Skip to content

Commit 8cff70a

Browse files
sean-madiganfabiobaltieri
sean-madigan
authored and
fabiobaltieri
committed
bluetooth: host: Add PSA returns to debug prints
Recently I have had to debug issues with PSA and having the returns values from PSA is very useful in order to find the root cause of the issue. Signed-off-by: Sean Madigan <sean.madigan@nordicsemi.no>
1 parent 262008a commit 8cff70a

File tree

3 files changed

+58
-40
lines changed

3 files changed

+58
-40
lines changed

subsys/bluetooth/host/crypto_psa.c

Lines changed: 18 additions & 12 deletions
Original file line numberDiff line numberDiff line change
@@ -29,8 +29,10 @@ LOG_MODULE_REGISTER(bt_host_crypto);
2929

3030
int prng_init(void)
3131
{
32-
if (psa_crypto_init() != PSA_SUCCESS) {
33-
LOG_ERR("psa_crypto_init() failed");
32+
psa_status_t status = psa_crypto_init();
33+
34+
if (status != PSA_SUCCESS) {
35+
LOG_ERR("psa_crypto_init() failed %d", status);
3436
return -EIO;
3537
}
3638
return 0;
@@ -39,11 +41,13 @@ int prng_init(void)
3941
#if defined(CONFIG_BT_HOST_CRYPTO_PRNG)
4042
int bt_rand(void *buf, size_t len)
4143
{
42-
if (psa_generate_random(buf, len) == PSA_SUCCESS) {
44+
psa_status_t status = psa_generate_random(buf, len);
45+
46+
if (status == PSA_SUCCESS) {
4347
return 0;
4448
}
4549

46-
LOG_ERR("psa_generate_random() failed");
50+
LOG_ERR("psa_generate_random() failed %d", status);
4751
return -EIO;
4852
}
4953
#else /* !CONFIG_BT_HOST_CRYPTO_PRNG */
@@ -79,8 +83,9 @@ int bt_encrypt_le(const uint8_t key[16], const uint8_t plaintext[16],
7983
psa_set_key_bits(&attr, 128);
8084
psa_set_key_usage_flags(&attr, PSA_KEY_USAGE_ENCRYPT);
8185
psa_set_key_algorithm(&attr, PSA_ALG_ECB_NO_PADDING);
82-
if (psa_import_key(&attr, tmp, 16, &key_id) != PSA_SUCCESS) {
83-
LOG_ERR("Failed to import AES key");
86+
status = psa_import_key(&attr, tmp, 16, &key_id);
87+
if (status != PSA_SUCCESS) {
88+
LOG_ERR("Failed to import AES key %d", status);
8489
return -EINVAL;
8590
}
8691

@@ -89,12 +94,12 @@ int bt_encrypt_le(const uint8_t key[16], const uint8_t plaintext[16],
8994
status = psa_cipher_encrypt(key_id, PSA_ALG_ECB_NO_PADDING, tmp, 16,
9095
enc_data, 16, &out_len);
9196
if (status != PSA_SUCCESS) {
92-
LOG_ERR("AES encryption failed");
97+
LOG_ERR("AES encryption failed %d", status);
9398
}
9499

95100
destroy_status = psa_destroy_key(key_id);
96101
if (destroy_status != PSA_SUCCESS) {
97-
LOG_ERR("Failed to destroy AES key");
102+
LOG_ERR("Failed to destroy AES key %d", destroy_status);
98103
}
99104

100105
if ((status != PSA_SUCCESS) || (destroy_status != PSA_SUCCESS)) {
@@ -127,20 +132,21 @@ int bt_encrypt_be(const uint8_t key[16], const uint8_t plaintext[16],
127132
psa_set_key_bits(&attr, 128);
128133
psa_set_key_usage_flags(&attr, PSA_KEY_USAGE_ENCRYPT);
129134
psa_set_key_algorithm(&attr, PSA_ALG_ECB_NO_PADDING);
130-
if (psa_import_key(&attr, key, 16, &key_id) != PSA_SUCCESS) {
131-
LOG_ERR("Failed to import AES key");
135+
status = psa_import_key(&attr, key, 16, &key_id);
136+
if (status != PSA_SUCCESS) {
137+
LOG_ERR("Failed to import AES key %d", status);
132138
return -EINVAL;
133139
}
134140

135141
status = psa_cipher_encrypt(key_id, PSA_ALG_ECB_NO_PADDING,
136142
plaintext, 16, enc_data, 16, &out_len);
137143
if (status != PSA_SUCCESS) {
138-
LOG_ERR("AES encryption failed");
144+
LOG_ERR("AES encryption failed %d", status);
139145
}
140146

141147
destroy_status = psa_destroy_key(key_id);
142148
if (destroy_status != PSA_SUCCESS) {
143-
LOG_ERR("Failed to destroy AES key");
149+
LOG_ERR("Failed to destroy AES key %d", destroy_status);
144150
}
145151

146152
if ((status != PSA_SUCCESS) || (destroy_status != PSA_SUCCESS)) {

subsys/bluetooth/host/ecc.c

Lines changed: 25 additions & 18 deletions
Original file line numberDiff line numberDiff line change
@@ -101,6 +101,7 @@ bool bt_pub_key_is_valid(const uint8_t key[BT_PUB_KEY_LEN])
101101
return true;
102102
}
103103

104+
LOG_ERR("psa_import_key() returned status %d", ret);
104105
return false;
105106
}
106107

@@ -120,18 +121,20 @@ static void generate_pub_key(struct k_work *work)
120121
uint8_t tmp_pub_key_buf[BT_PUB_KEY_LEN + 1];
121122
size_t tmp_len;
122123
int err;
124+
psa_status_t ret;
123125

124126
set_key_attributes(&attr);
125127

126-
if (psa_generate_key(&attr, &key_id) != PSA_SUCCESS) {
127-
LOG_ERR("Failed to generate ECC key");
128+
ret = psa_generate_key(&attr, &key_id);
129+
if (ret != PSA_SUCCESS) {
130+
LOG_ERR("Failed to generate ECC key %d", ret);
128131
err = BT_HCI_ERR_UNSPECIFIED;
129132
goto done;
130133
}
131134

132-
if (psa_export_public_key(key_id, tmp_pub_key_buf, sizeof(tmp_pub_key_buf),
133-
&tmp_len) != PSA_SUCCESS) {
134-
LOG_ERR("Failed to export ECC public key");
135+
ret = psa_export_public_key(key_id, tmp_pub_key_buf, sizeof(tmp_pub_key_buf), &tmp_len);
136+
if (ret != PSA_SUCCESS) {
137+
LOG_ERR("Failed to export ECC public key %d", ret);
135138
err = BT_HCI_ERR_UNSPECIFIED;
136139
goto done;
137140
}
@@ -141,15 +144,16 @@ static void generate_pub_key(struct k_work *work)
141144
*/
142145
memcpy(ecc.public_key_be, &tmp_pub_key_buf[1], BT_PUB_KEY_LEN);
143146

144-
if (psa_export_key(key_id, ecc.private_key_be, BT_PRIV_KEY_LEN,
145-
&tmp_len) != PSA_SUCCESS) {
146-
LOG_ERR("Failed to export ECC private key");
147+
ret = psa_export_key(key_id, ecc.private_key_be, BT_PRIV_KEY_LEN, &tmp_len);
148+
if (ret != PSA_SUCCESS) {
149+
LOG_ERR("Failed to export ECC private key %d", ret);
147150
err = BT_HCI_ERR_UNSPECIFIED;
148151
goto done;
149152
}
150153

151-
if (psa_destroy_key(key_id) != PSA_SUCCESS) {
152-
LOG_ERR("Failed to destroy ECC key ID");
154+
ret = psa_destroy_key(key_id);
155+
if (ret != PSA_SUCCESS) {
156+
LOG_ERR("Failed to destroy ECC key ID %d", ret);
153157
err = BT_HCI_ERR_UNSPECIFIED;
154158
goto done;
155159
}
@@ -184,6 +188,7 @@ static void generate_dh_key(struct k_work *work)
184188

185189
psa_key_attributes_t attr = PSA_KEY_ATTRIBUTES_INIT;
186190
psa_key_id_t key_id;
191+
psa_status_t ret;
187192
/* PSA expects secp256r1 public key to start with a predefined 0x04 byte
188193
* at the beginning the buffer.
189194
*/
@@ -195,23 +200,25 @@ static void generate_dh_key(struct k_work *work)
195200
const uint8_t *priv_key = (IS_ENABLED(CONFIG_BT_USE_DEBUG_KEYS) ?
196201
debug_private_key_be :
197202
ecc.private_key_be);
198-
if (psa_import_key(&attr, priv_key, BT_PRIV_KEY_LEN, &key_id) != PSA_SUCCESS) {
203+
ret = psa_import_key(&attr, priv_key, BT_PRIV_KEY_LEN, &key_id);
204+
if (ret != PSA_SUCCESS) {
199205
err = -EIO;
200-
LOG_ERR("Failed to import the private key for key agreement");
206+
LOG_ERR("Failed to import the private key for key agreement %d", ret);
201207
goto exit;
202208
}
203209

204210
memcpy(&tmp_pub_key_buf[1], ecc.public_key_be, BT_PUB_KEY_LEN);
205-
if (psa_raw_key_agreement(PSA_ALG_ECDH, key_id, tmp_pub_key_buf,
206-
sizeof(tmp_pub_key_buf), ecc.dhkey_be, BT_DH_KEY_LEN,
207-
&tmp_len) != PSA_SUCCESS) {
211+
ret = psa_raw_key_agreement(PSA_ALG_ECDH, key_id, tmp_pub_key_buf, sizeof(tmp_pub_key_buf),
212+
ecc.dhkey_be, BT_DH_KEY_LEN, &tmp_len);
213+
if (ret != PSA_SUCCESS) {
208214
err = -EIO;
209-
LOG_ERR("Raw key agreement failed");
215+
LOG_ERR("Raw key agreement failed %d", ret);
210216
goto exit;
211217
}
212218

213-
if (psa_destroy_key(key_id) != PSA_SUCCESS) {
214-
LOG_ERR("Failed to destroy the key");
219+
ret = psa_destroy_key(key_id);
220+
if (ret != PSA_SUCCESS) {
221+
LOG_ERR("Failed to destroy the key %d", ret);
215222
err = -EIO;
216223
goto exit;
217224
}

subsys/bluetooth/host/gatt.c

Lines changed: 15 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -708,29 +708,34 @@ struct gen_hash_state {
708708
static int db_hash_setup(struct gen_hash_state *state, uint8_t *key)
709709
{
710710
psa_key_attributes_t key_attr = PSA_KEY_ATTRIBUTES_INIT;
711+
psa_status_t ret;
711712

712713
psa_set_key_type(&key_attr, PSA_KEY_TYPE_AES);
713714
psa_set_key_bits(&key_attr, 128);
714715
psa_set_key_usage_flags(&key_attr, PSA_KEY_USAGE_SIGN_MESSAGE);
715716
psa_set_key_algorithm(&key_attr, PSA_ALG_CMAC);
716717

717-
if (psa_import_key(&key_attr, key, 16, &(state->key)) != PSA_SUCCESS) {
718-
LOG_ERR("Unable to import the key for AES CMAC");
718+
ret = psa_import_key(&key_attr, key, 16, &(state->key));
719+
if (ret != PSA_SUCCESS) {
720+
LOG_ERR("Unable to import the key for AES CMAC %d", ret);
719721
return -EIO;
720722
}
721723
state->operation = psa_mac_operation_init();
722-
if (psa_mac_sign_setup(&(state->operation), state->key,
723-
PSA_ALG_CMAC) != PSA_SUCCESS) {
724-
LOG_ERR("CMAC operation init failed");
724+
725+
ret = psa_mac_sign_setup(&(state->operation), state->key, PSA_ALG_CMAC);
726+
if (ret != PSA_SUCCESS) {
727+
LOG_ERR("CMAC operation init failed %d", ret);
725728
return -EIO;
726729
}
727730
return 0;
728731
}
729732

730733
static int db_hash_update(struct gen_hash_state *state, uint8_t *data, size_t len)
731734
{
732-
if (psa_mac_update(&(state->operation), data, len) != PSA_SUCCESS) {
733-
LOG_ERR("CMAC update failed");
735+
psa_status_t ret = psa_mac_update(&(state->operation), data, len);
736+
737+
if (ret != PSA_SUCCESS) {
738+
LOG_ERR("CMAC update failed %d", ret);
734739
return -EIO;
735740
}
736741
return 0;
@@ -739,10 +744,10 @@ static int db_hash_update(struct gen_hash_state *state, uint8_t *data, size_t le
739744
static int db_hash_finish(struct gen_hash_state *state)
740745
{
741746
size_t mac_length;
747+
psa_status_t ret = psa_mac_sign_finish(&(state->operation), db_hash.hash, 16, &mac_length);
742748

743-
if (psa_mac_sign_finish(&(state->operation), db_hash.hash, 16,
744-
&mac_length) != PSA_SUCCESS) {
745-
LOG_ERR("CMAC finish failed");
749+
if (ret != PSA_SUCCESS) {
750+
LOG_ERR("CMAC finish failed %d", ret);
746751
return -EIO;
747752
}
748753
return 0;

0 commit comments

Comments
 (0)