mirror of
https://github.com/RIOT-OS/RIOT.git
synced 2025-12-26 23:11:19 +01:00
27cf424720
Currently PSA mac backends can only implement psa_mac_compute() from the PSA crypto API, but not psa_mac_verify() and the associated multi-part functions. Extend the location and algorithm dispatchers to connect the above PSA API functions to suitable backends. Also extend the MAC backend API to allow backends to implement those additional functions. Due to a design issue with the SE backend API (context size is dynamic, thus requiring a memory allocation) only psa_mac_verify() can be accelerated by SE backends. Signed-off-by: Armin Wolf <W_Armin@gmx.de>
153 lines
4.6 KiB
C
153 lines
4.6 KiB
C
/*
|
|
* Copyright (C) 2021 HAW Hamburg
|
|
*
|
|
* This file is subject to the terms and conditions of the GNU Lesser
|
|
* General Public License v2.1. See the file LICENSE in the top level
|
|
* directory for more details.
|
|
*/
|
|
|
|
/**
|
|
* @ingroup pkg_driver_cryptocell_310
|
|
* @{
|
|
*
|
|
* @brief Glue code translating between PSA Crypto and the CryptoCell 310 driver APIs
|
|
*
|
|
* @author Lena Boeckmann <lena.boeckmann@haw-hamburg.de>
|
|
*
|
|
* @}
|
|
*/
|
|
|
|
#include "kernel_defines.h"
|
|
#include "psa/crypto.h"
|
|
#include "psa_error.h"
|
|
|
|
#include "cryptocell_310_util.h"
|
|
#include "crys_hmac.h"
|
|
#include "crys_hmac_error.h"
|
|
|
|
#define ENABLE_DEBUG 0
|
|
#include "debug.h"
|
|
|
|
psa_status_t psa_mac_compute_hmac_sha256(const psa_key_attributes_t *attributes,
|
|
const uint8_t *key_buffer,
|
|
size_t key_buffer_size,
|
|
const uint8_t *input,
|
|
size_t input_length,
|
|
uint8_t *mac,
|
|
size_t mac_size,
|
|
size_t *mac_length)
|
|
{
|
|
CRYSError_t ret;
|
|
size_t required_mac_length =
|
|
PSA_MAC_LENGTH(attributes->type, attributes->bits, PSA_ALG_SHA_256);
|
|
|
|
if (!cryptocell_310_data_within_ram(key_buffer) ||
|
|
!cryptocell_310_data_within_ram(input)) {
|
|
DEBUG("%s : cryptocell_310 data required to be in RAM.\n", __FILE__);
|
|
return PSA_ERROR_DATA_INVALID;
|
|
}
|
|
|
|
if (mac_size < required_mac_length) {
|
|
return PSA_ERROR_BUFFER_TOO_SMALL;
|
|
}
|
|
|
|
ret = CRYS_HMAC(CRYS_HASH_SHA256_mode, (uint8_t *)key_buffer, key_buffer_size, (uint8_t *)input,
|
|
input_length, (uint32_t *)mac);
|
|
if (ret != CRYS_OK) {
|
|
DEBUG("CRYS_HMAC failed with %s\n", cryptocell310_status_to_humanly_readable(ret));
|
|
return CRYS_to_psa_error(ret);
|
|
}
|
|
|
|
*mac_length = required_mac_length;
|
|
|
|
(void)mac_size;
|
|
return PSA_SUCCESS;
|
|
}
|
|
|
|
psa_status_t psa_mac_verify_hmac_sha256(const psa_key_attributes_t *attributes,
|
|
const uint8_t *key_buffer,
|
|
size_t key_buffer_size,
|
|
const uint8_t *input,
|
|
size_t input_length,
|
|
const uint8_t *mac,
|
|
size_t mac_length)
|
|
{
|
|
(void)attributes;
|
|
(void)key_buffer;
|
|
(void)key_buffer_size;
|
|
(void)input;
|
|
(void)input_length;
|
|
(void)mac;
|
|
(void)mac_length;
|
|
|
|
return PSA_ERROR_NOT_SUPPORTED;
|
|
}
|
|
|
|
psa_status_t psa_mac_sign_setup_hmac_sha256(psa_mac_operation_t *operation,
|
|
const psa_key_attributes_t *attributes,
|
|
const uint8_t *key_buffer,
|
|
size_t key_buffer_size)
|
|
{
|
|
(void)operation;
|
|
(void)attributes;
|
|
(void)key_buffer;
|
|
(void)key_buffer_size;
|
|
|
|
return PSA_ERROR_NOT_SUPPORTED;
|
|
}
|
|
|
|
psa_status_t psa_mac_verify_setup_hmac_sha256(psa_mac_operation_t *operation,
|
|
const psa_key_attributes_t *attributes,
|
|
const uint8_t *key_buffer,
|
|
size_t key_buffer_size)
|
|
{
|
|
(void)operation;
|
|
(void)attributes;
|
|
(void)key_buffer;
|
|
(void)key_buffer_size;
|
|
|
|
return PSA_ERROR_NOT_SUPPORTED;
|
|
}
|
|
|
|
psa_status_t psa_mac_update_hmac_sha256(psa_mac_operation_t *operation,
|
|
const uint8_t *input,
|
|
size_t input_length)
|
|
{
|
|
(void)operation;
|
|
(void)input;
|
|
(void)input_length;
|
|
|
|
return PSA_ERROR_NOT_SUPPORTED;
|
|
}
|
|
|
|
psa_status_t psa_mac_sign_finish_hmac_sha256(psa_mac_operation_t *operation,
|
|
uint8_t *mac,
|
|
size_t mac_size,
|
|
size_t *mac_length)
|
|
{
|
|
(void)operation;
|
|
(void)mac;
|
|
(void)mac_size;
|
|
(void)mac_length;
|
|
|
|
return PSA_ERROR_NOT_SUPPORTED;
|
|
}
|
|
|
|
psa_status_t psa_mac_verify_finish_hmac_sha256(psa_mac_operation_t *operation,
|
|
const uint8_t *mac,
|
|
size_t mac_length)
|
|
{
|
|
(void)operation;
|
|
(void)mac;
|
|
(void)mac_length;
|
|
|
|
return PSA_ERROR_NOT_SUPPORTED;
|
|
}
|
|
|
|
psa_status_t psa_mac_abort_hmac_sha256(psa_mac_operation_t *operation)
|
|
{
|
|
(void)operation;
|
|
|
|
return PSA_ERROR_NOT_SUPPORTED;
|
|
}
|