Lines Matching full:if
12 #if defined(MBEDTLS_PSA_CRYPTO_C)
14 #if defined(MBEDTLS_PSA_CRYPTO_CONFIG)
32 #if defined(MBEDTLS_PSA_CRYPTO_SE_C)
76 #if defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER)
80 #if defined(MBEDTLS_PSA_BUILTIN_ALG_HKDF) || \
109 #if !defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG)
115 if (global_data.initialized == 0) \
123 #if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_KEY_PAIR_IMPORT) || \
128 if (bits != 2048 && bits != 3072 && bits != 4096 && in psa_is_dh_key_size_valid()
149 #if defined(MBEDTLS_AES_C) in mbedtls_to_psa_error()
157 #if defined(MBEDTLS_ASN1_PARSE_C) || defined(MBEDTLS_ASN1_WRITE_C) in mbedtls_to_psa_error()
170 #if defined(MBEDTLS_CAMELLIA_C) in mbedtls_to_psa_error()
176 #if defined(MBEDTLS_CCM_C) in mbedtls_to_psa_error()
183 #if defined(MBEDTLS_CHACHA20_C) in mbedtls_to_psa_error()
188 #if defined(MBEDTLS_CHACHAPOLY_C) in mbedtls_to_psa_error()
195 #if defined(MBEDTLS_CIPHER_C) in mbedtls_to_psa_error()
212 #if !(defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG) || \ in mbedtls_to_psa_error()
214 /* Only check CTR_DRBG error codes if underlying mbedtls_xxx in mbedtls_to_psa_error()
225 #if defined(MBEDTLS_DES_C) in mbedtls_to_psa_error()
235 #if defined(MBEDTLS_GCM_C) in mbedtls_to_psa_error()
244 #if !defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG) && \ in mbedtls_to_psa_error()
246 /* Only check HMAC_DRBG error codes if underlying mbedtls_xxx in mbedtls_to_psa_error()
257 #if defined(MBEDTLS_MD_LIGHT) in mbedtls_to_psa_error()
264 #if defined(MBEDTLS_FS_IO) in mbedtls_to_psa_error()
270 #if defined(MBEDTLS_BIGNUM_C) in mbedtls_to_psa_error()
271 #if defined(MBEDTLS_FS_IO) in mbedtls_to_psa_error()
291 #if defined(MBEDTLS_PK_C) in mbedtls_to_psa_error()
297 #if defined(MBEDTLS_PSA_CRYPTO_STORAGE_C) || defined(MBEDTLS_FS_IO) || \ in mbedtls_to_psa_error()
327 #if defined(MBEDTLS_RSA_C) in mbedtls_to_psa_error()
347 #if defined(MBEDTLS_ECP_LIGHT) in mbedtls_to_psa_error()
363 #if defined(MBEDTLS_ECP_RESTARTABLE) in mbedtls_to_psa_error()
392 * \param output_buffer_size Size of output buffer. If zero, \p output_buffer
402 if (output_buffer_size == 0) { in psa_wipe_tag_output_buffer()
403 /* If output_buffer_size is 0 then we have nothing to do. We must not in psa_wipe_tag_output_buffer()
408 if (status == PSA_SUCCESS) { in psa_wipe_tag_output_buffer()
427 #if defined(PSA_WANT_KEY_TYPE_AES) in psa_validate_unstructured_key_bit_size()
429 if (bits != 128 && bits != 192 && bits != 256) { in psa_validate_unstructured_key_bit_size()
434 #if defined(PSA_WANT_KEY_TYPE_ARIA) in psa_validate_unstructured_key_bit_size()
436 if (bits != 128 && bits != 192 && bits != 256) { in psa_validate_unstructured_key_bit_size()
441 #if defined(PSA_WANT_KEY_TYPE_CAMELLIA) in psa_validate_unstructured_key_bit_size()
443 if (bits != 128 && bits != 192 && bits != 256) { in psa_validate_unstructured_key_bit_size()
448 #if defined(PSA_WANT_KEY_TYPE_DES) in psa_validate_unstructured_key_bit_size()
450 if (bits != 64 && bits != 128 && bits != 192) { in psa_validate_unstructured_key_bit_size()
455 #if defined(PSA_WANT_KEY_TYPE_CHACHA20) in psa_validate_unstructured_key_bit_size()
457 if (bits != 256) { in psa_validate_unstructured_key_bit_size()
465 if (bits % 8 != 0) { in psa_validate_unstructured_key_bit_size()
490 if (PSA_ALG_IS_HMAC(algorithm)) { in psa_mac_key_can_do()
491 if (key_type == PSA_KEY_TYPE_HMAC) { in psa_mac_key_can_do()
496 if (PSA_ALG_IS_BLOCK_CIPHER_MAC(algorithm)) { in psa_mac_key_can_do()
499 if ((key_type & PSA_KEY_TYPE_CATEGORY_MASK) == in psa_mac_key_can_do()
503 if (PSA_BLOCK_CIPHER_BLOCK_LENGTH(key_type) > 1) { in psa_mac_key_can_do()
515 if (slot->key.data != NULL) { in psa_allocate_buffer_to_slot()
520 if (slot->key.data == NULL) { in psa_allocate_buffer_to_slot()
534 if (status != PSA_SUCCESS) { in psa_copy_key_material_into_slot()
552 if (data_length == 0) { in psa_import_key_into_slot()
556 if (key_type_is_raw_bytes(type)) { in psa_import_key_into_slot()
561 if (status != PSA_SUCCESS) { in psa_import_key_into_slot()
571 } else if (PSA_KEY_TYPE_IS_ASYMMETRIC(type)) { in psa_import_key_into_slot()
572 #if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_KEY_PAIR_IMPORT) || \ in psa_import_key_into_slot()
574 if (PSA_KEY_TYPE_IS_DH(type)) { in psa_import_key_into_slot()
575 if (psa_is_dh_key_size_valid(PSA_BYTES_TO_BITS(data_length)) == 0) { in psa_import_key_into_slot()
586 #if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR_IMPORT) || \ in psa_import_key_into_slot()
588 if (PSA_KEY_TYPE_IS_ECC(type)) { in psa_import_key_into_slot()
597 #if (defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_IMPORT) && \ in psa_import_key_into_slot()
600 if (PSA_KEY_TYPE_IS_RSA(type)) { in psa_import_key_into_slot()
625 if (alg1 == alg2) { in psa_key_policy_algorithm_intersection()
628 /* If the policies are from the same hash-and-sign family, check in psa_key_policy_algorithm_intersection()
629 * if one is a wildcard. If so the other has the specific algorithm. */ in psa_key_policy_algorithm_intersection()
630 if (PSA_ALG_IS_SIGN_HASH(alg1) && in psa_key_policy_algorithm_intersection()
633 if (PSA_ALG_SIGN_GET_HASH(alg1) == PSA_ALG_ANY_HASH) { in psa_key_policy_algorithm_intersection()
636 if (PSA_ALG_SIGN_GET_HASH(alg2) == PSA_ALG_ANY_HASH) { in psa_key_policy_algorithm_intersection()
640 /* If the policies are from the same AEAD family, check whether in psa_key_policy_algorithm_intersection()
643 if (PSA_ALG_IS_AEAD(alg1) && PSA_ALG_IS_AEAD(alg2) && in psa_key_policy_algorithm_intersection()
650 /* If both are wildcards, return most restrictive wildcard */ in psa_key_policy_algorithm_intersection()
651 if (((alg1 & PSA_ALG_AEAD_AT_LEAST_THIS_LENGTH_FLAG) != 0) && in psa_key_policy_algorithm_intersection()
656 /* If only one is a wildcard, return specific algorithm if compatible. */ in psa_key_policy_algorithm_intersection()
657 if (((alg1 & PSA_ALG_AEAD_AT_LEAST_THIS_LENGTH_FLAG) != 0) && in psa_key_policy_algorithm_intersection()
661 if (((alg2 & PSA_ALG_AEAD_AT_LEAST_THIS_LENGTH_FLAG) != 0) && in psa_key_policy_algorithm_intersection()
666 /* If the policies are from the same MAC family, check whether one in psa_key_policy_algorithm_intersection()
669 if (PSA_ALG_IS_MAC(alg1) && PSA_ALG_IS_MAC(alg2) && in psa_key_policy_algorithm_intersection()
674 if (PSA_SUCCESS != psa_mac_key_can_do(alg1, key_type)) { in psa_key_policy_algorithm_intersection()
690 /* If both are wildcards, return most restrictive wildcard */ in psa_key_policy_algorithm_intersection()
691 if (((alg1 & PSA_ALG_MAC_AT_LEAST_THIS_LENGTH_FLAG) != 0) && in psa_key_policy_algorithm_intersection()
696 /* If only one is an at-least-this-length policy, the intersection would in psa_key_policy_algorithm_intersection()
699 if ((alg1 & PSA_ALG_MAC_AT_LEAST_THIS_LENGTH_FLAG) != 0) { in psa_key_policy_algorithm_intersection()
702 if ((alg2 & PSA_ALG_MAC_AT_LEAST_THIS_LENGTH_FLAG) != 0) { in psa_key_policy_algorithm_intersection()
706 /* If none of them are wildcards, check whether they define the same tag in psa_key_policy_algorithm_intersection()
710 if (alg1_len == alg2_len) { in psa_key_policy_algorithm_intersection()
714 /* If the policies are incompatible, allow nothing. */ in psa_key_policy_algorithm_intersection()
723 if (requested_alg == policy_alg) { in psa_key_algorithm_permits()
726 /* If policy_alg is a hash-and-sign with a wildcard for the hash, in psa_key_algorithm_permits()
729 if (PSA_ALG_IS_SIGN_HASH(requested_alg) && in psa_key_algorithm_permits()
734 /* If policy_alg is a wildcard AEAD algorithm of the same base as in psa_key_algorithm_permits()
737 if (PSA_ALG_IS_AEAD(policy_alg) && in psa_key_algorithm_permits()
745 /* If policy_alg is a MAC algorithm of the same base as the requested in psa_key_algorithm_permits()
747 if (PSA_ALG_IS_MAC(policy_alg) && in psa_key_algorithm_permits()
753 if (PSA_SUCCESS != psa_mac_key_can_do(policy_alg, key_type)) { in psa_key_algorithm_permits()
768 /* If the policy is default-length, only allow an algorithm with in psa_key_algorithm_permits()
770 if (PSA_MAC_TRUNCATED_LENGTH(policy_alg) == 0) { in psa_key_algorithm_permits()
774 /* If the requested algorithm is default-length, allow it if the policy in psa_key_algorithm_permits()
776 if (PSA_MAC_TRUNCATED_LENGTH(requested_alg) == 0 && in psa_key_algorithm_permits()
781 /* If policy_alg is an at-least-this-length wildcard MAC algorithm, in psa_key_algorithm_permits()
784 if ((policy_alg & PSA_ALG_MAC_AT_LEAST_THIS_LENGTH_FLAG) != 0) { in psa_key_algorithm_permits()
789 /* If policy_alg is a generic key agreement operation, then using it for in psa_key_algorithm_permits()
792 if (PSA_ALG_IS_RAW_KEY_AGREEMENT(policy_alg) && in psa_key_algorithm_permits()
797 /* If it isn't explicitly permitted, it's forbidden. */ in psa_key_algorithm_permits()
821 if (alg == 0) { in psa_key_policy_permits()
826 if (PSA_ALG_IS_WILDCARD(alg)) { in psa_key_policy_permits()
830 if (psa_key_algorithm_permits(key_type, policy->alg, alg) || in psa_key_policy_permits()
867 if (intersection_alg == 0 && policy->alg != 0 && constraint->alg != 0) { in psa_restrict_key_policy()
870 if (intersection_alg2 == 0 && policy->alg2 != 0 && constraint->alg2 != 0) { in psa_restrict_key_policy()
882 * The key must have allow all the usage flags set in \p usage. If \p alg is
883 * nonzero, the key must allow operations with this algorithm. If \p alg is
887 * into a key slot if not already done.
902 if (status != PSA_SUCCESS) { in psa_get_and_lock_key_slot_with_policy()
910 * if they had the export flag. */ in psa_get_and_lock_key_slot_with_policy()
911 if (PSA_KEY_TYPE_IS_PUBLIC_KEY(slot->attr.type)) { in psa_get_and_lock_key_slot_with_policy()
915 if ((slot->attr.policy.usage & usage) != usage) { in psa_get_and_lock_key_slot_with_policy()
921 if (alg != 0) { in psa_get_and_lock_key_slot_with_policy()
925 if (status != PSA_SUCCESS) { in psa_get_and_lock_key_slot_with_policy()
960 if (status != PSA_SUCCESS) { in psa_get_and_lock_transparent_key_slot_with_policy()
964 if (psa_key_lifetime_is_external((*p_slot)->attr.lifetime) in psa_get_and_lock_transparent_key_slot_with_policy()
965 #if defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER) in psa_get_and_lock_transparent_key_slot_with_policy()
979 if (slot->key.data != NULL) { in psa_remove_key_data_from_memory()
999 * if the MBEDTLS_TEST_HOOKS configuration option is enabled and the in psa_wipe_key_slot()
1001 * execution of the test suite is stopped in error if the assertion fails. in psa_wipe_key_slot()
1003 if (slot->lock_count != 1) { in psa_wipe_key_slot()
1010 * the key slot: if they need to access the key after the setup in psa_wipe_key_slot()
1025 #if defined(MBEDTLS_PSA_CRYPTO_SE_C) in psa_destroy_key()
1029 if (mbedtls_svc_key_id_is_null(key)) { in psa_destroy_key()
1035 * key, this will load the key description from persistent memory if not in psa_destroy_key()
1036 * done yet. We cannot avoid this loading as without it we don't know if in psa_destroy_key()
1041 if (status != PSA_SUCCESS) { in psa_destroy_key()
1046 * If the key slot containing the key description is under access by the in psa_destroy_key()
1052 if (slot->lock_count > 1) { in psa_destroy_key()
1057 if (PSA_KEY_LIFETIME_IS_READ_ONLY(slot->attr.lifetime)) { in psa_destroy_key()
1059 * if we attempt it, depending on whether the key is merely read-only in psa_destroy_key()
1067 #if defined(MBEDTLS_PSA_CRYPTO_SE_C) in psa_destroy_key()
1069 if (driver != NULL) { in psa_destroy_key()
1080 if (status != PSA_SUCCESS) { in psa_destroy_key()
1084 * important if the error is that the storage is full. in psa_destroy_key()
1095 if (overall_status == PSA_SUCCESS) { in psa_destroy_key()
1101 #if defined(MBEDTLS_PSA_CRYPTO_STORAGE_C) in psa_destroy_key()
1102 if (!PSA_KEY_LIFETIME_IS_VOLATILE(slot->attr.lifetime)) { in psa_destroy_key()
1104 if (overall_status == PSA_SUCCESS) { in psa_destroy_key()
1115 #if defined(MBEDTLS_PSA_CRYPTO_SE_C) in psa_destroy_key()
1116 if (driver != NULL) { in psa_destroy_key()
1118 if (overall_status == PSA_SUCCESS) { in psa_destroy_key()
1122 if (overall_status == PSA_SUCCESS) { in psa_destroy_key()
1131 if (status != PSA_SUCCESS) { in psa_destroy_key()
1137 #if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_EXPORT) || \
1150 if (ret != 0) { in psa_get_rsa_public_exponent()
1153 if (mbedtls_mpi_cmp_int(&mpi, 65537) == 0) { in psa_get_rsa_public_exponent()
1161 if (buffer == NULL) { in psa_get_rsa_public_exponent()
1166 if (ret != 0) { in psa_get_rsa_public_exponent()
1174 if (ret != 0) { in psa_get_rsa_public_exponent()
1194 if (status != PSA_SUCCESS) { in psa_get_key_attributes()
1202 #if defined(MBEDTLS_PSA_CRYPTO_SE_C) in psa_get_key_attributes()
1203 if (psa_get_se_driver_entry(slot->attr.lifetime) != NULL) { in psa_get_key_attributes()
1210 #if (defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_IMPORT) && \ in psa_get_key_attributes()
1219 if (!psa_key_lifetime_is_external(slot->attr.lifetime)) { in psa_get_key_attributes()
1227 if (status != PSA_SUCCESS) { in psa_get_key_attributes()
1245 if (status != PSA_SUCCESS) { in psa_get_key_attributes()
1254 #if defined(MBEDTLS_PSA_CRYPTO_SE_C)
1259 if (attributes->core.flags & MBEDTLS_PSA_KA_FLAG_HAS_SLOT_NUMBER) { in psa_get_key_slot_number()
1274 if (key_buffer_size > data_size) { in psa_export_key_buffer_internal()
1291 if (key_type_is_raw_bytes(type) || in psa_export_key_internal()
1318 if (data_size == 0) { in psa_export_key()
1334 if (status != PSA_SUCCESS) { in psa_export_key()
1360 if (PSA_KEY_TYPE_IS_PUBLIC_KEY(type) && in psa_export_public_key_internal()
1367 } else if (PSA_KEY_TYPE_IS_RSA(type)) { in psa_export_public_key_internal()
1368 #if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_EXPORT) || \ in psa_export_public_key_internal()
1381 } else if (PSA_KEY_TYPE_IS_ECC(type)) { in psa_export_public_key_internal()
1382 #if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR_EXPORT) || \ in psa_export_public_key_internal()
1395 } else if (PSA_KEY_TYPE_IS_DH(type)) { in psa_export_public_key_internal()
1396 #if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_KEY_PAIR_EXPORT) || \ in psa_export_public_key_internal()
1430 if (data_size == 0) { in psa_export_public_key()
1442 if (status != PSA_SUCCESS) { in psa_export_public_key()
1446 if (!PSA_KEY_TYPE_IS_ASYMMETRIC(slot->attr.type)) { in psa_export_public_key()
1482 if ((policy->usage & ~(PSA_KEY_USAGE_EXPORT | in psa_validate_key_policy()
1500 * This function only rejects invalid attribute values. If does not
1507 * \param[out] p_drv On any return, the driver for the key, if any.
1520 if (status != PSA_SUCCESS) {
1525 if (status != PSA_SUCCESS) {
1529 if (PSA_KEY_LIFETIME_IS_VOLATILE(lifetime)) {
1530 if (MBEDTLS_SVC_KEY_ID_GET_KEY_ID(key) != 0) {
1535 if (!psa_is_valid_key_id(psa_get_key_id(attributes), 1)) {
1537 if (!psa_is_valid_key_id(psa_get_key_id(attributes), 0)) {
1544 if (status != PSA_SUCCESS) {
1549 * Note that this doesn't trigger on import if the attributes don't
1552 if (psa_get_key_bits(attributes) > PSA_MAX_KEY_BITS) {
1557 if (attributes->core.flags & ~(MBEDTLS_PSA_KA_MASK_EXTERNAL_ONLY |
1569 * If this function fails, call psa_fail_key_creation().
1586 * \param[out] p_drv On any return, the driver for the key, if any.
1591 * \return If this function fails, the key slot is an invalid state.
1608 if (status != PSA_SUCCESS) {
1613 if (status != PSA_SUCCESS) {
1627 if (PSA_KEY_LIFETIME_IS_VOLATILE(slot->attr.lifetime)) {
1628 #if !defined(MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER)
1642 #if defined(MBEDTLS_PSA_CRYPTO_SE_C)
1654 * transaction data. It will be needed to recover if the power
1658 * save the driver's persistent state, so that if the power fails,
1660 if (*p_drv != NULL) {
1664 if (status != PSA_SUCCESS) {
1668 if (!PSA_KEY_LIFETIME_IS_VOLATILE(attributes->core.lifetime)) {
1674 if (status != PSA_SUCCESS) {
1684 if (*p_drv == NULL && method == PSA_KEY_CREATION_REGISTER) {
1697 * If this function fails, call psa_fail_key_creation().
1701 * If the finalization succeeds, the function unlocks the key slot (it was
1720 * \return If this function fails, the key slot is an invalid state.
1732 #if defined(MBEDTLS_PSA_CRYPTO_STORAGE_C)
1733 if (!PSA_KEY_LIFETIME_IS_VOLATILE(slot->attr.lifetime)) {
1734 #if defined(MBEDTLS_PSA_CRYPTO_SE_C)
1735 if (driver != NULL) {
1760 #if defined(MBEDTLS_PSA_CRYPTO_SE_C)
1766 if (driver != NULL &&
1769 if (status != PSA_SUCCESS) {
1777 if (status == PSA_SUCCESS) {
1780 if (status != PSA_SUCCESS) {
1805 if (slot == NULL) {
1809 #if defined(MBEDTLS_PSA_CRYPTO_SE_C)
1810 /* TODO: If the key has already been created in the secure
1817 /* Abort the ongoing transaction if any (there may not be one if
1818 * the creation process failed before starting one, or if the
1831 * Some key attributes are optional during key creation. If they are
1842 if (attributes->core.type != 0) {
1843 if (attributes->core.type != slot->attr.type) {
1848 if (attributes->domain_parameters_size != 0) {
1849 #if (defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_IMPORT) && \
1852 if (PSA_KEY_TYPE_IS_RSA(slot->attr.type)) {
1862 if (status != PSA_SUCCESS) {
1872 if (ret != 0) {
1878 if (ret != 0) {
1881 if (mbedtls_mpi_cmp_mpi(&actual, &required) != 0) {
1887 if (ret != 0) {
1899 if (attributes->core.bits != 0) {
1900 if (attributes->core.bits != slot->attr.bits) {
1924 if (data_length == 0) {
1929 if (data_length > SIZE_MAX / 8) {
1935 if (status != PSA_SUCCESS) {
1943 if (slot->key.data == NULL) {
1944 if (psa_key_lifetime_is_external(attributes->core.lifetime)) {
1947 if (status != PSA_SUCCESS) {
1952 if (status != PSA_SUCCESS) {
1963 if (status != PSA_SUCCESS) {
1967 if (slot->attr.bits == 0) {
1969 } else if (bits != slot->attr.bits) {
1976 if (bits > PSA_MAX_KEY_BITS) {
1981 if (status != PSA_SUCCESS) {
1987 if (status != PSA_SUCCESS) {
1994 #if defined(MBEDTLS_PSA_CRYPTO_SE_C)
2007 if (psa_get_key_type(attributes) == PSA_KEY_TYPE_NONE) {
2010 if (psa_get_key_bits(attributes) == 0) {
2016 if (status != PSA_SUCCESS) {
2023 if (status != PSA_SUCCESS) {
2049 if (status != PSA_SUCCESS) {
2055 if (status != PSA_SUCCESS) {
2071 if (status != PSA_SUCCESS) {
2077 if (status != PSA_SUCCESS) {
2080 if (PSA_KEY_LIFETIME_GET_LOCATION(target_slot->attr.lifetime) !=
2083 * If the source and target keys are stored in different locations,
2087 * appropriate API invocations from the application, if needed.
2098 if (psa_key_lifetime_is_external(actual_attributes.core.lifetime)) {
2101 if (status != PSA_SUCCESS) {
2106 if (status != PSA_SUCCESS) {
2116 if (status != PSA_SUCCESS) {
2123 if (status != PSA_SUCCESS) {
2129 if (status != PSA_SUCCESS) {
2147 if (operation->id == 0) {
2163 if (operation->id != 0) {
2168 if (!PSA_ALG_IS_HASH(alg)) {
2180 if (status != PSA_SUCCESS) {
2193 if (operation->id == 0) {
2200 if (input_length == 0) {
2207 if (status != PSA_SUCCESS) {
2220 if (operation->id == 0) {
2241 if (status != PSA_SUCCESS) {
2245 if (actual_hash_length != hash_length) {
2250 if (mbedtls_ct_memcmp(hash, actual_hash, actual_hash_length) != 0) {
2256 if (status != PSA_SUCCESS) {
2269 if (!PSA_ALG_IS_HASH(alg)) {
2284 if (!PSA_ALG_IS_HASH(alg)) {
2292 if (status != PSA_SUCCESS) {
2295 if (actual_hash_length != hash_length) {
2299 if (mbedtls_ct_memcmp(hash, actual_hash, actual_hash_length) != 0) {
2311 if (source_operation->id == 0 ||
2318 if (status != PSA_SUCCESS) {
2333 if (operation->id == 0) {
2354 if (!PSA_ALG_IS_MAC(alg)) {
2360 if (status != PSA_SUCCESS) {
2367 if (*mac_size < 4) {
2375 if (*mac_size > PSA_MAC_LENGTH(key_type, key_bits,
2382 if (*mac_size > PSA_MAC_MAX_SIZE) {
2409 if (operation->id != 0) {
2419 if (status != PSA_SUCCESS) {
2429 if (status != PSA_SUCCESS) {
2435 if (is_sign) {
2450 if (status != PSA_SUCCESS) {
2477 if (operation->id == 0) {
2483 if (input_length == 0) {
2489 if (status != PSA_SUCCESS) {
2504 if (operation->id == 0) {
2509 if (!operation->is_sign) {
2516 if (operation->mac_size == 0) {
2521 if (mac_size < operation->mac_size) {
2537 if (status != PSA_SUCCESS) {
2556 if (operation->id == 0) {
2561 if (operation->is_sign) {
2566 if (operation->mac_size != mac_length) {
2600 if (status != PSA_SUCCESS) {
2610 if (status != PSA_SUCCESS) {
2614 if (mac_size < operation_mac_size) {
2633 if (status != PSA_SUCCESS) {
2673 if (status != PSA_SUCCESS) {
2677 if (mac_length != actual_mac_length) {
2681 if (mbedtls_ct_memcmp(mac, actual_mac, actual_mac_length) != 0) {
2699 if (input_is_message) {
2700 if (!PSA_ALG_IS_SIGN_MESSAGE(alg)) {
2704 if (PSA_ALG_IS_SIGN_HASH(alg)) {
2705 if (!PSA_ALG_IS_HASH(PSA_ALG_SIGN_GET_HASH(alg))) {
2710 if (!PSA_ALG_IS_SIGN_HASH(alg)) {
2735 if (status != PSA_SUCCESS) {
2743 if (signature_size == 0) {
2753 if (status != PSA_SUCCESS) {
2757 if (!PSA_KEY_TYPE_IS_KEY_PAIR(slot->attr.type)) {
2766 if (input_is_message) {
2802 if (status != PSA_SUCCESS) {
2812 if (status != PSA_SUCCESS) {
2820 if (input_is_message) {
2851 if (PSA_ALG_IS_SIGN_HASH(alg)) {
2860 if (status != PSA_SUCCESS) {
2898 if (PSA_ALG_IS_SIGN_HASH(alg)) {
2907 if (status != PSA_SUCCESS) {
2938 if (attributes->core.type == PSA_KEY_TYPE_RSA_KEY_PAIR) {
2939 if (PSA_ALG_IS_RSA_PKCS1V15_SIGN(alg) ||
2941 #if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN) || \
2953 } else if (PSA_KEY_TYPE_IS_ECC(attributes->core.type)) {
2954 if (PSA_ALG_IS_ECDSA(alg)) {
2955 #if defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) || \
2999 if (PSA_KEY_TYPE_IS_RSA(attributes->core.type)) {
3000 if (PSA_ALG_IS_RSA_PKCS1V15_SIGN(alg) ||
3002 #if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN) || \
3014 } else if (PSA_KEY_TYPE_IS_ECC(attributes->core.type)) {
3015 if (PSA_ALG_IS_ECDSA(alg)) {
3016 #if defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) || \
3075 if (!PSA_ALG_IS_RSA_OAEP(alg) && salt_length != 0) {
3081 if (status != PSA_SUCCESS) {
3084 if (!(PSA_KEY_TYPE_IS_PUBLIC_KEY(slot->attr.type) ||
3127 if (!PSA_ALG_IS_RSA_OAEP(alg) && salt_length != 0) {
3133 if (status != PSA_SUCCESS) {
3136 if (!PSA_KEY_TYPE_IS_KEY_PAIR(slot->attr.type)) {
3187 if (operation->id == 0) {
3219 if (operation->id != 0 || operation->error_occurred) {
3224 if (status != PSA_SUCCESS) {
3233 if (status != PSA_SUCCESS) {
3237 if (!PSA_KEY_TYPE_IS_KEY_PAIR(slot->attr.type)) {
3255 if (status != PSA_SUCCESS) {
3262 if (unlock_status != PSA_SUCCESS) {
3281 if (operation->id == 0 || operation->error_occurred) {
3288 if (signature_size == 0) {
3305 if (status != PSA_OPERATION_INCOMPLETE) {
3306 if (status != PSA_SUCCESS) {
3336 if (operation->id == 0) {
3368 if (operation->id != 0 || operation->error_occurred) {
3373 if (status != PSA_SUCCESS) {
3382 if (status != PSA_SUCCESS) {
3400 if (status != PSA_SUCCESS) {
3407 if (unlock_status != PSA_SUCCESS) {
3421 if (operation->id == 0 || operation->error_occurred) {
3434 if (status != PSA_OPERATION_INCOMPLETE) {
3435 if (status != PSA_SUCCESS) {
3470 #if (defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) || \
3476 if (max_ops == 0) {
3491 #if (defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) || \
3507 #if (defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) || \
3529 if (!PSA_KEY_TYPE_IS_ECC(attributes->core.type)) {
3533 if (!PSA_ALG_IS_ECDSA(alg)) {
3537 #if (defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) || \
3552 if (status != PSA_SUCCESS) {
3568 if (required_hash_length > sizeof(operation->hash)) {
3599 #if (defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) || \
3613 if (signature_size < 2 * operation->coordinate_bytes) {
3618 if (PSA_ALG_ECDSA_IS_DETERMINISTIC(operation->alg)) {
3620 #if defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA)
3655 if (status == PSA_SUCCESS) {
3662 if (status != PSA_SUCCESS) {
3673 if (status != PSA_SUCCESS) {
3706 #if (defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) || \
3710 if (operation->ctx) {
3745 if (!PSA_KEY_TYPE_IS_ECC(attributes->core.type)) {
3749 if (!PSA_ALG_IS_ECDSA(alg)) {
3753 #if (defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) || \
3770 if (status != PSA_SUCCESS) {
3776 if (signature_length != 2 * coordinate_bytes) {
3785 if (status != PSA_SUCCESS) {
3795 if (status != PSA_SUCCESS) {
3801 if (status != PSA_SUCCESS) {
3810 if (required_hash_length > sizeof(operation->hash)) {
3842 #if (defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) || \
3879 #if (defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) || \
3883 if (operation->ctx) {
3926 if (operation->id != 0) {
3931 if (!PSA_ALG_IS_CIPHER(alg)) {
3937 if (status != PSA_SUCCESS) {
3946 if (alg == PSA_ALG_ECB_NO_PADDING) {
3958 if (cipher_operation == MBEDTLS_ENCRYPT) {
3973 if (status != PSA_SUCCESS) {
4005 if (operation->id == 0) {
4010 if (operation->iv_set || !operation->iv_required) {
4016 if (iv_size < default_iv_length) {
4021 if (default_iv_length > PSA_CIPHER_IV_MAX_SIZE) {
4027 if (status != PSA_SUCCESS) {
4035 if (status == PSA_SUCCESS) {
4053 if (operation->id == 0) {
4058 if (operation->iv_set || !operation->iv_required) {
4063 if (iv_length > PSA_CIPHER_IV_MAX_SIZE) {
4073 if (status == PSA_SUCCESS) {
4090 if (operation->id == 0) {
4095 if (operation->iv_required && !operation->iv_set) {
4108 if (status != PSA_SUCCESS) {
4122 if (operation->id == 0) {
4127 if (operation->iv_required && !operation->iv_set) {
4138 if (status == PSA_SUCCESS) {
4150 if (operation->id == 0) {
4181 if (!PSA_ALG_IS_CIPHER(alg)) {
4189 if (status != PSA_SUCCESS) {
4198 if (default_iv_length > PSA_CIPHER_IV_MAX_SIZE) {
4203 if (default_iv_length > 0) {
4204 if (output_size < default_iv_length) {
4210 if (status != PSA_SUCCESS) {
4223 if (status == PSA_SUCCESS) {
4227 if (status == PSA_SUCCESS) {
4228 if (default_iv_length > 0) {
4252 if (!PSA_ALG_IS_CIPHER(alg)) {
4260 if (status != PSA_SUCCESS) {
4268 if (alg == PSA_ALG_CCM_STAR_NO_TAG &&
4272 } else if (input_length < PSA_CIPHER_IV_LENGTH(slot->attr.type, alg)) {
4284 if (status == PSA_SUCCESS) {
4288 if (status != PSA_SUCCESS) {
4313 #if defined(PSA_WANT_ALG_GCM)
4319 * size, which can then lead to collisions if you encrypt a very
4321 if (nonce_length != 0) {
4326 #if defined(PSA_WANT_ALG_CCM)
4328 if (nonce_length >= 7 && nonce_length <= 13) {
4333 #if defined(PSA_WANT_ALG_CHACHA20_POLY1305)
4335 if (nonce_length == 12) {
4337 } else if (nonce_length == 8) {
4352 if (!PSA_ALG_IS_AEAD(alg) || PSA_ALG_IS_WILDCARD(alg)) {
4377 if (status != PSA_SUCCESS) {
4383 if (status != PSA_SUCCESS) {
4392 if (status != PSA_SUCCESS) {
4404 if (status != PSA_SUCCESS && ciphertext_size != 0) {
4432 if (status != PSA_SUCCESS) {
4438 if (status != PSA_SUCCESS) {
4447 if (status != PSA_SUCCESS) {
4459 if (status != PSA_SUCCESS && plaintext_size != 0) {
4474 #if defined(PSA_WANT_ALG_CCM)
4477 if (tag_len < 4 || tag_len > 16 || tag_len % 2) {
4483 #if defined(PSA_WANT_ALG_GCM)
4486 if (tag_len != 4 && tag_len != 8 && (tag_len < 12 || tag_len > 16)) {
4492 #if defined(PSA_WANT_ALG_CHACHA20_POLY1305)
4495 if (tag_len != 16) {
4521 if (status != PSA_SUCCESS) {
4525 if (operation->id != 0) {
4530 if (operation->nonce_set || operation->lengths_set ||
4536 if (is_encrypt) {
4544 if (status != PSA_SUCCESS) {
4552 if ((status = psa_validate_tag_length(alg)) != PSA_SUCCESS) {
4556 if (is_encrypt) {
4569 if (status != PSA_SUCCESS) {
4578 if (status == PSA_SUCCESS) {
4617 if (operation->id == 0) {
4622 if (operation->nonce_set || !operation->is_encrypt) {
4638 if (nonce_size < required_nonce_size) {
4644 if (status != PSA_SUCCESS) {
4651 if (status == PSA_SUCCESS) {
4669 if (operation->id == 0) {
4674 if (operation->nonce_set) {
4680 if (status != PSA_SUCCESS) {
4689 if (status == PSA_SUCCESS) {
4705 if (operation->id == 0) {
4710 if (operation->lengths_set || operation->ad_started ||
4717 #if defined(PSA_WANT_ALG_GCM)
4719 /* Lengths can only be too large for GCM if size_t is bigger than 32
4722 #if SIZE_MAX > UINT32_MAX
4723 if (((uint64_t) ad_length) >> 61 != 0 ||
4731 #if defined(PSA_WANT_ALG_CCM)
4733 if (ad_length > 0xFF00) {
4739 #if defined(PSA_WANT_ALG_CHACHA20_POLY1305)
4752 if (status == PSA_SUCCESS) {
4770 if (operation->id == 0) {
4775 if (!operation->nonce_set || operation->body_started) {
4780 if (operation->lengths_set) {
4781 if (operation->ad_remaining < input_length) {
4788 #if defined(PSA_WANT_ALG_CCM)
4789 else if (operation->alg == PSA_ALG_CCM) {
4799 if (status == PSA_SUCCESS) {
4821 if (operation->id == 0) {
4826 if (!operation->nonce_set) {
4831 if (operation->lengths_set) {
4834 if (operation->ad_remaining != 0) {
4840 if (operation->body_remaining < input_length) {
4847 #if defined(PSA_WANT_ALG_CCM)
4848 else if (operation->alg == PSA_ALG_CCM) {
4859 if (status == PSA_SUCCESS) {
4870 if (operation->id == 0 || !operation->nonce_set) {
4874 if (operation->lengths_set && (operation->ad_remaining != 0 ||
4897 if (status != PSA_SUCCESS) {
4901 if (!operation->is_encrypt) {
4916 * Even if the operation succeeds, make sure we clear the rest of the
4940 if (status != PSA_SUCCESS) {
4944 if (operation->is_encrypt) {
4965 if (operation->id == 0) {
4983 #if defined(BUILTIN_ALG_ANY_HKDF) || \
4991 #if defined(BUILTIN_ALG_ANY_HKDF) || \
5027 if (PSA_ALG_IS_KEY_AGREEMENT(operation->alg)) {
5038 if (kdf_alg == 0) {
5043 #if defined(BUILTIN_ALG_ANY_HKDF)
5044 if (PSA_ALG_IS_ANY_HKDF(kdf_alg)) {
5049 #if defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_PRF) || \
5051 if (PSA_ALG_IS_TLS12_PRF(kdf_alg) ||
5054 if (operation->ctx.tls12_prf.secret != NULL) {
5059 if (operation->ctx.tls12_prf.seed != NULL) {
5064 if (operation->ctx.tls12_prf.label != NULL) {
5068 #if defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_PSK_TO_MS)
5069 if (operation->ctx.tls12_prf.other_secret != NULL) {
5081 #if defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_ECJPAKE_TO_PMS)
5082 if (kdf_alg == PSA_ALG_TLS12_ECJPAKE_TO_PMS) {
5087 #if defined(PSA_HAVE_SOFT_PBKDF2)
5088 if (PSA_ALG_IS_PBKDF2(kdf_alg)) {
5089 if (operation->ctx.pbkdf2.salt != NULL) {
5107 if (operation->alg == 0) {
5119 if (operation->alg == 0) {
5122 if (capacity > operation->capacity) {
5129 #if defined(BUILTIN_ALG_ANY_HKDF)
5140 #if defined(MBEDTLS_PSA_BUILTIN_ALG_HKDF_EXTRACT)
5146 if (hkdf->state < HKDF_STATE_KEYED ||
5148 #if defined(MBEDTLS_PSA_BUILTIN_ALG_HKDF_EXTRACT)
5159 if (n > output_length) {
5166 if (output_length == 0) {
5171 * prevented this call. It could happen only if the operation
5172 * object was corrupted or if this function is called directly
5174 if (hkdf->block_number == last_block) {
5186 if (status != PSA_SUCCESS) {
5190 if (hkdf->block_number != 1) {
5194 if (status != PSA_SUCCESS) {
5201 if (status != PSA_SUCCESS) {
5206 if (status != PSA_SUCCESS) {
5213 if (status != PSA_SUCCESS) {
5222 #if defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_PRF) || \
5236 * prevented this call. It could happen only if the operation
5237 * object was corrupted or if this function is called directly
5239 if (tls12_prf->block_number == 0xff) {
5268 if (status != PSA_SUCCESS) {
5273 if (tls12_prf->block_number == 1) {
5280 if (status != PSA_SUCCESS) {
5286 if (status != PSA_SUCCESS) {
5292 if (status != PSA_SUCCESS) {
5300 if (hmac_output_length != hash_length) {
5303 if (status != PSA_SUCCESS) {
5312 if (status != PSA_SUCCESS) {
5316 if (status != PSA_SUCCESS) {
5320 if (status != PSA_SUCCESS) {
5324 if (status != PSA_SUCCESS) {
5330 if (status != PSA_SUCCESS) {
5337 if (status == PSA_SUCCESS && cleanup_status != PSA_SUCCESS) {
5366 /* Check if we have fully processed the current block. */
5367 if (tls12_prf->left_in_block == 0) {
5370 if (status != PSA_SUCCESS) {
5377 if (tls12_prf->left_in_block > output_length) {
5395 #if defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_ECJPAKE_TO_PMS)
5404 if (output_length != 32) {
5411 if (status != PSA_SUCCESS) {
5415 if (output_size != output_length) {
5423 #if defined(PSA_HAVE_SOFT_PBKDF2)
5447 if (status != PSA_SUCCESS) {
5451 if (status != PSA_SUCCESS) {
5455 if (status != PSA_SUCCESS) {
5460 if (status != PSA_SUCCESS) {
5464 if (mac_output_length != prf_output_length) {
5481 if (status != PSA_SUCCESS) {
5507 if (PSA_ALG_IS_PBKDF2_HMAC(kdf_alg)) {
5511 } else if (kdf_alg == PSA_ALG_PBKDF2_AES_CMAC_PRF_128) {
5533 if (n > output_length) {
5541 if (output_length == 0) {
5552 if (status != PSA_SUCCESS) {
5569 if (operation->alg == 0) {
5574 if (output_length > operation->capacity) {
5581 if (output_length == 0 && operation->capacity == 0) {
5592 #if defined(BUILTIN_ALG_ANY_HKDF)
5593 if (PSA_ALG_IS_ANY_HKDF(kdf_alg)) {
5598 #if defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_PRF) || \
5600 if (PSA_ALG_IS_TLS12_PRF(kdf_alg) ||
5608 #if defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_ECJPAKE_TO_PMS)
5609 if (kdf_alg == PSA_ALG_TLS12_ECJPAKE_TO_PMS) {
5614 #if defined(PSA_HAVE_SOFT_PBKDF2)
5615 if (PSA_ALG_IS_PBKDF2(kdf_alg)) {
5627 if (status != PSA_SUCCESS) {
5640 #if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_DES)
5643 if (data_size >= 8) {
5646 if (data_size >= 16) {
5649 if (data_size >= 24) {
5666 * 2. If m is not a multiple of 8, set the most significant
5669 * 4. If k > N - 2, discard the result and return to step 1.
5684 #if defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE)
5685 #if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR_DERIVE)
5709 if (grp_id == MBEDTLS_ECP_DP_NONE) {
5731 if (*data == NULL) {
5738 if ((status = psa_key_derivation_output_bytes(operation, *data, m_bytes)) != 0) {
5742 /* 2. If m is not a multiple of 8 */
5743 if (m % 8 != 0) {
5757 /* 4. If k > N - 2, discard the result and return to step 1.
5768 if (ret != 0) {
5771 if (status != PSA_SUCCESS) {
5817 if (*data == NULL) {
5823 if (status != PSA_SUCCESS) {
5878 if (PSA_KEY_TYPE_IS_PUBLIC_KEY(slot->attr.type)) {
5882 #if defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE) || \
5884 if (PSA_KEY_TYPE_IS_ECC(slot->attr.type)) {
5886 if (PSA_ECC_FAMILY_IS_WEIERSTRASS(curve)) {
5889 if (status != PSA_SUCCESS) {
5895 if (status != PSA_SUCCESS) {
5902 if (key_type_is_raw_bytes(slot->attr.type)) {
5903 if (bits % 8 != 0) {
5907 if (data == NULL) {
5912 if (status != PSA_SUCCESS) {
5915 #if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_DES)
5916 if (slot->attr.type == PSA_KEY_TYPE_DES) {
5929 if (psa_key_lifetime_is_external(attributes.core.lifetime)) {
5932 if (status != PSA_SUCCESS) {
5937 if (status != PSA_SUCCESS) {
5946 if (bits != slot->attr.bits) {
5967 if (psa_get_key_bits(attributes) == 0) {
5971 if (operation->alg == PSA_ALG_NONE) {
5975 if (!operation->can_output_key) {
5981 #if defined(MBEDTLS_PSA_CRYPTO_SE_C)
5982 if (driver != NULL) {
5987 if (status == PSA_SUCCESS) {
5992 if (status == PSA_SUCCESS) {
5995 if (status != PSA_SUCCESS) {
6008 #if defined(AT_LEAST_ONE_BUILTIN_KDF)
6011 #if defined(MBEDTLS_PSA_BUILTIN_ALG_HKDF)
6012 if (PSA_ALG_IS_HKDF(kdf_alg)) {
6016 #if defined(MBEDTLS_PSA_BUILTIN_ALG_HKDF_EXTRACT)
6017 if (PSA_ALG_IS_HKDF_EXTRACT(kdf_alg)) {
6021 #if defined(MBEDTLS_PSA_BUILTIN_ALG_HKDF_EXPAND)
6022 if (PSA_ALG_IS_HKDF_EXPAND(kdf_alg)) {
6026 #if defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_PRF)
6027 if (PSA_ALG_IS_TLS12_PRF(kdf_alg)) {
6031 #if defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_PSK_TO_MS)
6032 if (PSA_ALG_IS_TLS12_PSK_TO_MS(kdf_alg)) {
6036 #if defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_ECJPAKE_TO_PMS)
6037 if (kdf_alg == PSA_ALG_TLS12_ECJPAKE_TO_PMS) {
6041 #if defined(MBEDTLS_PSA_BUILTIN_ALG_PBKDF2_HMAC)
6042 if (PSA_ALG_IS_PBKDF2_HMAC(kdf_alg)) {
6046 #if defined(MBEDTLS_PSA_BUILTIN_ALG_PBKDF2_AES_CMAC_PRF_128)
6047 if (kdf_alg == PSA_ALG_PBKDF2_AES_CMAC_PRF_128) {
6071 if (!is_kdf_alg_supported(kdf_alg)) {
6079 if (kdf_alg == PSA_ALG_TLS12_ECJPAKE_TO_PMS) {
6081 } else if (kdf_alg == PSA_ALG_PBKDF2_AES_CMAC_PRF_128) {
6084 if (hash_size == 0) {
6092 if (status != PSA_SUCCESS) {
6097 if ((PSA_ALG_IS_TLS12_PRF(kdf_alg) ||
6102 #if defined(MBEDTLS_PSA_BUILTIN_ALG_HKDF_EXTRACT) || \
6104 if (PSA_ALG_IS_HKDF_EXTRACT(kdf_alg) ||
6116 #if defined(PSA_WANT_ALG_ECDH)
6117 if (alg == PSA_ALG_ECDH) {
6121 #if defined(PSA_WANT_ALG_FFDH)
6122 if (alg == PSA_ALG_FFDH) {
6133 #if defined(PSA_WANT_ALG_TLS12_ECJPAKE_TO_PMS)
6134 if (kdf_alg == PSA_ALG_TLS12_ECJPAKE_TO_PMS) {
6148 if (operation->alg != 0) {
6152 if (PSA_ALG_IS_RAW_KEY_AGREEMENT(alg)) {
6154 } else if (PSA_ALG_IS_KEY_AGREEMENT(alg)) {
6155 #if defined(AT_LEAST_ONE_BUILTIN_KDF)
6159 if (status != PSA_SUCCESS) {
6162 if (!psa_key_derivation_allows_free_form_secret_input(kdf_alg)) {
6169 } else if (PSA_ALG_IS_KEY_DERIVATION(alg)) {
6170 #if defined(AT_LEAST_ONE_BUILTIN_KDF)
6179 if (status == PSA_SUCCESS) {
6185 #if defined(BUILTIN_ALG_ANY_HKDF)
6196 #if defined(MBEDTLS_PSA_BUILTIN_ALG_HKDF_EXPAND)
6197 if (PSA_ALG_IS_HKDF_EXPAND(kdf_alg)) {
6201 if (hkdf->state != HKDF_STATE_INIT) {
6207 if (status != PSA_SUCCESS) {
6214 #if defined(MBEDTLS_PSA_BUILTIN_ALG_HKDF_EXPAND)
6215 if (PSA_ALG_IS_HKDF_EXPAND(kdf_alg)) {
6218 * the state. It could happen only if the hkdf
6220 if (hkdf->state != HKDF_STATE_INIT) {
6225 if (data_length != PSA_HASH_LENGTH(hash_alg)) {
6233 /* HKDF: If no salt was provided, use an empty salt.
6235 if (hkdf->state == HKDF_STATE_INIT) {
6236 #if defined(MBEDTLS_PSA_BUILTIN_ALG_HKDF_EXTRACT)
6237 if (PSA_ALG_IS_HKDF_EXTRACT(kdf_alg)) {
6244 if (status != PSA_SUCCESS) {
6249 if (hkdf->state != HKDF_STATE_STARTED) {
6254 if (status != PSA_SUCCESS) {
6261 if (status != PSA_SUCCESS) {
6268 #if defined(MBEDTLS_PSA_BUILTIN_ALG_HKDF_EXTRACT)
6269 if (PSA_ALG_IS_HKDF_EXTRACT(kdf_alg)) {
6283 #if defined(MBEDTLS_PSA_BUILTIN_ALG_HKDF_EXTRACT)
6284 if (PSA_ALG_IS_HKDF_EXTRACT(kdf_alg)) {
6288 #if defined(MBEDTLS_PSA_BUILTIN_ALG_HKDF_EXPAND)
6289 if (PSA_ALG_IS_HKDF_EXPAND(kdf_alg) &&
6294 if (hkdf->state == HKDF_STATE_OUTPUT) {
6297 if (hkdf->info_set) {
6301 if (data_length != 0) {
6303 if (hkdf->info == NULL) {
6316 #if defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_PRF) || \
6322 if (prf->state != PSA_TLS12_PRF_STATE_INIT) {
6326 if (data_length != 0) {
6328 if (prf->seed == NULL) {
6345 if (prf->state != PSA_TLS12_PRF_STATE_SEED_SET &&
6350 if (data_length != 0) {
6352 if (prf->secret == NULL) {
6369 if (prf->state != PSA_TLS12_PRF_STATE_KEY_SET) {
6373 if (data_length != 0) {
6375 if (prf->label == NULL) {
6407 #if defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_PSK_TO_MS)
6418 if (data_length > PSA_TLS12_PSK_TO_MS_PSK_MAX_SIZE) {
6423 if (pms == NULL) {
6431 * The premaster secret is formed as follows: if the PSK is N octets
6446 if (prf->state == PSA_TLS12_PRF_STATE_OTHER_KEY_SET) {
6449 if (prf->other_secret_length != 0) {
6477 if (prf->state != PSA_TLS12_PRF_STATE_SEED_SET) {
6481 if (data_length != 0) {
6483 if (prf->other_secret == NULL) {
6522 #if defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_ECJPAKE_TO_PMS)
6529 if (data_length != PSA_TLS12_ECJPAKE_TO_PMS_INPUT_SIZE ||
6534 /* Check if the passed point is in an uncompressed form */
6535 if (data[0] != 0x04) {
6546 #if defined(PSA_HAVE_SOFT_PBKDF2)
6552 if (step != PSA_KEY_DERIVATION_INPUT_COST) {
6556 if (pbkdf2->state != PSA_PBKDF2_STATE_INIT) {
6560 if (data > PSA_VENDOR_PBKDF2_MAX_ITERATIONS) {
6564 if (data == 0) {
6578 if (pbkdf2->state == PSA_PBKDF2_STATE_INPUT_COST_SET) {
6580 } else if (pbkdf2->state == PSA_PBKDF2_STATE_SALT_SET) {
6586 if (data_length == 0) {
6592 if (next_salt == NULL) {
6596 if (pbkdf2->salt_length != 0) {
6607 #if defined(MBEDTLS_PSA_BUILTIN_ALG_PBKDF2_HMAC)
6615 if (input_len > PSA_HASH_BLOCK_LENGTH(hash_alg)) {
6626 #if defined(MBEDTLS_PSA_BUILTIN_ALG_PBKDF2_AES_CMAC_PRF_128)
6633 if (input_len != PSA_MAC_LENGTH(PSA_KEY_TYPE_AES, 128U, PSA_ALG_CMAC)) {
6664 if (pbkdf2->state != PSA_PBKDF2_STATE_SALT_SET) {
6668 #if defined(MBEDTLS_PSA_BUILTIN_ALG_PBKDF2_HMAC)
6669 if (PSA_ALG_IS_PBKDF2_HMAC(kdf_alg)) {
6676 #if defined(MBEDTLS_PSA_BUILTIN_ALG_PBKDF2_AES_CMAC_PRF_128)
6677 if (kdf_alg == PSA_ALG_PBKDF2_AES_CMAC_PRF_128) {
6724 if (key_type == PSA_KEY_TYPE_DERIVE) {
6727 if (key_type == PSA_KEY_TYPE_NONE) {
6732 if (key_type == PSA_KEY_TYPE_DERIVE) {
6735 if (key_type == PSA_KEY_TYPE_NONE) {
6743 if (key_type == PSA_KEY_TYPE_RAW_DATA) {
6746 if (key_type == PSA_KEY_TYPE_NONE) {
6751 if (key_type == PSA_KEY_TYPE_PASSWORD) {
6754 if (key_type == PSA_KEY_TYPE_DERIVE) {
6757 if (key_type == PSA_KEY_TYPE_NONE) {
6776 if (status != PSA_SUCCESS) {
6780 #if defined(BUILTIN_ALG_ANY_HKDF)
6781 if (PSA_ALG_IS_ANY_HKDF(kdf_alg)) {
6786 #if defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_PRF)
6787 if (PSA_ALG_IS_TLS12_PRF(kdf_alg)) {
6792 #if defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_PSK_TO_MS)
6793 if (PSA_ALG_IS_TLS12_PSK_TO_MS(kdf_alg)) {
6798 #if defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_ECJPAKE_TO_PMS)
6799 if (kdf_alg == PSA_ALG_TLS12_ECJPAKE_TO_PMS) {
6804 #if defined(PSA_HAVE_SOFT_PBKDF2)
6805 if (PSA_ALG_IS_PBKDF2(kdf_alg)) {
6819 if (status != PSA_SUCCESS) {
6833 #if defined(PSA_HAVE_SOFT_PBKDF2)
6834 if (PSA_ALG_IS_PBKDF2(kdf_alg)) {
6846 if (status != PSA_SUCCESS) {
6882 if (status != PSA_SUCCESS) {
6889 if (step == PSA_KEY_DERIVATION_INPUT_SECRET ||
6921 #if defined(MBEDTLS_PSA_BUILTIN_ALG_ECDH)
6931 #if defined(MBEDTLS_PSA_BUILTIN_ALG_FFDH)
6958 * to the driver's implementation if a driver is present.
6970 if (!PSA_ALG_IS_RAW_KEY_AGREEMENT(alg)) {
6987 /* Note that if this function fails, you must call psa_key_derivation_abort()
7009 if (status != PSA_SUCCESS) {
7035 if (!PSA_ALG_IS_KEY_AGREEMENT(operation->alg)) {
7040 if (status != PSA_SUCCESS) {
7046 if (status != PSA_SUCCESS) {
7049 /* If a private key has been added as SECRET, we allow the derived
7051 if (step == PSA_KEY_DERIVATION_INPUT_SECRET) {
7074 if (!PSA_ALG_IS_KEY_AGREEMENT(alg)) {
7080 if (status != PSA_SUCCESS) {
7086 * function works if output_size >= PSA_RAW_KEY_AGREEMENT_OUTPUT_SIZE(...),
7087 * but it might be nice to allow smaller buffers if the output fits.
7090 * If FFDH is implemented, PSA_RAW_KEY_AGREEMENT_OUTPUT_SIZE() can easily
7094 if (output_size < expected_length) {
7105 if (status != PSA_SUCCESS) {
7106 /* If an error happens and is not handled properly, the output
7128 #if defined(MBEDTLS_PSA_INJECT_ENTROPY)
7136 #if defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG)
7140 /* Set default configuration if
7142 if (rng->entropy_init == NULL) {
7145 if (rng->entropy_free == NULL) {
7150 #if defined(MBEDTLS_PSA_INJECT_ENTROPY) && \
7168 #if defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG)
7180 #if defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG)
7197 #if defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG)
7203 if (status != PSA_SUCCESS) {
7208 if (output_length != output_size) {
7222 if (ret != 0) {
7245 #if defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG)
7257 if (status == PSA_SUCCESS) {
7265 #if defined(MBEDTLS_PSA_INJECT_ENTROPY)
7269 if (global_data.initialized) {
7273 if (((seed_size < MBEDTLS_ENTROPY_MIN_PLATFORM) ||
7301 if (key_type_is_raw_bytes(type)) {
7303 if (status != PSA_SUCCESS) {
7307 #if defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE)
7308 if (PSA_KEY_TYPE_IS_RSA(type) && PSA_KEY_TYPE_IS_KEY_PAIR(type)) {
7309 if (bits > PSA_VENDOR_RSA_MAX_KEY_BITS) {
7312 if (bits < PSA_VENDOR_RSA_GENERATE_MIN_KEY_BITS) {
7318 if (bits % 8 != 0) {
7324 #if defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE)
7325 if (PSA_KEY_TYPE_IS_ECC(type) && PSA_KEY_TYPE_IS_KEY_PAIR(type)) {
7331 #if defined(PSA_WANT_KEY_TYPE_DH_KEY_PAIR_GENERATE)
7332 if (PSA_KEY_TYPE_IS_DH(type) && PSA_KEY_TYPE_IS_KEY_PAIR(type)) {
7333 if (psa_is_dh_key_size_valid(bits) == 0) {
7352 if ((attributes->domain_parameters == NULL) &&
7357 if (key_type_is_raw_bytes(type)) {
7359 if (status != PSA_SUCCESS) {
7363 #if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_DES)
7364 if (type == PSA_KEY_TYPE_DES) {
7370 #if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_GENERATE)
7371 if (type == PSA_KEY_TYPE_RSA_KEY_PAIR) {
7379 #if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR_GENERATE)
7380 if (PSA_KEY_TYPE_IS_ECC(type) && PSA_KEY_TYPE_IS_KEY_PAIR(type)) {
7388 #if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_KEY_PAIR_GENERATE)
7389 if (PSA_KEY_TYPE_IS_DH(type) && PSA_KEY_TYPE_IS_KEY_PAIR(type)) {
7416 if (psa_get_key_bits(attributes) == 0) {
7421 if (PSA_KEY_TYPE_IS_PUBLIC_KEY(attributes->core.type)) {
7427 if (status != PSA_SUCCESS) {
7435 if (slot->key.data == NULL) {
7436 if (PSA_KEY_LIFETIME_GET_LOCATION(attributes->core.lifetime) ==
7440 if (status != PSA_SUCCESS) {
7450 if (status != PSA_SUCCESS) {
7456 if (status != PSA_SUCCESS) {
7464 if (status != PSA_SUCCESS) {
7469 if (status == PSA_SUCCESS) {
7472 if (status != PSA_SUCCESS) {
7483 #if !defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG)
7488 if (global_data.rng_state != RNG_NOT_INITIALIZED) {
7500 if (global_data.rng_state != RNG_NOT_INITIALIZED) {
7512 #if defined(PSA_CRYPTO_STORAGE_HAS_TRANSACTIONS)
7516 * returns. If this function returns a failure status, the initialization
7542 if (global_data.initialized != 0) {
7547 if (status != PSA_SUCCESS) {
7553 if (status != PSA_SUCCESS) {
7562 if (status != PSA_SUCCESS) {
7567 #if defined(PSA_CRYPTO_STORAGE_HAS_TRANSACTIONS)
7569 if (status == PSA_SUCCESS) {
7571 if (status != PSA_SUCCESS) {
7575 } else if (status == PSA_ERROR_DOES_NOT_EXIST) {
7585 if (status != PSA_SUCCESS) {
7591 #if defined(PSA_WANT_ALG_SOME_PAKE)
7596 if (inputs->password_len == 0) {
7609 if (inputs->password_len == 0) {
7613 if (buffer_size < inputs->password_len) {
7627 if (inputs->user_len == 0) {
7640 if (inputs->user_len == 0) {
7644 if (user_id_size < inputs->user_len) {
7658 if (inputs->peer_len == 0) {
7671 if (inputs->peer_len == 0) {
7675 if (peer_id_size < inputs->peer_len) {
7689 if (inputs->cipher_suite.algorithm == PSA_ALG_NONE) {
7704 if (operation->stage != PSA_PAKE_OPERATION_STAGE_SETUP) {
7709 if (PSA_ALG_IS_PAKE(cipher_suite->algorithm) == 0 ||
7722 #if defined(PSA_WANT_ALG_JPAKE)
7723 if (operation->alg == PSA_ALG_JPAKE) {
7754 if (operation->stage != PSA_PAKE_OPERATION_STAGE_COLLECT_INPUTS) {
7762 if (status != PSA_SUCCESS) {
7772 if (type != PSA_KEY_TYPE_PASSWORD &&
7779 if (operation->data.inputs.password == NULL) {
7788 if (status != PSA_SUCCESS) {
7802 if (operation->stage != PSA_PAKE_OPERATION_STAGE_COLLECT_INPUTS) {
7807 if (user_id_len == 0) {
7812 if (operation->data.inputs.user_len != 0) {
7818 if (operation->data.inputs.user == NULL) {
7839 if (operation->stage != PSA_PAKE_OPERATION_STAGE_COLLECT_INPUTS) {
7844 if (peer_id_len == 0) {
7849 if (operation->data.inputs.peer_len != 0) {
7855 if (operation->data.inputs.peer == NULL) {
7875 if (operation->stage != PSA_PAKE_OPERATION_STAGE_COLLECT_INPUTS) {
7881 #if defined(PSA_WANT_ALG_JPAKE)
7883 if (role == PSA_PAKE_ROLE_NONE) {
7900 #if defined(PSA_WANT_ALG_JPAKE)
7905 if (stage->round == PSA_JPAKE_FIRST) {
7908 if (stage->io_mode == PSA_JPAKE_OUTPUT) {
7917 } else if (stage->round == PSA_JPAKE_SECOND) {
7936 if (inputs.password_len == 0) {
7940 if (operation->alg == PSA_ALG_JPAKE) {
7941 if (inputs.user_len == 0 || inputs.peer_len == 0) {
7958 if (status == PSA_SUCCESS) {
7959 #if defined(PSA_WANT_ALG_JPAKE)
7960 if (operation->alg == PSA_ALG_JPAKE) {
7971 #if defined(PSA_WANT_ALG_JPAKE)
7977 if (step != PSA_PAKE_STEP_KEY_SHARE &&
7986 if (computation_stage->round != PSA_JPAKE_FIRST &&
7992 if (step != computation_stage->step) {
7996 if (step == PSA_PAKE_STEP_KEY_SHARE &&
8002 } else if (computation_stage->io_mode != io_mode) {
8018 if (stage->step == PSA_PAKE_STEP_ZK_PROOF) {
8020 if (io_mode == PSA_JPAKE_INPUT) {
8022 if (stage->inputs == PSA_JPAKE_EXPECTED_INPUTS(stage->round)) {
8026 if (io_mode == PSA_JPAKE_OUTPUT) {
8028 if (stage->outputs == PSA_JPAKE_EXPECTED_OUTPUTS(stage->round)) {
8032 if (stage->inputs == PSA_JPAKE_EXPECTED_INPUTS(stage->round) &&
8059 if (operation->stage == PSA_PAKE_OPERATION_STAGE_COLLECT_INPUTS) {
8061 if (status != PSA_SUCCESS) {
8066 if (operation->stage != PSA_PAKE_OPERATION_STAGE_COMPUTATION) {
8071 if (output_size == 0) {
8077 #if defined(PSA_WANT_ALG_JPAKE)
8080 if (status != PSA_SUCCESS) {
8096 if (status != PSA_SUCCESS) {
8101 #if defined(PSA_WANT_ALG_JPAKE)
8104 if (status != PSA_SUCCESS) {
8132 if (operation->stage == PSA_PAKE_OPERATION_STAGE_COLLECT_INPUTS) {
8134 if (status != PSA_SUCCESS) {
8139 if (operation->stage != PSA_PAKE_OPERATION_STAGE_COMPUTATION) {
8144 if (input_length == 0 || input_length > max_input_length) {
8150 #if defined(PSA_WANT_ALG_JPAKE)
8153 if (status != PSA_SUCCESS) {
8169 if (status != PSA_SUCCESS) {
8174 #if defined(PSA_WANT_ALG_JPAKE)
8177 if (status != PSA_SUCCESS) {
8202 if (operation->stage != PSA_PAKE_OPERATION_STAGE_COMPUTATION) {
8207 #if defined(PSA_WANT_ALG_JPAKE)
8208 if (operation->alg == PSA_ALG_JPAKE) {
8211 if (computation_stage->round != PSA_JPAKE_FINISHED) {
8227 if (status != PSA_SUCCESS) {
8247 if (operation->stage == PSA_PAKE_OPERATION_STAGE_COMPUTATION) {
8251 if (operation->stage == PSA_PAKE_OPERATION_STAGE_COLLECT_INPUTS) {
8252 if (operation->data.inputs.password != NULL) {
8256 if (operation->data.inputs.user != NULL) {
8259 if (operation->data.inputs.peer != NULL) {