From acd4be36faff4bd0f774fae95a7ee39853a84dc9 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Sun, 8 Jul 2018 19:56:25 +0200 Subject: [PATCH] Rename psa_mac_{finish,verify} -> psa_mac_{sign,verify}_finish Make function names for multipart operations more consistent (MAC finish edition). --- include/psa/crypto.h | 21 ++++++++++---------- include/psa/crypto_sizes.h | 4 ++-- library/psa_crypto.c | 18 ++++++++--------- tests/suites/test_suite_psa_crypto.function | 22 +++++++++++---------- 4 files changed, 34 insertions(+), 31 deletions(-) diff --git a/include/psa/crypto.h b/include/psa/crypto.h index 1ee403cf7..957385916 100644 --- a/include/psa/crypto.h +++ b/include/psa/crypto.h @@ -1345,8 +1345,8 @@ typedef struct psa_mac_operation_s psa_mac_operation_t; * -# Call psa_mac_update() zero, one or more times, passing a fragment * of the message each time. The MAC that is calculated is the MAC * of the concatenation of these messages in order. - * -# To calculate the MAC, call psa_mac_finish(). - * To compare the MAC with an expected value, call psa_mac_verify(). + * -# To calculate the MAC, call psa_mac_sign_finish(). + * To compare the MAC with an expected value, call psa_mac_verify_finish(). * * The application may call psa_mac_abort() at any time after the operation * has been initialized with psa_mac_start(). @@ -1355,7 +1355,8 @@ typedef struct psa_mac_operation_s psa_mac_operation_t; * eventually terminate the operation. The following events terminate an * operation: * - A failed call to psa_mac_update(). - * - A call to psa_mac_finish(), psa_mac_verify() or psa_mac_abort(). + * - A call to psa_mac_sign_finish(), psa_mac_verify_finish() or + * psa_mac_abort(). * * \param operation The operation object to use. * \param key Slot containing the key to use for the operation. @@ -1383,14 +1384,14 @@ psa_status_t psa_mac_update(psa_mac_operation_t *operation, const uint8_t *input, size_t input_length); -psa_status_t psa_mac_finish(psa_mac_operation_t *operation, - uint8_t *mac, - size_t mac_size, - size_t *mac_length); +psa_status_t psa_mac_sign_finish(psa_mac_operation_t *operation, + uint8_t *mac, + size_t mac_size, + size_t *mac_length); -psa_status_t psa_mac_verify(psa_mac_operation_t *operation, - const uint8_t *mac, - size_t mac_length); +psa_status_t psa_mac_verify_finish(psa_mac_operation_t *operation, + const uint8_t *mac, + size_t mac_length); psa_status_t psa_mac_abort(psa_mac_operation_t *operation); diff --git a/include/psa/crypto_sizes.h b/include/psa/crypto_sizes.h index 80b2f9d62..574d3e55c 100644 --- a/include/psa/crypto_sizes.h +++ b/include/psa/crypto_sizes.h @@ -142,9 +142,9 @@ -/** The size of the output of psa_mac_finish(), in bytes. +/** The size of the output of psa_mac_sign_finish(), in bytes. * - * This is also the MAC size that psa_mac_verify() expects. + * This is also the MAC size that psa_mac_verify_finish() expects. * * \param key_type The type of the MAC key. * \param key_bits The size of the MAC key in bits. diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 76e1a68e5..4c42d61e0 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -1483,8 +1483,8 @@ psa_status_t psa_mac_start( psa_mac_operation_t *operation, /* Since this function is called identically for a sign or verify * operation, we don't know yet whether the operation is permitted. * Store the part of the key policy that we can't check in the - * operation structure. psa_mac_finish() or psa_mac_verify() will - * check that remaining part. */ + * operation structure. psa_mac_sign_finish() or psa_mac_verify_finish() + * will check that remaining part. */ if( ( slot->policy.usage & PSA_KEY_USAGE_SIGN ) != 0 ) operation->key_usage_sign = 1; if( ( slot->policy.usage & PSA_KEY_USAGE_VERIFY ) != 0 ) @@ -1671,10 +1671,10 @@ cleanup: } } -psa_status_t psa_mac_finish( psa_mac_operation_t *operation, - uint8_t *mac, - size_t mac_size, - size_t *mac_length ) +psa_status_t psa_mac_sign_finish( psa_mac_operation_t *operation, + uint8_t *mac, + size_t mac_size, + size_t *mac_length ) { if( ! operation->key_usage_sign ) return( PSA_ERROR_NOT_PERMITTED ); @@ -1683,9 +1683,9 @@ psa_status_t psa_mac_finish( psa_mac_operation_t *operation, mac_size, mac_length ) ); } -psa_status_t psa_mac_verify( psa_mac_operation_t *operation, - const uint8_t *mac, - size_t mac_length ) +psa_status_t psa_mac_verify_finish( psa_mac_operation_t *operation, + const uint8_t *mac, + size_t mac_length ) { uint8_t actual_mac[PSA_MAC_MAX_SIZE]; size_t actual_mac_length; diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function index 438b7219f..fcab07bc3 100644 --- a/tests/suites/test_suite_psa_crypto.function +++ b/tests/suites/test_suite_psa_crypto.function @@ -141,9 +141,9 @@ static int exercise_mac_key( psa_key_slot_t key, TEST_ASSERT( psa_mac_start( &operation, key, alg ) == PSA_SUCCESS ); TEST_ASSERT( psa_mac_update( &operation, input, sizeof( input ) ) == PSA_SUCCESS ); - TEST_ASSERT( psa_mac_finish( &operation, - mac, sizeof( input ), - &mac_length ) == PSA_SUCCESS ); + TEST_ASSERT( psa_mac_sign_finish( &operation, + mac, sizeof( input ), + &mac_length ) == PSA_SUCCESS ); } if( usage & PSA_KEY_USAGE_VERIFY ) @@ -155,7 +155,9 @@ static int exercise_mac_key( psa_key_slot_t key, TEST_ASSERT( psa_mac_start( &operation, key, alg ) == PSA_SUCCESS ); TEST_ASSERT( psa_mac_update( &operation, input, sizeof( input ) ) == PSA_SUCCESS ); - TEST_ASSERT( psa_mac_verify( &operation, mac, mac_length ) == verify_status ); + TEST_ASSERT( psa_mac_verify_finish( &operation, + mac, + mac_length ) == verify_status ); } return( 1 ); @@ -747,8 +749,8 @@ void mac_key_policy( int policy_usage, status = psa_mac_start( &operation, key_slot, exercise_alg ); if( status == PSA_SUCCESS ) - status = psa_mac_finish( &operation, - mac, sizeof( mac ), &output_length ); + status = psa_mac_sign_finish( &operation, + mac, sizeof( mac ), &output_length ); if( policy_alg == exercise_alg && ( policy_usage & PSA_KEY_USAGE_SIGN ) != 0 ) TEST_ASSERT( status == PSA_SUCCESS ); @@ -759,7 +761,7 @@ void mac_key_policy( int policy_usage, memset( mac, 0, sizeof( mac ) ); status = psa_mac_start( &operation, key_slot, exercise_alg ); if( status == PSA_SUCCESS ) - status = psa_mac_verify( &operation, mac, sizeof( mac ) ); + status = psa_mac_verify_finish( &operation, mac, sizeof( mac ) ); if( policy_alg == exercise_alg && ( policy_usage & PSA_KEY_USAGE_VERIFY ) != 0 ) TEST_ASSERT( status == PSA_ERROR_INVALID_SIGNATURE ); @@ -1198,9 +1200,9 @@ void mac_verify( int key_type_arg, TEST_ASSERT( psa_destroy_key( key_slot ) == PSA_SUCCESS ); TEST_ASSERT( psa_mac_update( &operation, input->x, input->len ) == PSA_SUCCESS ); - TEST_ASSERT( psa_mac_verify( &operation, - expected_mac->x, - expected_mac->len ) == PSA_SUCCESS ); + TEST_ASSERT( psa_mac_verify_finish( &operation, + expected_mac->x, + expected_mac->len ) == PSA_SUCCESS ); exit: psa_destroy_key( key_slot );