Skip to content

Add new example for HMAC SHA #132

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 2 commits into from
Closed

Add new example for HMAC SHA #132

wants to merge 2 commits into from

Conversation

@Akshay-Belsare
Copy link

Adds a new example demonstrating HMAC SHA algorithms:

  • TA_ALGO_HMAC_SHA1

  • TA_ALGO_HMAC_SHA224

  • TA_ALGO_HMAC_SHA256

  • TA_ALGO_HMAC_SHA384

  • TA_ALGO_HMAC_SHA512

  • TA_ALG_AES_CMAC

  • Enabled runtime selection of the SHA algorithm by running
    optee_example_sha <string> <algo>.

  • If no algorithm is specified, TA_ALGO_HMAC_SHA256 is used by default.

@amey-raghatate @Akshay-Belsare
sha: add HMAC SHA algo support & runtime selection
1027c0b 
Adds a new example demonstrating HMAC SHA algorithms:
  - TA_ALGO_HMAC_SHA1
  - TA_ALGO_HMAC_SHA224
  - TA_ALGO_HMAC_SHA256
  - TA_ALGO_HMAC_SHA384
  - TA_ALGO_HMAC_SHA512

- Enabled runtime selection of the SHA algorithm by running
`optee_example_sha <string> <algo>`.
- If no algorithm is specified, TA_ALGO_HMAC_SHA256 is used by default.

Signed-off-by: Amey Avinash Raghatate <[email protected]>
@amey-raghatate @Akshay-Belsare
sha: Add support for AES CMAC algo
a51c4c1 
Extend SHA example to support for AES CMAC algorithm:
- TEE_ALG_AES_CMAC

Signed-off-by: Amey Avinash Raghatate <[email protected]>
@Akshay-Belsare Akshay-Belsare changed the title Amd sha hmac Add new example for HMAC SHA Aug 25, 2025
@jenswi-linaro
Copy link
Contributor

Can this PR and #131 use the same TA?

@jenswi-linaro
Copy link
Contributor

Hmm, so the pattern seems to be one TA per Linux user-space application.
Can the #131 also use the same user-space application?

@amey-raghatate
Copy link
Contributor

amey-raghatate commented Aug 28, 2025
edited
Loading

Hi @jenswi-linaro, basic SHA and SHA HMAC use fundamentally different GlobalPlatform APIs and belong to distinct algorithm categories, making separate TAs the optimal approach. These algorithm families are different - basic SHA uses TEE_ALG_SHA* with TEE_DigestUpdate() and TEE_DigestDoFinal() APIs, while SHA HMAC uses TEE_ALG_HMAC_* with TEE_MACUpdate() and TEE_MACComputeFinal() APIs. Basic SHA algorithms are stateless, designed for hash-only operations that need no key material and are pure digest operations, whereas SHA HMAC algorithms are stateful with keys, require key objects and MAC operations for authentication. @jenswi-linaro Please advise if you have any suggestions regarding this this approach.

CC: @Akshay-Belsare

@jenswi-linaro
Copy link
Contributor

@amey-raghatate, I'm well aware of the GP API. Combining the two apps should save a bit of common code.

@Akshay-Belsare Akshay-Belsare mentioned this pull request Sep 3, 2025
Closed
@Akshay-Belsare
Copy link
Author

@jenswi-linaro combined example PR #136 is raised.

@github-actions
Copy link

github-actions bot commented Oct 4, 2025

This pull request has been marked as a stale pull request because it has been open (more than) 30 days with no activity. Remove the stale label or add a comment, otherwise this pull request will automatically be closed in 5 days. Note, that you can always re-open a closed issue at any time.

@github-actions github-actions bot added the Stale label Oct 4, 2025
@github-actions github-actions bot closed this Oct 9, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

Stale

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@Akshay-Belsare @jenswi-linaro @amey-raghatate