Crypto: Align implementation to pass PSA API compliance
-- Enable the option to specify maximum supported key
length and maximum number of key slots at build time
for the key module
-- Enable the option to specify internal buffer size
for scratch allocation at build time for the
engine module
-- Make sure that MD-2 and MD-4 hashes are enabled and
supported by the back end as they are tested by the
PSA API compliance tests
-- Other alignment needed to pass PSA API compliance
tests, as changes in return codes, more error
checking, and documentation update when needed
Change-Id: I4bb78b06de2fa01580c4cbd361c946d32c614240
Signed-off-by: Jamie Fox <jamie.fox@arm.com>
Co-Authored-by: Antonio de Angelis <antonio.deangelis@arm.com>
diff --git a/secure_fw/services/crypto/crypto_mac.c b/secure_fw/services/crypto/crypto_mac.c
index 25a98da..a13a00b 100644
--- a/secure_fw/services/crypto/crypto_mac.c
+++ b/secure_fw/services/crypto/crypto_mac.c
@@ -15,6 +15,16 @@
#include "tfm_crypto_api.h"
#include "crypto_utils.h"
+/**
+ * \def CRYPTO_HMAC_MAX_KEY_LENGTH
+ *
+ * \brief Specifies the maximum key length supported by the
+ * HMAC operations in this implementation
+ */
+#ifndef CRYPTO_HMAC_MAX_KEY_LENGTH
+#define CRYPTO_HMAC_MAX_KEY_LENGTH (32)
+#endif
+
static void mac_zeroize(void *data, size_t size)
{
tfm_memset(data, 0, size);
@@ -54,7 +64,7 @@
enum tfm_crypto_err_t err;
psa_key_type_t key_type;
size_t key_size;
- uint8_t key_data[TFM_CRYPTO_MAX_KEY_LENGTH];
+ uint8_t key_data[CRYPTO_HMAC_MAX_KEY_LENGTH];
uint8_t hashed_key[PSA_HMAC_MAX_HASH_BLOCK_SIZE];
size_t block_size;
uint8_t ipad[PSA_HMAC_MAX_HASH_BLOCK_SIZE];
@@ -86,7 +96,7 @@
usage,
alg,
key_data,
- TFM_CRYPTO_MAX_KEY_LENGTH,
+ CRYPTO_HMAC_MAX_KEY_LENGTH,
&key_size);
if (err != TFM_CRYPTO_ERR_PSA_SUCCESS) {
return err;