1 // Copyright 2022 Google LLC 2 // 3 // Licensed under the Apache License, Version 2.0 (the "License"); 4 // you may not use this file except in compliance with the License. 5 // You may obtain a copy of the License at 6 // 7 // http://www.apache.org/licenses/LICENSE-2.0 8 // 9 // Unless required by applicable law or agreed to in writing, software 10 // distributed under the License is distributed on an "AS IS" BASIS, 11 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 // See the License for the specific language governing permissions and 13 // limitations under the License. 14 // 15 /////////////////////////////////////////////////////////////////////////////// 16 17 #ifndef TINK_CHUNKED_MAC_H_ 18 #define TINK_CHUNKED_MAC_H_ 19 20 #include <memory> 21 #include <string> 22 23 #include "absl/strings/string_view.h" 24 #include "tink/util/status.h" 25 #include "tink/util/statusor.h" 26 27 namespace crypto { 28 namespace tink { 29 30 // Interface for a single Chunked MAC computation. 31 // 32 // WARNING: Although implementations of this interface are thread-compatible, 33 // they are not thread-safe. Thread-safety must be enforced by the caller. 34 class ChunkedMacComputation { 35 public: 36 // Incrementally processes input `data` to update the internal state of the 37 // MAC computation. Requires exclusive access. 38 // 39 // Note that the following two update sequences are equivalent (i.e., 40 // arbitrary slicing of the input data is allowed): 41 // 1. Update("ab"), Update("cd"), Update("ef") 42 // 2. Update("abc"), Update("def") 43 virtual util::Status Update(absl::string_view data) = 0; 44 45 // Finalizes the MAC computation and returns the authentication tag. 46 // After this method has been called, this object can no longer be used. 47 // Requires exclusive access. 48 virtual util::StatusOr<std::string> ComputeMac() = 0; 49 50 virtual ~ChunkedMacComputation() = default; 51 }; 52 53 // Interface for a single Chunked MAC verification. 54 // 55 // WARNING: Although implementations of this interface are thread-compatible, 56 // they are not thread-safe. Thread-safety must be enforced by the caller. 57 class ChunkedMacVerification { 58 public: 59 // Incrementally processes input `data` to update the internal state of the 60 // MAC verification. Requires exclusive access. 61 // 62 // Note that the following two update sequences are equivalent (i.e., 63 // arbitrary slicing of the input data is allowed): 64 // 1. Update("ab"), Update("cd"), Update("ef") 65 // 2. Update("abc"), Update("def") 66 virtual util::Status Update(absl::string_view data) = 0; 67 68 // Finalizes the MAC computation and returns OK if the tag is successfully 69 // verified. Otherwise, returns an error status. After this method has been 70 // called, this object can no longer be used. Requires exclusive access. 71 virtual util::Status VerifyMac() = 0; 72 73 virtual ~ChunkedMacVerification() = default; 74 }; 75 76 // Interface for Chunked MACs (Message Authentication Codes). 77 // This interface should only be used for authentication. It should NOT 78 // be used for other purposes (e.g., generating pseudorandom bytes). 79 class ChunkedMac { 80 public: 81 // Creates an instance of a single Chunked MAC computation. Note that a 82 // `ChunkedMac` object does not need to outlive the `ChunkedMacComputation` 83 // objects that it creates. 84 virtual util::StatusOr<std::unique_ptr<ChunkedMacComputation>> 85 CreateComputation() const = 0; 86 87 // Creates an instance of a single Chunked MAC verification. Note that a 88 // `ChunkedMac` object does not need to outlive the `ChunkedMacVerification` 89 // objects that it creates. 90 virtual util::StatusOr<std::unique_ptr<ChunkedMacVerification>> 91 CreateVerification(absl::string_view tag) const = 0; 92 93 virtual ~ChunkedMac() = default; 94 }; 95 96 } // namespace tink 97 } // namespace crypto 98 99 #endif // TINK_CHUNKED_MAC_H_ 100