1 /*
2 * PSA persistent key storage
3 */
4 /*
5 * Copyright The Mbed TLS Contributors
6 * SPDX-License-Identifier: Apache-2.0
7 *
8 * Licensed under the Apache License, Version 2.0 (the "License"); you may
9 * not use this file except in compliance with the License.
10 * You may obtain a copy of the License at
11 *
12 * http://www.apache.org/licenses/LICENSE-2.0
13 *
14 * Unless required by applicable law or agreed to in writing, software
15 * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
16 * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
17 * See the License for the specific language governing permissions and
18 * limitations under the License.
19 */
20
21 #include "common.h"
22
23 #if defined(MBEDTLS_PSA_CRYPTO_STORAGE_C)
24
25 #include <stdlib.h>
26 #include <string.h>
27
28 #include "psa/crypto.h"
29 #include "psa_crypto_storage.h"
30 #include "mbedtls/platform_util.h"
31
32 #if defined(MBEDTLS_PSA_ITS_FILE_C)
33 #include "psa_crypto_its.h"
34 #else /* Native ITS implementation */
35 #include "psa/error.h"
36 #include "psa/internal_trusted_storage.h"
37 #endif
38
39 #include "mbedtls/platform.h"
40
41
42
43 /****************************************************************/
44 /* Key storage */
45 /****************************************************************/
46
47 /* Determine a file name (ITS file identifier) for the given key identifier.
48 * The file name must be distinct from any file that is used for a purpose
49 * other than storing a key. Currently, the only such file is the random seed
50 * file whose name is PSA_CRYPTO_ITS_RANDOM_SEED_UID and whose value is
51 * 0xFFFFFF52. */
psa_its_identifier_of_slot(mbedtls_svc_key_id_t key)52 static psa_storage_uid_t psa_its_identifier_of_slot( mbedtls_svc_key_id_t key )
53 {
54 #if defined(MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER)
55 /* Encode the owner in the upper 32 bits. This means that if
56 * owner values are nonzero (as they are on a PSA platform),
57 * no key file will ever have a value less than 0x100000000, so
58 * the whole range 0..0xffffffff is available for non-key files. */
59 uint32_t unsigned_owner_id = MBEDTLS_SVC_KEY_ID_GET_OWNER_ID( key );
60 return( ( (uint64_t) unsigned_owner_id << 32 ) |
61 MBEDTLS_SVC_KEY_ID_GET_KEY_ID( key ) );
62 #else
63 /* Use the key id directly as a file name.
64 * psa_is_key_id_valid() in psa_crypto_slot_management.c
65 * is responsible for ensuring that key identifiers do not have a
66 * value that is reserved for non-key files. */
67 return( key );
68 #endif
69 }
70
71 /**
72 * \brief Load persistent data for the given key slot number.
73 *
74 * This function reads data from a storage backend and returns the data in a
75 * buffer.
76 *
77 * \param key Persistent identifier of the key to be loaded. This
78 * should be an occupied storage location.
79 * \param[out] data Buffer where the data is to be written.
80 * \param data_size Size of the \c data buffer in bytes.
81 *
82 * \retval #PSA_SUCCESS
83 * \retval #PSA_ERROR_DATA_INVALID
84 * \retval #PSA_ERROR_DATA_CORRUPT
85 * \retval #PSA_ERROR_STORAGE_FAILURE
86 * \retval #PSA_ERROR_DOES_NOT_EXIST
87 */
psa_crypto_storage_load(const mbedtls_svc_key_id_t key,uint8_t * data,size_t data_size)88 static psa_status_t psa_crypto_storage_load(
89 const mbedtls_svc_key_id_t key, uint8_t *data, size_t data_size )
90 {
91 psa_status_t status;
92 psa_storage_uid_t data_identifier = psa_its_identifier_of_slot( key );
93 struct psa_storage_info_t data_identifier_info;
94 size_t data_length = 0;
95
96 status = psa_its_get_info( data_identifier, &data_identifier_info );
97 if( status != PSA_SUCCESS )
98 return( status );
99
100 status = psa_its_get( data_identifier, 0, (uint32_t) data_size, data, &data_length );
101 if( data_size != data_length )
102 return( PSA_ERROR_DATA_INVALID );
103
104 return( status );
105 }
106
psa_is_key_present_in_storage(const mbedtls_svc_key_id_t key)107 int psa_is_key_present_in_storage( const mbedtls_svc_key_id_t key )
108 {
109 psa_status_t ret;
110 psa_storage_uid_t data_identifier = psa_its_identifier_of_slot( key );
111 struct psa_storage_info_t data_identifier_info;
112
113 ret = psa_its_get_info( data_identifier, &data_identifier_info );
114
115 if( ret == PSA_ERROR_DOES_NOT_EXIST )
116 return( 0 );
117 return( 1 );
118 }
119
120 /**
121 * \brief Store persistent data for the given key slot number.
122 *
123 * This function stores the given data buffer to a persistent storage.
124 *
125 * \param key Persistent identifier of the key to be stored. This
126 * should be an unoccupied storage location.
127 * \param[in] data Buffer containing the data to be stored.
128 * \param data_length The number of bytes
129 * that make up the data.
130 *
131 * \retval #PSA_SUCCESS
132 * \retval #PSA_ERROR_INSUFFICIENT_STORAGE
133 * \retval #PSA_ERROR_ALREADY_EXISTS
134 * \retval #PSA_ERROR_STORAGE_FAILURE
135 * \retval #PSA_ERROR_DATA_INVALID
136 */
psa_crypto_storage_store(const mbedtls_svc_key_id_t key,const uint8_t * data,size_t data_length)137 static psa_status_t psa_crypto_storage_store( const mbedtls_svc_key_id_t key,
138 const uint8_t *data,
139 size_t data_length )
140 {
141 psa_status_t status;
142 psa_storage_uid_t data_identifier = psa_its_identifier_of_slot( key );
143 struct psa_storage_info_t data_identifier_info;
144
145 if( psa_is_key_present_in_storage( key ) == 1 )
146 return( PSA_ERROR_ALREADY_EXISTS );
147
148 status = psa_its_set( data_identifier, (uint32_t) data_length, data, 0 );
149 if( status != PSA_SUCCESS )
150 {
151 return( PSA_ERROR_DATA_INVALID );
152 }
153
154 status = psa_its_get_info( data_identifier, &data_identifier_info );
155 if( status != PSA_SUCCESS )
156 {
157 goto exit;
158 }
159
160 if( data_identifier_info.size != data_length )
161 {
162 status = PSA_ERROR_DATA_INVALID;
163 goto exit;
164 }
165
166 exit:
167 if( status != PSA_SUCCESS )
168 {
169 /* Remove the file in case we managed to create it but something
170 * went wrong. It's ok if the file doesn't exist. If the file exists
171 * but the removal fails, we're already reporting an error so there's
172 * nothing else we can do. */
173 (void) psa_its_remove( data_identifier );
174 }
175 return( status );
176 }
177
psa_destroy_persistent_key(const mbedtls_svc_key_id_t key)178 psa_status_t psa_destroy_persistent_key( const mbedtls_svc_key_id_t key )
179 {
180 psa_status_t ret;
181 psa_storage_uid_t data_identifier = psa_its_identifier_of_slot( key );
182 struct psa_storage_info_t data_identifier_info;
183
184 ret = psa_its_get_info( data_identifier, &data_identifier_info );
185 if( ret == PSA_ERROR_DOES_NOT_EXIST )
186 return( PSA_SUCCESS );
187
188 if( psa_its_remove( data_identifier ) != PSA_SUCCESS )
189 return( PSA_ERROR_DATA_INVALID );
190
191 ret = psa_its_get_info( data_identifier, &data_identifier_info );
192 if( ret != PSA_ERROR_DOES_NOT_EXIST )
193 return( PSA_ERROR_DATA_INVALID );
194
195 return( PSA_SUCCESS );
196 }
197
198 /**
199 * \brief Get data length for given key slot number.
200 *
201 * \param key Persistent identifier whose stored data length
202 * is to be obtained.
203 * \param[out] data_length The number of bytes that make up the data.
204 *
205 * \retval #PSA_SUCCESS
206 * \retval #PSA_ERROR_STORAGE_FAILURE
207 * \retval #PSA_ERROR_DOES_NOT_EXIST
208 * \retval #PSA_ERROR_DATA_CORRUPT
209 */
psa_crypto_storage_get_data_length(const mbedtls_svc_key_id_t key,size_t * data_length)210 static psa_status_t psa_crypto_storage_get_data_length(
211 const mbedtls_svc_key_id_t key,
212 size_t *data_length )
213 {
214 psa_status_t status;
215 psa_storage_uid_t data_identifier = psa_its_identifier_of_slot( key );
216 struct psa_storage_info_t data_identifier_info;
217
218 status = psa_its_get_info( data_identifier, &data_identifier_info );
219 if( status != PSA_SUCCESS )
220 return( status );
221
222 *data_length = (size_t) data_identifier_info.size;
223
224 return( PSA_SUCCESS );
225 }
226
227 /**
228 * Persistent key storage magic header.
229 */
230 #define PSA_KEY_STORAGE_MAGIC_HEADER "PSA\0KEY"
231 #define PSA_KEY_STORAGE_MAGIC_HEADER_LENGTH ( sizeof( PSA_KEY_STORAGE_MAGIC_HEADER ) )
232
233 typedef struct {
234 uint8_t magic[PSA_KEY_STORAGE_MAGIC_HEADER_LENGTH];
235 uint8_t version[4];
236 uint8_t lifetime[sizeof( psa_key_lifetime_t )];
237 uint8_t type[2];
238 uint8_t bits[2];
239 uint8_t policy[sizeof( psa_key_policy_t )];
240 uint8_t data_len[4];
241 uint8_t key_data[];
242 } psa_persistent_key_storage_format;
243
psa_format_key_data_for_storage(const uint8_t * data,const size_t data_length,const psa_core_key_attributes_t * attr,uint8_t * storage_data)244 void psa_format_key_data_for_storage( const uint8_t *data,
245 const size_t data_length,
246 const psa_core_key_attributes_t *attr,
247 uint8_t *storage_data )
248 {
249 psa_persistent_key_storage_format *storage_format =
250 (psa_persistent_key_storage_format *) storage_data;
251
252 memcpy( storage_format->magic, PSA_KEY_STORAGE_MAGIC_HEADER, PSA_KEY_STORAGE_MAGIC_HEADER_LENGTH );
253 MBEDTLS_PUT_UINT32_LE( 0, storage_format->version, 0 );
254 MBEDTLS_PUT_UINT32_LE( attr->lifetime, storage_format->lifetime, 0 );
255 MBEDTLS_PUT_UINT16_LE( (uint16_t) attr->type, storage_format->type, 0 );
256 MBEDTLS_PUT_UINT16_LE( (uint16_t) attr->bits, storage_format->bits, 0 );
257 MBEDTLS_PUT_UINT32_LE( attr->policy.usage, storage_format->policy, 0 );
258 MBEDTLS_PUT_UINT32_LE( attr->policy.alg, storage_format->policy, sizeof( uint32_t ) );
259 MBEDTLS_PUT_UINT32_LE( attr->policy.alg2, storage_format->policy, 2 * sizeof( uint32_t ) );
260 MBEDTLS_PUT_UINT32_LE( data_length, storage_format->data_len, 0 );
261 memcpy( storage_format->key_data, data, data_length );
262 }
263
check_magic_header(const uint8_t * data)264 static psa_status_t check_magic_header( const uint8_t *data )
265 {
266 if( memcmp( data, PSA_KEY_STORAGE_MAGIC_HEADER,
267 PSA_KEY_STORAGE_MAGIC_HEADER_LENGTH ) != 0 )
268 return( PSA_ERROR_DATA_INVALID );
269 return( PSA_SUCCESS );
270 }
271
psa_parse_key_data_from_storage(const uint8_t * storage_data,size_t storage_data_length,uint8_t ** key_data,size_t * key_data_length,psa_core_key_attributes_t * attr)272 psa_status_t psa_parse_key_data_from_storage( const uint8_t *storage_data,
273 size_t storage_data_length,
274 uint8_t **key_data,
275 size_t *key_data_length,
276 psa_core_key_attributes_t *attr )
277 {
278 psa_status_t status;
279 const psa_persistent_key_storage_format *storage_format =
280 (const psa_persistent_key_storage_format *)storage_data;
281 uint32_t version;
282
283 if( storage_data_length < sizeof(*storage_format) )
284 return( PSA_ERROR_DATA_INVALID );
285
286 status = check_magic_header( storage_data );
287 if( status != PSA_SUCCESS )
288 return( status );
289
290 version = MBEDTLS_GET_UINT32_LE( storage_format->version, 0 );
291 if( version != 0 )
292 return( PSA_ERROR_DATA_INVALID );
293
294 *key_data_length = MBEDTLS_GET_UINT32_LE( storage_format->data_len, 0 );
295 if( *key_data_length > ( storage_data_length - sizeof(*storage_format) ) ||
296 *key_data_length > PSA_CRYPTO_MAX_STORAGE_SIZE )
297 return( PSA_ERROR_DATA_INVALID );
298
299 if( *key_data_length == 0 )
300 {
301 *key_data = NULL;
302 }
303 else
304 {
305 *key_data = mbedtls_calloc( 1, *key_data_length );
306 if( *key_data == NULL )
307 return( PSA_ERROR_INSUFFICIENT_MEMORY );
308 memcpy( *key_data, storage_format->key_data, *key_data_length );
309 }
310
311 attr->lifetime = MBEDTLS_GET_UINT32_LE( storage_format->lifetime, 0 );
312 attr->type = MBEDTLS_GET_UINT16_LE( storage_format->type, 0 );
313 attr->bits = MBEDTLS_GET_UINT16_LE( storage_format->bits, 0 );
314 attr->policy.usage = MBEDTLS_GET_UINT32_LE( storage_format->policy, 0 );
315 attr->policy.alg = MBEDTLS_GET_UINT32_LE( storage_format->policy, sizeof( uint32_t ) );
316 attr->policy.alg2 = MBEDTLS_GET_UINT32_LE( storage_format->policy, 2 * sizeof( uint32_t ) );
317
318 return( PSA_SUCCESS );
319 }
320
psa_save_persistent_key(const psa_core_key_attributes_t * attr,const uint8_t * data,const size_t data_length)321 psa_status_t psa_save_persistent_key( const psa_core_key_attributes_t *attr,
322 const uint8_t *data,
323 const size_t data_length )
324 {
325 size_t storage_data_length;
326 uint8_t *storage_data;
327 psa_status_t status;
328
329 /* All keys saved to persistent storage always have a key context */
330 if( data == NULL || data_length == 0 )
331 return( PSA_ERROR_INVALID_ARGUMENT );
332
333 if( data_length > PSA_CRYPTO_MAX_STORAGE_SIZE )
334 return( PSA_ERROR_INSUFFICIENT_STORAGE );
335 storage_data_length = data_length + sizeof( psa_persistent_key_storage_format );
336
337 storage_data = mbedtls_calloc( 1, storage_data_length );
338 if( storage_data == NULL )
339 return( PSA_ERROR_INSUFFICIENT_MEMORY );
340
341 psa_format_key_data_for_storage( data, data_length, attr, storage_data );
342
343 status = psa_crypto_storage_store( attr->id,
344 storage_data, storage_data_length );
345
346 mbedtls_platform_zeroize( storage_data, storage_data_length );
347 mbedtls_free( storage_data );
348
349 return( status );
350 }
351
psa_free_persistent_key_data(uint8_t * key_data,size_t key_data_length)352 void psa_free_persistent_key_data( uint8_t *key_data, size_t key_data_length )
353 {
354 if( key_data != NULL )
355 {
356 mbedtls_platform_zeroize( key_data, key_data_length );
357 }
358 mbedtls_free( key_data );
359 }
360
psa_load_persistent_key(psa_core_key_attributes_t * attr,uint8_t ** data,size_t * data_length)361 psa_status_t psa_load_persistent_key( psa_core_key_attributes_t *attr,
362 uint8_t **data,
363 size_t *data_length )
364 {
365 psa_status_t status = PSA_SUCCESS;
366 uint8_t *loaded_data;
367 size_t storage_data_length = 0;
368 mbedtls_svc_key_id_t key = attr->id;
369
370 status = psa_crypto_storage_get_data_length( key, &storage_data_length );
371 if( status != PSA_SUCCESS )
372 return( status );
373
374 loaded_data = mbedtls_calloc( 1, storage_data_length );
375
376 if( loaded_data == NULL )
377 return( PSA_ERROR_INSUFFICIENT_MEMORY );
378
379 status = psa_crypto_storage_load( key, loaded_data, storage_data_length );
380 if( status != PSA_SUCCESS )
381 goto exit;
382
383 status = psa_parse_key_data_from_storage( loaded_data, storage_data_length,
384 data, data_length, attr );
385
386 /* All keys saved to persistent storage always have a key context */
387 if( status == PSA_SUCCESS &&
388 ( *data == NULL || *data_length == 0 ) )
389 status = PSA_ERROR_STORAGE_FAILURE;
390
391 exit:
392 mbedtls_platform_zeroize( loaded_data, storage_data_length );
393 mbedtls_free( loaded_data );
394 return( status );
395 }
396
397
398
399 /****************************************************************/
400 /* Transactions */
401 /****************************************************************/
402
403 #if defined(PSA_CRYPTO_STORAGE_HAS_TRANSACTIONS)
404
405 psa_crypto_transaction_t psa_crypto_transaction;
406
psa_crypto_save_transaction(void)407 psa_status_t psa_crypto_save_transaction( void )
408 {
409 struct psa_storage_info_t p_info;
410 psa_status_t status;
411 status = psa_its_get_info( PSA_CRYPTO_ITS_TRANSACTION_UID, &p_info );
412 if( status == PSA_SUCCESS )
413 {
414 /* This shouldn't happen: we're trying to start a transaction while
415 * there is still a transaction that hasn't been replayed. */
416 return( PSA_ERROR_CORRUPTION_DETECTED );
417 }
418 else if( status != PSA_ERROR_DOES_NOT_EXIST )
419 return( status );
420 return( psa_its_set( PSA_CRYPTO_ITS_TRANSACTION_UID,
421 sizeof( psa_crypto_transaction ),
422 &psa_crypto_transaction,
423 0 ) );
424 }
425
psa_crypto_load_transaction(void)426 psa_status_t psa_crypto_load_transaction( void )
427 {
428 psa_status_t status;
429 size_t length;
430 status = psa_its_get( PSA_CRYPTO_ITS_TRANSACTION_UID, 0,
431 sizeof( psa_crypto_transaction ),
432 &psa_crypto_transaction, &length );
433 if( status != PSA_SUCCESS )
434 return( status );
435 if( length != sizeof( psa_crypto_transaction ) )
436 return( PSA_ERROR_DATA_INVALID );
437 return( PSA_SUCCESS );
438 }
439
psa_crypto_stop_transaction(void)440 psa_status_t psa_crypto_stop_transaction( void )
441 {
442 psa_status_t status = psa_its_remove( PSA_CRYPTO_ITS_TRANSACTION_UID );
443 /* Whether or not updating the storage succeeded, the transaction is
444 * finished now. It's too late to go back, so zero out the in-memory
445 * data. */
446 memset( &psa_crypto_transaction, 0, sizeof( psa_crypto_transaction ) );
447 return( status );
448 }
449
450 #endif /* PSA_CRYPTO_STORAGE_HAS_TRANSACTIONS */
451
452
453
454 /****************************************************************/
455 /* Random generator state */
456 /****************************************************************/
457
458 #if defined(MBEDTLS_PSA_INJECT_ENTROPY)
mbedtls_psa_storage_inject_entropy(const unsigned char * seed,size_t seed_size)459 psa_status_t mbedtls_psa_storage_inject_entropy( const unsigned char *seed,
460 size_t seed_size )
461 {
462 psa_status_t status;
463 struct psa_storage_info_t p_info;
464
465 status = psa_its_get_info( PSA_CRYPTO_ITS_RANDOM_SEED_UID, &p_info );
466
467 if( PSA_ERROR_DOES_NOT_EXIST == status ) /* No seed exists */
468 {
469 status = psa_its_set( PSA_CRYPTO_ITS_RANDOM_SEED_UID, seed_size, seed, 0 );
470 }
471 else if( PSA_SUCCESS == status )
472 {
473 /* You should not be here. Seed needs to be injected only once */
474 status = PSA_ERROR_NOT_PERMITTED;
475 }
476 return( status );
477 }
478 #endif /* MBEDTLS_PSA_INJECT_ENTROPY */
479
480
481
482 /****************************************************************/
483 /* The end */
484 /****************************************************************/
485
486 #endif /* MBEDTLS_PSA_CRYPTO_STORAGE_C */
487
