trusted_storage: Fix Return code errors

Align return codes and some behavior with the PSA ITS tests provided by
the TF-M project.

Ref: NCSDK-26234

Signed-off-by: Markus Swarowsky <[email protected]>

subsys/trusted_storage/src/aead/trusted_backend_aead.c

@@ -33,6 +33,8 @@ LOG_MODULE_REGISTER(internal_trusted_aead, CONFIG_TRUSTED_STORAGE_LOG_LEVEL);
 #define STORAGE_MAX_ASSET_SIZE CONFIG_TRUSTED_STORAGE_BACKEND_AEAD_MAX_DATA_SIZE
 #define AEAD_MAX_BUF_SIZE      ROUND_UP(STORAGE_MAX_ASSET_SIZE + AEAD_TAG_SIZE, AEAD_TAG_SIZE)
 
+#define INVALID_UID 0U
+
 /** Header of stored object. Supplied as additional data when encrypting. */
 typedef struct stored_object_header {
 	psa_storage_create_flags_t create_flags;
@@ -46,13 +48,13 @@ typedef struct stored_object {
 } stored_object;
 
 psa_status_t trusted_get_info(const psa_storage_uid_t uid, const char *prefix,
-			     struct psa_storage_info_t *p_info)
+			      struct psa_storage_info_t *p_info)
 {
 	psa_status_t status;
 	size_t out_length;
 	stored_object_header header;
 
-	if (p_info == NULL) {
+	if (p_info == NULL || uid == INVALID_UID) {
 		return PSA_ERROR_INVALID_ARGUMENT;
 	}
 
@@ -70,19 +72,24 @@ psa_status_t trusted_get_info(const psa_storage_uid_t uid, const char *prefix,
 }
 
 psa_status_t trusted_get(const psa_storage_uid_t uid, const char *prefix, size_t data_offset,
-			size_t data_length, void *p_data, size_t *p_data_length)
+			 size_t data_length, void *p_data, size_t *p_data_length)
 {
 	psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
 	uint8_t key_buf[AEAD_KEY_SIZE + 1];
 	size_t out_length;
 	stored_object object_data;
 
-	if (data_length == 0 || p_data == NULL || p_data_length == NULL) {
+	if ((p_data == NULL && data_length != 0) || p_data_length == NULL || uid == INVALID_UID) {
 		return PSA_ERROR_INVALID_ARGUMENT;
 	}
 
+	if (data_length == 0) {
+		*p_data_length = 0;
+		return PSA_SUCCESS;
+	}
+
 	if ((data_offset + data_length) > STORAGE_MAX_ASSET_SIZE) {
-		return PSA_ERROR_NOT_SUPPORTED;
+		return PSA_ERROR_INVALID_ARGUMENT;
 	}
 
 	/* Get AEAD key */
@@ -98,23 +105,31 @@ psa_status_t trusted_get(const psa_storage_uid_t uid, const char *prefix, size_t
 		return status;
 	}
 
-	status = trusted_storage_aead_decrypt(key_buf, AEAD_KEY_SIZE, object_data.nonce,
-					     AEAD_NONCE_SIZE, (void *)&object_data.header,
-					     sizeof(object_data.header), object_data.data,
-					     out_length - offsetof(stored_object, data),
-					     object_data.data, STORAGE_MAX_ASSET_SIZE, &out_length);
+	status = trusted_storage_aead_decrypt(
+		key_buf, AEAD_KEY_SIZE, object_data.nonce, AEAD_NONCE_SIZE,
+		(void *)&object_data.header, sizeof(object_data.header), object_data.data,
+		out_length - offsetof(stored_object, data), object_data.data,
+		STORAGE_MAX_ASSET_SIZE, &out_length);
 
 	if (status != PSA_SUCCESS) {
 		goto clean_up;
 	}
 
-	if ((data_offset + data_length) > out_length) {
+	if (data_offset > out_length) {
+		*p_data_length = 0;
 		status = PSA_ERROR_INVALID_ARGUMENT;
+		goto clean_up;
+	}
+
+	if ((data_offset + data_length) > out_length) {
+		out_length -= data_offset;
 	} else {
-		memcpy(p_data, object_data.data + data_offset, data_length);
-		*p_data_length = data_length;
+		out_length = data_length;
 	}
 
+	memcpy(p_data, object_data.data + data_offset, out_length);
+	*p_data_length = out_length;
+
 clean_up:
 	/* Clean up */
 	mbedtls_platform_zeroize(key_buf, sizeof(key_buf));
@@ -124,14 +139,14 @@ psa_status_t trusted_get(const psa_storage_uid_t uid, const char *prefix, size_t
 }
 
 psa_status_t trusted_set(const psa_storage_uid_t uid, const char *prefix, size_t data_length,
-			const void *p_data, psa_storage_create_flags_t create_flags)
+			 const void *p_data, psa_storage_create_flags_t create_flags)
 {
 	psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
 	uint8_t key_buf[AEAD_KEY_SIZE + 1];
 	size_t out_length = 0;
 	stored_object object_data;
 
-	if (data_length == 0 || p_data == NULL) {
+	if (uid == INVALID_UID || (p_data == NULL && data_length != 0)) {
 		return PSA_ERROR_INVALID_ARGUMENT;
 	}
 
@@ -140,7 +155,7 @@ psa_status_t trusted_set(const psa_storage_uid_t uid, const char *prefix, size_t
 	}
 
 	if (data_length > STORAGE_MAX_ASSET_SIZE) {
-		return PSA_ERROR_NOT_SUPPORTED;
+		return PSA_ERROR_INVALID_ARGUMENT;
 	}
 
 	/* Get flags */
@@ -173,9 +188,9 @@ psa_status_t trusted_set(const psa_storage_uid_t uid, const char *prefix, size_t
 	object_data.header.data_size = data_length;
 
 	status = trusted_storage_aead_encrypt(key_buf, AEAD_KEY_SIZE, object_data.nonce,
-					     AEAD_NONCE_SIZE, (void *)&object_data.header,
-					     sizeof(object_data.header), p_data, data_length,
-					     object_data.data, AEAD_MAX_BUF_SIZE, &out_length);
+					      AEAD_NONCE_SIZE, (void *)&object_data.header,
+					      sizeof(object_data.header), p_data, data_length,
+					      object_data.data, AEAD_MAX_BUF_SIZE, &out_length);
 
 	mbedtls_platform_zeroize(key_buf, sizeof(key_buf));
 
@@ -209,6 +224,10 @@ psa_status_t trusted_remove(const psa_storage_uid_t uid, const char *prefix)
 	size_t out_length;
 	stored_object_header header;
 
+	if (uid == INVALID_UID) {
+		return PSA_ERROR_INVALID_ARGUMENT;
+	}
+
 	/* Get flags */
 	status = storage_get_object(uid, prefix, (void *)&header, sizeof(header), &out_length);
 	if (status != PSA_SUCCESS) {
@@ -228,7 +247,7 @@ uint32_t trusted_get_support(void)
 }
 
 psa_status_t trusted_create(const psa_storage_uid_t uid, size_t capacity,
-			   psa_storage_create_flags_t create_flags)
+			    psa_storage_create_flags_t create_flags)
 {
 
 	ARG_UNUSED(uid);
@@ -238,7 +257,7 @@ psa_status_t trusted_create(const psa_storage_uid_t uid, size_t capacity,
 }
 
 psa_status_t trusted_set_extended(const psa_storage_uid_t uid, size_t data_offset,
-				 size_t data_length, const void *p_data)
+				  size_t data_length, const void *p_data)
 {
 	ARG_UNUSED(uid);
 	ARG_UNUSED(data_offset);

subsys/trusted_storage/src/internal_trusted_storage/backend_interface.c

@@ -11,30 +11,19 @@
 
 psa_status_t psa_its_get_info(psa_storage_uid_t uid, struct psa_storage_info_t *p_info)
 {
-	if (p_info == NULL) {
-		return PSA_ERROR_INVALID_ARGUMENT;
-	}
-
 	return trusted_get_info(uid, CONFIG_PSA_INTERNAL_TRUSTED_STORAGE_PREFIX, p_info);
 }
 
 psa_status_t psa_its_get(psa_storage_uid_t uid, size_t data_offset, size_t data_length,
 			 void *p_data, size_t *p_data_length)
 {
-	if (data_length == 0 || p_data == NULL || p_data_length == NULL) {
-		return PSA_ERROR_INVALID_ARGUMENT;
-	}
-
 	return trusted_get(uid, CONFIG_PSA_INTERNAL_TRUSTED_STORAGE_PREFIX, data_offset,
 			   data_length, p_data, p_data_length);
 }
 
 psa_status_t psa_its_set(psa_storage_uid_t uid, size_t data_length, const void *p_data,
 			 psa_storage_create_flags_t create_flags)
 {
-	if (data_length == 0 || p_data == NULL) {
-		return PSA_ERROR_INVALID_ARGUMENT;
-	}
 
 	return trusted_set(uid, CONFIG_PSA_INTERNAL_TRUSTED_STORAGE_PREFIX, data_length, p_data,
 			   create_flags);

subsys/trusted_storage/src/protected_storage/backend_interface.c

@@ -4,38 +4,25 @@
  * SPDX-License-Identifier: LicenseRef-Nordic-5-Clause
  */
 
-#include <psa_crypto_its.h>
 #include <psa/protected_storage.h>
 
 #include "../trusted_storage_backend.h"
 
 psa_status_t psa_ps_get_info(psa_storage_uid_t uid, struct psa_storage_info_t *p_info)
 {
-	if (p_info == NULL) {
-		return PSA_ERROR_INVALID_ARGUMENT;
-	}
-
 	return trusted_get_info(uid, CONFIG_PSA_PROTECTED_STORAGE_PREFIX, p_info);
 }
 
 psa_status_t psa_ps_get(psa_storage_uid_t uid, size_t data_offset, size_t data_length, void *p_data,
 			size_t *p_data_length)
 {
-	if (data_length == 0 || p_data == NULL || p_data_length == NULL) {
-		return PSA_ERROR_INVALID_ARGUMENT;
-	}
-
 	return trusted_get(uid, CONFIG_PSA_PROTECTED_STORAGE_PREFIX, data_offset, data_length,
 			  p_data, p_data_length);
 }
 
 psa_status_t psa_ps_set(psa_storage_uid_t uid, size_t data_length, const void *p_data,
 			psa_storage_create_flags_t create_flags)
 {
-	if (data_length == 0 || p_data == NULL) {
-		return PSA_ERROR_INVALID_ARGUMENT;
-	}
-
 	return trusted_set(uid, CONFIG_PSA_PROTECTED_STORAGE_PREFIX, data_length, p_data,
 			  create_flags);
 }