Crypto: Align implementation to pass PSA API compliance
-- Enable the option to specify maximum supported key
length and maximum number of key slots at build time
for the key module
-- Enable the option to specify internal buffer size
for scratch allocation at build time for the
engine module
-- Make sure that MD-2 and MD-4 hashes are enabled and
supported by the back end as they are tested by the
PSA API compliance tests
-- Other alignment needed to pass PSA API compliance
tests, as changes in return codes, more error
checking, and documentation update when needed
Change-Id: I4bb78b06de2fa01580c4cbd361c946d32c614240
Signed-off-by: Jamie Fox <jamie.fox@arm.com>
Co-Authored-by: Antonio de Angelis <antonio.deangelis@arm.com>
diff --git a/secure_fw/services/crypto/crypto_engine.c b/secure_fw/services/crypto/crypto_engine.c
index f9fe896..dd09481 100644
--- a/secure_fw/services/crypto/crypto_engine.c
+++ b/secure_fw/services/crypto/crypto_engine.c
@@ -14,11 +14,19 @@
*/
#include "crypto_engine.h"
+/**
+ * \brief Default value for the size of the static buffer used by the Engine
+ * module as a scratch buffer for its own internal allocations
+ */
+#ifndef TFM_CRYPTO_ENGINE_BUF_SIZE
+#define TFM_CRYPTO_ENGINE_BUF_SIZE (1024)
+#endif
+
#if defined(TFM_CRYPTO_ENGINE_MBEDTLS)
/**
* \brief Buffer size used by Mbed TLS for its allocations
*/
-#define TFM_CRYPTO_MBEDTLS_MEM_BUF_LEN (1024)
+#define TFM_CRYPTO_MBEDTLS_MEM_BUF_LEN (TFM_CRYPTO_ENGINE_BUF_SIZE)
/**
* \brief Static buffer to be used by Mbed TLS for memory allocations
@@ -221,8 +229,14 @@
return PSA_SUCCESS;
}
- /* FIXME: For the time being map all errors to PSA_ERROR_UNKNOW_ERROR */
+ /* FIXME: Investigate all possible Mbed TLS errors and map them
+ * to the the correct corresponding PSA status
+ */
switch (ret) {
+ case MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED:
+ return PSA_ERROR_INVALID_ARGUMENT;
+ case MBEDTLS_ERR_CIPHER_AUTH_FAILED:
+ return PSA_ERROR_INVALID_SIGNATURE;
default:
return PSA_ERROR_UNKNOWN_ERROR;
}