sys/psa_crypto: Add generic HMAC implementation #20758
Open
Commits on Aug 22, 2024
-
sys/psa_crypto: Fix missing usage flags when creating new keys
The PSA crypto specification states that when creating keys, the usage flags PSA_KEY_USAGE_SIGN_HASH/PSA_KEY_USAGE_VERIFY_HASH automatically set the usage flags PSA_KEY_USAGE_SIGN_MESSAGE/PSA_KEY_USAGE_VERIFY_MESSAGE on the key. Signed-off-by: Armin Wolf <W_Armin@gmx.de>
-
sys/psa_crypto: Wire-up multi-part MAC dispatcher
Prepare to support the multi-part MAC API by creating appropriate dispatchers for both algorithm and location backends. Since there are no supported backends at the moment, the dispatcher always returns PSA_ERROR_NOT_SUPPORTED for now. Signed-off-by: Armin Wolf <W_Armin@gmx.de>
-
sys/psa_crypto: Implement PSA_HASH_BLOCK_LENGTH()
The initial implementation was inspired by MbedTLS, with the addition of the MD2 and MD4 algorithms. Signed-off-by: Armin Wolf <W_Armin@gmx.de>
-
sys/psa_crypto: Implement PSA_MAC_MAX_SIZE()
This support macro will be needed by the generic hmac implementation. Signed-off-by: Armin Wolf <W_Armin@gmx.de>
-
sys/psa_crypto: Add PSA_HMAC_BLOCK_MAX_SIZE()
This additional macro will be used by the generic hmac implementation to calculate the size of the internal buffers. Signed-off-by: Armin Wolf <W_Armin@gmx.de>
-
sys/psa_crypto: Add generic HMAC implementation
Add a generic HMAC implementation based on the PSA hashing API. In order to support a specific HMAC algorithm, all what has to be implemented is a backend for the PSA hashing API. Signed-off-by: Armin Wolf <W_Armin@gmx.de>
-
sys/psa_crypto: Wire-up generic HMAC with the dispatcher
The generic HMAC implementation can only be used by going through the dispatcher. Do the necessary wire-up so that applications using the PSA crypto API can use the generic HMAC implementation. Signed-off-by: Armin Wolf <W_Armin@gmx.de>
-
sys/psa_crypto: Replace old SHA256 HMAC implemenation with generic HMAC
The old HMAC implementation only supported the SHA256 hashing algorithm and only implemented the single-part MAC function. Replace it with the generic HMAC implementation which supports all hashing algorithms and is already used for the multi-part MAC functions. A side effect of this commit is that the cryptocell HMAC implementation is not used anymore. This will be fixed in a later commit which introduces broad hardare-acceleration for HMAC. Signed-off-by: Armin Wolf <W_Armin@gmx.de>
-
sys/psa_crypto: Implement psa_mac_verify()
Implement the PSA MAC verification API. Currently only the generic HMAC backend is available for MAC verification, but hardware-accelerated backends can be added later. Signed-off-by: Armin Wolf <W_Armin@gmx.de>
-
sys/psa_crypto: Document the generic HMAC implementation
Add some documentation regarding the steps for adding support for new HMAC algorithms to the generic HMAC implementation. Signed-off-by: Armin Wolf <W_Armin@gmx.de>
-
tests/sys/psa_crypto_mac: Add tests for generic HMAC implementations
Add tests for the generic HMAC implementation. Authored-by: Daria Zatokovenko <daria.zatokovenko@gmail.com> Signed-off-by: Armin Wolf <W_Armin@gmx.de>
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.