mbedtls/library/psa_crypto_core.h

/*
 *  PSA crypto core internal interfaces
 */
/*  Copyright (C) 2018, ARM Limited, All Rights Reserved
 *  SPDX-License-Identifier: Apache-2.0
 *
 *  Licensed under the Apache License, Version 2.0 (the "License"); you may
 *  not use this file except in compliance with the License.
 *  You may obtain a copy of the License at
 *
 *  http://www.apache.org/licenses/LICENSE-2.0
 *
 *  Unless required by applicable law or agreed to in writing, software
 *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
 *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 *  See the License for the specific language governing permissions and
 *  limitations under the License.
 *
 *  This file is part of mbed TLS (https://tls.mbed.org)
 */

#ifndef PSA_CRYPTO_CORE_H
#define PSA_CRYPTO_CORE_H

#if !defined(MBEDTLS_CONFIG_FILE)
#include "mbedtls/config.h"
#else
#include MBEDTLS_CONFIG_FILE
#endif

#include "psa/crypto.h"
#include "psa/crypto_se_driver.h"

#include "mbedtls/ecp.h"
#include "mbedtls/rsa.h"

/** The data structure representing a key slot, containing key material
 * and metadata for one key.
 */
typedef struct
{
    psa_core_key_attributes_t attr;
    union
    {
        /* Raw-data key (key_type_is_raw_bytes() in psa_crypto.c) */
        struct raw_data
        {
            uint8_t *data;
            size_t bytes;
        } raw;
#if defined(MBEDTLS_RSA_C)
        /* RSA public key or key pair */
        mbedtls_rsa_context *rsa;
#endif /* MBEDTLS_RSA_C */
#if defined(MBEDTLS_ECP_C)
        /* EC public key or key pair */
        mbedtls_ecp_keypair *ecp;
#endif /* MBEDTLS_ECP_C */
#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
        /* Any key type in a secure element */
        struct se
        {
            psa_key_slot_number_t slot_number;
        } se;
#endif /* MBEDTLS_PSA_CRYPTO_SE_C */
    } data;
} psa_key_slot_t;

/* A mask of key attribute flags used only internally.
 * Currently there aren't any. */
#define PSA_KA_MASK_INTERNAL_ONLY (     \
        0 )

/** Test whether a key slot is occupied.
 *
 * A key slot is occupied iff the key type is nonzero. This works because
 * no valid key can have 0 as its key type.
 *
 * \param[in] slot      The key slot to test.
 *
 * \return 1 if the slot is occupied, 0 otherwise.
 */
static inline int psa_is_key_slot_occupied( const psa_key_slot_t *slot )
{
    return( slot->attr.type != 0 );
}

/** Retrieve flags from psa_key_slot_t::attr::core::flags.
 *
 * \param[in] slot      The key slot to query.
 * \param mask          The mask of bits to extract.
 *
 * \return The key attribute flags in the given slot,
 *         bitwise-anded with \p mask.
 */
static inline uint16_t psa_key_slot_get_flags( const psa_key_slot_t *slot,
                                               uint16_t mask )
{
    return( slot->attr.flags & mask );
}

/** Set flags in psa_key_slot_t::attr::core::flags.
 *
 * \param[in,out] slot  The key slot to modify.
 * \param mask          The mask of bits to modify.
 * \param value         The new value of the selected bits.
 */
static inline void psa_key_slot_set_flags( psa_key_slot_t *slot,
                                           uint16_t mask,
                                           uint16_t value )
{
    slot->attr.flags = ( ( ~mask & slot->attr.flags ) |
                              ( mask & value ) );
}

/** Turn on flags in psa_key_slot_t::attr::core::flags.
 *
 * \param[in,out] slot  The key slot to modify.
 * \param mask          The mask of bits to set.
 */
static inline void psa_key_slot_set_bits_in_flags( psa_key_slot_t *slot,
                                                   uint16_t mask )
{
    slot->attr.flags |= mask;
}

/** Turn off flags in psa_key_slot_t::attr::core::flags.
 *
 * \param[in,out] slot  The key slot to modify.
 * \param mask          The mask of bits to clear.
 */
static inline void psa_key_slot_clear_bits( psa_key_slot_t *slot,
                                            uint16_t mask )
{
    slot->attr.flags &= ~mask;
}

/** Completely wipe a slot in memory, including its policy.
 *
 * Persistent storage is not affected.
 *
 * \param[in,out] slot  The key slot to wipe.
 *
 * \retval PSA_SUCCESS
 *         Success. This includes the case of a key slot that was
 *         already fully wiped.
 * \retval PSA_ERROR_CORRUPTION_DETECTED
 */
psa_status_t psa_wipe_key_slot( psa_key_slot_t *slot );

/** Import key data into a slot.
 *
 * `slot->type` must have been set previously.
 * This function assumes that the slot does not contain any key material yet.
 * On failure, the slot content is unchanged.
 *
 * Persistent storage is not affected.
 *
 * \param[in,out] slot  The key slot to import data into.
 *                      Its `type` field must have previously been set to
 *                      the desired key type.
 *                      It must not contain any key material yet.
 * \param[in] data      Buffer containing the key material to parse and import.
 * \param data_length   Size of \p data in bytes.
 *
 * \retval PSA_SUCCESS
 * \retval PSA_ERROR_INVALID_ARGUMENT
 * \retval PSA_ERROR_NOT_SUPPORTED
 * \retval PSA_ERROR_INSUFFICIENT_MEMORY
 */
psa_status_t psa_import_key_into_slot( psa_key_slot_t *slot,
                                       const uint8_t *data,
                                       size_t data_length );

#endif /* PSA_CRYPTO_CORE_H */
Expose the PSA key slot structure to internal modules Move psa_key_slot_t to a new header psa_crypto_core.h, to prepare for moving the responsibility for some fields to psa_crypto_slot_management.c. 2018-12-07 18:24:41 +01:00			`/*`
			`* PSA crypto core internal interfaces`
			`*/`
			`/* Copyright (C) 2018, ARM Limited, All Rights Reserved`
			`* SPDX-License-Identifier: Apache-2.0`
			`*`
			`* Licensed under the Apache License, Version 2.0 (the "License"); you may`
			`* not use this file except in compliance with the License.`
			`* You may obtain a copy of the License at`
			`*`
			`* http://www.apache.org/licenses/LICENSE-2.0`
			`*`
			`* Unless required by applicable law or agreed to in writing, software`
			`* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT`
			`* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.`
			`* See the License for the specific language governing permissions and`
			`* limitations under the License.`
			`*`
			`* This file is part of mbed TLS (https://tls.mbed.org)`
			`*/`

			`#ifndef PSA_CRYPTO_CORE_H`
			`#define PSA_CRYPTO_CORE_H`

			`#if !defined(MBEDTLS_CONFIG_FILE)`
			`#include "mbedtls/config.h"`
			`#else`
			`#include MBEDTLS_CONFIG_FILE`
			`#endif`

			`#include "psa/crypto.h"`
SE keys: store the slot number in the memory slot 2019-07-12 23:44:37 +02:00			`#include "psa/crypto_se_driver.h"`
Expose the PSA key slot structure to internal modules Move psa_key_slot_t to a new header psa_crypto_core.h, to prepare for moving the responsibility for some fields to psa_crypto_slot_management.c. 2018-12-07 18:24:41 +01:00
			`#include "mbedtls/ecp.h"`
			`#include "mbedtls/rsa.h"`

			`/** The data structure representing a key slot, containing key material`
			`* and metadata for one key.`
			`*/`
			`typedef struct`
			`{`
Use psa_core_key_attributes_t in key slots in memory Change the type of key slots in memory to use psa_core_key_attributes_t rather than separate fields. The goal is to simplify some parts of the code. This commit only does the mechanical replacement, not the substitution. The bit-field `allocate` is now a flag `PSA_KEY_SLOT_FLAG_ALLOCATED` in the `flags` field. Write accessor functions for flags. Key slots now contain a bit size field which is currently unused. Subsequent commits will make use of it. 2019-07-30 20:06:31 +02:00			`psa_core_key_attributes_t attr;`
Expose the PSA key slot structure to internal modules Move psa_key_slot_t to a new header psa_crypto_core.h, to prepare for moving the responsibility for some fields to psa_crypto_slot_management.c. 2018-12-07 18:24:41 +01:00			`union`
			`{`
SE keys: store the slot number in the memory slot 2019-07-12 23:44:37 +02:00			`/* Raw-data key (key_type_is_raw_bytes() in psa_crypto.c) */`
Expose the PSA key slot structure to internal modules Move psa_key_slot_t to a new header psa_crypto_core.h, to prepare for moving the responsibility for some fields to psa_crypto_slot_management.c. 2018-12-07 18:24:41 +01:00			`struct raw_data`
			`{`
			`uint8_t *data;`
			`size_t bytes;`
			`} raw;`
			`#if defined(MBEDTLS_RSA_C)`
SE keys: store the slot number in the memory slot 2019-07-12 23:44:37 +02:00			`/* RSA public key or key pair */`
Expose the PSA key slot structure to internal modules Move psa_key_slot_t to a new header psa_crypto_core.h, to prepare for moving the responsibility for some fields to psa_crypto_slot_management.c. 2018-12-07 18:24:41 +01:00			`mbedtls_rsa_context *rsa;`
			`#endif /* MBEDTLS_RSA_C */`
			`#if defined(MBEDTLS_ECP_C)`
SE keys: store the slot number in the memory slot 2019-07-12 23:44:37 +02:00			`/* EC public key or key pair */`
Expose the PSA key slot structure to internal modules Move psa_key_slot_t to a new header psa_crypto_core.h, to prepare for moving the responsibility for some fields to psa_crypto_slot_management.c. 2018-12-07 18:24:41 +01:00			`mbedtls_ecp_keypair *ecp;`
			`#endif /* MBEDTLS_ECP_C */`
Add missing guard around a union field 2019-08-02 19:21:49 +02:00			`#if defined(MBEDTLS_PSA_CRYPTO_SE_C)`
SE keys: store the slot number in the memory slot 2019-07-12 23:44:37 +02:00			`/* Any key type in a secure element */`
			`struct se`
			`{`
			`psa_key_slot_number_t slot_number;`
			`} se;`
Add missing guard around a union field 2019-08-02 19:21:49 +02:00			`#endif /* MBEDTLS_PSA_CRYPTO_SE_C */`
Expose the PSA key slot structure to internal modules Move psa_key_slot_t to a new header psa_crypto_core.h, to prepare for moving the responsibility for some fields to psa_crypto_slot_management.c. 2018-12-07 18:24:41 +01:00			`} data;`
			`} psa_key_slot_t;`

Add infrastructure for key attribute flags Add infrastructure for internal, external and dual-use flags, with a compile-time check (if static_assert is available) to ensure that the same numerical value doesn't get declared for two different purposes in crypto_struct.h (external or dual-use) and psa_crypto_core.h (internal). 2019-08-02 19:19:39 +02:00			`/* A mask of key attribute flags used only internally.`
			`* Currently there aren't any. */`
Rename internal macro to pass check-names.sh check-names.sh rejects MBEDTLS_XXX identifiers that are not defined in a public header. 2019-08-05 17:32:13 +02:00			`#define PSA_KA_MASK_INTERNAL_ONLY ( \`
Add infrastructure for key attribute flags Add infrastructure for internal, external and dual-use flags, with a compile-time check (if static_assert is available) to ensure that the same numerical value doesn't get declared for two different purposes in crypto_struct.h (external or dual-use) and psa_crypto_core.h (internal). 2019-08-02 19:19:39 +02:00			`0 )`

Remove "allocated" flag from key slots The flag to mark key slots as allocated was introduced to mark slots that are claimed and in use, but do not have key material yet, at a time when creating a key used several API functions: allocate a slot, then progressively set its metadata, and finally create the key material. Now that all of these steps are combined into a single API function call, the notion of allocated-but-not-filled slot is no longer relevant. So remove the corresponding flag. A slot is occupied iff there is a key in it. (For a key in a secure element, the key material is not present, but the slot contains the key metadata.) This key must have a type which is nonzero, so use this as an indicator that a slot is in use. 2019-07-31 15:01:55 +02:00			`/** Test whether a key slot is occupied.`
			`*`
			`* A key slot is occupied iff the key type is nonzero. This works because`
			`* no valid key can have 0 as its key type.`
			`*`
			`* \param[in] slot The key slot to test.`
			`*`
			`* \return 1 if the slot is occupied, 0 otherwise.`
			`*/`
			`static inline int psa_is_key_slot_occupied( const psa_key_slot_t *slot )`
			`{`
			`return( slot->attr.type != 0 );`
			`}`
Use psa_core_key_attributes_t in key slots in memory Change the type of key slots in memory to use psa_core_key_attributes_t rather than separate fields. The goal is to simplify some parts of the code. This commit only does the mechanical replacement, not the substitution. The bit-field `allocate` is now a flag `PSA_KEY_SLOT_FLAG_ALLOCATED` in the `flags` field. Write accessor functions for flags. Key slots now contain a bit size field which is currently unused. Subsequent commits will make use of it. 2019-07-30 20:06:31 +02:00
			`/** Retrieve flags from psa_key_slot_t::attr::core::flags.`
			`*`
			`* \param[in] slot The key slot to query.`
			`* \param mask The mask of bits to extract.`
			`*`
			`* \return The key attribute flags in the given slot,`
			`* bitwise-anded with \p mask.`
			`*/`
			`static inline uint16_t psa_key_slot_get_flags( const psa_key_slot_t *slot,`
			`uint16_t mask )`
			`{`
			`return( slot->attr.flags & mask );`
			`}`

			`/** Set flags in psa_key_slot_t::attr::core::flags.`
			`*`
			`* \param[in,out] slot The key slot to modify.`
			`* \param mask The mask of bits to modify.`
			`* \param value The new value of the selected bits.`
			`*/`
			`static inline void psa_key_slot_set_flags( psa_key_slot_t *slot,`
			`uint16_t mask,`
			`uint16_t value )`
			`{`
			`slot->attr.flags = ( ( ~mask & slot->attr.flags ) \|`
			`( mask & value ) );`
			`}`

			`/** Turn on flags in psa_key_slot_t::attr::core::flags.`
			`*`
			`* \param[in,out] slot The key slot to modify.`
			`* \param mask The mask of bits to set.`
			`*/`
			`static inline void psa_key_slot_set_bits_in_flags( psa_key_slot_t *slot,`
			`uint16_t mask )`
			`{`
			`slot->attr.flags \|= mask;`
			`}`

			`/** Turn off flags in psa_key_slot_t::attr::core::flags.`
			`*`
			`* \param[in,out] slot The key slot to modify.`
			`* \param mask The mask of bits to clear.`
			`*/`
			`static inline void psa_key_slot_clear_bits( psa_key_slot_t *slot,`
			`uint16_t mask )`
			`{`
			`slot->attr.flags &= ~mask;`
			`}`

Move the key slot array to the slot management module Move the key slot array and its initialization and wiping to the slot management module. Also move the lowest-level key slot access function psa_get_key_slot and the auxiliary function for slot allocation psa_internal_allocate_key_slot to the slot management module. 2018-12-10 16:29:04 +01:00			`/** Completely wipe a slot in memory, including its policy.`
Document some functions in internal headers 2018-12-10 17:00:38 +01:00			`*`
			`* Persistent storage is not affected.`
			`*`
			`* \param[in,out] slot The key slot to wipe.`
			`*`
			`* \retval PSA_SUCCESS`
			`* Success. This includes the case of a key slot that was`
			`* already fully wiped.`
Rename PSA_ERROR_TAMPERING_DETECTED to ..._CORRUPTION_DETECTED “Tampering detected” was misleading because in the real world it can also arise due to a software bug. “Corruption detected” is neutral and more precisely reflects what can trigger the error. perl -i -pe 's/PSA_ERROR_TAMPERING_DETECTED/PSA_ERROR_CORRUPTION_DETECTED/gi' $(git ls-files) 2019-05-16 21:35:18 +02:00			`* \retval PSA_ERROR_CORRUPTION_DETECTED`
Document some functions in internal headers 2018-12-10 17:00:38 +01:00			`*/`
Move the key slot array to the slot management module Move the key slot array and its initialization and wiping to the slot management module. Also move the lowest-level key slot access function psa_get_key_slot and the auxiliary function for slot allocation psa_internal_allocate_key_slot to the slot management module. 2018-12-10 16:29:04 +01:00			`psa_status_t psa_wipe_key_slot( psa_key_slot_t *slot );`

Document some functions in internal headers 2018-12-10 17:00:38 +01:00			`/** Import key data into a slot.`
			`*`
			* `slot->type` must have been set previously.
			`* This function assumes that the slot does not contain any key material yet.`
			`* On failure, the slot content is unchanged.`
			`*`
			`* Persistent storage is not affected.`
			`*`
			`* \param[in,out] slot The key slot to import data into.`
			* Its `type` field must have previously been set to
			`* the desired key type.`
			`* It must not contain any key material yet.`
			`* \param[in] data Buffer containing the key material to parse and import.`
			`* \param data_length Size of \p data in bytes.`
			`*`
			`* \retval PSA_SUCCESS`
			`* \retval PSA_ERROR_INVALID_ARGUMENT`
			`* \retval PSA_ERROR_NOT_SUPPORTED`
			`* \retval PSA_ERROR_INSUFFICIENT_MEMORY`
			`*/`
Move more slot management functions to the proper module Move psa_load_persistent_key_into_slot, psa_internal_make_key_persistent and psa_internal_release_key_slot to the slot management module. Expose psa_import_key_into_slot from the core. After this commit, there are no longer any functions declared in psa_crypto_slot_management.h and defined in psa_crypto.c. There are still function calls in both directions between psa_crypto.c and psa_crypto_slot_management.c. 2018-12-10 16:48:53 +01:00			`psa_status_t psa_import_key_into_slot( psa_key_slot_t *slot,`
			`const uint8_t *data,`
			`size_t data_length );`

Expose the PSA key slot structure to internal modules Move psa_key_slot_t to a new header psa_crypto_core.h, to prepare for moving the responsibility for some fields to psa_crypto_slot_management.c. 2018-12-07 18:24:41 +01:00			`#endif /* PSA_CRYPTO_CORE_H */`