psa: Fix error code when creating/registering a key with invalid id

When creating a persistent key or registering a key with an invalid key identifier return PSA_ERROR_INVALID_ARGUMENT instead of PSA_ERROR_INVALID_HANDLE. Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-03-31 17:36:31 +02:00 · 2021-03-31 17:36:31 +02:00 · 77e412cd71
commit 77e412cd71
parent 88a55464f5
3 changed files with 10 additions and 14 deletions
--- a/library/psa_crypto.c
+++ b/library/psa_crypto.c
@ -1624,9 +1624,8 @@ static psa_status_t psa_validate_key_attributes(
    }
    else
    {
-        status = psa_validate_key_id( psa_get_key_id( attributes ), 0 );
-        if( status != PSA_SUCCESS )
-            return( status );
+        if( !psa_is_valid_key_id( psa_get_key_id( attributes ), 0 ) )
+            return( PSA_ERROR_INVALID_ARGUMENT );
    }

    status = psa_validate_key_policy( &attributes->core.policy );
--- a/library/psa_crypto_slot_management.c
+++ b/library/psa_crypto_slot_management.c
@ -51,21 +51,20 @@ typedef struct

 static psa_global_data_t global_data;

-psa_status_t psa_validate_key_id(
-    mbedtls_svc_key_id_t key, int vendor_ok )
+int psa_is_valid_key_id( mbedtls_svc_key_id_t key, int vendor_ok )
 {
    psa_key_id_t key_id = MBEDTLS_SVC_KEY_ID_GET_KEY_ID( key );

    if( ( PSA_KEY_ID_USER_MIN <= key_id ) &&
        ( key_id <= PSA_KEY_ID_USER_MAX ) )
-        return( PSA_SUCCESS );
+        return( 1 );

    if( vendor_ok &&
        ( PSA_KEY_ID_VENDOR_MIN <= key_id ) &&
        ( key_id <= PSA_KEY_ID_VENDOR_MAX ) )
-        return( PSA_SUCCESS );
+        return( 1 );

-    return( PSA_ERROR_INVALID_HANDLE );
+    return( 0 );
 }

 /** Get the description in memory of a key given its identifier and lock it.
@ -124,9 +123,8 @@ static psa_status_t psa_get_and_lock_key_slot_in_memory(
    }
    else
    {
-        status = psa_validate_key_id( key, 1 );
-        if( status != PSA_SUCCESS )
-            return( status );
+        if ( !psa_is_valid_key_id( key, 1 ) )
+            return( PSA_ERROR_INVALID_HANDLE );

        for( slot_idx = 0; slot_idx < MBEDTLS_PSA_KEY_SLOT_COUNT; slot_idx++ )
        {
--- a/library/psa_crypto_slot_management.h
+++ b/library/psa_crypto_slot_management.h
@ -217,9 +217,8 @@ psa_status_t psa_validate_key_persistence( psa_key_lifetime_t lifetime );
 *                          vendor range are allowed, volatile key identifiers
 *                          excepted \c 0 otherwise.
 *
- * \retval #PSA_SUCCESS The identifier is valid.
- * \retval #PSA_ERROR_INVALID_ARGUMENT The key identifier is not valid.
+ * \retval <> 0 if the key identifier is valid, 0 otherwise.
 */
-psa_status_t psa_validate_key_id( mbedtls_svc_key_id_t key, int vendor_ok );
+int psa_is_valid_key_id( mbedtls_svc_key_id_t key, int vendor_ok );

 #endif /* PSA_CRYPTO_SLOT_MANAGEMENT_H */