Remove psa_crypto_storage_file

Now that we have ITS over files, we no longer need a direct backend
for key storage over files. Remove psa_crypto_storage_file and its
tests.

Switch MBEDTLS_PSA_CRYPTO_STORAGE_ITS_C and MBEDTLS_PSA_ITS_FILE_C on
by default. This preserves functionality and test coverage in the
default configuration, but forgets any key previously stored using the
file backend.

tests/CMakeLists.txt

@@ -141,7 +141,6 @@ add_test_suite(psa_crypto_init)
 add_test_suite(psa_crypto_metadata)
 add_test_suite(psa_crypto_persistent_key)
 add_test_suite(psa_crypto_slot_management)
-add_test_suite(psa_crypto_storage_file)
 add_test_suite(psa_its)
 add_test_suite(shax)
 add_test_suite(timing)

tests/scripts/all.sh

@@ -689,8 +689,9 @@ component_test_no_platform () {
     scripts/config.pl unset MBEDTLS_ENTROPY_NV_SEED
     scripts/config.pl unset MBEDTLS_MEMORY_BUFFER_ALLOC_C
     scripts/config.pl unset MBEDTLS_FS_IO
-    scripts/config.pl unset MBEDTLS_PSA_CRYPTO_STORAGE_FILE_C
     scripts/config.pl unset MBEDTLS_PSA_CRYPTO_STORAGE_C
+    scripts/config.pl unset MBEDTLS_PSA_ITS_FILE_C
+    scripts/config.pl unset MBEDTLS_PSA_CRYPTO_STORAGE_ITS_C
     # Note, _DEFAULT_SOURCE needs to be defined for platforms using glibc version >2.19,
     # to re-enable platform integration features otherwise disabled in C99 builds
     make CC=gcc CFLAGS='-Werror -Wall -Wextra -std=c99 -pedantic -O0 -D_DEFAULT_SOURCE' lib programs
@@ -870,7 +871,8 @@ component_build_arm_none_eabi_gcc () {
     scripts/config.pl unset MBEDTLS_NET_C
     scripts/config.pl unset MBEDTLS_TIMING_C
     scripts/config.pl unset MBEDTLS_FS_IO
-    scripts/config.pl unset MBEDTLS_PSA_CRYPTO_STORAGE_FILE_C
+    scripts/config.pl unset MBEDTLS_PSA_ITS_FILE_C
+    scripts/config.pl unset MBEDTLS_PSA_CRYPTO_STORAGE_ITS_C
     scripts/config.pl unset MBEDTLS_PSA_CRYPTO_STORAGE_C
     scripts/config.pl unset MBEDTLS_ENTROPY_NV_SEED
     scripts/config.pl set MBEDTLS_NO_PLATFORM_ENTROPY
@@ -889,7 +891,8 @@ component_build_arm_none_eabi_gcc_no_udbl_division () {
     scripts/config.pl unset MBEDTLS_NET_C
     scripts/config.pl unset MBEDTLS_TIMING_C
     scripts/config.pl unset MBEDTLS_FS_IO
-    scripts/config.pl unset MBEDTLS_PSA_CRYPTO_STORAGE_FILE_C
+    scripts/config.pl unset MBEDTLS_PSA_ITS_FILE_C
+    scripts/config.pl unset MBEDTLS_PSA_CRYPTO_STORAGE_ITS_C
     scripts/config.pl unset MBEDTLS_PSA_CRYPTO_STORAGE_C
     scripts/config.pl unset MBEDTLS_ENTROPY_NV_SEED
     scripts/config.pl set MBEDTLS_NO_PLATFORM_ENTROPY
@@ -911,7 +914,8 @@ component_build_arm_none_eabi_gcc_no_64bit_multiplication () {
     scripts/config.pl unset MBEDTLS_NET_C
     scripts/config.pl unset MBEDTLS_TIMING_C
     scripts/config.pl unset MBEDTLS_FS_IO
-    scripts/config.pl unset MBEDTLS_PSA_CRYPTO_STORAGE_FILE_C
+    scripts/config.pl unset MBEDTLS_PSA_ITS_FILE_C
+    scripts/config.pl unset MBEDTLS_PSA_CRYPTO_STORAGE_ITS_C
     scripts/config.pl unset MBEDTLS_PSA_CRYPTO_STORAGE_C
     scripts/config.pl unset MBEDTLS_ENTROPY_NV_SEED
     scripts/config.pl set MBEDTLS_NO_PLATFORM_ENTROPY
@@ -933,7 +937,8 @@ component_build_armcc () {
     scripts/config.pl unset MBEDTLS_NET_C
     scripts/config.pl unset MBEDTLS_TIMING_C
     scripts/config.pl unset MBEDTLS_FS_IO
-    scripts/config.pl unset MBEDTLS_PSA_CRYPTO_STORAGE_FILE_C
+    scripts/config.pl unset MBEDTLS_PSA_ITS_FILE_C
+    scripts/config.pl unset MBEDTLS_PSA_CRYPTO_STORAGE_ITS_C
     scripts/config.pl unset MBEDTLS_PSA_CRYPTO_STORAGE_C
     scripts/config.pl unset MBEDTLS_ENTROPY_NV_SEED
     scripts/config.pl unset MBEDTLS_HAVE_TIME

tests/suites/test_suite_psa_crypto_storage_file.data

@@ -1,43 +0,0 @@
-PSA Storage Load verify loaded file
-depends_on:MBEDTLS_FS_IO
-load_data_from_file:1:"deadbeef":1:4:PSA_SUCCESS
-
-PSA Storage Load check slots dont share state
-depends_on:MBEDTLS_FS_IO
-load_data_from_file:2:"deadbeef":1:4:PSA_ERROR_STORAGE_FAILURE
-
-PSA Storage Load zero length file
-depends_on:MBEDTLS_FS_IO
-load_data_from_file:1:"":1:1:PSA_SUCCESS
-
-PSA Storage Load less than capacity of data buffer
-depends_on:MBEDTLS_FS_IO
-load_data_from_file:1:"deadbeef":1:5:PSA_SUCCESS
-
-PSA Storage Load nonexistent file location, should fail
-depends_on:MBEDTLS_FS_IO
-load_data_from_file:1:"deadbeef":0:4:PSA_ERROR_STORAGE_FAILURE
-
-PSA Storage Store verify stored file
-depends_on:MBEDTLS_FS_IO
-write_data_to_file:"deadbeef":PSA_SUCCESS
-
-PSA Storage Store into preexisting location, should fail
-depends_on:MBEDTLS_FS_IO
-write_data_to_prexisting_file:"psa_key_slot_1":"deadbeef":PSA_ERROR_ALREADY_EXISTS
-
-PSA Storage Store, preexisting temp_location file, should succeed
-depends_on:MBEDTLS_FS_IO
-write_data_to_prexisting_file:"psa_key_slot_0":"deadbeef":PSA_SUCCESS
-
-PSA Storage Get data size verify data size
-depends_on:MBEDTLS_FS_IO
-get_file_size:"deadbeef":4:PSA_SUCCESS:1
-
-PSA Storage Get data size verify data size zero length file
-depends_on:MBEDTLS_FS_IO
-get_file_size:"":0:PSA_SUCCESS:1
-
-PSA Storage Get data size nonexistent file location, should fail
-depends_on:MBEDTLS_FS_IO
-get_file_size:"deadbeef":4:PSA_ERROR_DOES_NOT_EXIST:0

tests/suites/test_suite_psa_crypto_storage_file.function

@@ -1,157 +0,0 @@
-/* BEGIN_HEADER */
-#include <stdint.h>
-#include "psa/crypto.h"
-#include "psa_crypto_storage_backend.h"
-
-/* END_HEADER */
-
-/* BEGIN_DEPENDENCIES
- * depends_on:MBEDTLS_PSA_CRYPTO_C:MBEDTLS_PSA_CRYPTO_STORAGE_FILE_C
- * END_DEPENDENCIES
- */
-
-/* BEGIN_CASE */
-void load_data_from_file( int id_to_load_arg,
-                          data_t *data, int should_make_file,
-                          int capacity_arg, int expected_status )
-{
-    psa_key_id_t id_to_load = id_to_load_arg;
-    char slot_location[] = "psa_key_slot_1";
-    psa_status_t status;
-    int ret;
-    size_t file_size = 0;
-    uint8_t *loaded_data = NULL;
-    size_t capacity = (size_t) capacity_arg;
-
-    if( should_make_file == 1 )
-    {
-        /* Create a file with data contents, with mask permissions. */
-        FILE *file;
-        file = fopen( slot_location, "wb+" );
-        TEST_ASSERT( file != NULL );
-        file_size = fwrite( data->x, 1, data->len, file );
-        TEST_EQUAL( file_size, data->len );
-        ret = fclose( file );
-        TEST_EQUAL( ret, 0 );
-    }
-
-    /* Read from the file with psa_crypto_storage_load. */
-    ASSERT_ALLOC( loaded_data, capacity );
-    status = psa_crypto_storage_load( id_to_load, loaded_data, file_size );
-
-    /* Check we get the expected status. */
-    TEST_EQUAL( status, expected_status );
-    if( status != PSA_SUCCESS )
-        goto exit;
-
-    /* Check that the file data and data length is what we expect. */
-    ASSERT_COMPARE( data->x, data->len, loaded_data, file_size );
-
-exit:
-    mbedtls_free( loaded_data );
-    remove( slot_location );
-}
-/* END_CASE */
-
-/* BEGIN_CASE */
-void write_data_to_file( data_t *data, int expected_status )
-{
-    char slot_location[] = "psa_key_slot_1";
-    psa_status_t status;
-    int ret;
-    FILE *file;
-    size_t file_size;
-    size_t num_read;
-    uint8_t *loaded_data = NULL;
-
-    /* Write data to file. */
-    status = psa_crypto_storage_store( 1, data->x, data->len );
-
-    /* Check that we got the expected status. */
-    TEST_EQUAL( status, expected_status );
-    if( status != PSA_SUCCESS )
-        goto exit;
-
-    /* Check that the file length is what we expect */
-    file = fopen( slot_location, "rb" );
-    TEST_ASSERT( file != NULL );
-    fseek( file, 0, SEEK_END );
-    file_size = (size_t) ftell( file );
-    fseek( file, 0, SEEK_SET );
-    TEST_EQUAL( file_size, data->len );
-
-    /* Check that the file contents are what we expect */
-    ASSERT_ALLOC( loaded_data, data->len );
-
-    num_read = fread( loaded_data, 1, file_size, file );
-    TEST_EQUAL( num_read, file_size );
-    ASSERT_COMPARE( data->x, data->len, loaded_data, file_size );
-    ret = fclose( file );
-    TEST_EQUAL( ret, 0 );
-
-exit:
-    mbedtls_free( loaded_data );
-    remove( slot_location );
-}
-/* END_CASE */
-
-/* BEGIN_CASE */
-void get_file_size( data_t *data, int expected_data_length,
-                    int expected_status, int should_make_file )
-{
-    char slot_location[] = "psa_key_slot_1";
-    psa_status_t status;
-    int ret;
-    size_t file_size;
-
-    if( should_make_file )
-    {
-        /* Create a file with data contents, with mask permissions. */
-        FILE *file;
-        file = fopen( slot_location, "wb+" );
-        TEST_ASSERT( file != NULL );
-        file_size = fwrite( data->x, 1, data->len, file );
-        TEST_EQUAL( file_size, data->len );
-        ret = fclose( file );
-        TEST_EQUAL( ret, 0 );
-    }
-
-    /* Check get data size is what we expect */
-    status = psa_crypto_storage_get_data_length( 1, &file_size );
-    TEST_EQUAL( status, expected_status );
-    if( expected_status == PSA_SUCCESS )
-        TEST_EQUAL( file_size, (size_t)expected_data_length );
-
-exit:
-    remove( slot_location );
-}
-/* END_CASE */
-
-/* BEGIN_CASE */
-void write_data_to_prexisting_file( char *preexist_file_location,
-                                    data_t *data, int expected_status )
-{
-    char slot_location[] = "psa_key_slot_1";
-    psa_status_t status;
-    int ret;
-    FILE *file;
-
-    /* Create file first */
-    file = fopen( preexist_file_location, "wb" );
-    TEST_ASSERT( file != NULL );
-    ret = fclose( file );
-    TEST_EQUAL( ret, 0 );
-
-    /* Write data to file. */
-    status = psa_crypto_storage_store( 1, data->x, data->len );
-
-    /* Check that we got the expected status. */
-    TEST_EQUAL( status, expected_status );
-    if( status != PSA_SUCCESS )
-        goto exit;
-
-exit:
-    remove( preexist_file_location );
-    remove( slot_location );
-}
-/* END_CASE */