1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
|
/*
* PSA MAC layer on top of Mbed TLS software crypto
*/
/*
* Copyright The Mbed TLS Contributors
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#ifndef PSA_CRYPTO_MAC_H
#define PSA_CRYPTO_MAC_H
#include <psa/crypto.h>
/** Calculate the MAC (message authentication code) of a message using Mbed TLS.
*
* \note The signature of this function is that of a PSA driver mac_compute
* entry point. This function behaves as a mac_compute entry point as
* defined in the PSA driver interface specification for transparent
* drivers.
*
* \param[in] attributes The attributes of the key to use for the
* operation.
* \param[in] key_buffer The buffer containing the key to use for
* computing the MAC. This buffer contains the key
* in export representation as defined by
* psa_export_key() (i.e. the raw key bytes).
* \param key_buffer_size Size of the \p key_buffer buffer in bytes.
* \param alg The MAC algorithm to use (\c PSA_ALG_XXX value
* such that #PSA_ALG_IS_MAC(\p alg) is true).
* \param[in] input Buffer containing the input message.
* \param input_length Size of the \p input buffer in bytes.
* \param[out] mac Buffer where the MAC value is to be written.
* \param mac_size Size of the \p mac buffer in bytes.
* \param[out] mac_length On success, the number of bytes
* that make up the MAC value.
*
* \retval #PSA_SUCCESS
* Success.
* \retval #PSA_ERROR_NOT_SUPPORTED
* \p alg is not supported.
* \retval #PSA_ERROR_BUFFER_TOO_SMALL
* \p mac_size is too small
* \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
* \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
*/
psa_status_t mbedtls_psa_mac_compute(
const psa_key_attributes_t *attributes,
const uint8_t *key_buffer,
size_t key_buffer_size,
psa_algorithm_t alg,
const uint8_t *input,
size_t input_length,
uint8_t *mac,
size_t mac_size,
size_t *mac_length);
/** Set up a multipart MAC calculation operation using Mbed TLS.
*
* \note The signature of this function is that of a PSA driver mac_sign_setup
* entry point. This function behaves as a mac_sign_setup entry point as
* defined in the PSA driver interface specification for transparent
* drivers.
*
* \param[in,out] operation The operation object to set up. It must have
* been initialized and not yet in use.
* \param[in] attributes The attributes of the key to use for the
* operation.
* \param[in] key_buffer The buffer containing the key to use for
* computing the MAC. This buffer contains the key
* in export representation as defined by
* psa_export_key() (i.e. the raw key bytes).
* \param key_buffer_size Size of the \p key_buffer buffer in bytes.
* \param alg The MAC algorithm to use (\c PSA_ALG_XXX value
* such that #PSA_ALG_IS_MAC(\p alg) is true).
*
* \retval #PSA_SUCCESS
* Success.
* \retval #PSA_ERROR_NOT_SUPPORTED
* \p alg is not supported.
* \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
* \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
* \retval #PSA_ERROR_BAD_STATE
* The operation state is not valid (it must be inactive).
*/
psa_status_t mbedtls_psa_mac_sign_setup(
mbedtls_psa_mac_operation_t *operation,
const psa_key_attributes_t *attributes,
const uint8_t *key_buffer,
size_t key_buffer_size,
psa_algorithm_t alg);
/** Set up a multipart MAC verification operation using Mbed TLS.
*
* \note The signature of this function is that of a PSA driver mac_verify_setup
* entry point. This function behaves as a mac_verify_setup entry point as
* defined in the PSA driver interface specification for transparent
* drivers.
*
* \param[in,out] operation The operation object to set up. It must have
* been initialized and not yet in use.
* \param[in] attributes The attributes of the key to use for the
* operation.
* \param[in] key_buffer The buffer containing the key to use for
* computing the MAC. This buffer contains the key
* in export representation as defined by
* psa_export_key() (i.e. the raw key bytes).
* \param key_buffer_size Size of the \p key_buffer buffer in bytes.
* \param alg The MAC algorithm to use (\c PSA_ALG_XXX value
* such that #PSA_ALG_IS_MAC(\p alg) is true).
*
* \retval #PSA_SUCCESS
* Success.
* \retval #PSA_ERROR_NOT_SUPPORTED
* \p alg is not supported.
* \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
* \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
* \retval #PSA_ERROR_BAD_STATE
* The operation state is not valid (it must be inactive).
*/
psa_status_t mbedtls_psa_mac_verify_setup(
mbedtls_psa_mac_operation_t *operation,
const psa_key_attributes_t *attributes,
const uint8_t *key_buffer,
size_t key_buffer_size,
psa_algorithm_t alg);
/** Add a message fragment to a multipart MAC operation using Mbed TLS.
*
* \note The signature of this function is that of a PSA driver mac_update
* entry point. This function behaves as a mac_update entry point as
* defined in the PSA driver interface specification for transparent
* drivers.
*
* The PSA core calls mbedtls_psa_mac_sign_setup() or
* mbedtls_psa_mac_verify_setup() before calling this function.
*
* If this function returns an error status, the PSA core aborts the
* operation by calling mbedtls_psa_mac_abort().
*
* \param[in,out] operation Active MAC operation.
* \param[in] input Buffer containing the message fragment to add to
* the MAC calculation.
* \param input_length Size of the \p input buffer in bytes.
*
* \retval #PSA_SUCCESS
* Success.
* \retval #PSA_ERROR_BAD_STATE
* The operation state is not valid (it must be active).
* \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
* \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
*/
psa_status_t mbedtls_psa_mac_update(
mbedtls_psa_mac_operation_t *operation,
const uint8_t *input,
size_t input_length);
/** Finish the calculation of the MAC of a message using Mbed TLS.
*
* \note The signature of this function is that of a PSA driver mac_sign_finish
* entry point. This function behaves as a mac_sign_finish entry point as
* defined in the PSA driver interface specification for transparent
* drivers.
*
* The PSA core calls mbedtls_psa_mac_sign_setup() before calling this function.
* This function calculates the MAC of the message formed by concatenating
* the inputs passed to preceding calls to mbedtls_psa_mac_update().
*
* Whether this function returns successfully or not, the PSA core subsequently
* aborts the operation by calling mbedtls_psa_mac_abort().
*
* \param[in,out] operation Active MAC operation.
* \param[out] mac Buffer where the MAC value is to be written.
* \param mac_size Output size requested for the MAC algorithm. The PSA
* core guarantees this is a valid MAC length for the
* algorithm and key combination passed to
* mbedtls_psa_mac_sign_setup(). It also guarantees the
* \p mac buffer is large enough to contain the
* requested output size.
* \param[out] mac_length On success, the number of bytes output to buffer
* \p mac, which will be equal to the requested length
* \p mac_size.
*
* \retval #PSA_SUCCESS
* Success.
* \retval #PSA_ERROR_BAD_STATE
* The operation state is not valid (it must be an active mac sign
* operation).
* \retval #PSA_ERROR_BUFFER_TOO_SMALL
* The size of the \p mac buffer is too small. A sufficient buffer size
* can be determined by calling PSA_MAC_LENGTH().
* \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
* \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
*/
psa_status_t mbedtls_psa_mac_sign_finish(
mbedtls_psa_mac_operation_t *operation,
uint8_t *mac,
size_t mac_size,
size_t *mac_length);
/** Finish the calculation of the MAC of a message and compare it with
* an expected value using Mbed TLS.
*
* \note The signature of this function is that of a PSA driver
* mac_verify_finish entry point. This function behaves as a
* mac_verify_finish entry point as defined in the PSA driver interface
* specification for transparent drivers.
*
* The PSA core calls mbedtls_psa_mac_verify_setup() before calling this
* function. This function calculates the MAC of the message formed by
* concatenating the inputs passed to preceding calls to
* mbedtls_psa_mac_update(). It then compares the calculated MAC with the
* expected MAC passed as a parameter to this function.
*
* Whether this function returns successfully or not, the PSA core subsequently
* aborts the operation by calling mbedtls_psa_mac_abort().
*
* \param[in,out] operation Active MAC operation.
* \param[in] mac Buffer containing the expected MAC value.
* \param mac_length Length in bytes of the expected MAC value. The PSA
* core guarantees that this length is a valid MAC
* length for the algorithm and key combination passed
* to mbedtls_psa_mac_verify_setup().
*
* \retval #PSA_SUCCESS
* The expected MAC is identical to the actual MAC of the message.
* \retval #PSA_ERROR_INVALID_SIGNATURE
* The MAC of the message was calculated successfully, but it
* differs from the expected MAC.
* \retval #PSA_ERROR_BAD_STATE
* The operation state is not valid (it must be an active mac verify
* operation).
* \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
* \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
*/
psa_status_t mbedtls_psa_mac_verify_finish(
mbedtls_psa_mac_operation_t *operation,
const uint8_t *mac,
size_t mac_length);
/** Abort a MAC operation using Mbed TLS.
*
* Aborting an operation frees all associated resources except for the
* \p operation structure itself. Once aborted, the operation object
* can be reused for another operation by calling
* mbedtls_psa_mac_sign_setup() or mbedtls_psa_mac_verify_setup() again.
*
* The PSA core may call this function any time after the operation object has
* been initialized by one of the methods described in
* #mbedtls_psa_mac_operation_t.
*
* In particular, calling mbedtls_psa_mac_abort() after the operation has been
* terminated by a call to mbedtls_psa_mac_abort(),
* mbedtls_psa_mac_sign_finish() or mbedtls_psa_mac_verify_finish() is safe and
* has no effect.
*
* \param[in,out] operation Initialized MAC operation.
*
* \retval #PSA_SUCCESS \emptydescription
* \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
*/
psa_status_t mbedtls_psa_mac_abort(
mbedtls_psa_mac_operation_t *operation);
#endif /* PSA_CRYPTO_MAC_H */
|
