1 /*
2 * Copyright (c) 2022-2023, Texas Instruments Incorporated
3 * All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
7 * are met:
8 *
9 * * Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer.
11 *
12 * * Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in the
14 * documentation and/or other materials provided with the distribution.
15 *
16 * * Neither the name of Texas Instruments Incorporated nor the names of
17 * its contributors may be used to endorse or promote products derived
18 * from this software without specific prior written permission.
19 *
20 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
21 * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
22 * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
23 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
24 * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
25 * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
26 * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
27 * OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
28 * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
29 * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE,
30 * EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
31 */
32
33 #include <ti/drivers/cryptoutils/cryptokey/CryptoKey.h>
34
35 #if defined(TFM_BUILD) /* TFM_BUILD indicates this is a TF-M build */
36
37 #include <third_party/tfm/platform/ext/target/ti/cc26x4/cmse.h> /* TI CMSE helper functions */
38 #include <third_party/tfm/secure_fw/spm/include/utilities.h>
39
40 /*
41 * ======== CryptoKey_verifySecureKey ========
42 */
CryptoKey_verifySecureKey(const CryptoKey * secureKey,bool isWriteable)43 static int_fast16_t CryptoKey_verifySecureKey(const CryptoKey *secureKey, bool isWriteable)
44 {
45 int_fast16_t status = CryptoKey_STATUS_ERROR;
46 void *ptr;
47
48 if ((secureKey->encoding == CryptoKey_PLAINTEXT) || (secureKey->encoding == CryptoKey_BLANK_PLAINTEXT))
49 {
50 /* Verify key material address range */
51 if (isWriteable)
52 {
53 ptr = cmse_has_unpriv_nonsecure_rw_access(secureKey->u.plaintext.keyMaterial,
54 secureKey->u.plaintext.keyLength);
55 }
56 else
57 {
58 ptr = cmse_has_unpriv_nonsecure_read_access(secureKey->u.plaintext.keyMaterial,
59 secureKey->u.plaintext.keyLength);
60 }
61
62 if (ptr != NULL)
63 {
64 status = CryptoKey_STATUS_SUCCESS;
65 }
66 }
67 else if ((secureKey->encoding == CryptoKey_KEYSTORE) || (secureKey->encoding == CryptoKey_BLANK_KEYSTORE))
68 {
69 status = CryptoKey_STATUS_SUCCESS;
70 }
71
72 return status;
73 }
74
75 /*
76 * ======== CryptoKey_verifySecureInputKey ========
77 */
CryptoKey_verifySecureInputKey(const CryptoKey * secureKey)78 int_fast16_t CryptoKey_verifySecureInputKey(const CryptoKey *secureKey)
79 {
80 return CryptoKey_verifySecureKey(secureKey, false);
81 }
82
83 /*
84 * ======== CryptoKey_verifySecureOutputKey ========
85 */
CryptoKey_verifySecureOutputKey(const CryptoKey * secureKey)86 int_fast16_t CryptoKey_verifySecureOutputKey(const CryptoKey *secureKey)
87 {
88 return CryptoKey_verifySecureKey(secureKey, true);
89 }
90
91 /*
92 * ======== CryptoKey_copySecureInputKey ========
93 */
CryptoKey_copySecureInputKey(CryptoKey * dst,const CryptoKey ** src)94 int_fast16_t CryptoKey_copySecureInputKey(CryptoKey *dst, const CryptoKey **src)
95 {
96 /* Validate source key struct address range */
97 if (cmse_has_unpriv_nonsecure_read_access((void *)*src, sizeof(CryptoKey)) == NULL)
98 {
99 return CryptoKey_STATUS_ERROR;
100 }
101
102 /* Make a secure copy of the key */
103 (void)spm_memcpy(dst, *src, sizeof(CryptoKey));
104
105 /* Validate the key material address range */
106 if (CryptoKey_verifySecureInputKey(dst) != CryptoKey_STATUS_SUCCESS)
107 {
108 return CryptoKey_STATUS_ERROR;
109 }
110
111 /* Update the src pointer to point to secure key copy */
112 *src = dst;
113
114 return CryptoKey_STATUS_SUCCESS;
115 }
116
117 /*
118 * ======== CryptoKey_copySecureOutputKey ========
119 */
CryptoKey_copySecureOutputKey(CryptoKey * dst,CryptoKey ** src)120 int_fast16_t CryptoKey_copySecureOutputKey(CryptoKey *dst, CryptoKey **src)
121 {
122 /* Validate source key struct address range */
123 if (cmse_has_unpriv_nonsecure_rw_access(*src, sizeof(CryptoKey)) == NULL)
124 {
125 return CryptoKey_STATUS_ERROR;
126 }
127
128 /* Make a secure copy of the key */
129 (void)spm_memcpy(dst, *src, sizeof(CryptoKey));
130
131 /* Validate the key material address range */
132 if (CryptoKey_verifySecureOutputKey(dst) != CryptoKey_STATUS_SUCCESS)
133 {
134 return CryptoKey_STATUS_ERROR;
135 }
136
137 /* Update the src pointer to point to secure key copy */
138 *src = dst;
139
140 return CryptoKey_STATUS_SUCCESS;
141 }
142
143 #endif /* TFM_BUILD */
144
145 /*
146 * ======== CryptoKey_getCryptoKeyType ========
147 */
CryptoKey_getCryptoKeyType(const CryptoKey * keyHandle,CryptoKey_Encoding * keyType)148 int_fast16_t CryptoKey_getCryptoKeyType(const CryptoKey *keyHandle, CryptoKey_Encoding *keyType)
149 {
150 *keyType = keyHandle->encoding;
151
152 return CryptoKey_STATUS_SUCCESS;
153 }
154
155 /*
156 * ======== CryptoKey_isBlank ========
157 */
CryptoKey_isBlank(const CryptoKey * keyHandle,bool * isBlank)158 int_fast16_t CryptoKey_isBlank(const CryptoKey *keyHandle, bool *isBlank)
159 {
160 if ((keyHandle->encoding == CryptoKey_BLANK_PLAINTEXT) || (keyHandle->encoding == CryptoKey_BLANK_KEYSTORE))
161 {
162 *isBlank = true;
163 }
164 else
165 {
166 *isBlank = false;
167 }
168
169 return CryptoKey_STATUS_SUCCESS;
170 }
171
