sys/psa_crypto: Add generic HMAC implementation #20758
Conversation
github-actions
bot
added
Area: doc
mguetschow
added
the
CI: ready for build
sys/psa_crypto/Makefile.dep
Outdated
| ifneq (,$(filter psa_mac_hmac_sha_512_backend_riot,$(USEMODULE))) | ||
| USEMODULE += psa_hash | ||
| USEMODULE += psa_hash_sha_512 | ||
| USEMODULE += psa_riot_mac_hmac_generic | ||
| endif |
There was a problem hiding this comment.
This is (obviously) still missing the logic for SHA-3 support. Will need to be added after #20698 is merged. Just leaving the note here to not forget about it.
There was a problem hiding this comment.
Yes, i should have mentioned that.
|
Thanks @Wer-Wolf for addressing all the comments, looks good to me from the implementation side. There are still some open change requests on @daria-gauster's test code, would someone of you mind addressing those too? |
|
I will take care of this too. |
daria-gauster
requested review from
leandrolanzieri,
aabadie and
MichelRottleuthner
as code owners
daria-gauster
force-pushed
the
generic_hmac_sha512_test
branch
from
408da13 to
4e1838c
Compare
|
Also the current test implementation fails on the CI: https://ci.riot-os.org/details/f921c2a1211244a0b9ee984ef457e915 I'd propose to mimic the other tests, then it should work. |
mguetschow
added
CI: full build
There was a problem hiding this comment.
Nice work on the tests as well! Just minor suggestions.
After updating the boards in the Makefile.ci that don't fit the test application anymore (CI is currently generating a list of compile failures), you may squash the commits together before a last round of review.
|
Ah, and now that #20698 has been merged, this one probably needs some updates to support SHA-3 as well. |
I suggest that this happens in a separate PR. |
|
Are the reworked tests ok? |
Sounds like a good idea to keep PRs small :) |
|
Feel free to squash the changes together for a hopefully last round of review :) |
Wer-Wolf
force-pushed
the
generic_hmac_sha512_test
branch
from
9024d0a to
c058591
Compare
|
I found some issues while working on the HMAC hardware acceleration. If the fixup commits are fine, then i can squash them into the other commits too. |
The PSA crypto specification states that when creating keys, the usage flags PSA_KEY_USAGE_SIGN_HASH/PSA_KEY_USAGE_VERIFY_HASH automatically set the usage flags PSA_KEY_USAGE_SIGN_MESSAGE/PSA_KEY_USAGE_VERIFY_MESSAGE on the key. Signed-off-by: Armin Wolf <W_Armin@gmx.de>
Prepare to support the multi-part MAC API by creating appropriate dispatchers for both algorithm and location backends. Since there are no supported backends at the moment, the dispatcher always returns PSA_ERROR_NOT_SUPPORTED for now. Signed-off-by: Armin Wolf <W_Armin@gmx.de>
The initial implementation was inspired by MbedTLS, with the addition of the MD2 and MD4 algorithms. Signed-off-by: Armin Wolf <W_Armin@gmx.de>
This support macro will be needed by the generic hmac implementation. Signed-off-by: Armin Wolf <W_Armin@gmx.de>
This additional macro will be used by the generic hmac implementation to calculate the size of the internal buffers. Signed-off-by: Armin Wolf <W_Armin@gmx.de>
Add a generic HMAC implementation based on the PSA hashing API. In order to support a specific HMAC algorithm, all what has to be implemented is a backend for the PSA hashing API. Signed-off-by: Armin Wolf <W_Armin@gmx.de>
The generic HMAC implementation can only be used by going through the dispatcher. Do the necessary wire-up so that applications using the PSA crypto API can use the generic HMAC implementation. Signed-off-by: Armin Wolf <W_Armin@gmx.de>
The old HMAC implementation only supported the SHA256 hashing algorithm and only implemented the single-part MAC function. Replace it with the generic HMAC implementation which supports all hashing algorithms and is already used for the multi-part MAC functions. A side effect of this commit is that the cryptocell HMAC implementation is not used anymore. This will be fixed in a later commit which introduces broad hardare-acceleration for HMAC. Signed-off-by: Armin Wolf <W_Armin@gmx.de>
Implement the PSA MAC verification API. Currently only the generic HMAC backend is available for MAC verification, but hardware-accelerated backends can be added later. Signed-off-by: Armin Wolf <W_Armin@gmx.de>
Add some documentation regarding the steps for adding support for new HMAC algorithms to the generic HMAC implementation. Signed-off-by: Armin Wolf <W_Armin@gmx.de>
Add tests for the generic HMAC implementation. Authored-by: Daria Zatokovenko <daria.zatokovenko@gmail.com> Signed-off-by: Armin Wolf <W_Armin@gmx.de>
Wer-Wolf
force-pushed
the
generic_hmac_sha512_test
branch
from
1d04cdf to
3606e9b
Compare
|
@Wer-Wolf what is your status on this one? I could benefit from PSA crypto support for HMAC soonish. If you don't have time right now, maybe give a short list of things that still need to be done to get this in? |
|
I am currently busy with my bachelor thesis, so i have little time for bringing this PR to mainline. We still need to:
|
Contribution description
This PR adds a generic HMAC implementation for the PSA crypto API. This HMAC implementation can work with all
hashing algorithms already supported by the PSA crypto API.
This means that in order to add support for a new HMAC algorithm, only the hashing algorithm implementation is necessary,
the rest will be handled by the generic HMAC.
In order to support the full PSA MAC API, this PR also adds support for the multi-part MAC API. It also removes support for hardware acceleration of the SHA-256 HMAC, since a full-fledged hardware acceleration is expected to be provided in the near future.
Last but not least, a unittest for the generic HMAC is provided.
Testing procedure
The
test-hashesunittest also tests the generic HMAC, so running those tests should be suitable to test the generic HMAC.This PR depends on #20698, and also depends on a follow-up PR which will reintroduce proper hardware acceleration.