Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Reorder structure fields to maximize usage of immediate offset access #5268

Merged
merged 18 commits into from
Dec 9, 2021
Merged
Show file tree
Hide file tree
Changes from 15 commits
Commits
Show all changes
18 commits
Select commit Hold shift + click to select a range
09c02ee
Make PSA headers more self-contained
gilles-peskine-arm Nov 25, 2021
c879420
Fix comment parsing
gilles-peskine-arm Nov 16, 2021
152de23
Lift some code out of parse_identifiers
gilles-peskine-arm Nov 16, 2021
9b2fa72
Simplify some regex definitions
gilles-peskine-arm Nov 17, 2021
b9fc488
Move comment and string literal processing to a new function
gilles-peskine-arm Nov 17, 2021
bc1e8f6
Fix terminology in comment
gilles-peskine-arm Nov 17, 2021
b4b18c1
Improve comment and string stripping
gilles-peskine-arm Nov 17, 2021
f303c0d
Fix several bugs with multiline comments
gilles-peskine-arm Nov 17, 2021
e3d9c9d
PSA operation structures: move less-used fields to the end
gilles-peskine-arm Nov 8, 2021
2d8a182
PSA global data: move fields around to save code size
gilles-peskine-arm Nov 8, 2021
8716f17
Tweak whitespace for readability
gilles-peskine-arm Nov 16, 2021
55490d4
mbedtls_ssl_handshake_params: use bytes for some small values
gilles-peskine-arm Nov 29, 2021
ec45c1e
mbedtls_ssl_handshake_params: reorder fields to save code size
gilles-peskine-arm Nov 29, 2021
8834d87
mbedtls_ssl_config, mbedtls_ssl_session: reorder fields
gilles-peskine-arm Nov 29, 2021
533a728
mbedtls_ssl_config: Replace bit-fields by separate bytes
gilles-peskine-arm Nov 16, 2021
41139a2
mbedtls_ssl_handshake_params: move group_list earlier to save code size
gilles-peskine-arm Dec 8, 2021
b3ec69d
mbedtls_ssl_config: better document former bit-fields
gilles-peskine-arm Dec 8, 2021
cfe74a3
mbedtls_ssl_handshake_params: move ecrs_ctx back further
gilles-peskine-arm Dec 8, 2021
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
129 changes: 67 additions & 62 deletions include/mbedtls/ssl.h
Original file line number Diff line number Diff line change
Expand Up @@ -1108,6 +1108,17 @@ mbedtls_dtls_srtp_info;
*/
struct mbedtls_ssl_session
{
#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
unsigned char MBEDTLS_PRIVATE(mfl_code); /*!< MaxFragmentLength negotiated by peer */
#endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */

unsigned char MBEDTLS_PRIVATE(exported);

/* This field is temporarily duplicated with mbedtls_ssl_context.minor_ver.
* Once runtime negotiation of TLS 1.2 and TLS 1.3 is implemented, it needs
* to be studied whether one of them can be removed. */
unsigned char MBEDTLS_PRIVATE(minor_ver); /*!< The TLS version used in the session. */

#if defined(MBEDTLS_HAVE_TIME)
mbedtls_time_t MBEDTLS_PRIVATE(start); /*!< starting time */
#endif
Expand All @@ -1117,13 +1128,6 @@ struct mbedtls_ssl_session
unsigned char MBEDTLS_PRIVATE(id)[32]; /*!< session identifier */
unsigned char MBEDTLS_PRIVATE(master)[48]; /*!< the master secret */

unsigned char MBEDTLS_PRIVATE(exported);

/* This field is temporarily duplicated with mbedtls_ssl_context.minor_ver.
* Once runtime negotiation of TLS 1.2 and TLS 1.3 is implemented, it needs
* to be studied whether one of them can be removed. */
unsigned char MBEDTLS_PRIVATE(minor_ver); /*!< The TLS version used in the session. */

#if defined(MBEDTLS_X509_CRT_PARSE_C)
#if defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
mbedtls_x509_crt *MBEDTLS_PRIVATE(peer_cert); /*!< peer X.509 cert chain */
Expand All @@ -1143,10 +1147,6 @@ struct mbedtls_ssl_session
uint32_t MBEDTLS_PRIVATE(ticket_lifetime); /*!< ticket lifetime hint */
#endif /* MBEDTLS_SSL_SESSION_TICKETS && MBEDTLS_SSL_CLI_C */

#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
unsigned char MBEDTLS_PRIVATE(mfl_code); /*!< MaxFragmentLength negotiated by peer */
#endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */

#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
int MBEDTLS_PRIVATE(encrypt_then_mac); /*!< flag for EtM activation */
#endif
Expand Down Expand Up @@ -1210,7 +1210,61 @@ typedef void mbedtls_ssl_export_keys_t( void *p_expkey,
*/
struct mbedtls_ssl_config
{
/* Group items by size (largest first) to minimize padding overhead */
/* Group items mostly by size. This helps to reduce memory wasted to
* padding. It also helps to keep smaller fields early in the structure,
* so that elements tend to be in the 128-element direct access window
* on Arm Thumb, which reduces the code size. */

unsigned char MBEDTLS_PRIVATE(max_major_ver); /*!< max. major version used */
unsigned char MBEDTLS_PRIVATE(max_minor_ver); /*!< max. minor version used */
unsigned char MBEDTLS_PRIVATE(min_major_ver); /*!< min. major version used */
unsigned char MBEDTLS_PRIVATE(min_minor_ver); /*!< min. minor version used */

/*
* Flags (could be bit-fields to save RAM, but separate bytes make
* the code smaller on architectures with an instruction for direct
* byte access).
*/

uint8_t MBEDTLS_PRIVATE(endpoint); /*!< 0: client, 1: server */
uint8_t MBEDTLS_PRIVATE(transport); /*!< stream (TLS) or datagram (DTLS) */
uint8_t MBEDTLS_PRIVATE(authmode); /*!< MBEDTLS_SSL_VERIFY_XXX */
/* needed even with renego disabled for LEGACY_BREAK_HANDSHAKE */
uint8_t MBEDTLS_PRIVATE(allow_legacy_renegotiation); /*!< MBEDTLS_LEGACY_XXX */
#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
uint8_t MBEDTLS_PRIVATE(mfl_code); /*!< desired fragment length */
#endif
#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
uint8_t MBEDTLS_PRIVATE(encrypt_then_mac); /*!< negotiate encrypt-then-mac? */
#endif
#if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET)
uint8_t MBEDTLS_PRIVATE(extended_ms); /*!< negotiate extended master secret? */
#endif
#if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY)
uint8_t MBEDTLS_PRIVATE(anti_replay); /*!< detect and prevent replay? */
#endif
#if defined(MBEDTLS_SSL_RENEGOTIATION)
uint8_t MBEDTLS_PRIVATE(disable_renegotiation); /*!< disable renegotiation? */
#endif
#if defined(MBEDTLS_SSL_SESSION_TICKETS)
uint8_t MBEDTLS_PRIVATE(session_tickets); /*!< use session tickets? */
#endif
#if defined(MBEDTLS_SSL_SRV_C)
uint8_t MBEDTLS_PRIVATE(cert_req_ca_list); /*!< enable sending CA list in
Certificate Request messages? */
uint8_t MBEDTLS_PRIVATE(respect_cli_pref); /*!< pick the ciphersuite according to
the client's preferences rather
than ours */
#endif
#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
uint8_t MBEDTLS_PRIVATE(ignore_unexpected_cid); /*!< Determines whether DTLS
* record with unexpected CID
* should lead to failure. */
#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
#if defined(MBEDTLS_SSL_DTLS_SRTP)
uint8_t MBEDTLS_PRIVATE(dtls_srtp_mki_support); /* support having mki_value
in the use_srtp extension */
#endif

/*
* Pointers
Expand Down Expand Up @@ -1365,7 +1419,7 @@ struct mbedtls_ssl_config
#endif /* MBEDTLS_SSL_DTLS_SRTP */

/*
* Numerical settings (int then char)
* Numerical settings (int)
*/

uint32_t MBEDTLS_PRIVATE(read_timeout); /*!< timeout for mbedtls_ssl_read (ms) */
Expand All @@ -1388,55 +1442,6 @@ struct mbedtls_ssl_config
#if defined(MBEDTLS_DHM_C) && defined(MBEDTLS_SSL_CLI_C)
unsigned int MBEDTLS_PRIVATE(dhm_min_bitlen); /*!< min. bit length of the DHM prime */
#endif

unsigned char MBEDTLS_PRIVATE(max_major_ver); /*!< max. major version used */
unsigned char MBEDTLS_PRIVATE(max_minor_ver); /*!< max. minor version used */
unsigned char MBEDTLS_PRIVATE(min_major_ver); /*!< min. major version used */
unsigned char MBEDTLS_PRIVATE(min_minor_ver); /*!< min. minor version used */

/*
* Flags (bitfields)
*/

unsigned int MBEDTLS_PRIVATE(endpoint) : 1; /*!< 0: client, 1: server */
unsigned int MBEDTLS_PRIVATE(transport) : 1; /*!< stream (TLS) or datagram (DTLS) */
unsigned int MBEDTLS_PRIVATE(authmode) : 2; /*!< MBEDTLS_SSL_VERIFY_XXX */
/* needed even with renego disabled for LEGACY_BREAK_HANDSHAKE */
unsigned int MBEDTLS_PRIVATE(allow_legacy_renegotiation) : 2 ; /*!< MBEDTLS_LEGACY_XXX */
#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
unsigned int MBEDTLS_PRIVATE(mfl_code) : 3; /*!< desired fragment length */
#endif
#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
unsigned int MBEDTLS_PRIVATE(encrypt_then_mac) : 1 ; /*!< negotiate encrypt-then-mac? */
#endif
#if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET)
unsigned int MBEDTLS_PRIVATE(extended_ms) : 1; /*!< negotiate extended master secret? */
#endif
#if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY)
unsigned int MBEDTLS_PRIVATE(anti_replay) : 1; /*!< detect and prevent replay? */
#endif
#if defined(MBEDTLS_SSL_RENEGOTIATION)
unsigned int MBEDTLS_PRIVATE(disable_renegotiation) : 1; /*!< disable renegotiation? */
#endif
#if defined(MBEDTLS_SSL_SESSION_TICKETS)
unsigned int MBEDTLS_PRIVATE(session_tickets) : 1; /*!< use session tickets? */
#endif
#if defined(MBEDTLS_SSL_SRV_C)
unsigned int MBEDTLS_PRIVATE(cert_req_ca_list) : 1; /*!< enable sending CA list in
Certificate Request messages? */
unsigned int MBEDTLS_PRIVATE(respect_cli_pref) : 1; /*!< pick the ciphersuite according to
the client's preferences rather
than ours */
#endif
#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
unsigned int MBEDTLS_PRIVATE(ignore_unexpected_cid) : 1; /*!< Determines whether DTLS
* record with unexpected CID
* should lead to failure. */
#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
#if defined(MBEDTLS_SSL_DTLS_SRTP)
unsigned int MBEDTLS_PRIVATE(dtls_srtp_mki_support) : 1; /* support having mki_value
in the use_srtp extension */
#endif
};

struct mbedtls_ssl_context
Expand Down
3 changes: 3 additions & 0 deletions include/psa/crypto_driver_common.h
Original file line number Diff line number Diff line change
Expand Up @@ -42,6 +42,9 @@
* of these types. */
#include "crypto_types.h"
#include "crypto_values.h"
/* Include size definitions which are used to size some arrays in operation
* structures. */
#include <psa/crypto_sizes.h>

/** For encrypt-decrypt functions, whether the operation is an encryption
* or a decryption. */
Expand Down
1 change: 1 addition & 0 deletions include/psa/crypto_extra.h
Original file line number Diff line number Diff line change
Expand Up @@ -31,6 +31,7 @@

#include "mbedtls/platform_util.h"

#include "crypto_types.h"
#include "crypto_compat.h"

#ifdef __cplusplus
Expand Down
6 changes: 3 additions & 3 deletions include/psa/crypto_struct.h
Original file line number Diff line number Diff line change
Expand Up @@ -186,16 +186,16 @@ typedef struct
{
uint8_t *MBEDTLS_PRIVATE(info);
size_t MBEDTLS_PRIVATE(info_length);
psa_mac_operation_t MBEDTLS_PRIVATE(hmac);
uint8_t MBEDTLS_PRIVATE(prk)[PSA_HASH_MAX_SIZE];
uint8_t MBEDTLS_PRIVATE(output_block)[PSA_HASH_MAX_SIZE];
#if PSA_HASH_MAX_SIZE > 0xff
#error "PSA_HASH_MAX_SIZE does not fit in uint8_t"
#endif
uint8_t MBEDTLS_PRIVATE(offset_in_block);
uint8_t MBEDTLS_PRIVATE(block_number);
unsigned int MBEDTLS_PRIVATE(state) : 2;
unsigned int MBEDTLS_PRIVATE(info_set) : 1;
uint8_t MBEDTLS_PRIVATE(output_block)[PSA_HASH_MAX_SIZE];
uint8_t MBEDTLS_PRIVATE(prk)[PSA_HASH_MAX_SIZE];
struct psa_mac_operation_s MBEDTLS_PRIVATE(hmac);
} psa_hkdf_key_derivation_t;
#endif /* MBEDTLS_PSA_BUILTIN_ALG_HKDF */

Expand Down
2 changes: 1 addition & 1 deletion library/psa_crypto.c
Original file line number Diff line number Diff line change
Expand Up @@ -103,9 +103,9 @@ static int key_type_is_raw_bytes( psa_key_type_t type )

typedef struct
{
mbedtls_psa_random_context_t rng;
unsigned initialized : 1;
unsigned rng_state : 2;
mbedtls_psa_random_context_t rng;
} psa_global_data_t;

static psa_global_data_t global_data;
Expand Down
Loading