pal: secure key error check

tbd Signed-off-by: Krzysztof Taborowski <[email protected]>
nrfconnect · Aug 1, 2024 · 5188646 · 5188646
1 parent 2089ffc
commit 5188646
Show file tree

Hide file tree

Showing 2 changed files with 19 additions and 3 deletions.
diff --git a/subsys/sal/sid_pal/src/sid_crypto.c b/subsys/sal/sid_pal/src/sid_crypto.c
@@ -156,7 +156,7 @@ static psa_status_t prepare_key(const uint8_t *key, size_t key_length, size_t ke
 
 #ifdef CONFIG_SIDEWALK_CRYPTO_PSA_KEY_STORAGE
 	int err = sid_crypto_keys_buffer_get(key_handle, (uint8_t *)key, key_length);
-	if (!err && key_handle != PSA_KEY_ID_NULL) {
+	if (!err && SID_CRYPTO_KEYS_ID_IS_SIDEWALK_KEY(*key_handle)) {
 		return PSA_SUCCESS;
 	}
 #endif /* CONFIG_SIDEWALK_CRYPTO_PSA_KEY_STORAGE */
@@ -378,7 +378,8 @@ sid_error_t sid_pal_crypto_init(void)
 #ifdef CONFIG_SIDEWALK_CRYPTO_PSA_KEY_STORAGE
 	int err = sid_crypto_keys_init();
 	if (err) {
-		LOG_WRN("Keys init failed! (err: %d)", err);
+		LOG_ERR("Keys init failed! (err: %d)", err);
+		return SID_ERROR_NOT_FOUND;
 	}
 #endif /* CONFIG_SIDEWALK_CRYPTO_PSA_KEY_STORAGE */
 	psa_status_t status = psa_crypto_init();
@@ -398,7 +399,8 @@ sid_error_t sid_pal_crypto_deinit(void)
 #ifdef CONFIG_SIDEWALK_CRYPTO_PSA_KEY_STORAGE
 	int err = sid_crypto_keys_deinit();
 	if (err) {
-		LOG_WRN("Keys deinit failed! (err: %d)", err);
+		LOG_ERR("Keys deinit failed! (err: %d)", err);
+		return SID_ERROR_NOT_FOUND;
 	}
 #endif /* CONFIG_SIDEWALK_CRYPTO_PSA_KEY_STORAGE */
 

diff --git a/subsys/sal/sid_pal/src/sid_storage.c b/subsys/sal/sid_pal/src/sid_storage.c
@@ -78,6 +78,7 @@ sid_error_t sid_pal_storage_kv_record_get(uint16_t group, uint16_t key, void *p_
 		int err = sid_crypto_keys_buffer_set(key_id, (uint8_t *)p_data, len);
 		if (err) {
 			LOG_ERR("Failed to read secure key id %d", key_id);
+			return SID_ERROR_STORAGE_READ_FAIL;
 		} else {
 			return SID_ERROR_NONE;
 		}
@@ -123,6 +124,7 @@ sid_error_t sid_pal_storage_kv_record_set(uint16_t group, uint16_t key, void con
 		int err = sid_crypto_keys_new_import(key_id, (uint8_t *)p_data, len);
 		if (err) {
 			LOG_ERR("Failed to write secure key id %d", key_id);
+			return SID_ERROR_STORAGE_WRITE_FAIL;
 		} else {
 			return SID_ERROR_NONE;
 		}
@@ -154,6 +156,7 @@ sid_error_t sid_pal_storage_kv_record_delete(uint16_t group, uint16_t key)
 		int err = sid_crypto_keys_delete(key_id);
 		if (err) {
 			LOG_ERR("Failed to delete secure key id %d", key_id);
+			return SID_ERROR_STORAGE_ERASE_FAIL;
 		} else {
 			return SID_ERROR_NONE;
 		}
@@ -187,19 +190,23 @@ int delete_subtree_cb(const char *key, size_t len, settings_read_cb read_cb, voi
 sid_error_t sid_pal_storage_kv_group_delete(uint16_t group)
 {
 #ifdef CONFIG_SIDEWALK_CRYPTO_PSA_KEY_STORAGE
+	bool key_delete_fail = false;
 	if (STORAGE_KV_INTERNAL_PROTOCOL_GROUP_ID == group) {
 		int err = sid_crypto_keys_delete(SID_CRYPTO_KV_WAN_MASTER_KEY_ID);
 		if (err) {
 			LOG_ERR("Failed to delete secure key id %d",
 				SID_CRYPTO_KV_WAN_MASTER_KEY_ID);
+			key_delete_fail = true;
 		}
 		err = sid_crypto_keys_delete(SID_CRYPTO_KV_APP_KEY_KEY_ID);
 		if (err) {
 			LOG_ERR("Failed to delete secure key id %d", SID_CRYPTO_KV_APP_KEY_KEY_ID);
+			key_delete_fail = true;
 		}
 		err = sid_crypto_keys_delete(SID_CRYPTO_KV_D2D_KEY_ID);
 		if (err) {
 			LOG_ERR("Failed to delete secure key id %d", SID_CRYPTO_KV_D2D_KEY_ID);
+			key_delete_fail = true;
 		}
 	}
 #endif /* CONFIG_SIDEWALK_CRYPTO_PSA_KEY_STORAGE */
@@ -216,5 +223,12 @@ sid_error_t sid_pal_storage_kv_group_delete(uint16_t group)
 		LOG_ERR("Failed to commit changes. Returned errno %d", rc);
 		return SID_ERROR_GENERIC;
 	}
+
+#ifdef CONFIG_SIDEWALK_CRYPTO_PSA_KEY_STORAGE
+	if (key_delete_fail) {
+		return SID_ERROR_STORAGE_ERASE_FAIL;
+	}
+#endif /* CONFIG_SIDEWALK_CRYPTO_PSA_KEY_STORAGE */
+
 	return SID_ERROR_NONE;
 }