PSA: Implement MAC functions
Implement psa_mac_start, psa_mac_update and psa_mac_final.
Implement HMAC anc CMAC.
Smoke tests.
diff --git a/include/psa/crypto.h b/include/psa/crypto.h
index 060c007..5fb3568 100644
--- a/include/psa/crypto.h
+++ b/include/psa/crypto.h
@@ -144,6 +144,9 @@
#define PSA_KEY_TYPE_IS_VENDOR_DEFINED(type) \
(((type) & PSA_KEY_TYPE_VENDOR_FLAG) != 0)
+#define PSA_KEY_TYPE_IS_RAW_BYTES(type) \
+ (((type) & PSA_KEY_TYPE_CATEGORY_MASK) == PSA_KEY_TYPE_RAW_DATA || \
+ ((type) & PSA_KEY_TYPE_CATEGORY_MASK) == PSA_KEY_TYPE_CATEGORY_SYMMETRIC)
#define PSA_KEY_TYPE_IS_ASYMMETRIC(type) \
(((type) & PSA_KEY_TYPE_CATEGORY_MASK) == PSA_KEY_TYPE_CATEGORY_ASYMMETRIC)
#define PSA_KEY_TYPE_IS_PUBLIC_KEY(type) \
@@ -157,6 +160,13 @@
#define PSA_KEY_TYPE_IS_ECC(type) \
(((type) & ~PSA_KEY_TYPE_ECC_CURVE_MASK) == PSA_KEY_TYPE_ECC_BASE)
+#define PSA_BLOCK_CIPHER_BLOCK_SIZE(key_type) \
+ ( \
+ (type) == PSA_KEY_TYPE_AES ? 16 : \
+ (type) == PSA_KEY_TYPE_DES ? 8 : \
+ (type) == PSA_KEY_TYPE_CAMELLIA ? 16 : \
+ 0)
+
/** \brief Encoding of a cryptographic algorithm.
*
* For algorithms that can be applied to multiple key types, this type
@@ -223,25 +233,42 @@
#define PSA_ALG_SHA3_384 ((psa_algorithm_t)0x01000012)
#define PSA_ALG_SHA3_512 ((psa_algorithm_t)0x01000013)
+#define PSA_ALG_MAC_SUBCATEGORY_MASK ((psa_algorithm_t)0x00c00000)
#define PSA_ALG_HMAC_BASE ((psa_algorithm_t)0x02800000)
#define PSA_ALG_HMAC(hash_alg) \
- (PSA_ALG_HMAC_BASE | (hash_alg))
-#define PSA_ALG_CBC_MAC ((psa_algorithm_t)0x02000001)
-#define PSA_ALG_CMAC ((psa_algorithm_t)0x02000002)
-#define PSA_ALG_GMAC ((psa_algorithm_t)0x02000003)
+ (PSA_ALG_HMAC_BASE | ((hash_alg) & PSA_ALG_HASH_MASK))
+#define PSA_ALG_HMAC_HASH(hmac_alg) \
+ (PSA_ALG_CATEGORY_HASH | ((hmac_alg) & PSA_ALG_HASH_MASK))
+#define PSA_ALG_IS_HMAC(alg) \
+ (((alg) & (PSA_ALG_CATEGORY_MASK | PSA_ALG_MAC_SUBCATEGORY_MASK)) == \
+ PSA_ALG_HMAC_BASE)
+#define PSA_ALG_CIPHER_MAC_BASE ((psa_algorithm_t)0x02c00000)
+#define PSA_ALG_CBC_MAC ((psa_algorithm_t)0x02c00001)
+#define PSA_ALG_CMAC ((psa_algorithm_t)0x02c00002)
+#define PSA_ALG_GMAC ((psa_algorithm_t)0x02c00003)
+#define PSA_ALG_IS_CIPHER_MAC(alg) \
+ (((alg) & (PSA_ALG_CATEGORY_MASK | PSA_ALG_MAC_SUBCATEGORY_MASK)) == \
+ PSA_ALG_CIPHER_MAC_BASE)
-#define PSA_ALG_BLOCK_CIPHER_BASE_MASK ((psa_algorithm_t)0x000000ff)
+#define PSA_ALG_CIPHER_SUBCATEGORY_MASK ((psa_algorithm_t)0x00c00000)
+#define PSA_ALG_BLOCK_CIPHER_BASE ((psa_algorithm_t)0x04000001)
+#define PSA_ALG_BLOCK_CIPHER_MODE_MASK ((psa_algorithm_t)0x000000ff)
#define PSA_ALG_BLOCK_CIPHER_PADDING_MASK ((psa_algorithm_t)0x007f0000)
#define PSA_ALG_BLOCK_CIPHER_PAD_PKCS7 ((psa_algorithm_t)0x00010000)
+#define PSA_ALG_IS_BLOCK_CIPHER(alg) \
+ (((alg) & (PSA_ALG_CATEGORY_MASK | PSA_ALG_CIPHER_SUBCATEGORY_MASK)) == \
+ PSA_ALG_BLOCK_CIPHER_BASE)
+
#define PSA_ALG_CBC_BASE ((psa_algorithm_t)0x04000001)
-#define PSA_ALG_CFB_BASE ((psa_algorithm_t)0x04000003)
-#define PSA_ALG_OFB_BASE ((psa_algorithm_t)0x04000004)
-#define PSA_ALG_XTS_BASE ((psa_algorithm_t)0x04000005)
+#define PSA_ALG_CFB_BASE ((psa_algorithm_t)0x04000002)
+#define PSA_ALG_OFB_BASE ((psa_algorithm_t)0x04000003)
+#define PSA_ALG_XTS_BASE ((psa_algorithm_t)0x04000004)
#define PSA_ALG_STREAM_CIPHER ((psa_algorithm_t)0x04800000)
#define PSA_ALG_CTR ((psa_algorithm_t)0x04800001)
+#define PSA_ALG_ARC4 ((psa_algorithm_t)0x04800002)
-#define PSA_ALG_CCM ((psa_algorithm_t)0x06000002)
-#define PSA_ALG_GCM ((psa_algorithm_t)0x06000003)
+#define PSA_ALG_CCM ((psa_algorithm_t)0x06000001)
+#define PSA_ALG_GCM ((psa_algorithm_t)0x06000002)
#define PSA_ALG_RSA_PKCS1V15_RAW ((psa_algorithm_t)0x10010000)
#define PSA_ALG_RSA_PSS_MGF1 ((psa_algorithm_t)0x10020000)
@@ -575,6 +602,38 @@
/**@}*/
+/** \defgroup MAC Message authentication codes
+ * @{
+ */
+
+typedef struct psa_mac_operation_s psa_mac_operation_t;
+
+#define PSA_MAC_FINAL_SIZE(key_type, key_bits, alg) \
+ (PSA_ALG_IS_HMAC(alg) ? PSA_HASH_FINAL_SIZE(PSA_ALG_HMAC_HASH(alg)) : \
+ PSA_ALG_IS_BLOCK_CIPHER_MAC(alg) ? PSA_BLOCK_CIPHER_BLOCK_SIZE(key_type) : \
+ 0)
+
+psa_status_t psa_mac_start(psa_mac_operation_t *operation,
+ psa_key_slot_t key,
+ psa_algorithm_t alg);
+
+psa_status_t psa_mac_update(psa_mac_operation_t *operation,
+ const uint8_t *input,
+ size_t input_length);
+
+psa_status_t psa_mac_finish(psa_mac_operation_t *operation,
+ uint8_t *mac,
+ size_t mac_size,
+ size_t *mac_length);
+
+psa_status_t psa_mac_verify(psa_mac_operation_t *operation,
+ const uint8_t *mac,
+ size_t mac_length);
+
+psa_status_t psa_mac_abort(psa_mac_operation_t *operation);
+
+/**@}*/
+
/** \defgroup asymmetric Asymmetric cryptography
* @{
*/