psa_generate_derived_key_internal, psa_generate_derived_ecc_key_weierstrass_helper: optimize the code
Perform the following optimizations: - fix used flags for conditional compilation - remove redundant N variable - move loop used to generate valid k value to helper function - fix initial value of status - fix comments Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
This commit is contained in:
parent
924815982a
commit
6d3d18b2dc
@ -553,6 +553,9 @@
|
|||||||
((type) & PSA_KEY_TYPE_ECC_CURVE_MASK) : \
|
((type) & PSA_KEY_TYPE_ECC_CURVE_MASK) : \
|
||||||
0))
|
0))
|
||||||
|
|
||||||
|
/** Check if the curve of given family is Weierstrass elliptic curve. */
|
||||||
|
#define PSA_ECC_FAMILY_IS_WEIERSTRASS(family) ((family & 0xc0) == 0)
|
||||||
|
|
||||||
/** SEC Koblitz curves over prime fields.
|
/** SEC Koblitz curves over prime fields.
|
||||||
*
|
*
|
||||||
* This family comprises the following curves:
|
* This family comprises the following curves:
|
||||||
|
@ -4853,25 +4853,24 @@ static void psa_des_set_key_parity( uint8_t *data, size_t data_size )
|
|||||||
*/
|
*/
|
||||||
#if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR) || \
|
#if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR) || \
|
||||||
defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY) || \
|
defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY) || \
|
||||||
defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) || \
|
defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR) || \
|
||||||
defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA) || \
|
defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY)
|
||||||
defined(MBEDTLS_PSA_BUILTIN_ALG_ECDH)
|
|
||||||
static psa_status_t psa_generate_derived_ecc_key_weierstrass_helper(
|
static psa_status_t psa_generate_derived_ecc_key_weierstrass_helper(
|
||||||
psa_key_slot_t *slot,
|
psa_key_slot_t *slot,
|
||||||
size_t bits,
|
size_t bits,
|
||||||
psa_key_derivation_operation_t *operation,
|
psa_key_derivation_operation_t *operation,
|
||||||
uint8_t **data,
|
uint8_t **data
|
||||||
unsigned *key_out_of_range)
|
)
|
||||||
{
|
{
|
||||||
mbedtls_mpi N;
|
unsigned key_out_of_range = 1;
|
||||||
mbedtls_mpi k;
|
mbedtls_mpi k;
|
||||||
mbedtls_mpi diff_N_2;
|
mbedtls_mpi diff_N_2;
|
||||||
/* ret variable is used by MBEDTLS_MPI_CHK macro */
|
/* ret variable is initialized to 0 as it is
|
||||||
|
used only by MBEDTLS_MPI_CHK macro */
|
||||||
int ret = 0;
|
int ret = 0;
|
||||||
psa_status_t status = PSA_SUCCESS;
|
psa_status_t status = PSA_ERROR_GENERIC_ERROR;
|
||||||
|
|
||||||
mbedtls_mpi_init( &k );
|
mbedtls_mpi_init( &k );
|
||||||
mbedtls_mpi_init( &N );
|
|
||||||
mbedtls_mpi_init( &diff_N_2 );
|
mbedtls_mpi_init( &diff_N_2 );
|
||||||
|
|
||||||
psa_ecc_family_t curve = PSA_KEY_TYPE_ECC_GET_FAMILY(
|
psa_ecc_family_t curve = PSA_KEY_TYPE_ECC_GET_FAMILY(
|
||||||
@ -4891,47 +4890,52 @@ static psa_status_t psa_generate_derived_ecc_key_weierstrass_helper(
|
|||||||
if( ( status = mbedtls_to_psa_error( mbedtls_ecp_group_load( &ecp_group, grp_id ) ) ) != 0 )
|
if( ( status = mbedtls_to_psa_error( mbedtls_ecp_group_load( &ecp_group, grp_id ) ) ) != 0 )
|
||||||
goto cleanup;
|
goto cleanup;
|
||||||
|
|
||||||
/* N is the boundary of the private key domain. */
|
/* N is the boundary of the private key domain (ecp_group.N). */
|
||||||
MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &N, &ecp_group.N ) );
|
|
||||||
/* Let m be the bit size of N. */
|
/* Let m be the bit size of N. */
|
||||||
size_t m = ecp_group.nbits;
|
size_t m = ecp_group.nbits;
|
||||||
|
|
||||||
size_t m_bytes = PSA_BITS_TO_BYTES( m );
|
size_t m_bytes = PSA_BITS_TO_BYTES( m );
|
||||||
if (*data == NULL)
|
|
||||||
*data = mbedtls_calloc( 1, m_bytes );
|
/* Note: This function is always called with *data == NULL and it
|
||||||
|
* allocates memory for the data buffer. */
|
||||||
|
*data = mbedtls_calloc( 1, m_bytes );
|
||||||
if( *data == NULL )
|
if( *data == NULL )
|
||||||
{
|
{
|
||||||
status = PSA_ERROR_INSUFFICIENT_MEMORY;
|
status = PSA_ERROR_INSUFFICIENT_MEMORY;
|
||||||
goto cleanup;
|
goto cleanup;
|
||||||
}
|
}
|
||||||
/* 1. Draw a byte string of length ceiling(m/8) bytes. */
|
|
||||||
if ( ( status = psa_key_derivation_output_bytes( operation, *data, m_bytes ) ) != 0 )
|
|
||||||
goto cleanup;
|
|
||||||
|
|
||||||
/* 2. If m is not a multiple of 8 */
|
while ( key_out_of_range )
|
||||||
if (m % 8)
|
|
||||||
{
|
{
|
||||||
/* Set the most significant
|
/* 1. Draw a byte string of length ceiling(m/8) bytes. */
|
||||||
* (8 * ceiling(m/8) - m) bits of the first byte in
|
if ( ( status = psa_key_derivation_output_bytes( operation, *data, m_bytes ) ) != 0 )
|
||||||
* the string to zero.
|
goto cleanup;
|
||||||
*/
|
|
||||||
uint8_t clear_bit_mask = (1 << (m % 8)) - 1;
|
/* 2. If m is not a multiple of 8 */
|
||||||
*data[0] &= clear_bit_mask;
|
if (m % 8)
|
||||||
|
{
|
||||||
|
/* Set the most significant
|
||||||
|
* (8 * ceiling(m/8) - m) bits of the first byte in
|
||||||
|
* the string to zero.
|
||||||
|
*/
|
||||||
|
uint8_t clear_bit_mask = (1 << (m % 8)) - 1;
|
||||||
|
*data[0] &= clear_bit_mask;
|
||||||
|
}
|
||||||
|
|
||||||
|
/* 3. Convert the string to integer k by decoding it as a
|
||||||
|
* big-endian byte string.
|
||||||
|
*/
|
||||||
|
MBEDTLS_MPI_CHK(mbedtls_mpi_read_binary( &k, *data, m_bytes));
|
||||||
|
|
||||||
|
/* 4. If k > N - 2, discard the result and return to step 1.
|
||||||
|
* Result of comparison is returned. When it indicates error
|
||||||
|
* then this fuction is called again.
|
||||||
|
*/
|
||||||
|
MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( &diff_N_2, &ecp_group.N, 2) );
|
||||||
|
MBEDTLS_MPI_CHK( mbedtls_mpi_grow( &k, diff_N_2.n ) );
|
||||||
|
MBEDTLS_MPI_CHK( mbedtls_mpi_lt_mpi_ct( &diff_N_2, &k, &key_out_of_range ) );
|
||||||
}
|
}
|
||||||
|
|
||||||
/* 3. Convert the string to integer k by decoding it as a
|
|
||||||
* big-endian byte string.
|
|
||||||
*/
|
|
||||||
MBEDTLS_MPI_CHK(mbedtls_mpi_read_binary( &k, *data, m_bytes));
|
|
||||||
|
|
||||||
/* 4. If k > N - 2, discard the result and return to step 1.
|
|
||||||
* Result of comparison is returned. When it indicates error
|
|
||||||
* then this fuction is called again.
|
|
||||||
*/
|
|
||||||
MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( &diff_N_2, &N, 2) );
|
|
||||||
MBEDTLS_MPI_CHK( mbedtls_mpi_grow( &k, diff_N_2.n ) );
|
|
||||||
MBEDTLS_MPI_CHK( mbedtls_mpi_lt_mpi_ct( &diff_N_2, &k, key_out_of_range ) );
|
|
||||||
|
|
||||||
/* 5. Output k + 1 as the private key. */
|
/* 5. Output k + 1 as the private key. */
|
||||||
MBEDTLS_MPI_CHK( mbedtls_mpi_add_int( &k, &k, 1));
|
MBEDTLS_MPI_CHK( mbedtls_mpi_add_int( &k, &k, 1));
|
||||||
MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( &k, *data, m_bytes) );
|
MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( &k, *data, m_bytes) );
|
||||||
@ -4943,7 +4947,6 @@ cleanup:
|
|||||||
*data = NULL;
|
*data = NULL;
|
||||||
}
|
}
|
||||||
mbedtls_mpi_free( &k );
|
mbedtls_mpi_free( &k );
|
||||||
mbedtls_mpi_free( &N );
|
|
||||||
mbedtls_mpi_free( &diff_N_2 );
|
mbedtls_mpi_free( &diff_N_2 );
|
||||||
return( status );
|
return( status );
|
||||||
}
|
}
|
||||||
@ -4961,22 +4964,17 @@ static psa_status_t psa_generate_derived_key_internal(
|
|||||||
|
|
||||||
#if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR) || \
|
#if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR) || \
|
||||||
defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY) || \
|
defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY) || \
|
||||||
defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) || \
|
defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR) || \
|
||||||
defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA) || \
|
defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY)
|
||||||
defined(MBEDTLS_PSA_BUILTIN_ALG_ECDH)
|
|
||||||
if ( PSA_KEY_TYPE_IS_ECC( slot->attr.type ) )
|
if ( PSA_KEY_TYPE_IS_ECC( slot->attr.type ) )
|
||||||
{
|
{
|
||||||
psa_ecc_family_t curve = PSA_KEY_TYPE_ECC_GET_FAMILY( slot->attr.type );
|
psa_ecc_family_t curve = PSA_KEY_TYPE_ECC_GET_FAMILY( slot->attr.type );
|
||||||
if ( curve != PSA_ECC_FAMILY_MONTGOMERY )
|
if ( PSA_ECC_FAMILY_IS_WEIERSTRASS( curve ) )
|
||||||
{
|
{
|
||||||
/* Weierstrass elliptic curve */
|
/* Weierstrass elliptic curve */
|
||||||
unsigned key_out_of_range = 0;
|
status = psa_generate_derived_ecc_key_weierstrass_helper(slot, bits, operation, &data);
|
||||||
do
|
if( status != PSA_SUCCESS )
|
||||||
{
|
goto exit;
|
||||||
status = psa_generate_derived_ecc_key_weierstrass_helper(slot, bits, operation, &data, &key_out_of_range);
|
|
||||||
if( status != PSA_SUCCESS )
|
|
||||||
goto exit;
|
|
||||||
} while ( key_out_of_range );
|
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
@ -5016,7 +5014,7 @@ static psa_status_t psa_generate_derived_key_internal(
|
|||||||
data[55] |= 128;
|
data[55] |= 128;
|
||||||
break;
|
break;
|
||||||
default:
|
default:
|
||||||
/* already handled */
|
/* should never happen */
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user