lib/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-07-28 00:21:48 +03:00
Code Activity

Unify PSA to Mbed TLS error translation

Browse Source 
Move all error translation utilities to psa_util.c.
Introduce macros and functions to avoid having
a local copy of the error translating function in
each place.
Identify overlapping errors and introduce a
generic function.
Provide a single macro for all error translations
(unless one file needs a couple of different ones).
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
This commit is contained in:
Andrzej Kurek
2022-12-23 11:00:06 -05:00
parent 05b80a4eee
commit 8a045ce5e6
29 changed files with 459 additions and 147 deletions
Download Patch File Download Diff File Expand all files Collapse all files

40
library/ssl_tls13_keys.c
View File

@ -35,6 +35,10 @@
#include "psa/crypto.h"
#define PSA_TO_MBEDTLS_ERR(status) PSA_TO_MBEDTLS_ERR_LIST(status, \
psa_to_ssl_errors, \
psa_generic_status_to_mbedtls)
#define MBEDTLS_SSL_TLS1_3_LABEL(name, string) \
.name = string,
@ -215,7 +219,7 @@ cleanup:
abort_status = psa_key_derivation_abort(&operation);
status = (status == PSA_SUCCESS ? abort_status : status);
mbedtls_platform_zeroize(hkdf_label, hkdf_label_len);
return psa_ssl_status_to_mbedtls(status);
return PSA_TO_MBEDTLS_ERR(status);
}
MBEDTLS_CHECK_RETURN_CRITICAL
@ -309,7 +313,7 @@ int mbedtls_ssl_tls13_derive_secret(
status = psa_hash_compute(hash_alg, ctx, ctx_len, hashed_context,
PSA_HASH_LENGTH(hash_alg), &ctx_len);
if (status != PSA_SUCCESS) {
ret = psa_ssl_status_to_mbedtls(status);
ret = PSA_TO_MBEDTLS_ERR(status);
return ret;
}
} else {
@ -416,7 +420,7 @@ int mbedtls_ssl_tls13_evolve_secret(
cleanup:
abort_status = psa_key_derivation_abort(&operation);
status = (status == PSA_SUCCESS ? abort_status : status);
ret = (ret == 0 ? psa_ssl_status_to_mbedtls(status) : ret);
ret = (ret == 0 ? PSA_TO_MBEDTLS_ERR(status) : ret);
mbedtls_platform_zeroize(tmp_secret, sizeof(tmp_secret));
return ret;
}
@ -740,19 +744,19 @@ static int ssl_tls13_calc_finished_core(psa_algorithm_t hash_alg,
status = psa_import_key(&attributes, finished_key, hash_len, &key);
if (status != PSA_SUCCESS) {
ret = psa_ssl_status_to_mbedtls(status);
ret = PSA_TO_MBEDTLS_ERR(status);
goto exit;
}
status = psa_mac_compute(key, alg, transcript, hash_len,
dst, hash_len, dst_len);
ret = psa_ssl_status_to_mbedtls(status);
ret = PSA_TO_MBEDTLS_ERR(status);
exit:
status = psa_destroy_key(key);
if (ret == 0) {
ret = psa_ssl_status_to_mbedtls(status);
ret = PSA_TO_MBEDTLS_ERR(status);
}
mbedtls_platform_zeroize(finished_key, sizeof(finished_key));
@ -1040,8 +1044,8 @@ int mbedtls_ssl_tls13_populate_transform(mbedtls_ssl_transform *transform,
&alg,
&key_type,
&key_bits)) != PSA_SUCCESS) {
MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_cipher_to_psa", psa_ssl_status_to_mbedtls(status));
return psa_ssl_status_to_mbedtls(status);
MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_cipher_to_psa", PSA_TO_MBEDTLS_ERR(status));
return PSA_TO_MBEDTLS_ERR(status);
}
transform->psa_alg = alg;
@ -1055,8 +1059,8 @@ int mbedtls_ssl_tls13_populate_transform(mbedtls_ssl_transform *transform,
key_enc,
PSA_BITS_TO_BYTES(key_bits),
&transform->psa_key_enc)) != PSA_SUCCESS) {
MBEDTLS_SSL_DEBUG_RET(1, "psa_import_key", psa_ssl_status_to_mbedtls(status));
return psa_ssl_status_to_mbedtls(status);
MBEDTLS_SSL_DEBUG_RET(1, "psa_import_key", PSA_TO_MBEDTLS_ERR(status));
return PSA_TO_MBEDTLS_ERR(status);
}
psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_DECRYPT);
@ -1065,8 +1069,8 @@ int mbedtls_ssl_tls13_populate_transform(mbedtls_ssl_transform *transform,
key_dec,
PSA_BITS_TO_BYTES(key_bits),
&transform->psa_key_dec)) != PSA_SUCCESS) {
MBEDTLS_SSL_DEBUG_RET(1, "psa_import_key", psa_ssl_status_to_mbedtls(status));
return psa_ssl_status_to_mbedtls(status);
MBEDTLS_SSL_DEBUG_RET(1, "psa_import_key", PSA_TO_MBEDTLS_ERR(status));
return PSA_TO_MBEDTLS_ERR(status);
}
}
#endif /* MBEDTLS_USE_PSA_CRYPTO */
@ -1094,7 +1098,7 @@ static int ssl_tls13_get_cipher_key_info(
status = mbedtls_ssl_cipher_to_psa(ciphersuite_info->cipher, taglen,
&alg, &key_type, &key_bits);
if (status != PSA_SUCCESS) {
return psa_ssl_status_to_mbedtls(status);
return PSA_TO_MBEDTLS_ERR(status);
}
*key_len = PSA_BITS_TO_BYTES(key_bits);
@ -1467,7 +1471,7 @@ static int ssl_tls13_key_schedule_stage_handshake(mbedtls_ssl_context *ssl)
status = psa_get_key_attributes(handshake->ecdh_psa_privkey,
&key_attributes);
if (status != PSA_SUCCESS) {
ret = psa_ssl_status_to_mbedtls(status);
ret = PSA_TO_MBEDTLS_ERR(status);
}
shared_secret_len = PSA_BITS_TO_BYTES(
@ -1482,14 +1486,14 @@ static int ssl_tls13_key_schedule_stage_handshake(mbedtls_ssl_context *ssl)
handshake->ecdh_psa_peerkey, handshake->ecdh_psa_peerkey_len,
shared_secret, shared_secret_len, &shared_secret_len);
if (status != PSA_SUCCESS) {
ret = psa_ssl_status_to_mbedtls(status);
ret = PSA_TO_MBEDTLS_ERR(status);
MBEDTLS_SSL_DEBUG_RET(1, "psa_raw_key_agreement", ret);
goto cleanup;
}
status = psa_destroy_key(handshake->ecdh_psa_privkey);
if (status != PSA_SUCCESS) {
ret = psa_ssl_status_to_mbedtls(status);
ret = PSA_TO_MBEDTLS_ERR(status);
MBEDTLS_SSL_DEBUG_RET(1, "psa_destroy_key", ret);
goto cleanup;
}
@ -1826,7 +1830,7 @@ int mbedtls_ssl_tls13_export_handshake_psk(mbedtls_ssl_context *ssl,
status = psa_get_key_attributes(ssl->handshake->psk_opaque, &key_attributes);
if (status != PSA_SUCCESS) {
return psa_ssl_status_to_mbedtls(status);
return PSA_TO_MBEDTLS_ERR(status);
}
*psk_len = PSA_BITS_TO_BYTES(psa_get_key_bits(&key_attributes));
@ -1840,7 +1844,7 @@ int mbedtls_ssl_tls13_export_handshake_psk(mbedtls_ssl_context *ssl,
if (status != PSA_SUCCESS) {
mbedtls_free((void *) *psk);
*psk = NULL;
return psa_ssl_status_to_mbedtls(status);
return PSA_TO_MBEDTLS_ERR(status);
}
return 0;
#else