From 9a5b812aa812032a266b111a0667b33dff0ee10b Mon Sep 17 00:00:00 2001 From: Przemek Stekiel Date: Thu, 22 Dec 2022 13:34:47 +0100 Subject: [PATCH] Cleanup the code Signed-off-by: Przemek Stekiel --- library/psa_crypto.c | 44 +++++++++++-------- library/psa_crypto_pake.c | 19 +------- tests/scripts/all.sh | 4 +- ..._suite_psa_crypto_driver_wrappers.function | 4 +- 4 files changed, 32 insertions(+), 39 deletions(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 0bb751b01..f7b0270c1 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -898,7 +898,7 @@ static psa_status_t psa_get_and_lock_key_slot_with_policy( psa_algorithm_t alg) { psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - psa_key_slot_t *slot; + psa_key_slot_t *slot = NULL; status = psa_get_and_lock_key_slot(key, p_slot); if (status != PSA_SUCCESS) { @@ -7180,9 +7180,6 @@ psa_status_t psa_pake_setup( psa_pake_operation_t *operation, const psa_pake_cipher_suite_t *cipher_suite) { - psa_jpake_computation_stage_t *computation_stage = - &operation->computation_stage.data.jpake_computation_stage; - if (operation->stage != PSA_PAKE_OPERATION_STAGE_COLLECT_INPUTS) { return PSA_ERROR_BAD_STATE; } @@ -7205,6 +7202,9 @@ psa_status_t psa_pake_setup( operation->data.inputs.cipher_suite = *cipher_suite; if (operation->alg == PSA_ALG_JPAKE) { + psa_jpake_computation_stage_t *computation_stage = + &operation->computation_stage.data.jpake_computation_stage; + computation_stage->state = PSA_PAKE_STATE_SETUP; computation_stage->sequence = PSA_PAKE_SEQ_INVALID; computation_stage->input_step = PSA_PAKE_STEP_X1_X2; @@ -7260,7 +7260,6 @@ psa_status_t psa_pake_set_password_key( operation->data.inputs.key_lifetime = attributes.core.lifetime; error: unlock_status = psa_unlock_key_slot(slot); - return (status == PSA_SUCCESS) ? unlock_status : status; } @@ -7603,7 +7602,6 @@ static psa_status_t psa_jpake_input_prologue( return PSA_SUCCESS; } - static psa_status_t psa_jpake_input_epilogue( psa_pake_operation_t *operation) { @@ -7624,7 +7622,6 @@ static psa_status_t psa_jpake_input_epilogue( return PSA_SUCCESS; } - psa_status_t psa_pake_input( psa_pake_operation_t *operation, psa_pake_step_t step, @@ -7733,27 +7730,38 @@ psa_status_t psa_pake_get_implicit_key( psa_status_t psa_pake_abort( psa_pake_operation_t *operation) { - psa_jpake_computation_stage_t *computation_stage = - &operation->computation_stage.data.jpake_computation_stage; + psa_status_t status = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - /* If we are in collecting inputs stage clear inputs. */ - if (operation->stage == PSA_PAKE_OPERATION_STAGE_COLLECT_INPUTS) { - if (operation->data.inputs.password_len > 0) { - mbedtls_platform_zeroize(operation->data.inputs.password, - operation->data.inputs.password_len); - mbedtls_free(operation->data.inputs.password); + if (operation->id != 0) { + status = psa_driver_wrapper_pake_abort(operation); + if (status != PSA_SUCCESS) { + return status; } - memset(&operation->data.inputs, 0, sizeof(psa_crypto_driver_pake_inputs_t)); - return PSA_SUCCESS; } + + if (operation->data.inputs.password_len > 0) { + mbedtls_platform_zeroize(operation->data.inputs.password, + operation->data.inputs.password_len); + mbedtls_free(operation->data.inputs.password); + } + + memset(&operation->data, 0, sizeof(operation->data)); + if (operation->alg == PSA_ALG_JPAKE) { + psa_jpake_computation_stage_t *computation_stage = + &operation->computation_stage.data.jpake_computation_stage; + computation_stage->input_step = PSA_PAKE_STEP_INVALID; computation_stage->output_step = PSA_PAKE_STEP_INVALID; computation_stage->state = PSA_PAKE_STATE_INVALID; computation_stage->sequence = PSA_PAKE_SEQ_INVALID; } - return psa_driver_wrapper_pake_abort(operation); + operation->alg = PSA_ALG_NONE; + operation->stage = PSA_PAKE_OPERATION_STAGE_COLLECT_INPUTS; + operation->id = 0; + + return PSA_SUCCESS; } #endif /* MBEDTLS_PSA_CRYPTO_C */ diff --git a/library/psa_crypto_pake.c b/library/psa_crypto_pake.c index 01998a6d5..a238147cb 100644 --- a/library/psa_crypto_pake.c +++ b/library/psa_crypto_pake.c @@ -274,11 +274,7 @@ static psa_status_t mbedtls_psa_pake_output_internal( { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t length; - (void) step; - - if (operation->alg == PSA_ALG_NONE) { - return PSA_ERROR_BAD_STATE; - } + (void) step; // Unused parameter #if defined(MBEDTLS_PSA_BUILTIN_ALG_JPAKE) /* @@ -412,10 +408,7 @@ static psa_status_t mbedtls_psa_pake_input_internal( size_t input_length) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - (void) step; - if (operation->alg == PSA_ALG_NONE) { - return PSA_ERROR_BAD_STATE; - } + (void) step; // Unused parameter #if defined(MBEDTLS_PSA_BUILTIN_ALG_JPAKE) /* @@ -528,10 +521,6 @@ psa_status_t mbedtls_psa_pake_get_implicit_key( { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - if (operation->alg == PSA_ALG_NONE) { - return PSA_ERROR_BAD_STATE; - } - #if defined(MBEDTLS_PSA_BUILTIN_ALG_JPAKE) if (operation->alg == PSA_ALG_JPAKE) { ret = mbedtls_ecjpake_write_shared_key(&operation->ctx.pake, @@ -562,10 +551,6 @@ psa_status_t mbedtls_psa_pake_get_implicit_key( psa_status_t mbedtls_psa_pake_abort(mbedtls_psa_pake_operation_t *operation) { - if (operation->alg == PSA_ALG_NONE) { - return PSA_SUCCESS; - } - #if defined(MBEDTLS_PSA_BUILTIN_ALG_JPAKE) if (operation->alg == PSA_ALG_JPAKE) { diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index e75767475..98060d720 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -2524,7 +2524,7 @@ component_test_psa_crypto_config_accel_pake () { } component_test_psa_crypto_config_accel_pake_no_fallback () { - msg "test: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated PAKE" + msg "test: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated PAKE - no fallback" # Start with full scripts/config.py full @@ -2550,7 +2550,7 @@ component_test_psa_crypto_config_accel_pake_no_fallback () { loc_accel_flags="$loc_accel_flags $( echo "$loc_accel_list" | sed 's/[^ ]* */-DMBEDTLS_PSA_ACCEL_&/g' )" make CFLAGS="$ASAN_CFLAGS -Werror -I../tests/include -I../tests -I../../tests -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_TEST_LIBTESTDRIVER1 $loc_accel_flags" LDFLAGS="-ltestdriver1 $ASAN_CFLAGS" - msg "test: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated PAKE" + msg "test: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated PAKE - no fallback" make test } diff --git a/tests/suites/test_suite_psa_crypto_driver_wrappers.function b/tests/suites/test_suite_psa_crypto_driver_wrappers.function index 0f376efe0..f718349f9 100644 --- a/tests/suites/test_suite_psa_crypto_driver_wrappers.function +++ b/tests/suites/test_suite_psa_crypto_driver_wrappers.function @@ -3248,7 +3248,7 @@ void ecjpake_rounds(int alg_arg, int primitive_arg, int hash_arg, ecjpake_do_round(alg, primitive_arg, &server, &client, client_input_first, 2); - /* After get the key is obtained operation is aborted. + /* After the key is obtained operation is aborted. Adapt counter of expected hits. */ if (pake_in_driver) { pake_expected_hit_count++; @@ -3258,7 +3258,7 @@ void ecjpake_rounds(int alg_arg, int primitive_arg, int hash_arg, TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits, pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); - /* After get the key is obtained operation is aborted. + /* After the key is obtained operation is aborted. Adapt counter of expected hits. */ if (pake_in_driver) { pake_expected_hit_count++;