TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / 6e6451ec015947de7dd2875e137513aa3b985ebf / . / library / psa_crypto_mac.c
blob: d8e229325d9a309b080f72b8c96a3a1cadf52f7c [file] [log] [blame]
Steven Cooreman896d51e2021-03-19 15:24:23 +0100[diff] [blame]1/*
2 * PSA MAC layer on top of Mbed TLS software crypto
3 */
4/*
5 * Copyright The Mbed TLS Contributors
6 * SPDX-License-Identifier: Apache-2.0
7 *
8 * Licensed under the Apache License, Version 2.0 (the "License"); you may
9 * not use this file except in compliance with the License.
10 * You may obtain a copy of the License at
11 *
12 * http://www.apache.org/licenses/LICENSE-2.0
13 *
14 * Unless required by applicable law or agreed to in writing, software
15 * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
16 * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
17 * See the License for the specific language governing permissions and
18 * limitations under the License.
19 */
20
21#include "common.h"
22
23#if defined(MBEDTLS_PSA_CRYPTO_C)
24
25#include <psa/crypto.h>
26#include "psa_crypto_core.h"
27#include "psa_crypto_mac.h"
Steven Cooreman32d56942021-03-19 17:39:17 +0100[diff] [blame]28#include <mbedtls/md.h>
Steven Cooreman896d51e2021-03-19 15:24:23 +0100[diff] [blame]29
30#include <mbedtls/error.h>
31#include <string.h>
32
33/* Use builtin defines specific to this compilation unit, since the test driver
34 * relies on the software driver. */
35#if( defined(MBEDTLS_PSA_BUILTIN_ALG_CMAC) || \
36 ( defined(PSA_CRYPTO_DRIVER_TEST) && defined(MBEDTLS_PSA_ACCEL_ALG_CMAC) ) )
37#define BUILTIN_ALG_CMAC 1
38#endif
39#if( defined(MBEDTLS_PSA_BUILTIN_ALG_HMAC) || \
40 ( defined(PSA_CRYPTO_DRIVER_TEST) && defined(MBEDTLS_PSA_ACCEL_ALG_HMAC) ) )
41#define BUILTIN_ALG_HMAC 1
42#endif
43
Steven Cooreman32d56942021-03-19 17:39:17 +0100[diff] [blame]44#if defined(MBEDTLS_PSA_BUILTIN_ALG_HMAC) || defined(PSA_CRYPTO_DRIVER_TEST)
45static size_t psa_get_hash_block_size( psa_algorithm_t alg )
46{
47 switch( alg )
48 {
49 case PSA_ALG_MD2:
50 return( 16 );
51 case PSA_ALG_MD4:
52 return( 64 );
53 case PSA_ALG_MD5:
54 return( 64 );
55 case PSA_ALG_RIPEMD160:
56 return( 64 );
57 case PSA_ALG_SHA_1:
58 return( 64 );
59 case PSA_ALG_SHA_224:
60 return( 64 );
61 case PSA_ALG_SHA_256:
62 return( 64 );
63 case PSA_ALG_SHA_384:
64 return( 128 );
65 case PSA_ALG_SHA_512:
66 return( 128 );
67 default:
68 return( 0 );
69 }
70}
71
Steven Cooremanf64b25e2021-03-22 14:49:06 +0100[diff] [blame]72psa_status_t psa_hmac_abort_internal( psa_hmac_internal_data_t *hmac )
Steven Cooreman32d56942021-03-19 17:39:17 +0100[diff] [blame]73{
74 mbedtls_platform_zeroize( hmac->opad, sizeof( hmac->opad ) );
75 return( psa_hash_abort( &hmac->hash_ctx ) );
76}
77
Steven Cooremanf64b25e2021-03-22 14:49:06 +0100[diff] [blame]78psa_status_t psa_hmac_setup_internal( psa_hmac_internal_data_t *hmac,
Steven Cooreman32d56942021-03-19 17:39:17 +0100[diff] [blame]79 const uint8_t *key,
80 size_t key_length,
81 psa_algorithm_t hash_alg )
82{
83 uint8_t ipad[PSA_HMAC_MAX_HASH_BLOCK_SIZE];
84 size_t i;
85 size_t hash_size = PSA_HASH_LENGTH( hash_alg );
86 size_t block_size = psa_get_hash_block_size( hash_alg );
87 psa_status_t status;
88
89 hmac->alg = hash_alg;
90
91 /* Sanity checks on block_size, to guarantee that there won't be a buffer
92 * overflow below. This should never trigger if the hash algorithm
93 * is implemented correctly. */
94 /* The size checks against the ipad and opad buffers cannot be written
95 * `block_size > sizeof( ipad ) || block_size > sizeof( hmac->opad )`
96 * because that triggers -Wlogical-op on GCC 7.3. */
97 if( block_size > sizeof( ipad ) )
98 return( PSA_ERROR_NOT_SUPPORTED );
99 if( block_size > sizeof( hmac->opad ) )
100 return( PSA_ERROR_NOT_SUPPORTED );
101 if( block_size < hash_size )
102 return( PSA_ERROR_NOT_SUPPORTED );
103
104 if( key_length > block_size )
105 {
106 status = psa_hash_compute( hash_alg, key, key_length,
107 ipad, sizeof( ipad ), &key_length );
108 if( status != PSA_SUCCESS )
109 goto cleanup;
110 }
111 /* A 0-length key is not commonly used in HMAC when used as a MAC,
112 * but it is permitted. It is common when HMAC is used in HKDF, for
113 * example. Don't call `memcpy` in the 0-length because `key` could be
114 * an invalid pointer which would make the behavior undefined. */
115 else if( key_length != 0 )
116 memcpy( ipad, key, key_length );
117
118 /* ipad contains the key followed by garbage. Xor and fill with 0x36
119 * to create the ipad value. */
120 for( i = 0; i < key_length; i++ )
121 ipad[i] ^= 0x36;
122 memset( ipad + key_length, 0x36, block_size - key_length );
123
124 /* Copy the key material from ipad to opad, flipping the requisite bits,
125 * and filling the rest of opad with the requisite constant. */
126 for( i = 0; i < key_length; i++ )
127 hmac->opad[i] = ipad[i] ^ 0x36 ^ 0x5C;
128 memset( hmac->opad + key_length, 0x5C, block_size - key_length );
129
130 status = psa_hash_setup( &hmac->hash_ctx, hash_alg );
131 if( status != PSA_SUCCESS )
132 goto cleanup;
133
134 status = psa_hash_update( &hmac->hash_ctx, ipad, block_size );
135
136cleanup:
137 mbedtls_platform_zeroize( ipad, sizeof( ipad ) );
138
139 return( status );
140}
141
Steven Cooremanf64b25e2021-03-22 14:49:06 +0100[diff] [blame]142psa_status_t psa_hmac_update_internal( psa_hmac_internal_data_t *hmac,
Steven Cooreman76720f62021-03-22 12:21:10 +0100[diff] [blame]143 const uint8_t *data,
144 size_t data_length )
145{
146 return( psa_hash_update( &hmac->hash_ctx, data, data_length ) );
147}
148
Steven Cooremanf64b25e2021-03-22 14:49:06 +0100[diff] [blame]149psa_status_t psa_hmac_finish_internal( psa_hmac_internal_data_t *hmac,
Steven Cooreman32d56942021-03-19 17:39:17 +0100[diff] [blame]150 uint8_t *mac,
151 size_t mac_size )
152{
153 uint8_t tmp[MBEDTLS_MD_MAX_SIZE];
154 psa_algorithm_t hash_alg = hmac->alg;
155 size_t hash_size = 0;
156 size_t block_size = psa_get_hash_block_size( hash_alg );
157 psa_status_t status;
158
159 status = psa_hash_finish( &hmac->hash_ctx, tmp, sizeof( tmp ), &hash_size );
160 if( status != PSA_SUCCESS )
161 return( status );
162 /* From here on, tmp needs to be wiped. */
163
164 status = psa_hash_setup( &hmac->hash_ctx, hash_alg );
165 if( status != PSA_SUCCESS )
166 goto exit;
167
168 status = psa_hash_update( &hmac->hash_ctx, hmac->opad, block_size );
169 if( status != PSA_SUCCESS )
170 goto exit;
171
172 status = psa_hash_update( &hmac->hash_ctx, tmp, hash_size );
173 if( status != PSA_SUCCESS )
174 goto exit;
175
176 status = psa_hash_finish( &hmac->hash_ctx, tmp, sizeof( tmp ), &hash_size );
177 if( status != PSA_SUCCESS )
178 goto exit;
179
180 memcpy( mac, tmp, mac_size );
181
182exit:
183 mbedtls_platform_zeroize( tmp, hash_size );
184 return( status );
185}
Steven Cooreman76720f62021-03-22 12:21:10 +0100[diff] [blame]186
Steven Cooremanf64b25e2021-03-22 14:49:06 +0100[diff] [blame]187psa_status_t psa_hmac_clone_internal( const psa_hmac_internal_data_t *source,
188 psa_hmac_internal_data_t *destination )
Steven Cooreman76720f62021-03-22 12:21:10 +0100[diff] [blame]189{
190 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
191
192 destination->alg = source->alg;
193 destination->hash_ctx = psa_hash_operation_init();
194 status = psa_hash_clone( &source->hash_ctx, &destination->hash_ctx );
195 memcpy( destination->opad, source->opad, sizeof( destination->opad ) );
196
197 if( status != PSA_SUCCESS )
198 memset( destination, 0, sizeof( *destination ) );
199
200 return( status );
201}
Steven Cooreman32d56942021-03-19 17:39:17 +0100[diff] [blame]202#endif /* MBEDTLS_PSA_BUILTIN_ALG_HMAC || PSA_CRYPTO_DRIVER_TEST */
203
Steven Cooreman896d51e2021-03-19 15:24:23 +0100[diff] [blame]204/* Implement the PSA driver MAC interface on top of mbed TLS if either the
205 * software driver or the test driver requires it. */
206#if defined(MBEDTLS_PSA_BUILTIN_MAC) || defined(PSA_CRYPTO_DRIVER_TEST)
Steven Cooreman07897832021-03-19 18:28:56 +0100[diff] [blame]207
208#if defined(BUILTIN_ALG_CMAC)
209static psa_status_t cmac_setup( mbedtls_psa_mac_operation_t *operation,
210 const psa_key_attributes_t *attributes,
211 const uint8_t *key_buffer,
212 size_t key_buffer_size )
213{
214 int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
215 const mbedtls_cipher_info_t * cipher_info_tmp =
216 mbedtls_cipher_info_from_psa(
217 PSA_ALG_CMAC,
218 psa_get_key_type( attributes ),
219 psa_get_key_bits( attributes ),
220 NULL );
221
222 if( cipher_info_tmp == NULL )
223 return( PSA_ERROR_NOT_SUPPORTED );
224
225 if( key_buffer_size < PSA_BITS_TO_BYTES( psa_get_key_bits( attributes ) ) )
226 return( PSA_ERROR_INVALID_ARGUMENT );
227
228 ret = mbedtls_cipher_setup( &operation->ctx.cmac, cipher_info_tmp );
229 if( ret != 0 )
230 goto exit;
231
232 ret = mbedtls_cipher_cmac_starts( &operation->ctx.cmac,
233 key_buffer,
234 psa_get_key_bits( attributes ) );
235exit:
236 return( mbedtls_to_psa_error( ret ) );
237}
238#endif /* BUILTIN_ALG_CMAC */
239
240/* Initialize this driver's MAC operation structure. Once this function has been
241 * called, mbedtls_psa_mac_abort can run and will do the right thing. */
242static psa_status_t mac_init(
243 mbedtls_psa_mac_operation_t *operation,
244 psa_algorithm_t alg )
245{
Steven Cooreman6e6451e2021-04-29 16:21:24 +0200[diff] [blame^]246 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
Steven Cooreman07897832021-03-19 18:28:56 +0100[diff] [blame]247
248 operation->alg = PSA_ALG_FULL_LENGTH_MAC( alg );
249 operation->key_set = 0;
Steven Cooreman07897832021-03-19 18:28:56 +0100[diff] [blame]250 operation->has_input = 0;
251 operation->is_sign = 0;
252
253#if defined(BUILTIN_ALG_CMAC)
254 if( operation->alg == PSA_ALG_CMAC )
255 {
Steven Cooreman07897832021-03-19 18:28:56 +0100[diff] [blame]256 mbedtls_cipher_init( &operation->ctx.cmac );
257 status = PSA_SUCCESS;
258 }
259 else
260#endif /* BUILTIN_ALG_CMAC */
261#if defined(BUILTIN_ALG_HMAC)
262 if( PSA_ALG_IS_HMAC( operation->alg ) )
263 {
264 /* We'll set up the hash operation later in psa_hmac_setup_internal. */
265 operation->ctx.hmac.alg = 0;
266 status = PSA_SUCCESS;
267 }
268 else
269#endif /* BUILTIN_ALG_HMAC */
270 {
Steven Cooreman6e6451e2021-04-29 16:21:24 +0200[diff] [blame^]271 status = PSA_ERROR_NOT_SUPPORTED;
Steven Cooreman07897832021-03-19 18:28:56 +0100[diff] [blame]272 }
273
274 if( status != PSA_SUCCESS )
275 memset( operation, 0, sizeof( *operation ) );
276 return( status );
277}
278
279static psa_status_t mac_abort( mbedtls_psa_mac_operation_t *operation )
280{
281 if( operation->alg == 0 )
282 {
283 /* The object has (apparently) been initialized but it is not
284 * in use. It's ok to call abort on such an object, and there's
285 * nothing to do. */
286 return( PSA_SUCCESS );
287 }
288 else
289#if defined(BUILTIN_ALG_CMAC)
290 if( operation->alg == PSA_ALG_CMAC )
291 {
292 mbedtls_cipher_free( &operation->ctx.cmac );
293 }
294 else
295#endif /* BUILTIN_ALG_CMAC */
296#if defined(BUILTIN_ALG_HMAC)
297 if( PSA_ALG_IS_HMAC( operation->alg ) )
298 {
299 psa_hmac_abort_internal( &operation->ctx.hmac );
300 }
301 else
302#endif /* BUILTIN_ALG_HMAC */
303 {
304 /* Sanity check (shouldn't happen: operation->alg should
305 * always have been initialized to a valid value). */
306 goto bad_state;
307 }
308
309 operation->alg = 0;
310 operation->key_set = 0;
Steven Cooreman07897832021-03-19 18:28:56 +0100[diff] [blame]311 operation->has_input = 0;
312 operation->is_sign = 0;
313
314 return( PSA_SUCCESS );
315
316bad_state:
317 /* If abort is called on an uninitialized object, we can't trust
318 * anything. Wipe the object in case it contains confidential data.
319 * This may result in a memory leak if a pointer gets overwritten,
320 * but it's too late to do anything about this. */
321 memset( operation, 0, sizeof( *operation ) );
322 return( PSA_ERROR_BAD_STATE );
323}
324
325static psa_status_t mac_setup( mbedtls_psa_mac_operation_t *operation,
326 const psa_key_attributes_t *attributes,
327 const uint8_t *key_buffer,
328 size_t key_buffer_size,
329 psa_algorithm_t alg,
330 int is_sign )
331{
332 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
333
334 /* A context must be freshly initialized before it can be set up. */
335 if( operation->alg != 0 )
336 {
337 return( PSA_ERROR_BAD_STATE );
338 }
339
340 status = mac_init( operation, alg );
341 if( status != PSA_SUCCESS )
342 return( status );
343 if( is_sign )
344 operation->is_sign = 1;
345
346 /* Get the output length for the algorithm and key combination. None of the
347 * currently supported algorithms have an output length dependent on actual
348 * key size, so setting it to a bogus value is currently OK. */
349 operation->mac_size =
350 PSA_MAC_LENGTH( psa_get_key_type( attributes ), 0, alg );
351
352#if defined(BUILTIN_ALG_CMAC)
353 if( PSA_ALG_FULL_LENGTH_MAC( alg ) == PSA_ALG_CMAC )
354 {
355 status = cmac_setup( operation, attributes,
356 key_buffer, key_buffer_size );
357 }
358 else
359#endif /* BUILTIN_ALG_CMAC */
360#if defined(BUILTIN_ALG_HMAC)
361 if( PSA_ALG_IS_HMAC( alg ) )
362 {
363 /* Sanity check. This shouldn't fail on a valid configuration. */
364 if( operation->mac_size > sizeof( operation->ctx.hmac.opad ) )
365 {
366 status = PSA_ERROR_NOT_SUPPORTED;
367 goto exit;
368 }
369
370 if( psa_get_key_type( attributes ) != PSA_KEY_TYPE_HMAC )
371 {
372 status = PSA_ERROR_INVALID_ARGUMENT;
373 goto exit;
374 }
375
376 status = psa_hmac_setup_internal( &operation->ctx.hmac,
377 key_buffer,
378 key_buffer_size,
379 PSA_ALG_HMAC_GET_HASH( alg ) );
380 }
381 else
382#endif /* BUILTIN_ALG_HMAC */
383 {
384 status = PSA_ERROR_NOT_SUPPORTED;
385 }
386
387exit:
388 if( status == PSA_SUCCESS )
389 operation->key_set = 1;
390 else
391 mac_abort( operation );
392
393 return( status );
394}
395
Steven Cooreman896d51e2021-03-19 15:24:23 +0100[diff] [blame]396static psa_status_t mac_compute(
397 const psa_key_attributes_t *attributes,
398 const uint8_t *key_buffer,
399 size_t key_buffer_size,
400 psa_algorithm_t alg,
401 const uint8_t *input,
402 size_t input_length,
403 uint8_t *mac,
404 size_t mac_size,
405 size_t *mac_length )
406{
Steven Cooreman32d56942021-03-19 17:39:17 +0100[diff] [blame]407 /* One-shot MAC has not been implemented in this PSA implementation yet. */
Steven Cooreman896d51e2021-03-19 15:24:23 +0100[diff] [blame]408 (void) attributes;
409 (void) key_buffer;
410 (void) key_buffer_size;
411 (void) alg;
412 (void) input;
413 (void) input_length;
414 (void) mac;
415 (void) mac_size;
416 (void) mac_length;
417 return( PSA_ERROR_NOT_SUPPORTED );
418}
419
420static psa_status_t mac_sign_setup(
421 mbedtls_psa_mac_operation_t *operation,
422 const psa_key_attributes_t *attributes,
423 const uint8_t *key_buffer,
424 size_t key_buffer_size,
425 psa_algorithm_t alg )
426{
Steven Cooreman07897832021-03-19 18:28:56 +0100[diff] [blame]427 return( mac_setup( operation, attributes, key_buffer, key_buffer_size, alg,
428 1 ) );
Steven Cooreman896d51e2021-03-19 15:24:23 +0100[diff] [blame]429}
430
431static psa_status_t mac_verify_setup(
432 mbedtls_psa_mac_operation_t *operation,
433 const psa_key_attributes_t *attributes,
434 const uint8_t *key_buffer,
435 size_t key_buffer_size,
436 psa_algorithm_t alg )
437{
Steven Cooreman07897832021-03-19 18:28:56 +0100[diff] [blame]438 return( mac_setup( operation, attributes, key_buffer, key_buffer_size, alg,
439 0 ) );
Steven Cooreman896d51e2021-03-19 15:24:23 +0100[diff] [blame]440}
441
442static psa_status_t mac_update(
443 mbedtls_psa_mac_operation_t *operation,
444 const uint8_t *input,
445 size_t input_length )
446{
Steven Cooreman11743f92021-03-19 18:38:46 +0100[diff] [blame]447 if( ! operation->key_set )
448 return( PSA_ERROR_BAD_STATE );
Steven Cooreman11743f92021-03-19 18:38:46 +0100[diff] [blame]449 operation->has_input = 1;
450
451#if defined(BUILTIN_ALG_CMAC)
452 if( operation->alg == PSA_ALG_CMAC )
453 {
454 return( mbedtls_to_psa_error(
455 mbedtls_cipher_cmac_update( &operation->ctx.cmac,
456 input, input_length ) ) );
457 }
458 else
459#endif /* BUILTIN_ALG_CMAC */
460#if defined(BUILTIN_ALG_HMAC)
461 if( PSA_ALG_IS_HMAC( operation->alg ) )
462 {
463 return( psa_hash_update( &operation->ctx.hmac.hash_ctx, input,
464 input_length ) );
465 }
466 else
467#endif /* BUILTIN_ALG_HMAC */
468 {
469 /* This shouldn't happen if `operation` was initialized by
470 * a setup function. */
471 return( PSA_ERROR_BAD_STATE );
472 }
Steven Cooreman896d51e2021-03-19 15:24:23 +0100[diff] [blame]473}
474
Steven Cooreman87885df2021-03-19 19:04:39 +0100[diff] [blame]475static psa_status_t mac_finish_internal( mbedtls_psa_mac_operation_t *operation,
476 uint8_t *mac,
477 size_t mac_size )
478{
479 if( ! operation->key_set )
480 return( PSA_ERROR_BAD_STATE );
Steven Cooreman87885df2021-03-19 19:04:39 +0100[diff] [blame]481
482 if( mac_size < operation->mac_size )
483 return( PSA_ERROR_BUFFER_TOO_SMALL );
484
485#if defined(BUILTIN_ALG_CMAC)
486 if( operation->alg == PSA_ALG_CMAC )
487 {
488 uint8_t tmp[PSA_BLOCK_CIPHER_BLOCK_MAX_SIZE];
489 int ret = mbedtls_cipher_cmac_finish( &operation->ctx.cmac, tmp );
490 if( ret == 0 )
491 memcpy( mac, tmp, operation->mac_size );
492 mbedtls_platform_zeroize( tmp, sizeof( tmp ) );
493 return( mbedtls_to_psa_error( ret ) );
494 }
495 else
496#endif /* BUILTIN_ALG_CMAC */
497#if defined(BUILTIN_ALG_HMAC)
498 if( PSA_ALG_IS_HMAC( operation->alg ) )
499 {
500 return( psa_hmac_finish_internal( &operation->ctx.hmac,
501 mac, operation->mac_size ) );
502 }
503 else
504#endif /* BUILTIN_ALG_HMAC */
505 {
506 /* This shouldn't happen if `operation` was initialized by
507 * a setup function. */
508 return( PSA_ERROR_BAD_STATE );
509 }
510}
511
Steven Cooreman896d51e2021-03-19 15:24:23 +0100[diff] [blame]512static psa_status_t mac_sign_finish(
513 mbedtls_psa_mac_operation_t *operation,
514 uint8_t *mac,
515 size_t mac_size,
516 size_t *mac_length )
517{
Steven Cooreman87885df2021-03-19 19:04:39 +0100[diff] [blame]518 psa_status_t status;
519
520 if( operation->alg == 0 )
521 return( PSA_ERROR_BAD_STATE );
522
523 if( ! operation->is_sign )
524 return( PSA_ERROR_BAD_STATE );
525
526 status = mac_finish_internal( operation, mac, mac_size );
527
528 if( status == PSA_SUCCESS )
529 *mac_length = operation->mac_size;
530
531 return( status );
532}
533
534/* constant-time buffer comparison */
535static inline int safer_memcmp( const uint8_t *a, const uint8_t *b, size_t n )
536{
537 size_t i;
538 unsigned char diff = 0;
539
540 for( i = 0; i < n; i++ )
541 diff |= a[i] ^ b[i];
542
543 return( diff );
Steven Cooreman896d51e2021-03-19 15:24:23 +0100[diff] [blame]544}
545
546static psa_status_t mac_verify_finish(
547 mbedtls_psa_mac_operation_t *operation,
548 const uint8_t *mac,
549 size_t mac_length )
550{
Steven Cooreman87885df2021-03-19 19:04:39 +0100[diff] [blame]551 uint8_t actual_mac[PSA_MAC_MAX_SIZE];
552 psa_status_t status;
553
554 if( operation->alg == 0 )
555 return( PSA_ERROR_BAD_STATE );
556
557 if( operation->is_sign )
558 return( PSA_ERROR_BAD_STATE );
559
560 if( operation->mac_size != mac_length )
561 {
562 status = PSA_ERROR_INVALID_SIGNATURE;
563 goto cleanup;
564 }
565
566 status = mac_finish_internal( operation, actual_mac, sizeof( actual_mac ) );
567 if( status != PSA_SUCCESS )
568 goto cleanup;
569
570 if( safer_memcmp( mac, actual_mac, mac_length ) != 0 )
571 status = PSA_ERROR_INVALID_SIGNATURE;
572
573cleanup:
574 mbedtls_platform_zeroize( actual_mac, sizeof( actual_mac ) );
575
576 return( status );
Steven Cooreman896d51e2021-03-19 15:24:23 +0100[diff] [blame]577}
Steven Cooreman896d51e2021-03-19 15:24:23 +0100[diff] [blame]578#endif /* MBEDTLS_PSA_BUILTIN_MAC || PSA_CRYPTO_DRIVER_TEST */
579
580#if defined(MBEDTLS_PSA_BUILTIN_MAC)
581psa_status_t mbedtls_psa_mac_compute(
582 const psa_key_attributes_t *attributes,
583 const uint8_t *key_buffer,
584 size_t key_buffer_size,
585 psa_algorithm_t alg,
586 const uint8_t *input,
587 size_t input_length,
588 uint8_t *mac,
589 size_t mac_size,
590 size_t *mac_length )
591{
592 return( mac_compute( attributes, key_buffer, key_buffer_size, alg,
593 input, input_length,
594 mac, mac_size, mac_length ) );
595}
596
597psa_status_t mbedtls_psa_mac_sign_setup(
598 mbedtls_psa_mac_operation_t *operation,
599 const psa_key_attributes_t *attributes,
600 const uint8_t *key_buffer,
601 size_t key_buffer_size,
602 psa_algorithm_t alg )
603{
604 return( mac_sign_setup( operation, attributes,
605 key_buffer, key_buffer_size, alg ) );
606}
607
608psa_status_t mbedtls_psa_mac_verify_setup(
609 mbedtls_psa_mac_operation_t *operation,
610 const psa_key_attributes_t *attributes,
611 const uint8_t *key_buffer,
612 size_t key_buffer_size,
613 psa_algorithm_t alg )
614{
615 return( mac_verify_setup( operation, attributes,
616 key_buffer, key_buffer_size, alg ) );
617}
618
619psa_status_t mbedtls_psa_mac_update(
620 mbedtls_psa_mac_operation_t *operation,
621 const uint8_t *input,
622 size_t input_length )
623{
624 return( mac_update( operation, input, input_length ) );
625}
626
627psa_status_t mbedtls_psa_mac_sign_finish(
628 mbedtls_psa_mac_operation_t *operation,
629 uint8_t *mac,
630 size_t mac_size,
631 size_t *mac_length )
632{
633 return( mac_sign_finish( operation, mac, mac_size, mac_length ) );
634}
635
636psa_status_t mbedtls_psa_mac_verify_finish(
637 mbedtls_psa_mac_operation_t *operation,
638 const uint8_t *mac,
639 size_t mac_length )
640{
641 return( mac_verify_finish( operation, mac, mac_length ) );
642}
643
644psa_status_t mbedtls_psa_mac_abort(
645 mbedtls_psa_mac_operation_t *operation )
646{
647 return( mac_abort( operation ) );
648}
649#endif /* MBEDTLS_PSA_BUILTIN_MAC */
650
651 /*
652 * BEYOND THIS POINT, TEST DRIVER ENTRY POINTS ONLY.
653 */
654#if defined(PSA_CRYPTO_DRIVER_TEST)
655
656static int is_mac_accelerated( psa_algorithm_t alg )
657{
658#if defined(MBEDTLS_PSA_ACCEL_ALG_HMAC)
659 if( PSA_ALG_IS_HMAC( alg ) )
660 return( 1 );
661#endif
662
663 switch( PSA_ALG_FULL_LENGTH_MAC( alg ) )
664 {
665#if defined(MBEDTLS_PSA_ACCEL_ALG_CMAC)
666 case PSA_ALG_CMAC:
667 return( 1 );
668#endif
669 default:
670 return( 0 );
671 }
672}
673
674psa_status_t mbedtls_transparent_test_driver_mac_compute(
675 const psa_key_attributes_t *attributes,
676 const uint8_t *key_buffer,
677 size_t key_buffer_size,
678 psa_algorithm_t alg,
679 const uint8_t *input,
680 size_t input_length,
681 uint8_t *mac,
682 size_t mac_size,
683 size_t *mac_length )
684{
685 if( is_mac_accelerated( alg ) )
686 return( mac_compute( attributes, key_buffer, key_buffer_size, alg,
687 input, input_length,
688 mac, mac_size, mac_length ) );
689 else
690 return( PSA_ERROR_NOT_SUPPORTED );
691}
692
693psa_status_t mbedtls_transparent_test_driver_mac_sign_setup(
694 mbedtls_transparent_test_driver_mac_operation_t *operation,
695 const psa_key_attributes_t *attributes,
696 const uint8_t *key_buffer,
697 size_t key_buffer_size,
698 psa_algorithm_t alg )
699{
700 if( is_mac_accelerated( alg ) )
701 return( mac_sign_setup( operation, attributes,
702 key_buffer, key_buffer_size, alg ) );
703 else
704 return( PSA_ERROR_NOT_SUPPORTED );
705}
706
707psa_status_t mbedtls_transparent_test_driver_mac_verify_setup(
708 mbedtls_transparent_test_driver_mac_operation_t *operation,
709 const psa_key_attributes_t *attributes,
710 const uint8_t *key_buffer,
711 size_t key_buffer_size,
712 psa_algorithm_t alg )
713{
714 if( is_mac_accelerated( alg ) )
715 return( mac_verify_setup( operation, attributes,
716 key_buffer, key_buffer_size, alg ) );
717 else
718 return( PSA_ERROR_NOT_SUPPORTED );
719}
720
721psa_status_t mbedtls_transparent_test_driver_mac_update(
722 mbedtls_transparent_test_driver_mac_operation_t *operation,
723 const uint8_t *input,
724 size_t input_length )
725{
726 if( is_mac_accelerated( operation->alg ) )
727 return( mac_update( operation, input, input_length ) );
728 else
729 return( PSA_ERROR_BAD_STATE );
730}
731
732psa_status_t mbedtls_transparent_test_driver_mac_sign_finish(
733 mbedtls_transparent_test_driver_mac_operation_t *operation,
734 uint8_t *mac,
735 size_t mac_size,
736 size_t *mac_length )
737{
738 if( is_mac_accelerated( operation->alg ) )
739 return( mac_sign_finish( operation, mac, mac_size, mac_length ) );
740 else
741 return( PSA_ERROR_BAD_STATE );
742}
743
744psa_status_t mbedtls_transparent_test_driver_mac_verify_finish(
745 mbedtls_transparent_test_driver_mac_operation_t *operation,
746 const uint8_t *mac,
747 size_t mac_length )
748{
749 if( is_mac_accelerated( operation->alg ) )
750 return( mac_verify_finish( operation, mac, mac_length ) );
751 else
752 return( PSA_ERROR_BAD_STATE );
753}
754
755psa_status_t mbedtls_transparent_test_driver_mac_abort(
756 mbedtls_transparent_test_driver_mac_operation_t *operation )
757{
758 return( mac_abort( operation ) );
759}
760
761psa_status_t mbedtls_opaque_test_driver_mac_compute(
762 const psa_key_attributes_t *attributes,
763 const uint8_t *key_buffer,
764 size_t key_buffer_size,
765 psa_algorithm_t alg,
766 const uint8_t *input,
767 size_t input_length,
768 uint8_t *mac,
769 size_t mac_size,
770 size_t *mac_length )
771{
772 /* Opaque driver testing is not implemented yet through this mechanism. */
773 (void) attributes;
774 (void) key_buffer;
775 (void) key_buffer_size;
776 (void) alg;
777 (void) input;
778 (void) input_length;
779 (void) mac;
780 (void) mac_size;
781 (void) mac_length;
782 return( PSA_ERROR_NOT_SUPPORTED );
783}
784
785psa_status_t mbedtls_opaque_test_driver_mac_sign_setup(
786 mbedtls_opaque_test_driver_mac_operation_t *operation,
787 const psa_key_attributes_t *attributes,
788 const uint8_t *key_buffer,
789 size_t key_buffer_size,
790 psa_algorithm_t alg )
791{
792 /* Opaque driver testing is not implemented yet through this mechanism. */
793 (void) operation;
794 (void) attributes;
795 (void) key_buffer;
796 (void) key_buffer_size;
797 (void) alg;
798 return( PSA_ERROR_NOT_SUPPORTED );
799}
800
801psa_status_t mbedtls_opaque_test_driver_mac_verify_setup(
802 mbedtls_opaque_test_driver_mac_operation_t *operation,
803 const psa_key_attributes_t *attributes,
804 const uint8_t *key_buffer,
805 size_t key_buffer_size,
806 psa_algorithm_t alg )
807{
808 /* Opaque driver testing is not implemented yet through this mechanism. */
809 (void) operation;
810 (void) attributes;
811 (void) key_buffer;
812 (void) key_buffer_size;
813 (void) alg;
814 return( PSA_ERROR_NOT_SUPPORTED );
815}
816
817psa_status_t mbedtls_opaque_test_driver_mac_update(
818 mbedtls_opaque_test_driver_mac_operation_t *operation,
819 const uint8_t *input,
820 size_t input_length )
821{
822 /* Opaque driver testing is not implemented yet through this mechanism. */
823 (void) operation;
824 (void) input;
825 (void) input_length;
826 return( PSA_ERROR_NOT_SUPPORTED );
827}
828
829psa_status_t mbedtls_opaque_test_driver_mac_sign_finish(
830 mbedtls_opaque_test_driver_mac_operation_t *operation,
831 uint8_t *mac,
832 size_t mac_size,
833 size_t *mac_length )
834{
835 /* Opaque driver testing is not implemented yet through this mechanism. */
836 (void) operation;
837 (void) mac;
838 (void) mac_size;
839 (void) mac_length;
840 return( PSA_ERROR_NOT_SUPPORTED );
841}
842
843psa_status_t mbedtls_opaque_test_driver_mac_verify_finish(
844 mbedtls_opaque_test_driver_mac_operation_t *operation,
845 const uint8_t *mac,
846 size_t mac_length )
847{
848 /* Opaque driver testing is not implemented yet through this mechanism. */
849 (void) operation;
850 (void) mac;
851 (void) mac_length;
852 return( PSA_ERROR_NOT_SUPPORTED );
853}
854
855psa_status_t mbedtls_opaque_test_driver_mac_abort(
856 mbedtls_opaque_test_driver_mac_operation_t *operation )
857{
858 /* Opaque driver testing is not implemented yet through this mechanism. */
859 (void) operation;
860 return( PSA_ERROR_NOT_SUPPORTED );
861}
862
863#endif /* PSA_CRYPTO_DRIVER_TEST */
864
865#endif /* MBEDTLS_PSA_CRYPTO_C */