diff --git a/include/psa/crypto_extra.h b/include/psa/crypto_extra.h index da74bed17..4fa273d31 100644 --- a/include/psa/crypto_extra.h +++ b/include/psa/crypto_extra.h @@ -429,6 +429,9 @@ psa_status_t mbedtls_psa_inject_entropy(const uint8_t *seed, */ #define PSA_DH_FAMILY_CUSTOM ((psa_dh_family_t) 0x7e) +/** EC-JPAKE operation stages. */ +#define PSA_PAKE_OPERATION_STAGE_COLLECT_INPUTS 0 +#define PSA_PAKE_OPERATION_STAGE_COMPUTATION 1 /** * \brief Set domain parameters for a key. @@ -1286,6 +1289,9 @@ static void psa_pake_cs_set_hash(psa_pake_cipher_suite_t *cipher_suite, * Implementation details can change in future versions without notice. */ typedef struct psa_pake_operation_s psa_pake_operation_t; +/** The type of input values for PAKE operations. */ +typedef struct psa_crypto_driver_pake_inputs_s psa_crypto_driver_pake_inputs_t; + /** Return an initial value for a PAKE operation object. */ static psa_pake_operation_t psa_pake_operation_init(void); @@ -1826,7 +1832,7 @@ psa_status_t psa_pake_abort(psa_pake_operation_t *operation); /** Returns a suitable initializer for a PAKE operation object of type * psa_pake_operation_t. */ -#define PSA_PAKE_OPERATION_INIT { 0, { .dummy = 0 } } +#define PSA_PAKE_OPERATION_INIT { 0, PSA_PAKE_OPERATION_STAGE_COLLECT_INPUTS, { 0 } } struct psa_pake_cipher_suite_s { psa_algorithm_t algorithm; @@ -1897,6 +1903,15 @@ static inline void psa_pake_cs_set_hash(psa_pake_cipher_suite_t *cipher_suite, } } +struct psa_crypto_driver_pake_inputs_s { + psa_algorithm_t MBEDTLS_PRIVATE(alg); + uint8_t *MBEDTLS_PRIVATE(password); + size_t MBEDTLS_PRIVATE(password_len); + psa_pake_role_t MBEDTLS_PRIVATE(role); + psa_key_lifetime_t MBEDTLS_PRIVATE(key_lifetime); + psa_pake_cipher_suite_t MBEDTLS_PRIVATE(cipher_suite); +}; + struct psa_pake_operation_s { /** Unique ID indicating which driver got assigned to do the * operation. Since driver contexts are driver-specific, swapping @@ -1905,7 +1920,15 @@ struct psa_pake_operation_s { * ID value zero means the context is not valid or not assigned to * any driver (i.e. none of the driver contexts are active). */ unsigned int MBEDTLS_PRIVATE(id); - psa_driver_pake_context_t MBEDTLS_PRIVATE(ctx); + /* Based on stage (collecting inputs/computation) we select active structure of data union. + * While switching stage (when driver setup is called) collected inputs + are copied to the corresponding operation context. */ + uint8_t MBEDTLS_PRIVATE(stage); + union { + unsigned dummy; + psa_crypto_driver_pake_inputs_t MBEDTLS_PRIVATE(inputs); + psa_driver_pake_context_t MBEDTLS_PRIVATE(ctx); + } MBEDTLS_PRIVATE(data); }; static inline struct psa_pake_cipher_suite_s psa_pake_cipher_suite_init(void) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 18aa18ba8..4742c3cae 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -7180,7 +7180,29 @@ psa_status_t psa_pake_setup( psa_pake_operation_t *operation, const psa_pake_cipher_suite_t *cipher_suite) { - return psa_driver_wrapper_pake_setup(operation, cipher_suite); + if (operation->stage != PSA_PAKE_OPERATION_STAGE_COLLECT_INPUTS) { + return PSA_ERROR_BAD_STATE; + } + + if (operation->data.inputs.alg != PSA_ALG_NONE) { + return PSA_ERROR_BAD_STATE; + } + + if (cipher_suite == NULL || + PSA_ALG_IS_PAKE(cipher_suite->algorithm) == 0 || + (cipher_suite->type != PSA_PAKE_PRIMITIVE_TYPE_ECC && + cipher_suite->type != PSA_PAKE_PRIMITIVE_TYPE_DH) || + PSA_ALG_IS_HASH(cipher_suite->hash) == 0) { + return PSA_ERROR_INVALID_ARGUMENT; + } + + ; + memset(&operation->data.inputs, 0, sizeof(operation->data.inputs)); + + operation->data.inputs.alg = cipher_suite->algorithm; + operation->data.inputs.cipher_suite = *cipher_suite; + + return PSA_SUCCESS; } psa_status_t psa_pake_set_password_key( @@ -7191,7 +7213,11 @@ psa_status_t psa_pake_set_password_key( psa_status_t unlock_status = PSA_ERROR_CORRUPTION_DETECTED; psa_key_slot_t *slot = NULL; - if (operation->id == 0) { + if (operation->stage != PSA_PAKE_OPERATION_STAGE_COLLECT_INPUTS) { + return PSA_ERROR_BAD_STATE; + } + + if (operation->data.inputs.alg == PSA_ALG_NONE) { return PSA_ERROR_BAD_STATE; } @@ -7206,9 +7232,29 @@ psa_status_t psa_pake_set_password_key( .core = slot->attr }; - status = psa_driver_wrapper_pake_set_password_key(&attributes, operation, - slot->key.data, slot->key.bytes); + psa_key_type_t type = psa_get_key_type(&attributes); + psa_key_usage_t usage = psa_get_key_usage_flags(&attributes); + if (type != PSA_KEY_TYPE_PASSWORD && + type != PSA_KEY_TYPE_PASSWORD_HASH) { + status = PSA_ERROR_INVALID_ARGUMENT; + goto error; + } + + if ((usage & PSA_KEY_USAGE_DERIVE) == 0) { + status = PSA_ERROR_NOT_PERMITTED; + goto error; + } + + operation->data.inputs.password = mbedtls_calloc(1, slot->key.bytes); + if (operation->data.inputs.password == NULL) { + return PSA_ERROR_INSUFFICIENT_MEMORY; + } + + memcpy(operation->data.inputs.password, slot->key.data, slot->key.bytes); + operation->data.inputs.password_len = slot->key.bytes; + operation->data.inputs.key_lifetime = attributes.core.lifetime; +error: unlock_status = psa_unlock_key_slot(slot); return (status == PSA_SUCCESS) ? unlock_status : status; @@ -7219,16 +7265,21 @@ psa_status_t psa_pake_set_user( const uint8_t *user_id, size_t user_id_len) { - if (operation->id == 0) { + (void) user_id; + + if (operation->stage != PSA_PAKE_OPERATION_STAGE_COLLECT_INPUTS) { return PSA_ERROR_BAD_STATE; } - if (user_id_len == 0 || user_id == NULL) { + if (operation->data.inputs.alg == PSA_ALG_NONE) { + return PSA_ERROR_BAD_STATE; + } + + if (user_id_len == 0) { return PSA_ERROR_INVALID_ARGUMENT; } - return psa_driver_wrapper_pake_set_user(operation, user_id, - user_id_len); + return PSA_ERROR_NOT_SUPPORTED; } psa_status_t psa_pake_set_peer( @@ -7236,23 +7287,32 @@ psa_status_t psa_pake_set_peer( const uint8_t *peer_id, size_t peer_id_len) { - if (operation->id == 0) { + (void) peer_id; + + if (operation->stage != PSA_PAKE_OPERATION_STAGE_COLLECT_INPUTS) { return PSA_ERROR_BAD_STATE; } - if (peer_id_len == 0 || peer_id == NULL) { + if (operation->data.inputs.alg == PSA_ALG_NONE) { + return PSA_ERROR_BAD_STATE; + } + + if (peer_id_len == 0) { return PSA_ERROR_INVALID_ARGUMENT; } - return psa_driver_wrapper_pake_set_peer(operation, peer_id, - peer_id_len); + return PSA_ERROR_NOT_SUPPORTED; } psa_status_t psa_pake_set_role( psa_pake_operation_t *operation, psa_pake_role_t role) { - if (operation->id == 0) { + if (operation->stage != PSA_PAKE_OPERATION_STAGE_COLLECT_INPUTS) { + return PSA_ERROR_BAD_STATE; + } + + if (operation->data.inputs.alg == PSA_ALG_NONE) { return PSA_ERROR_BAD_STATE; } @@ -7264,7 +7324,9 @@ psa_status_t psa_pake_set_role( return PSA_ERROR_INVALID_ARGUMENT; } - return psa_driver_wrapper_pake_set_role(operation, role); + operation->data.inputs.role = role; + + return PSA_SUCCESS; } psa_status_t psa_pake_output( @@ -7274,11 +7336,34 @@ psa_status_t psa_pake_output( size_t output_size, size_t *output_length) { + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + + if (operation->stage == PSA_PAKE_OPERATION_STAGE_COLLECT_INPUTS) { + if (operation->data.inputs.alg == PSA_ALG_NONE || + operation->data.inputs.password_len == 0 || + operation->data.inputs.role == PSA_PAKE_ROLE_NONE) { + return PSA_ERROR_BAD_STATE; + } + + status = psa_driver_wrapper_pake_setup(operation, + &operation->data.inputs); + + if (status == PSA_SUCCESS) { + operation->stage = PSA_PAKE_OPERATION_STAGE_COMPUTATION; + } else { + return status; + } + } + + if (operation->stage != PSA_PAKE_OPERATION_STAGE_COMPUTATION) { + return PSA_ERROR_BAD_STATE; + } + if (operation->id == 0) { return PSA_ERROR_BAD_STATE; } - if (output == NULL || output_size == 0 || output_length == NULL) { + if (output == NULL || output_size == 0) { return PSA_ERROR_INVALID_ARGUMENT; } @@ -7292,6 +7377,29 @@ psa_status_t psa_pake_input( const uint8_t *input, size_t input_length) { + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + + if (operation->stage == PSA_PAKE_OPERATION_STAGE_COLLECT_INPUTS) { + if (operation->data.inputs.alg == PSA_ALG_NONE || + operation->data.inputs.password_len == 0 || + operation->data.inputs.role == PSA_PAKE_ROLE_NONE) { + return PSA_ERROR_BAD_STATE; + } + + status = psa_driver_wrapper_pake_setup(operation, + &operation->data.inputs); + + if (status == PSA_SUCCESS) { + operation->stage = PSA_PAKE_OPERATION_STAGE_COMPUTATION; + } else { + return status; + } + } + + if (operation->stage != PSA_PAKE_OPERATION_STAGE_COMPUTATION) { + return PSA_ERROR_BAD_STATE; + } + if (operation->id == 0) { return PSA_ERROR_BAD_STATE; } @@ -7341,8 +7449,10 @@ psa_status_t psa_pake_get_implicit_key( psa_status_t psa_pake_abort( psa_pake_operation_t *operation) { - /* Aborting a non-active operation is allowed */ - if (operation->id == 0) { + /* If we are in collecting inputs stage clear inputs. */ + if (operation->stage == PSA_PAKE_OPERATION_STAGE_COLLECT_INPUTS) { + mbedtls_free(operation->data.inputs.password); + memset(&operation->data.inputs, 0, sizeof(psa_crypto_driver_pake_inputs_t)); return PSA_SUCCESS; } diff --git a/library/psa_crypto_driver_wrappers.h b/library/psa_crypto_driver_wrappers.h index 78f2f9a28..abaabb544 100644 --- a/library/psa_crypto_driver_wrappers.h +++ b/library/psa_crypto_driver_wrappers.h @@ -417,27 +417,7 @@ psa_status_t psa_driver_wrapper_key_agreement( */ psa_status_t psa_driver_wrapper_pake_setup( psa_pake_operation_t *operation, - const psa_pake_cipher_suite_t *cipher_suite); - -psa_status_t psa_driver_wrapper_pake_set_password_key( - const psa_key_attributes_t *attributes, - psa_pake_operation_t *operation, - uint8_t *key_buffer, - size_t key_size); - -psa_status_t psa_driver_wrapper_pake_set_user( - psa_pake_operation_t *operation, - const uint8_t *user_id, - size_t user_id_len); - -psa_status_t psa_driver_wrapper_pake_set_peer( - psa_pake_operation_t *operation, - const uint8_t *peer_id, - size_t peer_id_len); - -psa_status_t psa_driver_wrapper_pake_set_role( - psa_pake_operation_t *operation, - psa_pake_role_t role); + const psa_crypto_driver_pake_inputs_t *inputs); psa_status_t psa_driver_wrapper_pake_output( psa_pake_operation_t *operation, diff --git a/library/psa_crypto_pake.c b/library/psa_crypto_pake.c index 1e5dca4e6..3a710dc60 100644 --- a/library/psa_crypto_pake.c +++ b/library/psa_crypto_pake.c @@ -192,36 +192,32 @@ static psa_status_t mbedtls_ecjpake_to_psa_error(int ret) #if defined(MBEDTLS_PSA_BUILTIN_PAKE) psa_status_t mbedtls_psa_pake_setup(mbedtls_psa_pake_operation_t *operation, - const psa_pake_cipher_suite_t *cipher_suite) + const psa_crypto_driver_pake_inputs_t *inputs) { psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - /* A context must be freshly initialized before it can be set up. */ - if (operation->alg != PSA_ALG_NONE) { - status = PSA_ERROR_BAD_STATE; - goto error; - } + uint8_t *password = inputs->password; + size_t password_len = inputs->password_len; + psa_pake_role_t role = inputs->role; + psa_pake_cipher_suite_t cipher_suite = inputs->cipher_suite; - if (cipher_suite == NULL || - PSA_ALG_IS_PAKE(cipher_suite->algorithm) == 0 || - (cipher_suite->type != PSA_PAKE_PRIMITIVE_TYPE_ECC && - cipher_suite->type != PSA_PAKE_PRIMITIVE_TYPE_DH) || - PSA_ALG_IS_HASH(cipher_suite->hash) == 0) { - status = PSA_ERROR_INVALID_ARGUMENT; - goto error; - } + memset(operation, 0, sizeof(mbedtls_psa_pake_operation_t)); #if defined(MBEDTLS_PSA_BUILTIN_ALG_JPAKE) - if (cipher_suite->algorithm == PSA_ALG_JPAKE) { - if (cipher_suite->type != PSA_PAKE_PRIMITIVE_TYPE_ECC || - cipher_suite->family != PSA_ECC_FAMILY_SECP_R1 || - cipher_suite->bits != 256 || - cipher_suite->hash != PSA_ALG_SHA_256) { + if (cipher_suite.algorithm == PSA_ALG_JPAKE) { + if (cipher_suite.type != PSA_PAKE_PRIMITIVE_TYPE_ECC || + cipher_suite.family != PSA_ECC_FAMILY_SECP_R1 || + cipher_suite.bits != 256 || + cipher_suite.hash != PSA_ALG_SHA_256) { status = PSA_ERROR_NOT_SUPPORTED; goto error; } - operation->alg = cipher_suite->algorithm; + if (role != PSA_PAKE_ROLE_CLIENT && + role != PSA_PAKE_ROLE_SERVER) { + status = PSA_ERROR_NOT_SUPPORTED; + goto error; + } mbedtls_ecjpake_init(&operation->ctx.pake); @@ -229,8 +225,10 @@ psa_status_t mbedtls_psa_pake_setup(mbedtls_psa_pake_operation_t *operation, operation->sequence = PSA_PAKE_SEQ_INVALID; operation->input_step = PSA_PAKE_STEP_X1_X2; operation->output_step = PSA_PAKE_STEP_X1_X2; - operation->password_len = 0; - operation->password = NULL; + operation->password_len = password_len; + operation->password = password; + operation->role = role; + operation->alg = cipher_suite.algorithm; mbedtls_platform_zeroize(operation->buffer, MBEDTLS_PSA_PAKE_BUFFER_SIZE); operation->buffer_length = 0; @@ -240,149 +238,16 @@ psa_status_t mbedtls_psa_pake_setup(mbedtls_psa_pake_operation_t *operation, } else #else (void) operation; - (void) cipher_suite; + (void) inputs; #endif { status = PSA_ERROR_NOT_SUPPORTED; } error: + mbedtls_free(password); mbedtls_psa_pake_abort(operation); return status; } -psa_status_t mbedtls_psa_pake_set_password_key(const psa_key_attributes_t *attributes, - mbedtls_psa_pake_operation_t *operation, - uint8_t *password, - size_t password_len) -{ - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - psa_key_type_t type = psa_get_key_type(attributes); - psa_key_usage_t usage = psa_get_key_usage_flags(attributes); - - if (type != PSA_KEY_TYPE_PASSWORD && - type != PSA_KEY_TYPE_PASSWORD_HASH) { - status = PSA_ERROR_INVALID_ARGUMENT; - goto error; - } - - if ((usage & PSA_KEY_USAGE_DERIVE) == 0) { - status = PSA_ERROR_NOT_PERMITTED; - goto error; - } - - if (operation->alg == PSA_ALG_NONE) { - status = PSA_ERROR_BAD_STATE; - goto error; - } - - if (operation->state != PSA_PAKE_STATE_SETUP) { - status = PSA_ERROR_BAD_STATE; - goto error; - } - - if (operation->password != NULL) { - status = PSA_ERROR_BAD_STATE; - goto error; - } - - operation->password = mbedtls_calloc(1, password_len); - if (operation->password == NULL) { - return PSA_ERROR_INSUFFICIENT_MEMORY; - } - - memcpy(operation->password, password, password_len); - operation->password_len = password_len; - - return PSA_SUCCESS; - -error: - mbedtls_psa_pake_abort(operation); - return status; -} - -psa_status_t mbedtls_psa_pake_set_user(mbedtls_psa_pake_operation_t *operation, - const uint8_t *user_id, - size_t user_id_len) -{ - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - (void) user_id; - (void) user_id_len; - - if (operation->alg == PSA_ALG_NONE) { - return PSA_ERROR_BAD_STATE; - } - - if (operation->state != PSA_PAKE_STATE_SETUP) { - status = PSA_ERROR_BAD_STATE; - goto error; - } - - status = PSA_ERROR_NOT_SUPPORTED; - -error: - mbedtls_psa_pake_abort(operation); - return status; -} - -psa_status_t mbedtls_psa_pake_set_peer(mbedtls_psa_pake_operation_t *operation, - const uint8_t *peer_id, - size_t peer_id_len) -{ - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - (void) peer_id; - (void) peer_id_len; - - if (operation->alg == PSA_ALG_NONE) { - status = PSA_ERROR_BAD_STATE; - goto error; - } - - if (operation->state != PSA_PAKE_STATE_SETUP) { - status = PSA_ERROR_BAD_STATE; - goto error; - } - - status = PSA_ERROR_NOT_SUPPORTED; - -error: - mbedtls_psa_pake_abort(operation); - return status; -} - -psa_status_t mbedtls_psa_pake_set_role(mbedtls_psa_pake_operation_t *operation, - psa_pake_role_t role) -{ - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - if (operation->alg == PSA_ALG_NONE) { - status = PSA_ERROR_BAD_STATE; - goto error; - } - - if (operation->state != PSA_PAKE_STATE_SETUP) { - status = PSA_ERROR_BAD_STATE; - goto error; - } - -#if defined(MBEDTLS_PSA_BUILTIN_ALG_JPAKE) - if (operation->alg == PSA_ALG_JPAKE) { - if (role != PSA_PAKE_ROLE_CLIENT && - role != PSA_PAKE_ROLE_SERVER) { - return PSA_ERROR_NOT_SUPPORTED; - } - - operation->role = role; - - return PSA_SUCCESS; - } else -#else - (void) role; -#endif - - { status = PSA_ERROR_NOT_SUPPORTED; } - -error: - mbedtls_psa_pake_abort(operation); - return status; -} #if defined(MBEDTLS_PSA_BUILTIN_ALG_JPAKE) static psa_status_t psa_pake_ecjpake_setup(mbedtls_psa_pake_operation_t *operation) diff --git a/library/psa_crypto_pake.h b/library/psa_crypto_pake.h index 9256f5a14..4768cee11 100644 --- a/library/psa_crypto_pake.h +++ b/library/psa_crypto_pake.h @@ -94,178 +94,8 @@ * results in this error code. */ psa_status_t mbedtls_psa_pake_setup(mbedtls_psa_pake_operation_t *operation, - const psa_pake_cipher_suite_t *cipher_suite); + const psa_crypto_driver_pake_inputs_t *inputs); -/** Set the password for a password-authenticated key exchange from key ID. - * - * Call this function when the password, or a value derived from the password, - * is already present in the key store. - * \param[in] attributes The attributes of the key to use for the - * operation. - * \param[in,out] operation The operation object to set the password for. It - * must have been set up by psa_pake_setup() and - * not yet in use (neither psa_pake_output() nor - * psa_pake_input() has been called yet). It must - * be on operation for which the password hasn't - * been set yet (psa_pake_set_password_key() - * hasn't been called yet). - * \param password Buffer holding the password - * \param password_len Password buffer size - * - * \retval #PSA_SUCCESS - * Success. - * \retval #PSA_ERROR_INVALID_HANDLE - * \p password is not a valid key identifier. - * \retval #PSA_ERROR_NOT_PERMITTED - * The key does not have the #PSA_KEY_USAGE_DERIVE flag, or it does not - * permit the \p operation's algorithm. - * \retval #PSA_ERROR_INVALID_ARGUMENT - * The key type for \p password is not #PSA_KEY_TYPE_PASSWORD or - * #PSA_KEY_TYPE_PASSWORD_HASH, or \p password is not compatible with - * the \p operation's cipher suite. - * \retval #PSA_ERROR_NOT_SUPPORTED - * The key type or key size of \p password is not supported with the - * \p operation's cipher suite. - * \retval #PSA_ERROR_COMMUNICATION_FAILURE - * \retval #PSA_ERROR_CORRUPTION_DETECTED - * \retval #PSA_ERROR_STORAGE_FAILURE - * \retval #PSA_ERROR_DATA_CORRUPT - * \retval #PSA_ERROR_DATA_INVALID - * \retval #PSA_ERROR_BAD_STATE - * The operation state is not valid (it must have been set up.), or - * the library has not been previously initialized by psa_crypto_init(). - * It is implementation-dependent whether a failure to initialize - * results in this error code. - */ -psa_status_t mbedtls_psa_pake_set_password_key( - const psa_key_attributes_t *attributes, - mbedtls_psa_pake_operation_t *operation, - uint8_t *password, - size_t password_len); - -/** Set the user ID for a password-authenticated key exchange. - * - * Call this function to set the user ID. For PAKE algorithms that associate a - * user identifier with each side of the session you need to call - * psa_pake_set_peer() as well. For PAKE algorithms that associate a single - * user identifier with the session, call psa_pake_set_user() only. - * - * Refer to the documentation of individual PAKE algorithm types (`PSA_ALG_XXX` - * values of type ::psa_algorithm_t such that #PSA_ALG_IS_PAKE(\c alg) is true) - * for more information. - * - * \param[in,out] operation The operation object to set the user ID for. It - * must have been set up by psa_pake_setup() and - * not yet in use (neither psa_pake_output() nor - * psa_pake_input() has been called yet). It must - * be on operation for which the user ID hasn't - * been set (psa_pake_set_user() hasn't been - * called yet). - * \param[in] user_id The user ID to authenticate with. - * \param user_id_len Size of the \p user_id buffer in bytes. - * - * \retval #PSA_SUCCESS - * Success. - * \retval #PSA_ERROR_INVALID_ARGUMENT - * \p user_id is not valid for the \p operation's algorithm and cipher - * suite. - * \retval #PSA_ERROR_NOT_SUPPORTED - * The value of \p user_id is not supported by the implementation. - * \retval #PSA_ERROR_INSUFFICIENT_MEMORY - * \retval #PSA_ERROR_COMMUNICATION_FAILURE - * \retval #PSA_ERROR_CORRUPTION_DETECTED - * \retval #PSA_ERROR_BAD_STATE - * The operation state is not valid, or - * the library has not been previously initialized by psa_crypto_init(). - * It is implementation-dependent whether a failure to initialize - * results in this error code. - */ -psa_status_t mbedtls_psa_pake_set_user(mbedtls_psa_pake_operation_t *operation, - const uint8_t *user_id, - size_t user_id_len); - -/** Set the peer ID for a password-authenticated key exchange. - * - * Call this function in addition to psa_pake_set_user() for PAKE algorithms - * that associate a user identifier with each side of the session. For PAKE - * algorithms that associate a single user identifier with the session, call - * psa_pake_set_user() only. - * - * Refer to the documentation of individual PAKE algorithm types (`PSA_ALG_XXX` - * values of type ::psa_algorithm_t such that #PSA_ALG_IS_PAKE(\c alg) is true) - * for more information. - * - * \param[in,out] operation The operation object to set the peer ID for. It - * must have been set up by psa_pake_setup() and - * not yet in use (neither psa_pake_output() nor - * psa_pake_input() has been called yet). It must - * be on operation for which the peer ID hasn't - * been set (psa_pake_set_peer() hasn't been - * called yet). - * \param[in] peer_id The peer's ID to authenticate. - * \param peer_id_len Size of the \p peer_id buffer in bytes. - * - * \retval #PSA_SUCCESS - * Success. - * \retval #PSA_ERROR_INVALID_ARGUMENT - * \p user_id is not valid for the \p operation's algorithm and cipher - * suite. - * \retval #PSA_ERROR_NOT_SUPPORTED - * The algorithm doesn't associate a second identity with the session. - * \retval #PSA_ERROR_INSUFFICIENT_MEMORY - * \retval #PSA_ERROR_COMMUNICATION_FAILURE - * \retval #PSA_ERROR_CORRUPTION_DETECTED - * \retval #PSA_ERROR_BAD_STATE - * Calling psa_pake_set_peer() is invalid with the \p operation's - * algorithm, the operation state is not valid, or the library has not - * been previously initialized by psa_crypto_init(). - * It is implementation-dependent whether a failure to initialize - * results in this error code. - */ -psa_status_t mbedtls_psa_pake_set_peer(mbedtls_psa_pake_operation_t *operation, - const uint8_t *peer_id, - size_t peer_id_len); - -/** Set the application role for a password-authenticated key exchange. - * - * Not all PAKE algorithms need to differentiate the communicating entities. - * It is optional to call this function for PAKEs that don't require a role - * to be specified. For such PAKEs the application role parameter is ignored, - * or #PSA_PAKE_ROLE_NONE can be passed as \c role. - * - * Refer to the documentation of individual PAKE algorithm types (`PSA_ALG_XXX` - * values of type ::psa_algorithm_t such that #PSA_ALG_IS_PAKE(\c alg) is true) - * for more information. - * - * \param[in,out] operation The operation object to specify the - * application's role for. It must have been set up - * by psa_pake_setup() and not yet in use (neither - * psa_pake_output() nor psa_pake_input() has been - * called yet). It must be on operation for which - * the application's role hasn't been specified - * (psa_pake_set_role() hasn't been called yet). - * \param role A value of type ::psa_pake_role_t indicating the - * application's role in the PAKE the algorithm - * that is being set up. For more information see - * the documentation of \c PSA_PAKE_ROLE_XXX - * constants. - * - * \retval #PSA_SUCCESS - * Success. - * \retval #PSA_ERROR_INVALID_ARGUMENT - * The \p role is not a valid PAKE role in the \p operation’s algorithm. - * \retval #PSA_ERROR_NOT_SUPPORTED - * The \p role for this algorithm is not supported or is not valid. - * \retval #PSA_ERROR_COMMUNICATION_FAILURE - * \retval #PSA_ERROR_CORRUPTION_DETECTED - * \retval #PSA_ERROR_BAD_STATE - * The operation state is not valid, or - * the library has not been previously initialized by psa_crypto_init(). - * It is implementation-dependent whether a failure to initialize - * results in this error code. - */ -psa_status_t mbedtls_psa_pake_set_role(mbedtls_psa_pake_operation_t *operation, - psa_pake_role_t role); /** Get output for a step of a password-authenticated key exchange. * diff --git a/scripts/data_files/driver_templates/psa_crypto_driver_wrappers.c.jinja b/scripts/data_files/driver_templates/psa_crypto_driver_wrappers.c.jinja index 9a7b64547..21a3b5f91 100644 --- a/scripts/data_files/driver_templates/psa_crypto_driver_wrappers.c.jinja +++ b/scripts/data_files/driver_templates/psa_crypto_driver_wrappers.c.jinja @@ -2811,64 +2811,12 @@ psa_status_t psa_driver_wrapper_key_agreement( psa_status_t psa_driver_wrapper_pake_setup( psa_pake_operation_t *operation, - const psa_pake_cipher_suite_t *cipher_suite ) + const psa_crypto_driver_pake_inputs_t *inputs ) { psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - /* Try setup on accelerators first */ -#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) -#if defined(PSA_CRYPTO_DRIVER_TEST) - status = mbedtls_test_transparent_pake_setup( - &operation->ctx.transparent_test_driver_ctx, - (const psa_pake_cipher_suite_t*) cipher_suite ); - if( status == PSA_SUCCESS ) - operation->id = MBEDTLS_TEST_TRANSPARENT_DRIVER_ID; - - if( status != PSA_ERROR_NOT_SUPPORTED ) - return( status ); -#endif /* PSA_CRYPTO_DRIVER_TEST */ -#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ - - /* If software fallback is compiled in, try fallback */ -#if defined(MBEDTLS_PSA_BUILTIN_PAKE) - status = mbedtls_psa_pake_setup( &operation->ctx.mbedtls_ctx, cipher_suite ); - if( status == PSA_SUCCESS ) - operation->id = PSA_CRYPTO_MBED_TLS_DRIVER_ID; - - if( status != PSA_ERROR_NOT_SUPPORTED ) - return( status ); -#endif /* MBEDTLS_PSA_BUILTIN_PAKE */ - - /* Add cases for opaque driver here */ -#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) -#if defined(PSA_CRYPTO_DRIVER_TEST) - status = mbedtls_test_opaque_pake_setup( - &operation->ctx.opaque_test_driver_ctx, - (const psa_pake_cipher_suite_t*) cipher_suite ); - if( status == PSA_SUCCESS ) - operation->id = MBEDTLS_TEST_OPAQUE_DRIVER_ID; - - if( status != PSA_ERROR_NOT_SUPPORTED ) - return( status ); -#endif /* PSA_CRYPTO_DRIVER_TEST */ -#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ - - /* Nothing left to try if we fall through here */ - (void) status; - (void) operation; - (void) cipher_suite; - return( PSA_ERROR_NOT_SUPPORTED ); -} - -psa_status_t psa_driver_wrapper_pake_set_password_key( - const psa_key_attributes_t *attributes, - psa_pake_operation_t *operation, - uint8_t *key_buffer, - size_t key_size ) -{ - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; psa_key_location_t location = - PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime ); + PSA_KEY_LIFETIME_GET_LOCATION( inputs->key_lifetime ); switch( location ) { @@ -2877,135 +2825,44 @@ psa_status_t psa_driver_wrapper_pake_set_password_key( * cycle through all known transparent accelerators */ #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) #if defined(PSA_CRYPTO_DRIVER_TEST) - status = mbedtls_test_transparent_set_password_key( - attributes, - &operation->ctx.transparent_test_driver_ctx, - key_buffer, key_size ); + status = mbedtls_test_transparent_pake_setup( + &operation->data.ctx.transparent_test_driver_ctx, + inputs ); + if( status == PSA_SUCCESS ) + operation->id = MBEDTLS_TEST_TRANSPARENT_DRIVER_ID; /* Declared with fallback == true */ if( status != PSA_ERROR_NOT_SUPPORTED ) return( status ); #endif /* PSA_CRYPTO_DRIVER_TEST */ #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ #if defined(MBEDTLS_PSA_BUILTIN_PAKE) - return( mbedtls_psa_pake_set_password_key( - attributes, &operation->ctx.mbedtls_ctx, - key_buffer, key_size ) ); + status = mbedtls_psa_pake_setup( &operation->data.ctx.mbedtls_ctx, + inputs ); + if( status == PSA_SUCCESS ) + operation->id = PSA_CRYPTO_MBED_TLS_DRIVER_ID; + return status; #endif return( PSA_ERROR_NOT_SUPPORTED ); /* Add cases for opaque driver here */ #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) #if defined(PSA_CRYPTO_DRIVER_TEST) case PSA_CRYPTO_TEST_DRIVER_LOCATION: - return( mbedtls_test_opaque_set_password_key( - attributes, - &operation->ctx.opaque_test_driver_ctx, - key_buffer, key_size ) ); + status = mbedtls_test_opaque_pake_setup( + &operation->data.ctx.opaque_test_driver_ctx, + inputs ); + if( status == PSA_SUCCESS ) + operation->id = MBEDTLS_TEST_OPAQUE_DRIVER_ID; + return status; #endif /* PSA_CRYPTO_DRIVER_TEST */ #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ - default: /* Key is declared with a lifetime not known to us */ (void)operation; + (void)inputs; (void)status; - (void)key_buffer; - (void)key_size; return( PSA_ERROR_INVALID_ARGUMENT ); } } - -psa_status_t psa_driver_wrapper_pake_set_user( - psa_pake_operation_t *operation, - const uint8_t *user_id, - size_t user_id_len ) -{ - switch( operation->id ) - { -#if defined(MBEDTLS_PSA_BUILTIN_PAKE) - case PSA_CRYPTO_MBED_TLS_DRIVER_ID: - return( mbedtls_psa_pake_set_user( &operation->ctx.mbedtls_ctx, - user_id, user_id_len ) ); -#endif /* MBEDTLS_PSA_BUILTIN_PAKE */ - -#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) -#if defined(PSA_CRYPTO_DRIVER_TEST) - case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID: - return( mbedtls_test_transparent_pake_set_user( - &operation->ctx.transparent_test_driver_ctx, - user_id, user_id_len ) ); - case MBEDTLS_TEST_OPAQUE_DRIVER_ID: - return( mbedtls_test_opaque_pake_set_user( - &operation->ctx.opaque_test_driver_ctx, - user_id, user_id_len ) ); -#endif /* PSA_CRYPTO_DRIVER_TEST */ -#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ - default: - (void) user_id; - (void) user_id_len; - return( PSA_ERROR_INVALID_ARGUMENT ); - } -} - -psa_status_t psa_driver_wrapper_pake_set_peer( - psa_pake_operation_t *operation, - const uint8_t *peer_id, - size_t peer_id_len ) -{ - switch( operation->id ) - { -#if defined(MBEDTLS_PSA_BUILTIN_PAKE) - case PSA_CRYPTO_MBED_TLS_DRIVER_ID: - return( mbedtls_psa_pake_set_peer( &operation->ctx.mbedtls_ctx, - peer_id, peer_id_len ) ); -#endif /* MBEDTLS_PSA_BUILTIN_PAKE */ - -#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) -#if defined(PSA_CRYPTO_DRIVER_TEST) - case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID: - return( mbedtls_test_transparent_pake_set_peer( - &operation->ctx.transparent_test_driver_ctx, - peer_id, peer_id_len ) ); - case MBEDTLS_TEST_OPAQUE_DRIVER_ID: - return( mbedtls_test_opaque_pake_set_peer( - &operation->ctx.opaque_test_driver_ctx, - peer_id, peer_id_len ) ); -#endif /* PSA_CRYPTO_DRIVER_TEST */ -#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ - default: - (void) peer_id; - (void) peer_id_len; - return( PSA_ERROR_INVALID_ARGUMENT ); - } -} - -psa_status_t psa_driver_wrapper_pake_set_role( - psa_pake_operation_t *operation, - psa_pake_role_t role ) -{ - switch( operation->id ) - { -#if defined(MBEDTLS_PSA_BUILTIN_PAKE) - case PSA_CRYPTO_MBED_TLS_DRIVER_ID: - return( mbedtls_psa_pake_set_role( &operation->ctx.mbedtls_ctx, role ) ); -#endif /* MBEDTLS_PSA_BUILTIN_PAKE */ - -#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) -#if defined(PSA_CRYPTO_DRIVER_TEST) - case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID: - return( mbedtls_test_transparent_pake_set_role( - &operation->ctx.transparent_test_driver_ctx, - role ) ); - case MBEDTLS_TEST_OPAQUE_DRIVER_ID: - return( mbedtls_test_opaque_pake_set_role( - &operation->ctx.opaque_test_driver_ctx, - role ) ); -#endif /* PSA_CRYPTO_DRIVER_TEST */ -#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ - default: - (void) role; - return( PSA_ERROR_INVALID_ARGUMENT ); - } -} - psa_status_t psa_driver_wrapper_pake_output( psa_pake_operation_t *operation, psa_pake_step_t step, @@ -3017,7 +2874,7 @@ psa_status_t psa_driver_wrapper_pake_output( { #if defined(MBEDTLS_PSA_BUILTIN_PAKE) case PSA_CRYPTO_MBED_TLS_DRIVER_ID: - return( mbedtls_psa_pake_output( &operation->ctx.mbedtls_ctx, step, output, + return( mbedtls_psa_pake_output( &operation->data.ctx.mbedtls_ctx, step, output, output_size, output_length ) ); #endif /* MBEDTLS_PSA_BUILTIN_PAKE */ @@ -3025,11 +2882,11 @@ psa_status_t psa_driver_wrapper_pake_output( #if defined(PSA_CRYPTO_DRIVER_TEST) case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID: return( mbedtls_test_transparent_pake_output( - &operation->ctx.transparent_test_driver_ctx, + &operation->data.ctx.transparent_test_driver_ctx, step, output, output_size, output_length ) ); case MBEDTLS_TEST_OPAQUE_DRIVER_ID: return( mbedtls_test_opaque_pake_output( - &operation->ctx.opaque_test_driver_ctx, + &operation->data.ctx.opaque_test_driver_ctx, step, output, output_size, output_length ) ); #endif /* PSA_CRYPTO_DRIVER_TEST */ #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ @@ -3052,7 +2909,7 @@ psa_status_t psa_driver_wrapper_pake_input( { #if defined(MBEDTLS_PSA_BUILTIN_PAKE) case PSA_CRYPTO_MBED_TLS_DRIVER_ID: - return( mbedtls_psa_pake_input( &operation->ctx.mbedtls_ctx, + return( mbedtls_psa_pake_input( &operation->data.ctx.mbedtls_ctx, step, input, input_length ) ); #endif /* MBEDTLS_PSA_BUILTIN_PAKE */ @@ -3060,11 +2917,11 @@ psa_status_t psa_driver_wrapper_pake_input( #if defined(PSA_CRYPTO_DRIVER_TEST) case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID: return( mbedtls_test_transparent_pake_input( - &operation->ctx.transparent_test_driver_ctx, + &operation->data.ctx.transparent_test_driver_ctx, step, input, input_length ) ); case MBEDTLS_TEST_OPAQUE_DRIVER_ID: return( mbedtls_test_opaque_pake_input( - &operation->ctx.opaque_test_driver_ctx, + &operation->data.ctx.opaque_test_driver_ctx, step, input, input_length ) ); #endif /* PSA_CRYPTO_DRIVER_TEST */ #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ @@ -3084,18 +2941,18 @@ psa_status_t psa_driver_wrapper_pake_get_implicit_key( { #if defined(MBEDTLS_PSA_BUILTIN_PAKE) case PSA_CRYPTO_MBED_TLS_DRIVER_ID: - return( mbedtls_psa_pake_get_implicit_key( &operation->ctx.mbedtls_ctx, output, output_size ) ); + return( mbedtls_psa_pake_get_implicit_key( &operation->data.ctx.mbedtls_ctx, output, output_size ) ); #endif /* MBEDTLS_PSA_BUILTIN_PAKE */ #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) #if defined(PSA_CRYPTO_DRIVER_TEST) case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID: return( mbedtls_test_transparent_pake_get_implicit_key( - &operation->ctx.transparent_test_driver_ctx, + &operation->data.ctx.transparent_test_driver_ctx, output, output_size ) ); case MBEDTLS_TEST_OPAQUE_DRIVER_ID: return( mbedtls_test_opaque_pake_get_implicit_key( - &operation->ctx.opaque_test_driver_ctx, + &operation->data.ctx.opaque_test_driver_ctx, output, output_size ) ); #endif /* PSA_CRYPTO_DRIVER_TEST */ #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ @@ -3113,17 +2970,17 @@ psa_status_t psa_driver_wrapper_pake_abort( { #if defined(MBEDTLS_PSA_BUILTIN_PAKE) case PSA_CRYPTO_MBED_TLS_DRIVER_ID: - return( mbedtls_psa_pake_abort( &operation->ctx.mbedtls_ctx ) ); + return( mbedtls_psa_pake_abort( &operation->data.ctx.mbedtls_ctx ) ); #endif /* MBEDTLS_PSA_BUILTIN_PAKE */ #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) #if defined(PSA_CRYPTO_DRIVER_TEST) case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID: return( mbedtls_test_transparent_pake_abort( - &operation->ctx.transparent_test_driver_ctx ) ); + &operation->data.ctx.transparent_test_driver_ctx ) ); case MBEDTLS_TEST_OPAQUE_DRIVER_ID: return( mbedtls_test_opaque_pake_abort( - &operation->ctx.opaque_test_driver_ctx ) ); + &operation->data.ctx.opaque_test_driver_ctx ) ); #endif /* PSA_CRYPTO_DRIVER_TEST */ #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ default: diff --git a/tests/include/test/drivers/pake.h b/tests/include/test/drivers/pake.h index 5ee401b7d..b1d3d4474 100644 --- a/tests/include/test/drivers/pake.h +++ b/tests/include/test/drivers/pake.h @@ -50,27 +50,7 @@ extern mbedtls_test_driver_pake_hooks_t mbedtls_test_driver_pake_hooks; psa_status_t mbedtls_test_transparent_pake_setup( mbedtls_transparent_test_driver_pake_operation_t *operation, - const psa_pake_cipher_suite_t *cipher_suite); - -psa_status_t mbedtls_test_transparent_set_password_key( - const psa_key_attributes_t *attributes, - mbedtls_transparent_test_driver_pake_operation_t *operation, - uint8_t *key_buffer, - size_t key_size); - -psa_status_t mbedtls_test_transparent_pake_set_user( - mbedtls_transparent_test_driver_pake_operation_t *operation, - const uint8_t *user_id, - size_t user_id_len); - -psa_status_t mbedtls_test_transparent_pake_set_peer( - mbedtls_transparent_test_driver_pake_operation_t *operation, - const uint8_t *peer_id, - size_t peer_id_len); - -psa_status_t mbedtls_test_transparent_pake_set_role( - mbedtls_transparent_test_driver_pake_operation_t *operation, - psa_pake_role_t role); + const psa_crypto_driver_pake_inputs_t *inputs); psa_status_t mbedtls_test_transparent_pake_output( mbedtls_transparent_test_driver_pake_operation_t *operation, @@ -94,7 +74,7 @@ psa_status_t mbedtls_test_transparent_pake_abort( psa_status_t mbedtls_test_opaque_pake_setup( mbedtls_opaque_test_driver_pake_operation_t *operation, - const psa_pake_cipher_suite_t *cipher_suite); + const psa_crypto_driver_pake_inputs_t *inputs); psa_status_t mbedtls_test_opaque_set_password_key( const psa_key_attributes_t *attributes, diff --git a/tests/src/drivers/test_driver_pake.c b/tests/src/drivers/test_driver_pake.c index 3495705d6..06168a142 100644 --- a/tests/src/drivers/test_driver_pake.c +++ b/tests/src/drivers/test_driver_pake.c @@ -35,7 +35,7 @@ mbedtls_test_driver_pake_hooks_t mbedtls_test_driver_pake_hooks = psa_status_t mbedtls_test_transparent_pake_setup( mbedtls_transparent_test_driver_pake_operation_t *operation, - const psa_pake_cipher_suite_t *cipher_suite) + const psa_crypto_driver_pake_inputs_t *inputs) { mbedtls_test_driver_pake_hooks.hits++; @@ -47,139 +47,14 @@ psa_status_t mbedtls_test_transparent_pake_setup( defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_PAKE) mbedtls_test_driver_pake_hooks.driver_status = libtestdriver1_mbedtls_psa_pake_setup( - operation, (const libtestdriver1_psa_pake_cipher_suite_t *) cipher_suite); + operation, (const libtestdriver1_psa_crypto_driver_pake_inputs_t *) inputs); #elif defined(MBEDTLS_PSA_BUILTIN_PAKE) mbedtls_test_driver_pake_hooks.driver_status = mbedtls_psa_pake_setup( - operation, cipher_suite); + operation, inputs); #else (void) operation; - (void) cipher_suite; - mbedtls_test_driver_pake_hooks.driver_status = PSA_ERROR_NOT_SUPPORTED; -#endif - } - - return mbedtls_test_driver_pake_hooks.driver_status; -} - -psa_status_t mbedtls_test_transparent_set_password_key( - const psa_key_attributes_t *attributes, - mbedtls_transparent_test_driver_pake_operation_t *operation, - uint8_t *key_buffer, - size_t key_size) -{ - mbedtls_test_driver_pake_hooks.hits++; - - if (mbedtls_test_driver_pake_hooks.forced_status != PSA_SUCCESS) { - mbedtls_test_driver_pake_hooks.driver_status = - mbedtls_test_driver_pake_hooks.forced_status; - } else { -#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ - defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_PAKE) - mbedtls_test_driver_pake_hooks.driver_status = - libtestdriver1_mbedtls_psa_pake_set_password_key( - (const libtestdriver1_psa_key_attributes_t *) attributes, - operation, key_buffer, key_size); -#elif defined(MBEDTLS_PSA_BUILTIN_PAKE) - mbedtls_test_driver_pake_hooks.driver_status = - mbedtls_psa_pake_set_password_key( - attributes, operation, key_buffer, key_size); -#else - (void) operation; - (void) key_buffer, - (void) key_size; - mbedtls_test_driver_pake_hooks.driver_status = PSA_ERROR_NOT_SUPPORTED; -#endif - } - - return mbedtls_test_driver_pake_hooks.driver_status; -} - -psa_status_t mbedtls_test_transparent_pake_set_user( - mbedtls_transparent_test_driver_pake_operation_t *operation, - const uint8_t *user_id, - size_t user_id_len) -{ - mbedtls_test_driver_pake_hooks.hits++; - - if (mbedtls_test_driver_pake_hooks.forced_status != PSA_SUCCESS) { - mbedtls_test_driver_pake_hooks.driver_status = - mbedtls_test_driver_pake_hooks.forced_status; - } else { -#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ - defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_PAKE) - mbedtls_test_driver_pake_hooks.driver_status = - libtestdriver1_mbedtls_psa_pake_set_user( - operation, user_id, user_id_len); -#elif defined(MBEDTLS_PSA_BUILTIN_PAKE) - mbedtls_test_driver_pake_hooks.driver_status = - mbedtls_psa_pake_set_user( - operation, user_id, user_id_len); -#else - (void) operation; - (void) user_id; - (void) user_id_len; - mbedtls_test_driver_pake_hooks.driver_status = PSA_ERROR_NOT_SUPPORTED; -#endif - } - - return mbedtls_test_driver_pake_hooks.driver_status; -} - - -psa_status_t mbedtls_test_transparent_pake_set_peer( - mbedtls_transparent_test_driver_pake_operation_t *operation, - const uint8_t *peer_id, - size_t peer_id_len) -{ - mbedtls_test_driver_pake_hooks.hits++; - - if (mbedtls_test_driver_pake_hooks.forced_status != PSA_SUCCESS) { - mbedtls_test_driver_pake_hooks.driver_status = - mbedtls_test_driver_pake_hooks.forced_status; - } else { -#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ - defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_PAKE) - mbedtls_test_driver_pake_hooks.driver_status = - libtestdriver1_mbedtls_psa_pake_set_peer( - operation, peer_id, peer_id_len); -#elif defined(MBEDTLS_PSA_BUILTIN_PAKE) - mbedtls_test_driver_pake_hooks.driver_status = - mbedtls_psa_pake_set_peer( - operation, peer_id, peer_id_len); -#else - (void) operation; - (void) peer_id; - (void) peer_id_len; - mbedtls_test_driver_pake_hooks.driver_status = PSA_ERROR_NOT_SUPPORTED; -#endif - } - - return mbedtls_test_driver_pake_hooks.driver_status; -} - -psa_status_t mbedtls_test_transparent_pake_set_role( - mbedtls_transparent_test_driver_pake_operation_t *operation, - psa_pake_role_t role) -{ - mbedtls_test_driver_pake_hooks.hits++; - - if (mbedtls_test_driver_pake_hooks.forced_status != PSA_SUCCESS) { - mbedtls_test_driver_pake_hooks.driver_status = - mbedtls_test_driver_pake_hooks.forced_status; - } else { -#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ - defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_PAKE) - mbedtls_test_driver_pake_hooks.driver_status = - libtestdriver1_mbedtls_psa_pake_set_role( - operation, role); -#elif defined(MBEDTLS_PSA_BUILTIN_PAKE) - mbedtls_test_driver_pake_hooks.driver_status = - mbedtls_psa_pake_set_role( - operation, role); -#else - (void) operation; - (void) role; + (void) inputs; mbedtls_test_driver_pake_hooks.driver_status = PSA_ERROR_NOT_SUPPORTED; #endif } @@ -329,10 +204,10 @@ psa_status_t mbedtls_test_transparent_pake_abort( */ psa_status_t mbedtls_test_opaque_pake_setup( mbedtls_opaque_test_driver_pake_operation_t *operation, - const psa_pake_cipher_suite_t *cipher_suite) + const psa_crypto_driver_pake_inputs_t *inputs) { (void) operation; - (void) cipher_suite; + (void) inputs; return PSA_ERROR_NOT_SUPPORTED; }