diff --git a/include/psa/crypto_struct.h b/include/psa/crypto_struct.h index 74e1146b2..f554b6eab 100644 --- a/include/psa/crypto_struct.h +++ b/include/psa/crypto_struct.h @@ -45,6 +45,14 @@ #include "mbedtls/sha256.h" #include "mbedtls/sha512.h" +#if defined(MBEDTLS_SHA512_C) +#define PSA_CRYPTO_MD_MAX_SIZE 64 +#define PSA_CRYPTO_MD_BLOCK_SIZE 128 +#else +#define PSA_CRYPTO_MD_MAX_SIZE 32 +#define PSA_CRYPTO_MD_BLOCK_SIZE 64 +#endif + struct psa_hash_operation_s { psa_algorithm_t alg; @@ -75,6 +83,15 @@ struct psa_hash_operation_s } ctx; }; + +typedef struct { + /** The hash context. */ + struct psa_hash_operation_s hash_ctx; + /** The HMAC part of the context. */ + uint8_t opad[PSA_CRYPTO_MD_BLOCK_SIZE]; +} psa_hmac_internal_data; + + struct psa_mac_operation_s { psa_algorithm_t alg; @@ -89,7 +106,7 @@ struct psa_mac_operation_s { unsigned dummy; /* Make the union non-empty even with no supported algorithms. */ #if defined(MBEDTLS_MD_C) - mbedtls_md_context_t hmac; + psa_hmac_internal_data hmac; #endif #if defined(MBEDTLS_CMAC_C) mbedtls_cipher_context_t cmac; diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 18cd44ce3..4a256988b 100755 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -924,6 +924,7 @@ static const mbedtls_cipher_info_t *mbedtls_cipher_info_from_psa( { alg &= ~PSA_ALG_BLOCK_CIPHER_PADDING_MASK; } + switch( alg ) { case PSA_ALG_STREAM_CIPHER: @@ -984,6 +985,33 @@ static const mbedtls_cipher_info_t *mbedtls_cipher_info_from_psa( return( mbedtls_cipher_info_from_values( cipher_id_tmp, key_bits, mode ) ); } +static size_t psa_get_hash_block_size( psa_algorithm_t alg ) +{ + switch(alg) + { + case PSA_ALG_MD2: + return( 16 ); + case PSA_ALG_MD4: + return( 64 ); + case PSA_ALG_MD5: + return( 64 ); + case PSA_ALG_RIPEMD160: + return( 64 ); + case PSA_ALG_SHA_1: + return( 64 ); + case PSA_ALG_SHA_224: + return( 64 ); + case PSA_ALG_SHA_256: + return( 64 ); + case PSA_ALG_SHA_384: + return( 128 ); + case PSA_ALG_SHA_512: + return ( 128 ); + default: + return ( 0 ); + } +} + psa_status_t psa_mac_abort( psa_mac_operation_t *operation ) { switch( operation->alg ) @@ -996,7 +1024,17 @@ psa_status_t psa_mac_abort( psa_mac_operation_t *operation ) default: #if defined(MBEDTLS_MD_C) if( PSA_ALG_IS_HMAC( operation->alg ) ) - mbedtls_md_free( &operation->ctx.hmac ); + { + unsigned int block_size = + psa_get_hash_block_size( ( PSA_ALG_HMAC_HASH( operation->alg ) ) ); + + if( block_size == 0 ) + return( PSA_ERROR_NOT_SUPPORTED ); + + psa_hash_abort( &operation->ctx.hmac.hash_ctx ); + mbedtls_zeroize( operation->ctx.hmac.opad, + block_size); + } else #endif /* MBEDTLS_MD_C */ return( PSA_ERROR_NOT_SUPPORTED ); @@ -1011,27 +1049,124 @@ psa_status_t psa_mac_abort( psa_mac_operation_t *operation ) return( PSA_SUCCESS ); } +static int psa_cmac_start( psa_mac_operation_t *operation, + size_t key_bits, + key_slot_t *slot, + const mbedtls_cipher_info_t *cipher_info ) +{ + int ret; + + operation->mac_size = cipher_info->block_size; + operation->iv_required = 0; + mbedtls_cipher_init( &operation->ctx.cmac ); + + ret = mbedtls_cipher_setup( &operation->ctx.cmac, cipher_info ); + if( ret != 0 ) + return( ret ); + + ret = mbedtls_cipher_cmac_starts( &operation->ctx.cmac, + slot->data.raw.data, + key_bits ); + return( ret ); +} + +static int psa_hmac_start( psa_mac_operation_t *operation, + psa_key_type_t key_type, + key_slot_t *slot, + psa_algorithm_t alg ) +{ + unsigned char ipad[PSA_CRYPTO_MD_BLOCK_SIZE]; + unsigned char *opad = operation->ctx.hmac.opad; + size_t i; + size_t block_size = + psa_get_hash_block_size( ( PSA_ALG_HMAC_HASH( alg ) ) ); + unsigned int digest_size = + PSA_HASH_SIZE( ( PSA_ALG_HMAC_HASH( alg ) ) ); + size_t key_length = slot->data.raw.bytes; + psa_status_t status; + + if( ( block_size == 0 ) || ( digest_size == 0 ) ) + return( PSA_ERROR_NOT_SUPPORTED ); + + if( key_type != PSA_KEY_TYPE_HMAC ) + return( PSA_ERROR_INVALID_ARGUMENT ); + + operation->iv_required = 0; + operation->mac_size = digest_size; + + status = psa_hash_start( &operation->ctx.hmac.hash_ctx, + PSA_ALG_HMAC_HASH( alg ) ); + if( status != PSA_SUCCESS ) + return( status ); + + if( key_length > block_size ) + { + status = psa_hash_update( &operation->ctx.hmac.hash_ctx, + slot->data.raw.data, slot->data.raw.bytes ); + if( status != PSA_SUCCESS ) + return( status ); + status = psa_hash_finish( &operation->ctx.hmac.hash_ctx, + ipad, sizeof( ipad ), &key_length ); + if( status != PSA_SUCCESS ) + return( status ); + } + else + memcpy( ipad, slot->data.raw.data, slot->data.raw.bytes ); + + /* ipad contains the key followed by garbage. Xor and fill with 0x36 + * to create the ipad value. */ + for( i = 0; i < key_length; i++ ) + ipad[i] ^= 0x36; + memset( ipad + key_length, 0x36, block_size - key_length ); + + /* Copy the key material from ipad to opad, flipping the requisite bits, + * and filling the rest of opad with the requisite constant. */ + for( i = 0; i < key_length; i++ ) + opad[i] = ipad[i] ^ 0x36 ^ 0x5C; + memset( opad + key_length, 0x5C, block_size - key_length ); + + status = psa_hash_start( &operation->ctx.hmac.hash_ctx, + PSA_ALG_HMAC_HASH( alg ) ); + if( status != PSA_SUCCESS ) + goto cleanup; + + status = psa_hash_update( &operation->ctx.hmac.hash_ctx, ipad, + block_size ); + +cleanup: + mbedtls_zeroize( ipad, key_length ); + /* opad is in the context. It needs to stay in memory if this function + * succeeds, and it will be wiped by psa_mac_abort() called from + * psa_mac_start in the error case. */ + + return( status ); +} + psa_status_t psa_mac_start( psa_mac_operation_t *operation, psa_key_slot_t key, psa_algorithm_t alg ) { - int ret = MBEDTLS_ERR_MD_FEATURE_UNAVAILABLE; psa_status_t status; key_slot_t *slot; psa_key_type_t key_type; size_t key_bits; - const mbedtls_cipher_info_t *cipher_info = NULL; + const mbedtls_cipher_info_t *cipher_info; operation->alg = 0; operation->key_set = 0; operation->iv_set = 0; operation->iv_required = 1; operation->has_input = 0; + operation->key_usage_sign = 0; + operation->key_usage_verify = 0; status = psa_get_key_information( key, &key_type, &key_bits ); if( status != PSA_SUCCESS ) return( status ); + slot = &global_data.key_slots[key]; + if( slot->type == PSA_KEY_TYPE_NONE ) + return( PSA_ERROR_EMPTY_SLOT ); if( ( slot->policy.usage & PSA_KEY_USAGE_SIGN ) != 0 ) operation->key_usage_sign = 1; @@ -1050,60 +1185,43 @@ psa_status_t psa_mac_start( psa_mac_operation_t *operation, { #if defined(MBEDTLS_CMAC_C) case PSA_ALG_CMAC: - operation->iv_required = 0; - mbedtls_cipher_init( &operation->ctx.cmac ); - ret = mbedtls_cipher_setup( &operation->ctx.cmac, cipher_info ); - if( ret != 0 ) - break; - ret = mbedtls_cipher_cmac_starts( &operation->ctx.cmac, - slot->data.raw.data, - key_bits ); + status = mbedtls_to_psa_error( psa_cmac_start( operation, + key_bits, + slot, + cipher_info ) ); break; #endif /* MBEDTLS_CMAC_C */ default: #if defined(MBEDTLS_MD_C) if( PSA_ALG_IS_HMAC( alg ) ) - { - const mbedtls_md_info_t *md_info = - mbedtls_md_info_from_psa( PSA_ALG_HMAC_HASH( alg ) ); - if( md_info == NULL ) - return( PSA_ERROR_NOT_SUPPORTED ); - if( key_type != PSA_KEY_TYPE_HMAC ) - return( PSA_ERROR_INVALID_ARGUMENT ); - operation->iv_required = 0; - operation->mac_size = mbedtls_md_get_size( md_info ); - mbedtls_md_init( &operation->ctx.hmac ); - ret = mbedtls_md_setup( &operation->ctx.hmac, md_info, 1 ); - if( ret != 0 ) - break; - ret = mbedtls_md_hmac_starts( &operation->ctx.hmac, - slot->data.raw.data, - slot->data.raw.bytes ); - break; - } + status = psa_hmac_start( operation, key_type, slot, alg ); else #endif /* MBEDTLS_MD_C */ return( PSA_ERROR_NOT_SUPPORTED ); } /* If we reach this point, then the algorithm-specific part of the - * context has at least been initialized, and may contain data that - * needs to be wiped on error. */ - operation->alg = alg; - if( ret != 0 ) + + * context may contain data that needs to be wiped on error. */ + if( status != PSA_SUCCESS ) { psa_mac_abort( operation ); - return( mbedtls_to_psa_error( ret ) ); } - operation->key_set = 1; - return( PSA_SUCCESS ); + + else + { + operation->alg = alg; + operation->key_set = 1; + } + return( status ); } psa_status_t psa_mac_update( psa_mac_operation_t *operation, const uint8_t *input, size_t input_length ) { - int ret; + int ret = 0 ; + psa_status_t status = PSA_SUCCESS; if( ! operation->key_set ) return( PSA_ERROR_BAD_STATE ); if( operation->iv_required && ! operation->iv_set ) @@ -1122,8 +1240,8 @@ psa_status_t psa_mac_update( psa_mac_operation_t *operation, #if defined(MBEDTLS_MD_C) if( PSA_ALG_IS_HMAC( operation->alg ) ) { - ret = mbedtls_md_hmac_update( &operation->ctx.hmac, - input, input_length ); + status = psa_hash_update( &operation->ctx.hmac.hash_ctx, input, + input_length ); } else #endif /* MBEDTLS_MD_C */ @@ -1132,9 +1250,14 @@ psa_status_t psa_mac_update( psa_mac_operation_t *operation, } break; } - if( ret != 0 ) + if ( ( ret != 0 ) || ( status != PSA_SUCCESS ) ) + { psa_mac_abort( operation ); - return( mbedtls_to_psa_error( ret ) ); + if ( ret != 0 ) + status = mbedtls_to_psa_error( ret ); + } + + return status; } static psa_status_t psa_mac_finish_internal( psa_mac_operation_t *operation, @@ -1142,7 +1265,8 @@ static psa_status_t psa_mac_finish_internal( psa_mac_operation_t *operation, size_t mac_size, size_t *mac_length ) { - int ret; + int ret = 0; + psa_status_t status = PSA_SUCCESS; if( ! operation->key_set ) return( PSA_ERROR_BAD_STATE ); if( operation->iv_required && ! operation->iv_set ) @@ -1168,7 +1292,40 @@ static psa_status_t psa_mac_finish_internal( psa_mac_operation_t *operation, #if defined(MBEDTLS_MD_C) if( PSA_ALG_IS_HMAC( operation->alg ) ) { - ret = mbedtls_md_hmac_finish( &operation->ctx.hmac, mac ); + unsigned char tmp[MBEDTLS_MD_MAX_SIZE]; + unsigned char *opad = operation->ctx.hmac.opad; + size_t hash_size = 0; + size_t block_size = + psa_get_hash_block_size( ( PSA_ALG_HMAC_HASH( operation->alg ) ) ); + + if( block_size == 0 ) + return( PSA_ERROR_NOT_SUPPORTED ); + + status = psa_hash_finish( &operation->ctx.hmac.hash_ctx, tmp, + sizeof( tmp ), &hash_size ); + if( status != PSA_SUCCESS ) + goto cleanup; + /* From here on, tmp needs to be wiped. */ + + status = psa_hash_start( &operation->ctx.hmac.hash_ctx, + PSA_ALG_HMAC_HASH( operation->alg ) ); + if( status != PSA_SUCCESS ) + goto hmac_cleanup; + + status = psa_hash_update( &operation->ctx.hmac.hash_ctx, opad, + block_size ); + if( status != PSA_SUCCESS ) + goto hmac_cleanup; + + status = psa_hash_update( &operation->ctx.hmac.hash_ctx, tmp, + hash_size); + if( status != PSA_SUCCESS ) + goto hmac_cleanup; + + status = psa_hash_finish( &operation->ctx.hmac.hash_ctx, mac, + mac_size, mac_length ); + hmac_cleanup: + mbedtls_zeroize( tmp, hash_size ); } else #endif /* MBEDTLS_MD_C */ @@ -1177,15 +1334,19 @@ static psa_status_t psa_mac_finish_internal( psa_mac_operation_t *operation, } break; } +cleanup: - if( ret == 0 ) + if( ( ret == 0 ) && (status == PSA_SUCCESS) ) { return( psa_mac_abort( operation ) ); } else { psa_mac_abort( operation ); - return( mbedtls_to_psa_error( ret ) ); + if( ret != 0 ) + status = mbedtls_to_psa_error(ret); + + return status; } } @@ -1197,7 +1358,8 @@ psa_status_t psa_mac_finish( psa_mac_operation_t *operation, if( !( operation->key_usage_sign ) ) return( PSA_ERROR_NOT_PERMITTED ); - return( psa_mac_finish_internal(operation, mac, mac_size, mac_length ) ); + return( psa_mac_finish_internal( operation, mac, + mac_size, mac_length ) ); } #define MBEDTLS_PSA_MAC_MAX_SIZE \ diff --git a/tests/suites/test_suite_psa_crypto.data b/tests/suites/test_suite_psa_crypto.data index f1fb30f50..41a597de6 100644 --- a/tests/suites/test_suite_psa_crypto.data +++ b/tests/suites/test_suite_psa_crypto.data @@ -65,6 +65,102 @@ PSA MAC verify: HMAC-SHA-256 depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C mac_verify:PSA_KEY_TYPE_HMAC:"000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f":PSA_ALG_HMAC(PSA_ALG_SHA_256):"":"53616d706c65206d65737361676520666f72206b65796c656e3d626c6f636b6c656e":"8bb9a1db9806f20df7f77b82138c7914d174d59e13dc4d0169c9057b133e1d62" +PSA MAC verify: RFC4231 Test case 1 - HMAC-SHA-224 +depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C +mac_verify:PSA_KEY_TYPE_HMAC:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_ALG_HMAC(PSA_ALG_SHA_224):"":"4869205468657265":"896fb1128abbdf196832107cd49df33f47b4b1169912ba4f53684b22" + +PSA MAC verify: RFC4231 Test case 1 - HMAC-SHA-256 +depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C +mac_verify:PSA_KEY_TYPE_HMAC:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_ALG_HMAC(PSA_ALG_SHA_256):"":"4869205468657265":"b0344c61d8db38535ca8afceaf0bf12b881dc200c9833da726e9376c2e32cff7" + +PSA MAC verify: RFC4231 Test case 1 - HMAC-SHA-384 +depends_on:MBEDTLS_MD_C:MBEDTLS_SHA512_C +mac_verify:PSA_KEY_TYPE_HMAC:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_ALG_HMAC(PSA_ALG_SHA_384):"":"4869205468657265":"afd03944d84895626b0825f4ab46907f15f9dadbe4101ec682aa034c7cebc59cfaea9ea9076ede7f4af152e8b2fa9cb6" + +PSA MAC verify: RFC4231 Test case 1 - HMAC-SHA-512 +depends_on:MBEDTLS_MD_C:MBEDTLS_SHA512_C +mac_verify:PSA_KEY_TYPE_HMAC:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_ALG_HMAC(PSA_ALG_SHA_512):"":"4869205468657265":"87aa7cdea5ef619d4ff0b4241a1d6cb02379f4e2ce4ec2787ad0b30545e17cdedaa833b7d6b8a702038b274eaea3f4e4be9d914eeb61f1702e696c203a126854" + +PSA MAC verify: RFC4231 Test case 2 - HMAC-SHA-224 +depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C +mac_verify:PSA_KEY_TYPE_HMAC:"4a656665":PSA_ALG_HMAC(PSA_ALG_SHA_224):"":"7768617420646f2079612077616e7420666f72206e6f7468696e673f":"a30e01098bc6dbbf45690f3a7e9e6d0f8bbea2a39e6148008fd05e44" + +PSA MAC verify: RFC4231 Test case 2 - HMAC-SHA-256 +depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C +mac_verify:PSA_KEY_TYPE_HMAC:"4a656665":PSA_ALG_HMAC(PSA_ALG_SHA_256):"":"7768617420646f2079612077616e7420666f72206e6f7468696e673f":"5bdcc146bf60754e6a042426089575c75a003f089d2739839dec58b964ec3843" + +PSA MAC verify: RFC4231 Test case 2 - HMAC-SHA-384 +depends_on:MBEDTLS_MD_C:MBEDTLS_SHA512_C +mac_verify:PSA_KEY_TYPE_HMAC:"4a656665":PSA_ALG_HMAC(PSA_ALG_SHA_384):"":"7768617420646f2079612077616e7420666f72206e6f7468696e673f":"af45d2e376484031617f78d2b58a6b1b9c7ef464f5a01b47e42ec3736322445e8e2240ca5e69e2c78b3239ecfab21649" + +PSA MAC verify: RFC4231 Test case 2 - HMAC-SHA-512 +depends_on:MBEDTLS_MD_C:MBEDTLS_SHA512_C +mac_verify:PSA_KEY_TYPE_HMAC:"4a656665":PSA_ALG_HMAC(PSA_ALG_SHA_512):"":"7768617420646f2079612077616e7420666f72206e6f7468696e673f":"164b7a7bfcf819e2e395fbe73b56e0a387bd64222e831fd610270cd7ea2505549758bf75c05a994a6d034f65f8f0e6fdcaeab1a34d4a6b4b636e070a38bce737" + +PSA MAC verify: RFC4231 Test case 3 - HMAC-SHA-224 +depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C +mac_verify:PSA_KEY_TYPE_HMAC:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_ALG_HMAC(PSA_ALG_SHA_224):"":"dddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddd":"7fb3cb3588c6c1f6ffa9694d7d6ad2649365b0c1f65d69d1ec8333ea" + +PSA MAC verify: RFC4231 Test case 3 - HMAC-SHA-256 +depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C +mac_verify:PSA_KEY_TYPE_HMAC:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_ALG_HMAC(PSA_ALG_SHA_256):"":"dddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddd":"773ea91e36800e46854db8ebd09181a72959098b3ef8c122d9635514ced565fe" + +PSA MAC verify: RFC4231 Test case 3 - HMAC-SHA-384 +depends_on:MBEDTLS_MD_C:MBEDTLS_SHA512_C +mac_verify:PSA_KEY_TYPE_HMAC:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_ALG_HMAC(PSA_ALG_SHA_384):"":"dddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddd":"88062608d3e6ad8a0aa2ace014c8a86f0aa635d947ac9febe83ef4e55966144b2a5ab39dc13814b94e3ab6e101a34f27" + +PSA MAC verify: RFC4231 Test case 3 - HMAC-SHA-512 +depends_on:MBEDTLS_MD_C:MBEDTLS_SHA512_C +mac_verify:PSA_KEY_TYPE_HMAC:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_ALG_HMAC(PSA_ALG_SHA_512):"":"dddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddd":"fa73b0089d56a284efb0f0756c890be9b1b5dbdd8ee81a3655f83e33b2279d39bf3e848279a722c806b485a47e67c807b946a337bee8942674278859e13292fb" + +PSA MAC verify: RFC4231 Test case 4 - HMAC-SHA-224 +depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C +mac_verify:PSA_KEY_TYPE_HMAC:"0102030405060708090a0b0c0d0e0f10111213141516171819":PSA_ALG_HMAC(PSA_ALG_SHA_224):"":"cdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcd":"6c11506874013cac6a2abc1bb382627cec6a90d86efc012de7afec5a" + +PSA MAC verify: RFC4231 Test case 4 - HMAC-SHA-256 +depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C +mac_verify:PSA_KEY_TYPE_HMAC:"0102030405060708090a0b0c0d0e0f10111213141516171819":PSA_ALG_HMAC(PSA_ALG_SHA_256):"":"cdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcd":"82558a389a443c0ea4cc819899f2083a85f0faa3e578f8077a2e3ff46729665b" + +PSA MAC verify: RFC4231 Test case 4 - HMAC-SHA-384 +depends_on:MBEDTLS_MD_C:MBEDTLS_SHA512_C +mac_verify:PSA_KEY_TYPE_HMAC:"0102030405060708090a0b0c0d0e0f10111213141516171819":PSA_ALG_HMAC(PSA_ALG_SHA_384):"":"cdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcd":"3e8a69b7783c25851933ab6290af6ca77a9981480850009cc5577c6e1f573b4e6801dd23c4a7d679ccf8a386c674cffb" + +PSA MAC verify: RFC4231 Test case 4 - HMAC-SHA-512 +depends_on:MBEDTLS_MD_C:MBEDTLS_SHA512_C +mac_verify:PSA_KEY_TYPE_HMAC:"0102030405060708090a0b0c0d0e0f10111213141516171819":PSA_ALG_HMAC(PSA_ALG_SHA_512):"":"cdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcd":"b0ba465637458c6990e5a8c5f61d4af7e576d97ff94b872de76f8050361ee3dba91ca5c11aa25eb4d679275cc5788063a5f19741120c4f2de2adebeb10a298dd" + +PSA MAC verify: RFC4231 Test case 6 - HMAC-SHA-224 +depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C +mac_verify:PSA_KEY_TYPE_HMAC:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_ALG_HMAC(PSA_ALG_SHA_224):"":"54657374205573696e67204c6172676572205468616e20426c6f636b2d53697a65204b6579202d2048617368204b6579204669727374":"95e9a0db962095adaebe9b2d6f0dbce2d499f112f2d2b7273fa6870e" + +PSA MAC verify: RFC4231 Test case 6 - HMAC-SHA-256 +depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C +mac_verify:PSA_KEY_TYPE_HMAC:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_ALG_HMAC(PSA_ALG_SHA_256):"":"54657374205573696e67204c6172676572205468616e20426c6f636b2d53697a65204b6579202d2048617368204b6579204669727374":"60e431591ee0b67f0d8a26aacbf5b77f8e0bc6213728c5140546040f0ee37f54" + +PSA MAC verify: RFC4231 Test case 6 - HMAC-SHA-384 +depends_on:MBEDTLS_MD_C:MBEDTLS_SHA512_C +mac_verify:PSA_KEY_TYPE_HMAC:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_ALG_HMAC(PSA_ALG_SHA_384):"":"54657374205573696e67204c6172676572205468616e20426c6f636b2d53697a65204b6579202d2048617368204b6579204669727374":"4ece084485813e9088d2c63a041bc5b44f9ef1012a2b588f3cd11f05033ac4c60c2ef6ab4030fe8296248df163f44952" + +PSA MAC verify: RFC4231 Test case 6 - HMAC-SHA-512 +depends_on:MBEDTLS_MD_C:MBEDTLS_SHA512_C +mac_verify:PSA_KEY_TYPE_HMAC:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_ALG_HMAC(PSA_ALG_SHA_512):"":"54657374205573696e67204c6172676572205468616e20426c6f636b2d53697a65204b6579202d2048617368204b6579204669727374":"80b24263c7c1a3ebb71493c1dd7be8b49b46d1f41b4aeec1121b013783f8f3526b56d037e05f2598bd0fd2215d6a1e5295e64f73f63f0aec8b915a985d786598" + +PSA MAC verify: RFC4231 Test case 7 - HMAC-SHA-224 +depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C +mac_verify:PSA_KEY_TYPE_HMAC:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_ALG_HMAC(PSA_ALG_SHA_224):"":"5468697320697320612074657374207573696e672061206c6172676572207468616e20626c6f636b2d73697a65206b657920616e642061206c6172676572207468616e20626c6f636b2d73697a6520646174612e20546865206b6579206e6565647320746f20626520686173686564206265666f7265206265696e6720757365642062792074686520484d414320616c676f726974686d2e":"3a854166ac5d9f023f54d517d0b39dbd946770db9c2b95c9f6f565d1" + +PSA MAC verify: RFC4231 Test case 7 - HMAC-SHA-256 +depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C +mac_verify:PSA_KEY_TYPE_HMAC:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_ALG_HMAC(PSA_ALG_SHA_256):"":"5468697320697320612074657374207573696e672061206c6172676572207468616e20626c6f636b2d73697a65206b657920616e642061206c6172676572207468616e20626c6f636b2d73697a6520646174612e20546865206b6579206e6565647320746f20626520686173686564206265666f7265206265696e6720757365642062792074686520484d414320616c676f726974686d2e":"9b09ffa71b942fcb27635fbcd5b0e944bfdc63644f0713938a7f51535c3a35e2" + +PSA MAC verify: RFC4231 Test case 7 - HMAC-SHA-384 +depends_on:MBEDTLS_MD_C:MBEDTLS_SHA512_C +mac_verify:PSA_KEY_TYPE_HMAC:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_ALG_HMAC(PSA_ALG_SHA_384):"":"5468697320697320612074657374207573696e672061206c6172676572207468616e20626c6f636b2d73697a65206b657920616e642061206c6172676572207468616e20626c6f636b2d73697a6520646174612e20546865206b6579206e6565647320746f20626520686173686564206265666f7265206265696e6720757365642062792074686520484d414320616c676f726974686d2e":"6617178e941f020d351e2f254e8fd32c602420feb0b8fb9adccebb82461e99c5a678cc31e799176d3860e6110c46523e" + +PSA MAC verify: RFC4231 Test case 7 - HMAC-SHA-512 +depends_on:MBEDTLS_MD_C:MBEDTLS_SHA512_C +mac_verify:PSA_KEY_TYPE_HMAC:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_ALG_HMAC(PSA_ALG_SHA_512):"":"5468697320697320612074657374207573696e672061206c6172676572207468616e20626c6f636b2d73697a65206b657920616e642061206c6172676572207468616e20626c6f636b2d73697a6520646174612e20546865206b6579206e6565647320746f20626520686173686564206265666f7265206265696e6720757365642062792074686520484d414320616c676f726974686d2e":"e37b6a775dc87dbaa4dfa9f96e5e3ffddebd71f8867289865df5a32d20cdc944b6022cac3c4982b10d5eeb55c3e4de15134676fb6de0446065c97440fa8c6a58" + PSA MAC verify: CMAC-AES-128 depends_on:MBEDTLS_CMAC_C:MBEDTLS_AES_C mac_verify:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":PSA_ALG_CMAC:"":"6bc1bee22e409f96e93d7e117393172aae2d8a571e03ac9c9eb76fac45af8e5130c81c46a35ce411":"dfa66747de9ae63030ca32611497c827"