From 29b64073af945f3ac7bcd0f17d75683dee38802e Mon Sep 17 00:00:00 2001 From: "Adrian L. Shaw" Date: Tue, 6 Aug 2019 16:02:12 +0100 Subject: [PATCH 01/59] Added missing return codes to get_key_attributes Note that PSA_ERROR_NOT_PERMITTED is not included because I can't think of a scenario where you have a valid key handle but aren't allowed to read the attributes --- include/psa/crypto.h | 2 ++ 1 file changed, 2 insertions(+) diff --git a/include/psa/crypto.h b/include/psa/crypto.h index 0d8cbfa1f9..2a63098a84 100644 --- a/include/psa/crypto.h +++ b/include/psa/crypto.h @@ -328,6 +328,8 @@ static size_t psa_get_key_bits(const psa_key_attributes_t *attributes); * \retval #PSA_ERROR_INVALID_HANDLE * \retval #PSA_ERROR_INSUFFICIENT_MEMORY * \retval #PSA_ERROR_COMMUNICATION_FAILURE + * \retval #PSA_ERROR_CORRUPTION_DETECTED + * \retval #PSA_ERROR_STORAGE_FAILURE */ psa_status_t psa_get_key_attributes(psa_key_handle_t handle, psa_key_attributes_t *attributes); From 89b7152ed037624044557c453267369f0784f71d Mon Sep 17 00:00:00 2001 From: "Adrian L. Shaw" Date: Tue, 6 Aug 2019 16:21:00 +0100 Subject: [PATCH 02/59] Added PSA_ERROR_STORAGE_FAILURE to psa_export_key It may be possible that an implementation does not fetch key material until a command like this is called and such an error may occur if an off-chip secure storage dependency may have been wiped. --- include/psa/crypto.h | 1 + 1 file changed, 1 insertion(+) diff --git a/include/psa/crypto.h b/include/psa/crypto.h index 2a63098a84..96ffa0bbb4 100644 --- a/include/psa/crypto.h +++ b/include/psa/crypto.h @@ -617,6 +617,7 @@ psa_status_t psa_destroy_key(psa_key_handle_t handle); * \retval #PSA_ERROR_COMMUNICATION_FAILURE * \retval #PSA_ERROR_HARDWARE_FAILURE * \retval #PSA_ERROR_CORRUPTION_DETECTED + * \retval #PSA_ERROR_STORAGE_FAILURE * \retval #PSA_ERROR_BAD_STATE * The library has not been previously initialized by psa_crypto_init(). * It is implementation-dependent whether a failure to initialize From 0542d595ce7b9f3f9af0873fcf9c93c831641427 Mon Sep 17 00:00:00 2001 From: "Adrian L. Shaw" Date: Tue, 6 Aug 2019 16:34:44 +0100 Subject: [PATCH 03/59] Add PSA_ERROR_INSUFFICIENT_MEMORY to psa_export_key It may be possible that the implementation runs out of memory when exporting a key from storage or a secure element. For example, it may not be possible to directly move the data from storage to the caller, so the implementation will have to buffer the material temporarily (an issue if dynamic memory allocation scheme is used). For a large key this is more likely to return. --- include/psa/crypto.h | 1 + 1 file changed, 1 insertion(+) diff --git a/include/psa/crypto.h b/include/psa/crypto.h index 96ffa0bbb4..d62c2a9ddf 100644 --- a/include/psa/crypto.h +++ b/include/psa/crypto.h @@ -618,6 +618,7 @@ psa_status_t psa_destroy_key(psa_key_handle_t handle); * \retval #PSA_ERROR_HARDWARE_FAILURE * \retval #PSA_ERROR_CORRUPTION_DETECTED * \retval #PSA_ERROR_STORAGE_FAILURE + * \retval #PSA_ERROR_INSUFFICIENT_MEMORY * \retval #PSA_ERROR_BAD_STATE * The library has not been previously initialized by psa_crypto_init(). * It is implementation-dependent whether a failure to initialize From 742084ea25e11c10f0a7843728ebca05376d262e Mon Sep 17 00:00:00 2001 From: "Adrian L. Shaw" Date: Tue, 6 Aug 2019 16:54:52 +0100 Subject: [PATCH 04/59] Removed PSA_ERROR_DOES_NOT_EXIST from psa_export_key If the key doesn't exist by the time this call is made then the handle is invalid, which means that PSA_ERROR_INVALID_HANDLE should be returned rather than "does not exist" --- include/psa/crypto.h | 1 - 1 file changed, 1 deletion(-) diff --git a/include/psa/crypto.h b/include/psa/crypto.h index d62c2a9ddf..f787b13696 100644 --- a/include/psa/crypto.h +++ b/include/psa/crypto.h @@ -604,7 +604,6 @@ psa_status_t psa_destroy_key(psa_key_handle_t handle); * * \retval #PSA_SUCCESS * \retval #PSA_ERROR_INVALID_HANDLE - * \retval #PSA_ERROR_DOES_NOT_EXIST * \retval #PSA_ERROR_NOT_PERMITTED * The key does not have the #PSA_KEY_USAGE_EXPORT flag. * \retval #PSA_ERROR_NOT_SUPPORTED From 88c51adfc08720dd7dcf2ba75a5c8a415d53713c Mon Sep 17 00:00:00 2001 From: "Adrian L. Shaw" Date: Tue, 6 Aug 2019 17:09:33 +0100 Subject: [PATCH 05/59] Added PSA_ERROR_INSUFFICIENT_MEMORY to psa_export_public_key For the same reasons that psa_export_key can fail with this error --- include/psa/crypto.h | 1 + 1 file changed, 1 insertion(+) diff --git a/include/psa/crypto.h b/include/psa/crypto.h index f787b13696..8a987e9b1a 100644 --- a/include/psa/crypto.h +++ b/include/psa/crypto.h @@ -687,6 +687,7 @@ psa_status_t psa_export_key(psa_key_handle_t handle, * \retval #PSA_ERROR_COMMUNICATION_FAILURE * \retval #PSA_ERROR_HARDWARE_FAILURE * \retval #PSA_ERROR_CORRUPTION_DETECTED + * \retval #PSA_ERROR_INSUFFICIENT_MEMORY * \retval #PSA_ERROR_BAD_STATE * The library has not been previously initialized by psa_crypto_init(). * It is implementation-dependent whether a failure to initialize From e926e7370fb59a0d4ce9266c266334deb8c88505 Mon Sep 17 00:00:00 2001 From: "Adrian L. Shaw" Date: Tue, 6 Aug 2019 17:12:44 +0100 Subject: [PATCH 06/59] Removed PSA_DOES_NOT_EXIST from psa_export_public_key The implementation should return PSA_ERROR_INVALID_HANDLE instead. --- include/psa/crypto.h | 1 - 1 file changed, 1 deletion(-) diff --git a/include/psa/crypto.h b/include/psa/crypto.h index 8a987e9b1a..49f98b101c 100644 --- a/include/psa/crypto.h +++ b/include/psa/crypto.h @@ -674,7 +674,6 @@ psa_status_t psa_export_key(psa_key_handle_t handle, * * \retval #PSA_SUCCESS * \retval #PSA_ERROR_INVALID_HANDLE - * \retval #PSA_ERROR_DOES_NOT_EXIST * \retval #PSA_ERROR_INVALID_ARGUMENT * The key is neither a public key nor a key pair. * \retval #PSA_ERROR_NOT_SUPPORTED From 398b3c27e0eff516c4ac7b6ad710600a50bea4f4 Mon Sep 17 00:00:00 2001 From: "Adrian L. Shaw" Date: Tue, 6 Aug 2019 17:22:41 +0100 Subject: [PATCH 07/59] Add PSA_ERROR_STORAGE_FAILURE to psa_export_public_key The same reason that it is included in psa_export_key --- include/psa/crypto.h | 1 + 1 file changed, 1 insertion(+) diff --git a/include/psa/crypto.h b/include/psa/crypto.h index 49f98b101c..ed3aec7f12 100644 --- a/include/psa/crypto.h +++ b/include/psa/crypto.h @@ -686,6 +686,7 @@ psa_status_t psa_export_key(psa_key_handle_t handle, * \retval #PSA_ERROR_COMMUNICATION_FAILURE * \retval #PSA_ERROR_HARDWARE_FAILURE * \retval #PSA_ERROR_CORRUPTION_DETECTED + * \retval #PSA_ERROR_STORAGE_FAILURE * \retval #PSA_ERROR_INSUFFICIENT_MEMORY * \retval #PSA_ERROR_BAD_STATE * The library has not been previously initialized by psa_crypto_init(). From 60b0320af0579a21a2f3123f1d8bb5a81a050b1e Mon Sep 17 00:00:00 2001 From: "Adrian L. Shaw" Date: Tue, 6 Aug 2019 17:26:16 +0100 Subject: [PATCH 08/59] Add PSA_ERROR_STORAGE_FAILURE to psa_copy_key --- include/psa/crypto.h | 1 + 1 file changed, 1 insertion(+) diff --git a/include/psa/crypto.h b/include/psa/crypto.h index ed3aec7f12..2f5ec018ca 100644 --- a/include/psa/crypto.h +++ b/include/psa/crypto.h @@ -775,6 +775,7 @@ psa_status_t psa_export_public_key(psa_key_handle_t handle, * \retval #PSA_ERROR_INSUFFICIENT_STORAGE * \retval #PSA_ERROR_COMMUNICATION_FAILURE * \retval #PSA_ERROR_HARDWARE_FAILURE + * \retval #PSA_ERROR_STORAGE_FAILURE * \retval #PSA_ERROR_CORRUPTION_DETECTED */ psa_status_t psa_copy_key(psa_key_handle_t source_handle, From f7d852a9d5d41d351610dc3d6ee36bef8e50b746 Mon Sep 17 00:00:00 2001 From: "Adrian L. Shaw" Date: Tue, 6 Aug 2019 17:50:26 +0100 Subject: [PATCH 09/59] Added PSA_ERROR_BUFFER_TOO_SMALL to psa_hash_compute --- include/psa/crypto.h | 2 ++ 1 file changed, 2 insertions(+) diff --git a/include/psa/crypto.h b/include/psa/crypto.h index 2f5ec018ca..a797cd54fe 100644 --- a/include/psa/crypto.h +++ b/include/psa/crypto.h @@ -807,6 +807,8 @@ psa_status_t psa_copy_key(psa_key_handle_t source_handle, * Success. * \retval #PSA_ERROR_NOT_SUPPORTED * \p alg is not supported or is not a hash algorithm. + * \retval #PSA_ERROR_BUFFER_TOO_SMALL + * \p hash_size is too small * \retval #PSA_ERROR_INSUFFICIENT_MEMORY * \retval #PSA_ERROR_COMMUNICATION_FAILURE * \retval #PSA_ERROR_HARDWARE_FAILURE From fa591c44afa8771a0c472252ecfa5b65bb9393ca Mon Sep 17 00:00:00 2001 From: "Adrian L. Shaw" Date: Wed, 7 Aug 2019 10:47:47 +0100 Subject: [PATCH 10/59] Added PSA_ERROR_STORAGE_FAILURE to psa_mac_compute In case the key could not be retrieved from storage. --- include/psa/crypto.h | 2 ++ 1 file changed, 2 insertions(+) diff --git a/include/psa/crypto.h b/include/psa/crypto.h index a797cd54fe..de79c9b210 100644 --- a/include/psa/crypto.h +++ b/include/psa/crypto.h @@ -1134,6 +1134,8 @@ psa_status_t psa_hash_clone(const psa_hash_operation_t *source_operation, * \retval #PSA_ERROR_COMMUNICATION_FAILURE * \retval #PSA_ERROR_HARDWARE_FAILURE * \retval #PSA_ERROR_CORRUPTION_DETECTED + * \retval #PSA_ERROR_STORAGE_FAILURE + * The key could not be retrieved from storage. * \retval #PSA_ERROR_BAD_STATE * The library has not been previously initialized by psa_crypto_init(). * It is implementation-dependent whether a failure to initialize From dec47b6f9dbab4f8679c69203465807bc8e06629 Mon Sep 17 00:00:00 2001 From: "Adrian L. Shaw" Date: Wed, 7 Aug 2019 14:25:38 +0100 Subject: [PATCH 11/59] Added the possibility of PSA_ERROR_BAD_STATE to all functions --- include/psa/crypto.h | 165 ++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 163 insertions(+), 2 deletions(-) diff --git a/include/psa/crypto.h b/include/psa/crypto.h index de79c9b210..e6fa93af6b 100644 --- a/include/psa/crypto.h +++ b/include/psa/crypto.h @@ -330,6 +330,10 @@ static size_t psa_get_key_bits(const psa_key_attributes_t *attributes); * \retval #PSA_ERROR_COMMUNICATION_FAILURE * \retval #PSA_ERROR_CORRUPTION_DETECTED * \retval #PSA_ERROR_STORAGE_FAILURE + * \retval #PSA_ERROR_BAD_STATE + * The library has not been previously initialized by psa_crypto_init(). + * It is implementation-dependent whether a failure to initialize + * results in this error code. */ psa_status_t psa_get_key_attributes(psa_key_handle_t handle, psa_key_attributes_t *attributes); @@ -395,6 +399,10 @@ void psa_reset_key_attributes(psa_key_attributes_t *attributes); * through implementation-specific means. * \retval #PSA_ERROR_COMMUNICATION_FAILURE * \retval #PSA_ERROR_STORAGE_FAILURE + * \retval #PSA_ERROR_BAD_STATE + * The library has not been previously initialized by psa_crypto_init(). + * It is implementation-dependent whether a failure to initialize + * results in this error code. */ psa_status_t psa_open_key(psa_key_id_t id, psa_key_handle_t *handle); @@ -421,6 +429,10 @@ psa_status_t psa_open_key(psa_key_id_t id, * \retval #PSA_SUCCESS * \retval #PSA_ERROR_INVALID_HANDLE * \retval #PSA_ERROR_COMMUNICATION_FAILURE + * \retval #PSA_ERROR_BAD_STATE + * The library has not been previously initialized by psa_crypto_init(). + * It is implementation-dependent whether a failure to initialize + * results in this error code. */ psa_status_t psa_close_key(psa_key_handle_t handle); @@ -777,6 +789,10 @@ psa_status_t psa_export_public_key(psa_key_handle_t handle, * \retval #PSA_ERROR_HARDWARE_FAILURE * \retval #PSA_ERROR_STORAGE_FAILURE * \retval #PSA_ERROR_CORRUPTION_DETECTED + * \retval #PSA_ERROR_BAD_STATE + * The library has not been previously initialized by psa_crypto_init(). + * It is implementation-dependent whether a failure to initialize + * results in this error code. */ psa_status_t psa_copy_key(psa_key_handle_t source_handle, const psa_key_attributes_t *attributes, @@ -813,6 +829,10 @@ psa_status_t psa_copy_key(psa_key_handle_t source_handle, * \retval #PSA_ERROR_COMMUNICATION_FAILURE * \retval #PSA_ERROR_HARDWARE_FAILURE * \retval #PSA_ERROR_CORRUPTION_DETECTED + * \retval #PSA_ERROR_BAD_STATE + * The library has not been previously initialized by psa_crypto_init(). + * It is implementation-dependent whether a failure to initialize + * results in this error code. */ psa_status_t psa_hash_compute(psa_algorithm_t alg, const uint8_t *input, @@ -842,6 +862,10 @@ psa_status_t psa_hash_compute(psa_algorithm_t alg, * \retval #PSA_ERROR_COMMUNICATION_FAILURE * \retval #PSA_ERROR_HARDWARE_FAILURE * \retval #PSA_ERROR_CORRUPTION_DETECTED + * \retval #PSA_ERROR_BAD_STATE + * The library has not been previously initialized by psa_crypto_init(). + * It is implementation-dependent whether a failure to initialize + * results in this error code. */ psa_status_t psa_hash_compare(psa_algorithm_t alg, const uint8_t *input, @@ -936,6 +960,10 @@ static psa_hash_operation_t psa_hash_operation_init(void); * \retval #PSA_ERROR_COMMUNICATION_FAILURE * \retval #PSA_ERROR_HARDWARE_FAILURE * \retval #PSA_ERROR_CORRUPTION_DETECTED + * \retval #PSA_ERROR_BAD_STATE + * The library has not been previously initialized by psa_crypto_init(). + * It is implementation-dependent whether a failure to initialize + * results in this error code. */ psa_status_t psa_hash_setup(psa_hash_operation_t *operation, psa_algorithm_t alg); @@ -958,6 +986,10 @@ psa_status_t psa_hash_setup(psa_hash_operation_t *operation, * \retval #PSA_ERROR_COMMUNICATION_FAILURE * \retval #PSA_ERROR_HARDWARE_FAILURE * \retval #PSA_ERROR_CORRUPTION_DETECTED + * \retval #PSA_ERROR_BAD_STATE + * The library has not been previously initialized by psa_crypto_init(). + * It is implementation-dependent whether a failure to initialize + * results in this error code. */ psa_status_t psa_hash_update(psa_hash_operation_t *operation, const uint8_t *input, @@ -999,6 +1031,10 @@ psa_status_t psa_hash_update(psa_hash_operation_t *operation, * \retval #PSA_ERROR_COMMUNICATION_FAILURE * \retval #PSA_ERROR_HARDWARE_FAILURE * \retval #PSA_ERROR_CORRUPTION_DETECTED + * \retval #PSA_ERROR_BAD_STATE + * The library has not been previously initialized by psa_crypto_init(). + * It is implementation-dependent whether a failure to initialize + * results in this error code. */ psa_status_t psa_hash_finish(psa_hash_operation_t *operation, uint8_t *hash, @@ -1035,6 +1071,10 @@ psa_status_t psa_hash_finish(psa_hash_operation_t *operation, * \retval #PSA_ERROR_COMMUNICATION_FAILURE * \retval #PSA_ERROR_HARDWARE_FAILURE * \retval #PSA_ERROR_CORRUPTION_DETECTED + * \retval #PSA_ERROR_BAD_STATE + * The library has not been previously initialized by psa_crypto_init(). + * It is implementation-dependent whether a failure to initialize + * results in this error code. */ psa_status_t psa_hash_verify(psa_hash_operation_t *operation, const uint8_t *hash, @@ -1066,6 +1106,10 @@ psa_status_t psa_hash_verify(psa_hash_operation_t *operation, * \retval #PSA_ERROR_COMMUNICATION_FAILURE * \retval #PSA_ERROR_HARDWARE_FAILURE * \retval #PSA_ERROR_CORRUPTION_DETECTED + * \retval #PSA_ERROR_BAD_STATE + * The library has not been previously initialized by psa_crypto_init(). + * It is implementation-dependent whether a failure to initialize + * results in this error code. */ psa_status_t psa_hash_abort(psa_hash_operation_t *operation); @@ -1092,6 +1136,10 @@ psa_status_t psa_hash_abort(psa_hash_operation_t *operation); * \retval #PSA_ERROR_COMMUNICATION_FAILURE * \retval #PSA_ERROR_HARDWARE_FAILURE * \retval #PSA_ERROR_CORRUPTION_DETECTED + * \retval #PSA_ERROR_BAD_STATE + * The library has not been previously initialized by psa_crypto_init(). + * It is implementation-dependent whether a failure to initialize + * results in this error code. */ psa_status_t psa_hash_clone(const psa_hash_operation_t *source_operation, psa_hash_operation_t *target_operation); @@ -1174,6 +1222,12 @@ psa_status_t psa_mac_compute(psa_key_handle_t handle, * \retval #PSA_ERROR_COMMUNICATION_FAILURE * \retval #PSA_ERROR_HARDWARE_FAILURE * \retval #PSA_ERROR_CORRUPTION_DETECTED + * \retval #PSA_ERROR_STORAGE_FAILURE + * The key could not be retrieved from storage. + * \retval #PSA_ERROR_BAD_STATE + * The library has not been previously initialized by psa_crypto_init(). + * It is implementation-dependent whether a failure to initialize + * results in this error code. */ psa_status_t psa_mac_verify(psa_key_handle_t handle, psa_algorithm_t alg, @@ -1369,6 +1423,10 @@ psa_status_t psa_mac_verify_setup(psa_mac_operation_t *operation, * \retval #PSA_ERROR_COMMUNICATION_FAILURE * \retval #PSA_ERROR_HARDWARE_FAILURE * \retval #PSA_ERROR_CORRUPTION_DETECTED + * \retval #PSA_ERROR_BAD_STATE + * The library has not been previously initialized by psa_crypto_init(). + * It is implementation-dependent whether a failure to initialize + * results in this error code. */ psa_status_t psa_mac_update(psa_mac_operation_t *operation, const uint8_t *input, @@ -1411,6 +1469,10 @@ psa_status_t psa_mac_update(psa_mac_operation_t *operation, * \retval #PSA_ERROR_COMMUNICATION_FAILURE * \retval #PSA_ERROR_HARDWARE_FAILURE * \retval #PSA_ERROR_CORRUPTION_DETECTED + * \retval #PSA_ERROR_BAD_STATE + * The library has not been previously initialized by psa_crypto_init(). + * It is implementation-dependent whether a failure to initialize + * results in this error code. */ psa_status_t psa_mac_sign_finish(psa_mac_operation_t *operation, uint8_t *mac, @@ -1447,6 +1509,10 @@ psa_status_t psa_mac_sign_finish(psa_mac_operation_t *operation, * \retval #PSA_ERROR_COMMUNICATION_FAILURE * \retval #PSA_ERROR_HARDWARE_FAILURE * \retval #PSA_ERROR_CORRUPTION_DETECTED + * \retval #PSA_ERROR_BAD_STATE + * The library has not been previously initialized by psa_crypto_init(). + * It is implementation-dependent whether a failure to initialize + * results in this error code. */ psa_status_t psa_mac_verify_finish(psa_mac_operation_t *operation, const uint8_t *mac, @@ -1479,6 +1545,10 @@ psa_status_t psa_mac_verify_finish(psa_mac_operation_t *operation, * \retval #PSA_ERROR_COMMUNICATION_FAILURE * \retval #PSA_ERROR_HARDWARE_FAILURE * \retval #PSA_ERROR_CORRUPTION_DETECTED + * \retval #PSA_ERROR_BAD_STATE + * The library has not been previously initialized by psa_crypto_init(). + * It is implementation-dependent whether a failure to initialize + * results in this error code. */ psa_status_t psa_mac_abort(psa_mac_operation_t *operation); @@ -1521,6 +1591,10 @@ psa_status_t psa_mac_abort(psa_mac_operation_t *operation); * \retval #PSA_ERROR_COMMUNICATION_FAILURE * \retval #PSA_ERROR_HARDWARE_FAILURE * \retval #PSA_ERROR_CORRUPTION_DETECTED + * \retval #PSA_ERROR_BAD_STATE + * The library has not been previously initialized by psa_crypto_init(). + * It is implementation-dependent whether a failure to initialize + * results in this error code. */ psa_status_t psa_cipher_encrypt(psa_key_handle_t handle, psa_algorithm_t alg, @@ -1561,7 +1635,11 @@ psa_status_t psa_cipher_encrypt(psa_key_handle_t handle, * \retval #PSA_ERROR_INSUFFICIENT_MEMORY * \retval #PSA_ERROR_COMMUNICATION_FAILURE * \retval #PSA_ERROR_HARDWARE_FAILURE - * \retval #PSA_ERROR_CORRUPTION_DETECTED + * \retval #PSA_ERROR_BAD_STATE + * The library has not been previously initialized by psa_crypto_init(). + * It is implementation-dependent whether a failure to initialize + * results in this error code. * \retval #PSA_ERROR_CORRUPTION_DETECTED + */ psa_status_t psa_cipher_decrypt(psa_key_handle_t handle, psa_algorithm_t alg, @@ -1768,6 +1846,10 @@ psa_status_t psa_cipher_decrypt_setup(psa_cipher_operation_t *operation, * \retval #PSA_ERROR_COMMUNICATION_FAILURE * \retval #PSA_ERROR_HARDWARE_FAILURE * \retval #PSA_ERROR_CORRUPTION_DETECTED + * \retval #PSA_ERROR_BAD_STATE + * The library has not been previously initialized by psa_crypto_init(). + * It is implementation-dependent whether a failure to initialize + * results in this error code. */ psa_status_t psa_cipher_generate_iv(psa_cipher_operation_t *operation, uint8_t *iv, @@ -1803,6 +1885,10 @@ psa_status_t psa_cipher_generate_iv(psa_cipher_operation_t *operation, * \retval #PSA_ERROR_COMMUNICATION_FAILURE * \retval #PSA_ERROR_HARDWARE_FAILURE * \retval #PSA_ERROR_CORRUPTION_DETECTED + * \retval #PSA_ERROR_BAD_STATE + * The library has not been previously initialized by psa_crypto_init(). + * It is implementation-dependent whether a failure to initialize + * results in this error code. */ psa_status_t psa_cipher_set_iv(psa_cipher_operation_t *operation, const uint8_t *iv, @@ -1839,6 +1925,10 @@ psa_status_t psa_cipher_set_iv(psa_cipher_operation_t *operation, * \retval #PSA_ERROR_COMMUNICATION_FAILURE * \retval #PSA_ERROR_HARDWARE_FAILURE * \retval #PSA_ERROR_CORRUPTION_DETECTED + * \retval #PSA_ERROR_BAD_STATE + * The library has not been previously initialized by psa_crypto_init(). + * It is implementation-dependent whether a failure to initialize + * results in this error code. */ psa_status_t psa_cipher_update(psa_cipher_operation_t *operation, const uint8_t *input, @@ -1877,6 +1967,10 @@ psa_status_t psa_cipher_update(psa_cipher_operation_t *operation, * \retval #PSA_ERROR_COMMUNICATION_FAILURE * \retval #PSA_ERROR_HARDWARE_FAILURE * \retval #PSA_ERROR_CORRUPTION_DETECTED + * \retval #PSA_ERROR_BAD_STATE + * The library has not been previously initialized by psa_crypto_init(). + * It is implementation-dependent whether a failure to initialize + * results in this error code. */ psa_status_t psa_cipher_finish(psa_cipher_operation_t *operation, uint8_t *output, @@ -1910,6 +2004,10 @@ psa_status_t psa_cipher_finish(psa_cipher_operation_t *operation, * \retval #PSA_ERROR_COMMUNICATION_FAILURE * \retval #PSA_ERROR_HARDWARE_FAILURE * \retval #PSA_ERROR_CORRUPTION_DETECTED + * \retval #PSA_ERROR_BAD_STATE + * The library has not been previously initialized by psa_crypto_init(). + * It is implementation-dependent whether a failure to initialize + * results in this error code. */ psa_status_t psa_cipher_abort(psa_cipher_operation_t *operation); @@ -2234,6 +2332,10 @@ psa_status_t psa_aead_decrypt_setup(psa_aead_operation_t *operation, * \retval #PSA_ERROR_COMMUNICATION_FAILURE * \retval #PSA_ERROR_HARDWARE_FAILURE * \retval #PSA_ERROR_CORRUPTION_DETECTED + * \retval #PSA_ERROR_BAD_STATE + * The library has not been previously initialized by psa_crypto_init(). + * It is implementation-dependent whether a failure to initialize + * results in this error code. */ psa_status_t psa_aead_generate_nonce(psa_aead_operation_t *operation, uint8_t *nonce, @@ -2268,6 +2370,10 @@ psa_status_t psa_aead_generate_nonce(psa_aead_operation_t *operation, * \retval #PSA_ERROR_COMMUNICATION_FAILURE * \retval #PSA_ERROR_HARDWARE_FAILURE * \retval #PSA_ERROR_CORRUPTION_DETECTED + * \retval #PSA_ERROR_BAD_STATE + * The library has not been previously initialized by psa_crypto_init(). + * It is implementation-dependent whether a failure to initialize + * results in this error code. */ psa_status_t psa_aead_set_nonce(psa_aead_operation_t *operation, const uint8_t *nonce, @@ -2306,6 +2412,10 @@ psa_status_t psa_aead_set_nonce(psa_aead_operation_t *operation, * \retval #PSA_ERROR_COMMUNICATION_FAILURE * \retval #PSA_ERROR_HARDWARE_FAILURE * \retval #PSA_ERROR_CORRUPTION_DETECTED + * \retval #PSA_ERROR_BAD_STATE + * The library has not been previously initialized by psa_crypto_init(). + * It is implementation-dependent whether a failure to initialize + * results in this error code. */ psa_status_t psa_aead_set_lengths(psa_aead_operation_t *operation, size_t ad_length, @@ -2348,6 +2458,10 @@ psa_status_t psa_aead_set_lengths(psa_aead_operation_t *operation, * \retval #PSA_ERROR_COMMUNICATION_FAILURE * \retval #PSA_ERROR_HARDWARE_FAILURE * \retval #PSA_ERROR_CORRUPTION_DETECTED + * \retval #PSA_ERROR_BAD_STATE + * The library has not been previously initialized by psa_crypto_init(). + * It is implementation-dependent whether a failure to initialize + * results in this error code. */ psa_status_t psa_aead_update_ad(psa_aead_operation_t *operation, const uint8_t *input, @@ -2420,6 +2534,10 @@ psa_status_t psa_aead_update_ad(psa_aead_operation_t *operation, * \retval #PSA_ERROR_COMMUNICATION_FAILURE * \retval #PSA_ERROR_HARDWARE_FAILURE * \retval #PSA_ERROR_CORRUPTION_DETECTED + * \retval #PSA_ERROR_BAD_STATE + * The library has not been previously initialized by psa_crypto_init(). + * It is implementation-dependent whether a failure to initialize + * results in this error code. */ psa_status_t psa_aead_update(psa_aead_operation_t *operation, const uint8_t *input, @@ -2489,6 +2607,10 @@ psa_status_t psa_aead_update(psa_aead_operation_t *operation, * \retval #PSA_ERROR_COMMUNICATION_FAILURE * \retval #PSA_ERROR_HARDWARE_FAILURE * \retval #PSA_ERROR_CORRUPTION_DETECTED + * \retval #PSA_ERROR_BAD_STATE + * The library has not been previously initialized by psa_crypto_init(). + * It is implementation-dependent whether a failure to initialize + * results in this error code. */ psa_status_t psa_aead_finish(psa_aead_operation_t *operation, uint8_t *ciphertext, @@ -2547,6 +2669,10 @@ psa_status_t psa_aead_finish(psa_aead_operation_t *operation, * \retval #PSA_ERROR_COMMUNICATION_FAILURE * \retval #PSA_ERROR_HARDWARE_FAILURE * \retval #PSA_ERROR_CORRUPTION_DETECTED + * \retval #PSA_ERROR_BAD_STATE + * The library has not been previously initialized by psa_crypto_init(). + * It is implementation-dependent whether a failure to initialize + * results in this error code. */ psa_status_t psa_aead_verify(psa_aead_operation_t *operation, uint8_t *plaintext, @@ -2582,6 +2708,10 @@ psa_status_t psa_aead_verify(psa_aead_operation_t *operation, * \retval #PSA_ERROR_COMMUNICATION_FAILURE * \retval #PSA_ERROR_HARDWARE_FAILURE * \retval #PSA_ERROR_CORRUPTION_DETECTED + * \retval #PSA_ERROR_BAD_STATE + * The library has not been previously initialized by psa_crypto_init(). + * It is implementation-dependent whether a failure to initialize + * results in this error code. */ psa_status_t psa_aead_abort(psa_aead_operation_t *operation); @@ -2891,6 +3021,11 @@ static psa_key_derivation_operation_t psa_key_derivation_operation_init(void); * \retval #PSA_ERROR_HARDWARE_FAILURE * \retval #PSA_ERROR_CORRUPTION_DETECTED * \retval #PSA_ERROR_BAD_STATE + * The operation state is either not initialized or has been setup. + * \retval #PSA_ERROR_BAD_STATE + * The library has not been previously initialized by psa_crypto_init(). + * It is implementation-dependent whether a failure to initialize + * results in this error code. */ psa_status_t psa_key_derivation_setup( psa_key_derivation_operation_t *operation, @@ -2906,8 +3041,13 @@ psa_status_t psa_key_derivation_setup( * \param[out] capacity On success, the capacity of the operation. * * \retval #PSA_SUCCESS - * \retval #PSA_ERROR_BAD_STATE * \retval #PSA_ERROR_COMMUNICATION_FAILURE + * \retval #PSA_ERROR_BAD_STATE + * The operation state is not valid. + * \retval #PSA_ERROR_BAD_STATE + * The library has not been previously initialized by psa_crypto_init(). + * It is implementation-dependent whether a failure to initialize + * results in this error code. */ psa_status_t psa_key_derivation_get_capacity( const psa_key_derivation_operation_t *operation, @@ -2929,7 +3069,12 @@ psa_status_t psa_key_derivation_get_capacity( * In this case, the operation object remains valid and its capacity * remains unchanged. * \retval #PSA_ERROR_BAD_STATE + * The operation state is not valid. * \retval #PSA_ERROR_COMMUNICATION_FAILURE + * \retval #PSA_ERROR_BAD_STATE + * The library has not been previously initialized by psa_crypto_init(). + * It is implementation-dependent whether a failure to initialize + * results in this error code. */ psa_status_t psa_key_derivation_set_capacity( psa_key_derivation_operation_t *operation, @@ -3082,6 +3227,10 @@ psa_status_t psa_key_derivation_input_key( * \retval #PSA_ERROR_COMMUNICATION_FAILURE * \retval #PSA_ERROR_HARDWARE_FAILURE * \retval #PSA_ERROR_CORRUPTION_DETECTED + * \retval #PSA_ERROR_BAD_STATE + * The library has not been previously initialized by psa_crypto_init(). + * It is implementation-dependent whether a failure to initialize + * results in this error code. */ psa_status_t psa_key_derivation_key_agreement( psa_key_derivation_operation_t *operation, @@ -3116,6 +3265,10 @@ psa_status_t psa_key_derivation_key_agreement( * \retval #PSA_ERROR_COMMUNICATION_FAILURE * \retval #PSA_ERROR_HARDWARE_FAILURE * \retval #PSA_ERROR_CORRUPTION_DETECTED + * \retval #PSA_ERROR_BAD_STATE + * The library has not been previously initialized by psa_crypto_init(). + * It is implementation-dependent whether a failure to initialize + * results in this error code. */ psa_status_t psa_key_derivation_output_bytes( psa_key_derivation_operation_t *operation, @@ -3264,6 +3417,10 @@ psa_status_t psa_key_derivation_output_key( * \retval #PSA_ERROR_COMMUNICATION_FAILURE * \retval #PSA_ERROR_HARDWARE_FAILURE * \retval #PSA_ERROR_CORRUPTION_DETECTED + * \retval #PSA_ERROR_BAD_STATE + * The library has not been previously initialized by psa_crypto_init(). + * It is implementation-dependent whether a failure to initialize + * results in this error code. */ psa_status_t psa_key_derivation_abort( psa_key_derivation_operation_t *operation); @@ -3310,6 +3467,10 @@ psa_status_t psa_key_derivation_abort( * \retval #PSA_ERROR_COMMUNICATION_FAILURE * \retval #PSA_ERROR_HARDWARE_FAILURE * \retval #PSA_ERROR_CORRUPTION_DETECTED + * \retval #PSA_ERROR_BAD_STATE + * The library has not been previously initialized by psa_crypto_init(). + * It is implementation-dependent whether a failure to initialize + * results in this error code. */ psa_status_t psa_raw_key_agreement(psa_algorithm_t alg, psa_key_handle_t private_key, From d5ae06b1e34d00033f496abf427a117dd6ba5705 Mon Sep 17 00:00:00 2001 From: "Adrian L. Shaw" Date: Wed, 7 Aug 2019 15:59:33 +0100 Subject: [PATCH 12/59] Add PSA_ERROR_BUFFER_TOO_SMALL to psa_mac_compute --- include/psa/crypto.h | 2 ++ 1 file changed, 2 insertions(+) diff --git a/include/psa/crypto.h b/include/psa/crypto.h index e6fa93af6b..2ee7cf60c0 100644 --- a/include/psa/crypto.h +++ b/include/psa/crypto.h @@ -1178,6 +1178,8 @@ psa_status_t psa_hash_clone(const psa_hash_operation_t *source_operation, * \p handle is not compatible with \p alg. * \retval #PSA_ERROR_NOT_SUPPORTED * \p alg is not supported or is not a MAC algorithm. + * \retval #PSA_ERROR_BUFFER_TOO_SMALL + * \p mac_size is too small * \retval #PSA_ERROR_INSUFFICIENT_MEMORY * \retval #PSA_ERROR_COMMUNICATION_FAILURE * \retval #PSA_ERROR_HARDWARE_FAILURE From 7563ed17ab9026248f5eb2e7c4944884e6f87a6c Mon Sep 17 00:00:00 2001 From: "Adrian L. Shaw" Date: Wed, 7 Aug 2019 16:02:45 +0100 Subject: [PATCH 13/59] Remove PSA_ERROR_DOES_NOT_EXIST from psa_mac_sign_setup --- include/psa/crypto.h | 1 - 1 file changed, 1 deletion(-) diff --git a/include/psa/crypto.h b/include/psa/crypto.h index 2ee7cf60c0..1fb1515cf4 100644 --- a/include/psa/crypto.h +++ b/include/psa/crypto.h @@ -1323,7 +1323,6 @@ static psa_mac_operation_t psa_mac_operation_init(void); * \retval #PSA_SUCCESS * Success. * \retval #PSA_ERROR_INVALID_HANDLE - * \retval #PSA_ERROR_DOES_NOT_EXIST * \retval #PSA_ERROR_NOT_PERMITTED * \retval #PSA_ERROR_INVALID_ARGUMENT * \p handle is not compatible with \p alg. From 2409ba04292fae6d437f8621f07c68481b7e7732 Mon Sep 17 00:00:00 2001 From: "Adrian L. Shaw" Date: Wed, 7 Aug 2019 16:05:06 +0100 Subject: [PATCH 14/59] Added PSA_ERROR_STORAGE_FAILURE to psa_mac_sign_setup --- include/psa/crypto.h | 2 ++ 1 file changed, 2 insertions(+) diff --git a/include/psa/crypto.h b/include/psa/crypto.h index 1fb1515cf4..a48e7e75cd 100644 --- a/include/psa/crypto.h +++ b/include/psa/crypto.h @@ -1332,6 +1332,8 @@ static psa_mac_operation_t psa_mac_operation_init(void); * \retval #PSA_ERROR_COMMUNICATION_FAILURE * \retval #PSA_ERROR_HARDWARE_FAILURE * \retval #PSA_ERROR_CORRUPTION_DETECTED + * \retval #PSA_ERROR_STORAGE_FAILURE + * The key could not be retrieved from storage. * \retval #PSA_ERROR_BAD_STATE * The operation state is not valid (already set up and not * subsequently completed). From 9770d0e0f89986bdada221706e62c331677d1a08 Mon Sep 17 00:00:00 2001 From: "Adrian L. Shaw" Date: Wed, 7 Aug 2019 16:18:18 +0100 Subject: [PATCH 15/59] Add PSA_ERROR_STORAGE_FAILURE to psa_mac_verify_setup --- include/psa/crypto.h | 2 ++ 1 file changed, 2 insertions(+) diff --git a/include/psa/crypto.h b/include/psa/crypto.h index a48e7e75cd..58412196c4 100644 --- a/include/psa/crypto.h +++ b/include/psa/crypto.h @@ -1394,6 +1394,8 @@ psa_status_t psa_mac_sign_setup(psa_mac_operation_t *operation, * \retval #PSA_ERROR_COMMUNICATION_FAILURE * \retval #PSA_ERROR_HARDWARE_FAILURE * \retval #PSA_ERROR_CORRUPTION_DETECTED + * \retval #PSA_ERROR_STORAGE_FAILURE + * The key could not be retrieved from storage * \retval #PSA_ERROR_BAD_STATE * The operation state is not valid (already set up and not * subsequently completed). From 53d90c51994cdaf30470d0ac4d45e5fdba46cde3 Mon Sep 17 00:00:00 2001 From: "Adrian L. Shaw" Date: Wed, 7 Aug 2019 16:47:23 +0100 Subject: [PATCH 16/59] Only return PSA_ERROR_DOES_NOT_EXIST from psa_open_key --- include/psa/crypto.h | 7 ------- 1 file changed, 7 deletions(-) diff --git a/include/psa/crypto.h b/include/psa/crypto.h index 58412196c4..b865177d15 100644 --- a/include/psa/crypto.h +++ b/include/psa/crypto.h @@ -1384,7 +1384,6 @@ psa_status_t psa_mac_sign_setup(psa_mac_operation_t *operation, * \retval #PSA_SUCCESS * Success. * \retval #PSA_ERROR_INVALID_HANDLE - * \retval #PSA_ERROR_DOES_NOT_EXIST * \retval #PSA_ERROR_NOT_PERMITTED * \retval #PSA_ERROR_INVALID_ARGUMENT * \c key is not compatible with \c alg. @@ -1740,7 +1739,6 @@ static psa_cipher_operation_t psa_cipher_operation_init(void); * \retval #PSA_SUCCESS * Success. * \retval #PSA_ERROR_INVALID_HANDLE - * \retval #PSA_ERROR_DOES_NOT_EXIST * \retval #PSA_ERROR_NOT_PERMITTED * \retval #PSA_ERROR_INVALID_ARGUMENT * \p handle is not compatible with \p alg. @@ -1802,7 +1800,6 @@ psa_status_t psa_cipher_encrypt_setup(psa_cipher_operation_t *operation, * \retval #PSA_SUCCESS * Success. * \retval #PSA_ERROR_INVALID_HANDLE - * \retval #PSA_ERROR_DOES_NOT_EXIST * \retval #PSA_ERROR_NOT_PERMITTED * \retval #PSA_ERROR_INVALID_ARGUMENT * \p handle is not compatible with \p alg. @@ -2053,7 +2050,6 @@ psa_status_t psa_cipher_abort(psa_cipher_operation_t *operation); * \retval #PSA_SUCCESS * Success. * \retval #PSA_ERROR_INVALID_HANDLE - * \retval #PSA_ERROR_DOES_NOT_EXIST * \retval #PSA_ERROR_NOT_PERMITTED * \retval #PSA_ERROR_INVALID_ARGUMENT * \p handle is not compatible with \p alg. @@ -2109,7 +2105,6 @@ psa_status_t psa_aead_encrypt(psa_key_handle_t handle, * \retval #PSA_SUCCESS * Success. * \retval #PSA_ERROR_INVALID_HANDLE - * \retval #PSA_ERROR_DOES_NOT_EXIST * \retval #PSA_ERROR_INVALID_SIGNATURE * The ciphertext is not authentic. * \retval #PSA_ERROR_NOT_PERMITTED @@ -3158,7 +3153,6 @@ psa_status_t psa_key_derivation_input_bytes( * \retval #PSA_SUCCESS * Success. * \retval #PSA_ERROR_INVALID_HANDLE - * \retval #PSA_ERROR_DOES_NOT_EXIST * \retval #PSA_ERROR_NOT_PERMITTED * \retval #PSA_ERROR_INVALID_ARGUMENT * \c step is not compatible with the operation's algorithm. @@ -3220,7 +3214,6 @@ psa_status_t psa_key_derivation_input_key( * \retval #PSA_SUCCESS * Success. * \retval #PSA_ERROR_INVALID_HANDLE - * \retval #PSA_ERROR_DOES_NOT_EXIST * \retval #PSA_ERROR_NOT_PERMITTED * \retval #PSA_ERROR_INVALID_ARGUMENT * \c private_key is not compatible with \c alg, From f961d5c9e60ca30638546548ac94bfa9479bbb0a Mon Sep 17 00:00:00 2001 From: "Adrian L. Shaw" Date: Thu, 8 Aug 2019 10:27:50 +0100 Subject: [PATCH 17/59] Add missing return codes to psa_asymmetric_encrypt --- include/psa/crypto.h | 3 +++ 1 file changed, 3 insertions(+) diff --git a/include/psa/crypto.h b/include/psa/crypto.h index b865177d15..273ddcb092 100644 --- a/include/psa/crypto.h +++ b/include/psa/crypto.h @@ -2839,6 +2839,8 @@ psa_status_t psa_asymmetric_verify(psa_key_handle_t handle, * that make up the returned output. * * \retval #PSA_SUCCESS + * \retval #PSA_ERROR_INVALID_HANDLE + * \retval #PSA_ERROR_NOT_PERMITTED * \retval #PSA_ERROR_BUFFER_TOO_SMALL * The size of the \p output buffer is too small. You can * determine a sufficient buffer size by calling @@ -2851,6 +2853,7 @@ psa_status_t psa_asymmetric_verify(psa_key_handle_t handle, * \retval #PSA_ERROR_COMMUNICATION_FAILURE * \retval #PSA_ERROR_HARDWARE_FAILURE * \retval #PSA_ERROR_CORRUPTION_DETECTED + * \retval #PSA_ERROR_STORAGE_FAILURE * \retval #PSA_ERROR_INSUFFICIENT_ENTROPY * \retval #PSA_ERROR_BAD_STATE * The library has not been previously initialized by psa_crypto_init(). From 96f31ada184799a28358edafc498007f4d22b126 Mon Sep 17 00:00:00 2001 From: "Adrian L. Shaw" Date: Thu, 8 Aug 2019 10:30:58 +0100 Subject: [PATCH 18/59] Add missing return codes to psa_asymmetric_decrypt --- include/psa/crypto.h | 3 +++ 1 file changed, 3 insertions(+) diff --git a/include/psa/crypto.h b/include/psa/crypto.h index 273ddcb092..9c6ad82e70 100644 --- a/include/psa/crypto.h +++ b/include/psa/crypto.h @@ -2898,6 +2898,8 @@ psa_status_t psa_asymmetric_encrypt(psa_key_handle_t handle, * that make up the returned output. * * \retval #PSA_SUCCESS + * \retval #PSA_ERROR_INVALID_HANDLE + * \retval #PSA_ERROR_NOT_PERMITTED * \retval #PSA_ERROR_BUFFER_TOO_SMALL * The size of the \p output buffer is too small. You can * determine a sufficient buffer size by calling @@ -2910,6 +2912,7 @@ psa_status_t psa_asymmetric_encrypt(psa_key_handle_t handle, * \retval #PSA_ERROR_COMMUNICATION_FAILURE * \retval #PSA_ERROR_HARDWARE_FAILURE * \retval #PSA_ERROR_CORRUPTION_DETECTED + * \retval #PSA_ERROR_STORAGE_FAILURE * \retval #PSA_ERROR_INSUFFICIENT_ENTROPY * \retval #PSA_ERROR_INVALID_PADDING * \retval #PSA_ERROR_BAD_STATE From c207ba376e7f61e505844791e4d4706527381eae Mon Sep 17 00:00:00 2001 From: "Adrian L. Shaw" Date: Thu, 8 Aug 2019 10:55:38 +0100 Subject: [PATCH 19/59] Added missing return codes to psa_aead_decrypt --- include/psa/crypto.h | 3 +++ 1 file changed, 3 insertions(+) diff --git a/include/psa/crypto.h b/include/psa/crypto.h index 9c6ad82e70..fbe2947535 100644 --- a/include/psa/crypto.h +++ b/include/psa/crypto.h @@ -2113,9 +2113,12 @@ psa_status_t psa_aead_encrypt(psa_key_handle_t handle, * \retval #PSA_ERROR_NOT_SUPPORTED * \p alg is not supported or is not an AEAD algorithm. * \retval #PSA_ERROR_INSUFFICIENT_MEMORY + * \retval #PSA_ERROR_BUFFER_TOO_SMALL + * \p plaintext_size or \p nonce_length is too small * \retval #PSA_ERROR_COMMUNICATION_FAILURE * \retval #PSA_ERROR_HARDWARE_FAILURE * \retval #PSA_ERROR_CORRUPTION_DETECTED + * \retval #PSA_ERROR_STORAGE_FAILURE * \retval #PSA_ERROR_BAD_STATE * The library has not been previously initialized by psa_crypto_init(). * It is implementation-dependent whether a failure to initialize From d21c6e6566abd4da05953c6d36b4b5cfe8b18fb7 Mon Sep 17 00:00:00 2001 From: "Adrian L. Shaw" Date: Thu, 8 Aug 2019 10:58:08 +0100 Subject: [PATCH 20/59] Add missing return codes to psa_generate_key --- include/psa/crypto.h | 2 ++ 1 file changed, 2 insertions(+) diff --git a/include/psa/crypto.h b/include/psa/crypto.h index fbe2947535..d25c1dc6aa 100644 --- a/include/psa/crypto.h +++ b/include/psa/crypto.h @@ -3550,6 +3550,8 @@ psa_status_t psa_generate_random(uint8_t *output, * \retval #PSA_ERROR_COMMUNICATION_FAILURE * \retval #PSA_ERROR_HARDWARE_FAILURE * \retval #PSA_ERROR_CORRUPTION_DETECTED + * \retval #PSA_ERROR_INSUFFICIENT_STORAGE + * \retval #PSA_ERROR_STORAGE_FAILURE * \retval #PSA_ERROR_BAD_STATE * The library has not been previously initialized by psa_crypto_init(). * It is implementation-dependent whether a failure to initialize From 27c121574b6bf6a0ee1bb3960dcc5064538207b6 Mon Sep 17 00:00:00 2001 From: "Adrian L. Shaw" Date: Thu, 8 Aug 2019 11:10:32 +0100 Subject: [PATCH 21/59] Add missing parameters to psa_asymmetric_sign --- include/psa/crypto.h | 3 +++ 1 file changed, 3 insertions(+) diff --git a/include/psa/crypto.h b/include/psa/crypto.h index d25c1dc6aa..e5af9c605f 100644 --- a/include/psa/crypto.h +++ b/include/psa/crypto.h @@ -2745,6 +2745,8 @@ psa_status_t psa_aead_abort(psa_aead_operation_t *operation); * that make up the returned signature value. * * \retval #PSA_SUCCESS + * \retval #PSA_ERROR_INVALID_HANDLE + * \retval #PSA_ERROR_NOT_PERMITTED * \retval #PSA_ERROR_BUFFER_TOO_SMALL * The size of the \p signature buffer is too small. You can * determine a sufficient buffer size by calling @@ -2757,6 +2759,7 @@ psa_status_t psa_aead_abort(psa_aead_operation_t *operation); * \retval #PSA_ERROR_COMMUNICATION_FAILURE * \retval #PSA_ERROR_HARDWARE_FAILURE * \retval #PSA_ERROR_CORRUPTION_DETECTED + * \retval #PSA_ERROR_STORAGE_FAILURE * \retval #PSA_ERROR_INSUFFICIENT_ENTROPY * \retval #PSA_ERROR_BAD_STATE * The library has not been previously initialized by psa_crypto_init(). From 6e758c9bb8ccd047e05f4c5fcef65cd4f207e03d Mon Sep 17 00:00:00 2001 From: "Adrian L. Shaw" Date: Thu, 8 Aug 2019 11:11:43 +0100 Subject: [PATCH 22/59] Add missing return codes to psa_asymmetric_verify --- include/psa/crypto.h | 3 +++ 1 file changed, 3 insertions(+) diff --git a/include/psa/crypto.h b/include/psa/crypto.h index e5af9c605f..65d992d8da 100644 --- a/include/psa/crypto.h +++ b/include/psa/crypto.h @@ -2795,6 +2795,8 @@ psa_status_t psa_asymmetric_sign(psa_key_handle_t handle, * * \retval #PSA_SUCCESS * The signature is valid. + * \retval #PSA_ERROR_INVALID_HANDLE + * \retval #PSA_ERROR_NOT_PERMITTED * \retval #PSA_ERROR_INVALID_SIGNATURE * The calculation was perfomed successfully, but the passed * signature is not a valid signature. @@ -2804,6 +2806,7 @@ psa_status_t psa_asymmetric_sign(psa_key_handle_t handle, * \retval #PSA_ERROR_COMMUNICATION_FAILURE * \retval #PSA_ERROR_HARDWARE_FAILURE * \retval #PSA_ERROR_CORRUPTION_DETECTED + * \retval #PSA_ERROR_STORAGE_FAILURE * \retval #PSA_ERROR_BAD_STATE * The library has not been previously initialized by psa_crypto_init(). * It is implementation-dependent whether a failure to initialize From e970d6527313f0585421dcba5d14b4faaad14556 Mon Sep 17 00:00:00 2001 From: "Adrian L. Shaw" Date: Thu, 8 Aug 2019 14:40:04 +0100 Subject: [PATCH 23/59] Added extra bad state case to psa_hash_setup --- include/psa/crypto.h | 2 ++ 1 file changed, 2 insertions(+) diff --git a/include/psa/crypto.h b/include/psa/crypto.h index 65d992d8da..3d517d2920 100644 --- a/include/psa/crypto.h +++ b/include/psa/crypto.h @@ -961,6 +961,8 @@ static psa_hash_operation_t psa_hash_operation_init(void); * \retval #PSA_ERROR_HARDWARE_FAILURE * \retval #PSA_ERROR_CORRUPTION_DETECTED * \retval #PSA_ERROR_BAD_STATE + * \p operation is either not initialized or is in use + * \retval #PSA_ERROR_BAD_STATE * The library has not been previously initialized by psa_crypto_init(). * It is implementation-dependent whether a failure to initialize * results in this error code. From 320659b54cb5f01256f548a89ed0fa56826a0063 Mon Sep 17 00:00:00 2001 From: "Adrian L. Shaw" Date: Thu, 8 Aug 2019 14:49:01 +0100 Subject: [PATCH 24/59] Added PSA_ERROR_BAD_STATE to functions with operations In the case that the operation object has not been initialized appropriately. --- include/psa/crypto.h | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/include/psa/crypto.h b/include/psa/crypto.h index 3d517d2920..140d8922ba 100644 --- a/include/psa/crypto.h +++ b/include/psa/crypto.h @@ -989,6 +989,8 @@ psa_status_t psa_hash_setup(psa_hash_operation_t *operation, * \retval #PSA_ERROR_HARDWARE_FAILURE * \retval #PSA_ERROR_CORRUPTION_DETECTED * \retval #PSA_ERROR_BAD_STATE + * The operation state is not valid. + * \retval #PSA_ERROR_BAD_STATE * The library has not been previously initialized by psa_crypto_init(). * It is implementation-dependent whether a failure to initialize * results in this error code. @@ -1034,6 +1036,8 @@ psa_status_t psa_hash_update(psa_hash_operation_t *operation, * \retval #PSA_ERROR_HARDWARE_FAILURE * \retval #PSA_ERROR_CORRUPTION_DETECTED * \retval #PSA_ERROR_BAD_STATE + * The operation state is not valid. + * \retval #PSA_ERROR_BAD_STATE * The library has not been previously initialized by psa_crypto_init(). * It is implementation-dependent whether a failure to initialize * results in this error code. @@ -1074,6 +1078,8 @@ psa_status_t psa_hash_finish(psa_hash_operation_t *operation, * \retval #PSA_ERROR_HARDWARE_FAILURE * \retval #PSA_ERROR_CORRUPTION_DETECTED * \retval #PSA_ERROR_BAD_STATE + * The operation state is not valid. + * \retval #PSA_ERROR_BAD_STATE * The library has not been previously initialized by psa_crypto_init(). * It is implementation-dependent whether a failure to initialize * results in this error code. @@ -1109,6 +1115,8 @@ psa_status_t psa_hash_verify(psa_hash_operation_t *operation, * \retval #PSA_ERROR_HARDWARE_FAILURE * \retval #PSA_ERROR_CORRUPTION_DETECTED * \retval #PSA_ERROR_BAD_STATE + * The operation state is not valid. + * \retval #PSA_ERROR_BAD_STATE * The library has not been previously initialized by psa_crypto_init(). * It is implementation-dependent whether a failure to initialize * results in this error code. @@ -1139,6 +1147,8 @@ psa_status_t psa_hash_abort(psa_hash_operation_t *operation); * \retval #PSA_ERROR_HARDWARE_FAILURE * \retval #PSA_ERROR_CORRUPTION_DETECTED * \retval #PSA_ERROR_BAD_STATE + * The operation state is either not initialized or has already been setup. + * \retval #PSA_ERROR_BAD_STATE * The library has not been previously initialized by psa_crypto_init(). * It is implementation-dependent whether a failure to initialize * results in this error code. @@ -3038,7 +3048,7 @@ static psa_key_derivation_operation_t psa_key_derivation_operation_init(void); * \retval #PSA_ERROR_HARDWARE_FAILURE * \retval #PSA_ERROR_CORRUPTION_DETECTED * \retval #PSA_ERROR_BAD_STATE - * The operation state is either not initialized or has been setup. + * The operation state is either not initialized or has already been setup. * \retval #PSA_ERROR_BAD_STATE * The library has not been previously initialized by psa_crypto_init(). * It is implementation-dependent whether a failure to initialize From a3f6ba5843dc8cff69cc97cd82b1bb3c8d6fd60b Mon Sep 17 00:00:00 2001 From: "Adrian L. Shaw" Date: Thu, 8 Aug 2019 14:51:49 +0100 Subject: [PATCH 25/59] Added PSA_ERROR_STORAGE_FAILURE to psa_cipher_(encrypt/decrypt) --- include/psa/crypto.h | 2 ++ 1 file changed, 2 insertions(+) diff --git a/include/psa/crypto.h b/include/psa/crypto.h index 140d8922ba..7014be823b 100644 --- a/include/psa/crypto.h +++ b/include/psa/crypto.h @@ -1607,6 +1607,7 @@ psa_status_t psa_mac_abort(psa_mac_operation_t *operation); * \retval #PSA_ERROR_COMMUNICATION_FAILURE * \retval #PSA_ERROR_HARDWARE_FAILURE * \retval #PSA_ERROR_CORRUPTION_DETECTED + * \retval #PSA_ERROR_STORAGE_FAILURE * \retval #PSA_ERROR_BAD_STATE * The library has not been previously initialized by psa_crypto_init(). * It is implementation-dependent whether a failure to initialize @@ -1651,6 +1652,7 @@ psa_status_t psa_cipher_encrypt(psa_key_handle_t handle, * \retval #PSA_ERROR_INSUFFICIENT_MEMORY * \retval #PSA_ERROR_COMMUNICATION_FAILURE * \retval #PSA_ERROR_HARDWARE_FAILURE + * \retval #PSA_ERROR_STORAGE_FAILURE * \retval #PSA_ERROR_BAD_STATE * The library has not been previously initialized by psa_crypto_init(). * It is implementation-dependent whether a failure to initialize From 0d280b9873a68eed143c2ff978d18ff37e4f4941 Mon Sep 17 00:00:00 2001 From: "Adrian L. Shaw" Date: Thu, 8 Aug 2019 15:07:07 +0100 Subject: [PATCH 26/59] Add missing error codes for psa_raw_key_agreement --- include/psa/crypto.h | 3 +++ 1 file changed, 3 insertions(+) diff --git a/include/psa/crypto.h b/include/psa/crypto.h index 7014be823b..b999fd115f 100644 --- a/include/psa/crypto.h +++ b/include/psa/crypto.h @@ -3488,12 +3488,15 @@ psa_status_t psa_key_derivation_abort( * \p private_key is not compatible with \p alg, * or \p peer_key is not valid for \p alg or not compatible with * \p private_key. + * \retval #PSA_ERROR_BUFFER_TOO_SMALL + * \p output_size is too small * \retval #PSA_ERROR_NOT_SUPPORTED * \p alg is not a supported key agreement algorithm. * \retval #PSA_ERROR_INSUFFICIENT_MEMORY * \retval #PSA_ERROR_COMMUNICATION_FAILURE * \retval #PSA_ERROR_HARDWARE_FAILURE * \retval #PSA_ERROR_CORRUPTION_DETECTED + * \retval #PSA_ERROR_STORAGE_FAILURE * \retval #PSA_ERROR_BAD_STATE * The library has not been previously initialized by psa_crypto_init(). * It is implementation-dependent whether a failure to initialize From 71b33ffcf8b01ea42a96c0584fbd0dd37bb0508d Mon Sep 17 00:00:00 2001 From: "Adrian L. Shaw" Date: Thu, 8 Aug 2019 15:07:57 +0100 Subject: [PATCH 27/59] Add missing error codes to psa_generate_random --- include/psa/crypto.h | 1 + 1 file changed, 1 insertion(+) diff --git a/include/psa/crypto.h b/include/psa/crypto.h index b999fd115f..89dbd3facf 100644 --- a/include/psa/crypto.h +++ b/include/psa/crypto.h @@ -3531,6 +3531,7 @@ psa_status_t psa_raw_key_agreement(psa_algorithm_t alg, * \retval #PSA_SUCCESS * \retval #PSA_ERROR_NOT_SUPPORTED * \retval #PSA_ERROR_INSUFFICIENT_ENTROPY + * \retval #PSA_ERROR_INSUFFICIENT_MEMORY * \retval #PSA_ERROR_COMMUNICATION_FAILURE * \retval #PSA_ERROR_HARDWARE_FAILURE * \retval #PSA_ERROR_CORRUPTION_DETECTED From 3e412494174eed9e310eaec42c3d18f78a3a294f Mon Sep 17 00:00:00 2001 From: "Adrian L. Shaw" Date: Thu, 8 Aug 2019 15:10:33 +0100 Subject: [PATCH 28/59] Add PSA_ERROR_STORAGE_FAILURE to psa_aead_*_setup functions --- include/psa/crypto.h | 2 ++ 1 file changed, 2 insertions(+) diff --git a/include/psa/crypto.h b/include/psa/crypto.h index 89dbd3facf..c080f30ace 100644 --- a/include/psa/crypto.h +++ b/include/psa/crypto.h @@ -2251,6 +2251,7 @@ static psa_aead_operation_t psa_aead_operation_init(void); * \retval #PSA_ERROR_COMMUNICATION_FAILURE * \retval #PSA_ERROR_HARDWARE_FAILURE * \retval #PSA_ERROR_CORRUPTION_DETECTED + * \retval #PSA_ERROR_STORAGE_FAILURE * \retval #PSA_ERROR_BAD_STATE * The library has not been previously initialized by psa_crypto_init(). * It is implementation-dependent whether a failure to initialize @@ -2312,6 +2313,7 @@ psa_status_t psa_aead_encrypt_setup(psa_aead_operation_t *operation, * \retval #PSA_ERROR_COMMUNICATION_FAILURE * \retval #PSA_ERROR_HARDWARE_FAILURE * \retval #PSA_ERROR_CORRUPTION_DETECTED + * \retval #PSA_ERROR_STORAGE_FAILURE * \retval #PSA_ERROR_BAD_STATE * The library has not been previously initialized by psa_crypto_init(). * It is implementation-dependent whether a failure to initialize From d789dc13da7d1457ccd87bae1d890788d56e5705 Mon Sep 17 00:00:00 2001 From: "Adrian L. Shaw" Date: Mon, 12 Aug 2019 15:06:48 +0100 Subject: [PATCH 29/59] Added a few more return codes --- include/psa/crypto.h | 3 +++ 1 file changed, 3 insertions(+) diff --git a/include/psa/crypto.h b/include/psa/crypto.h index c080f30ace..a3a821d452 100644 --- a/include/psa/crypto.h +++ b/include/psa/crypto.h @@ -398,6 +398,7 @@ void psa_reset_key_attributes(psa_key_attributes_t *attributes); * define any way to create such a key, but it may be possible * through implementation-specific means. * \retval #PSA_ERROR_COMMUNICATION_FAILURE + * \retval #PSA_ERROR_CORRUPTION_DETECTED * \retval #PSA_ERROR_STORAGE_FAILURE * \retval #PSA_ERROR_BAD_STATE * The library has not been previously initialized by psa_crypto_init(). @@ -1146,6 +1147,7 @@ psa_status_t psa_hash_abort(psa_hash_operation_t *operation); * \retval #PSA_ERROR_COMMUNICATION_FAILURE * \retval #PSA_ERROR_HARDWARE_FAILURE * \retval #PSA_ERROR_CORRUPTION_DETECTED + * \retval #PSA_ERROR_INSUFFICIENT_MEMORY * \retval #PSA_ERROR_BAD_STATE * The operation state is either not initialized or has already been setup. * \retval #PSA_ERROR_BAD_STATE @@ -1439,6 +1441,7 @@ psa_status_t psa_mac_verify_setup(psa_mac_operation_t *operation, * \retval #PSA_ERROR_COMMUNICATION_FAILURE * \retval #PSA_ERROR_HARDWARE_FAILURE * \retval #PSA_ERROR_CORRUPTION_DETECTED + * \retval #PSA_ERROR_STORAGE_FAILURE * \retval #PSA_ERROR_BAD_STATE * The library has not been previously initialized by psa_crypto_init(). * It is implementation-dependent whether a failure to initialize From df3c7ac6450319768f6b741bb093ed928c882321 Mon Sep 17 00:00:00 2001 From: "Adrian L. Shaw" Date: Mon, 12 Aug 2019 16:43:30 +0100 Subject: [PATCH 30/59] Remove trailing whitespace --- include/psa/crypto.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/psa/crypto.h b/include/psa/crypto.h index a3a821d452..3ffe07b015 100644 --- a/include/psa/crypto.h +++ b/include/psa/crypto.h @@ -1347,7 +1347,7 @@ static psa_mac_operation_t psa_mac_operation_init(void); * \retval #PSA_ERROR_HARDWARE_FAILURE * \retval #PSA_ERROR_CORRUPTION_DETECTED * \retval #PSA_ERROR_STORAGE_FAILURE - * The key could not be retrieved from storage. + * The key could not be retrieved from storage. * \retval #PSA_ERROR_BAD_STATE * The operation state is not valid (already set up and not * subsequently completed). From 8d0bcf27ecf7a3864be9a19b8ce16fc3cfe469ff Mon Sep 17 00:00:00 2001 From: "Adrian L. Shaw" Date: Tue, 13 Aug 2019 11:36:29 +0100 Subject: [PATCH 31/59] Add PSA_ERROR_INVALID_ARGUMENT to psa_hash_compare --- include/psa/crypto.h | 2 ++ 1 file changed, 2 insertions(+) diff --git a/include/psa/crypto.h b/include/psa/crypto.h index 3ffe07b015..0ecc41ff20 100644 --- a/include/psa/crypto.h +++ b/include/psa/crypto.h @@ -859,6 +859,8 @@ psa_status_t psa_hash_compute(psa_algorithm_t alg, * differs from the expected hash. * \retval #PSA_ERROR_NOT_SUPPORTED * \p alg is not supported or is not a hash algorithm. + * \retval #PSA_ERROR_INVALID_ARGUMENT + * \p input_length or \p hash_length do not match the hash size for \p alg * \retval #PSA_ERROR_INSUFFICIENT_MEMORY * \retval #PSA_ERROR_COMMUNICATION_FAILURE * \retval #PSA_ERROR_HARDWARE_FAILURE From 263223689fc241e738be4ba4beb978570a8cb8fd Mon Sep 17 00:00:00 2001 From: "Adrian L. Shaw" Date: Tue, 13 Aug 2019 11:43:40 +0100 Subject: [PATCH 32/59] Add storage failure to psa_mac_sign_finish --- include/psa/crypto.h | 1 + 1 file changed, 1 insertion(+) diff --git a/include/psa/crypto.h b/include/psa/crypto.h index 0ecc41ff20..fb48d34c7c 100644 --- a/include/psa/crypto.h +++ b/include/psa/crypto.h @@ -1490,6 +1490,7 @@ psa_status_t psa_mac_update(psa_mac_operation_t *operation, * \retval #PSA_ERROR_COMMUNICATION_FAILURE * \retval #PSA_ERROR_HARDWARE_FAILURE * \retval #PSA_ERROR_CORRUPTION_DETECTED + * \retval #PSA_ERROR_STORAGE_FAILURE * \retval #PSA_ERROR_BAD_STATE * The library has not been previously initialized by psa_crypto_init(). * It is implementation-dependent whether a failure to initialize From d9e902488565db35a441a932705d372a1c3e3cd1 Mon Sep 17 00:00:00 2001 From: "Adrian L. Shaw" Date: Tue, 13 Aug 2019 11:44:30 +0100 Subject: [PATCH 33/59] Add storage failure to psa_mac_verify_finish --- include/psa/crypto.h | 1 + 1 file changed, 1 insertion(+) diff --git a/include/psa/crypto.h b/include/psa/crypto.h index fb48d34c7c..dace09bf57 100644 --- a/include/psa/crypto.h +++ b/include/psa/crypto.h @@ -1531,6 +1531,7 @@ psa_status_t psa_mac_sign_finish(psa_mac_operation_t *operation, * \retval #PSA_ERROR_COMMUNICATION_FAILURE * \retval #PSA_ERROR_HARDWARE_FAILURE * \retval #PSA_ERROR_CORRUPTION_DETECTED + * \retval #PSA_ERROR_STORAGE_FAILURE * \retval #PSA_ERROR_BAD_STATE * The library has not been previously initialized by psa_crypto_init(). * It is implementation-dependent whether a failure to initialize From dc5bf5c8e771b2df0e7311aff7774c20022cbcef Mon Sep 17 00:00:00 2001 From: "Adrian L. Shaw" Date: Tue, 13 Aug 2019 11:46:09 +0100 Subject: [PATCH 34/59] Add storage failure to (encrypt/decrypt)_setup --- include/psa/crypto.h | 2 ++ 1 file changed, 2 insertions(+) diff --git a/include/psa/crypto.h b/include/psa/crypto.h index dace09bf57..ece8edadd8 100644 --- a/include/psa/crypto.h +++ b/include/psa/crypto.h @@ -1769,6 +1769,7 @@ static psa_cipher_operation_t psa_cipher_operation_init(void); * \retval #PSA_ERROR_COMMUNICATION_FAILURE * \retval #PSA_ERROR_HARDWARE_FAILURE * \retval #PSA_ERROR_CORRUPTION_DETECTED + * \retval #PSA_ERROR_STORAGE_FAILURE * \retval #PSA_ERROR_BAD_STATE * The operation state is not valid (already set up and not * subsequently completed). @@ -1830,6 +1831,7 @@ psa_status_t psa_cipher_encrypt_setup(psa_cipher_operation_t *operation, * \retval #PSA_ERROR_COMMUNICATION_FAILURE * \retval #PSA_ERROR_HARDWARE_FAILURE * \retval #PSA_ERROR_CORRUPTION_DETECTED + * \retval #PSA_ERROR_STORAGE_FAILURE * \retval #PSA_ERROR_BAD_STATE * The operation state is not valid (already set up and not * subsequently completed). From 484ba88a0f6c891df8a756bc2777455fc8ea2b10 Mon Sep 17 00:00:00 2001 From: "Adrian L. Shaw" Date: Tue, 13 Aug 2019 14:41:52 +0100 Subject: [PATCH 35/59] Add STORAGE_FAILURE everywhere + add missing codes --- include/psa/crypto.h | 21 ++++++++++++++++++++- 1 file changed, 20 insertions(+), 1 deletion(-) diff --git a/include/psa/crypto.h b/include/psa/crypto.h index ece8edadd8..18eee530af 100644 --- a/include/psa/crypto.h +++ b/include/psa/crypto.h @@ -1950,6 +1950,7 @@ psa_status_t psa_cipher_set_iv(psa_cipher_operation_t *operation, * \retval #PSA_ERROR_COMMUNICATION_FAILURE * \retval #PSA_ERROR_HARDWARE_FAILURE * \retval #PSA_ERROR_CORRUPTION_DETECTED + * \retval #PSA_ERROR_STORAGE_FAILURE * \retval #PSA_ERROR_BAD_STATE * The library has not been previously initialized by psa_crypto_init(). * It is implementation-dependent whether a failure to initialize @@ -2079,6 +2080,8 @@ psa_status_t psa_cipher_abort(psa_cipher_operation_t *operation); * \retval #PSA_ERROR_NOT_SUPPORTED * \p alg is not supported or is not an AEAD algorithm. * \retval #PSA_ERROR_INSUFFICIENT_MEMORY + * \retval #PSA_ERROR_BUFFER_TOO_SMALL + * \p ciphertext_size is too small * \retval #PSA_ERROR_COMMUNICATION_FAILURE * \retval #PSA_ERROR_HARDWARE_FAILURE * \retval #PSA_ERROR_CORRUPTION_DETECTED @@ -2227,7 +2230,7 @@ static psa_aead_operation_t psa_aead_operation_init(void); * of the non-encrypted additional authenticated data each time. * -# Call psa_aead_update() zero, one or more times, passing a fragment * of the message to encrypt each time. - * -# Call psa_aead_finish(). + * -# Call psa_aead_finish(psa_aead_encrypt). * * The application may call psa_aead_abort() at any time after the operation * has been initialized. @@ -2360,6 +2363,7 @@ psa_status_t psa_aead_decrypt_setup(psa_aead_operation_t *operation, * \retval #PSA_ERROR_COMMUNICATION_FAILURE * \retval #PSA_ERROR_HARDWARE_FAILURE * \retval #PSA_ERROR_CORRUPTION_DETECTED + * \retval #PSA_ERROR_STORAGE_FAILURE * \retval #PSA_ERROR_BAD_STATE * The library has not been previously initialized by psa_crypto_init(). * It is implementation-dependent whether a failure to initialize @@ -2398,6 +2402,7 @@ psa_status_t psa_aead_generate_nonce(psa_aead_operation_t *operation, * \retval #PSA_ERROR_COMMUNICATION_FAILURE * \retval #PSA_ERROR_HARDWARE_FAILURE * \retval #PSA_ERROR_CORRUPTION_DETECTED + * \retval #PSA_ERROR_STORAGE_FAILURE * \retval #PSA_ERROR_BAD_STATE * The library has not been previously initialized by psa_crypto_init(). * It is implementation-dependent whether a failure to initialize @@ -2440,6 +2445,7 @@ psa_status_t psa_aead_set_nonce(psa_aead_operation_t *operation, * \retval #PSA_ERROR_COMMUNICATION_FAILURE * \retval #PSA_ERROR_HARDWARE_FAILURE * \retval #PSA_ERROR_CORRUPTION_DETECTED + * \retval #PSA_ERROR_STORAGE_FAILURE * \retval #PSA_ERROR_BAD_STATE * The library has not been previously initialized by psa_crypto_init(). * It is implementation-dependent whether a failure to initialize @@ -2486,6 +2492,7 @@ psa_status_t psa_aead_set_lengths(psa_aead_operation_t *operation, * \retval #PSA_ERROR_COMMUNICATION_FAILURE * \retval #PSA_ERROR_HARDWARE_FAILURE * \retval #PSA_ERROR_CORRUPTION_DETECTED + * \retval #PSA_ERROR_STORAGE_FAILURE * \retval #PSA_ERROR_BAD_STATE * The library has not been previously initialized by psa_crypto_init(). * It is implementation-dependent whether a failure to initialize @@ -2562,6 +2569,7 @@ psa_status_t psa_aead_update_ad(psa_aead_operation_t *operation, * \retval #PSA_ERROR_COMMUNICATION_FAILURE * \retval #PSA_ERROR_HARDWARE_FAILURE * \retval #PSA_ERROR_CORRUPTION_DETECTED + * \retval #PSA_ERROR_STORAGE_FAILURE * \retval #PSA_ERROR_BAD_STATE * The library has not been previously initialized by psa_crypto_init(). * It is implementation-dependent whether a failure to initialize @@ -2635,6 +2643,7 @@ psa_status_t psa_aead_update(psa_aead_operation_t *operation, * \retval #PSA_ERROR_COMMUNICATION_FAILURE * \retval #PSA_ERROR_HARDWARE_FAILURE * \retval #PSA_ERROR_CORRUPTION_DETECTED + * \retval #PSA_ERROR_STORAGE_FAILURE * \retval #PSA_ERROR_BAD_STATE * The library has not been previously initialized by psa_crypto_init(). * It is implementation-dependent whether a failure to initialize @@ -2697,6 +2706,7 @@ psa_status_t psa_aead_finish(psa_aead_operation_t *operation, * \retval #PSA_ERROR_COMMUNICATION_FAILURE * \retval #PSA_ERROR_HARDWARE_FAILURE * \retval #PSA_ERROR_CORRUPTION_DETECTED + * \retval #PSA_ERROR_STORAGE_FAILURE * \retval #PSA_ERROR_BAD_STATE * The library has not been previously initialized by psa_crypto_init(). * It is implementation-dependent whether a failure to initialize @@ -3084,6 +3094,8 @@ psa_status_t psa_key_derivation_setup( * \retval #PSA_ERROR_COMMUNICATION_FAILURE * \retval #PSA_ERROR_BAD_STATE * The operation state is not valid. + * \retval #PSA_ERROR_HARDWARE_FAILURE + * \retval #PSA_ERROR_CORRUPTION_DETECTED * \retval #PSA_ERROR_BAD_STATE * The library has not been previously initialized by psa_crypto_init(). * It is implementation-dependent whether a failure to initialize @@ -3111,6 +3123,8 @@ psa_status_t psa_key_derivation_get_capacity( * \retval #PSA_ERROR_BAD_STATE * The operation state is not valid. * \retval #PSA_ERROR_COMMUNICATION_FAILURE + * \retval #PSA_ERROR_HARDWARE_FAILURE + * \retval #PSA_ERROR_CORRUPTION_DETECTED * \retval #PSA_ERROR_BAD_STATE * The library has not been previously initialized by psa_crypto_init(). * It is implementation-dependent whether a failure to initialize @@ -3157,6 +3171,7 @@ psa_status_t psa_key_derivation_set_capacity( * \retval #PSA_ERROR_COMMUNICATION_FAILURE * \retval #PSA_ERROR_HARDWARE_FAILURE * \retval #PSA_ERROR_CORRUPTION_DETECTED + * \retval #PSA_ERROR_STORAGE_FAILURE * \retval #PSA_ERROR_BAD_STATE * The value of \p step is not valid given the state of \p operation. * \retval #PSA_ERROR_BAD_STATE @@ -3202,6 +3217,7 @@ psa_status_t psa_key_derivation_input_bytes( * \retval #PSA_ERROR_COMMUNICATION_FAILURE * \retval #PSA_ERROR_HARDWARE_FAILURE * \retval #PSA_ERROR_CORRUPTION_DETECTED + * \retval #PSA_ERROR_STORAGE_FAILURE * \retval #PSA_ERROR_BAD_STATE * The value of \p step is not valid given the state of \p operation. * \retval #PSA_ERROR_BAD_STATE @@ -3265,6 +3281,7 @@ psa_status_t psa_key_derivation_input_key( * \retval #PSA_ERROR_COMMUNICATION_FAILURE * \retval #PSA_ERROR_HARDWARE_FAILURE * \retval #PSA_ERROR_CORRUPTION_DETECTED + * \retval #PSA_ERROR_STORAGE_FAILURE * \retval #PSA_ERROR_BAD_STATE * The library has not been previously initialized by psa_crypto_init(). * It is implementation-dependent whether a failure to initialize @@ -3303,6 +3320,7 @@ psa_status_t psa_key_derivation_key_agreement( * \retval #PSA_ERROR_COMMUNICATION_FAILURE * \retval #PSA_ERROR_HARDWARE_FAILURE * \retval #PSA_ERROR_CORRUPTION_DETECTED + * \retval #PSA_ERROR_STORAGE_FAILURE * \retval #PSA_ERROR_BAD_STATE * The library has not been previously initialized by psa_crypto_init(). * It is implementation-dependent whether a failure to initialize @@ -3424,6 +3442,7 @@ psa_status_t psa_key_derivation_output_bytes( * \retval #PSA_ERROR_COMMUNICATION_FAILURE * \retval #PSA_ERROR_HARDWARE_FAILURE * \retval #PSA_ERROR_CORRUPTION_DETECTED + * \retval #PSA_ERROR_STORAGE_FAILURE * \retval #PSA_ERROR_BAD_STATE * The library has not been previously initialized by psa_crypto_init(). * It is implementation-dependent whether a failure to initialize From 6725757cecdf1b8743b3af7be75a32843c8e9339 Mon Sep 17 00:00:00 2001 From: "Adrian L. Shaw" Date: Thu, 15 Aug 2019 10:53:47 +0100 Subject: [PATCH 36/59] Remove errorneous insert --- include/psa/crypto.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/psa/crypto.h b/include/psa/crypto.h index 18eee530af..3bdc3aaa91 100644 --- a/include/psa/crypto.h +++ b/include/psa/crypto.h @@ -2230,7 +2230,7 @@ static psa_aead_operation_t psa_aead_operation_init(void); * of the non-encrypted additional authenticated data each time. * -# Call psa_aead_update() zero, one or more times, passing a fragment * of the message to encrypt each time. - * -# Call psa_aead_finish(psa_aead_encrypt). + * -# Call psa_aead_finish(). * * The application may call psa_aead_abort() at any time after the operation * has been initialized. From f97c8523ee60933efd7bc22047b087cb0bff23cf Mon Sep 17 00:00:00 2001 From: "Adrian L. Shaw" Date: Thu, 15 Aug 2019 13:27:12 +0100 Subject: [PATCH 37/59] Add CORRUPTION_DETECTED to psa_close_key --- include/psa/crypto.h | 1 + 1 file changed, 1 insertion(+) diff --git a/include/psa/crypto.h b/include/psa/crypto.h index 3bdc3aaa91..5b8be02b08 100644 --- a/include/psa/crypto.h +++ b/include/psa/crypto.h @@ -430,6 +430,7 @@ psa_status_t psa_open_key(psa_key_id_t id, * \retval #PSA_SUCCESS * \retval #PSA_ERROR_INVALID_HANDLE * \retval #PSA_ERROR_COMMUNICATION_FAILURE + * \retval #PSA_ERROR_CORRUPTION_DETECTED * \retval #PSA_ERROR_BAD_STATE * The library has not been previously initialized by psa_crypto_init(). * It is implementation-dependent whether a failure to initialize From 66200c4e98700f614e1f89928f748392508ee3af Mon Sep 17 00:00:00 2001 From: "Adrian L. Shaw" Date: Thu, 15 Aug 2019 13:30:57 +0100 Subject: [PATCH 38/59] Add PSA_ERROR_STORAGE_FAILURE to psa_cipher_generate_iv --- include/psa/crypto.h | 1 + 1 file changed, 1 insertion(+) diff --git a/include/psa/crypto.h b/include/psa/crypto.h index 5b8be02b08..c5f2971e32 100644 --- a/include/psa/crypto.h +++ b/include/psa/crypto.h @@ -1872,6 +1872,7 @@ psa_status_t psa_cipher_decrypt_setup(psa_cipher_operation_t *operation, * \retval #PSA_ERROR_COMMUNICATION_FAILURE * \retval #PSA_ERROR_HARDWARE_FAILURE * \retval #PSA_ERROR_CORRUPTION_DETECTED + * \retval #PSA_ERROR_STORAGE_FAILURE * \retval #PSA_ERROR_BAD_STATE * The library has not been previously initialized by psa_crypto_init(). * It is implementation-dependent whether a failure to initialize From fbf7f121f95be250d90690813f85924aa4dfe780 Mon Sep 17 00:00:00 2001 From: "Adrian L. Shaw" Date: Thu, 15 Aug 2019 13:34:51 +0100 Subject: [PATCH 39/59] Separate return codes for unsupported and invalid algorithms --- include/psa/crypto.h | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/include/psa/crypto.h b/include/psa/crypto.h index c5f2971e32..35fe5e33bc 100644 --- a/include/psa/crypto.h +++ b/include/psa/crypto.h @@ -956,7 +956,9 @@ static psa_hash_operation_t psa_hash_operation_init(void); * \retval #PSA_SUCCESS * Success. * \retval #PSA_ERROR_NOT_SUPPORTED - * \p alg is not supported or is not a hash algorithm. + * \p alg is not a supported hash algorithm. + * \retval #PSA_ERROR_INVALID_ARGUMENT + * \p alg is not a hash algorithm. * \retval #PSA_ERROR_BAD_STATE * The operation state is not valid (already set up and not * subsequently completed). From 39797aa34c81620871c4e329e36ea2246d511f6e Mon Sep 17 00:00:00 2001 From: "Adrian L. Shaw" Date: Fri, 23 Aug 2019 16:17:43 +0100 Subject: [PATCH 40/59] Fix erroneous cut and paste --- include/psa/crypto.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/include/psa/crypto.h b/include/psa/crypto.h index 35fe5e33bc..4742120db6 100644 --- a/include/psa/crypto.h +++ b/include/psa/crypto.h @@ -1663,11 +1663,11 @@ psa_status_t psa_cipher_encrypt(psa_key_handle_t handle, * \retval #PSA_ERROR_COMMUNICATION_FAILURE * \retval #PSA_ERROR_HARDWARE_FAILURE * \retval #PSA_ERROR_STORAGE_FAILURE + * \retval #PSA_ERROR_CORRUPTION_DETECTED * \retval #PSA_ERROR_BAD_STATE * The library has not been previously initialized by psa_crypto_init(). * It is implementation-dependent whether a failure to initialize - * results in this error code. * \retval #PSA_ERROR_CORRUPTION_DETECTED - + * results in this error code. */ psa_status_t psa_cipher_decrypt(psa_key_handle_t handle, psa_algorithm_t alg, From 23c006f45e76c412333c220e1042fb33c39a0087 Mon Sep 17 00:00:00 2001 From: "Adrian L. Shaw" Date: Tue, 6 Aug 2019 16:02:12 +0100 Subject: [PATCH 41/59] Added missing return codes to get_key_attributes Note that PSA_ERROR_NOT_PERMITTED is not included because I can't think of a scenario where you have a valid key handle but aren't allowed to read the attributes --- include/psa/crypto.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/psa/crypto.h b/include/psa/crypto.h index 4742120db6..aa63396f71 100644 --- a/include/psa/crypto.h +++ b/include/psa/crypto.h @@ -1667,7 +1667,7 @@ psa_status_t psa_cipher_encrypt(psa_key_handle_t handle, * \retval #PSA_ERROR_BAD_STATE * The library has not been previously initialized by psa_crypto_init(). * It is implementation-dependent whether a failure to initialize - * results in this error code. + * results in this error code. */ psa_status_t psa_cipher_decrypt(psa_key_handle_t handle, psa_algorithm_t alg, From 15731c14221e58cbeb8c892ce048a0fe11e5699d Mon Sep 17 00:00:00 2001 From: "Adrian L. Shaw" Date: Tue, 6 Aug 2019 16:21:00 +0100 Subject: [PATCH 42/59] Added PSA_ERROR_STORAGE_FAILURE to psa_export_key It may be possible that an implementation does not fetch key material until a command like this is called and such an error may occur if an off-chip secure storage dependency may have been wiped. --- include/psa/crypto.h | 1 + 1 file changed, 1 insertion(+) diff --git a/include/psa/crypto.h b/include/psa/crypto.h index aa63396f71..05d76e1c1e 100644 --- a/include/psa/crypto.h +++ b/include/psa/crypto.h @@ -831,6 +831,7 @@ psa_status_t psa_copy_key(psa_key_handle_t source_handle, * \retval #PSA_ERROR_COMMUNICATION_FAILURE * \retval #PSA_ERROR_HARDWARE_FAILURE * \retval #PSA_ERROR_CORRUPTION_DETECTED + * \retval #PSA_ERROR_STORAGE_FAILURE * \retval #PSA_ERROR_BAD_STATE * The library has not been previously initialized by psa_crypto_init(). * It is implementation-dependent whether a failure to initialize From 7f1863c905c7b565a64d284303c79b9fecf52999 Mon Sep 17 00:00:00 2001 From: "Adrian L. Shaw" Date: Tue, 6 Aug 2019 16:34:44 +0100 Subject: [PATCH 43/59] Add PSA_ERROR_INSUFFICIENT_MEMORY to psa_export_key It may be possible that the implementation runs out of memory when exporting a key from storage or a secure element. For example, it may not be possible to directly move the data from storage to the caller, so the implementation will have to buffer the material temporarily (an issue if dynamic memory allocation scheme is used). For a large key this is more likely to return. --- include/psa/crypto.h | 1 + 1 file changed, 1 insertion(+) diff --git a/include/psa/crypto.h b/include/psa/crypto.h index 05d76e1c1e..57d3766abf 100644 --- a/include/psa/crypto.h +++ b/include/psa/crypto.h @@ -832,6 +832,7 @@ psa_status_t psa_copy_key(psa_key_handle_t source_handle, * \retval #PSA_ERROR_HARDWARE_FAILURE * \retval #PSA_ERROR_CORRUPTION_DETECTED * \retval #PSA_ERROR_STORAGE_FAILURE + * \retval #PSA_ERROR_INSUFFICIENT_MEMORY * \retval #PSA_ERROR_BAD_STATE * The library has not been previously initialized by psa_crypto_init(). * It is implementation-dependent whether a failure to initialize From 11638b99a0169288d239e0311d9656f15e33557c Mon Sep 17 00:00:00 2001 From: "Adrian L. Shaw" Date: Tue, 6 Aug 2019 17:09:33 +0100 Subject: [PATCH 44/59] Added PSA_ERROR_INSUFFICIENT_MEMORY to psa_export_public_key For the same reasons that psa_export_key can fail with this error --- include/psa/crypto.h | 1 + 1 file changed, 1 insertion(+) diff --git a/include/psa/crypto.h b/include/psa/crypto.h index 57d3766abf..d570115305 100644 --- a/include/psa/crypto.h +++ b/include/psa/crypto.h @@ -868,6 +868,7 @@ psa_status_t psa_hash_compute(psa_algorithm_t alg, * \retval #PSA_ERROR_COMMUNICATION_FAILURE * \retval #PSA_ERROR_HARDWARE_FAILURE * \retval #PSA_ERROR_CORRUPTION_DETECTED + * \retval #PSA_ERROR_INSUFFICIENT_MEMORY * \retval #PSA_ERROR_BAD_STATE * The library has not been previously initialized by psa_crypto_init(). * It is implementation-dependent whether a failure to initialize From 2a889781c55f6c289fa2103768104f629d2b4d84 Mon Sep 17 00:00:00 2001 From: "Adrian L. Shaw" Date: Tue, 6 Aug 2019 17:22:41 +0100 Subject: [PATCH 45/59] Add PSA_ERROR_STORAGE_FAILURE to psa_export_public_key The same reason that it is included in psa_export_key --- include/psa/crypto.h | 1 + 1 file changed, 1 insertion(+) diff --git a/include/psa/crypto.h b/include/psa/crypto.h index d570115305..84f1646a5b 100644 --- a/include/psa/crypto.h +++ b/include/psa/crypto.h @@ -868,6 +868,7 @@ psa_status_t psa_hash_compute(psa_algorithm_t alg, * \retval #PSA_ERROR_COMMUNICATION_FAILURE * \retval #PSA_ERROR_HARDWARE_FAILURE * \retval #PSA_ERROR_CORRUPTION_DETECTED + * \retval #PSA_ERROR_STORAGE_FAILURE * \retval #PSA_ERROR_INSUFFICIENT_MEMORY * \retval #PSA_ERROR_BAD_STATE * The library has not been previously initialized by psa_crypto_init(). From 650229ba386a9f68563023149a4b3693197c572e Mon Sep 17 00:00:00 2001 From: "Adrian L. Shaw" Date: Wed, 7 Aug 2019 10:47:47 +0100 Subject: [PATCH 46/59] Added PSA_ERROR_STORAGE_FAILURE to psa_mac_compute In case the key could not be retrieved from storage. --- include/psa/crypto.h | 2 ++ 1 file changed, 2 insertions(+) diff --git a/include/psa/crypto.h b/include/psa/crypto.h index 84f1646a5b..6259a976f5 100644 --- a/include/psa/crypto.h +++ b/include/psa/crypto.h @@ -1575,6 +1575,8 @@ psa_status_t psa_mac_verify_finish(psa_mac_operation_t *operation, * \retval #PSA_ERROR_COMMUNICATION_FAILURE * \retval #PSA_ERROR_HARDWARE_FAILURE * \retval #PSA_ERROR_CORRUPTION_DETECTED + * \retval #PSA_ERROR_STORAGE_FAILURE + * The key could not be retrieved from storage. * \retval #PSA_ERROR_BAD_STATE * The library has not been previously initialized by psa_crypto_init(). * It is implementation-dependent whether a failure to initialize From 1f42a84a13e137d05c85228e6b71e335690222b9 Mon Sep 17 00:00:00 2001 From: "Adrian L. Shaw" Date: Wed, 7 Aug 2019 15:59:33 +0100 Subject: [PATCH 47/59] Add PSA_ERROR_BUFFER_TOO_SMALL to psa_mac_compute --- include/psa/crypto.h | 2 ++ 1 file changed, 2 insertions(+) diff --git a/include/psa/crypto.h b/include/psa/crypto.h index 6259a976f5..8a1e262409 100644 --- a/include/psa/crypto.h +++ b/include/psa/crypto.h @@ -1243,6 +1243,8 @@ psa_status_t psa_mac_compute(psa_key_handle_t handle, * \p handle is not compatible with \p alg. * \retval #PSA_ERROR_NOT_SUPPORTED * \p alg is not supported or is not a MAC algorithm. + * \retval #PSA_ERROR_BUFFER_TOO_SMALL + * \p mac_size is too small * \retval #PSA_ERROR_INSUFFICIENT_MEMORY * \retval #PSA_ERROR_COMMUNICATION_FAILURE * \retval #PSA_ERROR_HARDWARE_FAILURE From 23649246199d6028d8adb53b67c41bd289eeaa18 Mon Sep 17 00:00:00 2001 From: "Adrian L. Shaw" Date: Thu, 8 Aug 2019 10:58:08 +0100 Subject: [PATCH 48/59] Add missing return codes to psa_generate_key --- include/psa/crypto.h | 2 ++ 1 file changed, 2 insertions(+) diff --git a/include/psa/crypto.h b/include/psa/crypto.h index 8a1e262409..f721b7dbd8 100644 --- a/include/psa/crypto.h +++ b/include/psa/crypto.h @@ -3577,6 +3577,8 @@ psa_status_t psa_raw_key_agreement(psa_algorithm_t alg, * \retval #PSA_ERROR_COMMUNICATION_FAILURE * \retval #PSA_ERROR_HARDWARE_FAILURE * \retval #PSA_ERROR_CORRUPTION_DETECTED + * \retval #PSA_ERROR_INSUFFICIENT_STORAGE + * \retval #PSA_ERROR_STORAGE_FAILURE * \retval #PSA_ERROR_BAD_STATE * The library has not been previously initialized by psa_crypto_init(). * It is implementation-dependent whether a failure to initialize From 97d3bc3674906ce373ad3b70fbc4bb83ce725a20 Mon Sep 17 00:00:00 2001 From: "Adrian L. Shaw" Date: Thu, 8 Aug 2019 14:40:04 +0100 Subject: [PATCH 49/59] Added extra bad state case to psa_hash_setup --- include/psa/crypto.h | 2 ++ 1 file changed, 2 insertions(+) diff --git a/include/psa/crypto.h b/include/psa/crypto.h index f721b7dbd8..71b1de231d 100644 --- a/include/psa/crypto.h +++ b/include/psa/crypto.h @@ -503,6 +503,8 @@ psa_status_t psa_close_key(psa_key_handle_t handle); * \retval #PSA_ERROR_HARDWARE_FAILURE * \retval #PSA_ERROR_CORRUPTION_DETECTED * \retval #PSA_ERROR_BAD_STATE + * \p operation is either not initialized or is in use + * \retval #PSA_ERROR_BAD_STATE * The library has not been previously initialized by psa_crypto_init(). * It is implementation-dependent whether a failure to initialize * results in this error code. From 8f7cd1ee55cd5da92218b73e79f1715f00a9f8cc Mon Sep 17 00:00:00 2001 From: "Adrian L. Shaw" Date: Thu, 8 Aug 2019 14:49:01 +0100 Subject: [PATCH 50/59] Added PSA_ERROR_BAD_STATE to functions with operations In the case that the operation object has not been initialized appropriately. --- include/psa/crypto.h | 2 ++ 1 file changed, 2 insertions(+) diff --git a/include/psa/crypto.h b/include/psa/crypto.h index 71b1de231d..2a3c171dbf 100644 --- a/include/psa/crypto.h +++ b/include/psa/crypto.h @@ -1162,6 +1162,8 @@ psa_status_t psa_hash_abort(psa_hash_operation_t *operation); * \retval #PSA_ERROR_BAD_STATE * The operation state is either not initialized or has already been setup. * \retval #PSA_ERROR_BAD_STATE + * The operation state is either not initialized or has already been setup. + * \retval #PSA_ERROR_BAD_STATE * The library has not been previously initialized by psa_crypto_init(). * It is implementation-dependent whether a failure to initialize * results in this error code. From 22bc8fff0ceb55b1695540a961bd01d7acf255eb Mon Sep 17 00:00:00 2001 From: "Adrian L. Shaw" Date: Thu, 8 Aug 2019 15:10:33 +0100 Subject: [PATCH 51/59] Add PSA_ERROR_STORAGE_FAILURE to psa_aead_*_setup functions --- include/psa/crypto.h | 2 ++ 1 file changed, 2 insertions(+) diff --git a/include/psa/crypto.h b/include/psa/crypto.h index 2a3c171dbf..09115f9c50 100644 --- a/include/psa/crypto.h +++ b/include/psa/crypto.h @@ -2046,6 +2046,7 @@ psa_status_t psa_cipher_finish(psa_cipher_operation_t *operation, * \retval #PSA_ERROR_COMMUNICATION_FAILURE * \retval #PSA_ERROR_HARDWARE_FAILURE * \retval #PSA_ERROR_CORRUPTION_DETECTED + * \retval #PSA_ERROR_STORAGE_FAILURE * \retval #PSA_ERROR_BAD_STATE * The library has not been previously initialized by psa_crypto_init(). * It is implementation-dependent whether a failure to initialize @@ -2101,6 +2102,7 @@ psa_status_t psa_cipher_abort(psa_cipher_operation_t *operation); * \retval #PSA_ERROR_COMMUNICATION_FAILURE * \retval #PSA_ERROR_HARDWARE_FAILURE * \retval #PSA_ERROR_CORRUPTION_DETECTED + * \retval #PSA_ERROR_STORAGE_FAILURE * \retval #PSA_ERROR_BAD_STATE * The library has not been previously initialized by psa_crypto_init(). * It is implementation-dependent whether a failure to initialize From 56b32b126cc71ec851b8af14c610199841914a11 Mon Sep 17 00:00:00 2001 From: "Adrian L. Shaw" Date: Tue, 13 Aug 2019 11:43:40 +0100 Subject: [PATCH 52/59] Add storage failure to psa_mac_sign_finish --- include/psa/crypto.h | 1 + 1 file changed, 1 insertion(+) diff --git a/include/psa/crypto.h b/include/psa/crypto.h index 09115f9c50..35a1967967 100644 --- a/include/psa/crypto.h +++ b/include/psa/crypto.h @@ -1926,6 +1926,7 @@ psa_status_t psa_cipher_generate_iv(psa_cipher_operation_t *operation, * \retval #PSA_ERROR_COMMUNICATION_FAILURE * \retval #PSA_ERROR_HARDWARE_FAILURE * \retval #PSA_ERROR_CORRUPTION_DETECTED + * \retval #PSA_ERROR_STORAGE_FAILURE * \retval #PSA_ERROR_BAD_STATE * The library has not been previously initialized by psa_crypto_init(). * It is implementation-dependent whether a failure to initialize From 1f1e1a52537554e96d81306c1fec8a97ac02b2a3 Mon Sep 17 00:00:00 2001 From: "Adrian L. Shaw" Date: Tue, 13 Aug 2019 11:44:30 +0100 Subject: [PATCH 53/59] Add storage failure to psa_mac_verify_finish --- include/psa/crypto.h | 1 + 1 file changed, 1 insertion(+) diff --git a/include/psa/crypto.h b/include/psa/crypto.h index 35a1967967..d714de04ed 100644 --- a/include/psa/crypto.h +++ b/include/psa/crypto.h @@ -2010,6 +2010,7 @@ psa_status_t psa_cipher_update(psa_cipher_operation_t *operation, * \retval #PSA_ERROR_COMMUNICATION_FAILURE * \retval #PSA_ERROR_HARDWARE_FAILURE * \retval #PSA_ERROR_CORRUPTION_DETECTED + * \retval #PSA_ERROR_STORAGE_FAILURE * \retval #PSA_ERROR_BAD_STATE * The library has not been previously initialized by psa_crypto_init(). * It is implementation-dependent whether a failure to initialize From 1505b2108aa547a8cc2725cbc41f0c9aad3b9513 Mon Sep 17 00:00:00 2001 From: "Adrian L. Shaw" Date: Tue, 13 Aug 2019 14:41:52 +0100 Subject: [PATCH 54/59] Add STORAGE_FAILURE everywhere + add missing codes --- include/psa/crypto.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/psa/crypto.h b/include/psa/crypto.h index d714de04ed..5b556bc4f9 100644 --- a/include/psa/crypto.h +++ b/include/psa/crypto.h @@ -2250,7 +2250,7 @@ static psa_aead_operation_t psa_aead_operation_init(void); * of the non-encrypted additional authenticated data each time. * -# Call psa_aead_update() zero, one or more times, passing a fragment * of the message to encrypt each time. - * -# Call psa_aead_finish(). + * -# Call psa_aead_finish(psa_aead_encrypt). * * The application may call psa_aead_abort() at any time after the operation * has been initialized. From 599c7126680eaa57adcf9f1a2ce04ffb0a7468ff Mon Sep 17 00:00:00 2001 From: "Adrian L. Shaw" Date: Thu, 15 Aug 2019 10:53:47 +0100 Subject: [PATCH 55/59] Remove errorneous insert --- include/psa/crypto.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/psa/crypto.h b/include/psa/crypto.h index 5b556bc4f9..d714de04ed 100644 --- a/include/psa/crypto.h +++ b/include/psa/crypto.h @@ -2250,7 +2250,7 @@ static psa_aead_operation_t psa_aead_operation_init(void); * of the non-encrypted additional authenticated data each time. * -# Call psa_aead_update() zero, one or more times, passing a fragment * of the message to encrypt each time. - * -# Call psa_aead_finish(psa_aead_encrypt). + * -# Call psa_aead_finish(). * * The application may call psa_aead_abort() at any time after the operation * has been initialized. From f483973c37fe0f1e70015351332b93d6dd8e7efd Mon Sep 17 00:00:00 2001 From: "Adrian L. Shaw" Date: Thu, 15 Aug 2019 13:30:57 +0100 Subject: [PATCH 56/59] Add PSA_ERROR_STORAGE_FAILURE to psa_cipher_generate_iv --- include/psa/crypto.h | 1 + 1 file changed, 1 insertion(+) diff --git a/include/psa/crypto.h b/include/psa/crypto.h index d714de04ed..2a418a47cf 100644 --- a/include/psa/crypto.h +++ b/include/psa/crypto.h @@ -2766,6 +2766,7 @@ psa_status_t psa_aead_verify(psa_aead_operation_t *operation, * \retval #PSA_ERROR_COMMUNICATION_FAILURE * \retval #PSA_ERROR_HARDWARE_FAILURE * \retval #PSA_ERROR_CORRUPTION_DETECTED + * \retval #PSA_ERROR_STORAGE_FAILURE * \retval #PSA_ERROR_BAD_STATE * The library has not been previously initialized by psa_crypto_init(). * It is implementation-dependent whether a failure to initialize From fa2cefa001c9afcbf274d7105185be77e9394a58 Mon Sep 17 00:00:00 2001 From: "Adrian L. Shaw" Date: Tue, 3 Sep 2019 16:51:19 +0100 Subject: [PATCH 57/59] Fix warnings --- include/psa/crypto.h | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/include/psa/crypto.h b/include/psa/crypto.h index 2a418a47cf..5fa75aea4d 100644 --- a/include/psa/crypto.h +++ b/include/psa/crypto.h @@ -827,6 +827,7 @@ psa_status_t psa_copy_key(psa_key_handle_t source_handle, * Success. * \retval #PSA_ERROR_NOT_SUPPORTED * \p alg is not supported or is not a hash algorithm. + * \retval #PSA_ERROR_INVALID_ARGUMENT * \retval #PSA_ERROR_BUFFER_TOO_SMALL * \p hash_size is too small * \retval #PSA_ERROR_INSUFFICIENT_MEMORY @@ -2465,7 +2466,6 @@ psa_status_t psa_aead_set_nonce(psa_aead_operation_t *operation, * \retval #PSA_ERROR_COMMUNICATION_FAILURE * \retval #PSA_ERROR_HARDWARE_FAILURE * \retval #PSA_ERROR_CORRUPTION_DETECTED - * \retval #PSA_ERROR_STORAGE_FAILURE * \retval #PSA_ERROR_BAD_STATE * The library has not been previously initialized by psa_crypto_init(). * It is implementation-dependent whether a failure to initialize @@ -3091,6 +3091,7 @@ static psa_key_derivation_operation_t psa_key_derivation_operation_init(void); * \retval #PSA_ERROR_COMMUNICATION_FAILURE * \retval #PSA_ERROR_HARDWARE_FAILURE * \retval #PSA_ERROR_CORRUPTION_DETECTED + * \retval #PSA_ERROR_STORAGE_FAILURE * \retval #PSA_ERROR_BAD_STATE * The operation state is either not initialized or has already been setup. * \retval #PSA_ERROR_BAD_STATE From 3b5975641e614d7954b8da248d43c82e309794b1 Mon Sep 17 00:00:00 2001 From: "Adrian L. Shaw" Date: Wed, 4 Sep 2019 19:20:32 +0100 Subject: [PATCH 58/59] Fix return code warnings - Remove STORAGE_FAILURE from hash and abort functions - Remove BUFFER_TOO_SMALL from psa_mac_verify --- include/psa/crypto.h | 8 -------- 1 file changed, 8 deletions(-) diff --git a/include/psa/crypto.h b/include/psa/crypto.h index 5fa75aea4d..9f6fcac32b 100644 --- a/include/psa/crypto.h +++ b/include/psa/crypto.h @@ -834,7 +834,6 @@ psa_status_t psa_copy_key(psa_key_handle_t source_handle, * \retval #PSA_ERROR_COMMUNICATION_FAILURE * \retval #PSA_ERROR_HARDWARE_FAILURE * \retval #PSA_ERROR_CORRUPTION_DETECTED - * \retval #PSA_ERROR_STORAGE_FAILURE * \retval #PSA_ERROR_INSUFFICIENT_MEMORY * \retval #PSA_ERROR_BAD_STATE * The library has not been previously initialized by psa_crypto_init(). @@ -871,7 +870,6 @@ psa_status_t psa_hash_compute(psa_algorithm_t alg, * \retval #PSA_ERROR_COMMUNICATION_FAILURE * \retval #PSA_ERROR_HARDWARE_FAILURE * \retval #PSA_ERROR_CORRUPTION_DETECTED - * \retval #PSA_ERROR_STORAGE_FAILURE * \retval #PSA_ERROR_INSUFFICIENT_MEMORY * \retval #PSA_ERROR_BAD_STATE * The library has not been previously initialized by psa_crypto_init(). @@ -1248,8 +1246,6 @@ psa_status_t psa_mac_compute(psa_key_handle_t handle, * \p handle is not compatible with \p alg. * \retval #PSA_ERROR_NOT_SUPPORTED * \p alg is not supported or is not a MAC algorithm. - * \retval #PSA_ERROR_BUFFER_TOO_SMALL - * \p mac_size is too small * \retval #PSA_ERROR_INSUFFICIENT_MEMORY * \retval #PSA_ERROR_COMMUNICATION_FAILURE * \retval #PSA_ERROR_HARDWARE_FAILURE @@ -1582,8 +1578,6 @@ psa_status_t psa_mac_verify_finish(psa_mac_operation_t *operation, * \retval #PSA_ERROR_COMMUNICATION_FAILURE * \retval #PSA_ERROR_HARDWARE_FAILURE * \retval #PSA_ERROR_CORRUPTION_DETECTED - * \retval #PSA_ERROR_STORAGE_FAILURE - * The key could not be retrieved from storage. * \retval #PSA_ERROR_BAD_STATE * The library has not been previously initialized by psa_crypto_init(). * It is implementation-dependent whether a failure to initialize @@ -2049,7 +2043,6 @@ psa_status_t psa_cipher_finish(psa_cipher_operation_t *operation, * \retval #PSA_ERROR_COMMUNICATION_FAILURE * \retval #PSA_ERROR_HARDWARE_FAILURE * \retval #PSA_ERROR_CORRUPTION_DETECTED - * \retval #PSA_ERROR_STORAGE_FAILURE * \retval #PSA_ERROR_BAD_STATE * The library has not been previously initialized by psa_crypto_init(). * It is implementation-dependent whether a failure to initialize @@ -2766,7 +2759,6 @@ psa_status_t psa_aead_verify(psa_aead_operation_t *operation, * \retval #PSA_ERROR_COMMUNICATION_FAILURE * \retval #PSA_ERROR_HARDWARE_FAILURE * \retval #PSA_ERROR_CORRUPTION_DETECTED - * \retval #PSA_ERROR_STORAGE_FAILURE * \retval #PSA_ERROR_BAD_STATE * The library has not been previously initialized by psa_crypto_init(). * It is implementation-dependent whether a failure to initialize From 8619f8cd07ef5f9c2766973c1df87c62d3c9dbb3 Mon Sep 17 00:00:00 2001 From: "Adrian L. Shaw" Date: Thu, 5 Sep 2019 10:37:22 +0100 Subject: [PATCH 59/59] Remove storage errors from psa_generate_random --- include/psa/crypto.h | 2 -- 1 file changed, 2 deletions(-) diff --git a/include/psa/crypto.h b/include/psa/crypto.h index 9f6fcac32b..d5e713e061 100644 --- a/include/psa/crypto.h +++ b/include/psa/crypto.h @@ -3579,8 +3579,6 @@ psa_status_t psa_raw_key_agreement(psa_algorithm_t alg, * \retval #PSA_ERROR_COMMUNICATION_FAILURE * \retval #PSA_ERROR_HARDWARE_FAILURE * \retval #PSA_ERROR_CORRUPTION_DETECTED - * \retval #PSA_ERROR_INSUFFICIENT_STORAGE - * \retval #PSA_ERROR_STORAGE_FAILURE * \retval #PSA_ERROR_BAD_STATE * The library has not been previously initialized by psa_crypto_init(). * It is implementation-dependent whether a failure to initialize