Unify PSA to Mbed TLS error translation
Move all error translation utilities to psa_util.c.
Introduce macros and functions to avoid having
a local copy of the error translating function in
each place.
Identify overlapping errors and introduce a
generic function.
Provide a single macro for all error translations
(unless one file needs a couple of different ones).
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
diff --git a/library/ssl_tls13_keys.c b/library/ssl_tls13_keys.c
index a95d2fd..6edce50 100644
--- a/library/ssl_tls13_keys.c
+++ b/library/ssl_tls13_keys.c
@@ -35,6 +35,10 @@
#include "psa/crypto.h"
+#define PSA_TO_MBEDTLS_ERR(status) PSA_TO_MBEDTLS_ERR_LIST(status, \
+ psa_to_ssl_errors, \
+ psa_generic_status_to_mbedtls)
+
#define MBEDTLS_SSL_TLS1_3_LABEL(name, string) \
.name = string,
@@ -215,7 +219,7 @@
abort_status = psa_key_derivation_abort(&operation);
status = (status == PSA_SUCCESS ? abort_status : status);
mbedtls_platform_zeroize(hkdf_label, hkdf_label_len);
- return psa_ssl_status_to_mbedtls(status);
+ return PSA_TO_MBEDTLS_ERR(status);
}
MBEDTLS_CHECK_RETURN_CRITICAL
@@ -309,7 +313,7 @@
status = psa_hash_compute(hash_alg, ctx, ctx_len, hashed_context,
PSA_HASH_LENGTH(hash_alg), &ctx_len);
if (status != PSA_SUCCESS) {
- ret = psa_ssl_status_to_mbedtls(status);
+ ret = PSA_TO_MBEDTLS_ERR(status);
return ret;
}
} else {
@@ -416,7 +420,7 @@
cleanup:
abort_status = psa_key_derivation_abort(&operation);
status = (status == PSA_SUCCESS ? abort_status : status);
- ret = (ret == 0 ? psa_ssl_status_to_mbedtls(status) : ret);
+ ret = (ret == 0 ? PSA_TO_MBEDTLS_ERR(status) : ret);
mbedtls_platform_zeroize(tmp_secret, sizeof(tmp_secret));
return ret;
}
@@ -740,19 +744,19 @@
status = psa_import_key(&attributes, finished_key, hash_len, &key);
if (status != PSA_SUCCESS) {
- ret = psa_ssl_status_to_mbedtls(status);
+ ret = PSA_TO_MBEDTLS_ERR(status);
goto exit;
}
status = psa_mac_compute(key, alg, transcript, hash_len,
dst, hash_len, dst_len);
- ret = psa_ssl_status_to_mbedtls(status);
+ ret = PSA_TO_MBEDTLS_ERR(status);
exit:
status = psa_destroy_key(key);
if (ret == 0) {
- ret = psa_ssl_status_to_mbedtls(status);
+ ret = PSA_TO_MBEDTLS_ERR(status);
}
mbedtls_platform_zeroize(finished_key, sizeof(finished_key));
@@ -1040,8 +1044,8 @@
&alg,
&key_type,
&key_bits)) != PSA_SUCCESS) {
- MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_cipher_to_psa", psa_ssl_status_to_mbedtls(status));
- return psa_ssl_status_to_mbedtls(status);
+ MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_cipher_to_psa", PSA_TO_MBEDTLS_ERR(status));
+ return PSA_TO_MBEDTLS_ERR(status);
}
transform->psa_alg = alg;
@@ -1055,8 +1059,8 @@
key_enc,
PSA_BITS_TO_BYTES(key_bits),
&transform->psa_key_enc)) != PSA_SUCCESS) {
- MBEDTLS_SSL_DEBUG_RET(1, "psa_import_key", psa_ssl_status_to_mbedtls(status));
- return psa_ssl_status_to_mbedtls(status);
+ MBEDTLS_SSL_DEBUG_RET(1, "psa_import_key", PSA_TO_MBEDTLS_ERR(status));
+ return PSA_TO_MBEDTLS_ERR(status);
}
psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_DECRYPT);
@@ -1065,8 +1069,8 @@
key_dec,
PSA_BITS_TO_BYTES(key_bits),
&transform->psa_key_dec)) != PSA_SUCCESS) {
- MBEDTLS_SSL_DEBUG_RET(1, "psa_import_key", psa_ssl_status_to_mbedtls(status));
- return psa_ssl_status_to_mbedtls(status);
+ MBEDTLS_SSL_DEBUG_RET(1, "psa_import_key", PSA_TO_MBEDTLS_ERR(status));
+ return PSA_TO_MBEDTLS_ERR(status);
}
}
#endif /* MBEDTLS_USE_PSA_CRYPTO */
@@ -1094,7 +1098,7 @@
status = mbedtls_ssl_cipher_to_psa(ciphersuite_info->cipher, taglen,
&alg, &key_type, &key_bits);
if (status != PSA_SUCCESS) {
- return psa_ssl_status_to_mbedtls(status);
+ return PSA_TO_MBEDTLS_ERR(status);
}
*key_len = PSA_BITS_TO_BYTES(key_bits);
@@ -1467,7 +1471,7 @@
status = psa_get_key_attributes(handshake->ecdh_psa_privkey,
&key_attributes);
if (status != PSA_SUCCESS) {
- ret = psa_ssl_status_to_mbedtls(status);
+ ret = PSA_TO_MBEDTLS_ERR(status);
}
shared_secret_len = PSA_BITS_TO_BYTES(
@@ -1482,14 +1486,14 @@
handshake->ecdh_psa_peerkey, handshake->ecdh_psa_peerkey_len,
shared_secret, shared_secret_len, &shared_secret_len);
if (status != PSA_SUCCESS) {
- ret = psa_ssl_status_to_mbedtls(status);
+ ret = PSA_TO_MBEDTLS_ERR(status);
MBEDTLS_SSL_DEBUG_RET(1, "psa_raw_key_agreement", ret);
goto cleanup;
}
status = psa_destroy_key(handshake->ecdh_psa_privkey);
if (status != PSA_SUCCESS) {
- ret = psa_ssl_status_to_mbedtls(status);
+ ret = PSA_TO_MBEDTLS_ERR(status);
MBEDTLS_SSL_DEBUG_RET(1, "psa_destroy_key", ret);
goto cleanup;
}
@@ -1826,7 +1830,7 @@
status = psa_get_key_attributes(ssl->handshake->psk_opaque, &key_attributes);
if (status != PSA_SUCCESS) {
- return psa_ssl_status_to_mbedtls(status);
+ return PSA_TO_MBEDTLS_ERR(status);
}
*psk_len = PSA_BITS_TO_BYTES(psa_get_key_bits(&key_attributes));
@@ -1840,7 +1844,7 @@
if (status != PSA_SUCCESS) {
mbedtls_free((void *) *psk);
*psk = NULL;
- return psa_ssl_status_to_mbedtls(status);
+ return PSA_TO_MBEDTLS_ERR(status);
}
return 0;
#else