TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / b29902ac9f11fdaaa17317b654625a5d1e7e4e89 / . / library / psa_crypto_mac.c
blob: 9db9a37e5231777349d5b6f41e188095fdca2c2f [file] [log] [blame]
Steven Cooremand13a70f2021-03-19 15:24:23 +0100[diff] [blame]1/*
2 * PSA MAC layer on top of Mbed TLS software crypto
3 */
4/*
5 * Copyright The Mbed TLS Contributors
6 * SPDX-License-Identifier: Apache-2.0
7 *
8 * Licensed under the Apache License, Version 2.0 (the "License"); you may
9 * not use this file except in compliance with the License.
10 * You may obtain a copy of the License at
11 *
12 * http://www.apache.org/licenses/LICENSE-2.0
13 *
14 * Unless required by applicable law or agreed to in writing, software
15 * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
16 * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
17 * See the License for the specific language governing permissions and
18 * limitations under the License.
19 */
20
21#include "common.h"
22
23#if defined(MBEDTLS_PSA_CRYPTO_C)
24
25#include <psa/crypto.h>
26#include "psa_crypto_core.h"
27#include "psa_crypto_mac.h"
Steven Cooreman82c66b62021-03-19 17:39:17 +0100[diff] [blame]28#include <mbedtls/md.h>
Steven Cooremand13a70f2021-03-19 15:24:23 +0100[diff] [blame]29
30#include <mbedtls/error.h>
31#include <string.h>
32
33/* Use builtin defines specific to this compilation unit, since the test driver
34 * relies on the software driver. */
35#if( defined(MBEDTLS_PSA_BUILTIN_ALG_CMAC) || \
36 ( defined(PSA_CRYPTO_DRIVER_TEST) && defined(MBEDTLS_PSA_ACCEL_ALG_CMAC) ) )
37#define BUILTIN_ALG_CMAC 1
38#endif
39#if( defined(MBEDTLS_PSA_BUILTIN_ALG_HMAC) || \
40 ( defined(PSA_CRYPTO_DRIVER_TEST) && defined(MBEDTLS_PSA_ACCEL_ALG_HMAC) ) )
41#define BUILTIN_ALG_HMAC 1
42#endif
43
Steven Cooreman02865f52021-05-07 15:55:27 +0200[diff] [blame]44#if defined(BUILTIN_ALG_HMAC)
Steven Cooreman82c66b62021-03-19 17:39:17 +0100[diff] [blame]45static size_t psa_get_hash_block_size( psa_algorithm_t alg )
46{
47 switch( alg )
48 {
49 case PSA_ALG_MD2:
50 return( 16 );
51 case PSA_ALG_MD4:
52 return( 64 );
53 case PSA_ALG_MD5:
54 return( 64 );
55 case PSA_ALG_RIPEMD160:
56 return( 64 );
57 case PSA_ALG_SHA_1:
58 return( 64 );
59 case PSA_ALG_SHA_224:
60 return( 64 );
61 case PSA_ALG_SHA_256:
62 return( 64 );
63 case PSA_ALG_SHA_384:
64 return( 128 );
65 case PSA_ALG_SHA_512:
66 return( 128 );
67 default:
68 return( 0 );
69 }
70}
71
Steven Cooremana6df6042021-04-29 19:32:25 +0200[diff] [blame]72static psa_status_t psa_hmac_abort_internal(
73 mbedtls_psa_hmac_operation_t *hmac )
Steven Cooreman82c66b62021-03-19 17:39:17 +0100[diff] [blame]74{
75 mbedtls_platform_zeroize( hmac->opad, sizeof( hmac->opad ) );
76 return( psa_hash_abort( &hmac->hash_ctx ) );
77}
78
Steven Cooremana6df6042021-04-29 19:32:25 +0200[diff] [blame]79static psa_status_t psa_hmac_setup_internal(
80 mbedtls_psa_hmac_operation_t *hmac,
81 const uint8_t *key,
82 size_t key_length,
83 psa_algorithm_t hash_alg )
Steven Cooreman82c66b62021-03-19 17:39:17 +0100[diff] [blame]84{
85 uint8_t ipad[PSA_HMAC_MAX_HASH_BLOCK_SIZE];
86 size_t i;
87 size_t hash_size = PSA_HASH_LENGTH( hash_alg );
88 size_t block_size = psa_get_hash_block_size( hash_alg );
89 psa_status_t status;
90
91 hmac->alg = hash_alg;
92
93 /* Sanity checks on block_size, to guarantee that there won't be a buffer
94 * overflow below. This should never trigger if the hash algorithm
95 * is implemented correctly. */
96 /* The size checks against the ipad and opad buffers cannot be written
97 * `block_size > sizeof( ipad ) || block_size > sizeof( hmac->opad )`
98 * because that triggers -Wlogical-op on GCC 7.3. */
99 if( block_size > sizeof( ipad ) )
100 return( PSA_ERROR_NOT_SUPPORTED );
101 if( block_size > sizeof( hmac->opad ) )
102 return( PSA_ERROR_NOT_SUPPORTED );
103 if( block_size < hash_size )
104 return( PSA_ERROR_NOT_SUPPORTED );
105
106 if( key_length > block_size )
107 {
108 status = psa_hash_compute( hash_alg, key, key_length,
109 ipad, sizeof( ipad ), &key_length );
110 if( status != PSA_SUCCESS )
111 goto cleanup;
112 }
113 /* A 0-length key is not commonly used in HMAC when used as a MAC,
114 * but it is permitted. It is common when HMAC is used in HKDF, for
115 * example. Don't call `memcpy` in the 0-length because `key` could be
116 * an invalid pointer which would make the behavior undefined. */
117 else if( key_length != 0 )
118 memcpy( ipad, key, key_length );
119
120 /* ipad contains the key followed by garbage. Xor and fill with 0x36
121 * to create the ipad value. */
122 for( i = 0; i < key_length; i++ )
123 ipad[i] ^= 0x36;
124 memset( ipad + key_length, 0x36, block_size - key_length );
125
126 /* Copy the key material from ipad to opad, flipping the requisite bits,
127 * and filling the rest of opad with the requisite constant. */
128 for( i = 0; i < key_length; i++ )
129 hmac->opad[i] = ipad[i] ^ 0x36 ^ 0x5C;
130 memset( hmac->opad + key_length, 0x5C, block_size - key_length );
131
132 status = psa_hash_setup( &hmac->hash_ctx, hash_alg );
133 if( status != PSA_SUCCESS )
134 goto cleanup;
135
136 status = psa_hash_update( &hmac->hash_ctx, ipad, block_size );
137
138cleanup:
139 mbedtls_platform_zeroize( ipad, sizeof( ipad ) );
140
141 return( status );
142}
143
Steven Cooremana6df6042021-04-29 19:32:25 +0200[diff] [blame]144static psa_status_t psa_hmac_update_internal(
145 mbedtls_psa_hmac_operation_t *hmac,
146 const uint8_t *data,
147 size_t data_length )
Steven Cooreman4fdf0602021-03-22 12:21:10 +0100[diff] [blame]148{
149 return( psa_hash_update( &hmac->hash_ctx, data, data_length ) );
150}
151
Steven Cooremana6df6042021-04-29 19:32:25 +0200[diff] [blame]152static psa_status_t psa_hmac_finish_internal(
153 mbedtls_psa_hmac_operation_t *hmac,
154 uint8_t *mac,
155 size_t mac_size )
Steven Cooreman82c66b62021-03-19 17:39:17 +0100[diff] [blame]156{
157 uint8_t tmp[MBEDTLS_MD_MAX_SIZE];
158 psa_algorithm_t hash_alg = hmac->alg;
159 size_t hash_size = 0;
160 size_t block_size = psa_get_hash_block_size( hash_alg );
161 psa_status_t status;
162
163 status = psa_hash_finish( &hmac->hash_ctx, tmp, sizeof( tmp ), &hash_size );
164 if( status != PSA_SUCCESS )
165 return( status );
166 /* From here on, tmp needs to be wiped. */
167
168 status = psa_hash_setup( &hmac->hash_ctx, hash_alg );
169 if( status != PSA_SUCCESS )
170 goto exit;
171
172 status = psa_hash_update( &hmac->hash_ctx, hmac->opad, block_size );
173 if( status != PSA_SUCCESS )
174 goto exit;
175
176 status = psa_hash_update( &hmac->hash_ctx, tmp, hash_size );
177 if( status != PSA_SUCCESS )
178 goto exit;
179
180 status = psa_hash_finish( &hmac->hash_ctx, tmp, sizeof( tmp ), &hash_size );
181 if( status != PSA_SUCCESS )
182 goto exit;
183
184 memcpy( mac, tmp, mac_size );
185
186exit:
187 mbedtls_platform_zeroize( tmp, hash_size );
188 return( status );
189}
Steven Cooreman02865f52021-05-07 15:55:27 +0200[diff] [blame]190#endif /* BUILTIN_ALG_HMAC */
Steven Cooremane6804192021-03-19 18:28:56 +0100[diff] [blame]191
192#if defined(BUILTIN_ALG_CMAC)
193static psa_status_t cmac_setup( mbedtls_psa_mac_operation_t *operation,
194 const psa_key_attributes_t *attributes,
Steven Cooremandcd08112021-05-06 18:00:37 +0200[diff] [blame]195 const uint8_t *key_buffer )
Steven Cooremane6804192021-03-19 18:28:56 +0100[diff] [blame]196{
197 int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
Steven Cooreman0c239652021-05-07 17:27:27 +0200[diff] [blame]198
199#if defined(PSA_WANT_KEY_TYPE_DES)
200 /* Mbed TLS CMAC does not accept 3DES with only two keys, nor does it accept
201 * to do CMAC with pure DES, so return NOT_SUPPORTED here. */
202 if( psa_get_key_type( attributes ) == PSA_KEY_TYPE_DES &&
203 ( psa_get_key_bits( attributes ) == 64 ||
204 psa_get_key_bits( attributes ) == 128 ) )
205 return( PSA_ERROR_NOT_SUPPORTED );
206#endif
207
Steven Cooreman094a77e2021-05-06 17:58:36 +0200[diff] [blame]208 const mbedtls_cipher_info_t * cipher_info =
Steven Cooremane6804192021-03-19 18:28:56 +0100[diff] [blame]209 mbedtls_cipher_info_from_psa(
210 PSA_ALG_CMAC,
211 psa_get_key_type( attributes ),
212 psa_get_key_bits( attributes ),
213 NULL );
214
Steven Cooreman094a77e2021-05-06 17:58:36 +0200[diff] [blame]215 if( cipher_info == NULL )
Steven Cooremane6804192021-03-19 18:28:56 +0100[diff] [blame]216 return( PSA_ERROR_NOT_SUPPORTED );
217
Steven Cooreman094a77e2021-05-06 17:58:36 +0200[diff] [blame]218 ret = mbedtls_cipher_setup( &operation->ctx.cmac, cipher_info );
Steven Cooremane6804192021-03-19 18:28:56 +0100[diff] [blame]219 if( ret != 0 )
220 goto exit;
221
222 ret = mbedtls_cipher_cmac_starts( &operation->ctx.cmac,
223 key_buffer,
224 psa_get_key_bits( attributes ) );
225exit:
226 return( mbedtls_to_psa_error( ret ) );
227}
228#endif /* BUILTIN_ALG_CMAC */
229
Steven Cooreman02865f52021-05-07 15:55:27 +0200[diff] [blame]230/* Implement the PSA driver MAC interface on top of mbed TLS if either the
231 * software driver or the test driver requires it. */
232#if defined(BUILTIN_ALG_HMAC) || defined(BUILTIN_ALG_CMAC)
233
Steven Cooremane6804192021-03-19 18:28:56 +0100[diff] [blame]234/* Initialize this driver's MAC operation structure. Once this function has been
235 * called, mbedtls_psa_mac_abort can run and will do the right thing. */
236static psa_status_t mac_init(
237 mbedtls_psa_mac_operation_t *operation,
238 psa_algorithm_t alg )
239{
Steven Cooremanba9a5bf2021-04-29 16:21:24 +0200[diff] [blame]240 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
Steven Cooremane6804192021-03-19 18:28:56 +0100[diff] [blame]241
Steven Cooreman72f736a2021-05-07 14:14:37 +0200[diff] [blame]242 operation->alg = alg;
Steven Cooremane6804192021-03-19 18:28:56 +0100[diff] [blame]243
244#if defined(BUILTIN_ALG_CMAC)
Steven Cooreman72f736a2021-05-07 14:14:37 +0200[diff] [blame]245 if( PSA_ALG_FULL_LENGTH_MAC( operation->alg ) == PSA_ALG_CMAC )
Steven Cooremane6804192021-03-19 18:28:56 +0100[diff] [blame]246 {
Steven Cooremane6804192021-03-19 18:28:56 +0100[diff] [blame]247 mbedtls_cipher_init( &operation->ctx.cmac );
248 status = PSA_SUCCESS;
249 }
250 else
251#endif /* BUILTIN_ALG_CMAC */
252#if defined(BUILTIN_ALG_HMAC)
253 if( PSA_ALG_IS_HMAC( operation->alg ) )
254 {
255 /* We'll set up the hash operation later in psa_hmac_setup_internal. */
256 operation->ctx.hmac.alg = 0;
257 status = PSA_SUCCESS;
258 }
259 else
260#endif /* BUILTIN_ALG_HMAC */
261 {
Steven Cooremanba9a5bf2021-04-29 16:21:24 +0200[diff] [blame]262 status = PSA_ERROR_NOT_SUPPORTED;
Steven Cooremane6804192021-03-19 18:28:56 +0100[diff] [blame]263 }
264
265 if( status != PSA_SUCCESS )
266 memset( operation, 0, sizeof( *operation ) );
267 return( status );
268}
269
270static psa_status_t mac_abort( mbedtls_psa_mac_operation_t *operation )
271{
272 if( operation->alg == 0 )
273 {
274 /* The object has (apparently) been initialized but it is not
275 * in use. It's ok to call abort on such an object, and there's
276 * nothing to do. */
277 return( PSA_SUCCESS );
278 }
279 else
280#if defined(BUILTIN_ALG_CMAC)
Steven Cooreman72f736a2021-05-07 14:14:37 +0200[diff] [blame]281 if( PSA_ALG_FULL_LENGTH_MAC( operation->alg ) == PSA_ALG_CMAC )
Steven Cooremane6804192021-03-19 18:28:56 +0100[diff] [blame]282 {
283 mbedtls_cipher_free( &operation->ctx.cmac );
284 }
285 else
286#endif /* BUILTIN_ALG_CMAC */
287#if defined(BUILTIN_ALG_HMAC)
288 if( PSA_ALG_IS_HMAC( operation->alg ) )
289 {
290 psa_hmac_abort_internal( &operation->ctx.hmac );
291 }
292 else
293#endif /* BUILTIN_ALG_HMAC */
294 {
295 /* Sanity check (shouldn't happen: operation->alg should
296 * always have been initialized to a valid value). */
297 goto bad_state;
298 }
299
300 operation->alg = 0;
Steven Cooremane6804192021-03-19 18:28:56 +0100[diff] [blame]301
302 return( PSA_SUCCESS );
303
304bad_state:
305 /* If abort is called on an uninitialized object, we can't trust
306 * anything. Wipe the object in case it contains confidential data.
307 * This may result in a memory leak if a pointer gets overwritten,
308 * but it's too late to do anything about this. */
309 memset( operation, 0, sizeof( *operation ) );
310 return( PSA_ERROR_BAD_STATE );
311}
312
313static psa_status_t mac_setup( mbedtls_psa_mac_operation_t *operation,
314 const psa_key_attributes_t *attributes,
315 const uint8_t *key_buffer,
316 size_t key_buffer_size,
Steven Cooreman72f736a2021-05-07 14:14:37 +0200[diff] [blame]317 psa_algorithm_t alg )
Steven Cooremane6804192021-03-19 18:28:56 +0100[diff] [blame]318{
319 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
320
321 /* A context must be freshly initialized before it can be set up. */
322 if( operation->alg != 0 )
Steven Cooremane6804192021-03-19 18:28:56 +0100[diff] [blame]323 return( PSA_ERROR_BAD_STATE );
Steven Cooremane6804192021-03-19 18:28:56 +0100[diff] [blame]324
325 status = mac_init( operation, alg );
326 if( status != PSA_SUCCESS )
327 return( status );
Steven Cooremane6804192021-03-19 18:28:56 +0100[diff] [blame]328
329#if defined(BUILTIN_ALG_CMAC)
330 if( PSA_ALG_FULL_LENGTH_MAC( alg ) == PSA_ALG_CMAC )
331 {
Steven Cooremandcd08112021-05-06 18:00:37 +0200[diff] [blame]332 /* Key buffer size for CMAC is dictated by the key bits set on the
333 * attributes, and previously validated by the core on key import. */
334 (void) key_buffer_size;
335 status = cmac_setup( operation, attributes, key_buffer );
Steven Cooremane6804192021-03-19 18:28:56 +0100[diff] [blame]336 }
337 else
338#endif /* BUILTIN_ALG_CMAC */
339#if defined(BUILTIN_ALG_HMAC)
340 if( PSA_ALG_IS_HMAC( alg ) )
341 {
Steven Cooremane6804192021-03-19 18:28:56 +0100[diff] [blame]342 status = psa_hmac_setup_internal( &operation->ctx.hmac,
343 key_buffer,
344 key_buffer_size,
345 PSA_ALG_HMAC_GET_HASH( alg ) );
346 }
347 else
348#endif /* BUILTIN_ALG_HMAC */
349 {
Steven Cooremanb29902a2021-05-10 09:47:05 +0200[diff] [blame^]350 (void) attributes;
351 (void) key_buffer;
352 (void) key_buffer_size;
Steven Cooremane6804192021-03-19 18:28:56 +0100[diff] [blame]353 status = PSA_ERROR_NOT_SUPPORTED;
354 }
355
Steven Cooremana4638e72021-04-29 16:24:36 +0200[diff] [blame]356 if( status != PSA_SUCCESS )
Steven Cooremane6804192021-03-19 18:28:56 +0100[diff] [blame]357 mac_abort( operation );
358
359 return( status );
360}
361
Steven Cooremand13a70f2021-03-19 15:24:23 +0100[diff] [blame]362static psa_status_t mac_compute(
363 const psa_key_attributes_t *attributes,
364 const uint8_t *key_buffer,
365 size_t key_buffer_size,
366 psa_algorithm_t alg,
367 const uint8_t *input,
368 size_t input_length,
369 uint8_t *mac,
370 size_t mac_size,
371 size_t *mac_length )
372{
Steven Cooreman82c66b62021-03-19 17:39:17 +0100[diff] [blame]373 /* One-shot MAC has not been implemented in this PSA implementation yet. */
Steven Cooremand13a70f2021-03-19 15:24:23 +0100[diff] [blame]374 (void) attributes;
375 (void) key_buffer;
376 (void) key_buffer_size;
377 (void) alg;
378 (void) input;
379 (void) input_length;
380 (void) mac;
381 (void) mac_size;
382 (void) mac_length;
383 return( PSA_ERROR_NOT_SUPPORTED );
384}
385
386static psa_status_t mac_sign_setup(
387 mbedtls_psa_mac_operation_t *operation,
388 const psa_key_attributes_t *attributes,
389 const uint8_t *key_buffer,
390 size_t key_buffer_size,
391 psa_algorithm_t alg )
392{
Steven Cooreman72f736a2021-05-07 14:14:37 +0200[diff] [blame]393 return( mac_setup( operation,
394 attributes, key_buffer, key_buffer_size, alg ) );
Steven Cooremand13a70f2021-03-19 15:24:23 +0100[diff] [blame]395}
396
397static psa_status_t mac_verify_setup(
398 mbedtls_psa_mac_operation_t *operation,
399 const psa_key_attributes_t *attributes,
400 const uint8_t *key_buffer,
401 size_t key_buffer_size,
402 psa_algorithm_t alg )
403{
Steven Cooreman72f736a2021-05-07 14:14:37 +0200[diff] [blame]404 return( mac_setup( operation,
405 attributes, key_buffer, key_buffer_size, alg ) );
Steven Cooremand13a70f2021-03-19 15:24:23 +0100[diff] [blame]406}
407
408static psa_status_t mac_update(
409 mbedtls_psa_mac_operation_t *operation,
410 const uint8_t *input,
411 size_t input_length )
412{
Steven Cooremana4638e72021-04-29 16:24:36 +0200[diff] [blame]413 if( operation->alg == 0 )
Steven Cooreman6e7f2912021-03-19 18:38:46 +0100[diff] [blame]414 return( PSA_ERROR_BAD_STATE );
Steven Cooreman6e7f2912021-03-19 18:38:46 +0100[diff] [blame]415
416#if defined(BUILTIN_ALG_CMAC)
Steven Cooreman72f736a2021-05-07 14:14:37 +0200[diff] [blame]417 if( PSA_ALG_FULL_LENGTH_MAC( operation->alg ) == PSA_ALG_CMAC )
Steven Cooreman6e7f2912021-03-19 18:38:46 +0100[diff] [blame]418 {
419 return( mbedtls_to_psa_error(
420 mbedtls_cipher_cmac_update( &operation->ctx.cmac,
421 input, input_length ) ) );
422 }
423 else
424#endif /* BUILTIN_ALG_CMAC */
425#if defined(BUILTIN_ALG_HMAC)
426 if( PSA_ALG_IS_HMAC( operation->alg ) )
427 {
Steven Cooremana6df6042021-04-29 19:32:25 +0200[diff] [blame]428 return( psa_hmac_update_internal( &operation->ctx.hmac,
429 input, input_length ) );
Steven Cooreman6e7f2912021-03-19 18:38:46 +0100[diff] [blame]430 }
431 else
432#endif /* BUILTIN_ALG_HMAC */
433 {
434 /* This shouldn't happen if `operation` was initialized by
435 * a setup function. */
Steven Cooremanb29902a2021-05-10 09:47:05 +0200[diff] [blame^]436 (void) input;
437 (void) input_length;
Steven Cooreman6e7f2912021-03-19 18:38:46 +0100[diff] [blame]438 return( PSA_ERROR_BAD_STATE );
439 }
Steven Cooremand13a70f2021-03-19 15:24:23 +0100[diff] [blame]440}
441
Steven Cooremana5b860a2021-03-19 19:04:39 +0100[diff] [blame]442static psa_status_t mac_finish_internal( mbedtls_psa_mac_operation_t *operation,
443 uint8_t *mac,
444 size_t mac_size )
445{
Steven Cooremana5b860a2021-03-19 19:04:39 +0100[diff] [blame]446#if defined(BUILTIN_ALG_CMAC)
Steven Cooreman72f736a2021-05-07 14:14:37 +0200[diff] [blame]447 if( PSA_ALG_FULL_LENGTH_MAC( operation->alg ) == PSA_ALG_CMAC )
Steven Cooremana5b860a2021-03-19 19:04:39 +0100[diff] [blame]448 {
449 uint8_t tmp[PSA_BLOCK_CIPHER_BLOCK_MAX_SIZE];
450 int ret = mbedtls_cipher_cmac_finish( &operation->ctx.cmac, tmp );
451 if( ret == 0 )
Steven Cooreman72f736a2021-05-07 14:14:37 +0200[diff] [blame]452 memcpy( mac, tmp, mac_size );
Steven Cooremana5b860a2021-03-19 19:04:39 +0100[diff] [blame]453 mbedtls_platform_zeroize( tmp, sizeof( tmp ) );
454 return( mbedtls_to_psa_error( ret ) );
455 }
456 else
457#endif /* BUILTIN_ALG_CMAC */
458#if defined(BUILTIN_ALG_HMAC)
459 if( PSA_ALG_IS_HMAC( operation->alg ) )
460 {
461 return( psa_hmac_finish_internal( &operation->ctx.hmac,
Steven Cooreman72f736a2021-05-07 14:14:37 +0200[diff] [blame]462 mac, mac_size ) );
Steven Cooremana5b860a2021-03-19 19:04:39 +0100[diff] [blame]463 }
464 else
465#endif /* BUILTIN_ALG_HMAC */
466 {
467 /* This shouldn't happen if `operation` was initialized by
468 * a setup function. */
Steven Cooreman72f736a2021-05-07 14:14:37 +0200[diff] [blame]469 (void) operation;
470 (void) mac;
471 (void) mac_size;
Steven Cooremana5b860a2021-03-19 19:04:39 +0100[diff] [blame]472 return( PSA_ERROR_BAD_STATE );
473 }
474}
475
Steven Cooremand13a70f2021-03-19 15:24:23 +0100[diff] [blame]476static psa_status_t mac_sign_finish(
477 mbedtls_psa_mac_operation_t *operation,
478 uint8_t *mac,
479 size_t mac_size,
480 size_t *mac_length )
481{
Steven Cooreman094a77e2021-05-06 17:58:36 +0200[diff] [blame]482 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
Steven Cooremana5b860a2021-03-19 19:04:39 +0100[diff] [blame]483
484 if( operation->alg == 0 )
485 return( PSA_ERROR_BAD_STATE );
486
Steven Cooremana5b860a2021-03-19 19:04:39 +0100[diff] [blame]487 status = mac_finish_internal( operation, mac, mac_size );
488
489 if( status == PSA_SUCCESS )
Steven Cooreman72f736a2021-05-07 14:14:37 +0200[diff] [blame]490 *mac_length = mac_size;
Steven Cooremana5b860a2021-03-19 19:04:39 +0100[diff] [blame]491
492 return( status );
493}
494
Steven Cooremand13a70f2021-03-19 15:24:23 +0100[diff] [blame]495static psa_status_t mac_verify_finish(
496 mbedtls_psa_mac_operation_t *operation,
497 const uint8_t *mac,
498 size_t mac_length )
499{
Steven Cooremana5b860a2021-03-19 19:04:39 +0100[diff] [blame]500 uint8_t actual_mac[PSA_MAC_MAX_SIZE];
Steven Cooreman094a77e2021-05-06 17:58:36 +0200[diff] [blame]501 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
Steven Cooremana5b860a2021-03-19 19:04:39 +0100[diff] [blame]502
503 if( operation->alg == 0 )
504 return( PSA_ERROR_BAD_STATE );
505
Steven Cooreman72f736a2021-05-07 14:14:37 +0200[diff] [blame]506 /* Consistency check: requested MAC length fits our local buffer */
507 if( mac_length > sizeof( actual_mac ) )
508 return( PSA_ERROR_INVALID_ARGUMENT );
Steven Cooremana5b860a2021-03-19 19:04:39 +0100[diff] [blame]509
Steven Cooreman72f736a2021-05-07 14:14:37 +0200[diff] [blame]510 status = mac_finish_internal( operation, actual_mac, mac_length );
Steven Cooremana5b860a2021-03-19 19:04:39 +0100[diff] [blame]511 if( status != PSA_SUCCESS )
512 goto cleanup;
513
Steven Cooreman36876a02021-04-29 16:37:59 +0200[diff] [blame]514 if( mbedtls_psa_safer_memcmp( mac, actual_mac, mac_length ) != 0 )
Steven Cooremana5b860a2021-03-19 19:04:39 +0100[diff] [blame]515 status = PSA_ERROR_INVALID_SIGNATURE;
516
517cleanup:
518 mbedtls_platform_zeroize( actual_mac, sizeof( actual_mac ) );
519
520 return( status );
Steven Cooremand13a70f2021-03-19 15:24:23 +0100[diff] [blame]521}
Steven Cooreman02865f52021-05-07 15:55:27 +0200[diff] [blame]522#endif /* BUILTIN_ALG_HMAC || BUILTIN_ALG_CMAC */
Steven Cooremand13a70f2021-03-19 15:24:23 +0100[diff] [blame]523
524#if defined(MBEDTLS_PSA_BUILTIN_MAC)
525psa_status_t mbedtls_psa_mac_compute(
526 const psa_key_attributes_t *attributes,
527 const uint8_t *key_buffer,
528 size_t key_buffer_size,
529 psa_algorithm_t alg,
530 const uint8_t *input,
531 size_t input_length,
532 uint8_t *mac,
533 size_t mac_size,
534 size_t *mac_length )
535{
536 return( mac_compute( attributes, key_buffer, key_buffer_size, alg,
537 input, input_length,
538 mac, mac_size, mac_length ) );
539}
540
541psa_status_t mbedtls_psa_mac_sign_setup(
542 mbedtls_psa_mac_operation_t *operation,
543 const psa_key_attributes_t *attributes,
544 const uint8_t *key_buffer,
545 size_t key_buffer_size,
546 psa_algorithm_t alg )
547{
548 return( mac_sign_setup( operation, attributes,
549 key_buffer, key_buffer_size, alg ) );
550}
551
552psa_status_t mbedtls_psa_mac_verify_setup(
553 mbedtls_psa_mac_operation_t *operation,
554 const psa_key_attributes_t *attributes,
555 const uint8_t *key_buffer,
556 size_t key_buffer_size,
557 psa_algorithm_t alg )
558{
559 return( mac_verify_setup( operation, attributes,
560 key_buffer, key_buffer_size, alg ) );
561}
562
563psa_status_t mbedtls_psa_mac_update(
564 mbedtls_psa_mac_operation_t *operation,
565 const uint8_t *input,
566 size_t input_length )
567{
568 return( mac_update( operation, input, input_length ) );
569}
570
571psa_status_t mbedtls_psa_mac_sign_finish(
572 mbedtls_psa_mac_operation_t *operation,
573 uint8_t *mac,
574 size_t mac_size,
575 size_t *mac_length )
576{
577 return( mac_sign_finish( operation, mac, mac_size, mac_length ) );
578}
579
580psa_status_t mbedtls_psa_mac_verify_finish(
581 mbedtls_psa_mac_operation_t *operation,
582 const uint8_t *mac,
583 size_t mac_length )
584{
585 return( mac_verify_finish( operation, mac, mac_length ) );
586}
587
588psa_status_t mbedtls_psa_mac_abort(
589 mbedtls_psa_mac_operation_t *operation )
590{
591 return( mac_abort( operation ) );
592}
593#endif /* MBEDTLS_PSA_BUILTIN_MAC */
594
595 /*
596 * BEYOND THIS POINT, TEST DRIVER ENTRY POINTS ONLY.
597 */
598#if defined(PSA_CRYPTO_DRIVER_TEST)
599
600static int is_mac_accelerated( psa_algorithm_t alg )
601{
602#if defined(MBEDTLS_PSA_ACCEL_ALG_HMAC)
603 if( PSA_ALG_IS_HMAC( alg ) )
604 return( 1 );
605#endif
606
607 switch( PSA_ALG_FULL_LENGTH_MAC( alg ) )
608 {
609#if defined(MBEDTLS_PSA_ACCEL_ALG_CMAC)
610 case PSA_ALG_CMAC:
611 return( 1 );
612#endif
613 default:
614 return( 0 );
615 }
616}
617
618psa_status_t mbedtls_transparent_test_driver_mac_compute(
619 const psa_key_attributes_t *attributes,
620 const uint8_t *key_buffer,
621 size_t key_buffer_size,
622 psa_algorithm_t alg,
623 const uint8_t *input,
624 size_t input_length,
625 uint8_t *mac,
626 size_t mac_size,
627 size_t *mac_length )
628{
629 if( is_mac_accelerated( alg ) )
630 return( mac_compute( attributes, key_buffer, key_buffer_size, alg,
631 input, input_length,
632 mac, mac_size, mac_length ) );
633 else
634 return( PSA_ERROR_NOT_SUPPORTED );
635}
636
637psa_status_t mbedtls_transparent_test_driver_mac_sign_setup(
638 mbedtls_transparent_test_driver_mac_operation_t *operation,
639 const psa_key_attributes_t *attributes,
640 const uint8_t *key_buffer,
641 size_t key_buffer_size,
642 psa_algorithm_t alg )
643{
644 if( is_mac_accelerated( alg ) )
645 return( mac_sign_setup( operation, attributes,
646 key_buffer, key_buffer_size, alg ) );
647 else
648 return( PSA_ERROR_NOT_SUPPORTED );
649}
650
651psa_status_t mbedtls_transparent_test_driver_mac_verify_setup(
652 mbedtls_transparent_test_driver_mac_operation_t *operation,
653 const psa_key_attributes_t *attributes,
654 const uint8_t *key_buffer,
655 size_t key_buffer_size,
656 psa_algorithm_t alg )
657{
658 if( is_mac_accelerated( alg ) )
659 return( mac_verify_setup( operation, attributes,
660 key_buffer, key_buffer_size, alg ) );
661 else
662 return( PSA_ERROR_NOT_SUPPORTED );
663}
664
665psa_status_t mbedtls_transparent_test_driver_mac_update(
666 mbedtls_transparent_test_driver_mac_operation_t *operation,
667 const uint8_t *input,
668 size_t input_length )
669{
670 if( is_mac_accelerated( operation->alg ) )
671 return( mac_update( operation, input, input_length ) );
672 else
673 return( PSA_ERROR_BAD_STATE );
674}
675
676psa_status_t mbedtls_transparent_test_driver_mac_sign_finish(
677 mbedtls_transparent_test_driver_mac_operation_t *operation,
678 uint8_t *mac,
679 size_t mac_size,
680 size_t *mac_length )
681{
682 if( is_mac_accelerated( operation->alg ) )
683 return( mac_sign_finish( operation, mac, mac_size, mac_length ) );
684 else
685 return( PSA_ERROR_BAD_STATE );
686}
687
688psa_status_t mbedtls_transparent_test_driver_mac_verify_finish(
689 mbedtls_transparent_test_driver_mac_operation_t *operation,
690 const uint8_t *mac,
691 size_t mac_length )
692{
693 if( is_mac_accelerated( operation->alg ) )
694 return( mac_verify_finish( operation, mac, mac_length ) );
695 else
696 return( PSA_ERROR_BAD_STATE );
697}
698
699psa_status_t mbedtls_transparent_test_driver_mac_abort(
700 mbedtls_transparent_test_driver_mac_operation_t *operation )
701{
702 return( mac_abort( operation ) );
703}
704
705psa_status_t mbedtls_opaque_test_driver_mac_compute(
706 const psa_key_attributes_t *attributes,
707 const uint8_t *key_buffer,
708 size_t key_buffer_size,
709 psa_algorithm_t alg,
710 const uint8_t *input,
711 size_t input_length,
712 uint8_t *mac,
713 size_t mac_size,
714 size_t *mac_length )
715{
716 /* Opaque driver testing is not implemented yet through this mechanism. */
717 (void) attributes;
718 (void) key_buffer;
719 (void) key_buffer_size;
720 (void) alg;
721 (void) input;
722 (void) input_length;
723 (void) mac;
724 (void) mac_size;
725 (void) mac_length;
726 return( PSA_ERROR_NOT_SUPPORTED );
727}
728
729psa_status_t mbedtls_opaque_test_driver_mac_sign_setup(
730 mbedtls_opaque_test_driver_mac_operation_t *operation,
731 const psa_key_attributes_t *attributes,
732 const uint8_t *key_buffer,
733 size_t key_buffer_size,
734 psa_algorithm_t alg )
735{
736 /* Opaque driver testing is not implemented yet through this mechanism. */
737 (void) operation;
738 (void) attributes;
739 (void) key_buffer;
740 (void) key_buffer_size;
741 (void) alg;
742 return( PSA_ERROR_NOT_SUPPORTED );
743}
744
745psa_status_t mbedtls_opaque_test_driver_mac_verify_setup(
746 mbedtls_opaque_test_driver_mac_operation_t *operation,
747 const psa_key_attributes_t *attributes,
748 const uint8_t *key_buffer,
749 size_t key_buffer_size,
750 psa_algorithm_t alg )
751{
752 /* Opaque driver testing is not implemented yet through this mechanism. */
753 (void) operation;
754 (void) attributes;
755 (void) key_buffer;
756 (void) key_buffer_size;
757 (void) alg;
758 return( PSA_ERROR_NOT_SUPPORTED );
759}
760
761psa_status_t mbedtls_opaque_test_driver_mac_update(
762 mbedtls_opaque_test_driver_mac_operation_t *operation,
763 const uint8_t *input,
764 size_t input_length )
765{
766 /* Opaque driver testing is not implemented yet through this mechanism. */
767 (void) operation;
768 (void) input;
769 (void) input_length;
770 return( PSA_ERROR_NOT_SUPPORTED );
771}
772
773psa_status_t mbedtls_opaque_test_driver_mac_sign_finish(
774 mbedtls_opaque_test_driver_mac_operation_t *operation,
775 uint8_t *mac,
776 size_t mac_size,
777 size_t *mac_length )
778{
779 /* Opaque driver testing is not implemented yet through this mechanism. */
780 (void) operation;
781 (void) mac;
782 (void) mac_size;
783 (void) mac_length;
784 return( PSA_ERROR_NOT_SUPPORTED );
785}
786
787psa_status_t mbedtls_opaque_test_driver_mac_verify_finish(
788 mbedtls_opaque_test_driver_mac_operation_t *operation,
789 const uint8_t *mac,
790 size_t mac_length )
791{
792 /* Opaque driver testing is not implemented yet through this mechanism. */
793 (void) operation;
794 (void) mac;
795 (void) mac_length;
796 return( PSA_ERROR_NOT_SUPPORTED );
797}
798
799psa_status_t mbedtls_opaque_test_driver_mac_abort(
800 mbedtls_opaque_test_driver_mac_operation_t *operation )
801{
802 /* Opaque driver testing is not implemented yet through this mechanism. */
803 (void) operation;
804 return( PSA_ERROR_NOT_SUPPORTED );
805}
806
807#endif /* PSA_CRYPTO_DRIVER_TEST */
808
809#endif /* MBEDTLS_PSA_CRYPTO_C */