From 4f534ae9c2fc0abb4c59bfd825ae3a7271412a76 Mon Sep 17 00:00:00 2001 From: David Horstmann Date: Mon, 22 Jan 2024 17:35:59 +0000 Subject: [PATCH 1/6] Add copying in PAKE set peer and user functions Add copying to: * psa_pake_set_user() * psa_pake_set_peer() Signed-off-by: David Horstmann --- library/psa_crypto.c | 26 ++++++++++++++++++++------ 1 file changed, 20 insertions(+), 6 deletions(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 8c9f9de4de..4adee6a059 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -8079,10 +8079,11 @@ exit: psa_status_t psa_pake_set_user( psa_pake_operation_t *operation, - const uint8_t *user_id, + const uint8_t *user_id_external, size_t user_id_len) { psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + LOCAL_INPUT_DECLARE(user_id_external, user_id); if (operation->stage != PSA_PAKE_OPERATION_STAGE_COLLECT_INPUTS) { status = PSA_ERROR_BAD_STATE; @@ -8105,21 +8106,28 @@ psa_status_t psa_pake_set_user( goto exit; } + LOCAL_INPUT_ALLOC(user_id_external, user_id_len, user_id); + memcpy(operation->data.inputs.user, user_id, user_id_len); operation->data.inputs.user_len = user_id_len; - return PSA_SUCCESS; + status = PSA_SUCCESS; + exit: - psa_pake_abort(operation); + LOCAL_INPUT_FREE(user_id_external, user_id); + if (status != PSA_SUCCESS) { + psa_pake_abort(operation); + } return status; } psa_status_t psa_pake_set_peer( psa_pake_operation_t *operation, - const uint8_t *peer_id, + const uint8_t *peer_id_external, size_t peer_id_len) { psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + LOCAL_INPUT_DECLARE(peer_id_external, peer_id); if (operation->stage != PSA_PAKE_OPERATION_STAGE_COLLECT_INPUTS) { status = PSA_ERROR_BAD_STATE; @@ -8142,12 +8150,18 @@ psa_status_t psa_pake_set_peer( goto exit; } + LOCAL_INPUT_ALLOC(peer_id_external, peer_id_len, peer_id); + memcpy(operation->data.inputs.peer, peer_id, peer_id_len); operation->data.inputs.peer_len = peer_id_len; - return PSA_SUCCESS; + status = PSA_SUCCESS; + exit: - psa_pake_abort(operation); + LOCAL_INPUT_FREE(peer_id_external, peer_id); + if (status != PSA_SUCCESS) { + psa_pake_abort(operation); + } return status; } From c75639daa0713408ce1b4092d14705cab803b929 Mon Sep 17 00:00:00 2001 From: David Horstmann Date: Mon, 22 Jan 2024 17:56:39 +0000 Subject: [PATCH 2/6] Add copying to PAKE input and output Add buffer copying to: * psa_pake_input() * psa_pake_output() Signed-off-by: David Horstmann --- library/psa_crypto.c | 23 +++++++++++++++++------ 1 file changed, 17 insertions(+), 6 deletions(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 4adee6a059..dfb97ee09d 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -8347,12 +8347,13 @@ static psa_status_t psa_jpake_epilogue( psa_status_t psa_pake_output( psa_pake_operation_t *operation, psa_pake_step_t step, - uint8_t *output, + uint8_t *output_external, size_t output_size, size_t *output_length) { psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; psa_crypto_driver_pake_step_t driver_step = PSA_JPAKE_STEP_INVALID; + LOCAL_OUTPUT_DECLARE(output_external, output); *output_length = 0; if (operation->stage == PSA_PAKE_OPERATION_STAGE_COLLECT_INPUTS) { @@ -8389,6 +8390,8 @@ psa_status_t psa_pake_output( goto exit; } + LOCAL_OUTPUT_ALLOC(output_external, output_size, output); + status = psa_driver_wrapper_pake_output(operation, driver_step, output, output_size, output_length); @@ -8410,16 +8413,19 @@ psa_status_t psa_pake_output( goto exit; } - return PSA_SUCCESS; + status = PSA_SUCCESS; exit: - psa_pake_abort(operation); + LOCAL_OUTPUT_FREE(output_external, output); + if (status != PSA_SUCCESS) { + psa_pake_abort(operation); + } return status; } psa_status_t psa_pake_input( psa_pake_operation_t *operation, psa_pake_step_t step, - const uint8_t *input, + const uint8_t *input_external, size_t input_length) { psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; @@ -8427,6 +8433,7 @@ psa_status_t psa_pake_input( const size_t max_input_length = (size_t) PSA_PAKE_INPUT_SIZE(operation->alg, operation->primitive, step); + LOCAL_INPUT_DECLARE(input_external, input); if (operation->stage == PSA_PAKE_OPERATION_STAGE_COLLECT_INPUTS) { status = psa_pake_complete_inputs(operation); @@ -8462,6 +8469,7 @@ psa_status_t psa_pake_input( goto exit; } + LOCAL_INPUT_ALLOC(input_external, input_length, input); status = psa_driver_wrapper_pake_input(operation, driver_step, input, input_length); @@ -8483,9 +8491,12 @@ psa_status_t psa_pake_input( goto exit; } - return PSA_SUCCESS; + status = PSA_SUCCESS; exit: - psa_pake_abort(operation); + LOCAL_INPUT_FREE(input_external, input); + if (status != PSA_SUCCESS) { + psa_pake_abort(operation); + } return status; } From fdedbb78a5c5d3240b536d1d5b8098099dff82f1 Mon Sep 17 00:00:00 2001 From: David Horstmann Date: Tue, 23 Jan 2024 16:22:50 +0000 Subject: [PATCH 3/6] Fix magic number buffer length in J-PAKE tests The buffer size was advertised as 512-bytes, despite sometimes being smaller. This did not cause a crash until buffer copying, which always copies all of the buffer, was added. When copying back to the original, we would cause a heap buffer overflow, which ASan detected. Signed-off-by: David Horstmann --- .../test_suite_psa_crypto_pake.function | 40 +++++++++---------- 1 file changed, 20 insertions(+), 20 deletions(-) diff --git a/tests/suites/test_suite_psa_crypto_pake.function b/tests/suites/test_suite_psa_crypto_pake.function index 96c119592d..01a645138d 100644 --- a/tests/suites/test_suite_psa_crypto_pake.function +++ b/tests/suites/test_suite_psa_crypto_pake.function @@ -145,7 +145,7 @@ static void ecjpake_do_round(psa_algorithm_t alg, unsigned int primitive, /* Server first round Output */ PSA_ASSERT(psa_pake_output(server, PSA_PAKE_STEP_KEY_SHARE, buffer0 + buffer0_off, - 512 - buffer0_off, &s_g1_len)); + buffer_length - buffer0_off, &s_g1_len)); TEST_EQUAL(s_g1_len, expected_size_key_share); DO_ROUND_CONDITIONAL_INJECT( ERR_INJECT_ROUND1_SERVER_KEY_SHARE_PART1, @@ -154,7 +154,7 @@ static void ecjpake_do_round(psa_algorithm_t alg, unsigned int primitive, PSA_ASSERT(psa_pake_output(server, PSA_PAKE_STEP_ZK_PUBLIC, buffer0 + buffer0_off, - 512 - buffer0_off, &s_x1_pk_len)); + buffer_length - buffer0_off, &s_x1_pk_len)); TEST_EQUAL(s_x1_pk_len, expected_size_zk_public); DO_ROUND_CONDITIONAL_INJECT( ERR_INJECT_ROUND1_SERVER_ZK_PUBLIC_PART1, @@ -163,7 +163,7 @@ static void ecjpake_do_round(psa_algorithm_t alg, unsigned int primitive, PSA_ASSERT(psa_pake_output(server, PSA_PAKE_STEP_ZK_PROOF, buffer0 + buffer0_off, - 512 - buffer0_off, &s_x1_pr_len)); + buffer_length - buffer0_off, &s_x1_pr_len)); TEST_LE_U(s_x1_pr_len, max_expected_size_zk_proof); DO_ROUND_CONDITIONAL_INJECT( ERR_INJECT_ROUND1_SERVER_ZK_PROOF_PART1, @@ -172,7 +172,7 @@ static void ecjpake_do_round(psa_algorithm_t alg, unsigned int primitive, PSA_ASSERT(psa_pake_output(server, PSA_PAKE_STEP_KEY_SHARE, buffer0 + buffer0_off, - 512 - buffer0_off, &s_g2_len)); + buffer_length - buffer0_off, &s_g2_len)); TEST_EQUAL(s_g2_len, expected_size_key_share); DO_ROUND_CONDITIONAL_INJECT( ERR_INJECT_ROUND1_SERVER_KEY_SHARE_PART2, @@ -181,7 +181,7 @@ static void ecjpake_do_round(psa_algorithm_t alg, unsigned int primitive, PSA_ASSERT(psa_pake_output(server, PSA_PAKE_STEP_ZK_PUBLIC, buffer0 + buffer0_off, - 512 - buffer0_off, &s_x2_pk_len)); + buffer_length - buffer0_off, &s_x2_pk_len)); TEST_EQUAL(s_x2_pk_len, expected_size_zk_public); DO_ROUND_CONDITIONAL_INJECT( ERR_INJECT_ROUND1_SERVER_ZK_PUBLIC_PART2, @@ -190,7 +190,7 @@ static void ecjpake_do_round(psa_algorithm_t alg, unsigned int primitive, PSA_ASSERT(psa_pake_output(server, PSA_PAKE_STEP_ZK_PROOF, buffer0 + buffer0_off, - 512 - buffer0_off, &s_x2_pr_len)); + buffer_length - buffer0_off, &s_x2_pr_len)); TEST_LE_U(s_x2_pr_len, max_expected_size_zk_proof); DO_ROUND_CONDITIONAL_INJECT( ERR_INJECT_ROUND1_SERVER_ZK_PROOF_PART2, @@ -201,7 +201,7 @@ static void ecjpake_do_round(psa_algorithm_t alg, unsigned int primitive, DO_ROUND_CONDITIONAL_CHECK_FAILURE( ERR_INJECT_EXTRA_OUTPUT, psa_pake_output(server, PSA_PAKE_STEP_KEY_SHARE, - buffer0 + s_g2_off, 512 - s_g2_off, &extra_output_len)); + buffer0 + s_g2_off, buffer_length - s_g2_off, &extra_output_len)); (void) extra_output_len; /* * When injecting errors in inputs, the implementation is @@ -258,7 +258,7 @@ static void ecjpake_do_round(psa_algorithm_t alg, unsigned int primitive, /* Client first round Output */ PSA_ASSERT(psa_pake_output(client, PSA_PAKE_STEP_KEY_SHARE, buffer1 + buffer1_off, - 512 - buffer1_off, &c_g1_len)); + buffer_length - buffer1_off, &c_g1_len)); TEST_EQUAL(c_g1_len, expected_size_key_share); DO_ROUND_CONDITIONAL_INJECT( ERR_INJECT_ROUND1_CLIENT_KEY_SHARE_PART1, @@ -267,7 +267,7 @@ static void ecjpake_do_round(psa_algorithm_t alg, unsigned int primitive, PSA_ASSERT(psa_pake_output(client, PSA_PAKE_STEP_ZK_PUBLIC, buffer1 + buffer1_off, - 512 - buffer1_off, &c_x1_pk_len)); + buffer_length - buffer1_off, &c_x1_pk_len)); TEST_EQUAL(c_x1_pk_len, expected_size_zk_public); DO_ROUND_CONDITIONAL_INJECT( ERR_INJECT_ROUND1_CLIENT_ZK_PUBLIC_PART1, @@ -276,7 +276,7 @@ static void ecjpake_do_round(psa_algorithm_t alg, unsigned int primitive, PSA_ASSERT(psa_pake_output(client, PSA_PAKE_STEP_ZK_PROOF, buffer1 + buffer1_off, - 512 - buffer1_off, &c_x1_pr_len)); + buffer_length - buffer1_off, &c_x1_pr_len)); TEST_LE_U(c_x1_pr_len, max_expected_size_zk_proof); DO_ROUND_CONDITIONAL_INJECT( ERR_INJECT_ROUND1_CLIENT_ZK_PROOF_PART1, @@ -285,7 +285,7 @@ static void ecjpake_do_round(psa_algorithm_t alg, unsigned int primitive, PSA_ASSERT(psa_pake_output(client, PSA_PAKE_STEP_KEY_SHARE, buffer1 + buffer1_off, - 512 - buffer1_off, &c_g2_len)); + buffer_length - buffer1_off, &c_g2_len)); TEST_EQUAL(c_g2_len, expected_size_key_share); DO_ROUND_CONDITIONAL_INJECT( ERR_INJECT_ROUND1_CLIENT_KEY_SHARE_PART2, @@ -294,7 +294,7 @@ static void ecjpake_do_round(psa_algorithm_t alg, unsigned int primitive, PSA_ASSERT(psa_pake_output(client, PSA_PAKE_STEP_ZK_PUBLIC, buffer1 + buffer1_off, - 512 - buffer1_off, &c_x2_pk_len)); + buffer_length - buffer1_off, &c_x2_pk_len)); TEST_EQUAL(c_x2_pk_len, expected_size_zk_public); DO_ROUND_CONDITIONAL_INJECT( ERR_INJECT_ROUND1_CLIENT_ZK_PUBLIC_PART2, @@ -303,7 +303,7 @@ static void ecjpake_do_round(psa_algorithm_t alg, unsigned int primitive, PSA_ASSERT(psa_pake_output(client, PSA_PAKE_STEP_ZK_PROOF, buffer1 + buffer1_off, - 512 - buffer1_off, &c_x2_pr_len)); + buffer_length - buffer1_off, &c_x2_pr_len)); TEST_LE_U(c_x2_pr_len, max_expected_size_zk_proof); DO_ROUND_CONDITIONAL_INJECT( ERR_INJECT_ROUND1_CLIENT_ZK_PROOF_PART2, @@ -389,7 +389,7 @@ static void ecjpake_do_round(psa_algorithm_t alg, unsigned int primitive, PSA_ASSERT(psa_pake_output(server, PSA_PAKE_STEP_KEY_SHARE, buffer0 + buffer0_off, - 512 - buffer0_off, &s_a_len)); + buffer_length - buffer0_off, &s_a_len)); TEST_EQUAL(s_a_len, expected_size_key_share); DO_ROUND_CONDITIONAL_INJECT( ERR_INJECT_ROUND2_SERVER_KEY_SHARE, @@ -398,7 +398,7 @@ static void ecjpake_do_round(psa_algorithm_t alg, unsigned int primitive, PSA_ASSERT(psa_pake_output(server, PSA_PAKE_STEP_ZK_PUBLIC, buffer0 + buffer0_off, - 512 - buffer0_off, &s_x2s_pk_len)); + buffer_length - buffer0_off, &s_x2s_pk_len)); TEST_EQUAL(s_x2s_pk_len, expected_size_zk_public); DO_ROUND_CONDITIONAL_INJECT( ERR_INJECT_ROUND2_SERVER_ZK_PUBLIC, @@ -407,7 +407,7 @@ static void ecjpake_do_round(psa_algorithm_t alg, unsigned int primitive, PSA_ASSERT(psa_pake_output(server, PSA_PAKE_STEP_ZK_PROOF, buffer0 + buffer0_off, - 512 - buffer0_off, &s_x2s_pr_len)); + buffer_length - buffer0_off, &s_x2s_pr_len)); TEST_LE_U(s_x2s_pr_len, max_expected_size_zk_proof); DO_ROUND_CONDITIONAL_INJECT( ERR_INJECT_ROUND2_SERVER_ZK_PROOF, @@ -443,7 +443,7 @@ static void ecjpake_do_round(psa_algorithm_t alg, unsigned int primitive, PSA_ASSERT(psa_pake_output(client, PSA_PAKE_STEP_KEY_SHARE, buffer1 + buffer1_off, - 512 - buffer1_off, &c_a_len)); + buffer_length - buffer1_off, &c_a_len)); TEST_EQUAL(c_a_len, expected_size_key_share); DO_ROUND_CONDITIONAL_INJECT( ERR_INJECT_ROUND2_CLIENT_KEY_SHARE, @@ -452,7 +452,7 @@ static void ecjpake_do_round(psa_algorithm_t alg, unsigned int primitive, PSA_ASSERT(psa_pake_output(client, PSA_PAKE_STEP_ZK_PUBLIC, buffer1 + buffer1_off, - 512 - buffer1_off, &c_x2s_pk_len)); + buffer_length - buffer1_off, &c_x2s_pk_len)); TEST_EQUAL(c_x2s_pk_len, expected_size_zk_public); DO_ROUND_CONDITIONAL_INJECT( ERR_INJECT_ROUND2_CLIENT_ZK_PUBLIC, @@ -461,7 +461,7 @@ static void ecjpake_do_round(psa_algorithm_t alg, unsigned int primitive, PSA_ASSERT(psa_pake_output(client, PSA_PAKE_STEP_ZK_PROOF, buffer1 + buffer1_off, - 512 - buffer1_off, &c_x2s_pr_len)); + buffer_length - buffer1_off, &c_x2s_pr_len)); TEST_LE_U(c_x2s_pr_len, max_expected_size_zk_proof); DO_ROUND_CONDITIONAL_INJECT( ERR_INJECT_ROUND2_CLIENT_ZK_PROOF, @@ -473,7 +473,7 @@ static void ecjpake_do_round(psa_algorithm_t alg, unsigned int primitive, DO_ROUND_CONDITIONAL_CHECK_FAILURE( ERR_INJECT_EXTRA_OUTPUT_AT_END, psa_pake_output(client, PSA_PAKE_STEP_KEY_SHARE, - buffer1 + c_a_off, 512 - c_a_off, + buffer1 + c_a_off, buffer_length - c_a_off, &extra_output_at_end_len)); (void) extra_output_at_end_len; } From 6076fe486b3de529769db7b95faa1a4c7105eeeb Mon Sep 17 00:00:00 2001 From: David Horstmann Date: Tue, 23 Jan 2024 15:28:51 +0000 Subject: [PATCH 4/6] Generate poisoning in PAKE test wrappers Enable memory poisoning for all functions whose names start with 'psa_pake'. Regenerate the wrappers and commit the result. Signed-off-by: David Horstmann --- tests/scripts/generate_psa_wrappers.py | 3 ++- tests/src/psa_test_wrappers.c | 24 ++++++++++++++++++++++++ 2 files changed, 26 insertions(+), 1 deletion(-) diff --git a/tests/scripts/generate_psa_wrappers.py b/tests/scripts/generate_psa_wrappers.py index e5b4256f5e..8aad113cd3 100755 --- a/tests/scripts/generate_psa_wrappers.py +++ b/tests/scripts/generate_psa_wrappers.py @@ -142,7 +142,8 @@ class PSAWrapperGenerator(c_wrapper_generator.Base): _buffer_name: Optional[str]) -> bool: """Whether the specified buffer argument to a PSA function should be copied. """ - # Proof-of-concept: just instrument one function for now + if function_name.startswith('psa_pake'): + return True if function_name == 'psa_cipher_encrypt': return True return False diff --git a/tests/src/psa_test_wrappers.c b/tests/src/psa_test_wrappers.c index 3a3aaade9a..615a1b0422 100644 --- a/tests/src/psa_test_wrappers.c +++ b/tests/src/psa_test_wrappers.c @@ -778,7 +778,13 @@ psa_status_t mbedtls_test_wrap_psa_pake_input( const uint8_t *arg2_input, size_t arg3_input_length) { +#if defined(MBEDTLS_PSA_COPY_CALLER_BUFFERS) + MBEDTLS_TEST_MEMORY_POISON(arg2_input, arg3_input_length); +#endif /* defined(MBEDTLS_PSA_COPY_CALLER_BUFFERS) */ psa_status_t status = (psa_pake_input)(arg0_operation, arg1_step, arg2_input, arg3_input_length); +#if defined(MBEDTLS_PSA_COPY_CALLER_BUFFERS) + MBEDTLS_TEST_MEMORY_UNPOISON(arg2_input, arg3_input_length); +#endif /* defined(MBEDTLS_PSA_COPY_CALLER_BUFFERS) */ return status; } @@ -790,7 +796,13 @@ psa_status_t mbedtls_test_wrap_psa_pake_output( size_t arg3_output_size, size_t *arg4_output_length) { +#if defined(MBEDTLS_PSA_COPY_CALLER_BUFFERS) + MBEDTLS_TEST_MEMORY_POISON(arg2_output, arg3_output_size); +#endif /* defined(MBEDTLS_PSA_COPY_CALLER_BUFFERS) */ psa_status_t status = (psa_pake_output)(arg0_operation, arg1_step, arg2_output, arg3_output_size, arg4_output_length); +#if defined(MBEDTLS_PSA_COPY_CALLER_BUFFERS) + MBEDTLS_TEST_MEMORY_UNPOISON(arg2_output, arg3_output_size); +#endif /* defined(MBEDTLS_PSA_COPY_CALLER_BUFFERS) */ return status; } @@ -809,7 +821,13 @@ psa_status_t mbedtls_test_wrap_psa_pake_set_peer( const uint8_t *arg1_peer_id, size_t arg2_peer_id_len) { +#if defined(MBEDTLS_PSA_COPY_CALLER_BUFFERS) + MBEDTLS_TEST_MEMORY_POISON(arg1_peer_id, arg2_peer_id_len); +#endif /* defined(MBEDTLS_PSA_COPY_CALLER_BUFFERS) */ psa_status_t status = (psa_pake_set_peer)(arg0_operation, arg1_peer_id, arg2_peer_id_len); +#if defined(MBEDTLS_PSA_COPY_CALLER_BUFFERS) + MBEDTLS_TEST_MEMORY_UNPOISON(arg1_peer_id, arg2_peer_id_len); +#endif /* defined(MBEDTLS_PSA_COPY_CALLER_BUFFERS) */ return status; } @@ -828,7 +846,13 @@ psa_status_t mbedtls_test_wrap_psa_pake_set_user( const uint8_t *arg1_user_id, size_t arg2_user_id_len) { +#if defined(MBEDTLS_PSA_COPY_CALLER_BUFFERS) + MBEDTLS_TEST_MEMORY_POISON(arg1_user_id, arg2_user_id_len); +#endif /* defined(MBEDTLS_PSA_COPY_CALLER_BUFFERS) */ psa_status_t status = (psa_pake_set_user)(arg0_operation, arg1_user_id, arg2_user_id_len); +#if defined(MBEDTLS_PSA_COPY_CALLER_BUFFERS) + MBEDTLS_TEST_MEMORY_UNPOISON(arg1_user_id, arg2_user_id_len); +#endif /* defined(MBEDTLS_PSA_COPY_CALLER_BUFFERS) */ return status; } From 433a58c170844bef924c813ce5498f8e35caa8e2 Mon Sep 17 00:00:00 2001 From: David Horstmann Date: Thu, 25 Jan 2024 16:29:26 +0000 Subject: [PATCH 5/6] Fix magic numbers in more J-PAKE tests In the ecjpake_do_round(), fix a magic number that was causing buffer size to be incorrectly advertised. Followup of 'Fix magic number buffer length in J-PAKE tests' for what seem to be duplicate tests. Signed-off-by: David Horstmann --- tests/suites/test_suite_psa_crypto.function | 36 +++++++++---------- ..._suite_psa_crypto_driver_wrappers.function | 36 +++++++++---------- 2 files changed, 36 insertions(+), 36 deletions(-) diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function index 1962f7b33e..cb4315b773 100644 --- a/tests/suites/test_suite_psa_crypto.function +++ b/tests/suites/test_suite_psa_crypto.function @@ -740,37 +740,37 @@ static void ecjpake_do_round(psa_algorithm_t alg, unsigned int primitive, /* Server first round Output */ PSA_ASSERT(psa_pake_output(server, PSA_PAKE_STEP_KEY_SHARE, buffer0 + buffer0_off, - 512 - buffer0_off, &s_g1_len)); + buffer_length - buffer0_off, &s_g1_len)); TEST_EQUAL(s_g1_len, expected_size_key_share); s_g1_off = buffer0_off; buffer0_off += s_g1_len; PSA_ASSERT(psa_pake_output(server, PSA_PAKE_STEP_ZK_PUBLIC, buffer0 + buffer0_off, - 512 - buffer0_off, &s_x1_pk_len)); + buffer_length - buffer0_off, &s_x1_pk_len)); TEST_EQUAL(s_x1_pk_len, expected_size_zk_public); s_x1_pk_off = buffer0_off; buffer0_off += s_x1_pk_len; PSA_ASSERT(psa_pake_output(server, PSA_PAKE_STEP_ZK_PROOF, buffer0 + buffer0_off, - 512 - buffer0_off, &s_x1_pr_len)); + buffer_length - buffer0_off, &s_x1_pr_len)); TEST_LE_U(s_x1_pr_len, max_expected_size_zk_proof); s_x1_pr_off = buffer0_off; buffer0_off += s_x1_pr_len; PSA_ASSERT(psa_pake_output(server, PSA_PAKE_STEP_KEY_SHARE, buffer0 + buffer0_off, - 512 - buffer0_off, &s_g2_len)); + buffer_length - buffer0_off, &s_g2_len)); TEST_EQUAL(s_g2_len, expected_size_key_share); s_g2_off = buffer0_off; buffer0_off += s_g2_len; PSA_ASSERT(psa_pake_output(server, PSA_PAKE_STEP_ZK_PUBLIC, buffer0 + buffer0_off, - 512 - buffer0_off, &s_x2_pk_len)); + buffer_length - buffer0_off, &s_x2_pk_len)); TEST_EQUAL(s_x2_pk_len, expected_size_zk_public); s_x2_pk_off = buffer0_off; buffer0_off += s_x2_pk_len; PSA_ASSERT(psa_pake_output(server, PSA_PAKE_STEP_ZK_PROOF, buffer0 + buffer0_off, - 512 - buffer0_off, &s_x2_pr_len)); + buffer_length - buffer0_off, &s_x2_pr_len)); TEST_LE_U(s_x2_pr_len, max_expected_size_zk_proof); s_x2_pr_off = buffer0_off; buffer0_off += s_x2_pr_len; @@ -860,37 +860,37 @@ static void ecjpake_do_round(psa_algorithm_t alg, unsigned int primitive, /* Client first round Output */ PSA_ASSERT(psa_pake_output(client, PSA_PAKE_STEP_KEY_SHARE, buffer1 + buffer1_off, - 512 - buffer1_off, &c_g1_len)); + buffer_length - buffer1_off, &c_g1_len)); TEST_EQUAL(c_g1_len, expected_size_key_share); c_g1_off = buffer1_off; buffer1_off += c_g1_len; PSA_ASSERT(psa_pake_output(client, PSA_PAKE_STEP_ZK_PUBLIC, buffer1 + buffer1_off, - 512 - buffer1_off, &c_x1_pk_len)); + buffer_length - buffer1_off, &c_x1_pk_len)); TEST_EQUAL(c_x1_pk_len, expected_size_zk_public); c_x1_pk_off = buffer1_off; buffer1_off += c_x1_pk_len; PSA_ASSERT(psa_pake_output(client, PSA_PAKE_STEP_ZK_PROOF, buffer1 + buffer1_off, - 512 - buffer1_off, &c_x1_pr_len)); + buffer_length - buffer1_off, &c_x1_pr_len)); TEST_LE_U(c_x1_pr_len, max_expected_size_zk_proof); c_x1_pr_off = buffer1_off; buffer1_off += c_x1_pr_len; PSA_ASSERT(psa_pake_output(client, PSA_PAKE_STEP_KEY_SHARE, buffer1 + buffer1_off, - 512 - buffer1_off, &c_g2_len)); + buffer_length - buffer1_off, &c_g2_len)); TEST_EQUAL(c_g2_len, expected_size_key_share); c_g2_off = buffer1_off; buffer1_off += c_g2_len; PSA_ASSERT(psa_pake_output(client, PSA_PAKE_STEP_ZK_PUBLIC, buffer1 + buffer1_off, - 512 - buffer1_off, &c_x2_pk_len)); + buffer_length - buffer1_off, &c_x2_pk_len)); TEST_EQUAL(c_x2_pk_len, expected_size_zk_public); c_x2_pk_off = buffer1_off; buffer1_off += c_x2_pk_len; PSA_ASSERT(psa_pake_output(client, PSA_PAKE_STEP_ZK_PROOF, buffer1 + buffer1_off, - 512 - buffer1_off, &c_x2_pr_len)); + buffer_length - buffer1_off, &c_x2_pr_len)); TEST_LE_U(c_x2_pr_len, max_expected_size_zk_proof); c_x2_pr_off = buffer1_off; buffer1_off += c_x2_pr_len; @@ -1038,19 +1038,19 @@ static void ecjpake_do_round(psa_algorithm_t alg, unsigned int primitive, PSA_ASSERT(psa_pake_output(server, PSA_PAKE_STEP_KEY_SHARE, buffer0 + buffer0_off, - 512 - buffer0_off, &s_a_len)); + buffer_length - buffer0_off, &s_a_len)); TEST_EQUAL(s_a_len, expected_size_key_share); s_a_off = buffer0_off; buffer0_off += s_a_len; PSA_ASSERT(psa_pake_output(server, PSA_PAKE_STEP_ZK_PUBLIC, buffer0 + buffer0_off, - 512 - buffer0_off, &s_x2s_pk_len)); + buffer_length - buffer0_off, &s_x2s_pk_len)); TEST_EQUAL(s_x2s_pk_len, expected_size_zk_public); s_x2s_pk_off = buffer0_off; buffer0_off += s_x2s_pk_len; PSA_ASSERT(psa_pake_output(server, PSA_PAKE_STEP_ZK_PROOF, buffer0 + buffer0_off, - 512 - buffer0_off, &s_x2s_pr_len)); + buffer_length - buffer0_off, &s_x2s_pr_len)); TEST_LE_U(s_x2s_pr_len, max_expected_size_zk_proof); s_x2s_pr_off = buffer0_off; buffer0_off += s_x2s_pr_len; @@ -1103,19 +1103,19 @@ static void ecjpake_do_round(psa_algorithm_t alg, unsigned int primitive, PSA_ASSERT(psa_pake_output(client, PSA_PAKE_STEP_KEY_SHARE, buffer1 + buffer1_off, - 512 - buffer1_off, &c_a_len)); + buffer_length - buffer1_off, &c_a_len)); TEST_EQUAL(c_a_len, expected_size_key_share); c_a_off = buffer1_off; buffer1_off += c_a_len; PSA_ASSERT(psa_pake_output(client, PSA_PAKE_STEP_ZK_PUBLIC, buffer1 + buffer1_off, - 512 - buffer1_off, &c_x2s_pk_len)); + buffer_length - buffer1_off, &c_x2s_pk_len)); TEST_EQUAL(c_x2s_pk_len, expected_size_zk_public); c_x2s_pk_off = buffer1_off; buffer1_off += c_x2s_pk_len; PSA_ASSERT(psa_pake_output(client, PSA_PAKE_STEP_ZK_PROOF, buffer1 + buffer1_off, - 512 - buffer1_off, &c_x2s_pr_len)); + buffer_length - buffer1_off, &c_x2s_pr_len)); TEST_LE_U(c_x2s_pr_len, max_expected_size_zk_proof); c_x2s_pr_off = buffer1_off; buffer1_off += c_x2s_pr_len; diff --git a/tests/suites/test_suite_psa_crypto_driver_wrappers.function b/tests/suites/test_suite_psa_crypto_driver_wrappers.function index 69dda357ec..b9dce4368c 100644 --- a/tests/suites/test_suite_psa_crypto_driver_wrappers.function +++ b/tests/suites/test_suite_psa_crypto_driver_wrappers.function @@ -57,7 +57,7 @@ static void ecjpake_do_round(psa_algorithm_t alg, unsigned int primitive, /* Server first round Output */ PSA_ASSERT(psa_pake_output(server, PSA_PAKE_STEP_KEY_SHARE, buffer0 + buffer0_off, - 512 - buffer0_off, &s_g1_len)); + buffer_length - buffer0_off, &s_g1_len)); TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); TEST_EQUAL(s_g1_len, expected_size_key_share); @@ -65,7 +65,7 @@ static void ecjpake_do_round(psa_algorithm_t alg, unsigned int primitive, buffer0_off += s_g1_len; PSA_ASSERT(psa_pake_output(server, PSA_PAKE_STEP_ZK_PUBLIC, buffer0 + buffer0_off, - 512 - buffer0_off, &s_x1_pk_len)); + buffer_length - buffer0_off, &s_x1_pk_len)); TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); TEST_EQUAL(s_x1_pk_len, expected_size_zk_public); @@ -73,7 +73,7 @@ static void ecjpake_do_round(psa_algorithm_t alg, unsigned int primitive, buffer0_off += s_x1_pk_len; PSA_ASSERT(psa_pake_output(server, PSA_PAKE_STEP_ZK_PROOF, buffer0 + buffer0_off, - 512 - buffer0_off, &s_x1_pr_len)); + buffer_length - buffer0_off, &s_x1_pr_len)); TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); TEST_LE_U(s_x1_pr_len, max_expected_size_zk_proof); @@ -81,7 +81,7 @@ static void ecjpake_do_round(psa_algorithm_t alg, unsigned int primitive, buffer0_off += s_x1_pr_len; PSA_ASSERT(psa_pake_output(server, PSA_PAKE_STEP_KEY_SHARE, buffer0 + buffer0_off, - 512 - buffer0_off, &s_g2_len)); + buffer_length - buffer0_off, &s_g2_len)); TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); TEST_EQUAL(s_g2_len, expected_size_key_share); @@ -89,7 +89,7 @@ static void ecjpake_do_round(psa_algorithm_t alg, unsigned int primitive, buffer0_off += s_g2_len; PSA_ASSERT(psa_pake_output(server, PSA_PAKE_STEP_ZK_PUBLIC, buffer0 + buffer0_off, - 512 - buffer0_off, &s_x2_pk_len)); + buffer_length - buffer0_off, &s_x2_pk_len)); TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); TEST_EQUAL(s_x2_pk_len, expected_size_zk_public); @@ -97,7 +97,7 @@ static void ecjpake_do_round(psa_algorithm_t alg, unsigned int primitive, buffer0_off += s_x2_pk_len; PSA_ASSERT(psa_pake_output(server, PSA_PAKE_STEP_ZK_PROOF, buffer0 + buffer0_off, - 512 - buffer0_off, &s_x2_pr_len)); + buffer_length - buffer0_off, &s_x2_pr_len)); TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); TEST_LE_U(s_x2_pr_len, max_expected_size_zk_proof); @@ -154,7 +154,7 @@ static void ecjpake_do_round(psa_algorithm_t alg, unsigned int primitive, /* Client first round Output */ PSA_ASSERT(psa_pake_output(client, PSA_PAKE_STEP_KEY_SHARE, buffer1 + buffer1_off, - 512 - buffer1_off, &c_g1_len)); + buffer_length - buffer1_off, &c_g1_len)); TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); TEST_EQUAL(c_g1_len, expected_size_key_share); @@ -162,7 +162,7 @@ static void ecjpake_do_round(psa_algorithm_t alg, unsigned int primitive, buffer1_off += c_g1_len; PSA_ASSERT(psa_pake_output(client, PSA_PAKE_STEP_ZK_PUBLIC, buffer1 + buffer1_off, - 512 - buffer1_off, &c_x1_pk_len)); + buffer_length - buffer1_off, &c_x1_pk_len)); TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); TEST_EQUAL(c_x1_pk_len, expected_size_zk_public); @@ -170,7 +170,7 @@ static void ecjpake_do_round(psa_algorithm_t alg, unsigned int primitive, buffer1_off += c_x1_pk_len; PSA_ASSERT(psa_pake_output(client, PSA_PAKE_STEP_ZK_PROOF, buffer1 + buffer1_off, - 512 - buffer1_off, &c_x1_pr_len)); + buffer_length - buffer1_off, &c_x1_pr_len)); TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); TEST_LE_U(c_x1_pr_len, max_expected_size_zk_proof); @@ -178,7 +178,7 @@ static void ecjpake_do_round(psa_algorithm_t alg, unsigned int primitive, buffer1_off += c_x1_pr_len; PSA_ASSERT(psa_pake_output(client, PSA_PAKE_STEP_KEY_SHARE, buffer1 + buffer1_off, - 512 - buffer1_off, &c_g2_len)); + buffer_length - buffer1_off, &c_g2_len)); TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); TEST_EQUAL(c_g2_len, expected_size_key_share); @@ -186,7 +186,7 @@ static void ecjpake_do_round(psa_algorithm_t alg, unsigned int primitive, buffer1_off += c_g2_len; PSA_ASSERT(psa_pake_output(client, PSA_PAKE_STEP_ZK_PUBLIC, buffer1 + buffer1_off, - 512 - buffer1_off, &c_x2_pk_len)); + buffer_length - buffer1_off, &c_x2_pk_len)); TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); TEST_EQUAL(c_x2_pk_len, expected_size_zk_public); @@ -194,7 +194,7 @@ static void ecjpake_do_round(psa_algorithm_t alg, unsigned int primitive, buffer1_off += c_x2_pk_len; PSA_ASSERT(psa_pake_output(client, PSA_PAKE_STEP_ZK_PROOF, buffer1 + buffer1_off, - 512 - buffer1_off, &c_x2_pr_len)); + buffer_length - buffer1_off, &c_x2_pr_len)); TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); TEST_LE_U(c_x2_pr_len, max_expected_size_zk_proof); @@ -290,7 +290,7 @@ static void ecjpake_do_round(psa_algorithm_t alg, unsigned int primitive, PSA_ASSERT(psa_pake_output(server, PSA_PAKE_STEP_KEY_SHARE, buffer0 + buffer0_off, - 512 - buffer0_off, &s_a_len)); + buffer_length - buffer0_off, &s_a_len)); TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); TEST_EQUAL(s_a_len, expected_size_key_share); @@ -298,7 +298,7 @@ static void ecjpake_do_round(psa_algorithm_t alg, unsigned int primitive, buffer0_off += s_a_len; PSA_ASSERT(psa_pake_output(server, PSA_PAKE_STEP_ZK_PUBLIC, buffer0 + buffer0_off, - 512 - buffer0_off, &s_x2s_pk_len)); + buffer_length - buffer0_off, &s_x2s_pk_len)); TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); TEST_EQUAL(s_x2s_pk_len, expected_size_zk_public); @@ -306,7 +306,7 @@ static void ecjpake_do_round(psa_algorithm_t alg, unsigned int primitive, buffer0_off += s_x2s_pk_len; PSA_ASSERT(psa_pake_output(server, PSA_PAKE_STEP_ZK_PROOF, buffer0 + buffer0_off, - 512 - buffer0_off, &s_x2s_pr_len)); + buffer_length - buffer0_off, &s_x2s_pr_len)); TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); TEST_LE_U(s_x2s_pr_len, max_expected_size_zk_proof); @@ -341,7 +341,7 @@ static void ecjpake_do_round(psa_algorithm_t alg, unsigned int primitive, PSA_ASSERT(psa_pake_output(client, PSA_PAKE_STEP_KEY_SHARE, buffer1 + buffer1_off, - 512 - buffer1_off, &c_a_len)); + buffer_length - buffer1_off, &c_a_len)); TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); TEST_EQUAL(c_a_len, expected_size_key_share); @@ -349,7 +349,7 @@ static void ecjpake_do_round(psa_algorithm_t alg, unsigned int primitive, buffer1_off += c_a_len; PSA_ASSERT(psa_pake_output(client, PSA_PAKE_STEP_ZK_PUBLIC, buffer1 + buffer1_off, - 512 - buffer1_off, &c_x2s_pk_len)); + buffer_length - buffer1_off, &c_x2s_pk_len)); TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); TEST_EQUAL(c_x2s_pk_len, expected_size_zk_public); @@ -357,7 +357,7 @@ static void ecjpake_do_round(psa_algorithm_t alg, unsigned int primitive, buffer1_off += c_x2s_pk_len; PSA_ASSERT(psa_pake_output(client, PSA_PAKE_STEP_ZK_PROOF, buffer1 + buffer1_off, - 512 - buffer1_off, &c_x2s_pr_len)); + buffer_length - buffer1_off, &c_x2s_pr_len)); TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); TEST_LE_U(c_x2s_pr_len, max_expected_size_zk_proof); From 7175d71328fb7962b622c78ec366dab05890ca10 Mon Sep 17 00:00:00 2001 From: David Horstmann Date: Fri, 9 Feb 2024 18:20:05 +0000 Subject: [PATCH 6/6] Remove unnecessary setting of status variable The status is guaranteed to be PSA_SUCCESS at these points, so setting them is redundant. Signed-off-by: David Horstmann --- library/psa_crypto.c | 2 -- 1 file changed, 2 deletions(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index dfb97ee09d..a671c7f62a 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -8413,7 +8413,6 @@ psa_status_t psa_pake_output( goto exit; } - status = PSA_SUCCESS; exit: LOCAL_OUTPUT_FREE(output_external, output); if (status != PSA_SUCCESS) { @@ -8491,7 +8490,6 @@ psa_status_t psa_pake_input( goto exit; } - status = PSA_SUCCESS; exit: LOCAL_INPUT_FREE(input_external, input); if (status != PSA_SUCCESS) {