AuroraMiddleware/mbedtls
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Replace PSA error code definitions with the ones defined in PSA spec

Browse Source
This commit is contained in:
David Saada 2019-02-14 13:48:10 +02:00
parent 2d7e5fe31d
commit b4ecc27629
15 changed files with 108 additions and 116 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

42
include/psa/crypto.h
View File

@ -193,7 +193,7 @@ psa_algorithm_t psa_key_policy_get_algorithm(const psa_key_policy_t *policy);
* the policy has been saved to persistent storage. Implementations
* may defer saving the policy until the key material is created.
* \retval #PSA_ERROR_INVALID_HANDLE
* \retval #PSA_ERROR_OCCUPIED_SLOT
* \retval #PSA_ERROR_ALREADY_EXISTS
* \retval #PSA_ERROR_NOT_SUPPORTED
* \retval #PSA_ERROR_INVALID_ARGUMENT
* \retval #PSA_ERROR_COMMUNICATION_FAILURE
@ -285,7 +285,7 @@ psa_status_t psa_allocate_key(psa_key_handle_t *handle);
* Success. The application can now use the value of `*handle`
* to access the newly allocated key slot.
* \retval #PSA_ERROR_INSUFFICIENT_MEMORY
* \retval #PSA_ERROR_EMPTY_SLOT
* \retval #PSA_ERROR_DOES_NOT_EXIST
* \retval #PSA_ERROR_INVALID_ARGUMENT
* \p lifetime is invalid, for example #PSA_KEY_LIFETIME_VOLATILE.
* \retval #PSA_ERROR_INVALID_ARGUMENT
@ -322,7 +322,7 @@ psa_status_t psa_open_key(psa_key_lifetime_t lifetime,
* to access the newly allocated key slot.
* \retval #PSA_ERROR_INSUFFICIENT_MEMORY
* \retval #PSA_ERROR_INSUFFICIENT_STORAGE
* \retval #PSA_ERROR_OCCUPIED_SLOT
* \retval #PSA_ERROR_ALREADY_EXISTS
* There is already a key with the identifier \p id in the storage
* area designated by \p lifetime.
* \retval #PSA_ERROR_INVALID_ARGUMENT
@ -401,7 +401,7 @@ psa_status_t psa_close_key(psa_key_handle_t handle);
* \retval #PSA_ERROR_INVALID_ARGUMENT
* The key slot is invalid,
* or the key data is not correctly formatted.
* \retval #PSA_ERROR_OCCUPIED_SLOT
* \retval #PSA_ERROR_ALREADY_EXISTS
* There is already a key in the specified slot.
* \retval #PSA_ERROR_INSUFFICIENT_MEMORY
* \retval #PSA_ERROR_INSUFFICIENT_STORAGE
@ -470,7 +470,7 @@ psa_status_t psa_destroy_key(psa_key_handle_t handle);
*
* \retval #PSA_SUCCESS
* \retval #PSA_ERROR_INVALID_HANDLE
* \retval #PSA_ERROR_EMPTY_SLOT
* \retval #PSA_ERROR_DOES_NOT_EXIST
* The handle is to a key slot which does not contain key material yet.
* \retval #PSA_ERROR_COMMUNICATION_FAILURE
* \retval #PSA_ERROR_HARDWARE_FAILURE
@ -554,7 +554,7 @@ psa_status_t psa_get_key_information(psa_key_handle_t handle,
*
* \retval #PSA_SUCCESS
* \retval #PSA_ERROR_INVALID_HANDLE
* \retval #PSA_ERROR_EMPTY_SLOT
* \retval #PSA_ERROR_DOES_NOT_EXIST
* \retval #PSA_ERROR_NOT_PERMITTED
* \retval #PSA_ERROR_NOT_SUPPORTED
* \retval #PSA_ERROR_BUFFER_TOO_SMALL
@ -641,7 +641,7 @@ psa_status_t psa_export_key(psa_key_handle_t handle,
*
* \retval #PSA_SUCCESS
* \retval #PSA_ERROR_INVALID_HANDLE
* \retval #PSA_ERROR_EMPTY_SLOT
* \retval #PSA_ERROR_DOES_NOT_EXIST
* \retval #PSA_ERROR_INVALID_ARGUMENT
* The key is neither a public key nor a key pair.
* \retval #PSA_ERROR_NOT_SUPPORTED
@ -710,9 +710,9 @@ psa_status_t psa_export_public_key(psa_key_handle_t handle,
*
* \retval #PSA_SUCCESS
* \retval #PSA_ERROR_INVALID_HANDLE
* \retval #PSA_ERROR_OCCUPIED_SLOT
* \retval #PSA_ERROR_ALREADY_EXISTS
* \p target already contains key material.
* \retval #PSA_ERROR_EMPTY_SLOT
* \retval #PSA_ERROR_DOES_NOT_EXIST
* \p source does not contain key material.
* \retval #PSA_ERROR_INVALID_ARGUMENT
* The policy constraints on the source, on the target and
@ -1071,7 +1071,7 @@ static psa_mac_operation_t psa_mac_operation_init(void);
* \retval #PSA_SUCCESS
* Success.
* \retval #PSA_ERROR_INVALID_HANDLE
* \retval #PSA_ERROR_EMPTY_SLOT
* \retval #PSA_ERROR_DOES_NOT_EXIST
* \retval #PSA_ERROR_NOT_PERMITTED
* \retval #PSA_ERROR_INVALID_ARGUMENT
* \p key is not compatible with \p alg.
@ -1128,7 +1128,7 @@ psa_status_t psa_mac_sign_setup(psa_mac_operation_t *operation,
* \retval #PSA_SUCCESS
* Success.
* \retval #PSA_ERROR_INVALID_HANDLE
* \retval #PSA_ERROR_EMPTY_SLOT
* \retval #PSA_ERROR_DOES_NOT_EXIST
* \retval #PSA_ERROR_NOT_PERMITTED
* \retval #PSA_ERROR_INVALID_ARGUMENT
* \c key is not compatible with \c alg.
@ -1373,7 +1373,7 @@ static psa_cipher_operation_t psa_cipher_operation_init(void);
* \retval #PSA_SUCCESS
* Success.
* \retval #PSA_ERROR_INVALID_HANDLE
* \retval #PSA_ERROR_EMPTY_SLOT
* \retval #PSA_ERROR_DOES_NOT_EXIST
* \retval #PSA_ERROR_NOT_PERMITTED
* \retval #PSA_ERROR_INVALID_ARGUMENT
* \p key is not compatible with \p alg.
@ -1432,7 +1432,7 @@ psa_status_t psa_cipher_encrypt_setup(psa_cipher_operation_t *operation,
* \retval #PSA_SUCCESS
* Success.
* \retval #PSA_ERROR_INVALID_HANDLE
* \retval #PSA_ERROR_EMPTY_SLOT
* \retval #PSA_ERROR_DOES_NOT_EXIST
* \retval #PSA_ERROR_NOT_PERMITTED
* \retval #PSA_ERROR_INVALID_ARGUMENT
* \p key is not compatible with \p alg.
@ -1660,7 +1660,7 @@ psa_status_t psa_cipher_abort(psa_cipher_operation_t *operation);
* \retval #PSA_SUCCESS
* Success.
* \retval #PSA_ERROR_INVALID_HANDLE
* \retval #PSA_ERROR_EMPTY_SLOT
* \retval #PSA_ERROR_DOES_NOT_EXIST
* \retval #PSA_ERROR_NOT_PERMITTED
* \retval #PSA_ERROR_INVALID_ARGUMENT
* \p key is not compatible with \p alg.
@ -1716,7 +1716,7 @@ psa_status_t psa_aead_encrypt(psa_key_handle_t handle,
* \retval #PSA_SUCCESS
* Success.
* \retval #PSA_ERROR_INVALID_HANDLE
* \retval #PSA_ERROR_EMPTY_SLOT
* \retval #PSA_ERROR_DOES_NOT_EXIST
* \retval #PSA_ERROR_INVALID_SIGNATURE
* The ciphertext is not authentic.
* \retval #PSA_ERROR_NOT_PERMITTED
@ -2034,7 +2034,7 @@ psa_status_t psa_get_generator_capacity(const psa_crypto_generator_t *generator,
* \param output_length Number of bytes to output.
*
* \retval #PSA_SUCCESS
* \retval #PSA_ERROR_INSUFFICIENT_CAPACITY
* \retval #PSA_ERROR_INSUFFICIENT_DATA
* There were fewer than \p output_length bytes
* in the generator. Note that in this case, no
* output is written to the output buffer.
@ -2076,7 +2076,7 @@ psa_status_t psa_generator_read(psa_crypto_generator_t *generator,
* Success.
* If the key is persistent, the key material and the key's metadata
* have been saved to persistent storage.
* \retval #PSA_ERROR_INSUFFICIENT_CAPACITY
* \retval #PSA_ERROR_INSUFFICIENT_DATA
* There were fewer than \p output_length bytes
* in the generator. Note that in this case, no
* output is written to the output buffer.
@ -2088,7 +2088,7 @@ psa_status_t psa_generator_read(psa_crypto_generator_t *generator,
* implementation in general or in this particular slot.
* \retval #PSA_ERROR_BAD_STATE
* \retval #PSA_ERROR_INVALID_HANDLE
* \retval #PSA_ERROR_OCCUPIED_SLOT
* \retval #PSA_ERROR_ALREADY_EXISTS
* There is already a key in the specified slot.
* \retval #PSA_ERROR_INSUFFICIENT_MEMORY
* \retval #PSA_ERROR_INSUFFICIENT_STORAGE
@ -2172,7 +2172,7 @@ psa_status_t psa_generator_abort(psa_crypto_generator_t *generator);
* \retval #PSA_SUCCESS
* Success.
* \retval #PSA_ERROR_INVALID_HANDLE
* \retval #PSA_ERROR_EMPTY_SLOT
* \retval #PSA_ERROR_DOES_NOT_EXIST
* \retval #PSA_ERROR_NOT_PERMITTED
* \retval #PSA_ERROR_INVALID_ARGUMENT
* \c key is not compatible with \c alg,
@ -2233,7 +2233,7 @@ psa_status_t psa_key_derivation(psa_crypto_generator_t *generator,
* \retval #PSA_SUCCESS
* Success.
* \retval #PSA_ERROR_INVALID_HANDLE
* \retval #PSA_ERROR_EMPTY_SLOT
* \retval #PSA_ERROR_DOES_NOT_EXIST
* \retval #PSA_ERROR_NOT_PERMITTED
* \retval #PSA_ERROR_INVALID_ARGUMENT
* \c private_key is not compatible with \c alg,
@ -2332,7 +2332,7 @@ typedef struct {
* If the key is persistent, the key material and the key's metadata
* have been saved to persistent storage.
* \retval #PSA_ERROR_INVALID_HANDLE
* \retval #PSA_ERROR_OCCUPIED_SLOT
* \retval #PSA_ERROR_ALREADY_EXISTS
* There is already a key in the specified slot.
* \retval #PSA_ERROR_NOT_SUPPORTED
* \retval #PSA_ERROR_INVALID_ARGUMENT

2
include/psa/crypto_se_driver.h
View File

@ -754,7 +754,7 @@ typedef psa_status_t (*psa_drv_destroy_key_t)(psa_key_slot_t key);
* that make up the key data.
*
* \retval #PSA_SUCCESS
* \retval #PSA_ERROR_EMPTY_SLOT
* \retval #PSA_ERROR_DOES_NOT_EXIST
* \retval #PSA_ERROR_NOT_PERMITTED
* \retval #PSA_ERROR_NOT_SUPPORTED
* \retval #PSA_ERROR_COMMUNICATION_FAILURE

5
include/psa/crypto_types.h
View File

@ -47,8 +47,13 @@
* This is either #PSA_SUCCESS (which is zero), indicating success,
* or a nonzero value indicating that an error occurred. Errors are
* encoded as one of the \c PSA_ERROR_xxx values defined here.
* If #PSA_SUCCESS is already defined, it means that #psa_status_t
* is also defined in an external header, so prevent its multiple
* definition.
*/
#ifndef PSA_SUCCESS
typedef int32_t psa_status_t;
#endif
/**@}*/

76
include/psa/crypto_values.h
View File

@ -40,25 +40,17 @@
* @{
*/
#if !defined(PSA_SUCCESS)
/* If PSA_SUCCESS is defined, assume that PSA crypto is being used
* together with PSA IPC, which also defines the identifier
* PSA_SUCCESS. We must not define PSA_SUCCESS ourselves in that case;
* the other error code names don't clash. This is a temporary hack
* until we unify error reporting in PSA IPC and PSA crypto.
*
* Note that psa_defs.h must be included before this header!
*/
/* PSA error codes */
/** The action was completed successfully. */
#define PSA_SUCCESS ((psa_status_t)0)
#endif /* !defined(PSA_SUCCESS) */
/** An error occurred that does not correspond to any defined
* failure cause.
*
* Implementations may use this error code if none of the other standard
* error codes are applicable. */
#define PSA_ERROR_UNKNOWN_ERROR ((psa_status_t)1)
#define PSA_ERROR_GENERIC_ERROR ((psa_status_t)-132)
/** The requested operation or a parameter is not supported
* by this implementation.
@ -67,7 +59,7 @@
* parameter such as a key type, algorithm, etc. is not recognized.
* If a combination of parameters is recognized and identified as
* not valid, return #PSA_ERROR_INVALID_ARGUMENT instead. */
#define PSA_ERROR_NOT_SUPPORTED ((psa_status_t)2)
#define PSA_ERROR_NOT_SUPPORTED ((psa_status_t)-134)
/** The requested action is denied by a policy.
*
@ -80,7 +72,7 @@
* not valid or not supported, it is unspecified whether the function
* returns #PSA_ERROR_NOT_PERMITTED, #PSA_ERROR_NOT_SUPPORTED or
* #PSA_ERROR_INVALID_ARGUMENT. */
#define PSA_ERROR_NOT_PERMITTED ((psa_status_t)3)
#define PSA_ERROR_NOT_PERMITTED ((psa_status_t)-133)
/** An output buffer is too small.
*
@ -92,23 +84,19 @@
* buffer would succeed. However implementations may return this
* error if a function has invalid or unsupported parameters in addition
* to the parameters that determine the necessary output buffer size. */
#define PSA_ERROR_BUFFER_TOO_SMALL ((psa_status_t)4)
#define PSA_ERROR_BUFFER_TOO_SMALL ((psa_status_t)-138)
/** A slot is occupied, but must be empty to carry out the
* requested action.
/** Asking for an item that already exists
*
* If a handle is invalid, it does not designate an occupied slot.
* The error for an invalid handle is #PSA_ERROR_INVALID_HANDLE.
*/
#define PSA_ERROR_OCCUPIED_SLOT ((psa_status_t)5)
* Implementations should return this error, when attempting
* to write an item (like a key) that already exists. */
#define PSA_ERROR_ALREADY_EXISTS ((psa_status_t)-139)
/** A slot is empty, but must be occupied to carry out the
* requested action.
/** Asking for an item that doesn't exist
*
* If a handle is invalid, it does not designate an empty slot.
* The error for an invalid handle is #PSA_ERROR_INVALID_HANDLE.
*/
#define PSA_ERROR_EMPTY_SLOT ((psa_status_t)6)
* Implementations should return this error, if a requested item (like
* a key) does not exist. */
#define PSA_ERROR_DOES_NOT_EXIST ((psa_status_t)-140)
/** The requested action cannot be performed in the current state.
*
@ -118,9 +106,9 @@
*
* Implementations shall not return this error code to indicate
* that a key slot is occupied when it needs to be free or vice versa,
* but shall return #PSA_ERROR_OCCUPIED_SLOT or #PSA_ERROR_EMPTY_SLOT
* but shall return #PSA_ERROR_ALREADY_EXISTS or #PSA_ERROR_DOES_NOT_EXIST
* as applicable. */
#define PSA_ERROR_BAD_STATE ((psa_status_t)7)
#define PSA_ERROR_BAD_STATE ((psa_status_t)-137)
/** The parameters passed to the function are invalid.
*
@ -129,20 +117,20 @@
*
* Implementations shall not return this error code to indicate
* that a key slot is occupied when it needs to be free or vice versa,
* but shall return #PSA_ERROR_OCCUPIED_SLOT or #PSA_ERROR_EMPTY_SLOT
* but shall return #PSA_ERROR_ALREADY_EXISTS or #PSA_ERROR_DOES_NOT_EXIST
* as applicable.
*
* Implementation shall not return this error code to indicate that a
* key handle is invalid, but shall return #PSA_ERROR_INVALID_HANDLE
* instead.
*/
#define PSA_ERROR_INVALID_ARGUMENT ((psa_status_t)8)
#define PSA_ERROR_INVALID_ARGUMENT ((psa_status_t)-135)
/** There is not enough runtime memory.
*
* If the action is carried out across multiple security realms, this
* error can refer to available memory in any of the security realms. */
#define PSA_ERROR_INSUFFICIENT_MEMORY ((psa_status_t)9)
#define PSA_ERROR_INSUFFICIENT_MEMORY ((psa_status_t)-141)
/** There is not enough persistent storage.
*
@ -151,7 +139,7 @@
* many functions that do not otherwise access storage may return this
* error code if the implementation requires a mandatory log entry for
* the requested action and the log storage space is full. */
#define PSA_ERROR_INSUFFICIENT_STORAGE ((psa_status_t)10)
#define PSA_ERROR_INSUFFICIENT_STORAGE ((psa_status_t)-142)
/** There was a communication failure inside the implementation.
*
@ -168,7 +156,7 @@
* cryptoprocessor but there was a breakdown of communication before
* the cryptoprocessor could report the status to the application.
*/
#define PSA_ERROR_COMMUNICATION_FAILURE ((psa_status_t)11)
#define PSA_ERROR_COMMUNICATION_FAILURE ((psa_status_t)-145)
/** There was a storage failure that may have led to data loss.
*
@ -193,13 +181,13 @@
* permanent storage corruption. However application writers should
* keep in mind that transient errors while reading the storage may be
* reported using this error code. */
#define PSA_ERROR_STORAGE_FAILURE ((psa_status_t)12)
#define PSA_ERROR_STORAGE_FAILURE ((psa_status_t)-146)
/** A hardware failure was detected.
*
* A hardware failure may be transient or permanent depending on the
* cause. */
#define PSA_ERROR_HARDWARE_FAILURE ((psa_status_t)13)
#define PSA_ERROR_HARDWARE_FAILURE ((psa_status_t)-147)
/** A tampering attempt was detected.
*
@ -230,7 +218,7 @@
* This error indicates an attack against the application. Implementations
* shall not return this error code as a consequence of the behavior of
* the application itself. */
#define PSA_ERROR_TAMPERING_DETECTED ((psa_status_t)14)
#define PSA_ERROR_TAMPERING_DETECTED ((psa_status_t)-151)
/** There is not enough entropy to generate random data needed
* for the requested action.
@ -249,7 +237,7 @@
* secure pseudorandom generator (PRNG). However implementations may return
* this error at any time if a policy requires the PRNG to be reseeded
* during normal operation. */
#define PSA_ERROR_INSUFFICIENT_ENTROPY ((psa_status_t)15)
#define PSA_ERROR_INSUFFICIENT_ENTROPY ((psa_status_t)-148)
/** The signature, MAC or hash is incorrect.
*
@ -259,7 +247,7 @@
*
* If the value to verify has an invalid size, implementations may return
* either #PSA_ERROR_INVALID_ARGUMENT or #PSA_ERROR_INVALID_SIGNATURE. */
#define PSA_ERROR_INVALID_SIGNATURE ((psa_status_t)16)
#define PSA_ERROR_INVALID_SIGNATURE ((psa_status_t)-149)
/** The decrypted padding is incorrect.
*
@ -275,17 +263,15 @@
* as close as possible to indistinguishable to an external observer.
* In particular, the timing of a decryption operation should not
* depend on the validity of the padding. */
#define PSA_ERROR_INVALID_PADDING ((psa_status_t)17)
#define PSA_ERROR_INVALID_PADDING ((psa_status_t)-150)
/** The generator has insufficient capacity left.
*
* Once a function returns this error, attempts to read from the
* generator will always return this error. */
#define PSA_ERROR_INSUFFICIENT_CAPACITY ((psa_status_t)18)
/** Return this error when there's insufficient data when attempting
* to read from a resource. */
#define PSA_ERROR_INSUFFICIENT_DATA ((psa_status_t)-143)
/** The key handle is not valid.
*/
#define PSA_ERROR_INVALID_HANDLE ((psa_status_t)19)
#define PSA_ERROR_INVALID_HANDLE ((psa_status_t)-136)
/**@}*/

20
library/psa_crypto.c
View File

@ -346,7 +346,7 @@ static psa_status_t mbedtls_to_psa_error( int ret )
return( PSA_ERROR_HARDWARE_FAILURE );
default:
return( PSA_ERROR_UNKNOWN_ERROR );
return( PSA_ERROR_GENERIC_ERROR );
}
}
@ -742,7 +742,7 @@ static psa_status_t psa_get_empty_key_slot( psa_key_handle_t handle,
return( status );
if( slot->type != PSA_KEY_TYPE_NONE )
return( PSA_ERROR_OCCUPIED_SLOT );
return( PSA_ERROR_ALREADY_EXISTS );
*p_slot = slot;
return( status );
@ -839,7 +839,7 @@ static psa_status_t psa_get_key_from_slot( psa_key_handle_t handle,
if( status != PSA_SUCCESS )
return( status );
if( slot->type == PSA_KEY_TYPE_NONE )
return( PSA_ERROR_EMPTY_SLOT );
return( PSA_ERROR_DOES_NOT_EXIST );
/* Enforce that usage policy for the key slot contains all the flags
* required by the usage parameter. There is one exception: public
@ -1001,7 +1001,7 @@ psa_status_t psa_get_key_information( psa_key_handle_t handle,
return( status );
if( slot->type == PSA_KEY_TYPE_NONE )
return( PSA_ERROR_EMPTY_SLOT );
return( PSA_ERROR_DOES_NOT_EXIST );
if( type != NULL )
*type = slot->type;
if( bits != NULL )
@ -3098,7 +3098,7 @@ psa_status_t psa_cipher_finish( psa_cipher_operation_t *operation,
size_t output_size,
size_t *output_length )
{
psa_status_t status = PSA_ERROR_UNKNOWN_ERROR;
psa_status_t status = PSA_ERROR_GENERIC_ERROR;
int cipher_ret = MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE;
uint8_t temp_output_buffer[MBEDTLS_MAX_BLOCK_LENGTH];
@ -3855,7 +3855,7 @@ psa_status_t psa_generator_read( psa_crypto_generator_t *generator,
generator->capacity = 0;
/* Go through the error path to wipe all confidential data now
* that the generator object is useless. */
status = PSA_ERROR_INSUFFICIENT_CAPACITY;
status = PSA_ERROR_INSUFFICIENT_DATA;
goto exit;
}
if( output_length == 0 &&
@ -3867,7 +3867,7 @@ psa_status_t psa_generator_read( psa_crypto_generator_t *generator,
* INSUFFICIENT_CAPACITY, which is right for a finished
* generator, for consistency with the case when
* output_length > 0. */
return( PSA_ERROR_INSUFFICIENT_CAPACITY );
return( PSA_ERROR_INSUFFICIENT_DATA );
}
generator->capacity -= output_length;
@ -4400,7 +4400,7 @@ static psa_status_t its_to_psa_error( psa_its_status_t ret )
return( PSA_SUCCESS );
case PSA_ITS_ERROR_UID_NOT_FOUND:
return( PSA_ERROR_EMPTY_SLOT );
return( PSA_ERROR_DOES_NOT_EXIST );
case PSA_ITS_ERROR_STORAGE_FAILURE:
return( PSA_ERROR_STORAGE_FAILURE );
@ -4417,10 +4417,10 @@ static psa_status_t its_to_psa_error( psa_its_status_t ret )
return( PSA_ERROR_NOT_SUPPORTED );
case PSA_ITS_ERROR_WRITE_ONCE:
return( PSA_ERROR_OCCUPIED_SLOT );
return( PSA_ERROR_ALREADY_EXISTS );
default:
return( PSA_ERROR_UNKNOWN_ERROR );
return( PSA_ERROR_GENERIC_ERROR );
}
}

8
library/psa_crypto_slot_management.c
View File

@ -194,7 +194,7 @@ exit:
*
* \retval #PSA_SUCCESS
* The slot content was loaded successfully.
* \retval #PSA_ERROR_EMPTY_SLOT
* \retval #PSA_ERROR_DOES_NOT_EXIST
* There is no content for this slot in persistent storage.
* \retval #PSA_ERROR_INVALID_HANDLE
* \retval #PSA_ERROR_INVALID_ARGUMENT
@ -274,11 +274,11 @@ psa_status_t psa_create_key( psa_key_lifetime_t lifetime,
psa_status_t status;
status = persistent_key_setup( lifetime, id, handle,
PSA_ERROR_EMPTY_SLOT );
PSA_ERROR_DOES_NOT_EXIST );
switch( status )
{
case PSA_SUCCESS: return( PSA_ERROR_OCCUPIED_SLOT );
case PSA_ERROR_EMPTY_SLOT: return( PSA_SUCCESS );
case PSA_SUCCESS: return( PSA_ERROR_ALREADY_EXISTS );
case PSA_ERROR_DOES_NOT_EXIST: return( PSA_SUCCESS );
default: return( status );
}
}

4
library/psa_crypto_storage.h
View File

@ -84,7 +84,7 @@ extern "C" {
* \retval PSA_ERROR_INSUFFICIENT_MEMORY
* \retval PSA_ERROR_INSUFFICIENT_STORAGE
* \retval PSA_ERROR_STORAGE_FAILURE
* \retval PSA_ERROR_OCCUPIED_SLOT
* \retval PSA_ERROR_ALREADY_EXISTS
*/
psa_status_t psa_save_persistent_key( const psa_key_id_t key,
const psa_key_type_t type,
@ -115,7 +115,7 @@ psa_status_t psa_save_persistent_key( const psa_key_id_t key,
* \retval PSA_SUCCESS
* \retval PSA_ERROR_INSUFFICIENT_MEMORY
* \retval PSA_ERROR_STORAGE_FAILURE
* \retval PSA_ERROR_EMPTY_SLOT
* \retval PSA_ERROR_DOES_NOT_EXIST
*/
psa_status_t psa_load_persistent_key( psa_key_id_t key,
psa_key_type_t *type,

4
library/psa_crypto_storage_backend.h
View File

@ -54,7 +54,7 @@ extern "C" {
*
* \retval PSA_SUCCESS
* \retval PSA_ERROR_STORAGE_FAILURE
* \retval PSA_ERROR_EMPTY_SLOT
* \retval PSA_ERROR_DOES_NOT_EXIST
*/
psa_status_t psa_crypto_storage_load( const psa_key_id_t key, uint8_t *data,
size_t data_size );
@ -73,7 +73,7 @@ psa_status_t psa_crypto_storage_load( const psa_key_id_t key, uint8_t *data,
* \retval PSA_SUCCESS
* \retval PSA_ERROR_INSUFFICIENT_STORAGE
* \retval PSA_ERROR_STORAGE_FAILURE
* \retval PSA_ERROR_OCCUPIED_SLOT
* \retval PSA_ERROR_ALREADY_EXISTS
*/
psa_status_t psa_crypto_storage_store( const psa_key_id_t key,
const uint8_t *data,

4
library/psa_crypto_storage_file.c
View File

@ -118,7 +118,7 @@ psa_status_t psa_crypto_storage_store( const psa_key_id_t key,
key_id_to_location( key, slot_location, MAX_LOCATION_LEN );
if( psa_is_key_present_in_storage( key ) == 1 )
return( PSA_ERROR_OCCUPIED_SLOT );
return( PSA_ERROR_ALREADY_EXISTS );
file = fopen( temp_location, "wb" );
if( file == NULL )
@ -186,7 +186,7 @@ psa_status_t psa_crypto_storage_get_data_length( const psa_key_id_t key,
file = fopen( slot_location, "rb" );
if( file == NULL )
return( PSA_ERROR_EMPTY_SLOT );
return( PSA_ERROR_DOES_NOT_EXIST );
if( fseek( file, 0, SEEK_END ) != 0 )
{

7
library/psa_crypto_storage_its.c
View File

@ -27,6 +27,7 @@
#if defined(MBEDTLS_PSA_CRYPTO_STORAGE_ITS_C)
#include "psa/error.h"
#include "psa/crypto.h"
#include "psa_crypto_storage_backend.h"
#include "psa/internal_trusted_storage.h"
@ -43,7 +44,7 @@ static psa_status_t its_to_psa_error( psa_its_status_t ret )
return( PSA_SUCCESS );
case PSA_ITS_ERROR_UID_NOT_FOUND:
return( PSA_ERROR_EMPTY_SLOT );
return( PSA_ERROR_DOES_NOT_EXIST );
case PSA_ITS_ERROR_STORAGE_FAILURE:
return( PSA_ERROR_STORAGE_FAILURE );
@ -60,7 +61,7 @@ static psa_status_t its_to_psa_error( psa_its_status_t ret )
return( PSA_ERROR_NOT_SUPPORTED );
case PSA_ITS_ERROR_WRITE_ONCE:
return( PSA_ERROR_OCCUPIED_SLOT );
return( PSA_ERROR_ALREADY_EXISTS );
default:
return( PSA_ERROR_UNKNOWN_ERROR );
@ -114,7 +115,7 @@ psa_status_t psa_crypto_storage_store( const psa_key_id_t key,
struct psa_its_info_t data_identifier_info;
if( psa_is_key_present_in_storage( key ) == 1 )
return( PSA_ERROR_OCCUPIED_SLOT );
return( PSA_ERROR_ALREADY_EXISTS );
ret = psa_its_set( data_identifier, data_length, data, 0 );
status = its_to_psa_error( ret );

34
tests/suites/test_suite_psa_crypto.function
View File

@ -419,10 +419,10 @@ static psa_status_t key_agreement_with_self( psa_crypto_generator_t *generator,
size_t key_bits;
uint8_t *public_key = NULL;
size_t public_key_length;
/* Return UNKNOWN_ERROR if something other than the final call to
/* Return GENERIC_ERROR if something other than the final call to
* psa_key_agreement fails. This isn't fully satisfactory, but it's
* good enough: callers will report it as a failed test anyway. */
psa_status_t status = PSA_ERROR_UNKNOWN_ERROR;
psa_status_t status = PSA_ERROR_GENERIC_ERROR;
PSA_ASSERT( psa_get_key_information( handle,
&private_key_type,
@ -1027,7 +1027,7 @@ void import_export( data_t *data,
PSA_ASSERT( psa_set_key_policy( handle, &policy ) );
TEST_EQUAL( psa_get_key_information( handle, NULL, NULL ),
PSA_ERROR_EMPTY_SLOT );
PSA_ERROR_DOES_NOT_EXIST );
/* Import the key */
PSA_ASSERT( psa_import_key( handle, type,
@ -1114,7 +1114,7 @@ void import_key_nonempty_slot( )
/* Import the key again */
status = psa_import_key( handle, type, data, sizeof( data ) );
TEST_EQUAL( status, PSA_ERROR_OCCUPIED_SLOT );
TEST_EQUAL( status, PSA_ERROR_ALREADY_EXISTS );
exit:
mbedtls_psa_crypto_free( );
@ -1164,7 +1164,7 @@ void export_with_no_key_activity( )
status = psa_export_key( handle,
exported, export_size,
&exported_length );
TEST_EQUAL( status, PSA_ERROR_EMPTY_SLOT );
TEST_EQUAL( status, PSA_ERROR_DOES_NOT_EXIST );
exit:
mbedtls_psa_crypto_free( );
@ -1187,7 +1187,7 @@ void cipher_with_no_key_activity( )
PSA_ASSERT( psa_set_key_policy( handle, &policy ) );
status = psa_cipher_encrypt_setup( &operation, handle, exercise_alg );
TEST_EQUAL( status, PSA_ERROR_EMPTY_SLOT );
TEST_EQUAL( status, PSA_ERROR_DOES_NOT_EXIST );
exit:
psa_cipher_abort( &operation );
@ -1220,7 +1220,7 @@ void export_after_import_failure( data_t *data, int type_arg,
status = psa_export_key( handle,
exported, export_size,
&exported_length );
TEST_EQUAL( status, PSA_ERROR_EMPTY_SLOT );
TEST_EQUAL( status, PSA_ERROR_DOES_NOT_EXIST );
exit:
mbedtls_psa_crypto_free( );
@ -1248,7 +1248,7 @@ void cipher_after_import_failure( data_t *data, int type_arg,
TEST_EQUAL( status, expected_import_status );
status = psa_cipher_encrypt_setup( &operation, handle, exercise_alg );
TEST_EQUAL( status, PSA_ERROR_EMPTY_SLOT );
TEST_EQUAL( status, PSA_ERROR_DOES_NOT_EXIST );
exit:
psa_cipher_abort( &operation );
@ -1937,7 +1937,7 @@ void copy_fail( int source_usage_arg, int source_alg_arg,
/* Test that the target slot is unaffected. */
TEST_EQUAL( psa_get_key_information( target_handle,
&target_type, &target_bits ),
PSA_ERROR_EMPTY_SLOT );
PSA_ERROR_DOES_NOT_EXIST );
PSA_ASSERT( psa_get_key_policy( target_handle, &target_policy ) );
TEST_EQUAL( target_usage, psa_key_policy_get_usage( &target_policy ) );
TEST_EQUAL( target_alg, psa_key_policy_get_algorithm( &target_policy ) );
@ -3614,7 +3614,7 @@ void test_derive_invalid_generator_state( )
PSA_ASSERT( psa_generator_read( &generator, buffer, capacity ) );
TEST_EQUAL( psa_generator_read( &generator, buffer, capacity ),
PSA_ERROR_INSUFFICIENT_CAPACITY );
PSA_ERROR_INSUFFICIENT_DATA );
exit:
psa_generator_abort( &generator );
@ -3632,7 +3632,7 @@ void test_derive_invalid_generator_tests( )
psa_crypto_generator_t generator = PSA_CRYPTO_GENERATOR_INIT;
TEST_ASSERT( psa_generator_read( &generator, output_buffer, buffer_size )
== PSA_ERROR_INSUFFICIENT_CAPACITY ); // should be PSA_ERROR_BAD_STATE:#183
== PSA_ERROR_INSUFFICIENT_DATA ); // should be PSA_ERROR_BAD_STATE:#183
TEST_ASSERT( psa_get_generator_capacity( &generator, &capacity )
== PSA_SUCCESS ); // should be PSA_ERROR_BAD_STATE:#183
@ -3640,7 +3640,7 @@ void test_derive_invalid_generator_tests( )
PSA_ASSERT( psa_generator_abort( &generator ) );
TEST_ASSERT( psa_generator_read( &generator, output_buffer, buffer_size )
== PSA_ERROR_INSUFFICIENT_CAPACITY ); // should be PSA_ERROR_BAD_STATE:#183
== PSA_ERROR_INSUFFICIENT_DATA ); // should be PSA_ERROR_BAD_STATE:#183
TEST_ASSERT( psa_get_generator_capacity( &generator, &capacity )
== PSA_SUCCESS );// should be PSA_ERROR_BAD_STATE:#183
@ -3713,14 +3713,14 @@ void derive_output( int alg_arg,
{
/* Reading 0 bytes when 0 bytes are available can go either way. */
TEST_ASSERT( status == PSA_SUCCESS ||
status == PSA_ERROR_INSUFFICIENT_CAPACITY );
status == PSA_ERROR_INSUFFICIENT_DATA );
continue;
}
else if( expected_capacity == 0 ||
output_sizes[i] > expected_capacity )
{
/* Capacity exceeded. */
TEST_EQUAL( status, PSA_ERROR_INSUFFICIENT_CAPACITY );
TEST_EQUAL( status, PSA_ERROR_INSUFFICIENT_DATA );
expected_capacity = 0;
continue;
}
@ -3797,7 +3797,7 @@ void derive_full( int alg_arg,
/* Check that the generator refuses to go over capacity. */
TEST_EQUAL( psa_generator_read( &generator, output_buffer, 1 ),
PSA_ERROR_INSUFFICIENT_CAPACITY );
PSA_ERROR_INSUFFICIENT_DATA );
PSA_ASSERT( psa_generator_abort( &generator ) );
@ -4033,7 +4033,7 @@ void key_agreement_capacity( int alg_arg,
PSA_ASSERT( psa_generator_read( &generator,
output, actual_capacity ) );
TEST_EQUAL( psa_generator_read( &generator, output, 1 ),
PSA_ERROR_INSUFFICIENT_CAPACITY );
PSA_ERROR_INSUFFICIENT_DATA );
exit:
psa_generator_abort( &generator );
@ -4161,7 +4161,7 @@ void generate_key( int type_arg,
psa_key_type_t got_type;
size_t got_bits;
psa_status_t expected_info_status =
expected_status == PSA_SUCCESS ? PSA_SUCCESS : PSA_ERROR_EMPTY_SLOT;
expected_status == PSA_SUCCESS ? PSA_SUCCESS : PSA_ERROR_DOES_NOT_EXIST;
psa_key_policy_t policy = PSA_KEY_POLICY_INIT;
PSA_ASSERT( psa_crypto_init( ) );

2
tests/suites/test_suite_psa_crypto_persistent_key.function
View File

@ -138,7 +138,7 @@ void persistent_key_destroy( int key_id_arg, int should_store,
/* Check key slot storage is removed */
TEST_EQUAL( psa_is_key_present_in_storage( key_id ), 0 );
TEST_EQUAL( psa_open_key( PSA_KEY_LIFETIME_PERSISTENT, key_id, &handle ),
PSA_ERROR_EMPTY_SLOT );
PSA_ERROR_DOES_NOT_EXIST );
TEST_EQUAL( handle, 0 );
/* Shutdown and restart */

2
tests/suites/test_suite_psa_crypto_slot_management.data
View File

@ -35,7 +35,7 @@ open_fail:PSA_KEY_LIFETIME_PERSISTENT:PSA_CRYPTO_ITS_RANDOM_SEED_UID:PSA_ERROR_I
Open failure: non-existent identifier
depends_on:MBEDTLS_PSA_CRYPTO_STORAGE_C
open_fail:PSA_KEY_LIFETIME_PERSISTENT:1:PSA_ERROR_EMPTY_SLOT
open_fail:PSA_KEY_LIFETIME_PERSISTENT:1:PSA_ERROR_DOES_NOT_EXIST
Open failure: volatile lifetime
open_fail:PSA_KEY_LIFETIME_VOLATILE:1:PSA_ERROR_INVALID_ARGUMENT

10
tests/suites/test_suite_psa_crypto_slot_management.function
View File

@ -178,7 +178,7 @@ void persistent_slot_lifecycle( int lifetime_arg, int id_arg,
break;
case CLOSE_BY_DESTROY:
TEST_EQUAL( psa_open_key( lifetime, id, &handle ),
PSA_ERROR_EMPTY_SLOT );
PSA_ERROR_DOES_NOT_EXIST );
break;
}
@ -223,7 +223,7 @@ void create_existent( int lifetime_arg, int id_arg,
/* Attempt to create a new key in the same slot. */
TEST_EQUAL( psa_create_key( lifetime, id, &handle2 ),
PSA_ERROR_OCCUPIED_SLOT );
PSA_ERROR_ALREADY_EXISTS );
TEST_EQUAL( handle2, 0 );
if( reopen_policy == CLOSE_AFTER )
@ -436,7 +436,7 @@ void copy_from_empty( int source_lifetime_arg, int source_id_arg,
/* Copy the key. */
TEST_EQUAL( psa_copy_key( source_handle, target_handle, NULL ),
PSA_ERROR_EMPTY_SLOT );
PSA_ERROR_DOES_NOT_EXIST );
/* Test that the slots are unaffected. */
PSA_ASSERT( psa_get_key_policy( source_handle, &got_policy ) );
@ -514,7 +514,7 @@ void copy_to_occupied( int source_lifetime_arg, int source_id_arg,
/* Copy the key. */
TEST_EQUAL( psa_copy_key( source_handle, target_handle, NULL ),
PSA_ERROR_OCCUPIED_SLOT );
PSA_ERROR_ALREADY_EXISTS );
/* Test that the target slot is unaffected. */
PSA_ASSERT( psa_get_key_information( target_handle,
@ -579,7 +579,7 @@ void copy_to_same( int lifetime_arg, int id_arg,
/* Copy the key. */
TEST_EQUAL( psa_copy_key( handle, handle, NULL ),
PSA_ERROR_OCCUPIED_SLOT );
PSA_ERROR_ALREADY_EXISTS );
/* Test that the slot is unaffected. */
PSA_ASSERT( psa_get_key_information( handle,

4
tests/suites/test_suite_psa_crypto_storage_file.data
View File

@ -24,7 +24,7 @@ write_data_to_file:"deadbeef":PSA_SUCCESS
PSA Storage Store into preexisting location, should fail
depends_on:MBEDTLS_FS_IO
write_data_to_prexisting_file:"psa_key_slot_1":"deadbeef":PSA_ERROR_OCCUPIED_SLOT
write_data_to_prexisting_file:"psa_key_slot_1":"deadbeef":PSA_ERROR_ALREADY_EXISTS
PSA Storage Store, preexisting temp_location file, should succeed
depends_on:MBEDTLS_FS_IO
@ -40,4 +40,4 @@ get_file_size:"":0:PSA_SUCCESS:1
PSA Storage Get data size nonexistent file location, should fail
depends_on:MBEDTLS_FS_IO
get_file_size:"deadbeef":4:PSA_ERROR_EMPTY_SLOT:0
get_file_size:"deadbeef":4:PSA_ERROR_DOES_NOT_EXIST:0