||||
|
padbuf, sizeof(padbuf),
|
||||||
|
buf, from);
|
||||||
|
}
|
||||||
#endif /* MBEDTLS_MD_CAN_SHA256*/
|
#endif /* MBEDTLS_MD_CAN_SHA256*/
|
||||||
|
|
||||||
|
|
||||||
@ -7733,87 +7744,15 @@ exit:
|
|||||||
static int ssl_calc_finished_tls_sha384(
|
static int ssl_calc_finished_tls_sha384(
|
||||||
mbedtls_ssl_context *ssl, unsigned char *buf, int from)
|
mbedtls_ssl_context *ssl, unsigned char *buf, int from)
|
||||||
{
|
{
|
||||||
int len = 12;
|
|
||||||
const char *sender;
|
|
||||||
unsigned char padbuf[48];
|
unsigned char padbuf[48];
|
||||||
|
return ssl_calc_finished_tls_generic(ssl,
|
||||||
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||||
size_t hash_size;
|
&ssl->handshake->fin_sha384_psa,
|
||||||
psa_hash_operation_t sha384_psa = PSA_HASH_OPERATION_INIT;
|
|
||||||
psa_status_t status;
|
|
||||||
#else
|
#else
|
||||||
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
|
&ssl->handshake->fin_sha384,
|
||||||
mbedtls_md_context_t sha384;
|
|
||||||
#endif
|
#endif
|
||||||
|
padbuf, sizeof(padbuf),
|
||||||
mbedtls_ssl_session *session = ssl->session_negotiate;
|
buf, from);
|
||||||
if (!session) {
|
|
||||||
session = ssl->session;
|
|
||||||
}
|
|
||||||
|
|
||||||
sender = (from == MBEDTLS_SSL_IS_CLIENT)
|
|
||||||
? "client finished"
|
|
||||||
: "server finished";
|
|
||||||
|
|
||||||
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
|
||||||
sha384_psa = psa_hash_operation_init();
|
|
||||||
|
|
||||||
MBEDTLS_SSL_DEBUG_MSG(2, ("=> calc PSA finished tls sha384"));
|
|
||||||
|
|
||||||
status = psa_hash_clone(&ssl->handshake->fin_sha384_psa, &sha384_psa);
|
|
||||||
if (status != PSA_SUCCESS) {
|
|
||||||
goto exit;
|
|
||||||
}
|
|
||||||
|
|
||||||
status = psa_hash_finish(&sha384_psa, padbuf, sizeof(padbuf), &hash_size);
|
|
||||||
if (status != PSA_SUCCESS) {
|
|
||||||
goto exit;
|
|
||||||
}
|
|
||||||
MBEDTLS_SSL_DEBUG_BUF(3, "PSA calculated padbuf", padbuf, 48);
|
|
||||||
#else
|
|
||||||
mbedtls_md_init(&sha384);
|
|
||||||
|
|
||||||
MBEDTLS_SSL_DEBUG_MSG(2, ("=> calc finished tls sha384"));
|
|
||||||
|
|
||||||
ret = mbedtls_md_setup(&sha384, mbedtls_md_info_from_type(MBEDTLS_MD_SHA384), 0);
|
|
||||||
if (ret != 0) {
|
|
||||||
goto exit;
|
|
||||||
}
|
|
||||||
ret = mbedtls_md_clone(&sha384, &ssl->handshake->fin_sha384);
|
|
||||||
if (ret != 0) {
|
|
||||||
goto exit;
|
|
||||||
}
|
|
||||||
|
|
||||||
/*
|
|
||||||
* TLSv1.2:
|
|
||||||
* hash = PRF( master, finished_label,
|
|
||||||
* Hash( handshake ) )[0.11]
|
|
||||||
*/
|
|
||||||
|
|
||||||
ret = mbedtls_md_finish(&sha384, padbuf);
|
|
||||||
if (ret != 0) {
|
|
||||||
goto exit;
|
|
||||||
}
|
|
||||||
#endif
|
|
||||||
|
|
||||||
MBEDTLS_SSL_DEBUG_BUF(4, "finished sha384 output", padbuf, 48);
|
|
||||||
|
|
||||||
ssl->handshake->tls_prf(session->master, 48, sender,
|
|
||||||
padbuf, 48, buf, len);
|
|
||||||
|
|
||||||
MBEDTLS_SSL_DEBUG_BUF(3, "calc finished result", buf, len);
|
|
||||||
|
|
||||||
mbedtls_platform_zeroize(padbuf, sizeof(padbuf));
|
|
||||||
|
|
||||||
MBEDTLS_SSL_DEBUG_MSG(2, ("<= calc finished"));
|
|
||||||
|
|
||||||
exit:
|
|
||||||
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
|
||||||
psa_hash_abort(&sha384_psa);
|
|
||||||
return mbedtls_md_error_from_psa(status);
|
|
||||||
#else
|
|
||||||
mbedtls_md_free(&sha384);
|
|
||||||
return ret;
|
|
||||||
#endif /* MBEDTLS_USE_PSA_CRYPTO */
|
|
||||||
}
|
}
|
||||||
#endif /* MBEDTLS_MD_CAN_SHA384*/
|
#endif /* MBEDTLS_MD_CAN_SHA384*/
|
||||||
|
|
||||||
|
|||||||
Reference in New Issue
Block a user