1 /*
2 * PSA persistent key storage
3 */
4 /*
5 * Copyright The Mbed TLS Contributors
6 * SPDX-License-Identifier: Apache-2.0
7 *
8 * Licensed under the Apache License, Version 2.0 (the "License"); you may
9 * not use this file except in compliance with the License.
10 * You may obtain a copy of the License at
11 *
12 * http://www.apache.org/licenses/LICENSE-2.0
13 *
14 * Unless required by applicable law or agreed to in writing, software
15 * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
16 * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
17 * See the License for the specific language governing permissions and
18 * limitations under the License.
19 */
20
21 #if defined(MBEDTLS_CONFIG_FILE)
22 #include MBEDTLS_CONFIG_FILE
23 #else
24 #include "mbedtls/config.h"
25 #endif
26
27 #if defined(MBEDTLS_PSA_CRYPTO_STORAGE_C)
28
29 #include <stdlib.h>
30 #include <string.h>
31
32 #include "psa_crypto_service_integration.h"
33 #include "psa/crypto.h"
34 #include "psa_crypto_storage.h"
35 #include "mbedtls/platform_util.h"
36
37 #if defined(MBEDTLS_PSA_ITS_FILE_C)
38 #include "psa_crypto_its.h"
39 #else /* Native ITS implementation */
40 #include "psa/error.h"
41 #include "psa/internal_trusted_storage.h"
42 #endif
43
44 #if defined(MBEDTLS_PLATFORM_C)
45 #include "mbedtls/platform.h"
46 #else
47 #include <stdlib.h>
48 #define mbedtls_calloc calloc
49 #define mbedtls_free free
50 #endif
51
52
53
54 /****************************************************************/
55 /* Key storage */
56 /****************************************************************/
57
58 /* Determine a file name (ITS file identifier) for the given key identifier.
59 * The file name must be distinct from any file that is used for a purpose
60 * other than storing a key. Currently, the only such file is the random seed
61 * file whose name is PSA_CRYPTO_ITS_RANDOM_SEED_UID and whose value is
62 * 0xFFFFFF52. */
psa_its_identifier_of_slot(mbedtls_svc_key_id_t key)63 static psa_storage_uid_t psa_its_identifier_of_slot( mbedtls_svc_key_id_t key )
64 {
65 #if defined(MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER)
66 /* Encode the owner in the upper 32 bits. This means that if
67 * owner values are nonzero (as they are on a PSA platform),
68 * no key file will ever have a value less than 0x100000000, so
69 * the whole range 0..0xffffffff is available for non-key files. */
70 uint32_t unsigned_owner_id = MBEDTLS_SVC_KEY_ID_GET_OWNER_ID( key );
71 return( ( (uint64_t) unsigned_owner_id << 32 ) |
72 MBEDTLS_SVC_KEY_ID_GET_KEY_ID( key ) );
73 #else
74 /* Use the key id directly as a file name.
75 * psa_is_key_id_valid() in psa_crypto_slot_management.c
76 * is responsible for ensuring that key identifiers do not have a
77 * value that is reserved for non-key files. */
78 return( key );
79 #endif
80 }
81
82 /**
83 * \brief Load persistent data for the given key slot number.
84 *
85 * This function reads data from a storage backend and returns the data in a
86 * buffer.
87 *
88 * \param key Persistent identifier of the key to be loaded. This
89 * should be an occupied storage location.
90 * \param[out] data Buffer where the data is to be written.
91 * \param data_size Size of the \c data buffer in bytes.
92 *
93 * \retval #PSA_SUCCESS
94 * \retval #PSA_ERROR_STORAGE_FAILURE
95 * \retval #PSA_ERROR_DOES_NOT_EXIST
96 */
psa_crypto_storage_load(const mbedtls_svc_key_id_t key,uint8_t * data,size_t data_size)97 static psa_status_t psa_crypto_storage_load(
98 const mbedtls_svc_key_id_t key, uint8_t *data, size_t data_size )
99 {
100 psa_status_t status;
101 psa_storage_uid_t data_identifier = psa_its_identifier_of_slot( key );
102 struct psa_storage_info_t data_identifier_info;
103 size_t data_length = 0;
104
105 status = psa_its_get_info( data_identifier, &data_identifier_info );
106 if( status != PSA_SUCCESS )
107 return( status );
108
109 status = psa_its_get( data_identifier, 0, (uint32_t) data_size, data, &data_length );
110 if( data_size != data_length )
111 return( PSA_ERROR_STORAGE_FAILURE );
112
113 return( status );
114 }
115
psa_is_key_present_in_storage(const mbedtls_svc_key_id_t key)116 int psa_is_key_present_in_storage( const mbedtls_svc_key_id_t key )
117 {
118 psa_status_t ret;
119 psa_storage_uid_t data_identifier = psa_its_identifier_of_slot( key );
120 struct psa_storage_info_t data_identifier_info;
121
122 ret = psa_its_get_info( data_identifier, &data_identifier_info );
123
124 if( ret == PSA_ERROR_DOES_NOT_EXIST )
125 return( 0 );
126 return( 1 );
127 }
128
129 /**
130 * \brief Store persistent data for the given key slot number.
131 *
132 * This function stores the given data buffer to a persistent storage.
133 *
134 * \param key Persistent identifier of the key to be stored. This
135 * should be an unoccupied storage location.
136 * \param[in] data Buffer containing the data to be stored.
137 * \param data_length The number of bytes
138 * that make up the data.
139 *
140 * \retval #PSA_SUCCESS
141 * \retval #PSA_ERROR_INSUFFICIENT_STORAGE
142 * \retval #PSA_ERROR_STORAGE_FAILURE
143 * \retval #PSA_ERROR_ALREADY_EXISTS
144 */
psa_crypto_storage_store(const mbedtls_svc_key_id_t key,const uint8_t * data,size_t data_length)145 static psa_status_t psa_crypto_storage_store( const mbedtls_svc_key_id_t key,
146 const uint8_t *data,
147 size_t data_length )
148 {
149 psa_status_t status;
150 psa_storage_uid_t data_identifier = psa_its_identifier_of_slot( key );
151 struct psa_storage_info_t data_identifier_info;
152
153 if( psa_is_key_present_in_storage( key ) == 1 )
154 return( PSA_ERROR_ALREADY_EXISTS );
155
156 status = psa_its_set( data_identifier, (uint32_t) data_length, data, 0 );
157 if( status != PSA_SUCCESS )
158 {
159 return( PSA_ERROR_STORAGE_FAILURE );
160 }
161
162 status = psa_its_get_info( data_identifier, &data_identifier_info );
163 if( status != PSA_SUCCESS )
164 {
165 goto exit;
166 }
167
168 if( data_identifier_info.size != data_length )
169 {
170 status = PSA_ERROR_STORAGE_FAILURE;
171 goto exit;
172 }
173
174 exit:
175 if( status != PSA_SUCCESS )
176 {
177 /* Remove the file in case we managed to create it but something
178 * went wrong. It's ok if the file doesn't exist. If the file exists
179 * but the removal fails, we're already reporting an error so there's
180 * nothing else we can do. */
181 (void) psa_its_remove( data_identifier );
182 }
183 return( status );
184 }
185
psa_destroy_persistent_key(const mbedtls_svc_key_id_t key)186 psa_status_t psa_destroy_persistent_key( const mbedtls_svc_key_id_t key )
187 {
188 psa_status_t ret;
189 psa_storage_uid_t data_identifier = psa_its_identifier_of_slot( key );
190 struct psa_storage_info_t data_identifier_info;
191
192 ret = psa_its_get_info( data_identifier, &data_identifier_info );
193 if( ret == PSA_ERROR_DOES_NOT_EXIST )
194 return( PSA_SUCCESS );
195
196 if( psa_its_remove( data_identifier ) != PSA_SUCCESS )
197 return( PSA_ERROR_STORAGE_FAILURE );
198
199 ret = psa_its_get_info( data_identifier, &data_identifier_info );
200 if( ret != PSA_ERROR_DOES_NOT_EXIST )
201 return( PSA_ERROR_STORAGE_FAILURE );
202
203 return( PSA_SUCCESS );
204 }
205
206 /**
207 * \brief Get data length for given key slot number.
208 *
209 * \param key Persistent identifier whose stored data length
210 * is to be obtained.
211 * \param[out] data_length The number of bytes that make up the data.
212 *
213 * \retval #PSA_SUCCESS
214 * \retval #PSA_ERROR_STORAGE_FAILURE
215 */
psa_crypto_storage_get_data_length(const mbedtls_svc_key_id_t key,size_t * data_length)216 static psa_status_t psa_crypto_storage_get_data_length(
217 const mbedtls_svc_key_id_t key,
218 size_t *data_length )
219 {
220 psa_status_t status;
221 psa_storage_uid_t data_identifier = psa_its_identifier_of_slot( key );
222 struct psa_storage_info_t data_identifier_info;
223
224 status = psa_its_get_info( data_identifier, &data_identifier_info );
225 if( status != PSA_SUCCESS )
226 return( status );
227
228 *data_length = (size_t) data_identifier_info.size;
229
230 return( PSA_SUCCESS );
231 }
232
233 /*
234 * 32-bit integer manipulation macros (little endian)
235 */
236 #ifndef GET_UINT32_LE
237 #define GET_UINT32_LE( n, b, i ) \
238 { \
239 (n) = ( (uint32_t) (b)[(i) ] ) \
240 | ( (uint32_t) (b)[(i) + 1] << 8 ) \
241 | ( (uint32_t) (b)[(i) + 2] << 16 ) \
242 | ( (uint32_t) (b)[(i) + 3] << 24 ); \
243 }
244 #endif
245
246 #ifndef PUT_UINT32_LE
247 #define PUT_UINT32_LE( n, b, i ) \
248 { \
249 (b)[(i) ] = (unsigned char) ( ( (n) ) & 0xFF ); \
250 (b)[(i) + 1] = (unsigned char) ( ( (n) >> 8 ) & 0xFF ); \
251 (b)[(i) + 2] = (unsigned char) ( ( (n) >> 16 ) & 0xFF ); \
252 (b)[(i) + 3] = (unsigned char) ( ( (n) >> 24 ) & 0xFF ); \
253 }
254 #endif
255
256 /*
257 * 16-bit integer manipulation macros (little endian)
258 */
259 #ifndef GET_UINT16_LE
260 #define GET_UINT16_LE( n, b, i ) \
261 { \
262 (n) = ( (uint16_t) (b)[(i) ] ) \
263 | ( (uint16_t) (b)[(i) + 1] << 8 ); \
264 }
265 #endif
266
267 #ifndef PUT_UINT16_LE
268 #define PUT_UINT16_LE( n, b, i ) \
269 { \
270 (b)[(i) ] = (unsigned char) ( ( (n) ) & 0xFF ); \
271 (b)[(i) + 1] = (unsigned char) ( ( (n) >> 8 ) & 0xFF ); \
272 }
273 #endif
274
275 /**
276 * Persistent key storage magic header.
277 */
278 #define PSA_KEY_STORAGE_MAGIC_HEADER "PSA\0KEY"
279 #define PSA_KEY_STORAGE_MAGIC_HEADER_LENGTH ( sizeof( PSA_KEY_STORAGE_MAGIC_HEADER ) )
280
281 typedef struct {
282 uint8_t magic[PSA_KEY_STORAGE_MAGIC_HEADER_LENGTH];
283 uint8_t version[4];
284 uint8_t lifetime[sizeof( psa_key_lifetime_t )];
285 uint8_t type[2];
286 uint8_t bits[2];
287 uint8_t policy[sizeof( psa_key_policy_t )];
288 uint8_t data_len[4];
289 uint8_t key_data[];
290 } psa_persistent_key_storage_format;
291
psa_format_key_data_for_storage(const uint8_t * data,const size_t data_length,const psa_core_key_attributes_t * attr,uint8_t * storage_data)292 void psa_format_key_data_for_storage( const uint8_t *data,
293 const size_t data_length,
294 const psa_core_key_attributes_t *attr,
295 uint8_t *storage_data )
296 {
297 psa_persistent_key_storage_format *storage_format =
298 (psa_persistent_key_storage_format *) storage_data;
299
300 memcpy( storage_format->magic, PSA_KEY_STORAGE_MAGIC_HEADER, PSA_KEY_STORAGE_MAGIC_HEADER_LENGTH );
301 PUT_UINT32_LE( 0, storage_format->version, 0 );
302 PUT_UINT32_LE( attr->lifetime, storage_format->lifetime, 0 );
303 PUT_UINT16_LE( (uint16_t) attr->type, storage_format->type, 0 );
304 PUT_UINT16_LE( (uint16_t) attr->bits, storage_format->bits, 0 );
305 PUT_UINT32_LE( attr->policy.usage, storage_format->policy, 0 );
306 PUT_UINT32_LE( attr->policy.alg, storage_format->policy, sizeof( uint32_t ) );
307 PUT_UINT32_LE( attr->policy.alg2, storage_format->policy, 2 * sizeof( uint32_t ) );
308 PUT_UINT32_LE( data_length, storage_format->data_len, 0 );
309 memcpy( storage_format->key_data, data, data_length );
310 }
311
check_magic_header(const uint8_t * data)312 static psa_status_t check_magic_header( const uint8_t *data )
313 {
314 if( memcmp( data, PSA_KEY_STORAGE_MAGIC_HEADER,
315 PSA_KEY_STORAGE_MAGIC_HEADER_LENGTH ) != 0 )
316 return( PSA_ERROR_STORAGE_FAILURE );
317 return( PSA_SUCCESS );
318 }
319
psa_parse_key_data_from_storage(const uint8_t * storage_data,size_t storage_data_length,uint8_t ** key_data,size_t * key_data_length,psa_core_key_attributes_t * attr)320 psa_status_t psa_parse_key_data_from_storage( const uint8_t *storage_data,
321 size_t storage_data_length,
322 uint8_t **key_data,
323 size_t *key_data_length,
324 psa_core_key_attributes_t *attr )
325 {
326 psa_status_t status;
327 const psa_persistent_key_storage_format *storage_format =
328 (const psa_persistent_key_storage_format *)storage_data;
329 uint32_t version;
330
331 if( storage_data_length < sizeof(*storage_format) )
332 return( PSA_ERROR_STORAGE_FAILURE );
333
334 status = check_magic_header( storage_data );
335 if( status != PSA_SUCCESS )
336 return( status );
337
338 GET_UINT32_LE( version, storage_format->version, 0 );
339 if( version != 0 )
340 return( PSA_ERROR_STORAGE_FAILURE );
341
342 GET_UINT32_LE( *key_data_length, storage_format->data_len, 0 );
343 if( *key_data_length > ( storage_data_length - sizeof(*storage_format) ) ||
344 *key_data_length > PSA_CRYPTO_MAX_STORAGE_SIZE )
345 return( PSA_ERROR_STORAGE_FAILURE );
346
347 if( *key_data_length == 0 )
348 {
349 *key_data = NULL;
350 }
351 else
352 {
353 *key_data = mbedtls_calloc( 1, *key_data_length );
354 if( *key_data == NULL )
355 return( PSA_ERROR_INSUFFICIENT_MEMORY );
356 memcpy( *key_data, storage_format->key_data, *key_data_length );
357 }
358
359 GET_UINT32_LE( attr->lifetime, storage_format->lifetime, 0 );
360 GET_UINT16_LE( attr->type, storage_format->type, 0 );
361 GET_UINT16_LE( attr->bits, storage_format->bits, 0 );
362 GET_UINT32_LE( attr->policy.usage, storage_format->policy, 0 );
363 GET_UINT32_LE( attr->policy.alg, storage_format->policy, sizeof( uint32_t ) );
364 GET_UINT32_LE( attr->policy.alg2, storage_format->policy, 2 * sizeof( uint32_t ) );
365
366 return( PSA_SUCCESS );
367 }
368
psa_save_persistent_key(const psa_core_key_attributes_t * attr,const uint8_t * data,const size_t data_length)369 psa_status_t psa_save_persistent_key( const psa_core_key_attributes_t *attr,
370 const uint8_t *data,
371 const size_t data_length )
372 {
373 size_t storage_data_length;
374 uint8_t *storage_data;
375 psa_status_t status;
376
377 if( data_length > PSA_CRYPTO_MAX_STORAGE_SIZE )
378 return PSA_ERROR_INSUFFICIENT_STORAGE;
379 storage_data_length = data_length + sizeof( psa_persistent_key_storage_format );
380
381 storage_data = mbedtls_calloc( 1, storage_data_length );
382 if( storage_data == NULL )
383 return( PSA_ERROR_INSUFFICIENT_MEMORY );
384
385 psa_format_key_data_for_storage( data, data_length, attr, storage_data );
386
387 status = psa_crypto_storage_store( attr->id,
388 storage_data, storage_data_length );
389
390 mbedtls_free( storage_data );
391
392 return( status );
393 }
394
psa_free_persistent_key_data(uint8_t * key_data,size_t key_data_length)395 void psa_free_persistent_key_data( uint8_t *key_data, size_t key_data_length )
396 {
397 if( key_data != NULL )
398 {
399 mbedtls_platform_zeroize( key_data, key_data_length );
400 }
401 mbedtls_free( key_data );
402 }
403
psa_load_persistent_key(psa_core_key_attributes_t * attr,uint8_t ** data,size_t * data_length)404 psa_status_t psa_load_persistent_key( psa_core_key_attributes_t *attr,
405 uint8_t **data,
406 size_t *data_length )
407 {
408 psa_status_t status = PSA_SUCCESS;
409 uint8_t *loaded_data;
410 size_t storage_data_length = 0;
411 mbedtls_svc_key_id_t key = attr->id;
412
413 status = psa_crypto_storage_get_data_length( key, &storage_data_length );
414 if( status != PSA_SUCCESS )
415 return( status );
416
417 loaded_data = mbedtls_calloc( 1, storage_data_length );
418
419 if( loaded_data == NULL )
420 return( PSA_ERROR_INSUFFICIENT_MEMORY );
421
422 status = psa_crypto_storage_load( key, loaded_data, storage_data_length );
423 if( status != PSA_SUCCESS )
424 goto exit;
425
426 status = psa_parse_key_data_from_storage( loaded_data, storage_data_length,
427 data, data_length, attr );
428
429 exit:
430 mbedtls_free( loaded_data );
431 return( status );
432 }
433
434
435
436 /****************************************************************/
437 /* Transactions */
438 /****************************************************************/
439
440 #if defined(PSA_CRYPTO_STORAGE_HAS_TRANSACTIONS)
441
442 psa_crypto_transaction_t psa_crypto_transaction;
443
psa_crypto_save_transaction(void)444 psa_status_t psa_crypto_save_transaction( void )
445 {
446 struct psa_storage_info_t p_info;
447 psa_status_t status;
448 status = psa_its_get_info( PSA_CRYPTO_ITS_TRANSACTION_UID, &p_info );
449 if( status == PSA_SUCCESS )
450 {
451 /* This shouldn't happen: we're trying to start a transaction while
452 * there is still a transaction that hasn't been replayed. */
453 return( PSA_ERROR_CORRUPTION_DETECTED );
454 }
455 else if( status != PSA_ERROR_DOES_NOT_EXIST )
456 return( status );
457 return( psa_its_set( PSA_CRYPTO_ITS_TRANSACTION_UID,
458 sizeof( psa_crypto_transaction ),
459 &psa_crypto_transaction,
460 0 ) );
461 }
462
psa_crypto_load_transaction(void)463 psa_status_t psa_crypto_load_transaction( void )
464 {
465 psa_status_t status;
466 size_t length;
467 status = psa_its_get( PSA_CRYPTO_ITS_TRANSACTION_UID, 0,
468 sizeof( psa_crypto_transaction ),
469 &psa_crypto_transaction, &length );
470 if( status != PSA_SUCCESS )
471 return( status );
472 if( length != sizeof( psa_crypto_transaction ) )
473 return( PSA_ERROR_STORAGE_FAILURE );
474 return( PSA_SUCCESS );
475 }
476
psa_crypto_stop_transaction(void)477 psa_status_t psa_crypto_stop_transaction( void )
478 {
479 psa_status_t status = psa_its_remove( PSA_CRYPTO_ITS_TRANSACTION_UID );
480 /* Whether or not updating the storage succeeded, the transaction is
481 * finished now. It's too late to go back, so zero out the in-memory
482 * data. */
483 memset( &psa_crypto_transaction, 0, sizeof( psa_crypto_transaction ) );
484 return( status );
485 }
486
487 #endif /* PSA_CRYPTO_STORAGE_HAS_TRANSACTIONS */
488
489
490
491 /****************************************************************/
492 /* Random generator state */
493 /****************************************************************/
494
495 #if defined(MBEDTLS_PSA_INJECT_ENTROPY)
mbedtls_psa_storage_inject_entropy(const unsigned char * seed,size_t seed_size)496 psa_status_t mbedtls_psa_storage_inject_entropy( const unsigned char *seed,
497 size_t seed_size )
498 {
499 psa_status_t status;
500 struct psa_storage_info_t p_info;
501
502 status = psa_its_get_info( PSA_CRYPTO_ITS_RANDOM_SEED_UID, &p_info );
503
504 if( PSA_ERROR_DOES_NOT_EXIST == status ) /* No seed exists */
505 {
506 status = psa_its_set( PSA_CRYPTO_ITS_RANDOM_SEED_UID, seed_size, seed, 0 );
507 }
508 else if( PSA_SUCCESS == status )
509 {
510 /* You should not be here. Seed needs to be injected only once */
511 status = PSA_ERROR_NOT_PERMITTED;
512 }
513 return( status );
514 }
515 #endif /* MBEDTLS_PSA_INJECT_ENTROPY */
516
517
518
519 /****************************************************************/
520 /* The end */
521 /****************************************************************/
522
523 #endif /* MBEDTLS_PSA_CRYPTO_STORAGE_C */
524
