nrf_security: Add protected RAM invalidation logic

Reserve two KMU slots two store random data which are used
to invalidate the protected RAM content after an operation
is finished.

Add a Kconfig so that that it is possible for size constrained
images to provision the KMU slots before usage.

Ref: NCSDK-33885

Signed-off-by: Georgios Vasilakis <[email protected]>

Author: Vge0rge

doc/nrf/app_dev/device_guides/nrf54l/cryptography.rst

@@ -108,7 +108,10 @@ The following table gives an overview of the KMU slots and their usage:
      - BL_PUBKEY_2
      - | Revokable firmware image key for immutable bootloader, generation 2.
        | ED25519 public key.
-   * - 248-255
+   * - 248-249
+     - Reserved
+     - Random bytes which invalidate the protected RAM content after an operation.
+   * - 250-255
      - Reserved
      - --
 

subsys/nrf_security/src/drivers/cracen/Kconfig

@@ -40,6 +40,17 @@ config CRACEN_LIB_KMU
 	help
 	  The CRACEN KMU library.
 
+config CRACEN_PROVISION_PROT_RAM_INV_DATA
+	bool "Provision protected RAM invalidation data"
+	depends on CRACEN_LIB_KMU
+	default y
+	help
+	  Provision the protected RAM invalidation data in the KMU. This will generate random
+	  data and provision the reserved KMU slots with the data that will be used to invalidate
+	  the protected RAM after a key is used.
+	  When disabled the application is expected to provision the reserved KMU slots 248 and 249
+	  manually, otherwise the protected RAM keys will not be usable.
+
 config CRACEN_IKG
 	bool "Enable CRACEN IKG"
 	default y

subsys/nrf_security/src/drivers/cracen/cracenpsa/src/cracen.c

@@ -144,6 +144,10 @@ int cracen_init(void)
 		goto exit;
 	}
 
+#if defined(CONFIG_CRACEN_PROVISION_PROT_RAM_INV_DATA)
+	status = cracen_provision_prot_ram_inv_data();
+#endif /* CONFIG_CRACEN_PROVISION_PROT_RAM_INV_DATA */
+
 exit:
 	cracen_release();
 

subsys/nrf_security/src/drivers/cracen/cracenpsa/src/ctr_drbg.c

@@ -20,6 +20,7 @@
 #include <sxsymcrypt/keyref.h>
 #include <zephyr/kernel.h>
 #include <nrf_security_mutexes.h>
+#include <string.h>
 
 #ifdef CONFIG_CRACEN_HW_VERSION_LITE
 #define MAX_BITS_PER_REQUEST (1 << 16) /* Cracen Lite only supports 2^16 ctr size */

subsys/nrf_security/src/drivers/cracen/cracenpsa/src/kmu.c

@@ -12,6 +12,7 @@
 #include <nrf_security_mutexes.h>
 #include <psa/crypto.h>
 #include <stdint.h>
+#include <string.h>
 #include <sxsymcrypt/internal.h>
 #include <hw_unique_key.h>
 #include <cracen_psa.h>
@@ -210,6 +211,56 @@ static psa_status_t cracen_kmu_decrypt(kmu_metadata *metadata, size_t number_of_
 
 #endif /* PSA_NEED_CRACEN_KMU_ENCRYPTED_KEYS */
 
+#ifdef CONFIG_CRACEN_PROVISION_PROT_RAM_INV_DATA
+psa_status_t cracen_provision_prot_ram_inv_data(void)
+{
+	uint8_t rng_buffer[2 * CRACEN_KMU_SLOT_KEY_SIZE];
+	bool needs_provisioning;
+	psa_key_attributes_t key_attributes = PSA_KEY_ATTRIBUTES_INIT;
+	psa_status_t status;
+	int kmu_slot;
+
+	needs_provisioning = lib_kmu_is_slot_empty(PROTECTED_RAM_INVALIDATION_DATA_SLOT1) ||
+			     lib_kmu_is_slot_empty(PROTECTED_RAM_INVALIDATION_DATA_SLOT2);
+
+	if (!needs_provisioning) {
+		return PSA_SUCCESS;
+	}
+
+	status = cracen_get_random(NULL, rng_buffer, sizeof(rng_buffer));
+	if (status != PSA_SUCCESS) {
+		return status;
+	}
+
+	/* Just use attributes which are suitable for a normal protected RAM
+	 * key so that the existed KMU provision API can be used.
+	 */
+	psa_set_key_usage_flags(&key_attributes, PSA_KEY_USAGE_ENCRYPT);
+	psa_set_key_algorithm(&key_attributes, PSA_ALG_CTR);
+	psa_set_key_type(&key_attributes, PSA_KEY_TYPE_AES);
+	psa_set_key_bits(&key_attributes, 256);
+	psa_set_key_lifetime(&key_attributes,
+			     PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION(
+				     PSA_KEY_PERSISTENCE_DEFAULT, PSA_KEY_LOCATION_CRACEN_KMU));
+
+	/* The rng material here is 256 bits so it will occupy 2 KMU slots during
+	 * the provisioning call.
+	 */
+	psa_set_key_id(&key_attributes,
+		       mbedtls_svc_key_id_make(0, PSA_KEY_HANDLE_FROM_CRACEN_KMU_SLOT(
+							  CRACEN_KMU_KEY_USAGE_SCHEME_PROTECTED,
+							  PROTECTED_RAM_INVALIDATION_DATA_SLOT1)));
+
+	kmu_slot = CRACEN_PSA_GET_KMU_SLOT(
+		MBEDTLS_SVC_KEY_ID_GET_KEY_ID(psa_get_key_id(&key_attributes)));
+
+	status = cracen_kmu_provision(&key_attributes, kmu_slot, rng_buffer, sizeof(rng_buffer));
+	safe_memzero(rng_buffer, sizeof(rng_buffer));
+	return status;
+}
+#endif /* CONFIG_CRACEN_PROVISION_PROT_RAM_INV_DATA */
+
+
 /* Used internally in sxsymcrypt so we use sx return codes here. */
 int cracen_kmu_prepare_key(const uint8_t *user_data)
 {
@@ -255,7 +306,30 @@ int cracen_kmu_prepare_key(const uint8_t *user_data)
 
 int cracen_kmu_clean_key(const uint8_t *user_data)
 {
-	(void)user_data;
+	const kmu_opaque_key_buffer *key = (const kmu_opaque_key_buffer *)user_data;
+	bool any_slot_empty;
+
+	switch (key->key_usage_scheme) {
+	case CRACEN_KMU_KEY_USAGE_SCHEME_PROTECTED:
+		any_slot_empty = lib_kmu_is_slot_empty(PROTECTED_RAM_INVALIDATION_DATA_SLOT1) ||
+				 lib_kmu_is_slot_empty(PROTECTED_RAM_INVALIDATION_DATA_SLOT2);
+		if (any_slot_empty) {
+			return SX_ERR_UNKNOWN_ERROR;
+		}
+
+		if (lib_kmu_push_slot(PROTECTED_RAM_INVALIDATION_DATA_SLOT1) != LIB_KMU_SUCCESS) {
+			return SX_ERR_UNKNOWN_ERROR;
+		}
+
+		if (lib_kmu_push_slot(PROTECTED_RAM_INVALIDATION_DATA_SLOT2) != LIB_KMU_SUCCESS) {
+			return SX_ERR_UNKNOWN_ERROR;
+		}
+
+		break;
+	default:
+		break;
+	}
+
 	safe_memzero(kmu_push_area, sizeof(kmu_push_area));
 
 	return SX_OK;
@@ -632,6 +706,7 @@ static psa_status_t convert_to_psa_attributes(kmu_metadata *metadata,
 static psa_status_t convert_from_psa_attributes(const psa_key_attributes_t *key_attr,
 						kmu_metadata *metadata)
 {
+	int kmu_slot;
 	memset(metadata, 0, sizeof(*metadata));
 	metadata->metadata_version = 0;
 
@@ -790,7 +865,14 @@ static psa_status_t convert_from_psa_attributes(const psa_key_attributes_t *key_
 		break;
 #endif
 	default:
-		return PSA_ERROR_NOT_SUPPORTED;
+		/* Ignore the algorithm for the protected ram invalidation kmu slot because
+		 * it will never be used for crypto operations.
+		 */
+		kmu_slot = CRACEN_PSA_GET_KMU_SLOT(
+			MBEDTLS_SVC_KEY_ID_GET_KEY_ID(psa_get_key_id(key_attr)));
+		if (kmu_slot != PROTECTED_RAM_INVALIDATION_DATA_SLOT1) {
+			return PSA_ERROR_NOT_SUPPORTED;
+		}
 	}
 
 	psa_key_usage_t resulting_usage = 0;
@@ -1070,6 +1152,12 @@ psa_status_t cracen_kmu_get_builtin_key(psa_drv_slot_number_t slot_number,
 		return status;
 	}
 
+	if (slot_number == PROTECTED_RAM_INVALIDATION_DATA_SLOT1 ||
+	    slot_number == PROTECTED_RAM_INVALIDATION_DATA_SLOT2) {
+		/* The protected ram invalidation slots are not used for crypto operations. */
+		return PSA_ERROR_INVALID_ARGUMENT;
+	}
+
 	status = clean_up_unfinished_provisioning();
 	if (status != PSA_SUCCESS) {
 		return status;

subsys/nrf_security/src/drivers/cracen/cracenpsa/src/kmu.h

@@ -27,6 +27,14 @@ typedef struct {
 	uint8_t slot_id;	     /* KMU slot number. */
 } kmu_opaque_key_buffer;
 
+/* Two KMU slots are reserved for storing the invalidation data for the protected RAM.
+ * These are meant to have random data that can pushed to the protected RAM after
+ * an actual key is being used so that the key material does not reside in the protected
+ * RAM for more than the required time.
+ */
+#define PROTECTED_RAM_INVALIDATION_DATA_SLOT1 248
+#define PROTECTED_RAM_INVALIDATION_DATA_SLOT2 249
+
 extern uint8_t kmu_push_area[64];
 
 /**
@@ -65,3 +73,13 @@ psa_status_t cracen_kmu_provision(const psa_key_attributes_t *key_attr, int slot
  * @brief Destroy a key stored in the KMU.
  */
 psa_status_t cracen_kmu_destroy_key(const psa_key_attributes_t *attributes);
+
+/**
+ * @brief Provision the protected RAM invalidation data.
+ *
+ * This function provisions two KMU slots with random data that can be used to invalidate
+ * the protected RAM after a key is used.
+ *
+ * @return PSA status code.
+ */
+psa_status_t cracen_provision_prot_ram_inv_data(void);