Remove generic wildcard checks after review feedback

Applied specific wildcard checks instead. Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com> # Conflicts: # library/psa_crypto.c
2025-11-04 04:32:24 -05:00 · 2021-02-18 12:07:20 +01:00 · 2021-02-18 12:07:20 +01:00 · 0348802247
commit 0348802247
parent ee18b1f5a4
1 changed files with 103 additions and 105 deletions
--- a/library/psa_crypto.c
+++ b/library/psa_crypto.c
@ -663,78 +663,78 @@ static psa_algorithm_t psa_key_policy_algorithm_intersection(
    /* Common case: both sides actually specify the same policy. */
    if( alg1 == alg2 )
        return( alg1 );
-    /* Special case: one or both sides contain a wildcard. */
+    /* If the policies are from the same hash-and-sign family, check
-    if( PSA_ALG_IS_WILDCARD( alg1 ) || PSA_ALG_IS_WILDCARD( alg2 ) )
+     * if one is a wildcard. If so the other has the specific algorithm. */
    if( PSA_ALG_IS_HASH_AND_SIGN( alg1 ) &&
        PSA_ALG_IS_HASH_AND_SIGN( alg2 ) &&
        ( alg1 & ~PSA_ALG_HASH_MASK ) == ( alg2 & ~PSA_ALG_HASH_MASK ) )
    {
-        /* If the policies are from the same hash-and-sign family, check
+        if( PSA_ALG_SIGN_GET_HASH( alg1 ) == PSA_ALG_ANY_HASH )
-         * if one is a wildcard. If so the other has the specific algorithm. */
+            return( alg2 );
-        if( PSA_ALG_IS_HASH_AND_SIGN( alg1 ) &&
+        if( PSA_ALG_SIGN_GET_HASH( alg2 ) == PSA_ALG_ANY_HASH )
-            PSA_ALG_IS_HASH_AND_SIGN( alg2 ) &&
+            return( alg1 );
-            ( alg1 & ~PSA_ALG_HASH_MASK ) == ( alg2 & ~PSA_ALG_HASH_MASK ) )
+    }
-        {
+    /* If the policies are from the same AEAD family, check whether
-            if( PSA_ALG_SIGN_GET_HASH( alg1 ) == PSA_ALG_ANY_HASH )
+     * one f them is a minimum-tag-length wildcard. Calculate the most
-                return( alg2 );
+     * restrictive tag length. */
-            if( PSA_ALG_SIGN_GET_HASH( alg2 ) == PSA_ALG_ANY_HASH )
+    if( PSA_ALG_IS_AEAD( alg1 ) && PSA_ALG_IS_AEAD( alg2 ) &&
-                return( alg1 );
+        ( PSA_ALG_AEAD_WITH_SHORTENED_TAG( alg1, 0 ) ==
-        }
+          PSA_ALG_AEAD_WITH_SHORTENED_TAG( alg2, 0 ) ) )
-        /* If the policies are from the same AEAD family, then at least one
+    {
-         * of them is a minimum-tag-length policy. Calculate the most
+        size_t alg1_len = PSA_ALG_AEAD_GET_TAG_LENGTH( alg1 );
-         * restrictive tag length. */
+        size_t alg2_len = PSA_ALG_AEAD_GET_TAG_LENGTH( alg2 );
-        if( PSA_ALG_IS_AEAD( alg1 ) && PSA_ALG_IS_AEAD( alg2 ) &&
+        size_t max_len = alg1_len > alg2_len ? alg1_len : alg2_len;
            ( PSA_ALG_AEAD_WITH_SHORTENED_TAG( alg1, 0 ) ==
              PSA_ALG_AEAD_WITH_SHORTENED_TAG( alg2, 0 ) ) )
        {
            size_t alg1_len = PSA_ALG_AEAD_GET_TAG_LENGTH( alg1 );
            size_t alg2_len = PSA_ALG_AEAD_GET_TAG_LENGTH( alg2 );
            size_t max_len = alg1_len > alg2_len ? alg1_len : alg2_len;
-            /* If both are wildcards, return most restricitve wildcard */
+        /* If both are wildcards, return most restricitve wildcard */
-            if( PSA_ALG_IS_WILDCARD( alg1 ) && PSA_ALG_IS_WILDCARD( alg2 ) )
+        if( ( ( alg1 & PSA_ALG_AEAD_MINIMUM_LENGTH_FLAG ) != 0 ) &&
-            {
+            ( ( alg2 & PSA_ALG_AEAD_MINIMUM_LENGTH_FLAG ) != 0 ) )
                return( PSA_ALG_AEAD_WITH_MINIMUM_LENGTH_TAG( alg1, max_len ) );
            }
            /* If only one is a wildcard, return specific algorithm if compatible. */
            if( PSA_ALG_IS_WILDCARD( alg1 ) && (alg1_len <= alg2_len) )
            {
                return( alg2 );
            }
            if( PSA_ALG_IS_WILDCARD( alg2 ) && (alg2_len <= alg1_len) )
            {
                return( alg1 );
            }
        }
        /* If the policies are from the same MAC family, then at least one
         * of them is a minimum-tag-length policy. Calculate the most
         * restrictive tag length. */
        if( PSA_ALG_IS_MAC( alg1 ) && PSA_ALG_IS_MAC( alg2 ) &&
            ( PSA_ALG_FULL_LENGTH_MAC( alg1 ) ==
              PSA_ALG_FULL_LENGTH_MAC( alg2 ) ) )
        {
-            size_t alg1_len = PSA_MAC_TRUNCATED_LENGTH( alg1 );
+            return( PSA_ALG_AEAD_WITH_MINIMUM_LENGTH_TAG( alg1, max_len ) );
-            size_t alg2_len = PSA_MAC_TRUNCATED_LENGTH( alg2 );
+        }
-            size_t max_len = alg1_len > alg2_len ? alg1_len : alg2_len;
+        /* If only one is a wildcard, return specific algorithm if compatible. */
        if( ( ( alg1 & PSA_ALG_AEAD_MINIMUM_LENGTH_FLAG ) != 0 ) &&
            ( alg1_len <= alg2_len ) )
        {
            return( alg2 );
        }
        if( ( ( alg2 & PSA_ALG_AEAD_MINIMUM_LENGTH_FLAG ) != 0 ) &&
            ( alg2_len <= alg1_len ) )
        {
            return( alg1 );
        }
    }
    /* If the policies are from the same MAC family, check whether one
     * of them is a minimum-MAC-length policy. Calculate the most
     * restrictive tag length. */
    if( PSA_ALG_IS_MAC( alg1 ) && PSA_ALG_IS_MAC( alg2 ) &&
        ( PSA_ALG_FULL_LENGTH_MAC( alg1 ) ==
          PSA_ALG_FULL_LENGTH_MAC( alg2 ) ) )
    {
        size_t alg1_len = PSA_MAC_TRUNCATED_LENGTH( alg1 );
        size_t alg2_len = PSA_MAC_TRUNCATED_LENGTH( alg2 );
        size_t max_len = alg1_len > alg2_len ? alg1_len : alg2_len;
-            /* If both are wildcards, return most restricitve wildcard */
+        /* If both are wildcards, return most restricitve wildcard */
-            if( PSA_ALG_IS_WILDCARD( alg1 ) && PSA_ALG_IS_WILDCARD( alg2 ) )
+        if( ( ( alg1 & PSA_ALG_MAC_MINIMUM_LENGTH_FLAG ) != 0 ) &&
-            {
+            ( ( alg2 & PSA_ALG_MAC_MINIMUM_LENGTH_FLAG ) != 0 ) )
-                return( PSA_ALG_MAC_WITH_MINIMUM_LENGTH_TAG( alg1, max_len ) );
+        {
-            }
+            return( PSA_ALG_MAC_WITH_MINIMUM_LENGTH_TAG( alg1, max_len ) );
-            /* If only one is a wildcard, return specific algorithm if compatible.
+        }
-             * Special case: specific MAC algorithm with '0' as length means full-
+        /* If only one is a wildcard, return specific algorithm if compatible.
-             * length MAC, which is always allowed by a wildcard with the same
+         * Special case: specific MAC algorithm with '0' as length means full-
-             * base algorithm. */
+         * length MAC, which is always allowed by a wildcard with the same
-            if( PSA_ALG_IS_WILDCARD( alg1 ) &&
+         * base algorithm. */
-                ( ( alg1_len <= alg2_len) ||
+        if( ( ( alg1 & PSA_ALG_MAC_MINIMUM_LENGTH_FLAG ) != 0 ) &&
-                  ( alg2 == PSA_ALG_FULL_LENGTH_MAC( alg1 ) ) ) )
+            ( ( alg1_len <= alg2_len ) ||
-            {
+              ( alg2 == PSA_ALG_FULL_LENGTH_MAC( alg1 ) ) ) )
-                return( alg2 );
+        {
-            }
+            return( alg2 );
-            if( PSA_ALG_IS_WILDCARD( alg2 ) &&
+        }
-                ( (alg2_len <= alg1_len) ||
+        if( ( ( alg2 & PSA_ALG_MAC_MINIMUM_LENGTH_FLAG ) != 0 ) &&
-                  ( alg1 == PSA_ALG_FULL_LENGTH_MAC( alg2 ) ) ) )
+            ( ( alg2_len <= alg1_len ) ||
-            {
+              ( alg1 == PSA_ALG_FULL_LENGTH_MAC( alg2 ) ) ) )
-                return( alg1 );
+        {
-            }
+            return( alg1 );
        }
    }
    /* If the policies are incompatible, allow nothing. */
@ -750,45 +750,43 @@ static int psa_key_algorithm_permits( psa_algorithm_t policy_alg,
    /* Common case: the policy only allows requested_alg. */
    if( requested_alg == policy_alg )
        return( 1 );
-    /* Special cases: the policy is an algorithm collection. */
+    /* If policy_alg is a hash-and-sign with a wildcard for the hash,
-    if( PSA_ALG_IS_WILDCARD( policy_alg ) )
+     * and requested_alg is the same hash-and-sign family with any hash,
     * then requested_alg is compliant with policy_alg. */
    if( PSA_ALG_IS_HASH_AND_SIGN( requested_alg ) &&
        PSA_ALG_SIGN_GET_HASH( policy_alg ) == PSA_ALG_ANY_HASH )
    {
-        /* If policy_alg is a hash-and-sign with a wildcard for the hash,
+        return( ( policy_alg & ~PSA_ALG_HASH_MASK ) ==
-         * and requested_alg is the same hash-and-sign family with any hash,
+                ( requested_alg & ~PSA_ALG_HASH_MASK ) );
-         * then requested_alg is compliant with policy_alg. */
+    }
-        if( PSA_ALG_IS_HASH_AND_SIGN( requested_alg ) &&
+    /* If policy_alg is a wildcard AEAD algorithm of the same base as
-            PSA_ALG_SIGN_GET_HASH( policy_alg ) == PSA_ALG_ANY_HASH )
+     * the requested algorithm, check the requested tag length to be
-        {
+     * equal-length or longer than the wildcard-specified length. */
-            return( ( policy_alg & ~PSA_ALG_HASH_MASK ) ==
+    if( PSA_ALG_IS_AEAD( policy_alg ) &&
-                    ( requested_alg & ~PSA_ALG_HASH_MASK ) );
+        PSA_ALG_IS_AEAD( requested_alg ) &&
-        }
+        ( PSA_ALG_AEAD_WITH_SHORTENED_TAG( policy_alg, 0 ) ==
-        /* If policy_alg is a wildcard AEAD algorithm of the same base as
+          PSA_ALG_AEAD_WITH_SHORTENED_TAG( requested_alg, 0 ) ) &&
-         * the requested algorithm, check the requested tag length to be
+        ( ( policy_alg & PSA_ALG_AEAD_MINIMUM_LENGTH_FLAG ) != 0 ) )
-         * equal-length or longer than the wildcard-specified length. */
+    {
-        if( PSA_ALG_IS_AEAD( policy_alg ) &&
+        return( PSA_ALG_AEAD_GET_TAG_LENGTH( policy_alg ) <=
-            PSA_ALG_IS_AEAD( requested_alg ) &&
+                PSA_ALG_AEAD_GET_TAG_LENGTH( requested_alg ) );
-            ( PSA_ALG_AEAD_WITH_SHORTENED_TAG( policy_alg, 0 ) ==
+    }
-              PSA_ALG_AEAD_WITH_SHORTENED_TAG( requested_alg, 0 ) ) )
+    /* If policy_alg is a wildcard MAC algorithm of the same base as
-        {
+     * the requested algorithm, check the requested tag length to be
-            return( PSA_ALG_AEAD_GET_TAG_LENGTH( policy_alg ) <=
+     * equal-length or longer than the wildcard-specified length. */
-                    PSA_ALG_AEAD_GET_TAG_LENGTH( requested_alg ) );
+    if( PSA_ALG_IS_MAC( policy_alg ) &&
-        }
+        PSA_ALG_IS_MAC( requested_alg ) &&
-        /* If policy_alg is a wildcard MAC algorithm of the same base as
+        ( PSA_ALG_FULL_LENGTH_MAC( policy_alg ) ==
-         * the requested algorithm, check the requested tag length to be
+          PSA_ALG_FULL_LENGTH_MAC( requested_alg ) ) &&
-         * equal-length or longer than the wildcard-specified length. */
+        ( ( policy_alg & PSA_ALG_MAC_MINIMUM_LENGTH_FLAG ) != 0 ) )
-        if( PSA_ALG_IS_MAC( policy_alg ) &&
+    {
-            PSA_ALG_IS_MAC( requested_alg ) &&
+        /* Special case: full-length MAC is encoded with 0-length.
-            ( PSA_ALG_FULL_LENGTH_MAC( policy_alg ) ==
+         * A minimum-length policy will always allow a full-length MAC. */
-              PSA_ALG_FULL_LENGTH_MAC( requested_alg ) ) )
+        if( PSA_ALG_FULL_LENGTH_MAC( requested_alg ) == requested_alg )
-        {
+            return( 1 );
            /* Special case: full-length MAC is encoded with 0-length.
             * A minimum-length policy will always allow a full-length MAC. */
            if( PSA_ALG_FULL_LENGTH_MAC( requested_alg ) == requested_alg )
                return( 1 );
-            return( PSA_MAC_TRUNCATED_LENGTH( policy_alg ) <=
+        return( PSA_MAC_TRUNCATED_LENGTH( policy_alg ) <=
-                    PSA_MAC_TRUNCATED_LENGTH( requested_alg ) );
+                PSA_MAC_TRUNCATED_LENGTH( requested_alg ) );
        }
    }
    /* If policy_alg is a generic key agreement operation, then using it for
     * a key derivation with that key agreement should also be allowed. This