1 /* 2 * PSA MAC layer on top of Mbed TLS software crypto 3 */ 4 /* 5 * Copyright The Mbed TLS Contributors 6 * SPDX-License-Identifier: Apache-2.0 7 * 8 * Licensed under the Apache License, Version 2.0 (the "License"); you may 9 * not use this file except in compliance with the License. 10 * You may obtain a copy of the License at 11 * 12 * http://www.apache.org/licenses/LICENSE-2.0 13 * 14 * Unless required by applicable law or agreed to in writing, software 15 * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 16 * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 17 * See the License for the specific language governing permissions and 18 * limitations under the License. 19 */ 20 21 #ifndef PSA_CRYPTO_MAC_H 22 #define PSA_CRYPTO_MAC_H 23 24 #include <psa/crypto.h> 25 26 /** Calculate the MAC (message authentication code) of a message using Mbed TLS. 27 * 28 * \note The signature of this function is that of a PSA driver mac_compute 29 * entry point. This function behaves as a mac_compute entry point as 30 * defined in the PSA driver interface specification for transparent 31 * drivers. 32 * 33 * \param[in] attributes The attributes of the key to use for the 34 * operation. 35 * \param[in] key_buffer The buffer containing the key to use for 36 * computing the MAC. This buffer contains the key 37 * in export representation as defined by 38 * psa_export_key() (i.e. the raw key bytes). 39 * \param key_buffer_size Size of the \p key_buffer buffer in bytes. 40 * \param alg The MAC algorithm to use (\c PSA_ALG_XXX value 41 * such that #PSA_ALG_IS_MAC(\p alg) is true). 42 * \param[in] input Buffer containing the input message. 43 * \param input_length Size of the \p input buffer in bytes. 44 * \param[out] mac Buffer where the MAC value is to be written. 45 * \param mac_size Size of the \p mac buffer in bytes. 46 * \param[out] mac_length On success, the number of bytes 47 * that make up the MAC value. 48 * 49 * \retval #PSA_SUCCESS 50 * Success. 51 * \retval #PSA_ERROR_NOT_SUPPORTED 52 * \p alg is not supported. 53 * \retval #PSA_ERROR_BUFFER_TOO_SMALL 54 * \p mac_size is too small 55 * \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription 56 * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription 57 */ 58 psa_status_t mbedtls_psa_mac_compute( 59 const psa_key_attributes_t *attributes, 60 const uint8_t *key_buffer, 61 size_t key_buffer_size, 62 psa_algorithm_t alg, 63 const uint8_t *input, 64 size_t input_length, 65 uint8_t *mac, 66 size_t mac_size, 67 size_t *mac_length); 68 69 /** Set up a multipart MAC calculation operation using Mbed TLS. 70 * 71 * \note The signature of this function is that of a PSA driver mac_sign_setup 72 * entry point. This function behaves as a mac_sign_setup entry point as 73 * defined in the PSA driver interface specification for transparent 74 * drivers. 75 * 76 * \param[in,out] operation The operation object to set up. It must have 77 * been initialized and not yet in use. 78 * \param[in] attributes The attributes of the key to use for the 79 * operation. 80 * \param[in] key_buffer The buffer containing the key to use for 81 * computing the MAC. This buffer contains the key 82 * in export representation as defined by 83 * psa_export_key() (i.e. the raw key bytes). 84 * \param key_buffer_size Size of the \p key_buffer buffer in bytes. 85 * \param alg The MAC algorithm to use (\c PSA_ALG_XXX value 86 * such that #PSA_ALG_IS_MAC(\p alg) is true). 87 * 88 * \retval #PSA_SUCCESS 89 * Success. 90 * \retval #PSA_ERROR_NOT_SUPPORTED 91 * \p alg is not supported. 92 * \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription 93 * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription 94 * \retval #PSA_ERROR_BAD_STATE 95 * The operation state is not valid (it must be inactive). 96 */ 97 psa_status_t mbedtls_psa_mac_sign_setup( 98 mbedtls_psa_mac_operation_t *operation, 99 const psa_key_attributes_t *attributes, 100 const uint8_t *key_buffer, 101 size_t key_buffer_size, 102 psa_algorithm_t alg); 103 104 /** Set up a multipart MAC verification operation using Mbed TLS. 105 * 106 * \note The signature of this function is that of a PSA driver mac_verify_setup 107 * entry point. This function behaves as a mac_verify_setup entry point as 108 * defined in the PSA driver interface specification for transparent 109 * drivers. 110 * 111 * \param[in,out] operation The operation object to set up. It must have 112 * been initialized and not yet in use. 113 * \param[in] attributes The attributes of the key to use for the 114 * operation. 115 * \param[in] key_buffer The buffer containing the key to use for 116 * computing the MAC. This buffer contains the key 117 * in export representation as defined by 118 * psa_export_key() (i.e. the raw key bytes). 119 * \param key_buffer_size Size of the \p key_buffer buffer in bytes. 120 * \param alg The MAC algorithm to use (\c PSA_ALG_XXX value 121 * such that #PSA_ALG_IS_MAC(\p alg) is true). 122 * 123 * \retval #PSA_SUCCESS 124 * Success. 125 * \retval #PSA_ERROR_NOT_SUPPORTED 126 * \p alg is not supported. 127 * \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription 128 * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription 129 * \retval #PSA_ERROR_BAD_STATE 130 * The operation state is not valid (it must be inactive). 131 */ 132 psa_status_t mbedtls_psa_mac_verify_setup( 133 mbedtls_psa_mac_operation_t *operation, 134 const psa_key_attributes_t *attributes, 135 const uint8_t *key_buffer, 136 size_t key_buffer_size, 137 psa_algorithm_t alg); 138 139 /** Add a message fragment to a multipart MAC operation using Mbed TLS. 140 * 141 * \note The signature of this function is that of a PSA driver mac_update 142 * entry point. This function behaves as a mac_update entry point as 143 * defined in the PSA driver interface specification for transparent 144 * drivers. 145 * 146 * The PSA core calls mbedtls_psa_mac_sign_setup() or 147 * mbedtls_psa_mac_verify_setup() before calling this function. 148 * 149 * If this function returns an error status, the PSA core aborts the 150 * operation by calling mbedtls_psa_mac_abort(). 151 * 152 * \param[in,out] operation Active MAC operation. 153 * \param[in] input Buffer containing the message fragment to add to 154 * the MAC calculation. 155 * \param input_length Size of the \p input buffer in bytes. 156 * 157 * \retval #PSA_SUCCESS 158 * Success. 159 * \retval #PSA_ERROR_BAD_STATE 160 * The operation state is not valid (it must be active). 161 * \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription 162 * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription 163 */ 164 psa_status_t mbedtls_psa_mac_update( 165 mbedtls_psa_mac_operation_t *operation, 166 const uint8_t *input, 167 size_t input_length); 168 169 /** Finish the calculation of the MAC of a message using Mbed TLS. 170 * 171 * \note The signature of this function is that of a PSA driver mac_sign_finish 172 * entry point. This function behaves as a mac_sign_finish entry point as 173 * defined in the PSA driver interface specification for transparent 174 * drivers. 175 * 176 * The PSA core calls mbedtls_psa_mac_sign_setup() before calling this function. 177 * This function calculates the MAC of the message formed by concatenating 178 * the inputs passed to preceding calls to mbedtls_psa_mac_update(). 179 * 180 * Whether this function returns successfully or not, the PSA core subsequently 181 * aborts the operation by calling mbedtls_psa_mac_abort(). 182 * 183 * \param[in,out] operation Active MAC operation. 184 * \param[out] mac Buffer where the MAC value is to be written. 185 * \param mac_size Output size requested for the MAC algorithm. The PSA 186 * core guarantees this is a valid MAC length for the 187 * algorithm and key combination passed to 188 * mbedtls_psa_mac_sign_setup(). It also guarantees the 189 * \p mac buffer is large enough to contain the 190 * requested output size. 191 * \param[out] mac_length On success, the number of bytes output to buffer 192 * \p mac, which will be equal to the requested length 193 * \p mac_size. 194 * 195 * \retval #PSA_SUCCESS 196 * Success. 197 * \retval #PSA_ERROR_BAD_STATE 198 * The operation state is not valid (it must be an active mac sign 199 * operation). 200 * \retval #PSA_ERROR_BUFFER_TOO_SMALL 201 * The size of the \p mac buffer is too small. A sufficient buffer size 202 * can be determined by calling PSA_MAC_LENGTH(). 203 * \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription 204 * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription 205 */ 206 psa_status_t mbedtls_psa_mac_sign_finish( 207 mbedtls_psa_mac_operation_t *operation, 208 uint8_t *mac, 209 size_t mac_size, 210 size_t *mac_length); 211 212 /** Finish the calculation of the MAC of a message and compare it with 213 * an expected value using Mbed TLS. 214 * 215 * \note The signature of this function is that of a PSA driver 216 * mac_verify_finish entry point. This function behaves as a 217 * mac_verify_finish entry point as defined in the PSA driver interface 218 * specification for transparent drivers. 219 * 220 * The PSA core calls mbedtls_psa_mac_verify_setup() before calling this 221 * function. This function calculates the MAC of the message formed by 222 * concatenating the inputs passed to preceding calls to 223 * mbedtls_psa_mac_update(). It then compares the calculated MAC with the 224 * expected MAC passed as a parameter to this function. 225 * 226 * Whether this function returns successfully or not, the PSA core subsequently 227 * aborts the operation by calling mbedtls_psa_mac_abort(). 228 * 229 * \param[in,out] operation Active MAC operation. 230 * \param[in] mac Buffer containing the expected MAC value. 231 * \param mac_length Length in bytes of the expected MAC value. The PSA 232 * core guarantees that this length is a valid MAC 233 * length for the algorithm and key combination passed 234 * to mbedtls_psa_mac_verify_setup(). 235 * 236 * \retval #PSA_SUCCESS 237 * The expected MAC is identical to the actual MAC of the message. 238 * \retval #PSA_ERROR_INVALID_SIGNATURE 239 * The MAC of the message was calculated successfully, but it 240 * differs from the expected MAC. 241 * \retval #PSA_ERROR_BAD_STATE 242 * The operation state is not valid (it must be an active mac verify 243 * operation). 244 * \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription 245 * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription 246 */ 247 psa_status_t mbedtls_psa_mac_verify_finish( 248 mbedtls_psa_mac_operation_t *operation, 249 const uint8_t *mac, 250 size_t mac_length); 251 252 /** Abort a MAC operation using Mbed TLS. 253 * 254 * Aborting an operation frees all associated resources except for the 255 * \p operation structure itself. Once aborted, the operation object 256 * can be reused for another operation by calling 257 * mbedtls_psa_mac_sign_setup() or mbedtls_psa_mac_verify_setup() again. 258 * 259 * The PSA core may call this function any time after the operation object has 260 * been initialized by one of the methods described in 261 * #mbedtls_psa_mac_operation_t. 262 * 263 * In particular, calling mbedtls_psa_mac_abort() after the operation has been 264 * terminated by a call to mbedtls_psa_mac_abort(), 265 * mbedtls_psa_mac_sign_finish() or mbedtls_psa_mac_verify_finish() is safe and 266 * has no effect. 267 * 268 * \param[in,out] operation Initialized MAC operation. 269 * 270 * \retval #PSA_SUCCESS \emptydescription 271 * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription 272 */ 273 psa_status_t mbedtls_psa_mac_abort( 274 mbedtls_psa_mac_operation_t *operation); 275 276 #endif /* PSA_CRYPTO_MAC_H */ 277