Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[crypto] Log PSA crypto error codes in more places #33403

Merged
merged 1 commit into from
May 10, 2024
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
35 changes: 20 additions & 15 deletions src/crypto/CHIPCryptoPALPSA.cpp
Original file line number Diff line number Diff line change
Expand Up @@ -48,14 +48,6 @@ namespace Crypto {

namespace {

void logPsaError(psa_status_t status)
{
if (status != 0)
{
ChipLogError(Crypto, "PSA error: %d", static_cast<int>(status));
}
}

bool isBufferNonEmpty(const uint8_t * data, size_t data_length)
{
return data != nullptr && data_length > 0;
Expand Down Expand Up @@ -281,6 +273,7 @@ CHIP_ERROR PsaKdf::Init(const ByteSpan & secret, const ByteSpan & salt, const By
psa_set_key_usage_flags(&attrs, PSA_KEY_USAGE_DERIVE);

status = psa_import_key(&attrs, secret.data(), secret.size(), &mSecretKeyId);
LogPsaError(status);
psa_reset_key_attributes(&attrs);
VerifyOrReturnError(status == PSA_SUCCESS, CHIP_ERROR_INTERNAL);

Expand Down Expand Up @@ -312,9 +305,18 @@ CHIP_ERROR PsaKdf::InitOperation(psa_key_id_t hkdfKey, const ByteSpan & salt, co
return CHIP_NO_ERROR;
}

void LogPsaError(psa_status_t status)
{
if (status != PSA_SUCCESS)
{
ChipLogError(Crypto, "PSA error: %d", static_cast<int>(status));
}
}

CHIP_ERROR PsaKdf::DeriveBytes(const MutableByteSpan & output)
{
psa_status_t status = psa_key_derivation_output_bytes(&mOperation, output.data(), output.size());
LogPsaError(status);
VerifyOrReturnError(status == PSA_SUCCESS, CHIP_ERROR_INTERNAL);

return CHIP_NO_ERROR;
Expand All @@ -323,6 +325,7 @@ CHIP_ERROR PsaKdf::DeriveBytes(const MutableByteSpan & output)
CHIP_ERROR PsaKdf::DeriveKey(const psa_key_attributes_t & attributes, psa_key_id_t & keyId)
{
psa_status_t status = psa_key_derivation_output_key(&attributes, &mOperation, &keyId);
LogPsaError(status);
VerifyOrReturnError(status == PSA_SUCCESS, CHIP_ERROR_INTERNAL);

return CHIP_NO_ERROR;
Expand Down Expand Up @@ -367,6 +370,7 @@ CHIP_ERROR HMAC_sha::HMAC_SHA256(const uint8_t * key, size_t key_length, const u
VerifyOrExit(status == PSA_SUCCESS, error = CHIP_ERROR_INTERNAL);

exit:
LogPsaError(status);
psa_destroy_key(keyId);
psa_reset_key_attributes(&attrs);

Expand Down Expand Up @@ -476,6 +480,7 @@ CHIP_ERROR PBKDF2_sha256::pbkdf2_sha256(const uint8_t * pass, size_t pass_length
}

exit:
LogPsaError(status);
psa_destroy_key(keyId);
psa_reset_key_attributes(&attrs);

Expand Down Expand Up @@ -519,7 +524,7 @@ CHIP_ERROR P256Keypair::ECDSA_sign_msg(const uint8_t * msg, const size_t msg_len
error = out_signature.SetLength(outputLen);

exit:
logPsaError(status);
LogPsaError(status);
return error;
}

Expand All @@ -544,7 +549,7 @@ CHIP_ERROR P256PublicKey::ECDSA_validate_msg_signature(const uint8_t * msg, cons
VerifyOrExit(status == PSA_SUCCESS, error = CHIP_ERROR_INVALID_SIGNATURE);

exit:
logPsaError(status);
LogPsaError(status);
psa_destroy_key(keyId);
psa_reset_key_attributes(&attributes);

Expand Down Expand Up @@ -573,7 +578,7 @@ CHIP_ERROR P256PublicKey::ECDSA_validate_hash_signature(const uint8_t * hash, co
VerifyOrExit(status == PSA_SUCCESS, error = CHIP_ERROR_INVALID_SIGNATURE);

exit:
logPsaError(status);
LogPsaError(status);
psa_destroy_key(keyId);
psa_reset_key_attributes(&attributes);

Expand All @@ -596,7 +601,7 @@ CHIP_ERROR P256Keypair::ECDH_derive_secret(const P256PublicKey & remote_public_k
SuccessOrExit(error = out_secret.SetLength(outputLength));

exit:
logPsaError(status);
LogPsaError(status);

return error;
}
Expand Down Expand Up @@ -671,7 +676,7 @@ CHIP_ERROR P256Keypair::Initialize(ECPKeyTarget key_target)
mInitialized = true;

exit:
logPsaError(status);
LogPsaError(status);
psa_reset_key_attributes(&attributes);

return error;
Expand All @@ -697,7 +702,7 @@ CHIP_ERROR P256Keypair::Serialize(P256SerializedKeypair & output) const
error = output.SetLength(bbuf.Needed());

exit:
logPsaError(status);
LogPsaError(status);

return error;
}
Expand Down Expand Up @@ -728,7 +733,7 @@ CHIP_ERROR P256Keypair::Deserialize(P256SerializedKeypair & input)
mInitialized = true;

exit:
logPsaError(status);
LogPsaError(status);

return error;
}
Expand Down
5 changes: 5 additions & 0 deletions src/crypto/CHIPCryptoPALPSA.h
Original file line number Diff line number Diff line change
Expand Up @@ -150,5 +150,10 @@ class PsaKdf
psa_key_derivation_operation_t mOperation = PSA_KEY_DERIVATION_OPERATION_INIT;
};

/**
* @brief Log PSA status code if it indicates an error.
*/
void LogPsaError(psa_status_t status);

} // namespace Crypto
} // namespace chip
1 change: 1 addition & 0 deletions src/crypto/PSAOperationalKeystore.cpp
Original file line number Diff line number Diff line change
Expand Up @@ -160,6 +160,7 @@ CHIP_ERROR PSAOperationalKeystore::PersistentP256Keypair::Deserialize(P256Serial
memcpy(mPublicKey.Bytes(), input.ConstBytes(), mPublicKey.Length());

exit:
LogPsaError(status);
psa_reset_key_attributes(&attributes);

return error;
Expand Down
5 changes: 3 additions & 2 deletions src/crypto/PSASessionKeystore.cpp
Original file line number Diff line number Diff line change
Expand Up @@ -92,6 +92,7 @@ CHIP_ERROR PSASessionKeystore::CreateKey(const Symmetric128BitsKeyByteArray & ke
AesKeyAttributes attrs;
psa_status_t status =
psa_import_key(&attrs.Get(), keyMaterial, sizeof(Symmetric128BitsKeyByteArray), &key.AsMutable<psa_key_id_t>());
LogPsaError(status);
VerifyOrReturnError(status == PSA_SUCCESS, CHIP_ERROR_INTERNAL);

return CHIP_NO_ERROR;
Expand All @@ -105,7 +106,7 @@ CHIP_ERROR PSASessionKeystore::CreateKey(const Symmetric128BitsKeyByteArray & ke
HmacKeyAttributes attrs;
psa_status_t status =
psa_import_key(&attrs.Get(), keyMaterial, sizeof(Symmetric128BitsKeyByteArray), &key.AsMutable<psa_key_id_t>());

LogPsaError(status);
VerifyOrReturnError(status == PSA_SUCCESS, CHIP_ERROR_INTERNAL);

return CHIP_NO_ERROR;
Expand All @@ -118,7 +119,7 @@ CHIP_ERROR PSASessionKeystore::CreateKey(const ByteSpan & keyMaterial, HkdfKeyHa

HkdfKeyAttributes attrs;
psa_status_t status = psa_import_key(&attrs.Get(), keyMaterial.data(), keyMaterial.size(), &key.AsMutable<psa_key_id_t>());

LogPsaError(status);
VerifyOrReturnError(status == PSA_SUCCESS, CHIP_ERROR_INTERNAL);

return CHIP_NO_ERROR;
Expand Down
Loading