diff --git a/include/psa/crypto.h b/include/psa/crypto.h index b0bbb16cf..92d394d5a 100644 --- a/include/psa/crypto.h +++ b/include/psa/crypto.h @@ -1104,6 +1104,7 @@ typedef uint32_t psa_algorithm_t; * \retval #PSA_ERROR_COMMUNICATION_FAILURE * \retval #PSA_ERROR_HARDWARE_FAILURE * \retval #PSA_ERROR_TAMPERING_DETECTED + * \retval #PSA_ERROR_BAD_STATE */ psa_status_t psa_import_key(psa_key_slot_t key, psa_key_type_t type, @@ -1142,6 +1143,7 @@ psa_status_t psa_import_key(psa_key_slot_t key, * An unexpected condition which is not a storage corruption or * a communication failure occurred. The cryptoprocessor may have * been compromised. + * \retval #PSA_ERROR_BAD_STATE */ psa_status_t psa_destroy_key(psa_key_slot_t key); @@ -1162,6 +1164,7 @@ psa_status_t psa_destroy_key(psa_key_slot_t key); * \retval #PSA_ERROR_COMMUNICATION_FAILURE * \retval #PSA_ERROR_HARDWARE_FAILURE * \retval #PSA_ERROR_TAMPERING_DETECTED + * \retval #PSA_ERROR_BAD_STATE */ psa_status_t psa_get_key_information(psa_key_slot_t key, psa_key_type_t *type, @@ -1256,6 +1259,7 @@ psa_status_t psa_get_key_information(psa_key_slot_t key, * \retval #PSA_ERROR_COMMUNICATION_FAILURE * \retval #PSA_ERROR_HARDWARE_FAILURE * \retval #PSA_ERROR_TAMPERING_DETECTED + * \retval #PSA_ERROR_BAD_STATE */ psa_status_t psa_export_key(psa_key_slot_t key, uint8_t *data, @@ -1354,6 +1358,7 @@ psa_status_t psa_export_key(psa_key_slot_t key, * \retval #PSA_ERROR_COMMUNICATION_FAILURE * \retval #PSA_ERROR_HARDWARE_FAILURE * \retval #PSA_ERROR_TAMPERING_DETECTED + * \retval #PSA_ERROR_BAD_STATE */ psa_status_t psa_export_public_key(psa_key_slot_t key, uint8_t *data, @@ -1491,6 +1496,7 @@ psa_algorithm_t psa_key_policy_get_algorithm(const psa_key_policy_t *policy); * \retval #PSA_ERROR_COMMUNICATION_FAILURE * \retval #PSA_ERROR_HARDWARE_FAILURE * \retval #PSA_ERROR_TAMPERING_DETECTED + * \retval #PSA_ERROR_BAD_STATE */ psa_status_t psa_set_key_policy(psa_key_slot_t key, const psa_key_policy_t *policy); @@ -1504,6 +1510,7 @@ psa_status_t psa_set_key_policy(psa_key_slot_t key, * \retval #PSA_ERROR_COMMUNICATION_FAILURE * \retval #PSA_ERROR_HARDWARE_FAILURE * \retval #PSA_ERROR_TAMPERING_DETECTED + * \retval #PSA_ERROR_BAD_STATE */ psa_status_t psa_get_key_policy(psa_key_slot_t key, psa_key_policy_t *policy); @@ -1547,6 +1554,7 @@ typedef uint32_t psa_key_lifetime_t; * \retval #PSA_ERROR_COMMUNICATION_FAILURE * \retval #PSA_ERROR_HARDWARE_FAILURE * \retval #PSA_ERROR_TAMPERING_DETECTED + * \retval #PSA_ERROR_BAD_STATE */ psa_status_t psa_get_key_lifetime(psa_key_slot_t key, psa_key_lifetime_t *lifetime); @@ -1574,6 +1582,7 @@ psa_status_t psa_get_key_lifetime(psa_key_slot_t key, * \retval #PSA_ERROR_COMMUNICATION_FAILURE * \retval #PSA_ERROR_HARDWARE_FAILURE * \retval #PSA_ERROR_TAMPERING_DETECTED + * \retval #PSA_ERROR_BAD_STATE */ psa_status_t psa_set_key_lifetime(psa_key_slot_t key, psa_key_lifetime_t lifetime); @@ -1848,6 +1857,7 @@ typedef struct psa_mac_operation_s psa_mac_operation_t; * \retval #PSA_ERROR_COMMUNICATION_FAILURE * \retval #PSA_ERROR_HARDWARE_FAILURE * \retval #PSA_ERROR_TAMPERING_DETECTED + * \retval #PSA_ERROR_BAD_STATE */ psa_status_t psa_mac_sign_setup(psa_mac_operation_t *operation, psa_key_slot_t key, @@ -1896,6 +1906,7 @@ psa_status_t psa_mac_sign_setup(psa_mac_operation_t *operation, * \retval #PSA_ERROR_COMMUNICATION_FAILURE * \retval #PSA_ERROR_HARDWARE_FAILURE * \retval #PSA_ERROR_TAMPERING_DETECTED + * \retval #PSA_ERROR_BAD_STATE */ psa_status_t psa_mac_verify_setup(psa_mac_operation_t *operation, psa_key_slot_t key, @@ -2092,6 +2103,7 @@ typedef struct psa_cipher_operation_s psa_cipher_operation_t; * \retval #PSA_ERROR_COMMUNICATION_FAILURE * \retval #PSA_ERROR_HARDWARE_FAILURE * \retval #PSA_ERROR_TAMPERING_DETECTED + * \retval #PSA_ERROR_BAD_STATE */ psa_status_t psa_cipher_encrypt_setup(psa_cipher_operation_t *operation, psa_key_slot_t key, @@ -2141,6 +2153,7 @@ psa_status_t psa_cipher_encrypt_setup(psa_cipher_operation_t *operation, * \retval #PSA_ERROR_COMMUNICATION_FAILURE * \retval #PSA_ERROR_HARDWARE_FAILURE * \retval #PSA_ERROR_TAMPERING_DETECTED + * \retval #PSA_ERROR_BAD_STATE */ psa_status_t psa_cipher_decrypt_setup(psa_cipher_operation_t *operation, psa_key_slot_t key, @@ -2384,6 +2397,7 @@ psa_status_t psa_cipher_abort(psa_cipher_operation_t *operation); * \retval #PSA_ERROR_COMMUNICATION_FAILURE * \retval #PSA_ERROR_HARDWARE_FAILURE * \retval #PSA_ERROR_TAMPERING_DETECTED + * \retval #PSA_ERROR_BAD_STATE */ psa_status_t psa_aead_encrypt(psa_key_slot_t key, psa_algorithm_t alg, @@ -2437,6 +2451,7 @@ psa_status_t psa_aead_encrypt(psa_key_slot_t key, * \retval #PSA_ERROR_COMMUNICATION_FAILURE * \retval #PSA_ERROR_HARDWARE_FAILURE * \retval #PSA_ERROR_TAMPERING_DETECTED + * \retval #PSA_ERROR_BAD_STATE */ psa_status_t psa_aead_decrypt(psa_key_slot_t key, psa_algorithm_t alg, @@ -2500,6 +2515,7 @@ psa_status_t psa_aead_decrypt(psa_key_slot_t key, * \retval #PSA_ERROR_HARDWARE_FAILURE * \retval #PSA_ERROR_TAMPERING_DETECTED * \retval #PSA_ERROR_INSUFFICIENT_ENTROPY + * \retval #PSA_ERROR_BAD_STATE */ psa_status_t psa_asymmetric_sign(psa_key_slot_t key, psa_algorithm_t alg, @@ -2539,6 +2555,7 @@ psa_status_t psa_asymmetric_sign(psa_key_slot_t key, * \retval #PSA_ERROR_COMMUNICATION_FAILURE * \retval #PSA_ERROR_HARDWARE_FAILURE * \retval #PSA_ERROR_TAMPERING_DETECTED + * \retval #PSA_ERROR_BAD_STATE */ psa_status_t psa_asymmetric_verify(psa_key_slot_t key, psa_algorithm_t alg, @@ -2593,6 +2610,7 @@ psa_status_t psa_asymmetric_verify(psa_key_slot_t key, * \retval #PSA_ERROR_HARDWARE_FAILURE * \retval #PSA_ERROR_TAMPERING_DETECTED * \retval #PSA_ERROR_INSUFFICIENT_ENTROPY + * \retval #PSA_ERROR_BAD_STATE */ psa_status_t psa_asymmetric_encrypt(psa_key_slot_t key, psa_algorithm_t alg, @@ -2645,6 +2663,7 @@ psa_status_t psa_asymmetric_encrypt(psa_key_slot_t key, * \retval #PSA_ERROR_TAMPERING_DETECTED * \retval #PSA_ERROR_INSUFFICIENT_ENTROPY * \retval #PSA_ERROR_INVALID_PADDING + * \retval #PSA_ERROR_BAD_STATE */ psa_status_t psa_asymmetric_decrypt(psa_key_slot_t key, psa_algorithm_t alg, @@ -2795,6 +2814,7 @@ psa_status_t psa_generator_read(psa_crypto_generator_t *generator, * \retval PSA_ERROR_COMMUNICATION_FAILURE * \retval PSA_ERROR_HARDWARE_FAILURE * \retval PSA_ERROR_TAMPERING_DETECTED + * \retval #PSA_ERROR_BAD_STATE */ psa_status_t psa_generator_import_key(psa_key_slot_t key, psa_key_type_t type, @@ -2868,6 +2888,7 @@ psa_status_t psa_generator_abort(psa_crypto_generator_t *generator); * \retval #PSA_ERROR_COMMUNICATION_FAILURE * \retval #PSA_ERROR_HARDWARE_FAILURE * \retval #PSA_ERROR_TAMPERING_DETECTED + * \retval #PSA_ERROR_BAD_STATE */ psa_status_t psa_key_derivation(psa_crypto_generator_t *generator, psa_key_slot_t key, @@ -2957,6 +2978,7 @@ typedef struct { * \retval #PSA_ERROR_COMMUNICATION_FAILURE * \retval #PSA_ERROR_HARDWARE_FAILURE * \retval #PSA_ERROR_TAMPERING_DETECTED + * \retval #PSA_ERROR_BAD_STATE */ psa_status_t psa_generate_key(psa_key_slot_t key, psa_key_type_t type, diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 01dbf3c3a..8aa3145bd 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -347,6 +347,8 @@ static psa_status_t mbedtls_to_psa_error( int ret ) static psa_status_t psa_get_key_slot( psa_key_slot_t key, key_slot_t **p_slot ) { + GUARD_MODULE_INITIALIZED; + /* 0 is not a valid slot number under any circumstance. This * implementation provides slots number 1 to N where N is the * number of available slots. */ diff --git a/tests/suites/test_suite_psa_crypto.data b/tests/suites/test_suite_psa_crypto.data index 202bd420f..b4c276377 100644 --- a/tests/suites/test_suite_psa_crypto.data +++ b/tests/suites/test_suite_psa_crypto.data @@ -1181,3 +1181,6 @@ generate_key:PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_SECP256R1):128:PSA_KEY_USAGE PSA validate module initialization: random validate_module_init_generate_random: + +PSA validate module initialization: key based +validate_module_init_key_based: diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function index e4a776ac0..2b1a946ec 100644 --- a/tests/suites/test_suite_psa_crypto.function +++ b/tests/suites/test_suite_psa_crypto.function @@ -3461,3 +3461,13 @@ void validate_module_init_generate_random( ) TEST_ASSERT( status == PSA_ERROR_BAD_STATE ); } /* END_CASE */ + +/* BEGIN_CASE */ +void validate_module_init_key_based( ) +{ + psa_status_t status; + uint8_t data[10] = { 0 }; + status = psa_import_key( 1, PSA_KEY_TYPE_RAW_DATA, data, sizeof( data ) ); + TEST_ASSERT( status == PSA_ERROR_BAD_STATE ); +} +/* END_CASE */