diff --git a/examples/psa_crypto/example_hash.c b/examples/psa_crypto/example_hash.c index 0f7990a8e92c..88d06afcff1f 100644 --- a/examples/psa_crypto/example_hash.c +++ b/examples/psa_crypto/example_hash.c @@ -22,8 +22,10 @@ #include "psa/crypto.h" -static const uint8_t msg[] = "Hello World!"; -static const size_t msg_len = sizeof(msg)-1; // exclude NULL-byte +/* certain PSA backends require the data to be in RAM rather than ROM + * so these values cannot be `const` */ +static uint8_t msg[] = "Hello World!"; +static size_t msg_len = sizeof(msg)-1; // exclude NULL-byte static const uint8_t hash_sha224[] = { 0x45, 0x75, 0xbb, 0x4e, 0xc1, 0x29, 0xdf, 0x63, 0x80, 0xce, 0xdd, 0xe6, 0xd7, diff --git a/examples/psa_crypto/example_hmac_sha256.c b/examples/psa_crypto/example_hmac_sha256.c index 712cad3a17c1..a5e248d12f48 100644 --- a/examples/psa_crypto/example_hmac_sha256.c +++ b/examples/psa_crypto/example_hmac_sha256.c @@ -30,7 +30,9 @@ static const uint8_t HMAC_KEY[] = { }; static size_t HMAC_KEY_LEN = 32; -static const uint8_t HMAC_MSG[] = { +/* certain PSA backends require the data to be in RAM rather than ROM + * so these values cannot be `const` */ +static uint8_t HMAC_MSG[] = { 0x54, 0x68, 0x69, 0x73, 0x20, 0x69, 0x73, 0x20, 0x61, 0x20, 0x74, 0x65, 0x73, 0x74, 0x73, 0x74, 0x72, 0x69, 0x6e, 0x67, 0x20, 0x66, 0x6f, 0x72, diff --git a/pkg/driver_cryptocell_310/doc.txt b/pkg/driver_cryptocell_310/doc.txt index 71a8804ef928..77e140d94fab 100644 --- a/pkg/driver_cryptocell_310/doc.txt +++ b/pkg/driver_cryptocell_310/doc.txt @@ -7,4 +7,12 @@ * @note The source of this package is not a git repository, but a zip file downloaded * from the Nordic Semiconductor software center. It is quite large and takes a * while to download. + * + * @warning The CryptoCell 310 peripheral on the nRF52840 MCU can only access data residing in RAM, + * not in ROM (see [nRF52840 Product Specification], Section 6.6.7). + * When using this driver as a backend for PSA Crypto API, API function will return + * `PSA_ERROR_DATA_INVALID` when provided input data resides in ROM. + * + * [nRF52840 Product Specification]: https://docs-be.nordicsemi.com/bundle/ps_nrf52840/attach/nRF52840_PS_v1.11.pdf + * */ diff --git a/pkg/driver_cryptocell_310/include/cryptocell_310_util.h b/pkg/driver_cryptocell_310/include/cryptocell_310_util.h index 540617ee08cf..c49e135f959f 100644 --- a/pkg/driver_cryptocell_310/include/cryptocell_310_util.h +++ b/pkg/driver_cryptocell_310/include/cryptocell_310_util.h @@ -23,10 +23,6 @@ extern "C" { #endif -#ifdef CPU_NRF52 -#define CHECK_POINTER_DMA_ACCESS(p) ((unsigned int)p >= 0x20000000 ? (unsigned int)p < 0x40000000 : 0) -#endif - /** * @brief Enable CryptoCell module and IRQs. * @@ -43,6 +39,17 @@ void cryptocell_310_enable(void); */ void cryptocell_310_disable(void); +/** + * @brief Check whether the given data resides in RAM + * + * Should be called on every const input that will be passed + * on to the CryptoCell peripheral. + */ +static inline bool cryptocell_310_data_within_ram(const uint8_t* data) +{ + return ((int)data >= CPU_RAM_BASE && (int)data < CPU_RAM_BASE + CPU_RAM_SIZE); +} + /** * @brief Enables CryptoCell module, IRQs and crypto libraries on nrf52840. * diff --git a/pkg/driver_cryptocell_310/psa_cryptocell_310/aes_common.c b/pkg/driver_cryptocell_310/psa_cryptocell_310/aes_common.c index c782cf09b713..df57af2023e2 100644 --- a/pkg/driver_cryptocell_310/psa_cryptocell_310/aes_common.c +++ b/pkg/driver_cryptocell_310/psa_cryptocell_310/aes_common.c @@ -40,6 +40,12 @@ psa_status_t cryptocell_310_common_aes_setup(SaSiAesUserContext_t *ctx, { SaSiAesUserKeyData_t key; + if (!cryptocell_310_data_within_ram(iv) || + !cryptocell_310_data_within_ram(key_buffer)) { + DEBUG("%s : cryptocell_310 data required to be in RAM.\n", RIOT_FILE_RELATIVE); + return PSA_ERROR_DATA_INVALID; + } + SaSiStatus ret = SaSi_AesInit(ctx, direction, mode, padding); if (ret != SASI_OK) { DEBUG("SaSi_AesInit failed with %s\n", cryptocell310_status_to_humanly_readable(ret)); @@ -77,6 +83,11 @@ psa_status_t cryptocell_310_common_aes_encrypt_decrypt(SaSiAesUserContext_t *ctx size_t length = input_length; *output_length = output_size; + if (!cryptocell_310_data_within_ram(input)) { + DEBUG("%s : cryptocell_310 data required to be in RAM.\n", RIOT_FILE_RELATIVE); + return PSA_ERROR_DATA_INVALID; + } + do { if (length > CC310_MAX_AES_INPUT_BLOCK) { size = CC310_MAX_AES_INPUT_BLOCK; diff --git a/pkg/driver_cryptocell_310/psa_cryptocell_310/cipher_chacha20.c b/pkg/driver_cryptocell_310/psa_cryptocell_310/cipher_chacha20.c index 58e35321fc36..99ee988d5872 100644 --- a/pkg/driver_cryptocell_310/psa_cryptocell_310/cipher_chacha20.c +++ b/pkg/driver_cryptocell_310/psa_cryptocell_310/cipher_chacha20.c @@ -42,9 +42,8 @@ psa_status_t psa_cipher_chacha20_encrypt(uint8_t *key_buffer, DEBUG("Peripheral ChaCha20 Cipher encryption"); psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - if (!CHECK_POINTER_DMA_ACCESS(key_buffer) || - !CHECK_POINTER_DMA_ACCESS(input) || - !CHECK_POINTER_DMA_ACCESS(output)) { + if (!cryptocell_310_data_within_ram(input)) { + DEBUG("%s : cryptocell_310 data required to be in RAM.\n", RIOT_FILE_RELATIVE); return PSA_ERROR_DATA_INVALID; } @@ -91,9 +90,8 @@ psa_status_t psa_cipher_chacha20_decrypt(uint8_t *key_buffer, DEBUG("Peripheral ChaCha20 Cipher decryption"); psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - if (!CHECK_POINTER_DMA_ACCESS(key_buffer) || - !CHECK_POINTER_DMA_ACCESS(input) || - !CHECK_POINTER_DMA_ACCESS(output)) { + if (!cryptocell_310_data_within_ram(input)) { + DEBUG("%s : cryptocell_310 data required to be in RAM.\n", RIOT_FILE_RELATIVE); return PSA_ERROR_DATA_INVALID; } diff --git a/pkg/driver_cryptocell_310/psa_cryptocell_310/ecc_common.c b/pkg/driver_cryptocell_310/psa_cryptocell_310/ecc_common.c index 7be3318a9121..d35fb9d1c9ed 100644 --- a/pkg/driver_cryptocell_310/psa_cryptocell_310/ecc_common.c +++ b/pkg/driver_cryptocell_310/psa_cryptocell_310/ecc_common.c @@ -85,6 +85,12 @@ psa_status_t cryptocell_310_common_ecc_sign(const uint8_t *priv_key, CRYS_ECPKI_UserPrivKey_t user_priv_key; CRYSError_t ret = 0; + if (!cryptocell_310_data_within_ram(priv_key) || + !cryptocell_310_data_within_ram(input)) { + DEBUG("%s : cryptocell_310 data required to be in RAM.\n", RIOT_FILE_RELATIVE); + return PSA_ERROR_DATA_INVALID; + } + rndGenerateVectFunc = CRYS_RND_GenerateVector; pDomain = (CRYS_ECPKI_Domain_t *)CRYS_ECPKI_GetEcDomain(domain); @@ -122,6 +128,13 @@ psa_status_t cryptocell_310_common_ecc_verify(const uint8_t *pub_key, CRYS_ECPKI_UserPublKey_t user_pub_key; CRYSError_t ret = 0; + if (!cryptocell_310_data_within_ram(pub_key) || + !cryptocell_310_data_within_ram(input) || + !cryptocell_310_data_within_ram(signature)) { + DEBUG("%s : cryptocell_310 data required to be in RAM.\n", RIOT_FILE_RELATIVE); + return PSA_ERROR_DATA_INVALID; + } + pDomain = (CRYS_ECPKI_Domain_t *)CRYS_ECPKI_GetEcDomain(domain); /** diff --git a/pkg/driver_cryptocell_310/psa_cryptocell_310/ecc_ed25519.c b/pkg/driver_cryptocell_310/psa_cryptocell_310/ecc_ed25519.c index f32d62c07e23..a5443755794c 100644 --- a/pkg/driver_cryptocell_310/psa_cryptocell_310/ecc_ed25519.c +++ b/pkg/driver_cryptocell_310/psa_cryptocell_310/ecc_ed25519.c @@ -67,6 +67,11 @@ psa_status_t psa_derive_ecc_ed25519_public_key( const uint8_t *priv_key_buffer, CRYS_ECEDW_TempBuff_t tmp; CRYSError_t ret; + if (!cryptocell_310_data_within_ram(priv_key_buffer)) { + DEBUG("%s : cryptocell_310 data required to be in RAM.\n", RIOT_FILE_RELATIVE); + return PSA_ERROR_DATA_INVALID; + } + /* contains seed (private key), concatenated with public key */ uint8_t secret_key[CRYS_ECEDW_ORD_SIZE_IN_BYTES + CRYS_ECEDW_MOD_SIZE_IN_BYTES] = { 0x0 }; size_t secret_key_size = sizeof(secret_key); @@ -100,6 +105,13 @@ psa_status_t psa_ecc_ed25519_sign_message(const uint8_t *priv_key_buffer, CRYS_ECEDW_TempBuff_t tmp; CRYSError_t ret; + if (!cryptocell_310_data_within_ram(priv_key_buffer) || + !cryptocell_310_data_within_ram(pub_key_buffer) || + !cryptocell_310_data_within_ram(input)) { + DEBUG("%s : cryptocell_310 data required to be in RAM.\n", RIOT_FILE_RELATIVE); + return PSA_ERROR_DATA_INVALID; + } + if (input_length > (CRYS_HASH_UPDATE_DATA_MAX_SIZE_IN_BYTES - CRYS_ECEDW_SIGNATURE_BYTES)) { return PSA_ERROR_NOT_SUPPORTED; } @@ -140,6 +152,13 @@ psa_status_t psa_ecc_ed25519_verify_message(const uint8_t *key_buffer, CRYS_ECEDW_TempBuff_t tmp; CRYSError_t ret; + if (!cryptocell_310_data_within_ram(key_buffer) || + !cryptocell_310_data_within_ram(input) || + !cryptocell_310_data_within_ram(signature)) { + DEBUG("%s : cryptocell_310 data required to be in RAM.\n", RIOT_FILE_RELATIVE); + return PSA_ERROR_DATA_INVALID; + } + if (input_length > (CRYS_HASH_UPDATE_DATA_MAX_SIZE_IN_BYTES - CRYS_ECEDW_SIGNATURE_BYTES)) { return PSA_ERROR_NOT_SUPPORTED; } diff --git a/pkg/driver_cryptocell_310/psa_cryptocell_310/hashes_common.c b/pkg/driver_cryptocell_310/psa_cryptocell_310/hashes_common.c index e999ee011f20..b518dad916b3 100644 --- a/pkg/driver_cryptocell_310/psa_cryptocell_310/hashes_common.c +++ b/pkg/driver_cryptocell_310/psa_cryptocell_310/hashes_common.c @@ -48,6 +48,11 @@ psa_status_t cryptocell_310_common_hash_update(CRYS_HASHUserContext_t *ctx, size_t offset = 0; size_t size; + if (!cryptocell_310_data_within_ram(input)) { + DEBUG("%s : cryptocell_310 data required to be in RAM.\n", RIOT_FILE_RELATIVE); + return PSA_ERROR_DATA_INVALID; + } + do { if (input_length > CC310_MAX_HASH_INPUT_BLOCK) { size = CC310_MAX_HASH_INPUT_BLOCK; diff --git a/pkg/driver_cryptocell_310/psa_cryptocell_310/hmac.c b/pkg/driver_cryptocell_310/psa_cryptocell_310/hmac.c index 4bb691666f8b..0893dcec7114 100644 --- a/pkg/driver_cryptocell_310/psa_cryptocell_310/hmac.c +++ b/pkg/driver_cryptocell_310/psa_cryptocell_310/hmac.c @@ -21,6 +21,7 @@ #include "psa/crypto.h" #include "psa_error.h" +#include "cryptocell_310_util.h" #include "crys_hmac.h" #include "crys_hmac_error.h" @@ -40,6 +41,12 @@ psa_status_t psa_mac_compute_hmac_sha256(const psa_key_attributes_t *attributes, size_t required_mac_length = PSA_MAC_LENGTH(attributes->type, attributes->bits, PSA_ALG_SHA_256); + if (!cryptocell_310_data_within_ram(key_buffer) || + !cryptocell_310_data_within_ram(input)) { + DEBUG("%s : cryptocell_310 data required to be in RAM.\n", RIOT_FILE_RELATIVE); + return PSA_ERROR_DATA_INVALID; + } + if (mac_size < required_mac_length) { return PSA_ERROR_BUFFER_TOO_SMALL; } diff --git a/tests/sys/psa_crypto_cipher/example_cipher_aes_128.c b/tests/sys/psa_crypto_cipher/example_cipher_aes_128.c index 41da3a8f4f68..9fe2f8b15fdd 100644 --- a/tests/sys/psa_crypto_cipher/example_cipher_aes_128.c +++ b/tests/sys/psa_crypto_cipher/example_cipher_aes_128.c @@ -32,6 +32,8 @@ static const uint8_t KEY_128[] = { 0xab, 0xf7, 0x15, 0x88, 0x09, 0xcf, 0x4f, 0x3c }; +/* certain PSA backends require the data to be in RAM rather than ROM + * so these values cannot be `const` */ static uint8_t PLAINTEXT[] = { 0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96, 0xe9, 0x3d, 0x7e, 0x11, 0x73, 0x93, 0x17, 0x2a, diff --git a/tests/sys/psa_crypto_cipher/example_cipher_chacha20.c b/tests/sys/psa_crypto_cipher/example_cipher_chacha20.c index 8e9fcd65a1d5..341aa7436d0a 100644 --- a/tests/sys/psa_crypto_cipher/example_cipher_chacha20.c +++ b/tests/sys/psa_crypto_cipher/example_cipher_chacha20.c @@ -30,8 +30,8 @@ static const uint8_t KEY_CHACHA20[] = { 0x00, 0x08, 0x9a, 0x8b, 0x86, 0x55, 0x2e, 0x9a }; -/* This cannot be const, as the Cryptocell hardware implementation does not have - DMA access to flash storage, which contains the global const values */ +/* certain PSA backends require the data to be in RAM rather than ROM + * so these values cannot be `const` */ static uint8_t PLAINTEXT[] = { 0x48, 0x65, 0x6C, 0x6C, 0x6F, 0x20, 0x52, 0x49, 0x4F, 0x54, 0x21, 0x20, 0x54, 0x68, 0x65, 0x20, 0x41, 0x6E, 0x73, 0x77, 0x65, 0x72, 0x20, 0x69, diff --git a/tests/sys/psa_crypto_ecdsa/test_ecdsa_p256_vectors.c b/tests/sys/psa_crypto_ecdsa/test_ecdsa_p256_vectors.c index 254add9410b8..c3697221d322 100644 --- a/tests/sys/psa_crypto_ecdsa/test_ecdsa_p256_vectors.c +++ b/tests/sys/psa_crypto_ecdsa/test_ecdsa_p256_vectors.c @@ -40,9 +40,10 @@ static const uint8_t public_key[] = {0x04, 0x60, 0xFE, 0xD4, 0xBA, 0x25, 0x5A, 0 0x1A, 0xE9, 0xE9, 0x56, 0x28, 0xBC, 0x64, 0xF2, 0xF1, 0xB2, 0x0C, 0x2D, 0x7E, 0x9F, 0x51, 0x77, 0xA3, 0xC2, 0x94, 0xD4, 0x46, 0x22, 0x99}; -static const uint8_t message[6] = "sample"; - -static const uint8_t signature[] = {0xEF, 0xD4, 0x8B, 0x2A, 0xAC, 0xB6, 0xA8, 0xFD, 0x11, 0x40, +/* certain PSA backends require the data to be in RAM rather than ROM + * so these values cannot be `const` */ +static uint8_t message[6] = "sample"; +static uint8_t signature[] = {0xEF, 0xD4, 0x8B, 0x2A, 0xAC, 0xB6, 0xA8, 0xFD, 0x11, 0x40, 0xDD, 0x9C, 0xD4, 0x5E, 0x81, 0xD6, 0x9D, 0x2C, 0x87, 0x7B, 0x56, 0xAA, 0xF9, 0x91, 0xC3, 0x4D, 0x0E, 0xA8, 0x4E, 0xAF, 0x37, 0x16, 0xF7, 0xCB, 0x1C, 0x94, 0x2D, 0x65, 0x7C, 0x41, 0xD4, 0x36, 0xC7, 0xA1, 0xB6, 0xE2, 0x9F, 0x65, 0xF3, 0xE9, 0x00, 0xDB, 0xB9, 0xAF, 0xF4, 0x06, 0x4D, 0xC4, diff --git a/tests/sys/psa_crypto_hashes/Makefile b/tests/sys/psa_crypto_hashes/Makefile index c8c5f795ce91..be4f457d2841 100644 --- a/tests/sys/psa_crypto_hashes/Makefile +++ b/tests/sys/psa_crypto_hashes/Makefile @@ -18,3 +18,5 @@ USEMODULE += psa_hash_sha_512_224 USEMODULE += psa_hash_sha_512_256 include $(RIOTBASE)/Makefile.include + +CFLAGS += -DTHREAD_STACKSIZE_MAIN=2048 diff --git a/tests/sys/psa_crypto_hashes/example_hash.c b/tests/sys/psa_crypto_hashes/example_hash.c index a2fa46959c0e..c758524c989f 100644 --- a/tests/sys/psa_crypto_hashes/example_hash.c +++ b/tests/sys/psa_crypto_hashes/example_hash.c @@ -25,8 +25,10 @@ #include "psa/crypto.h" -static const uint8_t msg[] = "Hello World!"; -static const size_t msg_len = sizeof(msg)-1; // exclude NULL-byte +/* certain PSA backends require the data to be in RAM rather than ROM + * so these values cannot be `const` */ +static uint8_t msg[] = "Hello World!"; +static size_t msg_len = sizeof(msg)-1; // exclude NULL-byte static const uint8_t hash_sha224[] = { 0x45, 0x75, 0xbb, 0x4e, 0xc1, 0x29, 0xdf, 0x63, 0x80, 0xce, 0xdd, 0xe6, 0xd7, @@ -61,6 +63,60 @@ static const uint8_t hash_sha512_256[] = { 0x72, 0x3a, 0x26, 0x71, 0x0e, 0x46, 0x76, 0x13, 0x01, 0xc8, 0xb5, 0x4c, 0x56, 0xfa, 0x72, 0x22, 0x67, 0x58, 0x1a}; +static uint8_t msg_long[] = { + 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, + 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, + 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, + 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, + 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, + 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, + 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, + 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, + 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, + 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, + 0xaa +}; + +static const uint8_t hash_long_sha224[] = { + 0x89, 0xf0, 0xbf, 0x9d, 0x18, 0xe3, 0x68, 0x66, 0xb9, 0x19, 0x8d, 0x9d, 0x1b, + 0xa9, 0x9f, 0x4c, 0xa7, 0xcb, 0x83, 0x9c, 0xf9, 0x7c, 0xd9, 0x71, 0xe3, 0xef, + 0x41, 0x6c +}; + +static const uint8_t hash_long_sha256[] = { + 0x45, 0xad, 0x4b, 0x37, 0xc6, 0xe2, 0xfc, 0x0a, 0x2c, 0xfc, 0xc1, 0xb5, 0xda, + 0x52, 0x41, 0x32, 0xec, 0x70, 0x76, 0x15, 0xc2, 0xca, 0xe1, 0xdb, 0xbc, 0x43, + 0xc9, 0x7a, 0xa5, 0x21, 0xdb, 0x81 +}; + +static const uint8_t hash_long_sha384[] = { + 0xad, 0x51, 0xdd, 0xb7, 0x80, 0x48, 0x4e, 0xc6, 0xce, 0xb4, 0x96, 0xbc, 0xc1, + 0xe2, 0x4e, 0xf8, 0x23, 0x20, 0xe2, 0xe2, 0x68, 0x7d, 0x6c, 0xba, 0xef, 0x37, + 0xcf, 0x9f, 0x47, 0xc5, 0xa6, 0xfd, 0xda, 0xe5, 0x19, 0xe9, 0x6c, 0x98, 0x6f, + 0x45, 0x97, 0x5d, 0xbc, 0x31, 0xb8, 0x09, 0x91, 0x37 +}; + +static const uint8_t hash_long_sha512[] = { + 0xe1, 0xb5, 0x2c, 0x4f, 0xf8, 0xce, 0x9c, 0x4b, 0x60, 0xbd, 0x8e, 0xc7, 0x85, + 0xab, 0x7b, 0xf3, 0xdf, 0xfc, 0x70, 0x23, 0xf7, 0xc5, 0x15, 0x88, 0xf9, 0x6b, + 0x94, 0xee, 0xba, 0x80, 0xca, 0x3b, 0x9b, 0x9e, 0xd0, 0x5a, 0xb2, 0xac, 0x87, + 0x97, 0xbb, 0x70, 0x39, 0xd6, 0x81, 0xf2, 0xe4, 0x1f, 0xcf, 0xe6, 0xdd, 0xda, + 0xb2, 0xe9, 0x51, 0x22, 0xd9, 0xc7, 0x16, 0xc2, 0xb8, 0x40, 0x6b, 0xd4 +}; + +static const uint8_t hash_long_sha512_224[] = { + 0x6f, 0xcd, 0x48, 0x1d, 0x5c, 0x9a, 0xc8, 0x8d, 0x27, 0x91, 0x91, 0xd0, 0xbf, + 0x19, 0x2d, 0x77, 0xd9, 0x7b, 0x35, 0x64, 0x82, 0x6d, 0xd3, 0xe4, 0xef, 0xb7, + 0xc1, 0xc2 +}; + +static const uint8_t hash_long_sha512_256[] = { + 0x51, 0x28, 0xb1, 0xa1, 0x72, 0x14, 0xe7, 0x4b, 0x76, 0xb5, 0x28, 0x51, 0xab, + 0xc0, 0xec, 0xc0, 0x99, 0x56, 0x32, 0x77, 0xcd, 0x20, 0x78, 0xa7, 0x56, 0x4f, + 0x63, 0x52, 0x68, 0x81, 0x4a, 0xce +}; + + /** * @brief Example function to use different hash algorithms * with the PSA Crypto API. @@ -101,5 +157,35 @@ psa_status_t example_hash(void) return status; } + status = psa_hash_compare(PSA_ALG_SHA_224, msg_long, sizeof(msg_long), hash_long_sha224, sizeof(hash_long_sha224)); + if (status != PSA_SUCCESS) { + return status; + } + + status = psa_hash_compare(PSA_ALG_SHA_256, msg_long, sizeof(msg_long), hash_long_sha256, sizeof(hash_long_sha256)); + if (status != PSA_SUCCESS) { + return status; + } + + status = psa_hash_compare(PSA_ALG_SHA_384, msg_long, sizeof(msg_long), hash_long_sha384, sizeof(hash_long_sha384)); + if (status != PSA_SUCCESS) { + return status; + } + + status = psa_hash_compare(PSA_ALG_SHA_512, msg_long, sizeof(msg_long), hash_long_sha512, sizeof(hash_long_sha512)); + if (status != PSA_SUCCESS) { + return status; + } + + status = psa_hash_compare(PSA_ALG_SHA_512_224, msg_long, sizeof(msg_long), hash_long_sha512_224, sizeof(hash_long_sha512_224)); + if (status != PSA_SUCCESS) { + return status; + } + + status = psa_hash_compare(PSA_ALG_SHA_512_256, msg_long, sizeof(msg_long), hash_long_sha512_256, sizeof(hash_long_sha512_256)); + if (status != PSA_SUCCESS) { + return status; + } + return status; } diff --git a/tests/sys/psa_crypto_hashes/example_sha3_glue.c b/tests/sys/psa_crypto_hashes/example_sha3_glue.c index 8f8a5bc9a2e5..b9100844b217 100644 --- a/tests/sys/psa_crypto_hashes/example_sha3_glue.c +++ b/tests/sys/psa_crypto_hashes/example_sha3_glue.c @@ -20,6 +20,8 @@ #include "psa/crypto.h" +/* certain PSA backends require the data to be in RAM rather than ROM + * so these values cannot be `const` */ static const uint8_t msg[] = "Hello World!"; static const size_t msg_len = sizeof(msg)-1; // exclude NULL-byte diff --git a/tests/sys/psa_crypto_mac/example_hmac_sha256.c b/tests/sys/psa_crypto_mac/example_hmac_sha256.c index 43c48c97bd2d..77c0611136d9 100644 --- a/tests/sys/psa_crypto_mac/example_hmac_sha256.c +++ b/tests/sys/psa_crypto_mac/example_hmac_sha256.c @@ -32,7 +32,9 @@ static const uint8_t HMAC_KEY[] = { }; static size_t HMAC_KEY_LEN = 32; -static const uint8_t HMAC_MSG[] = { +/* certain PSA backends require the data to be in RAM rather than ROM + * so these values cannot be `const` */ +static uint8_t HMAC_MSG[] = { 0x54, 0x68, 0x69, 0x73, 0x20, 0x69, 0x73, 0x20, 0x61, 0x20, 0x74, 0x65, 0x73, 0x74, 0x73, 0x74, 0x72, 0x69, 0x6e, 0x67, 0x20, 0x66, 0x6f, 0x72,