Rename psa_mac_{finish,verify} -> psa_mac_{sign,verify}_finish
Make function names for multipart operations more consistent (MAC
finish edition).
diff --git a/include/psa/crypto.h b/include/psa/crypto.h
index 1ee403c..9573859 100644
--- a/include/psa/crypto.h
+++ b/include/psa/crypto.h
@@ -1345,8 +1345,8 @@
* -# Call psa_mac_update() zero, one or more times, passing a fragment
* of the message each time. The MAC that is calculated is the MAC
* of the concatenation of these messages in order.
- * -# To calculate the MAC, call psa_mac_finish().
- * To compare the MAC with an expected value, call psa_mac_verify().
+ * -# To calculate the MAC, call psa_mac_sign_finish().
+ * To compare the MAC with an expected value, call psa_mac_verify_finish().
*
* The application may call psa_mac_abort() at any time after the operation
* has been initialized with psa_mac_start().
@@ -1355,7 +1355,8 @@
* eventually terminate the operation. The following events terminate an
* operation:
* - A failed call to psa_mac_update().
- * - A call to psa_mac_finish(), psa_mac_verify() or psa_mac_abort().
+ * - A call to psa_mac_sign_finish(), psa_mac_verify_finish() or
+ * psa_mac_abort().
*
* \param operation The operation object to use.
* \param key Slot containing the key to use for the operation.
@@ -1383,14 +1384,14 @@
const uint8_t *input,
size_t input_length);
-psa_status_t psa_mac_finish(psa_mac_operation_t *operation,
- uint8_t *mac,
- size_t mac_size,
- size_t *mac_length);
+psa_status_t psa_mac_sign_finish(psa_mac_operation_t *operation,
+ uint8_t *mac,
+ size_t mac_size,
+ size_t *mac_length);
-psa_status_t psa_mac_verify(psa_mac_operation_t *operation,
- const uint8_t *mac,
- size_t mac_length);
+psa_status_t psa_mac_verify_finish(psa_mac_operation_t *operation,
+ const uint8_t *mac,
+ size_t mac_length);
psa_status_t psa_mac_abort(psa_mac_operation_t *operation);
diff --git a/include/psa/crypto_sizes.h b/include/psa/crypto_sizes.h
index 80b2f9d..574d3e5 100644
--- a/include/psa/crypto_sizes.h
+++ b/include/psa/crypto_sizes.h
@@ -142,9 +142,9 @@
-/** The size of the output of psa_mac_finish(), in bytes.
+/** The size of the output of psa_mac_sign_finish(), in bytes.
*
- * This is also the MAC size that psa_mac_verify() expects.
+ * This is also the MAC size that psa_mac_verify_finish() expects.
*
* \param key_type The type of the MAC key.
* \param key_bits The size of the MAC key in bits.
diff --git a/library/psa_crypto.c b/library/psa_crypto.c
index 76e1a68..4c42d61 100644
--- a/library/psa_crypto.c
+++ b/library/psa_crypto.c
@@ -1483,8 +1483,8 @@
/* Since this function is called identically for a sign or verify
* operation, we don't know yet whether the operation is permitted.
* Store the part of the key policy that we can't check in the
- * operation structure. psa_mac_finish() or psa_mac_verify() will
- * check that remaining part. */
+ * operation structure. psa_mac_sign_finish() or psa_mac_verify_finish()
+ * will check that remaining part. */
if( ( slot->policy.usage & PSA_KEY_USAGE_SIGN ) != 0 )
operation->key_usage_sign = 1;
if( ( slot->policy.usage & PSA_KEY_USAGE_VERIFY ) != 0 )
@@ -1671,10 +1671,10 @@
}
}
-psa_status_t psa_mac_finish( psa_mac_operation_t *operation,
- uint8_t *mac,
- size_t mac_size,
- size_t *mac_length )
+psa_status_t psa_mac_sign_finish( psa_mac_operation_t *operation,
+ uint8_t *mac,
+ size_t mac_size,
+ size_t *mac_length )
{
if( ! operation->key_usage_sign )
return( PSA_ERROR_NOT_PERMITTED );
@@ -1683,9 +1683,9 @@
mac_size, mac_length ) );
}
-psa_status_t psa_mac_verify( psa_mac_operation_t *operation,
- const uint8_t *mac,
- size_t mac_length )
+psa_status_t psa_mac_verify_finish( psa_mac_operation_t *operation,
+ const uint8_t *mac,
+ size_t mac_length )
{
uint8_t actual_mac[PSA_MAC_MAX_SIZE];
size_t actual_mac_length;
diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function
index 438b721..fcab07b 100644
--- a/tests/suites/test_suite_psa_crypto.function
+++ b/tests/suites/test_suite_psa_crypto.function
@@ -141,9 +141,9 @@
TEST_ASSERT( psa_mac_start( &operation, key, alg ) == PSA_SUCCESS );
TEST_ASSERT( psa_mac_update( &operation,
input, sizeof( input ) ) == PSA_SUCCESS );
- TEST_ASSERT( psa_mac_finish( &operation,
- mac, sizeof( input ),
- &mac_length ) == PSA_SUCCESS );
+ TEST_ASSERT( psa_mac_sign_finish( &operation,
+ mac, sizeof( input ),
+ &mac_length ) == PSA_SUCCESS );
}
if( usage & PSA_KEY_USAGE_VERIFY )
@@ -155,7 +155,9 @@
TEST_ASSERT( psa_mac_start( &operation, key, alg ) == PSA_SUCCESS );
TEST_ASSERT( psa_mac_update( &operation,
input, sizeof( input ) ) == PSA_SUCCESS );
- TEST_ASSERT( psa_mac_verify( &operation, mac, mac_length ) == verify_status );
+ TEST_ASSERT( psa_mac_verify_finish( &operation,
+ mac,
+ mac_length ) == verify_status );
}
return( 1 );
@@ -747,8 +749,8 @@
status = psa_mac_start( &operation, key_slot, exercise_alg );
if( status == PSA_SUCCESS )
- status = psa_mac_finish( &operation,
- mac, sizeof( mac ), &output_length );
+ status = psa_mac_sign_finish( &operation,
+ mac, sizeof( mac ), &output_length );
if( policy_alg == exercise_alg &&
( policy_usage & PSA_KEY_USAGE_SIGN ) != 0 )
TEST_ASSERT( status == PSA_SUCCESS );
@@ -759,7 +761,7 @@
memset( mac, 0, sizeof( mac ) );
status = psa_mac_start( &operation, key_slot, exercise_alg );
if( status == PSA_SUCCESS )
- status = psa_mac_verify( &operation, mac, sizeof( mac ) );
+ status = psa_mac_verify_finish( &operation, mac, sizeof( mac ) );
if( policy_alg == exercise_alg &&
( policy_usage & PSA_KEY_USAGE_VERIFY ) != 0 )
TEST_ASSERT( status == PSA_ERROR_INVALID_SIGNATURE );
@@ -1198,9 +1200,9 @@
TEST_ASSERT( psa_destroy_key( key_slot ) == PSA_SUCCESS );
TEST_ASSERT( psa_mac_update( &operation,
input->x, input->len ) == PSA_SUCCESS );
- TEST_ASSERT( psa_mac_verify( &operation,
- expected_mac->x,
- expected_mac->len ) == PSA_SUCCESS );
+ TEST_ASSERT( psa_mac_verify_finish( &operation,
+ expected_mac->x,
+ expected_mac->len ) == PSA_SUCCESS );
exit:
psa_destroy_key( key_slot );