crypto: remove unnecessary usage of malloc()/dtls_hmac_new()

This has the following optimization potentials which are also applied.

- crypto: only one HMAC context is required
- crypto: integrate last iteration into loop
- hmac: remove dtls_hmac_new()/_free()/_storage_init() as dtls_hmac_new()
  now only is used in tests

Co-Authored-By: Leandro Lanzieri <leandro.lanzieri@haw-hamburg.de>
Signed-off-by: Martine Lenders <m.lenders@fu-berlin.de>

crypto.c

@@ -207,7 +207,7 @@ dtls_p_hash(dtls_hashfunc_t h,
 	    const unsigned char *random1, size_t random1len,
 	    const unsigned char *random2, size_t random2len,
 	    unsigned char *buf, size_t buflen) {
-  dtls_hmac_context_t *hmac_a, *hmac_p;
+  dtls_hmac_context_t hmac;
 
   unsigned char A[DTLS_HMAC_DIGEST_SIZE];
   unsigned char tmp[DTLS_HMAC_DIGEST_SIZE];
@@ -215,54 +215,44 @@ dtls_p_hash(dtls_hashfunc_t h,
   size_t len = 0;			/* result length */
   (void)h;
 
-  hmac_a = dtls_hmac_new(key, keylen);
-  if (!hmac_a)
-    return 0;
+  dtls_hmac_init(&hmac, key, keylen);
 
   /* calculate A(1) from A(0) == seed */
-  HMAC_UPDATE_SEED(hmac_a, label, labellen);
-  HMAC_UPDATE_SEED(hmac_a, random1, random1len);
-  HMAC_UPDATE_SEED(hmac_a, random2, random2len);
+  HMAC_UPDATE_SEED(&hmac, label, labellen);
+  HMAC_UPDATE_SEED(&hmac, random1, random1len);
+  HMAC_UPDATE_SEED(&hmac, random2, random2len);
 
-  dlen = dtls_hmac_finalize(hmac_a, A);
+  dlen = dtls_hmac_finalize(&hmac, A);
 
-  hmac_p = dtls_hmac_new(key, keylen);
-  if (!hmac_p)
-    goto error;
+  while (len < buflen) {
+    dtls_hmac_init(&hmac, key, keylen);
+    dtls_hmac_update(&hmac, A, dlen);
 
-  while (len + dlen < buflen) {
+    HMAC_UPDATE_SEED(&hmac, label, labellen);
+    HMAC_UPDATE_SEED(&hmac, random1, random1len);
+    HMAC_UPDATE_SEED(&hmac, random2, random2len);
 
-    /* FIXME: rewrite loop to avoid superflous call to dtls_hmac_init() */
-    dtls_hmac_init(hmac_p, key, keylen);
-    dtls_hmac_update(hmac_p, A, dlen);
+    dlen = dtls_hmac_finalize(&hmac, tmp);
 
-    HMAC_UPDATE_SEED(hmac_p, label, labellen);
-    HMAC_UPDATE_SEED(hmac_p, random1, random1len);
-    HMAC_UPDATE_SEED(hmac_p, random2, random2len);
-
-    len += dtls_hmac_finalize(hmac_p, tmp);
-    memcpy(buf, tmp, dlen);
-    buf += dlen;
+    if ((len + dlen) < buflen) {
+        memcpy(&buf[len], tmp, dlen);
+        len += dlen;
+    }
+    else {
+        memcpy(&buf[len], tmp, buflen - len);
+        break;
+    }
 
     /* calculate A(i+1) */
-    dtls_hmac_init(hmac_a, key, keylen);
-    dtls_hmac_update(hmac_a, A, dlen);
-    dtls_hmac_finalize(hmac_a, A);
+    dtls_hmac_init(&hmac, key, keylen);
+    dtls_hmac_update(&hmac, A, dlen);
+    dtls_hmac_finalize(&hmac, A);
   }
 
-  dtls_hmac_init(hmac_p, key, keylen);
-  dtls_hmac_update(hmac_p, A, dlen);
-  
-  HMAC_UPDATE_SEED(hmac_p, label, labellen);
-  HMAC_UPDATE_SEED(hmac_p, random1, random1len);
-  HMAC_UPDATE_SEED(hmac_p, random2, random2len);
-  
-  dtls_hmac_finalize(hmac_p, tmp);
-  memcpy(buf, tmp, buflen - len);
-
- error:
-  dtls_hmac_free(hmac_a);
-  dtls_hmac_free(hmac_p);
+  /* prevent exposure of sensible data */
+  memset(&hmac, 0, sizeof(hmac));
+  memset(tmp, 0, sizeof(tmp));
+  memset(A, 0, sizeof(A));
 
   return buflen;
 }

dtls.c

@@ -220,7 +220,6 @@ void
 dtls_init(void) {
   dtls_clock_init();
   crypto_init();
-  dtls_hmac_storage_init();
   netq_init();
   peer_init();
 
@@ -362,11 +361,7 @@ dtls_create_cookie(dtls_context_t *ctx,
    * - compression method
    */
 
-  /* We use our own buffer as hmac_context instead of a dynamic buffer
-   * created by dtls_hmac_new() to separate storage space for cookie
-   * creation from storage that is used in real sessions. Note that
-   * the buffer size must fit with the default hash algorithm (see
-   * implementation of dtls_hmac_context_new()). */
+  /* Note that the buffer size must fit with the default hash algorithm. */
 
   dtls_hmac_context_t hmac_context;
   dtls_hmac_init(&hmac_context, ctx->cookie_secret, DTLS_COOKIE_SECRET_LENGTH);

hmac.c

@@ -27,44 +27,6 @@
 #include "dtls_debug.h"
 #include "hmac.h"
 
-/* use malloc()/free() on platforms other than Contiki */
-#ifndef WITH_CONTIKI
-#include <stdlib.h>
-
-static inline dtls_hmac_context_t *
-dtls_hmac_context_new(void) {
-  return (dtls_hmac_context_t *)malloc(sizeof(dtls_hmac_context_t));
-}
-
-static inline void
-dtls_hmac_context_free(dtls_hmac_context_t *ctx) {
-  free(ctx);
-}
-
-void
-dtls_hmac_storage_init(void) {
-}
-
-#else /* WITH_CONTIKI */
-#include "memb.h"
-MEMB(hmac_context_storage, dtls_hmac_context_t, DTLS_HASH_MAX);
-
-static inline dtls_hmac_context_t *
-dtls_hmac_context_new(void) {
-  return (dtls_hmac_context_t *)memb_alloc(&hmac_context_storage);
-}
-
-static inline void
-dtls_hmac_context_free(dtls_hmac_context_t *ctx) {
-  memb_free(&hmac_context_storage, ctx);
-}
-
-void
-dtls_hmac_storage_init(void) {
-  memb_init(&hmac_context_storage);
-}
-#endif /* WITH_CONTIKI */
-
 void
 dtls_hmac_update(dtls_hmac_context_t *ctx,
 		 const unsigned char *input, size_t ilen) {
@@ -72,17 +34,6 @@ dtls_hmac_update(dtls_hmac_context_t *ctx,
   dtls_hash_update(&ctx->data, input, ilen);
 }
 
-dtls_hmac_context_t *
-dtls_hmac_new(const unsigned char *key, size_t klen) {
-  dtls_hmac_context_t *ctx;
-
-  ctx = dtls_hmac_context_new();
-  if (ctx) 
-    dtls_hmac_init(ctx, key, klen);
-
-  return ctx;
-}
-
 void
 dtls_hmac_init(dtls_hmac_context_t *ctx, const unsigned char *key, size_t klen) {
   int i;
@@ -110,12 +61,6 @@ dtls_hmac_init(dtls_hmac_context_t *ctx, const unsigned char *key, size_t klen)
     ctx->pad[i] ^= 0x6A;
 }
 
-void
-dtls_hmac_free(dtls_hmac_context_t *ctx) {
-  if (ctx)
-    dtls_hmac_context_free(ctx);
-}
-
 int
 dtls_hmac_finalize(dtls_hmac_context_t *ctx, unsigned char *result) {
   unsigned char buf[DTLS_HMAC_DIGEST_SIZE];
@@ -141,16 +86,14 @@ dtls_hmac_finalize(dtls_hmac_context_t *ctx, unsigned char *result) {
 int main(int argc, char **argv) {
   static unsigned char buf[DTLS_HMAC_DIGEST_SIZE];
   size_t len, i;
-  dtls_hmac_context_t *ctx;
+  dtls_hmac_context_t ctx;
 
   if (argc < 3) {
     fprintf(stderr, "usage: %s key text", argv[0]);
     return -1;
   }
 
-  dtls_hmac_storage_init();
-  ctx = dtls_hmac_new(argv[1], strlen(argv[1]));
-  assert(ctx);
+  dtls_hmac_init(&ctx, argv[1], strlen(argv[1]));
   dtls_hmac_update(ctx, argv[2], strlen(argv[2]));
   
   len = dtls_hmac_finalize(ctx, buf);
@@ -159,8 +102,6 @@ int main(int argc, char **argv) {
     printf("%02x", buf[i]);
   printf("\n");
 
-  dtls_hmac_free(ctx);
-
   return 0;
 }
 #endif

hmac.h

@@ -80,8 +80,6 @@ dtls_hash_finalize(unsigned char *buf, dtls_hash_t ctx) {
 }
 #endif /* WITH_SHA256 */
 
-void dtls_hmac_storage_init(void);
-
 /**
  * \defgroup HMAC Keyed-Hash Message Authentication Code (HMAC)
  * NIST Standard FIPS 198 describes the Keyed-Hash Message Authentication 
@@ -125,26 +123,6 @@ typedef struct {
  */
 void dtls_hmac_init(dtls_hmac_context_t *ctx, const unsigned char *key, size_t klen);
 
-/**
- * Allocates a new HMAC context \p ctx with the given secret key.
- * This function returns \c 1 if \c ctx has been set correctly, or \c
- * 0 or \c -1 otherwise. Note that this function allocates new storage
- * that must be released by dtls_hmac_free().
- *
- * \param key    The secret key.
- * \param klen   The length of \p key.
- * \return A new dtls_hmac_context_t object or @c NULL on error
- */
-dtls_hmac_context_t *dtls_hmac_new(const unsigned char *key, size_t klen);
-
-/**
- * Releases the storage for @p ctx that has been allocated by
- * dtls_hmac_new().
- *
- * @param ctx The dtls_hmac_context_t to free. 
- */
-void dtls_hmac_free(dtls_hmac_context_t *ctx);
-
 /**
  * Updates the HMAC context with data from \p input. 
  *