TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / af81a71b8b4b56938a553e9af24192b322452bf3 / . / library / psa_crypto_mac.c
blob: a5ef9e57da07da2a6c2b01f1d0c62f2d77e8d107 [file] [log] [blame]
Steven Cooreman896d51e2021-03-19 15:24:23 +0100[diff] [blame]1/*
2 * PSA MAC layer on top of Mbed TLS software crypto
3 */
4/*
5 * Copyright The Mbed TLS Contributors
6 * SPDX-License-Identifier: Apache-2.0
7 *
8 * Licensed under the Apache License, Version 2.0 (the "License"); you may
9 * not use this file except in compliance with the License.
10 * You may obtain a copy of the License at
11 *
12 * http://www.apache.org/licenses/LICENSE-2.0
13 *
14 * Unless required by applicable law or agreed to in writing, software
15 * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
16 * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
17 * See the License for the specific language governing permissions and
18 * limitations under the License.
19 */
20
21#include "common.h"
22
23#if defined(MBEDTLS_PSA_CRYPTO_C)
24
25#include <psa/crypto.h>
26#include "psa_crypto_core.h"
27#include "psa_crypto_mac.h"
Steven Cooreman32d56942021-03-19 17:39:17 +0100[diff] [blame]28#include <mbedtls/md.h>
Steven Cooreman896d51e2021-03-19 15:24:23 +0100[diff] [blame]29
30#include <mbedtls/error.h>
31#include <string.h>
32
33/* Use builtin defines specific to this compilation unit, since the test driver
34 * relies on the software driver. */
35#if( defined(MBEDTLS_PSA_BUILTIN_ALG_CMAC) || \
36 ( defined(PSA_CRYPTO_DRIVER_TEST) && defined(MBEDTLS_PSA_ACCEL_ALG_CMAC) ) )
37#define BUILTIN_ALG_CMAC 1
38#endif
39#if( defined(MBEDTLS_PSA_BUILTIN_ALG_HMAC) || \
40 ( defined(PSA_CRYPTO_DRIVER_TEST) && defined(MBEDTLS_PSA_ACCEL_ALG_HMAC) ) )
41#define BUILTIN_ALG_HMAC 1
42#endif
43
Steven Cooreman32d56942021-03-19 17:39:17 +0100[diff] [blame]44#if defined(MBEDTLS_PSA_BUILTIN_ALG_HMAC) || defined(PSA_CRYPTO_DRIVER_TEST)
45static size_t psa_get_hash_block_size( psa_algorithm_t alg )
46{
47 switch( alg )
48 {
49 case PSA_ALG_MD2:
50 return( 16 );
51 case PSA_ALG_MD4:
52 return( 64 );
53 case PSA_ALG_MD5:
54 return( 64 );
55 case PSA_ALG_RIPEMD160:
56 return( 64 );
57 case PSA_ALG_SHA_1:
58 return( 64 );
59 case PSA_ALG_SHA_224:
60 return( 64 );
61 case PSA_ALG_SHA_256:
62 return( 64 );
63 case PSA_ALG_SHA_384:
64 return( 128 );
65 case PSA_ALG_SHA_512:
66 return( 128 );
67 default:
68 return( 0 );
69 }
70}
71
Steven Cooreman22dea1d2021-04-29 19:32:25 +0200[diff] [blame]72static psa_status_t psa_hmac_abort_internal(
73 mbedtls_psa_hmac_operation_t *hmac )
Steven Cooreman32d56942021-03-19 17:39:17 +0100[diff] [blame]74{
75 mbedtls_platform_zeroize( hmac->opad, sizeof( hmac->opad ) );
76 return( psa_hash_abort( &hmac->hash_ctx ) );
77}
78
Steven Cooreman22dea1d2021-04-29 19:32:25 +0200[diff] [blame]79static psa_status_t psa_hmac_setup_internal(
80 mbedtls_psa_hmac_operation_t *hmac,
81 const uint8_t *key,
82 size_t key_length,
83 psa_algorithm_t hash_alg )
Steven Cooreman32d56942021-03-19 17:39:17 +0100[diff] [blame]84{
85 uint8_t ipad[PSA_HMAC_MAX_HASH_BLOCK_SIZE];
86 size_t i;
87 size_t hash_size = PSA_HASH_LENGTH( hash_alg );
88 size_t block_size = psa_get_hash_block_size( hash_alg );
89 psa_status_t status;
90
91 hmac->alg = hash_alg;
92
93 /* Sanity checks on block_size, to guarantee that there won't be a buffer
94 * overflow below. This should never trigger if the hash algorithm
95 * is implemented correctly. */
96 /* The size checks against the ipad and opad buffers cannot be written
97 * `block_size > sizeof( ipad ) || block_size > sizeof( hmac->opad )`
98 * because that triggers -Wlogical-op on GCC 7.3. */
99 if( block_size > sizeof( ipad ) )
100 return( PSA_ERROR_NOT_SUPPORTED );
101 if( block_size > sizeof( hmac->opad ) )
102 return( PSA_ERROR_NOT_SUPPORTED );
103 if( block_size < hash_size )
104 return( PSA_ERROR_NOT_SUPPORTED );
105
106 if( key_length > block_size )
107 {
108 status = psa_hash_compute( hash_alg, key, key_length,
109 ipad, sizeof( ipad ), &key_length );
110 if( status != PSA_SUCCESS )
111 goto cleanup;
112 }
113 /* A 0-length key is not commonly used in HMAC when used as a MAC,
114 * but it is permitted. It is common when HMAC is used in HKDF, for
115 * example. Don't call `memcpy` in the 0-length because `key` could be
116 * an invalid pointer which would make the behavior undefined. */
117 else if( key_length != 0 )
118 memcpy( ipad, key, key_length );
119
120 /* ipad contains the key followed by garbage. Xor and fill with 0x36
121 * to create the ipad value. */
122 for( i = 0; i < key_length; i++ )
123 ipad[i] ^= 0x36;
124 memset( ipad + key_length, 0x36, block_size - key_length );
125
126 /* Copy the key material from ipad to opad, flipping the requisite bits,
127 * and filling the rest of opad with the requisite constant. */
128 for( i = 0; i < key_length; i++ )
129 hmac->opad[i] = ipad[i] ^ 0x36 ^ 0x5C;
130 memset( hmac->opad + key_length, 0x5C, block_size - key_length );
131
132 status = psa_hash_setup( &hmac->hash_ctx, hash_alg );
133 if( status != PSA_SUCCESS )
134 goto cleanup;
135
136 status = psa_hash_update( &hmac->hash_ctx, ipad, block_size );
137
138cleanup:
139 mbedtls_platform_zeroize( ipad, sizeof( ipad ) );
140
141 return( status );
142}
143
Steven Cooreman22dea1d2021-04-29 19:32:25 +0200[diff] [blame]144static psa_status_t psa_hmac_update_internal(
145 mbedtls_psa_hmac_operation_t *hmac,
146 const uint8_t *data,
147 size_t data_length )
Steven Cooreman76720f62021-03-22 12:21:10 +0100[diff] [blame]148{
149 return( psa_hash_update( &hmac->hash_ctx, data, data_length ) );
150}
151
Steven Cooreman22dea1d2021-04-29 19:32:25 +0200[diff] [blame]152static psa_status_t psa_hmac_finish_internal(
153 mbedtls_psa_hmac_operation_t *hmac,
154 uint8_t *mac,
155 size_t mac_size )
Steven Cooreman32d56942021-03-19 17:39:17 +0100[diff] [blame]156{
157 uint8_t tmp[MBEDTLS_MD_MAX_SIZE];
158 psa_algorithm_t hash_alg = hmac->alg;
159 size_t hash_size = 0;
160 size_t block_size = psa_get_hash_block_size( hash_alg );
161 psa_status_t status;
162
163 status = psa_hash_finish( &hmac->hash_ctx, tmp, sizeof( tmp ), &hash_size );
164 if( status != PSA_SUCCESS )
165 return( status );
166 /* From here on, tmp needs to be wiped. */
167
168 status = psa_hash_setup( &hmac->hash_ctx, hash_alg );
169 if( status != PSA_SUCCESS )
170 goto exit;
171
172 status = psa_hash_update( &hmac->hash_ctx, hmac->opad, block_size );
173 if( status != PSA_SUCCESS )
174 goto exit;
175
176 status = psa_hash_update( &hmac->hash_ctx, tmp, hash_size );
177 if( status != PSA_SUCCESS )
178 goto exit;
179
180 status = psa_hash_finish( &hmac->hash_ctx, tmp, sizeof( tmp ), &hash_size );
181 if( status != PSA_SUCCESS )
182 goto exit;
183
184 memcpy( mac, tmp, mac_size );
185
186exit:
187 mbedtls_platform_zeroize( tmp, hash_size );
188 return( status );
189}
190#endif /* MBEDTLS_PSA_BUILTIN_ALG_HMAC || PSA_CRYPTO_DRIVER_TEST */
191
Steven Cooreman896d51e2021-03-19 15:24:23 +0100[diff] [blame]192/* Implement the PSA driver MAC interface on top of mbed TLS if either the
193 * software driver or the test driver requires it. */
194#if defined(MBEDTLS_PSA_BUILTIN_MAC) || defined(PSA_CRYPTO_DRIVER_TEST)
Steven Cooreman07897832021-03-19 18:28:56 +0100[diff] [blame]195
196#if defined(BUILTIN_ALG_CMAC)
197static psa_status_t cmac_setup( mbedtls_psa_mac_operation_t *operation,
198 const psa_key_attributes_t *attributes,
Steven Cooremanaf81a712021-05-06 18:00:37 +0200[diff] [blame^]199 const uint8_t *key_buffer )
Steven Cooreman07897832021-03-19 18:28:56 +0100[diff] [blame]200{
201 int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
Steven Cooreman9878a162021-05-06 17:58:36 +0200[diff] [blame]202 const mbedtls_cipher_info_t * cipher_info =
Steven Cooreman07897832021-03-19 18:28:56 +0100[diff] [blame]203 mbedtls_cipher_info_from_psa(
204 PSA_ALG_CMAC,
205 psa_get_key_type( attributes ),
206 psa_get_key_bits( attributes ),
207 NULL );
208
Steven Cooreman9878a162021-05-06 17:58:36 +0200[diff] [blame]209 if( cipher_info == NULL )
Steven Cooreman07897832021-03-19 18:28:56 +0100[diff] [blame]210 return( PSA_ERROR_NOT_SUPPORTED );
211
Steven Cooreman9878a162021-05-06 17:58:36 +0200[diff] [blame]212 ret = mbedtls_cipher_setup( &operation->ctx.cmac, cipher_info );
Steven Cooreman07897832021-03-19 18:28:56 +0100[diff] [blame]213 if( ret != 0 )
214 goto exit;
215
216 ret = mbedtls_cipher_cmac_starts( &operation->ctx.cmac,
217 key_buffer,
218 psa_get_key_bits( attributes ) );
219exit:
220 return( mbedtls_to_psa_error( ret ) );
221}
222#endif /* BUILTIN_ALG_CMAC */
223
224/* Initialize this driver's MAC operation structure. Once this function has been
225 * called, mbedtls_psa_mac_abort can run and will do the right thing. */
226static psa_status_t mac_init(
227 mbedtls_psa_mac_operation_t *operation,
228 psa_algorithm_t alg )
229{
Steven Cooreman6e6451e2021-04-29 16:21:24 +0200[diff] [blame]230 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
Steven Cooreman07897832021-03-19 18:28:56 +0100[diff] [blame]231
232 operation->alg = PSA_ALG_FULL_LENGTH_MAC( alg );
Steven Cooreman07897832021-03-19 18:28:56 +0100[diff] [blame]233 operation->has_input = 0;
234 operation->is_sign = 0;
235
236#if defined(BUILTIN_ALG_CMAC)
237 if( operation->alg == PSA_ALG_CMAC )
238 {
Steven Cooreman07897832021-03-19 18:28:56 +0100[diff] [blame]239 mbedtls_cipher_init( &operation->ctx.cmac );
240 status = PSA_SUCCESS;
241 }
242 else
243#endif /* BUILTIN_ALG_CMAC */
244#if defined(BUILTIN_ALG_HMAC)
245 if( PSA_ALG_IS_HMAC( operation->alg ) )
246 {
247 /* We'll set up the hash operation later in psa_hmac_setup_internal. */
248 operation->ctx.hmac.alg = 0;
249 status = PSA_SUCCESS;
250 }
251 else
252#endif /* BUILTIN_ALG_HMAC */
253 {
Steven Cooreman6e6451e2021-04-29 16:21:24 +0200[diff] [blame]254 status = PSA_ERROR_NOT_SUPPORTED;
Steven Cooreman07897832021-03-19 18:28:56 +0100[diff] [blame]255 }
256
257 if( status != PSA_SUCCESS )
258 memset( operation, 0, sizeof( *operation ) );
259 return( status );
260}
261
262static psa_status_t mac_abort( mbedtls_psa_mac_operation_t *operation )
263{
264 if( operation->alg == 0 )
265 {
266 /* The object has (apparently) been initialized but it is not
267 * in use. It's ok to call abort on such an object, and there's
268 * nothing to do. */
269 return( PSA_SUCCESS );
270 }
271 else
272#if defined(BUILTIN_ALG_CMAC)
273 if( operation->alg == PSA_ALG_CMAC )
274 {
275 mbedtls_cipher_free( &operation->ctx.cmac );
276 }
277 else
278#endif /* BUILTIN_ALG_CMAC */
279#if defined(BUILTIN_ALG_HMAC)
280 if( PSA_ALG_IS_HMAC( operation->alg ) )
281 {
282 psa_hmac_abort_internal( &operation->ctx.hmac );
283 }
284 else
285#endif /* BUILTIN_ALG_HMAC */
286 {
287 /* Sanity check (shouldn't happen: operation->alg should
288 * always have been initialized to a valid value). */
289 goto bad_state;
290 }
291
292 operation->alg = 0;
Steven Cooreman07897832021-03-19 18:28:56 +0100[diff] [blame]293 operation->has_input = 0;
294 operation->is_sign = 0;
295
296 return( PSA_SUCCESS );
297
298bad_state:
299 /* If abort is called on an uninitialized object, we can't trust
300 * anything. Wipe the object in case it contains confidential data.
301 * This may result in a memory leak if a pointer gets overwritten,
302 * but it's too late to do anything about this. */
303 memset( operation, 0, sizeof( *operation ) );
304 return( PSA_ERROR_BAD_STATE );
305}
306
307static psa_status_t mac_setup( mbedtls_psa_mac_operation_t *operation,
308 const psa_key_attributes_t *attributes,
309 const uint8_t *key_buffer,
310 size_t key_buffer_size,
311 psa_algorithm_t alg,
312 int is_sign )
313{
314 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
315
316 /* A context must be freshly initialized before it can be set up. */
317 if( operation->alg != 0 )
Steven Cooreman07897832021-03-19 18:28:56 +0100[diff] [blame]318 return( PSA_ERROR_BAD_STATE );
Steven Cooreman07897832021-03-19 18:28:56 +0100[diff] [blame]319
320 status = mac_init( operation, alg );
321 if( status != PSA_SUCCESS )
322 return( status );
Steven Cooreman9878a162021-05-06 17:58:36 +0200[diff] [blame]323 operation->is_sign = is_sign;
Steven Cooreman07897832021-03-19 18:28:56 +0100[diff] [blame]324
325 /* Get the output length for the algorithm and key combination. None of the
326 * currently supported algorithms have an output length dependent on actual
327 * key size, so setting it to a bogus value is currently OK. */
328 operation->mac_size =
329 PSA_MAC_LENGTH( psa_get_key_type( attributes ), 0, alg );
330
331#if defined(BUILTIN_ALG_CMAC)
332 if( PSA_ALG_FULL_LENGTH_MAC( alg ) == PSA_ALG_CMAC )
333 {
Steven Cooremanaf81a712021-05-06 18:00:37 +0200[diff] [blame^]334 /* Key buffer size for CMAC is dictated by the key bits set on the
335 * attributes, and previously validated by the core on key import. */
336 (void) key_buffer_size;
337 status = cmac_setup( operation, attributes, key_buffer );
Steven Cooreman07897832021-03-19 18:28:56 +0100[diff] [blame]338 }
339 else
340#endif /* BUILTIN_ALG_CMAC */
341#if defined(BUILTIN_ALG_HMAC)
342 if( PSA_ALG_IS_HMAC( alg ) )
343 {
344 /* Sanity check. This shouldn't fail on a valid configuration. */
345 if( operation->mac_size > sizeof( operation->ctx.hmac.opad ) )
346 {
347 status = PSA_ERROR_NOT_SUPPORTED;
348 goto exit;
349 }
350
351 if( psa_get_key_type( attributes ) != PSA_KEY_TYPE_HMAC )
352 {
353 status = PSA_ERROR_INVALID_ARGUMENT;
354 goto exit;
355 }
356
357 status = psa_hmac_setup_internal( &operation->ctx.hmac,
358 key_buffer,
359 key_buffer_size,
360 PSA_ALG_HMAC_GET_HASH( alg ) );
361 }
362 else
363#endif /* BUILTIN_ALG_HMAC */
364 {
365 status = PSA_ERROR_NOT_SUPPORTED;
366 }
367
368exit:
Steven Cooremanb4b9b282021-04-29 16:24:36 +0200[diff] [blame]369 if( status != PSA_SUCCESS )
Steven Cooreman07897832021-03-19 18:28:56 +0100[diff] [blame]370 mac_abort( operation );
371
372 return( status );
373}
374
Steven Cooreman896d51e2021-03-19 15:24:23 +0100[diff] [blame]375static psa_status_t mac_compute(
376 const psa_key_attributes_t *attributes,
377 const uint8_t *key_buffer,
378 size_t key_buffer_size,
379 psa_algorithm_t alg,
380 const uint8_t *input,
381 size_t input_length,
382 uint8_t *mac,
383 size_t mac_size,
384 size_t *mac_length )
385{
Steven Cooreman32d56942021-03-19 17:39:17 +0100[diff] [blame]386 /* One-shot MAC has not been implemented in this PSA implementation yet. */
Steven Cooreman896d51e2021-03-19 15:24:23 +0100[diff] [blame]387 (void) attributes;
388 (void) key_buffer;
389 (void) key_buffer_size;
390 (void) alg;
391 (void) input;
392 (void) input_length;
393 (void) mac;
394 (void) mac_size;
395 (void) mac_length;
396 return( PSA_ERROR_NOT_SUPPORTED );
397}
398
399static psa_status_t mac_sign_setup(
400 mbedtls_psa_mac_operation_t *operation,
401 const psa_key_attributes_t *attributes,
402 const uint8_t *key_buffer,
403 size_t key_buffer_size,
404 psa_algorithm_t alg )
405{
Steven Cooreman07897832021-03-19 18:28:56 +0100[diff] [blame]406 return( mac_setup( operation, attributes, key_buffer, key_buffer_size, alg,
407 1 ) );
Steven Cooreman896d51e2021-03-19 15:24:23 +0100[diff] [blame]408}
409
410static psa_status_t mac_verify_setup(
411 mbedtls_psa_mac_operation_t *operation,
412 const psa_key_attributes_t *attributes,
413 const uint8_t *key_buffer,
414 size_t key_buffer_size,
415 psa_algorithm_t alg )
416{
Steven Cooreman07897832021-03-19 18:28:56 +0100[diff] [blame]417 return( mac_setup( operation, attributes, key_buffer, key_buffer_size, alg,
418 0 ) );
Steven Cooreman896d51e2021-03-19 15:24:23 +0100[diff] [blame]419}
420
421static psa_status_t mac_update(
422 mbedtls_psa_mac_operation_t *operation,
423 const uint8_t *input,
424 size_t input_length )
425{
Steven Cooremanb4b9b282021-04-29 16:24:36 +0200[diff] [blame]426 if( operation->alg == 0 )
Steven Cooreman11743f92021-03-19 18:38:46 +0100[diff] [blame]427 return( PSA_ERROR_BAD_STATE );
Steven Cooreman11743f92021-03-19 18:38:46 +0100[diff] [blame]428 operation->has_input = 1;
429
430#if defined(BUILTIN_ALG_CMAC)
431 if( operation->alg == PSA_ALG_CMAC )
432 {
433 return( mbedtls_to_psa_error(
434 mbedtls_cipher_cmac_update( &operation->ctx.cmac,
435 input, input_length ) ) );
436 }
437 else
438#endif /* BUILTIN_ALG_CMAC */
439#if defined(BUILTIN_ALG_HMAC)
440 if( PSA_ALG_IS_HMAC( operation->alg ) )
441 {
Steven Cooreman22dea1d2021-04-29 19:32:25 +0200[diff] [blame]442 return( psa_hmac_update_internal( &operation->ctx.hmac,
443 input, input_length ) );
Steven Cooreman11743f92021-03-19 18:38:46 +0100[diff] [blame]444 }
445 else
446#endif /* BUILTIN_ALG_HMAC */
447 {
448 /* This shouldn't happen if `operation` was initialized by
449 * a setup function. */
450 return( PSA_ERROR_BAD_STATE );
451 }
Steven Cooreman896d51e2021-03-19 15:24:23 +0100[diff] [blame]452}
453
Steven Cooreman87885df2021-03-19 19:04:39 +0100[diff] [blame]454static psa_status_t mac_finish_internal( mbedtls_psa_mac_operation_t *operation,
455 uint8_t *mac,
456 size_t mac_size )
457{
Steven Cooremanb4b9b282021-04-29 16:24:36 +0200[diff] [blame]458 if( operation->alg == 0 )
Steven Cooreman87885df2021-03-19 19:04:39 +0100[diff] [blame]459 return( PSA_ERROR_BAD_STATE );
Steven Cooreman87885df2021-03-19 19:04:39 +0100[diff] [blame]460 if( mac_size < operation->mac_size )
461 return( PSA_ERROR_BUFFER_TOO_SMALL );
462
463#if defined(BUILTIN_ALG_CMAC)
464 if( operation->alg == PSA_ALG_CMAC )
465 {
466 uint8_t tmp[PSA_BLOCK_CIPHER_BLOCK_MAX_SIZE];
467 int ret = mbedtls_cipher_cmac_finish( &operation->ctx.cmac, tmp );
468 if( ret == 0 )
469 memcpy( mac, tmp, operation->mac_size );
470 mbedtls_platform_zeroize( tmp, sizeof( tmp ) );
471 return( mbedtls_to_psa_error( ret ) );
472 }
473 else
474#endif /* BUILTIN_ALG_CMAC */
475#if defined(BUILTIN_ALG_HMAC)
476 if( PSA_ALG_IS_HMAC( operation->alg ) )
477 {
478 return( psa_hmac_finish_internal( &operation->ctx.hmac,
479 mac, operation->mac_size ) );
480 }
481 else
482#endif /* BUILTIN_ALG_HMAC */
483 {
484 /* This shouldn't happen if `operation` was initialized by
485 * a setup function. */
486 return( PSA_ERROR_BAD_STATE );
487 }
488}
489
Steven Cooreman896d51e2021-03-19 15:24:23 +0100[diff] [blame]490static psa_status_t mac_sign_finish(
491 mbedtls_psa_mac_operation_t *operation,
492 uint8_t *mac,
493 size_t mac_size,
494 size_t *mac_length )
495{
Steven Cooreman9878a162021-05-06 17:58:36 +0200[diff] [blame]496 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
Steven Cooreman87885df2021-03-19 19:04:39 +0100[diff] [blame]497
498 if( operation->alg == 0 )
499 return( PSA_ERROR_BAD_STATE );
500
501 if( ! operation->is_sign )
502 return( PSA_ERROR_BAD_STATE );
503
504 status = mac_finish_internal( operation, mac, mac_size );
505
506 if( status == PSA_SUCCESS )
507 *mac_length = operation->mac_size;
508
509 return( status );
510}
511
Steven Cooreman896d51e2021-03-19 15:24:23 +0100[diff] [blame]512static psa_status_t mac_verify_finish(
513 mbedtls_psa_mac_operation_t *operation,
514 const uint8_t *mac,
515 size_t mac_length )
516{
Steven Cooreman87885df2021-03-19 19:04:39 +0100[diff] [blame]517 uint8_t actual_mac[PSA_MAC_MAX_SIZE];
Steven Cooreman9878a162021-05-06 17:58:36 +0200[diff] [blame]518 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
Steven Cooreman87885df2021-03-19 19:04:39 +0100[diff] [blame]519
520 if( operation->alg == 0 )
521 return( PSA_ERROR_BAD_STATE );
522
523 if( operation->is_sign )
524 return( PSA_ERROR_BAD_STATE );
525
526 if( operation->mac_size != mac_length )
527 {
528 status = PSA_ERROR_INVALID_SIGNATURE;
529 goto cleanup;
530 }
531
532 status = mac_finish_internal( operation, actual_mac, sizeof( actual_mac ) );
533 if( status != PSA_SUCCESS )
534 goto cleanup;
535
Steven Cooremana2a1b802021-04-29 16:37:59 +0200[diff] [blame]536 if( mbedtls_psa_safer_memcmp( mac, actual_mac, mac_length ) != 0 )
Steven Cooreman87885df2021-03-19 19:04:39 +0100[diff] [blame]537 status = PSA_ERROR_INVALID_SIGNATURE;
538
539cleanup:
540 mbedtls_platform_zeroize( actual_mac, sizeof( actual_mac ) );
541
542 return( status );
Steven Cooreman896d51e2021-03-19 15:24:23 +0100[diff] [blame]543}
Steven Cooreman896d51e2021-03-19 15:24:23 +0100[diff] [blame]544#endif /* MBEDTLS_PSA_BUILTIN_MAC || PSA_CRYPTO_DRIVER_TEST */
545
546#if defined(MBEDTLS_PSA_BUILTIN_MAC)
547psa_status_t mbedtls_psa_mac_compute(
548 const psa_key_attributes_t *attributes,
549 const uint8_t *key_buffer,
550 size_t key_buffer_size,
551 psa_algorithm_t alg,
552 const uint8_t *input,
553 size_t input_length,
554 uint8_t *mac,
555 size_t mac_size,
556 size_t *mac_length )
557{
558 return( mac_compute( attributes, key_buffer, key_buffer_size, alg,
559 input, input_length,
560 mac, mac_size, mac_length ) );
561}
562
563psa_status_t mbedtls_psa_mac_sign_setup(
564 mbedtls_psa_mac_operation_t *operation,
565 const psa_key_attributes_t *attributes,
566 const uint8_t *key_buffer,
567 size_t key_buffer_size,
568 psa_algorithm_t alg )
569{
570 return( mac_sign_setup( operation, attributes,
571 key_buffer, key_buffer_size, alg ) );
572}
573
574psa_status_t mbedtls_psa_mac_verify_setup(
575 mbedtls_psa_mac_operation_t *operation,
576 const psa_key_attributes_t *attributes,
577 const uint8_t *key_buffer,
578 size_t key_buffer_size,
579 psa_algorithm_t alg )
580{
581 return( mac_verify_setup( operation, attributes,
582 key_buffer, key_buffer_size, alg ) );
583}
584
585psa_status_t mbedtls_psa_mac_update(
586 mbedtls_psa_mac_operation_t *operation,
587 const uint8_t *input,
588 size_t input_length )
589{
590 return( mac_update( operation, input, input_length ) );
591}
592
593psa_status_t mbedtls_psa_mac_sign_finish(
594 mbedtls_psa_mac_operation_t *operation,
595 uint8_t *mac,
596 size_t mac_size,
597 size_t *mac_length )
598{
599 return( mac_sign_finish( operation, mac, mac_size, mac_length ) );
600}
601
602psa_status_t mbedtls_psa_mac_verify_finish(
603 mbedtls_psa_mac_operation_t *operation,
604 const uint8_t *mac,
605 size_t mac_length )
606{
607 return( mac_verify_finish( operation, mac, mac_length ) );
608}
609
610psa_status_t mbedtls_psa_mac_abort(
611 mbedtls_psa_mac_operation_t *operation )
612{
613 return( mac_abort( operation ) );
614}
615#endif /* MBEDTLS_PSA_BUILTIN_MAC */
616
617 /*
618 * BEYOND THIS POINT, TEST DRIVER ENTRY POINTS ONLY.
619 */
620#if defined(PSA_CRYPTO_DRIVER_TEST)
621
622static int is_mac_accelerated( psa_algorithm_t alg )
623{
624#if defined(MBEDTLS_PSA_ACCEL_ALG_HMAC)
625 if( PSA_ALG_IS_HMAC( alg ) )
626 return( 1 );
627#endif
628
629 switch( PSA_ALG_FULL_LENGTH_MAC( alg ) )
630 {
631#if defined(MBEDTLS_PSA_ACCEL_ALG_CMAC)
632 case PSA_ALG_CMAC:
633 return( 1 );
634#endif
635 default:
636 return( 0 );
637 }
638}
639
640psa_status_t mbedtls_transparent_test_driver_mac_compute(
641 const psa_key_attributes_t *attributes,
642 const uint8_t *key_buffer,
643 size_t key_buffer_size,
644 psa_algorithm_t alg,
645 const uint8_t *input,
646 size_t input_length,
647 uint8_t *mac,
648 size_t mac_size,
649 size_t *mac_length )
650{
651 if( is_mac_accelerated( alg ) )
652 return( mac_compute( attributes, key_buffer, key_buffer_size, alg,
653 input, input_length,
654 mac, mac_size, mac_length ) );
655 else
656 return( PSA_ERROR_NOT_SUPPORTED );
657}
658
659psa_status_t mbedtls_transparent_test_driver_mac_sign_setup(
660 mbedtls_transparent_test_driver_mac_operation_t *operation,
661 const psa_key_attributes_t *attributes,
662 const uint8_t *key_buffer,
663 size_t key_buffer_size,
664 psa_algorithm_t alg )
665{
666 if( is_mac_accelerated( alg ) )
667 return( mac_sign_setup( operation, attributes,
668 key_buffer, key_buffer_size, alg ) );
669 else
670 return( PSA_ERROR_NOT_SUPPORTED );
671}
672
673psa_status_t mbedtls_transparent_test_driver_mac_verify_setup(
674 mbedtls_transparent_test_driver_mac_operation_t *operation,
675 const psa_key_attributes_t *attributes,
676 const uint8_t *key_buffer,
677 size_t key_buffer_size,
678 psa_algorithm_t alg )
679{
680 if( is_mac_accelerated( alg ) )
681 return( mac_verify_setup( operation, attributes,
682 key_buffer, key_buffer_size, alg ) );
683 else
684 return( PSA_ERROR_NOT_SUPPORTED );
685}
686
687psa_status_t mbedtls_transparent_test_driver_mac_update(
688 mbedtls_transparent_test_driver_mac_operation_t *operation,
689 const uint8_t *input,
690 size_t input_length )
691{
692 if( is_mac_accelerated( operation->alg ) )
693 return( mac_update( operation, input, input_length ) );
694 else
695 return( PSA_ERROR_BAD_STATE );
696}
697
698psa_status_t mbedtls_transparent_test_driver_mac_sign_finish(
699 mbedtls_transparent_test_driver_mac_operation_t *operation,
700 uint8_t *mac,
701 size_t mac_size,
702 size_t *mac_length )
703{
704 if( is_mac_accelerated( operation->alg ) )
705 return( mac_sign_finish( operation, mac, mac_size, mac_length ) );
706 else
707 return( PSA_ERROR_BAD_STATE );
708}
709
710psa_status_t mbedtls_transparent_test_driver_mac_verify_finish(
711 mbedtls_transparent_test_driver_mac_operation_t *operation,
712 const uint8_t *mac,
713 size_t mac_length )
714{
715 if( is_mac_accelerated( operation->alg ) )
716 return( mac_verify_finish( operation, mac, mac_length ) );
717 else
718 return( PSA_ERROR_BAD_STATE );
719}
720
721psa_status_t mbedtls_transparent_test_driver_mac_abort(
722 mbedtls_transparent_test_driver_mac_operation_t *operation )
723{
724 return( mac_abort( operation ) );
725}
726
727psa_status_t mbedtls_opaque_test_driver_mac_compute(
728 const psa_key_attributes_t *attributes,
729 const uint8_t *key_buffer,
730 size_t key_buffer_size,
731 psa_algorithm_t alg,
732 const uint8_t *input,
733 size_t input_length,
734 uint8_t *mac,
735 size_t mac_size,
736 size_t *mac_length )
737{
738 /* Opaque driver testing is not implemented yet through this mechanism. */
739 (void) attributes;
740 (void) key_buffer;
741 (void) key_buffer_size;
742 (void) alg;
743 (void) input;
744 (void) input_length;
745 (void) mac;
746 (void) mac_size;
747 (void) mac_length;
748 return( PSA_ERROR_NOT_SUPPORTED );
749}
750
751psa_status_t mbedtls_opaque_test_driver_mac_sign_setup(
752 mbedtls_opaque_test_driver_mac_operation_t *operation,
753 const psa_key_attributes_t *attributes,
754 const uint8_t *key_buffer,
755 size_t key_buffer_size,
756 psa_algorithm_t alg )
757{
758 /* Opaque driver testing is not implemented yet through this mechanism. */
759 (void) operation;
760 (void) attributes;
761 (void) key_buffer;
762 (void) key_buffer_size;
763 (void) alg;
764 return( PSA_ERROR_NOT_SUPPORTED );
765}
766
767psa_status_t mbedtls_opaque_test_driver_mac_verify_setup(
768 mbedtls_opaque_test_driver_mac_operation_t *operation,
769 const psa_key_attributes_t *attributes,
770 const uint8_t *key_buffer,
771 size_t key_buffer_size,
772 psa_algorithm_t alg )
773{
774 /* Opaque driver testing is not implemented yet through this mechanism. */
775 (void) operation;
776 (void) attributes;
777 (void) key_buffer;
778 (void) key_buffer_size;
779 (void) alg;
780 return( PSA_ERROR_NOT_SUPPORTED );
781}
782
783psa_status_t mbedtls_opaque_test_driver_mac_update(
784 mbedtls_opaque_test_driver_mac_operation_t *operation,
785 const uint8_t *input,
786 size_t input_length )
787{
788 /* Opaque driver testing is not implemented yet through this mechanism. */
789 (void) operation;
790 (void) input;
791 (void) input_length;
792 return( PSA_ERROR_NOT_SUPPORTED );
793}
794
795psa_status_t mbedtls_opaque_test_driver_mac_sign_finish(
796 mbedtls_opaque_test_driver_mac_operation_t *operation,
797 uint8_t *mac,
798 size_t mac_size,
799 size_t *mac_length )
800{
801 /* Opaque driver testing is not implemented yet through this mechanism. */
802 (void) operation;
803 (void) mac;
804 (void) mac_size;
805 (void) mac_length;
806 return( PSA_ERROR_NOT_SUPPORTED );
807}
808
809psa_status_t mbedtls_opaque_test_driver_mac_verify_finish(
810 mbedtls_opaque_test_driver_mac_operation_t *operation,
811 const uint8_t *mac,
812 size_t mac_length )
813{
814 /* Opaque driver testing is not implemented yet through this mechanism. */
815 (void) operation;
816 (void) mac;
817 (void) mac_length;
818 return( PSA_ERROR_NOT_SUPPORTED );
819}
820
821psa_status_t mbedtls_opaque_test_driver_mac_abort(
822 mbedtls_opaque_test_driver_mac_operation_t *operation )
823{
824 /* Opaque driver testing is not implemented yet through this mechanism. */
825 (void) operation;
826 return( PSA_ERROR_NOT_SUPPORTED );
827}
828
829#endif /* PSA_CRYPTO_DRIVER_TEST */
830
831#endif /* MBEDTLS_PSA_CRYPTO_C */