1 /* Copyright (c) 2024 Nordic Semiconductor
2 * SPDX-License-Identifier: Apache-2.0
3 */
4 #include <zephyr/secure_storage/its/transform/aead_get.h>
5 #include <zephyr/drivers/hwinfo.h>
6 #include <zephyr/init.h>
7 #include <zephyr/logging/log.h>
8 #include <psa/crypto.h>
9 #include <string.h>
10 #include <sys/types.h>
11
12 LOG_MODULE_DECLARE(secure_storage, CONFIG_SECURE_STORAGE_LOG_LEVEL);
13
14 #ifdef CONFIG_SECURE_STORAGE_ITS_TRANSFORM_AEAD_SCHEME_AES_GCM
15 #define PSA_KEY_TYPE PSA_KEY_TYPE_AES
16 #define PSA_ALG PSA_ALG_GCM
17 #elif defined(CONFIG_SECURE_STORAGE_ITS_TRANSFORM_AEAD_SCHEME_CHACHA20_POLY1305)
18 #define PSA_KEY_TYPE PSA_KEY_TYPE_CHACHA20
19 #define PSA_ALG PSA_ALG_CHACHA20_POLY1305
20 #endif
21 #ifndef CONFIG_SECURE_STORAGE_ITS_TRANSFORM_AEAD_SCHEME_CUSTOM
secure_storage_its_transform_aead_get_scheme(psa_key_type_t * key_type,psa_algorithm_t * alg)22 void secure_storage_its_transform_aead_get_scheme(psa_key_type_t *key_type, psa_algorithm_t *alg)
23 {
24 *key_type = PSA_KEY_TYPE;
25 *alg = PSA_ALG;
26 }
27 #endif /* !CONFIG_SECURE_STORAGE_ITS_TRANSFORM_AEAD_SCHEME_CUSTOM */
28
29 #ifndef CONFIG_SECURE_STORAGE_ITS_TRANSFORM_AEAD_KEY_PROVIDER_CUSTOM
30
31 #define SHA256_OUTPUT_SIZE 32
32 BUILD_ASSERT(SHA256_OUTPUT_SIZE == PSA_HASH_LENGTH(PSA_ALG_SHA_256));
33 BUILD_ASSERT(SHA256_OUTPUT_SIZE >= CONFIG_SECURE_STORAGE_ITS_TRANSFORM_AEAD_KEY_SIZE);
34
hash_data_into_key(size_t data_len,const void * data,uint8_t key[static CONFIG_SECURE_STORAGE_ITS_TRANSFORM_AEAD_KEY_SIZE])35 static psa_status_t hash_data_into_key(
36 size_t data_len, const void *data,
37 uint8_t key[static CONFIG_SECURE_STORAGE_ITS_TRANSFORM_AEAD_KEY_SIZE])
38 {
39 size_t hash_len;
40
41 #if CONFIG_SECURE_STORAGE_ITS_TRANSFORM_AEAD_KEY_SIZE == SHA256_OUTPUT_SIZE
42 /* Save stack usage and avoid unnecessary memory operations.*/
43 return psa_hash_compute(PSA_ALG_SHA_256, data, data_len, key,
44 CONFIG_SECURE_STORAGE_ITS_TRANSFORM_AEAD_KEY_SIZE, &hash_len);
45 #else
46 uint8_t hash_output[SHA256_OUTPUT_SIZE];
47 const psa_status_t ret = psa_hash_compute(PSA_ALG_SHA_256, data, data_len, hash_output,
48 sizeof(hash_output), &hash_len);
49
50 if (ret == PSA_SUCCESS) {
51 memcpy(key, hash_output, CONFIG_SECURE_STORAGE_ITS_TRANSFORM_AEAD_KEY_SIZE);
52 mbedtls_platform_zeroize(hash_output, sizeof(hash_output));
53 }
54 return ret;
55 #endif
56 }
57
58 #ifdef CONFIG_SECURE_STORAGE_ITS_TRANSFORM_AEAD_KEY_PROVIDER_DEVICE_ID_HASH
59
60 #define WARNING "Using a potentially insecure PSA ITS encryption key provider."
61
secure_storage_its_transform_aead_get_key(secure_storage_its_uid_t uid,uint8_t key[static CONFIG_SECURE_STORAGE_ITS_TRANSFORM_AEAD_KEY_SIZE])62 psa_status_t secure_storage_its_transform_aead_get_key(
63 secure_storage_its_uid_t uid,
64 uint8_t key[static CONFIG_SECURE_STORAGE_ITS_TRANSFORM_AEAD_KEY_SIZE])
65 {
66 psa_status_t ret;
67 ssize_t hwinfo_ret;
68 struct {
69 uint8_t device_id[8];
70 secure_storage_its_uid_t uid; /* acts as a salt */
71 } __packed data;
72
73 hwinfo_ret = hwinfo_get_device_eui64(data.device_id);
74 if (hwinfo_ret != 0) {
75 hwinfo_ret = hwinfo_get_device_id(data.device_id, sizeof(data.device_id));
76 if (hwinfo_ret <= 0) {
77 return PSA_ERROR_HARDWARE_FAILURE;
78 }
79 if (hwinfo_ret < sizeof(data.device_id)) {
80 memset(data.device_id + hwinfo_ret, 0, sizeof(data.device_id) - hwinfo_ret);
81 }
82 }
83 data.uid = uid;
84 ret = hash_data_into_key(sizeof(data), &data, key);
85
86 mbedtls_platform_zeroize(data.device_id, sizeof(data.device_id));
87 return ret;
88 }
89
90 #elif defined(CONFIG_SECURE_STORAGE_ITS_TRANSFORM_AEAD_KEY_PROVIDER_ENTRY_UID_HASH)
91
92 #define WARNING "Using an insecure PSA ITS encryption key provider."
93
secure_storage_its_transform_aead_get_key(secure_storage_its_uid_t uid,uint8_t key[static CONFIG_SECURE_STORAGE_ITS_TRANSFORM_AEAD_KEY_SIZE])94 psa_status_t secure_storage_its_transform_aead_get_key(
95 secure_storage_its_uid_t uid,
96 uint8_t key[static CONFIG_SECURE_STORAGE_ITS_TRANSFORM_AEAD_KEY_SIZE])
97 {
98 return hash_data_into_key(sizeof(uid), &uid, key);
99 }
100
101 #endif /* CONFIG_SECURE_STORAGE_ITS_TRANSFORM_AEAD_KEY_PROVIDER */
102
103 #ifndef CONFIG_SECURE_STORAGE_ITS_TRANSFORM_AEAD_NO_INSECURE_KEY_WARNING
104
warn_insecure_key(void)105 static int warn_insecure_key(void)
106 {
107 printk("WARNING: %s\n", WARNING);
108 LOG_WRN("%s", WARNING);
109 return 0;
110 }
111 SYS_INIT(warn_insecure_key, APPLICATION, CONFIG_APPLICATION_INIT_PRIORITY);
112
113 #endif /* !CONFIG_SECURE_STORAGE_ITS_TRANSFORM_AEAD_NO_INSECURE_KEY_WARNING */
114
115 #endif /* !CONFIG_SECURE_STORAGE_ITS_TRANSFORM_AEAD_KEY_PROVIDER_CUSTOM */
116
117 #ifdef CONFIG_SECURE_STORAGE_ITS_TRANSFORM_AEAD_NONCE_PROVIDER_DEFAULT
118
secure_storage_its_transform_aead_get_nonce(uint8_t nonce[static CONFIG_SECURE_STORAGE_ITS_TRANSFORM_AEAD_NONCE_SIZE])119 psa_status_t secure_storage_its_transform_aead_get_nonce(
120 uint8_t nonce[static CONFIG_SECURE_STORAGE_ITS_TRANSFORM_AEAD_NONCE_SIZE])
121 {
122 psa_status_t ret;
123 static uint8_t s_nonce[CONFIG_SECURE_STORAGE_ITS_TRANSFORM_AEAD_NONCE_SIZE];
124 static bool s_nonce_initialized;
125
126 if (!s_nonce_initialized) {
127 ret = psa_generate_random(s_nonce, sizeof(s_nonce));
128 if (ret != PSA_SUCCESS) {
129 return ret;
130 }
131 s_nonce_initialized = true;
132 } else {
133 for (unsigned int i = 0; i != sizeof(s_nonce); ++i) {
134 ++s_nonce[i];
135 if (s_nonce[i] != 0) {
136 break;
137 }
138 }
139 }
140
141 memcpy(nonce, &s_nonce, sizeof(s_nonce));
142 return PSA_SUCCESS;
143 }
144 #endif /* CONFIG_SECURE_STORAGE_ITS_TRANSFORM_AEAD_NONCE_PROVIDER_DEFAULT */
145
