RIOT-OS · mguetschow · Jan 17, 2025 · Jan 17, 2025 · Jan 17, 2025 · Jan 17, 2025
diff --git a/examples/psa_crypto/example_hash.c b/examples/psa_crypto/example_hash.c
@@ -22,8 +22,8 @@
 
 #include "psa/crypto.h"
 
-static const uint8_t msg[] = "Hello World!";
-static const size_t msg_len = sizeof(msg)-1; // exclude NULL-byte
+static uint8_t msg[] = "Hello World!";
+static size_t msg_len = sizeof(msg)-1; // exclude NULL-byte
 
 static const uint8_t hash_sha224[] = {
     0x45, 0x75, 0xbb, 0x4e, 0xc1, 0x29, 0xdf, 0x63, 0x80, 0xce, 0xdd, 0xe6, 0xd7,
@@ -88,12 +88,12 @@
        return status;
    }

    status = psa_hash_compare(PSA_ALG_SHA_512_224, msg, msg_len, hash_sha512_224, sizeof(hash_sha512_224));
    if (status != PSA_SUCCESS) {
        return status;
    }

    status = psa_hash_compare(PSA_ALG_SHA_512_256, msg, msg_len, hash_sha512_256, sizeof(hash_sha512_256));
    if (status != PSA_SUCCESS) {
        return status;
    }

diff --git a/examples/psa_crypto/example_hmac_sha256.c b/examples/psa_crypto/example_hmac_sha256.c
@@ -30,7 +30,7 @@ static const uint8_t HMAC_KEY[] = {
 };
 static size_t HMAC_KEY_LEN = 32;
 
-static const uint8_t HMAC_MSG[] = {
+static uint8_t HMAC_MSG[] = {
     0x54, 0x68, 0x69, 0x73, 0x20, 0x69, 0x73, 0x20,
     0x61, 0x20, 0x74, 0x65, 0x73, 0x74, 0x73, 0x74,
     0x72, 0x69, 0x6e, 0x67, 0x20, 0x66, 0x6f, 0x72,

diff --git a/pkg/driver_cryptocell_310/include/cryptocell_310_util.h b/pkg/driver_cryptocell_310/include/cryptocell_310_util.h
@@ -23,10 +23,6 @@
 extern "C" {
 #endif
 
-#ifdef CPU_NRF52
-#define CHECK_POINTER_DMA_ACCESS(p) ((unsigned int)p >= 0x20000000 ? (unsigned int)p < 0x40000000 : 0)
-#endif
-
 /**
  * @brief   Enable CryptoCell module and IRQs.
  *
@@ -43,6 +39,17 @@ void cryptocell_310_enable(void);
  */
 void cryptocell_310_disable(void);
 
+/**
+ * @brief   Check whether the given data resides in RAM
+ *
+ *          Should be called on every const input that will be passed
+ *          on to the CryptoCell peripheral.
+ */
+static inline bool cryptocell_310_data_within_ram(const uint8_t* data)
+{
+    return ((int)data >= CPU_RAM_BASE && (int)data < CPU_RAM_BASE + CPU_RAM_SIZE);
+}
+
 /**
  * @brief   Enables CryptoCell module, IRQs and crypto libraries on nrf52840.
  *

diff --git a/pkg/driver_cryptocell_310/psa_cryptocell_310/aes_common.c b/pkg/driver_cryptocell_310/psa_cryptocell_310/aes_common.c
@@ -40,6 +40,12 @@ psa_status_t cryptocell_310_common_aes_setup(SaSiAesUserContext_t *ctx,
 {
     SaSiAesUserKeyData_t key;
 
+    if (!cryptocell_310_data_within_ram(iv) ||
+        !cryptocell_310_data_within_ram(key_buffer)) {
+        DEBUG("%s : cryptocell_310 data required to be in RAM.\n", __FILE__);
+        return PSA_ERROR_DATA_INVALID;
+    }
+
     SaSiStatus ret = SaSi_AesInit(ctx, direction, mode, padding);
     if (ret != SASI_OK) {
         DEBUG("SaSi_AesInit failed with %s\n", cryptocell310_status_to_humanly_readable(ret));
@@ -77,6 +83,11 @@ psa_status_t cryptocell_310_common_aes_encrypt_decrypt(SaSiAesUserContext_t *ctx
     size_t length = input_length;
     *output_length = output_size;
 
+    if (!cryptocell_310_data_within_ram(input)) {
+        DEBUG("%s : cryptocell_310 data required to be in RAM.\n", __FILE__);
+        return PSA_ERROR_DATA_INVALID;
+    }
+
     do {
         if (length > CC310_MAX_AES_INPUT_BLOCK) {
             size = CC310_MAX_AES_INPUT_BLOCK;

diff --git a/pkg/driver_cryptocell_310/psa_cryptocell_310/cipher_chacha20.c b/pkg/driver_cryptocell_310/psa_cryptocell_310/cipher_chacha20.c
@@ -42,9 +42,8 @@ psa_status_t psa_cipher_chacha20_encrypt(uint8_t *key_buffer,
     DEBUG("Peripheral ChaCha20 Cipher encryption");
     psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
 
-    if (!CHECK_POINTER_DMA_ACCESS(key_buffer) ||
-        !CHECK_POINTER_DMA_ACCESS(input) ||
-        !CHECK_POINTER_DMA_ACCESS(output)) {
+    if (!cryptocell_310_data_within_ram(input)) {
+        DEBUG("%s : cryptocell_310 data required to be in RAM.\n", __FILE__);
         return PSA_ERROR_DATA_INVALID;
     }
 
@@ -91,9 +90,8 @@ psa_status_t psa_cipher_chacha20_decrypt(uint8_t *key_buffer,
     DEBUG("Peripheral ChaCha20 Cipher decryption");
     psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
 
-    if (!CHECK_POINTER_DMA_ACCESS(key_buffer) ||
-        !CHECK_POINTER_DMA_ACCESS(input) ||
-        !CHECK_POINTER_DMA_ACCESS(output)) {
+    if (!cryptocell_310_data_within_ram(input)) {
+        DEBUG("%s : cryptocell_310 data required to be in RAM.\n", __FILE__);
         return PSA_ERROR_DATA_INVALID;
     }
 

diff --git a/pkg/driver_cryptocell_310/psa_cryptocell_310/ecc_common.c b/pkg/driver_cryptocell_310/psa_cryptocell_310/ecc_common.c
@@ -51,20 +51,20 @@
                                &TempECCKGBuff, &FipsBuff);
    cryptocell_310_disable();
    if (ret != CRYS_OK) {
        DEBUG("CRYS_ECPKI_GenKeyPair failed with %s\n", cryptocell310_status_to_humanly_readable(ret));
        return CRYS_to_psa_error(ret);
    }

    ret = CRYS_ECPKI_ExportPrivKey(&priv_key, priv_key_buffer, priv_key_buffer_length);
    if (ret != CRYS_OK) {
        DEBUG("CRYS_ECPKI_ExportPrivKey failed with %s\n", cryptocell310_status_to_humanly_readable(ret));
        return CRYS_to_psa_error(ret);
    }

    ret = CRYS_ECPKI_ExportPublKey(&pub_key, CRYS_EC_PointUncompressed, pub_key_buffer,
                                   pub_key_buffer_length);
    if (ret != CRYS_OK) {
        DEBUG("CRYS_ECPKI_ExportPubKey failed with %s\n", cryptocell310_status_to_humanly_readable(ret));
        return CRYS_to_psa_error(ret);
    }

@@ -85,18 +85,24 @@
     CRYS_ECPKI_UserPrivKey_t user_priv_key;
     CRYSError_t ret = 0;
 
+    if (!cryptocell_310_data_within_ram(priv_key) ||
+        !cryptocell_310_data_within_ram(input)) {
+        DEBUG("%s : cryptocell_310 data required to be in RAM.\n", __FILE__);
+        return PSA_ERROR_DATA_INVALID;
+    }
+
     rndGenerateVectFunc = CRYS_RND_GenerateVector;
     pDomain = (CRYS_ECPKI_Domain_t *)CRYS_ECPKI_GetEcDomain(domain);
 
    ret = CRYS_ECPKI_BuildPrivKey(pDomain, priv_key, priv_key_size, &user_priv_key);
    if (ret != CRYS_OK) {
        DEBUG("CRYS_ECPKI_BuildPrivKey failed with %s\n", cryptocell310_status_to_humanly_readable(ret));
        goto done;
    }

    cryptocell_310_enable();
    ret = CRYS_ECDSA_Sign(rndState_ptr, rndGenerateVectFunc,
                          &SignUserContext, &user_priv_key, hash_mode, (uint8_t *)input, input_length,
                          signature, (uint32_t *)signature_length);
    cryptocell_310_disable();
    if (ret != CRYS_OK) {
@@ -122,6 +128,13 @@
     CRYS_ECPKI_UserPublKey_t user_pub_key;
     CRYSError_t ret = 0;
 
+    if (!cryptocell_310_data_within_ram(pub_key) ||
+        !cryptocell_310_data_within_ram(input) ||
+        !cryptocell_310_data_within_ram(signature)) {
+        DEBUG("%s : cryptocell_310 data required to be in RAM.\n", __FILE__);
+        return PSA_ERROR_DATA_INVALID;
+    }
+
     pDomain = (CRYS_ECPKI_Domain_t *)CRYS_ECPKI_GetEcDomain(domain);
 
     /**
@@ -130,7 +143,7 @@
     * */
    ret = CRYS_ECPKI_BuildPublKey(pDomain, (uint8_t *)pub_key, pub_key_size, &user_pub_key);
    if (ret != CRYS_OK) {
        DEBUG("CRYS_ECPKI_BuildPublKey failed with %s\n", cryptocell310_status_to_humanly_readable(ret));
        return CRYS_to_psa_error(ret);
    }


diff --git a/pkg/driver_cryptocell_310/psa_cryptocell_310/ecc_ed25519.c b/pkg/driver_cryptocell_310/psa_cryptocell_310/ecc_ed25519.c
@@ -67,6 +67,11 @@
     CRYS_ECEDW_TempBuff_t tmp;
     CRYSError_t ret;
 
+    if (!cryptocell_310_data_within_ram(priv_key_buffer)) {
+        DEBUG("%s : cryptocell_310 data required to be in RAM.\n", __FILE__);
+        return PSA_ERROR_DATA_INVALID;
+    }
+
     /* contains seed (private key), concatenated with public key */
     uint8_t secret_key[CRYS_ECEDW_ORD_SIZE_IN_BYTES + CRYS_ECEDW_MOD_SIZE_IN_BYTES] = { 0x0 };
     size_t secret_key_size = sizeof(secret_key);
@@ -100,6 +105,13 @@
     CRYS_ECEDW_TempBuff_t tmp;
     CRYSError_t ret;
 
+    if (!cryptocell_310_data_within_ram(priv_key_buffer) ||
+        !cryptocell_310_data_within_ram(pub_key_buffer) ||
+        !cryptocell_310_data_within_ram(input)) {
+        DEBUG("%s : cryptocell_310 data required to be in RAM.\n", __FILE__);
+        return PSA_ERROR_DATA_INVALID;
+    }
+
     if (input_length > (CRYS_HASH_UPDATE_DATA_MAX_SIZE_IN_BYTES - CRYS_ECEDW_SIGNATURE_BYTES)) {
         return PSA_ERROR_NOT_SUPPORTED;
     }
@@ -107,7 +119,7 @@
    /* contains seed (private key), concatenated with public key */
    uint8_t secret_key[CRYS_ECEDW_ORD_SIZE_IN_BYTES + CRYS_ECEDW_MOD_SIZE_IN_BYTES] = { 0x0 };

    if (priv_key_buffer_size != CRYS_ECEDW_ORD_SIZE_IN_BYTES || pub_key_buffer_size != CRYS_ECEDW_MOD_SIZE_IN_BYTES) {
        return PSA_ERROR_INVALID_ARGUMENT;
    }

@@ -116,7 +128,7 @@
    *signature_length = signature_size;

    cryptocell_310_enable();
    ret = CRYS_ECEDW_Sign(signature, signature_length, input, input_length, secret_key, sizeof(secret_key), &tmp);
    cryptocell_310_disable();
    if (ret != CRYS_OK) {
        DEBUG("CRYS_ECEDW_Sign failed with %s\n", cryptocell310_status_to_humanly_readable(ret));
@@ -140,6 +152,13 @@
     CRYS_ECEDW_TempBuff_t tmp;
     CRYSError_t ret;
 
+    if (!cryptocell_310_data_within_ram(key_buffer) ||
+        !cryptocell_310_data_within_ram(input) ||
+        !cryptocell_310_data_within_ram(signature)) {
+        DEBUG("%s : cryptocell_310 data required to be in RAM.\n", __FILE__);
+        return PSA_ERROR_DATA_INVALID;
+    }
+
     if (input_length > (CRYS_HASH_UPDATE_DATA_MAX_SIZE_IN_BYTES - CRYS_ECEDW_SIGNATURE_BYTES)) {
         return PSA_ERROR_NOT_SUPPORTED;
     }

diff --git a/pkg/driver_cryptocell_310/psa_cryptocell_310/hashes_common.c b/pkg/driver_cryptocell_310/psa_cryptocell_310/hashes_common.c
@@ -48,6 +48,11 @@ psa_status_t cryptocell_310_common_hash_update(CRYS_HASHUserContext_t *ctx,
     size_t offset = 0;
     size_t size;
 
+    if (!cryptocell_310_data_within_ram(input)) {
+        DEBUG("%s : cryptocell_310 data required to be in RAM.\n", __FILE__);
+        return PSA_ERROR_DATA_INVALID;
+    }
+
     do {
         if (input_length > CC310_MAX_HASH_INPUT_BLOCK) {
             size = CC310_MAX_HASH_INPUT_BLOCK;

diff --git a/pkg/driver_cryptocell_310/psa_cryptocell_310/hmac.c b/pkg/driver_cryptocell_310/psa_cryptocell_310/hmac.c
@@ -21,6 +21,7 @@
 #include "psa/crypto.h"
 #include "psa_error.h"
 
+#include "cryptocell_310_util.h"
 #include "crys_hmac.h"
 #include "crys_hmac_error.h"
 
@@ -40,6 +41,12 @@ psa_status_t psa_mac_compute_hmac_sha256(const psa_key_attributes_t *attributes,
     size_t required_mac_length =
         PSA_MAC_LENGTH(attributes->type, attributes->bits, PSA_ALG_SHA_256);
 
+    if (!cryptocell_310_data_within_ram(key_buffer) ||
+        !cryptocell_310_data_within_ram(input)) {
+        DEBUG("%s : cryptocell_310 data required to be in RAM.\n", __FILE__);
+        return PSA_ERROR_DATA_INVALID;
+    }
+
     if (mac_size < required_mac_length) {
         return PSA_ERROR_BUFFER_TOO_SMALL;
     }

@@ -40,9 +40,9 @@ static const uint8_t public_key[] = {0x04, 0x60, 0xFE, 0xD4, 0xBA, 0x25, 0x5A, 0
     0x1A, 0xE9, 0xE9, 0x56, 0x28, 0xBC, 0x64, 0xF2, 0xF1, 0xB2, 0x0C, 0x2D, 0x7E, 0x9F, 0x51, 0x77,
     0xA3, 0xC2, 0x94, 0xD4, 0x46, 0x22, 0x99};
 
-static const uint8_t message[6] = "sample";
+static uint8_t message[6] = "sample";
 
-static const uint8_t signature[] = {0xEF, 0xD4, 0x8B, 0x2A, 0xAC, 0xB6, 0xA8, 0xFD, 0x11, 0x40,
+static uint8_t signature[] = {0xEF, 0xD4, 0x8B, 0x2A, 0xAC, 0xB6, 0xA8, 0xFD, 0x11, 0x40,
     0xDD, 0x9C, 0xD4, 0x5E, 0x81, 0xD6, 0x9D, 0x2C, 0x87, 0x7B, 0x56, 0xAA, 0xF9, 0x91, 0xC3, 0x4D,
     0x0E, 0xA8, 0x4E, 0xAF, 0x37, 0x16, 0xF7, 0xCB, 0x1C, 0x94, 0x2D, 0x65, 0x7C, 0x41, 0xD4, 0x36,
     0xC7, 0xA1, 0xB6, 0xE2, 0x9F, 0x65, 0xF3, 0xE9, 0x00, 0xDB, 0xB9, 0xAF, 0xF4, 0x06, 0x4D, 0xC4,

@@ -18,3 +18,5 @@ USEMODULE += psa_hash_sha_512_224
 USEMODULE += psa_hash_sha_512_256
 
 include $(RIOTBASE)/Makefile.include
+
+CFLAGS += -DTHREAD_STACKSIZE_MAIN=2048
@@ -25,8 +25,8 @@
 
 #include "psa/crypto.h"
 
-static const uint8_t msg[] = "Hello World!";
-static const size_t msg_len = sizeof(msg)-1; // exclude NULL-byte
+static uint8_t msg[] = "Hello World!";
+static size_t msg_len = sizeof(msg)-1; // exclude NULL-byte
 
 static const uint8_t hash_sha224[] = {
     0x45, 0x75, 0xbb, 0x4e, 0xc1, 0x29, 0xdf, 0x63, 0x80, 0xce, 0xdd, 0xe6, 0xd7,
@@ -61,6 +61,60 @@ static const uint8_t hash_sha512_256[] = {
     0x72, 0x3a, 0x26, 0x71, 0x0e, 0x46, 0x76, 0x13, 0x01, 0xc8, 0xb5, 0x4c, 0x56,
     0xfa, 0x72, 0x22, 0x67, 0x58, 0x1a};
 
+static uint8_t msg_long[] = {
+    0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
+    0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
+    0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
+    0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
+    0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
+    0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
+    0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
+    0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
+    0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
+    0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
+    0xaa
+};
+
+static const uint8_t hash_long_sha224[] = {
+    0x89, 0xf0, 0xbf, 0x9d, 0x18, 0xe3, 0x68, 0x66, 0xb9, 0x19, 0x8d, 0x9d, 0x1b,
+    0xa9, 0x9f, 0x4c, 0xa7, 0xcb, 0x83, 0x9c, 0xf9, 0x7c, 0xd9, 0x71, 0xe3, 0xef,
+    0x41, 0x6c
+};
+
+static const uint8_t hash_long_sha256[] = {
+    0x45, 0xad, 0x4b, 0x37, 0xc6, 0xe2, 0xfc, 0x0a, 0x2c, 0xfc, 0xc1, 0xb5, 0xda,
+    0x52, 0x41, 0x32, 0xec, 0x70, 0x76, 0x15, 0xc2, 0xca, 0xe1, 0xdb, 0xbc, 0x43,
+    0xc9, 0x7a, 0xa5, 0x21, 0xdb, 0x81
+};
+
+static const uint8_t hash_long_sha384[] = {
+    0xad, 0x51, 0xdd, 0xb7, 0x80, 0x48, 0x4e, 0xc6, 0xce, 0xb4, 0x96, 0xbc, 0xc1,
+    0xe2, 0x4e, 0xf8, 0x23, 0x20, 0xe2, 0xe2, 0x68, 0x7d, 0x6c, 0xba, 0xef, 0x37,
+    0xcf, 0x9f, 0x47, 0xc5, 0xa6, 0xfd, 0xda, 0xe5, 0x19, 0xe9, 0x6c, 0x98, 0x6f,
+    0x45, 0x97, 0x5d, 0xbc, 0x31, 0xb8, 0x09, 0x91, 0x37
+};
+
+static const uint8_t hash_long_sha512[] = {
+    0xe1, 0xb5, 0x2c, 0x4f, 0xf8, 0xce, 0x9c, 0x4b, 0x60, 0xbd, 0x8e, 0xc7, 0x85,
+    0xab, 0x7b, 0xf3, 0xdf, 0xfc, 0x70, 0x23, 0xf7, 0xc5, 0x15, 0x88, 0xf9, 0x6b,
+    0x94, 0xee, 0xba, 0x80, 0xca, 0x3b, 0x9b, 0x9e, 0xd0, 0x5a, 0xb2, 0xac, 0x87,
+    0x97, 0xbb, 0x70, 0x39, 0xd6, 0x81, 0xf2, 0xe4, 0x1f, 0xcf, 0xe6, 0xdd, 0xda,
+    0xb2, 0xe9, 0x51, 0x22, 0xd9, 0xc7, 0x16, 0xc2, 0xb8, 0x40, 0x6b, 0xd4
+};
+
+static const uint8_t hash_long_sha512_224[] = {
+    0x6f, 0xcd, 0x48, 0x1d, 0x5c, 0x9a, 0xc8, 0x8d, 0x27, 0x91, 0x91, 0xd0, 0xbf,
+    0x19, 0x2d, 0x77, 0xd9, 0x7b, 0x35, 0x64, 0x82, 0x6d, 0xd3, 0xe4, 0xef, 0xb7,
+    0xc1, 0xc2
+};
+
+static const uint8_t hash_long_sha512_256[] = {
+    0x51, 0x28, 0xb1, 0xa1, 0x72, 0x14, 0xe7, 0x4b, 0x76, 0xb5, 0x28, 0x51, 0xab,
+    0xc0, 0xec, 0xc0, 0x99, 0x56, 0x32, 0x77, 0xcd, 0x20, 0x78, 0xa7, 0x56, 0x4f,
+    0x63, 0x52, 0x68, 0x81, 0x4a, 0xce
+};
+
+
 /**
  * @brief   Example function to use different hash algorithms
  *          with the PSA Crypto API.
@@ -101,5 +155,35 @@ psa_status_t example_hash(void)
         return status;
     }
 
+    status = psa_hash_compare(PSA_ALG_SHA_224, msg_long, sizeof(msg_long), hash_long_sha224, sizeof(hash_long_sha224));
+    if (status != PSA_SUCCESS) {
+        return status;
+    }
+
+    status = psa_hash_compare(PSA_ALG_SHA_256, msg_long, sizeof(msg_long), hash_long_sha256, sizeof(hash_long_sha256));
+    if (status != PSA_SUCCESS) {
+        return status;
+    }
+
+    status = psa_hash_compare(PSA_ALG_SHA_384, msg_long, sizeof(msg_long), hash_long_sha384, sizeof(hash_long_sha384));
+    if (status != PSA_SUCCESS) {
+        return status;
+    }
+
+    status = psa_hash_compare(PSA_ALG_SHA_512, msg_long, sizeof(msg_long), hash_long_sha512, sizeof(hash_long_sha512));
+    if (status != PSA_SUCCESS) {
+        return status;
+    }
+
+    status = psa_hash_compare(PSA_ALG_SHA_512_224, msg_long, sizeof(msg_long), hash_long_sha512_224, sizeof(hash_long_sha512_224));
+    if (status != PSA_SUCCESS) {
+        return status;
+    }
+
+    status = psa_hash_compare(PSA_ALG_SHA_512_256, msg_long, sizeof(msg_long), hash_long_sha512_256, sizeof(hash_long_sha512_256));
+    if (status != PSA_SUCCESS) {
+        return status;
+    }
+
     return status;
 }
@@ -32,7 +32,7 @@ static const uint8_t HMAC_KEY[] = {
 };
 static size_t HMAC_KEY_LEN = 32;
 
-static const uint8_t HMAC_MSG[] = {
+static uint8_t HMAC_MSG[] = {
     0x54, 0x68, 0x69, 0x73, 0x20, 0x69, 0x73, 0x20,
     0x61, 0x20, 0x74, 0x65, 0x73, 0x74, 0x73, 0x74,
     0x72, 0x69, 0x6e, 0x67, 0x20, 0x66, 0x6f, 0x72,
Original file line number	Diff line number	Diff line change
Expand Up		@@ -18,3 +18,5 @@ USEMODULE += psa_hash_sha_512_224
		USEMODULE += psa_hash_sha_512_256

		include $(RIOTBASE)/Makefile.include

		CFLAGS += -DTHREAD_STACKSIZE_MAIN=2048