diff --git a/include/psa/crypto.h b/include/psa/crypto.h index 93f896890..25c3cb4db 100644 --- a/include/psa/crypto.h +++ b/include/psa/crypto.h @@ -193,7 +193,7 @@ psa_algorithm_t psa_key_policy_get_algorithm(const psa_key_policy_t *policy); * the policy has been saved to persistent storage. Implementations * may defer saving the policy until the key material is created. * \retval #PSA_ERROR_INVALID_HANDLE - * \retval #PSA_ERROR_OCCUPIED_SLOT + * \retval #PSA_ERROR_ALREADY_EXISTS * \retval #PSA_ERROR_NOT_SUPPORTED * \retval #PSA_ERROR_INVALID_ARGUMENT * \retval #PSA_ERROR_COMMUNICATION_FAILURE @@ -285,7 +285,7 @@ psa_status_t psa_allocate_key(psa_key_handle_t *handle); * Success. The application can now use the value of `*handle` * to access the newly allocated key slot. * \retval #PSA_ERROR_INSUFFICIENT_MEMORY - * \retval #PSA_ERROR_EMPTY_SLOT + * \retval #PSA_ERROR_DOES_NOT_EXIST * \retval #PSA_ERROR_INVALID_ARGUMENT * \p lifetime is invalid, for example #PSA_KEY_LIFETIME_VOLATILE. * \retval #PSA_ERROR_INVALID_ARGUMENT @@ -322,7 +322,7 @@ psa_status_t psa_open_key(psa_key_lifetime_t lifetime, * to access the newly allocated key slot. * \retval #PSA_ERROR_INSUFFICIENT_MEMORY * \retval #PSA_ERROR_INSUFFICIENT_STORAGE - * \retval #PSA_ERROR_OCCUPIED_SLOT + * \retval #PSA_ERROR_ALREADY_EXISTS * There is already a key with the identifier \p id in the storage * area designated by \p lifetime. * \retval #PSA_ERROR_INVALID_ARGUMENT @@ -401,7 +401,7 @@ psa_status_t psa_close_key(psa_key_handle_t handle); * \retval #PSA_ERROR_INVALID_ARGUMENT * The key slot is invalid, * or the key data is not correctly formatted. - * \retval #PSA_ERROR_OCCUPIED_SLOT + * \retval #PSA_ERROR_ALREADY_EXISTS * There is already a key in the specified slot. * \retval #PSA_ERROR_INSUFFICIENT_MEMORY * \retval #PSA_ERROR_INSUFFICIENT_STORAGE @@ -470,7 +470,7 @@ psa_status_t psa_destroy_key(psa_key_handle_t handle); * * \retval #PSA_SUCCESS * \retval #PSA_ERROR_INVALID_HANDLE - * \retval #PSA_ERROR_EMPTY_SLOT + * \retval #PSA_ERROR_DOES_NOT_EXIST * The handle is to a key slot which does not contain key material yet. * \retval #PSA_ERROR_COMMUNICATION_FAILURE * \retval #PSA_ERROR_HARDWARE_FAILURE @@ -554,7 +554,7 @@ psa_status_t psa_get_key_information(psa_key_handle_t handle, * * \retval #PSA_SUCCESS * \retval #PSA_ERROR_INVALID_HANDLE - * \retval #PSA_ERROR_EMPTY_SLOT + * \retval #PSA_ERROR_DOES_NOT_EXIST * \retval #PSA_ERROR_NOT_PERMITTED * \retval #PSA_ERROR_NOT_SUPPORTED * \retval #PSA_ERROR_BUFFER_TOO_SMALL @@ -641,7 +641,7 @@ psa_status_t psa_export_key(psa_key_handle_t handle, * * \retval #PSA_SUCCESS * \retval #PSA_ERROR_INVALID_HANDLE - * \retval #PSA_ERROR_EMPTY_SLOT + * \retval #PSA_ERROR_DOES_NOT_EXIST * \retval #PSA_ERROR_INVALID_ARGUMENT * The key is neither a public key nor a key pair. * \retval #PSA_ERROR_NOT_SUPPORTED @@ -710,9 +710,9 @@ psa_status_t psa_export_public_key(psa_key_handle_t handle, * * \retval #PSA_SUCCESS * \retval #PSA_ERROR_INVALID_HANDLE - * \retval #PSA_ERROR_OCCUPIED_SLOT + * \retval #PSA_ERROR_ALREADY_EXISTS * \p target already contains key material. - * \retval #PSA_ERROR_EMPTY_SLOT + * \retval #PSA_ERROR_DOES_NOT_EXIST * \p source does not contain key material. * \retval #PSA_ERROR_INVALID_ARGUMENT * The policy constraints on the source, on the target and @@ -1071,7 +1071,7 @@ static psa_mac_operation_t psa_mac_operation_init(void); * \retval #PSA_SUCCESS * Success. * \retval #PSA_ERROR_INVALID_HANDLE - * \retval #PSA_ERROR_EMPTY_SLOT + * \retval #PSA_ERROR_DOES_NOT_EXIST * \retval #PSA_ERROR_NOT_PERMITTED * \retval #PSA_ERROR_INVALID_ARGUMENT * \p key is not compatible with \p alg. @@ -1128,7 +1128,7 @@ psa_status_t psa_mac_sign_setup(psa_mac_operation_t *operation, * \retval #PSA_SUCCESS * Success. * \retval #PSA_ERROR_INVALID_HANDLE - * \retval #PSA_ERROR_EMPTY_SLOT + * \retval #PSA_ERROR_DOES_NOT_EXIST * \retval #PSA_ERROR_NOT_PERMITTED * \retval #PSA_ERROR_INVALID_ARGUMENT * \c key is not compatible with \c alg. @@ -1373,7 +1373,7 @@ static psa_cipher_operation_t psa_cipher_operation_init(void); * \retval #PSA_SUCCESS * Success. * \retval #PSA_ERROR_INVALID_HANDLE - * \retval #PSA_ERROR_EMPTY_SLOT + * \retval #PSA_ERROR_DOES_NOT_EXIST * \retval #PSA_ERROR_NOT_PERMITTED * \retval #PSA_ERROR_INVALID_ARGUMENT * \p key is not compatible with \p alg. @@ -1432,7 +1432,7 @@ psa_status_t psa_cipher_encrypt_setup(psa_cipher_operation_t *operation, * \retval #PSA_SUCCESS * Success. * \retval #PSA_ERROR_INVALID_HANDLE - * \retval #PSA_ERROR_EMPTY_SLOT + * \retval #PSA_ERROR_DOES_NOT_EXIST * \retval #PSA_ERROR_NOT_PERMITTED * \retval #PSA_ERROR_INVALID_ARGUMENT * \p key is not compatible with \p alg. @@ -1660,7 +1660,7 @@ psa_status_t psa_cipher_abort(psa_cipher_operation_t *operation); * \retval #PSA_SUCCESS * Success. * \retval #PSA_ERROR_INVALID_HANDLE - * \retval #PSA_ERROR_EMPTY_SLOT + * \retval #PSA_ERROR_DOES_NOT_EXIST * \retval #PSA_ERROR_NOT_PERMITTED * \retval #PSA_ERROR_INVALID_ARGUMENT * \p key is not compatible with \p alg. @@ -1716,7 +1716,7 @@ psa_status_t psa_aead_encrypt(psa_key_handle_t handle, * \retval #PSA_SUCCESS * Success. * \retval #PSA_ERROR_INVALID_HANDLE - * \retval #PSA_ERROR_EMPTY_SLOT + * \retval #PSA_ERROR_DOES_NOT_EXIST * \retval #PSA_ERROR_INVALID_SIGNATURE * The ciphertext is not authentic. * \retval #PSA_ERROR_NOT_PERMITTED @@ -2034,7 +2034,7 @@ psa_status_t psa_get_generator_capacity(const psa_crypto_generator_t *generator, * \param output_length Number of bytes to output. * * \retval #PSA_SUCCESS - * \retval #PSA_ERROR_INSUFFICIENT_CAPACITY + * \retval #PSA_ERROR_INSUFFICIENT_DATA * There were fewer than \p output_length bytes * in the generator. Note that in this case, no * output is written to the output buffer. @@ -2076,7 +2076,7 @@ psa_status_t psa_generator_read(psa_crypto_generator_t *generator, * Success. * If the key is persistent, the key material and the key's metadata * have been saved to persistent storage. - * \retval #PSA_ERROR_INSUFFICIENT_CAPACITY + * \retval #PSA_ERROR_INSUFFICIENT_DATA * There were fewer than \p output_length bytes * in the generator. Note that in this case, no * output is written to the output buffer. @@ -2088,7 +2088,7 @@ psa_status_t psa_generator_read(psa_crypto_generator_t *generator, * implementation in general or in this particular slot. * \retval #PSA_ERROR_BAD_STATE * \retval #PSA_ERROR_INVALID_HANDLE - * \retval #PSA_ERROR_OCCUPIED_SLOT + * \retval #PSA_ERROR_ALREADY_EXISTS * There is already a key in the specified slot. * \retval #PSA_ERROR_INSUFFICIENT_MEMORY * \retval #PSA_ERROR_INSUFFICIENT_STORAGE @@ -2172,7 +2172,7 @@ psa_status_t psa_generator_abort(psa_crypto_generator_t *generator); * \retval #PSA_SUCCESS * Success. * \retval #PSA_ERROR_INVALID_HANDLE - * \retval #PSA_ERROR_EMPTY_SLOT + * \retval #PSA_ERROR_DOES_NOT_EXIST * \retval #PSA_ERROR_NOT_PERMITTED * \retval #PSA_ERROR_INVALID_ARGUMENT * \c key is not compatible with \c alg, @@ -2233,7 +2233,7 @@ psa_status_t psa_key_derivation(psa_crypto_generator_t *generator, * \retval #PSA_SUCCESS * Success. * \retval #PSA_ERROR_INVALID_HANDLE - * \retval #PSA_ERROR_EMPTY_SLOT + * \retval #PSA_ERROR_DOES_NOT_EXIST * \retval #PSA_ERROR_NOT_PERMITTED * \retval #PSA_ERROR_INVALID_ARGUMENT * \c private_key is not compatible with \c alg, @@ -2332,7 +2332,7 @@ typedef struct { * If the key is persistent, the key material and the key's metadata * have been saved to persistent storage. * \retval #PSA_ERROR_INVALID_HANDLE - * \retval #PSA_ERROR_OCCUPIED_SLOT + * \retval #PSA_ERROR_ALREADY_EXISTS * There is already a key in the specified slot. * \retval #PSA_ERROR_NOT_SUPPORTED * \retval #PSA_ERROR_INVALID_ARGUMENT diff --git a/include/psa/crypto_se_driver.h b/include/psa/crypto_se_driver.h index 057866445..20cd4b45e 100644 --- a/include/psa/crypto_se_driver.h +++ b/include/psa/crypto_se_driver.h @@ -754,7 +754,7 @@ typedef psa_status_t (*psa_drv_destroy_key_t)(psa_key_slot_t key); * that make up the key data. * * \retval #PSA_SUCCESS - * \retval #PSA_ERROR_EMPTY_SLOT + * \retval #PSA_ERROR_DOES_NOT_EXIST * \retval #PSA_ERROR_NOT_PERMITTED * \retval #PSA_ERROR_NOT_SUPPORTED * \retval #PSA_ERROR_COMMUNICATION_FAILURE diff --git a/include/psa/crypto_types.h b/include/psa/crypto_types.h index 9b44d6aef..29c985303 100644 --- a/include/psa/crypto_types.h +++ b/include/psa/crypto_types.h @@ -47,8 +47,13 @@ * This is either #PSA_SUCCESS (which is zero), indicating success, * or a nonzero value indicating that an error occurred. Errors are * encoded as one of the \c PSA_ERROR_xxx values defined here. + * If #PSA_SUCCESS is already defined, it means that #psa_status_t + * is also defined in an external header, so prevent its multiple + * definition. */ +#ifndef PSA_SUCCESS typedef int32_t psa_status_t; +#endif /**@}*/ diff --git a/include/psa/crypto_values.h b/include/psa/crypto_values.h index 2ae72e063..d42d8c28a 100644 --- a/include/psa/crypto_values.h +++ b/include/psa/crypto_values.h @@ -40,25 +40,17 @@ * @{ */ -#if !defined(PSA_SUCCESS) -/* If PSA_SUCCESS is defined, assume that PSA crypto is being used - * together with PSA IPC, which also defines the identifier - * PSA_SUCCESS. We must not define PSA_SUCCESS ourselves in that case; - * the other error code names don't clash. This is a temporary hack - * until we unify error reporting in PSA IPC and PSA crypto. - * - * Note that psa_defs.h must be included before this header! - */ +/* PSA error codes */ + /** The action was completed successfully. */ #define PSA_SUCCESS ((psa_status_t)0) -#endif /* !defined(PSA_SUCCESS) */ /** An error occurred that does not correspond to any defined * failure cause. * * Implementations may use this error code if none of the other standard * error codes are applicable. */ -#define PSA_ERROR_UNKNOWN_ERROR ((psa_status_t)1) +#define PSA_ERROR_GENERIC_ERROR ((psa_status_t)-132) /** The requested operation or a parameter is not supported * by this implementation. @@ -67,7 +59,7 @@ * parameter such as a key type, algorithm, etc. is not recognized. * If a combination of parameters is recognized and identified as * not valid, return #PSA_ERROR_INVALID_ARGUMENT instead. */ -#define PSA_ERROR_NOT_SUPPORTED ((psa_status_t)2) +#define PSA_ERROR_NOT_SUPPORTED ((psa_status_t)-134) /** The requested action is denied by a policy. * @@ -80,7 +72,7 @@ * not valid or not supported, it is unspecified whether the function * returns #PSA_ERROR_NOT_PERMITTED, #PSA_ERROR_NOT_SUPPORTED or * #PSA_ERROR_INVALID_ARGUMENT. */ -#define PSA_ERROR_NOT_PERMITTED ((psa_status_t)3) +#define PSA_ERROR_NOT_PERMITTED ((psa_status_t)-133) /** An output buffer is too small. * @@ -92,23 +84,19 @@ * buffer would succeed. However implementations may return this * error if a function has invalid or unsupported parameters in addition * to the parameters that determine the necessary output buffer size. */ -#define PSA_ERROR_BUFFER_TOO_SMALL ((psa_status_t)4) +#define PSA_ERROR_BUFFER_TOO_SMALL ((psa_status_t)-138) -/** A slot is occupied, but must be empty to carry out the - * requested action. +/** Asking for an item that already exists * - * If a handle is invalid, it does not designate an occupied slot. - * The error for an invalid handle is #PSA_ERROR_INVALID_HANDLE. - */ -#define PSA_ERROR_OCCUPIED_SLOT ((psa_status_t)5) + * Implementations should return this error, when attempting + * to write an item (like a key) that already exists. */ +#define PSA_ERROR_ALREADY_EXISTS ((psa_status_t)-139) -/** A slot is empty, but must be occupied to carry out the - * requested action. +/** Asking for an item that doesn't exist * - * If a handle is invalid, it does not designate an empty slot. - * The error for an invalid handle is #PSA_ERROR_INVALID_HANDLE. - */ -#define PSA_ERROR_EMPTY_SLOT ((psa_status_t)6) + * Implementations should return this error, if a requested item (like + * a key) does not exist. */ +#define PSA_ERROR_DOES_NOT_EXIST ((psa_status_t)-140) /** The requested action cannot be performed in the current state. * @@ -118,9 +106,9 @@ * * Implementations shall not return this error code to indicate * that a key slot is occupied when it needs to be free or vice versa, - * but shall return #PSA_ERROR_OCCUPIED_SLOT or #PSA_ERROR_EMPTY_SLOT + * but shall return #PSA_ERROR_ALREADY_EXISTS or #PSA_ERROR_DOES_NOT_EXIST * as applicable. */ -#define PSA_ERROR_BAD_STATE ((psa_status_t)7) +#define PSA_ERROR_BAD_STATE ((psa_status_t)-137) /** The parameters passed to the function are invalid. * @@ -129,20 +117,20 @@ * * Implementations shall not return this error code to indicate * that a key slot is occupied when it needs to be free or vice versa, - * but shall return #PSA_ERROR_OCCUPIED_SLOT or #PSA_ERROR_EMPTY_SLOT + * but shall return #PSA_ERROR_ALREADY_EXISTS or #PSA_ERROR_DOES_NOT_EXIST * as applicable. * * Implementation shall not return this error code to indicate that a * key handle is invalid, but shall return #PSA_ERROR_INVALID_HANDLE * instead. */ -#define PSA_ERROR_INVALID_ARGUMENT ((psa_status_t)8) +#define PSA_ERROR_INVALID_ARGUMENT ((psa_status_t)-135) /** There is not enough runtime memory. * * If the action is carried out across multiple security realms, this * error can refer to available memory in any of the security realms. */ -#define PSA_ERROR_INSUFFICIENT_MEMORY ((psa_status_t)9) +#define PSA_ERROR_INSUFFICIENT_MEMORY ((psa_status_t)-141) /** There is not enough persistent storage. * @@ -151,7 +139,7 @@ * many functions that do not otherwise access storage may return this * error code if the implementation requires a mandatory log entry for * the requested action and the log storage space is full. */ -#define PSA_ERROR_INSUFFICIENT_STORAGE ((psa_status_t)10) +#define PSA_ERROR_INSUFFICIENT_STORAGE ((psa_status_t)-142) /** There was a communication failure inside the implementation. * @@ -168,7 +156,7 @@ * cryptoprocessor but there was a breakdown of communication before * the cryptoprocessor could report the status to the application. */ -#define PSA_ERROR_COMMUNICATION_FAILURE ((psa_status_t)11) +#define PSA_ERROR_COMMUNICATION_FAILURE ((psa_status_t)-145) /** There was a storage failure that may have led to data loss. * @@ -193,13 +181,13 @@ * permanent storage corruption. However application writers should * keep in mind that transient errors while reading the storage may be * reported using this error code. */ -#define PSA_ERROR_STORAGE_FAILURE ((psa_status_t)12) +#define PSA_ERROR_STORAGE_FAILURE ((psa_status_t)-146) /** A hardware failure was detected. * * A hardware failure may be transient or permanent depending on the * cause. */ -#define PSA_ERROR_HARDWARE_FAILURE ((psa_status_t)13) +#define PSA_ERROR_HARDWARE_FAILURE ((psa_status_t)-147) /** A tampering attempt was detected. * @@ -230,7 +218,7 @@ * This error indicates an attack against the application. Implementations * shall not return this error code as a consequence of the behavior of * the application itself. */ -#define PSA_ERROR_TAMPERING_DETECTED ((psa_status_t)14) +#define PSA_ERROR_TAMPERING_DETECTED ((psa_status_t)-151) /** There is not enough entropy to generate random data needed * for the requested action. @@ -249,7 +237,7 @@ * secure pseudorandom generator (PRNG). However implementations may return * this error at any time if a policy requires the PRNG to be reseeded * during normal operation. */ -#define PSA_ERROR_INSUFFICIENT_ENTROPY ((psa_status_t)15) +#define PSA_ERROR_INSUFFICIENT_ENTROPY ((psa_status_t)-148) /** The signature, MAC or hash is incorrect. * @@ -259,7 +247,7 @@ * * If the value to verify has an invalid size, implementations may return * either #PSA_ERROR_INVALID_ARGUMENT or #PSA_ERROR_INVALID_SIGNATURE. */ -#define PSA_ERROR_INVALID_SIGNATURE ((psa_status_t)16) +#define PSA_ERROR_INVALID_SIGNATURE ((psa_status_t)-149) /** The decrypted padding is incorrect. * @@ -275,17 +263,15 @@ * as close as possible to indistinguishable to an external observer. * In particular, the timing of a decryption operation should not * depend on the validity of the padding. */ -#define PSA_ERROR_INVALID_PADDING ((psa_status_t)17) +#define PSA_ERROR_INVALID_PADDING ((psa_status_t)-150) -/** The generator has insufficient capacity left. - * - * Once a function returns this error, attempts to read from the - * generator will always return this error. */ -#define PSA_ERROR_INSUFFICIENT_CAPACITY ((psa_status_t)18) +/** Return this error when there's insufficient data when attempting + * to read from a resource. */ +#define PSA_ERROR_INSUFFICIENT_DATA ((psa_status_t)-143) /** The key handle is not valid. */ -#define PSA_ERROR_INVALID_HANDLE ((psa_status_t)19) +#define PSA_ERROR_INVALID_HANDLE ((psa_status_t)-136) /**@}*/ diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 5bf4f9924..fd9f38774 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -346,7 +346,7 @@ static psa_status_t mbedtls_to_psa_error( int ret ) return( PSA_ERROR_HARDWARE_FAILURE ); default: - return( PSA_ERROR_UNKNOWN_ERROR ); + return( PSA_ERROR_GENERIC_ERROR ); } } @@ -742,7 +742,7 @@ static psa_status_t psa_get_empty_key_slot( psa_key_handle_t handle, return( status ); if( slot->type != PSA_KEY_TYPE_NONE ) - return( PSA_ERROR_OCCUPIED_SLOT ); + return( PSA_ERROR_ALREADY_EXISTS ); *p_slot = slot; return( status ); @@ -839,7 +839,7 @@ static psa_status_t psa_get_key_from_slot( psa_key_handle_t handle, if( status != PSA_SUCCESS ) return( status ); if( slot->type == PSA_KEY_TYPE_NONE ) - return( PSA_ERROR_EMPTY_SLOT ); + return( PSA_ERROR_DOES_NOT_EXIST ); /* Enforce that usage policy for the key slot contains all the flags * required by the usage parameter. There is one exception: public @@ -1001,7 +1001,7 @@ psa_status_t psa_get_key_information( psa_key_handle_t handle, return( status ); if( slot->type == PSA_KEY_TYPE_NONE ) - return( PSA_ERROR_EMPTY_SLOT ); + return( PSA_ERROR_DOES_NOT_EXIST ); if( type != NULL ) *type = slot->type; if( bits != NULL ) @@ -3098,7 +3098,7 @@ psa_status_t psa_cipher_finish( psa_cipher_operation_t *operation, size_t output_size, size_t *output_length ) { - psa_status_t status = PSA_ERROR_UNKNOWN_ERROR; + psa_status_t status = PSA_ERROR_GENERIC_ERROR; int cipher_ret = MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE; uint8_t temp_output_buffer[MBEDTLS_MAX_BLOCK_LENGTH]; @@ -3855,7 +3855,7 @@ psa_status_t psa_generator_read( psa_crypto_generator_t *generator, generator->capacity = 0; /* Go through the error path to wipe all confidential data now * that the generator object is useless. */ - status = PSA_ERROR_INSUFFICIENT_CAPACITY; + status = PSA_ERROR_INSUFFICIENT_DATA; goto exit; } if( output_length == 0 && @@ -3867,7 +3867,7 @@ psa_status_t psa_generator_read( psa_crypto_generator_t *generator, * INSUFFICIENT_CAPACITY, which is right for a finished * generator, for consistency with the case when * output_length > 0. */ - return( PSA_ERROR_INSUFFICIENT_CAPACITY ); + return( PSA_ERROR_INSUFFICIENT_DATA ); } generator->capacity -= output_length; @@ -4400,7 +4400,7 @@ static psa_status_t its_to_psa_error( psa_its_status_t ret ) return( PSA_SUCCESS ); case PSA_ITS_ERROR_UID_NOT_FOUND: - return( PSA_ERROR_EMPTY_SLOT ); + return( PSA_ERROR_DOES_NOT_EXIST ); case PSA_ITS_ERROR_STORAGE_FAILURE: return( PSA_ERROR_STORAGE_FAILURE ); @@ -4417,10 +4417,10 @@ static psa_status_t its_to_psa_error( psa_its_status_t ret ) return( PSA_ERROR_NOT_SUPPORTED ); case PSA_ITS_ERROR_WRITE_ONCE: - return( PSA_ERROR_OCCUPIED_SLOT ); + return( PSA_ERROR_ALREADY_EXISTS ); default: - return( PSA_ERROR_UNKNOWN_ERROR ); + return( PSA_ERROR_GENERIC_ERROR ); } } diff --git a/library/psa_crypto_slot_management.c b/library/psa_crypto_slot_management.c index c151c5eee..dad23c490 100644 --- a/library/psa_crypto_slot_management.c +++ b/library/psa_crypto_slot_management.c @@ -194,7 +194,7 @@ exit: * * \retval #PSA_SUCCESS * The slot content was loaded successfully. - * \retval #PSA_ERROR_EMPTY_SLOT + * \retval #PSA_ERROR_DOES_NOT_EXIST * There is no content for this slot in persistent storage. * \retval #PSA_ERROR_INVALID_HANDLE * \retval #PSA_ERROR_INVALID_ARGUMENT @@ -274,11 +274,11 @@ psa_status_t psa_create_key( psa_key_lifetime_t lifetime, psa_status_t status; status = persistent_key_setup( lifetime, id, handle, - PSA_ERROR_EMPTY_SLOT ); + PSA_ERROR_DOES_NOT_EXIST ); switch( status ) { - case PSA_SUCCESS: return( PSA_ERROR_OCCUPIED_SLOT ); - case PSA_ERROR_EMPTY_SLOT: return( PSA_SUCCESS ); + case PSA_SUCCESS: return( PSA_ERROR_ALREADY_EXISTS ); + case PSA_ERROR_DOES_NOT_EXIST: return( PSA_SUCCESS ); default: return( status ); } } diff --git a/library/psa_crypto_storage.h b/library/psa_crypto_storage.h index 85881c164..9da009d8d 100644 --- a/library/psa_crypto_storage.h +++ b/library/psa_crypto_storage.h @@ -84,7 +84,7 @@ extern "C" { * \retval PSA_ERROR_INSUFFICIENT_MEMORY * \retval PSA_ERROR_INSUFFICIENT_STORAGE * \retval PSA_ERROR_STORAGE_FAILURE - * \retval PSA_ERROR_OCCUPIED_SLOT + * \retval PSA_ERROR_ALREADY_EXISTS */ psa_status_t psa_save_persistent_key( const psa_key_id_t key, const psa_key_type_t type, @@ -115,7 +115,7 @@ psa_status_t psa_save_persistent_key( const psa_key_id_t key, * \retval PSA_SUCCESS * \retval PSA_ERROR_INSUFFICIENT_MEMORY * \retval PSA_ERROR_STORAGE_FAILURE - * \retval PSA_ERROR_EMPTY_SLOT + * \retval PSA_ERROR_DOES_NOT_EXIST */ psa_status_t psa_load_persistent_key( psa_key_id_t key, psa_key_type_t *type, diff --git a/library/psa_crypto_storage_backend.h b/library/psa_crypto_storage_backend.h index 47896b872..83bd2f359 100644 --- a/library/psa_crypto_storage_backend.h +++ b/library/psa_crypto_storage_backend.h @@ -54,7 +54,7 @@ extern "C" { * * \retval PSA_SUCCESS * \retval PSA_ERROR_STORAGE_FAILURE - * \retval PSA_ERROR_EMPTY_SLOT + * \retval PSA_ERROR_DOES_NOT_EXIST */ psa_status_t psa_crypto_storage_load( const psa_key_id_t key, uint8_t *data, size_t data_size ); @@ -73,7 +73,7 @@ psa_status_t psa_crypto_storage_load( const psa_key_id_t key, uint8_t *data, * \retval PSA_SUCCESS * \retval PSA_ERROR_INSUFFICIENT_STORAGE * \retval PSA_ERROR_STORAGE_FAILURE - * \retval PSA_ERROR_OCCUPIED_SLOT + * \retval PSA_ERROR_ALREADY_EXISTS */ psa_status_t psa_crypto_storage_store( const psa_key_id_t key, const uint8_t *data, diff --git a/library/psa_crypto_storage_file.c b/library/psa_crypto_storage_file.c index 87420be98..a6e732dba 100644 --- a/library/psa_crypto_storage_file.c +++ b/library/psa_crypto_storage_file.c @@ -118,7 +118,7 @@ psa_status_t psa_crypto_storage_store( const psa_key_id_t key, key_id_to_location( key, slot_location, MAX_LOCATION_LEN ); if( psa_is_key_present_in_storage( key ) == 1 ) - return( PSA_ERROR_OCCUPIED_SLOT ); + return( PSA_ERROR_ALREADY_EXISTS ); file = fopen( temp_location, "wb" ); if( file == NULL ) @@ -186,7 +186,7 @@ psa_status_t psa_crypto_storage_get_data_length( const psa_key_id_t key, file = fopen( slot_location, "rb" ); if( file == NULL ) - return( PSA_ERROR_EMPTY_SLOT ); + return( PSA_ERROR_DOES_NOT_EXIST ); if( fseek( file, 0, SEEK_END ) != 0 ) { diff --git a/library/psa_crypto_storage_its.c b/library/psa_crypto_storage_its.c index 1873c69cc..f97a5d7de 100644 --- a/library/psa_crypto_storage_its.c +++ b/library/psa_crypto_storage_its.c @@ -27,6 +27,7 @@ #if defined(MBEDTLS_PSA_CRYPTO_STORAGE_ITS_C) +#include "psa/error.h" #include "psa/crypto.h" #include "psa_crypto_storage_backend.h" #include "psa/internal_trusted_storage.h" @@ -43,7 +44,7 @@ static psa_status_t its_to_psa_error( psa_its_status_t ret ) return( PSA_SUCCESS ); case PSA_ITS_ERROR_UID_NOT_FOUND: - return( PSA_ERROR_EMPTY_SLOT ); + return( PSA_ERROR_DOES_NOT_EXIST ); case PSA_ITS_ERROR_STORAGE_FAILURE: return( PSA_ERROR_STORAGE_FAILURE ); @@ -60,7 +61,7 @@ static psa_status_t its_to_psa_error( psa_its_status_t ret ) return( PSA_ERROR_NOT_SUPPORTED ); case PSA_ITS_ERROR_WRITE_ONCE: - return( PSA_ERROR_OCCUPIED_SLOT ); + return( PSA_ERROR_ALREADY_EXISTS ); default: return( PSA_ERROR_UNKNOWN_ERROR ); @@ -114,7 +115,7 @@ psa_status_t psa_crypto_storage_store( const psa_key_id_t key, struct psa_its_info_t data_identifier_info; if( psa_is_key_present_in_storage( key ) == 1 ) - return( PSA_ERROR_OCCUPIED_SLOT ); + return( PSA_ERROR_ALREADY_EXISTS ); ret = psa_its_set( data_identifier, data_length, data, 0 ); status = its_to_psa_error( ret ); diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function index 929d1b268..92b6fb06e 100644 --- a/tests/suites/test_suite_psa_crypto.function +++ b/tests/suites/test_suite_psa_crypto.function @@ -419,10 +419,10 @@ static psa_status_t key_agreement_with_self( psa_crypto_generator_t *generator, size_t key_bits; uint8_t *public_key = NULL; size_t public_key_length; - /* Return UNKNOWN_ERROR if something other than the final call to + /* Return GENERIC_ERROR if something other than the final call to * psa_key_agreement fails. This isn't fully satisfactory, but it's * good enough: callers will report it as a failed test anyway. */ - psa_status_t status = PSA_ERROR_UNKNOWN_ERROR; + psa_status_t status = PSA_ERROR_GENERIC_ERROR; PSA_ASSERT( psa_get_key_information( handle, &private_key_type, @@ -1027,7 +1027,7 @@ void import_export( data_t *data, PSA_ASSERT( psa_set_key_policy( handle, &policy ) ); TEST_EQUAL( psa_get_key_information( handle, NULL, NULL ), - PSA_ERROR_EMPTY_SLOT ); + PSA_ERROR_DOES_NOT_EXIST ); /* Import the key */ PSA_ASSERT( psa_import_key( handle, type, @@ -1114,7 +1114,7 @@ void import_key_nonempty_slot( ) /* Import the key again */ status = psa_import_key( handle, type, data, sizeof( data ) ); - TEST_EQUAL( status, PSA_ERROR_OCCUPIED_SLOT ); + TEST_EQUAL( status, PSA_ERROR_ALREADY_EXISTS ); exit: mbedtls_psa_crypto_free( ); @@ -1164,7 +1164,7 @@ void export_with_no_key_activity( ) status = psa_export_key( handle, exported, export_size, &exported_length ); - TEST_EQUAL( status, PSA_ERROR_EMPTY_SLOT ); + TEST_EQUAL( status, PSA_ERROR_DOES_NOT_EXIST ); exit: mbedtls_psa_crypto_free( ); @@ -1187,7 +1187,7 @@ void cipher_with_no_key_activity( ) PSA_ASSERT( psa_set_key_policy( handle, &policy ) ); status = psa_cipher_encrypt_setup( &operation, handle, exercise_alg ); - TEST_EQUAL( status, PSA_ERROR_EMPTY_SLOT ); + TEST_EQUAL( status, PSA_ERROR_DOES_NOT_EXIST ); exit: psa_cipher_abort( &operation ); @@ -1220,7 +1220,7 @@ void export_after_import_failure( data_t *data, int type_arg, status = psa_export_key( handle, exported, export_size, &exported_length ); - TEST_EQUAL( status, PSA_ERROR_EMPTY_SLOT ); + TEST_EQUAL( status, PSA_ERROR_DOES_NOT_EXIST ); exit: mbedtls_psa_crypto_free( ); @@ -1248,7 +1248,7 @@ void cipher_after_import_failure( data_t *data, int type_arg, TEST_EQUAL( status, expected_import_status ); status = psa_cipher_encrypt_setup( &operation, handle, exercise_alg ); - TEST_EQUAL( status, PSA_ERROR_EMPTY_SLOT ); + TEST_EQUAL( status, PSA_ERROR_DOES_NOT_EXIST ); exit: psa_cipher_abort( &operation ); @@ -1937,7 +1937,7 @@ void copy_fail( int source_usage_arg, int source_alg_arg, /* Test that the target slot is unaffected. */ TEST_EQUAL( psa_get_key_information( target_handle, &target_type, &target_bits ), - PSA_ERROR_EMPTY_SLOT ); + PSA_ERROR_DOES_NOT_EXIST ); PSA_ASSERT( psa_get_key_policy( target_handle, &target_policy ) ); TEST_EQUAL( target_usage, psa_key_policy_get_usage( &target_policy ) ); TEST_EQUAL( target_alg, psa_key_policy_get_algorithm( &target_policy ) ); @@ -3614,7 +3614,7 @@ void test_derive_invalid_generator_state( ) PSA_ASSERT( psa_generator_read( &generator, buffer, capacity ) ); TEST_EQUAL( psa_generator_read( &generator, buffer, capacity ), - PSA_ERROR_INSUFFICIENT_CAPACITY ); + PSA_ERROR_INSUFFICIENT_DATA ); exit: psa_generator_abort( &generator ); @@ -3632,7 +3632,7 @@ void test_derive_invalid_generator_tests( ) psa_crypto_generator_t generator = PSA_CRYPTO_GENERATOR_INIT; TEST_ASSERT( psa_generator_read( &generator, output_buffer, buffer_size ) - == PSA_ERROR_INSUFFICIENT_CAPACITY ); // should be PSA_ERROR_BAD_STATE:#183 + == PSA_ERROR_INSUFFICIENT_DATA ); // should be PSA_ERROR_BAD_STATE:#183 TEST_ASSERT( psa_get_generator_capacity( &generator, &capacity ) == PSA_SUCCESS ); // should be PSA_ERROR_BAD_STATE:#183 @@ -3640,7 +3640,7 @@ void test_derive_invalid_generator_tests( ) PSA_ASSERT( psa_generator_abort( &generator ) ); TEST_ASSERT( psa_generator_read( &generator, output_buffer, buffer_size ) - == PSA_ERROR_INSUFFICIENT_CAPACITY ); // should be PSA_ERROR_BAD_STATE:#183 + == PSA_ERROR_INSUFFICIENT_DATA ); // should be PSA_ERROR_BAD_STATE:#183 TEST_ASSERT( psa_get_generator_capacity( &generator, &capacity ) == PSA_SUCCESS );// should be PSA_ERROR_BAD_STATE:#183 @@ -3713,14 +3713,14 @@ void derive_output( int alg_arg, { /* Reading 0 bytes when 0 bytes are available can go either way. */ TEST_ASSERT( status == PSA_SUCCESS || - status == PSA_ERROR_INSUFFICIENT_CAPACITY ); + status == PSA_ERROR_INSUFFICIENT_DATA ); continue; } else if( expected_capacity == 0 || output_sizes[i] > expected_capacity ) { /* Capacity exceeded. */ - TEST_EQUAL( status, PSA_ERROR_INSUFFICIENT_CAPACITY ); + TEST_EQUAL( status, PSA_ERROR_INSUFFICIENT_DATA ); expected_capacity = 0; continue; } @@ -3797,7 +3797,7 @@ void derive_full( int alg_arg, /* Check that the generator refuses to go over capacity. */ TEST_EQUAL( psa_generator_read( &generator, output_buffer, 1 ), - PSA_ERROR_INSUFFICIENT_CAPACITY ); + PSA_ERROR_INSUFFICIENT_DATA ); PSA_ASSERT( psa_generator_abort( &generator ) ); @@ -4033,7 +4033,7 @@ void key_agreement_capacity( int alg_arg, PSA_ASSERT( psa_generator_read( &generator, output, actual_capacity ) ); TEST_EQUAL( psa_generator_read( &generator, output, 1 ), - PSA_ERROR_INSUFFICIENT_CAPACITY ); + PSA_ERROR_INSUFFICIENT_DATA ); exit: psa_generator_abort( &generator ); @@ -4161,7 +4161,7 @@ void generate_key( int type_arg, psa_key_type_t got_type; size_t got_bits; psa_status_t expected_info_status = - expected_status == PSA_SUCCESS ? PSA_SUCCESS : PSA_ERROR_EMPTY_SLOT; + expected_status == PSA_SUCCESS ? PSA_SUCCESS : PSA_ERROR_DOES_NOT_EXIST; psa_key_policy_t policy = PSA_KEY_POLICY_INIT; PSA_ASSERT( psa_crypto_init( ) ); diff --git a/tests/suites/test_suite_psa_crypto_persistent_key.function b/tests/suites/test_suite_psa_crypto_persistent_key.function index e19ef2b9a..2fa307e20 100644 --- a/tests/suites/test_suite_psa_crypto_persistent_key.function +++ b/tests/suites/test_suite_psa_crypto_persistent_key.function @@ -138,7 +138,7 @@ void persistent_key_destroy( int key_id_arg, int should_store, /* Check key slot storage is removed */ TEST_EQUAL( psa_is_key_present_in_storage( key_id ), 0 ); TEST_EQUAL( psa_open_key( PSA_KEY_LIFETIME_PERSISTENT, key_id, &handle ), - PSA_ERROR_EMPTY_SLOT ); + PSA_ERROR_DOES_NOT_EXIST ); TEST_EQUAL( handle, 0 ); /* Shutdown and restart */ diff --git a/tests/suites/test_suite_psa_crypto_slot_management.data b/tests/suites/test_suite_psa_crypto_slot_management.data index c5456179e..e937465a1 100644 --- a/tests/suites/test_suite_psa_crypto_slot_management.data +++ b/tests/suites/test_suite_psa_crypto_slot_management.data @@ -35,7 +35,7 @@ open_fail:PSA_KEY_LIFETIME_PERSISTENT:PSA_CRYPTO_ITS_RANDOM_SEED_UID:PSA_ERROR_I Open failure: non-existent identifier depends_on:MBEDTLS_PSA_CRYPTO_STORAGE_C -open_fail:PSA_KEY_LIFETIME_PERSISTENT:1:PSA_ERROR_EMPTY_SLOT +open_fail:PSA_KEY_LIFETIME_PERSISTENT:1:PSA_ERROR_DOES_NOT_EXIST Open failure: volatile lifetime open_fail:PSA_KEY_LIFETIME_VOLATILE:1:PSA_ERROR_INVALID_ARGUMENT diff --git a/tests/suites/test_suite_psa_crypto_slot_management.function b/tests/suites/test_suite_psa_crypto_slot_management.function index 0ebdb1e4b..0278b880d 100644 --- a/tests/suites/test_suite_psa_crypto_slot_management.function +++ b/tests/suites/test_suite_psa_crypto_slot_management.function @@ -178,7 +178,7 @@ void persistent_slot_lifecycle( int lifetime_arg, int id_arg, break; case CLOSE_BY_DESTROY: TEST_EQUAL( psa_open_key( lifetime, id, &handle ), - PSA_ERROR_EMPTY_SLOT ); + PSA_ERROR_DOES_NOT_EXIST ); break; } @@ -223,7 +223,7 @@ void create_existent( int lifetime_arg, int id_arg, /* Attempt to create a new key in the same slot. */ TEST_EQUAL( psa_create_key( lifetime, id, &handle2 ), - PSA_ERROR_OCCUPIED_SLOT ); + PSA_ERROR_ALREADY_EXISTS ); TEST_EQUAL( handle2, 0 ); if( reopen_policy == CLOSE_AFTER ) @@ -436,7 +436,7 @@ void copy_from_empty( int source_lifetime_arg, int source_id_arg, /* Copy the key. */ TEST_EQUAL( psa_copy_key( source_handle, target_handle, NULL ), - PSA_ERROR_EMPTY_SLOT ); + PSA_ERROR_DOES_NOT_EXIST ); /* Test that the slots are unaffected. */ PSA_ASSERT( psa_get_key_policy( source_handle, &got_policy ) ); @@ -514,7 +514,7 @@ void copy_to_occupied( int source_lifetime_arg, int source_id_arg, /* Copy the key. */ TEST_EQUAL( psa_copy_key( source_handle, target_handle, NULL ), - PSA_ERROR_OCCUPIED_SLOT ); + PSA_ERROR_ALREADY_EXISTS ); /* Test that the target slot is unaffected. */ PSA_ASSERT( psa_get_key_information( target_handle, @@ -579,7 +579,7 @@ void copy_to_same( int lifetime_arg, int id_arg, /* Copy the key. */ TEST_EQUAL( psa_copy_key( handle, handle, NULL ), - PSA_ERROR_OCCUPIED_SLOT ); + PSA_ERROR_ALREADY_EXISTS ); /* Test that the slot is unaffected. */ PSA_ASSERT( psa_get_key_information( handle, diff --git a/tests/suites/test_suite_psa_crypto_storage_file.data b/tests/suites/test_suite_psa_crypto_storage_file.data index 730e0925c..4b068e121 100644 --- a/tests/suites/test_suite_psa_crypto_storage_file.data +++ b/tests/suites/test_suite_psa_crypto_storage_file.data @@ -24,7 +24,7 @@ write_data_to_file:"deadbeef":PSA_SUCCESS PSA Storage Store into preexisting location, should fail depends_on:MBEDTLS_FS_IO -write_data_to_prexisting_file:"psa_key_slot_1":"deadbeef":PSA_ERROR_OCCUPIED_SLOT +write_data_to_prexisting_file:"psa_key_slot_1":"deadbeef":PSA_ERROR_ALREADY_EXISTS PSA Storage Store, preexisting temp_location file, should succeed depends_on:MBEDTLS_FS_IO @@ -40,4 +40,4 @@ get_file_size:"":0:PSA_SUCCESS:1 PSA Storage Get data size nonexistent file location, should fail depends_on:MBEDTLS_FS_IO -get_file_size:"deadbeef":4:PSA_ERROR_EMPTY_SLOT:0 +get_file_size:"deadbeef":4:PSA_ERROR_DOES_NOT_EXIST:0