1*62c56f98SSadaf Ebrahimi /* 2*62c56f98SSadaf Ebrahimi * PSA PAKE layer on top of Mbed TLS software crypto 3*62c56f98SSadaf Ebrahimi */ 4*62c56f98SSadaf Ebrahimi /* 5*62c56f98SSadaf Ebrahimi * Copyright The Mbed TLS Contributors 6*62c56f98SSadaf Ebrahimi * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later 7*62c56f98SSadaf Ebrahimi */ 8*62c56f98SSadaf Ebrahimi 9*62c56f98SSadaf Ebrahimi #ifndef PSA_CRYPTO_PAKE_H 10*62c56f98SSadaf Ebrahimi #define PSA_CRYPTO_PAKE_H 11*62c56f98SSadaf Ebrahimi 12*62c56f98SSadaf Ebrahimi #include <psa/crypto.h> 13*62c56f98SSadaf Ebrahimi 14*62c56f98SSadaf Ebrahimi /** Set the session information for a password-authenticated key exchange. 15*62c56f98SSadaf Ebrahimi * 16*62c56f98SSadaf Ebrahimi * \note The signature of this function is that of a PSA driver 17*62c56f98SSadaf Ebrahimi * pake_setup entry point. This function behaves as a pake_setup 18*62c56f98SSadaf Ebrahimi * entry point as defined in the PSA driver interface specification for 19*62c56f98SSadaf Ebrahimi * transparent drivers. 20*62c56f98SSadaf Ebrahimi * 21*62c56f98SSadaf Ebrahimi * \param[in,out] operation The operation object to set up. It must have 22*62c56f98SSadaf Ebrahimi * been initialized but not set up yet. 23*62c56f98SSadaf Ebrahimi * \param[in] inputs Inputs required for PAKE operation (role, password, 24*62c56f98SSadaf Ebrahimi * key lifetime, cipher suite) 25*62c56f98SSadaf Ebrahimi * 26*62c56f98SSadaf Ebrahimi * \retval #PSA_SUCCESS 27*62c56f98SSadaf Ebrahimi * Success. 28*62c56f98SSadaf Ebrahimi * \retval #PSA_ERROR_NOT_SUPPORTED 29*62c56f98SSadaf Ebrahimi * The algorithm in \p cipher_suite is not a supported PAKE algorithm, 30*62c56f98SSadaf Ebrahimi * or the PAKE primitive in \p cipher_suite is not supported or not 31*62c56f98SSadaf Ebrahimi * compatible with the PAKE algorithm, or the hash algorithm in 32*62c56f98SSadaf Ebrahimi * \p cipher_suite is not supported or not compatible with the PAKE 33*62c56f98SSadaf Ebrahimi * algorithm and primitive. 34*62c56f98SSadaf Ebrahimi * \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription 35*62c56f98SSadaf Ebrahimi * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription 36*62c56f98SSadaf Ebrahimi */ 37*62c56f98SSadaf Ebrahimi psa_status_t mbedtls_psa_pake_setup(mbedtls_psa_pake_operation_t *operation, 38*62c56f98SSadaf Ebrahimi const psa_crypto_driver_pake_inputs_t *inputs); 39*62c56f98SSadaf Ebrahimi 40*62c56f98SSadaf Ebrahimi 41*62c56f98SSadaf Ebrahimi /** Get output for a step of a password-authenticated key exchange. 42*62c56f98SSadaf Ebrahimi * 43*62c56f98SSadaf Ebrahimi * \note The signature of this function is that of a PSA driver 44*62c56f98SSadaf Ebrahimi * pake_output entry point. This function behaves as a pake_output 45*62c56f98SSadaf Ebrahimi * entry point as defined in the PSA driver interface specification for 46*62c56f98SSadaf Ebrahimi * transparent drivers. 47*62c56f98SSadaf Ebrahimi * 48*62c56f98SSadaf Ebrahimi * \param[in,out] operation Active PAKE operation. 49*62c56f98SSadaf Ebrahimi * \param step The step of the algorithm for which the output is 50*62c56f98SSadaf Ebrahimi * requested. 51*62c56f98SSadaf Ebrahimi * \param[out] output Buffer where the output is to be written in the 52*62c56f98SSadaf Ebrahimi * format appropriate for this driver \p step. Refer to 53*62c56f98SSadaf Ebrahimi * the documentation of psa_crypto_driver_pake_step_t for 54*62c56f98SSadaf Ebrahimi * more information. 55*62c56f98SSadaf Ebrahimi * \param output_size Size of the \p output buffer in bytes. This must 56*62c56f98SSadaf Ebrahimi * be at least #PSA_PAKE_OUTPUT_SIZE(\p alg, \p 57*62c56f98SSadaf Ebrahimi * primitive, \p step) where \p alg and 58*62c56f98SSadaf Ebrahimi * \p primitive are the PAKE algorithm and primitive 59*62c56f98SSadaf Ebrahimi * in the operation's cipher suite, and \p step is 60*62c56f98SSadaf Ebrahimi * the output step. 61*62c56f98SSadaf Ebrahimi * 62*62c56f98SSadaf Ebrahimi * \param[out] output_length On success, the number of bytes of the returned 63*62c56f98SSadaf Ebrahimi * output. 64*62c56f98SSadaf Ebrahimi * 65*62c56f98SSadaf Ebrahimi * \retval #PSA_SUCCESS 66*62c56f98SSadaf Ebrahimi * Success. 67*62c56f98SSadaf Ebrahimi * \retval #PSA_ERROR_BUFFER_TOO_SMALL 68*62c56f98SSadaf Ebrahimi * The size of the \p output buffer is too small. 69*62c56f98SSadaf Ebrahimi * \retval #PSA_ERROR_INSUFFICIENT_ENTROPY \emptydescription 70*62c56f98SSadaf Ebrahimi * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription 71*62c56f98SSadaf Ebrahimi * \retval #PSA_ERROR_DATA_CORRUPT \emptydescription 72*62c56f98SSadaf Ebrahimi * \retval #PSA_ERROR_DATA_INVALID \emptydescription 73*62c56f98SSadaf Ebrahimi */ 74*62c56f98SSadaf Ebrahimi psa_status_t mbedtls_psa_pake_output(mbedtls_psa_pake_operation_t *operation, 75*62c56f98SSadaf Ebrahimi psa_crypto_driver_pake_step_t step, 76*62c56f98SSadaf Ebrahimi uint8_t *output, 77*62c56f98SSadaf Ebrahimi size_t output_size, 78*62c56f98SSadaf Ebrahimi size_t *output_length); 79*62c56f98SSadaf Ebrahimi 80*62c56f98SSadaf Ebrahimi /** Provide input for a step of a password-authenticated key exchange. 81*62c56f98SSadaf Ebrahimi * 82*62c56f98SSadaf Ebrahimi * \note The signature of this function is that of a PSA driver 83*62c56f98SSadaf Ebrahimi * pake_input entry point. This function behaves as a pake_input 84*62c56f98SSadaf Ebrahimi * entry point as defined in the PSA driver interface specification for 85*62c56f98SSadaf Ebrahimi * transparent drivers. 86*62c56f98SSadaf Ebrahimi * 87*62c56f98SSadaf Ebrahimi * \note The core checks that input_length is smaller than PSA_PAKE_INPUT_MAX_SIZE. 88*62c56f98SSadaf Ebrahimi * 89*62c56f98SSadaf Ebrahimi * \param[in,out] operation Active PAKE operation. 90*62c56f98SSadaf Ebrahimi * \param step The driver step for which the input is provided. 91*62c56f98SSadaf Ebrahimi * \param[in] input Buffer containing the input in the format 92*62c56f98SSadaf Ebrahimi * appropriate for this \p step. Refer to the 93*62c56f98SSadaf Ebrahimi * documentation of psa_crypto_driver_pake_step_t 94*62c56f98SSadaf Ebrahimi * for more information. 95*62c56f98SSadaf Ebrahimi * \param input_length Size of the \p input buffer in bytes. 96*62c56f98SSadaf Ebrahimi * 97*62c56f98SSadaf Ebrahimi * \retval #PSA_SUCCESS 98*62c56f98SSadaf Ebrahimi * Success. 99*62c56f98SSadaf Ebrahimi * \retval #PSA_ERROR_INVALID_SIGNATURE 100*62c56f98SSadaf Ebrahimi * The verification fails for a zero-knowledge input step. 101*62c56f98SSadaf Ebrahimi * \retval #PSA_ERROR_INVALID_ARGUMENT 102*62c56f98SSadaf Ebrahimi * the \p input is not valid for the \p operation's algorithm, cipher suite 103*62c56f98SSadaf Ebrahimi * or \p step. 104*62c56f98SSadaf Ebrahimi * \retval #PSA_ERROR_NOT_SUPPORTED 105*62c56f98SSadaf Ebrahimi * the \p input is not supported for the \p operation's algorithm, cipher 106*62c56f98SSadaf Ebrahimi * suite or \p step. 107*62c56f98SSadaf Ebrahimi * \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription 108*62c56f98SSadaf Ebrahimi * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription 109*62c56f98SSadaf Ebrahimi * \retval #PSA_ERROR_DATA_CORRUPT \emptydescription 110*62c56f98SSadaf Ebrahimi * \retval #PSA_ERROR_DATA_INVALID \emptydescription 111*62c56f98SSadaf Ebrahimi */ 112*62c56f98SSadaf Ebrahimi psa_status_t mbedtls_psa_pake_input(mbedtls_psa_pake_operation_t *operation, 113*62c56f98SSadaf Ebrahimi psa_crypto_driver_pake_step_t step, 114*62c56f98SSadaf Ebrahimi const uint8_t *input, 115*62c56f98SSadaf Ebrahimi size_t input_length); 116*62c56f98SSadaf Ebrahimi 117*62c56f98SSadaf Ebrahimi /** Get implicitly confirmed shared secret from a PAKE. 118*62c56f98SSadaf Ebrahimi * 119*62c56f98SSadaf Ebrahimi * \note The signature of this function is that of a PSA driver 120*62c56f98SSadaf Ebrahimi * pake_get_implicit_key entry point. This function behaves as a 121*62c56f98SSadaf Ebrahimi * pake_get_implicit_key entry point as defined in the PSA driver 122*62c56f98SSadaf Ebrahimi * interface specification for transparent drivers. 123*62c56f98SSadaf Ebrahimi * 124*62c56f98SSadaf Ebrahimi * \param[in,out] operation Active PAKE operation. 125*62c56f98SSadaf Ebrahimi * \param[out] output Output buffer for implicit key. 126*62c56f98SSadaf Ebrahimi * \param output_size Size of the output buffer in bytes. 127*62c56f98SSadaf Ebrahimi * \param[out] output_length On success, the number of bytes of the implicit key. 128*62c56f98SSadaf Ebrahimi * 129*62c56f98SSadaf Ebrahimi * \retval #PSA_SUCCESS 130*62c56f98SSadaf Ebrahimi * Success. 131*62c56f98SSadaf Ebrahimi * \retval #PSA_ERROR_NOT_SUPPORTED 132*62c56f98SSadaf Ebrahimi * Input from a PAKE is not supported by the algorithm in the \p output 133*62c56f98SSadaf Ebrahimi * key derivation operation. 134*62c56f98SSadaf Ebrahimi * \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription 135*62c56f98SSadaf Ebrahimi * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription 136*62c56f98SSadaf Ebrahimi * \retval #PSA_ERROR_DATA_CORRUPT \emptydescription 137*62c56f98SSadaf Ebrahimi * \retval #PSA_ERROR_DATA_INVALID \emptydescription 138*62c56f98SSadaf Ebrahimi */ 139*62c56f98SSadaf Ebrahimi psa_status_t mbedtls_psa_pake_get_implicit_key( 140*62c56f98SSadaf Ebrahimi mbedtls_psa_pake_operation_t *operation, 141*62c56f98SSadaf Ebrahimi uint8_t *output, size_t output_size, 142*62c56f98SSadaf Ebrahimi size_t *output_length); 143*62c56f98SSadaf Ebrahimi 144*62c56f98SSadaf Ebrahimi /** Abort a PAKE operation. 145*62c56f98SSadaf Ebrahimi * 146*62c56f98SSadaf Ebrahimi * \note The signature of this function is that of a PSA driver 147*62c56f98SSadaf Ebrahimi * pake_abort entry point. This function behaves as a pake_abort 148*62c56f98SSadaf Ebrahimi * entry point as defined in the PSA driver interface specification for 149*62c56f98SSadaf Ebrahimi * transparent drivers. 150*62c56f98SSadaf Ebrahimi * 151*62c56f98SSadaf Ebrahimi * \param[in,out] operation The operation to abort. 152*62c56f98SSadaf Ebrahimi * 153*62c56f98SSadaf Ebrahimi * \retval #PSA_SUCCESS 154*62c56f98SSadaf Ebrahimi * Success. 155*62c56f98SSadaf Ebrahimi * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription 156*62c56f98SSadaf Ebrahimi */ 157*62c56f98SSadaf Ebrahimi psa_status_t mbedtls_psa_pake_abort(mbedtls_psa_pake_operation_t *operation); 158*62c56f98SSadaf Ebrahimi 159*62c56f98SSadaf Ebrahimi #endif /* PSA_CRYPTO_PAKE_H */ 160