Add sanity tests for CMAC-(3)DES through PSA Crypto Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>

commit: 0c239659772634a01e9ebec8400e4ba4193e811b [log] [tgz]
author: Steven Cooreman <steven.cooreman@silabs.com> Fri May 07 17:27:27 2021 +0200
committer: Steven Cooreman <steven.cooreman@silabs.com> Mon May 10 11:29:13 2021 +0200
tree: a469adc6c82a0c2d180dad6ad36629129afc8dd2
parent: 02865f5cbb1eb22b4d2deb75e3d0cbbe7bb602dc [diff] [blame]
diff --git a/library/psa_crypto_mac.c b/library/psa_crypto_mac.c
index 9c44c23..6972472 100644
--- a/library/psa_crypto_mac.c
+++ b/library/psa_crypto_mac.c

@@ -195,6 +195,16 @@
                                 const uint8_t *key_buffer )
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
+
+#if defined(PSA_WANT_KEY_TYPE_DES)
+    /* Mbed TLS CMAC does not accept 3DES with only two keys, nor does it accept
+     * to do CMAC with pure DES, so return NOT_SUPPORTED here. */
+    if( psa_get_key_type( attributes ) == PSA_KEY_TYPE_DES &&
+        ( psa_get_key_bits( attributes ) == 64 ||
+          psa_get_key_bits( attributes ) == 128 ) )
+        return( PSA_ERROR_NOT_SUPPORTED );
+#endif
+
     const mbedtls_cipher_info_t * cipher_info =
         mbedtls_cipher_info_from_psa(
             PSA_ALG_CMAC,
commit	0c239659772634a01e9ebec8400e4ba4193e811b	[log] [tgz]
author	Steven Cooreman <steven.cooreman@silabs.com>	Fri May 07 17:27:27 2021 +0200
committer	Steven Cooreman <steven.cooreman@silabs.com>	Mon May 10 11:29:13 2021 +0200
tree	a469adc6c82a0c2d180dad6ad36629129afc8dd2
parent	02865f5cbb1eb22b4d2deb75e3d0cbbe7bb602dc [diff] [blame]