MCUX CLNS
MCUX Crypto Library Normal Secure
mcuxClMac_Functions

Defines all functions of mcuxClMac. More...

Functions

mcuxClMac_Status_Protected_t mcuxClMac_compute (mcuxClSession_Handle_t session, const mcuxClKey_Handle_t key, const mcuxClMac_Mode_t mode, const uint8_t *const in, uint32_t inSize, uint8_t *const mac)
 One-shot message authentication code (MAC) computation. More...
 
mcuxClMac_Status_Protected_t mcuxClMac_init (mcuxClSession_Handle_t session, mcuxClMac_Context_t *const context, const mcuxClKey_Handle_t key, const mcuxClMac_Mode_t mode)
 Initialization for a multipart MAC computation. More...
 
mcuxClMac_Status_Protected_t mcuxClMac_process (mcuxClSession_Handle_t session, mcuxClMac_Context_t *const context, const uint8_t *const in, uint32_t inSize)
 Data processing for a multipart MAC computation. More...
 
mcuxClMac_Status_Protected_t mcuxClMac_finish (mcuxClSession_Handle_t session, mcuxClMac_Context_t *const context, uint8_t *const mac)
 MAC generation for a multipart MAC computation. More...
 

Detailed Description

Defines all functions of mcuxClMac.

Function Documentation

◆ mcuxClMac_compute()

mcuxClMac_Status_Protected_t mcuxClMac_compute ( mcuxClSession_Handle_t  session,
const mcuxClKey_Handle_t  key,
const mcuxClMac_Mode_t  mode,
const uint8_t *const  in,
uint32_t  inSize,
uint8_t *const  mac 
)

One-shot message authentication code (MAC) computation.

This function performs a MAC computation in one shot. The algorithm to be used will be determined based on the key that is provided.

For example, to perform an AES MAC computation with a 128-bit key in CMAC mode on padded data, the following needs to be provided:

  • AES128 key
  • CMAC mode
  • Input data, size must be a multiple of the AES block size
  • Output data buffer, at least the size of a single AES block

If the selected mode mode is HMAC, i.e. mcuxClMac_Mode_HMAC_SHA2_256, the input buffer in will be modified by applying padding to it. The caller must ensure that the input buffer is large enough by determining its size using MCUXCLMAC_GET_HMAC_INPUTBUFFER_LENGTH on the data size inSize.

Also note that HMAC only works with keys loaded into coprocessor (see mcuxClKey for details).

Parameters
[in]session
[in]keyKey to be used to authenticate the data.
[in]modeMode that should be used during the MAC operation.
[in]inPointer to the input buffer that contains the data that needs to be authenticated.
[in]inSizeNumber of bytes of data in the in buffer.
[out]macPointer to the output buffer where the MAC needs to be written.
Returns
A code-flow protected error code (see Flow Protection API)
Return values
MCUXCLMAC_ERRORCODE_OKMac operation successful
MCUXCLMAC_ERRORCODE_ERRORError occurred during Mac operation
Examples
mcuxClMac_cmac_oneshot_example.c.

◆ mcuxClMac_init()

mcuxClMac_Status_Protected_t mcuxClMac_init ( mcuxClSession_Handle_t  session,
mcuxClMac_Context_t *const  context,
const mcuxClKey_Handle_t  key,
const mcuxClMac_Mode_t  mode 
)

Initialization for a multipart MAC computation.

This function performs the initialization of a context for a multipart MAC computation. The algorithm to be used will be determined based on the key that is provided.

This function should only be called once, as the first step for a multipart computation.

For example, to perform a multipart AES MAC computation with a 128-bit key in CMAC mode on padded data, the following needs to be provided in this step:

  • AES128 key
  • CMAC mode

The size of the context depends on the mode used (see mcuxClMac_MemoryConsumption).

See also
mcuxClMac_process
mcuxClMac_finish
Parameters
[in]session
[in]context
[in]keyKey to be used to MAC the data.
[in]modeMode that should be used during the MAC operation.
Returns
Status of the context initialization.

◆ mcuxClMac_process()

mcuxClMac_Status_Protected_t mcuxClMac_process ( mcuxClSession_Handle_t  session,
mcuxClMac_Context_t *const  context,
const uint8_t *const  in,
uint32_t  inSize 
)

Data processing for a multipart MAC computation.

This function performs the data processing for a multipart MAC computation.

This function can be called multiple times, after the multipart context initialization.

For example, to perform a multipart AES MAC computation with a 128-bit key in CMAC mode on padded data, the following needs to be provided in this step:

  • Input data, size must be a multiple of the AES block size

The size of the context depends on the mode used (see mcuxClMac_MemoryConsumption).

See also
mcuxClMac_init
mcuxClMac_finish
Parameters
[in]session
[in]context
[in]inPointer to the input buffer that contains the data that need to be processed.
[in]inSizeNumber of bytes of data in the in buffer.
Returns
A code-flow protected error code (see Flow Protection API)
Return values
MCUXCLMAC_ERRORCODE_OKMac operation successful
MCUXCLMAC_ERRORCODE_ERRORError occurred during Mac operation

◆ mcuxClMac_finish()

mcuxClMac_Status_Protected_t mcuxClMac_finish ( mcuxClSession_Handle_t  session,
mcuxClMac_Context_t *const  context,
uint8_t *const  mac 
)

MAC generation for a multipart MAC computation.

This function performs the final MAC generation step for a multipart MAC computation.

This function should only be called once, as the last step for a multipart computation.

For example, to perform a multipart AES MAC computation with a 128-bit key in CMAC mode on padded data, the following needs to be provided in this step:

  • Output data buffer, at least the size of a single AES block

The size of the context depends on the mode used (see mcuxClMac_MemoryConsumption).

See also
mcuxClMac_init
mcuxClMac_process
Parameters
[in]session
[in]context
[out]macPointer to the output buffer where the MAC needs to be written.
Returns
A code-flow protected error code (see Flow Protection API)
Return values
MCUXCLMAC_ERRORCODE_OKMac operation successful
MCUXCLMAC_ERRORCODE_ERRORError occurred during Mac operation