Favor INVALID_ARGUMENT over NOT_SUPPORTED for bad algorithm types

In psa_hash_start, psa_mac_start and psa_cipher_setup, return PSA_ERROR_INVALID_ARGUMENT rather than PSA_ERROR_NOT_SUPPORTED when the algorithm parameter is not the right category.
2024-12-23 19:35:31 +00:00 · 2018-06-20 16:21:04 +02:00 · 2018-06-20 16:21:04 +02:00 · c06e07128c
parent 248051acb6
commit c06e07128c
2 changed files with 23 additions and 2 deletions
--- a/library/psa_crypto.c
+++ b/library/psa_crypto.c
@ -865,7 +865,9 @@ psa_status_t psa_hash_start( psa_hash_operation_t *operation,
            break;
 #endif
        default:
-            return( PSA_ERROR_NOT_SUPPORTED );
+            return( PSA_ALG_IS_HASH( alg ) ?
                    PSA_ERROR_NOT_SUPPORTED :
                    PSA_ERROR_INVALID_ARGUMENT );
    }
    if( ret == 0 )
        operation->alg = alg;
@ -1166,7 +1168,8 @@ static psa_status_t psa_mac_init( psa_mac_operation_t *operation,
    else
 #endif /* MBEDTLS_MD_C */
    {
-        /* fall through with NOT_SUPPORTED */
+        if( ! PSA_ALG_IS_MAC( alg ) )
            status = PSA_ERROR_INVALID_ARGUMENT;
    }
    if( status != PSA_SUCCESS )
@ -1910,6 +1913,12 @@ psa_status_t psa_asymmetric_decrypt( psa_key_slot_t key,
 static psa_status_t psa_cipher_init( psa_cipher_operation_t *operation,
                                     psa_algorithm_t alg )
 {
    if( ! PSA_ALG_IS_CIPHER( alg ) )
    {
        memset( operation, 0, sizeof( *operation ) );
        return( PSA_ERROR_INVALID_ARGUMENT );
    }
    operation->alg = alg;
    operation->key_set = 0;
    operation->iv_set = 0;
--- a/tests/suites/test_suite_psa_crypto.data
+++ b/tests/suites/test_suite_psa_crypto.data
@ -114,6 +114,10 @@ PSA hash setup: bad (unknown hash algorithm)
 depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C
 hash_setup:0x80000000 | PSA_ALG_SHA_256:PSA_ERROR_NOT_SUPPORTED
 PSA hash setup: bad (not a hash algorithm)
 depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C
 hash_setup:PSA_ALG_HMAC(PSA_ALG_SHA_256):PSA_ERROR_INVALID_ARGUMENT
 PSA hash finish: SHA-256
 depends_on:MBEDTLS_SHA256_C
 hash_finish:PSA_ALG_SHA_256:"bd":"68325720aabd7c82f30f554b313d0570c95accbb7dc4b5aae11204c08ffe732b"
@ -134,6 +138,10 @@ PSA MAC setup: bad algorithm (unknown MAC algorithm)
 depends_on:MBEDTLS_MD_C
 mac_setup:PSA_KEY_TYPE_RAW_DATA:"000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f":PSA_ALG_HMAC(0):PSA_ERROR_NOT_SUPPORTED
 PSA MAC setup: bad algorithm (not a MAC algorithm)
 depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC
 mac_setup:PSA_KEY_TYPE_AES:"000102030405060708090a0b0c0d0e0f":PSA_ALG_CBC_BASE | PSA_ALG_BLOCK_CIPHER_PAD_NONE:PSA_ERROR_INVALID_ARGUMENT
 PSA MAC setup: invalid key type, HMAC-SHA-256
 depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C
 mac_setup:PSA_KEY_TYPE_RAW_DATA:"000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f":PSA_ALG_HMAC(PSA_ALG_SHA_256):PSA_ERROR_INVALID_ARGUMENT
@ -255,6 +263,10 @@ PSA cipher setup: bad algorithm (unknown cipher algorithm)
 depends_on:MBEDTLS_AES_C
 cipher_setup:PSA_KEY_TYPE_AES:"000102030405060708090a0b0c0d0e0f":PSA_ALG_CATEGORY_CIPHER:PSA_ERROR_NOT_SUPPORTED
 PSA cipher setup: bad algorithm (not a cipher algorithm)
 depends_on:MBEDTLS_AES_C
 cipher_setup:PSA_KEY_TYPE_AES:"000102030405060708090a0b0c0d0e0f":PSA_ALG_CMAC:PSA_ERROR_INVALID_ARGUMENT
 PSA cipher setup: invalid key type, CTR
 depends_on:MBEDTLS_CIPHER_MODE_CTR
 # Either INVALID_ARGUMENT or NOT_SUPPORTED would be reasonable here