Merge pull request #55 from davidsaada/david_its_ps_err_codes

Modify PSA related error codes and types

library/psa_crypto.c

@@ -346,7 +346,7 @@ static psa_status_t mbedtls_to_psa_error( int ret )
             return( PSA_ERROR_HARDWARE_FAILURE );
 
         default:
-            return( PSA_ERROR_UNKNOWN_ERROR );
+            return( PSA_ERROR_GENERIC_ERROR );
     }
 }
 
@@ -742,7 +742,7 @@ static psa_status_t psa_get_empty_key_slot( psa_key_handle_t handle,
         return( status );
 
     if( slot->type != PSA_KEY_TYPE_NONE )
-        return( PSA_ERROR_OCCUPIED_SLOT );
+        return( PSA_ERROR_ALREADY_EXISTS );
 
     *p_slot = slot;
     return( status );
@@ -839,7 +839,7 @@ static psa_status_t psa_get_key_from_slot( psa_key_handle_t handle,
     if( status != PSA_SUCCESS )
         return( status );
     if( slot->type == PSA_KEY_TYPE_NONE )
-        return( PSA_ERROR_EMPTY_SLOT );
+        return( PSA_ERROR_DOES_NOT_EXIST );
 
     /* Enforce that usage policy for the key slot contains all the flags
      * required by the usage parameter. There is one exception: public
@@ -1001,7 +1001,7 @@ psa_status_t psa_get_key_information( psa_key_handle_t handle,
         return( status );
 
     if( slot->type == PSA_KEY_TYPE_NONE )
-        return( PSA_ERROR_EMPTY_SLOT );
+        return( PSA_ERROR_DOES_NOT_EXIST );
     if( type != NULL )
         *type = slot->type;
     if( bits != NULL )
@@ -3098,7 +3098,7 @@ psa_status_t psa_cipher_finish( psa_cipher_operation_t *operation,
                                 size_t output_size,
                                 size_t *output_length )
 {
-    psa_status_t status = PSA_ERROR_UNKNOWN_ERROR;
+    psa_status_t status = PSA_ERROR_GENERIC_ERROR;
     int cipher_ret = MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE;
     uint8_t temp_output_buffer[MBEDTLS_MAX_BLOCK_LENGTH];
 
@@ -3855,7 +3855,7 @@ psa_status_t psa_generator_read( psa_crypto_generator_t *generator,
         generator->capacity = 0;
         /* Go through the error path to wipe all confidential data now
          * that the generator object is useless. */
-        status = PSA_ERROR_INSUFFICIENT_CAPACITY;
+        status = PSA_ERROR_INSUFFICIENT_DATA;
         goto exit;
     }
     if( output_length == 0 &&
@@ -3867,7 +3867,7 @@ psa_status_t psa_generator_read( psa_crypto_generator_t *generator,
          * INSUFFICIENT_CAPACITY, which is right for a finished
          * generator, for consistency with the case when
          * output_length > 0. */
-        return( PSA_ERROR_INSUFFICIENT_CAPACITY );
+        return( PSA_ERROR_INSUFFICIENT_DATA );
     }
     generator->capacity -= output_length;
 
@@ -4391,45 +4391,11 @@ psa_status_t psa_generate_random( uint8_t *output,
 
 #if ( defined(MBEDTLS_ENTROPY_NV_SEED) && defined(MBEDTLS_PSA_HAS_ITS_IO) )
 
-/* Support function for error conversion between psa_its error codes to psa crypto */
-static psa_status_t its_to_psa_error( psa_its_status_t ret )
-{
-    switch( ret )
-    {
-        case PSA_ITS_SUCCESS:
-            return( PSA_SUCCESS );
-
-        case PSA_ITS_ERROR_UID_NOT_FOUND:
-            return( PSA_ERROR_EMPTY_SLOT );
-
-        case PSA_ITS_ERROR_STORAGE_FAILURE:
-            return( PSA_ERROR_STORAGE_FAILURE );
-
-        case PSA_ITS_ERROR_INSUFFICIENT_SPACE:
-            return( PSA_ERROR_INSUFFICIENT_STORAGE );
-
-        case PSA_ITS_ERROR_OFFSET_INVALID:
-        case PSA_ITS_ERROR_INCORRECT_SIZE:
-        case PSA_ITS_ERROR_INVALID_ARGUMENTS:
-            return( PSA_ERROR_INVALID_ARGUMENT );
-
-        case PSA_ITS_ERROR_FLAGS_NOT_SUPPORTED:
-            return( PSA_ERROR_NOT_SUPPORTED );
-
-        case PSA_ITS_ERROR_WRITE_ONCE:
-            return( PSA_ERROR_OCCUPIED_SLOT );
-
-        default:
-            return( PSA_ERROR_UNKNOWN_ERROR );
-    }
-}
-
 psa_status_t mbedtls_psa_inject_entropy( const unsigned char *seed,
                                          size_t seed_size )
 {
     psa_status_t status;
-    psa_its_status_t its_status;
-    struct psa_its_info_t p_info;
+    struct psa_storage_info_t p_info;
     if( global_data.initialized )
         return( PSA_ERROR_NOT_PERMITTED );
 
@@ -4438,15 +4404,13 @@ psa_status_t mbedtls_psa_inject_entropy( const unsigned char *seed,
           ( seed_size > MBEDTLS_ENTROPY_MAX_SEED_SIZE ) )
             return( PSA_ERROR_INVALID_ARGUMENT );
 
-    its_status = psa_its_get_info( PSA_CRYPTO_ITS_RANDOM_SEED_UID, &p_info );
-    status = its_to_psa_error( its_status );
+    status = psa_its_get_info( PSA_CRYPTO_ITS_RANDOM_SEED_UID, &p_info );
 
-    if( PSA_ITS_ERROR_UID_NOT_FOUND == its_status ) /* No seed exists */
+    if( PSA_ERROR_DOES_NOT_EXIST == status ) /* No seed exists */
     {
-        its_status = psa_its_set( PSA_CRYPTO_ITS_RANDOM_SEED_UID, seed_size, seed, 0 );
-        status = its_to_psa_error( its_status );
+        status = psa_its_set( PSA_CRYPTO_ITS_RANDOM_SEED_UID, seed_size, seed, 0 );
     }
-    else if( PSA_ITS_SUCCESS == its_status )
+    else if( PSA_SUCCESS == status )
     {
         /* You should not be here. Seed needs to be injected only once */
         status = PSA_ERROR_NOT_PERMITTED;

library/psa_crypto_slot_management.c

@@ -194,7 +194,7 @@ exit:
  *
  * \retval #PSA_SUCCESS
  *         The slot content was loaded successfully.
- * \retval #PSA_ERROR_EMPTY_SLOT
+ * \retval #PSA_ERROR_DOES_NOT_EXIST
  *         There is no content for this slot in persistent storage.
  * \retval #PSA_ERROR_INVALID_HANDLE
  * \retval #PSA_ERROR_INVALID_ARGUMENT
@@ -274,11 +274,11 @@ psa_status_t psa_create_key( psa_key_lifetime_t lifetime,
     psa_status_t status;
 
     status = persistent_key_setup( lifetime, id, handle,
-                                   PSA_ERROR_EMPTY_SLOT );
+                                   PSA_ERROR_DOES_NOT_EXIST );
     switch( status )
     {
-        case PSA_SUCCESS: return( PSA_ERROR_OCCUPIED_SLOT );
-        case PSA_ERROR_EMPTY_SLOT: return( PSA_SUCCESS );
+        case PSA_SUCCESS: return( PSA_ERROR_ALREADY_EXISTS );
+        case PSA_ERROR_DOES_NOT_EXIST: return( PSA_SUCCESS );
         default: return( status );
     }
 }

library/psa_crypto_storage.h

@@ -84,7 +84,7 @@ extern "C" {
  * \retval PSA_ERROR_INSUFFICIENT_MEMORY
  * \retval PSA_ERROR_INSUFFICIENT_STORAGE
  * \retval PSA_ERROR_STORAGE_FAILURE
- * \retval PSA_ERROR_OCCUPIED_SLOT
+ * \retval PSA_ERROR_ALREADY_EXISTS
  */
 psa_status_t psa_save_persistent_key( const psa_key_id_t key,
                                       const psa_key_type_t type,
@@ -115,7 +115,7 @@ psa_status_t psa_save_persistent_key( const psa_key_id_t key,
  * \retval PSA_SUCCESS
  * \retval PSA_ERROR_INSUFFICIENT_MEMORY
  * \retval PSA_ERROR_STORAGE_FAILURE
- * \retval PSA_ERROR_EMPTY_SLOT
+ * \retval PSA_ERROR_DOES_NOT_EXIST
  */
 psa_status_t psa_load_persistent_key( psa_key_id_t key,
                                       psa_key_type_t *type,

library/psa_crypto_storage_backend.h

@@ -54,7 +54,7 @@ extern "C" {
  *
  * \retval PSA_SUCCESS
  * \retval PSA_ERROR_STORAGE_FAILURE
- * \retval PSA_ERROR_EMPTY_SLOT
+ * \retval PSA_ERROR_DOES_NOT_EXIST
  */
 psa_status_t psa_crypto_storage_load( const psa_key_id_t key, uint8_t *data,
                                       size_t data_size );
@@ -73,7 +73,7 @@ psa_status_t psa_crypto_storage_load( const psa_key_id_t key, uint8_t *data,
  * \retval PSA_SUCCESS
  * \retval PSA_ERROR_INSUFFICIENT_STORAGE
  * \retval PSA_ERROR_STORAGE_FAILURE
- * \retval PSA_ERROR_OCCUPIED_SLOT
+ * \retval PSA_ERROR_ALREADY_EXISTS
  */
 psa_status_t psa_crypto_storage_store( const psa_key_id_t key,
                                        const uint8_t *data,

library/psa_crypto_storage_file.c

@@ -119,7 +119,7 @@ psa_status_t psa_crypto_storage_store( const psa_key_id_t key,
     key_id_to_location( key, slot_location, MAX_LOCATION_LEN );
 
     if( psa_is_key_present_in_storage( key ) == 1 )
-        return( PSA_ERROR_OCCUPIED_SLOT );
+        return( PSA_ERROR_ALREADY_EXISTS );
 
     file = fopen( temp_location, "wb" );
     if( file == NULL )
@@ -187,7 +187,7 @@ psa_status_t psa_crypto_storage_get_data_length( const psa_key_id_t key,
 
     file = fopen( slot_location, "rb" );
     if( file == NULL )
-        return( PSA_ERROR_EMPTY_SLOT );
+        return( PSA_ERROR_DOES_NOT_EXIST );
 
     if( fseek( file, 0, SEEK_END ) != 0 )
     {

library/psa_crypto_storage_its.c

@@ -27,6 +27,7 @@
 
 #if defined(MBEDTLS_PSA_CRYPTO_STORAGE_ITS_C)
 
+#include "psa/error.h"
 #include "psa/crypto.h"
 #include "psa_crypto_storage_backend.h"
 #include "psa/internal_trusted_storage.h"
@@ -35,39 +36,7 @@
 #include "mbedtls/platform.h"
 #endif
 
-static psa_status_t its_to_psa_error( psa_its_status_t ret )
-{
-    switch( ret )
-    {
-        case PSA_ITS_SUCCESS:
-            return( PSA_SUCCESS );
-
-        case PSA_ITS_ERROR_UID_NOT_FOUND:
-            return( PSA_ERROR_EMPTY_SLOT );
-
-        case PSA_ITS_ERROR_STORAGE_FAILURE:
-            return( PSA_ERROR_STORAGE_FAILURE );
-
-        case PSA_ITS_ERROR_INSUFFICIENT_SPACE:
-            return( PSA_ERROR_INSUFFICIENT_STORAGE );
-
-        case PSA_ITS_ERROR_OFFSET_INVALID:
-        case PSA_ITS_ERROR_INCORRECT_SIZE:
-        case PSA_ITS_ERROR_INVALID_ARGUMENTS:
-            return( PSA_ERROR_INVALID_ARGUMENT );
-
-        case PSA_ITS_ERROR_FLAGS_NOT_SUPPORTED:
-            return( PSA_ERROR_NOT_SUPPORTED );
-
-        case PSA_ITS_ERROR_WRITE_ONCE:
-            return( PSA_ERROR_OCCUPIED_SLOT );
-
-        default:
-            return( PSA_ERROR_UNKNOWN_ERROR );
-    }
-}
-
-static psa_its_uid_t psa_its_identifier_of_slot( psa_key_id_t key )
+static psa_storage_uid_t psa_its_identifier_of_slot( psa_key_id_t key )
 {
     return( key );
 }
@@ -75,31 +44,28 @@ static psa_its_uid_t psa_its_identifier_of_slot( psa_key_id_t key )
 psa_status_t psa_crypto_storage_load( const psa_key_id_t key, uint8_t *data,
                                       size_t data_size )
 {
-    psa_its_status_t ret;
     psa_status_t status;
-    psa_its_uid_t data_identifier = psa_its_identifier_of_slot( key );
-    struct psa_its_info_t data_identifier_info;
+    psa_storage_uid_t data_identifier = psa_its_identifier_of_slot( key );
+    struct psa_storage_info_t data_identifier_info;
 
-    ret = psa_its_get_info( data_identifier, &data_identifier_info );
-    status = its_to_psa_error( ret );
-    if( status != PSA_SUCCESS )
+    status = psa_its_get_info( data_identifier, &data_identifier_info );
+    if( status  != PSA_SUCCESS )
         return( status );
 
-    ret = psa_its_get( data_identifier, 0, data_size, data );
-    status = its_to_psa_error( ret );
+    status = psa_its_get( data_identifier, 0, data_size, data );
 
     return( status );
 }
 
 int psa_is_key_present_in_storage( const psa_key_id_t key )
 {
-    psa_its_status_t ret;
-    psa_its_uid_t data_identifier = psa_its_identifier_of_slot( key );
-    struct psa_its_info_t data_identifier_info;
+    psa_status_t ret;
+    psa_storage_uid_t data_identifier = psa_its_identifier_of_slot( key );
+    struct psa_storage_info_t data_identifier_info;
 
     ret = psa_its_get_info( data_identifier, &data_identifier_info );
 
-    if( ret == PSA_ITS_ERROR_UID_NOT_FOUND )
+    if( ret == PSA_ERROR_DOES_NOT_EXIST )
         return( 0 );
     return( 1 );
 }
@@ -108,23 +74,20 @@ psa_status_t psa_crypto_storage_store( const psa_key_id_t key,
                                        const uint8_t *data,
                                        size_t data_length )
 {
-    psa_its_status_t ret;
     psa_status_t status;
-    psa_its_uid_t data_identifier = psa_its_identifier_of_slot( key );
-    struct psa_its_info_t data_identifier_info;
+    psa_storage_uid_t data_identifier = psa_its_identifier_of_slot( key );
+    struct psa_storage_info_t data_identifier_info;
 
     if( psa_is_key_present_in_storage( key ) == 1 )
-        return( PSA_ERROR_OCCUPIED_SLOT );
+        return( PSA_ERROR_ALREADY_EXISTS );
 
-    ret = psa_its_set( data_identifier, data_length, data, 0 );
-    status = its_to_psa_error( ret );
+    status = psa_its_set( data_identifier, data_length, data, 0 );
     if( status != PSA_SUCCESS )
     {
         return( PSA_ERROR_STORAGE_FAILURE );
     }
 
-    ret = psa_its_get_info( data_identifier, &data_identifier_info );
-    status = its_to_psa_error( ret );
+    status = psa_its_get_info( data_identifier, &data_identifier_info );
     if( status != PSA_SUCCESS )
     {
         goto exit;
@@ -144,19 +107,19 @@ exit:
 
 psa_status_t psa_destroy_persistent_key( const psa_key_id_t key )
 {
-    psa_its_status_t ret;
-    psa_its_uid_t data_identifier = psa_its_identifier_of_slot( key );
-    struct psa_its_info_t data_identifier_info;
+    psa_status_t ret;
+    psa_storage_uid_t data_identifier = psa_its_identifier_of_slot( key );
+    struct psa_storage_info_t data_identifier_info;
 
     ret = psa_its_get_info( data_identifier, &data_identifier_info );
-    if( ret == PSA_ITS_ERROR_UID_NOT_FOUND )
+    if( ret == PSA_ERROR_DOES_NOT_EXIST )
         return( PSA_SUCCESS );
 
-    if( psa_its_remove( data_identifier ) != PSA_ITS_SUCCESS )
+    if( psa_its_remove( data_identifier ) != PSA_SUCCESS )
         return( PSA_ERROR_STORAGE_FAILURE );
 
     ret = psa_its_get_info( data_identifier, &data_identifier_info );
-    if( ret != PSA_ITS_ERROR_UID_NOT_FOUND )
+    if( ret != PSA_ERROR_DOES_NOT_EXIST )
         return( PSA_ERROR_STORAGE_FAILURE );
 
     return( PSA_SUCCESS );
@@ -165,13 +128,11 @@ psa_status_t psa_destroy_persistent_key( const psa_key_id_t key )
 psa_status_t psa_crypto_storage_get_data_length( const psa_key_id_t key,
                                                  size_t *data_length )
 {
-    psa_its_status_t ret;
     psa_status_t status;
-    psa_its_uid_t data_identifier = psa_its_identifier_of_slot( key );
-    struct psa_its_info_t data_identifier_info;
+    psa_storage_uid_t data_identifier = psa_its_identifier_of_slot( key );
+    struct psa_storage_info_t data_identifier_info;
 
-    ret = psa_its_get_info( data_identifier, &data_identifier_info );
-    status = its_to_psa_error( ret );
+    status = psa_its_get_info( data_identifier, &data_identifier_info );
     if( status != PSA_SUCCESS )
         return( status );