10.3. Message authentication codes (MAC)

The single-part MAC functions are:

The psa_mac_operation_t multi-part operation allows messages to be processed in fragments. A multi-part MAC operation is used as follows:

  1. Initialize the psa_mac_operation_t object to zero, or by assigning the value of the associated macro PSA_MAC_OPERATION_INIT.
  2. Call psa_mac_sign_setup() or psa_mac_verify_setup() to specify the algorithm and key.
  3. Call the psa_mac_update() function on successive chunks of the message.
  4. At the end of the message, call the required finishing function:

To abort the operation or recover from an error, call psa_mac_abort().

10.3.1. MAC algorithms

PSA_ALG_HMAC (macro)

Macro to build an HMAC message-authentication-code algorithm from an underlying hash algorithm.

#define PSA_ALG_HMAC(hash_alg) /* specification-defined value */

Parameters

hash_alg
A hash algorithm: a value of type psa_algorithm_t such that PSA_ALG_IS_HASH(hash_alg) is true.

Returns

The corresponding HMAC algorithm.

Unspecified if hash_alg is not a supported hash algorithm.

Description

For example, PSA_ALG_HMAC(PSA_ALG_SHA_256) is HMAC-SHA-256.

The HMAC construction is defined in HMAC: Keyed-Hashing for Message Authentication [RFC2104].

Compatible key types

PSA_ALG_CBC_MAC (macro)

The CBC-MAC message-authentication-code algorithm, constructed over a block cipher.

#define PSA_ALG_CBC_MAC ((psa_algorithm_t)0x03c00100)

Warning

CBC-MAC is insecure in many cases. A more secure mode, such as PSA_ALG_CMAC, is recommended.

The CBC-MAC algorithm must be used with a key for a block cipher. For example, one of PSA_KEY_TYPE_AES.

CBC-MAC is defined as MAC Algorithm 1 in ISO/IEC 9797-1:2011 Information technology — Security techniques — Message Authentication Codes (MACs) — Part 1: Mechanisms using a block cipher [ISO9797].

Compatible key types

PSA_ALG_CMAC (macro)

The CMAC message-authentication-code algorithm, constructed over a block cipher.

#define PSA_ALG_CMAC ((psa_algorithm_t)0x03c00200)

The CMAC algorithm must be used with a key for a block cipher. For example, when used with a key with type PSA_KEY_TYPE_AES, the resulting operation is AES-CMAC.

CMAC is defined in NIST Special Publication 800-38B: Recommendation for Block Cipher Modes of Operation: the CMAC Mode for Authentication [SP800-38B].

Compatible key types

PSA_ALG_TRUNCATED_MAC (macro)

Macro to build a truncated MAC algorithm.

#define PSA_ALG_TRUNCATED_MAC(mac_alg, mac_length) \
    /* specification-defined value */

Parameters

mac_alg
A MAC algorithm: a value of type psa_algorithm_t such that PSA_ALG_IS_MAC(mac_alg) is true. This can be a truncated or untruncated MAC algorithm.
mac_length
Desired length of the truncated MAC in bytes. This must be at most the untruncated length of the MAC and must be at least an implementation-specified minimum. The implementation-specified minimum must not be zero.

Returns

The corresponding MAC algorithm with the specified length.

Unspecified if mac_alg is not a supported MAC algorithm or if mac_length is too small or too large for the specified MAC algorithm.

Description

A truncated MAC algorithm is identical to the corresponding MAC algorithm except that the MAC value for the truncated algorithm consists of only the first mac_length bytes of the MAC value for the untruncated algorithm.

Note

This macro might allow constructing algorithm identifiers that are not valid, either because the specified length is larger than the untruncated MAC or because the specified length is smaller than permitted by the implementation.

Note

It is implementation-defined whether a truncated MAC that is truncated to the same length as the MAC of the untruncated algorithm is considered identical to the untruncated algorithm for policy comparison purposes.

The untruncated MAC algorithm can be recovered using PSA_ALG_FULL_LENGTH_MAC().

Compatible key types

The resulting truncated MAC algorithm is compatible with the same key types as the MAC algorithm used to construct it.

PSA_ALG_FULL_LENGTH_MAC (macro)

Macro to construct the MAC algorithm with an untruncated MAC, from a truncated MAC algorithm.

#define PSA_ALG_FULL_LENGTH_MAC(mac_alg) /* specification-defined value */

Parameters

mac_alg
A MAC algorithm: a value of type psa_algorithm_t such that PSA_ALG_IS_MAC(mac_alg) is true. This can be a truncated or untruncated MAC algorithm.

Returns

The corresponding MAC algorithm with an untruncated MAC.

Unspecified if mac_alg is not a supported MAC algorithm.

Compatible key types

The resulting untruncated MAC algorithm is compatible with the same key types as the MAC algorithm used to construct it.

PSA_ALG_AT_LEAST_THIS_LENGTH_MAC (macro)

Macro to build a MAC minimum-MAC-length wildcard algorithm.

#define PSA_ALG_AT_LEAST_THIS_LENGTH_MAC(mac_alg, min_mac_length) \
    /* specification-defined value */

Parameters

mac_alg
A MAC algorithm: a value of type psa_algorithm_t such that PSA_ALG_IS_MAC(alg) is true. This can be a truncated or untruncated MAC algorithm.
min_mac_length
Desired minimum length of the message authentication code in bytes. This must be at most the untruncated length of the MAC and must be at least 1.

Returns

The corresponding MAC wildcard algorithm with the specified minimum MAC length.

Unspecified if mac_alg is not a supported MAC algorithm or if min_mac_length is less than 1 or too large for the specified MAC algorithm.

Description

A key with a minimum-MAC-length MAC wildcard algorithm as permitted algorithm policy can be used with all MAC algorithms sharing the same base algorithm, and where the (potentially truncated) MAC length of the specific algorithm is equal to or larger then the wildcard algorithm’s minimum MAC length.

Note

When setting the minimum required MAC length to less than the smallest MAC length allowed by the base algorithm, this effectively becomes an ‘any-MAC-length-allowed’ policy for that base algorithm.

The untruncated MAC algorithm can be recovered using PSA_ALG_FULL_LENGTH_MAC().

Compatible key types

The resulting wildcard MAC algorithm is compatible with the same key types as the MAC algorithm used to construct it.

10.3.2. Single-part MAC functions

psa_mac_compute (function)

Calculate the message authentication code (MAC) of a message.

psa_status_t psa_mac_compute(psa_key_id_t key,
                             psa_algorithm_t alg,
                             const uint8_t * input,
                             size_t input_length,
                             uint8_t * mac,
                             size_t mac_size,
                             size_t * mac_length);

Parameters

key
Identifier of the key to use for the operation. It must allow the usage PSA_KEY_USAGE_SIGN_MESSAGE.
alg
The MAC algorithm to compute: a value of type psa_algorithm_t such that PSA_ALG_IS_MAC(alg) is true.
input
Buffer containing the input message.
input_length
Size of the input buffer in bytes.
mac
Buffer where the MAC value is to be written.
mac_size

Size of the mac buffer in bytes. This must be appropriate for the selected algorithm and key:

  • The exact MAC size is PSA_MAC_LENGTH(key_type, key_bits, alg) where key_type and key_bits are attributes of the key used to compute the MAC.
  • PSA_MAC_MAX_SIZE evaluates to the maximum MAC size of any supported MAC algorithm.
mac_length
On success, the number of bytes that make up the MAC value.

Returns: psa_status_t

PSA_SUCCESS
Success. The first (*mac_length) bytes of mac contain the MAC value.
PSA_ERROR_BAD_STATE
The library requires initializing by a call to psa_crypto_init().
PSA_ERROR_INVALID_HANDLE
key is not a valid key identifier.
PSA_ERROR_NOT_PERMITTED
The key does not have the PSA_KEY_USAGE_SIGN_MESSAGE flag, or it does not permit the requested algorithm.
PSA_ERROR_BUFFER_TOO_SMALL
The size of the mac buffer is too small. PSA_MAC_LENGTH() or PSA_MAC_MAX_SIZE can be used to determine a sufficient buffer size.
PSA_ERROR_INVALID_ARGUMENT

The following conditions can result in this error:

  • alg is not a MAC algorithm.
  • key is not compatible with alg.
  • input_length is too large for alg.
PSA_ERROR_NOT_SUPPORTED

The following conditions can result in this error:

  • alg is not supported or is not a MAC algorithm.
  • key is not supported for use with alg.
  • input_length is too large for the implementation.
PSA_ERROR_INSUFFICIENT_MEMORY
PSA_ERROR_COMMUNICATION_FAILURE
PSA_ERROR_CORRUPTION_DETECTED
PSA_ERROR_STORAGE_FAILURE
PSA_ERROR_DATA_CORRUPT
PSA_ERROR_DATA_INVALID

Description

Note

To verify the MAC of a message against an expected value, use psa_mac_verify() instead. Beware that comparing integrity or authenticity data such as MAC values with a function such as memcmp() is risky because the time taken by the comparison might leak information about the MAC value which could allow an attacker to guess a valid MAC and thereby bypass security controls.

psa_mac_verify (function)

Calculate the MAC of a message and compare it with a reference value.

psa_status_t psa_mac_verify(psa_key_id_t key,
                            psa_algorithm_t alg,
                            const uint8_t * input,
                            size_t input_length,
                            const uint8_t * mac,
                            size_t mac_length);

Parameters

key
Identifier of the key to use for the operation. It must allow the usage PSA_KEY_USAGE_VERIFY_MESSAGE.
alg
The MAC algorithm to compute: a value of type psa_algorithm_t such that PSA_ALG_IS_MAC(alg) is true.
input
Buffer containing the input message.
input_length
Size of the input buffer in bytes.
mac
Buffer containing the expected MAC value.
mac_length
Size of the mac buffer in bytes.

Returns: psa_status_t

PSA_SUCCESS
Success. The expected MAC is identical to the actual MAC of the input.
PSA_ERROR_BAD_STATE
The library requires initializing by a call to psa_crypto_init().
PSA_ERROR_INVALID_HANDLE
key is not a valid key identifier.
PSA_ERROR_NOT_PERMITTED
The key does not have the PSA_KEY_USAGE_VERIFY_MESSAGE flag, or it does not permit the requested algorithm.
PSA_ERROR_INVALID_SIGNATURE
The calculated MAC of the message does not match the value in mac.
PSA_ERROR_INVALID_ARGUMENT

The following conditions can result in this error:

  • alg is not a MAC algorithm.
  • key is not compatible with alg.
  • input_length is too large for alg.
PSA_ERROR_NOT_SUPPORTED

The following conditions can result in this error:

  • alg is not supported or is not a MAC algorithm.
  • key is not supported for use with alg.
  • input_length is too large for the implementation.
PSA_ERROR_INSUFFICIENT_MEMORY
PSA_ERROR_COMMUNICATION_FAILURE
PSA_ERROR_CORRUPTION_DETECTED
PSA_ERROR_STORAGE_FAILURE
PSA_ERROR_DATA_CORRUPT
PSA_ERROR_DATA_INVALID

10.3.3. Multi-part MAC operations

psa_mac_operation_t (type)

The type of the state object for multi-part MAC operations.

typedef /* implementation-defined type */ psa_mac_operation_t;

Before calling any function on a MAC operation object, the application must initialize it by any of the following means:

This is an implementation-defined type. Applications that make assumptions about the content of this object will result in in implementation-specific behavior, and are non-portable.

PSA_MAC_OPERATION_INIT (macro)

This macro returns a suitable initializer for a MAC operation object of type psa_mac_operation_t.

#define PSA_MAC_OPERATION_INIT /* implementation-defined value */

psa_mac_operation_init (function)

Return an initial value for a MAC operation object.

psa_mac_operation_t psa_mac_operation_init(void);

Returns: psa_mac_operation_t

psa_mac_sign_setup (function)

Set up a multi-part MAC calculation operation.

psa_status_t psa_mac_sign_setup(psa_mac_operation_t * operation,
                                psa_key_id_t key,
                                psa_algorithm_t alg);

Parameters

operation
The operation object to set up. It must have been initialized as per the documentation for psa_mac_operation_t and not yet in use.
key
Identifier of the key to use for the operation. It must remain valid until the operation terminates. It must allow the usage PSA_KEY_USAGE_SIGN_MESSAGE.
alg
The MAC algorithm to compute: a value of type psa_algorithm_t such that PSA_ALG_IS_MAC(alg) is true.

Returns: psa_status_t

PSA_SUCCESS
Success.
PSA_ERROR_BAD_STATE

The following conditions can result in this error:

  • The operation state is not valid: it must be inactive.
  • The library requires initializing by a call to psa_crypto_init().
PSA_ERROR_INVALID_HANDLE
key is not a valid key identifier.
PSA_ERROR_NOT_PERMITTED
The key does not have the PSA_KEY_USAGE_SIGN_MESSAGE flag, or it does not permit the requested algorithm.
PSA_ERROR_INVALID_ARGUMENT

The following conditions can result in this error:

  • alg is not a MAC algorithm.
  • key is not compatible with alg.
PSA_ERROR_NOT_SUPPORTED

The following conditions can result in this error:

  • alg is not supported or is not a MAC algorithm.
  • key is not supported for use with alg.
PSA_ERROR_INSUFFICIENT_MEMORY
PSA_ERROR_COMMUNICATION_FAILURE
PSA_ERROR_CORRUPTION_DETECTED
PSA_ERROR_STORAGE_FAILURE
PSA_ERROR_DATA_CORRUPT
PSA_ERROR_DATA_INVALID

Description

This function sets up the calculation of the message authentication code (MAC) of a byte string. To verify the MAC of a message against an expected value, use psa_mac_verify_setup() instead.

The sequence of operations to calculate a MAC is as follows:

  1. Allocate an operation object which will be passed to all the functions listed here.
  2. Initialize the operation object with one of the methods described in the documentation for psa_mac_operation_t, e.g. PSA_MAC_OPERATION_INIT.
  3. Call psa_mac_sign_setup() to specify the algorithm and key.
  4. Call psa_mac_update() zero, one or more times, passing a fragment of the message each time. The MAC that is calculated is the MAC of the concatenation of these messages in order.
  5. At the end of the message, call psa_mac_sign_finish() to finish calculating the MAC value and retrieve it.

If an error occurs at any step after a call to psa_mac_sign_setup(), the operation will need to be reset by a call to psa_mac_abort(). The application can call psa_mac_abort() at any time after the operation has been initialized.

After a successful call to psa_mac_sign_setup(), the application must eventually terminate the operation through one of the following methods:

psa_mac_verify_setup (function)

Set up a multi-part MAC verification operation.

psa_status_t psa_mac_verify_setup(psa_mac_operation_t * operation,
                                  psa_key_id_t key,
                                  psa_algorithm_t alg);

Parameters

operation
The operation object to set up. It must have been initialized as per the documentation for psa_mac_operation_t and not yet in use.
key
Identifier of the key to use for the operation. It must remain valid until the operation terminates. It must allow the usage PSA_KEY_USAGE_VERIFY_MESSAGE.
alg
The MAC algorithm to compute: a value of type psa_algorithm_t such that PSA_ALG_IS_MAC(alg) is true.

Returns: psa_status_t

PSA_SUCCESS
Success.
PSA_ERROR_BAD_STATE

The following conditions can result in this error:

  • The operation state is not valid: it must be inactive.
  • The library requires initializing by a call to psa_crypto_init().
PSA_ERROR_INVALID_HANDLE
key is not a valid key identifier.
PSA_ERROR_NOT_PERMITTED
The key does not have the PSA_KEY_USAGE_VERIFY_MESSAGE flag, or it does not permit the requested algorithm.
PSA_ERROR_INVALID_ARGUMENT

The following conditions can result in this error:

  • alg is not a MAC algorithm.
  • key is not compatible with alg.
PSA_ERROR_NOT_SUPPORTED

The following conditions can result in this error:

  • alg is not supported or is not a MAC algorithm.
  • key is not supported for use with alg.
PSA_ERROR_INSUFFICIENT_MEMORY
PSA_ERROR_COMMUNICATION_FAILURE
PSA_ERROR_CORRUPTION_DETECTED
PSA_ERROR_STORAGE_FAILURE
PSA_ERROR_DATA_CORRUPT
PSA_ERROR_DATA_INVALID

Description

This function sets up the verification of the message authentication code (MAC) of a byte string against an expected value.

The sequence of operations to verify a MAC is as follows:

  1. Allocate an operation object which will be passed to all the functions listed here.
  2. Initialize the operation object with one of the methods described in the documentation for psa_mac_operation_t, e.g. PSA_MAC_OPERATION_INIT.
  3. Call psa_mac_verify_setup() to specify the algorithm and key.
  4. Call psa_mac_update() zero, one or more times, passing a fragment of the message each time. The MAC that is calculated is the MAC of the concatenation of these messages in order.
  5. At the end of the message, call psa_mac_verify_finish() to finish calculating the actual MAC of the message and verify it against the expected value.

If an error occurs at any step after a call to psa_mac_verify_setup(), the operation will need to be reset by a call to psa_mac_abort(). The application can call psa_mac_abort() at any time after the operation has been initialized.

After a successful call to psa_mac_verify_setup(), the application must eventually terminate the operation through one of the following methods:

psa_mac_update (function)

Add a message fragment to a multi-part MAC operation.

psa_status_t psa_mac_update(psa_mac_operation_t * operation,
                            const uint8_t * input,
                            size_t input_length);

Parameters

operation
Active MAC operation.
input
Buffer containing the message fragment to add to the MAC calculation.
input_length
Size of the input buffer in bytes.

Returns: psa_status_t

PSA_SUCCESS
Success.
PSA_ERROR_BAD_STATE

The following conditions can result in this error:

  • The operation state is not valid: it must be active.
  • The library requires initializing by a call to psa_crypto_init().
PSA_ERROR_INVALID_ARGUMENT
The total input for the operation is too large for the MAC algorithm.
PSA_ERROR_NOT_SUPPORTED
The total input for the operation is too large for the implementation.
PSA_ERROR_INSUFFICIENT_MEMORY
PSA_ERROR_COMMUNICATION_FAILURE
PSA_ERROR_CORRUPTION_DETECTED
PSA_ERROR_STORAGE_FAILURE
PSA_ERROR_DATA_CORRUPT
PSA_ERROR_DATA_INVALID

Description

The application must call psa_mac_sign_setup() or psa_mac_verify_setup() before calling this function.

If this function returns an error status, the operation enters an error state and must be aborted by calling psa_mac_abort().

psa_mac_sign_finish (function)

Finish the calculation of the MAC of a message.

psa_status_t psa_mac_sign_finish(psa_mac_operation_t * operation,
                                 uint8_t * mac,
                                 size_t mac_size,
                                 size_t * mac_length);

Parameters

operation
Active MAC operation.
mac
Buffer where the MAC value is to be written.
mac_size

Size of the mac buffer in bytes. This must be appropriate for the selected algorithm and key:

  • The exact MAC size is PSA_MAC_LENGTH(key_type, key_bits, alg) where key_type and key_bits are attributes of the key, and alg is the algorithm used to compute the MAC.
  • PSA_MAC_MAX_SIZE evaluates to the maximum MAC size of any supported MAC algorithm.
mac_length
On success, the number of bytes that make up the MAC value. This is always PSA_MAC_LENGTH(key_type, key_bits, alg) where key_type and key_bits are attributes of the key, and alg is the algorithm used to compute the MAC.

Returns: psa_status_t

PSA_SUCCESS
Success. The first (*mac_length) bytes of mac contain the MAC value.
PSA_ERROR_BAD_STATE

The following conditions can result in this error:

  • The operation state is not valid: it must be an active mac sign operation.
  • The library requires initializing by a call to psa_crypto_init().
PSA_ERROR_BUFFER_TOO_SMALL
The size of the mac buffer is too small. PSA_MAC_LENGTH() or PSA_MAC_MAX_SIZE can be used to determine a sufficient buffer size.
PSA_ERROR_INSUFFICIENT_MEMORY
PSA_ERROR_COMMUNICATION_FAILURE
PSA_ERROR_CORRUPTION_DETECTED
PSA_ERROR_STORAGE_FAILURE
PSA_ERROR_DATA_CORRUPT
PSA_ERROR_DATA_INVALID

Description

The application must call psa_mac_sign_setup() before calling this function. This function calculates the MAC of the message formed by concatenating the inputs passed to preceding calls to psa_mac_update().

When this function returns successfully, the operation becomes inactive. If this function returns an error status, the operation enters an error state and must be aborted by calling psa_mac_abort().

Warning

It is not recommended to use this function when a specific value is expected for the MAC. Call psa_mac_verify_finish() instead with the expected MAC value.

Comparing integrity or authenticity data such as MAC values with a function such as memcmp() is risky because the time taken by the comparison might leak information about the hashed data which could allow an attacker to guess a valid MAC and thereby bypass security controls.

psa_mac_verify_finish (function)

Finish the calculation of the MAC of a message and compare it with an expected value.

psa_status_t psa_mac_verify_finish(psa_mac_operation_t * operation,
                                   const uint8_t * mac,
                                   size_t mac_length);

Parameters

operation
Active MAC operation.
mac
Buffer containing the expected MAC value.
mac_length
Size of the mac buffer in bytes.

Returns: psa_status_t

PSA_SUCCESS
Success. The expected MAC is identical to the actual MAC of the message.
PSA_ERROR_BAD_STATE

The following conditions can result in this error:

  • The operation state is not valid: it must be an active mac verify operation.
  • The library requires initializing by a call to psa_crypto_init().
PSA_ERROR_INVALID_SIGNATURE
The calculated MAC of the message does not match the value in mac.
PSA_ERROR_INSUFFICIENT_MEMORY
PSA_ERROR_COMMUNICATION_FAILURE
PSA_ERROR_CORRUPTION_DETECTED
PSA_ERROR_STORAGE_FAILURE
PSA_ERROR_DATA_CORRUPT
PSA_ERROR_DATA_INVALID

Description

The application must call psa_mac_verify_setup() before calling this function. This function calculates the MAC of the message formed by concatenating the inputs passed to preceding calls to psa_mac_update(). It then compares the calculated MAC with the expected MAC passed as a parameter to this function.

When this function returns successfully, the operation becomes inactive. If this function returns an error status, the operation enters an error state and must be aborted by calling psa_mac_abort().

Note

Implementations must make the best effort to ensure that the comparison between the actual MAC and the expected MAC is performed in constant time.

psa_mac_abort (function)

Abort a MAC operation.

psa_status_t psa_mac_abort(psa_mac_operation_t * operation);

Parameters

operation
Initialized MAC operation.

Returns: psa_status_t

PSA_SUCCESS
Success. The operation object can now be discarded or reused.
PSA_ERROR_BAD_STATE
The library requires initializing by a call to psa_crypto_init().
PSA_ERROR_COMMUNICATION_FAILURE
PSA_ERROR_CORRUPTION_DETECTED

Description

Aborting an operation frees all associated resources except for the operation object itself. Once aborted, the operation object can be reused for another operation by calling psa_mac_sign_setup() or psa_mac_verify_setup() again.

This function can be called any time after the operation object has been initialized by one of the methods described in psa_mac_operation_t.

In particular, calling psa_mac_abort() after the operation has been terminated by a call to psa_mac_abort(), psa_mac_sign_finish() or psa_mac_verify_finish() is safe and has no effect.

10.3.4. Support macros

PSA_ALG_IS_HMAC (macro)

Whether the specified algorithm is an HMAC algorithm.

#define PSA_ALG_IS_HMAC(alg) /* specification-defined value */

Parameters

alg
An algorithm identifier: a value of type psa_algorithm_t.

Returns

1 if alg is an HMAC algorithm, 0 otherwise. This macro can return either 0 or 1 if alg is not a supported algorithm identifier.

Description

HMAC is a family of MAC algorithms that are based on a hash function.

PSA_ALG_IS_BLOCK_CIPHER_MAC (macro)

Whether the specified algorithm is a MAC algorithm based on a block cipher.

#define PSA_ALG_IS_BLOCK_CIPHER_MAC(alg) /* specification-defined value */

Parameters

alg
An algorithm identifier: a value of type psa_algorithm_t.

Returns

1 if alg is a MAC algorithm based on a block cipher, 0 otherwise. This macro can return either 0 or 1 if alg is not a supported algorithm identifier.

PSA_MAC_LENGTH (macro)

The size of the output of psa_mac_compute() and psa_mac_sign_finish(), in bytes.

#define PSA_MAC_LENGTH(key_type, key_bits, alg) \
    /* implementation-defined value */

Parameters

key_type
The type of the MAC key.
key_bits
The size of the MAC key in bits.
alg
A MAC algorithm: a value of type psa_algorithm_t such that PSA_ALG_IS_MAC(alg) is true.

Returns

The MAC length for the specified algorithm with the specified key parameters.

0 if the MAC algorithm is not recognized.

Either 0 or the correct length for a MAC algorithm that the implementation recognizes, but does not support.

Unspecified if the key parameters are not consistent with the algorithm.

Description

If the size of the MAC buffer is at least this large, it is guaranteed that psa_mac_compute() and psa_mac_sign_finish() will not fail due to an insufficient buffer size.

This is also the MAC length that psa_mac_verify() and psa_mac_verify_finish() expect.

See also PSA_MAC_MAX_SIZE.

PSA_MAC_MAX_SIZE (macro)

A sufficient buffer size for storing the MAC output by psa_mac_verify() and psa_mac_verify_finish(), for any of the supported key types and MAC algorithms.

#define PSA_MAC_MAX_SIZE /* implementation-defined value */

If the size of the MAC buffer is at least this large, it is guaranteed that psa_mac_verify() and psa_mac_verify_finish() will not fail due to an insufficient buffer size.

See also PSA_MAC_LENGTH().