// Copyright 2022 Google LLC // // Licensed under the Apache License, Version 2.0 (the "License"); // you may not use this file except in compliance with the License. // You may obtain a copy of the License at // // http://www.apache.org/licenses/LICENSE-2.0 // // Unless required by applicable law or agreed to in writing, software // distributed under the License is distributed on an "AS IS" BASIS, // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. // See the License for the specific language governing permissions and // limitations under the License. // /////////////////////////////////////////////////////////////////////////////// #ifndef TINK_CHUNKED_MAC_H_ #define TINK_CHUNKED_MAC_H_ #include #include #include "absl/strings/string_view.h" #include "tink/util/status.h" #include "tink/util/statusor.h" namespace crypto { namespace tink { // Interface for a single Chunked MAC computation. // // WARNING: Although implementations of this interface are thread-compatible, // they are not thread-safe. Thread-safety must be enforced by the caller. class ChunkedMacComputation { public: // Incrementally processes input `data` to update the internal state of the // MAC computation. Requires exclusive access. // // Note that the following two update sequences are equivalent (i.e., // arbitrary slicing of the input data is allowed): // 1. Update("ab"), Update("cd"), Update("ef") // 2. Update("abc"), Update("def") virtual util::Status Update(absl::string_view data) = 0; // Finalizes the MAC computation and returns the authentication tag. // After this method has been called, this object can no longer be used. // Requires exclusive access. virtual util::StatusOr ComputeMac() = 0; virtual ~ChunkedMacComputation() = default; }; // Interface for a single Chunked MAC verification. // // WARNING: Although implementations of this interface are thread-compatible, // they are not thread-safe. Thread-safety must be enforced by the caller. class ChunkedMacVerification { public: // Incrementally processes input `data` to update the internal state of the // MAC verification. Requires exclusive access. // // Note that the following two update sequences are equivalent (i.e., // arbitrary slicing of the input data is allowed): // 1. Update("ab"), Update("cd"), Update("ef") // 2. Update("abc"), Update("def") virtual util::Status Update(absl::string_view data) = 0; // Finalizes the MAC computation and returns OK if the tag is successfully // verified. Otherwise, returns an error status. After this method has been // called, this object can no longer be used. Requires exclusive access. virtual util::Status VerifyMac() = 0; virtual ~ChunkedMacVerification() = default; }; // Interface for Chunked MACs (Message Authentication Codes). // This interface should only be used for authentication. It should NOT // be used for other purposes (e.g., generating pseudorandom bytes). class ChunkedMac { public: // Creates an instance of a single Chunked MAC computation. Note that a // `ChunkedMac` object does not need to outlive the `ChunkedMacComputation` // objects that it creates. virtual util::StatusOr> CreateComputation() const = 0; // Creates an instance of a single Chunked MAC verification. Note that a // `ChunkedMac` object does not need to outlive the `ChunkedMacVerification` // objects that it creates. virtual util::StatusOr> CreateVerification(absl::string_view tag) const = 0; virtual ~ChunkedMac() = default; }; } // namespace tink } // namespace crypto #endif // TINK_CHUNKED_MAC_H_