Skip to content

sys/psa_crypto: Adding hmac hashing on psa_import_key and fix max hmac key size #21297

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 3 commits into from
Mar 23, 2025
Merged

sys/psa_crypto: Adding hmac hashing on psa_import_key and fix max hmac key size #21297

merged 3 commits into from
Mar 23, 2025

Conversation

Lukas-Luger
Copy link
Contributor

Contribution description

This PR adds hashing functionality to psa_import_key. According to the PSA Certified Crypto API:

HMAC keys that are longer than the block size of hash_alg, are permitted in a call to psa_import_key().

In addition, [RFC2104] §2 states that when using keys longer than the hash block size, the key must be hashed.

Finally, the CONFIG_PSA_MAX_KEY_SIZE value has been corrected.

Testing procedure

A test is provided with a 128 Byte key.

Issues/PRs references

This PR follows up on #20758.

@github-actions github-actions bot added Area: tests Area: tests and testing framework Area: sys Area: System labels Mar 14, 2025
@benpicco benpicco requested a review from Einhornhool March 14, 2025 10:30
mguetschow
mguetschow reviewed Mar 14, 2025
View reviewed changes
Copy link
Contributor

@mguetschow mguetschow left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nice, thanks for finding and fixing! Just two suggestions below.

@mguetschow mguetschow added the CI: ready for build If set, CI server will compile all applications for all available boards for the labeled PR label Mar 17, 2025
mguetschow
mguetschow approved these changes Mar 17, 2025
View reviewed changes
Copy link
Contributor

@mguetschow mguetschow left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please squash! :)

@riot-ci
Copy link

riot-ci commented Mar 17, 2025
edited
Loading

Murdock results

✔️ PASSED

4839195 tests/sys/psa_crypto_mac: updated Makefile.ci

Success Failures Total Runtime
149556 0 149556 01h:41m:47s

Artifacts

@mcr mcr mentioned this pull request Mar 17, 2025
Merged
@Lukas-Luger Lukas-Luger force-pushed the pr/psa-import-key-hmac branch from 49a6a50 to 630ab15 Compare March 19, 2025 12:01
@mguetschow
Copy link
Contributor

This needs another rebase after #21303 is in.

Lukas-Luger and others added 2 commits March 21, 2025 14:28
@Lukas-Luger
tests/sys/psa_crypto_mac: adding extra long key
e630cf3
@Lukas-Luger @mguetschow
sys/psa_crypto: Adding hmac hashing on psa_import_key
8d13b86 
Update sys/psa_crypto/psa_crypto_algorithm_dispatch.c

Co-authored-by: mguetschow <mikolai.guetschow@tu-dresden.de>
@Lukas-Luger Lukas-Luger force-pushed the pr/psa-import-key-hmac branch from 630ab15 to 8d13b86 Compare March 21, 2025 13:38
@mguetschow mguetschow enabled auto-merge March 21, 2025 13:40
@mguetschow mguetschow added this pull request to the merge queue Mar 21, 2025
@github-merge-queue github-merge-queue bot removed this pull request from the merge queue due to failed status checks Mar 21, 2025
@mguetschow mguetschow added CI: full build disable CI build filter CI: no fast fail don't abort PR build after first error CI: ready for build If set, CI server will compile all applications for all available boards for the labeled PR and removed CI: ready for build If set, CI server will compile all applications for all available boards for the labeled PR labels Mar 21, 2025
@maribu
Copy link
Member

maribu commented Mar 21, 2025

Looks like you need to run make -C tests/sys/psa_crypto_mac generate-Makefile.ci.

I wonder how that ever fit on the tiny AVR :)

@maribu maribu enabled auto-merge March 23, 2025 05:07
@maribu maribu added this pull request to the merge queue Mar 23, 2025
Merged via the queue into RIOT-OS:master with commit f62a7b9 Mar 23, 2025
25 checks passed
@Lukas-Luger Lukas-Luger deleted the pr/psa-import-key-hmac branch March 24, 2025 11:56
@mguetschow mguetschow added this to the Release 2025.04 milestone Apr 8, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mguetschow mguetschow mguetschow approved these changes

@leandrolanzieri leandrolanzieri Awaiting requested review from leandrolanzieri leandrolanzieri is a code owner

@aabadie aabadie Awaiting requested review from aabadie aabadie is a code owner

@MichelRottleuthner MichelRottleuthner Awaiting requested review from MichelRottleuthner MichelRottleuthner is a code owner

@Einhornhool Einhornhool Awaiting requested review from Einhornhool

Assignees
No one assigned
Labels
Area: sys Area: System Area: tests Area: tests and testing framework CI: full build disable CI build filter CI: no fast fail don't abort PR build after first error CI: ready for build If set, CI server will compile all applications for all available boards for the labeled PR
Projects
None yet
Milestone
Release 2025.04
Development

Successfully merging this pull request may close these issues.
4 participants
@Lukas-Luger @riot-ci @mguetschow @maribu