lib/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-07-29 11:41:15 +03:00
Code Activity

Merge pull request #157 from gilles-peskine-arm/psa-se_driver-create_key

Browse Source 
Secure element key creation foundation
This commit is contained in:
Gilles Peskine
2019-07-26 14:39:55 +02:00
committed by GitHub
parent f61bf9c13b 66be51c35d
commit adb1c52149
20 changed files with 2194 additions and 360 deletions
Download Patch File Download Diff File Expand all files Collapse all files

436
library/psa_crypto.c
View File

@ -363,6 +363,13 @@ static psa_status_t mbedtls_to_psa_error( int ret )
/* Key management */
/****************************************************************/
#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
static inline int psa_key_slot_is_external( const psa_key_slot_t *slot )
{
return( psa_key_lifetime_is_external( slot->lifetime ) );
}
#endif /* MBEDTLS_PSA_CRYPTO_SE_C */
#if defined(MBEDTLS_ECP_C)
static psa_ecc_curve_t mbedtls_ecc_group_to_psa( mbedtls_ecp_group_id grpid )
{
@ -864,9 +871,46 @@ static psa_status_t psa_get_key_from_slot( psa_key_handle_t handle,
return( PSA_SUCCESS );
}
/** Retrieve a slot which must contain a transparent key.
*
* A transparent key is a key for which the key material is directly
* available, as opposed to a key in a secure element.
*
* This is a temporary function to use instead of psa_get_key_from_slot()
* until secure element support is fully implemented.
*/
#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
static psa_status_t psa_get_transparent_key( psa_key_handle_t handle,
psa_key_slot_t **p_slot,
psa_key_usage_t usage,
psa_algorithm_t alg )
{
psa_status_t status = psa_get_key_from_slot( handle, p_slot, usage, alg );
if( status != PSA_SUCCESS )
return( status );
if( psa_key_slot_is_external( *p_slot ) )
{
*p_slot = NULL;
return( PSA_ERROR_NOT_SUPPORTED );
}
return( PSA_SUCCESS );
}
#else /* MBEDTLS_PSA_CRYPTO_SE_C */
/* With no secure element support, all keys are transparent. */
#define psa_get_transparent_key( handle, p_slot, usage, alg ) \
psa_get_key_from_slot( handle, p_slot, usage, alg )
#endif /* MBEDTLS_PSA_CRYPTO_SE_C */
/** Wipe key data from a slot. Preserve metadata such as the policy. */
static psa_status_t psa_remove_key_data_from_memory( psa_key_slot_t *slot )
{
#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
if( psa_key_slot_is_external( slot ) )
{
/* No key material to clean. */
}
else
#endif /* MBEDTLS_PSA_CRYPTO_SE_C */
if( slot->type == PSA_KEY_TYPE_NONE )
{
/* No key material to clean. */
@ -925,10 +969,39 @@ psa_status_t psa_destroy_key( psa_key_handle_t handle )
psa_key_slot_t *slot;
psa_status_t status = PSA_SUCCESS;
psa_status_t storage_status = PSA_SUCCESS;
#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
psa_se_drv_table_entry_t *driver;
#endif /* MBEDTLS_PSA_CRYPTO_SE_C */
status = psa_get_key_slot( handle, &slot );
if( status != PSA_SUCCESS )
return( status );
#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
driver = psa_get_se_driver_entry( slot->lifetime );
if( driver != NULL )
{
/* For a key in a secure element, we need to do three things:
* remove the key file in internal storage, destroy the
* key inside the secure element, and update the driver's
* persistent data. Start a transaction that will encompass these
* three actions. */
psa_crypto_prepare_transaction( PSA_CRYPTO_TRANSACTION_DESTROY_KEY );
psa_crypto_transaction.key.lifetime = slot->lifetime;
psa_crypto_transaction.key.slot = slot->data.se.slot_number;
psa_crypto_transaction.key.id = slot->persistent_storage_id;
status = psa_crypto_save_transaction( );
if( status != PSA_SUCCESS )
{
(void) psa_crypto_stop_transaction( );
/* TOnogrepDO: destroy what can be destroyed anyway */
return( status );
}
status = psa_destroy_se_key( driver, slot->data.se.slot_number );
}
#endif /* MBEDTLS_PSA_CRYPTO_SE_C */
#if defined(MBEDTLS_PSA_CRYPTO_STORAGE_C)
if( slot->lifetime == PSA_KEY_LIFETIME_PERSISTENT )
{
@ -936,6 +1009,23 @@ psa_status_t psa_destroy_key( psa_key_handle_t handle )
psa_destroy_persistent_key( slot->persistent_storage_id );
}
#endif /* defined(MBEDTLS_PSA_CRYPTO_STORAGE_C) */
#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
if( driver != NULL )
{
psa_status_t status2;
status = psa_save_se_persistent_data( driver );
status2 = psa_crypto_stop_transaction( );
if( status == PSA_SUCCESS )
status = status2;
if( status != PSA_SUCCESS )
{
/* TOnogrepDO: destroy what can be destroyed anyway */
return( status );
}
}
#endif /* MBEDTLS_PSA_CRYPTO_SE_C */
status = psa_wipe_key_slot( slot );
if( status != PSA_SUCCESS )
return( status );
@ -1050,6 +1140,22 @@ exit:
}
#endif /* MBEDTLS_RSA_C */
/** Retrieve the readily-accessible attributes of a key in a slot.
*
* This function does not compute attributes that are not directly
* stored in the slot, such as the bit size of a transparent key.
*/
static void psa_get_key_slot_attributes( psa_key_slot_t *slot,
psa_key_attributes_t *attributes )
{
attributes->id = slot->persistent_storage_id;
attributes->lifetime = slot->lifetime;
attributes->policy = slot->policy;
attributes->type = slot->type;
}
/** Retrieve all the publicly-accessible attributes of a key.
*/
psa_status_t psa_get_key_attributes( psa_key_handle_t handle,
psa_key_attributes_t *attributes )
{
@ -1058,14 +1164,11 @@ psa_status_t psa_get_key_attributes( psa_key_handle_t handle,
psa_reset_key_attributes( attributes );
status = psa_get_key_slot( handle, &slot );
status = psa_get_transparent_key( handle, &slot, 0, 0 );
if( status != PSA_SUCCESS )
return( status );
attributes->id = slot->persistent_storage_id;
attributes->lifetime = slot->lifetime;
attributes->policy = slot->policy;
attributes->type = slot->type;
psa_get_key_slot_attributes( slot, attributes );
attributes->bits = psa_get_key_slot_bits( slot );
switch( slot->type )
@ -1108,11 +1211,33 @@ static psa_status_t psa_internal_export_key( const psa_key_slot_t *slot,
size_t *data_length,
int export_public_key )
{
#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
const psa_drv_se_t *drv;
psa_drv_se_context_t *drv_context;
#endif /* MBEDTLS_PSA_CRYPTO_SE_C */
*data_length = 0;
if( export_public_key && ! PSA_KEY_TYPE_IS_ASYMMETRIC( slot->type ) )
return( PSA_ERROR_INVALID_ARGUMENT );
#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
if( psa_get_se_driver( slot->lifetime, &drv, &drv_context ) )
{
psa_drv_se_export_key_t method;
if( drv->key_management == NULL )
return( PSA_ERROR_NOT_SUPPORTED );
method = ( export_public_key ?
drv->key_management->p_export_public :
drv->key_management->p_export );
if( method == NULL )
return( PSA_ERROR_NOT_SUPPORTED );
return( method( drv_context,
slot->data.se.slot_number,
data, data_size, data_length ) );
}
#endif /* MBEDTLS_PSA_CRYPTO_SE_C */
if( key_type_is_raw_bytes( slot->type ) )
{
if( slot->data.raw.bytes > data_size )
@ -1291,9 +1416,11 @@ static psa_status_t psa_set_key_policy_internal(
* In case of failure at any step, stop the sequence and call
* psa_fail_key_creation().
*
* \param attributes Key attributes for the new key.
* \param handle On success, a handle for the allocated slot.
* \param p_slot On success, a pointer to the prepared slot.
* \param[in] attributes Key attributes for the new key.
* \param[out] handle On success, a handle for the allocated slot.
* \param[out] p_slot On success, a pointer to the prepared slot.
* \param[out] p_drv On any return, the driver for the key, if any.
* NULL for a transparent key.
*
* \retval #PSA_SUCCESS
* The key slot is ready to receive key material.
@ -1303,11 +1430,14 @@ static psa_status_t psa_set_key_policy_internal(
static psa_status_t psa_start_key_creation(
const psa_key_attributes_t *attributes,
psa_key_handle_t *handle,
psa_key_slot_t **p_slot )
psa_key_slot_t **p_slot,
psa_se_drv_table_entry_t **p_drv )
{
psa_status_t status;
psa_key_slot_t *slot;
*p_drv = NULL;
status = psa_internal_allocate_key_slot( handle, p_slot );
if( status != PSA_SUCCESS )
return( status );
@ -1317,16 +1447,51 @@ static psa_status_t psa_start_key_creation(
if( status != PSA_SUCCESS )
return( status );
slot->lifetime = attributes->lifetime;
if( attributes->lifetime != PSA_KEY_LIFETIME_VOLATILE )
{
status = psa_validate_persistent_key_parameters( attributes->lifetime,
attributes->id, 1 );
attributes->id,
p_drv, 1 );
if( status != PSA_SUCCESS )
return( status );
slot->persistent_storage_id = attributes->id;
}
slot->type = attributes->type;
#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
/* For a key in a secure element, we need to do three things:
* create the key file in internal storage, create the
* key inside the secure element, and update the driver's
* persistent data. Start a transaction that will encompass these
* three actions. */
/* The first thing to do is to find a slot number for the new key.
* We save the slot number in persistent storage as part of the
* transaction data. It will be needed to recover if the power
* fails during the key creation process, to clean up on the secure
* element side after restarting. Obtaining a slot number from the
* secure element driver updates its persistent state, but we do not yet
* save the driver's persistent state, so that if the power fails,
* we can roll back to a state where the key doesn't exist. */
if( *p_drv != NULL )
{
status = psa_find_se_slot_for_key( attributes, *p_drv,
&slot->data.se.slot_number );
if( status != PSA_SUCCESS )
return( status );
psa_crypto_prepare_transaction( PSA_CRYPTO_TRANSACTION_CREATE_KEY );
psa_crypto_transaction.key.lifetime = slot->lifetime;
psa_crypto_transaction.key.slot = slot->data.se.slot_number;
psa_crypto_transaction.key.id = slot->persistent_storage_id;
status = psa_crypto_save_transaction( );
if( status != PSA_SUCCESS )
{
(void) psa_crypto_stop_transaction( );
return( status );
}
}
#endif /* MBEDTLS_PSA_CRYPTO_SE_C */
return( status );
}
@ -1338,47 +1503,82 @@ static psa_status_t psa_start_key_creation(
* See the documentation of psa_start_key_creation() for the intended use
* of this function.
*
* \param slot Pointer to the slot with key material.
* \param[in,out] slot Pointer to the slot with key material.
* \param[in] driver The secure element driver for the key,
* or NULL for a transparent key.
*
* \retval #PSA_SUCCESS
* The key was successfully created. The handle is now valid.
* \return If this function fails, the key slot is an invalid state.
* You must call psa_fail_key_creation() to wipe and free the slot.
*/
static psa_status_t psa_finish_key_creation( psa_key_slot_t *slot )
static psa_status_t psa_finish_key_creation(
psa_key_slot_t *slot,
psa_se_drv_table_entry_t *driver )
{
psa_status_t status = PSA_SUCCESS;
(void) slot;
(void) driver;
#if defined(MBEDTLS_PSA_CRYPTO_STORAGE_C)
if( slot->lifetime == PSA_KEY_LIFETIME_PERSISTENT )
if( slot->lifetime != PSA_KEY_LIFETIME_VOLATILE )
{
uint8_t *buffer = NULL;
size_t buffer_size = 0;
size_t length;
size_t length = 0;
buffer_size = PSA_KEY_EXPORT_MAX_SIZE( slot->type,
psa_get_key_slot_bits( slot ) );
buffer = mbedtls_calloc( 1, buffer_size );
if( buffer == NULL && buffer_size != 0 )
return( PSA_ERROR_INSUFFICIENT_MEMORY );
status = psa_internal_export_key( slot,
buffer, buffer_size, &length,
0 );
#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
if( driver != NULL )
{
buffer = (uint8_t*) &slot->data.se.slot_number;
length = sizeof( slot->data.se.slot_number );
}
else
#endif /* MBEDTLS_PSA_CRYPTO_SE_C */
{
buffer_size = PSA_KEY_EXPORT_MAX_SIZE( slot->type,
psa_get_key_slot_bits( slot ) );
buffer = mbedtls_calloc( 1, buffer_size );
if( buffer == NULL && buffer_size != 0 )
return( PSA_ERROR_INSUFFICIENT_MEMORY );
status = psa_internal_export_key( slot,
buffer, buffer_size, &length,
0 );
}
if( status == PSA_SUCCESS )
{
status = psa_save_persistent_key( slot->persistent_storage_id,
slot->type, &slot->policy,
buffer, length );
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
psa_get_key_slot_attributes( slot, &attributes );
status = psa_save_persistent_key( &attributes, buffer, length );
}
if( buffer_size != 0 )
mbedtls_platform_zeroize( buffer, buffer_size );
mbedtls_free( buffer );
#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
if( driver == NULL )
#endif /* MBEDTLS_PSA_CRYPTO_SE_C */
{
if( buffer_size != 0 )
mbedtls_platform_zeroize( buffer, buffer_size );
mbedtls_free( buffer );
}
}
#endif /* defined(MBEDTLS_PSA_CRYPTO_STORAGE_C) */
#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
if( driver != NULL )
{
status = psa_save_se_persistent_data( driver );
if( status != PSA_SUCCESS )
{
psa_destroy_persistent_key( slot->persistent_storage_id );
return( status );
}
status = psa_crypto_stop_transaction( );
if( status != PSA_SUCCESS )
return( status );
}
#endif /* MBEDTLS_PSA_CRYPTO_SE_C */
return( status );
}
@ -1390,12 +1590,30 @@ static psa_status_t psa_finish_key_creation( psa_key_slot_t *slot )
* See the documentation of psa_start_key_creation() for the intended use
* of this function.
*
* \param slot Pointer to the slot with key material.
* \param[in,out] slot Pointer to the slot with key material.
* \param[in] driver The secure element driver for the key,
* or NULL for a transparent key.
*/
static void psa_fail_key_creation( psa_key_slot_t *slot )
static void psa_fail_key_creation( psa_key_slot_t *slot,
psa_se_drv_table_entry_t *driver )
{
(void) driver;
if( slot == NULL )
return;
#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
/* TOnogrepDO: If the key has already been created in the secure
* element, and the failure happened later (when saving metadata
* to internal storage), we need to destroy the key in the secure
* element. */
/* Abort the ongoing transaction if any. We already did what it
* takes to undo any partial creation. All that's left is to update
* the transaction data itself. */
(void) psa_crypto_stop_transaction( );
#endif /* MBEDTLS_PSA_CRYPTO_SE_C */
psa_wipe_key_slot( slot );
}
@ -1458,23 +1676,45 @@ psa_status_t psa_import_key( const psa_key_attributes_t *attributes,
{
psa_status_t status;
psa_key_slot_t *slot = NULL;
psa_se_drv_table_entry_t *driver = NULL;
status = psa_start_key_creation( attributes, handle, &slot );
status = psa_start_key_creation( attributes, handle, &slot, &driver );
if( status != PSA_SUCCESS )
goto exit;
status = psa_import_key_into_slot( slot, data, data_length );
if( status != PSA_SUCCESS )
goto exit;
status = psa_check_key_slot_attributes( slot, attributes );
if( status != PSA_SUCCESS )
goto exit;
#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
if( driver != NULL )
{
const psa_drv_se_t *drv = psa_get_se_driver_methods( driver );
if( drv->key_management == NULL ||
drv->key_management->p_import == NULL )
{
status = PSA_ERROR_NOT_SUPPORTED;
goto exit;
}
status = drv->key_management->p_import(
psa_get_se_driver_context( driver ),
slot->data.se.slot_number,
slot->lifetime, slot->type, slot->policy.alg, slot->policy.usage,
data, data_length );
/* TOnogrepDO: psa_check_key_slot_attributes? */
}
else
#endif /* MBEDTLS_PSA_CRYPTO_SE_C */
{
status = psa_import_key_into_slot( slot, data, data_length );
if( status != PSA_SUCCESS )
goto exit;
status = psa_check_key_slot_attributes( slot, attributes );
if( status != PSA_SUCCESS )
goto exit;
}
status = psa_finish_key_creation( slot );
status = psa_finish_key_creation( slot, driver );
exit:
if( status != PSA_SUCCESS )
{
psa_fail_key_creation( slot );
psa_fail_key_creation( slot, driver );
*handle = 0;
}
return( status );
@ -1514,9 +1754,10 @@ psa_status_t psa_copy_key( psa_key_handle_t source_handle,
psa_key_slot_t *source_slot = NULL;
psa_key_slot_t *target_slot = NULL;
psa_key_attributes_t actual_attributes = *specified_attributes;
psa_se_drv_table_entry_t *driver = NULL;
status = psa_get_key_from_slot( source_handle, &source_slot,
PSA_KEY_USAGE_COPY, 0 );
status = psa_get_transparent_key( source_handle, &source_slot,
PSA_KEY_USAGE_COPY, 0 );
if( status != PSA_SUCCESS )
goto exit;
@ -1530,19 +1771,28 @@ psa_status_t psa_copy_key( psa_key_handle_t source_handle,
goto exit;
status = psa_start_key_creation( &actual_attributes,
target_handle, &target_slot );
target_handle, &target_slot, &driver );
if( status != PSA_SUCCESS )
goto exit;
#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
if( driver != NULL )
{
/* Copying to a secure element is not implemented yet. */
status = PSA_ERROR_NOT_SUPPORTED;
goto exit;
}
#endif /* MBEDTLS_PSA_CRYPTO_SE_C */
status = psa_copy_key_material( source_slot, target_slot );
if( status != PSA_SUCCESS )
goto exit;
status = psa_finish_key_creation( target_slot );
status = psa_finish_key_creation( target_slot, driver );
exit:
if( status != PSA_SUCCESS )
{
psa_fail_key_creation( target_slot );
psa_fail_key_creation( target_slot, driver );
*target_handle = 0;
}
return( status );
@ -2296,7 +2546,7 @@ static psa_status_t psa_mac_setup( psa_mac_operation_t *operation,
if( is_sign )
operation->is_sign = 1;
status = psa_get_key_from_slot( handle, &slot, usage, alg );
status = psa_get_transparent_key( handle, &slot, usage, alg );
if( status != PSA_SUCCESS )
goto exit;
key_bits = psa_get_key_slot_bits( slot );
@ -2875,7 +3125,7 @@ psa_status_t psa_asymmetric_sign( psa_key_handle_t handle,
*signature_length = signature_size;
status = psa_get_key_from_slot( handle, &slot, PSA_KEY_USAGE_SIGN, alg );
status = psa_get_transparent_key( handle, &slot, PSA_KEY_USAGE_SIGN, alg );
if( status != PSA_SUCCESS )
goto exit;
if( ! PSA_KEY_TYPE_IS_KEY_PAIR( slot->type ) )
@ -2948,7 +3198,7 @@ psa_status_t psa_asymmetric_verify( psa_key_handle_t handle,
psa_key_slot_t *slot;
psa_status_t status;
status = psa_get_key_from_slot( handle, &slot, PSA_KEY_USAGE_VERIFY, alg );
status = psa_get_transparent_key( handle, &slot, PSA_KEY_USAGE_VERIFY, alg );
if( status != PSA_SUCCESS )
return( status );
@ -3018,7 +3268,7 @@ psa_status_t psa_asymmetric_encrypt( psa_key_handle_t handle,
if( ! PSA_ALG_IS_RSA_OAEP( alg ) && salt_length != 0 )
return( PSA_ERROR_INVALID_ARGUMENT );
status = psa_get_key_from_slot( handle, &slot, PSA_KEY_USAGE_ENCRYPT, alg );
status = psa_get_transparent_key( handle, &slot, PSA_KEY_USAGE_ENCRYPT, alg );
if( status != PSA_SUCCESS )
return( status );
if( ! ( PSA_KEY_TYPE_IS_PUBLIC_KEY( slot->type ) ||
@ -3098,7 +3348,7 @@ psa_status_t psa_asymmetric_decrypt( psa_key_handle_t handle,
if( ! PSA_ALG_IS_RSA_OAEP( alg ) && salt_length != 0 )
return( PSA_ERROR_INVALID_ARGUMENT );
status = psa_get_key_from_slot( handle, &slot, PSA_KEY_USAGE_DECRYPT, alg );
status = psa_get_transparent_key( handle, &slot, PSA_KEY_USAGE_DECRYPT, alg );
if( status != PSA_SUCCESS )
return( status );
if( ! PSA_KEY_TYPE_IS_KEY_PAIR( slot->type ) )
@ -3207,7 +3457,7 @@ static psa_status_t psa_cipher_setup( psa_cipher_operation_t *operation,
if( status != PSA_SUCCESS )
return( status );
status = psa_get_key_from_slot( handle, &slot, usage, alg);
status = psa_get_transparent_key( handle, &slot, usage, alg);
if( status != PSA_SUCCESS )
goto exit;
key_bits = psa_get_key_slot_bits( slot );
@ -3544,7 +3794,7 @@ static psa_status_t psa_aead_setup( aead_operation_t *operation,
size_t key_bits;
mbedtls_cipher_id_t cipher_id;
status = psa_get_key_from_slot( handle, &operation->slot, usage, alg );
status = psa_get_transparent_key( handle, &operation->slot, usage, alg );
if( status != PSA_SUCCESS )
return( status );
@ -4437,7 +4687,15 @@ psa_status_t psa_key_derivation_output_key( const psa_key_attributes_t *attribut
{
psa_status_t status;
psa_key_slot_t *slot = NULL;
status = psa_start_key_creation( attributes, handle, &slot );
psa_se_drv_table_entry_t *driver = NULL;
status = psa_start_key_creation( attributes, handle, &slot, &driver );
#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
if( driver != NULL )
{
/* Deriving a key in a secure element is not implemented yet. */
status = PSA_ERROR_NOT_SUPPORTED;
}
#endif /* MBEDTLS_PSA_CRYPTO_SE_C */
if( status == PSA_SUCCESS )
{
status = psa_generate_derived_key_internal( slot,
@ -4445,10 +4703,10 @@ psa_status_t psa_key_derivation_output_key( const psa_key_attributes_t *attribut
operation );
}
if( status == PSA_SUCCESS )
status = psa_finish_key_creation( slot );
status = psa_finish_key_creation( slot, driver );
if( status != PSA_SUCCESS )
{
psa_fail_key_creation( slot );
psa_fail_key_creation( slot, driver );
*handle = 0;
}
return( status );
@ -4718,7 +4976,7 @@ psa_status_t psa_key_derivation( psa_key_derivation_operation_t *operation,
if( ! PSA_ALG_IS_KEY_DERIVATION( alg ) )
return( PSA_ERROR_INVALID_ARGUMENT );
status = psa_get_key_from_slot( handle, &slot, PSA_KEY_USAGE_DERIVE, alg );
status = psa_get_transparent_key( handle, &slot, PSA_KEY_USAGE_DERIVE, alg );
if( status != PSA_SUCCESS )
return( status );
@ -5092,9 +5350,9 @@ psa_status_t psa_key_derivation_input_key(
{
psa_key_slot_t *slot;
psa_status_t status;
status = psa_get_key_from_slot( handle, &slot,
PSA_KEY_USAGE_DERIVE,
operation->alg );
status = psa_get_transparent_key( handle, &slot,
PSA_KEY_USAGE_DERIVE,
operation->alg );
if( status != PSA_SUCCESS )
return( status );
if( slot->type != PSA_KEY_TYPE_DERIVE )
@ -5241,8 +5499,8 @@ psa_status_t psa_key_derivation_key_agreement( psa_key_derivation_operation_t *o
psa_status_t status;
if( ! PSA_ALG_IS_KEY_AGREEMENT( operation->alg ) )
return( PSA_ERROR_INVALID_ARGUMENT );
status = psa_get_key_from_slot( private_key, &slot,
PSA_KEY_USAGE_DERIVE, operation->alg );
status = psa_get_transparent_key( private_key, &slot,
PSA_KEY_USAGE_DERIVE, operation->alg );
if( status != PSA_SUCCESS )
return( status );
status = psa_key_agreement_internal( operation, step,
@ -5269,8 +5527,8 @@ psa_status_t psa_raw_key_agreement( psa_algorithm_t alg,
status = PSA_ERROR_INVALID_ARGUMENT;
goto exit;
}
status = psa_get_key_from_slot( private_key, &slot,
PSA_KEY_USAGE_DERIVE, alg );
status = psa_get_transparent_key( private_key, &slot,
PSA_KEY_USAGE_DERIVE, alg );
if( status != PSA_SUCCESS )
goto exit;
@ -5467,7 +5725,15 @@ psa_status_t psa_generate_key( const psa_key_attributes_t *attributes,
{
psa_status_t status;
psa_key_slot_t *slot = NULL;
status = psa_start_key_creation( attributes, handle, &slot );
psa_se_drv_table_entry_t *driver = NULL;
status = psa_start_key_creation( attributes, handle, &slot, &driver );
#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
if( driver != NULL )
{
/* Generating a key in a secure element is not implemented yet. */
status = PSA_ERROR_NOT_SUPPORTED;
}
#endif /* MBEDTLS_PSA_CRYPTO_SE_C */
if( status == PSA_SUCCESS )
{
status = psa_generate_key_internal(
@ -5475,10 +5741,10 @@ psa_status_t psa_generate_key( const psa_key_attributes_t *attributes,
attributes->domain_parameters, attributes->domain_parameters_size );
}
if( status == PSA_SUCCESS )
status = psa_finish_key_creation( slot );
status = psa_finish_key_creation( slot, driver );
if( status != PSA_SUCCESS )
{
psa_fail_key_creation( slot );
psa_fail_key_creation( slot, driver );
*handle = 0;
}
return( status );
@ -5520,6 +5786,30 @@ void mbedtls_psa_crypto_free( void )
#endif /* MBEDTLS_PSA_CRYPTO_SE_C */
}
#if defined(PSA_CRYPTO_STORAGE_HAS_TRANSACTIONS)
/** Recover a transaction that was interrupted by a power failure.
*
* This function is called during initialization, before psa_crypto_init()
* returns. If this function returns a failure status, the initialization
* fails.
*/
static psa_status_t psa_crypto_recover_transaction(
const psa_crypto_transaction_t *transaction )
{
switch( transaction->unknown.type )
{
case PSA_CRYPTO_TRANSACTION_CREATE_KEY:
case PSA_CRYPTO_TRANSACTION_DESTROY_KEY:
/* TOnogrepDO - fall through to the failure case until this
* is implemented */
default:
/* We found an unsupported transaction in the storage.
* We don't know what state the storage is in. Give up. */
return( PSA_ERROR_STORAGE_FAILURE );
}
}
#endif /* PSA_CRYPTO_STORAGE_HAS_TRANSACTIONS */
psa_status_t psa_crypto_init( void )
{
psa_status_t status;
@ -5553,6 +5843,22 @@ psa_status_t psa_crypto_init( void )
if( status != PSA_SUCCESS )
goto exit;
#if defined(PSA_CRYPTO_STORAGE_HAS_TRANSACTIONS)
status = psa_crypto_load_transaction( );
if( status == PSA_SUCCESS )
{
status = psa_crypto_recover_transaction( &psa_crypto_transaction );
if( status != PSA_SUCCESS )
goto exit;
status = psa_crypto_stop_transaction( );
}
else if( status == PSA_ERROR_DOES_NOT_EXIST )
{
/* There's no transaction to complete. It's all good. */
status = PSA_SUCCESS;
}
#endif /* PSA_CRYPTO_STORAGE_HAS_TRANSACTIONS */
/* All done. */
global_data.initialized = 1;

9
library/psa_crypto_core.h
View File

@ -29,6 +29,7 @@
#endif
#include "psa/crypto.h"
#include "psa/crypto_se_driver.h"
#include "mbedtls/ecp.h"
#include "mbedtls/rsa.h"
@ -45,17 +46,25 @@ typedef struct
unsigned allocated : 1;
union
{
/* Raw-data key (key_type_is_raw_bytes() in psa_crypto.c) */
struct raw_data
{
uint8_t *data;
size_t bytes;
} raw;
#if defined(MBEDTLS_RSA_C)
/* RSA public key or key pair */
mbedtls_rsa_context *rsa;
#endif /* MBEDTLS_RSA_C */
#if defined(MBEDTLS_ECP_C)
/* EC public key or key pair */
mbedtls_ecp_keypair *ecp;
#endif /* MBEDTLS_ECP_C */
/* Any key type in a secure element */
struct se
{
psa_key_slot_number_t slot_number;
} se;
} data;
} psa_key_slot_t;

251
library/psa_crypto_se.c
View File

@ -28,23 +28,232 @@
#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
#include <assert.h>
#include <stdint.h>
#include <string.h>
#include "psa/crypto_se_driver.h"
#include "psa_crypto_se.h"
#if defined(MBEDTLS_PSA_ITS_FILE_C)
#include "psa_crypto_its.h"
#else /* Native ITS implementation */
#include "psa/error.h"
#include "psa/internal_trusted_storage.h"
#endif
#include "mbedtls/platform.h"
#if !defined(MBEDTLS_PLATFORM_C)
#define mbedtls_calloc calloc
#define mbedtls_free free
#endif
/****************************************************************/
/* Driver lookup */
/****************************************************************/
/* This structure is identical to psa_drv_se_context_t declared in
* `crypto_se_driver.h`, except that some parts are writable here
* (non-const, or pointer to non-const). */
typedef struct
{
void *persistent_data;
size_t persistent_data_size;
uintptr_t transient_data;
} psa_drv_se_internal_context_t;
typedef struct psa_se_drv_table_entry_s
{
psa_key_lifetime_t lifetime;
const psa_drv_se_t *methods;
} method_table_entry_t;
union
{
psa_drv_se_internal_context_t internal;
psa_drv_se_context_t context;
};
} psa_se_drv_table_entry_t;
static method_table_entry_t driver_table[PSA_MAX_SE_DRIVERS];
static psa_se_drv_table_entry_t driver_table[PSA_MAX_SE_DRIVERS];
psa_se_drv_table_entry_t *psa_get_se_driver_entry(
psa_key_lifetime_t lifetime )
{
size_t i;
/* In the driver table, lifetime=0 means an entry that isn't used.
* No driver has a lifetime of 0 because it's a reserved value
* (which designates volatile keys). Make sure we never return
* a driver entry for lifetime 0. */
if( lifetime == 0 )
return( NULL );
for( i = 0; i < PSA_MAX_SE_DRIVERS; i++ )
{
if( driver_table[i].lifetime == lifetime )
return( &driver_table[i] );
}
return( NULL );
}
const psa_drv_se_t *psa_get_se_driver_methods(
const psa_se_drv_table_entry_t *driver )
{
return( driver->methods );
}
psa_drv_se_context_t *psa_get_se_driver_context(
psa_se_drv_table_entry_t *driver )
{
return( &driver->context );
}
int psa_get_se_driver( psa_key_lifetime_t lifetime,
const psa_drv_se_t **p_methods,
psa_drv_se_context_t **p_drv_context)
{
psa_se_drv_table_entry_t *driver = psa_get_se_driver_entry( lifetime );
if( p_methods != NULL )
*p_methods = ( driver ? driver->methods : NULL );
if( p_drv_context != NULL )
*p_drv_context = ( driver ? &driver->context : NULL );
return( driver != NULL );
}
/****************************************************************/
/* Persistent data management */
/****************************************************************/
static psa_status_t psa_get_se_driver_its_file_uid(
const psa_se_drv_table_entry_t *driver,
psa_storage_uid_t *uid )
{
if( driver->lifetime > PSA_MAX_SE_LIFETIME )
return( PSA_ERROR_NOT_SUPPORTED );
#if SIZE_MAX > UINT32_MAX
/* ITS file sizes are limited to 32 bits. */
if( driver->internal.persistent_data_size > UINT32_MAX )
return( PSA_ERROR_NOT_SUPPORTED );
#endif
/* See the documentation of PSA_CRYPTO_SE_DRIVER_ITS_UID_BASE. */
*uid = PSA_CRYPTO_SE_DRIVER_ITS_UID_BASE + driver->lifetime;
return( PSA_SUCCESS );
}
psa_status_t psa_load_se_persistent_data(
const psa_se_drv_table_entry_t *driver )
{
psa_status_t status;
psa_storage_uid_t uid;
status = psa_get_se_driver_its_file_uid( driver, &uid );
if( status != PSA_SUCCESS )
return( status );
/* psa_get_se_driver_its_file_uid ensures that the size_t
* persistent_data_size is in range, but compilers don't know that,
* so cast to reassure them. */
return( psa_its_get( uid, 0,
(uint32_t) driver->internal.persistent_data_size,
driver->internal.persistent_data ) );
}
psa_status_t psa_save_se_persistent_data(
const psa_se_drv_table_entry_t *driver )
{
psa_status_t status;
psa_storage_uid_t uid;
status = psa_get_se_driver_its_file_uid( driver, &uid );
if( status != PSA_SUCCESS )
return( status );
/* psa_get_se_driver_its_file_uid ensures that the size_t
* persistent_data_size is in range, but compilers don't know that,
* so cast to reassure them. */
return( psa_its_set( uid,
(uint32_t) driver->internal.persistent_data_size,
driver->internal.persistent_data,
0 ) );
}
psa_status_t psa_destroy_se_persistent_data( psa_key_lifetime_t lifetime )
{
psa_storage_uid_t uid;
if( lifetime > PSA_MAX_SE_LIFETIME )
return( PSA_ERROR_NOT_SUPPORTED );
uid = PSA_CRYPTO_SE_DRIVER_ITS_UID_BASE + lifetime;
return( psa_its_remove( uid ) );
}
psa_status_t psa_find_se_slot_for_key(
const psa_key_attributes_t *attributes,
psa_se_drv_table_entry_t *driver,
psa_key_slot_number_t *slot_number )
{
psa_status_t status;
psa_drv_se_allocate_key_t p_allocate = NULL;
/* If the lifetime is wrong, it's a bug in the library. */
if( driver->lifetime != attributes->lifetime )
return( PSA_ERROR_CORRUPTION_DETECTED );
/* If the driver doesn't support key creation in any way, give up now. */
if( driver->methods->key_management == NULL )
return( PSA_ERROR_NOT_SUPPORTED );
p_allocate = driver->methods->key_management->p_allocate;
/* If the driver doesn't tell us how to allocate a slot, that's
* not supported for the time being. */
if( p_allocate == NULL )
return( PSA_ERROR_NOT_SUPPORTED );
status = p_allocate( &driver->context,
driver->internal.persistent_data,
attributes,
slot_number );
return( status );
}
psa_status_t psa_destroy_se_key( psa_se_drv_table_entry_t *driver,
psa_key_slot_number_t slot_number )
{
psa_status_t status;
psa_status_t storage_status;
/* Normally a missing method would mean that the action is not
* supported. But psa_destroy_key() is not supposed to return
* PSA_ERROR_NOT_SUPPORTED: if you can create a key, you should
* be able to destroy it. The only use case for a driver that
* does not have a way to destroy keys at all is if the keys are
* locked in a read-only state: we can use the keys but not
* destroy them. Hence, if the driver doesn't support destroying
* keys, it's really a lack of permission. */
if( driver->methods->key_management == NULL ||
driver->methods->key_management->p_destroy == NULL )
return( PSA_ERROR_NOT_PERMITTED );
status = driver->methods->key_management->p_destroy(
&driver->context,
driver->internal.persistent_data,
slot_number );
storage_status = psa_save_se_persistent_data( driver );
return( status == PSA_SUCCESS ? storage_status : status );
}
/****************************************************************/
/* Driver registration */
/****************************************************************/
psa_status_t psa_register_se_driver(
psa_key_lifetime_t lifetime,
const psa_drv_se_t *methods)
{
size_t i;
psa_status_t status;
if( methods->hal_version != PSA_DRV_SE_HAL_VERSION )
return( PSA_ERROR_NOT_SUPPORTED );
@ -59,6 +268,8 @@ psa_status_t psa_register_se_driver(
{
return( PSA_ERROR_INVALID_ARGUMENT );
}
if( lifetime > PSA_MAX_SE_LIFETIME )
return( PSA_ERROR_NOT_SUPPORTED );
for( i = 0; i < PSA_MAX_SE_DRIVERS; i++ )
{
@ -75,12 +286,48 @@ psa_status_t psa_register_se_driver(
driver_table[i].lifetime = lifetime;
driver_table[i].methods = methods;
if( methods->persistent_data_size != 0 )
{
driver_table[i].internal.persistent_data =
mbedtls_calloc( 1, methods->persistent_data_size );
if( driver_table[i].internal.persistent_data == NULL )
{
status = PSA_ERROR_INSUFFICIENT_MEMORY;
goto error;
}
/* Load the driver's persistent data. On first use, the persistent
* data does not exist in storage, and is initialized to
* all-bits-zero by the calloc call just above. */
status = psa_load_se_persistent_data( &driver_table[i] );
if( status != PSA_SUCCESS && status != PSA_ERROR_DOES_NOT_EXIST )
goto error;
}
driver_table[i].internal.persistent_data_size =
methods->persistent_data_size;
return( PSA_SUCCESS );
error:
memset( &driver_table[i], 0, sizeof( driver_table[i] ) );
return( status );
}
void psa_unregister_all_se_drivers( void )
{
size_t i;
for( i = 0; i < PSA_MAX_SE_DRIVERS; i++ )
{
if( driver_table[i].internal.persistent_data != NULL )
mbedtls_free( driver_table[i].internal.persistent_data );
}
memset( driver_table, 0, sizeof( driver_table ) );
}
/****************************************************************/
/* The end */
/****************************************************************/
#endif /* MBEDTLS_PSA_CRYPTO_SE_C */

129
library/psa_crypto_se.h
View File

@ -31,6 +31,30 @@
#include "psa/crypto.h"
#include "psa/crypto_se_driver.h"
/** The maximum lifetime value that this implementation supports
* for a secure element.
*
* This is not a characteristic that each PSA implementation has, but a
* limitation of the current implementation due to the constraints imposed
* by storage. See #PSA_CRYPTO_SE_DRIVER_ITS_UID_BASE.
*
* The minimum lifetime value for a secure element is 2, like on any
* PSA implementation (0=volatile and 1=internal-storage are taken).
*/
#define PSA_MAX_SE_LIFETIME 255
/** The base of the range of ITS file identifiers for secure element
* driver persistent data.
*
* We use a slice of the implemenation reserved range 0xffff0000..0xffffffff,
* specifically the range 0xfffffe00..0xfffffeff. The length of this range
* drives the value of #PSA_MAX_SE_LIFETIME.
* The identifiers 0xfffffe00 and 0xfffffe01 are actually not used since
* they correspond to #PSA_KEY_LIFETIME_VOLATILE and
* #PSA_KEY_LIFETIME_PERSISTENT which don't have a driver.
*/
#define PSA_CRYPTO_SE_DRIVER_ITS_UID_BASE ( (psa_key_id_t) 0xfffffe00 )
/** The maximum number of registered secure element driver lifetimes. */
#define PSA_MAX_SE_DRIVERS 4
@ -42,4 +66,109 @@
*/
void psa_unregister_all_se_drivers( void );
/** A structure that describes a registered secure element driver.
*
* A secure element driver table entry contains a pointer to the
* driver's method table as well as the driver context structure.
*/
typedef struct psa_se_drv_table_entry_s psa_se_drv_table_entry_t;
/** Return the secure element driver information for a lifetime value.
*
* \param lifetime The lifetime value to query.
* \param[out] p_methods On output, if there is a driver,
* \c *methods points to its method table.
* Otherwise \c *methods is \c NULL.
* \param[out] p_drv_context On output, if there is a driver,
* \c *drv_context points to its context
* structure.
* Otherwise \c *drv_context is \c NULL.
*
* \retval 1
* \p lifetime corresponds to a registered driver.
* \retval 0
* \p lifetime does not correspond to a registered driver.
*/
int psa_get_se_driver( psa_key_lifetime_t lifetime,
const psa_drv_se_t **p_methods,
psa_drv_se_context_t **p_drv_context);
/** Return the secure element driver table entry for a lifetime value.
*
* \param lifetime The lifetime value to query.
*
* \return The driver table entry for \p lifetime, or
* \p NULL if \p lifetime does not correspond to a registered driver.
*/
psa_se_drv_table_entry_t *psa_get_se_driver_entry(
psa_key_lifetime_t lifetime );
/** Return the method table for a secure element driver.
*
* \param[in] driver The driver table entry to access, or \c NULL.
*
* \return The driver's method table.
* \c NULL if \p driver is \c NULL.
*/
const psa_drv_se_t *psa_get_se_driver_methods(
const psa_se_drv_table_entry_t *driver );
/** Return the context of a secure element driver.
*
* \param[in] driver The driver table entry to access, or \c NULL.
*
* \return A pointer to the driver context.
* \c NULL if \p driver is \c NULL.
*/
psa_drv_se_context_t *psa_get_se_driver_context(
psa_se_drv_table_entry_t *driver );
/** Find a free slot for a key that is to be created.
*
* This function calls the relevant method in the driver to find a suitable
* slot for a key with the given attributes.
*
* \param[in] attributes Metadata about the key that is about to be created.
* \param[in] driver The driver table entry to query.
* \param[out] slot_number On success, a slot number that is free in this
* secure element.
*/
psa_status_t psa_find_se_slot_for_key(
const psa_key_attributes_t *attributes,
psa_se_drv_table_entry_t *driver,
psa_key_slot_number_t *slot_number );
/** Destoy a key in a secure element.
*
* This function calls the relevant driver method to destroy a key
* and updates the driver's persistent data.
*/
psa_status_t psa_destroy_se_key( psa_se_drv_table_entry_t *driver,
psa_key_slot_number_t slot_number );
/** Load the persistent data of a secure element driver.
*
* \param driver The driver table entry containing the persistent
* data to load from storage.
*/
psa_status_t psa_load_se_persistent_data(
const psa_se_drv_table_entry_t *driver );
/** Save the persistent data of a secure element driver.
*
* \param[in] driver The driver table entry containing the persistent
* data to save to storage.
*/
psa_status_t psa_save_se_persistent_data(
const psa_se_drv_table_entry_t *driver );
/** Destroy the persistent data of a secure element driver.
*
* This is currently only used for testing.
*
* \param[in] lifetime The driver lifetime whose persistent data should
* be erased.
*/
psa_status_t psa_destroy_se_persistent_data( psa_key_lifetime_t lifetime );
#endif /* PSA_CRYPTO_SE_H */

46
library/psa_crypto_slot_management.c
View File

@ -124,15 +124,35 @@ static psa_status_t psa_load_persistent_key_into_slot( psa_key_slot_t *p_slot )
psa_status_t status = PSA_SUCCESS;
uint8_t *key_data = NULL;
size_t key_data_length = 0;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
status = psa_load_persistent_key( p_slot->persistent_storage_id,
&( p_slot )->type,
&( p_slot )->policy, &key_data,
&key_data_length );
psa_set_key_id( &attributes, p_slot->persistent_storage_id );
status = psa_load_persistent_key( &attributes,
&key_data, &key_data_length );
if( status != PSA_SUCCESS )
goto exit;
status = psa_import_key_into_slot( p_slot,
key_data, key_data_length );
p_slot->lifetime = psa_get_key_lifetime( &attributes );
p_slot->type = psa_get_key_type( &attributes );
p_slot->policy = attributes.policy;
#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
if( psa_key_lifetime_is_external( p_slot->lifetime ) )
{
if( key_data_length != sizeof( p_slot->data.se.slot_number ) )
{
status = PSA_ERROR_STORAGE_FAILURE;
goto exit;
}
memcpy( &p_slot->data.se.slot_number, key_data,
sizeof( p_slot->data.se.slot_number ) );
}
else
#endif /* MBEDTLS_PSA_CRYPTO_SE_C */
{
status = psa_import_key_into_slot( p_slot,
key_data, key_data_length );
}
exit:
psa_free_persistent_key_data( key_data, key_data_length );
return( status );
@ -168,8 +188,20 @@ static int psa_is_key_id_valid( psa_key_file_id_t file_id,
psa_status_t psa_validate_persistent_key_parameters(
psa_key_lifetime_t lifetime,
psa_key_file_id_t id,
psa_se_drv_table_entry_t **p_drv,
int creating )
{
if( p_drv != NULL )
*p_drv = NULL;
#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
if( psa_key_lifetime_is_external( lifetime ) )
{
*p_drv = psa_get_se_driver_entry( lifetime );
if( *p_drv == NULL )
return( PSA_ERROR_INVALID_ARGUMENT );
}
else
#endif /* MBEDTLS_PSA_CRYPTO_SE_C */
if( lifetime != PSA_KEY_LIFETIME_PERSISTENT )
return( PSA_ERROR_INVALID_ARGUMENT );
@ -194,7 +226,7 @@ psa_status_t psa_open_key( psa_key_file_id_t id, psa_key_handle_t *handle )
*handle = 0;
status = psa_validate_persistent_key_parameters(
PSA_KEY_LIFETIME_PERSISTENT, id, 0 );
PSA_KEY_LIFETIME_PERSISTENT, id, NULL, 0 );
if( status != PSA_SUCCESS )
return( status );

30
library/psa_crypto_slot_management.h
View File

@ -22,6 +22,9 @@
#ifndef PSA_CRYPTO_SLOT_MANAGEMENT_H
#define PSA_CRYPTO_SLOT_MANAGEMENT_H
#include "psa/crypto.h"
#include "psa_crypto_se.h"
/* Number of key slots (plus one because 0 is not used).
* The value is a compile-time constant for now, for simplicity. */
#define PSA_KEY_SLOT_COUNT 32
@ -71,6 +74,24 @@ void psa_wipe_all_key_slots( void );
psa_status_t psa_internal_allocate_key_slot( psa_key_handle_t *handle,
psa_key_slot_t **p_slot );
/** Test whether a lifetime designates a key in an external cryptoprocessor.
*
* \param lifetime The lifetime to test.
*
* \retval 1
* The lifetime designates an external key. There should be a
* registered driver for this lifetime, otherwise the key cannot
* be created or manipulated.
* \retval 0
* The lifetime designates a key that is volatile or in internal
* storage.
*/
static inline int psa_key_lifetime_is_external( psa_key_lifetime_t lifetime )
{
return( lifetime != PSA_KEY_LIFETIME_VOLATILE &&
lifetime != PSA_KEY_LIFETIME_PERSISTENT );
}
/** Test whether the given parameters are acceptable for a persistent key.
*
* This function does not access the storage in any way. It only tests
@ -78,8 +99,16 @@ psa_status_t psa_internal_allocate_key_slot( psa_key_handle_t *handle,
* It does not test whether the a file by the given id exists or could be
* created.
*
* If the key is in external storage, this function returns the corresponding
* driver.
*
* \param lifetime The lifetime to test.
* \param id The key id to test.
* \param[out] p_drv On output, if \p lifetime designates a key
* in an external processor, \c *p_drv is a pointer
* to the driver table entry fot this lifetime.
* If \p lifetime designates a transparent key,
* \c *p_drv is \c NULL.
* \param creating 0 if attempting to open an existing key.
* Nonzero if attempting to create a key.
*
@ -93,6 +122,7 @@ psa_status_t psa_internal_allocate_key_slot( psa_key_handle_t *handle,
psa_status_t psa_validate_persistent_key_parameters(
psa_key_lifetime_t lifetime,
psa_key_file_id_t id,
psa_se_drv_table_entry_t **p_drv,
int creating );

118
library/psa_crypto_storage.c
View File

@ -50,6 +50,12 @@
#define mbedtls_free free
#endif
/****************************************************************/
/* Key storage */
/****************************************************************/
/* Determine a file name (ITS file identifier) for the given key file
* identifier. The file name must be distinct from any file that is used
* for a purpose other than storing a key. Currently, the only such file
@ -221,7 +227,7 @@ static psa_status_t psa_crypto_storage_get_data_length(
* 32-bit integer manipulation macros (little endian)
*/
#ifndef GET_UINT32_LE
#define GET_UINT32_LE(n,b,i) \
#define GET_UINT32_LE( n, b, i ) \
{ \
(n) = ( (uint32_t) (b)[(i) ] ) \
| ( (uint32_t) (b)[(i) + 1] << 8 ) \
@ -231,7 +237,7 @@ static psa_status_t psa_crypto_storage_get_data_length(
#endif
#ifndef PUT_UINT32_LE
#define PUT_UINT32_LE(n,b,i) \
#define PUT_UINT32_LE( n, b, i ) \
{ \
(b)[(i) ] = (unsigned char) ( ( (n) ) & 0xFF ); \
(b)[(i) + 1] = (unsigned char) ( ( (n) >> 8 ) & 0xFF ); \
@ -249,6 +255,7 @@ static psa_status_t psa_crypto_storage_get_data_length(
typedef struct {
uint8_t magic[PSA_KEY_STORAGE_MAGIC_HEADER_LENGTH];
uint8_t version[4];
uint8_t lifetime[sizeof( psa_key_lifetime_t )];
uint8_t type[sizeof( psa_key_type_t )];
uint8_t policy[sizeof( psa_key_policy_t )];
uint8_t data_len[4];
@ -257,20 +264,20 @@ typedef struct {
void psa_format_key_data_for_storage( const uint8_t *data,
const size_t data_length,
const psa_key_type_t type,
const psa_key_policy_t *policy,
const psa_key_attributes_t *attributes,
uint8_t *storage_data )
{
psa_persistent_key_storage_format *storage_format =
(psa_persistent_key_storage_format *) storage_data;
memcpy( storage_format->magic, PSA_KEY_STORAGE_MAGIC_HEADER, PSA_KEY_STORAGE_MAGIC_HEADER_LENGTH );
PUT_UINT32_LE(0, storage_format->version, 0);
PUT_UINT32_LE(type, storage_format->type, 0);
PUT_UINT32_LE(policy->usage, storage_format->policy, 0);
PUT_UINT32_LE(policy->alg, storage_format->policy, sizeof( uint32_t ));
PUT_UINT32_LE(policy->alg2, storage_format->policy, 2 * sizeof( uint32_t ) );
PUT_UINT32_LE(data_length, storage_format->data_len, 0);
PUT_UINT32_LE( 0, storage_format->version, 0 );
PUT_UINT32_LE( psa_get_key_lifetime( attributes ), storage_format->lifetime, 0 );
PUT_UINT32_LE( psa_get_key_type( attributes ), storage_format->type, 0 );
PUT_UINT32_LE( psa_get_key_usage_flags( attributes ), storage_format->policy, 0 );
PUT_UINT32_LE( psa_get_key_algorithm( attributes ), storage_format->policy, sizeof( uint32_t ) );
PUT_UINT32_LE( psa_get_key_enrollment_algorithm( attributes ), storage_format->policy, 2 * sizeof( uint32_t ) );
PUT_UINT32_LE( data_length, storage_format->data_len, 0 );
memcpy( storage_format->key_data, data, data_length );
}
@ -286,8 +293,7 @@ psa_status_t psa_parse_key_data_from_storage( const uint8_t *storage_data,
size_t storage_data_length,
uint8_t **key_data,
size_t *key_data_length,
psa_key_type_t *type,
psa_key_policy_t *policy )
psa_key_attributes_t *attributes )
{
psa_status_t status;
const psa_persistent_key_storage_format *storage_format =
@ -301,11 +307,11 @@ psa_status_t psa_parse_key_data_from_storage( const uint8_t *storage_data,
if( status != PSA_SUCCESS )
return( status );
GET_UINT32_LE(version, storage_format->version, 0);
GET_UINT32_LE( version, storage_format->version, 0 );
if( version != 0 )
return( PSA_ERROR_STORAGE_FAILURE );
GET_UINT32_LE(*key_data_length, storage_format->data_len, 0);
GET_UINT32_LE( *key_data_length, storage_format->data_len, 0 );
if( *key_data_length > ( storage_data_length - sizeof(*storage_format) ) ||
*key_data_length > PSA_CRYPTO_MAX_STORAGE_SIZE )
return( PSA_ERROR_STORAGE_FAILURE );
@ -322,17 +328,16 @@ psa_status_t psa_parse_key_data_from_storage( const uint8_t *storage_data,
memcpy( *key_data, storage_format->key_data, *key_data_length );
}
GET_UINT32_LE(*type, storage_format->type, 0);
GET_UINT32_LE(policy->usage, storage_format->policy, 0);
GET_UINT32_LE(policy->alg, storage_format->policy, sizeof( uint32_t ));
GET_UINT32_LE(policy->alg2, storage_format->policy, 2 * sizeof( uint32_t ));
GET_UINT32_LE( attributes->lifetime, storage_format->lifetime, 0 );
GET_UINT32_LE( attributes->type, storage_format->type, 0 );
GET_UINT32_LE( attributes->policy.usage, storage_format->policy, 0 );
GET_UINT32_LE( attributes->policy.alg, storage_format->policy, sizeof( uint32_t ) );
GET_UINT32_LE( attributes->policy.alg2, storage_format->policy, 2 * sizeof( uint32_t ) );
return( PSA_SUCCESS );
}
psa_status_t psa_save_persistent_key( const psa_key_file_id_t key,
const psa_key_type_t type,
const psa_key_policy_t *policy,
psa_status_t psa_save_persistent_key( const psa_key_attributes_t *attributes,
const uint8_t *data,
const size_t data_length )
{
@ -348,10 +353,10 @@ psa_status_t psa_save_persistent_key( const psa_key_file_id_t key,
if( storage_data == NULL )
return( PSA_ERROR_INSUFFICIENT_MEMORY );
psa_format_key_data_for_storage( data, data_length, type, policy,
psa_format_key_data_for_storage( data, data_length, attributes,
storage_data );
status = psa_crypto_storage_store( key,
status = psa_crypto_storage_store( psa_get_key_id( attributes ),
storage_data, storage_data_length );
mbedtls_free( storage_data );
@ -368,15 +373,14 @@ void psa_free_persistent_key_data( uint8_t *key_data, size_t key_data_length )
mbedtls_free( key_data );
}
psa_status_t psa_load_persistent_key( psa_key_file_id_t key,
psa_key_type_t *type,
psa_key_policy_t *policy,
psa_status_t psa_load_persistent_key( psa_key_attributes_t *attributes,
uint8_t **data,
size_t *data_length )
{
psa_status_t status = PSA_SUCCESS;
uint8_t *loaded_data;
size_t storage_data_length = 0;
psa_key_id_t key = psa_get_key_id( attributes );
status = psa_crypto_storage_get_data_length( key, &storage_data_length );
if( status != PSA_SUCCESS )
@ -392,13 +396,67 @@ psa_status_t psa_load_persistent_key( psa_key_file_id_t key,
goto exit;
status = psa_parse_key_data_from_storage( loaded_data, storage_data_length,
data, data_length, type, policy );
data, data_length, attributes );
exit:
mbedtls_free( loaded_data );
return( status );
}
/****************************************************************/
/* Transactions */
/****************************************************************/
#if defined(PSA_CRYPTO_STORAGE_HAS_TRANSACTIONS)
psa_crypto_transaction_t psa_crypto_transaction;
psa_status_t psa_crypto_save_transaction( void )
{
struct psa_storage_info_t p_info;
psa_status_t status;
status = psa_its_get_info( PSA_CRYPTO_ITS_RANDOM_SEED_UID, &p_info );
if( status == PSA_SUCCESS )
{
/* This shouldn't happen: we're trying to start a transaction while
* there is still a transaction that hasn't been replayed. */
return( PSA_ERROR_CORRUPTION_DETECTED );
}
else if( status != PSA_ERROR_DOES_NOT_EXIST )
return( status );
return( psa_its_set( PSA_CRYPTO_ITS_TRANSACTION_UID,
sizeof( psa_crypto_transaction ),
&psa_crypto_transaction,
0 ) );
}
psa_status_t psa_crypto_load_transaction( void )
{
return( psa_its_get( PSA_CRYPTO_ITS_TRANSACTION_UID, 0,
sizeof( psa_crypto_transaction ),
&psa_crypto_transaction ) );
}
psa_status_t psa_crypto_stop_transaction( void )
{
psa_status_t status = psa_its_remove( PSA_CRYPTO_ITS_TRANSACTION_UID );
/* Whether or not updating the storage succeeded, the transaction is
* finished now. It's too late to go back, so zero out the in-memory
* data. */
memset( &psa_crypto_transaction, 0, sizeof( psa_crypto_transaction ) );
return( status );
}
#endif /* PSA_CRYPTO_STORAGE_HAS_TRANSACTIONS */
/****************************************************************/
/* Random generator state */
/****************************************************************/
#if defined(MBEDTLS_PSA_INJECT_ENTROPY)
psa_status_t mbedtls_psa_storage_inject_entropy( const unsigned char *seed,
size_t seed_size )
@ -421,4 +479,10 @@ psa_status_t mbedtls_psa_storage_inject_entropy( const unsigned char *seed,
}
#endif /* MBEDTLS_PSA_INJECT_ENTROPY */
/****************************************************************/
/* The end */
/****************************************************************/
#endif /* MBEDTLS_PSA_CRYPTO_STORAGE_C */

228
library/psa_crypto_storage.h
View File

@ -29,16 +29,11 @@
extern "C" {
#endif
/* Include the Mbed TLS configuration file, the way Mbed TLS does it
* in each of its header files. */
#if defined(MBEDTLS_CONFIG_FILE)
#include MBEDTLS_CONFIG_FILE
#else
#include "mbedtls/config.h"
#endif
#include "psa/crypto.h"
#include "psa/crypto_se_driver.h"
#include <stdint.h>
#include <string.h>
/* Limit the maximum key size to 30kB (just in case someone tries to
* inadvertently store an obscene amount of data) */
@ -88,12 +83,11 @@ int psa_is_key_present_in_storage( const psa_key_file_id_t key );
* already occupied non-persistent key, as well as validating the key data.
*
*
* \param key Persistent identifier of the key to be stored. This
* should be an unoccupied storage location.
* \param type Key type (a \c PSA_KEY_TYPE_XXX value).
* \param[in] policy The key policy to save.
* \param[in] data Buffer containing the key data.
* \param data_length The number of bytes that make up the key data.
* \param[in] attributes The attributes of the key to save.
* The key identifier field in the attributes
* determines the key's location.
* \param[in] data Buffer containing the key data.
* \param data_length The number of bytes that make up the key data.
*
* \retval PSA_SUCCESS
* \retval PSA_ERROR_INSUFFICIENT_MEMORY
@ -101,9 +95,7 @@ int psa_is_key_present_in_storage( const psa_key_file_id_t key );
* \retval PSA_ERROR_STORAGE_FAILURE
* \retval PSA_ERROR_ALREADY_EXISTS
*/
psa_status_t psa_save_persistent_key( const psa_key_file_id_t key,
const psa_key_type_t type,
const psa_key_policy_t *policy,
psa_status_t psa_save_persistent_key( const psa_key_attributes_t *attributes,
const uint8_t *data,
const size_t data_length );
@ -119,11 +111,11 @@ psa_status_t psa_save_persistent_key( const psa_key_file_id_t key,
* this function to zeroize and free this buffer, regardless of whether this
* function succeeds or fails.
*
* \param key Persistent identifier of the key to be loaded. This
* should be an occupied storage location.
* \param[out] type On success, the key type (a \c PSA_KEY_TYPE_XXX
* value).
* \param[out] policy On success, the key's policy.
* \param[in,out] attributes
* On input, the key identifier field identifies
* the key to load. Other fields are ignored.
* On success, the attribute structure contains
* the key metadata that was loaded from storage.
* \param[out] data Pointer to an allocated key data buffer on return.
* \param[out] data_length The number of bytes that make up the key data.
*
@ -132,9 +124,7 @@ psa_status_t psa_save_persistent_key( const psa_key_file_id_t key,
* \retval PSA_ERROR_STORAGE_FAILURE
* \retval PSA_ERROR_DOES_NOT_EXIST
*/
psa_status_t psa_load_persistent_key( psa_key_file_id_t key,
psa_key_type_t *type,
psa_key_policy_t *policy,
psa_status_t psa_load_persistent_key( psa_key_attributes_t *attributes,
uint8_t **data,
size_t *data_length );
@ -166,17 +156,15 @@ void psa_free_persistent_key_data( uint8_t *key_data, size_t key_data_length );
/**
* \brief Formats key data and metadata for persistent storage
*
* \param[in] data Buffer for the key data.
* \param[in] data Buffer containing the key data.
* \param data_length Length of the key data buffer.
* \param type Key type (a \c PSA_KEY_TYPE_XXX value).
* \param policy The key policy.
* \param[in] attributes The attributes of the key.
* \param[out] storage_data Output buffer for the formatted data.
*
*/
void psa_format_key_data_for_storage( const uint8_t *data,
const size_t data_length,
const psa_key_type_t type,
const psa_key_policy_t *policy,
const psa_key_attributes_t *attributes,
uint8_t *storage_data );
/**
@ -188,8 +176,8 @@ void psa_format_key_data_for_storage( const uint8_t *data,
* containing the key data. This must be freed
* using psa_free_persistent_key_data()
* \param[out] key_data_length Length of the key data buffer
* \param[out] type Key type (a \c PSA_KEY_TYPE_XXX value).
* \param[out] policy The key policy.
* \param[out] attributes On success, the attribute structure is filled
* with the loaded key metadata.
*
* \retval PSA_SUCCESS
* \retval PSA_ERROR_INSUFFICIENT_STORAGE
@ -200,8 +188,180 @@ psa_status_t psa_parse_key_data_from_storage( const uint8_t *storage_data,
size_t storage_data_length,
uint8_t **key_data,
size_t *key_data_length,
psa_key_type_t *type,
psa_key_policy_t *policy );
psa_key_attributes_t *attributes );
#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
/** This symbol is defined if transaction support is required. */
#define PSA_CRYPTO_STORAGE_HAS_TRANSACTIONS
#endif
#if defined(PSA_CRYPTO_STORAGE_HAS_TRANSACTIONS)
/** The type of transaction that is in progress.
*/
/* This is an integer type rather than an enum for two reasons: to support
* unknown values when loading a transaction file, and to ensure that the
* type has a known size.
*/
typedef uint16_t psa_crypto_transaction_type_t;
/** No transaction is in progress.
*
* This has the value 0, so zero-initialization sets a transaction's type to
* this value.
*/
#define PSA_CRYPTO_TRANSACTION_NONE ( (psa_crypto_transaction_type_t) 0x0000 )
/** A key creation transaction.
*
* This is only used for keys in an external cryptoprocessor (secure element).
* Keys in RAM or in internal storage are created atomically in storage
* (simple file creation), so they do not need a transaction mechanism.
*/
#define PSA_CRYPTO_TRANSACTION_CREATE_KEY ( (psa_crypto_transaction_type_t) 0x0001 )
/** A key destruction transaction.
*
* This is only used for keys in an external cryptoprocessor (secure element).
* Keys in RAM or in internal storage are destroyed atomically in storage
* (simple file deletion), so they do not need a transaction mechanism.
*/
#define PSA_CRYPTO_TRANSACTION_DESTROY_KEY ( (psa_crypto_transaction_type_t) 0x0002 )
/** Transaction data.
*
* This type is designed to be serialized by writing the memory representation
* and reading it back on the same device.
*
* \note The transaction mechanism is designed for a single active transaction
* at a time. The transaction object is #psa_crypto_transaction.
*
* \note If an API call starts a transaction, it must complete this transaction
* before returning to the application.
*
* The lifetime of a transaction is the following (note that only one
* transaction may be active at a time):
*
* -# Call psa_crypto_prepare_transaction() to initialize the transaction
* object in memory and declare the type of transaction that is starting.
* -# Fill in the type-specific fields of #psa_crypto_transaction.
* -# Call psa_crypto_save_transaction() to start the transaction. This
* saves the transaction data to internal storage.
* -# Perform the work of the transaction by modifying files, contacting
* external entities, or whatever needs doing. Note that the transaction
* may be interrupted by a power failure, so you need to have a way
* recover from interruptions either by undoing what has been done
* so far or by resuming where you left off.
* -# If there are intermediate stages in the transaction, update
* the fields of #psa_crypto_transaction and call
* psa_crypto_save_transaction() again when each stage is reached.
* -# When the transaction is over, call psa_crypto_stop_transaction() to
* remove the transaction data in storage and in memory.
*
* If the system crashes while a transaction is in progress, psa_crypto_init()
* calls psa_crypto_load_transaction() and takes care of completing or
* rewinding the transaction. This is done in psa_crypto_recover_transaction()
* in psa_crypto.c. If you add a new type of transaction, be
* sure to add code for it in psa_crypto_recover_transaction().
*/
typedef union
{
/* Each element of this union must have the following properties
* to facilitate serialization and deserialization:
*
* - The element is a struct.
* - The first field of the struct is `psa_crypto_transaction_type_t type`.
* - Elements of the struct are arranged such a way that there is
* no padding.
*/
struct psa_crypto_transaction_unknown_s
{
psa_crypto_transaction_type_t type;
uint16_t unused1;
uint32_t unused2;
uint64_t unused3;
uint64_t unused4;
} unknown;
/* ::type is #PSA_CRYPTO_TRANSACTION_CREATE_KEY or
* #PSA_CRYPTO_TRANSACTION_DESTROY_KEY. */
struct psa_crypto_transaction_key_s
{
psa_crypto_transaction_type_t type;
uint16_t unused1;
psa_key_lifetime_t lifetime;
psa_key_slot_number_t slot;
psa_key_id_t id;
} key;
} psa_crypto_transaction_t;
/** The single active transaction.
*/
extern psa_crypto_transaction_t psa_crypto_transaction;
/** Prepare for a transaction.
*
* There must not be an ongoing transaction.
*
* \param type The type of transaction to start.
*/
static inline void psa_crypto_prepare_transaction(
psa_crypto_transaction_type_t type )
{
psa_crypto_transaction.unknown.type = type;
}
/** Save the transaction data to storage.
*
* You may call this function multiple times during a transaction to
* atomically update the transaction state.
*
* \retval #PSA_SUCCESS
* \retval #PSA_ERROR_INSUFFICIENT_STORAGE
* \retval #PSA_ERROR_STORAGE_FAILURE
*/
psa_status_t psa_crypto_save_transaction( void );
/** Load the transaction data from storage, if any.
*
* This function is meant to be called from psa_crypto_init() to recover
* in case a transaction was interrupted by a system crash.
*
* \retval #PSA_SUCCESS
* The data about the ongoing transaction has been loaded to
* #psa_crypto_transaction.
* \retval #PSA_ERROR_DOES_NOT_EXIST
* There is no ongoing transaction.
* \retval #PSA_ERROR_STORAGE_FAILURE
*/
psa_status_t psa_crypto_load_transaction( void );
/** Indicate that the current transaction is finished.
*
* Call this function at the very end of transaction processing.
* This function does not "commit" or "abort" the transaction: the storage
* subsystem has no concept of "commit" and "abort", just saving and
* removing the transaction information in storage.
*
* This function erases the transaction data in storage (if any) and
* resets the transaction data in memory.
*
* \retval #PSA_SUCCESS
* There was transaction data in storage.
* \retval #PSA_ERROR_DOES_NOT_EXIST
* There was no transaction data in storage.
* \retval #PSA_ERROR_STORAGE_FAILURE
* It was impossible to determine whether there was transaction data
* in storage, or the transaction data could not be erased.
*/
psa_status_t psa_crypto_stop_transaction( void );
/** The ITS file identifier for the transaction data.
*
* 0xffffffNN = special file; 0x74 = 't' for transaction.
*/
#define PSA_CRYPTO_ITS_TRANSACTION_UID ( (psa_key_id_t) 0xffffff74 )
#endif /* PSA_CRYPTO_STORAGE_HAS_TRANSACTIONS */
#if defined(MBEDTLS_PSA_INJECT_ENTROPY)
/** Backend side of mbedtls_psa_inject_entropy().