From 747ab4ea5e711604a9150212ccf7bc4a21df93c7 Mon Sep 17 00:00:00 2001 From: Andrzej Kurek Date: Tue, 28 Feb 2023 10:32:47 -0500 Subject: [PATCH] Introduce error_pair_t to psa utils This way error handling can be written in a cleaner way. Signed-off-by: Andrzej Kurek --- include/mbedtls/psa_util.h | 21 +++++------ library/psa_util.c | 74 +++++++++++++++++++------------------- 2 files changed, 48 insertions(+), 47 deletions(-) diff --git a/include/mbedtls/psa_util.h b/include/mbedtls/psa_util.h index 1d9828dfa..9c7557cd1 100644 --- a/include/mbedtls/psa_util.h +++ b/include/mbedtls/psa_util.h @@ -344,30 +344,31 @@ extern mbedtls_psa_drbg_context_t *const mbedtls_psa_random_state; #endif /* !defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG) */ -/* PSA errors use int32_t, while Mbed TLS ones use int16_t. psa_status_t - * is enough to store either of them. The arrays below consist - * of corresponding pairs: [psa_error1, mbedtls_error1, psa_error2, - * mbedtls_error2, ...]*/ +typedef struct { + psa_status_t psa_status; + int16_t mbedtls_error; +} error_pair_t; + #if !defined(MBEDTLS_MD_C) || !defined(MBEDTLS_MD5_C) -extern const psa_status_t psa_to_md_errors[8]; +extern const error_pair_t psa_to_md_errors[4]; #endif #if defined(MBEDTLS_LMS_C) -extern const psa_status_t psa_to_lms_errors[6]; +extern const error_pair_t psa_to_lms_errors[3]; #endif #if defined(MBEDTLS_USE_PSA_CRYPTO) || defined(MBEDTLS_SSL_PROTO_TLS1_3) -extern const psa_status_t psa_to_ssl_errors[14]; +extern const error_pair_t psa_to_ssl_errors[7]; #endif #if defined(PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY) || \ defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR) -extern const psa_status_t psa_to_pk_rsa_errors[16]; +extern const error_pair_t psa_to_pk_rsa_errors[8]; #endif #if defined(MBEDTLS_USE_PSA_CRYPTO) && \ defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY) -extern const psa_status_t psa_to_pk_ecdsa_errors[14]; +extern const error_pair_t psa_to_pk_ecdsa_errors[7]; #endif /* Generic fallback function for error translation, @@ -377,7 +378,7 @@ int psa_generic_status_to_mbedtls(psa_status_t status); /* This function iterates over provided local error translations, * and if no match was found - calls the fallback error translation function. */ int psa_status_to_mbedtls(psa_status_t status, - const psa_status_t *local_translations, + const error_pair_t *local_translations, size_t local_errors_num, int (*fallback_f)(psa_status_t)); diff --git a/library/psa_util.c b/library/psa_util.c index d854e9927..797daa048 100644 --- a/library/psa_util.c +++ b/library/psa_util.c @@ -34,61 +34,61 @@ /* PSA_SUCCESS is kept at the top of each error table since * it's the most common status when everything functions properly. */ #if !defined(MBEDTLS_MD_C) || !defined(MBEDTLS_MD5_C) -const psa_status_t psa_to_md_errors[] = +const error_pair_t psa_to_md_errors[] = { - PSA_SUCCESS, 0, - PSA_ERROR_NOT_SUPPORTED, MBEDTLS_ERR_MD_FEATURE_UNAVAILABLE, - PSA_ERROR_INVALID_ARGUMENT, MBEDTLS_ERR_MD_BAD_INPUT_DATA, - PSA_ERROR_INSUFFICIENT_MEMORY, MBEDTLS_ERR_MD_ALLOC_FAILED + { PSA_SUCCESS, 0 }, + { PSA_ERROR_NOT_SUPPORTED, MBEDTLS_ERR_MD_FEATURE_UNAVAILABLE }, + { PSA_ERROR_INVALID_ARGUMENT, MBEDTLS_ERR_MD_BAD_INPUT_DATA }, + { PSA_ERROR_INSUFFICIENT_MEMORY, MBEDTLS_ERR_MD_ALLOC_FAILED } }; #endif #if defined(MBEDTLS_LMS_C) -const psa_status_t psa_to_lms_errors[] = +const error_pair_t psa_to_lms_errors[] = { - PSA_SUCCESS, 0, - PSA_ERROR_BUFFER_TOO_SMALL, MBEDTLS_ERR_LMS_BUFFER_TOO_SMALL, - PSA_ERROR_INVALID_ARGUMENT, MBEDTLS_ERR_LMS_BAD_INPUT_DATA + { PSA_SUCCESS, 0 }, + { PSA_ERROR_BUFFER_TOO_SMALL, MBEDTLS_ERR_LMS_BUFFER_TOO_SMALL }, + { PSA_ERROR_INVALID_ARGUMENT, MBEDTLS_ERR_LMS_BAD_INPUT_DATA } }; #endif #if defined(MBEDTLS_USE_PSA_CRYPTO) || defined(MBEDTLS_SSL_PROTO_TLS1_3) -const psa_status_t psa_to_ssl_errors[] = +const error_pair_t psa_to_ssl_errors[] = { - PSA_SUCCESS, 0, - PSA_ERROR_INSUFFICIENT_MEMORY, MBEDTLS_ERR_SSL_ALLOC_FAILED, - PSA_ERROR_NOT_SUPPORTED, MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE, - PSA_ERROR_INVALID_SIGNATURE, MBEDTLS_ERR_SSL_INVALID_MAC, - PSA_ERROR_INVALID_ARGUMENT, MBEDTLS_ERR_SSL_BAD_INPUT_DATA, - PSA_ERROR_BAD_STATE, MBEDTLS_ERR_SSL_INTERNAL_ERROR, - PSA_ERROR_BUFFER_TOO_SMALL, MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL + { PSA_SUCCESS, 0 }, + { PSA_ERROR_INSUFFICIENT_MEMORY, MBEDTLS_ERR_SSL_ALLOC_FAILED }, + { PSA_ERROR_NOT_SUPPORTED, MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE }, + { PSA_ERROR_INVALID_SIGNATURE, MBEDTLS_ERR_SSL_INVALID_MAC }, + { PSA_ERROR_INVALID_ARGUMENT, MBEDTLS_ERR_SSL_BAD_INPUT_DATA }, + { PSA_ERROR_BAD_STATE, MBEDTLS_ERR_SSL_INTERNAL_ERROR }, + { PSA_ERROR_BUFFER_TOO_SMALL, MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL } }; #endif #if defined(PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY) || \ defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR) -const psa_status_t psa_to_pk_rsa_errors[] = +const error_pair_t psa_to_pk_rsa_errors[] = { - PSA_SUCCESS, 0, - PSA_ERROR_NOT_PERMITTED, MBEDTLS_ERR_RSA_BAD_INPUT_DATA, - PSA_ERROR_INVALID_ARGUMENT, MBEDTLS_ERR_RSA_BAD_INPUT_DATA, - PSA_ERROR_INVALID_HANDLE, MBEDTLS_ERR_RSA_BAD_INPUT_DATA, - PSA_ERROR_BUFFER_TOO_SMALL, MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE, - PSA_ERROR_INSUFFICIENT_ENTROPY, MBEDTLS_ERR_RSA_RNG_FAILED, - PSA_ERROR_INVALID_SIGNATURE, MBEDTLS_ERR_RSA_VERIFY_FAILED, - PSA_ERROR_INVALID_PADDING, MBEDTLS_ERR_RSA_INVALID_PADDING + { PSA_SUCCESS, 0 }, + { PSA_ERROR_NOT_PERMITTED, MBEDTLS_ERR_RSA_BAD_INPUT_DATA }, + { PSA_ERROR_INVALID_ARGUMENT, MBEDTLS_ERR_RSA_BAD_INPUT_DATA }, + { PSA_ERROR_INVALID_HANDLE, MBEDTLS_ERR_RSA_BAD_INPUT_DATA }, + { PSA_ERROR_BUFFER_TOO_SMALL, MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE }, + { PSA_ERROR_INSUFFICIENT_ENTROPY, MBEDTLS_ERR_RSA_RNG_FAILED }, + { PSA_ERROR_INVALID_SIGNATURE, MBEDTLS_ERR_RSA_VERIFY_FAILED }, + { PSA_ERROR_INVALID_PADDING, MBEDTLS_ERR_RSA_INVALID_PADDING } }; #endif #if defined(MBEDTLS_USE_PSA_CRYPTO) && \ defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY) -const psa_status_t psa_to_pk_ecdsa_errors[] = +const error_pair_t psa_to_pk_ecdsa_errors[] = { - PSA_SUCCESS, 0, - PSA_ERROR_NOT_PERMITTED, MBEDTLS_ERR_ECP_BAD_INPUT_DATA, - PSA_ERROR_INVALID_ARGUMENT, MBEDTLS_ERR_ECP_BAD_INPUT_DATA, - PSA_ERROR_INVALID_HANDLE, MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE, - PSA_ERROR_BUFFER_TOO_SMALL, MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL, - PSA_ERROR_INSUFFICIENT_ENTROPY, MBEDTLS_ERR_ECP_RANDOM_FAILED, - PSA_ERROR_INVALID_SIGNATURE, MBEDTLS_ERR_ECP_VERIFY_FAILED + { PSA_SUCCESS, 0 }, + { PSA_ERROR_NOT_PERMITTED, MBEDTLS_ERR_ECP_BAD_INPUT_DATA }, + { PSA_ERROR_INVALID_ARGUMENT, MBEDTLS_ERR_ECP_BAD_INPUT_DATA }, + { PSA_ERROR_INVALID_HANDLE, MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE }, + { PSA_ERROR_BUFFER_TOO_SMALL, MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL }, + { PSA_ERROR_INSUFFICIENT_ENTROPY, MBEDTLS_ERR_ECP_RANDOM_FAILED }, + { PSA_ERROR_INVALID_SIGNATURE, MBEDTLS_ERR_ECP_VERIFY_FAILED } }; #endif @@ -111,14 +111,14 @@ int psa_generic_status_to_mbedtls(psa_status_t status) } int psa_status_to_mbedtls(psa_status_t status, - const psa_status_t *local_translations, + const error_pair_t *local_translations, size_t local_errors_size, int (*fallback_f)(psa_status_t)) { size_t local_errors_num = (size_t) local_errors_size / 2; for (size_t i = 0; i < local_errors_num; i++) { - if (status == local_translations[2 * i]) { - return local_translations[2 * i + 1]; + if (status == local_translations[i].psa_status) { + return local_translations[i].mbedtls_error; } } return fallback_f(status);