Lines Matching refs:operation
810 * Return 0 (which allows no operation) on incompatibility.
982 /* If policy_alg is a generic key agreement operation, then using it for
1146 * for a cryptographic operation.
1236 * because all multipart operation objects are independent from
1251 psa_status_t status; /* status of the last operation */
1981 /* If the lock operation fails we still wipe the slot.
2279 psa_status_t psa_hash_abort(psa_hash_operation_t *operation)
2281 /* Aborting a non-active operation is allowed */
2282 if (operation->id == 0) {
2286 psa_status_t status = psa_driver_wrapper_hash_abort(operation);
2287 operation->id = 0;
2292 psa_status_t psa_hash_setup(psa_hash_operation_t *operation,
2298 if (operation->id != 0) {
2310 memset(&operation->ctx, 0, sizeof(operation->ctx));
2312 status = psa_driver_wrapper_hash_setup(operation, alg);
2316 psa_hash_abort(operation);
2322 psa_status_t psa_hash_update(psa_hash_operation_t *operation,
2329 if (operation->id == 0) {
2341 status = psa_driver_wrapper_hash_update(operation, input, input_length);
2345 psa_hash_abort(operation);
2352 static psa_status_t psa_hash_finish_internal(psa_hash_operation_t *operation,
2360 if (operation->id == 0) {
2365 operation, hash, hash_size, hash_length);
2366 psa_hash_abort(operation);
2371 psa_status_t psa_hash_finish(psa_hash_operation_t *operation,
2380 status = psa_hash_finish_internal(operation, hash, hash_size, hash_length);
2389 psa_status_t psa_hash_verify(psa_hash_operation_t *operation,
2399 operation,
2420 psa_hash_abort(operation);
2518 psa_status_t psa_mac_abort(psa_mac_operation_t *operation)
2520 /* Aborting a non-active operation is allowed */
2521 if (operation->id == 0) {
2525 psa_status_t status = psa_driver_wrapper_mac_abort(operation);
2526 operation->mac_size = 0;
2527 operation->is_sign = 0;
2528 operation->id = 0;
2586 static psa_status_t psa_mac_setup(psa_mac_operation_t *operation,
2596 if (operation->id != 0) {
2611 &operation->mac_size);
2616 operation->is_sign = is_sign;
2619 status = psa_driver_wrapper_mac_sign_setup(operation,
2625 status = psa_driver_wrapper_mac_verify_setup(operation,
2634 psa_mac_abort(operation);
2642 psa_status_t psa_mac_sign_setup(psa_mac_operation_t *operation,
2646 return psa_mac_setup(operation, key, alg, 1);
2649 psa_status_t psa_mac_verify_setup(psa_mac_operation_t *operation,
2653 return psa_mac_setup(operation, key, alg, 0);
2656 psa_status_t psa_mac_update(psa_mac_operation_t *operation,
2663 if (operation->id == 0) {
2676 status = psa_driver_wrapper_mac_update(operation, input, input_length);
2679 psa_mac_abort(operation);
2690 psa_status_t psa_mac_sign_finish(psa_mac_operation_t *operation,
2700 if (operation->id == 0) {
2705 if (!operation->is_sign) {
2712 if (operation->mac_size == 0) {
2717 if (mac_size < operation->mac_size) {
2723 status = psa_driver_wrapper_mac_sign_finish(operation,
2724 mac, operation->mac_size,
2736 operation->mac_size = 0;
2743 abort_status = psa_mac_abort(operation);
2749 psa_status_t psa_mac_verify_finish(psa_mac_operation_t *operation,
2757 if (operation->id == 0) {
2762 if (operation->is_sign) {
2767 if (operation->mac_size != mac_length) {
2773 status = psa_driver_wrapper_mac_verify_finish(operation,
2777 abort_status = psa_mac_abort(operation);
3444 const psa_sign_hash_interruptible_operation_t *operation)
3446 return operation->num_ops;
3450 const psa_verify_hash_interruptible_operation_t *operation)
3452 return operation->num_ops;
3456 psa_sign_hash_interruptible_operation_t *operation)
3458 if (operation->id == 0) {
3467 status = psa_driver_wrapper_sign_hash_abort(operation);
3469 operation->id = 0;
3473 * being called at completion of an operation. */
3479 psa_sign_hash_interruptible_operation_t *operation,
3489 /* Check that start has not been previously called, or operation has not
3491 if (operation->id != 0 || operation->error_occurred) {
3497 operation->error_occurred = 1;
3516 /* Ensure ops count gets reset, in case of operation re-use. */
3517 operation->num_ops = 0;
3519 status = psa_driver_wrapper_sign_hash_start(operation, &slot->attr,
3526 operation->error_occurred = 1;
3527 psa_sign_hash_abort_internal(operation);
3533 operation->error_occurred = 1;
3543 psa_sign_hash_interruptible_operation_t *operation,
3553 /* Check that start has been called first, and that operation has not
3555 if (operation->id == 0 || operation->error_occurred) {
3569 status = psa_driver_wrapper_sign_hash_complete(operation, signature,
3574 operation->num_ops = psa_driver_wrapper_sign_hash_get_num_ops(operation);
3585 operation->error_occurred = 1;
3588 psa_sign_hash_abort_internal(operation);
3597 psa_sign_hash_interruptible_operation_t *operation)
3601 status = psa_sign_hash_abort_internal(operation);
3604 * the operation fails or succeeds, only on manual abort. */
3605 operation->num_ops = 0;
3608 operation->error_occurred = 0;
3614 psa_verify_hash_interruptible_operation_t *operation)
3616 if (operation->id == 0) {
3625 status = psa_driver_wrapper_verify_hash_abort(operation);
3627 operation->id = 0;
3631 * being called at completion of an operation. */
3637 psa_verify_hash_interruptible_operation_t *operation,
3649 /* Check that start has not been previously called, or operation has not
3651 if (operation->id != 0 || operation->error_occurred) {
3657 operation->error_occurred = 1;
3666 operation->error_occurred = 1;
3673 /* Ensure ops count gets reset, in case of operation re-use. */
3674 operation->num_ops = 0;
3676 status = psa_driver_wrapper_verify_hash_start(operation, &slot->attr,
3686 operation->error_occurred = 1;
3687 psa_verify_hash_abort_internal(operation);
3693 operation->error_occurred = 1;
3703 psa_verify_hash_interruptible_operation_t *operation)
3707 /* Check that start has been called first, and that operation has not
3709 if (operation->id == 0 || operation->error_occurred) {
3714 status = psa_driver_wrapper_verify_hash_complete(operation);
3717 operation->num_ops = psa_driver_wrapper_verify_hash_get_num_ops(
3718 operation);
3724 operation->error_occurred = 1;
3727 psa_verify_hash_abort_internal(operation);
3734 psa_verify_hash_interruptible_operation_t *operation)
3738 status = psa_verify_hash_abort_internal(operation);
3741 * the operation fails or succeeds, only on manual abort. */
3742 operation->num_ops = 0;
3745 operation->error_occurred = 0;
3777 const mbedtls_psa_sign_hash_interruptible_operation_t *operation)
3783 return operation->num_ops;
3785 (void) operation;
3793 const mbedtls_psa_verify_hash_interruptible_operation_t *operation)
3799 return operation->num_ops;
3801 (void) operation;
3809 mbedtls_psa_sign_hash_interruptible_operation_t *operation,
3829 mbedtls_ecdsa_restart_init(&operation->restart_ctx);
3832 operation->num_ops = 0;
3838 &operation->ctx);
3844 operation->coordinate_bytes = PSA_BITS_TO_BYTES(
3845 operation->ctx->grp.nbits);
3848 operation->md_alg = mbedtls_md_type_from_psa_alg(hash_alg);
3849 operation->alg = alg;
3853 required_hash_length = (hash_length < operation->coordinate_bytes ?
3854 hash_length : operation->coordinate_bytes);
3856 if (required_hash_length > sizeof(operation->hash)) {
3861 memcpy(operation->hash, hash, required_hash_length);
3862 operation->hash_length = required_hash_length;
3867 (void) operation;
3883 mbedtls_psa_sign_hash_interruptible_operation_t *operation,
3901 if (signature_size < 2 * operation->coordinate_bytes) {
3906 if (PSA_ALG_ECDSA_IS_DETERMINISTIC(operation->alg)) {
3910 mbedtls_ecdsa_sign_det_restartable(&operation->ctx->grp,
3913 &operation->ctx->d,
3914 operation->hash,
3915 operation->hash_length,
3916 operation->md_alg,
3919 &operation->restart_ctx));
3926 mbedtls_ecdsa_sign_restartable(&operation->ctx->grp,
3929 &operation->ctx->d,
3930 operation->hash,
3931 operation->hash_length,
3936 &operation->restart_ctx));
3940 * ops done during the last operation, not an absolute value. */
3941 operation->num_ops += operation->restart_ctx.ecp.ops_done;
3947 operation->coordinate_bytes)
3957 operation->coordinate_bytes,
3958 operation->coordinate_bytes)
3965 *signature_length = operation->coordinate_bytes * 2;
3978 (void) operation;
3991 mbedtls_psa_sign_hash_interruptible_operation_t *operation)
3998 if (operation->ctx) {
3999 mbedtls_ecdsa_free(operation->ctx);
4000 mbedtls_free(operation->ctx);
4001 operation->ctx = NULL;
4004 mbedtls_ecdsa_restart_free(&operation->restart_ctx);
4006 operation->num_ops = 0;
4012 (void) operation;
4022 mbedtls_psa_verify_hash_interruptible_operation_t *operation,
4045 mbedtls_ecdsa_restart_init(&operation->restart_ctx);
4046 mbedtls_mpi_init(&operation->r);
4047 mbedtls_mpi_init(&operation->s);
4050 operation->num_ops = 0;
4056 &operation->ctx);
4062 coordinate_bytes = PSA_BITS_TO_BYTES(operation->ctx->grp.nbits);
4069 mbedtls_mpi_read_binary(&operation->r,
4078 mbedtls_mpi_read_binary(&operation->s,
4087 status = mbedtls_psa_ecp_load_public_part(operation->ctx);
4098 if (required_hash_length > sizeof(operation->hash)) {
4103 memcpy(operation->hash, hash, required_hash_length);
4104 operation->hash_length = required_hash_length;
4108 (void) operation;
4127 mbedtls_psa_verify_hash_interruptible_operation_t *operation)
4140 mbedtls_ecdsa_verify_restartable(&operation->ctx->grp,
4141 operation->hash,
4142 operation->hash_length,
4143 &operation->ctx->Q,
4144 &operation->r,
4145 &operation->s,
4146 &operation->restart_ctx));
4149 * ops done during the last operation, not an absolute value. */
4150 operation->num_ops += operation->restart_ctx.ecp.ops_done;
4154 (void) operation;
4164 mbedtls_psa_verify_hash_interruptible_operation_t *operation)
4171 if (operation->ctx) {
4172 mbedtls_ecdsa_free(operation->ctx);
4173 mbedtls_free(operation->ctx);
4174 operation->ctx = NULL;
4177 mbedtls_ecdsa_restart_free(&operation->restart_ctx);
4179 operation->num_ops = 0;
4181 mbedtls_mpi_free(&operation->r);
4182 mbedtls_mpi_free(&operation->s);
4187 (void) operation;
4246 static psa_status_t psa_cipher_setup(psa_cipher_operation_t *operation,
4259 if (operation->id != 0) {
4274 /* Initialize the operation struct members, except for id. The id member
4278 operation->iv_set = 0;
4280 operation->iv_required = 0;
4282 operation->iv_required = 1;
4284 operation->default_iv_length = PSA_CIPHER_IV_LENGTH(slot->attr.type, alg);
4286 /* Try doing the operation through a driver before using software fallback. */
4288 status = psa_driver_wrapper_cipher_encrypt_setup(operation,
4294 status = psa_driver_wrapper_cipher_decrypt_setup(operation,
4303 psa_cipher_abort(operation);
4311 psa_status_t psa_cipher_encrypt_setup(psa_cipher_operation_t *operation,
4315 return psa_cipher_setup(operation, key, alg, MBEDTLS_ENCRYPT);
4318 psa_status_t psa_cipher_decrypt_setup(psa_cipher_operation_t *operation,
4322 return psa_cipher_setup(operation, key, alg, MBEDTLS_DECRYPT);
4325 psa_status_t psa_cipher_generate_iv(psa_cipher_operation_t *operation,
4335 if (operation->id == 0) {
4340 if (operation->iv_set || !operation->iv_required) {
4345 default_iv_length = operation->default_iv_length;
4363 status = psa_driver_wrapper_cipher_set_iv(operation,
4369 operation->iv_set = 1;
4372 psa_cipher_abort(operation);
4382 psa_status_t psa_cipher_set_iv(psa_cipher_operation_t *operation,
4390 if (operation->id == 0) {
4395 if (operation->iv_set || !operation->iv_required) {
4407 status = psa_driver_wrapper_cipher_set_iv(operation,
4413 operation->iv_set = 1;
4415 psa_cipher_abort(operation);
4423 psa_status_t psa_cipher_update(psa_cipher_operation_t *operation,
4435 if (operation->id == 0) {
4440 if (operation->iv_required && !operation->iv_set) {
4448 status = psa_driver_wrapper_cipher_update(operation,
4457 psa_cipher_abort(operation);
4466 psa_status_t psa_cipher_finish(psa_cipher_operation_t *operation,
4475 if (operation->id == 0) {
4480 if (operation->iv_required && !operation->iv_set) {
4487 status = psa_driver_wrapper_cipher_finish(operation,
4494 status = psa_cipher_abort(operation);
4497 (void) psa_cipher_abort(operation);
4505 psa_status_t psa_cipher_abort(psa_cipher_operation_t *operation)
4507 if (operation->id == 0) {
4514 psa_driver_wrapper_cipher_abort(operation);
4516 operation->id = 0;
4517 operation->iv_set = 0;
4518 operation->iv_required = 0;
4896 /* Set the key for a multipart authenticated operation. */
4897 static psa_status_t psa_aead_setup(psa_aead_operation_t *operation,
4912 if (operation->id != 0) {
4917 if (operation->nonce_set || operation->lengths_set ||
4918 operation->ad_started || operation->body_started) {
4940 status = psa_driver_wrapper_aead_encrypt_setup(operation,
4946 status = psa_driver_wrapper_aead_decrypt_setup(operation,
4956 operation->key_type = psa_get_key_type(&slot->attr);
4963 operation->alg = psa_aead_get_base_algorithm(alg);
4964 operation->is_encrypt = is_encrypt;
4966 psa_aead_abort(operation);
4972 /* Set the key for a multipart authenticated encryption operation. */
4973 psa_status_t psa_aead_encrypt_setup(psa_aead_operation_t *operation,
4977 return psa_aead_setup(operation, 1, key, alg);
4980 /* Set the key for a multipart authenticated decryption operation. */
4981 psa_status_t psa_aead_decrypt_setup(psa_aead_operation_t *operation,
4985 return psa_aead_setup(operation, 0, key, alg);
4988 static psa_status_t psa_aead_set_nonce_internal(psa_aead_operation_t *operation,
4994 if (operation->id == 0) {
4999 if (operation->nonce_set) {
5004 status = psa_aead_check_nonce_length(operation->alg, nonce_length);
5010 status = psa_driver_wrapper_aead_set_nonce(operation, nonce,
5015 operation->nonce_set = 1;
5017 psa_aead_abort(operation);
5023 /* Generate a random nonce / IV for multipart AEAD operation */
5024 psa_status_t psa_aead_generate_nonce(psa_aead_operation_t *operation,
5038 if (operation->id == 0) {
5043 if (operation->nonce_set || !operation->is_encrypt) {
5057 required_nonce_size = PSA_AEAD_NONCE_LENGTH(operation->key_type,
5058 operation->alg);
5069 status = psa_aead_set_nonce_internal(operation, local_nonce,
5077 psa_aead_abort(operation);
5086 operation.*/
5087 psa_status_t psa_aead_set_nonce(psa_aead_operation_t *operation,
5096 status = psa_aead_set_nonce_internal(operation, nonce, nonce_length);
5109 psa_status_t psa_aead_set_lengths(psa_aead_operation_t *operation,
5115 if (operation->id == 0) {
5120 if (operation->lengths_set || operation->ad_started ||
5121 operation->body_started) {
5126 switch (operation->alg) {
5158 status = psa_driver_wrapper_aead_set_lengths(operation, ad_length,
5163 operation->ad_remaining = ad_length;
5164 operation->body_remaining = plaintext_length;
5165 operation->lengths_set = 1;
5167 psa_aead_abort(operation);
5173 /* Pass additional data to an active multipart AEAD operation. */
5174 psa_status_t psa_aead_update_ad(psa_aead_operation_t *operation,
5183 if (operation->id == 0) {
5188 if (!operation->nonce_set || operation->body_started) {
5193 if (operation->lengths_set) {
5194 if (operation->ad_remaining < input_length) {
5199 operation->ad_remaining -= input_length;
5202 else if (operation->alg == PSA_ALG_CCM) {
5208 status = psa_driver_wrapper_aead_update_ad(operation, input,
5213 operation->ad_started = 1;
5215 psa_aead_abort(operation);
5224 operation.*/
5225 psa_status_t psa_aead_update(psa_aead_operation_t *operation,
5243 if (operation->id == 0) {
5248 if (!operation->nonce_set) {
5253 if (operation->lengths_set) {
5256 if (operation->ad_remaining != 0) {
5262 if (operation->body_remaining < input_length) {
5267 operation->body_remaining -= input_length;
5270 else if (operation->alg == PSA_ALG_CCM) {
5276 status = psa_driver_wrapper_aead_update(operation, input, input_length,
5282 operation->body_started = 1;
5284 psa_aead_abort(operation);
5293 static psa_status_t psa_aead_final_checks(const psa_aead_operation_t *operation)
5295 if (operation->id == 0 || !operation->nonce_set) {
5299 if (operation->lengths_set && (operation->ad_remaining != 0 ||
5300 operation->body_remaining != 0)) {
5307 /* Finish encrypting a message in a multipart AEAD operation. */
5308 psa_status_t psa_aead_finish(psa_aead_operation_t *operation,
5327 status = psa_aead_final_checks(operation);
5332 if (!operation->is_encrypt) {
5337 status = psa_driver_wrapper_aead_finish(operation, ciphertext,
5345 /* In case the operation fails and the user fails to check for failure or
5347 * Even if the operation succeeds, make sure we clear the rest of the
5352 psa_aead_abort(operation);
5361 operation.*/
5362 psa_status_t psa_aead_verify(psa_aead_operation_t *operation,
5379 status = psa_aead_final_checks(operation);
5384 if (operation->is_encrypt) {
5389 status = psa_driver_wrapper_aead_verify(operation, plaintext,
5395 psa_aead_abort(operation);
5403 /* Abort an AEAD operation. */
5404 psa_status_t psa_aead_abort(psa_aead_operation_t *operation)
5408 if (operation->id == 0) {
5415 status = psa_driver_wrapper_aead_abort(operation);
5417 memset(operation, 0, sizeof(*operation));
5438 psa_mac_operation_t *operation,
5449 operation->is_sign = 1;
5450 operation->mac_size = PSA_HASH_LENGTH(hash_alg);
5452 status = psa_driver_wrapper_mac_sign_setup(operation,
5468 const psa_key_derivation_operation_t *operation)
5470 if (PSA_ALG_IS_KEY_AGREEMENT(operation->alg)) {
5471 return PSA_ALG_KEY_AGREEMENT_GET_KDF(operation->alg);
5473 return operation->alg;
5477 psa_status_t psa_key_derivation_abort(psa_key_derivation_operation_t *operation)
5480 psa_algorithm_t kdf_alg = psa_key_derivation_get_kdf_alg(operation);
5488 mbedtls_free(operation->ctx.hkdf.info);
5489 status = psa_mac_abort(&operation->ctx.hkdf.hmac);
5497 if (operation->ctx.tls12_prf.secret != NULL) {
5498 mbedtls_zeroize_and_free(operation->ctx.tls12_prf.secret,
5499 operation->ctx.tls12_prf.secret_length);
5502 if (operation->ctx.tls12_prf.seed != NULL) {
5503 mbedtls_zeroize_and_free(operation->ctx.tls12_prf.seed,
5504 operation->ctx.tls12_prf.seed_length);
5507 if (operation->ctx.tls12_prf.label != NULL) {
5508 mbedtls_zeroize_and_free(operation->ctx.tls12_prf.label,
5509 operation->ctx.tls12_prf.label_length);
5512 if (operation->ctx.tls12_prf.other_secret != NULL) {
5513 mbedtls_zeroize_and_free(operation->ctx.tls12_prf.other_secret,
5514 operation->ctx.tls12_prf.other_secret_length);
5526 mbedtls_platform_zeroize(operation->ctx.tls12_ecjpake_to_pms.data,
5527 sizeof(operation->ctx.tls12_ecjpake_to_pms.data));
5532 if (operation->ctx.pbkdf2.salt != NULL) {
5533 mbedtls_zeroize_and_free(operation->ctx.pbkdf2.salt,
5534 operation->ctx.pbkdf2.salt_length);
5543 mbedtls_platform_zeroize(operation, sizeof(*operation));
5547 psa_status_t psa_key_derivation_get_capacity(const psa_key_derivation_operation_t *operation,
5550 if (operation->alg == 0) {
5551 /* This is a blank key derivation operation. */
5555 *capacity = operation->capacity;
5559 psa_status_t psa_key_derivation_set_capacity(psa_key_derivation_operation_t *operation,
5562 if (operation->alg == 0) {
5565 if (capacity > operation->capacity) {
5568 operation->capacity = capacity;
5573 /* Read some bytes from an HKDF-based operation. */
5614 * prevented this call. It could happen only if the operation
5679 * prevented this call. It could happen only if the operation
6005 psa_key_derivation_operation_t *operation,
6012 psa_algorithm_t kdf_alg = psa_key_derivation_get_kdf_alg(operation);
6014 if (operation->alg == 0) {
6015 /* This is a blank operation. */
6019 if (output_length == 0 && operation->capacity == 0) {
6020 /* Edge case: this is a finished operation, and 0 bytes
6024 * operation, for consistency with the case when
6030 if (output_length > operation->capacity) {
6031 operation->capacity = 0;
6033 * that the operation object is useless. */
6038 operation->capacity -= output_length;
6042 status = psa_key_derivation_hkdf_read(&operation->ctx.hkdf, kdf_alg,
6050 status = psa_key_derivation_tls12_prf_read(&operation->ctx.tls12_prf,
6059 &operation->ctx.tls12_ecjpake_to_pms, output, output_length);
6064 status = psa_key_derivation_pbkdf2_read(&operation->ctx.pbkdf2, kdf_alg,
6083 psa_algorithm_t alg = operation->alg;
6084 psa_key_derivation_abort(operation);
6085 operation->alg = alg;
6144 psa_key_derivation_operation_t *operation,
6193 if ((status = psa_key_derivation_output_bytes(operation, *data, m_bytes)) != 0) {
6251 psa_key_derivation_operation_t *operation,
6276 status = psa_key_derivation_output_bytes(operation, *data, output_length);
6302 psa_key_derivation_operation_t *operation, uint8_t **data)
6306 (void) operation;
6312 size_t bits, psa_key_derivation_operation_t *operation, uint8_t **data)
6315 (void) operation;
6325 psa_key_derivation_operation_t *operation)
6342 status = psa_generate_derived_ecc_key_weierstrass_helper(slot, bits, operation, &data);
6348 status = psa_generate_derived_ecc_key_montgomery_helper(bits, operation, &data);
6365 status = psa_key_derivation_output_bytes(operation, data, bytes);
6424 psa_key_derivation_operation_t *operation,
6445 if (operation->alg == PSA_ALG_NONE) {
6449 if (!operation->can_output_key) {
6464 operation);
6478 psa_key_derivation_operation_t *operation,
6481 return psa_key_derivation_output_key_ext(attributes, operation,
6539 psa_hash_operation_t operation = PSA_HASH_OPERATION_INIT;
6540 psa_status_t status = psa_hash_setup(&operation, alg);
6541 psa_hash_abort(&operation);
6546 psa_key_derivation_operation_t *operation,
6551 operation->capacity = PSA_HASH_LENGTH(PSA_ALG_SHA_256);
6558 operation->capacity = UINT32_MAX * (size_t) PSA_MAC_LENGTH(
6563 operation->capacity = SIZE_MAX;
6587 operation->capacity = 255 * hash_size;
6592 operation->capacity = hash_size;
6597 operation->capacity = 255 * hash_size;
6603 operation->capacity = SIZE_MAX;
6611 operation->capacity = 48U;
6617 operation->capacity = UINT32_MAX * hash_size;
6619 operation->capacity = SIZE_MAX;
6631 psa_key_derivation_operation_t *operation,
6634 /* Make sure that operation->ctx is properly zero-initialised. (Macro
6636 memset(&operation->ctx, 0, sizeof(operation->ctx));
6643 psa_status_t status = psa_key_derivation_set_maximum_capacity(operation,
6677 psa_status_t psa_key_derivation_setup(psa_key_derivation_operation_t *operation,
6682 if (operation->alg != 0) {
6699 status = psa_key_derivation_setup_kdf(operation, kdf_alg);
6705 status = psa_key_derivation_setup_kdf(operation, alg);
6714 operation->alg = alg;
7300 psa_key_derivation_operation_t *operation,
7307 psa_algorithm_t kdf_alg = psa_key_derivation_get_kdf_alg(operation);
7316 status = psa_hkdf_input(&operation->ctx.hkdf, kdf_alg,
7322 status = psa_tls12_prf_input(&operation->ctx.tls12_prf,
7328 status = psa_tls12_prf_psk_to_ms_input(&operation->ctx.tls12_prf,
7335 &operation->ctx.tls12_ecjpake_to_pms, step, data, data_length);
7340 status = psa_pbkdf2_input(&operation->ctx.pbkdf2, kdf_alg,
7345 /* This can't happen unless the operation object was not initialized */
7354 psa_key_derivation_abort(operation);
7360 psa_key_derivation_operation_t *operation,
7365 psa_algorithm_t kdf_alg = psa_key_derivation_get_kdf_alg(operation);
7370 &operation->ctx.pbkdf2, step, value);
7381 psa_key_derivation_abort(operation);
7387 psa_key_derivation_operation_t *operation,
7397 status = psa_key_derivation_input_internal(operation, step,
7408 psa_key_derivation_operation_t *operation,
7412 return psa_key_derivation_input_integer_internal(operation, step, value);
7416 psa_key_derivation_operation_t *operation,
7425 key, &slot, PSA_KEY_USAGE_DERIVE, operation->alg);
7427 psa_key_derivation_abort(operation);
7435 operation->can_output_key = 1;
7438 status = psa_key_derivation_input_internal(operation,
7530 static psa_status_t psa_key_agreement_internal(psa_key_derivation_operation_t *operation,
7539 psa_algorithm_t ka_alg = PSA_ALG_KEY_AGREEMENT_GET_BASE(operation->alg);
7556 status = psa_key_derivation_input_internal(operation, step,
7565 psa_status_t psa_key_derivation_key_agreement(psa_key_derivation_operation_t *operation,
7576 if (!PSA_ALG_IS_KEY_AGREEMENT(operation->alg)) {
7580 private_key, &slot, PSA_KEY_USAGE_DERIVE, operation->alg);
7586 status = psa_key_agreement_internal(operation, step,
7594 psa_key_derivation_abort(operation);
7599 operation->can_output_key = 1;
8395 psa_pake_operation_t *operation,
8400 if (operation->stage != PSA_PAKE_OPERATION_STAGE_SETUP) {
8411 memset(&operation->data.inputs, 0, sizeof(operation->data.inputs));
8413 operation->alg = cipher_suite->algorithm;
8414 operation->primitive = PSA_PAKE_PRIMITIVE(cipher_suite->type,
8416 operation->data.inputs.cipher_suite = *cipher_suite;
8419 if (operation->alg == PSA_ALG_JPAKE) {
8421 &operation->computation_stage.jpake;
8432 operation->stage = PSA_PAKE_OPERATION_STAGE_COLLECT_INPUTS;
8436 psa_pake_abort(operation);
8441 psa_pake_operation_t *operation,
8449 if (operation->stage != PSA_PAKE_OPERATION_STAGE_COLLECT_INPUTS) {
8456 operation->alg);
8469 operation->data.inputs.password = mbedtls_calloc(1, slot->key.bytes);
8470 if (operation->data.inputs.password == NULL) {
8475 memcpy(operation->data.inputs.password, slot->key.data, slot->key.bytes);
8476 operation->data.inputs.password_len = slot->key.bytes;
8477 operation->data.inputs.attributes = slot->attr;
8481 psa_pake_abort(operation);
8488 psa_pake_operation_t *operation,
8495 if (operation->stage != PSA_PAKE_OPERATION_STAGE_COLLECT_INPUTS) {
8505 if (operation->data.inputs.user_len != 0) {
8510 operation->data.inputs.user = mbedtls_calloc(1, user_id_len);
8511 if (operation->data.inputs.user == NULL) {
8518 memcpy(operation->data.inputs.user, user_id, user_id_len);
8519 operation->data.inputs.user_len = user_id_len;
8526 psa_pake_abort(operation);
8532 psa_pake_operation_t *operation,
8539 if (operation->stage != PSA_PAKE_OPERATION_STAGE_COLLECT_INPUTS) {
8549 if (operation->data.inputs.peer_len != 0) {
8554 operation->data.inputs.peer = mbedtls_calloc(1, peer_id_len);
8555 if (operation->data.inputs.peer == NULL) {
8562 memcpy(operation->data.inputs.peer, peer_id, peer_id_len);
8563 operation->data.inputs.peer_len = peer_id_len;
8570 psa_pake_abort(operation);
8576 psa_pake_operation_t *operation,
8581 if (operation->stage != PSA_PAKE_OPERATION_STAGE_COLLECT_INPUTS) {
8586 switch (operation->alg) {
8601 psa_pake_abort(operation);
8635 psa_pake_operation_t *operation)
8640 psa_crypto_driver_pake_inputs_t inputs = operation->data.inputs;
8646 if (operation->alg == PSA_ALG_JPAKE) {
8653 mbedtls_platform_zeroize(&operation->data, sizeof(operation->data));
8655 status = psa_driver_wrapper_pake_setup(operation, &inputs);
8666 if (operation->alg == PSA_ALG_JPAKE) {
8667 operation->stage = PSA_PAKE_OPERATION_STAGE_COMPUTATION;
8679 psa_pake_operation_t *operation,
8690 &operation->computation_stage.jpake;
8718 psa_pake_operation_t *operation,
8722 &operation->computation_stage.jpake;
8755 psa_pake_operation_t *operation,
8766 if (operation->stage == PSA_PAKE_OPERATION_STAGE_COLLECT_INPUTS) {
8767 status = psa_pake_complete_inputs(operation);
8773 if (operation->stage != PSA_PAKE_OPERATION_STAGE_COMPUTATION) {
8783 switch (operation->alg) {
8786 status = psa_jpake_prologue(operation, step, PSA_JPAKE_OUTPUT);
8791 &operation->computation_stage.jpake);
8802 status = psa_driver_wrapper_pake_output(operation, driver_step,
8809 switch (operation->alg) {
8812 status = psa_jpake_epilogue(operation, PSA_JPAKE_OUTPUT);
8826 psa_pake_abort(operation);
8832 psa_pake_operation_t *operation,
8839 const size_t max_input_length = (size_t) PSA_PAKE_INPUT_SIZE(operation->alg,
8840 operation->primitive,
8844 if (operation->stage == PSA_PAKE_OPERATION_STAGE_COLLECT_INPUTS) {
8845 status = psa_pake_complete_inputs(operation);
8851 if (operation->stage != PSA_PAKE_OPERATION_STAGE_COMPUTATION) {
8861 switch (operation->alg) {
8864 status = psa_jpake_prologue(operation, step, PSA_JPAKE_INPUT);
8869 &operation->computation_stage.jpake);
8879 status = psa_driver_wrapper_pake_input(operation, driver_step,
8886 switch (operation->alg) {
8889 status = psa_jpake_epilogue(operation, PSA_JPAKE_INPUT);
8903 psa_pake_abort(operation);
8909 psa_pake_operation_t *operation,
8917 if (operation->stage != PSA_PAKE_OPERATION_STAGE_COMPUTATION) {
8923 if (operation->alg == PSA_ALG_JPAKE) {
8925 &operation->computation_stage.jpake;
8937 status = psa_driver_wrapper_pake_get_implicit_key(operation,
8953 abort_status = psa_pake_abort(operation);
8958 psa_pake_operation_t *operation)
8962 if (operation->stage == PSA_PAKE_OPERATION_STAGE_COMPUTATION) {
8963 status = psa_driver_wrapper_pake_abort(operation);
8966 if (operation->stage == PSA_PAKE_OPERATION_STAGE_COLLECT_INPUTS) {
8967 if (operation->data.inputs.password != NULL) {
8968 mbedtls_zeroize_and_free(operation->data.inputs.password,
8969 operation->data.inputs.password_len);
8971 if (operation->data.inputs.user != NULL) {
8972 mbedtls_free(operation->data.inputs.user);
8974 if (operation->data.inputs.peer != NULL) {
8975 mbedtls_free(operation->data.inputs.peer);
8978 memset(operation, 0, sizeof(psa_pake_operation_t));