Use HMAC_DRBG by default for ECP internal DRBG
It results in smaller code than using CTR_DRBG (64 bytes smaller on ARMv6-M
with arm-none-eabi-gcc 7.3.1), so let's use this by default when both are
available.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
diff --git a/library/ecp.c b/library/ecp.c
index 67edf49..9b6efe5 100644
--- a/library/ecp.c
+++ b/library/ecp.c
@@ -105,10 +105,10 @@
#include "mbedtls/ecp_internal.h"
#if !defined(MBEDTLS_ECP_NO_INTERNAL_RNG)
-#if defined(MBEDTLS_CTR_DRBG_C)
-#include "mbedtls/ctr_drbg.h"
-#elif defined(MBEDTLS_HMAC_DRBG_C)
+#if defined(MBEDTLS_HMAC_DRBG_C)
#include "mbedtls/hmac_drbg.h"
+#elif defined(MBEDTLS_CTR_DRBG_C)
+#include "mbedtls/ctr_drbg.h"
#else
#error "Invalid configuration detected. Include check_config.h to ensure that the configuration is valid."
#endif
@@ -143,10 +143,48 @@
* have our own internal DRBG instance, seeded from the secret scalar.
*
* The following is a light-weight abstraction layer for doing that with
- * CTR_DRBG or HMAC_DRBG.
+ * HMAC_DRBG (first choice) or CTR_DRBG.
*/
-#if defined(MBEDTLS_CTR_DRBG_C)
+#if defined(MBEDTLS_HMAC_DRBG_C)
+
+/* DRBG context type */
+typedef mbedtls_hmac_drbg_context ecp_drbg_context;
+
+/* DRBG context init */
+static inline void ecp_drbg_init( ecp_drbg_context *ctx )
+{
+ mbedtls_hmac_drbg_init( ctx );
+}
+
+/* DRBG context free */
+static inline void ecp_drbg_free( ecp_drbg_context *ctx )
+{
+ mbedtls_hmac_drbg_free( ctx );
+}
+
+/* DRBG function */
+static inline int ecp_drbg_random( void *p_rng,
+ unsigned char *output, size_t output_len )
+{
+ return( mbedtls_hmac_drbg_random( p_rng, output, output_len ) );
+}
+
+/* DRBG context seeding */
+static int ecp_drbg_seed( ecp_drbg_context *ctx, const mbedtls_mpi *secret )
+{
+ const unsigned char *secret_p = (const unsigned char *) secret->p;
+ const size_t secret_size = secret->n * sizeof( mbedtls_mpi_uint );
+
+ /* The list starts with strong hashes */
+ const mbedtls_md_type_t md_type = mbedtls_md_list()[0];
+ const mbedtls_md_info_t *md_info = mbedtls_md_info_from_type( md_type );
+
+ return( mbedtls_hmac_drbg_seed_buf( ctx, md_info, secret_p, secret_size ) );
+}
+
+#elif defined(MBEDTLS_CTR_DRBG_C)
+
/* DRBG context type */
typedef mbedtls_ctr_drbg_context ecp_drbg_context;
@@ -193,42 +231,6 @@
secret_p, secret_size ) );
}
-#elif defined(MBEDTLS_HMAC_DRBG_C)
-/* DRBG context type */
-typedef mbedtls_hmac_drbg_context ecp_drbg_context;
-
-/* DRBG context init */
-static inline void ecp_drbg_init( ecp_drbg_context *ctx )
-{
- mbedtls_hmac_drbg_init( ctx );
-}
-
-/* DRBG context free */
-static inline void ecp_drbg_free( ecp_drbg_context *ctx )
-{
- mbedtls_hmac_drbg_free( ctx );
-}
-
-/* DRBG function */
-static inline int ecp_drbg_random( void *p_rng,
- unsigned char *output, size_t output_len )
-{
- return( mbedtls_hmac_drbg_random( p_rng, output, output_len ) );
-}
-
-/* DRBG context seeding */
-static int ecp_drbg_seed( ecp_drbg_context *ctx, const mbedtls_mpi *secret )
-{
- const unsigned char *secret_p = (const unsigned char *) secret->p;
- const size_t secret_size = secret->n * sizeof( mbedtls_mpi_uint );
-
- /* The list starts with strong hashes */
- const mbedtls_md_type_t md_type = mbedtls_md_list()[0];
- const mbedtls_md_info_t *md_info = mbedtls_md_info_from_type( md_type );
-
- return( mbedtls_hmac_drbg_seed_buf( ctx, md_info, secret_p, secret_size ) );
-}
-
#else
#error "Invalid configuration detected. Include check_config.h to ensure that the configuration is valid."
#endif /* DRBG modules */