[nrf fomlist] secure_storage: its: improve return codes

tomi-font · tomi-font · commit d7086f0a9630 · 2025-05-23T16:25:29.000+03:00
As the modified functions can return anything other than PSA_SUCCESS to
signal an error, make them return the exact error codes encountered so
that the ITS implementation layer logs them as errors.

Upstream PR #: 90395

Signed-off-by: Tomi Fontanilles &lt;tomi.fontanilles@nordicsemi.no&gt;
diff --git a/subsys/secure_storage/src/its/store/settings.c b/subsys/secure_storage/src/its/store/settings.c
@@ -120,7 +120,8 @@ psa_status_t secure_storage_its_store_remove(secure_storage_its_uid_t uid)
 	secure_storage_its_store_settings_get_name(uid, name);
 
 	ret = settings_delete(name);
-
 	LOG_DBG("%s %s. (%d)", ret ? "Failed to delete" : "Deleted", name, ret);
-	return ret ? PSA_ERROR_STORAGE_FAILURE : PSA_SUCCESS;
+
+	BUILD_ASSERT(PSA_SUCCESS == 0);
+	return ret;
 }
diff --git a/subsys/secure_storage/src/its/store/zms.c b/subsys/secure_storage/src/its/store/zms.c
@@ -117,6 +117,7 @@ psa_status_t secure_storage_its_store_remove(secure_storage_its_uid_t uid)
 
 	zms_ret = zms_delete(&s_zms, zms_id);
 	LOG_DBG("%s 0x%x. (%d)", zms_ret ? "Failed to delete" : "Deleted", zms_id, zms_ret);
+
 	BUILD_ASSERT(PSA_SUCCESS == 0);
 	return zms_ret;
 }
diff --git a/subsys/secure_storage/src/its/transform/aead.c b/subsys/secure_storage/src/its/transform/aead.c
@@ -31,7 +31,7 @@ static psa_status_t psa_aead_crypt(psa_key_usage_t operation, secure_storage_its
 	psa_set_key_lifetime(&key_attributes, PSA_KEY_LIFETIME_VOLATILE);
 	psa_set_key_type(&key_attributes, key_type);
 	psa_set_key_algorithm(&key_attributes, alg);
-	psa_set_key_bits(&key_attributes, sizeof(key) * 8);
+	psa_set_key_bits(&key_attributes, PSA_BYTES_TO_BITS(sizeof(key)));
 
 	/* Avoid calling psa_aead_*crypt() because that would require importing keys into
 	 * PSA Crypto. This gets called from PSA Crypto for storing persistent keys so,
@@ -113,7 +113,7 @@ psa_status_t secure_storage_its_transform_from_store(
 		psa_storage_create_flags_t *create_flags)
 {
 	if (stored_data_len < STORED_ENTRY_LEN(0)) {
-		return PSA_ERROR_STORAGE_FAILURE;
+		return PSA_ERROR_DATA_CORRUPT;
 	}
 
 	psa_status_t ret;
diff --git a/subsys/secure_storage/src/its/transform/aead_get.c b/subsys/secure_storage/src/its/transform/aead_get.c
@@ -75,7 +75,10 @@ psa_status_t secure_storage_its_transform_aead_get_key(
 	if (hwinfo_ret != 0) {
 		hwinfo_ret = hwinfo_get_device_id(data.device_id, sizeof(data.device_id));
 		if (hwinfo_ret <= 0) {
-			return PSA_ERROR_HARDWARE_FAILURE;
+			if (hwinfo_ret == PSA_SUCCESS) {
+				hwinfo_ret ^= 1;
+			}
+			return hwinfo_ret;
 		}
 		if (hwinfo_ret < sizeof(data.device_id)) {
 			memset(data.device_id + hwinfo_ret, 0, sizeof(data.device_id) - hwinfo_ret);

Original file line number	Diff line number	Diff line change
`@@ -117,6 +117,7 @@ psa_status_t secure_storage_its_store_remove(secure_storage_its_uid_t uid)`
`117`	`117`
`118`	`118`	`zms_ret = zms_delete(&s_zms, zms_id);`
`119`	`119`	`LOG_DBG("%s 0x%x. (%d)", zms_ret ? "Failed to delete" : "Deleted", zms_id, zms_ret);`
	`120`	`+`
`120`	`121`	`BUILD_ASSERT(PSA_SUCCESS == 0);`
`121`	`122`	`return zms_ret;`
`122`	`123`	`}`