kaspar/RIOT
1
0
Fork 0
mirror of https://github.com/RIOT-OS/RIOT.git synced 2025-12-15 01:23:49 +01:00
Code Releases Activity

sys/psa_crypto: Extend mac API

Browse Source 
Currently PSA mac backends can only implement psa_mac_compute() from
the PSA crypto API, but not psa_mac_verify() and the associated
multi-part functions.

Extend the location and algorithm dispatchers to connect the above
PSA API functions to suitable backends. Also extend the MAC backend
API to allow backends to implement those additional functions. Due
to a design issue with the SE backend API (context size is dynamic,
thus requiring a memory allocation) only psa_mac_verify() can be
accelerated by SE backends.

Signed-off-by: Armin Wolf <W_Armin@gmx.de>
This commit is contained in:
Armin Wolf 2025-06-24 18:24:35 +02:00
parent 4cf090005b
commit 27cf424720
9 changed files with 1742 additions and 94 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

87
pkg/driver_cryptocell_310/psa_cryptocell_310/hmac.c
View File

@ -63,3 +63,90 @@ psa_status_t psa_mac_compute_hmac_sha256(const psa_key_attributes_t *attributes,
(void)mac_size;
return PSA_SUCCESS;
}
psa_status_t psa_mac_verify_hmac_sha256(const psa_key_attributes_t *attributes,
const uint8_t *key_buffer,
size_t key_buffer_size,
const uint8_t *input,
size_t input_length,
const uint8_t *mac,
size_t mac_length)
{
(void)attributes;
(void)key_buffer;
(void)key_buffer_size;
(void)input;
(void)input_length;
(void)mac;
(void)mac_length;
return PSA_ERROR_NOT_SUPPORTED;
}
psa_status_t psa_mac_sign_setup_hmac_sha256(psa_mac_operation_t *operation,
const psa_key_attributes_t *attributes,
const uint8_t *key_buffer,
size_t key_buffer_size)
{
(void)operation;
(void)attributes;
(void)key_buffer;
(void)key_buffer_size;
return PSA_ERROR_NOT_SUPPORTED;
}
psa_status_t psa_mac_verify_setup_hmac_sha256(psa_mac_operation_t *operation,
const psa_key_attributes_t *attributes,
const uint8_t *key_buffer,
size_t key_buffer_size)
{
(void)operation;
(void)attributes;
(void)key_buffer;
(void)key_buffer_size;
return PSA_ERROR_NOT_SUPPORTED;
}
psa_status_t psa_mac_update_hmac_sha256(psa_mac_operation_t *operation,
const uint8_t *input,
size_t input_length)
{
(void)operation;
(void)input;
(void)input_length;
return PSA_ERROR_NOT_SUPPORTED;
}
psa_status_t psa_mac_sign_finish_hmac_sha256(psa_mac_operation_t *operation,
uint8_t *mac,
size_t mac_size,
size_t *mac_length)
{
(void)operation;
(void)mac;
(void)mac_size;
(void)mac_length;
return PSA_ERROR_NOT_SUPPORTED;
}
psa_status_t psa_mac_verify_finish_hmac_sha256(psa_mac_operation_t *operation,
const uint8_t *mac,
size_t mac_length)
{
(void)operation;
(void)mac;
(void)mac_length;
return PSA_ERROR_NOT_SUPPORTED;
}
psa_status_t psa_mac_abort_hmac_sha256(psa_mac_operation_t *operation)
{
(void)operation;
return PSA_ERROR_NOT_SUPPORTED;
}

87
sys/hashes/psa_riot_hashes/hmac_sha256.c
View File

@ -36,3 +36,90 @@ psa_status_t psa_mac_compute_hmac_sha256(const psa_key_attributes_t *attributes,
(void)attributes;
return PSA_SUCCESS;
}
psa_status_t psa_mac_verify_hmac_sha256(const psa_key_attributes_t *attributes,
const uint8_t *key_buffer,
size_t key_buffer_size,
const uint8_t *input,
size_t input_length,
const uint8_t *mac,
size_t mac_length)
{
(void)attributes;
(void)key_buffer;
(void)key_buffer_size;
(void)input;
(void)input_length;
(void)mac;
(void)mac_length;
return PSA_ERROR_NOT_SUPPORTED;
}
psa_status_t psa_mac_sign_setup_hmac_sha256(psa_mac_operation_t *operation,
const psa_key_attributes_t *attributes,
const uint8_t *key_buffer,
size_t key_buffer_size)
{
(void)operation;
(void)attributes;
(void)key_buffer;
(void)key_buffer_size;
return PSA_ERROR_NOT_SUPPORTED;
}
psa_status_t psa_mac_verify_setup_hmac_sha256(psa_mac_operation_t *operation,
const psa_key_attributes_t *attributes,
const uint8_t *key_buffer,
size_t key_buffer_size)
{
(void)operation;
(void)attributes;
(void)key_buffer;
(void)key_buffer_size;
return PSA_ERROR_NOT_SUPPORTED;
}
psa_status_t psa_mac_update_hmac_sha256(psa_mac_operation_t *operation,
const uint8_t *input,
size_t input_length)
{
(void)operation;
(void)input;
(void)input_length;
return PSA_ERROR_NOT_SUPPORTED;
}
psa_status_t psa_mac_sign_finish_hmac_sha256(psa_mac_operation_t *operation,
uint8_t *mac,
size_t mac_size,
size_t *mac_length)
{
(void)operation;
(void)mac;
(void)mac_size;
(void)mac_length;
return PSA_ERROR_NOT_SUPPORTED;
}
psa_status_t psa_mac_verify_finish_hmac_sha256(psa_mac_operation_t *operation,
const uint8_t *mac,
size_t mac_length)
{
(void)operation;
(void)mac;
(void)mac_length;
return PSA_ERROR_NOT_SUPPORTED;
}
psa_status_t psa_mac_abort_hmac_sha256(psa_mac_operation_t *operation)
{
(void)operation;
return PSA_ERROR_NOT_SUPPORTED;
}

8
sys/include/psa_crypto/psa/mac/types.h
View File

@ -9,6 +9,8 @@
#pragma once
#include "psa/algorithm.h"
/**
* @ingroup sys_psa_crypto
* @{
@ -26,12 +28,10 @@ extern "C" {
#endif
/**
* @brief Structure storing a MAC operation context
*
* @note Not yet implemented
* @brief Structure containing a MAC operation context
*/
struct psa_mac_operation_s {
int dummy; /**< Not yet implemented */
psa_algorithm_t alg; /**< MAC algorithm used for multi-part MAC operations */
};
/**

64
sys/psa_crypto/include/psa_crypto_algorithm_dispatch.h
View File

@ -189,6 +189,7 @@ psa_status_t psa_algorithm_dispatch_aead_decrypt( const psa_key_attributes_t *
size_t plaintext_size,
size_t *plaintext_length);
#endif /* MODULE_PSA_AEAD */
#if IS_USED(MODULE_PSA_MAC)
/**
* @brief Dispatch a mac computation function to a specific backend.
@ -202,7 +203,68 @@ psa_status_t psa_algorithm_dispatch_mac_compute(const psa_key_attributes_t *attr
uint8_t *mac,
size_t mac_size,
size_t *mac_length);
#endif
/**
* @brief Dispatch a mac verification function to a specific backend.
* See @ref psa_mac_verify()
*/
psa_status_t psa_algorithm_dispatch_mac_verify(const psa_key_attributes_t *attributes,
psa_algorithm_t alg,
const psa_key_slot_t *slot,
const uint8_t *input,
size_t input_length,
const uint8_t *mac,
size_t mac_length);
/**
* @brief Dispatch call of a mac sign setup function to a specific backend.
* See @ref psa_mac_sign_setup()
*/
psa_status_t psa_algorithm_dispatch_mac_sign_setup(psa_mac_operation_t *operation,
const psa_key_attributes_t *attributes,
const psa_key_slot_t *slot,
psa_algorithm_t alg);
/**
* @brief Dispatch call of a mac verify setup function to a specific backend.
* See @ref psa_mac_verify_setup()
*/
psa_status_t psa_algorithm_dispatch_mac_verify_setup(psa_mac_operation_t *operation,
const psa_key_attributes_t *attributes,
const psa_key_slot_t *slot,
psa_algorithm_t alg);
/**
* @brief Dispatch call of a mac update function to a specific backend.
* See @ref psa_mac_update()
*/
psa_status_t psa_algorithm_dispatch_mac_update(psa_mac_operation_t *operation,
const uint8_t *input,
size_t input_length);
/**
* @brief Dispatch call of a mac sign finish function to a specific backend.
* See @ref psa_mac_sign_finish()
*/
psa_status_t psa_algorithm_dispatch_mac_sign_finish(psa_mac_operation_t *operation,
uint8_t *mac,
size_t mac_size,
size_t *mac_length);
/**
* @brief Dispatch call of a mac verify finish function to a specific backend.
* See @ref psa_mac_verify_finish()
*/
psa_status_t psa_algorithm_dispatch_mac_verify_finish(psa_mac_operation_t *operation,
const uint8_t *mac,
size_t mac_length);
/**
* @brief Dispatch call of a mac abort function to a specific backend.
* See @ref psa_mac_abort()
*/
psa_status_t psa_algorithm_dispatch_mac_abort(psa_mac_operation_t *operation);
#endif /* MODULE_PSA_MAC */
#ifdef __cplusplus
}

67
sys/psa_crypto/include/psa_crypto_location_dispatch.h
View File

@ -81,8 +81,8 @@ psa_status_t psa_location_dispatch_verify_message(const psa_key_attributes_t *at
#if IS_USED(MODULE_PSA_MAC)
/**
* @brief Dispatch call of a mac computation function to a location specific backend.
* See psa_mac_compute()
* @brief Dispatch call of a mac computation function to a location-specific backend.
* See @ref psa_mac_compute()
*/
psa_status_t psa_location_dispatch_mac_compute(const psa_key_attributes_t *attributes,
psa_algorithm_t alg,
@ -92,7 +92,68 @@ psa_status_t psa_location_dispatch_mac_compute(const psa_key_attributes_t *attri
uint8_t *mac,
size_t mac_size,
size_t *mac_length);
#endif
/**
* @brief Dispatch call of a mac verification function to a location-specific backend.
* See @ref psa_mac_verify()
*/
psa_status_t psa_location_dispatch_mac_verify(const psa_key_attributes_t *attributes,
psa_algorithm_t alg,
const psa_key_slot_t *slot,
const uint8_t *input,
size_t input_length,
const uint8_t *mac,
size_t mac_length);
/**
* @brief Dispatch call of a mac sign setup function to a location-specific backend.
* See @ref psa_mac_sign_setup()
*/
psa_status_t psa_location_dispatch_mac_sign_setup(psa_mac_operation_t *operation,
const psa_key_attributes_t *attributes,
const psa_key_slot_t *slot,
psa_algorithm_t alg);
/**
* @brief Dispatch call of a mac verify setup function to a location-specific backend.
* See @ref psa_mac_verify_setup()
*/
psa_status_t psa_location_dispatch_mac_verify_setup(psa_mac_operation_t *operation,
const psa_key_attributes_t *attributes,
const psa_key_slot_t *slot,
psa_algorithm_t alg);
/**
* @brief Dispatch call of a mac update function to a location-specific backend.
* See @ref psa_mac_update()
*/
psa_status_t psa_location_dispatch_mac_update(psa_mac_operation_t *operation,
const uint8_t *input,
size_t input_length);
/**
* @brief Dispatch call of a mac sign finish function to a location-specific backend.
* See @ref psa_mac_sign_finish()
*/
psa_status_t psa_location_dispatch_mac_sign_finish(psa_mac_operation_t *operation,
uint8_t *mac,
size_t mac_size,
size_t *mac_length);
/**
* @brief Dispatch call of a mac verify finish function to a location-specific backend.
* See @ref psa_mac_verify_finish()
*/
psa_status_t psa_location_dispatch_mac_verify_finish(psa_mac_operation_t *operation,
const uint8_t *mac,
size_t mac_length);
/**
* @brief Dispatch call of a mac abort function to a location-specific backend.
* See @ref psa_mac_abort()
*/
psa_status_t psa_location_dispatch_mac_abort(psa_mac_operation_t *operation);
#endif /* MODULE_PSA_MAC */
#if IS_USED(MODULE_PSA_KEY_MANAGEMENT)
/**

679
sys/psa_crypto/include/psa_mac.h
View File

@ -17,6 +17,7 @@
* @brief Function declarations for low level wrapper functions for MAC operations.
*
* @author Lena Boeckmann <lena.boeckmann@haw-hamburg.de>
* @author Armin Wolf <armin.wolf@mailbox.tu-dresden.de>
*
*/
@ -26,13 +27,13 @@ extern "C" {
#include "kernel_defines.h"
#include "psa/crypto.h"
#include "psa/crypto_contexts.h"
#if IS_USED(MODULE_PSA_MAC_HMAC_MD5) || defined(DOXYGEN)
/**
* @brief Low level wrapper function to call a driver for a HMAC SHA256 computation
* See psa_mac_compute()
* @brief Low level wrapper function to call a driver for a HMAC MD5 computation
* See @ref psa_mac_compute()
*/
psa_status_t psa_mac_compute_hmac_sha256( const psa_key_attributes_t *attributes,
psa_status_t psa_mac_compute_hmac_md5(const psa_key_attributes_t *attributes,
const uint8_t *key_buffer,
size_t key_buffer_size,
const uint8_t *input,
@ -41,6 +42,676 @@ psa_status_t psa_mac_compute_hmac_sha256( const psa_key_attributes_t *attribut
size_t mac_size,
size_t *mac_length);
/**
* @brief Low level wrapper function to call a driver for a HMAC MD5 verification
* See @ref psa_mac_verify()
*/
psa_status_t psa_mac_verify_hmac_md5(const psa_key_attributes_t *attributes,
const uint8_t *key_buffer,
size_t key_buffer_size,
const uint8_t *input,
size_t input_length,
const uint8_t *mac,
size_t mac_length);
/**
* @brief Low level wrapper function to call a driver for setting up a HMAC MD5 computation
* See @ref psa_mac_sign_setup()
*/
psa_status_t psa_mac_sign_setup_hmac_md5(psa_mac_operation_t *operation,
const psa_key_attributes_t *attributes,
const uint8_t *key_buffer,
size_t key_buffer_size);
/**
* @brief Low level wrapper function to call a driver for setting up a HMAC MD5 verification
* See @ref psa_mac_verify_setup()
*/
psa_status_t psa_mac_verify_setup_hmac_md5(psa_mac_operation_t *operation,
const psa_key_attributes_t *attributes,
const uint8_t *key_buffer,
size_t key_buffer_size);
/**
* @brief Low level wrapper function to call a driver for updating a HMAC MD5 calculation
* See @ref psa_mac_update()
*/
psa_status_t psa_mac_update_hmac_md5(psa_mac_operation_t *operation,
const uint8_t *input,
size_t input_length);
/**
* @brief Low level wrapper function to call a driver for finishing a HMAC MD5 computation
* See @ref psa_mac_sign_finish()
*/
psa_status_t psa_mac_sign_finish_hmac_md5(psa_mac_operation_t *operation,
uint8_t *mac,
size_t mac_size,
size_t *mac_length);
/**
* @brief Low level wrapper function to call a driver for finishing a HMAC MD5 verification
* See @ref psa_mac_verify_finish()
*/
psa_status_t psa_mac_verify_finish_hmac_md5(psa_mac_operation_t *operation,
const uint8_t *mac,
size_t mac_length);
/**
* @brief Low level wrapper function to call a driver for aborting a HMAC MD5 operation
* See @ref psa_mac_abort()
*/
psa_status_t psa_mac_abort_hmac_md5(psa_mac_operation_t *operation);
#endif /* MODULE_PSA_MAC_HMAC_MD5 */
#if IS_USED(MODULE_PSA_MAC_HMAC_SHA_1) || defined(DOXYGEN)
/**
* @brief Low level wrapper function to call a driver for a HMAC SHA1 computation
* See @ref psa_mac_compute()
*/
psa_status_t psa_mac_compute_hmac_sha1(const psa_key_attributes_t *attributes,
const uint8_t *key_buffer,
size_t key_buffer_size,
const uint8_t *input,
size_t input_length,
uint8_t *mac,
size_t mac_size,
size_t *mac_length);
/**
* @brief Low level wrapper function to call a driver for a HMAC SHA1 verification
* See @ref psa_mac_verify()
*/
psa_status_t psa_mac_verify_hmac_sha1(const psa_key_attributes_t *attributes,
const uint8_t *key_buffer,
size_t key_buffer_size,
const uint8_t *input,
size_t input_length,
const uint8_t *mac,
size_t mac_length);
/**
* @brief Low level wrapper function to call a driver for setting up a HMAC SHA1 computation
* See @ref psa_mac_sign_setup()
*/
psa_status_t psa_mac_sign_setup_hmac_sha1(psa_mac_operation_t *operation,
const psa_key_attributes_t *attributes,
const uint8_t *key_buffer,
size_t key_buffer_size);
/**
* @brief Low level wrapper function to call a driver for setting up a HMAC SHA1 verification
* See @ref psa_mac_verify_setup()
*/
psa_status_t psa_mac_verify_setup_hmac_sha1(psa_mac_operation_t *operation,
const psa_key_attributes_t *attributes,
const uint8_t *key_buffer,
size_t key_buffer_size);
/**
* @brief Low level wrapper function to call a driver for updating a HMAC SHA1 calculation
* See @ref psa_mac_update()
*/
psa_status_t psa_mac_update_hmac_sha1(psa_mac_operation_t *operation,
const uint8_t *input,
size_t input_length);
/**
* @brief Low level wrapper function to call a driver for finishing a HMAC SHA1 computation
* See @ref psa_mac_sign_finish()
*/
psa_status_t psa_mac_sign_finish_hmac_sha1(psa_mac_operation_t *operation,
uint8_t *mac,
size_t mac_size,
size_t *mac_length);
/**
* @brief Low level wrapper function to call a driver for finishing a HMAC SHA1 verification
* See @ref psa_mac_verify_finish()
*/
psa_status_t psa_mac_verify_finish_hmac_sha1(psa_mac_operation_t *operation,
const uint8_t *mac,
size_t mac_length);
/**
* @brief Low level wrapper function to call a driver for aborting a HMAC SHA1 operation
* See @ref psa_mac_abort()
*/
psa_status_t psa_mac_abort_hmac_sha1(psa_mac_operation_t *operation);
#endif /* MODULE_PSA_MAC_HMAC_SHA_1 */
#if IS_USED(MODULE_PSA_MAC_HMAC_SHA_224) || defined(DOXYGEN)
/**
* @brief Low level wrapper function to call a driver for a HMAC SHA224 computation
* See @ref psa_mac_compute()
*/
psa_status_t psa_mac_compute_hmac_sha224(const psa_key_attributes_t *attributes,
const uint8_t *key_buffer,
size_t key_buffer_size,
const uint8_t *input,
size_t input_length,
uint8_t *mac,
size_t mac_size,
size_t *mac_length);
/**
* @brief Low level wrapper function to call a driver for a HMAC SHA224 verification
* See @ref psa_mac_verify()
*/
psa_status_t psa_mac_verify_hmac_sha224(const psa_key_attributes_t *attributes,
const uint8_t *key_buffer,
size_t key_buffer_size,
const uint8_t *input,
size_t input_length,
const uint8_t *mac,
size_t mac_length);
/**
* @brief Low level wrapper function to call a driver for setting up a HMAC SHA224 computation
* See @ref psa_mac_sign_setup()
*/
psa_status_t psa_mac_sign_setup_hmac_sha224(psa_mac_operation_t *operation,
const psa_key_attributes_t *attributes,
const uint8_t *key_buffer,
size_t key_buffer_size);
/**
* @brief Low level wrapper function to call a driver for setting up a HMAC SHA224 verification
* See @ref psa_mac_verify_setup()
*/
psa_status_t psa_mac_verify_setup_hmac_sha224(psa_mac_operation_t *operation,
const psa_key_attributes_t *attributes,
const uint8_t *key_buffer,
size_t key_buffer_size);
/**
* @brief Low level wrapper function to call a driver for updating a HMAC SHA224 calculation
* See @ref psa_mac_update()
*/
psa_status_t psa_mac_update_hmac_sha224(psa_mac_operation_t *operation,
const uint8_t *input,
size_t input_length);
/**
* @brief Low level wrapper function to call a driver for finishing a HMAC SHA224 computation
* See @ref psa_mac_sign_finish()
*/
psa_status_t psa_mac_sign_finish_hmac_sha224(psa_mac_operation_t *operation,
uint8_t *mac,
size_t mac_size,
size_t *mac_length);
/**
* @brief Low level wrapper function to call a driver for finishing a HMAC SHA224 verification
* See @ref psa_mac_verify_finish()
*/
psa_status_t psa_mac_verify_finish_hmac_sha224(psa_mac_operation_t *operation,
const uint8_t *mac,
size_t mac_length);
/**
* @brief Low level wrapper function to call a driver for aborting a HMAC SHA224 operation
* See @ref psa_mac_abort()
*/
psa_status_t psa_mac_abort_hmac_sha224(psa_mac_operation_t *operation);
#endif /* MODULE_PSA_MAC_HMAC_SHA_224 */
#if IS_USED(MODULE_PSA_MAC_HMAC_SHA_256) || defined(DOXYGEN)
/**
* @brief Low level wrapper function to call a driver for a HMAC SHA256 computation
* See @ref psa_mac_compute()
*/
psa_status_t psa_mac_compute_hmac_sha256(const psa_key_attributes_t *attributes,
const uint8_t *key_buffer,
size_t key_buffer_size,
const uint8_t *input,
size_t input_length,
uint8_t *mac,
size_t mac_size,
size_t *mac_length);
/**
* @brief Low level wrapper function to call a driver for a HMAC SHA256 verification
* See @ref psa_mac_verify()
*/
psa_status_t psa_mac_verify_hmac_sha256(const psa_key_attributes_t *attributes,
const uint8_t *key_buffer,
size_t key_buffer_size,
const uint8_t *input,
size_t input_length,
const uint8_t *mac,
size_t mac_length);
/**
* @brief Low level wrapper function to call a driver for setting up a HMAC SHA256 computation
* See @ref psa_mac_sign_setup()
*/
psa_status_t psa_mac_sign_setup_hmac_sha256(psa_mac_operation_t *operation,
const psa_key_attributes_t *attributes,
const uint8_t *key_buffer,
size_t key_buffer_size);
/**
* @brief Low level wrapper function to call a driver for setting up a HMAC SHA256 verification
* See @ref psa_mac_verify_setup()
*/
psa_status_t psa_mac_verify_setup_hmac_sha256(psa_mac_operation_t *operation,
const psa_key_attributes_t *attributes,
const uint8_t *key_buffer,
size_t key_buffer_size);
/**
* @brief Low level wrapper function to call a driver for updating a HMAC SHA256 calculation
* See @ref psa_mac_update()
*/
psa_status_t psa_mac_update_hmac_sha256(psa_mac_operation_t *operation,
const uint8_t *input,
size_t input_length);
/**
* @brief Low level wrapper function to call a driver for finishing a HMAC SHA256 computation
* See @ref psa_mac_sign_finish()
*/
psa_status_t psa_mac_sign_finish_hmac_sha256(psa_mac_operation_t *operation,
uint8_t *mac,
size_t mac_size,
size_t *mac_length);
/**
* @brief Low level wrapper function to call a driver for finishing a HMAC SHA256 verification
* See @ref psa_mac_verify_finish()
*/
psa_status_t psa_mac_verify_finish_hmac_sha256(psa_mac_operation_t *operation,
const uint8_t *mac,
size_t mac_length);
/**
* @brief Low level wrapper function to call a driver for aborting a HMAC SHA256 operation
* See @ref psa_mac_abort()
*/
psa_status_t psa_mac_abort_hmac_sha256(psa_mac_operation_t *operation);
#endif /* MODULE_PSA_MAC_HMAC_SHA_256 */
#if IS_USED(MODULE_PSA_MAC_HMAC_SHA_384) || defined(DOXYGEN)
/**
* @brief Low level wrapper function to call a driver for a HMAC SHA384 computation
* See @ref psa_mac_compute()
*/
psa_status_t psa_mac_compute_hmac_sha384(const psa_key_attributes_t *attributes,
const uint8_t *key_buffer,
size_t key_buffer_size,
const uint8_t *input,
size_t input_length,
uint8_t *mac,
size_t mac_size,
size_t *mac_length);
/**
* @brief Low level wrapper function to call a driver for a HMAC SHA384 verification
* See @ref psa_mac_verify()
*/
psa_status_t psa_mac_verify_hmac_sha384(const psa_key_attributes_t *attributes,
const uint8_t *key_buffer,
size_t key_buffer_size,
const uint8_t *input,
size_t input_length,
const uint8_t *mac,
size_t mac_length);
/**
* @brief Low level wrapper function to call a driver for setting up a HMAC SHA384 computation
* See @ref psa_mac_sign_setup()
*/
psa_status_t psa_mac_sign_setup_hmac_sha384(psa_mac_operation_t *operation,
const psa_key_attributes_t *attributes,
const uint8_t *key_buffer,
size_t key_buffer_size);
/**
* @brief Low level wrapper function to call a driver for setting up a HMAC SHA384 verification
* See @ref psa_mac_verify_setup()
*/
psa_status_t psa_mac_verify_setup_hmac_sha384(psa_mac_operation_t *operation,
const psa_key_attributes_t *attributes,
const uint8_t *key_buffer,
size_t key_buffer_size);
/**
* @brief Low level wrapper function to call a driver for updating a HMAC SHA384 calculation
* See @ref psa_mac_update()
*/
psa_status_t psa_mac_update_hmac_sha384(psa_mac_operation_t *operation,
const uint8_t *input,
size_t input_length);
/**
* @brief Low level wrapper function to call a driver for finishing a HMAC SHA384 computation
* See @ref psa_mac_sign_finish()
*/
psa_status_t psa_mac_sign_finish_hmac_sha384(psa_mac_operation_t *operation,
uint8_t *mac,
size_t mac_size,
size_t *mac_length);
/**
* @brief Low level wrapper function to call a driver for finishing a HMAC SHA384 verification
* See @ref psa_mac_verify_finish()
*/
psa_status_t psa_mac_verify_finish_hmac_sha384(psa_mac_operation_t *operation,
const uint8_t *mac,
size_t mac_length);
/**
* @brief Low level wrapper function to call a driver for aborting a HMAC SHA384 operation
* See @ref psa_mac_abort()
*/
psa_status_t psa_mac_abort_hmac_sha384(psa_mac_operation_t *operation);
#endif /* MODULE_PSA_MAC_HMAC_SHA_384 */
#if IS_USED(MODULE_PSA_MAC_HMAC_SHA_512) || defined(DOXYGEN)
/**
* @brief Low level wrapper function to call a driver for a HMAC SHA512 computation
* See @ref psa_mac_compute()
*/
psa_status_t psa_mac_compute_hmac_sha512(const psa_key_attributes_t *attributes,
const uint8_t *key_buffer,
size_t key_buffer_size,
const uint8_t *input,
size_t input_length,
uint8_t *mac,
size_t mac_size,
size_t *mac_length);
/**
* @brief Low level wrapper function to call a driver for a HMAC SHA512 verification
* See @ref psa_mac_verify()
*/
psa_status_t psa_mac_verify_hmac_sha512(const psa_key_attributes_t *attributes,
const uint8_t *key_buffer,
size_t key_buffer_size,
const uint8_t *input,
size_t input_length,
const uint8_t *mac,
size_t mac_length);
/**
* @brief Low level wrapper function to call a driver for setting up a HMAC SHA512 computation
* See @ref psa_mac_sign_setup()
*/
psa_status_t psa_mac_sign_setup_hmac_sha512(psa_mac_operation_t *operation,
const psa_key_attributes_t *attributes,
const uint8_t *key_buffer,
size_t key_buffer_size);
/**
* @brief Low level wrapper function to call a driver for setting up a HMAC SHA512 verification
* See @ref psa_mac_verify_setup()
*/
psa_status_t psa_mac_verify_setup_hmac_sha512(psa_mac_operation_t *operation,
const psa_key_attributes_t *attributes,
const uint8_t *key_buffer,
size_t key_buffer_size);
/**
* @brief Low level wrapper function to call a driver for updating a HMAC SHA512 calculation
* See @ref psa_mac_update()
*/
psa_status_t psa_mac_update_hmac_sha512(psa_mac_operation_t *operation,
const uint8_t *input,
size_t input_length);
/**
* @brief Low level wrapper function to call a driver for finishing a HMAC SHA512 computation
* See @ref psa_mac_sign_finish()
*/
psa_status_t psa_mac_sign_finish_hmac_sha512(psa_mac_operation_t *operation,
uint8_t *mac,
size_t mac_size,
size_t *mac_length);
/**
* @brief Low level wrapper function to call a driver for finishing a HMAC SHA512 verification
* See @ref psa_mac_verify_finish()
*/
psa_status_t psa_mac_verify_finish_hmac_sha512(psa_mac_operation_t *operation,
const uint8_t *mac,
size_t mac_length);
/**
* @brief Low level wrapper function to call a driver for aborting a HMAC SHA512 operation
* See @ref psa_mac_abort()
*/
psa_status_t psa_mac_abort_hmac_sha512(psa_mac_operation_t *operation);
#endif /* MODULE_PSA_MAC_HMAC_SHA_512 */
#if IS_USED(MODULE_PSA_MAC_HMAC_SHA3_256) || defined(DOXYGEN)
/**
* @brief Low level wrapper function to call a driver for a HMAC SHA3-256 computation
* See @ref psa_mac_compute()
*/
psa_status_t psa_mac_compute_hmac_sha3_256(const psa_key_attributes_t *attributes,
const uint8_t *key_buffer,
size_t key_buffer_size,
const uint8_t *input,
size_t input_length,
uint8_t *mac,
size_t mac_size,
size_t *mac_length);
/**
* @brief Low level wrapper function to call a driver for a HMAC SHA3-256 verification
* See @ref psa_mac_verify()
*/
psa_status_t psa_mac_verify_hmac_sha3_256(const psa_key_attributes_t *attributes,
const uint8_t *key_buffer,
size_t key_buffer_size,
const uint8_t *input,
size_t input_length,
const uint8_t *mac,
size_t mac_length);
/**
* @brief Low level wrapper function to call a driver for setting up a HMAC SHA3-256 computation
* See @ref psa_mac_sign_setup()
*/
psa_status_t psa_mac_sign_setup_hmac_sha3_256(psa_mac_operation_t *operation,
const psa_key_attributes_t *attributes,
const uint8_t *key_buffer,
size_t key_buffer_size);
/**
* @brief Low level wrapper function to call a driver for setting up a HMAC SHA3-256 verification
* See @ref psa_mac_verify_setup()
*/
psa_status_t psa_mac_verify_setup_hmac_sha3_256(psa_mac_operation_t *operation,
const psa_key_attributes_t *attributes,
const uint8_t *key_buffer,
size_t key_buffer_size);
/**
* @brief Low level wrapper function to call a driver for updating a HMAC SHA3-256 calculation
* See @ref psa_mac_update()
*/
psa_status_t psa_mac_update_hmac_sha3_256(psa_mac_operation_t *operation,
const uint8_t *input,
size_t input_length);
/**
* @brief Low level wrapper function to call a driver for finishing a HMAC SHA3-256 computation
* See @ref psa_mac_sign_finish()
*/
psa_status_t psa_mac_sign_finish_hmac_sha3_256(psa_mac_operation_t *operation,
uint8_t *mac,
size_t mac_size,
size_t *mac_length);
/**
* @brief Low level wrapper function to call a driver for finishing a HMAC SHA3-256 verification
* See @ref psa_mac_verify_finish()
*/
psa_status_t psa_mac_verify_finish_hmac_sha3_256(psa_mac_operation_t *operation,
const uint8_t *mac,
size_t mac_length);
/**
* @brief Low level wrapper function to call a driver for aborting a HMAC SHA3-256 operation
* See @ref psa_mac_abort()
*/
psa_status_t psa_mac_abort_hmac_sha3_256(psa_mac_operation_t *operation);
#endif /* MODULE_PSA_MAC_HMAC_SHA3_256 */
#if IS_USED(MODULE_PSA_MAC_HMAC_SHA3_384) || defined(DOXYGEN)
/**
* @brief Low level wrapper function to call a driver for a HMAC SHA3-384 computation
* See @ref psa_mac_compute()
*/
psa_status_t psa_mac_compute_hmac_sha3_384(const psa_key_attributes_t *attributes,
const uint8_t *key_buffer,
size_t key_buffer_size,
const uint8_t *input,
size_t input_length,
uint8_t *mac,
size_t mac_size,
size_t *mac_length);
/**
* @brief Low level wrapper function to call a driver for a HMAC SHA3-384 verification
* See @ref psa_mac_verify()
*/
psa_status_t psa_mac_verify_hmac_sha3_384(const psa_key_attributes_t *attributes,
const uint8_t *key_buffer,
size_t key_buffer_size,
const uint8_t *input,
size_t input_length,
const uint8_t *mac,
size_t mac_length);
/**
* @brief Low level wrapper function to call a driver for setting up a HMAC SHA3-384 computation
* See @ref psa_mac_sign_setup()
*/
psa_status_t psa_mac_sign_setup_hmac_sha3_384(psa_mac_operation_t *operation,
const psa_key_attributes_t *attributes,
const uint8_t *key_buffer,
size_t key_buffer_size);
/**
* @brief Low level wrapper function to call a driver for setting up a HMAC SHA3-384 verification
* See @ref psa_mac_verify_setup()
*/
psa_status_t psa_mac_verify_setup_hmac_sha3_384(psa_mac_operation_t *operation,
const psa_key_attributes_t *attributes,
const uint8_t *key_buffer,
size_t key_buffer_size);
/**
* @brief Low level wrapper function to call a driver for updating a HMAC SHA3-384 calculation
* See @ref psa_mac_update()
*/
psa_status_t psa_mac_update_hmac_sha3_384(psa_mac_operation_t *operation,
const uint8_t *input,
size_t input_length);
/**
* @brief Low level wrapper function to call a driver for finishing a HMAC SHA3-384 computation
* See @ref psa_mac_sign_finish()
*/
psa_status_t psa_mac_sign_finish_hmac_sha3_384(psa_mac_operation_t *operation,
uint8_t *mac,
size_t mac_size,
size_t *mac_length);
/**
* @brief Low level wrapper function to call a driver for finishing a HMAC SHA3-384 verification
* See @ref psa_mac_verify_finish()
*/
psa_status_t psa_mac_verify_finish_hmac_sha3_384(psa_mac_operation_t *operation,
const uint8_t *mac,
size_t mac_length);
/**
* @brief Low level wrapper function to call a driver for aborting a HMAC SHA3-384 operation
* See @ref psa_mac_abort()
*/
psa_status_t psa_mac_abort_hmac_sha3_384(psa_mac_operation_t *operation);
#endif /* MODULE_PSA_MAC_HMAC_SHA3_384 */
#if IS_USED(MODULE_PSA_MAC_HMAC_SHA3_512) || defined(DOXYGEN)
/**
* @brief Low level wrapper function to call a driver for a HMAC SHA3-512 computation
* See @ref psa_mac_compute()
*/
psa_status_t psa_mac_compute_hmac_sha3_512(const psa_key_attributes_t *attributes,
const uint8_t *key_buffer,
size_t key_buffer_size,
const uint8_t *input,
size_t input_length,
uint8_t *mac,
size_t mac_size,
size_t *mac_length);
/**
* @brief Low level wrapper function to call a driver for a HMAC SHA3-512 verification
* See @ref psa_mac_verify()
*/
psa_status_t psa_mac_verify_hmac_sha3_512(const psa_key_attributes_t *attributes,
const uint8_t *key_buffer,
size_t key_buffer_size,
const uint8_t *input,
size_t input_length,
const uint8_t *mac,
size_t mac_length);
/**
* @brief Low level wrapper function to call a driver for setting up a HMAC SHA3-512 computation
* See @ref psa_mac_sign_setup()
*/
psa_status_t psa_mac_sign_setup_hmac_sha3_512(psa_mac_operation_t *operation,
const psa_key_attributes_t *attributes,
const uint8_t *key_buffer,
size_t key_buffer_size);
/**
* @brief Low level wrapper function to call a driver for setting up a HMAC SHA3-512 verification
* See @ref psa_mac_verify_setup()
*/
psa_status_t psa_mac_verify_setup_hmac_sha3_512(psa_mac_operation_t *operation,
const psa_key_attributes_t *attributes,
const uint8_t *key_buffer,
size_t key_buffer_size);
/**
* @brief Low level wrapper function to call a driver for updating a HMAC SHA3-512 calculation
* See @ref psa_mac_update()
*/
psa_status_t psa_mac_update_hmac_sha3_512(psa_mac_operation_t *operation,
const uint8_t *input,
size_t input_length);
/**
* @brief Low level wrapper function to call a driver for finishing a HMAC SHA3-512 computation
* See @ref psa_mac_sign_finish()
*/
psa_status_t psa_mac_sign_finish_hmac_sha3_512(psa_mac_operation_t *operation,
uint8_t *mac,
size_t mac_size,
size_t *mac_length);
/**
* @brief Low level wrapper function to call a driver for finishing a HMAC SHA3-512 verification
* See @ref psa_mac_verify_finish()
*/
psa_status_t psa_mac_verify_finish_hmac_sha3_512(psa_mac_operation_t *operation,
const uint8_t *mac,
size_t mac_length);
/**
* @brief Low level wrapper function to call a driver for aborting a HMAC SHA3-512 operation
* See @ref psa_mac_abort()
*/
psa_status_t psa_mac_abort_hmac_sha3_512(psa_mac_operation_t *operation);
#endif /* MODULE_PSA_MAC_HMAC_SHA3_512 */
#ifdef __cplusplus
}
#endif

224
sys/psa_crypto/psa_crypto.c
View File

@ -1788,17 +1788,6 @@ psa_status_t psa_key_derivation_setup(psa_key_derivation_operation_t *operation,
#endif /* MODULE_PSA_KEY_DERIVATION */
#if IS_USED(MODULE_PSA_MAC)
psa_status_t psa_mac_abort(psa_mac_operation_t *operation)
{
if (!lib_initialized) {
return PSA_ERROR_BAD_STATE;
}
*operation = psa_mac_operation_init();
return PSA_ERROR_NOT_SUPPORTED;
}
/**
* @brief Validate algorithm and key for a MAC operation
*
@ -1817,7 +1806,7 @@ static psa_status_t psa_mac_validate_alg_and_key_and_size(psa_key_attributes_t *
psa_key_type_t type = psa_get_key_type(attr);
psa_key_bits_t bits = psa_get_key_bits(attr);
if (!PSA_ALG_IS_HMAC(alg) || (PSA_ALG_GET_HASH(alg) != PSA_ALG_SHA_256)) {
if (!PSA_ALG_IS_HMAC(alg)) {
return PSA_ERROR_NOT_SUPPORTED;
}
@ -1874,7 +1863,7 @@ psa_status_t psa_mac_compute(psa_key_id_t key,
return status;
}
status = psa_get_and_lock_key_slot_with_policy(key, &slot, attr.policy.usage, alg);
status = psa_get_and_lock_key_slot_with_policy(key, &slot, PSA_KEY_USAGE_SIGN_MESSAGE, alg);
if (status != PSA_SUCCESS) {
unlock_status = psa_unlock_key_slot(slot);
if (unlock_status != PSA_SUCCESS) {
@ -1891,38 +1880,6 @@ psa_status_t psa_mac_compute(psa_key_id_t key,
}
psa_status_t psa_mac_sign_finish(psa_mac_operation_t *operation,
uint8_t *mac,
size_t mac_size,
size_t *mac_length)
{
(void)operation;
(void)mac;
(void)mac_size;
(void)mac_length;
return PSA_ERROR_NOT_SUPPORTED;
}
psa_status_t psa_mac_sign_setup(psa_mac_operation_t *operation,
psa_key_id_t key,
psa_algorithm_t alg)
{
(void)operation;
(void)key;
(void)alg;
return PSA_ERROR_NOT_SUPPORTED;
}
psa_status_t psa_mac_update(psa_mac_operation_t *operation,
const uint8_t *input,
size_t input_length)
{
(void)operation;
(void)input;
(void)input_length;
return PSA_ERROR_NOT_SUPPORTED;
}
psa_status_t psa_mac_verify(psa_key_id_t key,
psa_algorithm_t alg,
const uint8_t *input,
@ -1930,33 +1887,174 @@ psa_status_t psa_mac_verify(psa_key_id_t key,
const uint8_t *mac,
size_t mac_length)
{
(void)key;
(void)alg;
(void)input;
(void)input_length;
(void)mac;
(void)mac_length;
return PSA_ERROR_NOT_SUPPORTED;
psa_key_attributes_t attr = psa_key_attributes_init();
psa_key_slot_t *slot;
psa_status_t status;
if (!lib_initialized) {
return PSA_ERROR_BAD_STATE;
}
if (!input || !mac || !mac_length) {
return PSA_ERROR_INVALID_ARGUMENT;
}
status = psa_get_key_attributes(key, &attr);
if (status != PSA_SUCCESS) {
return status;
}
status = psa_mac_validate_alg_and_key_and_size(&attr, alg, mac_length);
if (status != PSA_SUCCESS) {
return status;
}
status = psa_get_and_lock_key_slot_with_policy(key, &slot, PSA_KEY_USAGE_VERIFY_MESSAGE, alg);
if (status != PSA_SUCCESS) {
return status;
}
status = psa_location_dispatch_mac_verify(&slot->attr, alg, slot, input, input_length,
mac, mac_length);
psa_unlock_key_slot(slot);
return status;
}
psa_status_t psa_mac_verify_finish(psa_mac_operation_t *operation,
const uint8_t *mac,
size_t mac_length)
psa_status_t psa_mac_sign_setup(psa_mac_operation_t *operation,
psa_key_id_t key,
psa_algorithm_t alg)
{
(void)operation;
(void)mac;
(void)mac_length;
return PSA_ERROR_NOT_SUPPORTED;
psa_key_attributes_t attr = psa_key_attributes_init();
psa_key_slot_t *slot;
psa_status_t status;
if (!lib_initialized) {
return PSA_ERROR_BAD_STATE;
}
if (!operation) {
return PSA_ERROR_INVALID_ARGUMENT;
}
if (!PSA_ALG_IS_HMAC(alg)) {
return PSA_ERROR_INVALID_ARGUMENT;
}
status = psa_get_key_attributes(key, &attr);
if (status != PSA_SUCCESS) {
return status;
}
status = psa_get_and_lock_key_slot_with_policy(key, &slot, PSA_KEY_USAGE_SIGN_MESSAGE, alg);
if (status != PSA_SUCCESS) {
return status;
}
status = psa_location_dispatch_mac_sign_setup(operation, &attr, slot, alg);
psa_unlock_key_slot(slot);
return status;
}
psa_status_t psa_mac_verify_setup(psa_mac_operation_t *operation,
psa_key_id_t key,
psa_algorithm_t alg)
{
(void)operation;
(void)key;
(void)alg;
return PSA_ERROR_NOT_SUPPORTED;
psa_key_attributes_t attr = psa_key_attributes_init();
psa_key_slot_t *slot;
psa_status_t status;
if (!lib_initialized) {
return PSA_ERROR_BAD_STATE;
}
if (!operation) {
return PSA_ERROR_INVALID_ARGUMENT;
}
if (!PSA_ALG_IS_HMAC(alg)) {
return PSA_ERROR_INVALID_ARGUMENT;
}
status = psa_get_key_attributes(key, &attr);
if (status != PSA_SUCCESS) {
return status;
}
status = psa_get_and_lock_key_slot_with_policy(key, &slot, PSA_KEY_USAGE_VERIFY_MESSAGE, alg);
if (status != PSA_SUCCESS) {
return status;
}
status = psa_location_dispatch_mac_verify_setup(operation, &attr, slot, alg);
psa_unlock_key_slot(slot);
return status;
}
psa_status_t psa_mac_update(psa_mac_operation_t *operation,
const uint8_t *input,
size_t input_length)
{
if (!lib_initialized) {
return PSA_ERROR_BAD_STATE;
}
if (!operation || !input) {
return PSA_ERROR_INVALID_ARGUMENT;
}
return psa_location_dispatch_mac_update(operation, input, input_length);
}
psa_status_t psa_mac_sign_finish(psa_mac_operation_t *operation,
uint8_t *mac,
size_t mac_size,
size_t *mac_length)
{
if (!lib_initialized) {
return PSA_ERROR_BAD_STATE;
}
if (!operation || !mac || !mac_length) {
return PSA_ERROR_INVALID_ARGUMENT;
}
return psa_location_dispatch_mac_sign_finish(operation, mac, mac_size, mac_length);
}
psa_status_t psa_mac_verify_finish(psa_mac_operation_t *operation,
const uint8_t *mac,
size_t mac_length)
{
if (!lib_initialized) {
return PSA_ERROR_BAD_STATE;
}
if (!operation || !mac) {
return PSA_ERROR_INVALID_ARGUMENT;
}
return psa_location_dispatch_mac_verify_finish(operation, mac, mac_length);
}
psa_status_t psa_mac_abort(psa_mac_operation_t *operation)
{
psa_status_t status;
if (!lib_initialized) {
return PSA_ERROR_BAD_STATE;
}
if (!operation) {
return PSA_ERROR_INVALID_ARGUMENT;
}
status = psa_location_dispatch_mac_abort(operation);
*operation = psa_mac_operation_init();
return status;
}
psa_status_t psa_purge_key(psa_key_id_t key)

522
sys/psa_crypto/psa_crypto_algorithm_dispatch.c
View File

@ -886,6 +886,152 @@ psa_status_t psa_algorithm_dispatch_mac_compute(const psa_key_attributes_t *attr
uint8_t *mac,
size_t mac_size,
size_t *mac_length)
{
uint8_t *key_data = NULL;
size_t *key_bytes = NULL;
psa_get_key_data_from_key_slot(slot, &key_data, &key_bytes);
if (!key_data || !key_bytes) {
return PSA_ERROR_INVALID_ARGUMENT;
}
switch (alg) {
#if IS_USED(MODULE_PSA_MAC_HMAC_MD5)
case PSA_ALG_HMAC(PSA_ALG_MD5):
return psa_mac_compute_hmac_md5(attributes, key_data, *key_bytes, input, input_length,
mac, mac_size, mac_length);
#endif
#if IS_USED(MODULE_PSA_MAC_HMAC_SHA_1)
case PSA_ALG_HMAC(PSA_ALG_SHA_1):
return psa_mac_compute_hmac_sha1(attributes, key_data, *key_bytes, input, input_length,
mac, mac_size, mac_length);
#endif
#if IS_USED(MODULE_PSA_MAC_HMAC_SHA_224)
case PSA_ALG_HMAC(PSA_ALG_SHA_224):
return psa_mac_compute_hmac_sha224(attributes, key_data, *key_bytes, input, input_length,
mac, mac_size, mac_length);
#endif
#if IS_USED(MODULE_PSA_MAC_HMAC_SHA_256)
case PSA_ALG_HMAC(PSA_ALG_SHA_256):
return psa_mac_compute_hmac_sha256(attributes, key_data, *key_bytes, input, input_length,
mac, mac_size, mac_length);
#endif
#if IS_USED(MODULE_PSA_MAC_HMAC_SHA_384)
case PSA_ALG_HMAC(PSA_ALG_SHA_384):
return psa_mac_compute_hmac_sha384(attributes, key_data, *key_bytes, input, input_length,
mac, mac_size, mac_length);
#endif
#if IS_USED(MODULE_PSA_MAC_HMAC_SHA_512)
case PSA_ALG_HMAC(PSA_ALG_SHA_512):
return psa_mac_compute_hmac_sha512(attributes, key_data, *key_bytes, input, input_length,
mac, mac_size, mac_length);
#endif
#if IS_USED(MODULE_PSA_MAC_HMAC_SHA3_256)
case PSA_ALG_HMAC(PSA_ALG_SHA3_256):
return psa_mac_compute_hmac_sha3_256(attributes, key_data, *key_bytes, input, input_length,
mac, mac_size, mac_length);
#endif
#if IS_USED(MODULE_PSA_MAC_HMAC_SHA3_384)
case PSA_ALG_HMAC(PSA_ALG_SHA3_384):
return psa_mac_compute_hmac_sha3_384(attributes, key_data, *key_bytes, input, input_length,
mac, mac_size, mac_length);
#endif
#if IS_USED(MODULE_PSA_MAC_HMAC_SHA3_512)
case PSA_ALG_HMAC(PSA_ALG_SHA3_512):
return psa_mac_compute_hmac_sha3_512(attributes, key_data, *key_bytes, input, input_length,
mac, mac_size, mac_length);
#endif
default:
(void)attributes;
(void)slot;
(void)input;
(void)input_length;
(void)mac;
(void)mac_size;
(void)mac_length;
return PSA_ERROR_NOT_SUPPORTED;
}
}
psa_status_t psa_algorithm_dispatch_mac_verify(const psa_key_attributes_t *attributes,
psa_algorithm_t alg,
const psa_key_slot_t *slot,
const uint8_t *input,
size_t input_length,
const uint8_t *mac,
size_t mac_length)
{
uint8_t *key_data = NULL;
size_t *key_bytes = NULL;
psa_get_key_data_from_key_slot(slot, &key_data, &key_bytes);
if (!key_data || !key_bytes) {
return PSA_ERROR_INVALID_ARGUMENT;
}
switch (alg) {
#if IS_USED(MODULE_PSA_MAC_HMAC_MD5)
case PSA_ALG_HMAC(PSA_ALG_MD5):
return psa_mac_verify_hmac_md5(attributes, key_data, *key_bytes, input, input_length,
mac, mac_length);
#endif
#if IS_USED(MODULE_PSA_MAC_HMAC_SHA_1)
case PSA_ALG_HMAC(PSA_ALG_SHA_1):
return psa_mac_verify_hmac_sha1(attributes, key_data, *key_bytes, input, input_length,
mac, mac_length);
#endif
#if IS_USED(MODULE_PSA_MAC_HMAC_SHA_224)
case PSA_ALG_HMAC(PSA_ALG_SHA_224):
return psa_mac_verify_hmac_sha224(attributes, key_data, *key_bytes, input, input_length,
mac, mac_length);
#endif
#if IS_USED(MODULE_PSA_MAC_HMAC_SHA_256)
case PSA_ALG_HMAC(PSA_ALG_SHA_256):
return psa_mac_verify_hmac_sha256(attributes, key_data, *key_bytes, input, input_length,
mac, mac_length);
#endif
#if IS_USED(MODULE_PSA_MAC_HMAC_SHA_384)
case PSA_ALG_HMAC(PSA_ALG_SHA_384):
return psa_mac_verify_hmac_sha384(attributes, key_data, *key_bytes, input, input_length,
mac, mac_length);
#endif
#if IS_USED(MODULE_PSA_MAC_HMAC_SHA_512)
case PSA_ALG_HMAC(PSA_ALG_SHA_512):
return psa_mac_verify_hmac_sha512(attributes, key_data, *key_bytes, input, input_length,
mac, mac_length);
#endif
#if IS_USED(MODULE_PSA_MAC_HMAC_SHA3_256)
case PSA_ALG_HMAC(PSA_ALG_SHA3_256):
return psa_mac_verify_hmac_sha3_256(attributes, key_data, *key_bytes, input, input_length,
mac, mac_length);
#endif
#if IS_USED(MODULE_PSA_MAC_HMAC_SHA3_384)
case PSA_ALG_HMAC(PSA_ALG_SHA3_384):
return psa_mac_verify_hmac_sha3_384(attributes, key_data, *key_bytes, input, input_length,
mac, mac_length);
#endif
#if IS_USED(MODULE_PSA_MAC_HMAC_SHA3_512)
case PSA_ALG_HMAC(PSA_ALG_SHA3_512):
return psa_mac_verify_hmac_sha3_512(attributes, key_data, *key_bytes, input, input_length,
mac, mac_length);
#endif
default:
(void)attributes;
(void)slot;
(void)input;
(void)input_length;
(void)mac;
(void)mac_length;
return PSA_ERROR_NOT_SUPPORTED;
}
}
psa_status_t psa_algorithm_dispatch_mac_sign_setup(psa_mac_operation_t *operation,
const psa_key_attributes_t *attributes,
const psa_key_slot_t *slot,
psa_algorithm_t alg)
{
psa_status_t status = PSA_ERROR_NOT_SUPPORTED;
uint8_t *key_data = NULL;
@ -893,27 +1039,389 @@ psa_status_t psa_algorithm_dispatch_mac_compute(const psa_key_attributes_t *attr
psa_get_key_data_from_key_slot(slot, &key_data, &key_bytes);
if (!key_data || !key_bytes) {
return PSA_ERROR_INVALID_ARGUMENT;
}
switch (alg) {
#if IS_USED(MODULE_PSA_MAC_HMAC_SHA_256)
case PSA_ALG_HMAC(PSA_ALG_SHA_256):
status = psa_mac_compute_hmac_sha256(attributes, key_data, *key_bytes, input, input_length,
mac, mac_size, mac_length);
#if IS_USED(MODULE_PSA_MAC_HMAC_MD5)
case PSA_ALG_HMAC(PSA_ALG_MD5):
status = psa_mac_sign_setup_hmac_md5(operation, attributes, key_data, *key_bytes);
if (status != PSA_SUCCESS) {
return status;
}
break;
#endif
#endif
#if IS_USED(MODULE_PSA_MAC_HMAC_SHA_1)
case PSA_ALG_HMAC(PSA_ALG_SHA_1):
status = psa_mac_sign_setup_hmac_sha1(operation, attributes, key_data, *key_bytes);
if (status != PSA_SUCCESS) {
return status;
}
break;
#endif
#if IS_USED(MODULE_PSA_MAC_HMAC_SHA_224)
case PSA_ALG_HMAC(PSA_ALG_SHA_224):
status = psa_mac_sign_setup_hmac_sha224(operation, attributes, key_data, *key_bytes);
if (status != PSA_SUCCESS) {
return status;
}
break;
#endif
#if IS_USED(MODULE_PSA_MAC_HMAC_SHA_256)
case PSA_ALG_HMAC(PSA_ALG_SHA_256):
status = psa_mac_sign_setup_hmac_sha256(operation, attributes, key_data, *key_bytes);
if (status != PSA_SUCCESS) {
return status;
}
break;
#endif
#if IS_USED(MODULE_PSA_MAC_HMAC_SHA_384)
case PSA_ALG_HMAC(PSA_ALG_SHA_384):
status = psa_mac_sign_setup_hmac_sha384(operation, attributes, key_data, *key_bytes);
if (status != PSA_SUCCESS) {
return status;
}
break;
#endif
#if IS_USED(MODULE_PSA_MAC_HMAC_SHA_512)
case PSA_ALG_HMAC(PSA_ALG_SHA_512):
status = psa_mac_sign_setup_hmac_sha512(operation, attributes, key_data, *key_bytes);
if (status != PSA_SUCCESS) {
return status;
}
break;
#endif
#if IS_USED(MODULE_PSA_MAC_HMAC_SHA3_256)
case PSA_ALG_HMAC(PSA_ALG_SHA3_256):
status = psa_mac_sign_setup_hmac_sha3_256(operation, attributes, key_data, *key_bytes);
if (status != PSA_SUCCESS) {
return status;
}
break;
#endif
#if IS_USED(MODULE_PSA_MAC_HMAC_SHA3_384)
case PSA_ALG_HMAC(PSA_ALG_SHA3_384):
status = psa_mac_sign_setup_hmac_sha3_384(operation, attributes, key_data, *key_bytes);
if (status != PSA_SUCCESS) {
return status;
}
break;
#endif
#if IS_USED(MODULE_PSA_MAC_HMAC_SHA3_512)
case PSA_ALG_HMAC(PSA_ALG_SHA3_512):
status = psa_mac_sign_setup_hmac_sha3_512(operation, attributes, key_data, *key_bytes);
if (status != PSA_SUCCESS) {
return status;
}
break;
#endif
default:
(void)status;
return PSA_ERROR_NOT_SUPPORTED;
(void)attributes;
(void)operation;
(void)alg;
return status;
}
operation->alg = alg;
return PSA_SUCCESS;
}
psa_status_t psa_algorithm_dispatch_mac_verify_setup(psa_mac_operation_t *operation,
const psa_key_attributes_t *attributes,
const psa_key_slot_t *slot,
psa_algorithm_t alg)
{
psa_status_t status = PSA_ERROR_NOT_SUPPORTED;
uint8_t *key_data = NULL;
size_t *key_bytes = NULL;
psa_get_key_data_from_key_slot(slot, &key_data, &key_bytes);
if (!key_data || !key_bytes) {
return PSA_ERROR_INVALID_ARGUMENT;
}
switch (alg) {
#if IS_USED(MODULE_PSA_MAC_HMAC_MD5)
case PSA_ALG_HMAC(PSA_ALG_MD5):
status = psa_mac_verify_setup_hmac_md5(operation, attributes, key_data, *key_bytes);
if (status != PSA_SUCCESS) {
return status;
}
break;
#endif
#if IS_USED(MODULE_PSA_MAC_HMAC_SHA_1)
case PSA_ALG_HMAC(PSA_ALG_SHA_1):
status = psa_mac_verify_setup_hmac_sha1(operation, attributes, key_data, *key_bytes);
if (status != PSA_SUCCESS) {
return status;
}
break;
#endif
#if IS_USED(MODULE_PSA_MAC_HMAC_SHA_224)
case PSA_ALG_HMAC(PSA_ALG_SHA_224):
status = psa_mac_verify_setup_hmac_sha224(operation, attributes, key_data, *key_bytes);
if (status != PSA_SUCCESS) {
return status;
}
break;
#endif
#if IS_USED(MODULE_PSA_MAC_HMAC_SHA_256)
case PSA_ALG_HMAC(PSA_ALG_SHA_256):
status = psa_mac_verify_setup_hmac_sha256(operation, attributes, key_data, *key_bytes);
if (status != PSA_SUCCESS) {
return status;
}
break;
#endif
#if IS_USED(MODULE_PSA_MAC_HMAC_SHA_384)
case PSA_ALG_HMAC(PSA_ALG_SHA_384):
status = psa_mac_verify_setup_hmac_sha384(operation, attributes, key_data, *key_bytes);
if (status != PSA_SUCCESS) {
return status;
}
break;
#endif
#if IS_USED(MODULE_PSA_MAC_HMAC_SHA_512)
case PSA_ALG_HMAC(PSA_ALG_SHA_512):
status = psa_mac_verify_setup_hmac_sha512(operation, attributes, key_data, *key_bytes);
if (status != PSA_SUCCESS) {
return status;
}
break;
#endif
#if IS_USED(MODULE_PSA_MAC_HMAC_SHA3_256)
case PSA_ALG_HMAC(PSA_ALG_SHA3_256):
status = psa_mac_verify_setup_hmac_sha3_256(operation, attributes, key_data, *key_bytes);
if (status != PSA_SUCCESS) {
return status;
}
break;
#endif
#if IS_USED(MODULE_PSA_MAC_HMAC_SHA3_384)
case PSA_ALG_HMAC(PSA_ALG_SHA3_384):
status = psa_mac_verify_setup_hmac_sha3_384(operation, attributes, key_data, *key_bytes);
if (status != PSA_SUCCESS) {
return status;
}
break;
#endif
#if IS_USED(MODULE_PSA_MAC_HMAC_SHA3_512)
case PSA_ALG_HMAC(PSA_ALG_SHA3_512):
status = psa_mac_verify_setup_hmac_sha3_512(operation, attributes, key_data, *key_bytes);
if (status != PSA_SUCCESS) {
return status;
}
break;
#endif
default:
(void)attributes;
(void)operation;
(void)alg;
return status;
}
operation->alg = alg;
return PSA_SUCCESS;
}
psa_status_t psa_algorithm_dispatch_mac_update(psa_mac_operation_t *operation,
const uint8_t *input,
size_t input_length)
{
switch (operation->alg) {
#if IS_USED(MODULE_PSA_MAC_HMAC_MD5)
case PSA_ALG_HMAC(PSA_ALG_MD5):
return psa_mac_update_hmac_md5(operation, input, input_length);
#endif
#if IS_USED(MODULE_PSA_MAC_HMAC_SHA_1)
case PSA_ALG_HMAC(PSA_ALG_SHA_1):
return psa_mac_update_hmac_sha1(operation, input, input_length);
#endif
#if IS_USED(MODULE_PSA_MAC_HMAC_SHA_224)
case PSA_ALG_HMAC(PSA_ALG_SHA_224):
return psa_mac_update_hmac_sha224(operation, input, input_length);
#endif
#if IS_USED(MODULE_PSA_MAC_HMAC_SHA_256)
case PSA_ALG_HMAC(PSA_ALG_SHA_256):
return psa_mac_update_hmac_sha256(operation, input, input_length);
#endif
#if IS_USED(MODULE_PSA_MAC_HMAC_SHA_384)
case PSA_ALG_HMAC(PSA_ALG_SHA_384):
return psa_mac_update_hmac_sha384(operation, input, input_length);
#endif
#if IS_USED(MODULE_PSA_MAC_HMAC_SHA_512)
case PSA_ALG_HMAC(PSA_ALG_SHA_512):
return psa_mac_update_hmac_sha512(operation, input, input_length);
#endif
#if IS_USED(MODULE_PSA_MAC_HMAC_SHA3_256)
case PSA_ALG_HMAC(PSA_ALG_SHA3_256):
return psa_mac_update_hmac_sha3_256(operation, input, input_length);
#endif
#if IS_USED(MODULE_PSA_MAC_HMAC_SHA3_384)
case PSA_ALG_HMAC(PSA_ALG_SHA3_384):
return psa_mac_update_hmac_sha3_384(operation, input, input_length);
#endif
#if IS_USED(MODULE_PSA_MAC_HMAC_SHA3_512)
case PSA_ALG_HMAC(PSA_ALG_SHA3_512):
return psa_mac_update_hmac_sha3_512(operation, input, input_length);
#endif
default:
(void)operation;
(void)input;
(void)input_length;
return PSA_ERROR_NOT_SUPPORTED;
}
}
psa_status_t psa_algorithm_dispatch_mac_sign_finish(psa_mac_operation_t *operation,
uint8_t *mac,
size_t mac_size,
size_t *mac_length)
{
switch (operation->alg) {
#if IS_USED(MODULE_PSA_MAC_HMAC_MD5)
case PSA_ALG_HMAC(PSA_ALG_MD5):
return psa_mac_sign_finish_hmac_md5(operation, mac, mac_size, mac_length);
#endif
#if IS_USED(MODULE_PSA_MAC_HMAC_SHA_1)
case PSA_ALG_HMAC(PSA_ALG_SHA_1):
return psa_mac_sign_finish_hmac_sha1(operation, mac, mac_size, mac_length);
#endif
#if IS_USED(MODULE_PSA_MAC_HMAC_SHA_224)
case PSA_ALG_HMAC(PSA_ALG_SHA_224):
return psa_mac_sign_finish_hmac_sha224(operation, mac, mac_size, mac_length);
#endif
#if IS_USED(MODULE_PSA_MAC_HMAC_SHA_256)
case PSA_ALG_HMAC(PSA_ALG_SHA_256):
return psa_mac_sign_finish_hmac_sha256(operation, mac, mac_size, mac_length);
#endif
#if IS_USED(MODULE_PSA_MAC_HMAC_SHA_384)
case PSA_ALG_HMAC(PSA_ALG_SHA_384):
return psa_mac_sign_finish_hmac_sha384(operation, mac, mac_size, mac_length);
#endif
#if IS_USED(MODULE_PSA_MAC_HMAC_SHA_512)
case PSA_ALG_HMAC(PSA_ALG_SHA_512):
return psa_mac_sign_finish_hmac_sha512(operation, mac, mac_size, mac_length);
#endif
#if IS_USED(MODULE_PSA_MAC_HMAC_SHA3_256)
case PSA_ALG_HMAC(PSA_ALG_SHA3_256):
return psa_mac_sign_finish_hmac_sha3_256(operation, mac, mac_size, mac_length);
#endif
#if IS_USED(MODULE_PSA_MAC_HMAC_SHA3_384)
case PSA_ALG_HMAC(PSA_ALG_SHA3_384):
return psa_mac_sign_finish_hmac_sha3_384(operation, mac, mac_size, mac_length);
#endif
#if IS_USED(MODULE_PSA_MAC_HMAC_SHA3_512)
case PSA_ALG_HMAC(PSA_ALG_SHA3_512):
return psa_mac_sign_finish_hmac_sha3_512(operation, mac, mac_size, mac_length);
#endif
default:
(void)operation;
(void)mac;
(void)mac_size;
(void)mac_length;
return PSA_ERROR_NOT_SUPPORTED;
}
}
psa_status_t psa_algorithm_dispatch_mac_verify_finish(psa_mac_operation_t *operation,
const uint8_t *mac,
size_t mac_length)
{
switch (operation->alg) {
#if IS_USED(MODULE_PSA_MAC_HMAC_MD5)
case PSA_ALG_HMAC(PSA_ALG_MD5):
return psa_mac_verify_finish_hmac_md5(operation, mac, mac_length);
#endif
#if IS_USED(MODULE_PSA_MAC_HMAC_SHA_1)
case PSA_ALG_HMAC(PSA_ALG_SHA_1):
return psa_mac_verify_finish_hmac_sha1(operation, mac, mac_length);
#endif
#if IS_USED(MODULE_PSA_MAC_HMAC_SHA_224)
case PSA_ALG_HMAC(PSA_ALG_SHA_224):
return psa_mac_verify_finish_hmac_sha224(operation, mac, mac_length);
#endif
#if IS_USED(MODULE_PSA_MAC_HMAC_SHA_256)
case PSA_ALG_HMAC(PSA_ALG_SHA_256):
return psa_mac_verify_finish_hmac_sha256(operation, mac, mac_length);
#endif
#if IS_USED(MODULE_PSA_MAC_HMAC_SHA_384)
case PSA_ALG_HMAC(PSA_ALG_SHA_384):
return psa_mac_verify_finish_hmac_sha384(operation, mac, mac_length);
#endif
#if IS_USED(MODULE_PSA_MAC_HMAC_SHA_512)
case PSA_ALG_HMAC(PSA_ALG_SHA_512):
return psa_mac_verify_finish_hmac_sha512(operation, mac, mac_length);
#endif
#if IS_USED(MODULE_PSA_MAC_HMAC_SHA3_256)
case PSA_ALG_HMAC(PSA_ALG_SHA3_256):
return psa_mac_verify_finish_hmac_sha3_256(operation, mac, mac_length);
#endif
#if IS_USED(MODULE_PSA_MAC_HMAC_SHA3_384)
case PSA_ALG_HMAC(PSA_ALG_SHA3_384):
return psa_mac_verify_finish_hmac_sha3_384(operation, mac, mac_length);
#endif
#if IS_USED(MODULE_PSA_MAC_HMAC_SHA3_512)
case PSA_ALG_HMAC(PSA_ALG_SHA3_512):
return psa_mac_verify_finish_hmac_sha3_512(operation, mac, mac_length);
#endif
default:
(void)operation;
(void)mac;
(void)mac_length;
return PSA_ERROR_NOT_SUPPORTED;
}
}
psa_status_t psa_algorithm_dispatch_mac_abort(psa_mac_operation_t *operation)
{
switch (operation->alg) {
#if IS_USED(MODULE_PSA_MAC_HMAC_MD5)
case PSA_ALG_HMAC(PSA_ALG_MD5):
return psa_mac_abort_hmac_md5(operation);
#endif
#if IS_USED(MODULE_PSA_MAC_HMAC_SHA_1)
case PSA_ALG_HMAC(PSA_ALG_SHA_1):
return psa_mac_abort_hmac_sha1(operation);
#endif
#if IS_USED(MODULE_PSA_MAC_HMAC_SHA_224)
case PSA_ALG_HMAC(PSA_ALG_SHA_224):
return psa_mac_abort_hmac_sha224(operation);
#endif
#if IS_USED(MODULE_PSA_MAC_HMAC_SHA_256)
case PSA_ALG_HMAC(PSA_ALG_SHA_256):
return psa_mac_abort_hmac_sha256(operation);
#endif
#if IS_USED(MODULE_PSA_MAC_HMAC_SHA_384)
case PSA_ALG_HMAC(PSA_ALG_SHA_384):
return psa_mac_abort_hmac_sha384(operation);
#endif
#if IS_USED(MODULE_PSA_MAC_HMAC_SHA_512)
case PSA_ALG_HMAC(PSA_ALG_SHA_512):
return psa_mac_abort_hmac_sha512(operation);
#endif
#if IS_USED(MODULE_PSA_MAC_HMAC_SHA3_256)
case PSA_ALG_HMAC(PSA_ALG_SHA3_256):
return psa_mac_abort_hmac_sha3_256(operation);
#endif
#if IS_USED(MODULE_PSA_MAC_HMAC_SHA3_384)
case PSA_ALG_HMAC(PSA_ALG_SHA3_384):
return psa_mac_abort_hmac_sha3_384(operation);
#endif
#if IS_USED(MODULE_PSA_MAC_HMAC_SHA3_512)
case PSA_ALG_HMAC(PSA_ALG_SHA3_512):
return psa_mac_abort_hmac_sha3_512(operation);
#endif
case PSA_ALG_NONE:
/* Calling psa_mac_abort() on a fresh psa_mac_operation_t is valid */
return PSA_SUCCESS;
default:
(void)operation;
return PSA_ERROR_NOT_SUPPORTED;
}
}
#endif /* MODULE_PSA_MAC */

74
sys/psa_crypto/psa_crypto_location_dispatch.c
View File

@ -506,6 +506,80 @@ psa_status_t psa_location_dispatch_mac_compute(const psa_key_attributes_t *attri
return psa_algorithm_dispatch_mac_compute(attributes, alg, slot, input, input_length, mac,
mac_size, mac_length);
}
psa_status_t psa_location_dispatch_mac_verify(const psa_key_attributes_t *attributes,
psa_algorithm_t alg,
const psa_key_slot_t *slot,
const uint8_t *input,
size_t input_length,
const uint8_t *mac,
size_t mac_length)
{
#if IS_USED(MODULE_PSA_SECURE_ELEMENT)
psa_key_slot_number_t *slot_number = psa_key_slot_get_slot_number(slot);
psa_drv_se_context_t *drv_context;
uint8_t *key_data = NULL;
size_t *key_bytes = NULL;
const psa_drv_se_t *drv;
psa_get_key_data_from_key_slot(slot, &key_data, &key_bytes);
if (psa_get_se_driver(attributes->lifetime, &drv, &drv_context)) {
if (drv->mac == NULL || drv->mac->p_mac_verify == NULL) {
return PSA_ERROR_NOT_SUPPORTED;
}
return drv->mac->p_mac_verify(drv_context, input, input_length, *slot_number, alg, mac,
mac_length);
}
#endif /* CONFIG_PSA_SECURE_ELEMENT */
return psa_algorithm_dispatch_mac_verify(attributes, alg, slot, input, input_length, mac,
mac_length);
}
psa_status_t psa_location_dispatch_mac_sign_setup(psa_mac_operation_t *operation,
const psa_key_attributes_t *attributes,
const psa_key_slot_t *slot,
psa_algorithm_t alg)
{
return psa_algorithm_dispatch_mac_sign_setup(operation, attributes, slot, alg);
}
psa_status_t psa_location_dispatch_mac_verify_setup(psa_mac_operation_t *operation,
const psa_key_attributes_t *attributes,
const psa_key_slot_t *slot,
psa_algorithm_t alg)
{
return psa_algorithm_dispatch_mac_verify_setup(operation, attributes, slot, alg);
}
psa_status_t psa_location_dispatch_mac_update(psa_mac_operation_t *operation,
const uint8_t *input,
size_t input_length)
{
return psa_algorithm_dispatch_mac_update(operation, input, input_length);
}
psa_status_t psa_location_dispatch_mac_sign_finish(psa_mac_operation_t *operation,
uint8_t *mac,
size_t mac_size,
size_t *mac_length)
{
return psa_algorithm_dispatch_mac_sign_finish(operation, mac, mac_size, mac_length);
}
psa_status_t psa_location_dispatch_mac_verify_finish(psa_mac_operation_t *operation,
const uint8_t *mac,
size_t mac_length)
{
return psa_algorithm_dispatch_mac_verify_finish(operation, mac, mac_length);
}
psa_status_t psa_location_dispatch_mac_abort(psa_mac_operation_t *operation)
{
return psa_algorithm_dispatch_mac_abort(operation);
}
#endif /* MODULE_PSA_MAC */
psa_status_t psa_location_dispatch_generate_random(uint8_t *output,