1 /*
2 * PSA persistent key storage
3 */
4 /*
5 * Copyright The Mbed TLS Contributors
6 * SPDX-License-Identifier: Apache-2.0
7 *
8 * Licensed under the Apache License, Version 2.0 (the "License"); you may
9 * not use this file except in compliance with the License.
10 * You may obtain a copy of the License at
11 *
12 * http://www.apache.org/licenses/LICENSE-2.0
13 *
14 * Unless required by applicable law or agreed to in writing, software
15 * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
16 * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
17 * See the License for the specific language governing permissions and
18 * limitations under the License.
19 */
20
21 #include "common.h"
22
23 #if defined(MBEDTLS_PSA_CRYPTO_STORAGE_C)
24
25 #include <stdlib.h>
26 #include <string.h>
27
28 #include "psa/crypto.h"
29 #include "psa_crypto_storage.h"
30 #include "mbedtls/platform_util.h"
31
32 #if defined(MBEDTLS_PSA_ITS_FILE_C)
33 #include "psa_crypto_its.h"
34 #else /* Native ITS implementation */
35 #include "psa/error.h"
36 #include "psa/internal_trusted_storage.h"
37 #endif
38
39 #if defined(MBEDTLS_PLATFORM_C)
40 #include "mbedtls/platform.h"
41 #else
42 #include <stdlib.h>
43 #define mbedtls_calloc calloc
44 #define mbedtls_free free
45 #endif
46
47 /****************************************************************/
48 /* Key storage */
49 /****************************************************************/
50
51 /* Determine a file name (ITS file identifier) for the given key identifier.
52 * The file name must be distinct from any file that is used for a purpose
53 * other than storing a key. Currently, the only such file is the random seed
54 * file whose name is PSA_CRYPTO_ITS_RANDOM_SEED_UID and whose value is
55 * 0xFFFFFF52. */
psa_its_identifier_of_slot(mbedtls_svc_key_id_t key)56 static psa_storage_uid_t psa_its_identifier_of_slot( mbedtls_svc_key_id_t key )
57 {
58 #if defined(MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER)
59 /* Encode the owner in the upper 32 bits. This means that if
60 * owner values are nonzero (as they are on a PSA platform),
61 * no key file will ever have a value less than 0x100000000, so
62 * the whole range 0..0xffffffff is available for non-key files. */
63 uint32_t unsigned_owner_id = MBEDTLS_SVC_KEY_ID_GET_OWNER_ID( key );
64 return( ( (uint64_t) unsigned_owner_id << 32 ) |
65 MBEDTLS_SVC_KEY_ID_GET_KEY_ID( key ) );
66 #else
67 /* Use the key id directly as a file name.
68 * psa_is_key_id_valid() in psa_crypto_slot_management.c
69 * is responsible for ensuring that key identifiers do not have a
70 * value that is reserved for non-key files. */
71 return( key );
72 #endif
73 }
74
75 /**
76 * \brief Load persistent data for the given key slot number.
77 *
78 * This function reads data from a storage backend and returns the data in a
79 * buffer.
80 *
81 * \param key Persistent identifier of the key to be loaded. This
82 * should be an occupied storage location.
83 * \param[out] data Buffer where the data is to be written.
84 * \param data_size Size of the \c data buffer in bytes.
85 *
86 * \retval #PSA_SUCCESS
87 * \retval #PSA_ERROR_DATA_INVALID
88 * \retval #PSA_ERROR_DATA_CORRUPT
89 * \retval #PSA_ERROR_STORAGE_FAILURE
90 * \retval #PSA_ERROR_DOES_NOT_EXIST
91 */
psa_crypto_storage_load(const mbedtls_svc_key_id_t key,uint8_t * data,size_t data_size)92 static psa_status_t psa_crypto_storage_load(
93 const mbedtls_svc_key_id_t key, uint8_t *data, size_t data_size )
94 {
95 psa_status_t status;
96 psa_storage_uid_t data_identifier = psa_its_identifier_of_slot( key );
97 struct psa_storage_info_t data_identifier_info;
98 size_t data_length = 0;
99
100 status = psa_its_get_info( data_identifier, &data_identifier_info );
101 if( status != PSA_SUCCESS )
102 return( status );
103
104 status = psa_its_get( data_identifier, 0, (uint32_t) data_size, data, &data_length );
105 if( data_size != data_length )
106 return( PSA_ERROR_DATA_INVALID );
107
108 return( status );
109 }
110
psa_is_key_present_in_storage(const mbedtls_svc_key_id_t key)111 int psa_is_key_present_in_storage( const mbedtls_svc_key_id_t key )
112 {
113 psa_status_t ret;
114 psa_storage_uid_t data_identifier = psa_its_identifier_of_slot( key );
115 struct psa_storage_info_t data_identifier_info;
116
117 ret = psa_its_get_info( data_identifier, &data_identifier_info );
118
119 if( ret == PSA_ERROR_DOES_NOT_EXIST )
120 return( 0 );
121 return( 1 );
122 }
123
124 /**
125 * \brief Store persistent data for the given key slot number.
126 *
127 * This function stores the given data buffer to a persistent storage.
128 *
129 * \param key Persistent identifier of the key to be stored. This
130 * should be an unoccupied storage location.
131 * \param[in] data Buffer containing the data to be stored.
132 * \param data_length The number of bytes
133 * that make up the data.
134 *
135 * \retval #PSA_SUCCESS
136 * \retval #PSA_ERROR_INSUFFICIENT_STORAGE
137 * \retval #PSA_ERROR_ALREADY_EXISTS
138 * \retval #PSA_ERROR_STORAGE_FAILURE
139 * \retval #PSA_ERROR_DATA_INVALID
140 */
psa_crypto_storage_store(const mbedtls_svc_key_id_t key,const uint8_t * data,size_t data_length)141 static psa_status_t psa_crypto_storage_store( const mbedtls_svc_key_id_t key,
142 const uint8_t *data,
143 size_t data_length )
144 {
145 psa_status_t status;
146 psa_storage_uid_t data_identifier = psa_its_identifier_of_slot( key );
147 struct psa_storage_info_t data_identifier_info;
148
149 if( psa_is_key_present_in_storage( key ) == 1 )
150 return( PSA_ERROR_ALREADY_EXISTS );
151
152 status = psa_its_set( data_identifier, (uint32_t) data_length, data, 0 );
153 if( status != PSA_SUCCESS )
154 {
155 return( PSA_ERROR_DATA_INVALID );
156 }
157
158 status = psa_its_get_info( data_identifier, &data_identifier_info );
159 if( status != PSA_SUCCESS )
160 {
161 goto exit;
162 }
163
164 if( data_identifier_info.size != data_length )
165 {
166 status = PSA_ERROR_DATA_INVALID;
167 goto exit;
168 }
169
170 exit:
171 if( status != PSA_SUCCESS )
172 {
173 /* Remove the file in case we managed to create it but something
174 * went wrong. It's ok if the file doesn't exist. If the file exists
175 * but the removal fails, we're already reporting an error so there's
176 * nothing else we can do. */
177 (void) psa_its_remove( data_identifier );
178 }
179 return( status );
180 }
181
psa_destroy_persistent_key(const mbedtls_svc_key_id_t key)182 psa_status_t psa_destroy_persistent_key( const mbedtls_svc_key_id_t key )
183 {
184 psa_status_t ret;
185 psa_storage_uid_t data_identifier = psa_its_identifier_of_slot( key );
186 struct psa_storage_info_t data_identifier_info;
187
188 ret = psa_its_get_info( data_identifier, &data_identifier_info );
189 if( ret == PSA_ERROR_DOES_NOT_EXIST )
190 return( PSA_SUCCESS );
191
192 if( psa_its_remove( data_identifier ) != PSA_SUCCESS )
193 return( PSA_ERROR_DATA_INVALID );
194
195 ret = psa_its_get_info( data_identifier, &data_identifier_info );
196 if( ret != PSA_ERROR_DOES_NOT_EXIST )
197 return( PSA_ERROR_DATA_INVALID );
198
199 return( PSA_SUCCESS );
200 }
201
202 /**
203 * \brief Get data length for given key slot number.
204 *
205 * \param key Persistent identifier whose stored data length
206 * is to be obtained.
207 * \param[out] data_length The number of bytes that make up the data.
208 *
209 * \retval #PSA_SUCCESS
210 * \retval #PSA_ERROR_STORAGE_FAILURE
211 * \retval #PSA_ERROR_DOES_NOT_EXIST
212 * \retval #PSA_ERROR_DATA_CORRUPT
213 */
psa_crypto_storage_get_data_length(const mbedtls_svc_key_id_t key,size_t * data_length)214 static psa_status_t psa_crypto_storage_get_data_length(
215 const mbedtls_svc_key_id_t key,
216 size_t *data_length )
217 {
218 psa_status_t status;
219 psa_storage_uid_t data_identifier = psa_its_identifier_of_slot( key );
220 struct psa_storage_info_t data_identifier_info;
221
222 status = psa_its_get_info( data_identifier, &data_identifier_info );
223 if( status != PSA_SUCCESS )
224 return( status );
225
226 *data_length = (size_t) data_identifier_info.size;
227
228 return( PSA_SUCCESS );
229 }
230
231 /**
232 * Persistent key storage magic header.
233 */
234 #define PSA_KEY_STORAGE_MAGIC_HEADER "PSA\0KEY"
235 #define PSA_KEY_STORAGE_MAGIC_HEADER_LENGTH ( sizeof( PSA_KEY_STORAGE_MAGIC_HEADER ) )
236
237 typedef struct {
238 uint8_t magic[PSA_KEY_STORAGE_MAGIC_HEADER_LENGTH];
239 uint8_t version[4];
240 uint8_t lifetime[sizeof( psa_key_lifetime_t )];
241 uint8_t type[2];
242 uint8_t bits[2];
243 uint8_t policy[sizeof( psa_key_policy_t )];
244 uint8_t data_len[4];
245 uint8_t key_data[];
246 } psa_persistent_key_storage_format;
247
psa_format_key_data_for_storage(const uint8_t * data,const size_t data_length,const psa_core_key_attributes_t * attr,uint8_t * storage_data)248 void psa_format_key_data_for_storage( const uint8_t *data,
249 const size_t data_length,
250 const psa_core_key_attributes_t *attr,
251 uint8_t *storage_data )
252 {
253 psa_persistent_key_storage_format *storage_format =
254 (psa_persistent_key_storage_format *) storage_data;
255
256 memcpy( storage_format->magic, PSA_KEY_STORAGE_MAGIC_HEADER, PSA_KEY_STORAGE_MAGIC_HEADER_LENGTH );
257 MBEDTLS_PUT_UINT32_LE( 0, storage_format->version, 0 );
258 MBEDTLS_PUT_UINT32_LE( attr->lifetime, storage_format->lifetime, 0 );
259 MBEDTLS_PUT_UINT16_LE( (uint16_t) attr->type, storage_format->type, 0 );
260 MBEDTLS_PUT_UINT16_LE( (uint16_t) attr->bits, storage_format->bits, 0 );
261 MBEDTLS_PUT_UINT32_LE( attr->policy.usage, storage_format->policy, 0 );
262 MBEDTLS_PUT_UINT32_LE( attr->policy.alg, storage_format->policy, sizeof( uint32_t ) );
263 MBEDTLS_PUT_UINT32_LE( attr->policy.alg2, storage_format->policy, 2 * sizeof( uint32_t ) );
264 MBEDTLS_PUT_UINT32_LE( data_length, storage_format->data_len, 0 );
265 memcpy( storage_format->key_data, data, data_length );
266 }
267
check_magic_header(const uint8_t * data)268 static psa_status_t check_magic_header( const uint8_t *data )
269 {
270 if( memcmp( data, PSA_KEY_STORAGE_MAGIC_HEADER,
271 PSA_KEY_STORAGE_MAGIC_HEADER_LENGTH ) != 0 )
272 return( PSA_ERROR_DATA_INVALID );
273 return( PSA_SUCCESS );
274 }
275
psa_parse_key_data_from_storage(const uint8_t * storage_data,size_t storage_data_length,uint8_t ** key_data,size_t * key_data_length,psa_core_key_attributes_t * attr)276 psa_status_t psa_parse_key_data_from_storage( const uint8_t *storage_data,
277 size_t storage_data_length,
278 uint8_t **key_data,
279 size_t *key_data_length,
280 psa_core_key_attributes_t *attr )
281 {
282 psa_status_t status;
283 const psa_persistent_key_storage_format *storage_format =
284 (const psa_persistent_key_storage_format *)storage_data;
285 uint32_t version;
286
287 if( storage_data_length < sizeof(*storage_format) )
288 return( PSA_ERROR_DATA_INVALID );
289
290 status = check_magic_header( storage_data );
291 if( status != PSA_SUCCESS )
292 return( status );
293
294 version = MBEDTLS_GET_UINT32_LE( storage_format->version, 0 );
295 if( version != 0 )
296 return( PSA_ERROR_DATA_INVALID );
297
298 *key_data_length = MBEDTLS_GET_UINT32_LE( storage_format->data_len, 0 );
299 if( *key_data_length > ( storage_data_length - sizeof(*storage_format) ) ||
300 *key_data_length > PSA_CRYPTO_MAX_STORAGE_SIZE )
301 return( PSA_ERROR_DATA_INVALID );
302
303 if( *key_data_length == 0 )
304 {
305 *key_data = NULL;
306 }
307 else
308 {
309 *key_data = mbedtls_calloc( 1, *key_data_length );
310 if( *key_data == NULL )
311 return( PSA_ERROR_INSUFFICIENT_MEMORY );
312 memcpy( *key_data, storage_format->key_data, *key_data_length );
313 }
314
315 attr->lifetime = MBEDTLS_GET_UINT32_LE( storage_format->lifetime, 0 );
316 attr->type = MBEDTLS_GET_UINT16_LE( storage_format->type, 0 );
317 attr->bits = MBEDTLS_GET_UINT16_LE( storage_format->bits, 0 );
318 attr->policy.usage = MBEDTLS_GET_UINT32_LE( storage_format->policy, 0 );
319 attr->policy.alg = MBEDTLS_GET_UINT32_LE( storage_format->policy, sizeof( uint32_t ) );
320 attr->policy.alg2 = MBEDTLS_GET_UINT32_LE( storage_format->policy, 2 * sizeof( uint32_t ) );
321
322 return( PSA_SUCCESS );
323 }
324
psa_save_persistent_key(const psa_core_key_attributes_t * attr,const uint8_t * data,const size_t data_length)325 psa_status_t psa_save_persistent_key( const psa_core_key_attributes_t *attr,
326 const uint8_t *data,
327 const size_t data_length )
328 {
329 size_t storage_data_length;
330 uint8_t *storage_data;
331 psa_status_t status;
332
333 /* All keys saved to persistent storage always have a key context */
334 if( data == NULL || data_length == 0 )
335 return( PSA_ERROR_INVALID_ARGUMENT );
336
337 if( data_length > PSA_CRYPTO_MAX_STORAGE_SIZE )
338 return( PSA_ERROR_INSUFFICIENT_STORAGE );
339 storage_data_length = data_length + sizeof( psa_persistent_key_storage_format );
340
341 storage_data = mbedtls_calloc( 1, storage_data_length );
342 if( storage_data == NULL )
343 return( PSA_ERROR_INSUFFICIENT_MEMORY );
344
345 psa_format_key_data_for_storage( data, data_length, attr, storage_data );
346
347 status = psa_crypto_storage_store( attr->id,
348 storage_data, storage_data_length );
349
350 mbedtls_free( storage_data );
351
352 return( status );
353 }
354
psa_free_persistent_key_data(uint8_t * key_data,size_t key_data_length)355 void psa_free_persistent_key_data( uint8_t *key_data, size_t key_data_length )
356 {
357 if( key_data != NULL )
358 {
359 mbedtls_platform_zeroize( key_data, key_data_length );
360 }
361 mbedtls_free( key_data );
362 }
363
psa_load_persistent_key(psa_core_key_attributes_t * attr,uint8_t ** data,size_t * data_length)364 psa_status_t psa_load_persistent_key( psa_core_key_attributes_t *attr,
365 uint8_t **data,
366 size_t *data_length )
367 {
368 psa_status_t status = PSA_SUCCESS;
369 uint8_t *loaded_data;
370 size_t storage_data_length = 0;
371 mbedtls_svc_key_id_t key = attr->id;
372
373 status = psa_crypto_storage_get_data_length( key, &storage_data_length );
374 if( status != PSA_SUCCESS )
375 return( status );
376
377 loaded_data = mbedtls_calloc( 1, storage_data_length );
378
379 if( loaded_data == NULL )
380 return( PSA_ERROR_INSUFFICIENT_MEMORY );
381
382 status = psa_crypto_storage_load( key, loaded_data, storage_data_length );
383 if( status != PSA_SUCCESS )
384 goto exit;
385
386 status = psa_parse_key_data_from_storage( loaded_data, storage_data_length,
387 data, data_length, attr );
388
389 /* All keys saved to persistent storage always have a key context */
390 if( status == PSA_SUCCESS &&
391 ( *data == NULL || *data_length == 0 ) )
392 status = PSA_ERROR_STORAGE_FAILURE;
393
394 exit:
395 mbedtls_free( loaded_data );
396 return( status );
397 }
398
399
400
401 /****************************************************************/
402 /* Transactions */
403 /****************************************************************/
404
405 #if defined(PSA_CRYPTO_STORAGE_HAS_TRANSACTIONS)
406
407 psa_crypto_transaction_t psa_crypto_transaction;
408
psa_crypto_save_transaction(void)409 psa_status_t psa_crypto_save_transaction( void )
410 {
411 struct psa_storage_info_t p_info;
412 psa_status_t status;
413 status = psa_its_get_info( PSA_CRYPTO_ITS_TRANSACTION_UID, &p_info );
414 if( status == PSA_SUCCESS )
415 {
416 /* This shouldn't happen: we're trying to start a transaction while
417 * there is still a transaction that hasn't been replayed. */
418 return( PSA_ERROR_CORRUPTION_DETECTED );
419 }
420 else if( status != PSA_ERROR_DOES_NOT_EXIST )
421 return( status );
422 return( psa_its_set( PSA_CRYPTO_ITS_TRANSACTION_UID,
423 sizeof( psa_crypto_transaction ),
424 &psa_crypto_transaction,
425 0 ) );
426 }
427
psa_crypto_load_transaction(void)428 psa_status_t psa_crypto_load_transaction( void )
429 {
430 psa_status_t status;
431 size_t length;
432 status = psa_its_get( PSA_CRYPTO_ITS_TRANSACTION_UID, 0,
433 sizeof( psa_crypto_transaction ),
434 &psa_crypto_transaction, &length );
435 if( status != PSA_SUCCESS )
436 return( status );
437 if( length != sizeof( psa_crypto_transaction ) )
438 return( PSA_ERROR_DATA_INVALID );
439 return( PSA_SUCCESS );
440 }
441
psa_crypto_stop_transaction(void)442 psa_status_t psa_crypto_stop_transaction( void )
443 {
444 psa_status_t status = psa_its_remove( PSA_CRYPTO_ITS_TRANSACTION_UID );
445 /* Whether or not updating the storage succeeded, the transaction is
446 * finished now. It's too late to go back, so zero out the in-memory
447 * data. */
448 memset( &psa_crypto_transaction, 0, sizeof( psa_crypto_transaction ) );
449 return( status );
450 }
451
452 #endif /* PSA_CRYPTO_STORAGE_HAS_TRANSACTIONS */
453
454
455
456 /****************************************************************/
457 /* Random generator state */
458 /****************************************************************/
459
460 #if defined(MBEDTLS_PSA_INJECT_ENTROPY)
mbedtls_psa_storage_inject_entropy(const unsigned char * seed,size_t seed_size)461 psa_status_t mbedtls_psa_storage_inject_entropy( const unsigned char *seed,
462 size_t seed_size )
463 {
464 psa_status_t status;
465 struct psa_storage_info_t p_info;
466
467 status = psa_its_get_info( PSA_CRYPTO_ITS_RANDOM_SEED_UID, &p_info );
468
469 if( PSA_ERROR_DOES_NOT_EXIST == status ) /* No seed exists */
470 {
471 status = psa_its_set( PSA_CRYPTO_ITS_RANDOM_SEED_UID, seed_size, seed, 0 );
472 }
473 else if( PSA_SUCCESS == status )
474 {
475 /* You should not be here. Seed needs to be injected only once */
476 status = PSA_ERROR_NOT_PERMITTED;
477 }
478 return( status );
479 }
480 #endif /* MBEDTLS_PSA_INJECT_ENTROPY */
481
482
483
484 /****************************************************************/
485 /* The end */
486 /****************************************************************/
487
488 #endif /* MBEDTLS_PSA_CRYPTO_STORAGE_C */
489
