2018-06-15 14:06:04 +02:00
|
|
|
/*
|
|
|
|
* PSA persistent key storage
|
|
|
|
*/
|
|
|
|
/* Copyright (C) 2018, ARM Limited, All Rights Reserved
|
|
|
|
* SPDX-License-Identifier: Apache-2.0
|
|
|
|
*
|
|
|
|
* Licensed under the Apache License, Version 2.0 (the "License"); you may
|
|
|
|
* not use this file except in compliance with the License.
|
|
|
|
* You may obtain a copy of the License at
|
|
|
|
*
|
|
|
|
* http://www.apache.org/licenses/LICENSE-2.0
|
|
|
|
*
|
|
|
|
* Unless required by applicable law or agreed to in writing, software
|
|
|
|
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
|
|
|
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
|
|
* See the License for the specific language governing permissions and
|
|
|
|
* limitations under the License.
|
|
|
|
*
|
|
|
|
* This file is part of mbed TLS (https://tls.mbed.org)
|
|
|
|
*/
|
|
|
|
|
|
|
|
#if defined(MBEDTLS_CONFIG_FILE)
|
|
|
|
#include MBEDTLS_CONFIG_FILE
|
|
|
|
#else
|
|
|
|
#include "mbedtls/config.h"
|
|
|
|
#endif
|
|
|
|
|
|
|
|
#if defined(MBEDTLS_PSA_CRYPTO_STORAGE_C)
|
|
|
|
|
|
|
|
#include <stdlib.h>
|
|
|
|
#include <string.h>
|
|
|
|
|
|
|
|
#include "psa/crypto.h"
|
|
|
|
#include "psa_crypto_storage.h"
|
|
|
|
#include "psa_crypto_storage_backend.h"
|
|
|
|
#include "mbedtls/platform_util.h"
|
|
|
|
|
|
|
|
#if defined(MBEDTLS_PLATFORM_C)
|
|
|
|
#include "mbedtls/platform.h"
|
|
|
|
#else
|
|
|
|
#define mbedtls_calloc calloc
|
|
|
|
#define mbedtls_free free
|
|
|
|
#endif
|
|
|
|
|
|
|
|
/*
|
|
|
|
* 32-bit integer manipulation macros (little endian)
|
|
|
|
*/
|
|
|
|
#ifndef GET_UINT32_LE
|
|
|
|
#define GET_UINT32_LE(n,b,i) \
|
|
|
|
{ \
|
|
|
|
(n) = ( (uint32_t) (b)[(i) ] ) \
|
|
|
|
| ( (uint32_t) (b)[(i) + 1] << 8 ) \
|
|
|
|
| ( (uint32_t) (b)[(i) + 2] << 16 ) \
|
|
|
|
| ( (uint32_t) (b)[(i) + 3] << 24 ); \
|
|
|
|
}
|
|
|
|
#endif
|
|
|
|
|
|
|
|
#ifndef PUT_UINT32_LE
|
|
|
|
#define PUT_UINT32_LE(n,b,i) \
|
|
|
|
{ \
|
|
|
|
(b)[(i) ] = (unsigned char) ( ( (n) ) & 0xFF ); \
|
|
|
|
(b)[(i) + 1] = (unsigned char) ( ( (n) >> 8 ) & 0xFF ); \
|
|
|
|
(b)[(i) + 2] = (unsigned char) ( ( (n) >> 16 ) & 0xFF ); \
|
|
|
|
(b)[(i) + 3] = (unsigned char) ( ( (n) >> 24 ) & 0xFF ); \
|
|
|
|
}
|
|
|
|
#endif
|
|
|
|
|
2018-06-28 17:02:17 +02:00
|
|
|
/**
|
|
|
|
* Persistent key storage magic header.
|
|
|
|
*/
|
|
|
|
#define PSA_KEY_STORAGE_MAGIC_HEADER "PSA\0KEY"
|
|
|
|
#define PSA_KEY_STORAGE_MAGIC_HEADER_LENGTH ( sizeof( PSA_KEY_STORAGE_MAGIC_HEADER ) )
|
|
|
|
|
2018-06-15 14:06:04 +02:00
|
|
|
typedef struct {
|
2018-06-28 17:02:17 +02:00
|
|
|
uint8_t magic[PSA_KEY_STORAGE_MAGIC_HEADER_LENGTH];
|
2018-06-15 14:06:04 +02:00
|
|
|
uint8_t version[4];
|
|
|
|
uint8_t type[sizeof( psa_key_type_t )];
|
|
|
|
uint8_t policy[sizeof( psa_key_policy_t )];
|
|
|
|
uint8_t data_len[4];
|
|
|
|
uint8_t key_data[];
|
|
|
|
} psa_persistent_key_storage_format;
|
|
|
|
|
|
|
|
void psa_format_key_data_for_storage( const uint8_t *data,
|
|
|
|
const size_t data_length,
|
|
|
|
const psa_key_type_t type,
|
|
|
|
const psa_key_policy_t *policy,
|
|
|
|
uint8_t *storage_data )
|
|
|
|
{
|
|
|
|
psa_persistent_key_storage_format *storage_format =
|
|
|
|
(psa_persistent_key_storage_format *) storage_data;
|
|
|
|
|
2018-06-28 17:02:17 +02:00
|
|
|
memcpy( storage_format->magic, PSA_KEY_STORAGE_MAGIC_HEADER, PSA_KEY_STORAGE_MAGIC_HEADER_LENGTH );
|
2018-06-15 14:06:04 +02:00
|
|
|
PUT_UINT32_LE(0, storage_format->version, 0);
|
|
|
|
PUT_UINT32_LE(type, storage_format->type, 0);
|
|
|
|
PUT_UINT32_LE(policy->usage, storage_format->policy, 0);
|
|
|
|
PUT_UINT32_LE(policy->alg, storage_format->policy, sizeof( uint32_t ));
|
|
|
|
PUT_UINT32_LE(data_length, storage_format->data_len, 0);
|
|
|
|
memcpy( storage_format->key_data, data, data_length );
|
|
|
|
}
|
|
|
|
|
2018-06-28 17:02:17 +02:00
|
|
|
static psa_status_t check_magic_header( const uint8_t *data )
|
|
|
|
{
|
|
|
|
if( memcmp( data, PSA_KEY_STORAGE_MAGIC_HEADER,
|
|
|
|
PSA_KEY_STORAGE_MAGIC_HEADER_LENGTH ) != 0 )
|
|
|
|
return( PSA_ERROR_STORAGE_FAILURE );
|
|
|
|
return( PSA_SUCCESS );
|
|
|
|
}
|
|
|
|
|
2018-06-15 14:06:04 +02:00
|
|
|
psa_status_t psa_parse_key_data_from_storage( const uint8_t *storage_data,
|
|
|
|
size_t storage_data_length,
|
|
|
|
uint8_t **key_data,
|
|
|
|
size_t *key_data_length,
|
|
|
|
psa_key_type_t *type,
|
|
|
|
psa_key_policy_t *policy )
|
|
|
|
{
|
2018-06-28 17:02:17 +02:00
|
|
|
psa_status_t status;
|
2018-06-15 14:06:04 +02:00
|
|
|
const psa_persistent_key_storage_format *storage_format =
|
|
|
|
(const psa_persistent_key_storage_format *)storage_data;
|
|
|
|
uint32_t version;
|
|
|
|
|
2018-06-28 17:02:17 +02:00
|
|
|
if( storage_data_length < sizeof(*storage_format) )
|
|
|
|
return( PSA_ERROR_STORAGE_FAILURE );
|
|
|
|
|
|
|
|
status = check_magic_header( storage_data );
|
|
|
|
if( status != PSA_SUCCESS )
|
|
|
|
return( status );
|
|
|
|
|
2018-06-15 14:06:04 +02:00
|
|
|
GET_UINT32_LE(version, storage_format->version, 0);
|
|
|
|
if( version != 0 )
|
|
|
|
return( PSA_ERROR_STORAGE_FAILURE );
|
|
|
|
|
|
|
|
GET_UINT32_LE(*key_data_length, storage_format->data_len, 0);
|
|
|
|
if( *key_data_length > ( storage_data_length - sizeof(*storage_format) ) ||
|
|
|
|
*key_data_length > PSA_CRYPTO_MAX_STORAGE_SIZE )
|
|
|
|
return( PSA_ERROR_STORAGE_FAILURE );
|
|
|
|
|
|
|
|
*key_data = mbedtls_calloc( 1, *key_data_length );
|
|
|
|
if( *key_data == NULL )
|
|
|
|
return( PSA_ERROR_INSUFFICIENT_MEMORY );
|
|
|
|
|
|
|
|
GET_UINT32_LE(*type, storage_format->type, 0);
|
|
|
|
GET_UINT32_LE(policy->usage, storage_format->policy, 0);
|
|
|
|
GET_UINT32_LE(policy->alg, storage_format->policy, sizeof( uint32_t ));
|
|
|
|
|
|
|
|
memcpy( *key_data, storage_format->key_data, *key_data_length );
|
|
|
|
|
|
|
|
return( PSA_SUCCESS );
|
|
|
|
}
|
|
|
|
|
|
|
|
psa_status_t psa_save_persistent_key( const psa_key_slot_t key,
|
|
|
|
const psa_key_type_t type,
|
|
|
|
const psa_key_policy_t *policy,
|
|
|
|
const uint8_t *data,
|
|
|
|
const size_t data_length )
|
|
|
|
{
|
|
|
|
size_t storage_data_length;
|
|
|
|
uint8_t *storage_data;
|
|
|
|
psa_status_t status;
|
|
|
|
|
|
|
|
if( data_length > PSA_CRYPTO_MAX_STORAGE_SIZE )
|
|
|
|
return PSA_ERROR_INSUFFICIENT_STORAGE;
|
|
|
|
storage_data_length = data_length + sizeof( psa_persistent_key_storage_format );
|
|
|
|
|
|
|
|
storage_data = mbedtls_calloc( 1, storage_data_length );
|
|
|
|
if( storage_data == NULL )
|
|
|
|
return( PSA_ERROR_INSUFFICIENT_MEMORY );
|
|
|
|
|
|
|
|
psa_format_key_data_for_storage( data, data_length, type, policy,
|
|
|
|
storage_data );
|
|
|
|
|
|
|
|
status = psa_crypto_storage_store( key,
|
|
|
|
storage_data, storage_data_length );
|
|
|
|
|
|
|
|
mbedtls_free( storage_data );
|
|
|
|
|
|
|
|
return( status );
|
|
|
|
}
|
|
|
|
|
|
|
|
void psa_free_persistent_key_data( uint8_t *key_data, size_t key_data_length )
|
|
|
|
{
|
|
|
|
if( key_data != NULL )
|
|
|
|
{
|
|
|
|
mbedtls_platform_zeroize( key_data, key_data_length );
|
|
|
|
}
|
|
|
|
mbedtls_free( key_data );
|
|
|
|
}
|
|
|
|
|
|
|
|
psa_status_t psa_load_persistent_key( psa_key_slot_t key,
|
|
|
|
psa_key_type_t *type,
|
|
|
|
psa_key_policy_t *policy,
|
|
|
|
uint8_t **data,
|
|
|
|
size_t *data_length )
|
|
|
|
{
|
|
|
|
psa_status_t status = PSA_SUCCESS;
|
|
|
|
uint8_t *loaded_data;
|
|
|
|
size_t storage_data_length = 0;
|
|
|
|
|
|
|
|
status = psa_crypto_storage_get_data_length( key, &storage_data_length );
|
|
|
|
if( status != PSA_SUCCESS )
|
|
|
|
return( status );
|
|
|
|
|
|
|
|
loaded_data = mbedtls_calloc( 1, storage_data_length );
|
|
|
|
|
|
|
|
if( loaded_data == NULL )
|
|
|
|
return( PSA_ERROR_INSUFFICIENT_MEMORY );
|
|
|
|
|
|
|
|
status = psa_crypto_storage_load( key, loaded_data, storage_data_length );
|
|
|
|
if( status != PSA_SUCCESS )
|
|
|
|
goto exit;
|
|
|
|
|
|
|
|
status = psa_parse_key_data_from_storage( loaded_data, storage_data_length,
|
|
|
|
data, data_length, type, policy );
|
|
|
|
|
|
|
|
exit:
|
|
|
|
mbedtls_free( loaded_data );
|
|
|
|
return( status );
|
|
|
|
}
|
|
|
|
|
|
|
|
#endif /* MBEDTLS_PSA_CRYPTO_STORAGE_C */
|