From 4ed0e6f11a6526896b3b17e82d0f04e0b88d741c Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 30 Jul 2019 20:22:33 +0200 Subject: [PATCH] Switch storage functions over to psa_core_key_attributes_t --- library/psa_crypto.c | 5 ++- library/psa_crypto_slot_management.c | 2 +- library/psa_crypto_storage.c | 37 +++++++++---------- library/psa_crypto_storage.h | 17 ++++----- ...t_suite_psa_crypto_persistent_key.function | 4 +- 5 files changed, 32 insertions(+), 33 deletions(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 1646ae584..03e56a1c0 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -1554,7 +1554,7 @@ static psa_status_t psa_finish_key_creation( #if defined(MBEDTLS_PSA_CRYPTO_SE_C) if( driver != NULL ) { - status = psa_save_persistent_key( &attributes, + status = psa_save_persistent_key( &attributes.core, (uint8_t*) &slot->data.se, sizeof( slot->data.se ) ); } @@ -1572,7 +1572,8 @@ static psa_status_t psa_finish_key_creation( buffer, buffer_size, &length, 0 ); if( status == PSA_SUCCESS ) - status = psa_save_persistent_key( &attributes, buffer, length ); + status = psa_save_persistent_key( &attributes.core, + buffer, length ); if( buffer_size != 0 ) mbedtls_platform_zeroize( buffer, buffer_size ); diff --git a/library/psa_crypto_slot_management.c b/library/psa_crypto_slot_management.c index bfa7baaa5..2cfc4a9e8 100644 --- a/library/psa_crypto_slot_management.c +++ b/library/psa_crypto_slot_management.c @@ -128,7 +128,7 @@ static psa_status_t psa_load_persistent_key_into_slot( psa_key_slot_t *p_slot ) psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; psa_set_key_id( &attributes, p_slot->attr.id ); - status = psa_load_persistent_key( &attributes, + status = psa_load_persistent_key( &attributes.core, &key_data, &key_data_length ); if( status != PSA_SUCCESS ) goto exit; diff --git a/library/psa_crypto_storage.c b/library/psa_crypto_storage.c index 4113fb7e1..55fd65af9 100644 --- a/library/psa_crypto_storage.c +++ b/library/psa_crypto_storage.c @@ -264,7 +264,7 @@ typedef struct { void psa_format_key_data_for_storage( const uint8_t *data, const size_t data_length, - const psa_key_attributes_t *attributes, + const psa_core_key_attributes_t *attr, uint8_t *storage_data ) { psa_persistent_key_storage_format *storage_format = @@ -272,11 +272,11 @@ void psa_format_key_data_for_storage( const uint8_t *data, memcpy( storage_format->magic, PSA_KEY_STORAGE_MAGIC_HEADER, PSA_KEY_STORAGE_MAGIC_HEADER_LENGTH ); PUT_UINT32_LE( 0, storage_format->version, 0 ); - PUT_UINT32_LE( psa_get_key_lifetime( attributes ), storage_format->lifetime, 0 ); - PUT_UINT32_LE( psa_get_key_type( attributes ), storage_format->type, 0 ); - PUT_UINT32_LE( psa_get_key_usage_flags( attributes ), storage_format->policy, 0 ); - PUT_UINT32_LE( psa_get_key_algorithm( attributes ), storage_format->policy, sizeof( uint32_t ) ); - PUT_UINT32_LE( psa_get_key_enrollment_algorithm( attributes ), storage_format->policy, 2 * sizeof( uint32_t ) ); + PUT_UINT32_LE( attr->lifetime, storage_format->lifetime, 0 ); + PUT_UINT32_LE( attr->type, storage_format->type, 0 ); + PUT_UINT32_LE( attr->policy.usage, storage_format->policy, 0 ); + PUT_UINT32_LE( attr->policy.alg, storage_format->policy, sizeof( uint32_t ) ); + PUT_UINT32_LE( attr->policy.alg2, storage_format->policy, 2 * sizeof( uint32_t ) ); PUT_UINT32_LE( data_length, storage_format->data_len, 0 ); memcpy( storage_format->key_data, data, data_length ); } @@ -293,7 +293,7 @@ psa_status_t psa_parse_key_data_from_storage( const uint8_t *storage_data, size_t storage_data_length, uint8_t **key_data, size_t *key_data_length, - psa_key_attributes_t *attributes ) + psa_core_key_attributes_t *attr ) { psa_status_t status; const psa_persistent_key_storage_format *storage_format = @@ -328,16 +328,16 @@ psa_status_t psa_parse_key_data_from_storage( const uint8_t *storage_data, memcpy( *key_data, storage_format->key_data, *key_data_length ); } - GET_UINT32_LE( attributes->core.lifetime, storage_format->lifetime, 0 ); - GET_UINT32_LE( attributes->core.type, storage_format->type, 0 ); - GET_UINT32_LE( attributes->core.policy.usage, storage_format->policy, 0 ); - GET_UINT32_LE( attributes->core.policy.alg, storage_format->policy, sizeof( uint32_t ) ); - GET_UINT32_LE( attributes->core.policy.alg2, storage_format->policy, 2 * sizeof( uint32_t ) ); + GET_UINT32_LE( attr->lifetime, storage_format->lifetime, 0 ); + GET_UINT32_LE( attr->type, storage_format->type, 0 ); + GET_UINT32_LE( attr->policy.usage, storage_format->policy, 0 ); + GET_UINT32_LE( attr->policy.alg, storage_format->policy, sizeof( uint32_t ) ); + GET_UINT32_LE( attr->policy.alg2, storage_format->policy, 2 * sizeof( uint32_t ) ); return( PSA_SUCCESS ); } -psa_status_t psa_save_persistent_key( const psa_key_attributes_t *attributes, +psa_status_t psa_save_persistent_key( const psa_core_key_attributes_t *attr, const uint8_t *data, const size_t data_length ) { @@ -353,10 +353,9 @@ psa_status_t psa_save_persistent_key( const psa_key_attributes_t *attributes, if( storage_data == NULL ) return( PSA_ERROR_INSUFFICIENT_MEMORY ); - psa_format_key_data_for_storage( data, data_length, attributes, - storage_data ); + psa_format_key_data_for_storage( data, data_length, attr, storage_data ); - status = psa_crypto_storage_store( psa_get_key_id( attributes ), + status = psa_crypto_storage_store( attr->id, storage_data, storage_data_length ); mbedtls_free( storage_data ); @@ -373,14 +372,14 @@ void psa_free_persistent_key_data( uint8_t *key_data, size_t key_data_length ) mbedtls_free( key_data ); } -psa_status_t psa_load_persistent_key( psa_key_attributes_t *attributes, +psa_status_t psa_load_persistent_key( psa_core_key_attributes_t *attr, uint8_t **data, size_t *data_length ) { psa_status_t status = PSA_SUCCESS; uint8_t *loaded_data; size_t storage_data_length = 0; - psa_key_id_t key = psa_get_key_id( attributes ); + psa_key_id_t key = attr->id; status = psa_crypto_storage_get_data_length( key, &storage_data_length ); if( status != PSA_SUCCESS ) @@ -396,7 +395,7 @@ psa_status_t psa_load_persistent_key( psa_key_attributes_t *attributes, goto exit; status = psa_parse_key_data_from_storage( loaded_data, storage_data_length, - data, data_length, attributes ); + data, data_length, attr ); exit: mbedtls_free( loaded_data ); diff --git a/library/psa_crypto_storage.h b/library/psa_crypto_storage.h index 938cc4f89..1b7dbd67c 100644 --- a/library/psa_crypto_storage.h +++ b/library/psa_crypto_storage.h @@ -88,7 +88,7 @@ int psa_is_key_present_in_storage( const psa_key_file_id_t key ); * already occupied non-persistent key, as well as validating the key data. * * - * \param[in] attributes The attributes of the key to save. + * \param[in] attr The attributes of the key to save. * The key identifier field in the attributes * determines the key's location. * \param[in] data Buffer containing the key data. @@ -100,7 +100,7 @@ int psa_is_key_present_in_storage( const psa_key_file_id_t key ); * \retval PSA_ERROR_STORAGE_FAILURE * \retval PSA_ERROR_ALREADY_EXISTS */ -psa_status_t psa_save_persistent_key( const psa_key_attributes_t *attributes, +psa_status_t psa_save_persistent_key( const psa_core_key_attributes_t *attr, const uint8_t *data, const size_t data_length ); @@ -116,8 +116,7 @@ psa_status_t psa_save_persistent_key( const psa_key_attributes_t *attributes, * this function to zeroize and free this buffer, regardless of whether this * function succeeds or fails. * - * \param[in,out] attributes - * On input, the key identifier field identifies + * \param[in,out] attr On input, the key identifier field identifies * the key to load. Other fields are ignored. * On success, the attribute structure contains * the key metadata that was loaded from storage. @@ -129,7 +128,7 @@ psa_status_t psa_save_persistent_key( const psa_key_attributes_t *attributes, * \retval PSA_ERROR_STORAGE_FAILURE * \retval PSA_ERROR_DOES_NOT_EXIST */ -psa_status_t psa_load_persistent_key( psa_key_attributes_t *attributes, +psa_status_t psa_load_persistent_key( psa_core_key_attributes_t *attr, uint8_t **data, size_t *data_length ); @@ -163,13 +162,13 @@ void psa_free_persistent_key_data( uint8_t *key_data, size_t key_data_length ); * * \param[in] data Buffer containing the key data. * \param data_length Length of the key data buffer. - * \param[in] attributes The attributes of the key. + * \param[in] attr The core attributes of the key. * \param[out] storage_data Output buffer for the formatted data. * */ void psa_format_key_data_for_storage( const uint8_t *data, const size_t data_length, - const psa_key_attributes_t *attributes, + const psa_core_key_attributes_t *attr, uint8_t *storage_data ); /** @@ -181,7 +180,7 @@ void psa_format_key_data_for_storage( const uint8_t *data, * containing the key data. This must be freed * using psa_free_persistent_key_data() * \param[out] key_data_length Length of the key data buffer - * \param[out] attributes On success, the attribute structure is filled + * \param[out] attr On success, the attribute structure is filled * with the loaded key metadata. * * \retval PSA_SUCCESS @@ -193,7 +192,7 @@ psa_status_t psa_parse_key_data_from_storage( const uint8_t *storage_data, size_t storage_data_length, uint8_t **key_data, size_t *key_data_length, - psa_key_attributes_t *attributes ); + psa_core_key_attributes_t *attr ); #if defined(MBEDTLS_PSA_CRYPTO_SE_C) /** This symbol is defined if transaction support is required. */ diff --git a/tests/suites/test_suite_psa_crypto_persistent_key.function b/tests/suites/test_suite_psa_crypto_persistent_key.function index 61f7f886a..115bfea5d 100644 --- a/tests/suites/test_suite_psa_crypto_persistent_key.function +++ b/tests/suites/test_suite_psa_crypto_persistent_key.function @@ -45,7 +45,7 @@ void format_storage_data_check( data_t *key_data, file_data_length = key_data->len + sizeof( psa_persistent_key_storage_format ); file_data = mbedtls_calloc( 1, file_data_length ); psa_format_key_data_for_storage( key_data->x, key_data->len, - &attributes, + &attributes.core, file_data ); ASSERT_COMPARE( expected_file_data->x, expected_file_data->len, @@ -71,7 +71,7 @@ void parse_storage_data_check( data_t *file_data, status = psa_parse_key_data_from_storage( file_data->x, file_data->len, &key_data, &key_data_length, - &attributes ); + &attributes.core ); TEST_EQUAL( status, expected_status ); if( status != PSA_SUCCESS )