TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / 87885df795193a9ddd91f36855380bef2051e74c / . / library / psa_crypto_mac.c
blob: 72386d873efa20f0d5bba5de61b49d3f44f8df9d [file] [log] [blame]
Steven Cooreman896d51e2021-03-19 15:24:23 +0100[diff] [blame]1/*
2 * PSA MAC layer on top of Mbed TLS software crypto
3 */
4/*
5 * Copyright The Mbed TLS Contributors
6 * SPDX-License-Identifier: Apache-2.0
7 *
8 * Licensed under the Apache License, Version 2.0 (the "License"); you may
9 * not use this file except in compliance with the License.
10 * You may obtain a copy of the License at
11 *
12 * http://www.apache.org/licenses/LICENSE-2.0
13 *
14 * Unless required by applicable law or agreed to in writing, software
15 * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
16 * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
17 * See the License for the specific language governing permissions and
18 * limitations under the License.
19 */
20
21#include "common.h"
22
23#if defined(MBEDTLS_PSA_CRYPTO_C)
24
25#include <psa/crypto.h>
26#include "psa_crypto_core.h"
27#include "psa_crypto_mac.h"
Steven Cooreman32d56942021-03-19 17:39:17 +0100[diff] [blame]28#include <mbedtls/md.h>
Steven Cooreman896d51e2021-03-19 15:24:23 +0100[diff] [blame]29
30#include <mbedtls/error.h>
31#include <string.h>
32
33/* Use builtin defines specific to this compilation unit, since the test driver
34 * relies on the software driver. */
35#if( defined(MBEDTLS_PSA_BUILTIN_ALG_CMAC) || \
36 ( defined(PSA_CRYPTO_DRIVER_TEST) && defined(MBEDTLS_PSA_ACCEL_ALG_CMAC) ) )
37#define BUILTIN_ALG_CMAC 1
38#endif
39#if( defined(MBEDTLS_PSA_BUILTIN_ALG_HMAC) || \
40 ( defined(PSA_CRYPTO_DRIVER_TEST) && defined(MBEDTLS_PSA_ACCEL_ALG_HMAC) ) )
41#define BUILTIN_ALG_HMAC 1
42#endif
43
Steven Cooreman32d56942021-03-19 17:39:17 +0100[diff] [blame]44#if defined(MBEDTLS_PSA_BUILTIN_ALG_HMAC) || defined(PSA_CRYPTO_DRIVER_TEST)
45static size_t psa_get_hash_block_size( psa_algorithm_t alg )
46{
47 switch( alg )
48 {
49 case PSA_ALG_MD2:
50 return( 16 );
51 case PSA_ALG_MD4:
52 return( 64 );
53 case PSA_ALG_MD5:
54 return( 64 );
55 case PSA_ALG_RIPEMD160:
56 return( 64 );
57 case PSA_ALG_SHA_1:
58 return( 64 );
59 case PSA_ALG_SHA_224:
60 return( 64 );
61 case PSA_ALG_SHA_256:
62 return( 64 );
63 case PSA_ALG_SHA_384:
64 return( 128 );
65 case PSA_ALG_SHA_512:
66 return( 128 );
67 default:
68 return( 0 );
69 }
70}
71
72psa_status_t psa_hmac_abort_internal( psa_hmac_internal_data *hmac )
73{
74 mbedtls_platform_zeroize( hmac->opad, sizeof( hmac->opad ) );
75 return( psa_hash_abort( &hmac->hash_ctx ) );
76}
77
78psa_status_t psa_hmac_setup_internal( psa_hmac_internal_data *hmac,
79 const uint8_t *key,
80 size_t key_length,
81 psa_algorithm_t hash_alg )
82{
83 uint8_t ipad[PSA_HMAC_MAX_HASH_BLOCK_SIZE];
84 size_t i;
85 size_t hash_size = PSA_HASH_LENGTH( hash_alg );
86 size_t block_size = psa_get_hash_block_size( hash_alg );
87 psa_status_t status;
88
89 hmac->alg = hash_alg;
90
91 /* Sanity checks on block_size, to guarantee that there won't be a buffer
92 * overflow below. This should never trigger if the hash algorithm
93 * is implemented correctly. */
94 /* The size checks against the ipad and opad buffers cannot be written
95 * `block_size > sizeof( ipad ) || block_size > sizeof( hmac->opad )`
96 * because that triggers -Wlogical-op on GCC 7.3. */
97 if( block_size > sizeof( ipad ) )
98 return( PSA_ERROR_NOT_SUPPORTED );
99 if( block_size > sizeof( hmac->opad ) )
100 return( PSA_ERROR_NOT_SUPPORTED );
101 if( block_size < hash_size )
102 return( PSA_ERROR_NOT_SUPPORTED );
103
104 if( key_length > block_size )
105 {
106 status = psa_hash_compute( hash_alg, key, key_length,
107 ipad, sizeof( ipad ), &key_length );
108 if( status != PSA_SUCCESS )
109 goto cleanup;
110 }
111 /* A 0-length key is not commonly used in HMAC when used as a MAC,
112 * but it is permitted. It is common when HMAC is used in HKDF, for
113 * example. Don't call `memcpy` in the 0-length because `key` could be
114 * an invalid pointer which would make the behavior undefined. */
115 else if( key_length != 0 )
116 memcpy( ipad, key, key_length );
117
118 /* ipad contains the key followed by garbage. Xor and fill with 0x36
119 * to create the ipad value. */
120 for( i = 0; i < key_length; i++ )
121 ipad[i] ^= 0x36;
122 memset( ipad + key_length, 0x36, block_size - key_length );
123
124 /* Copy the key material from ipad to opad, flipping the requisite bits,
125 * and filling the rest of opad with the requisite constant. */
126 for( i = 0; i < key_length; i++ )
127 hmac->opad[i] = ipad[i] ^ 0x36 ^ 0x5C;
128 memset( hmac->opad + key_length, 0x5C, block_size - key_length );
129
130 status = psa_hash_setup( &hmac->hash_ctx, hash_alg );
131 if( status != PSA_SUCCESS )
132 goto cleanup;
133
134 status = psa_hash_update( &hmac->hash_ctx, ipad, block_size );
135
136cleanup:
137 mbedtls_platform_zeroize( ipad, sizeof( ipad ) );
138
139 return( status );
140}
141
142psa_status_t psa_hmac_finish_internal( psa_hmac_internal_data *hmac,
143 uint8_t *mac,
144 size_t mac_size )
145{
146 uint8_t tmp[MBEDTLS_MD_MAX_SIZE];
147 psa_algorithm_t hash_alg = hmac->alg;
148 size_t hash_size = 0;
149 size_t block_size = psa_get_hash_block_size( hash_alg );
150 psa_status_t status;
151
152 status = psa_hash_finish( &hmac->hash_ctx, tmp, sizeof( tmp ), &hash_size );
153 if( status != PSA_SUCCESS )
154 return( status );
155 /* From here on, tmp needs to be wiped. */
156
157 status = psa_hash_setup( &hmac->hash_ctx, hash_alg );
158 if( status != PSA_SUCCESS )
159 goto exit;
160
161 status = psa_hash_update( &hmac->hash_ctx, hmac->opad, block_size );
162 if( status != PSA_SUCCESS )
163 goto exit;
164
165 status = psa_hash_update( &hmac->hash_ctx, tmp, hash_size );
166 if( status != PSA_SUCCESS )
167 goto exit;
168
169 status = psa_hash_finish( &hmac->hash_ctx, tmp, sizeof( tmp ), &hash_size );
170 if( status != PSA_SUCCESS )
171 goto exit;
172
173 memcpy( mac, tmp, mac_size );
174
175exit:
176 mbedtls_platform_zeroize( tmp, hash_size );
177 return( status );
178}
179#endif /* MBEDTLS_PSA_BUILTIN_ALG_HMAC || PSA_CRYPTO_DRIVER_TEST */
180
Steven Cooreman896d51e2021-03-19 15:24:23 +0100[diff] [blame]181/* Implement the PSA driver MAC interface on top of mbed TLS if either the
182 * software driver or the test driver requires it. */
183#if defined(MBEDTLS_PSA_BUILTIN_MAC) || defined(PSA_CRYPTO_DRIVER_TEST)
Steven Cooreman07897832021-03-19 18:28:56 +0100[diff] [blame]184
185#if defined(BUILTIN_ALG_CMAC)
186static psa_status_t cmac_setup( mbedtls_psa_mac_operation_t *operation,
187 const psa_key_attributes_t *attributes,
188 const uint8_t *key_buffer,
189 size_t key_buffer_size )
190{
191 int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
192 const mbedtls_cipher_info_t * cipher_info_tmp =
193 mbedtls_cipher_info_from_psa(
194 PSA_ALG_CMAC,
195 psa_get_key_type( attributes ),
196 psa_get_key_bits( attributes ),
197 NULL );
198
199 if( cipher_info_tmp == NULL )
200 return( PSA_ERROR_NOT_SUPPORTED );
201
202 if( key_buffer_size < PSA_BITS_TO_BYTES( psa_get_key_bits( attributes ) ) )
203 return( PSA_ERROR_INVALID_ARGUMENT );
204
205 ret = mbedtls_cipher_setup( &operation->ctx.cmac, cipher_info_tmp );
206 if( ret != 0 )
207 goto exit;
208
209 ret = mbedtls_cipher_cmac_starts( &operation->ctx.cmac,
210 key_buffer,
211 psa_get_key_bits( attributes ) );
212exit:
213 return( mbedtls_to_psa_error( ret ) );
214}
215#endif /* BUILTIN_ALG_CMAC */
216
217/* Initialize this driver's MAC operation structure. Once this function has been
218 * called, mbedtls_psa_mac_abort can run and will do the right thing. */
219static psa_status_t mac_init(
220 mbedtls_psa_mac_operation_t *operation,
221 psa_algorithm_t alg )
222{
223 psa_status_t status = PSA_ERROR_NOT_SUPPORTED;
224
225 operation->alg = PSA_ALG_FULL_LENGTH_MAC( alg );
226 operation->key_set = 0;
227 operation->iv_set = 0;
228 operation->iv_required = 0;
229 operation->has_input = 0;
230 operation->is_sign = 0;
231
232#if defined(BUILTIN_ALG_CMAC)
233 if( operation->alg == PSA_ALG_CMAC )
234 {
235 operation->iv_required = 0;
236 mbedtls_cipher_init( &operation->ctx.cmac );
237 status = PSA_SUCCESS;
238 }
239 else
240#endif /* BUILTIN_ALG_CMAC */
241#if defined(BUILTIN_ALG_HMAC)
242 if( PSA_ALG_IS_HMAC( operation->alg ) )
243 {
244 /* We'll set up the hash operation later in psa_hmac_setup_internal. */
245 operation->ctx.hmac.alg = 0;
246 status = PSA_SUCCESS;
247 }
248 else
249#endif /* BUILTIN_ALG_HMAC */
250 {
251 if( ! PSA_ALG_IS_MAC( alg ) )
252 status = PSA_ERROR_INVALID_ARGUMENT;
253 }
254
255 if( status != PSA_SUCCESS )
256 memset( operation, 0, sizeof( *operation ) );
257 return( status );
258}
259
260static psa_status_t mac_abort( mbedtls_psa_mac_operation_t *operation )
261{
262 if( operation->alg == 0 )
263 {
264 /* The object has (apparently) been initialized but it is not
265 * in use. It's ok to call abort on such an object, and there's
266 * nothing to do. */
267 return( PSA_SUCCESS );
268 }
269 else
270#if defined(BUILTIN_ALG_CMAC)
271 if( operation->alg == PSA_ALG_CMAC )
272 {
273 mbedtls_cipher_free( &operation->ctx.cmac );
274 }
275 else
276#endif /* BUILTIN_ALG_CMAC */
277#if defined(BUILTIN_ALG_HMAC)
278 if( PSA_ALG_IS_HMAC( operation->alg ) )
279 {
280 psa_hmac_abort_internal( &operation->ctx.hmac );
281 }
282 else
283#endif /* BUILTIN_ALG_HMAC */
284 {
285 /* Sanity check (shouldn't happen: operation->alg should
286 * always have been initialized to a valid value). */
287 goto bad_state;
288 }
289
290 operation->alg = 0;
291 operation->key_set = 0;
292 operation->iv_set = 0;
293 operation->iv_required = 0;
294 operation->has_input = 0;
295 operation->is_sign = 0;
296
297 return( PSA_SUCCESS );
298
299bad_state:
300 /* If abort is called on an uninitialized object, we can't trust
301 * anything. Wipe the object in case it contains confidential data.
302 * This may result in a memory leak if a pointer gets overwritten,
303 * but it's too late to do anything about this. */
304 memset( operation, 0, sizeof( *operation ) );
305 return( PSA_ERROR_BAD_STATE );
306}
307
308static psa_status_t mac_setup( mbedtls_psa_mac_operation_t *operation,
309 const psa_key_attributes_t *attributes,
310 const uint8_t *key_buffer,
311 size_t key_buffer_size,
312 psa_algorithm_t alg,
313 int is_sign )
314{
315 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
316
317 /* A context must be freshly initialized before it can be set up. */
318 if( operation->alg != 0 )
319 {
320 return( PSA_ERROR_BAD_STATE );
321 }
322
323 status = mac_init( operation, alg );
324 if( status != PSA_SUCCESS )
325 return( status );
326 if( is_sign )
327 operation->is_sign = 1;
328
329 /* Get the output length for the algorithm and key combination. None of the
330 * currently supported algorithms have an output length dependent on actual
331 * key size, so setting it to a bogus value is currently OK. */
332 operation->mac_size =
333 PSA_MAC_LENGTH( psa_get_key_type( attributes ), 0, alg );
334
335#if defined(BUILTIN_ALG_CMAC)
336 if( PSA_ALG_FULL_LENGTH_MAC( alg ) == PSA_ALG_CMAC )
337 {
338 status = cmac_setup( operation, attributes,
339 key_buffer, key_buffer_size );
340 }
341 else
342#endif /* BUILTIN_ALG_CMAC */
343#if defined(BUILTIN_ALG_HMAC)
344 if( PSA_ALG_IS_HMAC( alg ) )
345 {
346 /* Sanity check. This shouldn't fail on a valid configuration. */
347 if( operation->mac_size > sizeof( operation->ctx.hmac.opad ) )
348 {
349 status = PSA_ERROR_NOT_SUPPORTED;
350 goto exit;
351 }
352
353 if( psa_get_key_type( attributes ) != PSA_KEY_TYPE_HMAC )
354 {
355 status = PSA_ERROR_INVALID_ARGUMENT;
356 goto exit;
357 }
358
359 status = psa_hmac_setup_internal( &operation->ctx.hmac,
360 key_buffer,
361 key_buffer_size,
362 PSA_ALG_HMAC_GET_HASH( alg ) );
363 }
364 else
365#endif /* BUILTIN_ALG_HMAC */
366 {
367 status = PSA_ERROR_NOT_SUPPORTED;
368 }
369
370exit:
371 if( status == PSA_SUCCESS )
372 operation->key_set = 1;
373 else
374 mac_abort( operation );
375
376 return( status );
377}
378
Steven Cooreman896d51e2021-03-19 15:24:23 +0100[diff] [blame]379static psa_status_t mac_compute(
380 const psa_key_attributes_t *attributes,
381 const uint8_t *key_buffer,
382 size_t key_buffer_size,
383 psa_algorithm_t alg,
384 const uint8_t *input,
385 size_t input_length,
386 uint8_t *mac,
387 size_t mac_size,
388 size_t *mac_length )
389{
Steven Cooreman32d56942021-03-19 17:39:17 +0100[diff] [blame]390 /* One-shot MAC has not been implemented in this PSA implementation yet. */
Steven Cooreman896d51e2021-03-19 15:24:23 +0100[diff] [blame]391 (void) attributes;
392 (void) key_buffer;
393 (void) key_buffer_size;
394 (void) alg;
395 (void) input;
396 (void) input_length;
397 (void) mac;
398 (void) mac_size;
399 (void) mac_length;
400 return( PSA_ERROR_NOT_SUPPORTED );
401}
402
403static psa_status_t mac_sign_setup(
404 mbedtls_psa_mac_operation_t *operation,
405 const psa_key_attributes_t *attributes,
406 const uint8_t *key_buffer,
407 size_t key_buffer_size,
408 psa_algorithm_t alg )
409{
Steven Cooreman07897832021-03-19 18:28:56 +0100[diff] [blame]410 return( mac_setup( operation, attributes, key_buffer, key_buffer_size, alg,
411 1 ) );
Steven Cooreman896d51e2021-03-19 15:24:23 +0100[diff] [blame]412}
413
414static psa_status_t mac_verify_setup(
415 mbedtls_psa_mac_operation_t *operation,
416 const psa_key_attributes_t *attributes,
417 const uint8_t *key_buffer,
418 size_t key_buffer_size,
419 psa_algorithm_t alg )
420{
Steven Cooreman07897832021-03-19 18:28:56 +0100[diff] [blame]421 return( mac_setup( operation, attributes, key_buffer, key_buffer_size, alg,
422 0 ) );
Steven Cooreman896d51e2021-03-19 15:24:23 +0100[diff] [blame]423}
424
425static psa_status_t mac_update(
426 mbedtls_psa_mac_operation_t *operation,
427 const uint8_t *input,
428 size_t input_length )
429{
Steven Cooreman11743f92021-03-19 18:38:46 +0100[diff] [blame]430 if( ! operation->key_set )
431 return( PSA_ERROR_BAD_STATE );
432 if( operation->iv_required && ! operation->iv_set )
433 return( PSA_ERROR_BAD_STATE );
434 operation->has_input = 1;
435
436#if defined(BUILTIN_ALG_CMAC)
437 if( operation->alg == PSA_ALG_CMAC )
438 {
439 return( mbedtls_to_psa_error(
440 mbedtls_cipher_cmac_update( &operation->ctx.cmac,
441 input, input_length ) ) );
442 }
443 else
444#endif /* BUILTIN_ALG_CMAC */
445#if defined(BUILTIN_ALG_HMAC)
446 if( PSA_ALG_IS_HMAC( operation->alg ) )
447 {
448 return( psa_hash_update( &operation->ctx.hmac.hash_ctx, input,
449 input_length ) );
450 }
451 else
452#endif /* BUILTIN_ALG_HMAC */
453 {
454 /* This shouldn't happen if `operation` was initialized by
455 * a setup function. */
456 return( PSA_ERROR_BAD_STATE );
457 }
Steven Cooreman896d51e2021-03-19 15:24:23 +0100[diff] [blame]458}
459
Steven Cooreman87885df2021-03-19 19:04:39 +0100[diff] [blame^]460static psa_status_t mac_finish_internal( mbedtls_psa_mac_operation_t *operation,
461 uint8_t *mac,
462 size_t mac_size )
463{
464 if( ! operation->key_set )
465 return( PSA_ERROR_BAD_STATE );
466 if( operation->iv_required && ! operation->iv_set )
467 return( PSA_ERROR_BAD_STATE );
468
469 if( mac_size < operation->mac_size )
470 return( PSA_ERROR_BUFFER_TOO_SMALL );
471
472#if defined(BUILTIN_ALG_CMAC)
473 if( operation->alg == PSA_ALG_CMAC )
474 {
475 uint8_t tmp[PSA_BLOCK_CIPHER_BLOCK_MAX_SIZE];
476 int ret = mbedtls_cipher_cmac_finish( &operation->ctx.cmac, tmp );
477 if( ret == 0 )
478 memcpy( mac, tmp, operation->mac_size );
479 mbedtls_platform_zeroize( tmp, sizeof( tmp ) );
480 return( mbedtls_to_psa_error( ret ) );
481 }
482 else
483#endif /* BUILTIN_ALG_CMAC */
484#if defined(BUILTIN_ALG_HMAC)
485 if( PSA_ALG_IS_HMAC( operation->alg ) )
486 {
487 return( psa_hmac_finish_internal( &operation->ctx.hmac,
488 mac, operation->mac_size ) );
489 }
490 else
491#endif /* BUILTIN_ALG_HMAC */
492 {
493 /* This shouldn't happen if `operation` was initialized by
494 * a setup function. */
495 return( PSA_ERROR_BAD_STATE );
496 }
497}
498
Steven Cooreman896d51e2021-03-19 15:24:23 +0100[diff] [blame]499static psa_status_t mac_sign_finish(
500 mbedtls_psa_mac_operation_t *operation,
501 uint8_t *mac,
502 size_t mac_size,
503 size_t *mac_length )
504{
Steven Cooreman87885df2021-03-19 19:04:39 +0100[diff] [blame^]505 psa_status_t status;
506
507 if( operation->alg == 0 )
508 return( PSA_ERROR_BAD_STATE );
509
510 if( ! operation->is_sign )
511 return( PSA_ERROR_BAD_STATE );
512
513 status = mac_finish_internal( operation, mac, mac_size );
514
515 if( status == PSA_SUCCESS )
516 *mac_length = operation->mac_size;
517
518 return( status );
519}
520
521/* constant-time buffer comparison */
522static inline int safer_memcmp( const uint8_t *a, const uint8_t *b, size_t n )
523{
524 size_t i;
525 unsigned char diff = 0;
526
527 for( i = 0; i < n; i++ )
528 diff |= a[i] ^ b[i];
529
530 return( diff );
Steven Cooreman896d51e2021-03-19 15:24:23 +0100[diff] [blame]531}
532
533static psa_status_t mac_verify_finish(
534 mbedtls_psa_mac_operation_t *operation,
535 const uint8_t *mac,
536 size_t mac_length )
537{
Steven Cooreman87885df2021-03-19 19:04:39 +0100[diff] [blame^]538 uint8_t actual_mac[PSA_MAC_MAX_SIZE];
539 psa_status_t status;
540
541 if( operation->alg == 0 )
542 return( PSA_ERROR_BAD_STATE );
543
544 if( operation->is_sign )
545 return( PSA_ERROR_BAD_STATE );
546
547 if( operation->mac_size != mac_length )
548 {
549 status = PSA_ERROR_INVALID_SIGNATURE;
550 goto cleanup;
551 }
552
553 status = mac_finish_internal( operation, actual_mac, sizeof( actual_mac ) );
554 if( status != PSA_SUCCESS )
555 goto cleanup;
556
557 if( safer_memcmp( mac, actual_mac, mac_length ) != 0 )
558 status = PSA_ERROR_INVALID_SIGNATURE;
559
560cleanup:
561 mbedtls_platform_zeroize( actual_mac, sizeof( actual_mac ) );
562
563 return( status );
Steven Cooreman896d51e2021-03-19 15:24:23 +0100[diff] [blame]564}
Steven Cooreman896d51e2021-03-19 15:24:23 +0100[diff] [blame]565#endif /* MBEDTLS_PSA_BUILTIN_MAC || PSA_CRYPTO_DRIVER_TEST */
566
567#if defined(MBEDTLS_PSA_BUILTIN_MAC)
568psa_status_t mbedtls_psa_mac_compute(
569 const psa_key_attributes_t *attributes,
570 const uint8_t *key_buffer,
571 size_t key_buffer_size,
572 psa_algorithm_t alg,
573 const uint8_t *input,
574 size_t input_length,
575 uint8_t *mac,
576 size_t mac_size,
577 size_t *mac_length )
578{
579 return( mac_compute( attributes, key_buffer, key_buffer_size, alg,
580 input, input_length,
581 mac, mac_size, mac_length ) );
582}
583
584psa_status_t mbedtls_psa_mac_sign_setup(
585 mbedtls_psa_mac_operation_t *operation,
586 const psa_key_attributes_t *attributes,
587 const uint8_t *key_buffer,
588 size_t key_buffer_size,
589 psa_algorithm_t alg )
590{
591 return( mac_sign_setup( operation, attributes,
592 key_buffer, key_buffer_size, alg ) );
593}
594
595psa_status_t mbedtls_psa_mac_verify_setup(
596 mbedtls_psa_mac_operation_t *operation,
597 const psa_key_attributes_t *attributes,
598 const uint8_t *key_buffer,
599 size_t key_buffer_size,
600 psa_algorithm_t alg )
601{
602 return( mac_verify_setup( operation, attributes,
603 key_buffer, key_buffer_size, alg ) );
604}
605
606psa_status_t mbedtls_psa_mac_update(
607 mbedtls_psa_mac_operation_t *operation,
608 const uint8_t *input,
609 size_t input_length )
610{
611 return( mac_update( operation, input, input_length ) );
612}
613
614psa_status_t mbedtls_psa_mac_sign_finish(
615 mbedtls_psa_mac_operation_t *operation,
616 uint8_t *mac,
617 size_t mac_size,
618 size_t *mac_length )
619{
620 return( mac_sign_finish( operation, mac, mac_size, mac_length ) );
621}
622
623psa_status_t mbedtls_psa_mac_verify_finish(
624 mbedtls_psa_mac_operation_t *operation,
625 const uint8_t *mac,
626 size_t mac_length )
627{
628 return( mac_verify_finish( operation, mac, mac_length ) );
629}
630
631psa_status_t mbedtls_psa_mac_abort(
632 mbedtls_psa_mac_operation_t *operation )
633{
634 return( mac_abort( operation ) );
635}
636#endif /* MBEDTLS_PSA_BUILTIN_MAC */
637
638 /*
639 * BEYOND THIS POINT, TEST DRIVER ENTRY POINTS ONLY.
640 */
641#if defined(PSA_CRYPTO_DRIVER_TEST)
642
643static int is_mac_accelerated( psa_algorithm_t alg )
644{
645#if defined(MBEDTLS_PSA_ACCEL_ALG_HMAC)
646 if( PSA_ALG_IS_HMAC( alg ) )
647 return( 1 );
648#endif
649
650 switch( PSA_ALG_FULL_LENGTH_MAC( alg ) )
651 {
652#if defined(MBEDTLS_PSA_ACCEL_ALG_CMAC)
653 case PSA_ALG_CMAC:
654 return( 1 );
655#endif
656 default:
657 return( 0 );
658 }
659}
660
661psa_status_t mbedtls_transparent_test_driver_mac_compute(
662 const psa_key_attributes_t *attributes,
663 const uint8_t *key_buffer,
664 size_t key_buffer_size,
665 psa_algorithm_t alg,
666 const uint8_t *input,
667 size_t input_length,
668 uint8_t *mac,
669 size_t mac_size,
670 size_t *mac_length )
671{
672 if( is_mac_accelerated( alg ) )
673 return( mac_compute( attributes, key_buffer, key_buffer_size, alg,
674 input, input_length,
675 mac, mac_size, mac_length ) );
676 else
677 return( PSA_ERROR_NOT_SUPPORTED );
678}
679
680psa_status_t mbedtls_transparent_test_driver_mac_sign_setup(
681 mbedtls_transparent_test_driver_mac_operation_t *operation,
682 const psa_key_attributes_t *attributes,
683 const uint8_t *key_buffer,
684 size_t key_buffer_size,
685 psa_algorithm_t alg )
686{
687 if( is_mac_accelerated( alg ) )
688 return( mac_sign_setup( operation, attributes,
689 key_buffer, key_buffer_size, alg ) );
690 else
691 return( PSA_ERROR_NOT_SUPPORTED );
692}
693
694psa_status_t mbedtls_transparent_test_driver_mac_verify_setup(
695 mbedtls_transparent_test_driver_mac_operation_t *operation,
696 const psa_key_attributes_t *attributes,
697 const uint8_t *key_buffer,
698 size_t key_buffer_size,
699 psa_algorithm_t alg )
700{
701 if( is_mac_accelerated( alg ) )
702 return( mac_verify_setup( operation, attributes,
703 key_buffer, key_buffer_size, alg ) );
704 else
705 return( PSA_ERROR_NOT_SUPPORTED );
706}
707
708psa_status_t mbedtls_transparent_test_driver_mac_update(
709 mbedtls_transparent_test_driver_mac_operation_t *operation,
710 const uint8_t *input,
711 size_t input_length )
712{
713 if( is_mac_accelerated( operation->alg ) )
714 return( mac_update( operation, input, input_length ) );
715 else
716 return( PSA_ERROR_BAD_STATE );
717}
718
719psa_status_t mbedtls_transparent_test_driver_mac_sign_finish(
720 mbedtls_transparent_test_driver_mac_operation_t *operation,
721 uint8_t *mac,
722 size_t mac_size,
723 size_t *mac_length )
724{
725 if( is_mac_accelerated( operation->alg ) )
726 return( mac_sign_finish( operation, mac, mac_size, mac_length ) );
727 else
728 return( PSA_ERROR_BAD_STATE );
729}
730
731psa_status_t mbedtls_transparent_test_driver_mac_verify_finish(
732 mbedtls_transparent_test_driver_mac_operation_t *operation,
733 const uint8_t *mac,
734 size_t mac_length )
735{
736 if( is_mac_accelerated( operation->alg ) )
737 return( mac_verify_finish( operation, mac, mac_length ) );
738 else
739 return( PSA_ERROR_BAD_STATE );
740}
741
742psa_status_t mbedtls_transparent_test_driver_mac_abort(
743 mbedtls_transparent_test_driver_mac_operation_t *operation )
744{
745 return( mac_abort( operation ) );
746}
747
748psa_status_t mbedtls_opaque_test_driver_mac_compute(
749 const psa_key_attributes_t *attributes,
750 const uint8_t *key_buffer,
751 size_t key_buffer_size,
752 psa_algorithm_t alg,
753 const uint8_t *input,
754 size_t input_length,
755 uint8_t *mac,
756 size_t mac_size,
757 size_t *mac_length )
758{
759 /* Opaque driver testing is not implemented yet through this mechanism. */
760 (void) attributes;
761 (void) key_buffer;
762 (void) key_buffer_size;
763 (void) alg;
764 (void) input;
765 (void) input_length;
766 (void) mac;
767 (void) mac_size;
768 (void) mac_length;
769 return( PSA_ERROR_NOT_SUPPORTED );
770}
771
772psa_status_t mbedtls_opaque_test_driver_mac_sign_setup(
773 mbedtls_opaque_test_driver_mac_operation_t *operation,
774 const psa_key_attributes_t *attributes,
775 const uint8_t *key_buffer,
776 size_t key_buffer_size,
777 psa_algorithm_t alg )
778{
779 /* Opaque driver testing is not implemented yet through this mechanism. */
780 (void) operation;
781 (void) attributes;
782 (void) key_buffer;
783 (void) key_buffer_size;
784 (void) alg;
785 return( PSA_ERROR_NOT_SUPPORTED );
786}
787
788psa_status_t mbedtls_opaque_test_driver_mac_verify_setup(
789 mbedtls_opaque_test_driver_mac_operation_t *operation,
790 const psa_key_attributes_t *attributes,
791 const uint8_t *key_buffer,
792 size_t key_buffer_size,
793 psa_algorithm_t alg )
794{
795 /* Opaque driver testing is not implemented yet through this mechanism. */
796 (void) operation;
797 (void) attributes;
798 (void) key_buffer;
799 (void) key_buffer_size;
800 (void) alg;
801 return( PSA_ERROR_NOT_SUPPORTED );
802}
803
804psa_status_t mbedtls_opaque_test_driver_mac_update(
805 mbedtls_opaque_test_driver_mac_operation_t *operation,
806 const uint8_t *input,
807 size_t input_length )
808{
809 /* Opaque driver testing is not implemented yet through this mechanism. */
810 (void) operation;
811 (void) input;
812 (void) input_length;
813 return( PSA_ERROR_NOT_SUPPORTED );
814}
815
816psa_status_t mbedtls_opaque_test_driver_mac_sign_finish(
817 mbedtls_opaque_test_driver_mac_operation_t *operation,
818 uint8_t *mac,
819 size_t mac_size,
820 size_t *mac_length )
821{
822 /* Opaque driver testing is not implemented yet through this mechanism. */
823 (void) operation;
824 (void) mac;
825 (void) mac_size;
826 (void) mac_length;
827 return( PSA_ERROR_NOT_SUPPORTED );
828}
829
830psa_status_t mbedtls_opaque_test_driver_mac_verify_finish(
831 mbedtls_opaque_test_driver_mac_operation_t *operation,
832 const uint8_t *mac,
833 size_t mac_length )
834{
835 /* Opaque driver testing is not implemented yet through this mechanism. */
836 (void) operation;
837 (void) mac;
838 (void) mac_length;
839 return( PSA_ERROR_NOT_SUPPORTED );
840}
841
842psa_status_t mbedtls_opaque_test_driver_mac_abort(
843 mbedtls_opaque_test_driver_mac_operation_t *operation )
844{
845 /* Opaque driver testing is not implemented yet through this mechanism. */
846 (void) operation;
847 return( PSA_ERROR_NOT_SUPPORTED );
848}
849
850#endif /* PSA_CRYPTO_DRIVER_TEST */
851
852#endif /* MBEDTLS_PSA_CRYPTO_C */