Merge pull request #21138 from mguetschow/psa-cc310-dma-check

pkg/driver_cryptocell_310: check for input data to be in RAM
RIOT-OS · Jan 28, 2025 · d1e7098 · d1e7098
2 parents 2e40d92 + 60521a1
commit d1e7098
Show file tree

Hide file tree

Showing 17 changed files with 188 additions and 21 deletions.
diff --git a/examples/psa_crypto/example_hash.c b/examples/psa_crypto/example_hash.c
@@ -22,8 +22,10 @@
 
 #include "psa/crypto.h"
 
-static const uint8_t msg[] = "Hello World!";
-static const size_t msg_len = sizeof(msg)-1; // exclude NULL-byte
+/* certain PSA backends require the data to be in RAM rather than ROM
+ * so these values cannot be `const` */
+static uint8_t msg[] = "Hello World!";
+static size_t msg_len = sizeof(msg)-1; // exclude NULL-byte
 
 static const uint8_t hash_sha224[] = {
     0x45, 0x75, 0xbb, 0x4e, 0xc1, 0x29, 0xdf, 0x63, 0x80, 0xce, 0xdd, 0xe6, 0xd7,

diff --git a/examples/psa_crypto/example_hmac_sha256.c b/examples/psa_crypto/example_hmac_sha256.c
@@ -30,7 +30,9 @@ static const uint8_t HMAC_KEY[] = {
 };
 static size_t HMAC_KEY_LEN = 32;
 
-static const uint8_t HMAC_MSG[] = {
+/* certain PSA backends require the data to be in RAM rather than ROM
+ * so these values cannot be `const` */
+static uint8_t HMAC_MSG[] = {
     0x54, 0x68, 0x69, 0x73, 0x20, 0x69, 0x73, 0x20,
     0x61, 0x20, 0x74, 0x65, 0x73, 0x74, 0x73, 0x74,
     0x72, 0x69, 0x6e, 0x67, 0x20, 0x66, 0x6f, 0x72,

diff --git a/pkg/driver_cryptocell_310/doc.txt b/pkg/driver_cryptocell_310/doc.txt
@@ -7,4 +7,12 @@
  * @note    The source of this package is not a git repository, but a zip file downloaded
  *          from the Nordic Semiconductor software center. It is quite large and takes a
  *          while to download.
+ *
+ * @warning The CryptoCell 310 peripheral on the nRF52840 MCU can only access data residing in RAM,
+ *          not in ROM (see [nRF52840 Product Specification], Section 6.6.7).
+ *          When using this driver as a backend for PSA Crypto API, API function will return
+ *          `PSA_ERROR_DATA_INVALID` when provided input data resides in ROM.
+ *
+ * [nRF52840 Product Specification]: https://docs-be.nordicsemi.com/bundle/ps_nrf52840/attach/nRF52840_PS_v1.11.pdf
+ *
  */
diff --git a/pkg/driver_cryptocell_310/include/cryptocell_310_util.h b/pkg/driver_cryptocell_310/include/cryptocell_310_util.h
@@ -23,10 +23,6 @@
 extern "C" {
 #endif
 
-#ifdef CPU_NRF52
-#define CHECK_POINTER_DMA_ACCESS(p) ((unsigned int)p >= 0x20000000 ? (unsigned int)p < 0x40000000 : 0)
-#endif
-
 /**
  * @brief   Enable CryptoCell module and IRQs.
  *
@@ -43,6 +39,17 @@ void cryptocell_310_enable(void);
  */
 void cryptocell_310_disable(void);
 
+/**
+ * @brief   Check whether the given data resides in RAM
+ *
+ *          Should be called on every const input that will be passed
+ *          on to the CryptoCell peripheral.
+ */
+static inline bool cryptocell_310_data_within_ram(const uint8_t* data)
+{
+    return ((int)data >= CPU_RAM_BASE && (int)data < CPU_RAM_BASE + CPU_RAM_SIZE);
+}
+
 /**
  * @brief   Enables CryptoCell module, IRQs and crypto libraries on nrf52840.
  *

diff --git a/pkg/driver_cryptocell_310/psa_cryptocell_310/aes_common.c b/pkg/driver_cryptocell_310/psa_cryptocell_310/aes_common.c
@@ -40,6 +40,12 @@ psa_status_t cryptocell_310_common_aes_setup(SaSiAesUserContext_t *ctx,
 {
     SaSiAesUserKeyData_t key;
 
+    if (!cryptocell_310_data_within_ram(iv) ||
+        !cryptocell_310_data_within_ram(key_buffer)) {
+        DEBUG("%s : cryptocell_310 data required to be in RAM.\n", RIOT_FILE_RELATIVE);
+        return PSA_ERROR_DATA_INVALID;
+    }
+
     SaSiStatus ret = SaSi_AesInit(ctx, direction, mode, padding);
     if (ret != SASI_OK) {
         DEBUG("SaSi_AesInit failed with %s\n", cryptocell310_status_to_humanly_readable(ret));
@@ -77,6 +83,11 @@ psa_status_t cryptocell_310_common_aes_encrypt_decrypt(SaSiAesUserContext_t *ctx
     size_t length = input_length;
     *output_length = output_size;
 
+    if (!cryptocell_310_data_within_ram(input)) {
+        DEBUG("%s : cryptocell_310 data required to be in RAM.\n", RIOT_FILE_RELATIVE);
+        return PSA_ERROR_DATA_INVALID;
+    }
+
     do {
         if (length > CC310_MAX_AES_INPUT_BLOCK) {
             size = CC310_MAX_AES_INPUT_BLOCK;

diff --git a/pkg/driver_cryptocell_310/psa_cryptocell_310/cipher_chacha20.c b/pkg/driver_cryptocell_310/psa_cryptocell_310/cipher_chacha20.c
@@ -42,9 +42,8 @@ psa_status_t psa_cipher_chacha20_encrypt(uint8_t *key_buffer,
     DEBUG("Peripheral ChaCha20 Cipher encryption");
     psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
 
-    if (!CHECK_POINTER_DMA_ACCESS(key_buffer) ||
-        !CHECK_POINTER_DMA_ACCESS(input) ||
-        !CHECK_POINTER_DMA_ACCESS(output)) {
+    if (!cryptocell_310_data_within_ram(input)) {
+        DEBUG("%s : cryptocell_310 data required to be in RAM.\n", RIOT_FILE_RELATIVE);
         return PSA_ERROR_DATA_INVALID;
     }
 
@@ -91,9 +90,8 @@ psa_status_t psa_cipher_chacha20_decrypt(uint8_t *key_buffer,
     DEBUG("Peripheral ChaCha20 Cipher decryption");
     psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
 
-    if (!CHECK_POINTER_DMA_ACCESS(key_buffer) ||
-        !CHECK_POINTER_DMA_ACCESS(input) ||
-        !CHECK_POINTER_DMA_ACCESS(output)) {
+    if (!cryptocell_310_data_within_ram(input)) {
+        DEBUG("%s : cryptocell_310 data required to be in RAM.\n", RIOT_FILE_RELATIVE);
         return PSA_ERROR_DATA_INVALID;
     }
 

diff --git a/pkg/driver_cryptocell_310/psa_cryptocell_310/ecc_common.c b/pkg/driver_cryptocell_310/psa_cryptocell_310/ecc_common.c
@@ -85,6 +85,12 @@ psa_status_t cryptocell_310_common_ecc_sign(const uint8_t *priv_key,
     CRYS_ECPKI_UserPrivKey_t user_priv_key;
     CRYSError_t ret = 0;
 
+    if (!cryptocell_310_data_within_ram(priv_key) ||
+        !cryptocell_310_data_within_ram(input)) {
+        DEBUG("%s : cryptocell_310 data required to be in RAM.\n", RIOT_FILE_RELATIVE);
+        return PSA_ERROR_DATA_INVALID;
+    }
+
     rndGenerateVectFunc = CRYS_RND_GenerateVector;
     pDomain = (CRYS_ECPKI_Domain_t *)CRYS_ECPKI_GetEcDomain(domain);
 
@@ -122,6 +128,13 @@ psa_status_t cryptocell_310_common_ecc_verify(const uint8_t *pub_key,
     CRYS_ECPKI_UserPublKey_t user_pub_key;
     CRYSError_t ret = 0;
 
+    if (!cryptocell_310_data_within_ram(pub_key) ||
+        !cryptocell_310_data_within_ram(input) ||
+        !cryptocell_310_data_within_ram(signature)) {
+        DEBUG("%s : cryptocell_310 data required to be in RAM.\n", RIOT_FILE_RELATIVE);
+        return PSA_ERROR_DATA_INVALID;
+    }
+
     pDomain = (CRYS_ECPKI_Domain_t *)CRYS_ECPKI_GetEcDomain(domain);
 
     /**

diff --git a/pkg/driver_cryptocell_310/psa_cryptocell_310/ecc_ed25519.c b/pkg/driver_cryptocell_310/psa_cryptocell_310/ecc_ed25519.c
@@ -67,6 +67,11 @@ psa_status_t psa_derive_ecc_ed25519_public_key( const uint8_t *priv_key_buffer,
     CRYS_ECEDW_TempBuff_t tmp;
     CRYSError_t ret;
 
+    if (!cryptocell_310_data_within_ram(priv_key_buffer)) {
+        DEBUG("%s : cryptocell_310 data required to be in RAM.\n", RIOT_FILE_RELATIVE);
+        return PSA_ERROR_DATA_INVALID;
+    }
+
     /* contains seed (private key), concatenated with public key */
     uint8_t secret_key[CRYS_ECEDW_ORD_SIZE_IN_BYTES + CRYS_ECEDW_MOD_SIZE_IN_BYTES] = { 0x0 };
     size_t secret_key_size = sizeof(secret_key);
@@ -100,6 +105,13 @@ psa_status_t psa_ecc_ed25519_sign_message(const uint8_t *priv_key_buffer,
     CRYS_ECEDW_TempBuff_t tmp;
     CRYSError_t ret;
 
+    if (!cryptocell_310_data_within_ram(priv_key_buffer) ||
+        !cryptocell_310_data_within_ram(pub_key_buffer) ||
+        !cryptocell_310_data_within_ram(input)) {
+        DEBUG("%s : cryptocell_310 data required to be in RAM.\n", RIOT_FILE_RELATIVE);
+        return PSA_ERROR_DATA_INVALID;
+    }
+
     if (input_length > (CRYS_HASH_UPDATE_DATA_MAX_SIZE_IN_BYTES - CRYS_ECEDW_SIGNATURE_BYTES)) {
         return PSA_ERROR_NOT_SUPPORTED;
     }
@@ -140,6 +152,13 @@ psa_status_t psa_ecc_ed25519_verify_message(const uint8_t *key_buffer,
     CRYS_ECEDW_TempBuff_t tmp;
     CRYSError_t ret;
 
+    if (!cryptocell_310_data_within_ram(key_buffer) ||
+        !cryptocell_310_data_within_ram(input) ||
+        !cryptocell_310_data_within_ram(signature)) {
+        DEBUG("%s : cryptocell_310 data required to be in RAM.\n", RIOT_FILE_RELATIVE);
+        return PSA_ERROR_DATA_INVALID;
+    }
+
     if (input_length > (CRYS_HASH_UPDATE_DATA_MAX_SIZE_IN_BYTES - CRYS_ECEDW_SIGNATURE_BYTES)) {
         return PSA_ERROR_NOT_SUPPORTED;
     }

diff --git a/pkg/driver_cryptocell_310/psa_cryptocell_310/hashes_common.c b/pkg/driver_cryptocell_310/psa_cryptocell_310/hashes_common.c
@@ -48,6 +48,11 @@ psa_status_t cryptocell_310_common_hash_update(CRYS_HASHUserContext_t *ctx,
     size_t offset = 0;
     size_t size;
 
+    if (!cryptocell_310_data_within_ram(input)) {
+        DEBUG("%s : cryptocell_310 data required to be in RAM.\n", RIOT_FILE_RELATIVE);
+        return PSA_ERROR_DATA_INVALID;
+    }
+
     do {
         if (input_length > CC310_MAX_HASH_INPUT_BLOCK) {
             size = CC310_MAX_HASH_INPUT_BLOCK;

diff --git a/pkg/driver_cryptocell_310/psa_cryptocell_310/hmac.c b/pkg/driver_cryptocell_310/psa_cryptocell_310/hmac.c
@@ -21,6 +21,7 @@
 #include "psa/crypto.h"
 #include "psa_error.h"
 
+#include "cryptocell_310_util.h"
 #include "crys_hmac.h"
 #include "crys_hmac_error.h"
 
@@ -40,6 +41,12 @@ psa_status_t psa_mac_compute_hmac_sha256(const psa_key_attributes_t *attributes,
     size_t required_mac_length =
         PSA_MAC_LENGTH(attributes->type, attributes->bits, PSA_ALG_SHA_256);
 
+    if (!cryptocell_310_data_within_ram(key_buffer) ||
+        !cryptocell_310_data_within_ram(input)) {
+        DEBUG("%s : cryptocell_310 data required to be in RAM.\n", RIOT_FILE_RELATIVE);
+        return PSA_ERROR_DATA_INVALID;
+    }
+
     if (mac_size < required_mac_length) {
         return PSA_ERROR_BUFFER_TOO_SMALL;
     }

diff --git a/tests/sys/psa_crypto_cipher/example_cipher_aes_128.c b/tests/sys/psa_crypto_cipher/example_cipher_aes_128.c
@@ -32,6 +32,8 @@ static const uint8_t KEY_128[] = {
     0xab, 0xf7, 0x15, 0x88, 0x09, 0xcf, 0x4f, 0x3c
 };
 
+/* certain PSA backends require the data to be in RAM rather than ROM
+ * so these values cannot be `const` */
 static uint8_t PLAINTEXT[] = {
     0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96,
     0xe9, 0x3d, 0x7e, 0x11, 0x73, 0x93, 0x17, 0x2a,

diff --git a/tests/sys/psa_crypto_cipher/example_cipher_chacha20.c b/tests/sys/psa_crypto_cipher/example_cipher_chacha20.c
@@ -30,8 +30,8 @@ static const uint8_t KEY_CHACHA20[] = {
     0x00, 0x08, 0x9a, 0x8b, 0x86, 0x55, 0x2e, 0x9a
 };
 
-/* This cannot be const, as the Cryptocell hardware implementation does not have
-   DMA access to flash storage, which contains the global const values */
+/* certain PSA backends require the data to be in RAM rather than ROM
+ * so these values cannot be `const` */
 static uint8_t PLAINTEXT[] = {
     0x48, 0x65, 0x6C, 0x6C, 0x6F, 0x20, 0x52, 0x49, 0x4F, 0x54, 0x21, 0x20,
     0x54, 0x68, 0x65, 0x20, 0x41, 0x6E, 0x73, 0x77, 0x65, 0x72, 0x20, 0x69,

diff --git a/tests/sys/psa_crypto_ecdsa/test_ecdsa_p256_vectors.c b/tests/sys/psa_crypto_ecdsa/test_ecdsa_p256_vectors.c
@@ -40,9 +40,10 @@ static const uint8_t public_key[] = {0x04, 0x60, 0xFE, 0xD4, 0xBA, 0x25, 0x5A, 0
     0x1A, 0xE9, 0xE9, 0x56, 0x28, 0xBC, 0x64, 0xF2, 0xF1, 0xB2, 0x0C, 0x2D, 0x7E, 0x9F, 0x51, 0x77,
     0xA3, 0xC2, 0x94, 0xD4, 0x46, 0x22, 0x99};
 
-static const uint8_t message[6] = "sample";
-
-static const uint8_t signature[] = {0xEF, 0xD4, 0x8B, 0x2A, 0xAC, 0xB6, 0xA8, 0xFD, 0x11, 0x40,
+/* certain PSA backends require the data to be in RAM rather than ROM
+ * so these values cannot be `const` */
+static uint8_t message[6] = "sample";
+static uint8_t signature[] = {0xEF, 0xD4, 0x8B, 0x2A, 0xAC, 0xB6, 0xA8, 0xFD, 0x11, 0x40,
     0xDD, 0x9C, 0xD4, 0x5E, 0x81, 0xD6, 0x9D, 0x2C, 0x87, 0x7B, 0x56, 0xAA, 0xF9, 0x91, 0xC3, 0x4D,
     0x0E, 0xA8, 0x4E, 0xAF, 0x37, 0x16, 0xF7, 0xCB, 0x1C, 0x94, 0x2D, 0x65, 0x7C, 0x41, 0xD4, 0x36,
     0xC7, 0xA1, 0xB6, 0xE2, 0x9F, 0x65, 0xF3, 0xE9, 0x00, 0xDB, 0xB9, 0xAF, 0xF4, 0x06, 0x4D, 0xC4,

diff --git a/tests/sys/psa_crypto_hashes/Makefile b/tests/sys/psa_crypto_hashes/Makefile
@@ -18,3 +18,5 @@ USEMODULE += psa_hash_sha_512_224
 USEMODULE += psa_hash_sha_512_256
 
 include $(RIOTBASE)/Makefile.include
+
+CFLAGS += -DTHREAD_STACKSIZE_MAIN=2048
diff --git a/tests/sys/psa_crypto_hashes/example_hash.c b/tests/sys/psa_crypto_hashes/example_hash.c
@@ -25,8 +25,10 @@
 
 #include "psa/crypto.h"
 
-static const uint8_t msg[] = "Hello World!";
-static const size_t msg_len = sizeof(msg)-1; // exclude NULL-byte
+/* certain PSA backends require the data to be in RAM rather than ROM
+ * so these values cannot be `const` */
+static uint8_t msg[] = "Hello World!";
+static size_t msg_len = sizeof(msg)-1; // exclude NULL-byte
 
 static const uint8_t hash_sha224[] = {
     0x45, 0x75, 0xbb, 0x4e, 0xc1, 0x29, 0xdf, 0x63, 0x80, 0xce, 0xdd, 0xe6, 0xd7,
@@ -61,6 +63,60 @@ static const uint8_t hash_sha512_256[] = {
     0x72, 0x3a, 0x26, 0x71, 0x0e, 0x46, 0x76, 0x13, 0x01, 0xc8, 0xb5, 0x4c, 0x56,
     0xfa, 0x72, 0x22, 0x67, 0x58, 0x1a};
 
+static uint8_t msg_long[] = {
+    0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
+    0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
+    0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
+    0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
+    0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
+    0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
+    0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
+    0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
+    0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
+    0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
+    0xaa
+};
+
+static const uint8_t hash_long_sha224[] = {
+    0x89, 0xf0, 0xbf, 0x9d, 0x18, 0xe3, 0x68, 0x66, 0xb9, 0x19, 0x8d, 0x9d, 0x1b,
+    0xa9, 0x9f, 0x4c, 0xa7, 0xcb, 0x83, 0x9c, 0xf9, 0x7c, 0xd9, 0x71, 0xe3, 0xef,
+    0x41, 0x6c
+};
+
+static const uint8_t hash_long_sha256[] = {
+    0x45, 0xad, 0x4b, 0x37, 0xc6, 0xe2, 0xfc, 0x0a, 0x2c, 0xfc, 0xc1, 0xb5, 0xda,
+    0x52, 0x41, 0x32, 0xec, 0x70, 0x76, 0x15, 0xc2, 0xca, 0xe1, 0xdb, 0xbc, 0x43,
+    0xc9, 0x7a, 0xa5, 0x21, 0xdb, 0x81
+};
+
+static const uint8_t hash_long_sha384[] = {
+    0xad, 0x51, 0xdd, 0xb7, 0x80, 0x48, 0x4e, 0xc6, 0xce, 0xb4, 0x96, 0xbc, 0xc1,
+    0xe2, 0x4e, 0xf8, 0x23, 0x20, 0xe2, 0xe2, 0x68, 0x7d, 0x6c, 0xba, 0xef, 0x37,
+    0xcf, 0x9f, 0x47, 0xc5, 0xa6, 0xfd, 0xda, 0xe5, 0x19, 0xe9, 0x6c, 0x98, 0x6f,
+    0x45, 0x97, 0x5d, 0xbc, 0x31, 0xb8, 0x09, 0x91, 0x37
+};
+
+static const uint8_t hash_long_sha512[] = {
+    0xe1, 0xb5, 0x2c, 0x4f, 0xf8, 0xce, 0x9c, 0x4b, 0x60, 0xbd, 0x8e, 0xc7, 0x85,
+    0xab, 0x7b, 0xf3, 0xdf, 0xfc, 0x70, 0x23, 0xf7, 0xc5, 0x15, 0x88, 0xf9, 0x6b,
+    0x94, 0xee, 0xba, 0x80, 0xca, 0x3b, 0x9b, 0x9e, 0xd0, 0x5a, 0xb2, 0xac, 0x87,
+    0x97, 0xbb, 0x70, 0x39, 0xd6, 0x81, 0xf2, 0xe4, 0x1f, 0xcf, 0xe6, 0xdd, 0xda,
+    0xb2, 0xe9, 0x51, 0x22, 0xd9, 0xc7, 0x16, 0xc2, 0xb8, 0x40, 0x6b, 0xd4
+};
+
+static const uint8_t hash_long_sha512_224[] = {
+    0x6f, 0xcd, 0x48, 0x1d, 0x5c, 0x9a, 0xc8, 0x8d, 0x27, 0x91, 0x91, 0xd0, 0xbf,
+    0x19, 0x2d, 0x77, 0xd9, 0x7b, 0x35, 0x64, 0x82, 0x6d, 0xd3, 0xe4, 0xef, 0xb7,
+    0xc1, 0xc2
+};
+
+static const uint8_t hash_long_sha512_256[] = {
+    0x51, 0x28, 0xb1, 0xa1, 0x72, 0x14, 0xe7, 0x4b, 0x76, 0xb5, 0x28, 0x51, 0xab,
+    0xc0, 0xec, 0xc0, 0x99, 0x56, 0x32, 0x77, 0xcd, 0x20, 0x78, 0xa7, 0x56, 0x4f,
+    0x63, 0x52, 0x68, 0x81, 0x4a, 0xce
+};
+
+
 /**
  * @brief   Example function to use different hash algorithms
  *          with the PSA Crypto API.
@@ -101,5 +157,35 @@ psa_status_t example_hash(void)
         return status;
     }
 
+    status = psa_hash_compare(PSA_ALG_SHA_224, msg_long, sizeof(msg_long), hash_long_sha224, sizeof(hash_long_sha224));
+    if (status != PSA_SUCCESS) {
+        return status;
+    }
+
+    status = psa_hash_compare(PSA_ALG_SHA_256, msg_long, sizeof(msg_long), hash_long_sha256, sizeof(hash_long_sha256));
+    if (status != PSA_SUCCESS) {
+        return status;
+    }
+
+    status = psa_hash_compare(PSA_ALG_SHA_384, msg_long, sizeof(msg_long), hash_long_sha384, sizeof(hash_long_sha384));
+    if (status != PSA_SUCCESS) {
+        return status;
+    }
+
+    status = psa_hash_compare(PSA_ALG_SHA_512, msg_long, sizeof(msg_long), hash_long_sha512, sizeof(hash_long_sha512));
+    if (status != PSA_SUCCESS) {
+        return status;
+    }
+
+    status = psa_hash_compare(PSA_ALG_SHA_512_224, msg_long, sizeof(msg_long), hash_long_sha512_224, sizeof(hash_long_sha512_224));
+    if (status != PSA_SUCCESS) {
+        return status;
+    }
+
+    status = psa_hash_compare(PSA_ALG_SHA_512_256, msg_long, sizeof(msg_long), hash_long_sha512_256, sizeof(hash_long_sha512_256));
+    if (status != PSA_SUCCESS) {
+        return status;
+    }
+
     return status;
 }
diff --git a/tests/sys/psa_crypto_hashes/example_sha3_glue.c b/tests/sys/psa_crypto_hashes/example_sha3_glue.c
@@ -20,6 +20,8 @@
 
 #include "psa/crypto.h"
 
+/* certain PSA backends require the data to be in RAM rather than ROM
+ * so these values cannot be `const` */
 static const uint8_t msg[] = "Hello World!";
 static const size_t msg_len = sizeof(msg)-1; // exclude NULL-byte
 

diff --git a/tests/sys/psa_crypto_mac/example_hmac_sha256.c b/tests/sys/psa_crypto_mac/example_hmac_sha256.c
@@ -32,7 +32,9 @@ static const uint8_t HMAC_KEY[] = {
 };
 static size_t HMAC_KEY_LEN = 32;
 
-static const uint8_t HMAC_MSG[] = {
+/* certain PSA backends require the data to be in RAM rather than ROM
+ * so these values cannot be `const` */
+static uint8_t HMAC_MSG[] = {
     0x54, 0x68, 0x69, 0x73, 0x20, 0x69, 0x73, 0x20,
     0x61, 0x20, 0x74, 0x65, 0x73, 0x74, 0x73, 0x74,
     0x72, 0x69, 0x6e, 0x67, 0x20, 0x66, 0x6f, 0x72,
Original file line number	Diff line number	Diff line change
Expand Up		@@ -18,3 +18,5 @@ USEMODULE += psa_hash_sha_512_224
		USEMODULE += psa_hash_sha_512_256

		include $(RIOTBASE)/Makefile.include

		CFLAGS += -DTHREAD_STACKSIZE_MAIN=2048