library/psa_crypto_mac.h

/*
 *  PSA MAC layer on top of Mbed TLS software crypto
 */
/*
 *  Copyright The Mbed TLS Contributors
 *  SPDX-License-Identifier: Apache-2.0
 *
 *  Licensed under the Apache License, Version 2.0 (the "License"); you may
 *  not use this file except in compliance with the License.
 *  You may obtain a copy of the License at
 *
 *  http://www.apache.org/licenses/LICENSE-2.0
 *
 *  Unless required by applicable law or agreed to in writing, software
 *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
 *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 *  See the License for the specific language governing permissions and
 *  limitations under the License.
 */

#ifndef PSA_CRYPTO_MAC_H
#define PSA_CRYPTO_MAC_H

#include <psa/crypto.h>

/** Internal API for starting an HMAC operation, using PSA hash primitives.
 *
 * \note This API is not meant for application use. Applications should always
 *       use the top-level psa_mac_xxx APIs for doing HMAC operations.
 *
 * \param[in] hmac      Context structure for this HMAC operation. Needs to have
 *                      been zero-initialized prior to calling this function.
 * \param[in] key       Key to initialize the HMAC operation with.
 * \param key_length    Length (in bytes) of key \p key.
 * \param hash_alg      Hash algorithm to use for calculating the HMAC.
 *
 * \retval #PSA_SUCCESS
 *         Success.
 * \return Any error code reported by psa_hash_compute(), psa_hash_setup() or
 *         psa_hash_update().
 */
psa_status_t psa_hmac_setup_internal( psa_hmac_internal_data *hmac,
                                      const uint8_t *key,
                                      size_t key_length,
                                      psa_algorithm_t hash_alg );

/** Internal API for adding data to an HMAC operation, using PSA hash primitives.
 *
 * \note This API is not meant for application use. Applications should always
 *       use the top-level psa_mac_xxx APIs for doing HMAC operations.
 *
 * \param[in] hmac      Context structure for this HMAC operation. Needs to have
 *                      been initialized with psa_hmac_setup_internal().
 * \param[in] data      Buffer containing the data to add to the current HMAC
 *                      calculation.
 * \param data_length   Length (in bytes) of the input buffer \p data.
 *
 * \retval #PSA_SUCCESS
 *         Success.
 * \return Any error code reported by psa_hash_update().
 */
psa_status_t psa_hmac_update_internal( psa_hmac_internal_data *hmac,
                                       const uint8_t *data,
                                       size_t data_length );

/** Internal API for finalizing an HMAC operation, using PSA hash primitives.
 *
 * \note This API is not meant for application use. Applications should always
 *       use the top-level psa_mac_xxx APIs for doing HMAC operations.
 *
 * \param[in] hmac      Context structure for this HMAC operation. Needs to have
 *                      been initialized with psa_hmac_setup_internal().
 * \param[out] mac      Buffer to output the calculated HMAC into.
 * \param mac_size      Size (in bytes) of the output buffer \p mac.
 *
 * \retval #PSA_SUCCESS
 *         Success.
 * \return Any error code reported by psa_hash_setup(), psa_hash_update() or
 *         psa_hash_finish().
 */
psa_status_t psa_hmac_finish_internal( psa_hmac_internal_data *hmac,
                                       uint8_t *mac,
                                       size_t mac_size );

/** Internal API for cloning an HMAC operation, using PSA hash primitives.
 *
 * \note This API is not meant for application use. Applications should always
 *       use the top-level psa_mac_xxx APIs for doing HMAC operations.
 *
 * \param[in] source        Context structure to clone from. Needs to have been
 *                          initialized with psa_hmac_setup_internal().
 * \param[out] destination  Context structure to clone to. Needs to have been
 *                          zero-initialized.
 *
 * \retval #PSA_SUCCESS
 *         Success.
 * \return Any error code reported by psa_hash_clone().
 */
psa_status_t psa_hmac_clone_internal( const psa_hmac_internal_data *source,
                                      psa_hmac_internal_data *destination );

/** Internal API for aborting an HMAC operation, using PSA hash primitives.
 *
 * \note This API is not meant for application use. Applications should always
 *       use the top-level psa_mac_xxx APIs for doing HMAC operations.
 *
 * \param[in] hmac      Context structure for the HMAC operation to abort.
 *
 * \retval #PSA_SUCCESS
 *         Success.
 * \return Any error code reported by psa_hash_abort().
 */
psa_status_t psa_hmac_abort_internal( psa_hmac_internal_data *hmac );

/** Calculate the MAC (message authentication code) of a message using Mbed TLS.
 *
 * \note The signature of this function is that of a PSA driver mac_compute
 *       entry point. This function behaves as a mac_compute entry point as
 *       defined in the PSA driver interface specification for transparent
 *       drivers.
 *
 * \param[in] attributes        The attributes of the key to use for the
 *                              operation.
 * \param[in] key_buffer        The buffer containing the key to use for
 *                              computing the MAC. This buffer contains the key
 *                              in export representation as defined by
 *                              psa_export_key() (i.e. the raw key bytes).
 * \param key_buffer_size       Size of the \p key_buffer buffer in bytes.
 * \param alg                   The MAC algorithm to use (\c PSA_ALG_XXX value
 *                              such that #PSA_ALG_IS_MAC(\p alg) is true).
 * \param[in] input             Buffer containing the input message.
 * \param input_length          Size of the \p input buffer in bytes.
 * \param[out] mac              Buffer where the MAC value is to be written.
 * \param mac_size              Size of the \p mac buffer in bytes.
 * \param[out] mac_length       On success, the number of bytes
 *                              that make up the MAC value.
 *
 * \retval #PSA_SUCCESS
 *         Success.
 * \retval #PSA_ERROR_INVALID_ARGUMENT
 *         The key is not compatible with \p alg.
 * \retval #PSA_ERROR_NOT_SUPPORTED
 *         \p alg is not supported.
 * \retval #PSA_ERROR_BUFFER_TOO_SMALL
 *         \p mac_size is too small
 * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
 * \retval #PSA_ERROR_CORRUPTION_DETECTED
 */
psa_status_t mbedtls_psa_mac_compute(
    const psa_key_attributes_t *attributes,
    const uint8_t *key_buffer,
    size_t key_buffer_size,
    psa_algorithm_t alg,
    const uint8_t *input,
    size_t input_length,
    uint8_t *mac,
    size_t mac_size,
    size_t *mac_length);

/** Set up a multipart MAC calculation operation using Mbed TLS.
 *
 * \note The signature of this function is that of a PSA driver mac_sign_setup
 *       entry point. This function behaves as a mac_sign_setup entry point as
 *       defined in the PSA driver interface specification for transparent
 *       drivers.
 *
 * \param[in,out] operation     The operation object to set up. It must have
 *                              been initialized and not yet in use.
 * \param[in] attributes        The attributes of the key to use for the
 *                              operation.
 * \param[in] key_buffer        The buffer containing the key to use for
 *                              computing the MAC. This buffer contains the key
 *                              in export representation as defined by
 *                              psa_export_key() (i.e. the raw key bytes).
 * \param key_buffer_size       Size of the \p key_buffer buffer in bytes.
 * \param alg                   The MAC algorithm to use (\c PSA_ALG_XXX value
 *                              such that #PSA_ALG_IS_MAC(\p alg) is true).
 *
 * \retval #PSA_SUCCESS
 *         Success.
 * \retval #PSA_ERROR_INVALID_ARGUMENT
 *         The key is not compatible with \p alg.
 * \retval #PSA_ERROR_NOT_SUPPORTED
 *         \p alg is not supported.
 * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
 * \retval #PSA_ERROR_CORRUPTION_DETECTED
 * \retval #PSA_ERROR_BAD_STATE
 *         The operation state is not valid (it must be inactive).
 */
psa_status_t mbedtls_psa_mac_sign_setup(
    mbedtls_psa_mac_operation_t *operation,
    const psa_key_attributes_t *attributes,
    const uint8_t *key_buffer,
    size_t key_buffer_size,
    psa_algorithm_t alg);

/** Set up a multipart MAC verification operation using Mbed TLS.
 *
 * \note The signature of this function is that of a PSA driver mac_verify_setup
 *       entry point. This function behaves as a mac_verify_setup entry point as
 *       defined in the PSA driver interface specification for transparent
 *       drivers.
 *
 * \param[in,out] operation     The operation object to set up. It must have
 *                              been initialized and not yet in use.
 * \param[in] attributes        The attributes of the key to use for the
 *                              operation.
 * \param[in] key_buffer        The buffer containing the key to use for
 *                              computing the MAC. This buffer contains the key
 *                              in export representation as defined by
 *                              psa_export_key() (i.e. the raw key bytes).
 * \param key_buffer_size       Size of the \p key_buffer buffer in bytes.
 * \param alg                   The MAC algorithm to use (\c PSA_ALG_XXX value
 *                              such that #PSA_ALG_IS_MAC(\p alg) is true).
 *
 * \retval #PSA_SUCCESS
 *         Success.
 * \retval #PSA_ERROR_INVALID_ARGUMENT
 *         The key is not compatible with \p alg.
 * \retval #PSA_ERROR_NOT_SUPPORTED
 *         \p alg is not supported.
 * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
 * \retval #PSA_ERROR_CORRUPTION_DETECTED
 * \retval #PSA_ERROR_BAD_STATE
 *         The operation state is not valid (it must be inactive).
 */
psa_status_t mbedtls_psa_mac_verify_setup(
    mbedtls_psa_mac_operation_t *operation,
    const psa_key_attributes_t *attributes,
    const uint8_t *key_buffer,
    size_t key_buffer_size,
    psa_algorithm_t alg);

/** Add a message fragment to a multipart MAC operation using Mbed TLS.
 *
 * \note The signature of this function is that of a PSA driver mac_update
 *       entry point. This function behaves as a mac_update entry point as
 *       defined in the PSA driver interface specification for transparent
 *       drivers.
 *
 * The core must call mbedtls_psa_mac_sign_setup() or
 * mbedtls_psa_mac_verify_setup() before calling this function.
 *
 * If this function returns an error status, the operation enters an error
 * state and must be aborted by calling psa_mac_abort().
 *
 * \param[in,out] operation Active MAC operation.
 * \param[in] input         Buffer containing the message fragment to add to
 *                          the MAC calculation.
 * \param input_length      Size of the \p input buffer in bytes.
 *
 * \retval #PSA_SUCCESS
 *         Success.
 * \retval #PSA_ERROR_BAD_STATE
 *         The operation state is not valid (it must be active).
 * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
 * \retval #PSA_ERROR_CORRUPTION_DETECTED
 */
psa_status_t mbedtls_psa_mac_update(
    mbedtls_psa_mac_operation_t *operation,
    const uint8_t *input,
    size_t input_length );

/** Finish the calculation of the MAC of a message using Mbed TLS.
 *
 * \note The signature of this function is that of a PSA driver mac_sign_finish
 *       entry point. This function behaves as a mac_sign_finish entry point as
 *       defined in the PSA driver interface specification for transparent
 *       drivers.
 *
 * The core must call mbedtls_psa_mac_sign_setup() before calling this function.
 * This function calculates the MAC of the message formed by concatenating
 * the inputs passed to preceding calls to mbedtls_psa_mac_update().
 *
 * When this function returns successfully, the operation becomes inactive.
 * If this function returns an error status, the operation enters an error
 * state and must be aborted by calling mbedtls_psa_mac_abort().
 *
 * \param[in,out] operation Active MAC operation.
 * \param[out] mac          Buffer where the MAC value is to be written.
 * \param mac_size          Size of the \p mac buffer in bytes.
 * \param[out] mac_length   On success, the number of bytes
 *                          that make up the MAC value. This is always
 *                          #PSA_MAC_LENGTH(\c key_type, \c key_bits, \c alg)
 *                          where \c key_type and \c key_bits are the type and
 *                          bit-size respectively of the key and \c alg is the
 *                          MAC algorithm that is calculated.
 *
 * \retval #PSA_SUCCESS
 *         Success.
 * \retval #PSA_ERROR_BAD_STATE
 *         The operation state is not valid (it must be an active mac sign
 *         operation).
 * \retval #PSA_ERROR_BUFFER_TOO_SMALL
 *         The size of the \p mac buffer is too small. A sufficient buffer size
 *         can be determined by calling PSA_MAC_LENGTH().
 * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
 * \retval #PSA_ERROR_CORRUPTION_DETECTED
 */
psa_status_t mbedtls_psa_mac_sign_finish(
    mbedtls_psa_mac_operation_t *operation,
    uint8_t *mac,
    size_t mac_size,
    size_t *mac_length );

/** Finish the calculation of the MAC of a message and compare it with
 * an expected value using Mbed TLS.
 *
 * \note The signature of this function is that of a PSA driver
 *       mac_verify_finish entry point. This function behaves as a
 *       mac_verify_finish entry point as defined in the PSA driver interface
 *       specification for transparent drivers.
 *
 * The core must call mbedtls_psa_mac_verify_setup() before calling this
 * function. This function calculates the MAC of the message formed by
 * concatenating the inputs passed to preceding calls to
 * mbedtls_psa_mac_update(). It then compares the calculated MAC with the
 * expected MAC passed as a parameter to this function.
 *
 * When this function returns successfully, the operation becomes inactive.
 * If this function returns an error status, the operation enters an error
 * state and must be aborted by calling mbedtls_psa_mac_abort().
 *
 * \param[in,out] operation Active MAC operation.
 * \param[in] mac           Buffer containing the expected MAC value.
 * \param mac_length        Size of the \p mac buffer in bytes.
 *
 * \retval #PSA_SUCCESS
 *         The expected MAC is identical to the actual MAC of the message.
 * \retval #PSA_ERROR_INVALID_SIGNATURE
 *         The MAC of the message was calculated successfully, but it
 *         differs from the expected MAC.
 * \retval #PSA_ERROR_BAD_STATE
 *         The operation state is not valid (it must be an active mac verify
 *         operation).
 * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
 * \retval #PSA_ERROR_CORRUPTION_DETECTED
 */
psa_status_t mbedtls_psa_mac_verify_finish(
    mbedtls_psa_mac_operation_t *operation,
    const uint8_t *mac,
    size_t mac_length );

/** Abort a MAC operation using Mbed TLS.
 *
 * Aborting an operation frees all associated resources except for the
 * \p operation structure itself. Once aborted, the operation object
 * can be reused for another operation by calling
 * mbedtls_psa_mac_sign_setup() or mbedtls_psa_mac_verify_setup() again.
 *
 * The core may call this function any time after the operation object has
 * been initialized by one of the methods described in
 * #mbedtls_psa_mac_operation_t.
 *
 * In particular, calling mbedtls_psa_mac_abort() after the operation has been
 * terminated by a call to mbedtls_psa_mac_abort(),
 * mbedtls_psa_mac_sign_finish() or mbedtls_psa_mac_verify_finish() is safe and
 * has no effect.
 *
 * \param[in,out] operation Initialized MAC operation.
 *
 * \retval #PSA_SUCCESS
 * \retval #PSA_ERROR_CORRUPTION_DETECTED
 */
psa_status_t mbedtls_psa_mac_abort(
    mbedtls_psa_mac_operation_t *operation );

/*
 * BEYOND THIS POINT, TEST DRIVER ENTRY POINTS ONLY.
 */

#if defined(PSA_CRYPTO_DRIVER_TEST)

psa_status_t mbedtls_transparent_test_driver_mac_compute(
    const psa_key_attributes_t *attributes,
    const uint8_t *key_buffer,
    size_t key_buffer_size,
    psa_algorithm_t alg,
    const uint8_t *input,
    size_t input_length,
    uint8_t *mac,
    size_t mac_size,
    size_t *mac_length );

psa_status_t mbedtls_transparent_test_driver_mac_sign_setup(
    mbedtls_transparent_test_driver_mac_operation_t *operation,
    const psa_key_attributes_t *attributes,
    const uint8_t *key_buffer,
    size_t key_buffer_size,
    psa_algorithm_t alg );

psa_status_t mbedtls_transparent_test_driver_mac_verify_setup(
    mbedtls_transparent_test_driver_mac_operation_t *operation,
    const psa_key_attributes_t *attributes,
    const uint8_t *key_buffer,
    size_t key_buffer_size,
    psa_algorithm_t alg );

psa_status_t mbedtls_transparent_test_driver_mac_update(
    mbedtls_transparent_test_driver_mac_operation_t *operation,
    const uint8_t *input,
    size_t input_length );

psa_status_t mbedtls_transparent_test_driver_mac_sign_finish(
    mbedtls_transparent_test_driver_mac_operation_t *operation,
    uint8_t *mac,
    size_t mac_size,
    size_t *mac_length );

psa_status_t mbedtls_transparent_test_driver_mac_verify_finish(
    mbedtls_transparent_test_driver_mac_operation_t *operation,
    const uint8_t *mac,
    size_t mac_length );

psa_status_t mbedtls_transparent_test_driver_mac_abort(
    mbedtls_transparent_test_driver_mac_operation_t *operation );

psa_status_t mbedtls_opaque_test_driver_mac_compute(
    const psa_key_attributes_t *attributes,
    const uint8_t *key_buffer,
    size_t key_buffer_size,
    psa_algorithm_t alg,
    const uint8_t *input,
    size_t input_length,
    uint8_t *mac,
    size_t mac_size,
    size_t *mac_length );

psa_status_t mbedtls_opaque_test_driver_mac_sign_setup(
    mbedtls_opaque_test_driver_mac_operation_t *operation,
    const psa_key_attributes_t *attributes,
    const uint8_t *key_buffer,
    size_t key_buffer_size,
    psa_algorithm_t alg );

psa_status_t mbedtls_opaque_test_driver_mac_verify_setup(
    mbedtls_opaque_test_driver_mac_operation_t *operation,
    const psa_key_attributes_t *attributes,
    const uint8_t *key_buffer,
    size_t key_buffer_size,
    psa_algorithm_t alg );

psa_status_t mbedtls_opaque_test_driver_mac_update(
    mbedtls_opaque_test_driver_mac_operation_t *operation,
    const uint8_t *input,
    size_t input_length );

psa_status_t mbedtls_opaque_test_driver_mac_sign_finish(
    mbedtls_opaque_test_driver_mac_operation_t *operation,
    uint8_t *mac,
    size_t mac_size,
    size_t *mac_length );

psa_status_t mbedtls_opaque_test_driver_mac_verify_finish(
    mbedtls_opaque_test_driver_mac_operation_t *operation,
    const uint8_t *mac,
    size_t mac_length );

psa_status_t mbedtls_opaque_test_driver_mac_abort(
    mbedtls_opaque_test_driver_mac_operation_t *operation );

#endif /* PSA_CRYPTO_DRIVER_TEST */

#endif /* PSA_CRYPTO_MAC_H */