1
0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-07-29 11:41:15 +03:00

psa: Add storage implementation for files

Add new functions, psa_load_persistent_key(),
psa_free_persistent_key_data(), and psa_save_persistent_key(), for
managing persistent keys. These functions load to or save from our
internal representation of key slots. Serialization is a concern of the
storage backend implementation and doesn't abstraction-leak into the
lifetime management code.

An initial implementation for files is provided. Additional storage
backends can implement this interface for other storage types.
This commit is contained in:
Darryl Green
2018-06-15 13:06:04 +01:00
parent d9eee3b417
commit db2b8db715
19 changed files with 1004 additions and 0 deletions

View File

@ -113,6 +113,7 @@ add_test_suite(poly1305)
add_test_suite(psa_crypto)
add_test_suite(psa_crypto_hash)
add_test_suite(psa_crypto_metadata)
add_test_suite(psa_crypto_storage_file)
add_test_suite(shax)
add_test_suite(ssl)
add_test_suite(timing)

View File

@ -644,6 +644,8 @@ scripts/config.pl unset MBEDTLS_PLATFORM_EXIT_ALT
scripts/config.pl unset MBEDTLS_ENTROPY_NV_SEED
scripts/config.pl unset MBEDTLS_MEMORY_BUFFER_ALLOC_C
scripts/config.pl unset MBEDTLS_FS_IO
scripts/config.pl unset MBEDTLS_PSA_CRYPTO_STORAGE_FILE_C
scripts/config.pl unset MBEDTLS_PSA_CRYPTO_STORAGE_C
# Note, _DEFAULT_SOURCE needs to be defined for platforms using glibc version >2.19,
# to re-enable platform integration features otherwise disabled in C99 builds
make CC=gcc CFLAGS='-Werror -Wall -Wextra -std=c99 -pedantic -O0 -D_DEFAULT_SOURCE' lib programs
@ -859,6 +861,8 @@ scripts/config.pl unset MBEDTLS_THREADING_PTHREAD
scripts/config.pl unset MBEDTLS_THREADING_C
scripts/config.pl unset MBEDTLS_MEMORY_BACKTRACE # execinfo.h
scripts/config.pl unset MBEDTLS_MEMORY_BUFFER_ALLOC_C # calls exit
scripts/config.pl unset MBEDTLS_PSA_CRYPTO_STORAGE_FILE_C # depends on MBEDTLS_FS_IO
scripts/config.pl unset MBEDTLS_PSA_CRYPTO_STORAGE_C # depends on MBEDTLS_PSA_CRYPTO_STORAGE_FILE_C
make CC=arm-none-eabi-gcc AR=arm-none-eabi-ar LD=arm-none-eabi-ld CFLAGS='-Werror -Wall -Wextra' lib
msg "build: arm-none-eabi-gcc -DMBEDTLS_NO_UDBL_DIVISION, make" # ~ 10s
@ -877,6 +881,8 @@ scripts/config.pl unset MBEDTLS_THREADING_C
scripts/config.pl unset MBEDTLS_MEMORY_BACKTRACE # execinfo.h
scripts/config.pl unset MBEDTLS_MEMORY_BUFFER_ALLOC_C # calls exit
scripts/config.pl set MBEDTLS_NO_UDBL_DIVISION
scripts/config.pl unset MBEDTLS_PSA_CRYPTO_STORAGE_FILE_C # depends on MBEDTLS_FS_IO
scripts/config.pl unset MBEDTLS_PSA_CRYPTO_STORAGE_C # depends on MBEDTLS_PSA_CRYPTO_STORAGE_FILE_C
make CC=arm-none-eabi-gcc AR=arm-none-eabi-ar LD=arm-none-eabi-ld CFLAGS='-Werror -Wall -Wextra' lib
echo "Checking that software 64-bit division is not required"
if_build_succeeded not grep __aeabi_uldiv library/*.o
@ -897,6 +903,8 @@ scripts/config.pl unset MBEDTLS_THREADING_C
scripts/config.pl unset MBEDTLS_MEMORY_BACKTRACE # execinfo.h
scripts/config.pl unset MBEDTLS_MEMORY_BUFFER_ALLOC_C # calls exit
scripts/config.pl set MBEDTLS_NO_64BIT_MULTIPLICATION
scripts/config.pl unset MBEDTLS_PSA_CRYPTO_STORAGE_FILE_C # depends on MBEDTLS_FS_IO
scripts/config.pl unset MBEDTLS_PSA_CRYPTO_STORAGE_C # depends on MBEDTLS_PSA_CRYPTO_STORAGE_FILE_C
make CC=arm-none-eabi-gcc AR=arm-none-eabi-ar LD=arm-none-eabi-ld CFLAGS='-Werror -O1 -march=armv6-m -mthumb' lib
echo "Checking that software 64-bit multiplication is not required"
if_build_succeeded not grep __aeabi_lmul library/*.o
@ -920,6 +928,8 @@ scripts/config.pl unset MBEDTLS_THREADING_C
scripts/config.pl unset MBEDTLS_MEMORY_BACKTRACE # execinfo.h
scripts/config.pl unset MBEDTLS_MEMORY_BUFFER_ALLOC_C # calls exit
scripts/config.pl unset MBEDTLS_PLATFORM_TIME_ALT # depends on MBEDTLS_HAVE_TIME
scripts/config.pl unset MBEDTLS_PSA_CRYPTO_STORAGE_FILE_C # depends on MBEDTLS_FS_IO
scripts/config.pl unset MBEDTLS_PSA_CRYPTO_STORAGE_C # depends on MBEDTLS_PSA_CRYPTO_STORAGE_FILE_C
if [ $RUN_ARMCC -ne 0 ]; then
make CC="$ARMC5_CC" AR="$ARMC5_AR" WARNING_CFLAGS='--strict --c99' lib

View File

@ -0,0 +1,43 @@
PSA Storage Load verify loaded file
depends_on:MBEDTLS_FS_IO
load_data_from_file:1:"deadbeef":1:4:PSA_SUCCESS
PSA Storage Load check slots dont share state
depends_on:MBEDTLS_FS_IO
load_data_from_file:2:"deadbeef":1:4:PSA_ERROR_STORAGE_FAILURE
PSA Storage Load zero length file
depends_on:MBEDTLS_FS_IO
load_data_from_file:1:"":1:1:PSA_SUCCESS
PSA Storage Load less than capacity of data buffer
depends_on:MBEDTLS_FS_IO
load_data_from_file:1:"deadbeef":1:5:PSA_SUCCESS
PSA Storage Load nonexistent file location, should fail
depends_on:MBEDTLS_FS_IO
load_data_from_file:1:"deadbeef":0:4:PSA_ERROR_STORAGE_FAILURE
PSA Storage Store verify stored file
depends_on:MBEDTLS_FS_IO
write_data_to_file:"deadbeef":PSA_SUCCESS
PSA Storage Store into preexisting location, should fail
depends_on:MBEDTLS_FS_IO
write_data_to_prexisting_file:"psa_key_slot_1":"deadbeef":PSA_ERROR_OCCUPIED_SLOT
PSA Storage Store, preexisting temp_location file, should succeed
depends_on:MBEDTLS_FS_IO
write_data_to_prexisting_file:"psa_key_slot_0":"deadbeef":PSA_SUCCESS
PSA Storage Get data size verify data size
depends_on:MBEDTLS_FS_IO
get_file_size:"deadbeef":4:PSA_SUCCESS:1
PSA Storage Get data size verify data size zero length file
depends_on:MBEDTLS_FS_IO
get_file_size:"":0:PSA_SUCCESS:1
PSA Storage Get data size nonexistent file location, should fail
depends_on:MBEDTLS_FS_IO
get_file_size:"deadbeef":4:PSA_ERROR_EMPTY_SLOT:0

View File

@ -0,0 +1,159 @@
/* BEGIN_HEADER */
#include <stdint.h>
#include "psa/crypto.h"
#include "psa_crypto_storage_backend.h"
/* END_HEADER */
/* BEGIN_DEPENDENCIES
* depends_on:MBEDTLS_PSA_CRYPTO_C:MBEDTLS_PSA_CRYPTO_STORAGE_FILE_C
* END_DEPENDENCIES
*/
/* BEGIN_CASE */
void load_data_from_file( int slot_to_load, data_t *data, int should_make_file,
int capacity_arg, int expected_status )
{
char slot_location[] = "psa_key_slot_1";
psa_status_t status;
int ret;
size_t file_size = 0;
uint8_t *loaded_data = NULL;
size_t capacity = (size_t) capacity_arg;
if( should_make_file == 1 )
{
/* Create a file with data contents, with mask permissions. */
FILE *file;
file = fopen( slot_location, "wb+" );
TEST_ASSERT( file != NULL );
file_size = fwrite( data->x, 1, data->len, file );
TEST_ASSERT( file_size == data->len );
ret = fclose( file );
TEST_ASSERT( ret == 0 );
}
/* Read from the file with psa_crypto_storage_load. */
loaded_data = mbedtls_calloc( 1, capacity );
TEST_ASSERT( loaded_data != NULL );
status = psa_crypto_storage_load( (psa_key_slot_t) slot_to_load, loaded_data,
file_size );
/* Check we get the expected status. */
TEST_ASSERT( status == expected_status );
if( status != PSA_SUCCESS )
goto exit;
/* Check that the file data and data length is what we expect. */
ASSERT_COMPARE( data->x, data->len, loaded_data, file_size );
exit:
mbedtls_free( loaded_data );
remove( slot_location );
}
/* END_CASE */
/* BEGIN_CASE */
void write_data_to_file( data_t *data, int expected_status )
{
char slot_location[] = "psa_key_slot_1";
psa_status_t status;
int ret;
FILE *file;
size_t file_size;
size_t num_read;
uint8_t *loaded_data = NULL;
/* Write data to file. */
status = psa_crypto_storage_store( 1, data->x, data->len );
/* Check that we got the expected status. */
TEST_ASSERT( status == expected_status );
if( status != PSA_SUCCESS )
goto exit;
/* Check that the file length is what we expect */
file = fopen( slot_location, "rb" );
TEST_ASSERT( file != NULL );
fseek( file, 0, SEEK_END );
file_size = (size_t) ftell( file );
fseek( file, 0, SEEK_SET );
TEST_ASSERT( file_size == data->len );
/* Check that the file contents are what we expect */
loaded_data = mbedtls_calloc( 1, data->len );
TEST_ASSERT( loaded_data != NULL );
num_read = fread( loaded_data, 1, file_size, file );
TEST_ASSERT( num_read == file_size );
ASSERT_COMPARE( data->x, data->len, loaded_data, file_size );
ret = fclose( file );
TEST_ASSERT( ret == 0 );
exit:
mbedtls_free( loaded_data );
remove( slot_location );
}
/* END_CASE */
/* BEGIN_CASE */
void get_file_size( data_t *data, int expected_data_length,
int expected_status, int should_make_file )
{
char slot_location[] = "psa_key_slot_1";
psa_status_t status;
int ret;
size_t file_size;
if( should_make_file )
{
/* Create a file with data contents, with mask permissions. */
FILE *file;
file = fopen( slot_location, "wb+" );
TEST_ASSERT( file != NULL );
file_size = fwrite( data->x, 1, data->len, file );
TEST_ASSERT( file_size == data->len );
ret = fclose( file );
TEST_ASSERT( ret == 0 );
}
/* Check get data size is what we expect */
status = psa_crypto_storage_get_data_length( 1, &file_size );
TEST_ASSERT( status == expected_status );
if( expected_status == PSA_SUCCESS )
TEST_ASSERT( file_size == (size_t)expected_data_length );
exit:
remove( slot_location );
}
/* END_CASE */
/* BEGIN_CASE */
void write_data_to_prexisting_file( char *preexist_file_location,
data_t *data, int expected_status )
{
char slot_location[] = "psa_key_slot_1";
psa_status_t status;
int ret;
FILE *file;
/* Create file first */
file = fopen( preexist_file_location, "wb" );
TEST_ASSERT( file != NULL );
ret = fclose( file );
TEST_ASSERT( ret == 0 );
/* Write data to file. */
status = psa_crypto_storage_store( 1, data->x, data->len );
/* Check that we got the expected status. */
TEST_ASSERT( status == expected_status );
if( status != PSA_SUCCESS )
goto exit;
exit:
remove( preexist_file_location );
remove( slot_location );
}
/* END_CASE */