SoC: nRF5340
SDK: nRF Connect SDK 1.9.1
CMAC calculation works fine with SDK 1.7 and SDK 1.8.
But it failed with SDK 1.9.1.
psa_mac_sign_setup returns error = PSA_ERROR_NOT_PERMITTED (-133).
psa_mac_compute returns PSA_ERROR_NOT_PERMITTED (-133) too.
Simplified code:
size_t key_bits = 128; size_t key_len = 16; uint8_t key[16] = { 0x00 }; psa_algorithm_t algo = PSA_ALG_CMAC; psa_key_attributes_t key_attributes = PSA_KEY_ATTRIBUTES_INIT; psa_set_key_usage_flags(&key_attributes, PSA_KEY_USAGE_SIGN_MESSAGE); psa_set_key_lifetime(&key_attributes, PSA_KEY_LIFETIME_VOLATILE); psa_set_key_algorithm(&key_attributes, algo); psa_set_key_type(&key_attributes, PSA_KEY_TYPE_AES); psa_set_key_bits(&key_attributes, key_bits); psa_status_t status; psa_key_handle_t key_handle; psa_mac_operation_t operation = PSA_MAC_OPERATION_INIT; status = psa_import_key(&key_attributes, key, key_len, &key_handle); if (status != PSA_SUCCESS) { LOG_ERR("psa_import_key failed! (Error: %d)\n", status); return false; } status = psa_mac_sign_setup(&operation, key_handle, algo); if (status != PSA_SUCCESS) { LOG_ERR("psa_mac_sign_setup failed! (Error: %d)\n", status); return false; } /* status = psa_mac_update(&operation, plain, plain_len); if (status != PSA_SUCCESS) { LOG_ERR("psa_mac_update failed! (Error: %d)\n", status); return false; } status = psa_mac_sign_finish(&operation, out_mac, output_max, &output_len); if (status != PSA_SUCCESS) { LOG_ERR("psa_mac_sign_finish failed! (Error: %d)\n", status); return false; } */