Rename psa_mac_{finish,verify} -> psa_mac_{sign,verify}_finish

Make function names for multipart operations more consistent (MAC
finish edition).
This commit is contained in:
Gilles Peskine 2018-07-08 19:56:25 +02:00 committed by itayzafrir
parent da8191d1cd
commit acd4be36fa
4 changed files with 34 additions and 31 deletions

View file

@ -1345,8 +1345,8 @@ typedef struct psa_mac_operation_s psa_mac_operation_t;
* -# Call psa_mac_update() zero, one or more times, passing a fragment
* of the message each time. The MAC that is calculated is the MAC
* of the concatenation of these messages in order.
* -# To calculate the MAC, call psa_mac_finish().
* To compare the MAC with an expected value, call psa_mac_verify().
* -# To calculate the MAC, call psa_mac_sign_finish().
* To compare the MAC with an expected value, call psa_mac_verify_finish().
*
* The application may call psa_mac_abort() at any time after the operation
* has been initialized with psa_mac_start().
@ -1355,7 +1355,8 @@ typedef struct psa_mac_operation_s psa_mac_operation_t;
* eventually terminate the operation. The following events terminate an
* operation:
* - A failed call to psa_mac_update().
* - A call to psa_mac_finish(), psa_mac_verify() or psa_mac_abort().
* - A call to psa_mac_sign_finish(), psa_mac_verify_finish() or
* psa_mac_abort().
*
* \param operation The operation object to use.
* \param key Slot containing the key to use for the operation.
@ -1383,14 +1384,14 @@ psa_status_t psa_mac_update(psa_mac_operation_t *operation,
const uint8_t *input,
size_t input_length);
psa_status_t psa_mac_finish(psa_mac_operation_t *operation,
uint8_t *mac,
size_t mac_size,
size_t *mac_length);
psa_status_t psa_mac_sign_finish(psa_mac_operation_t *operation,
uint8_t *mac,
size_t mac_size,
size_t *mac_length);
psa_status_t psa_mac_verify(psa_mac_operation_t *operation,
const uint8_t *mac,
size_t mac_length);
psa_status_t psa_mac_verify_finish(psa_mac_operation_t *operation,
const uint8_t *mac,
size_t mac_length);
psa_status_t psa_mac_abort(psa_mac_operation_t *operation);

View file

@ -142,9 +142,9 @@
/** The size of the output of psa_mac_finish(), in bytes.
/** The size of the output of psa_mac_sign_finish(), in bytes.
*
* This is also the MAC size that psa_mac_verify() expects.
* This is also the MAC size that psa_mac_verify_finish() expects.
*
* \param key_type The type of the MAC key.
* \param key_bits The size of the MAC key in bits.

View file

@ -1483,8 +1483,8 @@ psa_status_t psa_mac_start( psa_mac_operation_t *operation,
/* Since this function is called identically for a sign or verify
* operation, we don't know yet whether the operation is permitted.
* Store the part of the key policy that we can't check in the
* operation structure. psa_mac_finish() or psa_mac_verify() will
* check that remaining part. */
* operation structure. psa_mac_sign_finish() or psa_mac_verify_finish()
* will check that remaining part. */
if( ( slot->policy.usage & PSA_KEY_USAGE_SIGN ) != 0 )
operation->key_usage_sign = 1;
if( ( slot->policy.usage & PSA_KEY_USAGE_VERIFY ) != 0 )
@ -1671,10 +1671,10 @@ cleanup:
}
}
psa_status_t psa_mac_finish( psa_mac_operation_t *operation,
uint8_t *mac,
size_t mac_size,
size_t *mac_length )
psa_status_t psa_mac_sign_finish( psa_mac_operation_t *operation,
uint8_t *mac,
size_t mac_size,
size_t *mac_length )
{
if( ! operation->key_usage_sign )
return( PSA_ERROR_NOT_PERMITTED );
@ -1683,9 +1683,9 @@ psa_status_t psa_mac_finish( psa_mac_operation_t *operation,
mac_size, mac_length ) );
}
psa_status_t psa_mac_verify( psa_mac_operation_t *operation,
const uint8_t *mac,
size_t mac_length )
psa_status_t psa_mac_verify_finish( psa_mac_operation_t *operation,
const uint8_t *mac,
size_t mac_length )
{
uint8_t actual_mac[PSA_MAC_MAX_SIZE];
size_t actual_mac_length;

View file

@ -141,9 +141,9 @@ static int exercise_mac_key( psa_key_slot_t key,
TEST_ASSERT( psa_mac_start( &operation, key, alg ) == PSA_SUCCESS );
TEST_ASSERT( psa_mac_update( &operation,
input, sizeof( input ) ) == PSA_SUCCESS );
TEST_ASSERT( psa_mac_finish( &operation,
mac, sizeof( input ),
&mac_length ) == PSA_SUCCESS );
TEST_ASSERT( psa_mac_sign_finish( &operation,
mac, sizeof( input ),
&mac_length ) == PSA_SUCCESS );
}
if( usage & PSA_KEY_USAGE_VERIFY )
@ -155,7 +155,9 @@ static int exercise_mac_key( psa_key_slot_t key,
TEST_ASSERT( psa_mac_start( &operation, key, alg ) == PSA_SUCCESS );
TEST_ASSERT( psa_mac_update( &operation,
input, sizeof( input ) ) == PSA_SUCCESS );
TEST_ASSERT( psa_mac_verify( &operation, mac, mac_length ) == verify_status );
TEST_ASSERT( psa_mac_verify_finish( &operation,
mac,
mac_length ) == verify_status );
}
return( 1 );
@ -747,8 +749,8 @@ void mac_key_policy( int policy_usage,
status = psa_mac_start( &operation, key_slot, exercise_alg );
if( status == PSA_SUCCESS )
status = psa_mac_finish( &operation,
mac, sizeof( mac ), &output_length );
status = psa_mac_sign_finish( &operation,
mac, sizeof( mac ), &output_length );
if( policy_alg == exercise_alg &&
( policy_usage & PSA_KEY_USAGE_SIGN ) != 0 )
TEST_ASSERT( status == PSA_SUCCESS );
@ -759,7 +761,7 @@ void mac_key_policy( int policy_usage,
memset( mac, 0, sizeof( mac ) );
status = psa_mac_start( &operation, key_slot, exercise_alg );
if( status == PSA_SUCCESS )
status = psa_mac_verify( &operation, mac, sizeof( mac ) );
status = psa_mac_verify_finish( &operation, mac, sizeof( mac ) );
if( policy_alg == exercise_alg &&
( policy_usage & PSA_KEY_USAGE_VERIFY ) != 0 )
TEST_ASSERT( status == PSA_ERROR_INVALID_SIGNATURE );
@ -1198,9 +1200,9 @@ void mac_verify( int key_type_arg,
TEST_ASSERT( psa_destroy_key( key_slot ) == PSA_SUCCESS );
TEST_ASSERT( psa_mac_update( &operation,
input->x, input->len ) == PSA_SUCCESS );
TEST_ASSERT( psa_mac_verify( &operation,
expected_mac->x,
expected_mac->len ) == PSA_SUCCESS );
TEST_ASSERT( psa_mac_verify_finish( &operation,
expected_mac->x,
expected_mac->len ) == PSA_SUCCESS );
exit:
psa_destroy_key( key_slot );