diff --git a/include/psa/crypto_values.h b/include/psa/crypto_values.h index cf7a0e1268..105762cdc9 100644 --- a/include/psa/crypto_values.h +++ b/include/psa/crypto_values.h @@ -294,6 +294,22 @@ */ #define PSA_ERROR_DATA_CORRUPT ((psa_status_t)-152) +/** Data read from storage is not valid for the implementation. + * + * This error indicates that some data read from storage does not have a valid + * format. It does not indicate the following situations, which have specific + * error codes: + * + * - When the storage or stored data is corrupted - use #PSA_ERROR_DATA_CORRUPT + * - When the storage fails for other reasons - use #PSA_ERROR_STORAGE_FAILURE + * - An invalid argument to the API - use #PSA_ERROR_INVALID_ARGUMENT + * + * This error is typically a result of either storage corruption on a + * cleartext storage backend, or an attempt to read data that was + * written by an incompatible version of the library. + */ +#define PSA_ERROR_DATA_INVALID ((psa_status_t)-153) + /**@}*/ /** \defgroup crypto_types Key and algorithm types diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 66c8f65bc6..e1fce90af2 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -6593,7 +6593,7 @@ static psa_status_t psa_crypto_recover_transaction( default: /* We found an unsupported transaction in the storage. * We don't know what state the storage is in. Give up. */ - return( PSA_ERROR_STORAGE_FAILURE ); + return( PSA_ERROR_DATA_INVALID ); } } #endif /* PSA_CRYPTO_STORAGE_HAS_TRANSACTIONS */ diff --git a/library/psa_crypto_slot_management.c b/library/psa_crypto_slot_management.c index 4c4ad0331a..4841b0dc89 100644 --- a/library/psa_crypto_slot_management.c +++ b/library/psa_crypto_slot_management.c @@ -253,7 +253,7 @@ static psa_status_t psa_load_persistent_key_into_slot( psa_key_slot_t *slot ) psa_se_key_data_storage_t *data; if( key_data_length != sizeof( *data ) ) { - status = PSA_ERROR_STORAGE_FAILURE; + status = PSA_ERROR_DATA_INVALID; goto exit; } data = (psa_se_key_data_storage_t *) key_data; diff --git a/library/psa_crypto_storage.c b/library/psa_crypto_storage.c index 1ebd20ee37..aa55f0a668 100644 --- a/library/psa_crypto_storage.c +++ b/library/psa_crypto_storage.c @@ -108,7 +108,7 @@ static psa_status_t psa_crypto_storage_load( status = psa_its_get( data_identifier, 0, (uint32_t) data_size, data, &data_length ); if( data_size != data_length ) - return( PSA_ERROR_STORAGE_FAILURE ); + return( PSA_ERROR_DATA_INVALID ); return( status ); } @@ -156,7 +156,7 @@ static psa_status_t psa_crypto_storage_store( const mbedtls_svc_key_id_t key, status = psa_its_set( data_identifier, (uint32_t) data_length, data, 0 ); if( status != PSA_SUCCESS ) { - return( PSA_ERROR_STORAGE_FAILURE ); + return( PSA_ERROR_DATA_INVALID ); } status = psa_its_get_info( data_identifier, &data_identifier_info ); @@ -167,7 +167,7 @@ static psa_status_t psa_crypto_storage_store( const mbedtls_svc_key_id_t key, if( data_identifier_info.size != data_length ) { - status = PSA_ERROR_STORAGE_FAILURE; + status = PSA_ERROR_DATA_INVALID; goto exit; } @@ -194,11 +194,11 @@ psa_status_t psa_destroy_persistent_key( const mbedtls_svc_key_id_t key ) return( PSA_SUCCESS ); if( psa_its_remove( data_identifier ) != PSA_SUCCESS ) - return( PSA_ERROR_STORAGE_FAILURE ); + return( PSA_ERROR_DATA_INVALID ); ret = psa_its_get_info( data_identifier, &data_identifier_info ); if( ret != PSA_ERROR_DOES_NOT_EXIST ) - return( PSA_ERROR_STORAGE_FAILURE ); + return( PSA_ERROR_DATA_INVALID ); return( PSA_SUCCESS ); } @@ -313,7 +313,7 @@ static psa_status_t check_magic_header( const uint8_t *data ) { if( memcmp( data, PSA_KEY_STORAGE_MAGIC_HEADER, PSA_KEY_STORAGE_MAGIC_HEADER_LENGTH ) != 0 ) - return( PSA_ERROR_STORAGE_FAILURE ); + return( PSA_ERROR_DATA_INVALID ); return( PSA_SUCCESS ); } @@ -329,7 +329,7 @@ psa_status_t psa_parse_key_data_from_storage( const uint8_t *storage_data, uint32_t version; if( storage_data_length < sizeof(*storage_format) ) - return( PSA_ERROR_STORAGE_FAILURE ); + return( PSA_ERROR_DATA_INVALID ); status = check_magic_header( storage_data ); if( status != PSA_SUCCESS ) @@ -337,12 +337,12 @@ psa_status_t psa_parse_key_data_from_storage( const uint8_t *storage_data, GET_UINT32_LE( version, storage_format->version, 0 ); if( version != 0 ) - return( PSA_ERROR_STORAGE_FAILURE ); + return( PSA_ERROR_DATA_INVALID ); GET_UINT32_LE( *key_data_length, storage_format->data_len, 0 ); if( *key_data_length > ( storage_data_length - sizeof(*storage_format) ) || *key_data_length > PSA_CRYPTO_MAX_STORAGE_SIZE ) - return( PSA_ERROR_STORAGE_FAILURE ); + return( PSA_ERROR_DATA_INVALID ); if( *key_data_length == 0 ) { @@ -470,7 +470,7 @@ psa_status_t psa_crypto_load_transaction( void ) if( status != PSA_SUCCESS ) return( status ); if( length != sizeof( psa_crypto_transaction ) ) - return( PSA_ERROR_STORAGE_FAILURE ); + return( PSA_ERROR_DATA_INVALID ); return( PSA_SUCCESS ); } diff --git a/programs/psa/psa_constant_names_generated.c b/programs/psa/psa_constant_names_generated.c index 7a16a5b586..04b29603b3 100644 --- a/programs/psa/psa_constant_names_generated.c +++ b/programs/psa/psa_constant_names_generated.c @@ -9,6 +9,7 @@ static const char *psa_strerror(psa_status_t status) case PSA_ERROR_COMMUNICATION_FAILURE: return "PSA_ERROR_COMMUNICATION_FAILURE"; case PSA_ERROR_CORRUPTION_DETECTED: return "PSA_ERROR_CORRUPTION_DETECTED"; case PSA_ERROR_DATA_CORRUPT: return "PSA_ERROR_DATA_CORRUPT"; + case PSA_ERROR_DATA_INVALID: return "PSA_ERROR_DATA_INVALID"; case PSA_ERROR_DOES_NOT_EXIST: return "PSA_ERROR_DOES_NOT_EXIST"; case PSA_ERROR_GENERIC_ERROR: return "PSA_ERROR_GENERIC_ERROR"; case PSA_ERROR_HARDWARE_FAILURE: return "PSA_ERROR_HARDWARE_FAILURE";