72f736a191
It makes sense to do the length checking in the core rather than expect each driver to deal with it themselves. This puts the onus on the core to dictate which algorithm/key combinations are valid before calling a driver. Additionally, this commit also updates the psa_mac_sign_finish function to better deal with output buffer sanitation, as per the review comments on #4247. Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
373 lines
15 KiB
C
373 lines
15 KiB
C
/*
|
|
* PSA MAC layer on top of Mbed TLS software crypto
|
|
*/
|
|
/*
|
|
* Copyright The Mbed TLS Contributors
|
|
* SPDX-License-Identifier: Apache-2.0
|
|
*
|
|
* Licensed under the Apache License, Version 2.0 (the "License"); you may
|
|
* not use this file except in compliance with the License.
|
|
* You may obtain a copy of the License at
|
|
*
|
|
* http://www.apache.org/licenses/LICENSE-2.0
|
|
*
|
|
* Unless required by applicable law or agreed to in writing, software
|
|
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
|
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
* See the License for the specific language governing permissions and
|
|
* limitations under the License.
|
|
*/
|
|
|
|
#ifndef PSA_CRYPTO_MAC_H
|
|
#define PSA_CRYPTO_MAC_H
|
|
|
|
#include <psa/crypto.h>
|
|
|
|
/** Calculate the MAC (message authentication code) of a message using Mbed TLS.
|
|
*
|
|
* \note The signature of this function is that of a PSA driver mac_compute
|
|
* entry point. This function behaves as a mac_compute entry point as
|
|
* defined in the PSA driver interface specification for transparent
|
|
* drivers.
|
|
*
|
|
* \param[in] attributes The attributes of the key to use for the
|
|
* operation.
|
|
* \param[in] key_buffer The buffer containing the key to use for
|
|
* computing the MAC. This buffer contains the key
|
|
* in export representation as defined by
|
|
* psa_export_key() (i.e. the raw key bytes).
|
|
* \param key_buffer_size Size of the \p key_buffer buffer in bytes.
|
|
* \param alg The MAC algorithm to use (\c PSA_ALG_XXX value
|
|
* such that #PSA_ALG_IS_MAC(\p alg) is true).
|
|
* \param[in] input Buffer containing the input message.
|
|
* \param input_length Size of the \p input buffer in bytes.
|
|
* \param[out] mac Buffer where the MAC value is to be written.
|
|
* \param mac_size Size of the \p mac buffer in bytes.
|
|
* \param[out] mac_length On success, the number of bytes
|
|
* that make up the MAC value.
|
|
*
|
|
* \retval #PSA_SUCCESS
|
|
* Success.
|
|
* \retval #PSA_ERROR_NOT_SUPPORTED
|
|
* \p alg is not supported.
|
|
* \retval #PSA_ERROR_BUFFER_TOO_SMALL
|
|
* \p mac_size is too small
|
|
* \retval #PSA_ERROR_INSUFFICIENT_MEMORY
|
|
* \retval #PSA_ERROR_CORRUPTION_DETECTED
|
|
*/
|
|
psa_status_t mbedtls_psa_mac_compute(
|
|
const psa_key_attributes_t *attributes,
|
|
const uint8_t *key_buffer,
|
|
size_t key_buffer_size,
|
|
psa_algorithm_t alg,
|
|
const uint8_t *input,
|
|
size_t input_length,
|
|
uint8_t *mac,
|
|
size_t mac_size,
|
|
size_t *mac_length);
|
|
|
|
/** Set up a multipart MAC calculation operation using Mbed TLS.
|
|
*
|
|
* \note The signature of this function is that of a PSA driver mac_sign_setup
|
|
* entry point. This function behaves as a mac_sign_setup entry point as
|
|
* defined in the PSA driver interface specification for transparent
|
|
* drivers.
|
|
*
|
|
* \param[in,out] operation The operation object to set up. It must have
|
|
* been initialized and not yet in use.
|
|
* \param[in] attributes The attributes of the key to use for the
|
|
* operation.
|
|
* \param[in] key_buffer The buffer containing the key to use for
|
|
* computing the MAC. This buffer contains the key
|
|
* in export representation as defined by
|
|
* psa_export_key() (i.e. the raw key bytes).
|
|
* \param key_buffer_size Size of the \p key_buffer buffer in bytes.
|
|
* \param alg The MAC algorithm to use (\c PSA_ALG_XXX value
|
|
* such that #PSA_ALG_IS_MAC(\p alg) is true).
|
|
*
|
|
* \retval #PSA_SUCCESS
|
|
* Success.
|
|
* \retval #PSA_ERROR_NOT_SUPPORTED
|
|
* \p alg is not supported.
|
|
* \retval #PSA_ERROR_INSUFFICIENT_MEMORY
|
|
* \retval #PSA_ERROR_CORRUPTION_DETECTED
|
|
* \retval #PSA_ERROR_BAD_STATE
|
|
* The operation state is not valid (it must be inactive).
|
|
*/
|
|
psa_status_t mbedtls_psa_mac_sign_setup(
|
|
mbedtls_psa_mac_operation_t *operation,
|
|
const psa_key_attributes_t *attributes,
|
|
const uint8_t *key_buffer,
|
|
size_t key_buffer_size,
|
|
psa_algorithm_t alg);
|
|
|
|
/** Set up a multipart MAC verification operation using Mbed TLS.
|
|
*
|
|
* \note The signature of this function is that of a PSA driver mac_verify_setup
|
|
* entry point. This function behaves as a mac_verify_setup entry point as
|
|
* defined in the PSA driver interface specification for transparent
|
|
* drivers.
|
|
*
|
|
* \param[in,out] operation The operation object to set up. It must have
|
|
* been initialized and not yet in use.
|
|
* \param[in] attributes The attributes of the key to use for the
|
|
* operation.
|
|
* \param[in] key_buffer The buffer containing the key to use for
|
|
* computing the MAC. This buffer contains the key
|
|
* in export representation as defined by
|
|
* psa_export_key() (i.e. the raw key bytes).
|
|
* \param key_buffer_size Size of the \p key_buffer buffer in bytes.
|
|
* \param alg The MAC algorithm to use (\c PSA_ALG_XXX value
|
|
* such that #PSA_ALG_IS_MAC(\p alg) is true).
|
|
*
|
|
* \retval #PSA_SUCCESS
|
|
* Success.
|
|
* \retval #PSA_ERROR_NOT_SUPPORTED
|
|
* \p alg is not supported.
|
|
* \retval #PSA_ERROR_INSUFFICIENT_MEMORY
|
|
* \retval #PSA_ERROR_CORRUPTION_DETECTED
|
|
* \retval #PSA_ERROR_BAD_STATE
|
|
* The operation state is not valid (it must be inactive).
|
|
*/
|
|
psa_status_t mbedtls_psa_mac_verify_setup(
|
|
mbedtls_psa_mac_operation_t *operation,
|
|
const psa_key_attributes_t *attributes,
|
|
const uint8_t *key_buffer,
|
|
size_t key_buffer_size,
|
|
psa_algorithm_t alg);
|
|
|
|
/** Add a message fragment to a multipart MAC operation using Mbed TLS.
|
|
*
|
|
* \note The signature of this function is that of a PSA driver mac_update
|
|
* entry point. This function behaves as a mac_update entry point as
|
|
* defined in the PSA driver interface specification for transparent
|
|
* drivers.
|
|
*
|
|
* The PSA core calls mbedtls_psa_mac_sign_setup() or
|
|
* mbedtls_psa_mac_verify_setup() before calling this function.
|
|
*
|
|
* If this function returns an error status, the PSA core aborts the
|
|
* operation by calling mbedtls_psa_mac_abort().
|
|
*
|
|
* \param[in,out] operation Active MAC operation.
|
|
* \param[in] input Buffer containing the message fragment to add to
|
|
* the MAC calculation.
|
|
* \param input_length Size of the \p input buffer in bytes.
|
|
*
|
|
* \retval #PSA_SUCCESS
|
|
* Success.
|
|
* \retval #PSA_ERROR_BAD_STATE
|
|
* The operation state is not valid (it must be active).
|
|
* \retval #PSA_ERROR_INSUFFICIENT_MEMORY
|
|
* \retval #PSA_ERROR_CORRUPTION_DETECTED
|
|
*/
|
|
psa_status_t mbedtls_psa_mac_update(
|
|
mbedtls_psa_mac_operation_t *operation,
|
|
const uint8_t *input,
|
|
size_t input_length );
|
|
|
|
/** Finish the calculation of the MAC of a message using Mbed TLS.
|
|
*
|
|
* \note The signature of this function is that of a PSA driver mac_sign_finish
|
|
* entry point. This function behaves as a mac_sign_finish entry point as
|
|
* defined in the PSA driver interface specification for transparent
|
|
* drivers.
|
|
*
|
|
* The PSA core calls mbedtls_psa_mac_sign_setup() before calling this function.
|
|
* This function calculates the MAC of the message formed by concatenating
|
|
* the inputs passed to preceding calls to mbedtls_psa_mac_update().
|
|
*
|
|
* Whether this function returns successfully or not, the PSA core subsequently
|
|
* aborts the operation by calling mbedtls_psa_mac_abort().
|
|
*
|
|
* \param[in,out] operation Active MAC operation.
|
|
* \param[out] mac Buffer where the MAC value is to be written.
|
|
* \param mac_size Output size requested for the MAC algorithm. The PSA
|
|
* core guarantees this is a valid MAC length for the
|
|
* algorithm and key combination passed to
|
|
* mbedtls_psa_mac_sign_setup(). It also guarantees the
|
|
* \p mac buffer is large enough to contain the
|
|
* requested output size.
|
|
* \param[out] mac_length On success, the number of bytes output to buffer
|
|
* \p mac, which will be equal to the requested length
|
|
* \p mac_size.
|
|
*
|
|
* \retval #PSA_SUCCESS
|
|
* Success.
|
|
* \retval #PSA_ERROR_BAD_STATE
|
|
* The operation state is not valid (it must be an active mac sign
|
|
* operation).
|
|
* \retval #PSA_ERROR_BUFFER_TOO_SMALL
|
|
* The size of the \p mac buffer is too small. A sufficient buffer size
|
|
* can be determined by calling PSA_MAC_LENGTH().
|
|
* \retval #PSA_ERROR_INSUFFICIENT_MEMORY
|
|
* \retval #PSA_ERROR_CORRUPTION_DETECTED
|
|
*/
|
|
psa_status_t mbedtls_psa_mac_sign_finish(
|
|
mbedtls_psa_mac_operation_t *operation,
|
|
uint8_t *mac,
|
|
size_t mac_size,
|
|
size_t *mac_length );
|
|
|
|
/** Finish the calculation of the MAC of a message and compare it with
|
|
* an expected value using Mbed TLS.
|
|
*
|
|
* \note The signature of this function is that of a PSA driver
|
|
* mac_verify_finish entry point. This function behaves as a
|
|
* mac_verify_finish entry point as defined in the PSA driver interface
|
|
* specification for transparent drivers.
|
|
*
|
|
* The PSA core calls mbedtls_psa_mac_verify_setup() before calling this
|
|
* function. This function calculates the MAC of the message formed by
|
|
* concatenating the inputs passed to preceding calls to
|
|
* mbedtls_psa_mac_update(). It then compares the calculated MAC with the
|
|
* expected MAC passed as a parameter to this function.
|
|
*
|
|
* Whether this function returns successfully or not, the PSA core subsequently
|
|
* aborts the operation by calling mbedtls_psa_mac_abort().
|
|
*
|
|
* \param[in,out] operation Active MAC operation.
|
|
* \param[in] mac Buffer containing the expected MAC value.
|
|
* \param mac_length Length in bytes of the expected MAC value. The PSA
|
|
* core guarantees that this length is a valid MAC
|
|
* length for the algorithm and key combination passed
|
|
* to mbedtls_psa_mac_verify_setup().
|
|
*
|
|
* \retval #PSA_SUCCESS
|
|
* The expected MAC is identical to the actual MAC of the message.
|
|
* \retval #PSA_ERROR_INVALID_SIGNATURE
|
|
* The MAC of the message was calculated successfully, but it
|
|
* differs from the expected MAC.
|
|
* \retval #PSA_ERROR_BAD_STATE
|
|
* The operation state is not valid (it must be an active mac verify
|
|
* operation).
|
|
* \retval #PSA_ERROR_INSUFFICIENT_MEMORY
|
|
* \retval #PSA_ERROR_CORRUPTION_DETECTED
|
|
*/
|
|
psa_status_t mbedtls_psa_mac_verify_finish(
|
|
mbedtls_psa_mac_operation_t *operation,
|
|
const uint8_t *mac,
|
|
size_t mac_length );
|
|
|
|
/** Abort a MAC operation using Mbed TLS.
|
|
*
|
|
* Aborting an operation frees all associated resources except for the
|
|
* \p operation structure itself. Once aborted, the operation object
|
|
* can be reused for another operation by calling
|
|
* mbedtls_psa_mac_sign_setup() or mbedtls_psa_mac_verify_setup() again.
|
|
*
|
|
* The PSA core may call this function any time after the operation object has
|
|
* been initialized by one of the methods described in
|
|
* #mbedtls_psa_mac_operation_t.
|
|
*
|
|
* In particular, calling mbedtls_psa_mac_abort() after the operation has been
|
|
* terminated by a call to mbedtls_psa_mac_abort(),
|
|
* mbedtls_psa_mac_sign_finish() or mbedtls_psa_mac_verify_finish() is safe and
|
|
* has no effect.
|
|
*
|
|
* \param[in,out] operation Initialized MAC operation.
|
|
*
|
|
* \retval #PSA_SUCCESS
|
|
* \retval #PSA_ERROR_CORRUPTION_DETECTED
|
|
*/
|
|
psa_status_t mbedtls_psa_mac_abort(
|
|
mbedtls_psa_mac_operation_t *operation );
|
|
|
|
/*
|
|
* BEYOND THIS POINT, TEST DRIVER ENTRY POINTS ONLY.
|
|
*/
|
|
|
|
#if defined(PSA_CRYPTO_DRIVER_TEST)
|
|
|
|
psa_status_t mbedtls_transparent_test_driver_mac_compute(
|
|
const psa_key_attributes_t *attributes,
|
|
const uint8_t *key_buffer,
|
|
size_t key_buffer_size,
|
|
psa_algorithm_t alg,
|
|
const uint8_t *input,
|
|
size_t input_length,
|
|
uint8_t *mac,
|
|
size_t mac_size,
|
|
size_t *mac_length );
|
|
|
|
psa_status_t mbedtls_transparent_test_driver_mac_sign_setup(
|
|
mbedtls_transparent_test_driver_mac_operation_t *operation,
|
|
const psa_key_attributes_t *attributes,
|
|
const uint8_t *key_buffer,
|
|
size_t key_buffer_size,
|
|
psa_algorithm_t alg );
|
|
|
|
psa_status_t mbedtls_transparent_test_driver_mac_verify_setup(
|
|
mbedtls_transparent_test_driver_mac_operation_t *operation,
|
|
const psa_key_attributes_t *attributes,
|
|
const uint8_t *key_buffer,
|
|
size_t key_buffer_size,
|
|
psa_algorithm_t alg );
|
|
|
|
psa_status_t mbedtls_transparent_test_driver_mac_update(
|
|
mbedtls_transparent_test_driver_mac_operation_t *operation,
|
|
const uint8_t *input,
|
|
size_t input_length );
|
|
|
|
psa_status_t mbedtls_transparent_test_driver_mac_sign_finish(
|
|
mbedtls_transparent_test_driver_mac_operation_t *operation,
|
|
uint8_t *mac,
|
|
size_t mac_size,
|
|
size_t *mac_length );
|
|
|
|
psa_status_t mbedtls_transparent_test_driver_mac_verify_finish(
|
|
mbedtls_transparent_test_driver_mac_operation_t *operation,
|
|
const uint8_t *mac,
|
|
size_t mac_length );
|
|
|
|
psa_status_t mbedtls_transparent_test_driver_mac_abort(
|
|
mbedtls_transparent_test_driver_mac_operation_t *operation );
|
|
|
|
psa_status_t mbedtls_opaque_test_driver_mac_compute(
|
|
const psa_key_attributes_t *attributes,
|
|
const uint8_t *key_buffer,
|
|
size_t key_buffer_size,
|
|
psa_algorithm_t alg,
|
|
const uint8_t *input,
|
|
size_t input_length,
|
|
uint8_t *mac,
|
|
size_t mac_size,
|
|
size_t *mac_length );
|
|
|
|
psa_status_t mbedtls_opaque_test_driver_mac_sign_setup(
|
|
mbedtls_opaque_test_driver_mac_operation_t *operation,
|
|
const psa_key_attributes_t *attributes,
|
|
const uint8_t *key_buffer,
|
|
size_t key_buffer_size,
|
|
psa_algorithm_t alg );
|
|
|
|
psa_status_t mbedtls_opaque_test_driver_mac_verify_setup(
|
|
mbedtls_opaque_test_driver_mac_operation_t *operation,
|
|
const psa_key_attributes_t *attributes,
|
|
const uint8_t *key_buffer,
|
|
size_t key_buffer_size,
|
|
psa_algorithm_t alg );
|
|
|
|
psa_status_t mbedtls_opaque_test_driver_mac_update(
|
|
mbedtls_opaque_test_driver_mac_operation_t *operation,
|
|
const uint8_t *input,
|
|
size_t input_length );
|
|
|
|
psa_status_t mbedtls_opaque_test_driver_mac_sign_finish(
|
|
mbedtls_opaque_test_driver_mac_operation_t *operation,
|
|
uint8_t *mac,
|
|
size_t mac_size,
|
|
size_t *mac_length );
|
|
|
|
psa_status_t mbedtls_opaque_test_driver_mac_verify_finish(
|
|
mbedtls_opaque_test_driver_mac_operation_t *operation,
|
|
const uint8_t *mac,
|
|
size_t mac_length );
|
|
|
|
psa_status_t mbedtls_opaque_test_driver_mac_abort(
|
|
mbedtls_opaque_test_driver_mac_operation_t *operation );
|
|
|
|
#endif /* PSA_CRYPTO_DRIVER_TEST */
|
|
|
|
#endif /* PSA_CRYPTO_MAC_H */
|