From a2523b2c6db1e3d31f846075d8a1d1d48e650e3b Mon Sep 17 00:00:00 2001 From: David Saada Date: Mon, 18 Feb 2019 13:56:26 +0200 Subject: [PATCH] Replace ITS specific types with more generic PSA storage types PSA spec now defines more generic PSA storage types instead of the ITS specific ones. This is necessary in order to integrate with the newer implementation of PSA ITS landing in Mbed OS soon. Changes include the following: - psa_status_t replaces psa_its_status_t - psa_storage_info_t replaces psa_its_info_t - psa_storage_uid_t replaces psa_its_uid_t --- include/psa/crypto_extra.h | 1 - library/psa_crypto.c | 46 ++-------- library/psa_crypto_storage_its.c | 86 +++++-------------- .../test_suite_psa_crypto_entropy.function | 18 ++-- 4 files changed, 36 insertions(+), 115 deletions(-) diff --git a/include/psa/crypto_extra.h b/include/psa/crypto_extra.h index 7f08857942..96b478b7f4 100644 --- a/include/psa/crypto_extra.h +++ b/include/psa/crypto_extra.h @@ -111,7 +111,6 @@ void mbedtls_psa_crypto_free( void ); * \retval #PSA_ERROR_INVALID_ARGUMENT * \p seed_size is out of range. * \retval #PSA_ERROR_STORAGE_FAILURE - * \retval `PSA_ITS_ERROR_XXX` * There was a failure reading or writing from storage. * \retval #PSA_ERROR_NOT_PERMITTED * The library has already been initialized. It is no longer diff --git a/library/psa_crypto.c b/library/psa_crypto.c index fd9f38774a..1efb3e87fa 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -4391,45 +4391,11 @@ psa_status_t psa_generate_random( uint8_t *output, #if ( defined(MBEDTLS_ENTROPY_NV_SEED) && defined(MBEDTLS_PSA_HAS_ITS_IO) ) -/* Support function for error conversion between psa_its error codes to psa crypto */ -static psa_status_t its_to_psa_error( psa_its_status_t ret ) -{ - switch( ret ) - { - case PSA_ITS_SUCCESS: - return( PSA_SUCCESS ); - - case PSA_ITS_ERROR_UID_NOT_FOUND: - return( PSA_ERROR_DOES_NOT_EXIST ); - - case PSA_ITS_ERROR_STORAGE_FAILURE: - return( PSA_ERROR_STORAGE_FAILURE ); - - case PSA_ITS_ERROR_INSUFFICIENT_SPACE: - return( PSA_ERROR_INSUFFICIENT_STORAGE ); - - case PSA_ITS_ERROR_OFFSET_INVALID: - case PSA_ITS_ERROR_INCORRECT_SIZE: - case PSA_ITS_ERROR_INVALID_ARGUMENTS: - return( PSA_ERROR_INVALID_ARGUMENT ); - - case PSA_ITS_ERROR_FLAGS_NOT_SUPPORTED: - return( PSA_ERROR_NOT_SUPPORTED ); - - case PSA_ITS_ERROR_WRITE_ONCE: - return( PSA_ERROR_ALREADY_EXISTS ); - - default: - return( PSA_ERROR_GENERIC_ERROR ); - } -} - psa_status_t mbedtls_psa_inject_entropy( const unsigned char *seed, size_t seed_size ) { psa_status_t status; - psa_its_status_t its_status; - struct psa_its_info_t p_info; + struct psa_storage_info_t p_info; if( global_data.initialized ) return( PSA_ERROR_NOT_PERMITTED ); @@ -4438,15 +4404,13 @@ psa_status_t mbedtls_psa_inject_entropy( const unsigned char *seed, ( seed_size > MBEDTLS_ENTROPY_MAX_SEED_SIZE ) ) return( PSA_ERROR_INVALID_ARGUMENT ); - its_status = psa_its_get_info( PSA_CRYPTO_ITS_RANDOM_SEED_UID, &p_info ); - status = its_to_psa_error( its_status ); + status = psa_its_get_info( PSA_CRYPTO_ITS_RANDOM_SEED_UID, &p_info ); - if( PSA_ITS_ERROR_UID_NOT_FOUND == its_status ) /* No seed exists */ + if( PSA_ERROR_DOES_NOT_EXIST == status ) /* No seed exists */ { - its_status = psa_its_set( PSA_CRYPTO_ITS_RANDOM_SEED_UID, seed_size, seed, 0 ); - status = its_to_psa_error( its_status ); + status = psa_its_set( PSA_CRYPTO_ITS_RANDOM_SEED_UID, seed_size, seed, 0 ); } - else if( PSA_ITS_SUCCESS == its_status ) + else if( PSA_SUCCESS == status ) { /* You should not be here. Seed needs to be injected only once */ status = PSA_ERROR_NOT_PERMITTED; diff --git a/library/psa_crypto_storage_its.c b/library/psa_crypto_storage_its.c index f97a5d7de9..bb0d0cdf19 100644 --- a/library/psa_crypto_storage_its.c +++ b/library/psa_crypto_storage_its.c @@ -36,39 +36,7 @@ #include "mbedtls/platform.h" #endif -static psa_status_t its_to_psa_error( psa_its_status_t ret ) -{ - switch( ret ) - { - case PSA_ITS_SUCCESS: - return( PSA_SUCCESS ); - - case PSA_ITS_ERROR_UID_NOT_FOUND: - return( PSA_ERROR_DOES_NOT_EXIST ); - - case PSA_ITS_ERROR_STORAGE_FAILURE: - return( PSA_ERROR_STORAGE_FAILURE ); - - case PSA_ITS_ERROR_INSUFFICIENT_SPACE: - return( PSA_ERROR_INSUFFICIENT_STORAGE ); - - case PSA_ITS_ERROR_OFFSET_INVALID: - case PSA_ITS_ERROR_INCORRECT_SIZE: - case PSA_ITS_ERROR_INVALID_ARGUMENTS: - return( PSA_ERROR_INVALID_ARGUMENT ); - - case PSA_ITS_ERROR_FLAGS_NOT_SUPPORTED: - return( PSA_ERROR_NOT_SUPPORTED ); - - case PSA_ITS_ERROR_WRITE_ONCE: - return( PSA_ERROR_ALREADY_EXISTS ); - - default: - return( PSA_ERROR_UNKNOWN_ERROR ); - } -} - -static psa_its_uid_t psa_its_identifier_of_slot( psa_key_id_t key ) +static psa_storage_uid_t psa_its_identifier_of_slot( psa_key_id_t key ) { return( key ); } @@ -76,31 +44,28 @@ static psa_its_uid_t psa_its_identifier_of_slot( psa_key_id_t key ) psa_status_t psa_crypto_storage_load( const psa_key_id_t key, uint8_t *data, size_t data_size ) { - psa_its_status_t ret; psa_status_t status; - psa_its_uid_t data_identifier = psa_its_identifier_of_slot( key ); - struct psa_its_info_t data_identifier_info; + psa_storage_uid_t data_identifier = psa_its_identifier_of_slot( key ); + struct psa_storage_info_t data_identifier_info; - ret = psa_its_get_info( data_identifier, &data_identifier_info ); - status = its_to_psa_error( ret ); - if( status != PSA_SUCCESS ) + status = psa_its_get_info( data_identifier, &data_identifier_info ); + if( status != PSA_SUCCESS ) return( status ); - ret = psa_its_get( data_identifier, 0, data_size, data ); - status = its_to_psa_error( ret ); + status = psa_its_get( data_identifier, 0, data_size, data ); return( status ); } int psa_is_key_present_in_storage( const psa_key_id_t key ) { - psa_its_status_t ret; - psa_its_uid_t data_identifier = psa_its_identifier_of_slot( key ); - struct psa_its_info_t data_identifier_info; + psa_status_t ret; + psa_storage_uid_t data_identifier = psa_its_identifier_of_slot( key ); + struct psa_storage_info_t data_identifier_info; ret = psa_its_get_info( data_identifier, &data_identifier_info ); - if( ret == PSA_ITS_ERROR_UID_NOT_FOUND ) + if( ret == PSA_ERROR_DOES_NOT_EXIST ) return( 0 ); return( 1 ); } @@ -109,23 +74,20 @@ psa_status_t psa_crypto_storage_store( const psa_key_id_t key, const uint8_t *data, size_t data_length ) { - psa_its_status_t ret; psa_status_t status; - psa_its_uid_t data_identifier = psa_its_identifier_of_slot( key ); - struct psa_its_info_t data_identifier_info; + psa_storage_uid_t data_identifier = psa_its_identifier_of_slot( key ); + struct psa_storage_info_t data_identifier_info; if( psa_is_key_present_in_storage( key ) == 1 ) return( PSA_ERROR_ALREADY_EXISTS ); - ret = psa_its_set( data_identifier, data_length, data, 0 ); - status = its_to_psa_error( ret ); + status = psa_its_set( data_identifier, data_length, data, 0 ); if( status != PSA_SUCCESS ) { return( PSA_ERROR_STORAGE_FAILURE ); } - ret = psa_its_get_info( data_identifier, &data_identifier_info ); - status = its_to_psa_error( ret ); + status = psa_its_get_info( data_identifier, &data_identifier_info ); if( status != PSA_SUCCESS ) { goto exit; @@ -145,19 +107,19 @@ exit: psa_status_t psa_destroy_persistent_key( const psa_key_id_t key ) { - psa_its_status_t ret; - psa_its_uid_t data_identifier = psa_its_identifier_of_slot( key ); - struct psa_its_info_t data_identifier_info; + psa_status_t ret; + psa_storage_uid_t data_identifier = psa_its_identifier_of_slot( key ); + struct psa_storage_info_t data_identifier_info; ret = psa_its_get_info( data_identifier, &data_identifier_info ); - if( ret == PSA_ITS_ERROR_UID_NOT_FOUND ) + if( ret == PSA_ERROR_DOES_NOT_EXIST ) return( PSA_SUCCESS ); - if( psa_its_remove( data_identifier ) != PSA_ITS_SUCCESS ) + if( psa_its_remove( data_identifier ) != PSA_SUCCESS ) return( PSA_ERROR_STORAGE_FAILURE ); ret = psa_its_get_info( data_identifier, &data_identifier_info ); - if( ret != PSA_ITS_ERROR_UID_NOT_FOUND ) + if( ret != PSA_ERROR_DOES_NOT_EXIST ) return( PSA_ERROR_STORAGE_FAILURE ); return( PSA_SUCCESS ); @@ -166,13 +128,11 @@ psa_status_t psa_destroy_persistent_key( const psa_key_id_t key ) psa_status_t psa_crypto_storage_get_data_length( const psa_key_id_t key, size_t *data_length ) { - psa_its_status_t ret; psa_status_t status; - psa_its_uid_t data_identifier = psa_its_identifier_of_slot( key ); - struct psa_its_info_t data_identifier_info; + psa_storage_uid_t data_identifier = psa_its_identifier_of_slot( key ); + struct psa_storage_info_t data_identifier_info; - ret = psa_its_get_info( data_identifier, &data_identifier_info ); - status = its_to_psa_error( ret ); + status = psa_its_get_info( data_identifier, &data_identifier_info ); if( status != PSA_SUCCESS ) return( status ); diff --git a/tests/suites/test_suite_psa_crypto_entropy.function b/tests/suites/test_suite_psa_crypto_entropy.function index 727db43e54..a14657e9f3 100644 --- a/tests/suites/test_suite_psa_crypto_entropy.function +++ b/tests/suites/test_suite_psa_crypto_entropy.function @@ -22,7 +22,6 @@ void validate_entropy_seed_injection( int seed_length_a, int seed_length_b, int expected_status_b ) { - psa_its_status_t its_status; psa_status_t status; uint8_t output[32] = { 0 }; uint8_t zeros[32] = { 0 }; @@ -43,9 +42,9 @@ void validate_entropy_seed_injection( int seed_length_a, { seed[i] = i; } - its_status = psa_its_remove( PSA_CRYPTO_ITS_RANDOM_SEED_UID ); - TEST_ASSERT( ( its_status == PSA_ITS_SUCCESS ) || - ( its_status == PSA_ITS_ERROR_KEY_NOT_FOUND ) ); + status = psa_its_remove( PSA_CRYPTO_ITS_RANDOM_SEED_UID ); + TEST_ASSERT( ( status == PSA_SUCCESS ) || + ( status == PSA_ERROR_DOES_NOT_EXIST ) ); status = mbedtls_psa_inject_entropy( seed, seed_length_a ); TEST_EQUAL( status, expected_status_a ); status = mbedtls_psa_inject_entropy( seed, seed_length_b ); @@ -64,7 +63,6 @@ exit: /* BEGIN_CASE */ void run_entropy_inject_with_crypto_init( ) { - psa_its_status_t its_status; psa_status_t status; int i; uint8_t seed[MBEDTLS_PSA_INJECT_ENTROPY_MIN_SIZE] = { 0 }; @@ -73,13 +71,13 @@ void run_entropy_inject_with_crypto_init( ) { seed[i] = i; } - its_status = psa_its_remove( PSA_CRYPTO_ITS_RANDOM_SEED_UID ); - TEST_ASSERT( ( its_status == PSA_ITS_SUCCESS ) || - ( its_status == PSA_ITS_ERROR_KEY_NOT_FOUND ) ); + status = psa_its_remove( PSA_CRYPTO_ITS_RANDOM_SEED_UID ); + TEST_ASSERT( ( status == PSA_SUCCESS ) || + ( status == PSA_ERROR_DOES_NOT_EXIST ) ); status = mbedtls_psa_inject_entropy( seed, sizeof( seed ) ); PSA_ASSERT( status ); - its_status = psa_its_remove( PSA_CRYPTO_ITS_RANDOM_SEED_UID ); - TEST_EQUAL( its_status, PSA_ITS_SUCCESS ); + status = psa_its_remove( PSA_CRYPTO_ITS_RANDOM_SEED_UID ); + TEST_EQUAL( status, PSA_SUCCESS ); status = psa_crypto_init( ); TEST_EQUAL( status, PSA_ERROR_INSUFFICIENT_ENTROPY ); status = mbedtls_psa_inject_entropy( seed, sizeof( seed ) );