Merge pull request #155 from gilles-peskine-arm/psa-se_driver-registration

Secure element driver registration
This commit is contained in:
Jaeden Amero 2019-07-02 15:14:50 +01:00 committed by GitHub
commit 14fde3f678
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
16 changed files with 379 additions and 8 deletions

View file

@ -458,6 +458,12 @@
#error "MBEDTLS_PSA_CRYPTO_SPM defined, but not all prerequisites"
#endif
#if defined(MBEDTLS_PSA_CRYPTO_SE_C) && \
! ( defined(MBEDTLS_PSA_CRYPTO_C) && \
defined(MBEDTLS_PSA_CRYPTO_STORAGE_C) )
#error "MBEDTLS_PSA_CRYPTO_SE_C defined, but not all prerequisites"
#endif
#if defined(MBEDTLS_PSA_CRYPTO_STORAGE_C) && \
! defined(MBEDTLS_PSA_CRYPTO_C)
#error "MBEDTLS_PSA_CRYPTO_STORAGE_C defined, but not all prerequisites"

View file

@ -1709,6 +1709,19 @@
*/
#define MBEDTLS_PSA_CRYPTO_C
/**
* \def MBEDTLS_PSA_CRYPTO_SE_C
*
* Enable secure element support in the Platform Security Architecture
* cryptography API.
*
* Module: library/psa_crypto_se.c
*
* Requires: MBEDTLS_PSA_CRYPTO_C, MBEDTLS_PSA_CRYPTO_STORAGE_C
*
*/
#define MBEDTLS_PSA_CRYPTO_SE_C
/**
* \def MBEDTLS_PSA_CRYPTO_STORAGE_C
*

View file

@ -8,11 +8,11 @@
* space in which the PSA Crypto implementation runs, typically secure
* elements (SEs).
*
* This file is part of the PSA Crypto Driver Model, containing functions for
* driver developers to implement to enable hardware to be called in a
* standardized way by a PSA Cryptographic API implementation. The functions
* comprising the driver model, which driver authors implement, are not
* intended to be called by application developers.
* This file is part of the PSA Crypto Driver HAL (hardware abstraction layer),
* containing functions for driver developers to implement to enable hardware
* to be called in a standardized way by a PSA Cryptography API
* implementation. The functions comprising the driver HAL, which driver
* authors implement, are not intended to be called by application developers.
*/
/*
@ -726,7 +726,7 @@ typedef psa_status_t (*psa_drv_se_import_key_t)(psa_key_slot_number_t key_slot,
* \retval #PSA_SUCCESS
* The slot's content, if any, has been erased.
*/
typedef psa_status_t (*psa_drv_se_destroy_key_t)(psa_key_slot_number_t key);
typedef psa_status_t (*psa_drv_se_destroy_key_t)(psa_key_slot_number_t key_slot);
/**
* \brief A function that exports a secure element key in binary format
@ -878,7 +878,7 @@ typedef struct {
* \param[in,out] p_context A hardware-specific structure containing any
* context information for the implementation
* \param[in] kdf_alg The algorithm to be used for the key derivation
* \param[in] souce_key The key to be used as the source material for the
* \param[in] source_key The key to be used as the source material for the
* key derivation
*
* \retval PSA_SUCCESS
@ -961,6 +961,90 @@ typedef struct {
/**@}*/
/** \defgroup se_registration Secure element driver registration
*/
/**@{*/
/** A structure containing pointers to all the entry points of a
* secure element driver.
*
* Future versions of this specification may add extra substructures at
* the end of this structure.
*/
typedef struct {
/** The version of the driver HAL that this driver implements.
* This is a protection against loading driver binaries built against
* a different version of this specification.
* Use #PSA_DRV_SE_HAL_VERSION.
*/
uint32_t hal_version;
psa_drv_se_key_management_t key_management;
psa_drv_se_mac_t mac;
psa_drv_se_cipher_t cipher;
psa_drv_se_aead_t aead;
psa_drv_se_asymmetric_t asymmetric;
psa_drv_se_key_derivation_t derivation;
} psa_drv_se_t;
/** The current version of the secure element driver HAL.
*/
/* 0.0.0 patchlevel 5 */
#define PSA_DRV_SE_HAL_VERSION 0x00000005
/** Register an external cryptoprocessor (secure element) driver.
*
* This function is only intended to be used by driver code, not by
* application code. In implementations with separation between the
* PSA cryptography module and applications, this function should
* only be available to callers that run in the same memory space as
* the cryptography module, and should not be exposed to applications
* running in a different memory space.
*
* This function may be called before psa_crypto_init(). It is
* implementation-defined whether this function may be called
* after psa_crypto_init().
*
* \note Implementations store metadata about keys including the lifetime
* value. Therefore, from one instantiation of the PSA Cryptography
* library to the next one, if there is a key in storage with a certain
* lifetime value, you must always register the same driver (or an
* updated version that communicates with the same secure element)
* with the same lifetime value.
*
* \param lifetime The lifetime value through which this driver will
* be exposed to applications.
* The values #PSA_KEY_LIFETIME_VOLATILE and
* #PSA_KEY_LIFETIME_PERSISTENT are reserved and
* may not be used for drivers. Implementations
* may reserve other values.
* \param[in] methods The method table of the driver. This structure must
* remain valid for as long as the cryptography
* module keeps running. It is typically a global
* constant.
*
* \return PSA_SUCCESS
* The driver was successfully registered. Applications can now
* use \p lifetime to access keys through the methods passed to
* this function.
* \return PSA_ERROR_BAD_STATE
* This function was called after the initialization of the
* cryptography module, and this implementation does not support
* driver registration at this stage.
* \return PSA_ERROR_ALREADY_EXISTS
* There is already a registered driver for this value of \p lifetime.
* \return PSA_ERROR_INVALID_ARGUMENT
* \p lifetime is a reserved value.
* \return PSA_ERROR_NOT_SUPPORTED
* `methods->hal_version` is not supported by this implementation.
* \return PSA_ERROR_INSUFFICIENT_MEMORY
* \return PSA_ERROR_NOT_PERMITTED
*/
psa_status_t psa_register_se_driver(
psa_key_lifetime_t lifetime,
const psa_drv_se_t *methods);
/**@}*/
#ifdef __cplusplus
}
#endif

View file

@ -53,6 +53,7 @@ set(src_crypto
platform_util.c
poly1305.c
psa_crypto.c
psa_crypto_se.c
psa_crypto_slot_management.c
psa_crypto_storage.c
psa_its_file.c

View file

@ -80,7 +80,7 @@ OBJS_CRYPTO= aes.o aesni.o arc4.o \
pk.o pk_wrap.o pkcs12.o \
pkcs5.o pkparse.o pkwrite.o \
platform.o platform_util.o poly1305.o \
psa_crypto.o \
psa_crypto.o psa_crypto_se.o \
psa_crypto_slot_management.o \
psa_crypto_storage.o \
psa_its_file.o \

View file

@ -32,6 +32,9 @@
#include "psa_crypto_core.h"
#include "psa_crypto_invasive.h"
#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
#include "psa_crypto_se.h"
#endif
#include "psa_crypto_slot_management.h"
/* Include internal declarations that are useful for implementing persistently
* stored keys. */
@ -5211,6 +5214,11 @@ void mbedtls_psa_crypto_free( void )
* In particular, this sets all state indicator to the value
* indicating "uninitialized". */
mbedtls_platform_zeroize( &global_data, sizeof( global_data ) );
#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
/* Unregister all secure element drivers, so that we restart from
* a pristine state. */
psa_unregister_all_se_drivers( );
#endif /* MBEDTLS_PSA_CRYPTO_SE_C */
}
psa_status_t psa_crypto_init( void )

86
library/psa_crypto_se.c Normal file
View file

@ -0,0 +1,86 @@
/*
* PSA crypto support for secure element drivers
*/
/* Copyright (C) 2019, ARM Limited, All Rights Reserved
* SPDX-License-Identifier: Apache-2.0
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
* not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*
* This file is part of Mbed TLS (https://tls.mbed.org)
*/
#if !defined(MBEDTLS_CONFIG_FILE)
#include "mbedtls/config.h"
#else
#include MBEDTLS_CONFIG_FILE
#endif
#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
#include <assert.h>
#include <string.h>
#include "psa_crypto_se.h"
typedef struct
{
psa_key_lifetime_t lifetime;
const psa_drv_se_t *methods;
} method_table_entry_t;
static method_table_entry_t driver_table[PSA_MAX_SE_DRIVERS];
psa_status_t psa_register_se_driver(
psa_key_lifetime_t lifetime,
const psa_drv_se_t *methods)
{
size_t i;
if( methods->hal_version != PSA_DRV_SE_HAL_VERSION )
return( PSA_ERROR_NOT_SUPPORTED );
/* Driver table entries are 0-initialized. 0 is not a valid driver
* lifetime because it means a volatile key. */
#if defined(static_assert)
static_assert( PSA_KEY_LIFETIME_VOLATILE == 0,
"Secure element support requires 0 to mean a volatile key" );
#endif
if( lifetime == PSA_KEY_LIFETIME_VOLATILE ||
lifetime == PSA_KEY_LIFETIME_PERSISTENT )
{
return( PSA_ERROR_INVALID_ARGUMENT );
}
for( i = 0; i < PSA_MAX_SE_DRIVERS; i++ )
{
if( driver_table[i].lifetime == 0 )
break;
/* Check that lifetime isn't already in use up to the first free
* entry. Since entries are created in order and never deleted,
* there can't be a used entry after the first free entry. */
if( driver_table[i].lifetime == lifetime )
return( PSA_ERROR_ALREADY_EXISTS );
}
if( i == PSA_MAX_SE_DRIVERS )
return( PSA_ERROR_INSUFFICIENT_MEMORY );
driver_table[i].lifetime = lifetime;
driver_table[i].methods = methods;
return( PSA_SUCCESS );
}
void psa_unregister_all_se_drivers( void )
{
memset( driver_table, 0, sizeof( driver_table ) );
}
#endif /* MBEDTLS_PSA_CRYPTO_SE_C */

45
library/psa_crypto_se.h Normal file
View file

@ -0,0 +1,45 @@
/*
* PSA crypto support for secure element drivers
*/
/* Copyright (C) 2019, ARM Limited, All Rights Reserved
* SPDX-License-Identifier: Apache-2.0
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
* not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*
* This file is part of Mbed TLS (https://tls.mbed.org)
*/
#ifndef PSA_CRYPTO_SE_H
#define PSA_CRYPTO_SE_H
#if !defined(MBEDTLS_CONFIG_FILE)
#include "mbedtls/config.h"
#else
#include MBEDTLS_CONFIG_FILE
#endif
#include "psa/crypto.h"
#include "psa/crypto_se_driver.h"
/** The maximum number of registered secure element driver lifetimes. */
#define PSA_MAX_SE_DRIVERS 4
/** Unregister all secure element drivers.
*
* \warning Do not call this function while the library is in the initialized
* state. This function is only intended to be called at the end
* of mbedtls_psa_crypto_free().
*/
void psa_unregister_all_se_drivers( void );
#endif /* PSA_CRYPTO_SE_H */

View file

@ -555,6 +555,9 @@ static const char *features[] = {
#if defined(MBEDTLS_PSA_CRYPTO_C)
"MBEDTLS_PSA_CRYPTO_C",
#endif /* MBEDTLS_PSA_CRYPTO_C */
#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
"MBEDTLS_PSA_CRYPTO_SE_C",
#endif /* MBEDTLS_PSA_CRYPTO_SE_C */
#if defined(MBEDTLS_PSA_CRYPTO_STORAGE_C)
"MBEDTLS_PSA_CRYPTO_STORAGE_C",
#endif /* MBEDTLS_PSA_CRYPTO_STORAGE_C */

View file

@ -1509,6 +1509,14 @@ int query_config( const char *config )
}
#endif /* MBEDTLS_PSA_CRYPTO_C */
#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
if( strcmp( "MBEDTLS_PSA_CRYPTO_SE_C", config ) == 0 )
{
MACRO_EXPANSION_TO_STR( MBEDTLS_PSA_CRYPTO_SE_C );
return( 0 );
}
#endif /* MBEDTLS_PSA_CRYPTO_SE_C */
#if defined(MBEDTLS_PSA_CRYPTO_STORAGE_C)
if( strcmp( "MBEDTLS_PSA_CRYPTO_STORAGE_C", config ) == 0 )
{

View file

@ -107,6 +107,7 @@ MBEDTLS_MEMORY_BACKTRACE
MBEDTLS_MEMORY_BUFFER_ALLOC_C
MBEDTLS_PLATFORM_TIME_ALT
MBEDTLS_PLATFORM_FPRINTF_ALT
MBEDTLS_PSA_CRYPTO_SE_C
MBEDTLS_PSA_CRYPTO_STORAGE_C
MBEDTLS_PSA_CRYPTO_STORAGE_ITS_C
MBEDTLS_PSA_ITS_FILE_C

View file

@ -135,6 +135,7 @@ add_test_suite(psa_crypto_hash)
add_test_suite(psa_crypto_init)
add_test_suite(psa_crypto_metadata)
add_test_suite(psa_crypto_persistent_key)
add_test_suite(psa_crypto_se_driver_hal)
add_test_suite(psa_crypto_slot_management)
add_test_suite(psa_its)
add_test_suite(shax)

View file

@ -709,6 +709,7 @@ component_test_no_platform () {
scripts/config.pl unset MBEDTLS_ENTROPY_NV_SEED
scripts/config.pl unset MBEDTLS_MEMORY_BUFFER_ALLOC_C
scripts/config.pl unset MBEDTLS_FS_IO
scripts/config.pl unset MBEDTLS_PSA_CRYPTO_SE_C
scripts/config.pl unset MBEDTLS_PSA_CRYPTO_STORAGE_C
scripts/config.pl unset MBEDTLS_PSA_ITS_FILE_C
scripts/config.pl unset MBEDTLS_PSA_CRYPTO_STORAGE_ITS_C
@ -894,6 +895,7 @@ component_build_arm_none_eabi_gcc () {
scripts/config.pl unset MBEDTLS_TIMING_C
scripts/config.pl unset MBEDTLS_FS_IO
scripts/config.pl unset MBEDTLS_PSA_ITS_FILE_C
scripts/config.pl unset MBEDTLS_PSA_CRYPTO_SE_C
scripts/config.pl unset MBEDTLS_PSA_CRYPTO_STORAGE_ITS_C
scripts/config.pl unset MBEDTLS_PSA_CRYPTO_STORAGE_C
scripts/config.pl unset MBEDTLS_ENTROPY_NV_SEED
@ -913,6 +915,7 @@ component_build_arm_none_eabi_gcc_no_udbl_division () {
scripts/config.pl unset MBEDTLS_TIMING_C
scripts/config.pl unset MBEDTLS_FS_IO
scripts/config.pl unset MBEDTLS_PSA_ITS_FILE_C
scripts/config.pl unset MBEDTLS_PSA_CRYPTO_SE_C
scripts/config.pl unset MBEDTLS_PSA_CRYPTO_STORAGE_ITS_C
scripts/config.pl unset MBEDTLS_PSA_CRYPTO_STORAGE_C
scripts/config.pl unset MBEDTLS_ENTROPY_NV_SEED
@ -935,6 +938,7 @@ component_build_arm_none_eabi_gcc_no_64bit_multiplication () {
scripts/config.pl unset MBEDTLS_TIMING_C
scripts/config.pl unset MBEDTLS_FS_IO
scripts/config.pl unset MBEDTLS_PSA_ITS_FILE_C
scripts/config.pl unset MBEDTLS_PSA_CRYPTO_SE_C
scripts/config.pl unset MBEDTLS_PSA_CRYPTO_STORAGE_ITS_C
scripts/config.pl unset MBEDTLS_PSA_CRYPTO_STORAGE_C
scripts/config.pl unset MBEDTLS_ENTROPY_NV_SEED
@ -957,6 +961,7 @@ component_build_armcc () {
scripts/config.pl unset MBEDTLS_TIMING_C
scripts/config.pl unset MBEDTLS_FS_IO
scripts/config.pl unset MBEDTLS_PSA_ITS_FILE_C
scripts/config.pl unset MBEDTLS_PSA_CRYPTO_SE_C
scripts/config.pl unset MBEDTLS_PSA_CRYPTO_STORAGE_ITS_C
scripts/config.pl unset MBEDTLS_PSA_CRYPTO_STORAGE_C
scripts/config.pl unset MBEDTLS_ENTROPY_NV_SEED

View file

@ -0,0 +1,28 @@
Register SE driver: good
register_one:2:PSA_DRV_SE_HAL_VERSION:PSA_SUCCESS
# Run this test case a second time to verify that the library deinit
# unregistered the first driver.
Register SE driver: good, again
register_one:2:PSA_DRV_SE_HAL_VERSION:PSA_SUCCESS
Register SE driver: invalid lifetime (0)
register_one:0:PSA_DRV_SE_HAL_VERSION:PSA_ERROR_INVALID_ARGUMENT
Register SE driver: invalid lifetime (VOLATILE)
register_one:PSA_KEY_LIFETIME_VOLATILE:PSA_DRV_SE_HAL_VERSION:PSA_ERROR_INVALID_ARGUMENT
Register SE driver: invalid lifetime (PERSISTENT)
register_one:PSA_KEY_LIFETIME_PERSISTENT:PSA_DRV_SE_HAL_VERSION:PSA_ERROR_INVALID_ARGUMENT
Register SE driver: invalid version (ancient)
register_one:2:0x00000003:PSA_ERROR_NOT_SUPPORTED
Register SE driver: invalid version (future)
register_one:2:PSA_DRV_SE_HAL_VERSION + 1:PSA_ERROR_NOT_SUPPORTED
Register SE driver: already registered
register_twice:3
Register SE driver: maximum number of drivers
register_max:

View file

@ -0,0 +1,80 @@
/* BEGIN_HEADER */
#include "psa_crypto_helpers.h"
#include "psa/crypto_se_driver.h"
#include "psa_crypto_se.h"
/* The minimum valid lifetime value for a secure element driver. */
#define MIN_DRIVER_LIFETIME 2
/* END_HEADER */
/* BEGIN_DEPENDENCIES
* depends_on:MBEDTLS_PSA_CRYPTO_SE_C
* END_DEPENDENCIES
*/
/* BEGIN_CASE */
void register_one( int lifetime, int version, int expected_status_arg )
{
psa_status_t expected_status = expected_status_arg;
psa_drv_se_t driver;
memset( &driver, 0, sizeof( driver ) );
driver.hal_version = version;
TEST_EQUAL( psa_register_se_driver( lifetime, &driver ),
expected_status );
PSA_ASSERT( psa_crypto_init( ) );
exit:
PSA_DONE( );
}
/* END_CASE */
/* BEGIN_CASE */
void register_twice( int count )
{
psa_drv_se_t driver;
psa_key_lifetime_t lifetime;
psa_key_lifetime_t max = MIN_DRIVER_LIFETIME + count;
memset( &driver, 0, sizeof( driver ) );
driver.hal_version = PSA_DRV_SE_HAL_VERSION;
for( lifetime = MIN_DRIVER_LIFETIME; lifetime < max; lifetime++ )
PSA_ASSERT( psa_register_se_driver( lifetime, &driver ) );
for( lifetime = MIN_DRIVER_LIFETIME; lifetime < max; lifetime++ )
TEST_EQUAL( psa_register_se_driver( lifetime, &driver ),
PSA_ERROR_ALREADY_EXISTS );
PSA_ASSERT( psa_crypto_init( ) );
exit:
PSA_DONE( );
}
/* END_CASE */
/* BEGIN_CASE */
void register_max( )
{
psa_drv_se_t driver;
psa_key_lifetime_t lifetime;
psa_key_lifetime_t max = MIN_DRIVER_LIFETIME + PSA_MAX_SE_DRIVERS;
memset( &driver, 0, sizeof( driver ) );
driver.hal_version = PSA_DRV_SE_HAL_VERSION;
for( lifetime = MIN_DRIVER_LIFETIME; lifetime < max; lifetime++ )
PSA_ASSERT( psa_register_se_driver( lifetime, &driver ) );
TEST_EQUAL( psa_register_se_driver( lifetime, &driver ),
PSA_ERROR_INSUFFICIENT_MEMORY );
PSA_ASSERT( psa_crypto_init( ) );
exit:
PSA_DONE( );
}
/* END_CASE */

View file

@ -225,6 +225,7 @@
<ClInclude Include="..\..\library/psa_crypto_core.h" />
<ClInclude Include="..\..\library/psa_crypto_invasive.h" />
<ClInclude Include="..\..\library/psa_crypto_its.h" />
<ClInclude Include="..\..\library/psa_crypto_se.h" />
<ClInclude Include="..\..\library/psa_crypto_service_integration.h" />
<ClInclude Include="..\..\library/psa_crypto_slot_management.h" />
<ClInclude Include="..\..\library/psa_crypto_storage.h" />
@ -281,6 +282,7 @@
<ClCompile Include="..\..\library\platform_util.c" />
<ClCompile Include="..\..\library\poly1305.c" />
<ClCompile Include="..\..\library\psa_crypto.c" />
<ClCompile Include="..\..\library\psa_crypto_se.c" />
<ClCompile Include="..\..\library\psa_crypto_slot_management.c" />
<ClCompile Include="..\..\library\psa_crypto_storage.c" />
<ClCompile Include="..\..\library\psa_its_file.c" />