Remove psa_crypto_storage_file

Now that we have ITS over files, we no longer need a direct backend for key storage over files. Remove psa_crypto_storage_file and its tests. Switch MBEDTLS_PSA_CRYPTO_STORAGE_ITS_C and MBEDTLS_PSA_ITS_FILE_C on by default. This preserves functionality and test coverage in the default configuration, but forgets any key previously stored using the file backend.
2025-07-29 11:41:15 +03:00 · 2019-02-24 14:03:29 +01:00
parent 23793482ac
commit e435f23019
14 changed files with 30 additions and 489 deletions
--- a/library/CMakeLists.txt
+++ b/library/CMakeLists.txt
@ -56,7 +56,6 @@ set(src_crypto
    psa_crypto.c
    psa_crypto_slot_management.c
    psa_crypto_storage.c
-    psa_crypto_storage_file.c
    psa_crypto_storage_its.c
    psa_its_file.c
    ripemd160.c
--- a/library/Makefile
+++ b/library/Makefile
@ -85,7 +85,6 @@ OBJS_CRYPTO=	aes.o		aesni.o		arc4.o		\
 		psa_crypto.o					\
 		psa_crypto_slot_management.o			\
 		psa_crypto_storage.o				\
-		psa_crypto_storage_file.o			\
 		psa_crypto_storage_its.o			\
 		psa_its_file.o					\
 		ripemd160.o	rsa_internal.o	rsa.o  		\
--- a/library/psa_crypto_storage_file.c
+++ b/library/psa_crypto_storage_file.c
@ -1,220 +0,0 @@
-/*
- *  PSA file storage backend for persistent keys
- */
-/*  Copyright (C) 2018, ARM Limited, All Rights Reserved
- *  SPDX-License-Identifier: Apache-2.0
- *
- *  Licensed under the Apache License, Version 2.0 (the "License"); you may
- *  not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- *
- *  This file is part of mbed TLS (https://tls.mbed.org)
- */
-
-#if defined(MBEDTLS_CONFIG_FILE)
-#include MBEDTLS_CONFIG_FILE
-#else
-#include "mbedtls/config.h"
-#endif
-
-#if defined(MBEDTLS_PSA_CRYPTO_STORAGE_FILE_C)
-
-#include <string.h>
-
-#include "psa/crypto.h"
-#include "psa_crypto_storage_backend.h"
-#include "mbedtls/platform_util.h"
-
-#if defined(MBEDTLS_PLATFORM_C)
-#include "mbedtls/platform.h"
-#else
-#include <stdio.h>
-#define mbedtls_snprintf snprintf
-#endif
-
-/* This option sets where files are to be stored. If this is left unset,
- * the files by default will be stored in the same location as the program,
- * which may not be desired or possible. */
-#if !defined(CRYPTO_STORAGE_FILE_LOCATION)
-#define CRYPTO_STORAGE_FILE_LOCATION ""
-#endif
-
-enum { MAX_LOCATION_LEN = sizeof(CRYPTO_STORAGE_FILE_LOCATION) + 40 };
-
-static void key_id_to_location( const psa_key_file_id_t key,
-                                char *location,
-                                size_t location_size )
-{
-    mbedtls_snprintf( location, location_size,
-                      CRYPTO_STORAGE_FILE_LOCATION "psa_key_slot_%lu",
-                      (unsigned long) key );
-}
-
-psa_status_t psa_crypto_storage_load( const psa_key_file_id_t key, uint8_t *data,
-                                      size_t data_size )
-{
-    psa_status_t status = PSA_SUCCESS;
-    FILE *file;
-    size_t num_read;
-    char slot_location[MAX_LOCATION_LEN];
-
-    key_id_to_location( key, slot_location, MAX_LOCATION_LEN );
-    file = fopen( slot_location, "rb" );
-    if( file == NULL )
-    {
-        status = PSA_ERROR_STORAGE_FAILURE;
-        goto exit;
-    }
-    num_read = fread( data, 1, data_size, file );
-    if( num_read != data_size )
-        status = PSA_ERROR_STORAGE_FAILURE;
-
-exit:
-    if( file != NULL )
-        fclose( file );
-    return( status );
-}
-
-int psa_is_key_present_in_storage( const psa_key_file_id_t key )
-{
-    char slot_location[MAX_LOCATION_LEN];
-    FILE *file;
-
-    key_id_to_location( key, slot_location, MAX_LOCATION_LEN );
-
-    file = fopen( slot_location, "r" );
-    if( file == NULL )
-    {
-        /* File doesn't exist */
-        return( 0 );
-    }
-
-    fclose( file );
-    return( 1 );
-}
-
-psa_status_t psa_crypto_storage_store( const psa_key_file_id_t key,
-                                       const uint8_t *data,
-                                       size_t data_length )
-{
-    psa_status_t status = PSA_SUCCESS;
-    int ret;
-    size_t num_written;
-    char slot_location[MAX_LOCATION_LEN];
-    FILE *file;
-    /* The storage location corresponding to "key slot 0" is used as a
-     * temporary location in order to make the apparition of the actual slot
-     * file atomic. 0 is not a valid key slot number, so this should not
-     * affect actual keys. */
-    const char *temp_location = CRYPTO_STORAGE_FILE_LOCATION "psa_key_slot_0";
-
-    key_id_to_location( key, slot_location, MAX_LOCATION_LEN );
-
-    if( psa_is_key_present_in_storage( key ) == 1 )
-        return( PSA_ERROR_ALREADY_EXISTS );
-
-    file = fopen( temp_location, "wb" );
-    if( file == NULL )
-    {
-        status = PSA_ERROR_STORAGE_FAILURE;
-        goto exit;
-    }
-
-    num_written = fwrite( data, 1, data_length, file );
-    if( num_written != data_length )
-    {
-        status = PSA_ERROR_STORAGE_FAILURE;
-        goto exit;
-    }
-
-    ret = fclose( file );
-    file = NULL;
-    if( ret != 0 )
-    {
-        status = PSA_ERROR_STORAGE_FAILURE;
-        goto exit;
-    }
-
-    if( rename( temp_location, slot_location ) != 0 )
-    {
-        status = PSA_ERROR_STORAGE_FAILURE;
-        goto exit;
-    }
-
-exit:
-    if( file != NULL )
-        fclose( file );
-    remove( temp_location );
-    return( status );
-}
-
-psa_status_t psa_destroy_persistent_key( const psa_key_file_id_t key )
-{
-    FILE *file;
-    char slot_location[MAX_LOCATION_LEN];
-
-    key_id_to_location( key, slot_location, MAX_LOCATION_LEN );
-
-    /* Only try remove the file if it exists */
-    file = fopen( slot_location, "rb" );
-    if( file != NULL )
-    {
-        fclose( file );
-
-        if( remove( slot_location ) != 0 )
-            return( PSA_ERROR_STORAGE_FAILURE );
-    }
-    return( PSA_SUCCESS );
-}
-
-psa_status_t psa_crypto_storage_get_data_length( const psa_key_file_id_t key,
-                                                 size_t *data_length )
-{
-    psa_status_t status = PSA_SUCCESS;
-    FILE *file;
-    long file_size;
-    char slot_location[MAX_LOCATION_LEN];
-
-    key_id_to_location( key, slot_location, MAX_LOCATION_LEN );
-
-    file = fopen( slot_location, "rb" );
-    if( file == NULL )
-        return( PSA_ERROR_DOES_NOT_EXIST );
-
-    if( fseek( file, 0, SEEK_END ) != 0 )
-    {
-        status = PSA_ERROR_STORAGE_FAILURE;
-        goto exit;
-    }
-
-    file_size = ftell( file );
-
-    if( file_size < 0 )
-    {
-        status = PSA_ERROR_STORAGE_FAILURE;
-        goto exit;
-    }
-
-#if LONG_MAX > SIZE_MAX
-    if( (unsigned long) file_size > SIZE_MAX )
-    {
-        status = PSA_ERROR_STORAGE_FAILURE;
-        goto exit;
-    }
-#endif
-    *data_length = (size_t) file_size;
-
-exit:
-    fclose( file );
-    return( status );
-}
-
-#endif /* MBEDTLS_PSA_CRYPTO_STORAGE_FILE_C */
--- a/library/version_features.c
+++ b/library/version_features.c
@ -714,9 +714,6 @@ static const char *features[] = {
 #if defined(MBEDTLS_PSA_CRYPTO_STORAGE_C)
    "MBEDTLS_PSA_CRYPTO_STORAGE_C",
 #endif /* MBEDTLS_PSA_CRYPTO_STORAGE_C */
-#if defined(MBEDTLS_PSA_CRYPTO_STORAGE_FILE_C)
-    "MBEDTLS_PSA_CRYPTO_STORAGE_FILE_C",
-#endif /* MBEDTLS_PSA_CRYPTO_STORAGE_FILE_C */
 #if defined(MBEDTLS_PSA_CRYPTO_STORAGE_ITS_C)
    "MBEDTLS_PSA_CRYPTO_STORAGE_ITS_C",
 #endif /* MBEDTLS_PSA_CRYPTO_STORAGE_ITS_C */