commit 4c9fccff5a41b2f35a584eb5fa6c9df6edb03cbc
author Gilles Peskine <Gilles.Peskine@arm.com> Wed Aug 21 21:46:26 2024 +0200
committer Gilles Peskine <Gilles.Peskine@arm.com> Thu Aug 22 10:56:19 2024 +0200
tree 6974e2bfd9ecc40065777bf6e35341563f0ff6e1
parent 0b2bd071f8de72e9ce144d47dab32e8e942adda0

Simplify and explain the overflow check for maximum slice length

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>

tf-psa-crypto/core/psa_crypto_slot_management.c

diff --git a/tf-psa-crypto/core/psa_crypto_slot_management.c b/tf-psa-crypto/core/psa_crypto_slot_management.c
index 216e0c2..9850d8c 100644
--- a/tf-psa-crypto/core/psa_crypto_slot_management.c
+++ b/tf-psa-crypto/core/psa_crypto_slot_management.c
@@ -96,6 +96,18 @@
 #define KEY_SLICE_COUNT (KEY_SLOT_VOLATILE_SLICE_COUNT + 1u)
 #define KEY_SLOT_CACHE_SLICE_INDEX KEY_SLOT_VOLATILE_SLICE_COUNT
 
+
+/* Check that the length of the largest slice (calculated as
+ * KEY_SLICE_LENGTH_MAX below) does not overflow size_t. We use
+ * an indirect method in case the calculation of KEY_SLICE_LENGTH_MAX
+ * itself overflows uintmax_t: if (BASE_LENGTH << c)
+ * overflows size_t then BASE_LENGTH > SIZE_MAX >> c.
+ */
+#if (KEY_SLOT_VOLATILE_SLICE_BASE_LENGTH >              \
+     SIZE_MAX >> (KEY_SLOT_VOLATILE_SLICE_COUNT - 1))
+#error "Maximum slice length overflows size_t"
+#endif
+
 #if KEY_ID_SLICE_INDEX_WIDTH + KEY_ID_SLOT_INDEX_WIDTH > 30
 #error "Not enough room in volatile key IDs for slice index and slot index"
 #endif
@@ -111,11 +123,6 @@
 #error "Slice index does not fit in uint8_t for psa_key_slot_t::slice_index"
 #endif
 
-MBEDTLS_STATIC_ASSERT((KEY_SLOT_VOLATILE_SLICE_BASE_LENGTH
-                       & (SIZE_MAX >> (KEY_SLOT_VOLATILE_SLICE_COUNT - 1)))
-                      == KEY_SLOT_VOLATILE_SLICE_BASE_LENGTH,
-                      "Maximum slice length overflows size_t");
-
 
 /* Calculate the volatile key id to use for a given slot.
  * This function assumes valid parameter values. */