TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / refs/heads/code / . / library / psa_crypto_mac.c
blob: 7e0a8325df1a1d0075135748bc9b45ba66391aea [file] [log] [blame]
Steven Cooremand13a70f2021-03-19 15:24:23 +0100[diff] [blame]1/*
2 * PSA MAC layer on top of Mbed TLS software crypto
3 */
4/*
5 * Copyright The Mbed TLS Contributors
6 * SPDX-License-Identifier: Apache-2.0
7 *
8 * Licensed under the Apache License, Version 2.0 (the "License"); you may
9 * not use this file except in compliance with the License.
10 * You may obtain a copy of the License at
11 *
12 * http://www.apache.org/licenses/LICENSE-2.0
13 *
14 * Unless required by applicable law or agreed to in writing, software
15 * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
16 * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
17 * See the License for the specific language governing permissions and
18 * limitations under the License.
19 */
20
21#include "common.h"
22
23#if defined(MBEDTLS_PSA_CRYPTO_C)
24
25#include <psa/crypto.h>
26#include "psa_crypto_core.h"
27#include "psa_crypto_mac.h"
Steven Cooreman82c66b62021-03-19 17:39:17 +0100[diff] [blame]28#include <mbedtls/md.h>
Steven Cooremand13a70f2021-03-19 15:24:23 +0100[diff] [blame]29
30#include <mbedtls/error.h>
31#include <string.h>
32
33/* Use builtin defines specific to this compilation unit, since the test driver
34 * relies on the software driver. */
35#if( defined(MBEDTLS_PSA_BUILTIN_ALG_CMAC) || \
36 ( defined(PSA_CRYPTO_DRIVER_TEST) && defined(MBEDTLS_PSA_ACCEL_ALG_CMAC) ) )
37#define BUILTIN_ALG_CMAC 1
38#endif
39#if( defined(MBEDTLS_PSA_BUILTIN_ALG_HMAC) || \
40 ( defined(PSA_CRYPTO_DRIVER_TEST) && defined(MBEDTLS_PSA_ACCEL_ALG_HMAC) ) )
41#define BUILTIN_ALG_HMAC 1
42#endif
43
Steven Cooreman02865f52021-05-07 15:55:27 +0200[diff] [blame]44#if defined(BUILTIN_ALG_HMAC)
Steven Cooremana6df6042021-04-29 19:32:25 +0200[diff] [blame]45static psa_status_t psa_hmac_abort_internal(
46 mbedtls_psa_hmac_operation_t *hmac )
Steven Cooreman82c66b62021-03-19 17:39:17 +0100[diff] [blame]47{
48 mbedtls_platform_zeroize( hmac->opad, sizeof( hmac->opad ) );
49 return( psa_hash_abort( &hmac->hash_ctx ) );
50}
51
Steven Cooremana6df6042021-04-29 19:32:25 +0200[diff] [blame]52static psa_status_t psa_hmac_setup_internal(
53 mbedtls_psa_hmac_operation_t *hmac,
54 const uint8_t *key,
55 size_t key_length,
56 psa_algorithm_t hash_alg )
Steven Cooreman82c66b62021-03-19 17:39:17 +0100[diff] [blame]57{
58 uint8_t ipad[PSA_HMAC_MAX_HASH_BLOCK_SIZE];
59 size_t i;
60 size_t hash_size = PSA_HASH_LENGTH( hash_alg );
Gilles Peskinee7be73d2021-09-22 14:44:28 +0200[diff] [blame]61 size_t block_size = PSA_HASH_BLOCK_LENGTH( hash_alg );
Steven Cooreman82c66b62021-03-19 17:39:17 +0100[diff] [blame]62 psa_status_t status;
63
64 hmac->alg = hash_alg;
65
66 /* Sanity checks on block_size, to guarantee that there won't be a buffer
67 * overflow below. This should never trigger if the hash algorithm
68 * is implemented correctly. */
69 /* The size checks against the ipad and opad buffers cannot be written
70 * `block_size > sizeof( ipad ) || block_size > sizeof( hmac->opad )`
71 * because that triggers -Wlogical-op on GCC 7.3. */
72 if( block_size > sizeof( ipad ) )
73 return( PSA_ERROR_NOT_SUPPORTED );
74 if( block_size > sizeof( hmac->opad ) )
75 return( PSA_ERROR_NOT_SUPPORTED );
76 if( block_size < hash_size )
77 return( PSA_ERROR_NOT_SUPPORTED );
78
79 if( key_length > block_size )
80 {
81 status = psa_hash_compute( hash_alg, key, key_length,
82 ipad, sizeof( ipad ), &key_length );
83 if( status != PSA_SUCCESS )
84 goto cleanup;
85 }
86 /* A 0-length key is not commonly used in HMAC when used as a MAC,
87 * but it is permitted. It is common when HMAC is used in HKDF, for
88 * example. Don't call `memcpy` in the 0-length because `key` could be
89 * an invalid pointer which would make the behavior undefined. */
90 else if( key_length != 0 )
91 memcpy( ipad, key, key_length );
92
93 /* ipad contains the key followed by garbage. Xor and fill with 0x36
94 * to create the ipad value. */
95 for( i = 0; i < key_length; i++ )
96 ipad[i] ^= 0x36;
97 memset( ipad + key_length, 0x36, block_size - key_length );
98
99 /* Copy the key material from ipad to opad, flipping the requisite bits,
100 * and filling the rest of opad with the requisite constant. */
101 for( i = 0; i < key_length; i++ )
102 hmac->opad[i] = ipad[i] ^ 0x36 ^ 0x5C;
103 memset( hmac->opad + key_length, 0x5C, block_size - key_length );
104
105 status = psa_hash_setup( &hmac->hash_ctx, hash_alg );
106 if( status != PSA_SUCCESS )
107 goto cleanup;
108
109 status = psa_hash_update( &hmac->hash_ctx, ipad, block_size );
110
111cleanup:
112 mbedtls_platform_zeroize( ipad, sizeof( ipad ) );
113
114 return( status );
115}
116
Steven Cooremana6df6042021-04-29 19:32:25 +0200[diff] [blame]117static psa_status_t psa_hmac_update_internal(
118 mbedtls_psa_hmac_operation_t *hmac,
119 const uint8_t *data,
120 size_t data_length )
Steven Cooreman4fdf0602021-03-22 12:21:10 +0100[diff] [blame]121{
122 return( psa_hash_update( &hmac->hash_ctx, data, data_length ) );
123}
124
Steven Cooremana6df6042021-04-29 19:32:25 +0200[diff] [blame]125static psa_status_t psa_hmac_finish_internal(
126 mbedtls_psa_hmac_operation_t *hmac,
127 uint8_t *mac,
128 size_t mac_size )
Steven Cooreman82c66b62021-03-19 17:39:17 +0100[diff] [blame]129{
130 uint8_t tmp[MBEDTLS_MD_MAX_SIZE];
131 psa_algorithm_t hash_alg = hmac->alg;
132 size_t hash_size = 0;
Gilles Peskinee7be73d2021-09-22 14:44:28 +0200[diff] [blame]133 size_t block_size = PSA_HASH_BLOCK_LENGTH( hash_alg );
Steven Cooreman82c66b62021-03-19 17:39:17 +0100[diff] [blame]134 psa_status_t status;
135
136 status = psa_hash_finish( &hmac->hash_ctx, tmp, sizeof( tmp ), &hash_size );
137 if( status != PSA_SUCCESS )
138 return( status );
139 /* From here on, tmp needs to be wiped. */
140
141 status = psa_hash_setup( &hmac->hash_ctx, hash_alg );
142 if( status != PSA_SUCCESS )
143 goto exit;
144
145 status = psa_hash_update( &hmac->hash_ctx, hmac->opad, block_size );
146 if( status != PSA_SUCCESS )
147 goto exit;
148
149 status = psa_hash_update( &hmac->hash_ctx, tmp, hash_size );
150 if( status != PSA_SUCCESS )
151 goto exit;
152
153 status = psa_hash_finish( &hmac->hash_ctx, tmp, sizeof( tmp ), &hash_size );
154 if( status != PSA_SUCCESS )
155 goto exit;
156
157 memcpy( mac, tmp, mac_size );
158
159exit:
160 mbedtls_platform_zeroize( tmp, hash_size );
161 return( status );
162}
Steven Cooreman02865f52021-05-07 15:55:27 +0200[diff] [blame]163#endif /* BUILTIN_ALG_HMAC */
Steven Cooremane6804192021-03-19 18:28:56 +0100[diff] [blame]164
165#if defined(BUILTIN_ALG_CMAC)
166static psa_status_t cmac_setup( mbedtls_psa_mac_operation_t *operation,
167 const psa_key_attributes_t *attributes,
Steven Cooremandcd08112021-05-06 18:00:37 +0200[diff] [blame]168 const uint8_t *key_buffer )
Steven Cooremane6804192021-03-19 18:28:56 +0100[diff] [blame]169{
170 int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
Steven Cooreman0c239652021-05-07 17:27:27 +0200[diff] [blame]171
172#if defined(PSA_WANT_KEY_TYPE_DES)
173 /* Mbed TLS CMAC does not accept 3DES with only two keys, nor does it accept
174 * to do CMAC with pure DES, so return NOT_SUPPORTED here. */
175 if( psa_get_key_type( attributes ) == PSA_KEY_TYPE_DES &&
176 ( psa_get_key_bits( attributes ) == 64 ||
177 psa_get_key_bits( attributes ) == 128 ) )
178 return( PSA_ERROR_NOT_SUPPORTED );
179#endif
180
Steven Cooreman094a77e2021-05-06 17:58:36 +0200[diff] [blame]181 const mbedtls_cipher_info_t * cipher_info =
Steven Cooremane6804192021-03-19 18:28:56 +0100[diff] [blame]182 mbedtls_cipher_info_from_psa(
183 PSA_ALG_CMAC,
184 psa_get_key_type( attributes ),
185 psa_get_key_bits( attributes ),
186 NULL );
187
Steven Cooreman094a77e2021-05-06 17:58:36 +0200[diff] [blame]188 if( cipher_info == NULL )
Steven Cooremane6804192021-03-19 18:28:56 +0100[diff] [blame]189 return( PSA_ERROR_NOT_SUPPORTED );
190
Steven Cooreman094a77e2021-05-06 17:58:36 +0200[diff] [blame]191 ret = mbedtls_cipher_setup( &operation->ctx.cmac, cipher_info );
Steven Cooremane6804192021-03-19 18:28:56 +0100[diff] [blame]192 if( ret != 0 )
193 goto exit;
194
195 ret = mbedtls_cipher_cmac_starts( &operation->ctx.cmac,
196 key_buffer,
197 psa_get_key_bits( attributes ) );
198exit:
199 return( mbedtls_to_psa_error( ret ) );
200}
201#endif /* BUILTIN_ALG_CMAC */
202
Steven Cooreman02865f52021-05-07 15:55:27 +0200[diff] [blame]203/* Implement the PSA driver MAC interface on top of mbed TLS if either the
204 * software driver or the test driver requires it. */
205#if defined(BUILTIN_ALG_HMAC) || defined(BUILTIN_ALG_CMAC)
206
Steven Cooremane6804192021-03-19 18:28:56 +0100[diff] [blame]207/* Initialize this driver's MAC operation structure. Once this function has been
208 * called, mbedtls_psa_mac_abort can run and will do the right thing. */
209static psa_status_t mac_init(
210 mbedtls_psa_mac_operation_t *operation,
211 psa_algorithm_t alg )
212{
Steven Cooremanba9a5bf2021-04-29 16:21:24 +0200[diff] [blame]213 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
Steven Cooremane6804192021-03-19 18:28:56 +0100[diff] [blame]214
Steven Cooreman72f736a2021-05-07 14:14:37 +0200[diff] [blame]215 operation->alg = alg;
Steven Cooremane6804192021-03-19 18:28:56 +0100[diff] [blame]216
217#if defined(BUILTIN_ALG_CMAC)
Steven Cooreman72f736a2021-05-07 14:14:37 +0200[diff] [blame]218 if( PSA_ALG_FULL_LENGTH_MAC( operation->alg ) == PSA_ALG_CMAC )
Steven Cooremane6804192021-03-19 18:28:56 +0100[diff] [blame]219 {
Steven Cooremane6804192021-03-19 18:28:56 +0100[diff] [blame]220 mbedtls_cipher_init( &operation->ctx.cmac );
221 status = PSA_SUCCESS;
222 }
223 else
224#endif /* BUILTIN_ALG_CMAC */
225#if defined(BUILTIN_ALG_HMAC)
226 if( PSA_ALG_IS_HMAC( operation->alg ) )
227 {
228 /* We'll set up the hash operation later in psa_hmac_setup_internal. */
229 operation->ctx.hmac.alg = 0;
230 status = PSA_SUCCESS;
231 }
232 else
233#endif /* BUILTIN_ALG_HMAC */
234 {
Steven Cooremanba9a5bf2021-04-29 16:21:24 +0200[diff] [blame]235 status = PSA_ERROR_NOT_SUPPORTED;
Steven Cooremane6804192021-03-19 18:28:56 +0100[diff] [blame]236 }
237
238 if( status != PSA_SUCCESS )
239 memset( operation, 0, sizeof( *operation ) );
240 return( status );
241}
242
243static psa_status_t mac_abort( mbedtls_psa_mac_operation_t *operation )
244{
245 if( operation->alg == 0 )
246 {
247 /* The object has (apparently) been initialized but it is not
248 * in use. It's ok to call abort on such an object, and there's
249 * nothing to do. */
250 return( PSA_SUCCESS );
251 }
252 else
253#if defined(BUILTIN_ALG_CMAC)
Steven Cooreman72f736a2021-05-07 14:14:37 +0200[diff] [blame]254 if( PSA_ALG_FULL_LENGTH_MAC( operation->alg ) == PSA_ALG_CMAC )
Steven Cooremane6804192021-03-19 18:28:56 +0100[diff] [blame]255 {
256 mbedtls_cipher_free( &operation->ctx.cmac );
257 }
258 else
259#endif /* BUILTIN_ALG_CMAC */
260#if defined(BUILTIN_ALG_HMAC)
261 if( PSA_ALG_IS_HMAC( operation->alg ) )
262 {
263 psa_hmac_abort_internal( &operation->ctx.hmac );
264 }
265 else
266#endif /* BUILTIN_ALG_HMAC */
267 {
268 /* Sanity check (shouldn't happen: operation->alg should
269 * always have been initialized to a valid value). */
270 goto bad_state;
271 }
272
273 operation->alg = 0;
Steven Cooremane6804192021-03-19 18:28:56 +0100[diff] [blame]274
275 return( PSA_SUCCESS );
276
277bad_state:
278 /* If abort is called on an uninitialized object, we can't trust
279 * anything. Wipe the object in case it contains confidential data.
280 * This may result in a memory leak if a pointer gets overwritten,
281 * but it's too late to do anything about this. */
282 memset( operation, 0, sizeof( *operation ) );
283 return( PSA_ERROR_BAD_STATE );
284}
285
286static psa_status_t mac_setup( mbedtls_psa_mac_operation_t *operation,
287 const psa_key_attributes_t *attributes,
288 const uint8_t *key_buffer,
289 size_t key_buffer_size,
Steven Cooreman72f736a2021-05-07 14:14:37 +0200[diff] [blame]290 psa_algorithm_t alg )
Steven Cooremane6804192021-03-19 18:28:56 +0100[diff] [blame]291{
292 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
293
294 /* A context must be freshly initialized before it can be set up. */
295 if( operation->alg != 0 )
Steven Cooremane6804192021-03-19 18:28:56 +0100[diff] [blame]296 return( PSA_ERROR_BAD_STATE );
Steven Cooremane6804192021-03-19 18:28:56 +0100[diff] [blame]297
298 status = mac_init( operation, alg );
299 if( status != PSA_SUCCESS )
300 return( status );
Steven Cooremane6804192021-03-19 18:28:56 +0100[diff] [blame]301
302#if defined(BUILTIN_ALG_CMAC)
303 if( PSA_ALG_FULL_LENGTH_MAC( alg ) == PSA_ALG_CMAC )
304 {
Steven Cooremandcd08112021-05-06 18:00:37 +0200[diff] [blame]305 /* Key buffer size for CMAC is dictated by the key bits set on the
306 * attributes, and previously validated by the core on key import. */
307 (void) key_buffer_size;
308 status = cmac_setup( operation, attributes, key_buffer );
Steven Cooremane6804192021-03-19 18:28:56 +0100[diff] [blame]309 }
310 else
311#endif /* BUILTIN_ALG_CMAC */
312#if defined(BUILTIN_ALG_HMAC)
313 if( PSA_ALG_IS_HMAC( alg ) )
314 {
Steven Cooremane6804192021-03-19 18:28:56 +0100[diff] [blame]315 status = psa_hmac_setup_internal( &operation->ctx.hmac,
316 key_buffer,
317 key_buffer_size,
318 PSA_ALG_HMAC_GET_HASH( alg ) );
319 }
320 else
321#endif /* BUILTIN_ALG_HMAC */
322 {
Steven Cooremanb29902a2021-05-10 09:47:05 +0200[diff] [blame]323 (void) attributes;
324 (void) key_buffer;
325 (void) key_buffer_size;
Steven Cooremane6804192021-03-19 18:28:56 +0100[diff] [blame]326 status = PSA_ERROR_NOT_SUPPORTED;
327 }
328
Steven Cooremana4638e72021-04-29 16:24:36 +0200[diff] [blame]329 if( status != PSA_SUCCESS )
Steven Cooremane6804192021-03-19 18:28:56 +0100[diff] [blame]330 mac_abort( operation );
331
332 return( status );
333}
334
Steven Cooremand13a70f2021-03-19 15:24:23 +0100[diff] [blame]335static psa_status_t mac_update(
336 mbedtls_psa_mac_operation_t *operation,
337 const uint8_t *input,
338 size_t input_length )
339{
Steven Cooremana4638e72021-04-29 16:24:36 +0200[diff] [blame]340 if( operation->alg == 0 )
Steven Cooreman6e7f2912021-03-19 18:38:46 +0100[diff] [blame]341 return( PSA_ERROR_BAD_STATE );
Steven Cooreman6e7f2912021-03-19 18:38:46 +0100[diff] [blame]342
343#if defined(BUILTIN_ALG_CMAC)
Steven Cooreman72f736a2021-05-07 14:14:37 +0200[diff] [blame]344 if( PSA_ALG_FULL_LENGTH_MAC( operation->alg ) == PSA_ALG_CMAC )
Steven Cooreman6e7f2912021-03-19 18:38:46 +0100[diff] [blame]345 {
346 return( mbedtls_to_psa_error(
347 mbedtls_cipher_cmac_update( &operation->ctx.cmac,
348 input, input_length ) ) );
349 }
350 else
351#endif /* BUILTIN_ALG_CMAC */
352#if defined(BUILTIN_ALG_HMAC)
353 if( PSA_ALG_IS_HMAC( operation->alg ) )
354 {
Steven Cooremana6df6042021-04-29 19:32:25 +0200[diff] [blame]355 return( psa_hmac_update_internal( &operation->ctx.hmac,
356 input, input_length ) );
Steven Cooreman6e7f2912021-03-19 18:38:46 +0100[diff] [blame]357 }
358 else
359#endif /* BUILTIN_ALG_HMAC */
360 {
361 /* This shouldn't happen if `operation` was initialized by
362 * a setup function. */
Steven Cooremanb29902a2021-05-10 09:47:05 +0200[diff] [blame]363 (void) input;
364 (void) input_length;
Steven Cooreman6e7f2912021-03-19 18:38:46 +0100[diff] [blame]365 return( PSA_ERROR_BAD_STATE );
366 }
Steven Cooremand13a70f2021-03-19 15:24:23 +0100[diff] [blame]367}
368
Steven Cooremana5b860a2021-03-19 19:04:39 +0100[diff] [blame]369static psa_status_t mac_finish_internal( mbedtls_psa_mac_operation_t *operation,
370 uint8_t *mac,
371 size_t mac_size )
372{
Steven Cooremana5b860a2021-03-19 19:04:39 +0100[diff] [blame]373#if defined(BUILTIN_ALG_CMAC)
Steven Cooreman72f736a2021-05-07 14:14:37 +0200[diff] [blame]374 if( PSA_ALG_FULL_LENGTH_MAC( operation->alg ) == PSA_ALG_CMAC )
Steven Cooremana5b860a2021-03-19 19:04:39 +0100[diff] [blame]375 {
376 uint8_t tmp[PSA_BLOCK_CIPHER_BLOCK_MAX_SIZE];
377 int ret = mbedtls_cipher_cmac_finish( &operation->ctx.cmac, tmp );
378 if( ret == 0 )
Steven Cooreman72f736a2021-05-07 14:14:37 +0200[diff] [blame]379 memcpy( mac, tmp, mac_size );
Steven Cooremana5b860a2021-03-19 19:04:39 +0100[diff] [blame]380 mbedtls_platform_zeroize( tmp, sizeof( tmp ) );
381 return( mbedtls_to_psa_error( ret ) );
382 }
383 else
384#endif /* BUILTIN_ALG_CMAC */
385#if defined(BUILTIN_ALG_HMAC)
386 if( PSA_ALG_IS_HMAC( operation->alg ) )
387 {
388 return( psa_hmac_finish_internal( &operation->ctx.hmac,
Steven Cooreman72f736a2021-05-07 14:14:37 +0200[diff] [blame]389 mac, mac_size ) );
Steven Cooremana5b860a2021-03-19 19:04:39 +0100[diff] [blame]390 }
391 else
392#endif /* BUILTIN_ALG_HMAC */
393 {
394 /* This shouldn't happen if `operation` was initialized by
395 * a setup function. */
Steven Cooreman72f736a2021-05-07 14:14:37 +0200[diff] [blame]396 (void) operation;
397 (void) mac;
398 (void) mac_size;
Steven Cooremana5b860a2021-03-19 19:04:39 +0100[diff] [blame]399 return( PSA_ERROR_BAD_STATE );
400 }
401}
402
Steven Cooremand13a70f2021-03-19 15:24:23 +0100[diff] [blame]403static psa_status_t mac_sign_finish(
404 mbedtls_psa_mac_operation_t *operation,
405 uint8_t *mac,
406 size_t mac_size,
407 size_t *mac_length )
408{
Steven Cooreman094a77e2021-05-06 17:58:36 +0200[diff] [blame]409 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
Steven Cooremana5b860a2021-03-19 19:04:39 +0100[diff] [blame]410
411 if( operation->alg == 0 )
412 return( PSA_ERROR_BAD_STATE );
413
Steven Cooremana5b860a2021-03-19 19:04:39 +0100[diff] [blame]414 status = mac_finish_internal( operation, mac, mac_size );
415
416 if( status == PSA_SUCCESS )
Steven Cooreman72f736a2021-05-07 14:14:37 +0200[diff] [blame]417 *mac_length = mac_size;
Steven Cooremana5b860a2021-03-19 19:04:39 +0100[diff] [blame]418
419 return( status );
420}
421
Steven Cooremand13a70f2021-03-19 15:24:23 +0100[diff] [blame]422static psa_status_t mac_verify_finish(
423 mbedtls_psa_mac_operation_t *operation,
424 const uint8_t *mac,
425 size_t mac_length )
426{
Steven Cooremana5b860a2021-03-19 19:04:39 +0100[diff] [blame]427 uint8_t actual_mac[PSA_MAC_MAX_SIZE];
Steven Cooreman094a77e2021-05-06 17:58:36 +0200[diff] [blame]428 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
Steven Cooremana5b860a2021-03-19 19:04:39 +0100[diff] [blame]429
430 if( operation->alg == 0 )
431 return( PSA_ERROR_BAD_STATE );
432
Steven Cooreman72f736a2021-05-07 14:14:37 +0200[diff] [blame]433 /* Consistency check: requested MAC length fits our local buffer */
434 if( mac_length > sizeof( actual_mac ) )
435 return( PSA_ERROR_INVALID_ARGUMENT );
Steven Cooremana5b860a2021-03-19 19:04:39 +0100[diff] [blame]436
Steven Cooreman72f736a2021-05-07 14:14:37 +0200[diff] [blame]437 status = mac_finish_internal( operation, actual_mac, mac_length );
Steven Cooremana5b860a2021-03-19 19:04:39 +0100[diff] [blame]438 if( status != PSA_SUCCESS )
439 goto cleanup;
440
Steven Cooreman36876a02021-04-29 16:37:59 +0200[diff] [blame]441 if( mbedtls_psa_safer_memcmp( mac, actual_mac, mac_length ) != 0 )
Steven Cooremana5b860a2021-03-19 19:04:39 +0100[diff] [blame]442 status = PSA_ERROR_INVALID_SIGNATURE;
443
444cleanup:
445 mbedtls_platform_zeroize( actual_mac, sizeof( actual_mac ) );
446
447 return( status );
Steven Cooremand13a70f2021-03-19 15:24:23 +0100[diff] [blame]448}
Ronald Cron76be3e02021-06-17 17:34:43 +0200[diff] [blame]449
450static psa_status_t mac_compute(
451 const psa_key_attributes_t *attributes,
452 const uint8_t *key_buffer,
453 size_t key_buffer_size,
454 psa_algorithm_t alg,
455 const uint8_t *input,
456 size_t input_length,
457 uint8_t *mac,
458 size_t mac_size,
459 size_t *mac_length )
460{
461 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
462 mbedtls_psa_mac_operation_t operation = MBEDTLS_PSA_MAC_OPERATION_INIT;
463
464 status = mac_setup( &operation,
465 attributes, key_buffer, key_buffer_size,
466 alg );
467 if( status != PSA_SUCCESS )
468 goto exit;
469
470 if( input_length > 0 )
471 {
472 status = mac_update( &operation, input, input_length );
473 if( status != PSA_SUCCESS )
474 goto exit;
475 }
476
477 status = mac_finish_internal( &operation, mac, mac_size );
478 if( status == PSA_SUCCESS )
479 *mac_length = mac_size;
480
481exit:
482 mac_abort( &operation );
483
484 return( status );
485}
486
Steven Cooreman02865f52021-05-07 15:55:27 +0200[diff] [blame]487#endif /* BUILTIN_ALG_HMAC || BUILTIN_ALG_CMAC */
Steven Cooremand13a70f2021-03-19 15:24:23 +0100[diff] [blame]488
489#if defined(MBEDTLS_PSA_BUILTIN_MAC)
490psa_status_t mbedtls_psa_mac_compute(
491 const psa_key_attributes_t *attributes,
492 const uint8_t *key_buffer,
493 size_t key_buffer_size,
494 psa_algorithm_t alg,
495 const uint8_t *input,
496 size_t input_length,
497 uint8_t *mac,
498 size_t mac_size,
499 size_t *mac_length )
500{
501 return( mac_compute( attributes, key_buffer, key_buffer_size, alg,
502 input, input_length,
503 mac, mac_size, mac_length ) );
504}
505
506psa_status_t mbedtls_psa_mac_sign_setup(
507 mbedtls_psa_mac_operation_t *operation,
508 const psa_key_attributes_t *attributes,
509 const uint8_t *key_buffer,
510 size_t key_buffer_size,
511 psa_algorithm_t alg )
512{
Steven Cooreman9e15fb72021-05-11 11:10:34 +0200[diff] [blame]513 return( mac_setup( operation, attributes,
514 key_buffer, key_buffer_size, alg ) );
Steven Cooremand13a70f2021-03-19 15:24:23 +0100[diff] [blame]515}
516
517psa_status_t mbedtls_psa_mac_verify_setup(
518 mbedtls_psa_mac_operation_t *operation,
519 const psa_key_attributes_t *attributes,
520 const uint8_t *key_buffer,
521 size_t key_buffer_size,
522 psa_algorithm_t alg )
523{
Steven Cooreman9e15fb72021-05-11 11:10:34 +0200[diff] [blame]524 return( mac_setup( operation, attributes,
525 key_buffer, key_buffer_size, alg ) );
Steven Cooremand13a70f2021-03-19 15:24:23 +0100[diff] [blame]526}
527
528psa_status_t mbedtls_psa_mac_update(
529 mbedtls_psa_mac_operation_t *operation,
530 const uint8_t *input,
531 size_t input_length )
532{
533 return( mac_update( operation, input, input_length ) );
534}
535
536psa_status_t mbedtls_psa_mac_sign_finish(
537 mbedtls_psa_mac_operation_t *operation,
538 uint8_t *mac,
539 size_t mac_size,
540 size_t *mac_length )
541{
542 return( mac_sign_finish( operation, mac, mac_size, mac_length ) );
543}
544
545psa_status_t mbedtls_psa_mac_verify_finish(
546 mbedtls_psa_mac_operation_t *operation,
547 const uint8_t *mac,
548 size_t mac_length )
549{
550 return( mac_verify_finish( operation, mac, mac_length ) );
551}
552
553psa_status_t mbedtls_psa_mac_abort(
554 mbedtls_psa_mac_operation_t *operation )
555{
556 return( mac_abort( operation ) );
557}
558#endif /* MBEDTLS_PSA_BUILTIN_MAC */
559
560 /*
561 * BEYOND THIS POINT, TEST DRIVER ENTRY POINTS ONLY.
562 */
563#if defined(PSA_CRYPTO_DRIVER_TEST)
564
565static int is_mac_accelerated( psa_algorithm_t alg )
566{
567#if defined(MBEDTLS_PSA_ACCEL_ALG_HMAC)
568 if( PSA_ALG_IS_HMAC( alg ) )
569 return( 1 );
570#endif
571
572 switch( PSA_ALG_FULL_LENGTH_MAC( alg ) )
573 {
574#if defined(MBEDTLS_PSA_ACCEL_ALG_CMAC)
575 case PSA_ALG_CMAC:
576 return( 1 );
577#endif
578 default:
579 return( 0 );
580 }
581}
582
583psa_status_t mbedtls_transparent_test_driver_mac_compute(
584 const psa_key_attributes_t *attributes,
585 const uint8_t *key_buffer,
586 size_t key_buffer_size,
587 psa_algorithm_t alg,
588 const uint8_t *input,
589 size_t input_length,
590 uint8_t *mac,
591 size_t mac_size,
592 size_t *mac_length )
593{
594 if( is_mac_accelerated( alg ) )
595 return( mac_compute( attributes, key_buffer, key_buffer_size, alg,
596 input, input_length,
597 mac, mac_size, mac_length ) );
598 else
599 return( PSA_ERROR_NOT_SUPPORTED );
600}
601
602psa_status_t mbedtls_transparent_test_driver_mac_sign_setup(
603 mbedtls_transparent_test_driver_mac_operation_t *operation,
604 const psa_key_attributes_t *attributes,
605 const uint8_t *key_buffer,
606 size_t key_buffer_size,
607 psa_algorithm_t alg )
608{
609 if( is_mac_accelerated( alg ) )
Steven Cooreman9e15fb72021-05-11 11:10:34 +0200[diff] [blame]610 return( mac_setup( operation, attributes,
611 key_buffer, key_buffer_size, alg ) );
Steven Cooremand13a70f2021-03-19 15:24:23 +0100[diff] [blame]612 else
613 return( PSA_ERROR_NOT_SUPPORTED );
614}
615
616psa_status_t mbedtls_transparent_test_driver_mac_verify_setup(
617 mbedtls_transparent_test_driver_mac_operation_t *operation,
618 const psa_key_attributes_t *attributes,
619 const uint8_t *key_buffer,
620 size_t key_buffer_size,
621 psa_algorithm_t alg )
622{
623 if( is_mac_accelerated( alg ) )
Steven Cooreman9e15fb72021-05-11 11:10:34 +0200[diff] [blame]624 return( mac_setup( operation, attributes,
625 key_buffer, key_buffer_size, alg ) );
Steven Cooremand13a70f2021-03-19 15:24:23 +0100[diff] [blame]626 else
627 return( PSA_ERROR_NOT_SUPPORTED );
628}
629
630psa_status_t mbedtls_transparent_test_driver_mac_update(
631 mbedtls_transparent_test_driver_mac_operation_t *operation,
632 const uint8_t *input,
633 size_t input_length )
634{
635 if( is_mac_accelerated( operation->alg ) )
636 return( mac_update( operation, input, input_length ) );
637 else
638 return( PSA_ERROR_BAD_STATE );
639}
640
641psa_status_t mbedtls_transparent_test_driver_mac_sign_finish(
642 mbedtls_transparent_test_driver_mac_operation_t *operation,
643 uint8_t *mac,
644 size_t mac_size,
645 size_t *mac_length )
646{
647 if( is_mac_accelerated( operation->alg ) )
648 return( mac_sign_finish( operation, mac, mac_size, mac_length ) );
649 else
650 return( PSA_ERROR_BAD_STATE );
651}
652
653psa_status_t mbedtls_transparent_test_driver_mac_verify_finish(
654 mbedtls_transparent_test_driver_mac_operation_t *operation,
655 const uint8_t *mac,
656 size_t mac_length )
657{
658 if( is_mac_accelerated( operation->alg ) )
659 return( mac_verify_finish( operation, mac, mac_length ) );
660 else
661 return( PSA_ERROR_BAD_STATE );
662}
663
664psa_status_t mbedtls_transparent_test_driver_mac_abort(
665 mbedtls_transparent_test_driver_mac_operation_t *operation )
666{
667 return( mac_abort( operation ) );
668}
669
670psa_status_t mbedtls_opaque_test_driver_mac_compute(
671 const psa_key_attributes_t *attributes,
672 const uint8_t *key_buffer,
673 size_t key_buffer_size,
674 psa_algorithm_t alg,
675 const uint8_t *input,
676 size_t input_length,
677 uint8_t *mac,
678 size_t mac_size,
679 size_t *mac_length )
680{
681 /* Opaque driver testing is not implemented yet through this mechanism. */
682 (void) attributes;
683 (void) key_buffer;
684 (void) key_buffer_size;
685 (void) alg;
686 (void) input;
687 (void) input_length;
688 (void) mac;
689 (void) mac_size;
690 (void) mac_length;
691 return( PSA_ERROR_NOT_SUPPORTED );
692}
693
694psa_status_t mbedtls_opaque_test_driver_mac_sign_setup(
695 mbedtls_opaque_test_driver_mac_operation_t *operation,
696 const psa_key_attributes_t *attributes,
697 const uint8_t *key_buffer,
698 size_t key_buffer_size,
699 psa_algorithm_t alg )
700{
701 /* Opaque driver testing is not implemented yet through this mechanism. */
702 (void) operation;
703 (void) attributes;
704 (void) key_buffer;
705 (void) key_buffer_size;
706 (void) alg;
707 return( PSA_ERROR_NOT_SUPPORTED );
708}
709
710psa_status_t mbedtls_opaque_test_driver_mac_verify_setup(
711 mbedtls_opaque_test_driver_mac_operation_t *operation,
712 const psa_key_attributes_t *attributes,
713 const uint8_t *key_buffer,
714 size_t key_buffer_size,
715 psa_algorithm_t alg )
716{
717 /* Opaque driver testing is not implemented yet through this mechanism. */
718 (void) operation;
719 (void) attributes;
720 (void) key_buffer;
721 (void) key_buffer_size;
722 (void) alg;
723 return( PSA_ERROR_NOT_SUPPORTED );
724}
725
726psa_status_t mbedtls_opaque_test_driver_mac_update(
727 mbedtls_opaque_test_driver_mac_operation_t *operation,
728 const uint8_t *input,
729 size_t input_length )
730{
731 /* Opaque driver testing is not implemented yet through this mechanism. */
732 (void) operation;
733 (void) input;
734 (void) input_length;
735 return( PSA_ERROR_NOT_SUPPORTED );
736}
737
738psa_status_t mbedtls_opaque_test_driver_mac_sign_finish(
739 mbedtls_opaque_test_driver_mac_operation_t *operation,
740 uint8_t *mac,
741 size_t mac_size,
742 size_t *mac_length )
743{
744 /* Opaque driver testing is not implemented yet through this mechanism. */
745 (void) operation;
746 (void) mac;
747 (void) mac_size;
748 (void) mac_length;
749 return( PSA_ERROR_NOT_SUPPORTED );
750}
751
752psa_status_t mbedtls_opaque_test_driver_mac_verify_finish(
753 mbedtls_opaque_test_driver_mac_operation_t *operation,
754 const uint8_t *mac,
755 size_t mac_length )
756{
757 /* Opaque driver testing is not implemented yet through this mechanism. */
758 (void) operation;
759 (void) mac;
760 (void) mac_length;
761 return( PSA_ERROR_NOT_SUPPORTED );
762}
763
764psa_status_t mbedtls_opaque_test_driver_mac_abort(
765 mbedtls_opaque_test_driver_mac_operation_t *operation )
766{
767 /* Opaque driver testing is not implemented yet through this mechanism. */
768 (void) operation;
769 return( PSA_ERROR_NOT_SUPPORTED );
770}
771
772#endif /* PSA_CRYPTO_DRIVER_TEST */
773
774#endif /* MBEDTLS_PSA_CRYPTO_C */