Replace ITS specific types with more generic PSA storage types

David Saada · David Saada · commit a2523b2c6db1 · 2019-02-18T13:56:26.000+02:00
PSA spec now defines more generic PSA storage types instead of the ITS
specific ones. This is necessary in order to integrate with
the newer implementation of PSA ITS landing in Mbed OS soon.
Changes include the following:
- psa_status_t replaces psa_its_status_t
- psa_storage_info_t replaces psa_its_info_t
- psa_storage_uid_t replaces psa_its_uid_t
diff --git a/include/psa/crypto_extra.h b/include/psa/crypto_extra.h
@@ -111,7 +111,6 @@ void mbedtls_psa_crypto_free( void );
  * \retval #PSA_ERROR_INVALID_ARGUMENT
  *         \p seed_size is out of range.
  * \retval #PSA_ERROR_STORAGE_FAILURE
- * \retval `PSA_ITS_ERROR_XXX`
  *         There was a failure reading or writing from storage.
  * \retval #PSA_ERROR_NOT_PERMITTED
  *         The library has already been initialized. It is no longer
diff --git a/library/psa_crypto.c b/library/psa_crypto.c
@@ -4391,45 +4391,11 @@ psa_status_t psa_generate_random( uint8_t *output,
 
 #if ( defined(MBEDTLS_ENTROPY_NV_SEED) && defined(MBEDTLS_PSA_HAS_ITS_IO) )
 
-/* Support function for error conversion between psa_its error codes to psa crypto */
-static psa_status_t its_to_psa_error( psa_its_status_t ret )
-{
-    switch( ret )
-    {
-        case PSA_ITS_SUCCESS:
-            return( PSA_SUCCESS );
-
-        case PSA_ITS_ERROR_UID_NOT_FOUND:
-            return( PSA_ERROR_DOES_NOT_EXIST );
-
-        case PSA_ITS_ERROR_STORAGE_FAILURE:
-            return( PSA_ERROR_STORAGE_FAILURE );
-
-        case PSA_ITS_ERROR_INSUFFICIENT_SPACE:
-            return( PSA_ERROR_INSUFFICIENT_STORAGE );
-
-        case PSA_ITS_ERROR_OFFSET_INVALID:
-        case PSA_ITS_ERROR_INCORRECT_SIZE:
-        case PSA_ITS_ERROR_INVALID_ARGUMENTS:
-            return( PSA_ERROR_INVALID_ARGUMENT );
-
-        case PSA_ITS_ERROR_FLAGS_NOT_SUPPORTED:
-            return( PSA_ERROR_NOT_SUPPORTED );
-
-        case PSA_ITS_ERROR_WRITE_ONCE:
-            return( PSA_ERROR_ALREADY_EXISTS );
-
-        default:
-            return( PSA_ERROR_GENERIC_ERROR );
-    }
-}
-
 psa_status_t mbedtls_psa_inject_entropy( const unsigned char *seed,
                                          size_t seed_size )
 {
     psa_status_t status;
-    psa_its_status_t its_status;
-    struct psa_its_info_t p_info;
+    struct psa_storage_info_t p_info;
     if( global_data.initialized )
         return( PSA_ERROR_NOT_PERMITTED );
 
@@ -4438,15 +4404,13 @@ psa_status_t mbedtls_psa_inject_entropy( const unsigned char *seed,
           ( seed_size > MBEDTLS_ENTROPY_MAX_SEED_SIZE ) )
             return( PSA_ERROR_INVALID_ARGUMENT );
 
-    its_status = psa_its_get_info( PSA_CRYPTO_ITS_RANDOM_SEED_UID, &p_info );
-    status = its_to_psa_error( its_status );
+    status = psa_its_get_info( PSA_CRYPTO_ITS_RANDOM_SEED_UID, &p_info );
 
-    if( PSA_ITS_ERROR_UID_NOT_FOUND == its_status ) /* No seed exists */
+    if( PSA_ERROR_DOES_NOT_EXIST == status ) /* No seed exists */
     {
-        its_status = psa_its_set( PSA_CRYPTO_ITS_RANDOM_SEED_UID, seed_size, seed, 0 );
-        status = its_to_psa_error( its_status );
+        status = psa_its_set( PSA_CRYPTO_ITS_RANDOM_SEED_UID, seed_size, seed, 0 );
     }
-    else if( PSA_ITS_SUCCESS == its_status )
+    else if( PSA_SUCCESS == status )
     {
         /* You should not be here. Seed needs to be injected only once */
         status = PSA_ERROR_NOT_PERMITTED;
diff --git a/library/psa_crypto_storage_its.c b/library/psa_crypto_storage_its.c
@@ -36,71 +36,36 @@
 #include "mbedtls/platform.h"
 #endif
 
-static psa_status_t its_to_psa_error( psa_its_status_t ret )
-{
-    switch( ret )
-    {
-        case PSA_ITS_SUCCESS:
-            return( PSA_SUCCESS );
-
-        case PSA_ITS_ERROR_UID_NOT_FOUND:
-            return( PSA_ERROR_DOES_NOT_EXIST );
-
-        case PSA_ITS_ERROR_STORAGE_FAILURE:
-            return( PSA_ERROR_STORAGE_FAILURE );
-
-        case PSA_ITS_ERROR_INSUFFICIENT_SPACE:
-            return( PSA_ERROR_INSUFFICIENT_STORAGE );
-
-        case PSA_ITS_ERROR_OFFSET_INVALID:
-        case PSA_ITS_ERROR_INCORRECT_SIZE:
-        case PSA_ITS_ERROR_INVALID_ARGUMENTS:
-            return( PSA_ERROR_INVALID_ARGUMENT );
-
-        case PSA_ITS_ERROR_FLAGS_NOT_SUPPORTED:
-            return( PSA_ERROR_NOT_SUPPORTED );
-
-        case PSA_ITS_ERROR_WRITE_ONCE:
-            return( PSA_ERROR_ALREADY_EXISTS );
-
-        default:
-            return( PSA_ERROR_UNKNOWN_ERROR );
-    }
-}
-
-static psa_its_uid_t psa_its_identifier_of_slot( psa_key_id_t key )
+static psa_storage_uid_t psa_its_identifier_of_slot( psa_key_id_t key )
 {
     return( key );
 }
 
 psa_status_t psa_crypto_storage_load( const psa_key_id_t key, uint8_t *data,
                                       size_t data_size )
 {
-    psa_its_status_t ret;
     psa_status_t status;
-    psa_its_uid_t data_identifier = psa_its_identifier_of_slot( key );
-    struct psa_its_info_t data_identifier_info;
+    psa_storage_uid_t data_identifier = psa_its_identifier_of_slot( key );
+    struct psa_storage_info_t data_identifier_info;
 
-    ret = psa_its_get_info( data_identifier, &data_identifier_info );
-    status = its_to_psa_error( ret );
-    if( status != PSA_SUCCESS )
+    status = psa_its_get_info( data_identifier, &data_identifier_info );
+    if( status  != PSA_SUCCESS )
         return( status );
 
-    ret = psa_its_get( data_identifier, 0, data_size, data );
-    status = its_to_psa_error( ret );
+    status = psa_its_get( data_identifier, 0, data_size, data );
 
     return( status );
 }
 
 int psa_is_key_present_in_storage( const psa_key_id_t key )
 {
-    psa_its_status_t ret;
-    psa_its_uid_t data_identifier = psa_its_identifier_of_slot( key );
-    struct psa_its_info_t data_identifier_info;
+    psa_status_t ret;
+    psa_storage_uid_t data_identifier = psa_its_identifier_of_slot( key );
+    struct psa_storage_info_t data_identifier_info;
 
     ret = psa_its_get_info( data_identifier, &data_identifier_info );
 
-    if( ret == PSA_ITS_ERROR_UID_NOT_FOUND )
+    if( ret == PSA_ERROR_DOES_NOT_EXIST )
         return( 0 );
     return( 1 );
 }
@@ -109,23 +74,20 @@ psa_status_t psa_crypto_storage_store( const psa_key_id_t key,
                                        const uint8_t *data,
                                        size_t data_length )
 {
-    psa_its_status_t ret;
     psa_status_t status;
-    psa_its_uid_t data_identifier = psa_its_identifier_of_slot( key );
-    struct psa_its_info_t data_identifier_info;
+    psa_storage_uid_t data_identifier = psa_its_identifier_of_slot( key );
+    struct psa_storage_info_t data_identifier_info;
 
     if( psa_is_key_present_in_storage( key ) == 1 )
         return( PSA_ERROR_ALREADY_EXISTS );
 
-    ret = psa_its_set( data_identifier, data_length, data, 0 );
-    status = its_to_psa_error( ret );
+    status = psa_its_set( data_identifier, data_length, data, 0 );
     if( status != PSA_SUCCESS )
     {
         return( PSA_ERROR_STORAGE_FAILURE );
     }
 
-    ret = psa_its_get_info( data_identifier, &data_identifier_info );
-    status = its_to_psa_error( ret );
+    status = psa_its_get_info( data_identifier, &data_identifier_info );
     if( status != PSA_SUCCESS )
     {
         goto exit;
@@ -145,19 +107,19 @@ psa_status_t psa_crypto_storage_store( const psa_key_id_t key,
 
 psa_status_t psa_destroy_persistent_key( const psa_key_id_t key )
 {
-    psa_its_status_t ret;
-    psa_its_uid_t data_identifier = psa_its_identifier_of_slot( key );
-    struct psa_its_info_t data_identifier_info;
+    psa_status_t ret;
+    psa_storage_uid_t data_identifier = psa_its_identifier_of_slot( key );
+    struct psa_storage_info_t data_identifier_info;
 
     ret = psa_its_get_info( data_identifier, &data_identifier_info );
-    if( ret == PSA_ITS_ERROR_UID_NOT_FOUND )
+    if( ret == PSA_ERROR_DOES_NOT_EXIST )
         return( PSA_SUCCESS );
 
-    if( psa_its_remove( data_identifier ) != PSA_ITS_SUCCESS )
+    if( psa_its_remove( data_identifier ) != PSA_SUCCESS )
         return( PSA_ERROR_STORAGE_FAILURE );
 
     ret = psa_its_get_info( data_identifier, &data_identifier_info );
-    if( ret != PSA_ITS_ERROR_UID_NOT_FOUND )
+    if( ret != PSA_ERROR_DOES_NOT_EXIST )
         return( PSA_ERROR_STORAGE_FAILURE );
 
     return( PSA_SUCCESS );
@@ -166,13 +128,11 @@ psa_status_t psa_destroy_persistent_key( const psa_key_id_t key )
 psa_status_t psa_crypto_storage_get_data_length( const psa_key_id_t key,
                                                  size_t *data_length )
 {
-    psa_its_status_t ret;
     psa_status_t status;
-    psa_its_uid_t data_identifier = psa_its_identifier_of_slot( key );
-    struct psa_its_info_t data_identifier_info;
+    psa_storage_uid_t data_identifier = psa_its_identifier_of_slot( key );
+    struct psa_storage_info_t data_identifier_info;
 
-    ret = psa_its_get_info( data_identifier, &data_identifier_info );
-    status = its_to_psa_error( ret );
+    status = psa_its_get_info( data_identifier, &data_identifier_info );
     if( status != PSA_SUCCESS )
         return( status );
 
diff --git a/tests/suites/test_suite_psa_crypto_entropy.function b/tests/suites/test_suite_psa_crypto_entropy.function
@@ -22,7 +22,6 @@ void validate_entropy_seed_injection( int seed_length_a,
                                       int seed_length_b,
                                       int expected_status_b )
 {
-    psa_its_status_t its_status;
     psa_status_t status;
     uint8_t output[32] = { 0 };
     uint8_t zeros[32] = { 0 };
@@ -43,9 +42,9 @@ void validate_entropy_seed_injection( int seed_length_a,
     {
         seed[i] = i;
     }
-    its_status =  psa_its_remove( PSA_CRYPTO_ITS_RANDOM_SEED_UID );
-    TEST_ASSERT( ( its_status == PSA_ITS_SUCCESS ) ||
-                 ( its_status == PSA_ITS_ERROR_KEY_NOT_FOUND ) );
+    status =  psa_its_remove( PSA_CRYPTO_ITS_RANDOM_SEED_UID );
+    TEST_ASSERT( ( status == PSA_SUCCESS ) ||
+                 ( status == PSA_ERROR_DOES_NOT_EXIST ) );
     status = mbedtls_psa_inject_entropy( seed, seed_length_a );
     TEST_EQUAL( status, expected_status_a );
     status = mbedtls_psa_inject_entropy( seed, seed_length_b );
@@ -64,7 +63,6 @@ exit:
 /* BEGIN_CASE */
 void run_entropy_inject_with_crypto_init( )
 {
-    psa_its_status_t its_status;
     psa_status_t status;
     int i;
     uint8_t seed[MBEDTLS_PSA_INJECT_ENTROPY_MIN_SIZE] = { 0 };
@@ -73,13 +71,13 @@ void run_entropy_inject_with_crypto_init( )
     {
         seed[i] = i;
     }
-    its_status =  psa_its_remove( PSA_CRYPTO_ITS_RANDOM_SEED_UID );
-    TEST_ASSERT( ( its_status == PSA_ITS_SUCCESS ) ||
-                 ( its_status == PSA_ITS_ERROR_KEY_NOT_FOUND ) );
+    status =  psa_its_remove( PSA_CRYPTO_ITS_RANDOM_SEED_UID );
+    TEST_ASSERT( ( status == PSA_SUCCESS ) ||
+                 ( status == PSA_ERROR_DOES_NOT_EXIST ) );
     status = mbedtls_psa_inject_entropy( seed, sizeof( seed ) );
     PSA_ASSERT( status );
-    its_status =  psa_its_remove( PSA_CRYPTO_ITS_RANDOM_SEED_UID );
-    TEST_EQUAL( its_status, PSA_ITS_SUCCESS );
+    status =  psa_its_remove( PSA_CRYPTO_ITS_RANDOM_SEED_UID );
+    TEST_EQUAL( status, PSA_SUCCESS );
     status = psa_crypto_init( );
     TEST_EQUAL( status, PSA_ERROR_INSUFFICIENT_ENTROPY );
     status = mbedtls_psa_inject_entropy( seed, sizeof( seed ) );
