/* * PSA MAC layer on top of Mbed TLS software crypto */ /* * Copyright The Mbed TLS Contributors * SPDX-License-Identifier: Apache-2.0 * * Licensed under the Apache License, Version 2.0 (the "License"); you may * not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ #ifndef PSA_CRYPTO_MAC_H #define PSA_CRYPTO_MAC_H #include /** Internal API for starting an HMAC operation, using PSA hash primitives. * * \note This API is not meant for application use. Applications should always * use the top-level psa_mac_xxx APIs for doing HMAC operations. * * \param[in] hmac Context structure for this HMAC operation. Needs to have * been zero-initialized prior to calling this function. * \param[in] key Key to initialize the HMAC operation with. * \param key_length Length (in bytes) of key \p key. * \param hash_alg Hash algorithm to use for calculating the HMAC. * * \retval #PSA_SUCCESS * Success. * \return Any error code reported by psa_hash_compute(), psa_hash_setup() or * psa_hash_update(). */ psa_status_t psa_hmac_setup_internal( psa_hmac_internal_data *hmac, const uint8_t *key, size_t key_length, psa_algorithm_t hash_alg ); /** Internal API for adding data to an HMAC operation, using PSA hash primitives. * * \note This API is not meant for application use. Applications should always * use the top-level psa_mac_xxx APIs for doing HMAC operations. * * \param[in] hmac Context structure for this HMAC operation. Needs to have * been initialized with psa_hmac_setup_internal(). * \param[in] data Buffer containing the data to add to the current HMAC * calculation. * \param data_length Length (in bytes) of the input buffer \p data. * * \retval #PSA_SUCCESS * Success. * \return Any error code reported by psa_hash_update(). */ psa_status_t psa_hmac_update_internal( psa_hmac_internal_data *hmac, const uint8_t *data, size_t data_length ); /** Internal API for finalizing an HMAC operation, using PSA hash primitives. * * \note This API is not meant for application use. Applications should always * use the top-level psa_mac_xxx APIs for doing HMAC operations. * * \param[in] hmac Context structure for this HMAC operation. Needs to have * been initialized with psa_hmac_setup_internal(). * \param[out] mac Buffer to output the calculated HMAC into. * \param mac_size Size (in bytes) of the output buffer \p mac. * * \retval #PSA_SUCCESS * Success. * \return Any error code reported by psa_hash_setup(), psa_hash_update() or * psa_hash_finish(). */ psa_status_t psa_hmac_finish_internal( psa_hmac_internal_data *hmac, uint8_t *mac, size_t mac_size ); /** Internal API for cloning an HMAC operation, using PSA hash primitives. * * \note This API is not meant for application use. Applications should always * use the top-level psa_mac_xxx APIs for doing HMAC operations. * * \param[in] source Context structure to clone from. Needs to have been * initialized with psa_hmac_setup_internal(). * \param[out] destination Context structure to clone to. Needs to have been * zero-initialized. * * \retval #PSA_SUCCESS * Success. * \return Any error code reported by psa_hash_clone(). */ psa_status_t psa_hmac_clone_internal( const psa_hmac_internal_data *source, psa_hmac_internal_data *destination ); /** Internal API for aborting an HMAC operation, using PSA hash primitives. * * \note This API is not meant for application use. Applications should always * use the top-level psa_mac_xxx APIs for doing HMAC operations. * * \param[in] hmac Context structure for the HMAC operation to abort. * * \retval #PSA_SUCCESS * Success. * \return Any error code reported by psa_hash_abort(). */ psa_status_t psa_hmac_abort_internal( psa_hmac_internal_data *hmac ); /** Calculate the MAC (message authentication code) of a message using Mbed TLS. * * \note The signature of this function is that of a PSA driver mac_compute * entry point. This function behaves as a mac_compute entry point as * defined in the PSA driver interface specification for transparent * drivers. * * \param[in] attributes The attributes of the key to use for the * operation. * \param[in] key_buffer The buffer containing the key to use for * computing the MAC. This buffer contains the key * in export representation as defined by * psa_export_key() (i.e. the raw key bytes). * \param key_buffer_size Size of the \p key_buffer buffer in bytes. * \param alg The MAC algorithm to use (\c PSA_ALG_XXX value * such that #PSA_ALG_IS_MAC(\p alg) is true). * \param[in] input Buffer containing the input message. * \param input_length Size of the \p input buffer in bytes. * \param[out] mac Buffer where the MAC value is to be written. * \param mac_size Size of the \p mac buffer in bytes. * \param[out] mac_length On success, the number of bytes * that make up the MAC value. * * \retval #PSA_SUCCESS * Success. * \retval #PSA_ERROR_INVALID_ARGUMENT * The key is not compatible with \p alg. * \retval #PSA_ERROR_NOT_SUPPORTED * \p alg is not supported. * \retval #PSA_ERROR_BUFFER_TOO_SMALL * \p mac_size is too small * \retval #PSA_ERROR_INSUFFICIENT_MEMORY * \retval #PSA_ERROR_CORRUPTION_DETECTED */ psa_status_t mbedtls_psa_mac_compute( const psa_key_attributes_t *attributes, const uint8_t *key_buffer, size_t key_buffer_size, psa_algorithm_t alg, const uint8_t *input, size_t input_length, uint8_t *mac, size_t mac_size, size_t *mac_length); /** Set up a multipart MAC calculation operation using Mbed TLS. * * \note The signature of this function is that of a PSA driver mac_sign_setup * entry point. This function behaves as a mac_sign_setup entry point as * defined in the PSA driver interface specification for transparent * drivers. * * \param[in,out] operation The operation object to set up. It must have * been initialized and not yet in use. * \param[in] attributes The attributes of the key to use for the * operation. * \param[in] key_buffer The buffer containing the key to use for * computing the MAC. This buffer contains the key * in export representation as defined by * psa_export_key() (i.e. the raw key bytes). * \param key_buffer_size Size of the \p key_buffer buffer in bytes. * \param alg The MAC algorithm to use (\c PSA_ALG_XXX value * such that #PSA_ALG_IS_MAC(\p alg) is true). * * \retval #PSA_SUCCESS * Success. * \retval #PSA_ERROR_INVALID_ARGUMENT * The key is not compatible with \p alg. * \retval #PSA_ERROR_NOT_SUPPORTED * \p alg is not supported. * \retval #PSA_ERROR_INSUFFICIENT_MEMORY * \retval #PSA_ERROR_CORRUPTION_DETECTED * \retval #PSA_ERROR_BAD_STATE * The operation state is not valid (it must be inactive). */ psa_status_t mbedtls_psa_mac_sign_setup( mbedtls_psa_mac_operation_t *operation, const psa_key_attributes_t *attributes, const uint8_t *key_buffer, size_t key_buffer_size, psa_algorithm_t alg); /** Set up a multipart MAC verification operation using Mbed TLS. * * \note The signature of this function is that of a PSA driver mac_verify_setup * entry point. This function behaves as a mac_verify_setup entry point as * defined in the PSA driver interface specification for transparent * drivers. * * \param[in,out] operation The operation object to set up. It must have * been initialized and not yet in use. * \param[in] attributes The attributes of the key to use for the * operation. * \param[in] key_buffer The buffer containing the key to use for * computing the MAC. This buffer contains the key * in export representation as defined by * psa_export_key() (i.e. the raw key bytes). * \param key_buffer_size Size of the \p key_buffer buffer in bytes. * \param alg The MAC algorithm to use (\c PSA_ALG_XXX value * such that #PSA_ALG_IS_MAC(\p alg) is true). * * \retval #PSA_SUCCESS * Success. * \retval #PSA_ERROR_INVALID_ARGUMENT * The key is not compatible with \p alg. * \retval #PSA_ERROR_NOT_SUPPORTED * \p alg is not supported. * \retval #PSA_ERROR_INSUFFICIENT_MEMORY * \retval #PSA_ERROR_CORRUPTION_DETECTED * \retval #PSA_ERROR_BAD_STATE * The operation state is not valid (it must be inactive). */ psa_status_t mbedtls_psa_mac_verify_setup( mbedtls_psa_mac_operation_t *operation, const psa_key_attributes_t *attributes, const uint8_t *key_buffer, size_t key_buffer_size, psa_algorithm_t alg); /** Add a message fragment to a multipart MAC operation using Mbed TLS. * * \note The signature of this function is that of a PSA driver mac_update * entry point. This function behaves as a mac_update entry point as * defined in the PSA driver interface specification for transparent * drivers. * * The core must call mbedtls_psa_mac_sign_setup() or * mbedtls_psa_mac_verify_setup() before calling this function. * * If this function returns an error status, the operation enters an error * state and must be aborted by calling psa_mac_abort(). * * \param[in,out] operation Active MAC operation. * \param[in] input Buffer containing the message fragment to add to * the MAC calculation. * \param input_length Size of the \p input buffer in bytes. * * \retval #PSA_SUCCESS * Success. * \retval #PSA_ERROR_BAD_STATE * The operation state is not valid (it must be active). * \retval #PSA_ERROR_INSUFFICIENT_MEMORY * \retval #PSA_ERROR_CORRUPTION_DETECTED */ psa_status_t mbedtls_psa_mac_update( mbedtls_psa_mac_operation_t *operation, const uint8_t *input, size_t input_length ); /** Finish the calculation of the MAC of a message using Mbed TLS. * * \note The signature of this function is that of a PSA driver mac_sign_finish * entry point. This function behaves as a mac_sign_finish entry point as * defined in the PSA driver interface specification for transparent * drivers. * * The core must call mbedtls_psa_mac_sign_setup() before calling this function. * This function calculates the MAC of the message formed by concatenating * the inputs passed to preceding calls to mbedtls_psa_mac_update(). * * When this function returns successfully, the operation becomes inactive. * If this function returns an error status, the operation enters an error * state and must be aborted by calling mbedtls_psa_mac_abort(). * * \param[in,out] operation Active MAC operation. * \param[out] mac Buffer where the MAC value is to be written. * \param mac_size Size of the \p mac buffer in bytes. * \param[out] mac_length On success, the number of bytes * that make up the MAC value. This is always * #PSA_MAC_LENGTH(\c key_type, \c key_bits, \c alg) * where \c key_type and \c key_bits are the type and * bit-size respectively of the key and \c alg is the * MAC algorithm that is calculated. * * \retval #PSA_SUCCESS * Success. * \retval #PSA_ERROR_BAD_STATE * The operation state is not valid (it must be an active mac sign * operation). * \retval #PSA_ERROR_BUFFER_TOO_SMALL * The size of the \p mac buffer is too small. A sufficient buffer size * can be determined by calling PSA_MAC_LENGTH(). * \retval #PSA_ERROR_INSUFFICIENT_MEMORY * \retval #PSA_ERROR_CORRUPTION_DETECTED */ psa_status_t mbedtls_psa_mac_sign_finish( mbedtls_psa_mac_operation_t *operation, uint8_t *mac, size_t mac_size, size_t *mac_length ); /** Finish the calculation of the MAC of a message and compare it with * an expected value using Mbed TLS. * * \note The signature of this function is that of a PSA driver * mac_verify_finish entry point. This function behaves as a * mac_verify_finish entry point as defined in the PSA driver interface * specification for transparent drivers. * * The core must call mbedtls_psa_mac_verify_setup() before calling this * function. This function calculates the MAC of the message formed by * concatenating the inputs passed to preceding calls to * mbedtls_psa_mac_update(). It then compares the calculated MAC with the * expected MAC passed as a parameter to this function. * * When this function returns successfully, the operation becomes inactive. * If this function returns an error status, the operation enters an error * state and must be aborted by calling mbedtls_psa_mac_abort(). * * \param[in,out] operation Active MAC operation. * \param[in] mac Buffer containing the expected MAC value. * \param mac_length Size of the \p mac buffer in bytes. * * \retval #PSA_SUCCESS * The expected MAC is identical to the actual MAC of the message. * \retval #PSA_ERROR_INVALID_SIGNATURE * The MAC of the message was calculated successfully, but it * differs from the expected MAC. * \retval #PSA_ERROR_BAD_STATE * The operation state is not valid (it must be an active mac verify * operation). * \retval #PSA_ERROR_INSUFFICIENT_MEMORY * \retval #PSA_ERROR_CORRUPTION_DETECTED */ psa_status_t mbedtls_psa_mac_verify_finish( mbedtls_psa_mac_operation_t *operation, const uint8_t *mac, size_t mac_length ); /** Abort a MAC operation using Mbed TLS. * * Aborting an operation frees all associated resources except for the * \p operation structure itself. Once aborted, the operation object * can be reused for another operation by calling * mbedtls_psa_mac_sign_setup() or mbedtls_psa_mac_verify_setup() again. * * The core may call this function any time after the operation object has * been initialized by one of the methods described in * #mbedtls_psa_mac_operation_t. * * In particular, calling mbedtls_psa_mac_abort() after the operation has been * terminated by a call to mbedtls_psa_mac_abort(), * mbedtls_psa_mac_sign_finish() or mbedtls_psa_mac_verify_finish() is safe and * has no effect. * * \param[in,out] operation Initialized MAC operation. * * \retval #PSA_SUCCESS * \retval #PSA_ERROR_CORRUPTION_DETECTED */ psa_status_t mbedtls_psa_mac_abort( mbedtls_psa_mac_operation_t *operation ); /* * BEYOND THIS POINT, TEST DRIVER ENTRY POINTS ONLY. */ #if defined(PSA_CRYPTO_DRIVER_TEST) psa_status_t mbedtls_transparent_test_driver_mac_compute( const psa_key_attributes_t *attributes, const uint8_t *key_buffer, size_t key_buffer_size, psa_algorithm_t alg, const uint8_t *input, size_t input_length, uint8_t *mac, size_t mac_size, size_t *mac_length ); psa_status_t mbedtls_transparent_test_driver_mac_sign_setup( mbedtls_transparent_test_driver_mac_operation_t *operation, const psa_key_attributes_t *attributes, const uint8_t *key_buffer, size_t key_buffer_size, psa_algorithm_t alg ); psa_status_t mbedtls_transparent_test_driver_mac_verify_setup( mbedtls_transparent_test_driver_mac_operation_t *operation, const psa_key_attributes_t *attributes, const uint8_t *key_buffer, size_t key_buffer_size, psa_algorithm_t alg ); psa_status_t mbedtls_transparent_test_driver_mac_update( mbedtls_transparent_test_driver_mac_operation_t *operation, const uint8_t *input, size_t input_length ); psa_status_t mbedtls_transparent_test_driver_mac_sign_finish( mbedtls_transparent_test_driver_mac_operation_t *operation, uint8_t *mac, size_t mac_size, size_t *mac_length ); psa_status_t mbedtls_transparent_test_driver_mac_verify_finish( mbedtls_transparent_test_driver_mac_operation_t *operation, const uint8_t *mac, size_t mac_length ); psa_status_t mbedtls_transparent_test_driver_mac_abort( mbedtls_transparent_test_driver_mac_operation_t *operation ); psa_status_t mbedtls_opaque_test_driver_mac_compute( const psa_key_attributes_t *attributes, const uint8_t *key_buffer, size_t key_buffer_size, psa_algorithm_t alg, const uint8_t *input, size_t input_length, uint8_t *mac, size_t mac_size, size_t *mac_length ); psa_status_t mbedtls_opaque_test_driver_mac_sign_setup( mbedtls_opaque_test_driver_mac_operation_t *operation, const psa_key_attributes_t *attributes, const uint8_t *key_buffer, size_t key_buffer_size, psa_algorithm_t alg ); psa_status_t mbedtls_opaque_test_driver_mac_verify_setup( mbedtls_opaque_test_driver_mac_operation_t *operation, const psa_key_attributes_t *attributes, const uint8_t *key_buffer, size_t key_buffer_size, psa_algorithm_t alg ); psa_status_t mbedtls_opaque_test_driver_mac_update( mbedtls_opaque_test_driver_mac_operation_t *operation, const uint8_t *input, size_t input_length ); psa_status_t mbedtls_opaque_test_driver_mac_sign_finish( mbedtls_opaque_test_driver_mac_operation_t *operation, uint8_t *mac, size_t mac_size, size_t *mac_length ); psa_status_t mbedtls_opaque_test_driver_mac_verify_finish( mbedtls_opaque_test_driver_mac_operation_t *operation, const uint8_t *mac, size_t mac_length ); psa_status_t mbedtls_opaque_test_driver_mac_abort( mbedtls_opaque_test_driver_mac_operation_t *operation ); #endif /* PSA_CRYPTO_DRIVER_TEST */ #endif /* PSA_CRYPTO_MAC_H */