sys/psa_crypto: Add generic HMAC implementation #20758
Conversation
Prepare to support the multi-part MAC API by creating appropriate dispatchers for both algorithm and location backends. Since there are no supported backends at the moment, the dispatcher always returns PSA_ERROR_NOT_SUPPORTED for now. Signed-off-by: Armin Wolf <[email protected]>
The initial implementation was inspired by MbedTLS, with the addition of the MD2 and MD4 algorithms. Signed-off-by: Armin Wolf <[email protected]>
This support macro will be needed by the generic hmac implementation. Signed-off-by: Armin Wolf <[email protected]>
This additional macro will be used by the generic hmac implementation to calculate the size of the internal buffers. Signed-off-by: Armin Wolf <[email protected]>
Add a generic HMAC implementation based on the PSA hashing API. In order to support a specific HMAC algorithm, all what has to be implemented is a backend for the PSA hashing API. Signed-off-by: Armin Wolf <[email protected]>
The generic HMAC implementation can only be used by going through the dispatcher. Do the necessary wire-up so that applications using the PSA crypto API can use the generic HMAC implementation. Signed-off-by: Armin Wolf <[email protected]>
The old HMAC implementation only supported the SHA256 hashing algorithm and only implemented the single-part MAC function. Replace it with the generic HMAC implementation which supports all hashing algorithms and is already used for the multi-part MAC functions. A side effect of this commit is that the cryptocell HMAC implementation is not used anymore. This will be fixed in a later commit which introduces broad hardare-acceleration for HMAC. Signed-off-by: Armin Wolf <[email protected]>
Implement the PSA MAC verification API. Currently only the generic HMAC backend is available for MAC verification, but hardware-accelerated backends can be added later. Signed-off-by: Armin Wolf <[email protected]>
Add some documentation regarding the steps for adding support for new HMAC algorithms to the generic HMAC implementation. Signed-off-by: Armin Wolf <[email protected]>
Add tests for the generic HMAC implementation. Authored-by: Daria Zatokovenko <[email protected]> Signed-off-by: Armin Wolf <[email protected]>
github-actions
bot
added
Area: doc
mguetschow
added
the
CI: ready for build
Murdock results❌ FAILED 966e3ac fixup! /tests/sys/psa_crypto_mac: made tests compliant to coding conventions Build failures (1)
Artifacts |
sys/psa_crypto/Makefile.dep
Outdated
| ifneq (,$(filter psa_mac_hmac_sha_512_backend_riot,$(USEMODULE))) | ||
| USEMODULE += psa_hash | ||
| USEMODULE += psa_hash_sha_512 | ||
| USEMODULE += psa_riot_mac_hmac_generic | ||
| endif |
There was a problem hiding this comment.
This is (obviously) still missing the logic for SHA-3 support. Will need to be added after #20698 is merged. Just leaving the note here to not forget about it.
There was a problem hiding this comment.
Yes, i should have mentioned that.
| * Copyright (C) 2016 Martin Landsmann <[email protected]> | ||
| * Copyright 2016 OTA keys S.A. |
There was a problem hiding this comment.
Please update the copyright accordingly.
| for (size_t i = 0; i < str_length; i += 2) | ||
| { |
There was a problem hiding this comment.
| for (size_t i = 0; i < str_length; i += 2) | |
| { | |
| for (size_t i = 0; i < str_length; i += 2) { |
and in other places too (except for function definitions): https://github.com/RIOT-OS/RIOT/blob/master/CODING_CONVENTIONS.md#indentation-and-braces
| /** | ||
| * @brief Generates tests for hashes/sha512.h - generic hmac | ||
| * | ||
| * @return embUnit tests if successful, NULL if not. | ||
| */ | ||
| Test *tests_hashes_sha512_hmac_tests(void); |
There was a problem hiding this comment.
We have all the other PSA crypto API tests below tests/sys/psa_crypto*. To not bloat the unittests binary too much, I would propose you move the tests to the already existing psa_crypto_mac test.
There was a problem hiding this comment.
Good point, I moved the tests to the existing psa_crypto_mac test from unittests.
Signed-off-by: Armin Wolf <[email protected]>
…eric HMAC Signed-off-by: Armin Wolf <[email protected]>
Signed-off-by: Armin Wolf <[email protected]>
Moving the check of MODULE_PSA_RIOT_MAC_HMAC_GENERIC improves the clarity and makes it easier to add hardware acceleration support later. Signed-off-by: Armin Wolf <[email protected]>
Rename the generic HMAC function to signal that they are not part of the user-facing API. Signed-off-by: Armin Wolf <[email protected]>
Add comments to explain which steps the generic HMAC implementation takes to comply with RFC 2104. Signed-off-by: Armin Wolf <[email protected]>
When psa_generic_hmac_compute() is called, the caller wants to use the generic software-based HMAC implementation, so there is no need to call the dispatcher again. Signed-off-by: Armin Wolf <[email protected]>
|
Thanks @Wer-Wolf for addressing all the comments, looks good to me from the implementation side. There are still some open change requests on @daria-gauster's test code, would someone of you mind addressing those too? |
|
I will take care of this too. |
Co-authored-by: mguetschow <[email protected]>
Co-authored-by: mguetschow <[email protected]>
daria-gauster
requested review from
leandrolanzieri,
aabadie and
MichelRottleuthner
as code owners
… psa_crypto_mac test
daria-gauster
force-pushed
the
generic_hmac_sha512_test
branch
from
408da13
to
4e1838c
Compare
There was a problem hiding this comment.
The changes to all files in tests/unittests should not be needed anymore.
| @@ -33,5 +33,4 @@ void tests_hashes(void) | |||
| TESTS_RUN(tests_hashes_sha512_tests()); | |||
| TESTS_RUN(tests_hashes_sha512_224_tests()); | |||
| TESTS_RUN(tests_hashes_sha512_256_tests()); | |||
| TESTS_RUN(tests_hashes_sha3_tests()); | |||
There was a problem hiding this comment.
Pretty sure you didn't mean to delete this?
| /** | ||
| * @brief Generates tests for hashes/sha3.h | ||
| * | ||
| * @return embUnit tests if successful, NULL if not. | ||
| */ | ||
| Test *tests_hashes_sha3_tests(void); |
| USEMODULE += psa_mac | ||
| USEMODULE += hashes |
There was a problem hiding this comment.
| USEMODULE += hashes |
should be automatically selected
| @@ -1,12 +1,21 @@ | |||
| include ../Makefile.sys_common | |||
|
|
|||
| USEMODULE += embunit | |||
There was a problem hiding this comment.
| USEMODULE += embunit |
I would prefer to keep your tests consistent with the existing ones and not use embUnit for them (simply replace TEST_ASSERT() with the construction used in other tests).
| USEMODULE += hashes | ||
| USEMODULE += psa_hash | ||
|
|
||
| USEMODULE += psa_riot_mac_hmac_generic |
There was a problem hiding this comment.
| USEMODULE += psa_riot_mac_hmac_generic |
should be selected automatically, I guess
| USEMODULE += psa_hash_sha_384 | ||
| USEMODULE += psa_mac_hmac_sha_384 | ||
| USEMODULE += psa_hash_sha_512 | ||
| USEMODULE += psa_mac_hmac_sha_512 |
There was a problem hiding this comment.
| USEMODULE += psa_hash_sha_384 | |
| USEMODULE += psa_mac_hmac_sha_384 | |
| USEMODULE += psa_hash_sha_512 | |
| USEMODULE += psa_mac_hmac_sha_512 | |
| USEMODULE += psa_mac_hmac_sha_384 | |
| USEMODULE += psa_mac_hmac_sha_512 |
same here
|
Also the current test implementation fails on the CI: https://ci.riot-os.org/details/f921c2a1211244a0b9ee984ef457e915 I'd propose to mimic the other tests, then it should work. |
Contribution description
This PR adds a generic HMAC implementation for the PSA crypto API. This HMAC implementation can work with all
hashing algorithms already supported by the PSA crypto API.
This means that in order to add support for a new HMAC algorithm, only the hashing algorithm implementation is necessary,
the rest will be handled by the generic HMAC.
In order to support the full PSA MAC API, this PR also adds support for the multi-part MAC API. It also removes support for hardware acceleration of the SHA-256 HMAC, since a full-fledged hardware acceleration is expected to be provided in the near future.
Last but not least, a unittest for the generic HMAC is provided.
Testing procedure
The
test-hashesunittest also tests the generic HMAC, so running those tests should be suitable to test the generic HMAC.This PR depends on #20698, and also depends on a follow-up PR which will reintroduce proper hardware acceleration.