commit 35dfbf4601ac49d4f76781fda464288753c64119
author Nir Sonnenschein <nir.sonnenschein@arm.com> Thu Jun 07 16:20:17 2018 +0300
committer itayzafrir <itay.zafrir@arm.com> Wed Sep 12 16:13:49 2018 +0300
tree c328e23d9e18d981ef402c862a3c103ac6704312
parent 0c9ec53a10abe14789867b1243b974a3a65c2627

change hmac context to use statically allocated memory

1. removed dynamic allocation of stack context
2. moved ipad to stack
3. added defines for maximal sizes

include/psa/crypto_struct.h

diff --git a/include/psa/crypto_struct.h b/include/psa/crypto_struct.h
index 8e332b5..ebf80cb 100644
--- a/include/psa/crypto_struct.h
+++ b/include/psa/crypto_struct.h
@@ -45,6 +45,14 @@
 #include "mbedtls/sha256.h"
 #include "mbedtls/sha512.h"
 
+#if defined(MBEDTLS_SHA512_C)
+#define PSA_CRYPTO_MD_MAX_SIZE 64
+#define PSA_CRYPTO_MD_BLOCK_SIZE 128
+#else 
+#define PSA_CRYPTO_MD_MAX_SIZE 32
+#define PSA_CRYPTO_MD_BLOCK_SIZE 64
+#endif
+
 struct psa_hash_operation_s
 {
     psa_algorithm_t alg;
@@ -77,11 +85,10 @@
 
 
 typedef struct {
-        unsigned int block_size;
         /** The hash context. */
         struct psa_hash_operation_s hash_ctx;
         /** The HMAC part of the context. */
-        void *hmac_ctx;
+        char hmac_ctx[PSA_CRYPTO_MD_BLOCK_SIZE];
 } psa_hmac_internal_data;
 
 

library/psa_crypto.c

diff --git a/library/psa_crypto.c b/library/psa_crypto.c
index d676f67..29a541f 100755
--- a/library/psa_crypto.c
+++ b/library/psa_crypto.c
@@ -1074,8 +1074,7 @@
                 if ( operation->ctx.hmac.hmac_ctx != NULL )
                 {
                     mbedtls_zeroize( operation->ctx.hmac.hmac_ctx,
-                                     block_size * 2 );
-                    mbedtls_free( operation->ctx.hmac.hmac_ctx );
+                                     block_size);
                 }
             }
             else
@@ -1155,8 +1154,9 @@
 #if defined(MBEDTLS_MD_C)
             if( PSA_ALG_IS_HMAC( alg ) )
             {
-                unsigned char sum[MBEDTLS_MD_MAX_SIZE];
-                unsigned char *ipad, *opad;
+                unsigned char sum[PSA_CRYPTO_MD_MAX_SIZE];
+                unsigned char ipad[PSA_CRYPTO_MD_BLOCK_SIZE];
+                unsigned char *opad;
                 size_t i;
                 size_t sum_size = MBEDTLS_MD_MAX_SIZE;
                 unsigned int block_size = 0;
@@ -1171,12 +1171,6 @@
 
                 operation->iv_required = 0;
                 operation->mac_size = digest_size;
-                operation->ctx.hmac.hmac_ctx = mbedtls_calloc( 2, block_size );
-                if( operation->ctx.hmac.hmac_ctx == NULL )
-                {
-                    ret = MBEDTLS_ERR_MD_ALLOC_FAILED;
-                    goto cleanup;
-                }
 
                 status = psa_hash_start( &operation->ctx.hmac.hash_ctx,
                                         PSA_ALG_HMAC_HASH( alg ) );
@@ -1198,9 +1192,7 @@
                     key_ptr = sum;
                 }
 
-                ipad = ( unsigned char * ) operation->ctx.hmac.hmac_ctx;
-                opad = ( unsigned char * ) operation->ctx.hmac.hmac_ctx +
-                                           block_size;
+                opad = ( unsigned char * ) operation->ctx.hmac.hmac_ctx;
 
                 memset( ipad, 0x36, block_size );
                 memset( opad, 0x5C, block_size );
@@ -1326,8 +1318,7 @@
                 if( status != PSA_SUCCESS )
                     return( status );
 
-                opad = (unsigned char *) operation->ctx.hmac.hmac_ctx +
-                                         block_size;
+                opad = (unsigned char *) operation->ctx.hmac.hmac_ctx;
 
                 status = psa_hash_finish( &operation->ctx.hmac.hash_ctx, tmp,
                                          sizeof ( tmp ), &hash_size );