Skip to content

Commit

Permalink
Optimize size of constant_time_eq
Browse files Browse the repository at this point in the history
The constant_time_eq crate is used for comparing random context handles.
Switch to the fixed-size constant_time_eq_16 comparison function, which
uses quite a bit less code space.
  • Loading branch information
jhand2 committed Sep 23, 2024
1 parent 80c5ed6 commit d97e744
Show file tree
Hide file tree
Showing 2 changed files with 12 additions and 13 deletions.
13 changes: 9 additions & 4 deletions dpe/src/context.rs
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
// Licensed under the Apache-2.0 license.
use crate::{response::DpeErrorCode, tci::TciNodeData, U8Bool, MAX_HANDLES};
use constant_time_eq::constant_time_eq;
use constant_time_eq::constant_time_eq_16;
use zerocopy::{AsBytes, FromBytes};
use zeroize::Zeroize;

Expand Down Expand Up @@ -113,16 +113,21 @@ pub struct ContextHandle(pub [u8; ContextHandle::SIZE]);

impl ContextHandle {
pub const SIZE: usize = 16;
const DEFAULT: [u8; Self::SIZE] = [0; Self::SIZE];
const DEFAULT: ContextHandle = ContextHandle([0; Self::SIZE]);

/// Returns the default context handle.
pub const fn default() -> ContextHandle {
ContextHandle(Self::DEFAULT)
Self::DEFAULT
}

/// Whether the handle is the default context handle.
pub fn is_default(&self) -> bool {
constant_time_eq(&self.0, &Self::DEFAULT)
self.eq(&Self::DEFAULT)
}

#[inline(never)]
pub fn eq(&self, other: &ContextHandle) -> bool {
constant_time_eq_16(&self.0, &other.0)
}
}

Expand Down
12 changes: 3 additions & 9 deletions dpe/src/dpe_instance.rs
Original file line number Diff line number Diff line change
Expand Up @@ -20,7 +20,6 @@ use caliptra_cfi_lib_git::cfi_launder;
#[cfg(not(feature = "no-cfi"))]
use caliptra_cfi_lib_git::{cfi_assert, cfi_assert_eq};
use cfg_if::cfg_if;
use constant_time_eq::constant_time_eq;
use crypto::{Crypto, Digest, Hasher};
use platform::Platform;
#[cfg(not(feature = "disable_internal_dice"))]
Expand Down Expand Up @@ -222,15 +221,15 @@ impl DpeInstance {
// filter down the contexts with valid localities based on their context handle matching the input context handle
// the locality and handle filters are separated so that we can return InvalidHandle or InvalidLocality upon getting no valid contexts accordingly
let mut valid_handles_and_localities = valid_localities
.filter(|(_, context)| constant_time_eq(&context.handle.0, &handle.0))
.filter(|(_, context)| context.handle.eq(&handle))
.peekable();
if valid_handles_and_localities.peek().is_none() {
return Err(DpeErrorCode::InvalidHandle);
}
let (i, _) = valid_handles_and_localities
.find(|(_, context)| {
context.state == ContextState::Active
&& constant_time_eq(&context.handle.0, &handle.0)
&& context.handle.eq(&handle)
&& context.locality == locality
})
.ok_or(DpeErrorCode::InternalError)?;
Expand Down Expand Up @@ -277,12 +276,7 @@ impl DpeInstance {
for _ in 0..Self::MAX_NEW_HANDLE_ATTEMPTS {
let mut handle = ContextHandle::default();
env.crypto.rand_bytes(&mut handle.0)?;
if !handle.is_default()
&& !self
.contexts
.iter()
.any(|c| constant_time_eq(&c.handle.0, &handle.0))
{
if !handle.is_default() && !self.contexts.iter().any(|c| c.handle.eq(&handle)) {
return Ok(handle);
}
}
Expand Down

0 comments on commit d97e744

Please sign in to comment.