Crypto: Update to mbed TLS 3.2.1
Signed-off-by: Antonio de Angelis <antonio.deangelis@arm.com>
Change-Id: I92274fc6496219a2fef35db4cf02a6fe66f3a276
diff --git a/interface/include/psa/crypto.h b/interface/include/psa/crypto.h
index c4a103d..60f38d0 100644
--- a/interface/include/psa/crypto.h
+++ b/interface/include/psa/crypto.h
@@ -95,6 +95,12 @@
* @{
*/
+/** \def PSA_KEY_ATTRIBUTES_INIT
+ *
+ * This macro returns a suitable initializer for a key attribute structure
+ * of type #psa_key_attributes_t.
+ */
+
/** Return an initial value for a key attributes structure.
*/
static psa_key_attributes_t psa_key_attributes_init(void);
@@ -455,17 +461,14 @@
* This is an attempt to create a persistent key, and there is
* already a persistent key with the given identifier.
* \retval #PSA_ERROR_INVALID_ARGUMENT
- * The lifetime or identifier in \p attributes are invalid.
- * \retval #PSA_ERROR_INVALID_ARGUMENT
- * The policy constraints on the source and specified in
- * \p attributes are incompatible.
- * \retval #PSA_ERROR_INVALID_ARGUMENT
+ * The lifetime or identifier in \p attributes are invalid, or
+ * the policy constraints on the source and specified in
+ * \p attributes are incompatible, or
* \p attributes specifies a key type or key size
* which does not match the attributes of the source key.
* \retval #PSA_ERROR_NOT_PERMITTED
- * The source key does not have the #PSA_KEY_USAGE_COPY usage flag.
- * \retval #PSA_ERROR_NOT_PERMITTED
- * The source key is not exportable and its lifetime does not
+ * The source key does not have the #PSA_KEY_USAGE_COPY usage flag, or
+ * the source key is not exportable and its lifetime does not
* allow copying it to the target's lifetime.
* \retval #PSA_ERROR_INSUFFICIENT_MEMORY
* \retval #PSA_ERROR_INSUFFICIENT_STORAGE
@@ -592,11 +595,9 @@
* The key type or key size is not supported, either by the
* implementation in general or in this particular persistent location.
* \retval #PSA_ERROR_INVALID_ARGUMENT
- * The key attributes, as a whole, are invalid.
- * \retval #PSA_ERROR_INVALID_ARGUMENT
- * The key data is not correctly formatted.
- * \retval #PSA_ERROR_INVALID_ARGUMENT
- * The size in \p attributes is nonzero and does not match the size
+ * The key attributes, as a whole, are invalid, or
+ * the key data is not correctly formatted, or
+ * the size in \p attributes is nonzero and does not match the size
* of the key data.
* \retval #PSA_ERROR_INSUFFICIENT_MEMORY
* \retval #PSA_ERROR_INSUFFICIENT_STORAGE
@@ -820,7 +821,6 @@
* \retval #PSA_ERROR_COMMUNICATION_FAILURE
* \retval #PSA_ERROR_HARDWARE_FAILURE
* \retval #PSA_ERROR_CORRUPTION_DETECTED
- * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
* \retval #PSA_ERROR_BAD_STATE
* The library has not been previously initialized by psa_crypto_init().
* It is implementation-dependent whether a failure to initialize
@@ -856,7 +856,6 @@
* \retval #PSA_ERROR_COMMUNICATION_FAILURE
* \retval #PSA_ERROR_HARDWARE_FAILURE
* \retval #PSA_ERROR_CORRUPTION_DETECTED
- * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
* \retval #PSA_ERROR_BAD_STATE
* The library has not been previously initialized by psa_crypto_init().
* It is implementation-dependent whether a failure to initialize
@@ -898,6 +897,12 @@
* Implementation details can change in future versions without notice. */
typedef struct psa_hash_operation_s psa_hash_operation_t;
+/** \def PSA_HASH_OPERATION_INIT
+ *
+ * This macro returns a suitable initializer for a hash operation object
+ * of type #psa_hash_operation_t.
+ */
+
/** Return an initial value for a hash operation object.
*/
static psa_hash_operation_t psa_hash_operation_init(void);
@@ -940,14 +945,13 @@
* \p alg is not a supported hash algorithm.
* \retval #PSA_ERROR_INVALID_ARGUMENT
* \p alg is not a hash algorithm.
- * \retval #PSA_ERROR_BAD_STATE
- * The operation state is not valid (it must be inactive).
* \retval #PSA_ERROR_INSUFFICIENT_MEMORY
* \retval #PSA_ERROR_COMMUNICATION_FAILURE
* \retval #PSA_ERROR_HARDWARE_FAILURE
* \retval #PSA_ERROR_CORRUPTION_DETECTED
* \retval #PSA_ERROR_BAD_STATE
- * The library has not been previously initialized by psa_crypto_init().
+ * The operation state is not valid (it must be inactive), or
+ * the library has not been previously initialized by psa_crypto_init().
* It is implementation-dependent whether a failure to initialize
* results in this error code.
*/
@@ -967,14 +971,13 @@
*
* \retval #PSA_SUCCESS
* Success.
- * \retval #PSA_ERROR_BAD_STATE
- * The operation state is not valid (it muct be active).
* \retval #PSA_ERROR_INSUFFICIENT_MEMORY
* \retval #PSA_ERROR_COMMUNICATION_FAILURE
* \retval #PSA_ERROR_HARDWARE_FAILURE
* \retval #PSA_ERROR_CORRUPTION_DETECTED
* \retval #PSA_ERROR_BAD_STATE
- * The library has not been previously initialized by psa_crypto_init().
+ * The operation state is not valid (it must be active), or
+ * the library has not been previously initialized by psa_crypto_init().
* It is implementation-dependent whether a failure to initialize
* results in this error code.
*/
@@ -988,7 +991,7 @@
* This function calculates the hash of the message formed by concatenating
* the inputs passed to preceding calls to psa_hash_update().
*
- * When this function returns successfuly, the operation becomes inactive.
+ * When this function returns successfully, the operation becomes inactive.
* If this function returns an error status, the operation enters an error
* state and must be aborted by calling psa_hash_abort().
*
@@ -1010,8 +1013,6 @@
*
* \retval #PSA_SUCCESS
* Success.
- * \retval #PSA_ERROR_BAD_STATE
- * The operation state is not valid (it must be active).
* \retval #PSA_ERROR_BUFFER_TOO_SMALL
* The size of the \p hash buffer is too small. You can determine a
* sufficient buffer size by calling #PSA_HASH_LENGTH(\c alg)
@@ -1021,7 +1022,8 @@
* \retval #PSA_ERROR_HARDWARE_FAILURE
* \retval #PSA_ERROR_CORRUPTION_DETECTED
* \retval #PSA_ERROR_BAD_STATE
- * The library has not been previously initialized by psa_crypto_init().
+ * The operation state is not valid (it must be active), or
+ * the library has not been previously initialized by psa_crypto_init().
* It is implementation-dependent whether a failure to initialize
* results in this error code.
*/
@@ -1039,7 +1041,7 @@
* compares the calculated hash with the expected hash passed as a
* parameter to this function.
*
- * When this function returns successfuly, the operation becomes inactive.
+ * When this function returns successfully, the operation becomes inactive.
* If this function returns an error status, the operation enters an error
* state and must be aborted by calling psa_hash_abort().
*
@@ -1056,14 +1058,13 @@
* \retval #PSA_ERROR_INVALID_SIGNATURE
* The hash of the message was calculated successfully, but it
* differs from the expected hash.
- * \retval #PSA_ERROR_BAD_STATE
- * The operation state is not valid (it must be active).
* \retval #PSA_ERROR_INSUFFICIENT_MEMORY
* \retval #PSA_ERROR_COMMUNICATION_FAILURE
* \retval #PSA_ERROR_HARDWARE_FAILURE
* \retval #PSA_ERROR_CORRUPTION_DETECTED
* \retval #PSA_ERROR_BAD_STATE
- * The library has not been previously initialized by psa_crypto_init().
+ * The operation state is not valid (it must be active), or
+ * the library has not been previously initialized by psa_crypto_init().
* It is implementation-dependent whether a failure to initialize
* results in this error code.
*/
@@ -1114,16 +1115,14 @@
* It must be initialized but not active.
*
* \retval #PSA_SUCCESS
- * \retval #PSA_ERROR_BAD_STATE
- * The \p source_operation state is not valid (it must be active).
- * \retval #PSA_ERROR_BAD_STATE
- * The \p target_operation state is not valid (it must be inactive).
* \retval #PSA_ERROR_COMMUNICATION_FAILURE
* \retval #PSA_ERROR_HARDWARE_FAILURE
* \retval #PSA_ERROR_CORRUPTION_DETECTED
* \retval #PSA_ERROR_INSUFFICIENT_MEMORY
* \retval #PSA_ERROR_BAD_STATE
- * The library has not been previously initialized by psa_crypto_init().
+ * The \p source_operation state is not valid (it must be active), or
+ * the \p target_operation state is not valid (it must be inactive), or
+ * the library has not been previously initialized by psa_crypto_init().
* It is implementation-dependent whether a failure to initialize
* results in this error code.
*/
@@ -1257,6 +1256,12 @@
* Implementation details can change in future versions without notice. */
typedef struct psa_mac_operation_s psa_mac_operation_t;
+/** \def PSA_MAC_OPERATION_INIT
+ *
+ * This macro returns a suitable initializer for a MAC operation object of type
+ * #psa_mac_operation_t.
+ */
+
/** Return an initial value for a MAC operation object.
*/
static psa_mac_operation_t psa_mac_operation_init(void);
@@ -1314,9 +1319,8 @@
* \retval #PSA_ERROR_STORAGE_FAILURE
* The key could not be retrieved from storage.
* \retval #PSA_ERROR_BAD_STATE
- * The operation state is not valid (it must be inactive).
- * \retval #PSA_ERROR_BAD_STATE
- * The library has not been previously initialized by psa_crypto_init().
+ * The operation state is not valid (it must be inactive), or
+ * the library has not been previously initialized by psa_crypto_init().
* It is implementation-dependent whether a failure to initialize
* results in this error code.
*/
@@ -1375,11 +1379,10 @@
* \retval #PSA_ERROR_HARDWARE_FAILURE
* \retval #PSA_ERROR_CORRUPTION_DETECTED
* \retval #PSA_ERROR_STORAGE_FAILURE
- * The key could not be retrieved from storage
+ * The key could not be retrieved from storage.
* \retval #PSA_ERROR_BAD_STATE
- * The operation state is not valid (it must be inactive).
- * \retval #PSA_ERROR_BAD_STATE
- * The library has not been previously initialized by psa_crypto_init().
+ * The operation state is not valid (it must be inactive), or
+ * the library has not been previously initialized by psa_crypto_init().
* It is implementation-dependent whether a failure to initialize
* results in this error code.
*/
@@ -1402,15 +1405,14 @@
*
* \retval #PSA_SUCCESS
* Success.
- * \retval #PSA_ERROR_BAD_STATE
- * The operation state is not valid (it must be active).
* \retval #PSA_ERROR_INSUFFICIENT_MEMORY
* \retval #PSA_ERROR_COMMUNICATION_FAILURE
* \retval #PSA_ERROR_HARDWARE_FAILURE
* \retval #PSA_ERROR_CORRUPTION_DETECTED
* \retval #PSA_ERROR_STORAGE_FAILURE
* \retval #PSA_ERROR_BAD_STATE
- * The library has not been previously initialized by psa_crypto_init().
+ * The operation state is not valid (it must be active), or
+ * the library has not been previously initialized by psa_crypto_init().
* It is implementation-dependent whether a failure to initialize
* results in this error code.
*/
@@ -1424,7 +1426,7 @@
* This function calculates the MAC of the message formed by concatenating
* the inputs passed to preceding calls to psa_mac_update().
*
- * When this function returns successfuly, the operation becomes inactive.
+ * When this function returns successfully, the operation becomes inactive.
* If this function returns an error status, the operation enters an error
* state and must be aborted by calling psa_mac_abort().
*
@@ -1448,9 +1450,6 @@
*
* \retval #PSA_SUCCESS
* Success.
- * \retval #PSA_ERROR_BAD_STATE
- * The operation state is not valid (it must be an active mac sign
- * operation).
* \retval #PSA_ERROR_BUFFER_TOO_SMALL
* The size of the \p mac buffer is too small. You can determine a
* sufficient buffer size by calling PSA_MAC_LENGTH().
@@ -1460,7 +1459,9 @@
* \retval #PSA_ERROR_CORRUPTION_DETECTED
* \retval #PSA_ERROR_STORAGE_FAILURE
* \retval #PSA_ERROR_BAD_STATE
- * The library has not been previously initialized by psa_crypto_init().
+ * The operation state is not valid (it must be an active mac sign
+ * operation), or the library has not been previously initialized
+ * by psa_crypto_init().
* It is implementation-dependent whether a failure to initialize
* results in this error code.
*/
@@ -1478,7 +1479,7 @@
* compares the calculated MAC with the expected MAC passed as a
* parameter to this function.
*
- * When this function returns successfuly, the operation becomes inactive.
+ * When this function returns successfully, the operation becomes inactive.
* If this function returns an error status, the operation enters an error
* state and must be aborted by calling psa_mac_abort().
*
@@ -1495,16 +1496,15 @@
* \retval #PSA_ERROR_INVALID_SIGNATURE
* The MAC of the message was calculated successfully, but it
* differs from the expected MAC.
- * \retval #PSA_ERROR_BAD_STATE
- * The operation state is not valid (it must be an active mac verify
- * operation).
* \retval #PSA_ERROR_INSUFFICIENT_MEMORY
* \retval #PSA_ERROR_COMMUNICATION_FAILURE
* \retval #PSA_ERROR_HARDWARE_FAILURE
* \retval #PSA_ERROR_CORRUPTION_DETECTED
* \retval #PSA_ERROR_STORAGE_FAILURE
* \retval #PSA_ERROR_BAD_STATE
- * The library has not been previously initialized by psa_crypto_init().
+ * The operation state is not valid (it must be an active mac verify
+ * operation), or the library has not been previously initialized
+ * by psa_crypto_init().
* It is implementation-dependent whether a failure to initialize
* results in this error code.
*/
@@ -1669,6 +1669,12 @@
* Implementation details can change in future versions without notice. */
typedef struct psa_cipher_operation_s psa_cipher_operation_t;
+/** \def PSA_CIPHER_OPERATION_INIT
+ *
+ * This macro returns a suitable initializer for a cipher operation object of
+ * type #psa_cipher_operation_t.
+ */
+
/** Return an initial value for a cipher operation object.
*/
static psa_cipher_operation_t psa_cipher_operation_init(void);
@@ -1727,9 +1733,8 @@
* \retval #PSA_ERROR_CORRUPTION_DETECTED
* \retval #PSA_ERROR_STORAGE_FAILURE
* \retval #PSA_ERROR_BAD_STATE
- * The operation state is not valid (it must be inactive).
- * \retval #PSA_ERROR_BAD_STATE
- * The library has not been previously initialized by psa_crypto_init().
+ * The operation state is not valid (it must be inactive), or
+ * the library has not been previously initialized by psa_crypto_init().
* It is implementation-dependent whether a failure to initialize
* results in this error code.
*/
@@ -1791,9 +1796,8 @@
* \retval #PSA_ERROR_CORRUPTION_DETECTED
* \retval #PSA_ERROR_STORAGE_FAILURE
* \retval #PSA_ERROR_BAD_STATE
- * The operation state is not valid (it must be inactive).
- * \retval #PSA_ERROR_BAD_STATE
- * The library has not been previously initialized by psa_crypto_init().
+ * The operation state is not valid (it must be inactive), or
+ * the library has not been previously initialized by psa_crypto_init().
* It is implementation-dependent whether a failure to initialize
* results in this error code.
*/
@@ -1821,8 +1825,6 @@
*
* \retval #PSA_SUCCESS
* Success.
- * \retval #PSA_ERROR_BAD_STATE
- * The operation state is not valid (it must be active, with no IV set).
* \retval #PSA_ERROR_BUFFER_TOO_SMALL
* The size of the \p iv buffer is too small.
* \retval #PSA_ERROR_INSUFFICIENT_MEMORY
@@ -1831,7 +1833,9 @@
* \retval #PSA_ERROR_CORRUPTION_DETECTED
* \retval #PSA_ERROR_STORAGE_FAILURE
* \retval #PSA_ERROR_BAD_STATE
- * The library has not been previously initialized by psa_crypto_init().
+ * The operation state is not valid (it must be active, with no IV set),
+ * or the library has not been previously initialized
+ * by psa_crypto_init().
* It is implementation-dependent whether a failure to initialize
* results in this error code.
*/
@@ -1861,9 +1865,6 @@
*
* \retval #PSA_SUCCESS
* Success.
- * \retval #PSA_ERROR_BAD_STATE
- * The operation state is not valid (it must be an active cipher
- * encrypt operation, with no IV set).
* \retval #PSA_ERROR_INVALID_ARGUMENT
* The size of \p iv is not acceptable for the chosen algorithm,
* or the chosen algorithm does not use an IV.
@@ -1873,7 +1874,9 @@
* \retval #PSA_ERROR_CORRUPTION_DETECTED
* \retval #PSA_ERROR_STORAGE_FAILURE
* \retval #PSA_ERROR_BAD_STATE
- * The library has not been previously initialized by psa_crypto_init().
+ * The operation state is not valid (it must be an active cipher
+ * encrypt operation, with no IV set), or the library has not been
+ * previously initialized by psa_crypto_init().
* It is implementation-dependent whether a failure to initialize
* results in this error code.
*/
@@ -1904,9 +1907,6 @@
*
* \retval #PSA_SUCCESS
* Success.
- * \retval #PSA_ERROR_BAD_STATE
- * The operation state is not valid (it must be active, with an IV set
- * if required for the algorithm).
* \retval #PSA_ERROR_BUFFER_TOO_SMALL
* The size of the \p output buffer is too small.
* \retval #PSA_ERROR_INSUFFICIENT_MEMORY
@@ -1915,7 +1915,9 @@
* \retval #PSA_ERROR_CORRUPTION_DETECTED
* \retval #PSA_ERROR_STORAGE_FAILURE
* \retval #PSA_ERROR_BAD_STATE
- * The library has not been previously initialized by psa_crypto_init().
+ * The operation state is not valid (it must be active, with an IV set
+ * if required for the algorithm), or the library has not been
+ * previously initialized by psa_crypto_init().
* It is implementation-dependent whether a failure to initialize
* results in this error code.
*/
@@ -1937,7 +1939,7 @@
* formed by concatenating the inputs passed to preceding calls to
* psa_cipher_update().
*
- * When this function returns successfuly, the operation becomes inactive.
+ * When this function returns successfully, the operation becomes inactive.
* If this function returns an error status, the operation enters an error
* state and must be aborted by calling psa_cipher_abort().
*
@@ -1957,9 +1959,6 @@
* \retval #PSA_ERROR_INVALID_PADDING
* This is a decryption operation for an algorithm that includes
* padding, and the ciphertext does not contain valid padding.
- * \retval #PSA_ERROR_BAD_STATE
- * The operation state is not valid (it must be active, with an IV set
- * if required for the algorithm).
* \retval #PSA_ERROR_BUFFER_TOO_SMALL
* The size of the \p output buffer is too small.
* \retval #PSA_ERROR_INSUFFICIENT_MEMORY
@@ -1968,7 +1967,9 @@
* \retval #PSA_ERROR_CORRUPTION_DETECTED
* \retval #PSA_ERROR_STORAGE_FAILURE
* \retval #PSA_ERROR_BAD_STATE
- * The library has not been previously initialized by psa_crypto_init().
+ * The operation state is not valid (it must be active, with an IV set
+ * if required for the algorithm), or the library has not been
+ * previously initialized by psa_crypto_init().
* It is implementation-dependent whether a failure to initialize
* results in this error code.
*/
@@ -2186,6 +2187,12 @@
* Implementation details can change in future versions without notice. */
typedef struct psa_aead_operation_s psa_aead_operation_t;
+/** \def PSA_AEAD_OPERATION_INIT
+ *
+ * This macro returns a suitable initializer for an AEAD operation object of
+ * type #psa_aead_operation_t.
+ */
+
/** Return an initial value for an AEAD operation object.
*/
static psa_aead_operation_t psa_aead_operation_init(void);
@@ -2239,7 +2246,8 @@
* \retval #PSA_SUCCESS
* Success.
* \retval #PSA_ERROR_BAD_STATE
- * The operation state is not valid (it must be inactive).
+ * The operation state is not valid (it must be inactive), or
+ * the library has not been previously initialized by psa_crypto_init().
* \retval #PSA_ERROR_INVALID_HANDLE
* \retval #PSA_ERROR_NOT_PERMITTED
* \retval #PSA_ERROR_INVALID_ARGUMENT
@@ -2251,7 +2259,6 @@
* \retval #PSA_ERROR_HARDWARE_FAILURE
* \retval #PSA_ERROR_CORRUPTION_DETECTED
* \retval #PSA_ERROR_STORAGE_FAILURE
- * \retval #PSA_ERROR_BAD_STATE
* The library has not been previously initialized by psa_crypto_init().
* It is implementation-dependent whether a failure to initialize
* results in this error code.
@@ -2305,8 +2312,6 @@
*
* \retval #PSA_SUCCESS
* Success.
- * \retval #PSA_ERROR_BAD_STATE
- * The operation state is not valid (it must be inactive).
* \retval #PSA_ERROR_INVALID_HANDLE
* \retval #PSA_ERROR_NOT_PERMITTED
* \retval #PSA_ERROR_INVALID_ARGUMENT
@@ -2319,7 +2324,8 @@
* \retval #PSA_ERROR_CORRUPTION_DETECTED
* \retval #PSA_ERROR_STORAGE_FAILURE
* \retval #PSA_ERROR_BAD_STATE
- * The library has not been previously initialized by psa_crypto_init().
+ * The operation state is not valid (it must be inactive), or the
+ * library has not been previously initialized by psa_crypto_init().
* It is implementation-dependent whether a failure to initialize
* results in this error code.
*/
@@ -2348,9 +2354,6 @@
*
* \retval #PSA_SUCCESS
* Success.
- * \retval #PSA_ERROR_BAD_STATE
- * The operation state is not valid (it must be an active aead encrypt
- * operation, with no nonce set).
* \retval #PSA_ERROR_BUFFER_TOO_SMALL
* The size of the \p nonce buffer is too small.
* \retval #PSA_ERROR_INSUFFICIENT_MEMORY
@@ -2359,7 +2362,9 @@
* \retval #PSA_ERROR_CORRUPTION_DETECTED
* \retval #PSA_ERROR_STORAGE_FAILURE
* \retval #PSA_ERROR_BAD_STATE
- * The library has not been previously initialized by psa_crypto_init().
+ * The operation state is not valid (it must be an active aead encrypt
+ * operation, with no nonce set), or the library has not been
+ * previously initialized by psa_crypto_init().
* It is implementation-dependent whether a failure to initialize
* results in this error code.
*/
@@ -2389,9 +2394,6 @@
*
* \retval #PSA_SUCCESS
* Success.
- * \retval #PSA_ERROR_BAD_STATE
- * The operation state is not valid (it must be active, with no nonce
- * set).
* \retval #PSA_ERROR_INVALID_ARGUMENT
* The size of \p nonce is not acceptable for the chosen algorithm.
* \retval #PSA_ERROR_INSUFFICIENT_MEMORY
@@ -2400,7 +2402,9 @@
* \retval #PSA_ERROR_CORRUPTION_DETECTED
* \retval #PSA_ERROR_STORAGE_FAILURE
* \retval #PSA_ERROR_BAD_STATE
- * The library has not been previously initialized by psa_crypto_init().
+ * The operation state is not valid (it must be active, with no nonce
+ * set), or the library has not been previously initialized
+ * by psa_crypto_init().
* It is implementation-dependent whether a failure to initialize
* results in this error code.
*/
@@ -2434,10 +2438,6 @@
*
* \retval #PSA_SUCCESS
* Success.
- * \retval #PSA_ERROR_BAD_STATE
- * The operation state is not valid (it must be active, and
- * psa_aead_update_ad() and psa_aead_update() must not have been
- * called yet).
* \retval #PSA_ERROR_INVALID_ARGUMENT
* At least one of the lengths is not acceptable for the chosen
* algorithm.
@@ -2446,7 +2446,10 @@
* \retval #PSA_ERROR_HARDWARE_FAILURE
* \retval #PSA_ERROR_CORRUPTION_DETECTED
* \retval #PSA_ERROR_BAD_STATE
- * The library has not been previously initialized by psa_crypto_init().
+ * The operation state is not valid (it must be active, and
+ * psa_aead_update_ad() and psa_aead_update() must not have been
+ * called yet), or the library has not been previously initialized
+ * by psa_crypto_init().
* It is implementation-dependent whether a failure to initialize
* results in this error code.
*/
@@ -2482,10 +2485,6 @@
*
* \retval #PSA_SUCCESS
* Success.
- * \retval #PSA_ERROR_BAD_STATE
- * The operation state is not valid (it must be active, have a nonce
- * set, have lengths set if required by the algorithm, and
- * psa_aead_update() must not have been called yet).
* \retval #PSA_ERROR_INVALID_ARGUMENT
* The total input length overflows the additional data length that
* was previously specified with psa_aead_set_lengths().
@@ -2495,7 +2494,10 @@
* \retval #PSA_ERROR_CORRUPTION_DETECTED
* \retval #PSA_ERROR_STORAGE_FAILURE
* \retval #PSA_ERROR_BAD_STATE
- * The library has not been previously initialized by psa_crypto_init().
+ * The operation state is not valid (it must be active, have a nonce
+ * set, have lengths set if required by the algorithm, and
+ * psa_aead_update() must not have been called yet), or the library
+ * has not been previously initialized by psa_crypto_init().
* It is implementation-dependent whether a failure to initialize
* results in this error code.
*/
@@ -2560,9 +2562,6 @@
*
* \retval #PSA_SUCCESS
* Success.
- * \retval #PSA_ERROR_BAD_STATE
- * The operation state is not valid (it must be active, have a nonce
- * set, and have lengths set if required by the algorithm).
* \retval #PSA_ERROR_BUFFER_TOO_SMALL
* The size of the \p output buffer is too small.
* #PSA_AEAD_UPDATE_OUTPUT_SIZE(\c key_type, \c alg, \p input_length) or
@@ -2571,9 +2570,8 @@
* \retval #PSA_ERROR_INVALID_ARGUMENT
* The total length of input to psa_aead_update_ad() so far is
* less than the additional data length that was previously
- * specified with psa_aead_set_lengths().
- * \retval #PSA_ERROR_INVALID_ARGUMENT
- * The total input length overflows the plaintext length that
+ * specified with psa_aead_set_lengths(), or
+ * the total input length overflows the plaintext length that
* was previously specified with psa_aead_set_lengths().
* \retval #PSA_ERROR_INSUFFICIENT_MEMORY
* \retval #PSA_ERROR_COMMUNICATION_FAILURE
@@ -2581,7 +2579,9 @@
* \retval #PSA_ERROR_CORRUPTION_DETECTED
* \retval #PSA_ERROR_STORAGE_FAILURE
* \retval #PSA_ERROR_BAD_STATE
- * The library has not been previously initialized by psa_crypto_init().
+ * The operation state is not valid (it must be active, have a nonce
+ * set, and have lengths set if required by the algorithm), or the
+ * library has not been previously initialized by psa_crypto_init().
* It is implementation-dependent whether a failure to initialize
* results in this error code.
*/
@@ -2606,7 +2606,7 @@
* preceding calls to psa_aead_update().
* - \p tag contains the authentication tag.
*
- * When this function returns successfuly, the operation becomes inactive.
+ * When this function returns successfully, the operation becomes inactive.
* If this function returns an error status, the operation enters an error
* state and must be aborted by calling psa_aead_abort().
*
@@ -2645,9 +2645,6 @@
*
* \retval #PSA_SUCCESS
* Success.
- * \retval #PSA_ERROR_BAD_STATE
- * The operation state is not valid (it must be an active encryption
- * operation with a nonce set).
* \retval #PSA_ERROR_BUFFER_TOO_SMALL
* The size of the \p ciphertext or \p tag buffer is too small.
* #PSA_AEAD_FINISH_OUTPUT_SIZE(\c key_type, \c alg) or
@@ -2658,9 +2655,8 @@
* \retval #PSA_ERROR_INVALID_ARGUMENT
* The total length of input to psa_aead_update_ad() so far is
* less than the additional data length that was previously
- * specified with psa_aead_set_lengths().
- * \retval #PSA_ERROR_INVALID_ARGUMENT
- * The total length of input to psa_aead_update() so far is
+ * specified with psa_aead_set_lengths(), or
+ * the total length of input to psa_aead_update() so far is
* less than the plaintext length that was previously
* specified with psa_aead_set_lengths().
* \retval #PSA_ERROR_INSUFFICIENT_MEMORY
@@ -2669,7 +2665,9 @@
* \retval #PSA_ERROR_CORRUPTION_DETECTED
* \retval #PSA_ERROR_STORAGE_FAILURE
* \retval #PSA_ERROR_BAD_STATE
- * The library has not been previously initialized by psa_crypto_init().
+ * The operation state is not valid (it must be an active encryption
+ * operation with a nonce set), or the library has not been previously
+ * initialized by psa_crypto_init().
* It is implementation-dependent whether a failure to initialize
* results in this error code.
*/
@@ -2698,7 +2696,7 @@
* plaintext and reports success. If the authentication tag is not correct,
* this function returns #PSA_ERROR_INVALID_SIGNATURE.
*
- * When this function returns successfuly, the operation becomes inactive.
+ * When this function returns successfully, the operation becomes inactive.
* If this function returns an error status, the operation enters an error
* state and must be aborted by calling psa_aead_abort().
*
@@ -2732,9 +2730,6 @@
* \retval #PSA_ERROR_INVALID_SIGNATURE
* The calculations were successful, but the authentication tag is
* not correct.
- * \retval #PSA_ERROR_BAD_STATE
- * The operation state is not valid (it must be an active decryption
- * operation with a nonce set).
* \retval #PSA_ERROR_BUFFER_TOO_SMALL
* The size of the \p plaintext buffer is too small.
* #PSA_AEAD_VERIFY_OUTPUT_SIZE(\c key_type, \c alg) or
@@ -2743,9 +2738,8 @@
* \retval #PSA_ERROR_INVALID_ARGUMENT
* The total length of input to psa_aead_update_ad() so far is
* less than the additional data length that was previously
- * specified with psa_aead_set_lengths().
- * \retval #PSA_ERROR_INVALID_ARGUMENT
- * The total length of input to psa_aead_update() so far is
+ * specified with psa_aead_set_lengths(), or
+ * the total length of input to psa_aead_update() so far is
* less than the plaintext length that was previously
* specified with psa_aead_set_lengths().
* \retval #PSA_ERROR_INSUFFICIENT_MEMORY
@@ -2754,7 +2748,9 @@
* \retval #PSA_ERROR_CORRUPTION_DETECTED
* \retval #PSA_ERROR_STORAGE_FAILURE
* \retval #PSA_ERROR_BAD_STATE
- * The library has not been previously initialized by psa_crypto_init().
+ * The operation state is not valid (it must be an active decryption
+ * operation with a nonce set), or the library has not been previously
+ * initialized by psa_crypto_init().
* It is implementation-dependent whether a failure to initialize
* results in this error code.
*/
@@ -2998,7 +2994,7 @@
* \retval #PSA_ERROR_INVALID_HANDLE
* \retval #PSA_ERROR_NOT_PERMITTED
* \retval #PSA_ERROR_INVALID_SIGNATURE
- * The calculation was perfomed successfully, but the passed
+ * The calculation was performed successfully, but the passed
* signature is not a valid signature.
* \retval #PSA_ERROR_NOT_SUPPORTED
* \retval #PSA_ERROR_INVALID_ARGUMENT
@@ -3022,7 +3018,7 @@
/**
* \brief Encrypt a short message with a public key.
*
- * \param key Identifer of the key to use for the operation.
+ * \param key Identifier of the key to use for the operation.
* It must be a public key or an asymmetric key
* pair. It must allow the usage
* #PSA_KEY_USAGE_ENCRYPT.
@@ -3178,6 +3174,12 @@
*/
typedef struct psa_key_derivation_s psa_key_derivation_operation_t;
+/** \def PSA_KEY_DERIVATION_OPERATION_INIT
+ *
+ * This macro returns a suitable initializer for a key derivation operation
+ * object of type #psa_key_derivation_operation_t.
+ */
+
/** Return an initial value for a key derivation operation object.
*/
static psa_key_derivation_operation_t psa_key_derivation_operation_init(void);
@@ -3235,9 +3237,8 @@
* \retval #PSA_ERROR_CORRUPTION_DETECTED
* \retval #PSA_ERROR_STORAGE_FAILURE
* \retval #PSA_ERROR_BAD_STATE
- * The operation state is not valid (it must be inactive).
- * \retval #PSA_ERROR_BAD_STATE
- * The library has not been previously initialized by psa_crypto_init().
+ * The operation state is not valid (it must be inactive), or
+ * the library has not been previously initialized by psa_crypto_init().
* It is implementation-dependent whether a failure to initialize
* results in this error code.
*/
@@ -3256,12 +3257,11 @@
*
* \retval #PSA_SUCCESS
* \retval #PSA_ERROR_COMMUNICATION_FAILURE
- * \retval #PSA_ERROR_BAD_STATE
- * The operation state is not valid (it must be active).
* \retval #PSA_ERROR_HARDWARE_FAILURE
* \retval #PSA_ERROR_CORRUPTION_DETECTED
* \retval #PSA_ERROR_BAD_STATE
- * The library has not been previously initialized by psa_crypto_init().
+ * The operation state is not valid (it must be active), or
+ * the library has not been previously initialized by psa_crypto_init().
* It is implementation-dependent whether a failure to initialize
* results in this error code.
*/
@@ -3284,13 +3284,12 @@
* \p capacity is larger than the operation's current capacity.
* In this case, the operation object remains valid and its capacity
* remains unchanged.
- * \retval #PSA_ERROR_BAD_STATE
- * The operation state is not valid (it must be active).
* \retval #PSA_ERROR_COMMUNICATION_FAILURE
* \retval #PSA_ERROR_HARDWARE_FAILURE
* \retval #PSA_ERROR_CORRUPTION_DETECTED
* \retval #PSA_ERROR_BAD_STATE
- * The library has not been previously initialized by psa_crypto_init().
+ * The operation state is not valid (it must be active), or the
+ * library has not been previously initialized by psa_crypto_init().
* It is implementation-dependent whether a failure to initialize
* results in this error code.
*/
@@ -3334,8 +3333,7 @@
* \retval #PSA_SUCCESS
* Success.
* \retval #PSA_ERROR_INVALID_ARGUMENT
- * \c step is not compatible with the operation's algorithm.
- * \retval #PSA_ERROR_INVALID_ARGUMENT
+ * \c step is not compatible with the operation's algorithm, or
* \c step does not allow direct inputs.
* \retval #PSA_ERROR_INSUFFICIENT_MEMORY
* \retval #PSA_ERROR_COMMUNICATION_FAILURE
@@ -3343,9 +3341,8 @@
* \retval #PSA_ERROR_CORRUPTION_DETECTED
* \retval #PSA_ERROR_STORAGE_FAILURE
* \retval #PSA_ERROR_BAD_STATE
- * The operation state is not valid for this input \p step.
- * \retval #PSA_ERROR_BAD_STATE
- * The library has not been previously initialized by psa_crypto_init().
+ * The operation state is not valid for this input \p step, or
+ * the library has not been previously initialized by psa_crypto_init().
* It is implementation-dependent whether a failure to initialize
* results in this error code.
*/
@@ -3379,8 +3376,7 @@
* \retval #PSA_SUCCESS
* Success.
* \retval #PSA_ERROR_INVALID_ARGUMENT
- * \c step is not compatible with the operation's algorithm.
- * \retval #PSA_ERROR_INVALID_ARGUMENT
+ * \c step is not compatible with the operation's algorithm, or
* \c step does not allow numeric inputs.
* \retval #PSA_ERROR_INSUFFICIENT_MEMORY
* \retval #PSA_ERROR_COMMUNICATION_FAILURE
@@ -3388,9 +3384,8 @@
* \retval #PSA_ERROR_CORRUPTION_DETECTED
* \retval #PSA_ERROR_STORAGE_FAILURE
* \retval #PSA_ERROR_BAD_STATE
- * The operation state is not valid for this input \p step.
- * \retval #PSA_ERROR_BAD_STATE
- * The library has not been previously initialized by psa_crypto_init().
+ * The operation state is not valid for this input \p step, or
+ * the library has not been previously initialized by psa_crypto_init().
* It is implementation-dependent whether a failure to initialize
* results in this error code.
*/
@@ -3447,8 +3442,7 @@
* #PSA_KEY_USAGE_VERIFY_DERIVATION, or it doesn't allow this
* algorithm.
* \retval #PSA_ERROR_INVALID_ARGUMENT
- * \c step is not compatible with the operation's algorithm.
- * \retval #PSA_ERROR_INVALID_ARGUMENT
+ * \c step is not compatible with the operation's algorithm, or
* \c step does not allow key inputs of the given type
* or does not allow key inputs at all.
* \retval #PSA_ERROR_INSUFFICIENT_MEMORY
@@ -3457,9 +3451,8 @@
* \retval #PSA_ERROR_CORRUPTION_DETECTED
* \retval #PSA_ERROR_STORAGE_FAILURE
* \retval #PSA_ERROR_BAD_STATE
- * The operation state is not valid for this input \p step.
- * \retval #PSA_ERROR_BAD_STATE
- * The library has not been previously initialized by psa_crypto_init().
+ * The operation state is not valid for this input \p step, or
+ * the library has not been previously initialized by psa_crypto_init().
* It is implementation-dependent whether a failure to initialize
* results in this error code.
*/
@@ -3511,25 +3504,23 @@
*
* \retval #PSA_SUCCESS
* Success.
- * \retval #PSA_ERROR_BAD_STATE
- * The operation state is not valid for this key agreement \p step.
* \retval #PSA_ERROR_INVALID_HANDLE
* \retval #PSA_ERROR_NOT_PERMITTED
* \retval #PSA_ERROR_INVALID_ARGUMENT
* \c private_key is not compatible with \c alg,
* or \p peer_key is not valid for \c alg or not compatible with
- * \c private_key.
+ * \c private_key, or \c step does not allow an input resulting
+ * from a key agreement.
* \retval #PSA_ERROR_NOT_SUPPORTED
* \c alg is not supported or is not a key derivation algorithm.
- * \retval #PSA_ERROR_INVALID_ARGUMENT
- * \c step does not allow an input resulting from a key agreement.
* \retval #PSA_ERROR_INSUFFICIENT_MEMORY
* \retval #PSA_ERROR_COMMUNICATION_FAILURE
* \retval #PSA_ERROR_HARDWARE_FAILURE
* \retval #PSA_ERROR_CORRUPTION_DETECTED
* \retval #PSA_ERROR_STORAGE_FAILURE
* \retval #PSA_ERROR_BAD_STATE
- * The library has not been previously initialized by psa_crypto_init().
+ * The operation state is not valid for this key agreement \p step,
+ * or the library has not been previously initialized by psa_crypto_init().
* It is implementation-dependent whether a failure to initialize
* results in this error code.
*/
@@ -3568,16 +3559,15 @@
* The operation's capacity is set to 0, thus
* subsequent calls to this function will not
* succeed, even with a smaller output buffer.
- * \retval #PSA_ERROR_BAD_STATE
- * The operation state is not valid (it must be active and completed
- * all required input steps).
* \retval #PSA_ERROR_INSUFFICIENT_MEMORY
* \retval #PSA_ERROR_COMMUNICATION_FAILURE
* \retval #PSA_ERROR_HARDWARE_FAILURE
* \retval #PSA_ERROR_CORRUPTION_DETECTED
* \retval #PSA_ERROR_STORAGE_FAILURE
* \retval #PSA_ERROR_BAD_STATE
- * The library has not been previously initialized by psa_crypto_init().
+ * The operation state is not valid (it must be active and completed
+ * all required input steps), or the library has not been previously
+ * initialized by psa_crypto_init().
* It is implementation-dependent whether a failure to initialize
* results in this error code.
*/
@@ -3618,6 +3608,7 @@
* The following key types defined in this specification follow this scheme:
*
* - #PSA_KEY_TYPE_AES;
+ * - #PSA_KEY_TYPE_ARIA;
* - #PSA_KEY_TYPE_CAMELLIA;
* - #PSA_KEY_TYPE_DERIVE;
* - #PSA_KEY_TYPE_HMAC;
@@ -3715,9 +3706,6 @@
* #PSA_KEY_DERIVATION_INPUT_PASSWORD input was not provided through a
* key; or one of the inputs was a key whose policy didn't allow
* #PSA_KEY_USAGE_DERIVE.
- * \retval #PSA_ERROR_BAD_STATE
- * The operation state is not valid (it must be active and completed
- * all required input steps).
* \retval #PSA_ERROR_INSUFFICIENT_MEMORY
* \retval #PSA_ERROR_INSUFFICIENT_STORAGE
* \retval #PSA_ERROR_COMMUNICATION_FAILURE
@@ -3727,7 +3715,9 @@
* \retval #PSA_ERROR_DATA_CORRUPT
* \retval #PSA_ERROR_STORAGE_FAILURE
* \retval #PSA_ERROR_BAD_STATE
- * The library has not been previously initialized by psa_crypto_init().
+ * The operation state is not valid (it must be active and completed
+ * all required input steps), or the library has not been previously
+ * initialized by psa_crypto_init().
* It is implementation-dependent whether a failure to initialize
* results in this error code.
*/
@@ -3761,7 +3751,7 @@
*
* \param[in,out] operation The key derivation operation object to read from.
* \param[in] expected_output Buffer containing the expected derivation output.
- * \param output_length Length ot the expected output; this is also the
+ * \param output_length Length of the expected output; this is also the
* number of bytes that will be read.
*
* \retval #PSA_SUCCESS
@@ -3777,16 +3767,15 @@
* the operation's capacity is set to 0, thus
* subsequent calls to this function will not
* succeed, even with a smaller expected output.
- * \retval #PSA_ERROR_BAD_STATE
- * The operation state is not valid (it must be active and completed
- * all required input steps).
* \retval #PSA_ERROR_INSUFFICIENT_MEMORY
* \retval #PSA_ERROR_COMMUNICATION_FAILURE
* \retval #PSA_ERROR_HARDWARE_FAILURE
* \retval #PSA_ERROR_CORRUPTION_DETECTED
* \retval #PSA_ERROR_STORAGE_FAILURE
* \retval #PSA_ERROR_BAD_STATE
- * The library has not been previously initialized by psa_crypto_init().
+ * The operation state is not valid (it must be active and completed
+ * all required input steps), or the library has not been previously
+ * initialized by psa_crypto_init().
* It is implementation-dependent whether a failure to initialize
* results in this error code.
*/
@@ -3842,16 +3831,15 @@
* the operation's capacity is set to 0, thus
* subsequent calls to this function will not
* succeed, even with a smaller expected output.
- * \retval #PSA_ERROR_BAD_STATE
- * The operation state is not valid (it must be active and completed
- * all required input steps).
* \retval #PSA_ERROR_INSUFFICIENT_MEMORY
* \retval #PSA_ERROR_COMMUNICATION_FAILURE
* \retval #PSA_ERROR_HARDWARE_FAILURE
* \retval #PSA_ERROR_CORRUPTION_DETECTED
* \retval #PSA_ERROR_STORAGE_FAILURE
* \retval #PSA_ERROR_BAD_STATE
- * The library has not been previously initialized by psa_crypto_init().
+ * The operation state is not valid (it must be active and completed
+ * all required input steps), or the library has not been previously
+ * initialized by psa_crypto_init().
* It is implementation-dependent whether a failure to initialize
* results in this error code.
*/
@@ -3917,8 +3905,7 @@
* \retval #PSA_ERROR_INVALID_HANDLE
* \retval #PSA_ERROR_NOT_PERMITTED
* \retval #PSA_ERROR_INVALID_ARGUMENT
- * \p alg is not a key agreement algorithm
- * \retval #PSA_ERROR_INVALID_ARGUMENT
+ * \p alg is not a key agreement algorithm, or
* \p private_key is not compatible with \p alg,
* or \p peer_key is not valid for \p alg or not compatible with
* \p private_key.