TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / b27e3506fe6c67f4b2d7dd15224e35c438aa43d4 / . / library / psa_crypto_mac.c
blob: ac026ff4c9765ba63d0ce505aa5221278cdca7e3 [file] [log] [blame]
Steven Cooreman896d51e2021-03-19 15:24:23 +0100[diff] [blame]1/*
2 * PSA MAC layer on top of Mbed TLS software crypto
3 */
4/*
5 * Copyright The Mbed TLS Contributors
6 * SPDX-License-Identifier: Apache-2.0
7 *
8 * Licensed under the Apache License, Version 2.0 (the "License"); you may
9 * not use this file except in compliance with the License.
10 * You may obtain a copy of the License at
11 *
12 * http://www.apache.org/licenses/LICENSE-2.0
13 *
14 * Unless required by applicable law or agreed to in writing, software
15 * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
16 * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
17 * See the License for the specific language governing permissions and
18 * limitations under the License.
19 */
20
21#include "common.h"
22
23#if defined(MBEDTLS_PSA_CRYPTO_C)
24
25#include <psa/crypto.h>
26#include "psa_crypto_core.h"
27#include "psa_crypto_mac.h"
Steven Cooreman32d56942021-03-19 17:39:17 +0100[diff] [blame]28#include <mbedtls/md.h>
Steven Cooreman896d51e2021-03-19 15:24:23 +0100[diff] [blame]29
30#include <mbedtls/error.h>
31#include <string.h>
32
33/* Use builtin defines specific to this compilation unit, since the test driver
34 * relies on the software driver. */
35#if( defined(MBEDTLS_PSA_BUILTIN_ALG_CMAC) || \
36 ( defined(PSA_CRYPTO_DRIVER_TEST) && defined(MBEDTLS_PSA_ACCEL_ALG_CMAC) ) )
37#define BUILTIN_ALG_CMAC 1
38#endif
39#if( defined(MBEDTLS_PSA_BUILTIN_ALG_HMAC) || \
40 ( defined(PSA_CRYPTO_DRIVER_TEST) && defined(MBEDTLS_PSA_ACCEL_ALG_HMAC) ) )
41#define BUILTIN_ALG_HMAC 1
42#endif
43
Steven Cooreman32d56942021-03-19 17:39:17 +0100[diff] [blame]44#if defined(MBEDTLS_PSA_BUILTIN_ALG_HMAC) || defined(PSA_CRYPTO_DRIVER_TEST)
45static size_t psa_get_hash_block_size( psa_algorithm_t alg )
46{
47 switch( alg )
48 {
49 case PSA_ALG_MD2:
50 return( 16 );
51 case PSA_ALG_MD4:
52 return( 64 );
53 case PSA_ALG_MD5:
54 return( 64 );
55 case PSA_ALG_RIPEMD160:
56 return( 64 );
57 case PSA_ALG_SHA_1:
58 return( 64 );
59 case PSA_ALG_SHA_224:
60 return( 64 );
61 case PSA_ALG_SHA_256:
62 return( 64 );
63 case PSA_ALG_SHA_384:
64 return( 128 );
65 case PSA_ALG_SHA_512:
66 return( 128 );
67 default:
68 return( 0 );
69 }
70}
71
Steven Cooreman4f7cae62021-04-29 17:49:11 +0200[diff] [blame]72psa_status_t psa_hmac_abort_internal( mbedtls_psa_hmac_operation_t *hmac )
Steven Cooreman32d56942021-03-19 17:39:17 +0100[diff] [blame]73{
74 mbedtls_platform_zeroize( hmac->opad, sizeof( hmac->opad ) );
75 return( psa_hash_abort( &hmac->hash_ctx ) );
76}
77
Steven Cooreman4f7cae62021-04-29 17:49:11 +0200[diff] [blame]78psa_status_t psa_hmac_setup_internal( mbedtls_psa_hmac_operation_t *hmac,
Steven Cooreman32d56942021-03-19 17:39:17 +0100[diff] [blame]79 const uint8_t *key,
80 size_t key_length,
81 psa_algorithm_t hash_alg )
82{
83 uint8_t ipad[PSA_HMAC_MAX_HASH_BLOCK_SIZE];
84 size_t i;
85 size_t hash_size = PSA_HASH_LENGTH( hash_alg );
86 size_t block_size = psa_get_hash_block_size( hash_alg );
87 psa_status_t status;
88
89 hmac->alg = hash_alg;
90
91 /* Sanity checks on block_size, to guarantee that there won't be a buffer
92 * overflow below. This should never trigger if the hash algorithm
93 * is implemented correctly. */
94 /* The size checks against the ipad and opad buffers cannot be written
95 * `block_size > sizeof( ipad ) || block_size > sizeof( hmac->opad )`
96 * because that triggers -Wlogical-op on GCC 7.3. */
97 if( block_size > sizeof( ipad ) )
98 return( PSA_ERROR_NOT_SUPPORTED );
99 if( block_size > sizeof( hmac->opad ) )
100 return( PSA_ERROR_NOT_SUPPORTED );
101 if( block_size < hash_size )
102 return( PSA_ERROR_NOT_SUPPORTED );
103
104 if( key_length > block_size )
105 {
106 status = psa_hash_compute( hash_alg, key, key_length,
107 ipad, sizeof( ipad ), &key_length );
108 if( status != PSA_SUCCESS )
109 goto cleanup;
110 }
111 /* A 0-length key is not commonly used in HMAC when used as a MAC,
112 * but it is permitted. It is common when HMAC is used in HKDF, for
113 * example. Don't call `memcpy` in the 0-length because `key` could be
114 * an invalid pointer which would make the behavior undefined. */
115 else if( key_length != 0 )
116 memcpy( ipad, key, key_length );
117
118 /* ipad contains the key followed by garbage. Xor and fill with 0x36
119 * to create the ipad value. */
120 for( i = 0; i < key_length; i++ )
121 ipad[i] ^= 0x36;
122 memset( ipad + key_length, 0x36, block_size - key_length );
123
124 /* Copy the key material from ipad to opad, flipping the requisite bits,
125 * and filling the rest of opad with the requisite constant. */
126 for( i = 0; i < key_length; i++ )
127 hmac->opad[i] = ipad[i] ^ 0x36 ^ 0x5C;
128 memset( hmac->opad + key_length, 0x5C, block_size - key_length );
129
130 status = psa_hash_setup( &hmac->hash_ctx, hash_alg );
131 if( status != PSA_SUCCESS )
132 goto cleanup;
133
134 status = psa_hash_update( &hmac->hash_ctx, ipad, block_size );
135
136cleanup:
137 mbedtls_platform_zeroize( ipad, sizeof( ipad ) );
138
139 return( status );
140}
141
Steven Cooreman4f7cae62021-04-29 17:49:11 +0200[diff] [blame]142psa_status_t psa_hmac_update_internal( mbedtls_psa_hmac_operation_t *hmac,
Steven Cooreman76720f62021-03-22 12:21:10 +0100[diff] [blame]143 const uint8_t *data,
144 size_t data_length )
145{
146 return( psa_hash_update( &hmac->hash_ctx, data, data_length ) );
147}
148
Steven Cooreman4f7cae62021-04-29 17:49:11 +0200[diff] [blame]149psa_status_t psa_hmac_finish_internal( mbedtls_psa_hmac_operation_t *hmac,
Steven Cooreman32d56942021-03-19 17:39:17 +0100[diff] [blame]150 uint8_t *mac,
151 size_t mac_size )
152{
153 uint8_t tmp[MBEDTLS_MD_MAX_SIZE];
154 psa_algorithm_t hash_alg = hmac->alg;
155 size_t hash_size = 0;
156 size_t block_size = psa_get_hash_block_size( hash_alg );
157 psa_status_t status;
158
159 status = psa_hash_finish( &hmac->hash_ctx, tmp, sizeof( tmp ), &hash_size );
160 if( status != PSA_SUCCESS )
161 return( status );
162 /* From here on, tmp needs to be wiped. */
163
164 status = psa_hash_setup( &hmac->hash_ctx, hash_alg );
165 if( status != PSA_SUCCESS )
166 goto exit;
167
168 status = psa_hash_update( &hmac->hash_ctx, hmac->opad, block_size );
169 if( status != PSA_SUCCESS )
170 goto exit;
171
172 status = psa_hash_update( &hmac->hash_ctx, tmp, hash_size );
173 if( status != PSA_SUCCESS )
174 goto exit;
175
176 status = psa_hash_finish( &hmac->hash_ctx, tmp, sizeof( tmp ), &hash_size );
177 if( status != PSA_SUCCESS )
178 goto exit;
179
180 memcpy( mac, tmp, mac_size );
181
182exit:
183 mbedtls_platform_zeroize( tmp, hash_size );
184 return( status );
185}
Steven Cooreman76720f62021-03-22 12:21:10 +0100[diff] [blame]186
Steven Cooreman4f7cae62021-04-29 17:49:11 +0200[diff] [blame]187psa_status_t psa_hmac_clone_internal(
188 const mbedtls_psa_hmac_operation_t *source,
189 mbedtls_psa_hmac_operation_t *destination )
Steven Cooreman76720f62021-03-22 12:21:10 +0100[diff] [blame]190{
191 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
192
193 destination->alg = source->alg;
194 destination->hash_ctx = psa_hash_operation_init();
195 status = psa_hash_clone( &source->hash_ctx, &destination->hash_ctx );
196 memcpy( destination->opad, source->opad, sizeof( destination->opad ) );
197
198 if( status != PSA_SUCCESS )
199 memset( destination, 0, sizeof( *destination ) );
200
201 return( status );
202}
Steven Cooreman32d56942021-03-19 17:39:17 +0100[diff] [blame]203#endif /* MBEDTLS_PSA_BUILTIN_ALG_HMAC || PSA_CRYPTO_DRIVER_TEST */
204
Steven Cooreman896d51e2021-03-19 15:24:23 +0100[diff] [blame]205/* Implement the PSA driver MAC interface on top of mbed TLS if either the
206 * software driver or the test driver requires it. */
207#if defined(MBEDTLS_PSA_BUILTIN_MAC) || defined(PSA_CRYPTO_DRIVER_TEST)
Steven Cooreman07897832021-03-19 18:28:56 +0100[diff] [blame]208
209#if defined(BUILTIN_ALG_CMAC)
210static psa_status_t cmac_setup( mbedtls_psa_mac_operation_t *operation,
211 const psa_key_attributes_t *attributes,
212 const uint8_t *key_buffer,
213 size_t key_buffer_size )
214{
215 int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
216 const mbedtls_cipher_info_t * cipher_info_tmp =
217 mbedtls_cipher_info_from_psa(
218 PSA_ALG_CMAC,
219 psa_get_key_type( attributes ),
220 psa_get_key_bits( attributes ),
221 NULL );
222
223 if( cipher_info_tmp == NULL )
224 return( PSA_ERROR_NOT_SUPPORTED );
225
226 if( key_buffer_size < PSA_BITS_TO_BYTES( psa_get_key_bits( attributes ) ) )
227 return( PSA_ERROR_INVALID_ARGUMENT );
228
229 ret = mbedtls_cipher_setup( &operation->ctx.cmac, cipher_info_tmp );
230 if( ret != 0 )
231 goto exit;
232
233 ret = mbedtls_cipher_cmac_starts( &operation->ctx.cmac,
234 key_buffer,
235 psa_get_key_bits( attributes ) );
236exit:
237 return( mbedtls_to_psa_error( ret ) );
238}
239#endif /* BUILTIN_ALG_CMAC */
240
241/* Initialize this driver's MAC operation structure. Once this function has been
242 * called, mbedtls_psa_mac_abort can run and will do the right thing. */
243static psa_status_t mac_init(
244 mbedtls_psa_mac_operation_t *operation,
245 psa_algorithm_t alg )
246{
Steven Cooreman6e6451e2021-04-29 16:21:24 +0200[diff] [blame]247 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
Steven Cooreman07897832021-03-19 18:28:56 +0100[diff] [blame]248
249 operation->alg = PSA_ALG_FULL_LENGTH_MAC( alg );
Steven Cooreman07897832021-03-19 18:28:56 +0100[diff] [blame]250 operation->has_input = 0;
251 operation->is_sign = 0;
252
253#if defined(BUILTIN_ALG_CMAC)
254 if( operation->alg == PSA_ALG_CMAC )
255 {
Steven Cooreman07897832021-03-19 18:28:56 +0100[diff] [blame]256 mbedtls_cipher_init( &operation->ctx.cmac );
257 status = PSA_SUCCESS;
258 }
259 else
260#endif /* BUILTIN_ALG_CMAC */
261#if defined(BUILTIN_ALG_HMAC)
262 if( PSA_ALG_IS_HMAC( operation->alg ) )
263 {
264 /* We'll set up the hash operation later in psa_hmac_setup_internal. */
265 operation->ctx.hmac.alg = 0;
266 status = PSA_SUCCESS;
267 }
268 else
269#endif /* BUILTIN_ALG_HMAC */
270 {
Steven Cooreman6e6451e2021-04-29 16:21:24 +0200[diff] [blame]271 status = PSA_ERROR_NOT_SUPPORTED;
Steven Cooreman07897832021-03-19 18:28:56 +0100[diff] [blame]272 }
273
274 if( status != PSA_SUCCESS )
275 memset( operation, 0, sizeof( *operation ) );
276 return( status );
277}
278
279static psa_status_t mac_abort( mbedtls_psa_mac_operation_t *operation )
280{
281 if( operation->alg == 0 )
282 {
283 /* The object has (apparently) been initialized but it is not
284 * in use. It's ok to call abort on such an object, and there's
285 * nothing to do. */
286 return( PSA_SUCCESS );
287 }
288 else
289#if defined(BUILTIN_ALG_CMAC)
290 if( operation->alg == PSA_ALG_CMAC )
291 {
292 mbedtls_cipher_free( &operation->ctx.cmac );
293 }
294 else
295#endif /* BUILTIN_ALG_CMAC */
296#if defined(BUILTIN_ALG_HMAC)
297 if( PSA_ALG_IS_HMAC( operation->alg ) )
298 {
299 psa_hmac_abort_internal( &operation->ctx.hmac );
300 }
301 else
302#endif /* BUILTIN_ALG_HMAC */
303 {
304 /* Sanity check (shouldn't happen: operation->alg should
305 * always have been initialized to a valid value). */
306 goto bad_state;
307 }
308
309 operation->alg = 0;
Steven Cooreman07897832021-03-19 18:28:56 +0100[diff] [blame]310 operation->has_input = 0;
311 operation->is_sign = 0;
312
313 return( PSA_SUCCESS );
314
315bad_state:
316 /* If abort is called on an uninitialized object, we can't trust
317 * anything. Wipe the object in case it contains confidential data.
318 * This may result in a memory leak if a pointer gets overwritten,
319 * but it's too late to do anything about this. */
320 memset( operation, 0, sizeof( *operation ) );
321 return( PSA_ERROR_BAD_STATE );
322}
323
324static psa_status_t mac_setup( mbedtls_psa_mac_operation_t *operation,
325 const psa_key_attributes_t *attributes,
326 const uint8_t *key_buffer,
327 size_t key_buffer_size,
328 psa_algorithm_t alg,
329 int is_sign )
330{
331 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
332
333 /* A context must be freshly initialized before it can be set up. */
334 if( operation->alg != 0 )
335 {
336 return( PSA_ERROR_BAD_STATE );
337 }
338
339 status = mac_init( operation, alg );
340 if( status != PSA_SUCCESS )
341 return( status );
342 if( is_sign )
343 operation->is_sign = 1;
344
345 /* Get the output length for the algorithm and key combination. None of the
346 * currently supported algorithms have an output length dependent on actual
347 * key size, so setting it to a bogus value is currently OK. */
348 operation->mac_size =
349 PSA_MAC_LENGTH( psa_get_key_type( attributes ), 0, alg );
350
351#if defined(BUILTIN_ALG_CMAC)
352 if( PSA_ALG_FULL_LENGTH_MAC( alg ) == PSA_ALG_CMAC )
353 {
354 status = cmac_setup( operation, attributes,
355 key_buffer, key_buffer_size );
356 }
357 else
358#endif /* BUILTIN_ALG_CMAC */
359#if defined(BUILTIN_ALG_HMAC)
360 if( PSA_ALG_IS_HMAC( alg ) )
361 {
362 /* Sanity check. This shouldn't fail on a valid configuration. */
363 if( operation->mac_size > sizeof( operation->ctx.hmac.opad ) )
364 {
365 status = PSA_ERROR_NOT_SUPPORTED;
366 goto exit;
367 }
368
369 if( psa_get_key_type( attributes ) != PSA_KEY_TYPE_HMAC )
370 {
371 status = PSA_ERROR_INVALID_ARGUMENT;
372 goto exit;
373 }
374
375 status = psa_hmac_setup_internal( &operation->ctx.hmac,
376 key_buffer,
377 key_buffer_size,
378 PSA_ALG_HMAC_GET_HASH( alg ) );
379 }
380 else
381#endif /* BUILTIN_ALG_HMAC */
382 {
383 status = PSA_ERROR_NOT_SUPPORTED;
384 }
385
386exit:
Steven Cooremanb4b9b282021-04-29 16:24:36 +0200[diff] [blame]387 if( status != PSA_SUCCESS )
Steven Cooreman07897832021-03-19 18:28:56 +0100[diff] [blame]388 mac_abort( operation );
389
390 return( status );
391}
392
Steven Cooreman896d51e2021-03-19 15:24:23 +0100[diff] [blame]393static psa_status_t mac_compute(
394 const psa_key_attributes_t *attributes,
395 const uint8_t *key_buffer,
396 size_t key_buffer_size,
397 psa_algorithm_t alg,
398 const uint8_t *input,
399 size_t input_length,
400 uint8_t *mac,
401 size_t mac_size,
402 size_t *mac_length )
403{
Steven Cooreman32d56942021-03-19 17:39:17 +0100[diff] [blame]404 /* One-shot MAC has not been implemented in this PSA implementation yet. */
Steven Cooreman896d51e2021-03-19 15:24:23 +0100[diff] [blame]405 (void) attributes;
406 (void) key_buffer;
407 (void) key_buffer_size;
408 (void) alg;
409 (void) input;
410 (void) input_length;
411 (void) mac;
412 (void) mac_size;
413 (void) mac_length;
414 return( PSA_ERROR_NOT_SUPPORTED );
415}
416
417static psa_status_t mac_sign_setup(
418 mbedtls_psa_mac_operation_t *operation,
419 const psa_key_attributes_t *attributes,
420 const uint8_t *key_buffer,
421 size_t key_buffer_size,
422 psa_algorithm_t alg )
423{
Steven Cooreman07897832021-03-19 18:28:56 +0100[diff] [blame]424 return( mac_setup( operation, attributes, key_buffer, key_buffer_size, alg,
425 1 ) );
Steven Cooreman896d51e2021-03-19 15:24:23 +0100[diff] [blame]426}
427
428static psa_status_t mac_verify_setup(
429 mbedtls_psa_mac_operation_t *operation,
430 const psa_key_attributes_t *attributes,
431 const uint8_t *key_buffer,
432 size_t key_buffer_size,
433 psa_algorithm_t alg )
434{
Steven Cooreman07897832021-03-19 18:28:56 +0100[diff] [blame]435 return( mac_setup( operation, attributes, key_buffer, key_buffer_size, alg,
436 0 ) );
Steven Cooreman896d51e2021-03-19 15:24:23 +0100[diff] [blame]437}
438
439static psa_status_t mac_update(
440 mbedtls_psa_mac_operation_t *operation,
441 const uint8_t *input,
442 size_t input_length )
443{
Steven Cooremanb4b9b282021-04-29 16:24:36 +0200[diff] [blame]444 if( operation->alg == 0 )
Steven Cooreman11743f92021-03-19 18:38:46 +0100[diff] [blame]445 return( PSA_ERROR_BAD_STATE );
Steven Cooreman11743f92021-03-19 18:38:46 +0100[diff] [blame]446 operation->has_input = 1;
447
448#if defined(BUILTIN_ALG_CMAC)
449 if( operation->alg == PSA_ALG_CMAC )
450 {
451 return( mbedtls_to_psa_error(
452 mbedtls_cipher_cmac_update( &operation->ctx.cmac,
453 input, input_length ) ) );
454 }
455 else
456#endif /* BUILTIN_ALG_CMAC */
457#if defined(BUILTIN_ALG_HMAC)
458 if( PSA_ALG_IS_HMAC( operation->alg ) )
459 {
460 return( psa_hash_update( &operation->ctx.hmac.hash_ctx, input,
461 input_length ) );
462 }
463 else
464#endif /* BUILTIN_ALG_HMAC */
465 {
466 /* This shouldn't happen if `operation` was initialized by
467 * a setup function. */
468 return( PSA_ERROR_BAD_STATE );
469 }
Steven Cooreman896d51e2021-03-19 15:24:23 +0100[diff] [blame]470}
471
Steven Cooreman87885df2021-03-19 19:04:39 +0100[diff] [blame]472static psa_status_t mac_finish_internal( mbedtls_psa_mac_operation_t *operation,
473 uint8_t *mac,
474 size_t mac_size )
475{
Steven Cooremanb4b9b282021-04-29 16:24:36 +0200[diff] [blame]476 if( operation->alg == 0 )
Steven Cooreman87885df2021-03-19 19:04:39 +0100[diff] [blame]477 return( PSA_ERROR_BAD_STATE );
Steven Cooreman87885df2021-03-19 19:04:39 +0100[diff] [blame]478 if( mac_size < operation->mac_size )
479 return( PSA_ERROR_BUFFER_TOO_SMALL );
480
481#if defined(BUILTIN_ALG_CMAC)
482 if( operation->alg == PSA_ALG_CMAC )
483 {
484 uint8_t tmp[PSA_BLOCK_CIPHER_BLOCK_MAX_SIZE];
485 int ret = mbedtls_cipher_cmac_finish( &operation->ctx.cmac, tmp );
486 if( ret == 0 )
487 memcpy( mac, tmp, operation->mac_size );
488 mbedtls_platform_zeroize( tmp, sizeof( tmp ) );
489 return( mbedtls_to_psa_error( ret ) );
490 }
491 else
492#endif /* BUILTIN_ALG_CMAC */
493#if defined(BUILTIN_ALG_HMAC)
494 if( PSA_ALG_IS_HMAC( operation->alg ) )
495 {
496 return( psa_hmac_finish_internal( &operation->ctx.hmac,
497 mac, operation->mac_size ) );
498 }
499 else
500#endif /* BUILTIN_ALG_HMAC */
501 {
502 /* This shouldn't happen if `operation` was initialized by
503 * a setup function. */
504 return( PSA_ERROR_BAD_STATE );
505 }
506}
507
Steven Cooreman896d51e2021-03-19 15:24:23 +0100[diff] [blame]508static psa_status_t mac_sign_finish(
509 mbedtls_psa_mac_operation_t *operation,
510 uint8_t *mac,
511 size_t mac_size,
512 size_t *mac_length )
513{
Steven Cooreman87885df2021-03-19 19:04:39 +0100[diff] [blame]514 psa_status_t status;
515
516 if( operation->alg == 0 )
517 return( PSA_ERROR_BAD_STATE );
518
519 if( ! operation->is_sign )
520 return( PSA_ERROR_BAD_STATE );
521
522 status = mac_finish_internal( operation, mac, mac_size );
523
524 if( status == PSA_SUCCESS )
525 *mac_length = operation->mac_size;
526
527 return( status );
528}
529
Steven Cooreman896d51e2021-03-19 15:24:23 +0100[diff] [blame]530static psa_status_t mac_verify_finish(
531 mbedtls_psa_mac_operation_t *operation,
532 const uint8_t *mac,
533 size_t mac_length )
534{
Steven Cooreman87885df2021-03-19 19:04:39 +0100[diff] [blame]535 uint8_t actual_mac[PSA_MAC_MAX_SIZE];
536 psa_status_t status;
537
538 if( operation->alg == 0 )
539 return( PSA_ERROR_BAD_STATE );
540
541 if( operation->is_sign )
542 return( PSA_ERROR_BAD_STATE );
543
544 if( operation->mac_size != mac_length )
545 {
546 status = PSA_ERROR_INVALID_SIGNATURE;
547 goto cleanup;
548 }
549
550 status = mac_finish_internal( operation, actual_mac, sizeof( actual_mac ) );
551 if( status != PSA_SUCCESS )
552 goto cleanup;
553
Steven Cooremana2a1b802021-04-29 16:37:59 +0200[diff] [blame]554 if( mbedtls_psa_safer_memcmp( mac, actual_mac, mac_length ) != 0 )
Steven Cooreman87885df2021-03-19 19:04:39 +0100[diff] [blame]555 status = PSA_ERROR_INVALID_SIGNATURE;
556
557cleanup:
558 mbedtls_platform_zeroize( actual_mac, sizeof( actual_mac ) );
559
560 return( status );
Steven Cooreman896d51e2021-03-19 15:24:23 +0100[diff] [blame]561}
Steven Cooreman896d51e2021-03-19 15:24:23 +0100[diff] [blame]562#endif /* MBEDTLS_PSA_BUILTIN_MAC || PSA_CRYPTO_DRIVER_TEST */
563
564#if defined(MBEDTLS_PSA_BUILTIN_MAC)
565psa_status_t mbedtls_psa_mac_compute(
566 const psa_key_attributes_t *attributes,
567 const uint8_t *key_buffer,
568 size_t key_buffer_size,
569 psa_algorithm_t alg,
570 const uint8_t *input,
571 size_t input_length,
572 uint8_t *mac,
573 size_t mac_size,
574 size_t *mac_length )
575{
576 return( mac_compute( attributes, key_buffer, key_buffer_size, alg,
577 input, input_length,
578 mac, mac_size, mac_length ) );
579}
580
581psa_status_t mbedtls_psa_mac_sign_setup(
582 mbedtls_psa_mac_operation_t *operation,
583 const psa_key_attributes_t *attributes,
584 const uint8_t *key_buffer,
585 size_t key_buffer_size,
586 psa_algorithm_t alg )
587{
588 return( mac_sign_setup( operation, attributes,
589 key_buffer, key_buffer_size, alg ) );
590}
591
592psa_status_t mbedtls_psa_mac_verify_setup(
593 mbedtls_psa_mac_operation_t *operation,
594 const psa_key_attributes_t *attributes,
595 const uint8_t *key_buffer,
596 size_t key_buffer_size,
597 psa_algorithm_t alg )
598{
599 return( mac_verify_setup( operation, attributes,
600 key_buffer, key_buffer_size, alg ) );
601}
602
603psa_status_t mbedtls_psa_mac_update(
604 mbedtls_psa_mac_operation_t *operation,
605 const uint8_t *input,
606 size_t input_length )
607{
608 return( mac_update( operation, input, input_length ) );
609}
610
611psa_status_t mbedtls_psa_mac_sign_finish(
612 mbedtls_psa_mac_operation_t *operation,
613 uint8_t *mac,
614 size_t mac_size,
615 size_t *mac_length )
616{
617 return( mac_sign_finish( operation, mac, mac_size, mac_length ) );
618}
619
620psa_status_t mbedtls_psa_mac_verify_finish(
621 mbedtls_psa_mac_operation_t *operation,
622 const uint8_t *mac,
623 size_t mac_length )
624{
625 return( mac_verify_finish( operation, mac, mac_length ) );
626}
627
628psa_status_t mbedtls_psa_mac_abort(
629 mbedtls_psa_mac_operation_t *operation )
630{
631 return( mac_abort( operation ) );
632}
633#endif /* MBEDTLS_PSA_BUILTIN_MAC */
634
635 /*
636 * BEYOND THIS POINT, TEST DRIVER ENTRY POINTS ONLY.
637 */
638#if defined(PSA_CRYPTO_DRIVER_TEST)
639
640static int is_mac_accelerated( psa_algorithm_t alg )
641{
642#if defined(MBEDTLS_PSA_ACCEL_ALG_HMAC)
643 if( PSA_ALG_IS_HMAC( alg ) )
644 return( 1 );
645#endif
646
647 switch( PSA_ALG_FULL_LENGTH_MAC( alg ) )
648 {
649#if defined(MBEDTLS_PSA_ACCEL_ALG_CMAC)
650 case PSA_ALG_CMAC:
651 return( 1 );
652#endif
653 default:
654 return( 0 );
655 }
656}
657
658psa_status_t mbedtls_transparent_test_driver_mac_compute(
659 const psa_key_attributes_t *attributes,
660 const uint8_t *key_buffer,
661 size_t key_buffer_size,
662 psa_algorithm_t alg,
663 const uint8_t *input,
664 size_t input_length,
665 uint8_t *mac,
666 size_t mac_size,
667 size_t *mac_length )
668{
669 if( is_mac_accelerated( alg ) )
670 return( mac_compute( attributes, key_buffer, key_buffer_size, alg,
671 input, input_length,
672 mac, mac_size, mac_length ) );
673 else
674 return( PSA_ERROR_NOT_SUPPORTED );
675}
676
677psa_status_t mbedtls_transparent_test_driver_mac_sign_setup(
678 mbedtls_transparent_test_driver_mac_operation_t *operation,
679 const psa_key_attributes_t *attributes,
680 const uint8_t *key_buffer,
681 size_t key_buffer_size,
682 psa_algorithm_t alg )
683{
684 if( is_mac_accelerated( alg ) )
685 return( mac_sign_setup( operation, attributes,
686 key_buffer, key_buffer_size, alg ) );
687 else
688 return( PSA_ERROR_NOT_SUPPORTED );
689}
690
691psa_status_t mbedtls_transparent_test_driver_mac_verify_setup(
692 mbedtls_transparent_test_driver_mac_operation_t *operation,
693 const psa_key_attributes_t *attributes,
694 const uint8_t *key_buffer,
695 size_t key_buffer_size,
696 psa_algorithm_t alg )
697{
698 if( is_mac_accelerated( alg ) )
699 return( mac_verify_setup( operation, attributes,
700 key_buffer, key_buffer_size, alg ) );
701 else
702 return( PSA_ERROR_NOT_SUPPORTED );
703}
704
705psa_status_t mbedtls_transparent_test_driver_mac_update(
706 mbedtls_transparent_test_driver_mac_operation_t *operation,
707 const uint8_t *input,
708 size_t input_length )
709{
710 if( is_mac_accelerated( operation->alg ) )
711 return( mac_update( operation, input, input_length ) );
712 else
713 return( PSA_ERROR_BAD_STATE );
714}
715
716psa_status_t mbedtls_transparent_test_driver_mac_sign_finish(
717 mbedtls_transparent_test_driver_mac_operation_t *operation,
718 uint8_t *mac,
719 size_t mac_size,
720 size_t *mac_length )
721{
722 if( is_mac_accelerated( operation->alg ) )
723 return( mac_sign_finish( operation, mac, mac_size, mac_length ) );
724 else
725 return( PSA_ERROR_BAD_STATE );
726}
727
728psa_status_t mbedtls_transparent_test_driver_mac_verify_finish(
729 mbedtls_transparent_test_driver_mac_operation_t *operation,
730 const uint8_t *mac,
731 size_t mac_length )
732{
733 if( is_mac_accelerated( operation->alg ) )
734 return( mac_verify_finish( operation, mac, mac_length ) );
735 else
736 return( PSA_ERROR_BAD_STATE );
737}
738
739psa_status_t mbedtls_transparent_test_driver_mac_abort(
740 mbedtls_transparent_test_driver_mac_operation_t *operation )
741{
742 return( mac_abort( operation ) );
743}
744
745psa_status_t mbedtls_opaque_test_driver_mac_compute(
746 const psa_key_attributes_t *attributes,
747 const uint8_t *key_buffer,
748 size_t key_buffer_size,
749 psa_algorithm_t alg,
750 const uint8_t *input,
751 size_t input_length,
752 uint8_t *mac,
753 size_t mac_size,
754 size_t *mac_length )
755{
756 /* Opaque driver testing is not implemented yet through this mechanism. */
757 (void) attributes;
758 (void) key_buffer;
759 (void) key_buffer_size;
760 (void) alg;
761 (void) input;
762 (void) input_length;
763 (void) mac;
764 (void) mac_size;
765 (void) mac_length;
766 return( PSA_ERROR_NOT_SUPPORTED );
767}
768
769psa_status_t mbedtls_opaque_test_driver_mac_sign_setup(
770 mbedtls_opaque_test_driver_mac_operation_t *operation,
771 const psa_key_attributes_t *attributes,
772 const uint8_t *key_buffer,
773 size_t key_buffer_size,
774 psa_algorithm_t alg )
775{
776 /* Opaque driver testing is not implemented yet through this mechanism. */
777 (void) operation;
778 (void) attributes;
779 (void) key_buffer;
780 (void) key_buffer_size;
781 (void) alg;
782 return( PSA_ERROR_NOT_SUPPORTED );
783}
784
785psa_status_t mbedtls_opaque_test_driver_mac_verify_setup(
786 mbedtls_opaque_test_driver_mac_operation_t *operation,
787 const psa_key_attributes_t *attributes,
788 const uint8_t *key_buffer,
789 size_t key_buffer_size,
790 psa_algorithm_t alg )
791{
792 /* Opaque driver testing is not implemented yet through this mechanism. */
793 (void) operation;
794 (void) attributes;
795 (void) key_buffer;
796 (void) key_buffer_size;
797 (void) alg;
798 return( PSA_ERROR_NOT_SUPPORTED );
799}
800
801psa_status_t mbedtls_opaque_test_driver_mac_update(
802 mbedtls_opaque_test_driver_mac_operation_t *operation,
803 const uint8_t *input,
804 size_t input_length )
805{
806 /* Opaque driver testing is not implemented yet through this mechanism. */
807 (void) operation;
808 (void) input;
809 (void) input_length;
810 return( PSA_ERROR_NOT_SUPPORTED );
811}
812
813psa_status_t mbedtls_opaque_test_driver_mac_sign_finish(
814 mbedtls_opaque_test_driver_mac_operation_t *operation,
815 uint8_t *mac,
816 size_t mac_size,
817 size_t *mac_length )
818{
819 /* Opaque driver testing is not implemented yet through this mechanism. */
820 (void) operation;
821 (void) mac;
822 (void) mac_size;
823 (void) mac_length;
824 return( PSA_ERROR_NOT_SUPPORTED );
825}
826
827psa_status_t mbedtls_opaque_test_driver_mac_verify_finish(
828 mbedtls_opaque_test_driver_mac_operation_t *operation,
829 const uint8_t *mac,
830 size_t mac_length )
831{
832 /* Opaque driver testing is not implemented yet through this mechanism. */
833 (void) operation;
834 (void) mac;
835 (void) mac_length;
836 return( PSA_ERROR_NOT_SUPPORTED );
837}
838
839psa_status_t mbedtls_opaque_test_driver_mac_abort(
840 mbedtls_opaque_test_driver_mac_operation_t *operation )
841{
842 /* Opaque driver testing is not implemented yet through this mechanism. */
843 (void) operation;
844 return( PSA_ERROR_NOT_SUPPORTED );
845}
846
847#endif /* PSA_CRYPTO_DRIVER_TEST */
848
849#endif /* MBEDTLS_PSA_CRYPTO_C */