Improvements to the STSAFE-A100 error code handling.

2025-07-31 03:07:29 +02:00 · 2019-07-23 17:09:30 -07:00
parent 2cd64c748a
commit fe598fc6fc
1 changed files with 51 additions and 4 deletions
--- a/wolfcrypt/src/port/st/stsafe.c
+++ b/wolfcrypt/src/port/st/stsafe.c
@ -44,7 +44,7 @@ int SSL_STSAFE_LoadDeviceCertificate(byte** pRawCertificate,
    /* Try reading device certificate from ST-SAFE Zone 0 */
    err = stsafe_interface_read_device_certificate_raw(
        pRawCertificate, (uint32_t*)pRawCertificateLen);
-    if (err == 0) {
+    if (err == STSAFE_A_OK) {
    #if 0
        /* example for loading into WOLFSSL_CTX */
        err = wolfSSL_CTX_use_certificate_buffer(ctx,
@ -57,6 +57,9 @@ int SSL_STSAFE_LoadDeviceCertificate(byte** pRawCertificate,
        *pRawCertificate = NULL;
    #endif
    }
+    else {
+        err = WC_HW_E;
+    }

    return err;
 }
@ -87,6 +90,10 @@ int SSL_STSAFE_CreateKeyCb(WOLFSSL* ssl, ecc_key* key, word32 keySz,
    /* generate new ephemeral key on device */
    err = stsafe_interface_create_key(&slot, curve_id, (uint8_t*)&pubKeyRaw[0]);
    if (err != 0) {
+    #ifdef USE_STSAFE_VERBOSE
+        STSAFE_INTERFACE_PRINTF("stsafe_interface_create_key error: %d\n", err);
+    #endif
+        err = WC_HW_E;
        return err;
    }

@ -159,6 +166,12 @@ int SSL_STSAFE_VerifyPeerCertCb(WOLFSSL* ssl,
        /* Verify signature */
        err = stsafe_interface_verify(curve_id, (uint8_t*)hash, sigRS,
            pubKeyX, pubKeyY, (int32_t*)result);
+        if (err != STSAFE_A_OK) {
+        #ifdef USE_STSAFE_VERBOSE
+            STSAFE_INTERFACE_PRINTF("stsafe_interface_verify error: %d\n", err);
+        #endif
+            err = WC_HW_E;
+        }
    }

    wc_ecc_free(&key);
@ -199,7 +212,11 @@ int SSL_STSAFE_SignCertificateCb(WOLFSSL* ssl, const byte* in,
    /* Sign will always use the curve type in slot 0 (the TLS curve needs to match) */
    XMEMSET(sigRS, 0, sizeof(sigRS));
    err = stsafe_interface_sign(STSAFE_A_SLOT_0, curve_id, digest, sigRS);
-    if (err != 0) {
+    if (err != STSAFE_A_OK) {
+    #ifdef USE_STSAFE_VERBOSE
+        STSAFE_INTERFACE_PRINTF("stsafe_interface_sign error: %d\n", err);
+    #endif
+        err = WC_HW_E;
        return err;
    }

@ -208,7 +225,7 @@ int SSL_STSAFE_SignCertificateCb(WOLFSSL* ssl, const byte* in,
    s = &sigRS[key_sz];
    err = wc_ecc_rs_raw_to_sig((const byte*)r, key_sz, (const byte*)s, key_sz,
        out, outSz);
-    if (err !=0) {
+    if (err != 0) {
    #ifdef USE_STSAFE_VERBOSE
        WOLFSSL_MSG("Error converting RS to Signature");
    #endif
@ -266,7 +283,11 @@ int SSL_STSAFE_SharedSecretCb(WOLFSSL* ssl, ecc_key* otherKey,
        }

        err = stsafe_interface_create_key(&slot, curve_id, (uint8_t*)&pubKeyRaw[0]);
-        if (err != 0) {
+        if (err != STSAFE_A_OK) {
+        #ifdef USE_STSAFE_VERBOSE
+            STSAFE_INTERFACE_PRINTF("stsafe_interface_create_key error: %d\n", err);
+        #endif
+            err = WC_HW_E;
            return err;
        }

@ -303,6 +324,12 @@ int SSL_STSAFE_SharedSecretCb(WOLFSSL* ssl, ecc_key* otherKey,
    /* Compute shared secret */
    err = stsafe_interface_shared_secret(curve_id, &otherKeyX[0], &otherKeyY[0],
        out, (int32_t*)outlen);
+    if (err != STSAFE_A_OK) {
+    #ifdef USE_STSAFE_VERBOSE
+        STSAFE_INTERFACE_PRINTF("stsafe_interface_shared_secret error: %d\n", err);
+    #endif
+        err = WC_HW_E;
+    }

    return err;
 }
@ -381,6 +408,10 @@ int wolfSSL_STSAFE_CryptoDevCb(int devId, wc_CryptoInfo* info, void* ctx)
            rc = stsafe_interface_create_key(&slot, curve_id,
                (uint8_t*)pubKeyRaw);
            if (rc != 0) {
+            #ifdef USE_STSAFE_VERBOSE
+                STSAFE_INTERFACE_PRINTF("stsafe_interface_create_key error: %d\n", rc);
+            #endif
+                rc = WC_HW_E;
                return rc;
            }

@ -416,6 +447,10 @@ int wolfSSL_STSAFE_CryptoDevCb(int devId, wc_CryptoInfo* info, void* ctx)
            rc = stsafe_interface_sign(STSAFE_A_SLOT_0, curve_id,
                (uint8_t*)info->pk.eccsign.in, sigRS);
            if (rc != 0) {
+            #ifdef USE_STSAFE_VERBOSE
+                STSAFE_INTERFACE_PRINTF("stsafe_interface_sign error: %d\n", rc);
+            #endif
+                rc = WC_HW_E;
                return rc;
            }

@ -468,6 +503,12 @@ int wolfSSL_STSAFE_CryptoDevCb(int devId, wc_CryptoInfo* info, void* ctx)
                rc = stsafe_interface_verify(curve_id,
                    (uint8_t*)info->pk.eccverify.hash, sigRS, pubKeyX, pubKeyY,
                    (int32_t*)info->pk.eccverify.res);
+                if (rc != 0) {
+                #ifdef USE_STSAFE_VERBOSE
+                    STSAFE_INTERFACE_PRINTF("stsafe_interface_verify error: %d\n", rc);
+                #endif
+                    rc = WC_HW_E;
+                }
            }
        }
        else if (info->pk.type == WC_PK_TYPE_ECDH) {
@ -497,6 +538,12 @@ int wolfSSL_STSAFE_CryptoDevCb(int devId, wc_CryptoInfo* info, void* ctx)
                rc = stsafe_interface_shared_secret(curve_id,
                    otherKeyX, otherKeyY,
                    info->pk.ecdh.out, (int32_t*)info->pk.ecdh.outlen);
+                if (rc != 0) {
+                #ifdef USE_STSAFE_VERBOSE
+                    STSAFE_INTERFACE_PRINTF("stsafe_interface_shared_secret error: %d\n", rc);
+                #endif
+                    rc = WC_HW_E;
+                }
            }
        }
    }