Rename psa_mac_{finish,verify} -> psa_mac_{sign,verify}_finish

Make function names for multipart operations more consistent (MAC
finish edition).

include/psa/crypto.h

@@ -1345,8 +1345,8 @@ typedef struct psa_mac_operation_s psa_mac_operation_t;
  * -# Call psa_mac_update() zero, one or more times, passing a fragment
  *    of the message each time. The MAC that is calculated is the MAC
  *    of the concatenation of these messages in order.
- * -# To calculate the MAC, call psa_mac_finish().
- *    To compare the MAC with an expected value, call psa_mac_verify().
+ * -# To calculate the MAC, call psa_mac_sign_finish().
+ *    To compare the MAC with an expected value, call psa_mac_verify_finish().
  *
  * The application may call psa_mac_abort() at any time after the operation
  * has been initialized with psa_mac_start().
@@ -1355,7 +1355,8 @@ typedef struct psa_mac_operation_s psa_mac_operation_t;
  * eventually terminate the operation. The following events terminate an
  * operation:
  * - A failed call to psa_mac_update().
- * - A call to psa_mac_finish(), psa_mac_verify() or psa_mac_abort().
+ * - A call to psa_mac_sign_finish(), psa_mac_verify_finish() or
+ *   psa_mac_abort().
  *
  * \param operation The operation object to use.
  * \param key       Slot containing the key to use for the operation.
@@ -1383,14 +1384,14 @@ psa_status_t psa_mac_update(psa_mac_operation_t *operation,
                             const uint8_t *input,
                             size_t input_length);
 
-psa_status_t psa_mac_finish(psa_mac_operation_t *operation,
-                            uint8_t *mac,
-                            size_t mac_size,
-                            size_t *mac_length);
+psa_status_t psa_mac_sign_finish(psa_mac_operation_t *operation,
+                                 uint8_t *mac,
+                                 size_t mac_size,
+                                 size_t *mac_length);
 
-psa_status_t psa_mac_verify(psa_mac_operation_t *operation,
-                            const uint8_t *mac,
-                            size_t mac_length);
+psa_status_t psa_mac_verify_finish(psa_mac_operation_t *operation,
+                                   const uint8_t *mac,
+                                   size_t mac_length);
 
 psa_status_t psa_mac_abort(psa_mac_operation_t *operation);
 

include/psa/crypto_sizes.h

@@ -142,9 +142,9 @@
 
 
 
-/** The size of the output of psa_mac_finish(), in bytes.
+/** The size of the output of psa_mac_sign_finish(), in bytes.
  *
- * This is also the MAC size that psa_mac_verify() expects.
+ * This is also the MAC size that psa_mac_verify_finish() expects.
  *
  * \param key_type      The type of the MAC key.
  * \param key_bits      The size of the MAC key in bits.

library/psa_crypto.c

@@ -1483,8 +1483,8 @@ psa_status_t psa_mac_start( psa_mac_operation_t *operation,
     /* Since this function is called identically for a sign or verify
      * operation, we don't know yet whether the operation is permitted.
      * Store the part of the key policy that we can't check in the
-     * operation structure. psa_mac_finish() or psa_mac_verify() will
-     * check that remaining part. */
+     * operation structure. psa_mac_sign_finish() or psa_mac_verify_finish()
+     * will check that remaining part. */
     if( ( slot->policy.usage & PSA_KEY_USAGE_SIGN ) != 0 )
         operation->key_usage_sign = 1;
     if( ( slot->policy.usage & PSA_KEY_USAGE_VERIFY ) != 0 )
@@ -1671,10 +1671,10 @@ cleanup:
     }
 }
 
-psa_status_t psa_mac_finish( psa_mac_operation_t *operation,
-                             uint8_t *mac,
-                             size_t mac_size,
-                             size_t *mac_length )
+psa_status_t psa_mac_sign_finish( psa_mac_operation_t *operation,
+                                  uint8_t *mac,
+                                  size_t mac_size,
+                                  size_t *mac_length )
 {
     if( ! operation->key_usage_sign )
         return( PSA_ERROR_NOT_PERMITTED );
@@ -1683,9 +1683,9 @@ psa_status_t psa_mac_finish( psa_mac_operation_t *operation,
                                      mac_size, mac_length ) );
 }
 
-psa_status_t psa_mac_verify( psa_mac_operation_t *operation,
-                             const uint8_t *mac,
-                             size_t mac_length )
+psa_status_t psa_mac_verify_finish( psa_mac_operation_t *operation,
+                                    const uint8_t *mac,
+                                    size_t mac_length )
 {
     uint8_t actual_mac[PSA_MAC_MAX_SIZE];
     size_t actual_mac_length;

tests/suites/test_suite_psa_crypto.function

@@ -141,9 +141,9 @@ static int exercise_mac_key( psa_key_slot_t key,
         TEST_ASSERT( psa_mac_start( &operation, key, alg ) == PSA_SUCCESS );
         TEST_ASSERT( psa_mac_update( &operation,
                                      input, sizeof( input ) ) == PSA_SUCCESS );
-        TEST_ASSERT( psa_mac_finish( &operation,
-                                     mac, sizeof( input ),
-                                     &mac_length ) == PSA_SUCCESS );
+        TEST_ASSERT( psa_mac_sign_finish( &operation,
+                                          mac, sizeof( input ),
+                                          &mac_length ) == PSA_SUCCESS );
     }
 
     if( usage & PSA_KEY_USAGE_VERIFY )
@@ -155,7 +155,9 @@ static int exercise_mac_key( psa_key_slot_t key,
         TEST_ASSERT( psa_mac_start( &operation, key, alg ) == PSA_SUCCESS );
         TEST_ASSERT( psa_mac_update( &operation,
                                      input, sizeof( input ) ) == PSA_SUCCESS );
-        TEST_ASSERT( psa_mac_verify( &operation, mac, mac_length ) == verify_status );
+        TEST_ASSERT( psa_mac_verify_finish( &operation,
+                                            mac,
+                                            mac_length ) == verify_status );
     }
 
     return( 1 );
@@ -747,8 +749,8 @@ void mac_key_policy( int policy_usage,
 
     status = psa_mac_start( &operation, key_slot, exercise_alg );
     if( status == PSA_SUCCESS )
-        status = psa_mac_finish( &operation,
-                                 mac, sizeof( mac ), &output_length );
+        status = psa_mac_sign_finish( &operation,
+                                      mac, sizeof( mac ), &output_length );
     if( policy_alg == exercise_alg &&
         ( policy_usage & PSA_KEY_USAGE_SIGN ) != 0 )
         TEST_ASSERT( status == PSA_SUCCESS );
@@ -759,7 +761,7 @@ void mac_key_policy( int policy_usage,
     memset( mac, 0, sizeof( mac ) );
     status = psa_mac_start( &operation, key_slot, exercise_alg );
     if( status == PSA_SUCCESS )
-        status = psa_mac_verify( &operation, mac, sizeof( mac ) );
+        status = psa_mac_verify_finish( &operation, mac, sizeof( mac ) );
     if( policy_alg == exercise_alg &&
         ( policy_usage & PSA_KEY_USAGE_VERIFY ) != 0 )
         TEST_ASSERT( status == PSA_ERROR_INVALID_SIGNATURE );
@@ -1198,9 +1200,9 @@ void mac_verify( int key_type_arg,
     TEST_ASSERT( psa_destroy_key( key_slot ) == PSA_SUCCESS );
     TEST_ASSERT( psa_mac_update( &operation,
                                  input->x, input->len ) == PSA_SUCCESS );
-    TEST_ASSERT( psa_mac_verify( &operation,
-                                 expected_mac->x,
-                                 expected_mac->len ) == PSA_SUCCESS );
+    TEST_ASSERT( psa_mac_verify_finish( &operation,
+                                        expected_mac->x,
+                                        expected_mac->len ) == PSA_SUCCESS );
 
 exit:
     psa_destroy_key( key_slot );