Struct optee_utee::crypto_op::Mac

pub struct Mac(_);

An operation for performing MAC (Message Authentication Code) operations, such as HMAC or AES-CMAC operations. This operation is not used for Authenticated Encryption algorithms, which SHALL use the functions defined in AE.

Implementations

impl Mac

pub fn init(&self, iv: &[u8])

Initialize a MAC opeartion. The The function should be called after the set_key.

Parameters

1. iv: Input buffer containing the operation Initialization Vector, if applicable

Panics

1. If the algorithm is not a valid algorithm for Mac.
2. If no key is programmed in the operation.
3. If the Initialization Vector does not have the length required by the algorithm.
4. Hardware or cryptographic algorithm failure.
5. If the Implementation detects any other error.

pub fn update(&self, chunk: &[u8])

Accumulate data for a MAC calculation.

Input data does not have to be a multiple of block size. Subsequent calls to this function are possible. Unless one or more calls of this function have supplied sufficient input data, no output is generated. The function should be called after the init.

Parameters

1. chunk: Chunk of the message to be MACed.

Panics

1. If the algorithm is not a valid algorithm for Mac.
2. If the function is called before init or after compute_final or after compare_final.
3. If chunk excceds maximum length for algorithm.
4. Hardware or cryptographic algorithm failure.
5. If the Implementation detects any other error.

pub fn compute_final(&self, message: &[u8], mac: &mut [u8]) -> Result<usize>

Finalize the MAC operation with a last chunk of message, and computes the MAC. Afterwards the operation handle can be reused or re-initialized with a new key. The operation SHALL be in active state and moves to initial state afterwards.

Parameters:

message: Input buffer containing a last message chunk to MAC mac: Output buffer filled with the computed MAC, the size should be allocated enough for containing the whole computed MAC

Example

let mut key: [u8; 20] = [
0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x30, 0x31, 0x32, 0x33, 0x34, 0x35,
0x36, 0x37, 0x38, 0x39, 0x30,];
let mut out: [u8; 20] = [0u8; 20];
match Mac::allocate(AlgorithmId::HmacSha1, key.len() * 8) {
    Err(e) => return Err(e),
    Ok(mac) => {
        match TransientObject::allocate(TransientObjectType::HmacSha1, key.len() * 8) {
        Err(e) => return Err(e),
        Ok(mut key_object) => {
            let attr = Attribute::from_ref(AttributeId::SecretValue, &key);
            key_object.populate(&[attr.into()])?;
            mac.set_key(&key_object)?;
        }
    }
    mac.init(&[0u8; 0]);
    mac.update(&[0u8; 8]);
    mac.compute_final(&[0u8; 0], &mut out)?;
}

Errors

1. ShortBuffer: If the output buffer is not large enough to contain the output.

Panics

1. If the algorithm is not a valid algorithm for Mac.
2. If the function is called before before init or after compute_final or after compare_final.
3. If input data exceeds maximum length for algorithm.
4. Hardware or cryptographic algorithm failure.
5. If the Implementation detects any other error.

pub fn compare_final(&self, message: &[u8], mac: &[u8]) -> Result<()>

Finalize the MAC operation and compares the MAC with the buffer passed to the function. Afterwards the operation handle can be reused or re-initialized with a new key. The operation SHALL be in active state and moves to initial state afterwards.

Parameters:

message: Input buffer containing a last message chunk to MAC mac: Input buffer containing the MAC to check

Errors

1. MacInvald: If the computed MAC does not correspond to the value passed in mac.

Panics

1. If the algorithm is not a valid algorithm for Mac.
2. If operation is not in active state.
3. If input data exceeds maximum length for algorithm.
4. Hardware or cryptographic algorithm failure.
5. If the Implementation detects any other error.

pub fn null() -> Self

Create a Mac operation without any specific algorithm or other data.

pub fn allocate(algo: AlgorithmId, max_key_size: usize) -> Result<Self>

Function usage is similar to Digest::allocate.

pub fn info(&self) -> OperationInfo

Function usage is similar to Digest::info.

pub fn info_multiple(
    &self,
    info_buf: &mut [u8]
) -> Result<OperationInfoMultiple>

Function usage is similar to Digest::info_multiple.

pub fn reset(&mut self)

Function usage is similar to Digest::reset.

pub fn set_key<T: ObjHandle>(&self, object: &T) -> Result<()>

Function usage is similar to Cipher::set_key.

pub fn copy<T: OpHandle>(&mut self, src: &T)

Function usage is similar to Digest::copy.

Trait Implementations

impl OpHandle for Mac

fn handle(&self) -> TEE_OperationHandle

Return the handle of an operation.