Merge pull request #139 from ARMmbed/psa-PSA_ALG-block_cipher_padding
Correct and simplify block-based cipher modes
diff --git a/include/psa/crypto.h b/include/psa/crypto.h
index 1c68304..0105f7f 100644
--- a/include/psa/crypto.h
+++ b/include/psa/crypto.h
@@ -323,6 +323,14 @@
* Applications may call this function more than once. Once a call
* succeeds, subsequent calls are guaranteed to succeed.
*
+ * If the application calls other functions before calling psa_crypto_init(),
+ * the behavior is undefined. Implementations are encouraged to either perform
+ * the operation as if the library had been initialized or to return
+ * #PSA_ERROR_BAD_STATE or some other applicable error. In particular,
+ * implementations should not return a success status if the lack of
+ * initialization may have security implications, for example due to improper
+ * seeding of the random number generator.
+ *
* \retval #PSA_SUCCESS
* \retval #PSA_ERROR_INSUFFICIENT_MEMORY
* \retval #PSA_ERROR_COMMUNICATION_FAILURE
@@ -1089,6 +1097,10 @@
* \retval #PSA_ERROR_COMMUNICATION_FAILURE
* \retval #PSA_ERROR_HARDWARE_FAILURE
* \retval #PSA_ERROR_TAMPERING_DETECTED
+ * \retval #PSA_ERROR_BAD_STATE
+ * The library has not been previously initialized by psa_crypto_init().
+ * It is implementation-dependent whether a failure to initialize
+ * results in this error code.
*/
psa_status_t psa_import_key(psa_key_slot_t key,
psa_key_type_t type,
@@ -1127,6 +1139,10 @@
* An unexpected condition which is not a storage corruption or
* a communication failure occurred. The cryptoprocessor may have
* been compromised.
+ * \retval #PSA_ERROR_BAD_STATE
+ * The library has not been previously initialized by psa_crypto_init().
+ * It is implementation-dependent whether a failure to initialize
+ * results in this error code.
*/
psa_status_t psa_destroy_key(psa_key_slot_t key);
@@ -1147,6 +1163,10 @@
* \retval #PSA_ERROR_COMMUNICATION_FAILURE
* \retval #PSA_ERROR_HARDWARE_FAILURE
* \retval #PSA_ERROR_TAMPERING_DETECTED
+ * \retval #PSA_ERROR_BAD_STATE
+ * The library has not been previously initialized by psa_crypto_init().
+ * It is implementation-dependent whether a failure to initialize
+ * results in this error code.
*/
psa_status_t psa_get_key_information(psa_key_slot_t key,
psa_key_type_t *type,
@@ -1241,6 +1261,10 @@
* \retval #PSA_ERROR_COMMUNICATION_FAILURE
* \retval #PSA_ERROR_HARDWARE_FAILURE
* \retval #PSA_ERROR_TAMPERING_DETECTED
+ * \retval #PSA_ERROR_BAD_STATE
+ * The library has not been previously initialized by psa_crypto_init().
+ * It is implementation-dependent whether a failure to initialize
+ * results in this error code.
*/
psa_status_t psa_export_key(psa_key_slot_t key,
uint8_t *data,
@@ -1339,6 +1363,10 @@
* \retval #PSA_ERROR_COMMUNICATION_FAILURE
* \retval #PSA_ERROR_HARDWARE_FAILURE
* \retval #PSA_ERROR_TAMPERING_DETECTED
+ * \retval #PSA_ERROR_BAD_STATE
+ * The library has not been previously initialized by psa_crypto_init().
+ * It is implementation-dependent whether a failure to initialize
+ * results in this error code.
*/
psa_status_t psa_export_public_key(psa_key_slot_t key,
uint8_t *data,
@@ -1476,6 +1504,10 @@
* \retval #PSA_ERROR_COMMUNICATION_FAILURE
* \retval #PSA_ERROR_HARDWARE_FAILURE
* \retval #PSA_ERROR_TAMPERING_DETECTED
+ * \retval #PSA_ERROR_BAD_STATE
+ * The library has not been previously initialized by psa_crypto_init().
+ * It is implementation-dependent whether a failure to initialize
+ * results in this error code.
*/
psa_status_t psa_set_key_policy(psa_key_slot_t key,
const psa_key_policy_t *policy);
@@ -1489,6 +1521,10 @@
* \retval #PSA_ERROR_COMMUNICATION_FAILURE
* \retval #PSA_ERROR_HARDWARE_FAILURE
* \retval #PSA_ERROR_TAMPERING_DETECTED
+ * \retval #PSA_ERROR_BAD_STATE
+ * The library has not been previously initialized by psa_crypto_init().
+ * It is implementation-dependent whether a failure to initialize
+ * results in this error code.
*/
psa_status_t psa_get_key_policy(psa_key_slot_t key,
psa_key_policy_t *policy);
@@ -1532,6 +1568,10 @@
* \retval #PSA_ERROR_COMMUNICATION_FAILURE
* \retval #PSA_ERROR_HARDWARE_FAILURE
* \retval #PSA_ERROR_TAMPERING_DETECTED
+ * \retval #PSA_ERROR_BAD_STATE
+ * The library has not been previously initialized by psa_crypto_init().
+ * It is implementation-dependent whether a failure to initialize
+ * results in this error code.
*/
psa_status_t psa_get_key_lifetime(psa_key_slot_t key,
psa_key_lifetime_t *lifetime);
@@ -1559,6 +1599,10 @@
* \retval #PSA_ERROR_COMMUNICATION_FAILURE
* \retval #PSA_ERROR_HARDWARE_FAILURE
* \retval #PSA_ERROR_TAMPERING_DETECTED
+ * \retval #PSA_ERROR_BAD_STATE
+ * The library has not been previously initialized by psa_crypto_init().
+ * It is implementation-dependent whether a failure to initialize
+ * results in this error code.
*/
psa_status_t psa_set_key_lifetime(psa_key_slot_t key,
psa_key_lifetime_t lifetime);
@@ -1833,6 +1877,10 @@
* \retval #PSA_ERROR_COMMUNICATION_FAILURE
* \retval #PSA_ERROR_HARDWARE_FAILURE
* \retval #PSA_ERROR_TAMPERING_DETECTED
+ * \retval #PSA_ERROR_BAD_STATE
+ * The library has not been previously initialized by psa_crypto_init().
+ * It is implementation-dependent whether a failure to initialize
+ * results in this error code.
*/
psa_status_t psa_mac_sign_setup(psa_mac_operation_t *operation,
psa_key_slot_t key,
@@ -1881,6 +1929,10 @@
* \retval #PSA_ERROR_COMMUNICATION_FAILURE
* \retval #PSA_ERROR_HARDWARE_FAILURE
* \retval #PSA_ERROR_TAMPERING_DETECTED
+ * \retval #PSA_ERROR_BAD_STATE
+ * The library has not been previously initialized by psa_crypto_init().
+ * It is implementation-dependent whether a failure to initialize
+ * results in this error code.
*/
psa_status_t psa_mac_verify_setup(psa_mac_operation_t *operation,
psa_key_slot_t key,
@@ -2077,6 +2129,10 @@
* \retval #PSA_ERROR_COMMUNICATION_FAILURE
* \retval #PSA_ERROR_HARDWARE_FAILURE
* \retval #PSA_ERROR_TAMPERING_DETECTED
+ * \retval #PSA_ERROR_BAD_STATE
+ * The library has not been previously initialized by psa_crypto_init().
+ * It is implementation-dependent whether a failure to initialize
+ * results in this error code.
*/
psa_status_t psa_cipher_encrypt_setup(psa_cipher_operation_t *operation,
psa_key_slot_t key,
@@ -2126,6 +2182,10 @@
* \retval #PSA_ERROR_COMMUNICATION_FAILURE
* \retval #PSA_ERROR_HARDWARE_FAILURE
* \retval #PSA_ERROR_TAMPERING_DETECTED
+ * \retval #PSA_ERROR_BAD_STATE
+ * The library has not been previously initialized by psa_crypto_init().
+ * It is implementation-dependent whether a failure to initialize
+ * results in this error code.
*/
psa_status_t psa_cipher_decrypt_setup(psa_cipher_operation_t *operation,
psa_key_slot_t key,
@@ -2369,6 +2429,10 @@
* \retval #PSA_ERROR_COMMUNICATION_FAILURE
* \retval #PSA_ERROR_HARDWARE_FAILURE
* \retval #PSA_ERROR_TAMPERING_DETECTED
+ * \retval #PSA_ERROR_BAD_STATE
+ * The library has not been previously initialized by psa_crypto_init().
+ * It is implementation-dependent whether a failure to initialize
+ * results in this error code.
*/
psa_status_t psa_aead_encrypt(psa_key_slot_t key,
psa_algorithm_t alg,
@@ -2422,6 +2486,10 @@
* \retval #PSA_ERROR_COMMUNICATION_FAILURE
* \retval #PSA_ERROR_HARDWARE_FAILURE
* \retval #PSA_ERROR_TAMPERING_DETECTED
+ * \retval #PSA_ERROR_BAD_STATE
+ * The library has not been previously initialized by psa_crypto_init().
+ * It is implementation-dependent whether a failure to initialize
+ * results in this error code.
*/
psa_status_t psa_aead_decrypt(psa_key_slot_t key,
psa_algorithm_t alg,
@@ -2485,6 +2553,10 @@
* \retval #PSA_ERROR_HARDWARE_FAILURE
* \retval #PSA_ERROR_TAMPERING_DETECTED
* \retval #PSA_ERROR_INSUFFICIENT_ENTROPY
+ * \retval #PSA_ERROR_BAD_STATE
+ * The library has not been previously initialized by psa_crypto_init().
+ * It is implementation-dependent whether a failure to initialize
+ * results in this error code.
*/
psa_status_t psa_asymmetric_sign(psa_key_slot_t key,
psa_algorithm_t alg,
@@ -2524,6 +2596,10 @@
* \retval #PSA_ERROR_COMMUNICATION_FAILURE
* \retval #PSA_ERROR_HARDWARE_FAILURE
* \retval #PSA_ERROR_TAMPERING_DETECTED
+ * \retval #PSA_ERROR_BAD_STATE
+ * The library has not been previously initialized by psa_crypto_init().
+ * It is implementation-dependent whether a failure to initialize
+ * results in this error code.
*/
psa_status_t psa_asymmetric_verify(psa_key_slot_t key,
psa_algorithm_t alg,
@@ -2578,6 +2654,10 @@
* \retval #PSA_ERROR_HARDWARE_FAILURE
* \retval #PSA_ERROR_TAMPERING_DETECTED
* \retval #PSA_ERROR_INSUFFICIENT_ENTROPY
+ * \retval #PSA_ERROR_BAD_STATE
+ * The library has not been previously initialized by psa_crypto_init().
+ * It is implementation-dependent whether a failure to initialize
+ * results in this error code.
*/
psa_status_t psa_asymmetric_encrypt(psa_key_slot_t key,
psa_algorithm_t alg,
@@ -2630,6 +2710,10 @@
* \retval #PSA_ERROR_TAMPERING_DETECTED
* \retval #PSA_ERROR_INSUFFICIENT_ENTROPY
* \retval #PSA_ERROR_INVALID_PADDING
+ * \retval #PSA_ERROR_BAD_STATE
+ * The library has not been previously initialized by psa_crypto_init().
+ * It is implementation-dependent whether a failure to initialize
+ * results in this error code.
*/
psa_status_t psa_asymmetric_decrypt(psa_key_slot_t key,
psa_algorithm_t alg,
@@ -2780,6 +2864,10 @@
* \retval PSA_ERROR_COMMUNICATION_FAILURE
* \retval PSA_ERROR_HARDWARE_FAILURE
* \retval PSA_ERROR_TAMPERING_DETECTED
+ * \retval #PSA_ERROR_BAD_STATE
+ * The library has not been previously initialized by psa_crypto_init().
+ * It is implementation-dependent whether a failure to initialize
+ * results in this error code.
*/
psa_status_t psa_generator_import_key(psa_key_slot_t key,
psa_key_type_t type,
@@ -2853,6 +2941,10 @@
* \retval #PSA_ERROR_COMMUNICATION_FAILURE
* \retval #PSA_ERROR_HARDWARE_FAILURE
* \retval #PSA_ERROR_TAMPERING_DETECTED
+ * \retval #PSA_ERROR_BAD_STATE
+ * The library has not been previously initialized by psa_crypto_init().
+ * It is implementation-dependent whether a failure to initialize
+ * results in this error code.
*/
psa_status_t psa_key_derivation(psa_crypto_generator_t *generator,
psa_key_slot_t key,
@@ -2887,6 +2979,10 @@
* \retval #PSA_ERROR_COMMUNICATION_FAILURE
* \retval #PSA_ERROR_HARDWARE_FAILURE
* \retval #PSA_ERROR_TAMPERING_DETECTED
+ * \retval #PSA_ERROR_BAD_STATE
+ * The library has not been previously initialized by psa_crypto_init().
+ * It is implementation-dependent whether a failure to initialize
+ * results in this error code.
*/
psa_status_t psa_generate_random(uint8_t *output,
size_t output_size);
@@ -2941,6 +3037,10 @@
* \retval #PSA_ERROR_COMMUNICATION_FAILURE
* \retval #PSA_ERROR_HARDWARE_FAILURE
* \retval #PSA_ERROR_TAMPERING_DETECTED
+ * \retval #PSA_ERROR_BAD_STATE
+ * The library has not been previously initialized by psa_crypto_init().
+ * It is implementation-dependent whether a failure to initialize
+ * results in this error code.
*/
psa_status_t psa_generate_key(psa_key_slot_t key,
psa_key_type_t type,
diff --git a/library/psa_crypto.c b/library/psa_crypto.c
index 66a6feb..8721f2e 100644
--- a/library/psa_crypto.c
+++ b/library/psa_crypto.c
@@ -148,6 +148,10 @@
static psa_global_data_t global_data;
+#define GUARD_MODULE_INITIALIZED \
+ if( global_data.initialized == 0 ) \
+ return( PSA_ERROR_BAD_STATE );
+
static psa_status_t mbedtls_to_psa_error( int ret )
{
/* If there's both a high-level code and low-level code, dispatch on
@@ -343,6 +347,8 @@
static psa_status_t psa_get_key_slot( psa_key_slot_t key,
key_slot_t **p_slot )
{
+ GUARD_MODULE_INITIALIZED;
+
/* 0 is not a valid slot number under any circumstance. This
* implementation provides slots number 1 to N where N is the
* number of available slots. */
@@ -3342,8 +3348,10 @@
psa_status_t psa_generate_random( uint8_t *output,
size_t output_size )
{
- int ret = mbedtls_ctr_drbg_random( &global_data.ctr_drbg,
- output, output_size );
+ int ret;
+ GUARD_MODULE_INITIALIZED;
+
+ ret = mbedtls_ctr_drbg_random( &global_data.ctr_drbg, output, output_size );
return( mbedtls_to_psa_error( ret ) );
}
diff --git a/tests/suites/test_suite_psa_crypto.data b/tests/suites/test_suite_psa_crypto.data
index 94e8d5b..5fd1fc8 100644
--- a/tests/suites/test_suite_psa_crypto.data
+++ b/tests/suites/test_suite_psa_crypto.data
@@ -1178,3 +1178,9 @@
PSA generate key: ECC, SECP256R1, incorrect bit size
depends_on:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECDSA_C
generate_key:PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_SECP256R1):128:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN | PSA_KEY_USAGE_VERIFY:PSA_ALG_ECDSA_ANY:PSA_ERROR_INVALID_ARGUMENT
+
+PSA validate module initialization: random
+validate_module_init_generate_random:
+
+PSA validate module initialization: key based
+validate_module_init_key_based:
diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function
index e14b225..2b1a946 100644
--- a/tests/suites/test_suite_psa_crypto.function
+++ b/tests/suites/test_suite_psa_crypto.function
@@ -3451,3 +3451,23 @@
mbedtls_psa_crypto_free( );
}
/* END_CASE */
+
+/* BEGIN_CASE */
+void validate_module_init_generate_random( )
+{
+ psa_status_t status;
+ uint8_t random[10] = { 0 };
+ status = psa_generate_random( random, sizeof( random ) );
+ TEST_ASSERT( status == PSA_ERROR_BAD_STATE );
+}
+/* END_CASE */
+
+/* BEGIN_CASE */
+void validate_module_init_key_based( )
+{
+ psa_status_t status;
+ uint8_t data[10] = { 0 };
+ status = psa_import_key( 1, PSA_KEY_TYPE_RAW_DATA, data, sizeof( data ) );
+ TEST_ASSERT( status == PSA_ERROR_BAD_STATE );
+}
+/* END_CASE */