TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / 72f736a1912cf85dab2c488a9433f84e300ce901 / . / library / psa_crypto_mac.c
blob: 6753dedf548156c52efbf449ad9307a5cfd78675 [file] [log] [blame]
Steven Cooremand13a70f2021-03-19 15:24:23 +0100[diff] [blame]1/*
2 * PSA MAC layer on top of Mbed TLS software crypto
3 */
4/*
5 * Copyright The Mbed TLS Contributors
6 * SPDX-License-Identifier: Apache-2.0
7 *
8 * Licensed under the Apache License, Version 2.0 (the "License"); you may
9 * not use this file except in compliance with the License.
10 * You may obtain a copy of the License at
11 *
12 * http://www.apache.org/licenses/LICENSE-2.0
13 *
14 * Unless required by applicable law or agreed to in writing, software
15 * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
16 * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
17 * See the License for the specific language governing permissions and
18 * limitations under the License.
19 */
20
21#include "common.h"
22
23#if defined(MBEDTLS_PSA_CRYPTO_C)
24
25#include <psa/crypto.h>
26#include "psa_crypto_core.h"
27#include "psa_crypto_mac.h"
Steven Cooreman82c66b62021-03-19 17:39:17 +0100[diff] [blame]28#include <mbedtls/md.h>
Steven Cooremand13a70f2021-03-19 15:24:23 +0100[diff] [blame]29
30#include <mbedtls/error.h>
31#include <string.h>
32
33/* Use builtin defines specific to this compilation unit, since the test driver
34 * relies on the software driver. */
35#if( defined(MBEDTLS_PSA_BUILTIN_ALG_CMAC) || \
36 ( defined(PSA_CRYPTO_DRIVER_TEST) && defined(MBEDTLS_PSA_ACCEL_ALG_CMAC) ) )
37#define BUILTIN_ALG_CMAC 1
38#endif
39#if( defined(MBEDTLS_PSA_BUILTIN_ALG_HMAC) || \
40 ( defined(PSA_CRYPTO_DRIVER_TEST) && defined(MBEDTLS_PSA_ACCEL_ALG_HMAC) ) )
41#define BUILTIN_ALG_HMAC 1
42#endif
43
Steven Cooreman82c66b62021-03-19 17:39:17 +0100[diff] [blame]44#if defined(MBEDTLS_PSA_BUILTIN_ALG_HMAC) || defined(PSA_CRYPTO_DRIVER_TEST)
45static size_t psa_get_hash_block_size( psa_algorithm_t alg )
46{
47 switch( alg )
48 {
49 case PSA_ALG_MD2:
50 return( 16 );
51 case PSA_ALG_MD4:
52 return( 64 );
53 case PSA_ALG_MD5:
54 return( 64 );
55 case PSA_ALG_RIPEMD160:
56 return( 64 );
57 case PSA_ALG_SHA_1:
58 return( 64 );
59 case PSA_ALG_SHA_224:
60 return( 64 );
61 case PSA_ALG_SHA_256:
62 return( 64 );
63 case PSA_ALG_SHA_384:
64 return( 128 );
65 case PSA_ALG_SHA_512:
66 return( 128 );
67 default:
68 return( 0 );
69 }
70}
71
Steven Cooremana6df6042021-04-29 19:32:25 +0200[diff] [blame]72static psa_status_t psa_hmac_abort_internal(
73 mbedtls_psa_hmac_operation_t *hmac )
Steven Cooreman82c66b62021-03-19 17:39:17 +0100[diff] [blame]74{
75 mbedtls_platform_zeroize( hmac->opad, sizeof( hmac->opad ) );
76 return( psa_hash_abort( &hmac->hash_ctx ) );
77}
78
Steven Cooremana6df6042021-04-29 19:32:25 +0200[diff] [blame]79static psa_status_t psa_hmac_setup_internal(
80 mbedtls_psa_hmac_operation_t *hmac,
81 const uint8_t *key,
82 size_t key_length,
83 psa_algorithm_t hash_alg )
Steven Cooreman82c66b62021-03-19 17:39:17 +0100[diff] [blame]84{
85 uint8_t ipad[PSA_HMAC_MAX_HASH_BLOCK_SIZE];
86 size_t i;
87 size_t hash_size = PSA_HASH_LENGTH( hash_alg );
88 size_t block_size = psa_get_hash_block_size( hash_alg );
89 psa_status_t status;
90
91 hmac->alg = hash_alg;
92
93 /* Sanity checks on block_size, to guarantee that there won't be a buffer
94 * overflow below. This should never trigger if the hash algorithm
95 * is implemented correctly. */
96 /* The size checks against the ipad and opad buffers cannot be written
97 * `block_size > sizeof( ipad ) || block_size > sizeof( hmac->opad )`
98 * because that triggers -Wlogical-op on GCC 7.3. */
99 if( block_size > sizeof( ipad ) )
100 return( PSA_ERROR_NOT_SUPPORTED );
101 if( block_size > sizeof( hmac->opad ) )
102 return( PSA_ERROR_NOT_SUPPORTED );
103 if( block_size < hash_size )
104 return( PSA_ERROR_NOT_SUPPORTED );
105
106 if( key_length > block_size )
107 {
108 status = psa_hash_compute( hash_alg, key, key_length,
109 ipad, sizeof( ipad ), &key_length );
110 if( status != PSA_SUCCESS )
111 goto cleanup;
112 }
113 /* A 0-length key is not commonly used in HMAC when used as a MAC,
114 * but it is permitted. It is common when HMAC is used in HKDF, for
115 * example. Don't call `memcpy` in the 0-length because `key` could be
116 * an invalid pointer which would make the behavior undefined. */
117 else if( key_length != 0 )
118 memcpy( ipad, key, key_length );
119
120 /* ipad contains the key followed by garbage. Xor and fill with 0x36
121 * to create the ipad value. */
122 for( i = 0; i < key_length; i++ )
123 ipad[i] ^= 0x36;
124 memset( ipad + key_length, 0x36, block_size - key_length );
125
126 /* Copy the key material from ipad to opad, flipping the requisite bits,
127 * and filling the rest of opad with the requisite constant. */
128 for( i = 0; i < key_length; i++ )
129 hmac->opad[i] = ipad[i] ^ 0x36 ^ 0x5C;
130 memset( hmac->opad + key_length, 0x5C, block_size - key_length );
131
132 status = psa_hash_setup( &hmac->hash_ctx, hash_alg );
133 if( status != PSA_SUCCESS )
134 goto cleanup;
135
136 status = psa_hash_update( &hmac->hash_ctx, ipad, block_size );
137
138cleanup:
139 mbedtls_platform_zeroize( ipad, sizeof( ipad ) );
140
141 return( status );
142}
143
Steven Cooremana6df6042021-04-29 19:32:25 +0200[diff] [blame]144static psa_status_t psa_hmac_update_internal(
145 mbedtls_psa_hmac_operation_t *hmac,
146 const uint8_t *data,
147 size_t data_length )
Steven Cooreman4fdf0602021-03-22 12:21:10 +0100[diff] [blame]148{
149 return( psa_hash_update( &hmac->hash_ctx, data, data_length ) );
150}
151
Steven Cooremana6df6042021-04-29 19:32:25 +0200[diff] [blame]152static psa_status_t psa_hmac_finish_internal(
153 mbedtls_psa_hmac_operation_t *hmac,
154 uint8_t *mac,
155 size_t mac_size )
Steven Cooreman82c66b62021-03-19 17:39:17 +0100[diff] [blame]156{
157 uint8_t tmp[MBEDTLS_MD_MAX_SIZE];
158 psa_algorithm_t hash_alg = hmac->alg;
159 size_t hash_size = 0;
160 size_t block_size = psa_get_hash_block_size( hash_alg );
161 psa_status_t status;
162
163 status = psa_hash_finish( &hmac->hash_ctx, tmp, sizeof( tmp ), &hash_size );
164 if( status != PSA_SUCCESS )
165 return( status );
166 /* From here on, tmp needs to be wiped. */
167
168 status = psa_hash_setup( &hmac->hash_ctx, hash_alg );
169 if( status != PSA_SUCCESS )
170 goto exit;
171
172 status = psa_hash_update( &hmac->hash_ctx, hmac->opad, block_size );
173 if( status != PSA_SUCCESS )
174 goto exit;
175
176 status = psa_hash_update( &hmac->hash_ctx, tmp, hash_size );
177 if( status != PSA_SUCCESS )
178 goto exit;
179
180 status = psa_hash_finish( &hmac->hash_ctx, tmp, sizeof( tmp ), &hash_size );
181 if( status != PSA_SUCCESS )
182 goto exit;
183
184 memcpy( mac, tmp, mac_size );
185
186exit:
187 mbedtls_platform_zeroize( tmp, hash_size );
188 return( status );
189}
190#endif /* MBEDTLS_PSA_BUILTIN_ALG_HMAC || PSA_CRYPTO_DRIVER_TEST */
191
Steven Cooremand13a70f2021-03-19 15:24:23 +0100[diff] [blame]192/* Implement the PSA driver MAC interface on top of mbed TLS if either the
193 * software driver or the test driver requires it. */
194#if defined(MBEDTLS_PSA_BUILTIN_MAC) || defined(PSA_CRYPTO_DRIVER_TEST)
Steven Cooremane6804192021-03-19 18:28:56 +0100[diff] [blame]195
196#if defined(BUILTIN_ALG_CMAC)
197static psa_status_t cmac_setup( mbedtls_psa_mac_operation_t *operation,
198 const psa_key_attributes_t *attributes,
Steven Cooremandcd08112021-05-06 18:00:37 +0200[diff] [blame]199 const uint8_t *key_buffer )
Steven Cooremane6804192021-03-19 18:28:56 +0100[diff] [blame]200{
201 int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
Steven Cooreman094a77e2021-05-06 17:58:36 +0200[diff] [blame]202 const mbedtls_cipher_info_t * cipher_info =
Steven Cooremane6804192021-03-19 18:28:56 +0100[diff] [blame]203 mbedtls_cipher_info_from_psa(
204 PSA_ALG_CMAC,
205 psa_get_key_type( attributes ),
206 psa_get_key_bits( attributes ),
207 NULL );
208
Steven Cooreman094a77e2021-05-06 17:58:36 +0200[diff] [blame]209 if( cipher_info == NULL )
Steven Cooremane6804192021-03-19 18:28:56 +0100[diff] [blame]210 return( PSA_ERROR_NOT_SUPPORTED );
211
Steven Cooreman094a77e2021-05-06 17:58:36 +0200[diff] [blame]212 ret = mbedtls_cipher_setup( &operation->ctx.cmac, cipher_info );
Steven Cooremane6804192021-03-19 18:28:56 +0100[diff] [blame]213 if( ret != 0 )
214 goto exit;
215
216 ret = mbedtls_cipher_cmac_starts( &operation->ctx.cmac,
217 key_buffer,
218 psa_get_key_bits( attributes ) );
219exit:
220 return( mbedtls_to_psa_error( ret ) );
221}
222#endif /* BUILTIN_ALG_CMAC */
223
224/* Initialize this driver's MAC operation structure. Once this function has been
225 * called, mbedtls_psa_mac_abort can run and will do the right thing. */
226static psa_status_t mac_init(
227 mbedtls_psa_mac_operation_t *operation,
228 psa_algorithm_t alg )
229{
Steven Cooremanba9a5bf2021-04-29 16:21:24 +0200[diff] [blame]230 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
Steven Cooremane6804192021-03-19 18:28:56 +0100[diff] [blame]231
Steven Cooreman72f736a2021-05-07 14:14:37 +0200[diff] [blame^]232 operation->alg = alg;
Steven Cooremane6804192021-03-19 18:28:56 +0100[diff] [blame]233
234#if defined(BUILTIN_ALG_CMAC)
Steven Cooreman72f736a2021-05-07 14:14:37 +0200[diff] [blame^]235 if( PSA_ALG_FULL_LENGTH_MAC( operation->alg ) == PSA_ALG_CMAC )
Steven Cooremane6804192021-03-19 18:28:56 +0100[diff] [blame]236 {
Steven Cooremane6804192021-03-19 18:28:56 +0100[diff] [blame]237 mbedtls_cipher_init( &operation->ctx.cmac );
238 status = PSA_SUCCESS;
239 }
240 else
241#endif /* BUILTIN_ALG_CMAC */
242#if defined(BUILTIN_ALG_HMAC)
243 if( PSA_ALG_IS_HMAC( operation->alg ) )
244 {
245 /* We'll set up the hash operation later in psa_hmac_setup_internal. */
246 operation->ctx.hmac.alg = 0;
247 status = PSA_SUCCESS;
248 }
249 else
250#endif /* BUILTIN_ALG_HMAC */
251 {
Steven Cooremanba9a5bf2021-04-29 16:21:24 +0200[diff] [blame]252 status = PSA_ERROR_NOT_SUPPORTED;
Steven Cooremane6804192021-03-19 18:28:56 +0100[diff] [blame]253 }
254
255 if( status != PSA_SUCCESS )
256 memset( operation, 0, sizeof( *operation ) );
257 return( status );
258}
259
260static psa_status_t mac_abort( mbedtls_psa_mac_operation_t *operation )
261{
262 if( operation->alg == 0 )
263 {
264 /* The object has (apparently) been initialized but it is not
265 * in use. It's ok to call abort on such an object, and there's
266 * nothing to do. */
267 return( PSA_SUCCESS );
268 }
269 else
270#if defined(BUILTIN_ALG_CMAC)
Steven Cooreman72f736a2021-05-07 14:14:37 +0200[diff] [blame^]271 if( PSA_ALG_FULL_LENGTH_MAC( operation->alg ) == PSA_ALG_CMAC )
Steven Cooremane6804192021-03-19 18:28:56 +0100[diff] [blame]272 {
273 mbedtls_cipher_free( &operation->ctx.cmac );
274 }
275 else
276#endif /* BUILTIN_ALG_CMAC */
277#if defined(BUILTIN_ALG_HMAC)
278 if( PSA_ALG_IS_HMAC( operation->alg ) )
279 {
280 psa_hmac_abort_internal( &operation->ctx.hmac );
281 }
282 else
283#endif /* BUILTIN_ALG_HMAC */
284 {
285 /* Sanity check (shouldn't happen: operation->alg should
286 * always have been initialized to a valid value). */
287 goto bad_state;
288 }
289
290 operation->alg = 0;
Steven Cooremane6804192021-03-19 18:28:56 +0100[diff] [blame]291
292 return( PSA_SUCCESS );
293
294bad_state:
295 /* If abort is called on an uninitialized object, we can't trust
296 * anything. Wipe the object in case it contains confidential data.
297 * This may result in a memory leak if a pointer gets overwritten,
298 * but it's too late to do anything about this. */
299 memset( operation, 0, sizeof( *operation ) );
300 return( PSA_ERROR_BAD_STATE );
301}
302
303static psa_status_t mac_setup( mbedtls_psa_mac_operation_t *operation,
304 const psa_key_attributes_t *attributes,
305 const uint8_t *key_buffer,
306 size_t key_buffer_size,
Steven Cooreman72f736a2021-05-07 14:14:37 +0200[diff] [blame^]307 psa_algorithm_t alg )
Steven Cooremane6804192021-03-19 18:28:56 +0100[diff] [blame]308{
309 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
310
311 /* A context must be freshly initialized before it can be set up. */
312 if( operation->alg != 0 )
Steven Cooremane6804192021-03-19 18:28:56 +0100[diff] [blame]313 return( PSA_ERROR_BAD_STATE );
Steven Cooremane6804192021-03-19 18:28:56 +0100[diff] [blame]314
315 status = mac_init( operation, alg );
316 if( status != PSA_SUCCESS )
317 return( status );
Steven Cooremane6804192021-03-19 18:28:56 +0100[diff] [blame]318
319#if defined(BUILTIN_ALG_CMAC)
320 if( PSA_ALG_FULL_LENGTH_MAC( alg ) == PSA_ALG_CMAC )
321 {
Steven Cooremandcd08112021-05-06 18:00:37 +0200[diff] [blame]322 /* Key buffer size for CMAC is dictated by the key bits set on the
323 * attributes, and previously validated by the core on key import. */
324 (void) key_buffer_size;
325 status = cmac_setup( operation, attributes, key_buffer );
Steven Cooremane6804192021-03-19 18:28:56 +0100[diff] [blame]326 }
327 else
328#endif /* BUILTIN_ALG_CMAC */
329#if defined(BUILTIN_ALG_HMAC)
330 if( PSA_ALG_IS_HMAC( alg ) )
331 {
332 /* Sanity check. This shouldn't fail on a valid configuration. */
Steven Cooreman72f736a2021-05-07 14:14:37 +0200[diff] [blame^]333 if( PSA_MAC_LENGTH( psa_get_key_type( attributes ), 0, alg ) >
334 sizeof( operation->ctx.hmac.opad ) )
Steven Cooremane6804192021-03-19 18:28:56 +0100[diff] [blame]335 {
336 status = PSA_ERROR_NOT_SUPPORTED;
337 goto exit;
338 }
339
340 if( psa_get_key_type( attributes ) != PSA_KEY_TYPE_HMAC )
341 {
342 status = PSA_ERROR_INVALID_ARGUMENT;
343 goto exit;
344 }
345
346 status = psa_hmac_setup_internal( &operation->ctx.hmac,
347 key_buffer,
348 key_buffer_size,
349 PSA_ALG_HMAC_GET_HASH( alg ) );
350 }
351 else
352#endif /* BUILTIN_ALG_HMAC */
353 {
354 status = PSA_ERROR_NOT_SUPPORTED;
355 }
356
Steven Cooremana4638e72021-04-29 16:24:36 +0200[diff] [blame]357 if( status != PSA_SUCCESS )
Steven Cooremane6804192021-03-19 18:28:56 +0100[diff] [blame]358 mac_abort( operation );
359
360 return( status );
361}
362
Steven Cooremand13a70f2021-03-19 15:24:23 +0100[diff] [blame]363static psa_status_t mac_compute(
364 const psa_key_attributes_t *attributes,
365 const uint8_t *key_buffer,
366 size_t key_buffer_size,
367 psa_algorithm_t alg,
368 const uint8_t *input,
369 size_t input_length,
370 uint8_t *mac,
371 size_t mac_size,
372 size_t *mac_length )
373{
Steven Cooreman82c66b62021-03-19 17:39:17 +0100[diff] [blame]374 /* One-shot MAC has not been implemented in this PSA implementation yet. */
Steven Cooremand13a70f2021-03-19 15:24:23 +0100[diff] [blame]375 (void) attributes;
376 (void) key_buffer;
377 (void) key_buffer_size;
378 (void) alg;
379 (void) input;
380 (void) input_length;
381 (void) mac;
382 (void) mac_size;
383 (void) mac_length;
384 return( PSA_ERROR_NOT_SUPPORTED );
385}
386
387static psa_status_t mac_sign_setup(
388 mbedtls_psa_mac_operation_t *operation,
389 const psa_key_attributes_t *attributes,
390 const uint8_t *key_buffer,
391 size_t key_buffer_size,
392 psa_algorithm_t alg )
393{
Steven Cooreman72f736a2021-05-07 14:14:37 +0200[diff] [blame^]394 return( mac_setup( operation,
395 attributes, key_buffer, key_buffer_size, alg ) );
Steven Cooremand13a70f2021-03-19 15:24:23 +0100[diff] [blame]396}
397
398static psa_status_t mac_verify_setup(
399 mbedtls_psa_mac_operation_t *operation,
400 const psa_key_attributes_t *attributes,
401 const uint8_t *key_buffer,
402 size_t key_buffer_size,
403 psa_algorithm_t alg )
404{
Steven Cooreman72f736a2021-05-07 14:14:37 +0200[diff] [blame^]405 return( mac_setup( operation,
406 attributes, key_buffer, key_buffer_size, alg ) );
Steven Cooremand13a70f2021-03-19 15:24:23 +0100[diff] [blame]407}
408
409static psa_status_t mac_update(
410 mbedtls_psa_mac_operation_t *operation,
411 const uint8_t *input,
412 size_t input_length )
413{
Steven Cooremana4638e72021-04-29 16:24:36 +0200[diff] [blame]414 if( operation->alg == 0 )
Steven Cooreman6e7f2912021-03-19 18:38:46 +0100[diff] [blame]415 return( PSA_ERROR_BAD_STATE );
Steven Cooreman6e7f2912021-03-19 18:38:46 +0100[diff] [blame]416
417#if defined(BUILTIN_ALG_CMAC)
Steven Cooreman72f736a2021-05-07 14:14:37 +0200[diff] [blame^]418 if( PSA_ALG_FULL_LENGTH_MAC( operation->alg ) == PSA_ALG_CMAC )
Steven Cooreman6e7f2912021-03-19 18:38:46 +0100[diff] [blame]419 {
420 return( mbedtls_to_psa_error(
421 mbedtls_cipher_cmac_update( &operation->ctx.cmac,
422 input, input_length ) ) );
423 }
424 else
425#endif /* BUILTIN_ALG_CMAC */
426#if defined(BUILTIN_ALG_HMAC)
427 if( PSA_ALG_IS_HMAC( operation->alg ) )
428 {
Steven Cooremana6df6042021-04-29 19:32:25 +0200[diff] [blame]429 return( psa_hmac_update_internal( &operation->ctx.hmac,
430 input, input_length ) );
Steven Cooreman6e7f2912021-03-19 18:38:46 +0100[diff] [blame]431 }
432 else
433#endif /* BUILTIN_ALG_HMAC */
434 {
435 /* This shouldn't happen if `operation` was initialized by
436 * a setup function. */
437 return( PSA_ERROR_BAD_STATE );
438 }
Steven Cooremand13a70f2021-03-19 15:24:23 +0100[diff] [blame]439}
440
Steven Cooremana5b860a2021-03-19 19:04:39 +0100[diff] [blame]441static psa_status_t mac_finish_internal( mbedtls_psa_mac_operation_t *operation,
442 uint8_t *mac,
443 size_t mac_size )
444{
Steven Cooremana5b860a2021-03-19 19:04:39 +0100[diff] [blame]445#if defined(BUILTIN_ALG_CMAC)
Steven Cooreman72f736a2021-05-07 14:14:37 +0200[diff] [blame^]446 if( PSA_ALG_FULL_LENGTH_MAC( operation->alg ) == PSA_ALG_CMAC )
Steven Cooremana5b860a2021-03-19 19:04:39 +0100[diff] [blame]447 {
448 uint8_t tmp[PSA_BLOCK_CIPHER_BLOCK_MAX_SIZE];
449 int ret = mbedtls_cipher_cmac_finish( &operation->ctx.cmac, tmp );
450 if( ret == 0 )
Steven Cooreman72f736a2021-05-07 14:14:37 +0200[diff] [blame^]451 memcpy( mac, tmp, mac_size );
Steven Cooremana5b860a2021-03-19 19:04:39 +0100[diff] [blame]452 mbedtls_platform_zeroize( tmp, sizeof( tmp ) );
453 return( mbedtls_to_psa_error( ret ) );
454 }
455 else
456#endif /* BUILTIN_ALG_CMAC */
457#if defined(BUILTIN_ALG_HMAC)
458 if( PSA_ALG_IS_HMAC( operation->alg ) )
459 {
460 return( psa_hmac_finish_internal( &operation->ctx.hmac,
Steven Cooreman72f736a2021-05-07 14:14:37 +0200[diff] [blame^]461 mac, mac_size ) );
Steven Cooremana5b860a2021-03-19 19:04:39 +0100[diff] [blame]462 }
463 else
464#endif /* BUILTIN_ALG_HMAC */
465 {
466 /* This shouldn't happen if `operation` was initialized by
467 * a setup function. */
Steven Cooreman72f736a2021-05-07 14:14:37 +0200[diff] [blame^]468 (void) operation;
469 (void) mac;
470 (void) mac_size;
Steven Cooremana5b860a2021-03-19 19:04:39 +0100[diff] [blame]471 return( PSA_ERROR_BAD_STATE );
472 }
473}
474
Steven Cooremand13a70f2021-03-19 15:24:23 +0100[diff] [blame]475static psa_status_t mac_sign_finish(
476 mbedtls_psa_mac_operation_t *operation,
477 uint8_t *mac,
478 size_t mac_size,
479 size_t *mac_length )
480{
Steven Cooreman094a77e2021-05-06 17:58:36 +0200[diff] [blame]481 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
Steven Cooremana5b860a2021-03-19 19:04:39 +0100[diff] [blame]482
483 if( operation->alg == 0 )
484 return( PSA_ERROR_BAD_STATE );
485
Steven Cooremana5b860a2021-03-19 19:04:39 +0100[diff] [blame]486 status = mac_finish_internal( operation, mac, mac_size );
487
488 if( status == PSA_SUCCESS )
Steven Cooreman72f736a2021-05-07 14:14:37 +0200[diff] [blame^]489 *mac_length = mac_size;
Steven Cooremana5b860a2021-03-19 19:04:39 +0100[diff] [blame]490
491 return( status );
492}
493
Steven Cooremand13a70f2021-03-19 15:24:23 +0100[diff] [blame]494static psa_status_t mac_verify_finish(
495 mbedtls_psa_mac_operation_t *operation,
496 const uint8_t *mac,
497 size_t mac_length )
498{
Steven Cooremana5b860a2021-03-19 19:04:39 +0100[diff] [blame]499 uint8_t actual_mac[PSA_MAC_MAX_SIZE];
Steven Cooreman094a77e2021-05-06 17:58:36 +0200[diff] [blame]500 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
Steven Cooremana5b860a2021-03-19 19:04:39 +0100[diff] [blame]501
502 if( operation->alg == 0 )
503 return( PSA_ERROR_BAD_STATE );
504
Steven Cooreman72f736a2021-05-07 14:14:37 +0200[diff] [blame^]505 /* Consistency check: requested MAC length fits our local buffer */
506 if( mac_length > sizeof( actual_mac ) )
507 return( PSA_ERROR_INVALID_ARGUMENT );
Steven Cooremana5b860a2021-03-19 19:04:39 +0100[diff] [blame]508
Steven Cooreman72f736a2021-05-07 14:14:37 +0200[diff] [blame^]509 status = mac_finish_internal( operation, actual_mac, mac_length );
Steven Cooremana5b860a2021-03-19 19:04:39 +0100[diff] [blame]510 if( status != PSA_SUCCESS )
511 goto cleanup;
512
Steven Cooreman36876a02021-04-29 16:37:59 +0200[diff] [blame]513 if( mbedtls_psa_safer_memcmp( mac, actual_mac, mac_length ) != 0 )
Steven Cooremana5b860a2021-03-19 19:04:39 +0100[diff] [blame]514 status = PSA_ERROR_INVALID_SIGNATURE;
515
516cleanup:
517 mbedtls_platform_zeroize( actual_mac, sizeof( actual_mac ) );
518
519 return( status );
Steven Cooremand13a70f2021-03-19 15:24:23 +0100[diff] [blame]520}
Steven Cooremand13a70f2021-03-19 15:24:23 +0100[diff] [blame]521#endif /* MBEDTLS_PSA_BUILTIN_MAC || PSA_CRYPTO_DRIVER_TEST */
522
523#if defined(MBEDTLS_PSA_BUILTIN_MAC)
524psa_status_t mbedtls_psa_mac_compute(
525 const psa_key_attributes_t *attributes,
526 const uint8_t *key_buffer,
527 size_t key_buffer_size,
528 psa_algorithm_t alg,
529 const uint8_t *input,
530 size_t input_length,
531 uint8_t *mac,
532 size_t mac_size,
533 size_t *mac_length )
534{
535 return( mac_compute( attributes, key_buffer, key_buffer_size, alg,
536 input, input_length,
537 mac, mac_size, mac_length ) );
538}
539
540psa_status_t mbedtls_psa_mac_sign_setup(
541 mbedtls_psa_mac_operation_t *operation,
542 const psa_key_attributes_t *attributes,
543 const uint8_t *key_buffer,
544 size_t key_buffer_size,
545 psa_algorithm_t alg )
546{
547 return( mac_sign_setup( operation, attributes,
548 key_buffer, key_buffer_size, alg ) );
549}
550
551psa_status_t mbedtls_psa_mac_verify_setup(
552 mbedtls_psa_mac_operation_t *operation,
553 const psa_key_attributes_t *attributes,
554 const uint8_t *key_buffer,
555 size_t key_buffer_size,
556 psa_algorithm_t alg )
557{
558 return( mac_verify_setup( operation, attributes,
559 key_buffer, key_buffer_size, alg ) );
560}
561
562psa_status_t mbedtls_psa_mac_update(
563 mbedtls_psa_mac_operation_t *operation,
564 const uint8_t *input,
565 size_t input_length )
566{
567 return( mac_update( operation, input, input_length ) );
568}
569
570psa_status_t mbedtls_psa_mac_sign_finish(
571 mbedtls_psa_mac_operation_t *operation,
572 uint8_t *mac,
573 size_t mac_size,
574 size_t *mac_length )
575{
576 return( mac_sign_finish( operation, mac, mac_size, mac_length ) );
577}
578
579psa_status_t mbedtls_psa_mac_verify_finish(
580 mbedtls_psa_mac_operation_t *operation,
581 const uint8_t *mac,
582 size_t mac_length )
583{
584 return( mac_verify_finish( operation, mac, mac_length ) );
585}
586
587psa_status_t mbedtls_psa_mac_abort(
588 mbedtls_psa_mac_operation_t *operation )
589{
590 return( mac_abort( operation ) );
591}
592#endif /* MBEDTLS_PSA_BUILTIN_MAC */
593
594 /*
595 * BEYOND THIS POINT, TEST DRIVER ENTRY POINTS ONLY.
596 */
597#if defined(PSA_CRYPTO_DRIVER_TEST)
598
599static int is_mac_accelerated( psa_algorithm_t alg )
600{
601#if defined(MBEDTLS_PSA_ACCEL_ALG_HMAC)
602 if( PSA_ALG_IS_HMAC( alg ) )
603 return( 1 );
604#endif
605
606 switch( PSA_ALG_FULL_LENGTH_MAC( alg ) )
607 {
608#if defined(MBEDTLS_PSA_ACCEL_ALG_CMAC)
609 case PSA_ALG_CMAC:
610 return( 1 );
611#endif
612 default:
613 return( 0 );
614 }
615}
616
617psa_status_t mbedtls_transparent_test_driver_mac_compute(
618 const psa_key_attributes_t *attributes,
619 const uint8_t *key_buffer,
620 size_t key_buffer_size,
621 psa_algorithm_t alg,
622 const uint8_t *input,
623 size_t input_length,
624 uint8_t *mac,
625 size_t mac_size,
626 size_t *mac_length )
627{
628 if( is_mac_accelerated( alg ) )
629 return( mac_compute( attributes, key_buffer, key_buffer_size, alg,
630 input, input_length,
631 mac, mac_size, mac_length ) );
632 else
633 return( PSA_ERROR_NOT_SUPPORTED );
634}
635
636psa_status_t mbedtls_transparent_test_driver_mac_sign_setup(
637 mbedtls_transparent_test_driver_mac_operation_t *operation,
638 const psa_key_attributes_t *attributes,
639 const uint8_t *key_buffer,
640 size_t key_buffer_size,
641 psa_algorithm_t alg )
642{
643 if( is_mac_accelerated( alg ) )
644 return( mac_sign_setup( operation, attributes,
645 key_buffer, key_buffer_size, alg ) );
646 else
647 return( PSA_ERROR_NOT_SUPPORTED );
648}
649
650psa_status_t mbedtls_transparent_test_driver_mac_verify_setup(
651 mbedtls_transparent_test_driver_mac_operation_t *operation,
652 const psa_key_attributes_t *attributes,
653 const uint8_t *key_buffer,
654 size_t key_buffer_size,
655 psa_algorithm_t alg )
656{
657 if( is_mac_accelerated( alg ) )
658 return( mac_verify_setup( operation, attributes,
659 key_buffer, key_buffer_size, alg ) );
660 else
661 return( PSA_ERROR_NOT_SUPPORTED );
662}
663
664psa_status_t mbedtls_transparent_test_driver_mac_update(
665 mbedtls_transparent_test_driver_mac_operation_t *operation,
666 const uint8_t *input,
667 size_t input_length )
668{
669 if( is_mac_accelerated( operation->alg ) )
670 return( mac_update( operation, input, input_length ) );
671 else
672 return( PSA_ERROR_BAD_STATE );
673}
674
675psa_status_t mbedtls_transparent_test_driver_mac_sign_finish(
676 mbedtls_transparent_test_driver_mac_operation_t *operation,
677 uint8_t *mac,
678 size_t mac_size,
679 size_t *mac_length )
680{
681 if( is_mac_accelerated( operation->alg ) )
682 return( mac_sign_finish( operation, mac, mac_size, mac_length ) );
683 else
684 return( PSA_ERROR_BAD_STATE );
685}
686
687psa_status_t mbedtls_transparent_test_driver_mac_verify_finish(
688 mbedtls_transparent_test_driver_mac_operation_t *operation,
689 const uint8_t *mac,
690 size_t mac_length )
691{
692 if( is_mac_accelerated( operation->alg ) )
693 return( mac_verify_finish( operation, mac, mac_length ) );
694 else
695 return( PSA_ERROR_BAD_STATE );
696}
697
698psa_status_t mbedtls_transparent_test_driver_mac_abort(
699 mbedtls_transparent_test_driver_mac_operation_t *operation )
700{
701 return( mac_abort( operation ) );
702}
703
704psa_status_t mbedtls_opaque_test_driver_mac_compute(
705 const psa_key_attributes_t *attributes,
706 const uint8_t *key_buffer,
707 size_t key_buffer_size,
708 psa_algorithm_t alg,
709 const uint8_t *input,
710 size_t input_length,
711 uint8_t *mac,
712 size_t mac_size,
713 size_t *mac_length )
714{
715 /* Opaque driver testing is not implemented yet through this mechanism. */
716 (void) attributes;
717 (void) key_buffer;
718 (void) key_buffer_size;
719 (void) alg;
720 (void) input;
721 (void) input_length;
722 (void) mac;
723 (void) mac_size;
724 (void) mac_length;
725 return( PSA_ERROR_NOT_SUPPORTED );
726}
727
728psa_status_t mbedtls_opaque_test_driver_mac_sign_setup(
729 mbedtls_opaque_test_driver_mac_operation_t *operation,
730 const psa_key_attributes_t *attributes,
731 const uint8_t *key_buffer,
732 size_t key_buffer_size,
733 psa_algorithm_t alg )
734{
735 /* Opaque driver testing is not implemented yet through this mechanism. */
736 (void) operation;
737 (void) attributes;
738 (void) key_buffer;
739 (void) key_buffer_size;
740 (void) alg;
741 return( PSA_ERROR_NOT_SUPPORTED );
742}
743
744psa_status_t mbedtls_opaque_test_driver_mac_verify_setup(
745 mbedtls_opaque_test_driver_mac_operation_t *operation,
746 const psa_key_attributes_t *attributes,
747 const uint8_t *key_buffer,
748 size_t key_buffer_size,
749 psa_algorithm_t alg )
750{
751 /* Opaque driver testing is not implemented yet through this mechanism. */
752 (void) operation;
753 (void) attributes;
754 (void) key_buffer;
755 (void) key_buffer_size;
756 (void) alg;
757 return( PSA_ERROR_NOT_SUPPORTED );
758}
759
760psa_status_t mbedtls_opaque_test_driver_mac_update(
761 mbedtls_opaque_test_driver_mac_operation_t *operation,
762 const uint8_t *input,
763 size_t input_length )
764{
765 /* Opaque driver testing is not implemented yet through this mechanism. */
766 (void) operation;
767 (void) input;
768 (void) input_length;
769 return( PSA_ERROR_NOT_SUPPORTED );
770}
771
772psa_status_t mbedtls_opaque_test_driver_mac_sign_finish(
773 mbedtls_opaque_test_driver_mac_operation_t *operation,
774 uint8_t *mac,
775 size_t mac_size,
776 size_t *mac_length )
777{
778 /* Opaque driver testing is not implemented yet through this mechanism. */
779 (void) operation;
780 (void) mac;
781 (void) mac_size;
782 (void) mac_length;
783 return( PSA_ERROR_NOT_SUPPORTED );
784}
785
786psa_status_t mbedtls_opaque_test_driver_mac_verify_finish(
787 mbedtls_opaque_test_driver_mac_operation_t *operation,
788 const uint8_t *mac,
789 size_t mac_length )
790{
791 /* Opaque driver testing is not implemented yet through this mechanism. */
792 (void) operation;
793 (void) mac;
794 (void) mac_length;
795 return( PSA_ERROR_NOT_SUPPORTED );
796}
797
798psa_status_t mbedtls_opaque_test_driver_mac_abort(
799 mbedtls_opaque_test_driver_mac_operation_t *operation )
800{
801 /* Opaque driver testing is not implemented yet through this mechanism. */
802 (void) operation;
803 return( PSA_ERROR_NOT_SUPPORTED );
804}
805
806#endif /* PSA_CRYPTO_DRIVER_TEST */
807
808#endif /* MBEDTLS_PSA_CRYPTO_C */