From fe598fc6fc08e29abda407d688a5652a39ad2d4a Mon Sep 17 00:00:00 2001
From: David Garske <david@wolfssl.com>
Date: Tue, 23 Jul 2019 17:09:30 -0700
Subject: [PATCH] Improvements to the STSAFE-A100 error code handling.

---
 wolfcrypt/src/port/st/stsafe.c | 55 +++++++++++++++++++++++++++++++---
 1 file changed, 51 insertions(+), 4 deletions(-)

diff --git a/wolfcrypt/src/port/st/stsafe.c b/wolfcrypt/src/port/st/stsafe.c
index f3c684103..fe0f1ffad 100644
--- a/wolfcrypt/src/port/st/stsafe.c
+++ b/wolfcrypt/src/port/st/stsafe.c
@@ -44,7 +44,7 @@ int SSL_STSAFE_LoadDeviceCertificate(byte** pRawCertificate,
     /* Try reading device certificate from ST-SAFE Zone 0 */
     err = stsafe_interface_read_device_certificate_raw(
         pRawCertificate, (uint32_t*)pRawCertificateLen);
-    if (err == 0) {
+    if (err == STSAFE_A_OK) {
     #if 0
         /* example for loading into WOLFSSL_CTX */
         err = wolfSSL_CTX_use_certificate_buffer(ctx,
@@ -57,6 +57,9 @@ int SSL_STSAFE_LoadDeviceCertificate(byte** pRawCertificate,
         *pRawCertificate = NULL;
     #endif
     }
+    else {
+        err = WC_HW_E;
+    }
 
     return err;
 }
@@ -87,6 +90,10 @@ int SSL_STSAFE_CreateKeyCb(WOLFSSL* ssl, ecc_key* key, word32 keySz,
     /* generate new ephemeral key on device */
     err = stsafe_interface_create_key(&slot, curve_id, (uint8_t*)&pubKeyRaw[0]);
     if (err != 0) {
+    #ifdef USE_STSAFE_VERBOSE
+        STSAFE_INTERFACE_PRINTF("stsafe_interface_create_key error: %d\n", err);
+    #endif
+        err = WC_HW_E;
         return err;
     }
 
@@ -159,6 +166,12 @@ int SSL_STSAFE_VerifyPeerCertCb(WOLFSSL* ssl,
         /* Verify signature */
         err = stsafe_interface_verify(curve_id, (uint8_t*)hash, sigRS,
             pubKeyX, pubKeyY, (int32_t*)result);
+        if (err != STSAFE_A_OK) {
+        #ifdef USE_STSAFE_VERBOSE
+            STSAFE_INTERFACE_PRINTF("stsafe_interface_verify error: %d\n", err);
+        #endif
+            err = WC_HW_E;
+        }
     }
 
     wc_ecc_free(&key);
@@ -199,7 +212,11 @@ int SSL_STSAFE_SignCertificateCb(WOLFSSL* ssl, const byte* in,
     /* Sign will always use the curve type in slot 0 (the TLS curve needs to match) */
     XMEMSET(sigRS, 0, sizeof(sigRS));
     err = stsafe_interface_sign(STSAFE_A_SLOT_0, curve_id, digest, sigRS);
-    if (err != 0) {
+    if (err != STSAFE_A_OK) {
+    #ifdef USE_STSAFE_VERBOSE
+        STSAFE_INTERFACE_PRINTF("stsafe_interface_sign error: %d\n", err);
+    #endif
+        err = WC_HW_E;
         return err;
     }
 
@@ -208,7 +225,7 @@ int SSL_STSAFE_SignCertificateCb(WOLFSSL* ssl, const byte* in,
     s = &sigRS[key_sz];
     err = wc_ecc_rs_raw_to_sig((const byte*)r, key_sz, (const byte*)s, key_sz,
         out, outSz);
-    if (err !=0) {
+    if (err != 0) {
     #ifdef USE_STSAFE_VERBOSE
         WOLFSSL_MSG("Error converting RS to Signature");
     #endif
@@ -266,7 +283,11 @@ int SSL_STSAFE_SharedSecretCb(WOLFSSL* ssl, ecc_key* otherKey,
         }
 
         err = stsafe_interface_create_key(&slot, curve_id, (uint8_t*)&pubKeyRaw[0]);
-        if (err != 0) {
+        if (err != STSAFE_A_OK) {
+        #ifdef USE_STSAFE_VERBOSE
+            STSAFE_INTERFACE_PRINTF("stsafe_interface_create_key error: %d\n", err);
+        #endif
+            err = WC_HW_E;
             return err;
         }
 
@@ -303,6 +324,12 @@ int SSL_STSAFE_SharedSecretCb(WOLFSSL* ssl, ecc_key* otherKey,
     /* Compute shared secret */
     err = stsafe_interface_shared_secret(curve_id, &otherKeyX[0], &otherKeyY[0],
         out, (int32_t*)outlen);
+    if (err != STSAFE_A_OK) {
+    #ifdef USE_STSAFE_VERBOSE
+        STSAFE_INTERFACE_PRINTF("stsafe_interface_shared_secret error: %d\n", err);
+    #endif
+        err = WC_HW_E;
+    }
 
     return err;
 }
@@ -381,6 +408,10 @@ int wolfSSL_STSAFE_CryptoDevCb(int devId, wc_CryptoInfo* info, void* ctx)
             rc = stsafe_interface_create_key(&slot, curve_id,
                 (uint8_t*)pubKeyRaw);
             if (rc != 0) {
+            #ifdef USE_STSAFE_VERBOSE
+                STSAFE_INTERFACE_PRINTF("stsafe_interface_create_key error: %d\n", rc);
+            #endif
+                rc = WC_HW_E;
                 return rc;
             }
 
@@ -416,6 +447,10 @@ int wolfSSL_STSAFE_CryptoDevCb(int devId, wc_CryptoInfo* info, void* ctx)
             rc = stsafe_interface_sign(STSAFE_A_SLOT_0, curve_id,
                 (uint8_t*)info->pk.eccsign.in, sigRS);
             if (rc != 0) {
+            #ifdef USE_STSAFE_VERBOSE
+                STSAFE_INTERFACE_PRINTF("stsafe_interface_sign error: %d\n", rc);
+            #endif
+                rc = WC_HW_E;
                 return rc;
             }
 
@@ -468,6 +503,12 @@ int wolfSSL_STSAFE_CryptoDevCb(int devId, wc_CryptoInfo* info, void* ctx)
                 rc = stsafe_interface_verify(curve_id,
                     (uint8_t*)info->pk.eccverify.hash, sigRS, pubKeyX, pubKeyY,
                     (int32_t*)info->pk.eccverify.res);
+                if (rc != 0) {
+                #ifdef USE_STSAFE_VERBOSE
+                    STSAFE_INTERFACE_PRINTF("stsafe_interface_verify error: %d\n", rc);
+                #endif
+                    rc = WC_HW_E;
+                }
             }
         }
         else if (info->pk.type == WC_PK_TYPE_ECDH) {
@@ -497,6 +538,12 @@ int wolfSSL_STSAFE_CryptoDevCb(int devId, wc_CryptoInfo* info, void* ctx)
                 rc = stsafe_interface_shared_secret(curve_id,
                     otherKeyX, otherKeyY,
                     info->pk.ecdh.out, (int32_t*)info->pk.ecdh.outlen);
+                if (rc != 0) {
+                #ifdef USE_STSAFE_VERBOSE
+                    STSAFE_INTERFACE_PRINTF("stsafe_interface_shared_secret error: %d\n", rc);
+                #endif
+                    rc = WC_HW_E;
+                }
             }
         }
     }