Error codes#

Typedefs#

typedef int32_t

Function return status.

typedef int32_t

Function return status.

Macros#

#define
PSA_SUCCESS ((psa_status_t)0)

The action was completed successfully.

#define
PSA_ERROR_GENERIC_ERROR ((psa_status_t)-132)

An error occurred that does not correspond to any defined failure cause.

#define
PSA_ERROR_NOT_SUPPORTED ((psa_status_t)-134)

The requested operation or a parameter is not supported by this implementation.

#define
PSA_ERROR_NOT_PERMITTED ((psa_status_t)-133)

The requested action is denied by a policy.

#define
PSA_ERROR_BUFFER_TOO_SMALL ((psa_status_t)-138)

An output buffer is too small.

#define
PSA_ERROR_ALREADY_EXISTS ((psa_status_t)-139)

Asking for an item that already exists.

#define
PSA_ERROR_DOES_NOT_EXIST ((psa_status_t)-140)

Asking for an item that doesn't exist.

#define
PSA_ERROR_BAD_STATE ((psa_status_t)-137)

The requested action cannot be performed in the current state.

#define
PSA_ERROR_INVALID_ARGUMENT ((psa_status_t)-135)

The parameters passed to the function are invalid.

#define
PSA_ERROR_INSUFFICIENT_MEMORY ((psa_status_t)-141)

There is not enough runtime memory.

#define
PSA_ERROR_INSUFFICIENT_STORAGE ((psa_status_t)-142)

There is not enough persistent storage.

#define
PSA_ERROR_COMMUNICATION_FAILURE ((psa_status_t)-145)

There was a communication failure inside the implementation.

#define
PSA_ERROR_STORAGE_FAILURE ((psa_status_t)-146)

There was a storage failure that may have led to data loss.

#define
PSA_ERROR_HARDWARE_FAILURE ((psa_status_t)-147)

A hardware failure was detected.

#define
PSA_ERROR_CORRUPTION_DETECTED ((psa_status_t)-151)

A tampering attempt was detected.

#define
PSA_ERROR_INSUFFICIENT_ENTROPY ((psa_status_t)-148)

There is not enough entropy to generate random data needed for the requested action.

#define
PSA_ERROR_INVALID_SIGNATURE ((psa_status_t)-149)

The signature, MAC or hash is incorrect.

#define
PSA_ERROR_INVALID_PADDING ((psa_status_t)-150)

The decrypted padding is incorrect.

#define
PSA_ERROR_INSUFFICIENT_DATA ((psa_status_t)-143)

Return this error when there's insufficient data when attempting to read from a resource.

#define
PSA_ERROR_INVALID_HANDLE ((psa_status_t)-136)

The key identifier is not valid.

#define
PSA_ERROR_DATA_CORRUPT ((psa_status_t)-152)

Stored data has been corrupted.

#define
PSA_ERROR_DATA_INVALID ((psa_status_t)-153)

Data read from storage is not valid for the implementation.

#define
PSA_OPERATION_INCOMPLETE ((psa_status_t)-248)

The function that returns this status is defined as interruptible and still has work to do, thus the user should call the function again with the same operation context until it either returns PSA_SUCCESS or any other error.

#define
PSA_SUCCESS ((psa_status_t)0)

The action was completed successfully.

#define
PSA_ERROR_GENERIC_ERROR ((psa_status_t)-132)

An error occurred that does not correspond to any defined failure cause.

#define
PSA_ERROR_NOT_SUPPORTED ((psa_status_t)-134)

The requested operation or a parameter is not supported by this implementation.

#define
PSA_ERROR_NOT_PERMITTED ((psa_status_t)-133)

The requested action is denied by a policy.

#define
PSA_ERROR_BUFFER_TOO_SMALL ((psa_status_t)-138)

An output buffer is too small.

#define
PSA_ERROR_ALREADY_EXISTS ((psa_status_t)-139)

Asking for an item that already exists.

#define
PSA_ERROR_DOES_NOT_EXIST ((psa_status_t)-140)

Asking for an item that doesn't exist.

#define
PSA_ERROR_BAD_STATE ((psa_status_t)-137)

The requested action cannot be performed in the current state.

#define
PSA_ERROR_INVALID_ARGUMENT ((psa_status_t)-135)

The parameters passed to the function are invalid.

#define
PSA_ERROR_INSUFFICIENT_MEMORY ((psa_status_t)-141)

There is not enough runtime memory.

#define
PSA_ERROR_INSUFFICIENT_STORAGE ((psa_status_t)-142)

There is not enough persistent storage.

#define
PSA_ERROR_COMMUNICATION_FAILURE ((psa_status_t)-145)

There was a communication failure inside the implementation.

#define
PSA_ERROR_STORAGE_FAILURE ((psa_status_t)-146)

There was a storage failure that may have led to data loss.

#define
PSA_ERROR_HARDWARE_FAILURE ((psa_status_t)-147)

A hardware failure was detected.

#define
PSA_ERROR_CORRUPTION_DETECTED ((psa_status_t)-151)

A tampering attempt was detected.

#define
PSA_ERROR_INSUFFICIENT_ENTROPY ((psa_status_t)-148)

There is not enough entropy to generate random data needed for the requested action.

#define
PSA_ERROR_INVALID_SIGNATURE ((psa_status_t)-149)

The signature, MAC or hash is incorrect.

#define
PSA_ERROR_INVALID_PADDING ((psa_status_t)-150)

The decrypted padding is incorrect.

#define
PSA_ERROR_INSUFFICIENT_DATA ((psa_status_t)-143)

Return this error when there's insufficient data when attempting to read from a resource.

#define
PSA_ERROR_INVALID_HANDLE ((psa_status_t)-136)

The key identifier is not valid.

#define
PSA_ERROR_DATA_CORRUPT ((psa_status_t)-152)

Stored data has been corrupted.

#define
PSA_ERROR_DATA_INVALID ((psa_status_t)-153)

Data read from storage is not valid for the implementation.

#define
PSA_OPERATION_INCOMPLETE ((psa_status_t)-248)

The function that returns this status is defined as interruptible and still has work to do, thus the user should call the function again with the same operation context until it either returns PSA_SUCCESS or any other error.

#define
PSA_ERROR_DELAYED ((psa_status_t)-154)

Requested operation has been delayed until the slot will be no longer in use.

Typedef Documentation#

psa_status_t#

typedef int32_t psa_status_t

Function return status.

This is either PSA_SUCCESS (which is zero), indicating success, or a small negative value indicating that an error occurred. Errors are encoded as one of the PSA_ERROR_xxx values defined here.


Definition at line 71 of file util/third_party/mbedtls/include/psa/crypto_types.h

psa_status_t#

typedef int32_t psa_status_t

Function return status.

This is either PSA_SUCCESS (which is zero), indicating success, or a small negative value indicating that an error occurred. Errors are encoded as one of the PSA_ERROR_xxx values defined here.


Definition at line 56 of file util/third_party/trusted-firmware-m/interface/include/psa/crypto_types.h

Macro Definition Documentation#

PSA_SUCCESS#

#define PSA_SUCCESS
Value:
((psa_status_t)0)

The action was completed successfully.


Definition at line 65 of file util/third_party/trusted-firmware-m/interface/include/psa/crypto_values.h

PSA_ERROR_GENERIC_ERROR#

#define PSA_ERROR_GENERIC_ERROR
Value:
((psa_status_t)-132)

An error occurred that does not correspond to any defined failure cause.

Implementations may use this error code if none of the other standard error codes are applicable.


Definition at line 72 of file util/third_party/trusted-firmware-m/interface/include/psa/crypto_values.h

PSA_ERROR_NOT_SUPPORTED#

#define PSA_ERROR_NOT_SUPPORTED
Value:
((psa_status_t)-134)

The requested operation or a parameter is not supported by this implementation.

Implementations should return this error code when an enumeration parameter such as a key type, algorithm, etc. is not recognized. If a combination of parameters is recognized and identified as not valid, return PSA_ERROR_INVALID_ARGUMENT instead.


Definition at line 81 of file util/third_party/trusted-firmware-m/interface/include/psa/crypto_values.h

PSA_ERROR_NOT_PERMITTED#

#define PSA_ERROR_NOT_PERMITTED
Value:
((psa_status_t)-133)

The requested action is denied by a policy.

Implementations should return this error code when the parameters are recognized as valid and supported, and a policy explicitly denies the requested operation.

If a subset of the parameters of a function call identify a forbidden operation, and another subset of the parameters are not valid or not supported, it is unspecified whether the function returns PSA_ERROR_NOT_PERMITTED, PSA_ERROR_NOT_SUPPORTED or PSA_ERROR_INVALID_ARGUMENT.


Definition at line 94 of file util/third_party/trusted-firmware-m/interface/include/psa/crypto_values.h

PSA_ERROR_BUFFER_TOO_SMALL#

#define PSA_ERROR_BUFFER_TOO_SMALL
Value:
((psa_status_t)-138)

An output buffer is too small.

Applications can call the PSA_xxx_SIZE macro listed in the function description to determine a sufficient buffer size.

Implementations should preferably return this error code only in cases when performing the operation with a larger output buffer would succeed. However implementations may return this error if a function has invalid or unsupported parameters in addition to the parameters that determine the necessary output buffer size.


Definition at line 106 of file util/third_party/trusted-firmware-m/interface/include/psa/crypto_values.h

PSA_ERROR_ALREADY_EXISTS#

#define PSA_ERROR_ALREADY_EXISTS
Value:
((psa_status_t)-139)

Asking for an item that already exists.

Implementations should return this error, when attempting to write an item (like a key) that already exists.


Definition at line 112 of file util/third_party/trusted-firmware-m/interface/include/psa/crypto_values.h

PSA_ERROR_DOES_NOT_EXIST#

#define PSA_ERROR_DOES_NOT_EXIST
Value:
((psa_status_t)-140)

Asking for an item that doesn't exist.

Implementations should return this error, if a requested item (like a key) does not exist.


Definition at line 118 of file util/third_party/trusted-firmware-m/interface/include/psa/crypto_values.h

PSA_ERROR_BAD_STATE#

#define PSA_ERROR_BAD_STATE
Value:
((psa_status_t)-137)

The requested action cannot be performed in the current state.

Multipart operations return this error when one of the functions is called out of sequence. Refer to the function descriptions for permitted sequencing of functions.

Implementations shall not return this error code to indicate that a key either exists or not, but shall instead return PSA_ERROR_ALREADY_EXISTS or PSA_ERROR_DOES_NOT_EXIST as applicable.

Implementations shall not return this error code to indicate that a key identifier is invalid, but shall return PSA_ERROR_INVALID_HANDLE instead.


Definition at line 134 of file util/third_party/trusted-firmware-m/interface/include/psa/crypto_values.h

PSA_ERROR_INVALID_ARGUMENT#

#define PSA_ERROR_INVALID_ARGUMENT
Value:
((psa_status_t)-135)

The parameters passed to the function are invalid.

Implementations may return this error any time a parameter or combination of parameters are recognized as invalid.

Implementations shall not return this error code to indicate that a key identifier is invalid, but shall return PSA_ERROR_INVALID_HANDLE instead.


Definition at line 145 of file util/third_party/trusted-firmware-m/interface/include/psa/crypto_values.h

PSA_ERROR_INSUFFICIENT_MEMORY#

#define PSA_ERROR_INSUFFICIENT_MEMORY
Value:
((psa_status_t)-141)

There is not enough runtime memory.

If the action is carried out across multiple security realms, this error can refer to available memory in any of the security realms.


Definition at line 151 of file util/third_party/trusted-firmware-m/interface/include/psa/crypto_values.h

PSA_ERROR_INSUFFICIENT_STORAGE#

#define PSA_ERROR_INSUFFICIENT_STORAGE
Value:
((psa_status_t)-142)

There is not enough persistent storage.

Functions that modify the key storage return this error code if there is insufficient storage space on the host media. In addition, many functions that do not otherwise access storage may return this error code if the implementation requires a mandatory log entry for the requested action and the log storage space is full.


Definition at line 160 of file util/third_party/trusted-firmware-m/interface/include/psa/crypto_values.h

PSA_ERROR_COMMUNICATION_FAILURE#

#define PSA_ERROR_COMMUNICATION_FAILURE
Value:
((psa_status_t)-145)

There was a communication failure inside the implementation.

This can indicate a communication failure between the application and an external cryptoprocessor or between the cryptoprocessor and an external volatile or persistent memory. A communication failure may be transient or permanent depending on the cause.

Warnings

  • If a function returns this error, it is undetermined whether the requested action has completed or not. Implementations should return PSA_SUCCESS on successful completion whenever possible, however functions may return PSA_ERROR_COMMUNICATION_FAILURE if the requested action was completed successfully in an external cryptoprocessor but there was a breakdown of communication before the cryptoprocessor could report the status to the application.


Definition at line 177 of file util/third_party/trusted-firmware-m/interface/include/psa/crypto_values.h

PSA_ERROR_STORAGE_FAILURE#

#define PSA_ERROR_STORAGE_FAILURE
Value:
((psa_status_t)-146)

There was a storage failure that may have led to data loss.

This error indicates that some persistent storage is corrupted. It should not be used for a corruption of volatile memory (use PSA_ERROR_CORRUPTION_DETECTED), for a communication error between the cryptoprocessor and its external storage (use PSA_ERROR_COMMUNICATION_FAILURE), or when the storage is in a valid state but is full (use PSA_ERROR_INSUFFICIENT_STORAGE).

Note that a storage failure does not indicate that any data that was previously read is invalid. However this previously read data may no longer be readable from storage.

When a storage failure occurs, it is no longer possible to ensure the global integrity of the keystore. Depending on the global integrity guarantees offered by the implementation, access to other data may or may not fail even if the data is still readable but its integrity cannot be guaranteed.

Implementations should only use this error code to report a permanent storage corruption. However application writers should keep in mind that transient errors while reading the storage may be reported using this error code.


Definition at line 202 of file util/third_party/trusted-firmware-m/interface/include/psa/crypto_values.h

PSA_ERROR_HARDWARE_FAILURE#

#define PSA_ERROR_HARDWARE_FAILURE
Value:
((psa_status_t)-147)

A hardware failure was detected.

A hardware failure may be transient or permanent depending on the cause.


Definition at line 208 of file util/third_party/trusted-firmware-m/interface/include/psa/crypto_values.h

PSA_ERROR_CORRUPTION_DETECTED#

#define PSA_ERROR_CORRUPTION_DETECTED
Value:
((psa_status_t)-151)

A tampering attempt was detected.

If an application receives this error code, there is no guarantee that previously accessed or computed data was correct and remains confidential. Applications should not perform any security function and should enter a safe failure state.

Implementations may return this error code if they detect an invalid state that cannot happen during normal operation and that indicates that the implementation's security guarantees no longer hold. Depending on the implementation architecture and on its security and safety goals, the implementation may forcibly terminate the application.

This error code is intended as a last resort when a security breach is detected and it is unsure whether the keystore data is still protected. Implementations shall only return this error code to report an alarm from a tampering detector, to indicate that the confidentiality of stored data can no longer be guaranteed, or to indicate that the integrity of previously returned data is now considered compromised. Implementations shall not use this error code to indicate a hardware failure that merely makes it impossible to perform the requested operation (use PSA_ERROR_COMMUNICATION_FAILURE, PSA_ERROR_STORAGE_FAILURE, PSA_ERROR_HARDWARE_FAILURE, PSA_ERROR_INSUFFICIENT_ENTROPY or other applicable error code instead).

This error indicates an attack against the application. Implementations shall not return this error code as a consequence of the behavior of the application itself.


Definition at line 239 of file util/third_party/trusted-firmware-m/interface/include/psa/crypto_values.h

PSA_ERROR_INSUFFICIENT_ENTROPY#

#define PSA_ERROR_INSUFFICIENT_ENTROPY
Value:
((psa_status_t)-148)

There is not enough entropy to generate random data needed for the requested action.

This error indicates a failure of a hardware random generator. Application writers should note that this error can be returned not only by functions whose purpose is to generate random data, such as key, IV or nonce generation, but also by functions that execute an algorithm with a randomized result, as well as functions that use randomization of intermediate computations as a countermeasure to certain attacks.

Implementations should avoid returning this error after psa_crypto_init() has succeeded. Implementations should generate sufficient entropy during initialization and subsequently use a cryptographically secure pseudorandom generator (PRNG). However implementations may return this error at any time if a policy requires the PRNG to be reseeded during normal operation.


Definition at line 258 of file util/third_party/trusted-firmware-m/interface/include/psa/crypto_values.h

PSA_ERROR_INVALID_SIGNATURE#

#define PSA_ERROR_INVALID_SIGNATURE
Value:
((psa_status_t)-149)

The signature, MAC or hash is incorrect.

Verification functions return this error if the verification calculations completed successfully, and the value to be verified was determined to be incorrect.

If the value to verify has an invalid size, implementations may return either PSA_ERROR_INVALID_ARGUMENT or PSA_ERROR_INVALID_SIGNATURE.


Definition at line 268 of file util/third_party/trusted-firmware-m/interface/include/psa/crypto_values.h

PSA_ERROR_INVALID_PADDING#

#define PSA_ERROR_INVALID_PADDING
Value:
((psa_status_t)-150)

The decrypted padding is incorrect.

Warnings

  • In some protocols, when decrypting data, it is essential that the behavior of the application does not depend on whether the padding is correct, down to precise timing. Applications should prefer protocols that use authenticated encryption rather than plain encryption. If the application must perform a decryption of unauthenticated data, the application writer should take care not to reveal whether the padding is invalid.

Implementations should strive to make valid and invalid padding as close as possible to indistinguishable to an external observer. In particular, the timing of a decryption operation should not depend on the validity of the padding.


Definition at line 284 of file util/third_party/trusted-firmware-m/interface/include/psa/crypto_values.h

PSA_ERROR_INSUFFICIENT_DATA#

#define PSA_ERROR_INSUFFICIENT_DATA
Value:
((psa_status_t)-143)

Return this error when there's insufficient data when attempting to read from a resource.


Definition at line 288 of file util/third_party/trusted-firmware-m/interface/include/psa/crypto_values.h

PSA_ERROR_INVALID_HANDLE#

#define PSA_ERROR_INVALID_HANDLE
Value:
((psa_status_t)-136)

The key identifier is not valid.

See also :ref:`key-handles`.


Definition at line 292 of file util/third_party/trusted-firmware-m/interface/include/psa/crypto_values.h

PSA_ERROR_DATA_CORRUPT#

#define PSA_ERROR_DATA_CORRUPT
Value:
((psa_status_t)-152)

Stored data has been corrupted.

This error indicates that some persistent storage has suffered corruption. It does not indicate the following situations, which have specific error codes:

Note

  • A storage corruption does not indicate that any data that was previously read is invalid. However this previously read data might no longer be readable from storage.

When a storage failure occurs, it is no longer possible to ensure the global integrity of the keystore.


Definition at line 316 of file util/third_party/trusted-firmware-m/interface/include/psa/crypto_values.h

PSA_ERROR_DATA_INVALID#

#define PSA_ERROR_DATA_INVALID
Value:
((psa_status_t)-153)

Data read from storage is not valid for the implementation.

This error indicates that some data read from storage does not have a valid format. It does not indicate the following situations, which have specific error codes:

This error is typically a result of either storage corruption on a cleartext storage backend, or an attempt to read data that was written by an incompatible version of the library.


Definition at line 332 of file util/third_party/trusted-firmware-m/interface/include/psa/crypto_values.h

PSA_OPERATION_INCOMPLETE#

#define PSA_OPERATION_INCOMPLETE
Value:
((psa_status_t)-248)

The function that returns this status is defined as interruptible and still has work to do, thus the user should call the function again with the same operation context until it either returns PSA_SUCCESS or any other error.

This is not an error per se, more a notification of status.


Definition at line 339 of file util/third_party/trusted-firmware-m/interface/include/psa/crypto_values.h

PSA_SUCCESS#

#define PSA_SUCCESS
Value:
((psa_status_t)0)

The action was completed successfully.


Definition at line 76 of file util/third_party/mbedtls/include/psa/crypto_values.h

PSA_ERROR_GENERIC_ERROR#

#define PSA_ERROR_GENERIC_ERROR
Value:
((psa_status_t)-132)

An error occurred that does not correspond to any defined failure cause.

Implementations may use this error code if none of the other standard error codes are applicable.


Definition at line 83 of file util/third_party/mbedtls/include/psa/crypto_values.h

PSA_ERROR_NOT_SUPPORTED#

#define PSA_ERROR_NOT_SUPPORTED
Value:
((psa_status_t)-134)

The requested operation or a parameter is not supported by this implementation.

Implementations should return this error code when an enumeration parameter such as a key type, algorithm, etc. is not recognized. If a combination of parameters is recognized and identified as not valid, return PSA_ERROR_INVALID_ARGUMENT instead.


Definition at line 92 of file util/third_party/mbedtls/include/psa/crypto_values.h

PSA_ERROR_NOT_PERMITTED#

#define PSA_ERROR_NOT_PERMITTED
Value:
((psa_status_t)-133)

The requested action is denied by a policy.

Implementations should return this error code when the parameters are recognized as valid and supported, and a policy explicitly denies the requested operation.

If a subset of the parameters of a function call identify a forbidden operation, and another subset of the parameters are not valid or not supported, it is unspecified whether the function returns PSA_ERROR_NOT_PERMITTED, PSA_ERROR_NOT_SUPPORTED or PSA_ERROR_INVALID_ARGUMENT.


Definition at line 105 of file util/third_party/mbedtls/include/psa/crypto_values.h

PSA_ERROR_BUFFER_TOO_SMALL#

#define PSA_ERROR_BUFFER_TOO_SMALL
Value:
((psa_status_t)-138)

An output buffer is too small.

Applications can call the PSA_xxx_SIZE macro listed in the function description to determine a sufficient buffer size.

Implementations should preferably return this error code only in cases when performing the operation with a larger output buffer would succeed. However implementations may return this error if a function has invalid or unsupported parameters in addition to the parameters that determine the necessary output buffer size.


Definition at line 117 of file util/third_party/mbedtls/include/psa/crypto_values.h

PSA_ERROR_ALREADY_EXISTS#

#define PSA_ERROR_ALREADY_EXISTS
Value:
((psa_status_t)-139)

Asking for an item that already exists.

Implementations should return this error, when attempting to write an item (like a key) that already exists.


Definition at line 123 of file util/third_party/mbedtls/include/psa/crypto_values.h

PSA_ERROR_DOES_NOT_EXIST#

#define PSA_ERROR_DOES_NOT_EXIST
Value:
((psa_status_t)-140)

Asking for an item that doesn't exist.

Implementations should return this error, if a requested item (like a key) does not exist.


Definition at line 129 of file util/third_party/mbedtls/include/psa/crypto_values.h

PSA_ERROR_BAD_STATE#

#define PSA_ERROR_BAD_STATE
Value:
((psa_status_t)-137)

The requested action cannot be performed in the current state.

Multipart operations return this error when one of the functions is called out of sequence. Refer to the function descriptions for permitted sequencing of functions.

Implementations shall not return this error code to indicate that a key either exists or not, but shall instead return PSA_ERROR_ALREADY_EXISTS or PSA_ERROR_DOES_NOT_EXIST as applicable.

Implementations shall not return this error code to indicate that a key identifier is invalid, but shall return PSA_ERROR_INVALID_HANDLE instead.


Definition at line 145 of file util/third_party/mbedtls/include/psa/crypto_values.h

PSA_ERROR_INVALID_ARGUMENT#

#define PSA_ERROR_INVALID_ARGUMENT
Value:
((psa_status_t)-135)

The parameters passed to the function are invalid.

Implementations may return this error any time a parameter or combination of parameters are recognized as invalid.

Implementations shall not return this error code to indicate that a key identifier is invalid, but shall return PSA_ERROR_INVALID_HANDLE instead.


Definition at line 156 of file util/third_party/mbedtls/include/psa/crypto_values.h

PSA_ERROR_INSUFFICIENT_MEMORY#

#define PSA_ERROR_INSUFFICIENT_MEMORY
Value:
((psa_status_t)-141)

There is not enough runtime memory.

If the action is carried out across multiple security realms, this error can refer to available memory in any of the security realms.


Definition at line 162 of file util/third_party/mbedtls/include/psa/crypto_values.h

PSA_ERROR_INSUFFICIENT_STORAGE#

#define PSA_ERROR_INSUFFICIENT_STORAGE
Value:
((psa_status_t)-142)

There is not enough persistent storage.

Functions that modify the key storage return this error code if there is insufficient storage space on the host media. In addition, many functions that do not otherwise access storage may return this error code if the implementation requires a mandatory log entry for the requested action and the log storage space is full.


Definition at line 171 of file util/third_party/mbedtls/include/psa/crypto_values.h

PSA_ERROR_COMMUNICATION_FAILURE#

#define PSA_ERROR_COMMUNICATION_FAILURE
Value:
((psa_status_t)-145)

There was a communication failure inside the implementation.

This can indicate a communication failure between the application and an external cryptoprocessor or between the cryptoprocessor and an external volatile or persistent memory. A communication failure may be transient or permanent depending on the cause.

Warnings

  • If a function returns this error, it is undetermined whether the requested action has completed or not. Implementations should return PSA_SUCCESS on successful completion whenever possible, however functions may return PSA_ERROR_COMMUNICATION_FAILURE if the requested action was completed successfully in an external cryptoprocessor but there was a breakdown of communication before the cryptoprocessor could report the status to the application.


Definition at line 188 of file util/third_party/mbedtls/include/psa/crypto_values.h

PSA_ERROR_STORAGE_FAILURE#

#define PSA_ERROR_STORAGE_FAILURE
Value:
((psa_status_t)-146)

There was a storage failure that may have led to data loss.

This error indicates that some persistent storage is corrupted. It should not be used for a corruption of volatile memory (use PSA_ERROR_CORRUPTION_DETECTED), for a communication error between the cryptoprocessor and its external storage (use PSA_ERROR_COMMUNICATION_FAILURE), or when the storage is in a valid state but is full (use PSA_ERROR_INSUFFICIENT_STORAGE).

Note that a storage failure does not indicate that any data that was previously read is invalid. However this previously read data may no longer be readable from storage.

When a storage failure occurs, it is no longer possible to ensure the global integrity of the keystore. Depending on the global integrity guarantees offered by the implementation, access to other data may or may not fail even if the data is still readable but its integrity cannot be guaranteed.

Implementations should only use this error code to report a permanent storage corruption. However application writers should keep in mind that transient errors while reading the storage may be reported using this error code.


Definition at line 213 of file util/third_party/mbedtls/include/psa/crypto_values.h

PSA_ERROR_HARDWARE_FAILURE#

#define PSA_ERROR_HARDWARE_FAILURE
Value:
((psa_status_t)-147)

A hardware failure was detected.

A hardware failure may be transient or permanent depending on the cause.


Definition at line 219 of file util/third_party/mbedtls/include/psa/crypto_values.h

PSA_ERROR_CORRUPTION_DETECTED#

#define PSA_ERROR_CORRUPTION_DETECTED
Value:
((psa_status_t)-151)

A tampering attempt was detected.

If an application receives this error code, there is no guarantee that previously accessed or computed data was correct and remains confidential. Applications should not perform any security function and should enter a safe failure state.

Implementations may return this error code if they detect an invalid state that cannot happen during normal operation and that indicates that the implementation's security guarantees no longer hold. Depending on the implementation architecture and on its security and safety goals, the implementation may forcibly terminate the application.

This error code is intended as a last resort when a security breach is detected and it is unsure whether the keystore data is still protected. Implementations shall only return this error code to report an alarm from a tampering detector, to indicate that the confidentiality of stored data can no longer be guaranteed, or to indicate that the integrity of previously returned data is now considered compromised. Implementations shall not use this error code to indicate a hardware failure that merely makes it impossible to perform the requested operation (use PSA_ERROR_COMMUNICATION_FAILURE, PSA_ERROR_STORAGE_FAILURE, PSA_ERROR_HARDWARE_FAILURE, PSA_ERROR_INSUFFICIENT_ENTROPY or other applicable error code instead).

This error indicates an attack against the application. Implementations shall not return this error code as a consequence of the behavior of the application itself.


Definition at line 250 of file util/third_party/mbedtls/include/psa/crypto_values.h

PSA_ERROR_INSUFFICIENT_ENTROPY#

#define PSA_ERROR_INSUFFICIENT_ENTROPY
Value:
((psa_status_t)-148)

There is not enough entropy to generate random data needed for the requested action.

This error indicates a failure of a hardware random generator. Application writers should note that this error can be returned not only by functions whose purpose is to generate random data, such as key, IV or nonce generation, but also by functions that execute an algorithm with a randomized result, as well as functions that use randomization of intermediate computations as a countermeasure to certain attacks.

Implementations should avoid returning this error after psa_crypto_init() has succeeded. Implementations should generate sufficient entropy during initialization and subsequently use a cryptographically secure pseudorandom generator (PRNG). However implementations may return this error at any time if a policy requires the PRNG to be reseeded during normal operation.


Definition at line 269 of file util/third_party/mbedtls/include/psa/crypto_values.h

PSA_ERROR_INVALID_SIGNATURE#

#define PSA_ERROR_INVALID_SIGNATURE
Value:
((psa_status_t)-149)

The signature, MAC or hash is incorrect.

Verification functions return this error if the verification calculations completed successfully, and the value to be verified was determined to be incorrect.

If the value to verify has an invalid size, implementations may return either PSA_ERROR_INVALID_ARGUMENT or PSA_ERROR_INVALID_SIGNATURE.


Definition at line 279 of file util/third_party/mbedtls/include/psa/crypto_values.h

PSA_ERROR_INVALID_PADDING#

#define PSA_ERROR_INVALID_PADDING
Value:
((psa_status_t)-150)

The decrypted padding is incorrect.

Warnings

  • In some protocols, when decrypting data, it is essential that the behavior of the application does not depend on whether the padding is correct, down to precise timing. Applications should prefer protocols that use authenticated encryption rather than plain encryption. If the application must perform a decryption of unauthenticated data, the application writer should take care not to reveal whether the padding is invalid.

Implementations should strive to make valid and invalid padding as close as possible to indistinguishable to an external observer. In particular, the timing of a decryption operation should not depend on the validity of the padding.


Definition at line 295 of file util/third_party/mbedtls/include/psa/crypto_values.h

PSA_ERROR_INSUFFICIENT_DATA#

#define PSA_ERROR_INSUFFICIENT_DATA
Value:
((psa_status_t)-143)

Return this error when there's insufficient data when attempting to read from a resource.


Definition at line 299 of file util/third_party/mbedtls/include/psa/crypto_values.h

PSA_ERROR_INVALID_HANDLE#

#define PSA_ERROR_INVALID_HANDLE
Value:
((psa_status_t)-136)

The key identifier is not valid.

See also :ref:`key-handles`.


Definition at line 303 of file util/third_party/mbedtls/include/psa/crypto_values.h

PSA_ERROR_DATA_CORRUPT#

#define PSA_ERROR_DATA_CORRUPT
Value:
((psa_status_t)-152)

Stored data has been corrupted.

This error indicates that some persistent storage has suffered corruption. It does not indicate the following situations, which have specific error codes:

Note

  • A storage corruption does not indicate that any data that was previously read is invalid. However this previously read data might no longer be readable from storage.

When a storage failure occurs, it is no longer possible to ensure the global integrity of the keystore.


Definition at line 327 of file util/third_party/mbedtls/include/psa/crypto_values.h

PSA_ERROR_DATA_INVALID#

#define PSA_ERROR_DATA_INVALID
Value:
((psa_status_t)-153)

Data read from storage is not valid for the implementation.

This error indicates that some data read from storage does not have a valid format. It does not indicate the following situations, which have specific error codes:

This error is typically a result of either storage corruption on a cleartext storage backend, or an attempt to read data that was written by an incompatible version of the library.


Definition at line 343 of file util/third_party/mbedtls/include/psa/crypto_values.h

PSA_OPERATION_INCOMPLETE#

#define PSA_OPERATION_INCOMPLETE
Value:
((psa_status_t)-248)

The function that returns this status is defined as interruptible and still has work to do, thus the user should call the function again with the same operation context until it either returns PSA_SUCCESS or any other error.

This is not an error per se, more a notification of status.


Definition at line 350 of file util/third_party/mbedtls/include/psa/crypto_values.h

PSA_ERROR_DELAYED#

#define PSA_ERROR_DELAYED
Value:
((psa_status_t)-154)

Requested operation has been delayed until the slot will be no longer in use.

This error indicates that the requested operation could not be performed at the time. It is returned from psa_close_key, psa_purge_key, and psa_destroy_key for a call with a slot that is still used by a different thread. It will be performed by the thread that stops using the key last.


Definition at line 359 of file util/third_party/mbedtls/include/psa/crypto_values.h