Merge pull request #5529 from superna9999/5514-translate-psa-errs-to-mbedtls
Rename, move and refine PSA to mbedtls PK errors mappings
This commit is contained in:
Gilles Peskine
GitHub
commit
1f13e984ad
4 changed files with 102 additions and 40 deletions
|
|
@ -277,34 +277,6 @@ static inline psa_key_type_t mbedtls_psa_parse_tls_ecc_group(
|
|||
}
|
||||
#endif /* MBEDTLS_ECP_C */
|
||||
|
||||
/* Translations for PK layer */
|
||||
|
||||
static inline int mbedtls_psa_err_translate_pk( psa_status_t status )
|
||||
{
|
||||
switch( status )
|
||||
{
|
||||
case PSA_SUCCESS:
|
||||
return( 0 );
|
||||
case PSA_ERROR_NOT_SUPPORTED:
|
||||
return( MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE );
|
||||
case PSA_ERROR_INSUFFICIENT_MEMORY:
|
||||
return( MBEDTLS_ERR_PK_ALLOC_FAILED );
|
||||
case PSA_ERROR_INSUFFICIENT_ENTROPY:
|
||||
return( MBEDTLS_ERR_ECP_RANDOM_FAILED );
|
||||
case PSA_ERROR_BAD_STATE:
|
||||
return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
|
||||
/* All other failures */
|
||||
case PSA_ERROR_COMMUNICATION_FAILURE:
|
||||
case PSA_ERROR_HARDWARE_FAILURE:
|
||||
case PSA_ERROR_CORRUPTION_DETECTED:
|
||||
return( MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED );
|
||||
default: /* We return the same as for the 'other failures',
|
||||
* but list them separately nonetheless to indicate
|
||||
* which failure conditions we have considered. */
|
||||
return( MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED );
|
||||
}
|
||||
}
|
||||
|
||||
#endif /* MBEDTLS_USE_PSA_CRYPTO */
|
||||
|
||||
/* Expose whatever RNG the PSA subsystem uses to applications using the
|
||||
|
|
|
|||
|
|
@ -406,7 +406,7 @@ int mbedtls_pk_verify_ext( mbedtls_pk_type_t type, const void *options,
|
|||
if( status != PSA_SUCCESS )
|
||||
{
|
||||
psa_destroy_key( key_id );
|
||||
return( mbedtls_psa_err_translate_pk( status ) );
|
||||
return( mbedtls_pk_error_from_psa( status ) );
|
||||
}
|
||||
|
||||
/* This function requires returning MBEDTLS_ERR_PK_SIG_LEN_MISMATCH
|
||||
|
|
@ -423,13 +423,10 @@ int mbedtls_pk_verify_ext( mbedtls_pk_type_t type, const void *options,
|
|||
if( status == PSA_SUCCESS && sig_len > mbedtls_pk_get_len( ctx ) )
|
||||
return( MBEDTLS_ERR_PK_SIG_LEN_MISMATCH );
|
||||
|
||||
if( status == PSA_ERROR_INVALID_SIGNATURE )
|
||||
return( MBEDTLS_ERR_RSA_VERIFY_FAILED );
|
||||
|
||||
if( status == PSA_SUCCESS )
|
||||
status = destruction_status;
|
||||
|
||||
return( mbedtls_psa_err_translate_pk( status ) );
|
||||
return( mbedtls_pk_error_from_psa_rsa( status ) );
|
||||
}
|
||||
else
|
||||
#endif
|
||||
|
|
|
|||
|
|
@ -65,6 +65,87 @@
|
|||
#include <limits.h>
|
||||
#include <stdint.h>
|
||||
|
||||
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||
int mbedtls_pk_error_from_psa( psa_status_t status )
|
||||
{
|
||||
switch( status )
|
||||
{
|
||||
case PSA_SUCCESS:
|
||||
return( 0 );
|
||||
case PSA_ERROR_INVALID_HANDLE:
|
||||
return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT );
|
||||
case PSA_ERROR_NOT_PERMITTED:
|
||||
return( MBEDTLS_ERR_ERROR_GENERIC_ERROR );
|
||||
case PSA_ERROR_BUFFER_TOO_SMALL:
|
||||
return( MBEDTLS_ERR_PK_BUFFER_TOO_SMALL );
|
||||
case PSA_ERROR_NOT_SUPPORTED:
|
||||
return( MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE );
|
||||
case PSA_ERROR_INVALID_ARGUMENT:
|
||||
return( MBEDTLS_ERR_PK_INVALID_ALG );
|
||||
case PSA_ERROR_INSUFFICIENT_MEMORY:
|
||||
return( MBEDTLS_ERR_PK_ALLOC_FAILED );
|
||||
case PSA_ERROR_BAD_STATE:
|
||||
return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
|
||||
case PSA_ERROR_COMMUNICATION_FAILURE:
|
||||
case PSA_ERROR_HARDWARE_FAILURE:
|
||||
return( MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED );
|
||||
case PSA_ERROR_DATA_CORRUPT:
|
||||
case PSA_ERROR_DATA_INVALID:
|
||||
case PSA_ERROR_STORAGE_FAILURE:
|
||||
return( MBEDTLS_ERR_PK_FILE_IO_ERROR );
|
||||
case PSA_ERROR_CORRUPTION_DETECTED:
|
||||
return( MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED );
|
||||
default:
|
||||
return( MBEDTLS_ERR_ERROR_GENERIC_ERROR );
|
||||
}
|
||||
}
|
||||
|
||||
#if defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY)
|
||||
int mbedtls_pk_error_from_psa_ecdca( psa_status_t status )
|
||||
{
|
||||
switch( status )
|
||||
{
|
||||
case PSA_ERROR_NOT_PERMITTED:
|
||||
case PSA_ERROR_INVALID_ARGUMENT:
|
||||
return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
|
||||
case PSA_ERROR_INVALID_HANDLE:
|
||||
return( MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE );
|
||||
case PSA_ERROR_BUFFER_TOO_SMALL:
|
||||
return( MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL );
|
||||
case PSA_ERROR_INSUFFICIENT_ENTROPY:
|
||||
return( MBEDTLS_ERR_ECP_RANDOM_FAILED );
|
||||
case PSA_ERROR_INVALID_SIGNATURE:
|
||||
return( MBEDTLS_ERR_ECP_VERIFY_FAILED );
|
||||
default:
|
||||
return( mbedtls_pk_error_from_psa( status ) );
|
||||
}
|
||||
}
|
||||
#endif
|
||||
|
||||
#if defined(PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY)
|
||||
int mbedtls_pk_error_from_psa_rsa( psa_status_t status )
|
||||
{
|
||||
switch( status )
|
||||
{
|
||||
case PSA_ERROR_NOT_PERMITTED:
|
||||
case PSA_ERROR_INVALID_ARGUMENT:
|
||||
case PSA_ERROR_INVALID_HANDLE:
|
||||
return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
|
||||
case PSA_ERROR_BUFFER_TOO_SMALL:
|
||||
return( MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE );
|
||||
case PSA_ERROR_INSUFFICIENT_ENTROPY:
|
||||
return( MBEDTLS_ERR_RSA_RNG_FAILED );
|
||||
case PSA_ERROR_INVALID_SIGNATURE:
|
||||
return( MBEDTLS_ERR_RSA_VERIFY_FAILED );
|
||||
case PSA_ERROR_INVALID_PADDING:
|
||||
return( MBEDTLS_ERR_RSA_INVALID_PADDING );
|
||||
default:
|
||||
return( mbedtls_pk_error_from_psa( status ) );
|
||||
}
|
||||
}
|
||||
#endif
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_RSA_C)
|
||||
static int rsa_can_do( mbedtls_pk_type_t type )
|
||||
{
|
||||
|
|
@ -599,7 +680,7 @@ static int ecdsa_verify_wrap( void *ctx_arg, mbedtls_md_type_t md_alg,
|
|||
&key_id );
|
||||
if( status != PSA_SUCCESS )
|
||||
{
|
||||
ret = mbedtls_psa_err_translate_pk( status );
|
||||
ret = mbedtls_pk_error_from_psa( status );
|
||||
goto cleanup;
|
||||
}
|
||||
|
||||
|
|
@ -618,12 +699,12 @@ static int ecdsa_verify_wrap( void *ctx_arg, mbedtls_md_type_t md_alg,
|
|||
goto cleanup;
|
||||
}
|
||||
|
||||
if( psa_verify_hash( key_id, psa_sig_md,
|
||||
hash, hash_len,
|
||||
buf, 2 * signature_part_size )
|
||||
!= PSA_SUCCESS )
|
||||
status = psa_verify_hash( key_id, psa_sig_md,
|
||||
hash, hash_len,
|
||||
buf, 2 * signature_part_size );
|
||||
if( status != PSA_SUCCESS )
|
||||
{
|
||||
ret = MBEDTLS_ERR_ECP_VERIFY_FAILED;
|
||||
ret = mbedtls_pk_error_from_psa_ecdca( status );
|
||||
goto cleanup;
|
||||
}
|
||||
|
||||
|
|
@ -1048,7 +1129,7 @@ static int pk_opaque_sign_wrap( void *ctx, mbedtls_md_type_t md_alg,
|
|||
status = psa_sign_hash( *key, alg, hash, hash_len,
|
||||
sig, sig_size, sig_len );
|
||||
if( status != PSA_SUCCESS )
|
||||
return( mbedtls_psa_err_translate_pk( status ) );
|
||||
return( mbedtls_pk_error_from_psa_ecdca( status ) );
|
||||
|
||||
/* transcode it to ASN.1 sequence */
|
||||
return( pk_ecdsa_sig_asn1_from_psa( sig, sig_len, sig_size ) );
|
||||
|
|
|
|||
|
|
@ -135,4 +135,16 @@ extern const mbedtls_pk_info_t mbedtls_rsa_alt_info;
|
|||
extern const mbedtls_pk_info_t mbedtls_pk_opaque_info;
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||
int mbedtls_pk_error_from_psa( psa_status_t status );
|
||||
|
||||
#if defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY)
|
||||
int mbedtls_pk_error_from_psa_ecdca( psa_status_t status );
|
||||
#endif
|
||||
|
||||
#if defined(PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY)
|
||||
int mbedtls_pk_error_from_psa_rsa( psa_status_t status );
|
||||
#endif
|
||||
#endif
|
||||
|
||||
#endif /* MBEDTLS_PK_WRAP_H */
|
||||
|
|
|
|||
Loading…
Reference in a new issue