espressif/esp-idf
1
0
Fork 0
mirror of https://github.com/espressif/esp-idf.git synced 2026-04-27 19:13:21 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'fix/support_truncated_hmac_v6.0' into 'release/v6.0'

Browse Source 
Allow truncated ESP-PSA HMAC driver operations (v6.0)

See merge request espressif/esp-idf!45755
This commit is contained in:
Mahavir Jain
2026-02-12 11:31:16 +05:30
parent e114d459af 51956d766e
commit 6d023865d2
2 changed files with 30 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files
components/mbedtls/port/psa_driver/esp_mac/psa_crypto_driver_esp_hmac_transparent.c
+6 -6
View File
@@ -291,12 +291,12 @@ psa_status_t esp_hmac_finish_transparent(
goto exit;
}
if (mac_size < hash_size) {
status = PSA_ERROR_BUFFER_TOO_SMALL;
goto exit;
}
memcpy(mac, tmp, hash_size);
*mac_length = hash_size;
/* Copy the MAC, limiting to the actual hash size we computed.
* This supports truncated MACs (mac_size < hash_size) and also
* handles cases where the output buffer is larger than needed. */
size_t bytes_to_copy = (mac_size <= hash_size) ? mac_size : hash_size;
memcpy(mac, tmp, bytes_to_copy);
*mac_length = bytes_to_copy;
exit:
mbedtls_platform_zeroize(tmp, hash_size);
components/mbedtls/test_apps/main/test_psa_hmac.c
+24 -1
View File
@@ -58,7 +58,7 @@ static void test_hmac_compute_and_verify(psa_key_id_t key_id,
size_t expected_mac_len)
{
psa_status_t status;
size_t hmac_length = PSA_HASH_LENGTH(alg);
size_t hmac_length = PSA_MAC_TRUNCATED_LENGTH(alg) ? PSA_MAC_TRUNCATED_LENGTH(alg) : PSA_HASH_LENGTH(alg);
uint8_t *hmac = malloc(hmac_length);
TEST_ASSERT_NOT_NULL(hmac);
@@ -66,6 +66,7 @@ static void test_hmac_compute_and_verify(psa_key_id_t key_id,
status = psa_mac_compute(key_id, alg, data, data_len,
hmac, hmac_length, &mac_length);
TEST_ASSERT_EQUAL(PSA_SUCCESS, status);
TEST_ASSERT_EQUAL(expected_mac_len, mac_length);
status = psa_mac_verify(key_id, alg, data, data_len,
expected_mac, expected_mac_len);
@@ -185,3 +186,25 @@ TEST_CASE("PSA HMAC SHA-256 multipart test", "[psa_hmac]")
psa_destroy_key(key_id);
free(hmac);
}
TEST_CASE("PSA HMAC SHA-256 truncated test", "[psa_hmac]")
{
psa_status_t status;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
psa_key_id_t key_id = 0;
// Create truncated HMAC algorithm (16 bytes instead of full 32 bytes)
psa_algorithm_t alg = PSA_ALG_TRUNCATED_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_256), 16);
setup_hmac_key_attributes(&attributes, alg, PSA_KEY_LIFETIME_VOLATILE);
status = psa_import_key(&attributes, key_256, sizeof(key_256), &key_id);
TEST_ASSERT_EQUAL(PSA_SUCCESS, status);
// Test single-shot compute and verify with truncated MAC
test_hmac_compute_and_verify(key_id, alg, test_data, sizeof(test_data),
expected_hmac_sha256,
16);
psa_destroy_key(key_id);
psa_reset_key_attributes(&attributes);
}