Hash failure when source data is 64 bytes or larger and in flash

Question

I am using psa_hash_compute() which is eventually calling cc3xx_hash_compute(). I am using the cryptocell ( 
 I am trying to calculate a SHA256 hash. 
 
 I have found that if the source data is in flash, and its length is 64 or more bytes. That the has function returns with error code -132 ( PSA_ERROR_GENERIC_ERROR). 
 If I make the source data size 63 bytes it works. 
 If the source data is in RAM then I can make it any size (within reason). 
 
 My real data is around 520 bytes. 
 
 Zephyr v3.1.99-ncs1-1 
 NRFXLIB v2.1.2 
 
 Security Related Configs: 
 CONFIG_MBEDTLS_PSA_CRYPTO_C=y CONFIG_MBEDTLS_ENABLE_HEAP=y CONFIG_MBEDTLS_HEAP_SIZE=8192 CONFIG_PSA_CRYPTO_DRIVER_OBERON=n CONFIG_PSA_CRYPTO_DRIVER_CC3XX=y

Hieu · Accepted Answer

Hi Barry, 
 The CrytoCell only accepts hashing from DMA accessible RAM. The reason input on flash with length under 64 bytes works is likely because the data is cached on RAM. 
 We do have a documentation issue as you said. This limitation will be updated to this location in the future: https://developer.nordicsemi.com/nRF_Connect_SDK/doc/latest/nrfxlib/crypto/doc/nrf_cc310_mbedcrypto.html#usage-restrictions . 
 Hieu

Hash failure when source data is 64 bytes or larger and in flash

Top Replies