RIOT icon indicating copy to clipboard operation
RIOT copied to clipboard
verified publisher icon RIOT-OS

sys: Add PSA Crypto module

Open Einhornhool opened this issue 3 years ago • 3 comments

Contribution description

This adds an implementation of the ARM PSA Crypto API specification to RIOT.

It is a cryptographic API that supports software and hardware backends as well as the use of multiple secure elements, which can be configured with Kconfig. It integrates indirect, identifier based key management to support persistent storage of key material in local memory and devices with protected key storage.

A description of the implementation design and an evaluation of the processing time and memory overhead in RIOT has been published here: Usable Security for an IoT OS: Integrating the Zoo of Embedded Crypto Components Below a Common API Implementation status

So far this implementation supports the following operations:

  • Volatile key storage
  • AES in CBC mode
  • Hashes (MD5, SHA1, SHA224, SHA256)
  • HMAC SHA256
  • ECDSA with NIST P192 and P256 curves

Issues/PRs references

Split up PR #18547

Related: #18583 #18582 #18581 #18580 #18579

Einhornhool avatar Sep 12 '22 09:09 Einhornhool

Why not keep the example application from #18547 ? It was providing a way for Murdock to build (and test) the code of this PR.

aabadie avatar Sep 12 '22 10:09 aabadie

I removed it, because this branch only provides the PSA Module without backend support. I submitted the code for the wrappers for the RIOT cipher module, etc, in separate PRs, to reduce the size of the PR, but this will mean that the example won't build.

Einhornhool avatar Sep 12 '22 11:09 Einhornhool

Why not keep the example application from #18547 ? It was providing a way for Murdock to build (and test) the code of this PR.

I added a minimal example application that works on this branch. It only executes key management operations and random number generation. It can be extended by more operations when other backends are included.

Einhornhool avatar Sep 13 '22 14:09 Einhornhool

Thank you, Kevin. I think from that perspective it makes more sense to keep everything in one PR with separate commits. I will apply all the changes I made on this branch and the other PSA subbranches to the original PR and reopen it, so we can work on that. I'll also address numbers 1-3.

Einhornhool avatar Nov 05 '22 10:11 Einhornhool

To make this easier to test and work on are going to keep working on the original branch: https://github.com/RIOT-OS/RIOT/pull/18547

Einhornhool avatar Nov 05 '22 14:11 Einhornhool