1
0
mirror of https://github.com/RIOT-OS/RIOT.git synced 2025-01-18 12:52:44 +01:00
RIOT/dist
bors[bot] 9be022afd8
Merge #18547
18547: sys: PSA Crypto API implementation r=MrKevinWeiss a=Einhornhool

### Contribution description
This adds an implementation of the ARM [PSA Crypto API](https://armmbed.github.io/mbed-crypto/html/index.html) specification to RIOT. 

It is a cryptographic API that supports software and hardware backends as well as the use of multiple secure elements, which can be configured with Kconfig.
It integrates indirect, identifier based key management to support persistent storage of key material in local memory and devices with protected key storage.

A description of the implementation design and an evaluation of the processing time and memory overhead in RIOT has been published here: [Usable Security for an IoT OS: Integrating the Zoo of Embedded Crypto Components Below a Common API](https://arxiv.org/abs/2208.09281)

#### Implementation status
So far this implementation supports the following operations:
- Volatile key storage
- AES in CBC mode
- Hashes (MD5, SHA1, SHA224, SHA256)
- HMAC SHA256
- ECDSA with NIST P192 and P256 curves

The following backends are supported so far:
- RIOT Cipher Module
- RIOT Hash Module
- Micro ECC library package
- Cryptocell 310 hardware accelerator on the Nordic NRF52840dk
- Microchip ATECC608A secure element

Other operations and backends as well as persistent key storage can and will be implemented by me and anyone who wants to contribute in the future.

### Testing procedure
So far there is a show case application in `examples/psa_crypto` to demonstrate the usage and configuration of different backends of the API (refer to the application README for more information). 


Co-authored-by: Lena Boeckmann <lena.boeckmann@haw-hamburg.de>
2023-09-04 08:15:08 +00:00
..
pythonlibs treewide: fix path to shell related tests in doc 2023-05-13 18:27:58 +02:00
testbed-support dist/testbed-support: remove obsolete boards from iotlab archi 2023-04-26 15:02:12 +02:00
tools Merge #18547 2023-09-04 08:15:08 +00:00
empty.a make: OSX: don't fail for empty .a archives 2014-06-24 20:29:32 +02:00
gdbinit-docker tools: use 'BOARDSDIR' for the boards directory 2019-12-16 15:35:04 +01:00
Makefile makefiles: do not locally export compilation variables 2019-08-29 10:35:36 +02:00
usb_id_testing usb: Warn on test-ID usage in a unified location 2020-06-30 10:51:36 +02:00