From 5e80d91dbfdf18aa47fc5b59db501d1e08ababd0 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Sun, 24 Feb 2019 17:10:18 +0100 Subject: [PATCH] Remove psa_crypto_storage_backend.h Since there is now a single storage backend, we don't need a backend interface. Make the functions that were declared in psa_crypto_storage_backend.h and are now both defined and used in psa_crypto_storage.c static, except for psa_is_key_present_in_storage which is used by the gray-box tests and is now declared in psa_crypto_storage.h. --- library/psa_crypto_storage.c | 73 ++++++++--- library/psa_crypto_storage.h | 15 +++ library/psa_crypto_storage_backend.h | 115 ------------------ ...t_suite_psa_crypto_persistent_key.function | 1 - visualc/VS2010/mbedTLS.vcxproj | 1 - 5 files changed, 72 insertions(+), 133 deletions(-) delete mode 100644 library/psa_crypto_storage_backend.h diff --git a/library/psa_crypto_storage.c b/library/psa_crypto_storage.c index 8af3d081f..bda9c0ce8 100644 --- a/library/psa_crypto_storage.c +++ b/library/psa_crypto_storage.c @@ -33,9 +33,15 @@ #include "psa_crypto_service_integration.h" #include "psa/crypto.h" #include "psa_crypto_storage.h" -#include "psa_crypto_storage_backend.h" #include "mbedtls/platform_util.h" +#if defined(MBEDTLS_PSA_ITS_FILE_C) +#include "psa_crypto_its.h" +#else /* Native ITS implementation */ +#include "psa/error.h" +#include "psa/internal_trusted_storage.h" +#endif + #if defined(MBEDTLS_PLATFORM_C) #include "mbedtls/platform.h" #else @@ -44,14 +50,6 @@ #define mbedtls_free free #endif -#if defined(MBEDTLS_PSA_ITS_FILE_C) -#include "psa_crypto_its.h" -#else /* Native ITS implementation */ -#include "psa/error.h" -#include "psa_crypto_service_integration.h" -#include "psa/internal_trusted_storage.h" -#endif - /* Determine a file name (ITS file identifier) for the given key file * identifier. The file name must be distinct from any file that is used * for a purpose other than storing a key. Currently, the only such file @@ -76,8 +74,24 @@ static psa_storage_uid_t psa_its_identifier_of_slot( psa_key_file_id_t file_id ) #endif } -psa_status_t psa_crypto_storage_load( const psa_key_file_id_t key, uint8_t *data, - size_t data_size ) +/** + * \brief Load persistent data for the given key slot number. + * + * This function reads data from a storage backend and returns the data in a + * buffer. + * + * \param key Persistent identifier of the key to be loaded. This + * should be an occupied storage location. + * \param[out] data Buffer where the data is to be written. + * \param data_size Size of the \c data buffer in bytes. + * + * \retval PSA_SUCCESS + * \retval PSA_ERROR_STORAGE_FAILURE + * \retval PSA_ERROR_DOES_NOT_EXIST + */ +static psa_status_t psa_crypto_storage_load( const psa_key_file_id_t key, + uint8_t *data, + size_t data_size ) { psa_status_t status; psa_storage_uid_t data_identifier = psa_its_identifier_of_slot( key ); @@ -105,9 +119,25 @@ int psa_is_key_present_in_storage( const psa_key_file_id_t key ) return( 1 ); } -psa_status_t psa_crypto_storage_store( const psa_key_file_id_t key, - const uint8_t *data, - size_t data_length ) +/** + * \brief Store persistent data for the given key slot number. + * + * This function stores the given data buffer to a persistent storage. + * + * \param key Persistent identifier of the key to be stored. This + * should be an unoccupied storage location. + * \param[in] data Buffer containing the data to be stored. + * \param data_length The number of bytes + * that make up the data. + * + * \retval PSA_SUCCESS + * \retval PSA_ERROR_INSUFFICIENT_STORAGE + * \retval PSA_ERROR_STORAGE_FAILURE + * \retval PSA_ERROR_ALREADY_EXISTS + */ +static psa_status_t psa_crypto_storage_store( const psa_key_file_id_t key, + const uint8_t *data, + size_t data_length ) { psa_status_t status; psa_storage_uid_t data_identifier = psa_its_identifier_of_slot( key ); @@ -160,8 +190,19 @@ psa_status_t psa_destroy_persistent_key( const psa_key_file_id_t key ) return( PSA_SUCCESS ); } -psa_status_t psa_crypto_storage_get_data_length( const psa_key_file_id_t key, - size_t *data_length ) +/** + * \brief Get data length for given key slot number. + * + * \param key Persistent identifier whose stored data length + * is to be obtained. + * \param[out] data_length The number of bytes that make up the data. + * + * \retval PSA_SUCCESS + * \retval PSA_ERROR_STORAGE_FAILURE + */ +static psa_status_t psa_crypto_storage_get_data_length( + const psa_key_file_id_t key, + size_t *data_length ) { psa_status_t status; psa_storage_uid_t data_identifier = psa_its_identifier_of_slot( key ); diff --git a/library/psa_crypto_storage.h b/library/psa_crypto_storage.h index 7e5aae9f9..902e3026b 100644 --- a/library/psa_crypto_storage.h +++ b/library/psa_crypto_storage.h @@ -61,6 +61,21 @@ extern "C" { */ #define PSA_MAX_PERSISTENT_KEY_IDENTIFIER 0xfffeffff +/** + * \brief Checks if persistent data is stored for the given key slot number + * + * This function checks if any key data or metadata exists for the key slot in + * the persistent storage. + * + * \param key Persistent identifier to check. + * + * \retval 0 + * No persistent data present for slot number + * \retval 1 + * Persistent data present for slot number + */ +int psa_is_key_present_in_storage( const psa_key_file_id_t key ); + /** * \brief Format key data and metadata and save to a location for given key * slot. diff --git a/library/psa_crypto_storage_backend.h b/library/psa_crypto_storage_backend.h deleted file mode 100644 index dd534d2ff..000000000 --- a/library/psa_crypto_storage_backend.h +++ /dev/null @@ -1,115 +0,0 @@ -/** - * \file psa_crypto_storage_backend.h - * - * \brief PSA cryptography module: Mbed TLS key storage backend - */ -/* - * Copyright (C) 2018, ARM Limited, All Rights Reserved - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - * This file is part of mbed TLS (https://tls.mbed.org) - */ - -#ifndef PSA_CRYPTO_STORAGE_BACKEND_H -#define PSA_CRYPTO_STORAGE_BACKEND_H - -#ifdef __cplusplus -extern "C" { -#endif - -/* Include the Mbed TLS configuration file, the way Mbed TLS does it - * in each of its header files. */ -#if defined(MBEDTLS_CONFIG_FILE) -#include MBEDTLS_CONFIG_FILE -#else -#include "mbedtls/config.h" -#endif - -#include "psa/crypto.h" -#include "psa_crypto_storage.h" -#include - -/** - * \brief Load persistent data for the given key slot number. - * - * This function reads data from a storage backend and returns the data in a - * buffer. - * - * \param key Persistent identifier of the key to be loaded. This - * should be an occupied storage location. - * \param[out] data Buffer where the data is to be written. - * \param data_size Size of the \c data buffer in bytes. - * - * \retval PSA_SUCCESS - * \retval PSA_ERROR_STORAGE_FAILURE - * \retval PSA_ERROR_DOES_NOT_EXIST - */ -psa_status_t psa_crypto_storage_load( const psa_key_file_id_t key, uint8_t *data, - size_t data_size ); - -/** - * \brief Store persistent data for the given key slot number. - * - * This function stores the given data buffer to a persistent storage. - * - * \param key Persistent identifier of the key to be stored. This - * should be an unoccupied storage location. - * \param[in] data Buffer containing the data to be stored. - * \param data_length The number of bytes - * that make up the data. - * - * \retval PSA_SUCCESS - * \retval PSA_ERROR_INSUFFICIENT_STORAGE - * \retval PSA_ERROR_STORAGE_FAILURE - * \retval PSA_ERROR_ALREADY_EXISTS - */ -psa_status_t psa_crypto_storage_store( const psa_key_file_id_t key, - const uint8_t *data, - size_t data_length ); - -/** - * \brief Checks if persistent data is stored for the given key slot number - * - * This function checks if any key data or metadata exists for the key slot in - * the persistent storage. - * - * \param key Persistent identifier to check. - * - * \retval 0 - * No persistent data present for slot number - * \retval 1 - * Persistent data present for slot number - */ -int psa_is_key_present_in_storage( const psa_key_file_id_t key ); - -/** - * \brief Get data length for given key slot number. - * - * \param key Persistent identifier whose stored data length - * is to be obtained. - * \param[out] data_length The number of bytes that make up the data. - * - * \retval PSA_SUCCESS - * \retval PSA_ERROR_STORAGE_FAILURE - */ -psa_status_t psa_crypto_storage_get_data_length( const psa_key_file_id_t key, - size_t *data_length ); - - -#ifdef __cplusplus -} -#endif - -#endif /* PSA_CRYPTO_STORAGE_H */ diff --git a/tests/suites/test_suite_psa_crypto_persistent_key.function b/tests/suites/test_suite_psa_crypto_persistent_key.function index 2fa307e20..90e10f66b 100644 --- a/tests/suites/test_suite_psa_crypto_persistent_key.function +++ b/tests/suites/test_suite_psa_crypto_persistent_key.function @@ -2,7 +2,6 @@ #include #include "psa/crypto.h" #include "psa_crypto_storage.h" -#include "psa_crypto_storage_backend.h" #include "mbedtls/md.h" #define PSA_KEY_STORAGE_MAGIC_HEADER "PSA\0KEY" diff --git a/visualc/VS2010/mbedTLS.vcxproj b/visualc/VS2010/mbedTLS.vcxproj index 41357eea4..c56e976a7 100644 --- a/visualc/VS2010/mbedTLS.vcxproj +++ b/visualc/VS2010/mbedTLS.vcxproj @@ -242,7 +242,6 @@ -