Stop passing passcode by mutable reference to Spake2pVerifier::Generate. (project-chip#23571)

bzbarsky-apple · adbridge · commit 9aff83508acc · 2022-11-18T12:17:18.000Z
The generation bits never modify the passcode. Fixes project-chip#23511
diff --git a/src/crypto/CHIPCryptoPAL.cpp b/src/crypto/CHIPCryptoPAL.cpp
@@ -540,7 +540,7 @@ CHIP_ERROR Spake2pVerifier::Deserialize(const ByteSpan & inSerialized)
     return CHIP_NO_ERROR;
 }
 
-CHIP_ERROR Spake2pVerifier::Generate(uint32_t pbkdf2IterCount, const ByteSpan & salt, uint32_t & setupPin)
+CHIP_ERROR Spake2pVerifier::Generate(uint32_t pbkdf2IterCount, const ByteSpan & salt, uint32_t setupPin)
 {
     uint8_t serializedWS[kSpake2p_WS_Length * 2] = { 0 };
     ReturnErrorOnFailure(ComputeWS(pbkdf2IterCount, salt, setupPin, serializedWS, sizeof(serializedWS)));
@@ -572,7 +572,7 @@ CHIP_ERROR Spake2pVerifier::Generate(uint32_t pbkdf2IterCount, const ByteSpan &
     return err;
 }
 
-CHIP_ERROR Spake2pVerifier::ComputeWS(uint32_t pbkdf2IterCount, const ByteSpan & salt, uint32_t & setupPin, uint8_t * ws,
+CHIP_ERROR Spake2pVerifier::ComputeWS(uint32_t pbkdf2IterCount, const ByteSpan & salt, uint32_t setupPin, uint8_t * ws,
                                       uint32_t ws_len)
 {
 #ifdef ENABLE_HSM_PBKDF2
diff --git a/src/crypto/CHIPCryptoPAL.h b/src/crypto/CHIPCryptoPAL.h
@@ -1351,7 +1351,7 @@ class Spake2pVerifier
      *
      * @return CHIP_ERROR     The result of Spake2+ verifier generation
      */
-    CHIP_ERROR Generate(uint32_t pbkdf2IterCount, const ByteSpan & salt, uint32_t & setupPin);
+    CHIP_ERROR Generate(uint32_t pbkdf2IterCount, const ByteSpan & salt, uint32_t setupPin);
 
     /**
      * @brief Compute the initiator values (w0, w1) used for PAKE input.
@@ -1364,8 +1364,7 @@ class Spake2pVerifier
      *
      * @return CHIP_ERROR     The result from running PBKDF2
      */
-    static CHIP_ERROR ComputeWS(uint32_t pbkdf2IterCount, const ByteSpan & salt, uint32_t & setupPin, uint8_t * ws,
-                                uint32_t ws_len);
+    static CHIP_ERROR ComputeWS(uint32_t pbkdf2IterCount, const ByteSpan & salt, uint32_t setupPin, uint8_t * ws, uint32_t ws_len);
 };
 
 /**
diff --git a/src/darwin/Framework/CHIP/MTRDeviceController.mm b/src/darwin/Framework/CHIP/MTRDeviceController.mm
@@ -567,10 +567,8 @@ + (nullable NSData *)computePASEVerifierForSetupPasscode:(NSNumber *)setupPassco
                                                     salt:(NSData *)salt
                                                    error:(NSError * __autoreleasing *)error
 {
-    // Spake2pVerifier::Generate takes the passcode by non-const reference for some reason.
-    uint32_t unboxedSetupPasscode = [setupPasscode unsignedIntValue];
     chip::Spake2pVerifier verifier;
-    CHIP_ERROR err = verifier.Generate([iterations unsignedIntValue], AsByteSpan(salt), unboxedSetupPasscode);
+    CHIP_ERROR err = verifier.Generate(iterations.unsignedIntValue, AsByteSpan(salt), setupPasscode.unsignedIntValue);
     if ([MTRDeviceController checkForError:err logMsg:kErrorSpake2pVerifierGenerationFailed error:error]) {
         return nil;
     }

Original file line number	Diff line number	Diff line change
`@@ -540,7 +540,7 @@ CHIP_ERROR Spake2pVerifier::Deserialize(const ByteSpan & inSerialized)`
`540`	`540`	`return CHIP_NO_ERROR;`
`541`	`541`	`}`
`542`	`542`
`543`		`-CHIP_ERROR Spake2pVerifier::Generate(uint32_t pbkdf2IterCount, const ByteSpan & salt, uint32_t & setupPin)`
	`543`	`+CHIP_ERROR Spake2pVerifier::Generate(uint32_t pbkdf2IterCount, const ByteSpan & salt, uint32_t setupPin)`
`544`	`544`	`{`
`545`	`545`	`uint8_t serializedWS[kSpake2p_WS_Length * 2] = { 0 };`
`546`	`546`	`ReturnErrorOnFailure(ComputeWS(pbkdf2IterCount, salt, setupPin, serializedWS, sizeof(serializedWS)));`
`@@ -572,7 +572,7 @@ CHIP_ERROR Spake2pVerifier::Generate(uint32_t pbkdf2IterCount, const ByteSpan &`
`572`	`572`	`return err;`
`573`	`573`	`}`
`574`	`574`
`575`		`-CHIP_ERROR Spake2pVerifier::ComputeWS(uint32_t pbkdf2IterCount, const ByteSpan & salt, uint32_t & setupPin, uint8_t * ws,`
	`575`	`+CHIP_ERROR Spake2pVerifier::ComputeWS(uint32_t pbkdf2IterCount, const ByteSpan & salt, uint32_t setupPin, uint8_t * ws,`
`576`	`576`	`uint32_t ws_len)`
`577`	`577`	`{`
`578`	`578`	`#ifdef ENABLE_HSM_PBKDF2`
Original file line number	Diff line number	Diff line change
`@@ -567,10 +567,8 @@ + (nullable NSData )computePASEVerifierForSetupPasscode:(NSNumber )setupPassco`
`567`	`567`	`salt:(NSData *)salt`
`568`	`568`	`error:(NSError * __autoreleasing *)error`
`569`	`569`	`{`
`570`		`- // Spake2pVerifier::Generate takes the passcode by non-const reference for some reason.`
`571`		`- uint32_t unboxedSetupPasscode = [setupPasscode unsignedIntValue];`
`572`	`570`	`chip::Spake2pVerifier verifier;`
`573`		`- CHIP_ERROR err = verifier.Generate([iterations unsignedIntValue], AsByteSpan(salt), unboxedSetupPasscode);`
	`571`	`+ CHIP_ERROR err = verifier.Generate(iterations.unsignedIntValue, AsByteSpan(salt), setupPasscode.unsignedIntValue);`
`574`	`572`	`if ([MTRDeviceController checkForError:err logMsg:kErrorSpake2pVerifierGenerationFailed error:error]) {`
`575`	`573`	`return nil;`
`576`	`574`	`}`