-
Notifications
You must be signed in to change notification settings - Fork 2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
sys/psa_crypto: Add generic HMAC implementation #20758
base: master
Are you sure you want to change the base?
Conversation
Prepare to support the multi-part MAC API by creating appropriate dispatchers for both algorithm and location backends. Since there are no supported backends at the moment, the dispatcher always returns PSA_ERROR_NOT_SUPPORTED for now. Signed-off-by: Armin Wolf <[email protected]>
The initial implementation was inspired by MbedTLS, with the addition of the MD2 and MD4 algorithms. Signed-off-by: Armin Wolf <[email protected]>
This support macro will be needed by the generic hmac implementation. Signed-off-by: Armin Wolf <[email protected]>
This additional macro will be used by the generic hmac implementation to calculate the size of the internal buffers. Signed-off-by: Armin Wolf <[email protected]>
Add a generic HMAC implementation based on the PSA hashing API. In order to support a specific HMAC algorithm, all what has to be implemented is a backend for the PSA hashing API. Signed-off-by: Armin Wolf <[email protected]>
The generic HMAC implementation can only be used by going through the dispatcher. Do the necessary wire-up so that applications using the PSA crypto API can use the generic HMAC implementation. Signed-off-by: Armin Wolf <[email protected]>
The old HMAC implementation only supported the SHA256 hashing algorithm and only implemented the single-part MAC function. Replace it with the generic HMAC implementation which supports all hashing algorithms and is already used for the multi-part MAC functions. A side effect of this commit is that the cryptocell HMAC implementation is not used anymore. This will be fixed in a later commit which introduces broad hardare-acceleration for HMAC. Signed-off-by: Armin Wolf <[email protected]>
Implement the PSA MAC verification API. Currently only the generic HMAC backend is available for MAC verification, but hardware-accelerated backends can be added later. Signed-off-by: Armin Wolf <[email protected]>
Add some documentation regarding the steps for adding support for new HMAC algorithms to the generic HMAC implementation. Signed-off-by: Armin Wolf <[email protected]>
Add tests for the generic HMAC implementation. Authored-by: Daria Zatokovenko <[email protected]> Signed-off-by: Armin Wolf <[email protected]>
Murdock results❌ FAILED 966e3ac fixup! /tests/sys/psa_crypto_mac: made tests compliant to coding conventions Build failures (1)
Artifacts |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thorough implementation, good coding style overall, well done! I have some comments inline below :)
sys/psa_crypto/Makefile.dep
Outdated
ifneq (,$(filter psa_mac_hmac_sha_512_backend_riot,$(USEMODULE))) | ||
USEMODULE += psa_hash | ||
USEMODULE += psa_hash_sha_512 | ||
USEMODULE += psa_riot_mac_hmac_generic | ||
endif |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is (obviously) still missing the logic for SHA-3 support. Will need to be added after #20698 is merged. Just leaving the note here to not forget about it.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yes, i should have mentioned that.
* Copyright (C) 2016 Martin Landsmann <[email protected]> | ||
* Copyright 2016 OTA keys S.A. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Please update the copyright accordingly.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Sorry for the wait, done.
for (size_t i = 0; i < str_length; i += 2) | ||
{ |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
for (size_t i = 0; i < str_length; i += 2) | |
{ | |
for (size_t i = 0; i < str_length; i += 2) { |
and in other places too (except for function definitions): https://github.com/RIOT-OS/RIOT/blob/master/CODING_CONVENTIONS.md#indentation-and-braces
/** | ||
* @brief Generates tests for hashes/sha512.h - generic hmac | ||
* | ||
* @return embUnit tests if successful, NULL if not. | ||
*/ | ||
Test *tests_hashes_sha512_hmac_tests(void); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We have all the other PSA crypto API tests below tests/sys/psa_crypto*
. To not bloat the unittests
binary too much, I would propose you move the tests to the already existing psa_crypto_mac
test.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Good point, I moved the tests to the existing psa_crypto_mac
test from unittests
.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This looks nice and it's a good idea to have a generic implementation.
I added a few comments :)
Signed-off-by: Armin Wolf <[email protected]>
…eric HMAC Signed-off-by: Armin Wolf <[email protected]>
Signed-off-by: Armin Wolf <[email protected]>
Moving the check of MODULE_PSA_RIOT_MAC_HMAC_GENERIC improves the clarity and makes it easier to add hardware acceleration support later. Signed-off-by: Armin Wolf <[email protected]>
Rename the generic HMAC function to signal that they are not part of the user-facing API. Signed-off-by: Armin Wolf <[email protected]>
Add comments to explain which steps the generic HMAC implementation takes to comply with RFC 2104. Signed-off-by: Armin Wolf <[email protected]>
When psa_generic_hmac_compute() is called, the caller wants to use the generic software-based HMAC implementation, so there is no need to call the dispatcher again. Signed-off-by: Armin Wolf <[email protected]>
Thanks @Wer-Wolf for addressing all the comments, looks good to me from the implementation side. There are still some open change requests on @daria-gauster's test code, would someone of you mind addressing those too? |
I will take care of this too. |
Co-authored-by: mguetschow <[email protected]>
Co-authored-by: mguetschow <[email protected]>
… psa_crypto_mac test
408da13
to
4e1838c
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Some more comments below :)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The changes to all files in tests/unittests
should not be needed anymore.
@@ -33,5 +33,4 @@ void tests_hashes(void) | |||
TESTS_RUN(tests_hashes_sha512_tests()); | |||
TESTS_RUN(tests_hashes_sha512_224_tests()); | |||
TESTS_RUN(tests_hashes_sha512_256_tests()); | |||
TESTS_RUN(tests_hashes_sha3_tests()); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Pretty sure you didn't mean to delete this?
/** | ||
* @brief Generates tests for hashes/sha3.h | ||
* | ||
* @return embUnit tests if successful, NULL if not. | ||
*/ | ||
Test *tests_hashes_sha3_tests(void); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
same here?
USEMODULE += psa_mac | ||
USEMODULE += hashes |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
USEMODULE += hashes |
should be automatically selected
@@ -1,12 +1,21 @@ | |||
include ../Makefile.sys_common | |||
|
|||
USEMODULE += embunit |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
USEMODULE += embunit |
I would prefer to keep your tests consistent with the existing ones and not use embUnit for them (simply replace TEST_ASSERT()
with the construction used in other tests).
USEMODULE += hashes | ||
USEMODULE += psa_hash | ||
|
||
USEMODULE += psa_riot_mac_hmac_generic |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
USEMODULE += psa_riot_mac_hmac_generic |
should be selected automatically, I guess
USEMODULE += psa_hash_sha_384 | ||
USEMODULE += psa_mac_hmac_sha_384 | ||
USEMODULE += psa_hash_sha_512 | ||
USEMODULE += psa_mac_hmac_sha_512 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
USEMODULE += psa_hash_sha_384 | |
USEMODULE += psa_mac_hmac_sha_384 | |
USEMODULE += psa_hash_sha_512 | |
USEMODULE += psa_mac_hmac_sha_512 | |
USEMODULE += psa_mac_hmac_sha_384 | |
USEMODULE += psa_mac_hmac_sha_512 |
same here
Also the current test implementation fails on the CI: https://ci.riot-os.org/details/f921c2a1211244a0b9ee984ef457e915 I'd propose to mimic the other tests, then it should work. |
Contribution description
This PR adds a generic HMAC implementation for the PSA crypto API. This HMAC implementation can work with all
hashing algorithms already supported by the PSA crypto API.
This means that in order to add support for a new HMAC algorithm, only the hashing algorithm implementation is necessary,
the rest will be handled by the generic HMAC.
In order to support the full PSA MAC API, this PR also adds support for the multi-part MAC API. It also removes support for hardware acceleration of the SHA-256 HMAC, since a full-fledged hardware acceleration is expected to be provided in the near future.
Last but not least, a unittest for the generic HMAC is provided.
Testing procedure
The
test-hashes
unittest also tests the generic HMAC, so running those tests should be suitable to test the generic HMAC.This PR depends on #20698, and also depends on a follow-up PR which will reintroduce proper hardware acceleration.