eden-emu/mbedtls
15
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Merge remote-tracking branch 'psa/pr/230' into feature-psa

Browse source 
Implement a key handle mechanism
This commit is contained in:
Gilles Peskine 2018-12-12 16:15:34 +01:00
commit 1a76f3971c
25 changed files with 2203 additions and 1189 deletions
Download patch file Download diff file Expand all files Collapse all files

1
library/CMakeLists.txt
View file

@ -54,6 +54,7 @@ set(src_crypto
platform_util.c
poly1305.c
psa_crypto.c
psa_crypto_slot_management.c
psa_crypto_storage.c
psa_crypto_storage_file.c
psa_crypto_storage_its.c

1
library/Makefile
View file

@ -83,6 +83,7 @@ OBJS_CRYPTO= aes.o aesni.o arc4.o \
pkcs5.o pkparse.o pkwrite.o \
platform.o platform_util.o poly1305.o \
psa_crypto.o \
psa_crypto_slot_management.o \
psa_crypto_storage.o \
psa_crypto_storage_file.o \
psa_crypto_storage_its.o \

386
library/psa_crypto.c
View file

@ -43,7 +43,9 @@
#include "psa/crypto.h"
#include "psa_crypto_core.h"
#include "psa_crypto_invasive.h"
#include "psa_crypto_slot_management.h"
/* Include internal declarations that are useful for implementing persistently
* stored keys. */
#include "psa_crypto_storage.h"
@ -80,6 +82,7 @@
#include "mbedtls/md_internal.h"
#include "mbedtls/pk.h"
#include "mbedtls/pk_internal.h"
#include "mbedtls/platform_util.h"
#include "mbedtls/ripemd160.h"
#include "mbedtls/rsa.h"
#include "mbedtls/sha1.h"
@ -93,12 +96,6 @@
#define ARRAY_LENGTH( array ) ( sizeof( array ) / sizeof( *( array ) ) )
/* Implementation that should never be optimized out by the compiler */
static void mbedtls_zeroize( void *v, size_t n )
{
volatile unsigned char *p = v; while( n-- ) *p++ = 0;
}
/* constant-time buffer comparison */
static inline int safer_memcmp( const uint8_t *a, const uint8_t *b, size_t n )
{
@ -117,31 +114,6 @@ static inline int safer_memcmp( const uint8_t *a, const uint8_t *b, size_t n )
/* Global data, support functions and library management */
/****************************************************************/
/* Number of key slots (plus one because 0 is not used).
* The value is a compile-time constant for now, for simplicity. */
#define PSA_KEY_SLOT_COUNT 32
typedef struct
{
psa_key_type_t type;
psa_key_policy_t policy;
psa_key_lifetime_t lifetime;
union
{
struct raw_data
{
uint8_t *data;
size_t bytes;
} raw;
#if defined(MBEDTLS_RSA_C)
mbedtls_rsa_context *rsa;
#endif /* MBEDTLS_RSA_C */
#if defined(MBEDTLS_ECP_C)
mbedtls_ecp_keypair *ecp;
#endif /* MBEDTLS_ECP_C */
} data;
} key_slot_t;
static int key_type_is_raw_bytes( psa_key_type_t type )
{
return( PSA_KEY_TYPE_IS_UNSTRUCTURED( type ) );
@ -158,10 +130,8 @@ typedef struct
void (* entropy_free )( mbedtls_entropy_context *ctx );
mbedtls_entropy_context entropy;
mbedtls_ctr_drbg_context ctr_drbg;
key_slot_t key_slots[PSA_KEY_SLOT_COUNT];
unsigned initialized : 1;
unsigned rng_state : 2;
unsigned key_slots_initialized : 1;
} psa_global_data_t;
static psa_global_data_t global_data;
@ -638,9 +608,12 @@ exit:
}
#endif /* defined(MBEDTLS_ECP_C) */
static psa_status_t psa_import_key_into_slot( key_slot_t *slot,
const uint8_t *data,
size_t data_length )
/** Import key data into a slot. `slot->type` must have been set
* previously. This function assumes that the slot does not contain
* any key material yet. On failure, the slot content is unchanged. */
psa_status_t psa_import_key_into_slot( psa_key_slot_t *slot,
const uint8_t *data,
size_t data_length )
{
psa_status_t status = PSA_SUCCESS;
@ -719,71 +692,17 @@ static psa_status_t psa_import_key_into_slot( key_slot_t *slot,
return( PSA_SUCCESS );
}
#if defined(MBEDTLS_PSA_CRYPTO_STORAGE_C)
static psa_status_t psa_load_persistent_key_into_slot( psa_key_slot_t key,
key_slot_t *p_slot )
{
psa_status_t status = PSA_SUCCESS;
uint8_t *key_data = NULL;
size_t key_data_length = 0;
status = psa_load_persistent_key( key, &( p_slot )->type,
&( p_slot )->policy, &key_data,
&key_data_length );
if( status != PSA_SUCCESS )
goto exit;
status = psa_import_key_into_slot( p_slot,
key_data, key_data_length );
exit:
psa_free_persistent_key_data( key_data, key_data_length );
return( status );
}
#endif /* defined(MBEDTLS_PSA_CRYPTO_STORAGE_C) */
/* Retrieve a key slot, occupied or not. */
static psa_status_t psa_get_key_slot( psa_key_slot_t key,
key_slot_t **p_slot )
{
GUARD_MODULE_INITIALIZED;
/* 0 is not a valid slot number under any circumstance. This
* implementation provides slots number 1 to N where N is the
* number of available slots. */
if( key == 0 || key > ARRAY_LENGTH( global_data.key_slots ) )
return( PSA_ERROR_INVALID_ARGUMENT );
*p_slot = &global_data.key_slots[key - 1];
#if defined(MBEDTLS_PSA_CRYPTO_STORAGE_C)
if( ( *p_slot )->lifetime == PSA_KEY_LIFETIME_PERSISTENT )
{
/* There are two circumstances this can occur: the key material has
* not yet been created, or the key exists in storage but has not yet
* been loaded into memory. */
if( ( *p_slot )->type == PSA_KEY_TYPE_NONE )
{
psa_status_t status = PSA_SUCCESS;
status = psa_load_persistent_key_into_slot( key, *p_slot );
if( status != PSA_ERROR_EMPTY_SLOT )
return( status );
}
}
#endif /* defined(MBEDTLS_PSA_CRYPTO_STORAGE_C) */
return( PSA_SUCCESS );
}
/* Retrieve an empty key slot (slot with no key data, but possibly
* with some metadata such as a policy). */
static psa_status_t psa_get_empty_key_slot( psa_key_slot_t key,
key_slot_t **p_slot )
static psa_status_t psa_get_empty_key_slot( psa_key_handle_t handle,
psa_key_slot_t **p_slot )
{
psa_status_t status;
key_slot_t *slot = NULL;
psa_key_slot_t *slot = NULL;
*p_slot = NULL;
status = psa_get_key_slot( key, &slot );
status = psa_get_key_slot( handle, &slot );
if( status != PSA_SUCCESS )
return( status );
@ -797,17 +716,17 @@ static psa_status_t psa_get_empty_key_slot( psa_key_slot_t key,
/** Retrieve a slot which must contain a key. The key must have allow all the
* usage flags set in \p usage. If \p alg is nonzero, the key must allow
* operations with this algorithm. */
static psa_status_t psa_get_key_from_slot( psa_key_slot_t key,
key_slot_t **p_slot,
static psa_status_t psa_get_key_from_slot( psa_key_handle_t handle,
psa_key_slot_t **p_slot,
psa_key_usage_t usage,
psa_algorithm_t alg )
{
psa_status_t status;
key_slot_t *slot = NULL;
psa_key_slot_t *slot = NULL;
*p_slot = NULL;
status = psa_get_key_slot( key, &slot );
status = psa_get_key_slot( handle, &slot );
if( status != PSA_SUCCESS )
return( status );
if( slot->type == PSA_KEY_TYPE_NONE )
@ -828,7 +747,8 @@ static psa_status_t psa_get_key_from_slot( psa_key_slot_t key,
return( PSA_SUCCESS );
}
static psa_status_t psa_remove_key_data_from_memory( key_slot_t *slot )
/** Wipe key data from a slot. Preserve metadata such as the policy. */
static psa_status_t psa_remove_key_data_from_memory( psa_key_slot_t *slot )
{
if( slot->type == PSA_KEY_TYPE_NONE )
{
@ -864,15 +784,27 @@ static psa_status_t psa_remove_key_data_from_memory( key_slot_t *slot )
return( PSA_SUCCESS );
}
psa_status_t psa_import_key( psa_key_slot_t key,
/** Completely wipe a slot in memory, including its policy.
* Persistent storage is not affected. */
psa_status_t psa_wipe_key_slot( psa_key_slot_t *slot )
{
psa_status_t status = psa_remove_key_data_from_memory( slot );
/* At this point, key material and other type-specific content has
* been wiped. Clear remaining metadata. We can call memset and not
* zeroize because the metadata is not particularly sensitive. */
memset( slot, 0, sizeof( *slot ) );
return( status );
}
psa_status_t psa_import_key( psa_key_handle_t handle,
psa_key_type_t type,
const uint8_t *data,
size_t data_length )
{
key_slot_t *slot;
psa_key_slot_t *slot;
psa_status_t status;
status = psa_get_empty_key_slot( key, &slot );
status = psa_get_empty_key_slot( handle, &slot );
if( status != PSA_SUCCESS )
return( status );
@ -889,7 +821,8 @@ psa_status_t psa_import_key( psa_key_slot_t key,
if( slot->lifetime == PSA_KEY_LIFETIME_PERSISTENT )
{
/* Store in file location */
status = psa_save_persistent_key( key, slot->type, &slot->policy, data,
status = psa_save_persistent_key( slot->persistent_storage_id,
slot->type, &slot->policy, data,
data_length );
if( status != PSA_SUCCESS )
{
@ -902,31 +835,30 @@ psa_status_t psa_import_key( psa_key_slot_t key,
return( status );
}
psa_status_t psa_destroy_key( psa_key_slot_t key )
psa_status_t psa_destroy_key( psa_key_handle_t handle )
{
key_slot_t *slot;
psa_key_slot_t *slot;
psa_status_t status = PSA_SUCCESS;
psa_status_t storage_status = PSA_SUCCESS;
status = psa_get_key_slot( key, &slot );
status = psa_get_key_slot( handle, &slot );
if( status != PSA_SUCCESS )
return( status );
#if defined(MBEDTLS_PSA_CRYPTO_STORAGE_C)
if( slot->lifetime == PSA_KEY_LIFETIME_PERSISTENT )
{
storage_status = psa_destroy_persistent_key( key );
storage_status =
psa_destroy_persistent_key( slot->persistent_storage_id );
}
#endif /* defined(MBEDTLS_PSA_CRYPTO_STORAGE_C) */
status = psa_remove_key_data_from_memory( slot );
/* Zeroize the slot to wipe metadata such as policies. */
mbedtls_zeroize( slot, sizeof( *slot ) );
status = psa_wipe_key_slot( slot );
if( status != PSA_SUCCESS )
return( status );
return( storage_status );
}
/* Return the size of the key in the given slot, in bits. */
static size_t psa_get_key_bits( const key_slot_t *slot )
static size_t psa_get_key_bits( const psa_key_slot_t *slot )
{
if( key_type_is_raw_bytes( slot->type ) )
return( slot->data.raw.bytes * 8 );
@ -942,18 +874,18 @@ static size_t psa_get_key_bits( const key_slot_t *slot )
return( 0 );
}
psa_status_t psa_get_key_information( psa_key_slot_t key,
psa_status_t psa_get_key_information( psa_key_handle_t handle,
psa_key_type_t *type,
size_t *bits )
{
key_slot_t *slot;
psa_key_slot_t *slot;
psa_status_t status;
if( type != NULL )
*type = 0;
if( bits != NULL )
*bits = 0;
status = psa_get_key_slot( key, &slot );
status = psa_get_key_slot( handle, &slot );
if( status != PSA_SUCCESS )
return( status );
@ -966,7 +898,7 @@ psa_status_t psa_get_key_information( psa_key_slot_t key,
return( PSA_SUCCESS );
}
static psa_status_t psa_internal_export_key( key_slot_t *slot,
static psa_status_t psa_internal_export_key( psa_key_slot_t *slot,
uint8_t *data,
size_t data_size,
size_t *data_length,
@ -1074,12 +1006,12 @@ static psa_status_t psa_internal_export_key( key_slot_t *slot,
}
}
psa_status_t psa_export_key( psa_key_slot_t key,
psa_status_t psa_export_key( psa_key_handle_t handle,
uint8_t *data,
size_t data_size,
size_t *data_length )
{
key_slot_t *slot;
psa_key_slot_t *slot;
psa_status_t status;
/* Set the key to empty now, so that even when there are errors, we always
@ -1091,19 +1023,19 @@ psa_status_t psa_export_key( psa_key_slot_t key,
/* Export requires the EXPORT flag. There is an exception for public keys,
* which don't require any flag, but psa_get_key_from_slot takes
* care of this. */
status = psa_get_key_from_slot( key, &slot, PSA_KEY_USAGE_EXPORT, 0 );
status = psa_get_key_from_slot( handle, &slot, PSA_KEY_USAGE_EXPORT, 0 );
if( status != PSA_SUCCESS )
return( status );
return( psa_internal_export_key( slot, data, data_size,
data_length, 0 ) );
}
psa_status_t psa_export_public_key( psa_key_slot_t key,
psa_status_t psa_export_public_key( psa_key_handle_t handle,
uint8_t *data,
size_t data_size,
size_t *data_length )
{
key_slot_t *slot;
psa_key_slot_t *slot;
psa_status_t status;
/* Set the key to empty now, so that even when there are errors, we always
@ -1113,7 +1045,7 @@ psa_status_t psa_export_public_key( psa_key_slot_t key,
*data_length = 0;
/* Exporting a public key doesn't require a usage flag. */
status = psa_get_key_from_slot( key, &slot, 0, 0 );
status = psa_get_key_from_slot( handle, &slot, 0, 0 );
if( status != PSA_SUCCESS )
return( status );
return( psa_internal_export_key( slot, data, data_size,
@ -1121,8 +1053,7 @@ psa_status_t psa_export_public_key( psa_key_slot_t key,
}
#if defined(MBEDTLS_PSA_CRYPTO_STORAGE_C)
static psa_status_t psa_save_generated_persistent_key( psa_key_slot_t key,
key_slot_t *slot,
static psa_status_t psa_save_generated_persistent_key( psa_key_slot_t *slot,
size_t bits )
{
psa_status_t status;
@ -1140,14 +1071,15 @@ static psa_status_t psa_save_generated_persistent_key( psa_key_slot_t key,
goto exit;
}
/* Store in file location */
status = psa_save_persistent_key( key, slot->type, &slot->policy,
status = psa_save_persistent_key( slot->persistent_storage_id,
slot->type, &slot->policy,
data, key_length );
if( status != PSA_SUCCESS )
{
slot->type = PSA_KEY_TYPE_NONE;
}
exit:
mbedtls_zeroize( data, key_length );
mbedtls_platform_zeroize( data, key_length );
mbedtls_free( data );
return( status );
}
@ -1654,7 +1586,7 @@ static psa_status_t psa_mac_init( psa_mac_operation_t *operation,
#if defined(MBEDTLS_MD_C)
static psa_status_t psa_hmac_abort_internal( psa_hmac_internal_data *hmac )
{
mbedtls_zeroize( hmac->opad, sizeof( hmac->opad ) );
mbedtls_platform_zeroize( hmac->opad, sizeof( hmac->opad ) );
return( psa_hash_abort( &hmac->hash_ctx ) );
}
@ -1716,7 +1648,7 @@ bad_state:
#if defined(MBEDTLS_CMAC_C)
static int psa_cmac_setup( psa_mac_operation_t *operation,
size_t key_bits,
key_slot_t *slot,
psa_key_slot_t *slot,
const mbedtls_cipher_info_t *cipher_info )
{
int ret;
@ -1798,19 +1730,19 @@ static psa_status_t psa_hmac_setup_internal( psa_hmac_internal_data *hmac,
status = psa_hash_update( &hmac->hash_ctx, ipad, block_size );
cleanup:
mbedtls_zeroize( ipad, key_length );
mbedtls_platform_zeroize( ipad, key_length );
return( status );
}
#endif /* MBEDTLS_MD_C */
static psa_status_t psa_mac_setup( psa_mac_operation_t *operation,
psa_key_slot_t key,
psa_key_handle_t handle,
psa_algorithm_t alg,
int is_sign )
{
psa_status_t status;
key_slot_t *slot;
psa_key_slot_t *slot;
size_t key_bits;
psa_key_usage_t usage =
is_sign ? PSA_KEY_USAGE_SIGN : PSA_KEY_USAGE_VERIFY;
@ -1823,7 +1755,7 @@ static psa_status_t psa_mac_setup( psa_mac_operation_t *operation,
if( is_sign )
operation->is_sign = 1;
status = psa_get_key_from_slot( key, &slot, usage, alg );
status = psa_get_key_from_slot( handle, &slot, usage, alg );
if( status != PSA_SUCCESS )
goto exit;
key_bits = psa_get_key_bits( slot );
@ -1916,17 +1848,17 @@ exit:
}
psa_status_t psa_mac_sign_setup( psa_mac_operation_t *operation,
psa_key_slot_t key,
psa_key_handle_t handle,
psa_algorithm_t alg )
{
return( psa_mac_setup( operation, key, alg, 1 ) );
return( psa_mac_setup( operation, handle, alg, 1 ) );
}
psa_status_t psa_mac_verify_setup( psa_mac_operation_t *operation,
psa_key_slot_t key,
psa_key_handle_t handle,
psa_algorithm_t alg )
{
return( psa_mac_setup( operation, key, alg, 0 ) );
return( psa_mac_setup( operation, handle, alg, 0 ) );
}
psa_status_t psa_mac_update( psa_mac_operation_t *operation,
@ -2004,7 +1936,7 @@ static psa_status_t psa_hmac_finish_internal( psa_hmac_internal_data *hmac,
memcpy( mac, tmp, mac_size );
exit:
mbedtls_zeroize( tmp, hash_size );
mbedtls_platform_zeroize( tmp, hash_size );
return( status );
}
#endif /* MBEDTLS_MD_C */
@ -2028,7 +1960,7 @@ static psa_status_t psa_mac_finish_internal( psa_mac_operation_t *operation,
int ret = mbedtls_cipher_cmac_finish( &operation->ctx.cmac, tmp );
if( ret == 0 )
memcpy( mac, tmp, operation->mac_size );
mbedtls_zeroize( tmp, sizeof( tmp ) );
mbedtls_platform_zeroize( tmp, sizeof( tmp ) );
return( mbedtls_to_psa_error( ret ) );
}
else
@ -2116,7 +2048,7 @@ cleanup:
else
psa_mac_abort( operation );
mbedtls_zeroize( actual_mac, sizeof( actual_mac ) );
mbedtls_platform_zeroize( actual_mac, sizeof( actual_mac ) );
return( status );
}
@ -2383,7 +2315,7 @@ cleanup:
}
#endif /* MBEDTLS_ECDSA_C */
psa_status_t psa_asymmetric_sign( psa_key_slot_t key,
psa_status_t psa_asymmetric_sign( psa_key_handle_t handle,
psa_algorithm_t alg,
const uint8_t *hash,
size_t hash_length,
@ -2391,12 +2323,12 @@ psa_status_t psa_asymmetric_sign( psa_key_slot_t key,
size_t signature_size,
size_t *signature_length )
{
key_slot_t *slot;
psa_key_slot_t *slot;
psa_status_t status;
*signature_length = signature_size;
status = psa_get_key_from_slot( key, &slot, PSA_KEY_USAGE_SIGN, alg );
status = psa_get_key_from_slot( handle, &slot, PSA_KEY_USAGE_SIGN, alg );
if( status != PSA_SUCCESS )
goto exit;
if( ! PSA_KEY_TYPE_IS_KEYPAIR( slot->type ) )
@ -2459,17 +2391,17 @@ exit:
return( status );
}
psa_status_t psa_asymmetric_verify( psa_key_slot_t key,
psa_status_t psa_asymmetric_verify( psa_key_handle_t handle,
psa_algorithm_t alg,
const uint8_t *hash,
size_t hash_length,
const uint8_t *signature,
size_t signature_length )
{
key_slot_t *slot;
psa_key_slot_t *slot;
psa_status_t status;
status = psa_get_key_from_slot( key, &slot, PSA_KEY_USAGE_VERIFY, alg );
status = psa_get_key_from_slot( handle, &slot, PSA_KEY_USAGE_VERIFY, alg );
if( status != PSA_SUCCESS )
return( status );
@ -2515,7 +2447,7 @@ static void psa_rsa_oaep_set_padding_mode( psa_algorithm_t alg,
}
#endif /* defined(MBEDTLS_RSA_C) && defined(MBEDTLS_PKCS1_V21) */
psa_status_t psa_asymmetric_encrypt( psa_key_slot_t key,
psa_status_t psa_asymmetric_encrypt( psa_key_handle_t handle,
psa_algorithm_t alg,
const uint8_t *input,
size_t input_length,
@ -2525,7 +2457,7 @@ psa_status_t psa_asymmetric_encrypt( psa_key_slot_t key,
size_t output_size,
size_t *output_length )
{
key_slot_t *slot;
psa_key_slot_t *slot;
psa_status_t status;
(void) input;
@ -2539,7 +2471,7 @@ psa_status_t psa_asymmetric_encrypt( psa_key_slot_t key,
if( ! PSA_ALG_IS_RSA_OAEP( alg ) && salt_length != 0 )
return( PSA_ERROR_INVALID_ARGUMENT );
status = psa_get_key_from_slot( key, &slot, PSA_KEY_USAGE_ENCRYPT, alg );
status = psa_get_key_from_slot( handle, &slot, PSA_KEY_USAGE_ENCRYPT, alg );
if( status != PSA_SUCCESS )
return( status );
if( ! ( PSA_KEY_TYPE_IS_PUBLIC_KEY( slot->type ) ||
@ -2595,7 +2527,7 @@ psa_status_t psa_asymmetric_encrypt( psa_key_slot_t key,
}
}
psa_status_t psa_asymmetric_decrypt( psa_key_slot_t key,
psa_status_t psa_asymmetric_decrypt( psa_key_handle_t handle,
psa_algorithm_t alg,
const uint8_t *input,
size_t input_length,
@ -2605,7 +2537,7 @@ psa_status_t psa_asymmetric_decrypt( psa_key_slot_t key,
size_t output_size,
size_t *output_length )
{
key_slot_t *slot;
psa_key_slot_t *slot;
psa_status_t status;
(void) input;
@ -2619,7 +2551,7 @@ psa_status_t psa_asymmetric_decrypt( psa_key_slot_t key,
if( ! PSA_ALG_IS_RSA_OAEP( alg ) && salt_length != 0 )
return( PSA_ERROR_INVALID_ARGUMENT );
status = psa_get_key_from_slot( key, &slot, PSA_KEY_USAGE_DECRYPT, alg );
status = psa_get_key_from_slot( handle, &slot, PSA_KEY_USAGE_DECRYPT, alg );
if( status != PSA_SUCCESS )
return( status );
if( ! PSA_KEY_TYPE_IS_KEYPAIR( slot->type ) )
@ -2705,13 +2637,13 @@ static psa_status_t psa_cipher_init( psa_cipher_operation_t *operation,
}
static psa_status_t psa_cipher_setup( psa_cipher_operation_t *operation,
psa_key_slot_t key,
psa_key_handle_t handle,
psa_algorithm_t alg,
mbedtls_operation_t cipher_operation )
{
int ret = MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE;
psa_status_t status;
key_slot_t *slot;
psa_key_slot_t *slot;
size_t key_bits;
const mbedtls_cipher_info_t *cipher_info = NULL;
psa_key_usage_t usage = ( cipher_operation == MBEDTLS_ENCRYPT ?
@ -2722,7 +2654,7 @@ static psa_status_t psa_cipher_setup( psa_cipher_operation_t *operation,
if( status != PSA_SUCCESS )
return( status );
status = psa_get_key_from_slot( key, &slot, usage, alg);
status = psa_get_key_from_slot( handle, &slot, usage, alg);
if( status != PSA_SUCCESS )
return( status );
key_bits = psa_get_key_bits( slot );
@ -2797,17 +2729,17 @@ static psa_status_t psa_cipher_setup( psa_cipher_operation_t *operation,
}
psa_status_t psa_cipher_encrypt_setup( psa_cipher_operation_t *operation,
psa_key_slot_t key,
psa_key_handle_t handle,
psa_algorithm_t alg )
{
return( psa_cipher_setup( operation, key, alg, MBEDTLS_ENCRYPT ) );
return( psa_cipher_setup( operation, handle, alg, MBEDTLS_ENCRYPT ) );
}
psa_status_t psa_cipher_decrypt_setup( psa_cipher_operation_t *operation,
psa_key_slot_t key,
psa_key_handle_t handle,
psa_algorithm_t alg )
{
return( psa_cipher_setup( operation, key, alg, MBEDTLS_DECRYPT ) );
return( psa_cipher_setup( operation, handle, alg, MBEDTLS_DECRYPT ) );
}
psa_status_t psa_cipher_generate_iv( psa_cipher_operation_t *operation,
@ -2957,7 +2889,7 @@ psa_status_t psa_cipher_finish( psa_cipher_operation_t *operation,
goto error;
}
mbedtls_zeroize( temp_output_buffer, sizeof( temp_output_buffer ) );
mbedtls_platform_zeroize( temp_output_buffer, sizeof( temp_output_buffer ) );
status = psa_cipher_abort( operation );
return( status );
@ -2966,7 +2898,7 @@ error:
*output_length = 0;
mbedtls_zeroize( temp_output_buffer, sizeof( temp_output_buffer ) );
mbedtls_platform_zeroize( temp_output_buffer, sizeof( temp_output_buffer ) );
(void) psa_cipher_abort( operation );
return( status );
@ -3030,16 +2962,16 @@ psa_algorithm_t psa_key_policy_get_algorithm( const psa_key_policy_t *policy )
}
#endif /* !defined(MBEDTLS_PSA_CRYPTO_SPM) */
psa_status_t psa_set_key_policy( psa_key_slot_t key,
psa_status_t psa_set_key_policy( psa_key_handle_t handle,
const psa_key_policy_t *policy )
{
key_slot_t *slot;
psa_key_slot_t *slot;
psa_status_t status;
if( policy == NULL )
return( PSA_ERROR_INVALID_ARGUMENT );
status = psa_get_empty_key_slot( key, &slot );
status = psa_get_empty_key_slot( handle, &slot );
if( status != PSA_SUCCESS )
return( status );
@ -3056,16 +2988,16 @@ psa_status_t psa_set_key_policy( psa_key_slot_t key,
return( PSA_SUCCESS );
}
psa_status_t psa_get_key_policy( psa_key_slot_t key,
psa_status_t psa_get_key_policy( psa_key_handle_t handle,
psa_key_policy_t *policy )
{
key_slot_t *slot;
psa_key_slot_t *slot;
psa_status_t status;
if( policy == NULL )
return( PSA_ERROR_INVALID_ARGUMENT );
status = psa_get_key_slot( key, &slot );
status = psa_get_key_slot( handle, &slot );
if( status != PSA_SUCCESS )
return( status );
@ -3080,13 +3012,13 @@ psa_status_t psa_get_key_policy( psa_key_slot_t key,
/* Key Lifetime */
/****************************************************************/
psa_status_t psa_get_key_lifetime( psa_key_slot_t key,
psa_status_t psa_get_key_lifetime( psa_key_handle_t handle,
psa_key_lifetime_t *lifetime )
{
key_slot_t *slot;
psa_key_slot_t *slot;
psa_status_t status;
status = psa_get_key_slot( key, &slot );
status = psa_get_key_slot( handle, &slot );
if( status != PSA_SUCCESS )
return( status );
@ -3095,34 +3027,6 @@ psa_status_t psa_get_key_lifetime( psa_key_slot_t key,
return( PSA_SUCCESS );
}
psa_status_t psa_set_key_lifetime( psa_key_slot_t key,
psa_key_lifetime_t lifetime )
{
key_slot_t *slot;
psa_status_t status;
if( lifetime != PSA_KEY_LIFETIME_VOLATILE &&
lifetime != PSA_KEY_LIFETIME_PERSISTENT &&
lifetime != PSA_KEY_LIFETIME_WRITE_ONCE )
return( PSA_ERROR_INVALID_ARGUMENT );
status = psa_get_empty_key_slot( key, &slot );
if( status != PSA_SUCCESS )
return( status );
if( lifetime == PSA_KEY_LIFETIME_WRITE_ONCE )
return( PSA_ERROR_NOT_SUPPORTED );
#if !defined(MBEDTLS_PSA_CRYPTO_STORAGE_C)
if( lifetime == PSA_KEY_LIFETIME_PERSISTENT )
return( PSA_ERROR_NOT_SUPPORTED );
#endif
slot->lifetime = lifetime;
return( PSA_SUCCESS );
}
/****************************************************************/
@ -3131,7 +3035,7 @@ psa_status_t psa_set_key_lifetime( psa_key_slot_t key,
typedef struct
{
key_slot_t *slot;
psa_key_slot_t *slot;
const mbedtls_cipher_info_t *cipher_info;
union
{
@ -3165,7 +3069,7 @@ static void psa_aead_abort( aead_operation_t *operation )
}
static psa_status_t psa_aead_setup( aead_operation_t *operation,
psa_key_slot_t key,
psa_key_handle_t handle,
psa_key_usage_t usage,
psa_algorithm_t alg )
{
@ -3173,7 +3077,7 @@ static psa_status_t psa_aead_setup( aead_operation_t *operation,
size_t key_bits;
mbedtls_cipher_id_t cipher_id;
status = psa_get_key_from_slot( key, &operation->slot, usage, alg );
status = psa_get_key_from_slot( handle, &operation->slot, usage, alg );
if( status != PSA_SUCCESS )
return( status );
@ -3238,7 +3142,7 @@ cleanup:
return( status );
}
psa_status_t psa_aead_encrypt( psa_key_slot_t key,
psa_status_t psa_aead_encrypt( psa_key_handle_t handle,
psa_algorithm_t alg,
const uint8_t *nonce,
size_t nonce_length,
@ -3256,7 +3160,7 @@ psa_status_t psa_aead_encrypt( psa_key_slot_t key,
*ciphertext_length = 0;
status = psa_aead_setup( &operation, key, PSA_KEY_USAGE_ENCRYPT, alg );
status = psa_aead_setup( &operation, handle, PSA_KEY_USAGE_ENCRYPT, alg );
if( status != PSA_SUCCESS )
return( status );
@ -3332,7 +3236,7 @@ static psa_status_t psa_aead_unpadded_locate_tag( size_t tag_length,
return( PSA_SUCCESS );
}
psa_status_t psa_aead_decrypt( psa_key_slot_t key,
psa_status_t psa_aead_decrypt( psa_key_handle_t handle,
psa_algorithm_t alg,
const uint8_t *nonce,
size_t nonce_length,
@ -3350,7 +3254,7 @@ psa_status_t psa_aead_decrypt( psa_key_slot_t key,
*plaintext_length = 0;
status = psa_aead_setup( &operation, key, PSA_KEY_USAGE_DECRYPT, alg );
status = psa_aead_setup( &operation, handle, PSA_KEY_USAGE_DECRYPT, alg );
if( status != PSA_SUCCESS )
return( status );
@ -3428,7 +3332,7 @@ psa_status_t psa_generator_abort( psa_crypto_generator_t *generator )
{
if( generator->ctx.buffer.data != NULL )
{
mbedtls_zeroize( generator->ctx.buffer.data,
mbedtls_platform_zeroize( generator->ctx.buffer.data,
generator->ctx.buffer.size );
mbedtls_free( generator->ctx.buffer.data );
}
@ -3446,14 +3350,14 @@ psa_status_t psa_generator_abort( psa_crypto_generator_t *generator )
{
if( generator->ctx.tls12_prf.key != NULL )
{
mbedtls_zeroize( generator->ctx.tls12_prf.key,
mbedtls_platform_zeroize( generator->ctx.tls12_prf.key,
generator->ctx.tls12_prf.key_len );
mbedtls_free( generator->ctx.tls12_prf.key );
}
if( generator->ctx.tls12_prf.Ai_with_seed != NULL )
{
mbedtls_zeroize( generator->ctx.tls12_prf.Ai_with_seed,
mbedtls_platform_zeroize( generator->ctx.tls12_prf.Ai_with_seed,
generator->ctx.tls12_prf.Ai_with_seed_len );
mbedtls_free( generator->ctx.tls12_prf.Ai_with_seed );
}
@ -3779,7 +3683,7 @@ static void psa_des_set_key_parity( uint8_t *data, size_t data_size )
}
#endif /* MBEDTLS_DES_C */
psa_status_t psa_generator_import_key( psa_key_slot_t key,
psa_status_t psa_generator_import_key( psa_key_handle_t handle,
psa_key_type_t type,
size_t bits,
psa_crypto_generator_t *generator )
@ -3803,7 +3707,7 @@ psa_status_t psa_generator_import_key( psa_key_slot_t key,
if( type == PSA_KEY_TYPE_DES )
psa_des_set_key_parity( data, bytes );
#endif /* MBEDTLS_DES_C */
status = psa_import_key( key, type, data, bytes );
status = psa_import_key( handle, type, data, bytes );
exit:
mbedtls_free( data );
@ -3955,7 +3859,7 @@ static psa_status_t psa_generator_tls12_psk_to_ms_setup(
salt, salt_length,
label, label_length );
mbedtls_zeroize( pms, sizeof( pms ) );
mbedtls_platform_zeroize( pms, sizeof( pms ) );
return( status );
}
#endif /* MBEDTLS_MD_C */
@ -4060,7 +3964,7 @@ static psa_status_t psa_key_derivation_internal(
}
psa_status_t psa_key_derivation( psa_crypto_generator_t *generator,
psa_key_slot_t key,
psa_key_handle_t handle,
psa_algorithm_t alg,
const uint8_t *salt,
size_t salt_length,
@ -4068,7 +3972,7 @@ psa_status_t psa_key_derivation( psa_crypto_generator_t *generator,
size_t label_length,
size_t capacity )
{
key_slot_t *slot;
psa_key_slot_t *slot;
psa_status_t status;
if( generator->alg != 0 )
@ -4080,7 +3984,7 @@ psa_status_t psa_key_derivation( psa_crypto_generator_t *generator,
if( ! PSA_ALG_IS_KEY_DERIVATION( alg ) )
return( PSA_ERROR_INVALID_ARGUMENT );
status = psa_get_key_from_slot( key, &slot, PSA_KEY_USAGE_DERIVE, alg );
status = psa_get_key_from_slot( handle, &slot, PSA_KEY_USAGE_DERIVE, alg );
if( status != PSA_SUCCESS )
return( status );
@ -4165,7 +4069,7 @@ exit:
* to potentially free embedded data structures and wipe confidential data.
*/
static psa_status_t psa_key_agreement_internal( psa_crypto_generator_t *generator,
key_slot_t *private_key,
psa_key_slot_t *private_key,
const uint8_t *peer_key,
size_t peer_key_length,
psa_algorithm_t alg )
@ -4206,17 +4110,17 @@ static psa_status_t psa_key_agreement_internal( psa_crypto_generator_t *generato
NULL, 0, NULL, 0,
PSA_GENERATOR_UNBRIDLED_CAPACITY );
exit:
mbedtls_zeroize( shared_secret, shared_secret_length );
mbedtls_platform_zeroize( shared_secret, shared_secret_length );
return( status );
}
psa_status_t psa_key_agreement( psa_crypto_generator_t *generator,
psa_key_slot_t private_key,
psa_key_handle_t private_key,
const uint8_t *peer_key,
size_t peer_key_length,
psa_algorithm_t alg )
{
key_slot_t *slot;
psa_key_slot_t *slot;
psa_status_t status;
if( ! PSA_ALG_IS_KEY_AGREEMENT( alg ) )
return( PSA_ERROR_INVALID_ARGUMENT );
@ -4316,19 +4220,19 @@ psa_status_t mbedtls_psa_inject_entropy( const unsigned char *seed,
}
#endif
psa_status_t psa_generate_key( psa_key_slot_t key,
psa_status_t psa_generate_key( psa_key_handle_t handle,
psa_key_type_t type,
size_t bits,
const void *extra,
size_t extra_size )
{
key_slot_t *slot;
psa_key_slot_t *slot;
psa_status_t status;
if( extra == NULL && extra_size != 0 )
return( PSA_ERROR_INVALID_ARGUMENT );
status = psa_get_empty_key_slot( key, &slot );
status = psa_get_empty_key_slot( handle, &slot );
if( status != PSA_SUCCESS )
return( status );
@ -4437,7 +4341,7 @@ psa_status_t psa_generate_key( psa_key_slot_t key,
#if defined(MBEDTLS_PSA_CRYPTO_STORAGE_C)
if( slot->lifetime == PSA_KEY_LIFETIME_PERSISTENT )
{
return( psa_save_generated_persistent_key( key, slot, bits ) );
return( psa_save_generated_persistent_key( slot, bits ) );
}
#endif /* defined(MBEDTLS_PSA_CRYPTO_STORAGE_C) */
@ -4462,21 +4366,7 @@ psa_status_t mbedtls_psa_crypto_configure_entropy_sources(
void mbedtls_psa_crypto_free( void )
{
psa_key_slot_t key;
key_slot_t *slot;
psa_status_t status;
if( global_data.key_slots_initialized )
{
for( key = 1; key <= PSA_KEY_SLOT_COUNT; key++ )
{
status = psa_get_key_slot( key, &slot );
if( status != PSA_SUCCESS )
continue;
psa_remove_key_data_from_memory( slot );
/* Zeroize the slot to wipe metadata such as policies. */
mbedtls_zeroize( slot, sizeof( *slot ) );
}
}
psa_wipe_all_key_slots( );
if( global_data.rng_state != RNG_NOT_INITIALIZED )
{
mbedtls_ctr_drbg_free( &global_data.ctr_drbg );
@ -4485,12 +4375,12 @@ void mbedtls_psa_crypto_free( void )
/* Wipe all remaining data, including configuration.
* In particular, this sets all state indicator to the value
* indicating "uninitialized". */
mbedtls_zeroize( &global_data, sizeof( global_data ) );
mbedtls_platform_zeroize( &global_data, sizeof( global_data ) );
}
psa_status_t psa_crypto_init( void )
{
int ret;
psa_status_t status;
const unsigned char drbg_seed[] = "PSA";
/* Double initialization is explicitly allowed. */
@ -4508,26 +4398,26 @@ psa_status_t psa_crypto_init( void )
global_data.entropy_init( &global_data.entropy );
mbedtls_ctr_drbg_init( &global_data.ctr_drbg );
global_data.rng_state = RNG_INITIALIZED;
ret = mbedtls_ctr_drbg_seed( &global_data.ctr_drbg,
mbedtls_entropy_func,
&global_data.entropy,
drbg_seed, sizeof( drbg_seed ) - 1 );
if( ret != 0 )
status = mbedtls_to_psa_error(
mbedtls_ctr_drbg_seed( &global_data.ctr_drbg,
mbedtls_entropy_func,
&global_data.entropy,
drbg_seed, sizeof( drbg_seed ) - 1 ) );
if( status != PSA_SUCCESS )
goto exit;
global_data.rng_state = RNG_SEEDED;
/* Initialize the key slots. Zero-initialization has made all key
* slots empty, so there is nothing to do. In a future version we will
* load data from storage. */
global_data.key_slots_initialized = 1;
status = psa_initialize_key_slots( );
if( status != PSA_SUCCESS )
goto exit;
/* All done. */
global_data.initialized = 1;
exit:
if( ret != 0 )
if( status != PSA_SUCCESS )
mbedtls_psa_crypto_free( );
return( mbedtls_to_psa_error( ret ) );
return( status );
}
#endif /* MBEDTLS_PSA_CRYPTO_C */

99
library/psa_crypto_core.h Normal file
View file

@ -0,0 +1,99 @@
/*
* PSA crypto core internal interfaces
*/
/* Copyright (C) 2018, ARM Limited, All Rights Reserved
* SPDX-License-Identifier: Apache-2.0
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
* not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*
* This file is part of mbed TLS (https://tls.mbed.org)
*/
#ifndef PSA_CRYPTO_CORE_H
#define PSA_CRYPTO_CORE_H
#if !defined(MBEDTLS_CONFIG_FILE)
#include "mbedtls/config.h"
#else
#include MBEDTLS_CONFIG_FILE
#endif
#include "psa/crypto.h"
#include "mbedtls/ecp.h"
#include "mbedtls/rsa.h"
/** The data structure representing a key slot, containing key material
* and metadata for one key.
*/
typedef struct
{
psa_key_type_t type;
psa_key_policy_t policy;
psa_key_lifetime_t lifetime;
psa_key_id_t persistent_storage_id;
unsigned allocated : 1;
union
{
struct raw_data
{
uint8_t *data;
size_t bytes;
} raw;
#if defined(MBEDTLS_RSA_C)
mbedtls_rsa_context *rsa;
#endif /* MBEDTLS_RSA_C */
#if defined(MBEDTLS_ECP_C)
mbedtls_ecp_keypair *ecp;
#endif /* MBEDTLS_ECP_C */
} data;
} psa_key_slot_t;
/** Completely wipe a slot in memory, including its policy.
*
* Persistent storage is not affected.
*
* \param[in,out] slot The key slot to wipe.
*
* \retval PSA_SUCCESS
* Success. This includes the case of a key slot that was
* already fully wiped.
* \retval PSA_ERROR_TAMPERING_DETECTED
*/
psa_status_t psa_wipe_key_slot( psa_key_slot_t *slot );
/** Import key data into a slot.
*
* `slot->type` must have been set previously.
* This function assumes that the slot does not contain any key material yet.
* On failure, the slot content is unchanged.
*
* Persistent storage is not affected.
*
* \param[in,out] slot The key slot to import data into.
* Its `type` field must have previously been set to
* the desired key type.
* It must not contain any key material yet.
* \param[in] data Buffer containing the key material to parse and import.
* \param data_length Size of \p data in bytes.
*
* \retval PSA_SUCCESS
* \retval PSA_ERROR_INVALID_ARGUMENT
* \retval PSA_ERROR_NOT_SUPPORTED
* \retval PSA_ERROR_INSUFFICIENT_MEMORY
*/
psa_status_t psa_import_key_into_slot( psa_key_slot_t *slot,
const uint8_t *data,
size_t data_length );
#endif /* PSA_CRYPTO_CORE_H */

287
library/psa_crypto_slot_management.c Normal file
View file

@ -0,0 +1,287 @@
/*
* PSA crypto layer on top of Mbed TLS crypto
*/
/* Copyright (C) 2018, ARM Limited, All Rights Reserved
* SPDX-License-Identifier: Apache-2.0
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
* not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*
* This file is part of mbed TLS (https://tls.mbed.org)
*/
#if !defined(MBEDTLS_CONFIG_FILE)
#include "mbedtls/config.h"
#else
#include MBEDTLS_CONFIG_FILE
#endif
#if defined(MBEDTLS_PSA_CRYPTO_C)
#include "psa/crypto.h"
#include "psa_crypto_core.h"
#include "psa_crypto_slot_management.h"
#include "psa_crypto_storage.h"
#include <stdlib.h>
#include <string.h>
#if defined(MBEDTLS_PLATFORM_C)
#include "mbedtls/platform.h"
#else
#define mbedtls_calloc calloc
#define mbedtls_free free
#endif
#define ARRAY_LENGTH( array ) ( sizeof( array ) / sizeof( *( array ) ) )
typedef struct
{
psa_key_slot_t key_slots[PSA_KEY_SLOT_COUNT];
unsigned key_slots_initialized : 1;
} psa_global_data_t;
static psa_global_data_t global_data;
/* Access a key slot at the given handle. The handle of a key slot is
* the index of the slot in the global slot array, plus one so that handles
* start at 1 and not 0. */
psa_status_t psa_get_key_slot( psa_key_handle_t handle,
psa_key_slot_t **p_slot )
{
psa_key_slot_t *slot = NULL;
if( ! global_data.key_slots_initialized )
return( PSA_ERROR_BAD_STATE );
/* 0 is not a valid handle under any circumstance. This
* implementation provides slots number 1 to N where N is the
* number of available slots. */
if( handle == 0 || handle > ARRAY_LENGTH( global_data.key_slots ) )
return( PSA_ERROR_INVALID_HANDLE );
slot = &global_data.key_slots[handle - 1];
/* If the slot hasn't been allocated, the handle is invalid. */
if( ! slot->allocated )
return( PSA_ERROR_INVALID_HANDLE );
*p_slot = slot;
return( PSA_SUCCESS );
}
psa_status_t psa_initialize_key_slots( void )
{
/* Nothing to do: program startup and psa_wipe_all_key_slots() both
* guarantee that the key slots are initialized to all-zero, which
* means that all the key slots are in a valid, empty state. */
global_data.key_slots_initialized = 1;
return( PSA_SUCCESS );
}
void psa_wipe_all_key_slots( void )
{
psa_key_handle_t key;
for( key = 1; key <= PSA_KEY_SLOT_COUNT; key++ )
{
psa_key_slot_t *slot = &global_data.key_slots[key - 1];
(void) psa_wipe_key_slot( slot );
}
global_data.key_slots_initialized = 0;
}
/** Find a free key slot and mark it as in use.
*
* \param[out] handle On success, a slot number that is not in use. This
* value can be used as a handle to the slot.
*
* \retval #PSA_SUCCESS
* \retval #PSA_ERROR_INSUFFICIENT_MEMORY
*/
static psa_status_t psa_internal_allocate_key_slot( psa_key_handle_t *handle )
{
for( *handle = PSA_KEY_SLOT_COUNT; *handle != 0; --( *handle ) )
{
psa_key_slot_t *slot = &global_data.key_slots[*handle - 1];
if( ! slot->allocated )
{
slot->allocated = 1;
return( PSA_SUCCESS );
}
}
return( PSA_ERROR_INSUFFICIENT_MEMORY );
}
/** Wipe a key slot and mark it as available.
*
* This does not affect persistent storage.
*
* \param handle The handle to the key slot to release.
*
* \retval #PSA_SUCCESS
* \retval #PSA_ERROR_INVALID_ARGUMENT
* \retval #PSA_ERROR_TAMPERING_DETECTED
*/
static psa_status_t psa_internal_release_key_slot( psa_key_handle_t handle )
{
psa_key_slot_t *slot;
psa_status_t status;
status = psa_get_key_slot( handle, &slot );
if( status != PSA_SUCCESS )
return( status );
return( psa_wipe_key_slot( slot ) );
}
psa_status_t psa_allocate_key( psa_key_type_t type,
size_t max_bits,
psa_key_handle_t *handle )
{
/* This implementation doesn't reserve memory for the keys. */
(void) type;
(void) max_bits;
*handle = 0;
return( psa_internal_allocate_key_slot( handle ) );
}
#if defined(MBEDTLS_PSA_CRYPTO_STORAGE_C)
static psa_status_t psa_load_persistent_key_into_slot( psa_key_slot_t *p_slot )
{
psa_status_t status = PSA_SUCCESS;
uint8_t *key_data = NULL;
size_t key_data_length = 0;
status = psa_load_persistent_key( p_slot->persistent_storage_id,
&( p_slot )->type,
&( p_slot )->policy, &key_data,
&key_data_length );
if( status != PSA_SUCCESS )
goto exit;
status = psa_import_key_into_slot( p_slot,
key_data, key_data_length );
exit:
psa_free_persistent_key_data( key_data, key_data_length );
return( status );
}
#endif /* defined(MBEDTLS_PSA_CRYPTO_STORAGE_C) */
/** Declare a slot as persistent and load it from storage.
*
* This function may only be called immediately after a successful call
* to psa_internal_allocate_key_slot().
*
* \param handle A handle to a key slot freshly allocated with
* psa_internal_allocate_key_slot().
*
* \retval #PSA_SUCCESS
* The slot content was loaded successfully.
* \retval #PSA_ERROR_EMPTY_SLOT
* There is no content for this slot in persistent storage.
* \retval #PSA_ERROR_INVALID_HANDLE
* \retval #PSA_ERROR_INVALID_ARGUMENT
* \p id is not acceptable.
* \retval #PSA_ERROR_INSUFFICIENT_MEMORY
* \retval #PSA_ERROR_STORAGE_FAILURE
*/
static psa_status_t psa_internal_make_key_persistent( psa_key_handle_t handle,
psa_key_id_t id )
{
#if defined(MBEDTLS_PSA_CRYPTO_STORAGE_C)
psa_key_slot_t *slot;
psa_status_t status;
/* Reject id=0 because by general library conventions, 0 is an invalid
* value wherever possible. */
if( id == 0 )
return( PSA_ERROR_INVALID_ARGUMENT );
/* Reject high values because the file names are reserved for the
* library's internal use. */
if( id >= PSA_MAX_PERSISTENT_KEY_IDENTIFIER )
return( PSA_ERROR_INVALID_ARGUMENT );
status = psa_get_key_slot( handle, &slot );
if( status != PSA_SUCCESS )
return( status );
slot->lifetime = PSA_KEY_LIFETIME_PERSISTENT;
slot->persistent_storage_id = id;
status = psa_load_persistent_key_into_slot( slot );
return( status );
#else /* MBEDTLS_PSA_CRYPTO_STORAGE_C */
(void) handle;
(void) id;
return( PSA_ERROR_NOT_SUPPORTED );
#endif /* !MBEDTLS_PSA_CRYPTO_STORAGE_C */
}
static psa_status_t persistent_key_setup( psa_key_lifetime_t lifetime,
psa_key_id_t id,
psa_key_handle_t *handle,
psa_status_t wanted_load_status )
{
psa_status_t status;
*handle = 0;
if( lifetime != PSA_KEY_LIFETIME_PERSISTENT )
return( PSA_ERROR_INVALID_ARGUMENT );
status = psa_internal_allocate_key_slot( handle );
if( status != PSA_SUCCESS )
return( status );
status = psa_internal_make_key_persistent( *handle, id );
if( status != wanted_load_status )
{
psa_internal_release_key_slot( *handle );
*handle = 0;
}
return( status );
}
psa_status_t psa_open_key( psa_key_lifetime_t lifetime,
psa_key_id_t id,
psa_key_handle_t *handle )
{
return( persistent_key_setup( lifetime, id, handle, PSA_SUCCESS ) );
}
psa_status_t psa_create_key( psa_key_lifetime_t lifetime,
psa_key_id_t id,
psa_key_type_t type,
size_t max_bits,
psa_key_handle_t *handle )
{
psa_status_t status;
/* This implementation doesn't reserve memory for the keys. */
(void) type;
(void) max_bits;
status = persistent_key_setup( lifetime, id, handle,
PSA_ERROR_EMPTY_SLOT );
switch( status )
{
case PSA_SUCCESS: return( PSA_ERROR_OCCUPIED_SLOT );
case PSA_ERROR_EMPTY_SLOT: return( PSA_SUCCESS );
default: return( status );
}
}
psa_status_t psa_close_key( psa_key_handle_t handle )
{
return( psa_internal_release_key_slot( handle ) );
}
#endif /* MBEDTLS_PSA_CRYPTO_C */

58
library/psa_crypto_slot_management.h Normal file
View file

@ -0,0 +1,58 @@
/*
* PSA crypto layer on top of Mbed TLS crypto
*/
/* Copyright (C) 2018, ARM Limited, All Rights Reserved
* SPDX-License-Identifier: Apache-2.0
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
* not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*
* This file is part of mbed TLS (https://tls.mbed.org)
*/
#ifndef PSA_CRYPTO_SLOT_MANAGEMENT_H
#define PSA_CRYPTO_SLOT_MANAGEMENT_H
/* Number of key slots (plus one because 0 is not used).
* The value is a compile-time constant for now, for simplicity. */
#define PSA_KEY_SLOT_COUNT 32
/** Access a key slot at the given handle.
*
* \param handle Key handle to query.
* \param[out] p_slot On success, `*p_slot` contains a pointer to the
* key slot in memory designated by \p handle.
*
* \retval PSA_SUCCESS
* Success: \p handle is a handle to `*p_slot`. Note that `*p_slot`
* may be empty or occupied.
* \retval PSA_ERROR_INVALID_HANDLE
* \p handle is out of range or is not in use.
* \retval PSA_ERROR_BAD_STATE
* The library has not been initialized.
*/
psa_status_t psa_get_key_slot( psa_key_handle_t handle,
psa_key_slot_t **p_slot );
/** Initialize the key slot structures.
*
* \retval PSA_SUCCESS
* Currently this function always succeeds.
*/
psa_status_t psa_initialize_key_slots( void );
/** Delete all data from key slots in memory.
*
* This does not affect persistent storage. */
void psa_wipe_all_key_slots( void );
#endif /* PSA_CRYPTO_SLOT_MANAGEMENT_H */

4
library/psa_crypto_storage.c
View file

@ -147,7 +147,7 @@ psa_status_t psa_parse_key_data_from_storage( const uint8_t *storage_data,
return( PSA_SUCCESS );
}
psa_status_t psa_save_persistent_key( const psa_key_slot_t key,
psa_status_t psa_save_persistent_key( const psa_key_id_t key,
const psa_key_type_t type,
const psa_key_policy_t *policy,
const uint8_t *data,
@ -185,7 +185,7 @@ void psa_free_persistent_key_data( uint8_t *key_data, size_t key_data_length )
mbedtls_free( key_data );
}
psa_status_t psa_load_persistent_key( psa_key_slot_t key,
psa_status_t psa_load_persistent_key( psa_key_id_t key,
psa_key_type_t *type,
psa_key_policy_t *policy,
uint8_t **data,

44
library/psa_crypto_storage.h
View file

@ -44,6 +44,23 @@ extern "C" {
* inadvertently store an obscene amount of data) */
#define PSA_CRYPTO_MAX_STORAGE_SIZE ( 30 * 1024 )
/** The maximum permitted persistent slot number.
*
* In Mbed Crypto 0.1.0b:
* - Using the file backend, all key ids are ok except 0.
* - Using the ITS backend, all key ids are ok except 0xFFFFFF52
* (#PSA_CRYPTO_ITS_RANDOM_SEED_UID) for which the file contains the
* device's random seed (if this feature is enabled).
* - Only key ids from 1 to #PSA_KEY_SLOT_COUNT are actually used.
*
* Since we need to preserve the random seed, avoid using that key slot.
* Reserve a whole range of key slots just in case something else comes up.
*
* This limitation will probably become moot when we implement client
* separation for key storage.
*/
#define PSA_MAX_PERSISTENT_KEY_IDENTIFIER 0xffff0000
/**
* \brief Format key data and metadata and save to a location for given key
* slot.
@ -56,20 +73,20 @@ extern "C" {
* already occupied non-persistent key, as well as validating the key data.
*
*
* \param key Slot number of the key to be stored. This must be a
* valid slot for a key of the chosen type. This should be
* an occupied key slot with an unoccupied corresponding
* storage location.
* \param key Persistent identifier of the key to be stored. This
* should be an unoccupied storage location.
* \param type Key type (a \c PSA_KEY_TYPE_XXX value).
* \param[in] policy The key policy to save.
* \param[in] data Buffer containing the key data.
* \param data_length The number of bytes that make up the key data.
*
* \retval PSA_SUCCESS
* \retval PSA_ERROR_INSUFFICIENT_MEMORY
* \retval PSA_ERROR_INSUFFICIENT_STORAGE
* \retval PSA_ERROR_STORAGE_FAILURE
* \retval PSA_ERROR_OCCUPIED_SLOT
*/
psa_status_t psa_save_persistent_key( const psa_key_slot_t key,
psa_status_t psa_save_persistent_key( const psa_key_id_t key,
const psa_key_type_t type,
const psa_key_policy_t *policy,
const uint8_t *data,
@ -87,10 +104,8 @@ psa_status_t psa_save_persistent_key( const psa_key_slot_t key,
* this function to zeroize and free this buffer, regardless of whether this
* function succeeds or fails.
*
* \param key Slot number whose content is to be loaded. This
* must be an unoccupied key slot with an occupied
* corresponding storage location. The key slot
* lifetime must be set to persistent.
* \param key Persistent identifier of the key to be loaded. This
* should be an occupied storage location.
* \param[out] type On success, the key type (a \c PSA_KEY_TYPE_XXX
* value).
* \param[out] policy On success, the key's policy.
@ -100,8 +115,9 @@ psa_status_t psa_save_persistent_key( const psa_key_slot_t key,
* \retval PSA_SUCCESS
* \retval PSA_ERROR_INSUFFICIENT_MEMORY
* \retval PSA_ERROR_STORAGE_FAILURE
* \retval PSA_ERROR_EMPTY_SLOT
*/
psa_status_t psa_load_persistent_key( psa_key_slot_t key,
psa_status_t psa_load_persistent_key( psa_key_id_t key,
psa_key_type_t *type,
psa_key_policy_t *policy,
uint8_t **data,
@ -110,16 +126,18 @@ psa_status_t psa_load_persistent_key( psa_key_slot_t key,
/**
* \brief Remove persistent data for the given key slot number.
*
* \param key Slot number whose content is to be removed
* \param key Persistent identifier of the key to remove
* from persistent storage.
*
* \retval PSA_SUCCESS
* The key was successfully removed,
* or the key did not exist.
* \retval PSA_ERROR_STORAGE_FAILURE
*/
psa_status_t psa_destroy_persistent_key( const psa_key_slot_t key );
psa_status_t psa_destroy_persistent_key( const psa_key_id_t key );
/**
* \brief Zeroizes and frees the given buffer.
* \brief Free the temporary buffer allocated by psa_load_persistent_key().
*
* This function must be called at some point after psa_load_persistent_key()
* to zeroize and free the memory allocated to the buffer in that function.

29
library/psa_crypto_storage_backend.h
View file

@ -47,15 +47,16 @@ extern "C" {
* This function reads data from a storage backend and returns the data in a
* buffer.
*
* \param key Slot number whose content is to be loaded. This must
* be a key slot whose lifetime is set to persistent.
* \param[out] data Buffer where the data is to be written.
* \param data_size Size of the \c data buffer in bytes.
* \param key Persistent identifier of the key to be loaded. This
* should be an occupied storage location.
* \param[out] data Buffer where the data is to be written.
* \param data_size Size of the \c data buffer in bytes.
*
* \retval PSA_SUCCESS
* \retval PSA_ERROR_STORAGE_FAILURE
* \retval PSA_ERROR_EMPTY_SLOT
*/
psa_status_t psa_crypto_storage_load( const psa_key_slot_t key, uint8_t *data,
psa_status_t psa_crypto_storage_load( const psa_key_id_t key, uint8_t *data,
size_t data_size );
/**
@ -63,7 +64,8 @@ psa_status_t psa_crypto_storage_load( const psa_key_slot_t key, uint8_t *data,
*
* This function stores the given data buffer to a persistent storage.
*
* \param key Slot number whose content is to be stored.
* \param key Persistent identifier of the key to be stored. This
* should be an unoccupied storage location.
* \param[in] data Buffer containing the data to be stored.
* \param data_length The number of bytes
* that make up the data.
@ -71,8 +73,9 @@ psa_status_t psa_crypto_storage_load( const psa_key_slot_t key, uint8_t *data,
* \retval PSA_SUCCESS
* \retval PSA_ERROR_INSUFFICIENT_STORAGE
* \retval PSA_ERROR_STORAGE_FAILURE
* \retval PSA_ERROR_OCCUPIED_SLOT
*/
psa_status_t psa_crypto_storage_store( const psa_key_slot_t key,
psa_status_t psa_crypto_storage_store( const psa_key_id_t key,
const uint8_t *data,
size_t data_length );
@ -82,26 +85,26 @@ psa_status_t psa_crypto_storage_store( const psa_key_slot_t key,
* This function checks if any key data or metadata exists for the key slot in
* the persistent storage.
*
* \param key Slot number whose content is to be checked.
* \param key Persistent identifier to check.
*
* \retval 0
* No persistent data present for slot number
* \retval 1
* Persistent data present for slot number
*/
int psa_is_key_present_in_storage( const psa_key_slot_t key );
int psa_is_key_present_in_storage( const psa_key_id_t key );
/**
* \brief Get data length for given key slot number.
*
* \param key Slot number whose stored data length is to be obtained.
* \param[out] data_length The number of bytes
* that make up the data.
* \param key Persistent identifier whose stored data length
* is to be obtained.
* \param[out] data_length The number of bytes that make up the data.
*
* \retval PSA_SUCCESS
* \retval PSA_ERROR_STORAGE_FAILURE
*/
psa_status_t psa_crypto_storage_get_data_length( const psa_key_slot_t key,
psa_status_t psa_crypto_storage_get_data_length( const psa_key_id_t key,
size_t *data_length );

29
library/psa_crypto_storage_file.c
View file

@ -48,15 +48,16 @@
enum { MAX_LOCATION_LEN = sizeof(CRYPTO_STORAGE_FILE_LOCATION) + 40 };
static void key_slot_to_location( const psa_key_slot_t key,
char *location,
size_t location_size )
static void key_id_to_location( const psa_key_id_t key,
char *location,
size_t location_size )
{
mbedtls_snprintf( location, location_size,
CRYPTO_STORAGE_FILE_LOCATION "psa_key_slot_%d", key );
CRYPTO_STORAGE_FILE_LOCATION "psa_key_slot_%lu",
(unsigned long) key );
}
psa_status_t psa_crypto_storage_load( const psa_key_slot_t key, uint8_t *data,
psa_status_t psa_crypto_storage_load( const psa_key_id_t key, uint8_t *data,
size_t data_size )
{
psa_status_t status = PSA_SUCCESS;
@ -64,7 +65,7 @@ psa_status_t psa_crypto_storage_load( const psa_key_slot_t key, uint8_t *data,
size_t num_read;
char slot_location[MAX_LOCATION_LEN];
key_slot_to_location( key, slot_location, MAX_LOCATION_LEN );
key_id_to_location( key, slot_location, MAX_LOCATION_LEN );
file = fopen( slot_location, "rb" );
if( file == NULL )
{
@ -81,12 +82,12 @@ exit:
return( status );
}
int psa_is_key_present_in_storage( const psa_key_slot_t key )
int psa_is_key_present_in_storage( const psa_key_id_t key )
{
char slot_location[MAX_LOCATION_LEN];
FILE *file;
key_slot_to_location( key, slot_location, MAX_LOCATION_LEN );
key_id_to_location( key, slot_location, MAX_LOCATION_LEN );
file = fopen( slot_location, "r" );
if( file == NULL )
@ -99,7 +100,7 @@ int psa_is_key_present_in_storage( const psa_key_slot_t key )
return( 1 );
}
psa_status_t psa_crypto_storage_store( const psa_key_slot_t key,
psa_status_t psa_crypto_storage_store( const psa_key_id_t key,
const uint8_t *data,
size_t data_length )
{
@ -114,7 +115,7 @@ psa_status_t psa_crypto_storage_store( const psa_key_slot_t key,
* affect actual keys. */
const char *temp_location = CRYPTO_STORAGE_FILE_LOCATION "psa_key_slot_0";
key_slot_to_location( key, slot_location, MAX_LOCATION_LEN );
key_id_to_location( key, slot_location, MAX_LOCATION_LEN );
if( psa_is_key_present_in_storage( key ) == 1 )
return( PSA_ERROR_OCCUPIED_SLOT );
@ -154,12 +155,12 @@ exit:
return( status );
}
psa_status_t psa_destroy_persistent_key( const psa_key_slot_t key )
psa_status_t psa_destroy_persistent_key( const psa_key_id_t key )
{
FILE *file;
char slot_location[MAX_LOCATION_LEN];
key_slot_to_location( key, slot_location, MAX_LOCATION_LEN );
key_id_to_location( key, slot_location, MAX_LOCATION_LEN );
/* Only try remove the file if it exists */
file = fopen( slot_location, "rb" );
@ -173,7 +174,7 @@ psa_status_t psa_destroy_persistent_key( const psa_key_slot_t key )
return( PSA_SUCCESS );
}
psa_status_t psa_crypto_storage_get_data_length( const psa_key_slot_t key,
psa_status_t psa_crypto_storage_get_data_length( const psa_key_id_t key,
size_t *data_length )
{
psa_status_t status = PSA_SUCCESS;
@ -181,7 +182,7 @@ psa_status_t psa_crypto_storage_get_data_length( const psa_key_slot_t key,
long file_size;
char slot_location[MAX_LOCATION_LEN];
key_slot_to_location( key, slot_location, MAX_LOCATION_LEN );
key_id_to_location( key, slot_location, MAX_LOCATION_LEN );
file = fopen( slot_location, "rb" );
if( file == NULL )

12
library/psa_crypto_storage_its.c
View file

@ -68,12 +68,12 @@ static psa_status_t its_to_psa_error( psa_its_status_t ret )
}
}
static uint32_t psa_its_identifier_of_slot( psa_key_slot_t key )
static uint32_t psa_its_identifier_of_slot( psa_key_id_t key )
{
return( key );
}
psa_status_t psa_crypto_storage_load( const psa_key_slot_t key, uint8_t *data,
psa_status_t psa_crypto_storage_load( const psa_key_id_t key, uint8_t *data,
size_t data_size )
{
psa_its_status_t ret;
@ -92,7 +92,7 @@ psa_status_t psa_crypto_storage_load( const psa_key_slot_t key, uint8_t *data,
return( status );
}
int psa_is_key_present_in_storage( const psa_key_slot_t key )
int psa_is_key_present_in_storage( const psa_key_id_t key )
{
psa_its_status_t ret;
uint32_t data_identifier = psa_its_identifier_of_slot( key );
@ -105,7 +105,7 @@ int psa_is_key_present_in_storage( const psa_key_slot_t key )
return( 1 );
}
psa_status_t psa_crypto_storage_store( const psa_key_slot_t key,
psa_status_t psa_crypto_storage_store( const psa_key_id_t key,
const uint8_t *data,
size_t data_length )
{
@ -143,7 +143,7 @@ exit:
return( status );
}
psa_status_t psa_destroy_persistent_key( const psa_key_slot_t key )
psa_status_t psa_destroy_persistent_key( const psa_key_id_t key )
{
psa_its_status_t ret;
uint32_t data_identifier = psa_its_identifier_of_slot( key );
@ -163,7 +163,7 @@ psa_status_t psa_destroy_persistent_key( const psa_key_slot_t key )
return( PSA_SUCCESS );
}
psa_status_t psa_crypto_storage_get_data_length( const psa_key_slot_t key,
psa_status_t psa_crypto_storage_get_data_length( const psa_key_id_t key,
size_t *data_length )
{
psa_its_status_t ret;