Skip to content

[Backport ncs-v3.1-branch] Series of commits that defult to HMAC-SHA512 for X25519 on NRF54L #494

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 3 commits into from
Aug 11, 2025
Merged

[Backport ncs-v3.1-branch] Series of commits that defult to HMAC-SHA512 for X25519 on NRF54L #494

merged 3 commits into from
Aug 11, 2025

Conversation

@NordicBuilder
Copy link

@NordicBuilder NordicBuilder commented Aug 7, 2025

Backport 8b2d04c~3..8b2d04c from #483.

@de-nordic @github-actions
[nrf fromtree] bootutil: Fix X25519 HMAC-SHA512
6198cd4 
The MAC tag of encryption key has been incorrectly using only
32 bytes of HKDF for HMAC-SHA512 keyword.

Signed-off-by: Dominik Ermel <[email protected]>
(cherry picked from commit 32db788)
(cherry picked from commit 31c8554)
@de-nordic @github-actions
[nrf fromtree] imgtool: Fix x25519 TLV HMAC tag
7b07ea7 
HMAC-SHA512 has been incorrectly fed only 32 bytes of password.

Signed-off-by: Dominik Ermel <[email protected]>
(cherry picked from commit 94d85f9)
(cherry picked from commit 2128ae5)
@de-nordic @github-actions
[nrf noup] zephyr: Enforce HMAC-SHA512 for NRF54L with X25519
39c6b14 
ECIES-X25519 key exchange on NRF54L will be using HMAC-SHA512
for MAC tagging encryption key.

Signed-off-by: Dominik Ermel <[email protected]>
(cherry picked from commit 8b2d04c)
@NordicBuilder NordicBuilder requested a review from nordicjm as a code owner August 7, 2025 10:05
@sonarqubecloud
Copy link

sonarqubecloud bot commented Aug 7, 2025

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

@nvlsianpu nvlsianpu added this to the ncs-3.1.0 milestone Aug 8, 2025
@nvlsianpu nvlsianpu added the bugfix Fixes a known bug label Aug 8, 2025
@NordicBuilder NordicBuilder mentioned this pull request Aug 8, 2025
Merged
@carlescufi carlescufi merged commit 05a6339 into ncs-v3.1-branch Aug 11, 2025
7 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@nvlsianpu nvlsianpu nvlsianpu approved these changes

@nordicjm nordicjm nordicjm approved these changes

@michalek-no michalek-no michalek-no approved these changes

@de-nordic de-nordic Awaiting requested review from de-nordic de-nordic is a code owner

Assignees

No one assigned

Labels

Backport bugfix Fixes a known bug

Projects

None yet

Milestone

ncs-3.1.0

Development

Successfully merging this pull request may close these issues.

7 participants

@NordicBuilder @nvlsianpu @nordicjm @michalek-no @carlescufi @de-nordic