mbedtls/library/psa_crypto_storage_its.c
Moran Peker a26d764bae Add new PSA Crypto Storage backend implementation using ITS APIs
The new file is conditionally compiled with the new mbedtls
configuration option that  Mbed OS would set by default -
`MBEDTLS_PSA_CRYPTO_STORAGE_ITS_C`.

-
2018-11-21 13:28:10 +02:00

185 lines
5.3 KiB
C

/*
* PSA storage backend for persistent keys using psa_its APIs.
*/
/* Copyright (C) 2018, ARM Limited, All Rights Reserved
* SPDX-License-Identifier: Apache-2.0
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
* not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*
* This file is part of mbed TLS (https://tls.mbed.org)
*/
#if defined(MBEDTLS_CONFIG_FILE)
#include MBEDTLS_CONFIG_FILE
#else
#include "mbedtls/config.h"
#endif
#if defined(MBEDTLS_PSA_CRYPTO_STORAGE_ITS_C)
#include "psa/crypto.h"
#include "psa_crypto_storage_backend.h"
#include "psa_prot_internal_storage.h"
#if defined(MBEDTLS_PLATFORM_C)
#include "mbedtls/platform.h"
#endif
static psa_status_t its_to_psa_error( psa_its_status_t ret )
{
switch( ret )
{
case PSA_ITS_SUCCESS:
return( PSA_SUCCESS );
case PSA_ITS_ERROR_KEY_NOT_FOUND:
return( PSA_ERROR_EMPTY_SLOT );
case PSA_ITS_ERROR_STORAGE_FAILURE:
return( PSA_ERROR_STORAGE_FAILURE );
case PSA_ITS_ERROR_INSUFFICIENT_SPACE:
return( PSA_ERROR_INSUFFICIENT_STORAGE );
case PSA_ITS_ERROR_INVALID_KEY:
case PSA_PS_ERROR_OFFSET_INVALID:
case PSA_ITS_ERROR_INCORRECT_SIZE:
case PSA_ITS_ERROR_BAD_POINTER:
return( PSA_ERROR_INVALID_ARGUMENT );
case PSA_ITS_ERROR_FLAGS_NOT_SUPPORTED:
return( PSA_ERROR_NOT_SUPPORTED );
case PSA_ITS_ERROR_WRITE_ONCE:
return( PSA_ERROR_OCCUPIED_SLOT );
default:
return( PSA_ERROR_UNKNOWN_ERROR );
}
}
static uint32_t psa_its_identifier_of_slot( psa_key_slot_t key )
{
return( key );
}
psa_status_t psa_crypto_storage_load( const psa_key_slot_t key, uint8_t *data,
size_t data_size )
{
psa_its_status_t ret;
psa_status_t status;
uint32_t data_identifier = psa_its_identifier_of_slot( key );
struct psa_its_info_t data_identifier_info;
ret = psa_its_get_info( data_identifier, &data_identifier_info );
status = its_to_psa_error( ret );
if( status != PSA_SUCCESS )
return( status );
ret = psa_its_get( data_identifier, 0, data_size, data );
status = its_to_psa_error( ret );
return( status );
}
int psa_is_key_present_in_storage( const psa_key_slot_t key )
{
psa_its_status_t ret;
uint32_t data_identifier = psa_its_identifier_of_slot( key );
struct psa_its_info_t data_identifier_info;
ret = psa_its_get_info( data_identifier, &data_identifier_info );
if( ret == PSA_ITS_ERROR_KEY_NOT_FOUND )
return( 0 );
return( 1 );
}
psa_status_t psa_crypto_storage_store( const psa_key_slot_t key,
const uint8_t *data,
size_t data_length )
{
psa_its_status_t ret;
psa_status_t status;
uint32_t data_identifier = psa_its_identifier_of_slot( key );
struct psa_its_info_t data_identifier_info;
if( psa_is_key_present_in_storage( key ) == 1 )
return( PSA_ERROR_OCCUPIED_SLOT );
ret = psa_its_set( data_identifier, data_length, data, 0 );
status = its_to_psa_error( ret );
if( status != PSA_SUCCESS )
{
return( PSA_ERROR_STORAGE_FAILURE );
}
ret = psa_its_get_info( data_identifier, &data_identifier_info );
status = its_to_psa_error( ret );
if( status != PSA_SUCCESS )
{
goto exit;
}
if( data_identifier_info.size != data_length )
{
status = PSA_ERROR_STORAGE_FAILURE;
goto exit;
}
exit:
if( status != PSA_SUCCESS )
psa_its_remove( data_identifier );
return( status );
}
psa_status_t psa_destroy_persistent_key( const psa_key_slot_t key )
{
psa_its_status_t ret;
uint32_t data_identifier = psa_its_identifier_of_slot( key );
struct psa_its_info_t data_identifier_info;
ret = psa_its_get_info( data_identifier, &data_identifier_info );
if( ret == PSA_ITS_ERROR_KEY_NOT_FOUND )
return( PSA_SUCCESS );
if( psa_its_remove( data_identifier ) != PSA_ITS_SUCCESS )
return( PSA_ERROR_STORAGE_FAILURE );
ret = psa_its_get_info( data_identifier, &data_identifier_info );
if( ret != PSA_ITS_ERROR_KEY_NOT_FOUND )
return( PSA_ERROR_STORAGE_FAILURE );
return( PSA_SUCCESS );
}
psa_status_t psa_crypto_storage_get_data_length( const psa_key_slot_t key,
size_t *data_length )
{
psa_its_status_t ret;
psa_status_t status;
uint32_t data_identifier = psa_its_identifier_of_slot( key );
struct psa_its_info_t data_identifier_info;
ret = psa_its_get_info( data_identifier, &data_identifier_info );
status = its_to_psa_error( ret );
if( status != PSA_SUCCESS )
return( status );
*data_length = (size_t) data_identifier_info.size;
return( PSA_SUCCESS );
}
#endif /* MBEDTLS_PSA_CRYPTO_STORAGE_ITS_C */