From a1ace9c4948612357ee6db31473d8caa7d5ce8ff Mon Sep 17 00:00:00 2001
From: Gilles Peskine <Gilles.Peskine@arm.com>
Date: Fri, 26 Apr 2019 16:03:33 +0200
Subject: [PATCH] Call psa_reset_key_attributes after psa_get_key_attributes

After calling psa_get_key_attributes(), call
psa_reset_key_attributes() if the key may have domain parameters,
because that's the way to free the domain parameter substructure in
the attribute structure. Keep not calling reset() in some places where
the key can only be a symmetric key which doesn't have domain
parameters.
---
 tests/suites/test_suite_psa_crypto.function   | 27 ++++++++++++++++++-
 ...t_suite_psa_crypto_persistent_key.function |  2 ++
 2 files changed, 28 insertions(+), 1 deletion(-)

diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function
index 152f7e998..8bf67e63e 100644
--- a/tests/suites/test_suite_psa_crypto.function
+++ b/tests/suites/test_suite_psa_crypto.function
@@ -598,6 +598,7 @@ static psa_status_t key_agreement_with_self( psa_crypto_generator_t *generator,
                                 public_key, public_key_length );
 exit:
     mbedtls_free( public_key );
+    psa_reset_key_attributes( &attributes );
     return( status );
 }
 
@@ -635,6 +636,7 @@ static psa_status_t raw_key_agreement_with_self( psa_algorithm_t alg,
         output, sizeof( output ), &output_length );
 exit:
     mbedtls_free( public_key );
+    psa_reset_key_attributes( &attributes );
     return( status );
 }
 
@@ -936,7 +938,8 @@ static int exercise_export_key( psa_key_handle_t handle,
     {
         TEST_EQUAL( psa_export_key( handle, NULL, 0, &exported_length ),
                     PSA_ERROR_NOT_PERMITTED );
-        return( 1 );
+        ok = 1;
+        goto exit;
     }
 
     exported_size = PSA_KEY_EXPORT_MAX_SIZE( psa_get_key_type( &attributes ),
@@ -952,6 +955,7 @@ static int exercise_export_key( psa_key_handle_t handle,
 
 exit:
     mbedtls_free( exported );
+    psa_reset_key_attributes( &attributes );
     return( ok );
 }
 
@@ -987,6 +991,7 @@ static int exercise_export_public_key( psa_key_handle_t handle )
 
 exit:
     mbedtls_free( exported );
+    psa_reset_key_attributes( &attributes );
     return( ok );
 }
 
@@ -1224,6 +1229,7 @@ void import( data_t *data, int type_arg, int expected_status_arg )
 
 exit:
     psa_destroy_key( handle );
+    psa_reset_key_attributes( &got_attributes );
     mbedtls_psa_crypto_free( );
 }
 /* END_CASE */
@@ -1354,6 +1360,7 @@ destroy:
 exit:
     mbedtls_free( exported );
     mbedtls_free( reexported );
+    psa_reset_key_attributes( &got_attributes );
     mbedtls_psa_crypto_free( );
 }
 /* END_CASE */
@@ -1417,6 +1424,7 @@ void import_export_public_key( data_t *data,
 exit:
     mbedtls_free( exported );
     psa_destroy_key( handle );
+    psa_reset_key_attributes( &attributes );
     mbedtls_psa_crypto_free( );
 }
 /* END_CASE */
@@ -1458,6 +1466,7 @@ void import_and_exercise_key( data_t *data,
 
 exit:
     psa_destroy_key( handle );
+    psa_reset_key_attributes( &got_attributes );
     mbedtls_psa_crypto_free( );
 }
 /* END_CASE */
@@ -1489,6 +1498,7 @@ void key_policy( int usage_arg, int alg_arg )
 
 exit:
     psa_destroy_key( handle );
+    psa_reset_key_attributes( &attributes );
     mbedtls_psa_crypto_free( );
 }
 /* END_CASE */
@@ -1733,6 +1743,7 @@ void asymmetric_encryption_key_policy( int policy_usage,
 
 exit:
     psa_destroy_key( handle );
+    psa_reset_key_attributes( &attributes );
     mbedtls_psa_crypto_free( );
     mbedtls_free( buffer );
 }
@@ -1977,6 +1988,8 @@ void copy_key( int source_usage_arg, int source_alg_arg,
     PSA_ASSERT( psa_close_key( target_handle ) );
 
 exit:
+    psa_reset_key_attributes( &source_attributes );
+    psa_reset_key_attributes( &target_attributes );
     mbedtls_psa_crypto_free( );
     mbedtls_free( export_buffer );
 }
@@ -3488,6 +3501,7 @@ void sign_deterministic( int key_type_arg, data_t *key_data,
                     signature, signature_length );
 
 exit:
+    psa_reset_key_attributes( &attributes );
     psa_destroy_key( handle );
     mbedtls_free( signature );
     mbedtls_psa_crypto_free( );
@@ -3532,6 +3546,7 @@ void sign_fail( int key_type_arg, data_t *key_data,
     TEST_ASSERT( signature_length <= signature_size );
 
 exit:
+    psa_reset_key_attributes( &attributes );
     psa_destroy_key( handle );
     mbedtls_free( signature );
     mbedtls_psa_crypto_free( );
@@ -3598,6 +3613,7 @@ void sign_verify( int key_type_arg, data_t *key_data,
     }
 
 exit:
+    psa_reset_key_attributes( &attributes );
     psa_destroy_key( handle );
     mbedtls_free( signature );
     mbedtls_psa_crypto_free( );
@@ -3630,6 +3646,7 @@ void asymmetric_verify( int key_type_arg, data_t *key_data,
                                        signature_data->x,
                                        signature_data->len ) );
 exit:
+    psa_reset_key_attributes( &attributes );
     psa_destroy_key( handle );
     mbedtls_psa_crypto_free( );
 }
@@ -3665,6 +3682,7 @@ void asymmetric_verify_fail( int key_type_arg, data_t *key_data,
     TEST_EQUAL( actual_status, expected_status );
 
 exit:
+    psa_reset_key_attributes( &attributes );
     psa_destroy_key( handle );
     mbedtls_psa_crypto_free( );
 }
@@ -3732,6 +3750,7 @@ void asymmetric_encrypt( int key_type_arg,
     }
 
 exit:
+    psa_reset_key_attributes( &attributes );
     psa_destroy_key( handle );
     mbedtls_free( output );
     mbedtls_psa_crypto_free( );
@@ -3795,6 +3814,7 @@ void asymmetric_encrypt_decrypt( int key_type_arg,
                     output2, output2_length );
 
 exit:
+    psa_reset_key_attributes( &attributes );
     psa_destroy_key( handle );
     mbedtls_free( output );
     mbedtls_free( output2 );
@@ -3857,6 +3877,7 @@ void asymmetric_decrypt( int key_type_arg,
     }
 
 exit:
+    psa_reset_key_attributes( &attributes );
     psa_destroy_key( handle );
     mbedtls_free( output );
     mbedtls_psa_crypto_free( );
@@ -3918,6 +3939,7 @@ void asymmetric_decrypt_fail( int key_type_arg,
     }
 
 exit:
+    psa_reset_key_attributes( &attributes );
     psa_destroy_key( handle );
     mbedtls_free( output );
     mbedtls_psa_crypto_free( );
@@ -4314,6 +4336,7 @@ void derive_key_exercise( int alg_arg,
 
 exit:
     psa_generator_abort( &generator );
+    psa_reset_key_attributes( &got_attributes );
     psa_destroy_key( base_handle );
     psa_destroy_key( derived_handle );
     mbedtls_psa_crypto_free( );
@@ -4689,6 +4712,7 @@ void generate_key( int type_arg,
         goto exit;
 
 exit:
+    psa_reset_key_attributes( &got_attributes );
     psa_destroy_key( handle );
     mbedtls_psa_crypto_free( );
 }
@@ -4813,6 +4837,7 @@ void persistent_key_load_key_from_storage( data_t *data,
         goto exit;
 
 exit:
+    psa_reset_key_attributes( &attributes );
     mbedtls_free( first_export );
     mbedtls_free( second_export );
     psa_generator_abort( &generator );
diff --git a/tests/suites/test_suite_psa_crypto_persistent_key.function b/tests/suites/test_suite_psa_crypto_persistent_key.function
index e00cc234b..a2f4f779b 100644
--- a/tests/suites/test_suite_psa_crypto_persistent_key.function
+++ b/tests/suites/test_suite_psa_crypto_persistent_key.function
@@ -205,6 +205,7 @@ void persistent_key_import( int key_id_arg, int type_arg, data_t *data,
     TEST_EQUAL( psa_get_key_algorithm( &attributes ), 0 );
 
 exit:
+    psa_reset_key_attributes( &attributes );
     psa_destroy_persistent_key( key_id );
     mbedtls_psa_crypto_free();
 }
@@ -273,6 +274,7 @@ void import_export_persistent_key( data_t *data, int type_arg,
     TEST_EQUAL( psa_is_key_present_in_storage( key_id ), 0 );
 
 exit:
+    psa_reset_key_attributes( &attributes );
     mbedtls_free( exported );
     mbedtls_psa_crypto_free( );
     psa_destroy_persistent_key( key_id );