TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / c112315aebc20e39ad1affb91eb84f4d21100073 / . / library / psa_crypto_mac.c
blob: 3d7f70bacb97657c64ff5830816f5413e3deac17 [file] [log] [blame]
Steven Cooremand13a70f2021-03-19 15:24:23 +0100[diff] [blame]1/*
2 * PSA MAC layer on top of Mbed TLS software crypto
3 */
4/*
5 * Copyright The Mbed TLS Contributors
6 * SPDX-License-Identifier: Apache-2.0
7 *
8 * Licensed under the Apache License, Version 2.0 (the "License"); you may
9 * not use this file except in compliance with the License.
10 * You may obtain a copy of the License at
11 *
12 * http://www.apache.org/licenses/LICENSE-2.0
13 *
14 * Unless required by applicable law or agreed to in writing, software
15 * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
16 * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
17 * See the License for the specific language governing permissions and
18 * limitations under the License.
19 */
20
21#include "common.h"
22
23#if defined(MBEDTLS_PSA_CRYPTO_C)
24
25#include <psa/crypto.h>
26#include "psa_crypto_core.h"
27#include "psa_crypto_mac.h"
Steven Cooreman82c66b62021-03-19 17:39:17 +0100[diff] [blame]28#include <mbedtls/md.h>
Steven Cooremand13a70f2021-03-19 15:24:23 +0100[diff] [blame]29
30#include <mbedtls/error.h>
31#include <string.h>
32
33/* Use builtin defines specific to this compilation unit, since the test driver
34 * relies on the software driver. */
35#if( defined(MBEDTLS_PSA_BUILTIN_ALG_CMAC) || \
36 ( defined(PSA_CRYPTO_DRIVER_TEST) && defined(MBEDTLS_PSA_ACCEL_ALG_CMAC) ) )
37#define BUILTIN_ALG_CMAC 1
38#endif
39#if( defined(MBEDTLS_PSA_BUILTIN_ALG_HMAC) || \
40 ( defined(PSA_CRYPTO_DRIVER_TEST) && defined(MBEDTLS_PSA_ACCEL_ALG_HMAC) ) )
41#define BUILTIN_ALG_HMAC 1
42#endif
43
Steven Cooreman82c66b62021-03-19 17:39:17 +0100[diff] [blame]44#if defined(MBEDTLS_PSA_BUILTIN_ALG_HMAC) || defined(PSA_CRYPTO_DRIVER_TEST)
45static size_t psa_get_hash_block_size( psa_algorithm_t alg )
46{
47 switch( alg )
48 {
49 case PSA_ALG_MD2:
50 return( 16 );
51 case PSA_ALG_MD4:
52 return( 64 );
53 case PSA_ALG_MD5:
54 return( 64 );
55 case PSA_ALG_RIPEMD160:
56 return( 64 );
57 case PSA_ALG_SHA_1:
58 return( 64 );
59 case PSA_ALG_SHA_224:
60 return( 64 );
61 case PSA_ALG_SHA_256:
62 return( 64 );
63 case PSA_ALG_SHA_384:
64 return( 128 );
65 case PSA_ALG_SHA_512:
66 return( 128 );
67 default:
68 return( 0 );
69 }
70}
71
Steven Cooremana6df6042021-04-29 19:32:25 +0200[diff] [blame]72static psa_status_t psa_hmac_abort_internal(
73 mbedtls_psa_hmac_operation_t *hmac )
Steven Cooreman82c66b62021-03-19 17:39:17 +0100[diff] [blame]74{
75 mbedtls_platform_zeroize( hmac->opad, sizeof( hmac->opad ) );
76 return( psa_hash_abort( &hmac->hash_ctx ) );
77}
78
Steven Cooremana6df6042021-04-29 19:32:25 +0200[diff] [blame]79static psa_status_t psa_hmac_setup_internal(
80 mbedtls_psa_hmac_operation_t *hmac,
81 const uint8_t *key,
82 size_t key_length,
83 psa_algorithm_t hash_alg )
Steven Cooreman82c66b62021-03-19 17:39:17 +0100[diff] [blame]84{
85 uint8_t ipad[PSA_HMAC_MAX_HASH_BLOCK_SIZE];
86 size_t i;
87 size_t hash_size = PSA_HASH_LENGTH( hash_alg );
88 size_t block_size = psa_get_hash_block_size( hash_alg );
89 psa_status_t status;
90
91 hmac->alg = hash_alg;
92
93 /* Sanity checks on block_size, to guarantee that there won't be a buffer
94 * overflow below. This should never trigger if the hash algorithm
95 * is implemented correctly. */
96 /* The size checks against the ipad and opad buffers cannot be written
97 * `block_size > sizeof( ipad ) || block_size > sizeof( hmac->opad )`
98 * because that triggers -Wlogical-op on GCC 7.3. */
99 if( block_size > sizeof( ipad ) )
100 return( PSA_ERROR_NOT_SUPPORTED );
101 if( block_size > sizeof( hmac->opad ) )
102 return( PSA_ERROR_NOT_SUPPORTED );
103 if( block_size < hash_size )
104 return( PSA_ERROR_NOT_SUPPORTED );
105
106 if( key_length > block_size )
107 {
108 status = psa_hash_compute( hash_alg, key, key_length,
109 ipad, sizeof( ipad ), &key_length );
110 if( status != PSA_SUCCESS )
111 goto cleanup;
112 }
113 /* A 0-length key is not commonly used in HMAC when used as a MAC,
114 * but it is permitted. It is common when HMAC is used in HKDF, for
115 * example. Don't call `memcpy` in the 0-length because `key` could be
116 * an invalid pointer which would make the behavior undefined. */
117 else if( key_length != 0 )
118 memcpy( ipad, key, key_length );
119
120 /* ipad contains the key followed by garbage. Xor and fill with 0x36
121 * to create the ipad value. */
122 for( i = 0; i < key_length; i++ )
123 ipad[i] ^= 0x36;
124 memset( ipad + key_length, 0x36, block_size - key_length );
125
126 /* Copy the key material from ipad to opad, flipping the requisite bits,
127 * and filling the rest of opad with the requisite constant. */
128 for( i = 0; i < key_length; i++ )
129 hmac->opad[i] = ipad[i] ^ 0x36 ^ 0x5C;
130 memset( hmac->opad + key_length, 0x5C, block_size - key_length );
131
132 status = psa_hash_setup( &hmac->hash_ctx, hash_alg );
133 if( status != PSA_SUCCESS )
134 goto cleanup;
135
136 status = psa_hash_update( &hmac->hash_ctx, ipad, block_size );
137
138cleanup:
139 mbedtls_platform_zeroize( ipad, sizeof( ipad ) );
140
141 return( status );
142}
143
Steven Cooremana6df6042021-04-29 19:32:25 +0200[diff] [blame]144static psa_status_t psa_hmac_update_internal(
145 mbedtls_psa_hmac_operation_t *hmac,
146 const uint8_t *data,
147 size_t data_length )
Steven Cooreman4fdf0602021-03-22 12:21:10 +0100[diff] [blame]148{
149 return( psa_hash_update( &hmac->hash_ctx, data, data_length ) );
150}
151
Steven Cooremana6df6042021-04-29 19:32:25 +0200[diff] [blame]152static psa_status_t psa_hmac_finish_internal(
153 mbedtls_psa_hmac_operation_t *hmac,
154 uint8_t *mac,
155 size_t mac_size )
Steven Cooreman82c66b62021-03-19 17:39:17 +0100[diff] [blame]156{
157 uint8_t tmp[MBEDTLS_MD_MAX_SIZE];
158 psa_algorithm_t hash_alg = hmac->alg;
159 size_t hash_size = 0;
160 size_t block_size = psa_get_hash_block_size( hash_alg );
161 psa_status_t status;
162
163 status = psa_hash_finish( &hmac->hash_ctx, tmp, sizeof( tmp ), &hash_size );
164 if( status != PSA_SUCCESS )
165 return( status );
166 /* From here on, tmp needs to be wiped. */
167
168 status = psa_hash_setup( &hmac->hash_ctx, hash_alg );
169 if( status != PSA_SUCCESS )
170 goto exit;
171
172 status = psa_hash_update( &hmac->hash_ctx, hmac->opad, block_size );
173 if( status != PSA_SUCCESS )
174 goto exit;
175
176 status = psa_hash_update( &hmac->hash_ctx, tmp, hash_size );
177 if( status != PSA_SUCCESS )
178 goto exit;
179
180 status = psa_hash_finish( &hmac->hash_ctx, tmp, sizeof( tmp ), &hash_size );
181 if( status != PSA_SUCCESS )
182 goto exit;
183
184 memcpy( mac, tmp, mac_size );
185
186exit:
187 mbedtls_platform_zeroize( tmp, hash_size );
188 return( status );
189}
190#endif /* MBEDTLS_PSA_BUILTIN_ALG_HMAC || PSA_CRYPTO_DRIVER_TEST */
191
Steven Cooremand13a70f2021-03-19 15:24:23 +0100[diff] [blame]192/* Implement the PSA driver MAC interface on top of mbed TLS if either the
193 * software driver or the test driver requires it. */
194#if defined(MBEDTLS_PSA_BUILTIN_MAC) || defined(PSA_CRYPTO_DRIVER_TEST)
Steven Cooremane6804192021-03-19 18:28:56 +0100[diff] [blame]195
196#if defined(BUILTIN_ALG_CMAC)
197static psa_status_t cmac_setup( mbedtls_psa_mac_operation_t *operation,
198 const psa_key_attributes_t *attributes,
Steven Cooremandcd08112021-05-06 18:00:37 +0200[diff] [blame]199 const uint8_t *key_buffer )
Steven Cooremane6804192021-03-19 18:28:56 +0100[diff] [blame]200{
201 int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
Steven Cooreman094a77e2021-05-06 17:58:36 +0200[diff] [blame]202 const mbedtls_cipher_info_t * cipher_info =
Steven Cooremane6804192021-03-19 18:28:56 +0100[diff] [blame]203 mbedtls_cipher_info_from_psa(
204 PSA_ALG_CMAC,
205 psa_get_key_type( attributes ),
206 psa_get_key_bits( attributes ),
207 NULL );
208
Steven Cooreman094a77e2021-05-06 17:58:36 +0200[diff] [blame]209 if( cipher_info == NULL )
Steven Cooremane6804192021-03-19 18:28:56 +0100[diff] [blame]210 return( PSA_ERROR_NOT_SUPPORTED );
211
Steven Cooreman094a77e2021-05-06 17:58:36 +0200[diff] [blame]212 ret = mbedtls_cipher_setup( &operation->ctx.cmac, cipher_info );
Steven Cooremane6804192021-03-19 18:28:56 +0100[diff] [blame]213 if( ret != 0 )
214 goto exit;
215
216 ret = mbedtls_cipher_cmac_starts( &operation->ctx.cmac,
217 key_buffer,
218 psa_get_key_bits( attributes ) );
219exit:
220 return( mbedtls_to_psa_error( ret ) );
221}
222#endif /* BUILTIN_ALG_CMAC */
223
224/* Initialize this driver's MAC operation structure. Once this function has been
225 * called, mbedtls_psa_mac_abort can run and will do the right thing. */
226static psa_status_t mac_init(
227 mbedtls_psa_mac_operation_t *operation,
228 psa_algorithm_t alg )
229{
Steven Cooremanba9a5bf2021-04-29 16:21:24 +0200[diff] [blame]230 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
Steven Cooremane6804192021-03-19 18:28:56 +0100[diff] [blame]231
232 operation->alg = PSA_ALG_FULL_LENGTH_MAC( alg );
Steven Cooremane6804192021-03-19 18:28:56 +0100[diff] [blame]233 operation->is_sign = 0;
234
235#if defined(BUILTIN_ALG_CMAC)
236 if( operation->alg == PSA_ALG_CMAC )
237 {
Steven Cooremane6804192021-03-19 18:28:56 +0100[diff] [blame]238 mbedtls_cipher_init( &operation->ctx.cmac );
239 status = PSA_SUCCESS;
240 }
241 else
242#endif /* BUILTIN_ALG_CMAC */
243#if defined(BUILTIN_ALG_HMAC)
244 if( PSA_ALG_IS_HMAC( operation->alg ) )
245 {
246 /* We'll set up the hash operation later in psa_hmac_setup_internal. */
247 operation->ctx.hmac.alg = 0;
248 status = PSA_SUCCESS;
249 }
250 else
251#endif /* BUILTIN_ALG_HMAC */
252 {
Steven Cooremanba9a5bf2021-04-29 16:21:24 +0200[diff] [blame]253 status = PSA_ERROR_NOT_SUPPORTED;
Steven Cooremane6804192021-03-19 18:28:56 +0100[diff] [blame]254 }
255
256 if( status != PSA_SUCCESS )
257 memset( operation, 0, sizeof( *operation ) );
258 return( status );
259}
260
261static psa_status_t mac_abort( mbedtls_psa_mac_operation_t *operation )
262{
263 if( operation->alg == 0 )
264 {
265 /* The object has (apparently) been initialized but it is not
266 * in use. It's ok to call abort on such an object, and there's
267 * nothing to do. */
268 return( PSA_SUCCESS );
269 }
270 else
271#if defined(BUILTIN_ALG_CMAC)
272 if( operation->alg == PSA_ALG_CMAC )
273 {
274 mbedtls_cipher_free( &operation->ctx.cmac );
275 }
276 else
277#endif /* BUILTIN_ALG_CMAC */
278#if defined(BUILTIN_ALG_HMAC)
279 if( PSA_ALG_IS_HMAC( operation->alg ) )
280 {
281 psa_hmac_abort_internal( &operation->ctx.hmac );
282 }
283 else
284#endif /* BUILTIN_ALG_HMAC */
285 {
286 /* Sanity check (shouldn't happen: operation->alg should
287 * always have been initialized to a valid value). */
288 goto bad_state;
289 }
290
291 operation->alg = 0;
Steven Cooremane6804192021-03-19 18:28:56 +0100[diff] [blame]292 operation->is_sign = 0;
293
294 return( PSA_SUCCESS );
295
296bad_state:
297 /* If abort is called on an uninitialized object, we can't trust
298 * anything. Wipe the object in case it contains confidential data.
299 * This may result in a memory leak if a pointer gets overwritten,
300 * but it's too late to do anything about this. */
301 memset( operation, 0, sizeof( *operation ) );
302 return( PSA_ERROR_BAD_STATE );
303}
304
305static psa_status_t mac_setup( mbedtls_psa_mac_operation_t *operation,
306 const psa_key_attributes_t *attributes,
307 const uint8_t *key_buffer,
308 size_t key_buffer_size,
309 psa_algorithm_t alg,
310 int is_sign )
311{
312 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
313
314 /* A context must be freshly initialized before it can be set up. */
315 if( operation->alg != 0 )
Steven Cooremane6804192021-03-19 18:28:56 +0100[diff] [blame]316 return( PSA_ERROR_BAD_STATE );
Steven Cooremane6804192021-03-19 18:28:56 +0100[diff] [blame]317
318 status = mac_init( operation, alg );
319 if( status != PSA_SUCCESS )
320 return( status );
Steven Cooreman094a77e2021-05-06 17:58:36 +0200[diff] [blame]321 operation->is_sign = is_sign;
Steven Cooremane6804192021-03-19 18:28:56 +0100[diff] [blame]322
323 /* Get the output length for the algorithm and key combination. None of the
324 * currently supported algorithms have an output length dependent on actual
325 * key size, so setting it to a bogus value is currently OK. */
326 operation->mac_size =
327 PSA_MAC_LENGTH( psa_get_key_type( attributes ), 0, alg );
328
329#if defined(BUILTIN_ALG_CMAC)
330 if( PSA_ALG_FULL_LENGTH_MAC( alg ) == PSA_ALG_CMAC )
331 {
Steven Cooremandcd08112021-05-06 18:00:37 +0200[diff] [blame]332 /* Key buffer size for CMAC is dictated by the key bits set on the
333 * attributes, and previously validated by the core on key import. */
334 (void) key_buffer_size;
335 status = cmac_setup( operation, attributes, key_buffer );
Steven Cooremane6804192021-03-19 18:28:56 +0100[diff] [blame]336 }
337 else
338#endif /* BUILTIN_ALG_CMAC */
339#if defined(BUILTIN_ALG_HMAC)
340 if( PSA_ALG_IS_HMAC( alg ) )
341 {
342 /* Sanity check. This shouldn't fail on a valid configuration. */
343 if( operation->mac_size > sizeof( operation->ctx.hmac.opad ) )
344 {
345 status = PSA_ERROR_NOT_SUPPORTED;
346 goto exit;
347 }
348
349 if( psa_get_key_type( attributes ) != PSA_KEY_TYPE_HMAC )
350 {
351 status = PSA_ERROR_INVALID_ARGUMENT;
352 goto exit;
353 }
354
355 status = psa_hmac_setup_internal( &operation->ctx.hmac,
356 key_buffer,
357 key_buffer_size,
358 PSA_ALG_HMAC_GET_HASH( alg ) );
359 }
360 else
361#endif /* BUILTIN_ALG_HMAC */
362 {
363 status = PSA_ERROR_NOT_SUPPORTED;
364 }
365
366exit:
Steven Cooremana4638e72021-04-29 16:24:36 +0200[diff] [blame]367 if( status != PSA_SUCCESS )
Steven Cooremane6804192021-03-19 18:28:56 +0100[diff] [blame]368 mac_abort( operation );
369
370 return( status );
371}
372
Steven Cooremand13a70f2021-03-19 15:24:23 +0100[diff] [blame]373static psa_status_t mac_compute(
374 const psa_key_attributes_t *attributes,
375 const uint8_t *key_buffer,
376 size_t key_buffer_size,
377 psa_algorithm_t alg,
378 const uint8_t *input,
379 size_t input_length,
380 uint8_t *mac,
381 size_t mac_size,
382 size_t *mac_length )
383{
Steven Cooreman82c66b62021-03-19 17:39:17 +0100[diff] [blame]384 /* One-shot MAC has not been implemented in this PSA implementation yet. */
Steven Cooremand13a70f2021-03-19 15:24:23 +0100[diff] [blame]385 (void) attributes;
386 (void) key_buffer;
387 (void) key_buffer_size;
388 (void) alg;
389 (void) input;
390 (void) input_length;
391 (void) mac;
392 (void) mac_size;
393 (void) mac_length;
394 return( PSA_ERROR_NOT_SUPPORTED );
395}
396
397static psa_status_t mac_sign_setup(
398 mbedtls_psa_mac_operation_t *operation,
399 const psa_key_attributes_t *attributes,
400 const uint8_t *key_buffer,
401 size_t key_buffer_size,
402 psa_algorithm_t alg )
403{
Steven Cooremane6804192021-03-19 18:28:56 +0100[diff] [blame]404 return( mac_setup( operation, attributes, key_buffer, key_buffer_size, alg,
405 1 ) );
Steven Cooremand13a70f2021-03-19 15:24:23 +0100[diff] [blame]406}
407
408static psa_status_t mac_verify_setup(
409 mbedtls_psa_mac_operation_t *operation,
410 const psa_key_attributes_t *attributes,
411 const uint8_t *key_buffer,
412 size_t key_buffer_size,
413 psa_algorithm_t alg )
414{
Steven Cooremane6804192021-03-19 18:28:56 +0100[diff] [blame]415 return( mac_setup( operation, attributes, key_buffer, key_buffer_size, alg,
416 0 ) );
Steven Cooremand13a70f2021-03-19 15:24:23 +0100[diff] [blame]417}
418
419static psa_status_t mac_update(
420 mbedtls_psa_mac_operation_t *operation,
421 const uint8_t *input,
422 size_t input_length )
423{
Steven Cooremana4638e72021-04-29 16:24:36 +0200[diff] [blame]424 if( operation->alg == 0 )
Steven Cooreman6e7f2912021-03-19 18:38:46 +0100[diff] [blame]425 return( PSA_ERROR_BAD_STATE );
Steven Cooreman6e7f2912021-03-19 18:38:46 +0100[diff] [blame]426
427#if defined(BUILTIN_ALG_CMAC)
428 if( operation->alg == PSA_ALG_CMAC )
429 {
430 return( mbedtls_to_psa_error(
431 mbedtls_cipher_cmac_update( &operation->ctx.cmac,
432 input, input_length ) ) );
433 }
434 else
435#endif /* BUILTIN_ALG_CMAC */
436#if defined(BUILTIN_ALG_HMAC)
437 if( PSA_ALG_IS_HMAC( operation->alg ) )
438 {
Steven Cooremana6df6042021-04-29 19:32:25 +0200[diff] [blame]439 return( psa_hmac_update_internal( &operation->ctx.hmac,
440 input, input_length ) );
Steven Cooreman6e7f2912021-03-19 18:38:46 +0100[diff] [blame]441 }
442 else
443#endif /* BUILTIN_ALG_HMAC */
444 {
445 /* This shouldn't happen if `operation` was initialized by
446 * a setup function. */
447 return( PSA_ERROR_BAD_STATE );
448 }
Steven Cooremand13a70f2021-03-19 15:24:23 +0100[diff] [blame]449}
450
Steven Cooremana5b860a2021-03-19 19:04:39 +0100[diff] [blame]451static psa_status_t mac_finish_internal( mbedtls_psa_mac_operation_t *operation,
452 uint8_t *mac,
453 size_t mac_size )
454{
Steven Cooremana5b860a2021-03-19 19:04:39 +0100[diff] [blame]455 if( mac_size < operation->mac_size )
456 return( PSA_ERROR_BUFFER_TOO_SMALL );
457
458#if defined(BUILTIN_ALG_CMAC)
459 if( operation->alg == PSA_ALG_CMAC )
460 {
461 uint8_t tmp[PSA_BLOCK_CIPHER_BLOCK_MAX_SIZE];
462 int ret = mbedtls_cipher_cmac_finish( &operation->ctx.cmac, tmp );
463 if( ret == 0 )
464 memcpy( mac, tmp, operation->mac_size );
465 mbedtls_platform_zeroize( tmp, sizeof( tmp ) );
466 return( mbedtls_to_psa_error( ret ) );
467 }
468 else
469#endif /* BUILTIN_ALG_CMAC */
470#if defined(BUILTIN_ALG_HMAC)
471 if( PSA_ALG_IS_HMAC( operation->alg ) )
472 {
473 return( psa_hmac_finish_internal( &operation->ctx.hmac,
474 mac, operation->mac_size ) );
475 }
476 else
477#endif /* BUILTIN_ALG_HMAC */
478 {
479 /* This shouldn't happen if `operation` was initialized by
480 * a setup function. */
481 return( PSA_ERROR_BAD_STATE );
482 }
483}
484
Steven Cooremand13a70f2021-03-19 15:24:23 +0100[diff] [blame]485static psa_status_t mac_sign_finish(
486 mbedtls_psa_mac_operation_t *operation,
487 uint8_t *mac,
488 size_t mac_size,
489 size_t *mac_length )
490{
Steven Cooreman094a77e2021-05-06 17:58:36 +0200[diff] [blame]491 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
Steven Cooremana5b860a2021-03-19 19:04:39 +0100[diff] [blame]492
493 if( operation->alg == 0 )
494 return( PSA_ERROR_BAD_STATE );
495
496 if( ! operation->is_sign )
497 return( PSA_ERROR_BAD_STATE );
498
499 status = mac_finish_internal( operation, mac, mac_size );
500
501 if( status == PSA_SUCCESS )
502 *mac_length = operation->mac_size;
503
504 return( status );
505}
506
Steven Cooremand13a70f2021-03-19 15:24:23 +0100[diff] [blame]507static psa_status_t mac_verify_finish(
508 mbedtls_psa_mac_operation_t *operation,
509 const uint8_t *mac,
510 size_t mac_length )
511{
Steven Cooremana5b860a2021-03-19 19:04:39 +0100[diff] [blame]512 uint8_t actual_mac[PSA_MAC_MAX_SIZE];
Steven Cooreman094a77e2021-05-06 17:58:36 +0200[diff] [blame]513 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
Steven Cooremana5b860a2021-03-19 19:04:39 +0100[diff] [blame]514
515 if( operation->alg == 0 )
516 return( PSA_ERROR_BAD_STATE );
517
518 if( operation->is_sign )
519 return( PSA_ERROR_BAD_STATE );
520
521 if( operation->mac_size != mac_length )
522 {
523 status = PSA_ERROR_INVALID_SIGNATURE;
524 goto cleanup;
525 }
526
527 status = mac_finish_internal( operation, actual_mac, sizeof( actual_mac ) );
528 if( status != PSA_SUCCESS )
529 goto cleanup;
530
Steven Cooreman36876a02021-04-29 16:37:59 +0200[diff] [blame]531 if( mbedtls_psa_safer_memcmp( mac, actual_mac, mac_length ) != 0 )
Steven Cooremana5b860a2021-03-19 19:04:39 +0100[diff] [blame]532 status = PSA_ERROR_INVALID_SIGNATURE;
533
534cleanup:
535 mbedtls_platform_zeroize( actual_mac, sizeof( actual_mac ) );
536
537 return( status );
Steven Cooremand13a70f2021-03-19 15:24:23 +0100[diff] [blame]538}
Steven Cooremand13a70f2021-03-19 15:24:23 +0100[diff] [blame]539#endif /* MBEDTLS_PSA_BUILTIN_MAC || PSA_CRYPTO_DRIVER_TEST */
540
541#if defined(MBEDTLS_PSA_BUILTIN_MAC)
542psa_status_t mbedtls_psa_mac_compute(
543 const psa_key_attributes_t *attributes,
544 const uint8_t *key_buffer,
545 size_t key_buffer_size,
546 psa_algorithm_t alg,
547 const uint8_t *input,
548 size_t input_length,
549 uint8_t *mac,
550 size_t mac_size,
551 size_t *mac_length )
552{
553 return( mac_compute( attributes, key_buffer, key_buffer_size, alg,
554 input, input_length,
555 mac, mac_size, mac_length ) );
556}
557
558psa_status_t mbedtls_psa_mac_sign_setup(
559 mbedtls_psa_mac_operation_t *operation,
560 const psa_key_attributes_t *attributes,
561 const uint8_t *key_buffer,
562 size_t key_buffer_size,
563 psa_algorithm_t alg )
564{
565 return( mac_sign_setup( operation, attributes,
566 key_buffer, key_buffer_size, alg ) );
567}
568
569psa_status_t mbedtls_psa_mac_verify_setup(
570 mbedtls_psa_mac_operation_t *operation,
571 const psa_key_attributes_t *attributes,
572 const uint8_t *key_buffer,
573 size_t key_buffer_size,
574 psa_algorithm_t alg )
575{
576 return( mac_verify_setup( operation, attributes,
577 key_buffer, key_buffer_size, alg ) );
578}
579
580psa_status_t mbedtls_psa_mac_update(
581 mbedtls_psa_mac_operation_t *operation,
582 const uint8_t *input,
583 size_t input_length )
584{
585 return( mac_update( operation, input, input_length ) );
586}
587
588psa_status_t mbedtls_psa_mac_sign_finish(
589 mbedtls_psa_mac_operation_t *operation,
590 uint8_t *mac,
591 size_t mac_size,
592 size_t *mac_length )
593{
594 return( mac_sign_finish( operation, mac, mac_size, mac_length ) );
595}
596
597psa_status_t mbedtls_psa_mac_verify_finish(
598 mbedtls_psa_mac_operation_t *operation,
599 const uint8_t *mac,
600 size_t mac_length )
601{
602 return( mac_verify_finish( operation, mac, mac_length ) );
603}
604
605psa_status_t mbedtls_psa_mac_abort(
606 mbedtls_psa_mac_operation_t *operation )
607{
608 return( mac_abort( operation ) );
609}
610#endif /* MBEDTLS_PSA_BUILTIN_MAC */
611
612 /*
613 * BEYOND THIS POINT, TEST DRIVER ENTRY POINTS ONLY.
614 */
615#if defined(PSA_CRYPTO_DRIVER_TEST)
616
617static int is_mac_accelerated( psa_algorithm_t alg )
618{
619#if defined(MBEDTLS_PSA_ACCEL_ALG_HMAC)
620 if( PSA_ALG_IS_HMAC( alg ) )
621 return( 1 );
622#endif
623
624 switch( PSA_ALG_FULL_LENGTH_MAC( alg ) )
625 {
626#if defined(MBEDTLS_PSA_ACCEL_ALG_CMAC)
627 case PSA_ALG_CMAC:
628 return( 1 );
629#endif
630 default:
631 return( 0 );
632 }
633}
634
635psa_status_t mbedtls_transparent_test_driver_mac_compute(
636 const psa_key_attributes_t *attributes,
637 const uint8_t *key_buffer,
638 size_t key_buffer_size,
639 psa_algorithm_t alg,
640 const uint8_t *input,
641 size_t input_length,
642 uint8_t *mac,
643 size_t mac_size,
644 size_t *mac_length )
645{
646 if( is_mac_accelerated( alg ) )
647 return( mac_compute( attributes, key_buffer, key_buffer_size, alg,
648 input, input_length,
649 mac, mac_size, mac_length ) );
650 else
651 return( PSA_ERROR_NOT_SUPPORTED );
652}
653
654psa_status_t mbedtls_transparent_test_driver_mac_sign_setup(
655 mbedtls_transparent_test_driver_mac_operation_t *operation,
656 const psa_key_attributes_t *attributes,
657 const uint8_t *key_buffer,
658 size_t key_buffer_size,
659 psa_algorithm_t alg )
660{
661 if( is_mac_accelerated( alg ) )
662 return( mac_sign_setup( operation, attributes,
663 key_buffer, key_buffer_size, alg ) );
664 else
665 return( PSA_ERROR_NOT_SUPPORTED );
666}
667
668psa_status_t mbedtls_transparent_test_driver_mac_verify_setup(
669 mbedtls_transparent_test_driver_mac_operation_t *operation,
670 const psa_key_attributes_t *attributes,
671 const uint8_t *key_buffer,
672 size_t key_buffer_size,
673 psa_algorithm_t alg )
674{
675 if( is_mac_accelerated( alg ) )
676 return( mac_verify_setup( operation, attributes,
677 key_buffer, key_buffer_size, alg ) );
678 else
679 return( PSA_ERROR_NOT_SUPPORTED );
680}
681
682psa_status_t mbedtls_transparent_test_driver_mac_update(
683 mbedtls_transparent_test_driver_mac_operation_t *operation,
684 const uint8_t *input,
685 size_t input_length )
686{
687 if( is_mac_accelerated( operation->alg ) )
688 return( mac_update( operation, input, input_length ) );
689 else
690 return( PSA_ERROR_BAD_STATE );
691}
692
693psa_status_t mbedtls_transparent_test_driver_mac_sign_finish(
694 mbedtls_transparent_test_driver_mac_operation_t *operation,
695 uint8_t *mac,
696 size_t mac_size,
697 size_t *mac_length )
698{
699 if( is_mac_accelerated( operation->alg ) )
700 return( mac_sign_finish( operation, mac, mac_size, mac_length ) );
701 else
702 return( PSA_ERROR_BAD_STATE );
703}
704
705psa_status_t mbedtls_transparent_test_driver_mac_verify_finish(
706 mbedtls_transparent_test_driver_mac_operation_t *operation,
707 const uint8_t *mac,
708 size_t mac_length )
709{
710 if( is_mac_accelerated( operation->alg ) )
711 return( mac_verify_finish( operation, mac, mac_length ) );
712 else
713 return( PSA_ERROR_BAD_STATE );
714}
715
716psa_status_t mbedtls_transparent_test_driver_mac_abort(
717 mbedtls_transparent_test_driver_mac_operation_t *operation )
718{
719 return( mac_abort( operation ) );
720}
721
722psa_status_t mbedtls_opaque_test_driver_mac_compute(
723 const psa_key_attributes_t *attributes,
724 const uint8_t *key_buffer,
725 size_t key_buffer_size,
726 psa_algorithm_t alg,
727 const uint8_t *input,
728 size_t input_length,
729 uint8_t *mac,
730 size_t mac_size,
731 size_t *mac_length )
732{
733 /* Opaque driver testing is not implemented yet through this mechanism. */
734 (void) attributes;
735 (void) key_buffer;
736 (void) key_buffer_size;
737 (void) alg;
738 (void) input;
739 (void) input_length;
740 (void) mac;
741 (void) mac_size;
742 (void) mac_length;
743 return( PSA_ERROR_NOT_SUPPORTED );
744}
745
746psa_status_t mbedtls_opaque_test_driver_mac_sign_setup(
747 mbedtls_opaque_test_driver_mac_operation_t *operation,
748 const psa_key_attributes_t *attributes,
749 const uint8_t *key_buffer,
750 size_t key_buffer_size,
751 psa_algorithm_t alg )
752{
753 /* Opaque driver testing is not implemented yet through this mechanism. */
754 (void) operation;
755 (void) attributes;
756 (void) key_buffer;
757 (void) key_buffer_size;
758 (void) alg;
759 return( PSA_ERROR_NOT_SUPPORTED );
760}
761
762psa_status_t mbedtls_opaque_test_driver_mac_verify_setup(
763 mbedtls_opaque_test_driver_mac_operation_t *operation,
764 const psa_key_attributes_t *attributes,
765 const uint8_t *key_buffer,
766 size_t key_buffer_size,
767 psa_algorithm_t alg )
768{
769 /* Opaque driver testing is not implemented yet through this mechanism. */
770 (void) operation;
771 (void) attributes;
772 (void) key_buffer;
773 (void) key_buffer_size;
774 (void) alg;
775 return( PSA_ERROR_NOT_SUPPORTED );
776}
777
778psa_status_t mbedtls_opaque_test_driver_mac_update(
779 mbedtls_opaque_test_driver_mac_operation_t *operation,
780 const uint8_t *input,
781 size_t input_length )
782{
783 /* Opaque driver testing is not implemented yet through this mechanism. */
784 (void) operation;
785 (void) input;
786 (void) input_length;
787 return( PSA_ERROR_NOT_SUPPORTED );
788}
789
790psa_status_t mbedtls_opaque_test_driver_mac_sign_finish(
791 mbedtls_opaque_test_driver_mac_operation_t *operation,
792 uint8_t *mac,
793 size_t mac_size,
794 size_t *mac_length )
795{
796 /* Opaque driver testing is not implemented yet through this mechanism. */
797 (void) operation;
798 (void) mac;
799 (void) mac_size;
800 (void) mac_length;
801 return( PSA_ERROR_NOT_SUPPORTED );
802}
803
804psa_status_t mbedtls_opaque_test_driver_mac_verify_finish(
805 mbedtls_opaque_test_driver_mac_operation_t *operation,
806 const uint8_t *mac,
807 size_t mac_length )
808{
809 /* Opaque driver testing is not implemented yet through this mechanism. */
810 (void) operation;
811 (void) mac;
812 (void) mac_length;
813 return( PSA_ERROR_NOT_SUPPORTED );
814}
815
816psa_status_t mbedtls_opaque_test_driver_mac_abort(
817 mbedtls_opaque_test_driver_mac_operation_t *operation )
818{
819 /* Opaque driver testing is not implemented yet through this mechanism. */
820 (void) operation;
821 return( PSA_ERROR_NOT_SUPPORTED );
822}
823
824#endif /* PSA_CRYPTO_DRIVER_TEST */
825
826#endif /* MBEDTLS_PSA_CRYPTO_C */