RIOT-OS · mguetschow · Sep 18, 2024 · Sep 6, 2024 · Aug 7, 2024 · Sep 7, 2024
diff --git a/sys/include/psa_crypto/psa/crypto_sizes.h b/sys/include/psa_crypto/psa/crypto_sizes.h
@@ -367,7 +367,24 @@
  *          recognized, return 0. An implementation can return either 0 or the correct size for a
  *          hash algorithm that it recognizes, but does not support.
  */
-#define PSA_HASH_BLOCK_LENGTH(alg) /* implementation-defined value */
+#define PSA_HASH_BLOCK_LENGTH(alg)                                  \
+    (                                                               \
+        PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_MD2 ? 16 :            \
+        PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_MD4 ? 64 :            \
+        PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_MD5 ? 64 :            \
+        PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_RIPEMD160 ? 64 :      \
+        PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_1 ? 64 :          \
+        PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_224 ? 64 :        \
+        PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_256 ? 64 :        \
+        PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_384 ? 128 :       \
+        PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_512 ? 128 :       \
+        PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_512_224 ? 128 :   \
+        PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_512_256 ? 128 :   \
+        PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA3_224 ? 144 :      \
+        PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA3_256 ? 136 :      \
+        PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA3_384 ? 104 :      \
+        PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA3_512 ? 72 :       \
+        0)
 
 /**
  * @brief   The size of the output of @ref psa_hash_compute() and @ref psa_hash_finish(), in bytes.
@@ -439,7 +456,30 @@
  *
  *          See also @ref PSA_MAC_LENGTH().
  */
-#define PSA_MAC_MAX_SIZE (PSA_HASH_MAX_SIZE)
+#if (IS_USED(MODULE_PSA_MAC_HMAC_SHA_512) || \
+     IS_USED(MODULE_PSA_MAC_HMAC_SHA3_512))
+#define PSA_MAC_MAX_SIZE (PSA_HASH_LENGTH(PSA_ALG_SHA3_512))    /* 64 */
+#elif (IS_USED(MODULE_PSA_MAC_HMAC_SHA_384) || \
+       IS_USED(MODULE_PSA_MAC_HMAC_SHA3_384))
+#define PSA_MAC_MAX_SIZE (PSA_HASH_LENGTH(PSA_ALG_SHA3_384))    /* 48 */
+#elif (IS_USED(MODULE_PSA_MAC_HMAC_SHA_256) || \
+       IS_USED(MODULE_PSA_MAC_HMAC_SHA_512_256) || \
+       IS_USED(MODULE_PSA_MAC_HMAC_SHA3_256))
+#define PSA_MAC_MAX_SIZE (PSA_HASH_LENGTH(PSA_ALG_SHA3_256))    /* 32 */
+#elif (IS_USED(MODULE_PSA_MAC_HMAC_SHA_224) || \
+       IS_USED(MODULE_PSA_MAC_HMAC_SHA_512_224) || \
+       IS_USED(MODULE_PSA_MAC_HMAC_SHA3_224))
+#define PSA_MAC_MAX_SIZE (PSA_HASH_LENGTH(PSA_ALG_SHA3_224))    /* 28 */
+#elif (IS_USED(MODULE_PSA_MAC_HMAC_RIPEMD160) || \
+       IS_USED(MODULE_PSA_MAC_HMAC_SHA_1))
+#define PSA_MAC_MAX_SIZE (PSA_HASH_LENGTH(PSA_ALG_SHA_1))       /* 20 */
+#elif (IS_USED(MODULE_PSA_MAC_HMAC_MD2) || \
+       IS_USED(MODULE_PSA_MAC_HMAC_MD4) || \
+       IS_USED(MODULE_PSA_MAC_HMAC_MD5))
+#define PSA_MAC_MAX_SIZE (PSA_HASH_LENGTH(PSA_ALG_MD5))         /* 16 */
+#else
+#define PSA_MAC_MAX_SIZE 0
+#endif
 
 /**
  * @brief   The block size of a block cipher.
@@ -802,7 +842,7 @@
 #define PSA_KEY_EXPORT_ECC_KEY_MAX_SIZE(key_type, key_bits)                  \
    (size_t)\
    (PSA_KEY_TYPE_ECC_GET_FAMILY(key_type) == PSA_ECC_FAMILY_TWISTED_EDWARDS ? 32 : \
    (PSA_KEY_TYPE_ECC_GET_FAMILY(key_type) == PSA_ECC_FAMILY_SECP_R1 ? PSA_BITS_TO_BYTES(key_bits) : \
     0))

 /**
@@ -842,7 +882,7 @@
 *          Unspecified if the parameters are not valid.
 */
 #define PSA_EXPORT_KEY_OUTPUT_SIZE(key_type, key_bits) \
    (PSA_KEY_TYPE_IS_PUBLIC_KEY(key_type) ? PSA_EXPORT_PUBLIC_KEY_OUTPUT_SIZE(key_type, key_bits) : \
    (PSA_KEY_TYPE_IS_ECC(key_type) ? PSA_KEY_EXPORT_ECC_KEY_MAX_SIZE(key_type, key_bits) : \
     0))


diff --git a/sys/include/psa_crypto/psa/crypto_types.h b/sys/include/psa_crypto/psa/crypto_types.h
@@ -26,6 +26,8 @@ extern "C" {
 
 #include <stdint.h>
 
+#include "psa/error.h"
+
 /**
  * @brief   For encrypt-decrypt functions, whether the operation is an encryption
  *          or a decryption.
@@ -319,15 +321,6 @@ typedef struct psa_aead_operation_s psa_aead_operation_t;
  */
 typedef struct psa_mac_operation_s psa_mac_operation_t;
 
-/**
- * @brief   Function return status.
- *
- * @details This is either @ref PSA_SUCCESS, which is zero, indicating success; or a small
- *          negative value indicating that an error occurred. Errors are encoded as one of
- *          the @c PSA_ERROR_xxx values defined here.
- */
-typedef int32_t psa_status_t;
-
 /**
  * @brief   The type of the state data structure for multipart hash operations.
  *

diff --git a/sys/include/psa_crypto/psa/crypto_values.h b/sys/include/psa_crypto/psa/crypto_values.h
@@ -3354,121 +3354,9 @@
  */
 #define PSA_TLS12_PSK_TO_MS_PSK_MAX_SIZE /* implementation-defined value */
 
-/**
- * @brief The action was completed successfully.
- */
-#define PSA_SUCCESS ((psa_status_t)0)
-
-/**
- * @brief An error occurred that does not correspond to any defined failure cause.
- */
-#define PSA_ERROR_GENERIC_ERROR ((psa_status_t)-132)
-
-/**
- * @brief The requested operation or a parameter is not supported by this implementation.
- */
-#define PSA_ERROR_NOT_SUPPORTED ((psa_status_t)-134)
-
-/**
- * @brief The requested action is denied by a policy.
- */
-#define PSA_ERROR_NOT_PERMITTED ((psa_status_t)-133)
-
-/**
- * @brief An output buffer is too small.
- */
-#define PSA_ERROR_BUFFER_TOO_SMALL ((psa_status_t)-138)
-
-/**
- * @brief Asking for an item that already exists.
- */
-#define PSA_ERROR_ALREADY_EXISTS ((psa_status_t)-139)
-
-/**
- * @brief Asking for an item that doesn’t exist.
- */
-#define PSA_ERROR_DOES_NOT_EXIST ((psa_status_t)-140)
-
-/**
- * @brief The requested action cannot be performed in the current state.
- */
-#define PSA_ERROR_BAD_STATE ((psa_status_t)-137)
-
-/**
- * @brief The parameters passed to the function are invalid.
- */
-#define PSA_ERROR_INVALID_ARGUMENT ((psa_status_t)-135)
-
-/**
- * @brief There is not enough runtime memory.
- */
-#define PSA_ERROR_INSUFFICIENT_MEMORY ((psa_status_t)-141)
-
-/**
- * @brief There is not enough persistent storage.
- */
-#define PSA_ERROR_INSUFFICIENT_STORAGE ((psa_status_t)-142)
-
-/**
- * @brief There was a communication failure inside the implementation.
- */
-#define PSA_ERROR_COMMUNICATION_FAILURE ((psa_status_t)-145)
-
-/**
- * @brief There was a storage failure that might have led to data loss.
- */
-#define PSA_ERROR_STORAGE_FAILURE ((psa_status_t)-146)
-
-/**
- * @brief Stored data has been corrupted.
- */
-#define PSA_ERROR_DATA_CORRUPT ((psa_status_t)-152)
-
-/**
- * @brief Data read from storage is not valid for the implementation.
- */
-#define PSA_ERROR_DATA_INVALID ((psa_status_t)-153)
-
-/**
- * @brief A hardware failure was detected.
- */
-#define PSA_ERROR_HARDWARE_FAILURE ((psa_status_t)-147)
-
-/**
- * @brief A tampering attempt was detected.
- */
-#define PSA_ERROR_CORRUPTION_DETECTED ((psa_status_t)-151)
-
-/**
- * @brief There is not enough entropy to generate random data needed
- * for the requested action.
- */
-#define PSA_ERROR_INSUFFICIENT_ENTROPY ((psa_status_t)-148)
-
-/**
- * @brief The signature, MAC or hash is incorrect.
- */
-#define PSA_ERROR_INVALID_SIGNATURE ((psa_status_t)-149)
-
-/**
- * @brief The decrypted padding is incorrect.
- */
-#define PSA_ERROR_INVALID_PADDING ((psa_status_t)-150)
-
-/**
- * @brief Return this error when there’s insufficient data when
- * attempting to read from a resource.
- */
-#define PSA_ERROR_INSUFFICIENT_DATA ((psa_status_t)-143)
-
-/**
- * @brief The key identifier is not valid.
- */
-#define PSA_ERROR_INVALID_HANDLE ((psa_status_t)-136)
-
 #ifdef __cplusplus
 }
 #endif

 #endif /* PSA_CRYPTO_PSA_CRYPTO_VALUES_H */
 /** @} */