mirror of
https://github.com/yuzu-mirror/mbedtls.git
synced 2026-04-20 22:05:15 +00:00
DHM: new functions to query the length of the modulus
Add two functions mbedtls_dhm_get_len() and mbedtls_dhm_get_bitlen() to query the length of the modulus in bytes or bits. Remove the len field: the cost of calling mbedtls_dhm_get_len() each time it's needed is negligible, and this improves the abstraction of the DHM module. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
This commit is contained in:
Gilles Peskine
parent
85b1bc65a0
commit
487bbf6805
9 changed files with 58 additions and 26 deletions
|
|
@ -124,6 +124,16 @@ void mbedtls_dhm_init( mbedtls_dhm_context *ctx )
|
|||
memset( ctx, 0, sizeof( mbedtls_dhm_context ) );
|
||||
}
|
||||
|
||||
size_t mbedtls_dhm_get_bitlen( const mbedtls_dhm_context *ctx )
|
||||
{
|
||||
return( mbedtls_mpi_bitlen( &ctx->P ) );
|
||||
}
|
||||
|
||||
size_t mbedtls_dhm_get_len( const mbedtls_dhm_context *ctx )
|
||||
{
|
||||
return( mbedtls_mpi_size( &ctx->P ) );
|
||||
}
|
||||
|
||||
/*
|
||||
* Parse the ServerKeyExchange parameters
|
||||
*/
|
||||
|
|
@ -144,8 +154,6 @@ int mbedtls_dhm_read_params( mbedtls_dhm_context *ctx,
|
|||
if( ( ret = dhm_check_range( &ctx->GY, &ctx->P ) ) != 0 )
|
||||
return( ret );
|
||||
|
||||
ctx->len = mbedtls_mpi_size( &ctx->P );
|
||||
|
||||
return( 0 );
|
||||
}
|
||||
|
||||
|
|
@ -247,8 +255,6 @@ int mbedtls_dhm_make_params( mbedtls_dhm_context *ctx, int x_size,
|
|||
|
||||
*olen = p - output;
|
||||
|
||||
ctx->len = n1;
|
||||
|
||||
cleanup:
|
||||
if( ret != 0 && ret > -128 )
|
||||
ret = MBEDTLS_ERROR_ADD( MBEDTLS_ERR_DHM_MAKE_PARAMS_FAILED, ret );
|
||||
|
|
@ -273,7 +279,6 @@ int mbedtls_dhm_set_group( mbedtls_dhm_context *ctx,
|
|||
return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_DHM_SET_GROUP_FAILED, ret ) );
|
||||
}
|
||||
|
||||
ctx->len = mbedtls_mpi_size( &ctx->P );
|
||||
return( 0 );
|
||||
}
|
||||
|
||||
|
|
@ -287,7 +292,7 @@ int mbedtls_dhm_read_public( mbedtls_dhm_context *ctx,
|
|||
DHM_VALIDATE_RET( ctx != NULL );
|
||||
DHM_VALIDATE_RET( input != NULL );
|
||||
|
||||
if( ilen < 1 || ilen > ctx->len )
|
||||
if( ilen < 1 || ilen > mbedtls_dhm_get_len( ctx ) )
|
||||
return( MBEDTLS_ERR_DHM_BAD_INPUT_DATA );
|
||||
|
||||
if( ( ret = mbedtls_mpi_read_binary( &ctx->GY, input, ilen ) ) != 0 )
|
||||
|
|
@ -309,7 +314,7 @@ int mbedtls_dhm_make_public( mbedtls_dhm_context *ctx, int x_size,
|
|||
DHM_VALIDATE_RET( output != NULL );
|
||||
DHM_VALIDATE_RET( f_rng != NULL );
|
||||
|
||||
if( olen < 1 || olen > ctx->len )
|
||||
if( olen < 1 || olen > mbedtls_dhm_get_len( ctx ) )
|
||||
return( MBEDTLS_ERR_DHM_BAD_INPUT_DATA );
|
||||
|
||||
ret = dhm_make_common( ctx, x_size, f_rng, p_rng );
|
||||
|
|
@ -408,7 +413,7 @@ int mbedtls_dhm_calc_secret( mbedtls_dhm_context *ctx,
|
|||
DHM_VALIDATE_RET( output != NULL );
|
||||
DHM_VALIDATE_RET( olen != NULL );
|
||||
|
||||
if( output_size < ctx->len )
|
||||
if( output_size < mbedtls_dhm_get_len( ctx ) )
|
||||
return( MBEDTLS_ERR_DHM_BAD_INPUT_DATA );
|
||||
|
||||
if( ( ret = dhm_check_range( &ctx->GY, &ctx->P ) ) != 0 )
|
||||
|
|
@ -564,8 +569,6 @@ int mbedtls_dhm_parse_dhm( mbedtls_dhm_context *dhm, const unsigned char *dhmin,
|
|||
|
||||
ret = 0;
|
||||
|
||||
dhm->len = mbedtls_mpi_size( &dhm->P );
|
||||
|
||||
exit:
|
||||
#if defined(MBEDTLS_PEM_PARSE_C)
|
||||
mbedtls_pem_free( &pem );
|
||||
|
|
|
|||
|
|
@ -2553,7 +2553,7 @@ static int ssl_parse_server_dh_params( mbedtls_ssl_context *ssl,
|
|||
return( ret );
|
||||
}
|
||||
|
||||
dhm_actual_bitlen = mbedtls_mpi_bitlen( &ssl->handshake->dhm_ctx.P );
|
||||
dhm_actual_bitlen = mbedtls_dhm_get_bitlen( &ssl->handshake->dhm_ctx );
|
||||
if( dhm_actual_bitlen < ssl->conf->dhm_min_bitlen )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "DHM prime too short: %" MBEDTLS_PRINTF_SIZET " < %u",
|
||||
|
|
@ -3588,14 +3588,14 @@ static int ssl_write_client_key_exchange( mbedtls_ssl_context *ssl )
|
|||
/*
|
||||
* DHM key exchange -- send G^X mod P
|
||||
*/
|
||||
content_len = ssl->handshake->dhm_ctx.len;
|
||||
content_len = mbedtls_dhm_get_len( &ssl->handshake->dhm_ctx );
|
||||
|
||||
ssl->out_msg[4] = (unsigned char)( content_len >> 8 );
|
||||
ssl->out_msg[5] = (unsigned char)( content_len );
|
||||
header_len = 6;
|
||||
|
||||
ret = mbedtls_dhm_make_public( &ssl->handshake->dhm_ctx,
|
||||
(int) mbedtls_mpi_size( &ssl->handshake->dhm_ctx.P ),
|
||||
(int) mbedtls_dhm_get_len( &ssl->handshake->dhm_ctx ),
|
||||
&ssl->out_msg[header_len], content_len,
|
||||
ssl->conf->f_rng, ssl->conf->p_rng );
|
||||
if( ret != 0 )
|
||||
|
|
@ -3848,7 +3848,7 @@ ecdh_calc_secret:
|
|||
/*
|
||||
* ClientDiffieHellmanPublic public (DHM send G^X mod P)
|
||||
*/
|
||||
content_len = ssl->handshake->dhm_ctx.len;
|
||||
content_len = mbedtls_dhm_get_len( &ssl->handshake->dhm_ctx );
|
||||
|
||||
if( header_len + 2 + content_len >
|
||||
MBEDTLS_SSL_OUT_CONTENT_LEN )
|
||||
|
|
@ -3862,7 +3862,7 @@ ecdh_calc_secret:
|
|||
ssl->out_msg[header_len++] = (unsigned char)( content_len );
|
||||
|
||||
ret = mbedtls_dhm_make_public( &ssl->handshake->dhm_ctx,
|
||||
(int) mbedtls_mpi_size( &ssl->handshake->dhm_ctx.P ),
|
||||
(int) mbedtls_dhm_get_len( &ssl->handshake->dhm_ctx ),
|
||||
&ssl->out_msg[header_len], content_len,
|
||||
ssl->conf->f_rng, ssl->conf->p_rng );
|
||||
if( ret != 0 )
|
||||
|
|
|
|||
|
|
@ -3049,7 +3049,7 @@ static int ssl_prepare_server_key_exchange( mbedtls_ssl_context *ssl,
|
|||
|
||||
if( ( ret = mbedtls_dhm_make_params(
|
||||
&ssl->handshake->dhm_ctx,
|
||||
(int) mbedtls_mpi_size( &ssl->handshake->dhm_ctx.P ),
|
||||
(int) mbedtls_dhm_get_len( &ssl->handshake->dhm_ctx ),
|
||||
ssl->out_msg + ssl->out_msglen, &len,
|
||||
ssl->conf->f_rng, ssl->conf->p_rng ) ) != 0 )
|
||||
{
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue