Attest: Introduce PSA error codes
This change addresses the compliance with PSA initial attestation
API 1.0.0 version. It replaces the existing psa_attest_err_t enum
values with the error codes that are detailed in the
interface/include/psa/error.h file.
Change-Id: I1795331e7081589371c82f0e56655db6a543edd3
Signed-off-by: Sverteczky, Marcell <marcell.sverteczky@arm.com>
Signed-off-by: Raef Coles <raef.coles@arm.com>
diff --git a/docs/user_guides/services/tfm_attestation_integration_guide.rst b/docs/user_guides/services/tfm_attestation_integration_guide.rst
index 80af21e..cae3d2e 100644
--- a/docs/user_guides/services/tfm_attestation_integration_guide.rst
+++ b/docs/user_guides/services/tfm_attestation_integration_guide.rst
@@ -196,17 +196,17 @@
.. code-block:: c
- enum psa_attest_err_t
+ psa_status_t
psa_initial_attest_get_token(const uint8_t *challenge_obj,
uint32_t challenge_size,
uint8_t *token,
uint32_t *token_size);
- enum psa_attest_err_t
+ psa_status_t
psa_initial_attest_get_token_size(uint32_t challenge_size,
uint32_t *token_size);
- enum psa_attest_err_t
+ psa_status_t
tfm_initial_attest_get_public_key(uint8_t *public_key,
size_t public_key_buf_size,
size_t *public_key_len,
diff --git a/interface/include/psa/initial_attestation.h b/interface/include/psa/initial_attestation.h
index 4dd247b..aa4a414 100644
--- a/interface/include/psa/initial_attestation.h
+++ b/interface/include/psa/initial_attestation.h
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2018-2019, Arm Limited. All rights reserved.
+ * Copyright (c) 2018-2020, Arm Limited. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*
@@ -33,35 +33,6 @@
#define PSA_INITIAL_ATTEST_API_VERSION_MINOR (0)
/**
- * \enum psa_attest_err_t
- *
- * \brief Initial attestation service error types
- *
- */
-enum psa_attest_err_t {
- /** Action was performed successfully */
- PSA_ATTEST_ERR_SUCCESS = 0,
- /** Boot status data is unavailable or malformed */
- PSA_ATTEST_ERR_INIT_FAILED,
- /** Token buffer is too small to store the created token there */
- PSA_ATTEST_ERR_TOKEN_BUFFER_OVERFLOW,
- /** Attestation key buffer is too small to store the obtained key there */
- PSA_ATTEST_ERR_KEY_BUFFER_OVERFLOW,
- /** Some of the mandatory claims are unavailable */
- PSA_ATTEST_ERR_CLAIM_UNAVAILABLE,
- /** Some parameter or combination of parameters are recognised as invalid:
- * - challenge size is not allowed
- * - challenge object is unavailable
- * - token buffer is unavailable
- */
- PSA_ATTEST_ERR_INVALID_INPUT,
- /** Unexpected error happened during operation */
- PSA_ATTEST_ERR_GENERAL,
- /** Following entry is only to ensure the error code of integer size */
- PSA_ATTEST_ERR_FORCE_INT_SIZE = INT_MAX
-};
-
-/**
* The allowed size of input challenge in bytes: 32, 48, 64
* Challenge can be a nonce from server
* or the hash of some combined data : nonce + attested data by caller.
@@ -197,9 +168,9 @@
* updated by initial attestation service with
* final token size.
*
- * \return Returns error code as specified in \ref psa_attest_err_t
+ * \return Returns error code as specified in \ref psa_status_t
*/
-enum psa_attest_err_t
+psa_status_t
psa_initial_attest_get_token(const uint8_t *challenge_obj,
uint32_t challenge_size,
uint8_t *token,
@@ -215,9 +186,9 @@
* \param[out] token_size Size of the token in bytes, which is created by
* initial attestation service.
*
- * \return Returns error code as specified in \ref psa_attest_err_t
+ * \return Returns error code as specified in \ref psa_status_t
*/
-enum psa_attest_err_t
+psa_status_t
psa_initial_attest_get_token_size(uint32_t challenge_size,
uint32_t *token_size);
@@ -233,9 +204,9 @@
*
* \note Currently only the ECDSA P-256 over SHA-256 algorithm is supported.
*
- * \return Returns error code as specified in \ref psa_attest_err_t
+ * \return Returns error code as specified in \ref psa_status_t
*/
-enum psa_attest_err_t
+psa_status_t
tfm_initial_attest_get_public_key(uint8_t *public_key,
size_t public_key_buf_size,
size_t *public_key_len,
diff --git a/interface/src/tfm_initial_attestation_func_api.c b/interface/src/tfm_initial_attestation_func_api.c
index 7292df5..cf82498 100644
--- a/interface/src/tfm_initial_attestation_func_api.c
+++ b/interface/src/tfm_initial_attestation_func_api.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2018-2019, Arm Limited. All rights reserved.
+ * Copyright (c) 2018-2020, Arm Limited. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*
@@ -13,7 +13,7 @@
#define IOVEC_LEN(x) (sizeof(x)/sizeof(x[0]))
-enum psa_attest_err_t
+psa_status_t
psa_initial_attest_get_token(const uint8_t *challenge_obj,
uint32_t challenge_size,
uint8_t *token,
@@ -34,14 +34,14 @@
(uint32_t)in_vec, IOVEC_LEN(in_vec),
(uint32_t)out_vec, IOVEC_LEN(out_vec));
- if (res == (int32_t)PSA_ATTEST_ERR_SUCCESS) {
+ if (res == (int32_t)PSA_SUCCESS) {
*token_size = out_vec[0].len;
}
- return (enum psa_attest_err_t)res;
+ return res;
}
-enum psa_attest_err_t
+psa_status_t
psa_initial_attest_get_token_size(uint32_t challenge_size,
uint32_t *token_size)
{
@@ -52,13 +52,13 @@
{token_size, sizeof(uint32_t)}
};
- return (enum psa_attest_err_t)tfm_ns_interface_dispatch(
+ return tfm_ns_interface_dispatch(
(veneer_fn)tfm_initial_attest_get_token_size_veneer,
(uint32_t)in_vec, IOVEC_LEN(in_vec),
(uint32_t)out_vec, IOVEC_LEN(out_vec));
}
-enum psa_attest_err_t
+psa_status_t
tfm_initial_attest_get_public_key(uint8_t *public_key,
size_t public_key_buf_size,
size_t *public_key_len,
@@ -77,5 +77,5 @@
(uint32_t)NULL, 0,
(uint32_t)out_vec, IOVEC_LEN(out_vec));
- return (enum psa_attest_err_t)res;
+ return (psa_status_t) res;
}
diff --git a/interface/src/tfm_initial_attestation_ipc_api.c b/interface/src/tfm_initial_attestation_ipc_api.c
index ed9264f..c60f8bd 100644
--- a/interface/src/tfm_initial_attestation_ipc_api.c
+++ b/interface/src/tfm_initial_attestation_ipc_api.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2018-2019, Arm Limited. All rights reserved.
+ * Copyright (c) 2018-2020, Arm Limited. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*
@@ -14,7 +14,7 @@
#define IOVEC_LEN(x) (sizeof(x)/sizeof(x[0]))
-enum psa_attest_err_t
+psa_status_t
psa_initial_attest_get_token(const uint8_t *challenge_obj,
uint32_t challenge_size,
uint8_t *token,
@@ -32,8 +32,8 @@
handle = psa_connect(TFM_ATTEST_GET_TOKEN_SID,
TFM_ATTEST_GET_TOKEN_VERSION);
- if (handle <= 0) {
- return PSA_ATTEST_ERR_GENERAL;
+ if (!PSA_HANDLE_IS_VALID(handle)) {
+ return PSA_HANDLE_TO_ERROR(handle);
}
status = psa_call(handle, PSA_IPC_CALL,
@@ -41,18 +41,14 @@
out_vec, IOVEC_LEN(out_vec));
psa_close(handle);
- if (status < PSA_SUCCESS) {
- return PSA_ATTEST_ERR_GENERAL;
- }
-
if (status == PSA_SUCCESS) {
*token_size = out_vec[0].len;
}
- return (enum psa_attest_err_t)status;
+ return status;
}
-enum psa_attest_err_t
+psa_status_t
psa_initial_attest_get_token_size(uint32_t challenge_size,
uint32_t *token_size)
{
@@ -67,8 +63,8 @@
handle = psa_connect(TFM_ATTEST_GET_TOKEN_SIZE_SID,
TFM_ATTEST_GET_TOKEN_SIZE_VERSION);
- if (handle <= 0) {
- return PSA_ATTEST_ERR_GENERAL;
+ if (!PSA_HANDLE_IS_VALID(handle)) {
+ return PSA_HANDLE_TO_ERROR(handle);
}
status = psa_call(handle, PSA_IPC_CALL,
@@ -76,14 +72,10 @@
out_vec, IOVEC_LEN(out_vec));
psa_close(handle);
- if (status < PSA_SUCCESS) {
- return PSA_ATTEST_ERR_GENERAL;
- }
-
- return (enum psa_attest_err_t)status;
+ return status;
}
-enum psa_attest_err_t
+psa_status_t
tfm_initial_attest_get_public_key(uint8_t *public_key,
size_t public_key_buf_size,
size_t *public_key_len,
@@ -101,7 +93,7 @@
handle = psa_connect(TFM_ATTEST_GET_PUBLIC_KEY_SID,
TFM_ATTEST_GET_PUBLIC_KEY_VERSION);
if (!PSA_HANDLE_IS_VALID(handle)) {
- return PSA_ATTEST_ERR_GENERAL;
+ return PSA_HANDLE_TO_ERROR(handle);
}
status = psa_call(handle, PSA_IPC_CALL,
@@ -109,5 +101,5 @@
out_vec, IOVEC_LEN(out_vec));
psa_close(handle);
- return (enum psa_attest_err_t)status;
+ return status;
}
diff --git a/secure_fw/services/initial_attestation/attest_token.c b/secure_fw/services/initial_attestation/attest_token.c
index c6a4ecde..f3f8d70 100644
--- a/secure_fw/services/initial_attestation/attest_token.c
+++ b/secure_fw/services/initial_attestation/attest_token.c
@@ -16,6 +16,7 @@
#include "q_useful_buf.h"
#include "psa/crypto.h"
#include "attestation_key.h"
+#include "attestation.h"
/**
diff --git a/secure_fw/services/initial_attestation/attestation.h b/secure_fw/services/initial_attestation/attestation.h
index b892d7e..a381cf1 100644
--- a/secure_fw/services/initial_attestation/attestation.h
+++ b/secure_fw/services/initial_attestation/attestation.h
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2018-2019, Arm Limited. All rights reserved.
+ * Copyright (c) 2018-2020, Arm Limited. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*
@@ -24,6 +24,33 @@
TFM_ATTEST_ACCESS_RW = 2,
};
+/**
+ * \enum psa_attest_err_t
+ *
+ * \brief Initial attestation service error types
+ *
+ */
+enum psa_attest_err_t {
+ /** Action was performed successfully */
+ PSA_ATTEST_ERR_SUCCESS = 0,
+ /** Boot status data is unavailable or malformed */
+ PSA_ATTEST_ERR_INIT_FAILED,
+ /** Buffer is too small to store required data */
+ PSA_ATTEST_ERR_BUFFER_OVERFLOW,
+ /** Some of the mandatory claims are unavailable*/
+ PSA_ATTEST_ERR_CLAIM_UNAVAILABLE,
+ /** Some parameter or combination of parameters are recognised as invalid:
+ * - challenge size is not allowed
+ * - challenge object is unavailable
+ * - token buffer is unavailable
+ */
+ PSA_ATTEST_ERR_INVALID_INPUT,
+ /** Unexpected error happened during operation */
+ PSA_ATTEST_ERR_GENERAL,
+ /** Following entry is only to ensure the error code of integer size */
+ PSA_ATTEST_ERR_FORCE_INT_SIZE = INT_MAX
+};
+
/*!
* \brief Copy the boot data (coming from boot loader) from shared memory area
* to service memory area
@@ -68,10 +95,10 @@
* \brief Initialise the initial attestation service during the TF-M boot up
* process.
*
- * \return Returns PSA_ATTEST_ERR_SUCCESS if init has been completed,
- * otherwise error as specified in \ref psa_attest_err_t
+ * \return Returns PSA_SUCCESS if init has been completed,
+ * otherwise error as specified in \ref psa_status_t
*/
-enum psa_attest_err_t attest_init(void);
+psa_status_t attest_init(void);
/*!
* \brief Get initial attestation token
@@ -83,9 +110,9 @@
* to attestation service
* \param[in] num_outvec Number of elements in out_vec array
*
- * \return Returns error code as specified in \ref psa_attest_err_t
+ * \return Returns error code as specified in \ref psa_status_t
*/
-enum psa_attest_err_t
+psa_status_t
initial_attest_get_token(const psa_invec *in_vec, uint32_t num_invec,
psa_outvec *out_vec, uint32_t num_outvec);
@@ -99,9 +126,9 @@
* where to store the output data
* \param[in] num_outvec Number of elements in out_vec array
*
- * \return Returns error code as specified in \ref psa_attest_err_t
+ * \return Returns error code as specified in \ref psa_status_t
*/
-enum psa_attest_err_t
+psa_status_t
initial_attest_get_token_size(const psa_invec *in_vec, uint32_t num_invec,
psa_outvec *out_vec, uint32_t num_outvec);
@@ -115,9 +142,9 @@
* where to store the output data
* \param[in] num_outvec Number of elements in out_vec array
*
- * \return Returns error code as specified in \ref psa_attest_err_t
+ * \return Returns error code as specified in \ref psa_status_t
*/
-enum psa_attest_err_t
+psa_status_t
initial_attest_get_public_key(const psa_invec *in_vec, uint32_t num_invec,
psa_outvec *out_vec, uint32_t num_outvec);
diff --git a/secure_fw/services/initial_attestation/attestation_core.c b/secure_fw/services/initial_attestation/attestation_core.c
index 1d64d00..beb93a3 100644
--- a/secure_fw/services/initial_attestation/attestation_core.c
+++ b/secure_fw/services/initial_attestation/attestation_core.c
@@ -54,7 +54,42 @@
__attribute__ ((aligned(4)))
static struct attest_boot_data boot_data;
-enum psa_attest_err_t attest_init(void)
+/*!
+ * \brief Static function to map return values between \ref psa_attest_err_t
+ * and \ref psa_status_t
+ *
+ * \param[in] attest_err Attestation error code
+ *
+ * \return Returns error code as specified in \ref psa_status_t
+ */
+static inline psa_status_t
+error_mapping_to_psa_status_t(enum psa_attest_err_t attest_err)
+{
+ switch (attest_err) {
+ case PSA_ATTEST_ERR_SUCCESS:
+ return PSA_SUCCESS;
+ break;
+ case PSA_ATTEST_ERR_INIT_FAILED:
+ return PSA_ERROR_SERVICE_FAILURE;
+ break;
+ case PSA_ATTEST_ERR_BUFFER_OVERFLOW:
+ return PSA_ERROR_BUFFER_TOO_SMALL;
+ break;
+ case PSA_ATTEST_ERR_CLAIM_UNAVAILABLE:
+ return PSA_ERROR_GENERIC_ERROR;
+ break;
+ case PSA_ATTEST_ERR_INVALID_INPUT:
+ return PSA_ERROR_INVALID_ARGUMENT;
+ break;
+ case PSA_ATTEST_ERR_GENERAL:
+ return PSA_ERROR_GENERIC_ERROR;
+ break;
+ default:
+ return PSA_ERROR_GENERIC_ERROR;
+ }
+}
+
+psa_status_t attest_init(void)
{
enum psa_attest_err_t res;
@@ -62,7 +97,7 @@
(struct tfm_boot_data *)&boot_data,
MAX_BOOT_STATUS);
- return res;
+ return error_mapping_to_psa_status_t(res);
}
/*!
@@ -74,14 +109,14 @@
* \return Returns error code as specified in \ref psa_attest_err_t
*/
static inline enum psa_attest_err_t
-error_mapping(enum attest_token_err_t token_err)
+error_mapping_to_psa_attest_err_t(enum attest_token_err_t token_err)
{
switch (token_err) {
case ATTEST_TOKEN_ERR_SUCCESS:
return PSA_ATTEST_ERR_SUCCESS;
break;
case ATTEST_TOKEN_ERR_TOO_SMALL:
- return PSA_ATTEST_ERR_TOKEN_BUFFER_OVERFLOW;
+ return PSA_ATTEST_ERR_BUFFER_OVERFLOW;
break;
default:
return PSA_ATTEST_ERR_GENERAL;
@@ -956,7 +991,7 @@
token);
if (token_err != ATTEST_TOKEN_ERR_SUCCESS) {
- attest_err = error_mapping(token_err);
+ attest_err = error_mapping_to_psa_attest_err_t(token_err);
goto error;
}
@@ -1022,7 +1057,7 @@
*/
token_err = attest_token_finish(&attest_token_ctx, completed_token);
if (token_err) {
- attest_err = error_mapping(token_err);
+ attest_err = error_mapping_to_psa_attest_err_t(token_err);
goto error;
}
@@ -1043,7 +1078,7 @@
* token due to lack of psa_asymmetric_sign() implementation in crypto
* service.
*/
-enum psa_attest_err_t
+psa_status_t
initial_attest_get_token(const psa_invec *in_vec, uint32_t num_invec,
psa_outvec *out_vec, uint32_t num_outvec)
{
@@ -1090,11 +1125,11 @@
out_vec[0].len = completed_token.len;
error:
- return attest_err;
+ return error_mapping_to_psa_status_t(attest_err);
}
/* Initial implementation, just returns with hard coded value */
-enum psa_attest_err_t
+psa_status_t
initial_attest_get_token_size(const psa_invec *in_vec, uint32_t num_invec,
psa_outvec *out_vec, uint32_t num_outvec)
{
@@ -1131,10 +1166,10 @@
*token_buf_size = completed_token.len;
error:
- return attest_err;
+ return error_mapping_to_psa_status_t(attest_err);
}
-enum psa_attest_err_t
+psa_status_t
initial_attest_get_public_key(const psa_invec *in_vec, uint32_t num_invec,
psa_outvec *out_vec, uint32_t num_outvec)
{
@@ -1182,7 +1217,7 @@
}
if (key_buffer.len < key_len) {
- attest_err = PSA_ATTEST_ERR_KEY_BUFFER_OVERFLOW;
+ attest_err = PSA_ATTEST_ERR_BUFFER_OVERFLOW;
goto error;
}
@@ -1193,5 +1228,5 @@
*(size_t *)out_vec[2].base = key_len;
error:
- return attest_err;
+ return error_mapping_to_psa_status_t(attest_err);
}
diff --git a/secure_fw/services/initial_attestation/attestation_key.c b/secure_fw/services/initial_attestation/attestation_key.c
index a5854fd..75e5d92 100644
--- a/secure_fw/services/initial_attestation/attestation_key.c
+++ b/secure_fw/services/initial_attestation/attestation_key.c
@@ -7,9 +7,9 @@
*/
#include "attestation_key.h"
+#include "attestation.h"
#include <stdint.h>
#include <stddef.h>
-#include "psa/initial_attestation.h"
#include "platform/include/tfm_plat_defs.h"
#include "platform/include/tfm_plat_crypto_keys.h"
#include "t_cose_standard_constants.h"
diff --git a/secure_fw/services/initial_attestation/tfm_attestation_req_mngr.c b/secure_fw/services/initial_attestation/tfm_attestation_req_mngr.c
index 6539dcb..0b1e93b 100644
--- a/secure_fw/services/initial_attestation/tfm_attestation_req_mngr.c
+++ b/secure_fw/services/initial_attestation/tfm_attestation_req_mngr.c
@@ -19,13 +19,13 @@
#define ECC_P256_PUBLIC_KEY_SIZE PSA_KEY_EXPORT_ECC_PUBLIC_KEY_MAX_SIZE(256)
#define IOVEC_LEN(x) (sizeof(x)/sizeof(x[0]))
-typedef enum psa_attest_err_t (*attest_func_t)(const psa_msg_t *msg);
+typedef psa_status_t (*attest_func_t)(const psa_msg_t *msg);
int32_t g_attest_caller_id;
-static enum psa_attest_err_t psa_attest_get_token(const psa_msg_t *msg)
+static psa_status_t psa_attest_get_token(const psa_msg_t *msg)
{
- enum psa_attest_err_t status = PSA_ATTEST_ERR_SUCCESS;
+ psa_status_t status = PSA_SUCCESS;
uint8_t challenge_buff[PSA_INITIAL_ATTEST_CHALLENGE_SIZE_64];
uint8_t token_buff[PSA_INITIAL_ATTEST_TOKEN_MAX_SIZE];
uint32_t bytes_read = 0;
@@ -39,7 +39,7 @@
};
if (challenge_size > PSA_INITIAL_ATTEST_CHALLENGE_SIZE_64) {
- return PSA_ATTEST_ERR_INVALID_INPUT;
+ return PSA_ERROR_INVALID_ARGUMENT;
}
/* store the client ID here for later use in service */
@@ -48,7 +48,7 @@
bytes_read = psa_read(msg->handle, 0,
challenge_buff, challenge_size);
if (bytes_read != challenge_size) {
- return PSA_ATTEST_ERR_GENERAL;
+ return PSA_ERROR_GENERIC_ERROR;
}
token_size = (token_size < PSA_INITIAL_ATTEST_TOKEN_MAX_SIZE) ?
@@ -56,16 +56,16 @@
status = initial_attest_get_token(in_vec, IOVEC_LEN(in_vec),
out_vec, IOVEC_LEN(out_vec));
- if (status == PSA_ATTEST_ERR_SUCCESS) {
+ if (status == PSA_SUCCESS) {
psa_write(msg->handle, 0, out_vec[0].base, out_vec[0].len);
}
return status;
}
-static enum psa_attest_err_t psa_attest_get_token_size(const psa_msg_t *msg)
+static psa_status_t psa_attest_get_token_size(const psa_msg_t *msg)
{
- enum psa_attest_err_t status = PSA_ATTEST_ERR_SUCCESS;
+ psa_status_t status = PSA_SUCCESS;
uint32_t challenge_size;
uint32_t token_size;
uint32_t bytes_read = 0;
@@ -78,7 +78,7 @@
if (msg->in_size[0] != sizeof(challenge_size)
|| msg->out_size[0] != sizeof(token_size)) {
- return PSA_ATTEST_ERR_INVALID_INPUT;
+ return PSA_ERROR_INVALID_ARGUMENT;
}
/* store the client ID here for later use in service */
@@ -87,21 +87,21 @@
bytes_read = psa_read(msg->handle, 0,
&challenge_size, msg->in_size[0]);
if (bytes_read != msg->in_size[0]) {
- return PSA_ATTEST_ERR_INVALID_INPUT;
+ return PSA_ERROR_INVALID_ARGUMENT;
}
status = initial_attest_get_token_size(in_vec, IOVEC_LEN(in_vec),
out_vec, IOVEC_LEN(out_vec));
- if (status == PSA_ATTEST_ERR_SUCCESS) {
+ if (status == PSA_SUCCESS) {
psa_write(msg->handle, 0, out_vec[0].base, out_vec[0].len);
}
return status;
}
-static enum psa_attest_err_t tfm_attest_get_public_key(const psa_msg_t *msg)
+static psa_status_t tfm_attest_get_public_key(const psa_msg_t *msg)
{
- enum psa_attest_err_t status = PSA_ATTEST_ERR_SUCCESS;
+ psa_status_t status = PSA_SUCCESS;
uint8_t key_buf[ECC_P256_PUBLIC_KEY_SIZE];
size_t key_len;
psa_ecc_curve_t curve_type;
@@ -114,7 +114,7 @@
if (msg->out_size[1] != out_vec[1].len ||
msg->out_size[2] != out_vec[2].len) {
- return PSA_ATTEST_ERR_INVALID_INPUT;
+ return PSA_ERROR_INVALID_ARGUMENT;
}
/* Store the client ID here for later use in service. */
@@ -124,10 +124,10 @@
out_vec, IOVEC_LEN(out_vec));
if (msg->out_size[0] < key_len) {
- return PSA_ATTEST_ERR_KEY_BUFFER_OVERFLOW;
+ return PSA_ERROR_BUFFER_TOO_SMALL;
}
- if (status == PSA_ATTEST_ERR_SUCCESS) {
+ if (status == PSA_SUCCESS) {
psa_write(msg->handle, 0, key_buf, key_len);
psa_write(msg->handle, 1, &curve_type, out_vec[1].len);
psa_write(msg->handle, 2, &key_len, out_vec[2].len);
@@ -169,16 +169,16 @@
}
#endif
-enum psa_attest_err_t attest_partition_init(void)
+psa_status_t attest_partition_init(void)
{
- enum psa_attest_err_t err = PSA_ATTEST_ERR_SUCCESS;
+ psa_status_t err = PSA_SUCCESS;
#ifdef TFM_PSA_API
psa_signal_t signals;
#endif
err = attest_init();
#ifdef TFM_PSA_API
- if (err != PSA_ATTEST_ERR_SUCCESS) {
+ if (err != PSA_SUCCESS) {
tfm_abort();
}
diff --git a/secure_fw/services/initial_attestation/tfm_attestation_secure_api.c b/secure_fw/services/initial_attestation/tfm_attestation_secure_api.c
index b134224..151c168 100644
--- a/secure_fw/services/initial_attestation/tfm_attestation_secure_api.c
+++ b/secure_fw/services/initial_attestation/tfm_attestation_secure_api.c
@@ -18,7 +18,7 @@
#define IOVEC_LEN(x) (sizeof(x)/sizeof(x[0]))
__attribute__((section("SFN")))
-enum psa_attest_err_t
+psa_status_t
psa_initial_attest_get_token(const uint8_t *challenge_obj,
uint32_t challenge_size,
uint8_t *token,
@@ -36,18 +36,14 @@
psa_handle_t handle = PSA_NULL_HANDLE;
handle = psa_connect(TFM_ATTEST_GET_TOKEN_SID,
TFM_ATTEST_GET_TOKEN_VERSION);
- if (handle <= 0) {
- return PSA_ATTEST_ERR_GENERAL;
+ if (!PSA_HANDLE_IS_VALID(handle)) {
+ return PSA_HANDLE_TO_ERROR(handle);
}
status = psa_call(handle, PSA_IPC_CALL,
in_vec, IOVEC_LEN(in_vec),
out_vec, IOVEC_LEN(out_vec));
psa_close(handle);
-
- if (status < PSA_SUCCESS) {
- return PSA_ATTEST_ERR_GENERAL;
- }
#else
status = tfm_initial_attest_get_token_veneer(in_vec, IOVEC_LEN(in_vec),
out_vec, IOVEC_LEN(out_vec));
@@ -57,11 +53,11 @@
*token_size = out_vec[0].len;
}
- return (enum psa_attest_err_t)status;
+ return status;
}
__attribute__((section("SFN")))
-enum psa_attest_err_t
+psa_status_t
psa_initial_attest_get_token_size(uint32_t challenge_size,
uint32_t *token_size)
{
@@ -77,29 +73,25 @@
psa_handle_t handle = PSA_NULL_HANDLE;
handle = psa_connect(TFM_ATTEST_GET_TOKEN_SIZE_SID,
TFM_ATTEST_GET_TOKEN_SIZE_VERSION);
- if (handle <= 0) {
- return PSA_ATTEST_ERR_GENERAL;
+ if (!PSA_HANDLE_IS_VALID(handle)) {
+ return PSA_HANDLE_TO_ERROR(handle);
}
status = psa_call(handle, PSA_IPC_CALL,
in_vec, IOVEC_LEN(in_vec),
out_vec, IOVEC_LEN(out_vec));
psa_close(handle);
-
- if (status < PSA_SUCCESS) {
- return PSA_ATTEST_ERR_GENERAL;
- }
#else
status = tfm_initial_attest_get_token_size_veneer(in_vec, IOVEC_LEN(in_vec),
out_vec, IOVEC_LEN(out_vec));
#endif
- return (enum psa_attest_err_t)status;
+ return status;
}
__attribute__((section("SFN")))
-enum psa_attest_err_t
+psa_status_t
tfm_initial_attest_get_public_key(uint8_t *public_key,
size_t public_key_buf_size,
size_t *public_key_len,
@@ -119,7 +111,7 @@
handle = psa_connect(TFM_ATTEST_GET_PUBLIC_KEY_SID,
TFM_ATTEST_GET_PUBLIC_KEY_VERSION);
if (!PSA_HANDLE_IS_VALID(handle)) {
- return PSA_ATTEST_ERR_GENERAL;
+ return PSA_HANDLE_TO_ERROR(handle);
}
status = psa_call(handle, PSA_IPC_CALL,
@@ -131,5 +123,5 @@
out_vec, IOVEC_LEN(out_vec));
#endif
- return (enum psa_attest_err_t)status;
+ return status;
}
diff --git a/test/suites/attestation/attest_public_key.c b/test/suites/attestation/attest_public_key.c
index 5cb645f..f2ecc7e 100644
--- a/test/suites/attestation/attest_public_key.c
+++ b/test/suites/attestation/attest_public_key.c
@@ -1,15 +1,14 @@
/*
- * Copyright (c) 2019, Arm Limited. All rights reserved.
+ * Copyright (c) 2019-2020, Arm Limited. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*
*/
#include "attest_public_key.h"
-#include "psa/initial_attestation.h"
#include "psa/crypto.h"
-#include "psa/crypto_types.h"
#include <stdint.h>
+#include "attestation.h"
/*!
* \def ECC_CURVE_SECP256R1_PULBIC_KEY_LENGTH
diff --git a/test/suites/attestation/attest_token_decode.c b/test/suites/attestation/attest_token_decode.c
index ccd21dc..9bcf053 100644
--- a/test/suites/attestation/attest_token_decode.c
+++ b/test/suites/attestation/attest_token_decode.c
@@ -15,7 +15,7 @@
#include "qcbor_util.h"
#include "psa/crypto.h"
#include "attest_public_key.h"
-
+#include "attestation.h"
/**
* \file attest_token_decode.c
diff --git a/test/suites/attestation/attest_token_test.c b/test/suites/attestation/attest_token_test.c
index a8caf9f..6b0efd5 100644
--- a/test/suites/attestation/attest_token_test.c
+++ b/test/suites/attestation/attest_token_test.c
@@ -14,6 +14,7 @@
#include "psa/initial_attestation.h"
#include "attest_token_decode.h"
#include "attest_token_test_values.h"
+#include "psa/crypto.h"
/**
@@ -45,7 +46,7 @@
* \param[out] completed_token Place to put pointer and length
* of completed token.
*
- * \return various errors. See \ref attest_token_err_t.
+ * \return various errors. See \ref psa_status_t.
*
*/
int token_main_alt(uint32_t option_flags,
@@ -53,7 +54,7 @@
struct q_useful_buf buffer,
struct q_useful_buf_c *completed_token)
{
- int return_value;
+ psa_status_t return_value;
uint32_t completed_token_len;
struct q_useful_buf_c actual_nonce;
Q_USEFUL_BUF_MAKE_STACK_UB( actual_nonce_storage, 64);
@@ -77,7 +78,11 @@
*completed_token = (struct q_useful_buf_c){buffer.ptr, completed_token_len};
- return return_value;
+ if (return_value != PSA_SUCCESS) {
+ return (int)return_value;
+ }
+
+ return 0;
}
#ifdef INCLUDE_TEST_CODE /* Remove them from release build */
diff --git a/test/suites/attestation/non_secure/attestation_ns_interface_testsuite.c b/test/suites/attestation/non_secure/attestation_ns_interface_testsuite.c
index fae87ac..cf3b28b 100644
--- a/test/suites/attestation/non_secure/attestation_ns_interface_testsuite.c
+++ b/test/suites/attestation/non_secure/attestation_ns_interface_testsuite.c
@@ -150,7 +150,7 @@
*/
static void tfm_attest_test_2005(struct test_result_t *ret)
{
- enum psa_attest_err_t err;
+ psa_status_t err;
uint32_t token_size = TEST_TOKEN_SIZE;
/* Call with with bigger challenge object than allowed */
@@ -159,7 +159,7 @@
token_buffer,
&token_size);
- if (err != PSA_ATTEST_ERR_INVALID_INPUT) {
+ if (err != PSA_ERROR_INVALID_ARGUMENT) {
TEST_FAIL("Attestation should fail with too big challenge object");
return;
}
@@ -171,7 +171,7 @@
token_buffer,
&token_size);
- if (err != PSA_ATTEST_ERR_TOKEN_BUFFER_OVERFLOW) {
+ if (err != PSA_ERROR_BUFFER_TOO_SMALL) {
TEST_FAIL("Attestation should fail with too small token buffer");
return;
}
diff --git a/test/suites/attestation/secure/attestation_s_interface_testsuite.c b/test/suites/attestation/secure/attestation_s_interface_testsuite.c
index 9c911a3..7dec677 100644
--- a/test/suites/attestation/secure/attestation_s_interface_testsuite.c
+++ b/test/suites/attestation/secure/attestation_s_interface_testsuite.c
@@ -150,7 +150,7 @@
*/
static void tfm_attest_test_1005(struct test_result_t *ret)
{
- enum psa_attest_err_t err;
+ psa_status_t err;
uint32_t token_size = TEST_TOKEN_SIZE;
/* Call with with bigger challenge object than allowed */
@@ -159,7 +159,7 @@
token_buffer,
&token_size);
- if (err != PSA_ATTEST_ERR_INVALID_INPUT) {
+ if (err != PSA_ERROR_INVALID_ARGUMENT) {
TEST_FAIL("Attestation should fail with too big challenge object");
return;
}
@@ -171,7 +171,7 @@
token_buffer,
&token_size);
- if (err != PSA_ATTEST_ERR_TOKEN_BUFFER_OVERFLOW) {
+ if (err != PSA_ERROR_BUFFER_TOO_SMALL) {
TEST_FAIL("Attestation should fail with too small token buffer");
return;
}