1 /*
2  * Copyright (c) 2022-2024, Texas Instruments Incorporated - http://www.ti.com
3  * All rights reserved.
4  *
5  * Redistribution and use in source and binary forms, with or without
6  * modification, are permitted provided that the following conditions
7  * are met:
8  *
9  * *  Redistributions of source code must retain the above copyright
10  *    notice, this list of conditions and the following disclaimer.
11  *
12  * *  Redistributions in binary form must reproduce the above copyright
13  *    notice, this list of conditions and the following disclaimer in the
14  *    documentation and/or other materials provided with the distribution.
15  *
16  * *  Neither the name of Texas Instruments Incorporated nor the names of
17  *    its contributors may be used to endorse or promote products derived
18  *    from this software without specific prior written permission.
19  *
20  * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
21  * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
22  * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
23  * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
24  * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
25  * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
26  * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
27  * OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
28  * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
29  * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE,
30  * EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
31  */
32 
33 /*!*****************************************************************************
34  *  @file       CryptoKeyKeyStore_PSA_s.h
35  *  @brief      Secure Crypto Service
36  *
37  *  @anchor ti_drivers_cryptoutils_cryptokey_CryptoKeyKeyStore_PSA_s_Overview
38  *  # Overview
39  *      The Secure KeyStore driver is used to access all KeyStore functions
40  *      when using the TF-M.
41  *
42  *******************************************************************************
43  */
44 #ifndef ti_drivers_cryptoutils_cryptokey_CryptoKeyKeyStore_PSA_s__include
45 #define ti_drivers_cryptoutils_cryptokey_CryptoKeyKeyStore_PSA_s__include
46 
47 #include <stdint.h>
48 
49 #include <ti/drivers/crypto/CryptoCC26X4_s.h>
50 #include <ti/drivers/cryptoutils/cryptokey/CryptoKeyKeyStore_PSA.h>
51 
52 #include <third_party/tfm/interface/include/psa/crypto.h>
53 #include <third_party/tfm/interface/include/psa/service.h>
54 
55 /* For client side key attribute structure */
56 #include <third_party/tfm/interface/include/psa/crypto_client_struct.h>
57 
58 /*
59  * Crypto Key Store secure message types
60  */
61 #define KEYSTORE_PSA_S_MSG_TYPE_GET_KEY              KEYSTORE_PSA_S_MSG_TYPE(0U)
62 #define KEYSTORE_PSA_S_MSG_TYPE_GENERATE_KEY         KEYSTORE_PSA_S_MSG_TYPE(1U)
63 #define KEYSTORE_PSA_S_MSG_TYPE_EXPORT_PUBLIC_KEY    KEYSTORE_PSA_S_MSG_TYPE(2U)
64 #define KEYSTORE_PSA_S_MSG_TYPE_EXPORT_KEY           KEYSTORE_PSA_S_MSG_TYPE(3U)
65 #define KEYSTORE_PSA_S_MSG_TYPE_DESTROY_KEY          KEYSTORE_PSA_S_MSG_TYPE(4U)
66 #define KEYSTORE_PSA_S_MSG_TYPE_IMPORT_KEY           KEYSTORE_PSA_S_MSG_TYPE(5U)
67 #define KEYSTORE_PSA_S_MSG_TYPE_PURGE_KEY            KEYSTORE_PSA_S_MSG_TYPE(6U)
68 #define KEYSTORE_PSA_S_MSG_TYPE_GET_KEY_ATTRIBUTES   KEYSTORE_PSA_S_MSG_TYPE(7U)
69 #define KEYSTORE_PSA_S_MSG_TYPE_RESET_KEY_ATTRIBUTES KEYSTORE_PSA_S_MSG_TYPE(8U)
70 
71 /*
72  * ============ KeyStore driver Secure Message Structs =========
73  * These secure message structs correspond to the secure message types defined
74  * above. Together, they are used by non-secure client to make PSA calls to the
75  * KeyStore secure service. There is a single input vector for the PSA call
76  * which is a pointer to secure message struct. If the underlying function
77  * has a return value, there is a single output vector which is a pointer to
78  * storage for the return value.
79  */
80 typedef struct
81 {
82     uint32_t key;
83     uint8_t *data;
84     size_t dataSize;
85     size_t *dataLength;
86     KeyStore_PSA_Algorithm alg;
87     KeyStore_PSA_KeyUsage usage;
88 } KeyStore_s_GetKeyMsg;
89 
90 typedef struct
91 {
92     struct psa_client_key_attributes_s *attributes;
93     KeyStore_PSA_KeyFileId *key;
94 } KeyStore_s_GenerateKeyMsg;
95 
96 /* Msg for KeyStore_PSA_exportKey() and KeyStore_PSA_exportPublicKey() */
97 typedef struct
98 {
99     uint32_t key;
100     uint8_t *data;
101     size_t dataSize;
102     size_t *dataLength;
103 } KeyStore_s_ExportMsg;
104 
105 typedef struct
106 {
107     struct psa_client_key_attributes_s *attributes;
108     uint8_t *data;
109     size_t dataLength;
110     uint32_t *key;
111 } KeyStore_s_ImportKeyMsg;
112 
113 /* Msg for KeyStore_PSA_destroyKey() and KeyStore_PSA_purgeKey() */
114 typedef struct
115 {
116     uint32_t key;
117 } KeyStore_s_DestroyPurgeKeyMsg;
118 
119 typedef struct
120 {
121     uint32_t key;
122     struct psa_client_key_attributes_s *attributes;
123 } KeyStore_s_GetKeyAttributesMsg;
124 
125 typedef struct
126 {
127     struct psa_client_key_attributes_s *attributes;
128 } KeyStore_s_ResetKeyAttributesMsg;
129 
130 /*!
131  *  @brief  Handles PSA messages for KeyStore secure driver
132  *
133  *  @note   This function should be called by secure partition thread only.
134  *
135  *  @param [in]  msg     pointer to PSA message
136  *
137  *  @retval PSA_SUCCESS if successful.
138  *  @retval PSA_ERROR_PROGRAMMER_ERROR if any args point to secure addresses.
139  */
140 psa_status_t KeyStore_s_handlePsaMsg(psa_msg_t *msg);
141 
142 /*!
143  *  @brief  Initializes the KeyStore secure driver.
144  *
145  *  @note   This function should be called by secure partition thread only.
146  */
147 void KeyStore_s_init(void);
148 
149 /**
150  * @brief Gets key attributes from client key attributes.
151  *        Follows tfm_crypto_key_attributes_from_client()
152  *
153  * @param[in]  clientKeyAttr  Client key attributes, address location must be verified to be in non-secure memory by
154  *                            calling functions
155  * @param[in]  clientId       Partition ID of the calling client
156  * @param[out] keyAttributes  Key attributes, no address verification necessary as this is always in secure side
157  *
158  * @return Always return #KEYSTORE_PSA_STATUS_SUCCESS
159  */
160 psa_status_t KeyStore_s_copyKeyAttributesFromClient(struct psa_client_key_attributes_s *clientKeyAttr,
161                                                     int32_t clientId,
162                                                     psa_key_attributes_t *keyAttributes);
163 
164 /**
165  * @brief Copies client key ID from non-secure side to secure side
166  *
167  * @param[out]  keyID         Key ID, no address verification necessary as this is always in secure side
168  * @param[in]   clientKeyID   Client key ID, address location must be verified to be in non-secure memory by
169  *                            calling functions
170  * @param[in]   clientId      Client ID, partition ID from PSA call
171  */
172 void KeyStore_s_copyKeyIDFromClient(KeyStore_PSA_KeyFileId *keyID, int32_t clientId, uint32_t *clientKeyID);
173 #endif /* ti_drivers_cryptoutils_cryptokey_CryptoKeyKeyStore_PSA_s__include */
174