From e1621a460a6117f707580bf34691d7afaa366d64 Mon Sep 17 00:00:00 2001 From: Przemek Stekiel Date: Fri, 5 May 2023 09:53:37 +0200 Subject: [PATCH] mbedtls_psa_ffdh_generate_key: optimize code and return fixed key size Signed-off-by: Przemek Stekiel --- library/psa_crypto_ffdh.c | 27 +++++++++++++-------------- 1 file changed, 13 insertions(+), 14 deletions(-) diff --git a/library/psa_crypto_ffdh.c b/library/psa_crypto_ffdh.c index de6cd75a2..b0591b836 100644 --- a/library/psa_crypto_ffdh.c +++ b/library/psa_crypto_ffdh.c @@ -231,24 +231,23 @@ psa_status_t mbedtls_psa_ffdh_generate_key( int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; mbedtls_mpi_init(&P); mbedtls_mpi_init(&X); + (void) attributes; - status = mbedtls_psa_ffdh_set_prime_generator( - PSA_BITS_TO_BYTES(attributes->core.bits), &P, NULL); + status = mbedtls_psa_ffdh_set_prime_generator(key_buffer_size, &P, NULL); - if (status == PSA_SUCCESS) { - /* RFC7919: Traditional finite field Diffie-Hellman has each peer choose their - secret exponent from the range [2, P-2]. - Select random value in range [3, P-1] and decrease it by 1. */ - MBEDTLS_MPI_CHK(mbedtls_mpi_random(&X, 3, &P, mbedtls_psa_get_random, - MBEDTLS_PSA_RANDOM_STATE)); - MBEDTLS_MPI_CHK(mbedtls_mpi_sub_int(&X, &X, 1)); - - *key_buffer_length = mbedtls_mpi_size(&X); - - MBEDTLS_MPI_CHK(mbedtls_mpi_write_binary(&X, key_buffer, - key_buffer_size)); + if (status != PSA_SUCCESS) { + goto cleanup; } + /* RFC7919: Traditional finite field Diffie-Hellman has each peer choose their + secret exponent from the range [2, P-2]. + Select random value in range [3, P-1] and decrease it by 1. */ + MBEDTLS_MPI_CHK(mbedtls_mpi_random(&X, 3, &P, mbedtls_psa_get_random, + MBEDTLS_PSA_RANDOM_STATE)); + MBEDTLS_MPI_CHK(mbedtls_mpi_sub_int(&X, &X, 1)); + MBEDTLS_MPI_CHK(mbedtls_mpi_write_binary(&X, key_buffer, key_buffer_size)); + *key_buffer_length = key_buffer_size; + cleanup: mbedtls_mpi_free(&P); mbedtls_mpi_free(&X); if (status == PSA_SUCCESS && ret != 0) {