Struct optee_utee::crypto_op::Mac

source ·

pub struct Mac(/* private fields */);

Expand description

An operation for performing MAC (Message Authentication Code) operations, such as HMAC or AES-CMAC operations. This operation is not used for Authenticated Encryption algorithms, which SHALL use the functions defined in AE.

Implementations§

source §

impl Mac

source

pub fn init(&self, iv: &[u8])

Initialize a MAC opeartion. The The function should be called after the set_key.

§Parameters

iv: Input buffer containing the operation Initialization Vector, if applicable

§Panics

If the algorithm is not a valid algorithm for Mac.
If no key is programmed in the operation.
If the Initialization Vector does not have the length required by the algorithm.
Hardware or cryptographic algorithm failure.
If the Implementation detects any other error.

source

pub fn update(&self, chunk: &[u8])

Accumulate data for a MAC calculation.

Input data does not have to be a multiple of block size. Subsequent calls to this function are possible. Unless one or more calls of this function have supplied sufficient input data, no output is generated. The function should be called after the init.

§Parameters

chunk: Chunk of the message to be MACed.

§Panics

If the algorithm is not a valid algorithm for Mac.
If the function is called before init or after compute_final or after compare_final.
If chunk excceds maximum length for algorithm.
Hardware or cryptographic algorithm failure.
If the Implementation detects any other error.

source

pub fn compute_final(&self, message: &[u8], mac: &mut [u8]) -> Result<usize>

Finalize the MAC operation with a last chunk of message, and computes the MAC. Afterwards the operation handle can be reused or re-initialized with a new key. The operation SHALL be in active state and moves to initial state afterwards.

§Parameters:

message: Input buffer containing a last message chunk to MAC mac: Output buffer filled with the computed MAC, the size should be allocated enough for containing the whole computed MAC

§Example

    TransientObject,
    TransientObjectType,
    Attribute,
    AttributeMemref,
    AttributeId,
    Mac,
    AlgorithmId,
};
let mut key: [u8; 20] = [
0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x30, 0x31, 0x32, 0x33, 0x34, 0x35,
0x36, 0x37, 0x38, 0x39, 0x30,];
let mut out: [u8; 20] = [0u8; 20];
match Mac::allocate(AlgorithmId::HmacSha1, key.len() * 8) {
    Err(e) => return Err(e),
    Ok(mac) => {
        match TransientObject::allocate(TransientObjectType::HmacSha1, key.len() * 8) {
            Err(e) => return Err(e),
            Ok(mut key_object) => {
                let attr = AttributeMemref::from_ref(AttributeId::SecretValue, &key);
                key_object.populate(&[attr.into()])?;
                mac.set_key(&key_object)?;
            }
        }
        mac.init(&[0u8; 0]);
        mac.update(&[0u8; 8]);
        mac.compute_final(&[0u8; 0], &mut out)?;
        Ok(())
    }
}

§Errors

ShortBuffer: If the output buffer is not large enough to contain the output.

§Panics

If the algorithm is not a valid algorithm for Mac.
If the function is called before before init or after compute_final or after compare_final.
If input data exceeds maximum length for algorithm.
Hardware or cryptographic algorithm failure.
If the Implementation detects any other error.

source

pub fn compare_final(&self, message: &[u8], mac: &[u8]) -> Result<()>

Finalize the MAC operation and compares the MAC with the buffer passed to the function. Afterwards the operation handle can be reused or re-initialized with a new key. The operation SHALL be in active state and moves to initial state afterwards.