Merge pull request #3872 from gabor-mezei-arm/3275_use_PSA_ERROR_DATA_INVALID_where_warranted

Use PSA_ERROR_DATA_INVALID where warranted
This commit is contained in:
Gilles Peskine 2021-02-03 20:54:46 +01:00 committed by GitHub
commit d945871c55
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
15 changed files with 204 additions and 41 deletions

View file

@ -90,10 +90,14 @@ extern "C" {
* *
* \retval #PSA_SUCCESS * \retval #PSA_SUCCESS
* \retval #PSA_ERROR_INSUFFICIENT_MEMORY * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
* \retval #PSA_ERROR_INSUFFICIENT_STORAGE
* \retval #PSA_ERROR_COMMUNICATION_FAILURE * \retval #PSA_ERROR_COMMUNICATION_FAILURE
* \retval #PSA_ERROR_HARDWARE_FAILURE * \retval #PSA_ERROR_HARDWARE_FAILURE
* \retval #PSA_ERROR_CORRUPTION_DETECTED * \retval #PSA_ERROR_CORRUPTION_DETECTED
* \retval #PSA_ERROR_INSUFFICIENT_ENTROPY * \retval #PSA_ERROR_INSUFFICIENT_ENTROPY
* \retval #PSA_ERROR_STORAGE_FAILURE
* \retval #PSA_ERROR_DATA_INVALID
* \retval #PSA_ERROR_DATA_CORRUPT
*/ */
psa_status_t psa_crypto_init(void); psa_status_t psa_crypto_init(void);
@ -368,6 +372,8 @@ static size_t psa_get_key_bits(const psa_key_attributes_t *attributes);
* \retval #PSA_ERROR_COMMUNICATION_FAILURE * \retval #PSA_ERROR_COMMUNICATION_FAILURE
* \retval #PSA_ERROR_CORRUPTION_DETECTED * \retval #PSA_ERROR_CORRUPTION_DETECTED
* \retval #PSA_ERROR_STORAGE_FAILURE * \retval #PSA_ERROR_STORAGE_FAILURE
* \retval #PSA_ERROR_DATA_CORRUPT
* \retval #PSA_ERROR_DATA_INVALID
* \retval #PSA_ERROR_BAD_STATE * \retval #PSA_ERROR_BAD_STATE
* The library has not been previously initialized by psa_crypto_init(). * The library has not been previously initialized by psa_crypto_init().
* It is implementation-dependent whether a failure to initialize * It is implementation-dependent whether a failure to initialize
@ -501,6 +507,8 @@ psa_status_t psa_purge_key(mbedtls_svc_key_id_t key);
* \retval #PSA_ERROR_INSUFFICIENT_STORAGE * \retval #PSA_ERROR_INSUFFICIENT_STORAGE
* \retval #PSA_ERROR_COMMUNICATION_FAILURE * \retval #PSA_ERROR_COMMUNICATION_FAILURE
* \retval #PSA_ERROR_HARDWARE_FAILURE * \retval #PSA_ERROR_HARDWARE_FAILURE
* \retval #PSA_ERROR_DATA_INVALID
* \retval #PSA_ERROR_DATA_CORRUPT
* \retval #PSA_ERROR_STORAGE_FAILURE * \retval #PSA_ERROR_STORAGE_FAILURE
* \retval #PSA_ERROR_CORRUPTION_DETECTED * \retval #PSA_ERROR_CORRUPTION_DETECTED
* \retval #PSA_ERROR_BAD_STATE * \retval #PSA_ERROR_BAD_STATE
@ -540,6 +548,10 @@ psa_status_t psa_copy_key(mbedtls_svc_key_id_t source_key,
* \retval #PSA_ERROR_COMMUNICATION_FAILURE * \retval #PSA_ERROR_COMMUNICATION_FAILURE
* There was an failure in communication with the cryptoprocessor. * There was an failure in communication with the cryptoprocessor.
* The key material may still be present in the cryptoprocessor. * The key material may still be present in the cryptoprocessor.
* \retval #PSA_ERROR_DATA_INVALID
* This error is typically a result of either storage corruption on a
* cleartext storage backend, or an attempt to read data that was
* written by an incompatible version of the library.
* \retval #PSA_ERROR_STORAGE_FAILURE * \retval #PSA_ERROR_STORAGE_FAILURE
* The storage is corrupted. Implementations shall make a best effort * The storage is corrupted. Implementations shall make a best effort
* to erase key material even in this stage, however applications * to erase key material even in this stage, however applications
@ -625,6 +637,8 @@ psa_status_t psa_destroy_key(mbedtls_svc_key_id_t key);
* \retval #PSA_ERROR_INSUFFICIENT_MEMORY * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
* \retval #PSA_ERROR_INSUFFICIENT_STORAGE * \retval #PSA_ERROR_INSUFFICIENT_STORAGE
* \retval #PSA_ERROR_COMMUNICATION_FAILURE * \retval #PSA_ERROR_COMMUNICATION_FAILURE
* \retval #PSA_ERROR_DATA_CORRUPT
* \retval #PSA_ERROR_DATA_INVALID
* \retval #PSA_ERROR_STORAGE_FAILURE * \retval #PSA_ERROR_STORAGE_FAILURE
* \retval #PSA_ERROR_HARDWARE_FAILURE * \retval #PSA_ERROR_HARDWARE_FAILURE
* \retval #PSA_ERROR_CORRUPTION_DETECTED * \retval #PSA_ERROR_CORRUPTION_DETECTED
@ -3556,6 +3570,8 @@ psa_status_t psa_key_derivation_output_bytes(
* \retval #PSA_ERROR_COMMUNICATION_FAILURE * \retval #PSA_ERROR_COMMUNICATION_FAILURE
* \retval #PSA_ERROR_HARDWARE_FAILURE * \retval #PSA_ERROR_HARDWARE_FAILURE
* \retval #PSA_ERROR_CORRUPTION_DETECTED * \retval #PSA_ERROR_CORRUPTION_DETECTED
* \retval #PSA_ERROR_DATA_INVALID
* \retval #PSA_ERROR_DATA_CORRUPT
* \retval #PSA_ERROR_STORAGE_FAILURE * \retval #PSA_ERROR_STORAGE_FAILURE
* \retval #PSA_ERROR_BAD_STATE * \retval #PSA_ERROR_BAD_STATE
* The library has not been previously initialized by psa_crypto_init(). * The library has not been previously initialized by psa_crypto_init().
@ -3721,6 +3737,8 @@ psa_status_t psa_generate_random(uint8_t *output,
* \retval #PSA_ERROR_HARDWARE_FAILURE * \retval #PSA_ERROR_HARDWARE_FAILURE
* \retval #PSA_ERROR_CORRUPTION_DETECTED * \retval #PSA_ERROR_CORRUPTION_DETECTED
* \retval #PSA_ERROR_INSUFFICIENT_STORAGE * \retval #PSA_ERROR_INSUFFICIENT_STORAGE
* \retval #PSA_ERROR_DATA_INVALID
* \retval #PSA_ERROR_DATA_CORRUPT
* \retval #PSA_ERROR_STORAGE_FAILURE * \retval #PSA_ERROR_STORAGE_FAILURE
* \retval #PSA_ERROR_BAD_STATE * \retval #PSA_ERROR_BAD_STATE
* The library has not been previously initialized by psa_crypto_init(). * The library has not been previously initialized by psa_crypto_init().

View file

@ -316,6 +316,8 @@ MBEDTLS_PSA_DEPRECATED static inline psa_status_t psa_asymmetric_verify( psa_key
* \retval #PSA_ERROR_COMMUNICATION_FAILURE * \retval #PSA_ERROR_COMMUNICATION_FAILURE
* \retval #PSA_ERROR_CORRUPTION_DETECTED * \retval #PSA_ERROR_CORRUPTION_DETECTED
* \retval #PSA_ERROR_STORAGE_FAILURE * \retval #PSA_ERROR_STORAGE_FAILURE
* \retval #PSA_ERROR_DATA_INVALID
* \retval #PSA_ERROR_DATA_CORRUPT
* \retval #PSA_ERROR_BAD_STATE * \retval #PSA_ERROR_BAD_STATE
* The library has not been previously initialized by psa_crypto_init(). * The library has not been previously initialized by psa_crypto_init().
* It is implementation-dependent whether a failure to initialize * It is implementation-dependent whether a failure to initialize

View file

@ -183,8 +183,10 @@ static inline void psa_clear_key_slot_number(
* \retval #PSA_ERROR_NOT_PERMITTED * \retval #PSA_ERROR_NOT_PERMITTED
* The caller is not authorized to register the specified key slot. * The caller is not authorized to register the specified key slot.
* \retval #PSA_ERROR_INSUFFICIENT_MEMORY * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
* \retval #PSA_ERROR_INSUFFICIENT_STORAGE
* \retval #PSA_ERROR_COMMUNICATION_FAILURE * \retval #PSA_ERROR_COMMUNICATION_FAILURE
* \retval #PSA_ERROR_HARDWARE_FAILURE * \retval #PSA_ERROR_DATA_INVALID
* \retval #PSA_ERROR_DATA_CORRUPT
* \retval #PSA_ERROR_CORRUPTION_DETECTED * \retval #PSA_ERROR_CORRUPTION_DETECTED
* \retval #PSA_ERROR_BAD_STATE * \retval #PSA_ERROR_BAD_STATE
* The library has not been previously initialized by psa_crypto_init(). * The library has not been previously initialized by psa_crypto_init().

View file

@ -1378,6 +1378,8 @@ typedef struct {
* `methods->hal_version` is not supported by this implementation. * `methods->hal_version` is not supported by this implementation.
* \return #PSA_ERROR_INSUFFICIENT_MEMORY * \return #PSA_ERROR_INSUFFICIENT_MEMORY
* \return #PSA_ERROR_NOT_PERMITTED * \return #PSA_ERROR_NOT_PERMITTED
* \return #PSA_ERROR_STORAGE_FAILURE
* \return #PSA_ERROR_DATA_CORRUPT
*/ */
psa_status_t psa_register_se_driver( psa_status_t psa_register_se_driver(
psa_key_location_t location, psa_key_location_t location,

View file

@ -270,6 +270,46 @@
*/ */
#define PSA_ERROR_INVALID_HANDLE ((psa_status_t)-136) #define PSA_ERROR_INVALID_HANDLE ((psa_status_t)-136)
/** Stored data has been corrupted.
*
* This error indicates that some persistent storage has suffered corruption.
* It does not indicate the following situations, which have specific error
* codes:
*
* - A corruption of volatile memory - use #PSA_ERROR_CORRUPTION_DETECTED.
* - A communication error between the cryptoprocessor and its external
* storage - use #PSA_ERROR_COMMUNICATION_FAILURE.
* - When the storage is in a valid state but is full - use
* #PSA_ERROR_INSUFFICIENT_STORAGE.
* - When the storage fails for other reasons - use
* #PSA_ERROR_STORAGE_FAILURE.
* - When the stored data is not valid - use #PSA_ERROR_DATA_INVALID.
*
* \note A storage corruption does not indicate that any data that was
* previously read is invalid. However this previously read data might no
* longer be readable from storage.
*
* When a storage failure occurs, it is no longer possible to ensure the
* global integrity of the keystore.
*/
#define PSA_ERROR_DATA_CORRUPT ((psa_status_t)-152)
/** Data read from storage is not valid for the implementation.
*
* This error indicates that some data read from storage does not have a valid
* format. It does not indicate the following situations, which have specific
* error codes:
*
* - When the storage or stored data is corrupted - use #PSA_ERROR_DATA_CORRUPT
* - When the storage fails for other reasons - use #PSA_ERROR_STORAGE_FAILURE
* - An invalid argument to the API - use #PSA_ERROR_INVALID_ARGUMENT
*
* This error is typically a result of either storage corruption on a
* cleartext storage backend, or an attempt to read data that was
* written by an incompatible version of the library.
*/
#define PSA_ERROR_DATA_INVALID ((psa_status_t)-153)
/**@}*/ /**@}*/
/** \defgroup crypto_types Key and algorithm types /** \defgroup crypto_types Key and algorithm types

View file

@ -1596,6 +1596,13 @@ static psa_status_t psa_start_key_creation(
* *
* \retval #PSA_SUCCESS * \retval #PSA_SUCCESS
* The key was successfully created. * The key was successfully created.
* \retval #PSA_ERROR_INSUFFICIENT_MEMORY
* \retval #PSA_ERROR_INSUFFICIENT_STORAGE
* \retval #PSA_ERROR_ALREADY_EXISTS
* \retval #PSA_ERROR_DATA_INVALID
* \retval #PSA_ERROR_DATA_CORRUPT
* \retval #PSA_ERROR_STORAGE_FAILURE
*
* \return If this function fails, the key slot is an invalid state. * \return If this function fails, the key slot is an invalid state.
* You must call psa_fail_key_creation() to wipe and free the slot. * You must call psa_fail_key_creation() to wipe and free the slot.
*/ */
@ -6252,7 +6259,7 @@ static psa_status_t psa_crypto_recover_transaction(
default: default:
/* We found an unsupported transaction in the storage. /* We found an unsupported transaction in the storage.
* We don't know what state the storage is in. Give up. */ * We don't know what state the storage is in. Give up. */
return( PSA_ERROR_STORAGE_FAILURE ); return( PSA_ERROR_DATA_INVALID );
} }
} }
#endif /* PSA_CRYPTO_STORAGE_HAS_TRANSACTIONS */ #endif /* PSA_CRYPTO_STORAGE_HAS_TRANSACTIONS */

View file

@ -99,8 +99,8 @@ psa_status_t psa_its_set(psa_storage_uid_t uid,
* *
* \retval #PSA_SUCCESS The operation completed successfully * \retval #PSA_SUCCESS The operation completed successfully
* \retval #PSA_ERROR_DOES_NOT_EXIST The operation failed because the provided `uid` value was not found in the storage * \retval #PSA_ERROR_DOES_NOT_EXIST The operation failed because the provided `uid` value was not found in the storage
* \retval #PSA_ERROR_INVALID_SIZE The operation failed because the data associated with provided uid is larger than `data_size`
* \retval #PSA_ERROR_STORAGE_FAILURE The operation failed because the physical storage has failed (Fatal error) * \retval #PSA_ERROR_STORAGE_FAILURE The operation failed because the physical storage has failed (Fatal error)
* \retval #PSA_ERROR_DATA_CORRUPT The operation failed because stored data has been corrupted
* \retval #PSA_ERROR_INVALID_ARGUMENT The operation failed because one of the provided pointers(`p_data`, `p_data_length`) * \retval #PSA_ERROR_INVALID_ARGUMENT The operation failed because one of the provided pointers(`p_data`, `p_data_length`)
* is invalid. For example is `NULL` or references memory the caller cannot access. * is invalid. For example is `NULL` or references memory the caller cannot access.
* In addition, this can also happen if an invalid offset was provided. * In addition, this can also happen if an invalid offset was provided.
@ -121,7 +121,7 @@ psa_status_t psa_its_get(psa_storage_uid_t uid,
* *
* \retval #PSA_SUCCESS The operation completed successfully * \retval #PSA_SUCCESS The operation completed successfully
* \retval #PSA_ERROR_DOES_NOT_EXIST The operation failed because the provided uid value was not found in the storage * \retval #PSA_ERROR_DOES_NOT_EXIST The operation failed because the provided uid value was not found in the storage
* \retval #PSA_ERROR_STORAGE_FAILURE The operation failed because the physical storage has failed (Fatal error) * \retval #PSA_ERROR_DATA_CORRUPT The operation failed because stored data has been corrupted
* \retval #PSA_ERROR_INVALID_ARGUMENT The operation failed because one of the provided pointers(`p_info`) * \retval #PSA_ERROR_INVALID_ARGUMENT The operation failed because one of the provided pointers(`p_info`)
* is invalid, for example is `NULL` or references memory the caller cannot access * is invalid, for example is `NULL` or references memory the caller cannot access
*/ */

View file

@ -155,6 +155,13 @@ psa_status_t psa_destroy_se_key( psa_se_drv_table_entry_t *driver,
* *
* \param driver The driver table entry containing the persistent * \param driver The driver table entry containing the persistent
* data to load from storage. * data to load from storage.
*
* \return #PSA_SUCCESS
* \return #PSA_ERROR_NOT_SUPPORTED
* \return #PSA_ERROR_DOES_NOT_EXIST
* \return #PSA_ERROR_STORAGE_FAILURE
* \return #PSA_ERROR_DATA_CORRUPT
* \return #PSA_ERROR_INVALID_ARGUMENT
*/ */
psa_status_t psa_load_se_persistent_data( psa_status_t psa_load_se_persistent_data(
const psa_se_drv_table_entry_t *driver ); const psa_se_drv_table_entry_t *driver );
@ -163,6 +170,14 @@ psa_status_t psa_load_se_persistent_data(
* *
* \param[in] driver The driver table entry containing the persistent * \param[in] driver The driver table entry containing the persistent
* data to save to storage. * data to save to storage.
*
* \return #PSA_SUCCESS
* \return #PSA_ERROR_NOT_SUPPORTED
* \return #PSA_ERROR_NOT_PERMITTED
* \return #PSA_ERROR_NOT_SUPPORTED
* \return #PSA_ERROR_INSUFFICIENT_STORAGE
* \return #PSA_ERROR_STORAGE_FAILURE
* \return #PSA_ERROR_INVALID_ARGUMENT
*/ */
psa_status_t psa_save_se_persistent_data( psa_status_t psa_save_se_persistent_data(
const psa_se_drv_table_entry_t *driver ); const psa_se_drv_table_entry_t *driver );

View file

@ -258,7 +258,7 @@ static psa_status_t psa_load_persistent_key_into_slot( psa_key_slot_t *slot )
if( key_data_length != sizeof( *data ) ) if( key_data_length != sizeof( *data ) )
{ {
status = PSA_ERROR_STORAGE_FAILURE; status = PSA_ERROR_DATA_INVALID;
goto exit; goto exit;
} }
data = (psa_se_key_data_storage_t *) key_data; data = (psa_se_key_data_storage_t *) key_data;

View file

@ -91,6 +91,8 @@ static psa_storage_uid_t psa_its_identifier_of_slot( mbedtls_svc_key_id_t key )
* \param data_size Size of the \c data buffer in bytes. * \param data_size Size of the \c data buffer in bytes.
* *
* \retval #PSA_SUCCESS * \retval #PSA_SUCCESS
* \retval #PSA_ERROR_DATA_INVALID
* \retval #PSA_ERROR_DATA_CORRUPT
* \retval #PSA_ERROR_STORAGE_FAILURE * \retval #PSA_ERROR_STORAGE_FAILURE
* \retval #PSA_ERROR_DOES_NOT_EXIST * \retval #PSA_ERROR_DOES_NOT_EXIST
*/ */
@ -108,7 +110,7 @@ static psa_status_t psa_crypto_storage_load(
status = psa_its_get( data_identifier, 0, (uint32_t) data_size, data, &data_length ); status = psa_its_get( data_identifier, 0, (uint32_t) data_size, data, &data_length );
if( data_size != data_length ) if( data_size != data_length )
return( PSA_ERROR_STORAGE_FAILURE ); return( PSA_ERROR_DATA_INVALID );
return( status ); return( status );
} }
@ -139,8 +141,9 @@ int psa_is_key_present_in_storage( const mbedtls_svc_key_id_t key )
* *
* \retval #PSA_SUCCESS * \retval #PSA_SUCCESS
* \retval #PSA_ERROR_INSUFFICIENT_STORAGE * \retval #PSA_ERROR_INSUFFICIENT_STORAGE
* \retval #PSA_ERROR_STORAGE_FAILURE
* \retval #PSA_ERROR_ALREADY_EXISTS * \retval #PSA_ERROR_ALREADY_EXISTS
* \retval #PSA_ERROR_STORAGE_FAILURE
* \retval #PSA_ERROR_DATA_INVALID
*/ */
static psa_status_t psa_crypto_storage_store( const mbedtls_svc_key_id_t key, static psa_status_t psa_crypto_storage_store( const mbedtls_svc_key_id_t key,
const uint8_t *data, const uint8_t *data,
@ -156,7 +159,7 @@ static psa_status_t psa_crypto_storage_store( const mbedtls_svc_key_id_t key,
status = psa_its_set( data_identifier, (uint32_t) data_length, data, 0 ); status = psa_its_set( data_identifier, (uint32_t) data_length, data, 0 );
if( status != PSA_SUCCESS ) if( status != PSA_SUCCESS )
{ {
return( PSA_ERROR_STORAGE_FAILURE ); return( PSA_ERROR_DATA_INVALID );
} }
status = psa_its_get_info( data_identifier, &data_identifier_info ); status = psa_its_get_info( data_identifier, &data_identifier_info );
@ -167,7 +170,7 @@ static psa_status_t psa_crypto_storage_store( const mbedtls_svc_key_id_t key,
if( data_identifier_info.size != data_length ) if( data_identifier_info.size != data_length )
{ {
status = PSA_ERROR_STORAGE_FAILURE; status = PSA_ERROR_DATA_INVALID;
goto exit; goto exit;
} }
@ -194,11 +197,11 @@ psa_status_t psa_destroy_persistent_key( const mbedtls_svc_key_id_t key )
return( PSA_SUCCESS ); return( PSA_SUCCESS );
if( psa_its_remove( data_identifier ) != PSA_SUCCESS ) if( psa_its_remove( data_identifier ) != PSA_SUCCESS )
return( PSA_ERROR_STORAGE_FAILURE ); return( PSA_ERROR_DATA_INVALID );
ret = psa_its_get_info( data_identifier, &data_identifier_info ); ret = psa_its_get_info( data_identifier, &data_identifier_info );
if( ret != PSA_ERROR_DOES_NOT_EXIST ) if( ret != PSA_ERROR_DOES_NOT_EXIST )
return( PSA_ERROR_STORAGE_FAILURE ); return( PSA_ERROR_DATA_INVALID );
return( PSA_SUCCESS ); return( PSA_SUCCESS );
} }
@ -212,6 +215,8 @@ psa_status_t psa_destroy_persistent_key( const mbedtls_svc_key_id_t key )
* *
* \retval #PSA_SUCCESS * \retval #PSA_SUCCESS
* \retval #PSA_ERROR_STORAGE_FAILURE * \retval #PSA_ERROR_STORAGE_FAILURE
* \retval #PSA_ERROR_DOES_NOT_EXIST
* \retval #PSA_ERROR_DATA_CORRUPT
*/ */
static psa_status_t psa_crypto_storage_get_data_length( static psa_status_t psa_crypto_storage_get_data_length(
const mbedtls_svc_key_id_t key, const mbedtls_svc_key_id_t key,
@ -313,7 +318,7 @@ static psa_status_t check_magic_header( const uint8_t *data )
{ {
if( memcmp( data, PSA_KEY_STORAGE_MAGIC_HEADER, if( memcmp( data, PSA_KEY_STORAGE_MAGIC_HEADER,
PSA_KEY_STORAGE_MAGIC_HEADER_LENGTH ) != 0 ) PSA_KEY_STORAGE_MAGIC_HEADER_LENGTH ) != 0 )
return( PSA_ERROR_STORAGE_FAILURE ); return( PSA_ERROR_DATA_INVALID );
return( PSA_SUCCESS ); return( PSA_SUCCESS );
} }
@ -329,7 +334,7 @@ psa_status_t psa_parse_key_data_from_storage( const uint8_t *storage_data,
uint32_t version; uint32_t version;
if( storage_data_length < sizeof(*storage_format) ) if( storage_data_length < sizeof(*storage_format) )
return( PSA_ERROR_STORAGE_FAILURE ); return( PSA_ERROR_DATA_INVALID );
status = check_magic_header( storage_data ); status = check_magic_header( storage_data );
if( status != PSA_SUCCESS ) if( status != PSA_SUCCESS )
@ -337,12 +342,12 @@ psa_status_t psa_parse_key_data_from_storage( const uint8_t *storage_data,
GET_UINT32_LE( version, storage_format->version, 0 ); GET_UINT32_LE( version, storage_format->version, 0 );
if( version != 0 ) if( version != 0 )
return( PSA_ERROR_STORAGE_FAILURE ); return( PSA_ERROR_DATA_INVALID );
GET_UINT32_LE( *key_data_length, storage_format->data_len, 0 ); GET_UINT32_LE( *key_data_length, storage_format->data_len, 0 );
if( *key_data_length > ( storage_data_length - sizeof(*storage_format) ) || if( *key_data_length > ( storage_data_length - sizeof(*storage_format) ) ||
*key_data_length > PSA_CRYPTO_MAX_STORAGE_SIZE ) *key_data_length > PSA_CRYPTO_MAX_STORAGE_SIZE )
return( PSA_ERROR_STORAGE_FAILURE ); return( PSA_ERROR_DATA_INVALID );
if( *key_data_length == 0 ) if( *key_data_length == 0 )
{ {
@ -479,7 +484,7 @@ psa_status_t psa_crypto_load_transaction( void )
if( status != PSA_SUCCESS ) if( status != PSA_SUCCESS )
return( status ); return( status );
if( length != sizeof( psa_crypto_transaction ) ) if( length != sizeof( psa_crypto_transaction ) )
return( PSA_ERROR_STORAGE_FAILURE ); return( PSA_ERROR_DATA_INVALID );
return( PSA_SUCCESS ); return( PSA_SUCCESS );
} }

View file

@ -102,6 +102,8 @@ int psa_is_key_present_in_storage( const mbedtls_svc_key_id_t key );
* \retval #PSA_ERROR_INSUFFICIENT_STORAGE * \retval #PSA_ERROR_INSUFFICIENT_STORAGE
* \retval #PSA_ERROR_STORAGE_FAILURE * \retval #PSA_ERROR_STORAGE_FAILURE
* \retval #PSA_ERROR_ALREADY_EXISTS * \retval #PSA_ERROR_ALREADY_EXISTS
* \retval #PSA_ERROR_DATA_INVALID
* \retval #PSA_ERROR_DATA_CORRUPT
*/ */
psa_status_t psa_save_persistent_key( const psa_core_key_attributes_t *attr, psa_status_t psa_save_persistent_key( const psa_core_key_attributes_t *attr,
const uint8_t *data, const uint8_t *data,
@ -129,7 +131,8 @@ psa_status_t psa_save_persistent_key( const psa_core_key_attributes_t *attr,
* *
* \retval #PSA_SUCCESS * \retval #PSA_SUCCESS
* \retval #PSA_ERROR_INSUFFICIENT_MEMORY * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
* \retval #PSA_ERROR_STORAGE_FAILURE * \retval #PSA_ERROR_DATA_INVALID
* \retval #PSA_ERROR_DATA_CORRUPT
* \retval #PSA_ERROR_DOES_NOT_EXIST * \retval #PSA_ERROR_DOES_NOT_EXIST
*/ */
psa_status_t psa_load_persistent_key( psa_core_key_attributes_t *attr, psa_status_t psa_load_persistent_key( psa_core_key_attributes_t *attr,
@ -145,7 +148,7 @@ psa_status_t psa_load_persistent_key( psa_core_key_attributes_t *attr,
* \retval #PSA_SUCCESS * \retval #PSA_SUCCESS
* The key was successfully removed, * The key was successfully removed,
* or the key did not exist. * or the key did not exist.
* \retval #PSA_ERROR_STORAGE_FAILURE * \retval #PSA_ERROR_DATA_INVALID
*/ */
psa_status_t psa_destroy_persistent_key( const mbedtls_svc_key_id_t key ); psa_status_t psa_destroy_persistent_key( const mbedtls_svc_key_id_t key );
@ -188,9 +191,8 @@ void psa_format_key_data_for_storage( const uint8_t *data,
* with the loaded key metadata. * with the loaded key metadata.
* *
* \retval #PSA_SUCCESS * \retval #PSA_SUCCESS
* \retval #PSA_ERROR_INSUFFICIENT_STORAGE
* \retval #PSA_ERROR_INSUFFICIENT_MEMORY * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
* \retval #PSA_ERROR_STORAGE_FAILURE * \retval #PSA_ERROR_DATA_INVALID
*/ */
psa_status_t psa_parse_key_data_from_storage( const uint8_t *storage_data, psa_status_t psa_parse_key_data_from_storage( const uint8_t *storage_data,
size_t storage_data_length, size_t storage_data_length,
@ -324,6 +326,7 @@ static inline void psa_crypto_prepare_transaction(
* atomically update the transaction state. * atomically update the transaction state.
* *
* \retval #PSA_SUCCESS * \retval #PSA_SUCCESS
* \retval #PSA_ERROR_DATA_CORRUPT
* \retval #PSA_ERROR_INSUFFICIENT_STORAGE * \retval #PSA_ERROR_INSUFFICIENT_STORAGE
* \retval #PSA_ERROR_STORAGE_FAILURE * \retval #PSA_ERROR_STORAGE_FAILURE
*/ */
@ -340,6 +343,8 @@ psa_status_t psa_crypto_save_transaction( void );
* \retval #PSA_ERROR_DOES_NOT_EXIST * \retval #PSA_ERROR_DOES_NOT_EXIST
* There is no ongoing transaction. * There is no ongoing transaction.
* \retval #PSA_ERROR_STORAGE_FAILURE * \retval #PSA_ERROR_STORAGE_FAILURE
* \retval #PSA_ERROR_DATA_INVALID
* \retval #PSA_ERROR_DATA_CORRUPT
*/ */
psa_status_t psa_crypto_load_transaction( void ); psa_status_t psa_crypto_load_transaction( void );

View file

@ -8,6 +8,8 @@ static const char *psa_strerror(psa_status_t status)
case PSA_ERROR_BUFFER_TOO_SMALL: return "PSA_ERROR_BUFFER_TOO_SMALL"; case PSA_ERROR_BUFFER_TOO_SMALL: return "PSA_ERROR_BUFFER_TOO_SMALL";
case PSA_ERROR_COMMUNICATION_FAILURE: return "PSA_ERROR_COMMUNICATION_FAILURE"; case PSA_ERROR_COMMUNICATION_FAILURE: return "PSA_ERROR_COMMUNICATION_FAILURE";
case PSA_ERROR_CORRUPTION_DETECTED: return "PSA_ERROR_CORRUPTION_DETECTED"; case PSA_ERROR_CORRUPTION_DETECTED: return "PSA_ERROR_CORRUPTION_DETECTED";
case PSA_ERROR_DATA_CORRUPT: return "PSA_ERROR_DATA_CORRUPT";
case PSA_ERROR_DATA_INVALID: return "PSA_ERROR_DATA_INVALID";
case PSA_ERROR_DOES_NOT_EXIST: return "PSA_ERROR_DOES_NOT_EXIST"; case PSA_ERROR_DOES_NOT_EXIST: return "PSA_ERROR_DOES_NOT_EXIST";
case PSA_ERROR_GENERIC_ERROR: return "PSA_ERROR_GENERIC_ERROR"; case PSA_ERROR_GENERIC_ERROR: return "PSA_ERROR_GENERIC_ERROR";
case PSA_ERROR_HARDWARE_FAILURE: return "PSA_ERROR_HARDWARE_FAILURE"; case PSA_ERROR_HARDWARE_FAILURE: return "PSA_ERROR_HARDWARE_FAILURE";

View file

@ -11,16 +11,22 @@ Parse storage: AES-128 key
parse_storage_data_check:"505341004b45590000000000010000000024800000030000000250050000000010000000404142434445464748494a4b4c4d4e4f":"404142434445464748494a4b4c4d4e4f":PSA_KEY_LIFETIME_PERSISTENT:PSA_KEY_TYPE_AES:128:PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_ENCRYPT:PSA_ALG_GCM:0:PSA_SUCCESS parse_storage_data_check:"505341004b45590000000000010000000024800000030000000250050000000010000000404142434445464748494a4b4c4d4e4f":"404142434445464748494a4b4c4d4e4f":PSA_KEY_LIFETIME_PERSISTENT:PSA_KEY_TYPE_AES:128:PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_ENCRYPT:PSA_ALG_GCM:0:PSA_SUCCESS
Parse storage: wrong version Parse storage: wrong version
parse_storage_data_check:"505341004b455900ffffffff0100000001700004010000000000001200000010620200003082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_LIFETIME_PERSISTENT:PSA_KEY_TYPE_RSA_KEY_PAIR:1024:PSA_KEY_USAGE_EXPORT:PSA_ALG_CATEGORY_ASYMMETRIC_ENCRYPTION:PSA_ALG_CATEGORY_SIGN:PSA_ERROR_STORAGE_FAILURE parse_storage_data_check:"505341004b455900ffffffff0100000001700004010000000000001200000010620200003082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_LIFETIME_PERSISTENT:PSA_KEY_TYPE_RSA_KEY_PAIR:1024:PSA_KEY_USAGE_EXPORT:PSA_ALG_CATEGORY_ASYMMETRIC_ENCRYPTION:PSA_ALG_CATEGORY_SIGN:PSA_ERROR_DATA_INVALID
Parse storage: data too big Parse storage: data too big
parse_storage_data_check:"505341004b455900000000000100000001700000010000000000001200000010ffffffff3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":"":PSA_KEY_LIFETIME_PERSISTENT:PSA_KEY_TYPE_RSA_KEY_PAIR:0:PSA_KEY_USAGE_EXPORT:PSA_ALG_CATEGORY_ASYMMETRIC_ENCRYPTION:PSA_ALG_CATEGORY_SIGN:PSA_ERROR_STORAGE_FAILURE parse_storage_data_check:"505341004b455900000000000100000001700000010000000000001200000010ffffffff3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":"":PSA_KEY_LIFETIME_PERSISTENT:PSA_KEY_TYPE_RSA_KEY_PAIR:0:PSA_KEY_USAGE_EXPORT:PSA_ALG_CATEGORY_ASYMMETRIC_ENCRYPTION:PSA_ALG_CATEGORY_SIGN:PSA_ERROR_DATA_INVALID
Parse storage: bad magic Parse storage: bad magic
parse_storage_data_check:"645341004b455900000000000100000001700004010000000000001200000010620200003082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_LIFETIME_PERSISTENT:PSA_KEY_TYPE_RSA_KEY_PAIR:1024:PSA_KEY_USAGE_EXPORT:PSA_ALG_CATEGORY_ASYMMETRIC_ENCRYPTION:PSA_ALG_CATEGORY_SIGN:PSA_ERROR_STORAGE_FAILURE parse_storage_data_check:"645341004b455900000000000100000001700004010000000000001200000010620200003082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_LIFETIME_PERSISTENT:PSA_KEY_TYPE_RSA_KEY_PAIR:1024:PSA_KEY_USAGE_EXPORT:PSA_ALG_CATEGORY_ASYMMETRIC_ENCRYPTION:PSA_ALG_CATEGORY_SIGN:PSA_ERROR_DATA_INVALID
Parse storage: truncated magic Parse storage: truncated magic
parse_storage_data_check:"505341004b4559":"":PSA_KEY_LIFETIME_PERSISTENT:PSA_KEY_TYPE_RSA_KEY_PAIR:0:PSA_KEY_USAGE_EXPORT:PSA_ALG_CATEGORY_ASYMMETRIC_ENCRYPTION:PSA_ALG_CATEGORY_SIGN:PSA_ERROR_STORAGE_FAILURE parse_storage_data_check:"505341004b4559":"":PSA_KEY_LIFETIME_PERSISTENT:PSA_KEY_TYPE_RSA_KEY_PAIR:0:PSA_KEY_USAGE_EXPORT:PSA_ALG_CATEGORY_ASYMMETRIC_ENCRYPTION:PSA_ALG_CATEGORY_SIGN:PSA_ERROR_DATA_INVALID
Parse storage: truncated header
parse_storage_data_check:"505341004b455900000000000100000001700000010000000000001200000010620200":"":PSA_KEY_LIFETIME_PERSISTENT:PSA_KEY_TYPE_RSA_KEY_PAIR:0:PSA_KEY_USAGE_EXPORT:PSA_ALG_CATEGORY_ASYMMETRIC_ENCRYPTION:PSA_ALG_CATEGORY_SIGN:PSA_ERROR_DATA_INVALID
Parse storage: truncated key
parse_storage_data_check:"505341004b455900000000000100000001700000010000000000001200000010620200003082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b":"":PSA_KEY_LIFETIME_PERSISTENT:PSA_KEY_TYPE_RSA_KEY_PAIR:0:PSA_KEY_USAGE_EXPORT:PSA_ALG_CATEGORY_ASYMMETRIC_ENCRYPTION:PSA_ALG_CATEGORY_SIGN:PSA_ERROR_DATA_INVALID
# Not specific to files, but only run this test in an environment where the maximum size could be reached. # Not specific to files, but only run this test in an environment where the maximum size could be reached.
Save maximum-size persistent raw key Save maximum-size persistent raw key

View file

@ -63,3 +63,9 @@ get_at:0:"40414243444546474849":10:-1:PSA_ERROR_INVALID_ARGUMENT
Get 1 byte of 10 at -1: out of range Get 1 byte of 10 at -1: out of range
get_at:0:"40414243444546474849":-1:1:PSA_ERROR_INVALID_ARGUMENT get_at:0:"40414243444546474849":-1:1:PSA_ERROR_INVALID_ARGUMENT
Overwrite ITS header magic
get_fail:0:"40414243444546474849":1:0:PSA_ERROR_DATA_CORRUPT
Truncate ITS header
get_fail:0:"40414243444546474849":0:1:PSA_ERROR_DATA_CORRUPT

View file

@ -231,3 +231,56 @@ exit:
cleanup( ); cleanup( );
} }
/* END_CASE */ /* END_CASE */
/* BEGIN_CASE */
void get_fail( int uid_arg, data_t *data,
int overwrite_magic, int cut_header,
int expected_status )
{
psa_storage_uid_t uid = uid_arg;
unsigned char *buffer = NULL;
psa_status_t status;
size_t n;
size_t ret_len = 0;
char filename[PSA_ITS_STORAGE_FILENAME_LENGTH];
FILE *stream = NULL;
char bad_char = 'X';
PSA_ASSERT( psa_its_set_wrap( uid, data->len, data->x, 0 ) );
psa_its_fill_filename( uid, filename );
stream = fopen( filename, "rb+" );
TEST_ASSERT( NULL != stream );
if( 0 != overwrite_magic )
{
/* Overwrite the 1st byte of the file, the ITS magic number */
TEST_ASSERT( fseek( stream, 0, SEEK_SET ) == 0 );
n = fwrite( &bad_char, 1, 1, stream );
TEST_ASSERT( 1 == n );
}
if( 0 != cut_header )
{
/* Reopen file and truncate it to 0 byte by specifying the 'w' flag */
stream = freopen( filename, "wb", stream );
TEST_ASSERT( NULL != stream );
}
fclose( stream );
stream = NULL;
status = psa_its_get( uid, 0, 0, buffer, &ret_len );
TEST_ASSERT( status == (psa_status_t) expected_status );
TEST_ASSERT( 0 == ret_len );
PSA_ASSERT( psa_its_remove( uid ) );
/* Check if the file is really deleted. */
stream = fopen( filename, "rb" );
TEST_ASSERT( NULL == stream );
exit:
if( stream != NULL )
fclose( stream );
mbedtls_free( buffer );
cleanup( );
}
/* END_CASE */