quickjs-tart

psa_crypto_mac.h (11765B)

---

 /*
  *  PSA MAC layer on top of Mbed TLS software crypto
  */
 /*
  *  Copyright The Mbed TLS Contributors
  *  SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
  */
 
 #ifndef PSA_CRYPTO_MAC_H
 #define PSA_CRYPTO_MAC_H
 
 #include <psa/crypto.h>
 
 /** Calculate the MAC (message authentication code) of a message using Mbed TLS.
  *
  * \note The signature of this function is that of a PSA driver mac_compute
  *       entry point. This function behaves as a mac_compute entry point as
  *       defined in the PSA driver interface specification for transparent
  *       drivers.
  *
  * \param[in] attributes        The attributes of the key to use for the
  *                              operation.
  * \param[in] key_buffer        The buffer containing the key to use for
  *                              computing the MAC. This buffer contains the key
  *                              in export representation as defined by
  *                              psa_export_key() (i.e. the raw key bytes).
  * \param key_buffer_size       Size of the \p key_buffer buffer in bytes.
  * \param alg                   The MAC algorithm to use (\c PSA_ALG_XXX value
  *                              such that #PSA_ALG_IS_MAC(\p alg) is true).
  * \param[in] input             Buffer containing the input message.
  * \param input_length          Size of the \p input buffer in bytes.
  * \param[out] mac              Buffer where the MAC value is to be written.
  * \param mac_size              Size of the \p mac buffer in bytes.
  * \param[out] mac_length       On success, the number of bytes
  *                              that make up the MAC value.
  *
  * \retval #PSA_SUCCESS
  *         Success.
  * \retval #PSA_ERROR_NOT_SUPPORTED
  *         \p alg is not supported.
  * \retval #PSA_ERROR_BUFFER_TOO_SMALL
  *         \p mac_size is too small
  * \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
  * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
  */
 psa_status_t mbedtls_psa_mac_compute(
     const psa_key_attributes_t *attributes,
     const uint8_t *key_buffer,
     size_t key_buffer_size,
     psa_algorithm_t alg,
     const uint8_t *input,
     size_t input_length,
     uint8_t *mac,
     size_t mac_size,
     size_t *mac_length);
 
 /** Set up a multipart MAC calculation operation using Mbed TLS.
  *
  * \note The signature of this function is that of a PSA driver mac_sign_setup
  *       entry point. This function behaves as a mac_sign_setup entry point as
  *       defined in the PSA driver interface specification for transparent
  *       drivers.
  *
  * \param[in,out] operation     The operation object to set up. It must have
  *                              been initialized and not yet in use.
  * \param[in] attributes        The attributes of the key to use for the
  *                              operation.
  * \param[in] key_buffer        The buffer containing the key to use for
  *                              computing the MAC. This buffer contains the key
  *                              in export representation as defined by
  *                              psa_export_key() (i.e. the raw key bytes).
  * \param key_buffer_size       Size of the \p key_buffer buffer in bytes.
  * \param alg                   The MAC algorithm to use (\c PSA_ALG_XXX value
  *                              such that #PSA_ALG_IS_MAC(\p alg) is true).
  *
  * \retval #PSA_SUCCESS
  *         Success.
  * \retval #PSA_ERROR_NOT_SUPPORTED
  *         \p alg is not supported.
  * \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
  * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
  * \retval #PSA_ERROR_BAD_STATE
  *         The operation state is not valid (it must be inactive).
  */
 psa_status_t mbedtls_psa_mac_sign_setup(
     mbedtls_psa_mac_operation_t *operation,
     const psa_key_attributes_t *attributes,
     const uint8_t *key_buffer,
     size_t key_buffer_size,
     psa_algorithm_t alg);
 
 /** Set up a multipart MAC verification operation using Mbed TLS.
  *
  * \note The signature of this function is that of a PSA driver mac_verify_setup
  *       entry point. This function behaves as a mac_verify_setup entry point as
  *       defined in the PSA driver interface specification for transparent
  *       drivers.
  *
  * \param[in,out] operation     The operation object to set up. It must have
  *                              been initialized and not yet in use.
  * \param[in] attributes        The attributes of the key to use for the
  *                              operation.
  * \param[in] key_buffer        The buffer containing the key to use for
  *                              computing the MAC. This buffer contains the key
  *                              in export representation as defined by
  *                              psa_export_key() (i.e. the raw key bytes).
  * \param key_buffer_size       Size of the \p key_buffer buffer in bytes.
  * \param alg                   The MAC algorithm to use (\c PSA_ALG_XXX value
  *                              such that #PSA_ALG_IS_MAC(\p alg) is true).
  *
  * \retval #PSA_SUCCESS
  *         Success.
  * \retval #PSA_ERROR_NOT_SUPPORTED
  *         \p alg is not supported.
  * \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
  * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
  * \retval #PSA_ERROR_BAD_STATE
  *         The operation state is not valid (it must be inactive).
  */
 psa_status_t mbedtls_psa_mac_verify_setup(
     mbedtls_psa_mac_operation_t *operation,
     const psa_key_attributes_t *attributes,
     const uint8_t *key_buffer,
     size_t key_buffer_size,
     psa_algorithm_t alg);
 
 /** Add a message fragment to a multipart MAC operation using Mbed TLS.
  *
  * \note The signature of this function is that of a PSA driver mac_update
  *       entry point. This function behaves as a mac_update entry point as
  *       defined in the PSA driver interface specification for transparent
  *       drivers.
  *
  * The PSA core calls mbedtls_psa_mac_sign_setup() or
  * mbedtls_psa_mac_verify_setup() before calling this function.
  *
  * If this function returns an error status, the PSA core aborts the
  * operation by calling mbedtls_psa_mac_abort().
  *
  * \param[in,out] operation Active MAC operation.
  * \param[in] input         Buffer containing the message fragment to add to
  *                          the MAC calculation.
  * \param input_length      Size of the \p input buffer in bytes.
  *
  * \retval #PSA_SUCCESS
  *         Success.
  * \retval #PSA_ERROR_BAD_STATE
  *         The operation state is not valid (it must be active).
  * \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
  * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
  */
 psa_status_t mbedtls_psa_mac_update(
     mbedtls_psa_mac_operation_t *operation,
     const uint8_t *input,
     size_t input_length);
 
 /** Finish the calculation of the MAC of a message using Mbed TLS.
  *
  * \note The signature of this function is that of a PSA driver mac_sign_finish
  *       entry point. This function behaves as a mac_sign_finish entry point as
  *       defined in the PSA driver interface specification for transparent
  *       drivers.
  *
  * The PSA core calls mbedtls_psa_mac_sign_setup() before calling this function.
  * This function calculates the MAC of the message formed by concatenating
  * the inputs passed to preceding calls to mbedtls_psa_mac_update().
  *
  * Whether this function returns successfully or not, the PSA core subsequently
  * aborts the operation by calling mbedtls_psa_mac_abort().
  *
  * \param[in,out] operation Active MAC operation.
  * \param[out] mac          Buffer where the MAC value is to be written.
  * \param mac_size          Output size requested for the MAC algorithm. The PSA
  *                          core guarantees this is a valid MAC length for the
  *                          algorithm and key combination passed to
  *                          mbedtls_psa_mac_sign_setup(). It also guarantees the
  *                          \p mac buffer is large enough to contain the
  *                          requested output size.
  * \param[out] mac_length   On success, the number of bytes output to buffer
  *                          \p mac, which will be equal to the requested length
  *                          \p mac_size.
  *
  * \retval #PSA_SUCCESS
  *         Success.
  * \retval #PSA_ERROR_BAD_STATE
  *         The operation state is not valid (it must be an active mac sign
  *         operation).
  * \retval #PSA_ERROR_BUFFER_TOO_SMALL
  *         The size of the \p mac buffer is too small. A sufficient buffer size
  *         can be determined by calling PSA_MAC_LENGTH().
  * \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
  * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
  */
 psa_status_t mbedtls_psa_mac_sign_finish(
     mbedtls_psa_mac_operation_t *operation,
     uint8_t *mac,
     size_t mac_size,
     size_t *mac_length);
 
 /** Finish the calculation of the MAC of a message and compare it with
  * an expected value using Mbed TLS.
  *
  * \note The signature of this function is that of a PSA driver
  *       mac_verify_finish entry point. This function behaves as a
  *       mac_verify_finish entry point as defined in the PSA driver interface
  *       specification for transparent drivers.
  *
  * The PSA core calls mbedtls_psa_mac_verify_setup() before calling this
  * function. This function calculates the MAC of the message formed by
  * concatenating the inputs passed to preceding calls to
  * mbedtls_psa_mac_update(). It then compares the calculated MAC with the
  * expected MAC passed as a parameter to this function.
  *
  * Whether this function returns successfully or not, the PSA core subsequently
  * aborts the operation by calling mbedtls_psa_mac_abort().
  *
  * \param[in,out] operation Active MAC operation.
  * \param[in] mac           Buffer containing the expected MAC value.
  * \param mac_length        Length in bytes of the expected MAC value. The PSA
  *                          core guarantees that this length is a valid MAC
  *                          length for the algorithm and key combination passed
  *                          to mbedtls_psa_mac_verify_setup().
  *
  * \retval #PSA_SUCCESS
  *         The expected MAC is identical to the actual MAC of the message.
  * \retval #PSA_ERROR_INVALID_SIGNATURE
  *         The MAC of the message was calculated successfully, but it
  *         differs from the expected MAC.
  * \retval #PSA_ERROR_BAD_STATE
  *         The operation state is not valid (it must be an active mac verify
  *         operation).
  * \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
  * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
  */
 psa_status_t mbedtls_psa_mac_verify_finish(
     mbedtls_psa_mac_operation_t *operation,
     const uint8_t *mac,
     size_t mac_length);
 
 /** Abort a MAC operation using Mbed TLS.
  *
  * Aborting an operation frees all associated resources except for the
  * \p operation structure itself. Once aborted, the operation object
  * can be reused for another operation by calling
  * mbedtls_psa_mac_sign_setup() or mbedtls_psa_mac_verify_setup() again.
  *
  * The PSA core may call this function any time after the operation object has
  * been initialized by one of the methods described in
  * #mbedtls_psa_mac_operation_t.
  *
  * In particular, calling mbedtls_psa_mac_abort() after the operation has been
  * terminated by a call to mbedtls_psa_mac_abort(),
  * mbedtls_psa_mac_sign_finish() or mbedtls_psa_mac_verify_finish() is safe and
  * has no effect.
  *
  * \param[in,out] operation Initialized MAC operation.
  *
  * \retval #PSA_SUCCESS \emptydescription
  * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
  */
 psa_status_t mbedtls_psa_mac_abort(
     mbedtls_psa_mac_operation_t *operation);
 
 #endif /* PSA_CRYPTO_MAC_H */