Simplify and explain the overflow check for maximum slice length

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2025-04-16 08:42:50 +00:00 · 2024-08-21 21:46:26 +02:00 · 2024-08-21 21:46:26 +02:00 · 4c9fccff5a
commit 4c9fccff5a
parent 0b2bd071f8
1 changed files with 12 additions and 5 deletions
--- a/tf-psa-crypto/core/psa_crypto_slot_management.c
+++ b/tf-psa-crypto/core/psa_crypto_slot_management.c
@ -96,6 +96,18 @@ MBEDTLS_STATIC_ASSERT(PSA_KEY_ID_VOLATILE_MAX < MBEDTLS_PSA_KEY_ID_BUILTIN_MIN |
 #define KEY_SLICE_COUNT (KEY_SLOT_VOLATILE_SLICE_COUNT + 1u)
 #define KEY_SLOT_CACHE_SLICE_INDEX KEY_SLOT_VOLATILE_SLICE_COUNT
 /* Check that the length of the largest slice (calculated as
 * KEY_SLICE_LENGTH_MAX below) does not overflow size_t. We use
 * an indirect method in case the calculation of KEY_SLICE_LENGTH_MAX
 * itself overflows uintmax_t: if (BASE_LENGTH << c)
 * overflows size_t then BASE_LENGTH > SIZE_MAX >> c.
 */
 #if (KEY_SLOT_VOLATILE_SLICE_BASE_LENGTH >              \
     SIZE_MAX >> (KEY_SLOT_VOLATILE_SLICE_COUNT - 1))
 #error "Maximum slice length overflows size_t"
 #endif
 #if KEY_ID_SLICE_INDEX_WIDTH + KEY_ID_SLOT_INDEX_WIDTH > 30
 #error "Not enough room in volatile key IDs for slice index and slot index"
 #endif
@ -111,11 +123,6 @@ MBEDTLS_STATIC_ASSERT(PSA_KEY_ID_VOLATILE_MAX < MBEDTLS_PSA_KEY_ID_BUILTIN_MIN |
 #error "Slice index does not fit in uint8_t for psa_key_slot_t::slice_index"
 #endif
 MBEDTLS_STATIC_ASSERT((KEY_SLOT_VOLATILE_SLICE_BASE_LENGTH
                       & (SIZE_MAX >> (KEY_SLOT_VOLATILE_SLICE_COUNT - 1)))
                      == KEY_SLOT_VOLATILE_SLICE_BASE_LENGTH,
                      "Maximum slice length overflows size_t");
 /* Calculate the volatile key id to use for a given slot.
 * This function assumes valid parameter values. */