Google Git
Sign in
coral / a71ch-crypto-support / 8dc1f1434da50a4b7361d651239c1f3f4f8cc25b / . / sss / src / keystore / keystore_cmn.c
blob: 63630467fed5473f44dc95f4af83a0cf772b6e7c [file] [log] [blame]
/*
*
* Copyright 2018-2020 NXP
* SPDX-License-Identifier: Apache-2.0
*/
/* Common Key store implementation between keystore_a7x and keystore_pc */
/* ************************************************************************** */
/* Includes */
/* ************************************************************************** */
#include <fsl_sss_ftr.h>
#include <fsl_sss_keyid_map.h>
#include <inttypes.h>
#include <nxLog_App.h>
#include <stdio.h>
#include <string.h>
/* ************************************************************************** */
/* Local Defines */
/* ************************************************************************** */
#define KEYSTORE_MAGIC (0xA71C401L)
#define KEYSTORE_VERSION (0x0004)
/* ************************************************************************** */
/* Structures and Typedefs */
/* ************************************************************************** */
/* ************************************************************************** */
/* Global Variables */
/* ************************************************************************** */
/* ************************************************************************** */
/* Static function declarations */
/* ************************************************************************** */
/* ************************************************************************** */
/* Public Functions */
/* ************************************************************************** */
void ks_common_init_fat(keyStoreTable_t *keystore_shadow, keyIdAndTypeIndexLookup_t *lookup_entires, size_t max_entries)
{
memset(keystore_shadow, 0, sizeof(*keystore_shadow));
keystore_shadow->magic = KEYSTORE_MAGIC;
keystore_shadow->version = KEYSTORE_VERSION;
keystore_shadow->maxEntries = (uint16_t)max_entries;
keystore_shadow->entries = lookup_entires;
memset(keystore_shadow->entries, 0, sizeof(*lookup_entires) * max_entries);
}
sss_status_t ks_common_update_fat(keyStoreTable_t *keystore_shadow,
uint32_t extId,
sss_key_part_t key_part,
sss_cipher_type_t cipherType,
uint8_t intIndex,
uint32_t accessPermission,
uint16_t keyLen)
{
sss_status_t retval = kStatus_SSS_Fail;
uint32_t i;
bool found_entry = FALSE;
uint8_t slots_req = 1;
uint8_t entries_written = 0;
uint16_t keyLen_roundoff = 0;
retval = isValidKeyStoreShadow(keystore_shadow);
if (retval != kStatus_SSS_Success)
goto cleanup;
for (i = 0; i < keystore_shadow->maxEntries; i++) {
keyIdAndTypeIndexLookup_t *keyEntry = &keystore_shadow->entries[i];
if (keyEntry->extKeyId == extId) {
LOG_W("ENTRY already exists 0x%04X", extId);
retval = kStatus_SSS_Fail;
found_entry = TRUE;
break;
}
}
if (key_part == kSSS_KeyPart_Default && (cipherType == kSSS_CipherType_AES || cipherType == kSSS_CipherType_HMAC)) {
keyLen_roundoff = ((keyLen / 16) * 16) + ((keyLen % 16) == 0 ? 0 : 16);
slots_req = (keyLen_roundoff / 16);
}
if (!found_entry) {
retval = kStatus_SSS_Fail;
for (i = 0; i < keystore_shadow->maxEntries; i++) {
keyIdAndTypeIndexLookup_t *keyEntry = &keystore_shadow->entries[i];
if (keyEntry->extKeyId == 0) {
keyEntry->extKeyId = extId;
keyEntry->keyIntIndex = intIndex;
keyEntry->keyPart = key_part | ((slots_req - 1) << 4);
keyEntry->cipherType = cipherType;
//keyEntry->accessPermission = accessPermission;
entries_written++;
if (entries_written == slots_req) {
retval = kStatus_SSS_Success;
break;
}
}
}
}
cleanup:
return retval;
}
sss_status_t ks_common_remove_fat(keyStoreTable_t *keystore_shadow, uint32_t extId)
{
sss_status_t retval = kStatus_SSS_Fail;
uint32_t i;
bool found_entry = FALSE;
retval = isValidKeyStoreShadow(keystore_shadow);
if (retval != kStatus_SSS_Success)
goto cleanup;
for (i = 0; i < keystore_shadow->maxEntries; i++) {
keyIdAndTypeIndexLookup_t *keyEntry = &keystore_shadow->entries[i];
if (keyEntry->extKeyId == extId) {
retval = kStatus_SSS_Success;
memset(keyEntry, 0, sizeof(keyIdAndTypeIndexLookup_t));
found_entry = TRUE;
}
}
if (!found_entry) {
retval = kStatus_SSS_Fail;
}
cleanup:
return retval;
}
/* ************************************************************************** */
/* Private Functions */
/* ************************************************************************** */
sss_status_t keystore_shadow_From2_To_3(keyStoreTable_t *keystore_shadow)
{
int i = 0;
for (i = 0; i < keystore_shadow->maxEntries; i++) {
keyIdAndTypeIndexLookup_t *keyEntry = &keystore_shadow->entries[i];
if (keyEntry != NULL) {
uint16_t org_keyIntIndex = (keyEntry->cipherType) | ((keyEntry->keyIntIndex) << 8);
switch (keyEntry->keyPart) {
case 0:
continue;
case 1:
keyEntry->keyPart = kSSS_KeyPart_Default;
keyEntry->cipherType = kSSS_CipherType_Certificate;
break;
case 2:
keyEntry->keyPart = kSSS_KeyPart_Default;
keyEntry->cipherType = kSSS_CipherType_AES;
break;
case 3:
keyEntry->keyPart = kSSS_KeyPart_Default;
keyEntry->cipherType = kSSS_CipherType_DES;
break;
case 4:
keyEntry->keyPart = kSSS_KeyPart_Default;
keyEntry->cipherType = kSSS_CipherType_CMAC;
break;
#if SSSFTR_RSA
case 5:
keyEntry->keyPart = kSSS_KeyPart_Public;
keyEntry->cipherType = kSSS_CipherType_RSA_CRT;
break;
#endif
case 6:
keyEntry->keyPart = kSSS_KeyPart_Public;
keyEntry->cipherType = kSSS_CipherType_EC_NIST_P;
break;
case 7:
keyEntry->keyPart = kSSS_KeyPart_Public;
keyEntry->cipherType = kSSS_CipherType_EC_MONTGOMERY;
break;
case 8:
keyEntry->keyPart = kSSS_KeyPart_Public;
keyEntry->cipherType = kSSS_CipherType_EC_TWISTED_ED;
break;
#if SSSFTR_RSA
case 9:
keyEntry->keyPart = kSSS_KeyPart_Private;
keyEntry->cipherType = kSSS_CipherType_RSA_CRT;
break;
#endif
case 10:
keyEntry->keyPart = kSSS_KeyPart_Private;
keyEntry->cipherType = kSSS_CipherType_EC_NIST_P;
break;
case 11:
keyEntry->keyPart = kSSS_KeyPart_Private;
keyEntry->cipherType = kSSS_CipherType_EC_MONTGOMERY;
break;
case 12:
keyEntry->keyPart = kSSS_KeyPart_Private;
keyEntry->cipherType = kSSS_CipherType_EC_TWISTED_ED;
break;
#if SSSFTR_RSA
case 13:
keyEntry->keyPart = kSSS_KeyPart_Pair;
keyEntry->cipherType = kSSS_CipherType_RSA_CRT;
break;
#endif
case 14:
keyEntry->keyPart = kSSS_KeyPart_Pair;
keyEntry->cipherType = kSSS_CipherType_EC_NIST_P;
break;
case 15:
keyEntry->keyPart = kSSS_KeyPart_Pair;
keyEntry->cipherType = kSSS_CipherType_EC_MONTGOMERY;
break;
case 16:
keyEntry->keyPart = kSSS_KeyPart_Pair;
keyEntry->cipherType = kSSS_CipherType_EC_TWISTED_ED;
break;
case 17:
keyEntry->keyPart = kSSS_KeyPart_Default;
keyEntry->cipherType = kSSS_CipherType_UserID;
break;
default:
LOG_E("Error in keystore_shadow_From2_To_3");
return kStatus_SSS_Fail;
}
keyEntry->keyIntIndex = (uint8_t)org_keyIntIndex;
}
}
return kStatus_SSS_Success;
}
sss_status_t keystore_shadow_From3_To_4(keyStoreTable_t *keystore_shadow)
{
int i = 0;
for (i = 0; i < keystore_shadow->maxEntries; i++) {
keyIdAndTypeIndexLookup_t *keyEntry = &keystore_shadow->entries[i];
if (keyEntry != NULL) {
switch (keyEntry->keyPart) {
case kSSS_KeyPart_NONE:
break;
case kSSS_KeyPart_Default:
if (keyEntry->cipherType == kSSS_CipherType_Certificate) {
keyEntry->cipherType = kSSS_CipherType_Binary;
}
break;
default:
LOG_E("Error in keystore_shadow_From3_To_4");
return kStatus_SSS_Fail;
}
}
}
return kStatus_SSS_Success;
}
sss_status_t isValidKeyStoreShadow(keyStoreTable_t *keystore_shadow)
{
sss_status_t retval = kStatus_SSS_Success;
if (keystore_shadow != NULL) {
if (keystore_shadow->magic != KEYSTORE_MAGIC) {
LOG_E("Mismatch.keystore_shadow->magic and KEYSTORE_MAGIC");
retval = kStatus_SSS_Fail;
goto cleanup;
}
if (keystore_shadow->version != KEYSTORE_VERSION) {
if (keystore_shadow->version == 0x0002) {
retval = keystore_shadow_From2_To_3(keystore_shadow);
retval = keystore_shadow_From3_To_4(keystore_shadow);
}
else if (keystore_shadow->version == 0x0003) {
retval = keystore_shadow_From3_To_4(keystore_shadow);
}
else {
LOG_E(" Version mismatch.");
retval = kStatus_SSS_Fail;
}
goto cleanup;
}
if (keystore_shadow->maxEntries == 0) {
LOG_E("Keystore not yet allocated");
retval = kStatus_SSS_Fail;
goto cleanup;
}
}
else {
retval = kStatus_SSS_Fail;
}
cleanup:
return retval;
}