sys/psa_crypto: Adding aead aes ccm #21455
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Lukas-Luger
requested review from
MichelRottleuthner,
aabadie,
jia200x and
leandrolanzieri
as code owners
github-actions
bot
added
Platform: ARM
crasbe
added
Type: new feature
mguetschow
requested changes
Apr 30, 2025
Contributor
mguetschow
left a comment
mguetschow
left a comment
There was a problem hiding this comment.
Thanks for doing this! Here's a first round of review. Haven't tested it locally yet.
Contributor
|
Oh, and something seems to be off in your automatic backend selection: -- running on worker alien thread 1, build number 13791.
make: Entering directory '/tmp/dwq.0.49495055948356803/0b95bb80d67d834a634a4edd6938ca1d/tests/sys/psa_crypto_aead'
You are going to use the PSA Crypto module, which is only partly implemented and not yet thouroughly tested.\n Please do not use this module in production, as it may introduce security issues!
/tmp/dwq.0.49495055948356803/0b95bb80d67d834a634a4edd6938ca1d/sys/psa_crypto/Makefile.include:111: *** "One (and only one) backend should be selected for psa_aead_aes_128_ccm". Stop.
make: Leaving directory '/tmp/dwq.0.49495055948356803/0b95bb80d67d834a634a4edd6938ca1d/tests/sys/psa_crypto_aead'
make: Entering directory '/tmp/dwq.0.49495055948356803/0b95bb80d67d834a634a4edd6938ca1d/tests/sys/psa_crypto_aead'
You are going to use the PSA Crypto module, which is only partly implemented and not yet thouroughly tested.\n Please do not use this module in production, as it may introduce security issues!
/tmp/dwq.0.49495055948356803/0b95bb80d67d834a634a4edd6938ca1d/sys/psa_crypto/Makefile.include:111: *** "One (and only one) backend should be selected for psa_aead_aes_128_ccm". Stop.
make: Leaving directory '/tmp/dwq.0.49495055948356803/0b95bb80d67d834a634a4edd6938ca1d/tests/sys/psa_crypto_aead'
cat: /tmp/dwq.0.49495055948356803/0b95bb80d67d834a634a4edd6938ca1d/build/test-input-hash.sha1: No such file or directory |
mcr
approved these changes
Apr 30, 2025
mguetschow
reviewed
May 9, 2025
mguetschow
approved these changes
May 9, 2025
Contributor
mguetschow
left a comment
mguetschow
left a comment
There was a problem hiding this comment.
Thanks for this! Feel free to squash directly after adding the missing documentation.
Lukas-Luger
force-pushed
the
pr/psa-aes-ccm
branch
3 times, most recently
from
bb55129 to
08ebf6f
Compare
Contributor
Author
|
No Problem. Everything should be ready now ;) |
mguetschow
requested changes
May 12, 2025
Contributor
mguetschow
left a comment
mguetschow
left a comment
There was a problem hiding this comment.
Sorry, one last nit, found while trying to compile with
diff --git a/tests/sys/psa_crypto_aead/Makefile b/tests/sys/psa_crypto_aead/Makefile
index e0fdc67078..5d8f3615e1 100644
--- a/tests/sys/psa_crypto_aead/Makefile
+++ b/tests/sys/psa_crypto_aead/Makefile
@@ -6,6 +6,8 @@ USEMODULE += psa_crypto
USEMODULE += psa_aead
USEMODULE += psa_aead_aes_128_ccm
+USEMODULE += psa_aead_aes_128_ccm_custom_backend
+USEMODULE += psa_aead_aes_128_ccm_backend_tinycrypt
CFLAGS += -DCONFIG_PSA_SINGLE_KEY_COUNT=2Also, would you mind updating your commit messages and remove all the fixup commit messages? I can show you how to, if needed.
Lukas-Luger
force-pushed
the
pr/psa-aes-ccm
branch
from
0772148 to
964d071
Compare
Lukas-Luger
force-pushed
the
pr/psa-aes-ccm
branch
from
964d071 to
13760ae
Compare
Contributor
Author
|
Should be all done now. Sorry for the delay |
github-merge-queue
bot
removed this pull request from the merge queue due to failed status checks
Contributor
|
You'll have to add a BOARD_INSUFFICIENT_MEMORY := \
nucleo-l011k4 \
samd10-xmini \
stm32f030f4-demo \
# |
Lukas-Luger
force-pushed
the
pr/psa-aes-ccm
branch
from
13760ae to
406d6dc
Compare
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
6 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Contribution description
This PR adds AES CCM as the first Authenticated encryption with associated data algorithm to the PSA Certified Crypto API implementation of RIOT.
It comes with three backends:
Cifra
Tinycrypt
Cryptocell 310
Testing procedure
A test is provided in tests/sys/psa_crypto_aead.
Note that the test will fail on tinycrypt because of invalid nonce size.
Issues/PRs references
This is highly inspired by #18547.