From b4ecc27629bb8380e92d8060be2ec22de5ab9de0 Mon Sep 17 00:00:00 2001 From: David Saada Date: Thu, 14 Feb 2019 13:48:10 +0200 Subject: [PATCH 1/2] Replace PSA error code definitions with the ones defined in PSA spec --- include/psa/crypto.h | 42 +++++----- include/psa/crypto_se_driver.h | 2 +- include/psa/crypto_types.h | 5 ++ include/psa/crypto_values.h | 76 ++++++++----------- library/psa_crypto.c | 20 ++--- library/psa_crypto_slot_management.c | 8 +- library/psa_crypto_storage.h | 4 +- library/psa_crypto_storage_backend.h | 4 +- library/psa_crypto_storage_file.c | 4 +- library/psa_crypto_storage_its.c | 7 +- tests/suites/test_suite_psa_crypto.function | 34 ++++----- ...t_suite_psa_crypto_persistent_key.function | 2 +- ...test_suite_psa_crypto_slot_management.data | 2 +- ..._suite_psa_crypto_slot_management.function | 10 +-- .../test_suite_psa_crypto_storage_file.data | 4 +- 15 files changed, 108 insertions(+), 116 deletions(-) diff --git a/include/psa/crypto.h b/include/psa/crypto.h index 93f896890d..25c3cb4dbd 100644 --- a/include/psa/crypto.h +++ b/include/psa/crypto.h @@ -193,7 +193,7 @@ psa_algorithm_t psa_key_policy_get_algorithm(const psa_key_policy_t *policy); * the policy has been saved to persistent storage. Implementations * may defer saving the policy until the key material is created. * \retval #PSA_ERROR_INVALID_HANDLE - * \retval #PSA_ERROR_OCCUPIED_SLOT + * \retval #PSA_ERROR_ALREADY_EXISTS * \retval #PSA_ERROR_NOT_SUPPORTED * \retval #PSA_ERROR_INVALID_ARGUMENT * \retval #PSA_ERROR_COMMUNICATION_FAILURE @@ -285,7 +285,7 @@ psa_status_t psa_allocate_key(psa_key_handle_t *handle); * Success. The application can now use the value of `*handle` * to access the newly allocated key slot. * \retval #PSA_ERROR_INSUFFICIENT_MEMORY - * \retval #PSA_ERROR_EMPTY_SLOT + * \retval #PSA_ERROR_DOES_NOT_EXIST * \retval #PSA_ERROR_INVALID_ARGUMENT * \p lifetime is invalid, for example #PSA_KEY_LIFETIME_VOLATILE. * \retval #PSA_ERROR_INVALID_ARGUMENT @@ -322,7 +322,7 @@ psa_status_t psa_open_key(psa_key_lifetime_t lifetime, * to access the newly allocated key slot. * \retval #PSA_ERROR_INSUFFICIENT_MEMORY * \retval #PSA_ERROR_INSUFFICIENT_STORAGE - * \retval #PSA_ERROR_OCCUPIED_SLOT + * \retval #PSA_ERROR_ALREADY_EXISTS * There is already a key with the identifier \p id in the storage * area designated by \p lifetime. * \retval #PSA_ERROR_INVALID_ARGUMENT @@ -401,7 +401,7 @@ psa_status_t psa_close_key(psa_key_handle_t handle); * \retval #PSA_ERROR_INVALID_ARGUMENT * The key slot is invalid, * or the key data is not correctly formatted. - * \retval #PSA_ERROR_OCCUPIED_SLOT + * \retval #PSA_ERROR_ALREADY_EXISTS * There is already a key in the specified slot. * \retval #PSA_ERROR_INSUFFICIENT_MEMORY * \retval #PSA_ERROR_INSUFFICIENT_STORAGE @@ -470,7 +470,7 @@ psa_status_t psa_destroy_key(psa_key_handle_t handle); * * \retval #PSA_SUCCESS * \retval #PSA_ERROR_INVALID_HANDLE - * \retval #PSA_ERROR_EMPTY_SLOT + * \retval #PSA_ERROR_DOES_NOT_EXIST * The handle is to a key slot which does not contain key material yet. * \retval #PSA_ERROR_COMMUNICATION_FAILURE * \retval #PSA_ERROR_HARDWARE_FAILURE @@ -554,7 +554,7 @@ psa_status_t psa_get_key_information(psa_key_handle_t handle, * * \retval #PSA_SUCCESS * \retval #PSA_ERROR_INVALID_HANDLE - * \retval #PSA_ERROR_EMPTY_SLOT + * \retval #PSA_ERROR_DOES_NOT_EXIST * \retval #PSA_ERROR_NOT_PERMITTED * \retval #PSA_ERROR_NOT_SUPPORTED * \retval #PSA_ERROR_BUFFER_TOO_SMALL @@ -641,7 +641,7 @@ psa_status_t psa_export_key(psa_key_handle_t handle, * * \retval #PSA_SUCCESS * \retval #PSA_ERROR_INVALID_HANDLE - * \retval #PSA_ERROR_EMPTY_SLOT + * \retval #PSA_ERROR_DOES_NOT_EXIST * \retval #PSA_ERROR_INVALID_ARGUMENT * The key is neither a public key nor a key pair. * \retval #PSA_ERROR_NOT_SUPPORTED @@ -710,9 +710,9 @@ psa_status_t psa_export_public_key(psa_key_handle_t handle, * * \retval #PSA_SUCCESS * \retval #PSA_ERROR_INVALID_HANDLE - * \retval #PSA_ERROR_OCCUPIED_SLOT + * \retval #PSA_ERROR_ALREADY_EXISTS * \p target already contains key material. - * \retval #PSA_ERROR_EMPTY_SLOT + * \retval #PSA_ERROR_DOES_NOT_EXIST * \p source does not contain key material. * \retval #PSA_ERROR_INVALID_ARGUMENT * The policy constraints on the source, on the target and @@ -1071,7 +1071,7 @@ static psa_mac_operation_t psa_mac_operation_init(void); * \retval #PSA_SUCCESS * Success. * \retval #PSA_ERROR_INVALID_HANDLE - * \retval #PSA_ERROR_EMPTY_SLOT + * \retval #PSA_ERROR_DOES_NOT_EXIST * \retval #PSA_ERROR_NOT_PERMITTED * \retval #PSA_ERROR_INVALID_ARGUMENT * \p key is not compatible with \p alg. @@ -1128,7 +1128,7 @@ psa_status_t psa_mac_sign_setup(psa_mac_operation_t *operation, * \retval #PSA_SUCCESS * Success. * \retval #PSA_ERROR_INVALID_HANDLE - * \retval #PSA_ERROR_EMPTY_SLOT + * \retval #PSA_ERROR_DOES_NOT_EXIST * \retval #PSA_ERROR_NOT_PERMITTED * \retval #PSA_ERROR_INVALID_ARGUMENT * \c key is not compatible with \c alg. @@ -1373,7 +1373,7 @@ static psa_cipher_operation_t psa_cipher_operation_init(void); * \retval #PSA_SUCCESS * Success. * \retval #PSA_ERROR_INVALID_HANDLE - * \retval #PSA_ERROR_EMPTY_SLOT + * \retval #PSA_ERROR_DOES_NOT_EXIST * \retval #PSA_ERROR_NOT_PERMITTED * \retval #PSA_ERROR_INVALID_ARGUMENT * \p key is not compatible with \p alg. @@ -1432,7 +1432,7 @@ psa_status_t psa_cipher_encrypt_setup(psa_cipher_operation_t *operation, * \retval #PSA_SUCCESS * Success. * \retval #PSA_ERROR_INVALID_HANDLE - * \retval #PSA_ERROR_EMPTY_SLOT + * \retval #PSA_ERROR_DOES_NOT_EXIST * \retval #PSA_ERROR_NOT_PERMITTED * \retval #PSA_ERROR_INVALID_ARGUMENT * \p key is not compatible with \p alg. @@ -1660,7 +1660,7 @@ psa_status_t psa_cipher_abort(psa_cipher_operation_t *operation); * \retval #PSA_SUCCESS * Success. * \retval #PSA_ERROR_INVALID_HANDLE - * \retval #PSA_ERROR_EMPTY_SLOT + * \retval #PSA_ERROR_DOES_NOT_EXIST * \retval #PSA_ERROR_NOT_PERMITTED * \retval #PSA_ERROR_INVALID_ARGUMENT * \p key is not compatible with \p alg. @@ -1716,7 +1716,7 @@ psa_status_t psa_aead_encrypt(psa_key_handle_t handle, * \retval #PSA_SUCCESS * Success. * \retval #PSA_ERROR_INVALID_HANDLE - * \retval #PSA_ERROR_EMPTY_SLOT + * \retval #PSA_ERROR_DOES_NOT_EXIST * \retval #PSA_ERROR_INVALID_SIGNATURE * The ciphertext is not authentic. * \retval #PSA_ERROR_NOT_PERMITTED @@ -2034,7 +2034,7 @@ psa_status_t psa_get_generator_capacity(const psa_crypto_generator_t *generator, * \param output_length Number of bytes to output. * * \retval #PSA_SUCCESS - * \retval #PSA_ERROR_INSUFFICIENT_CAPACITY + * \retval #PSA_ERROR_INSUFFICIENT_DATA * There were fewer than \p output_length bytes * in the generator. Note that in this case, no * output is written to the output buffer. @@ -2076,7 +2076,7 @@ psa_status_t psa_generator_read(psa_crypto_generator_t *generator, * Success. * If the key is persistent, the key material and the key's metadata * have been saved to persistent storage. - * \retval #PSA_ERROR_INSUFFICIENT_CAPACITY + * \retval #PSA_ERROR_INSUFFICIENT_DATA * There were fewer than \p output_length bytes * in the generator. Note that in this case, no * output is written to the output buffer. @@ -2088,7 +2088,7 @@ psa_status_t psa_generator_read(psa_crypto_generator_t *generator, * implementation in general or in this particular slot. * \retval #PSA_ERROR_BAD_STATE * \retval #PSA_ERROR_INVALID_HANDLE - * \retval #PSA_ERROR_OCCUPIED_SLOT + * \retval #PSA_ERROR_ALREADY_EXISTS * There is already a key in the specified slot. * \retval #PSA_ERROR_INSUFFICIENT_MEMORY * \retval #PSA_ERROR_INSUFFICIENT_STORAGE @@ -2172,7 +2172,7 @@ psa_status_t psa_generator_abort(psa_crypto_generator_t *generator); * \retval #PSA_SUCCESS * Success. * \retval #PSA_ERROR_INVALID_HANDLE - * \retval #PSA_ERROR_EMPTY_SLOT + * \retval #PSA_ERROR_DOES_NOT_EXIST * \retval #PSA_ERROR_NOT_PERMITTED * \retval #PSA_ERROR_INVALID_ARGUMENT * \c key is not compatible with \c alg, @@ -2233,7 +2233,7 @@ psa_status_t psa_key_derivation(psa_crypto_generator_t *generator, * \retval #PSA_SUCCESS * Success. * \retval #PSA_ERROR_INVALID_HANDLE - * \retval #PSA_ERROR_EMPTY_SLOT + * \retval #PSA_ERROR_DOES_NOT_EXIST * \retval #PSA_ERROR_NOT_PERMITTED * \retval #PSA_ERROR_INVALID_ARGUMENT * \c private_key is not compatible with \c alg, @@ -2332,7 +2332,7 @@ typedef struct { * If the key is persistent, the key material and the key's metadata * have been saved to persistent storage. * \retval #PSA_ERROR_INVALID_HANDLE - * \retval #PSA_ERROR_OCCUPIED_SLOT + * \retval #PSA_ERROR_ALREADY_EXISTS * There is already a key in the specified slot. * \retval #PSA_ERROR_NOT_SUPPORTED * \retval #PSA_ERROR_INVALID_ARGUMENT diff --git a/include/psa/crypto_se_driver.h b/include/psa/crypto_se_driver.h index 0578664453..20cd4b45e1 100644 --- a/include/psa/crypto_se_driver.h +++ b/include/psa/crypto_se_driver.h @@ -754,7 +754,7 @@ typedef psa_status_t (*psa_drv_destroy_key_t)(psa_key_slot_t key); * that make up the key data. * * \retval #PSA_SUCCESS - * \retval #PSA_ERROR_EMPTY_SLOT + * \retval #PSA_ERROR_DOES_NOT_EXIST * \retval #PSA_ERROR_NOT_PERMITTED * \retval #PSA_ERROR_NOT_SUPPORTED * \retval #PSA_ERROR_COMMUNICATION_FAILURE diff --git a/include/psa/crypto_types.h b/include/psa/crypto_types.h index 9b44d6aef9..29c9853030 100644 --- a/include/psa/crypto_types.h +++ b/include/psa/crypto_types.h @@ -47,8 +47,13 @@ * This is either #PSA_SUCCESS (which is zero), indicating success, * or a nonzero value indicating that an error occurred. Errors are * encoded as one of the \c PSA_ERROR_xxx values defined here. + * If #PSA_SUCCESS is already defined, it means that #psa_status_t + * is also defined in an external header, so prevent its multiple + * definition. */ +#ifndef PSA_SUCCESS typedef int32_t psa_status_t; +#endif /**@}*/ diff --git a/include/psa/crypto_values.h b/include/psa/crypto_values.h index 2ae72e0633..d42d8c28a8 100644 --- a/include/psa/crypto_values.h +++ b/include/psa/crypto_values.h @@ -40,25 +40,17 @@ * @{ */ -#if !defined(PSA_SUCCESS) -/* If PSA_SUCCESS is defined, assume that PSA crypto is being used - * together with PSA IPC, which also defines the identifier - * PSA_SUCCESS. We must not define PSA_SUCCESS ourselves in that case; - * the other error code names don't clash. This is a temporary hack - * until we unify error reporting in PSA IPC and PSA crypto. - * - * Note that psa_defs.h must be included before this header! - */ +/* PSA error codes */ + /** The action was completed successfully. */ #define PSA_SUCCESS ((psa_status_t)0) -#endif /* !defined(PSA_SUCCESS) */ /** An error occurred that does not correspond to any defined * failure cause. * * Implementations may use this error code if none of the other standard * error codes are applicable. */ -#define PSA_ERROR_UNKNOWN_ERROR ((psa_status_t)1) +#define PSA_ERROR_GENERIC_ERROR ((psa_status_t)-132) /** The requested operation or a parameter is not supported * by this implementation. @@ -67,7 +59,7 @@ * parameter such as a key type, algorithm, etc. is not recognized. * If a combination of parameters is recognized and identified as * not valid, return #PSA_ERROR_INVALID_ARGUMENT instead. */ -#define PSA_ERROR_NOT_SUPPORTED ((psa_status_t)2) +#define PSA_ERROR_NOT_SUPPORTED ((psa_status_t)-134) /** The requested action is denied by a policy. * @@ -80,7 +72,7 @@ * not valid or not supported, it is unspecified whether the function * returns #PSA_ERROR_NOT_PERMITTED, #PSA_ERROR_NOT_SUPPORTED or * #PSA_ERROR_INVALID_ARGUMENT. */ -#define PSA_ERROR_NOT_PERMITTED ((psa_status_t)3) +#define PSA_ERROR_NOT_PERMITTED ((psa_status_t)-133) /** An output buffer is too small. * @@ -92,23 +84,19 @@ * buffer would succeed. However implementations may return this * error if a function has invalid or unsupported parameters in addition * to the parameters that determine the necessary output buffer size. */ -#define PSA_ERROR_BUFFER_TOO_SMALL ((psa_status_t)4) +#define PSA_ERROR_BUFFER_TOO_SMALL ((psa_status_t)-138) -/** A slot is occupied, but must be empty to carry out the - * requested action. +/** Asking for an item that already exists * - * If a handle is invalid, it does not designate an occupied slot. - * The error for an invalid handle is #PSA_ERROR_INVALID_HANDLE. - */ -#define PSA_ERROR_OCCUPIED_SLOT ((psa_status_t)5) + * Implementations should return this error, when attempting + * to write an item (like a key) that already exists. */ +#define PSA_ERROR_ALREADY_EXISTS ((psa_status_t)-139) -/** A slot is empty, but must be occupied to carry out the - * requested action. +/** Asking for an item that doesn't exist * - * If a handle is invalid, it does not designate an empty slot. - * The error for an invalid handle is #PSA_ERROR_INVALID_HANDLE. - */ -#define PSA_ERROR_EMPTY_SLOT ((psa_status_t)6) + * Implementations should return this error, if a requested item (like + * a key) does not exist. */ +#define PSA_ERROR_DOES_NOT_EXIST ((psa_status_t)-140) /** The requested action cannot be performed in the current state. * @@ -118,9 +106,9 @@ * * Implementations shall not return this error code to indicate * that a key slot is occupied when it needs to be free or vice versa, - * but shall return #PSA_ERROR_OCCUPIED_SLOT or #PSA_ERROR_EMPTY_SLOT + * but shall return #PSA_ERROR_ALREADY_EXISTS or #PSA_ERROR_DOES_NOT_EXIST * as applicable. */ -#define PSA_ERROR_BAD_STATE ((psa_status_t)7) +#define PSA_ERROR_BAD_STATE ((psa_status_t)-137) /** The parameters passed to the function are invalid. * @@ -129,20 +117,20 @@ * * Implementations shall not return this error code to indicate * that a key slot is occupied when it needs to be free or vice versa, - * but shall return #PSA_ERROR_OCCUPIED_SLOT or #PSA_ERROR_EMPTY_SLOT + * but shall return #PSA_ERROR_ALREADY_EXISTS or #PSA_ERROR_DOES_NOT_EXIST * as applicable. * * Implementation shall not return this error code to indicate that a * key handle is invalid, but shall return #PSA_ERROR_INVALID_HANDLE * instead. */ -#define PSA_ERROR_INVALID_ARGUMENT ((psa_status_t)8) +#define PSA_ERROR_INVALID_ARGUMENT ((psa_status_t)-135) /** There is not enough runtime memory. * * If the action is carried out across multiple security realms, this * error can refer to available memory in any of the security realms. */ -#define PSA_ERROR_INSUFFICIENT_MEMORY ((psa_status_t)9) +#define PSA_ERROR_INSUFFICIENT_MEMORY ((psa_status_t)-141) /** There is not enough persistent storage. * @@ -151,7 +139,7 @@ * many functions that do not otherwise access storage may return this * error code if the implementation requires a mandatory log entry for * the requested action and the log storage space is full. */ -#define PSA_ERROR_INSUFFICIENT_STORAGE ((psa_status_t)10) +#define PSA_ERROR_INSUFFICIENT_STORAGE ((psa_status_t)-142) /** There was a communication failure inside the implementation. * @@ -168,7 +156,7 @@ * cryptoprocessor but there was a breakdown of communication before * the cryptoprocessor could report the status to the application. */ -#define PSA_ERROR_COMMUNICATION_FAILURE ((psa_status_t)11) +#define PSA_ERROR_COMMUNICATION_FAILURE ((psa_status_t)-145) /** There was a storage failure that may have led to data loss. * @@ -193,13 +181,13 @@ * permanent storage corruption. However application writers should * keep in mind that transient errors while reading the storage may be * reported using this error code. */ -#define PSA_ERROR_STORAGE_FAILURE ((psa_status_t)12) +#define PSA_ERROR_STORAGE_FAILURE ((psa_status_t)-146) /** A hardware failure was detected. * * A hardware failure may be transient or permanent depending on the * cause. */ -#define PSA_ERROR_HARDWARE_FAILURE ((psa_status_t)13) +#define PSA_ERROR_HARDWARE_FAILURE ((psa_status_t)-147) /** A tampering attempt was detected. * @@ -230,7 +218,7 @@ * This error indicates an attack against the application. Implementations * shall not return this error code as a consequence of the behavior of * the application itself. */ -#define PSA_ERROR_TAMPERING_DETECTED ((psa_status_t)14) +#define PSA_ERROR_TAMPERING_DETECTED ((psa_status_t)-151) /** There is not enough entropy to generate random data needed * for the requested action. @@ -249,7 +237,7 @@ * secure pseudorandom generator (PRNG). However implementations may return * this error at any time if a policy requires the PRNG to be reseeded * during normal operation. */ -#define PSA_ERROR_INSUFFICIENT_ENTROPY ((psa_status_t)15) +#define PSA_ERROR_INSUFFICIENT_ENTROPY ((psa_status_t)-148) /** The signature, MAC or hash is incorrect. * @@ -259,7 +247,7 @@ * * If the value to verify has an invalid size, implementations may return * either #PSA_ERROR_INVALID_ARGUMENT or #PSA_ERROR_INVALID_SIGNATURE. */ -#define PSA_ERROR_INVALID_SIGNATURE ((psa_status_t)16) +#define PSA_ERROR_INVALID_SIGNATURE ((psa_status_t)-149) /** The decrypted padding is incorrect. * @@ -275,17 +263,15 @@ * as close as possible to indistinguishable to an external observer. * In particular, the timing of a decryption operation should not * depend on the validity of the padding. */ -#define PSA_ERROR_INVALID_PADDING ((psa_status_t)17) +#define PSA_ERROR_INVALID_PADDING ((psa_status_t)-150) -/** The generator has insufficient capacity left. - * - * Once a function returns this error, attempts to read from the - * generator will always return this error. */ -#define PSA_ERROR_INSUFFICIENT_CAPACITY ((psa_status_t)18) +/** Return this error when there's insufficient data when attempting + * to read from a resource. */ +#define PSA_ERROR_INSUFFICIENT_DATA ((psa_status_t)-143) /** The key handle is not valid. */ -#define PSA_ERROR_INVALID_HANDLE ((psa_status_t)19) +#define PSA_ERROR_INVALID_HANDLE ((psa_status_t)-136) /**@}*/ diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 5bf4f99247..fd9f38774a 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -346,7 +346,7 @@ static psa_status_t mbedtls_to_psa_error( int ret ) return( PSA_ERROR_HARDWARE_FAILURE ); default: - return( PSA_ERROR_UNKNOWN_ERROR ); + return( PSA_ERROR_GENERIC_ERROR ); } } @@ -742,7 +742,7 @@ static psa_status_t psa_get_empty_key_slot( psa_key_handle_t handle, return( status ); if( slot->type != PSA_KEY_TYPE_NONE ) - return( PSA_ERROR_OCCUPIED_SLOT ); + return( PSA_ERROR_ALREADY_EXISTS ); *p_slot = slot; return( status ); @@ -839,7 +839,7 @@ static psa_status_t psa_get_key_from_slot( psa_key_handle_t handle, if( status != PSA_SUCCESS ) return( status ); if( slot->type == PSA_KEY_TYPE_NONE ) - return( PSA_ERROR_EMPTY_SLOT ); + return( PSA_ERROR_DOES_NOT_EXIST ); /* Enforce that usage policy for the key slot contains all the flags * required by the usage parameter. There is one exception: public @@ -1001,7 +1001,7 @@ psa_status_t psa_get_key_information( psa_key_handle_t handle, return( status ); if( slot->type == PSA_KEY_TYPE_NONE ) - return( PSA_ERROR_EMPTY_SLOT ); + return( PSA_ERROR_DOES_NOT_EXIST ); if( type != NULL ) *type = slot->type; if( bits != NULL ) @@ -3098,7 +3098,7 @@ psa_status_t psa_cipher_finish( psa_cipher_operation_t *operation, size_t output_size, size_t *output_length ) { - psa_status_t status = PSA_ERROR_UNKNOWN_ERROR; + psa_status_t status = PSA_ERROR_GENERIC_ERROR; int cipher_ret = MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE; uint8_t temp_output_buffer[MBEDTLS_MAX_BLOCK_LENGTH]; @@ -3855,7 +3855,7 @@ psa_status_t psa_generator_read( psa_crypto_generator_t *generator, generator->capacity = 0; /* Go through the error path to wipe all confidential data now * that the generator object is useless. */ - status = PSA_ERROR_INSUFFICIENT_CAPACITY; + status = PSA_ERROR_INSUFFICIENT_DATA; goto exit; } if( output_length == 0 && @@ -3867,7 +3867,7 @@ psa_status_t psa_generator_read( psa_crypto_generator_t *generator, * INSUFFICIENT_CAPACITY, which is right for a finished * generator, for consistency with the case when * output_length > 0. */ - return( PSA_ERROR_INSUFFICIENT_CAPACITY ); + return( PSA_ERROR_INSUFFICIENT_DATA ); } generator->capacity -= output_length; @@ -4400,7 +4400,7 @@ static psa_status_t its_to_psa_error( psa_its_status_t ret ) return( PSA_SUCCESS ); case PSA_ITS_ERROR_UID_NOT_FOUND: - return( PSA_ERROR_EMPTY_SLOT ); + return( PSA_ERROR_DOES_NOT_EXIST ); case PSA_ITS_ERROR_STORAGE_FAILURE: return( PSA_ERROR_STORAGE_FAILURE ); @@ -4417,10 +4417,10 @@ static psa_status_t its_to_psa_error( psa_its_status_t ret ) return( PSA_ERROR_NOT_SUPPORTED ); case PSA_ITS_ERROR_WRITE_ONCE: - return( PSA_ERROR_OCCUPIED_SLOT ); + return( PSA_ERROR_ALREADY_EXISTS ); default: - return( PSA_ERROR_UNKNOWN_ERROR ); + return( PSA_ERROR_GENERIC_ERROR ); } } diff --git a/library/psa_crypto_slot_management.c b/library/psa_crypto_slot_management.c index c151c5eee7..dad23c490e 100644 --- a/library/psa_crypto_slot_management.c +++ b/library/psa_crypto_slot_management.c @@ -194,7 +194,7 @@ exit: * * \retval #PSA_SUCCESS * The slot content was loaded successfully. - * \retval #PSA_ERROR_EMPTY_SLOT + * \retval #PSA_ERROR_DOES_NOT_EXIST * There is no content for this slot in persistent storage. * \retval #PSA_ERROR_INVALID_HANDLE * \retval #PSA_ERROR_INVALID_ARGUMENT @@ -274,11 +274,11 @@ psa_status_t psa_create_key( psa_key_lifetime_t lifetime, psa_status_t status; status = persistent_key_setup( lifetime, id, handle, - PSA_ERROR_EMPTY_SLOT ); + PSA_ERROR_DOES_NOT_EXIST ); switch( status ) { - case PSA_SUCCESS: return( PSA_ERROR_OCCUPIED_SLOT ); - case PSA_ERROR_EMPTY_SLOT: return( PSA_SUCCESS ); + case PSA_SUCCESS: return( PSA_ERROR_ALREADY_EXISTS ); + case PSA_ERROR_DOES_NOT_EXIST: return( PSA_SUCCESS ); default: return( status ); } } diff --git a/library/psa_crypto_storage.h b/library/psa_crypto_storage.h index 85881c1644..9da009d8d3 100644 --- a/library/psa_crypto_storage.h +++ b/library/psa_crypto_storage.h @@ -84,7 +84,7 @@ extern "C" { * \retval PSA_ERROR_INSUFFICIENT_MEMORY * \retval PSA_ERROR_INSUFFICIENT_STORAGE * \retval PSA_ERROR_STORAGE_FAILURE - * \retval PSA_ERROR_OCCUPIED_SLOT + * \retval PSA_ERROR_ALREADY_EXISTS */ psa_status_t psa_save_persistent_key( const psa_key_id_t key, const psa_key_type_t type, @@ -115,7 +115,7 @@ psa_status_t psa_save_persistent_key( const psa_key_id_t key, * \retval PSA_SUCCESS * \retval PSA_ERROR_INSUFFICIENT_MEMORY * \retval PSA_ERROR_STORAGE_FAILURE - * \retval PSA_ERROR_EMPTY_SLOT + * \retval PSA_ERROR_DOES_NOT_EXIST */ psa_status_t psa_load_persistent_key( psa_key_id_t key, psa_key_type_t *type, diff --git a/library/psa_crypto_storage_backend.h b/library/psa_crypto_storage_backend.h index 47896b8726..83bd2f359d 100644 --- a/library/psa_crypto_storage_backend.h +++ b/library/psa_crypto_storage_backend.h @@ -54,7 +54,7 @@ extern "C" { * * \retval PSA_SUCCESS * \retval PSA_ERROR_STORAGE_FAILURE - * \retval PSA_ERROR_EMPTY_SLOT + * \retval PSA_ERROR_DOES_NOT_EXIST */ psa_status_t psa_crypto_storage_load( const psa_key_id_t key, uint8_t *data, size_t data_size ); @@ -73,7 +73,7 @@ psa_status_t psa_crypto_storage_load( const psa_key_id_t key, uint8_t *data, * \retval PSA_SUCCESS * \retval PSA_ERROR_INSUFFICIENT_STORAGE * \retval PSA_ERROR_STORAGE_FAILURE - * \retval PSA_ERROR_OCCUPIED_SLOT + * \retval PSA_ERROR_ALREADY_EXISTS */ psa_status_t psa_crypto_storage_store( const psa_key_id_t key, const uint8_t *data, diff --git a/library/psa_crypto_storage_file.c b/library/psa_crypto_storage_file.c index 87420be98a..a6e732dba6 100644 --- a/library/psa_crypto_storage_file.c +++ b/library/psa_crypto_storage_file.c @@ -118,7 +118,7 @@ psa_status_t psa_crypto_storage_store( const psa_key_id_t key, key_id_to_location( key, slot_location, MAX_LOCATION_LEN ); if( psa_is_key_present_in_storage( key ) == 1 ) - return( PSA_ERROR_OCCUPIED_SLOT ); + return( PSA_ERROR_ALREADY_EXISTS ); file = fopen( temp_location, "wb" ); if( file == NULL ) @@ -186,7 +186,7 @@ psa_status_t psa_crypto_storage_get_data_length( const psa_key_id_t key, file = fopen( slot_location, "rb" ); if( file == NULL ) - return( PSA_ERROR_EMPTY_SLOT ); + return( PSA_ERROR_DOES_NOT_EXIST ); if( fseek( file, 0, SEEK_END ) != 0 ) { diff --git a/library/psa_crypto_storage_its.c b/library/psa_crypto_storage_its.c index 1873c69ccb..f97a5d7de9 100644 --- a/library/psa_crypto_storage_its.c +++ b/library/psa_crypto_storage_its.c @@ -27,6 +27,7 @@ #if defined(MBEDTLS_PSA_CRYPTO_STORAGE_ITS_C) +#include "psa/error.h" #include "psa/crypto.h" #include "psa_crypto_storage_backend.h" #include "psa/internal_trusted_storage.h" @@ -43,7 +44,7 @@ static psa_status_t its_to_psa_error( psa_its_status_t ret ) return( PSA_SUCCESS ); case PSA_ITS_ERROR_UID_NOT_FOUND: - return( PSA_ERROR_EMPTY_SLOT ); + return( PSA_ERROR_DOES_NOT_EXIST ); case PSA_ITS_ERROR_STORAGE_FAILURE: return( PSA_ERROR_STORAGE_FAILURE ); @@ -60,7 +61,7 @@ static psa_status_t its_to_psa_error( psa_its_status_t ret ) return( PSA_ERROR_NOT_SUPPORTED ); case PSA_ITS_ERROR_WRITE_ONCE: - return( PSA_ERROR_OCCUPIED_SLOT ); + return( PSA_ERROR_ALREADY_EXISTS ); default: return( PSA_ERROR_UNKNOWN_ERROR ); @@ -114,7 +115,7 @@ psa_status_t psa_crypto_storage_store( const psa_key_id_t key, struct psa_its_info_t data_identifier_info; if( psa_is_key_present_in_storage( key ) == 1 ) - return( PSA_ERROR_OCCUPIED_SLOT ); + return( PSA_ERROR_ALREADY_EXISTS ); ret = psa_its_set( data_identifier, data_length, data, 0 ); status = its_to_psa_error( ret ); diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function index 929d1b2686..92b6fb06ea 100644 --- a/tests/suites/test_suite_psa_crypto.function +++ b/tests/suites/test_suite_psa_crypto.function @@ -419,10 +419,10 @@ static psa_status_t key_agreement_with_self( psa_crypto_generator_t *generator, size_t key_bits; uint8_t *public_key = NULL; size_t public_key_length; - /* Return UNKNOWN_ERROR if something other than the final call to + /* Return GENERIC_ERROR if something other than the final call to * psa_key_agreement fails. This isn't fully satisfactory, but it's * good enough: callers will report it as a failed test anyway. */ - psa_status_t status = PSA_ERROR_UNKNOWN_ERROR; + psa_status_t status = PSA_ERROR_GENERIC_ERROR; PSA_ASSERT( psa_get_key_information( handle, &private_key_type, @@ -1027,7 +1027,7 @@ void import_export( data_t *data, PSA_ASSERT( psa_set_key_policy( handle, &policy ) ); TEST_EQUAL( psa_get_key_information( handle, NULL, NULL ), - PSA_ERROR_EMPTY_SLOT ); + PSA_ERROR_DOES_NOT_EXIST ); /* Import the key */ PSA_ASSERT( psa_import_key( handle, type, @@ -1114,7 +1114,7 @@ void import_key_nonempty_slot( ) /* Import the key again */ status = psa_import_key( handle, type, data, sizeof( data ) ); - TEST_EQUAL( status, PSA_ERROR_OCCUPIED_SLOT ); + TEST_EQUAL( status, PSA_ERROR_ALREADY_EXISTS ); exit: mbedtls_psa_crypto_free( ); @@ -1164,7 +1164,7 @@ void export_with_no_key_activity( ) status = psa_export_key( handle, exported, export_size, &exported_length ); - TEST_EQUAL( status, PSA_ERROR_EMPTY_SLOT ); + TEST_EQUAL( status, PSA_ERROR_DOES_NOT_EXIST ); exit: mbedtls_psa_crypto_free( ); @@ -1187,7 +1187,7 @@ void cipher_with_no_key_activity( ) PSA_ASSERT( psa_set_key_policy( handle, &policy ) ); status = psa_cipher_encrypt_setup( &operation, handle, exercise_alg ); - TEST_EQUAL( status, PSA_ERROR_EMPTY_SLOT ); + TEST_EQUAL( status, PSA_ERROR_DOES_NOT_EXIST ); exit: psa_cipher_abort( &operation ); @@ -1220,7 +1220,7 @@ void export_after_import_failure( data_t *data, int type_arg, status = psa_export_key( handle, exported, export_size, &exported_length ); - TEST_EQUAL( status, PSA_ERROR_EMPTY_SLOT ); + TEST_EQUAL( status, PSA_ERROR_DOES_NOT_EXIST ); exit: mbedtls_psa_crypto_free( ); @@ -1248,7 +1248,7 @@ void cipher_after_import_failure( data_t *data, int type_arg, TEST_EQUAL( status, expected_import_status ); status = psa_cipher_encrypt_setup( &operation, handle, exercise_alg ); - TEST_EQUAL( status, PSA_ERROR_EMPTY_SLOT ); + TEST_EQUAL( status, PSA_ERROR_DOES_NOT_EXIST ); exit: psa_cipher_abort( &operation ); @@ -1937,7 +1937,7 @@ void copy_fail( int source_usage_arg, int source_alg_arg, /* Test that the target slot is unaffected. */ TEST_EQUAL( psa_get_key_information( target_handle, &target_type, &target_bits ), - PSA_ERROR_EMPTY_SLOT ); + PSA_ERROR_DOES_NOT_EXIST ); PSA_ASSERT( psa_get_key_policy( target_handle, &target_policy ) ); TEST_EQUAL( target_usage, psa_key_policy_get_usage( &target_policy ) ); TEST_EQUAL( target_alg, psa_key_policy_get_algorithm( &target_policy ) ); @@ -3614,7 +3614,7 @@ void test_derive_invalid_generator_state( ) PSA_ASSERT( psa_generator_read( &generator, buffer, capacity ) ); TEST_EQUAL( psa_generator_read( &generator, buffer, capacity ), - PSA_ERROR_INSUFFICIENT_CAPACITY ); + PSA_ERROR_INSUFFICIENT_DATA ); exit: psa_generator_abort( &generator ); @@ -3632,7 +3632,7 @@ void test_derive_invalid_generator_tests( ) psa_crypto_generator_t generator = PSA_CRYPTO_GENERATOR_INIT; TEST_ASSERT( psa_generator_read( &generator, output_buffer, buffer_size ) - == PSA_ERROR_INSUFFICIENT_CAPACITY ); // should be PSA_ERROR_BAD_STATE:#183 + == PSA_ERROR_INSUFFICIENT_DATA ); // should be PSA_ERROR_BAD_STATE:#183 TEST_ASSERT( psa_get_generator_capacity( &generator, &capacity ) == PSA_SUCCESS ); // should be PSA_ERROR_BAD_STATE:#183 @@ -3640,7 +3640,7 @@ void test_derive_invalid_generator_tests( ) PSA_ASSERT( psa_generator_abort( &generator ) ); TEST_ASSERT( psa_generator_read( &generator, output_buffer, buffer_size ) - == PSA_ERROR_INSUFFICIENT_CAPACITY ); // should be PSA_ERROR_BAD_STATE:#183 + == PSA_ERROR_INSUFFICIENT_DATA ); // should be PSA_ERROR_BAD_STATE:#183 TEST_ASSERT( psa_get_generator_capacity( &generator, &capacity ) == PSA_SUCCESS );// should be PSA_ERROR_BAD_STATE:#183 @@ -3713,14 +3713,14 @@ void derive_output( int alg_arg, { /* Reading 0 bytes when 0 bytes are available can go either way. */ TEST_ASSERT( status == PSA_SUCCESS || - status == PSA_ERROR_INSUFFICIENT_CAPACITY ); + status == PSA_ERROR_INSUFFICIENT_DATA ); continue; } else if( expected_capacity == 0 || output_sizes[i] > expected_capacity ) { /* Capacity exceeded. */ - TEST_EQUAL( status, PSA_ERROR_INSUFFICIENT_CAPACITY ); + TEST_EQUAL( status, PSA_ERROR_INSUFFICIENT_DATA ); expected_capacity = 0; continue; } @@ -3797,7 +3797,7 @@ void derive_full( int alg_arg, /* Check that the generator refuses to go over capacity. */ TEST_EQUAL( psa_generator_read( &generator, output_buffer, 1 ), - PSA_ERROR_INSUFFICIENT_CAPACITY ); + PSA_ERROR_INSUFFICIENT_DATA ); PSA_ASSERT( psa_generator_abort( &generator ) ); @@ -4033,7 +4033,7 @@ void key_agreement_capacity( int alg_arg, PSA_ASSERT( psa_generator_read( &generator, output, actual_capacity ) ); TEST_EQUAL( psa_generator_read( &generator, output, 1 ), - PSA_ERROR_INSUFFICIENT_CAPACITY ); + PSA_ERROR_INSUFFICIENT_DATA ); exit: psa_generator_abort( &generator ); @@ -4161,7 +4161,7 @@ void generate_key( int type_arg, psa_key_type_t got_type; size_t got_bits; psa_status_t expected_info_status = - expected_status == PSA_SUCCESS ? PSA_SUCCESS : PSA_ERROR_EMPTY_SLOT; + expected_status == PSA_SUCCESS ? PSA_SUCCESS : PSA_ERROR_DOES_NOT_EXIST; psa_key_policy_t policy = PSA_KEY_POLICY_INIT; PSA_ASSERT( psa_crypto_init( ) ); diff --git a/tests/suites/test_suite_psa_crypto_persistent_key.function b/tests/suites/test_suite_psa_crypto_persistent_key.function index e19ef2b9af..2fa307e208 100644 --- a/tests/suites/test_suite_psa_crypto_persistent_key.function +++ b/tests/suites/test_suite_psa_crypto_persistent_key.function @@ -138,7 +138,7 @@ void persistent_key_destroy( int key_id_arg, int should_store, /* Check key slot storage is removed */ TEST_EQUAL( psa_is_key_present_in_storage( key_id ), 0 ); TEST_EQUAL( psa_open_key( PSA_KEY_LIFETIME_PERSISTENT, key_id, &handle ), - PSA_ERROR_EMPTY_SLOT ); + PSA_ERROR_DOES_NOT_EXIST ); TEST_EQUAL( handle, 0 ); /* Shutdown and restart */ diff --git a/tests/suites/test_suite_psa_crypto_slot_management.data b/tests/suites/test_suite_psa_crypto_slot_management.data index c5456179e6..e937465a13 100644 --- a/tests/suites/test_suite_psa_crypto_slot_management.data +++ b/tests/suites/test_suite_psa_crypto_slot_management.data @@ -35,7 +35,7 @@ open_fail:PSA_KEY_LIFETIME_PERSISTENT:PSA_CRYPTO_ITS_RANDOM_SEED_UID:PSA_ERROR_I Open failure: non-existent identifier depends_on:MBEDTLS_PSA_CRYPTO_STORAGE_C -open_fail:PSA_KEY_LIFETIME_PERSISTENT:1:PSA_ERROR_EMPTY_SLOT +open_fail:PSA_KEY_LIFETIME_PERSISTENT:1:PSA_ERROR_DOES_NOT_EXIST Open failure: volatile lifetime open_fail:PSA_KEY_LIFETIME_VOLATILE:1:PSA_ERROR_INVALID_ARGUMENT diff --git a/tests/suites/test_suite_psa_crypto_slot_management.function b/tests/suites/test_suite_psa_crypto_slot_management.function index 0ebdb1e4be..0278b880df 100644 --- a/tests/suites/test_suite_psa_crypto_slot_management.function +++ b/tests/suites/test_suite_psa_crypto_slot_management.function @@ -178,7 +178,7 @@ void persistent_slot_lifecycle( int lifetime_arg, int id_arg, break; case CLOSE_BY_DESTROY: TEST_EQUAL( psa_open_key( lifetime, id, &handle ), - PSA_ERROR_EMPTY_SLOT ); + PSA_ERROR_DOES_NOT_EXIST ); break; } @@ -223,7 +223,7 @@ void create_existent( int lifetime_arg, int id_arg, /* Attempt to create a new key in the same slot. */ TEST_EQUAL( psa_create_key( lifetime, id, &handle2 ), - PSA_ERROR_OCCUPIED_SLOT ); + PSA_ERROR_ALREADY_EXISTS ); TEST_EQUAL( handle2, 0 ); if( reopen_policy == CLOSE_AFTER ) @@ -436,7 +436,7 @@ void copy_from_empty( int source_lifetime_arg, int source_id_arg, /* Copy the key. */ TEST_EQUAL( psa_copy_key( source_handle, target_handle, NULL ), - PSA_ERROR_EMPTY_SLOT ); + PSA_ERROR_DOES_NOT_EXIST ); /* Test that the slots are unaffected. */ PSA_ASSERT( psa_get_key_policy( source_handle, &got_policy ) ); @@ -514,7 +514,7 @@ void copy_to_occupied( int source_lifetime_arg, int source_id_arg, /* Copy the key. */ TEST_EQUAL( psa_copy_key( source_handle, target_handle, NULL ), - PSA_ERROR_OCCUPIED_SLOT ); + PSA_ERROR_ALREADY_EXISTS ); /* Test that the target slot is unaffected. */ PSA_ASSERT( psa_get_key_information( target_handle, @@ -579,7 +579,7 @@ void copy_to_same( int lifetime_arg, int id_arg, /* Copy the key. */ TEST_EQUAL( psa_copy_key( handle, handle, NULL ), - PSA_ERROR_OCCUPIED_SLOT ); + PSA_ERROR_ALREADY_EXISTS ); /* Test that the slot is unaffected. */ PSA_ASSERT( psa_get_key_information( handle, diff --git a/tests/suites/test_suite_psa_crypto_storage_file.data b/tests/suites/test_suite_psa_crypto_storage_file.data index 730e0925c5..4b068e1218 100644 --- a/tests/suites/test_suite_psa_crypto_storage_file.data +++ b/tests/suites/test_suite_psa_crypto_storage_file.data @@ -24,7 +24,7 @@ write_data_to_file:"deadbeef":PSA_SUCCESS PSA Storage Store into preexisting location, should fail depends_on:MBEDTLS_FS_IO -write_data_to_prexisting_file:"psa_key_slot_1":"deadbeef":PSA_ERROR_OCCUPIED_SLOT +write_data_to_prexisting_file:"psa_key_slot_1":"deadbeef":PSA_ERROR_ALREADY_EXISTS PSA Storage Store, preexisting temp_location file, should succeed depends_on:MBEDTLS_FS_IO @@ -40,4 +40,4 @@ get_file_size:"":0:PSA_SUCCESS:1 PSA Storage Get data size nonexistent file location, should fail depends_on:MBEDTLS_FS_IO -get_file_size:"deadbeef":4:PSA_ERROR_EMPTY_SLOT:0 +get_file_size:"deadbeef":4:PSA_ERROR_DOES_NOT_EXIST:0 From a2523b2c6db1e3d31f846075d8a1d1d48e650e3b Mon Sep 17 00:00:00 2001 From: David Saada Date: Mon, 18 Feb 2019 13:56:26 +0200 Subject: [PATCH 2/2] Replace ITS specific types with more generic PSA storage types PSA spec now defines more generic PSA storage types instead of the ITS specific ones. This is necessary in order to integrate with the newer implementation of PSA ITS landing in Mbed OS soon. Changes include the following: - psa_status_t replaces psa_its_status_t - psa_storage_info_t replaces psa_its_info_t - psa_storage_uid_t replaces psa_its_uid_t --- include/psa/crypto_extra.h | 1 - library/psa_crypto.c | 46 ++-------- library/psa_crypto_storage_its.c | 86 +++++-------------- .../test_suite_psa_crypto_entropy.function | 18 ++-- 4 files changed, 36 insertions(+), 115 deletions(-) diff --git a/include/psa/crypto_extra.h b/include/psa/crypto_extra.h index 7f08857942..96b478b7f4 100644 --- a/include/psa/crypto_extra.h +++ b/include/psa/crypto_extra.h @@ -111,7 +111,6 @@ void mbedtls_psa_crypto_free( void ); * \retval #PSA_ERROR_INVALID_ARGUMENT * \p seed_size is out of range. * \retval #PSA_ERROR_STORAGE_FAILURE - * \retval `PSA_ITS_ERROR_XXX` * There was a failure reading or writing from storage. * \retval #PSA_ERROR_NOT_PERMITTED * The library has already been initialized. It is no longer diff --git a/library/psa_crypto.c b/library/psa_crypto.c index fd9f38774a..1efb3e87fa 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -4391,45 +4391,11 @@ psa_status_t psa_generate_random( uint8_t *output, #if ( defined(MBEDTLS_ENTROPY_NV_SEED) && defined(MBEDTLS_PSA_HAS_ITS_IO) ) -/* Support function for error conversion between psa_its error codes to psa crypto */ -static psa_status_t its_to_psa_error( psa_its_status_t ret ) -{ - switch( ret ) - { - case PSA_ITS_SUCCESS: - return( PSA_SUCCESS ); - - case PSA_ITS_ERROR_UID_NOT_FOUND: - return( PSA_ERROR_DOES_NOT_EXIST ); - - case PSA_ITS_ERROR_STORAGE_FAILURE: - return( PSA_ERROR_STORAGE_FAILURE ); - - case PSA_ITS_ERROR_INSUFFICIENT_SPACE: - return( PSA_ERROR_INSUFFICIENT_STORAGE ); - - case PSA_ITS_ERROR_OFFSET_INVALID: - case PSA_ITS_ERROR_INCORRECT_SIZE: - case PSA_ITS_ERROR_INVALID_ARGUMENTS: - return( PSA_ERROR_INVALID_ARGUMENT ); - - case PSA_ITS_ERROR_FLAGS_NOT_SUPPORTED: - return( PSA_ERROR_NOT_SUPPORTED ); - - case PSA_ITS_ERROR_WRITE_ONCE: - return( PSA_ERROR_ALREADY_EXISTS ); - - default: - return( PSA_ERROR_GENERIC_ERROR ); - } -} - psa_status_t mbedtls_psa_inject_entropy( const unsigned char *seed, size_t seed_size ) { psa_status_t status; - psa_its_status_t its_status; - struct psa_its_info_t p_info; + struct psa_storage_info_t p_info; if( global_data.initialized ) return( PSA_ERROR_NOT_PERMITTED ); @@ -4438,15 +4404,13 @@ psa_status_t mbedtls_psa_inject_entropy( const unsigned char *seed, ( seed_size > MBEDTLS_ENTROPY_MAX_SEED_SIZE ) ) return( PSA_ERROR_INVALID_ARGUMENT ); - its_status = psa_its_get_info( PSA_CRYPTO_ITS_RANDOM_SEED_UID, &p_info ); - status = its_to_psa_error( its_status ); + status = psa_its_get_info( PSA_CRYPTO_ITS_RANDOM_SEED_UID, &p_info ); - if( PSA_ITS_ERROR_UID_NOT_FOUND == its_status ) /* No seed exists */ + if( PSA_ERROR_DOES_NOT_EXIST == status ) /* No seed exists */ { - its_status = psa_its_set( PSA_CRYPTO_ITS_RANDOM_SEED_UID, seed_size, seed, 0 ); - status = its_to_psa_error( its_status ); + status = psa_its_set( PSA_CRYPTO_ITS_RANDOM_SEED_UID, seed_size, seed, 0 ); } - else if( PSA_ITS_SUCCESS == its_status ) + else if( PSA_SUCCESS == status ) { /* You should not be here. Seed needs to be injected only once */ status = PSA_ERROR_NOT_PERMITTED; diff --git a/library/psa_crypto_storage_its.c b/library/psa_crypto_storage_its.c index f97a5d7de9..bb0d0cdf19 100644 --- a/library/psa_crypto_storage_its.c +++ b/library/psa_crypto_storage_its.c @@ -36,39 +36,7 @@ #include "mbedtls/platform.h" #endif -static psa_status_t its_to_psa_error( psa_its_status_t ret ) -{ - switch( ret ) - { - case PSA_ITS_SUCCESS: - return( PSA_SUCCESS ); - - case PSA_ITS_ERROR_UID_NOT_FOUND: - return( PSA_ERROR_DOES_NOT_EXIST ); - - case PSA_ITS_ERROR_STORAGE_FAILURE: - return( PSA_ERROR_STORAGE_FAILURE ); - - case PSA_ITS_ERROR_INSUFFICIENT_SPACE: - return( PSA_ERROR_INSUFFICIENT_STORAGE ); - - case PSA_ITS_ERROR_OFFSET_INVALID: - case PSA_ITS_ERROR_INCORRECT_SIZE: - case PSA_ITS_ERROR_INVALID_ARGUMENTS: - return( PSA_ERROR_INVALID_ARGUMENT ); - - case PSA_ITS_ERROR_FLAGS_NOT_SUPPORTED: - return( PSA_ERROR_NOT_SUPPORTED ); - - case PSA_ITS_ERROR_WRITE_ONCE: - return( PSA_ERROR_ALREADY_EXISTS ); - - default: - return( PSA_ERROR_UNKNOWN_ERROR ); - } -} - -static psa_its_uid_t psa_its_identifier_of_slot( psa_key_id_t key ) +static psa_storage_uid_t psa_its_identifier_of_slot( psa_key_id_t key ) { return( key ); } @@ -76,31 +44,28 @@ static psa_its_uid_t psa_its_identifier_of_slot( psa_key_id_t key ) psa_status_t psa_crypto_storage_load( const psa_key_id_t key, uint8_t *data, size_t data_size ) { - psa_its_status_t ret; psa_status_t status; - psa_its_uid_t data_identifier = psa_its_identifier_of_slot( key ); - struct psa_its_info_t data_identifier_info; + psa_storage_uid_t data_identifier = psa_its_identifier_of_slot( key ); + struct psa_storage_info_t data_identifier_info; - ret = psa_its_get_info( data_identifier, &data_identifier_info ); - status = its_to_psa_error( ret ); - if( status != PSA_SUCCESS ) + status = psa_its_get_info( data_identifier, &data_identifier_info ); + if( status != PSA_SUCCESS ) return( status ); - ret = psa_its_get( data_identifier, 0, data_size, data ); - status = its_to_psa_error( ret ); + status = psa_its_get( data_identifier, 0, data_size, data ); return( status ); } int psa_is_key_present_in_storage( const psa_key_id_t key ) { - psa_its_status_t ret; - psa_its_uid_t data_identifier = psa_its_identifier_of_slot( key ); - struct psa_its_info_t data_identifier_info; + psa_status_t ret; + psa_storage_uid_t data_identifier = psa_its_identifier_of_slot( key ); + struct psa_storage_info_t data_identifier_info; ret = psa_its_get_info( data_identifier, &data_identifier_info ); - if( ret == PSA_ITS_ERROR_UID_NOT_FOUND ) + if( ret == PSA_ERROR_DOES_NOT_EXIST ) return( 0 ); return( 1 ); } @@ -109,23 +74,20 @@ psa_status_t psa_crypto_storage_store( const psa_key_id_t key, const uint8_t *data, size_t data_length ) { - psa_its_status_t ret; psa_status_t status; - psa_its_uid_t data_identifier = psa_its_identifier_of_slot( key ); - struct psa_its_info_t data_identifier_info; + psa_storage_uid_t data_identifier = psa_its_identifier_of_slot( key ); + struct psa_storage_info_t data_identifier_info; if( psa_is_key_present_in_storage( key ) == 1 ) return( PSA_ERROR_ALREADY_EXISTS ); - ret = psa_its_set( data_identifier, data_length, data, 0 ); - status = its_to_psa_error( ret ); + status = psa_its_set( data_identifier, data_length, data, 0 ); if( status != PSA_SUCCESS ) { return( PSA_ERROR_STORAGE_FAILURE ); } - ret = psa_its_get_info( data_identifier, &data_identifier_info ); - status = its_to_psa_error( ret ); + status = psa_its_get_info( data_identifier, &data_identifier_info ); if( status != PSA_SUCCESS ) { goto exit; @@ -145,19 +107,19 @@ exit: psa_status_t psa_destroy_persistent_key( const psa_key_id_t key ) { - psa_its_status_t ret; - psa_its_uid_t data_identifier = psa_its_identifier_of_slot( key ); - struct psa_its_info_t data_identifier_info; + psa_status_t ret; + psa_storage_uid_t data_identifier = psa_its_identifier_of_slot( key ); + struct psa_storage_info_t data_identifier_info; ret = psa_its_get_info( data_identifier, &data_identifier_info ); - if( ret == PSA_ITS_ERROR_UID_NOT_FOUND ) + if( ret == PSA_ERROR_DOES_NOT_EXIST ) return( PSA_SUCCESS ); - if( psa_its_remove( data_identifier ) != PSA_ITS_SUCCESS ) + if( psa_its_remove( data_identifier ) != PSA_SUCCESS ) return( PSA_ERROR_STORAGE_FAILURE ); ret = psa_its_get_info( data_identifier, &data_identifier_info ); - if( ret != PSA_ITS_ERROR_UID_NOT_FOUND ) + if( ret != PSA_ERROR_DOES_NOT_EXIST ) return( PSA_ERROR_STORAGE_FAILURE ); return( PSA_SUCCESS ); @@ -166,13 +128,11 @@ psa_status_t psa_destroy_persistent_key( const psa_key_id_t key ) psa_status_t psa_crypto_storage_get_data_length( const psa_key_id_t key, size_t *data_length ) { - psa_its_status_t ret; psa_status_t status; - psa_its_uid_t data_identifier = psa_its_identifier_of_slot( key ); - struct psa_its_info_t data_identifier_info; + psa_storage_uid_t data_identifier = psa_its_identifier_of_slot( key ); + struct psa_storage_info_t data_identifier_info; - ret = psa_its_get_info( data_identifier, &data_identifier_info ); - status = its_to_psa_error( ret ); + status = psa_its_get_info( data_identifier, &data_identifier_info ); if( status != PSA_SUCCESS ) return( status ); diff --git a/tests/suites/test_suite_psa_crypto_entropy.function b/tests/suites/test_suite_psa_crypto_entropy.function index 727db43e54..a14657e9f3 100644 --- a/tests/suites/test_suite_psa_crypto_entropy.function +++ b/tests/suites/test_suite_psa_crypto_entropy.function @@ -22,7 +22,6 @@ void validate_entropy_seed_injection( int seed_length_a, int seed_length_b, int expected_status_b ) { - psa_its_status_t its_status; psa_status_t status; uint8_t output[32] = { 0 }; uint8_t zeros[32] = { 0 }; @@ -43,9 +42,9 @@ void validate_entropy_seed_injection( int seed_length_a, { seed[i] = i; } - its_status = psa_its_remove( PSA_CRYPTO_ITS_RANDOM_SEED_UID ); - TEST_ASSERT( ( its_status == PSA_ITS_SUCCESS ) || - ( its_status == PSA_ITS_ERROR_KEY_NOT_FOUND ) ); + status = psa_its_remove( PSA_CRYPTO_ITS_RANDOM_SEED_UID ); + TEST_ASSERT( ( status == PSA_SUCCESS ) || + ( status == PSA_ERROR_DOES_NOT_EXIST ) ); status = mbedtls_psa_inject_entropy( seed, seed_length_a ); TEST_EQUAL( status, expected_status_a ); status = mbedtls_psa_inject_entropy( seed, seed_length_b ); @@ -64,7 +63,6 @@ exit: /* BEGIN_CASE */ void run_entropy_inject_with_crypto_init( ) { - psa_its_status_t its_status; psa_status_t status; int i; uint8_t seed[MBEDTLS_PSA_INJECT_ENTROPY_MIN_SIZE] = { 0 }; @@ -73,13 +71,13 @@ void run_entropy_inject_with_crypto_init( ) { seed[i] = i; } - its_status = psa_its_remove( PSA_CRYPTO_ITS_RANDOM_SEED_UID ); - TEST_ASSERT( ( its_status == PSA_ITS_SUCCESS ) || - ( its_status == PSA_ITS_ERROR_KEY_NOT_FOUND ) ); + status = psa_its_remove( PSA_CRYPTO_ITS_RANDOM_SEED_UID ); + TEST_ASSERT( ( status == PSA_SUCCESS ) || + ( status == PSA_ERROR_DOES_NOT_EXIST ) ); status = mbedtls_psa_inject_entropy( seed, sizeof( seed ) ); PSA_ASSERT( status ); - its_status = psa_its_remove( PSA_CRYPTO_ITS_RANDOM_SEED_UID ); - TEST_EQUAL( its_status, PSA_ITS_SUCCESS ); + status = psa_its_remove( PSA_CRYPTO_ITS_RANDOM_SEED_UID ); + TEST_EQUAL( status, PSA_SUCCESS ); status = psa_crypto_init( ); TEST_EQUAL( status, PSA_ERROR_INSUFFICIENT_ENTROPY ); status = mbedtls_psa_inject_entropy( seed, sizeof( seed ) );