sys/psa_crypto: sha3 support

[Wunderbaeumchen99817]

Contribution description
This PR adds a new pseudomodule for using the existing sha3-hashings-algorithms in a simpler way.
More specific: It adds gluecode for the PSA Crypto API to access the RIOT implementation of SHA3.

Testing procedure
The corresponding tests are located in tests/sys/psa_crypto_hashes/example_sha3_glue.c

You can run them the following way:

1. go to tests/sys/psa_crypto_hashes/
2. run "make compile-commands"
3. run "make flash test"

Issues/PRs references
N/A

[Teufelchen1]

Cool! Could you clean up your commits?

[mguetschow]

Nice work! 🎉

Some rather minor suggestions for improvement below. Please add them first in separate commits and only squash/rebase after we've had a look at the new changes.

[mguetschow]

Would it make sense to have different psa modules for SHA3-256/384/512 or is the increase in code size if including all three per default negligible?

[Wunderbaeumchen99817]

@mguetschow The increase in code-size is indeed negligible since they are all based on the same keccak-code (which is the biggest part of the underlying code), which needs to be compiled anyway with every variant of the sha3 algorithm.

[mguetschow]

Okay, then it sounds reasonable to me to keep it as is. But maybe @Einhornhool has a different opinion and would argue in favor of consistency with the SHA-2 PSA modules?

[Einhornhool]

Hmm, for consistency it would be better to separate them. BUT we separated the SHA-2 modules for the purpose of being modular, since some hardware backends we saw only supported SHA-256 and we wanted to be able to build software backends for the others.
As far as I can see there's only one implementation for SHA-3 available (RIOT Hashes) which supports all three variants. So there's no need to build two different backends.

For me it would be totally fine to keep them together for now and only separate them once we integrate a backend that does not support all of them.
It would be good to document this, though.

Update: Just checked again and there are some other libraries with SHA-3 support. HACL also supports 256/384/512 and Cifra additionally supports 224. I don't see a reason to mix different software backends, though, so I think separation is only needed once we get a hardware accelerator that only supports a subset of them.

[benpicco]

I think separation is only needed once we get a hardware accelerator that only supports a subset of them.

but that would be an API change then

[Einhornhool]

I considered this and I agree. This would be an API change, which makes it more prone to errors.
Also it would require people who add drivers in the future to not only add wrappers, but also to change the module structure.
That makes it less friendly to develop.

I'm sorry for changing my mind now, but I think it would be better to keep the structure consistent with the other modules :)

[riot-ci]

Murdock results

✔️ PASSED

9b50202 sys/psa_crypto: added sha3 glue code

Success	Failures	Total	Runtime
10177	0	10178	16m:40s

Artifacts

• Documentation preview

[mguetschow]

Thanks for your fixups, I'm now happy with the changeset! You may rebase and squash everything together in one or two commits (in case you want to split implementation + test in separate commits).

[Wunderbaeumchen99817]

@mguetschow done :)

[mguetschow]

Thanks, nice work!