Merge pull request #270 from gilles-peskine-arm/test_outcome_file-crypto-fix
Fix test case descriptions
diff --git a/include/psa/crypto.h b/include/psa/crypto.h
index 5288815..9c303cb 100644
--- a/include/psa/crypto.h
+++ b/include/psa/crypto.h
@@ -226,7 +226,14 @@
/** Declare the permitted algorithm policy for a key.
*
* The permitted algorithm policy of a key encodes which algorithm or
- * algorithms are permitted to be used with this key.
+ * algorithms are permitted to be used with this key. The following
+ * algorithm policies are supported:
+ * - 0 does not allow any cryptographic operation with the key. The key
+ * may be used for non-cryptographic actions such as exporting (if
+ * permitted by the usage flags).
+ * - An algorithm value permits this particular algorithm.
+ * - An algorithm wildcard built from #PSA_ALG_ANY_HASH allows the specified
+ * signature scheme with any hash algorithm.
*
* This function overwrites any algorithm policy
* previously set in \p attributes.
@@ -266,6 +273,8 @@
*
* \param[out] attributes The attribute structure to write to.
* \param type The key type to write.
+ * If this is 0, the key type in \p attributes
+ * becomes unspecified.
*/
static void psa_set_key_type(psa_key_attributes_t *attributes,
psa_key_type_t type);
@@ -281,6 +290,9 @@
*
* \param[out] attributes The attribute structure to write to.
* \param bits The key size in bits.
+ * If this is 0, the key size in \p attributes
+ * becomes unspecified. Keys of size 0 are
+ * not supported.
*/
static void psa_set_key_bits(psa_key_attributes_t *attributes,
size_t bits);
@@ -591,6 +603,13 @@
* and to the documentation of psa_export_key() for the format for
* other key types.
*
+ * The key data determines the key size. The attributes may optionally
+ * specify a key size; in this case it must match the size determined
+ * from the key data. A key size of 0 in \p attributes indicates that
+ * the key size is solely determined by the key data.
+ *
+ * Implementations must reject an attempt to import a key of size 0.
+ *
* This specification supports a single format for each key type.
* Implementations may support other formats as long as the standard
* format is supported. Implementations that support other formats
@@ -598,7 +617,6 @@
* minimize the risk that an invalid input is accidentally interpreted
* according to a different format.
*
-
* \param[in] attributes The attributes for the new key.
* The key size is always determined from the
* \p data buffer.
@@ -642,8 +660,6 @@
* \retval #PSA_ERROR_HARDWARE_FAILURE
* \retval #PSA_ERROR_CORRUPTION_DETECTED
* \retval #PSA_ERROR_BAD_STATE
- * \p operation is either not initialized or is in use
- * \retval #PSA_ERROR_BAD_STATE
* The library has not been previously initialized by psa_crypto_init().
* It is implementation-dependent whether a failure to initialize
* results in this error code.
@@ -948,7 +964,7 @@
* -# Allocate an operation object which will be passed to all the functions
* listed here.
* -# Initialize the operation object with one of the methods described in the
- * documentation for #psa_hash_operation_t, e.g. PSA_HASH_OPERATION_INIT.
+ * documentation for #psa_hash_operation_t, e.g. #PSA_HASH_OPERATION_INIT.
* -# Call psa_hash_setup() to specify the algorithm.
* -# Call psa_hash_update() zero, one or more times, passing a fragment
* of the message each time. The hash that is calculated is the hash
@@ -956,14 +972,16 @@
* -# To calculate the hash, call psa_hash_finish().
* To compare the hash with an expected value, call psa_hash_verify().
*
- * The application may call psa_hash_abort() at any time after the operation
+ * If an error occurs at any step after a call to psa_hash_setup(), the
+ * operation will need to be reset by a call to psa_hash_abort(). The
+ * application may call psa_hash_abort() at any time after the operation
* has been initialized.
*
* After a successful call to psa_hash_setup(), the application must
* eventually terminate the operation. The following events terminate an
* operation:
- * - A failed call to psa_hash_update().
- * - A call to psa_hash_finish(), psa_hash_verify() or psa_hash_abort().
+ * - A successful call to psa_hash_finish() or psa_hash_verify().
+ * - A call to psa_hash_abort().
*
* \param[in,out] operation The operation object to set up. It must have
* been initialized as per the documentation for
@@ -978,15 +996,12 @@
* \retval #PSA_ERROR_INVALID_ARGUMENT
* \p alg is not a hash algorithm.
* \retval #PSA_ERROR_BAD_STATE
- * The operation state is not valid (already set up and not
- * subsequently completed).
+ * The operation state is not valid (it must be inactive).
* \retval #PSA_ERROR_INSUFFICIENT_MEMORY
* \retval #PSA_ERROR_COMMUNICATION_FAILURE
* \retval #PSA_ERROR_HARDWARE_FAILURE
* \retval #PSA_ERROR_CORRUPTION_DETECTED
* \retval #PSA_ERROR_BAD_STATE
- * \p operation is either not initialized or is in use
- * \retval #PSA_ERROR_BAD_STATE
* The library has not been previously initialized by psa_crypto_init().
* It is implementation-dependent whether a failure to initialize
* results in this error code.
@@ -998,7 +1013,8 @@
*
* The application must call psa_hash_setup() before calling this function.
*
- * If this function returns an error status, the operation becomes inactive.
+ * If this function returns an error status, the operation enters an error
+ * state and must be aborted by calling psa_hash_abort().
*
* \param[in,out] operation Active hash operation.
* \param[in] input Buffer containing the message fragment to hash.
@@ -1007,14 +1023,12 @@
* \retval #PSA_SUCCESS
* Success.
* \retval #PSA_ERROR_BAD_STATE
- * The operation state is not valid (not set up, or already completed).
+ * The operation state is not valid (it muct be active).
* \retval #PSA_ERROR_INSUFFICIENT_MEMORY
* \retval #PSA_ERROR_COMMUNICATION_FAILURE
* \retval #PSA_ERROR_HARDWARE_FAILURE
* \retval #PSA_ERROR_CORRUPTION_DETECTED
* \retval #PSA_ERROR_BAD_STATE
- * The operation state is not valid.
- * \retval #PSA_ERROR_BAD_STATE
* The library has not been previously initialized by psa_crypto_init().
* It is implementation-dependent whether a failure to initialize
* results in this error code.
@@ -1029,7 +1043,9 @@
* This function calculates the hash of the message formed by concatenating
* the inputs passed to preceding calls to psa_hash_update().
*
- * When this function returns, the operation becomes inactive.
+ * When this function returns successfuly, the operation becomes inactive.
+ * If this function returns an error status, the operation enters an error
+ * state and must be aborted by calling psa_hash_abort().
*
* \warning Applications should not call this function if they expect
* a specific value for the hash. Call psa_hash_verify() instead.
@@ -1050,7 +1066,7 @@
* \retval #PSA_SUCCESS
* Success.
* \retval #PSA_ERROR_BAD_STATE
- * The operation state is not valid (not set up, or already completed).
+ * The operation state is not valid (it must be active).
* \retval #PSA_ERROR_BUFFER_TOO_SMALL
* The size of the \p hash buffer is too small. You can determine a
* sufficient buffer size by calling #PSA_HASH_SIZE(\c alg)
@@ -1060,8 +1076,6 @@
* \retval #PSA_ERROR_HARDWARE_FAILURE
* \retval #PSA_ERROR_CORRUPTION_DETECTED
* \retval #PSA_ERROR_BAD_STATE
- * The operation state is not valid.
- * \retval #PSA_ERROR_BAD_STATE
* The library has not been previously initialized by psa_crypto_init().
* It is implementation-dependent whether a failure to initialize
* results in this error code.
@@ -1080,7 +1094,9 @@
* compares the calculated hash with the expected hash passed as a
* parameter to this function.
*
- * When this function returns, the operation becomes inactive.
+ * When this function returns successfuly, the operation becomes inactive.
+ * If this function returns an error status, the operation enters an error
+ * state and must be aborted by calling psa_hash_abort().
*
* \note Implementations shall make the best effort to ensure that the
* comparison between the actual hash and the expected hash is performed
@@ -1096,14 +1112,12 @@
* The hash of the message was calculated successfully, but it
* differs from the expected hash.
* \retval #PSA_ERROR_BAD_STATE
- * The operation state is not valid (not set up, or already completed).
+ * The operation state is not valid (it must be active).
* \retval #PSA_ERROR_INSUFFICIENT_MEMORY
* \retval #PSA_ERROR_COMMUNICATION_FAILURE
* \retval #PSA_ERROR_HARDWARE_FAILURE
* \retval #PSA_ERROR_CORRUPTION_DETECTED
* \retval #PSA_ERROR_BAD_STATE
- * The operation state is not valid.
- * \retval #PSA_ERROR_BAD_STATE
* The library has not been previously initialized by psa_crypto_init().
* It is implementation-dependent whether a failure to initialize
* results in this error code.
@@ -1120,11 +1134,7 @@
* psa_hash_setup() again.
*
* You may call this function any time after the operation object has
- * been initialized by any of the following methods:
- * - A call to psa_hash_setup(), whether it succeeds or not.
- * - Initializing the \c struct to all-bits-zero.
- * - Initializing the \c struct to logical zeros, e.g.
- * `psa_hash_operation_t operation = {0}`.
+ * been initialized by one of the methods described in #psa_hash_operation_t.
*
* In particular, calling psa_hash_abort() after the operation has been
* terminated by a call to psa_hash_abort(), psa_hash_finish() or
@@ -1133,14 +1143,10 @@
* \param[in,out] operation Initialized hash operation.
*
* \retval #PSA_SUCCESS
- * \retval #PSA_ERROR_BAD_STATE
- * \p operation is not an active hash operation.
* \retval #PSA_ERROR_COMMUNICATION_FAILURE
* \retval #PSA_ERROR_HARDWARE_FAILURE
* \retval #PSA_ERROR_CORRUPTION_DETECTED
* \retval #PSA_ERROR_BAD_STATE
- * The operation state is not valid.
- * \retval #PSA_ERROR_BAD_STATE
* The library has not been previously initialized by psa_crypto_init().
* It is implementation-dependent whether a failure to initialize
* results in this error code.
@@ -1164,18 +1170,14 @@
*
* \retval #PSA_SUCCESS
* \retval #PSA_ERROR_BAD_STATE
- * \p source_operation is not an active hash operation.
+ * The \p source_operation state is not valid (it must be active).
* \retval #PSA_ERROR_BAD_STATE
- * \p target_operation is active.
+ * The \p target_operation state is not valid (it must be inactive).
* \retval #PSA_ERROR_COMMUNICATION_FAILURE
* \retval #PSA_ERROR_HARDWARE_FAILURE
* \retval #PSA_ERROR_CORRUPTION_DETECTED
* \retval #PSA_ERROR_INSUFFICIENT_MEMORY
* \retval #PSA_ERROR_BAD_STATE
- * The operation state is either not initialized or has already been setup.
- * \retval #PSA_ERROR_BAD_STATE
- * The operation state is either not initialized or has already been setup.
- * \retval #PSA_ERROR_BAD_STATE
* The library has not been previously initialized by psa_crypto_init().
* It is implementation-dependent whether a failure to initialize
* results in this error code.
@@ -1334,7 +1336,7 @@
* -# Allocate an operation object which will be passed to all the functions
* listed here.
* -# Initialize the operation object with one of the methods described in the
- * documentation for #psa_mac_operation_t, e.g. PSA_MAC_OPERATION_INIT.
+ * documentation for #psa_mac_operation_t, e.g. #PSA_MAC_OPERATION_INIT.
* -# Call psa_mac_sign_setup() to specify the algorithm and key.
* -# Call psa_mac_update() zero, one or more times, passing a fragment
* of the message each time. The MAC that is calculated is the MAC
@@ -1342,13 +1344,15 @@
* -# At the end of the message, call psa_mac_sign_finish() to finish
* calculating the MAC value and retrieve it.
*
- * The application may call psa_mac_abort() at any time after the operation
+ * If an error occurs at any step after a call to psa_mac_sign_setup(), the
+ * operation will need to be reset by a call to psa_mac_abort(). The
+ * application may call psa_mac_abort() at any time after the operation
* has been initialized.
*
* After a successful call to psa_mac_sign_setup(), the application must
* eventually terminate the operation through one of the following methods:
- * - A failed call to psa_mac_update().
- * - A call to psa_mac_sign_finish() or psa_mac_abort().
+ * - A successful call to psa_mac_sign_finish().
+ * - A call to psa_mac_abort().
*
* \param[in,out] operation The operation object to set up. It must have
* been initialized as per the documentation for
@@ -1374,8 +1378,7 @@
* \retval #PSA_ERROR_STORAGE_FAILURE
* The key could not be retrieved from storage.
* \retval #PSA_ERROR_BAD_STATE
- * The operation state is not valid (already set up and not
- * subsequently completed).
+ * The operation state is not valid (it must be inactive).
* \retval #PSA_ERROR_BAD_STATE
* The library has not been previously initialized by psa_crypto_init().
* It is implementation-dependent whether a failure to initialize
@@ -1394,7 +1397,7 @@
* -# Allocate an operation object which will be passed to all the functions
* listed here.
* -# Initialize the operation object with one of the methods described in the
- * documentation for #psa_mac_operation_t, e.g. PSA_MAC_OPERATION_INIT.
+ * documentation for #psa_mac_operation_t, e.g. #PSA_MAC_OPERATION_INIT.
* -# Call psa_mac_verify_setup() to specify the algorithm and key.
* -# Call psa_mac_update() zero, one or more times, passing a fragment
* of the message each time. The MAC that is calculated is the MAC
@@ -1403,13 +1406,15 @@
* calculating the actual MAC of the message and verify it against
* the expected value.
*
- * The application may call psa_mac_abort() at any time after the operation
+ * If an error occurs at any step after a call to psa_mac_verify_setup(), the
+ * operation will need to be reset by a call to psa_mac_abort(). The
+ * application may call psa_mac_abort() at any time after the operation
* has been initialized.
*
* After a successful call to psa_mac_verify_setup(), the application must
* eventually terminate the operation through one of the following methods:
- * - A failed call to psa_mac_update().
- * - A call to psa_mac_verify_finish() or psa_mac_abort().
+ * - A successful call to psa_mac_verify_finish().
+ * - A call to psa_mac_abort().
*
* \param[in,out] operation The operation object to set up. It must have
* been initialized as per the documentation for
@@ -1435,8 +1440,7 @@
* \retval #PSA_ERROR_STORAGE_FAILURE
* The key could not be retrieved from storage
* \retval #PSA_ERROR_BAD_STATE
- * The operation state is not valid (already set up and not
- * subsequently completed).
+ * The operation state is not valid (it must be inactive).
* \retval #PSA_ERROR_BAD_STATE
* The library has not been previously initialized by psa_crypto_init().
* It is implementation-dependent whether a failure to initialize
@@ -1451,7 +1455,8 @@
* The application must call psa_mac_sign_setup() or psa_mac_verify_setup()
* before calling this function.
*
- * If this function returns an error status, the operation becomes inactive.
+ * If this function returns an error status, the operation enters an error
+ * state and must be aborted by calling psa_mac_abort().
*
* \param[in,out] operation Active MAC operation.
* \param[in] input Buffer containing the message fragment to add to
@@ -1461,7 +1466,7 @@
* \retval #PSA_SUCCESS
* Success.
* \retval #PSA_ERROR_BAD_STATE
- * The operation state is not valid (not set up, or already completed).
+ * The operation state is not valid (it must be active).
* \retval #PSA_ERROR_INSUFFICIENT_MEMORY
* \retval #PSA_ERROR_COMMUNICATION_FAILURE
* \retval #PSA_ERROR_HARDWARE_FAILURE
@@ -1482,7 +1487,9 @@
* This function calculates the MAC of the message formed by concatenating
* the inputs passed to preceding calls to psa_mac_update().
*
- * When this function returns, the operation becomes inactive.
+ * When this function returns successfuly, the operation becomes inactive.
+ * If this function returns an error status, the operation enters an error
+ * state and must be aborted by calling psa_mac_abort().
*
* \warning Applications should not call this function if they expect
* a specific value for the MAC. Call psa_mac_verify_finish() instead.
@@ -1505,7 +1512,8 @@
* \retval #PSA_SUCCESS
* Success.
* \retval #PSA_ERROR_BAD_STATE
- * The operation state is not valid (not set up, or already completed).
+ * The operation state is not valid (it must be an active mac sign
+ * operation).
* \retval #PSA_ERROR_BUFFER_TOO_SMALL
* The size of the \p mac buffer is too small. You can determine a
* sufficient buffer size by calling PSA_MAC_FINAL_SIZE().
@@ -1533,7 +1541,9 @@
* compares the calculated MAC with the expected MAC passed as a
* parameter to this function.
*
- * When this function returns, the operation becomes inactive.
+ * When this function returns successfuly, the operation becomes inactive.
+ * If this function returns an error status, the operation enters an error
+ * state and must be aborted by calling psa_mac_abort().
*
* \note Implementations shall make the best effort to ensure that the
* comparison between the actual MAC and the expected MAC is performed
@@ -1549,7 +1559,8 @@
* The MAC of the message was calculated successfully, but it
* differs from the expected MAC.
* \retval #PSA_ERROR_BAD_STATE
- * The operation state is not valid (not set up, or already completed).
+ * The operation state is not valid (it must be an active mac verify
+ * operation).
* \retval #PSA_ERROR_INSUFFICIENT_MEMORY
* \retval #PSA_ERROR_COMMUNICATION_FAILURE
* \retval #PSA_ERROR_HARDWARE_FAILURE
@@ -1572,12 +1583,7 @@
* psa_mac_sign_setup() or psa_mac_verify_setup() again.
*
* You may call this function any time after the operation object has
- * been initialized by any of the following methods:
- * - A call to psa_mac_sign_setup() or psa_mac_verify_setup(), whether
- * it succeeds or not.
- * - Initializing the \c struct to all-bits-zero.
- * - Initializing the \c struct to logical zeros, e.g.
- * `psa_mac_operation_t operation = {0}`.
+ * been initialized by one of the methods described in #psa_mac_operation_t.
*
* In particular, calling psa_mac_abort() after the operation has been
* terminated by a call to psa_mac_abort(), psa_mac_sign_finish() or
@@ -1586,8 +1592,6 @@
* \param[in,out] operation Initialized MAC operation.
*
* \retval #PSA_SUCCESS
- * \retval #PSA_ERROR_BAD_STATE
- * \p operation is not an active MAC operation.
* \retval #PSA_ERROR_COMMUNICATION_FAILURE
* \retval #PSA_ERROR_HARDWARE_FAILURE
* \retval #PSA_ERROR_CORRUPTION_DETECTED
@@ -1607,7 +1611,8 @@
/** Encrypt a message using a symmetric cipher.
*
* This function encrypts a message with a random IV (initialization
- * vector).
+ * vector). Use the multipart operation interface with a
+ * #psa_cipher_operation_t object to provide other forms of IV.
*
* \param handle Handle to the key to use for the operation.
* It must remain valid until the operation
@@ -1751,7 +1756,7 @@
* listed here.
* -# Initialize the operation object with one of the methods described in the
* documentation for #psa_cipher_operation_t, e.g.
- * PSA_CIPHER_OPERATION_INIT.
+ * #PSA_CIPHER_OPERATION_INIT.
* -# Call psa_cipher_encrypt_setup() to specify the algorithm and key.
* -# Call either psa_cipher_generate_iv() or psa_cipher_set_iv() to
* generate or set the IV (initialization vector). You should use
@@ -1761,14 +1766,16 @@
* of the message each time.
* -# Call psa_cipher_finish().
*
- * The application may call psa_cipher_abort() at any time after the operation
+ * If an error occurs at any step after a call to psa_cipher_encrypt_setup(),
+ * the operation will need to be reset by a call to psa_cipher_abort(). The
+ * application may call psa_cipher_abort() at any time after the operation
* has been initialized.
*
* After a successful call to psa_cipher_encrypt_setup(), the application must
* eventually terminate the operation. The following events terminate an
* operation:
- * - A failed call to any of the \c psa_cipher_xxx functions.
- * - A call to psa_cipher_finish() or psa_cipher_abort().
+ * - A successful call to psa_cipher_finish().
+ * - A call to psa_cipher_abort().
*
* \param[in,out] operation The operation object to set up. It must have
* been initialized as per the documentation for
@@ -1794,8 +1801,7 @@
* \retval #PSA_ERROR_CORRUPTION_DETECTED
* \retval #PSA_ERROR_STORAGE_FAILURE
* \retval #PSA_ERROR_BAD_STATE
- * The operation state is not valid (already set up and not
- * subsequently completed).
+ * The operation state is not valid (it must be inactive).
* \retval #PSA_ERROR_BAD_STATE
* The library has not been previously initialized by psa_crypto_init().
* It is implementation-dependent whether a failure to initialize
@@ -1813,7 +1819,7 @@
* listed here.
* -# Initialize the operation object with one of the methods described in the
* documentation for #psa_cipher_operation_t, e.g.
- * PSA_CIPHER_OPERATION_INIT.
+ * #PSA_CIPHER_OPERATION_INIT.
* -# Call psa_cipher_decrypt_setup() to specify the algorithm and key.
* -# Call psa_cipher_set_iv() with the IV (initialization vector) for the
* decryption. If the IV is prepended to the ciphertext, you can call
@@ -1823,14 +1829,16 @@
* of the message each time.
* -# Call psa_cipher_finish().
*
- * The application may call psa_cipher_abort() at any time after the operation
+ * If an error occurs at any step after a call to psa_cipher_decrypt_setup(),
+ * the operation will need to be reset by a call to psa_cipher_abort(). The
+ * application may call psa_cipher_abort() at any time after the operation
* has been initialized.
*
* After a successful call to psa_cipher_decrypt_setup(), the application must
* eventually terminate the operation. The following events terminate an
* operation:
- * - A failed call to any of the \c psa_cipher_xxx functions.
- * - A call to psa_cipher_finish() or psa_cipher_abort().
+ * - A successful call to psa_cipher_finish().
+ * - A call to psa_cipher_abort().
*
* \param[in,out] operation The operation object to set up. It must have
* been initialized as per the documentation for
@@ -1856,8 +1864,7 @@
* \retval #PSA_ERROR_CORRUPTION_DETECTED
* \retval #PSA_ERROR_STORAGE_FAILURE
* \retval #PSA_ERROR_BAD_STATE
- * The operation state is not valid (already set up and not
- * subsequently completed).
+ * The operation state is not valid (it must be inactive).
* \retval #PSA_ERROR_BAD_STATE
* The library has not been previously initialized by psa_crypto_init().
* It is implementation-dependent whether a failure to initialize
@@ -1876,7 +1883,8 @@
* The application must call psa_cipher_encrypt_setup() before
* calling this function.
*
- * If this function returns an error status, the operation becomes inactive.
+ * If this function returns an error status, the operation enters an error
+ * state and must be aborted by calling psa_cipher_abort().
*
* \param[in,out] operation Active cipher operation.
* \param[out] iv Buffer where the generated IV is to be written.
@@ -1887,7 +1895,7 @@
* \retval #PSA_SUCCESS
* Success.
* \retval #PSA_ERROR_BAD_STATE
- * The operation state is not valid (not set up, or IV already set).
+ * The operation state is not valid (it must be active, with no IV set).
* \retval #PSA_ERROR_BUFFER_TOO_SMALL
* The size of the \p iv buffer is too small.
* \retval #PSA_ERROR_INSUFFICIENT_MEMORY
@@ -1913,7 +1921,8 @@
* The application must call psa_cipher_encrypt_setup() before
* calling this function.
*
- * If this function returns an error status, the operation becomes inactive.
+ * If this function returns an error status, the operation enters an error
+ * state and must be aborted by calling psa_cipher_abort().
*
* \note When encrypting, applications should use psa_cipher_generate_iv()
* instead of this function, unless implementing a protocol that requires
@@ -1926,7 +1935,8 @@
* \retval #PSA_SUCCESS
* Success.
* \retval #PSA_ERROR_BAD_STATE
- * The operation state is not valid (not set up, or IV already set).
+ * The operation state is not valid (it must be an active cipher
+ * encrypt operation, with no IV set).
* \retval #PSA_ERROR_INVALID_ARGUMENT
* The size of \p iv is not acceptable for the chosen algorithm,
* or the chosen algorithm does not use an IV.
@@ -1953,7 +1963,8 @@
* 2. If the algorithm requires an IV, call psa_cipher_generate_iv()
* (recommended when encrypting) or psa_cipher_set_iv().
*
- * If this function returns an error status, the operation becomes inactive.
+ * If this function returns an error status, the operation enters an error
+ * state and must be aborted by calling psa_cipher_abort().
*
* \param[in,out] operation Active cipher operation.
* \param[in] input Buffer containing the message fragment to
@@ -1967,8 +1978,8 @@
* \retval #PSA_SUCCESS
* Success.
* \retval #PSA_ERROR_BAD_STATE
- * The operation state is not valid (not set up, IV required but
- * not set, or already completed).
+ * The operation state is not valid (it must be active, with an IV set
+ * if required for the algorithm).
* \retval #PSA_ERROR_BUFFER_TOO_SMALL
* The size of the \p output buffer is too small.
* \retval #PSA_ERROR_INSUFFICIENT_MEMORY
@@ -1999,7 +2010,9 @@
* formed by concatenating the inputs passed to preceding calls to
* psa_cipher_update().
*
- * When this function returns, the operation becomes inactive.
+ * When this function returns successfuly, the operation becomes inactive.
+ * If this function returns an error status, the operation enters an error
+ * state and must be aborted by calling psa_cipher_abort().
*
* \param[in,out] operation Active cipher operation.
* \param[out] output Buffer where the output is to be written.
@@ -2018,8 +2031,8 @@
* This is a decryption operation for an algorithm that includes
* padding, and the ciphertext does not contain valid padding.
* \retval #PSA_ERROR_BAD_STATE
- * The operation state is not valid (not set up, IV required but
- * not set, or already completed).
+ * The operation state is not valid (it must be active, with an IV set
+ * if required for the algorithm).
* \retval #PSA_ERROR_BUFFER_TOO_SMALL
* The size of the \p output buffer is too small.
* \retval #PSA_ERROR_INSUFFICIENT_MEMORY
@@ -2045,12 +2058,7 @@
* psa_cipher_encrypt_setup() or psa_cipher_decrypt_setup() again.
*
* You may call this function any time after the operation object has
- * been initialized by any of the following methods:
- * - A call to psa_cipher_encrypt_setup() or psa_cipher_decrypt_setup(),
- * whether it succeeds or not.
- * - Initializing the \c struct to all-bits-zero.
- * - Initializing the \c struct to logical zeros, e.g.
- * `psa_cipher_operation_t operation = {0}`.
+ * been initialized as described in #psa_cipher_operation_t.
*
* In particular, calling psa_cipher_abort() after the operation has been
* terminated by a call to psa_cipher_abort() or psa_cipher_finish()
@@ -2059,8 +2067,6 @@
* \param[in,out] operation Initialized cipher operation.
*
* \retval #PSA_SUCCESS
- * \retval #PSA_ERROR_BAD_STATE
- * \p operation is not an active cipher operation.
* \retval #PSA_ERROR_COMMUNICATION_FAILURE
* \retval #PSA_ERROR_HARDWARE_FAILURE
* \retval #PSA_ERROR_CORRUPTION_DETECTED
@@ -2251,7 +2257,7 @@
* listed here.
* -# Initialize the operation object with one of the methods described in the
* documentation for #psa_aead_operation_t, e.g.
- * PSA_AEAD_OPERATION_INIT.
+ * #PSA_AEAD_OPERATION_INIT.
* -# Call psa_aead_encrypt_setup() to specify the algorithm and key.
* -# If needed, call psa_aead_set_lengths() to specify the length of the
* inputs to the subsequent calls to psa_aead_update_ad() and
@@ -2267,14 +2273,16 @@
* of the message to encrypt each time.
* -# Call psa_aead_finish().
*
- * The application may call psa_aead_abort() at any time after the operation
+ * If an error occurs at any step after a call to psa_aead_encrypt_setup(),
+ * the operation will need to be reset by a call to psa_aead_abort(). The
+ * application may call psa_aead_abort() at any time after the operation
* has been initialized.
*
* After a successful call to psa_aead_encrypt_setup(), the application must
* eventually terminate the operation. The following events terminate an
* operation:
- * - A failed call to any of the \c psa_aead_xxx functions.
- * - A call to psa_aead_finish(), psa_aead_verify() or psa_aead_abort().
+ * - A successful call to psa_aead_finish().
+ * - A call to psa_aead_abort().
*
* \param[in,out] operation The operation object to set up. It must have
* been initialized as per the documentation for
@@ -2288,7 +2296,9 @@
*
* \retval #PSA_SUCCESS
* Success.
- * \retval #PSA_ERROR_INVALID_HANDLE
+ * \retval #PSA_ERROR_BAD_STATE
+ * The operation state is not valid (it must be inactive).
+ * \retval #PSA_ERROR_INVALID_HANDLE
* \retval #PSA_ERROR_NOT_PERMITTED
* \retval #PSA_ERROR_INVALID_ARGUMENT
* \p handle is not compatible with \p alg.
@@ -2316,7 +2326,7 @@
* listed here.
* -# Initialize the operation object with one of the methods described in the
* documentation for #psa_aead_operation_t, e.g.
- * PSA_AEAD_OPERATION_INIT.
+ * #PSA_AEAD_OPERATION_INIT.
* -# Call psa_aead_decrypt_setup() to specify the algorithm and key.
* -# If needed, call psa_aead_set_lengths() to specify the length of the
* inputs to the subsequent calls to psa_aead_update_ad() and
@@ -2329,14 +2339,16 @@
* of the ciphertext to decrypt each time.
* -# Call psa_aead_verify().
*
- * The application may call psa_aead_abort() at any time after the operation
+ * If an error occurs at any step after a call to psa_aead_decrypt_setup(),
+ * the operation will need to be reset by a call to psa_aead_abort(). The
+ * application may call psa_aead_abort() at any time after the operation
* has been initialized.
*
* After a successful call to psa_aead_decrypt_setup(), the application must
* eventually terminate the operation. The following events terminate an
* operation:
- * - A failed call to any of the \c psa_aead_xxx functions.
- * - A call to psa_aead_finish(), psa_aead_verify() or psa_aead_abort().
+ * - A successful call to psa_aead_verify().
+ * - A call to psa_aead_abort().
*
* \param[in,out] operation The operation object to set up. It must have
* been initialized as per the documentation for
@@ -2350,7 +2362,9 @@
*
* \retval #PSA_SUCCESS
* Success.
- * \retval #PSA_ERROR_INVALID_HANDLE
+ * \retval #PSA_ERROR_BAD_STATE
+ * The operation state is not valid (it must be inactive).
+ * \retval #PSA_ERROR_INVALID_HANDLE
* \retval #PSA_ERROR_NOT_PERMITTED
* \retval #PSA_ERROR_INVALID_ARGUMENT
* \p handle is not compatible with \p alg.
@@ -2379,7 +2393,8 @@
* The application must call psa_aead_encrypt_setup() before
* calling this function.
*
- * If this function returns an error status, the operation becomes inactive.
+ * If this function returns an error status, the operation enters an error
+ * state and must be aborted by calling psa_aead_abort().
*
* \param[in,out] operation Active AEAD operation.
* \param[out] nonce Buffer where the generated nonce is to be
@@ -2391,7 +2406,8 @@
* \retval #PSA_SUCCESS
* Success.
* \retval #PSA_ERROR_BAD_STATE
- * The operation state is not valid (not set up, or nonce already set).
+ * The operation state is not valid (it must be an active aead encrypt
+ operation, with no nonce set).
* \retval #PSA_ERROR_BUFFER_TOO_SMALL
* The size of the \p nonce buffer is too small.
* \retval #PSA_ERROR_INSUFFICIENT_MEMORY
@@ -2414,10 +2430,11 @@
* This function sets the nonce for the authenticated
* encryption or decryption operation.
*
- * The application must call psa_aead_encrypt_setup() before
- * calling this function.
+ * The application must call psa_aead_encrypt_setup() or
+ * psa_aead_decrypt_setup() before calling this function.
*
- * If this function returns an error status, the operation becomes inactive.
+ * If this function returns an error status, the operation enters an error
+ * state and must be aborted by calling psa_aead_abort().
*
* \note When encrypting, applications should use psa_aead_generate_nonce()
* instead of this function, unless implementing a protocol that requires
@@ -2430,7 +2447,8 @@
* \retval #PSA_SUCCESS
* Success.
* \retval #PSA_ERROR_BAD_STATE
- * The operation state is not valid (not set up, or nonce already set).
+ * The operation state is not valid (it must be active, with no nonce
+ * set).
* \retval #PSA_ERROR_INVALID_ARGUMENT
* The size of \p nonce is not acceptable for the chosen algorithm.
* \retval #PSA_ERROR_INSUFFICIENT_MEMORY
@@ -2463,6 +2481,9 @@
* this function is not required.
* - For vendor-defined algorithm, refer to the vendor documentation.
*
+ * If this function returns an error status, the operation enters an error
+ * state and must be aborted by calling psa_aead_abort().
+ *
* \param[in,out] operation Active AEAD operation.
* \param ad_length Size of the non-encrypted additional
* authenticated data in bytes.
@@ -2471,8 +2492,9 @@
* \retval #PSA_SUCCESS
* Success.
* \retval #PSA_ERROR_BAD_STATE
- * The operation state is not valid (not set up, already completed,
- * or psa_aead_update_ad() or psa_aead_update() already called).
+ * The operation state is not valid (it must be active, and
+ * psa_aead_update_ad() and psa_aead_update() must not have been
+ * called yet).
* \retval #PSA_ERROR_INVALID_ARGUMENT
* At least one of the lengths is not acceptable for the chosen
* algorithm.
@@ -2501,7 +2523,8 @@
* 1. Call either psa_aead_encrypt_setup() or psa_aead_decrypt_setup().
* 2. Set the nonce with psa_aead_generate_nonce() or psa_aead_set_nonce().
*
- * If this function returns an error status, the operation becomes inactive.
+ * If this function returns an error status, the operation enters an error
+ * state and must be aborted by calling psa_aead_abort().
*
* \warning When decrypting, until psa_aead_verify() has returned #PSA_SUCCESS,
* there is no guarantee that the input is valid. Therefore, until
@@ -2517,8 +2540,9 @@
* \retval #PSA_SUCCESS
* Success.
* \retval #PSA_ERROR_BAD_STATE
- * The operation state is not valid (not set up, nonce not set,
- * psa_aead_update() already called, or operation already completed).
+ * The operation state is not valid (it must be active, have a nonce
+ * set, have lengths set if required by the algorithm, and
+ * psa_aead_update() must not have been called yet).
* \retval #PSA_ERROR_INVALID_ARGUMENT
* The total input length overflows the additional data length that
* was previously specified with psa_aead_set_lengths().
@@ -2545,7 +2569,8 @@
* 2. Set the nonce with psa_aead_generate_nonce() or psa_aead_set_nonce().
* 3. Call psa_aead_update_ad() to pass all the additional data.
*
- * If this function returns an error status, the operation becomes inactive.
+ * If this function returns an error status, the operation enters an error
+ * state and must be aborted by calling psa_aead_abort().
*
* \warning When decrypting, until psa_aead_verify() has returned #PSA_SUCCESS,
* there is no guarantee that the input is valid. Therefore, until
@@ -2585,8 +2610,8 @@
* \retval #PSA_SUCCESS
* Success.
* \retval #PSA_ERROR_BAD_STATE
- * The operation state is not valid (not set up, nonce not set
- * or already completed).
+ * The operation state is not valid (it must be active, have a nonce
+ * set, and have lengths set if required by the algorithm).
* \retval #PSA_ERROR_BUFFER_TOO_SMALL
* The size of the \p output buffer is too small.
* You can determine a sufficient buffer size by calling
@@ -2632,7 +2657,9 @@
* #PSA_AEAD_TAG_LENGTH(\c alg) where \c alg is the AEAD algorithm
* that the operation performs.
*
- * When this function returns, the operation becomes inactive.
+ * When this function returns successfuly, the operation becomes inactive.
+ * If this function returns an error status, the operation enters an error
+ * state and must be aborted by calling psa_aead_abort().
*
* \param[in,out] operation Active AEAD operation.
* \param[out] ciphertext Buffer where the last part of the ciphertext
@@ -2656,8 +2683,8 @@
* \retval #PSA_SUCCESS
* Success.
* \retval #PSA_ERROR_BAD_STATE
- * The operation state is not valid (not set up, nonce not set,
- * decryption, or already completed).
+ * The operation state is not valid (it must be an active encryption
+ * operation with a nonce set).
* \retval #PSA_ERROR_BUFFER_TOO_SMALL
* The size of the \p ciphertext or \p tag buffer is too small.
* You can determine a sufficient buffer size for \p ciphertext by
@@ -2695,12 +2722,26 @@
*
* The operation must have been set up with psa_aead_decrypt_setup().
*
- * This function finishes the authentication of the additional data
- * formed by concatenating the inputs passed to preceding calls to
- * psa_aead_update_ad() with the ciphertext formed by concatenating the
- * inputs passed to preceding calls to psa_aead_update().
+ * This function finishes the authenticated decryption of the message
+ * components:
*
- * When this function returns, the operation becomes inactive.
+ * - The additional data consisting of the concatenation of the inputs
+ * passed to preceding calls to psa_aead_update_ad().
+ * - The ciphertext consisting of the concatenation of the inputs passed to
+ * preceding calls to psa_aead_update().
+ * - The tag passed to this function call.
+ *
+ * If the authentication tag is correct, this function outputs any remaining
+ * plaintext and reports success. If the authentication tag is not correct,
+ * this function returns #PSA_ERROR_INVALID_SIGNATURE.
+ *
+ * When this function returns successfuly, the operation becomes inactive.
+ * If this function returns an error status, the operation enters an error
+ * state and must be aborted by calling psa_aead_abort().
+ *
+ * \note Implementations shall make the best effort to ensure that the
+ * comparison between the actual tag and the expected tag is performed
+ * in constant time.
*
* \param[in,out] operation Active AEAD operation.
* \param[out] plaintext Buffer where the last part of the plaintext
@@ -2720,9 +2761,12 @@
*
* \retval #PSA_SUCCESS
* Success.
+ * \retval #PSA_ERROR_INVALID_SIGNATURE
+ * The calculations were successful, but the authentication tag is
+ * not correct.
* \retval #PSA_ERROR_BAD_STATE
- * The operation state is not valid (not set up, nonce not set,
- * encryption, or already completed).
+ * The operation state is not valid (it must be an active decryption
+ * operation with a nonce set).
* \retval #PSA_ERROR_BUFFER_TOO_SMALL
* The size of the \p plaintext buffer is too small.
* You can determine a sufficient buffer size for \p plaintext by
@@ -2761,22 +2805,15 @@
* psa_aead_encrypt_setup() or psa_aead_decrypt_setup() again.
*
* You may call this function any time after the operation object has
- * been initialized by any of the following methods:
- * - A call to psa_aead_encrypt_setup() or psa_aead_decrypt_setup(),
- * whether it succeeds or not.
- * - Initializing the \c struct to all-bits-zero.
- * - Initializing the \c struct to logical zeros, e.g.
- * `psa_aead_operation_t operation = {0}`.
+ * been initialized as described in #psa_aead_operation_t.
*
* In particular, calling psa_aead_abort() after the operation has been
- * terminated by a call to psa_aead_abort() or psa_aead_finish()
- * is safe and has no effect.
+ * terminated by a call to psa_aead_abort(), psa_aead_finish() or
+ * psa_aead_verify() is safe and has no effect.
*
* \param[in,out] operation Initialized AEAD operation.
*
* \retval #PSA_SUCCESS
- * \retval #PSA_ERROR_BAD_STATE
- * \p operation is not an active AEAD operation.
* \retval #PSA_ERROR_COMMUNICATION_FAILURE
* \retval #PSA_ERROR_HARDWARE_FAILURE
* \retval #PSA_ERROR_CORRUPTION_DETECTED
@@ -3069,23 +3106,31 @@
* cryptographic material.
*
* To derive a key:
- * - Start with an initialized object of type #psa_key_derivation_operation_t.
- * - Call psa_key_derivation_setup() to select the algorithm.
- * - Provide the inputs for the key derivation by calling
- * psa_key_derivation_input_bytes() or psa_key_derivation_input_key()
- * as appropriate. Which inputs are needed, in what order, and whether
- * they may be keys and if so of what type depends on the algorithm.
- * - Optionally set the operation's maximum capacity with
- * psa_key_derivation_set_capacity(). You may do this before, in the middle
- * of or after providing inputs. For some algorithms, this step is mandatory
- * because the output depends on the maximum capacity.
- * - To derive a key, call psa_key_derivation_output_key().
- * To derive a byte string for a different purpose, call
- * - psa_key_derivation_output_bytes().
- * Successive calls to these functions use successive output bytes
- * calculated by the key derivation algorithm.
- * - Clean up the key derivation operation object with
- * psa_key_derivation_abort().
+ * -# Start with an initialized object of type #psa_key_derivation_operation_t.
+ * -# Call psa_key_derivation_setup() to select the algorithm.
+ * -# Provide the inputs for the key derivation by calling
+ * psa_key_derivation_input_bytes() or psa_key_derivation_input_key()
+ * as appropriate. Which inputs are needed, in what order, and whether
+ * they may be keys and if so of what type depends on the algorithm.
+ * -# Optionally set the operation's maximum capacity with
+ * psa_key_derivation_set_capacity(). You may do this before, in the middle
+ * of or after providing inputs. For some algorithms, this step is mandatory
+ * because the output depends on the maximum capacity.
+ * -# To derive a key, call psa_key_derivation_output_key().
+ * To derive a byte string for a different purpose, call
+ * psa_key_derivation_output_bytes().
+ * Successive calls to these functions use successive output bytes
+ * calculated by the key derivation algorithm.
+ * -# Clean up the key derivation operation object with
+ * psa_key_derivation_abort().
+ *
+ * If this function returns an error, the key derivation operation object is
+ * not changed.
+ *
+ * If an error occurs at any step after a call to psa_key_derivation_setup(),
+ * the operation will need to be reset by a call to psa_key_derivation_abort().
+ *
+ * Implementations must reject an attempt to derive a key of size 0.
*
* \param[in,out] operation The key derivation operation object
* to set up. It must
@@ -3106,7 +3151,7 @@
* \retval #PSA_ERROR_CORRUPTION_DETECTED
* \retval #PSA_ERROR_STORAGE_FAILURE
* \retval #PSA_ERROR_BAD_STATE
- * The operation state is either not initialized or has already been setup.
+ * The operation state is not valid (it must be inactive).
* \retval #PSA_ERROR_BAD_STATE
* The library has not been previously initialized by psa_crypto_init().
* It is implementation-dependent whether a failure to initialize
@@ -3128,7 +3173,7 @@
* \retval #PSA_SUCCESS
* \retval #PSA_ERROR_COMMUNICATION_FAILURE
* \retval #PSA_ERROR_BAD_STATE
- * The operation state is not valid.
+ * The operation state is not valid (it must be active).
* \retval #PSA_ERROR_HARDWARE_FAILURE
* \retval #PSA_ERROR_CORRUPTION_DETECTED
* \retval #PSA_ERROR_BAD_STATE
@@ -3156,7 +3201,7 @@
* In this case, the operation object remains valid and its capacity
* remains unchanged.
* \retval #PSA_ERROR_BAD_STATE
- * The operation state is not valid.
+ * The operation state is not valid (it must be active).
* \retval #PSA_ERROR_COMMUNICATION_FAILURE
* \retval #PSA_ERROR_HARDWARE_FAILURE
* \retval #PSA_ERROR_CORRUPTION_DETECTED
@@ -3188,6 +3233,9 @@
* using psa_key_derivation_input_key() instead of this function. Refer to
* the documentation of individual step types for information.
*
+ * If this function returns an error status, the operation enters an error
+ * state and must be aborted by calling psa_key_derivation_abort().
+ *
* \param[in,out] operation The key derivation operation object to use.
* It must have been set up with
* psa_key_derivation_setup() and must not
@@ -3208,7 +3256,7 @@
* \retval #PSA_ERROR_CORRUPTION_DETECTED
* \retval #PSA_ERROR_STORAGE_FAILURE
* \retval #PSA_ERROR_BAD_STATE
- * The value of \p step is not valid given the state of \p operation.
+ * The operation state is not valid for this input \p step.
* \retval #PSA_ERROR_BAD_STATE
* The library has not been previously initialized by psa_crypto_init().
* It is implementation-dependent whether a failure to initialize
@@ -3231,6 +3279,9 @@
* passed as direct inputs using psa_key_derivation_input_bytes(). Refer to
* the documentation of individual step types for information.
*
+ * If this function returns an error status, the operation enters an error
+ * state and must be aborted by calling psa_key_derivation_abort().
+ *
* \param[in,out] operation The key derivation operation object to use.
* It must have been set up with
* psa_key_derivation_setup() and must not
@@ -3254,7 +3305,7 @@
* \retval #PSA_ERROR_CORRUPTION_DETECTED
* \retval #PSA_ERROR_STORAGE_FAILURE
* \retval #PSA_ERROR_BAD_STATE
- * The value of \p step is not valid given the state of \p operation.
+ * The operation state is not valid for this input \p step.
* \retval #PSA_ERROR_BAD_STATE
* The library has not been previously initialized by psa_crypto_init().
* It is implementation-dependent whether a failure to initialize
@@ -3274,6 +3325,9 @@
* The output of this key derivation can be extracted by reading from the
* resulting operation to produce keys and other cryptographic material.
*
+ * If this function returns an error status, the operation enters an error
+ * state and must be aborted by calling psa_key_derivation_abort().
+ *
* \param[in,out] operation The key derivation operation object to use.
* It must have been set up with
* psa_key_derivation_setup() with a
@@ -3304,6 +3358,8 @@
*
* \retval #PSA_SUCCESS
* Success.
+ * \retval #PSA_ERROR_BAD_STATE
+ * The operation state is not valid for this key agreement \p step.
* \retval #PSA_ERROR_INVALID_HANDLE
* \retval #PSA_ERROR_NOT_PERMITTED
* \retval #PSA_ERROR_INVALID_ARGUMENT
@@ -3338,6 +3394,10 @@
* stream.
* The operation's capacity decreases by the number of bytes read.
*
+ * If this function returns an error status other than
+ * #PSA_ERROR_INSUFFICIENT_DATA, the operation enters an error
+ * state and must be aborted by calling psa_key_derivation_abort().
+ *
* \param[in,out] operation The key derivation operation object to read from.
* \param[out] output Buffer where the output will be written.
* \param output_length Number of bytes to output.
@@ -3351,6 +3411,8 @@
* subsequent calls to this function will not
* succeed, even with a smaller output buffer.
* \retval #PSA_ERROR_BAD_STATE
+ * The operation state is not valid (it must be active and completed
+ * all required input steps).
* \retval #PSA_ERROR_INSUFFICIENT_MEMORY
* \retval #PSA_ERROR_COMMUNICATION_FAILURE
* \retval #PSA_ERROR_HARDWARE_FAILURE
@@ -3370,11 +3432,18 @@
*
* This function calculates output bytes from a key derivation algorithm
* and uses those bytes to generate a key deterministically.
+ * The key's location, usage policy, type and size are taken from
+ * \p attributes.
+ *
* If you view the key derivation's output as a stream of bytes, this
* function destructively reads as many bytes as required from the
* stream.
* The operation's capacity decreases by the number of bytes read.
*
+ * If this function returns an error status other than
+ * #PSA_ERROR_INSUFFICIENT_DATA, the operation enters an error
+ * state and must be aborted by calling psa_key_derivation_abort().
+ *
* How much output is produced and consumed from the operation, and how
* the key is derived, depends on the key type:
*
@@ -3472,6 +3541,8 @@
* \retval #PSA_ERROR_INVALID_ARGUMENT
* The provided key attributes are not valid for the operation.
* \retval #PSA_ERROR_BAD_STATE
+ * The operation state is not valid (it must be active and completed
+ * all required input steps).
* \retval #PSA_ERROR_INSUFFICIENT_MEMORY
* \retval #PSA_ERROR_INSUFFICIENT_STORAGE
* \retval #PSA_ERROR_COMMUNICATION_FAILURE
@@ -3490,22 +3561,19 @@
/** Abort a key derivation operation.
*
- * Once a key derivation operation has been aborted, its capacity is zero.
- * Aborting an operation frees all associated resources except for the
- * \c operation structure itself.
+ * Aborting an operation frees all associated resources except for the \c
+ * operation structure itself. Once aborted, the operation object can be reused
+ * for another operation by calling psa_key_derivation_setup() again.
*
- * This function may be called at any time as long as the operation
- * object has been initialized to #PSA_KEY_DERIVATION_OPERATION_INIT, to
- * psa_key_derivation_operation_init() or a zero value. In particular,
- * it is valid to call psa_key_derivation_abort() twice, or to call
- * psa_key_derivation_abort() on an operation that has not been set up.
+ * This function may be called at any time after the operation
+ * object has been initialized as described in #psa_key_derivation_operation_t.
*
- * Once aborted, the key derivation operation object may be called.
+ * In particular, it is valid to call psa_key_derivation_abort() twice, or to
+ * call psa_key_derivation_abort() on an operation that has not been set up.
*
* \param[in,out] operation The operation to abort.
*
* \retval #PSA_SUCCESS
- * \retval #PSA_ERROR_BAD_STATE
* \retval #PSA_ERROR_COMMUNICATION_FAILURE
* \retval #PSA_ERROR_HARDWARE_FAILURE
* \retval #PSA_ERROR_CORRUPTION_DETECTED
@@ -3612,7 +3680,9 @@
* \brief Generate a key or key pair.
*
* The key is generated randomly.
- * Its location, policy, type and size are taken from \p attributes.
+ * Its location, usage policy, type and size are taken from \p attributes.
+ *
+ * Implementations must reject an attempt to generate a key of size 0.
*
* The following type-specific considerations apply:
* - For RSA keys (#PSA_KEY_TYPE_RSA_KEY_PAIR),
diff --git a/include/psa/crypto_extra.h b/include/psa/crypto_extra.h
index 636c881..f0e4782 100644
--- a/include/psa/crypto_extra.h
+++ b/include/psa/crypto_extra.h
@@ -45,21 +45,14 @@
#if !defined(MBEDTLS_DEPRECATED_REMOVED)
#define PSA_ERROR_UNKNOWN_ERROR \
MBEDTLS_DEPRECATED_NUMERIC_CONSTANT( PSA_ERROR_GENERIC_ERROR )
-#endif
-
-#if !defined(MBEDTLS_DEPRECATED_REMOVED)
#define PSA_ERROR_OCCUPIED_SLOT \
MBEDTLS_DEPRECATED_NUMERIC_CONSTANT( PSA_ERROR_ALREADY_EXISTS )
-#endif
-
-#if !defined(MBEDTLS_DEPRECATED_REMOVED)
#define PSA_ERROR_EMPTY_SLOT \
MBEDTLS_DEPRECATED_NUMERIC_CONSTANT( PSA_ERROR_DOES_NOT_EXIST )
-#endif
-
-#if !defined(MBEDTLS_DEPRECATED_REMOVED)
#define PSA_ERROR_INSUFFICIENT_CAPACITY \
MBEDTLS_DEPRECATED_NUMERIC_CONSTANT( PSA_ERROR_INSUFFICIENT_DATA )
+#define PSA_ERROR_TAMPERING_DETECTED \
+ MBEDTLS_DEPRECATED_NUMERIC_CONSTANT( PSA_ERROR_CORRUPTION_DETECTED )
#endif
/** \addtogroup attributes
diff --git a/include/psa/crypto_types.h b/include/psa/crypto_types.h
index b79c3b5..b6b6198 100644
--- a/include/psa/crypto_types.h
+++ b/include/psa/crypto_types.h
@@ -206,11 +206,12 @@
* values:
*
* - lifetime: #PSA_KEY_LIFETIME_VOLATILE.
- * - key identifier: unspecified.
- * - type: \c 0.
- * - key size: \c 0.
- * - usage flags: \c 0.
- * - algorithm: \c 0.
+ * - key identifier: 0 (which is not a valid key identifier).
+ * - type: \c 0 (meaning that the type is unspecified).
+ * - key size: \c 0 (meaning that the size is unspecified).
+ * - usage flags: \c 0 (which allows no usage except exporting a public key).
+ * - algorithm: \c 0 (which allows no cryptographic usage, but allows
+ * exporting).
*
* A typical sequence to create a key is as follows:
* -# Create and initialize an attribute structure.
diff --git a/include/psa/crypto_values.h b/include/psa/crypto_values.h
index fc0f963..b3e0940 100644
--- a/include/psa/crypto_values.h
+++ b/include/psa/crypto_values.h
@@ -284,7 +284,7 @@
*/
#define PSA_KEY_TYPE_NONE ((psa_key_type_t)0x00000000)
-/** Vendor-defined flag
+/** Vendor-defined key type flag.
*
* Key types defined by this standard will never have the
* #PSA_KEY_TYPE_VENDOR_FLAG bit set. Vendors who define additional key types
@@ -301,7 +301,10 @@
#define PSA_KEY_TYPE_CATEGORY_FLAG_PAIR ((psa_key_type_t)0x10000000)
-/** Whether a key type is vendor-defined. */
+/** Whether a key type is vendor-defined.
+ *
+ * See also #PSA_KEY_TYPE_VENDOR_FLAG.
+ */
#define PSA_KEY_TYPE_IS_VENDOR_DEFINED(type) \
(((type) & PSA_KEY_TYPE_VENDOR_FLAG) != 0)
@@ -561,7 +564,15 @@
(type) == PSA_KEY_TYPE_ARC4 ? 1 : \
0)
+/** Vendor-defined algorithm flag.
+ *
+ * Algorithms defined by this standard will never have the #PSA_ALG_VENDOR_FLAG
+ * bit set. Vendors who define additional algorithms must use an encoding with
+ * the #PSA_ALG_VENDOR_FLAG bit set and should respect the bitwise structure
+ * used by standard encodings whenever practical.
+ */
#define PSA_ALG_VENDOR_FLAG ((psa_algorithm_t)0x80000000)
+
#define PSA_ALG_CATEGORY_MASK ((psa_algorithm_t)0x7f000000)
#define PSA_ALG_CATEGORY_HASH ((psa_algorithm_t)0x01000000)
#define PSA_ALG_CATEGORY_MAC ((psa_algorithm_t)0x02000000)
@@ -572,6 +583,10 @@
#define PSA_ALG_CATEGORY_KEY_DERIVATION ((psa_algorithm_t)0x20000000)
#define PSA_ALG_CATEGORY_KEY_AGREEMENT ((psa_algorithm_t)0x30000000)
+/** Whether an algorithm is vendor-defined.
+ *
+ * See also #PSA_ALG_VENDOR_FLAG.
+ */
#define PSA_ALG_IS_VENDOR_DEFINED(alg) \
(((alg) & PSA_ALG_VENDOR_FLAG) != 0)
diff --git a/library/psa_crypto.c b/library/psa_crypto.c
index 98239c3..fe737d2 100644
--- a/library/psa_crypto.c
+++ b/library/psa_crypto.c
@@ -451,13 +451,6 @@
switch( type )
{
case PSA_KEY_TYPE_RAW_DATA:
- if( bits == 0 )
- {
- raw->bytes = 0;
- raw->data = NULL;
- return( PSA_SUCCESS );
- }
- break;
#if defined(MBEDTLS_MD_C)
case PSA_KEY_TYPE_HMAC:
#endif
@@ -1281,6 +1274,12 @@
if( export_public_key && ! PSA_KEY_TYPE_IS_ASYMMETRIC( slot->attr.type ) )
return( PSA_ERROR_INVALID_ARGUMENT );
+ /* Reject a zero-length output buffer now, since this can never be a
+ * valid key representation. This way we know that data must be a valid
+ * pointer and we can do things like memset(data, ..., data_size). */
+ if( data_size == 0 )
+ return( PSA_ERROR_BUFFER_TOO_SMALL );
+
#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
if( psa_get_se_driver( slot->attr.lifetime, &drv, &drv_context ) )
{
@@ -1302,12 +1301,9 @@
{
if( slot->data.raw.bytes > data_size )
return( PSA_ERROR_BUFFER_TOO_SMALL );
- if( data_size != 0 )
- {
- memcpy( data, slot->data.raw.data, slot->data.raw.bytes );
- memset( data + slot->data.raw.bytes, 0,
- data_size - slot->data.raw.bytes );
- }
+ memcpy( data, slot->data.raw.data, slot->data.raw.bytes );
+ memset( data + slot->data.raw.bytes, 0,
+ data_size - slot->data.raw.bytes );
*data_length = slot->data.raw.bytes;
return( PSA_SUCCESS );
}
@@ -1366,10 +1362,7 @@
}
if( ret < 0 )
{
- /* If data_size is 0 then data may be NULL and then the
- * call to memset would have undefined behavior. */
- if( data_size != 0 )
- memset( data, 0, data_size );
+ memset( data, 0, data_size );
return( mbedtls_to_psa_error( ret ) );
}
/* The mbedtls_pk_xxx functions write to the end of the buffer.
@@ -1676,7 +1669,7 @@
slot->attr.bits );
uint8_t *buffer = mbedtls_calloc( 1, buffer_size );
size_t length = 0;
- if( buffer == NULL && buffer_size != 0 )
+ if( buffer == NULL )
return( PSA_ERROR_INSUFFICIENT_MEMORY );
status = psa_internal_export_key( slot,
buffer, buffer_size, &length,
@@ -1685,8 +1678,7 @@
status = psa_save_persistent_key( &slot->attr,
buffer, length );
- if( buffer_size != 0 )
- mbedtls_platform_zeroize( buffer, buffer_size );
+ mbedtls_platform_zeroize( buffer, buffer_size );
mbedtls_free( buffer );
}
}
@@ -1826,6 +1818,12 @@
psa_key_slot_t *slot = NULL;
psa_se_drv_table_entry_t *driver = NULL;
+ /* Reject zero-length symmetric keys (including raw data key objects).
+ * This also rejects any key which might be encoded as an empty string,
+ * which is never valid. */
+ if( data_length == 0 )
+ return( PSA_ERROR_INVALID_ARGUMENT );
+
status = psa_start_key_creation( PSA_KEY_CREATION_IMPORT, attributes,
handle, &slot, &driver );
if( status != PSA_SUCCESS )
@@ -1957,7 +1955,7 @@
buffer_size = PSA_KEY_EXPORT_MAX_SIZE( source->attr.type,
psa_get_key_slot_bits( source ) );
buffer = mbedtls_calloc( 1, buffer_size );
- if( buffer == NULL && buffer_size != 0 )
+ if( buffer == NULL )
return( PSA_ERROR_INSUFFICIENT_MEMORY );
status = psa_internal_export_key( source, buffer, buffer_size, &length, 0 );
if( status != PSA_SUCCESS )
@@ -1966,8 +1964,7 @@
status = psa_import_key_into_slot( target, buffer, length );
exit:
- if( buffer_size != 0 )
- mbedtls_platform_zeroize( buffer, buffer_size );
+ mbedtls_platform_zeroize( buffer, buffer_size );
mbedtls_free( buffer );
return( status );
}
@@ -3194,8 +3191,8 @@
if( status != PSA_SUCCESS )
return( status );
- if( signature_length < mbedtls_rsa_get_len( rsa ) )
- return( PSA_ERROR_BUFFER_TOO_SMALL );
+ if( signature_length != mbedtls_rsa_get_len( rsa ) )
+ return( PSA_ERROR_INVALID_SIGNATURE );
#if defined(MBEDTLS_PKCS1_V15)
if( PSA_ALG_IS_RSA_PKCS1V15_SIGN( alg ) )
@@ -3350,6 +3347,12 @@
#endif /* MBEDTLS_PSA_CRYPTO_SE_C */
*signature_length = signature_size;
+ /* Immediately reject a zero-length signature buffer. This guarantees
+ * that signature must be a valid pointer. (On the other hand, the hash
+ * buffer can in principle be empty since it doesn't actually have
+ * to be a hash.) */
+ if( signature_size == 0 )
+ return( PSA_ERROR_BUFFER_TOO_SMALL );
status = psa_get_key_from_slot( handle, &slot, PSA_KEY_USAGE_SIGN, alg );
if( status != PSA_SUCCESS )
@@ -3425,7 +3428,7 @@
if( status == PSA_SUCCESS )
memset( signature + *signature_length, '!',
signature_size - *signature_length );
- else if( signature_size != 0 )
+ else
memset( signature, '!', signature_size );
/* If signature_size is 0 then we have nothing to do. We must not call
* memset because signature may be NULL in this case. */
@@ -4778,6 +4781,12 @@
psa_status_t status;
psa_key_slot_t *slot = NULL;
psa_se_drv_table_entry_t *driver = NULL;
+
+ /* Reject any attempt to create a zero-length key so that we don't
+ * risk tripping up later, e.g. on a malloc(0) that returns NULL. */
+ if( psa_get_key_bits( attributes ) == 0 )
+ return( PSA_ERROR_INVALID_ARGUMENT );
+
status = psa_start_key_creation( PSA_KEY_CREATION_DERIVE,
attributes, handle, &slot, &driver );
#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
@@ -5512,6 +5521,11 @@
psa_key_slot_t *slot = NULL;
psa_se_drv_table_entry_t *driver = NULL;
+ /* Reject any attempt to create a zero-length key so that we don't
+ * risk tripping up later, e.g. on a malloc(0) that returns NULL. */
+ if( psa_get_key_bits( attributes ) == 0 )
+ return( PSA_ERROR_INVALID_ARGUMENT );
+
status = psa_start_key_creation( PSA_KEY_CREATION_GENERATE,
attributes, handle, &slot, &driver );
if( status != PSA_SUCCESS )
diff --git a/scripts/generate_psa_constants.py b/scripts/generate_psa_constants.py
index bf76c2d..c2d2558 100755
--- a/scripts/generate_psa_constants.py
+++ b/scripts/generate_psa_constants.py
@@ -205,9 +205,13 @@
self.key_usages = set()
# "#define" followed by a macro name with either no parameters
- # or a single parameter. Grab the macro name in group 1, the
- # parameter name if any in group 2 and the definition in group 3.
- definition_re = re.compile(r'\s*#\s*define\s+(\w+)(?:\s+|\((\w+)\)\s*)(.+)(?:/[*/])?')
+ # or a single parameter and a non-empty expansion.
+ # Grab the macro name in group 1, the parameter name if any in group 2
+ # and the expansion in group 3.
+ _define_directive_re = re.compile(r'\s*#\s*define\s+(\w+)' +
+ r'(?:\s+|\((\w+)\)\s*)' +
+ r'(.+)')
+ _deprecated_definition_re = re.compile(r'\s*MBEDTLS_DEPRECATED')
def read_line(self, line):
"""Parse a C header line and record the PSA identifier it defines if any.
@@ -215,24 +219,21 @@
(up to non-significant whitespace) and skips all non-matching lines.
"""
# pylint: disable=too-many-branches
- m = re.match(self.definition_re, line)
+ m = re.match(self._define_directive_re, line)
if not m:
return
- name, parameter, definition = m.groups()
+ name, parameter, expansion = m.groups()
+ expansion = re.sub(r'/\*.*?\*/|//.*', r' ', expansion)
+ if re.match(self._deprecated_definition_re, expansion):
+ # Skip deprecated values, which are assumed to be
+ # backward compatibility aliases that share
+ # numerical values with non-deprecated values.
+ return
if name.endswith('_FLAG') or name.endswith('MASK'):
# Macro only to build actual values
return
elif (name.startswith('PSA_ERROR_') or name == 'PSA_SUCCESS') \
and not parameter:
- if name in ['PSA_ERROR_UNKNOWN_ERROR',
- 'PSA_ERROR_OCCUPIED_SLOT',
- 'PSA_ERROR_EMPTY_SLOT',
- 'PSA_ERROR_INSUFFICIENT_CAPACITY',
- ]:
- # Ad hoc skipping of deprecated error codes, which share
- # numerical values with non-deprecated error codes
- return
-
self.statuses.add(name)
elif name.startswith('PSA_KEY_TYPE_') and not parameter:
self.key_types.add(name)
@@ -251,10 +252,10 @@
return
self.algorithms.add(name)
# Ad hoc detection of hash algorithms
- if re.search(r'0x010000[0-9A-Fa-f]{2}', definition):
+ if re.search(r'0x010000[0-9A-Fa-f]{2}', expansion):
self.hash_algorithms.add(name)
# Ad hoc detection of key agreement algorithms
- if re.search(r'0x30[0-9A-Fa-f]{2}0000', definition):
+ if re.search(r'0x30[0-9A-Fa-f]{2}0000', expansion):
self.ka_algorithms.add(name)
elif name.startswith('PSA_ALG_') and parameter == 'hash_alg':
if name in ['PSA_ALG_DSA', 'PSA_ALG_ECDSA']:
@@ -271,6 +272,9 @@
def read_file(self, header_file):
for line in header_file:
+ while line.endswith('\\\n'):
+ cont = next(header_file)
+ line = line[:-2] + cont
self.read_line(line)
@staticmethod
diff --git a/tests/scripts/test_psa_constant_names.py b/tests/scripts/test_psa_constant_names.py
index cf3a224..724f8d9 100755
--- a/tests/scripts/test_psa_constant_names.py
+++ b/tests/scripts/test_psa_constant_names.py
@@ -159,19 +159,25 @@
# Regex of macro names to exclude.
_excluded_name_re = re.compile(r'_(?:GET|IS|OF)_|_(?:BASE|FLAG|MASK)\Z')
# Additional excluded macros.
- # PSA_ALG_ECDH and PSA_ALG_FFDH are excluded for now as the script
- # currently doesn't support them. Deprecated errors are also excluded.
- _excluded_names = set(['PSA_ALG_AEAD_WITH_DEFAULT_TAG_LENGTH',
- 'PSA_ALG_AEAD_WITH_DEFAULT_TAG_LENGTH_CASE',
- 'PSA_ALG_FULL_LENGTH_MAC',
- 'PSA_ALG_ECDH',
- 'PSA_ALG_FFDH',
- 'PSA_ERROR_UNKNOWN_ERROR',
- 'PSA_ERROR_OCCUPIED_SLOT',
- 'PSA_ERROR_EMPTY_SLOT',
- 'PSA_ERROR_INSUFFICIENT_CAPACITY',
- ])
-
+ _excluded_names = set([
+ # Macros that provide an alternative way to build the same
+ # algorithm as another macro.
+ 'PSA_ALG_AEAD_WITH_DEFAULT_TAG_LENGTH',
+ 'PSA_ALG_FULL_LENGTH_MAC',
+ # Auxiliary macro whose name doesn't fit the usual patterns for
+ # auxiliary macros.
+ 'PSA_ALG_AEAD_WITH_DEFAULT_TAG_LENGTH_CASE',
+ # PSA_ALG_ECDH and PSA_ALG_FFDH are excluded for now as the script
+ # currently doesn't support them.
+ 'PSA_ALG_ECDH',
+ 'PSA_ALG_FFDH',
+ # Deprecated aliases.
+ 'PSA_ERROR_UNKNOWN_ERROR',
+ 'PSA_ERROR_OCCUPIED_SLOT',
+ 'PSA_ERROR_EMPTY_SLOT',
+ 'PSA_ERROR_INSUFFICIENT_CAPACITY',
+ 'PSA_ERROR_TAMPERING_DETECTED',
+ ])
def parse_header_line(self, line):
"""Parse a C header line, looking for "#define PSA_xxx"."""
m = re.match(self._header_line_re, line)
diff --git a/tests/suites/test_suite_psa_crypto.data b/tests/suites/test_suite_psa_crypto.data
index 1f3c136..8fe4cd2 100644
--- a/tests/suites/test_suite_psa_crypto.data
+++ b/tests/suites/test_suite_psa_crypto.data
@@ -22,9 +22,6 @@
PSA key attributes: slot number
slot_number_attribute:
-PSA import/export raw: 0 bytes
-import_export:"":PSA_KEY_TYPE_RAW_DATA:PSA_KEY_USAGE_EXPORT:0:0:0:PSA_SUCCESS:1
-
PSA import/export raw: 1 bytes
import_export:"2a":PSA_KEY_TYPE_RAW_DATA:PSA_KEY_USAGE_EXPORT:0:8:0:PSA_SUCCESS:1
@@ -266,6 +263,18 @@
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_RSA_C
import_export:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b2400":PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:1024:0:PSA_SUCCESS:0
+PSA import: reject raw data key of length 0
+# The spec allows either INVALID_ARGUMENT or NOT_SUPPORTED
+import_with_data:"":PSA_KEY_TYPE_RAW_DATA:0:PSA_ERROR_INVALID_ARGUMENT
+
+PSA import: reject raw data key of length 0 and declared size 1 bit
+# The spec allows either INVALID_ARGUMENT or NOT_SUPPORTED
+import_with_data:"":PSA_KEY_TYPE_RAW_DATA:1:PSA_ERROR_INVALID_ARGUMENT
+
+PSA import: reject raw data key of length 0 and declared size 8 bits
+# The spec allows either INVALID_ARGUMENT or NOT_SUPPORTED
+import_with_data:"":PSA_KEY_TYPE_RAW_DATA:8:PSA_ERROR_INVALID_ARGUMENT
+
PSA import EC keypair: DER format
depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED
import_with_data:"3077020101042049c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eeea00a06082a8648ce3d030107a144034200047772656f814b399279d5e1f1781fac6f099a3c5ca1b0e35351834b08b65e0b572590cdaf8f769361bcf34acfc11e5e074e8426bdde04be6e653945449617de45":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_CURVE_SECP256R1):0:PSA_ERROR_INVALID_ARGUMENT
@@ -568,8 +577,8 @@
depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECDH_C:MBEDTLS_ECDSA_C
key_policy_alg2:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_CURVE_SECP256R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_KEY_USAGE_DERIVE | PSA_KEY_USAGE_SIGN | PSA_KEY_USAGE_VERIFY:PSA_ALG_ECDH:PSA_ALG_ECDSA_ANY
-Copy key: raw, 0 bytes
-copy_success:PSA_KEY_USAGE_COPY:0:0:PSA_KEY_TYPE_RAW_DATA:"":1:-1:-1:0:PSA_KEY_USAGE_COPY:0:0
+Copy key: raw, 1 byte
+copy_success:PSA_KEY_USAGE_COPY:0:0:PSA_KEY_TYPE_RAW_DATA:"2a":1:-1:-1:0:PSA_KEY_USAGE_COPY:0:0
Copy key: AES, copy attributes
depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR
@@ -1560,6 +1569,14 @@
depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C
sign_fail:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_CURVE_SECP256R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_DETERMINISTIC_ECDSA( PSA_ALG_SHA_256 ):"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":63:PSA_ERROR_BUFFER_TOO_SMALL
+PSA sign: RSA PKCS#1 v1.5 SHA-256, empty output buffer
+depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA256_C
+sign_fail:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):"ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad":0:PSA_ERROR_BUFFER_TOO_SMALL
+
+PSA sign: deterministic ECDSA SECP256R1 SHA-256, empty output buffer
+depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C
+sign_fail:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_CURVE_SECP256R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_DETERMINISTIC_ECDSA( PSA_ALG_SHA_256 ):"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":0:PSA_ERROR_BUFFER_TOO_SMALL
+
PSA sign: deterministic ECDSA SECP256R1, invalid hash algorithm (0)
depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECDSA_DETERMINISTIC
sign_fail:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_CURVE_SECP256R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_DETERMINISTIC_ECDSA( 0 ):"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":72:PSA_ERROR_INVALID_ARGUMENT
@@ -1612,14 +1629,30 @@
depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA256_C
asymmetric_verify:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):"ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad":"a73664d55b39c7ea6c1e5b5011724a11e1d7073d3a68f48c836fad153a1d91b6abdbc8f69da13b206cc96af6363b114458b026af14b24fab8929ed634c6a2acace0bcc62d9bb6a984afbcbfcd3a0608d32a2bae535b9cd1ecdf9dd281db1e0025c3bfb5512963ec3b98ddaa69e38bc3c84b1b61a04e5648640856aacc6fc7311"
-PSA verify: RSA PKCS#1 v1.5 SHA-256, wrong hash
+PSA verify: RSA PKCS#1 v1.5 SHA-256, wrong hash length
depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA1_C
asymmetric_verify_fail:PSA_KEY_TYPE_RSA_PUBLIC_KEY:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_1):"ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad":"a73664d55b39c7ea6c1e5b5011724a11e1d7073d3a68f48c836fad153a1d91b6abdbc8f69da13b206cc96af6363b114458b026af14b24fab8929ed634c6a2acace0bcc62d9bb6a984afbcbfcd3a0608d32a2bae535b9cd1ecdf9dd281db1e0025c3bfb5512963ec3b98ddaa69e38bc3c84b1b61a04e5648640856aacc6fc7311":PSA_ERROR_INVALID_ARGUMENT
-PSA verify: RSA PKCS#1 v1.5 SHA-256, wrong signature
+PSA verify: RSA PKCS#1 v1.5 SHA-256, wrong signature (same size)
depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA256_C
asymmetric_verify_fail:PSA_KEY_TYPE_RSA_PUBLIC_KEY:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):"ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad":"111164d55b39c7ea6c1e5b5011724a11e1d7073d3a68f48c836fad153a1d91b6abdbc8f69da13b206cc96af6363b114458b026af14b24fab8929ed634c6a2acace0bcc62d9bb6a984afbcbfcd3a0608d32a2bae535b9cd1ecdf9dd281db1e0025c3bfb5512963ec3b98ddaa69e38bc3c84b1b61a04e5648640856aacc6fc7311":PSA_ERROR_INVALID_SIGNATURE
+PSA verify: RSA PKCS#1 v1.5 SHA-256, wrong signature (empty)
+depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA256_C
+asymmetric_verify_fail:PSA_KEY_TYPE_RSA_PUBLIC_KEY:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):"ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad":"":PSA_ERROR_INVALID_SIGNATURE
+
+PSA verify: RSA PKCS#1 v1.5 SHA-256, wrong signature (truncated)
+depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA256_C
+asymmetric_verify_fail:PSA_KEY_TYPE_RSA_PUBLIC_KEY:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):"ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad":"a73664d55b39c7ea6c1e5b5011724a11e1d7073d3a68f48c836fad153a1d91b6abdbc8f69da13b206cc96af6363b114458b026af14b24fab8929ed634c6a2acace0bcc62d9bb6a984afbcbfcd3a0608d32a2bae535b9cd1ecdf9dd281db1e0025c3bfb5512963ec3b98ddaa69e38bc3c84b1b61a04e5648640856aacc6fc73":PSA_ERROR_INVALID_SIGNATURE
+
+PSA verify: RSA PKCS#1 v1.5 SHA-256, wrong signature (trailing junk)
+depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA256_C
+asymmetric_verify_fail:PSA_KEY_TYPE_RSA_PUBLIC_KEY:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):"ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad":"a73664d55b39c7ea6c1e5b5011724a11e1d7073d3a68f48c836fad153a1d91b6abdbc8f69da13b206cc96af6363b114458b026af14b24fab8929ed634c6a2acace0bcc62d9bb6a984afbcbfcd3a0608d32a2bae535b9cd1ecdf9dd281db1e0025c3bfb5512963ec3b98ddaa69e38bc3c84b1b61a04e5648640856aacc6fc731121":PSA_ERROR_INVALID_SIGNATURE
+
+PSA verify: RSA PKCS#1 v1.5 SHA-256, wrong signature (leading junk)
+depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA256_C
+asymmetric_verify_fail:PSA_KEY_TYPE_RSA_PUBLIC_KEY:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):"ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad":"21a73664d55b39c7ea6c1e5b5011724a11e1d7073d3a68f48c836fad153a1d91b6abdbc8f69da13b206cc96af6363b114458b026af14b24fab8929ed634c6a2acace0bcc62d9bb6a984afbcbfcd3a0608d32a2bae535b9cd1ecdf9dd281db1e0025c3bfb5512963ec3b98ddaa69e38bc3c84b1b61a04e5648640856aacc6fc7311":PSA_ERROR_INVALID_SIGNATURE
+
PSA verify: RSA PSS SHA-256, good signature, 0 bytes
depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V21:MBEDTLS_SHA256_C
asymmetric_verify:PSA_KEY_TYPE_RSA_PUBLIC_KEY:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):"":"34c011b625c32d992f4ab8fcfa52b616ea66270b5b75a4fc71af712f9b8806bcdd374ce50eafcbb489562b93347885f93c2de1d404c45cacccefceb112ff6ffdfe4264f91d66320bbbe09304b851b8ad6280bbccc571eebcd49c7db5dfa399a6289e1978407904598751613d9870770cdd8507e3dc7b46851dbf05ae1df2988d"
@@ -1648,6 +1681,22 @@
depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECDSA_C
asymmetric_verify_fail:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_CURVE_SECP256R1):"04dea5e45d0ea37fc566232a508f4ad20ea13d47e4bf5fa4d54a57a0ba012042087097496efc583fed8b24a5b9be9a51de063f5a00a8b698a16fd7f29b5485f320":PSA_ALG_ECDSA_ANY:"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":"6a3399f69421ffe1490377adf2ea1f117d81a63cf5bf22e918d51175eb259151ce95d7c26cc04e25503e2f7a1ec3573e3c2412534bb4a19b3a7811742f49f50e":PSA_ERROR_INVALID_SIGNATURE
+PSA verify: ECDSA SECP256R1, wrong signature (empty)
+depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C
+asymmetric_verify_fail:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_CURVE_SECP256R1):"04dea5e45d0ea37fc566232a508f4ad20ea13d47e4bf5fa4d54a57a0ba012042087097496efc583fed8b24a5b9be9a51de063f5a00a8b698a16fd7f29b5485f320":PSA_ALG_ECDSA_ANY:"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":"":PSA_ERROR_INVALID_SIGNATURE
+
+PSA verify: ECDSA SECP256R1, wrong signature (truncated)
+depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C
+asymmetric_verify_fail:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_CURVE_SECP256R1):"04dea5e45d0ea37fc566232a508f4ad20ea13d47e4bf5fa4d54a57a0ba012042087097496efc583fed8b24a5b9be9a51de063f5a00a8b698a16fd7f29b5485f320":PSA_ALG_ECDSA_ANY:"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":"6a3399f69421ffe1490377adf2ea1f117d81a63cf5bf22e918d51175eb259151ce95d7c26cc04e25503e2f7a1ec3573e3c2412534bb4a19b3a7811742f49f5":PSA_ERROR_INVALID_SIGNATURE
+
+PSA verify: ECDSA SECP256R1, wrong signature (trailing junk)
+depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C
+asymmetric_verify_fail:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_CURVE_SECP256R1):"04dea5e45d0ea37fc566232a508f4ad20ea13d47e4bf5fa4d54a57a0ba012042087097496efc583fed8b24a5b9be9a51de063f5a00a8b698a16fd7f29b5485f320":PSA_ALG_ECDSA_ANY:"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":"6a3399f69421ffe1490377adf2ea1f117d81a63cf5bf22e918d51175eb259151ce95d7c26cc04e25503e2f7a1ec3573e3c2412534bb4a19b3a7811742f49f50f21":PSA_ERROR_INVALID_SIGNATURE
+
+PSA verify: ECDSA SECP256R1, wrong signature (leading junk)
+depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C
+asymmetric_verify_fail:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_CURVE_SECP256R1):"04dea5e45d0ea37fc566232a508f4ad20ea13d47e4bf5fa4d54a57a0ba012042087097496efc583fed8b24a5b9be9a51de063f5a00a8b698a16fd7f29b5485f320":PSA_ALG_ECDSA_ANY:"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":"216a3399f69421ffe1490377adf2ea1f117d81a63cf5bf22e918d51175eb259151ce95d7c26cc04e25503e2f7a1ec3573e3c2412534bb4a19b3a7811742f49f50f":PSA_ERROR_INVALID_SIGNATURE
+
PSA verify: invalid algorithm for ECC key
depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V21
asymmetric_verify_fail:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_CURVE_SECP256R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):"":"":PSA_ERROR_INVALID_ARGUMENT
@@ -2135,6 +2184,23 @@
depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C
derive_key:PSA_ALG_HKDF(PSA_ALG_SHA_256):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8f9":PSA_KEY_TYPE_CATEGORY_MASK:128:PSA_ERROR_INVALID_ARGUMENT
+PSA key derivation: invalid length (0)
+depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C
+# The spec allows either INVALID_ARGUMENT or NOT_SUPPORTED
+derive_key:PSA_ALG_HKDF(PSA_ALG_SHA_256):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8f9":PSA_KEY_TYPE_RAW_DATA:0:PSA_ERROR_INVALID_ARGUMENT
+
+PSA key derivation: invalid length (7 bits)
+depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C
+derive_key:PSA_ALG_HKDF(PSA_ALG_SHA_256):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8f9":PSA_KEY_TYPE_RAW_DATA:7:PSA_ERROR_INVALID_ARGUMENT
+
+PSA key derivation: raw data, 8 bits
+depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C
+derive_key:PSA_ALG_HKDF(PSA_ALG_SHA_256):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8f9":PSA_KEY_TYPE_RAW_DATA:8:PSA_SUCCESS
+
+PSA key derivation: invalid length (9 bits)
+depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C
+derive_key:PSA_ALG_HKDF(PSA_ALG_SHA_256):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8f9":PSA_KEY_TYPE_RAW_DATA:9:PSA_ERROR_INVALID_ARGUMENT
+
# This test assumes that PSA_MAX_KEY_BITS (currently 65536-8 bits = 8191 bytes
# and not expected to be raised any time soon) is less than the maximum
# output from HKDF-SHA512 (255*64 = 16320 bytes).
@@ -2258,8 +2324,9 @@
PSA generate key: bad type (RSA public key)
generate_key:PSA_KEY_TYPE_RSA_PUBLIC_KEY:512:PSA_KEY_USAGE_EXPORT:0:PSA_ERROR_NOT_SUPPORTED
-PSA generate key: raw data, 0 bits
-generate_key:PSA_KEY_TYPE_RAW_DATA:128:PSA_KEY_USAGE_EXPORT:0:PSA_SUCCESS
+PSA generate key: raw data, 0 bits: invalid argument
+# The spec allows either INVALID_ARGUMENT or NOT_SUPPORTED
+generate_key:PSA_KEY_TYPE_RAW_DATA:0:PSA_KEY_USAGE_EXPORT:0:PSA_ERROR_INVALID_ARGUMENT
PSA generate key: raw data, 7 bits: invalid argument
generate_key:PSA_KEY_TYPE_RAW_DATA:7:PSA_KEY_USAGE_EXPORT:0:PSA_ERROR_INVALID_ARGUMENT
@@ -2267,6 +2334,9 @@
PSA generate key: raw data, 8 bits
generate_key:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0:PSA_SUCCESS
+PSA generate key: raw data, 9 bits: invalid argument
+generate_key:PSA_KEY_TYPE_RAW_DATA:9:PSA_KEY_USAGE_EXPORT:0:PSA_ERROR_INVALID_ARGUMENT
+
PSA generate key: raw data, (MBEDTLS_CTR_DRBG_MAX_REQUEST + 1) * 8 bits
generate_key:PSA_KEY_TYPE_RAW_DATA:(MBEDTLS_CTR_DRBG_MAX_REQUEST + 1) * 8:PSA_KEY_USAGE_EXPORT:0:PSA_SUCCESS
@@ -2324,6 +2394,11 @@
depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V21:MBEDTLS_SHA256_C
generate_key:PSA_KEY_TYPE_RSA_KEY_PAIR:1024:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_RSA_OAEP(PSA_ALG_SHA_256):PSA_SUCCESS
+PSA generate key: RSA, 0 bits: invalid
+depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME
+# The spec allows either INVALID_ARGUMENT or NOT_SUPPORTED
+generate_key:PSA_KEY_TYPE_RSA_KEY_PAIR:0:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_ERROR_INVALID_ARGUMENT
+
PSA generate key: RSA, 1022 bits: not supported
depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME
generate_key:PSA_KEY_TYPE_RSA_KEY_PAIR:1022:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_ERROR_NOT_SUPPORTED
@@ -2362,9 +2437,9 @@
PSA generate key: RSA, e=2
generate_key_rsa:512:"01":PSA_ERROR_INVALID_ARGUMENT
-PSA import persistent key: raw data, 0 bits
+PSA import persistent key: raw data, 8 bits
depends_on:MBEDTLS_PK_C:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PSA_CRYPTO_STORAGE_C
-persistent_key_load_key_from_storage:"":PSA_KEY_TYPE_RAW_DATA:0:PSA_KEY_USAGE_EXPORT:0:IMPORT_KEY
+persistent_key_load_key_from_storage:"2a":PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0:IMPORT_KEY
PSA import persistent key: AES, 128 bits, exportable
depends_on:MBEDTLS_PK_C:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PSA_CRYPTO_STORAGE_C
diff --git a/tests/suites/test_suite_psa_crypto_persistent_key.data b/tests/suites/test_suite_psa_crypto_persistent_key.data
index 64b683f..8765dfc 100644
--- a/tests/suites/test_suite_psa_crypto_persistent_key.data
+++ b/tests/suites/test_suite_psa_crypto_persistent_key.data
@@ -44,9 +44,6 @@
depends_on:MBEDTLS_PK_C:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C
persistent_key_import:1:PSA_KEY_TYPE_RSA_KEY_PAIR:"11111111":0:PSA_ERROR_INVALID_ARGUMENT
-import/export persistent raw key: 0 byte
-import_export_persistent_key:"":PSA_KEY_TYPE_RAW_DATA:0:0:0
-
import/export persistent raw key: 1 byte
import_export_persistent_key:"2a":PSA_KEY_TYPE_RAW_DATA:8:0:0
@@ -73,9 +70,6 @@
depends_on:MBEDTLS_PK_C:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C
import_export_persistent_key:"2b7e151628aed2a6abf7158809cf4f3c":PSA_KEY_TYPE_AES:128:0:0
-import/export persistent raw key with restart: 0 byte
-import_export_persistent_key:"":PSA_KEY_TYPE_RAW_DATA:0:1:0
-
import/export persistent raw key with restart: 1 byte
import_export_persistent_key:"2a":PSA_KEY_TYPE_RAW_DATA:8:1:0
diff --git a/tests/suites/test_suite_psa_crypto_se_driver_hal_mocks.function b/tests/suites/test_suite_psa_crypto_se_driver_hal_mocks.function
index e364178..e6b3f7b 100644
--- a/tests/suites/test_suite_psa_crypto_se_driver_hal_mocks.function
+++ b/tests/suites/test_suite_psa_crypto_se_driver_hal_mocks.function
@@ -396,6 +396,7 @@
psa_set_key_lifetime( &attributes, lifetime );
psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_EXPORT );
psa_set_key_type( &attributes, PSA_KEY_TYPE_RAW_DATA );
+ psa_set_key_bits( &attributes, 8 );
TEST_ASSERT( psa_generate_key( &attributes, &handle ) == expected_result );
TEST_ASSERT( mock_allocate_data.called == 1 );
TEST_ASSERT( mock_generate_data.called ==
@@ -482,6 +483,8 @@
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
const uint8_t key_material[3] = {0xfa, 0xca, 0xde};
psa_algorithm_t algorithm = PSA_ALG_ECDSA(PSA_ALG_SHA_256);
+ const uint8_t hash[1] = {'H'};
+ uint8_t signature[1] = {'S'};
size_t signature_length;
mock_sign_data.return_value = mock_sign_return_value;
@@ -512,7 +515,9 @@
key_material, sizeof( key_material ),
&handle ) );
- TEST_ASSERT( psa_asymmetric_sign( handle, algorithm, NULL, 0, NULL, 0,
+ TEST_ASSERT( psa_asymmetric_sign( handle, algorithm,
+ hash, sizeof( hash ),
+ signature, sizeof( signature ),
&signature_length)
== expected_result );
TEST_ASSERT( mock_sign_data.called == 1 );
@@ -538,6 +543,8 @@
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
const uint8_t key_material[3] = {0xfa, 0xca, 0xde};
psa_algorithm_t algorithm = PSA_ALG_ECDSA(PSA_ALG_SHA_256);
+ const uint8_t hash[1] = {'H'};
+ const uint8_t signature[1] = {'S'};
mock_verify_data.return_value = mock_verify_return_value;
memset( &driver, 0, sizeof( driver ) );
@@ -567,7 +574,9 @@
key_material, sizeof( key_material ),
&handle ) );
- TEST_ASSERT( psa_asymmetric_verify( handle, algorithm, NULL, 0, NULL, 0)
+ TEST_ASSERT( psa_asymmetric_verify( handle, algorithm,
+ hash, sizeof( hash ),
+ signature, sizeof( signature ) )
== expected_result );
TEST_ASSERT( mock_verify_data.called == 1 );