From 1349640a7824b73607896476c32efa6eac7e1eaa Mon Sep 17 00:00:00 2001 From: Karsten Sperling <113487422+ksperling-apple@users.noreply.github.com> Date: Sat, 23 Sep 2023 07:27:56 +1200 Subject: [PATCH] Remove empty state from FixedSpan (#29240) * Remove empty state from FixedSpan Prior to this change, a default-constructed FixedSpan would be in a state with empty() = true but size() > 0, but nevertheless compare as not equal to an empty non-fixed Span. After this change, a FixedSpan always contains a valid sequence of elements of the relevant size. This aligns the behavior with std::span. The IsSpanUsable() function and the empty() method have been removed because they would always return true, and hence invite programmer errors. Since we still rely on default-constructing certain FixedByteSpan types in a number of places, such instances are now initialized to point to an array of zeroes (the arrays for all sizes of span are shared and limited in size to avoid inadvertently blowing out the constant data size in the binary). * Disallow Spans pointing to null if size is not 0 This is validated using VerifyOrDie, but only in code paths that take a raw pointer and size; code paths that take a T[] assume the array is valid and remain unchecked and constexpr. * Deprecate IsSpanUsable(Span) in favor of !empty() * Fix test cases that use invalid ByteSpans * Use ByteSpan() for empty span instead of ByteSpan(nullptr, 0) * Address review comments - Fix buffer size check in ConvertECDSASignatureRawToDER - Add deleted nullptr_t overloads to Span and FixedSpan - Comments around constexpr / VerifyOrDie * Fix #29326 as per review --------- Co-authored-by: Andrei Litvin --- .../commands/pairing/IssueNOCChainCommand.h | 8 +- .../CC13X2_26X2DeviceAttestationCreds.cpp | 4 +- .../CC13X4_26X4DeviceAttestationCreds.cpp | 4 +- .../cc32xx/CC32XXDeviceAttestationCreds.cpp | 4 +- .../DeviceAttestationSe05xCredsExample.cpp | 4 +- .../DeviceAttestationSe05xCredsExample_v2.cpp | 4 +- .../android/java/JNIDACProvider.cpp | 4 +- .../ota-requestor/DefaultOTARequestor.cpp | 2 +- .../resource-monitoring-cluster-objects.h | 2 +- .../credentials/TestHarnessDACProvider.cpp | 4 +- .../ChipDeviceController-IssueNocChain.cpp | 7 +- src/credentials/CHIPCert.cpp | 17 +-- .../TestOnlyLocalCertificateAuthority.h | 5 +- .../DeviceAttestationCredsExample.cpp | 4 +- .../TestDeviceAttestationCredentials.cpp | 2 +- src/crypto/CHIPCryptoPAL.cpp | 4 +- src/crypto/tests/CHIPCryptoPALTest.cpp | 17 +-- src/lib/support/Span.h | 107 ++++++++++++------ src/lib/support/tests/TestSpan.cpp | 19 +--- .../tests/TestThreadOperationalDataset.cpp | 5 +- src/platform/ASR/ASRFactoryDataProvider.cpp | 4 +- src/platform/Ameba/AmebaOTAImageProcessor.cpp | 2 +- src/platform/Ameba/FactoryDataProvider.cpp | 4 +- src/platform/Beken/OTAImageProcessorImpl.cpp | 2 +- .../ESP32/ESP32FactoryDataProvider.cpp | 4 +- .../ESP32/ESP32SecureCertDACProvider.cpp | 4 +- src/platform/ESP32/OTAImageProcessorImpl.cpp | 4 +- src/platform/ESP32/nimble/BLEManagerImpl.cpp | 2 +- .../Infineon/CYW30739/FactoryDataProvider.cpp | 4 +- .../CYW30739/OTAImageProcessorImpl.cpp | 4 +- .../Infineon/PSOC6/OTAImageProcessorImpl.cpp | 2 +- src/platform/Linux/OTAImageProcessorImpl.cpp | 2 +- .../cc13xx_26xx/OTAImageProcessorImpl.cpp | 2 +- src/platform/mbed/OTAImageProcessorImpl.cpp | 2 +- src/platform/mt793x/OTAImageProcessorImpl.cpp | 4 +- .../nxp/k32w/common/OTAImageProcessorImpl.cpp | 2 +- .../k32w/k32w0/FactoryDataProviderImpl.cpp | 4 +- .../nxp/mw320/FactoryDataProvider.cpp | 4 +- .../nxp/mw320/OTAImageProcessorImpl.cpp | 2 +- .../openiotsdk/OTAImageProcessorImpl.cpp | 2 +- src/platform/qpg/FactoryDataProvider.cpp | 4 +- src/platform/qpg/OTAImageProcessorImpl.cpp | 2 +- src/platform/stm32/FactoryDataProvider.cpp | 5 +- src/protocols/secure_channel/PASESession.cpp | 2 +- .../secure_channel/tests/TestPASESession.cpp | 4 +- .../tests/TestAdditionalDataPayload.cpp | 10 +- src/transport/CryptoContext.cpp | 4 +- src/transport/SessionManager.cpp | 4 +- src/transport/tests/TestSecureSession.cpp | 10 +- 49 files changed, 167 insertions(+), 165 deletions(-) diff --git a/examples/chip-tool/commands/pairing/IssueNOCChainCommand.h b/examples/chip-tool/commands/pairing/IssueNOCChainCommand.h index a4de2dadfc0664..8b4c273c3820f8 100644 --- a/examples/chip-tool/commands/pairing/IssueNOCChainCommand.h +++ b/examples/chip-tool/commands/pairing/IssueNOCChainCommand.h @@ -69,10 +69,12 @@ class IssueNOCChainCommand : public CHIPCommand VerifyOrReturn(CHIP_NO_ERROR == err, command->SetCommandExitStatus(err)); ChipLogProgress(chipTool, "RCAC: %s", rcacStr.c_str()); - auto ipkValue = ipk.ValueOr(chip::Crypto::IdentityProtectionKeySpan()); std::string ipkStr; - err = ToBase64(ipkValue, ipkStr); - VerifyOrReturn(CHIP_NO_ERROR == err, command->SetCommandExitStatus(err)); + if (ipk.HasValue()) + { + err = ToBase64(ipk.Value(), ipkStr); + VerifyOrReturn(CHIP_NO_ERROR == err, command->SetCommandExitStatus(err)); + } ChipLogProgress(chipTool, "IPK: %s", ipkStr.c_str()); err = RemoteDataModelLogger::LogIssueNOCChain(nocStr.c_str(), icacStr.c_str(), rcacStr.c_str(), ipkStr.c_str()); diff --git a/examples/platform/cc13x2_26x2/CC13X2_26X2DeviceAttestationCreds.cpp b/examples/platform/cc13x2_26x2/CC13X2_26X2DeviceAttestationCreds.cpp index ddde42c932d590..46db7a1aaa2670 100644 --- a/examples/platform/cc13x2_26x2/CC13X2_26X2DeviceAttestationCreds.cpp +++ b/examples/platform/cc13x2_26x2/CC13X2_26X2DeviceAttestationCreds.cpp @@ -236,8 +236,8 @@ CHIP_ERROR DeviceAttestationCredsCC13X2_26X2::SignWithDeviceAttestationKey(const Crypto::P256ECDSASignature signature; Crypto::P256Keypair keypair; - VerifyOrReturnError(IsSpanUsable(out_buffer), CHIP_ERROR_INVALID_ARGUMENT); - VerifyOrReturnError(IsSpanUsable(message_to_sign), CHIP_ERROR_INVALID_ARGUMENT); + VerifyOrReturnError(!out_buffer.empty(), CHIP_ERROR_INVALID_ARGUMENT); + VerifyOrReturnError(!message_to_sign.empty(), CHIP_ERROR_INVALID_ARGUMENT); VerifyOrReturnError(out_buffer.size() >= signature.Capacity(), CHIP_ERROR_BUFFER_TOO_SMALL); // In a non-exemplary implementation, the public key is not needed here. It is used here merely because diff --git a/examples/platform/cc13x4_26x4/CC13X4_26X4DeviceAttestationCreds.cpp b/examples/platform/cc13x4_26x4/CC13X4_26X4DeviceAttestationCreds.cpp index e07e8c01c88c96..2bbc7cb1829ab2 100644 --- a/examples/platform/cc13x4_26x4/CC13X4_26X4DeviceAttestationCreds.cpp +++ b/examples/platform/cc13x4_26x4/CC13X4_26X4DeviceAttestationCreds.cpp @@ -237,8 +237,8 @@ CHIP_ERROR DeviceAttestationCredsCC13X4_26X4::SignWithDeviceAttestationKey(const Crypto::P256ECDSASignature signature; Crypto::P256Keypair keypair; - VerifyOrReturnError(IsSpanUsable(out_buffer), CHIP_ERROR_INVALID_ARGUMENT); - VerifyOrReturnError(IsSpanUsable(message_to_sign), CHIP_ERROR_INVALID_ARGUMENT); + VerifyOrReturnError(!out_buffer.empty(), CHIP_ERROR_INVALID_ARGUMENT); + VerifyOrReturnError(!message_to_sign.empty(), CHIP_ERROR_INVALID_ARGUMENT); VerifyOrReturnError(out_buffer.size() >= signature.Capacity(), CHIP_ERROR_BUFFER_TOO_SMALL); // In a non-exemplary implementation, the public key is not needed here. It is used here merely because diff --git a/examples/platform/cc32xx/CC32XXDeviceAttestationCreds.cpp b/examples/platform/cc32xx/CC32XXDeviceAttestationCreds.cpp index ce0494a0e7b4c7..ed94df6300db7a 100644 --- a/examples/platform/cc32xx/CC32XXDeviceAttestationCreds.cpp +++ b/examples/platform/cc32xx/CC32XXDeviceAttestationCreds.cpp @@ -370,8 +370,8 @@ CHIP_ERROR DeviceAttestationCredsCC32XX::SignWithDeviceAttestationKey(const Byte Crypto::P256ECDSASignature signature; Crypto::P256Keypair keypair; - VerifyOrReturnError(IsSpanUsable(out_buffer), CHIP_ERROR_INVALID_ARGUMENT); - VerifyOrReturnError(IsSpanUsable(message_to_sign), CHIP_ERROR_INVALID_ARGUMENT); + VerifyOrReturnError(!out_buffer.empty(), CHIP_ERROR_INVALID_ARGUMENT); + VerifyOrReturnError(!message_to_sign.empty(), CHIP_ERROR_INVALID_ARGUMENT); VerifyOrReturnError(out_buffer.size() >= signature.Capacity(), CHIP_ERROR_BUFFER_TOO_SMALL); // In a non-exemplary implementation, the public key is not needed here. It is used here merely because diff --git a/examples/platform/nxp/se05x/DeviceAttestationSe05xCredsExample.cpp b/examples/platform/nxp/se05x/DeviceAttestationSe05xCredsExample.cpp index c4231df0b129ea..ce1f97f5e4648a 100644 --- a/examples/platform/nxp/se05x/DeviceAttestationSe05xCredsExample.cpp +++ b/examples/platform/nxp/se05x/DeviceAttestationSe05xCredsExample.cpp @@ -134,8 +134,8 @@ CHIP_ERROR ExampleSe05xDACProvider::SignWithDeviceAttestationKey(const ByteSpan ChipLogDetail(Crypto, "Sign using DA key from se05x"); - VerifyOrReturnError(IsSpanUsable(out_signature_buffer), CHIP_ERROR_INVALID_ARGUMENT); - VerifyOrReturnError(IsSpanUsable(message_to_sign), CHIP_ERROR_INVALID_ARGUMENT); + VerifyOrReturnError(!out_signature_buffer.empty(), CHIP_ERROR_INVALID_ARGUMENT); + VerifyOrReturnError(!message_to_sign.empty(), CHIP_ERROR_INVALID_ARGUMENT); VerifyOrReturnError(out_signature_buffer.size() >= signature.Capacity(), CHIP_ERROR_BUFFER_TOO_SMALL); // Add public key + reference private key (ref to key inside SE) diff --git a/examples/platform/nxp/se05x/DeviceAttestationSe05xCredsExample_v2.cpp b/examples/platform/nxp/se05x/DeviceAttestationSe05xCredsExample_v2.cpp index 5592a49d17b872..0c2888aafdc39b 100644 --- a/examples/platform/nxp/se05x/DeviceAttestationSe05xCredsExample_v2.cpp +++ b/examples/platform/nxp/se05x/DeviceAttestationSe05xCredsExample_v2.cpp @@ -173,8 +173,8 @@ CHIP_ERROR ExampleSe05xDACProviderv2::SignWithDeviceAttestationKey(const ByteSpa CHIP_ERROR err = CHIP_NO_ERROR; uint8_t signature_se05x[Crypto::kMax_ECDSA_Signature_Length_Der] = { 0 }; size_t signature_se05x_len = sizeof(signature_se05x); - VerifyOrReturnError(IsSpanUsable(out_signature_buffer), CHIP_ERROR_INVALID_ARGUMENT); - VerifyOrReturnError(IsSpanUsable(message_to_sign), CHIP_ERROR_INVALID_ARGUMENT); + VerifyOrReturnError(!out_signature_buffer.empty(), CHIP_ERROR_INVALID_ARGUMENT); + VerifyOrReturnError(!message_to_sign.empty(), CHIP_ERROR_INVALID_ARGUMENT); ChipLogDetail(Crypto, "Sign using DA key from se05x (Using internal sign)"); diff --git a/examples/virtual-device-app/android/java/JNIDACProvider.cpp b/examples/virtual-device-app/android/java/JNIDACProvider.cpp index 2b3f72e8c7e85b..3bc5ab0a9c23d1 100644 --- a/examples/virtual-device-app/android/java/JNIDACProvider.cpp +++ b/examples/virtual-device-app/android/java/JNIDACProvider.cpp @@ -151,8 +151,8 @@ CHIP_ERROR JNIDACProvider::SignWithDeviceAttestationKey(const ByteSpan & digest_ Crypto::P256ECDSASignature signature; Crypto::P256Keypair keypair; - VerifyOrReturnError(IsSpanUsable(out_signature_buffer), CHIP_ERROR_INVALID_ARGUMENT); - VerifyOrReturnError(IsSpanUsable(digest_to_sign), CHIP_ERROR_INVALID_ARGUMENT); + VerifyOrReturnError(!out_signature_buffer.empty(), CHIP_ERROR_INVALID_ARGUMENT); + VerifyOrReturnError(!digest_to_sign.empty(), CHIP_ERROR_INVALID_ARGUMENT); VerifyOrReturnError(out_signature_buffer.size() >= signature.Capacity(), CHIP_ERROR_BUFFER_TOO_SMALL); uint8_t privateKeyBuf[Crypto::kP256_PrivateKey_Length]; diff --git a/src/app/clusters/ota-requestor/DefaultOTARequestor.cpp b/src/app/clusters/ota-requestor/DefaultOTARequestor.cpp index 1bf1588ee9d091..fa56ab0fd571a9 100644 --- a/src/app/clusters/ota-requestor/DefaultOTARequestor.cpp +++ b/src/app/clusters/ota-requestor/DefaultOTARequestor.cpp @@ -778,7 +778,7 @@ CHIP_ERROR DefaultOTARequestor::ExtractUpdateDescription(const QueryImageRespons VerifyOrReturnError(response.imageURI.HasValue(), CHIP_ERROR_INVALID_ARGUMENT); ReturnErrorOnFailure(bdx::ParseURI(response.imageURI.Value(), nodeId, fileDesignator)); - VerifyOrReturnError(IsSpanUsable(fileDesignator), CHIP_ERROR_INVALID_ARGUMENT); + VerifyOrReturnError(!fileDesignator.empty(), CHIP_ERROR_INVALID_ARGUMENT); update.nodeId = nodeId; update.fileDesignator = fileDesignator; diff --git a/src/app/clusters/resource-monitoring-server/resource-monitoring-cluster-objects.h b/src/app/clusters/resource-monitoring-server/resource-monitoring-cluster-objects.h index 03598ceb7eafc5..70e189bc028825 100644 --- a/src/app/clusters/resource-monitoring-server/resource-monitoring-cluster-objects.h +++ b/src/app/clusters/resource-monitoring-server/resource-monitoring-cluster-objects.h @@ -127,7 +127,7 @@ struct ReplacementProductStruct : private HepaFilterMonitoring::Structs::Replace */ CHIP_ERROR SetProductIdentifierValue(chip::CharSpan aProductIdentifierValue) { - VerifyOrReturnError(IsSpanUsable(aProductIdentifierValue), CHIP_ERROR_INVALID_ARGUMENT); + VerifyOrReturnError(!aProductIdentifierValue.empty(), CHIP_ERROR_INVALID_ARGUMENT); VerifyOrReturnError(aProductIdentifierValue.size() <= sizeof(productIdentifierValueBuffer), CHIP_ERROR_INVALID_ARGUMENT); memcpy(productIdentifierValueBuffer, aProductIdentifierValue.data(), aProductIdentifierValue.size()); diff --git a/src/app/tests/suites/credentials/TestHarnessDACProvider.cpp b/src/app/tests/suites/credentials/TestHarnessDACProvider.cpp index dd53e81178bb49..18819fa93241f5 100644 --- a/src/app/tests/suites/credentials/TestHarnessDACProvider.cpp +++ b/src/app/tests/suites/credentials/TestHarnessDACProvider.cpp @@ -315,8 +315,8 @@ CHIP_ERROR TestHarnessDACProvider::SignWithDeviceAttestationKey(const ByteSpan & Crypto::P256ECDSASignature signature; Crypto::P256Keypair keypair; - VerifyOrReturnError(IsSpanUsable(out_signature_buffer), CHIP_ERROR_INVALID_ARGUMENT); - VerifyOrReturnError(IsSpanUsable(message_to_sign), CHIP_ERROR_INVALID_ARGUMENT); + VerifyOrReturnError(!out_signature_buffer.empty(), CHIP_ERROR_INVALID_ARGUMENT); + VerifyOrReturnError(!message_to_sign.empty(), CHIP_ERROR_INVALID_ARGUMENT); VerifyOrReturnError(out_signature_buffer.size() >= signature.Capacity(), CHIP_ERROR_BUFFER_TOO_SMALL); // In a non-exemplary implementation, the public key is not needed here. It is used here merely because diff --git a/src/controller/python/ChipDeviceController-IssueNocChain.cpp b/src/controller/python/ChipDeviceController-IssueNocChain.cpp index 9b450ce2bccb84..b97ef8569d50a3 100644 --- a/src/controller/python/ChipDeviceController-IssueNocChain.cpp +++ b/src/controller/python/ChipDeviceController-IssueNocChain.cpp @@ -65,9 +65,6 @@ void pychip_DeviceController_IssueNOCChainCallback(void * context, CHIP_ERROR st MutableByteSpan chipIcacSpan; MutableByteSpan chipRcacSpan; - Crypto::IdentityProtectionKeySpan ipkData; - ipkData = ipk.ValueOr(Crypto::IdentityProtectionKeySpan()); - CHIP_ERROR err = status; if (err != CHIP_NO_ERROR) { @@ -91,8 +88,8 @@ void pychip_DeviceController_IssueNOCChainCallback(void * context, CHIP_ERROR st { pychip_DeviceController_IssueNOCChainCallbackPythonCallbackFunct( context, ToPyChipError(err), chipNocSpan.data(), chipNocSpan.size(), chipIcacSpan.data(), chipIcacSpan.size(), - chipRcacSpan.data(), chipRcacSpan.size(), ipkData.data(), ipk.HasValue() ? ipkData.size() : 0, - adminSubject.ValueOr(kUndefinedNodeId)); + chipRcacSpan.data(), chipRcacSpan.size(), ipk.HasValue() ? ipk.Value().data() : nullptr, + ipk.HasValue() ? ipk.Value().size() : 0, adminSubject.ValueOr(kUndefinedNodeId)); } else { diff --git a/src/credentials/CHIPCert.cpp b/src/credentials/CHIPCert.cpp index 927030b11ff929..32b66c45e8e9e6 100644 --- a/src/credentials/CHIPCert.cpp +++ b/src/credentials/CHIPCert.cpp @@ -485,23 +485,17 @@ CHIP_ERROR ChipCertificateSet::FindValidCert(const ChipDN & subjectDN, const Cer // Default error if we don't find any matching cert. err = (depth > 0) ? CHIP_ERROR_CA_CERT_NOT_FOUND : CHIP_ERROR_CERT_NOT_FOUND; - // Fail immediately if neither of the input criteria are specified. - if (subjectDN.IsEmpty() && subjectKeyId.empty()) - { - ExitNow(); - } - // For each cert in the set... for (uint8_t i = 0; i < mCertCount; i++) { ChipCertificateData * candidateCert = &mCerts[i]; // Skip the certificate if its subject DN and key id do not match the input criteria. - if (!subjectDN.IsEmpty() && !candidateCert->mSubjectDN.IsEqual(subjectDN)) + if (!candidateCert->mSubjectDN.IsEqual(subjectDN)) { continue; } - if (!subjectKeyId.empty() && !candidateCert->mSubjectKeyId.data_equal(subjectKeyId)) + if (!candidateCert->mSubjectKeyId.data_equal(subjectKeyId)) { continue; } @@ -1205,12 +1199,11 @@ CHIP_ERROR ConvertIntegerDERToRaw(ByteSpan derInt, uint8_t * rawInt, const uint1 CHIP_ERROR ConvertECDSASignatureRawToDER(P256ECDSASignatureSpan rawSig, MutableByteSpan & derSig) { - ASN1Writer writer; + VerifyOrReturnError(derSig.size() >= kMax_ECDSA_Signature_Length_Der, CHIP_ERROR_BUFFER_TOO_SMALL); + ASN1Writer writer; writer.Init(derSig); - ReturnErrorOnFailure(ConvertECDSASignatureRawToDER(rawSig, writer)); - derSig.reduce_size(writer.GetLengthWritten()); return CHIP_NO_ERROR; @@ -1221,8 +1214,6 @@ CHIP_ERROR ConvertECDSASignatureRawToDER(P256ECDSASignatureSpan rawSig, ASN1Writ CHIP_ERROR err = CHIP_NO_ERROR; uint8_t derInt[kP256_FE_Length + kEmitDerIntegerWithoutTagOverhead]; - VerifyOrReturnError(!rawSig.empty(), CHIP_ERROR_INVALID_ARGUMENT); - // Ecdsa-Sig-Value ::= SEQUENCE ASN1_START_SEQUENCE { diff --git a/src/credentials/TestOnlyLocalCertificateAuthority.h b/src/credentials/TestOnlyLocalCertificateAuthority.h index 6444d5676556dc..7ef7837dd24146 100644 --- a/src/credentials/TestOnlyLocalCertificateAuthority.h +++ b/src/credentials/TestOnlyLocalCertificateAuthority.h @@ -101,10 +101,7 @@ class TestOnlyLocalCertificateAuthority bool IsSuccess() { return mCurrentStatus == CHIP_NO_ERROR; } ByteSpan GetNoc() const { return ByteSpan{ mLastNoc.Get(), mLastNoc.AllocatedSize() }; } - ByteSpan GetIcac() const - { - return mIncludeIcac ? ByteSpan{ mLastIcac.Get(), mLastIcac.AllocatedSize() } : ByteSpan{ nullptr, 0 }; - } + ByteSpan GetIcac() const { return mIncludeIcac ? ByteSpan{ mLastIcac.Get(), mLastIcac.AllocatedSize() } : ByteSpan{}; } ByteSpan GetRcac() const { return ByteSpan{ mLastRcac.Get(), mLastRcac.AllocatedSize() }; } TestOnlyLocalCertificateAuthority & GenerateNocChain(FabricId fabricId, NodeId nodeId, diff --git a/src/credentials/examples/DeviceAttestationCredsExample.cpp b/src/credentials/examples/DeviceAttestationCredsExample.cpp index a487dcef1926f9..47d93f5385345d 100644 --- a/src/credentials/examples/DeviceAttestationCredsExample.cpp +++ b/src/credentials/examples/DeviceAttestationCredsExample.cpp @@ -190,8 +190,8 @@ CHIP_ERROR ExampleDACProvider::SignWithDeviceAttestationKey(const ByteSpan & mes Crypto::P256ECDSASignature signature; Crypto::P256Keypair keypair; - VerifyOrReturnError(IsSpanUsable(out_signature_buffer), CHIP_ERROR_INVALID_ARGUMENT); - VerifyOrReturnError(IsSpanUsable(message_to_sign), CHIP_ERROR_INVALID_ARGUMENT); + VerifyOrReturnError(!out_signature_buffer.empty(), CHIP_ERROR_INVALID_ARGUMENT); + VerifyOrReturnError(!message_to_sign.empty(), CHIP_ERROR_INVALID_ARGUMENT); VerifyOrReturnError(out_signature_buffer.size() >= signature.Capacity(), CHIP_ERROR_BUFFER_TOO_SMALL); // In a non-exemplary implementation, the public key is not needed here. It is used here merely because diff --git a/src/credentials/tests/TestDeviceAttestationCredentials.cpp b/src/credentials/tests/TestDeviceAttestationCredentials.cpp index 28549eb9b55d31..7ad7d6cd30ad9e 100644 --- a/src/credentials/tests/TestDeviceAttestationCredentials.cpp +++ b/src/credentials/tests/TestDeviceAttestationCredentials.cpp @@ -358,7 +358,7 @@ static void TestAttestationTrustStore(nlTestSuite * inSuite, void * inContext) ByteSpan kPaaFFF1BadSkidSpan1{ TestCerts::sTestCert_PAA_FFF1_Cert.data(), TestCerts::sTestCert_PAA_FFF1_Cert.size() - 1 }; // SKID to trigger CHIP_ERROR_INVALID_ARGUMENT - ByteSpan kPaaFFF1BadSkidSpan2{ nullptr, TestCerts::sTestCert_PAA_FFF1_Cert.size() }; + ByteSpan kPaaFFF1BadSkidSpan2; // SKID to trigger CHIP_ERROR_CA_CERT_NOT_FOUND uint8_t kPaaGoodSkidNotPresent[] = { 0x6A, 0xFD, 0x22, 0x77, 0x1F, 0x51, 0x71, 0x1F, 0xEC, 0xBF, diff --git a/src/crypto/CHIPCryptoPAL.cpp b/src/crypto/CHIPCryptoPAL.cpp index f8a611875a5667..1154d25a6b5d2a 100644 --- a/src/crypto/CHIPCryptoPAL.cpp +++ b/src/crypto/CHIPCryptoPAL.cpp @@ -94,7 +94,7 @@ CHIP_ERROR ReadDerUnsignedIntegerIntoRaw(Reader & reader, MutableByteSpan raw_in CHIP_ERROR ConvertIntegerRawToDerInternal(const ByteSpan & raw_integer, MutableByteSpan & out_der_integer, bool include_tag_and_length) { - if (!IsSpanUsable(raw_integer) || !IsSpanUsable(out_der_integer)) + if (raw_integer.empty() || out_der_integer.empty()) { return CHIP_ERROR_INVALID_ARGUMENT; } @@ -906,7 +906,7 @@ CHIP_ERROR DeriveGroupPrivacyKey(const ByteSpan & encryption_key, MutableByteSpa VerifyOrReturnError(Crypto::CHIP_CRYPTO_SYMMETRIC_KEY_LENGTH_BYTES == encryption_key.size(), CHIP_ERROR_INVALID_ARGUMENT); VerifyOrReturnError(Crypto::CHIP_CRYPTO_SYMMETRIC_KEY_LENGTH_BYTES <= out_key.size(), CHIP_ERROR_INVALID_ARGUMENT); - const ByteSpan null_span = ByteSpan(nullptr, 0); + constexpr ByteSpan null_span = ByteSpan(); Crypto::HKDF_sha crypto; return crypto.HKDF_SHA256(encryption_key.data(), encryption_key.size(), null_span.data(), null_span.size(), kGroupPrivacyInfo, diff --git a/src/crypto/tests/CHIPCryptoPALTest.cpp b/src/crypto/tests/CHIPCryptoPALTest.cpp index 4c4b37d39bddf7..a295e92afc8a28 100644 --- a/src/crypto/tests/CHIPCryptoPALTest.cpp +++ b/src/crypto/tests/CHIPCryptoPALTest.cpp @@ -574,14 +574,11 @@ static void TestRawIntegerToDerInvalidCases(nlTestSuite * inSuite, void * inCont HeapChecker heapChecker(inSuite); // Cover case of invalid buffers uint8_t placeholder[10] = { 0 }; - MutableByteSpan good_out_buffer(placeholder, sizeof(placeholder)); - ByteSpan good_buffer(placeholder, sizeof(placeholder)); + MutableByteSpan good_out_buffer(placeholder); + ByteSpan good_buffer(placeholder); - MutableByteSpan bad_out_buffer_nullptr(nullptr, sizeof(placeholder)); - MutableByteSpan bad_out_buffer_empty(placeholder, 0); - - ByteSpan bad_buffer_nullptr(nullptr, sizeof(placeholder)); - ByteSpan bad_buffer_empty(placeholder, 0); + MutableByteSpan bad_out_buffer_empty; + ByteSpan bad_buffer_empty; struct ErrorCase { @@ -591,9 +588,7 @@ static void TestRawIntegerToDerInvalidCases(nlTestSuite * inSuite, void * inCont }; const ErrorCase error_cases[] = { - { .input = good_buffer, .output = bad_out_buffer_nullptr, .expected_status = CHIP_ERROR_INVALID_ARGUMENT }, { .input = good_buffer, .output = bad_out_buffer_empty, .expected_status = CHIP_ERROR_INVALID_ARGUMENT }, - { .input = bad_buffer_nullptr, .output = good_out_buffer, .expected_status = CHIP_ERROR_INVALID_ARGUMENT }, { .input = bad_buffer_empty, .output = good_out_buffer, .expected_status = CHIP_ERROR_INVALID_ARGUMENT } }; @@ -681,7 +676,6 @@ static void TestReadDerLengthInvalidCases(nlTestSuite * inSuite, void * inContex { uint8_t placeholder[1]; - ByteSpan bad_buffer_nullptr(nullptr, sizeof(placeholder)); ByteSpan bad_buffer_empty(placeholder, 0); const uint8_t zero_multi_byte_length[] = { 0x80 }; @@ -716,7 +710,6 @@ static void TestReadDerLengthInvalidCases(nlTestSuite * inSuite, void * inContex }; const ErrorCase error_cases[] = { - { .input_buf = bad_buffer_nullptr, .expected_status = CHIP_ERROR_BUFFER_TOO_SMALL }, { .input_buf = bad_buffer_empty, .expected_status = CHIP_ERROR_BUFFER_TOO_SMALL }, { .input_buf = zero_multi_byte_length_buf, .expected_status = CHIP_ERROR_INVALID_ARGUMENT }, { .input_buf = single_byte_length_zero_buf, .expected_status = CHIP_ERROR_INVALID_ARGUMENT }, @@ -2622,7 +2615,7 @@ static void TestVIDPID_StringExtraction(nlTestSuite * inSuite, void * inContext) { DNAttrType::kCommonName, ByteSpan(reinterpret_cast(sTestCNAttribute16), strlen(sTestCNAttribute16)), true, true, chip::VendorId::TestVendor1, 0xFE67, CHIP_NO_ERROR }, // Other input combinations: { DNAttrType::kUnspecified, ByteSpan(reinterpret_cast(sTestCNAttribute15), strlen(sTestCNAttribute15)), false, false, chip::VendorId::NotSpecified, 0, CHIP_NO_ERROR }, - { DNAttrType::kCommonName, ByteSpan(nullptr, 0), false, false, chip::VendorId::NotSpecified, 0, CHIP_ERROR_INVALID_ARGUMENT }, + { DNAttrType::kCommonName, ByteSpan(), false, false, chip::VendorId::NotSpecified, 0, CHIP_ERROR_INVALID_ARGUMENT }, }; // clang-format on diff --git a/src/lib/support/Span.h b/src/lib/support/Span.h index 61c375b85041f3..cc6c082f4d69bb 100644 --- a/src/lib/support/Span.h +++ b/src/lib/support/Span.h @@ -42,9 +42,22 @@ class Span using reference = T &; constexpr Span() : mDataBuf(nullptr), mDataLen(0) {} - constexpr Span(pointer databuf, size_t datalen) : mDataBuf(databuf), mDataLen(datalen) {} + + // Note: VerifyOrDie cannot be used inside a constexpr function, because it uses + // "static" on some platforms (e.g. when CHIP_PW_TOKENIZER_LOGGING is true) + // and that's not allowed in constexpr functions. + + Span(pointer databuf, size_t datalen) : mDataBuf(databuf), mDataLen(datalen) + { + VerifyOrDie(databuf != nullptr || datalen == 0); // not constexpr on some platforms + } + + // A Span can only point to null if it is empty (size == 0). The default constructor + // should be used to construct empty Spans. All other cases involving null are invalid. + Span(std::nullptr_t null, size_t size) = delete; + template ::value>> - constexpr explicit Span(U (&databuf)[N]) : Span(databuf, N) + constexpr explicit Span(U (&databuf)[N]) : mDataBuf(databuf), mDataLen(N) {} template ::value>> @@ -83,12 +96,9 @@ class Span constexpr pointer end() const { return data() + size(); } // Element accessors, matching the std::span API. - // VerifyOrDie cannot be used inside a constexpr function, because it uses - // "static" on some platforms (e.g. when CHIP_PW_TOKENIZER_LOGGING is true) - // and that's not allowed in constexpr functions. reference operator[](size_t index) const { - VerifyOrDie(index < size()); + VerifyOrDie(index < size()); // not constexpr on some platforms return data()[index]; } reference front() const { return (*this)[0]; } @@ -157,6 +167,42 @@ class Span size_t mDataLen; }; +namespace detail { + +// To make FixedSpan (specifically various FixedByteSpan types) default constructible +// without creating a weird "empty() == true but size() != 0" state, we need an +// appropriate sized array of zeroes. With a naive definition like +// template constexpr T kZero[N] {}; +// we would end up with separate zero arrays for each size, and might also accidentally +// increase the read-only data size of the binary by a large amount. Instead, we define +// a per-type limit for the zero array, FixedSpan won't be default constructible for +// T / N combinations that exceed the limit. The default limit is 0. +template +struct zero_limit : std::integral_constant +{ +}; + +// FixedByteSpan types up to N=65 currently need to be default-constructible. +template <> +struct zero_limit : std::integral_constant +{ +}; + +template +inline constexpr T kZeroes[zero_limit::value]{}; + +template +constexpr T const * shared_zeroes() +{ + static_assert(N <= zero_limit::type>::value, "N exceeds zero_limit"); + return kZeroes::type>; +} + +} // namespace detail + +/** + * Similar to a Span but with a fixed size. + */ template class FixedSpan { @@ -164,7 +210,8 @@ class FixedSpan using pointer = T *; using reference = T &; - constexpr FixedSpan() : mDataBuf(nullptr) {} + // Creates a FixedSpan pointing to a sequence of zeroes. + constexpr FixedSpan() : mDataBuf(detail::shared_zeroes()) {} // We want to allow construction from things that look like T*, but we want // to make construction from an array use the constructor that asserts the @@ -179,8 +226,14 @@ class FixedSpan template ::value && sizeof(std::remove_pointer_t) == sizeof(T) && std::is_convertible::value>> - constexpr explicit FixedSpan(U databuf) : mDataBuf(databuf) - {} + explicit FixedSpan(U databuf) : mDataBuf(databuf) + { + VerifyOrDie(databuf != nullptr || N == 0); // not constexpr on some platforms + } + + // FixedSpan does not support an empty / null state. + FixedSpan(std::nullptr_t null) = delete; + template ::value>> constexpr explicit FixedSpan(U (&databuf)[M]) : mDataBuf(databuf) { @@ -200,18 +253,19 @@ class FixedSpan } constexpr pointer data() const { return mDataBuf; } - constexpr size_t size() const { return N; } - constexpr bool empty() const { return data() == nullptr; } constexpr pointer begin() const { return mDataBuf; } constexpr pointer end() const { return mDataBuf + N; } + // The size of a FixedSpan is always N. There is intentially no empty() method. + static constexpr size_t size() { return N; } + // Element accessors, matching the std::span API. // VerifyOrDie cannot be used inside a constexpr function, because it uses // "static" on some platforms (e.g. when CHIP_PW_TOKENIZER_LOGGING is true) // and that's not allowed in constexpr functions. reference operator[](size_t index) const { - VerifyOrDie(index < size()); + VerifyOrDie(index < N); return data()[index]; } reference front() const { return (*this)[0]; } @@ -221,14 +275,13 @@ class FixedSpan template , std::remove_const_t>::value>> bool data_equal(const FixedSpan & other) const { - return (empty() && other.empty()) || - (!empty() && !other.empty() && (memcmp(data(), other.data(), size() * sizeof(T)) == 0)); + return (memcmp(data(), other.data(), N * sizeof(T)) == 0); } template , std::remove_const_t>::value>> bool data_equal(const Span & other) const { - return (size() == other.size() && (empty() || (memcmp(data(), other.data(), size() * sizeof(T)) == 0))); + return (N == other.size() && memcmp(data(), other.data(), N * sizeof(T)) == 0); } // operator== explicitly not implemented on FixedSpan, because its meaning @@ -245,36 +298,26 @@ class FixedSpan template template -constexpr Span::Span(const FixedSpan & other) : Span(other.data(), other.size()) +constexpr Span::Span(const FixedSpan & other) : mDataBuf(other.data()), mDataLen(other.size()) {} template template inline bool Span::data_equal(const FixedSpan & other) const { - return (size() == other.size()) && (empty() || (memcmp(data(), other.data(), size() * sizeof(T)) == 0)); + return other.data_equal(*this); } -/** - * @brief Returns true if the `span` could be used to access some data, - * false otherwise. - * @param[in] span The Span to validate. - */ template -inline bool IsSpanUsable(const Span & span) +[[deprecated("Use !empty()")]] inline bool IsSpanUsable(const Span & span) { - return (span.data() != nullptr) && (span.size() > 0); + return !span.empty(); } -/** - * @brief Returns true if the `span` could be used to access some data, - * false otherwise. - * @param[in] span The FixedSpan to validate. - */ template -inline bool IsSpanUsable(const FixedSpan & span) +[[deprecated("FixedSpan is always usable / non-empty if N > 0")]] inline bool IsSpanUsable(const FixedSpan & span) { - return (span.data() != nullptr); + return N > 0; } using ByteSpan = Span; @@ -287,7 +330,6 @@ using MutableCharSpan = Span; inline CHIP_ERROR CopySpanToMutableSpan(ByteSpan span_to_copy, MutableByteSpan & out_buf) { - VerifyOrReturnError(IsSpanUsable(span_to_copy), CHIP_ERROR_INVALID_ARGUMENT); VerifyOrReturnError(out_buf.size() >= span_to_copy.size(), CHIP_ERROR_BUFFER_TOO_SMALL); memcpy(out_buf.data(), span_to_copy.data(), span_to_copy.size()); @@ -298,7 +340,6 @@ inline CHIP_ERROR CopySpanToMutableSpan(ByteSpan span_to_copy, MutableByteSpan & inline CHIP_ERROR CopyCharSpanToMutableCharSpan(CharSpan cspan_to_copy, MutableCharSpan & out_buf) { - VerifyOrReturnError(IsSpanUsable(cspan_to_copy), CHIP_ERROR_INVALID_ARGUMENT); VerifyOrReturnError(out_buf.size() >= cspan_to_copy.size(), CHIP_ERROR_BUFFER_TOO_SMALL); memcpy(out_buf.data(), cspan_to_copy.data(), cspan_to_copy.size()); diff --git a/src/lib/support/tests/TestSpan.cpp b/src/lib/support/tests/TestSpan.cpp index b01bafb2aaec82..bf192dd8e26ea1 100644 --- a/src/lib/support/tests/TestSpan.cpp +++ b/src/lib/support/tests/TestSpan.cpp @@ -34,11 +34,9 @@ static void TestByteSpan(nlTestSuite * inSuite, void * inContext) uint8_t arr[] = { 1, 2, 3 }; ByteSpan s0 = ByteSpan(); - NL_TEST_ASSERT(inSuite, s0.data() == nullptr); NL_TEST_ASSERT(inSuite, s0.size() == 0); NL_TEST_ASSERT(inSuite, s0.empty()); NL_TEST_ASSERT(inSuite, s0.data_equal(s0)); - NL_TEST_ASSERT(inSuite, IsSpanUsable(s0) == false); ByteSpan s1(arr, 2); NL_TEST_ASSERT(inSuite, s1.data() == arr); @@ -46,7 +44,6 @@ static void TestByteSpan(nlTestSuite * inSuite, void * inContext) NL_TEST_ASSERT(inSuite, !s1.empty()); NL_TEST_ASSERT(inSuite, s1.data_equal(s1)); NL_TEST_ASSERT(inSuite, !s1.data_equal(s0)); - NL_TEST_ASSERT(inSuite, IsSpanUsable(s1) == true); ByteSpan s2(arr); NL_TEST_ASSERT(inSuite, s2.data() == arr); @@ -55,7 +52,6 @@ static void TestByteSpan(nlTestSuite * inSuite, void * inContext) NL_TEST_ASSERT(inSuite, !s2.empty()); NL_TEST_ASSERT(inSuite, s2.data_equal(s2)); NL_TEST_ASSERT(inSuite, !s2.data_equal(s1)); - NL_TEST_ASSERT(inSuite, IsSpanUsable(s2) == true); NL_TEST_ASSERT(inSuite, s2.front() == 1); NL_TEST_ASSERT(inSuite, s2.back() == 3); NL_TEST_ASSERT(inSuite, s2[0] == 1); @@ -68,7 +64,6 @@ static void TestByteSpan(nlTestSuite * inSuite, void * inContext) NL_TEST_ASSERT(inSuite, s3.data()[2] == 3); NL_TEST_ASSERT(inSuite, !s3.empty()); NL_TEST_ASSERT(inSuite, s3.data_equal(s2)); - NL_TEST_ASSERT(inSuite, IsSpanUsable(s3) == true); uint8_t arr2[] = { 3, 2, 1 }; ByteSpan s4(arr2); @@ -93,11 +88,9 @@ static void TestMutableByteSpan(nlTestSuite * inSuite, void * inContext) uint8_t arr[] = { 1, 2, 3 }; MutableByteSpan s0 = MutableByteSpan(); - NL_TEST_ASSERT(inSuite, s0.data() == nullptr); NL_TEST_ASSERT(inSuite, s0.size() == 0); NL_TEST_ASSERT(inSuite, s0.empty()); NL_TEST_ASSERT(inSuite, s0.data_equal(s0)); - NL_TEST_ASSERT(inSuite, IsSpanUsable(s0) == false); MutableByteSpan s1(arr, 2); NL_TEST_ASSERT(inSuite, s1.data() == arr); @@ -105,7 +98,6 @@ static void TestMutableByteSpan(nlTestSuite * inSuite, void * inContext) NL_TEST_ASSERT(inSuite, !s1.empty()); NL_TEST_ASSERT(inSuite, s1.data_equal(s1)); NL_TEST_ASSERT(inSuite, !s1.data_equal(s0)); - NL_TEST_ASSERT(inSuite, IsSpanUsable(s1) == true); MutableByteSpan s2(arr); NL_TEST_ASSERT(inSuite, s2.data() == arr); @@ -161,24 +153,22 @@ static void TestFixedByteSpan(nlTestSuite * inSuite, void * inContext) uint8_t arr[] = { 1, 2, 3 }; FixedByteSpan<3> s0 = FixedByteSpan<3>(); - NL_TEST_ASSERT(inSuite, s0.data() == nullptr); + NL_TEST_ASSERT(inSuite, s0.data() != nullptr); NL_TEST_ASSERT(inSuite, s0.size() == 3); - NL_TEST_ASSERT(inSuite, s0.empty()); NL_TEST_ASSERT(inSuite, s0.data_equal(s0)); - NL_TEST_ASSERT(inSuite, IsSpanUsable(s0) == false); + NL_TEST_ASSERT(inSuite, s0[0] == 0); + NL_TEST_ASSERT(inSuite, s0[1] == 0); + NL_TEST_ASSERT(inSuite, s0[2] == 0); FixedByteSpan<2> s1(arr); NL_TEST_ASSERT(inSuite, s1.data() == arr); NL_TEST_ASSERT(inSuite, s1.size() == 2); - NL_TEST_ASSERT(inSuite, !s1.empty()); NL_TEST_ASSERT(inSuite, s1.data_equal(s1)); - NL_TEST_ASSERT(inSuite, IsSpanUsable(s1) == true); FixedByteSpan<3> s2(arr); NL_TEST_ASSERT(inSuite, s2.data() == arr); NL_TEST_ASSERT(inSuite, s2.size() == 3); NL_TEST_ASSERT(inSuite, s2.data()[2] == 3); - NL_TEST_ASSERT(inSuite, !s2.empty()); NL_TEST_ASSERT(inSuite, s2.data_equal(s2)); NL_TEST_ASSERT(inSuite, s2.front() == 1); NL_TEST_ASSERT(inSuite, s2.back() == 3); @@ -190,7 +180,6 @@ static void TestFixedByteSpan(nlTestSuite * inSuite, void * inContext) NL_TEST_ASSERT(inSuite, s3.data() == arr); NL_TEST_ASSERT(inSuite, s3.size() == 3); NL_TEST_ASSERT(inSuite, s3.data()[2] == 3); - NL_TEST_ASSERT(inSuite, !s3.empty()); NL_TEST_ASSERT(inSuite, s3.data_equal(s2)); uint8_t arr2[] = { 3, 2, 1 }; diff --git a/src/lib/support/tests/TestThreadOperationalDataset.cpp b/src/lib/support/tests/TestThreadOperationalDataset.cpp index 24586f39234b64..27e18eac87e23e 100644 --- a/src/lib/support/tests/TestThreadOperationalDataset.cpp +++ b/src/lib/support/tests/TestThreadOperationalDataset.cpp @@ -28,8 +28,9 @@ void TestInit(nlTestSuite * inSuite, void * inContext) { Thread::OperationalDataset & dataset = *static_cast(inContext); - NL_TEST_ASSERT(inSuite, dataset.Init(ByteSpan(nullptr, 255)) == CHIP_ERROR_INVALID_ARGUMENT); - NL_TEST_ASSERT(inSuite, dataset.Init(ByteSpan(nullptr, 0)) == CHIP_NO_ERROR); + uint8_t longerThanOperationalDatasetSize[255]{}; + NL_TEST_ASSERT(inSuite, dataset.Init(ByteSpan(longerThanOperationalDatasetSize)) == CHIP_ERROR_INVALID_ARGUMENT); + NL_TEST_ASSERT(inSuite, dataset.Init(ByteSpan()) == CHIP_NO_ERROR); { uint8_t data[] = { 0x01, 0x02, 0x03 }; diff --git a/src/platform/ASR/ASRFactoryDataProvider.cpp b/src/platform/ASR/ASRFactoryDataProvider.cpp index f798d0133a0231..0e28c014a72937 100755 --- a/src/platform/ASR/ASRFactoryDataProvider.cpp +++ b/src/platform/ASR/ASRFactoryDataProvider.cpp @@ -314,8 +314,8 @@ CHIP_ERROR ASRFactoryDataProvider::SignWithDeviceAttestationKey(const ByteSpan & Crypto::P256ECDSASignature signature; Crypto::P256Keypair keypair; - VerifyOrReturnError(IsSpanUsable(outSignBuffer), CHIP_ERROR_INVALID_ARGUMENT); - VerifyOrReturnError(IsSpanUsable(messageToSign), CHIP_ERROR_INVALID_ARGUMENT); + VerifyOrReturnError(!outSignBuffer.empty(), CHIP_ERROR_INVALID_ARGUMENT); + VerifyOrReturnError(!messageToSign.empty(), CHIP_ERROR_INVALID_ARGUMENT); VerifyOrReturnError(outSignBuffer.size() >= signature.Capacity(), CHIP_ERROR_BUFFER_TOO_SMALL); #if !CONFIG_ENABLE_ASR_FACTORY_DATA_PROVIDER diff --git a/src/platform/Ameba/AmebaOTAImageProcessor.cpp b/src/platform/Ameba/AmebaOTAImageProcessor.cpp index 57aeb2205a5473..78c1a8bdd2665c 100644 --- a/src/platform/Ameba/AmebaOTAImageProcessor.cpp +++ b/src/platform/Ameba/AmebaOTAImageProcessor.cpp @@ -274,7 +274,7 @@ CHIP_ERROR AmebaOTAImageProcessor::ProcessHeader(ByteSpan & block) CHIP_ERROR AmebaOTAImageProcessor::SetBlock(ByteSpan & block) { - if (!IsSpanUsable(block)) + if (block.empty()) { ReleaseBlock(); return CHIP_NO_ERROR; diff --git a/src/platform/Ameba/FactoryDataProvider.cpp b/src/platform/Ameba/FactoryDataProvider.cpp index 541a2256423257..71243a1b7cfe84 100644 --- a/src/platform/Ameba/FactoryDataProvider.cpp +++ b/src/platform/Ameba/FactoryDataProvider.cpp @@ -248,8 +248,8 @@ CHIP_ERROR FactoryDataProvider::SignWithDeviceAttestationKey(const ByteSpan & me Crypto::P256ECDSASignature signature; Crypto::P256Keypair keypair; - VerifyOrReturnError(IsSpanUsable(outSignBuffer), CHIP_ERROR_INVALID_ARGUMENT); - VerifyOrReturnError(IsSpanUsable(messageToSign), CHIP_ERROR_INVALID_ARGUMENT); + VerifyOrReturnError(!outSignBuffer.empty(), CHIP_ERROR_INVALID_ARGUMENT); + VerifyOrReturnError(!messageToSign.empty(), CHIP_ERROR_INVALID_ARGUMENT); VerifyOrReturnError(outSignBuffer.size() >= signature.Capacity(), CHIP_ERROR_BUFFER_TOO_SMALL); if (kReadFromFlash) diff --git a/src/platform/Beken/OTAImageProcessorImpl.cpp b/src/platform/Beken/OTAImageProcessorImpl.cpp index 8c90cf3c742122..770dfc223225a3 100644 --- a/src/platform/Beken/OTAImageProcessorImpl.cpp +++ b/src/platform/Beken/OTAImageProcessorImpl.cpp @@ -298,7 +298,7 @@ void OTAImageProcessorImpl::HandleApply(intptr_t context) CHIP_ERROR OTAImageProcessorImpl::SetBlock(ByteSpan & block) { - if (!IsSpanUsable(block)) + if (block.empty()) { ReleaseBlock(); return CHIP_NO_ERROR; diff --git a/src/platform/ESP32/ESP32FactoryDataProvider.cpp b/src/platform/ESP32/ESP32FactoryDataProvider.cpp index 951d39132df3c6..1066955292d6fd 100644 --- a/src/platform/ESP32/ESP32FactoryDataProvider.cpp +++ b/src/platform/ESP32/ESP32FactoryDataProvider.cpp @@ -135,8 +135,8 @@ CHIP_ERROR ESP32FactoryDataProvider::SignWithDeviceAttestationKey(const ByteSpan Crypto::P256ECDSASignature signature; Crypto::P256Keypair keypair; - VerifyOrReturnError(IsSpanUsable(outSignBuffer), CHIP_ERROR_INVALID_ARGUMENT); - VerifyOrReturnError(IsSpanUsable(messageToSign), CHIP_ERROR_INVALID_ARGUMENT); + VerifyOrReturnError(!outSignBuffer.empty(), CHIP_ERROR_INVALID_ARGUMENT); + VerifyOrReturnError(!messageToSign.empty(), CHIP_ERROR_INVALID_ARGUMENT); VerifyOrReturnError(outSignBuffer.size() >= signature.Capacity(), CHIP_ERROR_BUFFER_TOO_SMALL); uint8_t privKeyBuf[kDACPrivateKeySize]; diff --git a/src/platform/ESP32/ESP32SecureCertDACProvider.cpp b/src/platform/ESP32/ESP32SecureCertDACProvider.cpp index d31eaf02dbcebf..f7de0bd9992090 100644 --- a/src/platform/ESP32/ESP32SecureCertDACProvider.cpp +++ b/src/platform/ESP32/ESP32SecureCertDACProvider.cpp @@ -121,8 +121,8 @@ CHIP_ERROR ESP32SecureCertDACProvider ::SignWithDeviceAttestationKey(const ByteS CHIP_ERROR chipError; Crypto::P256ECDSASignature signature; - VerifyOrReturnError(IsSpanUsable(outSignBuffer), CHIP_ERROR_INVALID_ARGUMENT); - VerifyOrReturnError(IsSpanUsable(messageToSign), CHIP_ERROR_INVALID_ARGUMENT); + VerifyOrReturnError(!outSignBuffer.empty(), CHIP_ERROR_INVALID_ARGUMENT); + VerifyOrReturnError(!messageToSign.empty(), CHIP_ERROR_INVALID_ARGUMENT); VerifyOrReturnError(outSignBuffer.size() >= signature.Capacity(), CHIP_ERROR_BUFFER_TOO_SMALL); esp_err = esp_secure_cert_get_priv_key_type(&keyType); diff --git a/src/platform/ESP32/OTAImageProcessorImpl.cpp b/src/platform/ESP32/OTAImageProcessorImpl.cpp index f13666f8b6667e..51e9fe50468d22 100644 --- a/src/platform/ESP32/OTAImageProcessorImpl.cpp +++ b/src/platform/ESP32/OTAImageProcessorImpl.cpp @@ -307,7 +307,7 @@ void OTAImageProcessorImpl::HandleApply(intptr_t context) CHIP_ERROR OTAImageProcessorImpl::SetBlock(ByteSpan & block) { - if (!IsSpanUsable(block)) + if (block.empty()) { ReleaseBlock(); return CHIP_NO_ERROR; @@ -366,7 +366,7 @@ CHIP_ERROR OTAImageProcessorImpl::ProcessHeader(ByteSpan & block) CHIP_ERROR OTAImageProcessorImpl::InitEncryptedOTA(const CharSpan & key) { VerifyOrReturnError(mEncryptedOTAEnabled == false, CHIP_ERROR_INCORRECT_STATE); - VerifyOrReturnError(IsSpanUsable(key), CHIP_ERROR_INVALID_ARGUMENT); + VerifyOrReturnError(!key.empty(), CHIP_ERROR_INVALID_ARGUMENT); mKey = key; mEncryptedOTAEnabled = true; diff --git a/src/platform/ESP32/nimble/BLEManagerImpl.cpp b/src/platform/ESP32/nimble/BLEManagerImpl.cpp index d62e5530823af0..8c5fc972860dde 100644 --- a/src/platform/ESP32/nimble/BLEManagerImpl.cpp +++ b/src/platform/ESP32/nimble/BLEManagerImpl.cpp @@ -999,7 +999,7 @@ CHIP_ERROR BLEManagerImpl::ConfigureAdvertisingData(void) CHIP_ERROR BLEManagerImpl::ConfigureScanResponseData(ByteSpan data) { - if (!IsSpanUsable(data) || data.size() > MAX_SCAN_RSP_DATA_LEN) + if (data.empty() || data.size() > MAX_SCAN_RSP_DATA_LEN) { ChipLogError(DeviceLayer, "scan response data is invalid"); return CHIP_ERROR_INVALID_ARGUMENT; diff --git a/src/platform/Infineon/CYW30739/FactoryDataProvider.cpp b/src/platform/Infineon/CYW30739/FactoryDataProvider.cpp index 4b7e6ed9e9ae9a..0c33a279756f16 100644 --- a/src/platform/Infineon/CYW30739/FactoryDataProvider.cpp +++ b/src/platform/Infineon/CYW30739/FactoryDataProvider.cpp @@ -64,8 +64,8 @@ CHIP_ERROR FactoryDataProvider::SignWithDeviceAttestationKey(const ByteSpan & me Crypto::P256ECDSASignature signature; Crypto::P256Keypair keypair; - VerifyOrReturnError(IsSpanUsable(out_signature_buffer), CHIP_ERROR_INVALID_ARGUMENT); - VerifyOrReturnError(IsSpanUsable(message_to_sign), CHIP_ERROR_INVALID_ARGUMENT); + VerifyOrReturnError(!out_signature_buffer.empty(), CHIP_ERROR_INVALID_ARGUMENT); + VerifyOrReturnError(!message_to_sign.empty(), CHIP_ERROR_INVALID_ARGUMENT); VerifyOrReturnError(out_signature_buffer.size() >= signature.Capacity(), CHIP_ERROR_BUFFER_TOO_SMALL); uint8_t dac_key_buffer[128]; diff --git a/src/platform/Infineon/CYW30739/OTAImageProcessorImpl.cpp b/src/platform/Infineon/CYW30739/OTAImageProcessorImpl.cpp index 27443e994829db..087295247278b1 100644 --- a/src/platform/Infineon/CYW30739/OTAImageProcessorImpl.cpp +++ b/src/platform/Infineon/CYW30739/OTAImageProcessorImpl.cpp @@ -204,7 +204,7 @@ void OTAImageProcessorImpl::HandleProcessBlock(intptr_t context) return; } - if (IsSpanUsable(block)) + if (!block.empty()) { const uint32_t written = wiced_firmware_upgrade_process_block(imageProcessor->mParams.downloadedBytes, block.data(), block.size()); @@ -247,7 +247,7 @@ CHIP_ERROR OTAImageProcessorImpl::ProcessHeader(ByteSpan & block) CHIP_ERROR OTAImageProcessorImpl::SetBlock(ByteSpan & block) { - if (!IsSpanUsable(block)) + if (block.empty()) { ReleaseBlock(); return CHIP_NO_ERROR; diff --git a/src/platform/Infineon/PSOC6/OTAImageProcessorImpl.cpp b/src/platform/Infineon/PSOC6/OTAImageProcessorImpl.cpp index 5fb0d1505314c2..b1cf7001bd2d38 100644 --- a/src/platform/Infineon/PSOC6/OTAImageProcessorImpl.cpp +++ b/src/platform/Infineon/PSOC6/OTAImageProcessorImpl.cpp @@ -267,7 +267,7 @@ void OTAImageProcessorImpl::HandleApply(intptr_t context) CHIP_ERROR OTAImageProcessorImpl::SetBlock(ByteSpan & block) { - if (!IsSpanUsable(block)) + if (block.empty()) { ReleaseBlock(); return CHIP_NO_ERROR; diff --git a/src/platform/Linux/OTAImageProcessorImpl.cpp b/src/platform/Linux/OTAImageProcessorImpl.cpp index 4647a0df69fba0..b6fe393e01e19d 100644 --- a/src/platform/Linux/OTAImageProcessorImpl.cpp +++ b/src/platform/Linux/OTAImageProcessorImpl.cpp @@ -238,7 +238,7 @@ CHIP_ERROR OTAImageProcessorImpl::ProcessHeader(ByteSpan & block) CHIP_ERROR OTAImageProcessorImpl::SetBlock(ByteSpan & block) { - if (!IsSpanUsable(block)) + if (block.empty()) { ReleaseBlock(); return CHIP_NO_ERROR; diff --git a/src/platform/cc13xx_26xx/OTAImageProcessorImpl.cpp b/src/platform/cc13xx_26xx/OTAImageProcessorImpl.cpp index 0aa0bdf0fc4caf..58f3fdcb73c725 100644 --- a/src/platform/cc13xx_26xx/OTAImageProcessorImpl.cpp +++ b/src/platform/cc13xx_26xx/OTAImageProcessorImpl.cpp @@ -454,7 +454,7 @@ void OTAImageProcessorImpl::HandleProcessBlock(intptr_t context) CHIP_ERROR OTAImageProcessorImpl::SetBlock(ByteSpan & block) { - if (!IsSpanUsable(block)) + if (block.empty()) { ReleaseBlock(); return CHIP_NO_ERROR; diff --git a/src/platform/mbed/OTAImageProcessorImpl.cpp b/src/platform/mbed/OTAImageProcessorImpl.cpp index d83f2e101fb3e7..0777c8606fb30b 100644 --- a/src/platform/mbed/OTAImageProcessorImpl.cpp +++ b/src/platform/mbed/OTAImageProcessorImpl.cpp @@ -392,7 +392,7 @@ void OTAImageProcessorImpl::HandleApply(intptr_t context) CHIP_ERROR OTAImageProcessorImpl::SetBlock(ByteSpan & block) { - if (!IsSpanUsable(block)) + if (block.empty()) { ReleaseBlock(); return CHIP_NO_ERROR; diff --git a/src/platform/mt793x/OTAImageProcessorImpl.cpp b/src/platform/mt793x/OTAImageProcessorImpl.cpp index 8875d2668ec734..98685242aa4347 100644 --- a/src/platform/mt793x/OTAImageProcessorImpl.cpp +++ b/src/platform/mt793x/OTAImageProcessorImpl.cpp @@ -158,7 +158,7 @@ void OTAImageProcessorImpl::HandleProcessBlock(intptr_t context) return; } - if (IsSpanUsable(block)) + if (!block.empty()) { filogic_ota_state_t filogic_err; filogic_ota_io_write_sync(imageProcessor->mFilogicCtx, block.data(), block.size(), &filogic_err); @@ -179,7 +179,7 @@ void OTAImageProcessorImpl::HandleProcessBlock(intptr_t context) // // Store block data for HandleProcessBlock to access CHIP_ERROR OTAImageProcessorImpl::SetBlock(ByteSpan & block) { - if (!IsSpanUsable(block)) + if (block.empty()) { ReleaseBlock(); return CHIP_NO_ERROR; diff --git a/src/platform/nxp/k32w/common/OTAImageProcessorImpl.cpp b/src/platform/nxp/k32w/common/OTAImageProcessorImpl.cpp index 69317d7c0cbf6f..f8d8b4b5a0f8e6 100644 --- a/src/platform/nxp/k32w/common/OTAImageProcessorImpl.cpp +++ b/src/platform/nxp/k32w/common/OTAImageProcessorImpl.cpp @@ -304,7 +304,7 @@ CHIP_ERROR OTAImageProcessorImpl::ConfirmCurrentImage() CHIP_ERROR OTAImageProcessorImpl::SetBlock(ByteSpan & block) { - if (!IsSpanUsable(block)) + if (block.empty()) { return CHIP_NO_ERROR; } diff --git a/src/platform/nxp/k32w/k32w0/FactoryDataProviderImpl.cpp b/src/platform/nxp/k32w/k32w0/FactoryDataProviderImpl.cpp index 026aceb5dfad27..df51c774712281 100644 --- a/src/platform/nxp/k32w/k32w0/FactoryDataProviderImpl.cpp +++ b/src/platform/nxp/k32w/k32w0/FactoryDataProviderImpl.cpp @@ -75,8 +75,8 @@ CHIP_ERROR FactoryDataProviderImpl::SignWithDacKey(const ByteSpan & messageToSig Crypto::P256Keypair keypair; Crypto::P256SerializedKeypair serializedKeypair; - VerifyOrReturnError(IsSpanUsable(outSignBuffer), CHIP_ERROR_INVALID_ARGUMENT); - VerifyOrReturnError(IsSpanUsable(messageToSign), CHIP_ERROR_INVALID_ARGUMENT); + VerifyOrReturnError(!outSignBuffer.empty(), CHIP_ERROR_INVALID_ARGUMENT); + VerifyOrReturnError(!messageToSign.empty(), CHIP_ERROR_INVALID_ARGUMENT); VerifyOrReturnError(outSignBuffer.size() >= signature.Capacity(), CHIP_ERROR_BUFFER_TOO_SMALL); /* Get private key of DAC certificate from reserved section */ diff --git a/src/platform/nxp/mw320/FactoryDataProvider.cpp b/src/platform/nxp/mw320/FactoryDataProvider.cpp index 20400b08f05534..182824ff396168 100644 --- a/src/platform/nxp/mw320/FactoryDataProvider.cpp +++ b/src/platform/nxp/mw320/FactoryDataProvider.cpp @@ -160,8 +160,8 @@ CHIP_ERROR FactoryDataProvider::SignWithDeviceAttestationKey(const ByteSpan & me Crypto::P256ECDSASignature signature; Crypto::P256Keypair keypair; - VerifyOrReturnError(IsSpanUsable(outSignBuffer), CHIP_ERROR_INVALID_ARGUMENT); - VerifyOrReturnError(IsSpanUsable(messageToSign), CHIP_ERROR_INVALID_ARGUMENT); + VerifyOrReturnError(!outSignBuffer.empty(), CHIP_ERROR_INVALID_ARGUMENT); + VerifyOrReturnError(!messageToSign.empty(), CHIP_ERROR_INVALID_ARGUMENT); VerifyOrReturnError(outSignBuffer.size() >= signature.Capacity(), CHIP_ERROR_BUFFER_TOO_SMALL); // In a non-exemplary implementation, the public key is not needed here. It is used here merely because diff --git a/src/platform/nxp/mw320/OTAImageProcessorImpl.cpp b/src/platform/nxp/mw320/OTAImageProcessorImpl.cpp index 22a9010892a74e..1fac68beb2e360 100644 --- a/src/platform/nxp/mw320/OTAImageProcessorImpl.cpp +++ b/src/platform/nxp/mw320/OTAImageProcessorImpl.cpp @@ -292,7 +292,7 @@ CHIP_ERROR OTAImageProcessorImpl::ProcessHeader(ByteSpan & block) CHIP_ERROR OTAImageProcessorImpl::SetBlock(ByteSpan & block) { - if (!IsSpanUsable(block)) + if (block.empty()) { ReleaseBlock(); return CHIP_NO_ERROR; diff --git a/src/platform/openiotsdk/OTAImageProcessorImpl.cpp b/src/platform/openiotsdk/OTAImageProcessorImpl.cpp index ca1edf6d2d9cd2..81b3973ff2c0a6 100644 --- a/src/platform/openiotsdk/OTAImageProcessorImpl.cpp +++ b/src/platform/openiotsdk/OTAImageProcessorImpl.cpp @@ -267,7 +267,7 @@ CHIP_ERROR OTAImageProcessorImpl::ProcessHeader(ByteSpan & block) CHIP_ERROR OTAImageProcessorImpl::SetBlock(ByteSpan & block) { - if (!IsSpanUsable(block)) + if (block.empty()) { ReleaseBlock(); return CHIP_NO_ERROR; diff --git a/src/platform/qpg/FactoryDataProvider.cpp b/src/platform/qpg/FactoryDataProvider.cpp index 3d7601eb731763..a3bdab2fcf4088 100644 --- a/src/platform/qpg/FactoryDataProvider.cpp +++ b/src/platform/qpg/FactoryDataProvider.cpp @@ -82,8 +82,8 @@ CHIP_ERROR FactoryDataProvider::SignWithDeviceAttestationKey(const ByteSpan & me Crypto::P256ECDSASignature signature; Crypto::P256Keypair keypair; - VerifyOrReturnError(IsSpanUsable(outSignBuffer), CHIP_ERROR_INVALID_ARGUMENT); - VerifyOrReturnError(IsSpanUsable(messageToSign), CHIP_ERROR_INVALID_ARGUMENT); + VerifyOrReturnError(!outSignBuffer.empty(), CHIP_ERROR_INVALID_ARGUMENT); + VerifyOrReturnError(!messageToSign.empty(), CHIP_ERROR_INVALID_ARGUMENT); VerifyOrReturnError(outSignBuffer.size() >= signature.Capacity(), CHIP_ERROR_BUFFER_TOO_SMALL); uint8_t qorvoDacPrivKeyBuffer[DEVICE_ATTESTATION_PRIVATE_KEY_LEN]; diff --git a/src/platform/qpg/OTAImageProcessorImpl.cpp b/src/platform/qpg/OTAImageProcessorImpl.cpp index dea726280dc9b1..6293f310bf28d9 100644 --- a/src/platform/qpg/OTAImageProcessorImpl.cpp +++ b/src/platform/qpg/OTAImageProcessorImpl.cpp @@ -245,7 +245,7 @@ void OTAImageProcessorImpl::HandleProcessBlock(intptr_t context) CHIP_ERROR OTAImageProcessorImpl::SetBlock(ByteSpan & block) { - if (!IsSpanUsable(block)) + if (block.empty()) { ReleaseBlock(); return CHIP_NO_ERROR; diff --git a/src/platform/stm32/FactoryDataProvider.cpp b/src/platform/stm32/FactoryDataProvider.cpp index 06801c32f4076a..50a7798b345d6e 100644 --- a/src/platform/stm32/FactoryDataProvider.cpp +++ b/src/platform/stm32/FactoryDataProvider.cpp @@ -25,7 +25,6 @@ namespace chip { namespace { - } // namespace namespace DeviceLayer { @@ -80,8 +79,8 @@ CHIP_ERROR FactoryDataProvider::SignWithDeviceAttestationKey(const ByteSpan & me ByteSpan kDacPrivateKey = ByteSpan(kDevelopmentDAC_PrivateKey_FFF1_8004); ByteSpan kDacPublicKey = ByteSpan(kDevelopmentDAC_PublicKey_FFF1_8004); - VerifyOrReturnError(IsSpanUsable(outSignBuffer), CHIP_ERROR_INVALID_ARGUMENT); - VerifyOrReturnError(IsSpanUsable(messageToSign), CHIP_ERROR_INVALID_ARGUMENT); + VerifyOrReturnError(!outSignBuffer.empty(), CHIP_ERROR_INVALID_ARGUMENT); + VerifyOrReturnError(!messageToSign.empty(), CHIP_ERROR_INVALID_ARGUMENT); VerifyOrReturnError(outSignBuffer.size() >= signature.Capacity(), CHIP_ERROR_BUFFER_TOO_SMALL); // In a non-exemplary implementation, the public key is not needed here. It is used here merely because diff --git a/src/protocols/secure_channel/PASESession.cpp b/src/protocols/secure_channel/PASESession.cpp index 3ddf7ae3882e53..e2adc530903db0 100644 --- a/src/protocols/secure_channel/PASESession.cpp +++ b/src/protocols/secure_channel/PASESession.cpp @@ -258,7 +258,7 @@ void PASESession::OnResponseTimeout(ExchangeContext * ec) CHIP_ERROR PASESession::DeriveSecureSession(CryptoContext & session) const { VerifyOrReturnError(mPairingComplete, CHIP_ERROR_INCORRECT_STATE); - return session.InitFromSecret(*mSessionManager->GetSessionKeystore(), ByteSpan(mKe, mKeLen), ByteSpan(nullptr, 0), + return session.InitFromSecret(*mSessionManager->GetSessionKeystore(), ByteSpan(mKe, mKeLen), ByteSpan(), CryptoContext::SessionInfoType::kSessionEstablishment, mRole); } diff --git a/src/protocols/secure_channel/tests/TestPASESession.cpp b/src/protocols/secure_channel/tests/TestPASESession.cpp index af5f64b4048461..0db3244379f3ca 100644 --- a/src/protocols/secure_channel/tests/TestPASESession.cpp +++ b/src/protocols/secure_channel/tests/TestPASESession.cpp @@ -161,8 +161,8 @@ void SecurePairingWaitTest(nlTestSuite * inSuite, void * inContext) loopback.Reset(); NL_TEST_ASSERT(inSuite, - pairing.WaitForPairing(sessionManager, sTestSpake2p01_PASEVerifier, sTestSpake2p01_IterationCount, - ByteSpan(nullptr, 0), Optional::Missing(), + pairing.WaitForPairing(sessionManager, sTestSpake2p01_PASEVerifier, sTestSpake2p01_IterationCount, ByteSpan(), + Optional::Missing(), &delegate) == CHIP_ERROR_INVALID_ARGUMENT); ctx.DrainAndServiceIO(); diff --git a/src/setup_payload/tests/TestAdditionalDataPayload.cpp b/src/setup_payload/tests/TestAdditionalDataPayload.cpp index ef7c9b5a005cdc..f64846222323e9 100644 --- a/src/setup_payload/tests/TestAdditionalDataPayload.cpp +++ b/src/setup_payload/tests/TestAdditionalDataPayload.cpp @@ -118,7 +118,7 @@ void TestGeneratingAdditionalDataPayloadWithRotatingDeviceId(nlTestSuite * inSui additionalDataFields.Set(AdditionalDataFields::RotatingDeviceId); AdditionalDataPayloadGeneratorParams additionalDataPayloadParams; additionalDataPayloadParams.rotatingDeviceIdLifetimeCounter = kLifetimeCounter; - additionalDataPayloadParams.rotatingDeviceIdUniqueId = ByteSpan{ kUniqueId, sizeof(kUniqueId) }; + additionalDataPayloadParams.rotatingDeviceIdUniqueId = ByteSpan(kUniqueId); char output[kAdditionalDataPayloadLength]; NL_TEST_ASSERT(inSuite, @@ -133,7 +133,7 @@ void TestGeneratingAdditionalDataPayloadWithRotatingDeviceIdAndMaxLifetimeCounte additionalDataFields.Set(AdditionalDataFields::RotatingDeviceId); AdditionalDataPayloadGeneratorParams additionalDataPayloadParams; additionalDataPayloadParams.rotatingDeviceIdLifetimeCounter = std::numeric_limits::max(); - additionalDataPayloadParams.rotatingDeviceIdUniqueId = ByteSpan{ kUniqueId, sizeof(kUniqueId) }; + additionalDataPayloadParams.rotatingDeviceIdUniqueId = ByteSpan(kUniqueId); char output[kAdditionalDataPayloadLength]; NL_TEST_ASSERT(inSuite, @@ -161,7 +161,7 @@ void TestGeneratingRotatingDeviceIdAsString(nlTestSuite * inSuite, void * inCont size_t rotatingDeviceIdValueOutputSize = 0; AdditionalDataPayloadGeneratorParams additionalDataPayloadParams; additionalDataPayloadParams.rotatingDeviceIdLifetimeCounter = kLifetimeCounter; - additionalDataPayloadParams.rotatingDeviceIdUniqueId = ByteSpan{ kUniqueId, sizeof(kUniqueId) }; + additionalDataPayloadParams.rotatingDeviceIdUniqueId = ByteSpan(kUniqueId); err = AdditionalDataPayloadGenerator().generateRotatingDeviceIdAsHexString( additionalDataPayloadParams, rotatingDeviceIdHexBuffer, ArraySize(rotatingDeviceIdHexBuffer), rotatingDeviceIdValueOutputSize); @@ -184,7 +184,7 @@ void TestGeneratingRotatingDeviceIdAsStringWithNullInputs(nlTestSuite * inSuite, size_t rotatingDeviceIdValueOutputSize = 0; AdditionalDataPayloadGeneratorParams additionalDataPayloadParams; additionalDataPayloadParams.rotatingDeviceIdLifetimeCounter = 0; - additionalDataPayloadParams.rotatingDeviceIdUniqueId = MutableByteSpan{ nullptr, sizeof(kUniqueId) }; + additionalDataPayloadParams.rotatingDeviceIdUniqueId = ByteSpan(); err = AdditionalDataPayloadGenerator().generateRotatingDeviceIdAsHexString( additionalDataPayloadParams, rotatingDeviceIdHexBuffer, ArraySize(rotatingDeviceIdHexBuffer), rotatingDeviceIdValueOutputSize); @@ -198,7 +198,7 @@ void TestGeneratingRotatingDeviceIdWithSmallBuffer(nlTestSuite * inSuite, void * size_t rotatingDeviceIdValueOutputSize = 0; AdditionalDataPayloadGeneratorParams additionalDataPayloadParams; additionalDataPayloadParams.rotatingDeviceIdLifetimeCounter = kLifetimeCounter; - additionalDataPayloadParams.rotatingDeviceIdUniqueId = ByteSpan{ kUniqueId, sizeof(kUniqueId) }; + additionalDataPayloadParams.rotatingDeviceIdUniqueId = ByteSpan(kUniqueId); err = AdditionalDataPayloadGenerator().generateRotatingDeviceIdAsHexString( additionalDataPayloadParams, rotatingDeviceIdHexBuffer, ArraySize(rotatingDeviceIdHexBuffer), rotatingDeviceIdValueOutputSize); diff --git a/src/transport/CryptoContext.cpp b/src/transport/CryptoContext.cpp index 6b39af59696028..97420cfd2d0e53 100644 --- a/src/transport/CryptoContext.cpp +++ b/src/transport/CryptoContext.cpp @@ -69,9 +69,7 @@ CHIP_ERROR CryptoContext::InitFromSecret(SessionKeystore & keystore, const ByteS SessionInfoType infoType, SessionRole role) { VerifyOrReturnError(mKeyAvailable == false, CHIP_ERROR_INCORRECT_STATE); - VerifyOrReturnError(secret.data() != nullptr, CHIP_ERROR_INVALID_ARGUMENT); VerifyOrReturnError(secret.size() > 0, CHIP_ERROR_INVALID_ARGUMENT); - VerifyOrReturnError((salt.size() == 0) || (salt.data() != nullptr), CHIP_ERROR_INVALID_ARGUMENT); ByteSpan info = (infoType == SessionInfoType::kSessionResumption) ? ByteSpan(RSEKeysInfo) : ByteSpan(SEKeysInfo); @@ -88,7 +86,7 @@ CHIP_ERROR CryptoContext::InitFromSecret(SessionKeystore & keystore, const ByteS constexpr uint8_t kTestSharedSecret[CHIP_CONFIG_TEST_SHARED_SECRET_LENGTH] = CHIP_CONFIG_TEST_SHARED_SECRET_VALUE; static_assert(sizeof(CHIP_CONFIG_TEST_SHARED_SECRET_VALUE) == CHIP_CONFIG_TEST_SHARED_SECRET_LENGTH, "CHIP_CONFIG_TEST_SHARED_SECRET_VALUE must be 32 bytes"); - const ByteSpan & testSalt = ByteSpan(nullptr, 0); + const ByteSpan & testSalt = ByteSpan(); (void) info; #warning \ diff --git a/src/transport/SessionManager.cpp b/src/transport/SessionManager.cpp index 63e08822c2343c..085fda948629c7 100644 --- a/src/transport/SessionManager.cpp +++ b/src/transport/SessionManager.cpp @@ -527,7 +527,7 @@ CHIP_ERROR SessionManager::InjectPaseSessionWithTestKey(SessionHolder & sessionH size_t secretLen = CHIP_CONFIG_TEST_SHARED_SECRET_LENGTH; ByteSpan secret(reinterpret_cast(CHIP_CONFIG_TEST_SHARED_SECRET_VALUE), secretLen); ReturnErrorOnFailure(secureSession->GetCryptoContext().InitFromSecret( - *mSessionKeystore, secret, ByteSpan(nullptr, 0), CryptoContext::SessionInfoType::kSessionEstablishment, role)); + *mSessionKeystore, secret, ByteSpan(), CryptoContext::SessionInfoType::kSessionEstablishment, role)); secureSession->GetSessionMessageCounter().GetPeerMessageCounter().SetCounter(Transport::PeerMessageCounter::kInitialSyncValue); sessionHolder.Grab(session.Value()); return CHIP_NO_ERROR; @@ -548,7 +548,7 @@ CHIP_ERROR SessionManager::InjectCaseSessionWithTestKey(SessionHolder & sessionH size_t secretLen = CHIP_CONFIG_TEST_SHARED_SECRET_LENGTH; ByteSpan secret(reinterpret_cast(CHIP_CONFIG_TEST_SHARED_SECRET_VALUE), secretLen); ReturnErrorOnFailure(secureSession->GetCryptoContext().InitFromSecret( - *mSessionKeystore, secret, ByteSpan(nullptr, 0), CryptoContext::SessionInfoType::kSessionEstablishment, role)); + *mSessionKeystore, secret, ByteSpan(), CryptoContext::SessionInfoType::kSessionEstablishment, role)); secureSession->GetSessionMessageCounter().GetPeerMessageCounter().SetCounter(Transport::PeerMessageCounter::kInitialSyncValue); sessionHolder.Grab(session.Value()); return CHIP_NO_ERROR; diff --git a/src/transport/tests/TestSecureSession.cpp b/src/transport/tests/TestSecureSession.cpp index d6efc341ee4fc9..023876c4f7f3c1 100644 --- a/src/transport/tests/TestSecureSession.cpp +++ b/src/transport/tests/TestSecureSession.cpp @@ -46,21 +46,15 @@ void SecureChannelInitTest(nlTestSuite * inSuite, void * inContext) P256Keypair keypair2; NL_TEST_ASSERT(inSuite, keypair2.Initialize(ECPKeyTarget::ECDH) == CHIP_NO_ERROR); - // Test all combinations of invalid parameters - NL_TEST_ASSERT(inSuite, - channel.InitFromKeyPair(sessionKeystore, keypair, keypair2.Pubkey(), ByteSpan(nullptr, 10), - CryptoContext::SessionInfoType::kSessionEstablishment, - CryptoContext::SessionRole::kInitiator) == CHIP_ERROR_INVALID_ARGUMENT); - // Test the channel is successfully created with valid parameters NL_TEST_ASSERT(inSuite, - channel.InitFromKeyPair(sessionKeystore, keypair, keypair2.Pubkey(), ByteSpan(nullptr, 0), + channel.InitFromKeyPair(sessionKeystore, keypair, keypair2.Pubkey(), ByteSpan(), CryptoContext::SessionInfoType::kSessionEstablishment, CryptoContext::SessionRole::kInitiator) == CHIP_NO_ERROR); // Test the channel cannot be reinitialized NL_TEST_ASSERT(inSuite, - channel.InitFromKeyPair(sessionKeystore, keypair, keypair2.Pubkey(), ByteSpan(nullptr, 0), + channel.InitFromKeyPair(sessionKeystore, keypair, keypair2.Pubkey(), ByteSpan(), CryptoContext::SessionInfoType::kSessionEstablishment, CryptoContext::SessionRole::kInitiator) == CHIP_ERROR_INCORRECT_STATE);