From c26f8d467aa4800eac2a633ed1d2bbf7f53f5b34 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Tue, 1 Sep 2020 10:51:51 +0200 Subject: [PATCH] Introduce psa_key_handle_is_null inline function Signed-off-by: Ronald Cron --- include/mbedtls/ssl_internal.h | 4 ++-- include/psa/crypto_platform.h | 11 +++++++++++ library/psa_crypto.c | 2 +- library/psa_crypto_slot_management.c | 5 +++-- library/ssl_cli.c | 2 +- library/ssl_srv.c | 6 +++--- library/ssl_tls.c | 17 +++++++++-------- programs/ssl/ssl_server2.c | 4 ++-- tests/suites/test_suite_pk.function | 2 +- tests/suites/test_suite_psa_crypto.function | 2 +- .../suites/test_suite_psa_crypto_init.function | 2 +- ...st_suite_psa_crypto_persistent_key.function | 2 +- ...est_suite_psa_crypto_se_driver_hal.function | 2 +- ...t_suite_psa_crypto_slot_management.function | 18 +++++++++--------- 14 files changed, 46 insertions(+), 33 deletions(-) diff --git a/include/mbedtls/ssl_internal.h b/include/mbedtls/ssl_internal.h index 30be67665..015b53c2b 100644 --- a/include/mbedtls/ssl_internal.h +++ b/include/mbedtls/ssl_internal.h @@ -1064,10 +1064,10 @@ static inline int mbedtls_ssl_get_psk( const mbedtls_ssl_context *ssl, static inline psa_key_handle_t mbedtls_ssl_get_opaque_psk( const mbedtls_ssl_context *ssl ) { - if( ssl->handshake->psk_opaque != 0 ) + if( ! psa_key_handle_is_null( ssl->handshake->psk_opaque ) ) return( ssl->handshake->psk_opaque ); - if( ssl->conf->psk_opaque != 0 ) + if( ! psa_key_handle_is_null( ssl->conf->psk_opaque ) ) return( ssl->conf->psk_opaque ); return( PSA_KEY_HANDLE_INIT ); diff --git a/include/psa/crypto_platform.h b/include/psa/crypto_platform.h index 6ada32477..a27136d5a 100644 --- a/include/psa/crypto_platform.h +++ b/include/psa/crypto_platform.h @@ -53,6 +53,17 @@ typedef uint16_t psa_key_handle_t; #define PSA_KEY_HANDLE_INIT ( (psa_key_handle_t)0 ) +/** Check whether a handle is null. + * + * \param handle Key handle. + * + * \return Non-zero if the key handle is null, zero otherwise. + */ +static inline int psa_key_handle_is_null( psa_key_handle_t handle ) +{ + return( handle == 0 ); +} + #if defined(MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER) /* Building for the PSA Crypto service on a PSA platform, a key owner is a PSA diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 85d9df404..5d9b34e77 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -1300,7 +1300,7 @@ psa_status_t psa_destroy_key( psa_key_handle_t handle ) psa_se_drv_table_entry_t *driver; #endif /* MBEDTLS_PSA_CRYPTO_SE_C */ - if( handle == 0 ) + if( psa_key_handle_is_null( handle ) ) return( PSA_SUCCESS ); status = psa_get_key_slot( handle, &slot ); diff --git a/library/psa_crypto_slot_management.c b/library/psa_crypto_slot_management.c index dacd7f69f..6303473d9 100644 --- a/library/psa_crypto_slot_management.c +++ b/library/psa_crypto_slot_management.c @@ -81,7 +81,8 @@ psa_status_t psa_get_key_slot( psa_key_handle_t handle, /* 0 is not a valid handle under any circumstance. This * implementation provides slots number 1 to N where N is the * number of available slots. */ - if( handle == 0 || handle > ARRAY_LENGTH( global_data.key_slots ) ) + if( psa_key_handle_is_null( handle ) || + ( handle > ARRAY_LENGTH( global_data.key_slots ) ) ) return( PSA_ERROR_INVALID_HANDLE ); slot = &global_data.key_slots[handle - 1]; @@ -261,7 +262,7 @@ psa_status_t psa_close_key( psa_key_handle_t handle ) psa_status_t status; psa_key_slot_t *slot; - if( handle == 0 ) + if( psa_key_handle_is_null( handle ) ) return( PSA_SUCCESS ); status = psa_get_key_slot( handle, &slot ); diff --git a/library/ssl_cli.c b/library/ssl_cli.c index 9494c65da..391e93c6e 100644 --- a/library/ssl_cli.c +++ b/library/ssl_cli.c @@ -63,7 +63,7 @@ static int ssl_conf_has_static_psk( mbedtls_ssl_config const *conf ) return( 1 ); #if defined(MBEDTLS_USE_PSA_CRYPTO) - if( conf->psk_opaque != 0 ) + if( ! psa_key_handle_is_null( conf->psk_opaque ) ) return( 1 ); #endif /* MBEDTLS_USE_PSA_CRYPTO */ diff --git a/library/ssl_srv.c b/library/ssl_srv.c index 070a5915f..03dc2d4bb 100644 --- a/library/ssl_srv.c +++ b/library/ssl_srv.c @@ -157,7 +157,7 @@ static int ssl_conf_has_psk_or_cb( mbedtls_ssl_config const *conf ) return( 1 ); #if defined(MBEDTLS_USE_PSA_CRYPTO) - if( conf->psk_opaque != 0 ) + if( ! psa_key_handle_is_null( conf->psk_opaque ) ) return( 1 ); #endif /* MBEDTLS_USE_PSA_CRYPTO */ @@ -172,13 +172,13 @@ static int ssl_use_opaque_psk( mbedtls_ssl_context const *ssl ) /* If we've used a callback to select the PSK, * the static configuration is irrelevant. */ - if( ssl->handshake->psk_opaque != 0 ) + if( ! psa_key_handle_is_null( ssl->handshake->psk_opaque ) ) return( 1 ); return( 0 ); } - if( ssl->conf->psk_opaque != 0 ) + if( ! psa_key_handle_is_null( ssl->conf->psk_opaque ) ) return( 1 ); return( 0 ); diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 6144851b6..d74e40c34 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -466,7 +466,7 @@ static psa_status_t setup_psa_key_derivation( psa_key_derivation_operation_t* de if( status != PSA_SUCCESS ) return( status ); - if( slot == 0 ) + if( psa_key_handle_is_null( slot ) ) { status = psa_key_derivation_input_bytes( derivation, PSA_KEY_DERIVATION_INPUT_SECRET, @@ -563,7 +563,7 @@ static int tls_prf_generic( mbedtls_md_type_t md_type, return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED ); } - if( master_slot != 0 ) + if( ! psa_key_handle_is_null( master_slot ) ) status = psa_destroy_key( master_slot ); if( status != PSA_SUCCESS ) return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED ); @@ -707,13 +707,13 @@ static int ssl_use_opaque_psk( mbedtls_ssl_context const *ssl ) { /* If we've used a callback to select the PSK, * the static configuration is irrelevant. */ - if( ssl->handshake->psk_opaque != 0 ) + if( ! psa_key_handle_is_null( ssl->handshake->psk_opaque ) ) return( 1 ); return( 0 ); } - if( ssl->conf->psk_opaque != 0 ) + if( ! psa_key_handle_is_null( ssl->conf->psk_opaque ) ) return( 1 ); return( 0 ); @@ -4344,7 +4344,7 @@ static void ssl_conf_remove_psk( mbedtls_ssl_config *conf ) { /* Remove reference to existing PSK, if any. */ #if defined(MBEDTLS_USE_PSA_CRYPTO) - if( conf->psk_opaque != 0 ) + if( ! psa_key_handle_is_null( conf->psk_opaque ) ) { /* The maintenance of the PSK key slot is the * user's responsibility. */ @@ -4432,7 +4432,7 @@ int mbedtls_ssl_conf_psk( mbedtls_ssl_config *conf, static void ssl_remove_psk( mbedtls_ssl_context *ssl ) { #if defined(MBEDTLS_USE_PSA_CRYPTO) - if( ssl->handshake->psk_opaque != 0 ) + if( ! psa_key_handle_is_null( ssl->handshake->psk_opaque ) ) { ssl->handshake->psk_opaque = PSA_KEY_HANDLE_INIT; } @@ -4478,7 +4478,7 @@ int mbedtls_ssl_conf_psk_opaque( mbedtls_ssl_config *conf, ssl_conf_remove_psk( conf ); /* Check and set opaque PSK */ - if( psk_slot == 0 ) + if( psa_key_handle_is_null( psk_slot ) ) return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); conf->psk_opaque = psk_slot; @@ -4494,7 +4494,8 @@ int mbedtls_ssl_conf_psk_opaque( mbedtls_ssl_config *conf, int mbedtls_ssl_set_hs_psk_opaque( mbedtls_ssl_context *ssl, psa_key_handle_t psk_slot ) { - if( psk_slot == 0 || ssl->handshake == NULL ) + if( ( psa_key_handle_is_null( psk_slot ) ) || + ( ssl->handshake == NULL ) ) return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); ssl_remove_psk( ssl ); diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c index c11b0819d..fce2e22c6 100644 --- a/programs/ssl/ssl_server2.c +++ b/programs/ssl/ssl_server2.c @@ -1303,7 +1303,7 @@ int psk_free( psk_entry *head ) psa_status_t status; psa_key_handle_t const slot = head->slot; - if( slot != 0 ) + if( ! psa_key_handle_is_null( slot ) ) { status = psa_destroy_key( slot ); if( status != PSA_SUCCESS ) @@ -1376,7 +1376,7 @@ int psk_callback( void *p_info, mbedtls_ssl_context *ssl, memcmp( name, cur->name, name_len ) == 0 ) { #if defined(MBEDTLS_USE_PSA_CRYPTO) - if( cur->slot != 0 ) + if( ! psa_key_handle_is_null( cur->slot ) ) return( mbedtls_ssl_set_hs_psk_opaque( ssl, cur->slot ) ); else #endif diff --git a/tests/suites/test_suite_pk.function b/tests/suites/test_suite_pk.function index 22bf0e707..5fee0d7e3 100644 --- a/tests/suites/test_suite_pk.function +++ b/tests/suites/test_suite_pk.function @@ -158,7 +158,7 @@ void pk_psa_utils( ) mbedtls_pk_init( &pk ); key = pk_psa_genkey(); - if( key == 0 ) + if( psa_key_handle_is_null( key ) ) goto exit; TEST_ASSERT( mbedtls_pk_setup_opaque( &pk, key ) == 0 ); diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function index 3c4d7c825..fbd7195cc 100644 --- a/tests/suites/test_suite_psa_crypto.function +++ b/tests/suites/test_suite_psa_crypto.function @@ -5761,7 +5761,7 @@ exit: mbedtls_free( second_export ); psa_key_derivation_abort( &operation ); psa_destroy_key( base_key ); - if( handle == 0 ) + if( psa_key_handle_is_null( handle ) ) { /* In case there was a test failure after creating the persistent key * but while it was not open, try to re-open the persistent key diff --git a/tests/suites/test_suite_psa_crypto_init.function b/tests/suites/test_suite_psa_crypto_init.function index fd4ff21fc..c9fdcd180 100644 --- a/tests/suites/test_suite_psa_crypto_init.function +++ b/tests/suites/test_suite_psa_crypto_init.function @@ -197,7 +197,7 @@ void validate_module_init_key_based( int count ) psa_set_key_type( &attributes, PSA_KEY_TYPE_RAW_DATA ); status = psa_import_key( &attributes, data, sizeof( data ), &handle ); TEST_EQUAL( status, PSA_ERROR_BAD_STATE ); - TEST_EQUAL( handle, 0 ); + TEST_ASSERT( psa_key_handle_is_null( handle ) ); } /* END_CASE */ diff --git a/tests/suites/test_suite_psa_crypto_persistent_key.function b/tests/suites/test_suite_psa_crypto_persistent_key.function index a50eac41b..34b88a70b 100644 --- a/tests/suites/test_suite_psa_crypto_persistent_key.function +++ b/tests/suites/test_suite_psa_crypto_persistent_key.function @@ -177,7 +177,7 @@ void persistent_key_destroy( int owner_id_arg, int key_id_arg, int restart, /* Check key slot storage is removed */ TEST_EQUAL( psa_is_key_present_in_storage( key_id ), 0 ); TEST_EQUAL( psa_open_key( key_id, &handle ), PSA_ERROR_DOES_NOT_EXIST ); - TEST_EQUAL( handle, 0 ); + TEST_ASSERT( psa_key_handle_is_null( handle ) ); /* Shutdown and restart */ PSA_DONE(); diff --git a/tests/suites/test_suite_psa_crypto_se_driver_hal.function b/tests/suites/test_suite_psa_crypto_se_driver_hal.function index 68a803e30..a1d542d74 100644 --- a/tests/suites/test_suite_psa_crypto_se_driver_hal.function +++ b/tests/suites/test_suite_psa_crypto_se_driver_hal.function @@ -674,7 +674,7 @@ static int smoke_test_key( psa_key_handle_t handle ) buffer, sizeof( buffer ), &length ) ); SMOKE_ASSERT( psa_copy_key( handle, &attributes, &handle2 ) ); - if( handle2 != 0 ) + if( ! psa_key_handle_is_null( handle2 ) ) PSA_ASSERT( psa_close_key( handle2 ) ); SMOKE_ASSERT( psa_mac_sign_setup( &mac_operation, handle, PSA_ALG_CMAC ) ); diff --git a/tests/suites/test_suite_psa_crypto_slot_management.function b/tests/suites/test_suite_psa_crypto_slot_management.function index bee583562..39491a0b0 100644 --- a/tests/suites/test_suite_psa_crypto_slot_management.function +++ b/tests/suites/test_suite_psa_crypto_slot_management.function @@ -152,7 +152,7 @@ void transient_slot_lifecycle( int usage_arg, int alg_arg, psa_set_key_type( &attributes, type ); PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len, &handle ) ); - TEST_ASSERT( handle != 0 ); + TEST_ASSERT( ! psa_key_handle_is_null( handle ) ); PSA_ASSERT( psa_get_key_attributes( handle, &attributes ) ); TEST_EQUAL( psa_get_key_type( &attributes ), type ); @@ -210,7 +210,7 @@ void persistent_slot_lifecycle( int lifetime_arg, int owner_id_arg, int id_arg, psa_set_key_enrollment_algorithm( &attributes, alg2 ); PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len, &handle ) ); - TEST_ASSERT( handle != 0 ); + TEST_ASSERT( ! psa_key_handle_is_null( handle ) ); #if defined(MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER) TEST_EQUAL( psa_open_key( wrong_owner_id, &invalid_handle ), @@ -342,7 +342,7 @@ void create_existent( int lifetime_arg, int owner_id_arg, int id_arg, psa_set_key_algorithm( &attributes, 0 ); PSA_ASSERT( psa_import_key( &attributes, material1, sizeof( material1 ), &handle1 ) ); - TEST_ASSERT( handle1 != 0 ); + TEST_ASSERT( ! psa_key_handle_is_null( handle1 ) ); if( reopen_policy == CLOSE_BEFORE ) PSA_ASSERT( psa_close_key( handle1 ) ); @@ -351,7 +351,7 @@ void create_existent( int lifetime_arg, int owner_id_arg, int id_arg, TEST_EQUAL( psa_import_key( &attributes, material2, sizeof( material2 ), &handle2 ), PSA_ERROR_ALREADY_EXISTS ); - TEST_EQUAL( handle2, 0 ); + TEST_ASSERT( psa_key_handle_is_null( handle2 ) ); if( reopen_policy == CLOSE_AFTER ) PSA_ASSERT( psa_close_key( handle1 ) ); @@ -394,7 +394,7 @@ void open_fail( int id_arg, PSA_ASSERT( psa_crypto_init( ) ); TEST_EQUAL( psa_open_key( id, &handle ), expected_status ); - TEST_EQUAL( handle, 0 ); + TEST_ASSERT( psa_key_handle_is_null( handle ) ); exit: PSA_DONE( ); @@ -422,7 +422,7 @@ void create_fail( int lifetime_arg, int id_arg, TEST_EQUAL( psa_import_key( &attributes, material, sizeof( material ), &handle ), expected_status ); - TEST_EQUAL( handle, 0 ); + TEST_ASSERT( psa_key_handle_is_null( handle ) ); exit: PSA_DONE( ); @@ -631,7 +631,7 @@ void copy_to_occupied( int source_lifetime_arg, int source_id_arg, TEST_EQUAL( psa_copy_key( source_handle, &attributes, &new_handle ), PSA_ERROR_ALREADY_EXISTS ); - TEST_EQUAL( new_handle , 0 ); + TEST_ASSERT( psa_key_handle_is_null( new_handle ) ); /* Test that the target slot is unaffected. */ PSA_ASSERT( psa_get_key_attributes( target_handle, &attributes2 ) ); @@ -691,7 +691,7 @@ void invalid_handle( int handle_construction, PSA_ASSERT( psa_import_key( &attributes, material, sizeof( material ), &valid_handle ) ); - TEST_ASSERT( valid_handle != 0 ); + TEST_ASSERT( ! psa_key_handle_is_null( valid_handle ) ); /* Construct an invalid handle as specified in the test case data. */ switch( handle_construction ) @@ -766,7 +766,7 @@ void many_transient_handles( int max_handles_arg ) if( status == PSA_ERROR_INSUFFICIENT_MEMORY ) break; PSA_ASSERT( status ); - TEST_ASSERT( handles[i] != 0 ); + TEST_ASSERT( ! psa_key_handle_is_null( handles[i] ) ); for( j = 0; j < i; j++ ) TEST_ASSERT( handles[i] != handles[j] ); }