From a3fdfb4925a4506f2ee5e00135d4994dd3708c59 Mon Sep 17 00:00:00 2001 From: Neil Armstrong Date: Mon, 21 Feb 2022 10:39:57 +0100 Subject: [PATCH 1/5] Introduce new PSA to mbedtls PK error mapping function Signed-off-by: Neil Armstrong --- include/mbedtls/pk.h | 4 ++++ library/pk.c | 34 ++++++++++++++++++++++++++++++++++ 2 files changed, 38 insertions(+) diff --git a/include/mbedtls/pk.h b/include/mbedtls/pk.h index 9ad7a1df6d..b496cb79b2 100644 --- a/include/mbedtls/pk.h +++ b/include/mbedtls/pk.h @@ -84,6 +84,10 @@ extern "C" { #endif +#if defined(MBEDTLS_USE_PSA_CRYPTO) +int mbedtls_pk_psa_err_translate( psa_status_t status ); +#endif + /** * \brief Public key types */ diff --git a/library/pk.c b/library/pk.c index 45d1a9de78..7c5c40bbd4 100644 --- a/library/pk.c +++ b/library/pk.c @@ -147,6 +147,40 @@ int mbedtls_pk_setup( mbedtls_pk_context *ctx, const mbedtls_pk_info_t *info ) } #if defined(MBEDTLS_USE_PSA_CRYPTO) +int mbedtls_pk_psa_err_translate( psa_status_t status ) +{ + switch( status ) + { + case PSA_SUCCESS: + return( 0 ); + case PSA_ERROR_INVALID_HANDLE: + return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT ); + case PSA_ERROR_NOT_PERMITTED: + return( MBEDTLS_ERR_ERROR_GENERIC_ERROR ); + case PSA_ERROR_BUFFER_TOO_SMALL: + return( MBEDTLS_ERR_PK_BUFFER_TOO_SMALL ); + case PSA_ERROR_NOT_SUPPORTED: + return( MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE ); + case PSA_ERROR_INVALID_ARGUMENT: + return( MBEDTLS_ERR_PK_INVALID_ALG ); + case PSA_ERROR_INSUFFICIENT_MEMORY: + return( MBEDTLS_ERR_PK_ALLOC_FAILED ); + case PSA_ERROR_BAD_STATE: + return( MBEDTLS_ERR_PK_BAD_INPUT_DATA ); + case PSA_ERROR_COMMUNICATION_FAILURE: + case PSA_ERROR_HARDWARE_FAILURE: + return( MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED ); + case PSA_ERROR_DATA_CORRUPT: + case PSA_ERROR_DATA_INVALID: + case PSA_ERROR_STORAGE_FAILURE: + return( MBEDTLS_ERR_PK_FILE_IO_ERROR ); + case PSA_ERROR_CORRUPTION_DETECTED: + return( MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED ); + default: + return( MBEDTLS_ERR_ERROR_GENERIC_ERROR ); + } +} + /* * Initialise a PSA-wrapping context */ From cd501f406e09b315e5a6f5b6542fec2e2552546e Mon Sep 17 00:00:00 2001 From: Neil Armstrong Date: Mon, 21 Feb 2022 10:41:39 +0100 Subject: [PATCH 2/5] Add specialized PSA to mbedtls PK/ECDSA error mapping function Signed-off-by: Neil Armstrong --- include/mbedtls/pk.h | 4 ++++ library/ecdsa.c | 26 ++++++++++++++++++++++++++ 2 files changed, 30 insertions(+) diff --git a/include/mbedtls/pk.h b/include/mbedtls/pk.h index b496cb79b2..ad7af986ce 100644 --- a/include/mbedtls/pk.h +++ b/include/mbedtls/pk.h @@ -86,6 +86,10 @@ extern "C" { #if defined(MBEDTLS_USE_PSA_CRYPTO) int mbedtls_pk_psa_err_translate( psa_status_t status ); + +#if defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY) +int mbedtls_pk_ecp_psa_err_translate( psa_status_t status ); +#endif #endif /** diff --git a/library/ecdsa.c b/library/ecdsa.c index 0b612ce8af..a112ada5cb 100644 --- a/library/ecdsa.c +++ b/library/ecdsa.c @@ -47,12 +47,38 @@ #include "mbedtls/platform_util.h" #include "mbedtls/error.h" +#if defined(MBEDTLS_USE_PSA_CRYPTO) +#include "mbedtls/pk.h" +#endif + /* Parameter validation macros based on platform_util.h */ #define ECDSA_VALIDATE_RET( cond ) \ MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_ECP_BAD_INPUT_DATA ) #define ECDSA_VALIDATE( cond ) \ MBEDTLS_INTERNAL_VALIDATE( cond ) +#if defined(MBEDTLS_USE_PSA_CRYPTO) +int mbedtls_pk_ecp_psa_err_translate( psa_status_t status ) +{ + switch( status ) + { + case PSA_ERROR_NOT_PERMITTED: + case PSA_ERROR_INVALID_ARGUMENT: + return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA ); + case PSA_ERROR_INVALID_HANDLE: + return( MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE ); + case PSA_ERROR_BUFFER_TOO_SMALL: + return( MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL ); + case PSA_ERROR_INSUFFICIENT_ENTROPY: + return( MBEDTLS_ERR_ECP_RANDOM_FAILED ); + case PSA_ERROR_INVALID_SIGNATURE: + return( MBEDTLS_ERR_ECP_VERIFY_FAILED ); + default: + return( mbedtls_pk_psa_err_translate( status ) ); + } +} +#endif + #if defined(MBEDTLS_ECP_RESTARTABLE) /* From ea761963c52f59ea072f79f0fa0ab365e47651a0 Mon Sep 17 00:00:00 2001 From: Neil Armstrong Date: Mon, 21 Feb 2022 10:42:29 +0100 Subject: [PATCH 3/5] Add specialized PSA to mbedtls PK/RSA error mapping function Signed-off-by: Neil Armstrong --- include/mbedtls/pk.h | 4 ++++ library/rsa.c | 27 +++++++++++++++++++++++++++ 2 files changed, 31 insertions(+) diff --git a/include/mbedtls/pk.h b/include/mbedtls/pk.h index ad7af986ce..189df8536e 100644 --- a/include/mbedtls/pk.h +++ b/include/mbedtls/pk.h @@ -90,6 +90,10 @@ int mbedtls_pk_psa_err_translate( psa_status_t status ); #if defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY) int mbedtls_pk_ecp_psa_err_translate( psa_status_t status ); #endif + +#if defined(PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY) +int mbedtls_pk_rsa_psa_err_translate( psa_status_t status ); +#endif #endif /** diff --git a/library/rsa.c b/library/rsa.c index 36f487f3a7..ef262d9dd5 100644 --- a/library/rsa.c +++ b/library/rsa.c @@ -66,6 +66,33 @@ #define mbedtls_free free #endif +#if defined(MBEDTLS_USE_PSA_CRYPTO) +#include "mbedtls/pk.h" +#endif + +#if defined(MBEDTLS_USE_PSA_CRYPTO) +int mbedtls_pk_rsa_psa_err_translate( psa_status_t status ) +{ + switch( status ) + { + case PSA_ERROR_NOT_PERMITTED: + case PSA_ERROR_INVALID_ARGUMENT: + case PSA_ERROR_INVALID_HANDLE: + return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); + case PSA_ERROR_BUFFER_TOO_SMALL: + return( MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE ); + case PSA_ERROR_INSUFFICIENT_ENTROPY: + return( MBEDTLS_ERR_RSA_RNG_FAILED ); + case PSA_ERROR_INVALID_SIGNATURE: + return( MBEDTLS_ERR_RSA_VERIFY_FAILED ); + case PSA_ERROR_INVALID_PADDING: + return( MBEDTLS_ERR_RSA_INVALID_PADDING ); + default: + return( mbedtls_pk_psa_err_translate( status ) ); + } +} +#endif + #if !defined(MBEDTLS_RSA_ALT) /* Parameter validation macros */ From 3f9cef454742d2e130a66563bb2d3a8b592cdb78 Mon Sep 17 00:00:00 2001 From: Neil Armstrong Date: Mon, 21 Feb 2022 10:43:18 +0100 Subject: [PATCH 4/5] Remove actual and use new PSA to mbedtls PK errors mapping functions Signed-off-by: Neil Armstrong --- include/mbedtls/psa_util.h | 28 ---------------------------- library/pk.c | 7 ++----- library/pk_wrap.c | 14 +++++++------- 3 files changed, 9 insertions(+), 40 deletions(-) diff --git a/include/mbedtls/psa_util.h b/include/mbedtls/psa_util.h index e38e2e3469..a70ee9684e 100644 --- a/include/mbedtls/psa_util.h +++ b/include/mbedtls/psa_util.h @@ -277,34 +277,6 @@ static inline psa_key_type_t mbedtls_psa_parse_tls_ecc_group( } #endif /* MBEDTLS_ECP_C */ -/* Translations for PK layer */ - -static inline int mbedtls_psa_err_translate_pk( psa_status_t status ) -{ - switch( status ) - { - case PSA_SUCCESS: - return( 0 ); - case PSA_ERROR_NOT_SUPPORTED: - return( MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE ); - case PSA_ERROR_INSUFFICIENT_MEMORY: - return( MBEDTLS_ERR_PK_ALLOC_FAILED ); - case PSA_ERROR_INSUFFICIENT_ENTROPY: - return( MBEDTLS_ERR_ECP_RANDOM_FAILED ); - case PSA_ERROR_BAD_STATE: - return( MBEDTLS_ERR_PK_BAD_INPUT_DATA ); - /* All other failures */ - case PSA_ERROR_COMMUNICATION_FAILURE: - case PSA_ERROR_HARDWARE_FAILURE: - case PSA_ERROR_CORRUPTION_DETECTED: - return( MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED ); - default: /* We return the same as for the 'other failures', - * but list them separately nonetheless to indicate - * which failure conditions we have considered. */ - return( MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED ); - } -} - #endif /* MBEDTLS_USE_PSA_CRYPTO */ /* Expose whatever RNG the PSA subsystem uses to applications using the diff --git a/library/pk.c b/library/pk.c index 7c5c40bbd4..e9eff0a5a9 100644 --- a/library/pk.c +++ b/library/pk.c @@ -440,7 +440,7 @@ int mbedtls_pk_verify_ext( mbedtls_pk_type_t type, const void *options, if( status != PSA_SUCCESS ) { psa_destroy_key( key_id ); - return( mbedtls_psa_err_translate_pk( status ) ); + return( mbedtls_pk_psa_err_translate( status ) ); } /* This function requires returning MBEDTLS_ERR_PK_SIG_LEN_MISMATCH @@ -457,13 +457,10 @@ int mbedtls_pk_verify_ext( mbedtls_pk_type_t type, const void *options, if( status == PSA_SUCCESS && sig_len > mbedtls_pk_get_len( ctx ) ) return( MBEDTLS_ERR_PK_SIG_LEN_MISMATCH ); - if( status == PSA_ERROR_INVALID_SIGNATURE ) - return( MBEDTLS_ERR_RSA_VERIFY_FAILED ); - if( status == PSA_SUCCESS ) status = destruction_status; - return( mbedtls_psa_err_translate_pk( status ) ); + return( mbedtls_pk_rsa_psa_err_translate( status ) ); } else #endif diff --git a/library/pk_wrap.c b/library/pk_wrap.c index 0bb87a491b..9e14fbca6c 100644 --- a/library/pk_wrap.c +++ b/library/pk_wrap.c @@ -596,7 +596,7 @@ static int ecdsa_verify_wrap( void *ctx_arg, mbedtls_md_type_t md_alg, &key_id ); if( status != PSA_SUCCESS ) { - ret = mbedtls_psa_err_translate_pk( status ); + ret = mbedtls_pk_psa_err_translate( status ); goto cleanup; } @@ -615,12 +615,12 @@ static int ecdsa_verify_wrap( void *ctx_arg, mbedtls_md_type_t md_alg, goto cleanup; } - if( psa_verify_hash( key_id, psa_sig_md, - hash, hash_len, - buf, 2 * signature_part_size ) - != PSA_SUCCESS ) + status = psa_verify_hash( key_id, psa_sig_md, + hash, hash_len, + buf, 2 * signature_part_size ); + if( status != PSA_SUCCESS ) { - ret = MBEDTLS_ERR_ECP_VERIFY_FAILED; + ret = mbedtls_pk_ecp_psa_err_translate( status ); goto cleanup; } @@ -1045,7 +1045,7 @@ static int pk_opaque_sign_wrap( void *ctx, mbedtls_md_type_t md_alg, status = psa_sign_hash( *key, alg, hash, hash_len, sig, sig_size, sig_len ); if( status != PSA_SUCCESS ) - return( mbedtls_psa_err_translate_pk( status ) ); + return( mbedtls_pk_ecp_psa_err_translate( status ) ); /* transcode it to ASN.1 sequence */ return( pk_ecdsa_sig_asn1_from_psa( sig, sig_len, sig_size ) ); From 19915c2c001bb254c8a2ac7af97c78e585f15009 Mon Sep 17 00:00:00 2001 From: Neil Armstrong Date: Tue, 1 Mar 2022 15:21:02 +0100 Subject: [PATCH 5/5] Rename error translation functions and move them to library/pk_wrap.* Signed-off-by: Neil Armstrong --- include/mbedtls/pk.h | 12 ------ library/ecdsa.c | 26 ------------- library/pk.c | 38 +------------------ library/pk_wrap.c | 87 ++++++++++++++++++++++++++++++++++++++++++-- library/pk_wrap.h | 12 ++++++ library/rsa.c | 27 -------------- 6 files changed, 98 insertions(+), 104 deletions(-) diff --git a/include/mbedtls/pk.h b/include/mbedtls/pk.h index 189df8536e..9ad7a1df6d 100644 --- a/include/mbedtls/pk.h +++ b/include/mbedtls/pk.h @@ -84,18 +84,6 @@ extern "C" { #endif -#if defined(MBEDTLS_USE_PSA_CRYPTO) -int mbedtls_pk_psa_err_translate( psa_status_t status ); - -#if defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY) -int mbedtls_pk_ecp_psa_err_translate( psa_status_t status ); -#endif - -#if defined(PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY) -int mbedtls_pk_rsa_psa_err_translate( psa_status_t status ); -#endif -#endif - /** * \brief Public key types */ diff --git a/library/ecdsa.c b/library/ecdsa.c index a112ada5cb..0b612ce8af 100644 --- a/library/ecdsa.c +++ b/library/ecdsa.c @@ -47,38 +47,12 @@ #include "mbedtls/platform_util.h" #include "mbedtls/error.h" -#if defined(MBEDTLS_USE_PSA_CRYPTO) -#include "mbedtls/pk.h" -#endif - /* Parameter validation macros based on platform_util.h */ #define ECDSA_VALIDATE_RET( cond ) \ MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_ECP_BAD_INPUT_DATA ) #define ECDSA_VALIDATE( cond ) \ MBEDTLS_INTERNAL_VALIDATE( cond ) -#if defined(MBEDTLS_USE_PSA_CRYPTO) -int mbedtls_pk_ecp_psa_err_translate( psa_status_t status ) -{ - switch( status ) - { - case PSA_ERROR_NOT_PERMITTED: - case PSA_ERROR_INVALID_ARGUMENT: - return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA ); - case PSA_ERROR_INVALID_HANDLE: - return( MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE ); - case PSA_ERROR_BUFFER_TOO_SMALL: - return( MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL ); - case PSA_ERROR_INSUFFICIENT_ENTROPY: - return( MBEDTLS_ERR_ECP_RANDOM_FAILED ); - case PSA_ERROR_INVALID_SIGNATURE: - return( MBEDTLS_ERR_ECP_VERIFY_FAILED ); - default: - return( mbedtls_pk_psa_err_translate( status ) ); - } -} -#endif - #if defined(MBEDTLS_ECP_RESTARTABLE) /* diff --git a/library/pk.c b/library/pk.c index e9eff0a5a9..79eccaada7 100644 --- a/library/pk.c +++ b/library/pk.c @@ -147,40 +147,6 @@ int mbedtls_pk_setup( mbedtls_pk_context *ctx, const mbedtls_pk_info_t *info ) } #if defined(MBEDTLS_USE_PSA_CRYPTO) -int mbedtls_pk_psa_err_translate( psa_status_t status ) -{ - switch( status ) - { - case PSA_SUCCESS: - return( 0 ); - case PSA_ERROR_INVALID_HANDLE: - return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT ); - case PSA_ERROR_NOT_PERMITTED: - return( MBEDTLS_ERR_ERROR_GENERIC_ERROR ); - case PSA_ERROR_BUFFER_TOO_SMALL: - return( MBEDTLS_ERR_PK_BUFFER_TOO_SMALL ); - case PSA_ERROR_NOT_SUPPORTED: - return( MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE ); - case PSA_ERROR_INVALID_ARGUMENT: - return( MBEDTLS_ERR_PK_INVALID_ALG ); - case PSA_ERROR_INSUFFICIENT_MEMORY: - return( MBEDTLS_ERR_PK_ALLOC_FAILED ); - case PSA_ERROR_BAD_STATE: - return( MBEDTLS_ERR_PK_BAD_INPUT_DATA ); - case PSA_ERROR_COMMUNICATION_FAILURE: - case PSA_ERROR_HARDWARE_FAILURE: - return( MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED ); - case PSA_ERROR_DATA_CORRUPT: - case PSA_ERROR_DATA_INVALID: - case PSA_ERROR_STORAGE_FAILURE: - return( MBEDTLS_ERR_PK_FILE_IO_ERROR ); - case PSA_ERROR_CORRUPTION_DETECTED: - return( MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED ); - default: - return( MBEDTLS_ERR_ERROR_GENERIC_ERROR ); - } -} - /* * Initialise a PSA-wrapping context */ @@ -440,7 +406,7 @@ int mbedtls_pk_verify_ext( mbedtls_pk_type_t type, const void *options, if( status != PSA_SUCCESS ) { psa_destroy_key( key_id ); - return( mbedtls_pk_psa_err_translate( status ) ); + return( mbedtls_pk_error_from_psa( status ) ); } /* This function requires returning MBEDTLS_ERR_PK_SIG_LEN_MISMATCH @@ -460,7 +426,7 @@ int mbedtls_pk_verify_ext( mbedtls_pk_type_t type, const void *options, if( status == PSA_SUCCESS ) status = destruction_status; - return( mbedtls_pk_rsa_psa_err_translate( status ) ); + return( mbedtls_pk_error_from_psa_rsa( status ) ); } else #endif diff --git a/library/pk_wrap.c b/library/pk_wrap.c index 9e14fbca6c..b7dc7bfae2 100644 --- a/library/pk_wrap.c +++ b/library/pk_wrap.c @@ -61,6 +61,87 @@ #include #include +#if defined(MBEDTLS_USE_PSA_CRYPTO) +int mbedtls_pk_error_from_psa( psa_status_t status ) +{ + switch( status ) + { + case PSA_SUCCESS: + return( 0 ); + case PSA_ERROR_INVALID_HANDLE: + return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT ); + case PSA_ERROR_NOT_PERMITTED: + return( MBEDTLS_ERR_ERROR_GENERIC_ERROR ); + case PSA_ERROR_BUFFER_TOO_SMALL: + return( MBEDTLS_ERR_PK_BUFFER_TOO_SMALL ); + case PSA_ERROR_NOT_SUPPORTED: + return( MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE ); + case PSA_ERROR_INVALID_ARGUMENT: + return( MBEDTLS_ERR_PK_INVALID_ALG ); + case PSA_ERROR_INSUFFICIENT_MEMORY: + return( MBEDTLS_ERR_PK_ALLOC_FAILED ); + case PSA_ERROR_BAD_STATE: + return( MBEDTLS_ERR_PK_BAD_INPUT_DATA ); + case PSA_ERROR_COMMUNICATION_FAILURE: + case PSA_ERROR_HARDWARE_FAILURE: + return( MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED ); + case PSA_ERROR_DATA_CORRUPT: + case PSA_ERROR_DATA_INVALID: + case PSA_ERROR_STORAGE_FAILURE: + return( MBEDTLS_ERR_PK_FILE_IO_ERROR ); + case PSA_ERROR_CORRUPTION_DETECTED: + return( MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED ); + default: + return( MBEDTLS_ERR_ERROR_GENERIC_ERROR ); + } +} + +#if defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY) +int mbedtls_pk_error_from_psa_ecdca( psa_status_t status ) +{ + switch( status ) + { + case PSA_ERROR_NOT_PERMITTED: + case PSA_ERROR_INVALID_ARGUMENT: + return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA ); + case PSA_ERROR_INVALID_HANDLE: + return( MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE ); + case PSA_ERROR_BUFFER_TOO_SMALL: + return( MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL ); + case PSA_ERROR_INSUFFICIENT_ENTROPY: + return( MBEDTLS_ERR_ECP_RANDOM_FAILED ); + case PSA_ERROR_INVALID_SIGNATURE: + return( MBEDTLS_ERR_ECP_VERIFY_FAILED ); + default: + return( mbedtls_pk_error_from_psa( status ) ); + } +} +#endif + +#if defined(PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY) +int mbedtls_pk_error_from_psa_rsa( psa_status_t status ) +{ + switch( status ) + { + case PSA_ERROR_NOT_PERMITTED: + case PSA_ERROR_INVALID_ARGUMENT: + case PSA_ERROR_INVALID_HANDLE: + return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); + case PSA_ERROR_BUFFER_TOO_SMALL: + return( MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE ); + case PSA_ERROR_INSUFFICIENT_ENTROPY: + return( MBEDTLS_ERR_RSA_RNG_FAILED ); + case PSA_ERROR_INVALID_SIGNATURE: + return( MBEDTLS_ERR_RSA_VERIFY_FAILED ); + case PSA_ERROR_INVALID_PADDING: + return( MBEDTLS_ERR_RSA_INVALID_PADDING ); + default: + return( mbedtls_pk_error_from_psa( status ) ); + } +} +#endif +#endif + #if defined(MBEDTLS_RSA_C) static int rsa_can_do( mbedtls_pk_type_t type ) { @@ -596,7 +677,7 @@ static int ecdsa_verify_wrap( void *ctx_arg, mbedtls_md_type_t md_alg, &key_id ); if( status != PSA_SUCCESS ) { - ret = mbedtls_pk_psa_err_translate( status ); + ret = mbedtls_pk_error_from_psa( status ); goto cleanup; } @@ -620,7 +701,7 @@ static int ecdsa_verify_wrap( void *ctx_arg, mbedtls_md_type_t md_alg, buf, 2 * signature_part_size ); if( status != PSA_SUCCESS ) { - ret = mbedtls_pk_ecp_psa_err_translate( status ); + ret = mbedtls_pk_error_from_psa_ecdca( status ); goto cleanup; } @@ -1045,7 +1126,7 @@ static int pk_opaque_sign_wrap( void *ctx, mbedtls_md_type_t md_alg, status = psa_sign_hash( *key, alg, hash, hash_len, sig, sig_size, sig_len ); if( status != PSA_SUCCESS ) - return( mbedtls_pk_ecp_psa_err_translate( status ) ); + return( mbedtls_pk_error_from_psa_ecdca( status ) ); /* transcode it to ASN.1 sequence */ return( pk_ecdsa_sig_asn1_from_psa( sig, sig_len, sig_size ) ); diff --git a/library/pk_wrap.h b/library/pk_wrap.h index 6f5addf75b..ca0d8d837e 100644 --- a/library/pk_wrap.h +++ b/library/pk_wrap.h @@ -135,4 +135,16 @@ extern const mbedtls_pk_info_t mbedtls_rsa_alt_info; extern const mbedtls_pk_info_t mbedtls_pk_opaque_info; #endif +#if defined(MBEDTLS_USE_PSA_CRYPTO) +int mbedtls_pk_error_from_psa( psa_status_t status ); + +#if defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY) +int mbedtls_pk_error_from_psa_ecdca( psa_status_t status ); +#endif + +#if defined(PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY) +int mbedtls_pk_error_from_psa_rsa( psa_status_t status ); +#endif +#endif + #endif /* MBEDTLS_PK_WRAP_H */ diff --git a/library/rsa.c b/library/rsa.c index ef262d9dd5..36f487f3a7 100644 --- a/library/rsa.c +++ b/library/rsa.c @@ -66,33 +66,6 @@ #define mbedtls_free free #endif -#if defined(MBEDTLS_USE_PSA_CRYPTO) -#include "mbedtls/pk.h" -#endif - -#if defined(MBEDTLS_USE_PSA_CRYPTO) -int mbedtls_pk_rsa_psa_err_translate( psa_status_t status ) -{ - switch( status ) - { - case PSA_ERROR_NOT_PERMITTED: - case PSA_ERROR_INVALID_ARGUMENT: - case PSA_ERROR_INVALID_HANDLE: - return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); - case PSA_ERROR_BUFFER_TOO_SMALL: - return( MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE ); - case PSA_ERROR_INSUFFICIENT_ENTROPY: - return( MBEDTLS_ERR_RSA_RNG_FAILED ); - case PSA_ERROR_INVALID_SIGNATURE: - return( MBEDTLS_ERR_RSA_VERIFY_FAILED ); - case PSA_ERROR_INVALID_PADDING: - return( MBEDTLS_ERR_RSA_INVALID_PADDING ); - default: - return( mbedtls_pk_psa_err_translate( status ) ); - } -} -#endif - #if !defined(MBEDTLS_RSA_ALT) /* Parameter validation macros */