From 4017291beed17ab0b7ad97109ebd2d695c549575 Mon Sep 17 00:00:00 2001 From: "restyled-io[bot]" <32688539+restyled-io[bot]@users.noreply.github.com> Date: Thu, 2 May 2024 14:45:31 -0400 Subject: [PATCH] Restyle PSA Mutex patch. (#195) Restyled by clang-format Co-authored-by: Restyled.io --- .../sl_mbedtls_support/inc/threading_alt.h | 181 +- .../sl_psa_driver/src/sl_psa_its_nvm3.c | 1802 ++++++++--------- 2 files changed, 973 insertions(+), 1010 deletions(-) diff --git a/platform/security/sl_component/sl_mbedtls_support/inc/threading_alt.h b/platform/security/sl_component/sl_mbedtls_support/inc/threading_alt.h index 02ea5a9f56..43dda0c734 100644 --- a/platform/security/sl_component/sl_mbedtls_support/inc/threading_alt.h +++ b/platform/security/sl_component/sl_mbedtls_support/inc/threading_alt.h @@ -1,84 +1,85 @@ /**************************************************************************/ /** - * @file - * @brief Threading primitive implementation for mbed TLS - ******************************************************************************* - * # License - * Copyright 2021 Silicon Laboratories Inc. www.silabs.com - ******************************************************************************* - * - * SPDX-License-Identifier: Zlib - * - * The licensor of this software is Silicon Laboratories Inc. - * - * This software is provided 'as-is', without any express or implied - * warranty. In no event will the authors be held liable for any damages - * arising from the use of this software. - * - * Permission is granted to anyone to use this software for any purpose, - * including commercial applications, and to alter it and redistribute it - * freely, subject to the following restrictions: - * - * 1. The origin of this software must not be misrepresented; you must not - * claim that you wrote the original software. If you use this software - * in a product, an acknowledgment in the product documentation would be - * appreciated but is not required. - * 2. Altered source versions must be plainly marked as such, and must not be - * misrepresented as being the original software. - * 3. This notice may not be removed or altered from any source distribution. - * - ******************************************************************************/ + * @file + * @brief Threading primitive implementation for mbed TLS + ******************************************************************************* + * # License + * Copyright 2021 Silicon Laboratories Inc. www.silabs.com + ******************************************************************************* + * + * SPDX-License-Identifier: Zlib + * + * The licensor of this software is Silicon Laboratories Inc. + * + * This software is provided 'as-is', without any express or implied + * warranty. In no event will the authors be held liable for any damages + * arising from the use of this software. + * + * Permission is granted to anyone to use this software for any purpose, + * including commercial applications, and to alter it and redistribute it + * freely, subject to the following restrictions: + * + * 1. The origin of this software must not be misrepresented; you must not + * claim that you wrote the original software. If you use this software + * in a product, an acknowledgment in the product documentation would be + * appreciated but is not required. + * 2. Altered source versions must be plainly marked as such, and must not be + * misrepresented as being the original software. + * 3. This notice may not be removed or altered from any source distribution. + * + ******************************************************************************/ #ifndef THREADING_ALT_H #define THREADING_ALT_H -/***************************************************************************//** - * \addtogroup sl_crypto - * \{ - ******************************************************************************/ +/***************************************************************************/ /** + * \addtogroup sl_crypto + * \{ + ******************************************************************************/ + +/***************************************************************************/ /** + * \addtogroup sl_crypto_threading Threading Primitives + * \brief Threading primitive implementation for mbed TLS + * + * This file contains the glue logic between the mbed TLS threading API + * and CMSIS RTOS2 API. + * + * In order to enable support for Micrium OS backend + * the user must make sure SL_CATALOG_MICRIUMOS_KERNEL_PRESENT is defined. + * In order to enable support for FreeRTOS backend the user must make sure + * SL_CATALOG_FREERTOS_KERNEL_PRESENT is defined. + * + * Applications created using Simplicity Studio 5 the sl_component_catalog.h + * file will define one of the above in order to declare the presence + * of a specific RTOS. + * + * \note + * In order to use the Silicon Labs Hardware Acceleration plugins in + * multi-threaded applications, select + * Mbed TLS support for EFM32/EFR32 crypto acceleration component. + * + * \{ + ******************************************************************************/ -/***************************************************************************//** - * \addtogroup sl_crypto_threading Threading Primitives - * \brief Threading primitive implementation for mbed TLS - * - * This file contains the glue logic between the mbed TLS threading API - * and CMSIS RTOS2 API. - * - * In order to enable support for Micrium OS backend - * the user must make sure SL_CATALOG_MICRIUMOS_KERNEL_PRESENT is defined. - * In order to enable support for FreeRTOS backend the user must make sure - * SL_CATALOG_FREERTOS_KERNEL_PRESENT is defined. - * - * Applications created using Simplicity Studio 5 the sl_component_catalog.h - * file will define one of the above in order to declare the presence - * of a specific RTOS. - * - * \note - * In order to use the Silicon Labs Hardware Acceleration plugins in - * multi-threaded applications, select - * Mbed TLS support for EFM32/EFR32 crypto acceleration component. - * - * \{ - ******************************************************************************/ - -#include #include "mbedtls/threading.h" +#include #if defined(MBEDTLS_THREADING_ALT) && defined(MBEDTLS_THREADING_C) #if defined(SL_COMPONENT_CATALOG_PRESENT) - #include "sl_component_catalog.h" +#include "sl_component_catalog.h" #endif -#if defined(SL_CATALOG_MICRIUMOS_KERNEL_PRESENT) || defined(SL_CATALOG_FREERTOS_KERNEL_PRESENT) +#if defined(SL_CATALOG_MICRIUMOS_KERNEL_PRESENT) || \ + defined(SL_CATALOG_FREERTOS_KERNEL_PRESENT) #include "cmsis_os2.h" #include "sl_assert.h" #if defined(SL_CATALOG_FREERTOS_KERNEL_PRESENT) - #include "FreeRTOSConfig.h" - #if (configSUPPORT_STATIC_ALLOCATION == 1) - #include "FreeRTOS.h" // StaticSemaphore_t - #endif +#include "FreeRTOSConfig.h" +#if (configSUPPORT_STATIC_ALLOCATION == 1) +#include "FreeRTOS.h" // StaticSemaphore_t +#endif #endif #ifdef __cplusplus @@ -87,15 +88,16 @@ extern "C" { #define SL_THREADING_ALT -#define MUTEX_INIT = { 0 } +#define MUTEX_INIT = {0} /// SE manager mutex definition for CMSIS RTOS2. typedef struct mbedtls_threading_mutex { -#if defined(SL_CATALOG_FREERTOS_KERNEL_PRESENT) && (configSUPPORT_STATIC_ALLOCATION == 1) +#if defined(SL_CATALOG_FREERTOS_KERNEL_PRESENT) && \ + (configSUPPORT_STATIC_ALLOCATION == 1) StaticSemaphore_t static_sem_object; #endif osMutexAttr_t mutex_attr; - osMutexId_t mutex_ID; + osMutexId_t mutex_ID; } mbedtls_threading_mutex_t; /** @@ -103,13 +105,13 @@ typedef struct mbedtls_threading_mutex { * * \param mutex Pointer to the mutex needing initialization */ -static inline void THREADING_InitMutex(mbedtls_threading_mutex_t *mutex) -{ +static inline void THREADING_InitMutex(mbedtls_threading_mutex_t *mutex) { if (mutex == NULL) { return; } -#if defined(SL_CATALOG_FREERTOS_KERNEL_PRESENT) && (configSUPPORT_STATIC_ALLOCATION == 1) +#if defined(SL_CATALOG_FREERTOS_KERNEL_PRESENT) && \ + (configSUPPORT_STATIC_ALLOCATION == 1) mutex->mutex_attr.cb_mem = &mutex->static_sem_object; mutex->mutex_attr.cb_size = sizeof(mutex->static_sem_object); #endif @@ -124,8 +126,7 @@ static inline void THREADING_InitMutex(mbedtls_threading_mutex_t *mutex) * * \param mutex Pointer to the mutex being freed */ -static inline void THREADING_FreeMutex(mbedtls_threading_mutex_t *mutex) -{ +static inline void THREADING_FreeMutex(mbedtls_threading_mutex_t *mutex) { if (mutex == NULL) { return; } @@ -141,8 +142,8 @@ static inline void THREADING_FreeMutex(mbedtls_threading_mutex_t *mutex) * * \return RTOS_ERR_NONE on success, error code otherwise. */ -static inline int THREADING_TakeMutexBlocking(mbedtls_threading_mutex_t *mutex) -{ +static inline int +THREADING_TakeMutexBlocking(mbedtls_threading_mutex_t *mutex) { if (mutex == NULL) { return MBEDTLS_ERR_THREADING_BAD_INPUT_DATA; } @@ -159,10 +160,11 @@ static inline int THREADING_TakeMutexBlocking(mbedtls_threading_mutex_t *mutex) * * \param mutex Pointer to the mutex being tested * - * \return RTOS_ERR_NONE on success (= mutex successfully owned), error code otherwise. + * \return RTOS_ERR_NONE on success (= mutex successfully owned), error + * code otherwise. */ -static inline int THREADING_TakeMutexNonBlocking(mbedtls_threading_mutex_t *mutex) -{ +static inline int +THREADING_TakeMutexNonBlocking(mbedtls_threading_mutex_t *mutex) { if (mutex == NULL) { return MBEDTLS_ERR_THREADING_BAD_INPUT_DATA; } @@ -181,8 +183,7 @@ static inline int THREADING_TakeMutexNonBlocking(mbedtls_threading_mutex_t *mute * * \return RTOS_ERR_NONE on success, error code otherwise. */ -static inline int THREADING_GiveMutex(mbedtls_threading_mutex_t *mutex) -{ +static inline int THREADING_GiveMutex(mbedtls_threading_mutex_t *mutex) { if (mutex == NULL) { return MBEDTLS_ERR_THREADING_BAD_INPUT_DATA; } @@ -198,27 +199,27 @@ static inline int THREADING_GiveMutex(mbedtls_threading_mutex_t *mutex) } #endif -#endif // SL_CATALOG_MICRIUMOS_KERNEL_PRESENT || SL_CATALOG_FREERTOS_KERNEL_PRESENT +#endif // SL_CATALOG_MICRIUMOS_KERNEL_PRESENT || + // SL_CATALOG_FREERTOS_KERNEL_PRESENT #ifdef __cplusplus extern "C" { #endif /* Forward declaration of threading_set_alt */ -void mbedtls_threading_set_alt(void (*mutex_init)(mbedtls_threading_mutex_t *), - void (*mutex_free)(mbedtls_threading_mutex_t *), - int (*mutex_lock)(mbedtls_threading_mutex_t *), - int (*mutex_unlock)(mbedtls_threading_mutex_t *) ); +void mbedtls_threading_set_alt( + void (*mutex_init)(mbedtls_threading_mutex_t *), + void (*mutex_free)(mbedtls_threading_mutex_t *), + int (*mutex_lock)(mbedtls_threading_mutex_t *), + int (*mutex_unlock)(mbedtls_threading_mutex_t *)); /** - * \brief Helper function for setting up the mbed TLS threading subsystem + * \brief Helper function for setting up the mbed TLS threading + * subsystem */ -static inline void THREADING_setup(void) -{ - mbedtls_threading_set_alt(&THREADING_InitMutex, - &THREADING_FreeMutex, - &THREADING_TakeMutexBlocking, - &THREADING_GiveMutex); +static inline void THREADING_setup(void) { + mbedtls_threading_set_alt(&THREADING_InitMutex, &THREADING_FreeMutex, + &THREADING_TakeMutexBlocking, &THREADING_GiveMutex); } #ifdef __cplusplus diff --git a/platform/security/sl_component/sl_psa_driver/src/sl_psa_its_nvm3.c b/platform/security/sl_component/sl_psa_driver/src/sl_psa_its_nvm3.c index c5ff275fdd..6b2cacf83d 100644 --- a/platform/security/sl_component/sl_psa_driver/src/sl_psa_its_nvm3.c +++ b/platform/security/sl_component/sl_psa_driver/src/sl_psa_its_nvm3.c @@ -1,32 +1,32 @@ -/***************************************************************************//** - * @file - * @brief PSA ITS implementation based on Silicon Labs NVM3 - ******************************************************************************* - * # License - * Copyright 2020 Silicon Laboratories Inc. www.silabs.com - ******************************************************************************* - * - * SPDX-License-Identifier: Zlib - * - * The licensor of this software is Silicon Laboratories Inc. - * - * This software is provided 'as-is', without any express or implied - * warranty. In no event will the authors be held liable for any damages - * arising from the use of this software. - * - * Permission is granted to anyone to use this software for any purpose, - * including commercial applications, and to alter it and redistribute it - * freely, subject to the following restrictions: - * - * 1. The origin of this software must not be misrepresented; you must not - * claim that you wrote the original software. If you use this software - * in a product, an acknowledgment in the product documentation would be - * appreciated but is not required. - * 2. Altered source versions must be plainly marked as such, and must not be - * misrepresented as being the original software. - * 3. This notice may not be removed or altered from any source distribution. - * - ******************************************************************************/ +/***************************************************************************/ /** + * @file + * @brief PSA ITS implementation based on Silicon Labs NVM3 + ******************************************************************************* + * # License + * Copyright 2020 Silicon Laboratories Inc. www.silabs.com + ******************************************************************************* + * + * SPDX-License-Identifier: Zlib + * + * The licensor of this software is Silicon Laboratories Inc. + * + * This software is provided 'as-is', without any express or implied + * warranty. In no event will the authors be held liable for any damages + * arising from the use of this software. + * + * Permission is granted to anyone to use this software for any purpose, + * including commercial applications, and to alter it and redistribute it + * freely, subject to the following restrictions: + * + * 1. The origin of this software must not be misrepresented; you must not + * claim that you wrote the original software. If you use this software + * in a product, an acknowledgment in the product documentation would be + * appreciated but is not required. + * 2. Altered source versions must be plainly marked as such, and must not be + * misrepresented as being the original software. + * 3. This notice may not be removed or altered from any source distribution. + * + ******************************************************************************/ // The psa_driver_wrappers.h file that we're including here assumes that it has // access to private struct members. Define this here in order to avoid @@ -40,42 +40,42 @@ #if defined(MBEDTLS_PSA_CRYPTO_STORAGE_C) && !defined(MBEDTLS_PSA_ITS_FILE_C) +#include "mbedtls/platform.h" +#include "nvm3_default.h" #include "psa/internal_trusted_storage.h" #include "psa/sli_internal_trusted_storage.h" -#include "nvm3_default.h" -#include "mbedtls/platform.h" #include #include #if defined(TFM_CONFIG_SL_SECURE_LIBRARY) - #include - #include "psa/storage_common.h" +#include "psa/storage_common.h" +#include #endif // TFM_CONFIG_SL_SECURE_LIBRARY #if defined(SLI_PSA_ITS_ENCRYPTED) - #include "psa_crypto_core.h" - #include "psa_crypto_driver_wrappers.h" - #if defined(SEMAILBOX_PRESENT) - #include "psa/crypto_extra.h" - #include "sl_psa_values.h" - #include "sli_se_opaque_functions.h" - #endif // defined(SEMAILBOX_PRESENT) +#include "psa_crypto_core.h" +#include "psa_crypto_driver_wrappers.h" +#if defined(SEMAILBOX_PRESENT) +#include "psa/crypto_extra.h" +#include "sl_psa_values.h" +#include "sli_se_opaque_functions.h" +#endif // defined(SEMAILBOX_PRESENT) #endif // defined(SLI_PSA_ITS_ENCRYPTED) // SLI_STATIC_TESTABLE is used to expose otherwise-static variables during // internal testing. #if defined(SLI_STATIC_TESTABLE) - #define SLI_STATIC +#define SLI_STATIC #else - #define SLI_STATIC static +#define SLI_STATIC static #endif // ------------------------------------- // Threading support #if defined(MBEDTLS_THREADING_C) - #include "cmsis_os2.h" - #include "mbedtls/threading.h" +#include "cmsis_os2.h" +#include "mbedtls/threading.h" // Mutex for protecting access to the ITS instance SLI_STATIC mbedtls_threading_mutex_t its_mutex MUTEX_INIT; @@ -87,8 +87,7 @@ static volatile bool its_mutex_inited = false; * \return Previous lock state * */ -static inline int32_t lock_task_switches(void) -{ +static inline int32_t lock_task_switches(void) { int32_t kernel_lock_state = 0; osKernelState_t kernel_state = osKernelGetState(); if (kernel_state != osKernelInactive && kernel_state != osKernelReady) { @@ -100,8 +99,7 @@ static inline int32_t lock_task_switches(void) /** * \brief Restores the previous lock state */ -static inline void restore_lock_state(int32_t kernel_lock_state) -{ +static inline void restore_lock_state(int32_t kernel_lock_state) { osKernelState_t kernel_state = osKernelGetState(); if (kernel_state != osKernelInactive && kernel_state != osKernelReady) { if (osKernelRestoreLock(kernel_lock_state) < 0) { @@ -115,8 +113,7 @@ static inline void restore_lock_state(int32_t kernel_lock_state) /** * \brief Pend on the ITS mutex */ -void sli_its_acquire_mutex(void) -{ +void sli_its_acquire_mutex(void) { #if defined(MBEDTLS_THREADING_C) if (!its_mutex_inited) { int32_t kernel_lock_state = lock_task_switches(); @@ -138,8 +135,7 @@ void sli_its_acquire_mutex(void) /** * \brief Free the ITS mutex. */ -void sli_its_release_mutex(void) -{ +void sli_its_release_mutex(void) { #if defined(MBEDTLS_THREADING_C) if (its_mutex_inited) { mbedtls_mutex_unlock(&its_mutex); @@ -152,7 +148,8 @@ void sli_its_release_mutex(void) #if (!SL_PSA_ITS_SUPPORT_V3_DRIVER) #define SLI_PSA_ITS_NVM3_RANGE_START SLI_PSA_ITS_NVM3_RANGE_BASE -#define SLI_PSA_ITS_NVM3_RANGE_END SLI_PSA_ITS_NVM3_RANGE_START + SL_PSA_ITS_MAX_FILES +#define SLI_PSA_ITS_NVM3_RANGE_END \ + SLI_PSA_ITS_NVM3_RANGE_START + SL_PSA_ITS_MAX_FILES #define SLI_PSA_ITS_NVM3_INVALID_KEY (0) #define SLI_PSA_ITS_NVM3_UNKNOWN_KEY (1) @@ -163,18 +160,20 @@ void sli_its_release_mutex(void) #define SLI_PSA_ITS_CACHE_INIT_CHUNK_SIZE 16 -// Enable backwards-compatibility with keys stored with a v1 header unless disabled. +// Enable backwards-compatibility with keys stored with a v1 header unless +// disabled. #if !defined(SL_PSA_ITS_REMOVE_V1_HEADER_SUPPORT) #define SLI_PSA_ITS_SUPPORT_V1_FORMAT #endif // Internal error codes local to this compile unit #define SLI_PSA_ITS_ECODE_NO_VALID_HEADER (ECODE_EMDRV_NVM3_BASE - 1) -#define SLI_PSA_ITS_ECODE_NEEDS_UPGRADE (ECODE_EMDRV_NVM3_BASE - 2) +#define SLI_PSA_ITS_ECODE_NEEDS_UPGRADE (ECODE_EMDRV_NVM3_BASE - 2) #if defined(SLI_PSA_ITS_ENCRYPTED) -// Define some cryptographic constants if not already set. This depends on the underlying -// crypto accelerator in use (CRYPTOACC has these defines, but not SEMAILBOX). +// Define some cryptographic constants if not already set. This depends on the +// underlying crypto accelerator in use (CRYPTOACC has these defines, but not +// SEMAILBOX). #if !defined(AES_MAC_SIZE) #define AES_MAC_SIZE 16 #endif @@ -183,14 +182,14 @@ void sli_its_release_mutex(void) #define AES_IV_GCM_SIZE 12 #endif -#define SLI_ITS_ENCRYPTED_BLOB_SIZE_OVERHEAD (AES_IV_GCM_SIZE + AES_MAC_SIZE) +#define SLI_ITS_ENCRYPTED_BLOB_SIZE_OVERHEAD (AES_IV_GCM_SIZE + AES_MAC_SIZE) #endif // defined(SLI_PSA_ITS_ENCRYPTED) // ------------------------------------- // Local global static variables SLI_STATIC bool nvm3_uid_set_cache_initialized = false; -SLI_STATIC uint32_t nvm3_uid_set_cache[(SL_PSA_ITS_MAX_FILES + 31) / 32] = { 0 }; +SLI_STATIC uint32_t nvm3_uid_set_cache[(SL_PSA_ITS_MAX_FILES + 31) / 32] = {0}; typedef struct { psa_storage_uid_t uid; @@ -198,15 +197,14 @@ typedef struct { bool set; } previous_lookup_t; -static previous_lookup_t previous_lookup = { - 0, 0, false -}; +static previous_lookup_t previous_lookup = {0, 0, false}; #if defined(SLI_PSA_ITS_ENCRYPTED) // The root key is an AES-256 key, and is therefore 32 bytes. -#define ROOT_KEY_SIZE (32) -// The session key is derived from CMAC, which means it is equal to the AES block size, i.e. 16 bytes -#define SESSION_KEY_SIZE (16) +#define ROOT_KEY_SIZE (32) +// The session key is derived from CMAC, which means it is equal to the AES +// block size, i.e. 16 bytes +#define SESSION_KEY_SIZE (16) #if !defined(SEMAILBOX_PRESENT) typedef struct { @@ -215,8 +213,8 @@ typedef struct { } root_key_t; static root_key_t g_root_key = { - .initialized = false, - .data = { 0 }, + .initialized = false, + .data = {0}, }; #endif // !defined(SEMAILBOX_PRESENT) @@ -227,9 +225,9 @@ typedef struct { } session_key_t; static session_key_t g_cached_session_key = { - .active = false, - .uid = 0, - .data = { 0 }, + .active = false, + .uid = 0, + .data = {0}, }; #endif // defined(SLI_PSA_ITS_ENCRYPTED) @@ -263,7 +261,8 @@ typedef struct { // ------------------------------------- // Local function prototypes -static nvm3_ObjectKey_t get_nvm3_id(psa_storage_uid_t uid, bool find_empty_slot); +static nvm3_ObjectKey_t get_nvm3_id(psa_storage_uid_t uid, + bool find_empty_slot); static nvm3_ObjectKey_t prepare_its_get_nvm3_id(psa_storage_uid_t uid); #if defined(TFM_CONFIG_SL_SECURE_LIBRARY) @@ -271,22 +270,18 @@ static inline bool object_lives_in_s(const void *object, size_t object_size); #endif // defined(TFM_CONFIG_SL_SECURE_LIBRARY) #if defined(SLI_PSA_ITS_ENCRYPTED) -static psa_status_t derive_session_key(uint8_t *iv, - size_t iv_size, +static psa_status_t derive_session_key(uint8_t *iv, size_t iv_size, uint8_t *session_key, size_t session_key_size); static psa_status_t encrypt_its_file(sli_its_file_meta_v2_t *metadata, - uint8_t *plaintext, - size_t plaintext_size, + uint8_t *plaintext, size_t plaintext_size, sli_its_encrypted_blob_t *blob, - size_t blob_size, - size_t *blob_length); + size_t blob_size, size_t *blob_length); static psa_status_t decrypt_its_file(sli_its_file_meta_v2_t *metadata, sli_its_encrypted_blob_t *blob, - size_t blob_size, - uint8_t *plaintext, + size_t blob_size, uint8_t *plaintext, size_t plaintext_size, size_t *plaintext_length); @@ -300,8 +295,7 @@ static psa_status_t authenticate_its_file(nvm3_ObjectKey_t nvm3_object_id, #if defined(TFM_CONFIG_SL_SECURE_LIBRARY) // If an object of given size is fully encapsulated in a region of // secure domain the function returns true. -static inline bool object_lives_in_s(const void *object, size_t object_size) -{ +static inline bool object_lives_in_s(const void *object, size_t object_size) { cmse_address_info_t cmse_flags; for (size_t i = 0u; i < object_size; i++) { @@ -315,48 +309,45 @@ static inline bool object_lives_in_s(const void *object, size_t object_size) } #endif // defined(TFM_CONFIG_SL_SECURE_LIBRARY) -static inline void cache_set(nvm3_ObjectKey_t key) -{ +static inline void cache_set(nvm3_ObjectKey_t key) { uint32_t i = key - SLI_PSA_ITS_NVM3_RANGE_START; uint32_t bin = i / 32; uint32_t offset = i - 32 * bin; nvm3_uid_set_cache[bin] |= (1 << offset); } -static inline void cache_clear(nvm3_ObjectKey_t key) -{ +static inline void cache_clear(nvm3_ObjectKey_t key) { uint32_t i = key - SLI_PSA_ITS_NVM3_RANGE_START; uint32_t bin = i / 32; uint32_t offset = i - 32 * bin; nvm3_uid_set_cache[bin] ^= (1 << offset); } -static inline bool cache_lookup(nvm3_ObjectKey_t key) -{ +static inline bool cache_lookup(nvm3_ObjectKey_t key) { uint32_t i = key - SLI_PSA_ITS_NVM3_RANGE_START; uint32_t bin = i / 32; uint32_t offset = i - 32 * bin; return (bool)((nvm3_uid_set_cache[bin] >> offset) & 0x1); } -static void init_cache(void) -{ +static void init_cache(void) { size_t num_keys_referenced_by_nvm3; - nvm3_ObjectKey_t keys_referenced_by_nvm3[SLI_PSA_ITS_CACHE_INIT_CHUNK_SIZE] = { 0 }; + nvm3_ObjectKey_t keys_referenced_by_nvm3[SLI_PSA_ITS_CACHE_INIT_CHUNK_SIZE] = + {0}; for (nvm3_ObjectKey_t range_start = SLI_PSA_ITS_NVM3_RANGE_START; range_start < SLI_PSA_ITS_NVM3_RANGE_END; range_start += SLI_PSA_ITS_CACHE_INIT_CHUNK_SIZE) { - nvm3_ObjectKey_t range_end = range_start + SLI_PSA_ITS_CACHE_INIT_CHUNK_SIZE; + nvm3_ObjectKey_t range_end = + range_start + SLI_PSA_ITS_CACHE_INIT_CHUNK_SIZE; if (range_end > SLI_PSA_ITS_NVM3_RANGE_END) { range_end = SLI_PSA_ITS_NVM3_RANGE_END; } - num_keys_referenced_by_nvm3 = nvm3_enumObjects(nvm3_defaultHandle, - keys_referenced_by_nvm3, - sizeof(keys_referenced_by_nvm3) / sizeof(nvm3_ObjectKey_t), - range_start, - range_end - 1); + num_keys_referenced_by_nvm3 = nvm3_enumObjects( + nvm3_defaultHandle, keys_referenced_by_nvm3, + sizeof(keys_referenced_by_nvm3) / sizeof(nvm3_ObjectKey_t), range_start, + range_end - 1); for (size_t i = 0; i < num_keys_referenced_by_nvm3; i++) { cache_set(keys_referenced_by_nvm3[i]); @@ -368,10 +359,9 @@ static void init_cache(void) // Read the file metadata for a specific NVM3 ID static Ecode_t get_file_metadata(nvm3_ObjectKey_t key, - sli_its_file_meta_v2_t* metadata, - size_t* its_file_offset, - size_t* its_file_size) -{ + sli_its_file_meta_v2_t *metadata, + size_t *its_file_offset, + size_t *its_file_size) { // Initialize output variables to safe default if (its_file_offset != NULL) { *its_file_offset = 0; @@ -380,10 +370,7 @@ static Ecode_t get_file_metadata(nvm3_ObjectKey_t key, *its_file_size = 0; } - Ecode_t status = nvm3_readPartialData(nvm3_defaultHandle, - key, - metadata, - 0, + Ecode_t status = nvm3_readPartialData(nvm3_defaultHandle, key, metadata, 0, sizeof(sli_its_file_meta_v2_t)); if (status != ECODE_NVM3_OK) { return status; @@ -392,11 +379,8 @@ static Ecode_t get_file_metadata(nvm3_ObjectKey_t key, #if defined(SLI_PSA_ITS_SUPPORT_V1_FORMAT) // Re-read in v1 header format and translate to the latest structure version if (metadata->magic == SLI_PSA_ITS_META_MAGIC_V1) { - sl_its_file_meta_v1_t key_meta_v1 = { 0 }; - status = nvm3_readPartialData(nvm3_defaultHandle, - key, - &key_meta_v1, - 0, + sl_its_file_meta_v1_t key_meta_v1 = {0}; + status = nvm3_readPartialData(nvm3_defaultHandle, key, &key_meta_v1, 0, sizeof(sl_its_file_meta_v1_t)); if (status != ECODE_NVM3_OK) { @@ -428,10 +412,8 @@ static Ecode_t get_file_metadata(nvm3_ObjectKey_t key, if (its_file_offset != NULL && its_file_size != NULL) { // Calculate the ITS file size if requested uint32_t obj_type; - Ecode_t info_status = nvm3_getObjectInfo(nvm3_defaultHandle, - key, - &obj_type, - its_file_size); + Ecode_t info_status = + nvm3_getObjectInfo(nvm3_defaultHandle, key, &obj_type, its_file_size); if (info_status != ECODE_NVM3_OK) { return info_status; } @@ -443,8 +425,8 @@ static Ecode_t get_file_metadata(nvm3_ObjectKey_t key, } // Search through NVM3 for uid -static nvm3_ObjectKey_t get_nvm3_id(psa_storage_uid_t uid, bool find_empty_slot) -{ +static nvm3_ObjectKey_t get_nvm3_id(psa_storage_uid_t uid, + bool find_empty_slot) { Ecode_t status; sli_its_file_meta_v2_t key_meta; @@ -469,8 +451,8 @@ static nvm3_ObjectKey_t get_nvm3_id(psa_storage_uid_t uid, bool find_empty_slot) status = get_file_metadata(object_id, &key_meta, NULL, NULL); - if (status == ECODE_NVM3_OK - || status == SLI_PSA_ITS_ECODE_NEEDS_UPGRADE) { + if (status == ECODE_NVM3_OK || + status == SLI_PSA_ITS_ECODE_NEEDS_UPGRADE) { if (key_meta.uid == uid) { previous_lookup.set = true; previous_lookup.object_id = object_id; @@ -482,8 +464,8 @@ static nvm3_ObjectKey_t get_nvm3_id(psa_storage_uid_t uid, bool find_empty_slot) } } - if (status == SLI_PSA_ITS_ECODE_NO_VALID_HEADER - || status == ECODE_NVM3_ERR_READ_DATA_SIZE) { + if (status == SLI_PSA_ITS_ECODE_NO_VALID_HEADER || + status == ECODE_NVM3_ERR_READ_DATA_SIZE) { // we don't expect any other data in our range then PSA ITS files. // delete the file if the magic doesn't match or the object on disk // is too small to even have full metadata. @@ -500,11 +482,11 @@ static nvm3_ObjectKey_t get_nvm3_id(psa_storage_uid_t uid, bool find_empty_slot) // Perform NVM3 open and fill the look-up table. // Try to find the mapping NVM3 object ID with PSA ITS UID. -static nvm3_ObjectKey_t prepare_its_get_nvm3_id(psa_storage_uid_t uid) -{ +static nvm3_ObjectKey_t prepare_its_get_nvm3_id(psa_storage_uid_t uid) { #if defined(TFM_CONFIG_SL_SECURE_LIBRARY) - // With SKL the NVM3 instance must be initialized by the NS app. We therefore check that - // it has been opened (which is done on init) rather than actually doing the init. + // With SKL the NVM3 instance must be initialized by the NS app. We therefore + // check that it has been opened (which is done on init) rather than actually + // doing the init. if (!nvm3_defaultHandle->hasBeenOpened) { #else if (nvm3_initDefault() != ECODE_NVM3_OK) { @@ -520,35 +502,40 @@ static nvm3_ObjectKey_t prepare_its_get_nvm3_id(psa_storage_uid_t uid) } #if defined(SLI_PSA_ITS_ENCRYPTED) -static inline void cache_session_key(uint8_t *session_key, psa_storage_uid_t uid) -{ +static inline void cache_session_key(uint8_t *session_key, + psa_storage_uid_t uid) { // Cache the session key - memcpy(g_cached_session_key.data, session_key, sizeof(g_cached_session_key.data)); + memcpy(g_cached_session_key.data, session_key, + sizeof(g_cached_session_key.data)); g_cached_session_key.uid = uid; g_cached_session_key.active = true; } /** - * \brief Derive a session key for ITS file encryption from the initialized root key and provided IV. + * \brief Derive a session key for ITS file encryption from the initialized root + * key and provided IV. * - * \param[in] iv Pointer to array containing the initialization vector to be used in the key derivation. - * \param[in] iv_size Size of the IV buffer in bytes. Must be 12 bytes (AES-GCM IV size). - * \param[out] session_key Pointer to array where derived session key shall be stored. - * \param[out] session_key_size Size of the derived session key output array. Must be at least 32 bytes (AES-256 key size). + * \param[in] iv Pointer to array containing the initialization + * vector to be used in the key derivation. \param[in] iv_size Size of + * the IV buffer in bytes. Must be 12 bytes (AES-GCM IV size). \param[out] + * session_key Pointer to array where derived session key shall be stored. + * \param[out] session_key_size Size of the derived session key output array. + * Must be at least 32 bytes (AES-256 key size). * * \return A status indicating the success/failure of the operation * - * \retval PSA_SUCCESS The operation completed successfully - * \retval PSA_ERROR_BAD_STATE The root key has not been initialized. - * \retval PSA_ERROR_INVALID_ARGUMENT The operation failed because iv or session_key is NULL, or their sizes are incorrect. - * \retval PSA_ERROR_HARDWARE_FAILURE The operation failed because an internal cryptographic operation failed. + * \retval PSA_SUCCESS The operation completed + * successfully \retval PSA_ERROR_BAD_STATE The root key has + * not been initialized. \retval PSA_ERROR_INVALID_ARGUMENT The + * operation failed because iv or session_key is NULL, or their sizes are + * incorrect. \retval PSA_ERROR_HARDWARE_FAILURE The operation failed + * because an internal cryptographic operation failed. */ -static psa_status_t derive_session_key(uint8_t *iv, size_t iv_size, uint8_t *session_key, size_t session_key_size) -{ - if (iv == NULL - || iv_size != AES_IV_GCM_SIZE - || session_key == NULL - || session_key_size < SESSION_KEY_SIZE) { +static psa_status_t derive_session_key(uint8_t *iv, size_t iv_size, + uint8_t *session_key, + size_t session_key_size) { + if (iv == NULL || iv_size != AES_IV_GCM_SIZE || session_key == NULL || + session_key_size < SESSION_KEY_SIZE) { return PSA_ERROR_INVALID_ARGUMENT; } @@ -561,9 +548,8 @@ static psa_status_t derive_session_key(uint8_t *iv, size_t iv_size, uint8_t *ses psa_key_lifetime_t reported_lifetime; psa_drv_slot_number_t reported_slot; - status = mbedtls_psa_platform_get_builtin_key(psa_get_key_id(&attributes), - &reported_lifetime, - &reported_slot); + status = mbedtls_psa_platform_get_builtin_key( + psa_get_key_id(&attributes), &reported_lifetime, &reported_slot); if (status != PSA_SUCCESS) { return status; @@ -573,15 +559,12 @@ static psa_status_t derive_session_key(uint8_t *iv, size_t iv_size, uint8_t *ses uint8_t key_buffer[sizeof(sli_se_opaque_key_context_header_t)]; size_t key_buffer_size; - status = sli_se_opaque_get_builtin_key(reported_slot, - &attributes, - key_buffer, - sizeof(key_buffer), - &key_buffer_size); + status = sli_se_opaque_get_builtin_key(reported_slot, &attributes, key_buffer, + sizeof(key_buffer), &key_buffer_size); if (status != PSA_SUCCESS) { return status; } -#else // defined(SEMAILBOX_PRESENT) +#else // defined(SEMAILBOX_PRESENT) // For VSE devices, use the previously initialized root key if (!g_root_key.initialized) { return PSA_ERROR_BAD_STATE; @@ -593,24 +576,18 @@ static psa_status_t derive_session_key(uint8_t *iv, size_t iv_size, uint8_t *ses psa_set_key_bits(&attributes, ROOT_KEY_SIZE * 8); // Point the key buffer to the global root key - uint8_t *key_buffer = (uint8_t*)g_root_key.data; + uint8_t *key_buffer = (uint8_t *)g_root_key.data; size_t key_buffer_size = sizeof(g_root_key.data); #endif // defined(SEMAILBOX_PRESENT) // Use CMAC as a key derivation function size_t session_key_length; status = psa_driver_wrapper_mac_compute( - &attributes, - key_buffer, - key_buffer_size, - PSA_ALG_CMAC, - iv, - iv_size, - session_key, - session_key_size, - &session_key_length); - - // Verify that the key derivation was successful before transferring the key to the caller + &attributes, key_buffer, key_buffer_size, PSA_ALG_CMAC, iv, iv_size, + session_key, session_key_size, &session_key_length); + + // Verify that the key derivation was successful before transferring the key + // to the caller if (status != PSA_SUCCESS || session_key_length != SESSION_KEY_SIZE) { memset(session_key, 0, session_key_size); return PSA_ERROR_HARDWARE_FAILURE; @@ -620,40 +597,42 @@ static psa_status_t derive_session_key(uint8_t *iv, size_t iv_size, uint8_t *ses } /** - * \brief Encrypt and authenticate ITS data with AES-128-GCM, storing the result in an encrypted blob. - * - * \param[in] metadata ITS metadata to be used as authenticated additional data. - * \param[in] plaintext Pointer to array containing data to be encrypted. - * \param[in] plaintext_size Size of provided plaintext data array. - * \param[out] blob Pointer to array where the resulting encrypted blob shall be placed. - * \param[in] blob_size Size of the output array. Must be at least as big as plaintext_size + SLI_ITS_ENCRYPTED_BLOB_SIZE_OVERHEAD - * \param[out] blob_length Resulting size of the output blob. + * \brief Encrypt and authenticate ITS data with AES-128-GCM, storing the result + * in an encrypted blob. + * + * \param[in] metadata ITS metadata to be used as authenticated + * additional data. \param[in] plaintext Pointer to array containing data + * to be encrypted. \param[in] plaintext_size Size of provided plaintext data + * array. \param[out] blob Pointer to array where the resulting + * encrypted blob shall be placed. \param[in] blob_size Size of the output + * array. Must be at least as big as plaintext_size + + * SLI_ITS_ENCRYPTED_BLOB_SIZE_OVERHEAD \param[out] blob_length Resulting + * size of the output blob. * * \return A status indicating the success/failure of the operation * - * \retval PSA_SUCCESS The operation completed successfully - * \retval PSA_ERROR_BAD_STATE The root key has not been initialized. - * \retval PSA_ERROR_INVALID_ARGUMENT The operation failed because one or more arguments are NULL or of invalid size. - * \retval PSA_ERROR_HARDWARE_FAILURE The operation failed because an internal cryptographic operation failed. + * \retval PSA_SUCCESS The operation completed + * successfully \retval PSA_ERROR_BAD_STATE The root key has + * not been initialized. \retval PSA_ERROR_INVALID_ARGUMENT The + * operation failed because one or more arguments are NULL or of invalid size. + * \retval PSA_ERROR_HARDWARE_FAILURE The operation failed because an + * internal cryptographic operation failed. */ static psa_status_t encrypt_its_file(sli_its_file_meta_v2_t *metadata, - uint8_t *plaintext, - size_t plaintext_size, + uint8_t *plaintext, size_t plaintext_size, sli_its_encrypted_blob_t *blob, - size_t blob_size, - size_t *blob_length) -{ - if (metadata == NULL - || (plaintext == NULL && plaintext_size > 0) - || blob == NULL - || blob_size < plaintext_size + SLI_ITS_ENCRYPTED_BLOB_SIZE_OVERHEAD - || blob_length == NULL) { + size_t blob_size, size_t *blob_length) { + if (metadata == NULL || (plaintext == NULL && plaintext_size > 0) || + blob == NULL || + blob_size < plaintext_size + SLI_ITS_ENCRYPTED_BLOB_SIZE_OVERHEAD || + blob_length == NULL) { return PSA_ERROR_INVALID_ARGUMENT; } // Generate IV size_t iv_length = 0; - psa_status_t psa_status = mbedtls_psa_external_get_random(NULL, blob->iv, AES_IV_GCM_SIZE, &iv_length); + psa_status_t psa_status = mbedtls_psa_external_get_random( + NULL, blob->iv, AES_IV_GCM_SIZE, &iv_length); if (psa_status != PSA_SUCCESS || iv_length != AES_IV_GCM_SIZE) { return PSA_ERROR_HARDWARE_FAILURE; @@ -667,7 +646,8 @@ static psa_status_t encrypt_its_file(sli_its_file_meta_v2_t *metadata, psa_set_key_bits(&attributes, SESSION_KEY_SIZE * 8); uint8_t session_key[SESSION_KEY_SIZE]; - psa_status = derive_session_key(blob->iv, AES_IV_GCM_SIZE, session_key, sizeof(session_key)); + psa_status = derive_session_key(blob->iv, AES_IV_GCM_SIZE, session_key, + sizeof(session_key)); if (psa_status != PSA_SUCCESS) { return psa_status; } @@ -676,20 +656,18 @@ static psa_status_t encrypt_its_file(sli_its_file_meta_v2_t *metadata, // Retrieve data to be encrypted if (plaintext_size != 0U) { - memcpy(blob->data, ((uint8_t*)plaintext), plaintext_size); + memcpy(blob->data, ((uint8_t *)plaintext), plaintext_size); } // Encrypt and authenticate blob size_t output_length = 0; psa_status = psa_driver_wrapper_aead_encrypt( - &attributes, - session_key, sizeof(session_key), - PSA_ALG_GCM, - blob->iv, sizeof(blob->iv), - (uint8_t*)metadata, sizeof(sli_its_file_meta_v2_t), // metadata is AAD - blob->data, plaintext_size, - blob->data, plaintext_size + AES_MAC_SIZE, // output == input for in-place encryption - &output_length); + &attributes, session_key, sizeof(session_key), PSA_ALG_GCM, blob->iv, + sizeof(blob->iv), (uint8_t *)metadata, + sizeof(sli_its_file_meta_v2_t), // metadata is AAD + blob->data, plaintext_size, blob->data, + plaintext_size + AES_MAC_SIZE, // output == input for in-place encryption + &output_length); // Clear the local session key immediately after we're done using it memset(session_key, 0, sizeof(session_key)); @@ -710,33 +688,34 @@ static psa_status_t encrypt_its_file(sli_its_file_meta_v2_t *metadata, /** * \brief Decrypt and authenticate encrypted ITS data. * - * \param[in] metadata ITS metadata to be used as authenticated additional data. Must be identical to the metadata used during encryption. + * \param[in] metadata ITS metadata to be used as authenticated + * additional data. Must be identical to the metadata used during encryption. * \param[in] blob Encrypted blob containing data to be decrypted. * \param[in] blob_size Size of the encrypted blob in bytes. - * \param[out] plaintext Pointer to array where the decrypted plaintext shall be placed. - * \param[in] plaintext_size Size of the plaintext array. Must be equal to sizeof(blob->data) - AES_MAC_SIZE. - * \param[out] plaintext_length Resulting length of the decrypted plaintext. + * \param[out] plaintext Pointer to array where the decrypted plaintext + * shall be placed. \param[in] plaintext_size Size of the plaintext array. + * Must be equal to sizeof(blob->data) - AES_MAC_SIZE. \param[out] + * plaintext_length Resulting length of the decrypted plaintext. * * \return A status indicating the success/failure of the operation * - * \retval PSA_SUCCESS The operation completed successfully - * \retval PSA_ERROR_INVALID_SIGANTURE The operation failed because authentication of the decrypted data failed. - * \retval PSA_ERROR_BAD_STATE The root key has not been initialized. - * \retval PSA_ERROR_INVALID_ARGUMENT The operation failed because one or more arguments are NULL or of invalid size. - * \retval PSA_ERROR_HARDWARE_FAILURE The operation failed because an internal cryptographic operation failed. + * \retval PSA_SUCCESS The operation completed + * successfully \retval PSA_ERROR_INVALID_SIGANTURE The operation + * failed because authentication of the decrypted data failed. \retval + * PSA_ERROR_BAD_STATE The root key has not been initialized. + * \retval PSA_ERROR_INVALID_ARGUMENT The operation failed because + * one or more arguments are NULL or of invalid size. \retval + * PSA_ERROR_HARDWARE_FAILURE The operation failed because an internal + * cryptographic operation failed. */ static psa_status_t decrypt_its_file(sli_its_file_meta_v2_t *metadata, sli_its_encrypted_blob_t *blob, - size_t blob_size, - uint8_t *plaintext, + size_t blob_size, uint8_t *plaintext, size_t plaintext_size, - size_t *plaintext_length) -{ - if (metadata == NULL - || blob == NULL - || blob_size < plaintext_size + SLI_ITS_ENCRYPTED_BLOB_SIZE_OVERHEAD - || (plaintext == NULL && plaintext_size > 0) - || plaintext_length == NULL) { + size_t *plaintext_length) { + if (metadata == NULL || blob == NULL || + blob_size < plaintext_size + SLI_ITS_ENCRYPTED_BLOB_SIZE_OVERHEAD || + (plaintext == NULL && plaintext_size > 0) || plaintext_length == NULL) { return PSA_ERROR_INVALID_ARGUMENT; } @@ -750,11 +729,13 @@ static psa_status_t decrypt_its_file(sli_its_file_meta_v2_t *metadata, psa_status_t psa_status = PSA_ERROR_CORRUPTION_DETECTED; uint8_t session_key[SESSION_KEY_SIZE]; - if (g_cached_session_key.active && g_cached_session_key.uid == metadata->uid) { + if (g_cached_session_key.active && + g_cached_session_key.uid == metadata->uid) { // Use cached session key if it's already set and UID matches memcpy(session_key, g_cached_session_key.data, sizeof(session_key)); } else { - psa_status = derive_session_key(blob->iv, AES_IV_GCM_SIZE, session_key, sizeof(session_key)); + psa_status = derive_session_key(blob->iv, AES_IV_GCM_SIZE, session_key, + sizeof(session_key)); if (psa_status != PSA_SUCCESS) { return psa_status; } @@ -764,14 +745,11 @@ static psa_status_t decrypt_its_file(sli_its_file_meta_v2_t *metadata, // Decrypt and authenticate blob size_t output_length = 0; psa_status = psa_driver_wrapper_aead_decrypt( - &attributes, - session_key, sizeof(session_key), - PSA_ALG_GCM, - blob->iv, sizeof(blob->iv), - (uint8_t*)metadata, sizeof(sli_its_file_meta_v2_t), // metadata is AAD - blob->data, plaintext_size + AES_MAC_SIZE, - plaintext, plaintext_size, - &output_length); + &attributes, session_key, sizeof(session_key), PSA_ALG_GCM, blob->iv, + sizeof(blob->iv), (uint8_t *)metadata, + sizeof(sli_its_file_meta_v2_t), // metadata is AAD + blob->data, plaintext_size + AES_MAC_SIZE, plaintext, plaintext_size, + &output_length); // Clear the session key immediately after we're done using it memset(session_key, 0, sizeof(session_key)); @@ -781,8 +759,7 @@ static psa_status_t decrypt_its_file(sli_its_file_meta_v2_t *metadata, return PSA_ERROR_INVALID_SIGNATURE; } - if (psa_status != PSA_SUCCESS - || output_length != plaintext_size) { + if (psa_status != PSA_SUCCESS || output_length != plaintext_size) { return PSA_ERROR_HARDWARE_FAILURE; } @@ -792,37 +769,41 @@ static psa_status_t decrypt_its_file(sli_its_file_meta_v2_t *metadata, } /** - * \brief Authenticate encrypted ITS data and return the UID of the ITS file that was authenticated. + * \brief Authenticate encrypted ITS data and return the UID of the ITS file + * that was authenticated. * - * \details NOTE: This function will run decrypt_its_file() internally. The difference from the decrypt_its_file() - * function is that authenticate_its_file() reads the NVM3 data, decrypts it in order to authenticate the - * stored data, and then discards the plaintext. This is needed since PSA Crypto doesn't support the - * GMAC primitive directly, which means we have to run a full GCM decrypt for authentication. + * \details NOTE: This function will run decrypt_its_file() internally. The + * difference from the decrypt_its_file() function is that + * authenticate_its_file() reads the NVM3 data, decrypts it in order to + * authenticate the stored data, and then discards the plaintext. This is needed + * since PSA Crypto doesn't support the GMAC primitive directly, which means we + * have to run a full GCM decrypt for authentication. * - * \param[in] nvm3_object_id The NVM3 id corresponding to the stored ITS file. - * \param[out] authenticated_uid UID for the authenticated ITS file. + * \param[in] nvm3_object_id The NVM3 id corresponding to the stored ITS + * file. \param[out] authenticated_uid UID for the authenticated ITS file. * * \return A status indicating the success/failure of the operation * - * \retval PSA_SUCCESS The operation completed successfully - * \retval PSA_ERROR_INVALID_SIGANTURE The operation failed because authentication of the decrypted data failed. - * \retval PSA_ERROR_BAD_STATE The root key has not been initialized. - * \retval PSA_ERROR_INVALID_ARGUMENT The operation failed because one or more arguments are NULL or of invalid size. - * \retval PSA_ERROR_HARDWARE_FAILURE The operation failed because an internal cryptographic operation failed. + * \retval PSA_SUCCESS The operation completed + * successfully \retval PSA_ERROR_INVALID_SIGANTURE The operation + * failed because authentication of the decrypted data failed. \retval + * PSA_ERROR_BAD_STATE The root key has not been initialized. + * \retval PSA_ERROR_INVALID_ARGUMENT The operation failed because + * one or more arguments are NULL or of invalid size. \retval + * PSA_ERROR_HARDWARE_FAILURE The operation failed because an internal + * cryptographic operation failed. */ -static psa_status_t authenticate_its_file(nvm3_ObjectKey_t nvm3_object_id, - psa_storage_uid_t *authenticated_uid) -{ +static psa_status_t +authenticate_its_file(nvm3_ObjectKey_t nvm3_object_id, + psa_storage_uid_t *authenticated_uid) { psa_status_t ret = PSA_ERROR_CORRUPTION_DETECTED; sli_its_file_meta_v2_t *its_file_meta = NULL; sli_its_encrypted_blob_t *blob = NULL; uint32_t obj_type; size_t its_file_size = 0; - Ecode_t status = nvm3_getObjectInfo(nvm3_defaultHandle, - nvm3_object_id, - &obj_type, - &its_file_size); + Ecode_t status = nvm3_getObjectInfo(nvm3_defaultHandle, nvm3_object_id, + &obj_type, &its_file_size); if (status != ECODE_NVM3_OK) { return PSA_ERROR_STORAGE_FAILURE; } @@ -833,32 +814,32 @@ static psa_status_t authenticate_its_file(nvm3_ObjectKey_t nvm3_object_id, } memset(its_file_buffer, 0, its_file_size); - status = nvm3_readData(nvm3_defaultHandle, - nvm3_object_id, - its_file_buffer, + status = nvm3_readData(nvm3_defaultHandle, nvm3_object_id, its_file_buffer, its_file_size); if (status != ECODE_NVM3_OK) { ret = PSA_ERROR_STORAGE_FAILURE; goto cleanup; } - its_file_meta = (sli_its_file_meta_v2_t*)its_file_buffer; - blob = (sli_its_encrypted_blob_t*)(its_file_buffer + sizeof(sli_its_file_meta_v2_t)); + its_file_meta = (sli_its_file_meta_v2_t *)its_file_buffer; + blob = (sli_its_encrypted_blob_t *)(its_file_buffer + + sizeof(sli_its_file_meta_v2_t)); // Decrypt and authenticate blob size_t plaintext_length; - ret = decrypt_its_file(its_file_meta, - blob, + ret = decrypt_its_file(its_file_meta, blob, its_file_size - sizeof(sli_its_file_meta_v2_t), blob->data, - its_file_size - sizeof(sli_its_file_meta_v2_t) - SLI_ITS_ENCRYPTED_BLOB_SIZE_OVERHEAD, + its_file_size - sizeof(sli_its_file_meta_v2_t) - + SLI_ITS_ENCRYPTED_BLOB_SIZE_OVERHEAD, &plaintext_length); if (ret != PSA_SUCCESS) { goto cleanup; } - if (plaintext_length != (its_file_size - sizeof(sli_its_file_meta_v2_t) - SLI_ITS_ENCRYPTED_BLOB_SIZE_OVERHEAD)) { + if (plaintext_length != (its_file_size - sizeof(sli_its_file_meta_v2_t) - + SLI_ITS_ENCRYPTED_BLOB_SIZE_OVERHEAD)) { ret = PSA_ERROR_INVALID_SIGNATURE; goto cleanup; } @@ -869,9 +850,10 @@ static psa_status_t authenticate_its_file(nvm3_ObjectKey_t nvm3_object_id, ret = PSA_SUCCESS; - cleanup: +cleanup: - // Discard output, as we're only interested in whether the authentication check passed or not. + // Discard output, as we're only interested in whether the authentication + // check passed or not. memset(its_file_buffer, 0, its_file_size); mbedtls_free(its_file_buffer); @@ -892,20 +874,23 @@ static psa_status_t authenticate_its_file(nvm3_ObjectKey_t nvm3_object_id, * * \return A status indicating the success/failure of the operation * - * \retval PSA_SUCCESS The operation completed successfully - * \retval PSA_ERROR_NOT_PERMITTED The operation failed because the provided `uid` value was already created with PSA_STORAGE_FLAG_WRITE_ONCE - * \retval PSA_ERROR_NOT_SUPPORTED The operation failed because one or more of the flags provided in `create_flags` is not supported or is not valid - * \retval PSA_ERROR_INSUFFICIENT_STORAGE The operation failed because there was insufficient space on the storage medium - * \retval PSA_ERROR_STORAGE_FAILURE The operation failed because the physical storage has failed (Fatal error) - * \retval PSA_ERROR_INVALID_ARGUMENT The operation failed because one of the provided pointers(`p_data`) - * is invalid, for example is `NULL` or references memory the caller cannot access - * \retval PSA_ERROR_HARDWARE_FAILURE The operation failed because an internal cryptographic operation failed. + * \retval PSA_SUCCESS The operation completed + * successfully \retval PSA_ERROR_NOT_PERMITTED The operation + * failed because the provided `uid` value was already created with + * PSA_STORAGE_FLAG_WRITE_ONCE \retval PSA_ERROR_NOT_SUPPORTED The + * operation failed because one or more of the flags provided in `create_flags` + * is not supported or is not valid \retval PSA_ERROR_INSUFFICIENT_STORAGE + * The operation failed because there was insufficient space on the storage + * medium \retval PSA_ERROR_STORAGE_FAILURE The operation failed + * because the physical storage has failed (Fatal error) \retval + * PSA_ERROR_INVALID_ARGUMENT The operation failed because one of the + * provided pointers(`p_data`) is invalid, for example is `NULL` or references + * memory the caller cannot access \retval PSA_ERROR_HARDWARE_FAILURE The + * operation failed because an internal cryptographic operation failed. */ -psa_status_t psa_its_set(psa_storage_uid_t uid, - uint32_t data_length, +psa_status_t psa_its_set(psa_storage_uid_t uid, uint32_t data_length, const void *p_data, - psa_storage_create_flags_t create_flags) -{ + psa_storage_create_flags_t create_flags) { if (data_length > NVM3_MAX_OBJECT_SIZE) { return PSA_ERROR_STORAGE_FAILURE; } @@ -913,19 +898,20 @@ psa_status_t psa_its_set(psa_storage_uid_t uid, return PSA_ERROR_INVALID_ARGUMENT; } - if (create_flags != PSA_STORAGE_FLAG_WRITE_ONCE - && create_flags != PSA_STORAGE_FLAG_NONE + if (create_flags != PSA_STORAGE_FLAG_WRITE_ONCE && + create_flags != PSA_STORAGE_FLAG_NONE #if defined(TFM_CONFIG_SL_SECURE_LIBRARY) && create_flags != PSA_STORAGE_FLAG_WRITE_ONCE_SECURE_ACCESSIBLE #endif - ) { + ) { return PSA_ERROR_NOT_SUPPORTED; } #if defined(TFM_CONFIG_SL_SECURE_LIBRARY) - if ((create_flags == PSA_STORAGE_FLAG_WRITE_ONCE_SECURE_ACCESSIBLE) - && (!object_lives_in_s(p_data, data_length))) { - // The flag indicates that this data should not be set by the non-secure domain + if ((create_flags == PSA_STORAGE_FLAG_WRITE_ONCE_SECURE_ACCESSIBLE) && + (!object_lives_in_s(p_data, data_length))) { + // The flag indicates that this data should not be set by the non-secure + // domain return PSA_ERROR_INVALID_ARGUMENT; } #endif @@ -933,7 +919,7 @@ psa_status_t psa_its_set(psa_storage_uid_t uid, nvm3_ObjectKey_t nvm3_object_id = prepare_its_get_nvm3_id(uid); Ecode_t status; psa_status_t ret = PSA_SUCCESS; - sli_its_file_meta_v2_t* its_file_meta; + sli_its_file_meta_v2_t *its_file_meta; #if defined(SLI_PSA_ITS_ENCRYPTED) psa_storage_uid_t authenticated_uid; @@ -946,7 +932,8 @@ psa_status_t psa_its_set(psa_storage_uid_t uid, size_t its_file_size = data_length; #endif - uint8_t *its_file_buffer = mbedtls_calloc(1, its_file_size + sizeof(sli_its_file_meta_v2_t)); + uint8_t *its_file_buffer = + mbedtls_calloc(1, its_file_size + sizeof(sli_its_file_meta_v2_t)); if (its_file_buffer == NULL) { ret = PSA_ERROR_INSUFFICIENT_MEMORY; goto exit; @@ -968,8 +955,7 @@ psa_status_t psa_its_set(psa_storage_uid_t uid, // ITS UID was found. Read ITS meta data. status = get_file_metadata(nvm3_object_id, its_file_meta, NULL, NULL); - if (status != ECODE_NVM3_OK - && status != SLI_PSA_ITS_ECODE_NEEDS_UPGRADE) { + if (status != ECODE_NVM3_OK && status != SLI_PSA_ITS_ECODE_NEEDS_UPGRADE) { ret = PSA_ERROR_STORAGE_FAILURE; goto exit; } @@ -978,13 +964,14 @@ psa_status_t psa_its_set(psa_storage_uid_t uid, #if defined(TFM_CONFIG_SL_SECURE_LIBRARY) || its_file_meta->flags == PSA_STORAGE_FLAG_WRITE_ONCE_SECURE_ACCESSIBLE #endif - ) { + ) { ret = PSA_ERROR_NOT_PERMITTED; goto exit; } #if defined(SLI_PSA_ITS_ENCRYPTED) - // If the UID already exists, authenticate the existing value and make sure the stored UID is the same. + // If the UID already exists, authenticate the existing value and make sure + // the stored UID is the same. ret = authenticate_its_file(nvm3_object_id, &authenticated_uid); if (ret != PSA_SUCCESS) { goto exit; @@ -1000,16 +987,14 @@ psa_status_t psa_its_set(psa_storage_uid_t uid, its_file_meta->flags = create_flags; #if defined(SLI_PSA_ITS_ENCRYPTED) - // Everything after the file metadata will make up the encrypted & authenticated blob - blob = (sli_its_encrypted_blob_t*)(its_file_buffer + sizeof(sli_its_file_meta_v2_t)); + // Everything after the file metadata will make up the encrypted & + // authenticated blob + blob = (sli_its_encrypted_blob_t *)(its_file_buffer + + sizeof(sli_its_file_meta_v2_t)); // Encrypt and authenticate the provided data - psa_status = encrypt_its_file(its_file_meta, - (uint8_t*)p_data, - data_length, - blob, - its_file_size, - &blob_length); + psa_status = encrypt_its_file(its_file_meta, (uint8_t *)p_data, data_length, + blob, its_file_size, &blob_length); if (psa_status != PSA_SUCCESS) { ret = psa_status; @@ -1023,13 +1008,13 @@ psa_status_t psa_its_set(psa_storage_uid_t uid, #else if (data_length != 0U) { - memcpy(its_file_buffer + sizeof(sli_its_file_meta_v2_t), ((uint8_t*)p_data), data_length); + memcpy(its_file_buffer + sizeof(sli_its_file_meta_v2_t), + ((uint8_t *)p_data), data_length); } #endif - status = nvm3_writeData(nvm3_defaultHandle, - nvm3_object_id, - its_file_buffer, its_file_size + sizeof(sli_its_file_meta_v2_t)); + status = nvm3_writeData(nvm3_defaultHandle, nvm3_object_id, its_file_buffer, + its_file_size + sizeof(sli_its_file_meta_v2_t)); if (status == ECODE_NVM3_OK) { // Power-loss might occur, however upon boot, the look-up table will be @@ -1039,7 +1024,7 @@ psa_status_t psa_its_set(psa_storage_uid_t uid, ret = PSA_ERROR_STORAGE_FAILURE; } - exit: +exit: if (its_file_buffer != NULL) { // Clear and free key buffer before return. memset(its_file_buffer, 0, its_file_size + sizeof(sli_its_file_meta_v2_t)); @@ -1054,27 +1039,29 @@ psa_status_t psa_its_set(psa_storage_uid_t uid, * * \param[in] uid The uid value * \param[in] data_offset The starting offset of the data requested - * \param[in] data_length the amount of data requested (and the minimum allocated size of the `p_data` buffer) - * \param[out] p_data The buffer where the data will be placed upon successful completion - * \param[out] p_data_length The amount of data returned in the p_data buffer + * \param[in] data_length the amount of data requested (and the minimum + * allocated size of the `p_data` buffer) \param[out] p_data The + * buffer where the data will be placed upon successful completion \param[out] + * p_data_length The amount of data returned in the p_data buffer * * * \return A status indicating the success/failure of the operation * - * \retval PSA_SUCCESS The operation completed successfully - * \retval PSA_ERROR_DOES_NOT_EXIST The operation failed because the provided `uid` value was not found in the storage - * \retval PSA_ERROR_BUFFER_TOO_SMALL The operation failed because the data associated with provided uid is larger than `data_size` - * \retval PSA_ERROR_STORAGE_FAILURE The operation failed because the physical storage has failed (Fatal error) - * \retval PSA_ERROR_INVALID_ARGUMENT The operation failed because one of the provided pointers(`p_data`, `p_data_length`) - * is invalid. For example is `NULL` or references memory the caller cannot access. - * In addition, this can also happen if an invalid offset was provided. + * \retval PSA_SUCCESS The operation completed + * successfully \retval PSA_ERROR_DOES_NOT_EXIST The operation failed + * because the provided `uid` value was not found in the storage \retval + * PSA_ERROR_BUFFER_TOO_SMALL The operation failed because the data associated + * with provided uid is larger than `data_size` \retval + * PSA_ERROR_STORAGE_FAILURE The operation failed because the physical + * storage has failed (Fatal error) \retval PSA_ERROR_INVALID_ARGUMENT The + * operation failed because one of the provided pointers(`p_data`, + * `p_data_length`) is invalid. For example is `NULL` or references memory the + * caller cannot access. In addition, this can also happen if an invalid offset + * was provided. */ -psa_status_t psa_its_get(psa_storage_uid_t uid, - uint32_t data_offset, - uint32_t data_length, - void *p_data, - size_t *p_data_length) -{ +psa_status_t psa_its_get(psa_storage_uid_t uid, uint32_t data_offset, + uint32_t data_length, void *p_data, + size_t *p_data_length) { psa_status_t ret = PSA_ERROR_CORRUPTION_DETECTED; if ((data_length != 0U) && (p_data_length == NULL)) { @@ -1082,10 +1069,10 @@ psa_status_t psa_its_get(psa_storage_uid_t uid, } if (data_length != 0U) { - // If the request amount of data is 0, allow invalid pointer of the output buffer. - if ((p_data == NULL) - || ((uint32_t)p_data < SRAM_BASE) - || ((uint32_t)p_data > (SRAM_BASE + SRAM_SIZE - data_length))) { + // If the request amount of data is 0, allow invalid pointer of the output + // buffer. + if ((p_data == NULL) || ((uint32_t)p_data < SRAM_BASE) || + ((uint32_t)p_data > (SRAM_BASE + SRAM_SIZE - data_length))) { return PSA_ERROR_INVALID_ARGUMENT; } } @@ -1097,7 +1084,7 @@ psa_status_t psa_its_get(psa_storage_uid_t uid, #endif size_t its_file_data_size = 0u; Ecode_t status; - sli_its_file_meta_v2_t its_file_meta = { 0 }; + sli_its_file_meta_v2_t its_file_meta = {0}; size_t its_file_size = 0; size_t its_file_offset = 0; @@ -1108,28 +1095,30 @@ psa_status_t psa_its_get(psa_storage_uid_t uid, goto exit; } - status = get_file_metadata(nvm3_object_id, &its_file_meta, &its_file_offset, &its_file_size); + status = get_file_metadata(nvm3_object_id, &its_file_meta, &its_file_offset, + &its_file_size); if (status == SLI_PSA_ITS_ECODE_NO_VALID_HEADER) { ret = PSA_ERROR_DOES_NOT_EXIST; goto exit; } - if (status != ECODE_NVM3_OK - && status != SLI_PSA_ITS_ECODE_NEEDS_UPGRADE) { + if (status != ECODE_NVM3_OK && status != SLI_PSA_ITS_ECODE_NEEDS_UPGRADE) { ret = PSA_ERROR_STORAGE_FAILURE; goto exit; } #if defined(TFM_CONFIG_SL_SECURE_LIBRARY) - if (its_file_meta.flags == PSA_STORAGE_FLAG_WRITE_ONCE_SECURE_ACCESSIBLE - && !object_lives_in_s(p_data, data_length)) { - // The flag indicates that this data should not be read back to the non-secure domain + if (its_file_meta.flags == PSA_STORAGE_FLAG_WRITE_ONCE_SECURE_ACCESSIBLE && + !object_lives_in_s(p_data, data_length)) { + // The flag indicates that this data should not be read back to the + // non-secure domain ret = PSA_ERROR_INVALID_ARGUMENT; goto exit; } #endif #if defined(SLI_PSA_ITS_ENCRYPTED) - // Subtract IV and MAC from ITS file as the below checks concern the actual data size + // Subtract IV and MAC from ITS file as the below checks concern the actual + // data size its_file_data_size = its_file_size - SLI_ITS_ENCRYPTED_BLOB_SIZE_OVERHEAD; #else its_file_data_size = its_file_size; @@ -1146,7 +1135,8 @@ psa_status_t psa_its_get(psa_storage_uid_t uid, goto exit; } } else { - // Allow the offset at the data size boundary if the requested amount of data is zero. + // Allow the offset at the data size boundary if the requested amount of + // data is zero. if (data_offset > its_file_data_size) { ret = PSA_ERROR_INVALID_ARGUMENT; goto exit; @@ -1161,42 +1151,38 @@ psa_status_t psa_its_get(psa_storage_uid_t uid, #if defined(SLI_PSA_ITS_ENCRYPTED) // its_file_size includes size of sli_its_encrypted_blob_t struct - blob = (sli_its_encrypted_blob_t*)mbedtls_calloc(1, its_file_size); + blob = (sli_its_encrypted_blob_t *)mbedtls_calloc(1, its_file_size); if (blob == NULL) { ret = PSA_ERROR_INSUFFICIENT_MEMORY; goto exit; } memset(blob, 0, its_file_size); - status = nvm3_readPartialData(nvm3_defaultHandle, - nvm3_object_id, - blob, - its_file_offset, - its_file_size); + status = nvm3_readPartialData(nvm3_defaultHandle, nvm3_object_id, blob, + its_file_offset, its_file_size); if (status != ECODE_NVM3_OK) { ret = PSA_ERROR_STORAGE_FAILURE; goto exit; } // Decrypt and authenticate blob - psa_status = decrypt_its_file(&its_file_meta, - blob, - its_file_size, - blob->data, - its_file_size - SLI_ITS_ENCRYPTED_BLOB_SIZE_OVERHEAD, - &plaintext_length); + psa_status = decrypt_its_file( + &its_file_meta, blob, its_file_size, blob->data, + its_file_size - SLI_ITS_ENCRYPTED_BLOB_SIZE_OVERHEAD, &plaintext_length); if (psa_status != PSA_SUCCESS) { ret = psa_status; goto exit; } - if (plaintext_length != (its_file_size - SLI_ITS_ENCRYPTED_BLOB_SIZE_OVERHEAD)) { + if (plaintext_length != + (its_file_size - SLI_ITS_ENCRYPTED_BLOB_SIZE_OVERHEAD)) { ret = PSA_ERROR_INVALID_SIGNATURE; goto exit; } - // Verify that the requested UID is equal to the retrieved and authenticated UID + // Verify that the requested UID is equal to the retrieved and authenticated + // UID if (uid != its_file_meta.uid) { ret = PSA_ERROR_INVALID_ARGUMENT; goto exit; @@ -1207,15 +1193,17 @@ psa_status_t psa_its_get(psa_storage_uid_t uid, } ret = PSA_SUCCESS; - exit: +exit: if (blob != NULL) { memset(blob, 0, its_file_size); mbedtls_free(blob); } sli_its_release_mutex(); #else - // If no encryption is used, just read out the data and write it directly to the output buffer - status = nvm3_readPartialData(nvm3_defaultHandle, nvm3_object_id, p_data, its_file_offset + data_offset, *p_data_length); + // If no encryption is used, just read out the data and write it directly to + // the output buffer + status = nvm3_readPartialData(nvm3_defaultHandle, nvm3_object_id, p_data, + its_file_offset + data_offset, *p_data_length); if (status != ECODE_NVM3_OK) { ret = PSA_ERROR_STORAGE_FAILURE; @@ -1223,7 +1211,7 @@ psa_status_t psa_its_get(psa_storage_uid_t uid, ret = PSA_SUCCESS; } - exit: +exit: sli_its_release_mutex(); #endif @@ -1234,27 +1222,30 @@ psa_status_t psa_its_get(psa_storage_uid_t uid, * \brief Retrieve the metadata about the provided uid * * \param[in] uid The uid value - * \param[out] p_info A pointer to the `psa_storage_info_t` struct that will be populated with the metadata + * \param[out] p_info A pointer to the `psa_storage_info_t` struct that + * will be populated with the metadata * * \return A status indicating the success/failure of the operation * - * \retval PSA_SUCCESS The operation completed successfully - * \retval PSA_ERROR_DOES_NOT_EXIST The operation failed because the provided uid value was not found in the storage - * \retval PSA_ERROR_STORAGE_FAILURE The operation failed because the physical storage has failed (Fatal error) - * \retval PSA_ERROR_INVALID_ARGUMENT The operation failed because one of the provided pointers(`p_info`) - * is invalid, for example is `NULL` or references memory the caller cannot access - * \retval PSA_ERROR_INVALID_SIGANTURE The operation failed because authentication of the stored metadata failed. + * \retval PSA_SUCCESS The operation completed + * successfully \retval PSA_ERROR_DOES_NOT_EXIST The operation failed + * because the provided uid value was not found in the storage \retval + * PSA_ERROR_STORAGE_FAILURE The operation failed because the physical + * storage has failed (Fatal error) \retval PSA_ERROR_INVALID_ARGUMENT The + * operation failed because one of the provided pointers(`p_info`) is invalid, + * for example is `NULL` or references memory the caller cannot access \retval + * PSA_ERROR_INVALID_SIGANTURE The operation failed because authentication of + * the stored metadata failed. */ psa_status_t psa_its_get_info(psa_storage_uid_t uid, - struct psa_storage_info_t *p_info) -{ + struct psa_storage_info_t *p_info) { psa_status_t psa_status = PSA_ERROR_CORRUPTION_DETECTED; if (p_info == NULL) { return PSA_ERROR_INVALID_ARGUMENT; } Ecode_t status; - sli_its_file_meta_v2_t its_file_meta = { 0 }; + sli_its_file_meta_v2_t its_file_meta = {0}; size_t its_file_size = 0; size_t its_file_offset = 0; @@ -1265,20 +1256,21 @@ psa_status_t psa_its_get_info(psa_storage_uid_t uid, goto exit; } - status = get_file_metadata(nvm3_object_id, &its_file_meta, &its_file_offset, &its_file_size); + status = get_file_metadata(nvm3_object_id, &its_file_meta, &its_file_offset, + &its_file_size); if (status == SLI_PSA_ITS_ECODE_NO_VALID_HEADER) { psa_status = PSA_ERROR_DOES_NOT_EXIST; goto exit; } - if (status != ECODE_NVM3_OK - && status != SLI_PSA_ITS_ECODE_NEEDS_UPGRADE) { + if (status != ECODE_NVM3_OK && status != SLI_PSA_ITS_ECODE_NEEDS_UPGRADE) { psa_status = PSA_ERROR_STORAGE_FAILURE; goto exit; } #if defined(SLI_PSA_ITS_ENCRYPTED) - // Authenticate the ITS file (both metadata and ciphertext) before returning the metadata. - // Note that this can potentially induce a significant performance hit. + // Authenticate the ITS file (both metadata and ciphertext) before returning + // the metadata. Note that this can potentially induce a significant + // performance hit. psa_storage_uid_t authenticated_uid; psa_status = authenticate_its_file(nvm3_object_id, &authenticated_uid); if (psa_status != PSA_SUCCESS) { @@ -1300,7 +1292,7 @@ psa_status_t psa_its_get_info(psa_storage_uid_t uid, // Remove IV and MAC size from file size p_info->size = its_file_size - SLI_ITS_ENCRYPTED_BLOB_SIZE_OVERHEAD; #endif - exit: +exit: sli_its_release_mutex(); return psa_status; } @@ -1312,16 +1304,18 @@ psa_status_t psa_its_get_info(psa_storage_uid_t uid, * * \return A status indicating the success/failure of the operation * - * \retval PSA_SUCCESS The operation completed successfully - * \retval PSA_ERROR_DOES_NOT_EXIST The operation failed because the provided key value was not found in the storage - * \retval PSA_ERROR_NOT_PERMITTED The operation failed because the provided key value was created with PSA_STORAGE_FLAG_WRITE_ONCE - * \retval PSA_ERROR_STORAGE_FAILURE The operation failed because the physical storage has failed (Fatal error) + * \retval PSA_SUCCESS The operation completed + * successfully \retval PSA_ERROR_DOES_NOT_EXIST The operation failed + * because the provided key value was not found in the storage \retval + * PSA_ERROR_NOT_PERMITTED The operation failed because the provided key + * value was created with PSA_STORAGE_FLAG_WRITE_ONCE \retval + * PSA_ERROR_STORAGE_FAILURE The operation failed because the physical + * storage has failed (Fatal error) */ -psa_status_t psa_its_remove(psa_storage_uid_t uid) -{ +psa_status_t psa_its_remove(psa_storage_uid_t uid) { psa_status_t psa_status = PSA_ERROR_CORRUPTION_DETECTED; Ecode_t status; - sli_its_file_meta_v2_t its_file_meta = { 0 }; + sli_its_file_meta_v2_t its_file_meta = {0}; size_t its_file_size = 0; size_t its_file_offset = 0; @@ -1332,13 +1326,13 @@ psa_status_t psa_its_remove(psa_storage_uid_t uid) goto exit; } - status = get_file_metadata(nvm3_object_id, &its_file_meta, &its_file_offset, &its_file_size); + status = get_file_metadata(nvm3_object_id, &its_file_meta, &its_file_offset, + &its_file_size); if (status == SLI_PSA_ITS_ECODE_NO_VALID_HEADER) { psa_status = PSA_ERROR_DOES_NOT_EXIST; goto exit; } - if (status != ECODE_NVM3_OK - && status != SLI_PSA_ITS_ECODE_NEEDS_UPGRADE) { + if (status != ECODE_NVM3_OK && status != SLI_PSA_ITS_ECODE_NEEDS_UPGRADE) { psa_status = PSA_ERROR_STORAGE_FAILURE; goto exit; } @@ -1347,13 +1341,14 @@ psa_status_t psa_its_remove(psa_storage_uid_t uid) #if defined(TFM_CONFIG_SL_SECURE_LIBRARY) || its_file_meta.flags == PSA_STORAGE_FLAG_WRITE_ONCE_SECURE_ACCESSIBLE #endif - ) { + ) { psa_status = PSA_ERROR_NOT_PERMITTED; goto exit; } #if defined(SLI_PSA_ITS_ENCRYPTED) - // If the UID already exists, authenticate the existing value and make sure the stored UID is the same. + // If the UID already exists, authenticate the existing value and make sure + // the stored UID is the same. psa_storage_uid_t authenticated_uid; psa_status = authenticate_its_file(nvm3_object_id, &authenticated_uid); if (psa_status != PSA_SUCCESS) { @@ -1381,22 +1376,22 @@ psa_status_t psa_its_remove(psa_storage_uid_t uid) psa_status = PSA_ERROR_STORAGE_FAILURE; } - exit: +exit: sli_its_release_mutex(); return psa_status; } // ------------------------------------- // Silicon Labs extensions -static psa_storage_uid_t psa_its_identifier_of_slot(mbedtls_svc_key_id_t key) -{ +static psa_storage_uid_t psa_its_identifier_of_slot(mbedtls_svc_key_id_t key) { #if defined(MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER) // Encode the owner in the upper 32 bits. This means that if // owner values are nonzero (as they are on a PSA platform), // no key file will ever have a value less than 0x100000000, so // the whole range 0..0xffffffff is available for non-key files. uint32_t unsigned_owner_id = MBEDTLS_SVC_KEY_ID_GET_OWNER_ID(key); - return ((uint64_t)unsigned_owner_id << 32) | MBEDTLS_SVC_KEY_ID_GET_KEY_ID(key); + return ((uint64_t)unsigned_owner_id << 32) | + MBEDTLS_SVC_KEY_ID_GET_KEY_ID(key); #else // Use the key id directly as a file name. // psa_is_key_id_valid() in psa_crypto_slot_management.c @@ -1407,8 +1402,7 @@ static psa_storage_uid_t psa_its_identifier_of_slot(mbedtls_svc_key_id_t key) } psa_status_t sli_psa_its_change_key_id(mbedtls_svc_key_id_t old_id, - mbedtls_svc_key_id_t new_id) -{ + mbedtls_svc_key_id_t new_id) { psa_storage_uid_t old_uid = psa_its_identifier_of_slot(old_id); psa_storage_uid_t new_uid = psa_its_identifier_of_slot(new_id); Ecode_t status; @@ -1416,7 +1410,7 @@ psa_status_t sli_psa_its_change_key_id(mbedtls_svc_key_id_t old_id, size_t its_file_size = 0; psa_status_t psa_status = PSA_ERROR_CORRUPTION_DETECTED; int8_t *its_file_buffer = NULL; - sli_its_file_meta_v2_t* metadata = NULL; + sli_its_file_meta_v2_t *metadata = NULL; #if defined(SLI_PSA_ITS_ENCRYPTED) sli_its_encrypted_blob_t *blob = NULL; @@ -1435,9 +1429,7 @@ psa_status_t sli_psa_its_change_key_id(mbedtls_svc_key_id_t old_id, } // Get total length to allocate - status = nvm3_getObjectInfo(nvm3_defaultHandle, - nvm3_object_id, - &obj_type, + status = nvm3_getObjectInfo(nvm3_defaultHandle, nvm3_object_id, &obj_type, &its_file_size); if (status != ECODE_NVM3_OK) { psa_status = PSA_ERROR_STORAGE_FAILURE; @@ -1450,12 +1442,10 @@ psa_status_t sli_psa_its_change_key_id(mbedtls_svc_key_id_t old_id, psa_status = PSA_ERROR_INSUFFICIENT_MEMORY; goto exit; } - metadata = (sli_its_file_meta_v2_t*) its_file_buffer; + metadata = (sli_its_file_meta_v2_t *)its_file_buffer; // Read contents of pre-existing key into the temporary buffer - status = nvm3_readData(nvm3_defaultHandle, - nvm3_object_id, - its_file_buffer, + status = nvm3_readData(nvm3_defaultHandle, nvm3_object_id, its_file_buffer, its_file_size); if (status != ECODE_NVM3_OK) { psa_status = PSA_ERROR_STORAGE_FAILURE; @@ -1464,20 +1454,22 @@ psa_status_t sli_psa_its_change_key_id(mbedtls_svc_key_id_t old_id, #if defined(SLI_PSA_ITS_ENCRYPTED) // Decrypt and authenticate blob - blob = (sli_its_encrypted_blob_t*)(its_file_buffer + sizeof(sli_its_file_meta_v2_t)); - decrypt_status = decrypt_its_file(metadata, - blob, - its_file_size - sizeof(sli_its_file_meta_v2_t), - blob->data, - its_file_size - sizeof(sli_its_file_meta_v2_t) - SLI_ITS_ENCRYPTED_BLOB_SIZE_OVERHEAD, - &plaintext_length); + blob = (sli_its_encrypted_blob_t *)(its_file_buffer + + sizeof(sli_its_file_meta_v2_t)); + decrypt_status = decrypt_its_file( + metadata, blob, its_file_size - sizeof(sli_its_file_meta_v2_t), + blob->data, + its_file_size - sizeof(sli_its_file_meta_v2_t) - + SLI_ITS_ENCRYPTED_BLOB_SIZE_OVERHEAD, + &plaintext_length); if (decrypt_status != PSA_SUCCESS) { psa_status = decrypt_status; goto exit; } - if (plaintext_length != (its_file_size - sizeof(sli_its_file_meta_v2_t) - SLI_ITS_ENCRYPTED_BLOB_SIZE_OVERHEAD)) { + if (plaintext_length != (its_file_size - sizeof(sli_its_file_meta_v2_t) - + SLI_ITS_ENCRYPTED_BLOB_SIZE_OVERHEAD)) { psa_status = PSA_ERROR_INVALID_SIGNATURE; goto exit; } @@ -1487,7 +1479,8 @@ psa_status_t sli_psa_its_change_key_id(mbedtls_svc_key_id_t old_id, #if defined(SLI_PSA_ITS_SUPPORT_V1_FORMAT) if (metadata->magic == SLI_PSA_ITS_META_MAGIC_V1) { // Recast as v1 metadata - sl_its_file_meta_v1_t* metadata_v1 = (sl_its_file_meta_v1_t*) its_file_buffer; + sl_its_file_meta_v1_t *metadata_v1 = + (sl_its_file_meta_v1_t *)its_file_buffer; if (metadata_v1->uid != old_uid) { psa_status = PSA_ERROR_CORRUPTION_DETECTED; goto exit; @@ -1495,7 +1488,7 @@ psa_status_t sli_psa_its_change_key_id(mbedtls_svc_key_id_t old_id, metadata_v1->uid = new_uid; } else #endif - if (metadata->magic == SLI_PSA_ITS_META_MAGIC_V2) { + if (metadata->magic == SLI_PSA_ITS_META_MAGIC_V2) { if (metadata->uid != old_uid) { psa_status = PSA_ERROR_CORRUPTION_DETECTED; goto exit; @@ -1508,12 +1501,9 @@ psa_status_t sli_psa_its_change_key_id(mbedtls_svc_key_id_t old_id, #if defined(SLI_PSA_ITS_ENCRYPTED) // Encrypt and authenticate the modified data data - encrypt_status = encrypt_its_file(metadata, - blob->data, - plaintext_length, - blob, - its_file_size - sizeof(sli_its_file_meta_v2_t), - &blob_length); + encrypt_status = encrypt_its_file( + metadata, blob->data, plaintext_length, blob, + its_file_size - sizeof(sli_its_file_meta_v2_t), &blob_length); if (encrypt_status != PSA_SUCCESS) { psa_status = encrypt_status; @@ -1527,9 +1517,7 @@ psa_status_t sli_psa_its_change_key_id(mbedtls_svc_key_id_t old_id, #endif // Overwrite the NVM3 token with the changed buffer - status = nvm3_writeData(nvm3_defaultHandle, - nvm3_object_id, - its_file_buffer, + status = nvm3_writeData(nvm3_defaultHandle, nvm3_object_id, its_file_buffer, its_file_size); if (status == ECODE_NVM3_OK) { // Update last lookup and report success @@ -1543,7 +1531,7 @@ psa_status_t sli_psa_its_change_key_id(mbedtls_svc_key_id_t old_id, psa_status = PSA_ERROR_STORAGE_FAILURE; } - exit: +exit: if (its_file_buffer != NULL) { // Clear and free key buffer before return. memset(its_file_buffer, 0, its_file_size); @@ -1556,38 +1544,39 @@ psa_status_t sli_psa_its_change_key_id(mbedtls_svc_key_id_t old_id, /** * \brief Check if the ITS encryption is enabled */ -psa_status_t sli_psa_its_encrypted(void) -{ - #if defined(SLI_PSA_ITS_ENCRYPTED) +psa_status_t sli_psa_its_encrypted(void) { +#if defined(SLI_PSA_ITS_ENCRYPTED) return PSA_SUCCESS; - #else +#else return PSA_ERROR_NOT_SUPPORTED; - #endif +#endif } #if defined(SLI_PSA_ITS_ENCRYPTED) && !defined(SEMAILBOX_PRESENT) /** - * \brief Set the root key to be used when deriving session keys for ITS encryption. + * \brief Set the root key to be used when deriving session keys for ITS + * encryption. * * \param[in] root_key Buffer containing the root key. - * \param[in] root_key_size Size of the root key in bytes. Must be 32 (256 bits). + * \param[in] root_key_size Size of the root key in bytes. Must be 32 (256 + * bits). * * \return A status indicating the success/failure of the operation * * \retval PSA_SUCCESS The key was successfully set. - * \retval PSA_ERROR_INVALID_ARGUMENT The root key was NULL or had an invalid size. - * \retval PSA_ERROR_ALREADY_EXISTS The root key has already been initialized. + * \retval PSA_ERROR_INVALID_ARGUMENT The root key was NULL or had an + * invalid size. \retval PSA_ERROR_ALREADY_EXISTS The root key has + * already been initialized. */ -psa_status_t sli_psa_its_set_root_key(uint8_t *root_key, size_t root_key_size) -{ +psa_status_t sli_psa_its_set_root_key(uint8_t *root_key, size_t root_key_size) { // Check that arguments are valid if (root_key == NULL || root_key_size != sizeof(g_root_key.data)) { return PSA_ERROR_INVALID_ARGUMENT; } // Check that the root key has not already been set - // (This is possibly too restrictive. For TrustZone usage this can be enforced by - // not exposing the function to NS instead.) + // (This is possibly too restrictive. For TrustZone usage this can be enforced + // by not exposing the function to NS instead.) if (g_root_key.initialized) { return PSA_ERROR_ALREADY_EXISTS; } @@ -1604,12 +1593,12 @@ psa_status_t sli_psa_its_set_root_key(uint8_t *root_key, size_t root_key_size) // ------------------------------------- // Defines -#define SLI_PSA_ITS_V3_DRIVER (0x3A) -#define SLI_PSA_ITS_V2_DRIVER (0x74) -#define SLI_PSA_ITS_NOT_CHECKED (0xE8) -#define SLI_PSA_ITS_V2_DRIVER_FLAG_NVM3_ID (SLI_PSA_ITS_NVM3_RANGE_START - 1) -#define SLI_PSA_ITS_NVM3_INVALID_KEY (0) -#define SLI_PSA_ITS_NVM3_UNKNOWN_KEY (1) +#define SLI_PSA_ITS_V3_DRIVER (0x3A) +#define SLI_PSA_ITS_V2_DRIVER (0x74) +#define SLI_PSA_ITS_NOT_CHECKED (0xE8) +#define SLI_PSA_ITS_V2_DRIVER_FLAG_NVM3_ID (SLI_PSA_ITS_NVM3_RANGE_START - 1) +#define SLI_PSA_ITS_NVM3_INVALID_KEY (0) +#define SLI_PSA_ITS_NVM3_UNKNOWN_KEY (1) #if SL_PSA_ITS_MAX_FILES > SLI_PSA_ITS_NVM3_RANGE_SIZE #error "Trying to store more ITS files then our NVM3 range allows for" @@ -1619,23 +1608,24 @@ psa_status_t sli_psa_its_set_root_key(uint8_t *root_key, size_t root_key_size) // Internal error codes local to this compile unit #define SLI_PSA_ITS_ECODE_NO_VALID_HEADER (ECODE_EMDRV_NVM3_BASE - 1) -#define SLI_PSA_ITS_ECODE_NEEDS_UPGRADE (ECODE_EMDRV_NVM3_BASE - 2) +#define SLI_PSA_ITS_ECODE_NEEDS_UPGRADE (ECODE_EMDRV_NVM3_BASE - 2) // ------------------------------------- // Local global static variables SLI_STATIC bool nvm3_uid_set_cache_initialized = false; -SLI_STATIC uint32_t nvm3_uid_set_cache[(SL_PSA_ITS_MAX_FILES + 31) / 32] = { 0 }; -SLI_STATIC uint32_t nvm3_uid_tomb_cache[(SL_PSA_ITS_MAX_FILES + 31) / 32] = { 0 }; +SLI_STATIC uint32_t nvm3_uid_set_cache[(SL_PSA_ITS_MAX_FILES + 31) / 32] = {0}; +SLI_STATIC uint32_t nvm3_uid_tomb_cache[(SL_PSA_ITS_MAX_FILES + 31) / 32] = {0}; #if SL_PSA_ITS_SUPPORT_V2_DRIVER SLI_STATIC uint32_t its_driver_version = SLI_PSA_ITS_NOT_CHECKED; #endif // SL_PSA_ITS_SUPPORT_V2_DRIVER #if defined(SLI_PSA_ITS_ENCRYPTED) // The root key is an AES-256 key, and is therefore 32 bytes. -#define ROOT_KEY_SIZE (32) -// The session key is derived from CMAC, which means it is equal to the AES block size, i.e. 16 bytes -#define SESSION_KEY_SIZE (16) +#define ROOT_KEY_SIZE (32) +// The session key is derived from CMAC, which means it is equal to the AES +// block size, i.e. 16 bytes +#define SESSION_KEY_SIZE (16) #if !defined(SEMAILBOX_PRESENT) typedef struct { @@ -1644,8 +1634,8 @@ typedef struct { } root_key_t; static root_key_t g_root_key = { - .initialized = false, - .data = { 0 }, + .initialized = false, + .data = {0}, }; #endif // !defined(SEMAILBOX_PRESENT) @@ -1656,9 +1646,9 @@ typedef struct { } session_key_t; static session_key_t g_cached_session_key = { - .active = false, - .uid = 0, - .data = { 0 }, + .active = false, + .uid = 0, + .data = {0}, }; #endif // defined(SLI_PSA_ITS_ENCRYPTED) @@ -1676,12 +1666,10 @@ typedef struct { // ------------------------------------- // Local function prototypes -static psa_status_t find_nvm3_id(psa_storage_uid_t uid, - bool find_empty_slot, - sli_its_file_meta_v2_t* its_file_meta, - size_t* its_file_offset, - size_t* its_file_size, - nvm3_ObjectKey_t * output_nvm3_id); +static psa_status_t find_nvm3_id(psa_storage_uid_t uid, bool find_empty_slot, + sli_its_file_meta_v2_t *its_file_meta, + size_t *its_file_offset, size_t *its_file_size, + nvm3_ObjectKey_t *output_nvm3_id); static nvm3_ObjectKey_t derive_nvm3_id(psa_storage_uid_t uid); #if defined(TFM_CONFIG_SL_SECURE_LIBRARY) @@ -1689,15 +1677,13 @@ static inline bool object_lives_in_s(const void *object, size_t object_size); #endif #if defined(SLI_PSA_ITS_ENCRYPTED) -static psa_status_t derive_session_key(uint8_t *iv, - size_t iv_size, +static psa_status_t derive_session_key(uint8_t *iv, size_t iv_size, uint8_t *session_key, size_t session_key_size); static psa_status_t sli_decrypt_its_file(sli_its_file_meta_v2_t *metadata, sli_its_encrypted_blob_t *blob, - size_t blob_size, - uint8_t *plaintext, + size_t blob_size, uint8_t *plaintext, size_t plaintext_size, size_t *plaintext_length); @@ -1707,15 +1693,14 @@ static psa_status_t authenticate_its_file(nvm3_ObjectKey_t nvm3_object_id, #if SL_PSA_ITS_SUPPORT_V2_DRIVER static psa_status_t psa_its_get_legacy(nvm3_ObjectKey_t nvm3_object_id, - sli_its_file_meta_v2_t* its_file_meta, + sli_its_file_meta_v2_t *its_file_meta, size_t its_file_size, size_t its_file_offset, void *p_data); static psa_status_t detect_legacy_versions(); static psa_status_t upgrade_all_keys(); -#if defined (SLI_PSA_ITS_SUPPORT_V1_FORMAT_INTERNAL) -psa_status_t psa_its_set_v1(psa_storage_uid_t uid, - uint32_t data_length, +#if defined(SLI_PSA_ITS_SUPPORT_V1_FORMAT_INTERNAL) +psa_status_t psa_its_set_v1(psa_storage_uid_t uid, uint32_t data_length, const void *p_data, psa_storage_create_flags_t create_flags); #endif // SLI_PSA_ITS_SUPPORT_V1_FORMAT_INTERNAL @@ -1723,46 +1708,41 @@ psa_status_t psa_its_set_v1(psa_storage_uid_t uid, // ------------------------------------- // Local function definitions -static inline uint32_t get_index(nvm3_ObjectKey_t key) -{ +static inline uint32_t get_index(nvm3_ObjectKey_t key) { return (key - (SLI_PSA_ITS_NVM3_RANGE_START)) / 32; } -static inline uint32_t get_offset(nvm3_ObjectKey_t key) -{ +static inline uint32_t get_offset(nvm3_ObjectKey_t key) { return (key - (SLI_PSA_ITS_NVM3_RANGE_START)) % 32; } -static inline void set_cache(nvm3_ObjectKey_t key) -{ +static inline void set_cache(nvm3_ObjectKey_t key) { nvm3_uid_set_cache[get_index(key)] |= (1 << get_offset(key)); nvm3_uid_tomb_cache[get_index(key)] &= ~(1 << get_offset(key)); } -static inline void set_tomb(nvm3_ObjectKey_t key) -{ +static inline void set_tomb(nvm3_ObjectKey_t key) { nvm3_uid_tomb_cache[get_index(key)] |= (1 << get_offset(key)); uint32_t cache_not_empty = 0; - for ( size_t i = 0; i < (((SL_PSA_ITS_MAX_FILES) +31) / 32); i++ ) { + for (size_t i = 0; i < (((SL_PSA_ITS_MAX_FILES) + 31) / 32); i++) { cache_not_empty += nvm3_uid_set_cache[i]; } if (cache_not_empty == 0) { - for ( size_t i = 0; i < (((SL_PSA_ITS_MAX_FILES) +31) / 32); i++ ) { + for (size_t i = 0; i < (((SL_PSA_ITS_MAX_FILES) + 31) / 32); i++) { nvm3_uid_tomb_cache[i] = 0; } } } #if SL_PSA_ITS_SUPPORT_V2_DRIVER -static inline psa_status_t write_driver_v3() -{ +static inline psa_status_t write_driver_v3() { uint8_t driver_verison = SLI_PSA_ITS_V3_DRIVER; Ecode_t status; - status = nvm3_writeData(nvm3_defaultHandle, - SLI_PSA_ITS_V2_DRIVER_FLAG_NVM3_ID, - &driver_verison, sizeof(uint8_t)); - if ( status != ECODE_NVM3_OK ) { + status = + nvm3_writeData(nvm3_defaultHandle, SLI_PSA_ITS_V2_DRIVER_FLAG_NVM3_ID, + &driver_verison, sizeof(uint8_t)); + if (status != ECODE_NVM3_OK) { return PSA_ERROR_STORAGE_FAILURE; } return PSA_SUCCESS; @@ -1772,8 +1752,7 @@ static inline psa_status_t write_driver_v3() #if defined(TFM_CONFIG_SL_SECURE_LIBRARY) // If an object of given size is fully encapsulated in a region of // secure domain the function returns true. -static inline bool object_lives_in_s(const void *object, size_t object_size) -{ +static inline bool object_lives_in_s(const void *object, size_t object_size) { cmse_address_info_t cmse_flags; for (size_t i = 0u; i < object_size; i++) { @@ -1787,36 +1766,31 @@ static inline bool object_lives_in_s(const void *object, size_t object_size) } #endif -static inline void clear_cache(nvm3_ObjectKey_t key) -{ +static inline void clear_cache(nvm3_ObjectKey_t key) { nvm3_uid_set_cache[get_index(key)] ^= (1 << get_offset(key)); } -static inline bool lookup_cache(nvm3_ObjectKey_t key) -{ +static inline bool lookup_cache(nvm3_ObjectKey_t key) { return (bool)((nvm3_uid_set_cache[get_index(key)] >> get_offset(key)) & 0x1); } -static inline bool lookup_tomb(nvm3_ObjectKey_t key) -{ +static inline bool lookup_tomb(nvm3_ObjectKey_t key) { return (bool)((nvm3_uid_tomb_cache[get_index(key)] >> get_offset(key)) & 0x1); } -static inline nvm3_ObjectKey_t increment_obj_id(nvm3_ObjectKey_t id) -{ - return SLI_PSA_ITS_NVM3_RANGE_START + ((id - SLI_PSA_ITS_NVM3_RANGE_START + 1) - % SL_PSA_ITS_MAX_FILES); +static inline nvm3_ObjectKey_t increment_obj_id(nvm3_ObjectKey_t id) { + return SLI_PSA_ITS_NVM3_RANGE_START + + ((id - SLI_PSA_ITS_NVM3_RANGE_START + 1) % SL_PSA_ITS_MAX_FILES); } -static inline nvm3_ObjectKey_t prng(psa_storage_uid_t uid) -{ -// Squash uid down to a 32 bit word +static inline nvm3_ObjectKey_t prng(psa_storage_uid_t uid) { + // Squash uid down to a 32 bit word nvm3_ObjectKey_t uid_32 = uid & 0xFFFFFFFF; nvm3_ObjectKey_t xored_32 = (uid >> 32) ^ uid_32; nvm3_ObjectKey_t temp; -// Accumulate all "entropy" towards the LSB, since that is where we need it - for ( size_t i = 1; i < 4; i++ ) { + // Accumulate all "entropy" towards the LSB, since that is where we need it + for (size_t i = 1; i < 4; i++) { temp = xored_32 ^ (xored_32 >> (8 * i)); - if ((temp & 0x3) != 0 ) { + if ((temp & 0x3) != 0) { temp = temp << 2; } uid_32 = (uid_32 + temp); @@ -1824,39 +1798,38 @@ static inline nvm3_ObjectKey_t prng(psa_storage_uid_t uid) return uid_32; } -static inline nvm3_ObjectKey_t derive_nvm3_id(psa_storage_uid_t uid) -{ +static inline nvm3_ObjectKey_t derive_nvm3_id(psa_storage_uid_t uid) { return SLI_PSA_ITS_NVM3_RANGE_START + (prng(uid) % (SL_PSA_ITS_MAX_FILES)); } -static void init_cache(void) -{ +static void init_cache(void) { size_t num_keys_referenced_by_nvm3; - nvm3_ObjectKey_t keys_referenced_by_nvm3[SLI_PSA_ITS_CACHE_INIT_CHUNK_SIZE] = { 0 }; + nvm3_ObjectKey_t keys_referenced_by_nvm3[SLI_PSA_ITS_CACHE_INIT_CHUNK_SIZE] = + {0}; size_t num_del_keys_from_nvm3; - nvm3_ObjectKey_t deleted_keys_from_nvm3[SLI_PSA_ITS_CACHE_INIT_CHUNK_SIZE] = { 0 }; + nvm3_ObjectKey_t deleted_keys_from_nvm3[SLI_PSA_ITS_CACHE_INIT_CHUNK_SIZE] = { + 0}; for (nvm3_ObjectKey_t range_start = SLI_PSA_ITS_NVM3_RANGE_START; range_start < SLI_PSA_ITS_NVM3_RANGE_END; range_start += SLI_PSA_ITS_CACHE_INIT_CHUNK_SIZE) { - nvm3_ObjectKey_t range_end = range_start + SLI_PSA_ITS_CACHE_INIT_CHUNK_SIZE; + nvm3_ObjectKey_t range_end = + range_start + SLI_PSA_ITS_CACHE_INIT_CHUNK_SIZE; if (range_end > SLI_PSA_ITS_NVM3_RANGE_END) { range_end = SLI_PSA_ITS_NVM3_RANGE_END; } - num_keys_referenced_by_nvm3 = nvm3_enumObjects(nvm3_defaultHandle, - keys_referenced_by_nvm3, - sizeof(keys_referenced_by_nvm3) / sizeof(nvm3_ObjectKey_t), - range_start, - range_end - 1); + num_keys_referenced_by_nvm3 = nvm3_enumObjects( + nvm3_defaultHandle, keys_referenced_by_nvm3, + sizeof(keys_referenced_by_nvm3) / sizeof(nvm3_ObjectKey_t), range_start, + range_end - 1); for (size_t i = 0; i < num_keys_referenced_by_nvm3; i++) { set_cache(keys_referenced_by_nvm3[i]); } - num_del_keys_from_nvm3 = nvm3_enumDeletedObjects(nvm3_defaultHandle, - deleted_keys_from_nvm3, - sizeof(deleted_keys_from_nvm3) / sizeof(nvm3_ObjectKey_t), - range_start, - range_end - 1); + num_del_keys_from_nvm3 = nvm3_enumDeletedObjects( + nvm3_defaultHandle, deleted_keys_from_nvm3, + sizeof(deleted_keys_from_nvm3) / sizeof(nvm3_ObjectKey_t), range_start, + range_end - 1); for (size_t i = 0; i < num_del_keys_from_nvm3; i++) { set_tomb(deleted_keys_from_nvm3[i]); } @@ -1866,10 +1839,9 @@ static void init_cache(void) // Read the file metadata for a specific NVM3 ID static Ecode_t get_file_metadata(nvm3_ObjectKey_t key, - sli_its_file_meta_v2_t* metadata, - size_t* its_file_offset, - size_t* its_file_size) -{ + sli_its_file_meta_v2_t *metadata, + size_t *its_file_offset, + size_t *its_file_size) { // Initialize output variables to safe default if (its_file_offset != NULL) { *its_file_offset = 0; @@ -1878,23 +1850,17 @@ static Ecode_t get_file_metadata(nvm3_ObjectKey_t key, *its_file_size = 0; } - Ecode_t status = nvm3_readPartialData(nvm3_defaultHandle, - key, - metadata, - 0, + Ecode_t status = nvm3_readPartialData(nvm3_defaultHandle, key, metadata, 0, sizeof(sli_its_file_meta_v2_t)); if (status != ECODE_NVM3_OK) { return status; } -#if defined (SLI_PSA_ITS_SUPPORT_V1_FORMAT_INTERNAL) +#if defined(SLI_PSA_ITS_SUPPORT_V1_FORMAT_INTERNAL) // Re-read in v1 header format and translate to the latest structure version if (metadata->magic == SLI_PSA_ITS_META_MAGIC_V1) { - sl_its_file_meta_v1_t key_meta_v1 = { 0 }; - status = nvm3_readPartialData(nvm3_defaultHandle, - key, - &key_meta_v1, - 0, + sl_its_file_meta_v1_t key_meta_v1 = {0}; + status = nvm3_readPartialData(nvm3_defaultHandle, key, &key_meta_v1, 0, sizeof(sl_its_file_meta_v1_t)); if (status != ECODE_NVM3_OK) { @@ -1926,10 +1892,8 @@ static Ecode_t get_file_metadata(nvm3_ObjectKey_t key, if (its_file_offset != NULL && its_file_size != NULL) { // Calculate the ITS file size if requested uint32_t obj_type; - Ecode_t info_status = nvm3_getObjectInfo(nvm3_defaultHandle, - key, - &obj_type, - its_file_size); + Ecode_t info_status = + nvm3_getObjectInfo(nvm3_defaultHandle, key, &obj_type, its_file_size); if (info_status != ECODE_NVM3_OK) { return info_status; } @@ -1942,11 +1906,9 @@ static Ecode_t get_file_metadata(nvm3_ObjectKey_t key, #if SL_PSA_ITS_SUPPORT_V2_DRIVER static psa_status_t psa_its_get_legacy(nvm3_ObjectKey_t nvm3_object_id, - sli_its_file_meta_v2_t* its_file_meta, + sli_its_file_meta_v2_t *its_file_meta, size_t its_file_size, - size_t its_file_offset, - void *p_data) -{ + size_t its_file_offset, void *p_data) { Ecode_t status; if (its_file_size == 0) { if (its_file_meta != NULL) { @@ -1960,35 +1922,30 @@ static psa_status_t psa_its_get_legacy(nvm3_ObjectKey_t nvm3_object_id, size_t plaintext_length; // its_file_size includes size of sli_its_encrypted_blob_t struct - blob = (sli_its_encrypted_blob_t*)mbedtls_calloc(1, its_file_size); + blob = (sli_its_encrypted_blob_t *)mbedtls_calloc(1, its_file_size); if (blob == NULL) { return PSA_ERROR_INSUFFICIENT_MEMORY; } memset(blob, 0, its_file_size); - status = nvm3_readPartialData(nvm3_defaultHandle, - nvm3_object_id, - blob, - its_file_offset, - its_file_size); + status = nvm3_readPartialData(nvm3_defaultHandle, nvm3_object_id, blob, + its_file_offset, its_file_size); if (status != ECODE_NVM3_OK) { psa_status = PSA_ERROR_STORAGE_FAILURE; goto cleanup; } // Decrypt and authenticate blob - psa_status = sli_decrypt_its_file(its_file_meta, - blob, - its_file_size, - blob->data, - its_file_size - SLI_ITS_ENCRYPTED_BLOB_SIZE_OVERHEAD, - &plaintext_length); + psa_status = sli_decrypt_its_file( + its_file_meta, blob, its_file_size, blob->data, + its_file_size - SLI_ITS_ENCRYPTED_BLOB_SIZE_OVERHEAD, &plaintext_length); if (psa_status != PSA_SUCCESS) { goto cleanup; } - if (plaintext_length != (its_file_size - SLI_ITS_ENCRYPTED_BLOB_SIZE_OVERHEAD)) { + if (plaintext_length != + (its_file_size - SLI_ITS_ENCRYPTED_BLOB_SIZE_OVERHEAD)) { psa_status = PSA_ERROR_INVALID_SIGNATURE; goto cleanup; } @@ -1998,14 +1955,15 @@ static psa_status_t psa_its_get_legacy(nvm3_ObjectKey_t nvm3_object_id, } psa_status = PSA_SUCCESS; - cleanup: +cleanup: if (blob != NULL) { memset(blob, 0, its_file_size); mbedtls_free(blob); } return psa_status; #else - // If no encryption is used, just read out the data and write it directly to the output buffer + // If no encryption is used, just read out the data and write it directly to + // the output buffer status = nvm3_readPartialData(nvm3_defaultHandle, nvm3_object_id, p_data, its_file_offset, its_file_size); @@ -2017,10 +1975,10 @@ static psa_status_t psa_its_get_legacy(nvm3_ObjectKey_t nvm3_object_id, #endif } -// Function sets detect the presence of v1 and v2 its driver. If there is something -// stored in v1/v2 driver range, it sets its_driver_version to SLI_PSA_ITS_V2_DRIVER. -static psa_status_t detect_legacy_versions() -{ +// Function sets detect the presence of v1 and v2 its driver. If there is +// something stored in v1/v2 driver range, it sets its_driver_version to +// SLI_PSA_ITS_V2_DRIVER. +static psa_status_t detect_legacy_versions() { uint8_t driver_verison = 0; Ecode_t status; status = nvm3_readData(nvm3_defaultHandle, SLI_PSA_ITS_V2_DRIVER_FLAG_NVM3_ID, @@ -2035,43 +1993,39 @@ static psa_status_t detect_legacy_versions() size_t num_keys_referenced_by_nvm3; - nvm3_ObjectKey_t keys_referenced_by_nvm3[SLI_PSA_ITS_CACHE_INIT_CHUNK_SIZE] = { - 0 - }; + nvm3_ObjectKey_t keys_referenced_by_nvm3[SLI_PSA_ITS_CACHE_INIT_CHUNK_SIZE] = + {0}; - for ( nvm3_ObjectKey_t range_start = SLI_PSA_ITS_NVM3_RANGE_START_V2_DRIVER; - range_start < SLI_PSA_ITS_NVM3_RANGE_END_V2_DRIVER; - range_start += SLI_PSA_ITS_CACHE_INIT_CHUNK_SIZE ) { + for (nvm3_ObjectKey_t range_start = SLI_PSA_ITS_NVM3_RANGE_START_V2_DRIVER; + range_start < SLI_PSA_ITS_NVM3_RANGE_END_V2_DRIVER; + range_start += SLI_PSA_ITS_CACHE_INIT_CHUNK_SIZE) { nvm3_ObjectKey_t range_end = - range_start + SLI_PSA_ITS_CACHE_INIT_CHUNK_SIZE; - if (range_end > SLI_PSA_ITS_NVM3_RANGE_END_V2_DRIVER ) { + range_start + SLI_PSA_ITS_CACHE_INIT_CHUNK_SIZE; + if (range_end > SLI_PSA_ITS_NVM3_RANGE_END_V2_DRIVER) { range_end = SLI_PSA_ITS_NVM3_RANGE_END_V2_DRIVER; } - num_keys_referenced_by_nvm3 = nvm3_enumObjects(nvm3_defaultHandle, - keys_referenced_by_nvm3, - sizeof(keys_referenced_by_nvm3) - / sizeof(nvm3_ObjectKey_t), - range_start, - range_end - 1); + num_keys_referenced_by_nvm3 = nvm3_enumObjects( + nvm3_defaultHandle, keys_referenced_by_nvm3, + sizeof(keys_referenced_by_nvm3) / sizeof(nvm3_ObjectKey_t), range_start, + range_end - 1); if (num_keys_referenced_by_nvm3 > 0) { - sli_its_file_meta_v2_t its_file_meta = { 0 }; + sli_its_file_meta_v2_t its_file_meta = {0}; size_t its_file_size = 0; size_t its_file_offset = 0; - status = get_file_metadata(keys_referenced_by_nvm3[0], - &its_file_meta, &its_file_offset, - &its_file_size); + status = get_file_metadata(keys_referenced_by_nvm3[0], &its_file_meta, + &its_file_offset, &its_file_size); if (status == SLI_PSA_ITS_ECODE_NO_VALID_HEADER) { return PSA_ERROR_DOES_NOT_EXIST; } - if (status != ECODE_NVM3_OK - && status != SLI_PSA_ITS_ECODE_NEEDS_UPGRADE) { + if (status != ECODE_NVM3_OK && + status != SLI_PSA_ITS_ECODE_NEEDS_UPGRADE) { return PSA_ERROR_STORAGE_FAILURE; } - if ((its_file_meta.magic == SLI_PSA_ITS_META_MAGIC_V1) - || (its_file_meta.magic == SLI_PSA_ITS_META_MAGIC_V2)) { + if ((its_file_meta.magic == SLI_PSA_ITS_META_MAGIC_V1) || + (its_file_meta.magic == SLI_PSA_ITS_META_MAGIC_V2)) { its_driver_version = SLI_PSA_ITS_V2_DRIVER; return PSA_SUCCESS; } else { @@ -2083,86 +2037,78 @@ static psa_status_t detect_legacy_versions() return PSA_SUCCESS; } -static psa_status_t upgrade_all_keys() -{ +static psa_status_t upgrade_all_keys() { size_t num_keys_referenced_by_nvm3; - nvm3_ObjectKey_t keys_referenced_by_nvm3[SLI_PSA_ITS_CACHE_INIT_CHUNK_SIZE] = { - 0 - }; + nvm3_ObjectKey_t keys_referenced_by_nvm3[SLI_PSA_ITS_CACHE_INIT_CHUNK_SIZE] = + {0}; Ecode_t status; psa_status_t psa_status = PSA_ERROR_CORRUPTION_DETECTED; - sli_its_file_meta_v2_t its_file_meta = { 0 }; + sli_its_file_meta_v2_t its_file_meta = {0}; size_t its_file_data_size; - uint8_t * its_file_buffer = NULL; + uint8_t *its_file_buffer = NULL; size_t its_file_size = 0; size_t its_file_offset; - for ( nvm3_ObjectKey_t range_start = SLI_PSA_ITS_NVM3_RANGE_START_V2_DRIVER; - range_start < SLI_PSA_ITS_NVM3_RANGE_END_V2_DRIVER; - range_start += SLI_PSA_ITS_CACHE_INIT_CHUNK_SIZE ) { + for (nvm3_ObjectKey_t range_start = SLI_PSA_ITS_NVM3_RANGE_START_V2_DRIVER; + range_start < SLI_PSA_ITS_NVM3_RANGE_END_V2_DRIVER; + range_start += SLI_PSA_ITS_CACHE_INIT_CHUNK_SIZE) { nvm3_ObjectKey_t range_end = - range_start + SLI_PSA_ITS_CACHE_INIT_CHUNK_SIZE; - if (range_end >= SLI_PSA_ITS_NVM3_RANGE_END_V2_DRIVER ) { + range_start + SLI_PSA_ITS_CACHE_INIT_CHUNK_SIZE; + if (range_end >= SLI_PSA_ITS_NVM3_RANGE_END_V2_DRIVER) { range_end = SLI_PSA_ITS_NVM3_RANGE_END_V2_DRIVER; } - num_keys_referenced_by_nvm3 = nvm3_enumObjects(nvm3_defaultHandle, - keys_referenced_by_nvm3, - sizeof(keys_referenced_by_nvm3) - / - sizeof(nvm3_ObjectKey_t), - range_start, - range_end - 1); - for ( size_t i = 0; i < num_keys_referenced_by_nvm3; i++ ) { + num_keys_referenced_by_nvm3 = nvm3_enumObjects( + nvm3_defaultHandle, keys_referenced_by_nvm3, + sizeof(keys_referenced_by_nvm3) / sizeof(nvm3_ObjectKey_t), range_start, + range_end - 1); + for (size_t i = 0; i < num_keys_referenced_by_nvm3; i++) { its_file_size = 0; its_file_offset = 0; - status = get_file_metadata(keys_referenced_by_nvm3[i], - &(its_file_meta), &its_file_offset, - &its_file_size); - if ( status == SLI_PSA_ITS_ECODE_NO_VALID_HEADER) { + status = get_file_metadata(keys_referenced_by_nvm3[i], &(its_file_meta), + &its_file_offset, &its_file_size); + if (status == SLI_PSA_ITS_ECODE_NO_VALID_HEADER) { return PSA_ERROR_DOES_NOT_EXIST; } - if ( status != ECODE_NVM3_OK - && status != SLI_PSA_ITS_ECODE_NEEDS_UPGRADE) { + if (status != ECODE_NVM3_OK && + status != SLI_PSA_ITS_ECODE_NEEDS_UPGRADE) { return PSA_ERROR_STORAGE_FAILURE; } #if defined(SLI_PSA_ITS_ENCRYPTED) - // Subtract IV and MAC from ITS file as the below checks concern the actual data size + // Subtract IV and MAC from ITS file as the below checks concern the + // actual data size its_file_data_size = its_file_size - SLI_ITS_ENCRYPTED_BLOB_SIZE_OVERHEAD; #else its_file_data_size = its_file_size; #endif - if ((its_file_meta.magic != SLI_PSA_ITS_META_MAGIC_V2) - && (its_file_meta.magic != SLI_PSA_ITS_META_MAGIC_V1)) { + if ((its_file_meta.magic != SLI_PSA_ITS_META_MAGIC_V2) && + (its_file_meta.magic != SLI_PSA_ITS_META_MAGIC_V1)) { return PSA_ERROR_STORAGE_FAILURE; } - its_file_buffer = mbedtls_calloc(1, its_file_size + sizeof(sli_its_file_meta_v2_t)); + its_file_buffer = + mbedtls_calloc(1, its_file_size + sizeof(sli_its_file_meta_v2_t)); if (its_file_buffer == NULL) { return PSA_ERROR_INSUFFICIENT_MEMORY; } #if defined(SLI_PSA_ITS_ENCRYPTED) - psa_status = psa_its_get_legacy(keys_referenced_by_nvm3[i], - &(its_file_meta), - its_file_size, - its_file_offset, - its_file_buffer); + psa_status = + psa_its_get_legacy(keys_referenced_by_nvm3[i], &(its_file_meta), + its_file_size, its_file_offset, its_file_buffer); #else - psa_status = psa_its_get_legacy(keys_referenced_by_nvm3[i], - NULL, - its_file_size, - its_file_offset, - its_file_buffer); + psa_status = + psa_its_get_legacy(keys_referenced_by_nvm3[i], NULL, its_file_size, + its_file_offset, its_file_buffer); #endif if (psa_status != PSA_SUCCESS) { psa_status = PSA_ERROR_STORAGE_FAILURE; goto exit; } -#if defined (SLI_PSA_ITS_SUPPORT_V1_FORMAT_INTERNAL) +#if defined(SLI_PSA_ITS_SUPPORT_V1_FORMAT_INTERNAL) if (its_file_meta.magic == SLI_PSA_ITS_META_MAGIC_V1) { psa_status = psa_its_set_v1(its_file_meta.uid, its_file_data_size, its_file_buffer, its_file_meta.flags); @@ -2173,64 +2119,65 @@ static psa_status_t upgrade_all_keys() its_file_buffer, its_file_meta.flags); } - if ((psa_status != PSA_SUCCESS) && (psa_status - != PSA_ERROR_NOT_PERMITTED)) { + if ((psa_status != PSA_SUCCESS) && + (psa_status != PSA_ERROR_NOT_PERMITTED)) { goto exit; } - status = nvm3_deleteObject(nvm3_defaultHandle, - keys_referenced_by_nvm3[i]); + status = + nvm3_deleteObject(nvm3_defaultHandle, keys_referenced_by_nvm3[i]); - if ( status != ECODE_NVM3_OK ) { + if (status != ECODE_NVM3_OK) { psa_status = PSA_ERROR_STORAGE_FAILURE; goto exit; } - memset(its_file_buffer, 0, its_file_size + sizeof(sli_its_file_meta_v2_t)); + memset(its_file_buffer, 0, + its_file_size + sizeof(sli_its_file_meta_v2_t)); mbedtls_free(its_file_buffer); } } return PSA_SUCCESS; - exit: +exit: // Clear and free key buffer before return. memset(its_file_buffer, 0, its_file_size + sizeof(sli_its_file_meta_v2_t)); mbedtls_free(its_file_buffer); return psa_status; } -#if defined (SLI_PSA_ITS_SUPPORT_V1_FORMAT_INTERNAL) -psa_status_t psa_its_set_v1(psa_storage_uid_t uid, - uint32_t data_length, +#if defined(SLI_PSA_ITS_SUPPORT_V1_FORMAT_INTERNAL) +psa_status_t psa_its_set_v1(psa_storage_uid_t uid, uint32_t data_length, const void *p_data, - psa_storage_create_flags_t create_flags) -{ + psa_storage_create_flags_t create_flags) { if ((data_length != 0U) && (p_data == NULL)) { return PSA_ERROR_INVALID_ARGUMENT; } - if (create_flags != PSA_STORAGE_FLAG_WRITE_ONCE - && create_flags != PSA_STORAGE_FLAG_NONE + if (create_flags != PSA_STORAGE_FLAG_WRITE_ONCE && + create_flags != PSA_STORAGE_FLAG_NONE #if defined(TFM_CONFIG_SL_SECURE_LIBRARY) && create_flags != PSA_STORAGE_FLAG_WRITE_ONCE_SECURE_ACCESSIBLE #endif - ) { + ) { return PSA_ERROR_NOT_SUPPORTED; } #if defined(TFM_CONFIG_SL_SECURE_LIBRARY) - if ((create_flags == PSA_STORAGE_FLAG_WRITE_ONCE_SECURE_ACCESSIBLE) - && (!object_lives_in_s(p_data, data_length))) { - // The flag indicates that this data should not be set by the non-secure domain + if ((create_flags == PSA_STORAGE_FLAG_WRITE_ONCE_SECURE_ACCESSIBLE) && + (!object_lives_in_s(p_data, data_length))) { + // The flag indicates that this data should not be set by the non-secure + // domain return PSA_ERROR_INVALID_ARGUMENT; } #endif Ecode_t status; psa_status_t psa_status = PSA_ERROR_CORRUPTION_DETECTED; - sl_its_file_meta_v1_t* its_file_meta; + sl_its_file_meta_v1_t *its_file_meta; nvm3_ObjectKey_t nvm3_object_id = 0; size_t its_file_size = data_length; - uint8_t *its_file_buffer = mbedtls_calloc(1, its_file_size + sizeof(sl_its_file_meta_v1_t)); + uint8_t *its_file_buffer = + mbedtls_calloc(1, its_file_size + sizeof(sl_its_file_meta_v1_t)); if (its_file_buffer == NULL) { return PSA_ERROR_INSUFFICIENT_MEMORY; } @@ -2240,8 +2187,8 @@ psa_status_t psa_its_set_v1(psa_storage_uid_t uid, sli_its_file_meta_v2_t its_file_meta_v2; sli_its_acquire_mutex(); - psa_status = find_nvm3_id(uid, true, &its_file_meta_v2, NULL, NULL, - &nvm3_object_id); + psa_status = + find_nvm3_id(uid, true, &its_file_meta_v2, NULL, NULL, &nvm3_object_id); if (psa_status != PSA_SUCCESS) { if (psa_status == PSA_ERROR_DOES_NOT_EXIST) { psa_status = PSA_ERROR_INSUFFICIENT_STORAGE; @@ -2254,14 +2201,12 @@ psa_status_t psa_its_set_v1(psa_storage_uid_t uid, its_file_meta->flags = create_flags; if (data_length != 0U) { - memcpy(its_file_buffer + sizeof(sl_its_file_meta_v1_t), ((uint8_t*) - p_data), data_length); + memcpy(its_file_buffer + sizeof(sl_its_file_meta_v1_t), ((uint8_t *)p_data), + data_length); } - status = nvm3_writeData(nvm3_defaultHandle, - nvm3_object_id, - its_file_buffer, its_file_size + sizeof - (sl_its_file_meta_v1_t)); + status = nvm3_writeData(nvm3_defaultHandle, nvm3_object_id, its_file_buffer, + its_file_size + sizeof(sl_its_file_meta_v1_t)); if (status == ECODE_NVM3_OK) { // Power-loss might occur, however upon boot, the look-up table will be @@ -2271,48 +2216,47 @@ psa_status_t psa_its_set_v1(psa_storage_uid_t uid, psa_status = PSA_ERROR_STORAGE_FAILURE; } - exit: +exit: // Clear and free key buffer before return. memset(its_file_buffer, 0, its_file_size + sizeof(sl_its_file_meta_v1_t)); mbedtls_free(its_file_buffer); sli_its_release_mutex(); return psa_status; } -#endif //SLI_PSA_ITS_SUPPORT_V1_FORMAT_INTERNAL -#endif //SL_PSA_ITS_SUPPORT_V1_DRIVER +#endif // SLI_PSA_ITS_SUPPORT_V1_FORMAT_INTERNAL +#endif // SL_PSA_ITS_SUPPORT_V1_DRIVER /** * \brief Search through NVM3 for correct uid * * \param[in] uid UID under what we want to store the data - * \param[in] find_empty_slot Indicates whether we want to find existing data or empty space for storing new. - * \param[out] its_file_meta Meta information of ITS file - * \param[out] its_file_offset Offset of ITS file - * \param[out] its_file_size Size of ITS file - * \param[out] output_nvm3_id NVM3 ID corresponding to UID. + * \param[in] find_empty_slot Indicates whether we want to find existing data + * or empty space for storing new. \param[out] its_file_meta Meta information + * of ITS file \param[out] its_file_offset Offset of ITS file \param[out] + * its_file_size Size of ITS file \param[out] output_nvm3_id NVM3 ID + * corresponding to UID. * * \return A status indicating the success/failure of the operation * - * \retval PSA_SUCCESS The operation completed successfully - * \retval PSA_ERROR_DOES_NOT_EXIST The data with this UID are not stored in NVM3 - * \retval PSA_ERROR_NOT_PERMITTED The requested operation is not permitted + * \retval PSA_SUCCESS The operation completed + * successfully \retval PSA_ERROR_DOES_NOT_EXIST The data with this + * UID are not stored in NVM3 \retval PSA_ERROR_NOT_PERMITTED The + * requested operation is not permitted */ -static psa_status_t find_nvm3_id(psa_storage_uid_t uid, - bool find_empty_slot, - sli_its_file_meta_v2_t* its_file_meta, - size_t* its_file_offset, - size_t* its_file_size, - nvm3_ObjectKey_t * output_nvm3_id) -{ +static psa_status_t find_nvm3_id(psa_storage_uid_t uid, bool find_empty_slot, + sli_its_file_meta_v2_t *its_file_meta, + size_t *its_file_offset, size_t *its_file_size, + nvm3_ObjectKey_t *output_nvm3_id) { Ecode_t status; nvm3_ObjectKey_t tmp_id = 0; nvm3_ObjectKey_t nvm3_object_id = 0; nvm3_object_id = derive_nvm3_id(uid); if (nvm3_uid_set_cache_initialized == false) { -#if defined(TFM_CONFIG_SL_SECURE_LIBRARY) \ - // With SKL the NVM3 instance must be initialized by the NS app. We therefore check that - // it has been opened (which is done on init) rather than actually doing the init. +#if defined(TFM_CONFIG_SL_SECURE_LIBRARY) +// With SKL the NVM3 instance must be initialized by the NS app. We therefore +// check that it has been opened (which is done on init) rather than actually +// doing the init. if (!nvm3_defaultHandle->hasBeenOpened) { #else if (nvm3_initDefault() != ECODE_NVM3_OK) { @@ -2321,17 +2265,17 @@ static psa_status_t find_nvm3_id(psa_storage_uid_t uid, } #if SL_PSA_ITS_SUPPORT_V2_DRIVER - if ( its_driver_version == SLI_PSA_ITS_NOT_CHECKED ) { - if ( detect_legacy_versions() != PSA_SUCCESS ) { + if (its_driver_version == SLI_PSA_ITS_NOT_CHECKED) { + if (detect_legacy_versions() != PSA_SUCCESS) { return PSA_ERROR_STORAGE_FAILURE; } - if ( its_driver_version == SLI_PSA_ITS_V2_DRIVER ) { + if (its_driver_version == SLI_PSA_ITS_V2_DRIVER) { psa_status_t psa_status = upgrade_all_keys(); - if ( psa_status != PSA_SUCCESS ) { + if (psa_status != PSA_SUCCESS) { return psa_status; } psa_status = write_driver_v3(); - if ( psa_status != PSA_SUCCESS ) { + if (psa_status != PSA_SUCCESS) { return psa_status; } } else { @@ -2345,12 +2289,12 @@ static psa_status_t find_nvm3_id(psa_storage_uid_t uid, #endif } - for (size_t i = 0; i < SL_PSA_ITS_MAX_FILES; ++i ) { + for (size_t i = 0; i < SL_PSA_ITS_MAX_FILES; ++i) { if (!lookup_cache(nvm3_object_id)) { // dont exist if (lookup_tomb(nvm3_object_id)) { // tombstone - if (tmp_id == 0 ) { + if (tmp_id == 0) { // mark first empty space tmp_id = nvm3_object_id; } @@ -2373,8 +2317,8 @@ static psa_status_t find_nvm3_id(psa_storage_uid_t uid, status = get_file_metadata(nvm3_object_id, its_file_meta, its_file_offset, its_file_size); - if (status == SLI_PSA_ITS_ECODE_NO_VALID_HEADER - || status == ECODE_NVM3_ERR_READ_DATA_SIZE) { + if (status == SLI_PSA_ITS_ECODE_NO_VALID_HEADER || + status == ECODE_NVM3_ERR_READ_DATA_SIZE) { // we don't expect any other data in our range then PSA ITS files. // delete the file if the magic doesn't match or the object on disk // is too small to even have full metadata. @@ -2384,8 +2328,7 @@ static psa_status_t find_nvm3_id(psa_storage_uid_t uid, } } - if (status != ECODE_NVM3_OK - && status != SLI_PSA_ITS_ECODE_NEEDS_UPGRADE) { + if (status != ECODE_NVM3_OK && status != SLI_PSA_ITS_ECODE_NEEDS_UPGRADE) { return PSA_ERROR_STORAGE_FAILURE; } @@ -2395,15 +2338,17 @@ static psa_status_t find_nvm3_id(psa_storage_uid_t uid, if (find_empty_slot) { if (its_file_meta->flags == PSA_STORAGE_FLAG_WRITE_ONCE #if defined(TFM_CONFIG_SL_SECURE_LIBRARY) - || its_file_meta->flags == PSA_STORAGE_FLAG_WRITE_ONCE_SECURE_ACCESSIBLE + || its_file_meta->flags == + PSA_STORAGE_FLAG_WRITE_ONCE_SECURE_ACCESSIBLE #endif - ) { + ) { return PSA_ERROR_NOT_PERMITTED; } } #if defined(SLI_PSA_ITS_ENCRYPTED) - // If the UID already exists, authenticate the existing value and make sure the stored UID is the same. - // Note that this can potentially induce a significant performance hit. + // If the UID already exists, authenticate the existing value and make + // sure the stored UID is the same. Note that this can potentially induce + // a significant performance hit. psa_status_t psa_status = PSA_ERROR_CORRUPTION_DETECTED; psa_storage_uid_t authenticated_uid = 0; psa_status = authenticate_its_file(nvm3_object_id, &authenticated_uid); @@ -2429,35 +2374,40 @@ static psa_status_t find_nvm3_id(psa_storage_uid_t uid, } #if defined(SLI_PSA_ITS_ENCRYPTED) -static inline void cache_session_key(uint8_t *session_key, psa_storage_uid_t uid) -{ +static inline void cache_session_key(uint8_t *session_key, + psa_storage_uid_t uid) { // Cache the session key - memcpy(g_cached_session_key.data, session_key, sizeof(g_cached_session_key.data)); + memcpy(g_cached_session_key.data, session_key, + sizeof(g_cached_session_key.data)); g_cached_session_key.uid = uid; g_cached_session_key.active = true; } /** - * \brief Derive a session key for ITS file encryption from the initialized root key and provided IV. + * \brief Derive a session key for ITS file encryption from the initialized root + * key and provided IV. * - * \param[in] iv Pointer to array containing the initialization vector to be used in the key derivation. - * \param[in] iv_size Size of the IV buffer in bytes. Must be 12 bytes (AES-GCM IV size). - * \param[out] session_key Pointer to array where derived session key shall be stored. - * \param[out] session_key_size Size of the derived session key output array. Must be at least 32 bytes (AES-256 key size). + * \param[in] iv Pointer to array containing the initialization + * vector to be used in the key derivation. \param[in] iv_size Size of + * the IV buffer in bytes. Must be 12 bytes (AES-GCM IV size). \param[out] + * session_key Pointer to array where derived session key shall be stored. + * \param[out] session_key_size Size of the derived session key output array. + * Must be at least 32 bytes (AES-256 key size). * * \return A status indicating the success/failure of the operation * - * \retval PSA_SUCCESS The operation completed successfully - * \retval PSA_ERROR_BAD_STATE The root key has not been initialized. - * \retval PSA_ERROR_INVALID_ARGUMENT The operation failed because iv or session_key is NULL, or their sizes are incorrect. - * \retval PSA_ERROR_HARDWARE_FAILURE The operation failed because an internal cryptographic operation failed. + * \retval PSA_SUCCESS The operation completed + * successfully \retval PSA_ERROR_BAD_STATE The root key has + * not been initialized. \retval PSA_ERROR_INVALID_ARGUMENT The + * operation failed because iv or session_key is NULL, or their sizes are + * incorrect. \retval PSA_ERROR_HARDWARE_FAILURE The operation failed + * because an internal cryptographic operation failed. */ -static psa_status_t derive_session_key(uint8_t *iv, size_t iv_size, uint8_t *session_key, size_t session_key_size) -{ - if (iv == NULL - || iv_size != AES_GCM_IV_SIZE - || session_key == NULL - || session_key_size < SESSION_KEY_SIZE) { +static psa_status_t derive_session_key(uint8_t *iv, size_t iv_size, + uint8_t *session_key, + size_t session_key_size) { + if (iv == NULL || iv_size != AES_GCM_IV_SIZE || session_key == NULL || + session_key_size < SESSION_KEY_SIZE) { return PSA_ERROR_INVALID_ARGUMENT; } @@ -2470,9 +2420,8 @@ static psa_status_t derive_session_key(uint8_t *iv, size_t iv_size, uint8_t *ses psa_key_lifetime_t reported_lifetime; psa_drv_slot_number_t reported_slot; - status = mbedtls_psa_platform_get_builtin_key(psa_get_key_id(&attributes), - &reported_lifetime, - &reported_slot); + status = mbedtls_psa_platform_get_builtin_key( + psa_get_key_id(&attributes), &reported_lifetime, &reported_slot); if (status != PSA_SUCCESS) { return status; @@ -2482,15 +2431,12 @@ static psa_status_t derive_session_key(uint8_t *iv, size_t iv_size, uint8_t *ses uint8_t key_buffer[sizeof(sli_se_opaque_key_context_header_t)]; size_t key_buffer_size; - status = sli_se_opaque_get_builtin_key(reported_slot, - &attributes, - key_buffer, - sizeof(key_buffer), - &key_buffer_size); + status = sli_se_opaque_get_builtin_key(reported_slot, &attributes, key_buffer, + sizeof(key_buffer), &key_buffer_size); if (status != PSA_SUCCESS) { return status; } -#else // defined(SEMAILBOX_PRESENT) +#else // defined(SEMAILBOX_PRESENT) // For VSE devices, use the previously initialized root key if (!g_root_key.initialized) { return PSA_ERROR_BAD_STATE; @@ -2502,24 +2448,18 @@ static psa_status_t derive_session_key(uint8_t *iv, size_t iv_size, uint8_t *ses psa_set_key_bits(&attributes, ROOT_KEY_SIZE * 8); // Point the key buffer to the global root key - uint8_t *key_buffer = (uint8_t*)g_root_key.data; + uint8_t *key_buffer = (uint8_t *)g_root_key.data; size_t key_buffer_size = sizeof(g_root_key.data); #endif // defined(SEMAILBOX_PRESENT) // Use CMAC as a key derivation function size_t session_key_length; status = psa_driver_wrapper_mac_compute( - &attributes, - key_buffer, - key_buffer_size, - PSA_ALG_CMAC, - iv, - iv_size, - session_key, - session_key_size, - &session_key_length); - - // Verify that the key derivation was successful before transferring the key to the caller + &attributes, key_buffer, key_buffer_size, PSA_ALG_CMAC, iv, iv_size, + session_key, session_key_size, &session_key_length); + + // Verify that the key derivation was successful before transferring the key + // to the caller if (status != PSA_SUCCESS || session_key_length != SESSION_KEY_SIZE) { memset(session_key, 0, session_key_size); return PSA_ERROR_HARDWARE_FAILURE; @@ -2529,40 +2469,42 @@ static psa_status_t derive_session_key(uint8_t *iv, size_t iv_size, uint8_t *ses } /** - * \brief Encrypt and authenticate ITS data with AES-128-GCM, storing the result in an encrypted blob. - * - * \param[in] metadata ITS metadata to be used as authenticated additional data. - * \param[in] plaintext Pointer to array containing data to be encrypted. - * \param[in] plaintext_size Size of provided plaintext data array. - * \param[out] blob Pointer to array where the resulting encrypted blob shall be placed. - * \param[in] blob_size Size of the output array. Must be at least as big as plaintext_size + SLI_ITS_ENCRYPTED_BLOB_SIZE_OVERHEAD - * \param[out] blob_length Resulting size of the output blob. + * \brief Encrypt and authenticate ITS data with AES-128-GCM, storing the result + * in an encrypted blob. + * + * \param[in] metadata ITS metadata to be used as authenticated + * additional data. \param[in] plaintext Pointer to array containing data + * to be encrypted. \param[in] plaintext_size Size of provided plaintext data + * array. \param[out] blob Pointer to array where the resulting + * encrypted blob shall be placed. \param[in] blob_size Size of the output + * array. Must be at least as big as plaintext_size + + * SLI_ITS_ENCRYPTED_BLOB_SIZE_OVERHEAD \param[out] blob_length Resulting + * size of the output blob. * * \return A status indicating the success/failure of the operation * - * \retval PSA_SUCCESS The operation completed successfully - * \retval PSA_ERROR_BAD_STATE The root key has not been initialized. - * \retval PSA_ERROR_INVALID_ARGUMENT The operation failed because one or more arguments are NULL or of invalid size. - * \retval PSA_ERROR_HARDWARE_FAILURE The operation failed because an internal cryptographic operation failed. + * \retval PSA_SUCCESS The operation completed + * successfully \retval PSA_ERROR_BAD_STATE The root key has + * not been initialized. \retval PSA_ERROR_INVALID_ARGUMENT The + * operation failed because one or more arguments are NULL or of invalid size. + * \retval PSA_ERROR_HARDWARE_FAILURE The operation failed because an + * internal cryptographic operation failed. */ psa_status_t sli_encrypt_its_file(sli_its_file_meta_v2_t *metadata, - uint8_t *plaintext, - size_t plaintext_size, + uint8_t *plaintext, size_t plaintext_size, sli_its_encrypted_blob_t *blob, - size_t blob_size, - size_t *blob_length) -{ - if (metadata == NULL - || (plaintext == NULL && plaintext_size > 0) - || blob == NULL - || blob_size < plaintext_size + SLI_ITS_ENCRYPTED_BLOB_SIZE_OVERHEAD - || blob_length == NULL) { + size_t blob_size, size_t *blob_length) { + if (metadata == NULL || (plaintext == NULL && plaintext_size > 0) || + blob == NULL || + blob_size < plaintext_size + SLI_ITS_ENCRYPTED_BLOB_SIZE_OVERHEAD || + blob_length == NULL) { return PSA_ERROR_INVALID_ARGUMENT; } // Generate IV size_t iv_length = 0; - psa_status_t psa_status = mbedtls_psa_external_get_random(NULL, blob->iv, AES_GCM_IV_SIZE, &iv_length); + psa_status_t psa_status = mbedtls_psa_external_get_random( + NULL, blob->iv, AES_GCM_IV_SIZE, &iv_length); if (psa_status != PSA_SUCCESS || iv_length != AES_GCM_IV_SIZE) { return PSA_ERROR_HARDWARE_FAILURE; @@ -2576,7 +2518,8 @@ psa_status_t sli_encrypt_its_file(sli_its_file_meta_v2_t *metadata, psa_set_key_bits(&attributes, SESSION_KEY_SIZE * 8); uint8_t session_key[SESSION_KEY_SIZE]; - psa_status = derive_session_key(blob->iv, AES_GCM_IV_SIZE, session_key, sizeof(session_key)); + psa_status = derive_session_key(blob->iv, AES_GCM_IV_SIZE, session_key, + sizeof(session_key)); if (psa_status != PSA_SUCCESS) { return psa_status; } @@ -2585,20 +2528,19 @@ psa_status_t sli_encrypt_its_file(sli_its_file_meta_v2_t *metadata, // Retrieve data to be encrypted if (plaintext_size != 0U) { - memcpy(blob->data, ((uint8_t*)plaintext), plaintext_size); + memcpy(blob->data, ((uint8_t *)plaintext), plaintext_size); } // Encrypt and authenticate blob size_t output_length = 0; psa_status = psa_driver_wrapper_aead_encrypt( - &attributes, - session_key, sizeof(session_key), - PSA_ALG_GCM, - blob->iv, sizeof(blob->iv), - (uint8_t*)metadata, sizeof(sli_its_file_meta_v2_t), // metadata is AAD - blob->data, plaintext_size, - blob->data, plaintext_size + AES_GCM_MAC_SIZE, // output == input for in-place encryption - &output_length); + &attributes, session_key, sizeof(session_key), PSA_ALG_GCM, blob->iv, + sizeof(blob->iv), (uint8_t *)metadata, + sizeof(sli_its_file_meta_v2_t), // metadata is AAD + blob->data, plaintext_size, blob->data, + plaintext_size + + AES_GCM_MAC_SIZE, // output == input for in-place encryption + &output_length); // Clear the local session key immediately after we're done using it memset(session_key, 0, sizeof(session_key)); @@ -2619,33 +2561,34 @@ psa_status_t sli_encrypt_its_file(sli_its_file_meta_v2_t *metadata, /** * \brief Decrypt and authenticate encrypted ITS data. * - * \param[in] metadata ITS metadata to be used as authenticated additional data. Must be identical to the metadata used during encryption. + * \param[in] metadata ITS metadata to be used as authenticated + * additional data. Must be identical to the metadata used during encryption. * \param[in] blob Encrypted blob containing data to be decrypted. * \param[in] blob_size Size of the encrypted blob in bytes. - * \param[out] plaintext Pointer to array where the decrypted plaintext shall be placed. - * \param[in] plaintext_size Size of the plaintext array. Must be equal to sizeof(blob->data) - AES_GCM_MAC_SIZE. - * \param[out] plaintext_length Resulting length of the decrypted plaintext. + * \param[out] plaintext Pointer to array where the decrypted plaintext + * shall be placed. \param[in] plaintext_size Size of the plaintext array. + * Must be equal to sizeof(blob->data) - AES_GCM_MAC_SIZE. \param[out] + * plaintext_length Resulting length of the decrypted plaintext. * * \return A status indicating the success/failure of the operation * - * \retval PSA_SUCCESS The operation completed successfully - * \retval PSA_ERROR_INVALID_SIGANTURE The operation failed because authentication of the decrypted data failed. - * \retval PSA_ERROR_BAD_STATE The root key has not been initialized. - * \retval PSA_ERROR_INVALID_ARGUMENT The operation failed because one or more arguments are NULL or of invalid size. - * \retval PSA_ERROR_HARDWARE_FAILURE The operation failed because an internal cryptographic operation failed. + * \retval PSA_SUCCESS The operation completed + * successfully \retval PSA_ERROR_INVALID_SIGANTURE The operation + * failed because authentication of the decrypted data failed. \retval + * PSA_ERROR_BAD_STATE The root key has not been initialized. + * \retval PSA_ERROR_INVALID_ARGUMENT The operation failed because + * one or more arguments are NULL or of invalid size. \retval + * PSA_ERROR_HARDWARE_FAILURE The operation failed because an internal + * cryptographic operation failed. */ static psa_status_t sli_decrypt_its_file(sli_its_file_meta_v2_t *metadata, sli_its_encrypted_blob_t *blob, - size_t blob_size, - uint8_t *plaintext, + size_t blob_size, uint8_t *plaintext, size_t plaintext_size, - size_t *plaintext_length) -{ - if (metadata == NULL - || blob == NULL - || blob_size < plaintext_size + SLI_ITS_ENCRYPTED_BLOB_SIZE_OVERHEAD - || (plaintext == NULL && plaintext_size > 0) - || plaintext_length == NULL) { + size_t *plaintext_length) { + if (metadata == NULL || blob == NULL || + blob_size < plaintext_size + SLI_ITS_ENCRYPTED_BLOB_SIZE_OVERHEAD || + (plaintext == NULL && plaintext_size > 0) || plaintext_length == NULL) { return PSA_ERROR_INVALID_ARGUMENT; } @@ -2659,11 +2602,13 @@ static psa_status_t sli_decrypt_its_file(sli_its_file_meta_v2_t *metadata, psa_status_t psa_status = PSA_ERROR_CORRUPTION_DETECTED; uint8_t session_key[SESSION_KEY_SIZE]; - if (g_cached_session_key.active && g_cached_session_key.uid == metadata->uid) { + if (g_cached_session_key.active && + g_cached_session_key.uid == metadata->uid) { // Use cached session key if it's already set and UID matches memcpy(session_key, g_cached_session_key.data, sizeof(session_key)); } else { - psa_status = derive_session_key(blob->iv, AES_GCM_IV_SIZE, session_key, sizeof(session_key)); + psa_status = derive_session_key(blob->iv, AES_GCM_IV_SIZE, session_key, + sizeof(session_key)); if (psa_status != PSA_SUCCESS) { return psa_status; } @@ -2673,14 +2618,11 @@ static psa_status_t sli_decrypt_its_file(sli_its_file_meta_v2_t *metadata, // Decrypt and authenticate blob size_t output_length = 0; psa_status = psa_driver_wrapper_aead_decrypt( - &attributes, - session_key, sizeof(session_key), - PSA_ALG_GCM, - blob->iv, sizeof(blob->iv), - (uint8_t*)metadata, sizeof(sli_its_file_meta_v2_t), // metadata is AAD - blob->data, plaintext_size + AES_GCM_MAC_SIZE, - plaintext, plaintext_size, - &output_length); + &attributes, session_key, sizeof(session_key), PSA_ALG_GCM, blob->iv, + sizeof(blob->iv), (uint8_t *)metadata, + sizeof(sli_its_file_meta_v2_t), // metadata is AAD + blob->data, plaintext_size + AES_GCM_MAC_SIZE, plaintext, plaintext_size, + &output_length); // Clear the session key immediately after we're done using it memset(session_key, 0, sizeof(session_key)); @@ -2690,8 +2632,7 @@ static psa_status_t sli_decrypt_its_file(sli_its_file_meta_v2_t *metadata, return PSA_ERROR_INVALID_SIGNATURE; } - if (psa_status != PSA_SUCCESS - || output_length != plaintext_size) { + if (psa_status != PSA_SUCCESS || output_length != plaintext_size) { return PSA_ERROR_HARDWARE_FAILURE; } @@ -2701,37 +2642,41 @@ static psa_status_t sli_decrypt_its_file(sli_its_file_meta_v2_t *metadata, } /** - * \brief Authenticate encrypted ITS data and return the UID of the ITS file that was authenticated. + * \brief Authenticate encrypted ITS data and return the UID of the ITS file + * that was authenticated. * - * \details NOTE: This function will run sli_decrypt_its_file() internally. The difference from the sli_decrypt_its_file() - * function is that authenticate_its_file() reads the NVM3 data, decrypts it in order to authenticate the - * stored data, and then discards the plaintext. This is needed since PSA Crypto doesn't support the - * GMAC primitive directly, which means we have to run a full GCM decrypt for authentication. + * \details NOTE: This function will run sli_decrypt_its_file() internally. The + * difference from the sli_decrypt_its_file() function is that + * authenticate_its_file() reads the NVM3 data, decrypts it in order to + * authenticate the stored data, and then discards the plaintext. This is needed + * since PSA Crypto doesn't support the GMAC primitive directly, which means we + * have to run a full GCM decrypt for authentication. * - * \param[in] nvm3_object_id The NVM3 id corresponding to the stored ITS file. - * \param[out] authenticated_uid UID for the authenticated ITS file. + * \param[in] nvm3_object_id The NVM3 id corresponding to the stored ITS + * file. \param[out] authenticated_uid UID for the authenticated ITS file. * * \return A status indicating the success/failure of the operation * - * \retval PSA_SUCCESS The operation completed successfully - * \retval PSA_ERROR_INVALID_SIGANTURE The operation failed because authentication of the decrypted data failed. - * \retval PSA_ERROR_BAD_STATE The root key has not been initialized. - * \retval PSA_ERROR_INVALID_ARGUMENT The operation failed because one or more arguments are NULL or of invalid size. - * \retval PSA_ERROR_HARDWARE_FAILURE The operation failed because an internal cryptographic operation failed. + * \retval PSA_SUCCESS The operation completed + * successfully \retval PSA_ERROR_INVALID_SIGANTURE The operation + * failed because authentication of the decrypted data failed. \retval + * PSA_ERROR_BAD_STATE The root key has not been initialized. + * \retval PSA_ERROR_INVALID_ARGUMENT The operation failed because + * one or more arguments are NULL or of invalid size. \retval + * PSA_ERROR_HARDWARE_FAILURE The operation failed because an internal + * cryptographic operation failed. */ -static psa_status_t authenticate_its_file(nvm3_ObjectKey_t nvm3_object_id, - psa_storage_uid_t *authenticated_uid) -{ +static psa_status_t +authenticate_its_file(nvm3_ObjectKey_t nvm3_object_id, + psa_storage_uid_t *authenticated_uid) { psa_status_t psa_status = PSA_ERROR_CORRUPTION_DETECTED; sli_its_file_meta_v2_t *its_file_meta = NULL; sli_its_encrypted_blob_t *blob = NULL; uint32_t obj_type; size_t its_file_size = 0; - Ecode_t status = nvm3_getObjectInfo(nvm3_defaultHandle, - nvm3_object_id, - &obj_type, - &its_file_size); + Ecode_t status = nvm3_getObjectInfo(nvm3_defaultHandle, nvm3_object_id, + &obj_type, &its_file_size); if (status != ECODE_NVM3_OK) { return PSA_ERROR_STORAGE_FAILURE; } @@ -2742,32 +2687,32 @@ static psa_status_t authenticate_its_file(nvm3_ObjectKey_t nvm3_object_id, } memset(its_file_buffer, 0, its_file_size); - status = nvm3_readData(nvm3_defaultHandle, - nvm3_object_id, - its_file_buffer, + status = nvm3_readData(nvm3_defaultHandle, nvm3_object_id, its_file_buffer, its_file_size); if (status != ECODE_NVM3_OK) { psa_status = PSA_ERROR_STORAGE_FAILURE; goto cleanup; } - its_file_meta = (sli_its_file_meta_v2_t*)its_file_buffer; - blob = (sli_its_encrypted_blob_t*)(its_file_buffer + sizeof(sli_its_file_meta_v2_t)); + its_file_meta = (sli_its_file_meta_v2_t *)its_file_buffer; + blob = (sli_its_encrypted_blob_t *)(its_file_buffer + + sizeof(sli_its_file_meta_v2_t)); // Decrypt and authenticate blob size_t plaintext_length; - psa_status = sli_decrypt_its_file(its_file_meta, - blob, - its_file_size - sizeof(sli_its_file_meta_v2_t), - blob->data, - its_file_size - sizeof(sli_its_file_meta_v2_t) - SLI_ITS_ENCRYPTED_BLOB_SIZE_OVERHEAD, - &plaintext_length); + psa_status = sli_decrypt_its_file( + its_file_meta, blob, its_file_size - sizeof(sli_its_file_meta_v2_t), + blob->data, + its_file_size - sizeof(sli_its_file_meta_v2_t) - + SLI_ITS_ENCRYPTED_BLOB_SIZE_OVERHEAD, + &plaintext_length); if (psa_status != PSA_SUCCESS) { goto cleanup; } - if (plaintext_length != (its_file_size - sizeof(sli_its_file_meta_v2_t) - SLI_ITS_ENCRYPTED_BLOB_SIZE_OVERHEAD)) { + if (plaintext_length != (its_file_size - sizeof(sli_its_file_meta_v2_t) - + SLI_ITS_ENCRYPTED_BLOB_SIZE_OVERHEAD)) { psa_status = PSA_ERROR_INVALID_SIGNATURE; goto cleanup; } @@ -2778,9 +2723,10 @@ static psa_status_t authenticate_its_file(nvm3_ObjectKey_t nvm3_object_id, psa_status = PSA_SUCCESS; - cleanup: +cleanup: - // Discard output, as we're only interested in whether the authentication check passed or not. + // Discard output, as we're only interested in whether the authentication + // check passed or not. memset(its_file_buffer, 0, its_file_size); mbedtls_free(its_file_buffer); @@ -2801,21 +2747,25 @@ static psa_status_t authenticate_its_file(nvm3_ObjectKey_t nvm3_object_id, * * \return A status indicating the success/failure of the operation * - * \retval PSA_SUCCESS The operation completed successfully - * \retval PSA_ERROR_NOT_PERMITTED The operation failed because the provided `uid` value was already created with PSA_STORAGE_FLAG_WRITE_ONCE - * \retval PSA_ERROR_NOT_SUPPORTED The operation failed because one or more of the flags provided in `create_flags` is not supported or is not valid - * \retval PSA_ERROR_INSUFFICIENT_STORAGE The operation failed because there was insufficient space on the storage medium - * \retval PSA_ERROR_STORAGE_FAILURE The operation failed because the physical storage has failed (Fatal error) - * \retval PSA_ERROR_INVALID_ARGUMENT The operation failed because one of the provided pointers(`p_data`) - * is invalid, for example is `NULL` or references memory the caller cannot access - * \retval PSA_ERROR_HARDWARE_FAILURE The operation failed because an internal cryptographic operation failed. - * \retval PSA_ERROR_INVALID_SIGNATURE The operation failed because the provided `uid` doesnt match the autenticated uid from the storage + * \retval PSA_SUCCESS The operation completed + * successfully \retval PSA_ERROR_NOT_PERMITTED The operation + * failed because the provided `uid` value was already created with + * PSA_STORAGE_FLAG_WRITE_ONCE \retval PSA_ERROR_NOT_SUPPORTED The + * operation failed because one or more of the flags provided in `create_flags` + * is not supported or is not valid \retval PSA_ERROR_INSUFFICIENT_STORAGE + * The operation failed because there was insufficient space on the storage + * medium \retval PSA_ERROR_STORAGE_FAILURE The operation failed + * because the physical storage has failed (Fatal error) \retval + * PSA_ERROR_INVALID_ARGUMENT The operation failed because one of the + * provided pointers(`p_data`) is invalid, for example is `NULL` or references + * memory the caller cannot access \retval PSA_ERROR_HARDWARE_FAILURE The + * operation failed because an internal cryptographic operation failed. \retval + * PSA_ERROR_INVALID_SIGNATURE The operation failed because the provided + * `uid` doesnt match the autenticated uid from the storage */ -psa_status_t psa_its_set(psa_storage_uid_t uid, - uint32_t data_length, +psa_status_t psa_its_set(psa_storage_uid_t uid, uint32_t data_length, const void *p_data, - psa_storage_create_flags_t create_flags) -{ + psa_storage_create_flags_t create_flags) { if ((data_length != 0U) && (p_data == NULL)) { return PSA_ERROR_INVALID_ARGUMENT; } @@ -2823,26 +2773,27 @@ psa_status_t psa_its_set(psa_storage_uid_t uid, return PSA_ERROR_STORAGE_FAILURE; } - if (create_flags != PSA_STORAGE_FLAG_WRITE_ONCE - && create_flags != PSA_STORAGE_FLAG_NONE + if (create_flags != PSA_STORAGE_FLAG_WRITE_ONCE && + create_flags != PSA_STORAGE_FLAG_NONE #if defined(TFM_CONFIG_SL_SECURE_LIBRARY) && create_flags != PSA_STORAGE_FLAG_WRITE_ONCE_SECURE_ACCESSIBLE #endif - ) { + ) { return PSA_ERROR_NOT_SUPPORTED; } #if defined(TFM_CONFIG_SL_SECURE_LIBRARY) - if ((create_flags == PSA_STORAGE_FLAG_WRITE_ONCE_SECURE_ACCESSIBLE) - && (!object_lives_in_s(p_data, data_length))) { - // The flag indicates that this data should not be set by the non-secure domain + if ((create_flags == PSA_STORAGE_FLAG_WRITE_ONCE_SECURE_ACCESSIBLE) && + (!object_lives_in_s(p_data, data_length))) { + // The flag indicates that this data should not be set by the non-secure + // domain return PSA_ERROR_INVALID_ARGUMENT; } #endif Ecode_t status; psa_status_t psa_status = PSA_ERROR_CORRUPTION_DETECTED; - sli_its_file_meta_v2_t* its_file_meta; + sli_its_file_meta_v2_t *its_file_meta; nvm3_ObjectKey_t nvm3_object_id = 0; #if defined(SLI_PSA_ITS_ENCRYPTED) sli_its_encrypted_blob_t *blob = NULL; @@ -2852,7 +2803,8 @@ psa_status_t psa_its_set(psa_storage_uid_t uid, size_t its_file_size = data_length; #endif - uint8_t *its_file_buffer = mbedtls_calloc(1, its_file_size + sizeof(sli_its_file_meta_v2_t)); + uint8_t *its_file_buffer = + mbedtls_calloc(1, its_file_size + sizeof(sli_its_file_meta_v2_t)); if (its_file_buffer == NULL) { return PSA_ERROR_INSUFFICIENT_MEMORY; } @@ -2861,7 +2813,8 @@ psa_status_t psa_its_set(psa_storage_uid_t uid, its_file_meta = (sli_its_file_meta_v2_t *)its_file_buffer; sli_its_acquire_mutex(); - psa_status = find_nvm3_id(uid, true, its_file_meta, NULL, NULL, &nvm3_object_id); + psa_status = + find_nvm3_id(uid, true, its_file_meta, NULL, NULL, &nvm3_object_id); if (psa_status != PSA_SUCCESS) { if (psa_status == PSA_ERROR_DOES_NOT_EXIST) { psa_status = PSA_ERROR_INSUFFICIENT_STORAGE; @@ -2874,16 +2827,15 @@ psa_status_t psa_its_set(psa_storage_uid_t uid, its_file_meta->flags = create_flags; #if defined(SLI_PSA_ITS_ENCRYPTED) - // Everything after the the file metadata will make up the encrypted & authenticated blob - blob = (sli_its_encrypted_blob_t*)(its_file_buffer + sizeof(sli_its_file_meta_v2_t)); + // Everything after the the file metadata will make up the encrypted & + // authenticated blob + blob = (sli_its_encrypted_blob_t *)(its_file_buffer + + sizeof(sli_its_file_meta_v2_t)); // Encrypt and authenticate the provided data - psa_status = sli_encrypt_its_file(its_file_meta, - (uint8_t*)p_data, - data_length, - blob, - its_file_size, - &blob_length); + psa_status = + sli_encrypt_its_file(its_file_meta, (uint8_t *)p_data, data_length, blob, + its_file_size, &blob_length); if (psa_status != PSA_SUCCESS) { goto exit; @@ -2896,13 +2848,13 @@ psa_status_t psa_its_set(psa_storage_uid_t uid, #else if (data_length != 0U) { - memcpy(its_file_buffer + sizeof(sli_its_file_meta_v2_t), ((uint8_t*)p_data), data_length); + memcpy(its_file_buffer + sizeof(sli_its_file_meta_v2_t), + ((uint8_t *)p_data), data_length); } #endif - status = nvm3_writeData(nvm3_defaultHandle, - nvm3_object_id, - its_file_buffer, its_file_size + sizeof(sli_its_file_meta_v2_t)); + status = nvm3_writeData(nvm3_defaultHandle, nvm3_object_id, its_file_buffer, + its_file_size + sizeof(sli_its_file_meta_v2_t)); if (status == ECODE_NVM3_OK) { // Power-loss might occur, however upon boot, the look-up table will be @@ -2912,7 +2864,7 @@ psa_status_t psa_its_set(psa_storage_uid_t uid, psa_status = PSA_ERROR_STORAGE_FAILURE; } - exit: +exit: // Clear and free key buffer before return. memset(its_file_buffer, 0, its_file_size + sizeof(sli_its_file_meta_v2_t)); mbedtls_free(its_file_buffer); @@ -2925,36 +2877,38 @@ psa_status_t psa_its_set(psa_storage_uid_t uid, * * \param[in] uid The uid value * \param[in] data_offset The starting offset of the data requested - * \param[in] data_length the amount of data requested (and the minimum allocated size of the `p_data` buffer) - * \param[out] p_data The buffer where the data will be placed upon successful completion - * \param[out] p_data_length The amount of data returned in the p_data buffer + * \param[in] data_length the amount of data requested (and the minimum + * allocated size of the `p_data` buffer) \param[out] p_data The + * buffer where the data will be placed upon successful completion \param[out] + * p_data_length The amount of data returned in the p_data buffer * * * \return A status indicating the success/failure of the operation * - * \retval PSA_SUCCESS The operation completed successfully - * \retval PSA_ERROR_DOES_NOT_EXIST The operation failed because the provided `uid` value was not found in the storage - * \retval PSA_ERROR_BUFFER_TOO_SMALL The operation failed because the data associated with provided uid is larger than `data_size` - * \retval PSA_ERROR_STORAGE_FAILURE The operation failed because the physical storage has failed (Fatal error) - * \retval PSA_ERROR_INVALID_ARGUMENT The operation failed because one of the provided pointers(`p_data`, `p_data_length`) - * is invalid. For example is `NULL` or references memory the caller cannot access. - * In addition, this can also happen if an invalid offset was provided. + * \retval PSA_SUCCESS The operation completed + * successfully \retval PSA_ERROR_DOES_NOT_EXIST The operation failed + * because the provided `uid` value was not found in the storage \retval + * PSA_ERROR_BUFFER_TOO_SMALL The operation failed because the data associated + * with provided uid is larger than `data_size` \retval + * PSA_ERROR_STORAGE_FAILURE The operation failed because the physical + * storage has failed (Fatal error) \retval PSA_ERROR_INVALID_ARGUMENT The + * operation failed because one of the provided pointers(`p_data`, + * `p_data_length`) is invalid. For example is `NULL` or references memory the + * caller cannot access. In addition, this can also happen if an invalid offset + * was provided. */ -psa_status_t psa_its_get(psa_storage_uid_t uid, - uint32_t data_offset, - uint32_t data_length, - void *p_data, - size_t *p_data_length) -{ +psa_status_t psa_its_get(psa_storage_uid_t uid, uint32_t data_offset, + uint32_t data_length, void *p_data, + size_t *p_data_length) { if ((data_length != 0U) && (p_data_length == NULL)) { return PSA_ERROR_INVALID_ARGUMENT; } if (data_length != 0U) { - // If the request amount of data is 0, allow invalid pointer of the output buffer. - if ((p_data == NULL) - || ((uint32_t)p_data < SRAM_BASE) - || ((uint32_t)p_data > (SRAM_BASE + SRAM_SIZE - data_length))) { + // If the request amount of data is 0, allow invalid pointer of the output + // buffer. + if ((p_data == NULL) || ((uint32_t)p_data < SRAM_BASE) || + ((uint32_t)p_data > (SRAM_BASE + SRAM_SIZE - data_length))) { return PSA_ERROR_INVALID_ARGUMENT; } } @@ -2965,28 +2919,31 @@ psa_status_t psa_its_get(psa_storage_uid_t uid, #endif psa_status_t psa_status = PSA_ERROR_CORRUPTION_DETECTED; Ecode_t status; - sli_its_file_meta_v2_t its_file_meta = { 0 }; + sli_its_file_meta_v2_t its_file_meta = {0}; size_t its_file_size = 0u; size_t its_file_data_size = 0u; size_t its_file_offset = 0u; nvm3_ObjectKey_t nvm3_object_id; sli_its_acquire_mutex(); - psa_status = find_nvm3_id(uid, false, &its_file_meta, &its_file_offset, &its_file_size, &nvm3_object_id); + psa_status = find_nvm3_id(uid, false, &its_file_meta, &its_file_offset, + &its_file_size, &nvm3_object_id); if (psa_status != PSA_SUCCESS) { goto exit; } #if defined(TFM_CONFIG_SL_SECURE_LIBRARY) - if (its_file_meta.flags == PSA_STORAGE_FLAG_WRITE_ONCE_SECURE_ACCESSIBLE - && !object_lives_in_s(p_data, data_length)) { - // The flag indicates that this data should not be read back to the non-secure domain + if (its_file_meta.flags == PSA_STORAGE_FLAG_WRITE_ONCE_SECURE_ACCESSIBLE && + !object_lives_in_s(p_data, data_length)) { + // The flag indicates that this data should not be read back to the + // non-secure domain psa_status = PSA_ERROR_INVALID_ARGUMENT; goto exit; } #endif #if defined(SLI_PSA_ITS_ENCRYPTED) - // Subtract IV and MAC from ITS file as the below checks concern the actual data size + // Subtract IV and MAC from ITS file as the below checks concern the actual + // data size its_file_data_size = its_file_size - SLI_ITS_ENCRYPTED_BLOB_SIZE_OVERHEAD; #else its_file_data_size = its_file_size; @@ -3003,7 +2960,8 @@ psa_status_t psa_its_get(psa_storage_uid_t uid, goto exit; } } else { - // Allow the offset at the data size boundary if the requested amount of data is zero. + // Allow the offset at the data size boundary if the requested amount of + // data is zero. if (data_offset > its_file_data_size) { psa_status = PSA_ERROR_INVALID_ARGUMENT; goto exit; @@ -3018,41 +2976,37 @@ psa_status_t psa_its_get(psa_storage_uid_t uid, #if defined(SLI_PSA_ITS_ENCRYPTED) // its_file_size includes size of sli_its_encrypted_blob_t struct - blob = (sli_its_encrypted_blob_t*)mbedtls_calloc(1, its_file_size); + blob = (sli_its_encrypted_blob_t *)mbedtls_calloc(1, its_file_size); if (blob == NULL) { psa_status = PSA_ERROR_INSUFFICIENT_MEMORY; goto exit; } memset(blob, 0, its_file_size); - status = nvm3_readPartialData(nvm3_defaultHandle, - nvm3_object_id, - blob, - its_file_offset, - its_file_size); + status = nvm3_readPartialData(nvm3_defaultHandle, nvm3_object_id, blob, + its_file_offset, its_file_size); if (status != ECODE_NVM3_OK) { psa_status = PSA_ERROR_STORAGE_FAILURE; goto exit; } // Decrypt and authenticate blob - psa_status = sli_decrypt_its_file(&its_file_meta, - blob, - its_file_size, - blob->data, - its_file_size - SLI_ITS_ENCRYPTED_BLOB_SIZE_OVERHEAD, - &plaintext_length); + psa_status = sli_decrypt_its_file( + &its_file_meta, blob, its_file_size, blob->data, + its_file_size - SLI_ITS_ENCRYPTED_BLOB_SIZE_OVERHEAD, &plaintext_length); if (psa_status != PSA_SUCCESS) { goto exit; } - if (plaintext_length != (its_file_size - SLI_ITS_ENCRYPTED_BLOB_SIZE_OVERHEAD)) { + if (plaintext_length != + (its_file_size - SLI_ITS_ENCRYPTED_BLOB_SIZE_OVERHEAD)) { psa_status = PSA_ERROR_INVALID_SIGNATURE; goto exit; } - // Verify that the requested UID is equal to the retrieved and authenticated UID + // Verify that the requested UID is equal to the retrieved and authenticated + // UID if (uid != its_file_meta.uid) { psa_status = PSA_ERROR_INVALID_ARGUMENT; goto exit; @@ -3063,15 +3017,17 @@ psa_status_t psa_its_get(psa_storage_uid_t uid, } psa_status = PSA_SUCCESS; - exit: +exit: if (blob != NULL) { memset(blob, 0, its_file_size); mbedtls_free(blob); } sli_its_release_mutex(); #else - // If no encryption is used, just read out the data and write it directly to the output buffer - status = nvm3_readPartialData(nvm3_defaultHandle, nvm3_object_id, p_data, its_file_offset + data_offset, *p_data_length); + // If no encryption is used, just read out the data and write it directly to + // the output buffer + status = nvm3_readPartialData(nvm3_defaultHandle, nvm3_object_id, p_data, + its_file_offset + data_offset, *p_data_length); if (status != ECODE_NVM3_OK) { psa_status = PSA_ERROR_STORAGE_FAILURE; @@ -3079,7 +3035,7 @@ psa_status_t psa_its_get(psa_storage_uid_t uid, psa_status = PSA_SUCCESS; } - exit: +exit: sli_its_release_mutex(); #endif @@ -3090,32 +3046,36 @@ psa_status_t psa_its_get(psa_storage_uid_t uid, * \brief Retrieve the metadata about the provided uid * * \param[in] uid The uid value - * \param[out] p_info A pointer to the `psa_storage_info_t` struct that will be populated with the metadata + * \param[out] p_info A pointer to the `psa_storage_info_t` struct that + * will be populated with the metadata * * \return A status indicating the success/failure of the operation * - * \retval PSA_SUCCESS The operation completed successfully - * \retval PSA_ERROR_DOES_NOT_EXIST The operation failed because the provided uid value was not found in the storage - * \retval PSA_ERROR_STORAGE_FAILURE The operation failed because the physical storage has failed (Fatal error) - * \retval PSA_ERROR_INVALID_ARGUMENT The operation failed because one of the provided pointers(`p_info`) - * is invalid, for example is `NULL` or references memory the caller cannot access - * \retval PSA_ERROR_INVALID_SIGANTURE The operation failed because authentication of the stored metadata failed. + * \retval PSA_SUCCESS The operation completed + * successfully \retval PSA_ERROR_DOES_NOT_EXIST The operation failed + * because the provided uid value was not found in the storage \retval + * PSA_ERROR_STORAGE_FAILURE The operation failed because the physical + * storage has failed (Fatal error) \retval PSA_ERROR_INVALID_ARGUMENT The + * operation failed because one of the provided pointers(`p_info`) is invalid, + * for example is `NULL` or references memory the caller cannot access \retval + * PSA_ERROR_INVALID_SIGANTURE The operation failed because authentication of + * the stored metadata failed. */ psa_status_t psa_its_get_info(psa_storage_uid_t uid, - struct psa_storage_info_t *p_info) -{ + struct psa_storage_info_t *p_info) { if (p_info == NULL) { return PSA_ERROR_INVALID_ARGUMENT; } psa_status_t psa_status = PSA_ERROR_CORRUPTION_DETECTED; - sli_its_file_meta_v2_t its_file_meta = { 0 }; + sli_its_file_meta_v2_t its_file_meta = {0}; size_t its_file_size = 0; size_t its_file_offset = 0; nvm3_ObjectKey_t nvm3_object_id; sli_its_acquire_mutex(); - psa_status = find_nvm3_id(uid, false, &its_file_meta, &its_file_offset, &its_file_size, &nvm3_object_id); + psa_status = find_nvm3_id(uid, false, &its_file_meta, &its_file_offset, + &its_file_size, &nvm3_object_id); if (psa_status != PSA_SUCCESS) { sli_its_release_mutex(); return psa_status; @@ -3139,22 +3099,25 @@ psa_status_t psa_its_get_info(psa_storage_uid_t uid, * * \return A status indicating the success/failure of the operation * - * \retval PSA_SUCCESS The operation completed successfully - * \retval PSA_ERROR_DOES_NOT_EXIST The operation failed because the provided key value was not found in the storage - * \retval PSA_ERROR_NOT_PERMITTED The operation failed because the provided key value was created with PSA_STORAGE_FLAG_WRITE_ONCE - * \retval PSA_ERROR_STORAGE_FAILURE The operation failed because the physical storage has failed (Fatal error) + * \retval PSA_SUCCESS The operation completed + * successfully \retval PSA_ERROR_DOES_NOT_EXIST The operation failed + * because the provided key value was not found in the storage \retval + * PSA_ERROR_NOT_PERMITTED The operation failed because the provided key + * value was created with PSA_STORAGE_FLAG_WRITE_ONCE \retval + * PSA_ERROR_STORAGE_FAILURE The operation failed because the physical + * storage has failed (Fatal error) */ -psa_status_t psa_its_remove(psa_storage_uid_t uid) -{ +psa_status_t psa_its_remove(psa_storage_uid_t uid) { psa_status_t psa_status = PSA_ERROR_CORRUPTION_DETECTED; Ecode_t status; - sli_its_file_meta_v2_t its_file_meta = { 0 }; + sli_its_file_meta_v2_t its_file_meta = {0}; size_t its_file_size = 0; size_t its_file_offset = 0; nvm3_ObjectKey_t nvm3_object_id; sli_its_acquire_mutex(); - psa_status = find_nvm3_id(uid, false, &its_file_meta, &its_file_offset, &its_file_size, &nvm3_object_id); + psa_status = find_nvm3_id(uid, false, &its_file_meta, &its_file_offset, + &its_file_size, &nvm3_object_id); if (psa_status != PSA_SUCCESS) { goto exit; } @@ -3162,7 +3125,7 @@ psa_status_t psa_its_remove(psa_storage_uid_t uid) #if defined(TFM_CONFIG_SL_SECURE_LIBRARY) || (its_file_meta.flags == PSA_STORAGE_FLAG_WRITE_ONCE_SECURE_ACCESSIBLE) #endif - ) { + ) { psa_status = PSA_ERROR_NOT_PERMITTED; goto exit; } @@ -3177,7 +3140,7 @@ psa_status_t psa_its_remove(psa_storage_uid_t uid) psa_status = PSA_ERROR_STORAGE_FAILURE; } - exit: +exit: sli_its_release_mutex(); return psa_status; } @@ -3185,15 +3148,15 @@ psa_status_t psa_its_remove(psa_storage_uid_t uid) // ------------------------------------- // Silicon Labs extensions -static psa_storage_uid_t psa_its_identifier_of_slot(mbedtls_svc_key_id_t key) -{ +static psa_storage_uid_t psa_its_identifier_of_slot(mbedtls_svc_key_id_t key) { #if defined(MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER) /* Encode the owner in the upper 32 bits. This means that if * owner values are nonzero (as they are on a PSA platform), * no key file will ever have a value less than 0x100000000, so * the whole range 0..0xffffffff is available for non-key files. */ uint32_t unsigned_owner_id = MBEDTLS_SVC_KEY_ID_GET_OWNER_ID(key); - return ((uint64_t) unsigned_owner_id << 32) | MBEDTLS_SVC_KEY_ID_GET_KEY_ID(key); + return ((uint64_t)unsigned_owner_id << 32) | + MBEDTLS_SVC_KEY_ID_GET_KEY_ID(key); #else /* Use the key id directly as a file name. * psa_is_key_id_valid() in psa_crypto_slot_management.c @@ -3204,8 +3167,7 @@ static psa_storage_uid_t psa_its_identifier_of_slot(mbedtls_svc_key_id_t key) } psa_status_t sli_psa_its_change_key_id(mbedtls_svc_key_id_t old_id, - mbedtls_svc_key_id_t new_id) -{ + mbedtls_svc_key_id_t new_id) { psa_storage_uid_t old_uid = psa_its_identifier_of_slot(old_id); psa_storage_uid_t new_uid = psa_its_identifier_of_slot(new_id); size_t its_file_size = 0; @@ -3226,15 +3188,14 @@ psa_status_t sli_psa_its_change_key_id(mbedtls_svc_key_id_t old_id, return PSA_ERROR_INSUFFICIENT_MEMORY; } // Read contents of pre-existing key into the temporary buffer - status = psa_its_get(old_uid, 0, p_info.size, its_file_buffer, - &its_file_size); + status = + psa_its_get(old_uid, 0, p_info.size, its_file_buffer, &its_file_size); if (status != PSA_SUCCESS) { goto exit; } - status = psa_its_set(new_uid, its_file_size, its_file_buffer, - p_info.flags); + status = psa_its_set(new_uid, its_file_size, its_file_buffer, p_info.flags); if (status != PSA_SUCCESS) { goto exit; @@ -3246,7 +3207,7 @@ psa_status_t sli_psa_its_change_key_id(mbedtls_svc_key_id_t old_id, goto exit; } - exit: +exit: // Clear and free key buffer before return. memset(its_file_buffer, 0, its_file_size); mbedtls_free(its_file_buffer); @@ -3256,8 +3217,7 @@ psa_status_t sli_psa_its_change_key_id(mbedtls_svc_key_id_t old_id, /** * \brief Check if the ITS encryption is enabled */ -psa_status_t sli_psa_its_encrypted(void) -{ +psa_status_t sli_psa_its_encrypted(void) { #if defined(SLI_PSA_ITS_ENCRYPTED) return PSA_SUCCESS; #else @@ -3267,27 +3227,29 @@ psa_status_t sli_psa_its_encrypted(void) #if defined(SLI_PSA_ITS_ENCRYPTED) && !defined(SEMAILBOX_PRESENT) /** - * \brief Set the root key to be used when deriving session keys for ITS encryption. + * \brief Set the root key to be used when deriving session keys for ITS + * encryption. * * \param[in] root_key Buffer containing the root key. - * \param[in] root_key_size Size of the root key in bytes. Must be 32 (256 bits). + * \param[in] root_key_size Size of the root key in bytes. Must be 32 (256 + * bits). * * \return A status indicating the success/failure of the operation * * \retval PSA_SUCCESS The key was successfully set. - * \retval PSA_ERROR_INVALID_ARGUMENT The root key was NULL or had an invalid size. - * \retval PSA_ERROR_ALREADY_EXISTS The root key has already been initialized. + * \retval PSA_ERROR_INVALID_ARGUMENT The root key was NULL or had an + * invalid size. \retval PSA_ERROR_ALREADY_EXISTS The root key has + * already been initialized. */ -psa_status_t sli_psa_its_set_root_key(uint8_t *root_key, size_t root_key_size) -{ +psa_status_t sli_psa_its_set_root_key(uint8_t *root_key, size_t root_key_size) { // Check that arguments are valid if (root_key == NULL || root_key_size != sizeof(g_root_key.data)) { return PSA_ERROR_INVALID_ARGUMENT; } // Check that the root key has not already been set - // (This is possibly too restrictive. For TrustZone usage this can be enforced by - // not exposing the function to NS instead.) + // (This is possibly too restrictive. For TrustZone usage this can be enforced + // by not exposing the function to NS instead.) if (g_root_key.initialized) { return PSA_ERROR_ALREADY_EXISTS; }