pkg/driver_cryptocell_310: require all data to be in RAM

as documented on https://docs.nordicsemi.com/bundle/ps_nrf52840/page/cryptocell.html\#ariaid-title14
RIOT-OS · Jan 17, 2025 · ff6d2f7 · ff6d2f7
1 parent c57eff5
commit ff6d2f7
Show file tree

Hide file tree

Showing 7 changed files with 70 additions and 10 deletions.
diff --git a/pkg/driver_cryptocell_310/include/cryptocell_310_util.h b/pkg/driver_cryptocell_310/include/cryptocell_310_util.h
@@ -23,10 +23,6 @@
 extern "C" {
 #endif
 
-#ifdef CPU_NRF52
-#define CHECK_POINTER_DMA_ACCESS(p) ((unsigned int)p >= 0x20000000 ? (unsigned int)p < 0x40000000 : 0)
-#endif
-
 /**
  * @brief   Enable CryptoCell module and IRQs.
  *
@@ -43,6 +39,17 @@ void cryptocell_310_enable(void);
  */
 void cryptocell_310_disable(void);
 
+/**
+ * @brief   Check whether the given data resides in RAM
+ *
+ *          Should be called on every const input that will be passed
+ *          on to the CryptoCell peripheral.
+ */
+static inline bool cryptocell_310_data_within_ram(const uint8_t* data)
+{
+    return ((int)data >= CPU_RAM_BASE && (int)data < CPU_RAM_BASE + CPU_RAM_SIZE);
+}
+
 /**
  * @brief   Enables CryptoCell module, IRQs and crypto libraries on nrf52840.
  *

diff --git a/pkg/driver_cryptocell_310/psa_cryptocell_310/aes_common.c b/pkg/driver_cryptocell_310/psa_cryptocell_310/aes_common.c
@@ -40,6 +40,12 @@ psa_status_t cryptocell_310_common_aes_setup(SaSiAesUserContext_t *ctx,
 {
     SaSiAesUserKeyData_t key;
 
+    if (!cryptocell_310_data_within_ram(iv) ||
+        !cryptocell_310_data_within_ram(key_buffer)) {
+        DEBUG("%s : cryptocell_310 data required to be in RAM.\n", __FILE__);
+        return PSA_ERROR_DATA_INVALID;
+    }
+
     SaSiStatus ret = SaSi_AesInit(ctx, direction, mode, padding);
     if (ret != SASI_OK) {
         DEBUG("SaSi_AesInit failed with %s\n", cryptocell310_status_to_humanly_readable(ret));
@@ -77,6 +83,11 @@ psa_status_t cryptocell_310_common_aes_encrypt_decrypt(SaSiAesUserContext_t *ctx
     size_t length = input_length;
     *output_length = output_size;
 
+    if (!cryptocell_310_data_within_ram(input)) {
+        DEBUG("%s : cryptocell_310 data required to be in RAM.\n", __FILE__);
+        return PSA_ERROR_DATA_INVALID;
+    }
+
     do {
         if (length > CC310_MAX_AES_INPUT_BLOCK) {
             size = CC310_MAX_AES_INPUT_BLOCK;

diff --git a/pkg/driver_cryptocell_310/psa_cryptocell_310/cipher_chacha20.c b/pkg/driver_cryptocell_310/psa_cryptocell_310/cipher_chacha20.c
@@ -42,9 +42,8 @@ psa_status_t psa_cipher_chacha20_encrypt(uint8_t *key_buffer,
     DEBUG("Peripheral ChaCha20 Cipher encryption");
     psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
 
-    if (!CHECK_POINTER_DMA_ACCESS(key_buffer) ||
-        !CHECK_POINTER_DMA_ACCESS(input) ||
-        !CHECK_POINTER_DMA_ACCESS(output)) {
+    if (!cryptocell_310_data_within_ram(input)) {
+        DEBUG("%s : cryptocell_310 data required to be in RAM.\n", __FILE__);
         return PSA_ERROR_DATA_INVALID;
     }
 
@@ -91,9 +90,8 @@ psa_status_t psa_cipher_chacha20_decrypt(uint8_t *key_buffer,
     DEBUG("Peripheral ChaCha20 Cipher decryption");
     psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
 
-    if (!CHECK_POINTER_DMA_ACCESS(key_buffer) ||
-        !CHECK_POINTER_DMA_ACCESS(input) ||
-        !CHECK_POINTER_DMA_ACCESS(output)) {
+    if (!cryptocell_310_data_within_ram(input)) {
+        DEBUG("%s : cryptocell_310 data required to be in RAM.\n", __FILE__);
         return PSA_ERROR_DATA_INVALID;
     }
 

diff --git a/pkg/driver_cryptocell_310/psa_cryptocell_310/ecc_common.c b/pkg/driver_cryptocell_310/psa_cryptocell_310/ecc_common.c
@@ -85,6 +85,12 @@ psa_status_t cryptocell_310_common_ecc_sign(const uint8_t *priv_key,
     CRYS_ECPKI_UserPrivKey_t user_priv_key;
     CRYSError_t ret = 0;
 
+    if (!cryptocell_310_data_within_ram(priv_key) ||
+        !cryptocell_310_data_within_ram(input)) {
+        DEBUG("%s : cryptocell_310 data required to be in RAM.\n", __FILE__);
+        return PSA_ERROR_DATA_INVALID;
+    }
+
     rndGenerateVectFunc = CRYS_RND_GenerateVector;
     pDomain = (CRYS_ECPKI_Domain_t *)CRYS_ECPKI_GetEcDomain(domain);
 
@@ -122,6 +128,13 @@ psa_status_t cryptocell_310_common_ecc_verify(const uint8_t *pub_key,
     CRYS_ECPKI_UserPublKey_t user_pub_key;
     CRYSError_t ret = 0;
 
+    if (!cryptocell_310_data_within_ram(pub_key) ||
+        !cryptocell_310_data_within_ram(input) ||
+        !cryptocell_310_data_within_ram(signature)) {
+        DEBUG("%s : cryptocell_310 data required to be in RAM.\n", __FILE__);
+        return PSA_ERROR_DATA_INVALID;
+    }
+
     pDomain = (CRYS_ECPKI_Domain_t *)CRYS_ECPKI_GetEcDomain(domain);
 
     /**

diff --git a/pkg/driver_cryptocell_310/psa_cryptocell_310/ecc_ed25519.c b/pkg/driver_cryptocell_310/psa_cryptocell_310/ecc_ed25519.c
@@ -67,6 +67,11 @@ psa_status_t psa_derive_ecc_ed25519_public_key( const uint8_t *priv_key_buffer,
     CRYS_ECEDW_TempBuff_t tmp;
     CRYSError_t ret;
 
+    if (!cryptocell_310_data_within_ram(priv_key_buffer)) {
+        DEBUG("%s : cryptocell_310 data required to be in RAM.\n", __FILE__);
+        return PSA_ERROR_DATA_INVALID;
+    }
+
     /* contains seed (private key), concatenated with public key */
     uint8_t secret_key[CRYS_ECEDW_ORD_SIZE_IN_BYTES + CRYS_ECEDW_MOD_SIZE_IN_BYTES] = { 0x0 };
     size_t secret_key_size = sizeof(secret_key);
@@ -100,6 +105,13 @@ psa_status_t psa_ecc_ed25519_sign_message(const uint8_t *priv_key_buffer,
     CRYS_ECEDW_TempBuff_t tmp;
     CRYSError_t ret;
 
+    if (!cryptocell_310_data_within_ram(priv_key_buffer) ||
+        !cryptocell_310_data_within_ram(pub_key_buffer) ||
+        !cryptocell_310_data_within_ram(input)) {
+        DEBUG("%s : cryptocell_310 data required to be in RAM.\n", __FILE__);
+        return PSA_ERROR_DATA_INVALID;
+    }
+
     if (input_length > (CRYS_HASH_UPDATE_DATA_MAX_SIZE_IN_BYTES - CRYS_ECEDW_SIGNATURE_BYTES)) {
         return PSA_ERROR_NOT_SUPPORTED;
     }
@@ -140,6 +152,13 @@ psa_status_t psa_ecc_ed25519_verify_message(const uint8_t *key_buffer,
     CRYS_ECEDW_TempBuff_t tmp;
     CRYSError_t ret;
 
+    if (!cryptocell_310_data_within_ram(key_buffer) ||
+        !cryptocell_310_data_within_ram(input) ||
+        !cryptocell_310_data_within_ram(signature)) {
+        DEBUG("%s : cryptocell_310 data required to be in RAM.\n", __FILE__);
+        return PSA_ERROR_DATA_INVALID;
+    }
+
     if (input_length > (CRYS_HASH_UPDATE_DATA_MAX_SIZE_IN_BYTES - CRYS_ECEDW_SIGNATURE_BYTES)) {
         return PSA_ERROR_NOT_SUPPORTED;
     }

diff --git a/pkg/driver_cryptocell_310/psa_cryptocell_310/hashes_common.c b/pkg/driver_cryptocell_310/psa_cryptocell_310/hashes_common.c
@@ -48,6 +48,11 @@ psa_status_t cryptocell_310_common_hash_update(CRYS_HASHUserContext_t *ctx,
     size_t offset = 0;
     size_t size;
 
+    if (!cryptocell_310_data_within_ram(input)) {
+        DEBUG("%s : cryptocell_310 data required to be in RAM.\n", __FILE__);
+        return PSA_ERROR_DATA_INVALID;
+    }
+
     do {
         if (input_length > CC310_MAX_HASH_INPUT_BLOCK) {
             size = CC310_MAX_HASH_INPUT_BLOCK;

diff --git a/pkg/driver_cryptocell_310/psa_cryptocell_310/hmac.c b/pkg/driver_cryptocell_310/psa_cryptocell_310/hmac.c
@@ -21,6 +21,7 @@
 #include "psa/crypto.h"
 #include "psa_error.h"
 
+#include "cryptocell_310_util.h"
 #include "crys_hmac.h"
 #include "crys_hmac_error.h"
 
@@ -40,6 +41,12 @@ psa_status_t psa_mac_compute_hmac_sha256(const psa_key_attributes_t *attributes,
     size_t required_mac_length =
         PSA_MAC_LENGTH(attributes->type, attributes->bits, PSA_ALG_SHA_256);
 
+    if (!cryptocell_310_data_within_ram(key_buffer) ||
+        !cryptocell_310_data_within_ram(input)) {
+        DEBUG("%s : cryptocell_310 data required to be in RAM.\n", __FILE__);
+        return PSA_ERROR_DATA_INVALID;
+    }
+
     if (mac_size < required_mac_length) {
         return PSA_ERROR_BUFFER_TOO_SMALL;
     }