Lines Matching +full:- +full:- +full:exit +full:- +full:status
6 * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
137 /* Mbed TLS error codes can combine a high-level error code and a in mbedtls_to_psa_error()
138 * low-level error code. The low-level error usually reflects the in mbedtls_to_psa_error()
140 int low_level_ret = -(-ret & 0x007f); in mbedtls_to_psa_error()
380 * attack on the tag and deliberately-crafted
382 * return status properly.
386 * \param status Status of function called to generate
393 static void psa_wipe_tag_output_buffer(uint8_t *output_buffer, psa_status_t status, in psa_wipe_tag_output_buffer() argument
404 if (status == PSA_SUCCESS) { in psa_wipe_tag_output_buffer()
408 memset(output_buffer + offset, '!', output_buffer_size - offset); in psa_wipe_tag_output_buffer()
646 * when called with the validated \p algorithm and \p key_type is well-defined.
686 if (slot->key.data != NULL) { in psa_allocate_buffer_to_slot()
690 slot->key.data = mbedtls_calloc(1, buffer_length); in psa_allocate_buffer_to_slot()
691 if (slot->key.data == NULL) { in psa_allocate_buffer_to_slot()
695 slot->key.bytes = buffer_length; in psa_allocate_buffer_to_slot()
703 psa_status_t status = psa_allocate_buffer_to_slot(slot, in psa_copy_key_material_into_slot() local
705 if (status != PSA_SUCCESS) { in psa_copy_key_material_into_slot()
706 return status; in psa_copy_key_material_into_slot()
709 memcpy(slot->key.data, data, data_length); in psa_copy_key_material_into_slot()
719 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; in psa_import_key_into_slot() local
720 psa_key_type_t type = attributes->core.type; in psa_import_key_into_slot()
722 /* zero-length keys are never supported. */ in psa_import_key_into_slot()
730 status = psa_validate_unstructured_key_bit_size(attributes->core.type, in psa_import_key_into_slot()
732 if (status != PSA_SUCCESS) { in psa_import_key_into_slot()
733 return status; in psa_import_key_into_slot()
799 /* If the policies are from the same hash-and-sign family, check in psa_key_policy_algorithm_intersection()
812 * one of them is a minimum-tag-length wildcard. Calculate the most in psa_key_policy_algorithm_intersection()
838 * of them is a minimum-MAC-length policy. Calculate the most in psa_key_policy_algorithm_intersection()
849 /* Get the (exact or at-least) output lengths for both sides of the in psa_key_policy_algorithm_intersection()
854 * Note that for at-least-this-length wildcard algorithms, the output in psa_key_policy_algorithm_intersection()
867 /* If only one is an at-least-this-length policy, the intersection would in psa_key_policy_algorithm_intersection()
868 * be the other (fixed-length) policy as long as said fixed length is in psa_key_policy_algorithm_intersection()
878 * length. This is still possible here when one is default-length and in psa_key_policy_algorithm_intersection()
879 * the other specific-length. Ensure to always return the in psa_key_policy_algorithm_intersection()
880 * specific-length version for the intersection. */ in psa_key_policy_algorithm_intersection()
897 /* If policy_alg is a hash-and-sign with a wildcard for the hash, in psa_key_algorithm_permits()
898 * and requested_alg is the same hash-and-sign family with any hash, in psa_key_algorithm_permits()
907 * equal-length or longer than the wildcard-specified length. */ in psa_key_algorithm_permits()
939 /* If the policy is default-length, only allow an algorithm with in psa_key_algorithm_permits()
940 * a declared exact-length matching the default. */ in psa_key_algorithm_permits()
945 /* If the requested algorithm is default-length, allow it if the policy in psa_key_algorithm_permits()
952 /* If policy_alg is an at-least-this-length wildcard MAC algorithm, in psa_key_algorithm_permits()
1001 if (psa_key_algorithm_permits(key_type, policy->alg, alg) || in psa_key_policy_permits()
1002 psa_key_algorithm_permits(key_type, policy->alg2, alg)) { in psa_key_policy_permits()
1033 psa_key_policy_algorithm_intersection(key_type, policy->alg, in psa_restrict_key_policy()
1034 constraint->alg); in psa_restrict_key_policy()
1036 psa_key_policy_algorithm_intersection(key_type, policy->alg2, in psa_restrict_key_policy()
1037 constraint->alg2); in psa_restrict_key_policy()
1038 if (intersection_alg == 0 && policy->alg != 0 && constraint->alg != 0) { in psa_restrict_key_policy()
1041 if (intersection_alg2 == 0 && policy->alg2 != 0 && constraint->alg2 != 0) { in psa_restrict_key_policy()
1044 policy->usage &= constraint->usage; in psa_restrict_key_policy()
1045 policy->alg = intersection_alg; in psa_restrict_key_policy()
1046 policy->alg2 = intersection_alg2; in psa_restrict_key_policy()
1069 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; in psa_get_and_lock_key_slot_with_policy() local
1072 status = psa_get_and_lock_key_slot(key, p_slot); in psa_get_and_lock_key_slot_with_policy()
1073 if (status != PSA_SUCCESS) { in psa_get_and_lock_key_slot_with_policy()
1074 return status; in psa_get_and_lock_key_slot_with_policy()
1082 if (PSA_KEY_TYPE_IS_PUBLIC_KEY(slot->attr.type)) { in psa_get_and_lock_key_slot_with_policy()
1086 if ((slot->attr.policy.usage & usage) != usage) { in psa_get_and_lock_key_slot_with_policy()
1087 status = PSA_ERROR_NOT_PERMITTED; in psa_get_and_lock_key_slot_with_policy()
1093 status = psa_key_policy_permits(&slot->attr.policy, in psa_get_and_lock_key_slot_with_policy()
1094 slot->attr.type, in psa_get_and_lock_key_slot_with_policy()
1096 if (status != PSA_SUCCESS) { in psa_get_and_lock_key_slot_with_policy()
1107 return status; in psa_get_and_lock_key_slot_with_policy()
1129 psa_status_t status = psa_get_and_lock_key_slot_with_policy(key, p_slot, in psa_get_and_lock_transparent_key_slot_with_policy() local
1131 if (status != PSA_SUCCESS) { in psa_get_and_lock_transparent_key_slot_with_policy()
1132 return status; in psa_get_and_lock_transparent_key_slot_with_policy()
1135 if (psa_key_lifetime_is_external((*p_slot)->attr.lifetime)) { in psa_get_and_lock_transparent_key_slot_with_policy()
1146 if (slot->key.data != NULL) { in psa_remove_key_data_from_memory()
1147 mbedtls_zeroize_and_free(slot->key.data, slot->key.bytes); in psa_remove_key_data_from_memory()
1150 slot->key.data = NULL; in psa_remove_key_data_from_memory()
1151 slot->key.bytes = 0; in psa_remove_key_data_from_memory()
1160 psa_status_t status = psa_remove_key_data_from_memory(slot); in psa_wipe_key_slot() local
1170 if (slot->lock_count != 1) { in psa_wipe_key_slot()
1171 MBEDTLS_TEST_HOOK_TEST_ASSERT(slot->lock_count == 1); in psa_wipe_key_slot()
1172 status = PSA_ERROR_CORRUPTION_DETECTED; in psa_wipe_key_slot()
1180 /* At this point, key material and other type-specific content has in psa_wipe_key_slot()
1184 return status; in psa_wipe_key_slot()
1190 psa_status_t status; /* status of the last operation */ in psa_destroy_key() local
1207 status = psa_get_and_lock_key_slot(key, &slot); in psa_destroy_key()
1208 if (status != PSA_SUCCESS) { in psa_destroy_key()
1209 return status; in psa_destroy_key()
1219 if (slot->lock_count > 1) { in psa_destroy_key()
1224 if (PSA_KEY_LIFETIME_IS_READ_ONLY(slot->attr.lifetime)) { in psa_destroy_key()
1225 /* Refuse the destruction of a read-only key (which may or may not work in psa_destroy_key()
1226 * if we attempt it, depending on whether the key is merely read-only in psa_destroy_key()
1227 * by policy or actually physically read-only). in psa_destroy_key()
1231 goto exit; in psa_destroy_key()
1235 driver = psa_get_se_driver_entry(slot->attr.lifetime); in psa_destroy_key()
1243 psa_crypto_transaction.key.lifetime = slot->attr.lifetime; in psa_destroy_key()
1245 psa_crypto_transaction.key.id = slot->attr.id; in psa_destroy_key()
1246 status = psa_crypto_save_transaction(); in psa_destroy_key()
1247 if (status != PSA_SUCCESS) { in psa_destroy_key()
1254 * https://github.com/ARMmbed/mbed-crypto/issues/215 in psa_destroy_key()
1256 overall_status = status; in psa_destroy_key()
1257 goto exit; in psa_destroy_key()
1260 status = psa_destroy_se_key(driver, in psa_destroy_key()
1263 overall_status = status; in psa_destroy_key()
1269 if (!PSA_KEY_LIFETIME_IS_VOLATILE(slot->attr.lifetime)) { in psa_destroy_key()
1270 status = psa_destroy_persistent_key(slot->attr.id); in psa_destroy_key()
1272 overall_status = status; in psa_destroy_key()
1277 * https://github.com/ARMmbed/mbed-crypto/issues/214 in psa_destroy_key()
1284 status = psa_save_se_persistent_data(driver); in psa_destroy_key()
1286 overall_status = status; in psa_destroy_key()
1288 status = psa_crypto_stop_transaction(); in psa_destroy_key()
1290 overall_status = status; in psa_destroy_key()
1295 exit: in psa_destroy_key()
1296 status = psa_wipe_key_slot(slot); in psa_destroy_key()
1298 if (status != PSA_SUCCESS) { in psa_destroy_key()
1299 overall_status = status; in psa_destroy_key()
1318 goto exit; in psa_get_rsa_public_exponent()
1323 goto exit; in psa_get_rsa_public_exponent()
1330 goto exit; in psa_get_rsa_public_exponent()
1334 goto exit; in psa_get_rsa_public_exponent()
1336 attributes->domain_parameters = buffer; in psa_get_rsa_public_exponent()
1337 attributes->domain_parameters_size = buflen; in psa_get_rsa_public_exponent()
1339 exit: in psa_get_rsa_public_exponent()
1349 /** Retrieve all the publicly-accessible attributes of a key.
1354 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; in psa_get_key_attributes() local
1360 status = psa_get_and_lock_key_slot_with_policy(key, &slot, 0, 0); in psa_get_key_attributes()
1361 if (status != PSA_SUCCESS) { in psa_get_key_attributes()
1362 return status; in psa_get_key_attributes()
1365 attributes->core = slot->attr; in psa_get_key_attributes()
1366 attributes->core.flags &= (MBEDTLS_PSA_KA_MASK_EXTERNAL_ONLY | in psa_get_key_attributes()
1370 if (psa_get_se_driver_entry(slot->attr.lifetime) != NULL) { in psa_get_key_attributes()
1376 switch (slot->attr.type) { in psa_get_key_attributes()
1384 * https://github.com/ARMmbed/mbed-crypto/issues/216 in psa_get_key_attributes()
1386 if (!psa_key_lifetime_is_external(slot->attr.lifetime)) { in psa_get_key_attributes()
1389 status = mbedtls_psa_rsa_load_representation( in psa_get_key_attributes()
1390 slot->attr.type, in psa_get_key_attributes()
1391 slot->key.data, in psa_get_key_attributes()
1392 slot->key.bytes, in psa_get_key_attributes()
1394 if (status != PSA_SUCCESS) { in psa_get_key_attributes()
1398 status = psa_get_rsa_public_exponent(rsa, in psa_get_key_attributes()
1412 if (status != PSA_SUCCESS) { in psa_get_key_attributes()
1418 return (status == PSA_SUCCESS) ? unlock_status : status; in psa_get_key_attributes()
1426 if (attributes->core.flags & MBEDTLS_PSA_KA_FLAG_HAS_SLOT_NUMBER) { in psa_get_key_slot_number()
1427 *slot_number = attributes->slot_number; in psa_get_key_slot_number()
1446 data_size - key_buffer_size); in psa_export_key_buffer_internal()
1456 psa_key_type_t type = attributes->core.type; in psa_export_key_internal()
1467 it is valid for a special-purpose implementation to omit in psa_export_key_internal()
1478 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; in psa_export_key() local
1482 /* Reject a zero-length output buffer now, since this can never be a in psa_export_key()
1499 status = psa_get_and_lock_key_slot_with_policy(key, &slot, in psa_export_key()
1501 if (status != PSA_SUCCESS) { in psa_export_key()
1502 return status; in psa_export_key()
1506 .core = slot->attr in psa_export_key()
1508 status = psa_driver_wrapper_export_key(&attributes, in psa_export_key()
1509 slot->key.data, slot->key.bytes, in psa_export_key()
1514 return (status == PSA_SUCCESS) ? unlock_status : status; in psa_export_key()
1525 psa_key_type_t type = attributes->core.type; in psa_export_public_key_internal()
1530 /* Exporting public -> public */ in psa_export_public_key_internal()
1589 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; in psa_export_public_key() local
1594 /* Reject a zero-length output buffer now, since this can never be a in psa_export_public_key()
1608 status = psa_get_and_lock_key_slot_with_policy(key, &slot, 0, 0); in psa_export_public_key()
1609 if (status != PSA_SUCCESS) { in psa_export_public_key()
1610 return status; in psa_export_public_key()
1613 if (!PSA_KEY_TYPE_IS_ASYMMETRIC(slot->attr.type)) { in psa_export_public_key()
1614 status = PSA_ERROR_INVALID_ARGUMENT; in psa_export_public_key()
1615 goto exit; in psa_export_public_key()
1619 .core = slot->attr in psa_export_public_key()
1621 status = psa_driver_wrapper_export_public_key( in psa_export_public_key()
1622 &attributes, slot->key.data, slot->key.bytes, in psa_export_public_key()
1625 exit: in psa_export_public_key()
1628 return (status == PSA_SUCCESS) ? unlock_status : status; in psa_export_public_key()
1633 "One or more key attribute flag is listed as both external-only and dual-use")
1636 "One or more key attribute flag is listed as both internal-only and dual-use")
1639 "One or more key attribute flag is listed as both internal-only and external-only")
1641 /** Validate that a key policy is internally well-formed.
1649 if ((policy->usage & ~(PSA_KEY_USAGE_EXPORT | in psa_validate_key_policy()
1682 psa_status_t status = PSA_ERROR_INVALID_ARGUMENT; in psa_validate_key_attributes() local
1686 status = psa_validate_key_location(lifetime, p_drv); in psa_validate_key_attributes()
1687 if (status != PSA_SUCCESS) { in psa_validate_key_attributes()
1688 return status; in psa_validate_key_attributes()
1691 status = psa_validate_key_persistence(lifetime); in psa_validate_key_attributes()
1692 if (status != PSA_SUCCESS) { in psa_validate_key_attributes()
1693 return status; in psa_validate_key_attributes()
1706 status = psa_validate_key_policy(&attributes->core.policy); in psa_validate_key_attributes()
1707 if (status != PSA_SUCCESS) { in psa_validate_key_attributes()
1708 return status; in psa_validate_key_attributes()
1720 if (attributes->core.flags & ~(MBEDTLS_PSA_KA_MASK_EXTERNAL_ONLY | in psa_validate_key_attributes()
1735 * -# Call psa_start_key_creation() to allocate a key slot, prepare
1738 * -# Populate the slot with the key material.
1739 * -# Call psa_finish_key_creation() to finalize the creation of the slot.
1763 psa_status_t status; in psa_start_key_creation() local
1770 status = psa_validate_key_attributes(attributes, p_drv); in psa_start_key_creation()
1771 if (status != PSA_SUCCESS) { in psa_start_key_creation()
1772 return status; in psa_start_key_creation()
1775 status = psa_get_empty_key_slot(&volatile_key_id, p_slot); in psa_start_key_creation()
1776 if (status != PSA_SUCCESS) { in psa_start_key_creation()
1777 return status; in psa_start_key_creation()
1781 /* We're storing the declared bit-size of the key. It's up to each in psa_start_key_creation()
1783 * It's automatically correct for mechanisms that use the bit-size as in psa_start_key_creation()
1784 * an input (generate, device) but not for those where the bit-size in psa_start_key_creation()
1789 slot->attr = attributes->core; in psa_start_key_creation()
1790 if (PSA_KEY_LIFETIME_IS_VOLATILE(slot->attr.lifetime)) { in psa_start_key_creation()
1792 slot->attr.id = volatile_key_id; in psa_start_key_creation()
1794 slot->attr.id.key_id = volatile_key_id; in psa_start_key_creation()
1798 /* Erase external-only flags from the internal copy. To access in psa_start_key_creation()
1799 * external-only flags, query `attributes`. Thanks to the check in psa_start_key_creation()
1800 * in psa_validate_key_attributes(), this leaves the dual-use in psa_start_key_creation()
1803 slot->attr.flags &= ~MBEDTLS_PSA_KA_MASK_EXTERNAL_ONLY; in psa_start_key_creation()
1825 status = psa_find_se_slot_for_key(attributes, method, *p_drv, in psa_start_key_creation()
1827 if (status != PSA_SUCCESS) { in psa_start_key_creation()
1828 return status; in psa_start_key_creation()
1831 if (!PSA_KEY_LIFETIME_IS_VOLATILE(attributes->core.lifetime)) { in psa_start_key_creation()
1833 psa_crypto_transaction.key.lifetime = slot->attr.lifetime; in psa_start_key_creation()
1835 psa_crypto_transaction.key.id = slot->attr.id; in psa_start_key_creation()
1836 status = psa_crypto_save_transaction(); in psa_start_key_creation()
1837 if (status != PSA_SUCCESS) { in psa_start_key_creation()
1839 return status; in psa_start_key_creation()
1843 status = psa_copy_key_material_into_slot( in psa_start_key_creation()
1891 psa_status_t status = PSA_SUCCESS; in psa_finish_key_creation() local
1896 if (!PSA_KEY_LIFETIME_IS_VOLATILE(slot->attr.lifetime)) { in psa_finish_key_creation()
1908 status = psa_save_persistent_key(&slot->attr, in psa_finish_key_creation()
1916 status = psa_save_persistent_key(&slot->attr, in psa_finish_key_creation()
1917 slot->key.data, in psa_finish_key_creation()
1918 slot->key.bytes); in psa_finish_key_creation()
1931 status = psa_save_se_persistent_data(driver); in psa_finish_key_creation()
1932 if (status != PSA_SUCCESS) { in psa_finish_key_creation()
1933 psa_destroy_persistent_key(slot->attr.id); in psa_finish_key_creation()
1934 return status; in psa_finish_key_creation()
1936 status = psa_crypto_stop_transaction(); in psa_finish_key_creation()
1940 if (status == PSA_SUCCESS) { in psa_finish_key_creation()
1941 *key = slot->attr.id; in psa_finish_key_creation()
1942 status = psa_unlock_key_slot(slot); in psa_finish_key_creation()
1943 if (status != PSA_SUCCESS) { in psa_finish_key_creation()
1948 return status; in psa_finish_key_creation()
1977 * https://github.com/ARMmbed/mbed-crypto/issues/217 in psa_fail_key_creation()
2005 if (attributes->core.type != 0) { in psa_validate_optional_attributes()
2006 if (attributes->core.type != slot->attr.type) { in psa_validate_optional_attributes()
2011 if (attributes->domain_parameters_size != 0) { in psa_validate_optional_attributes()
2015 if (PSA_KEY_TYPE_IS_RSA(slot->attr.type)) { in psa_validate_optional_attributes()
2020 psa_status_t status = mbedtls_psa_rsa_load_representation( in psa_validate_optional_attributes() local
2021 slot->attr.type, in psa_validate_optional_attributes()
2022 slot->key.data, in psa_validate_optional_attributes()
2023 slot->key.bytes, in psa_validate_optional_attributes()
2025 if (status != PSA_SUCCESS) { in psa_validate_optional_attributes()
2026 return status; in psa_validate_optional_attributes()
2039 attributes->domain_parameters, in psa_validate_optional_attributes()
2040 attributes->domain_parameters_size); in psa_validate_optional_attributes()
2062 if (attributes->core.bits != 0) { in psa_validate_optional_attributes()
2063 if (attributes->core.bits != slot->attr.bits) { in psa_validate_optional_attributes()
2076 psa_status_t status; in psa_import_key() local
2084 /* Reject zero-length symmetric keys (including raw data key objects). in psa_import_key()
2091 /* Ensure that the bytes-to-bits conversion cannot overflow. */ in psa_import_key()
2096 status = psa_start_key_creation(PSA_KEY_CREATION_IMPORT, attributes, in psa_import_key()
2098 if (status != PSA_SUCCESS) { in psa_import_key()
2099 goto exit; in psa_import_key()
2106 if (slot->key.data == NULL) { in psa_import_key()
2107 if (psa_key_lifetime_is_external(attributes->core.lifetime)) { in psa_import_key()
2108 status = psa_driver_wrapper_get_key_buffer_size_from_key_data( in psa_import_key()
2110 if (status != PSA_SUCCESS) { in psa_import_key()
2111 goto exit; in psa_import_key()
2114 status = psa_allocate_buffer_to_slot(slot, storage_size); in psa_import_key()
2115 if (status != PSA_SUCCESS) { in psa_import_key()
2116 goto exit; in psa_import_key()
2120 bits = slot->attr.bits; in psa_import_key()
2121 status = psa_driver_wrapper_import_key(attributes, in psa_import_key()
2123 slot->key.data, in psa_import_key()
2124 slot->key.bytes, in psa_import_key()
2125 &slot->key.bytes, &bits); in psa_import_key()
2126 if (status != PSA_SUCCESS) { in psa_import_key()
2127 goto exit; in psa_import_key()
2130 if (slot->attr.bits == 0) { in psa_import_key()
2131 slot->attr.bits = (psa_key_bits_t) bits; in psa_import_key()
2132 } else if (bits != slot->attr.bits) { in psa_import_key()
2133 status = PSA_ERROR_INVALID_ARGUMENT; in psa_import_key()
2134 goto exit; in psa_import_key()
2140 status = PSA_ERROR_NOT_SUPPORTED; in psa_import_key()
2141 goto exit; in psa_import_key()
2143 status = psa_validate_optional_attributes(slot, attributes); in psa_import_key()
2144 if (status != PSA_SUCCESS) { in psa_import_key()
2145 goto exit; in psa_import_key()
2148 status = psa_finish_key_creation(slot, driver, key); in psa_import_key()
2149 exit: in psa_import_key()
2150 if (status != PSA_SUCCESS) { in psa_import_key()
2154 return status; in psa_import_key()
2161 psa_status_t status; in mbedtls_psa_register_se_key() local
2177 status = psa_start_key_creation(PSA_KEY_CREATION_REGISTER, attributes, in mbedtls_psa_register_se_key()
2179 if (status != PSA_SUCCESS) { in mbedtls_psa_register_se_key()
2180 goto exit; in mbedtls_psa_register_se_key()
2183 status = psa_finish_key_creation(slot, driver, &key); in mbedtls_psa_register_se_key()
2185 exit: in mbedtls_psa_register_se_key()
2186 if (status != PSA_SUCCESS) { in mbedtls_psa_register_se_key()
2192 return status; in mbedtls_psa_register_se_key()
2200 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; in psa_copy_key() local
2210 status = psa_get_and_lock_key_slot_with_policy( in psa_copy_key()
2212 if (status != PSA_SUCCESS) { in psa_copy_key()
2213 goto exit; in psa_copy_key()
2216 status = psa_validate_optional_attributes(source_slot, in psa_copy_key()
2218 if (status != PSA_SUCCESS) { in psa_copy_key()
2219 goto exit; in psa_copy_key()
2227 actual_attributes.core.bits = source_slot->attr.bits; in psa_copy_key()
2228 actual_attributes.core.type = source_slot->attr.type; in psa_copy_key()
2231 status = psa_restrict_key_policy(source_slot->attr.type, in psa_copy_key()
2233 &source_slot->attr.policy); in psa_copy_key()
2234 if (status != PSA_SUCCESS) { in psa_copy_key()
2235 goto exit; in psa_copy_key()
2238 status = psa_start_key_creation(PSA_KEY_CREATION_COPY, &actual_attributes, in psa_copy_key()
2240 if (status != PSA_SUCCESS) { in psa_copy_key()
2241 goto exit; in psa_copy_key()
2243 if (PSA_KEY_LIFETIME_GET_LOCATION(target_slot->attr.lifetime) != in psa_copy_key()
2244 PSA_KEY_LIFETIME_GET_LOCATION(source_slot->attr.lifetime)) { in psa_copy_key()
2247 * the source key would need to be exported as plaintext and re-imported in psa_copy_key()
2252 status = PSA_ERROR_NOT_SUPPORTED; in psa_copy_key()
2253 goto exit; in psa_copy_key()
2257 * - For transparent keys it is a blind copy without any driver invocation, in psa_copy_key()
2258 * - For opaque keys this translates to an invocation of the drivers' in psa_copy_key()
2262 status = psa_driver_wrapper_get_key_buffer_size(&actual_attributes, in psa_copy_key()
2264 if (status != PSA_SUCCESS) { in psa_copy_key()
2265 goto exit; in psa_copy_key()
2268 status = psa_allocate_buffer_to_slot(target_slot, storage_size); in psa_copy_key()
2269 if (status != PSA_SUCCESS) { in psa_copy_key()
2270 goto exit; in psa_copy_key()
2273 status = psa_driver_wrapper_copy_key(&actual_attributes, in psa_copy_key()
2274 source_slot->key.data, in psa_copy_key()
2275 source_slot->key.bytes, in psa_copy_key()
2276 target_slot->key.data, in psa_copy_key()
2277 target_slot->key.bytes, in psa_copy_key()
2278 &target_slot->key.bytes); in psa_copy_key()
2279 if (status != PSA_SUCCESS) { in psa_copy_key()
2280 goto exit; in psa_copy_key()
2283 status = psa_copy_key_material_into_slot(target_slot, in psa_copy_key()
2284 source_slot->key.data, in psa_copy_key()
2285 source_slot->key.bytes); in psa_copy_key()
2286 if (status != PSA_SUCCESS) { in psa_copy_key()
2287 goto exit; in psa_copy_key()
2290 status = psa_finish_key_creation(target_slot, driver, target_key); in psa_copy_key()
2291 exit: in psa_copy_key()
2292 if (status != PSA_SUCCESS) { in psa_copy_key()
2298 return (status == PSA_SUCCESS) ? unlock_status : status; in psa_copy_key()
2309 /* Aborting a non-active operation is allowed */ in psa_hash_abort()
2310 if (operation->id == 0) { in psa_hash_abort()
2314 psa_status_t status = psa_driver_wrapper_hash_abort(operation); in psa_hash_abort() local
2315 operation->id = 0; in psa_hash_abort()
2317 return status; in psa_hash_abort()
2323 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; in psa_hash_setup() local
2326 if (operation->id != 0) { in psa_hash_setup()
2327 status = PSA_ERROR_BAD_STATE; in psa_hash_setup()
2328 goto exit; in psa_hash_setup()
2332 status = PSA_ERROR_INVALID_ARGUMENT; in psa_hash_setup()
2333 goto exit; in psa_hash_setup()
2337 * directly zeroes the int-sized dummy member of the context union. */ in psa_hash_setup()
2338 memset(&operation->ctx, 0, sizeof(operation->ctx)); in psa_hash_setup()
2340 status = psa_driver_wrapper_hash_setup(operation, alg); in psa_hash_setup()
2342 exit: in psa_hash_setup()
2343 if (status != PSA_SUCCESS) { in psa_hash_setup()
2347 return status; in psa_hash_setup()
2354 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; in psa_hash_update() local
2356 if (operation->id == 0) { in psa_hash_update()
2357 status = PSA_ERROR_BAD_STATE; in psa_hash_update()
2358 goto exit; in psa_hash_update()
2362 * zero-length input, which may have an invalid pointer. */ in psa_hash_update()
2367 status = psa_driver_wrapper_hash_update(operation, input, input_length); in psa_hash_update()
2369 exit: in psa_hash_update()
2370 if (status != PSA_SUCCESS) { in psa_hash_update()
2374 return status; in psa_hash_update()
2383 if (operation->id == 0) { in psa_hash_finish()
2387 psa_status_t status = psa_driver_wrapper_hash_finish( in psa_hash_finish() local
2390 return status; in psa_hash_finish()
2399 psa_status_t status = psa_hash_finish( in psa_hash_verify() local
2404 if (status != PSA_SUCCESS) { in psa_hash_verify()
2405 goto exit; in psa_hash_verify()
2409 status = PSA_ERROR_INVALID_SIGNATURE; in psa_hash_verify()
2410 goto exit; in psa_hash_verify()
2414 status = PSA_ERROR_INVALID_SIGNATURE; in psa_hash_verify()
2417 exit: in psa_hash_verify()
2419 if (status != PSA_SUCCESS) { in psa_hash_verify()
2423 return status; in psa_hash_verify()
2451 psa_status_t status = psa_driver_wrapper_hash_compute( in psa_hash_compare() local
2455 if (status != PSA_SUCCESS) { in psa_hash_compare()
2456 goto exit; in psa_hash_compare()
2459 status = PSA_ERROR_INVALID_SIGNATURE; in psa_hash_compare()
2460 goto exit; in psa_hash_compare()
2463 status = PSA_ERROR_INVALID_SIGNATURE; in psa_hash_compare()
2466 exit: in psa_hash_compare()
2468 return status; in psa_hash_compare()
2474 if (source_operation->id == 0 || in psa_hash_clone()
2475 target_operation->id != 0) { in psa_hash_clone()
2479 psa_status_t status = psa_driver_wrapper_hash_clone(source_operation, in psa_hash_clone() local
2481 if (status != PSA_SUCCESS) { in psa_hash_clone()
2485 return status; in psa_hash_clone()
2495 /* Aborting a non-active operation is allowed */ in psa_mac_abort()
2496 if (operation->id == 0) { in psa_mac_abort()
2500 psa_status_t status = psa_driver_wrapper_mac_abort(operation); in psa_mac_abort() local
2501 operation->mac_size = 0; in psa_mac_abort()
2502 operation->is_sign = 0; in psa_mac_abort()
2503 operation->id = 0; in psa_mac_abort()
2505 return status; in psa_mac_abort()
2513 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; in psa_mac_finalize_alg_and_key_validation() local
2522 status = psa_mac_key_can_do(alg, key_type); in psa_mac_finalize_alg_and_key_validation()
2523 if (status != PSA_SUCCESS) { in psa_mac_finalize_alg_and_key_validation()
2524 return status; in psa_mac_finalize_alg_and_key_validation()
2532 * brute-forced. Ancient protocols with 32-bit MACs do exist, in psa_mac_finalize_alg_and_key_validation()
2547 * that is disabled in the compile-time configuration. The result can in psa_mac_finalize_alg_and_key_validation()
2566 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; in psa_mac_setup() local
2572 if (operation->id != 0) { in psa_mac_setup()
2573 status = PSA_ERROR_BAD_STATE; in psa_mac_setup()
2574 goto exit; in psa_mac_setup()
2577 status = psa_get_and_lock_key_slot_with_policy( in psa_mac_setup()
2582 if (status != PSA_SUCCESS) { in psa_mac_setup()
2583 goto exit; in psa_mac_setup()
2587 .core = slot->attr in psa_mac_setup()
2590 status = psa_mac_finalize_alg_and_key_validation(alg, &attributes, in psa_mac_setup()
2591 &operation->mac_size); in psa_mac_setup()
2592 if (status != PSA_SUCCESS) { in psa_mac_setup()
2593 goto exit; in psa_mac_setup()
2596 operation->is_sign = is_sign; in psa_mac_setup()
2599 status = psa_driver_wrapper_mac_sign_setup(operation, in psa_mac_setup()
2601 slot->key.data, in psa_mac_setup()
2602 slot->key.bytes, in psa_mac_setup()
2605 status = psa_driver_wrapper_mac_verify_setup(operation, in psa_mac_setup()
2607 slot->key.data, in psa_mac_setup()
2608 slot->key.bytes, in psa_mac_setup()
2612 exit: in psa_mac_setup()
2613 if (status != PSA_SUCCESS) { in psa_mac_setup()
2619 return (status == PSA_SUCCESS) ? unlock_status : status; in psa_mac_setup()
2640 if (operation->id == 0) { in psa_mac_update()
2645 * zero-length input, which may have an invalid pointer. */ in psa_mac_update()
2650 psa_status_t status = psa_driver_wrapper_mac_update(operation, in psa_mac_update() local
2652 if (status != PSA_SUCCESS) { in psa_mac_update()
2656 return status; in psa_mac_update()
2664 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; in psa_mac_sign_finish() local
2667 if (operation->id == 0) { in psa_mac_sign_finish()
2668 status = PSA_ERROR_BAD_STATE; in psa_mac_sign_finish()
2669 goto exit; in psa_mac_sign_finish()
2672 if (!operation->is_sign) { in psa_mac_sign_finish()
2673 status = PSA_ERROR_BAD_STATE; in psa_mac_sign_finish()
2674 goto exit; in psa_mac_sign_finish()
2679 if (operation->mac_size == 0) { in psa_mac_sign_finish()
2680 status = PSA_ERROR_BAD_STATE; in psa_mac_sign_finish()
2681 goto exit; in psa_mac_sign_finish()
2684 if (mac_size < operation->mac_size) { in psa_mac_sign_finish()
2685 status = PSA_ERROR_BUFFER_TOO_SMALL; in psa_mac_sign_finish()
2686 goto exit; in psa_mac_sign_finish()
2689 status = psa_driver_wrapper_mac_sign_finish(operation, in psa_mac_sign_finish()
2690 mac, operation->mac_size, in psa_mac_sign_finish()
2693 exit: in psa_mac_sign_finish()
2700 if (status != PSA_SUCCESS) { in psa_mac_sign_finish()
2702 operation->mac_size = 0; in psa_mac_sign_finish()
2705 psa_wipe_tag_output_buffer(mac, status, mac_size, *mac_length); in psa_mac_sign_finish()
2709 return status == PSA_SUCCESS ? abort_status : status; in psa_mac_sign_finish()
2716 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; in psa_mac_verify_finish() local
2719 if (operation->id == 0) { in psa_mac_verify_finish()
2720 status = PSA_ERROR_BAD_STATE; in psa_mac_verify_finish()
2721 goto exit; in psa_mac_verify_finish()
2724 if (operation->is_sign) { in psa_mac_verify_finish()
2725 status = PSA_ERROR_BAD_STATE; in psa_mac_verify_finish()
2726 goto exit; in psa_mac_verify_finish()
2729 if (operation->mac_size != mac_length) { in psa_mac_verify_finish()
2730 status = PSA_ERROR_INVALID_SIGNATURE; in psa_mac_verify_finish()
2731 goto exit; in psa_mac_verify_finish()
2734 status = psa_driver_wrapper_mac_verify_finish(operation, in psa_mac_verify_finish()
2737 exit: in psa_mac_verify_finish()
2740 return status == PSA_SUCCESS ? abort_status : status; in psa_mac_verify_finish()
2752 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; in psa_mac_compute_internal() local
2758 status = psa_get_and_lock_key_slot_with_policy( in psa_mac_compute_internal()
2763 if (status != PSA_SUCCESS) { in psa_mac_compute_internal()
2764 goto exit; in psa_mac_compute_internal()
2768 .core = slot->attr in psa_mac_compute_internal()
2771 status = psa_mac_finalize_alg_and_key_validation(alg, &attributes, in psa_mac_compute_internal()
2773 if (status != PSA_SUCCESS) { in psa_mac_compute_internal()
2774 goto exit; in psa_mac_compute_internal()
2778 status = PSA_ERROR_BUFFER_TOO_SMALL; in psa_mac_compute_internal()
2779 goto exit; in psa_mac_compute_internal()
2782 status = psa_driver_wrapper_mac_compute( in psa_mac_compute_internal()
2784 slot->key.data, slot->key.bytes, in psa_mac_compute_internal()
2789 exit: in psa_mac_compute_internal()
2796 if (status != PSA_SUCCESS) { in psa_mac_compute_internal()
2801 psa_wipe_tag_output_buffer(mac, status, mac_size, *mac_length); in psa_mac_compute_internal()
2805 return (status == PSA_SUCCESS) ? unlock_status : status; in psa_mac_compute_internal()
2828 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; in psa_mac_verify() local
2832 status = psa_mac_compute_internal(key, alg, in psa_mac_verify()
2836 if (status != PSA_SUCCESS) { in psa_mac_verify()
2837 goto exit; in psa_mac_verify()
2841 status = PSA_ERROR_INVALID_SIGNATURE; in psa_mac_verify()
2842 goto exit; in psa_mac_verify()
2845 status = PSA_ERROR_INVALID_SIGNATURE; in psa_mac_verify()
2846 goto exit; in psa_mac_verify()
2849 exit: in psa_mac_verify()
2852 return status; in psa_mac_verify()
2890 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; in psa_sign_internal() local
2897 status = psa_sign_verify_check_alg(input_is_message, alg); in psa_sign_internal()
2898 if (status != PSA_SUCCESS) { in psa_sign_internal()
2899 return status; in psa_sign_internal()
2902 /* Immediately reject a zero-length signature buffer. This guarantees in psa_sign_internal()
2910 status = psa_get_and_lock_key_slot_with_policy( in psa_sign_internal()
2916 if (status != PSA_SUCCESS) { in psa_sign_internal()
2917 goto exit; in psa_sign_internal()
2920 if (!PSA_KEY_TYPE_IS_KEY_PAIR(slot->attr.type)) { in psa_sign_internal()
2921 status = PSA_ERROR_INVALID_ARGUMENT; in psa_sign_internal()
2922 goto exit; in psa_sign_internal()
2926 .core = slot->attr in psa_sign_internal()
2930 status = psa_driver_wrapper_sign_message( in psa_sign_internal()
2931 &attributes, slot->key.data, slot->key.bytes, in psa_sign_internal()
2936 status = psa_driver_wrapper_sign_hash( in psa_sign_internal()
2937 &attributes, slot->key.data, slot->key.bytes, in psa_sign_internal()
2943 exit: in psa_sign_internal()
2944 psa_wipe_tag_output_buffer(signature, status, signature_size, in psa_sign_internal()
2949 return (status == PSA_SUCCESS) ? unlock_status : status; in psa_sign_internal()
2960 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; in psa_verify_internal() local
2964 status = psa_sign_verify_check_alg(input_is_message, alg); in psa_verify_internal()
2965 if (status != PSA_SUCCESS) { in psa_verify_internal()
2966 return status; in psa_verify_internal()
2969 status = psa_get_and_lock_key_slot_with_policy( in psa_verify_internal()
2975 if (status != PSA_SUCCESS) { in psa_verify_internal()
2976 return status; in psa_verify_internal()
2980 .core = slot->attr in psa_verify_internal()
2984 status = psa_driver_wrapper_verify_message( in psa_verify_internal()
2985 &attributes, slot->key.data, slot->key.bytes, in psa_verify_internal()
2989 status = psa_driver_wrapper_verify_hash( in psa_verify_internal()
2990 &attributes, slot->key.data, slot->key.bytes, in psa_verify_internal()
2997 return (status == PSA_SUCCESS) ? unlock_status : status; in psa_verify_internal()
3012 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; in psa_sign_message_builtin() local
3018 status = psa_driver_wrapper_hash_compute( in psa_sign_message_builtin()
3023 if (status != PSA_SUCCESS) { in psa_sign_message_builtin()
3024 return status; in psa_sign_message_builtin()
3059 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; in psa_verify_message_builtin() local
3065 status = psa_driver_wrapper_hash_compute( in psa_verify_message_builtin()
3070 if (status != PSA_SUCCESS) { in psa_verify_message_builtin()
3071 return status; in psa_verify_message_builtin()
3101 if (attributes->core.type == PSA_KEY_TYPE_RSA_KEY_PAIR) { in psa_sign_hash_builtin()
3116 } else if (PSA_KEY_TYPE_IS_ECC(attributes->core.type)) { in psa_sign_hash_builtin()
3162 if (PSA_KEY_TYPE_IS_RSA(attributes->core.type)) { in psa_verify_hash_builtin()
3177 } else if (PSA_KEY_TYPE_IS_ECC(attributes->core.type)) { in psa_verify_hash_builtin()
3225 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; in psa_asymmetric_encrypt() local
3242 status = psa_get_and_lock_transparent_key_slot_with_policy( in psa_asymmetric_encrypt()
3244 if (status != PSA_SUCCESS) { in psa_asymmetric_encrypt()
3245 return status; in psa_asymmetric_encrypt()
3247 if (!(PSA_KEY_TYPE_IS_PUBLIC_KEY(slot->attr.type) || in psa_asymmetric_encrypt()
3248 PSA_KEY_TYPE_IS_KEY_PAIR(slot->attr.type))) { in psa_asymmetric_encrypt()
3249 status = PSA_ERROR_INVALID_ARGUMENT; in psa_asymmetric_encrypt()
3250 goto exit; in psa_asymmetric_encrypt()
3254 .core = slot->attr in psa_asymmetric_encrypt()
3257 status = psa_driver_wrapper_asymmetric_encrypt( in psa_asymmetric_encrypt()
3258 &attributes, slot->key.data, slot->key.bytes, in psa_asymmetric_encrypt()
3261 exit: in psa_asymmetric_encrypt()
3264 return (status == PSA_SUCCESS) ? unlock_status : status; in psa_asymmetric_encrypt()
3277 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; in psa_asymmetric_decrypt() local
3294 status = psa_get_and_lock_transparent_key_slot_with_policy( in psa_asymmetric_decrypt()
3296 if (status != PSA_SUCCESS) { in psa_asymmetric_decrypt()
3297 return status; in psa_asymmetric_decrypt()
3299 if (!PSA_KEY_TYPE_IS_KEY_PAIR(slot->attr.type)) { in psa_asymmetric_decrypt()
3300 status = PSA_ERROR_INVALID_ARGUMENT; in psa_asymmetric_decrypt()
3301 goto exit; in psa_asymmetric_decrypt()
3305 .core = slot->attr in psa_asymmetric_decrypt()
3308 status = psa_driver_wrapper_asymmetric_decrypt( in psa_asymmetric_decrypt()
3309 &attributes, slot->key.data, slot->key.bytes, in psa_asymmetric_decrypt()
3313 exit: in psa_asymmetric_decrypt()
3316 return (status == PSA_SUCCESS) ? unlock_status : status; in psa_asymmetric_decrypt()
3338 return operation->num_ops; in psa_sign_hash_get_num_ops()
3344 return operation->num_ops; in psa_verify_hash_get_num_ops()
3350 if (operation->id == 0) { in psa_sign_hash_abort_internal()
3357 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; in psa_sign_hash_abort_internal() local
3359 status = psa_driver_wrapper_sign_hash_abort(operation); in psa_sign_hash_abort_internal()
3361 operation->id = 0; in psa_sign_hash_abort_internal()
3367 return status; in psa_sign_hash_abort_internal()
3375 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; in psa_sign_hash_start() local
3382 if (operation->id != 0 || operation->error_occurred) { in psa_sign_hash_start()
3386 status = psa_sign_verify_check_alg(0, alg); in psa_sign_hash_start()
3387 if (status != PSA_SUCCESS) { in psa_sign_hash_start()
3388 operation->error_occurred = 1; in psa_sign_hash_start()
3389 return status; in psa_sign_hash_start()
3392 status = psa_get_and_lock_key_slot_with_policy(key, &slot, in psa_sign_hash_start()
3396 if (status != PSA_SUCCESS) { in psa_sign_hash_start()
3397 goto exit; in psa_sign_hash_start()
3400 if (!PSA_KEY_TYPE_IS_KEY_PAIR(slot->attr.type)) { in psa_sign_hash_start()
3401 status = PSA_ERROR_INVALID_ARGUMENT; in psa_sign_hash_start()
3402 goto exit; in psa_sign_hash_start()
3406 .core = slot->attr in psa_sign_hash_start()
3409 /* Ensure ops count gets reset, in case of operation re-use. */ in psa_sign_hash_start()
3410 operation->num_ops = 0; in psa_sign_hash_start()
3412 status = psa_driver_wrapper_sign_hash_start(operation, &attributes, in psa_sign_hash_start()
3413 slot->key.data, in psa_sign_hash_start()
3414 slot->key.bytes, alg, in psa_sign_hash_start()
3416 exit: in psa_sign_hash_start()
3418 if (status != PSA_SUCCESS) { in psa_sign_hash_start()
3419 operation->error_occurred = 1; in psa_sign_hash_start()
3426 operation->error_occurred = 1; in psa_sign_hash_start()
3429 return (status == PSA_SUCCESS) ? unlock_status : status; in psa_sign_hash_start()
3438 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; in psa_sign_hash_complete() local
3444 if (operation->id == 0 || operation->error_occurred) { in psa_sign_hash_complete()
3445 status = PSA_ERROR_BAD_STATE; in psa_sign_hash_complete()
3446 goto exit; in psa_sign_hash_complete()
3449 /* Immediately reject a zero-length signature buffer. This guarantees that in psa_sign_hash_complete()
3452 status = PSA_ERROR_BUFFER_TOO_SMALL; in psa_sign_hash_complete()
3453 goto exit; in psa_sign_hash_complete()
3456 status = psa_driver_wrapper_sign_hash_complete(operation, signature, in psa_sign_hash_complete()
3461 operation->num_ops = psa_driver_wrapper_sign_hash_get_num_ops(operation); in psa_sign_hash_complete()
3463 exit: in psa_sign_hash_complete()
3465 psa_wipe_tag_output_buffer(signature, status, signature_size, in psa_sign_hash_complete()
3468 if (status != PSA_OPERATION_INCOMPLETE) { in psa_sign_hash_complete()
3469 if (status != PSA_SUCCESS) { in psa_sign_hash_complete()
3470 operation->error_occurred = 1; in psa_sign_hash_complete()
3476 return status; in psa_sign_hash_complete()
3482 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; in psa_sign_hash_abort() local
3484 status = psa_sign_hash_abort_internal(operation); in psa_sign_hash_abort()
3488 operation->num_ops = 0; in psa_sign_hash_abort()
3491 operation->error_occurred = 0; in psa_sign_hash_abort()
3493 return status; in psa_sign_hash_abort()
3499 if (operation->id == 0) { in psa_verify_hash_abort_internal()
3506 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; in psa_verify_hash_abort_internal() local
3508 status = psa_driver_wrapper_verify_hash_abort(operation); in psa_verify_hash_abort_internal()
3510 operation->id = 0; in psa_verify_hash_abort_internal()
3516 return status; in psa_verify_hash_abort_internal()
3525 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; in psa_verify_hash_start() local
3531 if (operation->id != 0 || operation->error_occurred) { in psa_verify_hash_start()
3535 status = psa_sign_verify_check_alg(0, alg); in psa_verify_hash_start()
3536 if (status != PSA_SUCCESS) { in psa_verify_hash_start()
3537 operation->error_occurred = 1; in psa_verify_hash_start()
3538 return status; in psa_verify_hash_start()
3541 status = psa_get_and_lock_key_slot_with_policy(key, &slot, in psa_verify_hash_start()
3545 if (status != PSA_SUCCESS) { in psa_verify_hash_start()
3546 operation->error_occurred = 1; in psa_verify_hash_start()
3547 return status; in psa_verify_hash_start()
3551 .core = slot->attr in psa_verify_hash_start()
3554 /* Ensure ops count gets reset, in case of operation re-use. */ in psa_verify_hash_start()
3555 operation->num_ops = 0; in psa_verify_hash_start()
3557 status = psa_driver_wrapper_verify_hash_start(operation, &attributes, in psa_verify_hash_start()
3558 slot->key.data, in psa_verify_hash_start()
3559 slot->key.bytes, in psa_verify_hash_start()
3563 if (status != PSA_SUCCESS) { in psa_verify_hash_start()
3564 operation->error_occurred = 1; in psa_verify_hash_start()
3571 operation->error_occurred = 1; in psa_verify_hash_start()
3574 return (status == PSA_SUCCESS) ? unlock_status : status; in psa_verify_hash_start()
3580 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; in psa_verify_hash_complete() local
3584 if (operation->id == 0 || operation->error_occurred) { in psa_verify_hash_complete()
3585 status = PSA_ERROR_BAD_STATE; in psa_verify_hash_complete()
3586 goto exit; in psa_verify_hash_complete()
3589 status = psa_driver_wrapper_verify_hash_complete(operation); in psa_verify_hash_complete()
3592 operation->num_ops = psa_driver_wrapper_verify_hash_get_num_ops( in psa_verify_hash_complete()
3595 exit: in psa_verify_hash_complete()
3597 if (status != PSA_OPERATION_INCOMPLETE) { in psa_verify_hash_complete()
3598 if (status != PSA_SUCCESS) { in psa_verify_hash_complete()
3599 operation->error_occurred = 1; in psa_verify_hash_complete()
3605 return status; in psa_verify_hash_complete()
3611 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; in psa_verify_hash_abort() local
3613 status = psa_verify_hash_abort_internal(operation); in psa_verify_hash_abort()
3617 operation->num_ops = 0; in psa_verify_hash_abort()
3620 operation->error_occurred = 0; in psa_verify_hash_abort()
3622 return status; in psa_verify_hash_abort()
3658 return operation->num_ops; in mbedtls_psa_sign_hash_get_num_ops()
3674 return operation->num_ops; in mbedtls_psa_verify_hash_get_num_ops()
3689 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; in mbedtls_psa_sign_hash_start() local
3692 if (!PSA_KEY_TYPE_IS_ECC(attributes->core.type)) { in mbedtls_psa_sign_hash_start()
3704 mbedtls_ecdsa_restart_init(&operation->restart_ctx); in mbedtls_psa_sign_hash_start()
3706 /* Ensure num_ops is zero'ed in case of context re-use. */ in mbedtls_psa_sign_hash_start()
3707 operation->num_ops = 0; in mbedtls_psa_sign_hash_start()
3709 status = mbedtls_psa_ecp_load_representation(attributes->core.type, in mbedtls_psa_sign_hash_start()
3710 attributes->core.bits, in mbedtls_psa_sign_hash_start()
3713 &operation->ctx); in mbedtls_psa_sign_hash_start()
3715 if (status != PSA_SUCCESS) { in mbedtls_psa_sign_hash_start()
3716 return status; in mbedtls_psa_sign_hash_start()
3719 operation->coordinate_bytes = PSA_BITS_TO_BYTES( in mbedtls_psa_sign_hash_start()
3720 operation->ctx->grp.nbits); in mbedtls_psa_sign_hash_start()
3723 operation->md_alg = mbedtls_md_type_from_psa_alg(hash_alg); in mbedtls_psa_sign_hash_start()
3724 operation->alg = alg; in mbedtls_psa_sign_hash_start()
3728 required_hash_length = (hash_length < operation->coordinate_bytes ? in mbedtls_psa_sign_hash_start()
3729 hash_length : operation->coordinate_bytes); in mbedtls_psa_sign_hash_start()
3731 if (required_hash_length > sizeof(operation->hash)) { in mbedtls_psa_sign_hash_start()
3736 memcpy(operation->hash, hash, required_hash_length); in mbedtls_psa_sign_hash_start()
3737 operation->hash_length = required_hash_length; in mbedtls_psa_sign_hash_start()
3748 (void) status; in mbedtls_psa_sign_hash_start()
3766 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; in mbedtls_psa_sign_hash_complete() local
3776 if (signature_size < 2 * operation->coordinate_bytes) { in mbedtls_psa_sign_hash_complete()
3777 status = PSA_ERROR_BUFFER_TOO_SMALL; in mbedtls_psa_sign_hash_complete()
3778 goto exit; in mbedtls_psa_sign_hash_complete()
3781 if (PSA_ALG_ECDSA_IS_DETERMINISTIC(operation->alg)) { in mbedtls_psa_sign_hash_complete()
3784 status = mbedtls_to_psa_error( in mbedtls_psa_sign_hash_complete()
3785 mbedtls_ecdsa_sign_det_restartable(&operation->ctx->grp, in mbedtls_psa_sign_hash_complete()
3788 &operation->ctx->d, in mbedtls_psa_sign_hash_complete()
3789 operation->hash, in mbedtls_psa_sign_hash_complete()
3790 operation->hash_length, in mbedtls_psa_sign_hash_complete()
3791 operation->md_alg, in mbedtls_psa_sign_hash_complete()
3794 &operation->restart_ctx)); in mbedtls_psa_sign_hash_complete()
3796 status = PSA_ERROR_NOT_SUPPORTED; in mbedtls_psa_sign_hash_complete()
3797 goto exit; in mbedtls_psa_sign_hash_complete()
3800 status = mbedtls_to_psa_error( in mbedtls_psa_sign_hash_complete()
3801 mbedtls_ecdsa_sign_restartable(&operation->ctx->grp, in mbedtls_psa_sign_hash_complete()
3804 &operation->ctx->d, in mbedtls_psa_sign_hash_complete()
3805 operation->hash, in mbedtls_psa_sign_hash_complete()
3806 operation->hash_length, in mbedtls_psa_sign_hash_complete()
3811 &operation->restart_ctx)); in mbedtls_psa_sign_hash_complete()
3816 operation->num_ops += operation->restart_ctx.ecp.ops_done; in mbedtls_psa_sign_hash_complete()
3818 if (status == PSA_SUCCESS) { in mbedtls_psa_sign_hash_complete()
3819 status = mbedtls_to_psa_error( in mbedtls_psa_sign_hash_complete()
3822 operation->coordinate_bytes) in mbedtls_psa_sign_hash_complete()
3825 if (status != PSA_SUCCESS) { in mbedtls_psa_sign_hash_complete()
3826 goto exit; in mbedtls_psa_sign_hash_complete()
3829 status = mbedtls_to_psa_error( in mbedtls_psa_sign_hash_complete()
3832 operation->coordinate_bytes, in mbedtls_psa_sign_hash_complete()
3833 operation->coordinate_bytes) in mbedtls_psa_sign_hash_complete()
3836 if (status != PSA_SUCCESS) { in mbedtls_psa_sign_hash_complete()
3837 goto exit; in mbedtls_psa_sign_hash_complete()
3840 *signature_length = operation->coordinate_bytes * 2; in mbedtls_psa_sign_hash_complete()
3842 status = PSA_SUCCESS; in mbedtls_psa_sign_hash_complete()
3845 exit: in mbedtls_psa_sign_hash_complete()
3849 return status; in mbedtls_psa_sign_hash_complete()
3873 if (operation->ctx) { in mbedtls_psa_sign_hash_abort()
3874 mbedtls_ecdsa_free(operation->ctx); in mbedtls_psa_sign_hash_abort()
3875 mbedtls_free(operation->ctx); in mbedtls_psa_sign_hash_abort()
3876 operation->ctx = NULL; in mbedtls_psa_sign_hash_abort()
3879 mbedtls_ecdsa_restart_free(&operation->restart_ctx); in mbedtls_psa_sign_hash_abort()
3881 operation->num_ops = 0; in mbedtls_psa_sign_hash_abort()
3904 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; in mbedtls_psa_verify_hash_start() local
3908 if (!PSA_KEY_TYPE_IS_ECC(attributes->core.type)) { in mbedtls_psa_verify_hash_start()
3920 mbedtls_ecdsa_restart_init(&operation->restart_ctx); in mbedtls_psa_verify_hash_start()
3921 mbedtls_mpi_init(&operation->r); in mbedtls_psa_verify_hash_start()
3922 mbedtls_mpi_init(&operation->s); in mbedtls_psa_verify_hash_start()
3924 /* Ensure num_ops is zero'ed in case of context re-use. */ in mbedtls_psa_verify_hash_start()
3925 operation->num_ops = 0; in mbedtls_psa_verify_hash_start()
3927 status = mbedtls_psa_ecp_load_representation(attributes->core.type, in mbedtls_psa_verify_hash_start()
3928 attributes->core.bits, in mbedtls_psa_verify_hash_start()
3931 &operation->ctx); in mbedtls_psa_verify_hash_start()
3933 if (status != PSA_SUCCESS) { in mbedtls_psa_verify_hash_start()
3934 return status; in mbedtls_psa_verify_hash_start()
3937 coordinate_bytes = PSA_BITS_TO_BYTES(operation->ctx->grp.nbits); in mbedtls_psa_verify_hash_start()
3943 status = mbedtls_to_psa_error( in mbedtls_psa_verify_hash_start()
3944 mbedtls_mpi_read_binary(&operation->r, in mbedtls_psa_verify_hash_start()
3948 if (status != PSA_SUCCESS) { in mbedtls_psa_verify_hash_start()
3949 return status; in mbedtls_psa_verify_hash_start()
3952 status = mbedtls_to_psa_error( in mbedtls_psa_verify_hash_start()
3953 mbedtls_mpi_read_binary(&operation->s, in mbedtls_psa_verify_hash_start()
3958 if (status != PSA_SUCCESS) { in mbedtls_psa_verify_hash_start()
3959 return status; in mbedtls_psa_verify_hash_start()
3962 status = mbedtls_psa_ecp_load_public_part(operation->ctx); in mbedtls_psa_verify_hash_start()
3964 if (status != PSA_SUCCESS) { in mbedtls_psa_verify_hash_start()
3965 return status; in mbedtls_psa_verify_hash_start()
3973 if (required_hash_length > sizeof(operation->hash)) { in mbedtls_psa_verify_hash_start()
3978 memcpy(operation->hash, hash, required_hash_length); in mbedtls_psa_verify_hash_start()
3979 operation->hash_length = required_hash_length; in mbedtls_psa_verify_hash_start()
3991 (void) status; in mbedtls_psa_verify_hash_start()
4009 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; in mbedtls_psa_verify_hash_complete() local
4014 status = mbedtls_to_psa_error( in mbedtls_psa_verify_hash_complete()
4015 mbedtls_ecdsa_verify_restartable(&operation->ctx->grp, in mbedtls_psa_verify_hash_complete()
4016 operation->hash, in mbedtls_psa_verify_hash_complete()
4017 operation->hash_length, in mbedtls_psa_verify_hash_complete()
4018 &operation->ctx->Q, in mbedtls_psa_verify_hash_complete()
4019 &operation->r, in mbedtls_psa_verify_hash_complete()
4020 &operation->s, in mbedtls_psa_verify_hash_complete()
4021 &operation->restart_ctx)); in mbedtls_psa_verify_hash_complete()
4025 operation->num_ops += operation->restart_ctx.ecp.ops_done; in mbedtls_psa_verify_hash_complete()
4027 return status; in mbedtls_psa_verify_hash_complete()
4046 if (operation->ctx) { in mbedtls_psa_verify_hash_abort()
4047 mbedtls_ecdsa_free(operation->ctx); in mbedtls_psa_verify_hash_abort()
4048 mbedtls_free(operation->ctx); in mbedtls_psa_verify_hash_abort()
4049 operation->ctx = NULL; in mbedtls_psa_verify_hash_abort()
4052 mbedtls_ecdsa_restart_free(&operation->restart_ctx); in mbedtls_psa_verify_hash_abort()
4054 operation->num_ops = 0; in mbedtls_psa_verify_hash_abort()
4056 mbedtls_mpi_free(&operation->r); in mbedtls_psa_verify_hash_abort()
4057 mbedtls_mpi_free(&operation->s); in mbedtls_psa_verify_hash_abort()
4080 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; in psa_cipher_setup() local
4089 if (operation->id != 0) { in psa_cipher_setup()
4090 status = PSA_ERROR_BAD_STATE; in psa_cipher_setup()
4091 goto exit; in psa_cipher_setup()
4095 status = PSA_ERROR_INVALID_ARGUMENT; in psa_cipher_setup()
4096 goto exit; in psa_cipher_setup()
4099 status = psa_get_and_lock_key_slot_with_policy(key, &slot, usage, alg); in psa_cipher_setup()
4100 if (status != PSA_SUCCESS) { in psa_cipher_setup()
4101 goto exit; in psa_cipher_setup()
4108 operation->iv_set = 0; in psa_cipher_setup()
4110 operation->iv_required = 0; in psa_cipher_setup()
4112 operation->iv_required = 1; in psa_cipher_setup()
4114 operation->default_iv_length = PSA_CIPHER_IV_LENGTH(slot->attr.type, alg); in psa_cipher_setup()
4117 .core = slot->attr in psa_cipher_setup()
4122 status = psa_driver_wrapper_cipher_encrypt_setup(operation, in psa_cipher_setup()
4124 slot->key.data, in psa_cipher_setup()
4125 slot->key.bytes, in psa_cipher_setup()
4128 status = psa_driver_wrapper_cipher_decrypt_setup(operation, in psa_cipher_setup()
4130 slot->key.data, in psa_cipher_setup()
4131 slot->key.bytes, in psa_cipher_setup()
4135 exit: in psa_cipher_setup()
4136 if (status != PSA_SUCCESS) { in psa_cipher_setup()
4142 return (status == PSA_SUCCESS) ? unlock_status : status; in psa_cipher_setup()
4164 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; in psa_cipher_generate_iv() local
4168 if (operation->id == 0) { in psa_cipher_generate_iv()
4169 status = PSA_ERROR_BAD_STATE; in psa_cipher_generate_iv()
4170 goto exit; in psa_cipher_generate_iv()
4173 if (operation->iv_set || !operation->iv_required) { in psa_cipher_generate_iv()
4174 status = PSA_ERROR_BAD_STATE; in psa_cipher_generate_iv()
4175 goto exit; in psa_cipher_generate_iv()
4178 default_iv_length = operation->default_iv_length; in psa_cipher_generate_iv()
4180 status = PSA_ERROR_BUFFER_TOO_SMALL; in psa_cipher_generate_iv()
4181 goto exit; in psa_cipher_generate_iv()
4185 status = PSA_ERROR_GENERIC_ERROR; in psa_cipher_generate_iv()
4186 goto exit; in psa_cipher_generate_iv()
4189 status = psa_generate_random(local_iv, default_iv_length); in psa_cipher_generate_iv()
4190 if (status != PSA_SUCCESS) { in psa_cipher_generate_iv()
4191 goto exit; in psa_cipher_generate_iv()
4194 status = psa_driver_wrapper_cipher_set_iv(operation, in psa_cipher_generate_iv()
4197 exit: in psa_cipher_generate_iv()
4198 if (status == PSA_SUCCESS) { in psa_cipher_generate_iv()
4201 operation->iv_set = 1; in psa_cipher_generate_iv()
4207 return status; in psa_cipher_generate_iv()
4214 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; in psa_cipher_set_iv() local
4216 if (operation->id == 0) { in psa_cipher_set_iv()
4217 status = PSA_ERROR_BAD_STATE; in psa_cipher_set_iv()
4218 goto exit; in psa_cipher_set_iv()
4221 if (operation->iv_set || !operation->iv_required) { in psa_cipher_set_iv()
4222 status = PSA_ERROR_BAD_STATE; in psa_cipher_set_iv()
4223 goto exit; in psa_cipher_set_iv()
4227 status = PSA_ERROR_INVALID_ARGUMENT; in psa_cipher_set_iv()
4228 goto exit; in psa_cipher_set_iv()
4231 status = psa_driver_wrapper_cipher_set_iv(operation, in psa_cipher_set_iv()
4235 exit: in psa_cipher_set_iv()
4236 if (status == PSA_SUCCESS) { in psa_cipher_set_iv()
4237 operation->iv_set = 1; in psa_cipher_set_iv()
4241 return status; in psa_cipher_set_iv()
4251 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; in psa_cipher_update() local
4253 if (operation->id == 0) { in psa_cipher_update()
4254 status = PSA_ERROR_BAD_STATE; in psa_cipher_update()
4255 goto exit; in psa_cipher_update()
4258 if (operation->iv_required && !operation->iv_set) { in psa_cipher_update()
4259 status = PSA_ERROR_BAD_STATE; in psa_cipher_update()
4260 goto exit; in psa_cipher_update()
4263 status = psa_driver_wrapper_cipher_update(operation, in psa_cipher_update()
4270 exit: in psa_cipher_update()
4271 if (status != PSA_SUCCESS) { in psa_cipher_update()
4275 return status; in psa_cipher_update()
4283 psa_status_t status = PSA_ERROR_GENERIC_ERROR; in psa_cipher_finish() local
4285 if (operation->id == 0) { in psa_cipher_finish()
4286 status = PSA_ERROR_BAD_STATE; in psa_cipher_finish()
4287 goto exit; in psa_cipher_finish()
4290 if (operation->iv_required && !operation->iv_set) { in psa_cipher_finish()
4291 status = PSA_ERROR_BAD_STATE; in psa_cipher_finish()
4292 goto exit; in psa_cipher_finish()
4295 status = psa_driver_wrapper_cipher_finish(operation, in psa_cipher_finish()
4300 exit: in psa_cipher_finish()
4301 if (status == PSA_SUCCESS) { in psa_cipher_finish()
4307 return status; in psa_cipher_finish()
4313 if (operation->id == 0) { in psa_cipher_abort()
4322 operation->id = 0; in psa_cipher_abort()
4323 operation->iv_set = 0; in psa_cipher_abort()
4324 operation->iv_required = 0; in psa_cipher_abort()
4337 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; in psa_cipher_encrypt() local
4345 status = PSA_ERROR_INVALID_ARGUMENT; in psa_cipher_encrypt()
4346 goto exit; in psa_cipher_encrypt()
4349 status = psa_get_and_lock_key_slot_with_policy(key, &slot, in psa_cipher_encrypt()
4352 if (status != PSA_SUCCESS) { in psa_cipher_encrypt()
4353 goto exit; in psa_cipher_encrypt()
4357 .core = slot->attr in psa_cipher_encrypt()
4360 default_iv_length = PSA_CIPHER_IV_LENGTH(slot->attr.type, alg); in psa_cipher_encrypt()
4362 status = PSA_ERROR_GENERIC_ERROR; in psa_cipher_encrypt()
4363 goto exit; in psa_cipher_encrypt()
4368 status = PSA_ERROR_BUFFER_TOO_SMALL; in psa_cipher_encrypt()
4369 goto exit; in psa_cipher_encrypt()
4372 status = psa_generate_random(local_iv, default_iv_length); in psa_cipher_encrypt()
4373 if (status != PSA_SUCCESS) { in psa_cipher_encrypt()
4374 goto exit; in psa_cipher_encrypt()
4378 status = psa_driver_wrapper_cipher_encrypt( in psa_cipher_encrypt()
4379 &attributes, slot->key.data, slot->key.bytes, in psa_cipher_encrypt()
4382 output_size - default_iv_length, output_length); in psa_cipher_encrypt()
4384 exit: in psa_cipher_encrypt()
4386 if (status == PSA_SUCCESS) { in psa_cipher_encrypt()
4387 status = unlock_status; in psa_cipher_encrypt()
4390 if (status == PSA_SUCCESS) { in psa_cipher_encrypt()
4399 return status; in psa_cipher_encrypt()
4410 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; in psa_cipher_decrypt() local
4416 status = PSA_ERROR_INVALID_ARGUMENT; in psa_cipher_decrypt()
4417 goto exit; in psa_cipher_decrypt()
4420 status = psa_get_and_lock_key_slot_with_policy(key, &slot, in psa_cipher_decrypt()
4423 if (status != PSA_SUCCESS) { in psa_cipher_decrypt()
4424 goto exit; in psa_cipher_decrypt()
4428 .core = slot->attr in psa_cipher_decrypt()
4432 input_length < PSA_BLOCK_CIPHER_BLOCK_LENGTH(slot->attr.type)) { in psa_cipher_decrypt()
4433 status = PSA_ERROR_INVALID_ARGUMENT; in psa_cipher_decrypt()
4434 goto exit; in psa_cipher_decrypt()
4435 } else if (input_length < PSA_CIPHER_IV_LENGTH(slot->attr.type, alg)) { in psa_cipher_decrypt()
4436 status = PSA_ERROR_INVALID_ARGUMENT; in psa_cipher_decrypt()
4437 goto exit; in psa_cipher_decrypt()
4440 status = psa_driver_wrapper_cipher_decrypt( in psa_cipher_decrypt()
4441 &attributes, slot->key.data, slot->key.bytes, in psa_cipher_decrypt()
4445 exit: in psa_cipher_decrypt()
4447 if (status == PSA_SUCCESS) { in psa_cipher_decrypt()
4448 status = unlock_status; in psa_cipher_decrypt()
4451 if (status != PSA_SUCCESS) { in psa_cipher_decrypt()
4455 return status; in psa_cipher_decrypt()
4534 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; in psa_aead_encrypt() local
4539 status = psa_aead_check_algorithm(alg); in psa_aead_encrypt()
4540 if (status != PSA_SUCCESS) { in psa_aead_encrypt()
4541 return status; in psa_aead_encrypt()
4544 status = psa_get_and_lock_key_slot_with_policy( in psa_aead_encrypt()
4546 if (status != PSA_SUCCESS) { in psa_aead_encrypt()
4547 return status; in psa_aead_encrypt()
4551 .core = slot->attr in psa_aead_encrypt()
4554 status = psa_aead_check_nonce_length(alg, nonce_length); in psa_aead_encrypt()
4555 if (status != PSA_SUCCESS) { in psa_aead_encrypt()
4556 goto exit; in psa_aead_encrypt()
4559 status = psa_driver_wrapper_aead_encrypt( in psa_aead_encrypt()
4560 &attributes, slot->key.data, slot->key.bytes, in psa_aead_encrypt()
4567 if (status != PSA_SUCCESS && ciphertext_size != 0) { in psa_aead_encrypt()
4571 exit: in psa_aead_encrypt()
4574 return status; in psa_aead_encrypt()
4589 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; in psa_aead_decrypt() local
4594 status = psa_aead_check_algorithm(alg); in psa_aead_decrypt()
4595 if (status != PSA_SUCCESS) { in psa_aead_decrypt()
4596 return status; in psa_aead_decrypt()
4599 status = psa_get_and_lock_key_slot_with_policy( in psa_aead_decrypt()
4601 if (status != PSA_SUCCESS) { in psa_aead_decrypt()
4602 return status; in psa_aead_decrypt()
4606 .core = slot->attr in psa_aead_decrypt()
4609 status = psa_aead_check_nonce_length(alg, nonce_length); in psa_aead_decrypt()
4610 if (status != PSA_SUCCESS) { in psa_aead_decrypt()
4611 goto exit; in psa_aead_decrypt()
4614 status = psa_driver_wrapper_aead_decrypt( in psa_aead_decrypt()
4615 &attributes, slot->key.data, slot->key.bytes, in psa_aead_decrypt()
4622 if (status != PSA_SUCCESS && plaintext_size != 0) { in psa_aead_decrypt()
4626 exit: in psa_aead_decrypt()
4629 return status; in psa_aead_decrypt()
4677 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; in psa_aead_setup() local
4683 status = psa_aead_check_algorithm(alg); in psa_aead_setup()
4684 if (status != PSA_SUCCESS) { in psa_aead_setup()
4685 goto exit; in psa_aead_setup()
4688 if (operation->id != 0) { in psa_aead_setup()
4689 status = PSA_ERROR_BAD_STATE; in psa_aead_setup()
4690 goto exit; in psa_aead_setup()
4693 if (operation->nonce_set || operation->lengths_set || in psa_aead_setup()
4694 operation->ad_started || operation->body_started) { in psa_aead_setup()
4695 status = PSA_ERROR_BAD_STATE; in psa_aead_setup()
4696 goto exit; in psa_aead_setup()
4705 status = psa_get_and_lock_key_slot_with_policy(key, &slot, key_usage, in psa_aead_setup()
4707 if (status != PSA_SUCCESS) { in psa_aead_setup()
4708 goto exit; in psa_aead_setup()
4712 .core = slot->attr in psa_aead_setup()
4715 if ((status = psa_validate_tag_length(alg)) != PSA_SUCCESS) { in psa_aead_setup()
4716 goto exit; in psa_aead_setup()
4720 status = psa_driver_wrapper_aead_encrypt_setup(operation, in psa_aead_setup()
4722 slot->key.data, in psa_aead_setup()
4723 slot->key.bytes, in psa_aead_setup()
4726 status = psa_driver_wrapper_aead_decrypt_setup(operation, in psa_aead_setup()
4728 slot->key.data, in psa_aead_setup()
4729 slot->key.bytes, in psa_aead_setup()
4732 if (status != PSA_SUCCESS) { in psa_aead_setup()
4733 goto exit; in psa_aead_setup()
4736 operation->key_type = psa_get_key_type(&attributes); in psa_aead_setup()
4738 exit: in psa_aead_setup()
4741 if (status == PSA_SUCCESS) { in psa_aead_setup()
4742 status = unlock_status; in psa_aead_setup()
4743 operation->alg = psa_aead_get_base_algorithm(alg); in psa_aead_setup()
4744 operation->is_encrypt = is_encrypt; in psa_aead_setup()
4749 return status; in psa_aead_setup()
4774 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; in psa_aead_generate_nonce() local
4780 if (operation->id == 0) { in psa_aead_generate_nonce()
4781 status = PSA_ERROR_BAD_STATE; in psa_aead_generate_nonce()
4782 goto exit; in psa_aead_generate_nonce()
4785 if (operation->nonce_set || !operation->is_encrypt) { in psa_aead_generate_nonce()
4786 status = PSA_ERROR_BAD_STATE; in psa_aead_generate_nonce()
4787 goto exit; in psa_aead_generate_nonce()
4794 * integer >= 2 where pLen < 2^(8L). The nonce length is then 15 - L bytes. in psa_aead_generate_nonce()
4799 required_nonce_size = PSA_AEAD_NONCE_LENGTH(operation->key_type, in psa_aead_generate_nonce()
4800 operation->alg); in psa_aead_generate_nonce()
4802 status = PSA_ERROR_BUFFER_TOO_SMALL; in psa_aead_generate_nonce()
4803 goto exit; in psa_aead_generate_nonce()
4806 status = psa_generate_random(local_nonce, required_nonce_size); in psa_aead_generate_nonce()
4807 if (status != PSA_SUCCESS) { in psa_aead_generate_nonce()
4808 goto exit; in psa_aead_generate_nonce()
4811 status = psa_aead_set_nonce(operation, local_nonce, required_nonce_size); in psa_aead_generate_nonce()
4813 exit: in psa_aead_generate_nonce()
4814 if (status == PSA_SUCCESS) { in psa_aead_generate_nonce()
4821 return status; in psa_aead_generate_nonce()
4830 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; in psa_aead_set_nonce() local
4832 if (operation->id == 0) { in psa_aead_set_nonce()
4833 status = PSA_ERROR_BAD_STATE; in psa_aead_set_nonce()
4834 goto exit; in psa_aead_set_nonce()
4837 if (operation->nonce_set) { in psa_aead_set_nonce()
4838 status = PSA_ERROR_BAD_STATE; in psa_aead_set_nonce()
4839 goto exit; in psa_aead_set_nonce()
4842 status = psa_aead_check_nonce_length(operation->alg, nonce_length); in psa_aead_set_nonce()
4843 if (status != PSA_SUCCESS) { in psa_aead_set_nonce()
4844 status = PSA_ERROR_INVALID_ARGUMENT; in psa_aead_set_nonce()
4845 goto exit; in psa_aead_set_nonce()
4848 status = psa_driver_wrapper_aead_set_nonce(operation, nonce, in psa_aead_set_nonce()
4851 exit: in psa_aead_set_nonce()
4852 if (status == PSA_SUCCESS) { in psa_aead_set_nonce()
4853 operation->nonce_set = 1; in psa_aead_set_nonce()
4858 return status; in psa_aead_set_nonce()
4866 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; in psa_aead_set_lengths() local
4868 if (operation->id == 0) { in psa_aead_set_lengths()
4869 status = PSA_ERROR_BAD_STATE; in psa_aead_set_lengths()
4870 goto exit; in psa_aead_set_lengths()
4873 if (operation->lengths_set || operation->ad_started || in psa_aead_set_lengths()
4874 operation->body_started) { in psa_aead_set_lengths()
4875 status = PSA_ERROR_BAD_STATE; in psa_aead_set_lengths()
4876 goto exit; in psa_aead_set_lengths()
4879 switch (operation->alg) { in psa_aead_set_lengths()
4888 status = PSA_ERROR_INVALID_ARGUMENT; in psa_aead_set_lengths()
4889 goto exit; in psa_aead_set_lengths()
4897 status = PSA_ERROR_INVALID_ARGUMENT; in psa_aead_set_lengths()
4898 goto exit; in psa_aead_set_lengths()
4911 status = psa_driver_wrapper_aead_set_lengths(operation, ad_length, in psa_aead_set_lengths()
4914 exit: in psa_aead_set_lengths()
4915 if (status == PSA_SUCCESS) { in psa_aead_set_lengths()
4916 operation->ad_remaining = ad_length; in psa_aead_set_lengths()
4917 operation->body_remaining = plaintext_length; in psa_aead_set_lengths()
4918 operation->lengths_set = 1; in psa_aead_set_lengths()
4923 return status; in psa_aead_set_lengths()
4931 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; in psa_aead_update_ad() local
4933 if (operation->id == 0) { in psa_aead_update_ad()
4934 status = PSA_ERROR_BAD_STATE; in psa_aead_update_ad()
4935 goto exit; in psa_aead_update_ad()
4938 if (!operation->nonce_set || operation->body_started) { in psa_aead_update_ad()
4939 status = PSA_ERROR_BAD_STATE; in psa_aead_update_ad()
4940 goto exit; in psa_aead_update_ad()
4943 if (operation->lengths_set) { in psa_aead_update_ad()
4944 if (operation->ad_remaining < input_length) { in psa_aead_update_ad()
4945 status = PSA_ERROR_INVALID_ARGUMENT; in psa_aead_update_ad()
4946 goto exit; in psa_aead_update_ad()
4949 operation->ad_remaining -= input_length; in psa_aead_update_ad()
4952 else if (operation->alg == PSA_ALG_CCM) { in psa_aead_update_ad()
4953 status = PSA_ERROR_BAD_STATE; in psa_aead_update_ad()
4954 goto exit; in psa_aead_update_ad()
4958 status = psa_driver_wrapper_aead_update_ad(operation, input, in psa_aead_update_ad()
4961 exit: in psa_aead_update_ad()
4962 if (status == PSA_SUCCESS) { in psa_aead_update_ad()
4963 operation->ad_started = 1; in psa_aead_update_ad()
4968 return status; in psa_aead_update_ad()
4980 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; in psa_aead_update() local
4984 if (operation->id == 0) { in psa_aead_update()
4985 status = PSA_ERROR_BAD_STATE; in psa_aead_update()
4986 goto exit; in psa_aead_update()
4989 if (!operation->nonce_set) { in psa_aead_update()
4990 status = PSA_ERROR_BAD_STATE; in psa_aead_update()
4991 goto exit; in psa_aead_update()
4994 if (operation->lengths_set) { in psa_aead_update()
4997 if (operation->ad_remaining != 0) { in psa_aead_update()
4998 status = PSA_ERROR_INVALID_ARGUMENT; in psa_aead_update()
4999 goto exit; in psa_aead_update()
5003 if (operation->body_remaining < input_length) { in psa_aead_update()
5004 status = PSA_ERROR_INVALID_ARGUMENT; in psa_aead_update()
5005 goto exit; in psa_aead_update()
5008 operation->body_remaining -= input_length; in psa_aead_update()
5011 else if (operation->alg == PSA_ALG_CCM) { in psa_aead_update()
5012 status = PSA_ERROR_BAD_STATE; in psa_aead_update()
5013 goto exit; in psa_aead_update()
5017 status = psa_driver_wrapper_aead_update(operation, input, input_length, in psa_aead_update()
5021 exit: in psa_aead_update()
5022 if (status == PSA_SUCCESS) { in psa_aead_update()
5023 operation->body_started = 1; in psa_aead_update()
5028 return status; in psa_aead_update()
5033 if (operation->id == 0 || !operation->nonce_set) { in psa_aead_final_checks()
5037 if (operation->lengths_set && (operation->ad_remaining != 0 || in psa_aead_final_checks()
5038 operation->body_remaining != 0)) { in psa_aead_final_checks()
5054 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; in psa_aead_finish() local
5059 status = psa_aead_final_checks(operation); in psa_aead_finish()
5060 if (status != PSA_SUCCESS) { in psa_aead_finish()
5061 goto exit; in psa_aead_finish()
5064 if (!operation->is_encrypt) { in psa_aead_finish()
5065 status = PSA_ERROR_BAD_STATE; in psa_aead_finish()
5066 goto exit; in psa_aead_finish()
5069 status = psa_driver_wrapper_aead_finish(operation, ciphertext, in psa_aead_finish()
5074 exit: in psa_aead_finish()
5082 psa_wipe_tag_output_buffer(tag, status, tag_size, *tag_length); in psa_aead_finish()
5086 return status; in psa_aead_finish()
5098 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; in psa_aead_verify() local
5102 status = psa_aead_final_checks(operation); in psa_aead_verify()
5103 if (status != PSA_SUCCESS) { in psa_aead_verify()
5104 goto exit; in psa_aead_verify()
5107 if (operation->is_encrypt) { in psa_aead_verify()
5108 status = PSA_ERROR_BAD_STATE; in psa_aead_verify()
5109 goto exit; in psa_aead_verify()
5112 status = psa_driver_wrapper_aead_verify(operation, plaintext, in psa_aead_verify()
5117 exit: in psa_aead_verify()
5120 return status; in psa_aead_verify()
5126 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; in psa_aead_abort() local
5128 if (operation->id == 0) { in psa_aead_abort()
5135 status = psa_driver_wrapper_aead_abort(operation); in psa_aead_abort()
5139 return status; in psa_aead_abort()
5163 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; in psa_key_derivation_start_hmac() local
5169 operation->is_sign = 1; in psa_key_derivation_start_hmac()
5170 operation->mac_size = PSA_HASH_LENGTH(hash_alg); in psa_key_derivation_start_hmac()
5172 status = psa_driver_wrapper_mac_sign_setup(operation, in psa_key_derivation_start_hmac()
5178 return status; in psa_key_derivation_start_hmac()
5190 if (PSA_ALG_IS_KEY_AGREEMENT(operation->alg)) { in psa_key_derivation_get_kdf_alg()
5191 return PSA_ALG_KEY_AGREEMENT_GET_KDF(operation->alg); in psa_key_derivation_get_kdf_alg()
5193 return operation->alg; in psa_key_derivation_get_kdf_alg()
5199 psa_status_t status = PSA_SUCCESS; in psa_key_derivation_abort() local
5208 mbedtls_free(operation->ctx.hkdf.info); in psa_key_derivation_abort()
5209 status = psa_mac_abort(&operation->ctx.hkdf.hmac); in psa_key_derivation_abort()
5215 /* TLS-1.2 PSK-to-MS KDF uses the same core as TLS-1.2 PRF */ in psa_key_derivation_abort()
5217 if (operation->ctx.tls12_prf.secret != NULL) { in psa_key_derivation_abort()
5218 mbedtls_zeroize_and_free(operation->ctx.tls12_prf.secret, in psa_key_derivation_abort()
5219 operation->ctx.tls12_prf.secret_length); in psa_key_derivation_abort()
5222 if (operation->ctx.tls12_prf.seed != NULL) { in psa_key_derivation_abort()
5223 mbedtls_zeroize_and_free(operation->ctx.tls12_prf.seed, in psa_key_derivation_abort()
5224 operation->ctx.tls12_prf.seed_length); in psa_key_derivation_abort()
5227 if (operation->ctx.tls12_prf.label != NULL) { in psa_key_derivation_abort()
5228 mbedtls_zeroize_and_free(operation->ctx.tls12_prf.label, in psa_key_derivation_abort()
5229 operation->ctx.tls12_prf.label_length); in psa_key_derivation_abort()
5232 if (operation->ctx.tls12_prf.other_secret != NULL) { in psa_key_derivation_abort()
5233 mbedtls_zeroize_and_free(operation->ctx.tls12_prf.other_secret, in psa_key_derivation_abort()
5234 operation->ctx.tls12_prf.other_secret_length); in psa_key_derivation_abort()
5237 status = PSA_SUCCESS; in psa_key_derivation_abort()
5246 mbedtls_platform_zeroize(operation->ctx.tls12_ecjpake_to_pms.data, in psa_key_derivation_abort()
5247 sizeof(operation->ctx.tls12_ecjpake_to_pms.data)); in psa_key_derivation_abort()
5252 if (operation->ctx.pbkdf2.salt != NULL) { in psa_key_derivation_abort()
5253 mbedtls_zeroize_and_free(operation->ctx.pbkdf2.salt, in psa_key_derivation_abort()
5254 operation->ctx.pbkdf2.salt_length); in psa_key_derivation_abort()
5257 status = PSA_SUCCESS; in psa_key_derivation_abort()
5261 status = PSA_ERROR_BAD_STATE; in psa_key_derivation_abort()
5264 return status; in psa_key_derivation_abort()
5270 if (operation->alg == 0) { in psa_key_derivation_get_capacity()
5275 *capacity = operation->capacity; in psa_key_derivation_get_capacity()
5282 if (operation->alg == 0) { in psa_key_derivation_set_capacity()
5285 if (capacity > operation->capacity) { in psa_key_derivation_set_capacity()
5288 operation->capacity = capacity; in psa_key_derivation_set_capacity()
5293 /* Read some bytes from an HKDF-based operation. */
5302 psa_status_t status; in psa_key_derivation_hkdf_read() local
5309 if (hkdf->state < HKDF_STATE_KEYED || in psa_key_derivation_hkdf_read()
5310 (!hkdf->info_set in psa_key_derivation_hkdf_read()
5317 hkdf->state = HKDF_STATE_OUTPUT; in psa_key_derivation_hkdf_read()
5321 uint8_t n = hash_length - hkdf->offset_in_block; in psa_key_derivation_hkdf_read()
5325 memcpy(output, hkdf->output_block + hkdf->offset_in_block, n); in psa_key_derivation_hkdf_read()
5327 output_length -= n; in psa_key_derivation_hkdf_read()
5328 hkdf->offset_in_block += n; in psa_key_derivation_hkdf_read()
5337 if (hkdf->block_number == last_block) { in psa_key_derivation_hkdf_read()
5342 ++hkdf->block_number; in psa_key_derivation_hkdf_read()
5343 hkdf->offset_in_block = 0; in psa_key_derivation_hkdf_read()
5345 status = psa_key_derivation_start_hmac(&hkdf->hmac, in psa_key_derivation_hkdf_read()
5347 hkdf->prk, in psa_key_derivation_hkdf_read()
5349 if (status != PSA_SUCCESS) { in psa_key_derivation_hkdf_read()
5350 return status; in psa_key_derivation_hkdf_read()
5353 if (hkdf->block_number != 1) { in psa_key_derivation_hkdf_read()
5354 status = psa_mac_update(&hkdf->hmac, in psa_key_derivation_hkdf_read()
5355 hkdf->output_block, in psa_key_derivation_hkdf_read()
5357 if (status != PSA_SUCCESS) { in psa_key_derivation_hkdf_read()
5358 return status; in psa_key_derivation_hkdf_read()
5361 status = psa_mac_update(&hkdf->hmac, in psa_key_derivation_hkdf_read()
5362 hkdf->info, in psa_key_derivation_hkdf_read()
5363 hkdf->info_length); in psa_key_derivation_hkdf_read()
5364 if (status != PSA_SUCCESS) { in psa_key_derivation_hkdf_read()
5365 return status; in psa_key_derivation_hkdf_read()
5367 status = psa_mac_update(&hkdf->hmac, in psa_key_derivation_hkdf_read()
5368 &hkdf->block_number, 1); in psa_key_derivation_hkdf_read()
5369 if (status != PSA_SUCCESS) { in psa_key_derivation_hkdf_read()
5370 return status; in psa_key_derivation_hkdf_read()
5372 status = psa_mac_sign_finish(&hkdf->hmac, in psa_key_derivation_hkdf_read()
5373 hkdf->output_block, in psa_key_derivation_hkdf_read()
5374 sizeof(hkdf->output_block), in psa_key_derivation_hkdf_read()
5376 if (status != PSA_SUCCESS) { in psa_key_derivation_hkdf_read()
5377 return status; in psa_key_derivation_hkdf_read()
5395 psa_status_t status, cleanup_status; in psa_key_derivation_tls12_prf_generate_next_block() local
5402 if (tls12_prf->block_number == 0xff) { in psa_key_derivation_tls12_prf_generate_next_block()
5407 ++tls12_prf->block_number; in psa_key_derivation_tls12_prf_generate_next_block()
5408 tls12_prf->left_in_block = hash_length; in psa_key_derivation_tls12_prf_generate_next_block()
5410 /* Recall the definition of the TLS-1.2-PRF from RFC 5246: in psa_key_derivation_tls12_prf_generate_next_block()
5419 * A(i) = HMAC_hash(secret, A(i-1)) in psa_key_derivation_tls12_prf_generate_next_block()
5427 status = psa_key_derivation_start_hmac(&hmac, in psa_key_derivation_tls12_prf_generate_next_block()
5429 tls12_prf->secret, in psa_key_derivation_tls12_prf_generate_next_block()
5430 tls12_prf->secret_length); in psa_key_derivation_tls12_prf_generate_next_block()
5431 if (status != PSA_SUCCESS) { in psa_key_derivation_tls12_prf_generate_next_block()
5435 /* Calculate A(i) where i = tls12_prf->block_number. */ in psa_key_derivation_tls12_prf_generate_next_block()
5436 if (tls12_prf->block_number == 1) { in psa_key_derivation_tls12_prf_generate_next_block()
5440 status = psa_mac_update(&hmac, in psa_key_derivation_tls12_prf_generate_next_block()
5441 tls12_prf->label, in psa_key_derivation_tls12_prf_generate_next_block()
5442 tls12_prf->label_length); in psa_key_derivation_tls12_prf_generate_next_block()
5443 if (status != PSA_SUCCESS) { in psa_key_derivation_tls12_prf_generate_next_block()
5446 status = psa_mac_update(&hmac, in psa_key_derivation_tls12_prf_generate_next_block()
5447 tls12_prf->seed, in psa_key_derivation_tls12_prf_generate_next_block()
5448 tls12_prf->seed_length); in psa_key_derivation_tls12_prf_generate_next_block()
5449 if (status != PSA_SUCCESS) { in psa_key_derivation_tls12_prf_generate_next_block()
5453 /* A(i) = HMAC_hash(secret, A(i-1)) */ in psa_key_derivation_tls12_prf_generate_next_block()
5454 status = psa_mac_update(&hmac, tls12_prf->Ai, hash_length); in psa_key_derivation_tls12_prf_generate_next_block()
5455 if (status != PSA_SUCCESS) { in psa_key_derivation_tls12_prf_generate_next_block()
5460 status = psa_mac_sign_finish(&hmac, in psa_key_derivation_tls12_prf_generate_next_block()
5461 tls12_prf->Ai, hash_length, in psa_key_derivation_tls12_prf_generate_next_block()
5464 status = PSA_ERROR_CORRUPTION_DETECTED; in psa_key_derivation_tls12_prf_generate_next_block()
5466 if (status != PSA_SUCCESS) { in psa_key_derivation_tls12_prf_generate_next_block()
5471 status = psa_key_derivation_start_hmac(&hmac, in psa_key_derivation_tls12_prf_generate_next_block()
5473 tls12_prf->secret, in psa_key_derivation_tls12_prf_generate_next_block()
5474 tls12_prf->secret_length); in psa_key_derivation_tls12_prf_generate_next_block()
5475 if (status != PSA_SUCCESS) { in psa_key_derivation_tls12_prf_generate_next_block()
5478 status = psa_mac_update(&hmac, tls12_prf->Ai, hash_length); in psa_key_derivation_tls12_prf_generate_next_block()
5479 if (status != PSA_SUCCESS) { in psa_key_derivation_tls12_prf_generate_next_block()
5482 status = psa_mac_update(&hmac, tls12_prf->label, tls12_prf->label_length); in psa_key_derivation_tls12_prf_generate_next_block()
5483 if (status != PSA_SUCCESS) { in psa_key_derivation_tls12_prf_generate_next_block()
5486 status = psa_mac_update(&hmac, tls12_prf->seed, tls12_prf->seed_length); in psa_key_derivation_tls12_prf_generate_next_block()
5487 if (status != PSA_SUCCESS) { in psa_key_derivation_tls12_prf_generate_next_block()
5490 status = psa_mac_sign_finish(&hmac, in psa_key_derivation_tls12_prf_generate_next_block()
5491 tls12_prf->output_block, hash_length, in psa_key_derivation_tls12_prf_generate_next_block()
5493 if (status != PSA_SUCCESS) { in psa_key_derivation_tls12_prf_generate_next_block()
5500 if (status == PSA_SUCCESS && cleanup_status != PSA_SUCCESS) { in psa_key_derivation_tls12_prf_generate_next_block()
5501 status = cleanup_status; in psa_key_derivation_tls12_prf_generate_next_block()
5504 return status; in psa_key_derivation_tls12_prf_generate_next_block()
5515 psa_status_t status; in psa_key_derivation_tls12_prf_read() local
5518 switch (tls12_prf->state) { in psa_key_derivation_tls12_prf_read()
5520 tls12_prf->state = PSA_TLS12_PRF_STATE_OUTPUT; in psa_key_derivation_tls12_prf_read()
5530 if (tls12_prf->left_in_block == 0) { in psa_key_derivation_tls12_prf_read()
5531 status = psa_key_derivation_tls12_prf_generate_next_block(tls12_prf, in psa_key_derivation_tls12_prf_read()
5533 if (status != PSA_SUCCESS) { in psa_key_derivation_tls12_prf_read()
5534 return status; in psa_key_derivation_tls12_prf_read()
5540 if (tls12_prf->left_in_block > output_length) { in psa_key_derivation_tls12_prf_read()
5543 length = tls12_prf->left_in_block; in psa_key_derivation_tls12_prf_read()
5546 offset = hash_length - tls12_prf->left_in_block; in psa_key_derivation_tls12_prf_read()
5547 memcpy(output, tls12_prf->output_block + offset, length); in psa_key_derivation_tls12_prf_read()
5549 output_length -= length; in psa_key_derivation_tls12_prf_read()
5550 tls12_prf->left_in_block -= length; in psa_key_derivation_tls12_prf_read()
5564 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; in psa_key_derivation_tls12_ecjpake_to_pms_read() local
5571 status = psa_hash_compute(PSA_ALG_SHA_256, ecjpake->data, in psa_key_derivation_tls12_ecjpake_to_pms_read()
5574 if (status != PSA_SUCCESS) { in psa_key_derivation_tls12_ecjpake_to_pms_read()
5575 return status; in psa_key_derivation_tls12_ecjpake_to_pms_read()
5593 psa_status_t status; in psa_key_derivation_pbkdf2_generate_block() local
5597 uint8_t *U_accumulator = pbkdf2->output_block; in psa_key_derivation_pbkdf2_generate_block()
5603 MBEDTLS_PUT_UINT32_BE(pbkdf2->block_number, block_counter, 0); in psa_key_derivation_pbkdf2_generate_block()
5605 status = psa_driver_wrapper_mac_sign_setup(&mac_operation, in psa_key_derivation_pbkdf2_generate_block()
5607 pbkdf2->password, in psa_key_derivation_pbkdf2_generate_block()
5608 pbkdf2->password_length, in psa_key_derivation_pbkdf2_generate_block()
5610 if (status != PSA_SUCCESS) { in psa_key_derivation_pbkdf2_generate_block()
5613 status = psa_mac_update(&mac_operation, pbkdf2->salt, pbkdf2->salt_length); in psa_key_derivation_pbkdf2_generate_block()
5614 if (status != PSA_SUCCESS) { in psa_key_derivation_pbkdf2_generate_block()
5617 status = psa_mac_update(&mac_operation, block_counter, sizeof(block_counter)); in psa_key_derivation_pbkdf2_generate_block()
5618 if (status != PSA_SUCCESS) { in psa_key_derivation_pbkdf2_generate_block()
5621 status = psa_mac_sign_finish(&mac_operation, U_i, sizeof(U_i), in psa_key_derivation_pbkdf2_generate_block()
5623 if (status != PSA_SUCCESS) { in psa_key_derivation_pbkdf2_generate_block()
5628 status = PSA_ERROR_CORRUPTION_DETECTED; in psa_key_derivation_pbkdf2_generate_block()
5634 for (i = 1; i < pbkdf2->input_cost; i++) { in psa_key_derivation_pbkdf2_generate_block()
5637 * See https://github.com/Mbed-TLS/mbedtls/issues/7801 */ in psa_key_derivation_pbkdf2_generate_block()
5638 status = psa_driver_wrapper_mac_compute(attributes, in psa_key_derivation_pbkdf2_generate_block()
5639 pbkdf2->password, in psa_key_derivation_pbkdf2_generate_block()
5640 pbkdf2->password_length, in psa_key_derivation_pbkdf2_generate_block()
5644 if (status != PSA_SUCCESS) { in psa_key_derivation_pbkdf2_generate_block()
5654 return status; in psa_key_derivation_pbkdf2_generate_block()
5663 psa_status_t status; in psa_key_derivation_pbkdf2_read() local
5667 psa_set_key_bits(&attributes, PSA_BYTES_TO_BITS(pbkdf2->password_length)); in psa_key_derivation_pbkdf2_read()
5682 switch (pbkdf2->state) { in psa_key_derivation_pbkdf2_read()
5685 pbkdf2->bytes_used = prf_output_length; in psa_key_derivation_pbkdf2_read()
5686 pbkdf2->state = PSA_PBKDF2_STATE_OUTPUT; in psa_key_derivation_pbkdf2_read()
5695 uint8_t n = prf_output_length - pbkdf2->bytes_used; in psa_key_derivation_pbkdf2_read()
5699 memcpy(output, pbkdf2->output_block + pbkdf2->bytes_used, n); in psa_key_derivation_pbkdf2_read()
5701 output_length -= n; in psa_key_derivation_pbkdf2_read()
5702 pbkdf2->bytes_used += n; in psa_key_derivation_pbkdf2_read()
5709 pbkdf2->bytes_used = 0; in psa_key_derivation_pbkdf2_read()
5710 pbkdf2->block_number++; in psa_key_derivation_pbkdf2_read()
5712 status = psa_key_derivation_pbkdf2_generate_block(pbkdf2, prf_alg, in psa_key_derivation_pbkdf2_read()
5715 if (status != PSA_SUCCESS) { in psa_key_derivation_pbkdf2_read()
5716 return status; in psa_key_derivation_pbkdf2_read()
5729 psa_status_t status; in psa_key_derivation_output_bytes() local
5732 if (operation->alg == 0) { in psa_key_derivation_output_bytes()
5737 if (output_length > operation->capacity) { in psa_key_derivation_output_bytes()
5738 operation->capacity = 0; in psa_key_derivation_output_bytes()
5741 status = PSA_ERROR_INSUFFICIENT_DATA; in psa_key_derivation_output_bytes()
5742 goto exit; in psa_key_derivation_output_bytes()
5744 if (output_length == 0 && operation->capacity == 0) { in psa_key_derivation_output_bytes()
5753 operation->capacity -= output_length; in psa_key_derivation_output_bytes()
5757 status = psa_key_derivation_hkdf_read(&operation->ctx.hkdf, kdf_alg, in psa_key_derivation_output_bytes()
5765 status = psa_key_derivation_tls12_prf_read(&operation->ctx.tls12_prf, in psa_key_derivation_output_bytes()
5773 status = psa_key_derivation_tls12_ecjpake_to_pms_read( in psa_key_derivation_output_bytes()
5774 &operation->ctx.tls12_ecjpake_to_pms, output, output_length); in psa_key_derivation_output_bytes()
5779 status = psa_key_derivation_pbkdf2_read(&operation->ctx.pbkdf2, kdf_alg, in psa_key_derivation_output_bytes()
5789 exit: in psa_key_derivation_output_bytes()
5790 if (status != PSA_SUCCESS) { in psa_key_derivation_output_bytes()
5795 psa_algorithm_t alg = operation->alg; in psa_key_derivation_output_bytes()
5797 operation->alg = alg; in psa_key_derivation_output_bytes()
5800 return status; in psa_key_derivation_output_bytes()
5821 * in the range [1, N - 1], where N is the boundary of the private key domain:
5822 * N is the prime p for Diffie-Hellman, or the order of the
5825 * Let m be the bit size of N, such that 2^m > N >= 2^(m-1).
5830 * (8 * ceiling(m/8) - m) bits of the first byte in the string to zero.
5831 * 3. Convert the string to integer k by decoding it as a big-endian byte string.
5832 * 4. If k > N - 2, discard the result and return to step 1.
5836 * Key-Pair Generation by Testing Candidates in the following publications:
5837 * - NIST Special Publication 800-56A: Recommendation for Pair-Wise Key-Establishment
5838 * Schemes Using Discrete Logarithm Cryptography [SP800-56A] §5.6.1.1.4 for
5839 * Diffie-Hellman keys.
5841 * - [SP800-56A] §5.6.1.2.2 or FIPS Publication 186-4: Digital Signature
5842 * Standard (DSS) [FIPS186-4] §B.4.2 for elliptic curve keys.
5860 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; in psa_generate_derived_ecc_key_weierstrass_helper() local
5868 slot->attr.type); in psa_generate_derived_ecc_key_weierstrass_helper()
5888 /* Calculate N - 2 - it will be needed later. */ in psa_generate_derived_ecc_key_weierstrass_helper()
5901 if ((status = psa_key_derivation_output_bytes(operation, *data, m_bytes)) != 0) { in psa_generate_derived_ecc_key_weierstrass_helper()
5908 * (8 * ceiling(m/8) - m) bits of the first byte in in psa_generate_derived_ecc_key_weierstrass_helper()
5911 uint8_t clear_bit_mask = (1 << (m % 8)) - 1; in psa_generate_derived_ecc_key_weierstrass_helper()
5916 * big-endian byte string. in psa_generate_derived_ecc_key_weierstrass_helper()
5920 /* 4. If k > N - 2, discard the result and return to step 1. in psa_generate_derived_ecc_key_weierstrass_helper()
5932 status = mbedtls_to_psa_error(ret); in psa_generate_derived_ecc_key_weierstrass_helper()
5934 if (status != PSA_SUCCESS) { in psa_generate_derived_ecc_key_weierstrass_helper()
5940 return status; in psa_generate_derived_ecc_key_weierstrass_helper()
5946 * - Curve25519 (PSA_ECC_FAMILY_MONTGOMERY, 255 bits):
5947 * draw a 32-byte string and process it as specified in
5950 * - Curve448 (PSA_ECC_FAMILY_MONTGOMERY, 448 bits):
5951 * draw a 56-byte string and process it as specified in [RFC7748] §5.
5964 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; in psa_generate_derived_ecc_key_montgomery_helper() local
5984 status = psa_key_derivation_output_bytes(operation, *data, output_length); in psa_generate_derived_ecc_key_montgomery_helper()
5986 if (status != PSA_SUCCESS) { in psa_generate_derived_ecc_key_montgomery_helper()
5987 return status; in psa_generate_derived_ecc_key_montgomery_helper()
6005 return status; in psa_generate_derived_ecc_key_montgomery_helper()
6038 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; in psa_generate_derived_key_internal() local
6041 if (PSA_KEY_TYPE_IS_PUBLIC_KEY(slot->attr.type)) { in psa_generate_derived_key_internal()
6047 if (PSA_KEY_TYPE_IS_ECC(slot->attr.type)) { in psa_generate_derived_key_internal()
6048 psa_ecc_family_t curve = PSA_KEY_TYPE_ECC_GET_FAMILY(slot->attr.type); in psa_generate_derived_key_internal()
6051 status = psa_generate_derived_ecc_key_weierstrass_helper(slot, bits, operation, &data); in psa_generate_derived_key_internal()
6052 if (status != PSA_SUCCESS) { in psa_generate_derived_key_internal()
6053 goto exit; in psa_generate_derived_key_internal()
6057 status = psa_generate_derived_ecc_key_montgomery_helper(bits, operation, &data); in psa_generate_derived_key_internal()
6058 if (status != PSA_SUCCESS) { in psa_generate_derived_key_internal()
6059 goto exit; in psa_generate_derived_key_internal()
6065 if (key_type_is_raw_bytes(slot->attr.type)) { in psa_generate_derived_key_internal()
6074 status = psa_key_derivation_output_bytes(operation, data, bytes); in psa_generate_derived_key_internal()
6075 if (status != PSA_SUCCESS) { in psa_generate_derived_key_internal()
6076 goto exit; in psa_generate_derived_key_internal()
6079 if (slot->attr.type == PSA_KEY_TYPE_DES) { in psa_generate_derived_key_internal()
6087 slot->attr.bits = (psa_key_bits_t) bits; in psa_generate_derived_key_internal()
6089 .core = slot->attr in psa_generate_derived_key_internal()
6093 status = psa_driver_wrapper_get_key_buffer_size(&attributes, in psa_generate_derived_key_internal()
6095 if (status != PSA_SUCCESS) { in psa_generate_derived_key_internal()
6096 goto exit; in psa_generate_derived_key_internal()
6099 status = psa_allocate_buffer_to_slot(slot, storage_size); in psa_generate_derived_key_internal()
6100 if (status != PSA_SUCCESS) { in psa_generate_derived_key_internal()
6101 goto exit; in psa_generate_derived_key_internal()
6104 status = psa_driver_wrapper_import_key(&attributes, in psa_generate_derived_key_internal()
6106 slot->key.data, in psa_generate_derived_key_internal()
6107 slot->key.bytes, in psa_generate_derived_key_internal()
6108 &slot->key.bytes, &bits); in psa_generate_derived_key_internal()
6109 if (bits != slot->attr.bits) { in psa_generate_derived_key_internal()
6110 status = PSA_ERROR_INVALID_ARGUMENT; in psa_generate_derived_key_internal()
6113 exit: in psa_generate_derived_key_internal()
6115 return status; in psa_generate_derived_key_internal()
6122 psa_status_t status; in psa_key_derivation_output_key() local
6128 /* Reject any attempt to create a zero-length key so that we don't in psa_key_derivation_output_key()
6134 if (operation->alg == PSA_ALG_NONE) { in psa_key_derivation_output_key()
6138 if (!operation->can_output_key) { in psa_key_derivation_output_key()
6142 status = psa_start_key_creation(PSA_KEY_CREATION_DERIVE, attributes, in psa_key_derivation_output_key()
6147 status = PSA_ERROR_NOT_SUPPORTED; in psa_key_derivation_output_key()
6150 if (status == PSA_SUCCESS) { in psa_key_derivation_output_key()
6151 status = psa_generate_derived_key_internal(slot, in psa_key_derivation_output_key()
6152 attributes->core.bits, in psa_key_derivation_output_key()
6155 if (status == PSA_SUCCESS) { in psa_key_derivation_output_key()
6156 status = psa_finish_key_creation(slot, driver, key); in psa_key_derivation_output_key()
6158 if (status != PSA_SUCCESS) { in psa_key_derivation_output_key()
6162 return status; in psa_key_derivation_output_key()
6220 psa_status_t status = psa_hash_setup(&operation, alg); in psa_hash_try_support() local
6222 return status; in psa_hash_try_support()
6229 /* Make sure that operation->ctx is properly zero-initialised. (Macro in psa_key_derivation_setup_kdf()
6231 memset(&operation->ctx, 0, sizeof(operation->ctx)); in psa_key_derivation_setup_kdf()
6253 * risk-prone. */ in psa_key_derivation_setup_kdf()
6254 psa_status_t status = psa_hash_try_support(hash_alg); in psa_key_derivation_setup_kdf() local
6255 if (status != PSA_SUCCESS) { in psa_key_derivation_setup_kdf()
6256 return status; in psa_key_derivation_setup_kdf()
6269 operation->capacity = hash_size; in psa_key_derivation_setup_kdf()
6273 operation->capacity = 255 * hash_size; in psa_key_derivation_setup_kdf()
6309 psa_status_t status; in psa_key_derivation_setup() local
6311 if (operation->alg != 0) { in psa_key_derivation_setup()
6321 status = psa_key_agreement_try_support(ka_alg); in psa_key_derivation_setup()
6322 if (status != PSA_SUCCESS) { in psa_key_derivation_setup()
6323 return status; in psa_key_derivation_setup()
6328 status = psa_key_derivation_setup_kdf(operation, kdf_alg); in psa_key_derivation_setup()
6334 status = psa_key_derivation_setup_kdf(operation, alg); in psa_key_derivation_setup()
6342 if (status == PSA_SUCCESS) { in psa_key_derivation_setup()
6343 operation->alg = alg; in psa_key_derivation_setup()
6345 return status; in psa_key_derivation_setup()
6356 psa_status_t status; in psa_hkdf_input() local
6364 if (hkdf->state != HKDF_STATE_INIT) { in psa_hkdf_input()
6367 status = psa_key_derivation_start_hmac(&hkdf->hmac, in psa_hkdf_input()
6370 if (status != PSA_SUCCESS) { in psa_hkdf_input()
6371 return status; in psa_hkdf_input()
6373 hkdf->state = HKDF_STATE_STARTED; in psa_hkdf_input()
6383 if (hkdf->state != HKDF_STATE_INIT) { in psa_hkdf_input()
6392 memcpy(hkdf->prk, data, data_length); in psa_hkdf_input()
6397 * HKDF-EXTRACT: salt is mandatory. */ in psa_hkdf_input()
6398 if (hkdf->state == HKDF_STATE_INIT) { in psa_hkdf_input()
6404 status = psa_key_derivation_start_hmac(&hkdf->hmac, in psa_hkdf_input()
6407 if (status != PSA_SUCCESS) { in psa_hkdf_input()
6408 return status; in psa_hkdf_input()
6410 hkdf->state = HKDF_STATE_STARTED; in psa_hkdf_input()
6412 if (hkdf->state != HKDF_STATE_STARTED) { in psa_hkdf_input()
6415 status = psa_mac_update(&hkdf->hmac, in psa_hkdf_input()
6417 if (status != PSA_SUCCESS) { in psa_hkdf_input()
6418 return status; in psa_hkdf_input()
6420 status = psa_mac_sign_finish(&hkdf->hmac, in psa_hkdf_input()
6421 hkdf->prk, in psa_hkdf_input()
6422 sizeof(hkdf->prk), in psa_hkdf_input()
6424 if (status != PSA_SUCCESS) { in psa_hkdf_input()
6425 return status; in psa_hkdf_input()
6429 hkdf->state = HKDF_STATE_KEYED; in psa_hkdf_input()
6430 hkdf->block_number = 0; in psa_hkdf_input()
6434 memcpy(hkdf->output_block, hkdf->prk, PSA_HASH_LENGTH(hash_alg)); in psa_hkdf_input()
6435 hkdf->offset_in_block = 0; in psa_hkdf_input()
6441 hkdf->offset_in_block = PSA_HASH_LENGTH(hash_alg); in psa_hkdf_input()
6453 hkdf->state == HKDF_STATE_INIT) { in psa_hkdf_input()
6457 if (hkdf->state == HKDF_STATE_OUTPUT) { in psa_hkdf_input()
6460 if (hkdf->info_set) { in psa_hkdf_input()
6463 hkdf->info_length = data_length; in psa_hkdf_input()
6465 hkdf->info = mbedtls_calloc(1, data_length); in psa_hkdf_input()
6466 if (hkdf->info == NULL) { in psa_hkdf_input()
6469 memcpy(hkdf->info, data, data_length); in psa_hkdf_input()
6471 hkdf->info_set = 1; in psa_hkdf_input()
6485 if (prf->state != PSA_TLS12_PRF_STATE_INIT) { in psa_tls12_prf_set_seed()
6490 prf->seed = mbedtls_calloc(1, data_length); in psa_tls12_prf_set_seed()
6491 if (prf->seed == NULL) { in psa_tls12_prf_set_seed()
6495 memcpy(prf->seed, data, data_length); in psa_tls12_prf_set_seed()
6496 prf->seed_length = data_length; in psa_tls12_prf_set_seed()
6499 prf->state = PSA_TLS12_PRF_STATE_SEED_SET; in psa_tls12_prf_set_seed()
6508 if (prf->state != PSA_TLS12_PRF_STATE_SEED_SET && in psa_tls12_prf_set_key()
6509 prf->state != PSA_TLS12_PRF_STATE_OTHER_KEY_SET) { in psa_tls12_prf_set_key()
6514 prf->secret = mbedtls_calloc(1, data_length); in psa_tls12_prf_set_key()
6515 if (prf->secret == NULL) { in psa_tls12_prf_set_key()
6519 memcpy(prf->secret, data, data_length); in psa_tls12_prf_set_key()
6520 prf->secret_length = data_length; in psa_tls12_prf_set_key()
6523 prf->state = PSA_TLS12_PRF_STATE_KEY_SET; in psa_tls12_prf_set_key()
6532 if (prf->state != PSA_TLS12_PRF_STATE_KEY_SET) { in psa_tls12_prf_set_label()
6537 prf->label = mbedtls_calloc(1, data_length); in psa_tls12_prf_set_label()
6538 if (prf->label == NULL) { in psa_tls12_prf_set_label()
6542 memcpy(prf->label, data, data_length); in psa_tls12_prf_set_label()
6543 prf->label_length = data_length; in psa_tls12_prf_set_label()
6546 prf->state = PSA_TLS12_PRF_STATE_LABEL_SET; in psa_tls12_prf_set_label()
6576 psa_status_t status; in psa_tls12_prf_psk_to_ms_set_key() local
6577 const size_t pms_len = (prf->state == PSA_TLS12_PRF_STATE_OTHER_KEY_SET ? in psa_tls12_prf_psk_to_ms_set_key()
6578 4 + data_length + prf->other_secret_length : in psa_tls12_prf_psk_to_ms_set_key()
6591 /* pure-PSK: in psa_tls12_prf_psk_to_ms_set_key()
6598 * mixed-PSK: in psa_tls12_prf_psk_to_ms_set_key()
6599 * In a DHE-PSK, RSA-PSK, ECDHE-PSK the premaster secret is formed as in psa_tls12_prf_psk_to_ms_set_key()
6604 * - RFC 4279, Section 4 for the definition of RSA-PSK, in psa_tls12_prf_psk_to_ms_set_key()
6605 * - RFC 4279, Section 3 for the definition of DHE-PSK, in psa_tls12_prf_psk_to_ms_set_key()
6606 * - RFC 5489 for the definition of ECDHE-PSK. in psa_tls12_prf_psk_to_ms_set_key()
6609 if (prf->state == PSA_TLS12_PRF_STATE_OTHER_KEY_SET) { in psa_tls12_prf_psk_to_ms_set_key()
6610 *cur++ = MBEDTLS_BYTE_1(prf->other_secret_length); in psa_tls12_prf_psk_to_ms_set_key()
6611 *cur++ = MBEDTLS_BYTE_0(prf->other_secret_length); in psa_tls12_prf_psk_to_ms_set_key()
6612 if (prf->other_secret_length != 0) { in psa_tls12_prf_psk_to_ms_set_key()
6613 memcpy(cur, prf->other_secret, prf->other_secret_length); in psa_tls12_prf_psk_to_ms_set_key()
6614 mbedtls_platform_zeroize(prf->other_secret, prf->other_secret_length); in psa_tls12_prf_psk_to_ms_set_key()
6615 cur += prf->other_secret_length; in psa_tls12_prf_psk_to_ms_set_key()
6629 status = psa_tls12_prf_set_key(prf, pms, cur - pms); in psa_tls12_prf_psk_to_ms_set_key()
6632 return status; in psa_tls12_prf_psk_to_ms_set_key()
6640 if (prf->state != PSA_TLS12_PRF_STATE_SEED_SET) { in psa_tls12_prf_psk_to_ms_set_other_key()
6645 prf->other_secret = mbedtls_calloc(1, data_length); in psa_tls12_prf_psk_to_ms_set_other_key()
6646 if (prf->other_secret == NULL) { in psa_tls12_prf_psk_to_ms_set_other_key()
6650 memcpy(prf->other_secret, data, data_length); in psa_tls12_prf_psk_to_ms_set_other_key()
6651 prf->other_secret_length = data_length; in psa_tls12_prf_psk_to_ms_set_other_key()
6653 prf->other_secret_length = 0; in psa_tls12_prf_psk_to_ms_set_other_key()
6656 prf->state = PSA_TLS12_PRF_STATE_OTHER_KEY_SET; in psa_tls12_prf_psk_to_ms_set_other_key()
6702 /* Only K.X has to be extracted - bytes 1 to 32 inclusive. */ in psa_tls12_ecjpake_to_pms_input()
6703 memcpy(ecjpake->data, data + 1, PSA_TLS12_ECJPAKE_TO_PMS_DATA_SIZE); in psa_tls12_ecjpake_to_pms_input()
6719 if (pbkdf2->state != PSA_PBKDF2_STATE_INIT) { in psa_pbkdf2_set_input_cost()
6731 pbkdf2->input_cost = data; in psa_pbkdf2_set_input_cost()
6732 pbkdf2->state = PSA_PBKDF2_STATE_INPUT_COST_SET; in psa_pbkdf2_set_input_cost()
6741 if (pbkdf2->state == PSA_PBKDF2_STATE_INPUT_COST_SET) { in psa_pbkdf2_set_salt()
6742 pbkdf2->state = PSA_PBKDF2_STATE_SALT_SET; in psa_pbkdf2_set_salt()
6743 } else if (pbkdf2->state == PSA_PBKDF2_STATE_SALT_SET) { in psa_pbkdf2_set_salt()
6754 next_salt = mbedtls_calloc(1, data_length + pbkdf2->salt_length); in psa_pbkdf2_set_salt()
6759 if (pbkdf2->salt_length != 0) { in psa_pbkdf2_set_salt()
6760 memcpy(next_salt, pbkdf2->salt, pbkdf2->salt_length); in psa_pbkdf2_set_salt()
6762 memcpy(next_salt + pbkdf2->salt_length, data, data_length); in psa_pbkdf2_set_salt()
6763 pbkdf2->salt_length += data_length; in psa_pbkdf2_set_salt()
6764 mbedtls_free(pbkdf2->salt); in psa_pbkdf2_set_salt()
6765 pbkdf2->salt = next_salt; in psa_pbkdf2_set_salt()
6777 psa_status_t status = PSA_SUCCESS; in psa_pbkdf2_hmac_set_password() local
6779 status = psa_hash_compute(hash_alg, input, input_len, output, in psa_pbkdf2_hmac_set_password()
6785 return status; in psa_pbkdf2_hmac_set_password()
6795 psa_status_t status = PSA_SUCCESS; in psa_pbkdf2_cmac_set_password() local
6804 * on success. See https://github.com/Mbed-TLS/mbedtls/issues/7801 */ in psa_pbkdf2_cmac_set_password()
6805 status = psa_driver_wrapper_mac_compute(&attributes, in psa_pbkdf2_cmac_set_password()
6817 return status; in psa_pbkdf2_cmac_set_password()
6826 psa_status_t status = PSA_SUCCESS; in psa_pbkdf2_set_password() local
6827 if (pbkdf2->state != PSA_PBKDF2_STATE_SALT_SET) { in psa_pbkdf2_set_password()
6834 status = psa_pbkdf2_hmac_set_password(hash_alg, data, data_length, in psa_pbkdf2_set_password()
6835 pbkdf2->password, in psa_pbkdf2_set_password()
6836 &pbkdf2->password_length); in psa_pbkdf2_set_password()
6841 status = psa_pbkdf2_cmac_set_password(data, data_length, in psa_pbkdf2_set_password()
6842 pbkdf2->password, in psa_pbkdf2_set_password()
6843 &pbkdf2->password_length); in psa_pbkdf2_set_password()
6850 pbkdf2->state = PSA_PBKDF2_STATE_PASSWORD_SET; in psa_pbkdf2_set_password()
6852 return status; in psa_pbkdf2_set_password()
6876 * Non-secret inputs must have the type #PSA_KEY_TYPE_RAW_DATA.
6877 * Both secret and non-secret inputs can alternatively have the type
6935 psa_status_t status; in psa_key_derivation_input_internal() local
6938 status = psa_key_derivation_check_input_type(step, key_type); in psa_key_derivation_input_internal()
6939 if (status != PSA_SUCCESS) { in psa_key_derivation_input_internal()
6940 goto exit; in psa_key_derivation_input_internal()
6945 status = psa_hkdf_input(&operation->ctx.hkdf, kdf_alg, in psa_key_derivation_input_internal()
6951 status = psa_tls12_prf_input(&operation->ctx.tls12_prf, in psa_key_derivation_input_internal()
6957 status = psa_tls12_prf_psk_to_ms_input(&operation->ctx.tls12_prf, in psa_key_derivation_input_internal()
6963 status = psa_tls12_ecjpake_to_pms_input( in psa_key_derivation_input_internal()
6964 &operation->ctx.tls12_ecjpake_to_pms, step, data, data_length); in psa_key_derivation_input_internal()
6969 status = psa_pbkdf2_input(&operation->ctx.pbkdf2, kdf_alg, in psa_key_derivation_input_internal()
6981 exit: in psa_key_derivation_input_internal()
6982 if (status != PSA_SUCCESS) { in psa_key_derivation_input_internal()
6985 return status; in psa_key_derivation_input_internal()
6993 psa_status_t status; in psa_key_derivation_input_integer_internal() local
6998 status = psa_pbkdf2_set_input_cost( in psa_key_derivation_input_integer_internal()
6999 &operation->ctx.pbkdf2, step, value); in psa_key_derivation_input_integer_internal()
7006 status = PSA_ERROR_INVALID_ARGUMENT; in psa_key_derivation_input_integer_internal()
7009 if (status != PSA_SUCCESS) { in psa_key_derivation_input_integer_internal()
7012 return status; in psa_key_derivation_input_integer_internal()
7039 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; in psa_key_derivation_input_key() local
7043 status = psa_get_and_lock_transparent_key_slot_with_policy( in psa_key_derivation_input_key()
7044 key, &slot, PSA_KEY_USAGE_DERIVE, operation->alg); in psa_key_derivation_input_key()
7045 if (status != PSA_SUCCESS) { in psa_key_derivation_input_key()
7047 return status; in psa_key_derivation_input_key()
7054 operation->can_output_key = 1; in psa_key_derivation_input_key()
7057 status = psa_key_derivation_input_internal(operation, in psa_key_derivation_input_key()
7058 step, slot->attr.type, in psa_key_derivation_input_key()
7059 slot->key.data, in psa_key_derivation_input_key()
7060 slot->key.bytes); in psa_key_derivation_input_key()
7064 return (status == PSA_SUCCESS) ? unlock_status : status; in psa_key_derivation_input_key()
7122 * Fallback specified in the driver wrapper is built-in raw key agreement
7138 .core = private_key->attr in psa_key_agreement_raw_internal()
7142 private_key->key.data, in psa_key_agreement_raw_internal()
7143 private_key->key.bytes, alg, in psa_key_agreement_raw_internal()
7159 psa_status_t status; in psa_key_agreement_internal() local
7162 psa_algorithm_t ka_alg = PSA_ALG_KEY_AGREEMENT_GET_BASE(operation->alg); in psa_key_agreement_internal()
7166 status = psa_key_agreement_raw_internal(ka_alg, in psa_key_agreement_internal()
7172 if (status != PSA_SUCCESS) { in psa_key_agreement_internal()
7173 goto exit; in psa_key_agreement_internal()
7179 status = psa_key_derivation_input_internal(operation, step, in psa_key_agreement_internal()
7183 exit: in psa_key_agreement_internal()
7185 return status; in psa_key_agreement_internal()
7194 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; in psa_key_derivation_key_agreement() local
7198 if (!PSA_ALG_IS_KEY_AGREEMENT(operation->alg)) { in psa_key_derivation_key_agreement()
7201 status = psa_get_and_lock_transparent_key_slot_with_policy( in psa_key_derivation_key_agreement()
7202 private_key, &slot, PSA_KEY_USAGE_DERIVE, operation->alg); in psa_key_derivation_key_agreement()
7203 if (status != PSA_SUCCESS) { in psa_key_derivation_key_agreement()
7204 return status; in psa_key_derivation_key_agreement()
7206 status = psa_key_agreement_internal(operation, step, in psa_key_derivation_key_agreement()
7209 if (status != PSA_SUCCESS) { in psa_key_derivation_key_agreement()
7215 operation->can_output_key = 1; in psa_key_derivation_key_agreement()
7221 return (status == PSA_SUCCESS) ? unlock_status : status; in psa_key_derivation_key_agreement()
7232 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; in psa_raw_key_agreement() local
7238 status = PSA_ERROR_INVALID_ARGUMENT; in psa_raw_key_agreement()
7239 goto exit; in psa_raw_key_agreement()
7241 status = psa_get_and_lock_transparent_key_slot_with_policy( in psa_raw_key_agreement()
7243 if (status != PSA_SUCCESS) { in psa_raw_key_agreement()
7244 goto exit; in psa_raw_key_agreement()
7256 PSA_RAW_KEY_AGREEMENT_OUTPUT_SIZE(slot->attr.type, slot->attr.bits); in psa_raw_key_agreement()
7258 status = PSA_ERROR_BUFFER_TOO_SMALL; in psa_raw_key_agreement()
7259 goto exit; in psa_raw_key_agreement()
7262 status = psa_key_agreement_raw_internal(alg, slot, in psa_raw_key_agreement()
7267 exit: in psa_raw_key_agreement()
7268 if (status != PSA_SUCCESS) { in psa_raw_key_agreement()
7282 return (status == PSA_SUCCESS) ? unlock_status : status; in psa_raw_key_agreement()
7305 if (rng->entropy_init == NULL) { in mbedtls_psa_random_init()
7306 rng->entropy_init = mbedtls_entropy_init; in mbedtls_psa_random_init()
7308 if (rng->entropy_free == NULL) { in mbedtls_psa_random_init()
7309 rng->entropy_free = mbedtls_entropy_free; in mbedtls_psa_random_init()
7312 rng->entropy_init(&rng->entropy); in mbedtls_psa_random_init()
7317 mbedtls_entropy_add_source(&rng->entropy, in mbedtls_psa_random_init()
7335 rng->entropy_free(&rng->entropy); in mbedtls_psa_random_free()
7349 int ret = mbedtls_psa_drbg_seed(&rng->entropy, in mbedtls_psa_random_seed()
7350 drbg_seed, sizeof(drbg_seed) - 1); in mbedtls_psa_random_seed()
7363 psa_status_t status = mbedtls_psa_external_get_random(&global_data.rng, in psa_generate_random() local
7366 if (status != PSA_SUCCESS) { in psa_generate_random()
7367 return status; in psa_generate_random()
7388 output_size -= request_size; in psa_generate_random()
7401 * In the non-external case, psa_generate_random() calls an
7404 * instead of doing this back-and-forth between the PSA API and the
7419 psa_status_t status = psa_generate_random(output, output_size); in mbedtls_psa_get_random() local
7420 if (status == PSA_SUCCESS) { in mbedtls_psa_get_random()
7462 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; in psa_validate_key_type_and_size_for_key_generation() local
7465 status = psa_validate_unstructured_key_bit_size(type, bits); in psa_validate_key_type_and_size_for_key_generation()
7466 if (status != PSA_SUCCESS) { in psa_validate_key_type_and_size_for_key_generation()
7467 return status; in psa_validate_key_type_and_size_for_key_generation()
7479 /* Accept only byte-aligned keys, for the same reasons as in psa_validate_key_type_and_size_for_key_generation()
7512 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; in psa_generate_key_internal() local
7513 psa_key_type_t type = attributes->core.type; in psa_generate_key_internal()
7515 if ((attributes->domain_parameters == NULL) && in psa_generate_key_internal()
7516 (attributes->domain_parameters_size != 0)) { in psa_generate_key_internal()
7521 status = psa_generate_random(key_buffer, key_buffer_size); in psa_generate_key_internal()
7522 if (status != PSA_SUCCESS) { in psa_generate_key_internal()
7523 return status; in psa_generate_key_internal()
7570 psa_status_t status; in psa_generate_key() local
7577 /* Reject any attempt to create a zero-length key so that we don't in psa_generate_key()
7584 if (PSA_KEY_TYPE_IS_PUBLIC_KEY(attributes->core.type)) { in psa_generate_key()
7588 status = psa_start_key_creation(PSA_KEY_CREATION_GENERATE, attributes, in psa_generate_key()
7590 if (status != PSA_SUCCESS) { in psa_generate_key()
7591 goto exit; in psa_generate_key()
7598 if (slot->key.data == NULL) { in psa_generate_key()
7599 if (PSA_KEY_LIFETIME_GET_LOCATION(attributes->core.lifetime) == in psa_generate_key()
7601 status = psa_validate_key_type_and_size_for_key_generation( in psa_generate_key()
7602 attributes->core.type, attributes->core.bits); in psa_generate_key()
7603 if (status != PSA_SUCCESS) { in psa_generate_key()
7604 goto exit; in psa_generate_key()
7608 attributes->core.type, in psa_generate_key()
7609 attributes->core.bits); in psa_generate_key()
7611 status = psa_driver_wrapper_get_key_buffer_size( in psa_generate_key()
7613 if (status != PSA_SUCCESS) { in psa_generate_key()
7614 goto exit; in psa_generate_key()
7618 status = psa_allocate_buffer_to_slot(slot, key_buffer_size); in psa_generate_key()
7619 if (status != PSA_SUCCESS) { in psa_generate_key()
7620 goto exit; in psa_generate_key()
7624 status = psa_driver_wrapper_generate_key(attributes, in psa_generate_key()
7625 slot->key.data, slot->key.bytes, &slot->key.bytes); in psa_generate_key()
7627 if (status != PSA_SUCCESS) { in psa_generate_key()
7631 exit: in psa_generate_key()
7632 if (status == PSA_SUCCESS) { in psa_generate_key()
7633 status = psa_finish_key_creation(slot, driver, key); in psa_generate_key()
7635 if (status != PSA_SUCCESS) { in psa_generate_key()
7639 return status; in psa_generate_key()
7679 * returns. If this function returns a failure status, the initialization
7685 switch (transaction->unknown.type) { in psa_crypto_recover_transaction()
7688 /* TODO - fall through to the failure case until this in psa_crypto_recover_transaction()
7690 * https://github.com/ARMmbed/mbed-crypto/issues/218 in psa_crypto_recover_transaction()
7702 psa_status_t status; in psa_crypto_init() local
7710 status = psa_driver_wrapper_init(); in psa_crypto_init()
7711 if (status != PSA_SUCCESS) { in psa_crypto_init()
7712 goto exit; in psa_crypto_init()
7719 status = mbedtls_psa_random_seed(&global_data.rng); in psa_crypto_init()
7720 if (status != PSA_SUCCESS) { in psa_crypto_init()
7721 goto exit; in psa_crypto_init()
7725 status = psa_initialize_key_slots(); in psa_crypto_init()
7726 if (status != PSA_SUCCESS) { in psa_crypto_init()
7727 goto exit; in psa_crypto_init()
7731 status = psa_crypto_load_transaction(); in psa_crypto_init()
7732 if (status == PSA_SUCCESS) { in psa_crypto_init()
7733 status = psa_crypto_recover_transaction(&psa_crypto_transaction); in psa_crypto_init()
7734 if (status != PSA_SUCCESS) { in psa_crypto_init()
7735 goto exit; in psa_crypto_init()
7737 status = psa_crypto_stop_transaction(); in psa_crypto_init()
7738 } else if (status == PSA_ERROR_DOES_NOT_EXIST) { in psa_crypto_init()
7740 status = PSA_SUCCESS; in psa_crypto_init()
7747 exit: in psa_crypto_init()
7748 if (status != PSA_SUCCESS) { in psa_crypto_init()
7751 return status; in psa_crypto_init()
7759 if (inputs->password_len == 0) { in psa_crypto_driver_pake_get_password_len()
7763 *password_len = inputs->password_len; in psa_crypto_driver_pake_get_password_len()
7772 if (inputs->password_len == 0) { in psa_crypto_driver_pake_get_password()
7776 if (buffer_size < inputs->password_len) { in psa_crypto_driver_pake_get_password()
7780 memcpy(buffer, inputs->password, inputs->password_len); in psa_crypto_driver_pake_get_password()
7781 *buffer_length = inputs->password_len; in psa_crypto_driver_pake_get_password()
7790 if (inputs->user_len == 0) { in psa_crypto_driver_pake_get_user_len()
7794 *user_len = inputs->user_len; in psa_crypto_driver_pake_get_user_len()
7803 if (inputs->user_len == 0) { in psa_crypto_driver_pake_get_user()
7807 if (user_id_size < inputs->user_len) { in psa_crypto_driver_pake_get_user()
7811 memcpy(user_id, inputs->user, inputs->user_len); in psa_crypto_driver_pake_get_user()
7812 *user_id_len = inputs->user_len; in psa_crypto_driver_pake_get_user()
7821 if (inputs->peer_len == 0) { in psa_crypto_driver_pake_get_peer_len()
7825 *peer_len = inputs->peer_len; in psa_crypto_driver_pake_get_peer_len()
7834 if (inputs->peer_len == 0) { in psa_crypto_driver_pake_get_peer()
7838 if (peer_id_size < inputs->peer_len) { in psa_crypto_driver_pake_get_peer()
7842 memcpy(peer_id, inputs->peer, inputs->peer_len); in psa_crypto_driver_pake_get_peer()
7843 *peer_id_length = inputs->peer_len; in psa_crypto_driver_pake_get_peer()
7852 if (inputs->cipher_suite.algorithm == PSA_ALG_NONE) { in psa_crypto_driver_pake_get_cipher_suite()
7856 *cipher_suite = inputs->cipher_suite; in psa_crypto_driver_pake_get_cipher_suite()
7865 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; in psa_pake_setup() local
7867 if (operation->stage != PSA_PAKE_OPERATION_STAGE_SETUP) { in psa_pake_setup()
7868 status = PSA_ERROR_BAD_STATE; in psa_pake_setup()
7869 goto exit; in psa_pake_setup()
7872 if (PSA_ALG_IS_PAKE(cipher_suite->algorithm) == 0 || in psa_pake_setup()
7873 PSA_ALG_IS_HASH(cipher_suite->hash) == 0) { in psa_pake_setup()
7874 status = PSA_ERROR_INVALID_ARGUMENT; in psa_pake_setup()
7875 goto exit; in psa_pake_setup()
7878 memset(&operation->data.inputs, 0, sizeof(operation->data.inputs)); in psa_pake_setup()
7880 operation->alg = cipher_suite->algorithm; in psa_pake_setup()
7881 operation->primitive = PSA_PAKE_PRIMITIVE(cipher_suite->type, in psa_pake_setup()
7882 cipher_suite->family, cipher_suite->bits); in psa_pake_setup()
7883 operation->data.inputs.cipher_suite = *cipher_suite; in psa_pake_setup()
7886 if (operation->alg == PSA_ALG_JPAKE) { in psa_pake_setup()
7888 &operation->computation_stage.jpake; in psa_pake_setup()
7891 computation_stage->step = PSA_PAKE_STEP_KEY_SHARE; in psa_pake_setup()
7895 status = PSA_ERROR_NOT_SUPPORTED; in psa_pake_setup()
7896 goto exit; in psa_pake_setup()
7899 operation->stage = PSA_PAKE_OPERATION_STAGE_COLLECT_INPUTS; in psa_pake_setup()
7902 exit: in psa_pake_setup()
7904 return status; in psa_pake_setup()
7911 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; in psa_pake_set_password_key() local
7917 if (operation->stage != PSA_PAKE_OPERATION_STAGE_COLLECT_INPUTS) { in psa_pake_set_password_key()
7918 status = PSA_ERROR_BAD_STATE; in psa_pake_set_password_key()
7919 goto exit; in psa_pake_set_password_key()
7922 status = psa_get_and_lock_key_slot_with_policy(password, &slot, in psa_pake_set_password_key()
7924 operation->alg); in psa_pake_set_password_key()
7925 if (status != PSA_SUCCESS) { in psa_pake_set_password_key()
7926 goto exit; in psa_pake_set_password_key()
7930 .core = slot->attr in psa_pake_set_password_key()
7937 status = PSA_ERROR_INVALID_ARGUMENT; in psa_pake_set_password_key()
7938 goto exit; in psa_pake_set_password_key()
7941 operation->data.inputs.password = mbedtls_calloc(1, slot->key.bytes); in psa_pake_set_password_key()
7942 if (operation->data.inputs.password == NULL) { in psa_pake_set_password_key()
7943 status = PSA_ERROR_INSUFFICIENT_MEMORY; in psa_pake_set_password_key()
7944 goto exit; in psa_pake_set_password_key()
7947 memcpy(operation->data.inputs.password, slot->key.data, slot->key.bytes); in psa_pake_set_password_key()
7948 operation->data.inputs.password_len = slot->key.bytes; in psa_pake_set_password_key()
7949 operation->data.inputs.attributes = attributes; in psa_pake_set_password_key()
7950 exit: in psa_pake_set_password_key()
7951 if (status != PSA_SUCCESS) { in psa_pake_set_password_key()
7955 return (status == PSA_SUCCESS) ? unlock_status : status; in psa_pake_set_password_key()
7963 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; in psa_pake_set_user() local
7965 if (operation->stage != PSA_PAKE_OPERATION_STAGE_COLLECT_INPUTS) { in psa_pake_set_user()
7966 status = PSA_ERROR_BAD_STATE; in psa_pake_set_user()
7967 goto exit; in psa_pake_set_user()
7971 status = PSA_ERROR_INVALID_ARGUMENT; in psa_pake_set_user()
7972 goto exit; in psa_pake_set_user()
7975 if (operation->data.inputs.user_len != 0) { in psa_pake_set_user()
7976 status = PSA_ERROR_BAD_STATE; in psa_pake_set_user()
7977 goto exit; in psa_pake_set_user()
7980 operation->data.inputs.user = mbedtls_calloc(1, user_id_len); in psa_pake_set_user()
7981 if (operation->data.inputs.user == NULL) { in psa_pake_set_user()
7982 status = PSA_ERROR_INSUFFICIENT_MEMORY; in psa_pake_set_user()
7983 goto exit; in psa_pake_set_user()
7986 memcpy(operation->data.inputs.user, user_id, user_id_len); in psa_pake_set_user()
7987 operation->data.inputs.user_len = user_id_len; in psa_pake_set_user()
7990 exit: in psa_pake_set_user()
7992 return status; in psa_pake_set_user()
8000 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; in psa_pake_set_peer() local
8002 if (operation->stage != PSA_PAKE_OPERATION_STAGE_COLLECT_INPUTS) { in psa_pake_set_peer()
8003 status = PSA_ERROR_BAD_STATE; in psa_pake_set_peer()
8004 goto exit; in psa_pake_set_peer()
8008 status = PSA_ERROR_INVALID_ARGUMENT; in psa_pake_set_peer()
8009 goto exit; in psa_pake_set_peer()
8012 if (operation->data.inputs.peer_len != 0) { in psa_pake_set_peer()
8013 status = PSA_ERROR_BAD_STATE; in psa_pake_set_peer()
8014 goto exit; in psa_pake_set_peer()
8017 operation->data.inputs.peer = mbedtls_calloc(1, peer_id_len); in psa_pake_set_peer()
8018 if (operation->data.inputs.peer == NULL) { in psa_pake_set_peer()
8019 status = PSA_ERROR_INSUFFICIENT_MEMORY; in psa_pake_set_peer()
8020 goto exit; in psa_pake_set_peer()
8023 memcpy(operation->data.inputs.peer, peer_id, peer_id_len); in psa_pake_set_peer()
8024 operation->data.inputs.peer_len = peer_id_len; in psa_pake_set_peer()
8027 exit: in psa_pake_set_peer()
8029 return status; in psa_pake_set_peer()
8036 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; in psa_pake_set_role() local
8038 if (operation->stage != PSA_PAKE_OPERATION_STAGE_COLLECT_INPUTS) { in psa_pake_set_role()
8039 status = PSA_ERROR_BAD_STATE; in psa_pake_set_role()
8040 goto exit; in psa_pake_set_role()
8043 switch (operation->alg) { in psa_pake_set_role()
8049 status = PSA_ERROR_INVALID_ARGUMENT; in psa_pake_set_role()
8054 status = PSA_ERROR_NOT_SUPPORTED; in psa_pake_set_role()
8055 goto exit; in psa_pake_set_role()
8057 exit: in psa_pake_set_role()
8059 return status; in psa_pake_set_role()
8068 if (stage->round == PSA_JPAKE_FIRST) { in convert_jpake_computation_stage_to_driver_step()
8071 if (stage->io_mode == PSA_JPAKE_OUTPUT) { in convert_jpake_computation_stage_to_driver_step()
8072 is_x1 = (stage->outputs < 1); in convert_jpake_computation_stage_to_driver_step()
8074 is_x1 = (stage->inputs < 1); in convert_jpake_computation_stage_to_driver_step()
8080 } else if (stage->round == PSA_JPAKE_SECOND) { in convert_jpake_computation_stage_to_driver_step()
8081 key_share_step = (stage->io_mode == PSA_JPAKE_OUTPUT) ? in convert_jpake_computation_stage_to_driver_step()
8087 return (psa_crypto_driver_pake_step_t) (key_share_step + stage->step - PSA_PAKE_STEP_KEY_SHARE); in convert_jpake_computation_stage_to_driver_step()
8094 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; in psa_pake_complete_inputs() local
8097 psa_crypto_driver_pake_inputs_t inputs = operation->data.inputs; in psa_pake_complete_inputs()
8103 if (operation->alg == PSA_ALG_JPAKE) { in psa_pake_complete_inputs()
8110 mbedtls_platform_zeroize(&operation->data, sizeof(operation->data)); in psa_pake_complete_inputs()
8112 status = psa_driver_wrapper_pake_setup(operation, &inputs); in psa_pake_complete_inputs()
8121 if (status == PSA_SUCCESS) { in psa_pake_complete_inputs()
8123 if (operation->alg == PSA_ALG_JPAKE) { in psa_pake_complete_inputs()
8124 operation->stage = PSA_PAKE_OPERATION_STAGE_COMPUTATION; in psa_pake_complete_inputs()
8128 status = PSA_ERROR_NOT_SUPPORTED; in psa_pake_complete_inputs()
8131 return status; in psa_pake_complete_inputs()
8147 &operation->computation_stage.jpake; in psa_jpake_prologue()
8149 if (computation_stage->round != PSA_JPAKE_FIRST && in psa_jpake_prologue()
8150 computation_stage->round != PSA_JPAKE_SECOND) { in psa_jpake_prologue()
8155 if (step != computation_stage->step) { in psa_jpake_prologue()
8160 computation_stage->inputs == 0 && in psa_jpake_prologue()
8161 computation_stage->outputs == 0) { in psa_jpake_prologue()
8164 computation_stage->io_mode = io_mode; in psa_jpake_prologue()
8165 } else if (computation_stage->io_mode != io_mode) { in psa_jpake_prologue()
8179 &operation->computation_stage.jpake; in psa_jpake_epilogue()
8181 if (stage->step == PSA_PAKE_STEP_ZK_PROOF) { in psa_jpake_epilogue()
8184 stage->inputs++; in psa_jpake_epilogue()
8185 if (stage->inputs == PSA_JPAKE_EXPECTED_INPUTS(stage->round)) { in psa_jpake_epilogue()
8186 stage->io_mode = PSA_JPAKE_OUTPUT; in psa_jpake_epilogue()
8190 stage->outputs++; in psa_jpake_epilogue()
8191 if (stage->outputs == PSA_JPAKE_EXPECTED_OUTPUTS(stage->round)) { in psa_jpake_epilogue()
8192 stage->io_mode = PSA_JPAKE_INPUT; in psa_jpake_epilogue()
8195 if (stage->inputs == PSA_JPAKE_EXPECTED_INPUTS(stage->round) && in psa_jpake_epilogue()
8196 stage->outputs == PSA_JPAKE_EXPECTED_OUTPUTS(stage->round)) { in psa_jpake_epilogue()
8198 stage->inputs = 0; in psa_jpake_epilogue()
8199 stage->outputs = 0; in psa_jpake_epilogue()
8200 stage->round++; in psa_jpake_epilogue()
8202 stage->step = PSA_PAKE_STEP_KEY_SHARE; in psa_jpake_epilogue()
8204 stage->step++; in psa_jpake_epilogue()
8218 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; in psa_pake_output() local
8222 if (operation->stage == PSA_PAKE_OPERATION_STAGE_COLLECT_INPUTS) { in psa_pake_output()
8223 status = psa_pake_complete_inputs(operation); in psa_pake_output()
8224 if (status != PSA_SUCCESS) { in psa_pake_output()
8225 goto exit; in psa_pake_output()
8229 if (operation->stage != PSA_PAKE_OPERATION_STAGE_COMPUTATION) { in psa_pake_output()
8230 status = PSA_ERROR_BAD_STATE; in psa_pake_output()
8231 goto exit; in psa_pake_output()
8235 status = PSA_ERROR_INVALID_ARGUMENT; in psa_pake_output()
8236 goto exit; in psa_pake_output()
8239 switch (operation->alg) { in psa_pake_output()
8242 status = psa_jpake_prologue(operation, step, PSA_JPAKE_OUTPUT); in psa_pake_output()
8243 if (status != PSA_SUCCESS) { in psa_pake_output()
8244 goto exit; in psa_pake_output()
8247 &operation->computation_stage.jpake); in psa_pake_output()
8252 status = PSA_ERROR_NOT_SUPPORTED; in psa_pake_output()
8253 goto exit; in psa_pake_output()
8256 status = psa_driver_wrapper_pake_output(operation, driver_step, in psa_pake_output()
8259 if (status != PSA_SUCCESS) { in psa_pake_output()
8260 goto exit; in psa_pake_output()
8263 switch (operation->alg) { in psa_pake_output()
8266 status = psa_jpake_epilogue(operation, PSA_JPAKE_OUTPUT); in psa_pake_output()
8267 if (status != PSA_SUCCESS) { in psa_pake_output()
8268 goto exit; in psa_pake_output()
8273 status = PSA_ERROR_NOT_SUPPORTED; in psa_pake_output()
8274 goto exit; in psa_pake_output()
8278 exit: in psa_pake_output()
8280 return status; in psa_pake_output()
8289 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; in psa_pake_input() local
8291 const size_t max_input_length = (size_t) PSA_PAKE_INPUT_SIZE(operation->alg, in psa_pake_input()
8292 operation->primitive, in psa_pake_input()
8295 if (operation->stage == PSA_PAKE_OPERATION_STAGE_COLLECT_INPUTS) { in psa_pake_input()
8296 status = psa_pake_complete_inputs(operation); in psa_pake_input()
8297 if (status != PSA_SUCCESS) { in psa_pake_input()
8298 goto exit; in psa_pake_input()
8302 if (operation->stage != PSA_PAKE_OPERATION_STAGE_COMPUTATION) { in psa_pake_input()
8303 status = PSA_ERROR_BAD_STATE; in psa_pake_input()
8304 goto exit; in psa_pake_input()
8308 status = PSA_ERROR_INVALID_ARGUMENT; in psa_pake_input()
8309 goto exit; in psa_pake_input()
8312 switch (operation->alg) { in psa_pake_input()
8315 status = psa_jpake_prologue(operation, step, PSA_JPAKE_INPUT); in psa_pake_input()
8316 if (status != PSA_SUCCESS) { in psa_pake_input()
8317 goto exit; in psa_pake_input()
8320 &operation->computation_stage.jpake); in psa_pake_input()
8325 status = PSA_ERROR_NOT_SUPPORTED; in psa_pake_input()
8326 goto exit; in psa_pake_input()
8329 status = psa_driver_wrapper_pake_input(operation, driver_step, in psa_pake_input()
8332 if (status != PSA_SUCCESS) { in psa_pake_input()
8333 goto exit; in psa_pake_input()
8336 switch (operation->alg) { in psa_pake_input()
8339 status = psa_jpake_epilogue(operation, PSA_JPAKE_INPUT); in psa_pake_input()
8340 if (status != PSA_SUCCESS) { in psa_pake_input()
8341 goto exit; in psa_pake_input()
8346 status = PSA_ERROR_NOT_SUPPORTED; in psa_pake_input()
8347 goto exit; in psa_pake_input()
8351 exit: in psa_pake_input()
8353 return status; in psa_pake_input()
8360 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; in psa_pake_get_implicit_key() local
8365 if (operation->stage != PSA_PAKE_OPERATION_STAGE_COMPUTATION) { in psa_pake_get_implicit_key()
8366 status = PSA_ERROR_BAD_STATE; in psa_pake_get_implicit_key()
8367 goto exit; in psa_pake_get_implicit_key()
8371 if (operation->alg == PSA_ALG_JPAKE) { in psa_pake_get_implicit_key()
8373 &operation->computation_stage.jpake; in psa_pake_get_implicit_key()
8374 if (computation_stage->round != PSA_JPAKE_FINISHED) { in psa_pake_get_implicit_key()
8375 status = PSA_ERROR_BAD_STATE; in psa_pake_get_implicit_key()
8376 goto exit; in psa_pake_get_implicit_key()
8381 status = PSA_ERROR_NOT_SUPPORTED; in psa_pake_get_implicit_key()
8382 goto exit; in psa_pake_get_implicit_key()
8385 status = psa_driver_wrapper_pake_get_implicit_key(operation, in psa_pake_get_implicit_key()
8390 if (status != PSA_SUCCESS) { in psa_pake_get_implicit_key()
8391 goto exit; in psa_pake_get_implicit_key()
8394 status = psa_key_derivation_input_bytes(output, in psa_pake_get_implicit_key()
8400 exit: in psa_pake_get_implicit_key()
8402 return status == PSA_SUCCESS ? abort_status : status; in psa_pake_get_implicit_key()
8408 psa_status_t status = PSA_SUCCESS; in psa_pake_abort() local
8410 if (operation->stage == PSA_PAKE_OPERATION_STAGE_COMPUTATION) { in psa_pake_abort()
8411 status = psa_driver_wrapper_pake_abort(operation); in psa_pake_abort()
8414 if (operation->stage == PSA_PAKE_OPERATION_STAGE_COLLECT_INPUTS) { in psa_pake_abort()
8415 if (operation->data.inputs.password != NULL) { in psa_pake_abort()
8416 mbedtls_zeroize_and_free(operation->data.inputs.password, in psa_pake_abort()
8417 operation->data.inputs.password_len); in psa_pake_abort()
8419 if (operation->data.inputs.user != NULL) { in psa_pake_abort()
8420 mbedtls_free(operation->data.inputs.user); in psa_pake_abort()
8422 if (operation->data.inputs.peer != NULL) { in psa_pake_abort()
8423 mbedtls_free(operation->data.inputs.peer); in psa_pake_abort()
8428 return status; in psa_pake_abort()