Restyle Spake2p implementation for mbedTLS

src/crypto/CHIPCryptoPAL.h

@@ -30,6 +30,8 @@
 #include <openssl/ec.h>
 #include <openssl/sha.h>
 #elif CHIP_CRYPTO_MBEDTLS
+#include <mbedtls/ecp.h>
+#include <mbedtls/md.h>
 #include <mbedtls/sha256.h>
 #endif
 
@@ -634,15 +636,29 @@ class Spake2p
     unsigned char * Ke;
 };
 
-#if CHIP_CRYPTO_OPENSSL
-struct openssl_spake2_ctx
+struct Spake2p_Context
 {
+#if CHIP_CRYPTO_OPENSSL
     EC_GROUP * curve;
     BN_CTX * bn_ctx;
-    EVP_MD_CTX * hash_ctx;
-    const EVP_MD * hash;
-};
+    const EVP_MD * md_info;
+#elif CHIP_CRYPTO_MBEDTLS
+    mbedtls_ecp_group curve;
+    const mbedtls_md_info_t * md_info;
+    mbedtls_ecp_point M;
+    mbedtls_ecp_point N;
+    mbedtls_ecp_point X;
+    mbedtls_ecp_point Y;
+    mbedtls_ecp_point L;
+    mbedtls_ecp_point Z;
+    mbedtls_ecp_point V;
+
+    mbedtls_mpi w0;
+    mbedtls_mpi w1;
+    mbedtls_mpi xy;
+    mbedtls_mpi tempbn;
 #endif
+};
 
 class Spake2p_P256_SHA256_HKDF_HMAC : public Spake2p
 {
@@ -683,9 +699,7 @@ class Spake2p_P256_SHA256_HKDF_HMAC : public Spake2p
     CHIP_ERROR InitInternal();
     class Hash_SHA256_stream sha256_hash_ctx;
 
-#if CHIP_CRYPTO_OPENSSL
-    struct openssl_spake2_ctx context;
-#endif
+    struct Spake2p_Context context;
 };
 
 /** @brief Clears the first `len` bytes of memory area `buf`.

src/crypto/CHIPCryptoPALOpenSSL.cpp

@@ -785,28 +785,27 @@ void ClearSecretData(uint8_t * buf, uint32_t len)
     {                                                                                                                              \
         _point_ = EC_POINT_new(context.curve);                                                                                     \
         VerifyOrExit(_point_ != NULL, error = CHIP_ERROR_INTERNAL);                                                                \
-    } while (0);
+    } while (0)
 
 #define init_bn(_bn_)                                                                                                              \
     do                                                                                                                             \
     {                                                                                                                              \
         _bn_ = BN_new();                                                                                                           \
         VerifyOrExit(_bn_ != NULL, error = CHIP_ERROR_INTERNAL);                                                                   \
-    } while (0);
+    } while (0)
 
-#define free_point(_point_) EC_POINT_clear_free((EC_POINT *) _point_);
+#define free_point(_point_) EC_POINT_clear_free((EC_POINT *) _point_)
 
-#define free_bn(_bn_) BN_clear_free((BIGNUM *) _bn_);
+#define free_bn(_bn_) BN_clear_free((BIGNUM *) _bn_)
 
 CHIP_ERROR Spake2p_P256_SHA256_HKDF_HMAC::InitInternal(void)
 {
     CHIP_ERROR error  = CHIP_ERROR_INTERNAL;
     int error_openssl = 0;
 
-    context.curve    = NULL;
-    context.bn_ctx   = NULL;
-    context.hash_ctx = NULL;
-    context.hash     = NULL;
+    context.curve   = NULL;
+    context.bn_ctx  = NULL;
+    context.md_info = NULL;
 
     context.curve = EC_GROUP_new_by_curve_name(NID_X9_62_prime256v1);
     VerifyOrExit(context.curve != NULL, error = CHIP_ERROR_INTERNAL);
@@ -817,17 +816,23 @@ CHIP_ERROR Spake2p_P256_SHA256_HKDF_HMAC::InitInternal(void)
     context.bn_ctx = BN_CTX_secure_new();
     VerifyOrExit(context.bn_ctx != NULL, error = CHIP_ERROR_INTERNAL);
 
-    context.hash = EVP_sha256();
-    VerifyOrExit(context.hash != NULL, error = CHIP_ERROR_INTERNAL);
-
-    context.hash_ctx = EVP_MD_CTX_new();
-    VerifyOrExit(context.hash_ctx != NULL, error = CHIP_ERROR_INTERNAL);
-    error_openssl = EVP_DigestInit(context.hash_ctx, context.hash);
-    VerifyOrExit(error_openssl == 1, error = CHIP_ERROR_INTERNAL);
-
-    init_point(M) init_point(N) init_point(X) init_point(Y) init_point(L) init_point(V) init_point(Z) init_bn(w0) init_bn(w1)
-        init_bn(xy) init_bn(tempbn) init_bn(order) error_openssl =
-            EC_GROUP_get_order(context.curve, (BIGNUM *) order, context.bn_ctx);
+    context.md_info = EVP_sha256();
+    VerifyOrExit(context.md_info != NULL, error = CHIP_ERROR_INTERNAL);
+
+    init_point(M);
+    init_point(N);
+    init_point(X);
+    init_point(Y);
+    init_point(L);
+    init_point(V);
+    init_point(Z);
+    init_bn(w0);
+    init_bn(w1);
+    init_bn(xy);
+    init_bn(tempbn);
+    init_bn(order);
+
+    error_openssl = EC_GROUP_get_order(context.curve, (BIGNUM *) order, context.bn_ctx);
     VerifyOrExit(error_openssl == 1, error = CHIP_ERROR_INTERNAL);
 
     error = CHIP_NO_ERROR;
@@ -839,10 +844,19 @@ void Spake2p_P256_SHA256_HKDF_HMAC::FreeImpl(void)
 {
     EC_GROUP_clear_free(context.curve);
     BN_CTX_free(context.bn_ctx);
-    EVP_MD_CTX_free(context.hash_ctx);
 
-    free_point(M) free_point(N) free_point(X) free_point(Y) free_point(L) free_point(V) free_point(Z) free_bn(w0) free_bn(w1)
-        free_bn(xy) free_bn(tempbn) free_bn(order)
+    free_point(M);
+    free_point(N);
+    free_point(X);
+    free_point(Y);
+    free_point(L);
+    free_point(V);
+    free_point(Z);
+    free_bn(w0);
+    free_bn(w1);
+    free_bn(xy);
+    free_bn(tempbn);
+    free_bn(order);
 }
 
 CHIP_ERROR Spake2p_P256_SHA256_HKDF_HMAC::Mac(const unsigned char * key, size_t key_len, const unsigned char * in, size_t in_len,
@@ -855,7 +869,7 @@ CHIP_ERROR Spake2p_P256_SHA256_HKDF_HMAC::Mac(const unsigned char * key, size_t
     HMAC_CTX * mac_ctx = HMAC_CTX_new();
     VerifyOrExit(mac_ctx != NULL, error = CHIP_ERROR_INTERNAL);
 
-    error_openssl = HMAC_Init_ex(mac_ctx, key, key_len, context.hash, NULL);
+    error_openssl = HMAC_Init_ex(mac_ctx, key, key_len, context.md_info, NULL);
     VerifyOrExit(error_openssl == 1, error = CHIP_ERROR_INTERNAL);
 
     error_openssl = HMAC_Update(mac_ctx, in, in_len);