/* * PSA MAC layer on top of Mbed TLS software crypto */ /* * Copyright The Mbed TLS Contributors * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef PSA_CRYPTO_MAC_H #define PSA_CRYPTO_MAC_H #include /** Calculate the MAC (message authentication code) of a message using Mbed TLS. * * \note The signature of this function is that of a PSA driver mac_compute * entry point. This function behaves as a mac_compute entry point as * defined in the PSA driver interface specification for transparent * drivers. * * \param[in] attributes The attributes of the key to use for the * operation. * \param[in] key_buffer The buffer containing the key to use for * computing the MAC. This buffer contains the key * in export representation as defined by * psa_export_key() (i.e. the raw key bytes). * \param key_buffer_size Size of the \p key_buffer buffer in bytes. * \param alg The MAC algorithm to use (\c PSA_ALG_XXX value * such that #PSA_ALG_IS_MAC(\p alg) is true). * \param[in] input Buffer containing the input message. * \param input_length Size of the \p input buffer in bytes. * \param[out] mac Buffer where the MAC value is to be written. * \param mac_size Size of the \p mac buffer in bytes. * \param[out] mac_length On success, the number of bytes * that make up the MAC value. * * \retval #PSA_SUCCESS * Success. * \retval #PSA_ERROR_NOT_SUPPORTED * \p alg is not supported. * \retval #PSA_ERROR_BUFFER_TOO_SMALL * \p mac_size is too small * \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription */ psa_status_t mbedtls_psa_mac_compute( const psa_key_attributes_t *attributes, const uint8_t *key_buffer, size_t key_buffer_size, psa_algorithm_t alg, const uint8_t *input, size_t input_length, uint8_t *mac, size_t mac_size, size_t *mac_length); /** Set up a multipart MAC calculation operation using Mbed TLS. * * \note The signature of this function is that of a PSA driver mac_sign_setup * entry point. This function behaves as a mac_sign_setup entry point as * defined in the PSA driver interface specification for transparent * drivers. * * \param[in,out] operation The operation object to set up. It must have * been initialized and not yet in use. * \param[in] attributes The attributes of the key to use for the * operation. * \param[in] key_buffer The buffer containing the key to use for * computing the MAC. This buffer contains the key * in export representation as defined by * psa_export_key() (i.e. the raw key bytes). * \param key_buffer_size Size of the \p key_buffer buffer in bytes. * \param alg The MAC algorithm to use (\c PSA_ALG_XXX value * such that #PSA_ALG_IS_MAC(\p alg) is true). * * \retval #PSA_SUCCESS * Success. * \retval #PSA_ERROR_NOT_SUPPORTED * \p alg is not supported. * \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription * \retval #PSA_ERROR_BAD_STATE * The operation state is not valid (it must be inactive). */ psa_status_t mbedtls_psa_mac_sign_setup( mbedtls_psa_mac_operation_t *operation, const psa_key_attributes_t *attributes, const uint8_t *key_buffer, size_t key_buffer_size, psa_algorithm_t alg); /** Set up a multipart MAC verification operation using Mbed TLS. * * \note The signature of this function is that of a PSA driver mac_verify_setup * entry point. This function behaves as a mac_verify_setup entry point as * defined in the PSA driver interface specification for transparent * drivers. * * \param[in,out] operation The operation object to set up. It must have * been initialized and not yet in use. * \param[in] attributes The attributes of the key to use for the * operation. * \param[in] key_buffer The buffer containing the key to use for * computing the MAC. This buffer contains the key * in export representation as defined by * psa_export_key() (i.e. the raw key bytes). * \param key_buffer_size Size of the \p key_buffer buffer in bytes. * \param alg The MAC algorithm to use (\c PSA_ALG_XXX value * such that #PSA_ALG_IS_MAC(\p alg) is true). * * \retval #PSA_SUCCESS * Success. * \retval #PSA_ERROR_NOT_SUPPORTED * \p alg is not supported. * \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription * \retval #PSA_ERROR_BAD_STATE * The operation state is not valid (it must be inactive). */ psa_status_t mbedtls_psa_mac_verify_setup( mbedtls_psa_mac_operation_t *operation, const psa_key_attributes_t *attributes, const uint8_t *key_buffer, size_t key_buffer_size, psa_algorithm_t alg); /** Add a message fragment to a multipart MAC operation using Mbed TLS. * * \note The signature of this function is that of a PSA driver mac_update * entry point. This function behaves as a mac_update entry point as * defined in the PSA driver interface specification for transparent * drivers. * * The PSA core calls mbedtls_psa_mac_sign_setup() or * mbedtls_psa_mac_verify_setup() before calling this function. * * If this function returns an error status, the PSA core aborts the * operation by calling mbedtls_psa_mac_abort(). * * \param[in,out] operation Active MAC operation. * \param[in] input Buffer containing the message fragment to add to * the MAC calculation. * \param input_length Size of the \p input buffer in bytes. * * \retval #PSA_SUCCESS * Success. * \retval #PSA_ERROR_BAD_STATE * The operation state is not valid (it must be active). * \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription */ psa_status_t mbedtls_psa_mac_update( mbedtls_psa_mac_operation_t *operation, const uint8_t *input, size_t input_length); /** Finish the calculation of the MAC of a message using Mbed TLS. * * \note The signature of this function is that of a PSA driver mac_sign_finish * entry point. This function behaves as a mac_sign_finish entry point as * defined in the PSA driver interface specification for transparent * drivers. * * The PSA core calls mbedtls_psa_mac_sign_setup() before calling this function. * This function calculates the MAC of the message formed by concatenating * the inputs passed to preceding calls to mbedtls_psa_mac_update(). * * Whether this function returns successfully or not, the PSA core subsequently * aborts the operation by calling mbedtls_psa_mac_abort(). * * \param[in,out] operation Active MAC operation. * \param[out] mac Buffer where the MAC value is to be written. * \param mac_size Output size requested for the MAC algorithm. The PSA * core guarantees this is a valid MAC length for the * algorithm and key combination passed to * mbedtls_psa_mac_sign_setup(). It also guarantees the * \p mac buffer is large enough to contain the * requested output size. * \param[out] mac_length On success, the number of bytes output to buffer * \p mac, which will be equal to the requested length * \p mac_size. * * \retval #PSA_SUCCESS * Success. * \retval #PSA_ERROR_BAD_STATE * The operation state is not valid (it must be an active mac sign * operation). * \retval #PSA_ERROR_BUFFER_TOO_SMALL * The size of the \p mac buffer is too small. A sufficient buffer size * can be determined by calling PSA_MAC_LENGTH(). * \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription */ psa_status_t mbedtls_psa_mac_sign_finish( mbedtls_psa_mac_operation_t *operation, uint8_t *mac, size_t mac_size, size_t *mac_length); /** Finish the calculation of the MAC of a message and compare it with * an expected value using Mbed TLS. * * \note The signature of this function is that of a PSA driver * mac_verify_finish entry point. This function behaves as a * mac_verify_finish entry point as defined in the PSA driver interface * specification for transparent drivers. * * The PSA core calls mbedtls_psa_mac_verify_setup() before calling this * function. This function calculates the MAC of the message formed by * concatenating the inputs passed to preceding calls to * mbedtls_psa_mac_update(). It then compares the calculated MAC with the * expected MAC passed as a parameter to this function. * * Whether this function returns successfully or not, the PSA core subsequently * aborts the operation by calling mbedtls_psa_mac_abort(). * * \param[in,out] operation Active MAC operation. * \param[in] mac Buffer containing the expected MAC value. * \param mac_length Length in bytes of the expected MAC value. The PSA * core guarantees that this length is a valid MAC * length for the algorithm and key combination passed * to mbedtls_psa_mac_verify_setup(). * * \retval #PSA_SUCCESS * The expected MAC is identical to the actual MAC of the message. * \retval #PSA_ERROR_INVALID_SIGNATURE * The MAC of the message was calculated successfully, but it * differs from the expected MAC. * \retval #PSA_ERROR_BAD_STATE * The operation state is not valid (it must be an active mac verify * operation). * \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription */ psa_status_t mbedtls_psa_mac_verify_finish( mbedtls_psa_mac_operation_t *operation, const uint8_t *mac, size_t mac_length); /** Abort a MAC operation using Mbed TLS. * * Aborting an operation frees all associated resources except for the * \p operation structure itself. Once aborted, the operation object * can be reused for another operation by calling * mbedtls_psa_mac_sign_setup() or mbedtls_psa_mac_verify_setup() again. * * The PSA core may call this function any time after the operation object has * been initialized by one of the methods described in * #mbedtls_psa_mac_operation_t. * * In particular, calling mbedtls_psa_mac_abort() after the operation has been * terminated by a call to mbedtls_psa_mac_abort(), * mbedtls_psa_mac_sign_finish() or mbedtls_psa_mac_verify_finish() is safe and * has no effect. * * \param[in,out] operation Initialized MAC operation. * * \retval #PSA_SUCCESS \emptydescription * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription */ psa_status_t mbedtls_psa_mac_abort( mbedtls_psa_mac_operation_t *operation); #endif /* PSA_CRYPTO_MAC_H */