Merge pull request #55 from davidsaada/david_its_ps_err_codes

Modify PSA related error codes and types

include/psa/crypto.h

@@ -193,7 +193,7 @@ psa_algorithm_t psa_key_policy_get_algorithm(const psa_key_policy_t *policy);
  *         the policy has been saved to persistent storage. Implementations
  *         may defer saving the policy until the key material is created.
  * \retval #PSA_ERROR_INVALID_HANDLE
- * \retval #PSA_ERROR_OCCUPIED_SLOT
+ * \retval #PSA_ERROR_ALREADY_EXISTS
  * \retval #PSA_ERROR_NOT_SUPPORTED
  * \retval #PSA_ERROR_INVALID_ARGUMENT
  * \retval #PSA_ERROR_COMMUNICATION_FAILURE
@@ -285,7 +285,7 @@ psa_status_t psa_allocate_key(psa_key_handle_t *handle);
  *         Success. The application can now use the value of `*handle`
  *         to access the newly allocated key slot.
  * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
- * \retval #PSA_ERROR_EMPTY_SLOT
+ * \retval #PSA_ERROR_DOES_NOT_EXIST
  * \retval #PSA_ERROR_INVALID_ARGUMENT
  *         \p lifetime is invalid, for example #PSA_KEY_LIFETIME_VOLATILE.
  * \retval #PSA_ERROR_INVALID_ARGUMENT
@@ -322,7 +322,7 @@ psa_status_t psa_open_key(psa_key_lifetime_t lifetime,
  *         to access the newly allocated key slot.
  * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
  * \retval #PSA_ERROR_INSUFFICIENT_STORAGE
- * \retval #PSA_ERROR_OCCUPIED_SLOT
+ * \retval #PSA_ERROR_ALREADY_EXISTS
  *         There is already a key with the identifier \p id in the storage
  *         area designated by \p lifetime.
  * \retval #PSA_ERROR_INVALID_ARGUMENT
@@ -401,7 +401,7 @@ psa_status_t psa_close_key(psa_key_handle_t handle);
  * \retval #PSA_ERROR_INVALID_ARGUMENT
  *         The key slot is invalid,
  *         or the key data is not correctly formatted.
- * \retval #PSA_ERROR_OCCUPIED_SLOT
+ * \retval #PSA_ERROR_ALREADY_EXISTS
  *         There is already a key in the specified slot.
  * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
  * \retval #PSA_ERROR_INSUFFICIENT_STORAGE
@@ -470,7 +470,7 @@ psa_status_t psa_destroy_key(psa_key_handle_t handle);
  *
  * \retval #PSA_SUCCESS
  * \retval #PSA_ERROR_INVALID_HANDLE
- * \retval #PSA_ERROR_EMPTY_SLOT
+ * \retval #PSA_ERROR_DOES_NOT_EXIST
  *         The handle is to a key slot which does not contain key material yet.
  * \retval #PSA_ERROR_COMMUNICATION_FAILURE
  * \retval #PSA_ERROR_HARDWARE_FAILURE
@@ -554,7 +554,7 @@ psa_status_t psa_get_key_information(psa_key_handle_t handle,
  *
  * \retval #PSA_SUCCESS
  * \retval #PSA_ERROR_INVALID_HANDLE
- * \retval #PSA_ERROR_EMPTY_SLOT
+ * \retval #PSA_ERROR_DOES_NOT_EXIST
  * \retval #PSA_ERROR_NOT_PERMITTED
  * \retval #PSA_ERROR_NOT_SUPPORTED
  * \retval #PSA_ERROR_BUFFER_TOO_SMALL
@@ -641,7 +641,7 @@ psa_status_t psa_export_key(psa_key_handle_t handle,
  *
  * \retval #PSA_SUCCESS
  * \retval #PSA_ERROR_INVALID_HANDLE
- * \retval #PSA_ERROR_EMPTY_SLOT
+ * \retval #PSA_ERROR_DOES_NOT_EXIST
  * \retval #PSA_ERROR_INVALID_ARGUMENT
  *         The key is neither a public key nor a key pair.
  * \retval #PSA_ERROR_NOT_SUPPORTED
@@ -710,9 +710,9 @@ psa_status_t psa_export_public_key(psa_key_handle_t handle,
  *
  * \retval #PSA_SUCCESS
  * \retval #PSA_ERROR_INVALID_HANDLE
- * \retval #PSA_ERROR_OCCUPIED_SLOT
+ * \retval #PSA_ERROR_ALREADY_EXISTS
  *         \p target already contains key material.
- * \retval #PSA_ERROR_EMPTY_SLOT
+ * \retval #PSA_ERROR_DOES_NOT_EXIST
  *         \p source does not contain key material.
  * \retval #PSA_ERROR_INVALID_ARGUMENT
  *         The policy constraints on the source, on the target and
@@ -1071,7 +1071,7 @@ static psa_mac_operation_t psa_mac_operation_init(void);
  * \retval #PSA_SUCCESS
  *         Success.
  * \retval #PSA_ERROR_INVALID_HANDLE
- * \retval #PSA_ERROR_EMPTY_SLOT
+ * \retval #PSA_ERROR_DOES_NOT_EXIST
  * \retval #PSA_ERROR_NOT_PERMITTED
  * \retval #PSA_ERROR_INVALID_ARGUMENT
  *         \p key is not compatible with \p alg.
@@ -1128,7 +1128,7 @@ psa_status_t psa_mac_sign_setup(psa_mac_operation_t *operation,
  * \retval #PSA_SUCCESS
  *         Success.
  * \retval #PSA_ERROR_INVALID_HANDLE
- * \retval #PSA_ERROR_EMPTY_SLOT
+ * \retval #PSA_ERROR_DOES_NOT_EXIST
  * \retval #PSA_ERROR_NOT_PERMITTED
  * \retval #PSA_ERROR_INVALID_ARGUMENT
  *         \c key is not compatible with \c alg.
@@ -1373,7 +1373,7 @@ static psa_cipher_operation_t psa_cipher_operation_init(void);
  * \retval #PSA_SUCCESS
  *         Success.
  * \retval #PSA_ERROR_INVALID_HANDLE
- * \retval #PSA_ERROR_EMPTY_SLOT
+ * \retval #PSA_ERROR_DOES_NOT_EXIST
  * \retval #PSA_ERROR_NOT_PERMITTED
  * \retval #PSA_ERROR_INVALID_ARGUMENT
  *         \p key is not compatible with \p alg.
@@ -1432,7 +1432,7 @@ psa_status_t psa_cipher_encrypt_setup(psa_cipher_operation_t *operation,
  * \retval #PSA_SUCCESS
  *         Success.
  * \retval #PSA_ERROR_INVALID_HANDLE
- * \retval #PSA_ERROR_EMPTY_SLOT
+ * \retval #PSA_ERROR_DOES_NOT_EXIST
  * \retval #PSA_ERROR_NOT_PERMITTED
  * \retval #PSA_ERROR_INVALID_ARGUMENT
  *         \p key is not compatible with \p alg.
@@ -1660,7 +1660,7 @@ psa_status_t psa_cipher_abort(psa_cipher_operation_t *operation);
  * \retval #PSA_SUCCESS
  *         Success.
  * \retval #PSA_ERROR_INVALID_HANDLE
- * \retval #PSA_ERROR_EMPTY_SLOT
+ * \retval #PSA_ERROR_DOES_NOT_EXIST
  * \retval #PSA_ERROR_NOT_PERMITTED
  * \retval #PSA_ERROR_INVALID_ARGUMENT
  *         \p key is not compatible with \p alg.
@@ -1716,7 +1716,7 @@ psa_status_t psa_aead_encrypt(psa_key_handle_t handle,
  * \retval #PSA_SUCCESS
  *         Success.
  * \retval #PSA_ERROR_INVALID_HANDLE
- * \retval #PSA_ERROR_EMPTY_SLOT
+ * \retval #PSA_ERROR_DOES_NOT_EXIST
  * \retval #PSA_ERROR_INVALID_SIGNATURE
  *         The ciphertext is not authentic.
  * \retval #PSA_ERROR_NOT_PERMITTED
@@ -2034,7 +2034,7 @@ psa_status_t psa_get_generator_capacity(const psa_crypto_generator_t *generator,
  * \param output_length     Number of bytes to output.
  *
  * \retval #PSA_SUCCESS
- * \retval #PSA_ERROR_INSUFFICIENT_CAPACITY
+ * \retval #PSA_ERROR_INSUFFICIENT_DATA
  *                          There were fewer than \p output_length bytes
  *                          in the generator. Note that in this case, no
  *                          output is written to the output buffer.
@@ -2076,7 +2076,7 @@ psa_status_t psa_generator_read(psa_crypto_generator_t *generator,
  *         Success.
  *         If the key is persistent, the key material and the key's metadata
  *         have been saved to persistent storage.
- * \retval #PSA_ERROR_INSUFFICIENT_CAPACITY
+ * \retval #PSA_ERROR_INSUFFICIENT_DATA
  *                          There were fewer than \p output_length bytes
  *                          in the generator. Note that in this case, no
  *                          output is written to the output buffer.
@@ -2088,7 +2088,7 @@ psa_status_t psa_generator_read(psa_crypto_generator_t *generator,
  *         implementation in general or in this particular slot.
  * \retval #PSA_ERROR_BAD_STATE
  * \retval #PSA_ERROR_INVALID_HANDLE
- * \retval #PSA_ERROR_OCCUPIED_SLOT
+ * \retval #PSA_ERROR_ALREADY_EXISTS
  *         There is already a key in the specified slot.
  * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
  * \retval #PSA_ERROR_INSUFFICIENT_STORAGE
@@ -2172,7 +2172,7 @@ psa_status_t psa_generator_abort(psa_crypto_generator_t *generator);
  * \retval #PSA_SUCCESS
  *         Success.
  * \retval #PSA_ERROR_INVALID_HANDLE
- * \retval #PSA_ERROR_EMPTY_SLOT
+ * \retval #PSA_ERROR_DOES_NOT_EXIST
  * \retval #PSA_ERROR_NOT_PERMITTED
  * \retval #PSA_ERROR_INVALID_ARGUMENT
  *         \c key is not compatible with \c alg,
@@ -2233,7 +2233,7 @@ psa_status_t psa_key_derivation(psa_crypto_generator_t *generator,
  * \retval #PSA_SUCCESS
  *         Success.
  * \retval #PSA_ERROR_INVALID_HANDLE
- * \retval #PSA_ERROR_EMPTY_SLOT
+ * \retval #PSA_ERROR_DOES_NOT_EXIST
  * \retval #PSA_ERROR_NOT_PERMITTED
  * \retval #PSA_ERROR_INVALID_ARGUMENT
  *         \c private_key is not compatible with \c alg,
@@ -2332,7 +2332,7 @@ typedef struct {
  *         If the key is persistent, the key material and the key's metadata
  *         have been saved to persistent storage.
  * \retval #PSA_ERROR_INVALID_HANDLE
- * \retval #PSA_ERROR_OCCUPIED_SLOT
+ * \retval #PSA_ERROR_ALREADY_EXISTS
  *         There is already a key in the specified slot.
  * \retval #PSA_ERROR_NOT_SUPPORTED
  * \retval #PSA_ERROR_INVALID_ARGUMENT

include/psa/crypto_extra.h

@@ -111,7 +111,6 @@ void mbedtls_psa_crypto_free( void );
  * \retval #PSA_ERROR_INVALID_ARGUMENT
  *         \p seed_size is out of range.
  * \retval #PSA_ERROR_STORAGE_FAILURE
- * \retval `PSA_ITS_ERROR_XXX`
  *         There was a failure reading or writing from storage.
  * \retval #PSA_ERROR_NOT_PERMITTED
  *         The library has already been initialized. It is no longer

include/psa/crypto_se_driver.h

@@ -754,7 +754,7 @@ typedef psa_status_t (*psa_drv_destroy_key_t)(psa_key_slot_t key);
  *                              that make up the key data.
  *
  * \retval #PSA_SUCCESS
- * \retval #PSA_ERROR_EMPTY_SLOT
+ * \retval #PSA_ERROR_DOES_NOT_EXIST
  * \retval #PSA_ERROR_NOT_PERMITTED
  * \retval #PSA_ERROR_NOT_SUPPORTED
  * \retval #PSA_ERROR_COMMUNICATION_FAILURE

include/psa/crypto_types.h

@@ -47,8 +47,13 @@
  * This is either #PSA_SUCCESS (which is zero), indicating success,
  * or a nonzero value indicating that an error occurred. Errors are
  * encoded as one of the \c PSA_ERROR_xxx values defined here.
+ * If #PSA_SUCCESS is already defined, it means that #psa_status_t
+ * is also defined in an external header, so prevent its multiple
+ * definition.
  */
+#ifndef PSA_SUCCESS
 typedef int32_t psa_status_t;
+#endif
 
 /**@}*/
 

include/psa/crypto_values.h

@@ -40,25 +40,17 @@
  * @{
  */
 
-#if !defined(PSA_SUCCESS)
+/* PSA error codes */
-/* If PSA_SUCCESS is defined, assume that PSA crypto is being used
+
- * together with PSA IPC, which also defines the identifier
- * PSA_SUCCESS. We must not define PSA_SUCCESS ourselves in that case;
- * the other error code names don't clash. This is a temporary hack
- * until we unify error reporting in PSA IPC and PSA crypto.
- *
- * Note that psa_defs.h must be included before this header!
- */
 /** The action was completed successfully. */
 #define PSA_SUCCESS ((psa_status_t)0)
-#endif /* !defined(PSA_SUCCESS) */
 
 /** An error occurred that does not correspond to any defined
  * failure cause.
  *
  * Implementations may use this error code if none of the other standard
  * error codes are applicable. */
-#define PSA_ERROR_UNKNOWN_ERROR         ((psa_status_t)1)
+#define PSA_ERROR_GENERIC_ERROR         ((psa_status_t)-132)
 
 /** The requested operation or a parameter is not supported
  * by this implementation.
@@ -67,7 +59,7 @@
  * parameter such as a key type, algorithm, etc. is not recognized.
  * If a combination of parameters is recognized and identified as
  * not valid, return #PSA_ERROR_INVALID_ARGUMENT instead. */
-#define PSA_ERROR_NOT_SUPPORTED         ((psa_status_t)2)
+#define PSA_ERROR_NOT_SUPPORTED         ((psa_status_t)-134)
 
 /** The requested action is denied by a policy.
  *
@@ -80,7 +72,7 @@
  * not valid or not supported, it is unspecified whether the function
  * returns #PSA_ERROR_NOT_PERMITTED, #PSA_ERROR_NOT_SUPPORTED or
  * #PSA_ERROR_INVALID_ARGUMENT. */
-#define PSA_ERROR_NOT_PERMITTED         ((psa_status_t)3)
+#define PSA_ERROR_NOT_PERMITTED         ((psa_status_t)-133)
 
 /** An output buffer is too small.
  *
@@ -92,23 +84,19 @@
  * buffer would succeed. However implementations may return this
  * error if a function has invalid or unsupported parameters in addition
  * to the parameters that determine the necessary output buffer size. */
-#define PSA_ERROR_BUFFER_TOO_SMALL      ((psa_status_t)4)
+#define PSA_ERROR_BUFFER_TOO_SMALL      ((psa_status_t)-138)
 
-/** A slot is occupied, but must be empty to carry out the
+/** Asking for an item that already exists
- * requested action.
  *
- * If a handle is invalid, it does not designate an occupied slot.
+ * Implementations should return this error, when attempting
- * The error for an invalid handle is #PSA_ERROR_INVALID_HANDLE.
+ * to write an item (like a key) that already exists. */
- */
+#define PSA_ERROR_ALREADY_EXISTS        ((psa_status_t)-139)
-#define PSA_ERROR_OCCUPIED_SLOT         ((psa_status_t)5)
 
-/** A slot is empty, but must be occupied to carry out the
+/** Asking for an item that doesn't exist
- * requested action.
  *
- * If a handle is invalid, it does not designate an empty slot.
+ * Implementations should return this error, if a requested item (like
- * The error for an invalid handle is #PSA_ERROR_INVALID_HANDLE.
+ * a key) does not exist. */
- */
+#define PSA_ERROR_DOES_NOT_EXIST        ((psa_status_t)-140)
-#define PSA_ERROR_EMPTY_SLOT            ((psa_status_t)6)
 
 /** The requested action cannot be performed in the current state.
  *
@@ -118,9 +106,9 @@
  *
  * Implementations shall not return this error code to indicate
  * that a key slot is occupied when it needs to be free or vice versa,
- * but shall return #PSA_ERROR_OCCUPIED_SLOT or #PSA_ERROR_EMPTY_SLOT
+ * but shall return #PSA_ERROR_ALREADY_EXISTS or #PSA_ERROR_DOES_NOT_EXIST
  * as applicable. */
-#define PSA_ERROR_BAD_STATE             ((psa_status_t)7)
+#define PSA_ERROR_BAD_STATE             ((psa_status_t)-137)
 
 /** The parameters passed to the function are invalid.
  *
@@ -129,20 +117,20 @@
  *
  * Implementations shall not return this error code to indicate
  * that a key slot is occupied when it needs to be free or vice versa,
- * but shall return #PSA_ERROR_OCCUPIED_SLOT or #PSA_ERROR_EMPTY_SLOT
+ * but shall return #PSA_ERROR_ALREADY_EXISTS or #PSA_ERROR_DOES_NOT_EXIST
  * as applicable.
  *
  * Implementation shall not return this error code to indicate that a
  * key handle is invalid, but shall return #PSA_ERROR_INVALID_HANDLE
  * instead.
  */
-#define PSA_ERROR_INVALID_ARGUMENT      ((psa_status_t)8)
+#define PSA_ERROR_INVALID_ARGUMENT      ((psa_status_t)-135)
 
 /** There is not enough runtime memory.
  *
  * If the action is carried out across multiple security realms, this
  * error can refer to available memory in any of the security realms. */
-#define PSA_ERROR_INSUFFICIENT_MEMORY   ((psa_status_t)9)
+#define PSA_ERROR_INSUFFICIENT_MEMORY   ((psa_status_t)-141)
 
 /** There is not enough persistent storage.
  *
@@ -151,7 +139,7 @@
  * many functions that do not otherwise access storage may return this
  * error code if the implementation requires a mandatory log entry for
  * the requested action and the log storage space is full. */
-#define PSA_ERROR_INSUFFICIENT_STORAGE  ((psa_status_t)10)
+#define PSA_ERROR_INSUFFICIENT_STORAGE  ((psa_status_t)-142)
 
 /** There was a communication failure inside the implementation.
  *
@@ -168,7 +156,7 @@
  * cryptoprocessor but there was a breakdown of communication before
  * the cryptoprocessor could report the status to the application.
  */
-#define PSA_ERROR_COMMUNICATION_FAILURE ((psa_status_t)11)
+#define PSA_ERROR_COMMUNICATION_FAILURE ((psa_status_t)-145)
 
 /** There was a storage failure that may have led to data loss.
  *
@@ -193,13 +181,13 @@
  * permanent storage corruption. However application writers should
  * keep in mind that transient errors while reading the storage may be
  * reported using this error code. */
-#define PSA_ERROR_STORAGE_FAILURE       ((psa_status_t)12)
+#define PSA_ERROR_STORAGE_FAILURE       ((psa_status_t)-146)
 
 /** A hardware failure was detected.
  *
  * A hardware failure may be transient or permanent depending on the
  * cause. */
-#define PSA_ERROR_HARDWARE_FAILURE      ((psa_status_t)13)
+#define PSA_ERROR_HARDWARE_FAILURE      ((psa_status_t)-147)
 
 /** A tampering attempt was detected.
  *
@@ -230,7 +218,7 @@
  * This error indicates an attack against the application. Implementations
  * shall not return this error code as a consequence of the behavior of
  * the application itself. */
-#define PSA_ERROR_TAMPERING_DETECTED    ((psa_status_t)14)
+#define PSA_ERROR_TAMPERING_DETECTED    ((psa_status_t)-151)
 
 /** There is not enough entropy to generate random data needed
  * for the requested action.
@@ -249,7 +237,7 @@
  * secure pseudorandom generator (PRNG). However implementations may return
  * this error at any time if a policy requires the PRNG to be reseeded
  * during normal operation. */
-#define PSA_ERROR_INSUFFICIENT_ENTROPY  ((psa_status_t)15)
+#define PSA_ERROR_INSUFFICIENT_ENTROPY  ((psa_status_t)-148)
 
 /** The signature, MAC or hash is incorrect.
  *
@@ -259,7 +247,7 @@
  *
  * If the value to verify has an invalid size, implementations may return
  * either #PSA_ERROR_INVALID_ARGUMENT or #PSA_ERROR_INVALID_SIGNATURE. */
-#define PSA_ERROR_INVALID_SIGNATURE     ((psa_status_t)16)
+#define PSA_ERROR_INVALID_SIGNATURE     ((psa_status_t)-149)
 
 /** The decrypted padding is incorrect.
  *
@@ -275,17 +263,15 @@
  * as close as possible to indistinguishable to an external observer.
  * In particular, the timing of a decryption operation should not
  * depend on the validity of the padding. */
-#define PSA_ERROR_INVALID_PADDING       ((psa_status_t)17)
+#define PSA_ERROR_INVALID_PADDING       ((psa_status_t)-150)
 
-/** The generator has insufficient capacity left.
+/** Return this error when there's insufficient data when attempting
- *
+ * to read from a resource. */
- * Once a function returns this error, attempts to read from the
+#define PSA_ERROR_INSUFFICIENT_DATA     ((psa_status_t)-143)
- * generator will always return this error. */
-#define PSA_ERROR_INSUFFICIENT_CAPACITY ((psa_status_t)18)
 
 /** The key handle is not valid.
  */
-#define PSA_ERROR_INVALID_HANDLE        ((psa_status_t)19)
+#define PSA_ERROR_INVALID_HANDLE        ((psa_status_t)-136)
 
 /**@}*/
 

library/psa_crypto.c

@@ -346,7 +346,7 @@ static psa_status_t mbedtls_to_psa_error( int ret )
             return( PSA_ERROR_HARDWARE_FAILURE );
 
         default:
-            return( PSA_ERROR_UNKNOWN_ERROR );
+            return( PSA_ERROR_GENERIC_ERROR );
     }
 }
 
@@ -742,7 +742,7 @@ static psa_status_t psa_get_empty_key_slot( psa_key_handle_t handle,
         return( status );
 
     if( slot->type != PSA_KEY_TYPE_NONE )
-        return( PSA_ERROR_OCCUPIED_SLOT );
+        return( PSA_ERROR_ALREADY_EXISTS );
 
     *p_slot = slot;
     return( status );
@@ -839,7 +839,7 @@ static psa_status_t psa_get_key_from_slot( psa_key_handle_t handle,
     if( status != PSA_SUCCESS )
         return( status );
     if( slot->type == PSA_KEY_TYPE_NONE )
-        return( PSA_ERROR_EMPTY_SLOT );
+        return( PSA_ERROR_DOES_NOT_EXIST );
 
     /* Enforce that usage policy for the key slot contains all the flags
      * required by the usage parameter. There is one exception: public
@@ -1001,7 +1001,7 @@ psa_status_t psa_get_key_information( psa_key_handle_t handle,
         return( status );
 
     if( slot->type == PSA_KEY_TYPE_NONE )
-        return( PSA_ERROR_EMPTY_SLOT );
+        return( PSA_ERROR_DOES_NOT_EXIST );
     if( type != NULL )
         *type = slot->type;
     if( bits != NULL )
@@ -3098,7 +3098,7 @@ psa_status_t psa_cipher_finish( psa_cipher_operation_t *operation,
                                 size_t output_size,
                                 size_t *output_length )
 {
-    psa_status_t status = PSA_ERROR_UNKNOWN_ERROR;
+    psa_status_t status = PSA_ERROR_GENERIC_ERROR;
     int cipher_ret = MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE;
     uint8_t temp_output_buffer[MBEDTLS_MAX_BLOCK_LENGTH];
 
@@ -3855,7 +3855,7 @@ psa_status_t psa_generator_read( psa_crypto_generator_t *generator,
         generator->capacity = 0;
         /* Go through the error path to wipe all confidential data now
          * that the generator object is useless. */
-        status = PSA_ERROR_INSUFFICIENT_CAPACITY;
+        status = PSA_ERROR_INSUFFICIENT_DATA;
         goto exit;
     }
     if( output_length == 0 &&
@@ -3867,7 +3867,7 @@ psa_status_t psa_generator_read( psa_crypto_generator_t *generator,
          * INSUFFICIENT_CAPACITY, which is right for a finished
          * generator, for consistency with the case when
          * output_length > 0. */
-        return( PSA_ERROR_INSUFFICIENT_CAPACITY );
+        return( PSA_ERROR_INSUFFICIENT_DATA );
     }
     generator->capacity -= output_length;
 
@@ -4391,45 +4391,11 @@ psa_status_t psa_generate_random( uint8_t *output,
 
 #if ( defined(MBEDTLS_ENTROPY_NV_SEED) && defined(MBEDTLS_PSA_HAS_ITS_IO) )
 
-/* Support function for error conversion between psa_its error codes to psa crypto */
-static psa_status_t its_to_psa_error( psa_its_status_t ret )
-{
-    switch( ret )
-    {
-        case PSA_ITS_SUCCESS:
-            return( PSA_SUCCESS );
-
-        case PSA_ITS_ERROR_UID_NOT_FOUND:
-            return( PSA_ERROR_EMPTY_SLOT );
-
-        case PSA_ITS_ERROR_STORAGE_FAILURE:
-            return( PSA_ERROR_STORAGE_FAILURE );
-
-        case PSA_ITS_ERROR_INSUFFICIENT_SPACE:
-            return( PSA_ERROR_INSUFFICIENT_STORAGE );
-
-        case PSA_ITS_ERROR_OFFSET_INVALID:
-        case PSA_ITS_ERROR_INCORRECT_SIZE:
-        case PSA_ITS_ERROR_INVALID_ARGUMENTS:
-            return( PSA_ERROR_INVALID_ARGUMENT );
-
-        case PSA_ITS_ERROR_FLAGS_NOT_SUPPORTED:
-            return( PSA_ERROR_NOT_SUPPORTED );
-
-        case PSA_ITS_ERROR_WRITE_ONCE:
-            return( PSA_ERROR_OCCUPIED_SLOT );
-
-        default:
-            return( PSA_ERROR_UNKNOWN_ERROR );
-    }
-}
-
 psa_status_t mbedtls_psa_inject_entropy( const unsigned char *seed,
                                          size_t seed_size )
 {
     psa_status_t status;
-    psa_its_status_t its_status;
+    struct psa_storage_info_t p_info;
-    struct psa_its_info_t p_info;
     if( global_data.initialized )
         return( PSA_ERROR_NOT_PERMITTED );
 
@@ -4438,15 +4404,13 @@ psa_status_t mbedtls_psa_inject_entropy( const unsigned char *seed,
           ( seed_size > MBEDTLS_ENTROPY_MAX_SEED_SIZE ) )
             return( PSA_ERROR_INVALID_ARGUMENT );
 
-    its_status = psa_its_get_info( PSA_CRYPTO_ITS_RANDOM_SEED_UID, &p_info );
+    status = psa_its_get_info( PSA_CRYPTO_ITS_RANDOM_SEED_UID, &p_info );
-    status = its_to_psa_error( its_status );
 
-    if( PSA_ITS_ERROR_UID_NOT_FOUND == its_status ) /* No seed exists */
+    if( PSA_ERROR_DOES_NOT_EXIST == status ) /* No seed exists */
     {
-        its_status = psa_its_set( PSA_CRYPTO_ITS_RANDOM_SEED_UID, seed_size, seed, 0 );
+        status = psa_its_set( PSA_CRYPTO_ITS_RANDOM_SEED_UID, seed_size, seed, 0 );
-        status = its_to_psa_error( its_status );
     }
-    else if( PSA_ITS_SUCCESS == its_status )
+    else if( PSA_SUCCESS == status )
     {
         /* You should not be here. Seed needs to be injected only once */
         status = PSA_ERROR_NOT_PERMITTED;

library/psa_crypto_slot_management.c

@@ -194,7 +194,7 @@ exit:
  *
  * \retval #PSA_SUCCESS
  *         The slot content was loaded successfully.
- * \retval #PSA_ERROR_EMPTY_SLOT
+ * \retval #PSA_ERROR_DOES_NOT_EXIST
  *         There is no content for this slot in persistent storage.
  * \retval #PSA_ERROR_INVALID_HANDLE
  * \retval #PSA_ERROR_INVALID_ARGUMENT
@@ -274,11 +274,11 @@ psa_status_t psa_create_key( psa_key_lifetime_t lifetime,
     psa_status_t status;
 
     status = persistent_key_setup( lifetime, id, handle,
-                                   PSA_ERROR_EMPTY_SLOT );
+                                   PSA_ERROR_DOES_NOT_EXIST );
     switch( status )
     {
-        case PSA_SUCCESS: return( PSA_ERROR_OCCUPIED_SLOT );
+        case PSA_SUCCESS: return( PSA_ERROR_ALREADY_EXISTS );
-        case PSA_ERROR_EMPTY_SLOT: return( PSA_SUCCESS );
+        case PSA_ERROR_DOES_NOT_EXIST: return( PSA_SUCCESS );
         default: return( status );
     }
 }

library/psa_crypto_storage.h

@@ -84,7 +84,7 @@ extern "C" {
  * \retval PSA_ERROR_INSUFFICIENT_MEMORY
  * \retval PSA_ERROR_INSUFFICIENT_STORAGE
  * \retval PSA_ERROR_STORAGE_FAILURE
- * \retval PSA_ERROR_OCCUPIED_SLOT
+ * \retval PSA_ERROR_ALREADY_EXISTS
  */
 psa_status_t psa_save_persistent_key( const psa_key_id_t key,
                                       const psa_key_type_t type,
@@ -115,7 +115,7 @@ psa_status_t psa_save_persistent_key( const psa_key_id_t key,
  * \retval PSA_SUCCESS
  * \retval PSA_ERROR_INSUFFICIENT_MEMORY
  * \retval PSA_ERROR_STORAGE_FAILURE
- * \retval PSA_ERROR_EMPTY_SLOT
+ * \retval PSA_ERROR_DOES_NOT_EXIST
  */
 psa_status_t psa_load_persistent_key( psa_key_id_t key,
                                       psa_key_type_t *type,

library/psa_crypto_storage_backend.h

@@ -54,7 +54,7 @@ extern "C" {
  *
  * \retval PSA_SUCCESS
  * \retval PSA_ERROR_STORAGE_FAILURE
- * \retval PSA_ERROR_EMPTY_SLOT
+ * \retval PSA_ERROR_DOES_NOT_EXIST
  */
 psa_status_t psa_crypto_storage_load( const psa_key_id_t key, uint8_t *data,
                                       size_t data_size );
@@ -73,7 +73,7 @@ psa_status_t psa_crypto_storage_load( const psa_key_id_t key, uint8_t *data,
  * \retval PSA_SUCCESS
  * \retval PSA_ERROR_INSUFFICIENT_STORAGE
  * \retval PSA_ERROR_STORAGE_FAILURE
- * \retval PSA_ERROR_OCCUPIED_SLOT
+ * \retval PSA_ERROR_ALREADY_EXISTS
  */
 psa_status_t psa_crypto_storage_store( const psa_key_id_t key,
                                        const uint8_t *data,

library/psa_crypto_storage_file.c

@@ -119,7 +119,7 @@ psa_status_t psa_crypto_storage_store( const psa_key_id_t key,
     key_id_to_location( key, slot_location, MAX_LOCATION_LEN );
 
     if( psa_is_key_present_in_storage( key ) == 1 )
-        return( PSA_ERROR_OCCUPIED_SLOT );
+        return( PSA_ERROR_ALREADY_EXISTS );
 
     file = fopen( temp_location, "wb" );
     if( file == NULL )
@@ -187,7 +187,7 @@ psa_status_t psa_crypto_storage_get_data_length( const psa_key_id_t key,
 
     file = fopen( slot_location, "rb" );
     if( file == NULL )
-        return( PSA_ERROR_EMPTY_SLOT );
+        return( PSA_ERROR_DOES_NOT_EXIST );
 
     if( fseek( file, 0, SEEK_END ) != 0 )
     {

library/psa_crypto_storage_its.c

@@ -27,6 +27,7 @@
 
 #if defined(MBEDTLS_PSA_CRYPTO_STORAGE_ITS_C)
 
+#include "psa/error.h"
 #include "psa/crypto.h"
 #include "psa_crypto_storage_backend.h"
 #include "psa/internal_trusted_storage.h"
@@ -35,39 +36,7 @@
 #include "mbedtls/platform.h"
 #endif
 
-static psa_status_t its_to_psa_error( psa_its_status_t ret )
+static psa_storage_uid_t psa_its_identifier_of_slot( psa_key_id_t key )
-{
-    switch( ret )
-    {
-        case PSA_ITS_SUCCESS:
-            return( PSA_SUCCESS );
-
-        case PSA_ITS_ERROR_UID_NOT_FOUND:
-            return( PSA_ERROR_EMPTY_SLOT );
-
-        case PSA_ITS_ERROR_STORAGE_FAILURE:
-            return( PSA_ERROR_STORAGE_FAILURE );
-
-        case PSA_ITS_ERROR_INSUFFICIENT_SPACE:
-            return( PSA_ERROR_INSUFFICIENT_STORAGE );
-
-        case PSA_ITS_ERROR_OFFSET_INVALID:
-        case PSA_ITS_ERROR_INCORRECT_SIZE:
-        case PSA_ITS_ERROR_INVALID_ARGUMENTS:
-            return( PSA_ERROR_INVALID_ARGUMENT );
-
-        case PSA_ITS_ERROR_FLAGS_NOT_SUPPORTED:
-            return( PSA_ERROR_NOT_SUPPORTED );
-
-        case PSA_ITS_ERROR_WRITE_ONCE:
-            return( PSA_ERROR_OCCUPIED_SLOT );
-
-        default:
-            return( PSA_ERROR_UNKNOWN_ERROR );
-    }
-}
-
-static psa_its_uid_t psa_its_identifier_of_slot( psa_key_id_t key )
 {
     return( key );
 }
@@ -75,31 +44,28 @@ static psa_its_uid_t psa_its_identifier_of_slot( psa_key_id_t key )
 psa_status_t psa_crypto_storage_load( const psa_key_id_t key, uint8_t *data,
                                       size_t data_size )
 {
-    psa_its_status_t ret;
     psa_status_t status;
-    psa_its_uid_t data_identifier = psa_its_identifier_of_slot( key );
+    psa_storage_uid_t data_identifier = psa_its_identifier_of_slot( key );
-    struct psa_its_info_t data_identifier_info;
+    struct psa_storage_info_t data_identifier_info;
 
-    ret = psa_its_get_info( data_identifier, &data_identifier_info );
+    status = psa_its_get_info( data_identifier, &data_identifier_info );
-    status = its_to_psa_error( ret );
+    if( status  != PSA_SUCCESS )
-    if( status != PSA_SUCCESS )
         return( status );
 
-    ret = psa_its_get( data_identifier, 0, data_size, data );
+    status = psa_its_get( data_identifier, 0, data_size, data );
-    status = its_to_psa_error( ret );
 
     return( status );
 }
 
 int psa_is_key_present_in_storage( const psa_key_id_t key )
 {
-    psa_its_status_t ret;
+    psa_status_t ret;
-    psa_its_uid_t data_identifier = psa_its_identifier_of_slot( key );
+    psa_storage_uid_t data_identifier = psa_its_identifier_of_slot( key );
-    struct psa_its_info_t data_identifier_info;
+    struct psa_storage_info_t data_identifier_info;
 
     ret = psa_its_get_info( data_identifier, &data_identifier_info );
 
-    if( ret == PSA_ITS_ERROR_UID_NOT_FOUND )
+    if( ret == PSA_ERROR_DOES_NOT_EXIST )
         return( 0 );
     return( 1 );
 }
@@ -108,23 +74,20 @@ psa_status_t psa_crypto_storage_store( const psa_key_id_t key,
                                        const uint8_t *data,
                                        size_t data_length )
 {
-    psa_its_status_t ret;
     psa_status_t status;
-    psa_its_uid_t data_identifier = psa_its_identifier_of_slot( key );
+    psa_storage_uid_t data_identifier = psa_its_identifier_of_slot( key );
-    struct psa_its_info_t data_identifier_info;
+    struct psa_storage_info_t data_identifier_info;
 
     if( psa_is_key_present_in_storage( key ) == 1 )
-        return( PSA_ERROR_OCCUPIED_SLOT );
+        return( PSA_ERROR_ALREADY_EXISTS );
 
-    ret = psa_its_set( data_identifier, data_length, data, 0 );
+    status = psa_its_set( data_identifier, data_length, data, 0 );
-    status = its_to_psa_error( ret );
     if( status != PSA_SUCCESS )
     {
         return( PSA_ERROR_STORAGE_FAILURE );
     }
 
-    ret = psa_its_get_info( data_identifier, &data_identifier_info );
+    status = psa_its_get_info( data_identifier, &data_identifier_info );
-    status = its_to_psa_error( ret );
     if( status != PSA_SUCCESS )
     {
         goto exit;
@@ -144,19 +107,19 @@ exit:
 
 psa_status_t psa_destroy_persistent_key( const psa_key_id_t key )
 {
-    psa_its_status_t ret;
+    psa_status_t ret;
-    psa_its_uid_t data_identifier = psa_its_identifier_of_slot( key );
+    psa_storage_uid_t data_identifier = psa_its_identifier_of_slot( key );
-    struct psa_its_info_t data_identifier_info;
+    struct psa_storage_info_t data_identifier_info;
 
     ret = psa_its_get_info( data_identifier, &data_identifier_info );
-    if( ret == PSA_ITS_ERROR_UID_NOT_FOUND )
+    if( ret == PSA_ERROR_DOES_NOT_EXIST )
         return( PSA_SUCCESS );
 
-    if( psa_its_remove( data_identifier ) != PSA_ITS_SUCCESS )
+    if( psa_its_remove( data_identifier ) != PSA_SUCCESS )
         return( PSA_ERROR_STORAGE_FAILURE );
 
     ret = psa_its_get_info( data_identifier, &data_identifier_info );
-    if( ret != PSA_ITS_ERROR_UID_NOT_FOUND )
+    if( ret != PSA_ERROR_DOES_NOT_EXIST )
         return( PSA_ERROR_STORAGE_FAILURE );
 
     return( PSA_SUCCESS );
@@ -165,13 +128,11 @@ psa_status_t psa_destroy_persistent_key( const psa_key_id_t key )
 psa_status_t psa_crypto_storage_get_data_length( const psa_key_id_t key,
                                                  size_t *data_length )
 {
-    psa_its_status_t ret;
     psa_status_t status;
-    psa_its_uid_t data_identifier = psa_its_identifier_of_slot( key );
+    psa_storage_uid_t data_identifier = psa_its_identifier_of_slot( key );
-    struct psa_its_info_t data_identifier_info;
+    struct psa_storage_info_t data_identifier_info;
 
-    ret = psa_its_get_info( data_identifier, &data_identifier_info );
+    status = psa_its_get_info( data_identifier, &data_identifier_info );
-    status = its_to_psa_error( ret );
     if( status != PSA_SUCCESS )
         return( status );
 

tests/suites/test_suite_psa_crypto.function

@@ -419,10 +419,10 @@ static psa_status_t key_agreement_with_self( psa_crypto_generator_t *generator,
     size_t key_bits;
     uint8_t *public_key = NULL;
     size_t public_key_length;
-    /* Return UNKNOWN_ERROR if something other than the final call to
+    /* Return GENERIC_ERROR if something other than the final call to
      * psa_key_agreement fails. This isn't fully satisfactory, but it's
      * good enough: callers will report it as a failed test anyway. */
-    psa_status_t status = PSA_ERROR_UNKNOWN_ERROR;
+    psa_status_t status = PSA_ERROR_GENERIC_ERROR;
 
     PSA_ASSERT( psa_get_key_information( handle,
                                          &private_key_type,
@@ -1027,7 +1027,7 @@ void import_export( data_t *data,
     PSA_ASSERT( psa_set_key_policy( handle, &policy ) );
 
     TEST_EQUAL( psa_get_key_information( handle, NULL, NULL ),
-                PSA_ERROR_EMPTY_SLOT );
+                PSA_ERROR_DOES_NOT_EXIST );
 
     /* Import the key */
     PSA_ASSERT( psa_import_key( handle, type,
@@ -1114,7 +1114,7 @@ void import_key_nonempty_slot( )
 
     /* Import the key again */
     status = psa_import_key( handle, type, data, sizeof( data ) );
-    TEST_EQUAL( status, PSA_ERROR_OCCUPIED_SLOT );
+    TEST_EQUAL( status, PSA_ERROR_ALREADY_EXISTS );
 
 exit:
     mbedtls_psa_crypto_free( );
@@ -1164,7 +1164,7 @@ void export_with_no_key_activity( )
     status = psa_export_key( handle,
                              exported, export_size,
                              &exported_length );
-    TEST_EQUAL( status, PSA_ERROR_EMPTY_SLOT );
+    TEST_EQUAL( status, PSA_ERROR_DOES_NOT_EXIST );
 
 exit:
     mbedtls_psa_crypto_free( );
@@ -1187,7 +1187,7 @@ void cipher_with_no_key_activity( )
     PSA_ASSERT( psa_set_key_policy( handle, &policy ) );
 
     status = psa_cipher_encrypt_setup( &operation, handle, exercise_alg );
-    TEST_EQUAL( status, PSA_ERROR_EMPTY_SLOT );
+    TEST_EQUAL( status, PSA_ERROR_DOES_NOT_EXIST );
 
 exit:
     psa_cipher_abort( &operation );
@@ -1220,7 +1220,7 @@ void export_after_import_failure( data_t *data, int type_arg,
     status = psa_export_key( handle,
                              exported, export_size,
                              &exported_length );
-    TEST_EQUAL( status, PSA_ERROR_EMPTY_SLOT );
+    TEST_EQUAL( status, PSA_ERROR_DOES_NOT_EXIST );
 
 exit:
     mbedtls_psa_crypto_free( );
@@ -1248,7 +1248,7 @@ void cipher_after_import_failure( data_t *data, int type_arg,
     TEST_EQUAL( status, expected_import_status );
 
     status = psa_cipher_encrypt_setup( &operation, handle, exercise_alg );
-    TEST_EQUAL( status, PSA_ERROR_EMPTY_SLOT );
+    TEST_EQUAL( status, PSA_ERROR_DOES_NOT_EXIST );
 
 exit:
     psa_cipher_abort( &operation );
@@ -1937,7 +1937,7 @@ void copy_fail( int source_usage_arg, int source_alg_arg,
     /* Test that the target slot is unaffected. */
     TEST_EQUAL( psa_get_key_information( target_handle,
                                          &target_type, &target_bits ),
-                PSA_ERROR_EMPTY_SLOT );
+                PSA_ERROR_DOES_NOT_EXIST );
     PSA_ASSERT( psa_get_key_policy( target_handle, &target_policy ) );
     TEST_EQUAL( target_usage, psa_key_policy_get_usage( &target_policy ) );
     TEST_EQUAL( target_alg, psa_key_policy_get_algorithm( &target_policy ) );
@@ -3614,7 +3614,7 @@ void test_derive_invalid_generator_state( )
     PSA_ASSERT( psa_generator_read( &generator, buffer, capacity ) );
 
     TEST_EQUAL( psa_generator_read( &generator, buffer, capacity ),
-                PSA_ERROR_INSUFFICIENT_CAPACITY );
+                PSA_ERROR_INSUFFICIENT_DATA );
 
 exit:
     psa_generator_abort( &generator );
@@ -3632,7 +3632,7 @@ void test_derive_invalid_generator_tests( )
     psa_crypto_generator_t generator = PSA_CRYPTO_GENERATOR_INIT;
 
     TEST_ASSERT( psa_generator_read( &generator, output_buffer, buffer_size )
-                 == PSA_ERROR_INSUFFICIENT_CAPACITY ); // should be PSA_ERROR_BAD_STATE:#183
+                 == PSA_ERROR_INSUFFICIENT_DATA ); // should be PSA_ERROR_BAD_STATE:#183
 
     TEST_ASSERT( psa_get_generator_capacity( &generator, &capacity )
                  == PSA_SUCCESS ); // should be PSA_ERROR_BAD_STATE:#183
@@ -3640,7 +3640,7 @@ void test_derive_invalid_generator_tests( )
     PSA_ASSERT( psa_generator_abort( &generator ) );
 
     TEST_ASSERT( psa_generator_read( &generator, output_buffer, buffer_size )
-                 == PSA_ERROR_INSUFFICIENT_CAPACITY ); // should be PSA_ERROR_BAD_STATE:#183
+                 == PSA_ERROR_INSUFFICIENT_DATA ); // should be PSA_ERROR_BAD_STATE:#183
 
     TEST_ASSERT( psa_get_generator_capacity( &generator, &capacity )
                  == PSA_SUCCESS );// should be PSA_ERROR_BAD_STATE:#183
@@ -3713,14 +3713,14 @@ void derive_output( int alg_arg,
         {
             /* Reading 0 bytes when 0 bytes are available can go either way. */
             TEST_ASSERT( status == PSA_SUCCESS ||
-                         status == PSA_ERROR_INSUFFICIENT_CAPACITY );
+                         status == PSA_ERROR_INSUFFICIENT_DATA );
             continue;
         }
         else if( expected_capacity == 0 ||
                  output_sizes[i] > expected_capacity )
         {
             /* Capacity exceeded. */
-            TEST_EQUAL( status, PSA_ERROR_INSUFFICIENT_CAPACITY );
+            TEST_EQUAL( status, PSA_ERROR_INSUFFICIENT_DATA );
             expected_capacity = 0;
             continue;
         }
@@ -3797,7 +3797,7 @@ void derive_full( int alg_arg,
 
     /* Check that the generator refuses to go over capacity. */
     TEST_EQUAL( psa_generator_read( &generator, output_buffer, 1 ),
-                PSA_ERROR_INSUFFICIENT_CAPACITY );
+                PSA_ERROR_INSUFFICIENT_DATA );
 
     PSA_ASSERT( psa_generator_abort( &generator ) );
 
@@ -4033,7 +4033,7 @@ void key_agreement_capacity( int alg_arg,
     PSA_ASSERT( psa_generator_read( &generator,
                                     output, actual_capacity ) );
     TEST_EQUAL( psa_generator_read( &generator, output, 1 ),
-                PSA_ERROR_INSUFFICIENT_CAPACITY );
+                PSA_ERROR_INSUFFICIENT_DATA );
 
 exit:
     psa_generator_abort( &generator );
@@ -4161,7 +4161,7 @@ void generate_key( int type_arg,
     psa_key_type_t got_type;
     size_t got_bits;
     psa_status_t expected_info_status =
-        expected_status == PSA_SUCCESS ? PSA_SUCCESS : PSA_ERROR_EMPTY_SLOT;
+        expected_status == PSA_SUCCESS ? PSA_SUCCESS : PSA_ERROR_DOES_NOT_EXIST;
     psa_key_policy_t policy = PSA_KEY_POLICY_INIT;
 
     PSA_ASSERT( psa_crypto_init( ) );

tests/suites/test_suite_psa_crypto_entropy.function

@@ -22,7 +22,6 @@ void validate_entropy_seed_injection( int seed_length_a,
                                       int seed_length_b,
                                       int expected_status_b )
 {
-    psa_its_status_t its_status;
     psa_status_t status;
     uint8_t output[32] = { 0 };
     uint8_t zeros[32] = { 0 };
@@ -43,9 +42,9 @@ void validate_entropy_seed_injection( int seed_length_a,
     {
         seed[i] = i;
     }
-    its_status =  psa_its_remove( PSA_CRYPTO_ITS_RANDOM_SEED_UID );
+    status =  psa_its_remove( PSA_CRYPTO_ITS_RANDOM_SEED_UID );
-    TEST_ASSERT( ( its_status == PSA_ITS_SUCCESS ) ||
+    TEST_ASSERT( ( status == PSA_SUCCESS ) ||
-                 ( its_status == PSA_ITS_ERROR_KEY_NOT_FOUND ) );
+                 ( status == PSA_ERROR_DOES_NOT_EXIST ) );
     status = mbedtls_psa_inject_entropy( seed, seed_length_a );
     TEST_EQUAL( status, expected_status_a );
     status = mbedtls_psa_inject_entropy( seed, seed_length_b );
@@ -64,7 +63,6 @@ exit:
 /* BEGIN_CASE */
 void run_entropy_inject_with_crypto_init( )
 {
-    psa_its_status_t its_status;
     psa_status_t status;
     int i;
     uint8_t seed[MBEDTLS_PSA_INJECT_ENTROPY_MIN_SIZE] = { 0 };
@@ -73,13 +71,13 @@ void run_entropy_inject_with_crypto_init( )
     {
         seed[i] = i;
     }
-    its_status =  psa_its_remove( PSA_CRYPTO_ITS_RANDOM_SEED_UID );
+    status =  psa_its_remove( PSA_CRYPTO_ITS_RANDOM_SEED_UID );
-    TEST_ASSERT( ( its_status == PSA_ITS_SUCCESS ) ||
+    TEST_ASSERT( ( status == PSA_SUCCESS ) ||
-                 ( its_status == PSA_ITS_ERROR_KEY_NOT_FOUND ) );
+                 ( status == PSA_ERROR_DOES_NOT_EXIST ) );
     status = mbedtls_psa_inject_entropy( seed, sizeof( seed ) );
     PSA_ASSERT( status );
-    its_status =  psa_its_remove( PSA_CRYPTO_ITS_RANDOM_SEED_UID );
+    status =  psa_its_remove( PSA_CRYPTO_ITS_RANDOM_SEED_UID );
-    TEST_EQUAL( its_status, PSA_ITS_SUCCESS );
+    TEST_EQUAL( status, PSA_SUCCESS );
     status = psa_crypto_init( );
     TEST_EQUAL( status, PSA_ERROR_INSUFFICIENT_ENTROPY );
     status = mbedtls_psa_inject_entropy( seed, sizeof( seed ) );

tests/suites/test_suite_psa_crypto_persistent_key.function

@@ -138,7 +138,7 @@ void persistent_key_destroy( int key_id_arg, int should_store,
     /* Check key slot storage is removed */
     TEST_EQUAL( psa_is_key_present_in_storage( key_id ), 0 );
     TEST_EQUAL( psa_open_key( PSA_KEY_LIFETIME_PERSISTENT, key_id, &handle ),
-                PSA_ERROR_EMPTY_SLOT );
+                PSA_ERROR_DOES_NOT_EXIST );
     TEST_EQUAL( handle, 0 );
 
     /* Shutdown and restart */

tests/suites/test_suite_psa_crypto_slot_management.data

@@ -35,7 +35,7 @@ open_fail:PSA_KEY_LIFETIME_PERSISTENT:PSA_CRYPTO_ITS_RANDOM_SEED_UID:PSA_ERROR_I
 
 Open failure: non-existent identifier
 depends_on:MBEDTLS_PSA_CRYPTO_STORAGE_C
-open_fail:PSA_KEY_LIFETIME_PERSISTENT:1:PSA_ERROR_EMPTY_SLOT
+open_fail:PSA_KEY_LIFETIME_PERSISTENT:1:PSA_ERROR_DOES_NOT_EXIST
 
 Open failure: volatile lifetime
 open_fail:PSA_KEY_LIFETIME_VOLATILE:1:PSA_ERROR_INVALID_ARGUMENT

tests/suites/test_suite_psa_crypto_slot_management.function

@@ -178,7 +178,7 @@ void persistent_slot_lifecycle( int lifetime_arg, int id_arg,
             break;
         case CLOSE_BY_DESTROY:
             TEST_EQUAL( psa_open_key( lifetime, id, &handle ),
-                        PSA_ERROR_EMPTY_SLOT );
+                        PSA_ERROR_DOES_NOT_EXIST );
             break;
     }
 
@@ -223,7 +223,7 @@ void create_existent( int lifetime_arg, int id_arg,
 
     /* Attempt to create a new key in the same slot. */
     TEST_EQUAL( psa_create_key( lifetime, id, &handle2 ),
-                PSA_ERROR_OCCUPIED_SLOT );
+                PSA_ERROR_ALREADY_EXISTS );
     TEST_EQUAL( handle2, 0 );
 
     if( reopen_policy == CLOSE_AFTER )
@@ -436,7 +436,7 @@ void copy_from_empty( int source_lifetime_arg, int source_id_arg,
 
     /* Copy the key. */
     TEST_EQUAL( psa_copy_key( source_handle, target_handle, NULL ),
-                PSA_ERROR_EMPTY_SLOT );
+                PSA_ERROR_DOES_NOT_EXIST );
 
     /* Test that the slots are unaffected. */
     PSA_ASSERT( psa_get_key_policy( source_handle, &got_policy ) );
@@ -514,7 +514,7 @@ void copy_to_occupied( int source_lifetime_arg, int source_id_arg,
 
     /* Copy the key. */
     TEST_EQUAL( psa_copy_key( source_handle, target_handle, NULL ),
-                PSA_ERROR_OCCUPIED_SLOT );
+                PSA_ERROR_ALREADY_EXISTS );
 
     /* Test that the target slot is unaffected. */
     PSA_ASSERT( psa_get_key_information( target_handle,
@@ -579,7 +579,7 @@ void copy_to_same( int lifetime_arg, int id_arg,
 
     /* Copy the key. */
     TEST_EQUAL( psa_copy_key( handle, handle, NULL ),
-                PSA_ERROR_OCCUPIED_SLOT );
+                PSA_ERROR_ALREADY_EXISTS );
 
     /* Test that the slot is unaffected. */
     PSA_ASSERT( psa_get_key_information( handle,

tests/suites/test_suite_psa_crypto_storage_file.data

@@ -24,7 +24,7 @@ write_data_to_file:"deadbeef":PSA_SUCCESS
 
 PSA Storage Store into preexisting location, should fail
 depends_on:MBEDTLS_FS_IO
-write_data_to_prexisting_file:"psa_key_slot_1":"deadbeef":PSA_ERROR_OCCUPIED_SLOT
+write_data_to_prexisting_file:"psa_key_slot_1":"deadbeef":PSA_ERROR_ALREADY_EXISTS
 
 PSA Storage Store, preexisting temp_location file, should succeed
 depends_on:MBEDTLS_FS_IO
@@ -40,4 +40,4 @@ get_file_size:"":0:PSA_SUCCESS:1
 
 PSA Storage Get data size nonexistent file location, should fail
 depends_on:MBEDTLS_FS_IO
-get_file_size:"deadbeef":4:PSA_ERROR_EMPTY_SLOT:0
+get_file_size:"deadbeef":4:PSA_ERROR_DOES_NOT_EXIST:0