TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / b4b9b2879c565a686d797514b0e853d161c6de92 / . / library / psa_crypto_mac.c
blob: 7122ecdd36c369f737807f0b7d50859317cb3486 [file] [log] [blame]
Steven Cooreman896d51e2021-03-19 15:24:23 +0100[diff] [blame]1/*
2 * PSA MAC layer on top of Mbed TLS software crypto
3 */
4/*
5 * Copyright The Mbed TLS Contributors
6 * SPDX-License-Identifier: Apache-2.0
7 *
8 * Licensed under the Apache License, Version 2.0 (the "License"); you may
9 * not use this file except in compliance with the License.
10 * You may obtain a copy of the License at
11 *
12 * http://www.apache.org/licenses/LICENSE-2.0
13 *
14 * Unless required by applicable law or agreed to in writing, software
15 * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
16 * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
17 * See the License for the specific language governing permissions and
18 * limitations under the License.
19 */
20
21#include "common.h"
22
23#if defined(MBEDTLS_PSA_CRYPTO_C)
24
25#include <psa/crypto.h>
26#include "psa_crypto_core.h"
27#include "psa_crypto_mac.h"
Steven Cooreman32d56942021-03-19 17:39:17 +0100[diff] [blame]28#include <mbedtls/md.h>
Steven Cooreman896d51e2021-03-19 15:24:23 +0100[diff] [blame]29
30#include <mbedtls/error.h>
31#include <string.h>
32
33/* Use builtin defines specific to this compilation unit, since the test driver
34 * relies on the software driver. */
35#if( defined(MBEDTLS_PSA_BUILTIN_ALG_CMAC) || \
36 ( defined(PSA_CRYPTO_DRIVER_TEST) && defined(MBEDTLS_PSA_ACCEL_ALG_CMAC) ) )
37#define BUILTIN_ALG_CMAC 1
38#endif
39#if( defined(MBEDTLS_PSA_BUILTIN_ALG_HMAC) || \
40 ( defined(PSA_CRYPTO_DRIVER_TEST) && defined(MBEDTLS_PSA_ACCEL_ALG_HMAC) ) )
41#define BUILTIN_ALG_HMAC 1
42#endif
43
Steven Cooreman32d56942021-03-19 17:39:17 +0100[diff] [blame]44#if defined(MBEDTLS_PSA_BUILTIN_ALG_HMAC) || defined(PSA_CRYPTO_DRIVER_TEST)
45static size_t psa_get_hash_block_size( psa_algorithm_t alg )
46{
47 switch( alg )
48 {
49 case PSA_ALG_MD2:
50 return( 16 );
51 case PSA_ALG_MD4:
52 return( 64 );
53 case PSA_ALG_MD5:
54 return( 64 );
55 case PSA_ALG_RIPEMD160:
56 return( 64 );
57 case PSA_ALG_SHA_1:
58 return( 64 );
59 case PSA_ALG_SHA_224:
60 return( 64 );
61 case PSA_ALG_SHA_256:
62 return( 64 );
63 case PSA_ALG_SHA_384:
64 return( 128 );
65 case PSA_ALG_SHA_512:
66 return( 128 );
67 default:
68 return( 0 );
69 }
70}
71
Steven Cooremanf64b25e2021-03-22 14:49:06 +0100[diff] [blame]72psa_status_t psa_hmac_abort_internal( psa_hmac_internal_data_t *hmac )
Steven Cooreman32d56942021-03-19 17:39:17 +0100[diff] [blame]73{
74 mbedtls_platform_zeroize( hmac->opad, sizeof( hmac->opad ) );
75 return( psa_hash_abort( &hmac->hash_ctx ) );
76}
77
Steven Cooremanf64b25e2021-03-22 14:49:06 +0100[diff] [blame]78psa_status_t psa_hmac_setup_internal( psa_hmac_internal_data_t *hmac,
Steven Cooreman32d56942021-03-19 17:39:17 +0100[diff] [blame]79 const uint8_t *key,
80 size_t key_length,
81 psa_algorithm_t hash_alg )
82{
83 uint8_t ipad[PSA_HMAC_MAX_HASH_BLOCK_SIZE];
84 size_t i;
85 size_t hash_size = PSA_HASH_LENGTH( hash_alg );
86 size_t block_size = psa_get_hash_block_size( hash_alg );
87 psa_status_t status;
88
89 hmac->alg = hash_alg;
90
91 /* Sanity checks on block_size, to guarantee that there won't be a buffer
92 * overflow below. This should never trigger if the hash algorithm
93 * is implemented correctly. */
94 /* The size checks against the ipad and opad buffers cannot be written
95 * `block_size > sizeof( ipad ) || block_size > sizeof( hmac->opad )`
96 * because that triggers -Wlogical-op on GCC 7.3. */
97 if( block_size > sizeof( ipad ) )
98 return( PSA_ERROR_NOT_SUPPORTED );
99 if( block_size > sizeof( hmac->opad ) )
100 return( PSA_ERROR_NOT_SUPPORTED );
101 if( block_size < hash_size )
102 return( PSA_ERROR_NOT_SUPPORTED );
103
104 if( key_length > block_size )
105 {
106 status = psa_hash_compute( hash_alg, key, key_length,
107 ipad, sizeof( ipad ), &key_length );
108 if( status != PSA_SUCCESS )
109 goto cleanup;
110 }
111 /* A 0-length key is not commonly used in HMAC when used as a MAC,
112 * but it is permitted. It is common when HMAC is used in HKDF, for
113 * example. Don't call `memcpy` in the 0-length because `key` could be
114 * an invalid pointer which would make the behavior undefined. */
115 else if( key_length != 0 )
116 memcpy( ipad, key, key_length );
117
118 /* ipad contains the key followed by garbage. Xor and fill with 0x36
119 * to create the ipad value. */
120 for( i = 0; i < key_length; i++ )
121 ipad[i] ^= 0x36;
122 memset( ipad + key_length, 0x36, block_size - key_length );
123
124 /* Copy the key material from ipad to opad, flipping the requisite bits,
125 * and filling the rest of opad with the requisite constant. */
126 for( i = 0; i < key_length; i++ )
127 hmac->opad[i] = ipad[i] ^ 0x36 ^ 0x5C;
128 memset( hmac->opad + key_length, 0x5C, block_size - key_length );
129
130 status = psa_hash_setup( &hmac->hash_ctx, hash_alg );
131 if( status != PSA_SUCCESS )
132 goto cleanup;
133
134 status = psa_hash_update( &hmac->hash_ctx, ipad, block_size );
135
136cleanup:
137 mbedtls_platform_zeroize( ipad, sizeof( ipad ) );
138
139 return( status );
140}
141
Steven Cooremanf64b25e2021-03-22 14:49:06 +0100[diff] [blame]142psa_status_t psa_hmac_update_internal( psa_hmac_internal_data_t *hmac,
Steven Cooreman76720f62021-03-22 12:21:10 +0100[diff] [blame]143 const uint8_t *data,
144 size_t data_length )
145{
146 return( psa_hash_update( &hmac->hash_ctx, data, data_length ) );
147}
148
Steven Cooremanf64b25e2021-03-22 14:49:06 +0100[diff] [blame]149psa_status_t psa_hmac_finish_internal( psa_hmac_internal_data_t *hmac,
Steven Cooreman32d56942021-03-19 17:39:17 +0100[diff] [blame]150 uint8_t *mac,
151 size_t mac_size )
152{
153 uint8_t tmp[MBEDTLS_MD_MAX_SIZE];
154 psa_algorithm_t hash_alg = hmac->alg;
155 size_t hash_size = 0;
156 size_t block_size = psa_get_hash_block_size( hash_alg );
157 psa_status_t status;
158
159 status = psa_hash_finish( &hmac->hash_ctx, tmp, sizeof( tmp ), &hash_size );
160 if( status != PSA_SUCCESS )
161 return( status );
162 /* From here on, tmp needs to be wiped. */
163
164 status = psa_hash_setup( &hmac->hash_ctx, hash_alg );
165 if( status != PSA_SUCCESS )
166 goto exit;
167
168 status = psa_hash_update( &hmac->hash_ctx, hmac->opad, block_size );
169 if( status != PSA_SUCCESS )
170 goto exit;
171
172 status = psa_hash_update( &hmac->hash_ctx, tmp, hash_size );
173 if( status != PSA_SUCCESS )
174 goto exit;
175
176 status = psa_hash_finish( &hmac->hash_ctx, tmp, sizeof( tmp ), &hash_size );
177 if( status != PSA_SUCCESS )
178 goto exit;
179
180 memcpy( mac, tmp, mac_size );
181
182exit:
183 mbedtls_platform_zeroize( tmp, hash_size );
184 return( status );
185}
Steven Cooreman76720f62021-03-22 12:21:10 +0100[diff] [blame]186
Steven Cooremanf64b25e2021-03-22 14:49:06 +0100[diff] [blame]187psa_status_t psa_hmac_clone_internal( const psa_hmac_internal_data_t *source,
188 psa_hmac_internal_data_t *destination )
Steven Cooreman76720f62021-03-22 12:21:10 +0100[diff] [blame]189{
190 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
191
192 destination->alg = source->alg;
193 destination->hash_ctx = psa_hash_operation_init();
194 status = psa_hash_clone( &source->hash_ctx, &destination->hash_ctx );
195 memcpy( destination->opad, source->opad, sizeof( destination->opad ) );
196
197 if( status != PSA_SUCCESS )
198 memset( destination, 0, sizeof( *destination ) );
199
200 return( status );
201}
Steven Cooreman32d56942021-03-19 17:39:17 +0100[diff] [blame]202#endif /* MBEDTLS_PSA_BUILTIN_ALG_HMAC || PSA_CRYPTO_DRIVER_TEST */
203
Steven Cooreman896d51e2021-03-19 15:24:23 +0100[diff] [blame]204/* Implement the PSA driver MAC interface on top of mbed TLS if either the
205 * software driver or the test driver requires it. */
206#if defined(MBEDTLS_PSA_BUILTIN_MAC) || defined(PSA_CRYPTO_DRIVER_TEST)
Steven Cooreman07897832021-03-19 18:28:56 +0100[diff] [blame]207
208#if defined(BUILTIN_ALG_CMAC)
209static psa_status_t cmac_setup( mbedtls_psa_mac_operation_t *operation,
210 const psa_key_attributes_t *attributes,
211 const uint8_t *key_buffer,
212 size_t key_buffer_size )
213{
214 int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
215 const mbedtls_cipher_info_t * cipher_info_tmp =
216 mbedtls_cipher_info_from_psa(
217 PSA_ALG_CMAC,
218 psa_get_key_type( attributes ),
219 psa_get_key_bits( attributes ),
220 NULL );
221
222 if( cipher_info_tmp == NULL )
223 return( PSA_ERROR_NOT_SUPPORTED );
224
225 if( key_buffer_size < PSA_BITS_TO_BYTES( psa_get_key_bits( attributes ) ) )
226 return( PSA_ERROR_INVALID_ARGUMENT );
227
228 ret = mbedtls_cipher_setup( &operation->ctx.cmac, cipher_info_tmp );
229 if( ret != 0 )
230 goto exit;
231
232 ret = mbedtls_cipher_cmac_starts( &operation->ctx.cmac,
233 key_buffer,
234 psa_get_key_bits( attributes ) );
235exit:
236 return( mbedtls_to_psa_error( ret ) );
237}
238#endif /* BUILTIN_ALG_CMAC */
239
240/* Initialize this driver's MAC operation structure. Once this function has been
241 * called, mbedtls_psa_mac_abort can run and will do the right thing. */
242static psa_status_t mac_init(
243 mbedtls_psa_mac_operation_t *operation,
244 psa_algorithm_t alg )
245{
Steven Cooreman6e6451e2021-04-29 16:21:24 +0200[diff] [blame]246 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
Steven Cooreman07897832021-03-19 18:28:56 +0100[diff] [blame]247
248 operation->alg = PSA_ALG_FULL_LENGTH_MAC( alg );
Steven Cooreman07897832021-03-19 18:28:56 +0100[diff] [blame]249 operation->has_input = 0;
250 operation->is_sign = 0;
251
252#if defined(BUILTIN_ALG_CMAC)
253 if( operation->alg == PSA_ALG_CMAC )
254 {
Steven Cooreman07897832021-03-19 18:28:56 +0100[diff] [blame]255 mbedtls_cipher_init( &operation->ctx.cmac );
256 status = PSA_SUCCESS;
257 }
258 else
259#endif /* BUILTIN_ALG_CMAC */
260#if defined(BUILTIN_ALG_HMAC)
261 if( PSA_ALG_IS_HMAC( operation->alg ) )
262 {
263 /* We'll set up the hash operation later in psa_hmac_setup_internal. */
264 operation->ctx.hmac.alg = 0;
265 status = PSA_SUCCESS;
266 }
267 else
268#endif /* BUILTIN_ALG_HMAC */
269 {
Steven Cooreman6e6451e2021-04-29 16:21:24 +0200[diff] [blame]270 status = PSA_ERROR_NOT_SUPPORTED;
Steven Cooreman07897832021-03-19 18:28:56 +0100[diff] [blame]271 }
272
273 if( status != PSA_SUCCESS )
274 memset( operation, 0, sizeof( *operation ) );
275 return( status );
276}
277
278static psa_status_t mac_abort( mbedtls_psa_mac_operation_t *operation )
279{
280 if( operation->alg == 0 )
281 {
282 /* The object has (apparently) been initialized but it is not
283 * in use. It's ok to call abort on such an object, and there's
284 * nothing to do. */
285 return( PSA_SUCCESS );
286 }
287 else
288#if defined(BUILTIN_ALG_CMAC)
289 if( operation->alg == PSA_ALG_CMAC )
290 {
291 mbedtls_cipher_free( &operation->ctx.cmac );
292 }
293 else
294#endif /* BUILTIN_ALG_CMAC */
295#if defined(BUILTIN_ALG_HMAC)
296 if( PSA_ALG_IS_HMAC( operation->alg ) )
297 {
298 psa_hmac_abort_internal( &operation->ctx.hmac );
299 }
300 else
301#endif /* BUILTIN_ALG_HMAC */
302 {
303 /* Sanity check (shouldn't happen: operation->alg should
304 * always have been initialized to a valid value). */
305 goto bad_state;
306 }
307
308 operation->alg = 0;
Steven Cooreman07897832021-03-19 18:28:56 +0100[diff] [blame]309 operation->has_input = 0;
310 operation->is_sign = 0;
311
312 return( PSA_SUCCESS );
313
314bad_state:
315 /* If abort is called on an uninitialized object, we can't trust
316 * anything. Wipe the object in case it contains confidential data.
317 * This may result in a memory leak if a pointer gets overwritten,
318 * but it's too late to do anything about this. */
319 memset( operation, 0, sizeof( *operation ) );
320 return( PSA_ERROR_BAD_STATE );
321}
322
323static psa_status_t mac_setup( mbedtls_psa_mac_operation_t *operation,
324 const psa_key_attributes_t *attributes,
325 const uint8_t *key_buffer,
326 size_t key_buffer_size,
327 psa_algorithm_t alg,
328 int is_sign )
329{
330 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
331
332 /* A context must be freshly initialized before it can be set up. */
333 if( operation->alg != 0 )
334 {
335 return( PSA_ERROR_BAD_STATE );
336 }
337
338 status = mac_init( operation, alg );
339 if( status != PSA_SUCCESS )
340 return( status );
341 if( is_sign )
342 operation->is_sign = 1;
343
344 /* Get the output length for the algorithm and key combination. None of the
345 * currently supported algorithms have an output length dependent on actual
346 * key size, so setting it to a bogus value is currently OK. */
347 operation->mac_size =
348 PSA_MAC_LENGTH( psa_get_key_type( attributes ), 0, alg );
349
350#if defined(BUILTIN_ALG_CMAC)
351 if( PSA_ALG_FULL_LENGTH_MAC( alg ) == PSA_ALG_CMAC )
352 {
353 status = cmac_setup( operation, attributes,
354 key_buffer, key_buffer_size );
355 }
356 else
357#endif /* BUILTIN_ALG_CMAC */
358#if defined(BUILTIN_ALG_HMAC)
359 if( PSA_ALG_IS_HMAC( alg ) )
360 {
361 /* Sanity check. This shouldn't fail on a valid configuration. */
362 if( operation->mac_size > sizeof( operation->ctx.hmac.opad ) )
363 {
364 status = PSA_ERROR_NOT_SUPPORTED;
365 goto exit;
366 }
367
368 if( psa_get_key_type( attributes ) != PSA_KEY_TYPE_HMAC )
369 {
370 status = PSA_ERROR_INVALID_ARGUMENT;
371 goto exit;
372 }
373
374 status = psa_hmac_setup_internal( &operation->ctx.hmac,
375 key_buffer,
376 key_buffer_size,
377 PSA_ALG_HMAC_GET_HASH( alg ) );
378 }
379 else
380#endif /* BUILTIN_ALG_HMAC */
381 {
382 status = PSA_ERROR_NOT_SUPPORTED;
383 }
384
385exit:
Steven Cooremanb4b9b282021-04-29 16:24:36 +0200[diff] [blame^]386 if( status != PSA_SUCCESS )
Steven Cooreman07897832021-03-19 18:28:56 +0100[diff] [blame]387 mac_abort( operation );
388
389 return( status );
390}
391
Steven Cooreman896d51e2021-03-19 15:24:23 +0100[diff] [blame]392static psa_status_t mac_compute(
393 const psa_key_attributes_t *attributes,
394 const uint8_t *key_buffer,
395 size_t key_buffer_size,
396 psa_algorithm_t alg,
397 const uint8_t *input,
398 size_t input_length,
399 uint8_t *mac,
400 size_t mac_size,
401 size_t *mac_length )
402{
Steven Cooreman32d56942021-03-19 17:39:17 +0100[diff] [blame]403 /* One-shot MAC has not been implemented in this PSA implementation yet. */
Steven Cooreman896d51e2021-03-19 15:24:23 +0100[diff] [blame]404 (void) attributes;
405 (void) key_buffer;
406 (void) key_buffer_size;
407 (void) alg;
408 (void) input;
409 (void) input_length;
410 (void) mac;
411 (void) mac_size;
412 (void) mac_length;
413 return( PSA_ERROR_NOT_SUPPORTED );
414}
415
416static psa_status_t mac_sign_setup(
417 mbedtls_psa_mac_operation_t *operation,
418 const psa_key_attributes_t *attributes,
419 const uint8_t *key_buffer,
420 size_t key_buffer_size,
421 psa_algorithm_t alg )
422{
Steven Cooreman07897832021-03-19 18:28:56 +0100[diff] [blame]423 return( mac_setup( operation, attributes, key_buffer, key_buffer_size, alg,
424 1 ) );
Steven Cooreman896d51e2021-03-19 15:24:23 +0100[diff] [blame]425}
426
427static psa_status_t mac_verify_setup(
428 mbedtls_psa_mac_operation_t *operation,
429 const psa_key_attributes_t *attributes,
430 const uint8_t *key_buffer,
431 size_t key_buffer_size,
432 psa_algorithm_t alg )
433{
Steven Cooreman07897832021-03-19 18:28:56 +0100[diff] [blame]434 return( mac_setup( operation, attributes, key_buffer, key_buffer_size, alg,
435 0 ) );
Steven Cooreman896d51e2021-03-19 15:24:23 +0100[diff] [blame]436}
437
438static psa_status_t mac_update(
439 mbedtls_psa_mac_operation_t *operation,
440 const uint8_t *input,
441 size_t input_length )
442{
Steven Cooremanb4b9b282021-04-29 16:24:36 +0200[diff] [blame^]443 if( operation->alg == 0 )
Steven Cooreman11743f92021-03-19 18:38:46 +0100[diff] [blame]444 return( PSA_ERROR_BAD_STATE );
Steven Cooreman11743f92021-03-19 18:38:46 +0100[diff] [blame]445 operation->has_input = 1;
446
447#if defined(BUILTIN_ALG_CMAC)
448 if( operation->alg == PSA_ALG_CMAC )
449 {
450 return( mbedtls_to_psa_error(
451 mbedtls_cipher_cmac_update( &operation->ctx.cmac,
452 input, input_length ) ) );
453 }
454 else
455#endif /* BUILTIN_ALG_CMAC */
456#if defined(BUILTIN_ALG_HMAC)
457 if( PSA_ALG_IS_HMAC( operation->alg ) )
458 {
459 return( psa_hash_update( &operation->ctx.hmac.hash_ctx, input,
460 input_length ) );
461 }
462 else
463#endif /* BUILTIN_ALG_HMAC */
464 {
465 /* This shouldn't happen if `operation` was initialized by
466 * a setup function. */
467 return( PSA_ERROR_BAD_STATE );
468 }
Steven Cooreman896d51e2021-03-19 15:24:23 +0100[diff] [blame]469}
470
Steven Cooreman87885df2021-03-19 19:04:39 +0100[diff] [blame]471static psa_status_t mac_finish_internal( mbedtls_psa_mac_operation_t *operation,
472 uint8_t *mac,
473 size_t mac_size )
474{
Steven Cooremanb4b9b282021-04-29 16:24:36 +0200[diff] [blame^]475 if( operation->alg == 0 )
Steven Cooreman87885df2021-03-19 19:04:39 +0100[diff] [blame]476 return( PSA_ERROR_BAD_STATE );
Steven Cooreman87885df2021-03-19 19:04:39 +0100[diff] [blame]477 if( mac_size < operation->mac_size )
478 return( PSA_ERROR_BUFFER_TOO_SMALL );
479
480#if defined(BUILTIN_ALG_CMAC)
481 if( operation->alg == PSA_ALG_CMAC )
482 {
483 uint8_t tmp[PSA_BLOCK_CIPHER_BLOCK_MAX_SIZE];
484 int ret = mbedtls_cipher_cmac_finish( &operation->ctx.cmac, tmp );
485 if( ret == 0 )
486 memcpy( mac, tmp, operation->mac_size );
487 mbedtls_platform_zeroize( tmp, sizeof( tmp ) );
488 return( mbedtls_to_psa_error( ret ) );
489 }
490 else
491#endif /* BUILTIN_ALG_CMAC */
492#if defined(BUILTIN_ALG_HMAC)
493 if( PSA_ALG_IS_HMAC( operation->alg ) )
494 {
495 return( psa_hmac_finish_internal( &operation->ctx.hmac,
496 mac, operation->mac_size ) );
497 }
498 else
499#endif /* BUILTIN_ALG_HMAC */
500 {
501 /* This shouldn't happen if `operation` was initialized by
502 * a setup function. */
503 return( PSA_ERROR_BAD_STATE );
504 }
505}
506
Steven Cooreman896d51e2021-03-19 15:24:23 +0100[diff] [blame]507static psa_status_t mac_sign_finish(
508 mbedtls_psa_mac_operation_t *operation,
509 uint8_t *mac,
510 size_t mac_size,
511 size_t *mac_length )
512{
Steven Cooreman87885df2021-03-19 19:04:39 +0100[diff] [blame]513 psa_status_t status;
514
515 if( operation->alg == 0 )
516 return( PSA_ERROR_BAD_STATE );
517
518 if( ! operation->is_sign )
519 return( PSA_ERROR_BAD_STATE );
520
521 status = mac_finish_internal( operation, mac, mac_size );
522
523 if( status == PSA_SUCCESS )
524 *mac_length = operation->mac_size;
525
526 return( status );
527}
528
529/* constant-time buffer comparison */
530static inline int safer_memcmp( const uint8_t *a, const uint8_t *b, size_t n )
531{
532 size_t i;
533 unsigned char diff = 0;
534
535 for( i = 0; i < n; i++ )
536 diff |= a[i] ^ b[i];
537
538 return( diff );
Steven Cooreman896d51e2021-03-19 15:24:23 +0100[diff] [blame]539}
540
541static psa_status_t mac_verify_finish(
542 mbedtls_psa_mac_operation_t *operation,
543 const uint8_t *mac,
544 size_t mac_length )
545{
Steven Cooreman87885df2021-03-19 19:04:39 +0100[diff] [blame]546 uint8_t actual_mac[PSA_MAC_MAX_SIZE];
547 psa_status_t status;
548
549 if( operation->alg == 0 )
550 return( PSA_ERROR_BAD_STATE );
551
552 if( operation->is_sign )
553 return( PSA_ERROR_BAD_STATE );
554
555 if( operation->mac_size != mac_length )
556 {
557 status = PSA_ERROR_INVALID_SIGNATURE;
558 goto cleanup;
559 }
560
561 status = mac_finish_internal( operation, actual_mac, sizeof( actual_mac ) );
562 if( status != PSA_SUCCESS )
563 goto cleanup;
564
565 if( safer_memcmp( mac, actual_mac, mac_length ) != 0 )
566 status = PSA_ERROR_INVALID_SIGNATURE;
567
568cleanup:
569 mbedtls_platform_zeroize( actual_mac, sizeof( actual_mac ) );
570
571 return( status );
Steven Cooreman896d51e2021-03-19 15:24:23 +0100[diff] [blame]572}
Steven Cooreman896d51e2021-03-19 15:24:23 +0100[diff] [blame]573#endif /* MBEDTLS_PSA_BUILTIN_MAC || PSA_CRYPTO_DRIVER_TEST */
574
575#if defined(MBEDTLS_PSA_BUILTIN_MAC)
576psa_status_t mbedtls_psa_mac_compute(
577 const psa_key_attributes_t *attributes,
578 const uint8_t *key_buffer,
579 size_t key_buffer_size,
580 psa_algorithm_t alg,
581 const uint8_t *input,
582 size_t input_length,
583 uint8_t *mac,
584 size_t mac_size,
585 size_t *mac_length )
586{
587 return( mac_compute( attributes, key_buffer, key_buffer_size, alg,
588 input, input_length,
589 mac, mac_size, mac_length ) );
590}
591
592psa_status_t mbedtls_psa_mac_sign_setup(
593 mbedtls_psa_mac_operation_t *operation,
594 const psa_key_attributes_t *attributes,
595 const uint8_t *key_buffer,
596 size_t key_buffer_size,
597 psa_algorithm_t alg )
598{
599 return( mac_sign_setup( operation, attributes,
600 key_buffer, key_buffer_size, alg ) );
601}
602
603psa_status_t mbedtls_psa_mac_verify_setup(
604 mbedtls_psa_mac_operation_t *operation,
605 const psa_key_attributes_t *attributes,
606 const uint8_t *key_buffer,
607 size_t key_buffer_size,
608 psa_algorithm_t alg )
609{
610 return( mac_verify_setup( operation, attributes,
611 key_buffer, key_buffer_size, alg ) );
612}
613
614psa_status_t mbedtls_psa_mac_update(
615 mbedtls_psa_mac_operation_t *operation,
616 const uint8_t *input,
617 size_t input_length )
618{
619 return( mac_update( operation, input, input_length ) );
620}
621
622psa_status_t mbedtls_psa_mac_sign_finish(
623 mbedtls_psa_mac_operation_t *operation,
624 uint8_t *mac,
625 size_t mac_size,
626 size_t *mac_length )
627{
628 return( mac_sign_finish( operation, mac, mac_size, mac_length ) );
629}
630
631psa_status_t mbedtls_psa_mac_verify_finish(
632 mbedtls_psa_mac_operation_t *operation,
633 const uint8_t *mac,
634 size_t mac_length )
635{
636 return( mac_verify_finish( operation, mac, mac_length ) );
637}
638
639psa_status_t mbedtls_psa_mac_abort(
640 mbedtls_psa_mac_operation_t *operation )
641{
642 return( mac_abort( operation ) );
643}
644#endif /* MBEDTLS_PSA_BUILTIN_MAC */
645
646 /*
647 * BEYOND THIS POINT, TEST DRIVER ENTRY POINTS ONLY.
648 */
649#if defined(PSA_CRYPTO_DRIVER_TEST)
650
651static int is_mac_accelerated( psa_algorithm_t alg )
652{
653#if defined(MBEDTLS_PSA_ACCEL_ALG_HMAC)
654 if( PSA_ALG_IS_HMAC( alg ) )
655 return( 1 );
656#endif
657
658 switch( PSA_ALG_FULL_LENGTH_MAC( alg ) )
659 {
660#if defined(MBEDTLS_PSA_ACCEL_ALG_CMAC)
661 case PSA_ALG_CMAC:
662 return( 1 );
663#endif
664 default:
665 return( 0 );
666 }
667}
668
669psa_status_t mbedtls_transparent_test_driver_mac_compute(
670 const psa_key_attributes_t *attributes,
671 const uint8_t *key_buffer,
672 size_t key_buffer_size,
673 psa_algorithm_t alg,
674 const uint8_t *input,
675 size_t input_length,
676 uint8_t *mac,
677 size_t mac_size,
678 size_t *mac_length )
679{
680 if( is_mac_accelerated( alg ) )
681 return( mac_compute( attributes, key_buffer, key_buffer_size, alg,
682 input, input_length,
683 mac, mac_size, mac_length ) );
684 else
685 return( PSA_ERROR_NOT_SUPPORTED );
686}
687
688psa_status_t mbedtls_transparent_test_driver_mac_sign_setup(
689 mbedtls_transparent_test_driver_mac_operation_t *operation,
690 const psa_key_attributes_t *attributes,
691 const uint8_t *key_buffer,
692 size_t key_buffer_size,
693 psa_algorithm_t alg )
694{
695 if( is_mac_accelerated( alg ) )
696 return( mac_sign_setup( operation, attributes,
697 key_buffer, key_buffer_size, alg ) );
698 else
699 return( PSA_ERROR_NOT_SUPPORTED );
700}
701
702psa_status_t mbedtls_transparent_test_driver_mac_verify_setup(
703 mbedtls_transparent_test_driver_mac_operation_t *operation,
704 const psa_key_attributes_t *attributes,
705 const uint8_t *key_buffer,
706 size_t key_buffer_size,
707 psa_algorithm_t alg )
708{
709 if( is_mac_accelerated( alg ) )
710 return( mac_verify_setup( operation, attributes,
711 key_buffer, key_buffer_size, alg ) );
712 else
713 return( PSA_ERROR_NOT_SUPPORTED );
714}
715
716psa_status_t mbedtls_transparent_test_driver_mac_update(
717 mbedtls_transparent_test_driver_mac_operation_t *operation,
718 const uint8_t *input,
719 size_t input_length )
720{
721 if( is_mac_accelerated( operation->alg ) )
722 return( mac_update( operation, input, input_length ) );
723 else
724 return( PSA_ERROR_BAD_STATE );
725}
726
727psa_status_t mbedtls_transparent_test_driver_mac_sign_finish(
728 mbedtls_transparent_test_driver_mac_operation_t *operation,
729 uint8_t *mac,
730 size_t mac_size,
731 size_t *mac_length )
732{
733 if( is_mac_accelerated( operation->alg ) )
734 return( mac_sign_finish( operation, mac, mac_size, mac_length ) );
735 else
736 return( PSA_ERROR_BAD_STATE );
737}
738
739psa_status_t mbedtls_transparent_test_driver_mac_verify_finish(
740 mbedtls_transparent_test_driver_mac_operation_t *operation,
741 const uint8_t *mac,
742 size_t mac_length )
743{
744 if( is_mac_accelerated( operation->alg ) )
745 return( mac_verify_finish( operation, mac, mac_length ) );
746 else
747 return( PSA_ERROR_BAD_STATE );
748}
749
750psa_status_t mbedtls_transparent_test_driver_mac_abort(
751 mbedtls_transparent_test_driver_mac_operation_t *operation )
752{
753 return( mac_abort( operation ) );
754}
755
756psa_status_t mbedtls_opaque_test_driver_mac_compute(
757 const psa_key_attributes_t *attributes,
758 const uint8_t *key_buffer,
759 size_t key_buffer_size,
760 psa_algorithm_t alg,
761 const uint8_t *input,
762 size_t input_length,
763 uint8_t *mac,
764 size_t mac_size,
765 size_t *mac_length )
766{
767 /* Opaque driver testing is not implemented yet through this mechanism. */
768 (void) attributes;
769 (void) key_buffer;
770 (void) key_buffer_size;
771 (void) alg;
772 (void) input;
773 (void) input_length;
774 (void) mac;
775 (void) mac_size;
776 (void) mac_length;
777 return( PSA_ERROR_NOT_SUPPORTED );
778}
779
780psa_status_t mbedtls_opaque_test_driver_mac_sign_setup(
781 mbedtls_opaque_test_driver_mac_operation_t *operation,
782 const psa_key_attributes_t *attributes,
783 const uint8_t *key_buffer,
784 size_t key_buffer_size,
785 psa_algorithm_t alg )
786{
787 /* Opaque driver testing is not implemented yet through this mechanism. */
788 (void) operation;
789 (void) attributes;
790 (void) key_buffer;
791 (void) key_buffer_size;
792 (void) alg;
793 return( PSA_ERROR_NOT_SUPPORTED );
794}
795
796psa_status_t mbedtls_opaque_test_driver_mac_verify_setup(
797 mbedtls_opaque_test_driver_mac_operation_t *operation,
798 const psa_key_attributes_t *attributes,
799 const uint8_t *key_buffer,
800 size_t key_buffer_size,
801 psa_algorithm_t alg )
802{
803 /* Opaque driver testing is not implemented yet through this mechanism. */
804 (void) operation;
805 (void) attributes;
806 (void) key_buffer;
807 (void) key_buffer_size;
808 (void) alg;
809 return( PSA_ERROR_NOT_SUPPORTED );
810}
811
812psa_status_t mbedtls_opaque_test_driver_mac_update(
813 mbedtls_opaque_test_driver_mac_operation_t *operation,
814 const uint8_t *input,
815 size_t input_length )
816{
817 /* Opaque driver testing is not implemented yet through this mechanism. */
818 (void) operation;
819 (void) input;
820 (void) input_length;
821 return( PSA_ERROR_NOT_SUPPORTED );
822}
823
824psa_status_t mbedtls_opaque_test_driver_mac_sign_finish(
825 mbedtls_opaque_test_driver_mac_operation_t *operation,
826 uint8_t *mac,
827 size_t mac_size,
828 size_t *mac_length )
829{
830 /* Opaque driver testing is not implemented yet through this mechanism. */
831 (void) operation;
832 (void) mac;
833 (void) mac_size;
834 (void) mac_length;
835 return( PSA_ERROR_NOT_SUPPORTED );
836}
837
838psa_status_t mbedtls_opaque_test_driver_mac_verify_finish(
839 mbedtls_opaque_test_driver_mac_operation_t *operation,
840 const uint8_t *mac,
841 size_t mac_length )
842{
843 /* Opaque driver testing is not implemented yet through this mechanism. */
844 (void) operation;
845 (void) mac;
846 (void) mac_length;
847 return( PSA_ERROR_NOT_SUPPORTED );
848}
849
850psa_status_t mbedtls_opaque_test_driver_mac_abort(
851 mbedtls_opaque_test_driver_mac_operation_t *operation )
852{
853 /* Opaque driver testing is not implemented yet through this mechanism. */
854 (void) operation;
855 return( PSA_ERROR_NOT_SUPPORTED );
856}
857
858#endif /* PSA_CRYPTO_DRIVER_TEST */
859
860#endif /* MBEDTLS_PSA_CRYPTO_C */