Use PSA_ERROR_DATA_INVALID error code
If the file is read correctly, but it contains data that isn't valid,
the crypto storage code returns PSA_ERROR_DATA_INVALID.
The PSA_ERROR_DATA_CORRUPT and PSA_ERROR_STORAGE_FAILURE error codes are
replaced with PSA_ERROR_DATA_INVALID, except in the ITS subsystem.
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
diff --git a/include/psa/crypto_values.h b/include/psa/crypto_values.h
index cf7a0e1..105762c 100644
--- a/include/psa/crypto_values.h
+++ b/include/psa/crypto_values.h
@@ -294,6 +294,22 @@
*/
#define PSA_ERROR_DATA_CORRUPT ((psa_status_t)-152)
+/** Data read from storage is not valid for the implementation.
+ *
+ * This error indicates that some data read from storage does not have a valid
+ * format. It does not indicate the following situations, which have specific
+ * error codes:
+ *
+ * - When the storage or stored data is corrupted - use #PSA_ERROR_DATA_CORRUPT
+ * - When the storage fails for other reasons - use #PSA_ERROR_STORAGE_FAILURE
+ * - An invalid argument to the API - use #PSA_ERROR_INVALID_ARGUMENT
+ *
+ * This error is typically a result of either storage corruption on a
+ * cleartext storage backend, or an attempt to read data that was
+ * written by an incompatible version of the library.
+ */
+#define PSA_ERROR_DATA_INVALID ((psa_status_t)-153)
+
/**@}*/
/** \defgroup crypto_types Key and algorithm types
diff --git a/library/psa_crypto.c b/library/psa_crypto.c
index 66c8f65..e1fce90 100644
--- a/library/psa_crypto.c
+++ b/library/psa_crypto.c
@@ -6593,7 +6593,7 @@
default:
/* We found an unsupported transaction in the storage.
* We don't know what state the storage is in. Give up. */
- return( PSA_ERROR_STORAGE_FAILURE );
+ return( PSA_ERROR_DATA_INVALID );
}
}
#endif /* PSA_CRYPTO_STORAGE_HAS_TRANSACTIONS */
diff --git a/library/psa_crypto_slot_management.c b/library/psa_crypto_slot_management.c
index 4c4ad03..4841b0d 100644
--- a/library/psa_crypto_slot_management.c
+++ b/library/psa_crypto_slot_management.c
@@ -253,7 +253,7 @@
psa_se_key_data_storage_t *data;
if( key_data_length != sizeof( *data ) )
{
- status = PSA_ERROR_STORAGE_FAILURE;
+ status = PSA_ERROR_DATA_INVALID;
goto exit;
}
data = (psa_se_key_data_storage_t *) key_data;
diff --git a/library/psa_crypto_storage.c b/library/psa_crypto_storage.c
index 1ebd20e..aa55f0a 100644
--- a/library/psa_crypto_storage.c
+++ b/library/psa_crypto_storage.c
@@ -108,7 +108,7 @@
status = psa_its_get( data_identifier, 0, (uint32_t) data_size, data, &data_length );
if( data_size != data_length )
- return( PSA_ERROR_STORAGE_FAILURE );
+ return( PSA_ERROR_DATA_INVALID );
return( status );
}
@@ -156,7 +156,7 @@
status = psa_its_set( data_identifier, (uint32_t) data_length, data, 0 );
if( status != PSA_SUCCESS )
{
- return( PSA_ERROR_STORAGE_FAILURE );
+ return( PSA_ERROR_DATA_INVALID );
}
status = psa_its_get_info( data_identifier, &data_identifier_info );
@@ -167,7 +167,7 @@
if( data_identifier_info.size != data_length )
{
- status = PSA_ERROR_STORAGE_FAILURE;
+ status = PSA_ERROR_DATA_INVALID;
goto exit;
}
@@ -194,11 +194,11 @@
return( PSA_SUCCESS );
if( psa_its_remove( data_identifier ) != PSA_SUCCESS )
- return( PSA_ERROR_STORAGE_FAILURE );
+ return( PSA_ERROR_DATA_INVALID );
ret = psa_its_get_info( data_identifier, &data_identifier_info );
if( ret != PSA_ERROR_DOES_NOT_EXIST )
- return( PSA_ERROR_STORAGE_FAILURE );
+ return( PSA_ERROR_DATA_INVALID );
return( PSA_SUCCESS );
}
@@ -313,7 +313,7 @@
{
if( memcmp( data, PSA_KEY_STORAGE_MAGIC_HEADER,
PSA_KEY_STORAGE_MAGIC_HEADER_LENGTH ) != 0 )
- return( PSA_ERROR_STORAGE_FAILURE );
+ return( PSA_ERROR_DATA_INVALID );
return( PSA_SUCCESS );
}
@@ -329,7 +329,7 @@
uint32_t version;
if( storage_data_length < sizeof(*storage_format) )
- return( PSA_ERROR_STORAGE_FAILURE );
+ return( PSA_ERROR_DATA_INVALID );
status = check_magic_header( storage_data );
if( status != PSA_SUCCESS )
@@ -337,12 +337,12 @@
GET_UINT32_LE( version, storage_format->version, 0 );
if( version != 0 )
- return( PSA_ERROR_STORAGE_FAILURE );
+ return( PSA_ERROR_DATA_INVALID );
GET_UINT32_LE( *key_data_length, storage_format->data_len, 0 );
if( *key_data_length > ( storage_data_length - sizeof(*storage_format) ) ||
*key_data_length > PSA_CRYPTO_MAX_STORAGE_SIZE )
- return( PSA_ERROR_STORAGE_FAILURE );
+ return( PSA_ERROR_DATA_INVALID );
if( *key_data_length == 0 )
{
@@ -470,7 +470,7 @@
if( status != PSA_SUCCESS )
return( status );
if( length != sizeof( psa_crypto_transaction ) )
- return( PSA_ERROR_STORAGE_FAILURE );
+ return( PSA_ERROR_DATA_INVALID );
return( PSA_SUCCESS );
}
diff --git a/programs/psa/psa_constant_names_generated.c b/programs/psa/psa_constant_names_generated.c
index 7a16a5b..04b2960 100644
--- a/programs/psa/psa_constant_names_generated.c
+++ b/programs/psa/psa_constant_names_generated.c
@@ -9,6 +9,7 @@
case PSA_ERROR_COMMUNICATION_FAILURE: return "PSA_ERROR_COMMUNICATION_FAILURE";
case PSA_ERROR_CORRUPTION_DETECTED: return "PSA_ERROR_CORRUPTION_DETECTED";
case PSA_ERROR_DATA_CORRUPT: return "PSA_ERROR_DATA_CORRUPT";
+ case PSA_ERROR_DATA_INVALID: return "PSA_ERROR_DATA_INVALID";
case PSA_ERROR_DOES_NOT_EXIST: return "PSA_ERROR_DOES_NOT_EXIST";
case PSA_ERROR_GENERIC_ERROR: return "PSA_ERROR_GENERIC_ERROR";
case PSA_ERROR_HARDWARE_FAILURE: return "PSA_ERROR_HARDWARE_FAILURE";