TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / 9878a160c69a4e77a586abb5d9673a7484476cb7 / . / library / psa_crypto_mac.c
blob: 8e64741e6ea1ee48a7e665826412d61886d3a095 [file] [log] [blame]
Steven Cooreman896d51e2021-03-19 15:24:23 +0100[diff] [blame]1/*
2 * PSA MAC layer on top of Mbed TLS software crypto
3 */
4/*
5 * Copyright The Mbed TLS Contributors
6 * SPDX-License-Identifier: Apache-2.0
7 *
8 * Licensed under the Apache License, Version 2.0 (the "License"); you may
9 * not use this file except in compliance with the License.
10 * You may obtain a copy of the License at
11 *
12 * http://www.apache.org/licenses/LICENSE-2.0
13 *
14 * Unless required by applicable law or agreed to in writing, software
15 * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
16 * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
17 * See the License for the specific language governing permissions and
18 * limitations under the License.
19 */
20
21#include "common.h"
22
23#if defined(MBEDTLS_PSA_CRYPTO_C)
24
25#include <psa/crypto.h>
26#include "psa_crypto_core.h"
27#include "psa_crypto_mac.h"
Steven Cooreman32d56942021-03-19 17:39:17 +0100[diff] [blame]28#include <mbedtls/md.h>
Steven Cooreman896d51e2021-03-19 15:24:23 +0100[diff] [blame]29
30#include <mbedtls/error.h>
31#include <string.h>
32
33/* Use builtin defines specific to this compilation unit, since the test driver
34 * relies on the software driver. */
35#if( defined(MBEDTLS_PSA_BUILTIN_ALG_CMAC) || \
36 ( defined(PSA_CRYPTO_DRIVER_TEST) && defined(MBEDTLS_PSA_ACCEL_ALG_CMAC) ) )
37#define BUILTIN_ALG_CMAC 1
38#endif
39#if( defined(MBEDTLS_PSA_BUILTIN_ALG_HMAC) || \
40 ( defined(PSA_CRYPTO_DRIVER_TEST) && defined(MBEDTLS_PSA_ACCEL_ALG_HMAC) ) )
41#define BUILTIN_ALG_HMAC 1
42#endif
43
Steven Cooreman32d56942021-03-19 17:39:17 +0100[diff] [blame]44#if defined(MBEDTLS_PSA_BUILTIN_ALG_HMAC) || defined(PSA_CRYPTO_DRIVER_TEST)
45static size_t psa_get_hash_block_size( psa_algorithm_t alg )
46{
47 switch( alg )
48 {
49 case PSA_ALG_MD2:
50 return( 16 );
51 case PSA_ALG_MD4:
52 return( 64 );
53 case PSA_ALG_MD5:
54 return( 64 );
55 case PSA_ALG_RIPEMD160:
56 return( 64 );
57 case PSA_ALG_SHA_1:
58 return( 64 );
59 case PSA_ALG_SHA_224:
60 return( 64 );
61 case PSA_ALG_SHA_256:
62 return( 64 );
63 case PSA_ALG_SHA_384:
64 return( 128 );
65 case PSA_ALG_SHA_512:
66 return( 128 );
67 default:
68 return( 0 );
69 }
70}
71
Steven Cooreman22dea1d2021-04-29 19:32:25 +0200[diff] [blame]72static psa_status_t psa_hmac_abort_internal(
73 mbedtls_psa_hmac_operation_t *hmac )
Steven Cooreman32d56942021-03-19 17:39:17 +0100[diff] [blame]74{
75 mbedtls_platform_zeroize( hmac->opad, sizeof( hmac->opad ) );
76 return( psa_hash_abort( &hmac->hash_ctx ) );
77}
78
Steven Cooreman22dea1d2021-04-29 19:32:25 +0200[diff] [blame]79static psa_status_t psa_hmac_setup_internal(
80 mbedtls_psa_hmac_operation_t *hmac,
81 const uint8_t *key,
82 size_t key_length,
83 psa_algorithm_t hash_alg )
Steven Cooreman32d56942021-03-19 17:39:17 +0100[diff] [blame]84{
85 uint8_t ipad[PSA_HMAC_MAX_HASH_BLOCK_SIZE];
86 size_t i;
87 size_t hash_size = PSA_HASH_LENGTH( hash_alg );
88 size_t block_size = psa_get_hash_block_size( hash_alg );
89 psa_status_t status;
90
91 hmac->alg = hash_alg;
92
93 /* Sanity checks on block_size, to guarantee that there won't be a buffer
94 * overflow below. This should never trigger if the hash algorithm
95 * is implemented correctly. */
96 /* The size checks against the ipad and opad buffers cannot be written
97 * `block_size > sizeof( ipad ) || block_size > sizeof( hmac->opad )`
98 * because that triggers -Wlogical-op on GCC 7.3. */
99 if( block_size > sizeof( ipad ) )
100 return( PSA_ERROR_NOT_SUPPORTED );
101 if( block_size > sizeof( hmac->opad ) )
102 return( PSA_ERROR_NOT_SUPPORTED );
103 if( block_size < hash_size )
104 return( PSA_ERROR_NOT_SUPPORTED );
105
106 if( key_length > block_size )
107 {
108 status = psa_hash_compute( hash_alg, key, key_length,
109 ipad, sizeof( ipad ), &key_length );
110 if( status != PSA_SUCCESS )
111 goto cleanup;
112 }
113 /* A 0-length key is not commonly used in HMAC when used as a MAC,
114 * but it is permitted. It is common when HMAC is used in HKDF, for
115 * example. Don't call `memcpy` in the 0-length because `key` could be
116 * an invalid pointer which would make the behavior undefined. */
117 else if( key_length != 0 )
118 memcpy( ipad, key, key_length );
119
120 /* ipad contains the key followed by garbage. Xor and fill with 0x36
121 * to create the ipad value. */
122 for( i = 0; i < key_length; i++ )
123 ipad[i] ^= 0x36;
124 memset( ipad + key_length, 0x36, block_size - key_length );
125
126 /* Copy the key material from ipad to opad, flipping the requisite bits,
127 * and filling the rest of opad with the requisite constant. */
128 for( i = 0; i < key_length; i++ )
129 hmac->opad[i] = ipad[i] ^ 0x36 ^ 0x5C;
130 memset( hmac->opad + key_length, 0x5C, block_size - key_length );
131
132 status = psa_hash_setup( &hmac->hash_ctx, hash_alg );
133 if( status != PSA_SUCCESS )
134 goto cleanup;
135
136 status = psa_hash_update( &hmac->hash_ctx, ipad, block_size );
137
138cleanup:
139 mbedtls_platform_zeroize( ipad, sizeof( ipad ) );
140
141 return( status );
142}
143
Steven Cooreman22dea1d2021-04-29 19:32:25 +0200[diff] [blame]144static psa_status_t psa_hmac_update_internal(
145 mbedtls_psa_hmac_operation_t *hmac,
146 const uint8_t *data,
147 size_t data_length )
Steven Cooreman76720f62021-03-22 12:21:10 +0100[diff] [blame]148{
149 return( psa_hash_update( &hmac->hash_ctx, data, data_length ) );
150}
151
Steven Cooreman22dea1d2021-04-29 19:32:25 +0200[diff] [blame]152static psa_status_t psa_hmac_finish_internal(
153 mbedtls_psa_hmac_operation_t *hmac,
154 uint8_t *mac,
155 size_t mac_size )
Steven Cooreman32d56942021-03-19 17:39:17 +0100[diff] [blame]156{
157 uint8_t tmp[MBEDTLS_MD_MAX_SIZE];
158 psa_algorithm_t hash_alg = hmac->alg;
159 size_t hash_size = 0;
160 size_t block_size = psa_get_hash_block_size( hash_alg );
161 psa_status_t status;
162
163 status = psa_hash_finish( &hmac->hash_ctx, tmp, sizeof( tmp ), &hash_size );
164 if( status != PSA_SUCCESS )
165 return( status );
166 /* From here on, tmp needs to be wiped. */
167
168 status = psa_hash_setup( &hmac->hash_ctx, hash_alg );
169 if( status != PSA_SUCCESS )
170 goto exit;
171
172 status = psa_hash_update( &hmac->hash_ctx, hmac->opad, block_size );
173 if( status != PSA_SUCCESS )
174 goto exit;
175
176 status = psa_hash_update( &hmac->hash_ctx, tmp, hash_size );
177 if( status != PSA_SUCCESS )
178 goto exit;
179
180 status = psa_hash_finish( &hmac->hash_ctx, tmp, sizeof( tmp ), &hash_size );
181 if( status != PSA_SUCCESS )
182 goto exit;
183
184 memcpy( mac, tmp, mac_size );
185
186exit:
187 mbedtls_platform_zeroize( tmp, hash_size );
188 return( status );
189}
190#endif /* MBEDTLS_PSA_BUILTIN_ALG_HMAC || PSA_CRYPTO_DRIVER_TEST */
191
Steven Cooreman896d51e2021-03-19 15:24:23 +0100[diff] [blame]192/* Implement the PSA driver MAC interface on top of mbed TLS if either the
193 * software driver or the test driver requires it. */
194#if defined(MBEDTLS_PSA_BUILTIN_MAC) || defined(PSA_CRYPTO_DRIVER_TEST)
Steven Cooreman07897832021-03-19 18:28:56 +0100[diff] [blame]195
196#if defined(BUILTIN_ALG_CMAC)
197static psa_status_t cmac_setup( mbedtls_psa_mac_operation_t *operation,
198 const psa_key_attributes_t *attributes,
199 const uint8_t *key_buffer,
200 size_t key_buffer_size )
201{
202 int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
Steven Cooreman9878a162021-05-06 17:58:36 +0200[diff] [blame^]203 const mbedtls_cipher_info_t * cipher_info =
Steven Cooreman07897832021-03-19 18:28:56 +0100[diff] [blame]204 mbedtls_cipher_info_from_psa(
205 PSA_ALG_CMAC,
206 psa_get_key_type( attributes ),
207 psa_get_key_bits( attributes ),
208 NULL );
209
Steven Cooreman9878a162021-05-06 17:58:36 +0200[diff] [blame^]210 if( cipher_info == NULL )
Steven Cooreman07897832021-03-19 18:28:56 +0100[diff] [blame]211 return( PSA_ERROR_NOT_SUPPORTED );
212
213 if( key_buffer_size < PSA_BITS_TO_BYTES( psa_get_key_bits( attributes ) ) )
214 return( PSA_ERROR_INVALID_ARGUMENT );
215
Steven Cooreman9878a162021-05-06 17:58:36 +0200[diff] [blame^]216 ret = mbedtls_cipher_setup( &operation->ctx.cmac, cipher_info );
Steven Cooreman07897832021-03-19 18:28:56 +0100[diff] [blame]217 if( ret != 0 )
218 goto exit;
219
220 ret = mbedtls_cipher_cmac_starts( &operation->ctx.cmac,
221 key_buffer,
222 psa_get_key_bits( attributes ) );
223exit:
224 return( mbedtls_to_psa_error( ret ) );
225}
226#endif /* BUILTIN_ALG_CMAC */
227
228/* Initialize this driver's MAC operation structure. Once this function has been
229 * called, mbedtls_psa_mac_abort can run and will do the right thing. */
230static psa_status_t mac_init(
231 mbedtls_psa_mac_operation_t *operation,
232 psa_algorithm_t alg )
233{
Steven Cooreman6e6451e2021-04-29 16:21:24 +0200[diff] [blame]234 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
Steven Cooreman07897832021-03-19 18:28:56 +0100[diff] [blame]235
236 operation->alg = PSA_ALG_FULL_LENGTH_MAC( alg );
Steven Cooreman07897832021-03-19 18:28:56 +0100[diff] [blame]237 operation->has_input = 0;
238 operation->is_sign = 0;
239
240#if defined(BUILTIN_ALG_CMAC)
241 if( operation->alg == PSA_ALG_CMAC )
242 {
Steven Cooreman07897832021-03-19 18:28:56 +0100[diff] [blame]243 mbedtls_cipher_init( &operation->ctx.cmac );
244 status = PSA_SUCCESS;
245 }
246 else
247#endif /* BUILTIN_ALG_CMAC */
248#if defined(BUILTIN_ALG_HMAC)
249 if( PSA_ALG_IS_HMAC( operation->alg ) )
250 {
251 /* We'll set up the hash operation later in psa_hmac_setup_internal. */
252 operation->ctx.hmac.alg = 0;
253 status = PSA_SUCCESS;
254 }
255 else
256#endif /* BUILTIN_ALG_HMAC */
257 {
Steven Cooreman6e6451e2021-04-29 16:21:24 +0200[diff] [blame]258 status = PSA_ERROR_NOT_SUPPORTED;
Steven Cooreman07897832021-03-19 18:28:56 +0100[diff] [blame]259 }
260
261 if( status != PSA_SUCCESS )
262 memset( operation, 0, sizeof( *operation ) );
263 return( status );
264}
265
266static psa_status_t mac_abort( mbedtls_psa_mac_operation_t *operation )
267{
268 if( operation->alg == 0 )
269 {
270 /* The object has (apparently) been initialized but it is not
271 * in use. It's ok to call abort on such an object, and there's
272 * nothing to do. */
273 return( PSA_SUCCESS );
274 }
275 else
276#if defined(BUILTIN_ALG_CMAC)
277 if( operation->alg == PSA_ALG_CMAC )
278 {
279 mbedtls_cipher_free( &operation->ctx.cmac );
280 }
281 else
282#endif /* BUILTIN_ALG_CMAC */
283#if defined(BUILTIN_ALG_HMAC)
284 if( PSA_ALG_IS_HMAC( operation->alg ) )
285 {
286 psa_hmac_abort_internal( &operation->ctx.hmac );
287 }
288 else
289#endif /* BUILTIN_ALG_HMAC */
290 {
291 /* Sanity check (shouldn't happen: operation->alg should
292 * always have been initialized to a valid value). */
293 goto bad_state;
294 }
295
296 operation->alg = 0;
Steven Cooreman07897832021-03-19 18:28:56 +0100[diff] [blame]297 operation->has_input = 0;
298 operation->is_sign = 0;
299
300 return( PSA_SUCCESS );
301
302bad_state:
303 /* If abort is called on an uninitialized object, we can't trust
304 * anything. Wipe the object in case it contains confidential data.
305 * This may result in a memory leak if a pointer gets overwritten,
306 * but it's too late to do anything about this. */
307 memset( operation, 0, sizeof( *operation ) );
308 return( PSA_ERROR_BAD_STATE );
309}
310
311static psa_status_t mac_setup( mbedtls_psa_mac_operation_t *operation,
312 const psa_key_attributes_t *attributes,
313 const uint8_t *key_buffer,
314 size_t key_buffer_size,
315 psa_algorithm_t alg,
316 int is_sign )
317{
318 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
319
320 /* A context must be freshly initialized before it can be set up. */
321 if( operation->alg != 0 )
Steven Cooreman07897832021-03-19 18:28:56 +0100[diff] [blame]322 return( PSA_ERROR_BAD_STATE );
Steven Cooreman07897832021-03-19 18:28:56 +0100[diff] [blame]323
324 status = mac_init( operation, alg );
325 if( status != PSA_SUCCESS )
326 return( status );
Steven Cooreman9878a162021-05-06 17:58:36 +0200[diff] [blame^]327 operation->is_sign = is_sign;
Steven Cooreman07897832021-03-19 18:28:56 +0100[diff] [blame]328
329 /* Get the output length for the algorithm and key combination. None of the
330 * currently supported algorithms have an output length dependent on actual
331 * key size, so setting it to a bogus value is currently OK. */
332 operation->mac_size =
333 PSA_MAC_LENGTH( psa_get_key_type( attributes ), 0, alg );
334
335#if defined(BUILTIN_ALG_CMAC)
336 if( PSA_ALG_FULL_LENGTH_MAC( alg ) == PSA_ALG_CMAC )
337 {
338 status = cmac_setup( operation, attributes,
339 key_buffer, key_buffer_size );
340 }
341 else
342#endif /* BUILTIN_ALG_CMAC */
343#if defined(BUILTIN_ALG_HMAC)
344 if( PSA_ALG_IS_HMAC( alg ) )
345 {
346 /* Sanity check. This shouldn't fail on a valid configuration. */
347 if( operation->mac_size > sizeof( operation->ctx.hmac.opad ) )
348 {
349 status = PSA_ERROR_NOT_SUPPORTED;
350 goto exit;
351 }
352
353 if( psa_get_key_type( attributes ) != PSA_KEY_TYPE_HMAC )
354 {
355 status = PSA_ERROR_INVALID_ARGUMENT;
356 goto exit;
357 }
358
359 status = psa_hmac_setup_internal( &operation->ctx.hmac,
360 key_buffer,
361 key_buffer_size,
362 PSA_ALG_HMAC_GET_HASH( alg ) );
363 }
364 else
365#endif /* BUILTIN_ALG_HMAC */
366 {
367 status = PSA_ERROR_NOT_SUPPORTED;
368 }
369
370exit:
Steven Cooremanb4b9b282021-04-29 16:24:36 +0200[diff] [blame]371 if( status != PSA_SUCCESS )
Steven Cooreman07897832021-03-19 18:28:56 +0100[diff] [blame]372 mac_abort( operation );
373
374 return( status );
375}
376
Steven Cooreman896d51e2021-03-19 15:24:23 +0100[diff] [blame]377static psa_status_t mac_compute(
378 const psa_key_attributes_t *attributes,
379 const uint8_t *key_buffer,
380 size_t key_buffer_size,
381 psa_algorithm_t alg,
382 const uint8_t *input,
383 size_t input_length,
384 uint8_t *mac,
385 size_t mac_size,
386 size_t *mac_length )
387{
Steven Cooreman32d56942021-03-19 17:39:17 +0100[diff] [blame]388 /* One-shot MAC has not been implemented in this PSA implementation yet. */
Steven Cooreman896d51e2021-03-19 15:24:23 +0100[diff] [blame]389 (void) attributes;
390 (void) key_buffer;
391 (void) key_buffer_size;
392 (void) alg;
393 (void) input;
394 (void) input_length;
395 (void) mac;
396 (void) mac_size;
397 (void) mac_length;
398 return( PSA_ERROR_NOT_SUPPORTED );
399}
400
401static psa_status_t mac_sign_setup(
402 mbedtls_psa_mac_operation_t *operation,
403 const psa_key_attributes_t *attributes,
404 const uint8_t *key_buffer,
405 size_t key_buffer_size,
406 psa_algorithm_t alg )
407{
Steven Cooreman07897832021-03-19 18:28:56 +0100[diff] [blame]408 return( mac_setup( operation, attributes, key_buffer, key_buffer_size, alg,
409 1 ) );
Steven Cooreman896d51e2021-03-19 15:24:23 +0100[diff] [blame]410}
411
412static psa_status_t mac_verify_setup(
413 mbedtls_psa_mac_operation_t *operation,
414 const psa_key_attributes_t *attributes,
415 const uint8_t *key_buffer,
416 size_t key_buffer_size,
417 psa_algorithm_t alg )
418{
Steven Cooreman07897832021-03-19 18:28:56 +0100[diff] [blame]419 return( mac_setup( operation, attributes, key_buffer, key_buffer_size, alg,
420 0 ) );
Steven Cooreman896d51e2021-03-19 15:24:23 +0100[diff] [blame]421}
422
423static psa_status_t mac_update(
424 mbedtls_psa_mac_operation_t *operation,
425 const uint8_t *input,
426 size_t input_length )
427{
Steven Cooremanb4b9b282021-04-29 16:24:36 +0200[diff] [blame]428 if( operation->alg == 0 )
Steven Cooreman11743f92021-03-19 18:38:46 +0100[diff] [blame]429 return( PSA_ERROR_BAD_STATE );
Steven Cooreman11743f92021-03-19 18:38:46 +0100[diff] [blame]430 operation->has_input = 1;
431
432#if defined(BUILTIN_ALG_CMAC)
433 if( operation->alg == PSA_ALG_CMAC )
434 {
435 return( mbedtls_to_psa_error(
436 mbedtls_cipher_cmac_update( &operation->ctx.cmac,
437 input, input_length ) ) );
438 }
439 else
440#endif /* BUILTIN_ALG_CMAC */
441#if defined(BUILTIN_ALG_HMAC)
442 if( PSA_ALG_IS_HMAC( operation->alg ) )
443 {
Steven Cooreman22dea1d2021-04-29 19:32:25 +0200[diff] [blame]444 return( psa_hmac_update_internal( &operation->ctx.hmac,
445 input, input_length ) );
Steven Cooreman11743f92021-03-19 18:38:46 +0100[diff] [blame]446 }
447 else
448#endif /* BUILTIN_ALG_HMAC */
449 {
450 /* This shouldn't happen if `operation` was initialized by
451 * a setup function. */
452 return( PSA_ERROR_BAD_STATE );
453 }
Steven Cooreman896d51e2021-03-19 15:24:23 +0100[diff] [blame]454}
455
Steven Cooreman87885df2021-03-19 19:04:39 +0100[diff] [blame]456static psa_status_t mac_finish_internal( mbedtls_psa_mac_operation_t *operation,
457 uint8_t *mac,
458 size_t mac_size )
459{
Steven Cooremanb4b9b282021-04-29 16:24:36 +0200[diff] [blame]460 if( operation->alg == 0 )
Steven Cooreman87885df2021-03-19 19:04:39 +0100[diff] [blame]461 return( PSA_ERROR_BAD_STATE );
Steven Cooreman87885df2021-03-19 19:04:39 +0100[diff] [blame]462 if( mac_size < operation->mac_size )
463 return( PSA_ERROR_BUFFER_TOO_SMALL );
464
465#if defined(BUILTIN_ALG_CMAC)
466 if( operation->alg == PSA_ALG_CMAC )
467 {
468 uint8_t tmp[PSA_BLOCK_CIPHER_BLOCK_MAX_SIZE];
469 int ret = mbedtls_cipher_cmac_finish( &operation->ctx.cmac, tmp );
470 if( ret == 0 )
471 memcpy( mac, tmp, operation->mac_size );
472 mbedtls_platform_zeroize( tmp, sizeof( tmp ) );
473 return( mbedtls_to_psa_error( ret ) );
474 }
475 else
476#endif /* BUILTIN_ALG_CMAC */
477#if defined(BUILTIN_ALG_HMAC)
478 if( PSA_ALG_IS_HMAC( operation->alg ) )
479 {
480 return( psa_hmac_finish_internal( &operation->ctx.hmac,
481 mac, operation->mac_size ) );
482 }
483 else
484#endif /* BUILTIN_ALG_HMAC */
485 {
486 /* This shouldn't happen if `operation` was initialized by
487 * a setup function. */
488 return( PSA_ERROR_BAD_STATE );
489 }
490}
491
Steven Cooreman896d51e2021-03-19 15:24:23 +0100[diff] [blame]492static psa_status_t mac_sign_finish(
493 mbedtls_psa_mac_operation_t *operation,
494 uint8_t *mac,
495 size_t mac_size,
496 size_t *mac_length )
497{
Steven Cooreman9878a162021-05-06 17:58:36 +0200[diff] [blame^]498 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
Steven Cooreman87885df2021-03-19 19:04:39 +0100[diff] [blame]499
500 if( operation->alg == 0 )
501 return( PSA_ERROR_BAD_STATE );
502
503 if( ! operation->is_sign )
504 return( PSA_ERROR_BAD_STATE );
505
506 status = mac_finish_internal( operation, mac, mac_size );
507
508 if( status == PSA_SUCCESS )
509 *mac_length = operation->mac_size;
510
511 return( status );
512}
513
Steven Cooreman896d51e2021-03-19 15:24:23 +0100[diff] [blame]514static psa_status_t mac_verify_finish(
515 mbedtls_psa_mac_operation_t *operation,
516 const uint8_t *mac,
517 size_t mac_length )
518{
Steven Cooreman87885df2021-03-19 19:04:39 +0100[diff] [blame]519 uint8_t actual_mac[PSA_MAC_MAX_SIZE];
Steven Cooreman9878a162021-05-06 17:58:36 +0200[diff] [blame^]520 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
Steven Cooreman87885df2021-03-19 19:04:39 +0100[diff] [blame]521
522 if( operation->alg == 0 )
523 return( PSA_ERROR_BAD_STATE );
524
525 if( operation->is_sign )
526 return( PSA_ERROR_BAD_STATE );
527
528 if( operation->mac_size != mac_length )
529 {
530 status = PSA_ERROR_INVALID_SIGNATURE;
531 goto cleanup;
532 }
533
534 status = mac_finish_internal( operation, actual_mac, sizeof( actual_mac ) );
535 if( status != PSA_SUCCESS )
536 goto cleanup;
537
Steven Cooremana2a1b802021-04-29 16:37:59 +0200[diff] [blame]538 if( mbedtls_psa_safer_memcmp( mac, actual_mac, mac_length ) != 0 )
Steven Cooreman87885df2021-03-19 19:04:39 +0100[diff] [blame]539 status = PSA_ERROR_INVALID_SIGNATURE;
540
541cleanup:
542 mbedtls_platform_zeroize( actual_mac, sizeof( actual_mac ) );
543
544 return( status );
Steven Cooreman896d51e2021-03-19 15:24:23 +0100[diff] [blame]545}
Steven Cooreman896d51e2021-03-19 15:24:23 +0100[diff] [blame]546#endif /* MBEDTLS_PSA_BUILTIN_MAC || PSA_CRYPTO_DRIVER_TEST */
547
548#if defined(MBEDTLS_PSA_BUILTIN_MAC)
549psa_status_t mbedtls_psa_mac_compute(
550 const psa_key_attributes_t *attributes,
551 const uint8_t *key_buffer,
552 size_t key_buffer_size,
553 psa_algorithm_t alg,
554 const uint8_t *input,
555 size_t input_length,
556 uint8_t *mac,
557 size_t mac_size,
558 size_t *mac_length )
559{
560 return( mac_compute( attributes, key_buffer, key_buffer_size, alg,
561 input, input_length,
562 mac, mac_size, mac_length ) );
563}
564
565psa_status_t mbedtls_psa_mac_sign_setup(
566 mbedtls_psa_mac_operation_t *operation,
567 const psa_key_attributes_t *attributes,
568 const uint8_t *key_buffer,
569 size_t key_buffer_size,
570 psa_algorithm_t alg )
571{
572 return( mac_sign_setup( operation, attributes,
573 key_buffer, key_buffer_size, alg ) );
574}
575
576psa_status_t mbedtls_psa_mac_verify_setup(
577 mbedtls_psa_mac_operation_t *operation,
578 const psa_key_attributes_t *attributes,
579 const uint8_t *key_buffer,
580 size_t key_buffer_size,
581 psa_algorithm_t alg )
582{
583 return( mac_verify_setup( operation, attributes,
584 key_buffer, key_buffer_size, alg ) );
585}
586
587psa_status_t mbedtls_psa_mac_update(
588 mbedtls_psa_mac_operation_t *operation,
589 const uint8_t *input,
590 size_t input_length )
591{
592 return( mac_update( operation, input, input_length ) );
593}
594
595psa_status_t mbedtls_psa_mac_sign_finish(
596 mbedtls_psa_mac_operation_t *operation,
597 uint8_t *mac,
598 size_t mac_size,
599 size_t *mac_length )
600{
601 return( mac_sign_finish( operation, mac, mac_size, mac_length ) );
602}
603
604psa_status_t mbedtls_psa_mac_verify_finish(
605 mbedtls_psa_mac_operation_t *operation,
606 const uint8_t *mac,
607 size_t mac_length )
608{
609 return( mac_verify_finish( operation, mac, mac_length ) );
610}
611
612psa_status_t mbedtls_psa_mac_abort(
613 mbedtls_psa_mac_operation_t *operation )
614{
615 return( mac_abort( operation ) );
616}
617#endif /* MBEDTLS_PSA_BUILTIN_MAC */
618
619 /*
620 * BEYOND THIS POINT, TEST DRIVER ENTRY POINTS ONLY.
621 */
622#if defined(PSA_CRYPTO_DRIVER_TEST)
623
624static int is_mac_accelerated( psa_algorithm_t alg )
625{
626#if defined(MBEDTLS_PSA_ACCEL_ALG_HMAC)
627 if( PSA_ALG_IS_HMAC( alg ) )
628 return( 1 );
629#endif
630
631 switch( PSA_ALG_FULL_LENGTH_MAC( alg ) )
632 {
633#if defined(MBEDTLS_PSA_ACCEL_ALG_CMAC)
634 case PSA_ALG_CMAC:
635 return( 1 );
636#endif
637 default:
638 return( 0 );
639 }
640}
641
642psa_status_t mbedtls_transparent_test_driver_mac_compute(
643 const psa_key_attributes_t *attributes,
644 const uint8_t *key_buffer,
645 size_t key_buffer_size,
646 psa_algorithm_t alg,
647 const uint8_t *input,
648 size_t input_length,
649 uint8_t *mac,
650 size_t mac_size,
651 size_t *mac_length )
652{
653 if( is_mac_accelerated( alg ) )
654 return( mac_compute( attributes, key_buffer, key_buffer_size, alg,
655 input, input_length,
656 mac, mac_size, mac_length ) );
657 else
658 return( PSA_ERROR_NOT_SUPPORTED );
659}
660
661psa_status_t mbedtls_transparent_test_driver_mac_sign_setup(
662 mbedtls_transparent_test_driver_mac_operation_t *operation,
663 const psa_key_attributes_t *attributes,
664 const uint8_t *key_buffer,
665 size_t key_buffer_size,
666 psa_algorithm_t alg )
667{
668 if( is_mac_accelerated( alg ) )
669 return( mac_sign_setup( operation, attributes,
670 key_buffer, key_buffer_size, alg ) );
671 else
672 return( PSA_ERROR_NOT_SUPPORTED );
673}
674
675psa_status_t mbedtls_transparent_test_driver_mac_verify_setup(
676 mbedtls_transparent_test_driver_mac_operation_t *operation,
677 const psa_key_attributes_t *attributes,
678 const uint8_t *key_buffer,
679 size_t key_buffer_size,
680 psa_algorithm_t alg )
681{
682 if( is_mac_accelerated( alg ) )
683 return( mac_verify_setup( operation, attributes,
684 key_buffer, key_buffer_size, alg ) );
685 else
686 return( PSA_ERROR_NOT_SUPPORTED );
687}
688
689psa_status_t mbedtls_transparent_test_driver_mac_update(
690 mbedtls_transparent_test_driver_mac_operation_t *operation,
691 const uint8_t *input,
692 size_t input_length )
693{
694 if( is_mac_accelerated( operation->alg ) )
695 return( mac_update( operation, input, input_length ) );
696 else
697 return( PSA_ERROR_BAD_STATE );
698}
699
700psa_status_t mbedtls_transparent_test_driver_mac_sign_finish(
701 mbedtls_transparent_test_driver_mac_operation_t *operation,
702 uint8_t *mac,
703 size_t mac_size,
704 size_t *mac_length )
705{
706 if( is_mac_accelerated( operation->alg ) )
707 return( mac_sign_finish( operation, mac, mac_size, mac_length ) );
708 else
709 return( PSA_ERROR_BAD_STATE );
710}
711
712psa_status_t mbedtls_transparent_test_driver_mac_verify_finish(
713 mbedtls_transparent_test_driver_mac_operation_t *operation,
714 const uint8_t *mac,
715 size_t mac_length )
716{
717 if( is_mac_accelerated( operation->alg ) )
718 return( mac_verify_finish( operation, mac, mac_length ) );
719 else
720 return( PSA_ERROR_BAD_STATE );
721}
722
723psa_status_t mbedtls_transparent_test_driver_mac_abort(
724 mbedtls_transparent_test_driver_mac_operation_t *operation )
725{
726 return( mac_abort( operation ) );
727}
728
729psa_status_t mbedtls_opaque_test_driver_mac_compute(
730 const psa_key_attributes_t *attributes,
731 const uint8_t *key_buffer,
732 size_t key_buffer_size,
733 psa_algorithm_t alg,
734 const uint8_t *input,
735 size_t input_length,
736 uint8_t *mac,
737 size_t mac_size,
738 size_t *mac_length )
739{
740 /* Opaque driver testing is not implemented yet through this mechanism. */
741 (void) attributes;
742 (void) key_buffer;
743 (void) key_buffer_size;
744 (void) alg;
745 (void) input;
746 (void) input_length;
747 (void) mac;
748 (void) mac_size;
749 (void) mac_length;
750 return( PSA_ERROR_NOT_SUPPORTED );
751}
752
753psa_status_t mbedtls_opaque_test_driver_mac_sign_setup(
754 mbedtls_opaque_test_driver_mac_operation_t *operation,
755 const psa_key_attributes_t *attributes,
756 const uint8_t *key_buffer,
757 size_t key_buffer_size,
758 psa_algorithm_t alg )
759{
760 /* Opaque driver testing is not implemented yet through this mechanism. */
761 (void) operation;
762 (void) attributes;
763 (void) key_buffer;
764 (void) key_buffer_size;
765 (void) alg;
766 return( PSA_ERROR_NOT_SUPPORTED );
767}
768
769psa_status_t mbedtls_opaque_test_driver_mac_verify_setup(
770 mbedtls_opaque_test_driver_mac_operation_t *operation,
771 const psa_key_attributes_t *attributes,
772 const uint8_t *key_buffer,
773 size_t key_buffer_size,
774 psa_algorithm_t alg )
775{
776 /* Opaque driver testing is not implemented yet through this mechanism. */
777 (void) operation;
778 (void) attributes;
779 (void) key_buffer;
780 (void) key_buffer_size;
781 (void) alg;
782 return( PSA_ERROR_NOT_SUPPORTED );
783}
784
785psa_status_t mbedtls_opaque_test_driver_mac_update(
786 mbedtls_opaque_test_driver_mac_operation_t *operation,
787 const uint8_t *input,
788 size_t input_length )
789{
790 /* Opaque driver testing is not implemented yet through this mechanism. */
791 (void) operation;
792 (void) input;
793 (void) input_length;
794 return( PSA_ERROR_NOT_SUPPORTED );
795}
796
797psa_status_t mbedtls_opaque_test_driver_mac_sign_finish(
798 mbedtls_opaque_test_driver_mac_operation_t *operation,
799 uint8_t *mac,
800 size_t mac_size,
801 size_t *mac_length )
802{
803 /* Opaque driver testing is not implemented yet through this mechanism. */
804 (void) operation;
805 (void) mac;
806 (void) mac_size;
807 (void) mac_length;
808 return( PSA_ERROR_NOT_SUPPORTED );
809}
810
811psa_status_t mbedtls_opaque_test_driver_mac_verify_finish(
812 mbedtls_opaque_test_driver_mac_operation_t *operation,
813 const uint8_t *mac,
814 size_t mac_length )
815{
816 /* Opaque driver testing is not implemented yet through this mechanism. */
817 (void) operation;
818 (void) mac;
819 (void) mac_length;
820 return( PSA_ERROR_NOT_SUPPORTED );
821}
822
823psa_status_t mbedtls_opaque_test_driver_mac_abort(
824 mbedtls_opaque_test_driver_mac_operation_t *operation )
825{
826 /* Opaque driver testing is not implemented yet through this mechanism. */
827 (void) operation;
828 return( PSA_ERROR_NOT_SUPPORTED );
829}
830
831#endif /* PSA_CRYPTO_DRIVER_TEST */
832
833#endif /* MBEDTLS_PSA_CRYPTO_C */