Skip to content

Commit a195e73

Browse files
sean-madiganrlubos
sean-madigan
authored and
rlubos
committed
[nrf fromtree] bluetooth: host: Add PSA returns to debug prints
Recently I have had to debug issues with PSA and having the returns values from PSA is very useful in order to find the root cause of the issue. Signed-off-by: Sean Madigan <[email protected]> (cherry picked from commit 8cff70a)
1 parent eb1ae9f commit a195e73

File tree

3 files changed

+58
-40
lines changed

3 files changed

+58
-40
lines changed

subsys/bluetooth/host/crypto_psa.c

Lines changed: 18 additions & 12 deletions
Original file line numberDiff line numberDiff line change
@@ -29,8 +29,10 @@ LOG_MODULE_REGISTER(bt_host_crypto);
2929

3030
int prng_init(void)
3131
{
32-
if (psa_crypto_init() != PSA_SUCCESS) {
33-
LOG_ERR("psa_crypto_init() failed");
32+
psa_status_t status = psa_crypto_init();
33+
34+
if (status != PSA_SUCCESS) {
35+
LOG_ERR("psa_crypto_init() failed %d", status);
3436
return -EIO;
3537
}
3638
return 0;
@@ -39,11 +41,13 @@ int prng_init(void)
3941
#if defined(CONFIG_BT_HOST_CRYPTO_PRNG)
4042
int bt_rand(void *buf, size_t len)
4143
{
42-
if (psa_generate_random(buf, len) == PSA_SUCCESS) {
44+
psa_status_t status = psa_generate_random(buf, len);
45+
46+
if (status == PSA_SUCCESS) {
4347
return 0;
4448
}
4549

46-
LOG_ERR("psa_generate_random() failed");
50+
LOG_ERR("psa_generate_random() failed %d", status);
4751
return -EIO;
4852
}
4953
#else /* !CONFIG_BT_HOST_CRYPTO_PRNG */
@@ -79,8 +83,9 @@ int bt_encrypt_le(const uint8_t key[16], const uint8_t plaintext[16],
7983
psa_set_key_bits(&attr, 128);
8084
psa_set_key_usage_flags(&attr, PSA_KEY_USAGE_ENCRYPT);
8185
psa_set_key_algorithm(&attr, PSA_ALG_ECB_NO_PADDING);
82-
if (psa_import_key(&attr, tmp, 16, &key_id) != PSA_SUCCESS) {
83-
LOG_ERR("Failed to import AES key");
86+
status = psa_import_key(&attr, tmp, 16, &key_id);
87+
if (status != PSA_SUCCESS) {
88+
LOG_ERR("Failed to import AES key %d", status);
8489
return -EINVAL;
8590
}
8691

@@ -89,12 +94,12 @@ int bt_encrypt_le(const uint8_t key[16], const uint8_t plaintext[16],
8994
status = psa_cipher_encrypt(key_id, PSA_ALG_ECB_NO_PADDING, tmp, 16,
9095
enc_data, 16, &out_len);
9196
if (status != PSA_SUCCESS) {
92-
LOG_ERR("AES encryption failed");
97+
LOG_ERR("AES encryption failed %d", status);
9398
}
9499

95100
destroy_status = psa_destroy_key(key_id);
96101
if (destroy_status != PSA_SUCCESS) {
97-
LOG_ERR("Failed to destroy AES key");
102+
LOG_ERR("Failed to destroy AES key %d", destroy_status);
98103
}
99104

100105
if ((status != PSA_SUCCESS) || (destroy_status != PSA_SUCCESS)) {
@@ -127,20 +132,21 @@ int bt_encrypt_be(const uint8_t key[16], const uint8_t plaintext[16],
127132
psa_set_key_bits(&attr, 128);
128133
psa_set_key_usage_flags(&attr, PSA_KEY_USAGE_ENCRYPT);
129134
psa_set_key_algorithm(&attr, PSA_ALG_ECB_NO_PADDING);
130-
if (psa_import_key(&attr, key, 16, &key_id) != PSA_SUCCESS) {
131-
LOG_ERR("Failed to import AES key");
135+
status = psa_import_key(&attr, key, 16, &key_id);
136+
if (status != PSA_SUCCESS) {
137+
LOG_ERR("Failed to import AES key %d", status);
132138
return -EINVAL;
133139
}
134140

135141
status = psa_cipher_encrypt(key_id, PSA_ALG_ECB_NO_PADDING,
136142
plaintext, 16, enc_data, 16, &out_len);
137143
if (status != PSA_SUCCESS) {
138-
LOG_ERR("AES encryption failed");
144+
LOG_ERR("AES encryption failed %d", status);
139145
}
140146

141147
destroy_status = psa_destroy_key(key_id);
142148
if (destroy_status != PSA_SUCCESS) {
143-
LOG_ERR("Failed to destroy AES key");
149+
LOG_ERR("Failed to destroy AES key %d", destroy_status);
144150
}
145151

146152
if ((status != PSA_SUCCESS) || (destroy_status != PSA_SUCCESS)) {

subsys/bluetooth/host/ecc.c

Lines changed: 25 additions & 18 deletions
Original file line numberDiff line numberDiff line change
@@ -101,6 +101,7 @@ bool bt_pub_key_is_valid(const uint8_t key[BT_PUB_KEY_LEN])
101101
return true;
102102
}
103103

104+
LOG_ERR("psa_import_key() returned status %d", ret);
104105
return false;
105106
}
106107

@@ -120,18 +121,20 @@ static void generate_pub_key(struct k_work *work)
120121
uint8_t tmp_pub_key_buf[BT_PUB_KEY_LEN + 1];
121122
size_t tmp_len;
122123
int err;
124+
psa_status_t ret;
123125

124126
set_key_attributes(&attr);
125127

126-
if (psa_generate_key(&attr, &key_id) != PSA_SUCCESS) {
127-
LOG_ERR("Failed to generate ECC key");
128+
ret = psa_generate_key(&attr, &key_id);
129+
if (ret != PSA_SUCCESS) {
130+
LOG_ERR("Failed to generate ECC key %d", ret);
128131
err = BT_HCI_ERR_UNSPECIFIED;
129132
goto done;
130133
}
131134

132-
if (psa_export_public_key(key_id, tmp_pub_key_buf, sizeof(tmp_pub_key_buf),
133-
&tmp_len) != PSA_SUCCESS) {
134-
LOG_ERR("Failed to export ECC public key");
135+
ret = psa_export_public_key(key_id, tmp_pub_key_buf, sizeof(tmp_pub_key_buf), &tmp_len);
136+
if (ret != PSA_SUCCESS) {
137+
LOG_ERR("Failed to export ECC public key %d", ret);
135138
err = BT_HCI_ERR_UNSPECIFIED;
136139
goto done;
137140
}
@@ -141,15 +144,16 @@ static void generate_pub_key(struct k_work *work)
141144
*/
142145
memcpy(ecc.public_key_be, &tmp_pub_key_buf[1], BT_PUB_KEY_LEN);
143146

144-
if (psa_export_key(key_id, ecc.private_key_be, BT_PRIV_KEY_LEN,
145-
&tmp_len) != PSA_SUCCESS) {
146-
LOG_ERR("Failed to export ECC private key");
147+
ret = psa_export_key(key_id, ecc.private_key_be, BT_PRIV_KEY_LEN, &tmp_len);
148+
if (ret != PSA_SUCCESS) {
149+
LOG_ERR("Failed to export ECC private key %d", ret);
147150
err = BT_HCI_ERR_UNSPECIFIED;
148151
goto done;
149152
}
150153

151-
if (psa_destroy_key(key_id) != PSA_SUCCESS) {
152-
LOG_ERR("Failed to destroy ECC key ID");
154+
ret = psa_destroy_key(key_id);
155+
if (ret != PSA_SUCCESS) {
156+
LOG_ERR("Failed to destroy ECC key ID %d", ret);
153157
err = BT_HCI_ERR_UNSPECIFIED;
154158
goto done;
155159
}
@@ -184,6 +188,7 @@ static void generate_dh_key(struct k_work *work)
184188

185189
psa_key_attributes_t attr = PSA_KEY_ATTRIBUTES_INIT;
186190
psa_key_id_t key_id;
191+
psa_status_t ret;
187192
/* PSA expects secp256r1 public key to start with a predefined 0x04 byte
188193
* at the beginning the buffer.
189194
*/
@@ -195,23 +200,25 @@ static void generate_dh_key(struct k_work *work)
195200
const uint8_t *priv_key = (IS_ENABLED(CONFIG_BT_USE_DEBUG_KEYS) ?
196201
debug_private_key_be :
197202
ecc.private_key_be);
198-
if (psa_import_key(&attr, priv_key, BT_PRIV_KEY_LEN, &key_id) != PSA_SUCCESS) {
203+
ret = psa_import_key(&attr, priv_key, BT_PRIV_KEY_LEN, &key_id);
204+
if (ret != PSA_SUCCESS) {
199205
err = -EIO;
200-
LOG_ERR("Failed to import the private key for key agreement");
206+
LOG_ERR("Failed to import the private key for key agreement %d", ret);
201207
goto exit;
202208
}
203209

204210
memcpy(&tmp_pub_key_buf[1], ecc.public_key_be, BT_PUB_KEY_LEN);
205-
if (psa_raw_key_agreement(PSA_ALG_ECDH, key_id, tmp_pub_key_buf,
206-
sizeof(tmp_pub_key_buf), ecc.dhkey_be, BT_DH_KEY_LEN,
207-
&tmp_len) != PSA_SUCCESS) {
211+
ret = psa_raw_key_agreement(PSA_ALG_ECDH, key_id, tmp_pub_key_buf, sizeof(tmp_pub_key_buf),
212+
ecc.dhkey_be, BT_DH_KEY_LEN, &tmp_len);
213+
if (ret != PSA_SUCCESS) {
208214
err = -EIO;
209-
LOG_ERR("Raw key agreement failed");
215+
LOG_ERR("Raw key agreement failed %d", ret);
210216
goto exit;
211217
}
212218

213-
if (psa_destroy_key(key_id) != PSA_SUCCESS) {
214-
LOG_ERR("Failed to destroy the key");
219+
ret = psa_destroy_key(key_id);
220+
if (ret != PSA_SUCCESS) {
221+
LOG_ERR("Failed to destroy the key %d", ret);
215222
err = -EIO;
216223
}
217224

subsys/bluetooth/host/gatt.c

Lines changed: 15 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -703,29 +703,34 @@ struct gen_hash_state {
703703
static int db_hash_setup(struct gen_hash_state *state, uint8_t *key)
704704
{
705705
psa_key_attributes_t key_attr = PSA_KEY_ATTRIBUTES_INIT;
706+
psa_status_t ret;
706707

707708
psa_set_key_type(&key_attr, PSA_KEY_TYPE_AES);
708709
psa_set_key_bits(&key_attr, 128);
709710
psa_set_key_usage_flags(&key_attr, PSA_KEY_USAGE_SIGN_MESSAGE);
710711
psa_set_key_algorithm(&key_attr, PSA_ALG_CMAC);
711712

712-
if (psa_import_key(&key_attr, key, 16, &(state->key)) != PSA_SUCCESS) {
713-
LOG_ERR("Unable to import the key for AES CMAC");
713+
ret = psa_import_key(&key_attr, key, 16, &(state->key));
714+
if (ret != PSA_SUCCESS) {
715+
LOG_ERR("Unable to import the key for AES CMAC %d", ret);
714716
return -EIO;
715717
}
716718
state->operation = psa_mac_operation_init();
717-
if (psa_mac_sign_setup(&(state->operation), state->key,
718-
PSA_ALG_CMAC) != PSA_SUCCESS) {
719-
LOG_ERR("CMAC operation init failed");
719+
720+
ret = psa_mac_sign_setup(&(state->operation), state->key, PSA_ALG_CMAC);
721+
if (ret != PSA_SUCCESS) {
722+
LOG_ERR("CMAC operation init failed %d", ret);
720723
return -EIO;
721724
}
722725
return 0;
723726
}
724727

725728
static int db_hash_update(struct gen_hash_state *state, uint8_t *data, size_t len)
726729
{
727-
if (psa_mac_update(&(state->operation), data, len) != PSA_SUCCESS) {
728-
LOG_ERR("CMAC update failed");
730+
psa_status_t ret = psa_mac_update(&(state->operation), data, len);
731+
732+
if (ret != PSA_SUCCESS) {
733+
LOG_ERR("CMAC update failed %d", ret);
729734
return -EIO;
730735
}
731736
return 0;
@@ -734,10 +739,10 @@ static int db_hash_update(struct gen_hash_state *state, uint8_t *data, size_t le
734739
static int db_hash_finish(struct gen_hash_state *state)
735740
{
736741
size_t mac_length;
742+
psa_status_t ret = psa_mac_sign_finish(&(state->operation), db_hash.hash, 16, &mac_length);
737743

738-
if (psa_mac_sign_finish(&(state->operation), db_hash.hash, 16,
739-
&mac_length) != PSA_SUCCESS) {
740-
LOG_ERR("CMAC finish failed");
744+
if (ret != PSA_SUCCESS) {
745+
LOG_ERR("CMAC finish failed %d", ret);
741746
return -EIO;
742747
}
743748
return 0;

0 commit comments

Comments
 (0)