WIP: Add support to crypto:mac

bettio · bettio · commit 4c07de1effca · 2026-01-22T15:28:22.000+01:00
Signed-off-by: Davide Bettio &lt;davide@uninstall.it&gt;
diff --git a/src/libAtomVM/otp_crypto.c b/src/libAtomVM/otp_crypto.c
@@ -895,6 +895,99 @@ static term nif_crypto_compute_key(Context *ctx, int argc, term argv[])
     return result;
 }
 
+static const AtomStringIntPair hmac_algorithm_table[] = {
+    { ATOM_STR("\x6", "sha256"), PSA_ALG_SHA_256 },
+    SELECT_INT_DEFAULT(0)
+};
+
+static term nif_crypto_mac(Context *ctx, int argc, term argv[])
+{
+
+    term key_term = argv[2];
+    VALIDATE_VALUE(key_term, term_is_binary);
+    const void *key = term_binary_data(key_term);
+    size_t key_len = term_binary_size(key_term);
+    psa_key_bits_t key_bit_size = key_len * 8;
+
+    term data_term = argv[3];
+    VALIDATE_VALUE(data_term, term_is_binary);
+    const void *data = term_binary_data(data_term);
+    size_t data_len = term_binary_size(data_term);
+
+    UNUSED(argc);
+
+    do_psa_init();
+
+    GlobalContext *glb = ctx->global;
+
+    // let's check argv[0] is always hmac
+    psa_algorithm_t sub_type_algo
+        = interop_atom_term_select_int(hmac_algorithm_table, argv[1], glb);
+
+    size_t mac_out_size
+        = PSA_MAC_LENGTH(PSA_KEY_TYPE_HMAC, key_bit_size, PSA_ALG_HMAC(sub_type_algo));
+    void *mac_out = malloc(mac_out_size);
+
+    bool success = false;
+    term result = ERROR_ATOM;
+
+    psa_key_id_t key_id = 0;
+    psa_key_attributes_t attr = PSA_KEY_ATTRIBUTES_INIT;
+
+    psa_set_key_type(&attr, PSA_KEY_TYPE_HMAC);
+
+    psa_set_key_bits(&attr, key_bit_size);
+
+    psa_set_key_usage_flags(&attr, PSA_KEY_USAGE_SIGN_MESSAGE);
+    psa_set_key_algorithm(&attr, PSA_ALG_HMAC(sub_type_algo));
+
+    psa_status_t status = psa_import_key(&attr, key, key_len, &key_id);
+    psa_reset_key_attributes(&attr);
+    switch (status) {
+        case PSA_SUCCESS:
+            break;
+        case PSA_ERROR_NOT_SUPPORTED:
+            RAISE_ERROR(make_crypto_error(__FILE__, __LINE__, "Unsupported algorithm", ctx));
+        default:
+            RAISE_ERROR(make_crypto_error(__FILE__, __LINE__, "Unexpected error", ctx));
+    }
+
+    size_t mac_len = 0;
+    status = psa_mac_compute(
+        key_id, PSA_ALG_HMAC(sub_type_algo), data, data_len, mac_out, mac_out_size, &mac_len);
+    switch (status) {
+        case PSA_SUCCESS:
+            break;
+        case PSA_ERROR_NOT_SUPPORTED:
+            result = make_crypto_error(__FILE__, __LINE__, "Unsupported algorithm", ctx);
+            goto cleanup;
+        default:
+            result = make_crypto_error(__FILE__, __LINE__, "Unexpected error", ctx);
+            goto cleanup;
+    }
+
+    if (UNLIKELY(memory_ensure_free(ctx, TERM_BINARY_HEAP_SIZE(mac_len)) != MEMORY_GC_OK)) {
+        result = OUT_OF_MEMORY_ATOM;
+        goto cleanup;
+    }
+
+    success = true;
+    result = term_from_literal_binary(mac_out, mac_len, &ctx->heap, glb);
+
+cleanup:
+    psa_destroy_key(key_id);
+    if (mac_out) {
+        memset(mac_out, 0, mac_out_size);
+    }
+    free(mac_out);
+
+    if (UNLIKELY(!success)) {
+        RAISE_ERROR(result);
+    }
+
+    return result;
+}
+
 #endif
 
 // not static since we are using it elsewhere to provide backward compatibility
@@ -948,6 +1041,10 @@ static const struct Nif crypto_compute_key_nif = {
     .base.type = NIFFunctionType,
     .nif_ptr = nif_crypto_compute_key
 };
+static const struct Nif crypto_mac_nif = {
+    .base.type = NIFFunctionType,
+    .nif_ptr = nif_crypto_mac
+};
 #endif
 static const struct Nif crypto_strong_rand_bytes_nif = {
     .base.type = NIFFunctionType,
@@ -983,6 +1080,10 @@ const struct Nif *otp_crypto_nif_get_nif(const char *nifname)
             TRACE("Resolved platform nif %s ...\n", nifname);
             return &crypto_compute_key_nif;
         }
+        if (strcmp("mac/4", rest) == 0) {
+            TRACE("Resolved platform nif %s ...\n", nifname);
+            return &crypto_mac_nif;
+        }
 #endif
         if (strcmp("strong_rand_bytes/1", rest) == 0) {
             TRACE("Resolved platform nif %s ...\n", nifname);
