eden-emu/mbedtls
15
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Divide pake operation into two phases collecting inputs and computation.

Browse source 
Functions that only set inputs do not have driver entry points.

Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
This commit is contained in:
Przemek Stekiel 2022-12-07 11:04:51 +01:00
parent e5e41eb14c
commit 51eac53b93
8 changed files with 215 additions and 695 deletions
Download patch file Download diff file Expand all files Collapse all files

27
include/psa/crypto_extra.h
View file

@ -429,6 +429,9 @@ psa_status_t mbedtls_psa_inject_entropy(const uint8_t *seed,
*/ */
#define PSA_DH_FAMILY_CUSTOM ((psa_dh_family_t) 0x7e) #define PSA_DH_FAMILY_CUSTOM ((psa_dh_family_t) 0x7e)
/** EC-JPAKE operation stages. */
#define PSA_PAKE_OPERATION_STAGE_COLLECT_INPUTS 0
#define PSA_PAKE_OPERATION_STAGE_COMPUTATION 1
/** /**
* \brief Set domain parameters for a key. * \brief Set domain parameters for a key.
@ -1286,6 +1289,9 @@ static void psa_pake_cs_set_hash(psa_pake_cipher_suite_t *cipher_suite,
* Implementation details can change in future versions without notice. */ * Implementation details can change in future versions without notice. */
typedef struct psa_pake_operation_s psa_pake_operation_t; typedef struct psa_pake_operation_s psa_pake_operation_t;
/** The type of input values for PAKE operations. */
typedef struct psa_crypto_driver_pake_inputs_s psa_crypto_driver_pake_inputs_t;
/** Return an initial value for a PAKE operation object. /** Return an initial value for a PAKE operation object.
*/ */
static psa_pake_operation_t psa_pake_operation_init(void); static psa_pake_operation_t psa_pake_operation_init(void);
@ -1826,7 +1832,7 @@ psa_status_t psa_pake_abort(psa_pake_operation_t *operation);
/** Returns a suitable initializer for a PAKE operation object of type /** Returns a suitable initializer for a PAKE operation object of type
* psa_pake_operation_t. * psa_pake_operation_t.
*/ */
#define PSA_PAKE_OPERATION_INIT { 0, { .dummy = 0 } } #define PSA_PAKE_OPERATION_INIT { 0, PSA_PAKE_OPERATION_STAGE_COLLECT_INPUTS, { 0 } }
struct psa_pake_cipher_suite_s { struct psa_pake_cipher_suite_s {
psa_algorithm_t algorithm; psa_algorithm_t algorithm;
@ -1897,6 +1903,15 @@ static inline void psa_pake_cs_set_hash(psa_pake_cipher_suite_t *cipher_suite,
} }
} }
struct psa_crypto_driver_pake_inputs_s {
psa_algorithm_t MBEDTLS_PRIVATE(alg);
uint8_t *MBEDTLS_PRIVATE(password);
size_t MBEDTLS_PRIVATE(password_len);
psa_pake_role_t MBEDTLS_PRIVATE(role);
psa_key_lifetime_t MBEDTLS_PRIVATE(key_lifetime);
psa_pake_cipher_suite_t MBEDTLS_PRIVATE(cipher_suite);
};
struct psa_pake_operation_s { struct psa_pake_operation_s {
/** Unique ID indicating which driver got assigned to do the /** Unique ID indicating which driver got assigned to do the
* operation. Since driver contexts are driver-specific, swapping * operation. Since driver contexts are driver-specific, swapping
@ -1905,7 +1920,15 @@ struct psa_pake_operation_s {
* ID value zero means the context is not valid or not assigned to * ID value zero means the context is not valid or not assigned to
* any driver (i.e. none of the driver contexts are active). */ * any driver (i.e. none of the driver contexts are active). */
unsigned int MBEDTLS_PRIVATE(id); unsigned int MBEDTLS_PRIVATE(id);
psa_driver_pake_context_t MBEDTLS_PRIVATE(ctx); /* Based on stage (collecting inputs/computation) we select active structure of data union.
* While switching stage (when driver setup is called) collected inputs
are copied to the corresponding operation context. */
uint8_t MBEDTLS_PRIVATE(stage);
union {
unsigned dummy;
psa_crypto_driver_pake_inputs_t MBEDTLS_PRIVATE(inputs);
psa_driver_pake_context_t MBEDTLS_PRIVATE(ctx);
} MBEDTLS_PRIVATE(data);
}; };
static inline struct psa_pake_cipher_suite_s psa_pake_cipher_suite_init(void) static inline struct psa_pake_cipher_suite_s psa_pake_cipher_suite_init(void)

144
library/psa_crypto.c
View file

@ -7180,7 +7180,29 @@ psa_status_t psa_pake_setup(
psa_pake_operation_t *operation, psa_pake_operation_t *operation,
const psa_pake_cipher_suite_t *cipher_suite) const psa_pake_cipher_suite_t *cipher_suite)
{ {
return psa_driver_wrapper_pake_setup(operation, cipher_suite); if (operation->stage != PSA_PAKE_OPERATION_STAGE_COLLECT_INPUTS) {
return PSA_ERROR_BAD_STATE;
}
if (operation->data.inputs.alg != PSA_ALG_NONE) {
return PSA_ERROR_BAD_STATE;
}
if (cipher_suite == NULL ||
PSA_ALG_IS_PAKE(cipher_suite->algorithm) == 0 ||
(cipher_suite->type != PSA_PAKE_PRIMITIVE_TYPE_ECC &&
cipher_suite->type != PSA_PAKE_PRIMITIVE_TYPE_DH) ||
PSA_ALG_IS_HASH(cipher_suite->hash) == 0) {
return PSA_ERROR_INVALID_ARGUMENT;
}
;
memset(&operation->data.inputs, 0, sizeof(operation->data.inputs));
operation->data.inputs.alg = cipher_suite->algorithm;
operation->data.inputs.cipher_suite = *cipher_suite;
return PSA_SUCCESS;
} }
psa_status_t psa_pake_set_password_key( psa_status_t psa_pake_set_password_key(
@ -7191,7 +7213,11 @@ psa_status_t psa_pake_set_password_key(
psa_status_t unlock_status = PSA_ERROR_CORRUPTION_DETECTED; psa_status_t unlock_status = PSA_ERROR_CORRUPTION_DETECTED;
psa_key_slot_t *slot = NULL; psa_key_slot_t *slot = NULL;
if (operation->id == 0) { if (operation->stage != PSA_PAKE_OPERATION_STAGE_COLLECT_INPUTS) {
return PSA_ERROR_BAD_STATE;
}
if (operation->data.inputs.alg == PSA_ALG_NONE) {
return PSA_ERROR_BAD_STATE; return PSA_ERROR_BAD_STATE;
} }
@ -7206,9 +7232,29 @@ psa_status_t psa_pake_set_password_key(
.core = slot->attr .core = slot->attr
}; };
status = psa_driver_wrapper_pake_set_password_key(&attributes, operation, psa_key_type_t type = psa_get_key_type(&attributes);
slot->key.data, slot->key.bytes); psa_key_usage_t usage = psa_get_key_usage_flags(&attributes);
if (type != PSA_KEY_TYPE_PASSWORD &&
type != PSA_KEY_TYPE_PASSWORD_HASH) {
status = PSA_ERROR_INVALID_ARGUMENT;
goto error;
}
if ((usage & PSA_KEY_USAGE_DERIVE) == 0) {
status = PSA_ERROR_NOT_PERMITTED;
goto error;
}
operation->data.inputs.password = mbedtls_calloc(1, slot->key.bytes);
if (operation->data.inputs.password == NULL) {
return PSA_ERROR_INSUFFICIENT_MEMORY;
}
memcpy(operation->data.inputs.password, slot->key.data, slot->key.bytes);
operation->data.inputs.password_len = slot->key.bytes;
operation->data.inputs.key_lifetime = attributes.core.lifetime;
error:
unlock_status = psa_unlock_key_slot(slot); unlock_status = psa_unlock_key_slot(slot);
return (status == PSA_SUCCESS) ? unlock_status : status; return (status == PSA_SUCCESS) ? unlock_status : status;
@ -7219,16 +7265,21 @@ psa_status_t psa_pake_set_user(
const uint8_t *user_id, const uint8_t *user_id,
size_t user_id_len) size_t user_id_len)
{ {
if (operation->id == 0) { (void) user_id;
if (operation->stage != PSA_PAKE_OPERATION_STAGE_COLLECT_INPUTS) {
return PSA_ERROR_BAD_STATE; return PSA_ERROR_BAD_STATE;
} }
if (user_id_len == 0 || user_id == NULL) { if (operation->data.inputs.alg == PSA_ALG_NONE) {
return PSA_ERROR_BAD_STATE;
}
if (user_id_len == 0) {
return PSA_ERROR_INVALID_ARGUMENT; return PSA_ERROR_INVALID_ARGUMENT;
} }
return psa_driver_wrapper_pake_set_user(operation, user_id, return PSA_ERROR_NOT_SUPPORTED;
user_id_len);
} }
psa_status_t psa_pake_set_peer( psa_status_t psa_pake_set_peer(
@ -7236,23 +7287,32 @@ psa_status_t psa_pake_set_peer(
const uint8_t *peer_id, const uint8_t *peer_id,
size_t peer_id_len) size_t peer_id_len)
{ {
if (operation->id == 0) { (void) peer_id;
if (operation->stage != PSA_PAKE_OPERATION_STAGE_COLLECT_INPUTS) {
return PSA_ERROR_BAD_STATE; return PSA_ERROR_BAD_STATE;
} }
if (peer_id_len == 0 || peer_id == NULL) { if (operation->data.inputs.alg == PSA_ALG_NONE) {
return PSA_ERROR_BAD_STATE;
}
if (peer_id_len == 0) {
return PSA_ERROR_INVALID_ARGUMENT; return PSA_ERROR_INVALID_ARGUMENT;
} }
return psa_driver_wrapper_pake_set_peer(operation, peer_id, return PSA_ERROR_NOT_SUPPORTED;
peer_id_len);
} }
psa_status_t psa_pake_set_role( psa_status_t psa_pake_set_role(
psa_pake_operation_t *operation, psa_pake_operation_t *operation,
psa_pake_role_t role) psa_pake_role_t role)
{ {
if (operation->id == 0) { if (operation->stage != PSA_PAKE_OPERATION_STAGE_COLLECT_INPUTS) {
return PSA_ERROR_BAD_STATE;
}
if (operation->data.inputs.alg == PSA_ALG_NONE) {
return PSA_ERROR_BAD_STATE; return PSA_ERROR_BAD_STATE;
} }
@ -7264,7 +7324,9 @@ psa_status_t psa_pake_set_role(
return PSA_ERROR_INVALID_ARGUMENT; return PSA_ERROR_INVALID_ARGUMENT;
} }
return psa_driver_wrapper_pake_set_role(operation, role); operation->data.inputs.role = role;
return PSA_SUCCESS;
} }
psa_status_t psa_pake_output( psa_status_t psa_pake_output(
@ -7274,11 +7336,34 @@ psa_status_t psa_pake_output(
size_t output_size, size_t output_size,
size_t *output_length) size_t *output_length)
{ {
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
if (operation->stage == PSA_PAKE_OPERATION_STAGE_COLLECT_INPUTS) {
if (operation->data.inputs.alg == PSA_ALG_NONE ||
operation->data.inputs.password_len == 0 ||
operation->data.inputs.role == PSA_PAKE_ROLE_NONE) {
return PSA_ERROR_BAD_STATE;
}
status = psa_driver_wrapper_pake_setup(operation,
&operation->data.inputs);
if (status == PSA_SUCCESS) {
operation->stage = PSA_PAKE_OPERATION_STAGE_COMPUTATION;
} else {
return status;
}
}
if (operation->stage != PSA_PAKE_OPERATION_STAGE_COMPUTATION) {
return PSA_ERROR_BAD_STATE;
}
if (operation->id == 0) { if (operation->id == 0) {
return PSA_ERROR_BAD_STATE; return PSA_ERROR_BAD_STATE;
} }
if (output == NULL || output_size == 0 || output_length == NULL) { if (output == NULL || output_size == 0) {
return PSA_ERROR_INVALID_ARGUMENT; return PSA_ERROR_INVALID_ARGUMENT;
} }
@ -7292,6 +7377,29 @@ psa_status_t psa_pake_input(
const uint8_t *input, const uint8_t *input,
size_t input_length) size_t input_length)
{ {
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
if (operation->stage == PSA_PAKE_OPERATION_STAGE_COLLECT_INPUTS) {
if (operation->data.inputs.alg == PSA_ALG_NONE ||
operation->data.inputs.password_len == 0 ||
operation->data.inputs.role == PSA_PAKE_ROLE_NONE) {
return PSA_ERROR_BAD_STATE;
}
status = psa_driver_wrapper_pake_setup(operation,
&operation->data.inputs);
if (status == PSA_SUCCESS) {
operation->stage = PSA_PAKE_OPERATION_STAGE_COMPUTATION;
} else {
return status;
}
}
if (operation->stage != PSA_PAKE_OPERATION_STAGE_COMPUTATION) {
return PSA_ERROR_BAD_STATE;
}
if (operation->id == 0) { if (operation->id == 0) {
return PSA_ERROR_BAD_STATE; return PSA_ERROR_BAD_STATE;
} }
@ -7341,8 +7449,10 @@ psa_status_t psa_pake_get_implicit_key(
psa_status_t psa_pake_abort( psa_status_t psa_pake_abort(
psa_pake_operation_t *operation) psa_pake_operation_t *operation)
{ {
/* Aborting a non-active operation is allowed */ /* If we are in collecting inputs stage clear inputs. */
if (operation->id == 0) { if (operation->stage == PSA_PAKE_OPERATION_STAGE_COLLECT_INPUTS) {
mbedtls_free(operation->data.inputs.password);
memset(&operation->data.inputs, 0, sizeof(psa_crypto_driver_pake_inputs_t));
return PSA_SUCCESS; return PSA_SUCCESS;
} }

22
library/psa_crypto_driver_wrappers.h
View file

@ -417,27 +417,7 @@ psa_status_t psa_driver_wrapper_key_agreement(
*/ */
psa_status_t psa_driver_wrapper_pake_setup( psa_status_t psa_driver_wrapper_pake_setup(
psa_pake_operation_t *operation, psa_pake_operation_t *operation,
const psa_pake_cipher_suite_t *cipher_suite); const psa_crypto_driver_pake_inputs_t *inputs);
psa_status_t psa_driver_wrapper_pake_set_password_key(
const psa_key_attributes_t *attributes,
psa_pake_operation_t *operation,
uint8_t *key_buffer,
size_t key_size);
psa_status_t psa_driver_wrapper_pake_set_user(
psa_pake_operation_t *operation,
const uint8_t *user_id,
size_t user_id_len);
psa_status_t psa_driver_wrapper_pake_set_peer(
psa_pake_operation_t *operation,
const uint8_t *peer_id,
size_t peer_id_len);
psa_status_t psa_driver_wrapper_pake_set_role(
psa_pake_operation_t *operation,
psa_pake_role_t role);
psa_status_t psa_driver_wrapper_pake_output( psa_status_t psa_driver_wrapper_pake_output(
psa_pake_operation_t *operation, psa_pake_operation_t *operation,

179
library/psa_crypto_pake.c
View file

@ -192,36 +192,32 @@ static psa_status_t mbedtls_ecjpake_to_psa_error(int ret)
#if defined(MBEDTLS_PSA_BUILTIN_PAKE) #if defined(MBEDTLS_PSA_BUILTIN_PAKE)
psa_status_t mbedtls_psa_pake_setup(mbedtls_psa_pake_operation_t *operation, psa_status_t mbedtls_psa_pake_setup(mbedtls_psa_pake_operation_t *operation,
const psa_pake_cipher_suite_t *cipher_suite) const psa_crypto_driver_pake_inputs_t *inputs)
{ {
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
/* A context must be freshly initialized before it can be set up. */ uint8_t *password = inputs->password;
if (operation->alg != PSA_ALG_NONE) { size_t password_len = inputs->password_len;
status = PSA_ERROR_BAD_STATE; psa_pake_role_t role = inputs->role;
goto error; psa_pake_cipher_suite_t cipher_suite = inputs->cipher_suite;
}
if (cipher_suite == NULL || memset(operation, 0, sizeof(mbedtls_psa_pake_operation_t));
PSA_ALG_IS_PAKE(cipher_suite->algorithm) == 0 ||
(cipher_suite->type != PSA_PAKE_PRIMITIVE_TYPE_ECC &&
cipher_suite->type != PSA_PAKE_PRIMITIVE_TYPE_DH) ||
PSA_ALG_IS_HASH(cipher_suite->hash) == 0) {
status = PSA_ERROR_INVALID_ARGUMENT;
goto error;
}
#if defined(MBEDTLS_PSA_BUILTIN_ALG_JPAKE) #if defined(MBEDTLS_PSA_BUILTIN_ALG_JPAKE)
if (cipher_suite->algorithm == PSA_ALG_JPAKE) { if (cipher_suite.algorithm == PSA_ALG_JPAKE) {
if (cipher_suite->type != PSA_PAKE_PRIMITIVE_TYPE_ECC || if (cipher_suite.type != PSA_PAKE_PRIMITIVE_TYPE_ECC ||
cipher_suite->family != PSA_ECC_FAMILY_SECP_R1 || cipher_suite.family != PSA_ECC_FAMILY_SECP_R1 ||
cipher_suite->bits != 256 || cipher_suite.bits != 256 ||
cipher_suite->hash != PSA_ALG_SHA_256) { cipher_suite.hash != PSA_ALG_SHA_256) {
status = PSA_ERROR_NOT_SUPPORTED; status = PSA_ERROR_NOT_SUPPORTED;
goto error; goto error;
} }
operation->alg = cipher_suite->algorithm; if (role != PSA_PAKE_ROLE_CLIENT &&
role != PSA_PAKE_ROLE_SERVER) {
status = PSA_ERROR_NOT_SUPPORTED;
goto error;
}
mbedtls_ecjpake_init(&operation->ctx.pake); mbedtls_ecjpake_init(&operation->ctx.pake);
@ -229,8 +225,10 @@ psa_status_t mbedtls_psa_pake_setup(mbedtls_psa_pake_operation_t *operation,
operation->sequence = PSA_PAKE_SEQ_INVALID; operation->sequence = PSA_PAKE_SEQ_INVALID;
operation->input_step = PSA_PAKE_STEP_X1_X2; operation->input_step = PSA_PAKE_STEP_X1_X2;
operation->output_step = PSA_PAKE_STEP_X1_X2; operation->output_step = PSA_PAKE_STEP_X1_X2;
operation->password_len = 0; operation->password_len = password_len;
operation->password = NULL; operation->password = password;
operation->role = role;
operation->alg = cipher_suite.algorithm;
mbedtls_platform_zeroize(operation->buffer, MBEDTLS_PSA_PAKE_BUFFER_SIZE); mbedtls_platform_zeroize(operation->buffer, MBEDTLS_PSA_PAKE_BUFFER_SIZE);
operation->buffer_length = 0; operation->buffer_length = 0;
@ -240,149 +238,16 @@ psa_status_t mbedtls_psa_pake_setup(mbedtls_psa_pake_operation_t *operation,
} else } else
#else #else
(void) operation; (void) operation;
(void) cipher_suite; (void) inputs;
#endif #endif
{ status = PSA_ERROR_NOT_SUPPORTED; } { status = PSA_ERROR_NOT_SUPPORTED; }
error: error:
mbedtls_free(password);
mbedtls_psa_pake_abort(operation); mbedtls_psa_pake_abort(operation);
return status; return status;
} }
psa_status_t mbedtls_psa_pake_set_password_key(const psa_key_attributes_t *attributes,
mbedtls_psa_pake_operation_t *operation,
uint8_t *password,
size_t password_len)
{
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
psa_key_type_t type = psa_get_key_type(attributes);
psa_key_usage_t usage = psa_get_key_usage_flags(attributes);
if (type != PSA_KEY_TYPE_PASSWORD &&
type != PSA_KEY_TYPE_PASSWORD_HASH) {
status = PSA_ERROR_INVALID_ARGUMENT;
goto error;
}
if ((usage & PSA_KEY_USAGE_DERIVE) == 0) {
status = PSA_ERROR_NOT_PERMITTED;
goto error;
}
if (operation->alg == PSA_ALG_NONE) {
status = PSA_ERROR_BAD_STATE;
goto error;
}
if (operation->state != PSA_PAKE_STATE_SETUP) {
status = PSA_ERROR_BAD_STATE;
goto error;
}
if (operation->password != NULL) {
status = PSA_ERROR_BAD_STATE;
goto error;
}
operation->password = mbedtls_calloc(1, password_len);
if (operation->password == NULL) {
return PSA_ERROR_INSUFFICIENT_MEMORY;
}
memcpy(operation->password, password, password_len);
operation->password_len = password_len;
return PSA_SUCCESS;
error:
mbedtls_psa_pake_abort(operation);
return status;
}
psa_status_t mbedtls_psa_pake_set_user(mbedtls_psa_pake_operation_t *operation,
const uint8_t *user_id,
size_t user_id_len)
{
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
(void) user_id;
(void) user_id_len;
if (operation->alg == PSA_ALG_NONE) {
return PSA_ERROR_BAD_STATE;
}
if (operation->state != PSA_PAKE_STATE_SETUP) {
status = PSA_ERROR_BAD_STATE;
goto error;
}
status = PSA_ERROR_NOT_SUPPORTED;
error:
mbedtls_psa_pake_abort(operation);
return status;
}
psa_status_t mbedtls_psa_pake_set_peer(mbedtls_psa_pake_operation_t *operation,
const uint8_t *peer_id,
size_t peer_id_len)
{
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
(void) peer_id;
(void) peer_id_len;
if (operation->alg == PSA_ALG_NONE) {
status = PSA_ERROR_BAD_STATE;
goto error;
}
if (operation->state != PSA_PAKE_STATE_SETUP) {
status = PSA_ERROR_BAD_STATE;
goto error;
}
status = PSA_ERROR_NOT_SUPPORTED;
error:
mbedtls_psa_pake_abort(operation);
return status;
}
psa_status_t mbedtls_psa_pake_set_role(mbedtls_psa_pake_operation_t *operation,
psa_pake_role_t role)
{
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
if (operation->alg == PSA_ALG_NONE) {
status = PSA_ERROR_BAD_STATE;
goto error;
}
if (operation->state != PSA_PAKE_STATE_SETUP) {
status = PSA_ERROR_BAD_STATE;
goto error;
}
#if defined(MBEDTLS_PSA_BUILTIN_ALG_JPAKE)
if (operation->alg == PSA_ALG_JPAKE) {
if (role != PSA_PAKE_ROLE_CLIENT &&
role != PSA_PAKE_ROLE_SERVER) {
return PSA_ERROR_NOT_SUPPORTED;
}
operation->role = role;
return PSA_SUCCESS;
} else
#else
(void) role;
#endif
{ status = PSA_ERROR_NOT_SUPPORTED; }
error:
mbedtls_psa_pake_abort(operation);
return status;
}
#if defined(MBEDTLS_PSA_BUILTIN_ALG_JPAKE) #if defined(MBEDTLS_PSA_BUILTIN_ALG_JPAKE)
static psa_status_t psa_pake_ecjpake_setup(mbedtls_psa_pake_operation_t *operation) static psa_status_t psa_pake_ecjpake_setup(mbedtls_psa_pake_operation_t *operation)

172
library/psa_crypto_pake.h
View file

@ -94,178 +94,8 @@
* results in this error code. * results in this error code.
*/ */
psa_status_t mbedtls_psa_pake_setup(mbedtls_psa_pake_operation_t *operation, psa_status_t mbedtls_psa_pake_setup(mbedtls_psa_pake_operation_t *operation,
const psa_pake_cipher_suite_t *cipher_suite); const psa_crypto_driver_pake_inputs_t *inputs);
/** Set the password for a password-authenticated key exchange from key ID.
*
* Call this function when the password, or a value derived from the password,
* is already present in the key store.
* \param[in] attributes The attributes of the key to use for the
* operation.
* \param[in,out] operation The operation object to set the password for. It
* must have been set up by psa_pake_setup() and
* not yet in use (neither psa_pake_output() nor
* psa_pake_input() has been called yet). It must
* be on operation for which the password hasn't
* been set yet (psa_pake_set_password_key()
* hasn't been called yet).
* \param password Buffer holding the password
* \param password_len Password buffer size
*
* \retval #PSA_SUCCESS
* Success.
* \retval #PSA_ERROR_INVALID_HANDLE
* \p password is not a valid key identifier.
* \retval #PSA_ERROR_NOT_PERMITTED
* The key does not have the #PSA_KEY_USAGE_DERIVE flag, or it does not
* permit the \p operation's algorithm.
* \retval #PSA_ERROR_INVALID_ARGUMENT
* The key type for \p password is not #PSA_KEY_TYPE_PASSWORD or
* #PSA_KEY_TYPE_PASSWORD_HASH, or \p password is not compatible with
* the \p operation's cipher suite.
* \retval #PSA_ERROR_NOT_SUPPORTED
* The key type or key size of \p password is not supported with the
* \p operation's cipher suite.
* \retval #PSA_ERROR_COMMUNICATION_FAILURE
* \retval #PSA_ERROR_CORRUPTION_DETECTED
* \retval #PSA_ERROR_STORAGE_FAILURE
* \retval #PSA_ERROR_DATA_CORRUPT
* \retval #PSA_ERROR_DATA_INVALID
* \retval #PSA_ERROR_BAD_STATE
* The operation state is not valid (it must have been set up.), or
* the library has not been previously initialized by psa_crypto_init().
* It is implementation-dependent whether a failure to initialize
* results in this error code.
*/
psa_status_t mbedtls_psa_pake_set_password_key(
const psa_key_attributes_t *attributes,
mbedtls_psa_pake_operation_t *operation,
uint8_t *password,
size_t password_len);
/** Set the user ID for a password-authenticated key exchange.
*
* Call this function to set the user ID. For PAKE algorithms that associate a
* user identifier with each side of the session you need to call
* psa_pake_set_peer() as well. For PAKE algorithms that associate a single
* user identifier with the session, call psa_pake_set_user() only.
*
* Refer to the documentation of individual PAKE algorithm types (`PSA_ALG_XXX`
* values of type ::psa_algorithm_t such that #PSA_ALG_IS_PAKE(\c alg) is true)
* for more information.
*
* \param[in,out] operation The operation object to set the user ID for. It
* must have been set up by psa_pake_setup() and
* not yet in use (neither psa_pake_output() nor
* psa_pake_input() has been called yet). It must
* be on operation for which the user ID hasn't
* been set (psa_pake_set_user() hasn't been
* called yet).
* \param[in] user_id The user ID to authenticate with.
* \param user_id_len Size of the \p user_id buffer in bytes.
*
* \retval #PSA_SUCCESS
* Success.
* \retval #PSA_ERROR_INVALID_ARGUMENT
* \p user_id is not valid for the \p operation's algorithm and cipher
* suite.
* \retval #PSA_ERROR_NOT_SUPPORTED
* The value of \p user_id is not supported by the implementation.
* \retval #PSA_ERROR_INSUFFICIENT_MEMORY
* \retval #PSA_ERROR_COMMUNICATION_FAILURE
* \retval #PSA_ERROR_CORRUPTION_DETECTED
* \retval #PSA_ERROR_BAD_STATE
* The operation state is not valid, or
* the library has not been previously initialized by psa_crypto_init().
* It is implementation-dependent whether a failure to initialize
* results in this error code.
*/
psa_status_t mbedtls_psa_pake_set_user(mbedtls_psa_pake_operation_t *operation,
const uint8_t *user_id,
size_t user_id_len);
/** Set the peer ID for a password-authenticated key exchange.
*
* Call this function in addition to psa_pake_set_user() for PAKE algorithms
* that associate a user identifier with each side of the session. For PAKE
* algorithms that associate a single user identifier with the session, call
* psa_pake_set_user() only.
*
* Refer to the documentation of individual PAKE algorithm types (`PSA_ALG_XXX`
* values of type ::psa_algorithm_t such that #PSA_ALG_IS_PAKE(\c alg) is true)
* for more information.
*
* \param[in,out] operation The operation object to set the peer ID for. It
* must have been set up by psa_pake_setup() and
* not yet in use (neither psa_pake_output() nor
* psa_pake_input() has been called yet). It must
* be on operation for which the peer ID hasn't
* been set (psa_pake_set_peer() hasn't been
* called yet).
* \param[in] peer_id The peer's ID to authenticate.
* \param peer_id_len Size of the \p peer_id buffer in bytes.
*
* \retval #PSA_SUCCESS
* Success.
* \retval #PSA_ERROR_INVALID_ARGUMENT
* \p user_id is not valid for the \p operation's algorithm and cipher
* suite.
* \retval #PSA_ERROR_NOT_SUPPORTED
* The algorithm doesn't associate a second identity with the session.
* \retval #PSA_ERROR_INSUFFICIENT_MEMORY
* \retval #PSA_ERROR_COMMUNICATION_FAILURE
* \retval #PSA_ERROR_CORRUPTION_DETECTED
* \retval #PSA_ERROR_BAD_STATE
* Calling psa_pake_set_peer() is invalid with the \p operation's
* algorithm, the operation state is not valid, or the library has not
* been previously initialized by psa_crypto_init().
* It is implementation-dependent whether a failure to initialize
* results in this error code.
*/
psa_status_t mbedtls_psa_pake_set_peer(mbedtls_psa_pake_operation_t *operation,
const uint8_t *peer_id,
size_t peer_id_len);
/** Set the application role for a password-authenticated key exchange.
*
* Not all PAKE algorithms need to differentiate the communicating entities.
* It is optional to call this function for PAKEs that don't require a role
* to be specified. For such PAKEs the application role parameter is ignored,
* or #PSA_PAKE_ROLE_NONE can be passed as \c role.
*
* Refer to the documentation of individual PAKE algorithm types (`PSA_ALG_XXX`
* values of type ::psa_algorithm_t such that #PSA_ALG_IS_PAKE(\c alg) is true)
* for more information.
*
* \param[in,out] operation The operation object to specify the
* application's role for. It must have been set up
* by psa_pake_setup() and not yet in use (neither
* psa_pake_output() nor psa_pake_input() has been
* called yet). It must be on operation for which
* the application's role hasn't been specified
* (psa_pake_set_role() hasn't been called yet).
* \param role A value of type ::psa_pake_role_t indicating the
* application's role in the PAKE the algorithm
* that is being set up. For more information see
* the documentation of \c PSA_PAKE_ROLE_XXX
* constants.
*
* \retval #PSA_SUCCESS
* Success.
* \retval #PSA_ERROR_INVALID_ARGUMENT
* The \p role is not a valid PAKE role in the \p operations algorithm.
* \retval #PSA_ERROR_NOT_SUPPORTED
* The \p role for this algorithm is not supported or is not valid.
* \retval #PSA_ERROR_COMMUNICATION_FAILURE
* \retval #PSA_ERROR_CORRUPTION_DETECTED
* \retval #PSA_ERROR_BAD_STATE
* The operation state is not valid, or
* the library has not been previously initialized by psa_crypto_init().
* It is implementation-dependent whether a failure to initialize
* results in this error code.
*/
psa_status_t mbedtls_psa_pake_set_role(mbedtls_psa_pake_operation_t *operation,
psa_pake_role_t role);
/** Get output for a step of a password-authenticated key exchange. /** Get output for a step of a password-authenticated key exchange.
* *

205
scripts/data_files/driver_templates/psa_crypto_driver_wrappers.c.jinja
View file

@ -2811,64 +2811,12 @@ psa_status_t psa_driver_wrapper_key_agreement(
psa_status_t psa_driver_wrapper_pake_setup( psa_status_t psa_driver_wrapper_pake_setup(
psa_pake_operation_t *operation, psa_pake_operation_t *operation,
const psa_pake_cipher_suite_t *cipher_suite ) const psa_crypto_driver_pake_inputs_t *inputs )
{ {
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
/* Try setup on accelerators first */
#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
#if defined(PSA_CRYPTO_DRIVER_TEST)
status = mbedtls_test_transparent_pake_setup(
&operation->ctx.transparent_test_driver_ctx,
(const psa_pake_cipher_suite_t*) cipher_suite );
if( status == PSA_SUCCESS )
operation->id = MBEDTLS_TEST_TRANSPARENT_DRIVER_ID;
if( status != PSA_ERROR_NOT_SUPPORTED )
return( status );
#endif /* PSA_CRYPTO_DRIVER_TEST */
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
/* If software fallback is compiled in, try fallback */
#if defined(MBEDTLS_PSA_BUILTIN_PAKE)
status = mbedtls_psa_pake_setup( &operation->ctx.mbedtls_ctx, cipher_suite );
if( status == PSA_SUCCESS )
operation->id = PSA_CRYPTO_MBED_TLS_DRIVER_ID;
if( status != PSA_ERROR_NOT_SUPPORTED )
return( status );
#endif /* MBEDTLS_PSA_BUILTIN_PAKE */
/* Add cases for opaque driver here */
#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
#if defined(PSA_CRYPTO_DRIVER_TEST)
status = mbedtls_test_opaque_pake_setup(
&operation->ctx.opaque_test_driver_ctx,
(const psa_pake_cipher_suite_t*) cipher_suite );
if( status == PSA_SUCCESS )
operation->id = MBEDTLS_TEST_OPAQUE_DRIVER_ID;
if( status != PSA_ERROR_NOT_SUPPORTED )
return( status );
#endif /* PSA_CRYPTO_DRIVER_TEST */
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
/* Nothing left to try if we fall through here */
(void) status;
(void) operation;
(void) cipher_suite;
return( PSA_ERROR_NOT_SUPPORTED );
}
psa_status_t psa_driver_wrapper_pake_set_password_key(
const psa_key_attributes_t *attributes,
psa_pake_operation_t *operation,
uint8_t *key_buffer,
size_t key_size )
{
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
psa_key_location_t location = psa_key_location_t location =
PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime ); PSA_KEY_LIFETIME_GET_LOCATION( inputs->key_lifetime );
switch( location ) switch( location )
{ {
@ -2877,135 +2825,44 @@ psa_status_t psa_driver_wrapper_pake_set_password_key(
* cycle through all known transparent accelerators */ * cycle through all known transparent accelerators */
#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
#if defined(PSA_CRYPTO_DRIVER_TEST) #if defined(PSA_CRYPTO_DRIVER_TEST)
status = mbedtls_test_transparent_set_password_key( status = mbedtls_test_transparent_pake_setup(
attributes, &operation->data.ctx.transparent_test_driver_ctx,
&operation->ctx.transparent_test_driver_ctx, inputs );
key_buffer, key_size ); if( status == PSA_SUCCESS )
operation->id = MBEDTLS_TEST_TRANSPARENT_DRIVER_ID;
/* Declared with fallback == true */ /* Declared with fallback == true */
if( status != PSA_ERROR_NOT_SUPPORTED ) if( status != PSA_ERROR_NOT_SUPPORTED )
return( status ); return( status );
#endif /* PSA_CRYPTO_DRIVER_TEST */ #endif /* PSA_CRYPTO_DRIVER_TEST */
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
#if defined(MBEDTLS_PSA_BUILTIN_PAKE) #if defined(MBEDTLS_PSA_BUILTIN_PAKE)
return( mbedtls_psa_pake_set_password_key( status = mbedtls_psa_pake_setup( &operation->data.ctx.mbedtls_ctx,
attributes, &operation->ctx.mbedtls_ctx, inputs );
key_buffer, key_size ) ); if( status == PSA_SUCCESS )
operation->id = PSA_CRYPTO_MBED_TLS_DRIVER_ID;
return status;
#endif #endif
return( PSA_ERROR_NOT_SUPPORTED ); return( PSA_ERROR_NOT_SUPPORTED );
/* Add cases for opaque driver here */ /* Add cases for opaque driver here */
#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
#if defined(PSA_CRYPTO_DRIVER_TEST) #if defined(PSA_CRYPTO_DRIVER_TEST)
case PSA_CRYPTO_TEST_DRIVER_LOCATION: case PSA_CRYPTO_TEST_DRIVER_LOCATION:
return( mbedtls_test_opaque_set_password_key( status = mbedtls_test_opaque_pake_setup(
attributes, &operation->data.ctx.opaque_test_driver_ctx,
&operation->ctx.opaque_test_driver_ctx, inputs );
key_buffer, key_size ) ); if( status == PSA_SUCCESS )
operation->id = MBEDTLS_TEST_OPAQUE_DRIVER_ID;
return status;
#endif /* PSA_CRYPTO_DRIVER_TEST */ #endif /* PSA_CRYPTO_DRIVER_TEST */
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
default: default:
/* Key is declared with a lifetime not known to us */ /* Key is declared with a lifetime not known to us */
(void)operation; (void)operation;
(void)inputs;
(void)status; (void)status;
(void)key_buffer;
(void)key_size;
return( PSA_ERROR_INVALID_ARGUMENT ); return( PSA_ERROR_INVALID_ARGUMENT );
} }
} }
psa_status_t psa_driver_wrapper_pake_set_user(
psa_pake_operation_t *operation,
const uint8_t *user_id,
size_t user_id_len )
{
switch( operation->id )
{
#if defined(MBEDTLS_PSA_BUILTIN_PAKE)
case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
return( mbedtls_psa_pake_set_user( &operation->ctx.mbedtls_ctx,
user_id, user_id_len ) );
#endif /* MBEDTLS_PSA_BUILTIN_PAKE */
#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
#if defined(PSA_CRYPTO_DRIVER_TEST)
case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID:
return( mbedtls_test_transparent_pake_set_user(
&operation->ctx.transparent_test_driver_ctx,
user_id, user_id_len ) );
case MBEDTLS_TEST_OPAQUE_DRIVER_ID:
return( mbedtls_test_opaque_pake_set_user(
&operation->ctx.opaque_test_driver_ctx,
user_id, user_id_len ) );
#endif /* PSA_CRYPTO_DRIVER_TEST */
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
default:
(void) user_id;
(void) user_id_len;
return( PSA_ERROR_INVALID_ARGUMENT );
}
}
psa_status_t psa_driver_wrapper_pake_set_peer(
psa_pake_operation_t *operation,
const uint8_t *peer_id,
size_t peer_id_len )
{
switch( operation->id )
{
#if defined(MBEDTLS_PSA_BUILTIN_PAKE)
case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
return( mbedtls_psa_pake_set_peer( &operation->ctx.mbedtls_ctx,
peer_id, peer_id_len ) );
#endif /* MBEDTLS_PSA_BUILTIN_PAKE */
#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
#if defined(PSA_CRYPTO_DRIVER_TEST)
case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID:
return( mbedtls_test_transparent_pake_set_peer(
&operation->ctx.transparent_test_driver_ctx,
peer_id, peer_id_len ) );
case MBEDTLS_TEST_OPAQUE_DRIVER_ID:
return( mbedtls_test_opaque_pake_set_peer(
&operation->ctx.opaque_test_driver_ctx,
peer_id, peer_id_len ) );
#endif /* PSA_CRYPTO_DRIVER_TEST */
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
default:
(void) peer_id;
(void) peer_id_len;
return( PSA_ERROR_INVALID_ARGUMENT );
}
}
psa_status_t psa_driver_wrapper_pake_set_role(
psa_pake_operation_t *operation,
psa_pake_role_t role )
{
switch( operation->id )
{
#if defined(MBEDTLS_PSA_BUILTIN_PAKE)
case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
return( mbedtls_psa_pake_set_role( &operation->ctx.mbedtls_ctx, role ) );
#endif /* MBEDTLS_PSA_BUILTIN_PAKE */
#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
#if defined(PSA_CRYPTO_DRIVER_TEST)
case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID:
return( mbedtls_test_transparent_pake_set_role(
&operation->ctx.transparent_test_driver_ctx,
role ) );
case MBEDTLS_TEST_OPAQUE_DRIVER_ID:
return( mbedtls_test_opaque_pake_set_role(
&operation->ctx.opaque_test_driver_ctx,
role ) );
#endif /* PSA_CRYPTO_DRIVER_TEST */
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
default:
(void) role;
return( PSA_ERROR_INVALID_ARGUMENT );
}
}
psa_status_t psa_driver_wrapper_pake_output( psa_status_t psa_driver_wrapper_pake_output(
psa_pake_operation_t *operation, psa_pake_operation_t *operation,
psa_pake_step_t step, psa_pake_step_t step,
@ -3017,7 +2874,7 @@ psa_status_t psa_driver_wrapper_pake_output(
{ {
#if defined(MBEDTLS_PSA_BUILTIN_PAKE) #if defined(MBEDTLS_PSA_BUILTIN_PAKE)
case PSA_CRYPTO_MBED_TLS_DRIVER_ID: case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
return( mbedtls_psa_pake_output( &operation->ctx.mbedtls_ctx, step, output, return( mbedtls_psa_pake_output( &operation->data.ctx.mbedtls_ctx, step, output,
output_size, output_length ) ); output_size, output_length ) );
#endif /* MBEDTLS_PSA_BUILTIN_PAKE */ #endif /* MBEDTLS_PSA_BUILTIN_PAKE */
@ -3025,11 +2882,11 @@ psa_status_t psa_driver_wrapper_pake_output(
#if defined(PSA_CRYPTO_DRIVER_TEST) #if defined(PSA_CRYPTO_DRIVER_TEST)
case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID: case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID:
return( mbedtls_test_transparent_pake_output( return( mbedtls_test_transparent_pake_output(
&operation->ctx.transparent_test_driver_ctx, &operation->data.ctx.transparent_test_driver_ctx,
step, output, output_size, output_length ) ); step, output, output_size, output_length ) );
case MBEDTLS_TEST_OPAQUE_DRIVER_ID: case MBEDTLS_TEST_OPAQUE_DRIVER_ID:
return( mbedtls_test_opaque_pake_output( return( mbedtls_test_opaque_pake_output(
&operation->ctx.opaque_test_driver_ctx, &operation->data.ctx.opaque_test_driver_ctx,
step, output, output_size, output_length ) ); step, output, output_size, output_length ) );
#endif /* PSA_CRYPTO_DRIVER_TEST */ #endif /* PSA_CRYPTO_DRIVER_TEST */
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
@ -3052,7 +2909,7 @@ psa_status_t psa_driver_wrapper_pake_input(
{ {
#if defined(MBEDTLS_PSA_BUILTIN_PAKE) #if defined(MBEDTLS_PSA_BUILTIN_PAKE)
case PSA_CRYPTO_MBED_TLS_DRIVER_ID: case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
return( mbedtls_psa_pake_input( &operation->ctx.mbedtls_ctx, return( mbedtls_psa_pake_input( &operation->data.ctx.mbedtls_ctx,
step, input, input_length ) ); step, input, input_length ) );
#endif /* MBEDTLS_PSA_BUILTIN_PAKE */ #endif /* MBEDTLS_PSA_BUILTIN_PAKE */
@ -3060,11 +2917,11 @@ psa_status_t psa_driver_wrapper_pake_input(
#if defined(PSA_CRYPTO_DRIVER_TEST) #if defined(PSA_CRYPTO_DRIVER_TEST)
case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID: case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID:
return( mbedtls_test_transparent_pake_input( return( mbedtls_test_transparent_pake_input(
&operation->ctx.transparent_test_driver_ctx, &operation->data.ctx.transparent_test_driver_ctx,
step, input, input_length ) ); step, input, input_length ) );
case MBEDTLS_TEST_OPAQUE_DRIVER_ID: case MBEDTLS_TEST_OPAQUE_DRIVER_ID:
return( mbedtls_test_opaque_pake_input( return( mbedtls_test_opaque_pake_input(
&operation->ctx.opaque_test_driver_ctx, &operation->data.ctx.opaque_test_driver_ctx,
step, input, input_length ) ); step, input, input_length ) );
#endif /* PSA_CRYPTO_DRIVER_TEST */ #endif /* PSA_CRYPTO_DRIVER_TEST */
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
@ -3084,18 +2941,18 @@ psa_status_t psa_driver_wrapper_pake_get_implicit_key(
{ {
#if defined(MBEDTLS_PSA_BUILTIN_PAKE) #if defined(MBEDTLS_PSA_BUILTIN_PAKE)
case PSA_CRYPTO_MBED_TLS_DRIVER_ID: case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
return( mbedtls_psa_pake_get_implicit_key( &operation->ctx.mbedtls_ctx, output, output_size ) ); return( mbedtls_psa_pake_get_implicit_key( &operation->data.ctx.mbedtls_ctx, output, output_size ) );
#endif /* MBEDTLS_PSA_BUILTIN_PAKE */ #endif /* MBEDTLS_PSA_BUILTIN_PAKE */
#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
#if defined(PSA_CRYPTO_DRIVER_TEST) #if defined(PSA_CRYPTO_DRIVER_TEST)
case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID: case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID:
return( mbedtls_test_transparent_pake_get_implicit_key( return( mbedtls_test_transparent_pake_get_implicit_key(
&operation->ctx.transparent_test_driver_ctx, &operation->data.ctx.transparent_test_driver_ctx,
output, output_size ) ); output, output_size ) );
case MBEDTLS_TEST_OPAQUE_DRIVER_ID: case MBEDTLS_TEST_OPAQUE_DRIVER_ID:
return( mbedtls_test_opaque_pake_get_implicit_key( return( mbedtls_test_opaque_pake_get_implicit_key(
&operation->ctx.opaque_test_driver_ctx, &operation->data.ctx.opaque_test_driver_ctx,
output, output_size ) ); output, output_size ) );
#endif /* PSA_CRYPTO_DRIVER_TEST */ #endif /* PSA_CRYPTO_DRIVER_TEST */
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
@ -3113,17 +2970,17 @@ psa_status_t psa_driver_wrapper_pake_abort(
{ {
#if defined(MBEDTLS_PSA_BUILTIN_PAKE) #if defined(MBEDTLS_PSA_BUILTIN_PAKE)
case PSA_CRYPTO_MBED_TLS_DRIVER_ID: case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
return( mbedtls_psa_pake_abort( &operation->ctx.mbedtls_ctx ) ); return( mbedtls_psa_pake_abort( &operation->data.ctx.mbedtls_ctx ) );
#endif /* MBEDTLS_PSA_BUILTIN_PAKE */ #endif /* MBEDTLS_PSA_BUILTIN_PAKE */
#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
#if defined(PSA_CRYPTO_DRIVER_TEST) #if defined(PSA_CRYPTO_DRIVER_TEST)
case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID: case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID:
return( mbedtls_test_transparent_pake_abort( return( mbedtls_test_transparent_pake_abort(
&operation->ctx.transparent_test_driver_ctx ) ); &operation->data.ctx.transparent_test_driver_ctx ) );
case MBEDTLS_TEST_OPAQUE_DRIVER_ID: case MBEDTLS_TEST_OPAQUE_DRIVER_ID:
return( mbedtls_test_opaque_pake_abort( return( mbedtls_test_opaque_pake_abort(
&operation->ctx.opaque_test_driver_ctx ) ); &operation->data.ctx.opaque_test_driver_ctx ) );
#endif /* PSA_CRYPTO_DRIVER_TEST */ #endif /* PSA_CRYPTO_DRIVER_TEST */
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
default: default:

24
tests/include/test/drivers/pake.h
View file

@ -50,27 +50,7 @@ extern mbedtls_test_driver_pake_hooks_t mbedtls_test_driver_pake_hooks;
psa_status_t mbedtls_test_transparent_pake_setup( psa_status_t mbedtls_test_transparent_pake_setup(
mbedtls_transparent_test_driver_pake_operation_t *operation, mbedtls_transparent_test_driver_pake_operation_t *operation,
const psa_pake_cipher_suite_t *cipher_suite); const psa_crypto_driver_pake_inputs_t *inputs);
psa_status_t mbedtls_test_transparent_set_password_key(
const psa_key_attributes_t *attributes,
mbedtls_transparent_test_driver_pake_operation_t *operation,
uint8_t *key_buffer,
size_t key_size);
psa_status_t mbedtls_test_transparent_pake_set_user(
mbedtls_transparent_test_driver_pake_operation_t *operation,
const uint8_t *user_id,
size_t user_id_len);
psa_status_t mbedtls_test_transparent_pake_set_peer(
mbedtls_transparent_test_driver_pake_operation_t *operation,
const uint8_t *peer_id,
size_t peer_id_len);
psa_status_t mbedtls_test_transparent_pake_set_role(
mbedtls_transparent_test_driver_pake_operation_t *operation,
psa_pake_role_t role);
psa_status_t mbedtls_test_transparent_pake_output( psa_status_t mbedtls_test_transparent_pake_output(
mbedtls_transparent_test_driver_pake_operation_t *operation, mbedtls_transparent_test_driver_pake_operation_t *operation,
@ -94,7 +74,7 @@ psa_status_t mbedtls_test_transparent_pake_abort(
psa_status_t mbedtls_test_opaque_pake_setup( psa_status_t mbedtls_test_opaque_pake_setup(
mbedtls_opaque_test_driver_pake_operation_t *operation, mbedtls_opaque_test_driver_pake_operation_t *operation,
const psa_pake_cipher_suite_t *cipher_suite); const psa_crypto_driver_pake_inputs_t *inputs);
psa_status_t mbedtls_test_opaque_set_password_key( psa_status_t mbedtls_test_opaque_set_password_key(
const psa_key_attributes_t *attributes, const psa_key_attributes_t *attributes,

137
tests/src/drivers/test_driver_pake.c
View file

@ -35,7 +35,7 @@ mbedtls_test_driver_pake_hooks_t mbedtls_test_driver_pake_hooks =
psa_status_t mbedtls_test_transparent_pake_setup( psa_status_t mbedtls_test_transparent_pake_setup(
mbedtls_transparent_test_driver_pake_operation_t *operation, mbedtls_transparent_test_driver_pake_operation_t *operation,
const psa_pake_cipher_suite_t *cipher_suite) const psa_crypto_driver_pake_inputs_t *inputs)
{ {
mbedtls_test_driver_pake_hooks.hits++; mbedtls_test_driver_pake_hooks.hits++;
@ -47,139 +47,14 @@ psa_status_t mbedtls_test_transparent_pake_setup(
defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_PAKE) defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_PAKE)
mbedtls_test_driver_pake_hooks.driver_status = mbedtls_test_driver_pake_hooks.driver_status =
libtestdriver1_mbedtls_psa_pake_setup( libtestdriver1_mbedtls_psa_pake_setup(
operation, (const libtestdriver1_psa_pake_cipher_suite_t *) cipher_suite); operation, (const libtestdriver1_psa_crypto_driver_pake_inputs_t *) inputs);
#elif defined(MBEDTLS_PSA_BUILTIN_PAKE) #elif defined(MBEDTLS_PSA_BUILTIN_PAKE)
mbedtls_test_driver_pake_hooks.driver_status = mbedtls_test_driver_pake_hooks.driver_status =
mbedtls_psa_pake_setup( mbedtls_psa_pake_setup(
operation, cipher_suite); operation, inputs);
#else #else
(void) operation; (void) operation;
(void) cipher_suite; (void) inputs;
mbedtls_test_driver_pake_hooks.driver_status = PSA_ERROR_NOT_SUPPORTED;
#endif
}
return mbedtls_test_driver_pake_hooks.driver_status;
}
psa_status_t mbedtls_test_transparent_set_password_key(
const psa_key_attributes_t *attributes,
mbedtls_transparent_test_driver_pake_operation_t *operation,
uint8_t *key_buffer,
size_t key_size)
{
mbedtls_test_driver_pake_hooks.hits++;
if (mbedtls_test_driver_pake_hooks.forced_status != PSA_SUCCESS) {
mbedtls_test_driver_pake_hooks.driver_status =
mbedtls_test_driver_pake_hooks.forced_status;
} else {
#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \
defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_PAKE)
mbedtls_test_driver_pake_hooks.driver_status =
libtestdriver1_mbedtls_psa_pake_set_password_key(
(const libtestdriver1_psa_key_attributes_t *) attributes,
operation, key_buffer, key_size);
#elif defined(MBEDTLS_PSA_BUILTIN_PAKE)
mbedtls_test_driver_pake_hooks.driver_status =
mbedtls_psa_pake_set_password_key(
attributes, operation, key_buffer, key_size);
#else
(void) operation;
(void) key_buffer,
(void) key_size;
mbedtls_test_driver_pake_hooks.driver_status = PSA_ERROR_NOT_SUPPORTED;
#endif
}
return mbedtls_test_driver_pake_hooks.driver_status;
}
psa_status_t mbedtls_test_transparent_pake_set_user(
mbedtls_transparent_test_driver_pake_operation_t *operation,
const uint8_t *user_id,
size_t user_id_len)
{
mbedtls_test_driver_pake_hooks.hits++;
if (mbedtls_test_driver_pake_hooks.forced_status != PSA_SUCCESS) {
mbedtls_test_driver_pake_hooks.driver_status =
mbedtls_test_driver_pake_hooks.forced_status;
} else {
#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \
defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_PAKE)
mbedtls_test_driver_pake_hooks.driver_status =
libtestdriver1_mbedtls_psa_pake_set_user(
operation, user_id, user_id_len);
#elif defined(MBEDTLS_PSA_BUILTIN_PAKE)
mbedtls_test_driver_pake_hooks.driver_status =
mbedtls_psa_pake_set_user(
operation, user_id, user_id_len);
#else
(void) operation;
(void) user_id;
(void) user_id_len;
mbedtls_test_driver_pake_hooks.driver_status = PSA_ERROR_NOT_SUPPORTED;
#endif
}
return mbedtls_test_driver_pake_hooks.driver_status;
}
psa_status_t mbedtls_test_transparent_pake_set_peer(
mbedtls_transparent_test_driver_pake_operation_t *operation,
const uint8_t *peer_id,
size_t peer_id_len)
{
mbedtls_test_driver_pake_hooks.hits++;
if (mbedtls_test_driver_pake_hooks.forced_status != PSA_SUCCESS) {
mbedtls_test_driver_pake_hooks.driver_status =
mbedtls_test_driver_pake_hooks.forced_status;
} else {
#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \
defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_PAKE)
mbedtls_test_driver_pake_hooks.driver_status =
libtestdriver1_mbedtls_psa_pake_set_peer(
operation, peer_id, peer_id_len);
#elif defined(MBEDTLS_PSA_BUILTIN_PAKE)
mbedtls_test_driver_pake_hooks.driver_status =
mbedtls_psa_pake_set_peer(
operation, peer_id, peer_id_len);
#else
(void) operation;
(void) peer_id;
(void) peer_id_len;
mbedtls_test_driver_pake_hooks.driver_status = PSA_ERROR_NOT_SUPPORTED;
#endif
}
return mbedtls_test_driver_pake_hooks.driver_status;
}
psa_status_t mbedtls_test_transparent_pake_set_role(
mbedtls_transparent_test_driver_pake_operation_t *operation,
psa_pake_role_t role)
{
mbedtls_test_driver_pake_hooks.hits++;
if (mbedtls_test_driver_pake_hooks.forced_status != PSA_SUCCESS) {
mbedtls_test_driver_pake_hooks.driver_status =
mbedtls_test_driver_pake_hooks.forced_status;
} else {
#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \
defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_PAKE)
mbedtls_test_driver_pake_hooks.driver_status =
libtestdriver1_mbedtls_psa_pake_set_role(
operation, role);
#elif defined(MBEDTLS_PSA_BUILTIN_PAKE)
mbedtls_test_driver_pake_hooks.driver_status =
mbedtls_psa_pake_set_role(
operation, role);
#else
(void) operation;
(void) role;
mbedtls_test_driver_pake_hooks.driver_status = PSA_ERROR_NOT_SUPPORTED; mbedtls_test_driver_pake_hooks.driver_status = PSA_ERROR_NOT_SUPPORTED;
#endif #endif
} }
@ -329,10 +204,10 @@ psa_status_t mbedtls_test_transparent_pake_abort(
*/ */
psa_status_t mbedtls_test_opaque_pake_setup( psa_status_t mbedtls_test_opaque_pake_setup(
mbedtls_opaque_test_driver_pake_operation_t *operation, mbedtls_opaque_test_driver_pake_operation_t *operation,
const psa_pake_cipher_suite_t *cipher_suite) const psa_crypto_driver_pake_inputs_t *inputs)
{ {
(void) operation; (void) operation;
(void) cipher_suite; (void) inputs;
return PSA_ERROR_NOT_SUPPORTED; return PSA_ERROR_NOT_SUPPORTED;
} }